From 27f462b20c94e92a010e41bddb08b2e83b57810f Mon Sep 17 00:00:00 2001 From: George Fu Date: Wed, 9 Oct 2024 12:31:31 -0400 Subject: [PATCH] fix(credentials): used selected auth scheme identity instead of calling credentials provider (#6555) * fix(credentials): used selected auth scheme identity instead of calling credentials provider * test(middleware-user-agent): add unit test for empty config/context --- .../src/check-features.spec.ts | 34 +++++++++++++++++++ .../src/check-features.ts | 24 ++++++------- 2 files changed, 44 insertions(+), 14 deletions(-) create mode 100644 packages/middleware-user-agent/src/check-features.spec.ts diff --git a/packages/middleware-user-agent/src/check-features.spec.ts b/packages/middleware-user-agent/src/check-features.spec.ts new file mode 100644 index 000000000000..685afb723d98 --- /dev/null +++ b/packages/middleware-user-agent/src/check-features.spec.ts @@ -0,0 +1,34 @@ +import { AwsHandlerExecutionContext } from "@aws-sdk/types"; + +import { checkFeatures } from "./check-features"; + +describe(checkFeatures.name, () => { + it("should not call the credentials provider to retrieve the identity", async () => { + const config = { + credentials: jest.fn(), + }; + + const context = { + __smithy_context: { + selectedHttpAuthScheme: { + identity: { + accountId: "123456789012", + $source: {}, + }, + }, + }, + } as AwsHandlerExecutionContext; + + await checkFeatures(context, config, { + request: undefined, + input: undefined, + }); + + expect(config.credentials).not.toHaveBeenCalled(); + expect(context.__aws_sdk_context?.features?.RESOLVED_ACCOUNT_ID).toBe("T"); + }); + + it("should not throw an error if no fields are present", async () => { + await checkFeatures({}, {}, {} as any); + }); +}); diff --git a/packages/middleware-user-agent/src/check-features.ts b/packages/middleware-user-agent/src/check-features.ts index 0c808d5dcf4d..18b41d24ac4e 100644 --- a/packages/middleware-user-agent/src/check-features.ts +++ b/packages/middleware-user-agent/src/check-features.ts @@ -42,20 +42,16 @@ export async function checkFeatures( } } - if (typeof config.credentials === "function") { - try { - const credentials: AttributedAwsCredentialIdentity = await config.credentials?.(); - if (credentials.accountId) { - setFeature(context, "RESOLVED_ACCOUNT_ID", "T"); - } - for (const [key, value] of Object.entries(credentials.$source ?? {})) { - setFeature(context, key as keyof AwsSdkCredentialsFeatures, value); - } - } catch (e: unknown) { - // Sometimes config.credentials is a function but only throws - // as a way of informing users that something is missing. - // That error and any other credential retrieval errors are - // not relevant for feature-checking and should be ignored. + // TODO: later version of @smithy/types has explicit typing for this. + const identity = (context.__smithy_context?.selectedHttpAuthScheme as any)?.identity; + + if ((identity as AttributedAwsCredentialIdentity)?.$source) { + const credentials = identity as AttributedAwsCredentialIdentity; + if (credentials.accountId) { + setFeature(context, "RESOLVED_ACCOUNT_ID", "T"); + } + for (const [key, value] of Object.entries(credentials.$source ?? {})) { + setFeature(context, key as keyof AwsSdkCredentialsFeatures, value); } } }