Merge remote-tracking branch 'origin/feature/master/feature-ids-implementation' into feature/master/feature-ids-implementation

Author: S-Saranya1

core/auth/src/main/java/software/amazon/awssdk/auth/credentials/ChildProfileCredentialsProviderFactory.java

@@ -40,5 +40,45 @@ public interface ChildProfileCredentialsProviderFactory {
      * provider.
      * @return The credentials provider with permissions derived from the source credentials provider and profile.
      */
-    AwsCredentialsProvider create(AwsCredentialsProvider sourceCredentialsProvider, Profile profile);
+    default AwsCredentialsProvider create(AwsCredentialsProvider sourceCredentialsProvider, Profile profile) {
+        ChildProfileCredentialsRequest request = new ChildProfileCredentialsRequest(sourceCredentialsProvider, profile, null);
+        return create(request);
+    }
+
+    /**
+     * Create a credentials provider for the provided profile, using the provided source credentials provider to authenticate
+     * with AWS. In the case of STS, the returned credentials provider is for a role that has been assumed, and the provided
+     * source credentials provider is the credentials that should be used to authenticate that the user is allowed to assume
+     * that role.
+     *
+     * @param request The request containing all parameters needed to create the child credentials provider.
+     * @return The credentials provider with permissions derived from the request parameters.
+     */
+    AwsCredentialsProvider create(ChildProfileCredentialsRequest request);
+
+    final class ChildProfileCredentialsRequest {
+        private final AwsCredentialsProvider sourceCredentialsProvider;
+        private final Profile profile;
+        private final String source;
+
+        public ChildProfileCredentialsRequest(AwsCredentialsProvider sourceCredentialsProvider, 
+                                            Profile profile, 
+                                            String source) {
+            this.sourceCredentialsProvider = sourceCredentialsProvider;
+            this.profile = profile;
+            this.source = source;
+        }
+
+        public AwsCredentialsProvider sourceCredentialsProvider() {
+            return sourceCredentialsProvider;
+        }
+
+        public Profile profile() {
+            return profile;
+        }
+
+        public String source() {
+            return source;
+        }
+    }
 }

core/auth/src/main/java/software/amazon/awssdk/auth/credentials/ContainerCredentialsProvider.java

@@ -93,6 +93,7 @@ public final class ContainerCredentialsProvider
 
     private final String asyncThreadName;
     private final String source;
+    private final String providerName;
 
     /**
      * @see #builder()
@@ -102,6 +103,9 @@ private ContainerCredentialsProvider(BuilderImpl builder) {
         this.asyncCredentialUpdateEnabled = builder.asyncCredentialUpdateEnabled;
         this.asyncThreadName = builder.asyncThreadName;
         this.source = builder.source;
+        this.providerName = StringUtils.isEmpty(builder.source) 
+            ? PROVIDER_NAME 
+            : builder.source + "," + PROVIDER_NAME;
         this.httpCredentialsLoader = HttpCredentialsLoader.create(providerName());
 
         if (Boolean.TRUE.equals(builder.asyncCredentialUpdateEnabled)) {
@@ -165,11 +169,7 @@ private Instant prefetchTime(Instant expiration) {
     }
 
     private String providerName() {
-        String providerName = PROVIDER_NAME;
-        if (source != null && !source.isEmpty()) {
-            providerName = String.format("%s,%s", source, providerName);
-        }
-        return providerName;
+        return this.providerName;
     }
 
     @Override

core/auth/src/main/java/software/amazon/awssdk/auth/credentials/HttpCredentialsProvider.java

@@ -16,6 +16,7 @@
 package software.amazon.awssdk.auth.credentials;
 
 import software.amazon.awssdk.annotations.SdkPublicApi;
+import software.amazon.awssdk.core.useragent.BusinessMetricFeatureId;
 import software.amazon.awssdk.utils.SdkAutoCloseable;
 
 /**
@@ -49,7 +50,8 @@ interface Builder<TypeToBuildT extends HttpCredentialsProvider, BuilderT extends
         BuilderT endpoint(String endpoint);
 
         /**
-         * Configure the source of this credentials provider. This is used for business metrics tracking.
+         * An optional string list of {@link BusinessMetricFeatureId} denoting previous credentials providers
+         * that are chained with this one.
          */
         default BuilderT source(String source) {
             throw new UnsupportedOperationException();

core/auth/src/main/java/software/amazon/awssdk/auth/credentials/InstanceProfileCredentialsProvider.java

@@ -45,6 +45,7 @@
 import software.amazon.awssdk.regions.util.HttpResourcesUtils;
 import software.amazon.awssdk.regions.util.ResourcesEndpointProvider;
 import software.amazon.awssdk.utils.Logger;
+import software.amazon.awssdk.utils.StringUtils;
 import software.amazon.awssdk.utils.ToString;
 import software.amazon.awssdk.utils.Validate;
 import software.amazon.awssdk.utils.builder.CopyableBuilder;
@@ -93,6 +94,7 @@ public final class InstanceProfileCredentialsProvider
     private final Duration staleTime;
 
     private final String source;
+    private final String providerName;
 
     /**
      * @see #builder()
@@ -107,6 +109,9 @@ private InstanceProfileCredentialsProvider(BuilderImpl builder) {
         this.profileName = Optional.ofNullable(builder.profileName)
                                    .orElseGet(ProfileFileSystemSetting.AWS_PROFILE::getStringValueOrThrow);
         this.source = builder.source;
+        this.providerName = StringUtils.isEmpty(builder.source)
+            ? PROVIDER_NAME 
+            : builder.source + "," + PROVIDER_NAME;
 
         this.httpCredentialsLoader = HttpCredentialsLoader.create(providerName());
         this.configProvider =
@@ -208,11 +213,7 @@ public void close() {
     }
 
     private String providerName() {
-        String providerName = PROVIDER_NAME;
-        if (source != null && !source.isEmpty()) {
-            providerName = String.format("%s,%s", source, providerName);
-        }
-        return providerName;
+        return this.providerName;
     }
 
     @Override

core/auth/src/main/java/software/amazon/awssdk/auth/credentials/ProcessCredentialsProvider.java

@@ -32,6 +32,7 @@
 import software.amazon.awssdk.utils.IoUtils;
 import software.amazon.awssdk.utils.Platform;
 import software.amazon.awssdk.utils.SdkAutoCloseable;
+import software.amazon.awssdk.utils.StringUtils;
 import software.amazon.awssdk.utils.ToString;
 import software.amazon.awssdk.utils.Validate;
 import software.amazon.awssdk.utils.builder.CopyableBuilder;
@@ -85,6 +86,7 @@ public final class ProcessCredentialsProvider
     private final Boolean asyncCredentialUpdateEnabled;
 
     private final String source;
+    private final String providerName;
 
     /**
      * @see #builder()
@@ -98,6 +100,9 @@ private ProcessCredentialsProvider(Builder builder) {
         this.asyncCredentialUpdateEnabled = builder.asyncCredentialUpdateEnabled;
         this.staticAccountId = builder.staticAccountId;
         this.source = builder.source;
+        this.providerName = StringUtils.isEmpty(builder.source)
+            ? PROVIDER_NAME 
+            : builder.source + "," + PROVIDER_NAME;
 
         CachedSupplier.Builder<AwsCredentials> cacheBuilder = CachedSupplier.builder(this::refreshCredentials)
                                                                             .cachedValueName(toString());
@@ -177,11 +182,7 @@ private JsonNode parseProcessOutput(String processOutput) {
     }
 
     private String providerName() {
-        String providerName = PROVIDER_NAME;
-        if (source != null && !source.isEmpty()) {
-            providerName = String.format("%s,%s", source, providerName);
-        }
-        return providerName;
+        return this.providerName;
     }
 
     /**

core/auth/src/main/java/software/amazon/awssdk/auth/credentials/StaticCredentialsProvider.java

@@ -35,10 +35,22 @@ private StaticCredentialsProvider(AwsCredentials credentials) {
 
     private AwsCredentials withProviderName(AwsCredentials credentials) {
         if (credentials instanceof AwsBasicCredentials) {
-            return ((AwsBasicCredentials) credentials).copy(c -> c.providerName(PROVIDER_NAME));
+            AwsBasicCredentials basicCreds = (AwsBasicCredentials) credentials;
+            if (basicCreds.providerName()
+                          .map(BusinessMetricFeatureId.CREDENTIALS_PROFILE.value()::equals)
+                          .orElse(false)) {
+                return basicCreds;
+            }
+            return basicCreds.copy(c -> c.providerName(PROVIDER_NAME));
         }
         if (credentials instanceof AwsSessionCredentials) {
-            return ((AwsSessionCredentials) credentials).copy(c -> c.providerName(PROVIDER_NAME));
+            AwsSessionCredentials sessionCreds = (AwsSessionCredentials) credentials;
+            if (sessionCreds.providerName()
+                            .map(BusinessMetricFeatureId.CREDENTIALS_PROFILE.value()::equals)
+                            .orElse(false)) {
+                return sessionCreds;
+            }
+            return sessionCreds.copy(c -> c.providerName(PROVIDER_NAME));
         }
         return credentials;
     }

core/auth/src/main/java/software/amazon/awssdk/auth/credentials/internal/ProfileCredentialsUtils.java

@@ -40,6 +40,7 @@
 import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
 import software.amazon.awssdk.auth.credentials.SystemPropertyCredentialsProvider;
 import software.amazon.awssdk.core.internal.util.ClassLoaderHelper;
+import software.amazon.awssdk.core.useragent.BusinessMetricFeatureId;
 import software.amazon.awssdk.profiles.Profile;
 import software.amazon.awssdk.profiles.ProfileFile;
 import software.amazon.awssdk.profiles.ProfileProperty;
@@ -161,6 +162,7 @@ private AwsCredentialsProvider basicProfileCredentialsProvider() {
                                                         .accessKeyId(properties.get(ProfileProperty.AWS_ACCESS_KEY_ID))
                                                         .secretAccessKey(properties.get(ProfileProperty.AWS_SECRET_ACCESS_KEY))
                                                         .accountId(properties.get(ProfileProperty.AWS_ACCOUNT_ID))
+                                                        .providerName(BusinessMetricFeatureId.CREDENTIALS_PROFILE.value())
                                                         .build();
         return StaticCredentialsProvider.create(credentials);
     }
@@ -177,6 +179,7 @@ private AwsCredentialsProvider sessionProfileCredentialsProvider() {
                                                           .secretAccessKey(properties.get(ProfileProperty.AWS_SECRET_ACCESS_KEY))
                                                           .sessionToken(properties.get(ProfileProperty.AWS_SESSION_TOKEN))
                                                           .accountId(properties.get(ProfileProperty.AWS_ACCOUNT_ID))
+                                                          .providerName(BusinessMetricFeatureId.CREDENTIALS_PROFILE.value())
                                                           .build();
         return StaticCredentialsProvider.create(credentials);
     }
@@ -187,6 +190,7 @@ private AwsCredentialsProvider credentialProcessCredentialsProvider() {
         return ProcessCredentialsProvider.builder()
                                          .command(properties.get(ProfileProperty.CREDENTIAL_PROCESS))
                                          .staticAccountId(properties.get(ProfileProperty.AWS_ACCOUNT_ID))
+                                         .source(BusinessMetricFeatureId.CREDENTIALS_PROFILE_PROCESS.value())
                                          .build();
     }
 
@@ -195,10 +199,16 @@ private AwsCredentialsProvider credentialProcessCredentialsProvider() {
      */
     private AwsCredentialsProvider ssoProfileCredentialsProvider() {
         validateRequiredPropertiesForSsoCredentialsProvider();
+        boolean isLegacy = isLegacySsoConfiguration();
+        String sourceFeatureId = isLegacy ?
+                        BusinessMetricFeatureId.CREDENTIALS_PROFILE_SSO_LEGACY.value() :
+                        BusinessMetricFeatureId.CREDENTIALS_PROFILE_SSO.value();
+
         return ssoCredentialsProviderFactory().create(
             ProfileProviderCredentialsContext.builder()
                                              .profile(profile)
                                              .profileFile(profileFile)
+                                             .source(sourceFeatureId)
                                              .build());
     }
 
@@ -211,6 +221,10 @@ private void validateRequiredPropertiesForSsoCredentialsProvider() {
         }
     }
 
+    private boolean isLegacySsoConfiguration() {
+        return !properties.containsKey(ProfileSection.SSO_SESSION.getPropertyKeyName());
+    }
+
     private AwsCredentialsProvider roleAndWebIdentityTokenProfileCredentialsProvider() {
         requireProperties(ProfileProperty.ROLE_ARN, ProfileProperty.WEB_IDENTITY_TOKEN_FILE);
 
@@ -223,6 +237,7 @@ private AwsCredentialsProvider roleAndWebIdentityTokenProfileCredentialsProvider
                                                 .roleArn(roleArn)
                                                 .roleSessionName(roleSessionName)
                                                 .webIdentityTokenFile(webIdentityTokenFile)
+                                                .source(BusinessMetricFeatureId.CREDENTIALS_PROFILE_STS_WEB_ID_TOKEN.value())
                                                 .build();
 
         return WebIdentityCredentialsUtils.factory().create(credentialProperties);
@@ -249,7 +264,8 @@ private AwsCredentialsProvider roleAndSourceProfileBasedProfileCredentialsProvid
                                          .credentialsProvider(children))
                                      .orElseThrow(this::noSourceCredentialsException);
 
-        return stsCredentialsProviderFactory().create(sourceCredentialsProvider, profile);
+        String sourceFeatureId = BusinessMetricFeatureId.CREDENTIALS_PROFILE_SOURCE_PROFILE.value();
+        return createStsCredentialsProviderWithMetrics(sourceCredentialsProvider, sourceFeatureId);
     }
 
     /**
@@ -260,8 +276,10 @@ private AwsCredentialsProvider roleAndCredentialSourceBasedProfileCredentialsPro
         requireProperties(ProfileProperty.CREDENTIAL_SOURCE);
 
         CredentialSourceType credentialSource = CredentialSourceType.parse(properties.get(ProfileProperty.CREDENTIAL_SOURCE));
+        String profileSource = BusinessMetricFeatureId.CREDENTIALS_PROFILE_NAMED_PROVIDER.value();
         AwsCredentialsProvider credentialsProvider = credentialSourceCredentialProvider(credentialSource);
-        return stsCredentialsProviderFactory().create(credentialsProvider, profile);
+
+        return createStsCredentialsProviderWithMetrics(credentialsProvider, profileSource);
     }
 
     private AwsCredentialsProvider credentialSourceCredentialProvider(CredentialSourceType credentialSource) {
@@ -298,6 +316,39 @@ private IllegalStateException noSourceCredentialsException() {
         return new IllegalStateException(error);
     }
 
+    /**
+     * Extract business metrics from a credentials provider by resolving credentials and checking the provider name.
+     * This is used to propagate business metrics from source credentials to assume role operations.
+     */
+    private String extractBusinessMetricsFromProvider(AwsCredentialsProvider credentialsProvider) {
+        try {
+            AwsCredentials credentials = credentialsProvider.resolveCredentials();
+            return credentials.providerName().orElse(null);
+        } catch (Exception e) {
+            return null;
+        }
+    }
+
+    /**
+     * Helper method to create STS credentials provider with business metrics propagation.
+     * This method extracts business metrics from the source credentials provider and combines them
+     * with the profile-level business metrics before creating the STS credentials provider.
+     */
+    private AwsCredentialsProvider createStsCredentialsProviderWithMetrics(AwsCredentialsProvider sourceCredentialsProvider,
+                                                                           String profileMetric) {
+        String sourceMetrics = extractBusinessMetricsFromProvider(sourceCredentialsProvider);
+
+        String combinedSource = profileMetric;
+        if (sourceMetrics != null && !sourceMetrics.isEmpty()) {
+            combinedSource = profileMetric + "," + sourceMetrics;
+        }
+
+        ChildProfileCredentialsProviderFactory.ChildProfileCredentialsRequest request =
+            new ChildProfileCredentialsProviderFactory
+                .ChildProfileCredentialsRequest(sourceCredentialsProvider, profile, combinedSource);
+        return stsCredentialsProviderFactory().create(request);
+    }
+
     /**
      * Load the factory that can be used to create the STS credentials provider, assuming it is on the classpath.
      */