Update AwsCredentialsProviderChain for new Identity type (#3883)

Author: gosar

core/auth/src/main/java/software/amazon/awssdk/auth/credentials/AwsCredentialsProviderChain.java

@@ -22,6 +22,8 @@
 import java.util.List;
 import software.amazon.awssdk.annotations.SdkPublicApi;
 import software.amazon.awssdk.core.exception.SdkClientException;
+import software.amazon.awssdk.identity.spi.AwsCredentialsIdentity;
+import software.amazon.awssdk.identity.spi.IdentityProvider;
 import software.amazon.awssdk.utils.IoUtils;
 import software.amazon.awssdk.utils.Logger;
 import software.amazon.awssdk.utils.SdkAutoCloseable;
@@ -52,11 +54,11 @@ public final class AwsCredentialsProviderChain
                ToCopyableBuilder<AwsCredentialsProviderChain.Builder, AwsCredentialsProviderChain> {
     private static final Logger log = Logger.loggerFor(AwsCredentialsProviderChain.class);
 
-    private final List<AwsCredentialsProvider> credentialsProviders;
+    private final List<IdentityProvider<? extends AwsCredentialsIdentity>> credentialsProviders;
 
     private final boolean reuseLastProviderEnabled;
 
-    private volatile AwsCredentialsProvider lastUsedProvider;
+    private volatile IdentityProvider<? extends AwsCredentialsIdentity> lastUsedProvider;
 
     /**
      * @see #builder()
@@ -84,21 +86,33 @@ public static AwsCredentialsProviderChain of(AwsCredentialsProvider... awsCreden
         return builder().credentialsProviders(awsCredentialsProviders).build();
     }
 
+    /**
+     * Create an AWS credentials provider chain with default configuration that checks the given credential providers.
+     * @param awsCredentialsProviders The credentials providers that should be checked for credentials, in the order they should
+     *                                be checked.
+     * @return A credential provider chain that checks the provided credential providers in order.
+     */
+    public static AwsCredentialsProviderChain of(IdentityProvider<? extends AwsCredentialsIdentity>... awsCredentialsProviders) {
+        return builder().credentialsProviders(awsCredentialsProviders).build();
+    }
+
     @Override
     public AwsCredentials resolveCredentials() {
         if (reuseLastProviderEnabled && lastUsedProvider != null) {
-            return lastUsedProvider.resolveCredentials();
+            // TODO: Exception handling for join?
+            return CredentialUtils.toCredentials(lastUsedProvider.resolveIdentity().join());
         }
 
         List<String> exceptionMessages = null;
-        for (AwsCredentialsProvider provider : credentialsProviders) {
+        for (IdentityProvider<? extends AwsCredentialsIdentity> provider : credentialsProviders) {
             try {
-                AwsCredentials credentials = provider.resolveCredentials();
+                // TODO: Exception handling for join?
+                AwsCredentialsIdentity credentials = provider.resolveIdentity().join();
 
                 log.debug(() -> "Loading credentials from " + provider);
 
                 lastUsedProvider = provider;
-                return credentials;
+                return CredentialUtils.toCredentials(credentials);
             } catch (RuntimeException e) {
                 // Ignore any exceptions and move onto the next provider
                 String message = provider + ": " + e.getMessage();
@@ -156,19 +170,43 @@ public interface Builder extends CopyableBuilder<Builder, AwsCredentialsProvider
         /**
          * Configure the credentials providers that should be checked for credentials, in the order they should be checked.
          */
-        Builder credentialsProviders(AwsCredentialsProvider... credentialsProviders);
+        Builder credentialsIdentityProviders(
+            Collection<? extends IdentityProvider<? extends AwsCredentialsIdentity>> credentialsProviders);
+
+        /**
+         * Configure the credentials providers that should be checked for credentials, in the order they should be checked.
+         */
+        default Builder credentialsProviders(AwsCredentialsProvider... credentialsProviders) {
+            return credentialsProviders((IdentityProvider<? extends AwsCredentialsIdentity>[]) credentialsProviders);
+        }
+
+        /**
+         * Configure the credentials providers that should be checked for credentials, in the order they should be checked.
+         */
+        default Builder credentialsProviders(IdentityProvider<? extends AwsCredentialsIdentity>... credentialsProviders) {
+            throw new UnsupportedOperationException();
+        }
+
+        /**
+         * Add a credential provider to the chain, after the credential providers that have already been configured.
+         */
+        default Builder addCredentialsProvider(AwsCredentialsProvider credentialsProvider) {
+            return addCredentialsProvider((IdentityProvider<? extends AwsCredentialsIdentity>) credentialsProvider);
+        }
 
         /**
          * Add a credential provider to the chain, after the credential providers that have already been configured.
          */
-        Builder addCredentialsProvider(AwsCredentialsProvider credentialsProviders);
+        default Builder addCredentialsProvider(IdentityProvider<? extends AwsCredentialsIdentity> credentialsProvider) {
+            throw new UnsupportedOperationException();
+        }
 
         AwsCredentialsProviderChain build();
     }
 
     private static final class BuilderImpl implements Builder {
         private Boolean reuseLastProviderEnabled = true;
-        private List<AwsCredentialsProvider> credentialsProviders = new ArrayList<>();
+        private List<IdentityProvider<? extends AwsCredentialsIdentity>> credentialsProviders = new ArrayList<>();
 
         private BuilderImpl() {
         }
@@ -199,13 +237,25 @@ public void setCredentialsProviders(Collection<? extends AwsCredentialsProvider>
         }
 
         @Override
-        public Builder credentialsProviders(AwsCredentialsProvider... credentialsProviders) {
-            return credentialsProviders(Arrays.asList(credentialsProviders));
+        public Builder credentialsIdentityProviders(
+                Collection<? extends IdentityProvider<? extends AwsCredentialsIdentity>> credentialsProviders) {
+            this.credentialsProviders = new ArrayList<>(credentialsProviders);
+            return this;
+        }
+
+        public void setCredentialsIdentityProviders(
+                Collection<? extends IdentityProvider<? extends AwsCredentialsIdentity>> credentialsProviders) {
+            credentialsIdentityProviders(credentialsProviders);
+        }
+
+        @Override
+        public Builder credentialsProviders(IdentityProvider<? extends AwsCredentialsIdentity>... credentialsProviders) {
+            return credentialsIdentityProviders(Arrays.asList(credentialsProviders));
         }
 
         @Override
-        public Builder addCredentialsProvider(AwsCredentialsProvider credentialsProviders) {
-            this.credentialsProviders.add(credentialsProviders);
+        public Builder addCredentialsProvider(IdentityProvider<? extends AwsCredentialsIdentity> credentialsProvider) {
+            this.credentialsProviders.add(credentialsProvider);
             return this;
         }
 

core/auth/src/test/java/software/amazon/awssdk/auth/credentials/AwsCredentialsProviderChainTest.java

@@ -15,27 +15,28 @@
 
 package software.amazon.awssdk.auth.credentials;
 
-import static org.junit.Assert.assertEquals;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 
-import org.junit.Rule;
+import java.util.Arrays;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
+import org.junit.jupiter.api.function.Executable;
 import software.amazon.awssdk.core.exception.SdkClientException;
+import software.amazon.awssdk.identity.spi.AwsCredentialsIdentity;
+import software.amazon.awssdk.identity.spi.IdentityProvider;
 import software.amazon.awssdk.profiles.ProfileFile;
 import software.amazon.awssdk.utils.StringInputStream;
 
 public class AwsCredentialsProviderChainTest {
 
-    @Rule
-    public ExpectedException thrown = ExpectedException.none();
-
     /**
      * Tests that, by default, the chain remembers which provider was able to
      * provide credentials, and only calls that provider for any additional
      * calls to getCredentials.
      */
     @Test
-    public void testReusingLastProvider() throws Exception {
+    public void resolveCredentials_reuseEnabled_reusesLastProvider() throws Exception {
         MockCredentialsProvider provider1 = new MockCredentialsProvider("Failed!");
         MockCredentialsProvider provider2 = new MockCredentialsProvider();
         AwsCredentialsProviderChain chain = AwsCredentialsProviderChain.builder()
@@ -64,7 +65,7 @@ public void testReusingLastProvider() throws Exception {
      * provider that can return credentials.
      */
     @Test
-    public void testDisableReusingLastProvider() throws Exception {
+    public void resolveCredentials_reuseDisabled_alwaysGoesThroughChain() throws Exception {
         MockCredentialsProvider provider1 = new MockCredentialsProvider("Failed!");
         MockCredentialsProvider provider2 = new MockCredentialsProvider();
         AwsCredentialsProviderChain chain = AwsCredentialsProviderChain.builder()
@@ -85,7 +86,7 @@ public void testDisableReusingLastProvider() throws Exception {
     }
 
     @Test
-    public void testMissingProfileUsesNextProvider() {
+    public void resolveCredentials_missingProfile_usesNextProvider() {
         ProfileCredentialsProvider provider =
             new ProfileCredentialsProvider.BuilderImpl()
                 .defaultProfileFileLoader(() -> ProfileFile.builder()
@@ -103,24 +104,73 @@ public void testMissingProfileUsesNextProvider() {
     }
 
     /**
-     * Tests that getCredentials throws an thrown if all providers in the
+     * Tests that resolveCredentials throws an thrown if all providers in the
      * chain fail to provide credentials.
      */
     @Test
-    public void testGetCredentialsException() {
+    public void resolveCredentials_allProvidersFail_throwsExceptionWithMessageFromAllProviders() {
         MockCredentialsProvider provider1 = new MockCredentialsProvider("Failed!");
         MockCredentialsProvider provider2 = new MockCredentialsProvider("Bad!");
         AwsCredentialsProviderChain chain = AwsCredentialsProviderChain.builder()
                                                                        .credentialsProviders(provider1, provider2)
                                                                        .build();
 
-        thrown.expect(SdkClientException.class);
-        thrown.expectMessage(provider1.exceptionMessage);
-        thrown.expectMessage(provider2.exceptionMessage);
+        SdkClientException e = assertThrows(SdkClientException.class, () -> chain.resolveCredentials());
+        assertThat(e.getMessage()).contains(provider1.exceptionMessage);
+        assertThat(e.getMessage()).contains(provider2.exceptionMessage);
+    }
 
-        chain.resolveCredentials();
+    @Test
+    public void resolveCredentials_emptyChain_throwsException() {
+        assertThrowsIllegalArgument(() -> AwsCredentialsProviderChain.of());
+
+        assertThrowsIllegalArgument(() -> AwsCredentialsProviderChain
+            .builder()
+            .credentialsProviders()
+            .build());
+
+        assertThrowsIllegalArgument(() -> AwsCredentialsProviderChain
+            .builder()
+            .credentialsProviders(Arrays.asList())
+            .build());
     }
 
+    private void assertThrowsIllegalArgument(Executable executable) {
+        IllegalArgumentException e = assertThrows(IllegalArgumentException.class, executable);
+        assertThat(e.getMessage()).contains("No credential providers were specified.");
+    }
+
+    /**
+     * Tests that the chain is setup correctly with the overloaded methods that accept the AwsCredentialsProvider type.
+     */
+    @Test
+    public void createMethods_withOldCredentialsType_work() {
+        AwsCredentialsProvider provider = StaticCredentialsProvider.create(AwsBasicCredentials.create(
+            "accessKey", "secretKey"));
+        assertChainResolvesCorrectly(AwsCredentialsProviderChain.of(provider));
+        assertChainResolvesCorrectly(AwsCredentialsProviderChain.builder().credentialsProviders(provider).build());
+        assertChainResolvesCorrectly(AwsCredentialsProviderChain.builder().credentialsProviders(Arrays.asList(provider)).build());
+        assertChainResolvesCorrectly(AwsCredentialsProviderChain.builder().addCredentialsProvider(provider).build());
+    }
+
+    /**
+     * Tests that the chain is setup correctly with the overloaded methods that accept the IdentityProvider type.
+     */
+    @Test
+    public void createMethods_withNewCredentialsType_work() {
+        IdentityProvider<AwsCredentialsIdentity> provider = StaticCredentialsProvider.create(AwsBasicCredentials.create(
+            "accessKey", "secretKey"));
+        assertChainResolvesCorrectly(AwsCredentialsProviderChain.of(provider));
+        assertChainResolvesCorrectly(AwsCredentialsProviderChain.builder().credentialsProviders(provider).build());
+        assertChainResolvesCorrectly(AwsCredentialsProviderChain.builder().credentialsIdentityProviders(Arrays.asList(provider)).build());
+        assertChainResolvesCorrectly(AwsCredentialsProviderChain.builder().addCredentialsProvider(provider).build());
+    }
+
+    private static void assertChainResolvesCorrectly(AwsCredentialsProviderChain chain) {
+        AwsCredentials credentials = chain.resolveCredentials();
+        assertThat(credentials.accessKeyId()).isEqualTo("accessKey");
+        assertThat(credentials.secretAccessKey()).isEqualTo("secretKey");
+    }
 
     private static final class MockCredentialsProvider implements AwsCredentialsProvider {
         private final StaticCredentialsProvider staticCredentialsProvider;