fix use_fips in provider config (#3007) (bb356886) · Commits · Public Repositories / Smithy Rust

CHANGELOG.next.toml

+6 −0

Original line number	Diff line number	Diff line
		@@ -261,3 +261,9 @@ For more information, see the [Change Log Discussion](https://github.com/awslabs
		meta = { "breaking" = true, "tada" = false, "bug" = false }
		references = ["smithy-rs#3014"]
		author = "rcoh"

		[[aws-sdk-rust]]
		message = "STS and SSO-based credential providers will now respect both `use_fips` and `use_dual_stack` when those settings are configured in a user's environment or profile."
		references = ["aws-sdk-rust#882", "smithy-rs#3007"]
		meta = { "breaking" = true, "tada" = true, "bug" = true }
		author = "Velfi"

aws/rust-runtime/aws-config/src/default_provider/credentials.rs

+3 −0

Original line number	Diff line number	Diff line
		@@ -306,6 +306,9 @@ mod test {
		#[cfg(feature = "credentials-sso")]
		make_test!(sso_no_token_file);

		#[cfg(feature = "credentials-sso")]
		make_test!(e2e_fips_and_dual_stack_sso);

		#[tokio::test]
		async fn profile_name_override() {
		let conf =

aws/rust-runtime/aws-config/src/environment/credentials.rs

+1 −1

Original line number	Diff line number	Diff line
		@@ -245,6 +245,6 @@ mod test {
		fn real_environment() {
		let provider = EnvironmentVariableCredentialsProvider::new();
		// we don't know what's in the env, just make sure it doesn't crash.
		let _ = provider.provide_credentials();
		let _fut = provider.provide_credentials();
		}
		}

aws/rust-runtime/aws-config/src/lib.rs

+17 −12

Original line number	Diff line number	Diff line
		@@ -589,6 +589,23 @@ mod loader {
		.with_http_connector(http_connector.clone())
		})
		.with_profile_config(self.profile_files_override, self.profile_name_override);

		let use_fips = if let Some(use_fips) = self.use_fips {
		Some(use_fips)
		} else {
		use_fips_provider(&conf).await
		};

		let use_dual_stack = if let Some(use_dual_stack) = self.use_dual_stack {
		Some(use_dual_stack)
		} else {
		use_dual_stack_provider(&conf).await
		};

		let conf = conf
		.with_use_fips(use_fips)
		.with_use_dual_stack(use_dual_stack);

		let region = if let Some(provider) = self.region {
		provider.region().await
		} else {
		@@ -648,18 +665,6 @@ mod loader {
		None
		};

		let use_fips = if let Some(use_fips) = self.use_fips {
		Some(use_fips)
		} else {
		use_fips_provider(&conf).await
		};

		let use_dual_stack = if let Some(use_dual_stack) = self.use_dual_stack {
		Some(use_dual_stack)
		} else {
		use_dual_stack_provider(&conf).await
		};

		let mut builder = SdkConfig::builder()
		.region(region)
		.retry_config(retry_config)

aws/rust-runtime/aws-config/src/profile/credentials.rs

+8 −9

Original line number	Diff line number	Diff line
		@@ -22,15 +22,13 @@
		//! - `exec` which contains a chain representation of providers to implement passing bootstrapped credentials
		//! through a series of providers.

		use crate::profile::credentials::exec::named::NamedProviderFactory;
		use crate::profile::credentials::exec::ProviderChain;
		use crate::profile::parser::ProfileFileLoadError;
		use crate::profile::profile_file::ProfileFiles;
		use crate::profile::Profile;
		use crate::provider_config::ProviderConfig;
		use aws_credential_types::provider::{self, error::CredentialsError, future, ProvideCredentials};
		use aws_sdk_sts::config::Builder as StsConfigBuilder;
		use aws_smithy_types::error::display::DisplayErrorContext;
		use aws_types::SdkConfig;
		use std::borrow::Cow;
		use std::collections::HashMap;
		use std::error::Error;
		@@ -141,8 +139,8 @@ impl ProvideCredentials for ProfileFileCredentialsProvider {
		#[doc = include_str!("location_of_profile_files.md")]
		#[derive(Debug)]
		pub struct ProfileFileCredentialsProvider {
		factory: NamedProviderFactory,
		sts_config: StsConfigBuilder,
		factory: exec::named::NamedProviderFactory,
		sdk_config: SdkConfig,
		provider_config: ProviderConfig,
		}

		@@ -182,7 +180,7 @@ impl ProfileFileCredentialsProvider {
		};
		for provider in inner_provider.chain().iter() {
		let next_creds = provider
		.credentials(creds, &self.sts_config)
		.credentials(creds, &self.sdk_config)
		.instrument(tracing::debug_span!("load_assume_role", provider = ?provider))
		.await;
		match next_creds {
		@@ -444,7 +442,7 @@ impl Builder {

		ProfileFileCredentialsProvider {
		factory,
		sts_config: conf.sts_client_config(),
		sdk_config: conf.client_config("profile file"),
		provider_config: conf,
		}
		}
		@@ -452,8 +450,8 @@ impl Builder {

		async fn build_provider_chain(
		provider_config: &ProviderConfig,
		factory: &NamedProviderFactory,
		) -> Result<ProviderChain, ProfileFileError> {
		factory: &exec::named::NamedProviderFactory,
		) -> Result<exec::ProviderChain, ProfileFileError> {
		let profile_set = provider_config
		.try_profile()
		.await
		@@ -485,6 +483,7 @@ mod test {
		}

		make_test!(e2e_assume_role);
		make_test!(e2e_fips_and_dual_stack_sts);
		make_test!(empty_config);
		make_test!(retry_on_error);
		make_test!(invalid_config);