Loading CHANGELOG.next.toml +6 −0 Original line number Diff line number Diff line Loading @@ -40,3 +40,9 @@ message = """`requireEndpointResolver: false` is no longer required to remove th references = ["smithy-rs#3292"] meta = { "breaking" = false, "tada" = false, "bug" = false } author = "rcoh" [[aws-sdk-rust]] message = "Fix bug in `CredentialsProcess` provider where `expiry` was incorrectly treated as a required field." references = ["smithy-rs#3335", "aws-sdk-rust#1021"] meta = { "breaking" = false, "tada" = false, "bug" = true } author = "rcoh" aws/rust-runtime/aws-config/Cargo.toml +1 −0 Original line number Diff line number Diff line Loading @@ -77,6 +77,7 @@ aws-smithy-async = { path = "../../sdk/build/aws-sdk/sdk/aws-smithy-async", feat [package.metadata.docs.rs] all-features = true targets = ["x86_64-unknown-linux-gnu"] cargo-args = ["-Zunstable-options", "-Zrustdoc-scrape-examples"] rustdoc-args = ["--cfg", "docsrs"] # End of docs.rs metadata Loading aws/rust-runtime/aws-config/src/credential_process.rs +40 −34 Original line number Diff line number Diff line Loading @@ -7,7 +7,7 @@ //! Credentials Provider for external process use crate::json_credentials::{json_parse_loop, InvalidJsonCredentials, RefreshableCredentials}; use crate::json_credentials::{json_parse_loop, InvalidJsonCredentials}; use crate::sensitive_command::CommandWithSensitiveArgs; use aws_credential_types::provider::{self, error::CredentialsError, future, ProvideCredentials}; use aws_credential_types::Credentials; Loading Loading @@ -120,25 +120,12 @@ impl CredentialProcessProvider { )) })?; match parse_credential_process_json_credentials(output) { Ok(RefreshableCredentials { access_key_id, secret_access_key, session_token, expiration, .. }) => Ok(Credentials::new( access_key_id, secret_access_key, Some(session_token.to_string()), expiration.into(), "CredentialProcess", )), Err(invalid) => Err(CredentialsError::provider_error(format!( parse_credential_process_json_credentials(output).map_err(|invalid| { CredentialsError::provider_error(format!( "Error retrieving credentials from external process, could not parse response: {}", invalid ))), } )) }) } } Loading @@ -149,7 +136,7 @@ impl CredentialProcessProvider { /// Keys are case insensitive. pub(crate) fn parse_credential_process_json_credentials( credentials_response: &str, ) -> Result<RefreshableCredentials<'_>, InvalidJsonCredentials> { ) -> Result<Credentials, InvalidJsonCredentials> { let mut version = None; let mut access_key_id = None; let mut secret_access_key = None; Loading Loading @@ -206,25 +193,32 @@ pub(crate) fn parse_credential_process_json_credentials( let access_key_id = access_key_id.ok_or(InvalidJsonCredentials::MissingField("AccessKeyId"))?; let secret_access_key = secret_access_key.ok_or(InvalidJsonCredentials::MissingField("SecretAccessKey"))?; let session_token = session_token.ok_or(InvalidJsonCredentials::MissingField("Token"))?; let expiration = expiration.ok_or(InvalidJsonCredentials::MissingField("Expiration"))?; let expiration = SystemTime::try_from(OffsetDateTime::parse(&expiration, &Rfc3339).map_err(|err| { let expiration = expiration.map(parse_expiration).transpose()?; if expiration.is_none() { tracing::debug!("no expiration provided for credentials provider credentials. these credentials will never be refreshed.") } Ok(Credentials::new( access_key_id, secret_access_key, session_token.map(|tok| tok.to_string()), expiration, "CredentialProcess", )) } fn parse_expiration(expiration: impl AsRef<str>) -> Result<SystemTime, InvalidJsonCredentials> { SystemTime::try_from( OffsetDateTime::parse(expiration.as_ref(), &Rfc3339).map_err(|err| { InvalidJsonCredentials::InvalidField { field: "Expiration", err: err.into(), } })?) })?, ) .map_err(|_| { InvalidJsonCredentials::Other( "credential expiration time cannot be represented by a DateTime".into(), ) })?; Ok(RefreshableCredentials { access_key_id, secret_access_key, session_token, expiration, }) } Loading Loading @@ -258,6 +252,18 @@ mod test { ); } #[tokio::test] async fn test_credential_process_no_expiry() { let provider = CredentialProcessProvider::new(String::from( r#"echo '{ "Version": 1, "AccessKeyId": "ASIARTESTID", "SecretAccessKey": "TESTSECRETKEY" }'"#, )); let creds = provider.provide_credentials().await.expect("valid creds"); assert_eq!(creds.access_key_id(), "ASIARTESTID"); assert_eq!(creds.secret_access_key(), "TESTSECRETKEY"); assert_eq!(creds.session_token(), None); assert_eq!(creds.expiry(), None); } #[tokio::test] async fn credentials_process_timeouts() { let provider = CredentialProcessProvider::new(String::from("sleep 1000")); Loading aws/rust-runtime/aws-credential-types/Cargo.toml +1 −0 Original line number Diff line number Diff line Loading @@ -24,6 +24,7 @@ tokio = { version = "1.23.1", features = ["full", "test-util", "rt"] } [package.metadata.docs.rs] all-features = true targets = ["x86_64-unknown-linux-gnu"] cargo-args = ["-Zunstable-options", "-Zrustdoc-scrape-examples"] rustdoc-args = ["--cfg", "docsrs"] # End of docs.rs metadata Loading aws/rust-runtime/aws-endpoint/Cargo.toml +1 −0 Original line number Diff line number Diff line Loading @@ -10,5 +10,6 @@ repository = "https://github.com/smithy-lang/smithy-rs" [package.metadata.docs.rs] all-features = true targets = ["x86_64-unknown-linux-gnu"] cargo-args = ["-Zunstable-options", "-Zrustdoc-scrape-examples"] rustdoc-args = ["--cfg", "docsrs"] # End of docs.rs metadata Loading
CHANGELOG.next.toml +6 −0 Original line number Diff line number Diff line Loading @@ -40,3 +40,9 @@ message = """`requireEndpointResolver: false` is no longer required to remove th references = ["smithy-rs#3292"] meta = { "breaking" = false, "tada" = false, "bug" = false } author = "rcoh" [[aws-sdk-rust]] message = "Fix bug in `CredentialsProcess` provider where `expiry` was incorrectly treated as a required field." references = ["smithy-rs#3335", "aws-sdk-rust#1021"] meta = { "breaking" = false, "tada" = false, "bug" = true } author = "rcoh"
aws/rust-runtime/aws-config/Cargo.toml +1 −0 Original line number Diff line number Diff line Loading @@ -77,6 +77,7 @@ aws-smithy-async = { path = "../../sdk/build/aws-sdk/sdk/aws-smithy-async", feat [package.metadata.docs.rs] all-features = true targets = ["x86_64-unknown-linux-gnu"] cargo-args = ["-Zunstable-options", "-Zrustdoc-scrape-examples"] rustdoc-args = ["--cfg", "docsrs"] # End of docs.rs metadata Loading
aws/rust-runtime/aws-config/src/credential_process.rs +40 −34 Original line number Diff line number Diff line Loading @@ -7,7 +7,7 @@ //! Credentials Provider for external process use crate::json_credentials::{json_parse_loop, InvalidJsonCredentials, RefreshableCredentials}; use crate::json_credentials::{json_parse_loop, InvalidJsonCredentials}; use crate::sensitive_command::CommandWithSensitiveArgs; use aws_credential_types::provider::{self, error::CredentialsError, future, ProvideCredentials}; use aws_credential_types::Credentials; Loading Loading @@ -120,25 +120,12 @@ impl CredentialProcessProvider { )) })?; match parse_credential_process_json_credentials(output) { Ok(RefreshableCredentials { access_key_id, secret_access_key, session_token, expiration, .. }) => Ok(Credentials::new( access_key_id, secret_access_key, Some(session_token.to_string()), expiration.into(), "CredentialProcess", )), Err(invalid) => Err(CredentialsError::provider_error(format!( parse_credential_process_json_credentials(output).map_err(|invalid| { CredentialsError::provider_error(format!( "Error retrieving credentials from external process, could not parse response: {}", invalid ))), } )) }) } } Loading @@ -149,7 +136,7 @@ impl CredentialProcessProvider { /// Keys are case insensitive. pub(crate) fn parse_credential_process_json_credentials( credentials_response: &str, ) -> Result<RefreshableCredentials<'_>, InvalidJsonCredentials> { ) -> Result<Credentials, InvalidJsonCredentials> { let mut version = None; let mut access_key_id = None; let mut secret_access_key = None; Loading Loading @@ -206,25 +193,32 @@ pub(crate) fn parse_credential_process_json_credentials( let access_key_id = access_key_id.ok_or(InvalidJsonCredentials::MissingField("AccessKeyId"))?; let secret_access_key = secret_access_key.ok_or(InvalidJsonCredentials::MissingField("SecretAccessKey"))?; let session_token = session_token.ok_or(InvalidJsonCredentials::MissingField("Token"))?; let expiration = expiration.ok_or(InvalidJsonCredentials::MissingField("Expiration"))?; let expiration = SystemTime::try_from(OffsetDateTime::parse(&expiration, &Rfc3339).map_err(|err| { let expiration = expiration.map(parse_expiration).transpose()?; if expiration.is_none() { tracing::debug!("no expiration provided for credentials provider credentials. these credentials will never be refreshed.") } Ok(Credentials::new( access_key_id, secret_access_key, session_token.map(|tok| tok.to_string()), expiration, "CredentialProcess", )) } fn parse_expiration(expiration: impl AsRef<str>) -> Result<SystemTime, InvalidJsonCredentials> { SystemTime::try_from( OffsetDateTime::parse(expiration.as_ref(), &Rfc3339).map_err(|err| { InvalidJsonCredentials::InvalidField { field: "Expiration", err: err.into(), } })?) })?, ) .map_err(|_| { InvalidJsonCredentials::Other( "credential expiration time cannot be represented by a DateTime".into(), ) })?; Ok(RefreshableCredentials { access_key_id, secret_access_key, session_token, expiration, }) } Loading Loading @@ -258,6 +252,18 @@ mod test { ); } #[tokio::test] async fn test_credential_process_no_expiry() { let provider = CredentialProcessProvider::new(String::from( r#"echo '{ "Version": 1, "AccessKeyId": "ASIARTESTID", "SecretAccessKey": "TESTSECRETKEY" }'"#, )); let creds = provider.provide_credentials().await.expect("valid creds"); assert_eq!(creds.access_key_id(), "ASIARTESTID"); assert_eq!(creds.secret_access_key(), "TESTSECRETKEY"); assert_eq!(creds.session_token(), None); assert_eq!(creds.expiry(), None); } #[tokio::test] async fn credentials_process_timeouts() { let provider = CredentialProcessProvider::new(String::from("sleep 1000")); Loading
aws/rust-runtime/aws-credential-types/Cargo.toml +1 −0 Original line number Diff line number Diff line Loading @@ -24,6 +24,7 @@ tokio = { version = "1.23.1", features = ["full", "test-util", "rt"] } [package.metadata.docs.rs] all-features = true targets = ["x86_64-unknown-linux-gnu"] cargo-args = ["-Zunstable-options", "-Zrustdoc-scrape-examples"] rustdoc-args = ["--cfg", "docsrs"] # End of docs.rs metadata Loading
aws/rust-runtime/aws-endpoint/Cargo.toml +1 −0 Original line number Diff line number Diff line Loading @@ -10,5 +10,6 @@ repository = "https://github.com/smithy-lang/smithy-rs" [package.metadata.docs.rs] all-features = true targets = ["x86_64-unknown-linux-gnu"] cargo-args = ["-Zunstable-options", "-Zrustdoc-scrape-examples"] rustdoc-args = ["--cfg", "docsrs"] # End of docs.rs metadata
