PR Cleanups

aws · Sep 25, 2024 · 3b2493e · 3b2493e
1 parent a054c17
commit 3b2493e
Show file tree

Hide file tree

Showing 6 changed files with 59 additions and 22 deletions.
diff --git a/build_tools/aws-sdk-code-generator/lib/aws-sdk-code-generator/views/service_module.rb b/build_tools/aws-sdk-code-generator/lib/aws-sdk-code-generator/views/service_module.rb
@@ -10,13 +10,12 @@ class ServiceModule < View
       # @option options [required, String] :prefix
       def initialize(options)
         @service = options.fetch(:service)
-        @service_identifier = @service.identifier
         @prefix = options.fetch(:prefix)
         @codegenerated_plugins = options.fetch(:codegenerated_plugins) || []
       end
 
       # @return [String]
-      attr_reader :service_identifier
+      attr_reader :prefix
 
       # @return [String|nil]
       def generated_src_warning
@@ -64,6 +63,11 @@ def require_core_guard?
         @service.included_in_core?
       end
 
+      # @return [String]
+      def service_identifier
+        @service.identifier
+      end
+
       # @return [Array<Hash>] list of autoload path hashes with :path, :class_name and
       # :is_plugin keys.
       def autoloads
@@ -112,10 +116,6 @@ def auto_load(path, class_name, is_plugin = false)
         }
       end
 
-      def prefix
-        @prefix
-      end
-
       def example_var_name
         underscore(name)
       end

diff --git a/gems/aws-sdk-core/lib/aws-sdk-core/assume_role_credentials.rb b/gems/aws-sdk-core/lib/aws-sdk-core/assume_role_credentials.rb
@@ -62,14 +62,9 @@ def initialize(options = {})
     private
 
     def refresh
-      c = @client.assume_role(@assume_role_params)
-      creds = c.credentials
-      account_id =
-        begin
-          ARNParser.parse(c.assumed_role_user&.arn).account_id
-        rescue Aws::Errors::InvalidARNError
-          nil
-        end
+      resp = @client.assume_role(@assume_role_params)
+      creds = resp.credentials
+      account_id = parse_account_id(resp)
       @credentials = Credentials.new(
         creds.access_key_id,
         creds.secret_access_key,
@@ -79,6 +74,11 @@ def refresh
       @expiration = creds.expiration
     end
 
+    def parse_account_id(resp)
+      arn = resp.assumed_role_user&.arn
+      ARNParser.parse(arn).account_id if ARNParser.arn?(arn)
+    end
+
     class << self
 
       # @api private

diff --git a/gems/aws-sdk-core/lib/aws-sdk-core/assume_role_web_identity_credentials.rb b/gems/aws-sdk-core/lib/aws-sdk-core/assume_role_web_identity_credentials.rb
@@ -73,14 +73,9 @@ def refresh
       # read from token file everytime it refreshes
       @assume_role_web_identity_params[:web_identity_token] = _token_from_file(@token_file)
 
-      c = @client.assume_role_with_web_identity(@assume_role_web_identity_params)
-      creds = c.credentials
-      account_id =
-        begin
-          ARNParser.parse(c.assumed_role_user.arn).account_id
-        rescue Aws::Errors::InvalidARNError
-          nil
-        end
+      resp = @client.assume_role_with_web_identity(@assume_role_web_identity_params)
+      creds = resp.credentials
+      account_id = parse_account_id(resp)
       @credentials = Credentials.new(
         creds.access_key_id,
         creds.secret_access_key,
@@ -101,6 +96,11 @@ def _session_name
       Base64.strict_encode64(SecureRandom.uuid)
     end
 
+    def parse_account_id(resp)
+      arn = resp.assumed_role_user&.arn
+      ARNParser.parse(arn).account_id if ARNParser.arn?(arn)
+    end
+
     class << self
 
       # @api private

diff --git a/gems/aws-sdk-core/lib/aws-sdk-core/plugins.rb b/gems/aws-sdk-core/lib/aws-sdk-core/plugins.rb
@@ -3,6 +3,7 @@
 module Aws
   # setup autoloading for Plugins
   # Most plugins are required explicitly from service clients
+  # but users may reference them outside of client usage.
   module Plugins
     autoload :ApiKey, 'aws-sdk-core/plugins/api_key'
     autoload :BearerAuthorization, 'aws-sdk-core/plugins/bearer_authorization'

diff --git a/gems/aws-sdk-core/spec/aws/assume_role_credentials_spec.rb b/gems/aws-sdk-core/spec/aws/assume_role_credentials_spec.rb
@@ -118,6 +118,24 @@ module Aws
       expect(c.expiration).to eq(in_one_hour)
     end
 
+    context 'invalid assumed role arn' do
+      let(:assumed_role_user) do
+        double(
+          'assumed_role_user',
+          arn: 'invalid_arn',
+          assumed_role_id: 'role id'
+        )
+      end
+
+      it 'does not set accountId' do
+        c = AssumeRoleCredentials.new(
+          role_arn: 'arn',
+          role_session_name: 'session'
+        )
+        expect(c.credentials.account_id).to be_nil
+      end
+    end
+
     it 'refreshes asynchronously' do
       # expiration 6 minutes out, within the async exp time window
       allow(credentials).to receive(:expiration).and_return(Time.now + (6*60))

diff --git a/gems/aws-sdk-core/spec/aws/assume_role_web_identity_credentials_spec.rb b/gems/aws-sdk-core/spec/aws/assume_role_web_identity_credentials_spec.rb
@@ -168,6 +168,24 @@ module Aws
       expect(c.expiration).to eq(in_one_hour)
     end
 
+    context 'invalid assumed role arn' do
+      let(:assumed_role_user) do
+        double(
+          'assumed_role_user',
+          arn: 'invalid_arn',
+          assumed_role_id: 'role id'
+        )
+      end
+
+      it 'does not set accountId' do
+        c = AssumeRoleWebIdentityCredentials.new(
+          role_arn: 'arn',
+          web_identity_token_file: token_file_path,
+          )
+        expect(c.credentials.account_id).to be_nil
+      end
+    end
+
     it 'refreshes asynchronously' do
       # expiration 6 minutes out, within the async exp time window
       allow(credentials).to receive(:expiration).and_return(Time.now + (6*60))