From 5f577278d4fe5046298f5383684b228fd32c4f45 Mon Sep 17 00:00:00 2001
From: Matt Muller <mamuller@amazon.com>
Date: Fri, 20 Oct 2023 16:55:24 -0400
Subject: [PATCH] Change credentials to take kwargs

---
 .../views/spec/endpoint_provider_spec_class.rb           | 2 +-
 .../lib/aws-sdk-core/credential_provider_chain.rb        | 9 +++++++--
 gems/aws-sdk-core/lib/aws-sdk-core/credentials.rb        | 7 ++++---
 gems/aws-sdk-core/lib/aws-sdk-core/shared_config.rb      | 2 +-
 gems/aws-sdk-core/spec/aws/credential_scope_spec.rb      | 3 +--
 gems/aws-sdk-core/spec/aws/credentials_spec.rb           | 8 +++++++-
 6 files changed, 21 insertions(+), 10 deletions(-)

diff --git a/build_tools/aws-sdk-code-generator/lib/aws-sdk-code-generator/views/spec/endpoint_provider_spec_class.rb b/build_tools/aws-sdk-code-generator/lib/aws-sdk-code-generator/views/spec/endpoint_provider_spec_class.rb
index f3c25d71c93..aabd2dec25d 100644
--- a/build_tools/aws-sdk-code-generator/lib/aws-sdk-code-generator/views/spec/endpoint_provider_spec_class.rb
+++ b/build_tools/aws-sdk-code-generator/lib/aws-sdk-code-generator/views/spec/endpoint_provider_spec_class.rb
@@ -158,7 +158,7 @@ def built_in_to_param(built_in, value)
             when 'AWS::Auth::CredentialScope'
               Param.new(
                 'credentials',
-                "Aws::Credentials.new('stubbed-akid', 'stubbed-secret', nil, '#{value}')",
+                "Aws::Credentials.new('stubbed-akid', 'stubbed-secret', nil, credential_scope: '#{value}')",
                 true
               )
             when 'AWS::STS::UseGlobalEndpoint'
diff --git a/gems/aws-sdk-core/lib/aws-sdk-core/credential_provider_chain.rb b/gems/aws-sdk-core/lib/aws-sdk-core/credential_provider_chain.rb
index 2e21b6f93d4..54fd315803d 100644
--- a/gems/aws-sdk-core/lib/aws-sdk-core/credential_provider_chain.rb
+++ b/gems/aws-sdk-core/lib/aws-sdk-core/credential_provider_chain.rb
@@ -46,7 +46,7 @@ def static_credentials(options)
           options[:config].access_key_id,
           options[:config].secret_access_key,
           options[:config].session_token,
-          options[:config].credential_scope
+          credential_scope: options[:config].credential_scope
         )
       end
     end
@@ -96,7 +96,12 @@ def env_credentials(_options)
       secret = %w[AWS_SECRET_ACCESS_KEY AMAZON_SECRET_ACCESS_KEY AWS_SECRET_KEY]
       token =  %w[AWS_SESSION_TOKEN AMAZON_SESSION_TOKEN]
       scope = %w[AWS_CREDENTIAL_SCOPE]
-      Credentials.new(envar(key), envar(secret), envar(token), envar(scope))
+      Credentials.new(
+        envar(key),
+        envar(secret),
+        envar(token),
+        credential_scope: envar(scope)
+      )
     end
 
     def envar(keys)
diff --git a/gems/aws-sdk-core/lib/aws-sdk-core/credentials.rb b/gems/aws-sdk-core/lib/aws-sdk-core/credentials.rb
index 646fe99f4d1..fa57584d9ee 100644
--- a/gems/aws-sdk-core/lib/aws-sdk-core/credentials.rb
+++ b/gems/aws-sdk-core/lib/aws-sdk-core/credentials.rb
@@ -6,13 +6,14 @@ class Credentials
     # @param [String] access_key_id
     # @param [String] secret_access_key
     # @param [String] session_token (nil)
-    # @param [String] credential_scope (nil)
+    # @param [Hash] kwargs
+    # @option kwargs [String] :credential_scope (nil)
     def initialize(access_key_id, secret_access_key, session_token = nil,
-                   credential_scope = nil)
+                   **kwargs)
       @access_key_id = access_key_id
       @secret_access_key = secret_access_key
       @session_token = session_token
-      @credential_scope = credential_scope
+      @credential_scope = kwargs[:credential_scope]
     end
 
     # @return [String]
diff --git a/gems/aws-sdk-core/lib/aws-sdk-core/shared_config.rb b/gems/aws-sdk-core/lib/aws-sdk-core/shared_config.rb
index e1b6c80ce8d..f7430dc06c1 100644
--- a/gems/aws-sdk-core/lib/aws-sdk-core/shared_config.rb
+++ b/gems/aws-sdk-core/lib/aws-sdk-core/shared_config.rb
@@ -412,7 +412,7 @@ def credentials_from_profile(prof_config)
         prof_config['aws_access_key_id'],
         prof_config['aws_secret_access_key'],
         prof_config['aws_session_token'],
-        prof_config['aws_credential_scope']
+        credential_scope: prof_config['aws_credential_scope']
       )
       creds if creds.set?
     end
diff --git a/gems/aws-sdk-core/spec/aws/credential_scope_spec.rb b/gems/aws-sdk-core/spec/aws/credential_scope_spec.rb
index 3519ee3b860..23481757694 100644
--- a/gems/aws-sdk-core/spec/aws/credential_scope_spec.rb
+++ b/gems/aws-sdk-core/spec/aws/credential_scope_spec.rb
@@ -20,8 +20,7 @@ def setup_profile(profile)
         credentials: Credentials.new(
           profile['aws_access_key_id'],
           profile['aws_secret_access_key'],
-          nil,
-          profile['aws_credential_scope']
+          credential_scope: profile['aws_credential_scope']
         ),
         set?: true
       )
diff --git a/gems/aws-sdk-core/spec/aws/credentials_spec.rb b/gems/aws-sdk-core/spec/aws/credentials_spec.rb
index 402a38260f1..bf5cea7a667 100644
--- a/gems/aws-sdk-core/spec/aws/credentials_spec.rb
+++ b/gems/aws-sdk-core/spec/aws/credentials_spec.rb
@@ -22,8 +22,14 @@ module Aws
       expect(Credentials.new('akid', 'secret').session_token).to be(nil)
     end
 
+    it 'takes extra properties after session token' do
+      expect do
+        Credentials.new('akid', 'secret', nil, foo: 'bar')
+      end.to_not raise_error
+    end
+
     it 'provides access to the credential scope' do
-      creds = Credentials.new('akid', 'secret', nil, 'scope')
+      creds = Credentials.new('akid', 'secret', credential_scope: 'scope')
       expect(creds.credential_scope).to eq('scope')
     end