diff --git a/build_tools/aws-sdk-code-generator/lib/aws-sdk-code-generator/views/endpoints_module.rb b/build_tools/aws-sdk-code-generator/lib/aws-sdk-code-generator/views/endpoints_module.rb index 6e26d66b9d6..4b60720c4be 100644 --- a/build_tools/aws-sdk-code-generator/lib/aws-sdk-code-generator/views/endpoints_module.rb +++ b/build_tools/aws-sdk-code-generator/lib/aws-sdk-code-generator/views/endpoints_module.rb @@ -42,10 +42,6 @@ def initialize(options) # @return [Array] attr_reader :parameters - - def has_endpoint_built_in? - parameters.any? { |p| p.param_data['builtIn'] == 'SDK::Endpoint' } - end end class EndpointParameter @@ -153,7 +149,7 @@ def built_in_client_context_param_value(param_data) when 'AWS::S3::DisableMultiRegionAccessPoints' 'context.config.s3_disable_multiregion_access_points' when 'SDK::Endpoint' - 'endpoint' + 'context.config.regional_endpoint ? nil : context.config.endpoint.to_s' end end diff --git a/build_tools/aws-sdk-code-generator/templates/endpoints_module.mustache b/build_tools/aws-sdk-code-generator/templates/endpoints_module.mustache index 7ae625341e5..a93a5860b8a 100644 --- a/build_tools/aws-sdk-code-generator/templates/endpoints_module.mustache +++ b/build_tools/aws-sdk-code-generator/templates/endpoints_module.mustache @@ -11,11 +11,6 @@ module {{module_name}} {{#endpoint_classes}} class {{name}} def self.build(context) - {{#has_endpoint_built_in?}} - unless context.config.regional_endpoint - endpoint = context.config.endpoint.to_s - end - {{/has_endpoint_built_in?}} {{module_name}}::EndpointParameters.new( {{#parameters}} {{#static_string?}} diff --git a/gems/aws-sdk-core/CHANGELOG.md b/gems/aws-sdk-core/CHANGELOG.md index 009e2e23491..e5e64fcd52f 100644 --- a/gems/aws-sdk-core/CHANGELOG.md +++ b/gems/aws-sdk-core/CHANGELOG.md @@ -1,7 +1,7 @@ Unreleased Changes ------------------ -* Feature - Support Credential scoping using `ENV['AWS_CREDENTIAL_SCOPE']`, `aws_credential_scope` shared config, or the `credential_scope` Client configuration option. +* Feature - Support Credential scoped credentials using `ENV['AWS_CREDENTIAL_SCOPE']`, `aws_credential_scope` shared config, or the `credential_scope` Client configuration option. 3.185.1 (2023-10-05) ------------------ diff --git a/gems/aws-sdk-core/spec/aws/credential_scope_spec.rb b/gems/aws-sdk-core/spec/aws/credential_scope_spec.rb deleted file mode 100644 index 23481757694..00000000000 --- a/gems/aws-sdk-core/spec/aws/credential_scope_spec.rb +++ /dev/null @@ -1,62 +0,0 @@ -# frozen_string_literal: true - -require_relative '../spec_helper' - -module Aws - describe 'credential scope' do - file = File.expand_path('credential_scope_tests.json', __dir__) - test_cases = Aws::Json.load_file(file)['testCases'] - - def setup_env(env) - env.each do |k, v| - ENV[k] = v - end - end - - def setup_profile(profile) - # can't mock file because of how sample api is loaded - shared_credentials = double( - 'SharedCredentials', - credentials: Credentials.new( - profile['aws_access_key_id'], - profile['aws_secret_access_key'], - credential_scope: profile['aws_credential_scope'] - ), - set?: true - ) - allow(Aws::SharedCredentials) - .to receive(:new).and_return(shared_credentials) - end - - def setup_client(client_config) - config_map = { - 'region' => :region, - 'credentialScope' => :credential_scope, - 'accessKeyId' => :access_key_id, - 'secretAccessKey' => :secret_access_key - } - config = {} - client_config.each do |k, v| - config[config_map[k]] = v - end - ApiHelper.sample_service::Client.new(**config) - end - - test_cases.each do |test_case| - it "passes test case: #{test_case['documentation']}" do - setup_env(test_case['environmentVariables']) - setup_profile(test_case['profileVariables']) - client = setup_client(test_case['programmaticConfigVariables']) - expect = test_case['expect'] - - if expect.key?('credentialScope') - expected_scope = expect['credentialScope'] - expect(client.config.credentials.credentials.credential_scope) - .to eq(expected_scope) - else - raise 'Unhandled expectation in credential_scope_spec' - end - end - end - end -end diff --git a/gems/aws-sdk-core/spec/aws/credential_scope_tests.json b/gems/aws-sdk-core/spec/aws/credential_scope_tests.json deleted file mode 100644 index 14eb20df1cf..00000000000 --- a/gems/aws-sdk-core/spec/aws/credential_scope_tests.json +++ /dev/null @@ -1,99 +0,0 @@ -{ - "testCases": [ - { - "documentation": "When no credential scope is set, no credential scope is resolved.", - "expect": { - "credentialScope": null - }, - "environmentVariables": {}, - "profileVariables": { - "aws_access_key_id": "AKID", - "aws_secret_access_key": "SECRET" - }, - "programmaticConfigVariables": { - "region": "us-east-1" - } - }, - { - "documentation": "Credential scope may be sourced from an environment variable.", - "expect": { - "credentialScope": "us-east-1" - }, - "environmentVariables": { - "AWS_CREDENTIAL_SCOPE": "us-east-1", - "AWS_ACCESS_KEY_ID": "AKID", - "AWS_SECRET_ACCESS_KEY": "SECRET" - }, - "profileVariables": {}, - "programmaticConfigVariables": { - "region": "us-east-1" - } - }, - { - "documentation": "Credential scope may be sourced from an AWS profile file.", - "expect": { - "credentialScope": "us-east-1" - }, - "environmentVariables": {}, - "profileVariables": { - "aws_credential_scope": "us-east-1", - "aws_access_key_id": "AKID", - "aws_secret_access_key": "SECRET" - }, - "programmaticConfigVariables": { - "region": "us-east-1" - } - }, - { - "documentation": "Credential scope may be configured programmatically.", - "expect": { - "credentialScope": "us-east-1" - }, - "environmentVariables": {}, - "profileVariables": {}, - "programmaticConfigVariables": { - "credentialScope": "us-east-1", - "accessKeyId": "AKID", - "secretAccessKey": "SECRET", - "region": "us-east-1" - } - }, - { - "documentation": "Credential scope set programmatically takes precedence over environment variables.", - "expect": { - "credentialScope": "us-west-2" - }, - "environmentVariables": { - "AWS_CREDENTIAL_SCOPE": "us-east-1", - "AWS_ACCESS_KEY_ID": "AKID", - "AWS_SECRET_ACCESS_KEY": "SECRET" - }, - "profileVariables": {}, - "programmaticConfigVariables": { - "credentialScope": "us-west-2", - "accessKeyId": "AKID", - "secretAccessKey": "SECRET", - "region": "us-west-2" - } - }, - { - "documentation": "Credential scope set by environment variable takes precedence over profile file variables.", - "expect": { - "credentialScope": "us-west-2" - }, - "environmentVariables": { - "AWS_CREDENTIAL_SCOPE": "us-west-2", - "AWS_ACCESS_KEY_ID": "AKID", - "AWS_SECRET_ACCESS_KEY": "SECRET" - }, - "profileVariables": { - "aws_credential_scope": "us-east-1", - "aws_access_key_id": "AKID", - "aws_secret_access_key": "SECRET" - }, - "programmaticConfigVariables": { - "region": "us-west-2" - } - } - ] -} \ No newline at end of file diff --git a/gems/aws-sdk-core/spec/aws/shared_credentials_spec.rb b/gems/aws-sdk-core/spec/aws/shared_credentials_spec.rb index f05d08eea77..6b9eb754a58 100644 --- a/gems/aws-sdk-core/spec/aws/shared_credentials_spec.rb +++ b/gems/aws-sdk-core/spec/aws/shared_credentials_spec.rb @@ -25,6 +25,7 @@ module Aws expect(creds.access_key_id).to eq('ACCESS_KEY_0') expect(creds.secret_access_key).to eq('SECRET_KEY_0') expect(creds.session_token).to eq('TOKEN_0') + expect(creds.credential_scope).to eq('SCOPE_0') end it 'supports fetching profiles from ENV' do diff --git a/gems/aws-sdk-core/spec/fixtures/credentials/mock_shared_credentials b/gems/aws-sdk-core/spec/fixtures/credentials/mock_shared_credentials index b164395aa9d..a8f84a6f54e 100644 --- a/gems/aws-sdk-core/spec/fixtures/credentials/mock_shared_credentials +++ b/gems/aws-sdk-core/spec/fixtures/credentials/mock_shared_credentials @@ -2,6 +2,7 @@ aws_access_key_id = ACCESS_KEY_0 aws_secret_access_key = SECRET_KEY_0 aws_session_token = TOKEN_0 +aws_credential_scope = SCOPE_0 [fooprofile] aws_access_key_id = ACCESS_KEY_1