Merge branch 'feature/master/a1a78346-2a82-43fa-baba-807d38332305' into staging/98198af2-4dda-4967-85e1-adac8d2c7d65

Author: alextwoods

.changes/next-release/feature-AWSSignin-b6d69fa.json

@@ -0,0 +1,6 @@
+{
+    "type": "feature",
+    "category": "AWS Signin",
+    "contributor": "",
+    "description": "Add the LoginCredentialsProvider which allows use of AWS credentials vended by AWS Sign-In that correspond to an AWS Console session. AWS Sign-In credentials will be used automatically by the Credential resolution chain when `login_session` is set in the profile."
+}

aws-sdk-java/pom.xml

@@ -17,7 +17,7 @@
     <parent>
         <groupId>software.amazon.awssdk</groupId>
         <artifactId>aws-sdk-java-pom</artifactId>
-        <version>2.39.0</version>
+        <version>2.39.0-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <artifactId>aws-sdk-java</artifactId>

bom/pom.xml

@@ -17,7 +17,7 @@
     <parent>
         <groupId>software.amazon.awssdk</groupId>
         <artifactId>aws-sdk-java-pom</artifactId>
-        <version>2.39.0</version>
+        <version>2.39.0-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <artifactId>bom</artifactId>

core/auth/src/main/java/software/amazon/awssdk/auth/credentials/internal/ProfileCredentialsUtils.java

@@ -57,6 +57,8 @@ public final class ProfileCredentialsUtils {
         "software.amazon.awssdk.services.sts.internal.StsProfileCredentialsProviderFactory";
     private static final String SSO_PROFILE_CREDENTIALS_PROVIDER_FACTORY =
         "software.amazon.awssdk.services.sso.auth.SsoProfileCredentialsProviderFactory";
+    private static final String LOGIN_PROFILE_CREDENTIALS_PROVIDER_FACTORY =
+        "software.amazon.awssdk.services.signin.auth.LoginProfileCredentialsProviderFactory";
 
     /**
      * The profile file containing {@code profile}.
@@ -144,6 +146,10 @@ private Optional<CredentialsWithFeatureId> credentialsProviderWithFeatureID(Set<
             }
         }
 
+        if (properties.containsKey(ProfileProperty.LOGIN_SESSION)) {
+            return Optional.of(loginProfileCredentialsProvider());
+        }
+
         if (properties.containsKey(ProfileProperty.CREDENTIAL_PROCESS)) {
             return Optional.of(credentialProcessCredentialsProvider());
         }
@@ -243,6 +249,20 @@ private boolean isLegacySsoConfiguration() {
         return !properties.containsKey(ProfileSection.SSO_SESSION.getPropertyKeyName());
     }
 
+    /**
+     * Create the SSO credentials provider based on the related profile properties.
+     */
+    private CredentialsWithFeatureId loginProfileCredentialsProvider() {
+        AwsCredentialsProvider provider = loginCredentialsProviderFactory().create(
+            ProfileProviderCredentialsContext.builder()
+                                             .profile(profile)
+                                             .profileFile(profileFile)
+                                             .sourceChain(BusinessMetricFeatureId.CREDENTIALS_PROFILE_LOGIN.value())
+                                             .build());
+
+        return new CredentialsWithFeatureId(provider, BusinessMetricFeatureId.CREDENTIALS_PROFILE_LOGIN.value());
+    }
+
     private CredentialsWithFeatureId roleAndWebIdentityTokenProfileCredentialsProvider() {
         requireProperties(ProfileProperty.ROLE_ARN, ProfileProperty.WEB_IDENTITY_TOKEN_FILE);
 
@@ -418,4 +438,17 @@ private ProfileCredentialsProviderFactory ssoCredentialsProviderFactory() {
             throw new IllegalStateException("Failed to create the '" + name + "' profile credentials provider.", e);
         }
     }
+
+    private ProfileCredentialsProviderFactory loginCredentialsProviderFactory() {
+        try {
+            Class<?> loginProfileCredentialsProviderFactory =
+                ClassLoaderHelper.loadClass(LOGIN_PROFILE_CREDENTIALS_PROVIDER_FACTORY, getClass());
+            return (ProfileCredentialsProviderFactory) loginProfileCredentialsProviderFactory.getConstructor().newInstance();
+        } catch (ClassNotFoundException e) {
+            throw new IllegalStateException("To use login_session property in the '" + name + "' profile, the 'signin' service "
+                                            + "module must be on the class path.", e);
+        } catch (NoSuchMethodException | InvocationTargetException | InstantiationException | IllegalAccessException e) {
+            throw new IllegalStateException("Failed to create the '" + name + "' profile credentials provider.", e);
+        }
+    }
 }

core/profiles/src/main/java/software/amazon/awssdk/profiles/ProfileProperty.java

@@ -201,6 +201,11 @@ public final class ProfileProperty {
      */
     public static final String SIGV4A_SIGNING_REGION_SET = "sigv4a_signing_region_set";
 
+    /**
+     * Property  name for login session used with AWS Login/Sign-In Credentials.
+     */
+    public static final String LOGIN_SESSION = "login_session";
+
     private ProfileProperty() {
     }
 }

core/sdk-core/src/main/java/software/amazon/awssdk/core/useragent/BusinessMetricFeatureId.java

@@ -75,6 +75,8 @@ public enum BusinessMetricFeatureId {
     CREDENTIALS_PROCESS("w"),
     CREDENTIALS_HTTP("z"),
     CREDENTIALS_IMDS("0"),
+    CREDENTIALS_PROFILE_LOGIN("AC"),
+    CREDENTIALS_LOGIN("AD"),
     UNKNOWN("Unknown");
 
     private static final Map<String, BusinessMetricFeatureId> VALUE_MAP =

feature.metadata

@@ -0,0 +1 @@
+{"trebuchetFeatureArn":"arn:aws:trebuchet:::feature:v2:a1a78346-2a82-43fa-baba-807d38332305","c2jModelsRevision":56,"messageId":1,"serviceId":"Signin","serviceModule":"signin","isNewService":false}

services/pom.xml

@@ -17,7 +17,7 @@
     <parent>
         <groupId>software.amazon.awssdk</groupId>
         <artifactId>aws-sdk-java-pom</artifactId>
-        <version>2.39.0</version>
+        <version>2.39.0-SNAPSHOT</version>
     </parent>
     <artifactId>services</artifactId>
     <name>AWS Java SDK :: Services</name>

services/signin/pom.xml

@@ -17,7 +17,7 @@
     <parent>
         <groupId>software.amazon.awssdk</groupId>
         <artifactId>services</artifactId>
-        <version>2.39.0</version>
+        <version>2.39.0-SNAPSHOT</version>
     </parent>
     <artifactId>signin</artifactId>
     <name>AWS Java SDK :: Services :: Signin</name>
@@ -56,5 +56,10 @@
             <artifactId>http-auth-aws</artifactId>
             <version>${awsjavasdk.version}</version>
         </dependency>
+        <dependency>
+            <groupId>software.amazon.awssdk</groupId>
+            <artifactId>profiles</artifactId>
+            <version>${awsjavasdk.version}</version>
+        </dependency>
     </dependencies>
 </project>