Fix EcsCredentialsProvider to respect query params (#3977)

## Motivation and Context awslabs/aws-sdk-rust#1248, and implemented the fix as prescribed. ## Testing Added a request matching unit test to the `ecs` module to ensure that query params are included in credential's HTTP request. ## Checklist - [x] For changes to the AWS SDK, generated SDK code, or SDK runtime crates, I have created a changelog entry Markdown file in the `.changelog` directory, specifying "aws-sdk-rust" in the `applies_to` key. ---- _By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice._
smithy-lang · Jan 22, 2025 · 1f9c608 · 1f9c608
1 parent e41f7d7
commit 1f9c608
Show file tree

Hide file tree

Showing 3 changed files with 54 additions and 3 deletions.
diff --git a/.changelog/1737491439.md b/.changelog/1737491439.md
@@ -0,0 +1,12 @@
+---
+applies_to:
+- aws-sdk-rust
+authors:
+- ysaito1001
+references:
+- aws-sdk-rust#1248
+breaking: false
+new_feature: false
+bug_fix: true
+---
+Fix `EcsCredentialsProvider` to include query params passed via `AWS_CONTAINER_CREDENTIALS_RELATIVE_URI`.
diff --git a/aws/rust-runtime/aws-config/Cargo.toml b/aws/rust-runtime/aws-config/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "aws-config"
-version = "1.5.14"
+version = "1.5.15"
 authors = [
     "AWS Rust SDK Team <[email protected]>",
     "Russell Cohen <[email protected]>",

diff --git a/aws/rust-runtime/aws-config/src/ecs.rs b/aws/rust-runtime/aws-config/src/ecs.rs
@@ -191,7 +191,10 @@ impl Provider {
             Err(EcsConfigurationError::NotConfigured) => return Provider::NotConfigured,
             Err(err) => return Provider::InvalidConfiguration(err),
         };
-        let path = uri.path().to_string();
+        let path_and_query = match uri.path_and_query() {
+            Some(path_and_query) => path_and_query.to_string(),
+            None => uri.path().to_string(),
+        };
         let endpoint = {
             let mut parts = uri.into_parts();
             parts.path_and_query = Some(PathAndQuery::from_static("/"));
@@ -208,7 +211,7 @@ impl Provider {
                     .read_timeout(DEFAULT_READ_TIMEOUT)
                     .build(),
             )
-            .build("EcsContainer", &endpoint, path);
+            .build("EcsContainer", &endpoint, path_and_query);
         Provider::Configured(http_provider)
     }
 
@@ -828,6 +831,42 @@ mod test {
         http_client.assert_requests_match(&[]);
     }
 
+    #[tokio::test]
+    async fn query_params_should_be_included_in_credentials_http_request() {
+        let env = Env::from_slice(&[
+            (
+                "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI",
+                "/my-credentials/?applicationName=test2024",
+            ),
+            (
+                "AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE",
+                "/var/run/secrets/pods.eks.amazonaws.com/serviceaccount/eks-pod-identity-token",
+            ),
+            ("AWS_CONTAINER_AUTHORIZATION_TOKEN", "unused"),
+        ]);
+        let fs = Fs::from_raw_map(HashMap::from([(
+            OsString::from(
+                "/var/run/secrets/pods.eks.amazonaws.com/serviceaccount/eks-pod-identity-token",
+            ),
+            "Basic password".into(),
+        )]));
+
+        let http_client = StaticReplayClient::new(vec![ReplayEvent::new(
+            creds_request(
+                "http://169.254.170.2/my-credentials/?applicationName=test2024",
+                Some("Basic password"),
+            ),
+            ok_creds_response(),
+        )]);
+        let provider = provider(env, fs, http_client.clone());
+        let creds = provider
+            .provide_credentials()
+            .await
+            .expect("valid credentials");
+        assert_correct(creds);
+        http_client.assert_requests_match(&[]);
+    }
+
     #[tokio::test]
     async fn fs_missing_file() {
         let env = Env::from_slice(&[