Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Account id endpoint support #2936

Closed
wants to merge 7 commits into from
Closed

Account id endpoint support #2936

wants to merge 7 commits into from

Conversation

mullermp
Copy link
Contributor

@mullermp mullermp commented Oct 24, 2023

Support AccountId on credentials
Support AccountId specific endpoints and a new config option account_id_endpoint_mode.

Blocked on service rules (should be passed into rules)

@mullermp mullermp requested a review from alextwoods October 24, 2023 17:58
Copy link
Contributor

@alextwoods alextwoods left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice - looks good.

@@ -154,6 +155,12 @@ def built_in_to_param(built_in, value)
Param.new('use_fips_endpoint', value)
when 'AWS::UseDualStack'
Param.new('use_dualstack_endpoint', value)
when 'AWS::Auth::AccountId'
Param.new(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We probably practically don't need to care about this - but what if multiple Auth builtins are set (ie, accountId + credentialScope)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you mean? If both are set, they are both set as parameters. Do you mean passing in "credentials" and having something delegate to either of those?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If both are set then we would have two credentials params which would end up not working correctly. At least as of right now, I think they would generally be mutually exclusive, so shouldn't matter...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Talked offline, keeping as TODO when either feature is merged.

@@ -134,6 +130,8 @@ def built_in_client_context_param_value(param_data)
else
'context.config.use_dualstack_endpoint'
end
when 'AWS::Auth::AccountId'
"context.config.account_id_endpoint_mode == 'disabled' ? nil : context.config.credentials.credentials.account_id"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since this logic may end up pushed into endpoint rules anyway, this probably doesn't matter - but I assume here is where we would need to warn/raise for preferred/required when account id is not set. (or rather, generate the code to do so)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the logic is pushed to rules, yeah, all we do is pass in the endpoint mode. I don't think we care about warning (can discuss), and raising would be done by rules, right?

@mullermp
Copy link
Contributor Author

Moved to staging repo

@mullermp mullermp closed this Apr 28, 2024
@mullermp mullermp deleted the account-id branch April 28, 2024 23:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants