aws · cenedhryn · Aug 23, 2023 · Aug 22, 2023 · Aug 23, 2023
@@ -32,6 +32,9 @@ public final class DefaultQueryAuthSchemeParams implements QueryAuthSchemeParams
 
     private final Boolean useFIPSEndpoint;
 
+
+    private final String awsAccountId;
+
     private final String endpointId;
 
     private final Boolean defaultTrueParam;
@@ -51,6 +54,7 @@ private DefaultQueryAuthSchemeParams(Builder builder) {
         this.region = builder.region;
         this.useDualStackEndpoint = builder.useDualStackEndpoint;
         this.useFIPSEndpoint = builder.useFIPSEndpoint;
+        this.awsAccountId = builder.awsAccountId;
         this.endpointId = builder.endpointId;
         this.defaultTrueParam = Validate.paramNotNull(builder.defaultTrueParam, "defaultTrueParam");
         this.defaultStringParam = Validate.paramNotNull(builder.defaultStringParam, "defaultStringParam");
@@ -84,6 +88,11 @@ public Boolean useFipsEndpoint() {
         return useFIPSEndpoint;
     }
 
+    @Override
+    public String awsAccountId() {
+        return awsAccountId;
+    }
+
     @Override
     public String endpointId() {
         return endpointId;
@@ -134,6 +143,8 @@ private static final class Builder implements QueryAuthSchemeParams.Builder {
 
         private Boolean useFIPSEndpoint;
 
+        private String awsAccountId;
+
         private String endpointId;
 
         private Boolean defaultTrueParam = true;
@@ -156,6 +167,7 @@ private static final class Builder implements QueryAuthSchemeParams.Builder {
             this.region = params.region;
             this.useDualStackEndpoint = params.useDualStackEndpoint;
             this.useFIPSEndpoint = params.useFIPSEndpoint;
+            this.awsAccountId = params.awsAccountId;
             this.endpointId = params.endpointId;
             this.defaultTrueParam = params.defaultTrueParam;
             this.defaultStringParam = params.defaultStringParam;
@@ -189,6 +201,12 @@ public Builder useFipsEndpoint(Boolean useFIPSEndpoint) {
             return this;
         }
 
+        @Override
+        public Builder awsAccountId(String awsAccountId) {
+            this.awsAccountId = awsAccountId;
+            return this;
+        }
+
         @Override
         public Builder endpointId(String endpointId) {
             this.endpointId = endpointId;

@@ -55,7 +55,7 @@ public static QueryAuthSchemeProvider create() {
     public List<AuthSchemeOption> resolveAuthScheme(QueryAuthSchemeParams params) {
         QueryEndpointParams endpointParameters = QueryEndpointParams.builder().region(params.region())
                 .useDualStackEndpoint(params.useDualStackEndpoint()).useFipsEndpoint(params.useFipsEndpoint())
-                .endpointId(params.endpointId()).defaultTrueParam(params.defaultTrueParam())
+                 .awsAccountId(params.awsAccountId()).endpointId(params.endpointId()).defaultTrueParam(params.defaultTrueParam())
                 .defaultStringParam(params.defaultStringParam()).deprecatedParam(params.deprecatedParam())
                 .booleanContextParam(params.booleanContextParam()).stringContextParam(params.stringContextParam())
                 .operationContextParam(params.operationContextParam()).build();

@@ -49,6 +49,8 @@ static Builder builder() {
 
     Boolean useFipsEndpoint();
 
+    String awsAccountId();
+
     String endpointId();
 
     /**
@@ -90,6 +92,8 @@ interface Builder extends CopyableBuilder<Builder, QueryAuthSchemeParams> {
 
         Builder useFipsEndpoint(Boolean useFIPSEndpoint);
 
+        Builder awsAccountId(String awsAccountId);
+
         Builder endpointId(String endpointId);
 
         /**

@@ -102,6 +102,7 @@ private QueryAuthSchemeParams authSchemeParams(SdkRequest request, ExecutionAttr
         builder.region(endpointParams.region());
         builder.useDualStackEndpoint(endpointParams.useDualStackEndpoint());
         builder.useFipsEndpoint(endpointParams.useFipsEndpoint());
+        builder.awsAccountId(endpointParams.awsAccountId());
         builder.endpointId(endpointParams.endpointId());
         builder.defaultTrueParam(endpointParams.defaultTrueParam());
         builder.defaultStringParam(endpointParams.defaultStringParam());

@@ -158,6 +158,7 @@ private BuilderImpl(QueryEndpointParams builder) {
             this.region = builder.region;
             this.useDualStackEndpoint = builder.useDualStackEndpoint;
             this.useFIPSEndpoint = builder.useFIPSEndpoint;
+            this.awsAccountId = builder.awsAccountId;
             this.endpointId = builder.endpointId;
             this.defaultTrueParam = builder.defaultTrueParam;
             this.defaultStringParam = builder.defaultStringParam;

@@ -129,11 +129,10 @@ private RefreshResult<AwsCredentials> refreshCredentials() {
             JsonNode credentialsJson = parseProcessOutput(processOutput);
 
             AwsCredentials credentials = credentials(credentialsJson);
-            Instant credentialExpirationTime = credentialExpirationTime(credentialsJson);
-
+            Instant expirationTime = credentials.expirationTime().orElse(Instant.MAX);
             return RefreshResult.builder(credentials)
-                                .staleTime(credentialExpirationTime)
-                                .prefetchTime(credentialExpirationTime.minusMillis(credentialRefreshThreshold.toMillis()))
+                                .staleTime(expirationTime)
+                                .prefetchTime(expirationTime.minusMillis(credentialRefreshThreshold.toMillis()))
                                 .build();
         } catch (InterruptedException e) {
             throw new IllegalStateException("Process-based credential refreshing has been interrupted.", e);
@@ -166,28 +165,33 @@ private AwsCredentials credentials(JsonNode credentialsJson) {
         String accessKeyId = getText(credentialsJson, "AccessKeyId");
         String secretAccessKey = getText(credentialsJson, "SecretAccessKey");
         String sessionToken = getText(credentialsJson, "SessionToken");
+        String accountId = getText(credentialsJson, "AccountId");
 
         Validate.notEmpty(accessKeyId, "AccessKeyId cannot be empty.");
         Validate.notEmpty(secretAccessKey, "SecretAccessKey cannot be empty.");
 
         if (sessionToken != null) {
-            return AwsSessionCredentials.create(accessKeyId, secretAccessKey, sessionToken);
-        } else {
-            return AwsBasicCredentials.create(accessKeyId, secretAccessKey);
+            return AwsSessionCredentials.builder()
+                                        .accessKeyId(accessKeyId)
+                                        .secretAccessKey(secretAccessKey)
+                                        .sessionToken(sessionToken)
+                                        .expirationTime(credentialExpirationTime(credentialsJson))
+                                        .accountId(accountId)
+                                        .build();
         }
+        return AwsBasicCredentials.builder()
+                                  .accessKeyId(accessKeyId)
+                                  .secretAccessKey(secretAccessKey)
+                                  .accountId(accountId)
+                                  .build();
     }
 
     /**
      * Parse the process output to retrieve the expiration date and time.
      */
     private Instant credentialExpirationTime(JsonNode credentialsJson) {
         String expiration = getText(credentialsJson, "Expiration");
-
-        if (expiration != null) {
-            return DateUtils.parseIso8601Date(expiration);
-        } else {
-            return Instant.MAX;
-        }
+        return expiration != null ? DateUtils.parseIso8601Date(expiration) : null;
     }
 
     /**