Adds a session token to AWS Credentials

[bandinib-amzn]

Description

The new interface in the data source plugin, named registerCredentialProvider makes it easier for users to set up their own authentication methods and mechanism to fetch the credentials. This feature helps with role-based authentication, where users can create temporary AWS credentials, including session tokens. While users can design their own credential provider, they rely on the data source plugin to authenticate requests and return the client. Therefore, it's important to add support for session tokens.

Issues Resolved

Partially resolves #5838, #5696

Screenshot

Testing the changes

Check List

• All tests pass
  • yarn test:jest
  • yarn test:jest_integration
• New functionality includes testing.
• New functionality has been documented.
• Update CHANGELOG.md
• Commits are signed per the DCO using --signoff

[codecov]

Codecov Report

Attention: Patch coverage is 92.85714% with 1 lines in your changes are missing coverage. Please review.

Project coverage is 67.13%. Comparing base (735424b) to head (ade9ac7).
Report is 2 commits behind head on main.

❗ Current head ade9ac7 differs from pull request most recent head 880c9e6. Consider uploading reports for the commit 880c9e6 to get more accurate results

Files	Patch %	Lines
...gins/data_source/server/client/configure_client.ts	66.66%	1 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #6103   +/-   ##
=======================================
  Coverage   67.13%   67.13%           
=======================================
  Files        3324     3324           
  Lines       64318    64327    +9     
  Branches    10344    10345    +1     
=======================================
+ Hits        43178    43185    +7     
- Misses      18617    18618    +1     
- Partials     2523     2524    +1     

Flag	Coverage Δ
Linux_1	31.66% <ø> (ø)
Linux_2	55.23% <ø> (ø)
Linux_3	44.70% <92.85%> (+<0.01%)	⬆️
Linux_4	35.08% <ø> (ø)
Windows_1	31.68% <ø> (ø)
Windows_2	55.20% <ø> (ø)
Windows_3	44.72% <92.85%> (+0.01%)	⬆️
Windows_4	35.08% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[seraphjiang]

@bandinib-amzn would you add a little background why we has to add session token to support AWS Credentials which is missed before.

is it a optional parameter or required?

[bandinib-amzn]

@bandinib-amzn would you add a little background why we has to add session token to support AWS Credentials which is missed before.

is it a optional parameter or required?

Added more details in description. It is optional parameter.

[BionIT]

I would assume we need to use sts to generate the sessionToken, and since session token has limited time, we need to generate it every time we use the IAM cred, will it be addressed in a separate PR?

[bandinib-amzn]

Yes, right. But we are not providing any predefined auth methods in core data source plugin which will generate session token. But user can build their own auth method in plugin or any other component where they can use sts to generate the sessionToken and register auth methods and provides credentials using registerCredentialProvider but as I said in overview, while users can design their own credential provider, they rely on the data source plugin to authenticate requests and return the client. Therefore, it's important to add support for session tokens.

[BionIT]

Got it, thanks!!!