[#367] Enhanced multi-lang AWSCredentialsProvider=... decoder and c…

[stair-aws]

Issue #, if available:
#367

Description of changes:
[#367] Enhanced multi-lang AWSCredentialsProvider=... decoder and construction.

• added support for external ids (issue STSAssumeRoleSessionCredentialsProvider with external ID #367)
• added support for endpoint+region (e.g., STS via VPC)

mvn clean verify yields:

[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Amazon Kinesis Client Library 2.5.2-SNAPSHOT:
[INFO] 
[INFO] Amazon Kinesis Client Library ...................... SUCCESS [  1.018 s]
[INFO] Amazon Kinesis Client Library for Java ............. SUCCESS [14:57 min]
[INFO] amazon-kinesis-client-multilang .................... SUCCESS [ 13.918 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  15:12 min
[INFO] Finished at: 2023-08-03T15:04:21-04:00

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[stair-aws]

With this commit, KCL multi-lang customers should have greater control over the STS provider. For example, a CredentialsProvider string might change from:

AWSCredentialsProvider = STSAssumeRoleSessionCredentialsProvider|<arn>|<sessionName>

... to:

AWSCredentialsProvider = KclSTSAssumeRoleSessionCredentialsProvider|<arn>|<sessionName>|externalId=<eid>

... which satisfies the external id request (issue #367).

Additionally, STS-via-VPC should be accessible via:

AWSCredentialsProvider = KclSTSAssumeRoleSessionCredentialsProvider|<arn>|<sessionName>|endpoint=<url>^<region>

externalId= and endpoint= can also co-exist, in any order. Please see NestedPropertyKeys enum for further details.

[akidambisrinivasan]

Looks good

[stair-aws]

A new simpler option now exists for STS-via-VPC:

AWSCredentialsProvider = KclSTSAssumeRoleSessionCredentialsProvider|<arn>|<sessionName>|endpointRegion=<region>

With this, a Cx only needs to provide the region (e.g., |endpointRegion=us-east-1), and the SDK client will determine the endpoint URL on its own. If Cx need to specify the endpoint and region, the |endpoint=<url>^<region> optional parameter provides more explicit control.

[akidambisrinivasan]

I have a general question, how can customers find out all the supported property kv pairs that can provided to MultiLangDaemon and what the valid values are? I see your detailed javadoc for NestedPropertyKey, but I as a customer would not know to look there unless I read the code. I see MultiLangDaemon has javadoc for the minimum properties that must be passed in.
At the minimum we should add a comment there to look at NestedPropertyKey javadoc to know how to format the value of the AWSCredentialsProvider property.

[akidambisrinivasan]

If this used only for test, can it be in src/test/resources?

[stair-aws]

Absolutely, and the correct thing to do; was an oversight in folder assignment. Thanks!

[akidambisrinivasan]

What is this testing? Just constructor works fine?
Maybe we want to assert constructed instance is not null?

[stair-aws]

What is this testing? Just constructor works fine?

I added Javadoc. Snippet: "catch any issues which might arise if there is a discrepancy between reality and mocking".

Maybe we want to assert constructed instance is not null?

assertNotNull(...) gets marked as redundant because the construction is guaranteed non-null iff an Exception is not thrown.

[akidambisrinivasan]

But if you dont assert and the test throws exception it may not show as failed, isnt it?

[akidambisrinivasan]

I think it does mark the test failed, so this is okay.

[stair-aws]

#1184 (comment)

I have a general question, how can customers find out all the supported property kv pairs that can provided to MultiLangDaemon and what the valid values are? I see your detailed javadoc for NestedPropertyKey, but I as a customer would not know to look there unless I read the code. I see MultiLangDaemon has javadoc for the minimum properties that must be passed in.
At the minimum we should add a comment there to look at NestedPropertyKey javadoc to know how to format the value of the AWSCredentialsProvider property.

Yes, discoverability is an issue. This will be addressed by the following:

1. WIP, PR pending: provide a README-esque doc in this KCL repo
   • PR purposefully kept separate soas not to slow, or impede, the approval+merge of this PR
2. WIP, PR pending: point to this new documentation in https://github.com/awslabs/amazon-kinesis-client-python/
   • We can propagate outward to other KCL multilang variants, but Python is the need-now
3. Being explored: work w/ the AWS docs team to author a top-level doc (e.g., https://docs.aws.amazon.com/streams/latest/dev/kcl-migration.html)

If you have further questions/suggestions about the discovery process, let's bring that conversation internal so I can share more details. I believe we're aligned in wanting to equip our KCL Cx to self-service (and make it easy for Cx to contribute new use cases).