"Add Business Metrics for Credential Providers"

[S-Saranya1]

Adds business metric tracking for credentials.

Motivation and Context

Keeping track of how users are providing credentials to SDKs and which credentials providers are being used is useful. This implementation adds automatic tracking of all 21 credential provider types through User-Agent headers, replacing the legacy cfg/auth-source format with a standardized business metrics system that provides complete visibility into authentication patterns and credential provider chains across AWS applications.

Modifications

This PR adds business metrics support to all these credentials providers:

CREDENTIALS_HTTP(z) - ContainerCredentialsProvider
CREDENTIALS_ENV_VARS(g) - EnvironmentVariableCredentialsProvider
CREDENTIALS_IMDS (0) - InstanceProfileCredentialsProvider
CREDENTIALS_PROCESS(w) - ProcessCredentialsProvider
CREDENTIALS_CODE(e) - Base credentials identifier
CREDENTIALS_JVM_SYSTEM_PROPERTIES (f) - SystemPropertyCredentialsProvider
CREDENTIALS_ENV_VARS_STS_WEB_ID_TOKEN(h) - WebIdentityTokenFileCredentialsProvider
CREDENTIALS_STS_ASSUME_ROLE("i") - StsAssumeRoleCredentialsProvider
CREDENTIALS_STS_ASSUME_ROLE_SAML("j") - StsAssumeRoleWithSamlCredentialsProvider
CREDENTIALS_STS_ASSUME_ROLE_WEB_ID("k") - StsAssumeRoleWithWebIdentityCredentialsProvider
CREDENTIALS_STS_FEDERATION_TOKEN("l") - StsGetFederationTokenCredentialsProvider
CREDENTIALS_STS_SESSION_TOKEN("m") - StsGetSessionTokenCredentialsProvider
CREDENTIALS_PROFILE("n")- ProfileCredentialsProvider
CREDENTIALS_PROFILE_SOURCE_PROFILE("o") - ProfileCredentialsProvider + other providers
CREDENTIALS_PROFILE_NAMED_PROVIDER("p") - ProfileCredentialsProvider + InstanceProfile or ContainerCredentialsProvider
CREDENTIALS_PROFILE_STS_WEB_ID_TOKEN("q") - ProfileCredentialsProvider + StsAssumeRoleWithWebIdentityCredentialsProvider
CREDENTIALS_SSO("s") - SsoCredentialsProvider
CREDENTIALS_PROFILE_SSO("r") - ProfileCredentialsProvider + SsoCredentialsProvider
CREDENTIALS_PROFILE_SSO_LEGACY("t") - ProfileCredentialsProvider + SsoCredentialsProvider
CREDENTIALS_PROFILE_PROCESS("v") - ProfileCredentialsProvider + ProcessCredentialsProvider

Key Changes:

• Added 20 feature IDs for credential provider tracking in BusinessMetricFeatureId.java
• Implemented business metrics emission in all credential providers across the SDK
• Introduces a new public API param source on some builders for credential providers to link more than one metrics value together
• Replaced legacy cfg/auth-source#stat format with standardized business metrics (e.g., m/D,k,h)
• Modified ApplyUserAgentStage.java to emit business metrics instead of cfg/auth-source, updated User-Agent headers to include credential provider chain information
• Changed providerName() methods to return business metric codes instead of class names

Testing

• Added functional tests for most credential providers to verify business metrics emission.
• Couldn't perform unit tests for these credential provider combinations
• (CREDENTIALS_PROFILE_SOURCE_PROFILE, CREDENTIALS_PROFILE_NAMED_PROVIDER, CREDENTIALS_PROFILE_STS_WEB_ID_TOKEN, CREDENTIALS_SSO, CREDENTIALS_PROFILE_SSO, CREDENTIALS_PROFILE_SSO_LEGACY) , so performed one-off integration tests for these scenarios instead.
• Performed integration tests for source propagation scenarios including credential provider chains like o,n,i (Profile → Source Profile → Assume Role) and p,0,i (Profile → Instance Profile → Assume Role).

Screenshots (if appropriate)

Integ test wirelogs-
p,0,i (Profile → Instance Profile → Assume Role).

o,n,i (Profile → Source Profile → Assume Role)

r,s(Profile - SSO)

q,k (profile - WebIdentityToken)

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)

Checklist

• I have read the CONTRIBUTING document
• Local run of mvn install succeeds
• My code follows the code style of this project
• My change requires a change to the Javadoc documentation
• I have updated the Javadoc documentation accordingly
• I have added tests to cover my changes
• All new and existing tests passed
• I have added a changelog entry. Adding a new entry must be accomplished by running the scripts/new-change script and following the instructions. Commit the new file created by the script in .changes/next-release with your changes.
• My change is to implement 1.11 parity feature and I have updated LaunchChangelog

License

• I confirm that this pull request can be released under the Apache 2 license

[sonarqubecloud]

Quality Gate passed

Issues
65 New issues
0 Accepted issues

Measures
0 Security Hotspots
81.8% Coverage on New Code
0.5% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

This pull request has been closed and the conversation has been locked. Comments on closed PRs are hard for our team to see. If you need more assistance, please open a new issue that references this one.