aws · Madrigal · Feb 21, 2025 · Feb 21, 2025 · Feb 21, 2025
@@ -172,17 +172,6 @@ func (p *CredentialsCache) getCreds() (Credentials, bool) {
 	return *c, true
 }
 
-// ProviderSources returns a list of where the underlying credential provider
-// has been sourced, if available. Returns empty if the provider doesn't implement
-// the interface
-func (p *CredentialsCache) ProviderSources() []CredentialSource {
-	asSource, ok := p.provider.(CredentialProviderSource)
-	if !ok {
-		return []CredentialSource{}
-	}
-	return asSource.ProviderSources()
-}
-
 // Invalidate will invalidate the cached credentials. The next call to Retrieve
 // will cause the provider's Retrieve method to be called.
 func (p *CredentialsCache) Invalidate() {

@@ -70,56 +70,6 @@ func (AnonymousCredentials) Retrieve(context.Context) (Credentials, error) {
 		fmt.Errorf("the AnonymousCredentials is not a valid credential provider, and cannot be used to sign AWS requests with")
 }
 
-// CredentialSource is the source of the credential provider.
-// A provider can have multiple credential sources: For example, a provider that reads a profile, calls ECS to
-// get credentials and then assumes a role using STS will have all these as part of its provider chain.
-type CredentialSource int
-
-const (
-	// CredentialSourceUndefined is the sentinel zero value
-	CredentialSourceUndefined CredentialSource = iota
-	// CredentialSourceCode credentials resolved from code, cli parameters, session object, or client instance
-	CredentialSourceCode
-	// CredentialSourceEnvVars credentials resolved from environment variables
-	CredentialSourceEnvVars
-	// CredentialSourceEnvVarsSTSWebIDToken credentials resolved from environment variables for assuming a role with STS using a web identity token
-	CredentialSourceEnvVarsSTSWebIDToken
-	// CredentialSourceSTSAssumeRole credentials resolved from STS using AssumeRole
-	CredentialSourceSTSAssumeRole
-	// CredentialSourceSTSAssumeRoleSaml credentials resolved from STS using assume role with SAML
-	CredentialSourceSTSAssumeRoleSaml
-	// CredentialSourceSTSAssumeRoleWebID credentials resolved from STS using assume role with web identity
-	CredentialSourceSTSAssumeRoleWebID
-	// CredentialSourceSTSFederationToken credentials resolved from STS using a federation token
-	CredentialSourceSTSFederationToken
-	// CredentialSourceSTSSessionToken credentials resolved from STS using a session token 	S
-	CredentialSourceSTSSessionToken
-	// CredentialSourceProfile  credentials resolved from a config file(s) profile with static credentials
-	CredentialSourceProfile
-	// CredentialSourceProfileSourceProfile credentials resolved from a source profile in a config file(s) profile
-	CredentialSourceProfileSourceProfile
-	// CredentialSourceProfileNamedProvider credentials resolved from a named provider in a config file(s) profile (like EcsContainer)
-	CredentialSourceProfileNamedProvider
-	// CredentialSourceProfileSTSWebIDToken  credentials resolved from configuration for assuming a role with STS using web identity token in a config file(s) profile
-	CredentialSourceProfileSTSWebIDToken
-	// CredentialSourceProfileSSO credentials resolved from an SSO session in a config file(s) profile
-	CredentialSourceProfileSSO
-	// CredentialSourceSSO credentials resolved from an SSO session
-	CredentialSourceSSO
-	// CredentialSourceProfileSSOLegacy credentials resolved from an SSO session in a config file(s) profile using legacy format
-	CredentialSourceProfileSSOLegacy
-	// CredentialSourceSSOLegacy credentials resolved from an SSO session using legacy format
-	CredentialSourceSSOLegacy
-	// CredentialSourceProfileProcess credentials resolved from a process in a config file(s) profile
-	CredentialSourceProfileProcess
-	// CredentialSourceProcess credentials resolved from a process
-	CredentialSourceProcess
-	// CredentialSourceHTTP credentials resolved from an HTTP endpoint
-	CredentialSourceHTTP
-	// CredentialSourceIMDS credentials resolved from the instance metadata service (IMDS)
-	CredentialSourceIMDS
-)
-
 // A Credentials is the AWS credentials value for individual credential fields.
 type Credentials struct {
 	// AWS Access key ID
@@ -175,13 +125,6 @@ type CredentialsProvider interface {
 	Retrieve(ctx context.Context) (Credentials, error)
 }
 
-// CredentialProviderSource allows any credential provider to track
-// all providers where a credential provider were sourced. For example, if the credentials came from a
-// call to a role specified in the profile, this method will give the whole breadcrumb trail
-type CredentialProviderSource interface {
-	ProviderSources() []CredentialSource
-}
-
 // CredentialsProviderFunc provides a helper wrapping a function value to
 // satisfy the CredentialsProvider interface.
 type CredentialsProviderFunc func(context.Context) (Credentials, error)

@@ -109,57 +109,8 @@ const (
 	UserAgentFeatureRequestChecksumWhenRequired   = "a"
 	UserAgentFeatureResponseChecksumWhenSupported = "b"
 	UserAgentFeatureResponseChecksumWhenRequired  = "c"
-
-	UserAgentFeatureDynamoDBUserAgent = "d" // not yet implemented
-
-	UserAgentFeatureCredentialsCode                 = "e"
-	UserAgentFeatureCredentialsJvmSystemProperties  = "f" // n/a (this is not a JVM sdk)
-	UserAgentFeatureCredentialsEnvVars              = "g"
-	UserAgentFeatureCredentialsEnvVarsStsWebIDToken = "h"
-	UserAgentFeatureCredentialsStsAssumeRole        = "i"
-	UserAgentFeatureCredentialsStsAssumeRoleSaml    = "j" // not yet implemented
-	UserAgentFeatureCredentialsStsAssumeRoleWebID   = "k"
-	UserAgentFeatureCredentialsStsFederationToken   = "l" // not yet implemented
-	UserAgentFeatureCredentialsStsSessionToken      = "m" // not yet implemented
-	UserAgentFeatureCredentialsProfile              = "n"
-	UserAgentFeatureCredentialsProfileSourceProfile = "o"
-	UserAgentFeatureCredentialsProfileNamedProvider = "p"
-	UserAgentFeatureCredentialsProfileStsWebIDToken = "q"
-	UserAgentFeatureCredentialsProfileSso           = "r"
-	UserAgentFeatureCredentialsSso                  = "s"
-	UserAgentFeatureCredentialsProfileSsoLegacy     = "t"
-	UserAgentFeatureCredentialsSsoLegacy            = "u"
-	UserAgentFeatureCredentialsProfileProcess       = "v"
-	UserAgentFeatureCredentialsProcess              = "w"
-	UserAgentFeatureCredentialsBoto2ConfigFile      = "x" // n/a (this is not boto/Python)
-	UserAgentFeatureCredentialsAwsSdkStore          = "y" // n/a (this is used by .NET based sdk)
-	UserAgentFeatureCredentialsHTTP                 = "z"
-	UserAgentFeatureCredentialsIMDS                 = "0"
 )
 
-var credentialSourceToFeature = map[aws.CredentialSource]UserAgentFeature{
-	aws.CredentialSourceCode:                 UserAgentFeatureCredentialsCode,
-	aws.CredentialSourceEnvVars:              UserAgentFeatureCredentialsEnvVars,
-	aws.CredentialSourceEnvVarsSTSWebIDToken: UserAgentFeatureCredentialsEnvVarsStsWebIDToken,
-	aws.CredentialSourceSTSAssumeRole:        UserAgentFeatureCredentialsStsAssumeRole,
-	aws.CredentialSourceSTSAssumeRoleSaml:    UserAgentFeatureCredentialsStsAssumeRoleSaml,
-	aws.CredentialSourceSTSAssumeRoleWebID:   UserAgentFeatureCredentialsStsAssumeRoleWebID,
-	aws.CredentialSourceSTSFederationToken:   UserAgentFeatureCredentialsStsFederationToken,
-	aws.CredentialSourceSTSSessionToken:      UserAgentFeatureCredentialsStsSessionToken,
-	aws.CredentialSourceProfile:              UserAgentFeatureCredentialsProfile,
-	aws.CredentialSourceProfileSourceProfile: UserAgentFeatureCredentialsProfileSourceProfile,
-	aws.CredentialSourceProfileNamedProvider: UserAgentFeatureCredentialsProfileNamedProvider,
-	aws.CredentialSourceProfileSTSWebIDToken: UserAgentFeatureCredentialsProfileStsWebIDToken,
-	aws.CredentialSourceProfileSSO:           UserAgentFeatureCredentialsProfileSso,
-	aws.CredentialSourceSSO:                  UserAgentFeatureCredentialsSso,
-	aws.CredentialSourceProfileSSOLegacy:     UserAgentFeatureCredentialsProfileSsoLegacy,
-	aws.CredentialSourceSSOLegacy:            UserAgentFeatureCredentialsSsoLegacy,
-	aws.CredentialSourceProfileProcess:       UserAgentFeatureCredentialsProfileProcess,
-	aws.CredentialSourceProcess:              UserAgentFeatureCredentialsProcess,
-	aws.CredentialSourceHTTP:                 UserAgentFeatureCredentialsHTTP,
-	aws.CredentialSourceIMDS:                 UserAgentFeatureCredentialsIMDS,
-}
-
 // RequestUserAgent is a build middleware that set the User-Agent for the request.
 type RequestUserAgent struct {
 	sdkAgent, userAgent *smithyhttp.UserAgentBuilder
@@ -312,14 +263,6 @@ func (u *RequestUserAgent) AddSDKAgentKeyValue(keyType SDKAgentKeyType, key, val
 	u.userAgent.AddKeyValue(keyType.string(), strings.Map(rules, key)+"#"+strings.Map(rules, value))
 }
 
-// AddCredentialsSource adds the credential source as a feature on the User-Agent string
-func (u *RequestUserAgent) AddCredentialsSource(source aws.CredentialSource) {
-	x, ok := credentialSourceToFeature[source]
-	if ok {
-		u.AddUserAgentFeature(x)
-	}
-}
-
 // ID the name of the middleware.
 func (u *RequestUserAgent) ID() string {
 	return "UserAgent"

@@ -89,4 +89,3 @@ software.amazon.smithy.aws.go.codegen.customization.DeprecateService
 software.amazon.smithy.aws.go.codegen.customization.BasicUserAgentFeatures
 software.amazon.smithy.aws.go.codegen.customization.ChecksumMetricsTracking
 software.amazon.smithy.aws.go.codegen.customization.AccountIdEndpointModeUserAgent
-software.amazon.smithy.aws.go.codegen.CredentialSourceFeatureTrackerGenerator