feat(credential-provider-imds): source accountId from IMDS

.changeset/stale-ladybugs-reflect.md

@@ -0,0 +1,5 @@
+---
+"@smithy/credential-provider-imds": minor
+---
+
+sources accountId from IMDS

packages/credential-provider-imds/src/remoteProvider/ImdsCredentials.spec.ts

@@ -7,11 +7,15 @@ const creds: ImdsCredentials = Object.freeze({
   SecretAccessKey: "bar",
   Token: "baz",
   Expiration: new Date().toISOString(),
+  AccountId: "123456789012",
 });
 
 describe("isImdsCredentials", () => {
   it("should accept valid ImdsCredentials objects", () => {
     expect(isImdsCredentials(creds)).toBe(true);
+    const { AccountId, ...credsWithoutAccountId } = creds;
+    expect(AccountId).toBe("123456789012");
+    expect(isImdsCredentials(credsWithoutAccountId)).toBe(true);
   });
 
   it("should reject credentials without an AccessKeyId", () => {
@@ -44,5 +48,22 @@ describe("fromImdsCredentials", () => {
     expect(converted.secretAccessKey).toEqual(creds.SecretAccessKey);
     expect(converted.sessionToken).toEqual(creds.Token);
     expect(converted.expiration).toEqual(new Date(creds.Expiration));
+    expect(converted.accountId).toEqual(creds.AccountId);
+  });
+
+  it("should convert IMDS credentials to a credentials object without accountId when it's not provided", () => {
+    const credsWithoutAccountId: ImdsCredentials = {
+      AccessKeyId: "foo",
+      SecretAccessKey: "bar",
+      Token: "baz",
+      Expiration: new Date().toISOString(),
+      // AccountId is omitted
+    };
+    const converted: AwsCredentialIdentity = fromImdsCredentials(credsWithoutAccountId);
+    expect(converted.accessKeyId).toEqual(credsWithoutAccountId.AccessKeyId);
+    expect(converted.secretAccessKey).toEqual(credsWithoutAccountId.SecretAccessKey);
+    expect(converted.sessionToken).toEqual(credsWithoutAccountId.Token);
+    expect(converted.expiration).toEqual(new Date(credsWithoutAccountId.Expiration));
+    expect(converted.accountId).toBeUndefined(); // Verify accountId is undefined
   });
 });

packages/credential-provider-imds/src/remoteProvider/ImdsCredentials.ts

@@ -8,6 +8,7 @@ export interface ImdsCredentials {
   SecretAccessKey: string;
   Token: string;
   Expiration: string;
+  AccountId?: string;
 }
 
 /**
@@ -29,4 +30,5 @@ export const fromImdsCredentials = (creds: ImdsCredentials): AwsCredentialIdenti
   secretAccessKey: creds.SecretAccessKey,
   sessionToken: creds.Token,
   expiration: new Date(creds.Expiration),
+  ...(creds.AccountId && { accountId: creds.AccountId }),
 });