feat: Implement Cognito Credentials Provider

dayaffe · dayaffe · commit cd975eee24a4 · 2025-08-07T10:51:16.000-04:00
diff --git a/AWSSDKSwiftCLI/Tests/AWSSDKSwiftCLITests/Models/PackageManifestBuilderTests.swift b/AWSSDKSwiftCLI/Tests/AWSSDKSwiftCLITests/Models/PackageManifestBuilderTests.swift
@@ -33,6 +33,7 @@ class PackageManifestBuilderTests: XCTestCase {
         let internalAWSSTSDependencies: [Target.Dependency] = []
         let internalAWSSSODependencies: [Target.Dependency] = []
         let internalAWSSSOOIDCDependencies: [Target.Dependency] = []
+        let internalAWSCognitoIdentityDependencies: [Target.Dependency] = []
 
         <contents of base package>
         """
@@ -75,6 +76,7 @@ class PackageManifestBuilderTests: XCTestCase {
         let internalAWSSTSDependencies: [Target.Dependency] = []
         let internalAWSSSODependencies: [Target.Dependency] = []
         let internalAWSSSOOIDCDependencies: [Target.Dependency] = []
+        let internalAWSCognitoIdentityDependencies: [Target.Dependency] = []
 
         <contents of base package>
         """
diff --git a/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/AWSCredentialIdentityResolvers/CognitoAWSCredentialIdentityResolver.swift b/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/AWSCredentialIdentityResolvers/CognitoAWSCredentialIdentityResolver.swift
@@ -16,8 +16,17 @@ import struct Foundation.Date
 @_spi(FileBasedConfig) import AWSSDKCommon
 
 protocol CognitoIdentityClientProtocol {
-    func getId(identityPoolId: String, logins: [String: String]?, region: String) async throws -> String
-    func getCredentialsForIdentity(identityId: String, logins: [String: String]?, region: String) async throws -> AWSCredentialIdentity
+    func getId(
+        identityPoolId: String,
+        logins: [String: String]?,
+        region: String
+    ) async throws -> String
+
+    func getCredentialsForIdentity(
+        identityId: String,
+        logins: [String: String]?,
+        region: String
+    ) async throws -> AWSCredentialIdentity
 }
 
 extension IdentityProvidingCognitoIdentityClient: CognitoIdentityClientProtocol {}
@@ -27,15 +36,15 @@ public actor CognitoAWSCredentialIdentityResolver: AWSCredentialIdentityResolver
     private let config: CognitoCredentialsConfiguration
     private var logins: [String: String]?
     private var cache = CognitoCredentialsCache()
-    private let client: CognitoIdentityClientProtocol
+    private nonisolated let client: CognitoIdentityClientProtocol
 
     public init(
         identityPoolId: String? = nil,
         identityId: String? = nil,
         accountId: String? = nil,
         logins: [String: String]? = nil,
         customRoleArn: String? = nil,
-        cognitoPoolRegion: String? = nil,
+        cognitoPoolRegion: String? = nil
     ) throws {
         self.config = try CognitoCredentialsConfiguration(
             identityPoolId: identityPoolId,
diff --git a/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/IdentityClientProvider/IdentityProvidingCognitoIdentityClient.swift b/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/IdentityClientProvider/IdentityProvidingCognitoIdentityClient.swift
@@ -9,46 +9,43 @@ import Foundation
 import InternalAWSCognitoIdentity
 
 struct IdentityProvidingCognitoIdentityClient: Swift.Sendable {
-    
     func getId(
         identityPoolId: String,
         logins: [String: String]?,
         region: String
     ) async throws -> String {
         let config = try await CognitoIdentityClient.CognitoIdentityClientConfiguration(region: region)
         let client = CognitoIdentityClient(config: config)
-        
         let input = GetIdInput(identityPoolId: identityPoolId, logins: logins)
         let output = try await client.getId(input: input)
-        
+
         guard let identityId = output.identityId else {
             throw AWSCredentialIdentityResolverError.failedToResolveAWSCredentials(
                 "CognitoAWSCredentialIdentityResolver: Failed to get identity ID from Cognito Identity"
             )
         }
-        
+
         return identityId
     }
-    
+
     func getCredentialsForIdentity(
         identityId: String,
         logins: [String: String]?,
         region: String
     ) async throws -> AWSCredentialIdentity {
         let config = try await CognitoIdentityClient.CognitoIdentityClientConfiguration(region: region)
         let client = CognitoIdentityClient(config: config)
-        
         let input = GetCredentialsForIdentityInput(identityId: identityId, logins: logins)
         let output = try await client.getCredentialsForIdentity(input: input)
-        
+
         guard let credentials = output.credentials,
               let accessKey = credentials.accessKeyId,
               let secretKey = credentials.secretKey else {
             throw AWSCredentialIdentityResolverError.failedToResolveAWSCredentials(
                 "CognitoAWSCredentialIdentityResolver: Failed to get credentials from Cognito Identity"
             )
         }
-        
+
         return AWSCredentialIdentity(
             accessKey: accessKey,
             secret: secretKey,
