update docs for credential provider

amazon-kinesis-client-multilang/src/main/java/software/amazon/kinesis/multilang/MultiLangDaemon.java

@@ -61,7 +61,7 @@ import software.amazon.kinesis.coordinator.Scheduler;
  * applicationName = PythonKCLSample
  *
  * # Users can change the credentials provider the KCL will use to retrieve credentials.
- * # The DefaultAWSCredentialsProviderChain checks several other providers, which is
+ * # The DefaultCredentialsProvider checks several other providers, which is
  * # described here:
  * # https://sdk.amazonaws.com/java/api/2.0.0-preview-11/software/amazon/awssdk/auth/credentials/DefaultCredentialsProvider.html
  * AwsCredentialsProvider = DefaultCredentialsProvider

amazon-kinesis-client-multilang/src/test/java/software/amazon/kinesis/multilang/config/AWSCredentialsProviderPropertyValueDecoderTest.java

@@ -25,6 +25,7 @@ import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
 import software.amazon.awssdk.auth.credentials.AwsCredentials;
 import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
 import software.amazon.awssdk.auth.credentials.AwsCredentialsProviderChain;
+import software.amazon.awssdk.services.sts.auth.StsAssumeRoleCredentialsProvider;
 import software.amazon.kinesis.multilang.auth.KclStsAssumeRoleCredentialsProvider;
 
 import static org.hamcrest.CoreMatchers.equalTo;
@@ -40,6 +41,7 @@ public class AWSCredentialsProviderPropertyValueDecoderTest {
 
     private final String credentialName1 = AlwaysSucceedCredentialsProvider.class.getName();
     private final String credentialName2 = ConstructorCredentialsProvider.class.getName();
+    private final String createCredentialClass = CreateProvider.class.getName();
     private final AwsCredentialsProviderPropertyValueDecoder decoder = new AwsCredentialsProviderPropertyValueDecoder();
 
     @ToString
@@ -119,13 +121,32 @@ public class AWSCredentialsProviderPropertyValueDecoderTest {
     public void testKclAuthProvider() {
         for (final String className : Arrays.asList(
                 KclStsAssumeRoleCredentialsProvider.class.getName(), // fully-qualified name
-                KclStsAssumeRoleCredentialsProvider.class.getSimpleName() // name-only; needs prefix
+                KclStsAssumeRoleCredentialsProvider.class.getSimpleName(), // name-only; needs prefix
-                )) {
+                StsAssumeRoleCredentialsProvider.class.getName(), // user passes full sts package path
+                StsAssumeRoleCredentialsProvider.class.getSimpleName())) {
             final AwsCredentialsProvider provider = decoder.decodeValue(className + "|arn|sessionName");
             assertNotNull(className, provider);
         }
     }
 
+    /**
+     * Test that OneArgCreateProvider in the SDK v2 can process a create() method
+     */
+    @Test
+    public void testEmptyCreateProvider() {
+        AwsCredentialsProvider provider = decoder.decodeValue(createCredentialClass);
+        assertThat(provider, hasCredentials(TEST_ACCESS_KEY_ID, TEST_SECRET_KEY));
+    }
+
+    /**
+     * Test that OneArgCreateProvider in the SDK v2 can process a create(arg1) method
+     */
+    @Test
+    public void testOneArgCreateProvider() {
+        AwsCredentialsProvider provider = decoder.decodeValue(createCredentialClass + "|testCreateProperty");
+        assertThat(provider, hasCredentials("testCreateProperty", TEST_SECRET_KEY));
+    }
+
     /**
      * Test that a provider can be instantiated by its varargs constructor.
      */
@@ -189,4 +210,27 @@ public class AWSCredentialsProviderPropertyValueDecoderTest {
             return AwsBasicCredentials.create(flattenedArgs, flattenedArgs);
         }
     }
+    /**
+     * Credentials provider to test AWS SDK v2 create() methods for providers like ProfileCredentialsProvider
+     */
+    public static class CreateProvider implements AwsCredentialsProvider {
+        private String accessKeyId;
+
+        private CreateProvider(String accessKeyId) {
+            this.accessKeyId = accessKeyId;
+        }
+
+        public static CreateProvider create() {
+            return new CreateProvider(TEST_ACCESS_KEY_ID);
+        }
+
+        public static CreateProvider create(String accessKeyId) {
+            return new CreateProvider(accessKeyId);
+        }
+
+        @Override
+        public AwsCredentials resolveCredentials() {
+            return AwsBasicCredentials.create(accessKeyId, TEST_SECRET_KEY);
+        }
+    }
 }

docs/multilang/configuring-credential-providers.md

@@ -8,24 +8,33 @@ This document should help multilang customers configure a suitable `CredentialPr
 
 ## Sample Provider Configuration
 
-In a Properties file, an `AWSCredentialsProperty` configuration might look like:
+In a Properties file, an `AwsCredentialsProperty` configuration might look like:
 ```
-AWSCredentialsProvider = STSAssumeRoleSessionCredentialsProvider|<arn>|<sessionName> 
+AwsCredentialsProvider = StsAssumeRoleCredentialsProvider|<arn>|<sessionName> 
 ```
-This basic configuration creates an [STSAssumeRoleSessionCredentialsProvider][sts-assume-provider] with an ARN and session name.
+This basic configuration creates an [StsAssumeRoleCredentialsProvider][sts-assume-provider] with an ARN and session name.
+
+The providers generated by this config property will be [AWS SDK v2 AwsCredentialsProviders][aws-credentials-provider].
+These differ from the SDK v1 AWSCredentialsProviders in a number of ways. See [Credentials Provider Changes][credentials-provider-changes].
+
 While functional, this configuration is limited.
 For example, this configuration cannot set a regional endpoint (e.g., VPC use case).
 
-Leveraging nested properties, an `AWSCredentialsProperty` value might change to:
+Leveraging nested properties, an `AwsCredentialsProperty` value might change to:
 ```
-AWSCredentialsProvider = KclSTSAssumeRoleSessionCredentialsProvider|<arn>|<sessionName>\
+AwsCredentialsProvider = KclSTSAssumeRoleSessionCredentialsProvider|<arn>|<sessionName>\
     |endpointRegion=us-east-1|externalId=spartacus
 ```
 N.B. Backslash (`\`) is for multi-line legibility and is not required.
 
+You can create a default [DefaultCredentialsProvider][default-credentials-provider] by passing it in the config like:
+```
+AwsCredentialsProvider = DefaultCredentialsProvider
+```
+
 ## Nested Properties
 
-KCL multilang supports "nested properties" on the `AWSCredentialsProvider` key in the properties file.
+KCL multilang supports "nested properties" on the `AwsCredentialsProvider` key in the properties file.
 The [Backus-Naur form][bnf] of the value:
 ```
 <property-value> ::= <provider-class> ["|" <required-param>]* ["|" <nested-property>]*
@@ -36,8 +45,9 @@ The [Backus-Naur form][bnf] of the value:
 <nested-value ::= <string> # this depends on the nested key
 ```
 
-In general, required parameters are passed directly to the class' constructor
+In general, required parameters are passed directly to the class' constructor or .create() method
-(e.g., [STSAssumeRoleSessionCredentialsProvider(String, String)][sts-assume-provider-constructor]).
+(e.g., [ProfileCredentialsProvider(String)][profile-credentials-provider-create]). However, most of these providers
+require builders and will require a custom implementation similar to `KclStsAssumeRoleCredentialsProvider` for customization
 
 Nested properties are a custom mapping provided by KCL multilang, and do not exist in the AWS SDK.
 See [NestedPropertyKey][nested-property-key] for the supported keys, and details on their expected values.
@@ -54,18 +64,27 @@ A backwards-compatible addition might look like:
     }
 ```
 
-### KclSTSAssumeRoleSessionCredentialsProvider
+Leveraging nested properties, an `AwsCredentialsProperty` value might look like:
-
-KCL multilang includes a [custom nested property processor for `STSAssumeRole`][kcl-sts-provider].
-Multilang configurations that use `STSAssumeRoleSessionCredentialsProvider` need only prefix `Kcl` to exercise this new provider:
 ```
-AWSCredentialsProvider = KclSTSAssumeRoleSessionCredentialsProvider|<arn>|<sessionName>
+AwsCredentialsProvider = KclSTSAssumeRoleSessionCredentialsProvider|<arn>|<sessionName>\
+    |endpointRegion=us-east-1|externalId=spartacus
+```
+
+N.B. Backslash (`\`) is for multi-line legibility and is not required.
+### KclStsAssumeRoleCredentialsProvider
+
+KCL multilang includes a [custom nested property processor for `StsAssumeRole`][kcl-sts-provider].
+Multilang configurations that use `StsAssumeRoleSessionCredentialsProvider` need only prefix `Kcl` to exercise this new provider:
+```
+AwsCredentialsProvider = KclStsAssumeRoleCredentialsProvider|<arn>|<sessionName>
 ```
 
 [aws-credentials-provider]: https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/auth/credentials/AwsCredentialsProvider.html
 [bnf]: https://en.wikipedia.org/wiki/Backus%E2%80%93Naur_form
-[kcl-sts-provider]: /amazon-kinesis-client-multilang/src/main/java/software/amazon/kinesis/multilang/auth/KclSTSAssumeRoleSessionCredentialsProvider.java
+[kcl-sts-provider]: /amazon-kinesis-client-multilang/src/main/java/software/amazon/kinesis/multilang/auth/KclStsAssumeRoleCredentialsProvider.java
 [nested-property-key]: /amazon-kinesis-client-multilang/src/main/java/software/amazon/kinesis/multilang/NestedPropertyKey.java
 [nested-property-processor]: /amazon-kinesis-client-multilang/src/main/java/software/amazon/kinesis/multilang/NestedPropertyProcessor.java
-[sts-assume-provider]: https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/STSAssumeRoleSessionCredentialsProvider.html
+[sts-assume-provider]: https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/sts/auth/StsAssumeRoleCredentialsProvider.html
-[sts-assume-provider-constructor]: https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/STSAssumeRoleSessionCredentialsProvider.html#STSAssumeRoleSessionCredentialsProvider-java.lang.String-java.lang.String-
+[profile-credentials-provider-create]: https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/auth/credentials/ProfileCredentialsProvider.html#create(java.lang.String)
+[default-credentials-provider]: https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/auth/credentials/DefaultCredentialsProvider.html
+[credentials-provider-changes]: https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/migration-client-credentials.html