Fix STS client configuration (#14)

* Remove some deps and update ruby version
* Explicitly configure STS client credentials

.ruby-version

@@ -1 +1 @@
-2.7.4
+3.2.0

Gemfile.lock

@@ -12,14 +12,8 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (7.0.2.3)
-      concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 1.6, < 2)
-      minitest (>= 5.1)
-      tzinfo (~> 2.0)
     addressable (2.8.0)
       public_suffix (>= 2.0.2, < 5.0)
-    awesome_print (1.9.2)
     aws-eventstream (1.2.0)
     aws-partitions (1.664.0)
     aws-sdk-core (3.168.1)
@@ -29,9 +23,6 @@ GEM
       jmespath (~> 1, >= 1.6.1)
     aws-sigv4 (1.5.2)
       aws-eventstream (~> 1, >= 1.0.2)
-    byebug (11.1.3)
-    coderay (1.1.3)
-    concurrent-ruby (1.1.10)
     crack (0.4.5)
       rexml
     diff-lcs (1.5.0)
@@ -63,19 +54,9 @@ GEM
       faraday (~> 1.0)
     hashdiff (1.0.1)
     httpclient (2.8.3)
-    i18n (1.10.0)
-      concurrent-ruby (~> 1.0)
     jmespath (1.6.1)
-    method_source (1.0.0)
-    minitest (5.15.0)
     multi_xml (0.6.0)
     multipart-post (2.2.3)
-    pry (0.13.1)
-      coderay (~> 1.1)
-      method_source (~> 1.0)
-    pry-byebug (3.9.0)
-      byebug (~> 11.0)
-      pry (~> 0.13.0)
     public_suffix (4.0.6)
     rake (13.0.6)
     rexml (3.2.5)
@@ -94,8 +75,6 @@ GEM
     rspec-support (3.11.0)
     ruby2_keywords (0.0.5)
     timecop (0.9.5)
-    tzinfo (2.0.4)
-      concurrent-ruby (~> 1.0)
     webmock (3.14.0)
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
@@ -105,11 +84,8 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
-  activesupport
   amazon_sp_clients!
-  awesome_print
   dotenv
-  pry-byebug
   rake
   rspec
   timecop

amazon_sp_clients.gemspec

@@ -36,11 +36,8 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'multi_xml'
 
   spec.add_development_dependency 'rake'
-  spec.add_development_dependency 'activesupport'
   spec.add_development_dependency 'rspec'
   spec.add_development_dependency 'webmock'
-  spec.add_development_dependency 'pry-byebug'
   spec.add_development_dependency 'dotenv'
-  spec.add_development_dependency 'awesome_print'
   spec.add_development_dependency 'timecop'
 end

bin/rake

@@ -0,0 +1,27 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+# This file was generated by Bundler.
+#
+# The application 'rake' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
+
+bundle_binstub = File.expand_path("bundle", __dir__)
+
+if File.file?(bundle_binstub)
+  if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/
+    load(bundle_binstub)
+  else
+    abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
+Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
+  end
+end
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("rake", "rake")

bin/rspec

@@ -0,0 +1,27 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+# This file was generated by Bundler.
+#
+# The application 'rspec' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
+
+bundle_binstub = File.expand_path("bundle", __dir__)
+
+if File.file?(bundle_binstub)
+  if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/
+    load(bundle_binstub)
+  else
+    abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
+Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
+  end
+end
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("rspec-core", "rspec")

lib/amazon_sp_clients/session.rb

@@ -14,7 +14,7 @@ class Session
       },
     }.freeze
 
-    attr_reader :access_token, :role_credentials, :restricted_data_token
+    attr_reader :access_token, :restricted_data_token, :session_client, :role_credentials
 
     def initialize(config = Configuration.default)
       @config = config
@@ -35,21 +35,19 @@ def initialize(config = Configuration.default)
     end
 
     def init_credentials_provider
-      @session_client =
-        Aws::STS::Client.new(
-          region: @config.region,
-          access_key_id: @config.access_key,
-          secret_access_key: @config.secret_key,
-        )
-
-      # The documentation claim that this client is self refreshing
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/AssumeRoleCredentials.html
+      @session_client = Aws::STS::Client.new(
+        credentials: Aws::Credentials.new(@config.access_key, @config.secret_key),
+        region: @config.region,
+      )
+
       @role_credentials =
         Aws::AssumeRoleCredentials.new(
           client: @session_client,
           role_arn: @config.role_arn,
           role_session_name: 'SPAPISession',
         )
+
       rescue => e
         raise Faraday::ForbiddenError.new(e.message, { service: 'sts', request: {}, response: {} })
     end

spec/amazon_sp_clients_spec.rb

@@ -2,10 +2,8 @@
 require 'webmock/rspec'
 require 'logger'
 require 'dotenv/load'
-require 'awesome_print'
 require 'timecop'
 require 'ostruct'
-require 'pry-byebug'
 
 require 'amazon_sp_clients/sp_orders_v0'
 require 'amazon_sp_clients/sp_tokens_2021'
@@ -85,7 +83,7 @@ def restricted_data_token
         ).to_return(status: 200, body: '{"payload":{}}', headers: { 'x-amzn-RateLimit-Limit' => '0.2' })
 
         refresh_token = ENV['AMZ_REFRESH_TOKEN'] || 'REFRESH_TOKEN'
-        session, err = AmazonSpClients.new_session(refresh_token)
+        session = AmazonSpClients.new_session(refresh_token)
 
         orders_api = AmazonSpClients::SpOrdersV0::OrdersV0Api.new(session)
         order_resp = orders_api.get_order('marketplace_id', auth_names: [:orders])
@@ -227,4 +225,31 @@ def restricted_data_token
       end
     end
   end
+
+  describe 'aws credentials' do
+    before do
+      Aws.config.update(credentials: Aws::Credentials.new('bogus', 'bogus'), region: 'bogus')
+    end
+
+    it 'initializes sts client with correct credentials' do
+      stub_request(:post, 'https://sts.us-east-1.amazonaws.com/').to_return(
+        status: 200,
+        body: fixture('sts_200_response.xml'),
+      )
+
+      stub_request(:post, 'https://api.amazon.com/auth/o2/token').to_return(
+        status: 200,
+        body: fixture('token_success.json'),
+      )
+
+      refresh_token = ENV['AMZ_REFRESH_TOKEN'] || 'REFRESH_TOKEN'
+      session = AmazonSpClients.new_session(refresh_token)
+
+      expect(session.role_credentials.client.config.credentials.access_key_id)
+        .to eq(AmazonSpClients.configure.access_key)
+
+      expect(session.role_credentials.client.config.credentials.secret_access_key)
+        .to eq(AmazonSpClients.configure.secret_key)
+    end
+  end
 end