From 8ce5d4dbd21d676049ad3a092a3b738a8afcc3a8 Mon Sep 17 00:00:00 2001
From: Stephen Wakely <fungus.humungus@gmail.com>
Date: Thu, 11 Apr 2024 12:33:30 +0100
Subject: [PATCH] Use http client when building assume role for AccessKey.

Signed-off-by: Stephen Wakely <fungus.humungus@gmail.com>
---
 src/aws/auth.rs | 61 +++++++++++++++++++++++++++++++++----------------
 1 file changed, 41 insertions(+), 20 deletions(-)

diff --git a/src/aws/auth.rs b/src/aws/auth.rs
index b975c2a51d02c..842dfaf3e1051 100644
--- a/src/aws/auth.rs
+++ b/src/aws/auth.rs
@@ -206,6 +206,33 @@ impl AwsAuthentication {
         }
     }
 
+    /// Create the AssumeRoleProviderBuilder, ensuring we create the HTTP client with
+    /// the correct proxy and TLS options.
+    fn assume_role_provider_builder(
+        proxy: &ProxyConfig,
+        tls_options: &Option<TlsConfig>,
+        region: &Region,
+        assume_role: &str,
+        external_id: Option<&str>,
+    ) -> crate::Result<AssumeRoleProviderBuilder> {
+        let connector = super::connector(proxy, tls_options)?;
+        let config = SdkConfig::builder()
+            .http_client(connector)
+            .region(region.clone())
+            .time_source(SystemTimeSource::new())
+            .build();
+
+        let mut builder = AssumeRoleProviderBuilder::new(assume_role)
+            .region(region.clone())
+            .configure(&config);
+
+        if let Some(external_id) = external_id {
+            builder = builder.external_id(external_id)
+        }
+
+        Ok(builder)
+    }
+
     /// Returns the provider for the credentials based on the authentication mechanism chosen.
     pub async fn credentials_provider(
         &self,
@@ -228,12 +255,13 @@ impl AwsAuthentication {
                 ));
                 if let Some(assume_role) = assume_role {
                     let auth_region = region.clone().map(Region::new).unwrap_or(service_region);
-                    let mut builder =
-                        AssumeRoleProviderBuilder::new(assume_role).region(auth_region);
-
-                    if let Some(external_id) = external_id {
-                        builder = builder.external_id(external_id)
-                    }
+                    let builder = Self::assume_role_provider_builder(
+                        proxy,
+                        tls_options,
+                        &auth_region,
+                        assume_role,
+                        external_id.as_deref(),
+                    )?;
 
                     let provider = builder.build_from_provider(provider).await;
 
@@ -264,20 +292,13 @@ impl AwsAuthentication {
                 ..
             } => {
                 let auth_region = region.clone().map(Region::new).unwrap_or(service_region);
-                let connector = super::connector(proxy, tls_options)?;
-                let config = SdkConfig::builder()
-                    .http_client(connector)
-                    .region(auth_region.clone())
-                    .time_source(SystemTimeSource::new())
-                    .build();
-
-                let mut builder = AssumeRoleProviderBuilder::new(assume_role)
-                    .region(auth_region.clone())
-                    .configure(&config);
-
-                if let Some(external_id) = external_id {
-                    builder = builder.external_id(external_id)
-                }
+                let builder = Self::assume_role_provider_builder(
+                    proxy,
+                    tls_options,
+                    &auth_region,
+                    assume_role,
+                    external_id.as_deref(),
+                )?;
 
                 let provider = builder
                     .build_from_provider(