From 2aad3fb80381117ad700ca106f0a55056126f427 Mon Sep 17 00:00:00 2001
From: arr <ryan.despain@pura.com>
Date: Mon, 7 Apr 2025 17:11:23 -0600
Subject: [PATCH 1/6] add sso and ssooidc dependencies to the base pom, similar
 to sts

---
 flink-connector-aws-base/pom.xml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/flink-connector-aws-base/pom.xml b/flink-connector-aws-base/pom.xml
index 70edd033..0237e9b4 100644
--- a/flink-connector-aws-base/pom.xml
+++ b/flink-connector-aws-base/pom.xml
@@ -68,6 +68,16 @@ under the License.
             <artifactId>sts</artifactId>
         </dependency>
 
+        <dependency>
+            <groupId>software.amazon.awssdk</groupId>
+            <artifactId>sso</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>software.amazon.awssdk</groupId>
+            <artifactId>ssooidc</artifactId>
+        </dependency>
+
         <!-- Test dependencies -->
         <dependency>
             <groupId>org.testcontainers</groupId>

From 65ac91396046d0859bf1b4b4e81eb888db1f1104 Mon Sep 17 00:00:00 2001
From: "arr (aider)" <ryan.despain@pura.com>
Date: Wed, 16 Apr 2025 17:57:17 -0600
Subject: [PATCH 2/6] fix: Remove unsupported 'allowUndeclaredRTE' property
 from Checkstyle config

---
 tools/maven/checkstyle.xml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/tools/maven/checkstyle.xml b/tools/maven/checkstyle.xml
index 29ff1165..c858c899 100644
--- a/tools/maven/checkstyle.xml
+++ b/tools/maven/checkstyle.xml
@@ -267,7 +267,6 @@ This file is based on the checkstyle file of Apache Beam.
 			<property name="allowMissingReturnTag" value="true"/>
 			<property name="allowMissingThrowsTags" value="true"/>
 			<property name="allowThrowsTagsForSubclasses" value="true"/>
-			<property name="allowUndeclaredRTE" value="true"/>
 			<!-- This check sometimes failed for with "Unable to get class information for @throws tag" for custom exceptions -->
 			<property name="suppressLoadErrors" value="true"/>
 		</module>

From 60d4bfcfbba38d19657573e2566bfe80b56a6c59 Mon Sep 17 00:00:00 2001
From: arr <ryan.despain@pura.com>
Date: Thu, 17 Apr 2025 10:14:52 -0600
Subject: [PATCH 3/6] add a test... but i think an e2e test is really the only
 thing to test the SSO stuff... but maybe this is valuable?

---
 .../aws/util/AWSGeneralUtilTest.java          | 43 +++++++++++++++++++
 1 file changed, 43 insertions(+)

diff --git a/flink-connector-aws-base/src/test/java/org/apache/flink/connector/aws/util/AWSGeneralUtilTest.java b/flink-connector-aws-base/src/test/java/org/apache/flink/connector/aws/util/AWSGeneralUtilTest.java
index 9cc12ca3..5ac72e3c 100644
--- a/flink-connector-aws-base/src/test/java/org/apache/flink/connector/aws/util/AWSGeneralUtilTest.java
+++ b/flink-connector-aws-base/src/test/java/org/apache/flink/connector/aws/util/AWSGeneralUtilTest.java
@@ -26,6 +26,7 @@
 import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
 import software.amazon.awssdk.auth.credentials.EnvironmentVariableCredentialsProvider;
 import software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider;
+import software.amazon.awssdk.auth.credentials.ProfileProviderCredentialsContext;
 import software.amazon.awssdk.auth.credentials.SystemPropertyCredentialsProvider;
 import software.amazon.awssdk.auth.credentials.WebIdentityTokenFileCredentialsProvider;
 import software.amazon.awssdk.core.exception.SdkClientException;
@@ -34,11 +35,16 @@
 import software.amazon.awssdk.http.async.SdkAsyncHttpClient;
 import software.amazon.awssdk.http.nio.netty.NettyNioAsyncHttpClient;
 import software.amazon.awssdk.http.nio.netty.internal.NettyConfiguration;
+import software.amazon.awssdk.profiles.Profile;
+import software.amazon.awssdk.profiles.ProfileFile;
 import software.amazon.awssdk.regions.Region;
+import software.amazon.awssdk.services.sso.auth.SsoProfileCredentialsProviderFactory;
 import software.amazon.awssdk.services.sts.auth.StsAssumeRoleCredentialsProvider;
 import software.amazon.awssdk.utils.AttributeMap;
 import software.amazon.awssdk.utils.ImmutableMap;
+import software.amazon.awssdk.utils.StringInputStream;
 
+import java.io.IOException;
 import java.net.URI;
 import java.nio.file.Paths;
 import java.time.Duration;
@@ -952,4 +958,41 @@ void testNewInstanceOfDefaultCredentialsProviderCreatedForEachClient() {
 
         return builder;
     }
+
+  @Test
+  void testGetCredentialsProviderReturnsSsoProviderForSsoProfile() throws IOException {
+    String profileName = "my-sso-profile";
+    String ssoStartUrl = "https://my-dummy-sso-portal.awsapps.com/start";
+    String ssoRegion = "us-east-1";
+    String ssoAccountId = "123456789012";
+    String ssoRoleName = "MyTestRole";
+
+    String configFileContent =
+      "[profile " + profileName + "]\n"
+        + "sso_start_url = " + ssoStartUrl + "\n"
+        + "sso_region = " + ssoRegion + "\n"
+        + "sso_account_id = " + ssoAccountId + "\n"
+        + "sso_role_name = " + ssoRoleName + "\n"
+        + "region = " + ssoRegion + "\n";
+
+    ProfileFile profileFile = ProfileFile.builder()
+      .content(new StringInputStream(configFileContent))
+      .type(ProfileFile.Type.CONFIGURATION)
+      .build();
+
+    Profile profile = profileFile.profile(profileName).orElseThrow();
+
+    ProfileProviderCredentialsContext context = ProfileProviderCredentialsContext.builder()
+      .profile(profile)
+      .profileFile(profileFile)
+      .build();
+
+    SsoProfileCredentialsProviderFactory factory = new SsoProfileCredentialsProviderFactory();
+
+    assertThatThrownBy(() -> factory.create(context))
+      .isInstanceOf(java.io.UncheckedIOException.class)
+      .hasRootCauseInstanceOf(java.nio.file.NoSuchFileException.class)
+      .hasMessageContaining(".aws/sso/cache/");
+  }
+
 }

From e516173f9ad4c73b140effad15757631cd17e400 Mon Sep 17 00:00:00 2001
From: arr <ryan.despain@pura.com>
Date: Thu, 17 Apr 2025 11:30:09 -0600
Subject: [PATCH 4/6] whoops, removed this to try and fix an error

---
 flink-connector-aws-base/pom.xml | 8 ++++++++
 tools/maven/checkstyle.xml       | 1 +
 2 files changed, 9 insertions(+)

diff --git a/flink-connector-aws-base/pom.xml b/flink-connector-aws-base/pom.xml
index 0237e9b4..92dc2fe7 100644
--- a/flink-connector-aws-base/pom.xml
+++ b/flink-connector-aws-base/pom.xml
@@ -126,6 +126,14 @@ under the License.
                     </execution>
                 </executions>
             </plugin>
+          <plugin>
+            <groupId>org.apache.maven.plugins</groupId>
+            <artifactId>maven-compiler-plugin</artifactId>
+            <configuration>
+              <source>10</source>
+              <target>10</target>
+            </configuration>
+          </plugin>
         </plugins>
     </build>
 </project>
diff --git a/tools/maven/checkstyle.xml b/tools/maven/checkstyle.xml
index c858c899..29ff1165 100644
--- a/tools/maven/checkstyle.xml
+++ b/tools/maven/checkstyle.xml
@@ -267,6 +267,7 @@ This file is based on the checkstyle file of Apache Beam.
 			<property name="allowMissingReturnTag" value="true"/>
 			<property name="allowMissingThrowsTags" value="true"/>
 			<property name="allowThrowsTagsForSubclasses" value="true"/>
+			<property name="allowUndeclaredRTE" value="true"/>
 			<!-- This check sometimes failed for with "Unable to get class information for @throws tag" for custom exceptions -->
 			<property name="suppressLoadErrors" value="true"/>
 		</module>

From c9873457a4b343ffb1eff81a8381fae7d4f477ff Mon Sep 17 00:00:00 2001
From: arr <ryan.despain@pura.com>
Date: Thu, 17 Apr 2025 11:31:30 -0600
Subject: [PATCH 5/6] grr, IDEA added this plugin...

---
 flink-connector-aws-base/pom.xml | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/flink-connector-aws-base/pom.xml b/flink-connector-aws-base/pom.xml
index 92dc2fe7..0237e9b4 100644
--- a/flink-connector-aws-base/pom.xml
+++ b/flink-connector-aws-base/pom.xml
@@ -126,14 +126,6 @@ under the License.
                     </execution>
                 </executions>
             </plugin>
-          <plugin>
-            <groupId>org.apache.maven.plugins</groupId>
-            <artifactId>maven-compiler-plugin</artifactId>
-            <configuration>
-              <source>10</source>
-              <target>10</target>
-            </configuration>
-          </plugin>
         </plugins>
     </build>
 </project>

From f9c8ed41b28f01474c6f23bc6ea4c15137f59692 Mon Sep 17 00:00:00 2001
From: arr <ryan.despain@pura.com>
Date: Fri, 25 Apr 2025 12:38:39 -0600
Subject: [PATCH 6/6] rename the test

---
 .../apache/flink/connector/aws/util/AWSGeneralUtilTest.java    | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/flink-connector-aws-base/src/test/java/org/apache/flink/connector/aws/util/AWSGeneralUtilTest.java b/flink-connector-aws-base/src/test/java/org/apache/flink/connector/aws/util/AWSGeneralUtilTest.java
index 5ac72e3c..3226c200 100644
--- a/flink-connector-aws-base/src/test/java/org/apache/flink/connector/aws/util/AWSGeneralUtilTest.java
+++ b/flink-connector-aws-base/src/test/java/org/apache/flink/connector/aws/util/AWSGeneralUtilTest.java
@@ -960,7 +960,7 @@ void testNewInstanceOfDefaultCredentialsProviderCreatedForEachClient() {
     }
 
   @Test
-  void testGetCredentialsProviderReturnsSsoProviderForSsoProfile() throws IOException {
+  void testSsoProfileCredentialsThrowsExceptionWhenCacheFileIsMissing() throws IOException {
     String profileName = "my-sso-profile";
     String ssoStartUrl = "https://my-dummy-sso-portal.awsapps.com/start";
     String ssoRegion = "us-east-1";
@@ -988,7 +988,6 @@ void testGetCredentialsProviderReturnsSsoProviderForSsoProfile() throws IOExcept
       .build();
 
     SsoProfileCredentialsProviderFactory factory = new SsoProfileCredentialsProviderFactory();
-
     assertThatThrownBy(() -> factory.create(context))
       .isInstanceOf(java.io.UncheckedIOException.class)
       .hasRootCauseInstanceOf(java.nio.file.NoSuchFileException.class)