Merge pull request #35860 from hashicorp/b-caller_identity_data_sourc…

…e_sts
hashicorp · Feb 16, 2024 · c7a8936 · c7a8936
2 parents 7b43a54 + cf6dfcb
commit c7a8936
Show file tree

Hide file tree

Showing 3 changed files with 53 additions and 1 deletion.
diff --git a/.changelog/35860.txt b/.changelog/35860.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+data-source/aws_caller_identity: Fix authentication signature error when alternate `sts_region` is specified
+```
diff --git a/internal/service/sts/caller_identity_data_source_test.go b/internal/service/sts/caller_identity_data_source_test.go
@@ -4,10 +4,13 @@
 package sts_test
 
 import (
+	"fmt"
+	"os"
 	"testing"
 
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
 	"github.com/hashicorp/terraform-provider-aws/internal/acctest"
+	"github.com/hashicorp/terraform-provider-aws/internal/envvar"
 	"github.com/hashicorp/terraform-provider-aws/names"
 )
 
@@ -28,6 +31,50 @@ func TestAccSTSCallerIdentityDataSource_basic(t *testing.T) {
 	})
 }
 
+func TestAccSTSCallerIdentityDataSource_alternateRegion(t *testing.T) {
+	ctx := acctest.Context(t)
+
+	defaultRegion := os.Getenv(envvar.DefaultRegion)
+	if defaultRegion == "" {
+		t.Skipf("Skipping test due to missing %s", envvar.DefaultRegion)
+	}
+
+	alternateRegion := os.Getenv(envvar.AlternateRegion)
+	if alternateRegion == "" {
+		t.Skipf("Skipping test due to missing %s", envvar.AlternateRegion)
+	}
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.PreCheck(ctx, t) },
+		ErrorCheck:               acctest.ErrorCheck(t, names.STSEndpointID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCallerIdentityConfig_alternateRegion(defaultRegion, alternateRegion),
+				Check: resource.ComposeTestCheckFunc(
+					acctest.CheckCallerIdentityAccountID("data.aws_caller_identity.current"),
+				),
+			},
+		},
+	})
+}
+
 const testAccCallerIdentityConfig_basic = `
 data "aws_caller_identity" "current" {}
 `
+
+func testAccCallerIdentityConfig_alternateRegion(defaultRegion, alternateRegion string) string {
+	//lintignore:AT004
+	return fmt.Sprintf(`
+provider "aws" {
+  region = %[1]q
+
+  sts_region = %[2]q
+  endpoints {
+    sts = "https://sts.%[2]s.amazonaws.com"
+  }
+}
+
+data "aws_caller_identity" "current" {}
+`, defaultRegion, alternateRegion)
+}
diff --git a/internal/service/sts/service_package.go b/internal/service/sts/service_package.go
@@ -32,7 +32,9 @@ func (p *servicePackage) NewClient(ctx context.Context, config map[string]any) (
 	return sts_sdkv2.NewFromConfig(cfg, func(o *sts_sdkv2.Options) {
 		if endpoint := config["endpoint"].(string); endpoint != "" {
 			o.BaseEndpoint = aws_sdkv2.String(endpoint)
-		} else if stsRegion := config["sts_region"].(string); stsRegion != "" {
+		}
+
+		if stsRegion := config["sts_region"].(string); stsRegion != "" {
 			o.Region = stsRegion
 		}
 	}), nil