diff --git a/botocore/credentials.py b/botocore/credentials.py index 00b9f057fb..fc174c728b 100644 --- a/botocore/credentials.py +++ b/botocore/credentials.py @@ -1979,6 +1979,7 @@ def _retrieve_or_fail(self): method=self.METHOD, expiry_time=_parse_if_needed(creds['expiry_time']), refresh_using=fetcher, + account_id=creds.get('account_id'), ) def _build_headers(self): @@ -2016,6 +2017,7 @@ def fetch_creds(): 'secret_key': response['SecretAccessKey'], 'token': response['Token'], 'expiry_time': response['Expiration'], + 'account_id': response.get('AccountId'), } return fetch_creds diff --git a/tests/unit/test_credentials.py b/tests/unit/test_credentials.py index 28608eb5cf..8325196530 100644 --- a/tests/unit/test_credentials.py +++ b/tests/unit/test_credentials.py @@ -3267,6 +3267,32 @@ def test_throws_error_on_illegal_header(self): with self.assertRaises(ValueError): provider.load() + def test_can_retrieve_account_id(self): + environ = { + 'AWS_CONTAINER_CREDENTIALS_RELATIVE_URI': '/latest/credentials?id=foo' + } + fetcher = self.create_fetcher() + timeobj = datetime.now(tzlocal()) + timestamp = (timeobj + timedelta(hours=24)).isoformat() + fetcher.retrieve_full_uri.return_value = { + "AccessKeyId": "access_key", + "SecretAccessKey": "secret_key", + "Token": "token", + "Expiration": timestamp, + "AccountId": "account_id", + } + provider = credentials.ContainerProvider(environ, fetcher) + creds = provider.load() + + fetcher.retrieve_full_uri.assert_called_with( + self.full_url('/latest/credentials?id=foo'), headers=None + ) + self.assertEqual(creds.access_key, 'access_key') + self.assertEqual(creds.secret_key, 'secret_key') + self.assertEqual(creds.token, 'token') + self.assertEqual(creds.method, 'container-role') + self.assertEqual(creds.account_id, 'account_id') + class TestProcessProvider(BaseEnvVar): def setUp(self):