aws · S-Saranya1 · Jun 30, 2026 · Jun 29, 2026 · Jun 29, 2026
@@ -35,7 +35,7 @@
 import software.amazon.awssdk.awscore.client.config.AwsClientOption;
 import software.amazon.awssdk.awscore.internal.authcontext.AuthorizationStrategy;
 import software.amazon.awssdk.awscore.internal.authcontext.AuthorizationStrategyFactory;
-import software.amazon.awssdk.awscore.internal.identity.AwsIdentityProviderUpdater;
+import software.amazon.awssdk.awscore.internal.identity.AwsRequestIdentityProviderResolver;
 import software.amazon.awssdk.awscore.util.SignerOverrideUtils;
 import software.amazon.awssdk.core.HttpChecksumConstant;
 import software.amazon.awssdk.core.RequestOverrideConfiguration;
@@ -159,9 +159,9 @@ private AwsExecutionContextBuilder() {
                                              executionParams.endpointResolver());
         }
 
-        // Set the identity provider updater for the pipeline stage to use
-        executionAttributes.putAttribute(SdkInternalExecutionAttribute.IDENTITY_PROVIDER_UPDATER,
-                                         AwsIdentityProviderUpdater.create());
+        // Set the identity provider resolver for the pipeline stage to use
+        executionAttributes.putAttribute(SdkInternalExecutionAttribute.IDENTITY_PROVIDER_RESOLVER,
+                                         AwsRequestIdentityProviderResolver.create());
 
         ExecutionInterceptorChain executionInterceptorChain =
             new ExecutionInterceptorChain(clientConfig.option(SdkClientOption.EXECUTION_INTERCEPTORS));

@@ -22,32 +22,32 @@
 import software.amazon.awssdk.awscore.AwsRequestOverrideConfiguration;
 import software.amazon.awssdk.core.SdkRequest;
 import software.amazon.awssdk.core.interceptor.ExecutionAttributes;
-import software.amazon.awssdk.core.spi.identity.IdentityProviderUpdater;
+import software.amazon.awssdk.core.spi.identity.RequestIdentityProviderResolver;
 import software.amazon.awssdk.identity.spi.IdentityProviders;
 
 /**
- * AWS implementation of {@link IdentityProviderUpdater} that reads credential overrides
+ * AWS implementation of {@link RequestIdentityProviderResolver} that reads credential overrides
  * from {@link AwsRequestOverrideConfiguration} and deprecated {@link AwsSignerExecutionAttribute#AWS_CREDENTIALS}.
  */
 @SdkInternalApi
-public final class AwsIdentityProviderUpdater implements IdentityProviderUpdater {
+public final class AwsRequestIdentityProviderResolver implements RequestIdentityProviderResolver {
 
-    private static final AwsIdentityProviderUpdater INSTANCE = new AwsIdentityProviderUpdater();
+    private static final AwsRequestIdentityProviderResolver INSTANCE = new AwsRequestIdentityProviderResolver();
 
-    private AwsIdentityProviderUpdater() {
+    private AwsRequestIdentityProviderResolver() {
     }
 
-    public static AwsIdentityProviderUpdater create() {
+    public static AwsRequestIdentityProviderResolver create() {
         return INSTANCE;
     }
 
     @Override
-    public IdentityProviders update(SdkRequest request, IdentityProviders base, ExecutionAttributes executionAttributes) {
+    public IdentityProviders resolve(SdkRequest request, IdentityProviders base, ExecutionAttributes executionAttributes) {
         if (base == null) {
             return null;
         }
 
-        IdentityProviders updated = request.overrideConfiguration()
+        IdentityProviders resolvedProviders = request.overrideConfiguration()
             .filter(c -> c instanceof AwsRequestOverrideConfiguration)
             .map(c -> (AwsRequestOverrideConfiguration) c)
             .map(c -> base.copy(b -> {
@@ -56,8 +56,8 @@ public IdentityProviders update(SdkRequest request, IdentityProviders base, Exec
             }))
             .orElse(null);
 
-        if (updated != null) {
-            return updated;
+        if (resolvedProviders != null) {
+            return resolvedProviders;
         }
 
         // Support deprecated AWS_CREDENTIALS execution attribute for backwards compatibility

@@ -32,7 +32,7 @@
 import software.amazon.awssdk.core.internal.util.MetricUtils;
 import software.amazon.awssdk.core.metrics.CoreMetric;
 import software.amazon.awssdk.core.spi.identity.AuthSchemeOptionsResolver;
-import software.amazon.awssdk.core.spi.identity.IdentityProviderUpdater;
+import software.amazon.awssdk.core.spi.identity.RequestIdentityProviderResolver;
 import software.amazon.awssdk.http.auth.spi.scheme.AuthScheme;
 import software.amazon.awssdk.http.auth.spi.scheme.AuthSchemeOption;
 import software.amazon.awssdk.http.auth.spi.signer.HttpSigner;
@@ -76,10 +76,10 @@ public static SelectedAuthScheme<? extends Identity> resolveAuthScheme(
         IdentityProviders identityProviders =
             executionAttributes.getAttribute(SdkInternalExecutionAttribute.IDENTITY_PROVIDERS);
 
-        IdentityProviderUpdater updater =
-            executionAttributes.getAttribute(SdkInternalExecutionAttribute.IDENTITY_PROVIDER_UPDATER);
-        if (updater != null) {
-            identityProviders = updater.update(request, identityProviders, executionAttributes);
+        RequestIdentityProviderResolver resolver =
+            executionAttributes.getAttribute(SdkInternalExecutionAttribute.IDENTITY_PROVIDER_RESOLVER);
+        if (resolver != null) {
+            identityProviders = resolver.resolve(request, identityProviders, executionAttributes);
         }
 
         List<AuthSchemeOption> authOptions = optionsResolver.resolve(request);

@@ -33,7 +33,7 @@
 import software.amazon.awssdk.core.internal.endpoint.EndpointResolver;
 import software.amazon.awssdk.core.internal.interceptor.trait.RequestCompression;
 import software.amazon.awssdk.core.spi.identity.AuthSchemeOptionsResolver;
-import software.amazon.awssdk.core.spi.identity.IdentityProviderUpdater;
+import software.amazon.awssdk.core.spi.identity.RequestIdentityProviderResolver;
 import software.amazon.awssdk.core.useragent.AdditionalMetadata;
 import software.amazon.awssdk.core.useragent.BusinessMetricCollection;
 import software.amazon.awssdk.endpoints.Endpoint;
@@ -175,8 +175,8 @@ public final class SdkInternalExecutionAttribute extends SdkExecutionAttribute {
      * Callback for updating identity providers based on request-level overrides.
      * This allows aws-core to provide AWS-specific logic without sdk-core depending on aws-core.
      */
-    public static final ExecutionAttribute<IdentityProviderUpdater> IDENTITY_PROVIDER_UPDATER =
-        new ExecutionAttribute<>("IdentityProviderUpdater");
+    public static final ExecutionAttribute<RequestIdentityProviderResolver> IDENTITY_PROVIDER_RESOLVER =
+        new ExecutionAttribute<>("RequestIdentityProviderResolver");
 
     /**
      * Callback to resolve auth scheme options from the (possibly modified) request.

@@ -31,7 +31,7 @@
 import software.amazon.awssdk.core.internal.http.RequestExecutionContext;
 import software.amazon.awssdk.core.internal.http.pipeline.MutableRequestToRequestPipeline;
 import software.amazon.awssdk.core.spi.identity.AuthSchemeOptionsResolver;
-import software.amazon.awssdk.core.spi.identity.IdentityProviderUpdater;
+import software.amazon.awssdk.core.spi.identity.RequestIdentityProviderResolver;
 import software.amazon.awssdk.core.useragent.BusinessMetricCollection;
 import software.amazon.awssdk.core.useragent.BusinessMetricFeatureId;
 import software.amazon.awssdk.http.SdkHttpFullRequest;
@@ -120,17 +120,17 @@ private List<AuthSchemeOption> resolveAuthSchemeOptions(ExecutionAttributes exec
     /**
      * Returns identity providers after applying any request-level overrides. This allows aws-core to inject
      * credential overrides from {@code AwsRequestOverrideConfiguration} (e.g., per-request credentials provider)
-     * without sdk-core depending on aws-core. The updater is set by {@code AwsExecutionContextBuilder} and runs
+     * without sdk-core depending on aws-core. The resolver is set by {@code AwsExecutionContextBuilder} and runs
      * after interceptors have modified the request, ensuring user-injected credentials are respected.
      */
     private IdentityProviders updateIdentityProvidersIfNeeded(ExecutionAttributes executionAttributes, SdkRequest request) {
         IdentityProviders identityProviders =
             executionAttributes.getAttribute(SdkInternalExecutionAttribute.IDENTITY_PROVIDERS);
 
-        IdentityProviderUpdater updater =
-            executionAttributes.getAttribute(SdkInternalExecutionAttribute.IDENTITY_PROVIDER_UPDATER);
-        if (updater != null) {
-            identityProviders = updater.update(request, identityProviders, executionAttributes);
+        RequestIdentityProviderResolver resolver =
+            executionAttributes.getAttribute(SdkInternalExecutionAttribute.IDENTITY_PROVIDER_RESOLVER);
+        if (resolver != null) {
+            identityProviders = resolver.resolve(request, identityProviders, executionAttributes);
         }
         return identityProviders;
     }

@@ -21,22 +21,22 @@
 import software.amazon.awssdk.identity.spi.IdentityProviders;
 
 /**
- * Callback interface for updating identity providers based on request-level overrides.
+ * Callback interface for resolving the final identity providers considering request-level overrides.
  * <p>
  * This allows aws-core to provide AWS-specific logic for reading credential overrides
  * from {@code AwsRequestOverrideConfiguration} without sdk-core depending on aws-core.
  */
 @FunctionalInterface
 @SdkProtectedApi
-public interface IdentityProviderUpdater {
+public interface RequestIdentityProviderResolver {
     /**
-     * Updates identity providers by applying request-level credential overrides or
+     * Resolves identity providers by applying request-level credential overrides or
      * credentials set via {@code AwsSignerExecutionAttribute.AWS_CREDENTIALS} by interceptors.
      *
      * @param request The request (after interceptors have modified it)
      * @param base The base identity providers from client configuration
      * @param executionAttributes The execution attributes, checked for interceptor-set AWS_CREDENTIALS
      * @return Updated identity providers, or base if no overrides apply
      */
-    IdentityProviders update(SdkRequest request, IdentityProviders base, ExecutionAttributes executionAttributes);
+    IdentityProviders resolve(SdkRequest request, IdentityProviders base, ExecutionAttributes executionAttributes);
 }
@@ -36,7 +36,7 @@
 import software.amazon.awssdk.core.interceptor.SdkInternalExecutionAttribute;
 import software.amazon.awssdk.core.internal.http.RequestExecutionContext;
 import software.amazon.awssdk.core.spi.identity.AuthSchemeOptionsResolver;
-import software.amazon.awssdk.core.spi.identity.IdentityProviderUpdater;
+import software.amazon.awssdk.core.spi.identity.RequestIdentityProviderResolver;
 import software.amazon.awssdk.http.SdkHttpFullRequest;
 import software.amazon.awssdk.http.auth.spi.scheme.AuthScheme;
 import software.amazon.awssdk.http.auth.spi.scheme.AuthSchemeOption;
@@ -139,15 +139,15 @@ void execute_resolverReceivesRequestFromInterceptorContext() throws Exception {
     }
 
     @Test
-    void execute_withIdentityProviderUpdater_callsUpdaterWithRequest() throws Exception {
+    void execute_withRequestIdentityProviderResolver_callsUpdaterWithRequest() throws Exception {
         // Create mocks first before any stubbing
         IdentityProvider<Identity> identityProvider = createMockIdentityProvider();
         Map<String, AuthScheme<?>> authSchemes = createAuthSchemes();
         IdentityProviders baseProviders = mock(IdentityProviders.class);
         IdentityProviders updatedProviders = mock(IdentityProviders.class);
 
-        IdentityProviderUpdater updater = mock(IdentityProviderUpdater.class);
-        doReturn(updatedProviders).when(updater).update(sdkRequest, baseProviders, executionAttributes);
+        RequestIdentityProviderResolver resolver = mock(RequestIdentityProviderResolver.class);
+        doReturn(updatedProviders).when(resolver).resolve(sdkRequest, baseProviders, executionAttributes);
 
         // Setup so that auth scheme uses the updated providers
         @SuppressWarnings("unchecked")
@@ -158,20 +158,20 @@ void execute_withIdentityProviderUpdater_callsUpdaterWithRequest() throws Except
         executionAttributes.putAttribute(SdkInternalExecutionAttribute.AUTH_SCHEME_OPTIONS_RESOLVER,
             (AuthSchemeOptionsResolver) req -> createAuthOptions());
         executionAttributes.putAttribute(SdkInternalExecutionAttribute.IDENTITY_PROVIDERS, baseProviders);
-        executionAttributes.putAttribute(SdkInternalExecutionAttribute.IDENTITY_PROVIDER_UPDATER, updater);
+        executionAttributes.putAttribute(SdkInternalExecutionAttribute.IDENTITY_PROVIDER_RESOLVER, resolver);
 
         stage.execute(httpRequestBuilder, context);
 
-        verify(updater).update(sdkRequest, baseProviders, executionAttributes);
+        verify(resolver).resolve(sdkRequest, baseProviders, executionAttributes);
     }
 
     @Test
-    void execute_withoutIdentityProviderUpdater_doesNotFail() throws Exception {
+    void execute_withoutRequestIdentityProviderResolver_doesNotFail() throws Exception {
         executionAttributes.putAttribute(SdkInternalExecutionAttribute.AUTH_SCHEMES, createAuthSchemes());
         executionAttributes.putAttribute(SdkInternalExecutionAttribute.AUTH_SCHEME_OPTIONS_RESOLVER,
             (AuthSchemeOptionsResolver) req -> createAuthOptions());
         executionAttributes.putAttribute(SdkInternalExecutionAttribute.IDENTITY_PROVIDERS, createIdentityProviders());
-        // No IDENTITY_PROVIDER_UPDATER set
+        // No IDENTITY_PROVIDER_RESOLVER set
 
         SdkHttpFullRequest.Builder result = stage.execute(httpRequestBuilder, context);