From 679ca962777ae219bbed2115ac9d6a2535815264 Mon Sep 17 00:00:00 2001
From: Olivier Lepage-Applin <olapplin@amazon.com>
Date: Tue, 21 Jan 2025 11:25:26 -0500
Subject: [PATCH 1/3] delete test IAM user on AssumeRoleIntegrationTest test
 completion

---
 .../sts/AssumeRoleIntegrationTest.java        | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/services/sts/src/it/java/software/amazon/awssdk/services/sts/AssumeRoleIntegrationTest.java b/services/sts/src/it/java/software/amazon/awssdk/services/sts/AssumeRoleIntegrationTest.java
index 6d14f30b3269..b644c9e5f629 100644
--- a/services/sts/src/it/java/software/amazon/awssdk/services/sts/AssumeRoleIntegrationTest.java
+++ b/services/sts/src/it/java/software/amazon/awssdk/services/sts/AssumeRoleIntegrationTest.java
@@ -21,6 +21,7 @@
 import java.time.Duration;
 import java.util.Comparator;
 import java.util.Optional;
+import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.Test;
 import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
@@ -63,6 +64,7 @@ public class AssumeRoleIntegrationTest extends IntegrationTestBaseWithIAM {
     private static final String ROLE_NAME = "assume-role-integration-test-role";
     private static final String ROLE_ARN_FORMAT = "arn:aws:iam::%s:role/" + ROLE_NAME;
     private static String ROLE_ARN;
+    private static String accountId;
 
     private static final String ASSUME_ROLE = "sts:AssumeRole";
 
@@ -70,7 +72,7 @@ public class AssumeRoleIntegrationTest extends IntegrationTestBaseWithIAM {
 
     @BeforeClass
     public static void setup() {
-        String accountId = sts.getCallerIdentity().account();
+        accountId = sts.getCallerIdentity().account();
         USER_ARN = String.format(USER_ARN_FORMAT, accountId);
         ROLE_ARN = String.format(ROLE_ARN_FORMAT, accountId);
 
@@ -133,6 +135,21 @@ public static void setup() {
               .orFailAfter(Duration.ofMinutes(5));
     }
 
+    @AfterClass
+    public static void cleanup() {
+        iam.listAccessKeysPaginator(r -> r.userName(USER_NAME))
+           .accessKeyMetadata()
+           .stream()
+           .forEach(meta -> iam.deleteAccessKey(req -> req.userName(USER_NAME).accessKeyId(meta.accessKeyId())));
+        iam.detachUserPolicy(req -> req.userName(USER_NAME).policyArn(String.format(POLICY_ARN_FORMAT, accountId)));
+        iam.deleteUser(req -> req.userName(USER_NAME));
+
+        // deleting the IAM User referenced in the IAM Role trust relationship leaves the role in a bad state where it cant be
+        // assumed anymore. Therefore, we need to delete the role as well.
+        iam.deleteRole(req -> req.roleName(ROLE_NAME));
+    }
+
+
     /** Tests that we can call assumeRole successfully. */
     @Test
     public void testAssumeRole() throws InterruptedException {

From df78ee579f337b3a1b693f1e45759457e490cf3d Mon Sep 17 00:00:00 2001
From: Olivier Lepage-Applin <olapplin@amazon.com>
Date: Wed, 22 Jan 2025 16:40:06 -0500
Subject: [PATCH 2/3] use random name suffix to avoid multiple integ tests jobs
 conflicts

---
 .../awssdk/services/sts/AssumeRoleIntegrationTest.java       | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/services/sts/src/it/java/software/amazon/awssdk/services/sts/AssumeRoleIntegrationTest.java b/services/sts/src/it/java/software/amazon/awssdk/services/sts/AssumeRoleIntegrationTest.java
index b644c9e5f629..fb83625280f6 100644
--- a/services/sts/src/it/java/software/amazon/awssdk/services/sts/AssumeRoleIntegrationTest.java
+++ b/services/sts/src/it/java/software/amazon/awssdk/services/sts/AssumeRoleIntegrationTest.java
@@ -21,6 +21,7 @@
 import java.time.Duration;
 import java.util.Comparator;
 import java.util.Optional;
+import org.apache.commons.lang3.RandomStringUtils;
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.Test;
@@ -54,14 +55,14 @@ public class AssumeRoleIntegrationTest extends IntegrationTestBaseWithIAM {
 
     private static final int SESSION_DURATION = 60 * 60;
 
-    private static final String USER_NAME = "assume-role-integration-test-user";
+    private static final String USER_NAME = "assume-role-integration-test-user-" + RandomStringUtils.randomAlphanumeric(10);
     private static final String USER_ARN_FORMAT = "arn:aws:iam::%s:user/" + USER_NAME;
     private static String USER_ARN;
 
     private static final String POLICY_NAME = "AssumeRoleIntegrationTestPolicy";
     private static final String POLICY_ARN_FORMAT = "arn:aws:iam::%s:policy/" + POLICY_NAME;
 
-    private static final String ROLE_NAME = "assume-role-integration-test-role";
+    private static final String ROLE_NAME = "assume-role-integration-test-role-" + RandomStringUtils.randomAlphanumeric(10);
     private static final String ROLE_ARN_FORMAT = "arn:aws:iam::%s:role/" + ROLE_NAME;
     private static String ROLE_ARN;
     private static String accountId;

From dbdda7e573e9e019d7b6b6a39f88f6f06981ce97 Mon Sep 17 00:00:00 2001
From: Olivier Lepage-Applin <olapplin@amazon.com>
Date: Thu, 23 Jan 2025 09:11:23 -0500
Subject: [PATCH 3/3] explicitly declare test-dependency to Apache commons-lang
 used in test

---
 services/sts/pom.xml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/services/sts/pom.xml b/services/sts/pom.xml
index 2158079f8e5d..9ad358f17ea7 100644
--- a/services/sts/pom.xml
+++ b/services/sts/pom.xml
@@ -89,6 +89,11 @@
             <artifactId>junit-vintage-engine</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+            <scope>test</scope>
+        </dependency>
         <dependency>
             <groupId>software.amazon.awssdk</groupId>
             <artifactId>http-auth-aws</artifactId>