Allow sam local invoke to retrieve account id from current logged in session

[defenderkev]

Which issue(s) does this change fix?
#2325
Replaces Pull Request #6568 after feedback from team

Why is this change necessary?
Because currently if you have !Sub xxx${AWS::AccountId}xxx in, for example, a layer definition, SAM uses a default substitution which doesn't reference the correct Account ID

How does it address the issue?

During instantiation of the InvokeContext object an attempt is made to retrieve the caller identity from STS. Assuming this succeeds, the account id is put into _global_parameter_overrides. If a token retrieval error occurs, a warning message is printed and the existing default value is used.

What side effects does this change have?
None that I can see

Mandatory Checklist
PRs will only be reviewed after checklist is complete

[n/a] Add input/output type hints to new functions/methods
[n/a ] Write design document if needed (Do I need to write a design document?)
Write/update unit tests
[n/a] Write/update integration tests
[n/a] Write/update functional tests if needed
make pr passes
[n/a] make update-reproducible-reqs if dependencies were changed
Write documentation

• Not sure where this should be documented. Happy to do so if pointed in the right direction
  By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[mildaniel]

Thanks for the contribution. This looks good to me overall. I left one small nit-picky comment. Can you also add some unit testing?

[mildaniel]

nit: Can we move this logic into its own function? It should also make it easier to test.

[defenderkev]

I've moved the code to its own function. Happy to write unit tests but I would appreciate some pointers on where to start, as the functionality relies on whether the user running the code is/isn't logged into an AWS account. I'm not sure how to mock the response from sts.get_caller_identity

[mildaniel]

You'll want to write the tests in this file https://github.com/aws/aws-sam-cli/blob/develop/tests/unit/commands/local/cli_common/test_invoke_context.py. There should be a few examples in our unit tests that demonstrate mocking external calls. Here's on you can use as reference: https://github.com/aws/aws-sam-cli/blob/develop/tests/unit/commands/local/cli_common/test_invoke_context.py#L1355

[defenderkev]

I've made the suggested changes (as you probably noticed Python is not my first language!) and added unit tests to make sure the new function works both with and without a caller id being returned by STS

[mildaniel]

Thanks @defenderkev, a few more minor comments.

[hawflau]

Thanks for your contributions!
Please check my feedback

[lucashuy]

Thanks for maintaining this PR thus far, left some pretty minor comments

[lucashuy]

Could we update the import at the top of this file to import that method instead of qualifying it here?

[defenderkev]

I couldn't get the test to patch correctly if I used from samcli.lib.utils.boto_utils import get_boto_client_provider_with_config. Happy to update if someone can assist here; Python is not my first language..

[lucashuy]

Was the issue that the patch wasn't working when moving the import to the top of the file? You might need to patch it using from the invoke_context file instead. That is, instead of

@patch("samcli.lib.utils.boto_utils.get_boto_client_provider_with_config")

The following patch is used instead

@patch("samcli.commands.local.cli_common.invoke_context.get_boto_client_provider_with_config")

[lucashuy]

It looks like the previous CI check failed for linting reasons, can you run make format to automatically fix them?