CLDSRV-893: Return ARN for assumed-role requesters in access logs

[dvasilas]

For assumed-role sessions, the requester field in server access logs currently contains spaces (e.g. [assumedRole] lifecycle-role:backbeat-lifecycle:scality-internal-services). Since the log format is space-delimited and this field is unquoted, the space shifts all subsequent fields for log parsers.

Per the AWS S3 Server Access Log Format, the Requester field for assumed-role sessions should be an ARN:

arn:aws:sts::123456789012:assumed-role/roleName/sessionName

Fixes: S3C-11117

[bert-e]

Hello dvasilas,

My role is to assist you with the merge of this
pull request. Please type @bert-e help to get information
on this process, or consult the user documentation.

Available options

name	description	privileged	authored
/after_pull_request	Wait for the given pull request id to be merged before continuing with the current one.
/bypass_author_approval	Bypass the pull request author's approval	⭐
/bypass_build_status	Bypass the build and test status	⭐
/bypass_commit_size	Bypass the check on the size of the changeset TBA	⭐
/bypass_incompatible_branch	Bypass the check on the source branch prefix	⭐
/bypass_jira_check	Bypass the Jira issue check	⭐
/bypass_peer_approval	Bypass the pull request peers' approval	⭐
/bypass_leader_approval	Bypass the pull request leaders' approval	⭐
/approve	Instruct Bert-E that the author has approved the pull request.		✍️
/create_pull_requests	Allow the creation of integration pull requests.
/create_integration_branches	Allow the creation of integration branches.
/no_octopus	Prevent Wall-E from doing any octopus merge and use multiple consecutive merge instead
/unanimity	Change review acceptance criteria from one reviewer at least to all reviewers
/wait	Instruct Bert-E not to run until further notice.

Available commands

name	description	privileged
/help	Print Bert-E's manual in the pull request.
/status	Print Bert-E's current status in the pull request TBA
/clear	Remove all comments from Bert-E from the history TBA
/retry	Re-start a fresh build TBA
/build	Re-start a fresh build TBA
/force_reset	Delete integration branches & pull requests, and restart merge process from the beginning.
/reset	Try to remove integration branches unless there are commits on them which do not appear on the source branch.

Status report is not available.

[bert-e]

Incorrect fix version

The Fix Version/s in issue CLDSRV-893 contains:

• None

Considering where you are trying to merge, I ignored possible hotfix versions and I expected to find:

• 9.2.36

• 9.3.7

• 9.4.0

Please check the Fix Version/s of CLDSRV-893, or the target
branch of this pull request.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 84.29%. Comparing base (029b436) to head (46a99ae).
⚠️ Report is 1 commits behind head on development/9.2.
✅ All tests successful. No failed tests found.

Additional details and impacted files

Files with missing lines	Coverage Δ
lib/utilities/serverAccessLogger.js	82.17% <100.00%> (+0.31%)	⬆️

... and 1 file with indirect coverage changes

@@                 Coverage Diff                 @@
##           development/9.2    #6152      +/-   ##
===================================================
- Coverage            84.34%   84.29%   -0.05%     
===================================================
  Files                  204      204              
  Lines                13143    13147       +4     
===================================================
- Hits                 11085    11082       -3     
- Misses                2058     2065       +7     

Flag	Coverage Δ
file-ft-tests	67.65% <75.00%> (-0.06%)	⬇️
kmip-ft-tests	28.22% <75.00%> (+0.01%)	⬆️
mongo-v0-ft-tests	68.89% <75.00%> (-0.06%)	⬇️
mongo-v1-ft-tests	68.88% <75.00%> (-0.08%)	⬇️
multiple-backend	35.27% <75.00%> (+0.01%)	⬆️
sur-tests	36.57% <75.00%> (+0.84%)	⬆️
sur-tests-inflights	37.62% <75.00%> (+0.01%)	⬆️
unit	69.91% <100.00%> (+<0.01%)	⬆️
utapi-v2-tests	34.52% <75.00%> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[bert-e]

Request integration branches

Waiting for integration branch creation to be requested by the user.

To request integration branches, please comment on this pull request with the following command:

/create_integration_branches

Alternatively, the /approve and /create_pull_requests commands will automatically
create the integration branches.

[claude]

• Missing test for the fallthrough case where getArn() returns a non-assumed-role ARN (e.g. an IAM user ARN), verifying the code correctly skips to the next branch.
  
  Review by Claude Code

[claude]

LGTM — clean, well-scoped fix with good test coverage. One minor nit posted inline (double getArn() call).

Review by Claude Code

[jonathan-gramain]

You may want to be more restrictive in the last part after / to ensure there is no space or invalid character that would break the log formatting (not that it is likely to happen, but just in case)

[dvasilas]

Makes sense, I went with \S+

[claude]

LGTM

Review by Claude Code

[dvasilas]

/create_integration_branches

[bert-e]

Integration data created

I have created the integration data for the additional destination branches.

• this pull request will merge improvement/CLDSRV-893-return-arn-for-assumed-role-in-access-logs into
  development/9.2
• w/9.3/improvement/CLDSRV-893-return-arn-for-assumed-role-in-access-logs will be merged into development/9.3
• w/9.4/improvement/CLDSRV-893-return-arn-for-assumed-role-in-access-logs will be merged into development/9.4

The following branches will NOT be impacted:

• development/7.10
• development/7.4
• development/7.70
• development/8.8
• development/9.0
• development/9.1

You can set option create_pull_requests if you need me to create
integration pull requests in addition to integration branches, with:

@bert-e create_pull_requests

The following options are set: create_integration_branches

[bert-e]

Waiting for approval

The following approvals are needed before I can proceed with the merge:

• the author

• 2 peers

The following options are set: create_integration_branches

[dvasilas]

/approve

[bert-e]

Build failed

The build for commit did not succeed in branch w/9.3/improvement/CLDSRV-893-return-arn-for-assumed-role-in-access-logs

The following options are set: approve, create_integration_branches

[bert-e]

I have successfully merged the changeset of this pull request
into targetted development branches:

• ✔️ development/9.2

• ✔️ development/9.3

• ✔️ development/9.4

The following branches have NOT changed:

• development/7.10
• development/7.4
• development/7.70
• development/8.8
• development/9.0
• development/9.1

Please check the status of the associated issue CLDSRV-893.

Goodbye dvasilas.

The following options are set: approve, create_integration_branches