Fix EcsCredentialsProvider to respect query params (#3977)

## Motivation and Context
awslabs/aws-sdk-rust#1248, and implemented the
fix as prescribed.

## Testing
Added a request matching unit test to the `ecs` module to ensure that
query params are included in credential's HTTP request.

## Checklist
- [x] For changes to the AWS SDK, generated SDK code, or SDK runtime
crates, I have created a changelog entry Markdown file in the
`.changelog` directory, specifying "aws-sdk-rust" in the `applies_to`
key.

----

_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._

Author: ysaito1001

.changelog/1737491439.md

@@ -0,0 +1,12 @@
+---
+applies_to:
+- aws-sdk-rust
+authors:
+- ysaito1001
+references:
+- aws-sdk-rust#1248
+breaking: false
+new_feature: false
+bug_fix: true
+---
+Fix `EcsCredentialsProvider` to include query params passed via `AWS_CONTAINER_CREDENTIALS_RELATIVE_URI`.

aws/rust-runtime/aws-config/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "aws-config"
-version = "1.5.14"
+version = "1.5.15"
 authors = [
     "AWS Rust SDK Team <aws-sdk-rust@amazon.com>",
     "Russell Cohen <rcoh@amazon.com>",

aws/rust-runtime/aws-config/src/ecs.rs

@@ -191,7 +191,10 @@ impl Provider {
             Err(EcsConfigurationError::NotConfigured) => return Provider::NotConfigured,
             Err(err) => return Provider::InvalidConfiguration(err),
         };
-        let path = uri.path().to_string();
+        let path_and_query = match uri.path_and_query() {
+            Some(path_and_query) => path_and_query.to_string(),
+            None => uri.path().to_string(),
+        };
         let endpoint = {
             let mut parts = uri.into_parts();
             parts.path_and_query = Some(PathAndQuery::from_static("/"));
@@ -208,7 +211,7 @@ impl Provider {
                     .read_timeout(DEFAULT_READ_TIMEOUT)
                     .build(),
             )
-            .build("EcsContainer", &endpoint, path);
+            .build("EcsContainer", &endpoint, path_and_query);
         Provider::Configured(http_provider)
     }
 
@@ -828,6 +831,42 @@ mod test {
         http_client.assert_requests_match(&[]);
     }
 
+    #[tokio::test]
+    async fn query_params_should_be_included_in_credentials_http_request() {
+        let env = Env::from_slice(&[
+            (
+                "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI",
+                "/my-credentials/?applicationName=test2024",
+            ),
+            (
+                "AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE",
+                "/var/run/secrets/pods.eks.amazonaws.com/serviceaccount/eks-pod-identity-token",
+            ),
+            ("AWS_CONTAINER_AUTHORIZATION_TOKEN", "unused"),
+        ]);
+        let fs = Fs::from_raw_map(HashMap::from([(
+            OsString::from(
+                "/var/run/secrets/pods.eks.amazonaws.com/serviceaccount/eks-pod-identity-token",
+            ),
+            "Basic password".into(),
+        )]));
+
+        let http_client = StaticReplayClient::new(vec![ReplayEvent::new(
+            creds_request(
+                "http://169.254.170.2/my-credentials/?applicationName=test2024",
+                Some("Basic password"),
+            ),
+            ok_creds_response(),
+        )]);
+        let provider = provider(env, fs, http_client.clone());
+        let creds = provider
+            .provide_credentials()
+            .await
+            .expect("valid credentials");
+        assert_correct(creds);
+        http_client.assert_requests_match(&[]);
+    }
+
     #[tokio::test]
     async fn fs_missing_file() {
         let env = Env::from_slice(&[