CLDSRV-896: Emit IAM ARN in access log Requester field for IAM users

[dvasilas]

When an IAM user makes a request, the Requester field in the bucket server access log was emitted as userName:accountName.
AWS emits an ARN of the form arn:aws:iam::<accountId>:user/<userName>.
Use the IAM ARN that Vault already provides via authInfo to match the AWS S3 server access log format.

[codecov]

❌ 2 Tests Failed:

Tests completed	Failed	Passed	Skipped
8152	2	8150	0

View the full list of 2 ❄️ flaky test(s)

"before each" hook for "should retrieve a part that overwrote another part originally copied from an MPU"::GET object With default signature With PartNumber field uploadPartCopy overwrite "before each" hook for "should retrieve a part that overwrote another part originally copied from an MPU"

Flake rate in main: 100.00% (Passed 0 times, Failed 8 times)

Stack Traces | 40s run time

Timeout of 40000ms exceeded. For async tests and hooks, ensure "done()" is called; if returning a Promise, ensure it resolves. (.../test/object/get.js)

should get the body of part 1 when ordered MPU::GET object With v4 signature With PartNumber field should get the body of part 1 when ordered MPU

Flake rate in main: 13.81% (Passed 668 times, Failed 107 times)

Stack Traces | 0.125s run time

Expected success, got error {"message":"The request has failed due to a temporary failure of the server.","code":"ServiceUnavailable","region":null,"time":"2026-04-17T14:18:08.872Z","requestId":"c14a9d1f3f489e5a6a9d","extendedRequestId":"c14a9d1f3f489e5a6a9d","statusCode":503,"retryable":true}

To view more test analytics, go to the Test Analytics Dashboard
_{📋 Got 3 mins? Take this short survey to help us improve Test Analytics.}

[claude]

• Missing null guard on arn in the IAM user branch of getRequester (lib/utilities/serverAccessLogger.js:339). The old code fell back to getCanonicalID() when display names were missing; the new code returns arn directly, which could be null if getArn() is absent or returns falsy. A test for this edge case is also missing.
  - Add a fallback: return arn || (authInfo.getCanonicalID ? authInfo.getCanonicalID() : null);
  - Add a test where getArn returns null for an IAM user to verify the fallback.
  
  Review by Claude Code

[claude]

LGTM

Review by Claude Code

[claude]

LGTM

Review by Claude Code

[bert-e]

Hello dvasilas,

My role is to assist you with the merge of this
pull request. Please type @bert-e help to get information
on this process, or consult the user documentation.

Available options

name	description	privileged	authored
/after_pull_request	Wait for the given pull request id to be merged before continuing with the current one.
/bypass_author_approval	Bypass the pull request author's approval	⭐
/bypass_build_status	Bypass the build and test status	⭐
/bypass_commit_size	Bypass the check on the size of the changeset TBA	⭐
/bypass_incompatible_branch	Bypass the check on the source branch prefix	⭐
/bypass_jira_check	Bypass the Jira issue check	⭐
/bypass_peer_approval	Bypass the pull request peers' approval	⭐
/bypass_leader_approval	Bypass the pull request leaders' approval	⭐
/approve	Instruct Bert-E that the author has approved the pull request.		✍️
/create_pull_requests	Allow the creation of integration pull requests.
/create_integration_branches	Allow the creation of integration branches.
/no_octopus	Prevent Wall-E from doing any octopus merge and use multiple consecutive merge instead
/unanimity	Change review acceptance criteria from one reviewer at least to all reviewers
/wait	Instruct Bert-E not to run until further notice.

Available commands

name	description	privileged
/help	Print Bert-E's manual in the pull request.
/status	Print Bert-E's current status in the pull request TBA
/clear	Remove all comments from Bert-E from the history TBA
/retry	Re-start a fresh build TBA
/build	Re-start a fresh build TBA
/force_reset	Delete integration branches & pull requests, and restart merge process from the beginning.
/reset	Try to remove integration branches unless there are commits on them which do not appear on the source branch.

Status report is not available.

[bert-e]

Incorrect fix version

The Fix Version/s in issue CLDSRV-896 contains:

• None

Considering where you are trying to merge, I ignored possible hotfix versions and I expected to find:

• 9.2.36

• 9.3.7

• 9.4.0

Please check the Fix Version/s of CLDSRV-896, or the target
branch of this pull request.

[dvasilas]

/approve

[bert-e]

Conflict

A conflict has been raised during the creation of
integration branch w/9.3/bugfix/CLDSRV-896-access-log-requester-arn-format with contents from bugfix/CLDSRV-896-access-log-requester-arn-format
and development/9.3.

I have not created the integration branch.

Here are the steps to resolve this conflict:

 git fetch
 git checkout -B w/9.3/bugfix/CLDSRV-896-access-log-requester-arn-format origin/development/9.3
 git merge origin/bugfix/CLDSRV-896-access-log-requester-arn-format
 # <intense conflict resolution>
 git commit
 git push -u origin w/9.3/bugfix/CLDSRV-896-access-log-requester-arn-format

The following options are set: approve

[dvasilas]

ping

[bert-e]

Integration data created

I have created the integration data for the additional destination branches.

• this pull request will merge bugfix/CLDSRV-896-access-log-requester-arn-format into
  development/9.2
• w/9.3/bugfix/CLDSRV-896-access-log-requester-arn-format will be merged into development/9.3
• w/9.4/bugfix/CLDSRV-896-access-log-requester-arn-format will be merged into development/9.4

The following branches will NOT be impacted:

• development/7.10
• development/7.4
• development/7.70
• development/8.8
• development/9.0
• development/9.1

You can set option create_pull_requests if you need me to create
integration pull requests in addition to integration branches, with:

@bert-e create_pull_requests

The following options are set: approve

[bert-e]

I have successfully merged the changeset of this pull request
into targetted development branches:

• ✔️ development/9.2

• ✔️ development/9.3

• ✔️ development/9.4

The following branches have NOT changed:

• development/7.10
• development/7.4
• development/7.70
• development/8.8
• development/9.0
• development/9.1

Please check the status of the associated issue CLDSRV-896.

Goodbye dvasilas.

The following options are set: approve