Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(cli): process credentials #11114

Merged
merged 8 commits into from
Nov 9, 2020
Merged

feat(cli): process credentials #11114

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
992d4a6
feat(core): support process credentials
hoegertn Oct 26, 2020
92bee09
fix linter
hoegertn Oct 26, 2020
74eb1c8
Merge branch 'master' into hoegertn-process-creds
hoegertn Oct 29, 2020
f04bf40
Merge branch 'master' into hoegertn-process-creds
hoegertn Oct 30, 2020
fa0dbf5
fix mfa test
hoegertn Oct 30, 2020
be7dc60
Merge branch 'master' into hoegertn-process-creds
hoegertn Nov 6, 2020
e35198f
Merge branch 'master' into hoegertn-process-creds
rix0rrr Nov 9, 2020
806e1a2
Merge branch 'master' into hoegertn-process-creds
mergify[bot] Nov 9, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion packages/aws-cdk/lib/api/aws-auth/awscli-compatible.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,10 @@ export class AwsCliCompatible {
if (options.profile) {
await forceSdkToReadConfigIfPresent();
const theProfile = options.profile;
return new AWS.CredentialProviderChain([() => profileCredentials(theProfile)]);
return new AWS.CredentialProviderChain([
() => profileCredentials(theProfile),
() => new AWS.ProcessCredentials({ profile: theProfile }),
]);
}

const implicitProfile = process.env.AWS_PROFILE || process.env.AWS_DEFAULT_PROFILE || 'default';
Expand All @@ -55,6 +58,7 @@ export class AwsCliCompatible {
// environment variable.
await forceSdkToReadConfigIfPresent();
sources.push(() => profileCredentials(implicitProfile));
sources.push(() => new AWS.ProcessCredentials({ profile: implicitProfile }));
}

if (options.containerCreds ?? hasEcsCredentials()) {
Expand Down
9 changes: 7 additions & 2 deletions packages/aws-cdk/test/api/sdk-provider.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ import * as cxapi from '@aws-cdk/cx-api';
import * as AWS from 'aws-sdk';
import * as SDKMock from 'aws-sdk-mock';
import type { ConfigurationOptions } from 'aws-sdk/lib/config-base';
import * as promptly from 'promptly';
import * as uuid from 'uuid';
import { PluginHost } from '../../lib';
import { ISDK, Mode, SdkProvider } from '../../lib/api/aws-auth';
Expand Down Expand Up @@ -195,12 +196,16 @@ describe('with default config files', () => {
// WHEN
const provider = await SdkProvider.withAwsCliCompatibleDefaults({ ...defaultCredOptions, profile: 'mfa-role' });

const promptlyMockCalls = (promptly.prompt as jest.Mock).mock.calls.length;

// THEN
try {
await provider.withAssumedRole('arn:aws:iam::account:role/role', undefined, undefined);
fail('Should error as no credentials could be loaded');
} catch (e) {
// Mock response was set to fail with message test to make sure we don't call STS
expect(e.message).toEqual('Error fetching MFA token: test');
// Mock response was set to fail to make sure we don't call STS
// Make sure the MFA mock was called during this test
expect((promptly.prompt as jest.Mock).mock.calls.length).toBe(promptlyMockCalls + 1);
}
});

Expand Down