Skip to content

Commit

Permalink
fix(cli): failure to get credentials when session token is not set
Browse files Browse the repository at this point in the history
  • Loading branch information
@otaviomacedo
otaviomacedo committed Nov 14, 2024
1 parent fb97684 commit 43fa4ad
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 1 deletion.
4 changes: 3 additions & 1 deletion packages/aws-cdk/lib/api/aws-auth/awscli-compatible.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -182,7 +182,9 @@ function caBundlePathFromEnvironment(): string | undefined {
function shouldPrioritizeEnv() {
const id = process.env.AWS_ACCESS_KEY_ID || process.env.AMAZON_ACCESS_KEY_ID;
const key = process.env.AWS_SECRET_ACCESS_KEY || process.env.AMAZON_SECRET_ACCESS_KEY;
process.env.AWS_SESSION_TOKEN = process.env.AWS_SESSION_TOKEN || process.env.AMAZON_SESSION_TOKEN;
if (process.env.AWS_SESSION_TOKEN || process.env.AMAZON_SESSION_TOKEN) {
process.env.AWS_SESSION_TOKEN = process.env.AWS_SESSION_TOKEN || process.env.AMAZON_SESSION_TOKEN;
}

if (!!id && !!key) {
process.env.AWS_ACCESS_KEY_ID = id;
Expand Down
26 changes: 26 additions & 0 deletions packages/aws-cdk/test/api/aws-auth/awscli-compatible.test.ts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
import { AwsCliCompatible } from '../../../lib/api/aws-auth/awscli-compatible';

test('does not mess up with session token env variables if they are undefined', async () => {
process.env.AWS_ACCESS_KEY_ID = 'foo';
process.env.SECRET_ACCESS_KEY = 'bar';

// Making sure these variables are not defined
delete process.env.AWS_SESSION_TOKEN;
delete process.env.AMAZON_SESSION_TOKEN;

await AwsCliCompatible.credentialChainBuilder();

expect(process.env.AWS_SESSION_TOKEN).toBeUndefined();
});

test('preserves session token env variables if they are defined', async () => {
process.env.AWS_ACCESS_KEY_ID = 'foo';
process.env.SECRET_ACCESS_KEY = 'bar';

process.env.AWS_SESSION_TOKEN = 'aaa';
process.env.AMAZON_SESSION_TOKEN = 'bbb';

await AwsCliCompatible.credentialChainBuilder();

expect(process.env.AWS_SESSION_TOKEN).toEqual('aaa');
});

0 comments on commit 43fa4ad

Please sign in to comment.