aws · mergify · Nov 14, 2024 · Nov 14, 2024 · Nov 14, 2024 · Nov 14, 2024
@@ -182,7 +182,9 @@ function caBundlePathFromEnvironment(): string | undefined {
 function shouldPrioritizeEnv() {
   const id = process.env.AWS_ACCESS_KEY_ID || process.env.AMAZON_ACCESS_KEY_ID;
   const key = process.env.AWS_SECRET_ACCESS_KEY || process.env.AMAZON_SECRET_ACCESS_KEY;
-  process.env.AWS_SESSION_TOKEN = process.env.AWS_SESSION_TOKEN || process.env.AMAZON_SESSION_TOKEN;
+  if (process.env.AWS_SESSION_TOKEN || process.env.AMAZON_SESSION_TOKEN) {
+    process.env.AWS_SESSION_TOKEN = process.env.AWS_SESSION_TOKEN || process.env.AMAZON_SESSION_TOKEN;
+  }
 
   if (!!id && !!key) {
     process.env.AWS_ACCESS_KEY_ID = id;

@@ -0,0 +1,26 @@
+import { AwsCliCompatible } from '../../../lib/api/aws-auth/awscli-compatible';
+
+test('does not mess up with session token env variables if they are undefined', async () => {
+  process.env.AWS_ACCESS_KEY_ID = 'foo';
+  process.env.SECRET_ACCESS_KEY = 'bar';
+
+  // Making sure these variables are not defined
+  delete process.env.AWS_SESSION_TOKEN;
+  delete process.env.AMAZON_SESSION_TOKEN;
+
+  await AwsCliCompatible.credentialChainBuilder();
+
+  expect(process.env.AWS_SESSION_TOKEN).toBeUndefined();
+});
+
+test('preserves session token env variables if they are defined', async () => {
+  process.env.AWS_ACCESS_KEY_ID = 'foo';
+  process.env.SECRET_ACCESS_KEY = 'bar';
+
+  process.env.AWS_SESSION_TOKEN = 'aaa';
+  process.env.AMAZON_SESSION_TOKEN = 'bbb';
+
+  await AwsCliCompatible.credentialChainBuilder();
+
+  expect(process.env.AWS_SESSION_TOKEN).toEqual('aaa');
+});