Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(cli): profile AssumeRole credentials don't work via proxy #7292

Merged
merged 3 commits into from
Apr 10, 2020
Merged

fix(cli): profile AssumeRole credentials don't work via proxy #7292

merged 3 commits into from
Apr 10, 2020

Conversation

rix0rrr
Copy link
Contributor

@rix0rrr rix0rrr commented Apr 10, 2020
edited by shivlaks
Loading

Commit Message

The proxy configuration was not being properly passed to the
AWS.SharedIniFileCredentials object, so if users configure AssumeRole
credentials in their ~/.aws/config file, it would try to connect to
STS directly instead of going through the proxy.

Properly parse and pass the HTTP options to the right AWS file.

(Note that this object only takes HTTPOptions and not
ConfigurationOptions, so there's no way to override the user agent
on this initial STS call).

Fixes #7265.

End Commit Message

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@rix0rrr
fix(cli): profile AssumeRole credentials don't work via proxy
18d83aa 
The proxy configuration was not being properly passed to the
`AWS.SharedIniFileCredentials` object, so if users configure AssumeRole
credentials in their `~/.aws/config` file, it would try to connect to
STS directly instead of going through the proxy.

Properly parse and pass the HTTP options to the right AWS file.

(Note that this object only takes `HTTPOptions` and not
`ConfigurationOptions`, so there's no way to override the user agent
on this initial STS call).

Fixes #7265.
@rix0rrr rix0rrr requested a review from a team April 10, 2020 09:40
@rix0rrr rix0rrr self-assigned this Apr 10, 2020
@mergify mergify bot added the contribution/core This is a PR that came from AWS. label Apr 10, 2020
@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: 18d83aa
  • Result: FAILED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

shivlaks
shivlaks suggested changes Apr 10, 2020
View reviewed changes
Copy link
Contributor

@shivlaks shivlaks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

small things

packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts Outdated
@@ -298,6 +301,7 @@ function defaultHttpOptions(options: SdkHttpOptions) {
debug('Using proxy server: %s', proxyAddress);
// eslint-disable-next-line @typescript-eslint/no-require-imports
const ProxyAgent: any = require('proxy-agent');
// tslint:disable-next-line:no-console
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove?

packages/aws-cdk/test/api/sdk-provider.test.ts Outdated
Comment on lines 159 to 161
// This error takes 6 seconds to be completely handled. It might be retries in the SDK
// somewhere, or something about the Node event loop. I've spent an hour trying to figure
// it out and I can't, and I gave up. We'll just have to live with this.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe add a FIXME here? don't see it as being blocking for now but interesting nonetheless

packages/aws-cdk/test/api/sdk-provider.test.ts
// Messy mocking
let called = false;
jest.mock('proxy-agent', () => {
class FakeAgent extends require('https').Agent {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does this not complain about using require?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Of course it does :)

@rix0rrr rix0rrr requested a review from shivlaks April 10, 2020 11:29
@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: 72dd7e9
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify
Copy link
Contributor

mergify bot commented Apr 10, 2020

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: 159e4e7
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify
Copy link
Contributor

mergify bot commented Apr 10, 2020

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit dc82de8 into master Apr 10, 2020
@mergify mergify bot deleted the huijbers/fix-proxy branch April 10, 2020 12:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shivlaks shivlaks shivlaks approved these changes

Assignees

@rix0rrr rix0rrr

Labels
contribution/core This is a PR that came from AWS.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Failure to determine Default AWS Account
3 participants
@rix0rrr @aws-cdk-automation @shivlaks