Skip to content

Commit

Permalink
Merge branch 'master' into ecs-can-access-container-instance-role
Browse files Browse the repository at this point in the history
  • Loading branch information
mergify[bot] authored May 27, 2022
2 parents 3635050 + b7bc10c commit 8787f2a
Show file tree
Hide file tree
Showing 4 changed files with 39 additions and 3 deletions.
2 changes: 1 addition & 1 deletion packages/@aws-cdk/aws-lambda-nodejs/lib/function.ts
Original file line number Diff line number Diff line change
Expand Up @@ -147,7 +147,7 @@ function findLockFile(depsLockFilePath?: string): string {
throw new Error('Cannot find a package lock file (`pnpm-lock.yaml`, `yarn.lock` or `package-lock.json`). Please specify it with `depsLockFilePath`.');
}
if (lockFiles.length > 1) {
throw new Error(`Multiple package lock files found: ${lockFiles.join(', ')}. Please specify the desired one with \`depsFileLockPath\`.`);
throw new Error(`Multiple package lock files found: ${lockFiles.join(', ')}. Please specify the desired one with \`depsLockFilePath\`.`);
}

return lockFiles[0];
Expand Down
6 changes: 5 additions & 1 deletion packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts
Original file line number Diff line number Diff line change
Expand Up @@ -459,7 +459,11 @@ function readIfPossible(filename: string): string | undefined {
* @see https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html#API_AssumeRole_RequestParameters
*/
function safeUsername() {
return os.userInfo().username.replace(/[^\w+=,.@-]/g, '@');
try {
return os.userInfo().username.replace(/[^\w+=,.@-]/g, '@');
} catch (e) {
return 'noname';
}
}

/**
Expand Down
28 changes: 28 additions & 0 deletions packages/aws-cdk/test/api/sdk-provider.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -341,6 +341,34 @@ describe('with intercepted network calls', () => {
});
});

test('assuming a role does not fail when OS username cannot be read', async () => {
// GIVEN
prepareCreds({
fakeSts,
config: {
default: { aws_access_key_id: 'foo', $account: '11111' },
},
});

await withMocked(os, 'userInfo', async (userInfo) => {
userInfo.mockImplementation(() => {
// SystemError thrown as documented: https://nodejs.org/docs/latest-v16.x/api/os.html#osuserinfooptions
throw new Error('SystemError on Linux: uv_os_get_passwd returned ENOENT. See #19401 issue.');
});

// WHEN
const provider = await providerFromProfile(undefined);

const sdk = (await provider.forEnvironment(env(uniq('88888')), Mode.ForReading, { assumeRoleArn: 'arn:aws:role' })).sdk as SDK;
await sdk.currentAccount();

// THEN
expect(fakeSts.assumedRoles[0]).toEqual(expect.objectContaining({
roleSessionName: 'aws-cdk-noname',
}));
});
});

test('even if current credentials are for the wrong account, we will still use them to AssumeRole', async () => {
// GIVEN
prepareCreds({
Expand Down
6 changes: 5 additions & 1 deletion packages/cdk-assets/lib/aws.ts
Original file line number Diff line number Diff line change
Expand Up @@ -150,6 +150,10 @@ export class DefaultAwsClient implements IAws {
* @see https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html#API_AssumeRole_RequestParameters
*/
function safeUsername() {
return os.userInfo().username.replace(/[^\w+=,.@-]/g, '@');
try {
return os.userInfo().username.replace(/[^\w+=,.@-]/g, '@');
} catch (e) {
return 'noname';
}
}

0 comments on commit 8787f2a

Please sign in to comment.