Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(cli): failure to get credentials when session token is not set #32134

Merged
merged 5 commits into from
Nov 14, 2024
Merged

fix(cli): failure to get credentials when session token is not set #32134

merged 5 commits into from
Nov 14, 2024
+51 −1

Conversation

otaviomacedo
Copy link
Contributor

@otaviomacedo otaviomacedo commented Nov 14, 2024
edited
Loading

In Node.js, if you assign undefined to an environment variable, that variable ends up having the string "undefined".

If we are using IAM user credentials, AWS_SESSION_TOKEN should not be set, but because we were not handling this edge case, it was getting assigned an invalid value:

Welcome to Node.js v22.9.0.
Type ".help" for more information.
> process.env.AWS_SESSION_TOKEN || process.env.AMAZON_SESSION_TOKEN
undefined
> process.env.AWS_SESSION_TOKEN = process.env.AWS_SESSION_TOKEN || process.env.AMAZON_SESSION_TOKEN
undefined
> process.env.AWS_SESSION_TOKEN
'undefined'

Closes #32120.

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@github-actions github-actions bot added the p2 label Nov 14, 2024
@aws-cdk-automation aws-cdk-automation requested a review from a team November 14, 2024 12:02
@mergify mergify bot added the contribution/core This is a PR that came from AWS. label Nov 14, 2024
aws-cdk-automation
aws-cdk-automation previously requested changes Nov 14, 2024
View reviewed changes
Copy link
Collaborator

@aws-cdk-automation aws-cdk-automation left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.

A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed add Clarification Request to a comment.

@aws-cdk-automation aws-cdk-automation added the pr/needs-cli-test-run This PR needs CLI tests run against it. label Nov 14, 2024
@github-actions github-actions bot added bug This issue is a bug. p0 and removed p2 labels Nov 14, 2024
@codecov Codecov
Copy link

codecov bot commented Nov 14, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 77.15%. Comparing base (339fed1) to head (eee2a95).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main   #32134   +/-   ##
=======================================
  Coverage   77.14%   77.15%           
=======================================
  Files         105      105           
  Lines        7163     7165    +2     
  Branches     1311     1312    +1     
=======================================
+ Hits         5526     5528    +2     
  Misses       1457     1457           
  Partials      180      180
Flag Coverage Δ
suite.unit 77.15% <100.00%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Components Coverage Δ
packages/aws-cdk 77.15% <100.00%> (+<0.01%) ⬆️

rix0rrr
rix0rrr requested changes Nov 14, 2024
View reviewed changes
packages/aws-cdk/lib/api/aws-auth/awscli-compatible.ts Outdated
Comment on lines 186 to 188
if (sessionToken) {
process.env.AWS_SESSION_TOKEN = sessionToken;
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why don't we do this inside the if that checks for id and key?

Why do we need to do this at all, anyway? Is it because AMAZON_ACCESS_KEY_ID is no longer supported, and it must be AWS_ACCESS_KEY_ID?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why don't we do this inside the if that checks for id and key?

Sure.

Why do we need to do this at all, anyway?

Because we want to keep it backward compatible and still support AMAZON_ACCESS_KEY_ID, but the SDK only reads from AWS_ACCESS_KEY_ID.

@aws-cdk-automation
Copy link
Collaborator

➡️ PR build request submitted to test-main-pipeline ⬅️

A maintainer must now check the pipeline and add the pr-linter/cli-integ-tested label once the pipeline succeeds.

@otaviomacedo otaviomacedo added pr-linter/exempt-integ-test The PR linter will not require integ test changes pr-linter/cli-integ-tested Assert that any CLI changes have been integ tested labels Nov 14, 2024
@aws-cdk-automation aws-cdk-automation dismissed their stale review November 14, 2024 15:10

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

@aws-cdk-automation aws-cdk-automation removed the pr/needs-cli-test-run This PR needs CLI tests run against it. label Nov 14, 2024
@mergify Mergify
Copy link
Contributor

mergify bot commented Nov 14, 2024

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: eee2a95
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify mergify bot merged commit 9ef4e72 into main Nov 14, 2024
16 of 17 checks passed
@mergify Mergify
Copy link
Contributor

mergify bot commented Nov 14, 2024

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot deleted the otaviom/fix-iam-user-creds branch November 14, 2024 15:44
@github-actions GitHub Actions
Copy link

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 14, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@iliapolo iliapolo iliapolo left review comments

@rix0rrr rix0rrr rix0rrr approved these changes

@aws-cdk-automation aws-cdk-automation aws-cdk-automation left review comments

Assignees
No one assigned
Labels
bug This issue is a bug. contribution/core This is a PR that came from AWS. p0 pr-linter/cli-integ-tested Assert that any CLI changes have been integ tested pr-linter/exempt-integ-test The PR linter will not require integ test changes
Projects
None yet
Milestone
No milestone
4 participants
@otaviomacedo @aws-cdk-automation @rix0rrr @iliapolo