From 70282420238a094a7e604f8f6ff25b2f761dc5df Mon Sep 17 00:00:00 2001 From: Otavio Macedo <288203+otaviomacedo@users.noreply.github.com> Date: Wed, 11 Dec 2024 09:46:56 +0000 Subject: [PATCH] fix(cli): assuming a role from the INI file fails in non-commercial regions (#32456) SDK v3 is ignoring the `region` configuration if it's a non-commercial region, such as `cn-*`. This PR also removes a duplicate test suite. Fixes https://github.com/aws/aws-cdk/issues/32357. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> --- .../lib/api/aws-auth/awscli-compatible.ts | 2 +- .../api/aws-auth/awscli-compatible.test.ts | 44 ------------------- 2 files changed, 1 insertion(+), 45 deletions(-) diff --git a/packages/aws-cdk/lib/api/aws-auth/awscli-compatible.ts b/packages/aws-cdk/lib/api/aws-auth/awscli-compatible.ts index c73b22ec4f2bf..319e75e3bdb79 100644 --- a/packages/aws-cdk/lib/api/aws-auth/awscli-compatible.ts +++ b/packages/aws-cdk/lib/api/aws-auth/awscli-compatible.ts @@ -34,8 +34,8 @@ export class AwsCliCompatible { requestHandler: AwsCliCompatible.requestHandlerBuilder(options.httpOptions), customUserAgent: 'aws-cdk', logger: options.logger, + region: await this.region(options.profile), }; - /** * The previous implementation matched AWS CLI behavior: * diff --git a/packages/aws-cdk/test/api/aws-auth/awscli-compatible.test.ts b/packages/aws-cdk/test/api/aws-auth/awscli-compatible.test.ts index 9d7a2ab460ab1..2b20597f3fae7 100644 --- a/packages/aws-cdk/test/api/aws-auth/awscli-compatible.test.ts +++ b/packages/aws-cdk/test/api/aws-auth/awscli-compatible.test.ts @@ -285,47 +285,3 @@ describe('Session token', () => { expect(process.env.AWS_SESSION_TOKEN).toEqual('aaa'); }); }); - -describe('Session token', () => { - beforeEach(() => { - process.env.AWS_ACCESS_KEY_ID = 'foo'; - process.env.AWS_SECRET_ACCESS_KEY = 'bar'; - }); - - test('does not mess up with session token env variables if they are undefined', async () => { - // Making sure these variables are not defined - delete process.env.AWS_SESSION_TOKEN; - delete process.env.AMAZON_SESSION_TOKEN; - - await AwsCliCompatible.credentialChainBuilder(); - - expect(process.env.AWS_SESSION_TOKEN).toBeUndefined(); - }); - - test('preserves AWS_SESSION_TOKEN if it is defined', async () => { - process.env.AWS_SESSION_TOKEN = 'aaa'; - delete process.env.AMAZON_SESSION_TOKEN; - - await AwsCliCompatible.credentialChainBuilder(); - - expect(process.env.AWS_SESSION_TOKEN).toEqual('aaa'); - }); - - test('assigns AWS_SESSION_TOKEN if it is not defined but AMAZON_SESSION_TOKEN is', async () => { - delete process.env.AWS_SESSION_TOKEN; - process.env.AMAZON_SESSION_TOKEN = 'aaa'; - - await AwsCliCompatible.credentialChainBuilder(); - - expect(process.env.AWS_SESSION_TOKEN).toEqual('aaa'); - }); - - test('preserves AWS_SESSION_TOKEN if both are defined', async () => { - process.env.AWS_SESSION_TOKEN = 'aaa'; - process.env.AMAZON_SESSION_TOKEN = 'bbb'; - - await AwsCliCompatible.credentialChainBuilder(); - - expect(process.env.AWS_SESSION_TOKEN).toEqual('aaa'); - }); -});