fix(amplify-provider-awscloudformation): support multiprofile delete (#1353)

Amplify CLI used to configure credential at the AWS SDK root level. With multi environment support,
while deleting envs the delete request run in parallel. Since there could only be on profile set at
the SDK level, this caused deletion to fail when env used different profiles. Moved the credetianls
per service instance to support deletion of multi env

fix #978

Author: yuth

packages/amplify-provider-awscloudformation/lib/configuration-manager.js

@@ -424,6 +424,11 @@ function persistLocalEnvConfig(context) {
 }
 
 function getCurrentConfig(context) {
+  const { envName } = context.amplify.getEnvInfo();
+  return getConfigForEnv(context, envName);
+}
+
+function getConfigForEnv(context, envName) {
   const projectConfigInfo = {
     configLevel: 'general',
     config: {},
@@ -433,7 +438,6 @@ function getCurrentConfig(context) {
 
   if (fs.existsSync(configInfoFilePath)) {
     try {
-      const { envName } = context.amplify.getEnvInfo();
       const configInfo = context.amplify.readJsonFile(configInfoFilePath, 'utf8')[envName];
 
       if (configInfo && configInfo.configLevel !== 'general') {
@@ -458,7 +462,6 @@ function getCurrentConfig(context) {
   }
   return projectConfigInfo;
 }
-
 function updateProjectConfig(context) {
   removeProjectConfig(context);
   persistLocalEnvConfig(context);
@@ -485,19 +488,33 @@ function removeProjectConfig(context) {
   }
 }
 
-async function loadConfiguration(context, awsClient) {
-  const projectConfigInfo = getCurrentConfig(context);
+async function loadConfiguration(context) {
+  const { envName } = context.amplify.getEnvInfo();
+  const config = await loadConfigurationForEnv(context, envName);
+  return config;
+}
+function loadConfigFromPath(context, profilePath) {
+  if (fs.existsSync(profilePath)) {
+    const config = context.amplify.readJsonFile(profilePath);
+    if (config.accessKeyId && config.secretAccessKey && config.region) {
+      return config;
+    }
+  }
+  throw Error(`Invalid config ${profilePath}`);
+}
+
+async function loadConfigurationForEnv(context, env) {
+  const projectConfigInfo = getConfigForEnv(context, env);
   if (projectConfigInfo.configLevel === 'project') {
     const { config } = projectConfigInfo;
+    let awsConfig;
     if (config.useProfile) {
-      const awsConfig = await systemConfigManager.getProfiledAwsConfig(context, config.profileName);
-      awsClient.config.update(awsConfig);
+      awsConfig = await systemConfigManager.getProfiledAwsConfig(context, config.profileName);
     } else {
-      awsClient.config.loadFromPath(config.awsConfigFilePath);
+      awsConfig = loadConfigFromPath(context, config.awsConfigFilePath);
     }
+    return awsConfig;
   }
-
-  return awsClient;
 }
 
 async function resetCache(context) {
@@ -617,4 +634,5 @@ module.exports = {
   loadConfiguration,
   resetCache,
   resolveRegion,
+  loadConfigurationForEnv,
 };

packages/amplify-provider-awscloudformation/lib/delete-env.js

@@ -1,9 +1,10 @@
 const Cloudformation = require('../src/aws-utils/aws-cfn');
-
+const { loadConfigurationForEnv } = require('./configuration-manager');
 
 async function run(context, envName) {
-  return new Cloudformation(context)
-    .then(cfnItem => cfnItem.deleteResourceStack(envName));
+  const credentials = await loadConfigurationForEnv(context, envName);
+  const cfn = await new Cloudformation(context, null, credentials);
+  await cfn.deleteResourceStack(envName);
 }
 
 module.exports = {

packages/amplify-provider-awscloudformation/lib/initializer.js

@@ -12,7 +12,6 @@ const systemConfigManager = require('./system-config-manager');
 async function run(context) {
   await configurationManager.init(context);
   if (!context.exeInfo || (context.exeInfo.isNewEnv)) {
-    const awscfn = await getConfiguredAwsCfnClient(context);
     const initTemplateFilePath = path.join(__dirname, 'rootStackTemplate.json');
     const timeStamp = `${moment().format('YYYYMMDDHHmmss')}`;
     const { envName = '' } = context.exeInfo.localEnvInfo;
@@ -42,7 +41,8 @@ async function run(context) {
 
     const spinner = ora();
     spinner.start('Initializing project in the cloud...');
-    return new Cloudformation(context, awscfn, 'init')
+    const awsConfig = await getConfiguredAwsCfnClient(context);
+    return new Cloudformation(context, 'init', awsConfig)
       .then(cfnItem => cfnItem.createResourceStack(params))
       .then((waitData) => {
         processStackCreationData(context, waitData);
@@ -58,21 +58,18 @@ async function run(context) {
 
 async function getConfiguredAwsCfnClient(context) {
   const { awsConfigInfo } = context.exeInfo;
-  process.env.AWS_SDK_LOAD_CONFIG = true;
-  const aws = require('aws-sdk');
-  let awsconfig;
+  let awsConfig;
   if (awsConfigInfo.config.useProfile) {
-    awsconfig =
+    awsConfig =
       await systemConfigManager.getProfiledAwsConfig(context, awsConfigInfo.config.profileName);
   } else {
-    awsconfig = {
+    awsConfig = {
       accessKeyId: awsConfigInfo.config.accessKeyId,
       secretAccessKey: awsConfigInfo.config.secretAccessKey,
       region: awsConfigInfo.config.region,
     };
   }
-  aws.config.update(awsconfig);
-  return aws;
+  return awsConfig;
 }
 
 function processStackCreationData(context, stackDescriptiondata) {

packages/amplify-provider-awscloudformation/lib/system-config-manager.js

@@ -47,7 +47,7 @@ function setProfile(awsConfig, profileName) {
     }
   });
   if (!isConfigSet) {
-    const keyName = (profileName === 'default') ? 'default' : `profile ${profileName}`;
+    const keyName = profileName === 'default' ? 'default' : `profile ${profileName}`;
     config[keyName] = {
       region: awsConfig.region,
     };
@@ -62,8 +62,7 @@ async function getProfiledAwsConfig(context, profileName, isRoleSourceProfile) {
   const profileConfig = getProfileConfig(profileName);
   if (profileConfig) {
     if (!isRoleSourceProfile && profileConfig.role_arn) {
-      const roleCredentials =
-        await getRoleCredentials(context, profileName, profileConfig);
+      const roleCredentials = await getRoleCredentials(context, profileName, profileConfig);
       delete profileConfig.role_arn;
       delete profileConfig.source_profile;
       awsConfig = {
@@ -89,11 +88,9 @@ async function getRoleCredentials(context, profileName, profileConfig) {
   let roleCredentials = getCachedRoleCredentials(context, profileConfig.role_arn, roleSessionName);
 
   if (!roleCredentials) {
-    if (profileConfig.source_profile) {
-      const sourceProfileAwsConfig =
-        await getProfiledAwsConfig(context, profileConfig.source_profile, true);
-      aws.config.update(sourceProfileAwsConfig);
-    }
+    const sourceProfileAwsConfig = profileConfig.source_profile
+      ? await getProfiledAwsConfig(context, profileConfig.source_profile, true)
+      : {};
     let mfaTokenCode;
     if (profileConfig.mfa_serial) {
       context.print.info(`Profile ${profileName} is configured to assume role`);
@@ -103,15 +100,17 @@ async function getRoleCredentials(context, profileName, profileConfig) {
       mfaTokenCode = await getMfaTokenCode();
     }
 
-    const sts = new aws.STS();
-    const roleData = await sts.assumeRole({
-      RoleArn: profileConfig.role_arn,
-      RoleSessionName: roleSessionName,
-      DurationSeconds: profileConfig.duration_seconds,
-      ExternalId: profileConfig.external_id,
-      SerialNumber: profileConfig.mfa_serial,
-      TokenCode: mfaTokenCode,
-    }).promise();
+    const sts = new aws.STS(sourceProfileAwsConfig);
+    const roleData = await sts
+      .assumeRole({
+        RoleArn: profileConfig.role_arn,
+        RoleSessionName: roleSessionName,
+        DurationSeconds: profileConfig.duration_seconds,
+        ExternalId: profileConfig.external_id,
+        SerialNumber: profileConfig.mfa_serial,
+        TokenCode: mfaTokenCode,
+      })
+      .promise();
 
     roleCredentials = {
       accessKeyId: roleData.Credentials.AccessKeyId,
@@ -132,7 +131,7 @@ async function getMfaTokenCode() {
     name: 'tokenCode',
     message: 'Enter the MFA token code:',
     validate: (value) => {
-      let isValid = (value.length === 6);
+      let isValid = value.length === 6;
       if (!isValid) {
         return 'Must have length equal to 6';
       }
@@ -176,7 +175,8 @@ function validateCachedCredentials(roleCredentials) {
   let isValid = false;
 
   if (roleCredentials) {
-    isValid = !isCredentialsExpired(roleCredentials) &&
+    isValid =
+      !isCredentialsExpired(roleCredentials) &&
       roleCredentials.accessKeyId &&
       roleCredentials.secretAccessKey &&
       roleCredentials.sessionToken;
@@ -192,7 +192,7 @@ function isCredentialsExpired(roleCredentials) {
     const TOTAL_MILLISECONDS_IN_ONE_MINUTE = 1000 * 60;
     const now = new Date();
     const expirationDate = new Date(roleCredentials.expiration);
-    isExpired = (expirationDate - now) < TOTAL_MILLISECONDS_IN_ONE_MINUTE;
+    isExpired = expirationDate - now < TOTAL_MILLISECONDS_IN_ONE_MINUTE;
   }
 
   return isExpired;
@@ -222,8 +222,10 @@ async function resetCache(context, profileName) {
 }
 
 function getCacheFilePath(context) {
-  const sharedConfigDirPath =
-    path.join(context.amplify.pathManager.getHomeDotAmplifyDirPath(), constants.Label);
+  const sharedConfigDirPath = path.join(
+    context.amplify.pathManager.getHomeDotAmplifyDirPath(),
+    constants.Label,
+  );
   fs.ensureDirSync(sharedConfigDirPath);
   return path.join(sharedConfigDirPath, constants.CacheFileName);
 }

packages/amplify-provider-awscloudformation/src/aws-utils/aws-apigw.js

@@ -1,12 +1,19 @@
 const aws = require('./aws.js');
+const configurationManager = require('../../lib/configuration-manager');
 
 class APIGateway {
-  constructor(context) {
-    return aws.configureWithCreds(context).then((awsItem) => {
+  constructor(context, options = {}) {
+    return (async () => {
+      let cred = {};
+      try {
+        cred = await configurationManager.loadConfiguration(context);
+      } catch (e) {
+        // nothing
+      }
       this.context = context;
-      this.apigw = new awsItem.APIGateway();
+      this.apigw = new aws.APIGateway({ ...cred, ...options });
       return this;
-    });
+    })();
   }
 }
 

packages/amplify-provider-awscloudformation/src/aws-utils/aws-appsync.js

@@ -1,12 +1,20 @@
 const aws = require('./aws.js');
+const configurationManager = require('../../lib/configuration-manager');
 
 class AppSync {
   constructor(context, options = {}) {
-    return aws.configureWithCreds(context).then((awsItem) => {
+    return (async () => {
+      let cred = {};
+      try {
+        cred = await configurationManager.loadConfiguration(context);
+      } catch (e) {
+        // could not load the creds
+      }
+
       this.context = context;
-      this.appSync = new awsItem.AppSync(options);
+      this.appSync = new aws.AppSync({ ...cred, ...options });
       return this;
-    });
+    })();
   }
 }
 

packages/amplify-provider-awscloudformation/src/aws-utils/aws-cfn.js

@@ -9,6 +9,7 @@ const aws = require('./aws.js');
 const S3 = require('./aws-s3');
 const providerName = require('../../lib/constants').ProviderName;
 const { formUserAgentParam } = require('./user-agent');
+const configurationManager = require('../../lib/configuration-manager');
 
 const CFN_MAX_CONCURRENT_REQUEST = 5;
 const CFN_POLL_TIME = 5 * 1000; // 5 secs wait to check if  new stacks are created by root stack
@@ -22,28 +23,31 @@ const CFN_SUCCESS_STATUS = [
 
 const CNF_ERROR_STATUS = ['CREATE_FAILED', 'DELETE_FAILED', 'UPDATE_FAILED'];
 class CloudFormation {
-  constructor(context, awsClientWithCreds, userAgentAction) {
-    const initializeAwsClient = awsClientWithCreds
-      ? Promise.resolve(awsClientWithCreds)
-      : aws.configureWithCreds(context);
-
-    let userAgentParam;
-    if (userAgentAction) {
-      userAgentParam = formUserAgentParam(context, userAgentAction);
-    }
-
-    this.pollQueue = new BottleNeck({ minTime: 100, maxConcurrent: CFN_MAX_CONCURRENT_REQUEST });
-    this.pollQueueStacks = [];
-    this.stackEvents = [];
+  constructor(context, userAgentAction, options = {}) {
+    return (async () => {
+      let userAgentParam;
+      if (userAgentAction) {
+        userAgentParam = formUserAgentParam(context, userAgentAction);
+      }
 
-    return initializeAwsClient.then((awsItem) => {
+      this.pollQueue = new BottleNeck({ minTime: 100, maxConcurrent: CFN_MAX_CONCURRENT_REQUEST });
+      this.pollQueueStacks = [];
+      this.stackEvents = [];
+      let cred;
+      try {
+        cred = await configurationManager.loadConfiguration(context);
+      } catch (e) {
+        // no credential. New project
+      }
+      const userAgentOption = {};
       if (userAgentAction) {
-        awsItem.config.update({ customUserAgent: userAgentParam });
+        userAgentOption.customUserAgent = userAgentParam;
       }
-      this.cfn = new awsItem.CloudFormation();
+
+      this.cfn = new aws.CloudFormation({ ...cred, ...options, ...userAgentOption });
       this.context = context;
       return this;
-    });
+    })();
   }
 
   createResourceStack(cfnParentStackParams) {
@@ -112,7 +116,8 @@ class CloudFormation {
       .filter(stack => stack.ResourceType !== 'AWS::CloudFormation::Stack')
       .map((event) => {
         const err = [];
-        const resourceName = event.PhysicalResourceId.replace(envRegExp, '') || event.LogicalResourceId;
+        const resourceName =
+          event.PhysicalResourceId.replace(envRegExp, '') || event.LogicalResourceId;
         const cfnURL = getCFNConsoleLink(event, this.cfn);
         err.push(`${chalk.bold('Resource Name:')} ${resourceName} (${event.ResourceType})`);
         err.push(`${chalk.bold('Event Type:')} ${getStatusToErrorMsg(event.ResourceStatus)}`);
@@ -129,7 +134,6 @@ class CloudFormation {
     this.pollForEvents = setInterval(() => this.addToPollQueue(stackName, 3), CFN_POLL_TIME);
   }
 
-
   pollStack(stackName) {
     return this.getStackEvents(stackName)
       .then((stackEvents) => {
@@ -465,7 +469,8 @@ function getStatusToErrorMsg(status) {
 }
 
 function getCFNConsoleLink(event, cfn) {
-  if (event.ResourceStatus === 'CREATE_FAILED') { // Stacks get deleted and don't have perm link
+  if (event.ResourceStatus === 'CREATE_FAILED') {
+    // Stacks get deleted and don't have perm link
     return null;
   }
   const arn = event.StackId;

packages/amplify-provider-awscloudformation/src/aws-utils/aws-cognito.js

@@ -1,13 +1,19 @@
 const aws = require('./aws.js');
+const configurationManager = require('../../lib/configuration-manager');
 
 class Cognito {
-  constructor(context) {
-    return aws.configureWithCreds(context)
-      .then((awsItem) => {
-        this.context = context;
-        this.cognito = new awsItem.CognitoIdentityServiceProvider();
-        return this;
-      });
+  constructor(context, options = {}) {
+    return (async () => {
+      let cred = {};
+      try {
+        cred = await configurationManager.loadConfiguration(context);
+      } catch (e) {
+        // could not load cred
+      }
+      this.context = context;
+      this.cognito = new aws.CognitoIdentityServiceProvider({ ...cred, ...options });
+      return this;
+    })();
   }
 }