New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix assuming a role with an AWS profile #5739

Merged
merged 5 commits into from Jan 28, 2019
Merged
Changes from all commits
Commits
File filter...
Filter file types
Jump to…
Jump to file or symbol
Failed to load files and symbols.
+88 −19
Diff settings

Always

Just for now

@@ -212,7 +212,7 @@ class AwsProvider {
*/ */
request(service, method, params, options) { request(service, method, params, options) {
const that = this; const that = this;
const credentials = _.cloneDeep(that.getCredentials()); const credentials = Object.assign({}, that.getCredentials());
// Make sure options is an object (honors wrong calls of request) // Make sure options is an object (honors wrong calls of request)
const requestOptions = _.isObject(options) ? options : {}; const requestOptions = _.isObject(options) ? options : {};
const shouldCache = _.get(requestOptions, 'useCache', false); const shouldCache = _.get(requestOptions, 'useCache', false);
@@ -362,6 +362,7 @@ describe('AwsProvider', () => {
expect(awsProvider.getCredentials().region).to.eql(options.region); expect(awsProvider.getCredentials().region).to.eql(options.region);
}); });
}); });

it('should retry if error code is 429', (done) => { it('should retry if error code is 429', (done) => {
const error = { const error = {
statusCode: 429, statusCode: 429,
@@ -767,6 +768,73 @@ describe('AwsProvider', () => {
requestSpy.restore(); requestSpy.restore();
}); });
}); });

describe('STS tokens', () => {
let newAwsProvider;
let originalProviderProfile;
let originalEnvironmentVariables;
const relevantEnvironment = {
AWS_SHARED_CREDENTIALS_FILE: testUtils.getTmpFilePath('credentials'),
};

beforeEach(() => {
originalProviderProfile = serverless.service.provider.profile;
originalEnvironmentVariables = testUtils.replaceEnv(relevantEnvironment);
serverless.utils.writeFileSync(
relevantEnvironment.AWS_SHARED_CREDENTIALS_FILE,
'[default]\n' +
'aws_access_key_id = 1111\n' +
'aws_secret_access_key = 22222\n' +
'\n' +
'[async]\n' +
'role_arn = arn:123\n' +
'source_profile = default'
);
newAwsProvider = new AwsProvider(serverless, options);
});

afterEach(() => {
testUtils.replaceEnv(originalEnvironmentVariables);
serverless.service.provider.profile = originalProviderProfile;
});

it('should retain reference to STS tokens when updated via SDK', () => {
const expectedToken = '123';

serverless.service.provider.profile = 'async';
const startToken = newAwsProvider.getCredentials().credentials.sessionToken;
expect(startToken).to.not.equal(expectedToken);

class FakeCloudFormation {
constructor(credentials) {
// Not sure where the the SDK resolves the STS, so for the test it's here
this.credentials = credentials;
this.credentials.credentials.sessionToken = expectedToken;
}

describeStacks() {
return {
send: (cb) => cb(null, {}),
};
}
}

newAwsProvider.sdk = {
CloudFormation: FakeCloudFormation,
};

return newAwsProvider
.request('CloudFormation',
'describeStacks',
{ StackName: 'foo' },
{ region: 'ap-northeast-1' })
.then(() => {
// STS token is resolved after SDK call
const actualToken = newAwsProvider.getCredentials().credentials.sessionToken;
expect(expectedToken).to.eql(actualToken);
});
});
});
}); });
}); });


@@ -776,22 +844,6 @@ describe('AwsProvider', () => {
'aws-sdk': awsStub, 'aws-sdk': awsStub,
}); });


function replaceEnv(values) {
const originals = {};
for (const key of Object.keys(values)) {
if (process.env[key]) {
originals[key] = process.env[key];
} else {
originals[key] = 'undefined';
}
if (values[key] === 'undefined') {
delete process.env[key];
} else {
process.env[key] = values[key];
}
}
return originals;
}


// add environment variables here if you want them cleared prior to your test and restored // add environment variables here if you want them cleared prior to your test and restored
// after it has completed. Any environment variable that might alter credentials loading // after it has completed. Any environment variable that might alter credentials loading
@@ -828,7 +880,7 @@ describe('AwsProvider', () => {
beforeEach(() => { beforeEach(() => {
originalProviderCredentials = serverless.service.provider.credentials; originalProviderCredentials = serverless.service.provider.credentials;
originalProviderProfile = serverless.service.provider.profile; originalProviderProfile = serverless.service.provider.profile;
originalEnvironmentVariables = replaceEnv(relevantEnvironment); originalEnvironmentVariables = testUtils.replaceEnv(relevantEnvironment);
// make temporary credentials file // make temporary credentials file
serverless.utils.writeFileSync( serverless.utils.writeFileSync(
relevantEnvironment.AWS_SHARED_CREDENTIALS_FILE, relevantEnvironment.AWS_SHARED_CREDENTIALS_FILE,
@@ -849,7 +901,7 @@ describe('AwsProvider', () => {
}); });


afterEach(() => { afterEach(() => {
replaceEnv(originalEnvironmentVariables); testUtils.replaceEnv(originalEnvironmentVariables);
serverless.service.provider.profile = originalProviderProfile; serverless.service.provider.profile = originalProviderProfile;
serverless.service.provider.credentials = originalProviderCredentials; serverless.service.provider.credentials = originalProviderCredentials;
}); });
Copy path View file
@@ -219,4 +219,21 @@ module.exports = {
removeService() { removeService() {
execSync(`${serverlessExec} remove`, { stdio: 'inherit' }); execSync(`${serverlessExec} remove`, { stdio: 'inherit' });
}, },

replaceEnv(values) {
const originals = {};
for (const key of Object.keys(values)) {
if (process.env[key]) {
originals[key] = process.env[key];
} else {
originals[key] = 'undefined';
}
if (values[key] === 'undefined') {
delete process.env[key];
} else {
process.env[key] = values[key];
}
}
return originals;
},
}; };
ProTip! Use n and p to navigate between commits in a pull request.