Skip to content

Commit

Permalink
fix(AWS Credentials): Recognize AWS_DEFAULT_PROFILE env variable (#8354)
Browse files Browse the repository at this point in the history
  • Loading branch information
marekpiotrowski authored Oct 7, 2020
1 parent c93a799 commit 261c16f
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 2 deletions.
5 changes: 3 additions & 2 deletions lib/plugins/aws/provider/awsProvider.js
Original file line number Diff line number Diff line change
Expand Up @@ -1086,10 +1086,11 @@ class AwsProvider {
const stageUpper = this.getStage() ? this.getStage().toUpperCase() : null;

// add specified credentials, overriding with more specific declarations
const awsDefaultProfile = process.env.AWS_DEFAULT_PROFILE || 'default';
try {
impl.addProfileCredentials(result, 'default');
impl.addProfileCredentials(result, awsDefaultProfile);
} catch (err) {
if (err.message !== 'Profile default does not exist') {
if (err.message !== `Profile ${awsDefaultProfile} does not exist`) {
throw err;
}
}
Expand Down
29 changes: 29 additions & 0 deletions lib/plugins/aws/provider/awsProvider.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -1139,6 +1139,35 @@ describe('AwsProvider', () => {
const credentials = newAwsProvider.getCredentials();
expect(credentials.signatureVersion).to.equal('v4');
});

it('should get credentials from process.env.AWS_DEFAULT_PROFILE, not "default"', () => {
process.env.AWS_DEFAULT_PROFILE = 'notDefaultTemporary';
newAwsProvider.options['aws-profile'] = undefined;

serverless.utils.appendFileSync(
relevantEnvironment.AWS_SHARED_CREDENTIALS_FILE,
'[default]\n' +
`aws_access_key_id = ${fakeCredentials.accessKeyId}\n` +
`aws_secret_access_key = ${fakeCredentials.secretAccessKey}\n`
);

const credentials = newAwsProvider.getCredentials();
expect(credentials.credentials.profile).to.equal('notDefaultTemporary');
});

it('should get "default" credentials in lieu of anything else', () => {
newAwsProvider.options['aws-profile'] = undefined;

serverless.utils.appendFileSync(
relevantEnvironment.AWS_SHARED_CREDENTIALS_FILE,
'[default]\n' +
`aws_access_key_id = ${fakeCredentials.accessKeyId}\n` +
`aws_secret_access_key = ${fakeCredentials.secretAccessKey}\n`
);

const credentials = newAwsProvider.getCredentials();
expect(credentials.credentials.profile).to.equal('default');
});
});

describe('values', () => {
Expand Down

0 comments on commit 261c16f

Please sign in to comment.