fix: Default username in RoleSessionName

In case user does not have entry in `/etc/passwd` the `os.userInfo()` call will throw `SystemError` exception as documented: https://nodejs.org/docs/latest-v16.x/api/os.html#osuserinfooptions Fixes aws#19401 issue. It can be tested inside Docker for ad-hoc 1234 user ID: ```sh docker run -u 1234 -e CDK_HOME=/tmp npm run cdk diff ``` The `CDK_HOME=/tmp` is a workaround for aws#7937 issue, where CDK complains that it can't write cached info in user homedir, because it does not exists. Once aws#7937 will be fixed then aws#19401 will most likely hit users. However above workaround is a viable option. Hence those two issues are related, but not duplicated.
adambro · May 3, 2022 · 9802649 · 9802649
1 parent 4cb2fe8
commit 9802649
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 2 deletions.
diff --git a/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts b/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts
@@ -459,7 +459,11 @@ function readIfPossible(filename: string): string | undefined {
  * @see https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html#API_AssumeRole_RequestParameters
  */
 function safeUsername() {
-  return os.userInfo().username.replace(/[^\w+=,.@-]/g, '@');
+  try {
+    return os.userInfo().username.replace(/[^\w+=,.@-]/g, '@');
+  } catch (e) {
+    return 'noname';
+  }
 }
 
 /**

diff --git a/packages/cdk-assets/lib/aws.ts b/packages/cdk-assets/lib/aws.ts
@@ -150,6 +150,10 @@ export class DefaultAwsClient implements IAws {
  * @see https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html#API_AssumeRole_RequestParameters
  */
 function safeUsername() {
-  return os.userInfo().username.replace(/[^\w+=,.@-]/g, '@');
+  try {
+    return os.userInfo().username.replace(/[^\w+=,.@-]/g, '@');
+  } catch (e) {
+    return 'noname';
+  }
 }