Merge branch 'master' into ecs-can-access-container-instance-role

aws · May 27, 2022 · 8787f2a · 8787f2a
2 parents 3635050 + b7bc10c
commit 8787f2a
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 3 deletions.
diff --git a/packages/@aws-cdk/aws-lambda-nodejs/lib/function.ts b/packages/@aws-cdk/aws-lambda-nodejs/lib/function.ts
@@ -147,7 +147,7 @@ function findLockFile(depsLockFilePath?: string): string {
     throw new Error('Cannot find a package lock file (`pnpm-lock.yaml`, `yarn.lock` or `package-lock.json`). Please specify it with `depsLockFilePath`.');
   }
   if (lockFiles.length > 1) {
-    throw new Error(`Multiple package lock files found: ${lockFiles.join(', ')}. Please specify the desired one with \`depsFileLockPath\`.`);
+    throw new Error(`Multiple package lock files found: ${lockFiles.join(', ')}. Please specify the desired one with \`depsLockFilePath\`.`);
   }
 
   return lockFiles[0];

diff --git a/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts b/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts
@@ -459,7 +459,11 @@ function readIfPossible(filename: string): string | undefined {
  * @see https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html#API_AssumeRole_RequestParameters
  */
 function safeUsername() {
-  return os.userInfo().username.replace(/[^\w+=,.@-]/g, '@');
+  try {
+    return os.userInfo().username.replace(/[^\w+=,.@-]/g, '@');
+  } catch (e) {
+    return 'noname';
+  }
 }
 
 /**

diff --git a/packages/aws-cdk/test/api/sdk-provider.test.ts b/packages/aws-cdk/test/api/sdk-provider.test.ts
@@ -341,6 +341,34 @@ describe('with intercepted network calls', () => {
       });
     });
 
+    test('assuming a role does not fail when OS username cannot be read', async () => {
+      // GIVEN
+      prepareCreds({
+        fakeSts,
+        config: {
+          default: { aws_access_key_id: 'foo', $account: '11111' },
+        },
+      });
+
+      await withMocked(os, 'userInfo', async (userInfo) => {
+        userInfo.mockImplementation(() => {
+          // SystemError thrown as documented: https://nodejs.org/docs/latest-v16.x/api/os.html#osuserinfooptions
+          throw new Error('SystemError on Linux: uv_os_get_passwd returned ENOENT. See #19401 issue.');
+        });
+
+        // WHEN
+        const provider = await providerFromProfile(undefined);
+
+        const sdk = (await provider.forEnvironment(env(uniq('88888')), Mode.ForReading, { assumeRoleArn: 'arn:aws:role' })).sdk as SDK;
+        await sdk.currentAccount();
+
+        // THEN
+        expect(fakeSts.assumedRoles[0]).toEqual(expect.objectContaining({
+          roleSessionName: 'aws-cdk-noname',
+        }));
+      });
+    });
+
     test('even if current credentials are for the wrong account, we will still use them to AssumeRole', async () => {
       // GIVEN
       prepareCreds({

diff --git a/packages/cdk-assets/lib/aws.ts b/packages/cdk-assets/lib/aws.ts
@@ -150,6 +150,10 @@ export class DefaultAwsClient implements IAws {
  * @see https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html#API_AssumeRole_RequestParameters
  */
 function safeUsername() {
-  return os.userInfo().username.replace(/[^\w+=,.@-]/g, '@');
+  try {
+    return os.userInfo().username.replace(/[^\w+=,.@-]/g, '@');
+  } catch (e) {
+    return 'noname';
+  }
 }