Update permissions tests in ProfileController to use mock (#2507)

* fix tests

* changeset

---------

Co-authored-by: Vieltojarvi <[email protected]>

Author: ShadowCat567

.changeset/sweet-sheep-march.md

@@ -0,0 +1,5 @@
+---
+'@aws-amplify/backend-cli': patch
+---
+
+updated tests and constructor for profileController

packages/cli/src/commands/configure/profile_controller.test.ts

@@ -1,11 +1,10 @@
 import path from 'node:path';
-import { after, before, beforeEach, describe, it } from 'node:test';
+import { after, before, beforeEach, describe, it, mock } from 'node:test';
 import fs from 'fs/promises';
 import { ProfileController } from './profile_controller.js';
 import assert from 'node:assert';
 import { loadSharedConfigFiles } from '@smithy/shared-ini-file-loader';
 import { EOL } from 'node:os';
-import { chmodSync } from 'node:fs';
 import { AmplifyUserError } from '@aws-amplify/platform-core';
 
 const testAccessKeyId = 'testAccessKeyId';
@@ -220,64 +219,6 @@ void describe('profile controller', () => {
       );
     });
 
-    void it('throws error if config file already exists and is missing read permissions', async () => {
-      if (process.platform.startsWith('win')) {
-        // Windows does not have the same behavior when files are missing permissions
-        return;
-      }
-
-      const expectedErr = new AmplifyUserError('PermissionsError', {
-        message: `You do not have the permissions to read this file: ${configFilePath}.`,
-        resolution: `Ensure that you have the right permissions to read from ${configFilePath}.`,
-      });
-      chmodSync(configFilePath, 0o000);
-      await assert.rejects(
-        async () =>
-          await profileController.createOrAppendAWSFiles({
-            profile: testProfile2,
-            region: testRegion2,
-            accessKeyId: testAccessKeyId2,
-            secretAccessKey: testSecretAccessKey2,
-          }),
-        (error: AmplifyUserError) => {
-          assert.strictEqual(error.name, expectedErr.name);
-          assert.strictEqual(error.message, expectedErr.message);
-          assert.strictEqual(error.resolution, expectedErr.resolution);
-          return true;
-        }
-      );
-    });
-
-    void it('throws error if config file already exists and is missing write permissions', async () => {
-      if (process.platform.startsWith('win')) {
-        // Windows does not have the same behavior when files are missing permissions
-        return;
-      }
-
-      const expectedErr = new AmplifyUserError('PermissionsError', {
-        message: `You do not have the permissions to write to this file: ${configFilePath}`,
-        resolution: `Ensure that you have the right permissions to write to ${configFilePath}.`,
-      });
-
-      chmodSync(configFilePath, 0o444);
-
-      await assert.rejects(
-        async () =>
-          await profileController.createOrAppendAWSFiles({
-            profile: testProfile2,
-            region: testRegion2,
-            accessKeyId: testAccessKeyId2,
-            secretAccessKey: testSecretAccessKey2,
-          }),
-        (error: AmplifyUserError) => {
-          assert.strictEqual(error.name, expectedErr.name);
-          assert.strictEqual(error.message, expectedErr.message);
-          assert.strictEqual(error.resolution, expectedErr.resolution);
-          return true;
-        }
-      );
-    });
-
     void it('creates directory if does not exist', async () => {
       // delete directory
       await fs.rm(testDir, { recursive: true, force: true });
@@ -354,6 +295,98 @@ void describe('profile controller', () => {
       assert.equal(await profileController.profileExists(testProfile), true);
     });
   });
+
+  void describe('Missing permissions on config file', () => {
+    let testDir: string;
+    let configFilePath: string;
+    let credFilePath: string;
+
+    const fsMock = {
+      readFile: mock.fn<
+        (path: string, encoding: BufferEncoding) => Promise<void | string>
+      >(() => Promise.resolve()),
+      appendFile: mock.fn<() => Promise<void>>(() => Promise.resolve()),
+    };
+
+    const profileController = new ProfileController(
+      fsMock as unknown as typeof fs
+    );
+
+    before(async () => {
+      testDir = await fs.mkdtemp('amplify_cmd_test');
+      configFilePath = path.join(process.cwd(), testDir, 'config');
+      credFilePath = path.join(process.cwd(), testDir, 'credentials');
+
+      process.env.AWS_CONFIG_FILE = configFilePath;
+      process.env.AWS_SHARED_CREDENTIALS_FILE = credFilePath;
+
+      fsMock.readFile.mock.resetCalls();
+      fsMock.appendFile.mock.resetCalls();
+    });
+
+    after(async () => {
+      await fs.rm(testDir, { recursive: true, force: true });
+      delete process.env.AWS_CONFIG_FILE;
+      delete process.env.AWS_SHARED_CREDENTIALS_FILE;
+    });
+
+    void it('throws error if config file already exists and is missing read permissions', async () => {
+      const expectedErr = new AmplifyUserError('PermissionsError', {
+        message: `You do not have the permissions to read this file: ${configFilePath}.`,
+        resolution: `Ensure that you have the right permissions to read from ${configFilePath}.`,
+      });
+
+      fsMock.readFile.mock.mockImplementationOnce(() =>
+        Promise.reject(new Error('EACCES: Permission denied'))
+      );
+
+      await assert.rejects(
+        async () =>
+          profileController.createOrAppendAWSFiles({
+            profile: testProfile2,
+            region: testRegion2,
+            accessKeyId: testAccessKeyId2,
+            secretAccessKey: testSecretAccessKey2,
+          }),
+        (error: AmplifyUserError) => {
+          assert.strictEqual(error.name, expectedErr.name);
+          assert.strictEqual(error.message, expectedErr.message);
+          assert.strictEqual(error.resolution, expectedErr.resolution);
+          return true;
+        }
+      );
+    });
+
+    void it('throws error if config file already exists and is missing write permissions', async () => {
+      const expectedErr = new AmplifyUserError('PermissionsError', {
+        message: `You do not have the permissions to write to this file: ${configFilePath}`,
+        resolution: `Ensure that you have the right permissions to write to ${configFilePath}.`,
+      });
+
+      fsMock.readFile.mock.mockImplementationOnce(
+        (path: string, encoding: BufferEncoding) => fs.readFile(path, encoding)
+      );
+      fsMock.appendFile.mock.mockImplementationOnce(() =>
+        Promise.reject(new Error('EACCES: Permission denied'))
+      );
+
+      await assert.rejects(
+        async () =>
+          profileController.createOrAppendAWSFiles({
+            profile: testProfile2,
+            region: testRegion2,
+            accessKeyId: testAccessKeyId2,
+            secretAccessKey: testSecretAccessKey2,
+          }),
+        (error: AmplifyUserError) => {
+          assert.strictEqual(error.name, expectedErr.name);
+          assert.strictEqual(error.message, expectedErr.message);
+          assert.strictEqual(error.resolution, expectedErr.resolution);
+          return true;
+        }
+      );
+    });
+  });
 });
 
 const assertFilePermissionsAreOwnerReadWriteOnly = async (filePath: string) => {

packages/cli/src/commands/configure/profile_controller.ts

@@ -5,7 +5,7 @@ import {
 } from '@smithy/shared-ini-file-loader';
 import { fromIni } from '@aws-sdk/credential-providers';
 import { EOL } from 'os';
-import fs from 'fs/promises';
+import _fs from 'fs/promises';
 import path from 'path';
 import { existsSync } from 'fs';
 import { AmplifyUserError } from '@aws-amplify/platform-core';
@@ -36,6 +36,10 @@ export type ProfileOptions = ConfigProfileOptions & CredentialProfileOptions;
  * Manages AWS profiles.
  */
 export class ProfileController {
+  /**
+   * constructor
+   */
+  constructor(private readonly fs = _fs) {}
   /**
    * Return true if the provided profile exists in the aws config and/or credential file.
    */
@@ -66,7 +70,7 @@ export class ProfileController {
 
     const dirName = path.dirname(filePath);
     if (!existsSync(dirName)) {
-      await fs.mkdir(dirName, { recursive: true });
+      await this.fs.mkdir(dirName, { recursive: true });
     }
 
     const fileEndsWithEOL = await this.isFileEndsWithEOL(filePath);
@@ -79,7 +83,7 @@ export class ProfileController {
     configData += `region = ${options.region}${EOL}`;
 
     try {
-      await fs.appendFile(filePath, configData, { mode: '600' });
+      await this.fs.appendFile(filePath, configData, { mode: '600' });
     } catch (err) {
       const error = err as Error;
       if (error.message.includes('EACCES')) {
@@ -115,7 +119,7 @@ export class ProfileController {
 
     const dirName = path.dirname(filePath);
     if (!existsSync(dirName)) {
-      await fs.mkdir(dirName, { recursive: true });
+      await this.fs.mkdir(dirName, { recursive: true });
     }
 
     const fileEndsWithEOL = await this.isFileEndsWithEOL(filePath);
@@ -125,7 +129,7 @@ export class ProfileController {
     credentialData += `aws_access_key_id = ${options.accessKeyId}${EOL}`;
     credentialData += `aws_secret_access_key = ${options.secretAccessKey}${EOL}`;
 
-    await fs.appendFile(filePath, credentialData, { mode: '600' });
+    await this.fs.appendFile(filePath, credentialData, { mode: '600' });
 
     // validate after write. It is to ensure this function is compatible with the current AWS format.
     const provider = fromIni({
@@ -144,7 +148,7 @@ export class ProfileController {
 
   private isFileEndsWithEOL = async (filePath: string): Promise<boolean> => {
     try {
-      const data = await fs.readFile(filePath, 'utf-8');
+      const data = await this.fs.readFile(filePath, 'utf-8');
       return data.length > 0 && data.slice(-EOL.length) === EOL;
     } catch (err) {
       const error = err as Error;