PR feedback

Author: mrgrain

packages/aws-cdk/lib/api/aws-auth/awscli-compatible.ts

@@ -69,7 +69,7 @@ export class AwsCliCompatible {
       return makeCachingProvider(fromIni({
         profile: options.profile,
         ignoreCache: true,
-        mfaCodeProvider: makeTokenCodeFn(this.ioHelper),
+        mfaCodeProvider: this.tokenCodeFn.bind(this),
         clientConfig,
         parentClientConfig,
         logger: options.logger,
@@ -106,7 +106,7 @@ export class AwsCliCompatible {
       clientConfig,
       parentClientConfig,
       logger: options.logger,
-      mfaCodeProvider: makeTokenCodeFn(this.ioHelper),
+      mfaCodeProvider: this.tokenCodeFn.bind(this),
       ignoreCache: true,
     });
 
@@ -214,6 +214,29 @@ export class AwsCliCompatible {
   private getRegionFromIniFile(profile: string, data?: any) {
     return data?.[profile]?.region;
   }
+
+  /**
+   * Ask user for MFA token for given serial
+   *
+   * Result is send to callback function for SDK to authorize the request
+   */
+  private async tokenCodeFn(serialArn: string): Promise<string> {
+    const debugFn = (msg: string, ...args: any[]) => this.ioHelper.notify(IO.DEFAULT_SDK_DEBUG.msg(format(msg, ...args)));
+    await debugFn('Require MFA token for serial ARN', serialArn);
+    try {
+      const token: string = await promptly.prompt(`MFA token for ${serialArn}: `, {
+        trim: true,
+        default: '',
+      });
+      await debugFn('Successfully got MFA token from user');
+      return token;
+    } catch (err: any) {
+      await debugFn('Failed to get MFA token', err);
+      const e = new AuthenticationError(`Error fetching MFA token: ${err.message ?? err}`);
+      e.name = 'SharedIniFileCredentialsProviderFailure';
+      throw e;
+    }
+  }
 }
 
 /**
@@ -245,28 +268,3 @@ export interface CredentialChainOptions {
   readonly httpOptions?: SdkHttpOptions;
   readonly logger?: Logger;
 }
-
-/**
- * Ask user for MFA token for given serial
- *
- * Result is send to callback function for SDK to authorize the request
- */
-function makeTokenCodeFn(ioHelper: IoHelper) {
-  const debugFn = (msg: string, ...args: any[]) => ioHelper.notify(IO.DEFAULT_SDK_DEBUG.msg(format(msg, ...args)));
-  return async (serialArn: string): Promise<string> => {
-    await debugFn('Require MFA token for serial ARN', serialArn);
-    try {
-      const token: string = await promptly.prompt(`MFA token for ${serialArn}: `, {
-        trim: true,
-        default: '',
-      });
-      await debugFn('Successfully got MFA token from user');
-      return token;
-    } catch (err: any) {
-      await debugFn('Failed to get MFA token', err);
-      const e = new AuthenticationError(`Error fetching MFA token: ${err.message ?? err}`);
-      e.name = 'SharedIniFileCredentialsProviderFailure';
-      throw e;
-    }
-  };
-}

packages/aws-cdk/lib/api/aws-auth/proxy-agent.ts

@@ -1,6 +1,6 @@
+import * as fs from 'fs-extra';
 import { ProxyAgent } from 'proxy-agent';
 import type { SdkHttpOptions } from './sdk-provider';
-import { readIfPossible } from './util';
 import { IO, type IoHelper } from '../../../../@aws-cdk/tmp-toolkit-helpers/src/api/io/private';
 
 export class ProxyAgentProvider {
@@ -27,7 +27,15 @@ export class ProxyAgentProvider {
     const path = bundlePath || this.caBundlePathFromEnvironment();
     if (path) {
       await this.ioHelper.notify(IO.DEFAULT_SDK_DEBUG.msg(`Using CA bundle path: ${path}`));
-      return readIfPossible(path);
+      try {
+        if (!fs.pathExistsSync(path)) {
+          return undefined;
+        }
+        return fs.readFileSync(path, { encoding: 'utf-8' });
+      } catch (e: any) {
+        await this.ioHelper.notify(IO.DEFAULT_SDK_DEBUG.msg(String(e)));
+        return undefined;
+      }
     }
     return undefined;
   }

packages/aws-cdk/lib/api/aws-auth/sdk.ts

@@ -1015,7 +1015,7 @@ export class SDK {
         if (!accountId) {
           throw new AuthenticationError("STS didn't return an account ID");
         }
-        await this.debug(`Default account ID ${accountId}`);
+        await this.debug(`Default account ID: ${accountId}`);
 
         // Save another STS call later if this one already succeeded
         this._credentialsValidated = true;

packages/aws-cdk/test/context-providers/amis.test.ts

@@ -3,10 +3,11 @@ import { DescribeImagesCommand } from '@aws-sdk/client-ec2';
 import { SDK, SdkForEnvironment } from '../../lib/api';
 import { AmiContextProviderPlugin } from '../../lib/context-providers/ami';
 import { FAKE_CREDENTIAL_CHAIN, MockSdkProvider, mockEC2Client } from '../util/mock-sdk';
+import { TestIoHost } from '../../../@aws-cdk/tmp-toolkit-helpers/src/api/io/private';
 
 const mockSDK = new (class extends MockSdkProvider {
   public forEnvironment(): Promise<SdkForEnvironment> {
-    return Promise.resolve({ sdk: new SDK(FAKE_CREDENTIAL_CHAIN, mockSDK.defaultRegion, {}), didAssumeRole: false });
+    return Promise.resolve({ sdk: new SDK(FAKE_CREDENTIAL_CHAIN, mockSDK.defaultRegion, {}, new TestIoHost().asHelper("deploy")), didAssumeRole: false });
   }
 })();
 

packages/aws-cdk/test/context-providers/availability-zones.test.ts

@@ -2,10 +2,11 @@ import { DescribeAvailabilityZonesCommand } from '@aws-sdk/client-ec2';
 import { SDK, SdkForEnvironment } from '../../lib/api';
 import { AZContextProviderPlugin } from '../../lib/context-providers/availability-zones';
 import { FAKE_CREDENTIAL_CHAIN, mockEC2Client, MockSdkProvider } from '../util/mock-sdk';
+import { TestIoHost } from '../../../@aws-cdk/tmp-toolkit-helpers/src/api/io/private';
 
 const mockSDK = new (class extends MockSdkProvider {
   public forEnvironment(): Promise<SdkForEnvironment> {
-    return Promise.resolve({ sdk: new SDK(FAKE_CREDENTIAL_CHAIN, mockSDK.defaultRegion, {}), didAssumeRole: false });
+    return Promise.resolve({ sdk: new SDK(FAKE_CREDENTIAL_CHAIN, mockSDK.defaultRegion, {}, new TestIoHost().asHelper("deploy")), didAssumeRole: false });
   }
 })();
 

packages/aws-cdk/test/context-providers/endpoint-service-availability-zones.test.ts

@@ -4,10 +4,11 @@ import {
   EndpointServiceAZContextProviderPlugin,
 } from '../../lib/context-providers/endpoint-service-availability-zones';
 import { FAKE_CREDENTIAL_CHAIN, mockEC2Client, MockSdkProvider } from '../util/mock-sdk';
+import { TestIoHost } from '../../../@aws-cdk/tmp-toolkit-helpers/src/api/io/private';
 
 const mockSDK = new (class extends MockSdkProvider {
   public forEnvironment(): Promise<SdkForEnvironment> {
-    return Promise.resolve({ sdk: new SDK(FAKE_CREDENTIAL_CHAIN, mockSDK.defaultRegion, {}), didAssumeRole: false });
+    return Promise.resolve({ sdk: new SDK(FAKE_CREDENTIAL_CHAIN, mockSDK.defaultRegion, {}, new TestIoHost().asHelper("deploy")), didAssumeRole: false });
   }
 })();
 

packages/aws-cdk/test/context-providers/hosted-zones.test.ts

@@ -2,10 +2,11 @@ import { GetHostedZoneCommand, ListHostedZonesByNameCommand } from '@aws-sdk/cli
 import { SDK, SdkForEnvironment } from '../../lib/api';
 import { HostedZoneContextProviderPlugin } from '../../lib/context-providers/hosted-zones';
 import { FAKE_CREDENTIAL_CHAIN, mockRoute53Client, MockSdkProvider } from '../util/mock-sdk';
+import { TestIoHost } from '../../../@aws-cdk/tmp-toolkit-helpers/src/api/io/private';
 
 const mockSDK = new (class extends MockSdkProvider {
   public forEnvironment(): Promise<SdkForEnvironment> {
-    return Promise.resolve({ sdk: new SDK(FAKE_CREDENTIAL_CHAIN, mockSDK.defaultRegion, {}), didAssumeRole: false });
+    return Promise.resolve({ sdk: new SDK(FAKE_CREDENTIAL_CHAIN, mockSDK.defaultRegion, {}, new TestIoHost().asHelper("deploy")), didAssumeRole: false });
   }
 })();
 

packages/aws-cdk/test/context-providers/load-balancers.test.ts

@@ -15,10 +15,11 @@ import {
   mockElasticLoadBalancingV2Client,
   restoreSdkMocksToDefault,
 } from '../util/mock-sdk';
+import { TestIoHost } from '../../../@aws-cdk/tmp-toolkit-helpers/src/api/io/private';
 
 const mockSDK = new (class extends MockSdkProvider {
   public forEnvironment(): Promise<SdkForEnvironment> {
-    return Promise.resolve({ sdk: new SDK(FAKE_CREDENTIAL_CHAIN, mockSDK.defaultRegion, {}), didAssumeRole: false });
+    return Promise.resolve({ sdk: new SDK(FAKE_CREDENTIAL_CHAIN, mockSDK.defaultRegion, {}, new TestIoHost().asHelper("deploy")), didAssumeRole: false });
   }
 })();
 

packages/aws-cdk/test/context-providers/security-groups.test.ts

@@ -2,10 +2,11 @@ import { DescribeSecurityGroupsCommand } from '@aws-sdk/client-ec2';
 import { SDK, type SdkForEnvironment } from '../../lib/api';
 import { hasAllTrafficEgress, SecurityGroupContextProviderPlugin } from '../../lib/context-providers/security-groups';
 import { FAKE_CREDENTIAL_CHAIN, MockSdkProvider, mockEC2Client, restoreSdkMocksToDefault } from '../util/mock-sdk';
+import { TestIoHost } from '../../../@aws-cdk/tmp-toolkit-helpers/src/api/io/private';
 
 const mockSDK = new (class extends MockSdkProvider {
   public forEnvironment(): Promise<SdkForEnvironment> {
-    return Promise.resolve({ sdk: new SDK(FAKE_CREDENTIAL_CHAIN, mockSDK.defaultRegion, {}), didAssumeRole: false });
+    return Promise.resolve({ sdk: new SDK(FAKE_CREDENTIAL_CHAIN, mockSDK.defaultRegion, {}, new TestIoHost().asHelper("deploy")), didAssumeRole: false });
   }
 })();
 

packages/aws-cdk/test/context-providers/ssm-parameters.test.ts

@@ -2,10 +2,11 @@ import { GetParameterCommand } from '@aws-sdk/client-ssm';
 import { SDK, SdkForEnvironment } from '../../lib/api';
 import { SSMContextProviderPlugin } from '../../lib/context-providers/ssm-parameters';
 import { FAKE_CREDENTIAL_CHAIN, MockSdkProvider, mockSSMClient, restoreSdkMocksToDefault } from '../util/mock-sdk';
+import { TestIoHost } from '../../../@aws-cdk/tmp-toolkit-helpers/src/api/io/private';
 
 const mockSDK = new (class extends MockSdkProvider {
   public forEnvironment(): Promise<SdkForEnvironment> {
-    return Promise.resolve({ sdk: new SDK(FAKE_CREDENTIAL_CHAIN, mockSDK.defaultRegion, {}), didAssumeRole: false });
+    return Promise.resolve({ sdk: new SDK(FAKE_CREDENTIAL_CHAIN, mockSDK.defaultRegion, {}, new TestIoHost().asHelper("deploy")), didAssumeRole: false });
   }
 })();