fix(credentials): "Connect", "Choose Profile" treat empty credentials files as usable #2965

Problem:
- If ~/.aws/config exists but doesn't have a usable credentials profile, the
  Connect to AWS and Choose AWS Profile actions open ~/.aws/config immediately
  instead of starting the Create Credentials Profile wizard.

Solution:
- Check for `aws_access_key_id` and `aws_secret_access_key` in the credentials
  files to decide if any usable credentials files exist.

Author: jpinkney-aws

.changes/next-release/Bug Fix-f3f310a4-ee52-4c4a-8c91-3ca9b4b670c6.json

@@ -0,0 +1,4 @@
+{
+	"type": "Bug Fix",
+	"description": "\"Connect\" and \"Choose Profile\" open create credentials wizard/profile selector when credentials aren't present in aws configs"
+}

src/shared/awsContextCommands.ts

@@ -170,7 +170,7 @@ export class AwsContextCommands {
      * editing their credentials file.
      */
     private async getProfileNameFromUser(): Promise<string | undefined> {
-        const credentialsFiles: string[] = await UserCredentialsUtils.findExistingCredentialsFilenames()
+        const credentialsFiles: string[] = await UserCredentialsUtils.findExistingCredentialsFilenames(true)
         const providerMap = await CredentialsProviderManager.getInstance().getCredentialProviderNames()
         const profileNames = Object.keys(providerMap)
         if (profileNames.length > 0) {

src/shared/credentials/userCredentialsUtils.ts

@@ -57,11 +57,18 @@ export class UserCredentialsUtils {
      *
      * @returns array of filenames for files found.
      */
-    public static async findExistingCredentialsFilenames(): Promise<string[]> {
+    public static async findExistingCredentialsFilenames(isCredentialsRequired = false): Promise<string[]> {
         const candidateFiles: string[] = [getCredentialsFilename(), getConfigFilename()]
 
         const existsResults: boolean[] = await Promise.all(
-            candidateFiles.map(async filename => await SystemUtilities.fileExists(filename))
+            candidateFiles.map(async filename => {
+                const exists = await SystemUtilities.fileExists(filename)
+                if (!exists || !isCredentialsRequired) {
+                    return exists
+                }
+                const contents = await SystemUtilities.readFile(filename)
+                return /aws_access_key_id|aws_secret_access_key|aws_session_token/i.test(contents)
+            })
         )
 
         return candidateFiles.filter((filename, index) => existsResults[index])

src/test/shared/credentials/userCredentialsUtils.test.ts

@@ -6,6 +6,7 @@
 import * as assert from 'assert'
 import * as fs from 'fs-extra'
 import * as path from 'path'
+import * as sinon from 'sinon'
 
 import { Uri } from 'vscode'
 import { loadSharedConfigFiles } from '../../../shared/credentials/credentialsFile'
@@ -23,9 +24,7 @@ describe('UserCredentialsUtils', function () {
     })
 
     afterEach(async function () {
-        const env = process.env as EnvironmentVariables
-        delete env.AWS_SHARED_CREDENTIALS_FILE
-        delete env.AWS_CONFIG_FILE
+        sinon.restore()
     })
 
     after(async function () {
@@ -37,30 +36,30 @@ describe('UserCredentialsUtils', function () {
             const credentialsFilename = path.join(tempFolder, 'credentials-both-exist-test')
             const configFilename = path.join(tempFolder, 'config-both-exist-test')
 
-            const env = process.env as EnvironmentVariables
-            env.AWS_SHARED_CREDENTIALS_FILE = credentialsFilename
-            env.AWS_CONFIG_FILE = configFilename
+            sinon.stub(process, 'env').value({
+                AWS_SHARED_CREDENTIALS_FILE: credentialsFilename,
+                AWS_CONFIG_FILE: configFilename,
+            } as EnvironmentVariables)
 
             createCredentialsFile(credentialsFilename, ['default'])
             createCredentialsFile(configFilename, ['default'])
 
             const foundFiles: string[] = await UserCredentialsUtils.findExistingCredentialsFilenames()
-            assert(foundFiles)
             assert.strictEqual(foundFiles.length, 2)
         })
 
         it('returns credentials file if it exists and config file does not exist', async function () {
             const credentialsFilename = path.join(tempFolder, 'credentials-exist-test')
             const configFilename = path.join(tempFolder, 'config-not-exist-test')
 
-            const env = process.env as EnvironmentVariables
-            env.AWS_SHARED_CREDENTIALS_FILE = credentialsFilename
-            env.AWS_CONFIG_FILE = configFilename
+            sinon.stub(process, 'env').value({
+                AWS_SHARED_CREDENTIALS_FILE: credentialsFilename,
+                AWS_CONFIG_FILE: configFilename,
+            } as EnvironmentVariables)
 
             createCredentialsFile(credentialsFilename, ['default'])
 
             const foundFiles: string[] = await UserCredentialsUtils.findExistingCredentialsFilenames()
-            assert(foundFiles)
             assert.strictEqual(foundFiles.length, 1)
             assert.strictEqual(foundFiles[0], credentialsFilename)
         })
@@ -69,14 +68,14 @@ describe('UserCredentialsUtils', function () {
             const credentialsFilename = path.join(tempFolder, 'credentials-not-exist-test')
             const configFilename = path.join(tempFolder, 'config-exist-test')
 
-            const env = process.env as EnvironmentVariables
-            env.AWS_SHARED_CREDENTIALS_FILE = credentialsFilename
-            env.AWS_CONFIG_FILE = configFilename
+            sinon.stub(process, 'env').value({
+                AWS_SHARED_CREDENTIALS_FILE: credentialsFilename,
+                AWS_CONFIG_FILE: configFilename,
+            } as EnvironmentVariables)
 
             createCredentialsFile(configFilename, ['default'])
 
             const foundFiles: string[] = await UserCredentialsUtils.findExistingCredentialsFilenames()
-            assert(foundFiles)
             assert.strictEqual(foundFiles.length, 1)
             assert.strictEqual(foundFiles[0], configFilename)
         })
@@ -85,12 +84,28 @@ describe('UserCredentialsUtils', function () {
             const credentialsFilename = path.join(tempFolder, 'credentials-not-exist-test')
             const configFilename = path.join(tempFolder, 'config-not-exist-test')
 
-            const env = process.env as EnvironmentVariables
-            env.AWS_SHARED_CREDENTIALS_FILE = credentialsFilename
-            env.AWS_CONFIG_FILE = configFilename
+            sinon.stub(process, 'env').value({
+                AWS_SHARED_CREDENTIALS_FILE: credentialsFilename,
+                AWS_CONFIG_FILE: configFilename,
+            } as EnvironmentVariables)
 
             const foundFiles: string[] = await UserCredentialsUtils.findExistingCredentialsFilenames()
-            assert(foundFiles)
+            assert.strictEqual(foundFiles.length, 0)
+        })
+
+        it('returns empty result if files dont contain credentials', async function () {
+            const credentialsFilename = path.join(tempFolder, 'credentials-both-exist-but-no-credentials-test')
+            const configFilename = path.join(tempFolder, 'config-both-exist-but-no-credentials-test')
+
+            sinon.stub(process, 'env').value({
+                AWS_SHARED_CREDENTIALS_FILE: credentialsFilename,
+                AWS_CONFIG_FILE: configFilename,
+            } as EnvironmentVariables)
+
+            createCredentialsFile(credentialsFilename, [])
+            createCredentialsFile(configFilename, [])
+
+            const foundFiles: string[] = await UserCredentialsUtils.findExistingCredentialsFilenames(true)
             assert.strictEqual(foundFiles.length, 0)
         })
     })
@@ -100,8 +115,9 @@ describe('UserCredentialsUtils', function () {
             const credentialsFilename = path.join(tempFolder, 'credentials-generation-test')
             const profileName = 'someRandomProfileName'
 
-            const env = process.env as EnvironmentVariables
-            env.AWS_SHARED_CREDENTIALS_FILE = credentialsFilename
+            sinon.stub(process, 'env').value({
+                AWS_SHARED_CREDENTIALS_FILE: credentialsFilename,
+            } as EnvironmentVariables)
             const creds = {
                 accessKey: '123',
                 profileName: profileName,