From bf0066de1feb5da5a27671ff09ba1929ba5b5d95 Mon Sep 17 00:00:00 2001 From: Kevin Luu Date: Thu, 21 Nov 2024 00:37:53 +0000 Subject: [PATCH] fix(policychecks): Update Policy Checks to use profile selected by AWS Toolkits instead of always default --- .../accessanalyzer/vue/iamPolicyChecks.ts | 33 +++++++++++++++++-- .../accessanalyzer/iamPolicyChecks.test.ts | 12 +++++++ 2 files changed, 43 insertions(+), 2 deletions(-) diff --git a/packages/core/src/awsService/accessanalyzer/vue/iamPolicyChecks.ts b/packages/core/src/awsService/accessanalyzer/vue/iamPolicyChecks.ts index 406b04a6d75..124d5cdee35 100644 --- a/packages/core/src/awsService/accessanalyzer/vue/iamPolicyChecks.ts +++ b/packages/core/src/awsService/accessanalyzer/vue/iamPolicyChecks.ts @@ -179,7 +179,9 @@ export class IamPolicyChecksWebview extends VueWebview { documentType, inputPolicyType: policyType ? policyType : 'None', }) - this.client.config.credentials = new SharedIniFileCredentials() // We need to detect changes in the user's credentials + this.client.config.credentials = new SharedIniFileCredentials({ + profile: `${getProfileName()}`, + }) // We need to detect changes in the user's credentials this.client.validatePolicy( { policyDocument: IamPolicyChecksWebview.editedDocument, @@ -276,6 +278,8 @@ export class IamPolicyChecksWebview extends VueWebview { `${this.region}`, '--config', `${globals.context.asAbsolutePath(defaultTerraformConfigPath)}`, + '--profile', + `${getProfileName()}`, ] this.executeValidatePolicyCommand({ command, @@ -296,7 +300,15 @@ export class IamPolicyChecksWebview extends VueWebview { case 'CloudFormation': { if (isCloudFormationTemplate(document)) { const command = 'cfn-policy-validator' - const args = ['validate', '--template-path', `${document}`, '--region', `${this.region}`] + const args = [ + 'validate', + '--template-path', + `${document}`, + '--region', + `${this.region}`, + '--profile', + `${getProfileName()}`, + ] if (cfnParameterPath !== '') { args.push('--template-configuration-file', `${cfnParameterPath}`) } @@ -356,6 +368,8 @@ export class IamPolicyChecksWebview extends VueWebview { `${tempFilePath}`, '--reference-policy-type', `${policyType}`, + '--profile', + `${getProfileName()}`, ] this.executeCustomPolicyChecksCommand({ command, @@ -387,6 +401,8 @@ export class IamPolicyChecksWebview extends VueWebview { `${tempFilePath}`, '--reference-policy-type', `${policyType}`, + '--profile', + `${getProfileName()}`, ] if (cfnParameterPath !== '') { args.push('--template-configuration-file', `${cfnParameterPath}`) @@ -447,6 +463,8 @@ export class IamPolicyChecksWebview extends VueWebview { `${this.region}`, '--config', `${globals.context.asAbsolutePath(defaultTerraformConfigPath)}`, + '--profile', + `${getProfileName()}`, ] if (actions !== '') { args.push('--actions', `${actions}`) @@ -479,6 +497,8 @@ export class IamPolicyChecksWebview extends VueWebview { `${document}`, '--region', `${this.region}`, + '--profile', + `${getProfileName()}`, ] if (actions !== '') { args.push('--actions', `${actions}`) @@ -524,6 +544,8 @@ export class IamPolicyChecksWebview extends VueWebview { `${this.region}`, '--config', `${globals.context.asAbsolutePath(defaultTerraformConfigPath)}`, + '--profile', + `${getProfileName()}`, ] this.executeCustomPolicyChecksCommand({ command, @@ -550,6 +572,8 @@ export class IamPolicyChecksWebview extends VueWebview { `${document}`, '--region', `${this.region}`, + '--profile', + `${getProfileName()}`, ] if (cfnParameterPath !== '') { args.push('--template-configuration-file', `${cfnParameterPath}`) @@ -919,6 +943,11 @@ export function isJsonPolicyLanguage(document: string) { return policyLanguageFileTypes.some((t) => document.endsWith(t)) } +export function getProfileName(): string | undefined { + // We neeed to split the name on 'profile:' to extract the correct profile name + return globals.awsContext.getCredentialProfileName()?.split('profile:')[1] +} + export class PolicyChecksError extends ToolkitError { constructor(message: string, code: PolicyChecksErrorCode) { super(message, { code }) diff --git a/packages/core/src/test/awsService/accessanalyzer/iamPolicyChecks.test.ts b/packages/core/src/test/awsService/accessanalyzer/iamPolicyChecks.test.ts index 7e99b46ded6..2f4ac00c881 100644 --- a/packages/core/src/test/awsService/accessanalyzer/iamPolicyChecks.test.ts +++ b/packages/core/src/test/awsService/accessanalyzer/iamPolicyChecks.test.ts @@ -155,6 +155,8 @@ describe('validatePolicy', function () { 'us-east-1', '--config', `${globals.context.asAbsolutePath(defaultTerraformConfigPath)}`, + '--profile', + 'undefined', ], cfnParameterPathExists: false, documentType, @@ -180,6 +182,8 @@ describe('validatePolicy', function () { IamPolicyChecksWebview.editedDocumentFileName, '--region', 'us-east-1', + '--profile', + 'undefined', '--template-configuration-file', cfnParameterPath, ], @@ -449,6 +453,8 @@ describe('customChecks', function () { 'us-east-1', '--config', `${globals.context.asAbsolutePath(defaultTerraformConfigPath)}`, + '--profile', + 'undefined', '--actions', 'action1action2', '--resources', @@ -486,6 +492,8 @@ describe('customChecks', function () { document, '--region', 'us-east-1', + '--profile', + 'undefined', '--actions', 'action1action2', '--resources', @@ -548,6 +556,8 @@ describe('customChecks', function () { 'us-east-1', '--config', `${globals.context.asAbsolutePath(defaultTerraformConfigPath)}`, + '--profile', + 'undefined', ], cfnParameterPathExists: !!cfnParameterPath, documentType, @@ -579,6 +589,8 @@ describe('customChecks', function () { document, '--region', 'us-east-1', + '--profile', + 'undefined', '--template-configuration-file', cfnParameterPath, ],