Skip to content

Commit 858ffd6

Browse files
kevluu-awskevluu-aws
committed
fix(policychecks): Update Policy Checks to use profile selected by AWS Toolkits instead of always default
1 parent fb2b23e commit 858ffd6

File tree

2 files changed

+43
-2
lines changed

2 files changed

+43
-2
lines changed

packages/core/src/awsService/accessanalyzer/vue/iamPolicyChecks.ts

Lines changed: 31 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -179,7 +179,9 @@ export class IamPolicyChecksWebview extends VueWebview {
179179
documentType,
180180
inputPolicyType: policyType ? policyType : 'None',
181181
})
182-
this.client.config.credentials = new SharedIniFileCredentials() // We need to detect changes in the user's credentials
182+
this.client.config.credentials = new SharedIniFileCredentials({
183+
profile: `${getProfileName()}`,
184+
}) // We need to detect changes in the user's credentials
183185
this.client.validatePolicy(
184186
{
185187
policyDocument: IamPolicyChecksWebview.editedDocument,
@@ -276,6 +278,8 @@ export class IamPolicyChecksWebview extends VueWebview {
276278
`${this.region}`,
277279
'--config',
278280
`${globals.context.asAbsolutePath(defaultTerraformConfigPath)}`,
281+
'--profile',
282+
`${getProfileName()}`,
279283
]
280284
this.executeValidatePolicyCommand({
281285
command,
@@ -296,7 +300,15 @@ export class IamPolicyChecksWebview extends VueWebview {
296300
case 'CloudFormation': {
297301
if (isCloudFormationTemplate(document)) {
298302
const command = 'cfn-policy-validator'
299-
const args = ['validate', '--template-path', `${document}`, '--region', `${this.region}`]
303+
const args = [
304+
'validate',
305+
'--template-path',
306+
`${document}`,
307+
'--region',
308+
`${this.region}`,
309+
'--profile',
310+
`${getProfileName()}`,
311+
]
300312
if (cfnParameterPath !== '') {
301313
args.push('--template-configuration-file', `${cfnParameterPath}`)
302314
}
@@ -356,6 +368,8 @@ export class IamPolicyChecksWebview extends VueWebview {
356368
`${tempFilePath}`,
357369
'--reference-policy-type',
358370
`${policyType}`,
371+
'--profile',
372+
`${getProfileName()}`,
359373
]
360374
this.executeCustomPolicyChecksCommand({
361375
command,
@@ -387,6 +401,8 @@ export class IamPolicyChecksWebview extends VueWebview {
387401
`${tempFilePath}`,
388402
'--reference-policy-type',
389403
`${policyType}`,
404+
'--profile',
405+
`${getProfileName()}`,
390406
]
391407
if (cfnParameterPath !== '') {
392408
args.push('--template-configuration-file', `${cfnParameterPath}`)
@@ -447,6 +463,8 @@ export class IamPolicyChecksWebview extends VueWebview {
447463
`${this.region}`,
448464
'--config',
449465
`${globals.context.asAbsolutePath(defaultTerraformConfigPath)}`,
466+
'--profile',
467+
`${getProfileName()}`,
450468
]
451469
if (actions !== '') {
452470
args.push('--actions', `${actions}`)
@@ -479,6 +497,8 @@ export class IamPolicyChecksWebview extends VueWebview {
479497
`${document}`,
480498
'--region',
481499
`${this.region}`,
500+
'--profile',
501+
`${getProfileName()}`,
482502
]
483503
if (actions !== '') {
484504
args.push('--actions', `${actions}`)
@@ -524,6 +544,8 @@ export class IamPolicyChecksWebview extends VueWebview {
524544
`${this.region}`,
525545
'--config',
526546
`${globals.context.asAbsolutePath(defaultTerraformConfigPath)}`,
547+
'--profile',
548+
`${getProfileName()}`,
527549
]
528550
this.executeCustomPolicyChecksCommand({
529551
command,
@@ -550,6 +572,8 @@ export class IamPolicyChecksWebview extends VueWebview {
550572
`${document}`,
551573
'--region',
552574
`${this.region}`,
575+
'--profile',
576+
`${getProfileName()}`,
553577
]
554578
if (cfnParameterPath !== '') {
555579
args.push('--template-configuration-file', `${cfnParameterPath}`)
@@ -919,6 +943,11 @@ export function isJsonPolicyLanguage(document: string) {
919943
return policyLanguageFileTypes.some((t) => document.endsWith(t))
920944
}
921945

946+
export function getProfileName(): string | undefined {
947+
// We neeed to split the name on 'profile:' to extract the correct profile name
948+
return globals.awsContext.getCredentialProfileName()?.split('profile:')[1]
949+
}
950+
922951
export class PolicyChecksError extends ToolkitError {
923952
constructor(message: string, code: PolicyChecksErrorCode) {
924953
super(message, { code })

packages/core/src/test/awsService/accessanalyzer/iamPolicyChecks.test.ts

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -155,6 +155,8 @@ describe('validatePolicy', function () {
155155
'us-east-1',
156156
'--config',
157157
`${globals.context.asAbsolutePath(defaultTerraformConfigPath)}`,
158+
'--profile',
159+
'undefined',
158160
],
159161
cfnParameterPathExists: false,
160162
documentType,
@@ -182,6 +184,8 @@ describe('validatePolicy', function () {
182184
'us-east-1',
183185
'--template-configuration-file',
184186
cfnParameterPath,
187+
'--profile',
188+
'undefined',
185189
],
186190
cfnParameterPathExists: true,
187191
documentType,
@@ -453,6 +457,8 @@ describe('customChecks', function () {
453457
'action1action2',
454458
'--resources',
455459
'resource1resource2',
460+
'--profile',
461+
'undefined',
456462
],
457463
cfnParameterPathExists: !!cfnParameterPath,
458464
documentType,
@@ -492,6 +498,8 @@ describe('customChecks', function () {
492498
'resource1resource2',
493499
'--template-configuration-file',
494500
cfnParameterPath,
501+
'--profile',
502+
'undefined',
495503
],
496504
cfnParameterPathExists: !!cfnParameterPath,
497505
documentType,
@@ -548,6 +556,8 @@ describe('customChecks', function () {
548556
'us-east-1',
549557
'--config',
550558
`${globals.context.asAbsolutePath(defaultTerraformConfigPath)}`,
559+
'--profile',
560+
'undefined',
551561
],
552562
cfnParameterPathExists: !!cfnParameterPath,
553563
documentType,
@@ -581,6 +591,8 @@ describe('customChecks', function () {
581591
'us-east-1',
582592
'--template-configuration-file',
583593
cfnParameterPath,
594+
'--profile',
595+
'undefined',
584596
],
585597
cfnParameterPathExists: !!cfnParameterPath,
586598
documentType,

0 commit comments

Comments
 (0)