aws-sdk-js-v3 icon indicating copy to clipboard operation
aws-sdk-js-v3 copied to clipboard

Published 20 hours ago verified publisher icon aws

@aws-sdk/credential-providers has trouble reading config files from home-relative paths

Open jbreckmckye opened this issue 1 year ago • 2 comments

Describe the bug

I think there may be a bug with the SSO credentials library, or in its chain of dependencies. I'm raising the issue here as this is the SDK actually affected.

When using the fromSSO function, if I pass a home-relative path string toconfigFilepath, loading the credentials from ambient INI files fails. For example ~/.aws.config as opposed to /Users/jbreckmckye/.aws/config

If I pass a root-relative path to the same file, or omit the configFilepath, it works fine and picks up the credentials from the ini.

Expected Behavior

Expected: to retrieve the credentials already set up with aws sso login --profile MyProfileName, by using the files populated already in ~/.aws/credentials, ~/.aws/config

Current Behavior

The SDK throws a CredentialsProviderError due to, it seems, being unable to load un-path-resolved files

Reproduction Steps

import { fromSSO } from '@aws-sdk/credential-providers'
import { S3Client, ListBucketsCommand } from '@aws-sdk/client-s3'

async function main() {
  const client = new S3Client({
    region: 'eu-west-1',
    credentials: fromSSO({
      profile: 'EngineerBeta',
      filepath: '~/.aws/credentials',
      configFilepath: '~/.aws/config', // works IF this is omitted, OR is the `realpath` of this same file
    }),
  } as any)

  const cmd = new ListBucketsCommand({})

  await client.send(cmd as any)
}

The ENV_CONFIG_PATH env var is unset.

I was able to trace the code as far as Smithy's loadSharedConfigFiles function:

  • I found that configFile and credentialsFile are resolved to their root-relative paths in the 'good' cases
  • but they are left as unresolved ~/.aws/... home-relative paths specifically when configFilepath is a home-relative path

Possible Solution

I wasn't able to trace the logic further than the shared-ini-file-loader package in the Smithy namespace.

Additional Information/Context

No response

SDK version used

@aws-sdk/credential-providers version 3.509.0

Environment details (OS name and version, etc.)

MacOS Sonoma

jbreckmckye avatar Feb 20 '24 17:02 jbreckmckye