fix(cli): assuming a role from the INI file fails in non-commercial regions (#32456)

otaviomacedo · mergify[bot] · web-flow · commit 70282420238a · 2024-12-11T09:46:56.000Z
SDK v3 is ignoring the `region` configuration if it's a non-commercial region, such as `cn-*`. This PR also removes a duplicate test suite. Fixes #32357. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
diff --git a/packages/aws-cdk/lib/api/aws-auth/awscli-compatible.ts b/packages/aws-cdk/lib/api/aws-auth/awscli-compatible.ts
@@ -34,8 +34,8 @@ export class AwsCliCompatible {
       requestHandler: AwsCliCompatible.requestHandlerBuilder(options.httpOptions),
       customUserAgent: 'aws-cdk',
       logger: options.logger,
+      region: await this.region(options.profile),
     };
-
     /**
      * The previous implementation matched AWS CLI behavior:
      *
diff --git a/packages/aws-cdk/test/api/aws-auth/awscli-compatible.test.ts b/packages/aws-cdk/test/api/aws-auth/awscli-compatible.test.ts
@@ -285,47 +285,3 @@ describe('Session token', () => {
     expect(process.env.AWS_SESSION_TOKEN).toEqual('aaa');
   });
 });
-
-describe('Session token', () => {
-  beforeEach(() => {
-    process.env.AWS_ACCESS_KEY_ID = 'foo';
-    process.env.AWS_SECRET_ACCESS_KEY = 'bar';
-  });
-
-  test('does not mess up with session token env variables if they are undefined', async () => {
-    // Making sure these variables are not defined
-    delete process.env.AWS_SESSION_TOKEN;
-    delete process.env.AMAZON_SESSION_TOKEN;
-
-    await AwsCliCompatible.credentialChainBuilder();
-
-    expect(process.env.AWS_SESSION_TOKEN).toBeUndefined();
-  });
-
-  test('preserves AWS_SESSION_TOKEN if it is defined', async () => {
-    process.env.AWS_SESSION_TOKEN = 'aaa';
-    delete process.env.AMAZON_SESSION_TOKEN;
-
-    await AwsCliCompatible.credentialChainBuilder();
-
-    expect(process.env.AWS_SESSION_TOKEN).toEqual('aaa');
-  });
-
-  test('assigns AWS_SESSION_TOKEN if it is not defined but AMAZON_SESSION_TOKEN is', async () => {
-    delete process.env.AWS_SESSION_TOKEN;
-    process.env.AMAZON_SESSION_TOKEN = 'aaa';
-
-    await AwsCliCompatible.credentialChainBuilder();
-
-    expect(process.env.AWS_SESSION_TOKEN).toEqual('aaa');
-  });
-
-  test('preserves AWS_SESSION_TOKEN if both are defined', async () => {
-    process.env.AWS_SESSION_TOKEN = 'aaa';
-    process.env.AMAZON_SESSION_TOKEN = 'bbb';
-
-    await AwsCliCompatible.credentialChainBuilder();
-
-    expect(process.env.AWS_SESSION_TOKEN).toEqual('aaa');
-  });
-});
