Merge pull request #7044 from serverless/fix-aws-creds-handling

Fix AWS creds handling
serverless · Dec 4, 2019 · 4c1cee3 · 4c1cee3
2 parents a45d2a2 + 3561687
commit 4c1cee3
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 12 deletions.
diff --git a/lib/plugins/aws/invokeLocal/index.js b/lib/plugins/aws/invokeLocal/index.js
@@ -128,13 +128,17 @@ class AwsInvokeLocal {
       NODE_PATH: '/var/runtime:/var/task:/var/runtime/node_modules',
     };
 
-    const credentialEnvVars = this.provider.cachedCredentials
-      ? {
-          AWS_ACCESS_KEY_ID: this.provider.cachedCredentials.accessKeyId,
-          AWS_SECRET_ACCESS_KEY: this.provider.cachedCredentials.secretAccessKey,
-          AWS_SESSION_TOKEN: this.provider.cachedCredentials.sessionToken,
-        }
-      : {};
+    const { cachedCredentials } = this.provider;
+    const credentialEnvVars = {};
+    if (cachedCredentials.accessKeyId) {
+      credentialEnvVars.AWS_ACCESS_KEY_ID = cachedCredentials.accessKeyId;
+    }
+    if (cachedCredentials.secretAccessKey) {
+      credentialEnvVars.AWS_SECRET_ACCESS_KEY = cachedCredentials.secretAccessKey;
+    }
+    if (cachedCredentials.sessionToken) {
+      credentialEnvVars.AWS_SESSION_TOKEN = cachedCredentials.sessionToken;
+    }
 
     // profile override from config
     const profileOverride = this.provider.getProfile();

diff --git a/lib/plugins/aws/invokeLocal/index.test.js b/lib/plugins/aws/invokeLocal/index.test.js
@@ -327,18 +327,31 @@ describe('AwsInvokeLocal', () => {
         expect(process.env.NODE_PATH).to.equal('/var/runtime:/var/task:/var/runtime/node_modules');
       }));
 
-    it('it should set credential env vars', () => {
-      provider.cachedCredentials.accessKeyId = 'ID';
-      provider.cachedCredentials.secretAccessKey = 'SECRET';
-      provider.cachedCredentials.sessionToken = 'TOKEN';
+    it('it should set credential env vars #1', () => {
+      provider.cachedCredentials = {
+        accessKeyId: 'ID',
+        secretAccessKey: 'SECRET',
+      };
 
       return awsInvokeLocal.loadEnvVars().then(() => {
         expect(process.env.AWS_ACCESS_KEY_ID).to.equal('ID');
         expect(process.env.AWS_SECRET_ACCESS_KEY).to.equal('SECRET');
-        expect(process.env.AWS_SESSION_TOKEN).to.equal('TOKEN');
+        expect('AWS_SESSION_TOKEN' in process.env).to.equal(false);
       });
     });
 
+    it('it should set credential env vars #2', () => {
+      provider.cachedCredentials = { sessionToken: 'TOKEN' };
+      return awsInvokeLocal
+        .loadEnvVars()
+
+        .then(() => {
+          expect(process.env.AWS_SESSION_TOKEN).to.equal('TOKEN');
+          expect('AWS_ACCESS_KEY_ID' in process.env).to.equal(false);
+          expect('AWS_SECRET_ACCESS_KEY' in process.env).to.equal(false);
+        });
+    });
+
     it('should fallback to service provider configuration when options are not available', () => {
       awsInvokeLocal.provider.options.region = null;
       awsInvokeLocal.serverless.service.provider.region = 'us-west-1';