Skip to content

Commit ada0c09

Browse files
millemsmillems
committed
Update AssumeRoleIntegrationTest to work even if the current environment includes a AWS_SESSION_TOKEN
1 parent b7be5c1 commit ada0c09

File tree

1 file changed

+35
-31
lines changed

1 file changed

+35
-31
lines changed

services/sts/src/it/java/software/amazon/awssdk/services/sts/AssumeRoleIntegrationTest.java

Lines changed: 35 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -186,6 +186,7 @@ public void profileCredentialProviderCanAssumeRolesWithEnvironmentCredentialSour
186186
EnvironmentVariableHelper.run(helper -> {
187187
helper.set("AWS_ACCESS_KEY_ID", userCredentials.accessKeyId());
188188
helper.set("AWS_SECRET_ACCESS_KEY", userCredentials.secretAccessKey());
189+
helper.remove("AWS_SESSION_TOKEN");
189190

190191
String ASSUME_ROLE_PROFILE =
191192
"[test]\n"
@@ -218,36 +219,39 @@ public void profileCredentialProviderWithEnvironmentCredentialSourceAndSystemPro
218219
System.setProperty("aws.accessKeyId", userCredentials.accessKeyId());
219220
System.setProperty("aws.secretAccessKey", userCredentials.secretAccessKey());
220221

221-
EnvironmentVariableHelper.run(helper -> {
222-
helper.remove("AWS_ACCESS_KEY_ID");
223-
helper.remove("AWS_SECRET_ACCESS_KEY");
224-
225-
String ASSUME_ROLE_PROFILE =
226-
"[test]\n"
227-
+ "region = us-west-1\n"
228-
+ "credential_source = Environment\n"
229-
+ "role_arn = " + ROLE_ARN;
230-
231-
ProfileFile profiles = ProfileFile.builder()
232-
.content(new StringInputStream(ASSUME_ROLE_PROFILE))
233-
.type(ProfileFile.Type.CREDENTIALS)
234-
.build();
235-
Optional<Profile> profile = profiles.profile("test");
236-
AwsCredentialsProvider awsCredentialsProvider =
237-
new ProfileCredentialsUtils(profile.get(), profiles::profile).credentialsProvider().get();
238-
239-
240-
// Try to assume the role until the eventual consistency catches up.
241-
AwsCredentials awsCredentials = Waiter.run(awsCredentialsProvider::resolveCredentials)
242-
.ignoringException(StsException.class)
243-
.orFail();
244-
245-
assertThat(awsCredentials.accessKeyId()).isNotBlank();
246-
assertThat(awsCredentials.secretAccessKey()).isNotBlank();
247-
((SdkAutoCloseable) awsCredentialsProvider).close();
248-
});
249-
250-
System.clearProperty("aws.accessKeyId");
251-
System.clearProperty("aws.secretAccessKey");
222+
try {
223+
EnvironmentVariableHelper.run(helper -> {
224+
helper.remove("AWS_ACCESS_KEY_ID");
225+
helper.remove("AWS_SECRET_ACCESS_KEY");
226+
helper.remove("AWS_SESSION_TOKEN");
227+
228+
String ASSUME_ROLE_PROFILE =
229+
"[test]\n"
230+
+ "region = us-west-1\n"
231+
+ "credential_source = Environment\n"
232+
+ "role_arn = " + ROLE_ARN;
233+
234+
ProfileFile profiles = ProfileFile.builder()
235+
.content(new StringInputStream(ASSUME_ROLE_PROFILE))
236+
.type(ProfileFile.Type.CREDENTIALS)
237+
.build();
238+
Optional<Profile> profile = profiles.profile("test");
239+
AwsCredentialsProvider awsCredentialsProvider =
240+
new ProfileCredentialsUtils(profile.get(), profiles::profile).credentialsProvider().get();
241+
242+
243+
// Try to assume the role until the eventual consistency catches up.
244+
AwsCredentials awsCredentials = Waiter.run(awsCredentialsProvider::resolveCredentials)
245+
.ignoringException(StsException.class)
246+
.orFail();
247+
248+
assertThat(awsCredentials.accessKeyId()).isNotBlank();
249+
assertThat(awsCredentials.secretAccessKey()).isNotBlank();
250+
((SdkAutoCloseable) awsCredentialsProvider).close();
251+
});
252+
} finally {
253+
System.clearProperty("aws.accessKeyId");
254+
System.clearProperty("aws.secretAccessKey");
255+
}
252256
}
253257
}

0 commit comments

Comments
 (0)