Skip to content

fix: role assumption through profiles not working properly in certain situations #14315

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Oct 31, 2025
Merged

fix: role assumption through profiles not working properly in certain situations #14315

merged 3 commits into from
Oct 31, 2025

Conversation

@ShadowCat567
Copy link
Contributor

@ShadowCat567 ShadowCat567 commented Oct 31, 2025
edited
Loading

Description of changes

This PR fixes 2 bugs that affect people who get their credentials from profiles that look like this:

[profile test-profile]
role_arn=arn:aws:iam::<account number>:role/test-role
source_profile=other-profile

  1. @aws-sdk/credential-providers
    @aws-sdk/credential-providers uses v4 of @smithy/property-providers. This is a problem because our bundling solution (pkg) does not support dynamic imports, which were introduced in v4 of @smithy/property-providers. So I downgraded us to the newest version that still uses v3 of @smithy/property-providers until we come up with a more permanent solution.
    Not sure why this change specifically broke profiles that use a role and another profile to get credentials since profiles that got credentials through other methods worked fine for me.

  2. identity.expiration.getTime is not a function
    The expiration field within credentials of profiles that get credentials through a role and another profile is a string instead of a Date. This was fine in AWS SDK V2, since it was more flexible with types, however AWS SDK V3 is much stricter with typing so the expiration field needs to get converted to a Date before it gets used in any clients.

Issue #, if available

#14290

Description of how you validated changes

Discovered the first issue after 14.2.1 was released and was able to reproduce the second issue and verify that both are fixed by these changes.

Checklist

  • PR description included
  • yarn test passes
  • Tests are changed or added
  • Relevant documentation is changed or added (and PR referenced)
  • New AWS SDK calls or CloudFormation actions have been added to relevant test and service IAM policies
  • Pull request labels are added

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@ShadowCat567 ShadowCat567 changed the title fix: source profiles not working properly in certain situations fix: role assumption through profiles not working properly in certain situations Oct 31, 2025
@ShadowCat567 ShadowCat567 marked this pull request as ready for review October 31, 2025 20:58
@ShadowCat567 ShadowCat567 requested a review from a team as a code owner October 31, 2025 20:58
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 31, 2025
View reviewed changes
@ShadowCat567 ShadowCat567 merged commit 04f7bcf into dev Oct 31, 2025
5 checks passed
@ShadowCat567 ShadowCat567 deleted the downgrade-cred-providers branch October 31, 2025 21:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@svidgen svidgen svidgen approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ShadowCat567 @svidgen