(api/aws-auth): Error on CDK commands when user does not exist #19401
Description
What is the problem?
In some cases (i.e. Docker container) a system user might not be in /etc/passwd file. It causes cdk diff (for example) to fail.
Reproduction Steps
For any CDK project run cli via docker container that has newly created user. for example:
docker run --rm -v `pwd`:/usr/src/app -w /usr/src/app -u 1001 -e NO_UPDATE_NOTIFIER=1 -e npm_config_cache=/tmp -e CDK_HOME=/tmp -v ~/.aws:/.aws node:14 npm run cdk diffWhat did you expect to happen?
By looking at code of safeUsername() function it's just used as part of RoleSessionName name. It could have a nice fallback to i.e. $USER env var or just predefined default value. The function is very simple:
function safeUsername() {
return os.userInfo().username.replace(/[^\w+=,.@-]/g, '@');
}What actually happened?
It causes cdk diff (for example) to fail with following stack trace:
Stack EksCdkStack
Reading existing template for stack EksCdkStack.
Retrieved account ID xxx from disk cache
Assuming role 'arn:aws:iam::xxx:role/cdk-hnb659fds-lookup-role-xxx-eu-west-1'.
SystemError [ERR_SYSTEM_ERROR]: A system error occurred: uv_os_get_passwd returned ENOENT (no such file or directory)
at new SystemError (internal/errors.js:217:5)
at new NodeError (internal/errors.js:302:7)
at Object.userInfo (os.js:347:11)
at safeUsername (/usr/src/app/node_modules/aws-cdk/lib/api/aws-auth/sdk-provider.ts:462:13)
at SdkProvider.withAssumedRole (/usr/src/app/node_modules/aws-cdk/lib/api/aws-auth/sdk-provider.ts:348:37)
at SdkProvider.forEnvironment (/usr/src/app/node_modules/aws-cdk/lib/api/aws-auth/sdk-provider.ts:189:28)
CDK CLI Version
2.10.0 (build e5b301f)
Framework Version
No response
Node.js Version
v14.19.0
OS
Ubuntu 20.04
Language
Typescript
Language Version
No response
Other information
I can contribute PR if you wish. Any hints of fallback value are appreciated :)