From 70a980f757cfe6a177818bb2295ff85e06f387b1 Mon Sep 17 00:00:00 2001
From: John Hockett <jhockett@users.noreply.github.com>
Date: Fri, 23 Apr 2021 13:06:16 -1000
Subject: [PATCH] fix: profile validation to include source_profile and
 role_arn (#7173)

---
 .../src/__tests__/system-config-manager.test.ts        | 10 ++++++++++
 .../src/system-config-manager.ts                       |  8 ++++++--
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/packages/amplify-provider-awscloudformation/src/__tests__/system-config-manager.test.ts b/packages/amplify-provider-awscloudformation/src/__tests__/system-config-manager.test.ts
index 00e3f900e63..9a74ad11831 100644
--- a/packages/amplify-provider-awscloudformation/src/__tests__/system-config-manager.test.ts
+++ b/packages/amplify-provider-awscloudformation/src/__tests__/system-config-manager.test.ts
@@ -36,6 +36,16 @@ describe('profile tests', () => {
     expect(fs_mock.readFileSync).toHaveBeenCalledTimes(1);
   });
 
+  it('should return profile credentials when using a source_profile and role_arn', () => {
+    fs_mock.readFileSync.mockImplementationOnce(() => {
+      return '[fake]\nrole_arn=arn:aws:iam::123456789012:role/fakerole\nsource_profile=fakeuser\n';
+    });
+    const creds = getProfileCredentials('fake');
+    expect(creds).toBeDefined();
+    expect(fs_mock.existsSync).toHaveBeenCalledTimes(1);
+    expect(fs_mock.readFileSync).toHaveBeenCalledTimes(1);
+  });
+
   it('should fail to return profile credentials', () => {
     fs_mock.readFileSync.mockImplementationOnce(() => {
       return '[fake]\nmalformed_access_key_id=fakeAccessKey\naws_secret_access_key=fakeSecretKey\n';
diff --git a/packages/amplify-provider-awscloudformation/src/system-config-manager.ts b/packages/amplify-provider-awscloudformation/src/system-config-manager.ts
index 65ab061ca44..c58b3776034 100644
--- a/packages/amplify-provider-awscloudformation/src/system-config-manager.ts
+++ b/packages/amplify-provider-awscloudformation/src/system-config-manager.ts
@@ -1,3 +1,5 @@
+import { $TSAny, pathManager, SecretFileMode } from 'amplify-cli-core';
+
 const aws = require('aws-sdk');
 const fs = require('fs-extra');
 const path = require('path');
@@ -5,7 +7,6 @@ const ini = require('ini');
 const inquirer = require('inquirer');
 const constants = require('./constants');
 const proxyAgent = require('proxy-agent');
-const { pathManager, SecretFileMode } = require('amplify-cli-core');
 const { fileLogger } = require('./utils/aws-logger');
 const logger = fileLogger('system-config-manager');
 
@@ -288,8 +289,11 @@ export function getProfileCredentials(profileName) {
   return profileCredentials;
 }
 
-function validateCredentials(credentials, profileName) {
+function validateCredentials(credentials: $TSAny, profileName: string) {
   const missingKeys = [];
+  if (credentials?.source_profile && credentials?.role_arn) {
+    return;
+  }
   if (!credentials?.accessKeyId) {
     missingKeys.push('aws_access_key_id');
   }