in server/aws-lsp-identity/src/sharedConfig/unmergeConfigFiles.ts [41:84]
function unmergeSectionToConfigFiles(
sectionName: string,
mergedSettings: IniSection,
configFile: ParsedIniData,
credentialsFile: ParsedIniData
): void {
const configSection = (configFile[sectionName] ||= {})
const credentialsSection = (credentialsFile[sectionName] ||= {})
// Remove existing settings not on mergedSettings (i.e. deleted)
removeDeletedEntries({ removeFrom: configSection, deletedFrom: mergedSettings })
removeDeletedEntries({ removeFrom: credentialsSection, deletedFrom: mergedSettings })
// Apply each setting to the correct file section, in some cases, both
for (const [settingName, settingValue] of Object.entries(mergedSettings)) {
const inConfig: boolean = configSection && Object.hasOwn(configSection, settingName)
const inCredentials: boolean = credentialsSection && Object.hasOwn(credentialsSection, settingName)
// BEST PRACTICE: Secrets should be stored in credentials only
// https://docs.aws.amazon.com/sdkref/latest/guide/file-format.html#file-format-creds
if (isSecretSetting(settingName)) {
credentialsSection[settingName] = settingValue
if (inConfig) {
delete configSection[settingName]
}
continue
}
// Whether non-secret setting wasn't previously stored or just in config, prefer config
if (!inCredentials) {
configSection[settingName] = settingValue
continue
}
// Otherwise set in credentials and only update in config if it exists
credentialsSection[settingName] = settingValue
inConfig && (configSection[settingName] = settingValue)
}
// Remove empty sections
!Object.keys(configSection).length && delete configFile[sectionName]
!Object.keys(credentialsSection).length && delete credentialsFile[sectionName]
}