test(credential-provider-node): add test case with chained web id tok…

…en file

packages/credential-provider-node/src/credential-provider-node.integ.spec.ts

@@ -572,6 +572,39 @@ describe("credential-provider-node integration test", () => {
       spy.mockClear();
     });
 
+    it("should be able to combine a source_profile having web_identity_token_file and role_arn with an origin profile having role_arn and source_profile", async () => {
+      iniProfileData.default.source_profile = "credential_source_profile";
+      iniProfileData.default.role_arn = "ROLE_ARN_2";
+
+      iniProfileData.credential_source_profile = {
+        web_identity_token_file: "token-filepath",
+        role_arn: "ROLE_ARN_1",
+      };
+
+      sts = new STS({
+        region: "us-west-2",
+        requestHandler: mockRequestHandler,
+        credentials: defaultProvider({
+          awsContainerCredentialsFullUri: process.env.AWS_CONTAINER_CREDENTIALS_FULL_URI,
+          awsContainerAuthorizationToken: process.env.AWS_CONTAINER_AUTHORIZATION_TOKEN,
+          clientConfig: {
+            region: "us-west-2",
+          },
+          logger: sink,
+        }),
+      });
+      await sts.getCallerIdentity({});
+      const credentials = await sts.config.credentials();
+      expect(credentials).toEqual({
+        accessKeyId: "STS_AR_ACCESS_KEY_ID",
+        secretAccessKey: "STS_AR_SECRET_ACCESS_KEY",
+        sessionToken: "STS_AR_SESSION_TOKEN",
+        expiration: new Date("3000-01-01T00:00:00.000Z"),
+        credentialScope: "us-stsar-1__us-west-2",
+      });
+      expect(assumeRoleArns).toEqual(["ROLE_ARN_1", "ROLE_ARN_2"]);
+    });
+
     it("should complete chained role_arn credentials", async () => {
       process.env.AWS_CONTAINER_CREDENTIALS_FULL_URI = "http://169.254.170.23";
       process.env.AWS_CONTAINER_AUTHORIZATION_TOKEN = "container-authorization";