mid work

packages/aws-cdk-lib/pipelines/lib/blueprint/stage-deployment.ts

@@ -62,7 +62,7 @@ export class StageDeployment {
     const stepFromArtifact = new Map<CloudFormationStackArtifact, StackDeployment>();
     for (const artifact of assembly.stacks) {
       if (artifact.assumeRoleAdditionalOptions?.Tags && artifact.assumeRoleArn) {
-        throw new Error(`Deployment of stack ${artifact.stackName} requires assuming the role ${artifact.assumeRoleArn} with session tags ${JSON.stringify(artifact.assumeRoleAdditionalOptions.Tags)}, but assuming roles with session tags is not supported by CodePipeline.`);
+        throw new Error(`Deployment of stack ${artifact.stackName} requires assuming the role ${artifact.assumeRoleArn} with session tags, but assuming roles with session tags is not supported by CodePipeline.`);
       }
       const step = StackDeployment.fromArtifact(artifact);
       stepFromArtifact.set(artifact, step);

packages/aws-cdk-lib/pipelines/test/codepipeline/codepipeline.test.ts

@@ -540,7 +540,7 @@ test('throws when deploy role session tags are used', () => {
         },
       },
     });
-  }).toThrow('Deployment of stack SampleStage-123456789012-us-east-1-SampleStack requires assuming the role arn:${AWS::Partition}:iam::123456789012:role/cdk-hnb659fds-deploy-role-123456789012-us-east-1 with session tags {"Departement":"Engineering"}, but assuming roles with session tags is not supported by CodePipeline.');
+  }).toThrow('Deployment of stack SampleStage-123456789012-us-east-1-SampleStack requires assuming the role arn:${AWS::Partition}:iam::123456789012:role/cdk-hnb659fds-deploy-role-123456789012-us-east-1 with session tags, but assuming roles with session tags is not supported by CodePipeline.');
 
 });
 

packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts

@@ -600,7 +600,7 @@ export async function initPluginSdk(aws: SdkProvider, options: cxschema.ContextL
 
   const creds: CredentialsOptions = {
     assumeRoleArn: options.lookupRoleArn,
-    assumeRoleAdditionalOptions: options.lookupRoleAdditionalOptions,
+    assumeRoleAdditionalOptions: options.assumeRoleAdditionalOptions,
     assumeRoleExternalId: options.lookupRoleExternalId,
   };
 

packages/aws-cdk/lib/context-providers/index.ts

@@ -68,12 +68,7 @@ export async function provideContextValues(
         lookupRoleArn: missingContext.props.lookupRoleArn,
       }, resolvedEnvironment, sdk);
 
-      value = await provider.getValue({
-        ...missingContext.props,
-        lookupRoleArn: arns.lookupRoleArn,
-        lookupRoleExternalId: missingContext.props.lookupRoleExternalId,
-        assumeRoleAdditionalOptions: missingContext.props.lookupRoleAdditionalOptions,
-      });
+      value = await provider.getValue({ ...missingContext.props, lookupRoleArn: arns.lookupRoleArn });
     } catch (e: any) {
       // Set a specially formatted provider value which will be interpreted
       // as a lookup failure in the toolkit.