From f29905c7b65e51ebe2301baa80b495b4ec89ae6d Mon Sep 17 00:00:00 2001 From: George Fu Date: Fri, 24 May 2024 19:27:42 +0000 Subject: [PATCH] test: add scenario in credential chain integration test --- .../credential-provider-node.integ.spec.ts | 39 +++++++++++++++++++ .../src/defaultProvider.ts | 2 + .../src/remoteProvider.ts | 5 ++- 3 files changed, 45 insertions(+), 1 deletion(-) diff --git a/packages/credential-provider-node/src/credential-provider-node.integ.spec.ts b/packages/credential-provider-node/src/credential-provider-node.integ.spec.ts index 624b42f7bde45..3b83e504cc33c 100644 --- a/packages/credential-provider-node/src/credential-provider-node.integ.spec.ts +++ b/packages/credential-provider-node/src/credential-provider-node.integ.spec.ts @@ -1,4 +1,5 @@ import { STS } from "@aws-sdk/client-sts"; +import * as credentialProviderHttp from "@aws-sdk/credential-provider-http"; import { HttpResponse } from "@smithy/protocol-http"; import type { SourceProfileInit } from "@smithy/shared-ini-file-loader"; import type { HttpRequest, NodeHttpHandlerOptions, ParsedIniData } from "@smithy/types"; @@ -490,6 +491,44 @@ describe("credential-provider-node integration test", () => { credentialScope: "us-sso-1-us-sso-region-1", }); }); + + it("should be able to combine a source_profile having credential_source with an origin profile having role_arn and source_profile", async () => { + process.env.AWS_CONTAINER_CREDENTIALS_FULL_URI = "http://169.254.170.23"; + process.env.AWS_CONTAINER_AUTHORIZATION_TOKEN = "container-authorization"; + iniProfileData.default.source_profile = "credential_source_profile"; + iniProfileData.default.role_arn = "ROLE_ARN"; + iniProfileData.credential_source_profile = { + credential_source: "EcsContainer", + }; + const spy = jest.spyOn(credentialProviderHttp, "fromHttp"); + sts = new STS({ + region: "us-west-2", + requestHandler: mockRequestHandler, + credentials: defaultProvider({ + awsContainerCredentialsFullUri: process.env.AWS_CONTAINER_CREDENTIALS_FULL_URI, + awsContainerAuthorizationToken: process.env.AWS_CONTAINER_AUTHORIZATION_TOKEN, + clientConfig: { + region: "us-west-2", + }, + }), + }); + await sts.getCallerIdentity({}); + const credentials = await sts.config.credentials(); + expect(credentials).toEqual({ + accessKeyId: "STS_AR_ACCESS_KEY_ID", + secretAccessKey: "STS_AR_SECRET_ACCESS_KEY", + sessionToken: "STS_AR_SESSION_TOKEN", + expiration: new Date("3000-01-01T00:00:00.000Z"), + credentialScope: "us-stsar-1__us-west-2", + }); + expect(spy).toHaveBeenCalledWith( + expect.objectContaining({ + awsContainerCredentialsFullUri: process.env.AWS_CONTAINER_CREDENTIALS_FULL_URI, + awsContainerAuthorizationToken: process.env.AWS_CONTAINER_AUTHORIZATION_TOKEN, + }) + ); + spy.mockClear(); + }); }); describe("fromProcess", () => { diff --git a/packages/credential-provider-node/src/defaultProvider.ts b/packages/credential-provider-node/src/defaultProvider.ts index 72101174ee62f..65b8c4b2cf29e 100644 --- a/packages/credential-provider-node/src/defaultProvider.ts +++ b/packages/credential-provider-node/src/defaultProvider.ts @@ -1,4 +1,5 @@ import { fromEnv } from "@aws-sdk/credential-provider-env"; +import type { FromHttpOptions } from "@aws-sdk/credential-provider-http"; import type { FromIniInit } from "@aws-sdk/credential-provider-ini"; import type { FromProcessInit } from "@aws-sdk/credential-provider-process"; import type { FromSSOInit, SsoCredentialsParameters } from "@aws-sdk/credential-provider-sso"; @@ -14,6 +15,7 @@ import { remoteProvider } from "./remoteProvider"; * @public */ export type DefaultProviderInit = FromIniInit & + FromHttpOptions & RemoteProviderInit & FromProcessInit & (FromSSOInit & Partial) & diff --git a/packages/credential-provider-node/src/remoteProvider.ts b/packages/credential-provider-node/src/remoteProvider.ts index 7f64789be0828..27dce9a2de8e7 100644 --- a/packages/credential-provider-node/src/remoteProvider.ts +++ b/packages/credential-provider-node/src/remoteProvider.ts @@ -1,3 +1,4 @@ +import type { FromHttpOptions } from "@aws-sdk/credential-provider-http"; import type { RemoteProviderInit } from "@smithy/credential-provider-imds"; import { chain, CredentialsProviderError } from "@smithy/property-provider"; import type { AwsCredentialIdentityProvider } from "@smithy/types"; @@ -10,7 +11,9 @@ export const ENV_IMDS_DISABLED = "AWS_EC2_METADATA_DISABLED"; /** * @internal */ -export const remoteProvider = async (init: RemoteProviderInit): Promise => { +export const remoteProvider = async ( + init: RemoteProviderInit | FromHttpOptions +): Promise => { const { ENV_CMDS_FULL_URI, ENV_CMDS_RELATIVE_URI, fromContainerMetadata, fromInstanceMetadata } = await import( "@smithy/credential-provider-imds" );