Merge pull request #24 from jeskew/feature/credential-provider-env

Feature/credential provider env

Author: jeskew

packages/credential-provider-env/.gitignore

@@ -0,0 +1,4 @@
+/node_modules/
+*.js
+*.js.map
+*.d.ts

packages/credential-provider-env/__tests__/index.ts

@@ -0,0 +1,72 @@
+import {CredentialError} from "@aws/credential-provider-base";
+import {
+    ENV_KEY,
+    ENV_SECRET,
+    ENV_SESSION,
+    ENV_EXPIRATION,
+    fromEnv,
+} from "../";
+
+const akid = process.env[ENV_KEY];
+const secret = process.env[ENV_SECRET];
+const token = process.env[ENV_SESSION];
+const expiry = process.env[ENV_EXPIRATION];
+
+beforeEach(() => {
+    delete process.env[ENV_KEY];
+    delete process.env[ENV_SECRET];
+    delete process.env[ENV_SESSION];
+    delete process.env[ENV_EXPIRATION];
+});
+
+afterAll(() => {
+    process.env[ENV_KEY] = akid;
+    process.env[ENV_SECRET] = secret;
+    process.env[ENV_SESSION] = token;
+    process.env[ENV_EXPIRATION] = expiry;
+});
+
+describe('fromEnv', () => {
+    it('should read credentials from known environment variables', async () => {
+        process.env[ENV_KEY] = 'foo';
+        process.env[ENV_SECRET] = 'bar';
+        process.env[ENV_SESSION] = 'baz';
+        process.env[ENV_EXPIRATION] = '1970-01-01T07:00:00Z';
+
+        expect(await fromEnv()()).toEqual({
+            accessKeyId: 'foo',
+            secretAccessKey: 'bar',
+            sessionToken: 'baz',
+            expiration: 25200,
+        });
+    });
+
+    it('can create credentials without a session token or expiration', async () => {
+        process.env[ENV_KEY] = 'foo';
+        process.env[ENV_SECRET] = 'bar';
+
+        expect(await fromEnv()()).toEqual({
+            accessKeyId: 'foo',
+            secretAccessKey: 'bar',
+        });
+    });
+
+    it(
+        'should reject the promise if no environmental credentials can be found',
+        async () => {
+            await fromEnv()().then(
+                () => { throw new Error('The promise should have been rejected.'); },
+                () => { /* Promise rejected as expected */ }
+            );
+        }
+    );
+
+    it('should flag a lack of credentials as a non-terminal error', async () => {
+        await fromEnv()().then(
+            () => { throw new Error('The promise should have been rejected.'); },
+            err => {
+                expect((err as CredentialError).tryNextLink).toBe(true);
+            }
+        );
+    });
+});

packages/credential-provider-env/index.ts

@@ -0,0 +1,33 @@
+import {CredentialProvider} from '@aws/types';
+import {CredentialError} from '@aws/credential-provider-base';
+import {epoch} from '@aws/protocol-timestamp';
+
+export const ENV_KEY = 'AWS_ACCESS_KEY_ID';
+export const ENV_SECRET = 'AWS_SECRET_ACCESS_KEY';
+export const ENV_SESSION = 'AWS_SESSION_TOKEN';
+export const ENV_EXPIRATION = 'AWS_CREDENTIAL_EXPIRATION';
+
+/**
+ * Source AWS credentials from known environment variables. If either the
+ * `AWS_ACCESS_KEY_ID` or `AWS_SECRET_ACCESS_KEY` environment variable is not
+ * set in this process, the provider will return a rejected promise.
+ */
+export function fromEnv(): CredentialProvider {
+    return () => {
+        const accessKeyId: string = process.env[ENV_KEY];
+        const secretAccessKey: string = process.env[ENV_SECRET];
+        const expiry: string|undefined = process.env[ENV_EXPIRATION];
+        if (accessKeyId && secretAccessKey) {
+            return Promise.resolve({
+                accessKeyId,
+                secretAccessKey,
+                sessionToken: process.env[ENV_SESSION],
+                expiration: expiry ? epoch(expiry) : undefined
+            });
+        }
+
+        return Promise.reject(new CredentialError(
+            'Unable to find environment variable credentials.'
+        ));
+    };
+}

packages/credential-provider-env/package.json

@@ -0,0 +1,29 @@
+{
+  "name": "@aws/credential-provider-env",
+  "version": "0.0.1",
+  "private": true,
+  "description": "AWS credential provider that sources credentials from known environment variables",
+  "main": "index.js",
+  "scripts": {
+    "prepublishOnly": "tsc",
+    "pretest": "tsc",
+    "test": "jest"
+  },
+  "keywords": [
+    "aws",
+    "credentials"
+  ],
+  "author": "[email protected]",
+  "license": "UNLICENSED",
+  "dependencies": {
+    "@aws/credential-provider-base": "^0.0.1",
+    "@aws/protocol-timestamp": "^0.0.1",
+    "@aws/types": "^0.0.1"
+  },
+  "devDependencies": {
+    "@types/jest": "^19.2.2",
+    "@types/node": "^7.0.12",
+    "jest": "^19.0.2",
+    "typescript": "^2.3"
+  }
+}

packages/credential-provider-env/tsconfig.json

@@ -0,0 +1,13 @@
+{
+  "compilerOptions": {
+    "module": "commonjs",
+    "target": "es5",
+    "declaration": true,
+    "strict": true,
+    "sourceMap": true,
+    "lib": [
+      "es5",
+      "es2015.promise"
+    ]
+  }
+}