Merge pull request #24 from jeskew/feature/credential-provider-env

Feature/credential provider env

Author: jeskew

packages/credential-provider-env/.gitignore

@@ -0,0 +1,4 @@
+/node_modules/
+*.js
+*.js.map
+*.d.ts

packages/credential-provider-env/__tests__/index.ts

@@ -0,0 +1,69 @@
+import { CredentialError } from "@aws/credential-provider-base";
+import { ENV_KEY, ENV_SECRET, ENV_SESSION, ENV_EXPIRATION, fromEnv } from "../";
+
+const akid = process.env[ENV_KEY];
+const secret = process.env[ENV_SECRET];
+const token = process.env[ENV_SESSION];
+const expiry = process.env[ENV_EXPIRATION];
+
+beforeEach(() => {
+  delete process.env[ENV_KEY];
+  delete process.env[ENV_SECRET];
+  delete process.env[ENV_SESSION];
+  delete process.env[ENV_EXPIRATION];
+});
+
+afterAll(() => {
+  process.env[ENV_KEY] = akid;
+  process.env[ENV_SECRET] = secret;
+  process.env[ENV_SESSION] = token;
+  process.env[ENV_EXPIRATION] = expiry;
+});
+
+describe("fromEnv", () => {
+  it("should read credentials from known environment variables", async () => {
+    process.env[ENV_KEY] = "foo";
+    process.env[ENV_SECRET] = "bar";
+    process.env[ENV_SESSION] = "baz";
+    process.env[ENV_EXPIRATION] = "1970-01-01T07:00:00Z";
+
+    expect(await fromEnv()()).toEqual({
+      accessKeyId: "foo",
+      secretAccessKey: "bar",
+      sessionToken: "baz",
+      expiration: 25200
+    });
+  });
+
+  it("can create credentials without a session token or expiration", async () => {
+    process.env[ENV_KEY] = "foo";
+    process.env[ENV_SECRET] = "bar";
+
+    expect(await fromEnv()()).toEqual({
+      accessKeyId: "foo",
+      secretAccessKey: "bar"
+    });
+  });
+
+  it("should reject the promise if no environmental credentials can be found", async () => {
+    await fromEnv()().then(
+      () => {
+        throw new Error("The promise should have been rejected.");
+      },
+      () => {
+        /* Promise rejected as expected */
+      }
+    );
+  });
+
+  it("should flag a lack of credentials as a non-terminal error", async () => {
+    await fromEnv()().then(
+      () => {
+        throw new Error("The promise should have been rejected.");
+      },
+      err => {
+        expect((err as CredentialError).tryNextLink).toBe(true);
+      }
+    );
+  });
+});

packages/credential-provider-env/index.ts

@@ -0,0 +1,33 @@
+import { CredentialProvider } from "@aws/types";
+import { CredentialError } from "@aws/credential-provider-base";
+import { epoch } from "@aws/protocol-timestamp";
+
+export const ENV_KEY = "AWS_ACCESS_KEY_ID";
+export const ENV_SECRET = "AWS_SECRET_ACCESS_KEY";
+export const ENV_SESSION = "AWS_SESSION_TOKEN";
+export const ENV_EXPIRATION = "AWS_CREDENTIAL_EXPIRATION";
+
+/**
+ * Source AWS credentials from known environment variables. If either the
+ * `AWS_ACCESS_KEY_ID` or `AWS_SECRET_ACCESS_KEY` environment variable is not
+ * set in this process, the provider will return a rejected promise.
+ */
+export function fromEnv(): CredentialProvider {
+  return () => {
+    const accessKeyId: string = process.env[ENV_KEY];
+    const secretAccessKey: string = process.env[ENV_SECRET];
+    const expiry: string | undefined = process.env[ENV_EXPIRATION];
+    if (accessKeyId && secretAccessKey) {
+      return Promise.resolve({
+        accessKeyId,
+        secretAccessKey,
+        sessionToken: process.env[ENV_SESSION],
+        expiration: expiry ? epoch(expiry) : undefined
+      });
+    }
+
+    return Promise.reject(
+      new CredentialError("Unable to find environment variable credentials.")
+    );
+  };
+}

packages/credential-provider-env/package.json

@@ -0,0 +1,29 @@
+{
+  "name": "@aws/credential-provider-env",
+  "version": "0.0.1",
+  "private": true,
+  "description": "AWS credential provider that sources credentials from known environment variables",
+  "main": "index.js",
+  "scripts": {
+    "prepublishOnly": "tsc",
+    "pretest": "tsc",
+    "test": "jest"
+  },
+  "keywords": [
+    "aws",
+    "credentials"
+  ],
+  "author": "[email protected]",
+  "license": "UNLICENSED",
+  "dependencies": {
+    "@aws/credential-provider-base": "^0.0.1",
+    "@aws/protocol-timestamp": "^0.0.1",
+    "@aws/types": "^0.0.1"
+  },
+  "devDependencies": {
+    "@types/jest": "^19.2.2",
+    "@types/node": "^7.0.12",
+    "jest": "^19.0.2",
+    "typescript": "^2.3"
+  }
+}

packages/credential-provider-env/tsconfig.json

@@ -0,0 +1,13 @@
+{
+  "compilerOptions": {
+    "module": "commonjs",
+    "target": "es5",
+    "declaration": true,
+    "strict": true,
+    "sourceMap": true,
+    "lib": [
+      "es5",
+      "es2015.promise"
+    ]
+  }
+}