Add support for the AWS_CREDENTIAL_EXPIRATION environment variable

jeskew · jeskew · commit dcfef1212aef · 2017-06-21T10:30:30.000-07:00
diff --git a/packages/credential-provider-env/__tests__/index.ts b/packages/credential-provider-env/__tests__/index.ts
@@ -1,43 +1,47 @@
 import { CredentialError } from "@aws/credential-provider-base";
-import { ENV_KEY, ENV_SECRET, ENV_SESSION, fromEnv } from "../";
+import { ENV_KEY, ENV_SECRET, ENV_SESSION, ENV_EXPIRATION, fromEnv } from "../";
 
 const akid = process.env[ENV_KEY];
 const secret = process.env[ENV_SECRET];
 const token = process.env[ENV_SESSION];
+const expiry = process.env[ENV_EXPIRATION];
 
 beforeEach(() => {
   delete process.env[ENV_KEY];
   delete process.env[ENV_SECRET];
   delete process.env[ENV_SESSION];
+  delete process.env[ENV_EXPIRATION];
 });
 
 afterAll(() => {
   process.env[ENV_KEY] = akid;
   process.env[ENV_SECRET] = secret;
   process.env[ENV_SESSION] = token;
+  process.env[ENV_EXPIRATION] = expiry;
 });
 
 describe("fromEnv", () => {
   it("should read credentials from known environment variables", async () => {
     process.env[ENV_KEY] = "foo";
     process.env[ENV_SECRET] = "bar";
     process.env[ENV_SESSION] = "baz";
+    process.env[ENV_EXPIRATION] = "1970-01-01T07:00:00Z";
 
     expect(await fromEnv()()).toEqual({
       accessKeyId: "foo",
       secretAccessKey: "bar",
-      sessionToken: "baz"
+      sessionToken: "baz",
+      expiration: 25200
     });
   });
 
-  it("can create credentials without a session token", async () => {
+  it("can create credentials without a session token or expiration", async () => {
     process.env[ENV_KEY] = "foo";
     process.env[ENV_SECRET] = "bar";
 
     expect(await fromEnv()()).toEqual({
       accessKeyId: "foo",
-      secretAccessKey: "bar",
-      sessionToken: void 0
+      secretAccessKey: "bar"
     });
   });
 
diff --git a/packages/credential-provider-env/index.ts b/packages/credential-provider-env/index.ts
@@ -1,9 +1,11 @@
 import { CredentialProvider } from "@aws/types";
 import { CredentialError } from "@aws/credential-provider-base";
+import { epoch } from "@aws/protocol-timestamp";
 
 export const ENV_KEY = "AWS_ACCESS_KEY_ID";
 export const ENV_SECRET = "AWS_SECRET_ACCESS_KEY";
 export const ENV_SESSION = "AWS_SESSION_TOKEN";
+export const ENV_EXPIRATION = "AWS_CREDENTIAL_EXPIRATION";
 
 /**
  * Source AWS credentials from known environment variables. If either the
@@ -14,11 +16,13 @@ export function fromEnv(): CredentialProvider {
   return () => {
     const accessKeyId: string = process.env[ENV_KEY];
     const secretAccessKey: string = process.env[ENV_SECRET];
+    const expiry: string | undefined = process.env[ENV_EXPIRATION];
     if (accessKeyId && secretAccessKey) {
       return Promise.resolve({
         accessKeyId,
         secretAccessKey,
-        sessionToken: process.env[ENV_SESSION]
+        sessionToken: process.env[ENV_SESSION],
+        expiration: expiry ? epoch(expiry) : undefined
       });
     }
 
diff --git a/packages/credential-provider-env/package.json b/packages/credential-provider-env/package.json
@@ -17,6 +17,7 @@
   "license": "UNLICENSED",
   "dependencies": {
     "@aws/credential-provider-base": "^0.0.1",
+    "@aws/protocol-timestamp": "^0.0.1",
     "@aws/types": "^0.0.1"
   },
   "devDependencies": {
