88 lines
4.8 KiB
JavaScript
88 lines
4.8 KiB
JavaScript
'use strict';
|
|
|
|
var credentialProviderEnv = require('@aws-sdk/credential-provider-env');
|
|
var propertyProvider = require('@smithy/property-provider');
|
|
var sharedIniFileLoader = require('@smithy/shared-ini-file-loader');
|
|
|
|
const ENV_IMDS_DISABLED = "AWS_EC2_METADATA_DISABLED";
|
|
const remoteProvider = async (init) => {
|
|
const { ENV_CMDS_FULL_URI, ENV_CMDS_RELATIVE_URI, fromContainerMetadata, fromInstanceMetadata } = await import('@smithy/credential-provider-imds');
|
|
if (process.env[ENV_CMDS_RELATIVE_URI] || process.env[ENV_CMDS_FULL_URI]) {
|
|
init.logger?.debug("@aws-sdk/credential-provider-node - remoteProvider::fromHttp/fromContainerMetadata");
|
|
const { fromHttp } = await import('@aws-sdk/credential-provider-http');
|
|
return propertyProvider.chain(fromHttp(init), fromContainerMetadata(init));
|
|
}
|
|
if (process.env[ENV_IMDS_DISABLED] && process.env[ENV_IMDS_DISABLED] !== "false") {
|
|
return async () => {
|
|
throw new propertyProvider.CredentialsProviderError("EC2 Instance Metadata Service access disabled", { logger: init.logger });
|
|
};
|
|
}
|
|
init.logger?.debug("@aws-sdk/credential-provider-node - remoteProvider::fromInstanceMetadata");
|
|
return fromInstanceMetadata(init);
|
|
};
|
|
|
|
let multipleCredentialSourceWarningEmitted = false;
|
|
const defaultProvider = (init = {}) => propertyProvider.memoize(propertyProvider.chain(async () => {
|
|
const profile = init.profile ?? process.env[sharedIniFileLoader.ENV_PROFILE];
|
|
if (profile) {
|
|
const envStaticCredentialsAreSet = process.env[credentialProviderEnv.ENV_KEY] && process.env[credentialProviderEnv.ENV_SECRET];
|
|
if (envStaticCredentialsAreSet) {
|
|
if (!multipleCredentialSourceWarningEmitted) {
|
|
const warnFn = init.logger?.warn && init.logger?.constructor?.name !== "NoOpLogger"
|
|
? init.logger.warn.bind(init.logger)
|
|
: console.warn;
|
|
warnFn(`@aws-sdk/credential-provider-node - defaultProvider::fromEnv WARNING:
|
|
Multiple credential sources detected:
|
|
Both AWS_PROFILE and the pair AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY static credentials are set.
|
|
This SDK will proceed with the AWS_PROFILE value.
|
|
|
|
However, a future version may change this behavior to prefer the ENV static credentials.
|
|
Please ensure that your environment only sets either the AWS_PROFILE or the
|
|
AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY pair.
|
|
`);
|
|
multipleCredentialSourceWarningEmitted = true;
|
|
}
|
|
}
|
|
throw new propertyProvider.CredentialsProviderError("AWS_PROFILE is set, skipping fromEnv provider.", {
|
|
logger: init.logger,
|
|
tryNextLink: true,
|
|
});
|
|
}
|
|
init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromEnv");
|
|
return credentialProviderEnv.fromEnv(init)();
|
|
}, async () => {
|
|
init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromSSO");
|
|
const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoSession } = init;
|
|
if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName && !ssoSession) {
|
|
throw new propertyProvider.CredentialsProviderError("Skipping SSO provider in default chain (inputs do not include SSO fields).", { logger: init.logger });
|
|
}
|
|
const { fromSSO } = await import('@aws-sdk/credential-provider-sso');
|
|
return fromSSO(init)();
|
|
}, async () => {
|
|
init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromIni");
|
|
const { fromIni } = await import('@aws-sdk/credential-provider-ini');
|
|
return fromIni(init)();
|
|
}, async () => {
|
|
init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromProcess");
|
|
const { fromProcess } = await import('@aws-sdk/credential-provider-process');
|
|
return fromProcess(init)();
|
|
}, async () => {
|
|
init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromTokenFile");
|
|
const { fromTokenFile } = await import('@aws-sdk/credential-provider-web-identity');
|
|
return fromTokenFile(init)();
|
|
}, async () => {
|
|
init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::remoteProvider");
|
|
return (await remoteProvider(init))();
|
|
}, async () => {
|
|
throw new propertyProvider.CredentialsProviderError("Could not load credentials from any providers", {
|
|
tryNextLink: false,
|
|
logger: init.logger,
|
|
});
|
|
}), credentialsTreatedAsExpired, credentialsWillNeedRefresh);
|
|
const credentialsWillNeedRefresh = (credentials) => credentials?.expiration !== undefined;
|
|
const credentialsTreatedAsExpired = (credentials) => credentials?.expiration !== undefined && credentials.expiration.getTime() - Date.now() < 300000;
|
|
|
|
exports.credentialsTreatedAsExpired = credentialsTreatedAsExpired;
|
|
exports.credentialsWillNeedRefresh = credentialsWillNeedRefresh;
|
|
exports.defaultProvider = defaultProvider;
|