-
Notifications
You must be signed in to change notification settings - Fork 32
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Load, backstop, and pass around AWS credentials the correct way: via …
…`aws-lite` Stop populating credential-related process env vars: `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `AWS_SESSION_TOKEN` No longer use Dynamo client init as a missing credential backstop
- Loading branch information
Showing
13 changed files
with
61 additions
and
51 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
let awsLite = require('@aws-lite/client') | ||
module.exports = function loadCreds (params, callback) { | ||
let { inventory } = params | ||
awsLite({ | ||
autoloadPlugins: false, | ||
profile: inventory.inv?.aws?.profile, | ||
region: 'us-west-1', | ||
}) | ||
.then(aws => { | ||
params.creds = { | ||
// secretAccessKey + sessionToken are non-enumerable, so we can't just ref or spread | ||
accessKeyId: aws.credentials.accessKeyId, | ||
secretAccessKey: aws.credentials.secretAccessKey, | ||
sessionToken: aws.credentials.sessionToken, | ||
} | ||
callback() | ||
}) | ||
.catch(() => { | ||
params.creds = { | ||
accessKeyId: 'arc_dummy_access_key', | ||
secretAccessKey: 'arc_dummy_secret_key', | ||
} | ||
callback() | ||
}) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,44 +1,23 @@ | ||
let { join } = require('path') | ||
let awsLite = require('@aws-lite/client') | ||
|
||
module.exports = function initDynamoClient (ports, callback) { | ||
/** | ||
* Final DynamoDB credentials backstop | ||
* - Assumes credentials are loaded via aws-lite | ||
* - Populate AWS-specific env vars necessary to mock Lambda + make SDK calls if not already loaded | ||
* - Only AWS_SECRET_ACCESS_KEY + AWS_ACCESS_KEY_ID are technically required to mock Lambda | ||
*/ | ||
let plugins = [] | ||
// Binary dist mode | ||
if (process.pkg) { | ||
plugins.push(join(__dirname, '_aws-lite-dynamodb-vendor.js')) | ||
} | ||
else plugins.push('@aws-lite/dynamodb') | ||
module.exports = function initDynamoClient ({ creds, ports }, callback) { | ||
let plugins = [ | ||
// Binary dist mode | ||
process.pkg | ||
? join(__dirname, '_aws-lite-dynamodb-vendor.js') | ||
: '@aws-lite/dynamodb' | ||
] | ||
let config = { | ||
autoloadPlugins: false, | ||
host: 'localhost', | ||
plugins, | ||
port: ports.tables, | ||
protocol: 'http', | ||
region: process.env.AWS_REGION || 'us-west-2', | ||
} | ||
function go (aws) { | ||
if (!process.env.AWS_ACCESS_KEY_ID) { | ||
process.env.AWS_ACCESS_KEY_ID = aws.credentials.accessKeyId | ||
} | ||
if (!process.env.AWS_SECRET_ACCESS_KEY) { | ||
process.env.AWS_SECRET_ACCESS_KEY = aws.credentials.secretAccessKey | ||
} | ||
callback(null, aws) | ||
...creds, | ||
} | ||
awsLite(config) | ||
.then(go) | ||
.catch(err => { | ||
if (err.message.match(/You must supply AWS credentials/)) { | ||
config.accessKeyId = 'arc_dummy_access_key' | ||
config.secretAccessKey = 'arc_dummy_secret_key' | ||
awsLite(config).then(go).catch(callback) | ||
} | ||
else callback(err) | ||
}) | ||
.then(client => callback(null, client)) | ||
.catch(callback) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters