add process credentials provider (#219)

Author: Chase Coalwell

packages/credential-provider-ini/src/index.ts

@@ -123,7 +123,7 @@ export function fromIni(init: FromIniInit = {}): CredentialProvider {
     );
 }
 
-function getMasterProfileName(init: FromIniInit): string {
+export function getMasterProfileName(init: FromIniInit): string {
   return init.profile || process.env[ENV_PROFILE] || DEFAULT_PROFILE;
 }
 
@@ -207,7 +207,7 @@ async function resolveProfileData(
   );
 }
 
-function parseKnownFiles(init: FromIniInit): Promise<ParsedIniData> {
+export function parseKnownFiles(init: FromIniInit): Promise<ParsedIniData> {
   const { loadedConfig = loadSharedConfigFiles(init) } = init;
 
   return loadedConfig.then(parsedFiles => {

packages/credential-provider-node/README.md

@@ -5,7 +5,7 @@ AWS credentials from a Node.JS environment. It will attempt to find credentials
 from the following sources (listed in order of precedence):
 _ Environment variables exposed via `process.env`
 _ Shared credentials and config ini files \* The EC2/ECS Instance Metadata Service
-  
+
 The default credential provider will invoke one provider at a time and only
 continue to the next if no credentials have been located. For example, if the
 process finds values defined via the `AWS_ACCESS_KEY_ID` and

packages/credential-provider-node/package.json

@@ -25,6 +25,7 @@
     "@aws-sdk/credential-provider-env": "^0.1.0-preview.4",
     "@aws-sdk/credential-provider-imds": "^0.1.0-preview.3",
     "@aws-sdk/credential-provider-ini": "^0.1.0-preview.3",
+    "@aws-sdk/credential-provider-process": "^0.1.0-preview.1",
     "@aws-sdk/property-provider": "^0.1.0-preview.3",
     "@aws-sdk/types": "^0.1.0-preview.3",
     "tslib": "^1.8.0"

packages/credential-provider-node/src/index.spec.ts

@@ -21,11 +21,24 @@ import {
   fromIni,
   FromIniInit
 } from "@aws-sdk/credential-provider-ini";
+
 import {
   ENV_CONFIG_PATH,
   ENV_CREDENTIALS_PATH
 } from "@aws-sdk/shared-ini-file-loader";
 
+jest.mock("@aws-sdk/credential-provider-process", () => {
+  const processProvider = jest.fn();
+  return {
+    ENV_PROFILE: "AWS_PROFILE",
+    fromProcess: jest.fn(() => processProvider)
+  };
+});
+import {
+  fromProcess,
+  FromProcessInit
+} from "@aws-sdk/credential-provider-process";
+
 jest.mock("@aws-sdk/credential-provider-imds", () => {
   const containerMdsProvider = jest.fn();
   const instanceMdsProvider = jest.fn();
@@ -67,10 +80,12 @@ beforeEach(() => {
 
   (fromEnv() as any).mockClear();
   (fromIni() as any).mockClear();
+  (fromProcess() as any).mockClear();
   (fromContainerMetadata() as any).mockClear();
   (fromInstanceMetadata() as any).mockClear();
   (fromEnv as any).mockClear();
   (fromIni as any).mockClear();
+  (fromProcess as any).mockClear();
   (fromContainerMetadata as any).mockClear();
   (fromInstanceMetadata as any).mockClear();
 });
@@ -97,6 +112,7 @@ describe("defaultProvider", () => {
     expect(await defaultProvider()()).toEqual(creds);
     expect((fromEnv() as any).mock.calls.length).toBe(1);
     expect((fromIni() as any).mock.calls.length).toBe(0);
+    expect((fromProcess() as any).mock.calls.length).toBe(0);
     expect((fromContainerMetadata() as any).mock.calls.length).toBe(0);
     expect((fromInstanceMetadata() as any).mock.calls.length).toBe(0);
   });
@@ -115,29 +131,55 @@ describe("defaultProvider", () => {
     expect(await defaultProvider()()).toEqual(creds);
     expect((fromEnv() as any).mock.calls.length).toBe(1);
     expect((fromIni() as any).mock.calls.length).toBe(1);
+    expect((fromProcess() as any).mock.calls.length).toBe(0);
     expect((fromContainerMetadata() as any).mock.calls.length).toBe(0);
     expect((fromInstanceMetadata() as any).mock.calls.length).toBe(0);
   });
 
-  it("should continue on to the IMDS provider if no env or ini credentials have been found", async () => {
+  it("should stop after the process provider if credentials have been found", async () => {
     const creds = {
       accessKeyId: "foo",
       secretAccessKey: "bar"
     };
 
+    (fromEnv() as any).mockImplementation(() =>
+      Promise.reject(new ProviderError("Nothing here!"))
+    );
+    (fromIni() as any).mockImplementation(() =>
+      Promise.reject(new ProviderError("Nothing here!"))
+    );
+    (fromProcess() as any).mockImplementation(() => Promise.resolve(creds));
+
+    expect(await defaultProvider()()).toEqual(creds);
+    expect((fromEnv() as any).mock.calls.length).toBe(1);
+    expect((fromIni() as any).mock.calls.length).toBe(1);
+    expect((fromProcess() as any).mock.calls.length).toBe(1);
+    expect((fromContainerMetadata() as any).mock.calls.length).toBe(0);
+    expect((fromInstanceMetadata() as any).mock.calls.length).toBe(0);
+  });
+
+  it("should continue on to the IMDS provider if no env, ini or process credentials have been found", async () => {
+    const creds = {
+      accessKeyId: "foo",
+      secretAccessKey: "bar"
+    };
     (fromEnv() as any).mockImplementation(() =>
       Promise.reject(new ProviderError("Keep moving!"))
     );
     (fromIni() as any).mockImplementation(() =>
       Promise.reject(new ProviderError("Nothing here!"))
     );
+    (fromProcess() as any).mockImplementation(() =>
+      Promise.reject(new ProviderError("Nor here!"))
+    );
     (fromInstanceMetadata() as any).mockImplementation(() =>
       Promise.resolve(creds)
     );
 
     expect(await defaultProvider()()).toEqual(creds);
     expect((fromEnv() as any).mock.calls.length).toBe(1);
     expect((fromIni() as any).mock.calls.length).toBe(1);
+    expect((fromProcess() as any).mock.calls.length).toBe(1);
     expect((fromContainerMetadata() as any).mock.calls.length).toBe(0);
     expect((fromInstanceMetadata() as any).mock.calls.length).toBe(1);
   });
@@ -154,6 +196,9 @@ describe("defaultProvider", () => {
     (fromIni() as any).mockImplementation(() =>
       Promise.reject(new ProviderError("Nothing here!"))
     );
+    (fromProcess() as any).mockImplementation(() =>
+      Promise.reject(new ProviderError("Nor here!"))
+    );
     (fromInstanceMetadata() as any).mockImplementation(() =>
       Promise.resolve(creds)
     );
@@ -177,6 +222,9 @@ describe("defaultProvider", () => {
     (fromIni() as any).mockImplementation(() =>
       Promise.reject(new ProviderError("Nothing here!"))
     );
+    (fromProcess() as any).mockImplementation(() =>
+      Promise.reject(new ProviderError("Nor here!"))
+    );
     (fromInstanceMetadata() as any).mockImplementation(() =>
       Promise.reject(new Error("PANIC"))
     );
@@ -189,6 +237,7 @@ describe("defaultProvider", () => {
     expect(await defaultProvider()()).toEqual(creds);
     expect((fromEnv() as any).mock.calls.length).toBe(1);
     expect((fromIni() as any).mock.calls.length).toBe(1);
+    expect((fromProcess() as any).mock.calls.length).toBe(1);
     expect((fromContainerMetadata() as any).mock.calls.length).toBe(1);
     expect((fromInstanceMetadata() as any).mock.calls.length).toBe(0);
   });
@@ -224,6 +273,33 @@ describe("defaultProvider", () => {
     expect((fromIni as any).mock.calls[0][0]).toBe(iniConfig);
   });
 
+  it("should pass configuration on to the process provider", async () => {
+    const processConfig: FromProcessInit = {
+      filepath: "/home/user/.secrets/credentials.ini",
+      configFilepath: "/home/user/.secrets/credentials.ini"
+    };
+
+    (fromEnv() as any).mockImplementation(() =>
+      Promise.reject(new ProviderError("Keep moving!"))
+    );
+    (fromIni() as any).mockImplementation(() =>
+      Promise.reject(new ProviderError("Nothing here!"))
+    );
+    (fromProcess() as any).mockImplementation(() =>
+      Promise.resolve({
+        accessKeyId: "foo",
+        secretAccessKey: "bar"
+      })
+    );
+
+    (fromProcess as any).mockClear();
+
+    await expect(defaultProvider(processConfig)()).resolves;
+    expect((fromProcess as any).mock.calls.length).toBe(1);
+    expect((fromProcess as any).mock.calls.length).toBe(1);
+    expect((fromProcess as any).mock.calls[0][0]).toBe(processConfig);
+  });
+
   it("should pass configuration on to the IMDS provider", async () => {
     const imdsConfig: RemoteProviderInit = {
       timeout: 2000,
@@ -236,6 +312,9 @@ describe("defaultProvider", () => {
     (fromIni() as any).mockImplementation(() =>
       Promise.reject(new ProviderError("Nothing here!"))
     );
+    (fromProcess() as any).mockImplementation(() =>
+      Promise.reject(new ProviderError("Nor here!"))
+    );
     (fromInstanceMetadata() as any).mockImplementation(() =>
       Promise.resolve({
         accessKeyId: "foo",
@@ -370,6 +449,9 @@ describe("defaultProvider", () => {
         Promise.reject(new Error("PANIC"))
       );
       (fromIni() as any).mockImplementation(() => Promise.resolve(creds));
+      (fromProcess() as any).mockImplementation(() =>
+        Promise.reject(new Error("PANIC"))
+      );
       (fromInstanceMetadata() as any).mockImplementation(() =>
         Promise.reject(new Error("PANIC"))
       );
@@ -381,6 +463,7 @@ describe("defaultProvider", () => {
       expect(await defaultProvider()()).toEqual(creds);
       expect((fromEnv() as any).mock.calls.length).toBe(0);
       expect((fromIni() as any).mock.calls.length).toBe(1);
+      expect((fromProcess() as any).mock.calls.length).toBe(0);
       expect((fromContainerMetadata() as any).mock.calls.length).toBe(0);
       expect((fromInstanceMetadata() as any).mock.calls.length).toBe(0);
     });

packages/credential-provider-node/src/index.ts

@@ -12,6 +12,10 @@ import {
   fromIni,
   FromIniInit
 } from "@aws-sdk/credential-provider-ini";
+import {
+  fromProcess,
+  FromProcessInit
+} from "@aws-sdk/credential-provider-process";
 import { CredentialProvider } from "@aws-sdk/types";
 
 export const ENV_IMDS_DISABLED = "AWS_EC2_METADATA_DISABLED";
@@ -37,18 +41,20 @@ export const ENV_IMDS_DISABLED = "AWS_EC2_METADATA_DISABLED";
  *                              environment variables
  * @see fromIni                 The function used to source credentials from INI
  *                              files
+ * @see fromProcess             The functino used to sources credentials from
+ *                              credential_process in INI files
  * @see fromInstanceMetadata    The function used to source credentials from the
  *                              EC2 Instance Metadata Service
  * @see fromContainerMetadata   The function used to source credentials from the
  *                              ECS Container Metadata Service
  */
 export function defaultProvider(
-  init: FromIniInit & RemoteProviderInit = {}
+  init: FromIniInit & RemoteProviderInit & FromProcessInit = {}
 ): CredentialProvider {
   const { profile = process.env[ENV_PROFILE] } = init;
   const providerChain = profile
     ? fromIni(init)
-    : chain(fromEnv(), fromIni(init), remoteProvider(init));
+    : chain(fromEnv(), fromIni(init), fromProcess(init), remoteProvider(init));
 
   return memoize(
     providerChain,

packages/credential-provider-process/.gitignore

@@ -0,0 +1,2 @@
+/node_modules/
+/build/

packages/credential-provider-process/.npmignore

@@ -0,0 +1,15 @@
+/src/
+/coverage/
+tsconfig.test.json
+
+*.spec.js
+*.spec.d.ts
+*.spec.js.map
+
+*.mock.js
+*.mock.d.ts
+*.mock.js.map
+
+*.fixture.js
+*.fixture.d.ts
+*.fixture.js.map

packages/credential-provider-process/CHANGELOG.md

@@ -0,0 +1,4 @@
+# Change Log
+
+All notable changes to this project will be documented in this file.
+See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.