Add support for the AWS_CREDENTIAL_EXPIRATION environment variable

jeskew · jeskew · commit 6fb34c85d556 · 2017-06-21T10:30:30.000-07:00
diff --git a/packages/credential-provider-env/__tests__/index.ts b/packages/credential-provider-env/__tests__/index.ts
@@ -3,46 +3,51 @@ import {
     ENV_KEY,
     ENV_SECRET,
     ENV_SESSION,
+    ENV_EXPIRATION,
     fromEnv,
 } from "../";
 
 const akid = process.env[ENV_KEY];
 const secret = process.env[ENV_SECRET];
 const token = process.env[ENV_SESSION];
+const expiry = process.env[ENV_EXPIRATION];
 
 beforeEach(() => {
     delete process.env[ENV_KEY];
     delete process.env[ENV_SECRET];
     delete process.env[ENV_SESSION];
+    delete process.env[ENV_EXPIRATION];
 });
 
 afterAll(() => {
     process.env[ENV_KEY] = akid;
     process.env[ENV_SECRET] = secret;
     process.env[ENV_SESSION] = token;
+    process.env[ENV_EXPIRATION] = expiry;
 });
 
 describe('fromEnv', () => {
     it('should read credentials from known environment variables', async () => {
         process.env[ENV_KEY] = 'foo';
         process.env[ENV_SECRET] = 'bar';
         process.env[ENV_SESSION] = 'baz';
+        process.env[ENV_EXPIRATION] = '1970-01-01T07:00:00Z';
 
         expect(await fromEnv()()).toEqual({
             accessKeyId: 'foo',
             secretAccessKey: 'bar',
             sessionToken: 'baz',
+            expiration: 25200,
         });
     });
 
-    it('can create credentials without a session token', async () => {
+    it('can create credentials without a session token or expiration', async () => {
         process.env[ENV_KEY] = 'foo';
         process.env[ENV_SECRET] = 'bar';
 
         expect(await fromEnv()()).toEqual({
             accessKeyId: 'foo',
             secretAccessKey: 'bar',
-            sessionToken: void 0,
         });
     });
 
diff --git a/packages/credential-provider-env/index.ts b/packages/credential-provider-env/index.ts
@@ -1,9 +1,11 @@
-import {CredentialProvider} from "@aws/types";
-import {CredentialError} from "@aws/credential-provider-base";
+import {CredentialProvider} from '@aws/types';
+import {CredentialError} from '@aws/credential-provider-base';
+import {epoch} from '@aws/protocol-timestamp';
 
 export const ENV_KEY = 'AWS_ACCESS_KEY_ID';
 export const ENV_SECRET = 'AWS_SECRET_ACCESS_KEY';
 export const ENV_SESSION = 'AWS_SESSION_TOKEN';
+export const ENV_EXPIRATION = 'AWS_CREDENTIAL_EXPIRATION';
 
 /**
  * Source AWS credentials from known environment variables. If either the
@@ -14,11 +16,13 @@ export function fromEnv(): CredentialProvider {
     return () => {
         const accessKeyId: string = process.env[ENV_KEY];
         const secretAccessKey: string = process.env[ENV_SECRET];
+        const expiry: string|undefined = process.env[ENV_EXPIRATION];
         if (accessKeyId && secretAccessKey) {
             return Promise.resolve({
                 accessKeyId,
                 secretAccessKey,
                 sessionToken: process.env[ENV_SESSION],
+                expiration: expiry ? epoch(expiry) : undefined
             });
         }
 
diff --git a/packages/credential-provider-env/package.json b/packages/credential-provider-env/package.json
@@ -17,6 +17,7 @@
   "license": "UNLICENSED",
   "dependencies": {
     "@aws/credential-provider-base": "^0.0.1",
+    "@aws/protocol-timestamp": "^0.0.1",
     "@aws/types": "^0.0.1"
   },
   "devDependencies": {
