Add basic shared file provider

Author: jeskew

packages/credential-provider/__mocks__/fs.ts

@@ -0,0 +1,37 @@
+interface FsModule {
+    __addMatcher: (toMatch: RegExp, toReturn: string) => void;
+    __clearMatchers: () => void;
+    readFile: (path: string, encoding: string, cb: Function) => void
+}
+
+const fs: FsModule = <FsModule>jest.genMockFromModule('fs');
+const matchers = new Map<RegExp, string>();
+
+function __addMatcher(toMatch: RegExp, toReturn: string): void {
+    matchers.set(toMatch, toReturn);
+}
+
+function __clearMatchers(): void {
+    matchers.clear();
+}
+
+function readFile(
+    path: string,
+    encoding: string,
+    callback: (err: Error|null, data?: string) => void
+): void {
+    for (let [matcher, data] of matchers.entries()) {
+        if (matcher.test(path)) {
+            callback(null, data);
+            return;
+        }
+    }
+
+    callback(new Error('ENOENT: no such file or directory'));
+}
+
+fs.__addMatcher = __addMatcher;
+fs.__clearMatchers = __clearMatchers;
+fs.readFile = readFile;
+
+module.exports = fs;

packages/credential-provider/__mocks__/os.ts

@@ -0,0 +1,10 @@
+interface OsModule {
+    homedir: () => string;
+}
+
+const os: OsModule = <OsModule>jest.genMockFromModule('os');
+const path = require('path');
+
+os.homedir = () => path.sep + path.join('home', 'user');
+
+module.exports = os;

packages/credential-provider/__tests__/fromEnv.ts

@@ -48,10 +48,10 @@ describe('fromEnv', () => {
     it(
         'should reject the promise if no environmental credentials can be found',
         async () => {
-            try {
-                await fromEnv()();
-                fail('The promise should have been rejected.');
-            } catch (e) {}
+            await fromEnv()().then(
+                () => { throw new Error('The promise should have been rejected.'); },
+                () => { /* Promise rejected as expected */ }
+            );
         }
     );
 });

packages/credential-provider/__tests__/fromIni.ts

@@ -0,0 +1,141 @@
+jest.mock('fs');
+jest.mock('os');
+
+const {__addMatcher, __clearMatchers} = require('fs');
+const {homedir} = require('os');
+
+import {Buffer} from 'buffer';
+import {join} from 'path';
+import {fromIni} from "../lib/fromIni";
+
+const DEFAULT_CREDS = {
+    accessKeyId: 'AKIAIOSFODNN7EXAMPLE',
+    secretKey: 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY',
+    sessionToken: 'sessionToken',
+};
+
+const FOO_CREDS = {
+    accessKeyId: 'foo',
+    secretKey: 'bar',
+    sessionToken: 'baz',
+};
+
+beforeEach(__clearMatchers);
+
+describe('fromIni', () => {
+    it('should read credentials from ~/.aws/credentials', async () => {
+        __addMatcher(new RegExp(join(homedir(), '.aws', 'credentials')), `
+[default]
+aws_access_key_id = ${DEFAULT_CREDS.accessKeyId}
+aws_secret_access_key = ${DEFAULT_CREDS.secretKey}
+aws_session_token = ${DEFAULT_CREDS.sessionToken}
+        `.trim());
+
+        expect(await fromIni()()).toEqual(DEFAULT_CREDS);
+    });
+
+    it('should read profile credentials from ~/.aws/credentials', async () => {
+        __addMatcher(new RegExp(join(homedir(), '.aws', 'credentials')), `
+[default]
+aws_access_key_id = ${DEFAULT_CREDS.accessKeyId}
+aws_secret_access_key = ${DEFAULT_CREDS.secretKey}
+aws_session_token = ${DEFAULT_CREDS.sessionToken}
+
+[foo]
+aws_access_key_id = ${FOO_CREDS.accessKeyId}
+aws_secret_access_key = ${FOO_CREDS.secretKey}
+aws_session_token = ${FOO_CREDS.sessionToken}
+        `.trim());
+
+        expect(await fromIni({profile: 'foo'})()).toEqual(FOO_CREDS);
+    });
+
+    it('should read credentials from ~/.aws/config', async () => {
+        __addMatcher(new RegExp(join(homedir(), '.aws', 'config')), `
+[default]
+aws_access_key_id = ${DEFAULT_CREDS.accessKeyId}
+aws_secret_access_key = ${DEFAULT_CREDS.secretKey}
+aws_session_token = ${DEFAULT_CREDS.sessionToken}
+        `.trim());
+
+        expect(await fromIni()()).toEqual(DEFAULT_CREDS);
+    });
+
+    it('should read profile credentials from ~/.aws/config', async () => {
+        __addMatcher(new RegExp(join(homedir(), '.aws', 'config')), `
+[default]
+aws_access_key_id = ${DEFAULT_CREDS.accessKeyId}
+aws_secret_access_key = ${DEFAULT_CREDS.secretKey}
+aws_session_token = ${DEFAULT_CREDS.sessionToken}
+
+[profile foo]
+aws_access_key_id = ${FOO_CREDS.accessKeyId}
+aws_secret_access_key = ${FOO_CREDS.secretKey}
+aws_session_token = ${FOO_CREDS.sessionToken}
+        `.trim());
+
+        expect(await fromIni({profile: 'foo'})()).toEqual(FOO_CREDS);
+    });
+
+    it(
+        'should prefer credentials in ~/.aws/credentials to those in ~/.aws/config',
+        async () => {
+            __addMatcher(new RegExp(join(homedir(), '.aws', 'credentials')), `
+[default]
+aws_access_key_id = ${DEFAULT_CREDS.accessKeyId}
+aws_secret_access_key = ${DEFAULT_CREDS.secretKey}
+aws_session_token = ${DEFAULT_CREDS.sessionToken}
+        `.trim());
+
+            __addMatcher(new RegExp(join(homedir(), '.aws', 'config')), `
+[default]
+aws_access_key_id = ${FOO_CREDS.accessKeyId}
+aws_secret_access_key = ${FOO_CREDS.secretKey}
+aws_session_token = ${FOO_CREDS.sessionToken}
+        `.trim());
+
+            expect(await fromIni()()).toEqual(DEFAULT_CREDS);
+        }
+    );
+
+    it('should reject credentials with no access key key', async () => {
+        __addMatcher(new RegExp(join(homedir(), '.aws', 'credentials')), `
+[default]
+aws_secret_access_key = ${DEFAULT_CREDS.secretKey}
+        `.trim());
+
+        await fromIni()().then(
+            () => { throw new Error('The promise should have been rejected'); },
+            () => { /* Promise rejected as expected */ }
+        );
+    });
+
+    it('should reject credentials with no secret key', async () => {
+        __addMatcher(new RegExp(join(homedir(), '.aws', 'credentials')), `
+[default]
+aws_access_key_id = ${DEFAULT_CREDS.accessKeyId}
+        `.trim());
+
+        await fromIni()().then(
+            () => { throw new Error('The promise should have been rejected'); },
+            () => { /* Promise rejected as expected */ }
+        );
+    });
+
+    it('should not merge profile values together', async () => {
+        __addMatcher(new RegExp(join(homedir(), '.aws', 'credentials')), `
+[default]
+aws_access_key_id = ${DEFAULT_CREDS.accessKeyId}
+        `.trim());
+
+        __addMatcher(new RegExp(join(homedir(), '.aws', 'config')), `
+[default]
+aws_secret_access_key = ${FOO_CREDS.secretKey}
+        `.trim());
+
+        await fromIni()().then(
+            () => { throw new Error('The promise should have been rejected'); },
+            () => { /* Promise rejected as expected */ }
+        );
+    });
+});

packages/credential-provider/index.ts

@@ -1,5 +1,6 @@
 export * from './lib/chain';
 export * from './lib/fromCredentials';
 export * from './lib/fromEnv';
+export * from './lib/fromIni';
 export * from './lib/isCredentials';
 export * from './lib/memoize';

packages/credential-provider/lib/fromIni.ts

@@ -0,0 +1,103 @@
+import {CredentialProvider} from './CredentialProvider';
+import {readFile} from 'fs';
+import {homedir} from 'os';
+import {join} from 'path';
+
+const DEFAULT_PROFILE = 'default';
+export const ENV_PROFILE = 'AWS_PROFILE';
+const DEFAULT_CREDENTIALS_PATH = join(homedir(), '.aws', 'credentials');
+export const ENV_CREDENTIALS_PATH = 'AWS_SHARED_CREDENTIALS_FILE';
+const DEFAULT_CONFIG_PATH = join(homedir(), '.aws', 'config');
+export const ENV_CONFIG_PATH = 'AWS_CONFIG_FILE';
+
+const INI_KEY = 'aws_access_key_id';
+const INI_SECRET = 'aws_secret_access_key';
+const INI_SESSION = 'aws_session_token';
+
+export interface fromIniInit {
+    profile?: string;
+    filepath?: string;
+    configFilepath?: string;
+}
+
+interface ParsedIniData {
+    [key: string]: {[key: string]: string};
+}
+
+export function fromIni(init: fromIniInit = {}): CredentialProvider {
+    return () => parseKnownFiles(init).then(profiles => {
+        const {profile = process.env[ENV_PROFILE] || DEFAULT_PROFILE} = init;
+        const profileData = profiles[profile];
+        if (undefined === profileData) {
+            throw new Error(
+                `Profile ${profile} not found in shared credentials file.`
+            );
+        } else if (!profileData[INI_KEY] || !profileData[INI_SECRET]) {
+            throw new Error(
+                `Missing key or secret from profile "${profile}" in shared credentials file.`
+            );
+        }
+
+        return {
+            accessKeyId: profileData[INI_KEY],
+            secretKey: profileData[INI_SECRET],
+            sessionToken: profileData[INI_SESSION],
+        };
+    });
+}
+
+function parseIni(iniData: string): ParsedIniData {
+    const map: ParsedIniData = {};
+    let currentSection: string|undefined;
+    for (let line of iniData.split(/\r?\n/)) {
+        line = line.split(/(^|\s)[;#]/)[0]; // remove comments
+        const section = line.match(/^\s*\[([^\[\]]+)]\s*$/);
+        if (section) {
+            currentSection = section[1];
+        } else if (currentSection) {
+            const item = line.match(/^\s*(.+?)\s*=\s*(.+?)\s*$/);
+            if (item) {
+                map[currentSection] = map[currentSection] || {};
+                map[currentSection][item[1]] = item[2];
+            }
+        }
+    }
+
+    return map;
+}
+
+function parseKnownFiles(init: fromIniInit): Promise<ParsedIniData> {
+    const {
+        filepath = process.env[ENV_CREDENTIALS_PATH] || DEFAULT_CREDENTIALS_PATH,
+        configFilepath = process.env[ENV_CONFIG_PATH] || DEFAULT_CONFIG_PATH,
+    } = init;
+    return Promise.all([
+        slurpFile(configFilepath).then(parseIni).catch(() => { return {}; }),
+        slurpFile(filepath).then(parseIni).catch(() => { return {}; }),
+    ]).then((parsedFiles: Array<ParsedIniData>) => {
+        const [config = {}, credentials = {}] = parsedFiles;
+        const profiles: ParsedIniData = {};
+
+        for (let profile of Object.keys(config)) {
+            profiles[profile.replace(/^profile\s/, '')] = config[profile];
+        }
+
+        for (let profile of Object.keys(credentials)) {
+            profiles[profile] = credentials[profile];
+        }
+
+        return profiles;
+    });
+}
+
+function slurpFile(path: string): Promise<string> {
+    return new Promise((resolve, reject) => {
+        readFile(path, 'utf8', (err, data) => {
+            if (err) {
+                reject(err);
+            } else {
+                resolve(data);
+            }
+        });
+    });
+}