Add credential provider helper methods

Author: jeskew

package.json

@@ -5,6 +5,7 @@
   "description": "AWS SDK for JavaScript from the future",
   "main": "index.js",
   "scripts": {
+    "bootstrap": "lerna bootstrap",
     "test": "lerna run test"
   },
   "repository": {
@@ -14,7 +15,7 @@
   "author": "[email protected]",
   "license": "UNLICENSED",
   "devDependencies": {
-    "lerna": "^2.0.0-rc.1",
+    "lerna": "^2.0.0-rc.2",
     "typescript": "^2.2.2"
   }
 }

packages/credential-provider/__tests__/chain.ts

@@ -0,0 +1,39 @@
+import {chain} from "../lib/chain";
+import {fromCredentials} from "../lib/fromCredentials";
+import {isCredentials} from "../lib/isCredentials";
+
+describe('chain', () => {
+    it('should distill many credential providers into one', async () => {
+        const provider = chain(
+            fromCredentials({accessKeyId: 'foo', secretKey: 'bar'}),
+            fromCredentials({accessKeyId: 'baz', secretKey: 'quux'}),
+        );
+
+        expect(isCredentials(await provider())).toBe(true);
+    });
+
+    it('should return the resolved value of the first successful promise', async () => {
+        const creds = {accessKeyId: 'foo', secretKey: 'bar'};
+        const provider = chain(
+            () => Promise.reject('Move along'),
+            () => Promise.reject('Nothing to see here'),
+            fromCredentials(creds)
+        );
+
+        expect(await provider()).toEqual(creds);
+    });
+
+    it('should not invoke subsequent providers one resolves', async () => {
+        const creds = {accessKeyId: 'foo', secretKey: 'bar'};
+        const providers = [
+            jest.fn(() => Promise.reject('Move along')),
+            jest.fn(() => Promise.resolve(creds)),
+            jest.fn(() => fail('This provider should not be invoked'))
+        ];
+
+        expect(await chain(...providers)()).toEqual(creds);
+        expect(providers[0].mock.calls.length).toBe(1);
+        expect(providers[1].mock.calls.length).toBe(1);
+        expect(providers[2].mock.calls.length).toBe(0);
+    });
+});

packages/credential-provider/__tests__/fromCredentials.ts

@@ -0,0 +1,14 @@
+import {CredentialProvider} from "../lib/CredentialProvider";
+import {Credentials} from "../lib/Credentials";
+import {fromCredentials} from "../lib/fromCredentials";
+
+describe('fromCredentials', () => {
+    it('should convert credentials into a credential provider', async () => {
+        const credentials: Credentials = {accessKeyId: 'foo', secretKey: 'bar'};
+        const provider: CredentialProvider = fromCredentials(credentials);
+
+        expect(typeof provider).toBe('function');
+        expect(provider()).toBeInstanceOf(Promise);
+        expect(await provider()).toEqual(credentials);
+    });
+});

packages/credential-provider/__tests__/isCredentials.ts

@@ -0,0 +1,51 @@
+import {isCredentials} from "../lib/isCredentials";
+
+describe('isCredentials', () => {
+    const minimalCredentials = {accessKeyId: 'foo', secretKey: 'bar'};
+
+    it('should reject scalar values', () => {
+        for (let scalar of ['foo', 12, 1.2, true, null, undefined]) {
+            expect(isCredentials(scalar)).toBe(false);
+        }
+    });
+
+    it('should accept an object with an accessKeyId and secretKey', () => {
+        expect(isCredentials(minimalCredentials)).toBe(true);
+    });
+
+    it('should reject objects where accessKeyId is not a string', () => {
+        expect(isCredentials(
+            Object.assign({}, minimalCredentials, {accessKeyId: 123})
+        )).toBe(false);
+    });
+
+    it('should reject objects where secretKey is not a string', () => {
+        expect(isCredentials(
+            Object.assign({}, minimalCredentials, {secretKey: 123})
+        )).toBe(false);
+    });
+
+    it('should accept credentials with a sessionToken', () => {
+        expect(isCredentials(
+            Object.assign({sessionToken: 'baz'}, minimalCredentials)
+        )).toBe(true);
+    });
+
+    it('should reject credentials where sessionToken is not a string', () => {
+        expect(isCredentials(
+            Object.assign({sessionToken: 123}, minimalCredentials)
+        )).toBe(false);
+    });
+
+    it('should accept credentials with an expiration', () => {
+        expect(isCredentials(
+            Object.assign({expiration: 0}, minimalCredentials)
+        )).toBe(true);
+    });
+
+    it('should reject credentials where expiration is not a number', () => {
+        expect(isCredentials(
+            Object.assign({expiration: 'quux'}, minimalCredentials)
+        )).toBe(false);
+    });
+});

packages/credential-provider/__tests__/memoize.ts

@@ -0,0 +1,38 @@
+import {memoize} from "../lib/memoize";
+
+describe('memoize', () => {
+    it('should cache the resolved provider for permanent credentials', async () => {
+        const creds = {accessKeyId: 'foo', secretKey: 'bar'};
+        const provider = jest.fn(() => Promise.resolve(creds));
+        const memoized = memoize(provider);
+
+        expect(await memoized()).toEqual(creds);
+        expect(provider.mock.calls.length).toBe(1);
+        expect(await memoized()).toEqual(creds);
+        expect(provider.mock.calls.length).toBe(1);
+    });
+
+    it('should invoke provider again when credentials expire', async () => {
+        const clockMock = Date.now = jest.fn();
+        clockMock.mockReturnValue(0);
+        const provider = jest.fn(() => Promise.resolve({
+            accessKeyId: 'foo',
+            secretKey: 'bar',
+            expiration: Date.now() + 600, // expires in ten minutes
+        }));
+        const memoized = memoize(provider);
+
+        expect((await memoized()).accessKeyId).toEqual('foo');
+        expect(provider.mock.calls.length).toBe(1);
+        expect((await memoized()).secretKey).toEqual('bar');
+        expect(provider.mock.calls.length).toBe(1);
+
+        clockMock.mockReset();
+        clockMock.mockReturnValue(601000); // One second past previous expiration
+
+        expect((await memoized()).accessKeyId).toEqual('foo');
+        expect(provider.mock.calls.length).toBe(2);
+        expect((await memoized()).secretKey).toEqual('bar');
+        expect(provider.mock.calls.length).toBe(2);
+    });
+});

packages/credential-provider/index.ts

@@ -0,0 +1,4 @@
+export * from './lib/chain';
+export * from './lib/fromCredentials';
+export * from './lib/isCredentials';
+export * from './lib/memoize';

packages/credential-provider/lib/CredentialProvider.ts

@@ -0,0 +1,5 @@
+import {Credentials} from './Credentials';
+
+export type CredentialProvider = () => Promise<Credentials>;
+
+// TODO remove this file when the types package is merged to master

packages/credential-provider/lib/Credentials.ts

@@ -0,0 +1,8 @@
+export interface Credentials {
+    readonly accessKeyId: string;
+    readonly secretKey: string;
+    readonly sessionToken?: string;
+    readonly expiration?: number;
+}
+
+// TODO remove this file when the types package is merged to master

packages/credential-provider/lib/chain.ts

@@ -0,0 +1,18 @@
+import {CredentialProvider} from "./CredentialProvider";
+import {Credentials} from "./Credentials";
+
+export function chain(...providers: Array<CredentialProvider>): CredentialProvider {
+    return () => {
+        providers = providers.slice(0);
+        let provider = providers.shift();
+        if (provider === undefined) {
+            return Promise.reject<Credentials>('No credential providers in chain');
+        }
+        let promise = provider();
+        while (provider = providers.shift()) {
+            promise = promise.catch(provider);
+        }
+
+        return promise;
+    }
+}

packages/credential-provider/lib/fromCredentials.ts

@@ -0,0 +1,8 @@
+import {CredentialProvider} from "./CredentialProvider";
+import {Credentials} from "./Credentials";
+
+export function fromCredentials(
+    credentials: Credentials
+): CredentialProvider {
+    return () => Promise.resolve(credentials);
+}

packages/credential-provider/lib/isCredentials.ts

@@ -0,0 +1,10 @@
+import {Credentials} from './Credentials';
+
+export function isCredentials(arg: any): arg is Credentials {
+    return typeof arg === 'object'
+        && arg !== null
+        && typeof arg.accessKeyId === 'string'
+        && typeof arg.secretKey === 'string'
+        && ['string', 'undefined'].indexOf(typeof arg.sessionToken) > -1
+        && ['number', 'undefined'].indexOf(typeof arg.expiration) > -1;
+}

packages/credential-provider/lib/memoize.ts

@@ -0,0 +1,32 @@
+import {CredentialProvider} from "./CredentialProvider";
+import {Credentials} from "./Credentials";
+
+export function memoize(
+    provider: CredentialProvider
+): CredentialProvider {
+    let result: Promise<Credentials> = provider();
+    let isConstant: boolean = false;
+
+    return () => {
+        if (isConstant) {
+            return result;
+        }
+
+        return result.then<Credentials>(credentials => {
+            if (!credentials.expiration) {
+                isConstant = true;
+                return credentials;
+            }
+
+            if (credentials.expiration - 300 > getEpochTs()) {
+                return credentials;
+            }
+
+            return result = provider();
+        });
+    }
+}
+
+function getEpochTs() {
+    return Math.floor(Date.now() / 1000);
+}

packages/credential-provider/package.json

@@ -0,0 +1,24 @@
+{
+  "name": "@aws/credentials",
+  "version": "0.0.1",
+  "private": true,
+  "description": "AWS credential provider for node",
+  "main": "index.js",
+  "scripts": {
+    "prepublishOnly": "tsc",
+    "pretest": "tsc",
+    "test": "jest"
+  },
+  "keywords": [
+    "aws",
+    "credentials"
+  ],
+  "author": "[email protected]",
+  "license": "UNLICENSED",
+  "devDependencies": {
+    "@types/jest": "^19.2.2",
+    "@types/node": "^7.0.12",
+    "jest": "^19.0.2",
+    "typescript": "^2.2.2"
+  }
+}

packages/credential-provider/tsconfig.json

@@ -0,0 +1,11 @@
+{
+    "compilerOptions": {
+        "alwaysStrict": true,
+        "module": "commonjs",
+        "target": "es6",
+        "strictNullChecks": true,
+        "noImplicitAny": true,
+        "noImplicitThis": true,
+        "sourceMap": true
+    }
+}