UNPKG

@aws-sdk/credential-provider-http

Version:

AWS credential provider for containers and HTTP sources

github.com/aws/aws-sdk-js-v3/tree/main/packages-internal/credential-provider-http

aws/aws-sdk-js-v3

77 lines (76 loc) 3.81 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.fromHttp = void 0; const tslib_1 = require("tslib"); const client_1 = require("@aws-sdk/core/client"); const config_1 = require("@smithy/core/config"); const node_http_handler_1 = require("@smithy/node-http-handler"); const promises_1 = tslib_1.__importDefault(require("node:fs/promises")); const checkUrl_1 = require("./checkUrl"); const requestHelpers_1 = require("./requestHelpers"); const retry_wrapper_1 = require("./retry-wrapper"); const AWS_CONTAINER_CREDENTIALS_RELATIVE_URI = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"; const DEFAULT_LINK_LOCAL_HOST = "http://169.254.170.2"; const AWS_CONTAINER_CREDENTIALS_FULL_URI = "AWS_CONTAINER_CREDENTIALS_FULL_URI"; const AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE = "AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE"; const AWS_CONTAINER_AUTHORIZATION_TOKEN = "AWS_CONTAINER_AUTHORIZATION_TOKEN"; const fromHttp = (options = {}) => { options.logger?.debug("@aws-sdk/credential-provider-http - fromHttp"); let host; const relative = options.awsContainerCredentialsRelativeUri ?? process.env[AWS_CONTAINER_CREDENTIALS_RELATIVE_URI]; const full = options.awsContainerCredentialsFullUri ?? process.env[AWS_CONTAINER_CREDENTIALS_FULL_URI]; const token = options.awsContainerAuthorizationToken ?? process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN]; const tokenFile = options.awsContainerAuthorizationTokenFile ?? process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE]; const warn = options.logger?.constructor?.name === "NoOpLogger" || !options.logger?.warn ? console.warn : options.logger.warn.bind(options.logger); if (relative && full) { warn("@aws-sdk/credential-provider-http: " + "you have set both awsContainerCredentialsRelativeUri and awsContainerCredentialsFullUri."); warn("awsContainerCredentialsFullUri will take precedence."); } if (token && tokenFile) { warn("@aws-sdk/credential-provider-http: " + "you have set both awsContainerAuthorizationToken and awsContainerAuthorizationTokenFile."); warn("awsContainerAuthorizationToken will take precedence."); } if (full) { host = full; } else if (relative) { host = `${DEFAULT_LINK_LOCAL_HOST}${relative}`; } else { throw new config_1.CredentialsProviderError(`No HTTP credential provider host provided. Set AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI.`, { logger: options.logger }); } const url = new URL(host); (0, checkUrl_1.checkUrl)(url, options.logger); const requestHandler = node_http_handler_1.NodeHttpHandler.create({ connectionTimeout: options.timeout ?? 1000 }); const requestTimeout = options.timeout ?? 1000; const provider = (0, retry_wrapper_1.retryWrapper)(async () => { const request = (0, requestHelpers_1.createGetRequest)(url); if (token) { request.headers.Authorization = token; } else if (tokenFile) { request.headers.Authorization = (await promises_1.default.readFile(tokenFile)).toString(); } try { const result = await requestHandler.handle(request, { requestTimeout }); return (0, requestHelpers_1.getCredentials)(result.response).then((creds) => (0, client_1.setCredentialFeature)(creds, "CREDENTIALS_HTTP", "z")); } catch (e) { throw new config_1.CredentialsProviderError(String(e), { logger: options.logger }); } }, options.maxRetries ?? 3, options.timeout ?? 1000); return async () => { try { return await provider(); } finally { requestHandler.destroy?.(); } }; }; exports.fromHttp = fromHttp;