UNPKG

@cloud-copilot/iam-collect

Version:

Collect IAM information from AWS Accounts

github.com/cloud-copilot/iam-collect

cloud-copilot/iam-collect

78 lines 3.01 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
import {} from '../config/config.js'; import { log } from '@cloud-copilot/log'; import { getNewCredentials, now } from './coreAuth.js'; /** * We cache credentials with a timeout */ const credentialsCache = new Map(); // Currently using a static timeout const CREDENTIAL_CACHE_TIMEOUT = 300 * 1000; /** * We cache requests for credentials to avoid multiple requests for the same accountId and authConfig. */ const credentialRequestCache = {}; /** * Generate a cache key for the given account ID and auth configuration. * * @param accountId the AWS account ID * @param authConfig the authentication configuration, if any * @returns a unique cache key for the credentials */ function credentialsCacheKey(accountId, authConfig) { return authConfig ? `${accountId}:${JSON.stringify(authConfig)}` : accountId; } /** * Get cached credentials for the given cache key, if they exist and are not expired. * * @param cacheKey the cache key to get credentials for * @returns the cached credentials if they exist and are not expired, otherwise undefined */ function getCachedCredentials(cacheKey) { const cached = credentialsCache.get(cacheKey); if (cached && cached.expiration > Date.now()) { return cached.credentials; } credentialsCache.delete(cacheKey); return undefined; } /** * Cache a set of credentials * * @param cacheKey the cache key to use for the credentials * @param credentials the credentials to cache */ function setCachedCredentials(cacheKey, credentials) { const expiration = now() + CREDENTIAL_CACHE_TIMEOUT; credentialsCache.set(cacheKey, { expiration, credentials }); } /** * Get credentials for the given account ID and auth configuration. * * @param accountId the AWS account ID for which to get credentials * @param authConfig the authentication configuration to use for the account * @returns new or cached credentials based on the provided account ID and auth configuration */ export async function getCredentials(accountId, authConfig) { const cacheKey = credentialsCacheKey(accountId, authConfig); const cachedCredentials = getCachedCredentials(cacheKey); if (cachedCredentials) { log.trace({ accountId }, 'Using cached credentials'); return cachedCredentials; } if (credentialRequestCache[cacheKey] !== undefined) { return credentialRequestCache[cacheKey]; } //Create a new promise and store it in case another request comes in while this one is being processed. return (credentialRequestCache[cacheKey] = (async () => { try { log.trace({ accountId }, 'Creating new credentials'); const newCredentials = await getNewCredentials(accountId, authConfig); setCachedCredentials(cacheKey, newCredentials); return newCredentials; } finally { delete credentialRequestCache[cacheKey]; // Clean up the queue regardless of success or failure. } })()); } //# sourceMappingURL=auth.js.map