UNPKG

vinz

Version:

Enables secure storage of credentials right in your repo using AWS KMS.

github.com/bjacobel/vinz

bjacobel/vinz

91 lines (78 loc) 3.47 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
jest.mock('fs'); import fs from 'fs'; import AWS from 'aws-sdk'; import ini from 'ini'; jest.unmock('../../src/lib/aws-config'); import AWSWithConfig from '../../src/lib/aws-config'; const accessKeyId = 'accessKeyId'; const secretAccessKey = 'secretAccessKey'; const region = 'us-east-1'; const configExpectations = (config) => { expect(config.KMS).toBeDefined(); expect(config.KMS instanceof AWS.KMS).toBeTruthy(); expect(config.credentials).toBeDefined(); expect(config.credentials.accessKeyId).toEqual(accessKeyId); expect(config.credentials.secretAccessKey).toEqual(secretAccessKey); expect(config.credentials.region).toEqual(region); }; describe('aws-config', () => { describe('AWSWithConfig', () => { beforeEach(() => { spyOn(console, 'log'); }); afterEach(() => { delete process.env.AWS_ACCESS_KEY_ID; delete process.env.AWS_SECRET_ACCESS_KEY; delete process.env.AWS_DEFAULT_REGION; ini.parse.mockClear(); }); it('can be instantiated by passing in access and secret keys', () => { fs.statSync.mockImplementationOnce(() => { throw Error(); }); const aws = new AWSWithConfig(accessKeyId, secretAccessKey, region, null); expect(console.log).lastCalledWith('Using AWS config and credentials explicitly passed'); configExpectations(aws); }); it('can be instantiated by passing in a profile', () => { const aws = new AWSWithConfig(null, null, null, 'asdf'); expect(AWS.SharedIniFileCredentials).toBeCalledWith({ profile: 'asdf' }); expect(ini.parse).toBeCalled(); expect(console.log).lastCalledWith('Using ~/.aws/config and ~/.aws/credentials with the [asdf] profile'); configExpectations(aws); }); it('can be instantiated if a default profile exists', () => { const aws = new AWSWithConfig(); expect(AWS.SharedIniFileCredentials).toBeCalledWith({ profile: 'default' }); expect(ini.parse).toBeCalled(); expect(console.log).lastCalledWith('Using ~/.aws/config and ~/.aws/credentials with the [default] profile'); configExpectations(aws); }); it('can be instantiated if env vars are set', () => { fs.statSync.mockImplementationOnce(() => { throw Error(); }); Object.assign(process.env, { AWS_ACCESS_KEY_ID: accessKeyId, AWS_SECRET_ACCESS_KEY: secretAccessKey, AWS_DEFAULT_REGION: region }); const aws = new AWSWithConfig(); expect(console.log).lastCalledWith('Using AWS config and credentials preset in environment variables'); configExpectations(aws); }); it('can use env vars for creds but pass in the region itself (as it will on Lambda)', () => { fs.statSync.mockImplementationOnce(() => { throw Error(); }); Object.assign(process.env, { AWS_ACCESS_KEY_ID: accessKeyId, AWS_SECRET_ACCESS_KEY: secretAccessKey }); const aws = new AWSWithConfig(null, null, 'us-east-1'); expect(console.log).lastCalledWith('Using AWS config and credentials preset in environment variables'); configExpectations(aws); }); it('throws an error if none of the above work', () => { fs.statSync.mockImplementationOnce(() => { throw Error(); }); expect(() => new AWSWithConfig()).toThrow(new Error( 'Could not find AWS config and/or credentials. See `vinz --help` ' + 'for more info on your options for specifying credentials.' )); }); }); });