71 lines
2.9 KiB
JavaScript
71 lines
2.9 KiB
JavaScript
import { AssumeRoleCommand } from "./commands/AssumeRoleCommand";
|
|
import { AssumeRoleWithWebIdentityCommand, } from "./commands/AssumeRoleWithWebIdentityCommand";
|
|
const ASSUME_ROLE_DEFAULT_REGION = "us-east-1";
|
|
const decorateDefaultRegion = (region) => {
|
|
if (typeof region !== "function") {
|
|
return region === undefined ? ASSUME_ROLE_DEFAULT_REGION : region;
|
|
}
|
|
return async () => {
|
|
try {
|
|
return await region();
|
|
}
|
|
catch (e) {
|
|
return ASSUME_ROLE_DEFAULT_REGION;
|
|
}
|
|
};
|
|
};
|
|
export const getDefaultRoleAssumer = (stsOptions, stsClientCtor) => {
|
|
let stsClient;
|
|
let closureSourceCreds;
|
|
return async (sourceCreds, params) => {
|
|
closureSourceCreds = sourceCreds;
|
|
if (!stsClient) {
|
|
const { logger, region, requestHandler } = stsOptions;
|
|
stsClient = new stsClientCtor({
|
|
logger,
|
|
credentialDefaultProvider: () => async () => closureSourceCreds,
|
|
region: decorateDefaultRegion(region || stsOptions.region),
|
|
...(requestHandler ? { requestHandler } : {}),
|
|
});
|
|
}
|
|
const { Credentials } = await stsClient.send(new AssumeRoleCommand(params));
|
|
if (!Credentials || !Credentials.AccessKeyId || !Credentials.SecretAccessKey) {
|
|
throw new Error(`Invalid response from STS.assumeRole call with role ${params.RoleArn}`);
|
|
}
|
|
return {
|
|
accessKeyId: Credentials.AccessKeyId,
|
|
secretAccessKey: Credentials.SecretAccessKey,
|
|
sessionToken: Credentials.SessionToken,
|
|
expiration: Credentials.Expiration,
|
|
};
|
|
};
|
|
};
|
|
export const getDefaultRoleAssumerWithWebIdentity = (stsOptions, stsClientCtor) => {
|
|
let stsClient;
|
|
return async (params) => {
|
|
if (!stsClient) {
|
|
const { logger, region, requestHandler } = stsOptions;
|
|
stsClient = new stsClientCtor({
|
|
logger,
|
|
region: decorateDefaultRegion(region || stsOptions.region),
|
|
...(requestHandler ? { requestHandler } : {}),
|
|
});
|
|
}
|
|
const { Credentials } = await stsClient.send(new AssumeRoleWithWebIdentityCommand(params));
|
|
if (!Credentials || !Credentials.AccessKeyId || !Credentials.SecretAccessKey) {
|
|
throw new Error(`Invalid response from STS.assumeRoleWithWebIdentity call with role ${params.RoleArn}`);
|
|
}
|
|
return {
|
|
accessKeyId: Credentials.AccessKeyId,
|
|
secretAccessKey: Credentials.SecretAccessKey,
|
|
sessionToken: Credentials.SessionToken,
|
|
expiration: Credentials.Expiration,
|
|
};
|
|
};
|
|
};
|
|
export const decorateDefaultCredentialProvider = (provider) => (input) => provider({
|
|
roleAssumer: getDefaultRoleAssumer(input, input.stsClientCtor),
|
|
roleAssumerWithWebIdentity: getDefaultRoleAssumerWithWebIdentity(input, input.stsClientCtor),
|
|
...input,
|
|
});
|