Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
throw new ProviderError(
`Detected a cycle attempting to resolve credentials for profile` +
` ${getMasterProfileName(options)}. Profiles visited: ` +
Object.keys(visitedProfiles).join(", "),
false
);
}
const sourceCreds = resolveProfileData(source_profile, profiles, options, {
...visitedProfiles,
[source_profile]: true
});
const params: AssumeRoleParams = { RoleArn, RoleSessionName, ExternalId };
if (mfa_serial) {
if (!options.mfaCodeProvider) {
throw new ProviderError(
`Profile ${profileName} requires multi-factor authentication,` +
` but no MFA code callback was provided.`,
false
);
}
params.SerialNumber = mfa_serial;
params.TokenCode = await options.mfaCodeProvider(mfa_serial);
}
return options.roleAssumer(await sourceCreds, params);
}
// If no role assumption metadata is present, attempt to load static
// credentials from the selected profile.
if (isStaticCredsProfile(data)) {
return resolveStaticCredentials(data);
return options.roleAssumer(await sourceCreds, params);
}
// If no role assumption metadata is present, attempt to load static
// credentials from the selected profile.
if (isStaticCredsProfile(data)) {
return resolveStaticCredentials(data);
}
// If the profile cannot be parsed or contains neither static credentials
// nor role assumption metadata, throw an error. This should be considered a
// terminal resolution error if a profile has been specified by the user
// (whether via a parameter, an environment variable, or another profile's
// `source_profile` key).
throw new ProviderError(
`Profile ${profileName} could not be found or parsed in shared` +
` credentials file.`
);
}
it(`should reject the promise is ${ENV_REGION} is not set`, async () => {
await expect(fromEnv()()).rejects.toMatchObject(
new ProviderError(
`No value defined for the AWS_REGION environment variable`
)
);
});
it("should convert a GetCredentialsForIdentity response without credentials to a provider error", async () => {
send.mockImplementationOnce(() => Promise.resolve({ identityId }));
await expect(
fromCognitoIdentity({
client: mockClient,
identityId,
customRoleArn: "myArn"
})()
).rejects.toMatchObject(
new ProviderError("Response from Amazon Cognito contained no credentials")
);
});
function throwOnMissingId(): never {
throw new ProviderError(
"Response from Amazon Cognito contained no identity ID"
);
}
return Promise.reject(
new ProviderError(
`${parsed.protocol} is not a valid container metadata service protocol`,
false
)
);
}
return Promise.resolve({
...parsed,
port: parsed.port ? parseInt(parsed.port, 10) : undefined
});
}
return Promise.reject(
new ProviderError(
"The container metadata credential provider cannot be used unless" +
` the ${ENV_CMDS_RELATIVE_URI} or ${ENV_CMDS_FULL_URI} environment` +
" variable is set",
false
)
);
}
function getCmdsUri(): Promise {
if (process.env[ENV_CMDS_RELATIVE_URI]) {
return Promise.resolve({
hostname: CMDS_IP,
path: process.env[ENV_CMDS_RELATIVE_URI]
});
}
if (process.env[ENV_CMDS_FULL_URI]) {
const parsed = parse(process.env[ENV_CMDS_FULL_URI]!);
if (!parsed.hostname || !(parsed.hostname in GREENGRASS_HOSTS)) {
return Promise.reject(
new ProviderError(
`${parsed.hostname} is not a valid container metadata service hostname`,
false
)
);
}
if (!parsed.protocol || !(parsed.protocol in GREENGRASS_PROTOCOLS)) {
return Promise.reject(
new ProviderError(
`${parsed.protocol} is not a valid container metadata service protocol`,
false
)
);
}
return Promise.resolve({
function throwOnMissingAccessKeyId(): never {
throw new ProviderError(
"Response from Amazon Cognito contained no access key ID"
);
}
export function defaultProvider(
configuration: RegionProviderConfiguration = {}
): Provider {
return memoize(
chain(fromEnv(configuration), fromSharedConfigFiles(configuration))
);
}
export function defaultProvider(
init: FromIniInit & RemoteProviderInit & FromProcessInit = {}
): CredentialProvider {
const { profile = process.env[ENV_PROFILE] } = init;
const providerChain = profile
? fromIni(init)
: chain(fromEnv(), fromIni(init), fromProcess(init), remoteProvider(init));
return memoize(
providerChain,
credentials =>
credentials.expiration !== undefined &&
credentials.expiration - getEpochTs() < 300,
credentials => credentials.expiration !== undefined
);
}