aws-sdk-js-v3/packages/credential-providers/tests/fromSSO.integ.spec.ts at 47ceebc2800b126df644150bc99e246e73e10993 · aws/aws-sdk-js-v3 · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
import { S3 } from "@aws-sdk/client-s3";
import { fromSSO } from "@aws-sdk/credential-providers";
import { describe, expect, test as it } from "vitest";

import { CTest } from "./_test-lib";

describe(fromSSO.name, () => {
  const ctest = new CTest({
    credentialProvider: fromSSO,
    providerParams: (testParams) => {
      return {
        ssoStartUrl: "SSO_START_URL",
        ssoAccountId: "1234567890",
        ssoRegion: "sso-region-1",
        ssoRoleName: "arn:aws:iam::1234567890:role/Rigmarole",
        ...CTest.defaultRegionConfigProvider(testParams),
      };
    },
    profileCredentials: false,
    fallbackRegion: "unresolved",
  });

  ctest.testRegion();

  describe("configure from env", () => {
    it("is not configurable from env", async () => {
      expect("ok").toBeTruthy();
    });
  });

  describe("configure from profile", () => {
    it("is not configurable from profile", async () => {
      ctest.setIni({
        default: {
          sso_start_url: "SSO_START_URL",
          sso_account_id: "1234567890",
          sso_region: "us-east-1",
          sso_role_name: "Rigmarole",
        },
      });
      const s3 = new S3({
        region: "us-east-1",
        credentials: fromSSO({}),
      });
      await s3.listBuckets();
      expect(await s3.config.credentials()).toEqual({
        $source: {
          CREDENTIALS_SSO_LEGACY: "u",
        },
        accessKeyId: "SSO_ACCESS_KEY_ID",
        expiration: new Date("3000-01-01T00:00:00.000Z"),
        secretAccessKey: "SSO_SECRET_ACCESS_KEY",
        sessionToken: "SSO_SESSION_TOKEN_us-east-1",
      });
    });
  });

  describe("configure from code", () => {
    it("should be configurable from code", async () => {
      const s3 = new S3({
        credentials: fromSSO({
          ssoStartUrl: "SSO_START_URL",
          ssoAccountId: "1234567890",
          ssoRegion: "us-east-1",
          ssoRoleName: "Rigmarole",
        }),
      });
      await s3.listBuckets();
      expect(await s3.config.credentials()).toEqual({
        $source: {
          CREDENTIALS_SSO_LEGACY: "u",
        },
        accessKeyId: "SSO_ACCESS_KEY_ID",
        expiration: new Date("3000-01-01T00:00:00.000Z"),
        secretAccessKey: "SSO_SECRET_ACCESS_KEY",
        sessionToken: "SSO_SESSION_TOKEN_us-east-1",
      });
    });
  });
});