Skip to content

Commit 9b3ff7e

Browse files
smilkurismilkuri
committed
fix(core): make CREDENTIALS_CODE mutually exclusive with other credential sources
1 parent dbc6c8b commit 9b3ff7e

9 files changed

Lines changed: 9 additions & 32 deletions

File tree

packages/core/src/submodules/httpAuthSchemes/aws_sdk/resolveAwsSdkSigV4Config.ts

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -139,10 +139,15 @@ export const resolveAwsSdkSigV4Config = <T>(
139139
});
140140
const boundProvider = bindCallerConfig(config, memoizedProvider);
141141
if (isUserSupplied && !boundProvider.attributed) {
142-
resolvedCredentials = async (options: Record<string, any> | undefined) =>
143-
boundProvider(options).then((creds: AttributedAwsCredentialIdentity) =>
144-
setCredentialFeature(creds, "CREDENTIALS_CODE", "e")
145-
);
142+
resolvedCredentials = async (options: Record<string, any> | undefined) => {
143+
const creds = await boundProvider(options);
144+
const attributedCreds = creds as AttributedAwsCredentialIdentity;
145+
// Only set CREDENTIALS_CODE if no source attribution exists
146+
if (!attributedCreds.$source || Object.keys(attributedCreds.$source).length === 0) {
147+
return setCredentialFeature(attributedCreds, "CREDENTIALS_CODE", "e");
148+
}
149+
return attributedCreds;
150+
};
146151
resolvedCredentials.memoized = boundProvider.memoized;
147152
resolvedCredentials.configBound = boundProvider.configBound;
148153
resolvedCredentials.attributed = true;

packages/credential-provider-node/tests/credential-provider-node.integ.spec.ts

Lines changed: 0 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -236,7 +236,6 @@ describe("credential-provider-node integration test", () => {
236236
sessionToken: "SSO_SESSION_TOKEN_us-sso-region-1",
237237
expiration: new Date("3000-01-01T00:00:00.000Z"),
238238
$source: {
239-
CREDENTIALS_CODE: "e",
240239
CREDENTIALS_SSO_LEGACY: "u",
241240
},
242241
});
@@ -523,7 +522,6 @@ describe("credential-provider-node integration test", () => {
523522
sessionToken: "STS_AR_SESSION_TOKEN_us-west-2",
524523
expiration: new Date("3000-01-01T00:00:00.000Z"),
525524
$source: {
526-
CREDENTIALS_CODE: "e",
527525
CREDENTIALS_PROFILE_SOURCE_PROFILE: "o",
528526
CREDENTIALS_STS_ASSUME_ROLE: "i",
529527
},
@@ -567,7 +565,6 @@ describe("credential-provider-node integration test", () => {
567565
sessionToken: "STS_AR_SESSION_TOKEN_us-west-2",
568566
expiration: new Date("3000-01-01T00:00:00.000Z"),
569567
$source: {
570-
CREDENTIALS_CODE: "e",
571568
CREDENTIALS_PROFILE_SOURCE_PROFILE: "o",
572569
CREDENTIALS_STS_ASSUME_ROLE: "i",
573570
},
@@ -613,7 +610,6 @@ describe("credential-provider-node integration test", () => {
613610
sessionToken: "STS_AR_SESSION_TOKEN_us-west-2",
614611
expiration: new Date("3000-01-01T00:00:00.000Z"),
615612
$source: {
616-
CREDENTIALS_CODE: "e",
617613
CREDENTIALS_PROFILE_SOURCE_PROFILE: "o",
618614
CREDENTIALS_STS_ASSUME_ROLE: "i",
619615
},
@@ -666,7 +662,6 @@ describe("credential-provider-node integration test", () => {
666662
sessionToken: "STS_AR_SESSION_TOKEN_us-west-2",
667663
expiration: new Date("3000-01-01T00:00:00.000Z"),
668664
$source: {
669-
CREDENTIALS_CODE: "e",
670665
CREDENTIALS_PROFILE_SOURCE_PROFILE: "o",
671666
CREDENTIALS_STS_ASSUME_ROLE: "i",
672667
},
@@ -724,7 +719,6 @@ describe("credential-provider-node integration test", () => {
724719
sessionToken: "STS_ARWI_SESSION_TOKEN_ap-northeast-1",
725720
expiration: new Date("3000-01-01T00:00:00.000Z"),
726721
$source: {
727-
CREDENTIALS_CODE: "e",
728722
CREDENTIALS_STS_ASSUME_ROLE_WEB_ID: "k",
729723
},
730724
});
@@ -765,7 +759,6 @@ describe("credential-provider-node integration test", () => {
765759
sessionToken: "STS_ARWI_SESSION_TOKEN_eu-west-2",
766760
expiration: new Date("3000-01-01T00:00:00.000Z"),
767761
$source: {
768-
CREDENTIALS_CODE: "e",
769762
CREDENTIALS_STS_ASSUME_ROLE_WEB_ID: "k",
770763
},
771764
});
@@ -875,7 +868,6 @@ describe("credential-provider-node integration test", () => {
875868
sessionToken: "STS_AR_SESSION_TOKEN_eu-west-1",
876869
expiration: new Date("3000-01-01T00:00:00.000Z"),
877870
$source: {
878-
CREDENTIALS_CODE: "e",
879871
CREDENTIALS_PROFILE_SOURCE_PROFILE: "o",
880872
CREDENTIALS_STS_ASSUME_ROLE: "i",
881873
},
@@ -907,7 +899,6 @@ describe("credential-provider-node integration test", () => {
907899
sessionToken: "STS_AR_SESSION_TOKEN_eu-west-2",
908900
expiration: new Date("3000-01-01T00:00:00.000Z"),
909901
$source: {
910-
CREDENTIALS_CODE: "e",
911902
CREDENTIALS_PROFILE_SOURCE_PROFILE: "o",
912903
CREDENTIALS_STS_ASSUME_ROLE: "i",
913904
},
@@ -930,7 +921,6 @@ describe("credential-provider-node integration test", () => {
930921
sessionToken: "STS_ARWI_SESSION_TOKEN_ap-northeast-1",
931922
expiration: new Date("3000-01-01T00:00:00.000Z"),
932923
$source: {
933-
CREDENTIALS_CODE: "e",
934924
CREDENTIALS_STS_ASSUME_ROLE_WEB_ID: "k",
935925
},
936926
});
@@ -1108,7 +1098,6 @@ describe("credential-provider-node integration test", () => {
11081098
sessionToken: "STS_AR_SESSION_TOKEN_ap-northeast-1",
11091099
expiration: new Date("3000-01-01T00:00:00.000Z"),
11101100
$source: {
1111-
CREDENTIALS_CODE: "e",
11121101
CREDENTIALS_PROFILE_SOURCE_PROFILE: "o",
11131102
CREDENTIALS_STS_ASSUME_ROLE: "i",
11141103
},
@@ -1156,7 +1145,6 @@ describe("credential-provider-node integration test", () => {
11561145
secretAccessKey: "DEFAULT",
11571146
sessionToken: undefined,
11581147
$source: {
1159-
CREDENTIALS_CODE: "e",
11601148
CREDENTIALS_PROFILE: "n",
11611149
},
11621150
});
@@ -1232,7 +1220,6 @@ describe("credential-provider-node integration test", () => {
12321220
sessionToken: "SSO_SESSION_TOKEN_us-sso-region-2",
12331221
expiration: new Date("3000-01-01T00:00:00.000Z"),
12341222
$source: {
1235-
CREDENTIALS_CODE: "e",
12361223
CREDENTIALS_PROFILE_SSO: "r",
12371224
CREDENTIALS_SSO: "s",
12381225
},

packages/credential-providers/tests/fromHttp.integ.spec.ts

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,6 @@ describe(fromHttp.name, () => {
2020
expect(await s3.config.credentials()).toEqual({
2121
$source: {
2222
CREDENTIALS_HTTP: "z",
23-
CREDENTIALS_CODE: "e",
2423
},
2524
accessKeyId: "CONTAINER_ACCESS_KEY",
2625
expiration: new Date("3000-01-01T00:00:00.000Z"),
@@ -48,7 +47,6 @@ describe(fromHttp.name, () => {
4847
expect(await s3.config.credentials()).toEqual({
4948
$source: {
5049
CREDENTIALS_HTTP: "z",
51-
CREDENTIALS_CODE: "e",
5250
},
5351
accessKeyId: "CONTAINER_ACCESS_KEY",
5452
expiration: new Date("3000-01-01T00:00:00.000Z"),

packages/credential-providers/tests/fromIni.integ.spec.ts

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,6 @@ describe(fromIni.name, () => {
3131
await s3.listBuckets();
3232
expect(await s3.config.credentials()).toEqual({
3333
$source: {
34-
CREDENTIALS_CODE: "e",
3534
CREDENTIALS_PROFILE: "n",
3635
},
3736
accessKeyId: "A",
@@ -57,7 +56,6 @@ describe(fromIni.name, () => {
5756
await s3.listBuckets();
5857
expect(await s3.config.credentials()).toEqual({
5958
$source: {
60-
CREDENTIALS_CODE: "e",
6159
CREDENTIALS_PROFILE: "n",
6260
},
6361
accessKeyId: "A",
@@ -84,7 +82,6 @@ describe(fromIni.name, () => {
8482
await s3.listBuckets();
8583
expect(await s3.config.credentials()).toEqual({
8684
$source: {
87-
CREDENTIALS_CODE: "e",
8885
CREDENTIALS_PROFILE: "n",
8986
},
9087
accessKeyId: "A",

packages/credential-providers/tests/fromLoginCredentials.integ.spec.ts

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -75,7 +75,6 @@ describe(fromLoginCredentials.name, () => {
7575
await s3.listBuckets();
7676
expect(await s3.config.credentials()).toEqual({
7777
$source: {
78-
CREDENTIALS_CODE: "e",
7978
CREDENTIALS_LOGIN: "AD",
8079
},
8180
accessKeyId: "LOGIN_ACCESS_KEY_ID",
@@ -123,7 +122,6 @@ describe(fromLoginCredentials.name, () => {
123122
await s3.listBuckets();
124123
expect(await s3.config.credentials()).toEqual({
125124
$source: {
126-
CREDENTIALS_CODE: "e",
127125
CREDENTIALS_LOGIN: "AD",
128126
},
129127
accessKeyId: "LOGIN_ACCESS_KEY_ID",

packages/credential-providers/tests/fromProcess.integ.spec.ts

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,6 @@ describe(fromProcess.name, () => {
2424
await s3.listBuckets();
2525
expect(await s3.config.credentials()).toEqual({
2626
$source: {
27-
CREDENTIALS_CODE: "e",
2827
CREDENTIALS_PROCESS: "w",
2928
},
3029
accessKeyId: "PROCESS_ACCESS_KEY_ID",
@@ -48,7 +47,6 @@ describe(fromProcess.name, () => {
4847
await s3.listBuckets();
4948
expect(await s3.config.credentials()).toEqual({
5049
$source: {
51-
CREDENTIALS_CODE: "e",
5250
CREDENTIALS_PROCESS: "w",
5351
},
5452
accessKeyId: "PROCESS_ACCESS_KEY_ID",
@@ -73,7 +71,6 @@ describe(fromProcess.name, () => {
7371
await s3.listBuckets();
7472
expect(await s3.config.credentials()).toEqual({
7573
$source: {
76-
CREDENTIALS_CODE: "e",
7774
CREDENTIALS_PROCESS: "w",
7875
},
7976
accessKeyId: "PROCESS_ACCESS_KEY_ID",

packages/credential-providers/tests/fromSSO.integ.spec.ts

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,6 @@ describe(fromSSO.name, () => {
4545
await s3.listBuckets();
4646
expect(await s3.config.credentials()).toEqual({
4747
$source: {
48-
CREDENTIALS_CODE: "e",
4948
CREDENTIALS_SSO_LEGACY: "u",
5049
},
5150
accessKeyId: "SSO_ACCESS_KEY_ID",
@@ -69,7 +68,6 @@ describe(fromSSO.name, () => {
6968
await s3.listBuckets();
7069
expect(await s3.config.credentials()).toEqual({
7170
$source: {
72-
CREDENTIALS_CODE: "e",
7371
CREDENTIALS_SSO_LEGACY: "u",
7472
},
7573
accessKeyId: "SSO_ACCESS_KEY_ID",

packages/credential-providers/tests/fromTokenFile.integ.spec.ts

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,6 @@ describe(fromTokenFile.name, () => {
3232
await s3.listBuckets();
3333
expect(await s3.config.credentials()).toEqual({
3434
$source: {
35-
CREDENTIALS_CODE: "e",
3635
CREDENTIALS_STS_ASSUME_ROLE_WEB_ID: "k",
3736
CREDENTIALS_ENV_VARS_STS_WEB_ID_TOKEN: "h",
3837
},
@@ -63,7 +62,6 @@ describe(fromTokenFile.name, () => {
6362
await s3.listBuckets();
6463
expect(await s3.config.credentials()).toEqual({
6564
$source: {
66-
CREDENTIALS_CODE: "e",
6765
CREDENTIALS_STS_ASSUME_ROLE_WEB_ID: "k",
6866
},
6967
accessKeyId: "STS_ARWI_ACCESS_KEY_ID",

packages/credential-providers/tests/fromWebToken.integ.spec.ts

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,6 @@ describe(fromWebToken.name, () => {
4545
await s3.listBuckets();
4646
expect(await s3.config.credentials()).toEqual({
4747
$source: {
48-
CREDENTIALS_CODE: "e",
4948
CREDENTIALS_STS_ASSUME_ROLE_WEB_ID: "k",
5049
},
5150
accessKeyId: "STS_ARWI_ACCESS_KEY_ID",

0 commit comments

Comments
 (0)