Detect Successful Async Credential Loading

Check for the roleArn attribute on ini file loaded credentials. If that exists, then asynchronous (assume role) credentials are being loaded but they may not yet be received. Accept these as valid credentials and use the containing credentials object as the current credentials object. Clean up the test data (fakeCredentials didn't need so much) Create a test that verifies the async credential loading functionality Create a test that ensures a non-existent profile one attempts to load does not load any credentials Bump the version of the aws-sdk so that the modified aws-sdk will be demanded for proper handling of this feature.
2026-01-18 14:58:43 +00:00 · 2016-12-01 01:37:26 -08:00 · 2016-12-01 01:37:26 -08:00 · 3210aff617
commit 3210aff617
parent 0ddd4ec804
3 changed files with 17 additions and 19 deletions
--- a/lib/plugins/aws/provider/awsProvider.js
+++ b/lib/plugins/aws/provider/awsProvider.js
@ -23,12 +23,13 @@ const impl = {
    let result = false;
    if (credentials) {
      if (
-        (
+        ( // valid credentials loaded
          credentials.accessKeyId && credentials.accessKeyId !== 'undefined' &&
          credentials.secretAccessKey && credentials.secretAccessKey !== 'undefined'
        ) || (
-          credentials.role_arn && credentials.role_arn !== 'undefined' &&
-          credentials.source_profile && credentials.source_profile !== 'undefined'
+          // a role to assume has been successfully loaded, the associated STS request has been
+          // sent, and the temporary credentials will be asynchronously delivered.
+          credentials.roleArn
        )
      ) {
        result = true;
--- a/lib/plugins/aws/provider/awsProvider.test.js
+++ b/lib/plugins/aws/provider/awsProvider.test.js
@ -239,9 +239,7 @@ describe('AwsProvider', () => {
      secretAccessKey: '0123456789876543',
      sessionToken: '981237917391273918273918723987129837129873',
      roleArn: 'a:role:arn',
-      role_session_name: 'a-role-session-name',
-      external_id: 'external-id',
-      source_profile: 'notDefaultTemporary',
+      sourceProfile: 'notDefaultTemporary',
    };

    let originalProviderCredentials;
@ -265,8 +263,6 @@ describe('AwsProvider', () => {
        '\n' +
        '[notDefaultAsync]\n' +
        `role_arn = ${fakeCredentials.roleArn}\n` +
-        `role_session_name = ${fakeCredentials.roleSessionName}\n` +
-        `external_id = ${fakeCredentials.externalId}\n` +
        `source_profile = ${fakeCredentials.sourceProfile}\n`
      );
      newAwsProvider = new AwsProviderProxyquired(serverless, newOptions);
@ -327,16 +323,17 @@ describe('AwsProvider', () => {
      expect(credentials.credentials.sessionToken).to.equal(undefined);
    });

-    // TODO this test doesn't work but I don't think I have the proper set up to test it with
-    // TODO How to test the asynchronous/assumeRole based credentials loading capability?
-    // it('should load async profiles properly', () => {
-    //   serverless.service.provider.profile = 'notDefaultAsync';
-    //   const credentials = newAwsProvider.getCredentials();
-    //   expect(credentials.credentials.roleArn).to.equal(fakeCredentials.roleArn);
-    //   expect(credentials.credentials.roleSessionName).to.equal(fakeCredentials.roleSessionName);
-    //   expect(credentials.credentials.externalId).to.equal(fakeCredentials.externalId);
-    //   expect(credentials.credentials.sourceProfile).to.equal(fakeCredentials.sourceProfile);
-    // });
+    it('should load async profiles properly', () => {
+      serverless.service.provider.profile = 'notDefaultAsync';
+      const credentials = newAwsProvider.getCredentials();
+      expect(credentials.credentials.roleArn).to.equal(fakeCredentials.roleArn);
+    });
+
+    it('should not set credentials if a non-existent profile is set', () => {
+      serverless.service.provider.profile = 'not-a-defined-profile';
+      const credentials = newAwsProvider.getCredentials();
+      expect(credentials).to.eql({ region: newOptions.region });
+    });

    it('should not set credentials if empty profile is set', () => {
      serverless.service.provider.profile = '';
--- a/package.json
+++ b/package.json
@ -72,7 +72,7 @@
  "dependencies": {
    "archiver": "^1.1.0",
    "async": "^1.5.2",
-    "aws-sdk": "^2.3.17",
+    "aws-sdk": "^v2.7.10",
    "bluebird": "^3.4.0",
    "chalk": "^1.1.1",
    "download": "^5.0.2",