credential_provider_chain.js
5.97 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
var AWS = require('../core');
/**
* Creates a credential provider chain that searches for AWS credentials
* in a list of credential providers specified by the {providers} property.
*
* By default, the chain will use the {defaultProviders} to resolve credentials.
* These providers will look in the environment using the
* {AWS.EnvironmentCredentials} class with the 'AWS' and 'AMAZON' prefixes.
*
* ## Setting Providers
*
* Each provider in the {providers} list should be a function that returns
* a {AWS.Credentials} object, or a hardcoded credentials object. The function
* form allows for delayed execution of the credential construction.
*
* ## Resolving Credentials from a Chain
*
* Call {resolve} to return the first valid credential object that can be
* loaded by the provider chain.
*
* For example, to resolve a chain with a custom provider that checks a file
* on disk after the set of {defaultProviders}:
*
* ```javascript
* var diskProvider = new AWS.FileSystemCredentials('./creds.json');
* var chain = new AWS.CredentialProviderChain();
* chain.providers.push(diskProvider);
* chain.resolve();
* ```
*
* The above code will return the `diskProvider` object if the
* file contains credentials and the `defaultProviders` do not contain
* any credential settings.
*
* @!attribute providers
* @return [Array<AWS.Credentials, Function>]
* a list of credentials objects or functions that return credentials
* objects. If the provider is a function, the function will be
* executed lazily when the provider needs to be checked for valid
* credentials. By default, this object will be set to the
* {defaultProviders}.
* @see defaultProviders
*/
AWS.CredentialProviderChain = AWS.util.inherit(AWS.Credentials, {
/**
* Creates a new CredentialProviderChain with a default set of providers
* specified by {defaultProviders}.
*/
constructor: function CredentialProviderChain(providers) {
if (providers) {
this.providers = providers;
} else {
this.providers = AWS.CredentialProviderChain.defaultProviders.slice(0);
}
this.resolveCallbacks = [];
},
/**
* @!method resolvePromise()
* Returns a 'thenable' promise.
* Resolves the provider chain by searching for the first set of
* credentials in {providers}.
*
* Two callbacks can be provided to the `then` method on the returned promise.
* The first callback will be called if the promise is fulfilled, and the second
* callback will be called if the promise is rejected.
* @callback fulfilledCallback function(credentials)
* Called if the promise is fulfilled and the provider resolves the chain
* to a credentials object
* @param credentials [AWS.Credentials] the credentials object resolved
* by the provider chain.
* @callback rejectedCallback function(error)
* Called if the promise is rejected.
* @param err [Error] the error object returned if no credentials are found.
* @return [Promise] A promise that represents the state of the `resolve` method call.
* @example Calling the `resolvePromise` method.
* var promise = chain.resolvePromise();
* promise.then(function(credentials) { ... }, function(err) { ... });
*/
/**
* Resolves the provider chain by searching for the first set of
* credentials in {providers}.
*
* @callback callback function(err, credentials)
* Called when the provider resolves the chain to a credentials object
* or null if no credentials can be found.
*
* @param err [Error] the error object returned if no credentials are
* found.
* @param credentials [AWS.Credentials] the credentials object resolved
* by the provider chain.
* @return [AWS.CredentialProviderChain] the provider, for chaining.
*/
resolve: function resolve(callback) {
var self = this;
if (self.providers.length === 0) {
callback(new Error('No providers'));
return self;
}
if (self.resolveCallbacks.push(callback) === 1) {
var index = 0;
var providers = self.providers.slice(0);
function resolveNext(err, creds) {
if ((!err && creds) || index === providers.length) {
AWS.util.arrayEach(self.resolveCallbacks, function (callback) {
callback(err, creds);
});
self.resolveCallbacks.length = 0;
return;
}
var provider = providers[index++];
if (typeof provider === 'function') {
creds = provider.call();
} else {
creds = provider;
}
if (creds.get) {
creds.get(function (getErr) {
resolveNext(getErr, getErr ? null : creds);
});
} else {
resolveNext(null, creds);
}
}
resolveNext();
}
return self;
}
});
/**
* The default set of providers used by a vanilla CredentialProviderChain.
*
* In the browser:
*
* ```javascript
* AWS.CredentialProviderChain.defaultProviders = []
* ```
*
* In Node.js:
*
* ```javascript
* AWS.CredentialProviderChain.defaultProviders = [
* function () { return new AWS.EnvironmentCredentials('AWS'); },
* function () { return new AWS.EnvironmentCredentials('AMAZON'); },
* function () { return new AWS.SharedIniFileCredentials(); },
* function () { return new AWS.ECSCredentials(); },
* function () { return new AWS.ProcessCredentials(); },
* function () { return new AWS.TokenFileWebIdentityCredentials(); },
* function () { return new AWS.EC2MetadataCredentials() }
* ]
* ```
*/
AWS.CredentialProviderChain.defaultProviders = [];
/**
* @api private
*/
AWS.CredentialProviderChain.addPromisesToClass = function addPromisesToClass(PromiseDependency) {
this.prototype.resolvePromise = AWS.util.promisifyMethod('resolve', PromiseDependency);
};
/**
* @api private
*/
AWS.CredentialProviderChain.deletePromisesFromClass = function deletePromisesFromClass() {
delete this.prototype.resolvePromise;
};
AWS.util.addPromises(AWS.CredentialProviderChain);