From 848bd1b3194a7972dfd179325de264813cadd0ab Mon Sep 17 00:00:00 2001 From: AllanZhengYP Date: Thu, 25 Feb 2021 11:26:45 -0800 Subject: [PATCH] fix(credential-provider-sso): address README feedbacks Co-authored-by: Trivikram Kamat <16024985+trivikr@users.noreply.github.com> --- .../src/index.spec.ts | 2 +- packages/credential-provider-sso/README.md | 27 ++++++++++--------- packages/credential-provider-sso/src/index.ts | 10 +++---- .../src/ProviderError.spec.ts | 4 +-- 4 files changed, 22 insertions(+), 21 deletions(-) diff --git a/packages/credential-provider-node/src/index.spec.ts b/packages/credential-provider-node/src/index.spec.ts index 68165b79cf131..d8c1f31326504 100644 --- a/packages/credential-provider-node/src/index.spec.ts +++ b/packages/credential-provider-node/src/index.spec.ts @@ -469,7 +469,7 @@ describe("defaultProvider", () => { expect((fromInstanceMetadata() as any).mock.calls.length).toBe(0); }); - it("should on consult SSO provider if the profile environment variable has been set", async () => { + it("should only consult SSO provider if the profile environment variable has been set", async () => { const creds = { accessKeyId: "foo", secretAccessKey: "bar", diff --git a/packages/credential-provider-sso/README.md b/packages/credential-provider-sso/README.md index b5d8925bcc6b2..ef3e654b9e3b6 100644 --- a/packages/credential-provider-sso/README.md +++ b/packages/credential-provider-sso/README.md @@ -3,14 +3,14 @@ [![NPM version](https://img.shields.io/npm/v/@aws-sdk/credential-provider-sso/latest.svg)](https://www.npmjs.com/package/@aws-sdk/credential-provider-sso) [![NPM downloads](https://img.shields.io/npm/dm/@aws-sdk/credential-provider-sso.svg)](https://www.npmjs.com/package/@aws-sdk/credential-provider-sso) -## AWS Credential Provider for Node.JS - AWS Single Sign-On(SSO) +## AWS Credential Provider for Node.js - AWS Single Sign-On (SSO) This module provides a function, `fromSSO` that will create `CredentialProvider` functions that read from [AWS SDKs and Tools shared configuration and credentials files](https://docs.aws.amazon.com/credref/latest/refdocs/creds-config-files.html)(Profile appears in the credentials file will be given precedence over the profile found in the config file). This provider will load the _resolved_ access token on local disk, and then request temporary AWS credentials. For the guidance over AWS Single -Sign-On service, please refer to [the service document](https://aws.amazon.com/single-sign-on/) +Sign-On service, please refer to [the service document](https://aws.amazon.com/single-sign-on/). ## Supported configuration @@ -18,14 +18,14 @@ You may customize how credentials are resolved by providing an options hash to the `fromSSO` factory function. The following options are supported: - `profile` - The configuration profile to use. If not specified, the provider - will use the value in the `AWS_PROFILE` environment variable or a default of - `default`. + will use the value in the `AWS_PROFILE` environment variable or `default` by + default. - `filepath` - The path to the shared credentials file. If not specified, the provider will use the value in the `AWS_SHARED_CREDENTIALS_FILE` environment - variable or a default of `~/.aws/credentials`. + variable or `~/.aws/credentials` by default. - `configFilepath` - The path to the shared config file. If not specified, the - provider will use the value in the `AWS_CONFIG_FILE` environment variable or a - default of `~/.aws/config`. + provider will use the value in the `AWS_CONFIG_FILE` environment variable or + `~/.aws/config` by default. - `ssoClient` - The SSO Client that used to request AWS credentials with the SSO access token. If not specified, a default SSO client will be created with the region specified in the profile `sso_region` entry. @@ -36,11 +36,13 @@ This credential provider relies on [AWS CLI](https://docs.aws.amazon.com/cli/lat to login to an AWS SSO session. Here's a brief walk-through: 1. Create a new AWS SSO enabled profile using AWS CLI. It will ask you to login - to your AWS organization and prompt for the name of the profile, let's - say `my-sso-profile`: + to your AWS SSO account and prompt for the name of the profile: ```console aws configure sso +... +... +CLI profile name [123456789011_ReadOnly]: my-sso-profile ``` 2. Configure you SDK client with the SSO credential provider: @@ -52,7 +54,7 @@ import { fromSSO } from "@aws-sdk/credential-provider-sso"; // ES6 example const client = new FooClient({ credentials: fromSSO({ profile: "my-sso-profile" }); ``` -Alternatively, the SSO credential provider supported in default Node.js credential +Alternatively, the SSO credential provider is supported in default Node.js credential provider: ```javascript @@ -62,10 +64,11 @@ import { defaultProvider } from "@aws-sdk/credential-provider-node"; // ES6 exam const client = new FooClient({ credentials: defaultProvider({ profile: "my-sso-profile" }); ``` -3. To log out from the current SSO session, with AWS CLI: +3. To log out from the current SSO session, use AWS CLI: ```console -aws sso logout +$ aws sso logout +Successfully signed out of all SSO profiles. ``` ## Sample files diff --git a/packages/credential-provider-sso/src/index.ts b/packages/credential-provider-sso/src/index.ts index 8921275ac2c53..feb11c471ee84 100755 --- a/packages/credential-provider-sso/src/index.ts +++ b/packages/credential-provider-sso/src/index.ts @@ -8,7 +8,7 @@ import { readFileSync } from "fs"; import { join } from "path"; /** - * The time window(15 mins) that SDK will treat the SSO token expired before the defined expiration date in token. + * The time window (15 mins) that SDK will treat the SSO token expires in before the defined expiration date in token. * This is needed because server side may have invalidated the token before the defined expiration date. * * @internal @@ -53,11 +53,11 @@ const resolveSSOCredentials = async ( } const { sso_start_url: startUrl, sso_account_id: accountId, sso_region: region, sso_role_name: roleName } = profile; if (!startUrl && !accountId && !region && !roleName) { - throw new ProviderError(`Profile ${profileName} is not configured with SSO credential`); + throw new ProviderError(`Profile ${profileName} is not configured with SSO credentials.`); } if (!startUrl || !accountId || !region || !roleName) { throw new ProviderError( - `Profile ${profileName} is not a valid SSO credential. Required parameters "sso_account_id", "sso_region", ` + + `Profile ${profileName} does not have valid SSO credentials. Required parameters "sso_account_id", "sso_region", ` + `"sso_role_name", "sso_start_url". Reference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`, SHOULD_FAIL_CREDENTIAL_CHAIN ); @@ -68,10 +68,8 @@ const resolveSSOCredentials = async ( let token: SSOToken; try { token = JSON.parse(readFileSync(tokenFile, { encoding: "utf-8" })); - // console.log("tokenFile", token); - // console.log("now", new Date().toISOString()); if (new Date(token.expiresAt).getTime() - Date.now() <= EXPIRE_WINDOW_MS) { - throw new Error("Token is expired"); + throw new Error("SSO token is expired."); } } catch (e) { throw new ProviderError( diff --git a/packages/property-provider/src/ProviderError.spec.ts b/packages/property-provider/src/ProviderError.spec.ts index d0f0514d98379..a9dfd6a21d2d4 100644 --- a/packages/property-provider/src/ProviderError.spec.ts +++ b/packages/property-provider/src/ProviderError.spec.ts @@ -12,10 +12,10 @@ describe("ProviderError", () => { describe("from()", () => { it("should create ProviderError from existing error", () => { const error = new Error("PANIC"); - //@ts-expect-error + // @ts-expect-error Property 'someValue' does not exist on type 'Error'. error.someValue = "foo"; const providerError = ProviderError.from(error); - //@ts-expect-error + // @ts-expect-error Property 'someValue' does not exist on type 'ProviderError'. expect(providerError.someValue).toBe("foo"); expect(providerError.tryNextLink).toBe(true); });