Skip to content

Commit

Permalink
Add support for AWS_SESSION_TOKEN temporary credentials
Browse files Browse the repository at this point in the history
  • Loading branch information
hayd committed Dec 9, 2019
1 parent d801894 commit d01b0bd
Show file tree
Hide file tree
Showing 3 changed files with 28 additions and 4 deletions.
13 changes: 10 additions & 3 deletions client/create_headers.ts
Original file line number Diff line number Diff line change
Expand Up @@ -19,11 +19,11 @@ export interface HeadersConfig extends ClientConfig {
}

/** Assembles a header object for a DynamoDB request. */
export function createHeaders(
export async function createHeaders(
op: string,
payload: Uint8Array,
conf: HeadersConfig
): Headers {
): Promise<Headers> {
const amzTarget: string = `DynamoDB_20120810.${op}`;

const amzDate: string = date.format(conf.date || new Date(), "amz");
Expand Down Expand Up @@ -67,10 +67,17 @@ export function createHeaders(
conf.cache.credentialScope
}, SignedHeaders=${signedHeaders}, Signature=${signature}`;

return new Headers({
const headers = new Headers({
"Content-Type": POST_CONTENT_TYPE,
"X-Amz-Date": amzDate,
"X-Amz-Target": amzTarget,
Authorization: authorizationHeader
});

// https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
if (conf.securityToken) {
headers.append("X-Amz-Security-Token", await conf.securityToken());
}

return headers
}
3 changes: 2 additions & 1 deletion mod.ts
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ export interface ClientConfig {
region: string; // us-west-2
canonicalUri?: string; // fx /path/to/somewhere
port?: number; // 8000
securityToken?: () => string | Promise<string>;
}

/** Op options. */
Expand Down Expand Up @@ -137,7 +138,7 @@ function createCache(conf: Doc): Doc {
async function baseFetch(conf: Doc, op: string, params: Doc): Promise<Doc> {
const payload: Uint8Array = encode(JSON.stringify(params), "utf8");

const headers: Headers = createHeaders(op, payload, conf as HeadersConfig);
const headers: Headers = await createHeaders(op, payload, conf as HeadersConfig);

const response: Response = await fetch(conf.endpoint, {
method: conf.method,
Expand Down
16 changes: 16 additions & 0 deletions test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -432,4 +432,20 @@ test({
}
});

test({
name: "test security token can be passed",
async fn(): Promise<void> {
// currently there's no way to test this is appended to the header
// but we include it in the ClientConfig.
const conf: ClientConfig = {
accessKeyId: ENV.ACCESS_KEY_ID,
secretAccessKey: ENV.SECRET_ACCESS_KEY,
region: "local",
securityToken: () => "test"
};
const ddbc: DynamoDBClient = createClient(conf);
const result: Doc = await ddbc.listTables();
}
});

runIfMain(import.meta);

0 comments on commit d01b0bd

Please sign in to comment.