git-off

git off handles large files in git repos
git clone https://noulin.net/git/git-off.git
Log | Files | Refs | README

temporary_credentials.js (4193B)

      1 var AWS = require('../core');
      2 var STS = require('../../clients/sts');
      3 
      4 /**
      5  * Represents temporary credentials retrieved from {AWS.STS}. Without any
      6  * extra parameters, credentials will be fetched from the
      7  * {AWS.STS.getSessionToken} operation. If an IAM role is provided, the
      8  * {AWS.STS.assumeRole} operation will be used to fetch credentials for the
      9  * role instead.
     10  *
     11  * To setup temporary credentials, configure a set of master credentials
     12  * using the standard credentials providers (environment, EC2 instance metadata,
     13  * or from the filesystem), then set the global credentials to a new
     14  * temporary credentials object:
     15  *
     16  * ```javascript
     17  * // Note that environment credentials are loaded by default,
     18  * // the following line is shown for clarity:
     19  * AWS.config.credentials = new AWS.EnvironmentCredentials('AWS');
     20  *
     21  * // Now set temporary credentials seeded from the master credentials
     22  * AWS.config.credentials = new AWS.TemporaryCredentials();
     23  *
     24  * // subsequent requests will now use temporary credentials from AWS STS.
     25  * new AWS.S3().listBucket(function(err, data) { ... });
     26  * ```
     27  *
     28  * @!attribute masterCredentials
     29  *   @return [AWS.Credentials] the master (non-temporary) credentials used to
     30  *     get and refresh temporary credentials from AWS STS.
     31  * @note (see constructor)
     32  */
     33 AWS.TemporaryCredentials = AWS.util.inherit(AWS.Credentials, {
     34   /**
     35    * Creates a new temporary credentials object.
     36    *
     37    * @note In order to create temporary credentials, you first need to have
     38    *   "master" credentials configured in {AWS.Config.credentials}. These
     39    *   master credentials are necessary to retrieve the temporary credentials,
     40    *   as well as refresh the credentials when they expire.
     41    * @param params [map] a map of options that are passed to the
     42    *   {AWS.STS.assumeRole} or {AWS.STS.getSessionToken} operations.
     43    *   If a `RoleArn` parameter is passed in, credentials will be based on the
     44    *   IAM role.
     45    * @example Creating a new credentials object for generic temporary credentials
     46    *   AWS.config.credentials = new AWS.TemporaryCredentials();
     47    * @example Creating a new credentials object for an IAM role
     48    *   AWS.config.credentials = new AWS.TemporaryCredentials({
     49    *     RoleArn: 'arn:aws:iam::1234567890:role/TemporaryCredentials',
     50    *   });
     51    * @see AWS.STS.assumeRole
     52    * @see AWS.STS.getSessionToken
     53    */
     54   constructor: function TemporaryCredentials(params) {
     55     AWS.Credentials.call(this);
     56     this.loadMasterCredentials();
     57     this.expired = true;
     58 
     59     this.params = params || {};
     60     if (this.params.RoleArn) {
     61       this.params.RoleSessionName =
     62         this.params.RoleSessionName || 'temporary-credentials';
     63     }
     64   },
     65 
     66   /**
     67    * Refreshes credentials using {AWS.STS.assumeRole} or
     68    * {AWS.STS.getSessionToken}, depending on whether an IAM role ARN was passed
     69    * to the credentials {constructor}.
     70    *
     71    * @callback callback function(err)
     72    *   Called when the STS service responds (or fails). When
     73    *   this callback is called with no error, it means that the credentials
     74    *   information has been loaded into the object (as the `accessKeyId`,
     75    *   `secretAccessKey`, and `sessionToken` properties).
     76    *   @param err [Error] if an error occurred, this value will be filled
     77    * @see get
     78    */
     79   refresh: function refresh(callback) {
     80     var self = this;
     81     self.createClients();
     82     if (!callback) callback = function(err) { if (err) throw err; };
     83 
     84     self.service.config.credentials = self.masterCredentials;
     85     var operation = self.params.RoleArn ?
     86       self.service.assumeRole : self.service.getSessionToken;
     87     operation.call(self.service, function (err, data) {
     88       if (!err) {
     89         self.service.credentialsFrom(data, self);
     90       }
     91       callback(err);
     92     });
     93   },
     94 
     95   /**
     96    * @api private
     97    */
     98   loadMasterCredentials: function loadMasterCredentials() {
     99     this.masterCredentials = AWS.config.credentials;
    100     while (this.masterCredentials.masterCredentials) {
    101       this.masterCredentials = this.masterCredentials.masterCredentials;
    102     }
    103   },
    104 
    105   /**
    106    * @api private
    107    */
    108   createClients: function() {
    109     this.service = this.service || new STS({params: this.params});
    110   }
    111 
    112 });