Remove Amazon IAM.

2026-01-23 17:17:36 +08:00
parent 0e2ab78d6e
commit 73871ce238
6 changed files with 65 additions and 2518 deletions
--- a/src/api/endpoints/auth.ts
+++ b/src/api/endpoints/auth.ts
@@ -2,8 +2,6 @@ import { ApiClient } from "../base";
 import {
  UniversalAuthLoginRequest,
  UniversalAuthLoginResponse,
-  AwsIamAuthLoginRequest,
-  AwsIamAuthLoginResponse,
  TokenRenewRequest,
  TokenRenewResponse,
 } from "../types";
@@ -20,15 +18,6 @@ export class AuthApi {
    );
  }

-  async awsIamAuthLogin(
-    data: AwsIamAuthLoginRequest
-  ): Promise<AwsIamAuthLoginResponse> {
-    return this.apiClient.post<AwsIamAuthLoginResponse>(
-      "/api/v1/auth/aws-auth/login",
-      data
-    );
-  }
-
  async renewToken(data: TokenRenewRequest): Promise<TokenRenewResponse> {
    return this.apiClient.post<TokenRenewResponse>(
      "/api/v1/auth/token/renew",
--- a/src/api/types/auth.ts
+++ b/src/api/types/auth.ts
@@ -8,18 +8,6 @@ export interface UniversalAuthLoginResponse {
  expiresIn: number;
 }

-export interface AwsIamAuthLoginRequest {
-  identityId: string;
-  iamHttpRequestMethod: string;
-  iamRequestBody: string;
-  iamRequestHeaders: string;
-}
-
-export interface AwsIamAuthLoginResponse {
-  accessToken: string;
-  expiresIn: number;
-}
-
 export interface TokenRenewRequest {
  accessToken: string;
 }
--- a/src/custom/auth.ts
+++ b/src/custom/auth.ts
@@ -1,16 +1,10 @@
 import { InfisicalSDK } from "..";
 import { AuthApi } from "../api/endpoints/auth";
 import { UniversalAuthLoginRequest } from "../api/types";
-import { MACHINE_IDENTITY_ID_ENV_NAME } from "./constants";
 import { InfisicalSDKError, newInfisicalError } from "./errors";
-import { getAwsRegion, performAwsIamLogin } from "./util";

 type AuthenticatorFunction = (accessToken: string) => InfisicalSDK;

-type AwsAuthLoginOptions = {
-  identityId?: string;
-};
-
 export const renewToken = async (apiClient: AuthApi, token?: string) => {
  try {
    if (!token) {
@@ -33,47 +27,6 @@ export default class AuthClient {
    private _accessToken?: string
  ) {}

-  awsIamAuth = {
-    login: async (options?: AwsAuthLoginOptions) => {
-      try {
-        const identityId =
-          options?.identityId || process.env[MACHINE_IDENTITY_ID_ENV_NAME];
-        if (!identityId) {
-          throw new InfisicalSDKError(
-            "Identity ID is required for AWS IAM authentication"
-          );
-        }
-
-        const iamRequest = await performAwsIamLogin(await getAwsRegion());
-        const res = await this.apiClient.awsIamAuthLogin({
-          iamHttpRequestMethod: iamRequest.iamHttpRequestMethod,
-          iamRequestBody: Buffer.from(iamRequest.iamRequestBody).toString(
-            "base64"
-          ),
-          iamRequestHeaders: Buffer.from(
-            JSON.stringify(iamRequest.iamRequestHeaders)
-          ).toString("base64"),
-          identityId,
-        });
-
-        return this.sdkAuthenticator(res.accessToken);
-      } catch (err) {
-        throw newInfisicalError(err);
-      }
-    },
-    renew: async () => {
-      try {
-        const refreshedToken = await renewToken(
-          this.apiClient,
-          this._accessToken
-        );
-        return this.sdkAuthenticator(refreshedToken.accessToken);
-      } catch (err) {
-        throw newInfisicalError(err);
-      }
-    },
-  };
-
  universalAuth = {
    login: async (options: UniversalAuthLoginRequest) => {
      try {
--- a/src/custom/constants.ts
+++ b/src/custom/constants.ts
@@ -1,3 +0,0 @@
-export const MACHINE_IDENTITY_ID_ENV_NAME = "INFISICAL_MACHINE_IDENTITY_ID";
-export const AWS_TOKEN_METADATA_URI = "http://169.254.169.254/latest/api/token";
-export const AWS_IDENTITY_DOCUMENT_URI = "http://169.254.169.254/latest/dynamic/instance-identity/document";