Merge pull request #22 from Infisical/daniel/update-aws-sdk
fix: removal of aws-sdk dependency
This commit is contained in:
Daniel Hougaard
1987
package-lock.json
generated
1987
package-lock.json
generated
File diff suppressed because it is too large
Load Diff
@@ -28,7 +28,10 @@
|
|||||||
"tsup": "^8.2.4"
|
"tsup": "^8.2.4"
|
||||||
},
|
},
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"aws-sdk": "2.1311.0",
|
"@aws-crypto/sha256-js": "^5.2.0",
|
||||||
|
"@aws-sdk/credential-providers": "^3.758.0",
|
||||||
|
"@aws-sdk/protocol-http": "^3.370.0",
|
||||||
|
"@aws-sdk/signature-v4": "^3.370.0",
|
||||||
"axios": "^1.7.5",
|
"axios": "^1.7.5",
|
||||||
"typescript": "^5.5.4",
|
"typescript": "^5.5.4",
|
||||||
"zod": "^3.23.8"
|
"zod": "^3.23.8"
|
||||||
|
|||||||
@@ -1,6 +1,11 @@
|
|||||||
import axios from "axios";
|
import axios from "axios";
|
||||||
import { AWS_IDENTITY_DOCUMENT_URI, AWS_TOKEN_METADATA_URI } from "./constants";
|
import { AWS_IDENTITY_DOCUMENT_URI, AWS_TOKEN_METADATA_URI } from "./constants";
|
||||||
import AWS from "aws-sdk";
|
|
||||||
|
import { Sha256 } from "@aws-crypto/sha256-js";
|
||||||
|
import { fromNodeProviderChain } from "@aws-sdk/credential-providers";
|
||||||
|
import { HttpRequest } from "@aws-sdk/protocol-http";
|
||||||
|
import { SignatureV4 } from "@aws-sdk/signature-v4";
|
||||||
|
|
||||||
import { InfisicalSDKError } from "./errors";
|
import { InfisicalSDKError } from "./errors";
|
||||||
import { Secret } from "../api/types";
|
import { Secret } from "../api/types";
|
||||||
|
|
||||||
@@ -44,22 +49,11 @@ export const getAwsRegion = async () => {
|
|||||||
};
|
};
|
||||||
|
|
||||||
export const performAwsIamLogin = async (region: string) => {
|
export const performAwsIamLogin = async (region: string) => {
|
||||||
AWS.config.update({
|
const credentials = await fromNodeProviderChain()();
|
||||||
region
|
|
||||||
});
|
|
||||||
|
|
||||||
await new Promise<{ sessionToken?: string; accessKeyId: string; secretAccessKey: string }>((resolve, reject) => {
|
if (!credentials.accessKeyId || !credentials.secretAccessKey) {
|
||||||
AWS.config.getCredentials((err, res) => {
|
throw new InfisicalSDKError("Credentials not found");
|
||||||
if (err) {
|
}
|
||||||
throw err;
|
|
||||||
} else {
|
|
||||||
if (!res) {
|
|
||||||
throw new InfisicalSDKError("Credentials not found");
|
|
||||||
}
|
|
||||||
return resolve(res);
|
|
||||||
}
|
|
||||||
});
|
|
||||||
});
|
|
||||||
|
|
||||||
const iamRequestURL = `https://sts.${region}.amazonaws.com/`;
|
const iamRequestURL = `https://sts.${region}.amazonaws.com/`;
|
||||||
const iamRequestBody = "Action=GetCallerIdentity&Version=2011-06-15";
|
const iamRequestBody = "Action=GetCallerIdentity&Version=2011-06-15";
|
||||||
@@ -68,23 +62,40 @@ export const performAwsIamLogin = async (region: string) => {
|
|||||||
Host: `sts.${region}.amazonaws.com`
|
Host: `sts.${region}.amazonaws.com`
|
||||||
};
|
};
|
||||||
|
|
||||||
const request = new AWS.HttpRequest(new AWS.Endpoint(iamRequestURL), region);
|
const request = new HttpRequest({
|
||||||
request.method = "POST";
|
protocol: "https:",
|
||||||
request.headers = iamRequestHeaders;
|
hostname: `sts.${region}.amazonaws.com`,
|
||||||
|
path: "/",
|
||||||
|
method: "POST",
|
||||||
|
headers: {
|
||||||
|
...iamRequestHeaders,
|
||||||
|
"Content-Length": String(Buffer.byteLength(iamRequestBody))
|
||||||
|
},
|
||||||
|
body: iamRequestBody
|
||||||
|
});
|
||||||
|
|
||||||
// @ts-expect-error -- .util is not typed
|
const signer = new SignatureV4({
|
||||||
request.headers["X-Amz-Date"] = AWS.util.date.iso8601(new Date()).replace(/[:-]|\.\d{3}/g, "");
|
credentials,
|
||||||
request.body = iamRequestBody;
|
region,
|
||||||
request.headers["Content-Length"] = String(Buffer.byteLength(iamRequestBody));
|
service: "sts",
|
||||||
|
sha256: Sha256
|
||||||
|
});
|
||||||
|
|
||||||
// @ts-expect-error -- .Signers is not typed
|
const signedRequest = await signer.sign(request);
|
||||||
const signer = new AWS.Signers.V4(request, "sts");
|
|
||||||
signer.addAuthorization(AWS.config.credentials, new Date());
|
const headers: Record<string, string> = {};
|
||||||
|
Object.entries(signedRequest.headers).forEach(([key, value]) => {
|
||||||
|
if (typeof value === "string") {
|
||||||
|
// Normalize Authorization header to proper case
|
||||||
|
const normalizedKey = key.toLowerCase() === "authorization" ? "Authorization" : key;
|
||||||
|
headers[normalizedKey] = value;
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
return {
|
return {
|
||||||
iamHttpRequestMethod: "POST",
|
iamHttpRequestMethod: "POST",
|
||||||
iamRequestUrl: iamRequestURL,
|
iamRequestUrl: iamRequestURL,
|
||||||
iamRequestBody: iamRequestBody,
|
iamRequestBody: iamRequestBody,
|
||||||
iamRequestHeaders: iamRequestHeaders
|
iamRequestHeaders: headers
|
||||||
} as const;
|
};
|
||||||
};
|
};
|
||||||
|
|||||||
13
test/aws_auth.ts
Normal file
13
test/aws_auth.ts
Normal file
@@ -0,0 +1,13 @@
|
|||||||
|
import { InfisicalSDK } from "../src";
|
||||||
|
|
||||||
|
(async () => {
|
||||||
|
const client = new InfisicalSDK({
|
||||||
|
siteUrl: "https://app.infisical.com" // Optional, defaults to https://app.infisical.com
|
||||||
|
});
|
||||||
|
|
||||||
|
await client.auth().awsIamAuth.login({
|
||||||
|
identityId: "b1c540b8-4ca6-407e-8ce5-6696e8db50c4"
|
||||||
|
});
|
||||||
|
|
||||||
|
console.log(client.auth().getAccessToken());
|
||||||
|
})();
|
||||||
@@ -38,7 +38,8 @@ import { InfisicalSDK } from "../src";
|
|||||||
const folder = await client.folders().create({
|
const folder = await client.folders().create({
|
||||||
name: "test-folder",
|
name: "test-folder",
|
||||||
projectId: project.id,
|
projectId: project.id,
|
||||||
environment: environment.slug
|
environment: environment.slug,
|
||||||
|
path: "/"
|
||||||
});
|
});
|
||||||
|
|
||||||
console.log("Inviting member to project");
|
console.log("Inviting member to project");
|
||||||
|
|||||||
Reference in New Issue
Block a user