(esRequest, parent)
| 12 | } |
| 13 | |
| 14 | const aws4signer = async (esRequest, parent) => { |
| 15 | // Consider deprecating - insecure to use on command line and credentials can be found by default at ~/.aws/credentials or as environment variables |
| 16 | const useAwsCredentials = ((typeof parent.options.awsAccessKeyId === 'string') && (typeof parent.options.awsSecretAccessKey === 'string')) |
| 17 | // Consider deprecating - can be achieved with awsChain and setting AWS_PROFILE and AWS_CONFIG_FILE environment variables as needed |
| 18 | const useAwsProfile = (typeof parent.options.awsIniFileProfile === 'string') |
| 19 | const useAwsChain = (parent.options.awsChain === true) |
| 20 | const awsUrlRegex = new RegExp(parent.options.awsUrlRegex || /^https?:\/\/.*\.amazonaws\.com.*$/) |
| 21 | |
| 22 | if (!awsUrlRegex.test(esRequest.url) && !awsUrlRegex.test(esRequest.uri)) { |
| 23 | return |
| 24 | } |
| 25 | |
| 26 | if (useAwsCredentials || useAwsProfile || useAwsChain) { |
| 27 | // Lazy load credentials object depending on our flavor of credential loading |
| 28 | // Assumption is that loading only needs to happen once per execution and if refreshing is |
| 29 | // needed, credentials object should implement credentials.refresh() callback |
| 30 | if (!credentials) { |
| 31 | if (useAwsChain) { |
| 32 | isAwsCredentials = true |
| 33 | credentials = await new AWS.CredentialProviderChain().resolvePromise() |
| 34 | } else if (useAwsCredentials) { |
| 35 | credentials = { |
| 36 | accessKeyId: parent.options.awsAccessKeyId, |
| 37 | secretAccessKey: parent.options.awsSecretAccessKey, |
| 38 | sessionToken: parent.options.sessionToken |
| 39 | } |
| 40 | } else if (useAwsProfile) { |
| 41 | isAwsCredentials = true |
| 42 | credentials = new AWS.SharedIniFileCredentials({ |
| 43 | profile: parent.options.awsIniFileProfile, |
| 44 | filename: path.join(os.homedir(), '.aws', parent.options.awsIniFileName ? parent.options.awsIniFileName : 'config') |
| 45 | }) |
| 46 | } |
| 47 | } |
| 48 | |
| 49 | // get aws required stuff from uri or url |
| 50 | let esURL = '' |
| 51 | if ((esRequest.uri !== undefined) && (esRequest.uri !== null)) { |
| 52 | esURL = esRequest.uri |
| 53 | } else if ((esRequest.url !== undefined) && (esRequest.url !== null)) { |
| 54 | esURL = esRequest.url |
| 55 | } |
| 56 | |
| 57 | const urlObj = new URL(esURL) |
| 58 | |
| 59 | if (parent.options.awsService) { |
| 60 | esRequest.service = parent.options.awsService |
| 61 | } |
| 62 | |
| 63 | if (parent.options.awsRegion) { |
| 64 | esRequest.region = parent.options.awsRegion |
| 65 | } |
| 66 | |
| 67 | // checks if the token needs to be refreshed |
| 68 | // if it does it's refreshed |
| 69 | if (isAwsCredentials) { |
| 70 | await credentials.getPromise() |
| 71 | } |
no test coverage detected