forked from aws/aws-toolkit-vscode
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathecsCredentialsProvider.ts
86 lines (72 loc) · 2.88 KB
/
ecsCredentialsProvider.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
/*!
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
* SPDX-License-Identifier: Apache-2.0
*/
import { Credentials, CredentialProvider } from '@aws-sdk/types'
import { fromContainerMetadata } from '@smithy/credential-provider-imds'
import { EnvironmentVariables } from '../../shared/environmentVariables'
import { CredentialType } from '../../shared/telemetry/telemetry.gen'
import { getStringHash } from '../../shared/utilities/textUtilities'
import { CredentialsId, CredentialsProvider, CredentialsProviderType } from './credentials'
import { getLogger } from '../../shared/logger/logger'
import globals from '../../shared/extensionGlobals'
/**
* Credentials received from ECS containers.
*
* @see CredentialsProviderType
*/
export class EcsCredentialsProvider implements CredentialsProvider {
private available: boolean | undefined
private readonly createTime = Date.now()
public constructor(private provider: CredentialProvider = fromContainerMetadata()) {}
public async isAvailable(): Promise<boolean> {
// this check is only performed once per activation
if (this.available !== undefined) {
return Promise.resolve(this.available)
}
this.available = false
const env = process.env as EnvironmentVariables
if (env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI || env.AWS_CONTAINER_CREDENTIALS_FULL_URI) {
const start = globals.clock.Date.now()
try {
await this.provider()
getLogger().verbose(`credentials: retrieved ECS container credentials`)
this.available = true
} catch (err) {
getLogger().warn(`credentials: no role (or invalid) attached to ECS container: ${err}`)
} finally {
const elapsed = globals.clock.Date.now() - start
getLogger().verbose(`credentials: ECS metadata credentials call took ${elapsed}ms`)
}
}
return this.available
}
public getCredentialsId(): CredentialsId {
return {
credentialSource: this.getProviderType(),
credentialTypeId: 'instance',
}
}
public static getProviderType(): CredentialsProviderType {
return 'ecs'
}
public getProviderType(): CredentialsProviderType {
return EcsCredentialsProvider.getProviderType()
}
public getTelemetryType(): CredentialType {
return 'ecsMetatdata'
}
public getDefaultRegion(): string | undefined {
const env = process.env as EnvironmentVariables
return env.AWS_DEFAULT_REGION
}
public getHashCode(): string {
return getStringHash(this.getProviderType() + `-${this.createTime}`)
}
public async canAutoConnect(): Promise<boolean> {
return true
}
public async getCredentials(): Promise<Credentials> {
return this.provider()
}
}