mongodb 6.20.0-dev.20250924.sha.81a7951f → 6.20.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/cmap/auth/aws_temporary_credentials.js +58 -10
- package/lib/cmap/auth/aws_temporary_credentials.js.map +1 -1
- package/lib/cmap/auth/mongodb_aws.js +4 -1
- package/lib/cmap/auth/mongodb_aws.js.map +1 -1
- package/package.json +2 -2
- package/src/cmap/auth/aws_temporary_credentials.ts +70 -12
- package/src/cmap/auth/mongodb_aws.ts +11 -4
|
@@ -1,30 +1,46 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.AWSSDKCredentialProvider = void 0;
|
|
3
|
+
exports.LegacyAWSTemporaryCredentialProvider = exports.AWSSDKCredentialProvider = exports.AWSTemporaryCredentialProvider = void 0;
|
|
4
4
|
const deps_1 = require("../../deps");
|
|
5
5
|
const error_1 = require("../../error");
|
|
6
|
+
const utils_1 = require("../../utils");
|
|
7
|
+
const AWS_RELATIVE_URI = 'http://169.254.170.2';
|
|
8
|
+
const AWS_EC2_URI = 'http://169.254.169.254';
|
|
9
|
+
const AWS_EC2_PATH = '/latest/meta-data/iam/security-credentials';
|
|
10
|
+
/**
|
|
11
|
+
* @internal
|
|
12
|
+
*
|
|
13
|
+
* Fetches temporary AWS credentials.
|
|
14
|
+
*/
|
|
15
|
+
class AWSTemporaryCredentialProvider {
|
|
16
|
+
static get awsSDK() {
|
|
17
|
+
AWSTemporaryCredentialProvider._awsSDK ??= (0, deps_1.getAwsCredentialProvider)();
|
|
18
|
+
return AWSTemporaryCredentialProvider._awsSDK;
|
|
19
|
+
}
|
|
20
|
+
static get isAWSSDKInstalled() {
|
|
21
|
+
return !('kModuleError' in AWSTemporaryCredentialProvider.awsSDK);
|
|
22
|
+
}
|
|
23
|
+
}
|
|
24
|
+
exports.AWSTemporaryCredentialProvider = AWSTemporaryCredentialProvider;
|
|
6
25
|
/** @internal */
|
|
7
|
-
class AWSSDKCredentialProvider {
|
|
26
|
+
class AWSSDKCredentialProvider extends AWSTemporaryCredentialProvider {
|
|
8
27
|
/**
|
|
9
28
|
* Create the SDK credentials provider.
|
|
10
29
|
* @param credentialsProvider - The credentials provider.
|
|
11
30
|
*/
|
|
12
31
|
constructor(credentialsProvider) {
|
|
32
|
+
super();
|
|
13
33
|
if (credentialsProvider) {
|
|
14
34
|
this._provider = credentialsProvider;
|
|
15
35
|
}
|
|
16
36
|
}
|
|
17
|
-
static get awsSDK() {
|
|
18
|
-
AWSSDKCredentialProvider._awsSDK ??= (0, deps_1.getAwsCredentialProvider)();
|
|
19
|
-
return AWSSDKCredentialProvider._awsSDK;
|
|
20
|
-
}
|
|
21
37
|
/**
|
|
22
38
|
* The AWS SDK caches credentials automatically and handles refresh when the credentials have expired.
|
|
23
39
|
* To ensure this occurs, we need to cache the `provider` returned by the AWS sdk and re-use it when fetching credentials.
|
|
24
40
|
*/
|
|
25
41
|
get provider() {
|
|
26
|
-
if ('kModuleError' in
|
|
27
|
-
throw
|
|
42
|
+
if ('kModuleError' in AWSTemporaryCredentialProvider.awsSDK) {
|
|
43
|
+
throw AWSTemporaryCredentialProvider.awsSDK.kModuleError;
|
|
28
44
|
}
|
|
29
45
|
if (this._provider) {
|
|
30
46
|
return this._provider;
|
|
@@ -67,10 +83,10 @@ class AWSSDKCredentialProvider {
|
|
|
67
83
|
(AWS_STS_REGIONAL_ENDPOINTS === 'legacy' && !LEGACY_REGIONS.has(AWS_REGION));
|
|
68
84
|
this._provider =
|
|
69
85
|
awsRegionSettingsExist && useRegionalSts
|
|
70
|
-
?
|
|
86
|
+
? AWSTemporaryCredentialProvider.awsSDK.fromNodeProviderChain({
|
|
71
87
|
clientConfig: { region: AWS_REGION }
|
|
72
88
|
})
|
|
73
|
-
:
|
|
89
|
+
: AWSTemporaryCredentialProvider.awsSDK.fromNodeProviderChain();
|
|
74
90
|
return this._provider;
|
|
75
91
|
}
|
|
76
92
|
async getCredentials() {
|
|
@@ -99,4 +115,36 @@ class AWSSDKCredentialProvider {
|
|
|
99
115
|
}
|
|
100
116
|
}
|
|
101
117
|
exports.AWSSDKCredentialProvider = AWSSDKCredentialProvider;
|
|
118
|
+
/**
|
|
119
|
+
* @internal
|
|
120
|
+
* Fetches credentials manually (without the AWS SDK), as outlined in the [Obtaining Credentials](https://github.com/mongodb/specifications/blob/master/source/auth/auth.md#obtaining-credentials)
|
|
121
|
+
* section of the Auth spec.
|
|
122
|
+
*/
|
|
123
|
+
class LegacyAWSTemporaryCredentialProvider extends AWSTemporaryCredentialProvider {
|
|
124
|
+
async getCredentials() {
|
|
125
|
+
// If the environment variable AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
|
|
126
|
+
// is set then drivers MUST assume that it was set by an AWS ECS agent
|
|
127
|
+
if (process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI) {
|
|
128
|
+
return await (0, utils_1.request)(`${AWS_RELATIVE_URI}${process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI}`);
|
|
129
|
+
}
|
|
130
|
+
// Otherwise assume we are on an EC2 instance
|
|
131
|
+
// get a token
|
|
132
|
+
const token = await (0, utils_1.request)(`${AWS_EC2_URI}/latest/api/token`, {
|
|
133
|
+
method: 'PUT',
|
|
134
|
+
json: false,
|
|
135
|
+
headers: { 'X-aws-ec2-metadata-token-ttl-seconds': 30 }
|
|
136
|
+
});
|
|
137
|
+
// get role name
|
|
138
|
+
const roleName = await (0, utils_1.request)(`${AWS_EC2_URI}/${AWS_EC2_PATH}`, {
|
|
139
|
+
json: false,
|
|
140
|
+
headers: { 'X-aws-ec2-metadata-token': token }
|
|
141
|
+
});
|
|
142
|
+
// get temp credentials
|
|
143
|
+
const creds = await (0, utils_1.request)(`${AWS_EC2_URI}/${AWS_EC2_PATH}/${roleName}`, {
|
|
144
|
+
headers: { 'X-aws-ec2-metadata-token': token }
|
|
145
|
+
});
|
|
146
|
+
return creds;
|
|
147
|
+
}
|
|
148
|
+
}
|
|
149
|
+
exports.LegacyAWSTemporaryCredentialProvider = LegacyAWSTemporaryCredentialProvider;
|
|
102
150
|
//# sourceMappingURL=aws_temporary_credentials.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"aws_temporary_credentials.js","sourceRoot":"","sources":["../../../src/cmap/auth/aws_temporary_credentials.ts"],"names":[],"mappings":";;;AAAA,qCAA2E;AAC3E,uCAA4C;
|
|
1
|
+
{"version":3,"file":"aws_temporary_credentials.js","sourceRoot":"","sources":["../../../src/cmap/auth/aws_temporary_credentials.ts"],"names":[],"mappings":";;;AAAA,qCAA2E;AAC3E,uCAA4C;AAC5C,uCAAsC;AAEtC,MAAM,gBAAgB,GAAG,sBAAsB,CAAC;AAChD,MAAM,WAAW,GAAG,wBAAwB,CAAC;AAC7C,MAAM,YAAY,GAAG,4CAA4C,CAAC;AAoBlE;;;;GAIG;AACH,MAAsB,8BAA8B;IAGxC,MAAM,KAAK,MAAM;QACzB,8BAA8B,CAAC,OAAO,KAAK,IAAA,+BAAwB,GAAE,CAAC;QACtE,OAAO,8BAA8B,CAAC,OAAO,CAAC;IAChD,CAAC;IAED,MAAM,KAAK,iBAAiB;QAC1B,OAAO,CAAC,CAAC,cAAc,IAAI,8BAA8B,CAAC,MAAM,CAAC,CAAC;IACpE,CAAC;CACF;AAXD,wEAWC;AAED,gBAAgB;AAChB,MAAa,wBAAyB,SAAQ,8BAA8B;IAG1E;;;OAGG;IACH,YAAY,mBAA2C;QACrD,KAAK,EAAE,CAAC;QAER,IAAI,mBAAmB,EAAE,CAAC;YACxB,IAAI,CAAC,SAAS,GAAG,mBAAmB,CAAC;QACvC,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,IAAY,QAAQ;QAClB,IAAI,cAAc,IAAI,8BAA8B,CAAC,MAAM,EAAE,CAAC;YAC5D,MAAM,8BAA8B,CAAC,MAAM,CAAC,YAAY,CAAC;QAC3D,CAAC;QACD,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,OAAO,IAAI,CAAC,SAAS,CAAC;QACxB,CAAC;QACD,IAAI,EAAE,0BAA0B,GAAG,EAAE,EAAE,UAAU,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC;QACvE,0BAA0B,GAAG,0BAA0B,CAAC,WAAW,EAAE,CAAC;QACtE,UAAU,GAAG,UAAU,CAAC,WAAW,EAAE,CAAC;QAEtC,6IAA6I;QAC7I,MAAM,sBAAsB,GAC1B,UAAU,CAAC,MAAM,KAAK,CAAC,IAAI,0BAA0B,CAAC,MAAM,KAAK,CAAC,CAAC;QAErE;;;WAGG;QACH,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC;YAC7B,gBAAgB;YAChB,YAAY;YACZ,gBAAgB;YAChB,gBAAgB;YAChB,YAAY;YACZ,cAAc;YACd,cAAc;YACd,YAAY;YACZ,WAAW;YACX,WAAW;YACX,WAAW;YACX,WAAW;YACX,WAAW;YACX,WAAW;YACX,WAAW;YACX,WAAW;SACZ,CAAC,CAAC;QACH;;;;;;WAMG;QACH,MAAM,cAAc,GAClB,0BAA0B,KAAK,UAAU;YACzC,CAAC,0BAA0B,KAAK,QAAQ,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;QAE/E,IAAI,CAAC,SAAS;YACZ,sBAAsB,IAAI,cAAc;gBACtC,CAAC,CAAC,8BAA8B,CAAC,MAAM,CAAC,qBAAqB,CAAC;oBAC1D,YAAY,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE;iBACrC,CAAC;gBACJ,CAAC,CAAC,8BAA8B,CAAC,MAAM,CAAC,qBAAqB,EAAE,CAAC;QAEpE,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAEQ,KAAK,CAAC,cAAc;QAC3B;;;;;;;;;WASG;QACH,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;YACpC,OAAO;gBACL,WAAW,EAAE,KAAK,CAAC,WAAW;gBAC9B,eAAe,EAAE,KAAK,CAAC,eAAe;gBACtC,KAAK,EAAE,KAAK,CAAC,YAAY;gBACzB,UAAU,EAAE,KAAK,CAAC,UAAU;aAC7B,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,qBAAa,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;CACF;AApGD,4DAoGC;AAED;;;;GAIG;AACH,MAAa,oCAAqC,SAAQ,8BAA8B;IAC7E,KAAK,CAAC,cAAc;QAC3B,qEAAqE;QACrE,sEAAsE;QACtE,IAAI,OAAO,CAAC,GAAG,CAAC,sCAAsC,EAAE,CAAC;YACvD,OAAO,MAAM,IAAA,eAAO,EAClB,GAAG,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,sCAAsC,EAAE,CAC3E,CAAC;QACJ,CAAC;QAED,6CAA6C;QAE7C,cAAc;QACd,MAAM,KAAK,GAAG,MAAM,IAAA,eAAO,EAAC,GAAG,WAAW,mBAAmB,EAAE;YAC7D,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,KAAK;YACX,OAAO,EAAE,EAAE,sCAAsC,EAAE,EAAE,EAAE;SACxD,CAAC,CAAC;QAEH,gBAAgB;QAChB,MAAM,QAAQ,GAAG,MAAM,IAAA,eAAO,EAAC,GAAG,WAAW,IAAI,YAAY,EAAE,EAAE;YAC/D,IAAI,EAAE,KAAK;YACX,OAAO,EAAE,EAAE,0BAA0B,EAAE,KAAK,EAAE;SAC/C,CAAC,CAAC;QAEH,uBAAuB;QACvB,MAAM,KAAK,GAAG,MAAM,IAAA,eAAO,EAAC,GAAG,WAAW,IAAI,YAAY,IAAI,QAAQ,EAAE,EAAE;YACxE,OAAO,EAAE,EAAE,0BAA0B,EAAE,KAAK,EAAE;SAC/C,CAAC,CAAC;QAEH,OAAO,KAAK,CAAC;IACf,CAAC;CACF;AAhCD,oFAgCC"}
|
|
@@ -20,7 +20,10 @@ const bsonOptions = {
|
|
|
20
20
|
class MongoDBAWS extends auth_provider_1.AuthProvider {
|
|
21
21
|
constructor(credentialProvider) {
|
|
22
22
|
super();
|
|
23
|
-
this.
|
|
23
|
+
this.credentialProvider = credentialProvider;
|
|
24
|
+
this.credentialFetcher = aws_temporary_credentials_1.AWSTemporaryCredentialProvider.isAWSSDKInstalled
|
|
25
|
+
? new aws_temporary_credentials_1.AWSSDKCredentialProvider(credentialProvider)
|
|
26
|
+
: new aws_temporary_credentials_1.LegacyAWSTemporaryCredentialProvider();
|
|
24
27
|
}
|
|
25
28
|
async auth(authContext) {
|
|
26
29
|
const { connection } = authContext;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mongodb_aws.js","sourceRoot":"","sources":["../../../src/cmap/auth/mongodb_aws.ts"],"names":[],"mappings":";;;AACA,mCAAmC;AACnC,qCAAkC;AAClC,uCAIqB;AACrB,uCAAyE;AACzE,mDAAiE;AACjE,
|
|
1
|
+
{"version":3,"file":"mongodb_aws.js","sourceRoot":"","sources":["../../../src/cmap/auth/mongodb_aws.ts"],"names":[],"mappings":";;;AACA,mCAAmC;AACnC,qCAAkC;AAClC,uCAIqB;AACrB,uCAAyE;AACzE,mDAAiE;AACjE,2EAMqC;AACrC,2DAAuD;AACvD,2CAA4C;AAE5C,MAAM,OAAO,GAAG,GAAG,CAAC;AACpB,MAAM,WAAW,GAAyB;IACxC,WAAW,EAAE,KAAK;IAClB,YAAY,EAAE,IAAI;IAClB,aAAa,EAAE,IAAI;IACnB,cAAc,EAAE,KAAK;IACrB,UAAU,EAAE,KAAK;CAClB,CAAC;AAQF,MAAa,UAAW,SAAQ,4BAAY;IAI1C,YAAY,kBAA0C;QACpD,KAAK,EAAE,CAAC;QAER,IAAI,CAAC,kBAAkB,GAAG,kBAAkB,CAAC;QAC7C,IAAI,CAAC,iBAAiB,GAAG,0DAA8B,CAAC,iBAAiB;YACvE,CAAC,CAAC,IAAI,oDAAwB,CAAC,kBAAkB,CAAC;YAClD,CAAC,CAAC,IAAI,gEAAoC,EAAE,CAAC;IACjD,CAAC;IAEQ,KAAK,CAAC,IAAI,CAAC,WAAwB;QAC1C,MAAM,EAAE,UAAU,EAAE,GAAG,WAAW,CAAC;QACnC,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC;YAC7B,MAAM,IAAI,oCAA4B,CAAC,uCAAuC,CAAC,CAAC;QAClF,CAAC;QAED,IAAI,cAAc,IAAI,WAAI,EAAE,CAAC;YAC3B,MAAM,WAAI,CAAC,cAAc,CAAC,CAAC;QAC7B,CAAC;QACD,MAAM,EAAE,IAAI,EAAE,GAAG,WAAI,CAAC;QAEtB,IAAI,IAAA,sBAAc,EAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACnC,MAAM,IAAI,+BAAuB,CAC/B,kEAAkE,CACnE,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC;YACtC,WAAW,CAAC,WAAW,GAAG,MAAM,mBAAmB,CACjD,WAAW,CAAC,WAAW,EACvB,IAAI,CAAC,iBAAiB,CACvB,CAAC;QACJ,CAAC;QAED,MAAM,EAAE,WAAW,EAAE,GAAG,WAAW,CAAC;QAEpC,MAAM,WAAW,GAAG,WAAW,CAAC,QAAQ,CAAC;QACzC,MAAM,eAAe,GAAG,WAAW,CAAC,QAAQ,CAAC;QAC7C,gGAAgG;QAChG,MAAM,YAAY,GAAG,WAAW,CAAC,mBAAmB,CAAC,iBAAiB,CAAC;QAEvE,kGAAkG;QAClG,MAAM,cAAc,GAClB,WAAW,IAAI,eAAe,IAAI,YAAY;YAC5C,CAAC,CAAC,EAAE,WAAW,EAAE,eAAe,EAAE,YAAY,EAAE;YAChD,CAAC,CAAC,WAAW,IAAI,eAAe;gBAC9B,CAAC,CAAC,EAAE,WAAW,EAAE,eAAe,EAAE;gBAClC,CAAC,CAAC,SAAS,CAAC;QAElB,MAAM,EAAE,GAAG,WAAW,CAAC,MAAM,CAAC;QAC9B,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAW,EAAC,EAAE,CAAC,CAAC;QAEpC,4EAA4E;QAC5E,sDAAsD;QACtD,MAAM,SAAS,GAAG;YAChB,SAAS,EAAE,CAAC;YACZ,SAAS,EAAE,aAAa;YACxB,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,EAAE,WAAW,CAAC;SAC/D,CAAC;QAEF,MAAM,iBAAiB,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC,IAAA,UAAE,EAAC,GAAG,EAAE,OAAO,CAAC,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;QAE3F,MAAM,cAAc,GAAG,IAAI,CAAC,WAAW,CAAC,iBAAiB,CAAC,OAAO,CAAC,MAAM,EAAE,WAAW,CAGpF,CAAC;QACF,MAAM,IAAI,GAAG,cAAc,CAAC,CAAC,CAAC;QAC9B,MAAM,WAAW,GAAG,cAAc,CAAC,CAAC,CAAC,MAAM,CAAC;QAC5C,IAAI,WAAW,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;YAC9B,kBAAkB;YAClB,MAAM,IAAI,yBAAiB,CAAC,+BAA+B,WAAW,CAAC,MAAM,eAAe,CAAC,CAAC;QAChG,CAAC;QAED,IAAI,CAAC,iBAAS,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,EAAE,KAAK,CAAC,UAAU,CAAC,EAAE,KAAK,CAAC,EAAE,CAAC;YACxE,0FAA0F;YAC1F,2FAA2F;YAE3F,kBAAkB;YAClB,MAAM,IAAI,yBAAiB,CAAC,+CAA+C,CAAC,CAAC;QAC/E,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,IAAI,CAAC,MAAM,GAAG,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YACtE,kBAAkB;YAClB,MAAM,IAAI,yBAAiB,CAAC,qCAAqC,IAAI,GAAG,CAAC,CAAC;QAC5E,CAAC;QAED,MAAM,IAAI,GAAG,6CAA6C,CAAC;QAC3D,MAAM,OAAO,GAAG,IAAI,CAClB;YACE,MAAM,EAAE,MAAM;YACd,IAAI;YACJ,MAAM,EAAE,YAAY,CAAC,cAAc,CAAC,CAAC,CAAC;YACtC,OAAO,EAAE,KAAK;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;gBACnD,gBAAgB,EAAE,IAAI,CAAC,MAAM;gBAC7B,wBAAwB,EAAE,iBAAS,CAAC,QAAQ,CAAC,WAAW,CAAC;gBACzD,uBAAuB,EAAE,GAAG;aAC7B;YACD,IAAI,EAAE,GAAG;YACT,IAAI;SACL,EACD,cAAc,CACf,CAAC;QAEF,MAAM,OAAO,GAA2B;YACtC,CAAC,EAAE,OAAO,CAAC,OAAO,CAAC,aAAa;YAChC,CAAC,EAAE,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC;SACjC,CAAC;QAEF,IAAI,YAAY,EAAE,CAAC;YACjB,OAAO,CAAC,CAAC,GAAG,YAAY,CAAC;QAC3B,CAAC;QAED,MAAM,YAAY,GAAG;YACnB,YAAY,EAAE,CAAC;YACf,cAAc,EAAE,iBAAiB,CAAC,cAAc;YAChD,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,WAAW,CAAC;SAC9C,CAAC;QAEF,MAAM,UAAU,CAAC,OAAO,CAAC,IAAA,UAAE,EAAC,GAAG,EAAE,OAAO,CAAC,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC;IACtE,CAAC;CACF;AA7HD,gCA6HC;AAED,KAAK,UAAU,mBAAmB,CAChC,WAA6B,EAC7B,oBAAoD;IAEpD,SAAS,+BAA+B,CAAC,KAAyB;QAChE,6DAA6D;QAC7D,IAAI,CAAC,KAAK,CAAC,WAAW,IAAI,CAAC,KAAK,CAAC,eAAe,EAAE,CAAC;YACjD,MAAM,IAAI,oCAA4B,CAAC,oDAAoD,CAAC,CAAC;QAC/F,CAAC;QAED,OAAO,IAAI,oCAAgB,CAAC;YAC1B,QAAQ,EAAE,KAAK,CAAC,WAAW;YAC3B,QAAQ,EAAE,KAAK,CAAC,eAAe;YAC/B,MAAM,EAAE,WAAW,CAAC,MAAM;YAC1B,SAAS,EAAE,yBAAa,CAAC,WAAW;YACpC,mBAAmB,EAAE;gBACnB,iBAAiB,EAAE,KAAK,CAAC,KAAK;aAC/B;SACF,CAAC,CAAC;IACL,CAAC;IACD,MAAM,oBAAoB,GAAG,MAAM,oBAAoB,CAAC,cAAc,EAAE,CAAC;IAEzE,OAAO,+BAA+B,CAAC,oBAAoB,CAAC,CAAC;AAC/D,CAAC;AAED,SAAS,YAAY,CAAC,IAAY;IAChC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC9B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,WAAW,EAAE,CAAC;QACnD,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "mongodb",
|
|
3
|
-
"version": "6.20.0
|
|
3
|
+
"version": "6.20.0",
|
|
4
4
|
"description": "The official MongoDB driver for Node.js",
|
|
5
5
|
"main": "lib/index.js",
|
|
6
6
|
"files": [
|
|
@@ -175,4 +175,4 @@
|
|
|
175
175
|
"moduleResolution": "node"
|
|
176
176
|
}
|
|
177
177
|
}
|
|
178
|
-
}
|
|
178
|
+
}
|
|
@@ -1,5 +1,10 @@
|
|
|
1
1
|
import { type AWSCredentials, getAwsCredentialProvider } from '../../deps';
|
|
2
2
|
import { MongoAWSError } from '../../error';
|
|
3
|
+
import { request } from '../../utils';
|
|
4
|
+
|
|
5
|
+
const AWS_RELATIVE_URI = 'http://169.254.170.2';
|
|
6
|
+
const AWS_EC2_URI = 'http://169.254.169.254';
|
|
7
|
+
const AWS_EC2_PATH = '/latest/meta-data/iam/security-credentials';
|
|
3
8
|
|
|
4
9
|
/**
|
|
5
10
|
* @internal
|
|
@@ -19,9 +24,26 @@ export interface AWSTempCredentials {
|
|
|
19
24
|
/** @public **/
|
|
20
25
|
export type AWSCredentialProvider = () => Promise<AWSCredentials>;
|
|
21
26
|
|
|
22
|
-
/**
|
|
23
|
-
|
|
27
|
+
/**
|
|
28
|
+
* @internal
|
|
29
|
+
*
|
|
30
|
+
* Fetches temporary AWS credentials.
|
|
31
|
+
*/
|
|
32
|
+
export abstract class AWSTemporaryCredentialProvider {
|
|
33
|
+
abstract getCredentials(): Promise<AWSTempCredentials>;
|
|
24
34
|
private static _awsSDK: ReturnType<typeof getAwsCredentialProvider>;
|
|
35
|
+
protected static get awsSDK() {
|
|
36
|
+
AWSTemporaryCredentialProvider._awsSDK ??= getAwsCredentialProvider();
|
|
37
|
+
return AWSTemporaryCredentialProvider._awsSDK;
|
|
38
|
+
}
|
|
39
|
+
|
|
40
|
+
static get isAWSSDKInstalled(): boolean {
|
|
41
|
+
return !('kModuleError' in AWSTemporaryCredentialProvider.awsSDK);
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
|
|
45
|
+
/** @internal */
|
|
46
|
+
export class AWSSDKCredentialProvider extends AWSTemporaryCredentialProvider {
|
|
25
47
|
private _provider?: AWSCredentialProvider;
|
|
26
48
|
|
|
27
49
|
/**
|
|
@@ -29,23 +51,20 @@ export class AWSSDKCredentialProvider {
|
|
|
29
51
|
* @param credentialsProvider - The credentials provider.
|
|
30
52
|
*/
|
|
31
53
|
constructor(credentialsProvider?: AWSCredentialProvider) {
|
|
54
|
+
super();
|
|
55
|
+
|
|
32
56
|
if (credentialsProvider) {
|
|
33
57
|
this._provider = credentialsProvider;
|
|
34
58
|
}
|
|
35
59
|
}
|
|
36
60
|
|
|
37
|
-
static get awsSDK() {
|
|
38
|
-
AWSSDKCredentialProvider._awsSDK ??= getAwsCredentialProvider();
|
|
39
|
-
return AWSSDKCredentialProvider._awsSDK;
|
|
40
|
-
}
|
|
41
|
-
|
|
42
61
|
/**
|
|
43
62
|
* The AWS SDK caches credentials automatically and handles refresh when the credentials have expired.
|
|
44
63
|
* To ensure this occurs, we need to cache the `provider` returned by the AWS sdk and re-use it when fetching credentials.
|
|
45
64
|
*/
|
|
46
65
|
private get provider(): () => Promise<AWSCredentials> {
|
|
47
|
-
if ('kModuleError' in
|
|
48
|
-
throw
|
|
66
|
+
if ('kModuleError' in AWSTemporaryCredentialProvider.awsSDK) {
|
|
67
|
+
throw AWSTemporaryCredentialProvider.awsSDK.kModuleError;
|
|
49
68
|
}
|
|
50
69
|
if (this._provider) {
|
|
51
70
|
return this._provider;
|
|
@@ -93,15 +112,15 @@ export class AWSSDKCredentialProvider {
|
|
|
93
112
|
|
|
94
113
|
this._provider =
|
|
95
114
|
awsRegionSettingsExist && useRegionalSts
|
|
96
|
-
?
|
|
115
|
+
? AWSTemporaryCredentialProvider.awsSDK.fromNodeProviderChain({
|
|
97
116
|
clientConfig: { region: AWS_REGION }
|
|
98
117
|
})
|
|
99
|
-
:
|
|
118
|
+
: AWSTemporaryCredentialProvider.awsSDK.fromNodeProviderChain();
|
|
100
119
|
|
|
101
120
|
return this._provider;
|
|
102
121
|
}
|
|
103
122
|
|
|
104
|
-
async getCredentials(): Promise<AWSTempCredentials> {
|
|
123
|
+
override async getCredentials(): Promise<AWSTempCredentials> {
|
|
105
124
|
/*
|
|
106
125
|
* Creates a credential provider that will attempt to find credentials from the
|
|
107
126
|
* following sources (listed in order of precedence):
|
|
@@ -125,3 +144,42 @@ export class AWSSDKCredentialProvider {
|
|
|
125
144
|
}
|
|
126
145
|
}
|
|
127
146
|
}
|
|
147
|
+
|
|
148
|
+
/**
|
|
149
|
+
* @internal
|
|
150
|
+
* Fetches credentials manually (without the AWS SDK), as outlined in the [Obtaining Credentials](https://github.com/mongodb/specifications/blob/master/source/auth/auth.md#obtaining-credentials)
|
|
151
|
+
* section of the Auth spec.
|
|
152
|
+
*/
|
|
153
|
+
export class LegacyAWSTemporaryCredentialProvider extends AWSTemporaryCredentialProvider {
|
|
154
|
+
override async getCredentials(): Promise<AWSTempCredentials> {
|
|
155
|
+
// If the environment variable AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
|
|
156
|
+
// is set then drivers MUST assume that it was set by an AWS ECS agent
|
|
157
|
+
if (process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI) {
|
|
158
|
+
return await request(
|
|
159
|
+
`${AWS_RELATIVE_URI}${process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI}`
|
|
160
|
+
);
|
|
161
|
+
}
|
|
162
|
+
|
|
163
|
+
// Otherwise assume we are on an EC2 instance
|
|
164
|
+
|
|
165
|
+
// get a token
|
|
166
|
+
const token = await request(`${AWS_EC2_URI}/latest/api/token`, {
|
|
167
|
+
method: 'PUT',
|
|
168
|
+
json: false,
|
|
169
|
+
headers: { 'X-aws-ec2-metadata-token-ttl-seconds': 30 }
|
|
170
|
+
});
|
|
171
|
+
|
|
172
|
+
// get role name
|
|
173
|
+
const roleName = await request(`${AWS_EC2_URI}/${AWS_EC2_PATH}`, {
|
|
174
|
+
json: false,
|
|
175
|
+
headers: { 'X-aws-ec2-metadata-token': token }
|
|
176
|
+
});
|
|
177
|
+
|
|
178
|
+
// get temp credentials
|
|
179
|
+
const creds = await request(`${AWS_EC2_URI}/${AWS_EC2_PATH}/${roleName}`, {
|
|
180
|
+
headers: { 'X-aws-ec2-metadata-token': token }
|
|
181
|
+
});
|
|
182
|
+
|
|
183
|
+
return creds;
|
|
184
|
+
}
|
|
185
|
+
}
|
|
@@ -11,7 +11,9 @@ import { type AuthContext, AuthProvider } from './auth_provider';
|
|
|
11
11
|
import {
|
|
12
12
|
type AWSCredentialProvider,
|
|
13
13
|
AWSSDKCredentialProvider,
|
|
14
|
-
type AWSTempCredentials
|
|
14
|
+
type AWSTempCredentials,
|
|
15
|
+
AWSTemporaryCredentialProvider,
|
|
16
|
+
LegacyAWSTemporaryCredentialProvider
|
|
15
17
|
} from './aws_temporary_credentials';
|
|
16
18
|
import { MongoCredentials } from './mongo_credentials';
|
|
17
19
|
import { AuthMechanism } from './providers';
|
|
@@ -32,11 +34,16 @@ interface AWSSaslContinuePayload {
|
|
|
32
34
|
}
|
|
33
35
|
|
|
34
36
|
export class MongoDBAWS extends AuthProvider {
|
|
35
|
-
private credentialFetcher:
|
|
37
|
+
private credentialFetcher: AWSTemporaryCredentialProvider;
|
|
38
|
+
private credentialProvider?: AWSCredentialProvider;
|
|
36
39
|
|
|
37
40
|
constructor(credentialProvider?: AWSCredentialProvider) {
|
|
38
41
|
super();
|
|
39
|
-
|
|
42
|
+
|
|
43
|
+
this.credentialProvider = credentialProvider;
|
|
44
|
+
this.credentialFetcher = AWSTemporaryCredentialProvider.isAWSSDKInstalled
|
|
45
|
+
? new AWSSDKCredentialProvider(credentialProvider)
|
|
46
|
+
: new LegacyAWSTemporaryCredentialProvider();
|
|
40
47
|
}
|
|
41
48
|
|
|
42
49
|
override async auth(authContext: AuthContext): Promise<void> {
|
|
@@ -155,7 +162,7 @@ export class MongoDBAWS extends AuthProvider {
|
|
|
155
162
|
|
|
156
163
|
async function makeTempCredentials(
|
|
157
164
|
credentials: MongoCredentials,
|
|
158
|
-
awsCredentialFetcher:
|
|
165
|
+
awsCredentialFetcher: AWSTemporaryCredentialProvider
|
|
159
166
|
): Promise<MongoCredentials> {
|
|
160
167
|
function makeMongoCredentialsFromAWSTemp(creds: AWSTempCredentials) {
|
|
161
168
|
// The AWS session token (creds.Token) may or may not be set.
|