Skip to content

Commit

Permalink
Sending DurationSeconds in assumeRole request in SharedIniFileCredent…
Browse files Browse the repository at this point in the history 
…ials (#2909)

* Sending DurationSeconds in assumeRole request in SharedIniFileCredentials

* Update changelog to feature

---------

Co-authored-by: Minh Nguyen <[email protected]>
  • Loading branch information
@soyelmnd
soyelmnd and Minh Nguyen authored Jul 5, 2023
1 parent 0b4dc9d commit dd0206f
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 0 deletions.
5 changes: 5 additions & 0 deletions .changes/next-release/feature-SharedIniFileCredentials-a7143a9b.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
{
"type": "feature",
"category": "SharedIniFileCredentials",
"description": "Make duration_seconds work for chained profiles"
}
2 changes: 2 additions & 0 deletions lib/credentials/shared_ini_file_credentials.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -192,6 +192,7 @@ AWS.SharedIniFileCredentials = AWS.util.inherit(AWS.Credentials, {
var externalId = roleProfile['external_id'];
var mfaSerial = roleProfile['mfa_serial'];
var sourceProfileName = roleProfile['source_profile'];
var durationSeconds = parseInt(roleProfile['duration_seconds'], 10) || undefined;

// From experimentation, the following behavior mimics the AWS CLI:
//
Expand Down Expand Up @@ -246,6 +247,7 @@ AWS.SharedIniFileCredentials = AWS.util.inherit(AWS.Credentials, {
});

var roleParams = {
DurationSeconds: durationSeconds,
RoleArn: roleArn,
RoleSessionName: roleSessionName || 'aws-sdk-js-' + Date.now()
};
Expand Down
15 changes: 15 additions & 0 deletions test/credentials.spec.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1308,6 +1308,21 @@ const exp = require('constants');
return done();
});
});
it('will use duration_seconds for assume role when provided', function(done) {
var creds, mock, assumeRoleSpy;
mock = '[default]\nrole_arn = arn\nsource_profile = foo_base\nduration_seconds = 7200\n'
+ '[foo_base]\naws_access_key_id = baseKey\naws_secret_access_key = baseSecret\n';
helpers.spyOn(AWS.util, 'readFileSync').andReturn(mock);
helpers.mockHttpResponse(200, {}, '<AssumeRoleResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">\n <AssumeRoleResult>\n <Credentials>\n <AccessKeyId>KEY</AccessKeyId>\n <SecretAccessKey>SECRET</SecretAccessKey>\n <SessionToken>TOKEN</SessionToken>\n <Expiration>1970-01-01T00:00:00.000Z</Expiration>\n </Credentials>\n </AssumeRoleResult>\n</AssumeRoleResponse>');
var STSPrototype = (new STS()).constructor.prototype;
creds = new AWS.SharedIniFileCredentials();
assumeRoleSpy = helpers.spyOn(STSPrototype, 'assumeRole').andCallThrough();
return creds.refresh(function(err) {
expect(assumeRoleSpy.calls.length).to.equal(1);
expect(assumeRoleSpy.calls[0].arguments[0].DurationSeconds).to.equal(7200);
return done();
});
});

describe('mfa serial callback', function() {

Expand Down

0 comments on commit dd0206f

Please sign in to comment.