All files / src/client-side-encryption/providers aws.ts

100% Statements 7/7
50% Branches 2/4
100% Functions 1/1
100% Lines 7/7

Press n or j to go to the next uncovered block, b, p or k for the previous block.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34147x                 147x       82x                 82x 78x           78x   78x    
import {
  type AWSCredentialProvider,
  AWSSDKCredentialProvider
} from '../../cmap/auth/aws_temporary_credentials';
import { type KMSProviders } from '.';
 
/**
 * @internal
 */
export async function loadAWSCredentials(
  kmsProviders: KMSProviders,
  provider?: AWSCredentialProvider
): Promise<KMSProviders> {
  const credentialProvider = new AWSSDKCredentialProvider(provider);
 
  // We shouldn't ever receive a response from the AWS SDK that doesn't have a `SecretAccessKey`
  // or `AccessKeyId`.  However, TS says these fields are optional.  We provide empty strings
  // and let libmongocrypt error if we're unable to fetch the required keys.
  const {
    SecretAccessKey = '',
    AccessKeyId = '',
    Token
  } = await credentialProvider.getCredentials();
  const aws: NonNullable<KMSProviders['aws']> = {
    secretAccessKey: SecretAccessKey,
    accessKeyId: AccessKeyId
  };
  // the AWS session token is only required for temporary credentials so only attach it to the
  // result if it's present in the response from the aws sdk
  Token != null && (aws.sessionToken = Token);
 
  return { ...kmsProviders, aws };
}