@aws-cdk/cli-plugin-contract
Advanced tools
Contract between the CLI and authentication plugins, for the exchange of AWS credentials
As any piece of software that interacts with an AWS account, the CDK CLI needs AWS credentials for authentication and authorization. When it comes to choose which sources to get credentials from, it has the same behavior as the AWS CLI. But this basic behavior may result in some failure scenarios:
Since these failures may happen for valid use case reasons, the CDK CLI offers an alternative mechanism for users to provide AWS credentials: credential provider plugins.
This package defines the types and the contract between the CLI and the plugins, which plugin authors are expected to adhere to.
The entrypoint is communicated to the CLI via the --plugin command line
argument. The value of this argument should be a JavaScript file that, when
require'd, will return an instance of the Plugin interface.
Once the CLI gets an instance of a plugin, it first initializes plugin by
calling the Plugin.init() method, if one is defined. The CLI uses this method
to pass an instance of IPluginHost to the plugin. The
plugin, in turn, can use the repository to register one or more instances of
CredentialProviderSource, which is where the actual logic for providing
credentials is located.
If, in the authentication process, the CLI decides to use plugins, it will try
each credential provider source in the order in which they were registered. For
each source, the first thing the CLI will check is whether the source is ready
to interact at all, by calling the isAvailable()
method. If it is available, the next check is whether it can provide credentials
for the specific account the CLI is targeting at that moment. This is the
canProvideCredentials() method.
If both checks pass, the CLI asks the source for credentials by calling
getProvider(). In addition to the account ID, this method also receives the
Mode of operation, which can be ForReading or ForWriting. This information
may be useful to tailor the credentials for the use case. For example, if the
CLI needs the credentials only for reading, the plugin may return credentials
with more restricted permissions.
FAQs
Contract between the CLI and authentication plugins, for the exchange of AWS credentials
The npm package @aws-cdk/cli-plugin-contract receives a total of 34,431 weekly downloads. As such, @aws-cdk/cli-plugin-contract popularity was classified as popular.
We found that @aws-cdk/cli-plugin-contract demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The CNA Scorecard ranks CVE issuers by data completeness, revealing major gaps in patch info and software identifiers across thousands of vulnerabilities.
Research
/Security News
Two npm packages masquerading as WhatsApp developer libraries include a kill switch that deletes all files if the phone number isn’t whitelisted.
Research
/Security News
Socket uncovered 11 malicious Go packages using obfuscated loaders to fetch and execute second-stage payloads via C2 domains.
