mongodb - npm Package Compare versions
Comparing version 6.5.0-dev.20240323.sha.d94439f to 6.5.0-dev.20240326.sha.918fe69
| "use strict"; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| exports.MongoDBAWS = void 0; | ||
| const process = require("process"); | ||
| const BSON = require("../../bson"); | ||
@@ -10,30 +9,6 @@ const deps_1 = require("../../deps"); | ||
| const auth_provider_1 = require("./auth_provider"); | ||
| const aws_temporary_credentials_1 = require("./aws_temporary_credentials"); | ||
| const mongo_credentials_1 = require("./mongo_credentials"); | ||
| const providers_1 = require("./providers"); | ||
| /** | ||
| * The following regions use the global AWS STS endpoint, sts.amazonaws.com, by default | ||
| * https://docs.aws.amazon.com/sdkref/latest/guide/feature-sts-regionalized-endpoints.html | ||
| */ | ||
| const LEGACY_REGIONS = new Set([ | ||
| 'ap-northeast-1', | ||
| 'ap-south-1', | ||
| 'ap-southeast-1', | ||
| 'ap-southeast-2', | ||
| 'aws-global', | ||
| 'ca-central-1', | ||
| 'eu-central-1', | ||
| 'eu-north-1', | ||
| 'eu-west-1', | ||
| 'eu-west-2', | ||
| 'eu-west-3', | ||
| 'sa-east-1', | ||
| 'us-east-1', | ||
| 'us-east-2', | ||
| 'us-west-1', | ||
| 'us-west-2' | ||
| ]); | ||
| const ASCII_N = 110; | ||
| const AWS_RELATIVE_URI = 'http://169.254.170.2'; | ||
| const AWS_EC2_URI = 'http://169.254.169.254'; | ||
| const AWS_EC2_PATH = '/latest/meta-data/iam/security-credentials'; | ||
| const bsonOptions = { | ||
@@ -49,25 +24,5 @@ useBigInt64: false, | ||
| super(); | ||
| MongoDBAWS.credentialProvider ??= (0, deps_1.getAwsCredentialProvider)(); | ||
| let { AWS_STS_REGIONAL_ENDPOINTS = '', AWS_REGION = '' } = process.env; | ||
| AWS_STS_REGIONAL_ENDPOINTS = AWS_STS_REGIONAL_ENDPOINTS.toLowerCase(); | ||
| AWS_REGION = AWS_REGION.toLowerCase(); | ||
| /** The option setting should work only for users who have explicit settings in their environment, the driver should not encode "defaults" */ | ||
| const awsRegionSettingsExist = AWS_REGION.length !== 0 && AWS_STS_REGIONAL_ENDPOINTS.length !== 0; | ||
| /** | ||
| * If AWS_STS_REGIONAL_ENDPOINTS is set to regional, users are opting into the new behavior of respecting the region settings | ||
| * | ||
| * If AWS_STS_REGIONAL_ENDPOINTS is set to legacy, then "old" regions need to keep using the global setting. | ||
| * Technically the SDK gets this wrong, it reaches out to 'sts.us-east-1.amazonaws.com' when it should be 'sts.amazonaws.com'. | ||
| * That is not our bug to fix here. We leave that up to the SDK. | ||
| */ | ||
| const useRegionalSts = AWS_STS_REGIONAL_ENDPOINTS === 'regional' || | ||
| (AWS_STS_REGIONAL_ENDPOINTS === 'legacy' && !LEGACY_REGIONS.has(AWS_REGION)); | ||
| if ('fromNodeProviderChain' in MongoDBAWS.credentialProvider) { | ||
| this.provider = | ||
| awsRegionSettingsExist && useRegionalSts | ||
| ? MongoDBAWS.credentialProvider.fromNodeProviderChain({ | ||
| clientConfig: { region: AWS_REGION } | ||
| }) | ||
| : MongoDBAWS.credentialProvider.fromNodeProviderChain(); | ||
| } | ||
| this.credentialFetcher = aws_temporary_credentials_1.AWSTemporaryCredentialProvider.isAWSSDKInstalled | ||
| ? new aws_temporary_credentials_1.AWSSDKCredentialProvider() | ||
| : new aws_temporary_credentials_1.LegacyAWSTemporaryCredentialProvider(); | ||
| } | ||
@@ -87,3 +42,3 @@ async auth(authContext) { | ||
| if (!authContext.credentials.username) { | ||
| authContext.credentials = await makeTempCredentials(authContext.credentials, this.provider); | ||
| authContext.credentials = await makeTempCredentials(authContext.credentials, this.credentialFetcher); | ||
| } | ||
@@ -159,3 +114,3 @@ const { credentials } = authContext; | ||
| exports.MongoDBAWS = MongoDBAWS; | ||
| async function makeTempCredentials(credentials, provider) { | ||
| async function makeTempCredentials(credentials, awsCredentialFetcher) { | ||
| function makeMongoCredentialsFromAWSTemp(creds) { | ||
@@ -176,52 +131,4 @@ // The AWS session token (creds.Token) may or may not be set. | ||
| } | ||
| // Check if the AWS credential provider from the SDK is present. If not, | ||
| // use the old method. | ||
| if (provider && !('kModuleError' in MongoDBAWS.credentialProvider)) { | ||
| /* | ||
| * Creates a credential provider that will attempt to find credentials from the | ||
| * following sources (listed in order of precedence): | ||
| * | ||
| * - Environment variables exposed via process.env | ||
| * - SSO credentials from token cache | ||
| * - Web identity token credentials | ||
| * - Shared credentials and config ini files | ||
| * - The EC2/ECS Instance Metadata Service | ||
| */ | ||
| try { | ||
| const creds = await provider(); | ||
| return makeMongoCredentialsFromAWSTemp({ | ||
| AccessKeyId: creds.accessKeyId, | ||
| SecretAccessKey: creds.secretAccessKey, | ||
| Token: creds.sessionToken, | ||
| Expiration: creds.expiration | ||
| }); | ||
| } | ||
| catch (error) { | ||
| throw new error_1.MongoAWSError(error.message); | ||
| } | ||
| } | ||
| else { | ||
| // If the environment variable AWS_CONTAINER_CREDENTIALS_RELATIVE_URI | ||
| // is set then drivers MUST assume that it was set by an AWS ECS agent | ||
| if (process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI) { | ||
| return makeMongoCredentialsFromAWSTemp(await (0, utils_1.request)(`${AWS_RELATIVE_URI}${process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI}`)); | ||
| } | ||
| // Otherwise assume we are on an EC2 instance | ||
| // get a token | ||
| const token = await (0, utils_1.request)(`${AWS_EC2_URI}/latest/api/token`, { | ||
| method: 'PUT', | ||
| json: false, | ||
| headers: { 'X-aws-ec2-metadata-token-ttl-seconds': 30 } | ||
| }); | ||
| // get role name | ||
| const roleName = await (0, utils_1.request)(`${AWS_EC2_URI}/${AWS_EC2_PATH}`, { | ||
| json: false, | ||
| headers: { 'X-aws-ec2-metadata-token': token } | ||
| }); | ||
| // get temp credentials | ||
| const creds = await (0, utils_1.request)(`${AWS_EC2_URI}/${AWS_EC2_PATH}/${roleName}`, { | ||
| headers: { 'X-aws-ec2-metadata-token': token } | ||
| }); | ||
| return makeMongoCredentialsFromAWSTemp(creds); | ||
| } | ||
| const temporaryCredentials = await awsCredentialFetcher.getCredentials(); | ||
| return makeMongoCredentialsFromAWSTemp(temporaryCredentials); | ||
| } | ||
@@ -228,0 +135,0 @@ function deriveRegion(host) { |
@@ -454,4 +454,4 @@ "use strict"; | ||
| **/ | ||
| constructor(message) { | ||
| super(message); | ||
| constructor(message, options) { | ||
| super(message, options); | ||
| } | ||
@@ -458,0 +458,0 @@ get name() { |
| { | ||
| "name": "mongodb", | ||
| "version": "6.5.0-dev.20240323.sha.d94439f", | ||
| "version": "6.5.0-dev.20240326.sha.918fe69", | ||
| "description": "The official MongoDB driver for Node.js", | ||
@@ -5,0 +5,0 @@ "main": "lib/index.js", |
@@ -1,8 +0,5 @@ | ||
| import * as process from 'process'; | ||
| import type { Binary, BSONSerializeOptions } from '../../bson'; | ||
| import * as BSON from '../../bson'; | ||
| import { aws4, type AWSCredentials, getAwsCredentialProvider } from '../../deps'; | ||
| import { aws4 } from '../../deps'; | ||
| import { | ||
| MongoAWSError, | ||
| MongoCompatibilityError, | ||
@@ -12,33 +9,14 @@ MongoMissingCredentialsError, | ||
| } from '../../error'; | ||
| import { ByteUtils, maxWireVersion, ns, randomBytes, request } from '../../utils'; | ||
| import { ByteUtils, maxWireVersion, ns, randomBytes } from '../../utils'; | ||
| import { type AuthContext, AuthProvider } from './auth_provider'; | ||
| import { | ||
| AWSSDKCredentialProvider, | ||
| type AWSTempCredentials, | ||
| AWSTemporaryCredentialProvider, | ||
| LegacyAWSTemporaryCredentialProvider | ||
| } from './aws_temporary_credentials'; | ||
| import { MongoCredentials } from './mongo_credentials'; | ||
| import { AuthMechanism } from './providers'; | ||
| /** | ||
| * The following regions use the global AWS STS endpoint, sts.amazonaws.com, by default | ||
| * https://docs.aws.amazon.com/sdkref/latest/guide/feature-sts-regionalized-endpoints.html | ||
| */ | ||
| const LEGACY_REGIONS = new Set([ | ||
| 'ap-northeast-1', | ||
| 'ap-south-1', | ||
| 'ap-southeast-1', | ||
| 'ap-southeast-2', | ||
| 'aws-global', | ||
| 'ca-central-1', | ||
| 'eu-central-1', | ||
| 'eu-north-1', | ||
| 'eu-west-1', | ||
| 'eu-west-2', | ||
| 'eu-west-3', | ||
| 'sa-east-1', | ||
| 'us-east-1', | ||
| 'us-east-2', | ||
| 'us-west-1', | ||
| 'us-west-2' | ||
| ]); | ||
| const ASCII_N = 110; | ||
| const AWS_RELATIVE_URI = 'http://169.254.170.2'; | ||
| const AWS_EC2_URI = 'http://169.254.169.254'; | ||
| const AWS_EC2_PATH = '/latest/meta-data/iam/security-credentials'; | ||
| const bsonOptions: BSONSerializeOptions = { | ||
@@ -59,36 +37,9 @@ useBigInt64: false, | ||
| export class MongoDBAWS extends AuthProvider { | ||
| static credentialProvider: ReturnType<typeof getAwsCredentialProvider>; | ||
| provider?: () => Promise<AWSCredentials>; | ||
| private credentialFetcher: AWSTemporaryCredentialProvider; | ||
| constructor() { | ||
| super(); | ||
| MongoDBAWS.credentialProvider ??= getAwsCredentialProvider(); | ||
| let { AWS_STS_REGIONAL_ENDPOINTS = '', AWS_REGION = '' } = process.env; | ||
| AWS_STS_REGIONAL_ENDPOINTS = AWS_STS_REGIONAL_ENDPOINTS.toLowerCase(); | ||
| AWS_REGION = AWS_REGION.toLowerCase(); | ||
| /** The option setting should work only for users who have explicit settings in their environment, the driver should not encode "defaults" */ | ||
| const awsRegionSettingsExist = | ||
| AWS_REGION.length !== 0 && AWS_STS_REGIONAL_ENDPOINTS.length !== 0; | ||
| /** | ||
| * If AWS_STS_REGIONAL_ENDPOINTS is set to regional, users are opting into the new behavior of respecting the region settings | ||
| * | ||
| * If AWS_STS_REGIONAL_ENDPOINTS is set to legacy, then "old" regions need to keep using the global setting. | ||
| * Technically the SDK gets this wrong, it reaches out to 'sts.us-east-1.amazonaws.com' when it should be 'sts.amazonaws.com'. | ||
| * That is not our bug to fix here. We leave that up to the SDK. | ||
| */ | ||
| const useRegionalSts = | ||
| AWS_STS_REGIONAL_ENDPOINTS === 'regional' || | ||
| (AWS_STS_REGIONAL_ENDPOINTS === 'legacy' && !LEGACY_REGIONS.has(AWS_REGION)); | ||
| if ('fromNodeProviderChain' in MongoDBAWS.credentialProvider) { | ||
| this.provider = | ||
| awsRegionSettingsExist && useRegionalSts | ||
| ? MongoDBAWS.credentialProvider.fromNodeProviderChain({ | ||
| clientConfig: { region: AWS_REGION } | ||
| }) | ||
| : MongoDBAWS.credentialProvider.fromNodeProviderChain(); | ||
| } | ||
| this.credentialFetcher = AWSTemporaryCredentialProvider.isAWSSDKInstalled | ||
| ? new AWSSDKCredentialProvider() | ||
| : new LegacyAWSTemporaryCredentialProvider(); | ||
| } | ||
@@ -114,3 +65,6 @@ | ||
| if (!authContext.credentials.username) { | ||
| authContext.credentials = await makeTempCredentials(authContext.credentials, this.provider); | ||
| authContext.credentials = await makeTempCredentials( | ||
| authContext.credentials, | ||
| this.credentialFetcher | ||
| ); | ||
| } | ||
@@ -208,13 +162,5 @@ | ||
| interface AWSTempCredentials { | ||
| AccessKeyId?: string; | ||
| SecretAccessKey?: string; | ||
| Token?: string; | ||
| RoleArn?: string; | ||
| Expiration?: Date; | ||
| } | ||
| async function makeTempCredentials( | ||
| credentials: MongoCredentials, | ||
| provider?: () => Promise<AWSCredentials> | ||
| awsCredentialFetcher: AWSTemporaryCredentialProvider | ||
| ): Promise<MongoCredentials> { | ||
@@ -237,58 +183,5 @@ function makeMongoCredentialsFromAWSTemp(creds: AWSTempCredentials) { | ||
| } | ||
| const temporaryCredentials = await awsCredentialFetcher.getCredentials(); | ||
| // Check if the AWS credential provider from the SDK is present. If not, | ||
| // use the old method. | ||
| if (provider && !('kModuleError' in MongoDBAWS.credentialProvider)) { | ||
| /* | ||
| * Creates a credential provider that will attempt to find credentials from the | ||
| * following sources (listed in order of precedence): | ||
| * | ||
| * - Environment variables exposed via process.env | ||
| * - SSO credentials from token cache | ||
| * - Web identity token credentials | ||
| * - Shared credentials and config ini files | ||
| * - The EC2/ECS Instance Metadata Service | ||
| */ | ||
| try { | ||
| const creds = await provider(); | ||
| return makeMongoCredentialsFromAWSTemp({ | ||
| AccessKeyId: creds.accessKeyId, | ||
| SecretAccessKey: creds.secretAccessKey, | ||
| Token: creds.sessionToken, | ||
| Expiration: creds.expiration | ||
| }); | ||
| } catch (error) { | ||
| throw new MongoAWSError(error.message); | ||
| } | ||
| } else { | ||
| // If the environment variable AWS_CONTAINER_CREDENTIALS_RELATIVE_URI | ||
| // is set then drivers MUST assume that it was set by an AWS ECS agent | ||
| if (process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI) { | ||
| return makeMongoCredentialsFromAWSTemp( | ||
| await request(`${AWS_RELATIVE_URI}${process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI}`) | ||
| ); | ||
| } | ||
| // Otherwise assume we are on an EC2 instance | ||
| // get a token | ||
| const token = await request(`${AWS_EC2_URI}/latest/api/token`, { | ||
| method: 'PUT', | ||
| json: false, | ||
| headers: { 'X-aws-ec2-metadata-token-ttl-seconds': 30 } | ||
| }); | ||
| // get role name | ||
| const roleName = await request(`${AWS_EC2_URI}/${AWS_EC2_PATH}`, { | ||
| json: false, | ||
| headers: { 'X-aws-ec2-metadata-token': token } | ||
| }); | ||
| // get temp credentials | ||
| const creds = await request(`${AWS_EC2_URI}/${AWS_EC2_PATH}/${roleName}`, { | ||
| headers: { 'X-aws-ec2-metadata-token': token } | ||
| }); | ||
| return makeMongoCredentialsFromAWSTemp(creds); | ||
| } | ||
| return makeMongoCredentialsFromAWSTemp(temporaryCredentials); | ||
| } | ||
@@ -295,0 +188,0 @@ |
@@ -523,4 +523,4 @@ import type { Document } from './bson'; | ||
| **/ | ||
| constructor(message: string) { | ||
| super(message); | ||
| constructor(message: string, options?: { cause?: Error }) { | ||
| super(message, options); | ||
| } | ||
@@ -527,0 +527,0 @@ |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is too big to display
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.18%
2927017
- Number of package files
- increased by0.79%
381
- Lines of code
- increased by0.17%
60378
No dependency changes