mongodb - npm Package Compare versions

Comparing version 6.5.0-dev.20240404.sha.0e3d6ea to 6.5.0-dev.20240405.sha.ce55ca9

lib/client-side-encryption/providers/aws.js

 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.loadAWSCredentials = void 0;
-const deps_1 = require("../../deps");
+const aws_temporary_credentials_1 = require("../../cmap/auth/aws_temporary_credentials");
 /**
@@ -9,11 +9,14 @@ * @internal
 async function loadAWSCredentials(kmsProviders) {
-    const credentialProvider = (0, deps_1.getAwsCredentialProvider)();
-    if ('kModuleError' in credentialProvider) {
-        return kmsProviders;
-    }
-    const { fromNodeProviderChain } = credentialProvider;
-    const provider = fromNodeProviderChain();
-    // The state machine is the only place calling this so it will
-    // catch if there is a rejection here.
-    const aws = await provider();
+    const credentialProvider = new aws_temporary_credentials_1.AWSSDKCredentialProvider();
+    // We shouldn't ever receive a response from the AWS SDK that doesn't have a `SecretAccessKey`
+    // or `AccessKeyId`.  However, TS says these fields are optional.  We provide empty strings
+    // and let libmongocrypt error if we're unable to fetch the required keys.
+    const { SecretAccessKey = '', AccessKeyId = '', Token } = await credentialProvider.getCredentials();
+    const aws = {
+        secretAccessKey: SecretAccessKey,
+        accessKeyId: AccessKeyId
+    };
+    // the AWS session token is only required for temporary credentials so only attach it to the
+    // result if it's present in the response from the aws sdk
+    Token != null && (aws.sessionToken = Token);
     return { ...kmsProviders, aws };
@@ -20,0 +23,0 @@ }

package.json

 {
   "name": "mongodb",
-  "version": "6.5.0-dev.20240404.sha.0e3d6ea",
+  "version": "6.5.0-dev.20240405.sha.ce55ca9",
   "description": "The official MongoDB driver for Node.js",
@@ -5,0 +5,0 @@ "main": "lib/index.js",

src/client-side-encryption/providers/aws.ts

@@ -1,2 +0,2 @@
-import { getAwsCredentialProvider } from '../../deps';
+import { AWSSDKCredentialProvider } from '../../cmap/auth/aws_temporary_credentials';
 import { type KMSProviders } from '.';
@@ -8,14 +8,21 @@
 export async function loadAWSCredentials(kmsProviders: KMSProviders): Promise<KMSProviders> {
-  const credentialProvider = getAwsCredentialProvider();
+  const credentialProvider = new AWSSDKCredentialProvider();
 
-  if ('kModuleError' in credentialProvider) {
-    return kmsProviders;
-  }
+  // We shouldn't ever receive a response from the AWS SDK that doesn't have a `SecretAccessKey`
+  // or `AccessKeyId`.  However, TS says these fields are optional.  We provide empty strings
+  // and let libmongocrypt error if we're unable to fetch the required keys.
+  const {
+    SecretAccessKey = '',
+    AccessKeyId = '',
+    Token
+  } = await credentialProvider.getCredentials();
+  const aws: NonNullable<KMSProviders['aws']> = {
+    secretAccessKey: SecretAccessKey,
+    accessKeyId: AccessKeyId
+  };
+  // the AWS session token is only required for temporary credentials so only attach it to the
+  // result if it's present in the response from the aws sdk
+  Token != null && (aws.sessionToken = Token);
 
-  const { fromNodeProviderChain } = credentialProvider;
-  const provider = fromNodeProviderChain();
-  // The state machine is the only place calling this so it will
-  // catch if there is a rejection here.
-  const aws = await provider();
   return { ...kmsProviders, aws };
 }

src/sdam/common.ts

@@ -58,6 +58,12 @@ import { clearTimeout } from 'timers';
 
-/** @public */
+/**
+ * @public
+ * Gossiped in component for the cluster time tracking the state of user databases
+ * across the cluster. It may optionally include a signature identifying the process that
+ * generated such a value.
+ */
 export interface ClusterTime {
   clusterTime: Timestamp;
-  signature: {
+  /** Used to validate the identity of a request or response's ClusterTime. */
+  signature?: {
     hash: Binary;
@@ -64,0 +70,0 @@ keyId: Long;

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

2973705

increased by0.05%

Lines of code

61313

increased by0.04%

No dependency changes