Skip to content

Commit

Permalink
feat(All AWS Nodes): Enable support for AWS temporary credentials (#2587
Browse files Browse the repository at this point in the history
)

* Enable support for AWS temporary credentials

* 🔨 removed toggle from ui added sessionToken to other aws services that using sign function from aws4 module

* Update sign method for other AWS nodes

* Remove the unneeded additional `temporaryCredentials` checkbox

* Update description for session token

* ⚡ added missing session token to credentials test

* Update sign method for DynamoDB

* 🔨 added back toggle for hiding session token, fixed linter errors

* ⚡ wording fix

Co-authored-by: Michael Kret <michael.k@radency.com>
  • Loading branch information
BasitAli and michael-radency authored Apr 22, 2022
1 parent 15e6d92 commit ce79e6b
Show file tree
Hide file tree
Showing 11 changed files with 90 additions and 18 deletions.
23 changes: 23 additions & 0 deletions packages/nodes-base/credentials/Aws.credentials.ts
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,29 @@ export class Aws implements ICredentialType {
password: true,
},
},
{
displayName: 'Temporary Security Credentials',
name: 'temporaryCredentials',
description: 'Support for temporary credentials from AWS STS',
type: 'boolean',
default: false,
},
{
displayName: 'Session Token',
name: 'sessionToken',
type: 'string',
displayOptions: {
show: {
temporaryCredentials: [
true,
],
},
},
default: '',
typeOptions: {
password: true,
},
},
{
displayName: 'Custom Endpoints',
name: 'customEndpoints',
Expand Down
7 changes: 6 additions & 1 deletion packages/nodes-base/nodes/Aws/Comprehend/GenericFunctions.ts
Original file line number Diff line number Diff line change
Expand Up @@ -46,8 +46,13 @@ export async function awsApiRequest(this: IHookFunctions | IExecuteFunctions | I

// Sign AWS API request with the user credentials
const signOpts = { headers: headers || {}, host: endpoint.host, method, path, body } as Request;
sign(signOpts, { accessKeyId: `${credentials.accessKeyId}`.trim(), secretAccessKey: `${credentials.secretAccessKey}`.trim() });
const securityHeaders = {
accessKeyId: `${credentials.accessKeyId}`.trim(),
secretAccessKey: `${credentials.secretAccessKey}`.trim(),
sessionToken: credentials.temporaryCredentials ? `${credentials.sessionToken}`.trim() : undefined,
};

sign(signOpts, securityHeaders);

const options: OptionsWithUri = {
headers: signOpts.headers,
Expand Down
11 changes: 6 additions & 5 deletions packages/nodes-base/nodes/Aws/DynamoDB/GenericFunctions.ts
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,11 @@ export async function awsApiRequest(this: IHookFunctions | IExecuteFunctions | I

// Concatenate path and instantiate URL object so it parses correctly query strings
const endpoint = new URL(getEndpointForService(service, credentials) + path);

const securityHeaders = {
accessKeyId: `${credentials.accessKeyId}`.trim(),
secretAccessKey: `${credentials.secretAccessKey}`.trim(),
sessionToken: credentials.temporaryCredentials ? `${credentials.sessionToken}`.trim() : undefined,
};
const options = sign({
// @ts-ignore
uri: endpoint,
Expand All @@ -50,10 +54,7 @@ export async function awsApiRequest(this: IHookFunctions | IExecuteFunctions | I
path: '/',
headers: { ...headers },
body: JSON.stringify(body),
}, {
accessKeyId: credentials.accessKeyId,
secretAccessKey: credentials.secretAccessKey,
});
}, securityHeaders);

try {
return JSON.parse(await this.helpers.request!(options));
Expand Down
7 changes: 6 additions & 1 deletion packages/nodes-base/nodes/Aws/GenericFunctions.ts
Original file line number Diff line number Diff line change
Expand Up @@ -36,8 +36,13 @@ export async function awsApiRequest(this: IHookFunctions | IExecuteFunctions | I

// Sign AWS API request with the user credentials
const signOpts = { headers: headers || {}, host: endpoint.host, method, path, body } as Request;
sign(signOpts, { accessKeyId: `${credentials.accessKeyId}`.trim(), secretAccessKey: `${credentials.secretAccessKey}`.trim() });
const securityHeaders = {
accessKeyId: `${credentials.accessKeyId}`.trim(),
secretAccessKey: `${credentials.secretAccessKey}`.trim(),
sessionToken: credentials.temporaryCredentials ? `${credentials.sessionToken}`.trim() : undefined,
};

sign(signOpts, securityHeaders);

const options: OptionsWithUri = {
headers: signOpts.headers,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -43,8 +43,13 @@ export async function awsApiRequest(this: IHookFunctions | IExecuteFunctions | I

// Sign AWS API request with the user credentials
const signOpts = {headers: headers || {}, host: endpoint.host, method, path, body} as Request;
const securityHeaders = {
accessKeyId: `${credentials.accessKeyId}`.trim(),
secretAccessKey: `${credentials.secretAccessKey}`.trim(),
sessionToken: credentials.temporaryCredentials ? `${credentials.sessionToken}`.trim() : undefined,
};

sign(signOpts, { accessKeyId: `${credentials.accessKeyId}`.trim(), secretAccessKey: `${credentials.secretAccessKey}`.trim()});
sign(signOpts, securityHeaders);

const options: OptionsWithUri = {
headers: signOpts.headers,
Expand Down
3 changes: 2 additions & 1 deletion packages/nodes-base/nodes/Aws/S3/AwsS3.node.ts
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ import {
INodeExecutionData,
INodeType,
INodeTypeDescription,
JsonObject,
NodeOperationError,
} from 'n8n-workflow';

Expand Down Expand Up @@ -632,7 +633,7 @@ export class AwsS3 implements INodeType {
}
} catch (error) {
if (this.continueOnFail()) {
returnData.push({ error: error.message });
returnData.push({ error: (error as JsonObject).message });
continue;
}
throw error;
Expand Down
12 changes: 8 additions & 4 deletions packages/nodes-base/nodes/Aws/S3/GenericFunctions.ts
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ import {
} from 'n8n-core';

import {
IDataObject, NodeApiError, NodeOperationError,
IDataObject, JsonObject, NodeApiError, NodeOperationError,
} from 'n8n-workflow';

export async function awsApiRequest(this: IHookFunctions | IExecuteFunctions | ILoadOptionsFunctions | IWebhookFunctions, service: string, method: string, path: string, body?: string | Buffer, query: IDataObject = {}, headers?: object, option: IDataObject = {}, region?: string): Promise<any> { // tslint:disable-line:no-any
Expand All @@ -37,9 +37,13 @@ export async function awsApiRequest(this: IHookFunctions | IExecuteFunctions | I

// Sign AWS API request with the user credentials
const signOpts = {headers: headers || {}, host: endpoint.host, method, path: `${endpoint.pathname}?${queryToString(query).replace(/\+/g, '%2B')}`, body} as Request;
const securityHeaders = {
accessKeyId: `${credentials.accessKeyId}`.trim(),
secretAccessKey: `${credentials.secretAccessKey}`.trim(),
sessionToken: credentials.temporaryCredentials ? `${credentials.sessionToken}`.trim() : undefined,
};


sign(signOpts, { accessKeyId: `${credentials.accessKeyId}`.trim(), secretAccessKey: `${credentials.secretAccessKey}`.trim()});
sign(signOpts, securityHeaders);

const options: OptionsWithUri = {
headers: signOpts.headers,
Expand All @@ -55,7 +59,7 @@ export async function awsApiRequest(this: IHookFunctions | IExecuteFunctions | I
try {
return await this.helpers.request!(options);
} catch (error) {
throw new NodeApiError(this.getNode(), error);
throw new NodeApiError(this.getNode(), (error as JsonObject));
}
}

Expand Down
8 changes: 7 additions & 1 deletion packages/nodes-base/nodes/Aws/SES/GenericFunctions.ts
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,13 @@ export async function awsApiRequest(this: IHookFunctions | IExecuteFunctions | I
// Sign AWS API request with the user credentials

const signOpts = { headers: headers || {}, host: endpoint.host, method, path, body } as Request;
sign(signOpts, { accessKeyId: `${credentials.accessKeyId}`.trim(), secretAccessKey: `${credentials.secretAccessKey}`.trim() });
const securityHeaders = {
accessKeyId: `${credentials.accessKeyId}`.trim(),
secretAccessKey: `${credentials.secretAccessKey}`.trim(),
sessionToken: credentials.temporaryCredentials ? `${credentials.sessionToken}`.trim() : undefined,
};

sign(signOpts, securityHeaders);

const options: OptionsWithUri = {
headers: signOpts.headers,
Expand Down
15 changes: 13 additions & 2 deletions packages/nodes-base/nodes/Aws/Textract/GenericFunctions.ts
Original file line number Diff line number Diff line change
Expand Up @@ -49,8 +49,13 @@ export async function awsApiRequest(this: IHookFunctions | IExecuteFunctions | I

// Sign AWS API request with the user credentials
const signOpts = { headers: headers || {}, host: endpoint.host, method, path, body } as Request;
sign(signOpts, { accessKeyId: `${credentials.accessKeyId}`.trim(), secretAccessKey: `${credentials.secretAccessKey}`.trim() });
const securityHeaders = {
accessKeyId: `${credentials.accessKeyId}`.trim(),
secretAccessKey: `${credentials.secretAccessKey}`.trim(),
sessionToken: credentials.temporaryCredentials ? `${credentials.sessionToken}`.trim() : undefined,
};

sign(signOpts, securityHeaders);

const options: OptionsWithUri = {
headers: signOpts.headers,
Expand Down Expand Up @@ -131,7 +136,13 @@ export async function validateCrendetials(this: ICredentialTestFunctions, decryp

// Sign AWS API request with the user credentials
const signOpts = { host: endpoint.host, method: 'POST', path: '?Action=GetCallerIdentity&Version=2011-06-15' } as Request;
sign(signOpts, { accessKeyId: `${credentials.accessKeyId}`.trim(), secretAccessKey: `${credentials.secretAccessKey}`.trim() });
const securityHeaders = {
accessKeyId: `${credentials.accessKeyId}`.trim(),
secretAccessKey: `${credentials.secretAccessKey}`.trim(),
sessionToken: credentials.temporaryCredentials ? `${credentials.sessionToken}`.trim() : undefined,
};

sign(signOpts, securityHeaders);

const options: OptionsWithUri = {
headers: signOpts.headers,
Expand Down
7 changes: 6 additions & 1 deletion packages/nodes-base/nodes/Aws/Transcribe/GenericFunctions.ts
Original file line number Diff line number Diff line change
Expand Up @@ -49,8 +49,13 @@ export async function awsApiRequest(this: IHookFunctions | IExecuteFunctions | I

// Sign AWS API request with the user credentials
const signOpts = { headers: headers || {}, host: endpoint.host, method, path, body } as Request;
sign(signOpts, { accessKeyId: `${credentials.accessKeyId}`.trim(), secretAccessKey: `${credentials.secretAccessKey}`.trim() });
const securityHeaders = {
accessKeyId: `${credentials.accessKeyId}`.trim(),
secretAccessKey: `${credentials.secretAccessKey}`.trim(),
sessionToken: credentials.temporaryCredentials ? `${credentials.sessionToken}`.trim() : undefined,
};

sign(signOpts, securityHeaders);

const options: OptionsWithUri = {
headers: signOpts.headers,
Expand Down
8 changes: 7 additions & 1 deletion packages/nodes-base/nodes/S3/GenericFunctions.ts
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,13 @@ export async function s3ApiRequest(this: IHookFunctions | IExecuteFunctions | IL
body,
} as Request;

sign(signOpts, { accessKeyId: `${credentials.accessKeyId}`.trim(), secretAccessKey: `${credentials.secretAccessKey}`.trim() });
const securityHeaders = {
accessKeyId: `${credentials.accessKeyId}`.trim(),
secretAccessKey: `${credentials.secretAccessKey}`.trim(),
sessionToken: credentials.temporaryCredentials ? `${credentials.sessionToken}`.trim() : undefined,
};

sign(signOpts, securityHeaders);

const options: OptionsWithUri = {
headers: signOpts.headers,
Expand Down

0 comments on commit ce79e6b

Please sign in to comment.