fix: revert "feat(credential-provider-node): use dynamic import for credential providers (#5677)"

This reverts commit 7841411.

Author: kuhe

Diff for: Makefile

@@ -20,9 +20,6 @@ unlink-smithy:
 	rm ./node_modules/\@smithy
 	yarn --check-files
 
-copy-smithy:
-	node ./scripts/copy-smithy-dist-files
-
 # Runs build for all packages using Turborepo
 turbo-build:
 	(cd scripts/remote-cache && yarn)

Diff for: package.json

@@ -69,7 +69,7 @@
     "@tsconfig/recommended": "1.0.1",
     "@types/chai-as-promised": "^7.1.2",
     "@types/fs-extra": "^8.0.1",
-    "@types/jest": "29.5.11",
+    "@types/jest": "29.5.2",
     "@typescript-eslint/eslint-plugin": "5.55.0",
     "@typescript-eslint/parser": "5.55.0",
     "async": "3.2.4",
@@ -93,8 +93,8 @@
     "glob": "7.1.6",
     "husky": "^4.2.3",
     "jasmine-core": "^3.5.0",
-    "jest": "29.7.0",
-    "jest-environment-jsdom": "29.7.0",
+    "jest": "29.5.0",
+    "jest-environment-jsdom": "29.5.0",
     "jmespath": "^0.15.0",
     "json5": "^2.2.0",
     "karma": "6.4.0",
@@ -113,7 +113,7 @@
     "mocha": "10.0.0",
     "prettier": "2.8.5",
     "rimraf": "3.0.2",
-    "ts-jest": "29.1.1",
+    "ts-jest": "29.1.0",
     "ts-loader": "9.4.2",
     "ts-mocha": "10.0.0",
     "ts-node": "10.9.1",

Diff for: packages/credential-provider-node/src/defaultProvider.spec.ts

@@ -3,10 +3,10 @@ import { fromIni } from "@aws-sdk/credential-provider-ini";
 import { fromProcess } from "@aws-sdk/credential-provider-process";
 import { fromSSO } from "@aws-sdk/credential-provider-sso";
 import { fromTokenFile } from "@aws-sdk/credential-provider-web-identity";
-import { CredentialsProviderError } from "@smithy/property-provider";
+import { chain, CredentialsProviderError, memoize } from "@smithy/property-provider";
 import { ENV_PROFILE, loadSharedConfigFiles } from "@smithy/shared-ini-file-loader";
 
-import { credentialsTreatedAsExpired, credentialsWillNeedRefresh, defaultProvider } from "./defaultProvider";
+import { defaultProvider } from "./defaultProvider";
 import { remoteProvider } from "./remoteProvider";
 
 jest.mock("@aws-sdk/credential-provider-env");
@@ -15,6 +15,7 @@ jest.mock("@aws-sdk/credential-provider-ini");
 jest.mock("@aws-sdk/credential-provider-process");
 jest.mock("@aws-sdk/credential-provider-sso");
 jest.mock("@aws-sdk/credential-provider-web-identity");
+jest.mock("@smithy/property-provider");
 jest.mock("@smithy/shared-ini-file-loader");
 jest.mock("./remoteProvider");
 
@@ -24,24 +25,19 @@ describe(defaultProvider.name, () => {
     secretAccessKey: "mockSecretAccessKey",
   };
 
-  const credentials = () => {
-    throw new CredentialsProviderError("test", true);
-  };
-
-  const finalCredentials = () => {
-    return mockCreds;
-  };
-
   const mockInit = {
     profile: "mockProfile",
   };
 
-  const mockEnvFn = jest.fn().mockImplementation(() => credentials());
-  const mockSsoFn = jest.fn().mockImplementation(() => credentials());
-  const mockIniFn = jest.fn().mockImplementation(() => credentials());
-  const mockProcessFn = jest.fn().mockImplementation(() => credentials());
-  const mockTokenFileFn = jest.fn().mockImplementation(() => credentials());
-  const mockRemoteProviderFn = jest.fn().mockImplementation(() => finalCredentials());
+  const mockEnvFn = jest.fn();
+  const mockSsoFn = jest.fn();
+  const mockIniFn = jest.fn();
+  const mockProcessFn = jest.fn();
+  const mockTokenFileFn = jest.fn();
+  const mockRemoteProviderFn = jest.fn();
+
+  const mockChainFn = jest.fn();
+  const mockMemoizeFn = jest.fn().mockResolvedValue(mockCreds);
 
   beforeEach(() => {
     [
@@ -51,48 +47,51 @@ describe(defaultProvider.name, () => {
       [fromProcess, mockProcessFn],
       [fromTokenFile, mockTokenFileFn],
       [remoteProvider, mockRemoteProviderFn],
+      [chain, mockChainFn],
+      [memoize, mockMemoizeFn],
     ].forEach(([fromFn, mockFn]) => {
       (fromFn as jest.Mock).mockReturnValue(mockFn);
     });
   });
 
   afterEach(async () => {
+    const errorFnIndex = (chain as jest.Mock).mock.calls[0].length;
+    const errorFn = (chain as jest.Mock).mock.calls[0][errorFnIndex - 1];
+    const expectedError = new CredentialsProviderError("Could not load credentials from any providers", false);
+    try {
+      await errorFn();
+      fail(`expected ${expectedError}`);
+    } catch (error) {
+      expect(error.toString()).toStrictEqual(expectedError.toString());
+    }
+
+    expect(memoize).toHaveBeenCalledWith(mockChainFn, expect.any(Function), expect.any(Function));
+
     jest.clearAllMocks();
   });
 
   describe("without fromEnv", () => {
-    it("creates provider chain and memoizes it", async () => {
-      const provider = defaultProvider(mockInit);
-
-      // initial call proceeds through the chain.
-      {
-        const receivedCreds = await provider();
-        expect(receivedCreds).toEqual(mockCreds);
+    afterEach(() => {
+      expect(chain).toHaveBeenCalledWith(
+        mockSsoFn,
+        mockIniFn,
+        mockProcessFn,
+        mockTokenFileFn,
+        mockRemoteProviderFn,
+        expect.any(Function)
+      );
+    });
 
-        expect(fromEnv).not.toHaveBeenCalled();
-        expect(fromSSO).toHaveBeenCalledWith(mockInit);
-        expect(fromIni).toHaveBeenCalledWith(mockInit);
-        expect(fromProcess).toHaveBeenCalledWith(mockInit);
-        expect(fromTokenFile).toHaveBeenCalledWith(mockInit);
-        expect(remoteProvider).toHaveBeenCalledWith(mockInit);
+    it("creates provider chain and memoizes it", async () => {
+      const receivedCreds = await defaultProvider(mockInit)();
+      expect(receivedCreds).toStrictEqual(mockCreds);
 
-        expect(loadSharedConfigFiles).not.toHaveBeenCalled();
+      expect(fromEnv).not.toHaveBeenCalled();
+      for (const fromFn of [fromSSO, fromIni, fromProcess, fromTokenFile, remoteProvider]) {
+        expect(fromFn).toHaveBeenCalledWith(mockInit);
       }
 
-      jest.clearAllMocks();
-
-      // subsequent call does not enter the chain.
-      {
-        const receivedCreds = await provider();
-        expect(receivedCreds).toEqual(mockCreds);
-
-        expect(fromEnv).not.toHaveBeenCalled();
-        expect(fromSSO).not.toHaveBeenCalledWith(mockInit);
-        expect(fromIni).not.toHaveBeenCalledWith(mockInit);
-        expect(fromProcess).not.toHaveBeenCalledWith(mockInit);
-        expect(fromTokenFile).not.toHaveBeenCalledWith(mockInit);
-        expect(remoteProvider).not.toHaveBeenCalledWith(mockInit);
-      }
+      expect(loadSharedConfigFiles).not.toHaveBeenCalled();
     });
 
     it(`if env['${ENV_PROFILE}'] is set`, async () => {
@@ -124,42 +123,63 @@ describe(defaultProvider.name, () => {
     for (const fromFn of [fromSSO, fromIni, fromProcess, fromTokenFile, remoteProvider]) {
       expect(fromFn).toHaveBeenCalledWith(mockInitWithoutProfile);
     }
+
+    expect(chain).toHaveBeenCalledWith(
+      mockEnvFn,
+      mockSsoFn,
+      mockIniFn,
+      mockProcessFn,
+      mockTokenFileFn,
+      mockRemoteProviderFn,
+      expect.any(Function)
+    );
   });
 
-  describe(credentialsTreatedAsExpired.name, () => {
+  describe("memoize isExpired", () => {
     const mockDateNow = Date.now();
     beforeEach(async () => {
       jest.spyOn(Date, "now").mockReturnValueOnce(mockDateNow);
+      await defaultProvider(mockInit)();
     });
 
     it("returns true if expiration is defined, and creds have expired", () => {
+      const memoizeExpiredFn = (memoize as jest.Mock).mock.calls[0][1];
       const expiration = new Date(mockDateNow - 24 * 60 * 60 * 1000);
-      expect(credentialsTreatedAsExpired({ ...mockCreds, expiration })).toEqual(true);
+      expect(memoizeExpiredFn({ expiration })).toEqual(true);
     });
 
     it("returns true if expiration is defined, and creds expire in <5 mins", () => {
+      const memoizeExpiredFn = (memoize as jest.Mock).mock.calls[0][1];
       const expiration = new Date(mockDateNow + 299 * 1000);
-      expect(credentialsTreatedAsExpired({ ...mockCreds, expiration })).toEqual(true);
+      expect(memoizeExpiredFn({ expiration })).toEqual(true);
     });
 
     it("returns false if expiration is defined, but creds expire in >5 mins", () => {
+      const memoizeExpiredFn = (memoize as jest.Mock).mock.calls[0][1];
       const expiration = new Date(mockDateNow + 301 * 1000);
-      expect(credentialsTreatedAsExpired({ ...mockCreds, expiration })).toEqual(false);
+      expect(memoizeExpiredFn({ expiration })).toEqual(false);
     });
 
     it("returns false if expiration is not defined", () => {
-      expect(credentialsTreatedAsExpired({ ...mockCreds })).toEqual(false);
+      const memoizeExpiredFn = (memoize as jest.Mock).mock.calls[0][1];
+      expect(memoizeExpiredFn({})).toEqual(false);
     });
   });
 
-  describe(credentialsWillNeedRefresh.name, () => {
+  describe("memoize requiresRefresh", () => {
+    beforeEach(async () => {
+      await defaultProvider(mockInit)();
+    });
+
     it("returns true if expiration is not defined", () => {
-      const expiration = new Date();
-      expect(credentialsWillNeedRefresh({ ...mockCreds, expiration })).toEqual(true);
+      const memoizeRefreshFn = (memoize as jest.Mock).mock.calls[0][2];
+      const expiration = Date.now();
+      expect(memoizeRefreshFn({ expiration })).toEqual(true);
     });
 
     it("returns false if expiration is not defined", () => {
-      expect(credentialsWillNeedRefresh({ ...mockCreds })).toEqual(false);
+      const memoizeRefreshFn = (memoize as jest.Mock).mock.calls[0][2];
+      expect(memoizeRefreshFn({})).toEqual(false);
     });
   });
 });

Diff for: packages/credential-provider-node/src/defaultProvider.ts

@@ -1,8 +1,9 @@
-import type { FromIniInit } from "@aws-sdk/credential-provider-ini";
-import type { FromProcessInit } from "@aws-sdk/credential-provider-process";
-import type { FromSSOInit } from "@aws-sdk/credential-provider-sso";
-import type { FromTokenFileInit } from "@aws-sdk/credential-provider-web-identity";
-import type { RemoteProviderInit } from "@smithy/credential-provider-imds";
+import { fromEnv } from "@aws-sdk/credential-provider-env";
+import { fromIni, FromIniInit } from "@aws-sdk/credential-provider-ini";
+import { fromProcess, FromProcessInit } from "@aws-sdk/credential-provider-process";
+import { fromSSO, FromSSOInit } from "@aws-sdk/credential-provider-sso";
+import { fromTokenFile, FromTokenFileInit } from "@aws-sdk/credential-provider-web-identity";
+import { RemoteProviderInit } from "@smithy/credential-provider-imds";
 import { chain, CredentialsProviderError, memoize } from "@smithy/property-provider";
 import { ENV_PROFILE } from "@smithy/shared-ini-file-loader";
 import { AwsCredentialIdentity, MemoizedProvider } from "@smithy/types";
@@ -48,52 +49,16 @@ export type DefaultProviderInit = FromIniInit & RemoteProviderInit & FromProcess
 export const defaultProvider = (init: DefaultProviderInit = {}): MemoizedProvider<AwsCredentialIdentity> =>
   memoize(
     chain(
-      ...(init.profile || process.env[ENV_PROFILE]
-        ? []
-        : [
-            async () => {
-              const { fromEnv } = await import("@aws-sdk/credential-provider-env");
-              return fromEnv()();
-            },
-          ]),
-      async () => {
-        const { fromSSO } = await import("@aws-sdk/credential-provider-sso");
-        return fromSSO(init)();
-      },
-      async () => {
-        const { fromIni } = await import("@aws-sdk/credential-provider-ini");
-        return fromIni(init)();
-      },
-      async () => {
-        const { fromProcess } = await import("@aws-sdk/credential-provider-process");
-        return fromProcess(init)();
-      },
-      async () => {
-        const { fromTokenFile } = await import("@aws-sdk/credential-provider-web-identity");
-        return fromTokenFile(init)();
-      },
-      async () => {
-        return (await remoteProvider(init))();
-      },
+      ...(init.profile || process.env[ENV_PROFILE] ? [] : [fromEnv()]),
+      fromSSO(init),
+      fromIni(init),
+      fromProcess(init),
+      fromTokenFile(init),
+      remoteProvider(init),
       async () => {
         throw new CredentialsProviderError("Could not load credentials from any providers", false);
       }
     ),
-    credentialsTreatedAsExpired,
-    credentialsWillNeedRefresh
+    (credentials) => credentials.expiration !== undefined && credentials.expiration.getTime() - Date.now() < 300000,
+    (credentials) => credentials.expiration !== undefined
   );
-
-/**
- * @internal
- *
- * @returns credentials have expiration.
- */
-export const credentialsWillNeedRefresh = (credentials: AwsCredentialIdentity) => credentials?.expiration !== undefined;
-
-/**
- * @internal
- *
- * @returns credentials with less than 5 minutes left.
- */
-export const credentialsTreatedAsExpired = (credentials: AwsCredentialIdentity) =>
-  credentials?.expiration !== undefined && credentials.expiration.getTime() - Date.now() < 300000;

Diff for: packages/credential-provider-node/src/remoteProvider.spec.ts

@@ -42,7 +42,7 @@ describe(remoteProvider.name, () => {
     "returns fromContainerMetadata if env['%s'] is set",
     async (key) => {
       process.env[key] = "defined";
-      const receivedCreds = await (await remoteProvider(mockInit))();
+      const receivedCreds = await remoteProvider(mockInit)();
       expect(receivedCreds).toStrictEqual(mockCredsFromContainer);
       expect(fromContainerMetadata).toHaveBeenCalledWith(mockInit);
       expect(fromInstanceMetadata).not.toHaveBeenCalled();
@@ -53,9 +53,7 @@ describe(remoteProvider.name, () => {
     process.env[ENV_IMDS_DISABLED] = "1";
     const expectedError = new CredentialsProviderError("EC2 Instance Metadata Service access disabled");
     try {
-      await (
-        await remoteProvider(mockInit)
-      )();
+      await remoteProvider(mockInit)();
       fail(`expectedError ${expectedError}`);
     } catch (error) {
       expect(error).toStrictEqual(expectedError);
@@ -65,7 +63,7 @@ describe(remoteProvider.name, () => {
   });
 
   it("returns fromInstanceMetadata if environment variables are not set", async () => {
-    const receivedCreds = await (await remoteProvider(mockInit))();
+    const receivedCreds = await remoteProvider(mockInit)();
     expect(receivedCreds).toStrictEqual(mockSourceCredsFromInstanceMetadata);
     expect(fromInstanceMetadata).toHaveBeenCalledWith(mockInit);
     expect(fromContainerMetadata).not.toHaveBeenCalled();

Diff for: packages/credential-provider-node/src/remoteProvider.ts

@@ -1,17 +1,16 @@
-import type { RemoteProviderInit } from "@smithy/credential-provider-imds";
+import {
+  ENV_CMDS_FULL_URI,
+  ENV_CMDS_RELATIVE_URI,
+  fromContainerMetadata,
+  fromInstanceMetadata,
+  RemoteProviderInit,
+} from "@smithy/credential-provider-imds";
 import { CredentialsProviderError } from "@smithy/property-provider";
-import type { AwsCredentialIdentityProvider } from "@smithy/types";
+import { AwsCredentialIdentityProvider } from "@smithy/types";
 
 export const ENV_IMDS_DISABLED = "AWS_EC2_METADATA_DISABLED";
 
-/**
- * @internal
- */
-export const remoteProvider = async (init: RemoteProviderInit): Promise<AwsCredentialIdentityProvider> => {
-  const { ENV_CMDS_FULL_URI, ENV_CMDS_RELATIVE_URI, fromContainerMetadata, fromInstanceMetadata } = await import(
-    "@smithy/credential-provider-imds"
-  );
-
+export const remoteProvider = (init: RemoteProviderInit): AwsCredentialIdentityProvider => {
   if (process.env[ENV_CMDS_RELATIVE_URI] || process.env[ENV_CMDS_FULL_URI]) {
     return fromContainerMetadata(init);
   }

Diff for: packages/middleware-endpoint-discovery/src/middleware-endpoint-discovery.integ.spec.ts

@@ -1,12 +1,3 @@
-jest.mock("@aws-sdk/credential-provider-node", () => ({
-  defaultProvider: async () => {
-    return {
-      secretAccessKey: "integration-test",
-      accessKeyId: "integration-test",
-      sessionToken: "integration-test",
-    };
-  },
-}));
 import { TimestreamQuery } from "@aws-sdk/client-timestream-query";
 import { TimestreamWrite } from "@aws-sdk/client-timestream-write";
 import { EndpointCache } from "@aws-sdk/endpoint-cache";