chore(token-providers): add provider to retrieve token from env var (#7097)

Co-authored-by: George Fu <[email protected]>

Author: trivikr

packages/core/src/submodules/httpAuthSchemes/index.ts

@@ -1 +1,2 @@
 export * from "./aws_sdk";
+export * from "./utils/getBearerTokenEnvKey";

packages/token-providers/README.md

@@ -27,6 +27,15 @@ import { fromSso } from "@aws-sdk/token-providers";
 const ssoToken = await fromSso();
 ```
 
+## Env Token Provider with Signing Name
+
+```ts
+import { fromEnvSigningName } from "@aws-sdk/token-providers";
+
+// returns token from environment, where token's key is based on signing name.
+const envSigningNameToken = await fromEnvSigningName({ signingName: "signing name" });
+```
+
 ## Token Provider Chain
 
 ```ts

packages/token-providers/package.json

@@ -27,6 +27,7 @@
   },
   "license": "Apache-2.0",
   "dependencies": {
+    "@aws-sdk/core": "*",
     "@aws-sdk/nested-clients": "*",
     "@aws-sdk/types": "*",
     "@smithy/property-provider": "^4.0.2",

packages/token-providers/src/fromEnvSigningName.spec.ts

@@ -0,0 +1,46 @@
+import { getBearerTokenEnvKey } from "@aws-sdk/core";
+import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
+
+import { fromEnvSigningName } from "./fromEnvSigningName";
+
+vi.mock("@aws-sdk/core");
+
+describe(fromEnvSigningName.name, () => {
+  const originalEnv = process.env;
+  const mockInit = { signingName: "signing name" };
+  const mockBearerTokenEnvKey = "AWS_BEARER_TOKEN_SIGNING_NAME";
+
+  beforeEach(() => {
+    process.env = { ...originalEnv };
+    vi.mocked(getBearerTokenEnvKey).mockReturnValue(mockBearerTokenEnvKey);
+  });
+
+  afterEach(() => {
+    process.env = originalEnv;
+    vi.clearAllMocks();
+  });
+
+  describe("throws error", () => {
+    it("when signingName is not passed", async () => {
+      await expect(fromEnvSigningName()()).rejects.toThrow(
+        "Please pass 'signingName' to compute environment variable key"
+      );
+      expect(getBearerTokenEnvKey).not.toHaveBeenCalled();
+    });
+
+    it("when token is not present in environment variable", async () => {
+      await expect(fromEnvSigningName(mockInit)()).rejects.toThrow(
+        `Token not present in '${mockBearerTokenEnvKey}' environment variable`
+      );
+      expect(getBearerTokenEnvKey).toHaveBeenCalledWith(mockInit.signingName);
+    });
+  });
+
+  it("returns token from environment variable", async () => {
+    const mockBearerToken = "mock-bearer-token";
+    process.env[mockBearerTokenEnvKey] = mockBearerToken;
+    const token = await fromEnvSigningName(mockInit)();
+    expect(token).toEqual({ token: mockBearerToken });
+    expect(getBearerTokenEnvKey).toHaveBeenCalledWith(mockInit.signingName);
+  });
+});

packages/token-providers/src/fromEnvSigningName.ts

@@ -0,0 +1,37 @@
+import { getBearerTokenEnvKey } from "@aws-sdk/core";
+import type { CredentialProviderOptions, TokenIdentityProvider } from "@aws-sdk/types";
+import { TokenProviderError } from "@smithy/property-provider";
+
+/**
+ * @public
+ */
+export interface FromEnvSigningNameInit extends CredentialProviderOptions {
+  signingName?: string;
+}
+
+/**
+ * Creates a TokenIdentityProvider that retrieves bearer token from environment variable
+ *
+ * @param options - Configuration options for the token provider
+ * @param options.logger - Optional logger for debug messages
+ * @param options.signingName - Service signing name used to determine environment variable key
+ * @returns TokenIdentityProvider that provides bearer token from environment variable
+ *
+ * @public
+ */
+export const fromEnvSigningName =
+  ({ logger, signingName }: FromEnvSigningNameInit = {}): TokenIdentityProvider =>
+  async () => {
+    logger?.debug?.("@aws-sdk/token-providers - fromEnvSigningName");
+
+    if (!signingName) {
+      throw new TokenProviderError("Please pass 'signingName' to compute environment variable key", { logger });
+    }
+
+    const bearerTokenKey = getBearerTokenEnvKey(signingName);
+    if (!(bearerTokenKey in process.env)) {
+      throw new TokenProviderError(`Token not present in '${bearerTokenKey}' environment variable`, { logger });
+    }
+
+    return { token: process.env[bearerTokenKey]! };
+  };

packages/token-providers/src/index.ts

@@ -1,3 +1,4 @@
+export * from "./fromEnvSigningName";
 export * from "./fromSso";
 export * from "./fromStatic";
 export * from "./nodeProvider";

yarn.lock

@@ -23621,6 +23621,7 @@ __metadata:
   version: 0.0.0-use.local
   resolution: "@aws-sdk/token-providers@workspace:packages/token-providers"
   dependencies:
+    "@aws-sdk/core": "npm:*"
     "@aws-sdk/nested-clients": "npm:*"
     "@aws-sdk/types": "npm:*"
     "@smithy/property-provider": "npm:^4.0.2"