@@ -5,6 +5,7 @@ import * as http from 'http';
5
5
import { performance } from 'perf_hooks' ;
6
6
import * as sinon from 'sinon' ;
7
7
8
+ import { KMSCredentialProvider } from '../../../src/client-side-encryption/providers' ;
8
9
import {
9
10
AWSTemporaryCredentialProvider ,
10
11
MongoAWSError ,
@@ -14,14 +15,6 @@ import {
14
15
MongoServerError
15
16
} from '../../mongodb' ;
16
17
17
- function awsSdk ( ) {
18
- try {
19
- return require ( '@aws-sdk/credential-providers' ) ;
20
- } catch {
21
- return null ;
22
- }
23
- }
24
-
25
18
describe ( 'MONGODB-AWS' , function ( ) {
26
19
let awsSdkPresent ;
27
20
let client : MongoClient ;
@@ -39,7 +32,7 @@ describe('MONGODB-AWS', function () {
39
32
`Always inform the AWS tests if they run with or without the SDK (MONGODB_AWS_SDK=${ MONGODB_AWS_SDK } )`
40
33
) . to . include ( MONGODB_AWS_SDK ) ;
41
34
42
- awsSdkPresent = ! ! awsSdk ( ) ;
35
+ awsSdkPresent = AWSTemporaryCredentialProvider . isAWSSDKInstalled ;
43
36
expect (
44
37
awsSdkPresent ,
45
38
MONGODB_AWS_SDK === 'true'
@@ -244,8 +237,10 @@ describe('MONGODB-AWS', function () {
244
237
245
238
const envCheck = ( ) => {
246
239
const { AWS_WEB_IDENTITY_TOKEN_FILE = '' } = process . env ;
247
- credentialProvider = awsSdk ( ) ;
248
- return AWS_WEB_IDENTITY_TOKEN_FILE . length === 0 || credentialProvider == null ;
240
+ return (
241
+ AWS_WEB_IDENTITY_TOKEN_FILE . length === 0 ||
242
+ ! AWSTemporaryCredentialProvider . isAWSSDKInstalled
243
+ ) ;
249
244
} ;
250
245
251
246
beforeEach ( function ( ) {
@@ -255,6 +250,9 @@ describe('MONGODB-AWS', function () {
255
250
return this . skip ( ) ;
256
251
}
257
252
253
+ // @ts -expect-error We intentionally access a protected variable.
254
+ credentialProvider = AWSTemporaryCredentialProvider . awsSDK ;
255
+
258
256
storedEnv = process . env ;
259
257
if ( test . env . AWS_STS_REGIONAL_ENDPOINTS === undefined ) {
260
258
delete process . env . AWS_STS_REGIONAL_ENDPOINTS ;
@@ -324,3 +322,37 @@ describe('MONGODB-AWS', function () {
324
322
}
325
323
} ) ;
326
324
} ) ;
325
+
326
+ describe ( 'AWS KMS Credential Fetching' , function ( ) {
327
+ context ( 'when the AWS SDK is not installed' , function ( ) {
328
+ beforeEach ( function ( ) {
329
+ if ( AWSTemporaryCredentialProvider . isAWSSDKInstalled ) {
330
+ this . currentTest . skipReason =
331
+ 'This test must run in an environment where the AWS SDK is not installed.' ;
332
+ this . skip ( ) ;
333
+ }
334
+ } ) ;
335
+ it ( 'fetching AWS KMS credentials throws an error' , async function ( ) {
336
+ const error = await new KMSCredentialProvider ( { aws : { } } ) . refreshCredentials ( ) . catch ( e => e ) ;
337
+
338
+ expect ( error ) . to . be . instanceOf ( MongoAWSError ) ;
339
+ } ) ;
340
+ } ) ;
341
+
342
+ context ( 'when the AWS SDK is installed' , function ( ) {
343
+ beforeEach ( function ( ) {
344
+ if ( ! AWSTemporaryCredentialProvider . isAWSSDKInstalled ) {
345
+ this . currentTest . skipReason =
346
+ 'This test must run in an environment where the AWS SDK is installed.' ;
347
+ this . skip ( ) ;
348
+ }
349
+ } ) ;
350
+ it ( 'KMS credentials are successfully fetched.' , async function ( ) {
351
+ const { aws } = await new KMSCredentialProvider ( { aws : { } } ) . refreshCredentials ( ) ;
352
+
353
+ expect ( aws ) . to . have . property ( 'accessKeyId' ) ;
354
+ expect ( aws ) . to . have . property ( 'secretAccessKey' ) ;
355
+ expect ( aws ) . to . have . property ( 'sessionToken' ) ;
356
+ } ) ;
357
+ } ) ;
358
+ } ) ;
0 commit comments