feat: update from nginx/nginx-s3-gateway#119

Author: dekobon

Makefile

@@ -5,10 +5,10 @@ start-plus:
 	export NGINX_TYPE=plus && docker-compose -f tests/docker/docker-compose.yml up -d
 
 test:
-	bash tests/test.sh --type oss
+	export NGINX_TYPE=oss && bash tests/test.sh --type oss
 
 test-plus:
-	bash tests/test.sh --type plus
+	export NGINX_TYPE=plus && bash tests/test.sh --type plus
 
 down:
 	docker-compose -f tests/docker/docker-compose.yml down

core/awscredentials.js

@@ -88,7 +88,6 @@ function readCredentials(r) {
             expiration: null
         };
     }
-
     if ("variables" in r && r.variables.cache_instance_credentials_enabled == 1) {
         return _readCredentialsFromKeyValStore(r);
     } else {
@@ -228,7 +227,7 @@ function _writeCredentialsToFile(credentials) {
 async function fetchCredentials(r) {
     /* If we are not using an AWS instance profile to set our credentials we
        exit quickly and don't write a credentials file. */
-    if (process.env['AWS_ACCESS_KEY_ID'] && process.env['AWS_SECRET_ACCESS_KEY']) {
+    if (utils.areAllEnvVarsSet(['AWS_ACCESS_KEY_ID', 'AWS_SECRET_ACCESS_KEY'])) {
         r.return(200);
         return;
     }
@@ -258,8 +257,9 @@ async function fetchCredentials(r) {
 
     utils.debug_log(r, 'Cached credentials are expired or not present, requesting new ones');
 
-    if (process.env['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI']) {
-        const uri = ECS_CREDENTIAL_BASE_URI + process.env['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI'];
+    if (utils.areAllEnvVarsSet('AWS_CONTAINER_CREDENTIALS_RELATIVE_URI')) {
+        const relative_uri = process.env['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI'] || '';
+        const uri = ECS_CREDENTIAL_BASE_URI + relative_uri;        
         try {
             credentials = await _fetchEcsRoleCredentials(uri);
         } catch (e) {
@@ -268,7 +268,7 @@ async function fetchCredentials(r) {
             return;
         }
     }
-    else if (process.env['AWS_WEB_IDENTITY_TOKEN_FILE']) {
+    else if (utils.areAllEnvVarsSet('AWS_WEB_IDENTITY_TOKEN_FILE')) {
         try {
             credentials = await _fetchWebIdentityCredentials(r)
         } catch (e) {

core/utils.js

@@ -22,6 +22,26 @@
 const DEBUG = parseBoolean(process.env['DEBUG']);
 
 
+/**
+ * Checks to see if all of the elements of the passed array are present as keys
+ * in the running process' environment variables. Alternatively, if a single
+ * string is passed, it will check for the presence of that string.
+ * @param envVars {array[string]|string} array of expected keys or single expected key
+ * @returns {boolean} true if all keys are set as environment variables
+ */
+function areAllEnvVarsSet(envVars) {
+    if (envVars instanceof Array) {
+        const envVarsLen = envVars.length;
+        for (let i = 0; i < envVarsLen; i++) {
+            if (!process.env[envVars[i]]) {
+                return false;
+            }
+        }
+        return true;
+    }
+    return envVars in process.env;
+}
+
 /**
  * Parses a string delimited by semicolons into an array of values
  * @param string {string|null} value representing a array of strings
@@ -143,6 +163,7 @@ function requireEnvVar(envVarName) {
 }
 
 export default {
+    areAllEnvVarsSet,
     debug_log,
     getAmzDatetime,
     getEightDigitDate,

tests/unit-test/awscredentials_test.js

@@ -180,9 +180,12 @@ function testReadAndWriteCredentialsFromKeyValStore() {
 
 async function testEcsCredentialRetrieval() {
     printHeader('testEcsCredentialRetrieval');
-    process.env['AWS_ACCESS_KEY_ID'] = undefined;
+    if ('AWS_ACCESS_KEY_ID' in process.env) {
+        delete process.env['AWS_ACCESS_KEY_ID'];
+    }
     process.env['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI'] = '/example';
     globalThis.ngx.fetch = function (url) {
+        console.log(' fetching mock credentials');
         globalThis.recordedUrl = url;
 
         return Promise.resolve({
@@ -221,14 +224,18 @@ async function testEcsCredentialRetrieval() {
     await awscred.fetchCredentials(r);
 
     if (globalThis.recordedUrl !== 'http://169.254.170.2/example') {
-        throw 'No or wrong ECS credentials fetch URL recorded: ' + globalThis.recordedUrl;
+        throw `No or wrong ECS credentials fetch URL recorded: ${globalThis.recordedUrl}`;
     }
 }
 
 async function testEc2CredentialRetrieval() {
     printHeader('testEc2CredentialRetrieval');
-    process.env['AWS_ACCESS_KEY_ID'] = undefined;
-    process.env['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI'] = undefined;
+    if ('AWS_ACCESS_KEY_ID' in process.env) {
+        delete process.env['AWS_ACCESS_KEY_ID'];
+    }
+    if ('AWS_CONTAINER_CREDENTIALS_RELATIVE_URI' in process.env) {
+        delete process.env['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI'];    
+    }
     globalThis.ngx.fetch = function (url, options) {
         if (url === 'http://169.254.169.254/latest/api/token' && options && options.method === 'PUT') {
             return Promise.resolve({

tests/unit-test/utils_test.js

@@ -122,11 +122,72 @@ function testPad() {
     }
 }
 
+function testAreAllEnvVarsSet() {
+    function testAreAllEnvVarsSetStringFound() {
+        console.log('  ## testAreAllEnvVarsSetStringFound');
+        const key = 'TEST_ENV_VAR_KEY';
+        process.env[key] = 'some value';
+        const actual = utils.areAllEnvVarsSet(key);
+        if (!actual) {
+            throw 'Environment variable that was set not indicated as present';
+        }
+    }
+
+    function testAreAllEnvVarsSetStringNotFound() {
+        console.log('  ## testAreAllEnvVarsSetStringNotFound');
+        const actual = utils.areAllEnvVarsSet('UNKNOWN_ENV_VAR_KEY');
+        if (actual) {
+            throw 'Unknown environment variable indicated as being present';
+        }
+    }
+
+    function testAreAllEnvVarsSetStringArrayFound() {
+        console.log('  ## testAreAllEnvVarsSetStringArrayFound');
+        const keys = ['TEST_ENV_VAR_KEY_1', 'TEST_ENV_VAR_KEY_2', 'TEST_ENV_VAR_KEY_3'];
+        for (let i = 0; i < keys.length; i++) {
+            process.env[keys[i]] = 'something';
+        }
+        const actual = utils.areAllEnvVarsSet(keys);
+        if (!actual) {
+            throw 'Environment variables that were set not indicated as present';
+        }
+    }
+
+    function testAreAllEnvVarsSetStringArrayNotFound() {
+        console.log('  ## testAreAllEnvVarsSetStringArrayNotFound');
+        const keys = ['UNKNOWN_ENV_VAR_KEY_1', 'UNKNOWN_ENV_VAR_KEY_2', 'UNKNOWN_ENV_VAR_KEY_3'];
+        const actual = utils.areAllEnvVarsSet(keys);
+        if (actual) {
+            throw 'Unknown environment variables that were not set indicated as present';
+        }
+    }
+
+    function testAreAllEnvVarsSetStringArrayWithSomeSet() {
+        console.log('  ## testAreAllEnvVarsSetStringArrayWithSomeSet');
+        const keys = ['TEST_ENV_VAR_KEY_1', 'UNKNOWN_ENV_VAR_KEY_2', 'UNKNOWN_ENV_VAR_KEY_3'];
+        process.env[keys[0]] = 'something';
+
+        const actual = utils.areAllEnvVarsSet(keys);
+        if (actual) {
+            throw 'Unknown environment variables that were not set indicated as present';
+        }
+    }
+
+    printHeader('testAreAllEnvVarsSet');
+    testAreAllEnvVarsSetStringFound();
+    testAreAllEnvVarsSetStringNotFound();
+    testAreAllEnvVarsSetStringArrayFound();
+    testAreAllEnvVarsSetStringArrayNotFound();
+    testAreAllEnvVarsSetStringArrayWithSomeSet();
+}
+
+
 async function test() {
     testAmzDatetime();
     testEightDigitDate();
     testPad();
     testParseArray();
+    testAreAllEnvVarsSet();
 }
 
 function printHeader(testName) {