无法使用 aws-sdk 获取 AWS 机密 - 我要么得到缺少凭据错误和一个对象
Unable to get AWS secret using aws-sdk - I either get missing credentials error and an object
我正在尝试获取我需要在 JS 函数中使用 aws-sdk 的 AWS 机密,但我不断收到有关配置或请求对象中缺少凭据的错误,这是我正在使用的代码:
Cypress.Commands.add("get_secret", () => {
Cypress.env('AWS_ACCESS_KEY_ID', 'REMOVED')
Cypress.env('AWS_SECRET_ACCESS_KEY', 'REMOVED')
Cypress.env('AWS_SESSION_TOKEN', 'REMOVED')
var AWS = require("aws-sdk"),
region = "REMOVED",
secretName = "REMOVED",
secret,
decodedBinarySecret;
// Create a Secrets Manager client
var client = new AWS.SecretsManager({
region: region,
});
client.getSecretValue({ SecretId: secretName }, function (err, data) {
if (err) {
if (err.code === "DecryptionFailureException")
// Secrets Manager can't decrypt the protected secret text using the provided KMS key.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
else if (err.code === "InternalServiceErrorException")
// An error occurred on the server side.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
else if (err.code === "InvalidParameterException")
// You provided an invalid value for a parameter.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
else if (err.code === "InvalidRequestException")
// You provided a parameter value that is not valid for the current state of the resource.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
else if (err.code === "ResourceNotFoundException")
// We can't find the resource that you asked for.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
} else {
// Decrypts secret using the associated KMS CMK.
// Depending on whether the secret is a string or binary, one of these fields will be populated.
if ("SecretString" in data) {
secret = data.SecretString;
} else {
let buff = new Buffer(data.SecretBinary, "base64");
decodedBinarySecret = buff.toString("ascii");
}
}
return client.getSecretValue({ SecretId: "REMOVED" }).promise();
});
});
调用这个我得到 config.js:390 Uncaught (in promise) CredentialsError: Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1
如果我用 cy.wrap(client.getSecretValue("REMOVED")).as("key1");
替换 return client.getSecretValue({ SecretId: "REMOVED" }).promise();
它会产生一个请求对象,但我在其中的任何地方都看不到我的秘密。
有人能看出我做错了什么吗?
尝试像这样将凭据直接传递给客户端:
const client = new AWS.SecretsManager({
region: region,
accessKeyId: 'abcdefghi',
secretAccessKey: 'abcdefghi123456789',
sessionToken: 'abcd1234'
});
或更好,在创建客户端之前使用 AWS.Config Class
:
AWS.config.update({
accessKeyId: 'abcdefghi',
secretAccessKey: 'abcdefghi123456789',
sessionToken: 'abcd1234'
})
根据 Cypress.env
的 Cypress 文档,OS 级环境变量与 Cypress 环境变量不同:
In Cypress, “environment variables” are variables that are accessible via Cypress.env. These are not the same as OS-level environment variables. However, it is possible to set Cypress environment variables from OS-level environment variables.
这意味着它们不会被 AWS SDK 拾取。
有关如何在 SDK 中设置凭据的详细信息,请参阅 Setting Credentials in Node.js。
我正在尝试获取我需要在 JS 函数中使用 aws-sdk 的 AWS 机密,但我不断收到有关配置或请求对象中缺少凭据的错误,这是我正在使用的代码:
Cypress.Commands.add("get_secret", () => {
Cypress.env('AWS_ACCESS_KEY_ID', 'REMOVED')
Cypress.env('AWS_SECRET_ACCESS_KEY', 'REMOVED')
Cypress.env('AWS_SESSION_TOKEN', 'REMOVED')
var AWS = require("aws-sdk"),
region = "REMOVED",
secretName = "REMOVED",
secret,
decodedBinarySecret;
// Create a Secrets Manager client
var client = new AWS.SecretsManager({
region: region,
});
client.getSecretValue({ SecretId: secretName }, function (err, data) {
if (err) {
if (err.code === "DecryptionFailureException")
// Secrets Manager can't decrypt the protected secret text using the provided KMS key.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
else if (err.code === "InternalServiceErrorException")
// An error occurred on the server side.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
else if (err.code === "InvalidParameterException")
// You provided an invalid value for a parameter.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
else if (err.code === "InvalidRequestException")
// You provided a parameter value that is not valid for the current state of the resource.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
else if (err.code === "ResourceNotFoundException")
// We can't find the resource that you asked for.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
} else {
// Decrypts secret using the associated KMS CMK.
// Depending on whether the secret is a string or binary, one of these fields will be populated.
if ("SecretString" in data) {
secret = data.SecretString;
} else {
let buff = new Buffer(data.SecretBinary, "base64");
decodedBinarySecret = buff.toString("ascii");
}
}
return client.getSecretValue({ SecretId: "REMOVED" }).promise();
});
});
调用这个我得到 config.js:390 Uncaught (in promise) CredentialsError: Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1
如果我用 cy.wrap(client.getSecretValue("REMOVED")).as("key1");
替换 return client.getSecretValue({ SecretId: "REMOVED" }).promise();
它会产生一个请求对象,但我在其中的任何地方都看不到我的秘密。
有人能看出我做错了什么吗?
尝试像这样将凭据直接传递给客户端:
const client = new AWS.SecretsManager({
region: region,
accessKeyId: 'abcdefghi',
secretAccessKey: 'abcdefghi123456789',
sessionToken: 'abcd1234'
});
或更好,在创建客户端之前使用 AWS.Config Class
:
AWS.config.update({
accessKeyId: 'abcdefghi',
secretAccessKey: 'abcdefghi123456789',
sessionToken: 'abcd1234'
})
根据 Cypress.env
的 Cypress 文档,OS 级环境变量与 Cypress 环境变量不同:
In Cypress, “environment variables” are variables that are accessible via Cypress.env. These are not the same as OS-level environment variables. However, it is possible to set Cypress environment variables from OS-level environment variables.
这意味着它们不会被 AWS SDK 拾取。
有关如何在 SDK 中设置凭据的详细信息,请参阅 Setting Credentials in Node.js。