无法使用 aws-sdk 获取 AWS 机密 - 我要么得到缺少凭据错误和一个对象

Unable to get AWS secret using aws-sdk - I either get missing credentials error and an object

我正在尝试获取我需要在 JS 函数中使用 aws-sdk 的 AWS 机密,但我不断收到有关配置或请求对象中缺少凭据的错误,这是我正在使用的代码:

Cypress.Commands.add("get_secret", () => {
Cypress.env('AWS_ACCESS_KEY_ID', 'REMOVED') 
Cypress.env('AWS_SECRET_ACCESS_KEY', 'REMOVED') 
Cypress.env('AWS_SESSION_TOKEN', 'REMOVED') 

  var AWS = require("aws-sdk"),
    region = "REMOVED",
    secretName = "REMOVED",
    secret,
    decodedBinarySecret;

  // Create a Secrets Manager client
  var client = new AWS.SecretsManager({
    region: region,
  });

  client.getSecretValue({ SecretId: secretName }, function (err, data) {
    if (err) {
      if (err.code === "DecryptionFailureException")
        // Secrets Manager can't decrypt the protected secret text using the provided KMS key.
        // Deal with the exception here, and/or rethrow at your discretion.
        throw err;
      else if (err.code === "InternalServiceErrorException")
        // An error occurred on the server side.
        // Deal with the exception here, and/or rethrow at your discretion.
        throw err;
      else if (err.code === "InvalidParameterException")
        // You provided an invalid value for a parameter.
        // Deal with the exception here, and/or rethrow at your discretion.
        throw err;
      else if (err.code === "InvalidRequestException")
        // You provided a parameter value that is not valid for the current state of the resource.
        // Deal with the exception here, and/or rethrow at your discretion.
        throw err;
      else if (err.code === "ResourceNotFoundException")
        // We can't find the resource that you asked for.
        // Deal with the exception here, and/or rethrow at your discretion.
        throw err;
    } else {
      // Decrypts secret using the associated KMS CMK.
      // Depending on whether the secret is a string or binary, one of these fields will be populated.
      if ("SecretString" in data) {
        secret = data.SecretString;
      } else {
        let buff = new Buffer(data.SecretBinary, "base64");
        decodedBinarySecret = buff.toString("ascii");
      }
    }

    return client.getSecretValue({ SecretId: "REMOVED" }).promise();

  });
});

调用这个我得到 config.js:390 Uncaught (in promise) CredentialsError: Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1

如果我用 cy.wrap(client.getSecretValue("REMOVED")).as("key1"); 替换 return client.getSecretValue({ SecretId: "REMOVED" }).promise(); 它会产生一个请求对象,但我在其中的任何地方都看不到我的秘密。

有人能看出我做错了什么吗?

尝试像这样将凭据直接传递给客户端:

const client = new AWS.SecretsManager({
  region: region,
  accessKeyId: 'abcdefghi',
  secretAccessKey: 'abcdefghi123456789',
  sessionToken: 'abcd1234'
});

或更好,在创建客户端之前使用 AWS.Config Class

AWS.config.update({
  accessKeyId: 'abcdefghi',
  secretAccessKey: 'abcdefghi123456789',
  sessionToken: 'abcd1234'
})

根据 Cypress.env 的 Cypress 文档,OS 级环境变量与 Cypress 环境变量不同:

In Cypress, “environment variables” are variables that are accessible via Cypress.env. These are not the same as OS-level environment variables. However, it is possible to set Cypress environment variables from OS-level environment variables.

这意味着它们不会被 AWS SDK 拾取。

有关如何在 SDK 中设置凭据的详细信息,请参阅 Setting Credentials in Node.js