Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable support for AWS temporary credentials - N8N-3209 #2587

Merged
merged 15 commits into from
Apr 22, 2022
Merged

Enable support for AWS temporary credentials - N8N-3209 #2587

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
0833863
Enable support for AWS temporary credentials
BasitAli Dec 20, 2021
6b789dd
Merge branch 'master' of https://github.com/n8n-io/n8n
michael-radency Apr 1, 2022
ab78ccc
:hammer: removed toggle from ui added sessionToken to other aws servi…
michael-radency Apr 1, 2022
cd23420
Update sign method for other AWS nodes
BasitAli Apr 2, 2022
56eaabb
Merge branch 'n8n-io:master' into master
BasitAli Apr 2, 2022
9ab4db8
Remove the unneeded additional `temporaryCredentials` checkbox
BasitAli Apr 2, 2022
54dfe12
Update description for session token
BasitAli Apr 4, 2022
34d498a
Merge branch 'master' of https://github.com/n8n-io/n8n into aws-crede…
michael-radency Apr 7, 2022
df1278d
:zap: added missing session token to credentials test
michael-radency Apr 7, 2022
0214153
Update sign method for DynamoDB
BasitAli Apr 7, 2022
a917275
Merge branch 'master' of https://github.com/lucidlane/n8n into aws-cr…
michael-radency Apr 12, 2022
981f3e0
Merge branch 'master' of https://github.com/n8n-io/n8n into aws-crede…
michael-radency Apr 12, 2022
f9a2c0a
:hammer: added back toggle for hiding session token, fixed linter errors
michael-radency Apr 12, 2022
eacad54
Merge branch 'master' of https://github.com/n8n-io/n8n into aws-crede…
michael-radency Apr 21, 2022
bcc8001
:zap: wording fix
michael-radency Apr 21, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions packages/nodes-base/credentials/Aws.credentials.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,16 @@ export class Aws implements ICredentialType {
password: true,
},
},
{
displayName: 'Session Token',
name: 'sessionToken',
description: '(Optional) Temporary credentials from AWS STS',
BasitAli marked this conversation as resolved.
Show resolved Hide resolved
type: 'string',
default: '',
typeOptions: {
password: true,
},
},
{
displayName: 'Custom Endpoints',
name: 'customEndpoints',
Expand Down
7 changes: 6 additions & 1 deletion packages/nodes-base/nodes/Aws/Comprehend/GenericFunctions.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,8 +49,13 @@ export async function awsApiRequest(this: IHookFunctions | IExecuteFunctions | I

// Sign AWS API request with the user credentials
const signOpts = { headers: headers || {}, host: endpoint.host, method, path, body } as Request;
sign(signOpts, { accessKeyId: `${credentials.accessKeyId}`.trim(), secretAccessKey: `${credentials.secretAccessKey}`.trim() });
const securityHeaders = {
accessKeyId: `${credentials.accessKeyId}`.trim(),
secretAccessKey: `${credentials.secretAccessKey}`.trim(),
sessionToken: credentials.sessionToken ? `${credentials.sessionToken}`.trim() : undefined
};

sign(signOpts, securityHeaders);

const options: OptionsWithUri = {
headers: signOpts.headers,
Expand Down
7 changes: 6 additions & 1 deletion packages/nodes-base/nodes/Aws/GenericFunctions.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,8 +39,13 @@ export async function awsApiRequest(this: IHookFunctions | IExecuteFunctions | I

// Sign AWS API request with the user credentials
const signOpts = { headers: headers || {}, host: endpoint.host, method, path, body } as Request;
sign(signOpts, { accessKeyId: `${credentials.accessKeyId}`.trim(), secretAccessKey: `${credentials.secretAccessKey}`.trim() });
const securityHeaders = {
accessKeyId: `${credentials.accessKeyId}`.trim(),
secretAccessKey: `${credentials.secretAccessKey}`.trim(),
sessionToken: credentials.sessionToken ? `${credentials.sessionToken}`.trim() : undefined
};

sign(signOpts, securityHeaders);

const options: OptionsWithUri = {
headers: signOpts.headers,
Expand Down
7 changes: 6 additions & 1 deletion packages/nodes-base/nodes/Aws/Rekognition/GenericFunctions.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,8 +46,13 @@ export async function awsApiRequest(this: IHookFunctions | IExecuteFunctions | I

// Sign AWS API request with the user credentials
const signOpts = {headers: headers || {}, host: endpoint.host, method, path, body} as Request;
const securityHeaders = {
accessKeyId: `${credentials.accessKeyId}`.trim(),
secretAccessKey: `${credentials.secretAccessKey}`.trim(),
sessionToken: credentials.sessionToken ? `${credentials.sessionToken}`.trim() : undefined
};

sign(signOpts, { accessKeyId: `${credentials.accessKeyId}`.trim(), secretAccessKey: `${credentials.secretAccessKey}`.trim()});
sign(signOpts, securityHeaders);

const options: OptionsWithUri = {
headers: signOpts.headers,
Expand Down
8 changes: 6 additions & 2 deletions packages/nodes-base/nodes/Aws/S3/GenericFunctions.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,9 +40,13 @@ export async function awsApiRequest(this: IHookFunctions | IExecuteFunctions | I

// Sign AWS API request with the user credentials
const signOpts = {headers: headers || {}, host: endpoint.host, method, path: `${endpoint.pathname}?${queryToString(query).replace(/\+/g, '%2B')}`, body} as Request;
const securityHeaders = {
accessKeyId: `${credentials.accessKeyId}`.trim(),
secretAccessKey: `${credentials.secretAccessKey}`.trim(),
sessionToken: credentials.sessionToken ? `${credentials.sessionToken}`.trim() : undefined
};


sign(signOpts, { accessKeyId: `${credentials.accessKeyId}`.trim(), secretAccessKey: `${credentials.secretAccessKey}`.trim()});
sign(signOpts, securityHeaders);

const options: OptionsWithUri = {
headers: signOpts.headers,
Expand Down
8 changes: 7 additions & 1 deletion packages/nodes-base/nodes/Aws/SES/GenericFunctions.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,13 @@ export async function awsApiRequest(this: IHookFunctions | IExecuteFunctions | I
// Sign AWS API request with the user credentials

const signOpts = { headers: headers || {}, host: endpoint.host, method, path, body } as Request;
sign(signOpts, { accessKeyId: `${credentials.accessKeyId}`.trim(), secretAccessKey: `${credentials.secretAccessKey}`.trim() });
const securityHeaders = {
accessKeyId: `${credentials.accessKeyId}`.trim(),
secretAccessKey: `${credentials.secretAccessKey}`.trim(),
sessionToken: credentials.sessionToken ? `${credentials.sessionToken}`.trim() : undefined
};

sign(signOpts, securityHeaders);

const options: OptionsWithUri = {
headers: signOpts.headers,
Expand Down
17 changes: 14 additions & 3 deletions packages/nodes-base/nodes/Aws/Textract/GenericFunctions.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,8 +52,13 @@ export async function awsApiRequest(this: IHookFunctions | IExecuteFunctions | I

// Sign AWS API request with the user credentials
const signOpts = { headers: headers || {}, host: endpoint.host, method, path, body } as Request;
sign(signOpts, { accessKeyId: `${credentials.accessKeyId}`.trim(), secretAccessKey: `${credentials.secretAccessKey}`.trim() });
const securityHeaders = {
accessKeyId: `${credentials.accessKeyId}`.trim(),
secretAccessKey: `${credentials.secretAccessKey}`.trim(),
sessionToken: credentials.sessionToken ? `${credentials.sessionToken}`.trim() : undefined
};

sign(signOpts, securityHeaders);

const options: OptionsWithUri = {
headers: signOpts.headers,
Expand All @@ -69,7 +74,7 @@ export async function awsApiRequest(this: IHookFunctions | IExecuteFunctions | I
const errorMessage = error?.response?.data || error?.response?.body;
if (errorMessage.includes('AccessDeniedException')) {
const user = JSON.parse(errorMessage).Message.split(' ')[1];
throw new NodeApiError(this.getNode(), error, {
throw new NodeApiError(this.getNode(), error, {
message: 'Unauthorized — please check your AWS policy configuration',
description: `Make sure an identity-based policy allows user ${user} to perform textract:AnalyzeExpense` });
}
Expand Down Expand Up @@ -134,7 +139,13 @@ export async function validateCrendetials(this: ICredentialTestFunctions, decryp

// Sign AWS API request with the user credentials
const signOpts = { host: endpoint.host, method: 'POST', path: '?Action=GetCallerIdentity&Version=2011-06-15' } as Request;
sign(signOpts, { accessKeyId: `${credentials.accessKeyId}`.trim(), secretAccessKey: `${credentials.secretAccessKey}`.trim() });
const securityHeaders = {
accessKeyId: `${credentials.accessKeyId}`.trim(),
secretAccessKey: `${credentials.secretAccessKey}`.trim(),
sessionToken: credentials.sessionToken ? `${credentials.sessionToken}`.trim() : undefined
};

sign(signOpts, securityHeaders);

const options: OptionsWithUri = {
headers: signOpts.headers,
Expand Down
7 changes: 6 additions & 1 deletion packages/nodes-base/nodes/Aws/Transcribe/GenericFunctions.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,8 +52,13 @@ export async function awsApiRequest(this: IHookFunctions | IExecuteFunctions | I

// Sign AWS API request with the user credentials
const signOpts = { headers: headers || {}, host: endpoint.host, method, path, body } as Request;
sign(signOpts, { accessKeyId: `${credentials.accessKeyId}`.trim(), secretAccessKey: `${credentials.secretAccessKey}`.trim() });
const securityHeaders = {
accessKeyId: `${credentials.accessKeyId}`.trim(),
secretAccessKey: `${credentials.secretAccessKey}`.trim(),
sessionToken: credentials.sessionToken ? `${credentials.sessionToken}`.trim() : undefined
};

sign(signOpts, securityHeaders);

const options: OptionsWithUri = {
headers: signOpts.headers,
Expand Down
8 changes: 7 additions & 1 deletion packages/nodes-base/nodes/S3/GenericFunctions.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,13 @@ export async function s3ApiRequest(this: IHookFunctions | IExecuteFunctions | IL
body,
} as Request;

sign(signOpts, { accessKeyId: `${credentials.accessKeyId}`.trim(), secretAccessKey: `${credentials.secretAccessKey}`.trim() });
const securityHeaders = {
accessKeyId: `${credentials.accessKeyId}`.trim(),
secretAccessKey: `${credentials.secretAccessKey}`.trim(),
sessionToken: credentials.sessionToken ? `${credentials.sessionToken}`.trim() : undefined
};

sign(signOpts, securityHeaders);

const options: OptionsWithUri = {
headers: signOpts.headers,
Expand Down