无法使用 aws-sdk 获取 AWS 机密 - 我要么收到缺少凭证错误和 object
[英]Unable to get AWS secret using aws-sdk - I either get missing credentials error and an object
问题描述
I'm trying to get an AWS secret I need using the aws-sdk in a JS function but I keep getting an error about a missing credentials in config or a request object, this is the code I am using:
我正在尝试使用 JS function 中的 aws-sdk 获取我需要的 AWS 机密,但我不断收到有关配置中缺少凭据或请求 object 的错误,这是我正在使用的代码:
Cypress.Commands.add("get_secret", () => {
Cypress.env('AWS_ACCESS_KEY_ID', 'REMOVED')
Cypress.env('AWS_SECRET_ACCESS_KEY', 'REMOVED')
Cypress.env('AWS_SESSION_TOKEN', 'REMOVED')
var AWS = require("aws-sdk"),
region = "REMOVED",
secretName = "REMOVED",
secret,
decodedBinarySecret;
// Create a Secrets Manager client
var client = new AWS.SecretsManager({
region: region,
});
client.getSecretValue({ SecretId: secretName }, function (err, data) {
if (err) {
if (err.code === "DecryptionFailureException")
// Secrets Manager can't decrypt the protected secret text using the provided KMS key.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
else if (err.code === "InternalServiceErrorException")
// An error occurred on the server side.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
else if (err.code === "InvalidParameterException")
// You provided an invalid value for a parameter.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
else if (err.code === "InvalidRequestException")
// You provided a parameter value that is not valid for the current state of the resource.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
else if (err.code === "ResourceNotFoundException")
// We can't find the resource that you asked for.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
} else {
// Decrypts secret using the associated KMS CMK.
// Depending on whether the secret is a string or binary, one of these fields will be populated.
if ("SecretString" in data) {
secret = data.SecretString;
} else {
let buff = new Buffer(data.SecretBinary, "base64");
decodedBinarySecret = buff.toString("ascii");
}
}
return client.getSecretValue({ SecretId: "REMOVED" }).promise();
});
});
Calling this I get config.js:390 Uncaught (in promise) CredentialsError: Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1调用这个我得到config.js:390 Uncaught (in promise) CredentialsError: Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1
If I replace return client.getSecretValue({ SecretId: "REMOVED" }).promise();如果我替换return client.getSecretValue({ SecretId: "REMOVED" }).promise(); with cy.wrap(client.getSecretValue("REMOVED")).as("key1");用cy.wrap(client.getSecretValue("REMOVED")).as("key1"); it yields a request object but I can't see my secret anywhere in it.它产生一个请求 object 但我在其中的任何地方都看不到我的秘密。
Can someone see what I'm doing wrong?有人可以看到我做错了什么吗?
1 个解决方案
解决方案1
1 已采纳 2020-11-29 15:19:12
Try passing the credentials directly to the client like this:尝试将凭据直接传递给客户端,如下所示:
const client = new AWS.SecretsManager({
region: region,
accessKeyId: 'abcdefghi',
secretAccessKey: 'abcdefghi123456789',
sessionToken: 'abcd1234'
});
or better, use the AWS.Config Class before creating the client:或者更好,在创建客户端之前使用AWS.Config Class :
AWS.config.update({
accessKeyId: 'abcdefghi',
secretAccessKey: 'abcdefghi123456789',
sessionToken: 'abcd1234'
})
According to the Cypress documentation for Cypress.env , OS-level environment variables are different from Cypress environment variables:根据Cypress.env的赛普拉斯文档,操作系统级别的环境变量与赛普拉斯环境变量不同:
In Cypress, “environment variables” are variables that are accessible via Cypress.env.
This means that they won't be picked up by the AWS SDK.这意味着它们不会被 AWS SDK 接收。
For more info on how to set credentials in the SDK, see Setting Credentials in Node.js .有关如何在 SDK 中设置凭据的更多信息,请参阅在 Node.js 中设置凭据。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.