From a0cfd1494d8fd843ed98ce70e4d82cf29fd3ca84 Mon Sep 17 00:00:00 2001 From: Oded Arbel Date: Sun, 2 Nov 2014 10:28:44 +0200 Subject: [PATCH 1/4] don't store the user credentials User credentials are not used after creating the client in the constructor, so no need ot save them (it also may be a security concern) --- lib/simpledb.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/simpledb.js b/lib/simpledb.js index e5067d1..9ddd413 100644 --- a/lib/simpledb.js +++ b/lib/simpledb.js @@ -89,8 +89,8 @@ exports.SimpleDB = function(opts,logger) { if( !opts ) throw MARK+'no opts' - if(!( self.keyid = opts.keyid )) throw MARK+'no keyid' - if(!( self.secret = opts.secret )) throw MARK+'no secret' + if(!(opts.keyid)) throw MARK+'no keyid' + if(!(opts.secret)) throw MARK+'no secret' opts.secure = null == opts.secure ? false : opts.secure From feffc857dd22c556eb94ec8e8f80139cce0d046d Mon Sep 17 00:00:00 2001 From: Oded Arbel Date: Sun, 2 Nov 2014 10:31:09 +0200 Subject: [PATCH 2/4] Allow connecting without credentials for IAM role authentication --- lib/simpledb.js | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/lib/simpledb.js b/lib/simpledb.js index 9ddd413..acce98c 100644 --- a/lib/simpledb.js +++ b/lib/simpledb.js @@ -89,8 +89,7 @@ exports.SimpleDB = function(opts,logger) { if( !opts ) throw MARK+'no opts' - if(!(opts.keyid)) throw MARK+'no keyid' - if(!(opts.secret)) throw MARK+'no secret' + if(!!opts.keyid && !opts.secret) throw MARK+'key id specified, but no secret' opts.secure = null == opts.secure ? false : opts.secure @@ -125,7 +124,11 @@ exports.SimpleDB = function(opts,logger) { log('create',opts,awsopts) - self.client = aws.createSimpleDBClient(opts.keyid, opts.secret, awsopts) + if (opts.keyid) { + self.client = aws.createSimpleDBClient(opts.keyid, opts.secret, awsopts) + } else { + self.client = aws.createSimpleDBClient(awsopts) + } self.handle = function(start,act,q,tryI,last,res,stop,callback){ log('handle',start,act,q,tryI,last,res) From 25a334fcdb106f98aed520509d43cc3c24d658ee Mon Sep 17 00:00:00 2001 From: Oded Arbel Date: Mon, 3 Nov 2014 01:26:02 +0200 Subject: [PATCH 3/4] consume aws-lib from my own fork, which supports IAM roles --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index a6fc405..9c0b54b 100644 --- a/package.json +++ b/package.json @@ -18,7 +18,7 @@ "Makis Tracend (http://makesites.org/)" ], "dependencies": { - "aws-lib": "0.3.0" + "aws-lib": "git://github.com/guss77/aws-lib" }, "main": "lib/simpledb", "directories": { From 5d03c9b4ddd4673e69408f73a9ec8bf6b935e3f2 Mon Sep 17 00:00:00 2001 From: Oded Arbel Date: Wed, 5 Nov 2014 17:13:26 +0200 Subject: [PATCH 4/4] Fixed initing aws-lib for IAM role By not using a specialized init - aws-lib is not intelligent enough to figure out "optional positional parameters" --- lib/simpledb.js | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/lib/simpledb.js b/lib/simpledb.js index acce98c..1f5dd43 100644 --- a/lib/simpledb.js +++ b/lib/simpledb.js @@ -124,11 +124,7 @@ exports.SimpleDB = function(opts,logger) { log('create',opts,awsopts) - if (opts.keyid) { - self.client = aws.createSimpleDBClient(opts.keyid, opts.secret, awsopts) - } else { - self.client = aws.createSimpleDBClient(awsopts) - } + self.client = aws.createSimpleDBClient(opts.keyid, opts.secret, awsopts) self.handle = function(start,act,q,tryI,last,res,stop,callback){ log('handle',start,act,q,tryI,last,res)