test(packages): integration tests for signers

kuhe · kuhe · commit 08d0a63fa352 · 2025-07-28T16:34:06.000-04:00
diff --git a/clients/client-s3/test/e2e/s3-object-lambda.e2e.spec.ts b/clients/client-s3/test/e2e/s3-object-lambda.e2e.spec.ts
diff --git a/clients/client-s3/test/integ/s3-object-lambda.integ.spec.ts b/clients/client-s3/test/integ/s3-object-lambda.integ.spec.ts
@@ -0,0 +1,43 @@
+import { describe, test as it } from "vitest";
+
+import { S3 } from "@aws-sdk/client-s3";
+import { AwsCredentialIdentity } from "@smithy/types";
+import { requireRequestsFrom } from "@aws-sdk/aws-util-test/src";
+
+describe("S3 Object Lambda", () => {
+  const region = "us-west-2";
+  const credentials: AwsCredentialIdentity = {
+    accessKeyId: "",
+    secretAccessKey: "",
+  };
+
+  it("can make a GET request to an S3 Object Lambda ARN", async () => {
+    const s3 = new S3({
+      region,
+      credentials,
+    });
+
+    requireRequestsFrom(s3).toMatch({
+      hostname: "my-access-point-123456789012.s3-object-lambda.us-west-2.amazonaws.com",
+      query: {
+        "x-id": "GetObject",
+      },
+      headers: {
+        authorization: /=\/\d+\/us-west-2\/s3-object-lambda\/aws4_request/,
+      },
+      path: "/a",
+    });
+
+    // slash delimiter
+    await s3.getObject({
+      Bucket: "arn:aws:s3-object-lambda:us-west-2:123456789012:accesspoint/my-access-point",
+      Key: "a",
+    });
+
+    // colon delimiter
+    await s3.getObject({
+      Bucket: "arn:aws:s3-object-lambda:us-west-2:123456789012:accesspoint:my-access-point",
+      Key: "a",
+    });
+  });
+});
diff --git a/packages/core/package.json b/packages/core/package.json
@@ -13,8 +13,8 @@
     "clean": "rimraf ./dist-* && rimraf *.tsbuildinfo",
     "extract:docs": "api-extractor run --local",
     "test": "yarn g:vitest run",
-    "test:integration": "yarn g:vitest run -c vitest.config.integ.ts",
     "test:watch": "yarn g:vitest watch",
+    "test:integration": "yarn g:vitest run -c vitest.config.integ.ts",
     "test:integration:watch": "yarn g:vitest watch -c vitest.config.integ.ts"
   },
   "main": "./dist-cjs/index.js",
diff --git a/packages/dsql-signer/README.md b/packages/dsql-signer/README.md
@@ -32,31 +32,36 @@ const { DsqlSigner } = require("@aws-sdk/dsql-signer");
 ### Generate Authentication Token for Dsql IAM Authentication
 
 ```js
+import { Hash } from "@smithy/hash-node";
+import { fromNodeProviderChain } from "@aws-sdk/credential-providers";
+
 const signer = new DsqlSigner({
   /**
    * Required: The hostname of the database to connect to.
    */
-  hostname: "foo0bar1baz2quux3quux4.dsql.us-east-1.on.aws";
+  hostname: "foo0bar1baz2quux3quux4.dsql.us-east-1.on.aws",
 
   /**
    * Optional: The region the database is located in. Uses the region inferred from the runtime if omitted.
    */
-  region?: "us-east-1";
+  region: "us-east-1",
 
   /**
    * Optional: The SHA256 hasher constructor to sign the request.
    */
-  sha256?: HashCtor;
+  sha256: Hash.bind(null, "sha256"),
 
   /**
    * Optional: The amount of time in seconds the generated token is valid
    */
-  expiresIn?: 3600;
+  expiresIn: 3600,
 
   /**
    * Optional: The AWS credentials to sign requests with. Uses the default credential provider chain if not specified.
+   * You can use any credential provider from https://www.npmjs.com/package/@aws-sdk/credential-providers,
+   * or provide a credentials object.
    */
-  credentials?: fromNodeCredentialProvider();
+  credentials: fromNodeProviderChain(),
 });
 
 // Creates auth token.
diff --git a/packages/dsql-signer/package.json b/packages/dsql-signer/package.json
@@ -14,7 +14,10 @@
     "build:types:downlevel": "downlevel-dts dist-types dist-types/ts3.4",
     "clean": "rimraf ./dist-* && rimraf *.tsbuildinfo",
     "extract:docs": "api-extractor run --local",
-    "test": "yarn g:vitest run"
+    "test": "yarn g:vitest run",
+    "test:watch": "yarn g:vitest watch",
+    "test:integration": "yarn g:vitest run -c vitest.config.integ.ts",
+    "test:integration:watch": "yarn g:vitest watch -c vitest.config.integ.ts"
   },
   "engines": {
     "node": ">=18.0.0"
diff --git a/packages/dsql-signer/src/dsql-signer.integ.spec.ts b/packages/dsql-signer/src/dsql-signer.integ.spec.ts
@@ -0,0 +1,33 @@
+import { Sha256 } from "@aws-crypto/sha256-js";
+import { describe, expect, test as it } from "vitest";
+
+import { DsqlSigner, DsqlSignerConfig } from "./Signer";
+
+describe("dsql-signer integration", () => {
+  it("creates a token", async () => {
+    const allParamsConfig: DsqlSignerConfig = {
+      hostname: "localhost",
+      region: "us-east-2",
+      credentials: {
+        accessKeyId: "allParamsAccessKey",
+        secretAccessKey: "allParamsSecretAccessKey",
+        sessionToken: "allParamsSessionToken",
+      },
+      expiresIn: 1000,
+      sha256: Sha256,
+    };
+    const signer = new DsqlSigner(allParamsConfig);
+    const token = await signer.getDbConnectAdminAuthToken();
+
+    expect(token.split("&").sort()).toMatchObject([
+      /localhost\/\?Action=DbConnectAdmin/,
+      /X-Amz-Algorithm=AWS4-HMAC-SHA256/,
+      /X-Amz-Credential=allParamsAccessKey%2F(\d+)%2Fus-east-2%2Fdsql%2Faws4_request/,
+      /X-Amz-Date=(\d+T\d+Z)/,
+      /X-Amz-Expires=1000/,
+      /X-Amz-Security-Token=allParamsSessionToken/,
+      /X-Amz-Signature=(.*?)/,
+      /X-Amz-SignedHeaders=host/,
+    ]);
+  });
+});
diff --git a/packages/dsql-signer/vitest.config.integ.ts b/packages/dsql-signer/vitest.config.integ.ts
@@ -0,0 +1,8 @@
+import { defineConfig } from "vitest/config";
+
+export default defineConfig({
+  test: {
+    include: ["**/*.integ.spec.ts"],
+    environment: "node",
+  },
+});
diff --git a/packages/polly-request-presigner/package.json b/packages/polly-request-presigner/package.json
@@ -11,7 +11,9 @@
     "clean": "rimraf ./dist-* && rimraf *.tsbuildinfo",
     "extract:docs": "api-extractor run --local",
     "test": "yarn g:vitest run",
-    "test:watch": "yarn g:vitest watch"
+    "test:watch": "yarn g:vitest watch",
+    "test:integration": "yarn g:vitest run -c vitest.config.integ.ts",
+    "test:integration:watch": "yarn g:vitest watch -c vitest.config.integ.ts"
   },
   "main": "./dist-cjs/index.js",
   "module": "./dist-es/index.js",
diff --git a/packages/polly-request-presigner/src/polly-request-presigner.integ.spec.ts b/packages/polly-request-presigner/src/polly-request-presigner.integ.spec.ts
@@ -0,0 +1,37 @@
+import { PollyClient } from "@aws-sdk/client-polly";
+import { describe, expect, test as it } from "vitest";
+
+import { getSynthesizeSpeechUrl } from "./index";
+
+describe("polly-request-presigner", () => {
+  it("should sign URLs", async () => {
+    const url = await getSynthesizeSpeechUrl({
+      client: new PollyClient({
+        credentials: {
+          accessKeyId: "INTEG",
+          secretAccessKey: "INTEG",
+        },
+        region: "us-east-1",
+      }),
+      params: {
+        Text: "Hello world, the polly presigner is really cool!",
+        OutputFormat: "mp3",
+        VoiceId: "Kimberly",
+      },
+    });
+
+    const urlSegments = url.split("&");
+    expect(urlSegments.sort()).toMatchObject([
+      "Text=Hello%20world%2C%20the%20polly%20presigner%20is%20really%20cool%21",
+      "VoiceId=Kimberly",
+      "X-Amz-Algorithm=AWS4-HMAC-SHA256",
+      /X-Amz-Credential=(.*?)%2F(\d{8})%2Fus-east-1%2Fpolly%2Faws4_request/,
+      /X-Amz-Date=\d{8}T\d+Z/,
+      "X-Amz-Expires=3600",
+      /X-Amz-Signature=(.*?)/,
+      "X-Amz-SignedHeaders=host",
+      "https://polly.us-east-1.amazonaws.com/v1/speech?OutputFormat=mp3",
+      /x-amz-user-agent=aws-sdk-js%2F\d\.\d+\.\d+/,
+    ]);
+  });
+});
diff --git a/packages/polly-request-presigner/vitest.config.integ.ts b/packages/polly-request-presigner/vitest.config.integ.ts
@@ -0,0 +1,8 @@
+import { defineConfig } from "vitest/config";
+
+export default defineConfig({
+  test: {
+    include: ["**/*.integ.spec.ts"],
+    environment: "node",
+  },
+});
diff --git a/packages/rds-signer/package.json b/packages/rds-signer/package.json
@@ -15,7 +15,9 @@
     "clean": "rimraf ./dist-* && rimraf *.tsbuildinfo",
     "extract:docs": "api-extractor run --local",
     "test": "yarn g:vitest run",
-    "test:watch": "yarn g:vitest watch"
+    "test:watch": "yarn g:vitest watch",
+    "test:integration": "yarn g:vitest run -c vitest.config.integ.ts",
+    "test:integration:watch": "yarn g:vitest watch -c vitest.config.integ.ts"
   },
   "engines": {
     "node": ">=18.0.0"
diff --git a/packages/rds-signer/src/rds-signer.integ.spec.ts b/packages/rds-signer/src/rds-signer.integ.spec.ts
@@ -0,0 +1,31 @@
+import { describe, expect, test as it } from "vitest";
+
+import { Signer } from "./Signer";
+
+describe("rds-signer integration", () => {
+  it("creates an auth token", async () => {
+    const signer = new Signer({
+      credentials: {
+        accessKeyId: "INTEG",
+        secretAccessKey: "INTEG",
+      },
+      username: "me",
+      hostname: "localhost",
+      port: 443,
+      region: "us-west-2",
+    });
+
+    const token = await signer.getAuthToken();
+
+    expect(token.split("&").sort()).toMatchObject([
+      /localhost:443\/\?Action=connect/,
+      /DBUser=me/,
+      /X-Amz-Algorithm=AWS4-HMAC-SHA256/,
+      /X-Amz-Credential=INTEG%2F(\d{8})%2Fus-west-2%2Frds-db%2Faws4_request/,
+      /X-Amz-Date=(\d{8})T(\d+)Z/,
+      /X-Amz-Expires=900/,
+      /X-Amz-Signature=(.*?)/,
+      /X-Amz-SignedHeaders=host/,
+    ]);
+  });
+});
diff --git a/packages/rds-signer/vitest.config.integ.ts b/packages/rds-signer/vitest.config.integ.ts
@@ -0,0 +1,8 @@
+import { defineConfig } from "vitest/config";
+
+export default defineConfig({
+  test: {
+    include: ["**/*.integ.spec.ts"],
+    environment: "node",
+  },
+});
