mirror of
https://github.com/n8n-io/n8n.git
synced 2024-12-24 04:04:06 -08:00
✨ Add support for custom AWS endpoints (#1312)
* Setup custom endpoints properties in AWS credentials type * Update AWS nodes to use new endpoints (if specified) * Fix a few error scenarios cases where message was being obscured * Extend usage of URL API to validate user inputted endpoints https://nodejs.org/docs/latest-v12.x/api/url.html * Add support to custom endpoints for SES Forgot to add this in my earlier commits… * Fix incorrect Amazon SES endpoint placeholder value * Fixed signing problems with path being ignored. Standardized to avoid future problems * Linting fix * ⚡ Make parameters optinal (wip) * Make sure that we fallback to correct URL without errors if custom endpoints are not used Co-authored-by: Luis Ramos <luis@ramos.dev> Co-authored-by: Omar Ajoue <krynble@gmail.com>
This commit is contained in:
parent
a13a7487cf
commit
1501175b81
|
@ -30,5 +30,86 @@ export class Aws implements ICredentialType {
|
|||
password: true,
|
||||
},
|
||||
},
|
||||
{
|
||||
displayName: 'Custom Endpoints',
|
||||
name: 'customEndpoints',
|
||||
type: 'boolean' as NodePropertyTypes,
|
||||
default: false,
|
||||
},
|
||||
{
|
||||
displayName: 'Rekognition Endpoint',
|
||||
name: 'rekognitionEndpoint',
|
||||
description: 'If you use Amazon VPC to host n8n, you can establish a connection between your VPC and Rekognition using a VPC endpoint. Leave blank to use the default endpoint.',
|
||||
type: 'string' as NodePropertyTypes,
|
||||
displayOptions: {
|
||||
show: {
|
||||
customEndpoints: [
|
||||
true,
|
||||
],
|
||||
},
|
||||
},
|
||||
default: '',
|
||||
placeholder: 'https://rekognition.{region}.amazonaws.com',
|
||||
},
|
||||
{
|
||||
displayName: 'Lambda Endpoint',
|
||||
name: 'lambdaEndpoint',
|
||||
description: 'If you use Amazon VPC to host n8n, you can establish a connection between your VPC and Lambda using a VPC endpoint. Leave blank to use the default endpoint.',
|
||||
type: 'string' as NodePropertyTypes,
|
||||
displayOptions: {
|
||||
show: {
|
||||
customEndpoints: [
|
||||
true,
|
||||
],
|
||||
},
|
||||
},
|
||||
default: '',
|
||||
placeholder: 'https://lambda.{region}.amazonaws.com',
|
||||
},
|
||||
{
|
||||
displayName: 'SNS Endpoint',
|
||||
name: 'snsEndpoint',
|
||||
description: 'If you use Amazon VPC to host n8n, you can establish a connection between your VPC and SNS using a VPC endpoint. Leave blank to use the default endpoint.',
|
||||
type: 'string' as NodePropertyTypes,
|
||||
displayOptions: {
|
||||
show: {
|
||||
customEndpoints: [
|
||||
true,
|
||||
],
|
||||
},
|
||||
},
|
||||
default: '',
|
||||
placeholder: 'https://sns.{region}.amazonaws.com',
|
||||
},
|
||||
{
|
||||
displayName: 'SES Endpoint',
|
||||
name: 'sesEndpoint',
|
||||
description: 'If you use Amazon VPC to host n8n, you can establish a connection between your VPC and SES using a VPC endpoint. Leave blank to use the default endpoint.',
|
||||
type: 'string' as NodePropertyTypes,
|
||||
displayOptions: {
|
||||
show: {
|
||||
customEndpoints: [
|
||||
true,
|
||||
],
|
||||
},
|
||||
},
|
||||
default: '',
|
||||
placeholder: 'https://email.{region}.amazonaws.com',
|
||||
},
|
||||
{
|
||||
displayName: 'S3 Endpoint',
|
||||
name: 's3Endpoint',
|
||||
description: 'If you use Amazon VPC to host n8n, you can establish a connection between your VPC and S3 using a VPC endpoint. Leave blank to use the default endpoint.',
|
||||
type: 'string' as NodePropertyTypes,
|
||||
displayOptions: {
|
||||
show: {
|
||||
customEndpoints: [
|
||||
true,
|
||||
],
|
||||
},
|
||||
},
|
||||
default: '',
|
||||
placeholder: 'https://s3.{region}.amazonaws.com',
|
||||
},
|
||||
];
|
||||
}
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
import { URL } from 'url';
|
||||
import { sign } from 'aws4';
|
||||
import { OptionsWithUri } from 'request';
|
||||
import { parseString } from 'xml2js';
|
||||
|
@ -9,6 +10,21 @@ import {
|
|||
IWebhookFunctions,
|
||||
} from 'n8n-core';
|
||||
|
||||
import {
|
||||
ICredentialDataDecryptedObject,
|
||||
} from 'n8n-workflow';
|
||||
|
||||
function getEndpointForService(service: string, credentials: ICredentialDataDecryptedObject): string {
|
||||
let endpoint;
|
||||
if (service === "lambda" && credentials.lambdaEndpoint) {
|
||||
endpoint = credentials.lambdaEndpoint;
|
||||
} else if (service === "sns" && credentials.snsEndpoint) {
|
||||
endpoint = credentials.snsEndpoint;
|
||||
} else {
|
||||
endpoint = `https://${service}.${credentials.region}.amazonaws.com`;
|
||||
}
|
||||
return (endpoint as string).replace('{region}', credentials.region as string);
|
||||
}
|
||||
|
||||
export async function awsApiRequest(this: IHookFunctions | IExecuteFunctions | ILoadOptionsFunctions | IWebhookFunctions, service: string, method: string, path: string, body?: string, headers?: object): Promise<any> { // tslint:disable-line:no-any
|
||||
const credentials = this.getCredentials('aws');
|
||||
|
@ -16,23 +32,25 @@ export async function awsApiRequest(this: IHookFunctions | IExecuteFunctions | I
|
|||
throw new Error('No credentials got returned!');
|
||||
}
|
||||
|
||||
const endpoint = `${service}.${credentials.region}.amazonaws.com`;
|
||||
// Concatenate path and instantiate URL object so it parses correctly query strings
|
||||
const endpoint = new URL(getEndpointForService(service, credentials) + path);
|
||||
|
||||
// Sign AWS API request with the user credentials
|
||||
const signOpts = { headers: headers || {}, host: endpoint, method, path, body };
|
||||
const signOpts = { headers: headers || {}, host: endpoint.host, method, path: endpoint.pathname, body };
|
||||
sign(signOpts, { accessKeyId: `${credentials.accessKeyId}`.trim(), secretAccessKey: `${credentials.secretAccessKey}`.trim() });
|
||||
|
||||
|
||||
const options: OptionsWithUri = {
|
||||
headers: signOpts.headers,
|
||||
method,
|
||||
uri: `https://${endpoint}${signOpts.path}`,
|
||||
uri: endpoint.href,
|
||||
body: signOpts.body,
|
||||
};
|
||||
|
||||
try {
|
||||
return await this.helpers.request!(options);
|
||||
} catch (error) {
|
||||
const errorMessage = error.response.body.message || error.response.body.Message || error.message;
|
||||
const errorMessage = (error.response && error.response.body.message) || (error.response && error.response.body.Message) || error.message;
|
||||
|
||||
if (error.statusCode === 403) {
|
||||
if (errorMessage === 'The security token included in the request is invalid.') {
|
||||
|
|
|
@ -1,3 +1,7 @@
|
|||
import {
|
||||
URL,
|
||||
} from 'url';
|
||||
|
||||
import {
|
||||
sign,
|
||||
} from 'aws4';
|
||||
|
@ -31,17 +35,17 @@ export async function awsApiRequest(this: IHookFunctions | IExecuteFunctions | I
|
|||
throw new Error('No credentials got returned!');
|
||||
}
|
||||
|
||||
const endpoint = `${service}.${region || credentials.region}.amazonaws.com`;
|
||||
const endpoint = new URL(((credentials.rekognitionEndpoint as string || '').replace('{region}', credentials.region as string) || `https://${service}.${credentials.region}.amazonaws.com`) + path);
|
||||
|
||||
// Sign AWS API request with the user credentials
|
||||
const signOpts = {headers: headers || {}, host: endpoint, method, path, body};
|
||||
const signOpts = {headers: headers || {}, host: endpoint.host, method, path, body};
|
||||
|
||||
sign(signOpts, { accessKeyId: `${credentials.accessKeyId}`.trim(), secretAccessKey: `${credentials.secretAccessKey}`.trim()});
|
||||
|
||||
const options: OptionsWithUri = {
|
||||
headers: signOpts.headers,
|
||||
method,
|
||||
uri: `https://${endpoint}${signOpts.path}`,
|
||||
uri: endpoint.href,
|
||||
body: signOpts.body,
|
||||
};
|
||||
|
||||
|
@ -51,7 +55,7 @@ export async function awsApiRequest(this: IHookFunctions | IExecuteFunctions | I
|
|||
try {
|
||||
return await this.helpers.request!(options);
|
||||
} catch (error) {
|
||||
const errorMessage = error.response.body.message || error.response.body.Message || error.message;
|
||||
const errorMessage = (error.response && error.response.body.message) || (error.response && error.response.body.Message) || error.message;
|
||||
|
||||
if (error.statusCode === 403) {
|
||||
if (errorMessage === 'The security token included in the request is invalid.') {
|
||||
|
|
|
@ -1,3 +1,7 @@
|
|||
import {
|
||||
URL,
|
||||
} from 'url';
|
||||
|
||||
import {
|
||||
sign,
|
||||
} from 'aws4';
|
||||
|
@ -31,10 +35,11 @@ export async function awsApiRequest(this: IHookFunctions | IExecuteFunctions | I
|
|||
throw new Error('No credentials got returned!');
|
||||
}
|
||||
|
||||
const endpoint = `${service}.${region || credentials.region}.amazonaws.com`;
|
||||
const endpoint = new URL(((credentials.s3Endpoint as string || '').replace('{region}', credentials.region as string) || `https://${service}.${credentials.region}.amazonaws.com`) + path);
|
||||
|
||||
// Sign AWS API request with the user credentials
|
||||
const signOpts = {headers: headers || {}, host: endpoint, method, path: `${path}?${queryToString(query).replace(/\+/g, '%2B')}`, body};
|
||||
const signOpts = {headers: headers || {}, host: endpoint.host, method, path: `${endpoint.pathname}?${queryToString(query).replace(/\+/g, '%2B')}`, body};
|
||||
|
||||
|
||||
sign(signOpts, { accessKeyId: `${credentials.accessKeyId}`.trim(), secretAccessKey: `${credentials.secretAccessKey}`.trim()});
|
||||
|
||||
|
@ -42,7 +47,7 @@ export async function awsApiRequest(this: IHookFunctions | IExecuteFunctions | I
|
|||
headers: signOpts.headers,
|
||||
method,
|
||||
qs: query,
|
||||
uri: `https://${endpoint}${signOpts.path}`,
|
||||
uri: endpoint.href,
|
||||
body: signOpts.body,
|
||||
};
|
||||
|
||||
|
@ -52,7 +57,7 @@ export async function awsApiRequest(this: IHookFunctions | IExecuteFunctions | I
|
|||
try {
|
||||
return await this.helpers.request!(options);
|
||||
} catch (error) {
|
||||
const errorMessage = error.response.body.message || error.response.body.Message || error.message;
|
||||
const errorMessage = (error.response && error.response.body.message) || (error.response && error.response.body.Message) || error.message;
|
||||
|
||||
if (error.statusCode === 403) {
|
||||
if (errorMessage === 'The security token included in the request is invalid.') {
|
||||
|
|
|
@ -1,3 +1,7 @@
|
|||
import {
|
||||
URL,
|
||||
} from 'url';
|
||||
|
||||
import {
|
||||
sign,
|
||||
} from 'aws4';
|
||||
|
@ -31,23 +35,24 @@ export async function awsApiRequest(this: IHookFunctions | IExecuteFunctions | I
|
|||
throw new Error('No credentials got returned!');
|
||||
}
|
||||
|
||||
const endpoint = `${service}.${credentials.region}.amazonaws.com`;
|
||||
const endpoint = new URL(((credentials.sesEndpoint as string || '').replace('{region}', credentials.region as string) || `https://${service}.${credentials.region}.amazonaws.com`) + path);
|
||||
|
||||
// Sign AWS API request with the user credentials
|
||||
const signOpts = { headers: headers || {}, host: endpoint, method, path, body };
|
||||
|
||||
const signOpts = { headers: headers || {}, host: endpoint.host, method, path, body };
|
||||
sign(signOpts, { accessKeyId: `${credentials.accessKeyId}`.trim(), secretAccessKey: `${credentials.secretAccessKey}`.trim() });
|
||||
|
||||
const options: OptionsWithUri = {
|
||||
headers: signOpts.headers,
|
||||
method,
|
||||
uri: `https://${endpoint}${signOpts.path}`,
|
||||
uri: endpoint.href,
|
||||
body: signOpts.body,
|
||||
};
|
||||
|
||||
try {
|
||||
return await this.helpers.request!(options);
|
||||
} catch (error) {
|
||||
const errorMessage = error.response.body.message || error.response.body.Message || error.message;
|
||||
const errorMessage = (error.response && error.response.body.message) || (error.response && error.response.body.Message) || error.message;
|
||||
|
||||
if (error.statusCode === 403) {
|
||||
if (errorMessage === 'The security token included in the request is invalid.') {
|
||||
|
|
Loading…
Reference in a new issue