Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Credentials Management #888

Merged
merged 38 commits into from
Jan 13, 2020
Merged

Credentials Management #888

Show file tree
Hide file tree
Changes from 26 commits
Commits
Show all changes
38 commits
Select commit Hold shift + click to select a range
409af50
Initial implementation of Credential Provider
awschristou Jan 4, 2020
51c094f
Remove getCredentialsFilename and getConfigFilename from UserCredenti…
awschristou Jan 4, 2020
74ae1c3
BaseCredentialsProviderFactory tests
awschristou Jan 6, 2020
1989d51
Profile Validation now returns text instead of throwing Error
awschristou Jan 6, 2020
aadf828
getStringHash utility method
awschristou Jan 6, 2020
cdfb8a9
Renamed types, produce Credentials, internalize CredentialProviderChain
awschristou Jan 6, 2020
102655c
Pull Default Region from Shared Credentials Profile
awschristou Jan 6, 2020
b7b6445
Get Profile HashCode
awschristou Jan 7, 2020
5ed5f73
When logging in, if credentials are already cached but a change was d…
awschristou Jan 7, 2020
9fd898f
Remove comment
awschristou Jan 7, 2020
6a83b2e
Updated the 'invalid credentials' notice, and added a "View Logs" but…
awschristou Jan 7, 2020
b5abf17
CredentialsProviderId tests
awschristou Jan 7, 2020
2ee351e
CredentialsProviderManager tests
awschristou Jan 8, 2020
dcb2d4c
SharedCredentialsProvider tests
awschristou Jan 8, 2020
f14b125
SharedCredentialsProviderFactory tests
awschristou Jan 8, 2020
f47fad3
Fix envvar side-effects that were affecting other tests
awschristou Jan 8, 2020
29c760f
Lint fix
awschristou Jan 8, 2020
ef8e981
Merge branch 'master' into awschristou/credentials
awschristou Jan 8, 2020
2440bbf
Changelogs
awschristou Jan 8, 2020
004d6b9
Migration - prevent first startup using the new Credentials Providers…
awschristou Jan 8, 2020
7380cce
Test fix
awschristou Jan 8, 2020
c848df8
Merge branch 'master' into awschristou/credentials
awschristou Jan 8, 2020
23f6962
Feedback - changelogs
awschristou Jan 8, 2020
c34820f
Feedback - label
awschristou Jan 8, 2020
150f199
Feedback - Credentials Type for Shared Credentials
awschristou Jan 8, 2020
4094ee4
Feedback - CredentialsProviderManager instance
awschristou Jan 9, 2020
4a0e321
Feedback - label
awschristou Jan 9, 2020
676ae7b
Merge branch 'master' into awschristou/credentials
awschristou Jan 9, 2020
3a7afa6
Shared Credentials Profiles without recognized properties are conside…
awschristou Jan 9, 2020
f7491f3
Feedback - legible code
awschristou Jan 9, 2020
7712177
Feedback - consistent use of Millis
awschristou Jan 9, 2020
5025c19
Changed CredentialsProviderId separator from : to |
awschristou Jan 9, 2020
6f33ac4
CredentialsStore now stores and retrieves Credentials and associated …
awschristou Jan 9, 2020
bc32e0d
Feedback - blank line
awschristou Jan 9, 2020
b262bc7
Feedback - immutable during activation login migration
awschristou Jan 9, 2020
6c76476
CredentialsProviderId is now a type
awschristou Jan 10, 2020
5f38544
Switched string hash utility from hand-rolled to sha256
awschristou Jan 13, 2020
ab3807e
Feedback - concat over spread operator
awschristou Jan 13, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .changes/next-release/Bug Fix-7c5a454e-97e7-4f9e-91b7-c215d978f3c8.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
{
"type": "Bug Fix",
"description": "Fixed an issue where invalid credentials were reused until VS Code was closed and re-opened, even if the credentials source was updated. It is no longer necessary to restart VS Code. (#705)"
}
4 changes: 4 additions & 0 deletions .changes/next-release/Feature-1c091dfc-c519-4fa1-8f1a-7ab8d7db214b.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
{
"type": "Feature",
"description": "When credentials are invalid a notification is shown. To help diagnose these situations, a button was added to the notification that can open the logs."
}
4 changes: 4 additions & 0 deletions .changes/next-release/Feature-681f79db-6ef7-4172-9f5a-52b42c93ede6.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
{
"type": "Feature",
"description": "When changes are made to Shared Credentials files, they will be picked up by the Toolkit the next time credentials are selected during the 'Connect to AWS' command."
}
4 changes: 4 additions & 0 deletions .changes/next-release/Feature-8fac7fd9-cdfb-4a82-8dba-31a1da5197b7.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
{
"type": "Feature",
"description": "Credentials were previously shown by their Shared Credentials profile names. They are now displayed in a \"type:name\" format, to better indicate the type of Credentials being used, and to support additional Credentials types in the future. Shared Credentials are shown with the type \"profile\"."
}
5 changes: 3 additions & 2 deletions package.nls.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,8 +87,9 @@
"AWS.log.invalidLevel": "Invalid log level: {0}",
"AWS.message.loading": "Loading...",
"AWS.message.credentials.error": "There was an issue trying to use credentials profile {0}: {1}",
"AWS.message.credentials.invalidProfile": "Credentials profile {0} is invalid",
"AWS.message.credentials.invalidProfile.help": "Get Help...",
"AWS.message.credentials.invalid": "Invalid Credentials {0}, see logs for more information.",
"AWS.message.credentials.invalid.help": "Get Help...",
"AWS.message.credentials.invalid.logs": "View logs...",
"AWS.message.enterProfileName": "Enter the name of the credential profile to use",
"AWS.message.info.cloudFormation.delete": "Deleted CloudFormation Stack {0}",
"AWS.message.error.cloudFormation.delete": "An error occurred while deleting CloudFormation Stack {0}. Please check the stack events on the AWS Console",
Expand Down
5 changes: 1 addition & 4 deletions src/awsexplorer/defaultRegion.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ const localize = nls.loadMessageBundle()
import * as vscode from 'vscode'
import { AwsContext } from '../shared/awsContext'
import { extensionSettingsPrefix } from '../shared/constants'
import { DefaultCredentialsFileReaderWriter } from '../shared/credentials/defaultCredentialsFileReaderWriter'
import { AwsExplorer } from './awsExplorer'

/**
Expand Down Expand Up @@ -51,9 +50,7 @@ export async function checkExplorerForDefaultRegion(
awsContext: AwsContext,
awsExplorer: AwsExplorer
): Promise<void> {
const credentialReaderWriter = new DefaultCredentialsFileReaderWriter()

const profileRegion = await credentialReaderWriter.getDefaultRegion(profileName)
const profileRegion = awsContext.getCredentialDefaultRegion()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this something that should be attached to the credential itself rather than a top-level on awsContext

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

awsContext contains an AwsContextCredentials object, which then backs these calls. Would it make more sense to have a single getter for that object instead of getters for each property?

if (!profileRegion) {
return
}
Expand Down
13 changes: 12 additions & 1 deletion src/credentials/activation.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@ import { profileSettingKey } from '../shared/constants'
import { CredentialsProfileMru } from '../shared/credentials/credentialsProfileMru'
import { SettingsConfiguration } from '../shared/settingsConfiguration'
import { LoginManager } from './loginManager'
import { CREDENTIALS_PROVIDER_ID_SEPARATOR, makeCredentialsProviderId } from './providers/credentialsProviderId'
import { SharedCredentialsProvider } from './providers/sharedCredentialsProvider'

export interface CredentialsInitializeParameters {
extensionContext: vscode.ExtensionContext
Expand All @@ -29,8 +31,17 @@ export async function loginWithMostRecentCredentials(
toolkitSettings: SettingsConfiguration,
loginManager: LoginManager
): Promise<void> {
const previousCredentialsId = toolkitSettings.readSetting(profileSettingKey, '')
let previousCredentialsId = toolkitSettings.readSetting<string>(profileSettingKey, '')
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: I really don't like the "create a mutable variable, apply a conditional and maybe re-assign it's value cos it's convenient" pattern - I know it's tightly scoped but I really like to avoid mutability where possible. It's a smell.

I think you're better off changing this to something like :

const previousCredentialsId = toolkitSettings.readSetting<string>(profileSettingKey, '')

if (previousCredentialsId) {
    // Migrate from older Toolkits - If the last providerId isn't in the new CredentialProviderId format,
    // treat it like a Shared Crdentials Provider.
    const loginCredential = previousCredentialsId.indexOf(CREDENTIALS_PROVIDER_ID_SEPARATOR) === -1 ? 
        previousCredentialsId = makeCredentialsProviderId({
            credentialType: SharedCredentialsProviderFactory.CREDENTIAL_TYPE,
            credentialTypeId: previousCredentialsId
        }) : previousCredentialsId

    await loginManager.login(loginCredential)
} else {
    await loginManager.logout()
}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I completely agree. Prefer immutable where possible. Will change

if (previousCredentialsId) {
// Migrate from older Toolkits - If the last providerId isn't in the new CredentialProviderId format,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I get that this will make it more seamless for a user but I don't care to have this lying around if it's solely for that purpose. I'd say just invalidate the existing credentials and have the user log back in...it's fast enough that it shouldn't be an issue. At most, give them a one-version grace period and mark this for deletion in the next release afterwards.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This can be removed after a few versions. It makes for a better experience than seeing an "invalid credentials" notification, or a phantom log-out. It's low cost, the comment explains what is going on, and git history will tell us (if necessary) when this was added.

// treat it like a Shared Crdentials Provider.
if (previousCredentialsId.indexOf(CREDENTIALS_PROVIDER_ID_SEPARATOR) === -1) {
previousCredentialsId = makeCredentialsProviderId({
credentialType: SharedCredentialsProvider.getCredentialsType(),
credentialTypeId: previousCredentialsId
})
}

await loginManager.login(previousCredentialsId)
} else {
await loginManager.logout()
Expand Down
14 changes: 0 additions & 14 deletions src/credentials/credentialsCreator.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,27 +6,13 @@
import * as nls from 'vscode-nls'
const localize = nls.loadMessageBundle()

import * as AWS from 'aws-sdk'
import * as vscode from 'vscode'

const ERROR_MESSAGE_USER_CANCELLED = localize(
'AWS.error.mfa.userCancelled',
'User cancelled entering authentication code'
)

export async function createCredentials(profileName: string): Promise<AWS.Credentials> {
const provider = new AWS.CredentialProviderChain([
() => new AWS.ProcessCredentials({ profile: profileName }),
() =>
new AWS.SharedIniFileCredentials({
profile: profileName,
tokenCodeFn: async (mfaSerial, callback) => await getMfaTokenFromUser(mfaSerial, profileName, callback)
})
])

return provider.resolvePromise()
}

/**
* @description Prompts user for MFA token
*
Expand Down
26 changes: 19 additions & 7 deletions src/credentials/credentialsStore.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,16 @@

import * as AWS from 'aws-sdk'

interface CredentialsData {
credentials: AWS.Credentials
credentialsHashCode: number
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what is this for?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is a hash of the contents that were used to produce the credentials.
Its purpose is to detect when things like Shared Credentials Profiles change during a toolkit session.

}

/**
* Simple cache for credentials
*/
export class CredentialsStore {
private readonly credentialsCache: { [key: string]: AWS.Credentials }
private readonly credentialsCache: { [key: string]: CredentialsData }

public constructor() {
this.credentialsCache = {}
Expand All @@ -19,26 +24,33 @@ export class CredentialsStore {
* Returns undefined if credentials are not stored for given ID
*/
public async getCredentials(credentialsId: string): Promise<AWS.Credentials | undefined> {
return this.credentialsCache[credentialsId]
return this.credentialsCache[credentialsId]?.credentials
}

/**
* If credentials are not stored, the provided create function is called. Created credentials are then stored.
*/
public async getCredentialsOrCreate(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: change the name to getOrCreateCredentials; put the actions first.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unfortunately, this was added in a separate PR, so the rename belongs in a separate PR.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The cache has been updated to treat Credentials + Hash as one object, so I added the rename as well.

credentialsId: string,
createCredentialsFn: (credentialsId: string) => Promise<AWS.Credentials>
createCredentialsFn: (credentialsId: string) => Promise<CredentialsData>
): Promise<AWS.Credentials> {
let credentials = await this.getCredentials(credentialsId)
const credentials = await this.getCredentials(credentialsId)

if (credentials) {
return credentials
}

credentials = await createCredentialsFn(credentialsId)
this.credentialsCache[credentialsId] = credentials
const newCredentials = await createCredentialsFn(credentialsId)
this.credentialsCache[credentialsId] = newCredentials

return newCredentials.credentials
}

return credentials
/**
* Returns undefined if credentials are not stored for given ID
*/
public getCredentialsHashCode(credentialsId: string): number | undefined {
return this.credentialsCache[credentialsId]?.credentialsHashCode
}

/**
Expand Down
73 changes: 64 additions & 9 deletions src/credentials/loginManager.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,19 @@
/*!
* Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* SPDX-License-Identifier: Apache-2.0
*/

import * as nls from 'vscode-nls'
const localize = nls.loadMessageBundle()

import * as vscode from 'vscode'
import { AwsContext } from '../shared/awsContext'
import { credentialHelpUrl } from '../shared/constants'
import { getAccountId } from '../shared/credentials/accountId'
import { UserCredentialsUtils } from '../shared/credentials/userCredentialsUtils'
import { getLogger } from '../shared/logger'
import { createCredentials } from './credentialsCreator'
import { CredentialsStore } from './credentialsStore'
import { CredentialsProvider } from './providers/credentialsProvider'
import { CredentialsProviderManager } from './providers/credentialsProviderManager'

export class LoginManager {
private readonly credentialsStore: CredentialsStore = new CredentialsStore()
Expand All @@ -21,31 +26,40 @@ export class LoginManager {
*/
public async login(credentialsId: string): Promise<void> {
try {
const credentials = await this.credentialsStore.getCredentialsOrCreate(credentialsId, createCredentials)
const provider = await CredentialsProviderManager.getInstance().getCredentialsProvider(credentialsId)
if (!provider) {
throw new Error(`Could not find Credentials Provider for ${credentialsId}`)
}

await this.updateCredentialsStore(credentialsId, provider)

const credentials = await this.credentialsStore.getCredentials(credentialsId)
if (!credentials) {
throw new Error(`No credentials found for id ${credentialsId}`)
}

// TODO : Get a region relevant to the partition for these credentials -- https://github.com/aws/aws-toolkit-vscode/issues/188
const accountId = await getAccountId(credentials, 'us-east-1')

if (!accountId) {
throw new Error('Could not determine Account Id for credentials')
}

await this.awsContext.setCredentials({
credentials: credentials,
credentialsId: credentialsId,
accountId: accountId
accountId: accountId,
defaultRegion: provider.getDefaultRegion()
})
} catch (err) {
getLogger().error('Error logging in', err as Error)
getLogger().error(
`Error trying to connect to AWS with Credentials Provider ${credentialsId}. Toolkit will now disconnect from AWS.`,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are these bubbled to the user? Should they be localized?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

They're only surfaced to the user in the form of logs. Might be a good idea to surface the error to the user through the interface, but we definitely don't want to localize the logs.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

They are only logged (not placed in a notification). The current approach has been to only localize contents that are sent to the UI, and not logged materials.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Take a look at the revamped notification in the PR description. The intent was to steer people to the logs if they were interested, without having to route specific details about the error into the UI.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: the toolkit wasn't connected to AWS in the first place.

err as Error
)
this.credentialsStore.invalidateCredentials(credentialsId)

await this.logout()

// tslint:disable-next-line: no-floating-promises
UserCredentialsUtils.notifyUserCredentialsAreBad(credentialsId)
this.notifyUserInvalidCredentials(credentialsId)
}
}

Expand All @@ -55,4 +69,45 @@ export class LoginManager {
public async logout(): Promise<void> {
await this.awsContext.setCredentials(undefined)
}

/**
* Updates the CredentialsStore if the credentials are considered different
*/
private async updateCredentialsStore(credentialsId: string, provider: CredentialsProvider): Promise<void> {
const currentHash = this.credentialsStore.getCredentialsHashCode(credentialsId)
if (provider.getHashCode() !== currentHash) {
getLogger().verbose(`Credentials for ${credentialsId} have changed, using updated credentials.`)
this.credentialsStore.invalidateCredentials(credentialsId)
}

await this.credentialsStore.getCredentialsOrCreate(credentialsId, async () => {
return {
credentials: await provider.getCredentials(),
credentialsHashCode: provider.getHashCode()
}
})
}

private notifyUserInvalidCredentials(credentialProviderId: string) {
const getHelp = localize('AWS.message.credentials.invalid.help', 'Get Help...')
const viewLogs = localize('AWS.message.credentials.invalid.logs', 'View logs...')

vscode.window
.showErrorMessage(
localize(
'AWS.message.credentials.invalid',
'Invalid Credentials {0}, see logs for more information.',
credentialProviderId
),
getHelp,
viewLogs
)
.then((selection: string | undefined) => {
if (selection === getHelp) {
vscode.env.openExternal(vscode.Uri.parse(credentialHelpUrl))
} else if (selection === viewLogs) {
vscode.commands.executeCommand('aws.viewLogs')
}
})
}
}
11 changes: 11 additions & 0 deletions src/credentials/providers/credentialsProvider.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
/*!
* Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* SPDX-License-Identifier: Apache-2.0
*/

export interface CredentialsProvider {
getCredentialsProviderId(): string
getDefaultRegion(): string | undefined
getHashCode(): number
getCredentials(): Promise<AWS.Credentials>
}
50 changes: 50 additions & 0 deletions src/credentials/providers/credentialsProviderFactory.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
/*!
* Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* SPDX-License-Identifier: Apache-2.0
*/

import { CredentialsProvider } from './credentialsProvider'

/**
* Responsible for producing CredentialsProvider objects for a Credential Type
*/
export interface CredentialsProviderFactory {
getCredentialType(): string
listProviders(): CredentialsProvider[]
getProvider(credentialsProviderId: string): CredentialsProvider | undefined
refresh(): Promise<void>
}

export abstract class BaseCredentialsProviderFactory<T extends CredentialsProvider>
implements CredentialsProviderFactory {
protected providers: T[] = []
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is an array / list really the right data-structure here? We seem to be doing lookup-style operations mostly that point to a dictionary / map being a better choice.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The top access is a mix of "list all providers" and "get provider x" (the doc is currently open in #889 ). Collection still seems reasonable to me -- the lookups don't seem like they would have a heavy performance.

public abstract getCredentialType(): string

public listProviders(): T[] {
return [...this.providers]
}

public getProvider(credentialsProviderId: string): CredentialsProvider | undefined {
for (const provider of this.providers) {
if (provider.getCredentialsProviderId() === credentialsProviderId) {
return provider
}
}

return undefined
}

public abstract async refresh(): Promise<void>

protected addProvider(provider: T) {
this.providers.push(provider)
}

protected removeProvider(provider: T) {
this.providers = this.providers.filter(x => x !== provider)
}

protected resetProviders() {
this.providers = []
}
}
30 changes: 30 additions & 0 deletions src/credentials/providers/credentialsProviderId.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
/*!
* Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* SPDX-License-Identifier: Apache-2.0
*/

export const CREDENTIALS_PROVIDER_ID_SEPARATOR = ':'

export interface CredentialsProviderIdComponents {
credentialType: string
credentialTypeId: string
}

export function makeCredentialsProviderIdComponents(credentialsProviderId: string): CredentialsProviderIdComponents {
const chunks = credentialsProviderId.split(CREDENTIALS_PROVIDER_ID_SEPARATOR)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This "splitting by :" logic seems to have leaked into a bunch of places. A "CredentialProvider" has a type and identifier which together form a 'compound-style' key that we can use to store them - but couldn't that concern be localized into a credential ID object itself?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it is only explicit in the tests, for readability. Anywhere in the toolkit code goes through the make/decode methods.

I initially stopped short of creating a credential provider id object. Since the intent was to support additional data in the future (using the separator), its probably saving future pain to make and pass around an object now instead of a string.

I'll give this a go.


if (chunks.length !== 2) {
throw new Error(`Unexpected credentialsProviderId format: ${credentialsProviderId}`)
}

return {
credentialType: chunks[0],
credentialTypeId: chunks[1]
}
}

export function makeCredentialsProviderId(credentialsProviderIdComponents: CredentialsProviderIdComponents): string {
return [credentialsProviderIdComponents.credentialType, credentialsProviderIdComponents.credentialTypeId].join(
CREDENTIALS_PROVIDER_ID_SEPARATOR
)
}
Loading