Added assumeRole

CHANGELOG.md

@@ -5,6 +5,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## [Unreleased]
+### Added
+- Role assumption for authorizing the Firehose putRecord
+
 ## [3.0.0] - 2020-01-14
 ### Added
 - Log struct and formatting

README.md

@@ -14,6 +14,7 @@ npm install @janiscommerce/log
 ### ENV variables
 **`JANIS_SERVICE_NAME`** (required): The name of the service that will create the log.  
 **`JANIS_ENV`** (required): The name stage that will used as suffix for janis-trace-service bucket.
+**`LOG_ROLE_ARN`** (required): The ARN to assume the trace role in order to put records in Firehose.
 
 ## API
 ### **`add(clientCode, log)`**  

lib/log.js

@@ -50,22 +50,6 @@ class Log {
 		return this._deliveryStreamName;
 	}
 
-	static async getCredentials() {
-
-		if(this._credentials)
-			return this._credentials;
-
-		const { credentials } = await sts.assumeRole({
-			RoleArn: this._roleArn,
-			RoleSessionName: this._serviceName,
-			DurationSeconds: ARN_DURATION
-		});
-
-		this._credentials = credentials;
-
-		return this._credentials;
-	}
-
 	/**
 	 * Put a log into Firehose
 	 * @param {String} client The client code who created the log
@@ -140,6 +124,43 @@ class Log {
 		}
 	}
 
+	static async _getFirehoseInstance() {
+
+		const hasExpired = this._credentialsExpiration < new Date();
+
+		if(this._firehose && !hasExpired)
+			return this._firehose;
+
+		const credentials = await this._getCredentials();
+
+		this._credentialsExpiration = credentials.expiration;
+
+		this._firehose = new Firehose({
+			credentials,
+			region: process.env.AWS_DEFAULT_REGION,
+			httpOptions: { timeout: MAX_TIMEOUT }
+		});
+
+		return this._firehose;
+	}
+
+
+	static async _getCredentials() {
+
+		const { Credentials, Expiration } = await sts.assumeRole({
+			RoleArn: this._roleArn,
+			RoleSessionName: this._serviceName,
+			DurationSeconds: ARN_DURATION
+		});
+
+		return {
+			accessKeyId: Credentials.AccessKeyId,
+			secretAccessKey: Credentials.SecretAccessKey,
+			sessionToken: Credentials.SessionToken,
+			expiration: Expiration
+		};
+	}
+
 	static _getFormattedEnv() {
 
 		if(this._env && this._envs[this._env])
@@ -150,13 +171,7 @@ class Log {
 
 	static async _add(log, attempts = 0) {
 
-		const credentials = await this.getCredentials();
-
-		const firehose = new Firehose({
-			credentials,
-			region: process.env.AWS_DEFAULT_REGION,
-			httpOptions: { timeout: MAX_TIMEOUT }
-		});
+		const firehose = await this._getFirehoseInstance();
 
 		try {
 

tests/log-test.js

@@ -32,6 +32,15 @@ describe('Log', () => {
 		client: 'some-client'
 	};
 
+	const fakeRole = {
+		Credentials: {
+			AccessKeyId: 'some-access-key-id',
+			SecretAccessKey: 'some-secret-access-key',
+			SessionToken: 'some-session-token'
+		},
+		Expiration: '2020-02-27T21:07:21.177'
+	};
+
 	const setServiceEnvVars = () => {
 		process.env.JANIS_SERVICE_NAME = 'default-service';
 	};
@@ -70,7 +79,7 @@ describe('Log', () => {
 			const fakeTime = sandbox.useFakeTimers(new Date().getTime());
 
 			sandbox.stub(STS.prototype, 'assumeRole')
-				.resolves({ credentials: { some: 'credentials' } });
+				.resolves(fakeRole);
 
 			sandbox.stub(Firehose.prototype, 'putRecord')
 				.resolves();