From f5d08725a4796af044d2885c32f1802ccd3ea5da Mon Sep 17 00:00:00 2001
From: Durran Jordan <durran@gmail.com>
Date: Wed, 29 Jan 2025 13:47:53 +0100
Subject: [PATCH] test: add tests

---
 test/integration/auth/mongodb_aws.test.ts | 49 +++++++++++++++++++++--
 1 file changed, 45 insertions(+), 4 deletions(-)

diff --git a/test/integration/auth/mongodb_aws.test.ts b/test/integration/auth/mongodb_aws.test.ts
index 93778cedf1e..d53842de651 100644
--- a/test/integration/auth/mongodb_aws.test.ts
+++ b/test/integration/auth/mongodb_aws.test.ts
@@ -61,6 +61,25 @@ describe('MONGODB-AWS', function () {
     expect(result).to.be.a('number');
   });
 
+  it('authenticates with a user provided credentials provider', async function () {
+    // @ts-expect-error We intentionally access a protected variable.
+    const credentialProvider = AWSTeVmporaryCredentialProvider.awsSDK;
+    client = this.configuration.newClient(process.env.MONGODB_URI, {
+      authMechanismProperties: {
+        AWS_CREDENTIAL_PROVIDER: credentialProvider.fromNodeProviderChain()
+      }
+    });
+
+    const result = await client
+      .db('aws')
+      .collection('aws_test')
+      .estimatedDocumentCount()
+      .catch(error => error);
+
+    expect(result).to.not.be.instanceOf(MongoServerError);
+    expect(result).to.be.a('number');
+  });
+
   it('should allow empty string in authMechanismProperties.AWS_SESSION_TOKEN to override AWS_SESSION_TOKEN environment variable', function () {
     client = this.configuration.newClient(this.configuration.url(), {
       authMechanismProperties: { AWS_SESSION_TOKEN: '' }
@@ -351,11 +370,33 @@ describe('AWS KMS Credential Fetching', function () {
           : undefined;
       this.currentTest?.skipReason && this.skip();
     });
-    it('KMS credentials are successfully fetched.', async function () {
-      const { aws } = await refreshKMSCredentials({ aws: {} });
 
-      expect(aws).to.have.property('accessKeyId');
-      expect(aws).to.have.property('secretAccessKey');
+    context('when a credential provider is not providered', function () {
+      it('KMS credentials are successfully fetched.', async function () {
+        const { aws } = await refreshKMSCredentials({ aws: {} });
+
+        expect(aws).to.have.property('accessKeyId');
+        expect(aws).to.have.property('secretAccessKey');
+      });
+    });
+
+    context('when a credential provider is provided', function () {
+      let credentialProvider;
+
+      beforeEach(function () {
+        // @ts-expect-error We intentionally access a protected variable.
+        credentialProvider = AWSTeVmporaryCredentialProvider.awsSDK;
+      });
+
+      it('KMS credentials are successfully fetched.', async function () {
+        const { aws } = await refreshKMSCredentials(
+          { aws: {} },
+          credentialProvider.fromNodeProviderChain()
+        );
+
+        expect(aws).to.have.property('accessKeyId');
+        expect(aws).to.have.property('secretAccessKey');
+      });
     });
 
     it('does not return any extra keys for the `aws` credential provider', async function () {