@aws-sdk/client-securityhub 3.511.0 → 3.514.0

package/dist-cjs/runtimeConfig.shared.js

@@ -1,10 +1,12 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getRuntimeConfig = void 0;
+const core_1 = require("@aws-sdk/core");
 const smithy_client_1 = require("@smithy/smithy-client");
 const url_parser_1 = require("@smithy/url-parser");
 const util_base64_1 = require("@smithy/util-base64");
 const util_utf8_1 = require("@smithy/util-utf8");
+const httpAuthSchemeProvider_1 = require("./auth/httpAuthSchemeProvider");
 const endpointResolver_1 = require("./endpoint/endpointResolver");
 const getRuntimeConfig = (config) => {
     return {
@@ -14,6 +16,14 @@ const getRuntimeConfig = (config) => {
         disableHostPrefix: config?.disableHostPrefix ?? false,
         endpointProvider: config?.endpointProvider ?? endpointResolver_1.defaultEndpointResolver,
         extensions: config?.extensions ?? [],
+        httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? httpAuthSchemeProvider_1.defaultSecurityHubHttpAuthSchemeProvider,
+        httpAuthSchemes: config?.httpAuthSchemes ?? [
+            {
+                schemeId: "aws.auth#sigv4",
+                identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4"),
+                signer: new core_1.AwsSdkSigV4Signer(),
+            },
+        ],
         logger: config?.logger ?? new smithy_client_1.NoOpLogger(),
         serviceId: config?.serviceId ?? "SecurityHub",
         urlParser: config?.urlParser ?? url_parser_1.parseUrl,

package/dist-es/SecurityHubClient.js

@@ -1,13 +1,14 @@
 import { getHostHeaderPlugin, resolveHostHeaderConfig, } from "@aws-sdk/middleware-host-header";
 import { getLoggerPlugin } from "@aws-sdk/middleware-logger";
 import { getRecursionDetectionPlugin } from "@aws-sdk/middleware-recursion-detection";
-import { getAwsAuthPlugin, resolveAwsAuthConfig, } from "@aws-sdk/middleware-signing";
 import { getUserAgentPlugin, resolveUserAgentConfig, } from "@aws-sdk/middleware-user-agent";
 import { resolveRegionConfig } from "@smithy/config-resolver";
+import { DefaultIdentityProviderConfig, getHttpAuthSchemeEndpointRuleSetPlugin, getHttpSigningPlugin, } from "@smithy/core";
 import { getContentLengthPlugin } from "@smithy/middleware-content-length";
 import { resolveEndpointConfig } from "@smithy/middleware-endpoint";
 import { getRetryPlugin, resolveRetryConfig } from "@smithy/middleware-retry";
 import { Client as __Client, } from "@smithy/smithy-client";
+import { defaultSecurityHubHttpAuthSchemeParametersProvider, resolveHttpAuthSchemeConfig, } from "./auth/httpAuthSchemeProvider";
 import { resolveClientEndpointParameters, } from "./endpoint/EndpointParameters";
 import { getRuntimeConfig as __getRuntimeConfig } from "./runtimeConfig";
 import { resolveRuntimeExtensions } from "./runtimeExtensions";
@@ -20,8 +21,8 @@ export class SecurityHubClient extends __Client {
         const _config_3 = resolveEndpointConfig(_config_2);
         const _config_4 = resolveRetryConfig(_config_3);
         const _config_5 = resolveHostHeaderConfig(_config_4);
-        const _config_6 = resolveAwsAuthConfig(_config_5);
-        const _config_7 = resolveUserAgentConfig(_config_6);
+        const _config_6 = resolveUserAgentConfig(_config_5);
+        const _config_7 = resolveHttpAuthSchemeConfig(_config_6);
         const _config_8 = resolveRuntimeExtensions(_config_7, configuration?.extensions || []);
         super(_config_8);
         this.config = _config_8;
@@ -30,10 +31,22 @@ export class SecurityHubClient extends __Client {
         this.middlewareStack.use(getHostHeaderPlugin(this.config));
         this.middlewareStack.use(getLoggerPlugin(this.config));
         this.middlewareStack.use(getRecursionDetectionPlugin(this.config));
-        this.middlewareStack.use(getAwsAuthPlugin(this.config));
         this.middlewareStack.use(getUserAgentPlugin(this.config));
+        this.middlewareStack.use(getHttpAuthSchemeEndpointRuleSetPlugin(this.config, {
+            httpAuthSchemeParametersProvider: this.getDefaultHttpAuthSchemeParametersProvider(),
+            identityProviderConfigProvider: this.getIdentityProviderConfigProvider(),
+        }));
+        this.middlewareStack.use(getHttpSigningPlugin(this.config));
     }
     destroy() {
         super.destroy();
     }
+    getDefaultHttpAuthSchemeParametersProvider() {
+        return defaultSecurityHubHttpAuthSchemeParametersProvider;
+    }
+    getIdentityProviderConfigProvider() {
+        return async (config) => new DefaultIdentityProviderConfig({
+            "aws.auth#sigv4": config.credentials,
+        });
+    }
 }

package/dist-es/auth/httpAuthExtensionConfiguration.js

@@ -0,0 +1,38 @@
+export const getHttpAuthExtensionConfiguration = (runtimeConfig) => {
+    const _httpAuthSchemes = runtimeConfig.httpAuthSchemes;
+    let _httpAuthSchemeProvider = runtimeConfig.httpAuthSchemeProvider;
+    let _credentials = runtimeConfig.credentials;
+    return {
+        setHttpAuthScheme(httpAuthScheme) {
+            const index = _httpAuthSchemes.findIndex((scheme) => scheme.schemeId === httpAuthScheme.schemeId);
+            if (index === -1) {
+                _httpAuthSchemes.push(httpAuthScheme);
+            }
+            else {
+                _httpAuthSchemes.splice(index, 1, httpAuthScheme);
+            }
+        },
+        httpAuthSchemes() {
+            return _httpAuthSchemes;
+        },
+        setHttpAuthSchemeProvider(httpAuthSchemeProvider) {
+            _httpAuthSchemeProvider = httpAuthSchemeProvider;
+        },
+        httpAuthSchemeProvider() {
+            return _httpAuthSchemeProvider;
+        },
+        setCredentials(credentials) {
+            _credentials = credentials;
+        },
+        credentials() {
+            return _credentials;
+        },
+    };
+};
+export const resolveHttpAuthRuntimeConfig = (config) => {
+    return {
+        httpAuthSchemes: config.httpAuthSchemes(),
+        httpAuthSchemeProvider: config.httpAuthSchemeProvider(),
+        credentials: config.credentials(),
+    };
+};

package/dist-es/auth/httpAuthSchemeProvider.js

@@ -0,0 +1,41 @@
+import { resolveAwsSdkSigV4Config, } from "@aws-sdk/core";
+import { getSmithyContext, normalizeProvider } from "@smithy/util-middleware";
+export const defaultSecurityHubHttpAuthSchemeParametersProvider = async (config, context, input) => {
+    return {
+        operation: getSmithyContext(context).operation,
+        region: (await normalizeProvider(config.region)()) ||
+            (() => {
+                throw new Error("expected `region` to be configured for `aws.auth#sigv4`");
+            })(),
+    };
+};
+function createAwsAuthSigv4HttpAuthOption(authParameters) {
+    return {
+        schemeId: "aws.auth#sigv4",
+        signingProperties: {
+            name: "securityhub",
+            region: authParameters.region,
+        },
+        propertiesExtractor: (config, context) => ({
+            signingProperties: {
+                config,
+                context,
+            },
+        }),
+    };
+}
+export const defaultSecurityHubHttpAuthSchemeProvider = (authParameters) => {
+    const options = [];
+    switch (authParameters.operation) {
+        default: {
+            options.push(createAwsAuthSigv4HttpAuthOption(authParameters));
+        }
+    }
+    return options;
+};
+export const resolveHttpAuthSchemeConfig = (config) => {
+    const config_0 = resolveAwsSdkSigV4Config(config);
+    return {
+        ...config_0,
+    };
+};

package/dist-es/runtimeConfig.shared.js

@@ -1,7 +1,9 @@
+import { AwsSdkSigV4Signer } from "@aws-sdk/core";
 import { NoOpLogger } from "@smithy/smithy-client";
 import { parseUrl } from "@smithy/url-parser";
 import { fromBase64, toBase64 } from "@smithy/util-base64";
 import { fromUtf8, toUtf8 } from "@smithy/util-utf8";
+import { defaultSecurityHubHttpAuthSchemeProvider } from "./auth/httpAuthSchemeProvider";
 import { defaultEndpointResolver } from "./endpoint/endpointResolver";
 export const getRuntimeConfig = (config) => {
     return {
@@ -11,6 +13,14 @@ export const getRuntimeConfig = (config) => {
         disableHostPrefix: config?.disableHostPrefix ?? false,
         endpointProvider: config?.endpointProvider ?? defaultEndpointResolver,
         extensions: config?.extensions ?? [],
+        httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? defaultSecurityHubHttpAuthSchemeProvider,
+        httpAuthSchemes: config?.httpAuthSchemes ?? [
+            {
+                schemeId: "aws.auth#sigv4",
+                identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4"),
+                signer: new AwsSdkSigV4Signer(),
+            },
+        ],
         logger: config?.logger ?? new NoOpLogger(),
         serviceId: config?.serviceId ?? "SecurityHub",
         urlParser: config?.urlParser ?? parseUrl,

package/dist-es/runtimeExtensions.js

@@ -1,12 +1,14 @@
 import { getAwsRegionExtensionConfiguration, resolveAwsRegionExtensionConfiguration, } from "@aws-sdk/region-config-resolver";
 import { getHttpHandlerExtensionConfiguration, resolveHttpHandlerRuntimeConfig } from "@smithy/protocol-http";
 import { getDefaultExtensionConfiguration, resolveDefaultRuntimeConfig } from "@smithy/smithy-client";
+import { getHttpAuthExtensionConfiguration, resolveHttpAuthRuntimeConfig } from "./auth/httpAuthExtensionConfiguration";
 const asPartial = (t) => t;
 export const resolveRuntimeExtensions = (runtimeConfig, extensions) => {
     const extensionConfiguration = {
         ...asPartial(getAwsRegionExtensionConfiguration(runtimeConfig)),
         ...asPartial(getDefaultExtensionConfiguration(runtimeConfig)),
         ...asPartial(getHttpHandlerExtensionConfiguration(runtimeConfig)),
+        ...asPartial(getHttpAuthExtensionConfiguration(runtimeConfig)),
     };
     extensions.forEach((extension) => extension.configure(extensionConfiguration));
     return {
@@ -14,5 +16,6 @@ export const resolveRuntimeExtensions = (runtimeConfig, extensions) => {
         ...resolveAwsRegionExtensionConfiguration(extensionConfiguration),
         ...resolveDefaultRuntimeConfig(extensionConfiguration),
         ...resolveHttpHandlerRuntimeConfig(extensionConfiguration),
+        ...resolveHttpAuthRuntimeConfig(extensionConfiguration),
     };
 };

package/dist-types/SecurityHubClient.d.ts

@@ -1,13 +1,12 @@
 import { HostHeaderInputConfig, HostHeaderResolvedConfig } from "@aws-sdk/middleware-host-header";
-import { AwsAuthInputConfig, AwsAuthResolvedConfig } from "@aws-sdk/middleware-signing";
 import { UserAgentInputConfig, UserAgentResolvedConfig } from "@aws-sdk/middleware-user-agent";
-import { Credentials as __Credentials } from "@aws-sdk/types";
 import { RegionInputConfig, RegionResolvedConfig } from "@smithy/config-resolver";
 import { EndpointInputConfig, EndpointResolvedConfig } from "@smithy/middleware-endpoint";
 import { RetryInputConfig, RetryResolvedConfig } from "@smithy/middleware-retry";
 import { HttpHandler as __HttpHandler } from "@smithy/protocol-http";
 import { Client as __Client, DefaultsMode as __DefaultsMode, SmithyConfiguration as __SmithyConfiguration, SmithyResolvedConfiguration as __SmithyResolvedConfiguration } from "@smithy/smithy-client";
-import { BodyLengthCalculator as __BodyLengthCalculator, CheckOptionalClientConfig as __CheckOptionalClientConfig, ChecksumConstructor as __ChecksumConstructor, Decoder as __Decoder, Encoder as __Encoder, HashConstructor as __HashConstructor, HttpHandlerOptions as __HttpHandlerOptions, Logger as __Logger, Provider as __Provider, Provider, StreamCollector as __StreamCollector, UrlParser as __UrlParser, UserAgent as __UserAgent } from "@smithy/types";
+import { AwsCredentialIdentityProvider, BodyLengthCalculator as __BodyLengthCalculator, CheckOptionalClientConfig as __CheckOptionalClientConfig, ChecksumConstructor as __ChecksumConstructor, Decoder as __Decoder, Encoder as __Encoder, HashConstructor as __HashConstructor, HttpHandlerOptions as __HttpHandlerOptions, Logger as __Logger, Provider as __Provider, Provider, StreamCollector as __StreamCollector, UrlParser as __UrlParser, UserAgent as __UserAgent } from "@smithy/types";
+import { HttpAuthSchemeInputConfig, HttpAuthSchemeResolvedConfig } from "./auth/httpAuthSchemeProvider";
 import { AcceptAdministratorInvitationCommandInput, AcceptAdministratorInvitationCommandOutput } from "./commands/AcceptAdministratorInvitationCommand";
 import { AcceptInvitationCommandInput, AcceptInvitationCommandOutput } from "./commands/AcceptInvitationCommand";
 import { BatchDeleteAutomationRulesCommandInput, BatchDeleteAutomationRulesCommandOutput } from "./commands/BatchDeleteAutomationRulesCommand";
@@ -170,20 +169,21 @@ export interface ClientDefaults extends Partial<__SmithyResolvedConfiguration<__
      * Enables FIPS compatible endpoints.
      */
     useFipsEndpoint?: boolean | __Provider<boolean>;
+    /**
+     * The provider populating default tracking information to be sent with `user-agent`, `x-amz-user-agent` header
+     * @internal
+     */
+    defaultUserAgentProvider?: Provider<__UserAgent>;
     /**
      * The AWS region to which this client will send requests
      */
     region?: string | __Provider<string>;
     /**
      * Default credentials provider; Not available in browser runtime.
+     * @deprecated
      * @internal
      */
-    credentialDefaultProvider?: (input: any) => __Provider<__Credentials>;
-    /**
-     * The provider populating default tracking information to be sent with `user-agent`, `x-amz-user-agent` header
-     * @internal
-     */
-    defaultUserAgentProvider?: Provider<__UserAgent>;
+    credentialDefaultProvider?: (input: any) => AwsCredentialIdentityProvider;
     /**
      * Value for how many times a request will be made at most in case of retry.
      */
@@ -210,7 +210,7 @@ export interface ClientDefaults extends Partial<__SmithyResolvedConfiguration<__
 /**
  * @public
  */
-export type SecurityHubClientConfigType = Partial<__SmithyConfiguration<__HttpHandlerOptions>> & ClientDefaults & RegionInputConfig & EndpointInputConfig<EndpointParameters> & RetryInputConfig & HostHeaderInputConfig & AwsAuthInputConfig & UserAgentInputConfig & ClientInputEndpointParameters;
+export type SecurityHubClientConfigType = Partial<__SmithyConfiguration<__HttpHandlerOptions>> & ClientDefaults & RegionInputConfig & EndpointInputConfig<EndpointParameters> & RetryInputConfig & HostHeaderInputConfig & UserAgentInputConfig & HttpAuthSchemeInputConfig & ClientInputEndpointParameters;
 /**
  * @public
  *
@@ -221,7 +221,7 @@ export interface SecurityHubClientConfig extends SecurityHubClientConfigType {
 /**
  * @public
  */
-export type SecurityHubClientResolvedConfigType = __SmithyResolvedConfiguration<__HttpHandlerOptions> & Required<ClientDefaults> & RuntimeExtensionsConfig & RegionResolvedConfig & EndpointResolvedConfig<EndpointParameters> & RetryResolvedConfig & HostHeaderResolvedConfig & AwsAuthResolvedConfig & UserAgentResolvedConfig & ClientResolvedEndpointParameters;
+export type SecurityHubClientResolvedConfigType = __SmithyResolvedConfiguration<__HttpHandlerOptions> & Required<ClientDefaults> & RuntimeExtensionsConfig & RegionResolvedConfig & EndpointResolvedConfig<EndpointParameters> & RetryResolvedConfig & HostHeaderResolvedConfig & UserAgentResolvedConfig & HttpAuthSchemeResolvedConfig & ClientResolvedEndpointParameters;
 /**
  * @public
  *
@@ -316,4 +316,6 @@ export declare class SecurityHubClient extends __Client<__HttpHandlerOptions, Se
      * Otherwise, sockets might stay open for quite a long time before the server terminates them.
      */
     destroy(): void;
+    private getDefaultHttpAuthSchemeParametersProvider;
+    private getIdentityProviderConfigProvider;
 }

package/dist-types/auth/httpAuthExtensionConfiguration.d.ts

@@ -0,0 +1,29 @@
+import { AwsCredentialIdentity, AwsCredentialIdentityProvider, HttpAuthScheme } from "@smithy/types";
+import { SecurityHubHttpAuthSchemeProvider } from "./httpAuthSchemeProvider";
+/**
+ * @internal
+ */
+export interface HttpAuthExtensionConfiguration {
+    setHttpAuthScheme(httpAuthScheme: HttpAuthScheme): void;
+    httpAuthSchemes(): HttpAuthScheme[];
+    setHttpAuthSchemeProvider(httpAuthSchemeProvider: SecurityHubHttpAuthSchemeProvider): void;
+    httpAuthSchemeProvider(): SecurityHubHttpAuthSchemeProvider;
+    setCredentials(credentials: AwsCredentialIdentity | AwsCredentialIdentityProvider): void;
+    credentials(): AwsCredentialIdentity | AwsCredentialIdentityProvider | undefined;
+}
+/**
+ * @internal
+ */
+export type HttpAuthRuntimeConfig = Partial<{
+    httpAuthSchemes: HttpAuthScheme[];
+    httpAuthSchemeProvider: SecurityHubHttpAuthSchemeProvider;
+    credentials: AwsCredentialIdentity | AwsCredentialIdentityProvider;
+}>;
+/**
+ * @internal
+ */
+export declare const getHttpAuthExtensionConfiguration: (runtimeConfig: HttpAuthRuntimeConfig) => HttpAuthExtensionConfiguration;
+/**
+ * @internal
+ */
+export declare const resolveHttpAuthRuntimeConfig: (config: HttpAuthExtensionConfiguration) => HttpAuthRuntimeConfig;

package/dist-types/auth/httpAuthSchemeProvider.d.ts

@@ -0,0 +1,61 @@
+import { AwsSdkSigV4AuthInputConfig, AwsSdkSigV4AuthResolvedConfig, AwsSdkSigV4PreviouslyResolved } from "@aws-sdk/core";
+import { HandlerExecutionContext, HttpAuthScheme, HttpAuthSchemeParameters, HttpAuthSchemeParametersProvider, HttpAuthSchemeProvider } from "@smithy/types";
+import { SecurityHubClientResolvedConfig } from "../SecurityHubClient";
+/**
+ * @internal
+ */
+export interface SecurityHubHttpAuthSchemeParameters extends HttpAuthSchemeParameters {
+    region?: string;
+}
+/**
+ * @internal
+ */
+export interface SecurityHubHttpAuthSchemeParametersProvider extends HttpAuthSchemeParametersProvider<SecurityHubClientResolvedConfig, HandlerExecutionContext, SecurityHubHttpAuthSchemeParameters, object> {
+}
+/**
+ * @internal
+ */
+export declare const defaultSecurityHubHttpAuthSchemeParametersProvider: (config: SecurityHubClientResolvedConfig, context: HandlerExecutionContext, input: object) => Promise<SecurityHubHttpAuthSchemeParameters>;
+/**
+ * @internal
+ */
+export interface SecurityHubHttpAuthSchemeProvider extends HttpAuthSchemeProvider<SecurityHubHttpAuthSchemeParameters> {
+}
+/**
+ * @internal
+ */
+export declare const defaultSecurityHubHttpAuthSchemeProvider: SecurityHubHttpAuthSchemeProvider;
+/**
+ * @internal
+ */
+export interface HttpAuthSchemeInputConfig extends AwsSdkSigV4AuthInputConfig {
+    /**
+     * experimentalIdentityAndAuth: Configuration of HttpAuthSchemes for a client which provides default identity providers and signers per auth scheme.
+     * @internal
+     */
+    httpAuthSchemes?: HttpAuthScheme[];
+    /**
+     * experimentalIdentityAndAuth: Configuration of an HttpAuthSchemeProvider for a client which resolves which HttpAuthScheme to use.
+     * @internal
+     */
+    httpAuthSchemeProvider?: SecurityHubHttpAuthSchemeProvider;
+}
+/**
+ * @internal
+ */
+export interface HttpAuthSchemeResolvedConfig extends AwsSdkSigV4AuthResolvedConfig {
+    /**
+     * experimentalIdentityAndAuth: Configuration of HttpAuthSchemes for a client which provides default identity providers and signers per auth scheme.
+     * @internal
+     */
+    readonly httpAuthSchemes: HttpAuthScheme[];
+    /**
+     * experimentalIdentityAndAuth: Configuration of an HttpAuthSchemeProvider for a client which resolves which HttpAuthScheme to use.
+     * @internal
+     */
+    readonly httpAuthSchemeProvider: SecurityHubHttpAuthSchemeProvider;
+}
+/**
+ * @internal
+ */
+export declare const resolveHttpAuthSchemeConfig: <T>(config: T & HttpAuthSchemeInputConfig & AwsSdkSigV4PreviouslyResolved) => T & HttpAuthSchemeResolvedConfig;

package/dist-types/extensionConfiguration.d.ts

@@ -1,8 +1,9 @@
 import { AwsRegionExtensionConfiguration } from "@aws-sdk/types";
 import { HttpHandlerExtensionConfiguration } from "@smithy/protocol-http";
 import { DefaultExtensionConfiguration } from "@smithy/types";
+import { HttpAuthExtensionConfiguration } from "./auth/httpAuthExtensionConfiguration";
 /**
  * @internal
  */
-export interface SecurityHubExtensionConfiguration extends HttpHandlerExtensionConfiguration, DefaultExtensionConfiguration, AwsRegionExtensionConfiguration {
+export interface SecurityHubExtensionConfiguration extends HttpHandlerExtensionConfiguration, DefaultExtensionConfiguration, AwsRegionExtensionConfiguration, HttpAuthExtensionConfiguration {
 }

package/dist-types/runtimeConfig.browser.d.ts

@@ -7,7 +7,7 @@ export declare const getRuntimeConfig: (config: SecurityHubClientConfig) => {
     runtime: string;
     defaultsMode: import("@smithy/types").Provider<import("@smithy/smithy-client").ResolvedDefaultsMode>;
     bodyLengthChecker: import("@smithy/types").BodyLengthCalculator;
-    credentialDefaultProvider: (input: any) => import("@smithy/types").Provider<import("@aws-sdk/types").Credentials>;
+    credentialDefaultProvider: (input: any) => import("@smithy/types").AwsCredentialIdentityProvider;
     defaultUserAgentProvider: import("@smithy/types").Provider<import("@smithy/types").UserAgent>;
     maxAttempts: number | import("@smithy/types").Provider<number>;
     region: string | import("@smithy/types").Provider<any>;
@@ -36,14 +36,13 @@ export declare const getRuntimeConfig: (config: SecurityHubClientConfig) => {
     }) => import("@smithy/types").EndpointV2;
     tls?: boolean | undefined;
     retryStrategy?: import("@smithy/types").RetryStrategy | import("@smithy/types").RetryStrategyV2 | undefined;
-    credentials?: import("@smithy/types").AwsCredentialIdentity | import("@smithy/types").Provider<import("@smithy/types").AwsCredentialIdentity> | undefined;
+    customUserAgent?: string | import("@smithy/types").UserAgent | undefined;
+    httpAuthSchemes: import("@smithy/types").HttpAuthScheme[];
+    httpAuthSchemeProvider: import("./auth/httpAuthSchemeProvider").SecurityHubHttpAuthSchemeProvider;
+    credentials?: import("@smithy/types").AwsCredentialIdentity | import("@smithy/types").AwsCredentialIdentityProvider | undefined;
     signer?: import("@smithy/types").RequestSigner | ((authScheme?: import("@smithy/types").AuthScheme | undefined) => Promise<import("@smithy/types").RequestSigner>) | undefined;
     signingEscapePath?: boolean | undefined;
     systemClockOffset?: number | undefined;
     signingRegion?: string | undefined;
-    /**
-     * @internal
-     */
     signerConstructor?: (new (options: import("@smithy/signature-v4").SignatureV4Init & import("@smithy/signature-v4").SignatureV4CryptoInit) => import("@smithy/types").RequestSigner) | undefined;
-    customUserAgent?: string | import("@smithy/types").UserAgent | undefined;
 };

package/dist-types/runtimeConfig.d.ts

@@ -36,11 +36,13 @@ export declare const getRuntimeConfig: (config: SecurityHubClientConfig) => {
     }) => import("@smithy/types").EndpointV2;
     tls?: boolean | undefined;
     retryStrategy?: import("@smithy/types").RetryStrategy | import("@smithy/types").RetryStrategyV2 | undefined;
-    credentials?: import("@smithy/types").AwsCredentialIdentity | import("@smithy/types").Provider<import("@smithy/types").AwsCredentialIdentity> | undefined;
+    customUserAgent?: string | import("@smithy/types").UserAgent | undefined;
+    httpAuthSchemes: import("@smithy/types").HttpAuthScheme[];
+    httpAuthSchemeProvider: import("./auth/httpAuthSchemeProvider").SecurityHubHttpAuthSchemeProvider;
+    credentials?: import("@smithy/types").AwsCredentialIdentity | import("@smithy/types").AwsCredentialIdentityProvider | undefined;
     signer?: import("@smithy/types").RequestSigner | ((authScheme?: import("@smithy/types").AuthScheme | undefined) => Promise<import("@smithy/types").RequestSigner>) | undefined;
     signingEscapePath?: boolean | undefined;
     systemClockOffset?: number | undefined;
     signingRegion?: string | undefined;
     signerConstructor?: (new (options: import("@smithy/signature-v4").SignatureV4Init & import("@smithy/signature-v4").SignatureV4CryptoInit) => import("@smithy/types").RequestSigner) | undefined;
-    customUserAgent?: string | import("@smithy/types").UserAgent | undefined;
 };

package/dist-types/runtimeConfig.native.d.ts

@@ -21,9 +21,9 @@ export declare const getRuntimeConfig: (config: SecurityHubClientConfig) => {
     serviceId: string;
     useDualstackEndpoint: boolean | import("@smithy/types").Provider<boolean>;
     useFipsEndpoint: boolean | import("@smithy/types").Provider<boolean>;
-    region: string | import("@smithy/types").Provider<any>;
-    credentialDefaultProvider: (input: any) => import("@smithy/types").Provider<import("@aws-sdk/types").Credentials>;
     defaultUserAgentProvider: import("@smithy/types").Provider<import("@smithy/types").UserAgent>;
+    region: string | import("@smithy/types").Provider<any>;
+    credentialDefaultProvider: (input: any) => import("@smithy/types").AwsCredentialIdentityProvider;
     maxAttempts: number | import("@smithy/types").Provider<number>;
     retryMode: string | import("@smithy/types").Provider<string>;
     logger: import("@smithy/types").Logger;
@@ -35,11 +35,13 @@ export declare const getRuntimeConfig: (config: SecurityHubClientConfig) => {
     }) => import("@smithy/types").EndpointV2;
     tls?: boolean | undefined;
     retryStrategy?: import("@smithy/types").RetryStrategy | import("@smithy/types").RetryStrategyV2 | undefined;
-    credentials?: import("@smithy/types").AwsCredentialIdentity | import("@smithy/types").Provider<import("@smithy/types").AwsCredentialIdentity> | undefined;
+    customUserAgent?: string | import("@smithy/types").UserAgent | undefined;
+    httpAuthSchemes: import("@smithy/types").HttpAuthScheme[];
+    httpAuthSchemeProvider: import("./auth/httpAuthSchemeProvider").SecurityHubHttpAuthSchemeProvider;
+    credentials?: import("@smithy/types").AwsCredentialIdentity | import("@smithy/types").AwsCredentialIdentityProvider | undefined;
     signer?: import("@smithy/types").RequestSigner | ((authScheme?: import("@smithy/types").AuthScheme | undefined) => Promise<import("@smithy/types").RequestSigner>) | undefined;
     signingEscapePath?: boolean | undefined;
     systemClockOffset?: number | undefined;
     signingRegion?: string | undefined;
     signerConstructor?: (new (options: import("@smithy/signature-v4").SignatureV4Init & import("@smithy/signature-v4").SignatureV4CryptoInit) => import("@smithy/types").RequestSigner) | undefined;
-    customUserAgent?: string | import("@smithy/types").UserAgent | undefined;
 };

package/dist-types/runtimeConfig.shared.d.ts

@@ -11,6 +11,8 @@ export declare const getRuntimeConfig: (config: SecurityHubClientConfig) => {
         logger?: import("@smithy/types").Logger | undefined;
     }) => import("@smithy/types").EndpointV2;
     extensions: import("./runtimeExtensions").RuntimeExtension[];
+    httpAuthSchemeProvider: import("./auth/httpAuthSchemeProvider").SecurityHubHttpAuthSchemeProvider;
+    httpAuthSchemes: import("@smithy/types").HttpAuthScheme[];
     logger: import("@smithy/types").Logger;
     serviceId: string;
     urlParser: import("@smithy/types").UrlParser;

package/dist-types/ts3.4/SecurityHubClient.d.ts

@@ -2,15 +2,10 @@ import {
   HostHeaderInputConfig,
   HostHeaderResolvedConfig,
 } from "@aws-sdk/middleware-host-header";
-import {
-  AwsAuthInputConfig,
-  AwsAuthResolvedConfig,
-} from "@aws-sdk/middleware-signing";
 import {
   UserAgentInputConfig,
   UserAgentResolvedConfig,
 } from "@aws-sdk/middleware-user-agent";
-import { Credentials as __Credentials } from "@aws-sdk/types";
 import {
   RegionInputConfig,
   RegionResolvedConfig,
@@ -31,6 +26,7 @@ import {
   SmithyResolvedConfiguration as __SmithyResolvedConfiguration,
 } from "@smithy/smithy-client";
 import {
+  AwsCredentialIdentityProvider,
   BodyLengthCalculator as __BodyLengthCalculator,
   CheckOptionalClientConfig as __CheckOptionalClientConfig,
   ChecksumConstructor as __ChecksumConstructor,
@@ -45,6 +41,10 @@ import {
   UrlParser as __UrlParser,
   UserAgent as __UserAgent,
 } from "@smithy/types";
+import {
+  HttpAuthSchemeInputConfig,
+  HttpAuthSchemeResolvedConfig,
+} from "./auth/httpAuthSchemeProvider";
 import {
   AcceptAdministratorInvitationCommandInput,
   AcceptAdministratorInvitationCommandOutput,
@@ -544,9 +544,9 @@ export interface ClientDefaults
   serviceId?: string;
   useDualstackEndpoint?: boolean | __Provider<boolean>;
   useFipsEndpoint?: boolean | __Provider<boolean>;
-  region?: string | __Provider<string>;
-  credentialDefaultProvider?: (input: any) => __Provider<__Credentials>;
   defaultUserAgentProvider?: Provider<__UserAgent>;
+  region?: string | __Provider<string>;
+  credentialDefaultProvider?: (input: any) => AwsCredentialIdentityProvider;
   maxAttempts?: number | __Provider<number>;
   retryMode?: string | __Provider<string>;
   logger?: __Logger;
@@ -561,8 +561,8 @@ export type SecurityHubClientConfigType = Partial<
   EndpointInputConfig<EndpointParameters> &
   RetryInputConfig &
   HostHeaderInputConfig &
-  AwsAuthInputConfig &
   UserAgentInputConfig &
+  HttpAuthSchemeInputConfig &
   ClientInputEndpointParameters;
 export interface SecurityHubClientConfig extends SecurityHubClientConfigType {}
 export type SecurityHubClientResolvedConfigType =
@@ -573,8 +573,8 @@ export type SecurityHubClientResolvedConfigType =
     EndpointResolvedConfig<EndpointParameters> &
     RetryResolvedConfig &
     HostHeaderResolvedConfig &
-    AwsAuthResolvedConfig &
     UserAgentResolvedConfig &
+    HttpAuthSchemeResolvedConfig &
     ClientResolvedEndpointParameters;
 export interface SecurityHubClientResolvedConfig
   extends SecurityHubClientResolvedConfigType {}
@@ -589,4 +589,6 @@ export declare class SecurityHubClient extends __Client<
     ...[configuration]: __CheckOptionalClientConfig<SecurityHubClientConfig>
   );
   destroy(): void;
+  private getDefaultHttpAuthSchemeParametersProvider;
+  private getIdentityProviderConfigProvider;
 }

package/dist-types/ts3.4/auth/httpAuthExtensionConfiguration.d.ts

@@ -0,0 +1,32 @@
+import {
+  AwsCredentialIdentity,
+  AwsCredentialIdentityProvider,
+  HttpAuthScheme,
+} from "@smithy/types";
+import { SecurityHubHttpAuthSchemeProvider } from "./httpAuthSchemeProvider";
+export interface HttpAuthExtensionConfiguration {
+  setHttpAuthScheme(httpAuthScheme: HttpAuthScheme): void;
+  httpAuthSchemes(): HttpAuthScheme[];
+  setHttpAuthSchemeProvider(
+    httpAuthSchemeProvider: SecurityHubHttpAuthSchemeProvider
+  ): void;
+  httpAuthSchemeProvider(): SecurityHubHttpAuthSchemeProvider;
+  setCredentials(
+    credentials: AwsCredentialIdentity | AwsCredentialIdentityProvider
+  ): void;
+  credentials():
+    | AwsCredentialIdentity
+    | AwsCredentialIdentityProvider
+    | undefined;
+}
+export type HttpAuthRuntimeConfig = Partial<{
+  httpAuthSchemes: HttpAuthScheme[];
+  httpAuthSchemeProvider: SecurityHubHttpAuthSchemeProvider;
+  credentials: AwsCredentialIdentity | AwsCredentialIdentityProvider;
+}>;
+export declare const getHttpAuthExtensionConfiguration: (
+  runtimeConfig: HttpAuthRuntimeConfig
+) => HttpAuthExtensionConfiguration;
+export declare const resolveHttpAuthRuntimeConfig: (
+  config: HttpAuthExtensionConfiguration
+) => HttpAuthRuntimeConfig;

package/dist-types/ts3.4/auth/httpAuthSchemeProvider.d.ts

@@ -0,0 +1,44 @@
+import {
+  AwsSdkSigV4AuthInputConfig,
+  AwsSdkSigV4AuthResolvedConfig,
+  AwsSdkSigV4PreviouslyResolved,
+} from "@aws-sdk/core";
+import {
+  HandlerExecutionContext,
+  HttpAuthScheme,
+  HttpAuthSchemeParameters,
+  HttpAuthSchemeParametersProvider,
+  HttpAuthSchemeProvider,
+} from "@smithy/types";
+import { SecurityHubClientResolvedConfig } from "../SecurityHubClient";
+export interface SecurityHubHttpAuthSchemeParameters
+  extends HttpAuthSchemeParameters {
+  region?: string;
+}
+export interface SecurityHubHttpAuthSchemeParametersProvider
+  extends HttpAuthSchemeParametersProvider<
+    SecurityHubClientResolvedConfig,
+    HandlerExecutionContext,
+    SecurityHubHttpAuthSchemeParameters,
+    object
+  > {}
+export declare const defaultSecurityHubHttpAuthSchemeParametersProvider: (
+  config: SecurityHubClientResolvedConfig,
+  context: HandlerExecutionContext,
+  input: object
+) => Promise<SecurityHubHttpAuthSchemeParameters>;
+export interface SecurityHubHttpAuthSchemeProvider
+  extends HttpAuthSchemeProvider<SecurityHubHttpAuthSchemeParameters> {}
+export declare const defaultSecurityHubHttpAuthSchemeProvider: SecurityHubHttpAuthSchemeProvider;
+export interface HttpAuthSchemeInputConfig extends AwsSdkSigV4AuthInputConfig {
+  httpAuthSchemes?: HttpAuthScheme[];
+  httpAuthSchemeProvider?: SecurityHubHttpAuthSchemeProvider;
+}
+export interface HttpAuthSchemeResolvedConfig
+  extends AwsSdkSigV4AuthResolvedConfig {
+  readonly httpAuthSchemes: HttpAuthScheme[];
+  readonly httpAuthSchemeProvider: SecurityHubHttpAuthSchemeProvider;
+}
+export declare const resolveHttpAuthSchemeConfig: <T>(
+  config: T & HttpAuthSchemeInputConfig & AwsSdkSigV4PreviouslyResolved
+) => T & HttpAuthSchemeResolvedConfig;

package/dist-types/ts3.4/extensionConfiguration.d.ts

@@ -1,7 +1,9 @@
 import { AwsRegionExtensionConfiguration } from "@aws-sdk/types";
 import { HttpHandlerExtensionConfiguration } from "@smithy/protocol-http";
 import { DefaultExtensionConfiguration } from "@smithy/types";
+import { HttpAuthExtensionConfiguration } from "./auth/httpAuthExtensionConfiguration";
 export interface SecurityHubExtensionConfiguration
   extends HttpHandlerExtensionConfiguration,
     DefaultExtensionConfiguration,
-    AwsRegionExtensionConfiguration {}
+    AwsRegionExtensionConfiguration,
+    HttpAuthExtensionConfiguration {}