@aws-sdk/credential-provider-ini 3.47.2 → 3.51.0

package/CHANGELOG.md

@@ -3,6 +3,41 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [3.51.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.50.0...v3.51.0) (2022-02-12)
+
+
+### Features
+
+* **credential-provider-ini:** refactor into modular components ([#3289](https://github.com/aws/aws-sdk-js-v3/issues/3289)) ([7c891b2](https://github.com/aws/aws-sdk-js-v3/commit/7c891b215cf3a9ea343447ced51e5d7be86caba9))
+
+
+
+
+
+# [3.50.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.49.0...v3.50.0) (2022-02-08)
+
+**Note:** Version bump only for package @aws-sdk/credential-provider-ini
+
+
+
+
+
+# [3.49.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.48.0...v3.49.0) (2022-01-29)
+
+**Note:** Version bump only for package @aws-sdk/credential-provider-ini
+
+
+
+
+
+# [3.48.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.47.2...v3.48.0) (2022-01-22)
+
+**Note:** Version bump only for package @aws-sdk/credential-provider-ini
+
+
+
+
+
 ## [3.47.2](https://github.com/aws/aws-sdk-js-v3/compare/v3.47.1...v3.47.2) (2022-01-21)
 
 **Note:** Version bump only for package @aws-sdk/credential-provider-ini

package/dist-cjs/fromIni.js

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.fromIni = void 0;
+const util_credentials_1 = require("@aws-sdk/util-credentials");
+const resolveProfileData_1 = require("./resolveProfileData");
+const fromIni = (init = {}) => async () => {
+    const profiles = await util_credentials_1.parseKnownFiles(init);
+    return resolveProfileData_1.resolveProfileData(util_credentials_1.getMasterProfileName(init), profiles, init);
+};
+exports.fromIni = fromIni;

package/dist-cjs/index.js

@@ -1,105 +1,4 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.fromIni = void 0;
-const credential_provider_env_1 = require("@aws-sdk/credential-provider-env");
-const credential_provider_imds_1 = require("@aws-sdk/credential-provider-imds");
-const credential_provider_sso_1 = require("@aws-sdk/credential-provider-sso");
-const credential_provider_web_identity_1 = require("@aws-sdk/credential-provider-web-identity");
-const property_provider_1 = require("@aws-sdk/property-provider");
-const util_credentials_1 = require("@aws-sdk/util-credentials");
-const isStaticCredsProfile = (arg) => Boolean(arg) &&
-    typeof arg === "object" &&
-    typeof arg.aws_access_key_id === "string" &&
-    typeof arg.aws_secret_access_key === "string" &&
-    ["undefined", "string"].indexOf(typeof arg.aws_session_token) > -1;
-const isWebIdentityProfile = (arg) => Boolean(arg) &&
-    typeof arg === "object" &&
-    typeof arg.web_identity_token_file === "string" &&
-    typeof arg.role_arn === "string" &&
-    ["undefined", "string"].indexOf(typeof arg.role_session_name) > -1;
-const isAssumeRoleProfile = (arg) => Boolean(arg) &&
-    typeof arg === "object" &&
-    typeof arg.role_arn === "string" &&
-    ["undefined", "string"].indexOf(typeof arg.role_session_name) > -1 &&
-    ["undefined", "string"].indexOf(typeof arg.external_id) > -1 &&
-    ["undefined", "string"].indexOf(typeof arg.mfa_serial) > -1;
-const isAssumeRoleWithSourceProfile = (arg) => isAssumeRoleProfile(arg) && typeof arg.source_profile === "string" && typeof arg.credential_source === "undefined";
-const isAssumeRoleWithProviderProfile = (arg) => isAssumeRoleProfile(arg) && typeof arg.credential_source === "string" && typeof arg.source_profile === "undefined";
-const fromIni = (init = {}) => async () => {
-    const profiles = await util_credentials_1.parseKnownFiles(init);
-    return resolveProfileData(util_credentials_1.getMasterProfileName(init), profiles, init);
-};
-exports.fromIni = fromIni;
-const resolveProfileData = async (profileName, profiles, options, visitedProfiles = {}) => {
-    const data = profiles[profileName];
-    if (Object.keys(visitedProfiles).length > 0 && isStaticCredsProfile(data)) {
-        return resolveStaticCredentials(data);
-    }
-    if (isAssumeRoleWithSourceProfile(data) || isAssumeRoleWithProviderProfile(data)) {
-        const { external_id: ExternalId, mfa_serial, role_arn: RoleArn, role_session_name: RoleSessionName = "aws-sdk-js-" + Date.now(), source_profile, credential_source, } = data;
-        if (!options.roleAssumer) {
-            throw new property_provider_1.CredentialsProviderError(`Profile ${profileName} requires a role to be assumed, but no` + ` role assumption callback was provided.`, false);
-        }
-        if (source_profile && source_profile in visitedProfiles) {
-            throw new property_provider_1.CredentialsProviderError(`Detected a cycle attempting to resolve credentials for profile` +
-                ` ${util_credentials_1.getMasterProfileName(options)}. Profiles visited: ` +
-                Object.keys(visitedProfiles).join(", "), false);
-        }
-        const sourceCreds = source_profile
-            ? resolveProfileData(source_profile, profiles, options, {
-                ...visitedProfiles,
-                [source_profile]: true,
-            })
-            : resolveCredentialSource(credential_source, profileName)();
-        const params = { RoleArn, RoleSessionName, ExternalId };
-        if (mfa_serial) {
-            if (!options.mfaCodeProvider) {
-                throw new property_provider_1.CredentialsProviderError(`Profile ${profileName} requires multi-factor authentication,` + ` but no MFA code callback was provided.`, false);
-            }
-            params.SerialNumber = mfa_serial;
-            params.TokenCode = await options.mfaCodeProvider(mfa_serial);
-        }
-        return options.roleAssumer(await sourceCreds, params);
-    }
-    if (isStaticCredsProfile(data)) {
-        return resolveStaticCredentials(data);
-    }
-    if (isWebIdentityProfile(data)) {
-        return resolveWebIdentityCredentials(data, options);
-    }
-    if (credential_provider_sso_1.isSsoProfile(data)) {
-        const { sso_start_url, sso_account_id, sso_region, sso_role_name } = credential_provider_sso_1.validateSsoProfile(data);
-        return credential_provider_sso_1.fromSSO({
-            ssoStartUrl: sso_start_url,
-            ssoAccountId: sso_account_id,
-            ssoRegion: sso_region,
-            ssoRoleName: sso_role_name,
-        })();
-    }
-    throw new property_provider_1.CredentialsProviderError(`Profile ${profileName} could not be found or parsed in shared` + ` credentials file.`);
-};
-const resolveCredentialSource = (credentialSource, profileName) => {
-    const sourceProvidersMap = {
-        EcsContainer: credential_provider_imds_1.fromContainerMetadata,
-        Ec2InstanceMetadata: credential_provider_imds_1.fromInstanceMetadata,
-        Environment: credential_provider_env_1.fromEnv,
-    };
-    if (credentialSource in sourceProvidersMap) {
-        return sourceProvidersMap[credentialSource]();
-    }
-    else {
-        throw new property_provider_1.CredentialsProviderError(`Unsupported credential source in profile ${profileName}. Got ${credentialSource}, ` +
-            `expected EcsContainer or Ec2InstanceMetadata or Environment.`);
-    }
-};
-const resolveStaticCredentials = (profile) => Promise.resolve({
-    accessKeyId: profile.aws_access_key_id,
-    secretAccessKey: profile.aws_secret_access_key,
-    sessionToken: profile.aws_session_token,
-});
-const resolveWebIdentityCredentials = async (profile, options) => credential_provider_web_identity_1.fromTokenFile({
-    webIdentityTokenFile: profile.web_identity_token_file,
-    roleArn: profile.role_arn,
-    roleSessionName: profile.role_session_name,
-    roleAssumerWithWebIdentity: options.roleAssumerWithWebIdentity,
-})();
+const tslib_1 = require("tslib");
+tslib_1.__exportStar(require("./fromIni"), exports);

package/dist-cjs/resolveAssumeRoleCredentials.js

@@ -0,0 +1,51 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resolveAssumeRoleCredentials = exports.isAssumeRoleProfile = void 0;
+const property_provider_1 = require("@aws-sdk/property-provider");
+const util_credentials_1 = require("@aws-sdk/util-credentials");
+const resolveCredentialSource_1 = require("./resolveCredentialSource");
+const resolveProfileData_1 = require("./resolveProfileData");
+const isAssumeRoleProfile = (arg) => Boolean(arg) &&
+    typeof arg === "object" &&
+    typeof arg.role_arn === "string" &&
+    ["undefined", "string"].indexOf(typeof arg.role_session_name) > -1 &&
+    ["undefined", "string"].indexOf(typeof arg.external_id) > -1 &&
+    ["undefined", "string"].indexOf(typeof arg.mfa_serial) > -1 &&
+    (isAssumeRoleWithSourceProfile(arg) || isAssumeRoleWithProviderProfile(arg));
+exports.isAssumeRoleProfile = isAssumeRoleProfile;
+const isAssumeRoleWithSourceProfile = (arg) => typeof arg.source_profile === "string" && typeof arg.credential_source === "undefined";
+const isAssumeRoleWithProviderProfile = (arg) => typeof arg.credential_source === "string" && typeof arg.source_profile === "undefined";
+const resolveAssumeRoleCredentials = async (profileName, profiles, options, visitedProfiles = {}) => {
+    const data = profiles[profileName];
+    if (!options.roleAssumer) {
+        throw new property_provider_1.CredentialsProviderError(`Profile ${profileName} requires a role to be assumed, but no role assumption callback was provided.`, false);
+    }
+    const { source_profile } = data;
+    if (source_profile && source_profile in visitedProfiles) {
+        throw new property_provider_1.CredentialsProviderError(`Detected a cycle attempting to resolve credentials for profile` +
+            ` ${util_credentials_1.getMasterProfileName(options)}. Profiles visited: ` +
+            Object.keys(visitedProfiles).join(", "), false);
+    }
+    const sourceCredsProvider = source_profile
+        ? resolveProfileData_1.resolveProfileData(source_profile, profiles, options, {
+            ...visitedProfiles,
+            [source_profile]: true,
+        })
+        : resolveCredentialSource_1.resolveCredentialSource(data.credential_source, profileName)();
+    const params = {
+        RoleArn: data.role_arn,
+        RoleSessionName: data.role_session_name || `aws-sdk-js-${Date.now()}`,
+        ExternalId: data.external_id,
+    };
+    const { mfa_serial } = data;
+    if (mfa_serial) {
+        if (!options.mfaCodeProvider) {
+            throw new property_provider_1.CredentialsProviderError(`Profile ${profileName} requires multi-factor authentication, but no MFA code callback was provided.`, false);
+        }
+        params.SerialNumber = mfa_serial;
+        params.TokenCode = await options.mfaCodeProvider(mfa_serial);
+    }
+    const sourceCreds = await sourceCredsProvider;
+    return options.roleAssumer(sourceCreds, params);
+};
+exports.resolveAssumeRoleCredentials = resolveAssumeRoleCredentials;

package/dist-cjs/resolveCredentialSource.js

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resolveCredentialSource = void 0;
+const credential_provider_env_1 = require("@aws-sdk/credential-provider-env");
+const credential_provider_imds_1 = require("@aws-sdk/credential-provider-imds");
+const property_provider_1 = require("@aws-sdk/property-provider");
+const resolveCredentialSource = (credentialSource, profileName) => {
+    const sourceProvidersMap = {
+        EcsContainer: credential_provider_imds_1.fromContainerMetadata,
+        Ec2InstanceMetadata: credential_provider_imds_1.fromInstanceMetadata,
+        Environment: credential_provider_env_1.fromEnv,
+    };
+    if (credentialSource in sourceProvidersMap) {
+        return sourceProvidersMap[credentialSource]();
+    }
+    else {
+        throw new property_provider_1.CredentialsProviderError(`Unsupported credential source in profile ${profileName}. Got ${credentialSource}, ` +
+            `expected EcsContainer or Ec2InstanceMetadata or Environment.`);
+    }
+};
+exports.resolveCredentialSource = resolveCredentialSource;

package/dist-cjs/resolveProfileData.js

@@ -0,0 +1,28 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resolveProfileData = void 0;
+const property_provider_1 = require("@aws-sdk/property-provider");
+const resolveAssumeRoleCredentials_1 = require("./resolveAssumeRoleCredentials");
+const resolveSsoCredentials_1 = require("./resolveSsoCredentials");
+const resolveStaticCredentials_1 = require("./resolveStaticCredentials");
+const resolveWebIdentityCredentials_1 = require("./resolveWebIdentityCredentials");
+const resolveProfileData = async (profileName, profiles, options, visitedProfiles = {}) => {
+    const data = profiles[profileName];
+    if (Object.keys(visitedProfiles).length > 0 && resolveStaticCredentials_1.isStaticCredsProfile(data)) {
+        return resolveStaticCredentials_1.resolveStaticCredentials(data);
+    }
+    if (resolveAssumeRoleCredentials_1.isAssumeRoleProfile(data)) {
+        return resolveAssumeRoleCredentials_1.resolveAssumeRoleCredentials(profileName, profiles, options, visitedProfiles);
+    }
+    if (resolveStaticCredentials_1.isStaticCredsProfile(data)) {
+        return resolveStaticCredentials_1.resolveStaticCredentials(data);
+    }
+    if (resolveWebIdentityCredentials_1.isWebIdentityProfile(data)) {
+        return resolveWebIdentityCredentials_1.resolveWebIdentityCredentials(data, options);
+    }
+    if (resolveSsoCredentials_1.isSsoProfile(data)) {
+        return resolveSsoCredentials_1.resolveSsoCredentials(data);
+    }
+    throw new property_provider_1.CredentialsProviderError(`Profile ${profileName} could not be found or parsed in shared credentials file.`);
+};
+exports.resolveProfileData = resolveProfileData;

package/dist-cjs/resolveSsoCredentials.js

@@ -0,0 +1,16 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resolveSsoCredentials = exports.isSsoProfile = void 0;
+const credential_provider_sso_1 = require("@aws-sdk/credential-provider-sso");
+var credential_provider_sso_2 = require("@aws-sdk/credential-provider-sso");
+Object.defineProperty(exports, "isSsoProfile", { enumerable: true, get: function () { return credential_provider_sso_2.isSsoProfile; } });
+const resolveSsoCredentials = (data) => {
+    const { sso_start_url, sso_account_id, sso_region, sso_role_name } = credential_provider_sso_1.validateSsoProfile(data);
+    return credential_provider_sso_1.fromSSO({
+        ssoStartUrl: sso_start_url,
+        ssoAccountId: sso_account_id,
+        ssoRegion: sso_region,
+        ssoRoleName: sso_role_name,
+    })();
+};
+exports.resolveSsoCredentials = resolveSsoCredentials;

package/dist-cjs/resolveStaticCredentials.js

@@ -0,0 +1,15 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resolveStaticCredentials = exports.isStaticCredsProfile = void 0;
+const isStaticCredsProfile = (arg) => Boolean(arg) &&
+    typeof arg === "object" &&
+    typeof arg.aws_access_key_id === "string" &&
+    typeof arg.aws_secret_access_key === "string" &&
+    ["undefined", "string"].indexOf(typeof arg.aws_session_token) > -1;
+exports.isStaticCredsProfile = isStaticCredsProfile;
+const resolveStaticCredentials = (profile) => Promise.resolve({
+    accessKeyId: profile.aws_access_key_id,
+    secretAccessKey: profile.aws_secret_access_key,
+    sessionToken: profile.aws_session_token,
+});
+exports.resolveStaticCredentials = resolveStaticCredentials;

package/dist-cjs/resolveWebIdentityCredentials.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resolveWebIdentityCredentials = exports.isWebIdentityProfile = void 0;
+const credential_provider_web_identity_1 = require("@aws-sdk/credential-provider-web-identity");
+const isWebIdentityProfile = (arg) => Boolean(arg) &&
+    typeof arg === "object" &&
+    typeof arg.web_identity_token_file === "string" &&
+    typeof arg.role_arn === "string" &&
+    ["undefined", "string"].indexOf(typeof arg.role_session_name) > -1;
+exports.isWebIdentityProfile = isWebIdentityProfile;
+const resolveWebIdentityCredentials = async (profile, options) => credential_provider_web_identity_1.fromTokenFile({
+    webIdentityTokenFile: profile.web_identity_token_file,
+    roleArn: profile.role_arn,
+    roleSessionName: profile.role_session_name,
+    roleAssumerWithWebIdentity: options.roleAssumerWithWebIdentity,
+})();
+exports.resolveWebIdentityCredentials = resolveWebIdentityCredentials;

package/dist-es/fromIni.js

@@ -0,0 +1,17 @@
+import { __awaiter, __generator } from "tslib";
+import { getMasterProfileName, parseKnownFiles } from "@aws-sdk/util-credentials";
+import { resolveProfileData } from "./resolveProfileData";
+export var fromIni = function (init) {
+    if (init === void 0) { init = {}; }
+    return function () { return __awaiter(void 0, void 0, void 0, function () {
+        var profiles;
+        return __generator(this, function (_a) {
+            switch (_a.label) {
+                case 0: return [4, parseKnownFiles(init)];
+                case 1:
+                    profiles = _a.sent();
+                    return [2, resolveProfileData(getMasterProfileName(init), profiles, init)];
+            }
+        });
+    }); };
+};

package/dist-es/index.js

@@ -1,141 +1 @@
-import { __assign, __awaiter, __generator } from "tslib";
-import { fromEnv } from "@aws-sdk/credential-provider-env";
-import { fromContainerMetadata, fromInstanceMetadata } from "@aws-sdk/credential-provider-imds";
-import { fromSSO, isSsoProfile, validateSsoProfile } from "@aws-sdk/credential-provider-sso";
-import { fromTokenFile } from "@aws-sdk/credential-provider-web-identity";
-import { CredentialsProviderError } from "@aws-sdk/property-provider";
-import { getMasterProfileName, parseKnownFiles } from "@aws-sdk/util-credentials";
-var isStaticCredsProfile = function (arg) {
-    return Boolean(arg) &&
-        typeof arg === "object" &&
-        typeof arg.aws_access_key_id === "string" &&
-        typeof arg.aws_secret_access_key === "string" &&
-        ["undefined", "string"].indexOf(typeof arg.aws_session_token) > -1;
-};
-var isWebIdentityProfile = function (arg) {
-    return Boolean(arg) &&
-        typeof arg === "object" &&
-        typeof arg.web_identity_token_file === "string" &&
-        typeof arg.role_arn === "string" &&
-        ["undefined", "string"].indexOf(typeof arg.role_session_name) > -1;
-};
-var isAssumeRoleProfile = function (arg) {
-    return Boolean(arg) &&
-        typeof arg === "object" &&
-        typeof arg.role_arn === "string" &&
-        ["undefined", "string"].indexOf(typeof arg.role_session_name) > -1 &&
-        ["undefined", "string"].indexOf(typeof arg.external_id) > -1 &&
-        ["undefined", "string"].indexOf(typeof arg.mfa_serial) > -1;
-};
-var isAssumeRoleWithSourceProfile = function (arg) {
-    return isAssumeRoleProfile(arg) && typeof arg.source_profile === "string" && typeof arg.credential_source === "undefined";
-};
-var isAssumeRoleWithProviderProfile = function (arg) {
-    return isAssumeRoleProfile(arg) && typeof arg.credential_source === "string" && typeof arg.source_profile === "undefined";
-};
-export var fromIni = function (init) {
-    if (init === void 0) { init = {}; }
-    return function () { return __awaiter(void 0, void 0, void 0, function () {
-        var profiles;
-        return __generator(this, function (_a) {
-            switch (_a.label) {
-                case 0: return [4, parseKnownFiles(init)];
-                case 1:
-                    profiles = _a.sent();
-                    return [2, resolveProfileData(getMasterProfileName(init), profiles, init)];
-            }
-        });
-    }); };
-};
-var resolveProfileData = function (profileName, profiles, options, visitedProfiles) {
-    if (visitedProfiles === void 0) { visitedProfiles = {}; }
-    return __awaiter(void 0, void 0, void 0, function () {
-        var data, ExternalId, mfa_serial, RoleArn, _a, RoleSessionName, source_profile, credential_source, sourceCreds, params, _b, _c, _d, _e, sso_start_url, sso_account_id, sso_region, sso_role_name;
-        var _f;
-        return __generator(this, function (_g) {
-            switch (_g.label) {
-                case 0:
-                    data = profiles[profileName];
-                    if (Object.keys(visitedProfiles).length > 0 && isStaticCredsProfile(data)) {
-                        return [2, resolveStaticCredentials(data)];
-                    }
-                    if (!(isAssumeRoleWithSourceProfile(data) || isAssumeRoleWithProviderProfile(data))) return [3, 4];
-                    ExternalId = data.external_id, mfa_serial = data.mfa_serial, RoleArn = data.role_arn, _a = data.role_session_name, RoleSessionName = _a === void 0 ? "aws-sdk-js-" + Date.now() : _a, source_profile = data.source_profile, credential_source = data.credential_source;
-                    if (!options.roleAssumer) {
-                        throw new CredentialsProviderError("Profile " + profileName + " requires a role to be assumed, but no" + " role assumption callback was provided.", false);
-                    }
-                    if (source_profile && source_profile in visitedProfiles) {
-                        throw new CredentialsProviderError("Detected a cycle attempting to resolve credentials for profile" +
-                            (" " + getMasterProfileName(options) + ". Profiles visited: ") +
-                            Object.keys(visitedProfiles).join(", "), false);
-                    }
-                    sourceCreds = source_profile
-                        ? resolveProfileData(source_profile, profiles, options, __assign(__assign({}, visitedProfiles), (_f = {}, _f[source_profile] = true, _f)))
-                        : resolveCredentialSource(credential_source, profileName)();
-                    params = { RoleArn: RoleArn, RoleSessionName: RoleSessionName, ExternalId: ExternalId };
-                    if (!mfa_serial) return [3, 2];
-                    if (!options.mfaCodeProvider) {
-                        throw new CredentialsProviderError("Profile " + profileName + " requires multi-factor authentication," + " but no MFA code callback was provided.", false);
-                    }
-                    params.SerialNumber = mfa_serial;
-                    _b = params;
-                    return [4, options.mfaCodeProvider(mfa_serial)];
-                case 1:
-                    _b.TokenCode = _g.sent();
-                    _g.label = 2;
-                case 2:
-                    _d = (_c = options).roleAssumer;
-                    return [4, sourceCreds];
-                case 3: return [2, _d.apply(_c, [_g.sent(), params])];
-                case 4:
-                    if (isStaticCredsProfile(data)) {
-                        return [2, resolveStaticCredentials(data)];
-                    }
-                    if (isWebIdentityProfile(data)) {
-                        return [2, resolveWebIdentityCredentials(data, options)];
-                    }
-                    if (isSsoProfile(data)) {
-                        _e = validateSsoProfile(data), sso_start_url = _e.sso_start_url, sso_account_id = _e.sso_account_id, sso_region = _e.sso_region, sso_role_name = _e.sso_role_name;
-                        return [2, fromSSO({
-                                ssoStartUrl: sso_start_url,
-                                ssoAccountId: sso_account_id,
-                                ssoRegion: sso_region,
-                                ssoRoleName: sso_role_name,
-                            })()];
-                    }
-                    throw new CredentialsProviderError("Profile " + profileName + " could not be found or parsed in shared" + " credentials file.");
-            }
-        });
-    });
-};
-var resolveCredentialSource = function (credentialSource, profileName) {
-    var sourceProvidersMap = {
-        EcsContainer: fromContainerMetadata,
-        Ec2InstanceMetadata: fromInstanceMetadata,
-        Environment: fromEnv,
-    };
-    if (credentialSource in sourceProvidersMap) {
-        return sourceProvidersMap[credentialSource]();
-    }
-    else {
-        throw new CredentialsProviderError("Unsupported credential source in profile " + profileName + ". Got " + credentialSource + ", " +
-            "expected EcsContainer or Ec2InstanceMetadata or Environment.");
-    }
-};
-var resolveStaticCredentials = function (profile) {
-    return Promise.resolve({
-        accessKeyId: profile.aws_access_key_id,
-        secretAccessKey: profile.aws_secret_access_key,
-        sessionToken: profile.aws_session_token,
-    });
-};
-var resolveWebIdentityCredentials = function (profile, options) { return __awaiter(void 0, void 0, void 0, function () {
-    return __generator(this, function (_a) {
-        return [2, fromTokenFile({
-                webIdentityTokenFile: profile.web_identity_token_file,
-                roleArn: profile.role_arn,
-                roleSessionName: profile.role_session_name,
-                roleAssumerWithWebIdentity: options.roleAssumerWithWebIdentity,
-            })()];
-    });
-}); };
+export * from "./fromIni";

package/dist-es/resolveAssumeRoleCredentials.js

@@ -0,0 +1,65 @@
+import { __assign, __awaiter, __generator } from "tslib";
+import { CredentialsProviderError } from "@aws-sdk/property-provider";
+import { getMasterProfileName } from "@aws-sdk/util-credentials";
+import { resolveCredentialSource } from "./resolveCredentialSource";
+import { resolveProfileData } from "./resolveProfileData";
+export var isAssumeRoleProfile = function (arg) {
+    return Boolean(arg) &&
+        typeof arg === "object" &&
+        typeof arg.role_arn === "string" &&
+        ["undefined", "string"].indexOf(typeof arg.role_session_name) > -1 &&
+        ["undefined", "string"].indexOf(typeof arg.external_id) > -1 &&
+        ["undefined", "string"].indexOf(typeof arg.mfa_serial) > -1 &&
+        (isAssumeRoleWithSourceProfile(arg) || isAssumeRoleWithProviderProfile(arg));
+};
+var isAssumeRoleWithSourceProfile = function (arg) {
+    return typeof arg.source_profile === "string" && typeof arg.credential_source === "undefined";
+};
+var isAssumeRoleWithProviderProfile = function (arg) {
+    return typeof arg.credential_source === "string" && typeof arg.source_profile === "undefined";
+};
+export var resolveAssumeRoleCredentials = function (profileName, profiles, options, visitedProfiles) {
+    if (visitedProfiles === void 0) { visitedProfiles = {}; }
+    return __awaiter(void 0, void 0, void 0, function () {
+        var data, source_profile, sourceCredsProvider, params, mfa_serial, _a, sourceCreds;
+        var _b;
+        return __generator(this, function (_c) {
+            switch (_c.label) {
+                case 0:
+                    data = profiles[profileName];
+                    if (!options.roleAssumer) {
+                        throw new CredentialsProviderError("Profile " + profileName + " requires a role to be assumed, but no role assumption callback was provided.", false);
+                    }
+                    source_profile = data.source_profile;
+                    if (source_profile && source_profile in visitedProfiles) {
+                        throw new CredentialsProviderError("Detected a cycle attempting to resolve credentials for profile" +
+                            (" " + getMasterProfileName(options) + ". Profiles visited: ") +
+                            Object.keys(visitedProfiles).join(", "), false);
+                    }
+                    sourceCredsProvider = source_profile
+                        ? resolveProfileData(source_profile, profiles, options, __assign(__assign({}, visitedProfiles), (_b = {}, _b[source_profile] = true, _b)))
+                        : resolveCredentialSource(data.credential_source, profileName)();
+                    params = {
+                        RoleArn: data.role_arn,
+                        RoleSessionName: data.role_session_name || "aws-sdk-js-" + Date.now(),
+                        ExternalId: data.external_id,
+                    };
+                    mfa_serial = data.mfa_serial;
+                    if (!mfa_serial) return [3, 2];
+                    if (!options.mfaCodeProvider) {
+                        throw new CredentialsProviderError("Profile " + profileName + " requires multi-factor authentication, but no MFA code callback was provided.", false);
+                    }
+                    params.SerialNumber = mfa_serial;
+                    _a = params;
+                    return [4, options.mfaCodeProvider(mfa_serial)];
+                case 1:
+                    _a.TokenCode = _c.sent();
+                    _c.label = 2;
+                case 2: return [4, sourceCredsProvider];
+                case 3:
+                    sourceCreds = _c.sent();
+                    return [2, options.roleAssumer(sourceCreds, params)];
+            }
+        });
+    });
+};

package/dist-es/resolveCredentialSource.js

@@ -0,0 +1,17 @@
+import { fromEnv } from "@aws-sdk/credential-provider-env";
+import { fromContainerMetadata, fromInstanceMetadata } from "@aws-sdk/credential-provider-imds";
+import { CredentialsProviderError } from "@aws-sdk/property-provider";
+export var resolveCredentialSource = function (credentialSource, profileName) {
+    var sourceProvidersMap = {
+        EcsContainer: fromContainerMetadata,
+        Ec2InstanceMetadata: fromInstanceMetadata,
+        Environment: fromEnv,
+    };
+    if (credentialSource in sourceProvidersMap) {
+        return sourceProvidersMap[credentialSource]();
+    }
+    else {
+        throw new CredentialsProviderError("Unsupported credential source in profile " + profileName + ". Got " + credentialSource + ", " +
+            "expected EcsContainer or Ec2InstanceMetadata or Environment.");
+    }
+};

package/dist-es/resolveProfileData.js

@@ -0,0 +1,31 @@
+import { __awaiter, __generator } from "tslib";
+import { CredentialsProviderError } from "@aws-sdk/property-provider";
+import { isAssumeRoleProfile, resolveAssumeRoleCredentials } from "./resolveAssumeRoleCredentials";
+import { isSsoProfile, resolveSsoCredentials } from "./resolveSsoCredentials";
+import { isStaticCredsProfile, resolveStaticCredentials } from "./resolveStaticCredentials";
+import { isWebIdentityProfile, resolveWebIdentityCredentials } from "./resolveWebIdentityCredentials";
+export var resolveProfileData = function (profileName, profiles, options, visitedProfiles) {
+    if (visitedProfiles === void 0) { visitedProfiles = {}; }
+    return __awaiter(void 0, void 0, void 0, function () {
+        var data;
+        return __generator(this, function (_a) {
+            data = profiles[profileName];
+            if (Object.keys(visitedProfiles).length > 0 && isStaticCredsProfile(data)) {
+                return [2, resolveStaticCredentials(data)];
+            }
+            if (isAssumeRoleProfile(data)) {
+                return [2, resolveAssumeRoleCredentials(profileName, profiles, options, visitedProfiles)];
+            }
+            if (isStaticCredsProfile(data)) {
+                return [2, resolveStaticCredentials(data)];
+            }
+            if (isWebIdentityProfile(data)) {
+                return [2, resolveWebIdentityCredentials(data, options)];
+            }
+            if (isSsoProfile(data)) {
+                return [2, resolveSsoCredentials(data)];
+            }
+            throw new CredentialsProviderError("Profile " + profileName + " could not be found or parsed in shared credentials file.");
+        });
+    });
+};

package/dist-es/resolveSsoCredentials.js

@@ -0,0 +1,11 @@
+import { fromSSO, validateSsoProfile } from "@aws-sdk/credential-provider-sso";
+export { isSsoProfile } from "@aws-sdk/credential-provider-sso";
+export var resolveSsoCredentials = function (data) {
+    var _a = validateSsoProfile(data), sso_start_url = _a.sso_start_url, sso_account_id = _a.sso_account_id, sso_region = _a.sso_region, sso_role_name = _a.sso_role_name;
+    return fromSSO({
+        ssoStartUrl: sso_start_url,
+        ssoAccountId: sso_account_id,
+        ssoRegion: sso_region,
+        ssoRoleName: sso_role_name,
+    })();
+};

package/dist-es/resolveStaticCredentials.js

@@ -0,0 +1,14 @@
+export var isStaticCredsProfile = function (arg) {
+    return Boolean(arg) &&
+        typeof arg === "object" &&
+        typeof arg.aws_access_key_id === "string" &&
+        typeof arg.aws_secret_access_key === "string" &&
+        ["undefined", "string"].indexOf(typeof arg.aws_session_token) > -1;
+};
+export var resolveStaticCredentials = function (profile) {
+    return Promise.resolve({
+        accessKeyId: profile.aws_access_key_id,
+        secretAccessKey: profile.aws_secret_access_key,
+        sessionToken: profile.aws_session_token,
+    });
+};

package/dist-es/resolveWebIdentityCredentials.js

@@ -0,0 +1,19 @@
+import { __awaiter, __generator } from "tslib";
+import { fromTokenFile } from "@aws-sdk/credential-provider-web-identity";
+export var isWebIdentityProfile = function (arg) {
+    return Boolean(arg) &&
+        typeof arg === "object" &&
+        typeof arg.web_identity_token_file === "string" &&
+        typeof arg.role_arn === "string" &&
+        ["undefined", "string"].indexOf(typeof arg.role_session_name) > -1;
+};
+export var resolveWebIdentityCredentials = function (profile, options) { return __awaiter(void 0, void 0, void 0, function () {
+    return __generator(this, function (_a) {
+        return [2, fromTokenFile({
+                webIdentityTokenFile: profile.web_identity_token_file,
+                roleArn: profile.role_arn,
+                roleSessionName: profile.role_session_name,
+                roleAssumerWithWebIdentity: options.roleAssumerWithWebIdentity,
+            })()];
+    });
+}); };

package/dist-types/fromIni.d.ts

@@ -0,0 +1,36 @@
+import { AssumeRoleWithWebIdentityParams } from "@aws-sdk/credential-provider-web-identity";
+import { CredentialProvider, Credentials } from "@aws-sdk/types";
+import { SourceProfileInit } from "@aws-sdk/util-credentials";
+import { AssumeRoleParams } from "./resolveAssumeRoleCredentials";
+export interface FromIniInit extends SourceProfileInit {
+    /**
+     * A function that returns a promise fulfilled with an MFA token code for
+     * the provided MFA Serial code. If a profile requires an MFA code and
+     * `mfaCodeProvider` is not a valid function, the credential provider
+     * promise will be rejected.
+     *
+     * @param mfaSerial The serial code of the MFA device specified.
+     */
+    mfaCodeProvider?: (mfaSerial: string) => Promise<string>;
+    /**
+     * A function that assumes a role and returns a promise fulfilled with
+     * credentials for the assumed role.
+     *
+     * @param sourceCreds The credentials with which to assume a role.
+     * @param params
+     */
+    roleAssumer?: (sourceCreds: Credentials, params: AssumeRoleParams) => Promise<Credentials>;
+    /**
+     * A function that assumes a role with web identity and returns a promise fulfilled with
+     * credentials for the assumed role.
+     *
+     * @param sourceCreds The credentials with which to assume a role.
+     * @param params
+     */
+    roleAssumerWithWebIdentity?: (params: AssumeRoleWithWebIdentityParams) => Promise<Credentials>;
+}
+/**
+ * Creates a credential provider that will read from ini files and supports
+ * role assumption and multi-factor authentication.
+ */
+export declare const fromIni: (init?: FromIniInit) => CredentialProvider;

package/dist-types/index.d.ts

@@ -1,63 +1 @@
-import { AssumeRoleWithWebIdentityParams } from "@aws-sdk/credential-provider-web-identity";
-import { CredentialProvider, Credentials } from "@aws-sdk/types";
-import { SourceProfileInit } from "@aws-sdk/util-credentials";
-/**
- * @see http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/STS.html#assumeRole-property
- * TODO update the above to link to V3 docs
- */
-export interface AssumeRoleParams {
-    /**
-     * The identifier of the role to be assumed.
-     */
-    RoleArn: string;
-    /**
-     * A name for the assumed role session.
-     */
-    RoleSessionName: string;
-    /**
-     * A unique identifier that is used by third parties when assuming roles in
-     * their customers' accounts.
-     */
-    ExternalId?: string;
-    /**
-     * The identification number of the MFA device that is associated with the
-     * user who is making the `AssumeRole` call.
-     */
-    SerialNumber?: string;
-    /**
-     * The value provided by the MFA device.
-     */
-    TokenCode?: string;
-}
-export interface FromIniInit extends SourceProfileInit {
-    /**
-     * A function that returns a promise fulfilled with an MFA token code for
-     * the provided MFA Serial code. If a profile requires an MFA code and
-     * `mfaCodeProvider` is not a valid function, the credential provider
-     * promise will be rejected.
-     *
-     * @param mfaSerial The serial code of the MFA device specified.
-     */
-    mfaCodeProvider?: (mfaSerial: string) => Promise<string>;
-    /**
-     * A function that assumes a role and returns a promise fulfilled with
-     * credentials for the assumed role.
-     *
-     * @param sourceCreds The credentials with which to assume a role.
-     * @param params
-     */
-    roleAssumer?: (sourceCreds: Credentials, params: AssumeRoleParams) => Promise<Credentials>;
-    /**
-     * A function that assumes a role with web identity and returns a promise fulfilled with
-     * credentials for the assumed role.
-     *
-     * @param sourceCreds The credentials with which to assume a role.
-     * @param params
-     */
-    roleAssumerWithWebIdentity?: (params: AssumeRoleWithWebIdentityParams) => Promise<Credentials>;
-}
-/**
- * Creates a credential provider that will read from ini files and supports
- * role assumption and multi-factor authentication.
- */
-export declare const fromIni: (init?: FromIniInit) => CredentialProvider;
+export * from "./fromIni";

package/dist-types/resolveAssumeRoleCredentials.d.ts

@@ -0,0 +1,34 @@
+import { ParsedIniData } from "@aws-sdk/shared-ini-file-loader";
+import { FromIniInit } from "./fromIni";
+/**
+ * @see http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/STS.html#assumeRole-property
+ * TODO update the above to link to V3 docs
+ */
+export interface AssumeRoleParams {
+    /**
+     * The identifier of the role to be assumed.
+     */
+    RoleArn: string;
+    /**
+     * A name for the assumed role session.
+     */
+    RoleSessionName: string;
+    /**
+     * A unique identifier that is used by third parties when assuming roles in
+     * their customers' accounts.
+     */
+    ExternalId?: string;
+    /**
+     * The identification number of the MFA device that is associated with the
+     * user who is making the `AssumeRole` call.
+     */
+    SerialNumber?: string;
+    /**
+     * The value provided by the MFA device.
+     */
+    TokenCode?: string;
+}
+export declare const isAssumeRoleProfile: (arg: any) => boolean;
+export declare const resolveAssumeRoleCredentials: (profileName: string, profiles: ParsedIniData, options: FromIniInit, visitedProfiles?: {
+    [profileName: string]: true;
+}) => Promise<import("@aws-sdk/types").Credentials>;

package/dist-types/resolveCredentialSource.d.ts

@@ -0,0 +1,9 @@
+import { CredentialProvider } from "@aws-sdk/types";
+/**
+ * Resolve the `credential_source` entry from the profile, and return the
+ * credential providers respectively. No memoization is needed for the
+ * credential source providers because memoization should be added outside the
+ * fromIni() provider. The source credential needs to be refreshed every time
+ * fromIni() is called.
+ */
+export declare const resolveCredentialSource: (credentialSource: string, profileName: string) => CredentialProvider;

package/dist-types/resolveProfileData.d.ts

@@ -0,0 +1,6 @@
+import { ParsedIniData } from "@aws-sdk/shared-ini-file-loader";
+import { Credentials } from "@aws-sdk/types";
+import { FromIniInit } from "./fromIni";
+export declare const resolveProfileData: (profileName: string, profiles: ParsedIniData, options: FromIniInit, visitedProfiles?: {
+    [profileName: string]: true;
+}) => Promise<Credentials>;

package/dist-types/resolveSsoCredentials.d.ts

@@ -0,0 +1,3 @@
+import { SsoProfile } from "@aws-sdk/credential-provider-sso";
+export { isSsoProfile } from "@aws-sdk/credential-provider-sso";
+export declare const resolveSsoCredentials: (data: Partial<SsoProfile>) => Promise<import("@aws-sdk/types").Credentials>;

package/dist-types/resolveStaticCredentials.d.ts

@@ -0,0 +1,9 @@
+import { Profile } from "@aws-sdk/shared-ini-file-loader";
+import { Credentials } from "@aws-sdk/types";
+export interface StaticCredsProfile extends Profile {
+    aws_access_key_id: string;
+    aws_secret_access_key: string;
+    aws_session_token?: string;
+}
+export declare const isStaticCredsProfile: (arg: any) => arg is StaticCredsProfile;
+export declare const resolveStaticCredentials: (profile: StaticCredsProfile) => Promise<Credentials>;

package/dist-types/resolveWebIdentityCredentials.d.ts

@@ -0,0 +1,10 @@
+import { Profile } from "@aws-sdk/shared-ini-file-loader";
+import { Credentials } from "@aws-sdk/types";
+import { FromIniInit } from "./fromIni";
+export interface WebIdentityProfile extends Profile {
+    web_identity_token_file: string;
+    role_arn: string;
+    role_session_name?: string;
+}
+export declare const isWebIdentityProfile: (arg: any) => arg is WebIdentityProfile;
+export declare const resolveWebIdentityCredentials: (profile: WebIdentityProfile, options: FromIniInit) => Promise<Credentials>;

package/dist-types/ts3.4/fromIni.d.ts

@@ -0,0 +1,14 @@
+import { AssumeRoleWithWebIdentityParams } from "@aws-sdk/credential-provider-web-identity";
+import { CredentialProvider, Credentials } from "@aws-sdk/types";
+import { SourceProfileInit } from "@aws-sdk/util-credentials";
+import { AssumeRoleParams } from "./resolveAssumeRoleCredentials";
+export interface FromIniInit extends SourceProfileInit {
+    
+    mfaCodeProvider?: (mfaSerial: string) => Promise<string>;
+    
+    roleAssumer?: (sourceCreds: Credentials, params: AssumeRoleParams) => Promise<Credentials>;
+    
+    roleAssumerWithWebIdentity?: (params: AssumeRoleWithWebIdentityParams) => Promise<Credentials>;
+}
+
+export declare const fromIni: (init?: FromIniInit) => CredentialProvider;

package/dist-types/ts3.4/index.d.ts

@@ -1,26 +1 @@
-import { AssumeRoleWithWebIdentityParams } from "@aws-sdk/credential-provider-web-identity";
-import { CredentialProvider, Credentials } from "@aws-sdk/types";
-import { SourceProfileInit } from "@aws-sdk/util-credentials";
-
-export interface AssumeRoleParams {
-    
-    RoleArn: string;
-    
-    RoleSessionName: string;
-    
-    ExternalId?: string;
-    
-    SerialNumber?: string;
-    
-    TokenCode?: string;
-}
-export interface FromIniInit extends SourceProfileInit {
-    
-    mfaCodeProvider?: (mfaSerial: string) => Promise<string>;
-    
-    roleAssumer?: (sourceCreds: Credentials, params: AssumeRoleParams) => Promise<Credentials>;
-    
-    roleAssumerWithWebIdentity?: (params: AssumeRoleWithWebIdentityParams) => Promise<Credentials>;
-}
-
-export declare const fromIni: (init?: FromIniInit) => CredentialProvider;
+export * from "./fromIni";

package/dist-types/ts3.4/resolveAssumeRoleCredentials.d.ts

@@ -0,0 +1,19 @@
+import { ParsedIniData } from "@aws-sdk/shared-ini-file-loader";
+import { FromIniInit } from "./fromIni";
+
+export interface AssumeRoleParams {
+    
+    RoleArn: string;
+    
+    RoleSessionName: string;
+    
+    ExternalId?: string;
+    
+    SerialNumber?: string;
+    
+    TokenCode?: string;
+}
+export declare const isAssumeRoleProfile: (arg: any) => boolean;
+export declare const resolveAssumeRoleCredentials: (profileName: string, profiles: ParsedIniData, options: FromIniInit, visitedProfiles?: {
+    [profileName: string]: true;
+}) => Promise<import("@aws-sdk/types").Credentials>;

package/dist-types/ts3.4/resolveCredentialSource.d.ts

@@ -0,0 +1,3 @@
+import { CredentialProvider } from "@aws-sdk/types";
+
+export declare const resolveCredentialSource: (credentialSource: string, profileName: string) => CredentialProvider;

package/dist-types/ts3.4/resolveProfileData.d.ts

@@ -0,0 +1,6 @@
+import { ParsedIniData } from "@aws-sdk/shared-ini-file-loader";
+import { Credentials } from "@aws-sdk/types";
+import { FromIniInit } from "./fromIni";
+export declare const resolveProfileData: (profileName: string, profiles: ParsedIniData, options: FromIniInit, visitedProfiles?: {
+    [profileName: string]: true;
+}) => Promise<Credentials>;

package/dist-types/ts3.4/resolveSsoCredentials.d.ts

@@ -0,0 +1,3 @@
+import { SsoProfile } from "@aws-sdk/credential-provider-sso";
+export { isSsoProfile } from "@aws-sdk/credential-provider-sso";
+export declare const resolveSsoCredentials: (data: Partial<SsoProfile>) => Promise<import("@aws-sdk/types").Credentials>;

package/dist-types/ts3.4/resolveStaticCredentials.d.ts

@@ -0,0 +1,9 @@
+import { Profile } from "@aws-sdk/shared-ini-file-loader";
+import { Credentials } from "@aws-sdk/types";
+export interface StaticCredsProfile extends Profile {
+    aws_access_key_id: string;
+    aws_secret_access_key: string;
+    aws_session_token?: string;
+}
+export declare const isStaticCredsProfile: (arg: any) => arg is StaticCredsProfile;
+export declare const resolveStaticCredentials: (profile: StaticCredsProfile) => Promise<Credentials>;

package/dist-types/ts3.4/resolveWebIdentityCredentials.d.ts

@@ -0,0 +1,10 @@
+import { Profile } from "@aws-sdk/shared-ini-file-loader";
+import { Credentials } from "@aws-sdk/types";
+import { FromIniInit } from "./fromIni";
+export interface WebIdentityProfile extends Profile {
+    web_identity_token_file: string;
+    role_arn: string;
+    role_session_name?: string;
+}
+export declare const isWebIdentityProfile: (arg: any) => arg is WebIdentityProfile;
+export declare const resolveWebIdentityCredentials: (profile: WebIdentityProfile, options: FromIniInit) => Promise<Credentials>;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aws-sdk/credential-provider-ini",
-  "version": "3.47.2",
+  "version": "3.51.0",
   "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config",
   "main": "./dist-cjs/index.js",
   "module": "./dist-es/index.js",
@@ -23,18 +23,24 @@
   },
   "license": "Apache-2.0",
   "dependencies": {
-    "@aws-sdk/credential-provider-env": "3.47.2",
-    "@aws-sdk/credential-provider-imds": "3.47.2",
-    "@aws-sdk/credential-provider-sso": "3.47.2",
-    "@aws-sdk/credential-provider-web-identity": "3.47.2",
-    "@aws-sdk/property-provider": "3.47.2",
-    "@aws-sdk/shared-ini-file-loader": "3.47.1",
-    "@aws-sdk/types": "3.47.1",
-    "@aws-sdk/util-credentials": "3.47.2",
+    "@aws-sdk/credential-provider-env": "3.50.0",
+    "@aws-sdk/credential-provider-imds": "3.51.0",
+    "@aws-sdk/credential-provider-sso": "3.51.0",
+    "@aws-sdk/credential-provider-web-identity": "3.50.0",
+    "@aws-sdk/property-provider": "3.50.0",
+    "@aws-sdk/shared-ini-file-loader": "3.51.0",
+    "@aws-sdk/types": "3.50.0",
+    "@aws-sdk/util-credentials": "3.51.0",
     "tslib": "^2.3.0"
   },
   "devDependencies": {
-    "@types/node": "^10.0.0"
+    "@tsconfig/recommended": "1.0.1",
+    "@types/node": "^10.0.0",
+    "concurrently": "7.0.0",
+    "downlevel-dts": "0.7.0",
+    "rimraf": "3.0.2",
+    "typedoc": "0.19.2",
+    "typescript": "~4.3.5"
   },
   "types": "./dist-types/index.d.ts",
   "engines": {