@aws-sdk/credential-provider-ini 3.501.0 → 3.502.0

package/dist-cjs/index.js

@@ -1,8 +1,13 @@
+var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
 var __export = (target, all) => {
   for (var name in all)
     __defProp(target, name, { get: all[name], enumerable: true });
@@ -15,8 +20,28 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
+// src/loadSts.ts
+var loadSts_exports = {};
+__export(loadSts_exports, {
+  getDefaultRoleAssumer: () => import_client_sts.getDefaultRoleAssumer
+});
+var import_client_sts;
+var init_loadSts = __esm({
+  "src/loadSts.ts"() {
+    import_client_sts = require("@aws-sdk/client-sts");
+  }
+});
+
 // src/index.ts
 var src_exports = {};
 __export(src_exports, {
@@ -35,17 +60,15 @@ module.exports = __toCommonJS(src_exports);
 var import_shared_ini_file_loader = require("@smithy/shared-ini-file-loader");
 
 // src/resolveCredentialSource.ts
-var import_credential_provider_env = require("@aws-sdk/credential-provider-env");
-var import_credential_provider_imds = require("@smithy/credential-provider-imds");
 var import_property_provider = require("@smithy/property-provider");
 var resolveCredentialSource = /* @__PURE__ */ __name((credentialSource, profileName) => {
   const sourceProvidersMap = {
-    EcsContainer: import_credential_provider_imds.fromContainerMetadata,
-    Ec2InstanceMetadata: import_credential_provider_imds.fromInstanceMetadata,
-    Environment: import_credential_provider_env.fromEnv
+    EcsContainer: (options) => Promise.resolve().then(() => __toESM(require("@smithy/credential-provider-imds"))).then(({ fromContainerMetadata }) => fromContainerMetadata(options)),
+    Ec2InstanceMetadata: (options) => Promise.resolve().then(() => __toESM(require("@smithy/credential-provider-imds"))).then(({ fromInstanceMetadata }) => fromInstanceMetadata(options)),
+    Environment: (options) => Promise.resolve().then(() => __toESM(require("@aws-sdk/credential-provider-env"))).then(({ fromEnv }) => fromEnv(options))
   };
   if (credentialSource in sourceProvidersMap) {
-    return sourceProvidersMap[credentialSource]();
+    return sourceProvidersMap[credentialSource];
   } else {
     throw new import_property_provider.CredentialsProviderError(
       `Unsupported credential source in profile ${profileName}. Got ${credentialSource}, expected EcsContainer or Ec2InstanceMetadata or Environment.`
@@ -58,12 +81,12 @@ var isAssumeRoleProfile = /* @__PURE__ */ __name((arg) => Boolean(arg) && typeof
 var isAssumeRoleWithSourceProfile = /* @__PURE__ */ __name((arg) => typeof arg.source_profile === "string" && typeof arg.credential_source === "undefined", "isAssumeRoleWithSourceProfile");
 var isAssumeRoleWithProviderProfile = /* @__PURE__ */ __name((arg) => typeof arg.credential_source === "string" && typeof arg.source_profile === "undefined", "isAssumeRoleWithProviderProfile");
 var resolveAssumeRoleCredentials = /* @__PURE__ */ __name(async (profileName, profiles, options, visitedProfiles = {}) => {
+  var _a;
+  (_a = options.logger) == null ? void 0 : _a.debug("@aws-sdk/credential-provider-ini", "resolveAssumeRoleCredentials (STS)");
   const data = profiles[profileName];
   if (!options.roleAssumer) {
-    throw new import_property_provider.CredentialsProviderError(
-      `Profile ${profileName} requires a role to be assumed, but no role assumption callback was provided.`,
-      false
-    );
+    const { getDefaultRoleAssumer: getDefaultRoleAssumer2 } = await Promise.resolve().then(() => (init_loadSts(), loadSts_exports));
+    options.roleAssumer = getDefaultRoleAssumer2(options.clientConfig, options.clientPlugins);
   }
   const { source_profile } = data;
   if (source_profile && source_profile in visitedProfiles) {
@@ -75,7 +98,7 @@ var resolveAssumeRoleCredentials = /* @__PURE__ */ __name(async (profileName, pr
   const sourceCredsProvider = source_profile ? resolveProfileData(source_profile, profiles, options, {
     ...visitedProfiles,
     [source_profile]: true
-  }) : resolveCredentialSource(data.credential_source, profileName)();
+  }) : (await resolveCredentialSource(data.credential_source, profileName)(options))();
   const params = {
     RoleArn: data.role_arn,
     RoleSessionName: data.role_session_name || `aws-sdk-js-${Date.now()}`,
@@ -98,19 +121,19 @@ var resolveAssumeRoleCredentials = /* @__PURE__ */ __name(async (profileName, pr
 }, "resolveAssumeRoleCredentials");
 
 // src/resolveProcessCredentials.ts
-var import_credential_provider_process = require("@aws-sdk/credential-provider-process");
 var isProcessProfile = /* @__PURE__ */ __name((arg) => Boolean(arg) && typeof arg === "object" && typeof arg.credential_process === "string", "isProcessProfile");
-var resolveProcessCredentials = /* @__PURE__ */ __name(async (options, profile) => (0, import_credential_provider_process.fromProcess)({
-  ...options,
-  profile
-})(), "resolveProcessCredentials");
+var resolveProcessCredentials = /* @__PURE__ */ __name(async (options, profile) => Promise.resolve().then(() => __toESM(require("@aws-sdk/credential-provider-process"))).then(
+  ({ fromProcess }) => fromProcess({
+    ...options,
+    profile
+  })()
+), "resolveProcessCredentials");
 
 // src/resolveSsoCredentials.ts
-var import_credential_provider_sso = require("@aws-sdk/credential-provider-sso");
-
-var resolveSsoCredentials = /* @__PURE__ */ __name((data) => {
-  const { sso_start_url, sso_account_id, sso_session, sso_region, sso_role_name } = (0, import_credential_provider_sso.validateSsoProfile)(data);
-  return (0, import_credential_provider_sso.fromSSO)({
+var resolveSsoCredentials = /* @__PURE__ */ __name(async (data) => {
+  const { fromSSO, validateSsoProfile } = await Promise.resolve().then(() => __toESM(require("@aws-sdk/credential-provider-sso")));
+  const { sso_start_url, sso_account_id, sso_session, sso_region, sso_role_name } = validateSsoProfile(data);
+  return fromSSO({
     ssoStartUrl: sso_start_url,
     ssoAccountId: sso_account_id,
     ssoSession: sso_session,
@@ -118,37 +141,43 @@ var resolveSsoCredentials = /* @__PURE__ */ __name((data) => {
     ssoRoleName: sso_role_name
   })();
 }, "resolveSsoCredentials");
+var isSsoProfile = /* @__PURE__ */ __name((arg) => arg && (typeof arg.sso_start_url === "string" || typeof arg.sso_account_id === "string" || typeof arg.sso_session === "string" || typeof arg.sso_region === "string" || typeof arg.sso_role_name === "string"), "isSsoProfile");
 
 // src/resolveStaticCredentials.ts
 var isStaticCredsProfile = /* @__PURE__ */ __name((arg) => Boolean(arg) && typeof arg === "object" && typeof arg.aws_access_key_id === "string" && typeof arg.aws_secret_access_key === "string" && ["undefined", "string"].indexOf(typeof arg.aws_session_token) > -1, "isStaticCredsProfile");
-var resolveStaticCredentials = /* @__PURE__ */ __name((profile) => Promise.resolve({
-  accessKeyId: profile.aws_access_key_id,
-  secretAccessKey: profile.aws_secret_access_key,
-  sessionToken: profile.aws_session_token,
-  credentialScope: profile.aws_credential_scope
-}), "resolveStaticCredentials");
+var resolveStaticCredentials = /* @__PURE__ */ __name((profile, options) => {
+  var _a;
+  (_a = options == null ? void 0 : options.logger) == null ? void 0 : _a.debug("@aws-sdk/credential-provider-ini", "resolveStaticCredentials");
+  return Promise.resolve({
+    accessKeyId: profile.aws_access_key_id,
+    secretAccessKey: profile.aws_secret_access_key,
+    sessionToken: profile.aws_session_token,
+    credentialScope: profile.aws_credential_scope
+  });
+}, "resolveStaticCredentials");
 
 // src/resolveWebIdentityCredentials.ts
-var import_credential_provider_web_identity = require("@aws-sdk/credential-provider-web-identity");
 var isWebIdentityProfile = /* @__PURE__ */ __name((arg) => Boolean(arg) && typeof arg === "object" && typeof arg.web_identity_token_file === "string" && typeof arg.role_arn === "string" && ["undefined", "string"].indexOf(typeof arg.role_session_name) > -1, "isWebIdentityProfile");
-var resolveWebIdentityCredentials = /* @__PURE__ */ __name(async (profile, options) => (0, import_credential_provider_web_identity.fromTokenFile)({
-  webIdentityTokenFile: profile.web_identity_token_file,
-  roleArn: profile.role_arn,
-  roleSessionName: profile.role_session_name,
-  roleAssumerWithWebIdentity: options.roleAssumerWithWebIdentity
-})(), "resolveWebIdentityCredentials");
+var resolveWebIdentityCredentials = /* @__PURE__ */ __name(async (profile, options) => Promise.resolve().then(() => __toESM(require("@aws-sdk/credential-provider-web-identity"))).then(
+  ({ fromTokenFile }) => fromTokenFile({
+    webIdentityTokenFile: profile.web_identity_token_file,
+    roleArn: profile.role_arn,
+    roleSessionName: profile.role_session_name,
+    roleAssumerWithWebIdentity: options.roleAssumerWithWebIdentity
+  })()
+), "resolveWebIdentityCredentials");
 
 // src/resolveProfileData.ts
 var resolveProfileData = /* @__PURE__ */ __name(async (profileName, profiles, options, visitedProfiles = {}) => {
   const data = profiles[profileName];
   if (Object.keys(visitedProfiles).length > 0 && isStaticCredsProfile(data)) {
-    return resolveStaticCredentials(data);
+    return resolveStaticCredentials(data, options);
   }
   if (isAssumeRoleProfile(data)) {
     return resolveAssumeRoleCredentials(profileName, profiles, options, visitedProfiles);
   }
   if (isStaticCredsProfile(data)) {
-    return resolveStaticCredentials(data);
+    return resolveStaticCredentials(data, options);
   }
   if (isWebIdentityProfile(data)) {
     return resolveWebIdentityCredentials(data, options);
@@ -156,14 +185,16 @@ var resolveProfileData = /* @__PURE__ */ __name(async (profileName, profiles, op
   if (isProcessProfile(data)) {
     return resolveProcessCredentials(options, profileName);
   }
-  if ((0, import_credential_provider_sso.isSsoProfile)(data)) {
-    return resolveSsoCredentials(data);
+  if (isSsoProfile(data)) {
+    return await resolveSsoCredentials(data);
   }
   throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} could not be found or parsed in shared credentials file.`);
 }, "resolveProfileData");
 
 // src/fromIni.ts
 var fromIni = /* @__PURE__ */ __name((init = {}) => async () => {
+  var _a;
+  (_a = init.logger) == null ? void 0 : _a.debug("@aws-sdk/credential-provider-ini", "fromIni");
   const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init);
   return resolveProfileData((0, import_shared_ini_file_loader.getProfileName)(init), profiles, init);
 }, "fromIni");

package/dist-cjs/loadSts.js

@@ -0,0 +1 @@
+module.exports = require("./index.js");

package/dist-es/fromIni.js

@@ -1,6 +1,7 @@
 import { getProfileName, parseKnownFiles } from "@smithy/shared-ini-file-loader";
 import { resolveProfileData } from "./resolveProfileData";
 export const fromIni = (init = {}) => async () => {
+    init.logger?.debug("@aws-sdk/credential-provider-ini", "fromIni");
     const profiles = await parseKnownFiles(init);
     return resolveProfileData(getProfileName(init), profiles, init);
 };

package/dist-es/loadSts.js

@@ -0,0 +1,2 @@
+import { getDefaultRoleAssumer } from "@aws-sdk/client-sts";
+export { getDefaultRoleAssumer };

package/dist-es/resolveAssumeRoleCredentials.js

@@ -12,9 +12,11 @@ export const isAssumeRoleProfile = (arg) => Boolean(arg) &&
 const isAssumeRoleWithSourceProfile = (arg) => typeof arg.source_profile === "string" && typeof arg.credential_source === "undefined";
 const isAssumeRoleWithProviderProfile = (arg) => typeof arg.credential_source === "string" && typeof arg.source_profile === "undefined";
 export const resolveAssumeRoleCredentials = async (profileName, profiles, options, visitedProfiles = {}) => {
+    options.logger?.debug("@aws-sdk/credential-provider-ini", "resolveAssumeRoleCredentials (STS)");
     const data = profiles[profileName];
     if (!options.roleAssumer) {
-        throw new CredentialsProviderError(`Profile ${profileName} requires a role to be assumed, but no role assumption callback was provided.`, false);
+        const { getDefaultRoleAssumer } = await import("./loadSts");
+        options.roleAssumer = getDefaultRoleAssumer(options.clientConfig, options.clientPlugins);
     }
     const { source_profile } = data;
     if (source_profile && source_profile in visitedProfiles) {
@@ -27,7 +29,7 @@ export const resolveAssumeRoleCredentials = async (profileName, profiles, option
             ...visitedProfiles,
             [source_profile]: true,
         })
-        : resolveCredentialSource(data.credential_source, profileName)();
+        : (await resolveCredentialSource(data.credential_source, profileName)(options))();
     const params = {
         RoleArn: data.role_arn,
         RoleSessionName: data.role_session_name || `aws-sdk-js-${Date.now()}`,

package/dist-es/resolveCredentialSource.js

@@ -1,14 +1,12 @@
-import { fromEnv } from "@aws-sdk/credential-provider-env";
-import { fromContainerMetadata, fromInstanceMetadata } from "@smithy/credential-provider-imds";
 import { CredentialsProviderError } from "@smithy/property-provider";
 export const resolveCredentialSource = (credentialSource, profileName) => {
     const sourceProvidersMap = {
-        EcsContainer: fromContainerMetadata,
-        Ec2InstanceMetadata: fromInstanceMetadata,
-        Environment: fromEnv,
+        EcsContainer: (options) => import("@smithy/credential-provider-imds").then(({ fromContainerMetadata }) => fromContainerMetadata(options)),
+        Ec2InstanceMetadata: (options) => import("@smithy/credential-provider-imds").then(({ fromInstanceMetadata }) => fromInstanceMetadata(options)),
+        Environment: (options) => import("@aws-sdk/credential-provider-env").then(({ fromEnv }) => fromEnv(options)),
     };
     if (credentialSource in sourceProvidersMap) {
-        return sourceProvidersMap[credentialSource]();
+        return sourceProvidersMap[credentialSource];
     }
     else {
         throw new CredentialsProviderError(`Unsupported credential source in profile ${profileName}. Got ${credentialSource}, ` +

package/dist-es/resolveProcessCredentials.js

@@ -1,6 +1,5 @@
-import { fromProcess } from "@aws-sdk/credential-provider-process";
 export const isProcessProfile = (arg) => Boolean(arg) && typeof arg === "object" && typeof arg.credential_process === "string";
-export const resolveProcessCredentials = async (options, profile) => fromProcess({
+export const resolveProcessCredentials = async (options, profile) => import("@aws-sdk/credential-provider-process").then(({ fromProcess }) => fromProcess({
     ...options,
     profile,
-})();
+})());

package/dist-es/resolveProfileData.js

@@ -7,13 +7,13 @@ import { isWebIdentityProfile, resolveWebIdentityCredentials } from "./resolveWe
 export const resolveProfileData = async (profileName, profiles, options, visitedProfiles = {}) => {
     const data = profiles[profileName];
     if (Object.keys(visitedProfiles).length > 0 && isStaticCredsProfile(data)) {
-        return resolveStaticCredentials(data);
+        return resolveStaticCredentials(data, options);
     }
     if (isAssumeRoleProfile(data)) {
         return resolveAssumeRoleCredentials(profileName, profiles, options, visitedProfiles);
     }
     if (isStaticCredsProfile(data)) {
-        return resolveStaticCredentials(data);
+        return resolveStaticCredentials(data, options);
     }
     if (isWebIdentityProfile(data)) {
         return resolveWebIdentityCredentials(data, options);
@@ -22,7 +22,7 @@ export const resolveProfileData = async (profileName, profiles, options, visited
         return resolveProcessCredentials(options, profileName);
     }
     if (isSsoProfile(data)) {
-        return resolveSsoCredentials(data);
+        return await resolveSsoCredentials(data);
     }
     throw new CredentialsProviderError(`Profile ${profileName} could not be found or parsed in shared credentials file.`);
 };

package/dist-es/resolveSsoCredentials.js

@@ -1,6 +1,5 @@
-import { fromSSO, validateSsoProfile } from "@aws-sdk/credential-provider-sso";
-export { isSsoProfile } from "@aws-sdk/credential-provider-sso";
-export const resolveSsoCredentials = (data) => {
+export const resolveSsoCredentials = async (data) => {
+    const { fromSSO, validateSsoProfile } = await import("@aws-sdk/credential-provider-sso");
     const { sso_start_url, sso_account_id, sso_session, sso_region, sso_role_name } = validateSsoProfile(data);
     return fromSSO({
         ssoStartUrl: sso_start_url,
@@ -10,3 +9,9 @@ export const resolveSsoCredentials = (data) => {
         ssoRoleName: sso_role_name,
     })();
 };
+export const isSsoProfile = (arg) => arg &&
+    (typeof arg.sso_start_url === "string" ||
+        typeof arg.sso_account_id === "string" ||
+        typeof arg.sso_session === "string" ||
+        typeof arg.sso_region === "string" ||
+        typeof arg.sso_role_name === "string");

package/dist-es/resolveStaticCredentials.js

@@ -3,9 +3,12 @@ export const isStaticCredsProfile = (arg) => Boolean(arg) &&
     typeof arg.aws_access_key_id === "string" &&
     typeof arg.aws_secret_access_key === "string" &&
     ["undefined", "string"].indexOf(typeof arg.aws_session_token) > -1;
-export const resolveStaticCredentials = (profile) => Promise.resolve({
-    accessKeyId: profile.aws_access_key_id,
-    secretAccessKey: profile.aws_secret_access_key,
-    sessionToken: profile.aws_session_token,
-    credentialScope: profile.aws_credential_scope,
-});
+export const resolveStaticCredentials = (profile, options) => {
+    options?.logger?.debug("@aws-sdk/credential-provider-ini", "resolveStaticCredentials");
+    return Promise.resolve({
+        accessKeyId: profile.aws_access_key_id,
+        secretAccessKey: profile.aws_secret_access_key,
+        sessionToken: profile.aws_session_token,
+        credentialScope: profile.aws_credential_scope,
+    });
+};

package/dist-es/resolveWebIdentityCredentials.js

@@ -1,12 +1,11 @@
-import { fromTokenFile } from "@aws-sdk/credential-provider-web-identity";
 export const isWebIdentityProfile = (arg) => Boolean(arg) &&
     typeof arg === "object" &&
     typeof arg.web_identity_token_file === "string" &&
     typeof arg.role_arn === "string" &&
     ["undefined", "string"].indexOf(typeof arg.role_session_name) > -1;
-export const resolveWebIdentityCredentials = async (profile, options) => fromTokenFile({
+export const resolveWebIdentityCredentials = async (profile, options) => import("@aws-sdk/credential-provider-web-identity").then(({ fromTokenFile }) => fromTokenFile({
     webIdentityTokenFile: profile.web_identity_token_file,
     roleArn: profile.role_arn,
     roleSessionName: profile.role_session_name,
     roleAssumerWithWebIdentity: options.roleAssumerWithWebIdentity,
-})();
+})());

package/dist-types/fromIni.d.ts

@@ -1,11 +1,13 @@
-import { AssumeRoleWithWebIdentityParams } from "@aws-sdk/credential-provider-web-identity";
+import type { AssumeRoleWithWebIdentityParams } from "@aws-sdk/credential-provider-web-identity";
+import type { CredentialProviderOptions } from "@aws-sdk/types";
 import { SourceProfileInit } from "@smithy/shared-ini-file-loader";
-import { AwsCredentialIdentity, AwsCredentialIdentityProvider } from "@smithy/types";
+import type { AwsCredentialIdentity, AwsCredentialIdentityProvider, Pluggable } from "@smithy/types";
+import type { STSClientConfig } from "./loadSts";
 import { AssumeRoleParams } from "./resolveAssumeRoleCredentials";
 /**
- * @internal
+ * @public
  */
-export interface FromIniInit extends SourceProfileInit {
+export interface FromIniInit extends SourceProfileInit, CredentialProviderOptions {
     /**
      * A function that returns a promise fulfilled with an MFA token code for
      * the provided MFA Serial code. If a profile requires an MFA code and
@@ -31,6 +33,8 @@ export interface FromIniInit extends SourceProfileInit {
      * @param params
      */
     roleAssumerWithWebIdentity?: (params: AssumeRoleWithWebIdentityParams) => Promise<AwsCredentialIdentity>;
+    clientConfig?: STSClientConfig;
+    clientPlugins?: Pluggable<any, any>[];
 }
 /**
  * @internal

package/dist-types/loadSts.d.ts

@@ -0,0 +1,3 @@
+import { getDefaultRoleAssumer } from "@aws-sdk/client-sts";
+export { getDefaultRoleAssumer };
+export type { STSClientConfig } from "@aws-sdk/client-sts";

package/dist-types/resolveAssumeRoleCredentials.d.ts

@@ -1,4 +1,4 @@
-import { ParsedIniData } from "@smithy/types";
+import { AwsCredentialIdentity, ParsedIniData } from "@smithy/types";
 import { FromIniInit } from "./fromIni";
 /**
  * @internal
@@ -41,4 +41,4 @@ export declare const isAssumeRoleProfile: (arg: any) => boolean;
 /**
  * @internal
  */
-export declare const resolveAssumeRoleCredentials: (profileName: string, profiles: ParsedIniData, options: FromIniInit, visitedProfiles?: Record<string, true>) => Promise<import("@smithy/types").AwsCredentialIdentity>;
+export declare const resolveAssumeRoleCredentials: (profileName: string, profiles: ParsedIniData, options: FromIniInit, visitedProfiles?: Record<string, true>) => Promise<AwsCredentialIdentity>;

package/dist-types/resolveCredentialSource.d.ts

@@ -1,3 +1,4 @@
+import type { CredentialProviderOptions } from "@aws-sdk/types";
 import { AwsCredentialIdentityProvider } from "@smithy/types";
 /**
  * @internal
@@ -8,4 +9,4 @@ import { AwsCredentialIdentityProvider } from "@smithy/types";
  * fromIni() provider. The source credential needs to be refreshed every time
  * fromIni() is called.
  */
-export declare const resolveCredentialSource: (credentialSource: string, profileName: string) => AwsCredentialIdentityProvider;
+export declare const resolveCredentialSource: (credentialSource: string, profileName: string) => (options?: CredentialProviderOptions) => Promise<AwsCredentialIdentityProvider>;

package/dist-types/resolveProcessCredentials.d.ts

@@ -1,5 +1,4 @@
-import { Credentials } from "@aws-sdk/types";
-import { Profile } from "@smithy/types";
+import { Credentials, Profile } from "@aws-sdk/types";
 import { FromIniInit } from "./fromIni";
 /**
  * @internal

package/dist-types/resolveProfileData.d.ts

@@ -1,4 +1,4 @@
-import { AwsCredentialIdentity, ParsedIniData } from "@smithy/types";
+import type { AwsCredentialIdentity, ParsedIniData } from "@smithy/types";
 import { FromIniInit } from "./fromIni";
 /**
  * @internal

package/dist-types/resolveSsoCredentials.d.ts

@@ -1,9 +1,11 @@
-import { SsoProfile } from "@aws-sdk/credential-provider-sso";
+import type { SsoProfile } from "@aws-sdk/credential-provider-sso";
+import type { Profile } from "@smithy/types";
 /**
  * @internal
  */
-export { isSsoProfile } from "@aws-sdk/credential-provider-sso";
+export declare const resolveSsoCredentials: (data: Partial<SsoProfile>) => Promise<import("@smithy/types").AwsCredentialIdentity>;
 /**
  * @internal
+ * duplicated from \@aws-sdk/credential-provider-sso to defer import.
  */
-export declare const resolveSsoCredentials: (data: Partial<SsoProfile>) => Promise<import("@smithy/types").AwsCredentialIdentity>;
+export declare const isSsoProfile: (arg: Profile) => arg is Partial<SsoProfile>;

package/dist-types/resolveStaticCredentials.d.ts

@@ -1,4 +1,5 @@
 import { AwsCredentialIdentity, Profile } from "@smithy/types";
+import { FromIniInit } from "./fromIni";
 /**
  * @internal
  */
@@ -15,4 +16,4 @@ export declare const isStaticCredsProfile: (arg: any) => arg is StaticCredsProfi
 /**
  * @internal
  */
-export declare const resolveStaticCredentials: (profile: StaticCredsProfile) => Promise<AwsCredentialIdentity>;
+export declare const resolveStaticCredentials: (profile: StaticCredsProfile, options?: FromIniInit) => Promise<AwsCredentialIdentity>;

package/dist-types/ts3.4/fromIni.d.ts

@@ -1,11 +1,16 @@
 import { AssumeRoleWithWebIdentityParams } from "@aws-sdk/credential-provider-web-identity";
+import { CredentialProviderOptions } from "@aws-sdk/types";
 import { SourceProfileInit } from "@smithy/shared-ini-file-loader";
 import {
   AwsCredentialIdentity,
   AwsCredentialIdentityProvider,
+  Pluggable,
 } from "@smithy/types";
+import { STSClientConfig } from "./loadSts";
 import { AssumeRoleParams } from "./resolveAssumeRoleCredentials";
-export interface FromIniInit extends SourceProfileInit {
+export interface FromIniInit
+  extends SourceProfileInit,
+    CredentialProviderOptions {
   mfaCodeProvider?: (mfaSerial: string) => Promise<string>;
   roleAssumer?: (
     sourceCreds: AwsCredentialIdentity,
@@ -14,6 +19,8 @@ export interface FromIniInit extends SourceProfileInit {
   roleAssumerWithWebIdentity?: (
     params: AssumeRoleWithWebIdentityParams
   ) => Promise<AwsCredentialIdentity>;
+  clientConfig?: STSClientConfig;
+  clientPlugins?: Pluggable<any, any>[];
 }
 export declare const fromIni: (
   init?: FromIniInit

package/dist-types/ts3.4/loadSts.d.ts

@@ -0,0 +1,3 @@
+import { getDefaultRoleAssumer } from "@aws-sdk/client-sts";
+export { getDefaultRoleAssumer };
+export { STSClientConfig } from "@aws-sdk/client-sts";

package/dist-types/ts3.4/resolveAssumeRoleCredentials.d.ts

@@ -1,4 +1,4 @@
-import { ParsedIniData } from "@smithy/types";
+import { AwsCredentialIdentity, ParsedIniData } from "@smithy/types";
 import { FromIniInit } from "./fromIni";
 export interface AssumeRoleParams {
   RoleArn: string;
@@ -14,4 +14,4 @@ export declare const resolveAssumeRoleCredentials: (
   profiles: ParsedIniData,
   options: FromIniInit,
   visitedProfiles?: Record<string, true>
-) => Promise<import("@smithy/types").AwsCredentialIdentity>;
+) => Promise<AwsCredentialIdentity>;

package/dist-types/ts3.4/resolveCredentialSource.d.ts

@@ -1,5 +1,8 @@
+import { CredentialProviderOptions } from "@aws-sdk/types";
 import { AwsCredentialIdentityProvider } from "@smithy/types";
 export declare const resolveCredentialSource: (
   credentialSource: string,
   profileName: string
-) => AwsCredentialIdentityProvider;
+) => (
+  options?: CredentialProviderOptions
+) => Promise<AwsCredentialIdentityProvider>;

package/dist-types/ts3.4/resolveProcessCredentials.d.ts

@@ -1,5 +1,4 @@
-import { Credentials } from "@aws-sdk/types";
-import { Profile } from "@smithy/types";
+import { Credentials, Profile } from "@aws-sdk/types";
 import { FromIniInit } from "./fromIni";
 export interface ProcessProfile extends Profile {
   credential_process: string;

package/dist-types/ts3.4/resolveSsoCredentials.d.ts

@@ -1,5 +1,6 @@
 import { SsoProfile } from "@aws-sdk/credential-provider-sso";
-export { isSsoProfile } from "@aws-sdk/credential-provider-sso";
+import { Profile } from "@smithy/types";
 export declare const resolveSsoCredentials: (
   data: Partial<SsoProfile>
 ) => Promise<import("@smithy/types").AwsCredentialIdentity>;
+export declare const isSsoProfile: (arg: Profile) => arg is Partial<SsoProfile>;

package/dist-types/ts3.4/resolveStaticCredentials.d.ts

@@ -1,4 +1,5 @@
 import { AwsCredentialIdentity, Profile } from "@smithy/types";
+import { FromIniInit } from "./fromIni";
 export interface StaticCredsProfile extends Profile {
   aws_access_key_id: string;
   aws_secret_access_key: string;
@@ -9,5 +10,6 @@ export declare const isStaticCredsProfile: (
   arg: any
 ) => arg is StaticCredsProfile;
 export declare const resolveStaticCredentials: (
-  profile: StaticCredsProfile
+  profile: StaticCredsProfile,
+  options?: FromIniInit
 ) => Promise<AwsCredentialIdentity>;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aws-sdk/credential-provider-ini",
-  "version": "3.501.0",
+  "version": "3.502.0",
   "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config",
   "main": "./dist-cjs/index.js",
   "module": "./dist-es/index.js",
@@ -24,11 +24,12 @@
   },
   "license": "Apache-2.0",
   "dependencies": {
-    "@aws-sdk/credential-provider-env": "3.496.0",
-    "@aws-sdk/credential-provider-process": "3.496.0",
-    "@aws-sdk/credential-provider-sso": "3.501.0",
-    "@aws-sdk/credential-provider-web-identity": "3.496.0",
-    "@aws-sdk/types": "3.496.0",
+    "@aws-sdk/client-sts": "3.502.0",
+    "@aws-sdk/credential-provider-env": "3.502.0",
+    "@aws-sdk/credential-provider-process": "3.502.0",
+    "@aws-sdk/credential-provider-sso": "3.502.0",
+    "@aws-sdk/credential-provider-web-identity": "3.502.0",
+    "@aws-sdk/types": "3.502.0",
     "@smithy/credential-provider-imds": "^2.2.1",
     "@smithy/property-provider": "^2.1.1",
     "@smithy/shared-ini-file-loader": "^2.3.1",