@aws-sdk/credential-provider-ini 3.650.0 → 3.651.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist-cjs/index.js
CHANGED
|
@@ -123,42 +123,41 @@ var resolveAssumeRoleCredentials = /* @__PURE__ */ __name(async (profileName, pr
|
|
|
123
123
|
);
|
|
124
124
|
const sourceCredsProvider = source_profile ? resolveProfileData(
|
|
125
125
|
source_profile,
|
|
126
|
-
|
|
127
|
-
...profiles,
|
|
128
|
-
[source_profile]: {
|
|
129
|
-
...profiles[source_profile],
|
|
130
|
-
// This assigns the role_arn of the "root" profile
|
|
131
|
-
// to the credential_source profile so this recursive call knows
|
|
132
|
-
// what role to assume.
|
|
133
|
-
role_arn: data.role_arn ?? profiles[source_profile].role_arn
|
|
134
|
-
}
|
|
135
|
-
},
|
|
126
|
+
profiles,
|
|
136
127
|
options,
|
|
137
128
|
{
|
|
138
129
|
...visitedProfiles,
|
|
139
130
|
[source_profile]: true
|
|
140
|
-
}
|
|
131
|
+
},
|
|
132
|
+
isCredentialSourceWithoutRoleArn(profiles[source_profile] ?? {})
|
|
141
133
|
) : (await resolveCredentialSource(data.credential_source, profileName, options.logger)(options))();
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
134
|
+
if (isCredentialSourceWithoutRoleArn(data)) {
|
|
135
|
+
return sourceCredsProvider;
|
|
136
|
+
} else {
|
|
137
|
+
const params = {
|
|
138
|
+
RoleArn: data.role_arn,
|
|
139
|
+
RoleSessionName: data.role_session_name || `aws-sdk-js-${Date.now()}`,
|
|
140
|
+
ExternalId: data.external_id,
|
|
141
|
+
DurationSeconds: parseInt(data.duration_seconds || "3600", 10)
|
|
142
|
+
};
|
|
143
|
+
const { mfa_serial } = data;
|
|
144
|
+
if (mfa_serial) {
|
|
145
|
+
if (!options.mfaCodeProvider) {
|
|
146
|
+
throw new import_property_provider.CredentialsProviderError(
|
|
147
|
+
`Profile ${profileName} requires multi-factor authentication, but no MFA code callback was provided.`,
|
|
148
|
+
{ logger: options.logger, tryNextLink: false }
|
|
149
|
+
);
|
|
150
|
+
}
|
|
151
|
+
params.SerialNumber = mfa_serial;
|
|
152
|
+
params.TokenCode = await options.mfaCodeProvider(mfa_serial);
|
|
155
153
|
}
|
|
156
|
-
|
|
157
|
-
|
|
154
|
+
const sourceCreds = await sourceCredsProvider;
|
|
155
|
+
return options.roleAssumer(sourceCreds, params);
|
|
158
156
|
}
|
|
159
|
-
const sourceCreds = await sourceCredsProvider;
|
|
160
|
-
return options.roleAssumer(sourceCreds, params);
|
|
161
157
|
}, "resolveAssumeRoleCredentials");
|
|
158
|
+
var isCredentialSourceWithoutRoleArn = /* @__PURE__ */ __name((section) => {
|
|
159
|
+
return !section.role_arn && !!section.credential_source;
|
|
160
|
+
}, "isCredentialSourceWithoutRoleArn");
|
|
162
161
|
|
|
163
162
|
// src/resolveProcessCredentials.ts
|
|
164
163
|
var isProcessProfile = /* @__PURE__ */ __name((arg) => Boolean(arg) && typeof arg === "object" && typeof arg.credential_process === "string", "isProcessProfile");
|
|
@@ -207,12 +206,12 @@ var resolveWebIdentityCredentials = /* @__PURE__ */ __name(async (profile, optio
|
|
|
207
206
|
), "resolveWebIdentityCredentials");
|
|
208
207
|
|
|
209
208
|
// src/resolveProfileData.ts
|
|
210
|
-
var resolveProfileData = /* @__PURE__ */ __name(async (profileName, profiles, options, visitedProfiles = {}) => {
|
|
209
|
+
var resolveProfileData = /* @__PURE__ */ __name(async (profileName, profiles, options, visitedProfiles = {}, isAssumeRoleRecursiveCall = false) => {
|
|
211
210
|
const data = profiles[profileName];
|
|
212
211
|
if (Object.keys(visitedProfiles).length > 0 && isStaticCredsProfile(data)) {
|
|
213
212
|
return resolveStaticCredentials(data, options);
|
|
214
213
|
}
|
|
215
|
-
if (isAssumeRoleProfile(data, { profile: profileName, logger: options.logger })) {
|
|
214
|
+
if (isAssumeRoleRecursiveCall || isAssumeRoleProfile(data, { profile: profileName, logger: options.logger })) {
|
|
216
215
|
return resolveAssumeRoleCredentials(profileName, profiles, options, visitedProfiles);
|
|
217
216
|
}
|
|
218
217
|
if (isStaticCredsProfile(data)) {
|
|
@@ -44,31 +44,33 @@ export const resolveAssumeRoleCredentials = async (profileName, profiles, option
|
|
|
44
44
|
}
|
|
45
45
|
options.logger?.debug(`@aws-sdk/credential-provider-ini - finding credential resolver using ${source_profile ? `source_profile=[${source_profile}]` : `profile=[${profileName}]`}`);
|
|
46
46
|
const sourceCredsProvider = source_profile
|
|
47
|
-
? resolveProfileData(source_profile, {
|
|
48
|
-
...profiles,
|
|
49
|
-
[source_profile]: {
|
|
50
|
-
...profiles[source_profile],
|
|
51
|
-
role_arn: data.role_arn ?? profiles[source_profile].role_arn,
|
|
52
|
-
},
|
|
53
|
-
}, options, {
|
|
47
|
+
? resolveProfileData(source_profile, profiles, options, {
|
|
54
48
|
...visitedProfiles,
|
|
55
49
|
[source_profile]: true,
|
|
56
|
-
})
|
|
50
|
+
}, isCredentialSourceWithoutRoleArn(profiles[source_profile] ?? {}))
|
|
57
51
|
: (await resolveCredentialSource(data.credential_source, profileName, options.logger)(options))();
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
52
|
+
if (isCredentialSourceWithoutRoleArn(data)) {
|
|
53
|
+
return sourceCredsProvider;
|
|
54
|
+
}
|
|
55
|
+
else {
|
|
56
|
+
const params = {
|
|
57
|
+
RoleArn: data.role_arn,
|
|
58
|
+
RoleSessionName: data.role_session_name || `aws-sdk-js-${Date.now()}`,
|
|
59
|
+
ExternalId: data.external_id,
|
|
60
|
+
DurationSeconds: parseInt(data.duration_seconds || "3600", 10),
|
|
61
|
+
};
|
|
62
|
+
const { mfa_serial } = data;
|
|
63
|
+
if (mfa_serial) {
|
|
64
|
+
if (!options.mfaCodeProvider) {
|
|
65
|
+
throw new CredentialsProviderError(`Profile ${profileName} requires multi-factor authentication, but no MFA code callback was provided.`, { logger: options.logger, tryNextLink: false });
|
|
66
|
+
}
|
|
67
|
+
params.SerialNumber = mfa_serial;
|
|
68
|
+
params.TokenCode = await options.mfaCodeProvider(mfa_serial);
|
|
68
69
|
}
|
|
69
|
-
|
|
70
|
-
|
|
70
|
+
const sourceCreds = await sourceCredsProvider;
|
|
71
|
+
return options.roleAssumer(sourceCreds, params);
|
|
71
72
|
}
|
|
72
|
-
|
|
73
|
-
|
|
73
|
+
};
|
|
74
|
+
const isCredentialSourceWithoutRoleArn = (section) => {
|
|
75
|
+
return !section.role_arn && !!section.credential_source;
|
|
74
76
|
};
|
|
@@ -4,12 +4,12 @@ import { isProcessProfile, resolveProcessCredentials } from "./resolveProcessCre
|
|
|
4
4
|
import { isSsoProfile, resolveSsoCredentials } from "./resolveSsoCredentials";
|
|
5
5
|
import { isStaticCredsProfile, resolveStaticCredentials } from "./resolveStaticCredentials";
|
|
6
6
|
import { isWebIdentityProfile, resolveWebIdentityCredentials } from "./resolveWebIdentityCredentials";
|
|
7
|
-
export const resolveProfileData = async (profileName, profiles, options, visitedProfiles = {}) => {
|
|
7
|
+
export const resolveProfileData = async (profileName, profiles, options, visitedProfiles = {}, isAssumeRoleRecursiveCall = false) => {
|
|
8
8
|
const data = profiles[profileName];
|
|
9
9
|
if (Object.keys(visitedProfiles).length > 0 && isStaticCredsProfile(data)) {
|
|
10
10
|
return resolveStaticCredentials(data, options);
|
|
11
11
|
}
|
|
12
|
-
if (isAssumeRoleProfile(data, { profile: profileName, logger: options.logger })) {
|
|
12
|
+
if (isAssumeRoleRecursiveCall || isAssumeRoleProfile(data, { profile: profileName, logger: options.logger })) {
|
|
13
13
|
return resolveAssumeRoleCredentials(profileName, profiles, options, visitedProfiles);
|
|
14
14
|
}
|
|
15
15
|
if (isStaticCredsProfile(data)) {
|
|
@@ -3,4 +3,4 @@ import { FromIniInit } from "./fromIni";
|
|
|
3
3
|
/**
|
|
4
4
|
* @internal
|
|
5
5
|
*/
|
|
6
|
-
export declare const resolveProfileData: (profileName: string, profiles: ParsedIniData, options: FromIniInit, visitedProfiles?: Record<string, true
|
|
6
|
+
export declare const resolveProfileData: (profileName: string, profiles: ParsedIniData, options: FromIniInit, visitedProfiles?: Record<string, true>, isAssumeRoleRecursiveCall?: boolean) => Promise<AwsCredentialIdentity>;
|
|
@@ -4,5 +4,6 @@ export declare const resolveProfileData: (
|
|
|
4
4
|
profileName: string,
|
|
5
5
|
profiles: ParsedIniData,
|
|
6
6
|
options: FromIniInit,
|
|
7
|
-
visitedProfiles?: Record<string, true
|
|
7
|
+
visitedProfiles?: Record<string, true>,
|
|
8
|
+
isAssumeRoleRecursiveCall?: boolean
|
|
8
9
|
) => Promise<AwsCredentialIdentity>;
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@aws-sdk/credential-provider-ini",
|
|
3
|
-
"version": "3.
|
|
3
|
+
"version": "3.651.1",
|
|
4
4
|
"description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config",
|
|
5
5
|
"main": "./dist-cjs/index.js",
|
|
6
6
|
"module": "./dist-es/index.js",
|
|
@@ -27,7 +27,7 @@
|
|
|
27
27
|
"@aws-sdk/credential-provider-env": "3.649.0",
|
|
28
28
|
"@aws-sdk/credential-provider-http": "3.649.0",
|
|
29
29
|
"@aws-sdk/credential-provider-process": "3.649.0",
|
|
30
|
-
"@aws-sdk/credential-provider-sso": "3.
|
|
30
|
+
"@aws-sdk/credential-provider-sso": "3.651.1",
|
|
31
31
|
"@aws-sdk/credential-provider-web-identity": "3.649.0",
|
|
32
32
|
"@aws-sdk/types": "3.649.0",
|
|
33
33
|
"@smithy/credential-provider-imds": "^3.2.1",
|
|
@@ -45,7 +45,7 @@
|
|
|
45
45
|
"typescript": "~4.9.5"
|
|
46
46
|
},
|
|
47
47
|
"peerDependencies": {
|
|
48
|
-
"@aws-sdk/client-sts": "^3.
|
|
48
|
+
"@aws-sdk/client-sts": "^3.651.1"
|
|
49
49
|
},
|
|
50
50
|
"types": "./dist-types/index.d.ts",
|
|
51
51
|
"engines": {
|