@aws-sdk/credential-provider-ini 3.972.53 → 3.972.55
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist-cjs/index.js
CHANGED
|
@@ -1,25 +1,23 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
var client = require('@aws-sdk/core/client');
|
|
5
|
-
var credentialProviderLogin = require('@aws-sdk/credential-provider-login');
|
|
1
|
+
const { CredentialsProviderError, chain, getProfileName, parseKnownFiles } = require("@smithy/core/config");
|
|
2
|
+
const { setCredentialFeature } = require("@aws-sdk/core/client");
|
|
3
|
+
const { fromLoginCredentials } = require("@aws-sdk/credential-provider-login");
|
|
6
4
|
|
|
7
5
|
const resolveCredentialSource = (credentialSource, profileName, logger) => {
|
|
8
6
|
const sourceProvidersMap = {
|
|
9
7
|
EcsContainer: async (options) => {
|
|
10
|
-
const { fromHttp } =
|
|
11
|
-
const { fromContainerMetadata } =
|
|
8
|
+
const { fromHttp } = require('@aws-sdk/credential-provider-http');
|
|
9
|
+
const { fromContainerMetadata } = require('@smithy/credential-provider-imds');
|
|
12
10
|
logger?.debug("@aws-sdk/credential-provider-ini - credential_source is EcsContainer");
|
|
13
|
-
return async () =>
|
|
11
|
+
return async () => chain(fromHttp(options ?? {}), fromContainerMetadata(options))().then(setNamedProvider);
|
|
14
12
|
},
|
|
15
13
|
Ec2InstanceMetadata: async (options) => {
|
|
16
14
|
logger?.debug("@aws-sdk/credential-provider-ini - credential_source is Ec2InstanceMetadata");
|
|
17
|
-
const { fromInstanceMetadata } =
|
|
15
|
+
const { fromInstanceMetadata } = require('@smithy/credential-provider-imds');
|
|
18
16
|
return async () => fromInstanceMetadata(options)().then(setNamedProvider);
|
|
19
17
|
},
|
|
20
18
|
Environment: async (options) => {
|
|
21
19
|
logger?.debug("@aws-sdk/credential-provider-ini - credential_source is Environment");
|
|
22
|
-
const { fromEnv } =
|
|
20
|
+
const { fromEnv } = require('@aws-sdk/credential-provider-env');
|
|
23
21
|
return async () => fromEnv(options)().then(setNamedProvider);
|
|
24
22
|
},
|
|
25
23
|
};
|
|
@@ -27,11 +25,11 @@ const resolveCredentialSource = (credentialSource, profileName, logger) => {
|
|
|
27
25
|
return sourceProvidersMap[credentialSource];
|
|
28
26
|
}
|
|
29
27
|
else {
|
|
30
|
-
throw new
|
|
28
|
+
throw new CredentialsProviderError(`Unsupported credential source in profile ${profileName}. Got ${credentialSource}, ` +
|
|
31
29
|
`expected EcsContainer or Ec2InstanceMetadata or Environment.`, { logger });
|
|
32
30
|
}
|
|
33
31
|
};
|
|
34
|
-
const setNamedProvider = (creds) =>
|
|
32
|
+
const setNamedProvider = (creds) => setCredentialFeature(creds, "CREDENTIALS_PROFILE_NAMED_PROVIDER", "p");
|
|
35
33
|
|
|
36
34
|
const isAssumeRoleProfile = (arg, { profile = "default", logger } = {}) => {
|
|
37
35
|
return (Boolean(arg) &&
|
|
@@ -61,7 +59,7 @@ const resolveAssumeRoleCredentials = async (profileName, profiles, options, call
|
|
|
61
59
|
const profileData = profiles[profileName];
|
|
62
60
|
const { source_profile, region } = profileData;
|
|
63
61
|
if (!options.roleAssumer) {
|
|
64
|
-
const { getDefaultRoleAssumer } =
|
|
62
|
+
const { getDefaultRoleAssumer } = require('@aws-sdk/nested-clients/sts');
|
|
65
63
|
options.roleAssumer = getDefaultRoleAssumer({
|
|
66
64
|
...options.clientConfig,
|
|
67
65
|
credentialProviderLogger: options.logger,
|
|
@@ -73,8 +71,8 @@ const resolveAssumeRoleCredentials = async (profileName, profiles, options, call
|
|
|
73
71
|
}, options.clientPlugins);
|
|
74
72
|
}
|
|
75
73
|
if (source_profile && source_profile in visitedProfiles) {
|
|
76
|
-
throw new
|
|
77
|
-
` ${
|
|
74
|
+
throw new CredentialsProviderError(`Detected a cycle attempting to resolve credentials for profile` +
|
|
75
|
+
` ${getProfileName(options)}. Profiles visited: ` +
|
|
78
76
|
Object.keys(visitedProfiles).join(", "), { logger: options.logger });
|
|
79
77
|
}
|
|
80
78
|
options.logger?.debug(`@aws-sdk/credential-provider-ini - finding credential resolver using ${source_profile ? `source_profile=[${source_profile}]` : `profile=[${profileName}]`}`);
|
|
@@ -85,7 +83,7 @@ const resolveAssumeRoleCredentials = async (profileName, profiles, options, call
|
|
|
85
83
|
}, isCredentialSourceWithoutRoleArn(profiles[source_profile] ?? {}))
|
|
86
84
|
: (await resolveCredentialSource(profileData.credential_source, profileName, options.logger)(options))();
|
|
87
85
|
if (isCredentialSourceWithoutRoleArn(profileData)) {
|
|
88
|
-
return sourceCredsProvider.then((creds) =>
|
|
86
|
+
return sourceCredsProvider.then((creds) => setCredentialFeature(creds, "CREDENTIALS_PROFILE_SOURCE_PROFILE", "o"));
|
|
89
87
|
}
|
|
90
88
|
else {
|
|
91
89
|
const params = {
|
|
@@ -97,13 +95,13 @@ const resolveAssumeRoleCredentials = async (profileName, profiles, options, call
|
|
|
97
95
|
const { mfa_serial } = profileData;
|
|
98
96
|
if (mfa_serial) {
|
|
99
97
|
if (!options.mfaCodeProvider) {
|
|
100
|
-
throw new
|
|
98
|
+
throw new CredentialsProviderError(`Profile ${profileName} requires multi-factor authentication, but no MFA code callback was provided.`, { logger: options.logger, tryNextLink: false });
|
|
101
99
|
}
|
|
102
100
|
params.SerialNumber = mfa_serial;
|
|
103
101
|
params.TokenCode = await options.mfaCodeProvider(mfa_serial);
|
|
104
102
|
}
|
|
105
103
|
const sourceCreds = await sourceCredsProvider;
|
|
106
|
-
return options.roleAssumer(sourceCreds, params).then((creds) =>
|
|
104
|
+
return options.roleAssumer(sourceCreds, params).then((creds) => setCredentialFeature(creds, "CREDENTIALS_PROFILE_SOURCE_PROFILE", "o"));
|
|
107
105
|
}
|
|
108
106
|
};
|
|
109
107
|
const isCredentialSourceWithoutRoleArn = (section) => {
|
|
@@ -114,21 +112,25 @@ const isLoginProfile = (data) => {
|
|
|
114
112
|
return Boolean(data && data.login_session);
|
|
115
113
|
};
|
|
116
114
|
const resolveLoginCredentials = async (profileName, options, callerClientConfig) => {
|
|
117
|
-
const credentials = await
|
|
115
|
+
const credentials = await fromLoginCredentials({
|
|
118
116
|
...options,
|
|
119
117
|
profile: profileName,
|
|
120
118
|
})({ callerClientConfig });
|
|
121
|
-
return
|
|
119
|
+
return setCredentialFeature(credentials, "CREDENTIALS_PROFILE_LOGIN", "AC");
|
|
122
120
|
};
|
|
123
121
|
|
|
124
122
|
const isProcessProfile = (arg) => Boolean(arg) && typeof arg === "object" && typeof arg.credential_process === "string";
|
|
125
|
-
const resolveProcessCredentials = async (options, profile) =>
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
123
|
+
const resolveProcessCredentials = async (options, profile) => {
|
|
124
|
+
const { fromProcess } = require('@aws-sdk/credential-provider-process');
|
|
125
|
+
const credentials = await fromProcess({
|
|
126
|
+
...options,
|
|
127
|
+
profile,
|
|
128
|
+
})();
|
|
129
|
+
return setCredentialFeature(credentials, "CREDENTIALS_PROFILE_PROCESS", "v");
|
|
130
|
+
};
|
|
129
131
|
|
|
130
132
|
const resolveSsoCredentials = async (profile, profileData, options = {}, callerClientConfig) => {
|
|
131
|
-
const { fromSSO } =
|
|
133
|
+
const { fromSSO } = require('@aws-sdk/credential-provider-sso');
|
|
132
134
|
return fromSSO({
|
|
133
135
|
profile,
|
|
134
136
|
logger: options.logger,
|
|
@@ -138,10 +140,10 @@ const resolveSsoCredentials = async (profile, profileData, options = {}, callerC
|
|
|
138
140
|
callerClientConfig,
|
|
139
141
|
}).then((creds) => {
|
|
140
142
|
if (profileData.sso_session) {
|
|
141
|
-
return
|
|
143
|
+
return setCredentialFeature(creds, "CREDENTIALS_PROFILE_SSO", "r");
|
|
142
144
|
}
|
|
143
145
|
else {
|
|
144
|
-
return
|
|
146
|
+
return setCredentialFeature(creds, "CREDENTIALS_PROFILE_SSO_LEGACY", "t");
|
|
145
147
|
}
|
|
146
148
|
});
|
|
147
149
|
};
|
|
@@ -167,7 +169,7 @@ const resolveStaticCredentials = async (profile, options) => {
|
|
|
167
169
|
...(profile.aws_credential_scope && { credentialScope: profile.aws_credential_scope }),
|
|
168
170
|
...(profile.aws_account_id && { accountId: profile.aws_account_id }),
|
|
169
171
|
};
|
|
170
|
-
return
|
|
172
|
+
return setCredentialFeature(credentials, "CREDENTIALS_PROFILE", "n");
|
|
171
173
|
};
|
|
172
174
|
|
|
173
175
|
const isWebIdentityProfile = (arg) => Boolean(arg) &&
|
|
@@ -175,16 +177,20 @@ const isWebIdentityProfile = (arg) => Boolean(arg) &&
|
|
|
175
177
|
typeof arg.web_identity_token_file === "string" &&
|
|
176
178
|
typeof arg.role_arn === "string" &&
|
|
177
179
|
["undefined", "string"].indexOf(typeof arg.role_session_name) > -1;
|
|
178
|
-
const resolveWebIdentityCredentials = async (profile, options, callerClientConfig) =>
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
})
|
|
180
|
+
const resolveWebIdentityCredentials = async (profile, options, callerClientConfig) => {
|
|
181
|
+
const { fromTokenFile } = require('@aws-sdk/credential-provider-web-identity');
|
|
182
|
+
const credentials = await fromTokenFile({
|
|
183
|
+
webIdentityTokenFile: profile.web_identity_token_file,
|
|
184
|
+
roleArn: profile.role_arn,
|
|
185
|
+
roleSessionName: profile.role_session_name,
|
|
186
|
+
roleAssumerWithWebIdentity: options.roleAssumerWithWebIdentity,
|
|
187
|
+
logger: options.logger,
|
|
188
|
+
parentClientConfig: options.parentClientConfig,
|
|
189
|
+
})({
|
|
190
|
+
callerClientConfig,
|
|
191
|
+
});
|
|
192
|
+
return setCredentialFeature(credentials, "CREDENTIALS_PROFILE_STS_WEB_ID_TOKEN", "q");
|
|
193
|
+
};
|
|
188
194
|
|
|
189
195
|
const resolveProfileData = async (profileName, profiles, options, callerClientConfig, visitedProfiles = {}, isAssumeRoleRecursiveCall = false) => {
|
|
190
196
|
const data = profiles[profileName];
|
|
@@ -209,13 +215,13 @@ const resolveProfileData = async (profileName, profiles, options, callerClientCo
|
|
|
209
215
|
if (isLoginProfile(data)) {
|
|
210
216
|
return resolveLoginCredentials(profileName, options, callerClientConfig);
|
|
211
217
|
}
|
|
212
|
-
throw new
|
|
218
|
+
throw new CredentialsProviderError(`Could not resolve credentials using profile: [${profileName}] in configuration/credentials file(s).`, { logger: options.logger });
|
|
213
219
|
};
|
|
214
220
|
|
|
215
221
|
const fromIni = (init = {}) => async ({ callerClientConfig } = {}) => {
|
|
216
222
|
init.logger?.debug("@aws-sdk/credential-provider-ini - fromIni");
|
|
217
|
-
const profiles = await
|
|
218
|
-
return resolveProfileData(
|
|
223
|
+
const profiles = await parseKnownFiles(init);
|
|
224
|
+
return resolveProfileData(getProfileName({
|
|
219
225
|
profile: init.profile ?? callerClientConfig?.profile,
|
|
220
226
|
}), profiles, init, callerClientConfig);
|
|
221
227
|
};
|
|
@@ -1,6 +1,10 @@
|
|
|
1
1
|
import { setCredentialFeature } from "@aws-sdk/core/client";
|
|
2
2
|
export const isProcessProfile = (arg) => Boolean(arg) && typeof arg === "object" && typeof arg.credential_process === "string";
|
|
3
|
-
export const resolveProcessCredentials = async (options, profile) =>
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
3
|
+
export const resolveProcessCredentials = async (options, profile) => {
|
|
4
|
+
const { fromProcess } = await import("@aws-sdk/credential-provider-process");
|
|
5
|
+
const credentials = await fromProcess({
|
|
6
|
+
...options,
|
|
7
|
+
profile,
|
|
8
|
+
})();
|
|
9
|
+
return setCredentialFeature(credentials, "CREDENTIALS_PROFILE_PROCESS", "v");
|
|
10
|
+
};
|
|
@@ -4,13 +4,17 @@ export const isWebIdentityProfile = (arg) => Boolean(arg) &&
|
|
|
4
4
|
typeof arg.web_identity_token_file === "string" &&
|
|
5
5
|
typeof arg.role_arn === "string" &&
|
|
6
6
|
["undefined", "string"].indexOf(typeof arg.role_session_name) > -1;
|
|
7
|
-
export const resolveWebIdentityCredentials = async (profile, options, callerClientConfig) =>
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
})
|
|
7
|
+
export const resolveWebIdentityCredentials = async (profile, options, callerClientConfig) => {
|
|
8
|
+
const { fromTokenFile } = await import("@aws-sdk/credential-provider-web-identity");
|
|
9
|
+
const credentials = await fromTokenFile({
|
|
10
|
+
webIdentityTokenFile: profile.web_identity_token_file,
|
|
11
|
+
roleArn: profile.role_arn,
|
|
12
|
+
roleSessionName: profile.role_session_name,
|
|
13
|
+
roleAssumerWithWebIdentity: options.roleAssumerWithWebIdentity,
|
|
14
|
+
logger: options.logger,
|
|
15
|
+
parentClientConfig: options.parentClientConfig,
|
|
16
|
+
})({
|
|
17
|
+
callerClientConfig,
|
|
18
|
+
});
|
|
19
|
+
return setCredentialFeature(credentials, "CREDENTIALS_PROFILE_STS_WEB_ID_TOKEN", "q");
|
|
20
|
+
};
|
package/package.json
CHANGED
|
@@ -1,17 +1,17 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@aws-sdk/credential-provider-ini",
|
|
3
|
-
"version": "3.972.
|
|
3
|
+
"version": "3.972.55",
|
|
4
4
|
"description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config",
|
|
5
5
|
"main": "./dist-cjs/index.js",
|
|
6
6
|
"module": "./dist-es/index.js",
|
|
7
7
|
"scripts": {
|
|
8
8
|
"build": "concurrently 'yarn:build:types' 'yarn:build:es' && yarn build:cjs",
|
|
9
9
|
"build:cjs": "node ../../scripts/compilation/inline",
|
|
10
|
-
"build:es": "tsc -p tsconfig.es.json",
|
|
10
|
+
"build:es": "premove dist-es && tsc -p tsconfig.es.json",
|
|
11
11
|
"build:include:deps": "yarn g:turbo run build -F=\"$npm_package_name\"",
|
|
12
|
-
"build:types": "tsc -p tsconfig.types.json",
|
|
12
|
+
"build:types": "premove dist-types && tsc -p tsconfig.types.json",
|
|
13
13
|
"build:types:downlevel": "downlevel-dts dist-types dist-types/ts3.4",
|
|
14
|
-
"clean": "premove dist-cjs dist-es dist-types
|
|
14
|
+
"clean": "premove dist-cjs dist-es dist-types",
|
|
15
15
|
"test": "yarn g:vitest run",
|
|
16
16
|
"test:watch": "yarn g:vitest watch",
|
|
17
17
|
"test:integration": "yarn g:vitest run -c vitest.config.integ.mts",
|
|
@@ -28,15 +28,15 @@
|
|
|
28
28
|
},
|
|
29
29
|
"license": "Apache-2.0",
|
|
30
30
|
"dependencies": {
|
|
31
|
-
"@aws-sdk/core": "^3.974.
|
|
32
|
-
"@aws-sdk/credential-provider-env": "^3.972.
|
|
33
|
-
"@aws-sdk/credential-provider-http": "^3.972.
|
|
34
|
-
"@aws-sdk/credential-provider-login": "^3.972.
|
|
35
|
-
"@aws-sdk/credential-provider-process": "^3.972.
|
|
36
|
-
"@aws-sdk/credential-provider-sso": "^3.972.
|
|
37
|
-
"@aws-sdk/credential-provider-web-identity": "^3.972.
|
|
38
|
-
"@aws-sdk/nested-clients": "^3.997.
|
|
39
|
-
"@aws-sdk/types": "^3.973.
|
|
31
|
+
"@aws-sdk/core": "^3.974.22",
|
|
32
|
+
"@aws-sdk/credential-provider-env": "^3.972.48",
|
|
33
|
+
"@aws-sdk/credential-provider-http": "^3.972.50",
|
|
34
|
+
"@aws-sdk/credential-provider-login": "^3.972.54",
|
|
35
|
+
"@aws-sdk/credential-provider-process": "^3.972.48",
|
|
36
|
+
"@aws-sdk/credential-provider-sso": "^3.972.54",
|
|
37
|
+
"@aws-sdk/credential-provider-web-identity": "^3.972.54",
|
|
38
|
+
"@aws-sdk/nested-clients": "^3.997.22",
|
|
39
|
+
"@aws-sdk/types": "^3.973.13",
|
|
40
40
|
"@smithy/core": "^3.24.6",
|
|
41
41
|
"@smithy/credential-provider-imds": "^4.3.7",
|
|
42
42
|
"@smithy/types": "^4.14.3",
|