@aws-sdk/credential-provider-node 3.614.0 → 3.620.0

package/dist-cjs/index.js

@@ -63,15 +63,39 @@ var remoteProvider = /* @__PURE__ */ __name(async (init) => {
 }, "remoteProvider");
 
 // src/defaultProvider.ts
+var multipleCredentialSourceWarningEmitted = false;
 var defaultProvider = /* @__PURE__ */ __name((init = {}) => (0, import_property_provider.memoize)(
   (0, import_property_provider.chain)(
-    ...init.profile || process.env[import_shared_ini_file_loader.ENV_PROFILE] ? [] : [
-      async () => {
-        var _a;
-        (_a = init.logger) == null ? void 0 : _a.debug("@aws-sdk/credential-provider-node - defaultProvider::fromEnv");
-        return (0, import_credential_provider_env.fromEnv)(init)();
+    async () => {
+      var _a, _b, _c, _d;
+      const profile = init.profile ?? process.env[import_shared_ini_file_loader.ENV_PROFILE];
+      if (profile) {
+        const envStaticCredentialsAreSet = process.env[import_credential_provider_env.ENV_KEY] && process.env[import_credential_provider_env.ENV_SECRET];
+        if (envStaticCredentialsAreSet) {
+          if (!multipleCredentialSourceWarningEmitted) {
+            const warnFn = ((_a = init.logger) == null ? void 0 : _a.warn) && ((_c = (_b = init.logger) == null ? void 0 : _b.constructor) == null ? void 0 : _c.name) !== "NoOpLogger" ? init.logger.warn : console.warn;
+            warnFn(
+              `@aws-sdk/credential-provider-node - defaultProvider::fromEnv WARNING:
+    Multiple credential sources detected: 
+    Both AWS_PROFILE and the pair AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY static credentials are set.
+    This SDK will proceed with the AWS_PROFILE value.
+    
+    However, a future version may change this behavior to prefer the ENV static credentials.
+    Please ensure that your environment only sets either the AWS_PROFILE or the
+    AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY pair.
+`
+            );
+            multipleCredentialSourceWarningEmitted = true;
+          }
+        }
+        throw new import_property_provider.CredentialsProviderError("AWS_PROFILE is set, skipping fromEnv provider.", {
+          logger: init.logger,
+          tryNextLink: true
+        });
       }
-    ],
+      (_d = init.logger) == null ? void 0 : _d.debug("@aws-sdk/credential-provider-node - defaultProvider::fromEnv");
+      return (0, import_credential_provider_env.fromEnv)(init)();
+    },
     async () => {
       var _a;
       (_a = init.logger) == null ? void 0 : _a.debug("@aws-sdk/credential-provider-node - defaultProvider::fromSSO");

package/dist-es/defaultProvider.js

@@ -1,15 +1,35 @@
-import { fromEnv } from "@aws-sdk/credential-provider-env";
+import { ENV_KEY, ENV_SECRET, fromEnv } from "@aws-sdk/credential-provider-env";
 import { chain, CredentialsProviderError, memoize } from "@smithy/property-provider";
 import { ENV_PROFILE } from "@smithy/shared-ini-file-loader";
 import { remoteProvider } from "./remoteProvider";
-export const defaultProvider = (init = {}) => memoize(chain(...(init.profile || process.env[ENV_PROFILE]
-    ? []
-    : [
-        async () => {
-            init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromEnv");
-            return fromEnv(init)();
-        },
-    ]), async () => {
+let multipleCredentialSourceWarningEmitted = false;
+export const defaultProvider = (init = {}) => memoize(chain(async () => {
+    const profile = init.profile ?? process.env[ENV_PROFILE];
+    if (profile) {
+        const envStaticCredentialsAreSet = process.env[ENV_KEY] && process.env[ENV_SECRET];
+        if (envStaticCredentialsAreSet) {
+            if (!multipleCredentialSourceWarningEmitted) {
+                const warnFn = init.logger?.warn && init.logger?.constructor?.name !== "NoOpLogger" ? init.logger.warn : console.warn;
+                warnFn(`@aws-sdk/credential-provider-node - defaultProvider::fromEnv WARNING:
+    Multiple credential sources detected: 
+    Both AWS_PROFILE and the pair AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY static credentials are set.
+    This SDK will proceed with the AWS_PROFILE value.
+    
+    However, a future version may change this behavior to prefer the ENV static credentials.
+    Please ensure that your environment only sets either the AWS_PROFILE or the
+    AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY pair.
+`);
+                multipleCredentialSourceWarningEmitted = true;
+            }
+        }
+        throw new CredentialsProviderError("AWS_PROFILE is set, skipping fromEnv provider.", {
+            logger: init.logger,
+            tryNextLink: true,
+        });
+    }
+    init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromEnv");
+    return fromEnv(init)();
+}, async () => {
     init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromSSO");
     const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoSession } = init;
     if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName && !ssoSession) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aws-sdk/credential-provider-node",
-  "version": "3.614.0",
+  "version": "3.620.0",
   "description": "AWS credential provider that sources credentials from a Node.JS environment. ",
   "engines": {
     "node": ">=16.0.0"
@@ -29,13 +29,13 @@
   "license": "Apache-2.0",
   "dependencies": {
     "@aws-sdk/credential-provider-env": "3.609.0",
-    "@aws-sdk/credential-provider-http": "3.614.0",
-    "@aws-sdk/credential-provider-ini": "3.614.0",
+    "@aws-sdk/credential-provider-http": "3.620.0",
+    "@aws-sdk/credential-provider-ini": "3.620.0",
     "@aws-sdk/credential-provider-process": "3.614.0",
-    "@aws-sdk/credential-provider-sso": "3.614.0",
+    "@aws-sdk/credential-provider-sso": "3.620.0",
     "@aws-sdk/credential-provider-web-identity": "3.609.0",
     "@aws-sdk/types": "3.609.0",
-    "@smithy/credential-provider-imds": "^3.1.4",
+    "@smithy/credential-provider-imds": "^3.2.0",
     "@smithy/property-provider": "^3.1.3",
     "@smithy/shared-ini-file-loader": "^3.1.4",
     "@smithy/types": "^3.3.0",