@aws-sdk/credential-provider-sso 3.181.0 → 3.185.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/CHANGELOG.md +16 -0
  2. package/dist-es/fromSSO.js +24 -38
  3. package/dist-es/isSsoProfile.js +5 -7
  4. package/dist-es/resolveSSOCredentials.js +32 -50
  5. package/dist-es/validateSsoProfile.js +4 -4
  6. package/package.json +5 -5
package/CHANGELOG.md CHANGED
@@ -3,6 +3,22 @@
3
3
  All notable changes to this project will be documented in this file.
4
4
  See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
5
5
 
6
+ # [3.185.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.184.0...v3.185.0) (2022-10-05)
7
+
8
+ **Note:** Version bump only for package @aws-sdk/credential-provider-sso
9
+
10
+
11
+
12
+
13
+
14
+ # [3.183.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.182.0...v3.183.0) (2022-10-03)
15
+
16
+ **Note:** Version bump only for package @aws-sdk/credential-provider-sso
17
+
18
+
19
+
20
+
21
+
6
22
  # [3.181.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.180.0...v3.181.0) (2022-09-29)
7
23
 
8
24
  **Note:** Version bump only for package @aws-sdk/credential-provider-sso
package/dist-es/fromSSO.js CHANGED
@@ -1,45 +1,31 @@
1
- import { __awaiter, __generator } from "tslib";
2
1
  import { CredentialsProviderError } from "@aws-sdk/property-provider";
3
2
  import { getProfileName, parseKnownFiles } from "@aws-sdk/shared-ini-file-loader";
4
3
  import { isSsoProfile } from "./isSsoProfile";
5
4
  import { resolveSSOCredentials } from "./resolveSSOCredentials";
6
5
  import { validateSsoProfile } from "./validateSsoProfile";
7
- export var fromSSO = function (init) {
8
- if (init === void 0) { init = {}; }
9
- return function () { return __awaiter(void 0, void 0, void 0, function () {
10
- var ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoClient, profiles, profileName, profile, _a, sso_start_url, sso_account_id, sso_region, sso_role_name;
11
- return __generator(this, function (_b) {
12
- switch (_b.label) {
13
- case 0:
14
- ssoStartUrl = init.ssoStartUrl, ssoAccountId = init.ssoAccountId, ssoRegion = init.ssoRegion, ssoRoleName = init.ssoRoleName, ssoClient = init.ssoClient;
15
- if (!(!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName)) return [3, 2];
16
- return [4, parseKnownFiles(init)];
17
- case 1:
18
- profiles = _b.sent();
19
- profileName = getProfileName(init);
20
- profile = profiles[profileName];
21
- if (!isSsoProfile(profile)) {
22
- throw new CredentialsProviderError("Profile ".concat(profileName, " is not configured with SSO credentials."));
23
- }
24
- _a = validateSsoProfile(profile), sso_start_url = _a.sso_start_url, sso_account_id = _a.sso_account_id, sso_region = _a.sso_region, sso_role_name = _a.sso_role_name;
25
- return [2, resolveSSOCredentials({
26
- ssoStartUrl: sso_start_url,
27
- ssoAccountId: sso_account_id,
28
- ssoRegion: sso_region,
29
- ssoRoleName: sso_role_name,
30
- ssoClient: ssoClient,
31
- })];
32
- case 2:
33
- if (!ssoStartUrl || !ssoAccountId || !ssoRegion || !ssoRoleName) {
34
- throw new CredentialsProviderError('Incomplete configuration. The fromSSO() argument hash must include "ssoStartUrl",' +
35
- ' "ssoAccountId", "ssoRegion", "ssoRoleName"');
36
- }
37
- else {
38
- return [2, resolveSSOCredentials({ ssoStartUrl: ssoStartUrl, ssoAccountId: ssoAccountId, ssoRegion: ssoRegion, ssoRoleName: ssoRoleName, ssoClient: ssoClient })];
39
- }
40
- _b.label = 3;
41
- case 3: return [2];
42
- }
6
+ export const fromSSO = (init = {}) => async () => {
7
+ const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoClient } = init;
8
+ if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName) {
9
+ const profiles = await parseKnownFiles(init);
10
+ const profileName = getProfileName(init);
11
+ const profile = profiles[profileName];
12
+ if (!isSsoProfile(profile)) {
13
+ throw new CredentialsProviderError(`Profile ${profileName} is not configured with SSO credentials.`);
14
+ }
15
+ const { sso_start_url, sso_account_id, sso_region, sso_role_name } = validateSsoProfile(profile);
16
+ return resolveSSOCredentials({
17
+ ssoStartUrl: sso_start_url,
18
+ ssoAccountId: sso_account_id,
19
+ ssoRegion: sso_region,
20
+ ssoRoleName: sso_role_name,
21
+ ssoClient: ssoClient,
43
22
  });
44
- }); };
23
+ }
24
+ else if (!ssoStartUrl || !ssoAccountId || !ssoRegion || !ssoRoleName) {
25
+ throw new CredentialsProviderError('Incomplete configuration. The fromSSO() argument hash must include "ssoStartUrl",' +
26
+ ' "ssoAccountId", "ssoRegion", "ssoRoleName"');
27
+ }
28
+ else {
29
+ return resolveSSOCredentials({ ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoClient });
30
+ }
45
31
  };
package/dist-es/isSsoProfile.js CHANGED
@@ -1,7 +1,5 @@
1
- export var isSsoProfile = function (arg) {
2
- return arg &&
3
- (typeof arg.sso_start_url === "string" ||
4
- typeof arg.sso_account_id === "string" ||
5
- typeof arg.sso_region === "string" ||
6
- typeof arg.sso_role_name === "string");
7
- };
1
+ export const isSsoProfile = (arg) => arg &&
2
+ (typeof arg.sso_start_url === "string" ||
3
+ typeof arg.sso_account_id === "string" ||
4
+ typeof arg.sso_region === "string" ||
5
+ typeof arg.sso_role_name === "string");
package/dist-es/resolveSSOCredentials.js CHANGED
@@ -1,54 +1,36 @@
1
- import { __awaiter, __generator } from "tslib";
2
1
  import { GetRoleCredentialsCommand, SSOClient } from "@aws-sdk/client-sso";
3
2
  import { CredentialsProviderError } from "@aws-sdk/property-provider";
4
3
  import { getSSOTokenFromFile } from "@aws-sdk/shared-ini-file-loader";
5
- var EXPIRE_WINDOW_MS = 15 * 60 * 1000;
6
- var SHOULD_FAIL_CREDENTIAL_CHAIN = false;
7
- export var resolveSSOCredentials = function (_a) {
8
- var ssoStartUrl = _a.ssoStartUrl, ssoAccountId = _a.ssoAccountId, ssoRegion = _a.ssoRegion, ssoRoleName = _a.ssoRoleName, ssoClient = _a.ssoClient;
9
- return __awaiter(void 0, void 0, void 0, function () {
10
- var token, refreshMessage, e_1, accessToken, sso, ssoResp, e_2, _b, _c, accessKeyId, secretAccessKey, sessionToken, expiration;
11
- return __generator(this, function (_d) {
12
- switch (_d.label) {
13
- case 0:
14
- refreshMessage = "To refresh this SSO session run aws sso login with the corresponding profile.";
15
- _d.label = 1;
16
- case 1:
17
- _d.trys.push([1, 3, , 4]);
18
- return [4, getSSOTokenFromFile(ssoStartUrl)];
19
- case 2:
20
- token = _d.sent();
21
- return [3, 4];
22
- case 3:
23
- e_1 = _d.sent();
24
- throw new CredentialsProviderError("The SSO session associated with this profile is invalid. ".concat(refreshMessage), SHOULD_FAIL_CREDENTIAL_CHAIN);
25
- case 4:
26
- if (new Date(token.expiresAt).getTime() - Date.now() <= EXPIRE_WINDOW_MS) {
27
- throw new CredentialsProviderError("The SSO session associated with this profile has expired. ".concat(refreshMessage), SHOULD_FAIL_CREDENTIAL_CHAIN);
28
- }
29
- accessToken = token.accessToken;
30
- sso = ssoClient || new SSOClient({ region: ssoRegion });
31
- _d.label = 5;
32
- case 5:
33
- _d.trys.push([5, 7, , 8]);
34
- return [4, sso.send(new GetRoleCredentialsCommand({
35
- accountId: ssoAccountId,
36
- roleName: ssoRoleName,
37
- accessToken: accessToken,
38
- }))];
39
- case 6:
40
- ssoResp = _d.sent();
41
- return [3, 8];
42
- case 7:
43
- e_2 = _d.sent();
44
- throw CredentialsProviderError.from(e_2, SHOULD_FAIL_CREDENTIAL_CHAIN);
45
- case 8:
46
- _b = ssoResp.roleCredentials, _c = _b === void 0 ? {} : _b, accessKeyId = _c.accessKeyId, secretAccessKey = _c.secretAccessKey, sessionToken = _c.sessionToken, expiration = _c.expiration;
47
- if (!accessKeyId || !secretAccessKey || !sessionToken || !expiration) {
48
- throw new CredentialsProviderError("SSO returns an invalid temporary credential.", SHOULD_FAIL_CREDENTIAL_CHAIN);
49
- }
50
- return [2, { accessKeyId: accessKeyId, secretAccessKey: secretAccessKey, sessionToken: sessionToken, expiration: new Date(expiration) }];
51
- }
52
- });
53
- });
4
+ const EXPIRE_WINDOW_MS = 15 * 60 * 1000;
5
+ const SHOULD_FAIL_CREDENTIAL_CHAIN = false;
6
+ export const resolveSSOCredentials = async ({ ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoClient, }) => {
7
+ let token;
8
+ const refreshMessage = `To refresh this SSO session run aws sso login with the corresponding profile.`;
9
+ try {
10
+ token = await getSSOTokenFromFile(ssoStartUrl);
11
+ }
12
+ catch (e) {
13
+ throw new CredentialsProviderError(`The SSO session associated with this profile is invalid. ${refreshMessage}`, SHOULD_FAIL_CREDENTIAL_CHAIN);
14
+ }
15
+ if (new Date(token.expiresAt).getTime() - Date.now() <= EXPIRE_WINDOW_MS) {
16
+ throw new CredentialsProviderError(`The SSO session associated with this profile has expired. ${refreshMessage}`, SHOULD_FAIL_CREDENTIAL_CHAIN);
17
+ }
18
+ const { accessToken } = token;
19
+ const sso = ssoClient || new SSOClient({ region: ssoRegion });
20
+ let ssoResp;
21
+ try {
22
+ ssoResp = await sso.send(new GetRoleCredentialsCommand({
23
+ accountId: ssoAccountId,
24
+ roleName: ssoRoleName,
25
+ accessToken,
26
+ }));
27
+ }
28
+ catch (e) {
29
+ throw CredentialsProviderError.from(e, SHOULD_FAIL_CREDENTIAL_CHAIN);
30
+ }
31
+ const { roleCredentials: { accessKeyId, secretAccessKey, sessionToken, expiration } = {} } = ssoResp;
32
+ if (!accessKeyId || !secretAccessKey || !sessionToken || !expiration) {
33
+ throw new CredentialsProviderError("SSO returns an invalid temporary credential.", SHOULD_FAIL_CREDENTIAL_CHAIN);
34
+ }
35
+ return { accessKeyId, secretAccessKey, sessionToken, expiration: new Date(expiration) };
54
36
  };
package/dist-es/validateSsoProfile.js CHANGED
@@ -1,9 +1,9 @@
1
1
  import { CredentialsProviderError } from "@aws-sdk/property-provider";
2
- export var validateSsoProfile = function (profile) {
3
- var sso_start_url = profile.sso_start_url, sso_account_id = profile.sso_account_id, sso_region = profile.sso_region, sso_role_name = profile.sso_role_name;
2
+ export const validateSsoProfile = (profile) => {
3
+ const { sso_start_url, sso_account_id, sso_region, sso_role_name } = profile;
4
4
  if (!sso_start_url || !sso_account_id || !sso_region || !sso_role_name) {
5
- throw new CredentialsProviderError("Profile is configured with invalid SSO credentials. Required parameters \"sso_account_id\", \"sso_region\", " +
6
- "\"sso_role_name\", \"sso_start_url\". Got ".concat(Object.keys(profile).join(", "), "\nReference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html"), false);
5
+ throw new CredentialsProviderError(`Profile is configured with invalid SSO credentials. Required parameters "sso_account_id", "sso_region", ` +
6
+ `"sso_role_name", "sso_start_url". Got ${Object.keys(profile).join(", ")}\nReference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`, false);
7
7
  }
8
8
  return profile;
9
9
  };
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@aws-sdk/credential-provider-sso",
3
- "version": "3.181.0",
3
+ "version": "3.185.0",
4
4
  "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials",
5
5
  "main": "./dist-cjs/index.js",
6
6
  "module": "./dist-es/index.js",
@@ -24,10 +24,10 @@
24
24
  },
25
25
  "license": "Apache-2.0",
26
26
  "dependencies": {
27
- "@aws-sdk/client-sso": "3.181.0",
28
- "@aws-sdk/property-provider": "3.178.0",
29
- "@aws-sdk/shared-ini-file-loader": "3.178.0",
30
- "@aws-sdk/types": "3.178.0",
27
+ "@aws-sdk/client-sso": "3.185.0",
28
+ "@aws-sdk/property-provider": "3.183.0",
29
+ "@aws-sdk/shared-ini-file-loader": "3.183.0",
30
+ "@aws-sdk/types": "3.183.0",
31
31
  "tslib": "^2.3.1"
32
32
  },
33
33
  "devDependencies": {