@aws-sdk/credential-provider-sso 3.185.0 → 3.186.0

package/CHANGELOG.md

@@ -3,6 +3,14 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [3.186.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.185.0...v3.186.0) (2022-10-06)
+
+**Note:** Version bump only for package @aws-sdk/credential-provider-sso
+
+
+
+
+
 # [3.185.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.184.0...v3.185.0) (2022-10-05)
 
 **Note:** Version bump only for package @aws-sdk/credential-provider-sso

package/dist-es/fromSSO.js

@@ -1,31 +1,45 @@
+import { __awaiter, __generator } from "tslib";
 import { CredentialsProviderError } from "@aws-sdk/property-provider";
 import { getProfileName, parseKnownFiles } from "@aws-sdk/shared-ini-file-loader";
 import { isSsoProfile } from "./isSsoProfile";
 import { resolveSSOCredentials } from "./resolveSSOCredentials";
 import { validateSsoProfile } from "./validateSsoProfile";
-export const fromSSO = (init = {}) => async () => {
-    const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoClient } = init;
-    if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName) {
-        const profiles = await parseKnownFiles(init);
-        const profileName = getProfileName(init);
-        const profile = profiles[profileName];
-        if (!isSsoProfile(profile)) {
-            throw new CredentialsProviderError(`Profile ${profileName} is not configured with SSO credentials.`);
-        }
-        const { sso_start_url, sso_account_id, sso_region, sso_role_name } = validateSsoProfile(profile);
-        return resolveSSOCredentials({
-            ssoStartUrl: sso_start_url,
-            ssoAccountId: sso_account_id,
-            ssoRegion: sso_region,
-            ssoRoleName: sso_role_name,
-            ssoClient: ssoClient,
+export var fromSSO = function (init) {
+    if (init === void 0) { init = {}; }
+    return function () { return __awaiter(void 0, void 0, void 0, function () {
+        var ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoClient, profiles, profileName, profile, _a, sso_start_url, sso_account_id, sso_region, sso_role_name;
+        return __generator(this, function (_b) {
+            switch (_b.label) {
+                case 0:
+                    ssoStartUrl = init.ssoStartUrl, ssoAccountId = init.ssoAccountId, ssoRegion = init.ssoRegion, ssoRoleName = init.ssoRoleName, ssoClient = init.ssoClient;
+                    if (!(!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName)) return [3, 2];
+                    return [4, parseKnownFiles(init)];
+                case 1:
+                    profiles = _b.sent();
+                    profileName = getProfileName(init);
+                    profile = profiles[profileName];
+                    if (!isSsoProfile(profile)) {
+                        throw new CredentialsProviderError("Profile ".concat(profileName, " is not configured with SSO credentials."));
+                    }
+                    _a = validateSsoProfile(profile), sso_start_url = _a.sso_start_url, sso_account_id = _a.sso_account_id, sso_region = _a.sso_region, sso_role_name = _a.sso_role_name;
+                    return [2, resolveSSOCredentials({
+                            ssoStartUrl: sso_start_url,
+                            ssoAccountId: sso_account_id,
+                            ssoRegion: sso_region,
+                            ssoRoleName: sso_role_name,
+                            ssoClient: ssoClient,
+                        })];
+                case 2:
+                    if (!ssoStartUrl || !ssoAccountId || !ssoRegion || !ssoRoleName) {
+                        throw new CredentialsProviderError('Incomplete configuration. The fromSSO() argument hash must include "ssoStartUrl",' +
+                            ' "ssoAccountId", "ssoRegion", "ssoRoleName"');
+                    }
+                    else {
+                        return [2, resolveSSOCredentials({ ssoStartUrl: ssoStartUrl, ssoAccountId: ssoAccountId, ssoRegion: ssoRegion, ssoRoleName: ssoRoleName, ssoClient: ssoClient })];
+                    }
+                    _b.label = 3;
+                case 3: return [2];
+            }
         });
-    }
-    else if (!ssoStartUrl || !ssoAccountId || !ssoRegion || !ssoRoleName) {
-        throw new CredentialsProviderError('Incomplete configuration. The fromSSO() argument hash must include "ssoStartUrl",' +
-            ' "ssoAccountId", "ssoRegion", "ssoRoleName"');
-    }
-    else {
-        return resolveSSOCredentials({ ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoClient });
-    }
+    }); };
 };

package/dist-es/isSsoProfile.js

@@ -1,5 +1,7 @@
-export const isSsoProfile = (arg) => arg &&
-    (typeof arg.sso_start_url === "string" ||
-        typeof arg.sso_account_id === "string" ||
-        typeof arg.sso_region === "string" ||
-        typeof arg.sso_role_name === "string");
+export var isSsoProfile = function (arg) {
+    return arg &&
+        (typeof arg.sso_start_url === "string" ||
+            typeof arg.sso_account_id === "string" ||
+            typeof arg.sso_region === "string" ||
+            typeof arg.sso_role_name === "string");
+};

package/dist-es/resolveSSOCredentials.js

@@ -1,36 +1,54 @@
+import { __awaiter, __generator } from "tslib";
 import { GetRoleCredentialsCommand, SSOClient } from "@aws-sdk/client-sso";
 import { CredentialsProviderError } from "@aws-sdk/property-provider";
 import { getSSOTokenFromFile } from "@aws-sdk/shared-ini-file-loader";
-const EXPIRE_WINDOW_MS = 15 * 60 * 1000;
-const SHOULD_FAIL_CREDENTIAL_CHAIN = false;
-export const resolveSSOCredentials = async ({ ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoClient, }) => {
-    let token;
-    const refreshMessage = `To refresh this SSO session run aws sso login with the corresponding profile.`;
-    try {
-        token = await getSSOTokenFromFile(ssoStartUrl);
-    }
-    catch (e) {
-        throw new CredentialsProviderError(`The SSO session associated with this profile is invalid. ${refreshMessage}`, SHOULD_FAIL_CREDENTIAL_CHAIN);
-    }
-    if (new Date(token.expiresAt).getTime() - Date.now() <= EXPIRE_WINDOW_MS) {
-        throw new CredentialsProviderError(`The SSO session associated with this profile has expired. ${refreshMessage}`, SHOULD_FAIL_CREDENTIAL_CHAIN);
-    }
-    const { accessToken } = token;
-    const sso = ssoClient || new SSOClient({ region: ssoRegion });
-    let ssoResp;
-    try {
-        ssoResp = await sso.send(new GetRoleCredentialsCommand({
-            accountId: ssoAccountId,
-            roleName: ssoRoleName,
-            accessToken,
-        }));
-    }
-    catch (e) {
-        throw CredentialsProviderError.from(e, SHOULD_FAIL_CREDENTIAL_CHAIN);
-    }
-    const { roleCredentials: { accessKeyId, secretAccessKey, sessionToken, expiration } = {} } = ssoResp;
-    if (!accessKeyId || !secretAccessKey || !sessionToken || !expiration) {
-        throw new CredentialsProviderError("SSO returns an invalid temporary credential.", SHOULD_FAIL_CREDENTIAL_CHAIN);
-    }
-    return { accessKeyId, secretAccessKey, sessionToken, expiration: new Date(expiration) };
+var EXPIRE_WINDOW_MS = 15 * 60 * 1000;
+var SHOULD_FAIL_CREDENTIAL_CHAIN = false;
+export var resolveSSOCredentials = function (_a) {
+    var ssoStartUrl = _a.ssoStartUrl, ssoAccountId = _a.ssoAccountId, ssoRegion = _a.ssoRegion, ssoRoleName = _a.ssoRoleName, ssoClient = _a.ssoClient;
+    return __awaiter(void 0, void 0, void 0, function () {
+        var token, refreshMessage, e_1, accessToken, sso, ssoResp, e_2, _b, _c, accessKeyId, secretAccessKey, sessionToken, expiration;
+        return __generator(this, function (_d) {
+            switch (_d.label) {
+                case 0:
+                    refreshMessage = "To refresh this SSO session run aws sso login with the corresponding profile.";
+                    _d.label = 1;
+                case 1:
+                    _d.trys.push([1, 3, , 4]);
+                    return [4, getSSOTokenFromFile(ssoStartUrl)];
+                case 2:
+                    token = _d.sent();
+                    return [3, 4];
+                case 3:
+                    e_1 = _d.sent();
+                    throw new CredentialsProviderError("The SSO session associated with this profile is invalid. ".concat(refreshMessage), SHOULD_FAIL_CREDENTIAL_CHAIN);
+                case 4:
+                    if (new Date(token.expiresAt).getTime() - Date.now() <= EXPIRE_WINDOW_MS) {
+                        throw new CredentialsProviderError("The SSO session associated with this profile has expired. ".concat(refreshMessage), SHOULD_FAIL_CREDENTIAL_CHAIN);
+                    }
+                    accessToken = token.accessToken;
+                    sso = ssoClient || new SSOClient({ region: ssoRegion });
+                    _d.label = 5;
+                case 5:
+                    _d.trys.push([5, 7, , 8]);
+                    return [4, sso.send(new GetRoleCredentialsCommand({
+                            accountId: ssoAccountId,
+                            roleName: ssoRoleName,
+                            accessToken: accessToken,
+                        }))];
+                case 6:
+                    ssoResp = _d.sent();
+                    return [3, 8];
+                case 7:
+                    e_2 = _d.sent();
+                    throw CredentialsProviderError.from(e_2, SHOULD_FAIL_CREDENTIAL_CHAIN);
+                case 8:
+                    _b = ssoResp.roleCredentials, _c = _b === void 0 ? {} : _b, accessKeyId = _c.accessKeyId, secretAccessKey = _c.secretAccessKey, sessionToken = _c.sessionToken, expiration = _c.expiration;
+                    if (!accessKeyId || !secretAccessKey || !sessionToken || !expiration) {
+                        throw new CredentialsProviderError("SSO returns an invalid temporary credential.", SHOULD_FAIL_CREDENTIAL_CHAIN);
+                    }
+                    return [2, { accessKeyId: accessKeyId, secretAccessKey: secretAccessKey, sessionToken: sessionToken, expiration: new Date(expiration) }];
+            }
+        });
+    });
 };

package/dist-es/validateSsoProfile.js

@@ -1,9 +1,9 @@
 import { CredentialsProviderError } from "@aws-sdk/property-provider";
-export const validateSsoProfile = (profile) => {
-    const { sso_start_url, sso_account_id, sso_region, sso_role_name } = profile;
+export var validateSsoProfile = function (profile) {
+    var sso_start_url = profile.sso_start_url, sso_account_id = profile.sso_account_id, sso_region = profile.sso_region, sso_role_name = profile.sso_role_name;
     if (!sso_start_url || !sso_account_id || !sso_region || !sso_role_name) {
-        throw new CredentialsProviderError(`Profile is configured with invalid SSO credentials. Required parameters "sso_account_id", "sso_region", ` +
-            `"sso_role_name", "sso_start_url". Got ${Object.keys(profile).join(", ")}\nReference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`, false);
+        throw new CredentialsProviderError("Profile is configured with invalid SSO credentials. Required parameters \"sso_account_id\", \"sso_region\", " +
+            "\"sso_role_name\", \"sso_start_url\". Got ".concat(Object.keys(profile).join(", "), "\nReference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html"), false);
     }
     return profile;
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aws-sdk/credential-provider-sso",
-  "version": "3.185.0",
+  "version": "3.186.0",
   "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials",
   "main": "./dist-cjs/index.js",
   "module": "./dist-es/index.js",
@@ -24,10 +24,10 @@
   },
   "license": "Apache-2.0",
   "dependencies": {
-    "@aws-sdk/client-sso": "3.185.0",
-    "@aws-sdk/property-provider": "3.183.0",
-    "@aws-sdk/shared-ini-file-loader": "3.183.0",
-    "@aws-sdk/types": "3.183.0",
+    "@aws-sdk/client-sso": "3.186.0",
+    "@aws-sdk/property-provider": "3.186.0",
+    "@aws-sdk/shared-ini-file-loader": "3.186.0",
+    "@aws-sdk/types": "3.186.0",
     "tslib": "^2.3.1"
   },
   "devDependencies": {