@aws-sdk/credential-provider-sso 3.490.0 → 3.495.0

package/dist-cjs/fromSSO.js

@@ -1,61 +1 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.fromSSO = void 0;
-const property_provider_1 = require("@smithy/property-provider");
-const shared_ini_file_loader_1 = require("@smithy/shared-ini-file-loader");
-const isSsoProfile_1 = require("./isSsoProfile");
-const resolveSSOCredentials_1 = require("./resolveSSOCredentials");
-const validateSsoProfile_1 = require("./validateSsoProfile");
-const fromSSO = (init = {}) => async () => {
-    const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoClient, ssoSession } = init;
-    const profileName = (0, shared_ini_file_loader_1.getProfileName)(init);
-    if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName && !ssoSession) {
-        const profiles = await (0, shared_ini_file_loader_1.parseKnownFiles)(init);
-        const profile = profiles[profileName];
-        if (!profile) {
-            throw new property_provider_1.CredentialsProviderError(`Profile ${profileName} was not found.`);
-        }
-        if (!(0, isSsoProfile_1.isSsoProfile)(profile)) {
-            throw new property_provider_1.CredentialsProviderError(`Profile ${profileName} is not configured with SSO credentials.`);
-        }
-        if (profile === null || profile === void 0 ? void 0 : profile.sso_session) {
-            const ssoSessions = await (0, shared_ini_file_loader_1.loadSsoSessionData)(init);
-            const session = ssoSessions[profile.sso_session];
-            const conflictMsg = ` configurations in profile ${profileName} and sso-session ${profile.sso_session}`;
-            if (ssoRegion && ssoRegion !== session.sso_region) {
-                throw new property_provider_1.CredentialsProviderError(`Conflicting SSO region` + conflictMsg, false);
-            }
-            if (ssoStartUrl && ssoStartUrl !== session.sso_start_url) {
-                throw new property_provider_1.CredentialsProviderError(`Conflicting SSO start_url` + conflictMsg, false);
-            }
-            profile.sso_region = session.sso_region;
-            profile.sso_start_url = session.sso_start_url;
-        }
-        const { sso_start_url, sso_account_id, sso_region, sso_role_name, sso_session } = (0, validateSsoProfile_1.validateSsoProfile)(profile);
-        return (0, resolveSSOCredentials_1.resolveSSOCredentials)({
-            ssoStartUrl: sso_start_url,
-            ssoSession: sso_session,
-            ssoAccountId: sso_account_id,
-            ssoRegion: sso_region,
-            ssoRoleName: sso_role_name,
-            ssoClient: ssoClient,
-            profile: profileName,
-        });
-    }
-    else if (!ssoStartUrl || !ssoAccountId || !ssoRegion || !ssoRoleName) {
-        throw new property_provider_1.CredentialsProviderError("Incomplete configuration. The fromSSO() argument hash must include " +
-            '"ssoStartUrl", "ssoAccountId", "ssoRegion", "ssoRoleName"');
-    }
-    else {
-        return (0, resolveSSOCredentials_1.resolveSSOCredentials)({
-            ssoStartUrl,
-            ssoSession,
-            ssoAccountId,
-            ssoRegion,
-            ssoRoleName,
-            ssoClient,
-            profile: profileName,
-        });
-    }
-};
-exports.fromSSO = fromSSO;
+module.exports = require("./index.js");

package/dist-cjs/index.js

@@ -1,7 +1,175 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-const tslib_1 = require("tslib");
-tslib_1.__exportStar(require("./fromSSO"), exports);
-tslib_1.__exportStar(require("./isSsoProfile"), exports);
-tslib_1.__exportStar(require("./types"), exports);
-tslib_1.__exportStar(require("./validateSsoProfile"), exports);
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var src_exports = {};
+__export(src_exports, {
+  fromSSO: () => fromSSO,
+  isSsoProfile: () => isSsoProfile,
+  validateSsoProfile: () => validateSsoProfile
+});
+module.exports = __toCommonJS(src_exports);
+
+// src/fromSSO.ts
+
+
+
+// src/isSsoProfile.ts
+var isSsoProfile = /* @__PURE__ */ __name((arg) => arg && (typeof arg.sso_start_url === "string" || typeof arg.sso_account_id === "string" || typeof arg.sso_session === "string" || typeof arg.sso_region === "string" || typeof arg.sso_role_name === "string"), "isSsoProfile");
+
+// src/resolveSSOCredentials.ts
+var import_client_sso = require("@aws-sdk/client-sso");
+var import_token_providers = require("@aws-sdk/token-providers");
+var import_property_provider = require("@smithy/property-provider");
+var import_shared_ini_file_loader = require("@smithy/shared-ini-file-loader");
+var SHOULD_FAIL_CREDENTIAL_CHAIN = false;
+var resolveSSOCredentials = /* @__PURE__ */ __name(async ({
+  ssoStartUrl,
+  ssoSession,
+  ssoAccountId,
+  ssoRegion,
+  ssoRoleName,
+  ssoClient,
+  profile
+}) => {
+  var _a;
+  let token;
+  const refreshMessage = `To refresh this SSO session run aws sso login with the corresponding profile.`;
+  if (ssoSession) {
+    try {
+      const _token = await (0, import_token_providers.fromSso)({ profile })();
+      token = {
+        accessToken: _token.token,
+        expiresAt: new Date(_token.expiration).toISOString()
+      };
+    } catch (e) {
+      throw new import_property_provider.CredentialsProviderError(e.message, SHOULD_FAIL_CREDENTIAL_CHAIN);
+    }
+  } else {
+    try {
+      token = await (0, import_shared_ini_file_loader.getSSOTokenFromFile)(ssoStartUrl);
+    } catch (e) {
+      throw new import_property_provider.CredentialsProviderError(
+        `The SSO session associated with this profile is invalid. ${refreshMessage}`,
+        SHOULD_FAIL_CREDENTIAL_CHAIN
+      );
+    }
+  }
+  if (new Date(token.expiresAt).getTime() - Date.now() <= 0) {
+    throw new import_property_provider.CredentialsProviderError(
+      `The SSO session associated with this profile has expired. ${refreshMessage}`,
+      SHOULD_FAIL_CREDENTIAL_CHAIN
+    );
+  }
+  const { accessToken } = token;
+  const sso = ssoClient || new import_client_sso.SSOClient({ region: ssoRegion });
+  let ssoResp;
+  try {
+    ssoResp = await sso.send(
+      new import_client_sso.GetRoleCredentialsCommand({
+        accountId: ssoAccountId,
+        roleName: ssoRoleName,
+        accessToken
+      })
+    );
+  } catch (e) {
+    throw import_property_provider.CredentialsProviderError.from(e, SHOULD_FAIL_CREDENTIAL_CHAIN);
+  }
+  const { roleCredentials: { accessKeyId, secretAccessKey, sessionToken, expiration } = {} } = ssoResp;
+  const credentialScope = (_a = ssoResp == null ? void 0 : ssoResp.roleCredentials) == null ? void 0 : _a.credentialScope;
+  if (!accessKeyId || !secretAccessKey || !sessionToken || !expiration) {
+    throw new import_property_provider.CredentialsProviderError("SSO returns an invalid temporary credential.", SHOULD_FAIL_CREDENTIAL_CHAIN);
+  }
+  return { accessKeyId, secretAccessKey, sessionToken, expiration: new Date(expiration), credentialScope };
+}, "resolveSSOCredentials");
+
+// src/validateSsoProfile.ts
+
+var validateSsoProfile = /* @__PURE__ */ __name((profile) => {
+  const { sso_start_url, sso_account_id, sso_region, sso_role_name } = profile;
+  if (!sso_start_url || !sso_account_id || !sso_region || !sso_role_name) {
+    throw new import_property_provider.CredentialsProviderError(
+      `Profile is configured with invalid SSO credentials. Required parameters "sso_account_id", "sso_region", "sso_role_name", "sso_start_url". Got ${Object.keys(profile).join(
+        ", "
+      )}
+Reference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`,
+      false
+    );
+  }
+  return profile;
+}, "validateSsoProfile");
+
+// src/fromSSO.ts
+var fromSSO = /* @__PURE__ */ __name((init = {}) => async () => {
+  const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoClient, ssoSession } = init;
+  const profileName = (0, import_shared_ini_file_loader.getProfileName)(init);
+  if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName && !ssoSession) {
+    const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init);
+    const profile = profiles[profileName];
+    if (!profile) {
+      throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} was not found.`);
+    }
+    if (!isSsoProfile(profile)) {
+      throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} is not configured with SSO credentials.`);
+    }
+    if (profile == null ? void 0 : profile.sso_session) {
+      const ssoSessions = await (0, import_shared_ini_file_loader.loadSsoSessionData)(init);
+      const session = ssoSessions[profile.sso_session];
+      const conflictMsg = ` configurations in profile ${profileName} and sso-session ${profile.sso_session}`;
+      if (ssoRegion && ssoRegion !== session.sso_region) {
+        throw new import_property_provider.CredentialsProviderError(`Conflicting SSO region` + conflictMsg, false);
+      }
+      if (ssoStartUrl && ssoStartUrl !== session.sso_start_url) {
+        throw new import_property_provider.CredentialsProviderError(`Conflicting SSO start_url` + conflictMsg, false);
+      }
+      profile.sso_region = session.sso_region;
+      profile.sso_start_url = session.sso_start_url;
+    }
+    const { sso_start_url, sso_account_id, sso_region, sso_role_name, sso_session } = validateSsoProfile(profile);
+    return resolveSSOCredentials({
+      ssoStartUrl: sso_start_url,
+      ssoSession: sso_session,
+      ssoAccountId: sso_account_id,
+      ssoRegion: sso_region,
+      ssoRoleName: sso_role_name,
+      ssoClient,
+      profile: profileName
+    });
+  } else if (!ssoStartUrl || !ssoAccountId || !ssoRegion || !ssoRoleName) {
+    throw new import_property_provider.CredentialsProviderError(
+      'Incomplete configuration. The fromSSO() argument hash must include "ssoStartUrl", "ssoAccountId", "ssoRegion", "ssoRoleName"'
+    );
+  } else {
+    return resolveSSOCredentials({
+      ssoStartUrl,
+      ssoSession,
+      ssoAccountId,
+      ssoRegion,
+      ssoRoleName,
+      ssoClient,
+      profile: profileName
+    });
+  }
+}, "fromSSO");
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  fromSSO,
+  isSsoProfile,
+  validateSsoProfile
+});

package/dist-cjs/isSsoProfile.js

@@ -1,10 +1 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.isSsoProfile = void 0;
-const isSsoProfile = (arg) => arg &&
-    (typeof arg.sso_start_url === "string" ||
-        typeof arg.sso_account_id === "string" ||
-        typeof arg.sso_session === "string" ||
-        typeof arg.sso_region === "string" ||
-        typeof arg.sso_role_name === "string");
-exports.isSsoProfile = isSsoProfile;
+module.exports = require("./index.js");

package/dist-cjs/resolveSSOCredentials.js

@@ -1,56 +1 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.resolveSSOCredentials = void 0;
-const client_sso_1 = require("@aws-sdk/client-sso");
-const token_providers_1 = require("@aws-sdk/token-providers");
-const property_provider_1 = require("@smithy/property-provider");
-const shared_ini_file_loader_1 = require("@smithy/shared-ini-file-loader");
-const SHOULD_FAIL_CREDENTIAL_CHAIN = false;
-const resolveSSOCredentials = async ({ ssoStartUrl, ssoSession, ssoAccountId, ssoRegion, ssoRoleName, ssoClient, profile, }) => {
-    var _a;
-    let token;
-    const refreshMessage = `To refresh this SSO session run aws sso login with the corresponding profile.`;
-    if (ssoSession) {
-        try {
-            const _token = await (0, token_providers_1.fromSso)({ profile })();
-            token = {
-                accessToken: _token.token,
-                expiresAt: new Date(_token.expiration).toISOString(),
-            };
-        }
-        catch (e) {
-            throw new property_provider_1.CredentialsProviderError(e.message, SHOULD_FAIL_CREDENTIAL_CHAIN);
-        }
-    }
-    else {
-        try {
-            token = await (0, shared_ini_file_loader_1.getSSOTokenFromFile)(ssoStartUrl);
-        }
-        catch (e) {
-            throw new property_provider_1.CredentialsProviderError(`The SSO session associated with this profile is invalid. ${refreshMessage}`, SHOULD_FAIL_CREDENTIAL_CHAIN);
-        }
-    }
-    if (new Date(token.expiresAt).getTime() - Date.now() <= 0) {
-        throw new property_provider_1.CredentialsProviderError(`The SSO session associated with this profile has expired. ${refreshMessage}`, SHOULD_FAIL_CREDENTIAL_CHAIN);
-    }
-    const { accessToken } = token;
-    const sso = ssoClient || new client_sso_1.SSOClient({ region: ssoRegion });
-    let ssoResp;
-    try {
-        ssoResp = await sso.send(new client_sso_1.GetRoleCredentialsCommand({
-            accountId: ssoAccountId,
-            roleName: ssoRoleName,
-            accessToken,
-        }));
-    }
-    catch (e) {
-        throw property_provider_1.CredentialsProviderError.from(e, SHOULD_FAIL_CREDENTIAL_CHAIN);
-    }
-    const { roleCredentials: { accessKeyId, secretAccessKey, sessionToken, expiration } = {} } = ssoResp;
-    const credentialScope = (_a = ssoResp === null || ssoResp === void 0 ? void 0 : ssoResp.roleCredentials) === null || _a === void 0 ? void 0 : _a.credentialScope;
-    if (!accessKeyId || !secretAccessKey || !sessionToken || !expiration) {
-        throw new property_provider_1.CredentialsProviderError("SSO returns an invalid temporary credential.", SHOULD_FAIL_CREDENTIAL_CHAIN);
-    }
-    return { accessKeyId, secretAccessKey, sessionToken, expiration: new Date(expiration), credentialScope };
-};
-exports.resolveSSOCredentials = resolveSSOCredentials;
+module.exports = require("./index.js");

package/dist-cjs/types.js

@@ -1,2 +1 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
+module.exports = require("./index.js");

package/dist-cjs/validateSsoProfile.js

@@ -1,13 +1 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.validateSsoProfile = void 0;
-const property_provider_1 = require("@smithy/property-provider");
-const validateSsoProfile = (profile) => {
-    const { sso_start_url, sso_account_id, sso_region, sso_role_name } = profile;
-    if (!sso_start_url || !sso_account_id || !sso_region || !sso_role_name) {
-        throw new property_provider_1.CredentialsProviderError(`Profile is configured with invalid SSO credentials. Required parameters "sso_account_id", ` +
-            `"sso_region", "sso_role_name", "sso_start_url". Got ${Object.keys(profile).join(", ")}\nReference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`, false);
-    }
-    return profile;
-};
-exports.validateSsoProfile = validateSsoProfile;
+module.exports = require("./index.js");

package/package.json

@@ -1,12 +1,12 @@
 {
   "name": "@aws-sdk/credential-provider-sso",
-  "version": "3.490.0",
+  "version": "3.495.0",
   "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials",
   "main": "./dist-cjs/index.js",
   "module": "./dist-es/index.js",
   "scripts": {
     "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
-    "build:cjs": "tsc -p tsconfig.cjs.json",
+    "build:cjs": "node ../../scripts/compilation/inline credential-provider-sso",
     "build:es": "tsc -p tsconfig.es.json",
     "build:include:deps": "lerna run --scope $npm_package_name --include-dependencies build",
     "build:types": "tsc -p tsconfig.types.json",
@@ -24,12 +24,12 @@
   },
   "license": "Apache-2.0",
   "dependencies": {
-    "@aws-sdk/client-sso": "3.490.0",
-    "@aws-sdk/token-providers": "3.489.0",
-    "@aws-sdk/types": "3.489.0",
-    "@smithy/property-provider": "^2.0.0",
-    "@smithy/shared-ini-file-loader": "^2.0.6",
-    "@smithy/types": "^2.8.0",
+    "@aws-sdk/client-sso": "3.495.0",
+    "@aws-sdk/token-providers": "3.495.0",
+    "@aws-sdk/types": "3.495.0",
+    "@smithy/property-provider": "^2.1.0",
+    "@smithy/shared-ini-file-loader": "^2.3.0",
+    "@smithy/types": "^2.9.0",
     "tslib": "^2.5.0"
   },
   "devDependencies": {