@aws-sdk/credential-provider-sso 3.496.0 → 3.502.0

package/dist-cjs/index.js

@@ -3,6 +3,9 @@ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
 var __export = (target, all) => {
   for (var name in all)
     __defProp(target, name, { get: all[name], enumerable: true });
@@ -17,6 +20,19 @@ var __copyProps = (to, from, except, desc) => {
 };
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
+// src/loadSso.ts
+var loadSso_exports = {};
+__export(loadSso_exports, {
+  GetRoleCredentialsCommand: () => import_client_sso.GetRoleCredentialsCommand,
+  SSOClient: () => import_client_sso.SSOClient
+});
+var import_client_sso;
+var init_loadSso = __esm({
+  "src/loadSso.ts"() {
+    import_client_sso = require("@aws-sdk/client-sso");
+  }
+});
+
 // src/index.ts
 var src_exports = {};
 __export(src_exports, {
@@ -34,7 +50,6 @@ module.exports = __toCommonJS(src_exports);
 var isSsoProfile = /* @__PURE__ */ __name((arg) => arg && (typeof arg.sso_start_url === "string" || typeof arg.sso_account_id === "string" || typeof arg.sso_session === "string" || typeof arg.sso_region === "string" || typeof arg.sso_role_name === "string"), "isSsoProfile");
 
 // src/resolveSSOCredentials.ts
-var import_client_sso = require("@aws-sdk/client-sso");
 var import_token_providers = require("@aws-sdk/token-providers");
 var import_property_provider = require("@smithy/property-provider");
 var import_shared_ini_file_loader = require("@smithy/shared-ini-file-loader");
@@ -48,7 +63,6 @@ var resolveSSOCredentials = /* @__PURE__ */ __name(async ({
   ssoClient,
   profile
 }) => {
-  var _a;
   let token;
   const refreshMessage = `To refresh this SSO session run aws sso login with the corresponding profile.`;
   if (ssoSession) {
@@ -78,11 +92,12 @@ var resolveSSOCredentials = /* @__PURE__ */ __name(async ({
     );
   }
   const { accessToken } = token;
-  const sso = ssoClient || new import_client_sso.SSOClient({ region: ssoRegion });
+  const { SSOClient: SSOClient2, GetRoleCredentialsCommand: GetRoleCredentialsCommand2 } = await Promise.resolve().then(() => (init_loadSso(), loadSso_exports));
+  const sso = ssoClient || new SSOClient2({ region: ssoRegion });
   let ssoResp;
   try {
     ssoResp = await sso.send(
-      new import_client_sso.GetRoleCredentialsCommand({
+      new GetRoleCredentialsCommand2({
         accountId: ssoAccountId,
         roleName: ssoRoleName,
         accessToken
@@ -91,8 +106,7 @@ var resolveSSOCredentials = /* @__PURE__ */ __name(async ({
   } catch (e) {
     throw import_property_provider.CredentialsProviderError.from(e, SHOULD_FAIL_CREDENTIAL_CHAIN);
   }
-  const { roleCredentials: { accessKeyId, secretAccessKey, sessionToken, expiration } = {} } = ssoResp;
-  const credentialScope = (_a = ssoResp == null ? void 0 : ssoResp.roleCredentials) == null ? void 0 : _a.credentialScope;
+  const { roleCredentials: { accessKeyId, secretAccessKey, sessionToken, expiration, credentialScope } = {} } = ssoResp;
   if (!accessKeyId || !secretAccessKey || !sessionToken || !expiration) {
     throw new import_property_provider.CredentialsProviderError("SSO returns an invalid temporary credential.", SHOULD_FAIL_CREDENTIAL_CHAIN);
   }
@@ -117,7 +131,14 @@ Reference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.ht
 
 // src/fromSSO.ts
 var fromSSO = /* @__PURE__ */ __name((init = {}) => async () => {
-  const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoClient, ssoSession } = init;
+  var _a;
+  (_a = init.logger) == null ? void 0 : _a.debug("@aws-sdk/credential-provider-sso", "fromSSO");
+  const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoSession } = init;
+  let { ssoClient } = init;
+  if (!ssoClient) {
+    const { SSOClient: SSOClient2 } = await Promise.resolve().then(() => (init_loadSso(), loadSso_exports));
+    ssoClient = new SSOClient2(init.clientConfig ?? {});
+  }
   const profileName = (0, import_shared_ini_file_loader.getProfileName)(init);
   if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName && !ssoSession) {
     const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init);

package/dist-cjs/loadSso.js

@@ -0,0 +1 @@
+module.exports = require("./index.js");

package/dist-es/fromSSO.js

@@ -4,7 +4,13 @@ import { isSsoProfile } from "./isSsoProfile";
 import { resolveSSOCredentials } from "./resolveSSOCredentials";
 import { validateSsoProfile } from "./validateSsoProfile";
 export const fromSSO = (init = {}) => async () => {
-    const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoClient, ssoSession } = init;
+    init.logger?.debug("@aws-sdk/credential-provider-sso", "fromSSO");
+    const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoSession } = init;
+    let { ssoClient } = init;
+    if (!ssoClient) {
+        const { SSOClient } = await import("./loadSso");
+        ssoClient = new SSOClient(init.clientConfig ?? {});
+    }
     const profileName = getProfileName(init);
     if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName && !ssoSession) {
         const profiles = await parseKnownFiles(init);

package/dist-es/loadSso.js

@@ -0,0 +1,2 @@
+import { GetRoleCredentialsCommand, SSOClient } from "@aws-sdk/client-sso";
+export { GetRoleCredentialsCommand, SSOClient };

package/dist-es/resolveSSOCredentials.js

@@ -1,4 +1,3 @@
-import { GetRoleCredentialsCommand, SSOClient } from "@aws-sdk/client-sso";
 import { fromSso as getSsoTokenProvider } from "@aws-sdk/token-providers";
 import { CredentialsProviderError } from "@smithy/property-provider";
 import { getSSOTokenFromFile } from "@smithy/shared-ini-file-loader";
@@ -30,6 +29,7 @@ export const resolveSSOCredentials = async ({ ssoStartUrl, ssoSession, ssoAccoun
         throw new CredentialsProviderError(`The SSO session associated with this profile has expired. ${refreshMessage}`, SHOULD_FAIL_CREDENTIAL_CHAIN);
     }
     const { accessToken } = token;
+    const { SSOClient, GetRoleCredentialsCommand } = await import("./loadSso");
     const sso = ssoClient || new SSOClient({ region: ssoRegion });
     let ssoResp;
     try {
@@ -42,8 +42,7 @@ export const resolveSSOCredentials = async ({ ssoStartUrl, ssoSession, ssoAccoun
     catch (e) {
         throw CredentialsProviderError.from(e, SHOULD_FAIL_CREDENTIAL_CHAIN);
     }
-    const { roleCredentials: { accessKeyId, secretAccessKey, sessionToken, expiration } = {} } = ssoResp;
-    const credentialScope = ssoResp?.roleCredentials?.credentialScope;
+    const { roleCredentials: { accessKeyId, secretAccessKey, sessionToken, expiration, credentialScope } = {} } = ssoResp;
     if (!accessKeyId || !secretAccessKey || !sessionToken || !expiration) {
         throw new CredentialsProviderError("SSO returns an invalid temporary credential.", SHOULD_FAIL_CREDENTIAL_CHAIN);
     }

package/dist-types/fromSSO.d.ts

@@ -1,6 +1,7 @@
-import { SSOClient } from "@aws-sdk/client-sso";
+import type { CredentialProviderOptions } from "@aws-sdk/types";
 import { SourceProfileInit } from "@smithy/shared-ini-file-loader";
 import { AwsCredentialIdentityProvider } from "@smithy/types";
+import type { SSOClient, SSOClientConfig } from "./loadSso";
 /**
  * @internal
  */
@@ -30,8 +31,9 @@ export interface SsoCredentialsParameters {
 /**
  * @internal
  */
-export interface FromSSOInit extends SourceProfileInit {
+export interface FromSSOInit extends SourceProfileInit, CredentialProviderOptions {
     ssoClient?: SSOClient;
+    clientConfig?: SSOClientConfig;
 }
 /**
  * @internal

package/dist-types/loadSso.d.ts

@@ -0,0 +1,3 @@
+import { GetRoleCredentialsCommand, SSOClient } from "@aws-sdk/client-sso";
+export { GetRoleCredentialsCommand, SSOClient };
+export type { SSOClientConfig, GetRoleCredentialsCommandOutput } from "@aws-sdk/client-sso";

package/dist-types/ts3.4/fromSSO.d.ts

@@ -1,6 +1,7 @@
-import { SSOClient } from "@aws-sdk/client-sso";
+import { CredentialProviderOptions } from "@aws-sdk/types";
 import { SourceProfileInit } from "@smithy/shared-ini-file-loader";
 import { AwsCredentialIdentityProvider } from "@smithy/types";
+import { SSOClient, SSOClientConfig } from "./loadSso";
 export interface SsoCredentialsParameters {
   ssoStartUrl: string;
   ssoSession?: string;
@@ -8,8 +9,11 @@ export interface SsoCredentialsParameters {
   ssoRegion: string;
   ssoRoleName: string;
 }
-export interface FromSSOInit extends SourceProfileInit {
+export interface FromSSOInit
+  extends SourceProfileInit,
+    CredentialProviderOptions {
   ssoClient?: SSOClient;
+  clientConfig?: SSOClientConfig;
 }
 export declare const fromSSO: (
   init?: FromSSOInit & Partial<SsoCredentialsParameters>

package/dist-types/ts3.4/loadSso.d.ts

@@ -0,0 +1,6 @@
+import { GetRoleCredentialsCommand, SSOClient } from "@aws-sdk/client-sso";
+export { GetRoleCredentialsCommand, SSOClient };
+export {
+  SSOClientConfig,
+  GetRoleCredentialsCommandOutput,
+} from "@aws-sdk/client-sso";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aws-sdk/credential-provider-sso",
-  "version": "3.496.0",
+  "version": "3.502.0",
   "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials",
   "main": "./dist-cjs/index.js",
   "module": "./dist-es/index.js",
@@ -24,9 +24,9 @@
   },
   "license": "Apache-2.0",
   "dependencies": {
-    "@aws-sdk/client-sso": "3.496.0",
-    "@aws-sdk/token-providers": "3.496.0",
-    "@aws-sdk/types": "3.496.0",
+    "@aws-sdk/client-sso": "3.502.0",
+    "@aws-sdk/token-providers": "3.502.0",
+    "@aws-sdk/types": "3.502.0",
     "@smithy/property-provider": "^2.1.1",
     "@smithy/shared-ini-file-loader": "^2.3.1",
     "@smithy/types": "^2.9.1",