@aws-sdk/credential-provider-sso 3.54.0 → 3.56.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +24 -0
- package/dist-cjs/fromSSO.js +7 -7
- package/dist-cjs/resolveSSOCredentials.js +1 -8
- package/dist-es/fromSSO.js +3 -3
- package/dist-es/resolveSSOCredentials.js +16 -24
- package/dist-es/validateSsoProfile.js +1 -1
- package/dist-types/fromSSO.d.ts +1 -1
- package/dist-types/isSsoProfile.d.ts +1 -1
- package/dist-types/ts3.4/fromSSO.d.ts +1 -1
- package/dist-types/ts3.4/isSsoProfile.d.ts +1 -1
- package/dist-types/ts3.4/types.d.ts +1 -1
- package/dist-types/types.d.ts +1 -1
- package/package.json +7 -8
package/CHANGELOG.md
CHANGED
|
@@ -3,6 +3,30 @@
|
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
|
4
4
|
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
|
|
5
5
|
|
|
6
|
+
# [3.56.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.55.0...v3.56.0) (2022-03-24)
|
|
7
|
+
|
|
8
|
+
**Note:** Version bump only for package @aws-sdk/credential-provider-sso
|
|
9
|
+
|
|
10
|
+
|
|
11
|
+
|
|
12
|
+
|
|
13
|
+
|
|
14
|
+
# [3.55.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.54.1...v3.55.0) (2022-03-21)
|
|
15
|
+
|
|
16
|
+
**Note:** Version bump only for package @aws-sdk/credential-provider-sso
|
|
17
|
+
|
|
18
|
+
|
|
19
|
+
|
|
20
|
+
|
|
21
|
+
|
|
22
|
+
## [3.54.1](https://github.com/aws/aws-sdk-js-v3/compare/v3.54.0...v3.54.1) (2022-03-15)
|
|
23
|
+
|
|
24
|
+
**Note:** Version bump only for package @aws-sdk/credential-provider-sso
|
|
25
|
+
|
|
26
|
+
|
|
27
|
+
|
|
28
|
+
|
|
29
|
+
|
|
6
30
|
# [3.54.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.53.1...v3.54.0) (2022-03-11)
|
|
7
31
|
|
|
8
32
|
**Note:** Version bump only for package @aws-sdk/credential-provider-sso
|
package/dist-cjs/fromSSO.js
CHANGED
|
@@ -2,21 +2,21 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.fromSSO = void 0;
|
|
4
4
|
const property_provider_1 = require("@aws-sdk/property-provider");
|
|
5
|
-
const
|
|
5
|
+
const shared_ini_file_loader_1 = require("@aws-sdk/shared-ini-file-loader");
|
|
6
6
|
const isSsoProfile_1 = require("./isSsoProfile");
|
|
7
7
|
const resolveSSOCredentials_1 = require("./resolveSSOCredentials");
|
|
8
8
|
const validateSsoProfile_1 = require("./validateSsoProfile");
|
|
9
9
|
const fromSSO = (init = {}) => async () => {
|
|
10
10
|
const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoClient } = init;
|
|
11
11
|
if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName) {
|
|
12
|
-
const profiles = await
|
|
13
|
-
const profileName =
|
|
12
|
+
const profiles = await (0, shared_ini_file_loader_1.parseKnownFiles)(init);
|
|
13
|
+
const profileName = (0, shared_ini_file_loader_1.getProfileName)(init);
|
|
14
14
|
const profile = profiles[profileName];
|
|
15
|
-
if (!isSsoProfile_1.isSsoProfile(profile)) {
|
|
15
|
+
if (!(0, isSsoProfile_1.isSsoProfile)(profile)) {
|
|
16
16
|
throw new property_provider_1.CredentialsProviderError(`Profile ${profileName} is not configured with SSO credentials.`);
|
|
17
17
|
}
|
|
18
|
-
const { sso_start_url, sso_account_id, sso_region, sso_role_name } = validateSsoProfile_1.validateSsoProfile(profile);
|
|
19
|
-
return resolveSSOCredentials_1.resolveSSOCredentials({
|
|
18
|
+
const { sso_start_url, sso_account_id, sso_region, sso_role_name } = (0, validateSsoProfile_1.validateSsoProfile)(profile);
|
|
19
|
+
return (0, resolveSSOCredentials_1.resolveSSOCredentials)({
|
|
20
20
|
ssoStartUrl: sso_start_url,
|
|
21
21
|
ssoAccountId: sso_account_id,
|
|
22
22
|
ssoRegion: sso_region,
|
|
@@ -29,7 +29,7 @@ const fromSSO = (init = {}) => async () => {
|
|
|
29
29
|
' "ssoAccountId", "ssoRegion", "ssoRoleName"');
|
|
30
30
|
}
|
|
31
31
|
else {
|
|
32
|
-
return resolveSSOCredentials_1.resolveSSOCredentials({ ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoClient });
|
|
32
|
+
return (0, resolveSSOCredentials_1.resolveSSOCredentials)({ ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoClient });
|
|
33
33
|
}
|
|
34
34
|
};
|
|
35
35
|
exports.fromSSO = fromSSO;
|
|
@@ -4,20 +4,13 @@ exports.resolveSSOCredentials = void 0;
|
|
|
4
4
|
const client_sso_1 = require("@aws-sdk/client-sso");
|
|
5
5
|
const property_provider_1 = require("@aws-sdk/property-provider");
|
|
6
6
|
const shared_ini_file_loader_1 = require("@aws-sdk/shared-ini-file-loader");
|
|
7
|
-
const crypto_1 = require("crypto");
|
|
8
|
-
const fs_1 = require("fs");
|
|
9
|
-
const path_1 = require("path");
|
|
10
7
|
const EXPIRE_WINDOW_MS = 15 * 60 * 1000;
|
|
11
8
|
const SHOULD_FAIL_CREDENTIAL_CHAIN = false;
|
|
12
|
-
const { readFile } = fs_1.promises;
|
|
13
9
|
const resolveSSOCredentials = async ({ ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoClient, }) => {
|
|
14
|
-
const hasher = crypto_1.createHash("sha1");
|
|
15
|
-
const cacheName = hasher.update(ssoStartUrl).digest("hex");
|
|
16
|
-
const tokenFile = path_1.join(shared_ini_file_loader_1.getHomeDir(), ".aws", "sso", "cache", `${cacheName}.json`);
|
|
17
10
|
let token;
|
|
18
11
|
const refreshMessage = `To refresh this SSO session run aws sso login with the corresponding profile.`;
|
|
19
12
|
try {
|
|
20
|
-
token =
|
|
13
|
+
token = await (0, shared_ini_file_loader_1.getSSOTokenFromFile)(ssoStartUrl);
|
|
21
14
|
}
|
|
22
15
|
catch (e) {
|
|
23
16
|
throw new property_provider_1.CredentialsProviderError(`The SSO session associated with this profile is invalid. ${refreshMessage}`, SHOULD_FAIL_CREDENTIAL_CHAIN);
|
package/dist-es/fromSSO.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { __awaiter, __generator } from "tslib";
|
|
2
2
|
import { CredentialsProviderError } from "@aws-sdk/property-provider";
|
|
3
|
-
import {
|
|
3
|
+
import { getProfileName, parseKnownFiles } from "@aws-sdk/shared-ini-file-loader";
|
|
4
4
|
import { isSsoProfile } from "./isSsoProfile";
|
|
5
5
|
import { resolveSSOCredentials } from "./resolveSSOCredentials";
|
|
6
6
|
import { validateSsoProfile } from "./validateSsoProfile";
|
|
@@ -16,10 +16,10 @@ export var fromSSO = function (init) {
|
|
|
16
16
|
return [4, parseKnownFiles(init)];
|
|
17
17
|
case 1:
|
|
18
18
|
profiles = _b.sent();
|
|
19
|
-
profileName =
|
|
19
|
+
profileName = getProfileName(init);
|
|
20
20
|
profile = profiles[profileName];
|
|
21
21
|
if (!isSsoProfile(profile)) {
|
|
22
|
-
throw new CredentialsProviderError("Profile "
|
|
22
|
+
throw new CredentialsProviderError("Profile ".concat(profileName, " is not configured with SSO credentials."));
|
|
23
23
|
}
|
|
24
24
|
_a = validateSsoProfile(profile), sso_start_url = _a.sso_start_url, sso_account_id = _a.sso_account_id, sso_region = _a.sso_region, sso_role_name = _a.sso_role_name;
|
|
25
25
|
return [2, resolveSSOCredentials({
|
|
@@ -1,57 +1,49 @@
|
|
|
1
1
|
import { __awaiter, __generator } from "tslib";
|
|
2
2
|
import { GetRoleCredentialsCommand, SSOClient } from "@aws-sdk/client-sso";
|
|
3
3
|
import { CredentialsProviderError } from "@aws-sdk/property-provider";
|
|
4
|
-
import {
|
|
5
|
-
import { createHash } from "crypto";
|
|
6
|
-
import { promises as fsPromises } from "fs";
|
|
7
|
-
import { join } from "path";
|
|
4
|
+
import { getSSOTokenFromFile } from "@aws-sdk/shared-ini-file-loader";
|
|
8
5
|
var EXPIRE_WINDOW_MS = 15 * 60 * 1000;
|
|
9
6
|
var SHOULD_FAIL_CREDENTIAL_CHAIN = false;
|
|
10
|
-
var readFile = fsPromises.readFile;
|
|
11
7
|
export var resolveSSOCredentials = function (_a) {
|
|
12
8
|
var ssoStartUrl = _a.ssoStartUrl, ssoAccountId = _a.ssoAccountId, ssoRegion = _a.ssoRegion, ssoRoleName = _a.ssoRoleName, ssoClient = _a.ssoClient;
|
|
13
9
|
return __awaiter(void 0, void 0, void 0, function () {
|
|
14
|
-
var
|
|
15
|
-
return __generator(this, function (
|
|
16
|
-
switch (
|
|
10
|
+
var token, refreshMessage, e_1, accessToken, sso, ssoResp, e_2, _b, _c, accessKeyId, secretAccessKey, sessionToken, expiration;
|
|
11
|
+
return __generator(this, function (_d) {
|
|
12
|
+
switch (_d.label) {
|
|
17
13
|
case 0:
|
|
18
|
-
hasher = createHash("sha1");
|
|
19
|
-
cacheName = hasher.update(ssoStartUrl).digest("hex");
|
|
20
|
-
tokenFile = join(getHomeDir(), ".aws", "sso", "cache", cacheName + ".json");
|
|
21
14
|
refreshMessage = "To refresh this SSO session run aws sso login with the corresponding profile.";
|
|
22
|
-
|
|
15
|
+
_d.label = 1;
|
|
23
16
|
case 1:
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
return [4, readFile(tokenFile, "utf8")];
|
|
17
|
+
_d.trys.push([1, 3, , 4]);
|
|
18
|
+
return [4, getSSOTokenFromFile(ssoStartUrl)];
|
|
27
19
|
case 2:
|
|
28
|
-
token =
|
|
20
|
+
token = _d.sent();
|
|
29
21
|
return [3, 4];
|
|
30
22
|
case 3:
|
|
31
|
-
e_1 =
|
|
32
|
-
throw new CredentialsProviderError("The SSO session associated with this profile is invalid. "
|
|
23
|
+
e_1 = _d.sent();
|
|
24
|
+
throw new CredentialsProviderError("The SSO session associated with this profile is invalid. ".concat(refreshMessage), SHOULD_FAIL_CREDENTIAL_CHAIN);
|
|
33
25
|
case 4:
|
|
34
26
|
if (new Date(token.expiresAt).getTime() - Date.now() <= EXPIRE_WINDOW_MS) {
|
|
35
|
-
throw new CredentialsProviderError("The SSO session associated with this profile has expired. "
|
|
27
|
+
throw new CredentialsProviderError("The SSO session associated with this profile has expired. ".concat(refreshMessage), SHOULD_FAIL_CREDENTIAL_CHAIN);
|
|
36
28
|
}
|
|
37
29
|
accessToken = token.accessToken;
|
|
38
30
|
sso = ssoClient || new SSOClient({ region: ssoRegion });
|
|
39
|
-
|
|
31
|
+
_d.label = 5;
|
|
40
32
|
case 5:
|
|
41
|
-
|
|
33
|
+
_d.trys.push([5, 7, , 8]);
|
|
42
34
|
return [4, sso.send(new GetRoleCredentialsCommand({
|
|
43
35
|
accountId: ssoAccountId,
|
|
44
36
|
roleName: ssoRoleName,
|
|
45
37
|
accessToken: accessToken,
|
|
46
38
|
}))];
|
|
47
39
|
case 6:
|
|
48
|
-
ssoResp =
|
|
40
|
+
ssoResp = _d.sent();
|
|
49
41
|
return [3, 8];
|
|
50
42
|
case 7:
|
|
51
|
-
e_2 =
|
|
43
|
+
e_2 = _d.sent();
|
|
52
44
|
throw CredentialsProviderError.from(e_2, SHOULD_FAIL_CREDENTIAL_CHAIN);
|
|
53
45
|
case 8:
|
|
54
|
-
|
|
46
|
+
_b = ssoResp.roleCredentials, _c = _b === void 0 ? {} : _b, accessKeyId = _c.accessKeyId, secretAccessKey = _c.secretAccessKey, sessionToken = _c.sessionToken, expiration = _c.expiration;
|
|
55
47
|
if (!accessKeyId || !secretAccessKey || !sessionToken || !expiration) {
|
|
56
48
|
throw new CredentialsProviderError("SSO returns an invalid temporary credential.", SHOULD_FAIL_CREDENTIAL_CHAIN);
|
|
57
49
|
}
|
|
@@ -3,7 +3,7 @@ export var validateSsoProfile = function (profile) {
|
|
|
3
3
|
var sso_start_url = profile.sso_start_url, sso_account_id = profile.sso_account_id, sso_region = profile.sso_region, sso_role_name = profile.sso_role_name;
|
|
4
4
|
if (!sso_start_url || !sso_account_id || !sso_region || !sso_role_name) {
|
|
5
5
|
throw new CredentialsProviderError("Profile is configured with invalid SSO credentials. Required parameters \"sso_account_id\", \"sso_region\", " +
|
|
6
|
-
|
|
6
|
+
"\"sso_role_name\", \"sso_start_url\". Got ".concat(Object.keys(profile).join(", "), "\nReference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html"), false);
|
|
7
7
|
}
|
|
8
8
|
return profile;
|
|
9
9
|
};
|
package/dist-types/fromSSO.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { SSOClient } from "@aws-sdk/client-sso";
|
|
2
|
+
import { SourceProfileInit } from "@aws-sdk/shared-ini-file-loader";
|
|
2
3
|
import { CredentialProvider } from "@aws-sdk/types";
|
|
3
|
-
import { SourceProfileInit } from "@aws-sdk/util-credentials";
|
|
4
4
|
export interface SsoCredentialsParameters {
|
|
5
5
|
/**
|
|
6
6
|
* The URL to the AWS SSO service.
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { SSOClient } from "@aws-sdk/client-sso";
|
|
2
|
+
import { SourceProfileInit } from "@aws-sdk/shared-ini-file-loader";
|
|
2
3
|
import { CredentialProvider } from "@aws-sdk/types";
|
|
3
|
-
import { SourceProfileInit } from "@aws-sdk/util-credentials";
|
|
4
4
|
export interface SsoCredentialsParameters {
|
|
5
5
|
|
|
6
6
|
ssoStartUrl: string;
|
package/dist-types/types.d.ts
CHANGED
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@aws-sdk/credential-provider-sso",
|
|
3
|
-
"version": "3.
|
|
3
|
+
"version": "3.56.0",
|
|
4
4
|
"description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials",
|
|
5
5
|
"main": "./dist-cjs/index.js",
|
|
6
6
|
"module": "./dist-es/index.js",
|
|
@@ -23,12 +23,11 @@
|
|
|
23
23
|
},
|
|
24
24
|
"license": "Apache-2.0",
|
|
25
25
|
"dependencies": {
|
|
26
|
-
"@aws-sdk/client-sso": "3.
|
|
27
|
-
"@aws-sdk/property-provider": "3.
|
|
28
|
-
"@aws-sdk/shared-ini-file-loader": "3.
|
|
29
|
-
"@aws-sdk/types": "3.
|
|
30
|
-
"
|
|
31
|
-
"tslib": "^2.3.0"
|
|
26
|
+
"@aws-sdk/client-sso": "3.56.0",
|
|
27
|
+
"@aws-sdk/property-provider": "3.55.0",
|
|
28
|
+
"@aws-sdk/shared-ini-file-loader": "3.56.0",
|
|
29
|
+
"@aws-sdk/types": "3.55.0",
|
|
30
|
+
"tslib": "^2.3.1"
|
|
32
31
|
},
|
|
33
32
|
"devDependencies": {
|
|
34
33
|
"@tsconfig/recommended": "1.0.1",
|
|
@@ -37,7 +36,7 @@
|
|
|
37
36
|
"downlevel-dts": "0.7.0",
|
|
38
37
|
"rimraf": "3.0.2",
|
|
39
38
|
"typedoc": "0.19.2",
|
|
40
|
-
"typescript": "~4.
|
|
39
|
+
"typescript": "~4.6.2"
|
|
41
40
|
},
|
|
42
41
|
"types": "./dist-types/index.d.ts",
|
|
43
42
|
"engines": {
|