@aws-sdk/credential-provider-sso 3.972.52 → 3.972.54
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist-cjs/index.js
CHANGED
|
@@ -1,8 +1,6 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
var client = require('@aws-sdk/core/client');
|
|
5
|
-
var tokenProviders = require('@aws-sdk/token-providers');
|
|
1
|
+
const { CredentialsProviderError, getSSOTokenFromFile, getProfileName, parseKnownFiles, loadSsoSessionData } = require("@smithy/core/config");
|
|
2
|
+
const { setCredentialFeature } = require("@aws-sdk/core/client");
|
|
3
|
+
const { fromSso } = require("@aws-sdk/token-providers");
|
|
6
4
|
|
|
7
5
|
const isSsoProfile = (arg) => arg &&
|
|
8
6
|
(typeof arg.sso_start_url === "string" ||
|
|
@@ -17,7 +15,7 @@ const resolveSSOCredentials = async ({ ssoStartUrl, ssoSession, ssoAccountId, ss
|
|
|
17
15
|
const refreshMessage = `To refresh this SSO session run aws sso login with the corresponding profile.`;
|
|
18
16
|
if (ssoSession) {
|
|
19
17
|
try {
|
|
20
|
-
const _token = await
|
|
18
|
+
const _token = await fromSso({
|
|
21
19
|
profile,
|
|
22
20
|
filepath,
|
|
23
21
|
configFilepath,
|
|
@@ -32,7 +30,7 @@ const resolveSSOCredentials = async ({ ssoStartUrl, ssoSession, ssoAccountId, ss
|
|
|
32
30
|
};
|
|
33
31
|
}
|
|
34
32
|
catch (e) {
|
|
35
|
-
throw new
|
|
33
|
+
throw new CredentialsProviderError(e.message, {
|
|
36
34
|
tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,
|
|
37
35
|
logger,
|
|
38
36
|
});
|
|
@@ -40,23 +38,23 @@ const resolveSSOCredentials = async ({ ssoStartUrl, ssoSession, ssoAccountId, ss
|
|
|
40
38
|
}
|
|
41
39
|
else {
|
|
42
40
|
try {
|
|
43
|
-
token = await
|
|
41
|
+
token = await getSSOTokenFromFile(ssoStartUrl);
|
|
44
42
|
}
|
|
45
43
|
catch (e) {
|
|
46
|
-
throw new
|
|
44
|
+
throw new CredentialsProviderError(`The SSO session associated with this profile is invalid. ${refreshMessage}`, {
|
|
47
45
|
tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,
|
|
48
46
|
logger,
|
|
49
47
|
});
|
|
50
48
|
}
|
|
51
49
|
}
|
|
52
50
|
if (new Date(token.expiresAt).getTime() - Date.now() <= 0) {
|
|
53
|
-
throw new
|
|
51
|
+
throw new CredentialsProviderError(`The SSO session associated with this profile has expired. ${refreshMessage}`, {
|
|
54
52
|
tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,
|
|
55
53
|
logger,
|
|
56
54
|
});
|
|
57
55
|
}
|
|
58
56
|
const { accessToken } = token;
|
|
59
|
-
const { SSOClient, GetRoleCredentialsCommand } =
|
|
57
|
+
const { SSOClient, GetRoleCredentialsCommand } = require('./loadSso-BGYXHf8s.js');
|
|
60
58
|
const sso = ssoClient ||
|
|
61
59
|
new SSOClient(Object.assign({}, clientConfig ?? {}, {
|
|
62
60
|
logger: clientConfig?.logger ?? callerClientConfig?.logger ?? parentClientConfig?.logger,
|
|
@@ -72,14 +70,14 @@ const resolveSSOCredentials = async ({ ssoStartUrl, ssoSession, ssoAccountId, ss
|
|
|
72
70
|
}));
|
|
73
71
|
}
|
|
74
72
|
catch (e) {
|
|
75
|
-
throw new
|
|
73
|
+
throw new CredentialsProviderError(e, {
|
|
76
74
|
tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,
|
|
77
75
|
logger,
|
|
78
76
|
});
|
|
79
77
|
}
|
|
80
78
|
const { roleCredentials: { accessKeyId, secretAccessKey, sessionToken, expiration, credentialScope, accountId } = {}, } = ssoResp;
|
|
81
79
|
if (!accessKeyId || !secretAccessKey || !sessionToken || !expiration) {
|
|
82
|
-
throw new
|
|
80
|
+
throw new CredentialsProviderError("SSO returns an invalid temporary credential.", {
|
|
83
81
|
tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,
|
|
84
82
|
logger,
|
|
85
83
|
});
|
|
@@ -93,10 +91,10 @@ const resolveSSOCredentials = async ({ ssoStartUrl, ssoSession, ssoAccountId, ss
|
|
|
93
91
|
...(accountId && { accountId }),
|
|
94
92
|
};
|
|
95
93
|
if (ssoSession) {
|
|
96
|
-
|
|
94
|
+
setCredentialFeature(credentials, "CREDENTIALS_SSO", "s");
|
|
97
95
|
}
|
|
98
96
|
else {
|
|
99
|
-
|
|
97
|
+
setCredentialFeature(credentials, "CREDENTIALS_SSO_LEGACY", "u");
|
|
100
98
|
}
|
|
101
99
|
return credentials;
|
|
102
100
|
};
|
|
@@ -104,7 +102,7 @@ const resolveSSOCredentials = async ({ ssoStartUrl, ssoSession, ssoAccountId, ss
|
|
|
104
102
|
const validateSsoProfile = (profile, logger) => {
|
|
105
103
|
const { sso_start_url, sso_account_id, sso_region, sso_role_name } = profile;
|
|
106
104
|
if (!sso_start_url || !sso_account_id || !sso_region || !sso_role_name) {
|
|
107
|
-
throw new
|
|
105
|
+
throw new CredentialsProviderError(`Profile is configured with invalid SSO credentials. Required parameters "sso_account_id", ` +
|
|
108
106
|
`"sso_region", "sso_role_name", "sso_start_url". Got ${Object.keys(profile).join(", ")}\nReference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`, { tryNextLink: false, logger });
|
|
109
107
|
}
|
|
110
108
|
return profile;
|
|
@@ -114,32 +112,32 @@ const fromSSO = (init = {}) => async ({ callerClientConfig } = {}) => {
|
|
|
114
112
|
init.logger?.debug("@aws-sdk/credential-provider-sso - fromSSO");
|
|
115
113
|
const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoSession } = init;
|
|
116
114
|
const { ssoClient } = init;
|
|
117
|
-
const profileName =
|
|
115
|
+
const profileName = getProfileName({
|
|
118
116
|
profile: init.profile ?? callerClientConfig?.profile,
|
|
119
117
|
});
|
|
120
118
|
if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName && !ssoSession) {
|
|
121
|
-
const profiles = await
|
|
119
|
+
const profiles = await parseKnownFiles(init);
|
|
122
120
|
const profile = profiles[profileName];
|
|
123
121
|
if (!profile) {
|
|
124
|
-
throw new
|
|
122
|
+
throw new CredentialsProviderError(`Profile ${profileName} was not found.`, { logger: init.logger });
|
|
125
123
|
}
|
|
126
124
|
if (!isSsoProfile(profile)) {
|
|
127
|
-
throw new
|
|
125
|
+
throw new CredentialsProviderError(`Profile ${profileName} is not configured with SSO credentials.`, {
|
|
128
126
|
logger: init.logger,
|
|
129
127
|
});
|
|
130
128
|
}
|
|
131
129
|
if (profile?.sso_session) {
|
|
132
|
-
const ssoSessions = await
|
|
130
|
+
const ssoSessions = await loadSsoSessionData(init);
|
|
133
131
|
const session = ssoSessions[profile.sso_session];
|
|
134
132
|
const conflictMsg = ` configurations in profile ${profileName} and sso-session ${profile.sso_session}`;
|
|
135
133
|
if (ssoRegion && ssoRegion !== session.sso_region) {
|
|
136
|
-
throw new
|
|
134
|
+
throw new CredentialsProviderError(`Conflicting SSO region` + conflictMsg, {
|
|
137
135
|
tryNextLink: false,
|
|
138
136
|
logger: init.logger,
|
|
139
137
|
});
|
|
140
138
|
}
|
|
141
139
|
if (ssoStartUrl && ssoStartUrl !== session.sso_start_url) {
|
|
142
|
-
throw new
|
|
140
|
+
throw new CredentialsProviderError(`Conflicting SSO start_url` + conflictMsg, {
|
|
143
141
|
tryNextLink: false,
|
|
144
142
|
logger: init.logger,
|
|
145
143
|
});
|
|
@@ -166,7 +164,7 @@ const fromSSO = (init = {}) => async ({ callerClientConfig } = {}) => {
|
|
|
166
164
|
});
|
|
167
165
|
}
|
|
168
166
|
else if (!ssoStartUrl || !ssoAccountId || !ssoRegion || !ssoRoleName) {
|
|
169
|
-
throw new
|
|
167
|
+
throw new CredentialsProviderError("Incomplete configuration. The fromSSO() argument hash must include " +
|
|
170
168
|
'"ssoStartUrl", "ssoAccountId", "ssoRegion", "ssoRoleName"', { tryNextLink: false, logger: init.logger });
|
|
171
169
|
}
|
|
172
170
|
else {
|
package/package.json
CHANGED
|
@@ -1,17 +1,17 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@aws-sdk/credential-provider-sso",
|
|
3
|
-
"version": "3.972.
|
|
3
|
+
"version": "3.972.54",
|
|
4
4
|
"description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials",
|
|
5
5
|
"main": "./dist-cjs/index.js",
|
|
6
6
|
"module": "./dist-es/index.js",
|
|
7
7
|
"scripts": {
|
|
8
8
|
"build": "concurrently 'yarn:build:types' 'yarn:build:es' && yarn build:cjs",
|
|
9
9
|
"build:cjs": "node ../../scripts/compilation/inline",
|
|
10
|
-
"build:es": "tsc -p tsconfig.es.json",
|
|
10
|
+
"build:es": "premove dist-es && tsc -p tsconfig.es.json",
|
|
11
11
|
"build:include:deps": "yarn g:turbo run build -F=\"$npm_package_name\"",
|
|
12
|
-
"build:types": "tsc -p tsconfig.types.json",
|
|
12
|
+
"build:types": "premove dist-types && tsc -p tsconfig.types.json",
|
|
13
13
|
"build:types:downlevel": "downlevel-dts dist-types dist-types/ts3.4",
|
|
14
|
-
"clean": "premove dist-cjs dist-es dist-types
|
|
14
|
+
"clean": "premove dist-cjs dist-es dist-types",
|
|
15
15
|
"test": "yarn g:vitest run",
|
|
16
16
|
"test:watch": "yarn g:vitest watch",
|
|
17
17
|
"test:integration": "yarn g:vitest run -c vitest.config.integ.mts",
|
|
@@ -28,10 +28,10 @@
|
|
|
28
28
|
},
|
|
29
29
|
"license": "Apache-2.0",
|
|
30
30
|
"dependencies": {
|
|
31
|
-
"@aws-sdk/core": "^3.974.
|
|
32
|
-
"@aws-sdk/nested-clients": "^3.997.
|
|
33
|
-
"@aws-sdk/token-providers": "3.
|
|
34
|
-
"@aws-sdk/types": "^3.973.
|
|
31
|
+
"@aws-sdk/core": "^3.974.22",
|
|
32
|
+
"@aws-sdk/nested-clients": "^3.997.22",
|
|
33
|
+
"@aws-sdk/token-providers": "3.1071.0",
|
|
34
|
+
"@aws-sdk/types": "^3.973.13",
|
|
35
35
|
"@smithy/core": "^3.24.6",
|
|
36
36
|
"@smithy/types": "^4.14.3",
|
|
37
37
|
"tslib": "^2.6.2"
|