@aws-sdk/credential-provider-web-identity 3.496.0 → 3.504.0

package/dist-cjs/fromTokenFile.js

@@ -8,10 +8,11 @@ const ENV_TOKEN_FILE = "AWS_WEB_IDENTITY_TOKEN_FILE";
 const ENV_ROLE_ARN = "AWS_ROLE_ARN";
 const ENV_ROLE_SESSION_NAME = "AWS_ROLE_SESSION_NAME";
 const fromTokenFile = (init = {}) => async () => {
-    var _a, _b, _c;
-    const webIdentityTokenFile = (_a = init === null || init === void 0 ? void 0 : init.webIdentityTokenFile) !== null && _a !== void 0 ? _a : process.env[ENV_TOKEN_FILE];
-    const roleArn = (_b = init === null || init === void 0 ? void 0 : init.roleArn) !== null && _b !== void 0 ? _b : process.env[ENV_ROLE_ARN];
-    const roleSessionName = (_c = init === null || init === void 0 ? void 0 : init.roleSessionName) !== null && _c !== void 0 ? _c : process.env[ENV_ROLE_SESSION_NAME];
+    var _a, _b, _c, _d;
+    (_a = init.logger) === null || _a === void 0 ? void 0 : _a.debug("@aws-sdk/credential-provider-web-identity", "fromTokenFile");
+    const webIdentityTokenFile = (_b = init === null || init === void 0 ? void 0 : init.webIdentityTokenFile) !== null && _b !== void 0 ? _b : process.env[ENV_TOKEN_FILE];
+    const roleArn = (_c = init === null || init === void 0 ? void 0 : init.roleArn) !== null && _c !== void 0 ? _c : process.env[ENV_ROLE_ARN];
+    const roleSessionName = (_d = init === null || init === void 0 ? void 0 : init.roleSessionName) !== null && _d !== void 0 ? _d : process.env[ENV_ROLE_SESSION_NAME];
     if (!webIdentityTokenFile || !roleArn) {
         throw new property_provider_1.CredentialsProviderError("Web identity configuration not specified");
     }

package/dist-cjs/fromWebToken.js

@@ -1,12 +1,14 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.fromWebToken = void 0;
-const property_provider_1 = require("@smithy/property-provider");
-const fromWebToken = (init) => () => {
-    const { roleArn, roleSessionName, webIdentityToken, providerId, policyArns, policy, durationSeconds, roleAssumerWithWebIdentity, } = init;
+const fromWebToken = (init) => async () => {
+    var _a;
+    (_a = init.logger) === null || _a === void 0 ? void 0 : _a.debug("@aws-sdk/credential-provider-web-identity", "fromWebToken");
+    const { roleArn, roleSessionName, webIdentityToken, providerId, policyArns, policy, durationSeconds } = init;
+    let { roleAssumerWithWebIdentity } = init;
     if (!roleAssumerWithWebIdentity) {
-        throw new property_provider_1.CredentialsProviderError(`Role Arn '${roleArn}' needs to be assumed with web identity,` +
-            ` but no role assumption callback was provided.`, false);
+        const { getDefaultRoleAssumerWithWebIdentity } = await Promise.resolve().then(() => __importStar(require("./loadSts")));
+        roleAssumerWithWebIdentity = getDefaultRoleAssumerWithWebIdentity(init.clientConfig, init.clientPlugins);
     }
     return roleAssumerWithWebIdentity({
         RoleArn: roleArn,

package/dist-cjs/loadSts.js

@@ -0,0 +1,5 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getDefaultRoleAssumerWithWebIdentity = void 0;
+const client_sts_1 = require("@aws-sdk/client-sts");
+Object.defineProperty(exports, "getDefaultRoleAssumerWithWebIdentity", { enumerable: true, get: function () { return client_sts_1.getDefaultRoleAssumerWithWebIdentity; } });

package/dist-es/fromTokenFile.js

@@ -5,6 +5,7 @@ const ENV_TOKEN_FILE = "AWS_WEB_IDENTITY_TOKEN_FILE";
 const ENV_ROLE_ARN = "AWS_ROLE_ARN";
 const ENV_ROLE_SESSION_NAME = "AWS_ROLE_SESSION_NAME";
 export const fromTokenFile = (init = {}) => async () => {
+    init.logger?.debug("@aws-sdk/credential-provider-web-identity", "fromTokenFile");
     const webIdentityTokenFile = init?.webIdentityTokenFile ?? process.env[ENV_TOKEN_FILE];
     const roleArn = init?.roleArn ?? process.env[ENV_ROLE_ARN];
     const roleSessionName = init?.roleSessionName ?? process.env[ENV_ROLE_SESSION_NAME];

package/dist-es/fromWebToken.js

@@ -1,9 +1,10 @@
-import { CredentialsProviderError } from "@smithy/property-provider";
-export const fromWebToken = (init) => () => {
-    const { roleArn, roleSessionName, webIdentityToken, providerId, policyArns, policy, durationSeconds, roleAssumerWithWebIdentity, } = init;
+export const fromWebToken = (init) => async () => {
+    init.logger?.debug("@aws-sdk/credential-provider-web-identity", "fromWebToken");
+    const { roleArn, roleSessionName, webIdentityToken, providerId, policyArns, policy, durationSeconds } = init;
+    let { roleAssumerWithWebIdentity } = init;
     if (!roleAssumerWithWebIdentity) {
-        throw new CredentialsProviderError(`Role Arn '${roleArn}' needs to be assumed with web identity,` +
-            ` but no role assumption callback was provided.`, false);
+        const { getDefaultRoleAssumerWithWebIdentity } = await import("./loadSts");
+        roleAssumerWithWebIdentity = getDefaultRoleAssumerWithWebIdentity(init.clientConfig, init.clientPlugins);
     }
     return roleAssumerWithWebIdentity({
         RoleArn: roleArn,

package/dist-es/loadSts.js

@@ -0,0 +1,2 @@
+import { getDefaultRoleAssumerWithWebIdentity } from "@aws-sdk/client-sts";
+export { getDefaultRoleAssumerWithWebIdentity };

package/dist-types/fromTokenFile.d.ts

@@ -1,9 +1,10 @@
-import { AwsCredentialIdentityProvider } from "@smithy/types";
+import { CredentialProviderOptions } from "@aws-sdk/types";
+import type { AwsCredentialIdentityProvider } from "@smithy/types";
 import { FromWebTokenInit } from "./fromWebToken";
 /**
- * @internal
+ * @public
  */
-export interface FromTokenFileInit extends Partial<Omit<FromWebTokenInit, "webIdentityToken">> {
+export interface FromTokenFileInit extends Partial<Omit<FromWebTokenInit, "webIdentityToken">>, CredentialProviderOptions {
     /**
      * File location of where the `OIDC` token is stored.
      */

package/dist-types/fromWebToken.d.ts

@@ -1,6 +1,8 @@
-import { AwsCredentialIdentity, AwsCredentialIdentityProvider } from "@smithy/types";
+import type { CredentialProviderOptions } from "@aws-sdk/types";
+import type { AwsCredentialIdentity, AwsCredentialIdentityProvider, Pluggable } from "@smithy/types";
+import type { STSClientConfig } from "./loadSts";
 /**
- * @internal
+ * @public
  */
 export interface AssumeRoleWithWebIdentityParams {
     /**
@@ -113,9 +115,9 @@ type LowerCaseKey<T> = {
     [K in keyof T as `${Uncapitalize<string & K>}`]: T[K];
 };
 /**
- * @internal
+ * @public
  */
-export interface FromWebTokenInit extends Omit<LowerCaseKey<AssumeRoleWithWebIdentityParams>, "roleSessionName"> {
+export interface FromWebTokenInit extends Omit<LowerCaseKey<AssumeRoleWithWebIdentityParams>, "roleSessionName">, CredentialProviderOptions {
     /**
      * The IAM session name used to distinguish sessions.
      */
@@ -127,6 +129,14 @@ export interface FromWebTokenInit extends Omit<LowerCaseKey<AssumeRoleWithWebIde
      * @param params input parameter of sts:AssumeRoleWithWebIdentity API.
      */
     roleAssumerWithWebIdentity?: (params: AssumeRoleWithWebIdentityParams) => Promise<AwsCredentialIdentity>;
+    /**
+     * @internal
+     */
+    clientConfig?: STSClientConfig;
+    /**
+     * @internal
+     */
+    clientPlugins?: Pluggable<any, any>[];
 }
 /**
  * @internal

package/dist-types/loadSts.d.ts

@@ -0,0 +1,3 @@
+import { getDefaultRoleAssumerWithWebIdentity } from "@aws-sdk/client-sts";
+export { getDefaultRoleAssumerWithWebIdentity };
+export type { STSClientConfig } from "@aws-sdk/client-sts";

package/dist-types/ts3.4/fromTokenFile.d.ts

@@ -1,9 +1,14 @@
+import { CredentialProviderOptions } from "@aws-sdk/types";
 import { AwsCredentialIdentityProvider } from "@smithy/types";
 import { FromWebTokenInit } from "./fromWebToken";
 export interface FromTokenFileInit
   extends Partial<
-    Pick<FromWebTokenInit, Exclude<keyof FromWebTokenInit, "webIdentityToken">>
-  > {
+      Pick<
+        FromWebTokenInit,
+        Exclude<keyof FromWebTokenInit, "webIdentityToken">
+      >
+    >,
+    CredentialProviderOptions {
   webIdentityTokenFile?: string;
 }
 export declare const fromTokenFile: (

package/dist-types/ts3.4/fromWebToken.d.ts

@@ -1,7 +1,10 @@
+import { CredentialProviderOptions } from "@aws-sdk/types";
 import {
   AwsCredentialIdentity,
   AwsCredentialIdentityProvider,
+  Pluggable,
 } from "@smithy/types";
+import { STSClientConfig } from "./loadSts";
 export interface AssumeRoleWithWebIdentityParams {
   RoleArn: string;
   RoleSessionName: string;
@@ -18,16 +21,19 @@ type LowerCaseKey<T> = {
 };
 export interface FromWebTokenInit
   extends Pick<
-    LowerCaseKey<AssumeRoleWithWebIdentityParams>,
-    Exclude<
-      keyof LowerCaseKey<AssumeRoleWithWebIdentityParams>,
-      "roleSessionName"
-    >
-  > {
+      LowerCaseKey<AssumeRoleWithWebIdentityParams>,
+      Exclude<
+        keyof LowerCaseKey<AssumeRoleWithWebIdentityParams>,
+        "roleSessionName"
+      >
+    >,
+    CredentialProviderOptions {
   roleSessionName?: string;
   roleAssumerWithWebIdentity?: (
     params: AssumeRoleWithWebIdentityParams
   ) => Promise<AwsCredentialIdentity>;
+  clientConfig?: STSClientConfig;
+  clientPlugins?: Pluggable<any, any>[];
 }
 export declare const fromWebToken: (
   init: FromWebTokenInit

package/dist-types/ts3.4/loadSts.d.ts

@@ -0,0 +1,3 @@
+import { getDefaultRoleAssumerWithWebIdentity } from "@aws-sdk/client-sts";
+export { getDefaultRoleAssumerWithWebIdentity };
+export { STSClientConfig } from "@aws-sdk/client-sts";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aws-sdk/credential-provider-web-identity",
-  "version": "3.496.0",
+  "version": "3.504.0",
   "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials",
   "main": "./dist-cjs/index.js",
   "module": "./dist-es/index.js",
@@ -32,7 +32,8 @@
   },
   "license": "Apache-2.0",
   "dependencies": {
-    "@aws-sdk/types": "3.496.0",
+    "@aws-sdk/client-sts": "3.504.0",
+    "@aws-sdk/types": "3.502.0",
     "@smithy/property-provider": "^2.1.1",
     "@smithy/types": "^2.9.1",
     "tslib": "^2.5.0"