@aws-sdk/credential-providers 3.733.0 → 3.738.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist-cjs/fromTemporaryCredentials.base.js +67 -8
  2. package/dist-es/fromTemporaryCredentials.base.js +67 -8
  3. package/dist-types/fromTemporaryCredentials.base.d.ts +2 -1
  4. package/dist-types/ts3.4/fromTemporaryCredentials.base.d.ts +2 -0
  5. package/package.json +17 -16
package/dist-cjs/fromTemporaryCredentials.base.js CHANGED
@@ -24,17 +24,21 @@ var __importStar = (this && this.__importStar) || function (mod) {
24
24
  };
25
25
  Object.defineProperty(exports, "__esModule", { value: true });
26
26
  exports.fromTemporaryCredentials = void 0;
27
+ const core_1 = require("@smithy/core");
27
28
  const property_provider_1 = require("@smithy/property-provider");
29
+ const ASSUME_ROLE_DEFAULT_REGION = "us-east-1";
28
30
  const fromTemporaryCredentials = (options, credentialDefaultProvider) => {
29
31
  let stsClient;
30
32
  return async (awsIdentityProperties = {}) => {
31
- options.logger?.debug("@aws-sdk/credential-providers - fromTemporaryCredentials (STS)");
33
+ const { callerClientConfig } = awsIdentityProperties;
34
+ const logger = options.logger ?? callerClientConfig?.logger;
35
+ logger?.debug("@aws-sdk/credential-providers - fromTemporaryCredentials (STS)");
32
36
  const params = { ...options.params, RoleSessionName: options.params.RoleSessionName ?? "aws-sdk-js-" + Date.now() };
33
37
  if (params?.SerialNumber) {
34
38
  if (!options.mfaCodeProvider) {
35
39
  throw new property_provider_1.CredentialsProviderError(`Temporary credential requires multi-factor authentication, but no MFA code callback was provided.`, {
36
40
  tryNextLink: false,
37
- logger: options.logger,
41
+ logger,
38
42
  });
39
43
  }
40
44
  params.TokenCode = await options.mfaCodeProvider(params?.SerialNumber);
@@ -42,13 +46,58 @@ const fromTemporaryCredentials = (options, credentialDefaultProvider) => {
42
46
  const { AssumeRoleCommand, STSClient } = await Promise.resolve().then(() => __importStar(require("./loadSts")));
43
47
  if (!stsClient) {
44
48
  const defaultCredentialsOrError = typeof credentialDefaultProvider === "function" ? credentialDefaultProvider() : undefined;
45
- const { callerClientConfig } = awsIdentityProperties;
49
+ const credentialSources = [
50
+ options.masterCredentials,
51
+ options.clientConfig?.credentials,
52
+ void callerClientConfig?.credentials,
53
+ callerClientConfig?.credentialDefaultProvider?.(),
54
+ defaultCredentialsOrError,
55
+ ];
56
+ let credentialSource = "STS client default credentials";
57
+ if (credentialSources[0]) {
58
+ credentialSource = "options.masterCredentials";
59
+ }
60
+ else if (credentialSources[1]) {
61
+ credentialSource = "options.clientConfig.credentials";
62
+ }
63
+ else if (credentialSources[2]) {
64
+ credentialSource = "caller client's credentials";
65
+ throw new Error("fromTemporaryCredentials recursion in callerClientConfig.credentials");
66
+ }
67
+ else if (credentialSources[3]) {
68
+ credentialSource = "caller client's credentialDefaultProvider";
69
+ }
70
+ else if (credentialSources[4]) {
71
+ credentialSource = "AWS SDK default credentials";
72
+ }
73
+ const regionSources = [options.clientConfig?.region, callerClientConfig?.region, ASSUME_ROLE_DEFAULT_REGION];
74
+ let regionSource = "default partition's default region";
75
+ if (regionSources[0]) {
76
+ regionSource = "options.clientConfig.region";
77
+ }
78
+ else if (regionSources[1]) {
79
+ regionSource = "caller client's region";
80
+ }
81
+ const requestHandlerSources = [
82
+ filterRequestHandler(options.clientConfig?.requestHandler),
83
+ filterRequestHandler(callerClientConfig?.requestHandler),
84
+ ];
85
+ let requestHandlerSource = "STS default requestHandler";
86
+ if (requestHandlerSources[0]) {
87
+ requestHandlerSource = "options.clientConfig.requestHandler";
88
+ }
89
+ else if (requestHandlerSources[1]) {
90
+ requestHandlerSource = "caller client's requestHandler";
91
+ }
92
+ logger?.debug?.(`@aws-sdk/credential-providers - fromTemporaryCredentials STS client init with ` +
93
+ `${regionSource}=${await (0, core_1.normalizeProvider)(coalesce(regionSources))()}, ${credentialSource}, ${requestHandlerSource}.`);
46
94
  stsClient = new STSClient({
47
95
  ...options.clientConfig,
48
- credentials: options.masterCredentials ??
49
- options.clientConfig?.credentials ??
50
- callerClientConfig?.credentialDefaultProvider?.() ??
51
- defaultCredentialsOrError,
96
+ credentials: coalesce(credentialSources),
97
+ logger,
98
+ profile: options.clientConfig?.profile ?? callerClientConfig?.profile,
99
+ region: coalesce(regionSources),
100
+ requestHandler: coalesce(requestHandlerSources),
52
101
  });
53
102
  }
54
103
  if (options.clientPlugins) {
@@ -59,7 +108,7 @@ const fromTemporaryCredentials = (options, credentialDefaultProvider) => {
59
108
  const { Credentials } = await stsClient.send(new AssumeRoleCommand(params));
60
109
  if (!Credentials || !Credentials.AccessKeyId || !Credentials.SecretAccessKey) {
61
110
  throw new property_provider_1.CredentialsProviderError(`Invalid response from STS.assumeRole call with role ${params.RoleArn}`, {
62
- logger: options.logger,
111
+ logger,
63
112
  });
64
113
  }
65
114
  return {
@@ -72,3 +121,13 @@ const fromTemporaryCredentials = (options, credentialDefaultProvider) => {
72
121
  };
73
122
  };
74
123
  exports.fromTemporaryCredentials = fromTemporaryCredentials;
124
+ const filterRequestHandler = (requestHandler) => {
125
+ return requestHandler?.metadata?.handlerProtocol === "h2" ? undefined : requestHandler;
126
+ };
127
+ const coalesce = (args) => {
128
+ for (const item of args) {
129
+ if (item !== undefined) {
130
+ return item;
131
+ }
132
+ }
133
+ };
package/dist-es/fromTemporaryCredentials.base.js CHANGED
@@ -1,14 +1,18 @@
1
+ import { normalizeProvider } from "@smithy/core";
1
2
  import { CredentialsProviderError } from "@smithy/property-provider";
3
+ const ASSUME_ROLE_DEFAULT_REGION = "us-east-1";
2
4
  export const fromTemporaryCredentials = (options, credentialDefaultProvider) => {
3
5
  let stsClient;
4
6
  return async (awsIdentityProperties = {}) => {
5
- options.logger?.debug("@aws-sdk/credential-providers - fromTemporaryCredentials (STS)");
7
+ const { callerClientConfig } = awsIdentityProperties;
8
+ const logger = options.logger ?? callerClientConfig?.logger;
9
+ logger?.debug("@aws-sdk/credential-providers - fromTemporaryCredentials (STS)");
6
10
  const params = { ...options.params, RoleSessionName: options.params.RoleSessionName ?? "aws-sdk-js-" + Date.now() };
7
11
  if (params?.SerialNumber) {
8
12
  if (!options.mfaCodeProvider) {
9
13
  throw new CredentialsProviderError(`Temporary credential requires multi-factor authentication, but no MFA code callback was provided.`, {
10
14
  tryNextLink: false,
11
- logger: options.logger,
15
+ logger,
12
16
  });
13
17
  }
14
18
  params.TokenCode = await options.mfaCodeProvider(params?.SerialNumber);
@@ -16,13 +20,58 @@ export const fromTemporaryCredentials = (options, credentialDefaultProvider) =>
16
20
  const { AssumeRoleCommand, STSClient } = await import("./loadSts");
17
21
  if (!stsClient) {
18
22
  const defaultCredentialsOrError = typeof credentialDefaultProvider === "function" ? credentialDefaultProvider() : undefined;
19
- const { callerClientConfig } = awsIdentityProperties;
23
+ const credentialSources = [
24
+ options.masterCredentials,
25
+ options.clientConfig?.credentials,
26
+ void callerClientConfig?.credentials,
27
+ callerClientConfig?.credentialDefaultProvider?.(),
28
+ defaultCredentialsOrError,
29
+ ];
30
+ let credentialSource = "STS client default credentials";
31
+ if (credentialSources[0]) {
32
+ credentialSource = "options.masterCredentials";
33
+ }
34
+ else if (credentialSources[1]) {
35
+ credentialSource = "options.clientConfig.credentials";
36
+ }
37
+ else if (credentialSources[2]) {
38
+ credentialSource = "caller client's credentials";
39
+ throw new Error("fromTemporaryCredentials recursion in callerClientConfig.credentials");
40
+ }
41
+ else if (credentialSources[3]) {
42
+ credentialSource = "caller client's credentialDefaultProvider";
43
+ }
44
+ else if (credentialSources[4]) {
45
+ credentialSource = "AWS SDK default credentials";
46
+ }
47
+ const regionSources = [options.clientConfig?.region, callerClientConfig?.region, ASSUME_ROLE_DEFAULT_REGION];
48
+ let regionSource = "default partition's default region";
49
+ if (regionSources[0]) {
50
+ regionSource = "options.clientConfig.region";
51
+ }
52
+ else if (regionSources[1]) {
53
+ regionSource = "caller client's region";
54
+ }
55
+ const requestHandlerSources = [
56
+ filterRequestHandler(options.clientConfig?.requestHandler),
57
+ filterRequestHandler(callerClientConfig?.requestHandler),
58
+ ];
59
+ let requestHandlerSource = "STS default requestHandler";
60
+ if (requestHandlerSources[0]) {
61
+ requestHandlerSource = "options.clientConfig.requestHandler";
62
+ }
63
+ else if (requestHandlerSources[1]) {
64
+ requestHandlerSource = "caller client's requestHandler";
65
+ }
66
+ logger?.debug?.(`@aws-sdk/credential-providers - fromTemporaryCredentials STS client init with ` +
67
+ `${regionSource}=${await normalizeProvider(coalesce(regionSources))()}, ${credentialSource}, ${requestHandlerSource}.`);
20
68
  stsClient = new STSClient({
21
69
  ...options.clientConfig,
22
- credentials: options.masterCredentials ??
23
- options.clientConfig?.credentials ??
24
- callerClientConfig?.credentialDefaultProvider?.() ??
25
- defaultCredentialsOrError,
70
+ credentials: coalesce(credentialSources),
71
+ logger,
72
+ profile: options.clientConfig?.profile ?? callerClientConfig?.profile,
73
+ region: coalesce(regionSources),
74
+ requestHandler: coalesce(requestHandlerSources),
26
75
  });
27
76
  }
28
77
  if (options.clientPlugins) {
@@ -33,7 +82,7 @@ export const fromTemporaryCredentials = (options, credentialDefaultProvider) =>
33
82
  const { Credentials } = await stsClient.send(new AssumeRoleCommand(params));
34
83
  if (!Credentials || !Credentials.AccessKeyId || !Credentials.SecretAccessKey) {
35
84
  throw new CredentialsProviderError(`Invalid response from STS.assumeRole call with role ${params.RoleArn}`, {
36
- logger: options.logger,
85
+ logger,
37
86
  });
38
87
  }
39
88
  return {
@@ -45,3 +94,13 @@ export const fromTemporaryCredentials = (options, credentialDefaultProvider) =>
45
94
  };
46
95
  };
47
96
  };
97
+ const filterRequestHandler = (requestHandler) => {
98
+ return requestHandler?.metadata?.handlerProtocol === "h2" ? undefined : requestHandler;
99
+ };
100
+ const coalesce = (args) => {
101
+ for (const item of args) {
102
+ if (item !== undefined) {
103
+ return item;
104
+ }
105
+ }
106
+ };
package/dist-types/fromTemporaryCredentials.base.d.ts CHANGED
@@ -1,12 +1,13 @@
1
1
  import type { AssumeRoleCommandInput, STSClientConfig } from "@aws-sdk/nested-clients/sts";
2
2
  import type { CredentialProviderOptions, RuntimeConfigAwsCredentialIdentityProvider } from "@aws-sdk/types";
3
- import { AwsCredentialIdentity, AwsCredentialIdentityProvider, Pluggable } from "@smithy/types";
3
+ import { AwsCredentialIdentity, AwsCredentialIdentityProvider, Logger, Pluggable } from "@smithy/types";
4
4
  export interface FromTemporaryCredentialsOptions extends CredentialProviderOptions {
5
5
  params: Omit<AssumeRoleCommandInput, "RoleSessionName"> & {
6
6
  RoleSessionName?: string;
7
7
  };
8
8
  masterCredentials?: AwsCredentialIdentity | AwsCredentialIdentityProvider;
9
9
  clientConfig?: STSClientConfig;
10
+ logger?: Logger;
10
11
  clientPlugins?: Pluggable<any, any>[];
11
12
  mfaCodeProvider?: (mfaSerial: string) => Promise<string>;
12
13
  }
package/dist-types/ts3.4/fromTemporaryCredentials.base.d.ts CHANGED
@@ -9,6 +9,7 @@ import {
9
9
  import {
10
10
  AwsCredentialIdentity,
11
11
  AwsCredentialIdentityProvider,
12
+ Logger,
12
13
  Pluggable,
13
14
  } from "@smithy/types";
14
15
  export interface FromTemporaryCredentialsOptions
@@ -21,6 +22,7 @@ export interface FromTemporaryCredentialsOptions
21
22
  };
22
23
  masterCredentials?: AwsCredentialIdentity | AwsCredentialIdentityProvider;
23
24
  clientConfig?: STSClientConfig;
25
+ logger?: Logger;
24
26
  clientPlugins?: Pluggable<any, any>[];
25
27
  mfaCodeProvider?: (mfaSerial: string) => Promise<string>;
26
28
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@aws-sdk/credential-providers",
3
- "version": "3.733.0",
3
+ "version": "3.738.0",
4
4
  "description": "A collection of credential providers, without requiring service clients like STS, Cognito",
5
5
  "main": "./dist-cjs/index.js",
6
6
  "module": "./dist-es/index.js",
@@ -30,21 +30,22 @@
30
30
  },
31
31
  "license": "Apache-2.0",
32
32
  "dependencies": {
33
- "@aws-sdk/client-cognito-identity": "3.731.1",
34
- "@aws-sdk/core": "3.731.0",
35
- "@aws-sdk/credential-provider-cognito-identity": "3.731.1",
36
- "@aws-sdk/credential-provider-env": "3.731.0",
37
- "@aws-sdk/credential-provider-http": "3.731.0",
38
- "@aws-sdk/credential-provider-ini": "3.731.1",
39
- "@aws-sdk/credential-provider-node": "3.731.1",
40
- "@aws-sdk/credential-provider-process": "3.731.0",
41
- "@aws-sdk/credential-provider-sso": "3.731.1",
42
- "@aws-sdk/credential-provider-web-identity": "3.731.1",
43
- "@aws-sdk/nested-clients": "3.731.1",
44
- "@aws-sdk/types": "3.731.0",
45
- "@smithy/credential-provider-imds": "^4.0.0",
46
- "@smithy/property-provider": "^4.0.0",
47
- "@smithy/types": "^4.0.0",
33
+ "@aws-sdk/client-cognito-identity": "3.738.0",
34
+ "@aws-sdk/core": "3.734.0",
35
+ "@aws-sdk/credential-provider-cognito-identity": "3.738.0",
36
+ "@aws-sdk/credential-provider-env": "3.734.0",
37
+ "@aws-sdk/credential-provider-http": "3.734.0",
38
+ "@aws-sdk/credential-provider-ini": "3.734.0",
39
+ "@aws-sdk/credential-provider-node": "3.738.0",
40
+ "@aws-sdk/credential-provider-process": "3.734.0",
41
+ "@aws-sdk/credential-provider-sso": "3.734.0",
42
+ "@aws-sdk/credential-provider-web-identity": "3.734.0",
43
+ "@aws-sdk/nested-clients": "3.734.0",
44
+ "@aws-sdk/types": "3.734.0",
45
+ "@smithy/core": "^3.1.1",
46
+ "@smithy/credential-provider-imds": "^4.0.1",
47
+ "@smithy/property-provider": "^4.0.1",
48
+ "@smithy/types": "^4.1.0",
48
49
  "tslib": "^2.6.2"
49
50
  },
50
51
  "devDependencies": {