@aws-sdk/credential-providers 3.85.0 → 3.87.0

package/CHANGELOG.md

@@ -3,6 +3,17 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [3.87.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.86.0...v3.87.0) (2022-05-09)
+
+
+### Features
+
+* **credential-providers:** expose node.js default credential provider chain ([#3588](https://github.com/aws/aws-sdk-js-v3/issues/3588)) ([51aaffc](https://github.com/aws/aws-sdk-js-v3/commit/51aaffc37838e403b5934132bfe2c277a28c3ea5))
+
+
+
+
+
 # [3.85.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.84.0...v3.85.0) (2022-05-05)
 
 **Note:** Version bump only for package @aws-sdk/credential-providers

package/README.md

@@ -23,6 +23,7 @@ A collection of all credential providers, with default clients.
    1. [Supported Configuration](#supported-configuration)
    1. [SSO login with AWS CLI](#sso-login-with-the-aws-cli)
    1. [Sample Files](#sample-files-2)
+1. [From Node.js default credentials provider chain](#fromNodeProviderChain)
 
 ## `fromCognitoIdentity()`
 
@@ -119,7 +120,7 @@ const client = new FooClient({
     // Optional. The master credentials used to get and refresh temporary credentials from AWS STS.
     // If skipped, it uses the default credential resolved by internal STS client.
     masterCredentials: fromTemporaryCredentials({
-      params: { RoleArn: "arn:aws:iam::1234567890:role/RoleA" }
+      params: { RoleArn: "arn:aws:iam::1234567890:role/RoleA" },
     }),
     // Required. Options passed to STS AssumeRole operation.
     params: {
@@ -129,16 +130,16 @@ const client = new FooClient({
       // session name with prefix of 'aws-sdk-js-'.
       RoleSessionName: "aws-sdk-js-123",
       // Optional. The duration, in seconds, of the role session.
-      DurationSeconds: 3600
+      DurationSeconds: 3600,
       // ... For more options see https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html
     },
     // Optional. Custom STS client configurations overriding the default ones.
     clientConfig: { region },
     // Optional. A function that returns a promise fulfilled with an MFA token code for the provided
     // MFA Serial code. Required if `params` has `SerialNumber` config.
-    mfaCodeProvider: async mfaSerial => {
-      return "token"
-    }
+    mfaCodeProvider: async (mfaSerial) => {
+      return "token";
+    },
   }),
 });
 ```
@@ -593,7 +594,7 @@ Successfully signed out of all SSO profiles.
 ### Sample files
 
 This credential provider is only applicable if the profile specified in shared configuration and
-credentials files contain ALL of the following entries:
+credentials files contain ALL of the following entries.
 
 #### `~/.aws/credentials`
 
@@ -615,6 +616,40 @@ sso_role_name = SampleRole
 sso_start_url = https://d-abc123.awsapps.com/start
 ```
 
+## `fromNodeProviderChain()`
+
+The credential provider used as default in the Node.js clients, but with default role assumers so
+you don't need to import them from STS client and supply them manually. You normally don't need
+to use this explicitly in the client constructor. It is useful for utility functions requiring
+credentials like S3 presigner, or RDS signer.
+
+This credential provider will attempt to find credentials from the following sources (listed in
+order of precedence):
+
+- [Environment variables exposed via `process.env`](#fromenv)
+- [SSO credentials from token cache](#fromsso)
+- [Web identity token credentials](#fromtokenfile)
+- [Shared credentials and config ini files](#fromini)
+- [The EC2/ECS Instance Metadata Service](#fromcontainermetadata-and-frominstancemetadata)
+
+This credential provider will invoke one provider at a time and only
+continue to the next if no credentials have been located. For example, if
+the process finds values defined via the `AWS_ACCESS_KEY_ID` and
+`AWS_SECRET_ACCESS_KEY` environment variables, the files at
+`~/.aws/credentials` and `~/.aws/config` will not be read, nor will any
+messages be sent to the Instance Metadata Service
+
+```js
+import { fromNodeProviderChain } from "@aws-sdk/credential-providers"; // ES6 import
+// const { fromNodeProviderChain } = require("@aws-sdk/credential-providers") // CommonJS import
+const credentialProvider = fromNodeProviderChain({
+  //...any input of fromEnv(), fromSSO(), fromTokenFile(), fromIni(),
+  // fromProcess(), fromInstanceMetadata(), fromContainerMetadata()
+  // Optional. Custom STS client configurations overriding the default ones.
+  clientConfig: { region },
+});
+```
+
 [getcredentialsforidentity_api]: https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_GetCredentialsForIdentity.html
 [getid_api]: https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_GetId.html
 [assumerole_api]: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html

package/dist-cjs/fromNodeProviderChain.js

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.fromNodeProviderChain = void 0;
+const client_sts_1 = require("@aws-sdk/client-sts");
+const credential_provider_node_1 = require("@aws-sdk/credential-provider-node");
+const fromNodeProviderChain = (init = {}) => {
+    var _a, _b;
+    return (0, credential_provider_node_1.defaultProvider)({
+        ...init,
+        roleAssumer: (_a = init.roleAssumer) !== null && _a !== void 0 ? _a : (0, client_sts_1.getDefaultRoleAssumer)(init.clientConfig),
+        roleAssumerWithWebIdentity: (_b = init.roleAssumerWithWebIdentity) !== null && _b !== void 0 ? _b : (0, client_sts_1.getDefaultRoleAssumerWithWebIdentity)(init.clientConfig),
+    });
+};
+exports.fromNodeProviderChain = fromNodeProviderChain;

package/dist-cjs/index.js

@@ -7,6 +7,7 @@ tslib_1.__exportStar(require("./fromContainerMetadata"), exports);
 tslib_1.__exportStar(require("./fromEnv"), exports);
 tslib_1.__exportStar(require("./fromIni"), exports);
 tslib_1.__exportStar(require("./fromInstanceMetadata"), exports);
+tslib_1.__exportStar(require("./fromNodeProviderChain"), exports);
 tslib_1.__exportStar(require("./fromProcess"), exports);
 tslib_1.__exportStar(require("./fromSSO"), exports);
 tslib_1.__exportStar(require("./fromTemporaryCredentials"), exports);

package/dist-es/fromNodeProviderChain.js

@@ -0,0 +1,8 @@
+import { __assign } from "tslib";
+import { getDefaultRoleAssumer, getDefaultRoleAssumerWithWebIdentity } from "@aws-sdk/client-sts";
+import { defaultProvider } from "@aws-sdk/credential-provider-node";
+export var fromNodeProviderChain = function (init) {
+    var _a, _b;
+    if (init === void 0) { init = {}; }
+    return defaultProvider(__assign(__assign({}, init), { roleAssumer: (_a = init.roleAssumer) !== null && _a !== void 0 ? _a : getDefaultRoleAssumer(init.clientConfig), roleAssumerWithWebIdentity: (_b = init.roleAssumerWithWebIdentity) !== null && _b !== void 0 ? _b : getDefaultRoleAssumerWithWebIdentity(init.clientConfig) }));
+};

package/dist-es/index.js

@@ -4,6 +4,7 @@ export * from "./fromContainerMetadata";
 export * from "./fromEnv";
 export * from "./fromIni";
 export * from "./fromInstanceMetadata";
+export * from "./fromNodeProviderChain";
 export * from "./fromProcess";
 export * from "./fromSSO";
 export * from "./fromTemporaryCredentials";

package/dist-types/fromNodeProviderChain.d.ts

@@ -0,0 +1,29 @@
+import { STSClientConfig } from "@aws-sdk/client-sts";
+import { DefaultProviderInit } from "@aws-sdk/credential-provider-node";
+import { CredentialProvider } from "@aws-sdk/types";
+export interface fromNodeProviderChainInit extends DefaultProviderInit {
+    clientConfig?: STSClientConfig;
+}
+/**
+ * This is the same credential provider as {@link defaultProvider|the default provider for Node.js SDK},
+ * but with default role assumers so you don't need to import them from
+ * STS client and supply them manually.
+ *
+ * You normally don't need to use this explicitly in the client constructor.
+ * It is useful for utility functions requiring credentials like S3 presigner,
+ * or RDS signer.
+ *
+ * ```js
+ * import { fromNodeProviderChain } from "@aws-sdk/credential-providers"; // ES6 import
+ * // const { fromNodeProviderChain } = require("@aws-sdk/credential-providers") // CommonJS import
+ *
+ * const credentialProvider = fromNodeProviderChain({
+ *   //...any input of fromEnv(), fromSSO(), fromTokenFile(), fromIni(),
+ *   // fromProcess(), fromInstanceMetadata(), fromContainerMetadata()
+ *
+ *   // Optional. Custom STS client configurations overriding the default ones.
+ *   clientConfig: { region },
+ * })
+ * ```
+ */
+export declare const fromNodeProviderChain: (init?: fromNodeProviderChainInit) => CredentialProvider;

package/dist-types/index.d.ts

@@ -4,6 +4,7 @@ export * from "./fromContainerMetadata";
 export * from "./fromEnv";
 export * from "./fromIni";
 export * from "./fromInstanceMetadata";
+export * from "./fromNodeProviderChain";
 export * from "./fromProcess";
 export * from "./fromSSO";
 export * from "./fromTemporaryCredentials";

package/dist-types/ts3.4/fromNodeProviderChain.d.ts

@@ -0,0 +1,8 @@
+import { STSClientConfig } from "@aws-sdk/client-sts";
+import { DefaultProviderInit } from "@aws-sdk/credential-provider-node";
+import { CredentialProvider } from "@aws-sdk/types";
+export interface fromNodeProviderChainInit extends DefaultProviderInit {
+    clientConfig?: STSClientConfig;
+}
+
+export declare const fromNodeProviderChain: (init?: fromNodeProviderChainInit) => CredentialProvider;

package/dist-types/ts3.4/index.d.ts

@@ -4,6 +4,7 @@ export * from "./fromContainerMetadata";
 export * from "./fromEnv";
 export * from "./fromIni";
 export * from "./fromInstanceMetadata";
+export * from "./fromNodeProviderChain";
 export * from "./fromProcess";
 export * from "./fromSSO";
 export * from "./fromTemporaryCredentials";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aws-sdk/credential-providers",
-  "version": "3.85.0",
+  "version": "3.87.0",
   "description": "A collection of credential providers, without requiring service clients like STS, Cognito",
   "main": "./dist-cjs/index.js",
   "module": "./dist-es/index.js",
@@ -26,13 +26,14 @@
   },
   "license": "Apache-2.0",
   "dependencies": {
-    "@aws-sdk/client-cognito-identity": "3.85.0",
+    "@aws-sdk/client-cognito-identity": "3.87.0",
     "@aws-sdk/client-sso": "3.85.0",
-    "@aws-sdk/client-sts": "3.85.0",
-    "@aws-sdk/credential-provider-cognito-identity": "3.85.0",
+    "@aws-sdk/client-sts": "3.87.0",
+    "@aws-sdk/credential-provider-cognito-identity": "3.87.0",
     "@aws-sdk/credential-provider-env": "3.78.0",
     "@aws-sdk/credential-provider-imds": "3.81.0",
     "@aws-sdk/credential-provider-ini": "3.85.0",
+    "@aws-sdk/credential-provider-node": "3.87.0",
     "@aws-sdk/credential-provider-process": "3.80.0",
     "@aws-sdk/credential-provider-sso": "3.85.0",
     "@aws-sdk/credential-provider-web-identity": "3.78.0",