@backstage/integration-aws-node 0.1.10 → 0.1.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/CHANGELOG.md +10 -0
  2. package/dist/index.cjs.js +0 -2
  3. package/dist/index.cjs.js.map +1 -1
  4. package/dist/index.d.ts +1 -1
  5. package/package.json +5 -5
package/CHANGELOG.md CHANGED
@@ -1,5 +1,15 @@
1
1
  # @backstage/integration-aws-node
2
2
 
3
+ ## 0.1.11
4
+
5
+ ### Patch Changes
6
+
7
+ - 81a995f: Updated dependency `aws-sdk-client-mock` to `^4.0.0`.
8
+ - 823cf8e: Updated dependency `aws-sdk-client-mock-jest` to `^4.0.0`.
9
+ - Updated dependencies
10
+ - @backstage/config@1.2.0
11
+ - @backstage/errors@1.2.4
12
+
3
13
  ## 0.1.10
4
14
 
5
15
  ### Patch Changes
package/dist/index.cjs.js CHANGED
@@ -1,7 +1,5 @@
1
1
  'use strict';
2
2
 
3
- Object.defineProperty(exports, '__esModule', { value: true });
4
-
5
3
  var clientSts = require('@aws-sdk/client-sts');
6
4
  var credentialProviders = require('@aws-sdk/credential-providers');
7
5
  var utilArnParser = require('@aws-sdk/util-arn-parser');
package/dist/index.cjs.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.cjs.js","sources":["../src/config.ts","../src/DefaultAwsCredentialsManager.ts"],"sourcesContent":["/*\n * Copyright 2022 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Config } from '@backstage/config';\n\n/**\n * The configuration parameters for a single AWS account for the AWS integration.\n *\n * @public\n */\nexport type AwsIntegrationAccountConfig = {\n /**\n * The account ID of the target account that this matches on, e.g. \"123456789012\"\n */\n accountId: string;\n\n /**\n * The access key ID for a set of static AWS credentials\n */\n accessKeyId?: string;\n\n /**\n * The secret access key for a set of static AWS credentials\n */\n secretAccessKey?: string;\n\n /**\n * The configuration profile from a credentials file at ~/.aws/credentials and\n * a configuration file at ~/.aws/config.\n */\n profile?: string;\n\n /**\n * The IAM role to assume to retrieve temporary AWS credentials\n */\n roleName?: string;\n\n /**\n * The AWS partition of the IAM role, e.g. \"aws\", \"aws-cn\"\n */\n partition?: string;\n\n /**\n * The STS regional endpoint to use when retrieving temporary AWS credentials, e.g. \"ap-northeast-1\"\n */\n region?: string;\n\n /**\n * The unique identifier needed to assume the role to retrieve temporary AWS credentials\n */\n externalId?: string;\n};\n\n/**\n * The configuration parameters for the main AWS account for the AWS integration.\n *\n * @public\n */\nexport type AwsIntegrationMainAccountConfig = {\n /**\n * The access key ID for a set of static AWS credentials\n */\n accessKeyId?: string;\n\n /**\n * The secret access key for a set of static AWS credentials\n */\n secretAccessKey?: string;\n\n /**\n * The configuration profile from a credentials file at ~/.aws/credentials and\n * a configuration file at ~/.aws/config.\n */\n profile?: string;\n\n /**\n * The STS regional endpoint to use for the main account, e.g. \"ap-northeast-1\"\n */\n region?: string;\n};\n\n/**\n * The default configuration parameters to use for accounts for the AWS integration.\n *\n * @public\n */\nexport type AwsIntegrationDefaultAccountConfig = {\n /**\n * The IAM role to assume to retrieve temporary AWS credentials\n */\n roleName?: string;\n\n /**\n * The AWS partition of the IAM role, e.g. \"aws\", \"aws-cn\"\n */\n partition?: string;\n\n /**\n * The STS regional endpoint to use when retrieving temporary AWS credentials, e.g. \"ap-northeast-1\"\n */\n region?: string;\n\n /**\n * The unique identifier needed to assume the role to retrieve temporary AWS credentials\n */\n externalId?: string;\n};\n\n/**\n * The configuration parameters for AWS account integration.\n *\n * @public\n */\nexport type AwsIntegrationConfig = {\n /**\n * Configuration for retrieving AWS accounts credentials\n */\n accounts: AwsIntegrationAccountConfig[];\n\n /**\n * Defaults for retrieving AWS account credentials\n */\n accountDefaults: AwsIntegrationDefaultAccountConfig;\n\n /**\n * Main account to use for retrieving AWS account credentials\n */\n mainAccount: AwsIntegrationMainAccountConfig;\n};\n\n/**\n * Reads an AWS integration account config.\n *\n * @param config - The config object of a single account\n */\nfunction readAwsIntegrationAccountConfig(\n config: Config,\n): AwsIntegrationAccountConfig {\n const accountConfig = {\n accountId: config.getString('accountId'),\n accessKeyId: config.getOptionalString('accessKeyId'),\n secretAccessKey: config.getOptionalString('secretAccessKey')?.trim(),\n profile: config.getOptionalString('profile'),\n roleName: config.getOptionalString('roleName'),\n region: config.getOptionalString('region'),\n partition: config.getOptionalString('partition'),\n externalId: config.getOptionalString('externalId'),\n };\n\n // Validate that the account config has the right combination of attributes\n if (accountConfig.accessKeyId && !accountConfig.secretAccessKey) {\n throw new Error(\n `AWS integration account ${accountConfig.accountId} has an access key ID configured, but no secret access key.`,\n );\n }\n\n if (!accountConfig.accessKeyId && accountConfig.secretAccessKey) {\n throw new Error(\n `AWS integration account ${accountConfig.accountId} has a secret access key configured, but no access key ID`,\n );\n }\n\n if (accountConfig.profile && accountConfig.accessKeyId) {\n throw new Error(\n `AWS integration account ${accountConfig.accountId} has both an access key ID and a profile configured, but only one must be specified`,\n );\n }\n\n if (accountConfig.profile && accountConfig.roleName) {\n throw new Error(\n `AWS integration account ${accountConfig.accountId} has both an access key ID and a role name configured, but only one must be specified`,\n );\n }\n\n if (!accountConfig.roleName && accountConfig.externalId) {\n throw new Error(\n `AWS integration account ${accountConfig.accountId} has an external ID configured, but no role name.`,\n );\n }\n\n if (!accountConfig.roleName && accountConfig.region) {\n throw new Error(\n `AWS integration account ${accountConfig.accountId} has an STS region configured, but no role name.`,\n );\n }\n\n if (!accountConfig.roleName && accountConfig.partition) {\n throw new Error(\n `AWS integration account ${accountConfig.accountId} has an IAM partition configured, but no role name.`,\n );\n }\n\n return accountConfig;\n}\n\n/**\n * Reads the main AWS integration account config.\n *\n * @param config - The config object of the main account\n */\nfunction readMainAwsIntegrationAccountConfig(\n config: Config,\n): AwsIntegrationMainAccountConfig {\n const mainAccountConfig = {\n accessKeyId: config.getOptionalString('accessKeyId'),\n secretAccessKey: config.getOptionalString('secretAccessKey')?.trim(),\n profile: config.getOptionalString('profile'),\n region: config.getOptionalString('region'),\n };\n\n // Validate that the account config has the right combination of attributes\n if (mainAccountConfig.accessKeyId && !mainAccountConfig.secretAccessKey) {\n throw new Error(\n `The main AWS integration account has an access key ID configured, but no secret access key.`,\n );\n }\n\n if (!mainAccountConfig.accessKeyId && mainAccountConfig.secretAccessKey) {\n throw new Error(\n `The main AWS integration account has a secret access key configured, but no access key ID`,\n );\n }\n\n if (mainAccountConfig.profile && mainAccountConfig.accessKeyId) {\n throw new Error(\n `The main AWS integration account has both an access key ID and a profile configured, but only one must be specified`,\n );\n }\n\n return mainAccountConfig;\n}\n\n/**\n * Reads the default settings for retrieving credentials from AWS integration accounts.\n *\n * @param config - The config object of the default account settings\n */\nfunction readAwsIntegrationAccountDefaultsConfig(\n config: Config,\n): AwsIntegrationDefaultAccountConfig {\n const defaultAccountConfig = {\n roleName: config.getOptionalString('roleName'),\n partition: config.getOptionalString('partition'),\n region: config.getOptionalString('region'),\n externalId: config.getOptionalString('externalId'),\n };\n\n // Validate that the account config has the right combination of attributes\n if (!defaultAccountConfig.roleName && defaultAccountConfig.externalId) {\n throw new Error(\n `AWS integration account default configuration has an external ID configured, but no role name.`,\n );\n }\n\n if (!defaultAccountConfig.roleName && defaultAccountConfig.region) {\n throw new Error(\n `AWS integration account default configuration has an STS region configured, but no role name.`,\n );\n }\n\n if (!defaultAccountConfig.roleName && defaultAccountConfig.partition) {\n throw new Error(\n `AWS integration account default configuration has an IAM partition configured, but no role name.`,\n );\n }\n\n return defaultAccountConfig;\n}\n\n/**\n * Reads an AWS integration configuration\n *\n * @param config - the integration config object\n * @public\n */\nexport function readAwsIntegrationConfig(config: Config): AwsIntegrationConfig {\n const accounts = config\n .getOptionalConfigArray('accounts')\n ?.map(readAwsIntegrationAccountConfig);\n const mainAccount = config.has('mainAccount')\n ? readMainAwsIntegrationAccountConfig(config.getConfig('mainAccount'))\n : {};\n const accountDefaults = config.has('accountDefaults')\n ? readAwsIntegrationAccountDefaultsConfig(\n config.getConfig('accountDefaults'),\n )\n : {};\n\n return {\n accounts: accounts ?? [],\n mainAccount,\n accountDefaults,\n };\n}\n","/*\n * Copyright 2022 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n readAwsIntegrationConfig,\n AwsIntegrationAccountConfig,\n AwsIntegrationDefaultAccountConfig,\n AwsIntegrationMainAccountConfig,\n} from './config';\nimport {\n AwsCredentialsManager,\n AwsCredentialProvider,\n AwsCredentialProviderOptions,\n} from './types';\nimport { GetCallerIdentityCommand, STSClient } from '@aws-sdk/client-sts';\nimport {\n fromIni,\n fromNodeProviderChain,\n fromTemporaryCredentials,\n} from '@aws-sdk/credential-providers';\nimport { AwsCredentialIdentityProvider } from '@aws-sdk/types';\nimport { parse } from '@aws-sdk/util-arn-parser';\nimport { Config } from '@backstage/config';\n\n/**\n * Retrieves the account ID for the given credential provider from STS.\n */\nasync function fillInAccountId(credProvider: AwsCredentialProvider) {\n if (credProvider.accountId) {\n return;\n }\n\n const client = new STSClient({\n region: credProvider.stsRegion,\n customUserAgent: 'backstage-aws-credentials-manager',\n credentialDefaultProvider: () => credProvider.sdkCredentialProvider,\n });\n const resp = await client.send(new GetCallerIdentityCommand({}));\n credProvider.accountId = resp.Account!;\n}\n\nfunction getStaticCredentials(\n accessKeyId: string,\n secretAccessKey: string,\n): AwsCredentialIdentityProvider {\n return async () => {\n return Promise.resolve({\n accessKeyId: accessKeyId,\n secretAccessKey: secretAccessKey,\n });\n };\n}\n\nfunction getProfileCredentials(\n profile: string,\n region?: string,\n): AwsCredentialIdentityProvider {\n return fromIni({\n profile,\n clientConfig: {\n region,\n customUserAgent: 'backstage-aws-credentials-manager',\n },\n });\n}\n\nfunction getDefaultCredentialsChain(): AwsCredentialIdentityProvider {\n return fromNodeProviderChain();\n}\n\n/**\n * Constructs the credential provider needed by the AWS SDK from the given account config\n *\n * Order of precedence:\n * 1. Assume role with static creds\n * 2. Assume role with main account creds\n * 3. Static creds\n * 4. Profile creds\n * 5. Default AWS SDK creds chain\n */\nfunction getSdkCredentialProvider(\n config: AwsIntegrationAccountConfig,\n mainAccountCredProvider: AwsCredentialIdentityProvider,\n): AwsCredentialIdentityProvider {\n if (config.roleName) {\n const region = config.region ?? 'us-east-1';\n const partition = config.partition ?? 'aws';\n\n return fromTemporaryCredentials({\n masterCredentials: config.accessKeyId\n ? getStaticCredentials(config.accessKeyId!, config.secretAccessKey!)\n : mainAccountCredProvider,\n params: {\n RoleArn: `arn:${partition}:iam::${config.accountId}:role/${config.roleName}`,\n RoleSessionName: 'backstage',\n ExternalId: config.externalId,\n },\n clientConfig: {\n region,\n customUserAgent: 'backstage-aws-credentials-manager',\n },\n });\n }\n\n if (config.accessKeyId) {\n return getStaticCredentials(config.accessKeyId!, config.secretAccessKey!);\n }\n\n if (config.profile) {\n return getProfileCredentials(config.profile!, config.region);\n }\n\n return getDefaultCredentialsChain();\n}\n\n/**\n * Constructs the credential provider needed by the AWS SDK for the main account\n *\n * Order of precedence:\n * 1. Static creds\n * 2. Profile creds\n * 3. Default AWS SDK creds chain\n */\nfunction getMainAccountSdkCredentialProvider(\n config: AwsIntegrationMainAccountConfig,\n): AwsCredentialIdentityProvider {\n if (config.accessKeyId) {\n return getStaticCredentials(config.accessKeyId!, config.secretAccessKey!);\n }\n\n if (config.profile) {\n return getProfileCredentials(config.profile!, config.region);\n }\n\n return getDefaultCredentialsChain();\n}\n\n/**\n * Handles the creation and caching of credential providers for AWS accounts.\n *\n * @public\n */\nexport class DefaultAwsCredentialsManager implements AwsCredentialsManager {\n static fromConfig(config: Config): DefaultAwsCredentialsManager {\n const awsConfig = config.has('aws')\n ? readAwsIntegrationConfig(config.getConfig('aws'))\n : {\n accounts: [],\n mainAccount: {},\n accountDefaults: {},\n };\n\n const mainAccountSdkCredProvider = getMainAccountSdkCredentialProvider(\n awsConfig.mainAccount,\n );\n const mainAccountCredProvider: AwsCredentialProvider = {\n sdkCredentialProvider: mainAccountSdkCredProvider,\n };\n\n const accountCredProviders = new Map<string, AwsCredentialProvider>();\n for (const accountConfig of awsConfig.accounts) {\n const sdkCredentialProvider = getSdkCredentialProvider(\n accountConfig,\n mainAccountSdkCredProvider,\n );\n accountCredProviders.set(accountConfig.accountId, {\n accountId: accountConfig.accountId,\n stsRegion: accountConfig.region,\n sdkCredentialProvider,\n });\n }\n\n return new DefaultAwsCredentialsManager(\n accountCredProviders,\n awsConfig.accountDefaults,\n mainAccountCredProvider,\n );\n }\n\n private constructor(\n private readonly accountCredentialProviders: Map<\n string,\n AwsCredentialProvider\n >,\n private readonly accountDefaults: AwsIntegrationDefaultAccountConfig,\n private readonly mainAccountCredentialProvider: AwsCredentialProvider,\n ) {}\n\n /**\n * Returns an {@link AwsCredentialProvider} for a given AWS account.\n *\n * @example\n * ```ts\n * const { provider } = await getCredentialProvider({\n * accountId: '0123456789012',\n * })\n *\n * const { provider } = await getCredentialProvider({\n * arn: 'arn:aws:ecs:us-west-2:123456789012:service/my-http-service'\n * })\n * ```\n *\n * @param opts - the AWS account ID or AWS resource ARN\n * @returns A promise of {@link AwsCredentialProvider}.\n */\n async getCredentialProvider(\n opts?: AwsCredentialProviderOptions,\n ): Promise<AwsCredentialProvider> {\n // If no options provided, fall back to the main account\n if (!opts) {\n return this.mainAccountCredentialProvider;\n }\n\n // Determine the account ID: either explicitly provided or extracted from the provided ARN\n let accountId = opts.accountId;\n if (opts.arn && !accountId) {\n const arnComponents = parse(opts.arn);\n accountId = arnComponents.accountId;\n }\n\n // If the account ID was not provided (explicitly or in the ARN),\n // fall back to the main account\n if (!accountId) {\n return this.mainAccountCredentialProvider;\n }\n\n // Return a cached provider if available\n if (this.accountCredentialProviders.has(accountId)) {\n return this.accountCredentialProviders.get(accountId)!;\n }\n\n // First, fall back to using the account defaults\n if (this.accountDefaults.roleName) {\n const config: AwsIntegrationAccountConfig = {\n accountId,\n roleName: this.accountDefaults.roleName,\n partition: this.accountDefaults.partition,\n region: this.accountDefaults.region,\n externalId: this.accountDefaults.externalId,\n };\n const sdkCredentialProvider = getSdkCredentialProvider(\n config,\n this.mainAccountCredentialProvider.sdkCredentialProvider,\n );\n const credProvider: AwsCredentialProvider = {\n accountId,\n sdkCredentialProvider,\n };\n this.accountCredentialProviders.set(accountId, credProvider);\n return credProvider;\n }\n\n // Then, fall back to using the main account, but only\n // if the account requested matches the main account ID\n await fillInAccountId(this.mainAccountCredentialProvider);\n if (accountId === this.mainAccountCredentialProvider.accountId) {\n return this.mainAccountCredentialProvider;\n }\n\n // Otherwise, the account needs to be explicitly configured in Backstage\n throw new Error(\n `There is no AWS integration that matches ${accountId}. Please add a configuration for this AWS account.`,\n );\n }\n}\n"],"names":["STSClient","GetCallerIdentityCommand","fromIni","fromNodeProviderChain","fromTemporaryCredentials","parse"],"mappings":";;;;;;;;AAoJA,SAAS,gCACP,MAC6B,EAAA;AAtJ/B,EAAA,IAAA,EAAA,CAAA;AAuJE,EAAA,MAAM,aAAgB,GAAA;AAAA,IACpB,SAAA,EAAW,MAAO,CAAA,SAAA,CAAU,WAAW,CAAA;AAAA,IACvC,WAAA,EAAa,MAAO,CAAA,iBAAA,CAAkB,aAAa,CAAA;AAAA,IACnD,eAAiB,EAAA,CAAA,EAAA,GAAA,MAAA,CAAO,iBAAkB,CAAA,iBAAiB,MAA1C,IAA6C,GAAA,KAAA,CAAA,GAAA,EAAA,CAAA,IAAA,EAAA;AAAA,IAC9D,OAAA,EAAS,MAAO,CAAA,iBAAA,CAAkB,SAAS,CAAA;AAAA,IAC3C,QAAA,EAAU,MAAO,CAAA,iBAAA,CAAkB,UAAU,CAAA;AAAA,IAC7C,MAAA,EAAQ,MAAO,CAAA,iBAAA,CAAkB,QAAQ,CAAA;AAAA,IACzC,SAAA,EAAW,MAAO,CAAA,iBAAA,CAAkB,WAAW,CAAA;AAAA,IAC/C,UAAA,EAAY,MAAO,CAAA,iBAAA,CAAkB,YAAY,CAAA;AAAA,GACnD,CAAA;AAGA,EAAA,IAAI,aAAc,CAAA,WAAA,IAAe,CAAC,aAAA,CAAc,eAAiB,EAAA;AAC/D,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,wBAAA,EAA2B,cAAc,SAAS,CAAA,2DAAA,CAAA;AAAA,KACpD,CAAA;AAAA,GACF;AAEA,EAAA,IAAI,CAAC,aAAA,CAAc,WAAe,IAAA,aAAA,CAAc,eAAiB,EAAA;AAC/D,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,wBAAA,EAA2B,cAAc,SAAS,CAAA,yDAAA,CAAA;AAAA,KACpD,CAAA;AAAA,GACF;AAEA,EAAI,IAAA,aAAA,CAAc,OAAW,IAAA,aAAA,CAAc,WAAa,EAAA;AACtD,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,wBAAA,EAA2B,cAAc,SAAS,CAAA,mFAAA,CAAA;AAAA,KACpD,CAAA;AAAA,GACF;AAEA,EAAI,IAAA,aAAA,CAAc,OAAW,IAAA,aAAA,CAAc,QAAU,EAAA;AACnD,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,wBAAA,EAA2B,cAAc,SAAS,CAAA,qFAAA,CAAA;AAAA,KACpD,CAAA;AAAA,GACF;AAEA,EAAA,IAAI,CAAC,aAAA,CAAc,QAAY,IAAA,aAAA,CAAc,UAAY,EAAA;AACvD,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,wBAAA,EAA2B,cAAc,SAAS,CAAA,iDAAA,CAAA;AAAA,KACpD,CAAA;AAAA,GACF;AAEA,EAAA,IAAI,CAAC,aAAA,CAAc,QAAY,IAAA,aAAA,CAAc,MAAQ,EAAA;AACnD,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,wBAAA,EAA2B,cAAc,SAAS,CAAA,gDAAA,CAAA;AAAA,KACpD,CAAA;AAAA,GACF;AAEA,EAAA,IAAI,CAAC,aAAA,CAAc,QAAY,IAAA,aAAA,CAAc,SAAW,EAAA;AACtD,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,wBAAA,EAA2B,cAAc,SAAS,CAAA,mDAAA,CAAA;AAAA,KACpD,CAAA;AAAA,GACF;AAEA,EAAO,OAAA,aAAA,CAAA;AACT,CAAA;AAOA,SAAS,oCACP,MACiC,EAAA;AAvNnC,EAAA,IAAA,EAAA,CAAA;AAwNE,EAAA,MAAM,iBAAoB,GAAA;AAAA,IACxB,WAAA,EAAa,MAAO,CAAA,iBAAA,CAAkB,aAAa,CAAA;AAAA,IACnD,eAAiB,EAAA,CAAA,EAAA,GAAA,MAAA,CAAO,iBAAkB,CAAA,iBAAiB,MAA1C,IAA6C,GAAA,KAAA,CAAA,GAAA,EAAA,CAAA,IAAA,EAAA;AAAA,IAC9D,OAAA,EAAS,MAAO,CAAA,iBAAA,CAAkB,SAAS,CAAA;AAAA,IAC3C,MAAA,EAAQ,MAAO,CAAA,iBAAA,CAAkB,QAAQ,CAAA;AAAA,GAC3C,CAAA;AAGA,EAAA,IAAI,iBAAkB,CAAA,WAAA,IAAe,CAAC,iBAAA,CAAkB,eAAiB,EAAA;AACvE,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,2FAAA,CAAA;AAAA,KACF,CAAA;AAAA,GACF;AAEA,EAAA,IAAI,CAAC,iBAAA,CAAkB,WAAe,IAAA,iBAAA,CAAkB,eAAiB,EAAA;AACvE,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,yFAAA,CAAA;AAAA,KACF,CAAA;AAAA,GACF;AAEA,EAAI,IAAA,iBAAA,CAAkB,OAAW,IAAA,iBAAA,CAAkB,WAAa,EAAA;AAC9D,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,mHAAA,CAAA;AAAA,KACF,CAAA;AAAA,GACF;AAEA,EAAO,OAAA,iBAAA,CAAA;AACT,CAAA;AAOA,SAAS,wCACP,MACoC,EAAA;AACpC,EAAA,MAAM,oBAAuB,GAAA;AAAA,IAC3B,QAAA,EAAU,MAAO,CAAA,iBAAA,CAAkB,UAAU,CAAA;AAAA,IAC7C,SAAA,EAAW,MAAO,CAAA,iBAAA,CAAkB,WAAW,CAAA;AAAA,IAC/C,MAAA,EAAQ,MAAO,CAAA,iBAAA,CAAkB,QAAQ,CAAA;AAAA,IACzC,UAAA,EAAY,MAAO,CAAA,iBAAA,CAAkB,YAAY,CAAA;AAAA,GACnD,CAAA;AAGA,EAAA,IAAI,CAAC,oBAAA,CAAqB,QAAY,IAAA,oBAAA,CAAqB,UAAY,EAAA;AACrE,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,8FAAA,CAAA;AAAA,KACF,CAAA;AAAA,GACF;AAEA,EAAA,IAAI,CAAC,oBAAA,CAAqB,QAAY,IAAA,oBAAA,CAAqB,MAAQ,EAAA;AACjE,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,6FAAA,CAAA;AAAA,KACF,CAAA;AAAA,GACF;AAEA,EAAA,IAAI,CAAC,oBAAA,CAAqB,QAAY,IAAA,oBAAA,CAAqB,SAAW,EAAA;AACpE,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,gGAAA,CAAA;AAAA,KACF,CAAA;AAAA,GACF;AAEA,EAAO,OAAA,oBAAA,CAAA;AACT,CAAA;AAQO,SAAS,yBAAyB,MAAsC,EAAA;AAhS/E,EAAA,IAAA,EAAA,CAAA;AAiSE,EAAA,MAAM,YAAW,EACd,GAAA,MAAA,CAAA,sBAAA,CAAuB,UAAU,CAAA,KADnB,mBAEb,GAAI,CAAA,+BAAA,CAAA,CAAA;AACR,EAAM,MAAA,WAAA,GAAc,MAAO,CAAA,GAAA,CAAI,aAAa,CAAA,GACxC,mCAAoC,CAAA,MAAA,CAAO,SAAU,CAAA,aAAa,CAAC,CAAA,GACnE,EAAC,CAAA;AACL,EAAA,MAAM,eAAkB,GAAA,MAAA,CAAO,GAAI,CAAA,iBAAiB,CAChD,GAAA,uCAAA;AAAA,IACE,MAAA,CAAO,UAAU,iBAAiB,CAAA;AAAA,MAEpC,EAAC,CAAA;AAEL,EAAO,OAAA;AAAA,IACL,QAAA,EAAU,8BAAY,EAAC;AAAA,IACvB,WAAA;AAAA,IACA,eAAA;AAAA,GACF,CAAA;AACF;;AC1QA,eAAe,gBAAgB,YAAqC,EAAA;AAClE,EAAA,IAAI,aAAa,SAAW,EAAA;AAC1B,IAAA,OAAA;AAAA,GACF;AAEA,EAAM,MAAA,MAAA,GAAS,IAAIA,mBAAU,CAAA;AAAA,IAC3B,QAAQ,YAAa,CAAA,SAAA;AAAA,IACrB,eAAiB,EAAA,mCAAA;AAAA,IACjB,yBAAA,EAA2B,MAAM,YAAa,CAAA,qBAAA;AAAA,GAC/C,CAAA,CAAA;AACD,EAAM,MAAA,IAAA,GAAO,MAAM,MAAO,CAAA,IAAA,CAAK,IAAIC,kCAAyB,CAAA,EAAE,CAAC,CAAA,CAAA;AAC/D,EAAA,YAAA,CAAa,YAAY,IAAK,CAAA,OAAA,CAAA;AAChC,CAAA;AAEA,SAAS,oBAAA,CACP,aACA,eAC+B,EAAA;AAC/B,EAAA,OAAO,YAAY;AACjB,IAAA,OAAO,QAAQ,OAAQ,CAAA;AAAA,MACrB,WAAA;AAAA,MACA,eAAA;AAAA,KACD,CAAA,CAAA;AAAA,GACH,CAAA;AACF,CAAA;AAEA,SAAS,qBAAA,CACP,SACA,MAC+B,EAAA;AAC/B,EAAA,OAAOC,2BAAQ,CAAA;AAAA,IACb,OAAA;AAAA,IACA,YAAc,EAAA;AAAA,MACZ,MAAA;AAAA,MACA,eAAiB,EAAA,mCAAA;AAAA,KACnB;AAAA,GACD,CAAA,CAAA;AACH,CAAA;AAEA,SAAS,0BAA4D,GAAA;AACnE,EAAA,OAAOC,yCAAsB,EAAA,CAAA;AAC/B,CAAA;AAYA,SAAS,wBAAA,CACP,QACA,uBAC+B,EAAA;AAhGjC,EAAA,IAAA,EAAA,EAAA,EAAA,CAAA;AAiGE,EAAA,IAAI,OAAO,QAAU,EAAA;AACnB,IAAM,MAAA,MAAA,GAAA,CAAS,EAAO,GAAA,MAAA,CAAA,MAAA,KAAP,IAAiB,GAAA,EAAA,GAAA,WAAA,CAAA;AAChC,IAAM,MAAA,SAAA,GAAA,CAAY,EAAO,GAAA,MAAA,CAAA,SAAA,KAAP,IAAoB,GAAA,EAAA,GAAA,KAAA,CAAA;AAEtC,IAAA,OAAOC,4CAAyB,CAAA;AAAA,MAC9B,iBAAA,EAAmB,OAAO,WACtB,GAAA,oBAAA,CAAqB,OAAO,WAAc,EAAA,MAAA,CAAO,eAAgB,CACjE,GAAA,uBAAA;AAAA,MACJ,MAAQ,EAAA;AAAA,QACN,OAAA,EAAS,OAAO,SAAS,CAAA,MAAA,EAAS,OAAO,SAAS,CAAA,MAAA,EAAS,OAAO,QAAQ,CAAA,CAAA;AAAA,QAC1E,eAAiB,EAAA,WAAA;AAAA,QACjB,YAAY,MAAO,CAAA,UAAA;AAAA,OACrB;AAAA,MACA,YAAc,EAAA;AAAA,QACZ,MAAA;AAAA,QACA,eAAiB,EAAA,mCAAA;AAAA,OACnB;AAAA,KACD,CAAA,CAAA;AAAA,GACH;AAEA,EAAA,IAAI,OAAO,WAAa,EAAA;AACtB,IAAA,OAAO,oBAAqB,CAAA,MAAA,CAAO,WAAc,EAAA,MAAA,CAAO,eAAgB,CAAA,CAAA;AAAA,GAC1E;AAEA,EAAA,IAAI,OAAO,OAAS,EAAA;AAClB,IAAA,OAAO,qBAAsB,CAAA,MAAA,CAAO,OAAU,EAAA,MAAA,CAAO,MAAM,CAAA,CAAA;AAAA,GAC7D;AAEA,EAAA,OAAO,0BAA2B,EAAA,CAAA;AACpC,CAAA;AAUA,SAAS,oCACP,MAC+B,EAAA;AAC/B,EAAA,IAAI,OAAO,WAAa,EAAA;AACtB,IAAA,OAAO,oBAAqB,CAAA,MAAA,CAAO,WAAc,EAAA,MAAA,CAAO,eAAgB,CAAA,CAAA;AAAA,GAC1E;AAEA,EAAA,IAAI,OAAO,OAAS,EAAA;AAClB,IAAA,OAAO,qBAAsB,CAAA,MAAA,CAAO,OAAU,EAAA,MAAA,CAAO,MAAM,CAAA,CAAA;AAAA,GAC7D;AAEA,EAAA,OAAO,0BAA2B,EAAA,CAAA;AACpC,CAAA;AAOO,MAAM,4BAA8D,CAAA;AAAA,EAqCjE,WAAA,CACW,0BAIA,EAAA,eAAA,EACA,6BACjB,EAAA;AANiB,IAAA,IAAA,CAAA,0BAAA,GAAA,0BAAA,CAAA;AAIA,IAAA,IAAA,CAAA,eAAA,GAAA,eAAA,CAAA;AACA,IAAA,IAAA,CAAA,6BAAA,GAAA,6BAAA,CAAA;AAAA,GAChB;AAAA,EA3CH,OAAO,WAAW,MAA8C,EAAA;AAC9D,IAAM,MAAA,SAAA,GAAY,MAAO,CAAA,GAAA,CAAI,KAAK,CAAA,GAC9B,yBAAyB,MAAO,CAAA,SAAA,CAAU,KAAK,CAAC,CAChD,GAAA;AAAA,MACE,UAAU,EAAC;AAAA,MACX,aAAa,EAAC;AAAA,MACd,iBAAiB,EAAC;AAAA,KACpB,CAAA;AAEJ,IAAA,MAAM,0BAA6B,GAAA,mCAAA;AAAA,MACjC,SAAU,CAAA,WAAA;AAAA,KACZ,CAAA;AACA,IAAA,MAAM,uBAAiD,GAAA;AAAA,MACrD,qBAAuB,EAAA,0BAAA;AAAA,KACzB,CAAA;AAEA,IAAM,MAAA,oBAAA,uBAA2B,GAAmC,EAAA,CAAA;AACpE,IAAW,KAAA,MAAA,aAAA,IAAiB,UAAU,QAAU,EAAA;AAC9C,MAAA,MAAM,qBAAwB,GAAA,wBAAA;AAAA,QAC5B,aAAA;AAAA,QACA,0BAAA;AAAA,OACF,CAAA;AACA,MAAqB,oBAAA,CAAA,GAAA,CAAI,cAAc,SAAW,EAAA;AAAA,QAChD,WAAW,aAAc,CAAA,SAAA;AAAA,QACzB,WAAW,aAAc,CAAA,MAAA;AAAA,QACzB,qBAAA;AAAA,OACD,CAAA,CAAA;AAAA,KACH;AAEA,IAAA,OAAO,IAAI,4BAAA;AAAA,MACT,oBAAA;AAAA,MACA,SAAU,CAAA,eAAA;AAAA,MACV,uBAAA;AAAA,KACF,CAAA;AAAA,GACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EA4BA,MAAM,sBACJ,IACgC,EAAA;AAEhC,IAAA,IAAI,CAAC,IAAM,EAAA;AACT,MAAA,OAAO,IAAK,CAAA,6BAAA,CAAA;AAAA,KACd;AAGA,IAAA,IAAI,YAAY,IAAK,CAAA,SAAA,CAAA;AACrB,IAAI,IAAA,IAAA,CAAK,GAAO,IAAA,CAAC,SAAW,EAAA;AAC1B,MAAM,MAAA,aAAA,GAAgBC,mBAAM,CAAA,IAAA,CAAK,GAAG,CAAA,CAAA;AACpC,MAAA,SAAA,GAAY,aAAc,CAAA,SAAA,CAAA;AAAA,KAC5B;AAIA,IAAA,IAAI,CAAC,SAAW,EAAA;AACd,MAAA,OAAO,IAAK,CAAA,6BAAA,CAAA;AAAA,KACd;AAGA,IAAA,IAAI,IAAK,CAAA,0BAAA,CAA2B,GAAI,CAAA,SAAS,CAAG,EAAA;AAClD,MAAO,OAAA,IAAA,CAAK,0BAA2B,CAAA,GAAA,CAAI,SAAS,CAAA,CAAA;AAAA,KACtD;AAGA,IAAI,IAAA,IAAA,CAAK,gBAAgB,QAAU,EAAA;AACjC,MAAA,MAAM,MAAsC,GAAA;AAAA,QAC1C,SAAA;AAAA,QACA,QAAA,EAAU,KAAK,eAAgB,CAAA,QAAA;AAAA,QAC/B,SAAA,EAAW,KAAK,eAAgB,CAAA,SAAA;AAAA,QAChC,MAAA,EAAQ,KAAK,eAAgB,CAAA,MAAA;AAAA,QAC7B,UAAA,EAAY,KAAK,eAAgB,CAAA,UAAA;AAAA,OACnC,CAAA;AACA,MAAA,MAAM,qBAAwB,GAAA,wBAAA;AAAA,QAC5B,MAAA;AAAA,QACA,KAAK,6BAA8B,CAAA,qBAAA;AAAA,OACrC,CAAA;AACA,MAAA,MAAM,YAAsC,GAAA;AAAA,QAC1C,SAAA;AAAA,QACA,qBAAA;AAAA,OACF,CAAA;AACA,MAAK,IAAA,CAAA,0BAAA,CAA2B,GAAI,CAAA,SAAA,EAAW,YAAY,CAAA,CAAA;AAC3D,MAAO,OAAA,YAAA,CAAA;AAAA,KACT;AAIA,IAAM,MAAA,eAAA,CAAgB,KAAK,6BAA6B,CAAA,CAAA;AACxD,IAAI,IAAA,SAAA,KAAc,IAAK,CAAA,6BAAA,CAA8B,SAAW,EAAA;AAC9D,MAAA,OAAO,IAAK,CAAA,6BAAA,CAAA;AAAA,KACd;AAGA,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,4CAA4C,SAAS,CAAA,kDAAA,CAAA;AAAA,KACvD,CAAA;AAAA,GACF;AACF;;;;"}
1
+ {"version":3,"file":"index.cjs.js","sources":["../src/config.ts","../src/DefaultAwsCredentialsManager.ts"],"sourcesContent":["/*\n * Copyright 2022 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Config } from '@backstage/config';\n\n/**\n * The configuration parameters for a single AWS account for the AWS integration.\n *\n * @public\n */\nexport type AwsIntegrationAccountConfig = {\n /**\n * The account ID of the target account that this matches on, e.g. \"123456789012\"\n */\n accountId: string;\n\n /**\n * The access key ID for a set of static AWS credentials\n */\n accessKeyId?: string;\n\n /**\n * The secret access key for a set of static AWS credentials\n */\n secretAccessKey?: string;\n\n /**\n * The configuration profile from a credentials file at ~/.aws/credentials and\n * a configuration file at ~/.aws/config.\n */\n profile?: string;\n\n /**\n * The IAM role to assume to retrieve temporary AWS credentials\n */\n roleName?: string;\n\n /**\n * The AWS partition of the IAM role, e.g. \"aws\", \"aws-cn\"\n */\n partition?: string;\n\n /**\n * The STS regional endpoint to use when retrieving temporary AWS credentials, e.g. \"ap-northeast-1\"\n */\n region?: string;\n\n /**\n * The unique identifier needed to assume the role to retrieve temporary AWS credentials\n */\n externalId?: string;\n};\n\n/**\n * The configuration parameters for the main AWS account for the AWS integration.\n *\n * @public\n */\nexport type AwsIntegrationMainAccountConfig = {\n /**\n * The access key ID for a set of static AWS credentials\n */\n accessKeyId?: string;\n\n /**\n * The secret access key for a set of static AWS credentials\n */\n secretAccessKey?: string;\n\n /**\n * The configuration profile from a credentials file at ~/.aws/credentials and\n * a configuration file at ~/.aws/config.\n */\n profile?: string;\n\n /**\n * The STS regional endpoint to use for the main account, e.g. \"ap-northeast-1\"\n */\n region?: string;\n};\n\n/**\n * The default configuration parameters to use for accounts for the AWS integration.\n *\n * @public\n */\nexport type AwsIntegrationDefaultAccountConfig = {\n /**\n * The IAM role to assume to retrieve temporary AWS credentials\n */\n roleName?: string;\n\n /**\n * The AWS partition of the IAM role, e.g. \"aws\", \"aws-cn\"\n */\n partition?: string;\n\n /**\n * The STS regional endpoint to use when retrieving temporary AWS credentials, e.g. \"ap-northeast-1\"\n */\n region?: string;\n\n /**\n * The unique identifier needed to assume the role to retrieve temporary AWS credentials\n */\n externalId?: string;\n};\n\n/**\n * The configuration parameters for AWS account integration.\n *\n * @public\n */\nexport type AwsIntegrationConfig = {\n /**\n * Configuration for retrieving AWS accounts credentials\n */\n accounts: AwsIntegrationAccountConfig[];\n\n /**\n * Defaults for retrieving AWS account credentials\n */\n accountDefaults: AwsIntegrationDefaultAccountConfig;\n\n /**\n * Main account to use for retrieving AWS account credentials\n */\n mainAccount: AwsIntegrationMainAccountConfig;\n};\n\n/**\n * Reads an AWS integration account config.\n *\n * @param config - The config object of a single account\n */\nfunction readAwsIntegrationAccountConfig(\n config: Config,\n): AwsIntegrationAccountConfig {\n const accountConfig = {\n accountId: config.getString('accountId'),\n accessKeyId: config.getOptionalString('accessKeyId'),\n secretAccessKey: config.getOptionalString('secretAccessKey')?.trim(),\n profile: config.getOptionalString('profile'),\n roleName: config.getOptionalString('roleName'),\n region: config.getOptionalString('region'),\n partition: config.getOptionalString('partition'),\n externalId: config.getOptionalString('externalId'),\n };\n\n // Validate that the account config has the right combination of attributes\n if (accountConfig.accessKeyId && !accountConfig.secretAccessKey) {\n throw new Error(\n `AWS integration account ${accountConfig.accountId} has an access key ID configured, but no secret access key.`,\n );\n }\n\n if (!accountConfig.accessKeyId && accountConfig.secretAccessKey) {\n throw new Error(\n `AWS integration account ${accountConfig.accountId} has a secret access key configured, but no access key ID`,\n );\n }\n\n if (accountConfig.profile && accountConfig.accessKeyId) {\n throw new Error(\n `AWS integration account ${accountConfig.accountId} has both an access key ID and a profile configured, but only one must be specified`,\n );\n }\n\n if (accountConfig.profile && accountConfig.roleName) {\n throw new Error(\n `AWS integration account ${accountConfig.accountId} has both an access key ID and a role name configured, but only one must be specified`,\n );\n }\n\n if (!accountConfig.roleName && accountConfig.externalId) {\n throw new Error(\n `AWS integration account ${accountConfig.accountId} has an external ID configured, but no role name.`,\n );\n }\n\n if (!accountConfig.roleName && accountConfig.region) {\n throw new Error(\n `AWS integration account ${accountConfig.accountId} has an STS region configured, but no role name.`,\n );\n }\n\n if (!accountConfig.roleName && accountConfig.partition) {\n throw new Error(\n `AWS integration account ${accountConfig.accountId} has an IAM partition configured, but no role name.`,\n );\n }\n\n return accountConfig;\n}\n\n/**\n * Reads the main AWS integration account config.\n *\n * @param config - The config object of the main account\n */\nfunction readMainAwsIntegrationAccountConfig(\n config: Config,\n): AwsIntegrationMainAccountConfig {\n const mainAccountConfig = {\n accessKeyId: config.getOptionalString('accessKeyId'),\n secretAccessKey: config.getOptionalString('secretAccessKey')?.trim(),\n profile: config.getOptionalString('profile'),\n region: config.getOptionalString('region'),\n };\n\n // Validate that the account config has the right combination of attributes\n if (mainAccountConfig.accessKeyId && !mainAccountConfig.secretAccessKey) {\n throw new Error(\n `The main AWS integration account has an access key ID configured, but no secret access key.`,\n );\n }\n\n if (!mainAccountConfig.accessKeyId && mainAccountConfig.secretAccessKey) {\n throw new Error(\n `The main AWS integration account has a secret access key configured, but no access key ID`,\n );\n }\n\n if (mainAccountConfig.profile && mainAccountConfig.accessKeyId) {\n throw new Error(\n `The main AWS integration account has both an access key ID and a profile configured, but only one must be specified`,\n );\n }\n\n return mainAccountConfig;\n}\n\n/**\n * Reads the default settings for retrieving credentials from AWS integration accounts.\n *\n * @param config - The config object of the default account settings\n */\nfunction readAwsIntegrationAccountDefaultsConfig(\n config: Config,\n): AwsIntegrationDefaultAccountConfig {\n const defaultAccountConfig = {\n roleName: config.getOptionalString('roleName'),\n partition: config.getOptionalString('partition'),\n region: config.getOptionalString('region'),\n externalId: config.getOptionalString('externalId'),\n };\n\n // Validate that the account config has the right combination of attributes\n if (!defaultAccountConfig.roleName && defaultAccountConfig.externalId) {\n throw new Error(\n `AWS integration account default configuration has an external ID configured, but no role name.`,\n );\n }\n\n if (!defaultAccountConfig.roleName && defaultAccountConfig.region) {\n throw new Error(\n `AWS integration account default configuration has an STS region configured, but no role name.`,\n );\n }\n\n if (!defaultAccountConfig.roleName && defaultAccountConfig.partition) {\n throw new Error(\n `AWS integration account default configuration has an IAM partition configured, but no role name.`,\n );\n }\n\n return defaultAccountConfig;\n}\n\n/**\n * Reads an AWS integration configuration\n *\n * @param config - the integration config object\n * @public\n */\nexport function readAwsIntegrationConfig(config: Config): AwsIntegrationConfig {\n const accounts = config\n .getOptionalConfigArray('accounts')\n ?.map(readAwsIntegrationAccountConfig);\n const mainAccount = config.has('mainAccount')\n ? readMainAwsIntegrationAccountConfig(config.getConfig('mainAccount'))\n : {};\n const accountDefaults = config.has('accountDefaults')\n ? readAwsIntegrationAccountDefaultsConfig(\n config.getConfig('accountDefaults'),\n )\n : {};\n\n return {\n accounts: accounts ?? [],\n mainAccount,\n accountDefaults,\n };\n}\n","/*\n * Copyright 2022 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n readAwsIntegrationConfig,\n AwsIntegrationAccountConfig,\n AwsIntegrationDefaultAccountConfig,\n AwsIntegrationMainAccountConfig,\n} from './config';\nimport {\n AwsCredentialsManager,\n AwsCredentialProvider,\n AwsCredentialProviderOptions,\n} from './types';\nimport { GetCallerIdentityCommand, STSClient } from '@aws-sdk/client-sts';\nimport {\n fromIni,\n fromNodeProviderChain,\n fromTemporaryCredentials,\n} from '@aws-sdk/credential-providers';\nimport { AwsCredentialIdentityProvider } from '@aws-sdk/types';\nimport { parse } from '@aws-sdk/util-arn-parser';\nimport { Config } from '@backstage/config';\n\n/**\n * Retrieves the account ID for the given credential provider from STS.\n */\nasync function fillInAccountId(credProvider: AwsCredentialProvider) {\n if (credProvider.accountId) {\n return;\n }\n\n const client = new STSClient({\n region: credProvider.stsRegion,\n customUserAgent: 'backstage-aws-credentials-manager',\n credentialDefaultProvider: () => credProvider.sdkCredentialProvider,\n });\n const resp = await client.send(new GetCallerIdentityCommand({}));\n credProvider.accountId = resp.Account!;\n}\n\nfunction getStaticCredentials(\n accessKeyId: string,\n secretAccessKey: string,\n): AwsCredentialIdentityProvider {\n return async () => {\n return Promise.resolve({\n accessKeyId: accessKeyId,\n secretAccessKey: secretAccessKey,\n });\n };\n}\n\nfunction getProfileCredentials(\n profile: string,\n region?: string,\n): AwsCredentialIdentityProvider {\n return fromIni({\n profile,\n clientConfig: {\n region,\n customUserAgent: 'backstage-aws-credentials-manager',\n },\n });\n}\n\nfunction getDefaultCredentialsChain(): AwsCredentialIdentityProvider {\n return fromNodeProviderChain();\n}\n\n/**\n * Constructs the credential provider needed by the AWS SDK from the given account config\n *\n * Order of precedence:\n * 1. Assume role with static creds\n * 2. Assume role with main account creds\n * 3. Static creds\n * 4. Profile creds\n * 5. Default AWS SDK creds chain\n */\nfunction getSdkCredentialProvider(\n config: AwsIntegrationAccountConfig,\n mainAccountCredProvider: AwsCredentialIdentityProvider,\n): AwsCredentialIdentityProvider {\n if (config.roleName) {\n const region = config.region ?? 'us-east-1';\n const partition = config.partition ?? 'aws';\n\n return fromTemporaryCredentials({\n masterCredentials: config.accessKeyId\n ? getStaticCredentials(config.accessKeyId!, config.secretAccessKey!)\n : mainAccountCredProvider,\n params: {\n RoleArn: `arn:${partition}:iam::${config.accountId}:role/${config.roleName}`,\n RoleSessionName: 'backstage',\n ExternalId: config.externalId,\n },\n clientConfig: {\n region,\n customUserAgent: 'backstage-aws-credentials-manager',\n },\n });\n }\n\n if (config.accessKeyId) {\n return getStaticCredentials(config.accessKeyId!, config.secretAccessKey!);\n }\n\n if (config.profile) {\n return getProfileCredentials(config.profile!, config.region);\n }\n\n return getDefaultCredentialsChain();\n}\n\n/**\n * Constructs the credential provider needed by the AWS SDK for the main account\n *\n * Order of precedence:\n * 1. Static creds\n * 2. Profile creds\n * 3. Default AWS SDK creds chain\n */\nfunction getMainAccountSdkCredentialProvider(\n config: AwsIntegrationMainAccountConfig,\n): AwsCredentialIdentityProvider {\n if (config.accessKeyId) {\n return getStaticCredentials(config.accessKeyId!, config.secretAccessKey!);\n }\n\n if (config.profile) {\n return getProfileCredentials(config.profile!, config.region);\n }\n\n return getDefaultCredentialsChain();\n}\n\n/**\n * Handles the creation and caching of credential providers for AWS accounts.\n *\n * @public\n */\nexport class DefaultAwsCredentialsManager implements AwsCredentialsManager {\n static fromConfig(config: Config): DefaultAwsCredentialsManager {\n const awsConfig = config.has('aws')\n ? readAwsIntegrationConfig(config.getConfig('aws'))\n : {\n accounts: [],\n mainAccount: {},\n accountDefaults: {},\n };\n\n const mainAccountSdkCredProvider = getMainAccountSdkCredentialProvider(\n awsConfig.mainAccount,\n );\n const mainAccountCredProvider: AwsCredentialProvider = {\n sdkCredentialProvider: mainAccountSdkCredProvider,\n };\n\n const accountCredProviders = new Map<string, AwsCredentialProvider>();\n for (const accountConfig of awsConfig.accounts) {\n const sdkCredentialProvider = getSdkCredentialProvider(\n accountConfig,\n mainAccountSdkCredProvider,\n );\n accountCredProviders.set(accountConfig.accountId, {\n accountId: accountConfig.accountId,\n stsRegion: accountConfig.region,\n sdkCredentialProvider,\n });\n }\n\n return new DefaultAwsCredentialsManager(\n accountCredProviders,\n awsConfig.accountDefaults,\n mainAccountCredProvider,\n );\n }\n\n private constructor(\n private readonly accountCredentialProviders: Map<\n string,\n AwsCredentialProvider\n >,\n private readonly accountDefaults: AwsIntegrationDefaultAccountConfig,\n private readonly mainAccountCredentialProvider: AwsCredentialProvider,\n ) {}\n\n /**\n * Returns an {@link AwsCredentialProvider} for a given AWS account.\n *\n * @example\n * ```ts\n * const { provider } = await getCredentialProvider({\n * accountId: '0123456789012',\n * })\n *\n * const { provider } = await getCredentialProvider({\n * arn: 'arn:aws:ecs:us-west-2:123456789012:service/my-http-service'\n * })\n * ```\n *\n * @param opts - the AWS account ID or AWS resource ARN\n * @returns A promise of {@link AwsCredentialProvider}.\n */\n async getCredentialProvider(\n opts?: AwsCredentialProviderOptions,\n ): Promise<AwsCredentialProvider> {\n // If no options provided, fall back to the main account\n if (!opts) {\n return this.mainAccountCredentialProvider;\n }\n\n // Determine the account ID: either explicitly provided or extracted from the provided ARN\n let accountId = opts.accountId;\n if (opts.arn && !accountId) {\n const arnComponents = parse(opts.arn);\n accountId = arnComponents.accountId;\n }\n\n // If the account ID was not provided (explicitly or in the ARN),\n // fall back to the main account\n if (!accountId) {\n return this.mainAccountCredentialProvider;\n }\n\n // Return a cached provider if available\n if (this.accountCredentialProviders.has(accountId)) {\n return this.accountCredentialProviders.get(accountId)!;\n }\n\n // First, fall back to using the account defaults\n if (this.accountDefaults.roleName) {\n const config: AwsIntegrationAccountConfig = {\n accountId,\n roleName: this.accountDefaults.roleName,\n partition: this.accountDefaults.partition,\n region: this.accountDefaults.region,\n externalId: this.accountDefaults.externalId,\n };\n const sdkCredentialProvider = getSdkCredentialProvider(\n config,\n this.mainAccountCredentialProvider.sdkCredentialProvider,\n );\n const credProvider: AwsCredentialProvider = {\n accountId,\n sdkCredentialProvider,\n };\n this.accountCredentialProviders.set(accountId, credProvider);\n return credProvider;\n }\n\n // Then, fall back to using the main account, but only\n // if the account requested matches the main account ID\n await fillInAccountId(this.mainAccountCredentialProvider);\n if (accountId === this.mainAccountCredentialProvider.accountId) {\n return this.mainAccountCredentialProvider;\n }\n\n // Otherwise, the account needs to be explicitly configured in Backstage\n throw new Error(\n `There is no AWS integration that matches ${accountId}. Please add a configuration for this AWS account.`,\n );\n }\n}\n"],"names":["STSClient","GetCallerIdentityCommand","fromIni","fromNodeProviderChain","fromTemporaryCredentials","parse"],"mappings":";;;;;;AAoJA,SAAS,gCACP,MAC6B,EAAA;AAtJ/B,EAAA,IAAA,EAAA,CAAA;AAuJE,EAAA,MAAM,aAAgB,GAAA;AAAA,IACpB,SAAA,EAAW,MAAO,CAAA,SAAA,CAAU,WAAW,CAAA;AAAA,IACvC,WAAA,EAAa,MAAO,CAAA,iBAAA,CAAkB,aAAa,CAAA;AAAA,IACnD,eAAiB,EAAA,CAAA,EAAA,GAAA,MAAA,CAAO,iBAAkB,CAAA,iBAAiB,MAA1C,IAA6C,GAAA,KAAA,CAAA,GAAA,EAAA,CAAA,IAAA,EAAA;AAAA,IAC9D,OAAA,EAAS,MAAO,CAAA,iBAAA,CAAkB,SAAS,CAAA;AAAA,IAC3C,QAAA,EAAU,MAAO,CAAA,iBAAA,CAAkB,UAAU,CAAA;AAAA,IAC7C,MAAA,EAAQ,MAAO,CAAA,iBAAA,CAAkB,QAAQ,CAAA;AAAA,IACzC,SAAA,EAAW,MAAO,CAAA,iBAAA,CAAkB,WAAW,CAAA;AAAA,IAC/C,UAAA,EAAY,MAAO,CAAA,iBAAA,CAAkB,YAAY,CAAA;AAAA,GACnD,CAAA;AAGA,EAAA,IAAI,aAAc,CAAA,WAAA,IAAe,CAAC,aAAA,CAAc,eAAiB,EAAA;AAC/D,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,wBAAA,EAA2B,cAAc,SAAS,CAAA,2DAAA,CAAA;AAAA,KACpD,CAAA;AAAA,GACF;AAEA,EAAA,IAAI,CAAC,aAAA,CAAc,WAAe,IAAA,aAAA,CAAc,eAAiB,EAAA;AAC/D,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,wBAAA,EAA2B,cAAc,SAAS,CAAA,yDAAA,CAAA;AAAA,KACpD,CAAA;AAAA,GACF;AAEA,EAAI,IAAA,aAAA,CAAc,OAAW,IAAA,aAAA,CAAc,WAAa,EAAA;AACtD,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,wBAAA,EAA2B,cAAc,SAAS,CAAA,mFAAA,CAAA;AAAA,KACpD,CAAA;AAAA,GACF;AAEA,EAAI,IAAA,aAAA,CAAc,OAAW,IAAA,aAAA,CAAc,QAAU,EAAA;AACnD,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,wBAAA,EAA2B,cAAc,SAAS,CAAA,qFAAA,CAAA;AAAA,KACpD,CAAA;AAAA,GACF;AAEA,EAAA,IAAI,CAAC,aAAA,CAAc,QAAY,IAAA,aAAA,CAAc,UAAY,EAAA;AACvD,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,wBAAA,EAA2B,cAAc,SAAS,CAAA,iDAAA,CAAA;AAAA,KACpD,CAAA;AAAA,GACF;AAEA,EAAA,IAAI,CAAC,aAAA,CAAc,QAAY,IAAA,aAAA,CAAc,MAAQ,EAAA;AACnD,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,wBAAA,EAA2B,cAAc,SAAS,CAAA,gDAAA,CAAA;AAAA,KACpD,CAAA;AAAA,GACF;AAEA,EAAA,IAAI,CAAC,aAAA,CAAc,QAAY,IAAA,aAAA,CAAc,SAAW,EAAA;AACtD,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,wBAAA,EAA2B,cAAc,SAAS,CAAA,mDAAA,CAAA;AAAA,KACpD,CAAA;AAAA,GACF;AAEA,EAAO,OAAA,aAAA,CAAA;AACT,CAAA;AAOA,SAAS,oCACP,MACiC,EAAA;AAvNnC,EAAA,IAAA,EAAA,CAAA;AAwNE,EAAA,MAAM,iBAAoB,GAAA;AAAA,IACxB,WAAA,EAAa,MAAO,CAAA,iBAAA,CAAkB,aAAa,CAAA;AAAA,IACnD,eAAiB,EAAA,CAAA,EAAA,GAAA,MAAA,CAAO,iBAAkB,CAAA,iBAAiB,MAA1C,IAA6C,GAAA,KAAA,CAAA,GAAA,EAAA,CAAA,IAAA,EAAA;AAAA,IAC9D,OAAA,EAAS,MAAO,CAAA,iBAAA,CAAkB,SAAS,CAAA;AAAA,IAC3C,MAAA,EAAQ,MAAO,CAAA,iBAAA,CAAkB,QAAQ,CAAA;AAAA,GAC3C,CAAA;AAGA,EAAA,IAAI,iBAAkB,CAAA,WAAA,IAAe,CAAC,iBAAA,CAAkB,eAAiB,EAAA;AACvE,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,2FAAA,CAAA;AAAA,KACF,CAAA;AAAA,GACF;AAEA,EAAA,IAAI,CAAC,iBAAA,CAAkB,WAAe,IAAA,iBAAA,CAAkB,eAAiB,EAAA;AACvE,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,yFAAA,CAAA;AAAA,KACF,CAAA;AAAA,GACF;AAEA,EAAI,IAAA,iBAAA,CAAkB,OAAW,IAAA,iBAAA,CAAkB,WAAa,EAAA;AAC9D,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,mHAAA,CAAA;AAAA,KACF,CAAA;AAAA,GACF;AAEA,EAAO,OAAA,iBAAA,CAAA;AACT,CAAA;AAOA,SAAS,wCACP,MACoC,EAAA;AACpC,EAAA,MAAM,oBAAuB,GAAA;AAAA,IAC3B,QAAA,EAAU,MAAO,CAAA,iBAAA,CAAkB,UAAU,CAAA;AAAA,IAC7C,SAAA,EAAW,MAAO,CAAA,iBAAA,CAAkB,WAAW,CAAA;AAAA,IAC/C,MAAA,EAAQ,MAAO,CAAA,iBAAA,CAAkB,QAAQ,CAAA;AAAA,IACzC,UAAA,EAAY,MAAO,CAAA,iBAAA,CAAkB,YAAY,CAAA;AAAA,GACnD,CAAA;AAGA,EAAA,IAAI,CAAC,oBAAA,CAAqB,QAAY,IAAA,oBAAA,CAAqB,UAAY,EAAA;AACrE,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,8FAAA,CAAA;AAAA,KACF,CAAA;AAAA,GACF;AAEA,EAAA,IAAI,CAAC,oBAAA,CAAqB,QAAY,IAAA,oBAAA,CAAqB,MAAQ,EAAA;AACjE,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,6FAAA,CAAA;AAAA,KACF,CAAA;AAAA,GACF;AAEA,EAAA,IAAI,CAAC,oBAAA,CAAqB,QAAY,IAAA,oBAAA,CAAqB,SAAW,EAAA;AACpE,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,gGAAA,CAAA;AAAA,KACF,CAAA;AAAA,GACF;AAEA,EAAO,OAAA,oBAAA,CAAA;AACT,CAAA;AAQO,SAAS,yBAAyB,MAAsC,EAAA;AAhS/E,EAAA,IAAA,EAAA,CAAA;AAiSE,EAAA,MAAM,YAAW,EACd,GAAA,MAAA,CAAA,sBAAA,CAAuB,UAAU,CAAA,KADnB,mBAEb,GAAI,CAAA,+BAAA,CAAA,CAAA;AACR,EAAM,MAAA,WAAA,GAAc,MAAO,CAAA,GAAA,CAAI,aAAa,CAAA,GACxC,mCAAoC,CAAA,MAAA,CAAO,SAAU,CAAA,aAAa,CAAC,CAAA,GACnE,EAAC,CAAA;AACL,EAAA,MAAM,eAAkB,GAAA,MAAA,CAAO,GAAI,CAAA,iBAAiB,CAChD,GAAA,uCAAA;AAAA,IACE,MAAA,CAAO,UAAU,iBAAiB,CAAA;AAAA,MAEpC,EAAC,CAAA;AAEL,EAAO,OAAA;AAAA,IACL,QAAA,EAAU,8BAAY,EAAC;AAAA,IACvB,WAAA;AAAA,IACA,eAAA;AAAA,GACF,CAAA;AACF;;AC1QA,eAAe,gBAAgB,YAAqC,EAAA;AAClE,EAAA,IAAI,aAAa,SAAW,EAAA;AAC1B,IAAA,OAAA;AAAA,GACF;AAEA,EAAM,MAAA,MAAA,GAAS,IAAIA,mBAAU,CAAA;AAAA,IAC3B,QAAQ,YAAa,CAAA,SAAA;AAAA,IACrB,eAAiB,EAAA,mCAAA;AAAA,IACjB,yBAAA,EAA2B,MAAM,YAAa,CAAA,qBAAA;AAAA,GAC/C,CAAA,CAAA;AACD,EAAM,MAAA,IAAA,GAAO,MAAM,MAAO,CAAA,IAAA,CAAK,IAAIC,kCAAyB,CAAA,EAAE,CAAC,CAAA,CAAA;AAC/D,EAAA,YAAA,CAAa,YAAY,IAAK,CAAA,OAAA,CAAA;AAChC,CAAA;AAEA,SAAS,oBAAA,CACP,aACA,eAC+B,EAAA;AAC/B,EAAA,OAAO,YAAY;AACjB,IAAA,OAAO,QAAQ,OAAQ,CAAA;AAAA,MACrB,WAAA;AAAA,MACA,eAAA;AAAA,KACD,CAAA,CAAA;AAAA,GACH,CAAA;AACF,CAAA;AAEA,SAAS,qBAAA,CACP,SACA,MAC+B,EAAA;AAC/B,EAAA,OAAOC,2BAAQ,CAAA;AAAA,IACb,OAAA;AAAA,IACA,YAAc,EAAA;AAAA,MACZ,MAAA;AAAA,MACA,eAAiB,EAAA,mCAAA;AAAA,KACnB;AAAA,GACD,CAAA,CAAA;AACH,CAAA;AAEA,SAAS,0BAA4D,GAAA;AACnE,EAAA,OAAOC,yCAAsB,EAAA,CAAA;AAC/B,CAAA;AAYA,SAAS,wBAAA,CACP,QACA,uBAC+B,EAAA;AAhGjC,EAAA,IAAA,EAAA,EAAA,EAAA,CAAA;AAiGE,EAAA,IAAI,OAAO,QAAU,EAAA;AACnB,IAAM,MAAA,MAAA,GAAA,CAAS,EAAO,GAAA,MAAA,CAAA,MAAA,KAAP,IAAiB,GAAA,EAAA,GAAA,WAAA,CAAA;AAChC,IAAM,MAAA,SAAA,GAAA,CAAY,EAAO,GAAA,MAAA,CAAA,SAAA,KAAP,IAAoB,GAAA,EAAA,GAAA,KAAA,CAAA;AAEtC,IAAA,OAAOC,4CAAyB,CAAA;AAAA,MAC9B,iBAAA,EAAmB,OAAO,WACtB,GAAA,oBAAA,CAAqB,OAAO,WAAc,EAAA,MAAA,CAAO,eAAgB,CACjE,GAAA,uBAAA;AAAA,MACJ,MAAQ,EAAA;AAAA,QACN,OAAA,EAAS,OAAO,SAAS,CAAA,MAAA,EAAS,OAAO,SAAS,CAAA,MAAA,EAAS,OAAO,QAAQ,CAAA,CAAA;AAAA,QAC1E,eAAiB,EAAA,WAAA;AAAA,QACjB,YAAY,MAAO,CAAA,UAAA;AAAA,OACrB;AAAA,MACA,YAAc,EAAA;AAAA,QACZ,MAAA;AAAA,QACA,eAAiB,EAAA,mCAAA;AAAA,OACnB;AAAA,KACD,CAAA,CAAA;AAAA,GACH;AAEA,EAAA,IAAI,OAAO,WAAa,EAAA;AACtB,IAAA,OAAO,oBAAqB,CAAA,MAAA,CAAO,WAAc,EAAA,MAAA,CAAO,eAAgB,CAAA,CAAA;AAAA,GAC1E;AAEA,EAAA,IAAI,OAAO,OAAS,EAAA;AAClB,IAAA,OAAO,qBAAsB,CAAA,MAAA,CAAO,OAAU,EAAA,MAAA,CAAO,MAAM,CAAA,CAAA;AAAA,GAC7D;AAEA,EAAA,OAAO,0BAA2B,EAAA,CAAA;AACpC,CAAA;AAUA,SAAS,oCACP,MAC+B,EAAA;AAC/B,EAAA,IAAI,OAAO,WAAa,EAAA;AACtB,IAAA,OAAO,oBAAqB,CAAA,MAAA,CAAO,WAAc,EAAA,MAAA,CAAO,eAAgB,CAAA,CAAA;AAAA,GAC1E;AAEA,EAAA,IAAI,OAAO,OAAS,EAAA;AAClB,IAAA,OAAO,qBAAsB,CAAA,MAAA,CAAO,OAAU,EAAA,MAAA,CAAO,MAAM,CAAA,CAAA;AAAA,GAC7D;AAEA,EAAA,OAAO,0BAA2B,EAAA,CAAA;AACpC,CAAA;AAOO,MAAM,4BAA8D,CAAA;AAAA,EAqCjE,WAAA,CACW,0BAIA,EAAA,eAAA,EACA,6BACjB,EAAA;AANiB,IAAA,IAAA,CAAA,0BAAA,GAAA,0BAAA,CAAA;AAIA,IAAA,IAAA,CAAA,eAAA,GAAA,eAAA,CAAA;AACA,IAAA,IAAA,CAAA,6BAAA,GAAA,6BAAA,CAAA;AAAA,GAChB;AAAA,EA3CH,OAAO,WAAW,MAA8C,EAAA;AAC9D,IAAM,MAAA,SAAA,GAAY,MAAO,CAAA,GAAA,CAAI,KAAK,CAAA,GAC9B,yBAAyB,MAAO,CAAA,SAAA,CAAU,KAAK,CAAC,CAChD,GAAA;AAAA,MACE,UAAU,EAAC;AAAA,MACX,aAAa,EAAC;AAAA,MACd,iBAAiB,EAAC;AAAA,KACpB,CAAA;AAEJ,IAAA,MAAM,0BAA6B,GAAA,mCAAA;AAAA,MACjC,SAAU,CAAA,WAAA;AAAA,KACZ,CAAA;AACA,IAAA,MAAM,uBAAiD,GAAA;AAAA,MACrD,qBAAuB,EAAA,0BAAA;AAAA,KACzB,CAAA;AAEA,IAAM,MAAA,oBAAA,uBAA2B,GAAmC,EAAA,CAAA;AACpE,IAAW,KAAA,MAAA,aAAA,IAAiB,UAAU,QAAU,EAAA;AAC9C,MAAA,MAAM,qBAAwB,GAAA,wBAAA;AAAA,QAC5B,aAAA;AAAA,QACA,0BAAA;AAAA,OACF,CAAA;AACA,MAAqB,oBAAA,CAAA,GAAA,CAAI,cAAc,SAAW,EAAA;AAAA,QAChD,WAAW,aAAc,CAAA,SAAA;AAAA,QACzB,WAAW,aAAc,CAAA,MAAA;AAAA,QACzB,qBAAA;AAAA,OACD,CAAA,CAAA;AAAA,KACH;AAEA,IAAA,OAAO,IAAI,4BAAA;AAAA,MACT,oBAAA;AAAA,MACA,SAAU,CAAA,eAAA;AAAA,MACV,uBAAA;AAAA,KACF,CAAA;AAAA,GACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EA4BA,MAAM,sBACJ,IACgC,EAAA;AAEhC,IAAA,IAAI,CAAC,IAAM,EAAA;AACT,MAAA,OAAO,IAAK,CAAA,6BAAA,CAAA;AAAA,KACd;AAGA,IAAA,IAAI,YAAY,IAAK,CAAA,SAAA,CAAA;AACrB,IAAI,IAAA,IAAA,CAAK,GAAO,IAAA,CAAC,SAAW,EAAA;AAC1B,MAAM,MAAA,aAAA,GAAgBC,mBAAM,CAAA,IAAA,CAAK,GAAG,CAAA,CAAA;AACpC,MAAA,SAAA,GAAY,aAAc,CAAA,SAAA,CAAA;AAAA,KAC5B;AAIA,IAAA,IAAI,CAAC,SAAW,EAAA;AACd,MAAA,OAAO,IAAK,CAAA,6BAAA,CAAA;AAAA,KACd;AAGA,IAAA,IAAI,IAAK,CAAA,0BAAA,CAA2B,GAAI,CAAA,SAAS,CAAG,EAAA;AAClD,MAAO,OAAA,IAAA,CAAK,0BAA2B,CAAA,GAAA,CAAI,SAAS,CAAA,CAAA;AAAA,KACtD;AAGA,IAAI,IAAA,IAAA,CAAK,gBAAgB,QAAU,EAAA;AACjC,MAAA,MAAM,MAAsC,GAAA;AAAA,QAC1C,SAAA;AAAA,QACA,QAAA,EAAU,KAAK,eAAgB,CAAA,QAAA;AAAA,QAC/B,SAAA,EAAW,KAAK,eAAgB,CAAA,SAAA;AAAA,QAChC,MAAA,EAAQ,KAAK,eAAgB,CAAA,MAAA;AAAA,QAC7B,UAAA,EAAY,KAAK,eAAgB,CAAA,UAAA;AAAA,OACnC,CAAA;AACA,MAAA,MAAM,qBAAwB,GAAA,wBAAA;AAAA,QAC5B,MAAA;AAAA,QACA,KAAK,6BAA8B,CAAA,qBAAA;AAAA,OACrC,CAAA;AACA,MAAA,MAAM,YAAsC,GAAA;AAAA,QAC1C,SAAA;AAAA,QACA,qBAAA;AAAA,OACF,CAAA;AACA,MAAK,IAAA,CAAA,0BAAA,CAA2B,GAAI,CAAA,SAAA,EAAW,YAAY,CAAA,CAAA;AAC3D,MAAO,OAAA,YAAA,CAAA;AAAA,KACT;AAIA,IAAM,MAAA,eAAA,CAAgB,KAAK,6BAA6B,CAAA,CAAA;AACxD,IAAI,IAAA,SAAA,KAAc,IAAK,CAAA,6BAAA,CAA8B,SAAW,EAAA;AAC9D,MAAA,OAAO,IAAK,CAAA,6BAAA,CAAA;AAAA,KACd;AAGA,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,4CAA4C,SAAS,CAAA,kDAAA,CAAA;AAAA,KACvD,CAAA;AAAA,GACF;AACF;;;;"}
package/dist/index.d.ts CHANGED
@@ -79,4 +79,4 @@ declare class DefaultAwsCredentialsManager implements AwsCredentialsManager {
79
79
  getCredentialProvider(opts?: AwsCredentialProviderOptions): Promise<AwsCredentialProvider>;
80
80
  }
81
81
 
82
- export { AwsCredentialProvider, AwsCredentialProviderOptions, AwsCredentialsManager, DefaultAwsCredentialsManager };
82
+ export { type AwsCredentialProvider, type AwsCredentialProviderOptions, type AwsCredentialsManager, DefaultAwsCredentialsManager };
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@backstage/integration-aws-node",
3
- "version": "0.1.10",
3
+ "version": "0.1.11",
4
4
  "description": "Helpers for fetching AWS account credentials",
5
5
  "backstage": {
6
6
  "role": "node-library"
@@ -45,11 +45,11 @@
45
45
  "@backstage/errors": "^1.2.4"
46
46
  },
47
47
  "devDependencies": {
48
- "@backstage/cli": "^0.26.0",
48
+ "@backstage/cli": "^0.26.1",
49
49
  "@backstage/config-loader": "^1.7.0",
50
- "@backstage/test-utils": "^1.5.1",
51
- "aws-sdk-client-mock": "^3.0.0",
52
- "aws-sdk-client-mock-jest": "^3.0.0"
50
+ "@backstage/test-utils": "^1.5.2",
51
+ "aws-sdk-client-mock": "^4.0.0",
52
+ "aws-sdk-client-mock-jest": "^4.0.0"
53
53
  },
54
54
  "configSchema": "config.d.ts",
55
55
  "module": "dist/index.esm.js"