npm - @cdk8s/awscdk-resolver - Versions diffs - 0.0.54 → 0.0.56 - Mend

@cdk8s/awscdk-resolver 0.0.54 → 0.0.56

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (371) hide show

package/node_modules/@aws-sdk/credential-provider-http/dist-es/fromHttp/fromHttp.js ADDED Viewed

@@ -0,0 +1,59 @@
+import { NodeHttpHandler } from "@smithy/node-http-handler";
+import { CredentialsProviderError } from "@smithy/property-provider";
+import fs from "fs/promises";
+import { checkUrl } from "./checkUrl";
+import { createGetRequest, getCredentials } from "./requestHelpers";
+import { retryWrapper } from "./retry-wrapper";
+const AWS_CONTAINER_CREDENTIALS_RELATIVE_URI = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI";
+const DEFAULT_LINK_LOCAL_HOST = "http://169.254.170.2";
+const AWS_CONTAINER_CREDENTIALS_FULL_URI = "AWS_CONTAINER_CREDENTIALS_FULL_URI";
+const AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE = "AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE";
+const AWS_CONTAINER_AUTHORIZATION_TOKEN = "AWS_CONTAINER_AUTHORIZATION_TOKEN";
+export const fromHttp = (options) => {
+    options.logger?.debug("@aws-sdk/credential-provider-http", "fromHttp");
+    let host;
+    const relative = options.awsContainerCredentialsRelativeUri ?? process.env[AWS_CONTAINER_CREDENTIALS_RELATIVE_URI];
+    const full = options.awsContainerCredentialsFullUri ?? process.env[AWS_CONTAINER_CREDENTIALS_FULL_URI];
+    const token = options.awsContainerAuthorizationToken ?? process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN];
+    const tokenFile = options.awsContainerAuthorizationTokenFile ?? process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE];
+    if (relative && full) {
+        console.warn("AWS SDK HTTP credentials provider:", "you have set both awsContainerCredentialsRelativeUri and awsContainerCredentialsFullUri.");
+        console.warn("awsContainerCredentialsFullUri will take precedence.");
+    }
+    if (token && tokenFile) {
+        console.warn("AWS SDK HTTP credentials provider:", "you have set both awsContainerAuthorizationToken and awsContainerAuthorizationTokenFile.");
+        console.warn("awsContainerAuthorizationToken will take precedence.");
+    }
+    if (full) {
+        host = full;
+    }
+    else if (relative) {
+        host = `${DEFAULT_LINK_LOCAL_HOST}${relative}`;
+    }
+    else {
+        throw new CredentialsProviderError(`No HTTP credential provider host provided.
+Set AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI.`);
+    }
+    const url = new URL(host);
+    checkUrl(url);
+    const requestHandler = new NodeHttpHandler({
+        requestTimeout: options.timeout ?? 1000,
+        connectionTimeout: options.timeout ?? 1000,
+    });
+    return retryWrapper(async () => {
+        const request = createGetRequest(url);
+        if (token) {
+            request.headers.Authorization = token;
+        }
+        else if (tokenFile) {
+            request.headers.Authorization = (await fs.readFile(tokenFile)).toString();
+        }
+        try {
+            const result = await requestHandler.handle(request);
+            return getCredentials(result.response);
+        }
+        catch (e) {
+            throw new CredentialsProviderError(String(e));
+        }
+    }, options.maxRetries ?? 3, options.timeout ?? 1000);
+};

package/node_modules/@aws-sdk/credential-provider-http/dist-es/fromHttp/fromHttpTypes.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ export {};

package/node_modules/@aws-sdk/credential-provider-http/dist-es/fromHttp/requestHelpers.js ADDED Viewed

@@ -0,0 +1,53 @@
+import { CredentialsProviderError } from "@smithy/property-provider";
+import { HttpRequest } from "@smithy/protocol-http";
+import { parseRfc3339DateTime } from "@smithy/smithy-client";
+import { sdkStreamMixin } from "@smithy/util-stream";
+export function createGetRequest(url) {
+    return new HttpRequest({
+        protocol: url.protocol,
+        hostname: url.hostname,
+        port: Number(url.port),
+        path: url.pathname,
+        query: Array.from(url.searchParams.entries()).reduce((acc, [k, v]) => {
+            acc[k] = v;
+            return acc;
+        }, {}),
+        fragment: url.hash,
+    });
+}
+export async function getCredentials(response) {
+    const contentType = response?.headers["content-type"] ?? response?.headers["Content-Type"] ?? "";
+    if (!contentType.includes("json")) {
+        console.warn("HTTP credential provider response header content-type was not application/json. Observed: " + contentType + ".");
+    }
+    const stream = sdkStreamMixin(response.body);
+    const str = await stream.transformToString();
+    if (response.statusCode === 200) {
+        const parsed = JSON.parse(str);
+        if (typeof parsed.AccessKeyId !== "string" ||
+            typeof parsed.SecretAccessKey !== "string" ||
+            typeof parsed.Token !== "string" ||
+            typeof parsed.Expiration !== "string") {
+            throw new CredentialsProviderError("HTTP credential provider response not of the required format, an object matching: " +
+                "{ AccessKeyId: string, SecretAccessKey: string, Token: string, Expiration: string(rfc3339) }");
+        }
+        return {
+            accessKeyId: parsed.AccessKeyId,
+            secretAccessKey: parsed.SecretAccessKey,
+            sessionToken: parsed.Token,
+            expiration: parseRfc3339DateTime(parsed.Expiration),
+        };
+    }
+    if (response.statusCode >= 400 && response.statusCode < 500) {
+        let parsedBody = {};
+        try {
+            parsedBody = JSON.parse(str);
+        }
+        catch (e) { }
+        throw Object.assign(new CredentialsProviderError(`Server responded with status: ${response.statusCode}`), {
+            Code: parsedBody.Code,
+            Message: parsedBody.Message,
+        });
+    }
+    throw new CredentialsProviderError(`Server responded with status: ${response.statusCode}`);
+}

package/node_modules/@aws-sdk/credential-provider-http/dist-es/fromHttp/retry-wrapper.js ADDED Viewed

@@ -0,0 +1,13 @@
+export const retryWrapper = (toRetry, maxRetries, delayMs) => {
+    return async () => {
+        for (let i = 0; i < maxRetries; ++i) {
+            try {
+                return await toRetry();
+            }
+            catch (e) {
+                await new Promise((resolve) => setTimeout(resolve, delayMs));
+            }
+        }
+        return await toRetry();
+    };
+};

package/node_modules/@aws-sdk/credential-provider-http/dist-es/index.browser.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ export { fromHttp } from "./fromHttp/fromHttp.browser";

package/node_modules/@aws-sdk/credential-provider-http/dist-es/index.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ export { fromHttp } from "./fromHttp/fromHttp";

package/node_modules/@aws-sdk/credential-provider-http/dist-types/fromHttp/checkUrl.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+/**
+ * @internal
+ *
+ * @param url - to be validated.
+ * @throws if not acceptable to this provider.
+ */
+export declare const checkUrl: (url: URL) => void;

package/node_modules/@aws-sdk/credential-provider-http/dist-types/fromHttp/fromHttp.browser.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import { AwsCredentialIdentityProvider } from "@smithy/types";
+import type { FromHttpOptions } from "./fromHttpTypes";
+/**
+ * Creates a provider that gets credentials via HTTP request.
+ */
+export declare const fromHttp: (options: FromHttpOptions) => AwsCredentialIdentityProvider;

package/node_modules/@aws-sdk/credential-provider-http/dist-types/fromHttp/fromHttp.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import { AwsCredentialIdentityProvider } from "@smithy/types";
+import type { FromHttpOptions } from "./fromHttpTypes";
+/**
+ * Creates a provider that gets credentials via HTTP request.
+ */
+export declare const fromHttp: (options: FromHttpOptions) => AwsCredentialIdentityProvider;

package/node_modules/@aws-sdk/credential-provider-http/dist-types/fromHttp/fromHttpTypes.d.ts ADDED Viewed

@@ -0,0 +1,69 @@
+import type { CredentialProviderOptions } from "@aws-sdk/types";
+/**
+ * @public
+ *
+ * Input for the fromHttp function in the HTTP Credentials Provider for Node.js.
+ */
+export interface FromHttpOptions extends CredentialProviderOptions {
+    /**
+     * If this value is provided, it will be used as-is.
+     *
+     * For browser environments, use instead {@link credentialsFullUri}.
+     */
+    awsContainerCredentialsFullUri?: string;
+    /**
+     * If this value is provided instead of the full URI, it
+     * will be appended to the default link local host of 169.254.170.2.
+     *
+     * Not supported in browsers.
+     */
+    awsContainerCredentialsRelativeUri?: string;
+    /**
+     * Will be read on each credentials request to
+     * add an Authorization request header value.
+     *
+     * Not supported in browsers.
+     */
+    awsContainerAuthorizationTokenFile?: string;
+    /**
+     * An alternative to awsContainerAuthorizationTokenFile,
+     * this is the token value itself.
+     *
+     * For browser environments, use instead {@link authorizationToken}.
+     */
+    awsContainerAuthorizationToken?: string;
+    /**
+     * BROWSER ONLY.
+     *
+     * In browsers, a relative URI is not allowed, and a full URI must be provided.
+     * HTTPS is required.
+     *
+     * This value is required for the browser environment.
+     */
+    credentialsFullUri?: string;
+    /**
+     * BROWSER ONLY.
+     *
+     * Providing this value will set an "Authorization" request
+     * header value on the GET request.
+     */
+    authorizationToken?: string;
+    /**
+     * Default is 3 retry attempts or 4 total attempts.
+     */
+    maxRetries?: number;
+    /**
+     * Default is 1000ms. Time in milliseconds to spend waiting between retry attempts.
+     */
+    timeout?: number;
+}
+/**
+ * @public
+ */
+export type HttpProviderCredentials = {
+    AccessKeyId: string;
+    SecretAccessKey: string;
+    Token: string;
+    AccountId?: string;
+    Expiration: string;
+};

package/node_modules/@aws-sdk/credential-provider-http/dist-types/fromHttp/requestHelpers.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+import { AwsCredentialIdentity } from "@aws-sdk/types";
+import { HttpRequest } from "@smithy/protocol-http";
+import { HttpResponse } from "@smithy/types";
+/**
+ * @internal
+ */
+export declare function createGetRequest(url: URL): HttpRequest;
+/**
+ * @internal
+ */
+export declare function getCredentials(response: HttpResponse): Promise<AwsCredentialIdentity>;

package/node_modules/@aws-sdk/credential-provider-http/dist-types/fromHttp/retry-wrapper.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+/**
+ * @internal
+ */
+export interface RetryableProvider<T> {
+    (): Promise<T>;
+}
+/**
+ * @internal
+ */
+export declare const retryWrapper: <T>(toRetry: RetryableProvider<T>, maxRetries: number, delayMs: number) => RetryableProvider<T>;

package/node_modules/@aws-sdk/credential-provider-http/dist-types/index.browser.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export { fromHttp } from "./fromHttp/fromHttp.browser";
2	+ export type { FromHttpOptions, HttpProviderCredentials } from "./fromHttp/fromHttpTypes";

package/node_modules/@aws-sdk/credential-provider-http/dist-types/index.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export { fromHttp } from "./fromHttp/fromHttp";
2	+ export type { FromHttpOptions, HttpProviderCredentials } from "./fromHttp/fromHttpTypes";

package/node_modules/@aws-sdk/credential-provider-http/dist-types/ts3.4/fromHttp/checkUrl.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export declare const checkUrl: (url: URL) => void;

package/node_modules/@aws-sdk/credential-provider-http/dist-types/ts3.4/fromHttp/fromHttp.browser.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+import { AwsCredentialIdentityProvider } from "@smithy/types";
+import { FromHttpOptions } from "./fromHttpTypes";
+export declare const fromHttp: (
+  options: FromHttpOptions
+) => AwsCredentialIdentityProvider;

package/node_modules/@aws-sdk/credential-provider-http/dist-types/ts3.4/fromHttp/fromHttp.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+import { AwsCredentialIdentityProvider } from "@smithy/types";
+import { FromHttpOptions } from "./fromHttpTypes";
+export declare const fromHttp: (
+  options: FromHttpOptions
+) => AwsCredentialIdentityProvider;

package/node_modules/@aws-sdk/credential-provider-http/dist-types/ts3.4/fromHttp/fromHttpTypes.d.ts ADDED Viewed

@@ -0,0 +1,18 @@
+import { CredentialProviderOptions } from "@aws-sdk/types";
+export interface FromHttpOptions extends CredentialProviderOptions {
+  awsContainerCredentialsFullUri?: string;
+  awsContainerCredentialsRelativeUri?: string;
+  awsContainerAuthorizationTokenFile?: string;
+  awsContainerAuthorizationToken?: string;
+  credentialsFullUri?: string;
+  authorizationToken?: string;
+  maxRetries?: number;
+  timeout?: number;
+}
+export type HttpProviderCredentials = {
+  AccessKeyId: string;
+  SecretAccessKey: string;
+  Token: string;
+  AccountId?: string;
+  Expiration: string;
+};

package/node_modules/@aws-sdk/credential-provider-http/dist-types/ts3.4/fromHttp/requestHelpers.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import { AwsCredentialIdentity } from "@aws-sdk/types";
+import { HttpRequest } from "@smithy/protocol-http";
+import { HttpResponse } from "@smithy/types";
+export declare function createGetRequest(url: URL): HttpRequest;
+export declare function getCredentials(
+  response: HttpResponse
+): Promise<AwsCredentialIdentity>;

package/node_modules/@aws-sdk/credential-provider-http/dist-types/ts3.4/fromHttp/retry-wrapper.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+export interface RetryableProvider<T> {
+  (): Promise<T>;
+}
+export declare const retryWrapper: <T>(
+  toRetry: RetryableProvider<T>,
+  maxRetries: number,
+  delayMs: number
+) => RetryableProvider<T>;

package/node_modules/@aws-sdk/credential-provider-http/dist-types/ts3.4/index.browser.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+export { fromHttp } from "./fromHttp/fromHttp.browser";
+export {
+  FromHttpOptions,
+  HttpProviderCredentials,
+} from "./fromHttp/fromHttpTypes";

package/node_modules/@aws-sdk/credential-provider-http/dist-types/ts3.4/index.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+export { fromHttp } from "./fromHttp/fromHttp";
+export {
+  FromHttpOptions,
+  HttpProviderCredentials,
+} from "./fromHttp/fromHttpTypes";

package/node_modules/@aws-sdk/credential-provider-http/package.json ADDED Viewed

@@ -0,0 +1,67 @@
+{
+  "name": "@aws-sdk/credential-provider-http",
+  "version": "3.503.1",
+  "description": "AWS credential provider for containers and HTTP sources",
+  "main": "./dist-cjs/index.js",
+  "module": "./dist-es/index.js",
+  "browser": "./dist-es/index.browser.js",
+  "react-native": "./dist-es/index.browser.js",
+  "scripts": {
+    "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
+    "build:cjs": "node ../../scripts/compilation/inline credential-provider-http",
+    "build:es": "tsc -p tsconfig.es.json",
+    "build:include:deps": "lerna run --scope $npm_package_name --include-dependencies build",
+    "build:types": "tsc -p tsconfig.types.json",
+    "build:types:downlevel": "downlevel-dts dist-types dist-types/ts3.4",
+    "clean": "rimraf ./dist-* && rimraf *.tsbuildinfo",
+    "test": "jest"
+  },
+  "keywords": [
+    "aws",
+    "credentials"
+  ],
+  "author": {
+    "name": "AWS SDK for JavaScript Team",
+    "url": "https://aws.amazon.com/javascript/"
+  },
+  "license": "Apache-2.0",
+  "dependencies": {
+    "@aws-sdk/types": "3.502.0",
+    "@smithy/fetch-http-handler": "^2.4.1",
+    "@smithy/node-http-handler": "^2.3.1",
+    "@smithy/property-provider": "^2.1.1",
+    "@smithy/protocol-http": "^3.1.1",
+    "@smithy/smithy-client": "^2.3.1",
+    "@smithy/types": "^2.9.1",
+    "@smithy/util-stream": "^2.1.1",
+    "tslib": "^2.5.0"
+  },
+  "devDependencies": {
+    "@tsconfig/recommended": "1.0.1",
+    "@types/node": "^14.14.31",
+    "concurrently": "7.0.0",
+    "downlevel-dts": "0.10.1",
+    "rimraf": "3.0.2",
+    "typescript": "~4.9.5"
+  },
+  "types": "./dist-types/index.d.ts",
+  "engines": {
+    "node": ">=14.0.0"
+  },
+  "typesVersions": {
+    "<4.0": {
+      "dist-types/*": [
+        "dist-types/ts3.4/*"
+      ]
+    }
+  },
+  "files": [
+    "dist-*/**"
+  ],
+  "homepage": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/aws/aws-sdk-js-v3.git",
+    "directory": "packages/credential-provider-http"
+  }
+}

package/node_modules/@aws-sdk/credential-provider-ini/dist-cjs/index.js CHANGED Viewed

@@ -1,8 +1,13 @@
+var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
 var __export = (target, all) => {
   for (var name in all)
     __defProp(target, name, { get: all[name], enumerable: true });
@@ -15,8 +20,28 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// src/loadSts.ts
+var loadSts_exports = {};
+__export(loadSts_exports, {
+  getDefaultRoleAssumer: () => import_client_sts.getDefaultRoleAssumer
+});
+var import_client_sts;
+var init_loadSts = __esm({
+  "src/loadSts.ts"() {
+    import_client_sts = require("@aws-sdk/client-sts");
+  }
+});
 // src/index.ts
 var src_exports = {};
 __export(src_exports, {
@@ -35,17 +60,15 @@ module.exports = __toCommonJS(src_exports);
 var import_shared_ini_file_loader = require("@smithy/shared-ini-file-loader");
 // src/resolveCredentialSource.ts
-var import_credential_provider_env = require("@aws-sdk/credential-provider-env");
-var import_credential_provider_imds = require("@smithy/credential-provider-imds");
 var import_property_provider = require("@smithy/property-provider");
 var resolveCredentialSource = /* @__PURE__ */ __name((credentialSource, profileName) => {
   const sourceProvidersMap = {
-    EcsContainer: import_credential_provider_imds.fromContainerMetadata,
-    Ec2InstanceMetadata: import_credential_provider_imds.fromInstanceMetadata,
-    Environment: import_credential_provider_env.fromEnv
+    EcsContainer: (options) => Promise.resolve().then(() => __toESM(require("@smithy/credential-provider-imds"))).then(({ fromContainerMetadata }) => fromContainerMetadata(options)),
+    Ec2InstanceMetadata: (options) => Promise.resolve().then(() => __toESM(require("@smithy/credential-provider-imds"))).then(({ fromInstanceMetadata }) => fromInstanceMetadata(options)),
+    Environment: (options) => Promise.resolve().then(() => __toESM(require("@aws-sdk/credential-provider-env"))).then(({ fromEnv }) => fromEnv(options))
   };
   if (credentialSource in sourceProvidersMap) {
-    return sourceProvidersMap[credentialSource]();
+    return sourceProvidersMap[credentialSource];
   } else {
     throw new import_property_provider.CredentialsProviderError(
       `Unsupported credential source in profile ${profileName}. Got ${credentialSource}, expected EcsContainer or Ec2InstanceMetadata or Environment.`
@@ -58,12 +81,12 @@ var isAssumeRoleProfile = /* @__PURE__ */ __name((arg) => Boolean(arg) && typeof
 var isAssumeRoleWithSourceProfile = /* @__PURE__ */ __name((arg) => typeof arg.source_profile === "string" && typeof arg.credential_source === "undefined", "isAssumeRoleWithSourceProfile");
 var isAssumeRoleWithProviderProfile = /* @__PURE__ */ __name((arg) => typeof arg.credential_source === "string" && typeof arg.source_profile === "undefined", "isAssumeRoleWithProviderProfile");
 var resolveAssumeRoleCredentials = /* @__PURE__ */ __name(async (profileName, profiles, options, visitedProfiles = {}) => {
+  var _a;
+  (_a = options.logger) == null ? void 0 : _a.debug("@aws-sdk/credential-provider-ini", "resolveAssumeRoleCredentials (STS)");
   const data = profiles[profileName];
   if (!options.roleAssumer) {
-    throw new import_property_provider.CredentialsProviderError(
-      `Profile ${profileName} requires a role to be assumed, but no role assumption callback was provided.`,
-      false
-    );
+    const { getDefaultRoleAssumer: getDefaultRoleAssumer2 } = await Promise.resolve().then(() => (init_loadSts(), loadSts_exports));
+    options.roleAssumer = getDefaultRoleAssumer2(options.clientConfig, options.clientPlugins);
   }
   const { source_profile } = data;
   if (source_profile && source_profile in visitedProfiles) {
@@ -75,7 +98,7 @@ var resolveAssumeRoleCredentials = /* @__PURE__ */ __name(async (profileName, pr
   const sourceCredsProvider = source_profile ? resolveProfileData(source_profile, profiles, options, {
     ...visitedProfiles,
     [source_profile]: true
-  }) : resolveCredentialSource(data.credential_source, profileName)();
+  }) : (await resolveCredentialSource(data.credential_source, profileName)(options))();
   const params = {
     RoleArn: data.role_arn,
     RoleSessionName: data.role_session_name || `aws-sdk-js-${Date.now()}`,
@@ -98,57 +121,60 @@ var resolveAssumeRoleCredentials = /* @__PURE__ */ __name(async (profileName, pr
 }, "resolveAssumeRoleCredentials");
 // src/resolveProcessCredentials.ts
-var import_credential_provider_process = require("@aws-sdk/credential-provider-process");
 var isProcessProfile = /* @__PURE__ */ __name((arg) => Boolean(arg) && typeof arg === "object" && typeof arg.credential_process === "string", "isProcessProfile");
-var resolveProcessCredentials = /* @__PURE__ */ __name(async (options, profile) => (0, import_credential_provider_process.fromProcess)({
-  ...options,
-  profile
-})(), "resolveProcessCredentials");
+var resolveProcessCredentials = /* @__PURE__ */ __name(async (options, profile) => Promise.resolve().then(() => __toESM(require("@aws-sdk/credential-provider-process"))).then(
+  ({ fromProcess }) => fromProcess({
+    ...options,
+    profile
+  })()
+), "resolveProcessCredentials");
 // src/resolveSsoCredentials.ts
-var import_credential_provider_sso = require("@aws-sdk/credential-provider-sso");
-var resolveSsoCredentials = /* @__PURE__ */ __name((data) => {
-  const { sso_start_url, sso_account_id, sso_session, sso_region, sso_role_name } = (0, import_credential_provider_sso.validateSsoProfile)(data);
-  return (0, import_credential_provider_sso.fromSSO)({
-    ssoStartUrl: sso_start_url,
-    ssoAccountId: sso_account_id,
-    ssoSession: sso_session,
-    ssoRegion: sso_region,
-    ssoRoleName: sso_role_name
+var resolveSsoCredentials = /* @__PURE__ */ __name(async (profile, options = {}) => {
+  const { fromSSO } = await Promise.resolve().then(() => __toESM(require("@aws-sdk/credential-provider-sso")));
+  return fromSSO({
+    profile,
+    logger: options.logger
   })();
 }, "resolveSsoCredentials");
+var isSsoProfile = /* @__PURE__ */ __name((arg) => arg && (typeof arg.sso_start_url === "string" || typeof arg.sso_account_id === "string" || typeof arg.sso_session === "string" || typeof arg.sso_region === "string" || typeof arg.sso_role_name === "string"), "isSsoProfile");
 // src/resolveStaticCredentials.ts
 var isStaticCredsProfile = /* @__PURE__ */ __name((arg) => Boolean(arg) && typeof arg === "object" && typeof arg.aws_access_key_id === "string" && typeof arg.aws_secret_access_key === "string" && ["undefined", "string"].indexOf(typeof arg.aws_session_token) > -1, "isStaticCredsProfile");
-var resolveStaticCredentials = /* @__PURE__ */ __name((profile) => Promise.resolve({
-  accessKeyId: profile.aws_access_key_id,
-  secretAccessKey: profile.aws_secret_access_key,
-  sessionToken: profile.aws_session_token,
-  credentialScope: profile.aws_credential_scope
-}), "resolveStaticCredentials");
+var resolveStaticCredentials = /* @__PURE__ */ __name((profile, options) => {
+  var _a;
+  (_a = options == null ? void 0 : options.logger) == null ? void 0 : _a.debug("@aws-sdk/credential-provider-ini", "resolveStaticCredentials");
+  return Promise.resolve({
+    accessKeyId: profile.aws_access_key_id,
+    secretAccessKey: profile.aws_secret_access_key,
+    sessionToken: profile.aws_session_token,
+    credentialScope: profile.aws_credential_scope
+  });
+}, "resolveStaticCredentials");
 // src/resolveWebIdentityCredentials.ts
-var import_credential_provider_web_identity = require("@aws-sdk/credential-provider-web-identity");
 var isWebIdentityProfile = /* @__PURE__ */ __name((arg) => Boolean(arg) && typeof arg === "object" && typeof arg.web_identity_token_file === "string" && typeof arg.role_arn === "string" && ["undefined", "string"].indexOf(typeof arg.role_session_name) > -1, "isWebIdentityProfile");
-var resolveWebIdentityCredentials = /* @__PURE__ */ __name(async (profile, options) => (0, import_credential_provider_web_identity.fromTokenFile)({
-  webIdentityTokenFile: profile.web_identity_token_file,
-  roleArn: profile.role_arn,
-  roleSessionName: profile.role_session_name,
-  roleAssumerWithWebIdentity: options.roleAssumerWithWebIdentity
-})(), "resolveWebIdentityCredentials");
+var resolveWebIdentityCredentials = /* @__PURE__ */ __name(async (profile, options) => Promise.resolve().then(() => __toESM(require("@aws-sdk/credential-provider-web-identity"))).then(
+  ({ fromTokenFile }) => fromTokenFile({
+    webIdentityTokenFile: profile.web_identity_token_file,
+    roleArn: profile.role_arn,
+    roleSessionName: profile.role_session_name,
+    roleAssumerWithWebIdentity: options.roleAssumerWithWebIdentity,
+    logger: options.logger
+  })()
+), "resolveWebIdentityCredentials");
 // src/resolveProfileData.ts
 var resolveProfileData = /* @__PURE__ */ __name(async (profileName, profiles, options, visitedProfiles = {}) => {
   const data = profiles[profileName];
   if (Object.keys(visitedProfiles).length > 0 && isStaticCredsProfile(data)) {
-    return resolveStaticCredentials(data);
+    return resolveStaticCredentials(data, options);
   }
   if (isAssumeRoleProfile(data)) {
     return resolveAssumeRoleCredentials(profileName, profiles, options, visitedProfiles);
   }
   if (isStaticCredsProfile(data)) {
-    return resolveStaticCredentials(data);
+    return resolveStaticCredentials(data, options);
   }
   if (isWebIdentityProfile(data)) {
     return resolveWebIdentityCredentials(data, options);
@@ -156,14 +182,16 @@ var resolveProfileData = /* @__PURE__ */ __name(async (profileName, profiles, op
   if (isProcessProfile(data)) {
     return resolveProcessCredentials(options, profileName);
   }
-  if ((0, import_credential_provider_sso.isSsoProfile)(data)) {
-    return resolveSsoCredentials(data);
+  if (isSsoProfile(data)) {
+    return await resolveSsoCredentials(profileName, options);
   }
   throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} could not be found or parsed in shared credentials file.`);
 }, "resolveProfileData");
 // src/fromIni.ts
 var fromIni = /* @__PURE__ */ __name((init = {}) => async () => {
+  var _a;
+  (_a = init.logger) == null ? void 0 : _a.debug("@aws-sdk/credential-provider-ini", "fromIni");
   const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init);
   return resolveProfileData((0, import_shared_ini_file_loader.getProfileName)(init), profiles, init);
 }, "fromIni");

package/node_modules/@aws-sdk/credential-provider-ini/dist-cjs/loadSts.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ module.exports = require("./index.js");

package/node_modules/@aws-sdk/credential-provider-ini/dist-es/fromIni.js CHANGED Viewed

@@ -1,6 +1,7 @@
 import { getProfileName, parseKnownFiles } from "@smithy/shared-ini-file-loader";
 import { resolveProfileData } from "./resolveProfileData";
 export const fromIni = (init = {}) => async () => {
+    init.logger?.debug("@aws-sdk/credential-provider-ini", "fromIni");
     const profiles = await parseKnownFiles(init);
     return resolveProfileData(getProfileName(init), profiles, init);
 };

package/node_modules/@aws-sdk/credential-provider-ini/dist-es/loadSts.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import { getDefaultRoleAssumer } from "@aws-sdk/client-sts";
2	+ export { getDefaultRoleAssumer };

package/node_modules/@aws-sdk/credential-provider-ini/dist-es/resolveAssumeRoleCredentials.js CHANGED Viewed

@@ -12,9 +12,11 @@ export const isAssumeRoleProfile = (arg) => Boolean(arg) &&
 const isAssumeRoleWithSourceProfile = (arg) => typeof arg.source_profile === "string" && typeof arg.credential_source === "undefined";
 const isAssumeRoleWithProviderProfile = (arg) => typeof arg.credential_source === "string" && typeof arg.source_profile === "undefined";
 export const resolveAssumeRoleCredentials = async (profileName, profiles, options, visitedProfiles = {}) => {
+    options.logger?.debug("@aws-sdk/credential-provider-ini", "resolveAssumeRoleCredentials (STS)");
     const data = profiles[profileName];
     if (!options.roleAssumer) {
-        throw new CredentialsProviderError(`Profile ${profileName} requires a role to be assumed, but no role assumption callback was provided.`, false);
+        const { getDefaultRoleAssumer } = await import("./loadSts");
+        options.roleAssumer = getDefaultRoleAssumer(options.clientConfig, options.clientPlugins);
     }
     const { source_profile } = data;
     if (source_profile && source_profile in visitedProfiles) {
@@ -27,7 +29,7 @@ export const resolveAssumeRoleCredentials = async (profileName, profiles, option
             ...visitedProfiles,
             [source_profile]: true,
         })
-        : resolveCredentialSource(data.credential_source, profileName)();
+        : (await resolveCredentialSource(data.credential_source, profileName)(options))();
     const params = {
         RoleArn: data.role_arn,
         RoleSessionName: data.role_session_name || `aws-sdk-js-${Date.now()}`,