@cdklabs/cdk-ecs-codedeploy 0.0.332 → 0.0.334

package/node_modules/@aws-sdk/client-sts/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@aws-sdk/client-sts",
   "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native",
-  "version": "3.666.0",
+  "version": "3.668.0",
   "scripts": {
     "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
     "build:cjs": "node ../../scripts/compilation/inline client-sts",
@@ -22,18 +22,18 @@
   "dependencies": {
     "@aws-crypto/sha256-browser": "5.2.0",
     "@aws-crypto/sha256-js": "5.2.0",
-    "@aws-sdk/client-sso-oidc": "3.666.0",
-    "@aws-sdk/core": "3.666.0",
-    "@aws-sdk/credential-provider-node": "3.666.0",
-    "@aws-sdk/middleware-host-header": "3.664.0",
-    "@aws-sdk/middleware-logger": "3.664.0",
-    "@aws-sdk/middleware-recursion-detection": "3.664.0",
-    "@aws-sdk/middleware-user-agent": "3.666.0",
-    "@aws-sdk/region-config-resolver": "3.664.0",
-    "@aws-sdk/types": "3.664.0",
-    "@aws-sdk/util-endpoints": "3.664.0",
-    "@aws-sdk/util-user-agent-browser": "3.664.0",
-    "@aws-sdk/util-user-agent-node": "3.666.0",
+    "@aws-sdk/client-sso-oidc": "3.668.0",
+    "@aws-sdk/core": "3.667.0",
+    "@aws-sdk/credential-provider-node": "3.668.0",
+    "@aws-sdk/middleware-host-header": "3.667.0",
+    "@aws-sdk/middleware-logger": "3.667.0",
+    "@aws-sdk/middleware-recursion-detection": "3.667.0",
+    "@aws-sdk/middleware-user-agent": "3.668.0",
+    "@aws-sdk/region-config-resolver": "3.667.0",
+    "@aws-sdk/types": "3.667.0",
+    "@aws-sdk/util-endpoints": "3.667.0",
+    "@aws-sdk/util-user-agent-browser": "3.667.0",
+    "@aws-sdk/util-user-agent-node": "3.668.0",
     "@smithy/config-resolver": "^3.0.9",
     "@smithy/core": "^2.4.8",
     "@smithy/fetch-http-handler": "^3.2.9",

package/node_modules/@aws-sdk/core/dist-cjs/submodules/client/index.js

@@ -22,6 +22,7 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 var client_exports = {};
 __export(client_exports, {
   emitWarningIfUnsupportedVersion: () => emitWarningIfUnsupportedVersion,
+  setCredentialFeature: () => setCredentialFeature,
   setFeature: () => setFeature
 });
 module.exports = __toCommonJS(client_exports);
@@ -43,6 +44,16 @@ More information can be found at: https://a.co/74kJMmI`
   }
 }, "emitWarningIfUnsupportedVersion");
 
+// src/submodules/client/setCredentialFeature.ts
+function setCredentialFeature(credentials, feature, value) {
+  if (!credentials.$source) {
+    credentials.$source = {};
+  }
+  credentials.$source[feature] = value;
+  return credentials;
+}
+__name(setCredentialFeature, "setCredentialFeature");
+
 // src/submodules/client/setFeature.ts
 function setFeature(context, feature, value) {
   if (!context.__aws_sdk_context) {
@@ -58,5 +69,6 @@ __name(setFeature, "setFeature");
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   emitWarningIfUnsupportedVersion,
+  setCredentialFeature,
   setFeature
 });

package/node_modules/@aws-sdk/core/dist-cjs/submodules/httpAuthSchemes/index.js

@@ -191,11 +191,14 @@ var NODE_SIGV4A_CONFIG_OPTIONS = {
 };
 
 // src/submodules/httpAuthSchemes/aws_sdk/resolveAwsSdkSigV4Config.ts
+var import_client = require("@aws-sdk/core/client");
 var import_core2 = require("@smithy/core");
 var import_signature_v4 = require("@smithy/signature-v4");
 var resolveAwsSdkSigV4Config = /* @__PURE__ */ __name((config) => {
+  let isUserSupplied = false;
   let normalizedCreds;
   if (config.credentials) {
+    isUserSupplied = true;
     normalizedCreds = (0, import_core2.memoizeIdentityProvider)(config.credentials, import_core2.isIdentityExpired, import_core2.doesIdentityRequireRefresh);
   }
   if (!normalizedCreds) {
@@ -280,7 +283,9 @@ var resolveAwsSdkSigV4Config = /* @__PURE__ */ __name((config) => {
     ...config,
     systemClockOffset,
     signingEscapePath,
-    credentials: normalizedCreds,
+    credentials: isUserSupplied ? async () => normalizedCreds().then(
+      (creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_CODE", "e")
+    ) : normalizedCreds,
     signer
   };
 }, "resolveAwsSdkSigV4Config");

package/node_modules/@aws-sdk/core/dist-es/submodules/client/index.js

@@ -1,2 +1,3 @@
 export * from "./emitWarningIfUnsupportedVersion";
+export * from "./setCredentialFeature";
 export * from "./setFeature";

package/node_modules/@aws-sdk/core/dist-es/submodules/client/setCredentialFeature.js

@@ -0,0 +1,7 @@
+export function setCredentialFeature(credentials, feature, value) {
+    if (!credentials.$source) {
+        credentials.$source = {};
+    }
+    credentials.$source[feature] = value;
+    return credentials;
+}

package/node_modules/@aws-sdk/core/dist-es/submodules/httpAuthSchemes/aws_sdk/resolveAwsSdkSigV4Config.js

@@ -1,8 +1,11 @@
+import { setCredentialFeature } from "@aws-sdk/core/client";
 import { doesIdentityRequireRefresh, isIdentityExpired, memoizeIdentityProvider, normalizeProvider, } from "@smithy/core";
 import { SignatureV4 } from "@smithy/signature-v4";
 export const resolveAwsSdkSigV4Config = (config) => {
+    let isUserSupplied = false;
     let normalizedCreds;
     if (config.credentials) {
+        isUserSupplied = true;
         normalizedCreds = memoizeIdentityProvider(config.credentials, isIdentityExpired, doesIdentityRequireRefresh);
     }
     if (!normalizedCreds) {
@@ -75,7 +78,9 @@ export const resolveAwsSdkSigV4Config = (config) => {
         ...config,
         systemClockOffset,
         signingEscapePath,
-        credentials: normalizedCreds,
+        credentials: isUserSupplied
+            ? async () => normalizedCreds().then((creds) => setCredentialFeature(creds, "CREDENTIALS_CODE", "e"))
+            : normalizedCreds,
         signer,
     };
 };

package/node_modules/@aws-sdk/core/dist-types/submodules/client/index.d.ts

@@ -1,2 +1,3 @@
 export * from "./emitWarningIfUnsupportedVersion";
+export * from "./setCredentialFeature";
 export * from "./setFeature";

package/node_modules/@aws-sdk/core/dist-types/submodules/client/setCredentialFeature.d.ts

@@ -0,0 +1,7 @@
+import type { AttributedAwsCredentialIdentity, AwsSdkCredentialsFeatures } from "@aws-sdk/types";
+/**
+ * @internal
+ *
+ * @returns the credentials with source feature attribution.
+ */
+export declare function setCredentialFeature<F extends keyof AwsSdkCredentialsFeatures>(credentials: AttributedAwsCredentialIdentity, feature: F, value: AwsSdkCredentialsFeatures[F]): AttributedAwsCredentialIdentity;

package/node_modules/@aws-sdk/core/dist-types/ts3.4/submodules/client/index.d.ts

@@ -1,2 +1,3 @@
 export * from "./emitWarningIfUnsupportedVersion";
+export * from "./setCredentialFeature";
 export * from "./setFeature";

package/node_modules/@aws-sdk/core/dist-types/ts3.4/submodules/client/setCredentialFeature.d.ts

@@ -0,0 +1,11 @@
+import {
+  AttributedAwsCredentialIdentity,
+  AwsSdkCredentialsFeatures,
+} from "@aws-sdk/types";
+export declare function setCredentialFeature<
+  F extends keyof AwsSdkCredentialsFeatures
+>(
+  credentials: AttributedAwsCredentialIdentity,
+  feature: F,
+  value: AwsSdkCredentialsFeatures[F]
+): AttributedAwsCredentialIdentity;

package/node_modules/@aws-sdk/core/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aws-sdk/core",
-  "version": "3.666.0",
+  "version": "3.667.0",
   "description": "Core functions & classes shared by multiple AWS SDK clients.",
   "scripts": {
     "build": "yarn lint && concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
@@ -79,7 +79,7 @@
   },
   "license": "Apache-2.0",
   "dependencies": {
-    "@aws-sdk/types": "3.664.0",
+    "@aws-sdk/types": "3.667.0",
     "@smithy/core": "^2.4.8",
     "@smithy/node-config-provider": "^3.1.8",
     "@smithy/property-provider": "^3.1.7",

package/node_modules/@aws-sdk/credential-provider-env/dist-cjs/index.js

@@ -32,6 +32,7 @@ __export(src_exports, {
 module.exports = __toCommonJS(src_exports);
 
 // src/fromEnv.ts
+var import_client = require("@aws-sdk/core/client");
 var import_property_provider = require("@smithy/property-provider");
 var ENV_KEY = "AWS_ACCESS_KEY_ID";
 var ENV_SECRET = "AWS_SECRET_ACCESS_KEY";
@@ -49,7 +50,7 @@ var fromEnv = /* @__PURE__ */ __name((init) => async () => {
   const credentialScope = process.env[ENV_CREDENTIAL_SCOPE];
   const accountId = process.env[ENV_ACCOUNT_ID];
   if (accessKeyId && secretAccessKey) {
-    return {
+    const credentials = {
       accessKeyId,
       secretAccessKey,
       ...sessionToken && { sessionToken },
@@ -57,6 +58,8 @@ var fromEnv = /* @__PURE__ */ __name((init) => async () => {
       ...credentialScope && { credentialScope },
       ...accountId && { accountId }
     };
+    (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_ENV_VARS", "g");
+    return credentials;
   }
   throw new import_property_provider.CredentialsProviderError("Unable to find environment variable credentials.", { logger: init == null ? void 0 : init.logger });
 }, "fromEnv");

package/node_modules/@aws-sdk/credential-provider-env/dist-es/fromEnv.js

@@ -1,3 +1,4 @@
+import { setCredentialFeature } from "@aws-sdk/core/client";
 import { CredentialsProviderError } from "@smithy/property-provider";
 export const ENV_KEY = "AWS_ACCESS_KEY_ID";
 export const ENV_SECRET = "AWS_SECRET_ACCESS_KEY";
@@ -14,7 +15,7 @@ export const fromEnv = (init) => async () => {
     const credentialScope = process.env[ENV_CREDENTIAL_SCOPE];
     const accountId = process.env[ENV_ACCOUNT_ID];
     if (accessKeyId && secretAccessKey) {
-        return {
+        const credentials = {
             accessKeyId,
             secretAccessKey,
             ...(sessionToken && { sessionToken }),
@@ -22,6 +23,8 @@ export const fromEnv = (init) => async () => {
             ...(credentialScope && { credentialScope }),
             ...(accountId && { accountId }),
         };
+        setCredentialFeature(credentials, "CREDENTIALS_ENV_VARS", "g");
+        return credentials;
     }
     throw new CredentialsProviderError("Unable to find environment variable credentials.", { logger: init?.logger });
 };

package/node_modules/@aws-sdk/credential-provider-env/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aws-sdk/credential-provider-env",
-  "version": "3.664.0",
+  "version": "3.667.0",
   "description": "AWS credential provider that sources credentials from known environment variables",
   "main": "./dist-cjs/index.js",
   "module": "./dist-es/index.js",
@@ -24,7 +24,8 @@
   },
   "license": "Apache-2.0",
   "dependencies": {
-    "@aws-sdk/types": "3.664.0",
+    "@aws-sdk/core": "3.667.0",
+    "@aws-sdk/types": "3.667.0",
     "@smithy/property-provider": "^3.1.7",
     "@smithy/types": "^3.5.0",
     "tslib": "^2.6.2"

package/node_modules/@aws-sdk/credential-provider-http/dist-cjs/fromHttp/fromHttp.js

@@ -2,6 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.fromHttp = void 0;
 const tslib_1 = require("tslib");
+const client_1 = require("@aws-sdk/core/client");
 const node_http_handler_1 = require("@smithy/node-http-handler");
 const property_provider_1 = require("@smithy/property-provider");
 const promises_1 = tslib_1.__importDefault(require("fs/promises"));
@@ -57,7 +58,7 @@ Set AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
         }
         try {
             const result = await requestHandler.handle(request);
-            return (0, requestHelpers_1.getCredentials)(result.response);
+            return (0, requestHelpers_1.getCredentials)(result.response).then((creds) => (0, client_1.setCredentialFeature)(creds, "CREDENTIALS_HTTP", "z"));
         }
         catch (e) {
             throw new property_provider_1.CredentialsProviderError(String(e), { logger: options.logger });

package/node_modules/@aws-sdk/credential-provider-http/dist-es/fromHttp/fromHttp.js

@@ -1,3 +1,4 @@
+import { setCredentialFeature } from "@aws-sdk/core/client";
 import { NodeHttpHandler } from "@smithy/node-http-handler";
 import { CredentialsProviderError } from "@smithy/property-provider";
 import fs from "fs/promises";
@@ -53,7 +54,7 @@ Set AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
         }
         try {
             const result = await requestHandler.handle(request);
-            return getCredentials(result.response);
+            return getCredentials(result.response).then((creds) => setCredentialFeature(creds, "CREDENTIALS_HTTP", "z"));
         }
         catch (e) {
             throw new CredentialsProviderError(String(e), { logger: options.logger });

package/node_modules/@aws-sdk/credential-provider-http/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aws-sdk/credential-provider-http",
-  "version": "3.666.0",
+  "version": "3.667.0",
   "description": "AWS credential provider for containers and HTTP sources",
   "main": "./dist-cjs/index.js",
   "module": "./dist-es/index.js",
@@ -26,7 +26,8 @@
   },
   "license": "Apache-2.0",
   "dependencies": {
-    "@aws-sdk/types": "3.664.0",
+    "@aws-sdk/core": "3.667.0",
+    "@aws-sdk/types": "3.667.0",
     "@smithy/fetch-http-handler": "^3.2.9",
     "@smithy/node-http-handler": "^3.2.4",
     "@smithy/property-provider": "^3.1.7",

package/node_modules/@aws-sdk/credential-provider-ini/dist-cjs/index.js

@@ -43,9 +43,11 @@ module.exports = __toCommonJS(src_exports);
 
 // src/resolveAssumeRoleCredentials.ts
 
+
 var import_shared_ini_file_loader = require("@smithy/shared-ini-file-loader");
 
 // src/resolveCredentialSource.ts
+var import_client = require("@aws-sdk/core/client");
 var import_property_provider = require("@smithy/property-provider");
 var resolveCredentialSource = /* @__PURE__ */ __name((credentialSource, profileName, logger) => {
   const sourceProvidersMap = {
@@ -53,17 +55,17 @@ var resolveCredentialSource = /* @__PURE__ */ __name((credentialSource, profileN
       const { fromHttp } = await Promise.resolve().then(() => __toESM(require("@aws-sdk/credential-provider-http")));
       const { fromContainerMetadata } = await Promise.resolve().then(() => __toESM(require("@smithy/credential-provider-imds")));
       logger == null ? void 0 : logger.debug("@aws-sdk/credential-provider-ini - credential_source is EcsContainer");
-      return (0, import_property_provider.chain)(fromHttp(options ?? {}), fromContainerMetadata(options));
+      return async () => (0, import_property_provider.chain)(fromHttp(options ?? {}), fromContainerMetadata(options))().then(setNamedProvider);
     },
     Ec2InstanceMetadata: async (options) => {
       logger == null ? void 0 : logger.debug("@aws-sdk/credential-provider-ini - credential_source is Ec2InstanceMetadata");
       const { fromInstanceMetadata } = await Promise.resolve().then(() => __toESM(require("@smithy/credential-provider-imds")));
-      return fromInstanceMetadata(options);
+      return async () => fromInstanceMetadata(options)().then(setNamedProvider);
     },
     Environment: async (options) => {
       logger == null ? void 0 : logger.debug("@aws-sdk/credential-provider-ini - credential_source is Environment");
       const { fromEnv } = await Promise.resolve().then(() => __toESM(require("@aws-sdk/credential-provider-env")));
-      return fromEnv(options);
+      return async () => fromEnv(options)().then(setNamedProvider);
     }
   };
   if (credentialSource in sourceProvidersMap) {
@@ -75,6 +77,7 @@ var resolveCredentialSource = /* @__PURE__ */ __name((credentialSource, profileN
     );
   }
 }, "resolveCredentialSource");
+var setNamedProvider = /* @__PURE__ */ __name((creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_NAMED_PROVIDER", "p"), "setNamedProvider");
 
 // src/resolveAssumeRoleCredentials.ts
 var isAssumeRoleProfile = /* @__PURE__ */ __name((arg, { profile = "default", logger } = {}) => {
@@ -132,7 +135,7 @@ var resolveAssumeRoleCredentials = /* @__PURE__ */ __name(async (profileName, pr
     isCredentialSourceWithoutRoleArn(profiles[source_profile] ?? {})
   ) : (await resolveCredentialSource(data.credential_source, profileName, options.logger)(options))();
   if (isCredentialSourceWithoutRoleArn(data)) {
-    return sourceCredsProvider;
+    return sourceCredsProvider.then((creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_SOURCE_PROFILE", "o"));
   } else {
     const params = {
       RoleArn: data.role_arn,
@@ -152,7 +155,9 @@ var resolveAssumeRoleCredentials = /* @__PURE__ */ __name(async (profileName, pr
       params.TokenCode = await options.mfaCodeProvider(mfa_serial);
     }
     const sourceCreds = await sourceCredsProvider;
-    return options.roleAssumer(sourceCreds, params);
+    return options.roleAssumer(sourceCreds, params).then(
+      (creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_SOURCE_PROFILE", "o")
+    );
   }
 }, "resolveAssumeRoleCredentials");
 var isCredentialSourceWithoutRoleArn = /* @__PURE__ */ __name((section) => {
@@ -160,39 +165,50 @@ var isCredentialSourceWithoutRoleArn = /* @__PURE__ */ __name((section) => {
 }, "isCredentialSourceWithoutRoleArn");
 
 // src/resolveProcessCredentials.ts
+
 var isProcessProfile = /* @__PURE__ */ __name((arg) => Boolean(arg) && typeof arg === "object" && typeof arg.credential_process === "string", "isProcessProfile");
 var resolveProcessCredentials = /* @__PURE__ */ __name(async (options, profile) => Promise.resolve().then(() => __toESM(require("@aws-sdk/credential-provider-process"))).then(
   ({ fromProcess }) => fromProcess({
     ...options,
     profile
-  })()
+  })().then((creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_PROCESS", "v"))
 ), "resolveProcessCredentials");
 
 // src/resolveSsoCredentials.ts
-var resolveSsoCredentials = /* @__PURE__ */ __name(async (profile, options = {}) => {
+
+var resolveSsoCredentials = /* @__PURE__ */ __name(async (profile, profileData, options = {}) => {
   const { fromSSO } = await Promise.resolve().then(() => __toESM(require("@aws-sdk/credential-provider-sso")));
   return fromSSO({
     profile,
     logger: options.logger
-  })();
+  })().then((creds) => {
+    if (profileData.sso_session) {
+      return (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_SSO", "r");
+    } else {
+      return (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_SSO_LEGACY", "t");
+    }
+  });
 }, "resolveSsoCredentials");
 var isSsoProfile = /* @__PURE__ */ __name((arg) => arg && (typeof arg.sso_start_url === "string" || typeof arg.sso_account_id === "string" || typeof arg.sso_session === "string" || typeof arg.sso_region === "string" || typeof arg.sso_role_name === "string"), "isSsoProfile");
 
 // src/resolveStaticCredentials.ts
+
 var isStaticCredsProfile = /* @__PURE__ */ __name((arg) => Boolean(arg) && typeof arg === "object" && typeof arg.aws_access_key_id === "string" && typeof arg.aws_secret_access_key === "string" && ["undefined", "string"].indexOf(typeof arg.aws_session_token) > -1 && ["undefined", "string"].indexOf(typeof arg.aws_account_id) > -1, "isStaticCredsProfile");
-var resolveStaticCredentials = /* @__PURE__ */ __name((profile, options) => {
+var resolveStaticCredentials = /* @__PURE__ */ __name(async (profile, options) => {
   var _a;
   (_a = options == null ? void 0 : options.logger) == null ? void 0 : _a.debug("@aws-sdk/credential-provider-ini - resolveStaticCredentials");
-  return Promise.resolve({
+  const credentials = {
     accessKeyId: profile.aws_access_key_id,
     secretAccessKey: profile.aws_secret_access_key,
     sessionToken: profile.aws_session_token,
     ...profile.aws_credential_scope && { credentialScope: profile.aws_credential_scope },
     ...profile.aws_account_id && { accountId: profile.aws_account_id }
-  });
+  };
+  return (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_PROFILE", "n");
 }, "resolveStaticCredentials");
 
 // src/resolveWebIdentityCredentials.ts
+
 var isWebIdentityProfile = /* @__PURE__ */ __name((arg) => Boolean(arg) && typeof arg === "object" && typeof arg.web_identity_token_file === "string" && typeof arg.role_arn === "string" && ["undefined", "string"].indexOf(typeof arg.role_session_name) > -1, "isWebIdentityProfile");
 var resolveWebIdentityCredentials = /* @__PURE__ */ __name(async (profile, options) => Promise.resolve().then(() => __toESM(require("@aws-sdk/credential-provider-web-identity"))).then(
   ({ fromTokenFile }) => fromTokenFile({
@@ -202,7 +218,7 @@ var resolveWebIdentityCredentials = /* @__PURE__ */ __name(async (profile, optio
     roleAssumerWithWebIdentity: options.roleAssumerWithWebIdentity,
     logger: options.logger,
     parentClientConfig: options.parentClientConfig
-  })()
+  })().then((creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_STS_WEB_ID_TOKEN", "q"))
 ), "resolveWebIdentityCredentials");
 
 // src/resolveProfileData.ts
@@ -224,7 +240,7 @@ var resolveProfileData = /* @__PURE__ */ __name(async (profileName, profiles, op
     return resolveProcessCredentials(options, profileName);
   }
   if (isSsoProfile(data)) {
-    return await resolveSsoCredentials(profileName, options);
+    return await resolveSsoCredentials(profileName, data, options);
   }
   throw new import_property_provider.CredentialsProviderError(
     `Could not resolve credentials using profile: [${profileName}] in configuration/credentials file(s).`,

package/node_modules/@aws-sdk/credential-provider-ini/dist-es/resolveAssumeRoleCredentials.js

@@ -1,3 +1,4 @@
+import { setCredentialFeature } from "@aws-sdk/core/client";
 import { CredentialsProviderError } from "@smithy/property-provider";
 import { getProfileName } from "@smithy/shared-ini-file-loader";
 import { resolveCredentialSource } from "./resolveCredentialSource";
@@ -50,7 +51,7 @@ export const resolveAssumeRoleCredentials = async (profileName, profiles, option
         }, isCredentialSourceWithoutRoleArn(profiles[source_profile] ?? {}))
         : (await resolveCredentialSource(data.credential_source, profileName, options.logger)(options))();
     if (isCredentialSourceWithoutRoleArn(data)) {
-        return sourceCredsProvider;
+        return sourceCredsProvider.then((creds) => setCredentialFeature(creds, "CREDENTIALS_PROFILE_SOURCE_PROFILE", "o"));
     }
     else {
         const params = {
@@ -68,7 +69,7 @@ export const resolveAssumeRoleCredentials = async (profileName, profiles, option
             params.TokenCode = await options.mfaCodeProvider(mfa_serial);
         }
         const sourceCreds = await sourceCredsProvider;
-        return options.roleAssumer(sourceCreds, params);
+        return options.roleAssumer(sourceCreds, params).then((creds) => setCredentialFeature(creds, "CREDENTIALS_PROFILE_SOURCE_PROFILE", "o"));
     }
 };
 const isCredentialSourceWithoutRoleArn = (section) => {

package/node_modules/@aws-sdk/credential-provider-ini/dist-es/resolveCredentialSource.js

@@ -1,3 +1,4 @@
+import { setCredentialFeature } from "@aws-sdk/core/client";
 import { chain, CredentialsProviderError } from "@smithy/property-provider";
 export const resolveCredentialSource = (credentialSource, profileName, logger) => {
     const sourceProvidersMap = {
@@ -5,17 +6,17 @@ export const resolveCredentialSource = (credentialSource, profileName, logger) =
             const { fromHttp } = await import("@aws-sdk/credential-provider-http");
             const { fromContainerMetadata } = await import("@smithy/credential-provider-imds");
             logger?.debug("@aws-sdk/credential-provider-ini - credential_source is EcsContainer");
-            return chain(fromHttp(options ?? {}), fromContainerMetadata(options));
+            return async () => chain(fromHttp(options ?? {}), fromContainerMetadata(options))().then(setNamedProvider);
         },
         Ec2InstanceMetadata: async (options) => {
             logger?.debug("@aws-sdk/credential-provider-ini - credential_source is Ec2InstanceMetadata");
             const { fromInstanceMetadata } = await import("@smithy/credential-provider-imds");
-            return fromInstanceMetadata(options);
+            return async () => fromInstanceMetadata(options)().then(setNamedProvider);
         },
         Environment: async (options) => {
             logger?.debug("@aws-sdk/credential-provider-ini - credential_source is Environment");
             const { fromEnv } = await import("@aws-sdk/credential-provider-env");
-            return fromEnv(options);
+            return async () => fromEnv(options)().then(setNamedProvider);
         },
     };
     if (credentialSource in sourceProvidersMap) {
@@ -26,3 +27,4 @@ export const resolveCredentialSource = (credentialSource, profileName, logger) =
             `expected EcsContainer or Ec2InstanceMetadata or Environment.`, { logger });
     }
 };
+const setNamedProvider = (creds) => setCredentialFeature(creds, "CREDENTIALS_PROFILE_NAMED_PROVIDER", "p");

package/node_modules/@aws-sdk/credential-provider-ini/dist-es/resolveProcessCredentials.js

@@ -1,5 +1,6 @@
+import { setCredentialFeature } from "@aws-sdk/core/client";
 export const isProcessProfile = (arg) => Boolean(arg) && typeof arg === "object" && typeof arg.credential_process === "string";
 export const resolveProcessCredentials = async (options, profile) => import("@aws-sdk/credential-provider-process").then(({ fromProcess }) => fromProcess({
     ...options,
     profile,
-})());
+})().then((creds) => setCredentialFeature(creds, "CREDENTIALS_PROFILE_PROCESS", "v")));

package/node_modules/@aws-sdk/credential-provider-ini/dist-es/resolveProfileData.js

@@ -22,7 +22,7 @@ export const resolveProfileData = async (profileName, profiles, options, visited
         return resolveProcessCredentials(options, profileName);
     }
     if (isSsoProfile(data)) {
-        return await resolveSsoCredentials(profileName, options);
+        return await resolveSsoCredentials(profileName, data, options);
     }
     throw new CredentialsProviderError(`Could not resolve credentials using profile: [${profileName}] in configuration/credentials file(s).`, { logger: options.logger });
 };

package/node_modules/@aws-sdk/credential-provider-ini/dist-es/resolveSsoCredentials.js

@@ -1,9 +1,17 @@
-export const resolveSsoCredentials = async (profile, options = {}) => {
+import { setCredentialFeature } from "@aws-sdk/core/client";
+export const resolveSsoCredentials = async (profile, profileData, options = {}) => {
     const { fromSSO } = await import("@aws-sdk/credential-provider-sso");
     return fromSSO({
         profile,
         logger: options.logger,
-    })();
+    })().then((creds) => {
+        if (profileData.sso_session) {
+            return setCredentialFeature(creds, "CREDENTIALS_PROFILE_SSO", "r");
+        }
+        else {
+            return setCredentialFeature(creds, "CREDENTIALS_PROFILE_SSO_LEGACY", "t");
+        }
+    });
 };
 export const isSsoProfile = (arg) => arg &&
     (typeof arg.sso_start_url === "string" ||

package/node_modules/@aws-sdk/credential-provider-ini/dist-es/resolveStaticCredentials.js

@@ -1,16 +1,18 @@
+import { setCredentialFeature } from "@aws-sdk/core/client";
 export const isStaticCredsProfile = (arg) => Boolean(arg) &&
     typeof arg === "object" &&
     typeof arg.aws_access_key_id === "string" &&
     typeof arg.aws_secret_access_key === "string" &&
     ["undefined", "string"].indexOf(typeof arg.aws_session_token) > -1 &&
     ["undefined", "string"].indexOf(typeof arg.aws_account_id) > -1;
-export const resolveStaticCredentials = (profile, options) => {
+export const resolveStaticCredentials = async (profile, options) => {
     options?.logger?.debug("@aws-sdk/credential-provider-ini - resolveStaticCredentials");
-    return Promise.resolve({
+    const credentials = {
         accessKeyId: profile.aws_access_key_id,
         secretAccessKey: profile.aws_secret_access_key,
         sessionToken: profile.aws_session_token,
         ...(profile.aws_credential_scope && { credentialScope: profile.aws_credential_scope }),
         ...(profile.aws_account_id && { accountId: profile.aws_account_id }),
-    });
+    };
+    return setCredentialFeature(credentials, "CREDENTIALS_PROFILE", "n");
 };

package/node_modules/@aws-sdk/credential-provider-ini/dist-es/resolveWebIdentityCredentials.js

@@ -1,3 +1,4 @@
+import { setCredentialFeature } from "@aws-sdk/core/client";
 export const isWebIdentityProfile = (arg) => Boolean(arg) &&
     typeof arg === "object" &&
     typeof arg.web_identity_token_file === "string" &&
@@ -10,4 +11,4 @@ export const resolveWebIdentityCredentials = async (profile, options) => import(
     roleAssumerWithWebIdentity: options.roleAssumerWithWebIdentity,
     logger: options.logger,
     parentClientConfig: options.parentClientConfig,
-})());
+})().then((creds) => setCredentialFeature(creds, "CREDENTIALS_PROFILE_STS_WEB_ID_TOKEN", "q")));

package/node_modules/@aws-sdk/credential-provider-ini/dist-types/resolveAssumeRoleCredentials.d.ts

@@ -1,4 +1,4 @@
-import { AwsCredentialIdentity, Logger, ParsedIniData } from "@smithy/types";
+import { Logger, ParsedIniData } from "@smithy/types";
 import { FromIniInit } from "./fromIni";
 /**
  * @internal
@@ -44,4 +44,4 @@ export declare const isAssumeRoleProfile: (arg: any, { profile, logger }?: {
 /**
  * @internal
  */
-export declare const resolveAssumeRoleCredentials: (profileName: string, profiles: ParsedIniData, options: FromIniInit, visitedProfiles?: Record<string, true>) => Promise<AwsCredentialIdentity>;
+export declare const resolveAssumeRoleCredentials: (profileName: string, profiles: ParsedIniData, options: FromIniInit, visitedProfiles?: Record<string, true>) => Promise<import("@aws-sdk/types").AttributedAwsCredentialIdentity>;

package/node_modules/@aws-sdk/credential-provider-ini/dist-types/resolveSsoCredentials.d.ts

@@ -1,10 +1,10 @@
 import type { SsoProfile } from "@aws-sdk/credential-provider-sso";
 import type { CredentialProviderOptions } from "@aws-sdk/types";
-import type { Profile } from "@smithy/types";
+import type { IniSection, Profile } from "@smithy/types";
 /**
  * @internal
  */
-export declare const resolveSsoCredentials: (profile: string, options?: CredentialProviderOptions) => Promise<import("@aws-sdk/types").AwsCredentialIdentity>;
+export declare const resolveSsoCredentials: (profile: string, profileData: IniSection, options?: CredentialProviderOptions) => Promise<import("@aws-sdk/types").AttributedAwsCredentialIdentity>;
 /**
  * @internal
  * duplicated from \@aws-sdk/credential-provider-sso to defer import.

package/node_modules/@aws-sdk/credential-provider-ini/dist-types/ts3.4/resolveAssumeRoleCredentials.d.ts

@@ -1,4 +1,4 @@
-import { AwsCredentialIdentity, Logger, ParsedIniData } from "@smithy/types";
+import { Logger, ParsedIniData } from "@smithy/types";
 import { FromIniInit } from "./fromIni";
 export interface AssumeRoleParams {
   RoleArn: string;
@@ -23,4 +23,4 @@ export declare const resolveAssumeRoleCredentials: (
   profiles: ParsedIniData,
   options: FromIniInit,
   visitedProfiles?: Record<string, true>
-) => Promise<AwsCredentialIdentity>;
+) => Promise<import("@aws-sdk/types").AttributedAwsCredentialIdentity>;

package/node_modules/@aws-sdk/credential-provider-ini/dist-types/ts3.4/resolveSsoCredentials.d.ts

@@ -1,8 +1,9 @@
 import { SsoProfile } from "@aws-sdk/credential-provider-sso";
 import { CredentialProviderOptions } from "@aws-sdk/types";
-import { Profile } from "@smithy/types";
+import { IniSection, Profile } from "@smithy/types";
 export declare const resolveSsoCredentials: (
   profile: string,
+  profileData: IniSection,
   options?: CredentialProviderOptions
-) => Promise<import("@aws-sdk/types").AwsCredentialIdentity>;
+) => Promise<import("@aws-sdk/types").AttributedAwsCredentialIdentity>;
 export declare const isSsoProfile: (arg: Profile) => arg is Partial<SsoProfile>;