@aws-sdk/credential-provider-sso
Advanced tools
@aws-sdk/credential-provider-sso - npm Package Compare versions
Comparing version 3.21.0 to 3.22.0
@@ -6,2 +6,18 @@ # Change Log | ||
| # [3.22.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.21.0...v3.22.0) (2021-07-16) | ||
| ### Bug Fixes | ||
| * **clients:** prefix `dist/` for typesVersions TS<4 ([#2580](https://github.com/aws/aws-sdk-js-v3/issues/2580)) ([dff5cd4](https://github.com/aws/aws-sdk-js-v3/commit/dff5cd4b6fa00453e938ce8f238c1542ee7ba3d6)) | ||
| ### Features | ||
| * **credential-provider-sso:** support sso credential when resolving shared credential file ([#2583](https://github.com/aws/aws-sdk-js-v3/issues/2583)) ([9480e70](https://github.com/aws/aws-sdk-js-v3/commit/9480e70da4ac59d4d08f01702b4e62bf42397394)) | ||
| # [3.21.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.20.0...v3.21.0) (2021-07-09) | ||
@@ -8,0 +24,0 @@ |
| "use strict"; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| exports.fromSSO = exports.EXPIRE_WINDOW_MS = void 0; | ||
| exports.isSsoProfile = exports.validateSsoProfile = exports.fromSSO = exports.EXPIRE_WINDOW_MS = void 0; | ||
| const client_sso_1 = require("@aws-sdk/client-sso"); | ||
| const credential_provider_ini_1 = require("@aws-sdk/credential-provider-ini"); | ||
| const property_provider_1 = require("@aws-sdk/property-provider"); | ||
| const shared_ini_file_loader_1 = require("@aws-sdk/shared-ini-file-loader"); | ||
| const util_credentials_1 = require("@aws-sdk/util-credentials"); | ||
| const crypto_1 = require("crypto"); | ||
@@ -24,21 +24,32 @@ const fs_1 = require("fs"); | ||
| const fromSSO = (init = {}) => async () => { | ||
| const profiles = await credential_provider_ini_1.parseKnownFiles(init); | ||
| return resolveSSOCredentials(credential_provider_ini_1.getMasterProfileName(init), profiles, init); | ||
| }; | ||
| exports.fromSSO = fromSSO; | ||
| const resolveSSOCredentials = async (profileName, profiles, options) => { | ||
| const profile = profiles[profileName]; | ||
| if (!profile) { | ||
| throw new property_provider_1.CredentialsProviderError(`Profile ${profileName} could not be found in shared credentials file.`); | ||
| const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoClient } = init; | ||
| if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName) { | ||
| // Load the SSO config from shared AWS config file. | ||
| const profiles = await util_credentials_1.parseKnownFiles(init); | ||
| const profileName = util_credentials_1.getMasterProfileName(init); | ||
| const profile = profiles[profileName]; | ||
| if (!exports.isSsoProfile(profile)) { | ||
| throw new property_provider_1.CredentialsProviderError(`Profile ${profileName} is not configured with SSO credentials.`); | ||
| } | ||
| const { sso_start_url, sso_account_id, sso_region, sso_role_name } = exports.validateSsoProfile(profile); | ||
| return resolveSSOCredentials({ | ||
| ssoStartUrl: sso_start_url, | ||
| ssoAccountId: sso_account_id, | ||
| ssoRegion: sso_region, | ||
| ssoRoleName: sso_role_name, | ||
| ssoClient: ssoClient, | ||
| }); | ||
| } | ||
| const { sso_start_url: startUrl, sso_account_id: accountId, sso_region: region, sso_role_name: roleName } = profile; | ||
| if (!startUrl && !accountId && !region && !roleName) { | ||
| throw new property_provider_1.CredentialsProviderError(`Profile ${profileName} is not configured with SSO credentials.`); | ||
| else if (!ssoStartUrl || !ssoAccountId || !ssoRegion || !ssoRoleName) { | ||
| throw new property_provider_1.CredentialsProviderError('Incomplete configuration. The fromSSO() argument hash must include "ssoStartUrl",' + | ||
| ' "ssoAccountId", "ssoRegion", "ssoRoleName"'); | ||
| } | ||
| if (!startUrl || !accountId || !region || !roleName) { | ||
| throw new property_provider_1.CredentialsProviderError(`Profile ${profileName} does not have valid SSO credentials. Required parameters "sso_account_id", "sso_region", ` + | ||
| `"sso_role_name", "sso_start_url". Reference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`, SHOULD_FAIL_CREDENTIAL_CHAIN); | ||
| else { | ||
| return resolveSSOCredentials({ ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoClient }); | ||
| } | ||
| }; | ||
| exports.fromSSO = fromSSO; | ||
| const resolveSSOCredentials = async ({ ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoClient, }) => { | ||
| const hasher = crypto_1.createHash("sha1"); | ||
| const cacheName = hasher.update(startUrl).digest("hex"); | ||
| const cacheName = hasher.update(ssoStartUrl).digest("hex"); | ||
| const tokenFile = path_1.join(shared_ini_file_loader_1.getHomeDir(), ".aws", "sso", "cache", `${cacheName}.json`); | ||
@@ -57,8 +68,8 @@ let token; | ||
| const { accessToken } = token; | ||
| const sso = options.ssoClient || new client_sso_1.SSOClient({ region }); | ||
| const sso = ssoClient || new client_sso_1.SSOClient({ region: ssoRegion }); | ||
| let ssoResp; | ||
| try { | ||
| ssoResp = await sso.send(new client_sso_1.GetRoleCredentialsCommand({ | ||
| accountId, | ||
| roleName, | ||
| accountId: ssoAccountId, | ||
| roleName: ssoRoleName, | ||
| accessToken, | ||
@@ -76,2 +87,23 @@ })); | ||
| }; | ||
| //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsb0RBQTRHO0FBQzVHLDhFQUE0RztBQUM1RyxrRUFBc0U7QUFDdEUsNEVBQTRFO0FBRTVFLG1DQUFvQztBQUNwQywyQkFBa0M7QUFDbEMsK0JBQTRCO0FBRTVCOzs7OztHQUtHO0FBQ1UsUUFBQSxnQkFBZ0IsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQztBQUUvQyxNQUFNLDRCQUE0QixHQUFHLEtBQUssQ0FBQztBQWtCM0M7OztHQUdHO0FBQ0ksTUFBTSxPQUFPLEdBQ2xCLENBQUMsT0FBb0IsRUFBRSxFQUFzQixFQUFFLENBQy9DLEtBQUssSUFBSSxFQUFFO0lBQ1QsTUFBTSxRQUFRLEdBQUcsTUFBTSx5Q0FBZSxDQUFDLElBQUksQ0FBQyxDQUFDO0lBQzdDLE9BQU8scUJBQXFCLENBQUMsOENBQW9CLENBQUMsSUFBSSxDQUFDLEVBQUUsUUFBUSxFQUFFLElBQUksQ0FBQyxDQUFDO0FBQzNFLENBQUMsQ0FBQztBQUxTLFFBQUEsT0FBTyxXQUtoQjtBQUVKLE1BQU0scUJBQXFCLEdBQUcsS0FBSyxFQUNqQyxXQUFtQixFQUNuQixRQUF1QixFQUN2QixPQUFvQixFQUNFLEVBQUU7SUFDeEIsTUFBTSxPQUFPLEdBQUcsUUFBUSxDQUFDLFdBQVcsQ0FBQyxDQUFDO0lBQ3RDLElBQUksQ0FBQyxPQUFPLEVBQUU7UUFDWixNQUFNLElBQUksNENBQXdCLENBQUMsV0FBVyxXQUFXLGlEQUFpRCxDQUFDLENBQUM7S0FDN0c7SUFDRCxNQUFNLEVBQUUsYUFBYSxFQUFFLFFBQVEsRUFBRSxjQUFjLEVBQUUsU0FBUyxFQUFFLFVBQVUsRUFBRSxNQUFNLEVBQUUsYUFBYSxFQUFFLFFBQVEsRUFBRSxHQUFHLE9BQU8sQ0FBQztJQUNwSCxJQUFJLENBQUMsUUFBUSxJQUFJLENBQUMsU0FBUyxJQUFJLENBQUMsTUFBTSxJQUFJLENBQUMsUUFBUSxFQUFFO1FBQ25ELE1BQU0sSUFBSSw0Q0FBd0IsQ0FBQyxXQUFXLFdBQVcsMENBQTBDLENBQUMsQ0FBQztLQUN0RztJQUNELElBQUksQ0FBQyxRQUFRLElBQUksQ0FBQyxTQUFTLElBQUksQ0FBQyxNQUFNLElBQUksQ0FBQyxRQUFRLEVBQUU7UUFDbkQsTUFBTSxJQUFJLDRDQUF3QixDQUNoQyxXQUFXLFdBQVcsNEZBQTRGO1lBQ2hILHNIQUFzSCxFQUN4SCw0QkFBNEIsQ0FDN0IsQ0FBQztLQUNIO0lBQ0QsTUFBTSxNQUFNLEdBQUcsbUJBQVUsQ0FBQyxNQUFNLENBQUMsQ0FBQztJQUNsQyxNQUFNLFNBQVMsR0FBRyxNQUFNLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQztJQUN4RCxNQUFNLFNBQVMsR0FBRyxXQUFJLENBQUMsbUNBQVUsRUFBRSxFQUFFLE1BQU0sRUFBRSxLQUFLLEVBQUUsT0FBTyxFQUFFLEdBQUcsU0FBUyxPQUFPLENBQUMsQ0FBQztJQUNsRixJQUFJLEtBQWUsQ0FBQztJQUNwQixJQUFJO1FBQ0YsS0FBSyxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsaUJBQVksQ0FBQyxTQUFTLEVBQUUsRUFBRSxRQUFRLEVBQUUsT0FBTyxFQUFFLENBQUMsQ0FBQyxDQUFDO1FBQ25FLElBQUksSUFBSSxJQUFJLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQyxDQUFDLE9BQU8sRUFBRSxHQUFHLElBQUksQ0FBQyxHQUFHLEVBQUUsSUFBSSx3QkFBZ0IsRUFBRTtZQUN4RSxNQUFNLElBQUksS0FBSyxDQUFDLHVCQUF1QixDQUFDLENBQUM7U0FDMUM7S0FDRjtJQUFDLE9BQU8sQ0FBQyxFQUFFO1FBQ1YsTUFBTSxJQUFJLDRDQUF3QixDQUNoQyxnSEFBZ0g7WUFDOUcsbURBQW1ELEVBQ3JELDRCQUE0QixDQUM3QixDQUFDO0tBQ0g7SUFDRCxNQUFNLEVBQUUsV0FBVyxFQUFFLEdBQUcsS0FBSyxDQUFDO0lBQzlCLE1BQU0sR0FBRyxHQUFHLE9BQU8sQ0FBQyxTQUFTLElBQUksSUFBSSxzQkFBUyxDQUFDLEVBQUUsTUFBTSxFQUFFLENBQUMsQ0FBQztJQUMzRCxJQUFJLE9BQXdDLENBQUM7SUFDN0MsSUFBSTtRQUNGLE9BQU8sR0FBRyxNQUFNLEdBQUcsQ0FBQyxJQUFJLENBQ3RCLElBQUksc0NBQXlCLENBQUM7WUFDNUIsU0FBUztZQUNULFFBQVE7WUFDUixXQUFXO1NBQ1osQ0FBQyxDQUNILENBQUM7S0FDSDtJQUFDLE9BQU8sQ0FBQyxFQUFFO1FBQ1YsTUFBTSw0Q0FBd0IsQ0FBQyxJQUFJLENBQUMsQ0FBQyxFQUFFLDRCQUE0QixDQUFDLENBQUM7S0FDdEU7SUFDRCxNQUFNLEVBQUUsZUFBZSxFQUFFLEVBQUUsV0FBVyxFQUFFLGVBQWUsRUFBRSxZQUFZLEVBQUUsVUFBVSxFQUFFLEdBQUcsRUFBRSxFQUFFLEdBQUcsT0FBTyxDQUFDO0lBQ3JHLElBQUksQ0FBQyxXQUFXLElBQUksQ0FBQyxlQUFlLElBQUksQ0FBQyxZQUFZLElBQUksQ0FBQyxVQUFVLEVBQUU7UUFDcEUsTUFBTSxJQUFJLDRDQUF3QixDQUFDLDhDQUE4QyxFQUFFLDRCQUE0QixDQUFDLENBQUM7S0FDbEg7SUFDRCxPQUFPLEVBQUUsV0FBVyxFQUFFLGVBQWUsRUFBRSxZQUFZLEVBQUUsVUFBVSxFQUFFLElBQUksSUFBSSxDQUFDLFVBQVUsQ0FBQyxFQUFFLENBQUM7QUFDMUYsQ0FBQyxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgR2V0Um9sZUNyZWRlbnRpYWxzQ29tbWFuZCwgR2V0Um9sZUNyZWRlbnRpYWxzQ29tbWFuZE91dHB1dCwgU1NPQ2xpZW50IH0gZnJvbSBcIkBhd3Mtc2RrL2NsaWVudC1zc29cIjtcbmltcG9ydCB7IGdldE1hc3RlclByb2ZpbGVOYW1lLCBwYXJzZUtub3duRmlsZXMsIFNvdXJjZVByb2ZpbGVJbml0IH0gZnJvbSBcIkBhd3Mtc2RrL2NyZWRlbnRpYWwtcHJvdmlkZXItaW5pXCI7XG5pbXBvcnQgeyBDcmVkZW50aWFsc1Byb3ZpZGVyRXJyb3IgfSBmcm9tIFwiQGF3cy1zZGsvcHJvcGVydHktcHJvdmlkZXJcIjtcbmltcG9ydCB7IGdldEhvbWVEaXIsIFBhcnNlZEluaURhdGEgfSBmcm9tIFwiQGF3cy1zZGsvc2hhcmVkLWluaS1maWxlLWxvYWRlclwiO1xuaW1wb3J0IHsgQ3JlZGVudGlhbFByb3ZpZGVyLCBDcmVkZW50aWFscyB9IGZyb20gXCJAYXdzLXNkay90eXBlc1wiO1xuaW1wb3J0IHsgY3JlYXRlSGFzaCB9IGZyb20gXCJjcnlwdG9cIjtcbmltcG9ydCB7IHJlYWRGaWxlU3luYyB9IGZyb20gXCJmc1wiO1xuaW1wb3J0IHsgam9pbiB9IGZyb20gXCJwYXRoXCI7XG5cbi8qKlxuICogVGhlIHRpbWUgd2luZG93ICgxNSBtaW5zKSB0aGF0IFNESyB3aWxsIHRyZWF0IHRoZSBTU08gdG9rZW4gZXhwaXJlcyBpbiBiZWZvcmUgdGhlIGRlZmluZWQgZXhwaXJhdGlvbiBkYXRlIGluIHRva2VuLlxuICogVGhpcyBpcyBuZWVkZWQgYmVjYXVzZSBzZXJ2ZXIgc2lkZSBtYXkgaGF2ZSBpbnZhbGlkYXRlZCB0aGUgdG9rZW4gYmVmb3JlIHRoZSBkZWZpbmVkIGV4cGlyYXRpb24gZGF0ZS5cbiAqXG4gKiBAaW50ZXJuYWxcbiAqL1xuZXhwb3J0IGNvbnN0IEVYUElSRV9XSU5ET1dfTVMgPSAxNSAqIDYwICogMTAwMDtcblxuY29uc3QgU0hPVUxEX0ZBSUxfQ1JFREVOVElBTF9DSEFJTiA9IGZhbHNlO1xuXG4vKipcbiAqIENhY2hlZCBTU08gdG9rZW4gcmV0cmlldmVkIGZyb20gU1NPIGxvZ2luIGZsb3cuXG4gKi9cbmludGVyZmFjZSBTU09Ub2tlbiB7XG4gIC8vIEEgYmFzZTY0IGVuY29kZWQgc3RyaW5nIHJldHVybmVkIGJ5IHRoZSBzc28tb2lkYyBzZXJ2aWNlLlxuICBhY2Nlc3NUb2tlbjogc3RyaW5nO1xuICAvLyBSRkMzMzM5IGZvcm1hdCB0aW1lc3RhbXBcbiAgZXhwaXJlc0F0OiBzdHJpbmc7XG4gIHJlZ2lvbj86IHN0cmluZztcbiAgc3RhcnRVcmw/OiBzdHJpbmc7XG59XG5cbmV4cG9ydCBpbnRlcmZhY2UgRnJvbVNTT0luaXQgZXh0ZW5kcyBTb3VyY2VQcm9maWxlSW5pdCB7XG4gIHNzb0NsaWVudD86IFNTT0NsaWVudDtcbn1cblxuLyoqXG4gKiBDcmVhdGVzIGEgY3JlZGVudGlhbCBwcm92aWRlciB0aGF0IHdpbGwgcmVhZCBmcm9tIGEgY3JlZGVudGlhbF9wcm9jZXNzIHNwZWNpZmllZFxuICogaW4gaW5pIGZpbGVzLlxuICovXG5leHBvcnQgY29uc3QgZnJvbVNTTyA9XG4gIChpbml0OiBGcm9tU1NPSW5pdCA9IHt9KTogQ3JlZGVudGlhbFByb3ZpZGVyID0+XG4gIGFzeW5jICgpID0+IHtcbiAgICBjb25zdCBwcm9maWxlcyA9IGF3YWl0IHBhcnNlS25vd25GaWxlcyhpbml0KTtcbiAgICByZXR1cm4gcmVzb2x2ZVNTT0NyZWRlbnRpYWxzKGdldE1hc3RlclByb2ZpbGVOYW1lKGluaXQpLCBwcm9maWxlcywgaW5pdCk7XG4gIH07XG5cbmNvbnN0IHJlc29sdmVTU09DcmVkZW50aWFscyA9IGFzeW5jIChcbiAgcHJvZmlsZU5hbWU6IHN0cmluZyxcbiAgcHJvZmlsZXM6IFBhcnNlZEluaURhdGEsXG4gIG9wdGlvbnM6IEZyb21TU09Jbml0XG4pOiBQcm9taXNlPENyZWRlbnRpYWxzPiA9PiB7XG4gIGNvbnN0IHByb2ZpbGUgPSBwcm9maWxlc1twcm9maWxlTmFtZV07XG4gIGlmICghcHJvZmlsZSkge1xuICAgIHRocm93IG5ldyBDcmVkZW50aWFsc1Byb3ZpZGVyRXJyb3IoYFByb2ZpbGUgJHtwcm9maWxlTmFtZX0gY291bGQgbm90IGJlIGZvdW5kIGluIHNoYXJlZCBjcmVkZW50aWFscyBmaWxlLmApO1xuICB9XG4gIGNvbnN0IHsgc3NvX3N0YXJ0X3VybDogc3RhcnRVcmwsIHNzb19hY2NvdW50X2lkOiBhY2NvdW50SWQsIHNzb19yZWdpb246IHJlZ2lvbiwgc3NvX3JvbGVfbmFtZTogcm9sZU5hbWUgfSA9IHByb2ZpbGU7XG4gIGlmICghc3RhcnRVcmwgJiYgIWFjY291bnRJZCAmJiAhcmVnaW9uICYmICFyb2xlTmFtZSkge1xuICAgIHRocm93IG5ldyBDcmVkZW50aWFsc1Byb3ZpZGVyRXJyb3IoYFByb2ZpbGUgJHtwcm9maWxlTmFtZX0gaXMgbm90IGNvbmZpZ3VyZWQgd2l0aCBTU08gY3JlZGVudGlhbHMuYCk7XG4gIH1cbiAgaWYgKCFzdGFydFVybCB8fCAhYWNjb3VudElkIHx8ICFyZWdpb24gfHwgIXJvbGVOYW1lKSB7XG4gICAgdGhyb3cgbmV3IENyZWRlbnRpYWxzUHJvdmlkZXJFcnJvcihcbiAgICAgIGBQcm9maWxlICR7cHJvZmlsZU5hbWV9IGRvZXMgbm90IGhhdmUgdmFsaWQgU1NPIGNyZWRlbnRpYWxzLiBSZXF1aXJlZCBwYXJhbWV0ZXJzIFwic3NvX2FjY291bnRfaWRcIiwgXCJzc29fcmVnaW9uXCIsIGAgK1xuICAgICAgICBgXCJzc29fcm9sZV9uYW1lXCIsIFwic3NvX3N0YXJ0X3VybFwiLiBSZWZlcmVuY2U6IGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9jbGkvbGF0ZXN0L3VzZXJndWlkZS9jbGktY29uZmlndXJlLXNzby5odG1sYCxcbiAgICAgIFNIT1VMRF9GQUlMX0NSRURFTlRJQUxfQ0hBSU5cbiAgICApO1xuICB9XG4gIGNvbnN0IGhhc2hlciA9IGNyZWF0ZUhhc2goXCJzaGExXCIpO1xuICBjb25zdCBjYWNoZU5hbWUgPSBoYXNoZXIudXBkYXRlKHN0YXJ0VXJsKS5kaWdlc3QoXCJoZXhcIik7XG4gIGNvbnN0IHRva2VuRmlsZSA9IGpvaW4oZ2V0SG9tZURpcigpLCBcIi5hd3NcIiwgXCJzc29cIiwgXCJjYWNoZVwiLCBgJHtjYWNoZU5hbWV9Lmpzb25gKTtcbiAgbGV0IHRva2VuOiBTU09Ub2tlbjtcbiAgdHJ5IHtcbiAgICB0b2tlbiA9IEpTT04ucGFyc2UocmVhZEZpbGVTeW5jKHRva2VuRmlsZSwgeyBlbmNvZGluZzogXCJ1dGYtOFwiIH0pKTtcbiAgICBpZiAobmV3IERhdGUodG9rZW4uZXhwaXJlc0F0KS5nZXRUaW1lKCkgLSBEYXRlLm5vdygpIDw9IEVYUElSRV9XSU5ET1dfTVMpIHtcbiAgICAgIHRocm93IG5ldyBFcnJvcihcIlNTTyB0b2tlbiBpcyBleHBpcmVkLlwiKTtcbiAgICB9XG4gIH0gY2F0Y2ggKGUpIHtcbiAgICB0aHJvdyBuZXcgQ3JlZGVudGlhbHNQcm92aWRlckVycm9yKFxuICAgICAgYFRoZSBTU08gc2Vzc2lvbiBhc3NvY2lhdGVkIHdpdGggdGhpcyBwcm9maWxlIGhhcyBleHBpcmVkIG9yIGlzIG90aGVyd2lzZSBpbnZhbGlkLiBUbyByZWZyZXNoIHRoaXMgU1NPIHNlc3Npb24gYCArXG4gICAgICAgIGBydW4gYXdzIHNzbyBsb2dpbiB3aXRoIHRoZSBjb3JyZXNwb25kaW5nIHByb2ZpbGUuYCxcbiAgICAgIFNIT1VMRF9GQUlMX0NSRURFTlRJQUxfQ0hBSU5cbiAgICApO1xuICB9XG4gIGNvbnN0IHsgYWNjZXNzVG9rZW4gfSA9IHRva2VuO1xuICBjb25zdCBzc28gPSBvcHRpb25zLnNzb0NsaWVudCB8fCBuZXcgU1NPQ2xpZW50KHsgcmVnaW9uIH0pO1xuICBsZXQgc3NvUmVzcDogR2V0Um9sZUNyZWRlbnRpYWxzQ29tbWFuZE91dHB1dDtcbiAgdHJ5IHtcbiAgICBzc29SZXNwID0gYXdhaXQgc3NvLnNlbmQoXG4gICAgICBuZXcgR2V0Um9sZUNyZWRlbnRpYWxzQ29tbWFuZCh7XG4gICAgICAgIGFjY291bnRJZCxcbiAgICAgICAgcm9sZU5hbWUsXG4gICAgICAgIGFjY2Vzc1Rva2VuLFxuICAgICAgfSlcbiAgICApO1xuICB9IGNhdGNoIChlKSB7XG4gICAgdGhyb3cgQ3JlZGVudGlhbHNQcm92aWRlckVycm9yLmZyb20oZSwgU0hPVUxEX0ZBSUxfQ1JFREVOVElBTF9DSEFJTik7XG4gIH1cbiAgY29uc3QgeyByb2xlQ3JlZGVudGlhbHM6IHsgYWNjZXNzS2V5SWQsIHNlY3JldEFjY2Vzc0tleSwgc2Vzc2lvblRva2VuLCBleHBpcmF0aW9uIH0gPSB7fSB9ID0gc3NvUmVzcDtcbiAgaWYgKCFhY2Nlc3NLZXlJZCB8fCAhc2VjcmV0QWNjZXNzS2V5IHx8ICFzZXNzaW9uVG9rZW4gfHwgIWV4cGlyYXRpb24pIHtcbiAgICB0aHJvdyBuZXcgQ3JlZGVudGlhbHNQcm92aWRlckVycm9yKFwiU1NPIHJldHVybnMgYW4gaW52YWxpZCB0ZW1wb3JhcnkgY3JlZGVudGlhbC5cIiwgU0hPVUxEX0ZBSUxfQ1JFREVOVElBTF9DSEFJTik7XG4gIH1cbiAgcmV0dXJuIHsgYWNjZXNzS2V5SWQsIHNlY3JldEFjY2Vzc0tleSwgc2Vzc2lvblRva2VuLCBleHBpcmF0aW9uOiBuZXcgRGF0ZShleHBpcmF0aW9uKSB9O1xufTtcbiJdfQ== | ||
| /** | ||
| * @internal | ||
| */ | ||
| const validateSsoProfile = (profile) => { | ||
| const { sso_start_url, sso_account_id, sso_region, sso_role_name } = profile; | ||
| if (!sso_start_url || !sso_account_id || !sso_region || !sso_role_name) { | ||
| throw new property_provider_1.CredentialsProviderError(`Profile is configured with invalid SSO credentials. Required parameters "sso_account_id", "sso_region", ` + | ||
| `"sso_role_name", "sso_start_url". Got ${Object.keys(profile).join(", ")}\nReference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`, SHOULD_FAIL_CREDENTIAL_CHAIN); | ||
| } | ||
| return profile; | ||
| }; | ||
| exports.validateSsoProfile = validateSsoProfile; | ||
| /** | ||
| * @internal | ||
| */ | ||
| const isSsoProfile = (arg) => arg && | ||
| (typeof arg.sso_start_url === "string" || | ||
| typeof arg.sso_account_id === "string" || | ||
| typeof arg.sso_region === "string" || | ||
| typeof arg.sso_role_name === "string"); | ||
| exports.isSsoProfile = isSsoProfile; | ||
| //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsb0RBQTRHO0FBQzVHLGtFQUFzRTtBQUN0RSw0RUFBc0U7QUFFdEUsZ0VBQXFHO0FBQ3JHLG1DQUFvQztBQUNwQywyQkFBa0M7QUFDbEMsK0JBQTRCO0FBRTVCOzs7OztHQUtHO0FBQ1UsUUFBQSxnQkFBZ0IsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQztBQUUvQyxNQUFNLDRCQUE0QixHQUFHLEtBQUssQ0FBQztBQXVDM0M7OztHQUdHO0FBQ0ksTUFBTSxPQUFPLEdBQ2xCLENBQUMsT0FBd0QsRUFBUyxFQUFzQixFQUFFLENBQzFGLEtBQUssSUFBSSxFQUFFO0lBQ1QsTUFBTSxFQUFFLFdBQVcsRUFBRSxZQUFZLEVBQUUsU0FBUyxFQUFFLFdBQVcsRUFBRSxTQUFTLEVBQUUsR0FBRyxJQUFJLENBQUM7SUFDOUUsSUFBSSxDQUFDLFdBQVcsSUFBSSxDQUFDLFlBQVksSUFBSSxDQUFDLFNBQVMsSUFBSSxDQUFDLFdBQVcsRUFBRTtRQUMvRCxtREFBbUQ7UUFDbkQsTUFBTSxRQUFRLEdBQUcsTUFBTSxrQ0FBZSxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQzdDLE1BQU0sV0FBVyxHQUFHLHVDQUFvQixDQUFDLElBQUksQ0FBQyxDQUFDO1FBQy9DLE1BQU0sT0FBTyxHQUFHLFFBQVEsQ0FBQyxXQUFXLENBQUMsQ0FBQztRQUN0QyxJQUFJLENBQUMsb0JBQVksQ0FBQyxPQUFPLENBQUMsRUFBRTtZQUMxQixNQUFNLElBQUksNENBQXdCLENBQUMsV0FBVyxXQUFXLDBDQUEwQyxDQUFDLENBQUM7U0FDdEc7UUFDRCxNQUFNLEVBQUUsYUFBYSxFQUFFLGNBQWMsRUFBRSxVQUFVLEVBQUUsYUFBYSxFQUFFLEdBQUcsMEJBQWtCLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDakcsT0FBTyxxQkFBcUIsQ0FBQztZQUMzQixXQUFXLEVBQUUsYUFBYTtZQUMxQixZQUFZLEVBQUUsY0FBYztZQUM1QixTQUFTLEVBQUUsVUFBVTtZQUNyQixXQUFXLEVBQUUsYUFBYTtZQUMxQixTQUFTLEVBQUUsU0FBUztTQUNyQixDQUFDLENBQUM7S0FDSjtTQUFNLElBQUksQ0FBQyxXQUFXLElBQUksQ0FBQyxZQUFZLElBQUksQ0FBQyxTQUFTLElBQUksQ0FBQyxXQUFXLEVBQUU7UUFDdEUsTUFBTSxJQUFJLDRDQUF3QixDQUNoQyxtRkFBbUY7WUFDakYsNkNBQTZDLENBQ2hELENBQUM7S0FDSDtTQUFNO1FBQ0wsT0FBTyxxQkFBcUIsQ0FBQyxFQUFFLFdBQVcsRUFBRSxZQUFZLEVBQUUsU0FBUyxFQUFFLFdBQVcsRUFBRSxTQUFTLEVBQUUsQ0FBQyxDQUFDO0tBQ2hHO0FBQ0gsQ0FBQyxDQUFDO0FBNUJTLFFBQUEsT0FBTyxXQTRCaEI7QUFFSixNQUFNLHFCQUFxQixHQUFHLEtBQUssRUFBRSxFQUNuQyxXQUFXLEVBQ1gsWUFBWSxFQUNaLFNBQVMsRUFDVCxXQUFXLEVBQ1gsU0FBUyxHQUM4QixFQUF3QixFQUFFO0lBQ2pFLE1BQU0sTUFBTSxHQUFHLG1CQUFVLENBQUMsTUFBTSxDQUFDLENBQUM7SUFDbEMsTUFBTSxTQUFTLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQyxXQUFXLENBQUMsQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLENBQUM7SUFDM0QsTUFBTSxTQUFTLEdBQUcsV0FBSSxDQUFDLG1DQUFVLEVBQUUsRUFBRSxNQUFNLEVBQUUsS0FBSyxFQUFFLE9BQU8sRUFBRSxHQUFHLFNBQVMsT0FBTyxDQUFDLENBQUM7SUFDbEYsSUFBSSxLQUFlLENBQUM7SUFDcEIsSUFBSTtRQUNGLEtBQUssR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLGlCQUFZLENBQUMsU0FBUyxFQUFFLEVBQUUsUUFBUSxFQUFFLE9BQU8sRUFBRSxDQUFDLENBQUMsQ0FBQztRQUNuRSxJQUFJLElBQUksSUFBSSxDQUFDLEtBQUssQ0FBQyxTQUFTLENBQUMsQ0FBQyxPQUFPLEVBQUUsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLElBQUksd0JBQWdCLEVBQUU7WUFDeEUsTUFBTSxJQUFJLEtBQUssQ0FBQyx1QkFBdUIsQ0FBQyxDQUFDO1NBQzFDO0tBQ0Y7SUFBQyxPQUFPLENBQUMsRUFBRTtRQUNWLE1BQU0sSUFBSSw0Q0FBd0IsQ0FDaEMsZ0hBQWdIO1lBQzlHLG1EQUFtRCxFQUNyRCw0QkFBNEIsQ0FDN0IsQ0FBQztLQUNIO0lBQ0QsTUFBTSxFQUFFLFdBQVcsRUFBRSxHQUFHLEtBQUssQ0FBQztJQUM5QixNQUFNLEdBQUcsR0FBRyxTQUFTLElBQUksSUFBSSxzQkFBUyxDQUFDLEVBQUUsTUFBTSxFQUFFLFNBQVMsRUFBRSxDQUFDLENBQUM7SUFDOUQsSUFBSSxPQUF3QyxDQUFDO0lBQzdDLElBQUk7UUFDRixPQUFPLEdBQUcsTUFBTSxHQUFHLENBQUMsSUFBSSxDQUN0QixJQUFJLHNDQUF5QixDQUFDO1lBQzVCLFNBQVMsRUFBRSxZQUFZO1lBQ3ZCLFFBQVEsRUFBRSxXQUFXO1lBQ3JCLFdBQVc7U0FDWixDQUFDLENBQ0gsQ0FBQztLQUNIO0lBQUMsT0FBTyxDQUFDLEVBQUU7UUFDVixNQUFNLDRDQUF3QixDQUFDLElBQUksQ0FBQyxDQUFDLEVBQUUsNEJBQTRCLENBQUMsQ0FBQztLQUN0RTtJQUNELE1BQU0sRUFBRSxlQUFlLEVBQUUsRUFBRSxXQUFXLEVBQUUsZUFBZSxFQUFFLFlBQVksRUFBRSxVQUFVLEVBQUUsR0FBRyxFQUFFLEVBQUUsR0FBRyxPQUFPLENBQUM7SUFDckcsSUFBSSxDQUFDLFdBQVcsSUFBSSxDQUFDLGVBQWUsSUFBSSxDQUFDLFlBQVksSUFBSSxDQUFDLFVBQVUsRUFBRTtRQUNwRSxNQUFNLElBQUksNENBQXdCLENBQUMsOENBQThDLEVBQUUsNEJBQTRCLENBQUMsQ0FBQztLQUNsSDtJQUNELE9BQU8sRUFBRSxXQUFXLEVBQUUsZUFBZSxFQUFFLFlBQVksRUFBRSxVQUFVLEVBQUUsSUFBSSxJQUFJLENBQUMsVUFBVSxDQUFDLEVBQUUsQ0FBQztBQUMxRixDQUFDLENBQUM7QUFZRjs7R0FFRztBQUNJLE1BQU0sa0JBQWtCLEdBQUcsQ0FBQyxPQUE0QixFQUFjLEVBQUU7SUFDN0UsTUFBTSxFQUFFLGFBQWEsRUFBRSxjQUFjLEVBQUUsVUFBVSxFQUFFLGFBQWEsRUFBRSxHQUFHLE9BQU8sQ0FBQztJQUM3RSxJQUFJLENBQUMsYUFBYSxJQUFJLENBQUMsY0FBYyxJQUFJLENBQUMsVUFBVSxJQUFJLENBQUMsYUFBYSxFQUFFO1FBQ3RFLE1BQU0sSUFBSSw0Q0FBd0IsQ0FDaEMsMEdBQTBHO1lBQ3hHLHlDQUF5QyxNQUFNLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFDLElBQUksQ0FDaEUsSUFBSSxDQUNMLHNGQUFzRixFQUN6Riw0QkFBNEIsQ0FDN0IsQ0FBQztLQUNIO0lBQ0QsT0FBTyxPQUFxQixDQUFDO0FBQy9CLENBQUMsQ0FBQztBQVpXLFFBQUEsa0JBQWtCLHNCQVk3QjtBQUVGOztHQUVHO0FBQ0ksTUFBTSxZQUFZLEdBQUcsQ0FBQyxHQUFZLEVBQThCLEVBQUUsQ0FDdkUsR0FBRztJQUNILENBQUMsT0FBTyxHQUFHLENBQUMsYUFBYSxLQUFLLFFBQVE7UUFDcEMsT0FBTyxHQUFHLENBQUMsY0FBYyxLQUFLLFFBQVE7UUFDdEMsT0FBTyxHQUFHLENBQUMsVUFBVSxLQUFLLFFBQVE7UUFDbEMsT0FBTyxHQUFHLENBQUMsYUFBYSxLQUFLLFFBQVEsQ0FBQyxDQUFDO0FBTDlCLFFBQUEsWUFBWSxnQkFLa0IiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBHZXRSb2xlQ3JlZGVudGlhbHNDb21tYW5kLCBHZXRSb2xlQ3JlZGVudGlhbHNDb21tYW5kT3V0cHV0LCBTU09DbGllbnQgfSBmcm9tIFwiQGF3cy1zZGsvY2xpZW50LXNzb1wiO1xuaW1wb3J0IHsgQ3JlZGVudGlhbHNQcm92aWRlckVycm9yIH0gZnJvbSBcIkBhd3Mtc2RrL3Byb3BlcnR5LXByb3ZpZGVyXCI7XG5pbXBvcnQgeyBnZXRIb21lRGlyLCBQcm9maWxlIH0gZnJvbSBcIkBhd3Mtc2RrL3NoYXJlZC1pbmktZmlsZS1sb2FkZXJcIjtcbmltcG9ydCB7IENyZWRlbnRpYWxQcm92aWRlciwgQ3JlZGVudGlhbHMgfSBmcm9tIFwiQGF3cy1zZGsvdHlwZXNcIjtcbmltcG9ydCB7IGdldE1hc3RlclByb2ZpbGVOYW1lLCBwYXJzZUtub3duRmlsZXMsIFNvdXJjZVByb2ZpbGVJbml0IH0gZnJvbSBcIkBhd3Mtc2RrL3V0aWwtY3JlZGVudGlhbHNcIjtcbmltcG9ydCB7IGNyZWF0ZUhhc2ggfSBmcm9tIFwiY3J5cHRvXCI7XG5pbXBvcnQgeyByZWFkRmlsZVN5bmMgfSBmcm9tIFwiZnNcIjtcbmltcG9ydCB7IGpvaW4gfSBmcm9tIFwicGF0aFwiO1xuXG4vKipcbiAqIFRoZSB0aW1lIHdpbmRvdyAoMTUgbWlucykgdGhhdCBTREsgd2lsbCB0cmVhdCB0aGUgU1NPIHRva2VuIGV4cGlyZXMgaW4gYmVmb3JlIHRoZSBkZWZpbmVkIGV4cGlyYXRpb24gZGF0ZSBpbiB0b2tlbi5cbiAqIFRoaXMgaXMgbmVlZGVkIGJlY2F1c2Ugc2VydmVyIHNpZGUgbWF5IGhhdmUgaW52YWxpZGF0ZWQgdGhlIHRva2VuIGJlZm9yZSB0aGUgZGVmaW5lZCBleHBpcmF0aW9uIGRhdGUuXG4gKlxuICogQGludGVybmFsXG4gKi9cbmV4cG9ydCBjb25zdCBFWFBJUkVfV0lORE9XX01TID0gMTUgKiA2MCAqIDEwMDA7XG5cbmNvbnN0IFNIT1VMRF9GQUlMX0NSRURFTlRJQUxfQ0hBSU4gPSBmYWxzZTtcblxuLyoqXG4gKiBDYWNoZWQgU1NPIHRva2VuIHJldHJpZXZlZCBmcm9tIFNTTyBsb2dpbiBmbG93LlxuICovXG5pbnRlcmZhY2UgU1NPVG9rZW4ge1xuICAvLyBBIGJhc2U2NCBlbmNvZGVkIHN0cmluZyByZXR1cm5lZCBieSB0aGUgc3NvLW9pZGMgc2VydmljZS5cbiAgYWNjZXNzVG9rZW46IHN0cmluZztcbiAgLy8gUkZDMzMzOSBmb3JtYXQgdGltZXN0YW1wXG4gIGV4cGlyZXNBdDogc3RyaW5nO1xuICByZWdpb24/OiBzdHJpbmc7XG4gIHN0YXJ0VXJsPzogc3RyaW5nO1xufVxuXG5leHBvcnQgaW50ZXJmYWNlIFNzb0NyZWRlbnRpYWxzUGFyYW1ldGVycyB7XG4gIC8qKlxuICAgKiBUaGUgVVJMIHRvIHRoZSBBV1MgU1NPIHNlcnZpY2UuXG4gICAqL1xuICBzc29TdGFydFVybDogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBUaGUgSUQgb2YgdGhlIEFXUyBhY2NvdW50IHRvIHVzZSBmb3IgdGVtcG9yYXJ5IGNyZWRlbnRpYWxzLlxuICAgKi9cbiAgc3NvQWNjb3VudElkOiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIFRoZSBBV1MgcmVnaW9uIHRvIHVzZSBmb3IgdGVtcG9yYXJ5IGNyZWRlbnRpYWxzLlxuICAgKi9cbiAgc3NvUmVnaW9uOiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIFRoZSBuYW1lIG9mIHRoZSBBV1Mgcm9sZSB0byBhc3N1bWUuXG4gICAqL1xuICBzc29Sb2xlTmFtZTogc3RyaW5nO1xufVxuZXhwb3J0IGludGVyZmFjZSBGcm9tU1NPSW5pdCBleHRlbmRzIFNvdXJjZVByb2ZpbGVJbml0IHtcbiAgc3NvQ2xpZW50PzogU1NPQ2xpZW50O1xufVxuXG4vKipcbiAqIENyZWF0ZXMgYSBjcmVkZW50aWFsIHByb3ZpZGVyIHRoYXQgd2lsbCByZWFkIGZyb20gYSBjcmVkZW50aWFsX3Byb2Nlc3Mgc3BlY2lmaWVkXG4gKiBpbiBpbmkgZmlsZXMuXG4gKi9cbmV4cG9ydCBjb25zdCBmcm9tU1NPID1cbiAgKGluaXQ6IEZyb21TU09Jbml0ICYgUGFydGlhbDxTc29DcmVkZW50aWFsc1BhcmFtZXRlcnM+ID0ge30gYXMgYW55KTogQ3JlZGVudGlhbFByb3ZpZGVyID0+XG4gIGFzeW5jICgpID0+IHtcbiAgICBjb25zdCB7IHNzb1N0YXJ0VXJsLCBzc29BY2NvdW50SWQsIHNzb1JlZ2lvbiwgc3NvUm9sZU5hbWUsIHNzb0NsaWVudCB9ID0gaW5pdDtcbiAgICBpZiAoIXNzb1N0YXJ0VXJsICYmICFzc29BY2NvdW50SWQgJiYgIXNzb1JlZ2lvbiAmJiAhc3NvUm9sZU5hbWUpIHtcbiAgICAgIC8vIExvYWQgdGhlIFNTTyBjb25maWcgZnJvbSBzaGFyZWQgQVdTIGNvbmZpZyBmaWxlLlxuICAgICAgY29uc3QgcHJvZmlsZXMgPSBhd2FpdCBwYXJzZUtub3duRmlsZXMoaW5pdCk7XG4gICAgICBjb25zdCBwcm9maWxlTmFtZSA9IGdldE1hc3RlclByb2ZpbGVOYW1lKGluaXQpO1xuICAgICAgY29uc3QgcHJvZmlsZSA9IHByb2ZpbGVzW3Byb2ZpbGVOYW1lXTtcbiAgICAgIGlmICghaXNTc29Qcm9maWxlKHByb2ZpbGUpKSB7XG4gICAgICAgIHRocm93IG5ldyBDcmVkZW50aWFsc1Byb3ZpZGVyRXJyb3IoYFByb2ZpbGUgJHtwcm9maWxlTmFtZX0gaXMgbm90IGNvbmZpZ3VyZWQgd2l0aCBTU08gY3JlZGVudGlhbHMuYCk7XG4gICAgICB9XG4gICAgICBjb25zdCB7IHNzb19zdGFydF91cmwsIHNzb19hY2NvdW50X2lkLCBzc29fcmVnaW9uLCBzc29fcm9sZV9uYW1lIH0gPSB2YWxpZGF0ZVNzb1Byb2ZpbGUocHJvZmlsZSk7XG4gICAgICByZXR1cm4gcmVzb2x2ZVNTT0NyZWRlbnRpYWxzKHtcbiAgICAgICAgc3NvU3RhcnRVcmw6IHNzb19zdGFydF91cmwsXG4gICAgICAgIHNzb0FjY291bnRJZDogc3NvX2FjY291bnRfaWQsXG4gICAgICAgIHNzb1JlZ2lvbjogc3NvX3JlZ2lvbixcbiAgICAgICAgc3NvUm9sZU5hbWU6IHNzb19yb2xlX25hbWUsXG4gICAgICAgIHNzb0NsaWVudDogc3NvQ2xpZW50LFxuICAgICAgfSk7XG4gICAgfSBlbHNlIGlmICghc3NvU3RhcnRVcmwgfHwgIXNzb0FjY291bnRJZCB8fCAhc3NvUmVnaW9uIHx8ICFzc29Sb2xlTmFtZSkge1xuICAgICAgdGhyb3cgbmV3IENyZWRlbnRpYWxzUHJvdmlkZXJFcnJvcihcbiAgICAgICAgJ0luY29tcGxldGUgY29uZmlndXJhdGlvbi4gVGhlIGZyb21TU08oKSBhcmd1bWVudCBoYXNoIG11c3QgaW5jbHVkZSBcInNzb1N0YXJ0VXJsXCIsJyArXG4gICAgICAgICAgJyBcInNzb0FjY291bnRJZFwiLCBcInNzb1JlZ2lvblwiLCBcInNzb1JvbGVOYW1lXCInXG4gICAgICApO1xuICAgIH0gZWxzZSB7XG4gICAgICByZXR1cm4gcmVzb2x2ZVNTT0NyZWRlbnRpYWxzKHsgc3NvU3RhcnRVcmwsIHNzb0FjY291bnRJZCwgc3NvUmVnaW9uLCBzc29Sb2xlTmFtZSwgc3NvQ2xpZW50IH0pO1xuICAgIH1cbiAgfTtcblxuY29uc3QgcmVzb2x2ZVNTT0NyZWRlbnRpYWxzID0gYXN5bmMgKHtcbiAgc3NvU3RhcnRVcmwsXG4gIHNzb0FjY291bnRJZCxcbiAgc3NvUmVnaW9uLFxuICBzc29Sb2xlTmFtZSxcbiAgc3NvQ2xpZW50LFxufTogRnJvbVNTT0luaXQgJiBTc29DcmVkZW50aWFsc1BhcmFtZXRlcnMpOiBQcm9taXNlPENyZWRlbnRpYWxzPiA9PiB7XG4gIGNvbnN0IGhhc2hlciA9IGNyZWF0ZUhhc2goXCJzaGExXCIpO1xuICBjb25zdCBjYWNoZU5hbWUgPSBoYXNoZXIudXBkYXRlKHNzb1N0YXJ0VXJsKS5kaWdlc3QoXCJoZXhcIik7XG4gIGNvbnN0IHRva2VuRmlsZSA9IGpvaW4oZ2V0SG9tZURpcigpLCBcIi5hd3NcIiwgXCJzc29cIiwgXCJjYWNoZVwiLCBgJHtjYWNoZU5hbWV9Lmpzb25gKTtcbiAgbGV0IHRva2VuOiBTU09Ub2tlbjtcbiAgdHJ5IHtcbiAgICB0b2tlbiA9IEpTT04ucGFyc2UocmVhZEZpbGVTeW5jKHRva2VuRmlsZSwgeyBlbmNvZGluZzogXCJ1dGYtOFwiIH0pKTtcbiAgICBpZiAobmV3IERhdGUodG9rZW4uZXhwaXJlc0F0KS5nZXRUaW1lKCkgLSBEYXRlLm5vdygpIDw9IEVYUElSRV9XSU5ET1dfTVMpIHtcbiAgICAgIHRocm93IG5ldyBFcnJvcihcIlNTTyB0b2tlbiBpcyBleHBpcmVkLlwiKTtcbiAgICB9XG4gIH0gY2F0Y2ggKGUpIHtcbiAgICB0aHJvdyBuZXcgQ3JlZGVudGlhbHNQcm92aWRlckVycm9yKFxuICAgICAgYFRoZSBTU08gc2Vzc2lvbiBhc3NvY2lhdGVkIHdpdGggdGhpcyBwcm9maWxlIGhhcyBleHBpcmVkIG9yIGlzIG90aGVyd2lzZSBpbnZhbGlkLiBUbyByZWZyZXNoIHRoaXMgU1NPIHNlc3Npb24gYCArXG4gICAgICAgIGBydW4gYXdzIHNzbyBsb2dpbiB3aXRoIHRoZSBjb3JyZXNwb25kaW5nIHByb2ZpbGUuYCxcbiAgICAgIFNIT1VMRF9GQUlMX0NSRURFTlRJQUxfQ0hBSU5cbiAgICApO1xuICB9XG4gIGNvbnN0IHsgYWNjZXNzVG9rZW4gfSA9IHRva2VuO1xuICBjb25zdCBzc28gPSBzc29DbGllbnQgfHwgbmV3IFNTT0NsaWVudCh7IHJlZ2lvbjogc3NvUmVnaW9uIH0pO1xuICBsZXQgc3NvUmVzcDogR2V0Um9sZUNyZWRlbnRpYWxzQ29tbWFuZE91dHB1dDtcbiAgdHJ5IHtcbiAgICBzc29SZXNwID0gYXdhaXQgc3NvLnNlbmQoXG4gICAgICBuZXcgR2V0Um9sZUNyZWRlbnRpYWxzQ29tbWFuZCh7XG4gICAgICAgIGFjY291bnRJZDogc3NvQWNjb3VudElkLFxuICAgICAgICByb2xlTmFtZTogc3NvUm9sZU5hbWUsXG4gICAgICAgIGFjY2Vzc1Rva2VuLFxuICAgICAgfSlcbiAgICApO1xuICB9IGNhdGNoIChlKSB7XG4gICAgdGhyb3cgQ3JlZGVudGlhbHNQcm92aWRlckVycm9yLmZyb20oZSwgU0hPVUxEX0ZBSUxfQ1JFREVOVElBTF9DSEFJTik7XG4gIH1cbiAgY29uc3QgeyByb2xlQ3JlZGVudGlhbHM6IHsgYWNjZXNzS2V5SWQsIHNlY3JldEFjY2Vzc0tleSwgc2Vzc2lvblRva2VuLCBleHBpcmF0aW9uIH0gPSB7fSB9ID0gc3NvUmVzcDtcbiAgaWYgKCFhY2Nlc3NLZXlJZCB8fCAhc2VjcmV0QWNjZXNzS2V5IHx8ICFzZXNzaW9uVG9rZW4gfHwgIWV4cGlyYXRpb24pIHtcbiAgICB0aHJvdyBuZXcgQ3JlZGVudGlhbHNQcm92aWRlckVycm9yKFwiU1NPIHJldHVybnMgYW4gaW52YWxpZCB0ZW1wb3JhcnkgY3JlZGVudGlhbC5cIiwgU0hPVUxEX0ZBSUxfQ1JFREVOVElBTF9DSEFJTik7XG4gIH1cbiAgcmV0dXJuIHsgYWNjZXNzS2V5SWQsIHNlY3JldEFjY2Vzc0tleSwgc2Vzc2lvblRva2VuLCBleHBpcmF0aW9uOiBuZXcgRGF0ZShleHBpcmF0aW9uKSB9O1xufTtcblxuLyoqXG4gKiBAaW50ZXJuYWxcbiAqL1xuZXhwb3J0IGludGVyZmFjZSBTc29Qcm9maWxlIGV4dGVuZHMgUHJvZmlsZSB7XG4gIHNzb19zdGFydF91cmw6IHN0cmluZztcbiAgc3NvX2FjY291bnRfaWQ6IHN0cmluZztcbiAgc3NvX3JlZ2lvbjogc3RyaW5nO1xuICBzc29fcm9sZV9uYW1lOiBzdHJpbmc7XG59XG5cbi8qKlxuICogQGludGVybmFsXG4gKi9cbmV4cG9ydCBjb25zdCB2YWxpZGF0ZVNzb1Byb2ZpbGUgPSAocHJvZmlsZTogUGFydGlhbDxTc29Qcm9maWxlPik6IFNzb1Byb2ZpbGUgPT4ge1xuICBjb25zdCB7IHNzb19zdGFydF91cmwsIHNzb19hY2NvdW50X2lkLCBzc29fcmVnaW9uLCBzc29fcm9sZV9uYW1lIH0gPSBwcm9maWxlO1xuICBpZiAoIXNzb19zdGFydF91cmwgfHwgIXNzb19hY2NvdW50X2lkIHx8ICFzc29fcmVnaW9uIHx8ICFzc29fcm9sZV9uYW1lKSB7XG4gICAgdGhyb3cgbmV3IENyZWRlbnRpYWxzUHJvdmlkZXJFcnJvcihcbiAgICAgIGBQcm9maWxlIGlzIGNvbmZpZ3VyZWQgd2l0aCBpbnZhbGlkIFNTTyBjcmVkZW50aWFscy4gUmVxdWlyZWQgcGFyYW1ldGVycyBcInNzb19hY2NvdW50X2lkXCIsIFwic3NvX3JlZ2lvblwiLCBgICtcbiAgICAgICAgYFwic3NvX3JvbGVfbmFtZVwiLCBcInNzb19zdGFydF91cmxcIi4gR290ICR7T2JqZWN0LmtleXMocHJvZmlsZSkuam9pbihcbiAgICAgICAgICBcIiwgXCJcbiAgICAgICAgKX1cXG5SZWZlcmVuY2U6IGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9jbGkvbGF0ZXN0L3VzZXJndWlkZS9jbGktY29uZmlndXJlLXNzby5odG1sYCxcbiAgICAgIFNIT1VMRF9GQUlMX0NSRURFTlRJQUxfQ0hBSU5cbiAgICApO1xuICB9XG4gIHJldHVybiBwcm9maWxlIGFzIFNzb1Byb2ZpbGU7XG59O1xuXG4vKipcbiAqIEBpbnRlcm5hbFxuICovXG5leHBvcnQgY29uc3QgaXNTc29Qcm9maWxlID0gKGFyZzogUHJvZmlsZSk6IGFyZyBpcyBQYXJ0aWFsPFNzb1Byb2ZpbGU+ID0+XG4gIGFyZyAmJlxuICAodHlwZW9mIGFyZy5zc29fc3RhcnRfdXJsID09PSBcInN0cmluZ1wiIHx8XG4gICAgdHlwZW9mIGFyZy5zc29fYWNjb3VudF9pZCA9PT0gXCJzdHJpbmdcIiB8fFxuICAgIHR5cGVvZiBhcmcuc3NvX3JlZ2lvbiA9PT0gXCJzdHJpbmdcIiB8fFxuICAgIHR5cGVvZiBhcmcuc3NvX3JvbGVfbmFtZSA9PT0gXCJzdHJpbmdcIik7XG4iXX0= |
| import { __awaiter, __generator } from "tslib"; | ||
| import { GetRoleCredentialsCommand, SSOClient } from "@aws-sdk/client-sso"; | ||
| import { getMasterProfileName, parseKnownFiles } from "@aws-sdk/credential-provider-ini"; | ||
| import { CredentialsProviderError } from "@aws-sdk/property-provider"; | ||
| import { getHomeDir } from "@aws-sdk/shared-ini-file-loader"; | ||
| import { getMasterProfileName, parseKnownFiles } from "@aws-sdk/util-credentials"; | ||
| import { createHash } from "crypto"; | ||
@@ -24,9 +24,34 @@ import { readFileSync } from "fs"; | ||
| return function () { return __awaiter(void 0, void 0, void 0, function () { | ||
| var profiles; | ||
| return __generator(this, function (_a) { | ||
| switch (_a.label) { | ||
| case 0: return [4 /*yield*/, parseKnownFiles(init)]; | ||
| var ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoClient, profiles, profileName, profile, _a, sso_start_url, sso_account_id, sso_region, sso_role_name; | ||
| return __generator(this, function (_b) { | ||
| switch (_b.label) { | ||
| case 0: | ||
| ssoStartUrl = init.ssoStartUrl, ssoAccountId = init.ssoAccountId, ssoRegion = init.ssoRegion, ssoRoleName = init.ssoRoleName, ssoClient = init.ssoClient; | ||
| if (!(!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName)) return [3 /*break*/, 2]; | ||
| return [4 /*yield*/, parseKnownFiles(init)]; | ||
| case 1: | ||
| profiles = _a.sent(); | ||
| return [2 /*return*/, resolveSSOCredentials(getMasterProfileName(init), profiles, init)]; | ||
| profiles = _b.sent(); | ||
| profileName = getMasterProfileName(init); | ||
| profile = profiles[profileName]; | ||
| if (!isSsoProfile(profile)) { | ||
| throw new CredentialsProviderError("Profile " + profileName + " is not configured with SSO credentials."); | ||
| } | ||
| _a = validateSsoProfile(profile), sso_start_url = _a.sso_start_url, sso_account_id = _a.sso_account_id, sso_region = _a.sso_region, sso_role_name = _a.sso_role_name; | ||
| return [2 /*return*/, resolveSSOCredentials({ | ||
| ssoStartUrl: sso_start_url, | ||
| ssoAccountId: sso_account_id, | ||
| ssoRegion: sso_region, | ||
| ssoRoleName: sso_role_name, | ||
| ssoClient: ssoClient, | ||
| })]; | ||
| case 2: | ||
| if (!ssoStartUrl || !ssoAccountId || !ssoRegion || !ssoRoleName) { | ||
| throw new CredentialsProviderError('Incomplete configuration. The fromSSO() argument hash must include "ssoStartUrl",' + | ||
| ' "ssoAccountId", "ssoRegion", "ssoRoleName"'); | ||
| } | ||
| else { | ||
| return [2 /*return*/, resolveSSOCredentials({ ssoStartUrl: ssoStartUrl, ssoAccountId: ssoAccountId, ssoRegion: ssoRegion, ssoRoleName: ssoRoleName, ssoClient: ssoClient })]; | ||
| } | ||
| _b.label = 3; | ||
| case 3: return [2 /*return*/]; | ||
| } | ||
@@ -36,57 +61,69 @@ }); | ||
| }; | ||
| var resolveSSOCredentials = function (profileName, profiles, options) { return __awaiter(void 0, void 0, void 0, function () { | ||
| var profile, startUrl, accountId, region, roleName, hasher, cacheName, tokenFile, token, accessToken, sso, ssoResp, e_1, _a, _b, accessKeyId, secretAccessKey, sessionToken, expiration; | ||
| return __generator(this, function (_c) { | ||
| switch (_c.label) { | ||
| case 0: | ||
| profile = profiles[profileName]; | ||
| if (!profile) { | ||
| throw new CredentialsProviderError("Profile " + profileName + " could not be found in shared credentials file."); | ||
| } | ||
| startUrl = profile.sso_start_url, accountId = profile.sso_account_id, region = profile.sso_region, roleName = profile.sso_role_name; | ||
| if (!startUrl && !accountId && !region && !roleName) { | ||
| throw new CredentialsProviderError("Profile " + profileName + " is not configured with SSO credentials."); | ||
| } | ||
| if (!startUrl || !accountId || !region || !roleName) { | ||
| throw new CredentialsProviderError("Profile " + profileName + " does not have valid SSO credentials. Required parameters \"sso_account_id\", \"sso_region\", " + | ||
| "\"sso_role_name\", \"sso_start_url\". Reference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html", SHOULD_FAIL_CREDENTIAL_CHAIN); | ||
| } | ||
| hasher = createHash("sha1"); | ||
| cacheName = hasher.update(startUrl).digest("hex"); | ||
| tokenFile = join(getHomeDir(), ".aws", "sso", "cache", cacheName + ".json"); | ||
| try { | ||
| token = JSON.parse(readFileSync(tokenFile, { encoding: "utf-8" })); | ||
| if (new Date(token.expiresAt).getTime() - Date.now() <= EXPIRE_WINDOW_MS) { | ||
| throw new Error("SSO token is expired."); | ||
| var resolveSSOCredentials = function (_a) { | ||
| var ssoStartUrl = _a.ssoStartUrl, ssoAccountId = _a.ssoAccountId, ssoRegion = _a.ssoRegion, ssoRoleName = _a.ssoRoleName, ssoClient = _a.ssoClient; | ||
| return __awaiter(void 0, void 0, void 0, function () { | ||
| var hasher, cacheName, tokenFile, token, accessToken, sso, ssoResp, e_1, _b, _c, accessKeyId, secretAccessKey, sessionToken, expiration; | ||
| return __generator(this, function (_d) { | ||
| switch (_d.label) { | ||
| case 0: | ||
| hasher = createHash("sha1"); | ||
| cacheName = hasher.update(ssoStartUrl).digest("hex"); | ||
| tokenFile = join(getHomeDir(), ".aws", "sso", "cache", cacheName + ".json"); | ||
| try { | ||
| token = JSON.parse(readFileSync(tokenFile, { encoding: "utf-8" })); | ||
| if (new Date(token.expiresAt).getTime() - Date.now() <= EXPIRE_WINDOW_MS) { | ||
| throw new Error("SSO token is expired."); | ||
| } | ||
| } | ||
| } | ||
| catch (e) { | ||
| throw new CredentialsProviderError("The SSO session associated with this profile has expired or is otherwise invalid. To refresh this SSO session " + | ||
| "run aws sso login with the corresponding profile.", SHOULD_FAIL_CREDENTIAL_CHAIN); | ||
| } | ||
| accessToken = token.accessToken; | ||
| sso = options.ssoClient || new SSOClient({ region: region }); | ||
| _c.label = 1; | ||
| case 1: | ||
| _c.trys.push([1, 3, , 4]); | ||
| return [4 /*yield*/, sso.send(new GetRoleCredentialsCommand({ | ||
| accountId: accountId, | ||
| roleName: roleName, | ||
| accessToken: accessToken, | ||
| }))]; | ||
| case 2: | ||
| ssoResp = _c.sent(); | ||
| return [3 /*break*/, 4]; | ||
| case 3: | ||
| e_1 = _c.sent(); | ||
| throw CredentialsProviderError.from(e_1, SHOULD_FAIL_CREDENTIAL_CHAIN); | ||
| case 4: | ||
| _a = ssoResp.roleCredentials, _b = _a === void 0 ? {} : _a, accessKeyId = _b.accessKeyId, secretAccessKey = _b.secretAccessKey, sessionToken = _b.sessionToken, expiration = _b.expiration; | ||
| if (!accessKeyId || !secretAccessKey || !sessionToken || !expiration) { | ||
| throw new CredentialsProviderError("SSO returns an invalid temporary credential.", SHOULD_FAIL_CREDENTIAL_CHAIN); | ||
| } | ||
| return [2 /*return*/, { accessKeyId: accessKeyId, secretAccessKey: secretAccessKey, sessionToken: sessionToken, expiration: new Date(expiration) }]; | ||
| } | ||
| catch (e) { | ||
| throw new CredentialsProviderError("The SSO session associated with this profile has expired or is otherwise invalid. To refresh this SSO session " + | ||
| "run aws sso login with the corresponding profile.", SHOULD_FAIL_CREDENTIAL_CHAIN); | ||
| } | ||
| accessToken = token.accessToken; | ||
| sso = ssoClient || new SSOClient({ region: ssoRegion }); | ||
| _d.label = 1; | ||
| case 1: | ||
| _d.trys.push([1, 3, , 4]); | ||
| return [4 /*yield*/, sso.send(new GetRoleCredentialsCommand({ | ||
| accountId: ssoAccountId, | ||
| roleName: ssoRoleName, | ||
| accessToken: accessToken, | ||
| }))]; | ||
| case 2: | ||
| ssoResp = _d.sent(); | ||
| return [3 /*break*/, 4]; | ||
| case 3: | ||
| e_1 = _d.sent(); | ||
| throw CredentialsProviderError.from(e_1, SHOULD_FAIL_CREDENTIAL_CHAIN); | ||
| case 4: | ||
| _b = ssoResp.roleCredentials, _c = _b === void 0 ? {} : _b, accessKeyId = _c.accessKeyId, secretAccessKey = _c.secretAccessKey, sessionToken = _c.sessionToken, expiration = _c.expiration; | ||
| if (!accessKeyId || !secretAccessKey || !sessionToken || !expiration) { | ||
| throw new CredentialsProviderError("SSO returns an invalid temporary credential.", SHOULD_FAIL_CREDENTIAL_CHAIN); | ||
| } | ||
| return [2 /*return*/, { accessKeyId: accessKeyId, secretAccessKey: secretAccessKey, sessionToken: sessionToken, expiration: new Date(expiration) }]; | ||
| } | ||
| }); | ||
| }); | ||
| }); }; | ||
| //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBLE9BQU8sRUFBRSx5QkFBeUIsRUFBbUMsU0FBUyxFQUFFLE1BQU0scUJBQXFCLENBQUM7QUFDNUcsT0FBTyxFQUFFLG9CQUFvQixFQUFFLGVBQWUsRUFBcUIsTUFBTSxrQ0FBa0MsQ0FBQztBQUM1RyxPQUFPLEVBQUUsd0JBQXdCLEVBQUUsTUFBTSw0QkFBNEIsQ0FBQztBQUN0RSxPQUFPLEVBQUUsVUFBVSxFQUFpQixNQUFNLGlDQUFpQyxDQUFDO0FBRTVFLE9BQU8sRUFBRSxVQUFVLEVBQUUsTUFBTSxRQUFRLENBQUM7QUFDcEMsT0FBTyxFQUFFLFlBQVksRUFBRSxNQUFNLElBQUksQ0FBQztBQUNsQyxPQUFPLEVBQUUsSUFBSSxFQUFFLE1BQU0sTUFBTSxDQUFDO0FBRTVCOzs7OztHQUtHO0FBQ0gsTUFBTSxDQUFDLElBQU0sZ0JBQWdCLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUM7QUFFL0MsSUFBTSw0QkFBNEIsR0FBRyxLQUFLLENBQUM7QUFrQjNDOzs7R0FHRztBQUNILE1BQU0sQ0FBQyxJQUFNLE9BQU8sR0FDbEIsVUFBQyxJQUFzQjtJQUF0QixxQkFBQSxFQUFBLFNBQXNCO0lBQ3ZCLE9BQUE7Ozs7d0JBQ21CLHFCQUFNLGVBQWUsQ0FBQyxJQUFJLENBQUMsRUFBQTs7b0JBQXRDLFFBQVEsR0FBRyxTQUEyQjtvQkFDNUMsc0JBQU8scUJBQXFCLENBQUMsb0JBQW9CLENBQUMsSUFBSSxDQUFDLEVBQUUsUUFBUSxFQUFFLElBQUksQ0FBQyxFQUFDOzs7U0FDMUU7QUFIRCxDQUdDLENBQUM7QUFFSixJQUFNLHFCQUFxQixHQUFHLFVBQzVCLFdBQW1CLEVBQ25CLFFBQXVCLEVBQ3ZCLE9BQW9COzs7OztnQkFFZCxPQUFPLEdBQUcsUUFBUSxDQUFDLFdBQVcsQ0FBQyxDQUFDO2dCQUN0QyxJQUFJLENBQUMsT0FBTyxFQUFFO29CQUNaLE1BQU0sSUFBSSx3QkFBd0IsQ0FBQyxhQUFXLFdBQVcsb0RBQWlELENBQUMsQ0FBQztpQkFDN0c7Z0JBQ3NCLFFBQVEsR0FBNkUsT0FBTyxjQUFwRixFQUFrQixTQUFTLEdBQWtELE9BQU8sZUFBekQsRUFBYyxNQUFNLEdBQThCLE9BQU8sV0FBckMsRUFBaUIsUUFBUSxHQUFLLE9BQU8sY0FBWixDQUFhO2dCQUNwSCxJQUFJLENBQUMsUUFBUSxJQUFJLENBQUMsU0FBUyxJQUFJLENBQUMsTUFBTSxJQUFJLENBQUMsUUFBUSxFQUFFO29CQUNuRCxNQUFNLElBQUksd0JBQXdCLENBQUMsYUFBVyxXQUFXLDZDQUEwQyxDQUFDLENBQUM7aUJBQ3RHO2dCQUNELElBQUksQ0FBQyxRQUFRLElBQUksQ0FBQyxTQUFTLElBQUksQ0FBQyxNQUFNLElBQUksQ0FBQyxRQUFRLEVBQUU7b0JBQ25ELE1BQU0sSUFBSSx3QkFBd0IsQ0FDaEMsYUFBVyxXQUFXLG1HQUE0Rjt3QkFDaEgsMEhBQXNILEVBQ3hILDRCQUE0QixDQUM3QixDQUFDO2lCQUNIO2dCQUNLLE1BQU0sR0FBRyxVQUFVLENBQUMsTUFBTSxDQUFDLENBQUM7Z0JBQzVCLFNBQVMsR0FBRyxNQUFNLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQztnQkFDbEQsU0FBUyxHQUFHLElBQUksQ0FBQyxVQUFVLEVBQUUsRUFBRSxNQUFNLEVBQUUsS0FBSyxFQUFFLE9BQU8sRUFBSyxTQUFTLFVBQU8sQ0FBQyxDQUFDO2dCQUVsRixJQUFJO29CQUNGLEtBQUssR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLFlBQVksQ0FBQyxTQUFTLEVBQUUsRUFBRSxRQUFRLEVBQUUsT0FBTyxFQUFFLENBQUMsQ0FBQyxDQUFDO29CQUNuRSxJQUFJLElBQUksSUFBSSxDQUFDLEtBQUssQ0FBQyxTQUFTLENBQUMsQ0FBQyxPQUFPLEVBQUUsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLElBQUksZ0JBQWdCLEVBQUU7d0JBQ3hFLE1BQU0sSUFBSSxLQUFLLENBQUMsdUJBQXVCLENBQUMsQ0FBQztxQkFDMUM7aUJBQ0Y7Z0JBQUMsT0FBTyxDQUFDLEVBQUU7b0JBQ1YsTUFBTSxJQUFJLHdCQUF3QixDQUNoQyxnSEFBZ0g7d0JBQzlHLG1EQUFtRCxFQUNyRCw0QkFBNEIsQ0FDN0IsQ0FBQztpQkFDSDtnQkFDTyxXQUFXLEdBQUssS0FBSyxZQUFWLENBQVc7Z0JBQ3hCLEdBQUcsR0FBRyxPQUFPLENBQUMsU0FBUyxJQUFJLElBQUksU0FBUyxDQUFDLEVBQUUsTUFBTSxRQUFBLEVBQUUsQ0FBQyxDQUFDOzs7O2dCQUcvQyxxQkFBTSxHQUFHLENBQUMsSUFBSSxDQUN0QixJQUFJLHlCQUF5QixDQUFDO3dCQUM1QixTQUFTLFdBQUE7d0JBQ1QsUUFBUSxVQUFBO3dCQUNSLFdBQVcsYUFBQTtxQkFDWixDQUFDLENBQ0gsRUFBQTs7Z0JBTkQsT0FBTyxHQUFHLFNBTVQsQ0FBQzs7OztnQkFFRixNQUFNLHdCQUF3QixDQUFDLElBQUksQ0FBQyxHQUFDLEVBQUUsNEJBQTRCLENBQUMsQ0FBQzs7Z0JBRS9ELEtBQXFGLE9BQU8sZ0JBQVosRUFBaEYscUJBQThFLEVBQUUsS0FBQSxFQUE3RCxXQUFXLGlCQUFBLEVBQUUsZUFBZSxxQkFBQSxFQUFFLFlBQVksa0JBQUEsRUFBRSxVQUFVLGdCQUFBLENBQW9CO2dCQUNyRyxJQUFJLENBQUMsV0FBVyxJQUFJLENBQUMsZUFBZSxJQUFJLENBQUMsWUFBWSxJQUFJLENBQUMsVUFBVSxFQUFFO29CQUNwRSxNQUFNLElBQUksd0JBQXdCLENBQUMsOENBQThDLEVBQUUsNEJBQTRCLENBQUMsQ0FBQztpQkFDbEg7Z0JBQ0Qsc0JBQU8sRUFBRSxXQUFXLGFBQUEsRUFBRSxlQUFlLGlCQUFBLEVBQUUsWUFBWSxjQUFBLEVBQUUsVUFBVSxFQUFFLElBQUksSUFBSSxDQUFDLFVBQVUsQ0FBQyxFQUFFLEVBQUM7OztLQUN6RixDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgR2V0Um9sZUNyZWRlbnRpYWxzQ29tbWFuZCwgR2V0Um9sZUNyZWRlbnRpYWxzQ29tbWFuZE91dHB1dCwgU1NPQ2xpZW50IH0gZnJvbSBcIkBhd3Mtc2RrL2NsaWVudC1zc29cIjtcbmltcG9ydCB7IGdldE1hc3RlclByb2ZpbGVOYW1lLCBwYXJzZUtub3duRmlsZXMsIFNvdXJjZVByb2ZpbGVJbml0IH0gZnJvbSBcIkBhd3Mtc2RrL2NyZWRlbnRpYWwtcHJvdmlkZXItaW5pXCI7XG5pbXBvcnQgeyBDcmVkZW50aWFsc1Byb3ZpZGVyRXJyb3IgfSBmcm9tIFwiQGF3cy1zZGsvcHJvcGVydHktcHJvdmlkZXJcIjtcbmltcG9ydCB7IGdldEhvbWVEaXIsIFBhcnNlZEluaURhdGEgfSBmcm9tIFwiQGF3cy1zZGsvc2hhcmVkLWluaS1maWxlLWxvYWRlclwiO1xuaW1wb3J0IHsgQ3JlZGVudGlhbFByb3ZpZGVyLCBDcmVkZW50aWFscyB9IGZyb20gXCJAYXdzLXNkay90eXBlc1wiO1xuaW1wb3J0IHsgY3JlYXRlSGFzaCB9IGZyb20gXCJjcnlwdG9cIjtcbmltcG9ydCB7IHJlYWRGaWxlU3luYyB9IGZyb20gXCJmc1wiO1xuaW1wb3J0IHsgam9pbiB9IGZyb20gXCJwYXRoXCI7XG5cbi8qKlxuICogVGhlIHRpbWUgd2luZG93ICgxNSBtaW5zKSB0aGF0IFNESyB3aWxsIHRyZWF0IHRoZSBTU08gdG9rZW4gZXhwaXJlcyBpbiBiZWZvcmUgdGhlIGRlZmluZWQgZXhwaXJhdGlvbiBkYXRlIGluIHRva2VuLlxuICogVGhpcyBpcyBuZWVkZWQgYmVjYXVzZSBzZXJ2ZXIgc2lkZSBtYXkgaGF2ZSBpbnZhbGlkYXRlZCB0aGUgdG9rZW4gYmVmb3JlIHRoZSBkZWZpbmVkIGV4cGlyYXRpb24gZGF0ZS5cbiAqXG4gKiBAaW50ZXJuYWxcbiAqL1xuZXhwb3J0IGNvbnN0IEVYUElSRV9XSU5ET1dfTVMgPSAxNSAqIDYwICogMTAwMDtcblxuY29uc3QgU0hPVUxEX0ZBSUxfQ1JFREVOVElBTF9DSEFJTiA9IGZhbHNlO1xuXG4vKipcbiAqIENhY2hlZCBTU08gdG9rZW4gcmV0cmlldmVkIGZyb20gU1NPIGxvZ2luIGZsb3cuXG4gKi9cbmludGVyZmFjZSBTU09Ub2tlbiB7XG4gIC8vIEEgYmFzZTY0IGVuY29kZWQgc3RyaW5nIHJldHVybmVkIGJ5IHRoZSBzc28tb2lkYyBzZXJ2aWNlLlxuICBhY2Nlc3NUb2tlbjogc3RyaW5nO1xuICAvLyBSRkMzMzM5IGZvcm1hdCB0aW1lc3RhbXBcbiAgZXhwaXJlc0F0OiBzdHJpbmc7XG4gIHJlZ2lvbj86IHN0cmluZztcbiAgc3RhcnRVcmw/OiBzdHJpbmc7XG59XG5cbmV4cG9ydCBpbnRlcmZhY2UgRnJvbVNTT0luaXQgZXh0ZW5kcyBTb3VyY2VQcm9maWxlSW5pdCB7XG4gIHNzb0NsaWVudD86IFNTT0NsaWVudDtcbn1cblxuLyoqXG4gKiBDcmVhdGVzIGEgY3JlZGVudGlhbCBwcm92aWRlciB0aGF0IHdpbGwgcmVhZCBmcm9tIGEgY3JlZGVudGlhbF9wcm9jZXNzIHNwZWNpZmllZFxuICogaW4gaW5pIGZpbGVzLlxuICovXG5leHBvcnQgY29uc3QgZnJvbVNTTyA9XG4gIChpbml0OiBGcm9tU1NPSW5pdCA9IHt9KTogQ3JlZGVudGlhbFByb3ZpZGVyID0+XG4gIGFzeW5jICgpID0+IHtcbiAgICBjb25zdCBwcm9maWxlcyA9IGF3YWl0IHBhcnNlS25vd25GaWxlcyhpbml0KTtcbiAgICByZXR1cm4gcmVzb2x2ZVNTT0NyZWRlbnRpYWxzKGdldE1hc3RlclByb2ZpbGVOYW1lKGluaXQpLCBwcm9maWxlcywgaW5pdCk7XG4gIH07XG5cbmNvbnN0IHJlc29sdmVTU09DcmVkZW50aWFscyA9IGFzeW5jIChcbiAgcHJvZmlsZU5hbWU6IHN0cmluZyxcbiAgcHJvZmlsZXM6IFBhcnNlZEluaURhdGEsXG4gIG9wdGlvbnM6IEZyb21TU09Jbml0XG4pOiBQcm9taXNlPENyZWRlbnRpYWxzPiA9PiB7XG4gIGNvbnN0IHByb2ZpbGUgPSBwcm9maWxlc1twcm9maWxlTmFtZV07XG4gIGlmICghcHJvZmlsZSkge1xuICAgIHRocm93IG5ldyBDcmVkZW50aWFsc1Byb3ZpZGVyRXJyb3IoYFByb2ZpbGUgJHtwcm9maWxlTmFtZX0gY291bGQgbm90IGJlIGZvdW5kIGluIHNoYXJlZCBjcmVkZW50aWFscyBmaWxlLmApO1xuICB9XG4gIGNvbnN0IHsgc3NvX3N0YXJ0X3VybDogc3RhcnRVcmwsIHNzb19hY2NvdW50X2lkOiBhY2NvdW50SWQsIHNzb19yZWdpb246IHJlZ2lvbiwgc3NvX3JvbGVfbmFtZTogcm9sZU5hbWUgfSA9IHByb2ZpbGU7XG4gIGlmICghc3RhcnRVcmwgJiYgIWFjY291bnRJZCAmJiAhcmVnaW9uICYmICFyb2xlTmFtZSkge1xuICAgIHRocm93IG5ldyBDcmVkZW50aWFsc1Byb3ZpZGVyRXJyb3IoYFByb2ZpbGUgJHtwcm9maWxlTmFtZX0gaXMgbm90IGNvbmZpZ3VyZWQgd2l0aCBTU08gY3JlZGVudGlhbHMuYCk7XG4gIH1cbiAgaWYgKCFzdGFydFVybCB8fCAhYWNjb3VudElkIHx8ICFyZWdpb24gfHwgIXJvbGVOYW1lKSB7XG4gICAgdGhyb3cgbmV3IENyZWRlbnRpYWxzUHJvdmlkZXJFcnJvcihcbiAgICAgIGBQcm9maWxlICR7cHJvZmlsZU5hbWV9IGRvZXMgbm90IGhhdmUgdmFsaWQgU1NPIGNyZWRlbnRpYWxzLiBSZXF1aXJlZCBwYXJhbWV0ZXJzIFwic3NvX2FjY291bnRfaWRcIiwgXCJzc29fcmVnaW9uXCIsIGAgK1xuICAgICAgICBgXCJzc29fcm9sZV9uYW1lXCIsIFwic3NvX3N0YXJ0X3VybFwiLiBSZWZlcmVuY2U6IGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9jbGkvbGF0ZXN0L3VzZXJndWlkZS9jbGktY29uZmlndXJlLXNzby5odG1sYCxcbiAgICAgIFNIT1VMRF9GQUlMX0NSRURFTlRJQUxfQ0hBSU5cbiAgICApO1xuICB9XG4gIGNvbnN0IGhhc2hlciA9IGNyZWF0ZUhhc2goXCJzaGExXCIpO1xuICBjb25zdCBjYWNoZU5hbWUgPSBoYXNoZXIudXBkYXRlKHN0YXJ0VXJsKS5kaWdlc3QoXCJoZXhcIik7XG4gIGNvbnN0IHRva2VuRmlsZSA9IGpvaW4oZ2V0SG9tZURpcigpLCBcIi5hd3NcIiwgXCJzc29cIiwgXCJjYWNoZVwiLCBgJHtjYWNoZU5hbWV9Lmpzb25gKTtcbiAgbGV0IHRva2VuOiBTU09Ub2tlbjtcbiAgdHJ5IHtcbiAgICB0b2tlbiA9IEpTT04ucGFyc2UocmVhZEZpbGVTeW5jKHRva2VuRmlsZSwgeyBlbmNvZGluZzogXCJ1dGYtOFwiIH0pKTtcbiAgICBpZiAobmV3IERhdGUodG9rZW4uZXhwaXJlc0F0KS5nZXRUaW1lKCkgLSBEYXRlLm5vdygpIDw9IEVYUElSRV9XSU5ET1dfTVMpIHtcbiAgICAgIHRocm93IG5ldyBFcnJvcihcIlNTTyB0b2tlbiBpcyBleHBpcmVkLlwiKTtcbiAgICB9XG4gIH0gY2F0Y2ggKGUpIHtcbiAgICB0aHJvdyBuZXcgQ3JlZGVudGlhbHNQcm92aWRlckVycm9yKFxuICAgICAgYFRoZSBTU08gc2Vzc2lvbiBhc3NvY2lhdGVkIHdpdGggdGhpcyBwcm9maWxlIGhhcyBleHBpcmVkIG9yIGlzIG90aGVyd2lzZSBpbnZhbGlkLiBUbyByZWZyZXNoIHRoaXMgU1NPIHNlc3Npb24gYCArXG4gICAgICAgIGBydW4gYXdzIHNzbyBsb2dpbiB3aXRoIHRoZSBjb3JyZXNwb25kaW5nIHByb2ZpbGUuYCxcbiAgICAgIFNIT1VMRF9GQUlMX0NSRURFTlRJQUxfQ0hBSU5cbiAgICApO1xuICB9XG4gIGNvbnN0IHsgYWNjZXNzVG9rZW4gfSA9IHRva2VuO1xuICBjb25zdCBzc28gPSBvcHRpb25zLnNzb0NsaWVudCB8fCBuZXcgU1NPQ2xpZW50KHsgcmVnaW9uIH0pO1xuICBsZXQgc3NvUmVzcDogR2V0Um9sZUNyZWRlbnRpYWxzQ29tbWFuZE91dHB1dDtcbiAgdHJ5IHtcbiAgICBzc29SZXNwID0gYXdhaXQgc3NvLnNlbmQoXG4gICAgICBuZXcgR2V0Um9sZUNyZWRlbnRpYWxzQ29tbWFuZCh7XG4gICAgICAgIGFjY291bnRJZCxcbiAgICAgICAgcm9sZU5hbWUsXG4gICAgICAgIGFjY2Vzc1Rva2VuLFxuICAgICAgfSlcbiAgICApO1xuICB9IGNhdGNoIChlKSB7XG4gICAgdGhyb3cgQ3JlZGVudGlhbHNQcm92aWRlckVycm9yLmZyb20oZSwgU0hPVUxEX0ZBSUxfQ1JFREVOVElBTF9DSEFJTik7XG4gIH1cbiAgY29uc3QgeyByb2xlQ3JlZGVudGlhbHM6IHsgYWNjZXNzS2V5SWQsIHNlY3JldEFjY2Vzc0tleSwgc2Vzc2lvblRva2VuLCBleHBpcmF0aW9uIH0gPSB7fSB9ID0gc3NvUmVzcDtcbiAgaWYgKCFhY2Nlc3NLZXlJZCB8fCAhc2VjcmV0QWNjZXNzS2V5IHx8ICFzZXNzaW9uVG9rZW4gfHwgIWV4cGlyYXRpb24pIHtcbiAgICB0aHJvdyBuZXcgQ3JlZGVudGlhbHNQcm92aWRlckVycm9yKFwiU1NPIHJldHVybnMgYW4gaW52YWxpZCB0ZW1wb3JhcnkgY3JlZGVudGlhbC5cIiwgU0hPVUxEX0ZBSUxfQ1JFREVOVElBTF9DSEFJTik7XG4gIH1cbiAgcmV0dXJuIHsgYWNjZXNzS2V5SWQsIHNlY3JldEFjY2Vzc0tleSwgc2Vzc2lvblRva2VuLCBleHBpcmF0aW9uOiBuZXcgRGF0ZShleHBpcmF0aW9uKSB9O1xufTtcbiJdfQ== | ||
| }; | ||
| /** | ||
| * @internal | ||
| */ | ||
| export var validateSsoProfile = function (profile) { | ||
| var sso_start_url = profile.sso_start_url, sso_account_id = profile.sso_account_id, sso_region = profile.sso_region, sso_role_name = profile.sso_role_name; | ||
| if (!sso_start_url || !sso_account_id || !sso_region || !sso_role_name) { | ||
| throw new CredentialsProviderError("Profile is configured with invalid SSO credentials. Required parameters \"sso_account_id\", \"sso_region\", " + | ||
| ("\"sso_role_name\", \"sso_start_url\". Got " + Object.keys(profile).join(", ") + "\nReference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html"), SHOULD_FAIL_CREDENTIAL_CHAIN); | ||
| } | ||
| return profile; | ||
| }; | ||
| /** | ||
| * @internal | ||
| */ | ||
| export var isSsoProfile = function (arg) { | ||
| return arg && | ||
| (typeof arg.sso_start_url === "string" || | ||
| typeof arg.sso_account_id === "string" || | ||
| typeof arg.sso_region === "string" || | ||
| typeof arg.sso_role_name === "string"); | ||
| }; | ||
| //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBLE9BQU8sRUFBRSx5QkFBeUIsRUFBbUMsU0FBUyxFQUFFLE1BQU0scUJBQXFCLENBQUM7QUFDNUcsT0FBTyxFQUFFLHdCQUF3QixFQUFFLE1BQU0sNEJBQTRCLENBQUM7QUFDdEUsT0FBTyxFQUFFLFVBQVUsRUFBVyxNQUFNLGlDQUFpQyxDQUFDO0FBRXRFLE9BQU8sRUFBRSxvQkFBb0IsRUFBRSxlQUFlLEVBQXFCLE1BQU0sMkJBQTJCLENBQUM7QUFDckcsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLFFBQVEsQ0FBQztBQUNwQyxPQUFPLEVBQUUsWUFBWSxFQUFFLE1BQU0sSUFBSSxDQUFDO0FBQ2xDLE9BQU8sRUFBRSxJQUFJLEVBQUUsTUFBTSxNQUFNLENBQUM7QUFFNUI7Ozs7O0dBS0c7QUFDSCxNQUFNLENBQUMsSUFBTSxnQkFBZ0IsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQztBQUUvQyxJQUFNLDRCQUE0QixHQUFHLEtBQUssQ0FBQztBQXVDM0M7OztHQUdHO0FBQ0gsTUFBTSxDQUFDLElBQU0sT0FBTyxHQUNsQixVQUFDLElBQWlFO0lBQWpFLHFCQUFBLEVBQUEsT0FBd0QsRUFBUztJQUNsRSxPQUFBOzs7OztvQkFDVSxXQUFXLEdBQXNELElBQUksWUFBMUQsRUFBRSxZQUFZLEdBQXdDLElBQUksYUFBNUMsRUFBRSxTQUFTLEdBQTZCLElBQUksVUFBakMsRUFBRSxXQUFXLEdBQWdCLElBQUksWUFBcEIsRUFBRSxTQUFTLEdBQUssSUFBSSxVQUFULENBQVU7eUJBQzFFLENBQUEsQ0FBQyxXQUFXLElBQUksQ0FBQyxZQUFZLElBQUksQ0FBQyxTQUFTLElBQUksQ0FBQyxXQUFXLENBQUEsRUFBM0Qsd0JBQTJEO29CQUU1QyxxQkFBTSxlQUFlLENBQUMsSUFBSSxDQUFDLEVBQUE7O29CQUF0QyxRQUFRLEdBQUcsU0FBMkI7b0JBQ3RDLFdBQVcsR0FBRyxvQkFBb0IsQ0FBQyxJQUFJLENBQUMsQ0FBQztvQkFDekMsT0FBTyxHQUFHLFFBQVEsQ0FBQyxXQUFXLENBQUMsQ0FBQztvQkFDdEMsSUFBSSxDQUFDLFlBQVksQ0FBQyxPQUFPLENBQUMsRUFBRTt3QkFDMUIsTUFBTSxJQUFJLHdCQUF3QixDQUFDLGFBQVcsV0FBVyw2Q0FBMEMsQ0FBQyxDQUFDO3FCQUN0RztvQkFDSyxLQUErRCxrQkFBa0IsQ0FBQyxPQUFPLENBQUMsRUFBeEYsYUFBYSxtQkFBQSxFQUFFLGNBQWMsb0JBQUEsRUFBRSxVQUFVLGdCQUFBLEVBQUUsYUFBYSxtQkFBQSxDQUFpQztvQkFDakcsc0JBQU8scUJBQXFCLENBQUM7NEJBQzNCLFdBQVcsRUFBRSxhQUFhOzRCQUMxQixZQUFZLEVBQUUsY0FBYzs0QkFDNUIsU0FBUyxFQUFFLFVBQVU7NEJBQ3JCLFdBQVcsRUFBRSxhQUFhOzRCQUMxQixTQUFTLEVBQUUsU0FBUzt5QkFDckIsQ0FBQyxFQUFDOztvQkFDRSxJQUFJLENBQUMsV0FBVyxJQUFJLENBQUMsWUFBWSxJQUFJLENBQUMsU0FBUyxJQUFJLENBQUMsV0FBVyxFQUFFO3dCQUN0RSxNQUFNLElBQUksd0JBQXdCLENBQ2hDLG1GQUFtRjs0QkFDakYsNkNBQTZDLENBQ2hELENBQUM7cUJBQ0g7eUJBQU07d0JBQ0wsc0JBQU8scUJBQXFCLENBQUMsRUFBRSxXQUFXLGFBQUEsRUFBRSxZQUFZLGNBQUEsRUFBRSxTQUFTLFdBQUEsRUFBRSxXQUFXLGFBQUEsRUFBRSxTQUFTLFdBQUEsRUFBRSxDQUFDLEVBQUM7cUJBQ2hHOzs7OztTQUNGO0FBMUJELENBMEJDLENBQUM7QUFFSixJQUFNLHFCQUFxQixHQUFHLFVBQU8sRUFNSTtRQUx2QyxXQUFXLGlCQUFBLEVBQ1gsWUFBWSxrQkFBQSxFQUNaLFNBQVMsZUFBQSxFQUNULFdBQVcsaUJBQUEsRUFDWCxTQUFTLGVBQUE7Ozs7OztvQkFFSCxNQUFNLEdBQUcsVUFBVSxDQUFDLE1BQU0sQ0FBQyxDQUFDO29CQUM1QixTQUFTLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQyxXQUFXLENBQUMsQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLENBQUM7b0JBQ3JELFNBQVMsR0FBRyxJQUFJLENBQUMsVUFBVSxFQUFFLEVBQUUsTUFBTSxFQUFFLEtBQUssRUFBRSxPQUFPLEVBQUssU0FBUyxVQUFPLENBQUMsQ0FBQztvQkFFbEYsSUFBSTt3QkFDRixLQUFLLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxZQUFZLENBQUMsU0FBUyxFQUFFLEVBQUUsUUFBUSxFQUFFLE9BQU8sRUFBRSxDQUFDLENBQUMsQ0FBQzt3QkFDbkUsSUFBSSxJQUFJLElBQUksQ0FBQyxLQUFLLENBQUMsU0FBUyxDQUFDLENBQUMsT0FBTyxFQUFFLEdBQUcsSUFBSSxDQUFDLEdBQUcsRUFBRSxJQUFJLGdCQUFnQixFQUFFOzRCQUN4RSxNQUFNLElBQUksS0FBSyxDQUFDLHVCQUF1QixDQUFDLENBQUM7eUJBQzFDO3FCQUNGO29CQUFDLE9BQU8sQ0FBQyxFQUFFO3dCQUNWLE1BQU0sSUFBSSx3QkFBd0IsQ0FDaEMsZ0hBQWdIOzRCQUM5RyxtREFBbUQsRUFDckQsNEJBQTRCLENBQzdCLENBQUM7cUJBQ0g7b0JBQ08sV0FBVyxHQUFLLEtBQUssWUFBVixDQUFXO29CQUN4QixHQUFHLEdBQUcsU0FBUyxJQUFJLElBQUksU0FBUyxDQUFDLEVBQUUsTUFBTSxFQUFFLFNBQVMsRUFBRSxDQUFDLENBQUM7Ozs7b0JBR2xELHFCQUFNLEdBQUcsQ0FBQyxJQUFJLENBQ3RCLElBQUkseUJBQXlCLENBQUM7NEJBQzVCLFNBQVMsRUFBRSxZQUFZOzRCQUN2QixRQUFRLEVBQUUsV0FBVzs0QkFDckIsV0FBVyxhQUFBO3lCQUNaLENBQUMsQ0FDSCxFQUFBOztvQkFORCxPQUFPLEdBQUcsU0FNVCxDQUFDOzs7O29CQUVGLE1BQU0sd0JBQXdCLENBQUMsSUFBSSxDQUFDLEdBQUMsRUFBRSw0QkFBNEIsQ0FBQyxDQUFDOztvQkFFL0QsS0FBcUYsT0FBTyxnQkFBWixFQUFoRixxQkFBOEUsRUFBRSxLQUFBLEVBQTdELFdBQVcsaUJBQUEsRUFBRSxlQUFlLHFCQUFBLEVBQUUsWUFBWSxrQkFBQSxFQUFFLFVBQVUsZ0JBQUEsQ0FBb0I7b0JBQ3JHLElBQUksQ0FBQyxXQUFXLElBQUksQ0FBQyxlQUFlLElBQUksQ0FBQyxZQUFZLElBQUksQ0FBQyxVQUFVLEVBQUU7d0JBQ3BFLE1BQU0sSUFBSSx3QkFBd0IsQ0FBQyw4Q0FBOEMsRUFBRSw0QkFBNEIsQ0FBQyxDQUFDO3FCQUNsSDtvQkFDRCxzQkFBTyxFQUFFLFdBQVcsYUFBQSxFQUFFLGVBQWUsaUJBQUEsRUFBRSxZQUFZLGNBQUEsRUFBRSxVQUFVLEVBQUUsSUFBSSxJQUFJLENBQUMsVUFBVSxDQUFDLEVBQUUsRUFBQzs7OztDQUN6RixDQUFDO0FBWUY7O0dBRUc7QUFDSCxNQUFNLENBQUMsSUFBTSxrQkFBa0IsR0FBRyxVQUFDLE9BQTRCO0lBQ3JELElBQUEsYUFBYSxHQUFnRCxPQUFPLGNBQXZELEVBQUUsY0FBYyxHQUFnQyxPQUFPLGVBQXZDLEVBQUUsVUFBVSxHQUFvQixPQUFPLFdBQTNCLEVBQUUsYUFBYSxHQUFLLE9BQU8sY0FBWixDQUFhO0lBQzdFLElBQUksQ0FBQyxhQUFhLElBQUksQ0FBQyxjQUFjLElBQUksQ0FBQyxVQUFVLElBQUksQ0FBQyxhQUFhLEVBQUU7UUFDdEUsTUFBTSxJQUFJLHdCQUF3QixDQUNoQyw4R0FBMEc7YUFDeEcsK0NBQXlDLE1BQU0sQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUMsSUFBSSxDQUNoRSxJQUFJLENBQ0wseUZBQXNGLENBQUEsRUFDekYsNEJBQTRCLENBQzdCLENBQUM7S0FDSDtJQUNELE9BQU8sT0FBcUIsQ0FBQztBQUMvQixDQUFDLENBQUM7QUFFRjs7R0FFRztBQUNILE1BQU0sQ0FBQyxJQUFNLFlBQVksR0FBRyxVQUFDLEdBQVk7SUFDdkMsT0FBQSxHQUFHO1FBQ0gsQ0FBQyxPQUFPLEdBQUcsQ0FBQyxhQUFhLEtBQUssUUFBUTtZQUNwQyxPQUFPLEdBQUcsQ0FBQyxjQUFjLEtBQUssUUFBUTtZQUN0QyxPQUFPLEdBQUcsQ0FBQyxVQUFVLEtBQUssUUFBUTtZQUNsQyxPQUFPLEdBQUcsQ0FBQyxhQUFhLEtBQUssUUFBUSxDQUFDO0FBSnhDLENBSXdDLENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBHZXRSb2xlQ3JlZGVudGlhbHNDb21tYW5kLCBHZXRSb2xlQ3JlZGVudGlhbHNDb21tYW5kT3V0cHV0LCBTU09DbGllbnQgfSBmcm9tIFwiQGF3cy1zZGsvY2xpZW50LXNzb1wiO1xuaW1wb3J0IHsgQ3JlZGVudGlhbHNQcm92aWRlckVycm9yIH0gZnJvbSBcIkBhd3Mtc2RrL3Byb3BlcnR5LXByb3ZpZGVyXCI7XG5pbXBvcnQgeyBnZXRIb21lRGlyLCBQcm9maWxlIH0gZnJvbSBcIkBhd3Mtc2RrL3NoYXJlZC1pbmktZmlsZS1sb2FkZXJcIjtcbmltcG9ydCB7IENyZWRlbnRpYWxQcm92aWRlciwgQ3JlZGVudGlhbHMgfSBmcm9tIFwiQGF3cy1zZGsvdHlwZXNcIjtcbmltcG9ydCB7IGdldE1hc3RlclByb2ZpbGVOYW1lLCBwYXJzZUtub3duRmlsZXMsIFNvdXJjZVByb2ZpbGVJbml0IH0gZnJvbSBcIkBhd3Mtc2RrL3V0aWwtY3JlZGVudGlhbHNcIjtcbmltcG9ydCB7IGNyZWF0ZUhhc2ggfSBmcm9tIFwiY3J5cHRvXCI7XG5pbXBvcnQgeyByZWFkRmlsZVN5bmMgfSBmcm9tIFwiZnNcIjtcbmltcG9ydCB7IGpvaW4gfSBmcm9tIFwicGF0aFwiO1xuXG4vKipcbiAqIFRoZSB0aW1lIHdpbmRvdyAoMTUgbWlucykgdGhhdCBTREsgd2lsbCB0cmVhdCB0aGUgU1NPIHRva2VuIGV4cGlyZXMgaW4gYmVmb3JlIHRoZSBkZWZpbmVkIGV4cGlyYXRpb24gZGF0ZSBpbiB0b2tlbi5cbiAqIFRoaXMgaXMgbmVlZGVkIGJlY2F1c2Ugc2VydmVyIHNpZGUgbWF5IGhhdmUgaW52YWxpZGF0ZWQgdGhlIHRva2VuIGJlZm9yZSB0aGUgZGVmaW5lZCBleHBpcmF0aW9uIGRhdGUuXG4gKlxuICogQGludGVybmFsXG4gKi9cbmV4cG9ydCBjb25zdCBFWFBJUkVfV0lORE9XX01TID0gMTUgKiA2MCAqIDEwMDA7XG5cbmNvbnN0IFNIT1VMRF9GQUlMX0NSRURFTlRJQUxfQ0hBSU4gPSBmYWxzZTtcblxuLyoqXG4gKiBDYWNoZWQgU1NPIHRva2VuIHJldHJpZXZlZCBmcm9tIFNTTyBsb2dpbiBmbG93LlxuICovXG5pbnRlcmZhY2UgU1NPVG9rZW4ge1xuICAvLyBBIGJhc2U2NCBlbmNvZGVkIHN0cmluZyByZXR1cm5lZCBieSB0aGUgc3NvLW9pZGMgc2VydmljZS5cbiAgYWNjZXNzVG9rZW46IHN0cmluZztcbiAgLy8gUkZDMzMzOSBmb3JtYXQgdGltZXN0YW1wXG4gIGV4cGlyZXNBdDogc3RyaW5nO1xuICByZWdpb24/OiBzdHJpbmc7XG4gIHN0YXJ0VXJsPzogc3RyaW5nO1xufVxuXG5leHBvcnQgaW50ZXJmYWNlIFNzb0NyZWRlbnRpYWxzUGFyYW1ldGVycyB7XG4gIC8qKlxuICAgKiBUaGUgVVJMIHRvIHRoZSBBV1MgU1NPIHNlcnZpY2UuXG4gICAqL1xuICBzc29TdGFydFVybDogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBUaGUgSUQgb2YgdGhlIEFXUyBhY2NvdW50IHRvIHVzZSBmb3IgdGVtcG9yYXJ5IGNyZWRlbnRpYWxzLlxuICAgKi9cbiAgc3NvQWNjb3VudElkOiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIFRoZSBBV1MgcmVnaW9uIHRvIHVzZSBmb3IgdGVtcG9yYXJ5IGNyZWRlbnRpYWxzLlxuICAgKi9cbiAgc3NvUmVnaW9uOiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIFRoZSBuYW1lIG9mIHRoZSBBV1Mgcm9sZSB0byBhc3N1bWUuXG4gICAqL1xuICBzc29Sb2xlTmFtZTogc3RyaW5nO1xufVxuZXhwb3J0IGludGVyZmFjZSBGcm9tU1NPSW5pdCBleHRlbmRzIFNvdXJjZVByb2ZpbGVJbml0IHtcbiAgc3NvQ2xpZW50PzogU1NPQ2xpZW50O1xufVxuXG4vKipcbiAqIENyZWF0ZXMgYSBjcmVkZW50aWFsIHByb3ZpZGVyIHRoYXQgd2lsbCByZWFkIGZyb20gYSBjcmVkZW50aWFsX3Byb2Nlc3Mgc3BlY2lmaWVkXG4gKiBpbiBpbmkgZmlsZXMuXG4gKi9cbmV4cG9ydCBjb25zdCBmcm9tU1NPID1cbiAgKGluaXQ6IEZyb21TU09Jbml0ICYgUGFydGlhbDxTc29DcmVkZW50aWFsc1BhcmFtZXRlcnM+ID0ge30gYXMgYW55KTogQ3JlZGVudGlhbFByb3ZpZGVyID0+XG4gIGFzeW5jICgpID0+IHtcbiAgICBjb25zdCB7IHNzb1N0YXJ0VXJsLCBzc29BY2NvdW50SWQsIHNzb1JlZ2lvbiwgc3NvUm9sZU5hbWUsIHNzb0NsaWVudCB9ID0gaW5pdDtcbiAgICBpZiAoIXNzb1N0YXJ0VXJsICYmICFzc29BY2NvdW50SWQgJiYgIXNzb1JlZ2lvbiAmJiAhc3NvUm9sZU5hbWUpIHtcbiAgICAgIC8vIExvYWQgdGhlIFNTTyBjb25maWcgZnJvbSBzaGFyZWQgQVdTIGNvbmZpZyBmaWxlLlxuICAgICAgY29uc3QgcHJvZmlsZXMgPSBhd2FpdCBwYXJzZUtub3duRmlsZXMoaW5pdCk7XG4gICAgICBjb25zdCBwcm9maWxlTmFtZSA9IGdldE1hc3RlclByb2ZpbGVOYW1lKGluaXQpO1xuICAgICAgY29uc3QgcHJvZmlsZSA9IHByb2ZpbGVzW3Byb2ZpbGVOYW1lXTtcbiAgICAgIGlmICghaXNTc29Qcm9maWxlKHByb2ZpbGUpKSB7XG4gICAgICAgIHRocm93IG5ldyBDcmVkZW50aWFsc1Byb3ZpZGVyRXJyb3IoYFByb2ZpbGUgJHtwcm9maWxlTmFtZX0gaXMgbm90IGNvbmZpZ3VyZWQgd2l0aCBTU08gY3JlZGVudGlhbHMuYCk7XG4gICAgICB9XG4gICAgICBjb25zdCB7IHNzb19zdGFydF91cmwsIHNzb19hY2NvdW50X2lkLCBzc29fcmVnaW9uLCBzc29fcm9sZV9uYW1lIH0gPSB2YWxpZGF0ZVNzb1Byb2ZpbGUocHJvZmlsZSk7XG4gICAgICByZXR1cm4gcmVzb2x2ZVNTT0NyZWRlbnRpYWxzKHtcbiAgICAgICAgc3NvU3RhcnRVcmw6IHNzb19zdGFydF91cmwsXG4gICAgICAgIHNzb0FjY291bnRJZDogc3NvX2FjY291bnRfaWQsXG4gICAgICAgIHNzb1JlZ2lvbjogc3NvX3JlZ2lvbixcbiAgICAgICAgc3NvUm9sZU5hbWU6IHNzb19yb2xlX25hbWUsXG4gICAgICAgIHNzb0NsaWVudDogc3NvQ2xpZW50LFxuICAgICAgfSk7XG4gICAgfSBlbHNlIGlmICghc3NvU3RhcnRVcmwgfHwgIXNzb0FjY291bnRJZCB8fCAhc3NvUmVnaW9uIHx8ICFzc29Sb2xlTmFtZSkge1xuICAgICAgdGhyb3cgbmV3IENyZWRlbnRpYWxzUHJvdmlkZXJFcnJvcihcbiAgICAgICAgJ0luY29tcGxldGUgY29uZmlndXJhdGlvbi4gVGhlIGZyb21TU08oKSBhcmd1bWVudCBoYXNoIG11c3QgaW5jbHVkZSBcInNzb1N0YXJ0VXJsXCIsJyArXG4gICAgICAgICAgJyBcInNzb0FjY291bnRJZFwiLCBcInNzb1JlZ2lvblwiLCBcInNzb1JvbGVOYW1lXCInXG4gICAgICApO1xuICAgIH0gZWxzZSB7XG4gICAgICByZXR1cm4gcmVzb2x2ZVNTT0NyZWRlbnRpYWxzKHsgc3NvU3RhcnRVcmwsIHNzb0FjY291bnRJZCwgc3NvUmVnaW9uLCBzc29Sb2xlTmFtZSwgc3NvQ2xpZW50IH0pO1xuICAgIH1cbiAgfTtcblxuY29uc3QgcmVzb2x2ZVNTT0NyZWRlbnRpYWxzID0gYXN5bmMgKHtcbiAgc3NvU3RhcnRVcmwsXG4gIHNzb0FjY291bnRJZCxcbiAgc3NvUmVnaW9uLFxuICBzc29Sb2xlTmFtZSxcbiAgc3NvQ2xpZW50LFxufTogRnJvbVNTT0luaXQgJiBTc29DcmVkZW50aWFsc1BhcmFtZXRlcnMpOiBQcm9taXNlPENyZWRlbnRpYWxzPiA9PiB7XG4gIGNvbnN0IGhhc2hlciA9IGNyZWF0ZUhhc2goXCJzaGExXCIpO1xuICBjb25zdCBjYWNoZU5hbWUgPSBoYXNoZXIudXBkYXRlKHNzb1N0YXJ0VXJsKS5kaWdlc3QoXCJoZXhcIik7XG4gIGNvbnN0IHRva2VuRmlsZSA9IGpvaW4oZ2V0SG9tZURpcigpLCBcIi5hd3NcIiwgXCJzc29cIiwgXCJjYWNoZVwiLCBgJHtjYWNoZU5hbWV9Lmpzb25gKTtcbiAgbGV0IHRva2VuOiBTU09Ub2tlbjtcbiAgdHJ5IHtcbiAgICB0b2tlbiA9IEpTT04ucGFyc2UocmVhZEZpbGVTeW5jKHRva2VuRmlsZSwgeyBlbmNvZGluZzogXCJ1dGYtOFwiIH0pKTtcbiAgICBpZiAobmV3IERhdGUodG9rZW4uZXhwaXJlc0F0KS5nZXRUaW1lKCkgLSBEYXRlLm5vdygpIDw9IEVYUElSRV9XSU5ET1dfTVMpIHtcbiAgICAgIHRocm93IG5ldyBFcnJvcihcIlNTTyB0b2tlbiBpcyBleHBpcmVkLlwiKTtcbiAgICB9XG4gIH0gY2F0Y2ggKGUpIHtcbiAgICB0aHJvdyBuZXcgQ3JlZGVudGlhbHNQcm92aWRlckVycm9yKFxuICAgICAgYFRoZSBTU08gc2Vzc2lvbiBhc3NvY2lhdGVkIHdpdGggdGhpcyBwcm9maWxlIGhhcyBleHBpcmVkIG9yIGlzIG90aGVyd2lzZSBpbnZhbGlkLiBUbyByZWZyZXNoIHRoaXMgU1NPIHNlc3Npb24gYCArXG4gICAgICAgIGBydW4gYXdzIHNzbyBsb2dpbiB3aXRoIHRoZSBjb3JyZXNwb25kaW5nIHByb2ZpbGUuYCxcbiAgICAgIFNIT1VMRF9GQUlMX0NSRURFTlRJQUxfQ0hBSU5cbiAgICApO1xuICB9XG4gIGNvbnN0IHsgYWNjZXNzVG9rZW4gfSA9IHRva2VuO1xuICBjb25zdCBzc28gPSBzc29DbGllbnQgfHwgbmV3IFNTT0NsaWVudCh7IHJlZ2lvbjogc3NvUmVnaW9uIH0pO1xuICBsZXQgc3NvUmVzcDogR2V0Um9sZUNyZWRlbnRpYWxzQ29tbWFuZE91dHB1dDtcbiAgdHJ5IHtcbiAgICBzc29SZXNwID0gYXdhaXQgc3NvLnNlbmQoXG4gICAgICBuZXcgR2V0Um9sZUNyZWRlbnRpYWxzQ29tbWFuZCh7XG4gICAgICAgIGFjY291bnRJZDogc3NvQWNjb3VudElkLFxuICAgICAgICByb2xlTmFtZTogc3NvUm9sZU5hbWUsXG4gICAgICAgIGFjY2Vzc1Rva2VuLFxuICAgICAgfSlcbiAgICApO1xuICB9IGNhdGNoIChlKSB7XG4gICAgdGhyb3cgQ3JlZGVudGlhbHNQcm92aWRlckVycm9yLmZyb20oZSwgU0hPVUxEX0ZBSUxfQ1JFREVOVElBTF9DSEFJTik7XG4gIH1cbiAgY29uc3QgeyByb2xlQ3JlZGVudGlhbHM6IHsgYWNjZXNzS2V5SWQsIHNlY3JldEFjY2Vzc0tleSwgc2Vzc2lvblRva2VuLCBleHBpcmF0aW9uIH0gPSB7fSB9ID0gc3NvUmVzcDtcbiAgaWYgKCFhY2Nlc3NLZXlJZCB8fCAhc2VjcmV0QWNjZXNzS2V5IHx8ICFzZXNzaW9uVG9rZW4gfHwgIWV4cGlyYXRpb24pIHtcbiAgICB0aHJvdyBuZXcgQ3JlZGVudGlhbHNQcm92aWRlckVycm9yKFwiU1NPIHJldHVybnMgYW4gaW52YWxpZCB0ZW1wb3JhcnkgY3JlZGVudGlhbC5cIiwgU0hPVUxEX0ZBSUxfQ1JFREVOVElBTF9DSEFJTik7XG4gIH1cbiAgcmV0dXJuIHsgYWNjZXNzS2V5SWQsIHNlY3JldEFjY2Vzc0tleSwgc2Vzc2lvblRva2VuLCBleHBpcmF0aW9uOiBuZXcgRGF0ZShleHBpcmF0aW9uKSB9O1xufTtcblxuLyoqXG4gKiBAaW50ZXJuYWxcbiAqL1xuZXhwb3J0IGludGVyZmFjZSBTc29Qcm9maWxlIGV4dGVuZHMgUHJvZmlsZSB7XG4gIHNzb19zdGFydF91cmw6IHN0cmluZztcbiAgc3NvX2FjY291bnRfaWQ6IHN0cmluZztcbiAgc3NvX3JlZ2lvbjogc3RyaW5nO1xuICBzc29fcm9sZV9uYW1lOiBzdHJpbmc7XG59XG5cbi8qKlxuICogQGludGVybmFsXG4gKi9cbmV4cG9ydCBjb25zdCB2YWxpZGF0ZVNzb1Byb2ZpbGUgPSAocHJvZmlsZTogUGFydGlhbDxTc29Qcm9maWxlPik6IFNzb1Byb2ZpbGUgPT4ge1xuICBjb25zdCB7IHNzb19zdGFydF91cmwsIHNzb19hY2NvdW50X2lkLCBzc29fcmVnaW9uLCBzc29fcm9sZV9uYW1lIH0gPSBwcm9maWxlO1xuICBpZiAoIXNzb19zdGFydF91cmwgfHwgIXNzb19hY2NvdW50X2lkIHx8ICFzc29fcmVnaW9uIHx8ICFzc29fcm9sZV9uYW1lKSB7XG4gICAgdGhyb3cgbmV3IENyZWRlbnRpYWxzUHJvdmlkZXJFcnJvcihcbiAgICAgIGBQcm9maWxlIGlzIGNvbmZpZ3VyZWQgd2l0aCBpbnZhbGlkIFNTTyBjcmVkZW50aWFscy4gUmVxdWlyZWQgcGFyYW1ldGVycyBcInNzb19hY2NvdW50X2lkXCIsIFwic3NvX3JlZ2lvblwiLCBgICtcbiAgICAgICAgYFwic3NvX3JvbGVfbmFtZVwiLCBcInNzb19zdGFydF91cmxcIi4gR290ICR7T2JqZWN0LmtleXMocHJvZmlsZSkuam9pbihcbiAgICAgICAgICBcIiwgXCJcbiAgICAgICAgKX1cXG5SZWZlcmVuY2U6IGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9jbGkvbGF0ZXN0L3VzZXJndWlkZS9jbGktY29uZmlndXJlLXNzby5odG1sYCxcbiAgICAgIFNIT1VMRF9GQUlMX0NSRURFTlRJQUxfQ0hBSU5cbiAgICApO1xuICB9XG4gIHJldHVybiBwcm9maWxlIGFzIFNzb1Byb2ZpbGU7XG59O1xuXG4vKipcbiAqIEBpbnRlcm5hbFxuICovXG5leHBvcnQgY29uc3QgaXNTc29Qcm9maWxlID0gKGFyZzogUHJvZmlsZSk6IGFyZyBpcyBQYXJ0aWFsPFNzb1Byb2ZpbGU+ID0+XG4gIGFyZyAmJlxuICAodHlwZW9mIGFyZy5zc29fc3RhcnRfdXJsID09PSBcInN0cmluZ1wiIHx8XG4gICAgdHlwZW9mIGFyZy5zc29fYWNjb3VudF9pZCA9PT0gXCJzdHJpbmdcIiB8fFxuICAgIHR5cGVvZiBhcmcuc3NvX3JlZ2lvbiA9PT0gXCJzdHJpbmdcIiB8fFxuICAgIHR5cGVvZiBhcmcuc3NvX3JvbGVfbmFtZSA9PT0gXCJzdHJpbmdcIik7XG4iXX0= |
| import { SSOClient } from "@aws-sdk/client-sso"; | ||
| import { SourceProfileInit } from "@aws-sdk/credential-provider-ini"; | ||
| import { Profile } from "@aws-sdk/shared-ini-file-loader"; | ||
| import { CredentialProvider } from "@aws-sdk/types"; | ||
| import { SourceProfileInit } from "@aws-sdk/util-credentials"; | ||
| /** | ||
@@ -11,2 +12,20 @@ * The time window (15 mins) that SDK will treat the SSO token expires in before the defined expiration date in token. | ||
| export declare const EXPIRE_WINDOW_MS: number; | ||
| export interface SsoCredentialsParameters { | ||
| /** | ||
| * The URL to the AWS SSO service. | ||
| */ | ||
| ssoStartUrl: string; | ||
| /** | ||
| * The ID of the AWS account to use for temporary credentials. | ||
| */ | ||
| ssoAccountId: string; | ||
| /** | ||
| * The AWS region to use for temporary credentials. | ||
| */ | ||
| ssoRegion: string; | ||
| /** | ||
| * The name of the AWS role to assume. | ||
| */ | ||
| ssoRoleName: string; | ||
| } | ||
| export interface FromSSOInit extends SourceProfileInit { | ||
@@ -19,2 +38,19 @@ ssoClient?: SSOClient; | ||
| */ | ||
| export declare const fromSSO: (init?: FromSSOInit) => CredentialProvider; | ||
| export declare const fromSSO: (init?: FromSSOInit & Partial<SsoCredentialsParameters>) => CredentialProvider; | ||
| /** | ||
| * @internal | ||
| */ | ||
| export interface SsoProfile extends Profile { | ||
| sso_start_url: string; | ||
| sso_account_id: string; | ||
| sso_region: string; | ||
| sso_role_name: string; | ||
| } | ||
| /** | ||
| * @internal | ||
| */ | ||
| export declare const validateSsoProfile: (profile: Partial<SsoProfile>) => SsoProfile; | ||
| /** | ||
| * @internal | ||
| */ | ||
| export declare const isSsoProfile: (arg: Profile) => arg is Partial<SsoProfile>; |
| import { SSOClient } from "@aws-sdk/client-sso"; | ||
| import { SourceProfileInit } from "@aws-sdk/credential-provider-ini"; | ||
| import { Profile } from "@aws-sdk/shared-ini-file-loader"; | ||
| import { CredentialProvider } from "@aws-sdk/types"; | ||
| import { SourceProfileInit } from "@aws-sdk/util-credentials"; | ||
| /** | ||
@@ -11,2 +12,20 @@ * The time window (15 mins) that SDK will treat the SSO token expires in before the defined expiration date in token. | ||
| export declare const EXPIRE_WINDOW_MS: number; | ||
| export interface SsoCredentialsParameters { | ||
| /** | ||
| * The URL to the AWS SSO service. | ||
| */ | ||
| ssoStartUrl: string; | ||
| /** | ||
| * The ID of the AWS account to use for temporary credentials. | ||
| */ | ||
| ssoAccountId: string; | ||
| /** | ||
| * The AWS region to use for temporary credentials. | ||
| */ | ||
| ssoRegion: string; | ||
| /** | ||
| * The name of the AWS role to assume. | ||
| */ | ||
| ssoRoleName: string; | ||
| } | ||
| export interface FromSSOInit extends SourceProfileInit { | ||
@@ -19,2 +38,19 @@ ssoClient?: SSOClient; | ||
| */ | ||
| export declare const fromSSO: (init?: FromSSOInit) => CredentialProvider; | ||
| export declare const fromSSO: (init?: FromSSOInit & Partial<SsoCredentialsParameters>) => CredentialProvider; | ||
| /** | ||
| * @internal | ||
| */ | ||
| export interface SsoProfile extends Profile { | ||
| sso_start_url: string; | ||
| sso_account_id: string; | ||
| sso_region: string; | ||
| sso_role_name: string; | ||
| } | ||
| /** | ||
| * @internal | ||
| */ | ||
| export declare const validateSsoProfile: (profile: Partial<SsoProfile>) => SsoProfile; | ||
| /** | ||
| * @internal | ||
| */ | ||
| export declare const isSsoProfile: (arg: Profile) => arg is Partial<SsoProfile>; |
| { | ||
| "name": "@aws-sdk/credential-provider-sso", | ||
| "version": "3.21.0", | ||
| "version": "3.22.0", | ||
| "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", | ||
@@ -24,7 +24,7 @@ "main": "./dist/cjs/index.js", | ||
| "dependencies": { | ||
| "@aws-sdk/client-sso": "3.21.0", | ||
| "@aws-sdk/credential-provider-ini": "3.20.0", | ||
| "@aws-sdk/property-provider": "3.20.0", | ||
| "@aws-sdk/shared-ini-file-loader": "3.20.0", | ||
| "@aws-sdk/types": "3.20.0", | ||
| "@aws-sdk/client-sso": "3.22.0", | ||
| "@aws-sdk/property-provider": "3.22.0", | ||
| "@aws-sdk/shared-ini-file-loader": "3.22.0", | ||
| "@aws-sdk/types": "3.22.0", | ||
| "@aws-sdk/util-credentials": "3.22.0", | ||
| "tslib": "^2.0.0" | ||
@@ -44,4 +44,4 @@ }, | ||
| "<4.0": { | ||
| "types/*": [ | ||
| "types/ts3.4/*" | ||
| "dist/types/*": [ | ||
| "dist/types/ts3.4/*" | ||
| ] | ||
@@ -48,0 +48,0 @@ } |
@@ -9,7 +9,3 @@ # @aws-sdk/credential-provider-sso | ||
| This module provides a function, `fromSSO`, that creates | ||
| `CredentialProvider` functions that read from [AWS SDKs and Tools | ||
| shared configuration and credentials | ||
| files](https://docs.aws.amazon.com/credref/latest/refdocs/creds-config-files.html). | ||
| Profiles in the `credentials` file are given precedence over | ||
| profiles in the `config` file. This provider loads the | ||
| `CredentialProvider` functions that read from the | ||
| _resolved_ access token from local disk then requests temporary AWS | ||
@@ -19,2 +15,15 @@ credentials. For guidance on the AWS Single Sign-On service, please | ||
| You can create the `CredentialProvider` functions using the inline SSO | ||
| parameters(`ssoStartUrl`, `ssoAccountId`, `ssoRegion`, `ssoRoleName`) or load | ||
| them from [AWS SDKs and Tools shared configuration and credentials files](https://docs.aws.amazon.com/credref/latest/refdocs/creds-config-files.html). | ||
| Profiles in the `credentials` file are given precedence over | ||
| profiles in the `config` file. | ||
| This credential provider is intended for use with the AWS SDK for Node.js. | ||
| This credential provider **ONLY** supports profiles using the SSO credential. If | ||
| you have a profile that assumes a role which derived from the SSO credential, | ||
| you should use the `@aws-sdk/credential-provider-ini`, or | ||
| `@aws-sdk/credential-provider-node` package. | ||
| ## Supported configuration | ||
@@ -25,2 +34,10 @@ | ||
| - `ssoStartUrl`: The URL to the AWS SSO service. Required if any of the `sso*` | ||
| options(except for `ssoClient`) is provided. | ||
| - `ssoAccountId`: The ID of the AWS account to use for temporary credentials. | ||
| Required if any of the `sso*` options(except for `ssoClient`) is provided. | ||
| - `ssoRegion`: The AWS region to use for temporary credentials. Required if any | ||
| of the `sso*` options(except for `ssoClient`) is provided. | ||
| - `ssoRoleName`: The name of the AWS role to assume. Required if any of the | ||
| `sso*` options(except for `ssoClient`) is provided. | ||
| - `profile` - The configuration profile to use. If not specified, the provider | ||
@@ -27,0 +44,0 @@ will use the value in the `AWS_PROFILE` environment variable or `default` by |
@@ -5,6 +5,6 @@ jest.useFakeTimers("modern"); | ||
| const mockParseKnowFiles = jest.fn(); | ||
| const mockParseKnownFiles = jest.fn(); | ||
| const mockGetMasterProfileName = jest.fn(); | ||
| jest.mock("@aws-sdk/credential-provider-ini", () => ({ | ||
| parseKnownFiles: mockParseKnowFiles, | ||
| jest.mock("@aws-sdk/util-credentials", () => ({ | ||
| parseKnownFiles: mockParseKnownFiles, | ||
| getMasterProfileName: mockGetMasterProfileName, | ||
@@ -40,17 +40,16 @@ })); | ||
| describe("fromSSO", () => { | ||
| const ssoConfig = { | ||
| sso_start_url: "https:some-url/start", | ||
| sso_account_id: "1234567890", | ||
| sso_region: "us-foo-1", | ||
| sso_role_name: "some-role", | ||
| }; | ||
| describe("fromSSO()", () => { | ||
| const ssoStartUrl = "https:some-url/start"; | ||
| const ssoAccountId = "1234567890"; | ||
| const ssoRegion = "us-foo-1"; | ||
| const ssoRoleName = "some-role"; | ||
| const token = { | ||
| startUrl: ssoConfig.sso_start_url, | ||
| region: ssoConfig.sso_region, | ||
| startUrl: ssoStartUrl, | ||
| region: ssoRegion, | ||
| accessToken: "base64 encoded string", | ||
| expiresAt: toRFC3339String(now + 60 * 60 * 1000), | ||
| }; | ||
| beforeEach(() => { | ||
| mockParseKnowFiles.mockClear(); | ||
| mockParseKnownFiles.mockClear(); | ||
| mockGetMasterProfileName.mockClear(); | ||
@@ -61,57 +60,64 @@ mockReadFileSync.mockClear(); | ||
| it("should fetch credentials from resolved token file", async () => { | ||
| mockParseKnowFiles.mockReturnValue(Promise.resolve({ default: ssoConfig })); | ||
| mockGetMasterProfileName.mockReturnValue("default"); | ||
| mockReadFileSync.mockReturnValue(JSON.stringify(token)); | ||
| const { roleCredentials } = mockRoleCredentials; | ||
| expect(await fromSSO()()).toEqual({ ...roleCredentials, expiration: new Date(roleCredentials.expiration) }); | ||
| expect(mockReadFileSync.mock.calls[0][0]).toEqual( | ||
| expect.stringMatching(/fcab95d6966151d97d9ee7776a90d895b5e5fbe6.json$/) | ||
| ); | ||
| expect(mockReadFileSync.mock.calls[0][1]).toMatchObject({ encoding: "utf-8" }); | ||
| expect(mockGetRoleCredentialsCommand).toHaveBeenCalledWith({ | ||
| accountId: ssoConfig.sso_account_id, | ||
| roleName: ssoConfig.sso_role_name, | ||
| accessToken: token.accessToken, | ||
| describe("load from shared config file", () => { | ||
| const ssoConfig = { | ||
| sso_start_url: ssoStartUrl, | ||
| sso_account_id: ssoAccountId, | ||
| sso_region: ssoRegion, | ||
| sso_role_name: ssoRoleName, | ||
| }; | ||
| it("should fetch credentials from resolved token file", async () => { | ||
| mockParseKnownFiles.mockReturnValue(Promise.resolve({ default: ssoConfig })); | ||
| mockGetMasterProfileName.mockReturnValue("default"); | ||
| mockReadFileSync.mockReturnValue(JSON.stringify(token)); | ||
| const { roleCredentials } = mockRoleCredentials; | ||
| expect(await fromSSO()()).toEqual({ ...roleCredentials, expiration: new Date(roleCredentials.expiration) }); | ||
| expect(mockReadFileSync.mock.calls[0][0]).toEqual( | ||
| expect.stringMatching(/fcab95d6966151d97d9ee7776a90d895b5e5fbe6.json$/) | ||
| ); | ||
| expect(mockReadFileSync.mock.calls[0][1]).toMatchObject({ encoding: "utf-8" }); | ||
| expect(mockGetRoleCredentialsCommand).toHaveBeenCalledWith({ | ||
| accountId: ssoConfig.sso_account_id, | ||
| roleName: ssoConfig.sso_role_name, | ||
| accessToken: token.accessToken, | ||
| }); | ||
| }); | ||
| }); | ||
| it("should allow supplying custom client", async () => { | ||
| mockParseKnowFiles.mockReturnValue(Promise.resolve({ default: ssoConfig })); | ||
| mockGetMasterProfileName.mockReturnValue("default"); | ||
| mockReadFileSync.mockReturnValue(JSON.stringify(token)); | ||
| const newSSOClient = { send: jest.fn().mockReturnValue(Promise.resolve(mockRoleCredentials)) }; | ||
| //@ts-expect-error | ||
| await fromSSO({ ssoClient: newSSOClient })(); | ||
| expect(newSSOClient.send).toHaveBeenCalled(); | ||
| expect(mockSSOSend).not.toHaveBeenCalled(); | ||
| }); | ||
| it("should allow supplying custom client", async () => { | ||
| mockParseKnownFiles.mockReturnValue(Promise.resolve({ default: ssoConfig })); | ||
| mockGetMasterProfileName.mockReturnValue("default"); | ||
| mockReadFileSync.mockReturnValue(JSON.stringify(token)); | ||
| const newSSOClient = { send: jest.fn().mockReturnValue(Promise.resolve(mockRoleCredentials)) }; | ||
| //@ts-expect-error | ||
| await fromSSO({ ssoClient: newSSOClient })(); | ||
| expect(newSSOClient.send).toHaveBeenCalled(); | ||
| expect(mockSSOSend).not.toHaveBeenCalled(); | ||
| }); | ||
| it("should throw if profile doesn't exist in the config files", () => { | ||
| const profile = "exist"; | ||
| mockParseKnowFiles.mockReturnValue(Promise.resolve({ non_exist: { foo: "bar" } })); | ||
| mockGetMasterProfileName.mockReturnValue(profile); | ||
| return expect(async () => { | ||
| await fromSSO()(); | ||
| }).rejects.toMatchObject({ | ||
| message: `Profile ${profile} could not be found in shared credentials file.`, | ||
| tryNextLink: true, | ||
| it("should throw if profile doesn't exist in the config files", () => { | ||
| const profile = "exist"; | ||
| mockParseKnownFiles.mockReturnValue(Promise.resolve({ non_exist: { foo: "bar" } })); | ||
| mockGetMasterProfileName.mockReturnValue(profile); | ||
| return expect(async () => { | ||
| await fromSSO()(); | ||
| }).rejects.toMatchObject({ | ||
| name: "CredentialsProviderError", | ||
| message: expect.stringContaining("Profile exist is not configured with SSO credentials"), | ||
| tryNextLink: true, | ||
| }); | ||
| }); | ||
| }); | ||
| it("should throw if profile is not configured with SSO credential", () => { | ||
| const profile = "exist"; | ||
| mockParseKnowFiles.mockReturnValue(Promise.resolve({ [profile]: { foo: "bar" } })); | ||
| mockGetMasterProfileName.mockReturnValue(profile); | ||
| return expect(async () => { | ||
| await fromSSO()(); | ||
| }).rejects.toMatchObject({ | ||
| message: `Profile ${profile} is not configured with SSO credentials.`, | ||
| tryNextLink: true, | ||
| it("should throw if profile is not configured with SSO credential", () => { | ||
| const profile = "exist"; | ||
| mockParseKnownFiles.mockReturnValue(Promise.resolve({ [profile]: { foo: "bar" } })); | ||
| mockGetMasterProfileName.mockReturnValue(profile); | ||
| return expect(async () => { | ||
| await fromSSO()(); | ||
| }).rejects.toMatchObject({ | ||
| message: `Profile ${profile} is not configured with SSO credentials.`, | ||
| tryNextLink: true, | ||
| }); | ||
| }); | ||
| }); | ||
| for (let i = 0; i < Object.keys(ssoConfig).length; i++) { | ||
| const keyToRemove = Object.keys(ssoConfig)[i]; | ||
| it(`should throw if sso configuration is missing ${keyToRemove}`, async () => { | ||
| it.each(Object.keys(ssoConfig))("should throw if sso configuration is missing %s", async (keyToRemove) => { | ||
| expect.assertions(2); | ||
@@ -121,3 +127,3 @@ const config = { ...ssoConfig }; | ||
| delete config[keyToRemove]; | ||
| mockParseKnowFiles.mockReturnValue(Promise.resolve({ default: config })); | ||
| mockParseKnownFiles.mockReturnValue(Promise.resolve({ default: config })); | ||
| mockGetMasterProfileName.mockReturnValue("default"); | ||
@@ -127,84 +133,140 @@ try { | ||
| } catch (e) { | ||
| expect(e.message).toContain("Profile default does not have valid SSO credentials."); | ||
| expect(e.message).toContain("Profile is configured with invalid SSO credentials."); | ||
| expect(e.tryNextLink).toBeFalsy(); | ||
| } | ||
| }); | ||
| } | ||
| it("should throw if token cache file is not found", async () => { | ||
| expect.assertions(2); | ||
| mockReadFileSync.mockImplementation(() => { | ||
| throw new Error("File not found."); | ||
| it("should throw if token cache file is not found", async () => { | ||
| expect.assertions(2); | ||
| mockReadFileSync.mockImplementation(() => { | ||
| throw new Error("File not found."); | ||
| }); | ||
| mockParseKnownFiles.mockReturnValue(Promise.resolve({ default: ssoConfig })); | ||
| mockGetMasterProfileName.mockReturnValue("default"); | ||
| try { | ||
| await fromSSO()(); | ||
| } catch (e) { | ||
| expect(e.message).toContain( | ||
| "The SSO session associated with this profile has expired or is otherwise invalid." | ||
| ); | ||
| expect(e.tryNextLink).toBeFalsy(); | ||
| } | ||
| }); | ||
| mockParseKnowFiles.mockReturnValue(Promise.resolve({ default: ssoConfig })); | ||
| mockGetMasterProfileName.mockReturnValue("default"); | ||
| try { | ||
| await fromSSO()(); | ||
| } catch (e) { | ||
| expect(e.message).toContain("The SSO session associated with this profile has expired or is otherwise invalid."); | ||
| expect(e.tryNextLink).toBeFalsy(); | ||
| } | ||
| }); | ||
| it("should throw if token cache file is invalid", async () => { | ||
| expect.assertions(2); | ||
| mockReadFileSync.mockReturnValue("invalid JSON content"); | ||
| mockParseKnowFiles.mockReturnValue(Promise.resolve({ default: ssoConfig })); | ||
| mockGetMasterProfileName.mockReturnValue("default"); | ||
| try { | ||
| await fromSSO()(); | ||
| } catch (e) { | ||
| expect(e.message).toContain("The SSO session associated with this profile has expired or is otherwise invalid."); | ||
| expect(e.tryNextLink).toBeFalsy(); | ||
| } | ||
| }); | ||
| it("should throw if token cache file is invalid", async () => { | ||
| expect.assertions(2); | ||
| mockReadFileSync.mockReturnValue("invalid JSON content"); | ||
| mockParseKnownFiles.mockReturnValue(Promise.resolve({ default: ssoConfig })); | ||
| mockGetMasterProfileName.mockReturnValue("default"); | ||
| try { | ||
| await fromSSO()(); | ||
| } catch (e) { | ||
| expect(e.message).toContain( | ||
| "The SSO session associated with this profile has expired or is otherwise invalid." | ||
| ); | ||
| expect(e.tryNextLink).toBeFalsy(); | ||
| } | ||
| }); | ||
| it("should throw if token cache is expired", async () => { | ||
| expect.assertions(2); | ||
| mockReadFileSync.mockReturnValue({ ...token, expiration: toRFC3339String(now + EXPIRE_WINDOW_MS - 2) }); | ||
| mockParseKnowFiles.mockReturnValue(Promise.resolve({ default: ssoConfig })); | ||
| mockGetMasterProfileName.mockReturnValue("default"); | ||
| try { | ||
| await fromSSO()(); | ||
| } catch (e) { | ||
| expect(e.message).toContain("The SSO session associated with this profile has expired or is otherwise invalid."); | ||
| expect(e.tryNextLink).toBeFalsy(); | ||
| } | ||
| }); | ||
| it("should throw if token cache is expired", async () => { | ||
| expect.assertions(2); | ||
| mockReadFileSync.mockReturnValue({ ...token, expiration: toRFC3339String(now + EXPIRE_WINDOW_MS - 2) }); | ||
| mockParseKnownFiles.mockReturnValue(Promise.resolve({ default: ssoConfig })); | ||
| mockGetMasterProfileName.mockReturnValue("default"); | ||
| try { | ||
| await fromSSO()(); | ||
| } catch (e) { | ||
| expect(e.message).toContain( | ||
| "The SSO session associated with this profile has expired or is otherwise invalid." | ||
| ); | ||
| expect(e.tryNextLink).toBeFalsy(); | ||
| } | ||
| }); | ||
| it("should throw if SSO client throws", async () => { | ||
| expect.assertions(3); | ||
| mockParseKnowFiles.mockReturnValue(Promise.resolve({ default: ssoConfig })); | ||
| mockGetMasterProfileName.mockReturnValue("default"); | ||
| mockReadFileSync.mockReturnValue(JSON.stringify(token)); | ||
| const clientError = new Error("No account is found for the user"); | ||
| //@ts-ignore | ||
| clientError.$fault = "client"; | ||
| mockSSOSend.mockImplementation(async () => { | ||
| throw clientError; | ||
| it("should throw if SSO client throws", async () => { | ||
| expect.assertions(3); | ||
| mockParseKnownFiles.mockReturnValue(Promise.resolve({ default: ssoConfig })); | ||
| mockGetMasterProfileName.mockReturnValue("default"); | ||
| mockReadFileSync.mockReturnValue(JSON.stringify(token)); | ||
| const clientError = new Error("No account is found for the user"); | ||
| //@ts-ignore | ||
| clientError.$fault = "client"; | ||
| mockSSOSend.mockImplementation(async () => { | ||
| throw clientError; | ||
| }); | ||
| try { | ||
| await fromSSO()(); | ||
| } catch (e) { | ||
| expect(e.message).toContain(clientError.message); | ||
| expect(e.tryNextLink).toBeFalsy(); | ||
| expect(e.$fault).toBe("client"); | ||
| } | ||
| }); | ||
| try { | ||
| await fromSSO()(); | ||
| } catch (e) { | ||
| expect(e.message).toContain(clientError.message); | ||
| expect(e.tryNextLink).toBeFalsy(); | ||
| expect(e.$fault).toBe("client"); | ||
| } | ||
| it("should throw if credentials from SSO client is invalid", async () => { | ||
| expect.assertions(2); | ||
| mockReadFileSync.mockReturnValue(JSON.stringify(token)); | ||
| mockParseKnownFiles.mockReturnValue(Promise.resolve({ default: ssoConfig })); | ||
| mockGetMasterProfileName.mockReturnValue("default"); | ||
| mockSSOSend.mockResolvedValue({ | ||
| roleCredentials: { ...mockRoleCredentials.roleCredentials, accessKeyId: undefined }, | ||
| }); | ||
| try { | ||
| await fromSSO()(); | ||
| } catch (e) { | ||
| expect(e.message).toContain("SSO returns an invalid temporary credential."); | ||
| expect(e.tryNextLink).toBeFalsy(); | ||
| } finally { | ||
| mockSSOSend.mockResolvedValue(mockRoleCredentials); | ||
| } | ||
| }); | ||
| }); | ||
| it("should throw if credentials from SSO client is invalid", async () => { | ||
| expect.assertions(2); | ||
| mockReadFileSync.mockReturnValue(JSON.stringify(token)); | ||
| mockParseKnowFiles.mockReturnValue(Promise.resolve({ default: ssoConfig })); | ||
| mockGetMasterProfileName.mockReturnValue("default"); | ||
| mockSSOSend.mockResolvedValue({ | ||
| roleCredentials: { ...mockRoleCredentials.roleCredentials, accessKeyId: undefined }, | ||
| describe("load with sso parameters", () => { | ||
| it("should fetch credentials from resolved token file without reading shared config file", async () => { | ||
| mockParseKnownFiles.mockRejectedValue("Should not call parseKnownFiles()"); | ||
| mockGetMasterProfileName.mockRejectedValue("Should not call getMasterProfileName()"); | ||
| mockReadFileSync.mockReturnValue(JSON.stringify(token)); | ||
| const { roleCredentials } = mockRoleCredentials; | ||
| expect( | ||
| await fromSSO({ | ||
| ssoStartUrl, | ||
| ssoAccountId, | ||
| ssoRegion, | ||
| ssoRoleName, | ||
| })() | ||
| ).toEqual({ ...roleCredentials, expiration: new Date(roleCredentials.expiration) }); | ||
| expect(mockReadFileSync.mock.calls[0][0]).toEqual( | ||
| expect.stringMatching(/fcab95d6966151d97d9ee7776a90d895b5e5fbe6.json$/) | ||
| ); | ||
| expect(mockReadFileSync.mock.calls[0][1]).toMatchObject({ encoding: "utf-8" }); | ||
| expect(mockGetRoleCredentialsCommand).toHaveBeenCalledWith({ | ||
| accountId: ssoAccountId, | ||
| roleName: ssoRoleName, | ||
| accessToken: token.accessToken, | ||
| }); | ||
| }); | ||
| try { | ||
| await fromSSO()(); | ||
| } catch (e) { | ||
| expect(e.message).toContain("SSO returns an invalid temporary credential."); | ||
| expect(e.tryNextLink).toBeFalsy(); | ||
| } | ||
| it.each(["ssoStartUrl", "ssoAccountId", "ssoRegion", "ssoRoleName"])( | ||
| "should throw for incomplete sso parameters(missing %s)", | ||
| (undefinedKey) => { | ||
| mockParseKnownFiles.mockRejectedValue("Should not call parseKnownFiles()"); | ||
| mockGetMasterProfileName.mockRejectedValue("Should not call getMasterProfileName()"); | ||
| mockReadFileSync.mockReturnValue(JSON.stringify(token)); | ||
| return expect( | ||
| async () => | ||
| await fromSSO({ | ||
| ssoStartUrl, | ||
| ssoAccountId, | ||
| ssoRegion, | ||
| ssoRoleName, | ||
| ...{ [undefinedKey]: undefined }, | ||
| } as any)() | ||
| ).rejects.toMatchObject({ | ||
| name: "CredentialsProviderError", | ||
| message: expect.stringMatching("Incomplete configuration"), | ||
| }); | ||
| } | ||
| ); | ||
| }); | ||
| }); |
126
src/index.ts
| import { GetRoleCredentialsCommand, GetRoleCredentialsCommandOutput, SSOClient } from "@aws-sdk/client-sso"; | ||
| import { getMasterProfileName, parseKnownFiles, SourceProfileInit } from "@aws-sdk/credential-provider-ini"; | ||
| import { CredentialsProviderError } from "@aws-sdk/property-provider"; | ||
| import { getHomeDir, ParsedIniData } from "@aws-sdk/shared-ini-file-loader"; | ||
| import { getHomeDir, Profile } from "@aws-sdk/shared-ini-file-loader"; | ||
| import { CredentialProvider, Credentials } from "@aws-sdk/types"; | ||
| import { getMasterProfileName, parseKnownFiles, SourceProfileInit } from "@aws-sdk/util-credentials"; | ||
| import { createHash } from "crypto"; | ||
@@ -32,2 +32,23 @@ import { readFileSync } from "fs"; | ||
| export interface SsoCredentialsParameters { | ||
| /** | ||
| * The URL to the AWS SSO service. | ||
| */ | ||
| ssoStartUrl: string; | ||
| /** | ||
| * The ID of the AWS account to use for temporary credentials. | ||
| */ | ||
| ssoAccountId: string; | ||
| /** | ||
| * The AWS region to use for temporary credentials. | ||
| */ | ||
| ssoRegion: string; | ||
| /** | ||
| * The name of the AWS role to assume. | ||
| */ | ||
| ssoRoleName: string; | ||
| } | ||
| export interface FromSSOInit extends SourceProfileInit { | ||
@@ -42,30 +63,40 @@ ssoClient?: SSOClient; | ||
| export const fromSSO = | ||
| (init: FromSSOInit = {}): CredentialProvider => | ||
| (init: FromSSOInit & Partial<SsoCredentialsParameters> = {} as any): CredentialProvider => | ||
| async () => { | ||
| const profiles = await parseKnownFiles(init); | ||
| return resolveSSOCredentials(getMasterProfileName(init), profiles, init); | ||
| const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoClient } = init; | ||
| if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName) { | ||
| // Load the SSO config from shared AWS config file. | ||
| const profiles = await parseKnownFiles(init); | ||
| const profileName = getMasterProfileName(init); | ||
| const profile = profiles[profileName]; | ||
| if (!isSsoProfile(profile)) { | ||
| throw new CredentialsProviderError(`Profile ${profileName} is not configured with SSO credentials.`); | ||
| } | ||
| const { sso_start_url, sso_account_id, sso_region, sso_role_name } = validateSsoProfile(profile); | ||
| return resolveSSOCredentials({ | ||
| ssoStartUrl: sso_start_url, | ||
| ssoAccountId: sso_account_id, | ||
| ssoRegion: sso_region, | ||
| ssoRoleName: sso_role_name, | ||
| ssoClient: ssoClient, | ||
| }); | ||
| } else if (!ssoStartUrl || !ssoAccountId || !ssoRegion || !ssoRoleName) { | ||
| throw new CredentialsProviderError( | ||
| 'Incomplete configuration. The fromSSO() argument hash must include "ssoStartUrl",' + | ||
| ' "ssoAccountId", "ssoRegion", "ssoRoleName"' | ||
| ); | ||
| } else { | ||
| return resolveSSOCredentials({ ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoClient }); | ||
| } | ||
| }; | ||
| const resolveSSOCredentials = async ( | ||
| profileName: string, | ||
| profiles: ParsedIniData, | ||
| options: FromSSOInit | ||
| ): Promise<Credentials> => { | ||
| const profile = profiles[profileName]; | ||
| if (!profile) { | ||
| throw new CredentialsProviderError(`Profile ${profileName} could not be found in shared credentials file.`); | ||
| } | ||
| const { sso_start_url: startUrl, sso_account_id: accountId, sso_region: region, sso_role_name: roleName } = profile; | ||
| if (!startUrl && !accountId && !region && !roleName) { | ||
| throw new CredentialsProviderError(`Profile ${profileName} is not configured with SSO credentials.`); | ||
| } | ||
| if (!startUrl || !accountId || !region || !roleName) { | ||
| throw new CredentialsProviderError( | ||
| `Profile ${profileName} does not have valid SSO credentials. Required parameters "sso_account_id", "sso_region", ` + | ||
| `"sso_role_name", "sso_start_url". Reference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`, | ||
| SHOULD_FAIL_CREDENTIAL_CHAIN | ||
| ); | ||
| } | ||
| const resolveSSOCredentials = async ({ | ||
| ssoStartUrl, | ||
| ssoAccountId, | ||
| ssoRegion, | ||
| ssoRoleName, | ||
| ssoClient, | ||
| }: FromSSOInit & SsoCredentialsParameters): Promise<Credentials> => { | ||
| const hasher = createHash("sha1"); | ||
| const cacheName = hasher.update(startUrl).digest("hex"); | ||
| const cacheName = hasher.update(ssoStartUrl).digest("hex"); | ||
| const tokenFile = join(getHomeDir(), ".aws", "sso", "cache", `${cacheName}.json`); | ||
@@ -86,3 +117,3 @@ let token: SSOToken; | ||
| const { accessToken } = token; | ||
| const sso = options.ssoClient || new SSOClient({ region }); | ||
| const sso = ssoClient || new SSOClient({ region: ssoRegion }); | ||
| let ssoResp: GetRoleCredentialsCommandOutput; | ||
@@ -92,4 +123,4 @@ try { | ||
| new GetRoleCredentialsCommand({ | ||
| accountId, | ||
| roleName, | ||
| accountId: ssoAccountId, | ||
| roleName: ssoRoleName, | ||
| accessToken, | ||
@@ -107,1 +138,38 @@ }) | ||
| }; | ||
| /** | ||
| * @internal | ||
| */ | ||
| export interface SsoProfile extends Profile { | ||
| sso_start_url: string; | ||
| sso_account_id: string; | ||
| sso_region: string; | ||
| sso_role_name: string; | ||
| } | ||
| /** | ||
| * @internal | ||
| */ | ||
| export const validateSsoProfile = (profile: Partial<SsoProfile>): SsoProfile => { | ||
| const { sso_start_url, sso_account_id, sso_region, sso_role_name } = profile; | ||
| if (!sso_start_url || !sso_account_id || !sso_region || !sso_role_name) { | ||
| throw new CredentialsProviderError( | ||
| `Profile is configured with invalid SSO credentials. Required parameters "sso_account_id", "sso_region", ` + | ||
| `"sso_role_name", "sso_start_url". Got ${Object.keys(profile).join( | ||
| ", " | ||
| )}\nReference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`, | ||
| SHOULD_FAIL_CREDENTIAL_CHAIN | ||
| ); | ||
| } | ||
| return profile as SsoProfile; | ||
| }; | ||
| /** | ||
| * @internal | ||
| */ | ||
| export const isSsoProfile = (arg: Profile): arg is Partial<SsoProfile> => | ||
| arg && | ||
| (typeof arg.sso_start_url === "string" || | ||
| typeof arg.sso_account_id === "string" || | ||
| typeof arg.sso_region === "string" || | ||
| typeof arg.sso_role_name === "string"); |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by14.73%
133566
- Lines of code
- increased by51.38%
769
- Number of lines in readme file
- increased by16.83%
118
Worsened metrics
- Number of medium supply chain risk alerts
- increased byInfinity%
1
Dependency changes
+ Added@aws-sdk/abort-controller@3.22.0(transitive)
+ Added@aws-sdk/client-sso@3.22.0(transitive)
+ Added@aws-sdk/config-resolver@3.22.0(transitive)
+ Added@aws-sdk/fetch-http-handler@3.22.0(transitive)
+ Added@aws-sdk/hash-node@3.22.0(transitive)
+ Added@aws-sdk/invalid-dependency@3.22.0(transitive)
+ Added@aws-sdk/is-array-buffer@3.22.0(transitive)
+ Added@aws-sdk/middleware-content-length@3.22.0(transitive)
+ Added@aws-sdk/middleware-host-header@3.22.0(transitive)
+ Added@aws-sdk/middleware-logger@3.22.0(transitive)
+ Added@aws-sdk/middleware-retry@3.22.0(transitive)
+ Added@aws-sdk/middleware-serde@3.22.0(transitive)
+ Added@aws-sdk/middleware-stack@3.22.0(transitive)
+ Added@aws-sdk/middleware-user-agent@3.22.0(transitive)
+ Added@aws-sdk/node-config-provider@3.22.0(transitive)
+ Added@aws-sdk/node-http-handler@3.22.0(transitive)
+ Added@aws-sdk/property-provider@3.22.0(transitive)
+ Added@aws-sdk/protocol-http@3.22.0(transitive)
+ Added@aws-sdk/querystring-builder@3.22.0(transitive)
+ Added@aws-sdk/querystring-parser@3.22.0(transitive)
+ Added@aws-sdk/service-error-classification@3.22.0(transitive)
+ Added@aws-sdk/shared-ini-file-loader@3.22.0(transitive)
+ Added@aws-sdk/signature-v4@3.22.0(transitive)
+ Added@aws-sdk/smithy-client@3.22.0(transitive)
+ Added@aws-sdk/types@3.22.0(transitive)
+ Added@aws-sdk/url-parser@3.22.0(transitive)
+ Added@aws-sdk/util-base64-browser@3.22.0(transitive)
+ Added@aws-sdk/util-base64-node@3.22.0(transitive)
+ Added@aws-sdk/util-body-length-browser@3.22.0(transitive)
+ Added@aws-sdk/util-body-length-node@3.22.0(transitive)
+ Added@aws-sdk/util-buffer-from@3.22.0(transitive)
+ Added@aws-sdk/util-credentials@3.22.0(transitive)
+ Added@aws-sdk/util-hex-encoding@3.22.0(transitive)
+ Added@aws-sdk/util-uri-escape@3.22.0(transitive)
+ Added@aws-sdk/util-user-agent-browser@3.22.0(transitive)
+ Added@aws-sdk/util-user-agent-node@3.22.0(transitive)
+ Added@aws-sdk/util-utf8-browser@3.22.0(transitive)
+ Added@aws-sdk/util-utf8-node@3.22.0(transitive)
- Removed@aws-sdk/abort-controller@3.20.0(transitive)
- Removed@aws-sdk/client-sso@3.21.0(transitive)
- Removed@aws-sdk/config-resolver@3.20.0(transitive)
- Removed@aws-sdk/credential-provider-env@3.20.0(transitive)
- Removed@aws-sdk/credential-provider-imds@3.20.0(transitive)
- Removed@aws-sdk/credential-provider-ini@3.20.0(transitive)
- Removed@aws-sdk/credential-provider-web-identity@3.20.0(transitive)
- Removed@aws-sdk/fetch-http-handler@3.20.0(transitive)
- Removed@aws-sdk/hash-node@3.20.0(transitive)
- Removed@aws-sdk/invalid-dependency@3.20.0(transitive)
- Removed@aws-sdk/is-array-buffer@3.20.0(transitive)
- Removed@aws-sdk/middleware-content-length@3.20.0(transitive)
- Removed@aws-sdk/middleware-host-header@3.20.0(transitive)
- Removed@aws-sdk/middleware-logger@3.20.0(transitive)
- Removed@aws-sdk/middleware-retry@3.20.0(transitive)
- Removed@aws-sdk/middleware-serde@3.20.0(transitive)
- Removed@aws-sdk/middleware-stack@3.20.0(transitive)
- Removed@aws-sdk/middleware-user-agent@3.20.0(transitive)
- Removed@aws-sdk/node-config-provider@3.20.0(transitive)
- Removed@aws-sdk/node-http-handler@3.21.0(transitive)
- Removed@aws-sdk/property-provider@3.20.0(transitive)
- Removed@aws-sdk/protocol-http@3.20.0(transitive)
- Removed@aws-sdk/querystring-builder@3.20.0(transitive)
- Removed@aws-sdk/querystring-parser@3.20.0(transitive)
- Removed@aws-sdk/service-error-classification@3.20.0(transitive)
- Removed@aws-sdk/shared-ini-file-loader@3.20.0(transitive)
- Removed@aws-sdk/signature-v4@3.20.0(transitive)
- Removed@aws-sdk/smithy-client@3.20.0(transitive)
- Removed@aws-sdk/types@3.20.0(transitive)
- Removed@aws-sdk/url-parser@3.20.0(transitive)
- Removed@aws-sdk/util-base64-browser@3.20.0(transitive)
- Removed@aws-sdk/util-base64-node@3.20.0(transitive)
- Removed@aws-sdk/util-body-length-browser@3.20.0(transitive)
- Removed@aws-sdk/util-body-length-node@3.20.0(transitive)
- Removed@aws-sdk/util-buffer-from@3.20.0(transitive)
- Removed@aws-sdk/util-hex-encoding@3.20.0(transitive)
- Removed@aws-sdk/util-uri-escape@3.20.0(transitive)
- Removed@aws-sdk/util-user-agent-browser@3.20.0(transitive)
- Removed@aws-sdk/util-user-agent-node@3.20.0(transitive)
- Removed@aws-sdk/util-utf8-browser@3.20.0(transitive)
- Removed@aws-sdk/util-utf8-node@3.20.0(transitive)
Updated@aws-sdk/client-sso@3.22.0
Updated@aws-sdk/types@3.22.0