Socket
Socket
Sign inDemoInstall

@aws-sdk/credential-provider-sso

Package Overview
Dependencies
137
Maintainers
5
Versions
282
Alerts
File Explorer

Advanced tools

npm Scripts
License

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 3.583.0 to 3.587.0

64

dist-cjs/index.js

@@ -67,3 +67,4 @@ "use strict";

clientConfig,
profile
profile,
logger
}) => {

@@ -80,3 +81,6 @@ let token;

} catch (e) {
throw new import_property_provider.CredentialsProviderError(e.message, SHOULD_FAIL_CREDENTIAL_CHAIN);
throw new import_property_provider.CredentialsProviderError(e.message, {
tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,
logger
});
}

@@ -87,13 +91,13 @@ } else {

} catch (e) {
throw new import_property_provider.CredentialsProviderError(
`The SSO session associated with this profile is invalid. ${refreshMessage}`,
SHOULD_FAIL_CREDENTIAL_CHAIN
);
throw new import_property_provider.CredentialsProviderError(`The SSO session associated with this profile is invalid. ${refreshMessage}`, {
tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,
logger
});
}
}
if (new Date(token.expiresAt).getTime() - Date.now() <= 0) {
throw new import_property_provider.CredentialsProviderError(
`The SSO session associated with this profile has expired. ${refreshMessage}`,
SHOULD_FAIL_CREDENTIAL_CHAIN
);
throw new import_property_provider.CredentialsProviderError(`The SSO session associated with this profile has expired. ${refreshMessage}`, {
tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,
logger
});
}

@@ -117,7 +121,13 @@ const { accessToken } = token;

} catch (e) {
throw import_property_provider.CredentialsProviderError.from(e, SHOULD_FAIL_CREDENTIAL_CHAIN);
throw new import_property_provider.CredentialsProviderError(e, {
tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,
logger
});
}
const { roleCredentials: { accessKeyId, secretAccessKey, sessionToken, expiration, credentialScope } = {} } = ssoResp;
if (!accessKeyId || !secretAccessKey || !sessionToken || !expiration) {
throw new import_property_provider.CredentialsProviderError("SSO returns an invalid temporary credential.", SHOULD_FAIL_CREDENTIAL_CHAIN);
throw new import_property_provider.CredentialsProviderError("SSO returns an invalid temporary credential.", {
tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,
logger
});
}

@@ -129,3 +139,3 @@ return { accessKeyId, secretAccessKey, sessionToken, expiration: new Date(expiration), credentialScope };

var validateSsoProfile = /* @__PURE__ */ __name((profile) => {
var validateSsoProfile = /* @__PURE__ */ __name((profile, logger) => {
const { sso_start_url, sso_account_id, sso_region, sso_role_name } = profile;

@@ -138,3 +148,3 @@ if (!sso_start_url || !sso_account_id || !sso_region || !sso_role_name) {

Reference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`,
false
{ tryNextLink: false, logger }
);

@@ -148,3 +158,3 @@ }

var _a;
(_a = init.logger) == null ? void 0 : _a.debug("@aws-sdk/credential-provider-sso", "fromSSO");
(_a = init.logger) == null ? void 0 : _a.debug("@aws-sdk/credential-provider-sso - fromSSO");
const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoSession } = init;

@@ -157,6 +167,8 @@ const { ssoClient } = init;

if (!profile) {
throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} was not found.`);
throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} was not found.`, { logger: init.logger });
}
if (!isSsoProfile(profile)) {
throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} is not configured with SSO credentials.`);
throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} is not configured with SSO credentials.`, {
logger: init.logger
});
}

@@ -168,6 +180,12 @@ if (profile == null ? void 0 : profile.sso_session) {

if (ssoRegion && ssoRegion !== session.sso_region) {
throw new import_property_provider.CredentialsProviderError(`Conflicting SSO region` + conflictMsg, false);
throw new import_property_provider.CredentialsProviderError(`Conflicting SSO region` + conflictMsg, {
tryNextLink: false,
logger: init.logger
});
}
if (ssoStartUrl && ssoStartUrl !== session.sso_start_url) {
throw new import_property_provider.CredentialsProviderError(`Conflicting SSO start_url` + conflictMsg, false);
throw new import_property_provider.CredentialsProviderError(`Conflicting SSO start_url` + conflictMsg, {
tryNextLink: false,
logger: init.logger
});
}

@@ -177,3 +195,6 @@ profile.sso_region = session.sso_region;

}
const { sso_start_url, sso_account_id, sso_region, sso_role_name, sso_session } = validateSsoProfile(profile);
const { sso_start_url, sso_account_id, sso_region, sso_role_name, sso_session } = validateSsoProfile(
profile,
init.logger
);
return resolveSSOCredentials({

@@ -191,3 +212,4 @@ ssoStartUrl: sso_start_url,

throw new import_property_provider.CredentialsProviderError(
'Incomplete configuration. The fromSSO() argument hash must include "ssoStartUrl", "ssoAccountId", "ssoRegion", "ssoRoleName"'
'Incomplete configuration. The fromSSO() argument hash must include "ssoStartUrl", "ssoAccountId", "ssoRegion", "ssoRoleName"',
{ tryNextLink: false, logger: init.logger }
);

@@ -194,0 +216,0 @@ } else {

22

dist-es/fromSSO.js

@@ -7,3 +7,3 @@ import { CredentialsProviderError } from "@smithy/property-provider";

export const fromSSO = (init = {}) => async () => {
init.logger?.debug("@aws-sdk/credential-provider-sso", "fromSSO");
init.logger?.debug("@aws-sdk/credential-provider-sso - fromSSO");
const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoSession } = init;

@@ -16,6 +16,8 @@ const { ssoClient } = init;

if (!profile) {
throw new CredentialsProviderError(`Profile ${profileName} was not found.`);
throw new CredentialsProviderError(`Profile ${profileName} was not found.`, { logger: init.logger });
}
if (!isSsoProfile(profile)) {
throw new CredentialsProviderError(`Profile ${profileName} is not configured with SSO credentials.`);
throw new CredentialsProviderError(`Profile ${profileName} is not configured with SSO credentials.`, {
logger: init.logger,
});
}

@@ -27,6 +29,12 @@ if (profile?.sso_session) {

if (ssoRegion && ssoRegion !== session.sso_region) {
throw new CredentialsProviderError(`Conflicting SSO region` + conflictMsg, false);
throw new CredentialsProviderError(`Conflicting SSO region` + conflictMsg, {
tryNextLink: false,
logger: init.logger,
});
}
if (ssoStartUrl && ssoStartUrl !== session.sso_start_url) {
throw new CredentialsProviderError(`Conflicting SSO start_url` + conflictMsg, false);
throw new CredentialsProviderError(`Conflicting SSO start_url` + conflictMsg, {
tryNextLink: false,
logger: init.logger,
});
}

@@ -36,3 +44,3 @@ profile.sso_region = session.sso_region;

}
const { sso_start_url, sso_account_id, sso_region, sso_role_name, sso_session } = validateSsoProfile(profile);
const { sso_start_url, sso_account_id, sso_region, sso_role_name, sso_session } = validateSsoProfile(profile, init.logger);
return resolveSSOCredentials({

@@ -51,3 +59,3 @@ ssoStartUrl: sso_start_url,

throw new CredentialsProviderError("Incomplete configuration. The fromSSO() argument hash must include " +
'"ssoStartUrl", "ssoAccountId", "ssoRegion", "ssoRoleName"');
'"ssoStartUrl", "ssoAccountId", "ssoRegion", "ssoRoleName"', { tryNextLink: false, logger: init.logger });
}

@@ -54,0 +62,0 @@ else {

27

dist-es/resolveSSOCredentials.js

@@ -5,3 +5,3 @@ import { fromSso as getSsoTokenProvider } from "@aws-sdk/token-providers";

const SHOULD_FAIL_CREDENTIAL_CHAIN = false;
export const resolveSSOCredentials = async ({ ssoStartUrl, ssoSession, ssoAccountId, ssoRegion, ssoRoleName, ssoClient, clientConfig, profile, }) => {
export const resolveSSOCredentials = async ({ ssoStartUrl, ssoSession, ssoAccountId, ssoRegion, ssoRoleName, ssoClient, clientConfig, profile, logger, }) => {
let token;

@@ -18,3 +18,6 @@ const refreshMessage = `To refresh this SSO session run aws sso login with the corresponding profile.`;

catch (e) {
throw new CredentialsProviderError(e.message, SHOULD_FAIL_CREDENTIAL_CHAIN);
throw new CredentialsProviderError(e.message, {
tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,
logger,
});
}

@@ -27,7 +30,13 @@ }

catch (e) {
throw new CredentialsProviderError(`The SSO session associated with this profile is invalid. ${refreshMessage}`, SHOULD_FAIL_CREDENTIAL_CHAIN);
throw new CredentialsProviderError(`The SSO session associated with this profile is invalid. ${refreshMessage}`, {
tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,
logger,
});
}
}
if (new Date(token.expiresAt).getTime() - Date.now() <= 0) {
throw new CredentialsProviderError(`The SSO session associated with this profile has expired. ${refreshMessage}`, SHOULD_FAIL_CREDENTIAL_CHAIN);
throw new CredentialsProviderError(`The SSO session associated with this profile has expired. ${refreshMessage}`, {
tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,
logger,
});
}

@@ -49,9 +58,15 @@ const { accessToken } = token;

catch (e) {
throw CredentialsProviderError.from(e, SHOULD_FAIL_CREDENTIAL_CHAIN);
throw new CredentialsProviderError(e, {
tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,
logger,
});
}
const { roleCredentials: { accessKeyId, secretAccessKey, sessionToken, expiration, credentialScope } = {} } = ssoResp;
if (!accessKeyId || !secretAccessKey || !sessionToken || !expiration) {
throw new CredentialsProviderError("SSO returns an invalid temporary credential.", SHOULD_FAIL_CREDENTIAL_CHAIN);
throw new CredentialsProviderError("SSO returns an invalid temporary credential.", {
tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,
logger,
});
}
return { accessKeyId, secretAccessKey, sessionToken, expiration: new Date(expiration), credentialScope };
};

4

dist-es/validateSsoProfile.js
import { CredentialsProviderError } from "@smithy/property-provider";
export const validateSsoProfile = (profile) => {
export const validateSsoProfile = (profile, logger) => {
const { sso_start_url, sso_account_id, sso_region, sso_role_name } = profile;
if (!sso_start_url || !sso_account_id || !sso_region || !sso_role_name) {
throw new CredentialsProviderError(`Profile is configured with invalid SSO credentials. Required parameters "sso_account_id", ` +
`"sso_region", "sso_role_name", "sso_start_url". Got ${Object.keys(profile).join(", ")}\nReference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`, false);
`"sso_region", "sso_role_name", "sso_start_url". Got ${Object.keys(profile).join(", ")}\nReference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`, { tryNextLink: false, logger });
}
return profile;
};

2

dist-types/resolveSSOCredentials.d.ts

@@ -6,2 +6,2 @@ import { AwsCredentialIdentity } from "@smithy/types";

*/
export declare const resolveSSOCredentials: ({ ssoStartUrl, ssoSession, ssoAccountId, ssoRegion, ssoRoleName, ssoClient, clientConfig, profile, }: FromSSOInit & SsoCredentialsParameters) => Promise<AwsCredentialIdentity>;
export declare const resolveSSOCredentials: ({ ssoStartUrl, ssoSession, ssoAccountId, ssoRegion, ssoRoleName, ssoClient, clientConfig, profile, logger, }: FromSSOInit & SsoCredentialsParameters) => Promise<AwsCredentialIdentity>;

1

dist-types/ts3.4/resolveSSOCredentials.d.ts

@@ -12,2 +12,3 @@ import { AwsCredentialIdentity } from "@smithy/types";

profile,
logger,
}: FromSSOInit & SsoCredentialsParameters) => Promise<AwsCredentialIdentity>;

4

dist-types/ts3.4/validateSsoProfile.d.ts

@@ -0,4 +1,6 @@

import { Logger } from "@smithy/types";
import { SsoProfile } from "./types";
export declare const validateSsoProfile: (
profile: Partial<SsoProfile>
profile: Partial<SsoProfile>,
logger?: Logger
) => SsoProfile;

3

dist-types/validateSsoProfile.d.ts

@@ -0,1 +1,2 @@

import { Logger } from "@smithy/types";
import { SsoProfile } from "./types";

@@ -5,2 +6,2 @@ /**

*/
export declare const validateSsoProfile: (profile: Partial<SsoProfile>) => SsoProfile;
export declare const validateSsoProfile: (profile: Partial<SsoProfile>, logger?: Logger) => SsoProfile;

10

package.json
{
"name": "@aws-sdk/credential-provider-sso",
"version": "3.583.0",
"version": "3.587.0",
"description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials",

@@ -27,7 +27,7 @@ "main": "./dist-cjs/index.js",

"dependencies": {
"@aws-sdk/client-sso": "3.583.0",
"@aws-sdk/token-providers": "3.577.0",
"@aws-sdk/client-sso": "3.587.0",
"@aws-sdk/token-providers": "3.587.0",
"@aws-sdk/types": "3.577.0",
"@smithy/property-provider": "^3.0.0",
"@smithy/shared-ini-file-loader": "^3.0.0",
"@smithy/property-provider": "^3.1.0",
"@smithy/shared-ini-file-loader": "^3.1.0",
"@smithy/types": "^3.0.0",

@@ -34,0 +34,0 @@ "tslib": "^2.6.2"

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

About

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc