@aws-sdk/credential-provider-sso
Advanced tools
Comparing version 3.583.0 to 3.587.0
@@ -67,3 +67,4 @@ "use strict"; | ||
clientConfig, | ||
profile | ||
profile, | ||
logger | ||
}) => { | ||
@@ -80,3 +81,6 @@ let token; | ||
} catch (e) { | ||
throw new import_property_provider.CredentialsProviderError(e.message, SHOULD_FAIL_CREDENTIAL_CHAIN); | ||
throw new import_property_provider.CredentialsProviderError(e.message, { | ||
tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, | ||
logger | ||
}); | ||
} | ||
@@ -87,13 +91,13 @@ } else { | ||
} catch (e) { | ||
throw new import_property_provider.CredentialsProviderError( | ||
`The SSO session associated with this profile is invalid. ${refreshMessage}`, | ||
SHOULD_FAIL_CREDENTIAL_CHAIN | ||
); | ||
throw new import_property_provider.CredentialsProviderError(`The SSO session associated with this profile is invalid. ${refreshMessage}`, { | ||
tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, | ||
logger | ||
}); | ||
} | ||
} | ||
if (new Date(token.expiresAt).getTime() - Date.now() <= 0) { | ||
throw new import_property_provider.CredentialsProviderError( | ||
`The SSO session associated with this profile has expired. ${refreshMessage}`, | ||
SHOULD_FAIL_CREDENTIAL_CHAIN | ||
); | ||
throw new import_property_provider.CredentialsProviderError(`The SSO session associated with this profile has expired. ${refreshMessage}`, { | ||
tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, | ||
logger | ||
}); | ||
} | ||
@@ -117,7 +121,13 @@ const { accessToken } = token; | ||
} catch (e) { | ||
throw import_property_provider.CredentialsProviderError.from(e, SHOULD_FAIL_CREDENTIAL_CHAIN); | ||
throw new import_property_provider.CredentialsProviderError(e, { | ||
tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, | ||
logger | ||
}); | ||
} | ||
const { roleCredentials: { accessKeyId, secretAccessKey, sessionToken, expiration, credentialScope } = {} } = ssoResp; | ||
if (!accessKeyId || !secretAccessKey || !sessionToken || !expiration) { | ||
throw new import_property_provider.CredentialsProviderError("SSO returns an invalid temporary credential.", SHOULD_FAIL_CREDENTIAL_CHAIN); | ||
throw new import_property_provider.CredentialsProviderError("SSO returns an invalid temporary credential.", { | ||
tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, | ||
logger | ||
}); | ||
} | ||
@@ -129,3 +139,3 @@ return { accessKeyId, secretAccessKey, sessionToken, expiration: new Date(expiration), credentialScope }; | ||
var validateSsoProfile = /* @__PURE__ */ __name((profile) => { | ||
var validateSsoProfile = /* @__PURE__ */ __name((profile, logger) => { | ||
const { sso_start_url, sso_account_id, sso_region, sso_role_name } = profile; | ||
@@ -138,3 +148,3 @@ if (!sso_start_url || !sso_account_id || !sso_region || !sso_role_name) { | ||
Reference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`, | ||
false | ||
{ tryNextLink: false, logger } | ||
); | ||
@@ -148,3 +158,3 @@ } | ||
var _a; | ||
(_a = init.logger) == null ? void 0 : _a.debug("@aws-sdk/credential-provider-sso", "fromSSO"); | ||
(_a = init.logger) == null ? void 0 : _a.debug("@aws-sdk/credential-provider-sso - fromSSO"); | ||
const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoSession } = init; | ||
@@ -157,6 +167,8 @@ const { ssoClient } = init; | ||
if (!profile) { | ||
throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} was not found.`); | ||
throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} was not found.`, { logger: init.logger }); | ||
} | ||
if (!isSsoProfile(profile)) { | ||
throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} is not configured with SSO credentials.`); | ||
throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} is not configured with SSO credentials.`, { | ||
logger: init.logger | ||
}); | ||
} | ||
@@ -168,6 +180,12 @@ if (profile == null ? void 0 : profile.sso_session) { | ||
if (ssoRegion && ssoRegion !== session.sso_region) { | ||
throw new import_property_provider.CredentialsProviderError(`Conflicting SSO region` + conflictMsg, false); | ||
throw new import_property_provider.CredentialsProviderError(`Conflicting SSO region` + conflictMsg, { | ||
tryNextLink: false, | ||
logger: init.logger | ||
}); | ||
} | ||
if (ssoStartUrl && ssoStartUrl !== session.sso_start_url) { | ||
throw new import_property_provider.CredentialsProviderError(`Conflicting SSO start_url` + conflictMsg, false); | ||
throw new import_property_provider.CredentialsProviderError(`Conflicting SSO start_url` + conflictMsg, { | ||
tryNextLink: false, | ||
logger: init.logger | ||
}); | ||
} | ||
@@ -177,3 +195,6 @@ profile.sso_region = session.sso_region; | ||
} | ||
const { sso_start_url, sso_account_id, sso_region, sso_role_name, sso_session } = validateSsoProfile(profile); | ||
const { sso_start_url, sso_account_id, sso_region, sso_role_name, sso_session } = validateSsoProfile( | ||
profile, | ||
init.logger | ||
); | ||
return resolveSSOCredentials({ | ||
@@ -191,3 +212,4 @@ ssoStartUrl: sso_start_url, | ||
throw new import_property_provider.CredentialsProviderError( | ||
'Incomplete configuration. The fromSSO() argument hash must include "ssoStartUrl", "ssoAccountId", "ssoRegion", "ssoRoleName"' | ||
'Incomplete configuration. The fromSSO() argument hash must include "ssoStartUrl", "ssoAccountId", "ssoRegion", "ssoRoleName"', | ||
{ tryNextLink: false, logger: init.logger } | ||
); | ||
@@ -194,0 +216,0 @@ } else { |
@@ -7,3 +7,3 @@ import { CredentialsProviderError } from "@smithy/property-provider"; | ||
export const fromSSO = (init = {}) => async () => { | ||
init.logger?.debug("@aws-sdk/credential-provider-sso", "fromSSO"); | ||
init.logger?.debug("@aws-sdk/credential-provider-sso - fromSSO"); | ||
const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoSession } = init; | ||
@@ -16,6 +16,8 @@ const { ssoClient } = init; | ||
if (!profile) { | ||
throw new CredentialsProviderError(`Profile ${profileName} was not found.`); | ||
throw new CredentialsProviderError(`Profile ${profileName} was not found.`, { logger: init.logger }); | ||
} | ||
if (!isSsoProfile(profile)) { | ||
throw new CredentialsProviderError(`Profile ${profileName} is not configured with SSO credentials.`); | ||
throw new CredentialsProviderError(`Profile ${profileName} is not configured with SSO credentials.`, { | ||
logger: init.logger, | ||
}); | ||
} | ||
@@ -27,6 +29,12 @@ if (profile?.sso_session) { | ||
if (ssoRegion && ssoRegion !== session.sso_region) { | ||
throw new CredentialsProviderError(`Conflicting SSO region` + conflictMsg, false); | ||
throw new CredentialsProviderError(`Conflicting SSO region` + conflictMsg, { | ||
tryNextLink: false, | ||
logger: init.logger, | ||
}); | ||
} | ||
if (ssoStartUrl && ssoStartUrl !== session.sso_start_url) { | ||
throw new CredentialsProviderError(`Conflicting SSO start_url` + conflictMsg, false); | ||
throw new CredentialsProviderError(`Conflicting SSO start_url` + conflictMsg, { | ||
tryNextLink: false, | ||
logger: init.logger, | ||
}); | ||
} | ||
@@ -36,3 +44,3 @@ profile.sso_region = session.sso_region; | ||
} | ||
const { sso_start_url, sso_account_id, sso_region, sso_role_name, sso_session } = validateSsoProfile(profile); | ||
const { sso_start_url, sso_account_id, sso_region, sso_role_name, sso_session } = validateSsoProfile(profile, init.logger); | ||
return resolveSSOCredentials({ | ||
@@ -51,3 +59,3 @@ ssoStartUrl: sso_start_url, | ||
throw new CredentialsProviderError("Incomplete configuration. The fromSSO() argument hash must include " + | ||
'"ssoStartUrl", "ssoAccountId", "ssoRegion", "ssoRoleName"'); | ||
'"ssoStartUrl", "ssoAccountId", "ssoRegion", "ssoRoleName"', { tryNextLink: false, logger: init.logger }); | ||
} | ||
@@ -54,0 +62,0 @@ else { |
@@ -5,3 +5,3 @@ import { fromSso as getSsoTokenProvider } from "@aws-sdk/token-providers"; | ||
const SHOULD_FAIL_CREDENTIAL_CHAIN = false; | ||
export const resolveSSOCredentials = async ({ ssoStartUrl, ssoSession, ssoAccountId, ssoRegion, ssoRoleName, ssoClient, clientConfig, profile, }) => { | ||
export const resolveSSOCredentials = async ({ ssoStartUrl, ssoSession, ssoAccountId, ssoRegion, ssoRoleName, ssoClient, clientConfig, profile, logger, }) => { | ||
let token; | ||
@@ -18,3 +18,6 @@ const refreshMessage = `To refresh this SSO session run aws sso login with the corresponding profile.`; | ||
catch (e) { | ||
throw new CredentialsProviderError(e.message, SHOULD_FAIL_CREDENTIAL_CHAIN); | ||
throw new CredentialsProviderError(e.message, { | ||
tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, | ||
logger, | ||
}); | ||
} | ||
@@ -27,7 +30,13 @@ } | ||
catch (e) { | ||
throw new CredentialsProviderError(`The SSO session associated with this profile is invalid. ${refreshMessage}`, SHOULD_FAIL_CREDENTIAL_CHAIN); | ||
throw new CredentialsProviderError(`The SSO session associated with this profile is invalid. ${refreshMessage}`, { | ||
tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, | ||
logger, | ||
}); | ||
} | ||
} | ||
if (new Date(token.expiresAt).getTime() - Date.now() <= 0) { | ||
throw new CredentialsProviderError(`The SSO session associated with this profile has expired. ${refreshMessage}`, SHOULD_FAIL_CREDENTIAL_CHAIN); | ||
throw new CredentialsProviderError(`The SSO session associated with this profile has expired. ${refreshMessage}`, { | ||
tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, | ||
logger, | ||
}); | ||
} | ||
@@ -49,9 +58,15 @@ const { accessToken } = token; | ||
catch (e) { | ||
throw CredentialsProviderError.from(e, SHOULD_FAIL_CREDENTIAL_CHAIN); | ||
throw new CredentialsProviderError(e, { | ||
tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, | ||
logger, | ||
}); | ||
} | ||
const { roleCredentials: { accessKeyId, secretAccessKey, sessionToken, expiration, credentialScope } = {} } = ssoResp; | ||
if (!accessKeyId || !secretAccessKey || !sessionToken || !expiration) { | ||
throw new CredentialsProviderError("SSO returns an invalid temporary credential.", SHOULD_FAIL_CREDENTIAL_CHAIN); | ||
throw new CredentialsProviderError("SSO returns an invalid temporary credential.", { | ||
tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, | ||
logger, | ||
}); | ||
} | ||
return { accessKeyId, secretAccessKey, sessionToken, expiration: new Date(expiration), credentialScope }; | ||
}; |
import { CredentialsProviderError } from "@smithy/property-provider"; | ||
export const validateSsoProfile = (profile) => { | ||
export const validateSsoProfile = (profile, logger) => { | ||
const { sso_start_url, sso_account_id, sso_region, sso_role_name } = profile; | ||
if (!sso_start_url || !sso_account_id || !sso_region || !sso_role_name) { | ||
throw new CredentialsProviderError(`Profile is configured with invalid SSO credentials. Required parameters "sso_account_id", ` + | ||
`"sso_region", "sso_role_name", "sso_start_url". Got ${Object.keys(profile).join(", ")}\nReference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`, false); | ||
`"sso_region", "sso_role_name", "sso_start_url". Got ${Object.keys(profile).join(", ")}\nReference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`, { tryNextLink: false, logger }); | ||
} | ||
return profile; | ||
}; |
@@ -6,2 +6,2 @@ import { AwsCredentialIdentity } from "@smithy/types"; | ||
*/ | ||
export declare const resolveSSOCredentials: ({ ssoStartUrl, ssoSession, ssoAccountId, ssoRegion, ssoRoleName, ssoClient, clientConfig, profile, }: FromSSOInit & SsoCredentialsParameters) => Promise<AwsCredentialIdentity>; | ||
export declare const resolveSSOCredentials: ({ ssoStartUrl, ssoSession, ssoAccountId, ssoRegion, ssoRoleName, ssoClient, clientConfig, profile, logger, }: FromSSOInit & SsoCredentialsParameters) => Promise<AwsCredentialIdentity>; |
@@ -12,2 +12,3 @@ import { AwsCredentialIdentity } from "@smithy/types"; | ||
profile, | ||
logger, | ||
}: FromSSOInit & SsoCredentialsParameters) => Promise<AwsCredentialIdentity>; |
@@ -0,4 +1,6 @@ | ||
import { Logger } from "@smithy/types"; | ||
import { SsoProfile } from "./types"; | ||
export declare const validateSsoProfile: ( | ||
profile: Partial<SsoProfile> | ||
profile: Partial<SsoProfile>, | ||
logger?: Logger | ||
) => SsoProfile; |
@@ -0,1 +1,2 @@ | ||
import { Logger } from "@smithy/types"; | ||
import { SsoProfile } from "./types"; | ||
@@ -5,2 +6,2 @@ /** | ||
*/ | ||
export declare const validateSsoProfile: (profile: Partial<SsoProfile>) => SsoProfile; | ||
export declare const validateSsoProfile: (profile: Partial<SsoProfile>, logger?: Logger) => SsoProfile; |
{ | ||
"name": "@aws-sdk/credential-provider-sso", | ||
"version": "3.583.0", | ||
"version": "3.587.0", | ||
"description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", | ||
@@ -27,7 +27,7 @@ "main": "./dist-cjs/index.js", | ||
"dependencies": { | ||
"@aws-sdk/client-sso": "3.583.0", | ||
"@aws-sdk/token-providers": "3.577.0", | ||
"@aws-sdk/client-sso": "3.587.0", | ||
"@aws-sdk/token-providers": "3.587.0", | ||
"@aws-sdk/types": "3.577.0", | ||
"@smithy/property-provider": "^3.0.0", | ||
"@smithy/shared-ini-file-loader": "^3.0.0", | ||
"@smithy/property-provider": "^3.1.0", | ||
"@smithy/shared-ini-file-loader": "^3.1.0", | ||
"@smithy/types": "^3.0.0", | ||
@@ -34,0 +34,0 @@ "tslib": "^2.6.2" |
35317
566
+ Added@aws-sdk/client-sso@3.587.0(transitive)
+ Added@aws-sdk/core@3.587.0(transitive)
+ Added@aws-sdk/middleware-user-agent@3.587.0(transitive)
+ Added@aws-sdk/region-config-resolver@3.587.0(transitive)
+ Added@aws-sdk/token-providers@3.587.0(transitive)
+ Added@aws-sdk/util-endpoints@3.587.0(transitive)
+ Added@aws-sdk/util-user-agent-node@3.587.0(transitive)
- Removed@aws-sdk/client-sso@3.583.0(transitive)
- Removed@aws-sdk/core@3.582.0(transitive)
- Removed@aws-sdk/middleware-user-agent@3.583.0(transitive)
- Removed@aws-sdk/region-config-resolver@3.577.0(transitive)
- Removed@aws-sdk/token-providers@3.577.0(transitive)
- Removed@aws-sdk/util-endpoints@3.583.0(transitive)
- Removed@aws-sdk/util-user-agent-node@3.577.0(transitive)
Updated@aws-sdk/client-sso@3.587.0