@aws-sdk/credential-provider-web-identity - npm Package Compare versions

		@@ -6,2 +6,13 @@ # Change Log

		# [3.11.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.10.0...v3.11.0) (2021-04-01)


		### Features

		* credential-provider-web-identity: support web federated identity ([#2203](https://github.com/aws/aws-sdk-js-v3/issues/2203)) ([ff87e22](https://github.com/aws/aws-sdk-js-v3/commit/ff87e2297ac8748b0f2c26cdacfc5d19233889db))





		# [3.10.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.9.0...v3.10.0) (2021-03-26)
		@@ -8,0 +19,0 @@

dist/cjs/fromTokenFile.js

		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.fromTokenFile = void 0;
		const property_provider_1 = require("@aws-sdk/property-provider");
		const fs_1 = require("fs");
		const fromWebToken_1 = require("./fromWebToken");
		const ENV_TOKEN_FILE = "AWS_WEB_IDENTITY_TOKEN_FILE";
		@@ -12,16 +12,12 @@ const ENV_ROLE_ARN = "AWS_ROLE_ARN";
		*/
		const fromTokenFile = (init) => async () => {
		var _a;
		const { webIdentityTokenFile, roleArn, roleSessionName, roleAssumerWithWebIdentity } = init;
		if (!roleAssumerWithWebIdentity) {
		throw new property_provider_1.ProviderError(`Role Arn '${roleArn !== null && roleArn !== void 0 ? roleArn : process.env[ENV_ROLE_ARN]}' needs to be assumed with web identity,` +
		` but no role assumption callback was provided.`, false);
		}
		return roleAssumerWithWebIdentity({
		WebIdentityToken: fs_1.readFileSync(webIdentityTokenFile !== null && webIdentityTokenFile !== void 0 ? webIdentityTokenFile : process.env[ENV_TOKEN_FILE], { encoding: "ascii" }),
		RoleArn: roleArn !== null && roleArn !== void 0 ? roleArn : process.env[ENV_ROLE_ARN],
		RoleSessionName: (_a = roleSessionName !== null && roleSessionName !== void 0 ? roleSessionName : process.env[ENV_ROLE_SESSION_NAME]) !== null && _a !== void 0 ? _a : `aws-sdk-js-session-${Date.now()}`,
		const fromTokenFile = (init) => {
		const { webIdentityTokenFile, roleArn, roleSessionName } = init;
		return fromWebToken_1.fromWebToken({
		...init,
		webIdentityToken: fs_1.readFileSync(webIdentityTokenFile !== null && webIdentityTokenFile !== void 0 ? webIdentityTokenFile : process.env[ENV_TOKEN_FILE], { encoding: "ascii" }),
		roleArn: roleArn !== null && roleArn !== void 0 ? roleArn : process.env[ENV_ROLE_ARN],
		roleSessionName: roleSessionName !== null && roleSessionName !== void 0 ? roleSessionName : process.env[ENV_ROLE_SESSION_NAME],
		});
		};
		exports.fromTokenFile = fromTokenFile;
		//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZnJvbVRva2VuRmlsZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9mcm9tVG9rZW5GaWxlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLGtFQUEyRDtBQUUzRCwyQkFBa0M7QUFFbEMsTUFBTSxjQUFjLEdBQUcsNkJBQTZCLENBQUM7QUFDckQsTUFBTSxZQUFZLEdBQUcsY0FBYyxDQUFDO0FBQ3BDLE1BQU0scUJBQXFCLEdBQUcsdUJBQXVCLENBQUM7QUFvRHREOztHQUVHO0FBQ0ksTUFBTSxhQUFhLEdBQUcsQ0FBQyxJQUF1QixFQUFzQixFQUFFLENBQUMsS0FBSyxJQUFJLEVBQUU7O0lBQ3ZGLE1BQU0sRUFBRSxvQkFBb0IsRUFBRSxPQUFPLEVBQUUsZUFBZSxFQUFFLDBCQUEwQixFQUFFLEdBQUcsSUFBSSxDQUFDO0lBRTVGLElBQUksQ0FBQywwQkFBMEIsRUFBRTtRQUMvQixNQUFNLElBQUksaUNBQWEsQ0FDckIsYUFBYSxPQUFPLGFBQVAsT0FBTyxjQUFQLE9BQU8sR0FBSSxPQUFPLENBQUMsR0FBRyxDQUFDLFlBQVksQ0FBQywwQ0FBMEM7WUFDekYsZ0RBQWdELEVBQ2xELEtBQUssQ0FDTixDQUFDO0tBQ0g7SUFFRCxPQUFPLDBCQUEwQixDQUFDO1FBQ2hDLGdCQUFnQixFQUFFLGlCQUFZLENBQUMsb0JBQW9CLGFBQXBCLG9CQUFvQixjQUFwQixvQkFBb0IsR0FBSSxPQUFPLENBQUMsR0FBRyxDQUFDLGNBQWMsQ0FBRSxFQUFFLEVBQUUsUUFBUSxFQUFFLE9BQU8sRUFBRSxDQUFDO1FBQzNHLE9BQU8sRUFBRSxPQUFPLGFBQVAsT0FBTyxjQUFQLE9BQU8sR0FBSSxPQUFPLENBQUMsR0FBRyxDQUFDLFlBQVksQ0FBRTtRQUM5QyxlQUFlLFFBQUUsZUFBZSxhQUFmLGVBQWUsY0FBZixlQUFlLEdBQUksT0FBTyxDQUFDLEdBQUcsQ0FBQyxxQkFBcUIsQ0FBQyxtQ0FBSSxzQkFBc0IsSUFBSSxDQUFDLEdBQUcsRUFBRSxFQUFFO0tBQzdHLENBQUMsQ0FBQztBQUNMLENBQUMsQ0FBQztBQWhCVyxRQUFBLGFBQWEsaUJBZ0J4QiIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IFByb3ZpZGVyRXJyb3IgfSBmcm9tIFwiQGF3cy1zZGsvcHJvcGVydHktcHJvdmlkZXJcIjtcbmltcG9ydCB7IENyZWRlbnRpYWxQcm92aWRlciwgQ3JlZGVudGlhbHMgfSBmcm9tIFwiQGF3cy1zZGsvdHlwZXNcIjtcbmltcG9ydCB7IHJlYWRGaWxlU3luYyB9IGZyb20gXCJmc1wiO1xuXG5jb25zdCBFTlZfVE9LRU5fRklMRSA9IFwiQVdTX1dFQl9JREVOVElUWV9UT0tFTl9GSUxFXCI7XG5jb25zdCBFTlZfUk9MRV9BUk4gPSBcIkFXU19ST0xFX0FSTlwiO1xuY29uc3QgRU5WX1JPTEVfU0VTU0lPTl9OQU1FID0gXCJBV1NfUk9MRV9TRVNTSU9OX05BTUVcIjtcblxuZXhwb3J0IGludGVyZmFjZSBBc3N1bWVSb2xlV2l0aFdlYklkZW50aXR5UGFyYW1zIHtcbiAgLyoqXG4gICAqIDxwPlRoZSBBbWF6b24gUmVzb3VyY2UgTmFtZSAoQVJOKSBvZiB0aGUgcm9sZSB0aGF0IHRoZSBjYWxsZXIgaXMgYXNzdW1pbmcuPC9wPlxuICAgKi9cbiAgUm9sZUFybjogc3RyaW5nO1xuICAvKipcbiAgICogPHA+QW4gaWRlbnRpZmllciBmb3IgdGhlIGFzc3VtZWQgcm9sZSBzZXNzaW9uLiBUeXBpY2FsbHksIHlvdSBwYXNzIHRoZSBuYW1lIG9yIGlkZW50aWZpZXJcbiAgICogICAgICAgICAgdGhhdCBpcyBhc3NvY2lhdGVkIHdpdGggdGhlIHVzZXIgd2hvIGlzIHVzaW5nIHlvdXIgYXBwbGljYXRpb24uIFRoYXQgd2F5LCB0aGUgdGVtcG9yYXJ5XG4gICAqICAgICAgICAgIHNlY3VyaXR5IGNyZWRlbnRpYWxzIHRoYXQgeW91ciBhcHBsaWNhdGlvbiB3aWxsIHVzZSBhcmUgYXNzb2NpYXRlZCB3aXRoIHRoYXQgdXNlci4gVGhpc1xuICAgKiAgICAgICAgICBzZXNzaW9uIG5hbWUgaXMgaW5jbHVkZWQgYXMgcGFydCBvZiB0aGUgQVJOIGFuZCBhc3N1bWVkIHJvbGUgSUQgaW4gdGhlXG4gICAqICAgICAgICAgICAgIDxjb2RlPkFzc3VtZWRSb2xlVXNlcjwvY29kZT4gcmVzcG9uc2UgZWxlbWVudC48L3A+XG4gICAqICAgICAgICAgIDxwPlRoZSByZWdleCB1c2VkIHRvIHZhbGlkYXRlIHRoaXMgcGFyYW1ldGVyIGlzIGEgc3RyaW5nIG9mIGNoYXJhY3RlcnNcbiAgICogICAgIGNvbnNpc3Rpbmcgb2YgdXBwZXItIGFuZCBsb3dlci1jYXNlIGFscGhhbnVtZXJpYyBjaGFyYWN0ZXJzIHdpdGggbm8gc3BhY2VzLiBZb3UgY2FuXG4gICAqICAgICBhbHNvIGluY2x1ZGUgdW5kZXJzY29yZXMgb3IgYW55IG9mIHRoZSBmb2xsb3dpbmcgY2hhcmFjdGVyczogPSwuQC08L3A+XG4gICAqL1xuICBSb2xlU2Vzc2lvbk5hbWU6IHN0cmluZztcbiAgLyoqXG4gICAqIDxwPlRoZSBPQXV0aCAyLjAgYWNjZXNzIHRva2VuIG9yIE9wZW5JRCBDb25uZWN0IElEIHRva2VuIHRoYXQgaXMgcHJvdmlkZWQgYnkgdGhlIGlkZW50aXR5XG4gICAqICAgICAgICAgIHByb3ZpZGVyLiBZb3VyIGFwcGxpY2F0aW9uIG11c3QgZ2V0IHRoaXMgdG9rZW4gYnkgYXV0aGVudGljYXRpbmcgdGhlIHVzZXIgd2hvIGlzIHVzaW5nIHlvdXJcbiAgICogICAgICAgICAgYXBwbGljYXRpb24gd2l0aCBhIHdlYiBpZGVudGl0eSBwcm92aWRlciBiZWZvcmUgdGhlIGFwcGxpY2F0aW9uIG1ha2VzIGFuXG4gICAqICAgICAgICAgICAgIDxjb2RlPkFzc3VtZVJvbGVXaXRoV2ViSWRlbnRpdHk8L2NvZGU+IGNhbGwuIDwvcD5cbiAgICovXG4gIFdlYklkZW50aXR5VG9rZW46IHN0cmluZztcbn1cbmV4cG9ydCBpbnRlcmZhY2UgRnJvbVRva2VuRmlsZUluaXQge1xuICAvKipcbiAgICogRmlsZSBsb2NhdGlvbiBvZiB3aGVyZSB0aGUgYE9JRENgIHRva2VuIGlzIHN0b3JlZC5cbiAgICovXG4gIHdlYklkZW50aXR5VG9rZW5GaWxlPzogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBUaGUgSUFNIHJvbGUgd2FudGluZyB0byBiZSBhc3N1bWVkLlxuICAgKi9cbiAgcm9sZUFybj86IHN0cmluZztcblxuICAvKipcbiAgICogVGhlIElBTSBzZXNzaW9uIG5hbWUgdXNlZCB0byBkaXN0aW5ndWlzaCBzZXNzaW9ucy5cbiAgICovXG4gIHJvbGVTZXNzaW9uTmFtZT86IHN0cmluZztcblxuICAvKipcbiAgICogQSBmdW5jdGlvbiB0aGF0IGFzc3VtZXMgYSByb2xlIHdpdGggd2ViIGlkZW50aXR5IGFuZCByZXR1cm5zIGEgcHJvbWlzZSBmdWxmaWxsZWQgd2l0aFxuICAgKiBjcmVkZW50aWFscyBmb3IgdGhlIGFzc3VtZWQgcm9sZS5cbiAgICpcbiAgICogQHBhcmFtIHNvdXJjZUNyZWRzIFRoZSBjcmVkZW50aWFscyB3aXRoIHdoaWNoIHRvIGFzc3VtZSBhIHJvbGUuXG4gICAqIEBwYXJhbSBwYXJhbXNcbiAgICovXG4gIHJvbGVBc3N1bWVyV2l0aFdlYklkZW50aXR5PzogKHBhcmFtczogQXNzdW1lUm9sZVdpdGhXZWJJZGVudGl0eVBhcmFtcykgPT4gUHJvbWlzZTxDcmVkZW50aWFscz47XG59XG5cbi8qKlxuICogUmVwcmVzZW50cyBPSURDIGNyZWRlbnRpYWxzIGZyb20gYSBmaWxlIG9uIGRpc2suXG4gKi9cbmV4cG9ydCBjb25zdCBmcm9tVG9rZW5GaWxlID0gKGluaXQ6IEZyb21Ub2tlbkZpbGVJbml0KTogQ3JlZGVudGlhbFByb3ZpZGVyID0+IGFzeW5jICgpID0+IHtcbiAgY29uc3QgeyB3ZWJJZGVudGl0eVRva2VuRmlsZSwgcm9sZUFybiwgcm9sZVNlc3Npb25OYW1lLCByb2xlQXNzdW1lcldpdGhXZWJJZGVudGl0eSB9ID0gaW5pdDtcblxuICBpZiAoIXJvbGVBc3N1bWVyV2l0aFdlYklkZW50aXR5KSB7XG4gICAgdGhyb3cgbmV3IFByb3ZpZGVyRXJyb3IoXG4gICAgICBgUm9sZSBBcm4gJyR7cm9sZUFybiA/PyBwcm9jZXNzLmVudltFTlZfUk9MRV9BUk5dfScgbmVlZHMgdG8gYmUgYXNzdW1lZCB3aXRoIHdlYiBpZGVudGl0eSxgICtcbiAgICAgICAgYCBidXQgbm8gcm9sZSBhc3N1bXB0aW9uIGNhbGxiYWNrIHdhcyBwcm92aWRlZC5gLFxuICAgICAgZmFsc2VcbiAgICApO1xuICB9XG5cbiAgcmV0dXJuIHJvbGVBc3N1bWVyV2l0aFdlYklkZW50aXR5KHtcbiAgICBXZWJJZGVudGl0eVRva2VuOiByZWFkRmlsZVN5bmMod2ViSWRlbnRpdHlUb2tlbkZpbGUgPz8gcHJvY2Vzcy5lbnZbRU5WX1RPS0VOX0ZJTEVdISwgeyBlbmNvZGluZzogXCJhc2NpaVwiIH0pLFxuICAgIFJvbGVBcm46IHJvbGVBcm4gPz8gcHJvY2Vzcy5lbnZbRU5WX1JPTEVfQVJOXSEsXG4gICAgUm9sZVNlc3Npb25OYW1lOiByb2xlU2Vzc2lvbk5hbWUgPz8gcHJvY2Vzcy5lbnZbRU5WX1JPTEVfU0VTU0lPTl9OQU1FXSA/PyBgYXdzLXNkay1qcy1zZXNzaW9uLSR7RGF0ZS5ub3coKX1gLFxuICB9KTtcbn07XG4iXX0=
		//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZnJvbVRva2VuRmlsZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9mcm9tVG9rZW5GaWxlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUNBLDJCQUFrQztBQUVsQyxpREFBZ0U7QUFFaEUsTUFBTSxjQUFjLEdBQUcsNkJBQTZCLENBQUM7QUFDckQsTUFBTSxZQUFZLEdBQUcsY0FBYyxDQUFDO0FBQ3BDLE1BQU0scUJBQXFCLEdBQUcsdUJBQXVCLENBQUM7QUFTdEQ7O0dBRUc7QUFDSSxNQUFNLGFBQWEsR0FBRyxDQUFDLElBQXVCLEVBQXNCLEVBQUU7SUFDM0UsTUFBTSxFQUFFLG9CQUFvQixFQUFFLE9BQU8sRUFBRSxlQUFlLEVBQUUsR0FBRyxJQUFJLENBQUM7SUFFaEUsT0FBTywyQkFBWSxDQUFDO1FBQ2xCLEdBQUcsSUFBSTtRQUNQLGdCQUFnQixFQUFFLGlCQUFZLENBQUMsb0JBQW9CLGFBQXBCLG9CQUFvQixjQUFwQixvQkFBb0IsR0FBSSxPQUFPLENBQUMsR0FBRyxDQUFDLGNBQWMsQ0FBRSxFQUFFLEVBQUUsUUFBUSxFQUFFLE9BQU8sRUFBRSxDQUFDO1FBQzNHLE9BQU8sRUFBRSxPQUFPLGFBQVAsT0FBTyxjQUFQLE9BQU8sR0FBSSxPQUFPLENBQUMsR0FBRyxDQUFDLFlBQVksQ0FBRTtRQUM5QyxlQUFlLEVBQUUsZUFBZSxhQUFmLGVBQWUsY0FBZixlQUFlLEdBQUksT0FBTyxDQUFDLEdBQUcsQ0FBQyxxQkFBcUIsQ0FBQztLQUN2RSxDQUFDLENBQUM7QUFDTCxDQUFDLENBQUM7QUFUVyxRQUFBLGFBQWEsaUJBU3hCIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgQ3JlZGVudGlhbFByb3ZpZGVyIH0gZnJvbSBcIkBhd3Mtc2RrL3R5cGVzXCI7XG5pbXBvcnQgeyByZWFkRmlsZVN5bmMgfSBmcm9tIFwiZnNcIjtcblxuaW1wb3J0IHsgZnJvbVdlYlRva2VuLCBGcm9tV2ViVG9rZW5Jbml0IH0gZnJvbSBcIi4vZnJvbVdlYlRva2VuXCI7XG5cbmNvbnN0IEVOVl9UT0tFTl9GSUxFID0gXCJBV1NfV0VCX0lERU5USVRZX1RPS0VOX0ZJTEVcIjtcbmNvbnN0IEVOVl9ST0xFX0FSTiA9IFwiQVdTX1JPTEVfQVJOXCI7XG5jb25zdCBFTlZfUk9MRV9TRVNTSU9OX05BTUUgPSBcIkFXU19ST0xFX1NFU1NJT05fTkFNRVwiO1xuXG5leHBvcnQgaW50ZXJmYWNlIEZyb21Ub2tlbkZpbGVJbml0IGV4dGVuZHMgUGFydGlhbDxPbWl0PEZyb21XZWJUb2tlbkluaXQsIFwid2ViSWRlbnRpdHlUb2tlblwiPj4ge1xuICAvKipcbiAgICogRmlsZSBsb2NhdGlvbiBvZiB3aGVyZSB0aGUgYE9JRENgIHRva2VuIGlzIHN0b3JlZC5cbiAgICovXG4gIHdlYklkZW50aXR5VG9rZW5GaWxlPzogc3RyaW5nO1xufVxuXG4vKipcbiAqIFJlcHJlc2VudHMgT0lEQyBjcmVkZW50aWFscyBmcm9tIGEgZmlsZSBvbiBkaXNrLlxuICovXG5leHBvcnQgY29uc3QgZnJvbVRva2VuRmlsZSA9IChpbml0OiBGcm9tVG9rZW5GaWxlSW5pdCk6IENyZWRlbnRpYWxQcm92aWRlciA9PiB7XG4gIGNvbnN0IHsgd2ViSWRlbnRpdHlUb2tlbkZpbGUsIHJvbGVBcm4sIHJvbGVTZXNzaW9uTmFtZSB9ID0gaW5pdDtcblxuICByZXR1cm4gZnJvbVdlYlRva2VuKHtcbiAgICAuLi5pbml0LFxuICAgIHdlYklkZW50aXR5VG9rZW46IHJlYWRGaWxlU3luYyh3ZWJJZGVudGl0eVRva2VuRmlsZSA/PyBwcm9jZXNzLmVudltFTlZfVE9LRU5fRklMRV0hLCB7IGVuY29kaW5nOiBcImFzY2lpXCIgfSksXG4gICAgcm9sZUFybjogcm9sZUFybiA/PyBwcm9jZXNzLmVudltFTlZfUk9MRV9BUk5dISxcbiAgICByb2xlU2Vzc2lvbk5hbWU6IHJvbGVTZXNzaW9uTmFtZSA/PyBwcm9jZXNzLmVudltFTlZfUk9MRV9TRVNTSU9OX05BTUVdLFxuICB9KTtcbn07XG4iXX0=

dist/cjs/index.js

		@@ -5,2 +5,3 @@ "use strict";
		tslib_1.__exportStar(require("./fromTokenFile"), exports);
		//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsMERBQWdDIiwic291cmNlc0NvbnRlbnQiOlsiZXhwb3J0ICogZnJvbSBcIi4vZnJvbVRva2VuRmlsZVwiO1xuIl19
		tslib_1.__exportStar(require("./fromWebToken"), exports);
		//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsMERBQWdDO0FBQ2hDLHlEQUErQiIsInNvdXJjZXNDb250ZW50IjpbImV4cG9ydCAqIGZyb20gXCIuL2Zyb21Ub2tlbkZpbGVcIjtcbmV4cG9ydCAqIGZyb20gXCIuL2Zyb21XZWJUb2tlblwiO1xuIl19

dist/es/fromTokenFile.js

		@@ -1,4 +0,4 @@
		import { __awaiter, __generator } from "tslib";
		import { ProviderError } from "@aws-sdk/property-provider";
		import { __assign } from "tslib";
		import { readFileSync } from "fs";
		import { fromWebToken } from "./fromWebToken";
		var ENV_TOKEN_FILE = "AWS_WEB_IDENTITY_TOKEN_FILE";
		@@ -10,18 +10,6 @@ var ENV_ROLE_ARN = "AWS_ROLE_ARN";
		*/
		export var fromTokenFile = function (init) { return function () { return __awaiter(void 0, void 0, void 0, function () {
		var webIdentityTokenFile, roleArn, roleSessionName, roleAssumerWithWebIdentity;
		var _a;
		return __generator(this, function (_b) {
		webIdentityTokenFile = init.webIdentityTokenFile, roleArn = init.roleArn, roleSessionName = init.roleSessionName, roleAssumerWithWebIdentity = init.roleAssumerWithWebIdentity;
		if (!roleAssumerWithWebIdentity) {
		throw new ProviderError("Role Arn '" + (roleArn !== null && roleArn !== void 0 ? roleArn : process.env[ENV_ROLE_ARN]) + "' needs to be assumed with web identity," +
		" but no role assumption callback was provided.", false);
		}
		return [2 /return/, roleAssumerWithWebIdentity({
		WebIdentityToken: readFileSync(webIdentityTokenFile !== null && webIdentityTokenFile !== void 0 ? webIdentityTokenFile : process.env[ENV_TOKEN_FILE], { encoding: "ascii" }),
		RoleArn: roleArn !== null && roleArn !== void 0 ? roleArn : process.env[ENV_ROLE_ARN],
		RoleSessionName: (_a = roleSessionName !== null && roleSessionName !== void 0 ? roleSessionName : process.env[ENV_ROLE_SESSION_NAME]) !== null && _a !== void 0 ? _a : "aws-sdk-js-session-" + Date.now(),
		})];
		});
		}); }; };
		//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZnJvbVRva2VuRmlsZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9mcm9tVG9rZW5GaWxlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQSxPQUFPLEVBQUUsYUFBYSxFQUFFLE1BQU0sNEJBQTRCLENBQUM7QUFFM0QsT0FBTyxFQUFFLFlBQVksRUFBRSxNQUFNLElBQUksQ0FBQztBQUVsQyxJQUFNLGNBQWMsR0FBRyw2QkFBNkIsQ0FBQztBQUNyRCxJQUFNLFlBQVksR0FBRyxjQUFjLENBQUM7QUFDcEMsSUFBTSxxQkFBcUIsR0FBRyx1QkFBdUIsQ0FBQztBQW9EdEQ7O0dBRUc7QUFDSCxNQUFNLENBQUMsSUFBTSxhQUFhLEdBQUcsVUFBQyxJQUF1QixJQUF5QixPQUFBOzs7O1FBQ3BFLG9CQUFvQixHQUEyRCxJQUFJLHFCQUEvRCxFQUFFLE9BQU8sR0FBa0QsSUFBSSxRQUF0RCxFQUFFLGVBQWUsR0FBaUMsSUFBSSxnQkFBckMsRUFBRSwwQkFBMEIsR0FBSyxJQUFJLDJCQUFULENBQVU7UUFFNUYsSUFBSSxDQUFDLDBCQUEwQixFQUFFO1lBQy9CLE1BQU0sSUFBSSxhQUFhLENBQ3JCLGdCQUFhLE9BQU8sYUFBUCxPQUFPLGNBQVAsT0FBTyxHQUFJLE9BQU8sQ0FBQyxHQUFHLENBQUMsWUFBWSxDQUFDLDhDQUEwQztnQkFDekYsZ0RBQWdELEVBQ2xELEtBQUssQ0FDTixDQUFDO1NBQ0g7UUFFRCxzQkFBTywwQkFBMEIsQ0FBQztnQkFDaEMsZ0JBQWdCLEVBQUUsWUFBWSxDQUFDLG9CQUFvQixhQUFwQixvQkFBb0IsY0FBcEIsb0JBQW9CLEdBQUksT0FBTyxDQUFDLEdBQUcsQ0FBQyxjQUFjLENBQUUsRUFBRSxFQUFFLFFBQVEsRUFBRSxPQUFPLEVBQUUsQ0FBQztnQkFDM0csT0FBTyxFQUFFLE9BQU8sYUFBUCxPQUFPLGNBQVAsT0FBTyxHQUFJLE9BQU8sQ0FBQyxHQUFHLENBQUMsWUFBWSxDQUFFO2dCQUM5QyxlQUFlLFFBQUUsZUFBZSxhQUFmLGVBQWUsY0FBZixlQUFlLEdBQUksT0FBTyxDQUFDLEdBQUcsQ0FBQyxxQkFBcUIsQ0FBQyxtQ0FBSSx3QkFBc0IsSUFBSSxDQUFDLEdBQUcsRUFBSTthQUM3RyxDQUFDLEVBQUM7O0tBQ0osRUFoQjZFLENBZ0I3RSxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgUHJvdmlkZXJFcnJvciB9IGZyb20gXCJAYXdzLXNkay9wcm9wZXJ0eS1wcm92aWRlclwiO1xuaW1wb3J0IHsgQ3JlZGVudGlhbFByb3ZpZGVyLCBDcmVkZW50aWFscyB9IGZyb20gXCJAYXdzLXNkay90eXBlc1wiO1xuaW1wb3J0IHsgcmVhZEZpbGVTeW5jIH0gZnJvbSBcImZzXCI7XG5cbmNvbnN0IEVOVl9UT0tFTl9GSUxFID0gXCJBV1NfV0VCX0lERU5USVRZX1RPS0VOX0ZJTEVcIjtcbmNvbnN0IEVOVl9ST0xFX0FSTiA9IFwiQVdTX1JPTEVfQVJOXCI7XG5jb25zdCBFTlZfUk9MRV9TRVNTSU9OX05BTUUgPSBcIkFXU19ST0xFX1NFU1NJT05fTkFNRVwiO1xuXG5leHBvcnQgaW50ZXJmYWNlIEFzc3VtZVJvbGVXaXRoV2ViSWRlbnRpdHlQYXJhbXMge1xuICAvKipcbiAgICogPHA+VGhlIEFtYXpvbiBSZXNvdXJjZSBOYW1lIChBUk4pIG9mIHRoZSByb2xlIHRoYXQgdGhlIGNhbGxlciBpcyBhc3N1bWluZy48L3A+XG4gICAqL1xuICBSb2xlQXJuOiBzdHJpbmc7XG4gIC8qKlxuICAgKiA8cD5BbiBpZGVudGlmaWVyIGZvciB0aGUgYXNzdW1lZCByb2xlIHNlc3Npb24uIFR5cGljYWxseSwgeW91IHBhc3MgdGhlIG5hbWUgb3IgaWRlbnRpZmllclxuICAgKiAgICAgICAgICB0aGF0IGlzIGFzc29jaWF0ZWQgd2l0aCB0aGUgdXNlciB3aG8gaXMgdXNpbmcgeW91ciBhcHBsaWNhdGlvbi4gVGhhdCB3YXksIHRoZSB0ZW1wb3JhcnlcbiAgICogICAgICAgICAgc2VjdXJpdHkgY3JlZGVudGlhbHMgdGhhdCB5b3VyIGFwcGxpY2F0aW9uIHdpbGwgdXNlIGFyZSBhc3NvY2lhdGVkIHdpdGggdGhhdCB1c2VyLiBUaGlzXG4gICAqICAgICAgICAgIHNlc3Npb24gbmFtZSBpcyBpbmNsdWRlZCBhcyBwYXJ0IG9mIHRoZSBBUk4gYW5kIGFzc3VtZWQgcm9sZSBJRCBpbiB0aGVcbiAgICogICAgICAgICAgICAgPGNvZGU+QXNzdW1lZFJvbGVVc2VyPC9jb2RlPiByZXNwb25zZSBlbGVtZW50LjwvcD5cbiAgICogICAgICAgICAgPHA+VGhlIHJlZ2V4IHVzZWQgdG8gdmFsaWRhdGUgdGhpcyBwYXJhbWV0ZXIgaXMgYSBzdHJpbmcgb2YgY2hhcmFjdGVyc1xuICAgKiAgICAgY29uc2lzdGluZyBvZiB1cHBlci0gYW5kIGxvd2VyLWNhc2UgYWxwaGFudW1lcmljIGNoYXJhY3RlcnMgd2l0aCBubyBzcGFjZXMuIFlvdSBjYW5cbiAgICogICAgIGFsc28gaW5jbHVkZSB1bmRlcnNjb3JlcyBvciBhbnkgb2YgdGhlIGZvbGxvd2luZyBjaGFyYWN0ZXJzOiA9LC5ALTwvcD5cbiAgICovXG4gIFJvbGVTZXNzaW9uTmFtZTogc3RyaW5nO1xuICAvKipcbiAgICogPHA+VGhlIE9BdXRoIDIuMCBhY2Nlc3MgdG9rZW4gb3IgT3BlbklEIENvbm5lY3QgSUQgdG9rZW4gdGhhdCBpcyBwcm92aWRlZCBieSB0aGUgaWRlbnRpdHlcbiAgICogICAgICAgICAgcHJvdmlkZXIuIFlvdXIgYXBwbGljYXRpb24gbXVzdCBnZXQgdGhpcyB0b2tlbiBieSBhdXRoZW50aWNhdGluZyB0aGUgdXNlciB3aG8gaXMgdXNpbmcgeW91clxuICAgKiAgICAgICAgICBhcHBsaWNhdGlvbiB3aXRoIGEgd2ViIGlkZW50aXR5IHByb3ZpZGVyIGJlZm9yZSB0aGUgYXBwbGljYXRpb24gbWFrZXMgYW5cbiAgICogICAgICAgICAgICAgPGNvZGU+QXNzdW1lUm9sZVdpdGhXZWJJZGVudGl0eTwvY29kZT4gY2FsbC4gPC9wPlxuICAgKi9cbiAgV2ViSWRlbnRpdHlUb2tlbjogc3RyaW5nO1xufVxuZXhwb3J0IGludGVyZmFjZSBGcm9tVG9rZW5GaWxlSW5pdCB7XG4gIC8qKlxuICAgKiBGaWxlIGxvY2F0aW9uIG9mIHdoZXJlIHRoZSBgT0lEQ2AgdG9rZW4gaXMgc3RvcmVkLlxuICAgKi9cbiAgd2ViSWRlbnRpdHlUb2tlbkZpbGU/OiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIFRoZSBJQU0gcm9sZSB3YW50aW5nIHRvIGJlIGFzc3VtZWQuXG4gICAqL1xuICByb2xlQXJuPzogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBUaGUgSUFNIHNlc3Npb24gbmFtZSB1c2VkIHRvIGRpc3Rpbmd1aXNoIHNlc3Npb25zLlxuICAgKi9cbiAgcm9sZVNlc3Npb25OYW1lPzogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBBIGZ1bmN0aW9uIHRoYXQgYXNzdW1lcyBhIHJvbGUgd2l0aCB3ZWIgaWRlbnRpdHkgYW5kIHJldHVybnMgYSBwcm9taXNlIGZ1bGZpbGxlZCB3aXRoXG4gICAqIGNyZWRlbnRpYWxzIGZvciB0aGUgYXNzdW1lZCByb2xlLlxuICAgKlxuICAgKiBAcGFyYW0gc291cmNlQ3JlZHMgVGhlIGNyZWRlbnRpYWxzIHdpdGggd2hpY2ggdG8gYXNzdW1lIGEgcm9sZS5cbiAgICogQHBhcmFtIHBhcmFtc1xuICAgKi9cbiAgcm9sZUFzc3VtZXJXaXRoV2ViSWRlbnRpdHk/OiAocGFyYW1zOiBBc3N1bWVSb2xlV2l0aFdlYklkZW50aXR5UGFyYW1zKSA9PiBQcm9taXNlPENyZWRlbnRpYWxzPjtcbn1cblxuLyoqXG4gKiBSZXByZXNlbnRzIE9JREMgY3JlZGVudGlhbHMgZnJvbSBhIGZpbGUgb24gZGlzay5cbiAqL1xuZXhwb3J0IGNvbnN0IGZyb21Ub2tlbkZpbGUgPSAoaW5pdDogRnJvbVRva2VuRmlsZUluaXQpOiBDcmVkZW50aWFsUHJvdmlkZXIgPT4gYXN5bmMgKCkgPT4ge1xuICBjb25zdCB7IHdlYklkZW50aXR5VG9rZW5GaWxlLCByb2xlQXJuLCByb2xlU2Vzc2lvbk5hbWUsIHJvbGVBc3N1bWVyV2l0aFdlYklkZW50aXR5IH0gPSBpbml0O1xuXG4gIGlmICghcm9sZUFzc3VtZXJXaXRoV2ViSWRlbnRpdHkpIHtcbiAgICB0aHJvdyBuZXcgUHJvdmlkZXJFcnJvcihcbiAgICAgIGBSb2xlIEFybiAnJHtyb2xlQXJuID8/IHByb2Nlc3MuZW52W0VOVl9ST0xFX0FSTl19JyBuZWVkcyB0byBiZSBhc3N1bWVkIHdpdGggd2ViIGlkZW50aXR5LGAgK1xuICAgICAgICBgIGJ1dCBubyByb2xlIGFzc3VtcHRpb24gY2FsbGJhY2sgd2FzIHByb3ZpZGVkLmAsXG4gICAgICBmYWxzZVxuICAgICk7XG4gIH1cblxuICByZXR1cm4gcm9sZUFzc3VtZXJXaXRoV2ViSWRlbnRpdHkoe1xuICAgIFdlYklkZW50aXR5VG9rZW46IHJlYWRGaWxlU3luYyh3ZWJJZGVudGl0eVRva2VuRmlsZSA/PyBwcm9jZXNzLmVudltFTlZfVE9LRU5fRklMRV0hLCB7IGVuY29kaW5nOiBcImFzY2lpXCIgfSksXG4gICAgUm9sZUFybjogcm9sZUFybiA/PyBwcm9jZXNzLmVudltFTlZfUk9MRV9BUk5dISxcbiAgICBSb2xlU2Vzc2lvbk5hbWU6IHJvbGVTZXNzaW9uTmFtZSA/PyBwcm9jZXNzLmVudltFTlZfUk9MRV9TRVNTSU9OX05BTUVdID8/IGBhd3Mtc2RrLWpzLXNlc3Npb24tJHtEYXRlLm5vdygpfWAsXG4gIH0pO1xufTtcbiJdfQ==
		export var fromTokenFile = function (init) {
		var webIdentityTokenFile = init.webIdentityTokenFile, roleArn = init.roleArn, roleSessionName = init.roleSessionName;
		return fromWebToken(__assign(__assign({}, init), { webIdentityToken: readFileSync(webIdentityTokenFile !== null && webIdentityTokenFile !== void 0 ? webIdentityTokenFile : process.env[ENV_TOKEN_FILE], { encoding: "ascii" }), roleArn: roleArn !== null && roleArn !== void 0 ? roleArn : process.env[ENV_ROLE_ARN], roleSessionName: roleSessionName !== null && roleSessionName !== void 0 ? roleSessionName : process.env[ENV_ROLE_SESSION_NAME] }));
		};
		//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZnJvbVRva2VuRmlsZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9mcm9tVG9rZW5GaWxlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFDQSxPQUFPLEVBQUUsWUFBWSxFQUFFLE1BQU0sSUFBSSxDQUFDO0FBRWxDLE9BQU8sRUFBRSxZQUFZLEVBQW9CLE1BQU0sZ0JBQWdCLENBQUM7QUFFaEUsSUFBTSxjQUFjLEdBQUcsNkJBQTZCLENBQUM7QUFDckQsSUFBTSxZQUFZLEdBQUcsY0FBYyxDQUFDO0FBQ3BDLElBQU0scUJBQXFCLEdBQUcsdUJBQXVCLENBQUM7QUFTdEQ7O0dBRUc7QUFDSCxNQUFNLENBQUMsSUFBTSxhQUFhLEdBQUcsVUFBQyxJQUF1QjtJQUMzQyxJQUFBLG9CQUFvQixHQUErQixJQUFJLHFCQUFuQyxFQUFFLE9BQU8sR0FBc0IsSUFBSSxRQUExQixFQUFFLGVBQWUsR0FBSyxJQUFJLGdCQUFULENBQVU7SUFFaEUsT0FBTyxZQUFZLHVCQUNkLElBQUksS0FDUCxnQkFBZ0IsRUFBRSxZQUFZLENBQUMsb0JBQW9CLGFBQXBCLG9CQUFvQixjQUFwQixvQkFBb0IsR0FBSSxPQUFPLENBQUMsR0FBRyxDQUFDLGNBQWMsQ0FBRSxFQUFFLEVBQUUsUUFBUSxFQUFFLE9BQU8sRUFBRSxDQUFDLEVBQzNHLE9BQU8sRUFBRSxPQUFPLGFBQVAsT0FBTyxjQUFQLE9BQU8sR0FBSSxPQUFPLENBQUMsR0FBRyxDQUFDLFlBQVksQ0FBRSxFQUM5QyxlQUFlLEVBQUUsZUFBZSxhQUFmLGVBQWUsY0FBZixlQUFlLEdBQUksT0FBTyxDQUFDLEdBQUcsQ0FBQyxxQkFBcUIsQ0FBQyxJQUN0RSxDQUFDO0FBQ0wsQ0FBQyxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgQ3JlZGVudGlhbFByb3ZpZGVyIH0gZnJvbSBcIkBhd3Mtc2RrL3R5cGVzXCI7XG5pbXBvcnQgeyByZWFkRmlsZVN5bmMgfSBmcm9tIFwiZnNcIjtcblxuaW1wb3J0IHsgZnJvbVdlYlRva2VuLCBGcm9tV2ViVG9rZW5Jbml0IH0gZnJvbSBcIi4vZnJvbVdlYlRva2VuXCI7XG5cbmNvbnN0IEVOVl9UT0tFTl9GSUxFID0gXCJBV1NfV0VCX0lERU5USVRZX1RPS0VOX0ZJTEVcIjtcbmNvbnN0IEVOVl9ST0xFX0FSTiA9IFwiQVdTX1JPTEVfQVJOXCI7XG5jb25zdCBFTlZfUk9MRV9TRVNTSU9OX05BTUUgPSBcIkFXU19ST0xFX1NFU1NJT05fTkFNRVwiO1xuXG5leHBvcnQgaW50ZXJmYWNlIEZyb21Ub2tlbkZpbGVJbml0IGV4dGVuZHMgUGFydGlhbDxPbWl0PEZyb21XZWJUb2tlbkluaXQsIFwid2ViSWRlbnRpdHlUb2tlblwiPj4ge1xuICAvKipcbiAgICogRmlsZSBsb2NhdGlvbiBvZiB3aGVyZSB0aGUgYE9JRENgIHRva2VuIGlzIHN0b3JlZC5cbiAgICovXG4gIHdlYklkZW50aXR5VG9rZW5GaWxlPzogc3RyaW5nO1xufVxuXG4vKipcbiAqIFJlcHJlc2VudHMgT0lEQyBjcmVkZW50aWFscyBmcm9tIGEgZmlsZSBvbiBkaXNrLlxuICovXG5leHBvcnQgY29uc3QgZnJvbVRva2VuRmlsZSA9IChpbml0OiBGcm9tVG9rZW5GaWxlSW5pdCk6IENyZWRlbnRpYWxQcm92aWRlciA9PiB7XG4gIGNvbnN0IHsgd2ViSWRlbnRpdHlUb2tlbkZpbGUsIHJvbGVBcm4sIHJvbGVTZXNzaW9uTmFtZSB9ID0gaW5pdDtcblxuICByZXR1cm4gZnJvbVdlYlRva2VuKHtcbiAgICAuLi5pbml0LFxuICAgIHdlYklkZW50aXR5VG9rZW46IHJlYWRGaWxlU3luYyh3ZWJJZGVudGl0eVRva2VuRmlsZSA/PyBwcm9jZXNzLmVudltFTlZfVE9LRU5fRklMRV0hLCB7IGVuY29kaW5nOiBcImFzY2lpXCIgfSksXG4gICAgcm9sZUFybjogcm9sZUFybiA/PyBwcm9jZXNzLmVudltFTlZfUk9MRV9BUk5dISxcbiAgICByb2xlU2Vzc2lvbk5hbWU6IHJvbGVTZXNzaW9uTmFtZSA/PyBwcm9jZXNzLmVudltFTlZfUk9MRV9TRVNTSU9OX05BTUVdLFxuICB9KTtcbn07XG4iXX0=

dist/es/index.js

		export * from "./fromTokenFile";
		//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsY0FBYyxpQkFBaUIsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbImV4cG9ydCAqIGZyb20gXCIuL2Zyb21Ub2tlbkZpbGVcIjtcbiJdfQ==
		export * from "./fromWebToken";
		//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsY0FBYyxpQkFBaUIsQ0FBQztBQUNoQyxjQUFjLGdCQUFnQixDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiZXhwb3J0ICogZnJvbSBcIi4vZnJvbVRva2VuRmlsZVwiO1xuZXhwb3J0ICogZnJvbSBcIi4vZnJvbVdlYlRva2VuXCI7XG4iXX0=

dist/types/fromTokenFile.d.ts

		@@ -1,47 +0,8 @@
		import { CredentialProvider, Credentials } from "@aws-sdk/types";
		export interface AssumeRoleWithWebIdentityParams {
		import { CredentialProvider } from "@aws-sdk/types";
		import { FromWebTokenInit } from "./fromWebToken";
		export interface FromTokenFileInit extends Partial<Omit<FromWebTokenInit, "webIdentityToken">> {
		/**
		* <p>The Amazon Resource Name (ARN) of the role that the caller is assuming.</p>
		*/
		RoleArn: string;
		/**
		* <p>An identifier for the assumed role session. Typically, you pass the name or identifier
		* that is associated with the user who is using your application. That way, the temporary
		* security credentials that your application will use are associated with that user. This
		* session name is included as part of the ARN and assumed role ID in the
		* <code>AssumedRoleUser</code> response element.</p>
		* <p>The regex used to validate this parameter is a string of characters
		* consisting of upper- and lower-case alphanumeric characters with no spaces. You can
		* also include underscores or any of the following characters: =,.@-</p>
		*/
		RoleSessionName: string;
		/**
		* <p>The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity
		* provider. Your application must get this token by authenticating the user who is using your
		* application with a web identity provider before the application makes an
		* <code>AssumeRoleWithWebIdentity</code> call. </p>
		*/
		WebIdentityToken: string;
		}
		export interface FromTokenFileInit {
		/**
		* File location of where the `OIDC` token is stored.
		*/
		webIdentityTokenFile?: string;
		/**
		* The IAM role wanting to be assumed.
		*/
		roleArn?: string;
		/**
		* The IAM session name used to distinguish sessions.
		*/
		roleSessionName?: string;
		/**
		* A function that assumes a role with web identity and returns a promise fulfilled with
		* credentials for the assumed role.
		*
		* @param sourceCreds The credentials with which to assume a role.
		* @param params
		*/
		roleAssumerWithWebIdentity?: (params: AssumeRoleWithWebIdentityParams) => Promise<Credentials>;
		}
		@@ -48,0 +9,0 @@ /**

dist/types/index.d.ts

		export * from "./fromTokenFile";
		export * from "./fromWebToken";

dist/types/ts3.4/fromTokenFile.d.ts

		@@ -1,47 +0,8 @@
		import { CredentialProvider, Credentials } from "@aws-sdk/types";
		export interface AssumeRoleWithWebIdentityParams {
		import { CredentialProvider } from "@aws-sdk/types";
		import { FromWebTokenInit } from "./fromWebToken";
		export interface FromTokenFileInit extends Partial<Pick<FromWebTokenInit, Exclude<keyof FromWebTokenInit, "webIdentityToken">>> {
		/**
		* <p>The Amazon Resource Name (ARN) of the role that the caller is assuming.</p>
		*/
		RoleArn: string;
		/**
		* <p>An identifier for the assumed role session. Typically, you pass the name or identifier
		* that is associated with the user who is using your application. That way, the temporary
		* security credentials that your application will use are associated with that user. This
		* session name is included as part of the ARN and assumed role ID in the
		* <code>AssumedRoleUser</code> response element.</p>
		* <p>The regex used to validate this parameter is a string of characters
		* consisting of upper- and lower-case alphanumeric characters with no spaces. You can
		* also include underscores or any of the following characters: =,.@-</p>
		*/
		RoleSessionName: string;
		/**
		* <p>The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity
		* provider. Your application must get this token by authenticating the user who is using your
		* application with a web identity provider before the application makes an
		* <code>AssumeRoleWithWebIdentity</code> call. </p>
		*/
		WebIdentityToken: string;
		}
		export interface FromTokenFileInit {
		/**
		* File location of where the `OIDC` token is stored.
		*/
		webIdentityTokenFile?: string;
		/**
		* The IAM role wanting to be assumed.
		*/
		roleArn?: string;
		/**
		* The IAM session name used to distinguish sessions.
		*/
		roleSessionName?: string;
		/**
		* A function that assumes a role with web identity and returns a promise fulfilled with
		* credentials for the assumed role.
		*
		* @param sourceCreds The credentials with which to assume a role.
		* @param params
		*/
		roleAssumerWithWebIdentity?: (params: AssumeRoleWithWebIdentityParams) => Promise<Credentials>;
		}
		@@ -48,0 +9,0 @@ /**

dist/types/ts3.4/index.d.ts

		export * from "./fromTokenFile";
		export * from "./fromWebToken";

package.json

		{
		"name": "@aws-sdk/credential-provider-web-identity",
		"version": "3.10.0",
		"version": "3.11.0",
		"description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials",
		@@ -5,0 +5,0 @@ "main": "./dist/cjs/index.js",

README.md

		@@ -10,2 +10,82 @@ # @aws-sdk/credential-provider-web-identity

		## fromWebToken

		The function `fromWebToken` returns `CredentialProvider` that get credentials calling sts:assumeRoleWithWebIdentity
		API via `roleAssumerWithWebIdentity`.

		### Supported configuration

		This configuration supports all the input parameters from
		[sts:AssumeWithWebIdentity](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-sts/modules/assumerolewithwebidentityrequest.html) API. The following options are supported:

		- `roleArn` - The Amazon Resource Name (ARN) of the role that the caller is assuming.
		- `webIdentityToken` - The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider.
		- `roleSessionName` - An identifier for the assumed role session.
		- `providerId` - The fully qualified host component of the domain name of the identity provider. Do not specify this
		value for OpenID Connect ID tokens.
		- `policyArns` - The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session
		policies.
		- `policy` - An IAM policy in JSON format that you want to use as an inline session policy.
		- `durationSeconds` - The duration, in seconds, of the role session. Default to 3600.
		- `roleAssumerWithWebIdentity` - A function that assumes a role with web identity
		and returns a promise fulfilled with credentials for the assumed role. You may call
		`sts:assumeRoleWithWebIdentity` API within this function.

		### Examples

		You can directly configure individual identity providers to access AWS resources using web identity federation. AWS
		currently supports authenticating users using web identity federation through several identity providers:

		- [Login with Amazon](https://login.amazon.com/)

		- [Facebook Login](https://developers.facebook.com/docs/facebook-login/web/)

		- [Google Sign-in](https://developers.google.com/identity/)

		You must first register your application with the providers that your application supports. Next, create an IAM role and
		set up permissions for it. The IAM role you create is then used to grant the permissions you configured for it through
		the respective identity provider. For example, you can set up a role that allows users who logged in through Facebook
		to have read access to a specific Amazon S3 bucket you control.

		After you have both an IAM role with configured privileges and an application registered with your chosen identity
		providers, you can set up the SDK to get credentials for the IAM role using helper code, as follows:

		```javascript
		import { DynamoDBClient } from "@aws-sdk/client-dynamodb";
		import { STSClient, AssumeRoleWithWebIdentityCommand } from "@aws-sdk/client-sts";
		import { fromWebToken } from "@aws-sdk/credential-provider-web-identity";

		const stsClient = new STSClient({});

		const roleAssumerWithWebIdentity = async (params) => {
		const { Credentials } = await stsClient.send(
		new AssumeRoleWithWebIdentityCommand(params)
		);
		if (!Credentials \|\| !Credentials.AccessKeyId \|\| !Credentials.SecretAccessKey) {
		throw new Error(`Invalid response from STS.assumeRole call with role ${params.RoleArn}`);
		}
		return {
		accessKeyId: Credentials.AccessKeyId,
		secretAccessKey: Credentials.SecretAccessKey,
		sessionToken: Credentials.SessionToken,
		expiration: Credentials.Expiration,
		};
		};

		const dynamodb = new DynamoDBClient({
		region,
		credentials: fromWebToken({
		roleArn: 'arn:aws:iam::<AWS_ACCOUNT_ID>/:role/<WEB_IDENTITY_ROLE_NAME>',
		providerId: 'graph.facebook.com\|www.amazon.com', // this is null for Google
		webIdentityToken: ACCESS_TOKEN // from OpenID token identity provider
		roleAssumerWithWebIdentity,
		})
		});

		```

		The value in the ProviderId parameter depends on the specified identity provider. The value in the WebIdentityToken
		parameter is the access token retrieved from a successful login with the identity provider. For more information on how
		to configure and retrieve access tokens for each identity provider, see the documentation for the identity provider.

		## fromTokenFile
		@@ -12,0 +92,0 @@

182

src/fromTokenFile.spec.ts

		@@ -1,6 +0,8 @@
		import { ProviderError } from "@aws-sdk/property-provider";
		import { readFileSync } from "fs";
		jest.mock("./fromWebToken", () => ({
		fromWebToken: jest.fn().mockReturnValue(() => Promise.resolve(MOCK_CREDS)),
		}));
		import { fromTokenFile } from "./fromTokenFile";
		import { fromWebToken } from "./fromWebToken";

		import { AssumeRoleWithWebIdentityParams, fromTokenFile, FromTokenFileInit } from "./fromTokenFile";

		const ENV_TOKEN_FILE = "AWS_WEB_IDENTITY_TOKEN_FILE";
		@@ -33,53 +35,2 @@ const ENV_ROLE_ARN = "AWS_ROLE_ARN";

		const testRoleAssumerWithWebIdentityNotDefined = async (init: FromTokenFileInit, roleArn: string) => {
		try {
		// @ts-ignore An argument for 'init' was not provided.
		await fromTokenFile(init)();
		fail(`Expected error to be thrown`);
		} catch (error) {
		expect(error).toEqual(
		new ProviderError(
		`Role Arn '${roleArn}' needs to be assumed with web identity, but no role assumption callback was provided.`,
		false
		)
		);
		}
		};

		const testReadFileSyncError = async (init: FromTokenFileInit) => {
		const readFileSyncError = new Error("readFileSyncError");
		(readFileSync as jest.Mock).mockImplementation(() => {
		throw readFileSyncError;
		});
		try {
		await fromTokenFile(init)();
		fail(`Expected error to be thrown`);
		} catch (error) {
		expect(error).toEqual(readFileSyncError);
		}
		expect(readFileSync).toHaveBeenCalledTimes(1);
		};

		const testRoleAssumerWithWebIdentitySuccess = async (init: FromTokenFileInit) => {
		const creds = await fromTokenFile(init)();
		expect(creds).toEqual(MOCK_CREDS);
		expect(readFileSync).toHaveBeenCalledTimes(1);
		expect(readFileSync).toHaveBeenCalledWith(mockTokenFile, { encoding: "ascii" });
		};

		const testRandomValueForRoleSessionName = async (init: FromTokenFileInit) => {
		const mockDateNow = Date.now();
		const spyDateNow = jest.spyOn(Date, "now").mockReturnValueOnce(mockDateNow);

		const creds = await fromTokenFile({
		...init,
		roleAssumerWithWebIdentity: async (params: AssumeRoleWithWebIdentityParams) => {
		expect(params.RoleSessionName).toEqual(`aws-sdk-js-session-${mockDateNow}`);
		return MOCK_CREDS;
		},
		})();
		expect(creds).toEqual(MOCK_CREDS);
		expect(spyDateNow).toHaveBeenCalledTimes(1);
		};

		describe("reads config from env", () => {
		@@ -102,81 +53,68 @@ const original_ENV_TOKEN_FILE = process.env[ENV_TOKEN_FILE];

		it("throws if roleAssumerWithWebIdentity is not defined", async () => {
		return testRoleAssumerWithWebIdentityNotDefined({}, process.env[ENV_ROLE_ARN]);
		it(`passes values to ${fromWebToken.name}`, async () => {
		const roleAssumerWithWebIdentity = jest.fn();
		const creds = await fromTokenFile({
		roleAssumerWithWebIdentity,
		})();
		expect(creds).toEqual(MOCK_CREDS);
		expect(fromWebToken as jest.Mock).toBeCalledTimes(1);
		const webTokenInit = (fromWebToken as jest.Mock).mock.calls[0][0];
		expect(webTokenInit.webIdentityToken).toBe(mockTokenValue);
		expect(webTokenInit.roleSessionName).toBe(mockRoleSessionName);
		expect(webTokenInit.roleArn).toBe(mockRoleArn);
		expect(webTokenInit.roleAssumerWithWebIdentity).toBe(roleAssumerWithWebIdentity);
		});

		it("throws if ENV_TOKEN_FILE read from disk failed", async () => {
		return testReadFileSyncError({
		roleAssumerWithWebIdentity: async (params: AssumeRoleWithWebIdentityParams) => {
		return MOCK_CREDS;
		},
		});
		it("prefers init parameters over environmental variables", async () => {
		const roleAssumerWithWebIdentity = jest.fn();
		const init = {
		webIdentityTokenFile: "anotherTokenFile",
		roleArn: "anotherRoleArn",
		roleSessionName: "anotherRoleSessionName",
		roleAssumerWithWebIdentity,
		};
		const creds = await fromTokenFile(init)();
		expect(creds).toEqual(MOCK_CREDS);
		expect(fromWebToken as jest.Mock).toBeCalledTimes(1);
		const webTokenInit = (fromWebToken as jest.Mock).mock.calls[0][0];
		expect(webTokenInit.roleSessionName).toBe(init.roleSessionName);
		expect(webTokenInit.roleArn).toBe(init.roleArn);
		expect(webTokenInit.roleAssumerWithWebIdentity).toBe(roleAssumerWithWebIdentity);
		expect(readFileSync as jest.Mock).toBeCalledTimes(1);
		expect((readFileSync as jest.Mock).mock.calls[0][0]).toBe(init.webIdentityTokenFile);
		});

		it("passes values to roleAssumerWithWebIdentity", async () => {
		return testRoleAssumerWithWebIdentitySuccess({
		roleAssumerWithWebIdentity: async (params: AssumeRoleWithWebIdentityParams) => {
		expect(params.WebIdentityToken).toEqual(mockTokenValue);
		expect(params.RoleArn).toEqual(mockRoleArn);
		expect(params.RoleSessionName).toEqual(mockRoleSessionName);
		return MOCK_CREDS;
		},
		it("throws if ENV_TOKEN_FILE read from disk failed", async () => {
		const readFileSyncError = new Error("readFileSyncError");
		(readFileSync as jest.Mock).mockImplementation(() => {
		throw readFileSyncError;
		});
		try {
		await fromTokenFile({ roleAssumerWithWebIdentity: jest.fn() })();
		fail(`Expected error to be thrown`);
		} catch (error) {
		expect(error).toEqual(readFileSyncError);
		}
		expect(readFileSync).toHaveBeenCalledTimes(1);
		});

		it("generates a random value for RoleSessionName if not available", async () => {
		delete process.env[ENV_ROLE_SESSION_NAME];
		return testRandomValueForRoleSessionName({});
		});
		});

		describe("reads config from configuration keys", () => {
		const original_ENV_TOKEN_FILE = process.env[ENV_TOKEN_FILE];
		const original_ENV_ROLE_ARN = process.env[ENV_ROLE_ARN];
		const original_ENV_ROLE_SESSION_NAME = process.env[ENV_ROLE_SESSION_NAME];

		beforeAll(() => {
		delete process.env[ENV_TOKEN_FILE];
		delete process.env[ENV_ROLE_ARN];
		delete process.env[ENV_ROLE_SESSION_NAME];
		});

		afterAll(() => {
		process.env[ENV_TOKEN_FILE] = original_ENV_TOKEN_FILE;
		process.env[ENV_ROLE_ARN] = original_ENV_ROLE_ARN;
		process.env[ENV_ROLE_SESSION_NAME] = original_ENV_ROLE_SESSION_NAME;
		});

		it("throws if roleAssumerWithWebIdentity is not defined", async () => {
		return testRoleAssumerWithWebIdentityNotDefined({ roleArn: mockRoleArn }, mockRoleArn);
		});

		it("throws if web_identity_token_file read from disk failed", async () => {
		return testReadFileSyncError({
		webIdentityTokenFile: mockTokenFile,
		roleArn: mockRoleArn,
		roleSessionName: mockRoleSessionName,
		roleAssumerWithWebIdentity: async (params: AssumeRoleWithWebIdentityParams) => {
		return MOCK_CREDS;
		},
		const readFileSyncError = new Error("readFileSyncError");
		(readFileSync as jest.Mock).mockImplementation(() => {
		throw readFileSyncError;
		});
		try {
		await fromTokenFile({
		webIdentityTokenFile: mockTokenFile,
		roleArn: mockRoleArn,
		roleSessionName: mockRoleSessionName,
		roleAssumerWithWebIdentity: jest.fn(),
		})();
		fail(`Expected error to be thrown`);
		} catch (error) {
		expect(error).toEqual(readFileSyncError);
		}
		expect(readFileSync).toHaveBeenCalledTimes(1);
		});

		it("passes values to roleAssumerWithWebIdentity", async () => {
		return testRoleAssumerWithWebIdentitySuccess({
		webIdentityTokenFile: mockTokenFile,
		roleArn: mockRoleArn,
		roleSessionName: mockRoleSessionName,
		roleAssumerWithWebIdentity: async (params: AssumeRoleWithWebIdentityParams) => {
		expect(params.WebIdentityToken).toEqual(mockTokenValue);
		expect(params.RoleArn).toEqual(mockRoleArn);
		expect(params.RoleSessionName).toEqual(mockRoleSessionName);
		return MOCK_CREDS;
		},
		});
		});

		it("generates a random value for RoleSessionName if not available", async () => {
		return testRandomValueForRoleSessionName({ webIdentityTokenFile: mockTokenFile, roleArn: mockRoleArn });
		});
		});
		});

src/fromTokenFile.ts

		@@ -1,5 +0,6 @@
		import { ProviderError } from "@aws-sdk/property-provider";
		import { CredentialProvider, Credentials } from "@aws-sdk/types";
		import { CredentialProvider } from "@aws-sdk/types";
		import { readFileSync } from "fs";

		import { fromWebToken, FromWebTokenInit } from "./fromWebToken";

		const ENV_TOKEN_FILE = "AWS_WEB_IDENTITY_TOKEN_FILE";
		@@ -9,50 +10,7 @@ const ENV_ROLE_ARN = "AWS_ROLE_ARN";

		export interface AssumeRoleWithWebIdentityParams {
		export interface FromTokenFileInit extends Partial<Omit<FromWebTokenInit, "webIdentityToken">> {
		/**
		* <p>The Amazon Resource Name (ARN) of the role that the caller is assuming.</p>
		*/
		RoleArn: string;
		/**
		* <p>An identifier for the assumed role session. Typically, you pass the name or identifier
		* that is associated with the user who is using your application. That way, the temporary
		* security credentials that your application will use are associated with that user. This
		* session name is included as part of the ARN and assumed role ID in the
		* <code>AssumedRoleUser</code> response element.</p>
		* <p>The regex used to validate this parameter is a string of characters
		* consisting of upper- and lower-case alphanumeric characters with no spaces. You can
		* also include underscores or any of the following characters: =,.@-</p>
		*/
		RoleSessionName: string;
		/**
		* <p>The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity
		* provider. Your application must get this token by authenticating the user who is using your
		* application with a web identity provider before the application makes an
		* <code>AssumeRoleWithWebIdentity</code> call. </p>
		*/
		WebIdentityToken: string;
		}
		export interface FromTokenFileInit {
		/**
		* File location of where the `OIDC` token is stored.
		*/
		webIdentityTokenFile?: string;

		/**
		* The IAM role wanting to be assumed.
		*/
		roleArn?: string;

		/**
		* The IAM session name used to distinguish sessions.
		*/
		roleSessionName?: string;

		/**
		* A function that assumes a role with web identity and returns a promise fulfilled with
		* credentials for the assumed role.
		*
		* @param sourceCreds The credentials with which to assume a role.
		* @param params
		*/
		roleAssumerWithWebIdentity?: (params: AssumeRoleWithWebIdentityParams) => Promise<Credentials>;
		}
		@@ -63,18 +21,11 @@
		*/
		export const fromTokenFile = (init: FromTokenFileInit): CredentialProvider => async () => {
		const { webIdentityTokenFile, roleArn, roleSessionName, roleAssumerWithWebIdentity } = init;
		export const fromTokenFile = (init: FromTokenFileInit): CredentialProvider => {
		const { webIdentityTokenFile, roleArn, roleSessionName } = init;

		if (!roleAssumerWithWebIdentity) {
		throw new ProviderError(
		`Role Arn '${roleArn ?? process.env[ENV_ROLE_ARN]}' needs to be assumed with web identity,` +
		` but no role assumption callback was provided.`,
		false
		);
		}

		return roleAssumerWithWebIdentity({
		WebIdentityToken: readFileSync(webIdentityTokenFile ?? process.env[ENV_TOKEN_FILE]!, { encoding: "ascii" }),
		RoleArn: roleArn ?? process.env[ENV_ROLE_ARN]!,
		RoleSessionName: roleSessionName ?? process.env[ENV_ROLE_SESSION_NAME] ?? `aws-sdk-js-session-${Date.now()}`,
		return fromWebToken({
		...init,
		webIdentityToken: readFileSync(webIdentityTokenFile ?? process.env[ENV_TOKEN_FILE]!, { encoding: "ascii" }),
		roleArn: roleArn ?? process.env[ENV_ROLE_ARN]!,
		roleSessionName: roleSessionName ?? process.env[ENV_ROLE_SESSION_NAME],
		});
		};

src/index.ts

		export * from "./fromTokenFile";
		export * from "./fromWebToken";

dist/types/ts3.4/ts3.4/fromTokenFile.d.ts

dist/types/ts3.4/ts3.4/index.d.ts

dist/tsconfig.cjs.tsbuildinfo

Sorry, the diff of this file is not supported yet

dist/tsconfig.es.tsbuildinfo

Sorry, the diff of this file is not supported yet

New alerts

Improved metrics

Worsened metrics