@aws-sdk/credential-provider-web-identity
Advanced tools
Comparing version 3.10.0 to 3.11.0
@@ -6,2 +6,13 @@ # Change Log | ||
# [3.11.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.10.0...v3.11.0) (2021-04-01) | ||
### Features | ||
* **credential-provider-web-identity:** support web federated identity ([#2203](https://github.com/aws/aws-sdk-js-v3/issues/2203)) ([ff87e22](https://github.com/aws/aws-sdk-js-v3/commit/ff87e2297ac8748b0f2c26cdacfc5d19233889db)) | ||
# [3.10.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.9.0...v3.10.0) (2021-03-26) | ||
@@ -8,0 +19,0 @@ |
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.fromTokenFile = void 0; | ||
const property_provider_1 = require("@aws-sdk/property-provider"); | ||
const fs_1 = require("fs"); | ||
const fromWebToken_1 = require("./fromWebToken"); | ||
const ENV_TOKEN_FILE = "AWS_WEB_IDENTITY_TOKEN_FILE"; | ||
@@ -12,16 +12,12 @@ const ENV_ROLE_ARN = "AWS_ROLE_ARN"; | ||
*/ | ||
const fromTokenFile = (init) => async () => { | ||
var _a; | ||
const { webIdentityTokenFile, roleArn, roleSessionName, roleAssumerWithWebIdentity } = init; | ||
if (!roleAssumerWithWebIdentity) { | ||
throw new property_provider_1.ProviderError(`Role Arn '${roleArn !== null && roleArn !== void 0 ? roleArn : process.env[ENV_ROLE_ARN]}' needs to be assumed with web identity,` + | ||
` but no role assumption callback was provided.`, false); | ||
} | ||
return roleAssumerWithWebIdentity({ | ||
WebIdentityToken: fs_1.readFileSync(webIdentityTokenFile !== null && webIdentityTokenFile !== void 0 ? webIdentityTokenFile : process.env[ENV_TOKEN_FILE], { encoding: "ascii" }), | ||
RoleArn: roleArn !== null && roleArn !== void 0 ? roleArn : process.env[ENV_ROLE_ARN], | ||
RoleSessionName: (_a = roleSessionName !== null && roleSessionName !== void 0 ? roleSessionName : process.env[ENV_ROLE_SESSION_NAME]) !== null && _a !== void 0 ? _a : `aws-sdk-js-session-${Date.now()}`, | ||
const fromTokenFile = (init) => { | ||
const { webIdentityTokenFile, roleArn, roleSessionName } = init; | ||
return fromWebToken_1.fromWebToken({ | ||
...init, | ||
webIdentityToken: fs_1.readFileSync(webIdentityTokenFile !== null && webIdentityTokenFile !== void 0 ? webIdentityTokenFile : process.env[ENV_TOKEN_FILE], { encoding: "ascii" }), | ||
roleArn: roleArn !== null && roleArn !== void 0 ? roleArn : process.env[ENV_ROLE_ARN], | ||
roleSessionName: roleSessionName !== null && roleSessionName !== void 0 ? roleSessionName : process.env[ENV_ROLE_SESSION_NAME], | ||
}); | ||
}; | ||
exports.fromTokenFile = fromTokenFile; | ||
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZnJvbVRva2VuRmlsZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9mcm9tVG9rZW5GaWxlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLGtFQUEyRDtBQUUzRCwyQkFBa0M7QUFFbEMsTUFBTSxjQUFjLEdBQUcsNkJBQTZCLENBQUM7QUFDckQsTUFBTSxZQUFZLEdBQUcsY0FBYyxDQUFDO0FBQ3BDLE1BQU0scUJBQXFCLEdBQUcsdUJBQXVCLENBQUM7QUFvRHREOztHQUVHO0FBQ0ksTUFBTSxhQUFhLEdBQUcsQ0FBQyxJQUF1QixFQUFzQixFQUFFLENBQUMsS0FBSyxJQUFJLEVBQUU7O0lBQ3ZGLE1BQU0sRUFBRSxvQkFBb0IsRUFBRSxPQUFPLEVBQUUsZUFBZSxFQUFFLDBCQUEwQixFQUFFLEdBQUcsSUFBSSxDQUFDO0lBRTVGLElBQUksQ0FBQywwQkFBMEIsRUFBRTtRQUMvQixNQUFNLElBQUksaUNBQWEsQ0FDckIsYUFBYSxPQUFPLGFBQVAsT0FBTyxjQUFQLE9BQU8sR0FBSSxPQUFPLENBQUMsR0FBRyxDQUFDLFlBQVksQ0FBQywwQ0FBMEM7WUFDekYsZ0RBQWdELEVBQ2xELEtBQUssQ0FDTixDQUFDO0tBQ0g7SUFFRCxPQUFPLDBCQUEwQixDQUFDO1FBQ2hDLGdCQUFnQixFQUFFLGlCQUFZLENBQUMsb0JBQW9CLGFBQXBCLG9CQUFvQixjQUFwQixvQkFBb0IsR0FBSSxPQUFPLENBQUMsR0FBRyxDQUFDLGNBQWMsQ0FBRSxFQUFFLEVBQUUsUUFBUSxFQUFFLE9BQU8sRUFBRSxDQUFDO1FBQzNHLE9BQU8sRUFBRSxPQUFPLGFBQVAsT0FBTyxjQUFQLE9BQU8sR0FBSSxPQUFPLENBQUMsR0FBRyxDQUFDLFlBQVksQ0FBRTtRQUM5QyxlQUFlLFFBQUUsZUFBZSxhQUFmLGVBQWUsY0FBZixlQUFlLEdBQUksT0FBTyxDQUFDLEdBQUcsQ0FBQyxxQkFBcUIsQ0FBQyxtQ0FBSSxzQkFBc0IsSUFBSSxDQUFDLEdBQUcsRUFBRSxFQUFFO0tBQzdHLENBQUMsQ0FBQztBQUNMLENBQUMsQ0FBQztBQWhCVyxRQUFBLGFBQWEsaUJBZ0J4QiIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IFByb3ZpZGVyRXJyb3IgfSBmcm9tIFwiQGF3cy1zZGsvcHJvcGVydHktcHJvdmlkZXJcIjtcbmltcG9ydCB7IENyZWRlbnRpYWxQcm92aWRlciwgQ3JlZGVudGlhbHMgfSBmcm9tIFwiQGF3cy1zZGsvdHlwZXNcIjtcbmltcG9ydCB7IHJlYWRGaWxlU3luYyB9IGZyb20gXCJmc1wiO1xuXG5jb25zdCBFTlZfVE9LRU5fRklMRSA9IFwiQVdTX1dFQl9JREVOVElUWV9UT0tFTl9GSUxFXCI7XG5jb25zdCBFTlZfUk9MRV9BUk4gPSBcIkFXU19ST0xFX0FSTlwiO1xuY29uc3QgRU5WX1JPTEVfU0VTU0lPTl9OQU1FID0gXCJBV1NfUk9MRV9TRVNTSU9OX05BTUVcIjtcblxuZXhwb3J0IGludGVyZmFjZSBBc3N1bWVSb2xlV2l0aFdlYklkZW50aXR5UGFyYW1zIHtcbiAgLyoqXG4gICAqIDxwPlRoZSBBbWF6b24gUmVzb3VyY2UgTmFtZSAoQVJOKSBvZiB0aGUgcm9sZSB0aGF0IHRoZSBjYWxsZXIgaXMgYXNzdW1pbmcuPC9wPlxuICAgKi9cbiAgUm9sZUFybjogc3RyaW5nO1xuICAvKipcbiAgICogPHA+QW4gaWRlbnRpZmllciBmb3IgdGhlIGFzc3VtZWQgcm9sZSBzZXNzaW9uLiBUeXBpY2FsbHksIHlvdSBwYXNzIHRoZSBuYW1lIG9yIGlkZW50aWZpZXJcbiAgICogICAgICAgICAgdGhhdCBpcyBhc3NvY2lhdGVkIHdpdGggdGhlIHVzZXIgd2hvIGlzIHVzaW5nIHlvdXIgYXBwbGljYXRpb24uIFRoYXQgd2F5LCB0aGUgdGVtcG9yYXJ5XG4gICAqICAgICAgICAgIHNlY3VyaXR5IGNyZWRlbnRpYWxzIHRoYXQgeW91ciBhcHBsaWNhdGlvbiB3aWxsIHVzZSBhcmUgYXNzb2NpYXRlZCB3aXRoIHRoYXQgdXNlci4gVGhpc1xuICAgKiAgICAgICAgICBzZXNzaW9uIG5hbWUgaXMgaW5jbHVkZWQgYXMgcGFydCBvZiB0aGUgQVJOIGFuZCBhc3N1bWVkIHJvbGUgSUQgaW4gdGhlXG4gICAqICAgICAgICAgICAgIDxjb2RlPkFzc3VtZWRSb2xlVXNlcjwvY29kZT4gcmVzcG9uc2UgZWxlbWVudC48L3A+XG4gICAqICAgICAgICAgIDxwPlRoZSByZWdleCB1c2VkIHRvIHZhbGlkYXRlIHRoaXMgcGFyYW1ldGVyIGlzIGEgc3RyaW5nIG9mIGNoYXJhY3RlcnNcbiAgICogICAgIGNvbnNpc3Rpbmcgb2YgdXBwZXItIGFuZCBsb3dlci1jYXNlIGFscGhhbnVtZXJpYyBjaGFyYWN0ZXJzIHdpdGggbm8gc3BhY2VzLiBZb3UgY2FuXG4gICAqICAgICBhbHNvIGluY2x1ZGUgdW5kZXJzY29yZXMgb3IgYW55IG9mIHRoZSBmb2xsb3dpbmcgY2hhcmFjdGVyczogPSwuQC08L3A+XG4gICAqL1xuICBSb2xlU2Vzc2lvbk5hbWU6IHN0cmluZztcbiAgLyoqXG4gICAqIDxwPlRoZSBPQXV0aCAyLjAgYWNjZXNzIHRva2VuIG9yIE9wZW5JRCBDb25uZWN0IElEIHRva2VuIHRoYXQgaXMgcHJvdmlkZWQgYnkgdGhlIGlkZW50aXR5XG4gICAqICAgICAgICAgIHByb3ZpZGVyLiBZb3VyIGFwcGxpY2F0aW9uIG11c3QgZ2V0IHRoaXMgdG9rZW4gYnkgYXV0aGVudGljYXRpbmcgdGhlIHVzZXIgd2hvIGlzIHVzaW5nIHlvdXJcbiAgICogICAgICAgICAgYXBwbGljYXRpb24gd2l0aCBhIHdlYiBpZGVudGl0eSBwcm92aWRlciBiZWZvcmUgdGhlIGFwcGxpY2F0aW9uIG1ha2VzIGFuXG4gICAqICAgICAgICAgICAgIDxjb2RlPkFzc3VtZVJvbGVXaXRoV2ViSWRlbnRpdHk8L2NvZGU+IGNhbGwuIDwvcD5cbiAgICovXG4gIFdlYklkZW50aXR5VG9rZW46IHN0cmluZztcbn1cbmV4cG9ydCBpbnRlcmZhY2UgRnJvbVRva2VuRmlsZUluaXQge1xuICAvKipcbiAgICogRmlsZSBsb2NhdGlvbiBvZiB3aGVyZSB0aGUgYE9JRENgIHRva2VuIGlzIHN0b3JlZC5cbiAgICovXG4gIHdlYklkZW50aXR5VG9rZW5GaWxlPzogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBUaGUgSUFNIHJvbGUgd2FudGluZyB0byBiZSBhc3N1bWVkLlxuICAgKi9cbiAgcm9sZUFybj86IHN0cmluZztcblxuICAvKipcbiAgICogVGhlIElBTSBzZXNzaW9uIG5hbWUgdXNlZCB0byBkaXN0aW5ndWlzaCBzZXNzaW9ucy5cbiAgICovXG4gIHJvbGVTZXNzaW9uTmFtZT86IHN0cmluZztcblxuICAvKipcbiAgICogQSBmdW5jdGlvbiB0aGF0IGFzc3VtZXMgYSByb2xlIHdpdGggd2ViIGlkZW50aXR5IGFuZCByZXR1cm5zIGEgcHJvbWlzZSBmdWxmaWxsZWQgd2l0aFxuICAgKiBjcmVkZW50aWFscyBmb3IgdGhlIGFzc3VtZWQgcm9sZS5cbiAgICpcbiAgICogQHBhcmFtIHNvdXJjZUNyZWRzIFRoZSBjcmVkZW50aWFscyB3aXRoIHdoaWNoIHRvIGFzc3VtZSBhIHJvbGUuXG4gICAqIEBwYXJhbSBwYXJhbXNcbiAgICovXG4gIHJvbGVBc3N1bWVyV2l0aFdlYklkZW50aXR5PzogKHBhcmFtczogQXNzdW1lUm9sZVdpdGhXZWJJZGVudGl0eVBhcmFtcykgPT4gUHJvbWlzZTxDcmVkZW50aWFscz47XG59XG5cbi8qKlxuICogUmVwcmVzZW50cyBPSURDIGNyZWRlbnRpYWxzIGZyb20gYSBmaWxlIG9uIGRpc2suXG4gKi9cbmV4cG9ydCBjb25zdCBmcm9tVG9rZW5GaWxlID0gKGluaXQ6IEZyb21Ub2tlbkZpbGVJbml0KTogQ3JlZGVudGlhbFByb3ZpZGVyID0+IGFzeW5jICgpID0+IHtcbiAgY29uc3QgeyB3ZWJJZGVudGl0eVRva2VuRmlsZSwgcm9sZUFybiwgcm9sZVNlc3Npb25OYW1lLCByb2xlQXNzdW1lcldpdGhXZWJJZGVudGl0eSB9ID0gaW5pdDtcblxuICBpZiAoIXJvbGVBc3N1bWVyV2l0aFdlYklkZW50aXR5KSB7XG4gICAgdGhyb3cgbmV3IFByb3ZpZGVyRXJyb3IoXG4gICAgICBgUm9sZSBBcm4gJyR7cm9sZUFybiA/PyBwcm9jZXNzLmVudltFTlZfUk9MRV9BUk5dfScgbmVlZHMgdG8gYmUgYXNzdW1lZCB3aXRoIHdlYiBpZGVudGl0eSxgICtcbiAgICAgICAgYCBidXQgbm8gcm9sZSBhc3N1bXB0aW9uIGNhbGxiYWNrIHdhcyBwcm92aWRlZC5gLFxuICAgICAgZmFsc2VcbiAgICApO1xuICB9XG5cbiAgcmV0dXJuIHJvbGVBc3N1bWVyV2l0aFdlYklkZW50aXR5KHtcbiAgICBXZWJJZGVudGl0eVRva2VuOiByZWFkRmlsZVN5bmMod2ViSWRlbnRpdHlUb2tlbkZpbGUgPz8gcHJvY2Vzcy5lbnZbRU5WX1RPS0VOX0ZJTEVdISwgeyBlbmNvZGluZzogXCJhc2NpaVwiIH0pLFxuICAgIFJvbGVBcm46IHJvbGVBcm4gPz8gcHJvY2Vzcy5lbnZbRU5WX1JPTEVfQVJOXSEsXG4gICAgUm9sZVNlc3Npb25OYW1lOiByb2xlU2Vzc2lvbk5hbWUgPz8gcHJvY2Vzcy5lbnZbRU5WX1JPTEVfU0VTU0lPTl9OQU1FXSA/PyBgYXdzLXNkay1qcy1zZXNzaW9uLSR7RGF0ZS5ub3coKX1gLFxuICB9KTtcbn07XG4iXX0= | ||
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZnJvbVRva2VuRmlsZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9mcm9tVG9rZW5GaWxlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUNBLDJCQUFrQztBQUVsQyxpREFBZ0U7QUFFaEUsTUFBTSxjQUFjLEdBQUcsNkJBQTZCLENBQUM7QUFDckQsTUFBTSxZQUFZLEdBQUcsY0FBYyxDQUFDO0FBQ3BDLE1BQU0scUJBQXFCLEdBQUcsdUJBQXVCLENBQUM7QUFTdEQ7O0dBRUc7QUFDSSxNQUFNLGFBQWEsR0FBRyxDQUFDLElBQXVCLEVBQXNCLEVBQUU7SUFDM0UsTUFBTSxFQUFFLG9CQUFvQixFQUFFLE9BQU8sRUFBRSxlQUFlLEVBQUUsR0FBRyxJQUFJLENBQUM7SUFFaEUsT0FBTywyQkFBWSxDQUFDO1FBQ2xCLEdBQUcsSUFBSTtRQUNQLGdCQUFnQixFQUFFLGlCQUFZLENBQUMsb0JBQW9CLGFBQXBCLG9CQUFvQixjQUFwQixvQkFBb0IsR0FBSSxPQUFPLENBQUMsR0FBRyxDQUFDLGNBQWMsQ0FBRSxFQUFFLEVBQUUsUUFBUSxFQUFFLE9BQU8sRUFBRSxDQUFDO1FBQzNHLE9BQU8sRUFBRSxPQUFPLGFBQVAsT0FBTyxjQUFQLE9BQU8sR0FBSSxPQUFPLENBQUMsR0FBRyxDQUFDLFlBQVksQ0FBRTtRQUM5QyxlQUFlLEVBQUUsZUFBZSxhQUFmLGVBQWUsY0FBZixlQUFlLEdBQUksT0FBTyxDQUFDLEdBQUcsQ0FBQyxxQkFBcUIsQ0FBQztLQUN2RSxDQUFDLENBQUM7QUFDTCxDQUFDLENBQUM7QUFUVyxRQUFBLGFBQWEsaUJBU3hCIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgQ3JlZGVudGlhbFByb3ZpZGVyIH0gZnJvbSBcIkBhd3Mtc2RrL3R5cGVzXCI7XG5pbXBvcnQgeyByZWFkRmlsZVN5bmMgfSBmcm9tIFwiZnNcIjtcblxuaW1wb3J0IHsgZnJvbVdlYlRva2VuLCBGcm9tV2ViVG9rZW5Jbml0IH0gZnJvbSBcIi4vZnJvbVdlYlRva2VuXCI7XG5cbmNvbnN0IEVOVl9UT0tFTl9GSUxFID0gXCJBV1NfV0VCX0lERU5USVRZX1RPS0VOX0ZJTEVcIjtcbmNvbnN0IEVOVl9ST0xFX0FSTiA9IFwiQVdTX1JPTEVfQVJOXCI7XG5jb25zdCBFTlZfUk9MRV9TRVNTSU9OX05BTUUgPSBcIkFXU19ST0xFX1NFU1NJT05fTkFNRVwiO1xuXG5leHBvcnQgaW50ZXJmYWNlIEZyb21Ub2tlbkZpbGVJbml0IGV4dGVuZHMgUGFydGlhbDxPbWl0PEZyb21XZWJUb2tlbkluaXQsIFwid2ViSWRlbnRpdHlUb2tlblwiPj4ge1xuICAvKipcbiAgICogRmlsZSBsb2NhdGlvbiBvZiB3aGVyZSB0aGUgYE9JRENgIHRva2VuIGlzIHN0b3JlZC5cbiAgICovXG4gIHdlYklkZW50aXR5VG9rZW5GaWxlPzogc3RyaW5nO1xufVxuXG4vKipcbiAqIFJlcHJlc2VudHMgT0lEQyBjcmVkZW50aWFscyBmcm9tIGEgZmlsZSBvbiBkaXNrLlxuICovXG5leHBvcnQgY29uc3QgZnJvbVRva2VuRmlsZSA9IChpbml0OiBGcm9tVG9rZW5GaWxlSW5pdCk6IENyZWRlbnRpYWxQcm92aWRlciA9PiB7XG4gIGNvbnN0IHsgd2ViSWRlbnRpdHlUb2tlbkZpbGUsIHJvbGVBcm4sIHJvbGVTZXNzaW9uTmFtZSB9ID0gaW5pdDtcblxuICByZXR1cm4gZnJvbVdlYlRva2VuKHtcbiAgICAuLi5pbml0LFxuICAgIHdlYklkZW50aXR5VG9rZW46IHJlYWRGaWxlU3luYyh3ZWJJZGVudGl0eVRva2VuRmlsZSA/PyBwcm9jZXNzLmVudltFTlZfVE9LRU5fRklMRV0hLCB7IGVuY29kaW5nOiBcImFzY2lpXCIgfSksXG4gICAgcm9sZUFybjogcm9sZUFybiA/PyBwcm9jZXNzLmVudltFTlZfUk9MRV9BUk5dISxcbiAgICByb2xlU2Vzc2lvbk5hbWU6IHJvbGVTZXNzaW9uTmFtZSA/PyBwcm9jZXNzLmVudltFTlZfUk9MRV9TRVNTSU9OX05BTUVdLFxuICB9KTtcbn07XG4iXX0= |
@@ -5,2 +5,3 @@ "use strict"; | ||
tslib_1.__exportStar(require("./fromTokenFile"), exports); | ||
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsMERBQWdDIiwic291cmNlc0NvbnRlbnQiOlsiZXhwb3J0ICogZnJvbSBcIi4vZnJvbVRva2VuRmlsZVwiO1xuIl19 | ||
tslib_1.__exportStar(require("./fromWebToken"), exports); | ||
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsMERBQWdDO0FBQ2hDLHlEQUErQiIsInNvdXJjZXNDb250ZW50IjpbImV4cG9ydCAqIGZyb20gXCIuL2Zyb21Ub2tlbkZpbGVcIjtcbmV4cG9ydCAqIGZyb20gXCIuL2Zyb21XZWJUb2tlblwiO1xuIl19 |
@@ -1,4 +0,4 @@ | ||
import { __awaiter, __generator } from "tslib"; | ||
import { ProviderError } from "@aws-sdk/property-provider"; | ||
import { __assign } from "tslib"; | ||
import { readFileSync } from "fs"; | ||
import { fromWebToken } from "./fromWebToken"; | ||
var ENV_TOKEN_FILE = "AWS_WEB_IDENTITY_TOKEN_FILE"; | ||
@@ -10,18 +10,6 @@ var ENV_ROLE_ARN = "AWS_ROLE_ARN"; | ||
*/ | ||
export var fromTokenFile = function (init) { return function () { return __awaiter(void 0, void 0, void 0, function () { | ||
var webIdentityTokenFile, roleArn, roleSessionName, roleAssumerWithWebIdentity; | ||
var _a; | ||
return __generator(this, function (_b) { | ||
webIdentityTokenFile = init.webIdentityTokenFile, roleArn = init.roleArn, roleSessionName = init.roleSessionName, roleAssumerWithWebIdentity = init.roleAssumerWithWebIdentity; | ||
if (!roleAssumerWithWebIdentity) { | ||
throw new ProviderError("Role Arn '" + (roleArn !== null && roleArn !== void 0 ? roleArn : process.env[ENV_ROLE_ARN]) + "' needs to be assumed with web identity," + | ||
" but no role assumption callback was provided.", false); | ||
} | ||
return [2 /*return*/, roleAssumerWithWebIdentity({ | ||
WebIdentityToken: readFileSync(webIdentityTokenFile !== null && webIdentityTokenFile !== void 0 ? webIdentityTokenFile : process.env[ENV_TOKEN_FILE], { encoding: "ascii" }), | ||
RoleArn: roleArn !== null && roleArn !== void 0 ? roleArn : process.env[ENV_ROLE_ARN], | ||
RoleSessionName: (_a = roleSessionName !== null && roleSessionName !== void 0 ? roleSessionName : process.env[ENV_ROLE_SESSION_NAME]) !== null && _a !== void 0 ? _a : "aws-sdk-js-session-" + Date.now(), | ||
})]; | ||
}); | ||
}); }; }; | ||
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZnJvbVRva2VuRmlsZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9mcm9tVG9rZW5GaWxlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQSxPQUFPLEVBQUUsYUFBYSxFQUFFLE1BQU0sNEJBQTRCLENBQUM7QUFFM0QsT0FBTyxFQUFFLFlBQVksRUFBRSxNQUFNLElBQUksQ0FBQztBQUVsQyxJQUFNLGNBQWMsR0FBRyw2QkFBNkIsQ0FBQztBQUNyRCxJQUFNLFlBQVksR0FBRyxjQUFjLENBQUM7QUFDcEMsSUFBTSxxQkFBcUIsR0FBRyx1QkFBdUIsQ0FBQztBQW9EdEQ7O0dBRUc7QUFDSCxNQUFNLENBQUMsSUFBTSxhQUFhLEdBQUcsVUFBQyxJQUF1QixJQUF5QixPQUFBOzs7O1FBQ3BFLG9CQUFvQixHQUEyRCxJQUFJLHFCQUEvRCxFQUFFLE9BQU8sR0FBa0QsSUFBSSxRQUF0RCxFQUFFLGVBQWUsR0FBaUMsSUFBSSxnQkFBckMsRUFBRSwwQkFBMEIsR0FBSyxJQUFJLDJCQUFULENBQVU7UUFFNUYsSUFBSSxDQUFDLDBCQUEwQixFQUFFO1lBQy9CLE1BQU0sSUFBSSxhQUFhLENBQ3JCLGdCQUFhLE9BQU8sYUFBUCxPQUFPLGNBQVAsT0FBTyxHQUFJLE9BQU8sQ0FBQyxHQUFHLENBQUMsWUFBWSxDQUFDLDhDQUEwQztnQkFDekYsZ0RBQWdELEVBQ2xELEtBQUssQ0FDTixDQUFDO1NBQ0g7UUFFRCxzQkFBTywwQkFBMEIsQ0FBQztnQkFDaEMsZ0JBQWdCLEVBQUUsWUFBWSxDQUFDLG9CQUFvQixhQUFwQixvQkFBb0IsY0FBcEIsb0JBQW9CLEdBQUksT0FBTyxDQUFDLEdBQUcsQ0FBQyxjQUFjLENBQUUsRUFBRSxFQUFFLFFBQVEsRUFBRSxPQUFPLEVBQUUsQ0FBQztnQkFDM0csT0FBTyxFQUFFLE9BQU8sYUFBUCxPQUFPLGNBQVAsT0FBTyxHQUFJLE9BQU8sQ0FBQyxHQUFHLENBQUMsWUFBWSxDQUFFO2dCQUM5QyxlQUFlLFFBQUUsZUFBZSxhQUFmLGVBQWUsY0FBZixlQUFlLEdBQUksT0FBTyxDQUFDLEdBQUcsQ0FBQyxxQkFBcUIsQ0FBQyxtQ0FBSSx3QkFBc0IsSUFBSSxDQUFDLEdBQUcsRUFBSTthQUM3RyxDQUFDLEVBQUM7O0tBQ0osRUFoQjZFLENBZ0I3RSxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgUHJvdmlkZXJFcnJvciB9IGZyb20gXCJAYXdzLXNkay9wcm9wZXJ0eS1wcm92aWRlclwiO1xuaW1wb3J0IHsgQ3JlZGVudGlhbFByb3ZpZGVyLCBDcmVkZW50aWFscyB9IGZyb20gXCJAYXdzLXNkay90eXBlc1wiO1xuaW1wb3J0IHsgcmVhZEZpbGVTeW5jIH0gZnJvbSBcImZzXCI7XG5cbmNvbnN0IEVOVl9UT0tFTl9GSUxFID0gXCJBV1NfV0VCX0lERU5USVRZX1RPS0VOX0ZJTEVcIjtcbmNvbnN0IEVOVl9ST0xFX0FSTiA9IFwiQVdTX1JPTEVfQVJOXCI7XG5jb25zdCBFTlZfUk9MRV9TRVNTSU9OX05BTUUgPSBcIkFXU19ST0xFX1NFU1NJT05fTkFNRVwiO1xuXG5leHBvcnQgaW50ZXJmYWNlIEFzc3VtZVJvbGVXaXRoV2ViSWRlbnRpdHlQYXJhbXMge1xuICAvKipcbiAgICogPHA+VGhlIEFtYXpvbiBSZXNvdXJjZSBOYW1lIChBUk4pIG9mIHRoZSByb2xlIHRoYXQgdGhlIGNhbGxlciBpcyBhc3N1bWluZy48L3A+XG4gICAqL1xuICBSb2xlQXJuOiBzdHJpbmc7XG4gIC8qKlxuICAgKiA8cD5BbiBpZGVudGlmaWVyIGZvciB0aGUgYXNzdW1lZCByb2xlIHNlc3Npb24uIFR5cGljYWxseSwgeW91IHBhc3MgdGhlIG5hbWUgb3IgaWRlbnRpZmllclxuICAgKiAgICAgICAgICB0aGF0IGlzIGFzc29jaWF0ZWQgd2l0aCB0aGUgdXNlciB3aG8gaXMgdXNpbmcgeW91ciBhcHBsaWNhdGlvbi4gVGhhdCB3YXksIHRoZSB0ZW1wb3JhcnlcbiAgICogICAgICAgICAgc2VjdXJpdHkgY3JlZGVudGlhbHMgdGhhdCB5b3VyIGFwcGxpY2F0aW9uIHdpbGwgdXNlIGFyZSBhc3NvY2lhdGVkIHdpdGggdGhhdCB1c2VyLiBUaGlzXG4gICAqICAgICAgICAgIHNlc3Npb24gbmFtZSBpcyBpbmNsdWRlZCBhcyBwYXJ0IG9mIHRoZSBBUk4gYW5kIGFzc3VtZWQgcm9sZSBJRCBpbiB0aGVcbiAgICogICAgICAgICAgICAgPGNvZGU+QXNzdW1lZFJvbGVVc2VyPC9jb2RlPiByZXNwb25zZSBlbGVtZW50LjwvcD5cbiAgICogICAgICAgICAgPHA+VGhlIHJlZ2V4IHVzZWQgdG8gdmFsaWRhdGUgdGhpcyBwYXJhbWV0ZXIgaXMgYSBzdHJpbmcgb2YgY2hhcmFjdGVyc1xuICAgKiAgICAgY29uc2lzdGluZyBvZiB1cHBlci0gYW5kIGxvd2VyLWNhc2UgYWxwaGFudW1lcmljIGNoYXJhY3RlcnMgd2l0aCBubyBzcGFjZXMuIFlvdSBjYW5cbiAgICogICAgIGFsc28gaW5jbHVkZSB1bmRlcnNjb3JlcyBvciBhbnkgb2YgdGhlIGZvbGxvd2luZyBjaGFyYWN0ZXJzOiA9LC5ALTwvcD5cbiAgICovXG4gIFJvbGVTZXNzaW9uTmFtZTogc3RyaW5nO1xuICAvKipcbiAgICogPHA+VGhlIE9BdXRoIDIuMCBhY2Nlc3MgdG9rZW4gb3IgT3BlbklEIENvbm5lY3QgSUQgdG9rZW4gdGhhdCBpcyBwcm92aWRlZCBieSB0aGUgaWRlbnRpdHlcbiAgICogICAgICAgICAgcHJvdmlkZXIuIFlvdXIgYXBwbGljYXRpb24gbXVzdCBnZXQgdGhpcyB0b2tlbiBieSBhdXRoZW50aWNhdGluZyB0aGUgdXNlciB3aG8gaXMgdXNpbmcgeW91clxuICAgKiAgICAgICAgICBhcHBsaWNhdGlvbiB3aXRoIGEgd2ViIGlkZW50aXR5IHByb3ZpZGVyIGJlZm9yZSB0aGUgYXBwbGljYXRpb24gbWFrZXMgYW5cbiAgICogICAgICAgICAgICAgPGNvZGU+QXNzdW1lUm9sZVdpdGhXZWJJZGVudGl0eTwvY29kZT4gY2FsbC4gPC9wPlxuICAgKi9cbiAgV2ViSWRlbnRpdHlUb2tlbjogc3RyaW5nO1xufVxuZXhwb3J0IGludGVyZmFjZSBGcm9tVG9rZW5GaWxlSW5pdCB7XG4gIC8qKlxuICAgKiBGaWxlIGxvY2F0aW9uIG9mIHdoZXJlIHRoZSBgT0lEQ2AgdG9rZW4gaXMgc3RvcmVkLlxuICAgKi9cbiAgd2ViSWRlbnRpdHlUb2tlbkZpbGU/OiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIFRoZSBJQU0gcm9sZSB3YW50aW5nIHRvIGJlIGFzc3VtZWQuXG4gICAqL1xuICByb2xlQXJuPzogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBUaGUgSUFNIHNlc3Npb24gbmFtZSB1c2VkIHRvIGRpc3Rpbmd1aXNoIHNlc3Npb25zLlxuICAgKi9cbiAgcm9sZVNlc3Npb25OYW1lPzogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBBIGZ1bmN0aW9uIHRoYXQgYXNzdW1lcyBhIHJvbGUgd2l0aCB3ZWIgaWRlbnRpdHkgYW5kIHJldHVybnMgYSBwcm9taXNlIGZ1bGZpbGxlZCB3aXRoXG4gICAqIGNyZWRlbnRpYWxzIGZvciB0aGUgYXNzdW1lZCByb2xlLlxuICAgKlxuICAgKiBAcGFyYW0gc291cmNlQ3JlZHMgVGhlIGNyZWRlbnRpYWxzIHdpdGggd2hpY2ggdG8gYXNzdW1lIGEgcm9sZS5cbiAgICogQHBhcmFtIHBhcmFtc1xuICAgKi9cbiAgcm9sZUFzc3VtZXJXaXRoV2ViSWRlbnRpdHk/OiAocGFyYW1zOiBBc3N1bWVSb2xlV2l0aFdlYklkZW50aXR5UGFyYW1zKSA9PiBQcm9taXNlPENyZWRlbnRpYWxzPjtcbn1cblxuLyoqXG4gKiBSZXByZXNlbnRzIE9JREMgY3JlZGVudGlhbHMgZnJvbSBhIGZpbGUgb24gZGlzay5cbiAqL1xuZXhwb3J0IGNvbnN0IGZyb21Ub2tlbkZpbGUgPSAoaW5pdDogRnJvbVRva2VuRmlsZUluaXQpOiBDcmVkZW50aWFsUHJvdmlkZXIgPT4gYXN5bmMgKCkgPT4ge1xuICBjb25zdCB7IHdlYklkZW50aXR5VG9rZW5GaWxlLCByb2xlQXJuLCByb2xlU2Vzc2lvbk5hbWUsIHJvbGVBc3N1bWVyV2l0aFdlYklkZW50aXR5IH0gPSBpbml0O1xuXG4gIGlmICghcm9sZUFzc3VtZXJXaXRoV2ViSWRlbnRpdHkpIHtcbiAgICB0aHJvdyBuZXcgUHJvdmlkZXJFcnJvcihcbiAgICAgIGBSb2xlIEFybiAnJHtyb2xlQXJuID8/IHByb2Nlc3MuZW52W0VOVl9ST0xFX0FSTl19JyBuZWVkcyB0byBiZSBhc3N1bWVkIHdpdGggd2ViIGlkZW50aXR5LGAgK1xuICAgICAgICBgIGJ1dCBubyByb2xlIGFzc3VtcHRpb24gY2FsbGJhY2sgd2FzIHByb3ZpZGVkLmAsXG4gICAgICBmYWxzZVxuICAgICk7XG4gIH1cblxuICByZXR1cm4gcm9sZUFzc3VtZXJXaXRoV2ViSWRlbnRpdHkoe1xuICAgIFdlYklkZW50aXR5VG9rZW46IHJlYWRGaWxlU3luYyh3ZWJJZGVudGl0eVRva2VuRmlsZSA/PyBwcm9jZXNzLmVudltFTlZfVE9LRU5fRklMRV0hLCB7IGVuY29kaW5nOiBcImFzY2lpXCIgfSksXG4gICAgUm9sZUFybjogcm9sZUFybiA/PyBwcm9jZXNzLmVudltFTlZfUk9MRV9BUk5dISxcbiAgICBSb2xlU2Vzc2lvbk5hbWU6IHJvbGVTZXNzaW9uTmFtZSA/PyBwcm9jZXNzLmVudltFTlZfUk9MRV9TRVNTSU9OX05BTUVdID8/IGBhd3Mtc2RrLWpzLXNlc3Npb24tJHtEYXRlLm5vdygpfWAsXG4gIH0pO1xufTtcbiJdfQ== | ||
export var fromTokenFile = function (init) { | ||
var webIdentityTokenFile = init.webIdentityTokenFile, roleArn = init.roleArn, roleSessionName = init.roleSessionName; | ||
return fromWebToken(__assign(__assign({}, init), { webIdentityToken: readFileSync(webIdentityTokenFile !== null && webIdentityTokenFile !== void 0 ? webIdentityTokenFile : process.env[ENV_TOKEN_FILE], { encoding: "ascii" }), roleArn: roleArn !== null && roleArn !== void 0 ? roleArn : process.env[ENV_ROLE_ARN], roleSessionName: roleSessionName !== null && roleSessionName !== void 0 ? roleSessionName : process.env[ENV_ROLE_SESSION_NAME] })); | ||
}; | ||
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZnJvbVRva2VuRmlsZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9mcm9tVG9rZW5GaWxlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFDQSxPQUFPLEVBQUUsWUFBWSxFQUFFLE1BQU0sSUFBSSxDQUFDO0FBRWxDLE9BQU8sRUFBRSxZQUFZLEVBQW9CLE1BQU0sZ0JBQWdCLENBQUM7QUFFaEUsSUFBTSxjQUFjLEdBQUcsNkJBQTZCLENBQUM7QUFDckQsSUFBTSxZQUFZLEdBQUcsY0FBYyxDQUFDO0FBQ3BDLElBQU0scUJBQXFCLEdBQUcsdUJBQXVCLENBQUM7QUFTdEQ7O0dBRUc7QUFDSCxNQUFNLENBQUMsSUFBTSxhQUFhLEdBQUcsVUFBQyxJQUF1QjtJQUMzQyxJQUFBLG9CQUFvQixHQUErQixJQUFJLHFCQUFuQyxFQUFFLE9BQU8sR0FBc0IsSUFBSSxRQUExQixFQUFFLGVBQWUsR0FBSyxJQUFJLGdCQUFULENBQVU7SUFFaEUsT0FBTyxZQUFZLHVCQUNkLElBQUksS0FDUCxnQkFBZ0IsRUFBRSxZQUFZLENBQUMsb0JBQW9CLGFBQXBCLG9CQUFvQixjQUFwQixvQkFBb0IsR0FBSSxPQUFPLENBQUMsR0FBRyxDQUFDLGNBQWMsQ0FBRSxFQUFFLEVBQUUsUUFBUSxFQUFFLE9BQU8sRUFBRSxDQUFDLEVBQzNHLE9BQU8sRUFBRSxPQUFPLGFBQVAsT0FBTyxjQUFQLE9BQU8sR0FBSSxPQUFPLENBQUMsR0FBRyxDQUFDLFlBQVksQ0FBRSxFQUM5QyxlQUFlLEVBQUUsZUFBZSxhQUFmLGVBQWUsY0FBZixlQUFlLEdBQUksT0FBTyxDQUFDLEdBQUcsQ0FBQyxxQkFBcUIsQ0FBQyxJQUN0RSxDQUFDO0FBQ0wsQ0FBQyxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgQ3JlZGVudGlhbFByb3ZpZGVyIH0gZnJvbSBcIkBhd3Mtc2RrL3R5cGVzXCI7XG5pbXBvcnQgeyByZWFkRmlsZVN5bmMgfSBmcm9tIFwiZnNcIjtcblxuaW1wb3J0IHsgZnJvbVdlYlRva2VuLCBGcm9tV2ViVG9rZW5Jbml0IH0gZnJvbSBcIi4vZnJvbVdlYlRva2VuXCI7XG5cbmNvbnN0IEVOVl9UT0tFTl9GSUxFID0gXCJBV1NfV0VCX0lERU5USVRZX1RPS0VOX0ZJTEVcIjtcbmNvbnN0IEVOVl9ST0xFX0FSTiA9IFwiQVdTX1JPTEVfQVJOXCI7XG5jb25zdCBFTlZfUk9MRV9TRVNTSU9OX05BTUUgPSBcIkFXU19ST0xFX1NFU1NJT05fTkFNRVwiO1xuXG5leHBvcnQgaW50ZXJmYWNlIEZyb21Ub2tlbkZpbGVJbml0IGV4dGVuZHMgUGFydGlhbDxPbWl0PEZyb21XZWJUb2tlbkluaXQsIFwid2ViSWRlbnRpdHlUb2tlblwiPj4ge1xuICAvKipcbiAgICogRmlsZSBsb2NhdGlvbiBvZiB3aGVyZSB0aGUgYE9JRENgIHRva2VuIGlzIHN0b3JlZC5cbiAgICovXG4gIHdlYklkZW50aXR5VG9rZW5GaWxlPzogc3RyaW5nO1xufVxuXG4vKipcbiAqIFJlcHJlc2VudHMgT0lEQyBjcmVkZW50aWFscyBmcm9tIGEgZmlsZSBvbiBkaXNrLlxuICovXG5leHBvcnQgY29uc3QgZnJvbVRva2VuRmlsZSA9IChpbml0OiBGcm9tVG9rZW5GaWxlSW5pdCk6IENyZWRlbnRpYWxQcm92aWRlciA9PiB7XG4gIGNvbnN0IHsgd2ViSWRlbnRpdHlUb2tlbkZpbGUsIHJvbGVBcm4sIHJvbGVTZXNzaW9uTmFtZSB9ID0gaW5pdDtcblxuICByZXR1cm4gZnJvbVdlYlRva2VuKHtcbiAgICAuLi5pbml0LFxuICAgIHdlYklkZW50aXR5VG9rZW46IHJlYWRGaWxlU3luYyh3ZWJJZGVudGl0eVRva2VuRmlsZSA/PyBwcm9jZXNzLmVudltFTlZfVE9LRU5fRklMRV0hLCB7IGVuY29kaW5nOiBcImFzY2lpXCIgfSksXG4gICAgcm9sZUFybjogcm9sZUFybiA/PyBwcm9jZXNzLmVudltFTlZfUk9MRV9BUk5dISxcbiAgICByb2xlU2Vzc2lvbk5hbWU6IHJvbGVTZXNzaW9uTmFtZSA/PyBwcm9jZXNzLmVudltFTlZfUk9MRV9TRVNTSU9OX05BTUVdLFxuICB9KTtcbn07XG4iXX0= |
export * from "./fromTokenFile"; | ||
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsY0FBYyxpQkFBaUIsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbImV4cG9ydCAqIGZyb20gXCIuL2Zyb21Ub2tlbkZpbGVcIjtcbiJdfQ== | ||
export * from "./fromWebToken"; | ||
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsY0FBYyxpQkFBaUIsQ0FBQztBQUNoQyxjQUFjLGdCQUFnQixDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiZXhwb3J0ICogZnJvbSBcIi4vZnJvbVRva2VuRmlsZVwiO1xuZXhwb3J0ICogZnJvbSBcIi4vZnJvbVdlYlRva2VuXCI7XG4iXX0= |
@@ -1,47 +0,8 @@ | ||
import { CredentialProvider, Credentials } from "@aws-sdk/types"; | ||
export interface AssumeRoleWithWebIdentityParams { | ||
import { CredentialProvider } from "@aws-sdk/types"; | ||
import { FromWebTokenInit } from "./fromWebToken"; | ||
export interface FromTokenFileInit extends Partial<Omit<FromWebTokenInit, "webIdentityToken">> { | ||
/** | ||
* <p>The Amazon Resource Name (ARN) of the role that the caller is assuming.</p> | ||
*/ | ||
RoleArn: string; | ||
/** | ||
* <p>An identifier for the assumed role session. Typically, you pass the name or identifier | ||
* that is associated with the user who is using your application. That way, the temporary | ||
* security credentials that your application will use are associated with that user. This | ||
* session name is included as part of the ARN and assumed role ID in the | ||
* <code>AssumedRoleUser</code> response element.</p> | ||
* <p>The regex used to validate this parameter is a string of characters | ||
* consisting of upper- and lower-case alphanumeric characters with no spaces. You can | ||
* also include underscores or any of the following characters: =,.@-</p> | ||
*/ | ||
RoleSessionName: string; | ||
/** | ||
* <p>The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity | ||
* provider. Your application must get this token by authenticating the user who is using your | ||
* application with a web identity provider before the application makes an | ||
* <code>AssumeRoleWithWebIdentity</code> call. </p> | ||
*/ | ||
WebIdentityToken: string; | ||
} | ||
export interface FromTokenFileInit { | ||
/** | ||
* File location of where the `OIDC` token is stored. | ||
*/ | ||
webIdentityTokenFile?: string; | ||
/** | ||
* The IAM role wanting to be assumed. | ||
*/ | ||
roleArn?: string; | ||
/** | ||
* The IAM session name used to distinguish sessions. | ||
*/ | ||
roleSessionName?: string; | ||
/** | ||
* A function that assumes a role with web identity and returns a promise fulfilled with | ||
* credentials for the assumed role. | ||
* | ||
* @param sourceCreds The credentials with which to assume a role. | ||
* @param params | ||
*/ | ||
roleAssumerWithWebIdentity?: (params: AssumeRoleWithWebIdentityParams) => Promise<Credentials>; | ||
} | ||
@@ -48,0 +9,0 @@ /** |
export * from "./fromTokenFile"; | ||
export * from "./fromWebToken"; |
@@ -1,47 +0,8 @@ | ||
import { CredentialProvider, Credentials } from "@aws-sdk/types"; | ||
export interface AssumeRoleWithWebIdentityParams { | ||
import { CredentialProvider } from "@aws-sdk/types"; | ||
import { FromWebTokenInit } from "./fromWebToken"; | ||
export interface FromTokenFileInit extends Partial<Pick<FromWebTokenInit, Exclude<keyof FromWebTokenInit, "webIdentityToken">>> { | ||
/** | ||
* <p>The Amazon Resource Name (ARN) of the role that the caller is assuming.</p> | ||
*/ | ||
RoleArn: string; | ||
/** | ||
* <p>An identifier for the assumed role session. Typically, you pass the name or identifier | ||
* that is associated with the user who is using your application. That way, the temporary | ||
* security credentials that your application will use are associated with that user. This | ||
* session name is included as part of the ARN and assumed role ID in the | ||
* <code>AssumedRoleUser</code> response element.</p> | ||
* <p>The regex used to validate this parameter is a string of characters | ||
* consisting of upper- and lower-case alphanumeric characters with no spaces. You can | ||
* also include underscores or any of the following characters: =,.@-</p> | ||
*/ | ||
RoleSessionName: string; | ||
/** | ||
* <p>The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity | ||
* provider. Your application must get this token by authenticating the user who is using your | ||
* application with a web identity provider before the application makes an | ||
* <code>AssumeRoleWithWebIdentity</code> call. </p> | ||
*/ | ||
WebIdentityToken: string; | ||
} | ||
export interface FromTokenFileInit { | ||
/** | ||
* File location of where the `OIDC` token is stored. | ||
*/ | ||
webIdentityTokenFile?: string; | ||
/** | ||
* The IAM role wanting to be assumed. | ||
*/ | ||
roleArn?: string; | ||
/** | ||
* The IAM session name used to distinguish sessions. | ||
*/ | ||
roleSessionName?: string; | ||
/** | ||
* A function that assumes a role with web identity and returns a promise fulfilled with | ||
* credentials for the assumed role. | ||
* | ||
* @param sourceCreds The credentials with which to assume a role. | ||
* @param params | ||
*/ | ||
roleAssumerWithWebIdentity?: (params: AssumeRoleWithWebIdentityParams) => Promise<Credentials>; | ||
} | ||
@@ -48,0 +9,0 @@ /** |
export * from "./fromTokenFile"; | ||
export * from "./fromWebToken"; |
{ | ||
"name": "@aws-sdk/credential-provider-web-identity", | ||
"version": "3.10.0", | ||
"version": "3.11.0", | ||
"description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", | ||
@@ -5,0 +5,0 @@ "main": "./dist/cjs/index.js", |
@@ -10,2 +10,82 @@ # @aws-sdk/credential-provider-web-identity | ||
## fromWebToken | ||
The function `fromWebToken` returns `CredentialProvider` that get credentials calling sts:assumeRoleWithWebIdentity | ||
API via `roleAssumerWithWebIdentity`. | ||
### Supported configuration | ||
This configuration supports all the input parameters from | ||
[sts:AssumeWithWebIdentity](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-sts/modules/assumerolewithwebidentityrequest.html) API. The following options are supported: | ||
- `roleArn` - The Amazon Resource Name (ARN) of the role that the caller is assuming. | ||
- `webIdentityToken` - The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider. | ||
- `roleSessionName` - An identifier for the assumed role session. | ||
- `providerId` - The fully qualified host component of the domain name of the identity provider. Do not specify this | ||
value for OpenID Connect ID tokens. | ||
- `policyArns` - The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session | ||
policies. | ||
- `policy` - An IAM policy in JSON format that you want to use as an inline session policy. | ||
- `durationSeconds` - The duration, in seconds, of the role session. Default to 3600. | ||
- `roleAssumerWithWebIdentity` - A function that assumes a role with web identity | ||
and returns a promise fulfilled with credentials for the assumed role. You may call | ||
`sts:assumeRoleWithWebIdentity` API within this function. | ||
### Examples | ||
You can directly configure individual identity providers to access AWS resources using web identity federation. AWS | ||
currently supports authenticating users using web identity federation through several identity providers: | ||
- [Login with Amazon](https://login.amazon.com/) | ||
- [Facebook Login](https://developers.facebook.com/docs/facebook-login/web/) | ||
- [Google Sign-in](https://developers.google.com/identity/) | ||
You must first register your application with the providers that your application supports. Next, create an IAM role and | ||
set up permissions for it. The IAM role you create is then used to grant the permissions you configured for it through | ||
the respective identity provider. For example, you can set up a role that allows users who logged in through Facebook | ||
to have read access to a specific Amazon S3 bucket you control. | ||
After you have both an IAM role with configured privileges and an application registered with your chosen identity | ||
providers, you can set up the SDK to get credentials for the IAM role using helper code, as follows: | ||
```javascript | ||
import { DynamoDBClient } from "@aws-sdk/client-dynamodb"; | ||
import { STSClient, AssumeRoleWithWebIdentityCommand } from "@aws-sdk/client-sts"; | ||
import { fromWebToken } from "@aws-sdk/credential-provider-web-identity"; | ||
const stsClient = new STSClient({}); | ||
const roleAssumerWithWebIdentity = async (params) => { | ||
const { Credentials } = await stsClient.send( | ||
new AssumeRoleWithWebIdentityCommand(params) | ||
); | ||
if (!Credentials || !Credentials.AccessKeyId || !Credentials.SecretAccessKey) { | ||
throw new Error(`Invalid response from STS.assumeRole call with role ${params.RoleArn}`); | ||
} | ||
return { | ||
accessKeyId: Credentials.AccessKeyId, | ||
secretAccessKey: Credentials.SecretAccessKey, | ||
sessionToken: Credentials.SessionToken, | ||
expiration: Credentials.Expiration, | ||
}; | ||
}; | ||
const dynamodb = new DynamoDBClient({ | ||
region, | ||
credentials: fromWebToken({ | ||
roleArn: 'arn:aws:iam::<AWS_ACCOUNT_ID>/:role/<WEB_IDENTITY_ROLE_NAME>', | ||
providerId: 'graph.facebook.com|www.amazon.com', // this is null for Google | ||
webIdentityToken: ACCESS_TOKEN // from OpenID token identity provider | ||
roleAssumerWithWebIdentity, | ||
}) | ||
}); | ||
``` | ||
The value in the ProviderId parameter depends on the specified identity provider. The value in the WebIdentityToken | ||
parameter is the access token retrieved from a successful login with the identity provider. For more information on how | ||
to configure and retrieve access tokens for each identity provider, see the documentation for the identity provider. | ||
## fromTokenFile | ||
@@ -12,0 +92,0 @@ |
@@ -1,6 +0,8 @@ | ||
import { ProviderError } from "@aws-sdk/property-provider"; | ||
import { readFileSync } from "fs"; | ||
jest.mock("./fromWebToken", () => ({ | ||
fromWebToken: jest.fn().mockReturnValue(() => Promise.resolve(MOCK_CREDS)), | ||
})); | ||
import { fromTokenFile } from "./fromTokenFile"; | ||
import { fromWebToken } from "./fromWebToken"; | ||
import { AssumeRoleWithWebIdentityParams, fromTokenFile, FromTokenFileInit } from "./fromTokenFile"; | ||
const ENV_TOKEN_FILE = "AWS_WEB_IDENTITY_TOKEN_FILE"; | ||
@@ -33,53 +35,2 @@ const ENV_ROLE_ARN = "AWS_ROLE_ARN"; | ||
const testRoleAssumerWithWebIdentityNotDefined = async (init: FromTokenFileInit, roleArn: string) => { | ||
try { | ||
// @ts-ignore An argument for 'init' was not provided. | ||
await fromTokenFile(init)(); | ||
fail(`Expected error to be thrown`); | ||
} catch (error) { | ||
expect(error).toEqual( | ||
new ProviderError( | ||
`Role Arn '${roleArn}' needs to be assumed with web identity, but no role assumption callback was provided.`, | ||
false | ||
) | ||
); | ||
} | ||
}; | ||
const testReadFileSyncError = async (init: FromTokenFileInit) => { | ||
const readFileSyncError = new Error("readFileSyncError"); | ||
(readFileSync as jest.Mock).mockImplementation(() => { | ||
throw readFileSyncError; | ||
}); | ||
try { | ||
await fromTokenFile(init)(); | ||
fail(`Expected error to be thrown`); | ||
} catch (error) { | ||
expect(error).toEqual(readFileSyncError); | ||
} | ||
expect(readFileSync).toHaveBeenCalledTimes(1); | ||
}; | ||
const testRoleAssumerWithWebIdentitySuccess = async (init: FromTokenFileInit) => { | ||
const creds = await fromTokenFile(init)(); | ||
expect(creds).toEqual(MOCK_CREDS); | ||
expect(readFileSync).toHaveBeenCalledTimes(1); | ||
expect(readFileSync).toHaveBeenCalledWith(mockTokenFile, { encoding: "ascii" }); | ||
}; | ||
const testRandomValueForRoleSessionName = async (init: FromTokenFileInit) => { | ||
const mockDateNow = Date.now(); | ||
const spyDateNow = jest.spyOn(Date, "now").mockReturnValueOnce(mockDateNow); | ||
const creds = await fromTokenFile({ | ||
...init, | ||
roleAssumerWithWebIdentity: async (params: AssumeRoleWithWebIdentityParams) => { | ||
expect(params.RoleSessionName).toEqual(`aws-sdk-js-session-${mockDateNow}`); | ||
return MOCK_CREDS; | ||
}, | ||
})(); | ||
expect(creds).toEqual(MOCK_CREDS); | ||
expect(spyDateNow).toHaveBeenCalledTimes(1); | ||
}; | ||
describe("reads config from env", () => { | ||
@@ -102,81 +53,68 @@ const original_ENV_TOKEN_FILE = process.env[ENV_TOKEN_FILE]; | ||
it("throws if roleAssumerWithWebIdentity is not defined", async () => { | ||
return testRoleAssumerWithWebIdentityNotDefined({}, process.env[ENV_ROLE_ARN]); | ||
it(`passes values to ${fromWebToken.name}`, async () => { | ||
const roleAssumerWithWebIdentity = jest.fn(); | ||
const creds = await fromTokenFile({ | ||
roleAssumerWithWebIdentity, | ||
})(); | ||
expect(creds).toEqual(MOCK_CREDS); | ||
expect(fromWebToken as jest.Mock).toBeCalledTimes(1); | ||
const webTokenInit = (fromWebToken as jest.Mock).mock.calls[0][0]; | ||
expect(webTokenInit.webIdentityToken).toBe(mockTokenValue); | ||
expect(webTokenInit.roleSessionName).toBe(mockRoleSessionName); | ||
expect(webTokenInit.roleArn).toBe(mockRoleArn); | ||
expect(webTokenInit.roleAssumerWithWebIdentity).toBe(roleAssumerWithWebIdentity); | ||
}); | ||
it("throws if ENV_TOKEN_FILE read from disk failed", async () => { | ||
return testReadFileSyncError({ | ||
roleAssumerWithWebIdentity: async (params: AssumeRoleWithWebIdentityParams) => { | ||
return MOCK_CREDS; | ||
}, | ||
}); | ||
it("prefers init parameters over environmental variables", async () => { | ||
const roleAssumerWithWebIdentity = jest.fn(); | ||
const init = { | ||
webIdentityTokenFile: "anotherTokenFile", | ||
roleArn: "anotherRoleArn", | ||
roleSessionName: "anotherRoleSessionName", | ||
roleAssumerWithWebIdentity, | ||
}; | ||
const creds = await fromTokenFile(init)(); | ||
expect(creds).toEqual(MOCK_CREDS); | ||
expect(fromWebToken as jest.Mock).toBeCalledTimes(1); | ||
const webTokenInit = (fromWebToken as jest.Mock).mock.calls[0][0]; | ||
expect(webTokenInit.roleSessionName).toBe(init.roleSessionName); | ||
expect(webTokenInit.roleArn).toBe(init.roleArn); | ||
expect(webTokenInit.roleAssumerWithWebIdentity).toBe(roleAssumerWithWebIdentity); | ||
expect(readFileSync as jest.Mock).toBeCalledTimes(1); | ||
expect((readFileSync as jest.Mock).mock.calls[0][0]).toBe(init.webIdentityTokenFile); | ||
}); | ||
it("passes values to roleAssumerWithWebIdentity", async () => { | ||
return testRoleAssumerWithWebIdentitySuccess({ | ||
roleAssumerWithWebIdentity: async (params: AssumeRoleWithWebIdentityParams) => { | ||
expect(params.WebIdentityToken).toEqual(mockTokenValue); | ||
expect(params.RoleArn).toEqual(mockRoleArn); | ||
expect(params.RoleSessionName).toEqual(mockRoleSessionName); | ||
return MOCK_CREDS; | ||
}, | ||
it("throws if ENV_TOKEN_FILE read from disk failed", async () => { | ||
const readFileSyncError = new Error("readFileSyncError"); | ||
(readFileSync as jest.Mock).mockImplementation(() => { | ||
throw readFileSyncError; | ||
}); | ||
try { | ||
await fromTokenFile({ roleAssumerWithWebIdentity: jest.fn() })(); | ||
fail(`Expected error to be thrown`); | ||
} catch (error) { | ||
expect(error).toEqual(readFileSyncError); | ||
} | ||
expect(readFileSync).toHaveBeenCalledTimes(1); | ||
}); | ||
it("generates a random value for RoleSessionName if not available", async () => { | ||
delete process.env[ENV_ROLE_SESSION_NAME]; | ||
return testRandomValueForRoleSessionName({}); | ||
}); | ||
}); | ||
describe("reads config from configuration keys", () => { | ||
const original_ENV_TOKEN_FILE = process.env[ENV_TOKEN_FILE]; | ||
const original_ENV_ROLE_ARN = process.env[ENV_ROLE_ARN]; | ||
const original_ENV_ROLE_SESSION_NAME = process.env[ENV_ROLE_SESSION_NAME]; | ||
beforeAll(() => { | ||
delete process.env[ENV_TOKEN_FILE]; | ||
delete process.env[ENV_ROLE_ARN]; | ||
delete process.env[ENV_ROLE_SESSION_NAME]; | ||
}); | ||
afterAll(() => { | ||
process.env[ENV_TOKEN_FILE] = original_ENV_TOKEN_FILE; | ||
process.env[ENV_ROLE_ARN] = original_ENV_ROLE_ARN; | ||
process.env[ENV_ROLE_SESSION_NAME] = original_ENV_ROLE_SESSION_NAME; | ||
}); | ||
it("throws if roleAssumerWithWebIdentity is not defined", async () => { | ||
return testRoleAssumerWithWebIdentityNotDefined({ roleArn: mockRoleArn }, mockRoleArn); | ||
}); | ||
it("throws if web_identity_token_file read from disk failed", async () => { | ||
return testReadFileSyncError({ | ||
webIdentityTokenFile: mockTokenFile, | ||
roleArn: mockRoleArn, | ||
roleSessionName: mockRoleSessionName, | ||
roleAssumerWithWebIdentity: async (params: AssumeRoleWithWebIdentityParams) => { | ||
return MOCK_CREDS; | ||
}, | ||
const readFileSyncError = new Error("readFileSyncError"); | ||
(readFileSync as jest.Mock).mockImplementation(() => { | ||
throw readFileSyncError; | ||
}); | ||
try { | ||
await fromTokenFile({ | ||
webIdentityTokenFile: mockTokenFile, | ||
roleArn: mockRoleArn, | ||
roleSessionName: mockRoleSessionName, | ||
roleAssumerWithWebIdentity: jest.fn(), | ||
})(); | ||
fail(`Expected error to be thrown`); | ||
} catch (error) { | ||
expect(error).toEqual(readFileSyncError); | ||
} | ||
expect(readFileSync).toHaveBeenCalledTimes(1); | ||
}); | ||
it("passes values to roleAssumerWithWebIdentity", async () => { | ||
return testRoleAssumerWithWebIdentitySuccess({ | ||
webIdentityTokenFile: mockTokenFile, | ||
roleArn: mockRoleArn, | ||
roleSessionName: mockRoleSessionName, | ||
roleAssumerWithWebIdentity: async (params: AssumeRoleWithWebIdentityParams) => { | ||
expect(params.WebIdentityToken).toEqual(mockTokenValue); | ||
expect(params.RoleArn).toEqual(mockRoleArn); | ||
expect(params.RoleSessionName).toEqual(mockRoleSessionName); | ||
return MOCK_CREDS; | ||
}, | ||
}); | ||
}); | ||
it("generates a random value for RoleSessionName if not available", async () => { | ||
return testRandomValueForRoleSessionName({ webIdentityTokenFile: mockTokenFile, roleArn: mockRoleArn }); | ||
}); | ||
}); | ||
}); |
@@ -1,5 +0,6 @@ | ||
import { ProviderError } from "@aws-sdk/property-provider"; | ||
import { CredentialProvider, Credentials } from "@aws-sdk/types"; | ||
import { CredentialProvider } from "@aws-sdk/types"; | ||
import { readFileSync } from "fs"; | ||
import { fromWebToken, FromWebTokenInit } from "./fromWebToken"; | ||
const ENV_TOKEN_FILE = "AWS_WEB_IDENTITY_TOKEN_FILE"; | ||
@@ -9,50 +10,7 @@ const ENV_ROLE_ARN = "AWS_ROLE_ARN"; | ||
export interface AssumeRoleWithWebIdentityParams { | ||
export interface FromTokenFileInit extends Partial<Omit<FromWebTokenInit, "webIdentityToken">> { | ||
/** | ||
* <p>The Amazon Resource Name (ARN) of the role that the caller is assuming.</p> | ||
*/ | ||
RoleArn: string; | ||
/** | ||
* <p>An identifier for the assumed role session. Typically, you pass the name or identifier | ||
* that is associated with the user who is using your application. That way, the temporary | ||
* security credentials that your application will use are associated with that user. This | ||
* session name is included as part of the ARN and assumed role ID in the | ||
* <code>AssumedRoleUser</code> response element.</p> | ||
* <p>The regex used to validate this parameter is a string of characters | ||
* consisting of upper- and lower-case alphanumeric characters with no spaces. You can | ||
* also include underscores or any of the following characters: =,.@-</p> | ||
*/ | ||
RoleSessionName: string; | ||
/** | ||
* <p>The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity | ||
* provider. Your application must get this token by authenticating the user who is using your | ||
* application with a web identity provider before the application makes an | ||
* <code>AssumeRoleWithWebIdentity</code> call. </p> | ||
*/ | ||
WebIdentityToken: string; | ||
} | ||
export interface FromTokenFileInit { | ||
/** | ||
* File location of where the `OIDC` token is stored. | ||
*/ | ||
webIdentityTokenFile?: string; | ||
/** | ||
* The IAM role wanting to be assumed. | ||
*/ | ||
roleArn?: string; | ||
/** | ||
* The IAM session name used to distinguish sessions. | ||
*/ | ||
roleSessionName?: string; | ||
/** | ||
* A function that assumes a role with web identity and returns a promise fulfilled with | ||
* credentials for the assumed role. | ||
* | ||
* @param sourceCreds The credentials with which to assume a role. | ||
* @param params | ||
*/ | ||
roleAssumerWithWebIdentity?: (params: AssumeRoleWithWebIdentityParams) => Promise<Credentials>; | ||
} | ||
@@ -63,18 +21,11 @@ | ||
*/ | ||
export const fromTokenFile = (init: FromTokenFileInit): CredentialProvider => async () => { | ||
const { webIdentityTokenFile, roleArn, roleSessionName, roleAssumerWithWebIdentity } = init; | ||
export const fromTokenFile = (init: FromTokenFileInit): CredentialProvider => { | ||
const { webIdentityTokenFile, roleArn, roleSessionName } = init; | ||
if (!roleAssumerWithWebIdentity) { | ||
throw new ProviderError( | ||
`Role Arn '${roleArn ?? process.env[ENV_ROLE_ARN]}' needs to be assumed with web identity,` + | ||
` but no role assumption callback was provided.`, | ||
false | ||
); | ||
} | ||
return roleAssumerWithWebIdentity({ | ||
WebIdentityToken: readFileSync(webIdentityTokenFile ?? process.env[ENV_TOKEN_FILE]!, { encoding: "ascii" }), | ||
RoleArn: roleArn ?? process.env[ENV_ROLE_ARN]!, | ||
RoleSessionName: roleSessionName ?? process.env[ENV_ROLE_SESSION_NAME] ?? `aws-sdk-js-session-${Date.now()}`, | ||
return fromWebToken({ | ||
...init, | ||
webIdentityToken: readFileSync(webIdentityTokenFile ?? process.env[ENV_TOKEN_FILE]!, { encoding: "ascii" }), | ||
roleArn: roleArn ?? process.env[ENV_ROLE_ARN]!, | ||
roleSessionName: roleSessionName ?? process.env[ENV_ROLE_SESSION_NAME], | ||
}); | ||
}; |
export * from "./fromTokenFile"; | ||
export * from "./fromWebToken"; |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
234744
26
741
174
8
1