-
Notifications
You must be signed in to change notification settings - Fork 573
/
fromSSO.ts
51 lines (49 loc) · 2.88 KB
/
fromSSO.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
import { SSOClient, SSOClientConfig } from "@aws-sdk/client-sso";
import { fromSSO as _fromSSO, FromSSOInit as _FromSSOInit } from "@aws-sdk/credential-provider-sso";
import { AwsCredentialIdentityProvider } from "@aws-sdk/types";
export interface FromSSOInit extends Omit<_FromSSOInit, "client"> {
clientConfig?: SSOClientConfig;
}
/**
* Creates a credential provider function that reads from the _resolved_ access token from local disk then requests
* temporary AWS credentials.
*
* You can create the `AwsCredentialIdentityProvider` functions using the inline SSO parameters(`ssoStartUrl`, `ssoAccountId`,
* `ssoRegion`, `ssoRoleName`) or load them from [AWS SDKs and Tools shared configuration and credentials files](https://docs.aws.amazon.com/credref/latest/refdocs/creds-config-files.html).
* Profiles in the `credentials` file are given precedence over profiles in the `config` file.
*
* ```javascript
* import { fromSSO } from "@aws-sdk/credential-providers"; // ES6 import
* // const { fromSSO } = require(@aws-sdk/credential-providers") // CommonJS import
*
* const client = new FooClient({
* credentials: fromSSO({
* // Optional. The configuration profile to use. If not specified, the provider will use the value in the
* // `AWS_PROFILE` environment variable or `default` by default.
* profile: "my-sso-profile",
* // Optional. The path to the shared credentials file. If not specified, the provider will use the value in the
* // `AWS_SHARED_CREDENTIALS_FILE` environment variable or a default of `~/.aws/credentials`.
* filepath: "~/.aws/credentials",
* // Optional. The path to the shared config file. If not specified, the provider will use the value in the
* // `AWS_CONFIG_FILE` environment variable or a default of `~/.aws/config`.
* configFilepath: "~/.aws/config",
* // Optional. The URL to the AWS SSO service. Required if any of the `sso*` options(except for `ssoClient`) is
* // provided.
* ssoStartUrl: "https://d-abc123.awsapps.com/start",
* // Optional. The ID of the AWS account to use for temporary credentials. Required if any of the `sso*`
* // options(except for `ssoClient`) is provided.
* ssoAccountId: "1234567890",
* // Optional. The AWS region to use for temporary credentials. Required if any of the `sso*` options(except for
* // `ssoClient`) is provided.
* ssoRegion: "us-east-1",
* // Optional. The name of the AWS role to assume. Required if any of the `sso*` options(except for `ssoClient`) is
* // provided.
* ssoRoleName: "SampleRole",
* // Optional. Overwrite the configuration used construct the SSO service client.
* clientConfig: { region },
* }),
* });
* ```
*/
export const fromSSO = (init: FromSSOInit = {}): AwsCredentialIdentityProvider =>
_fromSSO({ ...{ ssoClient: init.clientConfig ? new SSOClient(init.clientConfig) : undefined }, ...init });