Skip to content

Commit e21a470

Browse files
kuhekuhe
committed
fix(credential-providers): use modified region resolver for inner STS clients
1 parent b8da1d2 commit e21a470

File tree

17 files changed

+633
-104
lines changed

17 files changed

+633
-104
lines changed

clients/client-sts/src/defaultStsRoleAssumers.ts

Lines changed: 18 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@
22
// Please do not touch this file. It's generated from template in:
33
// https://github.com/aws/aws-sdk-js-v3/blob/main/codegen/smithy-aws-typescript-codegen/src/main/resources/software/amazon/smithy/aws/typescript/codegen/sts-client-defaultStsRoleAssumers.ts
44
import { setCredentialFeature } from "@aws-sdk/core/client";
5+
import { stsRegionDefaultResolver } from "@aws-sdk/region-config-resolver";
56
import type { CredentialProviderOptions } from "@aws-sdk/types";
67
import { AwsCredentialIdentity, Logger, Provider } from "@smithy/types";
78

@@ -28,8 +29,6 @@ export type RoleAssumer = (
2829
params: AssumeRoleCommandInput
2930
) => Promise<AwsCredentialIdentity>;
3031

31-
const ASSUME_ROLE_DEFAULT_REGION = "us-east-1";
32-
3332
interface AssumedRoleUser {
3433
/**
3534
* The ARN of the temporary security credentials that are returned from the AssumeRole action.
@@ -63,19 +62,21 @@ const getAccountIdFromAssumedRoleUser = (assumedRoleUser?: AssumedRoleUser) => {
6362
const resolveRegion = async (
6463
_region: string | Provider<string> | undefined,
6564
_parentRegion: string | Provider<string> | undefined,
66-
credentialProviderLogger?: Logger
65+
credentialProviderLogger?: Logger,
66+
loaderConfig: Parameters<typeof stsRegionDefaultResolver>[0] = {}
6767
): Promise<string> => {
6868
const region: string | undefined = typeof _region === "function" ? await _region() : _region;
6969
const parentRegion: string | undefined = typeof _parentRegion === "function" ? await _parentRegion() : _parentRegion;
70+
const stsDefaultRegion = await stsRegionDefaultResolver(loaderConfig)();
7071

7172
credentialProviderLogger?.debug?.(
7273
"@aws-sdk/client-sts::resolveRegion",
7374
"accepting first of:",
74-
`${region} (provider)`,
75-
`${parentRegion} (parent client)`,
76-
`${ASSUME_ROLE_DEFAULT_REGION} (STS default)`
75+
`${region} (credential provider clientConfig)`,
76+
`${parentRegion} (contextual client)`,
77+
`${stsDefaultRegion} (STS default: AWS_REGION, profile region, or us-east-1)`
7778
);
78-
return region ?? parentRegion ?? ASSUME_ROLE_DEFAULT_REGION;
79+
return region ?? parentRegion ?? stsDefaultRegion;
7980
};
8081

8182
/**
@@ -101,7 +102,11 @@ export const getDefaultRoleAssumer = (
101102
const resolvedRegion = await resolveRegion(
102103
region,
103104
stsOptions?.parentClientConfig?.region,
104-
credentialProviderLogger
105+
credentialProviderLogger,
106+
{
107+
logger,
108+
profile,
109+
}
105110
);
106111
const isCompatibleRequestHandler = !isH2(requestHandler);
107112

@@ -164,7 +169,11 @@ export const getDefaultRoleAssumerWithWebIdentity = (
164169
const resolvedRegion = await resolveRegion(
165170
region,
166171
stsOptions?.parentClientConfig?.region,
167-
credentialProviderLogger
172+
credentialProviderLogger,
173+
{
174+
logger,
175+
profile,
176+
}
168177
);
169178
const isCompatibleRequestHandler = !isH2(requestHandler);
170179

clients/client-sts/test/defaultRoleAssumers.spec.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -139,7 +139,7 @@ describe("getDefaultRoleAssumer", () => {
139139
requestHandler: handler,
140140
parentClientConfig: {
141141
region: "some-other-region",
142-
logger: null,
142+
logger: null as any,
143143
requestHandler: null,
144144
},
145145
});

codegen/smithy-aws-typescript-codegen/src/main/resources/software/amazon/smithy/aws/typescript/codegen/sts-client-defaultRoleAssumers.spec.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -137,7 +137,7 @@ describe("getDefaultRoleAssumer", () => {
137137
requestHandler: handler,
138138
parentClientConfig: {
139139
region: "some-other-region",
140-
logger: null,
140+
logger: null as any,
141141
requestHandler: null,
142142
},
143143
});

codegen/smithy-aws-typescript-codegen/src/main/resources/software/amazon/smithy/aws/typescript/codegen/sts-client-defaultStsRoleAssumers.ts

Lines changed: 18 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
import { setCredentialFeature } from "@aws-sdk/core/client";
2+
import { stsRegionDefaultResolver } from "@aws-sdk/region-config-resolver";
23
import type { CredentialProviderOptions } from "@aws-sdk/types";
34
import { AwsCredentialIdentity, Logger, Provider } from "@smithy/types";
45

@@ -25,8 +26,6 @@ export type RoleAssumer = (
2526
params: AssumeRoleCommandInput
2627
) => Promise<AwsCredentialIdentity>;
2728

28-
const ASSUME_ROLE_DEFAULT_REGION = "us-east-1";
29-
3029
interface AssumedRoleUser {
3130
/**
3231
* The ARN of the temporary security credentials that are returned from the AssumeRole action.
@@ -60,19 +59,21 @@ const getAccountIdFromAssumedRoleUser = (assumedRoleUser?: AssumedRoleUser) => {
6059
const resolveRegion = async (
6160
_region: string | Provider<string> | undefined,
6261
_parentRegion: string | Provider<string> | undefined,
63-
credentialProviderLogger?: Logger
62+
credentialProviderLogger?: Logger,
63+
loaderConfig: Parameters<typeof stsRegionDefaultResolver>[0] = {}
6464
): Promise<string> => {
6565
const region: string | undefined = typeof _region === "function" ? await _region() : _region;
6666
const parentRegion: string | undefined = typeof _parentRegion === "function" ? await _parentRegion() : _parentRegion;
67+
const stsDefaultRegion = await stsRegionDefaultResolver(loaderConfig)();
6768

6869
credentialProviderLogger?.debug?.(
6970
"@aws-sdk/client-sts::resolveRegion",
7071
"accepting first of:",
71-
`${region} (provider)`,
72-
`${parentRegion} (parent client)`,
73-
`${ASSUME_ROLE_DEFAULT_REGION} (STS default)`
72+
`${region} (credential provider clientConfig)`,
73+
`${parentRegion} (contextual client)`,
74+
`${stsDefaultRegion} (STS default: AWS_REGION, profile region, or us-east-1)`
7475
);
75-
return region ?? parentRegion ?? ASSUME_ROLE_DEFAULT_REGION;
76+
return region ?? parentRegion ?? stsDefaultRegion;
7677
};
7778

7879
/**
@@ -98,7 +99,11 @@ export const getDefaultRoleAssumer = (
9899
const resolvedRegion = await resolveRegion(
99100
region,
100101
stsOptions?.parentClientConfig?.region,
101-
credentialProviderLogger
102+
credentialProviderLogger,
103+
{
104+
logger,
105+
profile,
106+
}
102107
);
103108
const isCompatibleRequestHandler = !isH2(requestHandler);
104109

@@ -161,7 +166,11 @@ export const getDefaultRoleAssumerWithWebIdentity = (
161166
const resolvedRegion = await resolveRegion(
162167
region,
163168
stsOptions?.parentClientConfig?.region,
164-
credentialProviderLogger
169+
credentialProviderLogger,
170+
{
171+
logger,
172+
profile,
173+
}
165174
);
166175
const isCompatibleRequestHandler = !isH2(requestHandler);
167176

0 commit comments

Comments
 (0)