chore(nested-clients): break cycle

aws · Jan 10, 2025 · 0cc2832 · 0cc2832
1 parent deff8de
commit 0cc2832
Show file tree

Hide file tree

Showing 8 changed files with 31 additions and 10 deletions.
diff --git a/packages/credential-provider-ini/src/resolveAssumeRoleCredentials.ts b/packages/credential-provider-ini/src/resolveAssumeRoleCredentials.ts
@@ -111,7 +111,6 @@ export const resolveAssumeRoleCredentials = async (
   const { source_profile, region } = profileData;
 
   if (!options.roleAssumer) {
-    // @ts-ignore Cannot find module '@aws-sdk/client-sts'
     const { getDefaultRoleAssumer } = await import("@aws-sdk/nested-clients");
     options.roleAssumer = getDefaultRoleAssumer(
       {

diff --git a/packages/credential-provider-web-identity/src/fromWebToken.ts b/packages/credential-provider-web-identity/src/fromWebToken.ts
@@ -163,7 +163,6 @@ export const fromWebToken =
     let { roleAssumerWithWebIdentity } = init;
 
     if (!roleAssumerWithWebIdentity) {
-      // @ts-ignore Cannot find module '@aws-sdk/client-sts'
       const { getDefaultRoleAssumerWithWebIdentity } = await import("@aws-sdk/nested-clients");
       roleAssumerWithWebIdentity = getDefaultRoleAssumerWithWebIdentity(
         {

diff --git a/packages/nested-clients/package.json b/packages/nested-clients/package.json
@@ -28,9 +28,7 @@
   "dependencies": {
     "@aws-crypto/sha256-browser": "5.2.0",
     "@aws-crypto/sha256-js": "5.2.0",
-    "@aws-sdk/client-sso-oidc": "*",
     "@aws-sdk/core": "*",
-    "@aws-sdk/credential-provider-node": "*",
     "@aws-sdk/middleware-host-header": "*",
     "@aws-sdk/middleware-logger": "*",
     "@aws-sdk/middleware-recursion-detection": "*",

diff --git a/packages/nested-clients/src/nested-sts/runtimeConfig.ts b/packages/nested-clients/src/nested-sts/runtimeConfig.ts
@@ -3,7 +3,7 @@
 import packageInfo from "../../package.json"; // eslint-disable-line
 
 import { AwsSdkSigV4Signer, emitWarningIfUnsupportedVersion as awsCheckVersion } from "@aws-sdk/core";
-import { defaultProvider as credentialDefaultProvider } from "@aws-sdk/credential-provider-node";
+
 import { NODE_APP_ID_CONFIG_OPTIONS, createDefaultUserAgentProvider } from "@aws-sdk/util-user-agent-node";
 import {
   NODE_REGION_CONFIG_FILE_OPTIONS,
@@ -41,7 +41,7 @@ export const getRuntimeConfig = (config: STSClientConfig) => {
     runtime: "node",
     defaultsMode,
     bodyLengthChecker: config?.bodyLengthChecker ?? calculateBodyLength,
-    credentialDefaultProvider: config?.credentialDefaultProvider ?? credentialDefaultProvider,
+
     defaultUserAgentProvider:
       config?.defaultUserAgentProvider ??
       createDefaultUserAgentProvider({ serviceId: clientSharedValues.serviceId, clientVersion: packageInfo.version }),
@@ -50,7 +50,7 @@ export const getRuntimeConfig = (config: STSClientConfig) => {
         schemeId: "aws.auth#sigv4",
         identityProvider: (ipc: IdentityProviderConfig) =>
           ipc.getIdentityProvider("aws.auth#sigv4") ||
-          (async (idProps) => await credentialDefaultProvider(idProps?.__config || {})()),
+          (async (idProps) => await config!.credentialDefaultProvider!(idProps?.__config || {})()),
         signer: new AwsSdkSigV4Signer(),
       },
       {

diff --git a/packages/token-providers/src/getNewSsoOidcToken.ts b/packages/token-providers/src/getNewSsoOidcToken.ts
@@ -8,7 +8,6 @@ import { getSsoOidcClient } from "./getSsoOidcClient";
  * @internal
  */
 export const getNewSsoOidcToken = async (ssoToken: SSOToken, ssoRegion: string, init: FromSsoInit = {}) => {
-  // @ts-ignore Cannot find module '@aws-sdk/client-sso-oidc'
   const { CreateTokenCommand } = await import("@aws-sdk/nested-clients");
 
   const ssoOidcClient = await getSsoOidcClient(ssoRegion, init);

diff --git a/packages/token-providers/src/getSsoOidcClient.ts b/packages/token-providers/src/getSsoOidcClient.ts
@@ -5,7 +5,6 @@ import { FromSsoInit } from "./fromSso";
  * @internal
  */
 export const getSsoOidcClient = async (ssoRegion: string, init: FromSsoInit = {}) => {
-  // @ts-ignore Cannot find module '@aws-sdk/client-sso-oidc'
   const { SSOOIDCClient } = await import("@aws-sdk/nested-clients");
 
   const ssoOidcClient = new SSOOIDCClient(

diff --git a/scripts/generate-clients/index.js b/scripts/generate-clients/index.js
@@ -5,6 +5,7 @@ const { emptyDirSync, rmdirSync } = require("fs-extra");
 const { generateClients, generateGenericClient, generateProtocolTests } = require("./code-gen");
 const { codeOrdering } = require("./code-ordering");
 const { copyToClients, copyServerTests } = require("./copy-to-clients");
+const generateNestedClients = require("./nested-clients/generate-nested-clients");
 const {
   CODE_GEN_SDK_OUTPUT_DIR,
   CODE_GEN_GENERIC_CLIENT_OUTPUT_DIR,
@@ -99,6 +100,7 @@ const {
 
     if (!protocolTestsOnly) {
       await generateClients(models || globs || DEFAULT_CODE_GEN_INPUT_DIR, batchSize);
+      await generateNestedClients();
     }
 
     if (!noPrivateClients) {
@@ -142,7 +144,11 @@ const {
     }
 
     require("./customizations/workspaces-thin-client")();
-    await spawnProcess("yarn", ["install", "--no-immutable"], { cwd: REPO_ROOT, stdio: "inherit", env: { ...process.env, CI: "" } });
+    await spawnProcess("yarn", ["install", "--no-immutable"], {
+      cwd: REPO_ROOT,
+      stdio: "inherit",
+      env: { ...process.env, CI: "" },
+    });
     require("../runtime-dependency-version-check/runtime-dep-version-check");
   } catch (e) {
     console.log(e);

diff --git a/scripts/generate-clients/nested-clients/generate-nested-clients.js b/scripts/generate-clients/nested-clients/generate-nested-clients.js
@@ -68,6 +68,9 @@ async function generateNestedClients() {
 
     replacePackageJsonImport(join(destinationFolder, "runtimeConfig.browser.ts"));
     replacePackageJsonImport(join(destinationFolder, "runtimeConfig.ts"));
+
+    replaceCredentialDefaultProvider(join(destinationFolder, "runtimeConfig.browser.ts"));
+    replaceCredentialDefaultProvider(join(destinationFolder, "runtimeConfig.ts"));
   }
 }
 
@@ -113,6 +116,9 @@ async function generateNestedClient(clientName, operations) {
   rmSync(join(__dirname, "..", "..", "..", "codegen", "sdk-codegen", `smithy-build-${clientName}.json`));
 }
 
+/**
+ * Fix package json import filesystem level.
+ */
 function replacePackageJsonImport(file) {
   writeFileSync(
     file,
@@ -123,6 +129,21 @@ function replacePackageJsonImport(file) {
   );
 }
 
+/**
+ * Breaks the circular dependency of STS and the default credential chain.
+ * STS has an auth operation but the portion of it used for credential resolution does
+ * not need the default chain.
+ */
+function replaceCredentialDefaultProvider(file) {
+  writeFileSync(
+    file,
+    readFileSync(file, "utf-8")
+      .replace(`import { defaultProvider as credentialDefaultProvider } from "@aws-sdk/credential-provider-node";`, ``)
+      .replace(`credentialDefaultProvider: config?.credentialDefaultProvider ?? credentialDefaultProvider,`, ``)
+      .replace(`await credentialDefaultProvider(`, `await config!.credentialDefaultProvider!(`)
+  );
+}
+
 if (process.argv.includes("--exec")) {
   generateNestedClients().catch(console.error);
 }