From 0c98dfd57b1ae9454657f7ab0d12a526750d854a Mon Sep 17 00:00:00 2001 From: George Fu Date: Fri, 24 May 2024 15:15:20 +0000 Subject: [PATCH] chore(credential-providers): pass logger through to CredentialsProviderError --- .../src/fromCognitoIdentity.ts | 20 ++++++------- .../src/fromCognitoIdentityPool.ts | 7 +++-- .../credential-provider-env/src/fromEnv.ts | 2 +- .../src/fromHttp/checkUrl.ts | 7 +++-- .../src/fromHttp/fromHttp.browser.ts | 6 ++-- .../src/fromHttp/fromHttp.ts | 28 +++++++++++-------- .../src/fromHttp/requestHelpers.ts | 25 +++++++++++------ .../src/resolveAssumeRoleCredentials.ts | 4 +-- .../src/resolveCredentialSource.ts | 3 +- .../src/resolveProfileData.ts | 5 +++- .../src/defaultProvider.ts | 8 ++++-- .../src/remoteProvider.ts | 2 +- .../src/fromProcess.ts | 2 +- .../src/resolveProcessCredentials.ts | 13 +++++---- .../credential-provider-sso/src/fromSSO.ts | 24 ++++++++++++---- .../src/resolveSSOCredentials.ts | 27 +++++++++++------- .../src/validateSsoProfile.ts | 5 ++-- .../src/fromTokenFile.ts | 4 ++- .../src/fromTemporaryCredentials.ts | 9 ++++-- 19 files changed, 127 insertions(+), 74 deletions(-) diff --git a/packages/credential-provider-cognito-identity/src/fromCognitoIdentity.ts b/packages/credential-provider-cognito-identity/src/fromCognitoIdentity.ts index 00651eacbf4d2..7e8f03fb4cfeb 100644 --- a/packages/credential-provider-cognito-identity/src/fromCognitoIdentity.ts +++ b/packages/credential-provider-cognito-identity/src/fromCognitoIdentity.ts @@ -1,6 +1,6 @@ import type { CredentialProviderOptions } from "@aws-sdk/types"; import { CredentialsProviderError } from "@smithy/property-provider"; -import { AwsCredentialIdentity, Provider } from "@smithy/types"; +import { AwsCredentialIdentity, Logger, Provider } from "@smithy/types"; import { CognitoProviderParameters } from "./CognitoProviderParameters"; import { resolveLogins } from "./resolveLogins"; @@ -35,11 +35,11 @@ export function fromCognitoIdentity(parameters: FromCognitoIdentityParameters): const { Credentials: { - AccessKeyId = throwOnMissingAccessKeyId(), + AccessKeyId = throwOnMissingAccessKeyId(parameters.logger), Expiration, - SecretKey = throwOnMissingSecretKey(), + SecretKey = throwOnMissingSecretKey(parameters.logger), SessionToken, - } = throwOnMissingCredentials(), + } = throwOnMissingCredentials(parameters.logger), } = await ( parameters.client ?? new CognitoIdentityClient( @@ -76,14 +76,14 @@ export interface FromCognitoIdentityParameters extends CognitoProviderParameters identityId: string; } -function throwOnMissingAccessKeyId(): never { - throw new CredentialsProviderError("Response from Amazon Cognito contained no access key ID"); +function throwOnMissingAccessKeyId(logger?: Logger): never { + throw new CredentialsProviderError("Response from Amazon Cognito contained no access key ID", { logger }); } -function throwOnMissingCredentials(): never { - throw new CredentialsProviderError("Response from Amazon Cognito contained no credentials"); +function throwOnMissingCredentials(logger?: Logger): never { + throw new CredentialsProviderError("Response from Amazon Cognito contained no credentials", { logger }); } -function throwOnMissingSecretKey(): never { - throw new CredentialsProviderError("Response from Amazon Cognito contained no secret key"); +function throwOnMissingSecretKey(logger?: Logger): never { + throw new CredentialsProviderError("Response from Amazon Cognito contained no secret key", { logger }); } diff --git a/packages/credential-provider-cognito-identity/src/fromCognitoIdentityPool.ts b/packages/credential-provider-cognito-identity/src/fromCognitoIdentityPool.ts index fc1e1db9e925e..47a59413097a1 100644 --- a/packages/credential-provider-cognito-identity/src/fromCognitoIdentityPool.ts +++ b/packages/credential-provider-cognito-identity/src/fromCognitoIdentityPool.ts @@ -1,5 +1,6 @@ import type { CredentialProviderOptions } from "@aws-sdk/types"; import { CredentialsProviderError } from "@smithy/property-provider"; +import { Logger } from "@smithy/types"; import { CognitoProviderParameters } from "./CognitoProviderParameters"; import { CognitoIdentityCredentialProvider, fromCognitoIdentity } from "./fromCognitoIdentity"; @@ -44,7 +45,7 @@ export function fromCognitoIdentityPool({ let identityId: string | undefined = (cacheKey && (await cache.getItem(cacheKey))) as string | undefined; if (!identityId) { - const { IdentityId = throwOnMissingId() } = await _client.send( + const { IdentityId = throwOnMissingId(logger) } = await _client.send( new GetIdCommand({ AccountId: accountId, IdentityPoolId: identityPoolId, @@ -116,6 +117,6 @@ export interface FromCognitoIdentityPoolParameters extends CognitoProviderParame userIdentifier?: string; } -function throwOnMissingId(): never { - throw new CredentialsProviderError("Response from Amazon Cognito contained no identity ID"); +function throwOnMissingId(logger?: Logger): never { + throw new CredentialsProviderError("Response from Amazon Cognito contained no identity ID", { logger }); } diff --git a/packages/credential-provider-env/src/fromEnv.ts b/packages/credential-provider-env/src/fromEnv.ts index 2d47bd54107ed..5dc3e86632c2e 100644 --- a/packages/credential-provider-env/src/fromEnv.ts +++ b/packages/credential-provider-env/src/fromEnv.ts @@ -52,5 +52,5 @@ export const fromEnv = }; } - throw new CredentialsProviderError("Unable to find environment variable credentials."); + throw new CredentialsProviderError("Unable to find environment variable credentials.", { logger: init?.logger }); }; diff --git a/packages/credential-provider-http/src/fromHttp/checkUrl.ts b/packages/credential-provider-http/src/fromHttp/checkUrl.ts index 805706c0c68a9..737a48883943c 100644 --- a/packages/credential-provider-http/src/fromHttp/checkUrl.ts +++ b/packages/credential-provider-http/src/fromHttp/checkUrl.ts @@ -1,4 +1,5 @@ import { CredentialsProviderError } from "@smithy/property-provider"; +import { Logger } from "@smithy/types"; /** * @internal @@ -28,9 +29,10 @@ const EKS_CONTAINER_HOST_IPv6 = "[fd00:ec2::23]"; * @internal * * @param url - to be validated. + * @param logger - passed to CredentialsProviderError. * @throws if not acceptable to this provider. */ -export const checkUrl = (url: URL): void => { +export const checkUrl = (url: URL, logger?: Logger): void => { if (url.protocol === "https:") { // no additional requirements for HTTPS. return; @@ -74,6 +76,7 @@ export const checkUrl = (url: URL): void => { `URL not accepted. It must either be HTTPS or match one of the following: - loopback CIDR 127.0.0.0/8 or [::1/128] - ECS container host 169.254.170.2 - - EKS container host 169.254.170.23 or [fd00:ec2::23]` + - EKS container host 169.254.170.23 or [fd00:ec2::23]`, + { logger } ); }; diff --git a/packages/credential-provider-http/src/fromHttp/fromHttp.browser.ts b/packages/credential-provider-http/src/fromHttp/fromHttp.browser.ts index e35e72a93c66e..afe5e2bd45ebb 100644 --- a/packages/credential-provider-http/src/fromHttp/fromHttp.browser.ts +++ b/packages/credential-provider-http/src/fromHttp/fromHttp.browser.ts @@ -10,7 +10,7 @@ import { retryWrapper } from "./retry-wrapper"; /** * Creates a provider that gets credentials via HTTP request. */ -export const fromHttp = (options: FromHttpOptions): AwsCredentialIdentityProvider => { +export const fromHttp = (options: FromHttpOptions = {}): AwsCredentialIdentityProvider => { options.logger?.debug("@aws-sdk/credential-provider-http", "fromHttp"); let host: string; @@ -19,14 +19,14 @@ export const fromHttp = (options: FromHttpOptions): AwsCredentialIdentityProvide if (full) { host = full; } else { - throw new CredentialsProviderError("No HTTP credential provider host provided."); + throw new CredentialsProviderError("No HTTP credential provider host provided.", { logger: options.logger }); } // throws if invalid format. const url = new URL(host); // throws if not to spec for provider. - checkUrl(url); + checkUrl(url, options.logger); const requestHandler = new FetchHttpHandler(); diff --git a/packages/credential-provider-http/src/fromHttp/fromHttp.ts b/packages/credential-provider-http/src/fromHttp/fromHttp.ts index eafe5c045b68d..54dbced62f6d2 100644 --- a/packages/credential-provider-http/src/fromHttp/fromHttp.ts +++ b/packages/credential-provider-http/src/fromHttp/fromHttp.ts @@ -17,7 +17,7 @@ const AWS_CONTAINER_AUTHORIZATION_TOKEN = "AWS_CONTAINER_AUTHORIZATION_TOKEN"; /** * Creates a provider that gets credentials via HTTP request. */ -export const fromHttp = (options: FromHttpOptions): AwsCredentialIdentityProvider => { +export const fromHttp = (options: FromHttpOptions = {}): AwsCredentialIdentityProvider => { options.logger?.debug("@aws-sdk/credential-provider-http", "fromHttp"); let host: string; @@ -26,20 +26,23 @@ export const fromHttp = (options: FromHttpOptions): AwsCredentialIdentityProvide const token = options.awsContainerAuthorizationToken ?? process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN]; const tokenFile = options.awsContainerAuthorizationTokenFile ?? process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE]; + const warn: (warning: string) => void = + options.logger?.constructor?.name === "NoOpLogger" || !options.logger ? console.warn : options.logger.warn; + if (relative && full) { - console.warn( - "AWS SDK HTTP credentials provider:", - "you have set both awsContainerCredentialsRelativeUri and awsContainerCredentialsFullUri." + warn( + "@aws-sdk/credential-provider-http: " + + "you have set both awsContainerCredentialsRelativeUri and awsContainerCredentialsFullUri." ); - console.warn("awsContainerCredentialsFullUri will take precedence."); + warn("awsContainerCredentialsFullUri will take precedence."); } if (token && tokenFile) { - console.warn( - "AWS SDK HTTP credentials provider:", - "you have set both awsContainerAuthorizationToken and awsContainerAuthorizationTokenFile." + warn( + "@aws-sdk/credential-provider-http: " + + "you have set both awsContainerAuthorizationToken and awsContainerAuthorizationTokenFile." ); - console.warn("awsContainerAuthorizationToken will take precedence."); + warn("awsContainerAuthorizationToken will take precedence."); } if (full) { @@ -49,7 +52,8 @@ export const fromHttp = (options: FromHttpOptions): AwsCredentialIdentityProvide } else { throw new CredentialsProviderError( `No HTTP credential provider host provided. -Set AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI.` +Set AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI.`, + { logger: options.logger } ); } @@ -57,7 +61,7 @@ Set AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI const url = new URL(host); // throws if not to spec for provider. - checkUrl(url); + checkUrl(url, options.logger); const requestHandler = new NodeHttpHandler({ requestTimeout: options.timeout ?? 1000, @@ -79,7 +83,7 @@ Set AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI const result = await requestHandler.handle(request); return getCredentials(result.response); } catch (e: unknown) { - throw new CredentialsProviderError(String(e)); + throw new CredentialsProviderError(String(e), { logger: options.logger }); } }, options.maxRetries ?? 3, diff --git a/packages/credential-provider-http/src/fromHttp/requestHelpers.ts b/packages/credential-provider-http/src/fromHttp/requestHelpers.ts index 594de86868178..d4d340f5d07ff 100644 --- a/packages/credential-provider-http/src/fromHttp/requestHelpers.ts +++ b/packages/credential-provider-http/src/fromHttp/requestHelpers.ts @@ -2,7 +2,7 @@ import { AwsCredentialIdentity } from "@aws-sdk/types"; import { CredentialsProviderError } from "@smithy/property-provider"; import { HttpRequest } from "@smithy/protocol-http"; import { parseRfc3339DateTime } from "@smithy/smithy-client"; -import { HttpResponse } from "@smithy/types"; +import { HttpResponse, Logger } from "@smithy/types"; import { sdkStreamMixin } from "@smithy/util-stream"; import { HttpProviderCredentials } from "./fromHttpTypes"; @@ -27,11 +27,13 @@ export function createGetRequest(url: URL): HttpRequest { /** * @internal */ -export async function getCredentials(response: HttpResponse): Promise { +export async function getCredentials(response: HttpResponse, logger?: Logger): Promise { const contentType = response?.headers["content-type"] ?? response?.headers["Content-Type"] ?? ""; if (!contentType.includes("json")) { - console.warn( + const warn: (warning: string) => void = + logger?.constructor?.name === "NoOpLogger" || !logger ? console.warn : logger.warn; + warn( "HTTP credential provider response header content-type was not application/json. Observed: " + contentType + "." ); } @@ -50,7 +52,9 @@ export async function getCredentials(response: HttpResponse): Promise { - throw new CredentialsProviderError("Could not load credentials from any providers", false); + throw new CredentialsProviderError("Could not load credentials from any providers", { + tryNextLink: false, + logger: init.logger, + }); } ), credentialsTreatedAsExpired, diff --git a/packages/credential-provider-node/src/remoteProvider.ts b/packages/credential-provider-node/src/remoteProvider.ts index 318d8fdbe9388..46c8dbf025617 100644 --- a/packages/credential-provider-node/src/remoteProvider.ts +++ b/packages/credential-provider-node/src/remoteProvider.ts @@ -23,7 +23,7 @@ export const remoteProvider = async (init: RemoteProviderInit): Promise { - throw new CredentialsProviderError("EC2 Instance Metadata Service access disabled"); + throw new CredentialsProviderError("EC2 Instance Metadata Service access disabled", { logger: init.logger }); }; } diff --git a/packages/credential-provider-process/src/fromProcess.ts b/packages/credential-provider-process/src/fromProcess.ts index 719a2958c6388..045853f179dd0 100644 --- a/packages/credential-provider-process/src/fromProcess.ts +++ b/packages/credential-provider-process/src/fromProcess.ts @@ -20,5 +20,5 @@ export const fromProcess = async () => { init.logger?.debug("@aws-sdk/credential-provider-process", "fromProcess"); const profiles = await parseKnownFiles(init); - return resolveProcessCredentials(getProfileName(init), profiles); + return resolveProcessCredentials(getProfileName(init), profiles, init.logger); }; diff --git a/packages/credential-provider-process/src/resolveProcessCredentials.ts b/packages/credential-provider-process/src/resolveProcessCredentials.ts index 28a5e56f7a49b..c0df0c38da100 100644 --- a/packages/credential-provider-process/src/resolveProcessCredentials.ts +++ b/packages/credential-provider-process/src/resolveProcessCredentials.ts @@ -1,5 +1,5 @@ import { CredentialsProviderError } from "@smithy/property-provider"; -import { AwsCredentialIdentity, ParsedIniData } from "@smithy/types"; +import { AwsCredentialIdentity, Logger, ParsedIniData } from "@smithy/types"; import { exec } from "child_process"; import { promisify } from "util"; @@ -11,7 +11,8 @@ import { ProcessCredentials } from "./ProcessCredentials"; */ export const resolveProcessCredentials = async ( profileName: string, - profiles: ParsedIniData + profiles: ParsedIniData, + logger?: Logger ): Promise => { const profile = profiles[profileName]; @@ -29,16 +30,18 @@ export const resolveProcessCredentials = async ( } return getValidatedProcessCredentials(profileName, data as ProcessCredentials); } catch (error) { - throw new CredentialsProviderError(error.message); + throw new CredentialsProviderError(error.message, { logger }); } } else { - throw new CredentialsProviderError(`Profile ${profileName} did not contain credential_process.`); + throw new CredentialsProviderError(`Profile ${profileName} did not contain credential_process.`, { logger }); } } else { // If the profile cannot be parsed or does not contain the default or // specified profile throw an error. This should be considered a terminal // resolution error if a profile has been specified by the user (whether via // a parameter, anenvironment variable, or another profile's `source_profile` key). - throw new CredentialsProviderError(`Profile ${profileName} could not be found in shared credentials file.`); + throw new CredentialsProviderError(`Profile ${profileName} could not be found in shared credentials file.`, { + logger, + }); } }; diff --git a/packages/credential-provider-sso/src/fromSSO.ts b/packages/credential-provider-sso/src/fromSSO.ts index 7ba762e292a9d..7ee590ef41e42 100644 --- a/packages/credential-provider-sso/src/fromSSO.ts +++ b/packages/credential-provider-sso/src/fromSSO.ts @@ -92,11 +92,13 @@ export const fromSSO = const profile = profiles[profileName]; if (!profile) { - throw new CredentialsProviderError(`Profile ${profileName} was not found.`); + throw new CredentialsProviderError(`Profile ${profileName} was not found.`, { logger: init.logger }); } if (!isSsoProfile(profile)) { - throw new CredentialsProviderError(`Profile ${profileName} is not configured with SSO credentials.`); + throw new CredentialsProviderError(`Profile ${profileName} is not configured with SSO credentials.`, { + logger: init.logger, + }); } if (profile?.sso_session) { @@ -104,16 +106,25 @@ export const fromSSO = const session = ssoSessions[profile.sso_session]; const conflictMsg = ` configurations in profile ${profileName} and sso-session ${profile.sso_session}`; if (ssoRegion && ssoRegion !== session.sso_region) { - throw new CredentialsProviderError(`Conflicting SSO region` + conflictMsg, false); + throw new CredentialsProviderError(`Conflicting SSO region` + conflictMsg, { + tryNextLink: false, + logger: init.logger, + }); } if (ssoStartUrl && ssoStartUrl !== session.sso_start_url) { - throw new CredentialsProviderError(`Conflicting SSO start_url` + conflictMsg, false); + throw new CredentialsProviderError(`Conflicting SSO start_url` + conflictMsg, { + tryNextLink: false, + logger: init.logger, + }); } profile.sso_region = session.sso_region; profile.sso_start_url = session.sso_start_url; } - const { sso_start_url, sso_account_id, sso_region, sso_role_name, sso_session } = validateSsoProfile(profile); + const { sso_start_url, sso_account_id, sso_region, sso_role_name, sso_session } = validateSsoProfile( + profile, + init.logger + ); return resolveSSOCredentials({ ssoStartUrl: sso_start_url, ssoSession: sso_session, @@ -127,7 +138,8 @@ export const fromSSO = } else if (!ssoStartUrl || !ssoAccountId || !ssoRegion || !ssoRoleName) { throw new CredentialsProviderError( "Incomplete configuration. The fromSSO() argument hash must include " + - '"ssoStartUrl", "ssoAccountId", "ssoRegion", "ssoRoleName"' + '"ssoStartUrl", "ssoAccountId", "ssoRegion", "ssoRoleName"', + { tryNextLink: false, logger: init.logger } ); } else { return resolveSSOCredentials({ diff --git a/packages/credential-provider-sso/src/resolveSSOCredentials.ts b/packages/credential-provider-sso/src/resolveSSOCredentials.ts index d7e78ffdf999f..e3837d9fcbce0 100644 --- a/packages/credential-provider-sso/src/resolveSSOCredentials.ts +++ b/packages/credential-provider-sso/src/resolveSSOCredentials.ts @@ -20,6 +20,7 @@ export const resolveSSOCredentials = async ({ ssoClient, clientConfig, profile, + logger, }: FromSSOInit & SsoCredentialsParameters): Promise => { let token: SSOToken; const refreshMessage = `To refresh this SSO session run aws sso login with the corresponding profile.`; @@ -32,24 +33,27 @@ export const resolveSSOCredentials = async ({ expiresAt: new Date(_token.expiration!).toISOString(), }; } catch (e) { - throw new CredentialsProviderError(e.message, SHOULD_FAIL_CREDENTIAL_CHAIN); + throw new CredentialsProviderError(e.message, { + tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, + logger, + }); } } else { try { token = await getSSOTokenFromFile(ssoStartUrl); } catch (e) { - throw new CredentialsProviderError( - `The SSO session associated with this profile is invalid. ${refreshMessage}`, - SHOULD_FAIL_CREDENTIAL_CHAIN - ); + throw new CredentialsProviderError(`The SSO session associated with this profile is invalid. ${refreshMessage}`, { + tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, + logger, + }); } } if (new Date(token.expiresAt).getTime() - Date.now() <= 0) { - throw new CredentialsProviderError( - `The SSO session associated with this profile has expired. ${refreshMessage}`, - SHOULD_FAIL_CREDENTIAL_CHAIN - ); + throw new CredentialsProviderError(`The SSO session associated with this profile has expired. ${refreshMessage}`, { + tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, + logger, + }); } const { accessToken } = token; @@ -88,7 +92,10 @@ export const resolveSSOCredentials = async ({ }; if (!accessKeyId || !secretAccessKey || !sessionToken || !expiration) { - throw new CredentialsProviderError("SSO returns an invalid temporary credential.", SHOULD_FAIL_CREDENTIAL_CHAIN); + throw new CredentialsProviderError("SSO returns an invalid temporary credential.", { + tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, + logger, + }); } return { accessKeyId, secretAccessKey, sessionToken, expiration: new Date(expiration), credentialScope }; diff --git a/packages/credential-provider-sso/src/validateSsoProfile.ts b/packages/credential-provider-sso/src/validateSsoProfile.ts index 9ce6400145be1..d9e9e9b83561b 100644 --- a/packages/credential-provider-sso/src/validateSsoProfile.ts +++ b/packages/credential-provider-sso/src/validateSsoProfile.ts @@ -1,11 +1,12 @@ import { CredentialsProviderError } from "@smithy/property-provider"; +import { Logger } from "@smithy/types"; import { SsoProfile } from "./types"; /** * @internal */ -export const validateSsoProfile = (profile: Partial): SsoProfile => { +export const validateSsoProfile = (profile: Partial, logger?: Logger): SsoProfile => { const { sso_start_url, sso_account_id, sso_region, sso_role_name } = profile; if (!sso_start_url || !sso_account_id || !sso_region || !sso_role_name) { throw new CredentialsProviderError( @@ -13,7 +14,7 @@ export const validateSsoProfile = (profile: Partial): SsoProfile => `"sso_region", "sso_role_name", "sso_start_url". Got ${Object.keys(profile).join( ", " )}\nReference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`, - false + { tryNextLink: false, logger } ); } return profile as SsoProfile; diff --git a/packages/credential-provider-web-identity/src/fromTokenFile.ts b/packages/credential-provider-web-identity/src/fromTokenFile.ts index 2b73cc9d0e044..19d6ee0803e7a 100644 --- a/packages/credential-provider-web-identity/src/fromTokenFile.ts +++ b/packages/credential-provider-web-identity/src/fromTokenFile.ts @@ -35,7 +35,9 @@ export const fromTokenFile = const roleSessionName = init?.roleSessionName ?? process.env[ENV_ROLE_SESSION_NAME]; if (!webIdentityTokenFile || !roleArn) { - throw new CredentialsProviderError("Web identity configuration not specified"); + throw new CredentialsProviderError("Web identity configuration not specified", { + logger: init.logger, + }); } return fromWebToken({ diff --git a/packages/credential-providers/src/fromTemporaryCredentials.ts b/packages/credential-providers/src/fromTemporaryCredentials.ts index fc48c992383a2..a9ecbd6a03b8a 100644 --- a/packages/credential-providers/src/fromTemporaryCredentials.ts +++ b/packages/credential-providers/src/fromTemporaryCredentials.ts @@ -60,7 +60,10 @@ export const fromTemporaryCredentials = (options: FromTemporaryCredentialsOption if (!options.mfaCodeProvider) { throw new CredentialsProviderError( `Temporary credential requires multi-factor authentication,` + ` but no MFA code callback was provided.`, - false + { + tryNextLink: false, + logger: options.logger, + } ); } params.TokenCode = await options.mfaCodeProvider(params?.SerialNumber); @@ -76,7 +79,9 @@ export const fromTemporaryCredentials = (options: FromTemporaryCredentialsOption } const { Credentials } = await stsClient.send(new AssumeRoleCommand(params)); if (!Credentials || !Credentials.AccessKeyId || !Credentials.SecretAccessKey) { - throw new CredentialsProviderError(`Invalid response from STS.assumeRole call with role ${params.RoleArn}`); + throw new CredentialsProviderError(`Invalid response from STS.assumeRole call with role ${params.RoleArn}`, { + logger: options.logger, + }); } return { accessKeyId: Credentials.AccessKeyId,