chore: revert to 3.618.0

clients/client-sts/src/defaultStsRoleAssumers.ts

@@ -29,31 +29,6 @@ export type RoleAssumer = (
 
 const ASSUME_ROLE_DEFAULT_REGION = "us-east-1";
 
-interface AssumedRoleUser {
-  /**
-   * The ARN of the temporary security credentials that are returned from the AssumeRole action.
-   */
-  Arn?: string;
-
-  /**
-   * A unique identifier that contains the role ID and the role session name of the role that is being assumed.
-   */
-  AssumedRoleId?: string;
-}
-
-/**
- * @internal
- */
-const getAccountIdFromAssumedRoleUser = (assumedRoleUser?: AssumedRoleUser) => {
-  if (typeof assumedRoleUser?.Arn === "string") {
-    const arnComponents = assumedRoleUser.Arn.split(":");
-    if (arnComponents.length > 4 && arnComponents[4] !== "") {
-      return arnComponents[4];
-    }
-  }
-  return undefined;
-};
-
 /**
  * @internal
  *
@@ -109,21 +84,17 @@ export const getDefaultRoleAssumer = (
         logger: logger as any,
       });
     }
-    const { Credentials, AssumedRoleUser } = await stsClient.send(new AssumeRoleCommand(params));
+    const { Credentials } = await stsClient.send(new AssumeRoleCommand(params));
     if (!Credentials || !Credentials.AccessKeyId || !Credentials.SecretAccessKey) {
       throw new Error(`Invalid response from STS.assumeRole call with role ${params.RoleArn}`);
     }
-
-    const accountId = getAccountIdFromAssumedRoleUser(AssumedRoleUser);
-
     return {
       accessKeyId: Credentials.AccessKeyId,
       secretAccessKey: Credentials.SecretAccessKey,
       sessionToken: Credentials.SessionToken,
       expiration: Credentials.Expiration,
       // TODO(credentialScope): access normally when shape is updated.
-      ...((Credentials as any).CredentialScope && { credentialScope: (Credentials as any).CredentialScope }),
-      ...(accountId && { accountId }),
+      credentialScope: (Credentials as any).CredentialScope,
     };
   };
 };
@@ -163,21 +134,17 @@ export const getDefaultRoleAssumerWithWebIdentity = (
         logger: logger as any,
       });
     }
-    const { Credentials, AssumedRoleUser } = await stsClient.send(new AssumeRoleWithWebIdentityCommand(params));
+    const { Credentials } = await stsClient.send(new AssumeRoleWithWebIdentityCommand(params));
     if (!Credentials || !Credentials.AccessKeyId || !Credentials.SecretAccessKey) {
       throw new Error(`Invalid response from STS.assumeRoleWithWebIdentity call with role ${params.RoleArn}`);
     }
-
-    const accountId = getAccountIdFromAssumedRoleUser(AssumedRoleUser);
-
     return {
       accessKeyId: Credentials.AccessKeyId,
       secretAccessKey: Credentials.SecretAccessKey,
       sessionToken: Credentials.SessionToken,
       expiration: Credentials.Expiration,
       // TODO(credentialScope): access normally when shape is updated.
-      ...((Credentials as any).CredentialScope && { credentialScope: (Credentials as any).CredentialScope }),
-      ...(accountId && { accountId }),
+      credentialScope: (Credentials as any).CredentialScope,
     };
   };
 };

clients/client-sts/test/defaultRoleAssumers.spec.ts

@@ -89,17 +89,6 @@ describe("getDefaultRoleAssumer", () => {
     );
   });
 
-  it("should return accountId in the credentials", async () => {
-    const roleAssumer = getDefaultRoleAssumer();
-    const params: AssumeRoleCommandInput = {
-      RoleArn: "arn:aws:foo",
-      RoleSessionName: "session",
-    };
-    const sourceCred = { accessKeyId: "key", secretAccessKey: "secrete" };
-    const assumedRole = await roleAssumer(sourceCred, params);
-    expect(assumedRole.accountId).toEqual("123");
-  });
-
   it("should use the STS client config", async () => {
     const logger = console;
     const region = "some-region";
@@ -180,10 +169,6 @@ describe("getDefaultRoleAssumer", () => {
 describe("getDefaultRoleAssumerWithWebIdentity", () => {
   const assumeRoleResponse = `<Response xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
   <AssumeRoleWithWebIdentityResult>
-  <AssumedRoleUser>
-      <AssumedRoleId>AROAZOX2IL27GNRBJHWC2:session</AssumedRoleId>
-      <Arn>arn:aws:sts::123456789012:assumed-role/assume-role-test/session</Arn>
-    </AssumedRoleUser>
     <Credentials>
       <AccessKeyId>key</AccessKeyId>
       <SecretAccessKey>secrete</SecretAccessKey>
@@ -224,17 +209,6 @@ describe("getDefaultRoleAssumerWithWebIdentity", () => {
     });
   });
 
-  it("should return accountId in the credentials", async () => {
-    const roleAssumerWithWebIdentity = getDefaultRoleAssumerWithWebIdentity();
-    const params: AssumeRoleWithWebIdentityCommandInput = {
-      RoleArn: "arn:aws:foo",
-      RoleSessionName: "session",
-      WebIdentityToken: "token",
-    };
-    const assumedRole = await roleAssumerWithWebIdentity(params);
-    expect(assumedRole.accountId).toEqual("123456789012");
-  });
-
   it("should use the STS client middleware", async () => {
     const customMiddlewareFunction = jest.fn();
     const roleAssumerWithWebIdentity = getDefaultRoleAssumerWithWebIdentity({}, [

codegen/smithy-aws-typescript-codegen/src/main/resources/software/amazon/smithy/aws/typescript/codegen/sts-client-defaultRoleAssumers.spec.ts

@@ -87,17 +87,6 @@ describe("getDefaultRoleAssumer", () => {
     );
   });
 
-  it("should return accountId in the credentials", async () => {
-    const roleAssumer = getDefaultRoleAssumer();
-    const params: AssumeRoleCommandInput = {
-      RoleArn: "arn:aws:foo",
-      RoleSessionName: "session",
-    };
-    const sourceCred = { accessKeyId: "key", secretAccessKey: "secrete" };
-    const assumedRole = await roleAssumer(sourceCred, params);
-    expect(assumedRole.accountId).toEqual("123");
-  });
-
   it("should use the STS client config", async () => {
     const logger = console;
     const region = "some-region";
@@ -178,10 +167,6 @@ describe("getDefaultRoleAssumer", () => {
 describe("getDefaultRoleAssumerWithWebIdentity", () => {
   const assumeRoleResponse = `<Response xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
   <AssumeRoleWithWebIdentityResult>
-  <AssumedRoleUser>
-      <AssumedRoleId>AROAZOX2IL27GNRBJHWC2:session</AssumedRoleId>
-      <Arn>arn:aws:sts::123456789012:assumed-role/assume-role-test/session</Arn>
-    </AssumedRoleUser>
     <Credentials>
       <AccessKeyId>key</AccessKeyId>
       <SecretAccessKey>secrete</SecretAccessKey>
@@ -222,17 +207,6 @@ describe("getDefaultRoleAssumerWithWebIdentity", () => {
     });
   });
 
-  it("should return accountId in the credentials", async () => {
-    const roleAssumerWithWebIdentity = getDefaultRoleAssumerWithWebIdentity();
-    const params: AssumeRoleWithWebIdentityCommandInput = {
-      RoleArn: "arn:aws:foo",
-      RoleSessionName: "session",
-      WebIdentityToken: "token",
-    };
-    const assumedRole = await roleAssumerWithWebIdentity(params);
-    expect(assumedRole.accountId).toEqual("123456789012");
-  });
-
   it("should use the STS client middleware", async () => {
     const customMiddlewareFunction = jest.fn();
     const roleAssumerWithWebIdentity = getDefaultRoleAssumerWithWebIdentity({}, [

codegen/smithy-aws-typescript-codegen/src/main/resources/software/amazon/smithy/aws/typescript/codegen/sts-client-defaultStsRoleAssumers.ts

@@ -26,31 +26,6 @@ export type RoleAssumer = (
 
 const ASSUME_ROLE_DEFAULT_REGION = "us-east-1";
 
-interface AssumedRoleUser {
-  /**
-   * The ARN of the temporary security credentials that are returned from the AssumeRole action.
-   */
-  Arn?: string;
-
-  /**
-   * A unique identifier that contains the role ID and the role session name of the role that is being assumed.
-   */
-  AssumedRoleId?: string;
-}
-
-/**
- * @internal
- */
-const getAccountIdFromAssumedRoleUser = (assumedRoleUser?: AssumedRoleUser) => {
-  if (typeof assumedRoleUser?.Arn === "string") {
-    const arnComponents = assumedRoleUser.Arn.split(":");
-    if (arnComponents.length > 4 && arnComponents[4] !== "") {
-      return arnComponents[4];
-    }
-  }
-  return undefined;
-};
-
 /**
  * @internal
  *
@@ -106,21 +81,17 @@ export const getDefaultRoleAssumer = (
         logger: logger as any,
       });
     }
-    const { Credentials, AssumedRoleUser } = await stsClient.send(new AssumeRoleCommand(params));
+    const { Credentials } = await stsClient.send(new AssumeRoleCommand(params));
     if (!Credentials || !Credentials.AccessKeyId || !Credentials.SecretAccessKey) {
       throw new Error(`Invalid response from STS.assumeRole call with role ${params.RoleArn}`);
     }
-
-    const accountId = getAccountIdFromAssumedRoleUser(AssumedRoleUser);
-
     return {
       accessKeyId: Credentials.AccessKeyId,
       secretAccessKey: Credentials.SecretAccessKey,
       sessionToken: Credentials.SessionToken,
       expiration: Credentials.Expiration,
       // TODO(credentialScope): access normally when shape is updated.
-      ...((Credentials as any).CredentialScope && { credentialScope: (Credentials as any).CredentialScope }),
-      ...(accountId && { accountId }),
+      credentialScope: (Credentials as any).CredentialScope,
     };
   };
 };
@@ -160,21 +131,17 @@ export const getDefaultRoleAssumerWithWebIdentity = (
         logger: logger as any,
       });
     }
-    const { Credentials, AssumedRoleUser } = await stsClient.send(new AssumeRoleWithWebIdentityCommand(params));
+    const { Credentials } = await stsClient.send(new AssumeRoleWithWebIdentityCommand(params));
     if (!Credentials || !Credentials.AccessKeyId || !Credentials.SecretAccessKey) {
       throw new Error(`Invalid response from STS.assumeRoleWithWebIdentity call with role ${params.RoleArn}`);
     }
-
-    const accountId = getAccountIdFromAssumedRoleUser(AssumedRoleUser);
-
     return {
       accessKeyId: Credentials.AccessKeyId,
       secretAccessKey: Credentials.SecretAccessKey,
       sessionToken: Credentials.SessionToken,
       expiration: Credentials.Expiration,
       // TODO(credentialScope): access normally when shape is updated.
-      ...((Credentials as any).CredentialScope && { credentialScope: (Credentials as any).CredentialScope }),
-      ...(accountId && { accountId }),
+      credentialScope: (Credentials as any).CredentialScope,
     };
   };
 };

packages/credential-provider-env/src/fromEnv.spec.ts

@@ -1,14 +1,13 @@
 import { CredentialsProviderError } from "@smithy/property-provider";
 
-import { ENV_ACCOUNT_ID, ENV_EXPIRATION, ENV_KEY, ENV_SECRET, ENV_SESSION, fromEnv } from "./fromEnv";
+import { ENV_EXPIRATION, ENV_KEY, ENV_SECRET, ENV_SESSION, fromEnv } from "./fromEnv";
 
 describe(fromEnv.name, () => {
   const ORIGINAL_ENV = process.env;
   const mockAccessKeyId = "mockAccessKeyId";
   const mockSecretAccessKey = "mockSecretAccessKey";
   const mockSessionToken = "mockSessionToken";
   const mockExpiration = new Date().toISOString();
-  const mockAccountId = "123456789012";
 
   beforeEach(() => {
     process.env = {
@@ -17,7 +16,6 @@ describe(fromEnv.name, () => {
       [ENV_SECRET]: mockSecretAccessKey,
       [ENV_SESSION]: mockSessionToken,
       [ENV_EXPIRATION]: mockExpiration,
-      [ENV_ACCOUNT_ID]: mockAccountId,
     };
   });
 
@@ -32,33 +30,19 @@ describe(fromEnv.name, () => {
       secretAccessKey: mockSecretAccessKey,
       sessionToken: mockSessionToken,
       expiration: new Date(mockExpiration),
-      accountId: mockAccountId,
     });
   });
 
-  it("can create credentials without a session token, accountId, or expiration", async () => {
+  it("can create credentials without a session token or expiration", async () => {
     delete process.env[ENV_SESSION];
     delete process.env[ENV_EXPIRATION];
-    delete process.env[ENV_ACCOUNT_ID];
     const receivedCreds = await fromEnv()();
     expect(receivedCreds).toStrictEqual({
       accessKeyId: mockAccessKeyId,
       secretAccessKey: mockSecretAccessKey,
     });
   });
 
-  it("should include accountId when it is provided in environment variables", async () => {
-    process.env[ENV_ACCOUNT_ID] = mockAccountId;
-    const receivedCreds = await fromEnv()();
-    expect(receivedCreds).toHaveProperty("accountId", mockAccountId);
-  });
-
-  it("should not include accountId when it is not provided in environment variables", async () => {
-    delete process.env[ENV_ACCOUNT_ID]; // Ensure accountId is not set
-    const receivedCreds = await fromEnv()();
-    expect(receivedCreds).not.toHaveProperty("accountId");
-  });
-
   it.each([ENV_KEY, ENV_SECRET])("throws if env['%s'] is not found", async (key) => {
     delete process.env[key];
     const expectedError = new CredentialsProviderError("Unable to find environment variable credentials.");

packages/credential-provider-env/src/fromEnv.ts

@@ -24,10 +24,6 @@ export const ENV_EXPIRATION = "AWS_CREDENTIAL_EXPIRATION";
  * @internal
  */
 export const ENV_CREDENTIAL_SCOPE = "AWS_CREDENTIAL_SCOPE";
-/**
- * @internal
- */
-export const ENV_ACCOUNT_ID = "AWS_ACCOUNT_ID";
 
 /**
  * @internal
@@ -45,7 +41,6 @@ export const fromEnv =
     const sessionToken: string | undefined = process.env[ENV_SESSION];
     const expiry: string | undefined = process.env[ENV_EXPIRATION];
     const credentialScope: string | undefined = process.env[ENV_CREDENTIAL_SCOPE];
-    const accountId: string | undefined = process.env[ENV_ACCOUNT_ID];
 
     if (accessKeyId && secretAccessKey) {
       return {
@@ -54,7 +49,6 @@ export const fromEnv =
         ...(sessionToken && { sessionToken }),
         ...(expiry && { expiration: new Date(expiry) }),
         ...(credentialScope && { credentialScope }),
-        ...(accountId && { accountId }),
       };
     }
 

packages/credential-provider-ini/src/resolveStaticCredentials.spec.ts

@@ -5,7 +5,6 @@ const getMockStaticCredsProfile = () => ({
   aws_secret_access_key: "mock_aws_secret_access_key",
   aws_session_token: "mock_aws_session_token",
   aws_credential_scope: "mock_aws_credential_scope",
-  aws_account_id: "mock_aws_account_id",
 });
 
 describe(isStaticCredsProfile.name, () => {
@@ -33,12 +32,6 @@ describe(isStaticCredsProfile.name, () => {
     });
   });
 
-  it.each(["aws_account_id"])("value at '%s' is not of type string | undefined", (key) => {
-    [true, null, 1, NaN, {}].forEach((value) => {
-      expect(isStaticCredsProfile({ ...getMockStaticCredsProfile(), [key]: value })).toEqual(false);
-    });
-  });
-
   it("returns true for StaticCredentialsProfile", () => {
     expect(isStaticCredsProfile(getMockStaticCredsProfile())).toEqual(true);
   });
@@ -53,7 +46,6 @@ describe(resolveStaticCredentials.name, () => {
       secretAccessKey: mockProfile.aws_secret_access_key,
       sessionToken: mockProfile.aws_session_token,
       credentialScope: mockProfile.aws_credential_scope,
-      accountId: mockProfile.aws_account_id,
     });
   });
 });

packages/credential-provider-ini/src/resolveStaticCredentials.ts

@@ -10,7 +10,6 @@ export interface StaticCredsProfile extends Profile {
   aws_secret_access_key: string;
   aws_session_token?: string;
   aws_credential_scope?: string;
-  aws_account_id?: string;
 }
 
 /**
@@ -21,8 +20,7 @@ export const isStaticCredsProfile = (arg: any): arg is StaticCredsProfile =>
   typeof arg === "object" &&
   typeof arg.aws_access_key_id === "string" &&
   typeof arg.aws_secret_access_key === "string" &&
-  ["undefined", "string"].indexOf(typeof arg.aws_session_token) > -1 &&
-  ["undefined", "string"].indexOf(typeof arg.aws_account_id) > -1;
+  ["undefined", "string"].indexOf(typeof arg.aws_session_token) > -1;
 
 /**
  * @internal
@@ -36,7 +34,6 @@ export const resolveStaticCredentials = (
     accessKeyId: profile.aws_access_key_id,
     secretAccessKey: profile.aws_secret_access_key,
     sessionToken: profile.aws_session_token,
-    ...(profile.aws_credential_scope && { credentialScope: profile.aws_credential_scope }),
-    ...(profile.aws_account_id && { accountId: profile.aws_account_id }),
+    credentialScope: profile.aws_credential_scope,
   });
 };