Allow overwriting STS config in ChainableTemporaryCredentials (#2803)

STS uses the global endpoint per default which does not work for "opt-in" regions. The `ChainableTemporaryCredentials` wrapper for fetching credentials via `AssumeRole` or `GetSessionToken` does not allow overriding the endpoint or set a different region. This change will introduce another optional constructor parameter for specifying the STS client configuration and forwarding it to the client constructor. fix: #2673
aws · Aug 19, 2019 · 3ffad9c · 3ffad9c
1 parent f731ff1
commit 3ffad9c
Show file tree

Hide file tree

Showing 6 changed files with 30 additions and 10 deletions.
diff --git a/.changes/next-release/feature-ChainableTemporaryCredentials-5b0ffa87.json b/.changes/next-release/feature-ChainableTemporaryCredentials-5b0ffa87.json
@@ -0,0 +1,5 @@
+{
+  "type": "feature",
+  "category": "ChainableTemporaryCredentials",
+  "description": "Support for specifying STS client config when creating ChainableTemporaryCredentials to override endpoint or region."
+}
diff --git a/dist/aws-sdk-react-native.js b/dist/aws-sdk-react-native.js
@@ -17825,10 +17825,14 @@ return /******/ (function(modules) { // webpackBootstrap
 	        this.tokenCodeFn = options.tokenCodeFn;
 	      }
 	    }
-	    this.service = new STS({
-	      params: params,
-	      credentials: options.masterCredentials || AWS.config.credentials
-	    });
+	    config = AWS.util.merge(
+	      {
+	        params: params,
+	        credentials: options.masterCredentials || AWS.config.credentials
+	      },
+	      options.stsConfig || {}
+	    );
+	    this.service = new STS(config);
 	  },
 
 	  /**

diff --git a/lib/credentials/chainable_temporary_credentials.d.ts b/lib/credentials/chainable_temporary_credentials.d.ts
@@ -3,7 +3,7 @@ import {AWSError} from '../error';
 import STS = require('../../clients/sts');
 
 export class ChainableTemporaryCredentials extends Credentials {
-    constructor(options: ChainableTemporaryCredentials.ChainableTemporaryCredentialsOptions, masterCredentials?: Credentials);
+    constructor(options: ChainableTemporaryCredentials.ChainableTemporaryCredentialsOptions);
     /**
      * Creates a new temporary credentials object.
      */
@@ -24,6 +24,7 @@ declare namespace ChainableTemporaryCredentials {
     export type ChainableTemporaryCredentialsOptions = {
         params?: STS.Types.AssumeRoleRequest|STS.Types.GetSessionTokenRequest,
         masterCredentials?: Credentials,
+        stsConfig: STS.Types.ClientConfiguration,
         tokenCodeFn?: (serialNumber: string, callback: (err?: Error, token?: string) => void) => void
     }
 }
diff --git a/lib/credentials/chainable_temporary_credentials.js b/lib/credentials/chainable_temporary_credentials.js
@@ -119,10 +119,14 @@ AWS.ChainableTemporaryCredentials = AWS.util.inherit(AWS.Credentials, {
         this.tokenCodeFn = options.tokenCodeFn;
       }
     }
-    this.service = new STS({
-      params: params,
-      credentials: options.masterCredentials || AWS.config.credentials
-    });
+    config = AWS.util.merge(
+      {
+        params: params,
+        credentials: options.masterCredentials || AWS.config.credentials
+      },
+      options.stsConfig || {}
+    );
+    this.service = new STS(config);
   },
 
   /**

diff --git a/package.json b/package.json
@@ -143,4 +143,4 @@
     "helper-test": "mocha scripts/lib/test-helper.spec.js",
     "csm-functional-test": "mocha test/publisher/functional_test"
   }
-}
+}
diff --git a/test/credentials.spec.js b/test/credentials.spec.js
-Original file line number
+Diff line change
@@ Expand Up / @@ -143,4 +143,4 @@ @@
         "helper-test": "mocha scripts/lib/test-helper.spec.js",
         "csm-functional-test": "mocha test/publisher/functional_test"
       }
-    }
+    }