docs: use clientConfig to override all creds providers client config

Author: AllanZhengYP

UPGRADING.md

@@ -270,7 +270,7 @@ Load credentials from Cognito Identity service, normally used in browsers.
   const client = new FooClient({
     region: "us-east-1",
     credentials: fromCognitoIdentityPool({
-      client: cognitoIdentityClient // Optional
+      clientConfig: cognitoIdentityClientConfig // Optional
       identityPoolId: "us-east-1:1699ebc0-7900-4099-b910-2df94f52a030",
       customRoleArn: "arn:aws:iam::1234567890:role/MYAPP-CognitoIdentity", // Optional
       logins: {
@@ -291,7 +291,7 @@ Load credentials from Cognito Identity service, normally used in browsers.
   const client = new FooClient({
     region: "us-east-1",
     credentials: fromCognitoIdentity({
-      client: cognitoIdentityClient, // Optional
+      clientConfig: cognitoIdentityClientConfig, // Optional
       identityId: "us-east-1:128d0a74-c82f-4553-916d-90053e4a8b0f",
       customRoleArn: "arn:aws:iam::1234567890:role/MYAPP-CognitoIdentity", // Optional
       logins: {
@@ -383,7 +383,7 @@ for more information.
         return "some_code";
       }, // Optional
       profile: "default", // Optional
-      stsConfig: { region }, // Optional
+      clientConfig: { region }, // Optional
     }),
   });
   ```
@@ -396,14 +396,14 @@ Retrieves credentials using OIDC token from a file on disk. It's commonly used i
 - **v3**: [`fromTokenFile`](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/modules/_aws_sdk_credential_provider_web_identity.html#fromtokenfile-1)
 
   ```javascript
-  import { fromTokenFile } from "@aws-sdk/credential-provider-web-identity"; // ES6 import
-  // const { fromIni } from("@aws-sdk/credential-provider-ini"); // CommonJS import
+  import { fromTokenFile } from "@aws-sdk/credential-providers"; // ES6 import
+  // const { fromIni } from("@aws-sdk/credential-providers"); // CommonJS import
 
   const client = new FooClient({
     credentials: fromTokenFile({
       roleArn: "arn:xxxx" // Optional. Otherwise read from `AWS_ROLE_ARN` environmental variable
       roleSessionName: "session:a", // Optional. Otherwise read from `AWS_ROLE_SESSION_NAME` environmental variable
-      stsConfig: { region } // // Optional. STS client config to make the assume role request.
+      clientConfig: { region } // // Optional. STS client config to make the assume role request.
     })
   });
   ```
@@ -416,14 +416,14 @@ Retrieves credentials from STS web identity federation support.
 - **v3**: [`fromWebToken`](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/modules/_aws_sdk_credential_provider_web_identity.html#fromwebtoken-1)
 
   ```javascript
-  import { fromWebToken } from "@aws-sdk/credential-provider-web-identity"; // ES6 import
-  // const { fromWebToken } from("@aws-sdk/credential-provider-web-identity"); // CommonJS import
+  import { fromWebToken } from "@aws-sdk/credential-providers"; // ES6 import
+  // const { fromWebToken } from("@aws-sdk/credential-providers"); // CommonJS import
 
   const client = new FooClient({
     credentials: fromWebToken({
       roleArn: "arn:xxxx" // Otherwise read from `AWS_ROLE_ARN` environmental variable
       roleSessionName: "session:a", // Otherwise read from `AWS_ROLE_SESSION_NAME` environmental variable
-      stsConfig: { region } // // Optional. STS client config to make the assume role request.
+      clientConfig: { region } // // Optional. STS client config to make the assume role request.
     })
   });
   ```

packages/credential-providers/README.md

@@ -54,8 +54,8 @@ const dynamodb = new DynamoDBClient({
       "api.twitter.com": "TWITTERTOKEN'",
       "www.digits.com": "DIGITSTOKEN"
     },
-    // Optional. Custom client if you need overwrite default client configuration
-    client: new CognitoIdentityClient({ region })
+    // Optional. Custom client config if you need overwrite default Cognito Identity client configuration.
+    clientConfig: { region }
   }),
 });
 ```
@@ -95,8 +95,8 @@ const dynamodb = new DynamoDBClient({
       'api.twitter.com': 'TWITTERTOKEN',
       'www.digits.com': 'DIGITSTOKEN'
     },
-    // Optional. Custom client if you need overwrite default client configuration
-    client: new CognitoIdentityClient({ region })
+    // Optional. Custom client config if you need overwrite default Cognito Identity client configuration.
+    clientConfig: { region }
   }),
 });
 ```
@@ -130,7 +130,7 @@ const dynamodb = new DynamoDBClient({
       //... For more options see https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html
     },
     // Optional. Custom STS client configurations overriding the default ones.
-    stsConfig: { region },
+    clientConfig: { region },
     // Optional. A function that returns a promise fulfilled with an MFA token code for the provided MFA Serial code.
     // Required if `params` has `SerialNumber` config.
     mfaCodeProvider: async mfaSerial => {
@@ -157,7 +157,7 @@ const dynamodb = new DynamoDBClient({
     // Required. The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider.
     webIdentityToken: await openIdProvider()
     // Optional. Custom STS client configurations overriding the default ones.
-    stsConfig: { region }
+    clientConfig: { region }
     // Optional. A function that assumes a role with web identity and returns a promise fulfilled with credentials for
     // the assumed role.
     roleAssumerWithWebIdentity,
@@ -278,7 +278,7 @@ const client = new DynamoDBClient({
       return "token";
     },
     // Optional. Custom STS client configurations overriding the default ones.
-    stsConfig: { region },
+    clientConfig: { region },
   }),
 });
 ```
@@ -473,7 +473,7 @@ import { fromTokenFile } from "@aws-sdk/credential-providers"; // ES6 example
 const client = new DynamoDBClient({
   credentials: fromTokenFile({
     // Optional. STS client config to make the assume role request.
-    stsConfig: { region }
+    clientConfig: { region }
   });
 });
 ```
@@ -527,9 +527,9 @@ const client = new DynamoDBClient({
     // Optional. The name of the AWS role to assume. Required if any of the `sso*` options(except for `ssoClient`) is
     // provided.
     ssoRoleName: "SampleRole",
-    // Optional. The SSO Client used to request AWS credentials with the SSO access token. If not specified, a default
+    // Optional. Overwrite the configuration used construct the SSO service client. If not specified, a default
     // SSO client will be created with the region specified in the profile `sso_region` entry.
-    ssoClient,
+    clientConfig: { region },
   }),
 });
 ```

packages/credential-providers/src/fromCognitoIdentity.spec.ts

@@ -29,14 +29,14 @@ describe("fromCognitoIdentity", () => {
     expect(CognitoIdentityClient).toBeCalled();
   });
 
-  it("should use client if supplied", () => {
-    const client = "CLIENT" as any;
+  it("should use client config if supplied", () => {
+    const clientConfig = "CLIENT" as any;
     fromCognitoIdentity({
       identityId,
-      client: client,
+      clientConfig,
     });
     expect((coreProvider as jest.Mock).mock.calls[0][0]?.identityId).toBe(identityId);
-    expect((coreProvider as jest.Mock).mock.calls[0][0]?.client).toBe(client);
-    expect(CognitoIdentityClient).not.toBeCalled();
+    expect((coreProvider as jest.Mock).mock.calls[0][0]?.client).toBeInstanceOf(CognitoIdentityClient);
+    expect(CognitoIdentityClient).toBeCalledWith(clientConfig);
   });
 });

packages/credential-providers/src/fromCognitoIdentity.ts

@@ -1,4 +1,4 @@
-import { CognitoIdentityClient } from "@aws-sdk/client-cognito-identity";
+import { CognitoIdentityClient, CognitoIdentityClientConfig } from "@aws-sdk/client-cognito-identity";
 import {
   CognitoIdentityCredentialProvider as _CognitoIdentityCredentialProvider,
   fromCognitoIdentity as _fromCognitoIdentity,
@@ -7,9 +7,9 @@ import {
 
 export interface FromCognitoIdentityParameters extends Omit<_FromCognitoIdentityParameters, "client"> {
   /**
-   * Custom client if you need overwrite default client configuration
+   * Custom client configuration if you need overwrite default Cognito Identity client configuration.
    */
-  client?: CognitoIdentityClient;
+  clientConfig?: CognitoIdentityClientConfig;
 }
 
 export type CognitoIdentityCredentialProvider = _CognitoIdentityCredentialProvider;
@@ -43,14 +43,14 @@ export type CognitoIdentityCredentialProvider = _CognitoIdentityCredentialProvid
  *       "api.twitter.com": "TWITTERTOKEN'",
  *       "www.digits.com": "DIGITSTOKEN"
  *     },
- *     // Optional. Custom client if you need overwrite default client configuration
- *     client: new CognitoIdentityClient({ region })
+ *     // Optional. Custom client configuration if you need overwrite default Cognito Identity client configuration.
+ *     clientConfig: { region }
  *   }),
  * });
  * ```
  */
 export const fromCognitoIdentity = (options: FromCognitoIdentityParameters): CognitoIdentityCredentialProvider =>
   _fromCognitoIdentity({
     ...options,
-    client: options.client ?? new CognitoIdentityClient({}),
+    client: new CognitoIdentityClient(options.clientConfig ?? {}),
   });

packages/credential-providers/src/fromCognitoIdentityPool.spec.ts

@@ -31,17 +31,17 @@ describe("fromCognitoIdentityPool", () => {
     );
     expect((coreProvider as jest.Mock).mock.calls[0][0]?.identityPoolId).toBe(identityPoolId);
     expect((coreProvider as jest.Mock).mock.calls[0][0]?.client).toBeInstanceOf(CognitoIdentityClient);
-    expect(CognitoIdentityClient).toBeCalled();
+    expect(CognitoIdentityClient).toBeCalledWith({});
   });
 
-  it("should use client if supplied", () => {
-    const client = "CLIENT" as any;
+  it("should use client config if supplied", () => {
+    const clientConfig = "CLIENT" as any;
     fromCognitoIdentityPool({
       identityPoolId,
-      client: client,
+      clientConfig,
     });
     expect((coreProvider as jest.Mock).mock.calls[0][0]?.identityPoolId).toBe(identityPoolId);
-    expect((coreProvider as jest.Mock).mock.calls[0][0]?.client).toBe(client);
-    expect(CognitoIdentityClient).not.toBeCalled();
+    expect((coreProvider as jest.Mock).mock.calls[0][0]?.client).toBeInstanceOf(CognitoIdentityClient);
+    expect(CognitoIdentityClient).toBeCalledWith(clientConfig);
   });
 });

packages/credential-providers/src/fromCognitoIdentityPool.ts

@@ -1,12 +1,12 @@
-import { CognitoIdentityClient } from "@aws-sdk/client-cognito-identity";
+import { CognitoIdentityClient, CognitoIdentityClientConfig } from "@aws-sdk/client-cognito-identity";
 import {
   CognitoIdentityCredentialProvider,
   fromCognitoIdentityPool as _fromCognitoIdentityPool,
   FromCognitoIdentityPoolParameters as _FromCognitoIdentityPoolParameters,
 } from "@aws-sdk/credential-provider-cognito-identity";
 
 export interface FromCognitoIdentityPoolParameters extends Omit<_FromCognitoIdentityPoolParameters, "client"> {
-  client?: CognitoIdentityClient;
+  clientConfig?: CognitoIdentityClientConfig;
 }
 
 /**
@@ -43,7 +43,7 @@ export interface FromCognitoIdentityPoolParameters extends Omit<_FromCognitoIden
  *       'api.twitter.com': 'TWITTERTOKEN',
  *       'www.digits.com': 'DIGITSTOKEN'
  *     },
- *     // Optional. Custom client if you need overwrite default client configuration
+ *     // Optional. Custom client configuration if you need overwrite default Cognito Identity client configuration.
  *     client: new CognitoIdentityClient({ region })
  *   }),
  * });
@@ -54,5 +54,5 @@ export const fromCognitoIdentityPool = (
 ): CognitoIdentityCredentialProvider =>
   _fromCognitoIdentityPool({
     ...options,
-    client: options.client ?? new CognitoIdentityClient({}),
+    client: new CognitoIdentityClient(options.clientConfig ?? {}),
   });

packages/credential-providers/src/fromIni.spec.ts

@@ -48,11 +48,11 @@ describe("fromIni", () => {
 
   it("should use supplied sts options", () => {
     const profile = "profile";
-    const stsConfig = {
+    const clientConfig = {
       region: "US_BAR_1",
     };
-    fromIni({ profile, stsConfig });
-    expect(getDefaultRoleAssumer).toBeCalledWith(stsConfig);
-    expect(getDefaultRoleAssumerWithWebIdentity).toBeCalledWith(stsConfig);
+    fromIni({ profile, clientConfig });
+    expect(getDefaultRoleAssumer).toBeCalledWith(clientConfig);
+    expect(getDefaultRoleAssumerWithWebIdentity).toBeCalledWith(clientConfig);
   });
 });

packages/credential-providers/src/fromIni.ts

@@ -3,7 +3,7 @@ import { fromIni as _fromIni, FromIniInit as _FromIniInit } from "@aws-sdk/crede
 import { CredentialProvider } from "@aws-sdk/types";
 
 export interface FromIniInit extends _FromIniInit {
-  stsConfig?: STSClientConfig;
+  clientConfig?: STSClientConfig;
 }
 
 /**
@@ -37,14 +37,15 @@ export interface FromIniInit extends _FromIniInit {
  *       return "token";
  *     },
  *     // Optional. Custom STS client configurations overriding the default ones.
- *     stsConfig: { region },
+ *     clientConfig: { region },
  *   }),
  * });
  * ```
  */
 export const fromIni = (init: FromIniInit = {}): CredentialProvider =>
   _fromIni({
     ...init,
-    roleAssumer: init.roleAssumer ?? getDefaultRoleAssumer(init.stsConfig),
-    roleAssumerWithWebIdentity: init.roleAssumerWithWebIdentity ?? getDefaultRoleAssumerWithWebIdentity(init.stsConfig),
+    roleAssumer: init.roleAssumer ?? getDefaultRoleAssumer(init.clientConfig),
+    roleAssumerWithWebIdentity:
+      init.roleAssumerWithWebIdentity ?? getDefaultRoleAssumerWithWebIdentity(init.clientConfig),
   });

packages/credential-providers/src/fromSSO.spec.ts

@@ -0,0 +1,26 @@
+import { SSOClient } from "@aws-sdk/client-sso";
+
+import { fromSSO } from "./fromSSO";
+
+jest.mock("@aws-sdk/client-sso", () => ({
+  SSOClient: jest.fn().mockImplementation(function () {
+    return "SSO_CLIENT";
+  }),
+}));
+
+describe("fromSSO", () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it("should not inject SSO client if no client config supplied", async () => {
+    fromSSO();
+    expect(SSOClient as jest.Mock).not.toBeCalled();
+  });
+
+  it("should inject SSO client if client config is supplied", async () => {
+    const region = "us-foo-1";
+    fromSSO({ clientConfig: { region } });
+    expect(SSOClient as jest.Mock).toBeCalledWith({ region });
+  });
+});

packages/credential-providers/src/fromSSO.ts

@@ -1,7 +1,10 @@
+import { SSOClient, SSOClientConfig } from "@aws-sdk/client-sso";
 import { fromSSO as _fromSSO, FromSSOInit as _FromSSOInit } from "@aws-sdk/credential-provider-sso";
 import { CredentialProvider } from "@aws-sdk/types";
 
-export interface FromSSOInit extends _FromSSOInit {}
+export interface FromSSOInit extends Omit<_FromSSOInit, "client"> {
+  clientConfig?: SSOClientConfig;
+}
 
 /**
  * Creates a credential provider function that reads from the _resolved_ access token from local disk then requests
@@ -38,11 +41,11 @@ export interface FromSSOInit extends _FromSSOInit {}
  *     // Optional. The name of the AWS role to assume. Required if any of the `sso*` options(except for `ssoClient`) is
  *     // provided.
  *     ssoRoleName: "SampleRole",
- *     // Optional. The SSO Client used to request AWS credentials with the SSO access token. If not specified, a default
- *     // SSO client will be created with the region specified in the profile `sso_region` entry.
- *     ssoClient,
+ *     // Optional. Overwrite the configuration used construct the SSO service client.
+ *     clientConfig: { region },
  *   }),
  * });
  * ```
  */
-export const fromSSO = (init?: FromSSOInit): CredentialProvider => _fromSSO(init);
+export const fromSSO = (init: FromSSOInit = {}): CredentialProvider =>
+  _fromSSO({ ...{ ssoClient: init.clientConfig ? new SSOClient(init.clientConfig) : undefined }, ...init });