chore(nested-clients): use nested clients in packages

kuhe · kuhe · commit 17f92f10cb67 · 2025-01-10T15:09:05.000-05:00
diff --git a/clients/client-s3/package.json b/clients/client-s3/package.json
@@ -27,8 +27,6 @@
     "@aws-crypto/sha1-browser": "5.2.0",
     "@aws-crypto/sha256-browser": "5.2.0",
     "@aws-crypto/sha256-js": "5.2.0",
-    "@aws-sdk/client-sso-oidc": "*",
-    "@aws-sdk/client-sts": "*",
     "@aws-sdk/core": "*",
     "@aws-sdk/credential-provider-node": "*",
     "@aws-sdk/middleware-bucket-endpoint": "*",
diff --git a/codegen/smithy-aws-typescript-codegen/src/main/java/software/amazon/smithy/aws/typescript/codegen/AddAwsAuthPlugin.java b/codegen/smithy-aws-typescript-codegen/src/main/java/software/amazon/smithy/aws/typescript/codegen/AddAwsAuthPlugin.java
@@ -221,7 +221,6 @@ public Map<String, Consumer<TypeScriptWriter>> getRuntimeConfigWriters(
                             .addImport("defaultProvider", "credentialDefaultProvider",
                                 AwsDependency.CREDENTIAL_PROVIDER_NODE)
                             .write("credentialDefaultProvider");
-                        AwsCredentialProviderUtils.addAwsCredentialProviderDependencies(service, writer);
                     }
                 );
             default:
diff --git a/codegen/smithy-aws-typescript-codegen/src/main/java/software/amazon/smithy/aws/typescript/codegen/AwsCredentialProviderUtils.java b/codegen/smithy-aws-typescript-codegen/src/main/java/software/amazon/smithy/aws/typescript/codegen/AwsCredentialProviderUtils.java
@@ -16,7 +16,6 @@
  package software.amazon.smithy.aws.typescript.codegen;
 
 import software.amazon.smithy.model.shapes.ServiceShape;
-import software.amazon.smithy.model.shapes.ShapeId;
 import software.amazon.smithy.typescript.codegen.TypeScriptWriter;
 import software.amazon.smithy.utils.SmithyInternalApi;
 
@@ -28,26 +27,8 @@ public final class AwsCredentialProviderUtils {
 
     private AwsCredentialProviderUtils() {}
 
-    /**
-     * Adds dependencies required by the default credential provider.
-     * The dependencies are skipped in first party credential providers to avoid circular dependency issue.
-     */
+    @Deprecated
     public static void addAwsCredentialProviderDependencies(ServiceShape service, TypeScriptWriter writer) {
-        boolean isStsClient =
-                service.getId().equals(ShapeId.from("com.amazonaws.sts#AWSSecurityTokenServiceV20110615"));
-        boolean isSsoOidcClient = service.getId().equals(ShapeId.from("com.amazonaws.ssooidc#AWSSSOOIDCService"));
-        if (!isSsoOidcClient) {
-            // SSO OIDC client is required in Sso credential provider
-            writer.addDependency(AwsDependency.SSO_OIDC_CLIENT);
-        }
-        if (!isStsClient) {
-            // STS client is required in Ini and WebIdentity credential providers
-            if (isSsoOidcClient) {
-                // For the SSO OIDC client, adding the STS client as a peerDependency avoids circular dependency issues.
-                writer.addDependency(AwsDependency.STS_CLIENT_PEER);
-            } else {
-                writer.addDependency(AwsDependency.STS_CLIENT);
-            }
-        }
+        // deprecated by @aws-sdk/nested-clients package.
     }
 }
diff --git a/codegen/smithy-aws-typescript-codegen/src/main/java/software/amazon/smithy/aws/typescript/codegen/auth/http/integration/AddSTSAuthCustomizations.java b/codegen/smithy-aws-typescript-codegen/src/main/java/software/amazon/smithy/aws/typescript/codegen/auth/http/integration/AddSTSAuthCustomizations.java
@@ -14,7 +14,6 @@
 import java.util.function.Consumer;
 import java.util.logging.Logger;
 import software.amazon.smithy.aws.traits.auth.SigV4Trait;
-import software.amazon.smithy.aws.typescript.codegen.AwsCredentialProviderUtils;
 import software.amazon.smithy.aws.typescript.codegen.AwsDependency;
 import software.amazon.smithy.aws.typescript.codegen.AwsTraitsUtils;
 import software.amazon.smithy.codegen.core.Symbol;
@@ -113,8 +112,6 @@ public Map<String, Consumer<TypeScriptWriter>> getRuntimeConfigWriters(
                             .addImport("defaultProvider", "credentialDefaultProvider",
                                 AwsDependency.CREDENTIAL_PROVIDER_NODE)
                             .write("credentialDefaultProvider");
-                        AwsCredentialProviderUtils.addAwsCredentialProviderDependencies(
-                            settings.getService(model), writer);
                     }
                 );
             default:
diff --git a/codegen/smithy-aws-typescript-codegen/src/main/java/software/amazon/smithy/aws/typescript/codegen/auth/http/integration/AwsSdkCustomizeSigV4Auth.java b/codegen/smithy-aws-typescript-codegen/src/main/java/software/amazon/smithy/aws/typescript/codegen/auth/http/integration/AwsSdkCustomizeSigV4Auth.java
@@ -17,7 +17,6 @@
 import java.util.function.Consumer;
 import software.amazon.smithy.aws.traits.auth.SigV4ATrait;
 import software.amazon.smithy.aws.traits.auth.SigV4Trait;
-import software.amazon.smithy.aws.typescript.codegen.AwsCredentialProviderUtils;
 import software.amazon.smithy.aws.typescript.codegen.AwsDependency;
 import software.amazon.smithy.codegen.core.Symbol;
 import software.amazon.smithy.codegen.core.SymbolProvider;
@@ -118,7 +117,6 @@ public Map<String, Consumer<TypeScriptWriter>> getRuntimeConfigWriters(
                                 .addImport("defaultProvider", "credentialDefaultProvider",
                                     AwsDependency.CREDENTIAL_PROVIDER_NODE)
                                 .write("credentialDefaultProvider");
-                            AwsCredentialProviderUtils.addAwsCredentialProviderDependencies(service, writer);
                         }
                     );
                     if (isSigV4AsymmetricService(model, settings)) {
@@ -147,7 +145,6 @@ public Map<String, Consumer<TypeScriptWriter>> getRuntimeConfigWriters(
                                 .addImport("defaultProvider", "credentialDefaultProvider",
                                     AwsDependency.CREDENTIAL_PROVIDER_NODE)
                                 .write("credentialDefaultProvider()");
-                            AwsCredentialProviderUtils.addAwsCredentialProviderDependencies(service, writer);
                         }
                     );
                 }
diff --git a/packages/credential-provider-ini/package.json b/packages/credential-provider-ini/package.json
@@ -33,6 +33,7 @@
     "@aws-sdk/credential-provider-process": "*",
     "@aws-sdk/credential-provider-sso": "*",
     "@aws-sdk/credential-provider-web-identity": "*",
+    "@aws-sdk/nested-clients": "*",
     "@aws-sdk/types": "*",
     "@smithy/credential-provider-imds": "^4.0.0",
     "@smithy/property-provider": "^4.0.0",
@@ -48,9 +49,6 @@
     "rimraf": "3.0.2",
     "typescript": "~5.2.2"
   },
-  "peerDependencies": {
-    "@aws-sdk/client-sts": "*"
-  },
   "types": "./dist-types/index.d.ts",
   "engines": {
     "node": ">=18.0.0"
diff --git a/packages/credential-provider-ini/src/resolveAssumeRoleCredentials.ts b/packages/credential-provider-ini/src/resolveAssumeRoleCredentials.ts
@@ -112,7 +112,7 @@ export const resolveAssumeRoleCredentials = async (
 
   if (!options.roleAssumer) {
     // @ts-ignore Cannot find module '@aws-sdk/client-sts'
-    const { getDefaultRoleAssumer } = await import("@aws-sdk/client-sts");
+    const { getDefaultRoleAssumer } = await import("@aws-sdk/nested-clients");
     options.roleAssumer = getDefaultRoleAssumer(
       {
         ...options.clientConfig,
diff --git a/packages/credential-provider-web-identity/package.json b/packages/credential-provider-web-identity/package.json
@@ -34,6 +34,7 @@
   "license": "Apache-2.0",
   "dependencies": {
     "@aws-sdk/core": "*",
+    "@aws-sdk/nested-clients": "*",
     "@aws-sdk/types": "*",
     "@smithy/property-provider": "^4.0.0",
     "@smithy/types": "^4.0.0",
@@ -47,9 +48,6 @@
     "rimraf": "3.0.2",
     "typescript": "~5.2.2"
   },
-  "peerDependencies": {
-    "@aws-sdk/client-sts": "*"
-  },
   "types": "./dist-types/index.d.ts",
   "engines": {
     "node": ">=18.0.0"
diff --git a/packages/credential-provider-web-identity/src/fromWebToken.ts b/packages/credential-provider-web-identity/src/fromWebToken.ts
@@ -164,7 +164,7 @@ export const fromWebToken =
 
     if (!roleAssumerWithWebIdentity) {
       // @ts-ignore Cannot find module '@aws-sdk/client-sts'
-      const { getDefaultRoleAssumerWithWebIdentity } = await import("@aws-sdk/client-sts");
+      const { getDefaultRoleAssumerWithWebIdentity } = await import("@aws-sdk/nested-clients");
       roleAssumerWithWebIdentity = getDefaultRoleAssumerWithWebIdentity(
         {
           ...init.clientConfig,
diff --git a/packages/credential-providers/package.json b/packages/credential-providers/package.json
@@ -31,8 +31,6 @@
   "license": "Apache-2.0",
   "dependencies": {
     "@aws-sdk/client-cognito-identity": "*",
-    "@aws-sdk/client-sso": "*",
-    "@aws-sdk/client-sts": "*",
     "@aws-sdk/core": "*",
     "@aws-sdk/credential-provider-cognito-identity": "*",
     "@aws-sdk/credential-provider-env": "*",
@@ -42,6 +40,7 @@
     "@aws-sdk/credential-provider-process": "*",
     "@aws-sdk/credential-provider-sso": "*",
     "@aws-sdk/credential-provider-web-identity": "*",
+    "@aws-sdk/nested-clients": "*",
     "@aws-sdk/types": "*",
     "@smithy/credential-provider-imds": "^4.0.0",
     "@smithy/property-provider": "^4.0.0",
diff --git a/packages/credential-providers/src/fromTemporaryCredentials.ts b/packages/credential-providers/src/fromTemporaryCredentials.ts
@@ -1,4 +1,4 @@
-import type { AssumeRoleCommandInput, STSClient, STSClientConfig } from "@aws-sdk/client-sts";
+import type { AssumeRoleCommandInput, STSClient, STSClientConfig } from "@aws-sdk/nested-clients";
 import type { CredentialProviderOptions } from "@aws-sdk/types";
 import { CredentialsProviderError } from "@smithy/property-provider";
 import { AwsCredentialIdentity, AwsCredentialIdentityProvider, Pluggable } from "@smithy/types";
diff --git a/packages/credential-providers/src/loadSts.ts b/packages/credential-providers/src/loadSts.ts
@@ -1,4 +1,4 @@
-import { AssumeRoleCommand, STSClient } from "@aws-sdk/client-sts";
+import { AssumeRoleCommand, STSClient } from "@aws-sdk/nested-clients";
 
 // This file must be loaded dynamically.
 /**
diff --git a/packages/karma-credential-loader/package.json b/packages/karma-credential-loader/package.json
@@ -21,8 +21,8 @@
   },
   "license": "Apache-2.0",
   "dependencies": {
-    "@aws-sdk/client-sts": "*",
     "@aws-sdk/credential-provider-node": "*",
+    "@aws-sdk/nested-clients": "*",
     "tslib": "^2.6.2"
   },
   "devDependencies": {
diff --git a/packages/karma-credential-loader/src/index.ts b/packages/karma-credential-loader/src/index.ts
@@ -1,5 +1,5 @@
-import { getDefaultRoleAssumer, getDefaultRoleAssumerWithWebIdentity } from "@aws-sdk/client-sts";
 import { defaultProvider as credentialProvider } from "@aws-sdk/credential-provider-node";
+import { getDefaultRoleAssumer, getDefaultRoleAssumerWithWebIdentity } from "@aws-sdk/nested-clients";
 
 // Preprocessor needs to be a function
 function createCredentialPreprocessor() {
diff --git a/packages/nested-clients/package.json b/packages/nested-clients/package.json
@@ -87,10 +87,7 @@
     "./dist-es/nested-sts/runtimeConfig": "./dist-es/nested-sts/runtimeConfig.browser",
     "./dist-es/nested-sso-oidc/runtimeConfig": "./dist-es/nested-sso-oidc/runtimeConfig.browser"
   },
-  "react-native": {
-    "./dist-es/nested-sts/runtimeConfig": "./dist-es/nested-sts/runtimeConfig.native",
-    "./dist-es/nested-sso-oidc/runtimeConfig": "./dist-es/nested-sso-oidc/runtimeConfig.native"
-  },
+  "react-native": {},
   "homepage": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/nested-clients",
   "repository": {
     "type": "git",
diff --git a/packages/nested-clients/src/index.ts b/packages/nested-clients/src/index.ts
@@ -1,2 +1,13 @@
-export { SSOOIDCClient, CreateTokenCommand } from "./nested-sso-oidc/index";
-export { STSClient, AssumeRoleCommand, AssumeRoleWithWebIdentityCommand } from "./nested-sts/index";
+export { CreateTokenCommand, SSOOIDCClient } from "./nested-sso-oidc/index";
+
+export type { SSOOIDCClientConfig, CreateTokenCommandInput } from "./nested-sso-oidc";
+
+export {
+  AssumeRoleCommand,
+  AssumeRoleWithWebIdentityCommand,
+  STSClient,
+  getDefaultRoleAssumer,
+  getDefaultRoleAssumerWithWebIdentity,
+} from "./nested-sts/index";
+
+export type { AssumeRoleCommandInput, STSClientConfig } from "./nested-sts";
diff --git a/packages/nested-clients/src/nested-sso-oidc/runtimeConfig.browser.ts b/packages/nested-clients/src/nested-sso-oidc/runtimeConfig.browser.ts
@@ -1,6 +1,6 @@
 // smithy-typescript generated code
 // @ts-ignore: package.json will be imported from dist folders
-import packageInfo from "../package.json"; // eslint-disable-line
+import packageInfo from "../../package.json"; // eslint-disable-line
 
 import { Sha256 } from "@aws-crypto/sha256-browser";
 import { createDefaultUserAgentProvider } from "@aws-sdk/util-user-agent-browser";
diff --git a/packages/nested-clients/src/nested-sso-oidc/runtimeConfig.ts b/packages/nested-clients/src/nested-sso-oidc/runtimeConfig.ts
@@ -1,6 +1,6 @@
 // smithy-typescript generated code
 // @ts-ignore: package.json will be imported from dist folders
-import packageInfo from "../package.json"; // eslint-disable-line
+import packageInfo from "../../package.json"; // eslint-disable-line
 
 import { emitWarningIfUnsupportedVersion as awsCheckVersion } from "@aws-sdk/core";
 import { NODE_APP_ID_CONFIG_OPTIONS, createDefaultUserAgentProvider } from "@aws-sdk/util-user-agent-node";
diff --git a/packages/nested-clients/src/nested-sts/runtimeConfig.browser.ts b/packages/nested-clients/src/nested-sts/runtimeConfig.browser.ts
@@ -1,6 +1,6 @@
 // smithy-typescript generated code
 // @ts-ignore: package.json will be imported from dist folders
-import packageInfo from "../package.json"; // eslint-disable-line
+import packageInfo from "../../package.json"; // eslint-disable-line
 
 import { Sha256 } from "@aws-crypto/sha256-browser";
 import { createDefaultUserAgentProvider } from "@aws-sdk/util-user-agent-browser";
diff --git a/packages/nested-clients/src/nested-sts/runtimeConfig.ts b/packages/nested-clients/src/nested-sts/runtimeConfig.ts
@@ -1,6 +1,6 @@
 // smithy-typescript generated code
 // @ts-ignore: package.json will be imported from dist folders
-import packageInfo from "../package.json"; // eslint-disable-line
+import packageInfo from "../../package.json"; // eslint-disable-line
 
 import { AwsSdkSigV4Signer, emitWarningIfUnsupportedVersion as awsCheckVersion } from "@aws-sdk/core";
 import { defaultProvider as credentialDefaultProvider } from "@aws-sdk/credential-provider-node";
diff --git a/packages/token-providers/package.json b/packages/token-providers/package.json
@@ -27,6 +27,7 @@
   },
   "license": "Apache-2.0",
   "dependencies": {
+    "@aws-sdk/nested-clients": "*",
     "@aws-sdk/types": "*",
     "@smithy/property-provider": "^4.0.0",
     "@smithy/shared-ini-file-loader": "^4.0.0",
@@ -41,9 +42,6 @@
     "rimraf": "3.0.2",
     "typescript": "~5.2.2"
   },
-  "peerDependencies": {
-    "@aws-sdk/client-sso-oidc": "*"
-  },
   "types": "./dist-types/index.d.ts",
   "engines": {
     "node": ">=18.0.0"
diff --git a/packages/token-providers/src/getNewSsoOidcToken.ts b/packages/token-providers/src/getNewSsoOidcToken.ts
@@ -9,7 +9,7 @@ import { getSsoOidcClient } from "./getSsoOidcClient";
  */
 export const getNewSsoOidcToken = async (ssoToken: SSOToken, ssoRegion: string, init: FromSsoInit = {}) => {
   // @ts-ignore Cannot find module '@aws-sdk/client-sso-oidc'
-  const { CreateTokenCommand } = await import("@aws-sdk/client-sso-oidc");
+  const { CreateTokenCommand } = await import("@aws-sdk/nested-clients");
 
   const ssoOidcClient = await getSsoOidcClient(ssoRegion, init);
   return ssoOidcClient.send(
diff --git a/packages/token-providers/src/getSsoOidcClient.ts b/packages/token-providers/src/getSsoOidcClient.ts
@@ -6,7 +6,7 @@ import { FromSsoInit } from "./fromSso";
  */
 export const getSsoOidcClient = async (ssoRegion: string, init: FromSsoInit = {}) => {
   // @ts-ignore Cannot find module '@aws-sdk/client-sso-oidc'
-  const { SSOOIDCClient } = await import("@aws-sdk/client-sso-oidc");
+  const { SSOOIDCClient } = await import("@aws-sdk/nested-clients");
 
   const ssoOidcClient = new SSOOIDCClient(
     Object.assign({}, init.clientConfig ?? {}, {
diff --git a/scripts/generate-clients/nested-clients/generate-nested-clients.js b/scripts/generate-clients/nested-clients/generate-nested-clients.js
@@ -10,7 +10,7 @@ const clients = [
 ];
 
 const { join, relative, normalize } = require("path");
-const { emptyDirSync, rmSync, copyFileSync, copySync, rmdirSync, writeFileSync } = require("fs-extra");
+const { emptyDirSync, rmSync, copyFileSync, copySync, rmdirSync, writeFileSync, readFileSync } = require("fs-extra");
 const { copyToClients } = require("../copy-to-clients");
 const { spawnProcess } = require("../../utils/spawn-process");
 const compressRuleset = require("../../endpoints-ruleset/compress");
@@ -65,6 +65,9 @@ async function generateNestedClients() {
     copySync(srcFolder, destinationFolder);
     emptyDirSync(srcContainer);
     rmdirSync(srcContainer);
+
+    replacePackageJsonImport(join(destinationFolder, "runtimeConfig.browser.ts"));
+    replacePackageJsonImport(join(destinationFolder, "runtimeConfig.ts"));
   }
 }
 
@@ -110,6 +113,16 @@ async function generateNestedClient(clientName, operations) {
   rmSync(join(__dirname, "..", "..", "..", "codegen", "sdk-codegen", `smithy-build-${clientName}.json`));
 }
 
+function replacePackageJsonImport(file) {
+  writeFileSync(
+    file,
+    readFileSync(file, "utf-8").replace(
+      `import packageInfo from "../package.json";`,
+      `import packageInfo from "../../package.json";`
+    )
+  );
+}
+
 if (process.argv.includes("--exec")) {
   generateNestedClients().catch(console.error);
 }
diff --git a/scripts/runtime-dependency-version-check/check-dependencies.js b/scripts/runtime-dependency-version-check/check-dependencies.js
@@ -101,6 +101,12 @@ const ignored = [...node_libraries, "vitest"];
           !(dependencyPackageName in (pkgJson.peerDependencies ?? {})) &&
           dependencyPackageName !== pkgJson.name
         ) {
+          if (
+            ["@aws-sdk/client-sts", "@aws-sdk/client-sso-oidc"].includes(dependency) &&
+            ["@aws-sdk/nested-clients"].includes(pkgJson.name)
+          ) {
+            continue;
+          }
           errors.push(`${dependency} undeclared but imported in ${pkgJson.name} ${file}}`);
         }
       }

Original file line number	Diff line number	Diff line change
`@@ -221,7 +221,6 @@ public Map<String, Consumer<TypeScriptWriter>> getRuntimeConfigWriters(`
`221`	`221`	`.addImport("defaultProvider", "credentialDefaultProvider",`
`222`	`222`	`AwsDependency.CREDENTIAL_PROVIDER_NODE)`
`223`	`223`	`.write("credentialDefaultProvider");`
`224`		`- AwsCredentialProviderUtils.addAwsCredentialProviderDependencies(service, writer);`
`225`	`224`	`}`
`226`	`225`	`);`
`227`	`226`	`default:`
Original file line number	Diff line number	Diff line change
`@@ -112,7 +112,7 @@ export const resolveAssumeRoleCredentials = async (`
`112`	`112`
`113`	`113`	`if (!options.roleAssumer) {`
`114`	`114`	`// @ts-ignore Cannot find module '@aws-sdk/client-sts'`
`115`		`- const { getDefaultRoleAssumer } = await import("@aws-sdk/client-sts");`
	`115`	`+ const { getDefaultRoleAssumer } = await import("@aws-sdk/nested-clients");`
`116`	`116`	`options.roleAssumer = getDefaultRoleAssumer(`
`117`	`117`	`{`
`118`	`118`	`...options.clientConfig,`
Original file line number	Diff line number	Diff line change
`@@ -164,7 +164,7 @@ export const fromWebToken =`
`164`	`164`
`165`	`165`	`if (!roleAssumerWithWebIdentity) {`
`166`	`166`	`// @ts-ignore Cannot find module '@aws-sdk/client-sts'`
`167`		`- const { getDefaultRoleAssumerWithWebIdentity } = await import("@aws-sdk/client-sts");`
	`167`	`+ const { getDefaultRoleAssumerWithWebIdentity } = await import("@aws-sdk/nested-clients");`
`168`	`168`	`roleAssumerWithWebIdentity = getDefaultRoleAssumerWithWebIdentity(`
`169`	`169`	`{`
`170`	`170`	`...init.clientConfig,`