Office Whisperer

defaultStsRoleAssumers.js•5.82 kB

import { setCredentialFeature } from "@aws-sdk/core/client"; import { stsRegionDefaultResolver } from "@aws-sdk/region-config-resolver"; import { AssumeRoleCommand } from "./commands/AssumeRoleCommand"; import { AssumeRoleWithWebIdentityCommand, } from "./commands/AssumeRoleWithWebIdentityCommand"; const getAccountIdFromAssumedRoleUser = (assumedRoleUser) => { if (typeof assumedRoleUser?.Arn === "string") { const arnComponents = assumedRoleUser.Arn.split(":"); if (arnComponents.length > 4 && arnComponents[4] !== "") { return arnComponents[4]; } } return undefined; }; const resolveRegion = async (_region, _parentRegion, credentialProviderLogger, loaderConfig = {}) => { const region = typeof _region === "function" ? await _region() : _region; const parentRegion = typeof _parentRegion === "function" ? await _parentRegion() : _parentRegion; const stsDefaultRegion = await stsRegionDefaultResolver(loaderConfig)(); credentialProviderLogger?.debug?.("@aws-sdk/client-sts::resolveRegion", "accepting first of:", `${region} (credential provider clientConfig)`, `${parentRegion} (contextual client)`, `${stsDefaultRegion} (STS default: AWS_REGION, profile region, or us-east-1)`); return region ?? parentRegion ?? stsDefaultRegion; }; export const getDefaultRoleAssumer = (stsOptions, STSClient) => { let stsClient; let closureSourceCreds; return async (sourceCreds, params) => { closureSourceCreds = sourceCreds; if (!stsClient) { const { logger = stsOptions?.parentClientConfig?.logger, profile = stsOptions?.parentClientConfig?.profile, region, requestHandler = stsOptions?.parentClientConfig?.requestHandler, credentialProviderLogger, userAgentAppId = stsOptions?.parentClientConfig?.userAgentAppId, } = stsOptions; const resolvedRegion = await resolveRegion(region, stsOptions?.parentClientConfig?.region, credentialProviderLogger, { logger, profile, }); const isCompatibleRequestHandler = !isH2(requestHandler); stsClient = new STSClient({ ...stsOptions, userAgentAppId, profile, credentialDefaultProvider: () => async () => closureSourceCreds, region: resolvedRegion, requestHandler: isCompatibleRequestHandler ? requestHandler : undefined, logger: logger, }); } const { Credentials, AssumedRoleUser } = await stsClient.send(new AssumeRoleCommand(params)); if (!Credentials || !Credentials.AccessKeyId || !Credentials.SecretAccessKey) { throw new Error(`Invalid response from STS.assumeRole call with role ${params.RoleArn}`); } const accountId = getAccountIdFromAssumedRoleUser(AssumedRoleUser); const credentials = { accessKeyId: Credentials.AccessKeyId, secretAccessKey: Credentials.SecretAccessKey, sessionToken: Credentials.SessionToken, expiration: Credentials.Expiration, ...(Credentials.CredentialScope && { credentialScope: Credentials.CredentialScope }), ...(accountId && { accountId }), }; setCredentialFeature(credentials, "CREDENTIALS_STS_ASSUME_ROLE", "i"); return credentials; }; }; export const getDefaultRoleAssumerWithWebIdentity = (stsOptions, STSClient) => { let stsClient; return async (params) => { if (!stsClient) { const { logger = stsOptions?.parentClientConfig?.logger, profile = stsOptions?.parentClientConfig?.profile, region, requestHandler = stsOptions?.parentClientConfig?.requestHandler, credentialProviderLogger, userAgentAppId = stsOptions?.parentClientConfig?.userAgentAppId, } = stsOptions; const resolvedRegion = await resolveRegion(region, stsOptions?.parentClientConfig?.region, credentialProviderLogger, { logger, profile, }); const isCompatibleRequestHandler = !isH2(requestHandler); stsClient = new STSClient({ ...stsOptions, userAgentAppId, profile, region: resolvedRegion, requestHandler: isCompatibleRequestHandler ? requestHandler : undefined, logger: logger, }); } const { Credentials, AssumedRoleUser } = await stsClient.send(new AssumeRoleWithWebIdentityCommand(params)); if (!Credentials || !Credentials.AccessKeyId || !Credentials.SecretAccessKey) { throw new Error(`Invalid response from STS.assumeRoleWithWebIdentity call with role ${params.RoleArn}`); } const accountId = getAccountIdFromAssumedRoleUser(AssumedRoleUser); const credentials = { accessKeyId: Credentials.AccessKeyId, secretAccessKey: Credentials.SecretAccessKey, sessionToken: Credentials.SessionToken, expiration: Credentials.Expiration, ...(Credentials.CredentialScope && { credentialScope: Credentials.CredentialScope }), ...(accountId && { accountId }), }; if (accountId) { setCredentialFeature(credentials, "RESOLVED_ACCOUNT_ID", "T"); } setCredentialFeature(credentials, "CREDENTIALS_STS_ASSUME_ROLE_WEB_ID", "k"); return credentials; }; }; export const decorateDefaultCredentialProvider = (provider) => (input) => provider({ roleAssumer: getDefaultRoleAssumer(input, input.stsClientCtor), roleAssumerWithWebIdentity: getDefaultRoleAssumerWithWebIdentity(input, input.stsClientCtor), ...input, }); const isH2 = (requestHandler) => { return requestHandler?.metadata?.handlerProtocol === "h2"; };

Latest Blog Posts

What Is Context Bloat in MCP?
By Om-Shree-0709 on December 16, 2025.
mcp
Context Bloat
MCP Moves to the Linux Foundation: Neutral Stewardship for Agentic Infrastructure
By Om-Shree-0709 on December 15, 2025.
mcp
anthropic
Linux Foundation
Code Execution with MCP: Architecting Agentic Efficiency
By Om-Shree-0709 on December 14, 2025.
mcp
Token bloat

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/consigcody94/office-whisperer'

If you have feedback or need assistance with the MCP directory API, please join our Discord server