@aws-cdk/toolkit-lib 0.3.2 → 0.3.4

package/lib/api/aws-auth/credential-plugins.js

@@ -0,0 +1,154 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CredentialPlugins = void 0;
+const util_1 = require("util");
+const provider_caching_1 = require("./provider-caching");
+const toolkit_error_1 = require("../../toolkit/toolkit-error");
+const util_2 = require("../../util");
+const private_1 = require("../io/private");
+/**
+ * Cache for credential providers.
+ *
+ * Given an account and an operating mode (read or write) will return an
+ * appropriate credential provider for credentials for the given account. The
+ * credential provider will be cached so that multiple AWS clients for the same
+ * environment will not make multiple network calls to obtain credentials.
+ *
+ * Will use default credentials if they are for the right account; otherwise,
+ * all loaded credential provider plugins will be tried to obtain credentials
+ * for the given account.
+ */
+class CredentialPlugins {
+    host;
+    ioHelper;
+    cache = {};
+    constructor(host, ioHelper) {
+        this.host = host;
+        this.ioHelper = ioHelper;
+    }
+    async fetchCredentialsFor(awsAccountId, mode) {
+        const key = `${awsAccountId}-${mode}`;
+        if (!(key in this.cache)) {
+            this.cache[key] = await this.lookupCredentials(awsAccountId, mode);
+        }
+        return this.cache[key];
+    }
+    get availablePluginNames() {
+        return this.host.credentialProviderSources.map((s) => s.name);
+    }
+    async lookupCredentials(awsAccountId, mode) {
+        const triedSources = [];
+        // Otherwise, inspect the various credential sources we have
+        for (const source of this.host.credentialProviderSources) {
+            let available;
+            try {
+                available = await source.isAvailable();
+            }
+            catch (e) {
+                // This shouldn't happen, but let's guard against it anyway
+                await this.ioHelper.notify(private_1.IO.CDK_TOOLKIT_W0100.msg(`Uncaught exception in ${source.name}: ${(0, util_2.formatErrorMessage)(e)}`));
+                available = false;
+            }
+            if (!available) {
+                await this.ioHelper.notify(private_1.IO.DEFAULT_TOOLKIT_DEBUG.msg(`Credentials source ${source.name} is not available, ignoring it.`));
+                continue;
+            }
+            triedSources.push(source);
+            let canProvide;
+            try {
+                canProvide = await source.canProvideCredentials(awsAccountId);
+            }
+            catch (e) {
+                // This shouldn't happen, but let's guard against it anyway
+                await this.ioHelper.notify(private_1.IO.CDK_TOOLKIT_W0100.msg(`Uncaught exception in ${source.name}: ${(0, util_2.formatErrorMessage)(e)}`));
+                canProvide = false;
+            }
+            if (!canProvide) {
+                continue;
+            }
+            await this.ioHelper.notify(private_1.IO.DEFAULT_TOOLKIT_DEBUG.msg(`Using ${source.name} credentials for account ${awsAccountId}`));
+            return {
+                credentials: await v3ProviderFromPlugin(() => source.getProvider(awsAccountId, mode, {
+                    supportsV3Providers: true,
+                })),
+                pluginName: source.name,
+            };
+        }
+        return undefined;
+    }
+}
+exports.CredentialPlugins = CredentialPlugins;
+/**
+ * Take a function that calls the plugin, and turn it into an SDKv3-compatible credential provider.
+ *
+ * What we will do is the following:
+ *
+ * - Query the plugin and see what kind of result it gives us.
+ * - If the result is self-refreshing or doesn't need refreshing, we turn it into an SDKv3 provider
+ *   and return it directly.
+ *   * If the underlying return value is a provider, we will make it a caching provider
+ *     (because we can't know if it will cache by itself or not).
+ *   * If the underlying return value is a static credential, caching isn't relevant.
+ *   * If the underlying return value is V2 credentials, those have caching built-in.
+ * - If the result is a static credential that expires, we will wrap it in an SDKv3 provider
+ *   that will query the plugin again when the credential expires.
+ */
+async function v3ProviderFromPlugin(producer) {
+    const initial = await producer();
+    if (isV3Provider(initial)) {
+        // Already a provider, make caching
+        return (0, provider_caching_1.makeCachingProvider)(initial);
+    }
+    else if (isV3Credentials(initial) && initial.expiration === undefined) {
+        // Static credentials that don't need refreshing nor caching
+        return () => Promise.resolve(initial);
+    }
+    else if (isV3Credentials(initial) && initial.expiration !== undefined) {
+        // Static credentials that do need refreshing and caching
+        return refreshFromPluginProvider(initial, producer);
+    }
+    else if (isV2Credentials(initial)) {
+        // V2 credentials that refresh and cache themselves
+        return v3ProviderFromV2Credentials(initial);
+    }
+    else {
+        throw new toolkit_error_1.AuthenticationError(`Plugin returned a value that doesn't resemble AWS credentials: ${(0, util_1.inspect)(initial)}`);
+    }
+}
+/**
+ * Converts a V2 credential into a V3-compatible provider
+ */
+function v3ProviderFromV2Credentials(x) {
+    return async () => {
+        // Get will fetch or refresh as necessary
+        await x.getPromise();
+        return {
+            accessKeyId: x.accessKeyId,
+            secretAccessKey: x.secretAccessKey,
+            sessionToken: x.sessionToken,
+            expiration: x.expireTime ?? undefined,
+        };
+    };
+}
+function refreshFromPluginProvider(current, producer) {
+    return async () => {
+        if ((0, provider_caching_1.credentialsAboutToExpire)(current)) {
+            const newCreds = await producer();
+            if (!isV3Credentials(newCreds)) {
+                throw new toolkit_error_1.AuthenticationError(`Plugin initially returned static V3 credentials but now returned something else: ${(0, util_1.inspect)(newCreds)}`);
+            }
+            current = newCreds;
+        }
+        return current;
+    };
+}
+function isV3Provider(x) {
+    return typeof x === 'function';
+}
+function isV2Credentials(x) {
+    return !!(x && typeof x === 'object' && x.getPromise);
+}
+function isV3Credentials(x) {
+    return !!(x && typeof x === 'object' && x.accessKeyId && !isV2Credentials(x));
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY3JlZGVudGlhbC1wbHVnaW5zLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiY3JlZGVudGlhbC1wbHVnaW5zLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLCtCQUErQjtBQUcvQix5REFBbUY7QUFDbkYsK0RBQWtFO0FBQ2xFLHFDQUFnRDtBQUNoRCwyQ0FBa0Q7QUFJbEQ7Ozs7Ozs7Ozs7O0dBV0c7QUFDSCxNQUFhLGlCQUFpQjtJQUdDO0lBQW1DO0lBRi9DLEtBQUssR0FBZ0UsRUFBRSxDQUFDO0lBRXpGLFlBQTZCLElBQWdCLEVBQW1CLFFBQWtCO1FBQXJELFNBQUksR0FBSixJQUFJLENBQVk7UUFBbUIsYUFBUSxHQUFSLFFBQVEsQ0FBVTtJQUNsRixDQUFDO0lBRU0sS0FBSyxDQUFDLG1CQUFtQixDQUFDLFlBQW9CLEVBQUUsSUFBVTtRQUMvRCxNQUFNLEdBQUcsR0FBRyxHQUFHLFlBQVksSUFBSSxJQUFJLEVBQUUsQ0FBQztRQUN0QyxJQUFJLENBQUMsQ0FBQyxHQUFHLElBQUksSUFBSSxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDekIsSUFBSSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxZQUFZLEVBQUUsSUFBSSxDQUFDLENBQUM7UUFDckUsQ0FBQztRQUNELE9BQU8sSUFBSSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUN6QixDQUFDO0lBRUQsSUFBVyxvQkFBb0I7UUFDN0IsT0FBTyxJQUFJLENBQUMsSUFBSSxDQUFDLHlCQUF5QixDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxDQUFDO0lBQ2hFLENBQUM7SUFFTyxLQUFLLENBQUMsaUJBQWlCLENBQUMsWUFBb0IsRUFBRSxJQUFVO1FBQzlELE1BQU0sWUFBWSxHQUErQixFQUFFLENBQUM7UUFDcEQsNERBQTREO1FBQzVELEtBQUssTUFBTSxNQUFNLElBQUksSUFBSSxDQUFDLElBQUksQ0FBQyx5QkFBeUIsRUFBRSxDQUFDO1lBQ3pELElBQUksU0FBa0IsQ0FBQztZQUN2QixJQUFJLENBQUM7Z0JBQ0gsU0FBUyxHQUFHLE1BQU0sTUFBTSxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ3pDLENBQUM7WUFBQyxPQUFPLENBQU0sRUFBRSxDQUFDO2dCQUNoQiwyREFBMkQ7Z0JBQzNELE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsWUFBRSxDQUFDLGlCQUFpQixDQUFDLEdBQUcsQ0FBQyx5QkFBeUIsTUFBTSxDQUFDLElBQUksS0FBSyxJQUFBLHlCQUFrQixFQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO2dCQUN2SCxTQUFTLEdBQUcsS0FBSyxDQUFDO1lBQ3BCLENBQUM7WUFFRCxJQUFJLENBQUMsU0FBUyxFQUFFLENBQUM7Z0JBQ2YsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxZQUFFLENBQUMscUJBQXFCLENBQUMsR0FBRyxDQUFDLHNCQUFzQixNQUFNLENBQUMsSUFBSSxpQ0FBaUMsQ0FBQyxDQUFDLENBQUM7Z0JBQzdILFNBQVM7WUFDWCxDQUFDO1lBQ0QsWUFBWSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsQ0FBQztZQUMxQixJQUFJLFVBQW1CLENBQUM7WUFDeEIsSUFBSSxDQUFDO2dCQUNILFVBQVUsR0FBRyxNQUFNLE1BQU0sQ0FBQyxxQkFBcUIsQ0FBQyxZQUFZLENBQUMsQ0FBQztZQUNoRSxDQUFDO1lBQUMsT0FBTyxDQUFNLEVBQUUsQ0FBQztnQkFDaEIsMkRBQTJEO2dCQUMzRCxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDLFlBQUUsQ0FBQyxpQkFBaUIsQ0FBQyxHQUFHLENBQUMseUJBQXlCLE1BQU0sQ0FBQyxJQUFJLEtBQUssSUFBQSx5QkFBa0IsRUFBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQztnQkFDdkgsVUFBVSxHQUFHLEtBQUssQ0FBQztZQUNyQixDQUFDO1lBQ0QsSUFBSSxDQUFDLFVBQVUsRUFBRSxDQUFDO2dCQUNoQixTQUFTO1lBQ1gsQ0FBQztZQUNELE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsWUFBRSxDQUFDLHFCQUFxQixDQUFDLEdBQUcsQ0FBQyxTQUFTLE1BQU0sQ0FBQyxJQUFJLDRCQUE0QixZQUFZLEVBQUUsQ0FBQyxDQUFDLENBQUM7WUFFekgsT0FBTztnQkFDTCxXQUFXLEVBQUUsTUFBTSxvQkFBb0IsQ0FBQyxHQUFHLEVBQUUsQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUFDLFlBQVksRUFBRSxJQUErQixFQUFFO29CQUM5RyxtQkFBbUIsRUFBRSxJQUFJO2lCQUMxQixDQUFDLENBQUM7Z0JBQ0gsVUFBVSxFQUFFLE1BQU0sQ0FBQyxJQUFJO2FBQ3hCLENBQUM7UUFDSixDQUFDO1FBQ0QsT0FBTyxTQUFTLENBQUM7SUFDbkIsQ0FBQztDQUNGO0FBMURELDhDQTBEQztBQWlCRDs7Ozs7Ozs7Ozs7Ozs7R0FjRztBQUNILEtBQUssVUFBVSxvQkFBb0IsQ0FBQyxRQUE2QztJQUMvRSxNQUFNLE9BQU8sR0FBRyxNQUFNLFFBQVEsRUFBRSxDQUFDO0lBRWpDLElBQUksWUFBWSxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7UUFDMUIsbUNBQW1DO1FBQ25DLE9BQU8sSUFBQSxzQ0FBbUIsRUFBQyxPQUFPLENBQUMsQ0FBQztJQUN0QyxDQUFDO1NBQU0sSUFBSSxlQUFlLENBQUMsT0FBTyxDQUFDLElBQUksT0FBTyxDQUFDLFVBQVUsS0FBSyxTQUFTLEVBQUUsQ0FBQztRQUN4RSw0REFBNEQ7UUFDNUQsT0FBTyxHQUFHLEVBQUUsQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxDQUFDO0lBQ3hDLENBQUM7U0FBTSxJQUFJLGVBQWUsQ0FBQyxPQUFPLENBQUMsSUFBSSxPQUFPLENBQUMsVUFBVSxLQUFLLFNBQVMsRUFBRSxDQUFDO1FBQ3hFLHlEQUF5RDtRQUN6RCxPQUFPLHlCQUF5QixDQUFDLE9BQU8sRUFBRSxRQUFRLENBQUMsQ0FBQztJQUN0RCxDQUFDO1NBQU0sSUFBSSxlQUFlLENBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztRQUNwQyxtREFBbUQ7UUFDbkQsT0FBTywyQkFBMkIsQ0FBQyxPQUFPLENBQUMsQ0FBQztJQUM5QyxDQUFDO1NBQU0sQ0FBQztRQUNOLE1BQU0sSUFBSSxtQ0FBbUIsQ0FBQyxrRUFBa0UsSUFBQSxjQUFPLEVBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQyxDQUFDO0lBQ3RILENBQUM7QUFDSCxDQUFDO0FBRUQ7O0dBRUc7QUFDSCxTQUFTLDJCQUEyQixDQUFDLENBQTZCO0lBQ2hFLE9BQU8sS0FBSyxJQUFJLEVBQUU7UUFDaEIseUNBQXlDO1FBQ3pDLE1BQU0sQ0FBQyxDQUFDLFVBQVUsRUFBRSxDQUFDO1FBRXJCLE9BQU87WUFDTCxXQUFXLEVBQUUsQ0FBQyxDQUFDLFdBQVc7WUFDMUIsZUFBZSxFQUFFLENBQUMsQ0FBQyxlQUFlO1lBQ2xDLFlBQVksRUFBRSxDQUFDLENBQUMsWUFBWTtZQUM1QixVQUFVLEVBQUUsQ0FBQyxDQUFDLFVBQVUsSUFBSSxTQUFTO1NBQ3RDLENBQUM7SUFDSixDQUFDLENBQUM7QUFDSixDQUFDO0FBRUQsU0FBUyx5QkFBeUIsQ0FBQyxPQUE4QixFQUFFLFFBQTZDO0lBQzlHLE9BQU8sS0FBSyxJQUFJLEVBQUU7UUFDaEIsSUFBSSxJQUFBLDJDQUF3QixFQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7WUFDdEMsTUFBTSxRQUFRLEdBQUcsTUFBTSxRQUFRLEVBQUUsQ0FBQztZQUNsQyxJQUFJLENBQUMsZUFBZSxDQUFDLFFBQVEsQ0FBQyxFQUFFLENBQUM7Z0JBQy9CLE1BQU0sSUFBSSxtQ0FBbUIsQ0FBQyxvRkFBb0YsSUFBQSxjQUFPLEVBQUMsUUFBUSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1lBQ3pJLENBQUM7WUFDRCxPQUFPLEdBQUcsUUFBUSxDQUFDO1FBQ3JCLENBQUM7UUFDRCxPQUFPLE9BQU8sQ0FBQztJQUNqQixDQUFDLENBQUM7QUFDSixDQUFDO0FBRUQsU0FBUyxZQUFZLENBQUMsQ0FBdUI7SUFDM0MsT0FBTyxPQUFPLENBQUMsS0FBSyxVQUFVLENBQUM7QUFDakMsQ0FBQztBQUVELFNBQVMsZUFBZSxDQUFDLENBQXVCO0lBQzlDLE9BQU8sQ0FBQyxDQUFDLENBQUMsQ0FBQyxJQUFJLE9BQU8sQ0FBQyxLQUFLLFFBQVEsSUFBSyxDQUFnQyxDQUFDLFVBQVUsQ0FBQyxDQUFDO0FBQ3hGLENBQUM7QUFFRCxTQUFTLGVBQWUsQ0FBQyxDQUF1QjtJQUM5QyxPQUFPLENBQUMsQ0FBQyxDQUFDLENBQUMsSUFBSSxPQUFPLENBQUMsS0FBSyxRQUFRLElBQUksQ0FBQyxDQUFDLFdBQVcsSUFBSSxDQUFDLGVBQWUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDO0FBQ2hGLENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBpbnNwZWN0IH0gZnJvbSAndXRpbCc7XG5pbXBvcnQgdHlwZSB7IENyZWRlbnRpYWxQcm92aWRlclNvdXJjZSwgRm9yUmVhZGluZywgRm9yV3JpdGluZywgUGx1Z2luUHJvdmlkZXJSZXN1bHQsIFNES3YyQ29tcGF0aWJsZUNyZWRlbnRpYWxzLCBTREt2M0NvbXBhdGlibGVDcmVkZW50aWFsUHJvdmlkZXIsIFNES3YzQ29tcGF0aWJsZUNyZWRlbnRpYWxzIH0gZnJvbSAnQGF3cy1jZGsvY2xpLXBsdWdpbi1jb250cmFjdCc7XG5pbXBvcnQgdHlwZSB7IEF3c0NyZWRlbnRpYWxJZGVudGl0eSwgQXdzQ3JlZGVudGlhbElkZW50aXR5UHJvdmlkZXIgfSBmcm9tICdAc21pdGh5L3R5cGVzJztcbmltcG9ydCB7IGNyZWRlbnRpYWxzQWJvdXRUb0V4cGlyZSwgbWFrZUNhY2hpbmdQcm92aWRlciB9IGZyb20gJy4vcHJvdmlkZXItY2FjaGluZyc7XG5pbXBvcnQgeyBBdXRoZW50aWNhdGlvbkVycm9yIH0gZnJvbSAnLi4vLi4vdG9vbGtpdC90b29sa2l0LWVycm9yJztcbmltcG9ydCB7IGZvcm1hdEVycm9yTWVzc2FnZSB9IGZyb20gJy4uLy4uL3V0aWwnO1xuaW1wb3J0IHsgSU8sIHR5cGUgSW9IZWxwZXIgfSBmcm9tICcuLi9pby9wcml2YXRlJztcbmltcG9ydCB0eXBlIHsgUGx1Z2luSG9zdCB9IGZyb20gJy4uL3BsdWdpbic7XG5pbXBvcnQgdHlwZSB7IE1vZGUgfSBmcm9tICcuLi9wbHVnaW4vbW9kZSc7XG5cbi8qKlxuICogQ2FjaGUgZm9yIGNyZWRlbnRpYWwgcHJvdmlkZXJzLlxuICpcbiAqIEdpdmVuIGFuIGFjY291bnQgYW5kIGFuIG9wZXJhdGluZyBtb2RlIChyZWFkIG9yIHdyaXRlKSB3aWxsIHJldHVybiBhblxuICogYXBwcm9wcmlhdGUgY3JlZGVudGlhbCBwcm92aWRlciBmb3IgY3JlZGVudGlhbHMgZm9yIHRoZSBnaXZlbiBhY2NvdW50LiBUaGVcbiAqIGNyZWRlbnRpYWwgcHJvdmlkZXIgd2lsbCBiZSBjYWNoZWQgc28gdGhhdCBtdWx0aXBsZSBBV1MgY2xpZW50cyBmb3IgdGhlIHNhbWVcbiAqIGVudmlyb25tZW50IHdpbGwgbm90IG1ha2UgbXVsdGlwbGUgbmV0d29yayBjYWxscyB0byBvYnRhaW4gY3JlZGVudGlhbHMuXG4gKlxuICogV2lsbCB1c2UgZGVmYXVsdCBjcmVkZW50aWFscyBpZiB0aGV5IGFyZSBmb3IgdGhlIHJpZ2h0IGFjY291bnQ7IG90aGVyd2lzZSxcbiAqIGFsbCBsb2FkZWQgY3JlZGVudGlhbCBwcm92aWRlciBwbHVnaW5zIHdpbGwgYmUgdHJpZWQgdG8gb2J0YWluIGNyZWRlbnRpYWxzXG4gKiBmb3IgdGhlIGdpdmVuIGFjY291bnQuXG4gKi9cbmV4cG9ydCBjbGFzcyBDcmVkZW50aWFsUGx1Z2lucyB7XG4gIHByaXZhdGUgcmVhZG9ubHkgY2FjaGU6IHsgW2tleTogc3RyaW5nXTogUGx1Z2luQ3JlZGVudGlhbHNGZXRjaFJlc3VsdCB8IHVuZGVmaW5lZCB9ID0ge307XG5cbiAgY29uc3RydWN0b3IocHJpdmF0ZSByZWFkb25seSBob3N0OiBQbHVnaW5Ib3N0LCBwcml2YXRlIHJlYWRvbmx5IGlvSGVscGVyOiBJb0hlbHBlcikge1xuICB9XG5cbiAgcHVibGljIGFzeW5jIGZldGNoQ3JlZGVudGlhbHNGb3IoYXdzQWNjb3VudElkOiBzdHJpbmcsIG1vZGU6IE1vZGUpOiBQcm9taXNlPFBsdWdpbkNyZWRlbnRpYWxzRmV0Y2hSZXN1bHQgfCB1bmRlZmluZWQ+IHtcbiAgICBjb25zdCBrZXkgPSBgJHthd3NBY2NvdW50SWR9LSR7bW9kZX1gO1xuICAgIGlmICghKGtleSBpbiB0aGlzLmNhY2hlKSkge1xuICAgICAgdGhpcy5jYWNoZVtrZXldID0gYXdhaXQgdGhpcy5sb29rdXBDcmVkZW50aWFscyhhd3NBY2NvdW50SWQsIG1vZGUpO1xuICAgIH1cbiAgICByZXR1cm4gdGhpcy5jYWNoZVtrZXldO1xuICB9XG5cbiAgcHVibGljIGdldCBhdmFpbGFibGVQbHVnaW5OYW1lcygpOiBzdHJpbmdbXSB7XG4gICAgcmV0dXJuIHRoaXMuaG9zdC5jcmVkZW50aWFsUHJvdmlkZXJTb3VyY2VzLm1hcCgocykgPT4gcy5uYW1lKTtcbiAgfVxuXG4gIHByaXZhdGUgYXN5bmMgbG9va3VwQ3JlZGVudGlhbHMoYXdzQWNjb3VudElkOiBzdHJpbmcsIG1vZGU6IE1vZGUpOiBQcm9taXNlPFBsdWdpbkNyZWRlbnRpYWxzRmV0Y2hSZXN1bHQgfCB1bmRlZmluZWQ+IHtcbiAgICBjb25zdCB0cmllZFNvdXJjZXM6IENyZWRlbnRpYWxQcm92aWRlclNvdXJjZVtdID0gW107XG4gICAgLy8gT3RoZXJ3aXNlLCBpbnNwZWN0IHRoZSB2YXJpb3VzIGNyZWRlbnRpYWwgc291cmNlcyB3ZSBoYXZlXG4gICAgZm9yIChjb25zdCBzb3VyY2Ugb2YgdGhpcy5ob3N0LmNyZWRlbnRpYWxQcm92aWRlclNvdXJjZXMpIHtcbiAgICAgIGxldCBhdmFpbGFibGU6IGJvb2xlYW47XG4gICAgICB0cnkge1xuICAgICAgICBhdmFpbGFibGUgPSBhd2FpdCBzb3VyY2UuaXNBdmFpbGFibGUoKTtcbiAgICAgIH0gY2F0Y2ggKGU6IGFueSkge1xuICAgICAgICAvLyBUaGlzIHNob3VsZG4ndCBoYXBwZW4sIGJ1dCBsZXQncyBndWFyZCBhZ2FpbnN0IGl0IGFueXdheVxuICAgICAgICBhd2FpdCB0aGlzLmlvSGVscGVyLm5vdGlmeShJTy5DREtfVE9PTEtJVF9XMDEwMC5tc2coYFVuY2F1Z2h0IGV4Y2VwdGlvbiBpbiAke3NvdXJjZS5uYW1lfTogJHtmb3JtYXRFcnJvck1lc3NhZ2UoZSl9YCkpO1xuICAgICAgICBhdmFpbGFibGUgPSBmYWxzZTtcbiAgICAgIH1cblxuICAgICAgaWYgKCFhdmFpbGFibGUpIHtcbiAgICAgICAgYXdhaXQgdGhpcy5pb0hlbHBlci5ub3RpZnkoSU8uREVGQVVMVF9UT09MS0lUX0RFQlVHLm1zZyhgQ3JlZGVudGlhbHMgc291cmNlICR7c291cmNlLm5hbWV9IGlzIG5vdCBhdmFpbGFibGUsIGlnbm9yaW5nIGl0LmApKTtcbiAgICAgICAgY29udGludWU7XG4gICAgICB9XG4gICAgICB0cmllZFNvdXJjZXMucHVzaChzb3VyY2UpO1xuICAgICAgbGV0IGNhblByb3ZpZGU6IGJvb2xlYW47XG4gICAgICB0cnkge1xuICAgICAgICBjYW5Qcm92aWRlID0gYXdhaXQgc291cmNlLmNhblByb3ZpZGVDcmVkZW50aWFscyhhd3NBY2NvdW50SWQpO1xuICAgICAgfSBjYXRjaCAoZTogYW55KSB7XG4gICAgICAgIC8vIFRoaXMgc2hvdWxkbid0IGhhcHBlbiwgYnV0IGxldCdzIGd1YXJkIGFnYWluc3QgaXQgYW55d2F5XG4gICAgICAgIGF3YWl0IHRoaXMuaW9IZWxwZXIubm90aWZ5KElPLkNES19UT09MS0lUX1cwMTAwLm1zZyhgVW5jYXVnaHQgZXhjZXB0aW9uIGluICR7c291cmNlLm5hbWV9OiAke2Zvcm1hdEVycm9yTWVzc2FnZShlKX1gKSk7XG4gICAgICAgIGNhblByb3ZpZGUgPSBmYWxzZTtcbiAgICAgIH1cbiAgICAgIGlmICghY2FuUHJvdmlkZSkge1xuICAgICAgICBjb250aW51ZTtcbiAgICAgIH1cbiAgICAgIGF3YWl0IHRoaXMuaW9IZWxwZXIubm90aWZ5KElPLkRFRkFVTFRfVE9PTEtJVF9ERUJVRy5tc2coYFVzaW5nICR7c291cmNlLm5hbWV9IGNyZWRlbnRpYWxzIGZvciBhY2NvdW50ICR7YXdzQWNjb3VudElkfWApKTtcblxuICAgICAgcmV0dXJuIHtcbiAgICAgICAgY3JlZGVudGlhbHM6IGF3YWl0IHYzUHJvdmlkZXJGcm9tUGx1Z2luKCgpID0+IHNvdXJjZS5nZXRQcm92aWRlcihhd3NBY2NvdW50SWQsIG1vZGUgYXMgRm9yUmVhZGluZyB8IEZvcldyaXRpbmcsIHtcbiAgICAgICAgICBzdXBwb3J0c1YzUHJvdmlkZXJzOiB0cnVlLFxuICAgICAgICB9KSksXG4gICAgICAgIHBsdWdpbk5hbWU6IHNvdXJjZS5uYW1lLFxuICAgICAgfTtcbiAgICB9XG4gICAgcmV0dXJuIHVuZGVmaW5lZDtcbiAgfVxufVxuXG4vKipcbiAqIFJlc3VsdCBmcm9tIHRyeWluZyB0byBmZXRjaCBjcmVkZW50aWFscyBmcm9tIHRoZSBQbHVnaW4gaG9zdFxuICovXG5leHBvcnQgaW50ZXJmYWNlIFBsdWdpbkNyZWRlbnRpYWxzRmV0Y2hSZXN1bHQge1xuICAvKipcbiAgICogU0RLLXYzIGNvbXBhdGlibGUgY3JlZGVudGlhbCBwcm92aWRlclxuICAgKi9cbiAgcmVhZG9ubHkgY3JlZGVudGlhbHM6IEF3c0NyZWRlbnRpYWxJZGVudGl0eVByb3ZpZGVyO1xuXG4gIC8qKlxuICAgKiBOYW1lIG9mIHBsdWdpbiB0aGF0IHN1Y2Nlc3NmdWxseSBwcm92aWRlZCBjcmVkZW50aWFsc1xuICAgKi9cbiAgcmVhZG9ubHkgcGx1Z2luTmFtZTogc3RyaW5nO1xufVxuXG4vKipcbiAqIFRha2UgYSBmdW5jdGlvbiB0aGF0IGNhbGxzIHRoZSBwbHVnaW4sIGFuZCB0dXJuIGl0IGludG8gYW4gU0RLdjMtY29tcGF0aWJsZSBjcmVkZW50aWFsIHByb3ZpZGVyLlxuICpcbiAqIFdoYXQgd2Ugd2lsbCBkbyBpcyB0aGUgZm9sbG93aW5nOlxuICpcbiAqIC0gUXVlcnkgdGhlIHBsdWdpbiBhbmQgc2VlIHdoYXQga2luZCBvZiByZXN1bHQgaXQgZ2l2ZXMgdXMuXG4gKiAtIElmIHRoZSByZXN1bHQgaXMgc2VsZi1yZWZyZXNoaW5nIG9yIGRvZXNuJ3QgbmVlZCByZWZyZXNoaW5nLCB3ZSB0dXJuIGl0IGludG8gYW4gU0RLdjMgcHJvdmlkZXJcbiAqICAgYW5kIHJldHVybiBpdCBkaXJlY3RseS5cbiAqICAgKiBJZiB0aGUgdW5kZXJseWluZyByZXR1cm4gdmFsdWUgaXMgYSBwcm92aWRlciwgd2Ugd2lsbCBtYWtlIGl0IGEgY2FjaGluZyBwcm92aWRlclxuICogICAgIChiZWNhdXNlIHdlIGNhbid0IGtub3cgaWYgaXQgd2lsbCBjYWNoZSBieSBpdHNlbGYgb3Igbm90KS5cbiAqICAgKiBJZiB0aGUgdW5kZXJseWluZyByZXR1cm4gdmFsdWUgaXMgYSBzdGF0aWMgY3JlZGVudGlhbCwgY2FjaGluZyBpc24ndCByZWxldmFudC5cbiAqICAgKiBJZiB0aGUgdW5kZXJseWluZyByZXR1cm4gdmFsdWUgaXMgVjIgY3JlZGVudGlhbHMsIHRob3NlIGhhdmUgY2FjaGluZyBidWlsdC1pbi5cbiAqIC0gSWYgdGhlIHJlc3VsdCBpcyBhIHN0YXRpYyBjcmVkZW50aWFsIHRoYXQgZXhwaXJlcywgd2Ugd2lsbCB3cmFwIGl0IGluIGFuIFNES3YzIHByb3ZpZGVyXG4gKiAgIHRoYXQgd2lsbCBxdWVyeSB0aGUgcGx1Z2luIGFnYWluIHdoZW4gdGhlIGNyZWRlbnRpYWwgZXhwaXJlcy5cbiAqL1xuYXN5bmMgZnVuY3Rpb24gdjNQcm92aWRlckZyb21QbHVnaW4ocHJvZHVjZXI6ICgpID0+IFByb21pc2U8UGx1Z2luUHJvdmlkZXJSZXN1bHQ+KTogUHJvbWlzZTxBd3NDcmVkZW50aWFsSWRlbnRpdHlQcm92aWRlcj4ge1xuICBjb25zdCBpbml0aWFsID0gYXdhaXQgcHJvZHVjZXIoKTtcblxuICBpZiAoaXNWM1Byb3ZpZGVyKGluaXRpYWwpKSB7XG4gICAgLy8gQWxyZWFkeSBhIHByb3ZpZGVyLCBtYWtlIGNhY2hpbmdcbiAgICByZXR1cm4gbWFrZUNhY2hpbmdQcm92aWRlcihpbml0aWFsKTtcbiAgfSBlbHNlIGlmIChpc1YzQ3JlZGVudGlhbHMoaW5pdGlhbCkgJiYgaW5pdGlhbC5leHBpcmF0aW9uID09PSB1bmRlZmluZWQpIHtcbiAgICAvLyBTdGF0aWMgY3JlZGVudGlhbHMgdGhhdCBkb24ndCBuZWVkIHJlZnJlc2hpbmcgbm9yIGNhY2hpbmdcbiAgICByZXR1cm4gKCkgPT4gUHJvbWlzZS5yZXNvbHZlKGluaXRpYWwpO1xuICB9IGVsc2UgaWYgKGlzVjNDcmVkZW50aWFscyhpbml0aWFsKSAmJiBpbml0aWFsLmV4cGlyYXRpb24gIT09IHVuZGVmaW5lZCkge1xuICAgIC8vIFN0YXRpYyBjcmVkZW50aWFscyB0aGF0IGRvIG5lZWQgcmVmcmVzaGluZyBhbmQgY2FjaGluZ1xuICAgIHJldHVybiByZWZyZXNoRnJvbVBsdWdpblByb3ZpZGVyKGluaXRpYWwsIHByb2R1Y2VyKTtcbiAgfSBlbHNlIGlmIChpc1YyQ3JlZGVudGlhbHMoaW5pdGlhbCkpIHtcbiAgICAvLyBWMiBjcmVkZW50aWFscyB0aGF0IHJlZnJlc2ggYW5kIGNhY2hlIHRoZW1zZWx2ZXNcbiAgICByZXR1cm4gdjNQcm92aWRlckZyb21WMkNyZWRlbnRpYWxzKGluaXRpYWwpO1xuICB9IGVsc2Uge1xuICAgIHRocm93IG5ldyBBdXRoZW50aWNhdGlvbkVycm9yKGBQbHVnaW4gcmV0dXJuZWQgYSB2YWx1ZSB0aGF0IGRvZXNuJ3QgcmVzZW1ibGUgQVdTIGNyZWRlbnRpYWxzOiAke2luc3BlY3QoaW5pdGlhbCl9YCk7XG4gIH1cbn1cblxuLyoqXG4gKiBDb252ZXJ0cyBhIFYyIGNyZWRlbnRpYWwgaW50byBhIFYzLWNvbXBhdGlibGUgcHJvdmlkZXJcbiAqL1xuZnVuY3Rpb24gdjNQcm92aWRlckZyb21WMkNyZWRlbnRpYWxzKHg6IFNES3YyQ29tcGF0aWJsZUNyZWRlbnRpYWxzKTogQXdzQ3JlZGVudGlhbElkZW50aXR5UHJvdmlkZXIge1xuICByZXR1cm4gYXN5bmMgKCkgPT4ge1xuICAgIC8vIEdldCB3aWxsIGZldGNoIG9yIHJlZnJlc2ggYXMgbmVjZXNzYXJ5XG4gICAgYXdhaXQgeC5nZXRQcm9taXNlKCk7XG5cbiAgICByZXR1cm4ge1xuICAgICAgYWNjZXNzS2V5SWQ6IHguYWNjZXNzS2V5SWQsXG4gICAgICBzZWNyZXRBY2Nlc3NLZXk6IHguc2VjcmV0QWNjZXNzS2V5LFxuICAgICAgc2Vzc2lvblRva2VuOiB4LnNlc3Npb25Ub2tlbixcbiAgICAgIGV4cGlyYXRpb246IHguZXhwaXJlVGltZSA/PyB1bmRlZmluZWQsXG4gICAgfTtcbiAgfTtcbn1cblxuZnVuY3Rpb24gcmVmcmVzaEZyb21QbHVnaW5Qcm92aWRlcihjdXJyZW50OiBBd3NDcmVkZW50aWFsSWRlbnRpdHksIHByb2R1Y2VyOiAoKSA9PiBQcm9taXNlPFBsdWdpblByb3ZpZGVyUmVzdWx0Pik6IEF3c0NyZWRlbnRpYWxJZGVudGl0eVByb3ZpZGVyIHtcbiAgcmV0dXJuIGFzeW5jICgpID0+IHtcbiAgICBpZiAoY3JlZGVudGlhbHNBYm91dFRvRXhwaXJlKGN1cnJlbnQpKSB7XG4gICAgICBjb25zdCBuZXdDcmVkcyA9IGF3YWl0IHByb2R1Y2VyKCk7XG4gICAgICBpZiAoIWlzVjNDcmVkZW50aWFscyhuZXdDcmVkcykpIHtcbiAgICAgICAgdGhyb3cgbmV3IEF1dGhlbnRpY2F0aW9uRXJyb3IoYFBsdWdpbiBpbml0aWFsbHkgcmV0dXJuZWQgc3RhdGljIFYzIGNyZWRlbnRpYWxzIGJ1dCBub3cgcmV0dXJuZWQgc29tZXRoaW5nIGVsc2U6ICR7aW5zcGVjdChuZXdDcmVkcyl9YCk7XG4gICAgICB9XG4gICAgICBjdXJyZW50ID0gbmV3Q3JlZHM7XG4gICAgfVxuICAgIHJldHVybiBjdXJyZW50O1xuICB9O1xufVxuXG5mdW5jdGlvbiBpc1YzUHJvdmlkZXIoeDogUGx1Z2luUHJvdmlkZXJSZXN1bHQpOiB4IGlzIFNES3YzQ29tcGF0aWJsZUNyZWRlbnRpYWxQcm92aWRlciB7XG4gIHJldHVybiB0eXBlb2YgeCA9PT0gJ2Z1bmN0aW9uJztcbn1cblxuZnVuY3Rpb24gaXNWMkNyZWRlbnRpYWxzKHg6IFBsdWdpblByb3ZpZGVyUmVzdWx0KTogeCBpcyBTREt2MkNvbXBhdGlibGVDcmVkZW50aWFscyB7XG4gIHJldHVybiAhISh4ICYmIHR5cGVvZiB4ID09PSAnb2JqZWN0JyAmJiAoeCBhcyBTREt2MkNvbXBhdGlibGVDcmVkZW50aWFscykuZ2V0UHJvbWlzZSk7XG59XG5cbmZ1bmN0aW9uIGlzVjNDcmVkZW50aWFscyh4OiBQbHVnaW5Qcm92aWRlclJlc3VsdCk6IHggaXMgU0RLdjNDb21wYXRpYmxlQ3JlZGVudGlhbHMge1xuICByZXR1cm4gISEoeCAmJiB0eXBlb2YgeCA9PT0gJ29iamVjdCcgJiYgeC5hY2Nlc3NLZXlJZCAmJiAhaXNWMkNyZWRlbnRpYWxzKHgpKTtcbn1cbiJdfQ==

package/lib/api/aws-auth/private/index.d.ts

@@ -0,0 +1,11 @@
+export * from '../proxy-agent';
+export * from '../sdk';
+export * from '../sdk-provider';
+export * from '../sdk-logger';
+export { AccountAccessKeyCache } from '../account-cache';
+export { cached } from '../cached';
+export { AwsCliCompatible } from '../awscli-compatible';
+export { setSdkTracing } from '../tracing';
+export { CredentialPlugins } from '../credential-plugins';
+export { credentialsAboutToExpire } from '../provider-caching';
+export { defaultCliUserAgent } from '../user-agent';

package/lib/api/aws-auth/private/index.js

@@ -0,0 +1,37 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.defaultCliUserAgent = exports.credentialsAboutToExpire = exports.CredentialPlugins = exports.setSdkTracing = exports.AwsCliCompatible = exports.cached = exports.AccountAccessKeyCache = void 0;
+__exportStar(require("../proxy-agent"), exports);
+__exportStar(require("../sdk"), exports);
+__exportStar(require("../sdk-provider"), exports);
+__exportStar(require("../sdk-logger"), exports);
+// temporary testing exports
+var account_cache_1 = require("../account-cache");
+Object.defineProperty(exports, "AccountAccessKeyCache", { enumerable: true, get: function () { return account_cache_1.AccountAccessKeyCache; } });
+var cached_1 = require("../cached");
+Object.defineProperty(exports, "cached", { enumerable: true, get: function () { return cached_1.cached; } });
+var awscli_compatible_1 = require("../awscli-compatible");
+Object.defineProperty(exports, "AwsCliCompatible", { enumerable: true, get: function () { return awscli_compatible_1.AwsCliCompatible; } });
+var tracing_1 = require("../tracing");
+Object.defineProperty(exports, "setSdkTracing", { enumerable: true, get: function () { return tracing_1.setSdkTracing; } });
+var credential_plugins_1 = require("../credential-plugins");
+Object.defineProperty(exports, "CredentialPlugins", { enumerable: true, get: function () { return credential_plugins_1.CredentialPlugins; } });
+var provider_caching_1 = require("../provider-caching");
+Object.defineProperty(exports, "credentialsAboutToExpire", { enumerable: true, get: function () { return provider_caching_1.credentialsAboutToExpire; } });
+var user_agent_1 = require("../user-agent");
+Object.defineProperty(exports, "defaultCliUserAgent", { enumerable: true, get: function () { return user_agent_1.defaultCliUserAgent; } });
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJpbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7OztBQUFBLGlEQUErQjtBQUMvQix5Q0FBdUI7QUFDdkIsa0RBQWdDO0FBQ2hDLGdEQUE4QjtBQUU5Qiw0QkFBNEI7QUFDNUIsa0RBQXlEO0FBQWhELHNIQUFBLHFCQUFxQixPQUFBO0FBQzlCLG9DQUFtQztBQUExQixnR0FBQSxNQUFNLE9BQUE7QUFDZiwwREFBd0Q7QUFBL0MscUhBQUEsZ0JBQWdCLE9BQUE7QUFDekIsc0NBQTJDO0FBQWxDLHdHQUFBLGFBQWEsT0FBQTtBQUN0Qiw0REFBMEQ7QUFBakQsdUhBQUEsaUJBQWlCLE9BQUE7QUFDMUIsd0RBQStEO0FBQXRELDRIQUFBLHdCQUF3QixPQUFBO0FBQ2pDLDRDQUFvRDtBQUEzQyxpSEFBQSxtQkFBbUIsT0FBQSIsInNvdXJjZXNDb250ZW50IjpbImV4cG9ydCAqIGZyb20gJy4uL3Byb3h5LWFnZW50JztcbmV4cG9ydCAqIGZyb20gJy4uL3Nkayc7XG5leHBvcnQgKiBmcm9tICcuLi9zZGstcHJvdmlkZXInO1xuZXhwb3J0ICogZnJvbSAnLi4vc2RrLWxvZ2dlcic7XG5cbi8vIHRlbXBvcmFyeSB0ZXN0aW5nIGV4cG9ydHNcbmV4cG9ydCB7IEFjY291bnRBY2Nlc3NLZXlDYWNoZSB9IGZyb20gJy4uL2FjY291bnQtY2FjaGUnO1xuZXhwb3J0IHsgY2FjaGVkIH0gZnJvbSAnLi4vY2FjaGVkJztcbmV4cG9ydCB7IEF3c0NsaUNvbXBhdGlibGUgfSBmcm9tICcuLi9hd3NjbGktY29tcGF0aWJsZSc7XG5leHBvcnQgeyBzZXRTZGtUcmFjaW5nIH0gZnJvbSAnLi4vdHJhY2luZyc7XG5leHBvcnQgeyBDcmVkZW50aWFsUGx1Z2lucyB9IGZyb20gJy4uL2NyZWRlbnRpYWwtcGx1Z2lucyc7XG5leHBvcnQgeyBjcmVkZW50aWFsc0Fib3V0VG9FeHBpcmUgfSBmcm9tICcuLi9wcm92aWRlci1jYWNoaW5nJztcbmV4cG9ydCB7IGRlZmF1bHRDbGlVc2VyQWdlbnQgfSBmcm9tICcuLi91c2VyLWFnZW50JztcbiJdfQ==

package/lib/api/aws-auth/provider-caching.d.ts

@@ -0,0 +1,13 @@
+import type { AwsCredentialIdentity, AwsCredentialIdentityProvider } from '@smithy/types';
+/**
+ * Wrap a credential provider in a cache
+ *
+ * Some credential providers in the SDKv3 are cached (the default Node
+ * chain, specifically) but most others are not.
+ *
+ * Since we want to avoid duplicate calls to `AssumeRole`, or duplicate
+ * MFA prompts or what have you, we are going to liberally wrap providers
+ * in caches which will return the cached value until it expires.
+ */
+export declare function makeCachingProvider(provider: AwsCredentialIdentityProvider): AwsCredentialIdentityProvider;
+export declare function credentialsAboutToExpire(token: AwsCredentialIdentity): boolean;

package/lib/api/aws-auth/provider-caching.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.makeCachingProvider = makeCachingProvider;
+exports.credentialsAboutToExpire = credentialsAboutToExpire;
+const property_provider_1 = require("@smithy/property-provider");
+/**
+ * Wrap a credential provider in a cache
+ *
+ * Some credential providers in the SDKv3 are cached (the default Node
+ * chain, specifically) but most others are not.
+ *
+ * Since we want to avoid duplicate calls to `AssumeRole`, or duplicate
+ * MFA prompts or what have you, we are going to liberally wrap providers
+ * in caches which will return the cached value until it expires.
+ */
+function makeCachingProvider(provider) {
+    return (0, property_provider_1.memoize)(provider, credentialsAboutToExpire, (token) => !!token.expiration);
+}
+function credentialsAboutToExpire(token) {
+    const expiryMarginSecs = 5;
+    // token.expiration is sometimes null
+    return !!token.expiration && token.expiration.getTime() - Date.now() < expiryMarginSecs * 1000;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicHJvdmlkZXItY2FjaGluZy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbInByb3ZpZGVyLWNhY2hpbmcudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFhQSxrREFNQztBQUVELDREQUlDO0FBekJELGlFQUFvRDtBQUdwRDs7Ozs7Ozs7O0dBU0c7QUFDSCxTQUFnQixtQkFBbUIsQ0FBQyxRQUF1QztJQUN6RSxPQUFPLElBQUEsMkJBQU8sRUFDWixRQUFRLEVBQ1Isd0JBQXdCLEVBQ3hCLENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLFVBQVUsQ0FDOUIsQ0FBQztBQUNKLENBQUM7QUFFRCxTQUFnQix3QkFBd0IsQ0FBQyxLQUE0QjtJQUNuRSxNQUFNLGdCQUFnQixHQUFHLENBQUMsQ0FBQztJQUMzQixxQ0FBcUM7SUFDckMsT0FBTyxDQUFDLENBQUMsS0FBSyxDQUFDLFVBQVUsSUFBSSxLQUFLLENBQUMsVUFBVSxDQUFDLE9BQU8sRUFBRSxHQUFHLElBQUksQ0FBQyxHQUFHLEVBQUUsR0FBRyxnQkFBZ0IsR0FBRyxJQUFJLENBQUM7QUFDakcsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IG1lbW9pemUgfSBmcm9tICdAc21pdGh5L3Byb3BlcnR5LXByb3ZpZGVyJztcbmltcG9ydCB0eXBlIHsgQXdzQ3JlZGVudGlhbElkZW50aXR5LCBBd3NDcmVkZW50aWFsSWRlbnRpdHlQcm92aWRlciB9IGZyb20gJ0BzbWl0aHkvdHlwZXMnO1xuXG4vKipcbiAqIFdyYXAgYSBjcmVkZW50aWFsIHByb3ZpZGVyIGluIGEgY2FjaGVcbiAqXG4gKiBTb21lIGNyZWRlbnRpYWwgcHJvdmlkZXJzIGluIHRoZSBTREt2MyBhcmUgY2FjaGVkICh0aGUgZGVmYXVsdCBOb2RlXG4gKiBjaGFpbiwgc3BlY2lmaWNhbGx5KSBidXQgbW9zdCBvdGhlcnMgYXJlIG5vdC5cbiAqXG4gKiBTaW5jZSB3ZSB3YW50IHRvIGF2b2lkIGR1cGxpY2F0ZSBjYWxscyB0byBgQXNzdW1lUm9sZWAsIG9yIGR1cGxpY2F0ZVxuICogTUZBIHByb21wdHMgb3Igd2hhdCBoYXZlIHlvdSwgd2UgYXJlIGdvaW5nIHRvIGxpYmVyYWxseSB3cmFwIHByb3ZpZGVyc1xuICogaW4gY2FjaGVzIHdoaWNoIHdpbGwgcmV0dXJuIHRoZSBjYWNoZWQgdmFsdWUgdW50aWwgaXQgZXhwaXJlcy5cbiAqL1xuZXhwb3J0IGZ1bmN0aW9uIG1ha2VDYWNoaW5nUHJvdmlkZXIocHJvdmlkZXI6IEF3c0NyZWRlbnRpYWxJZGVudGl0eVByb3ZpZGVyKTogQXdzQ3JlZGVudGlhbElkZW50aXR5UHJvdmlkZXIge1xuICByZXR1cm4gbWVtb2l6ZShcbiAgICBwcm92aWRlcixcbiAgICBjcmVkZW50aWFsc0Fib3V0VG9FeHBpcmUsXG4gICAgKHRva2VuKSA9PiAhIXRva2VuLmV4cGlyYXRpb24sXG4gICk7XG59XG5cbmV4cG9ydCBmdW5jdGlvbiBjcmVkZW50aWFsc0Fib3V0VG9FeHBpcmUodG9rZW46IEF3c0NyZWRlbnRpYWxJZGVudGl0eSkge1xuICBjb25zdCBleHBpcnlNYXJnaW5TZWNzID0gNTtcbiAgLy8gdG9rZW4uZXhwaXJhdGlvbiBpcyBzb21ldGltZXMgbnVsbFxuICByZXR1cm4gISF0b2tlbi5leHBpcmF0aW9uICYmIHRva2VuLmV4cGlyYXRpb24uZ2V0VGltZSgpIC0gRGF0ZS5ub3coKSA8IGV4cGlyeU1hcmdpblNlY3MgKiAxMDAwO1xufVxuIl19

package/lib/api/aws-auth/proxy-agent.d.ts

@@ -0,0 +1,13 @@
+import { ProxyAgent } from 'proxy-agent';
+import type { SdkHttpOptions } from './types';
+import { type IoHelper } from '../io/private';
+export declare class ProxyAgentProvider {
+    private readonly ioHelper;
+    constructor(ioHelper: IoHelper);
+    create(options: SdkHttpOptions): Promise<ProxyAgent>;
+    private tryGetCACert;
+    /**
+     * Find and return a CA certificate bundle path to be passed into the SDK.
+     */
+    private caBundlePathFromEnvironment;
+}

package/lib/api/aws-auth/proxy-agent.js

@@ -0,0 +1,54 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ProxyAgentProvider = void 0;
+const fs = require("fs-extra");
+const proxy_agent_1 = require("proxy-agent");
+const private_1 = require("../io/private");
+class ProxyAgentProvider {
+    ioHelper;
+    constructor(ioHelper) {
+        this.ioHelper = ioHelper;
+    }
+    async create(options) {
+        // Force it to use the proxy provided through the command line.
+        // Otherwise, let the ProxyAgent auto-detect the proxy using environment variables.
+        const getProxyForUrl = options.proxyAddress != null
+            ? () => Promise.resolve(options.proxyAddress)
+            : undefined;
+        return new proxy_agent_1.ProxyAgent({
+            ca: await this.tryGetCACert(options.caBundlePath),
+            getProxyForUrl,
+        });
+    }
+    async tryGetCACert(bundlePath) {
+        const path = bundlePath || this.caBundlePathFromEnvironment();
+        if (path) {
+            await this.ioHelper.notify(private_1.IO.DEFAULT_SDK_DEBUG.msg(`Using CA bundle path: ${path}`));
+            try {
+                if (!fs.pathExistsSync(path)) {
+                    return undefined;
+                }
+                return fs.readFileSync(path, { encoding: 'utf-8' });
+            }
+            catch (e) {
+                await this.ioHelper.notify(private_1.IO.DEFAULT_SDK_DEBUG.msg(String(e)));
+                return undefined;
+            }
+        }
+        return undefined;
+    }
+    /**
+     * Find and return a CA certificate bundle path to be passed into the SDK.
+     */
+    caBundlePathFromEnvironment() {
+        if (process.env.aws_ca_bundle) {
+            return process.env.aws_ca_bundle;
+        }
+        if (process.env.AWS_CA_BUNDLE) {
+            return process.env.AWS_CA_BUNDLE;
+        }
+        return undefined;
+    }
+}
+exports.ProxyAgentProvider = ProxyAgentProvider;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicHJveHktYWdlbnQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJwcm94eS1hZ2VudC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSwrQkFBK0I7QUFDL0IsNkNBQXlDO0FBRXpDLDJDQUFrRDtBQUVsRCxNQUFhLGtCQUFrQjtJQUNaLFFBQVEsQ0FBVztJQUVwQyxZQUFtQixRQUFrQjtRQUNuQyxJQUFJLENBQUMsUUFBUSxHQUFHLFFBQVEsQ0FBQztJQUMzQixDQUFDO0lBRU0sS0FBSyxDQUFDLE1BQU0sQ0FBQyxPQUF1QjtRQUN6QywrREFBK0Q7UUFDL0QsbUZBQW1GO1FBQ25GLE1BQU0sY0FBYyxHQUFHLE9BQU8sQ0FBQyxZQUFZLElBQUksSUFBSTtZQUNqRCxDQUFDLENBQUMsR0FBRyxFQUFFLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsWUFBYSxDQUFDO1lBQzlDLENBQUMsQ0FBQyxTQUFTLENBQUM7UUFFZCxPQUFPLElBQUksd0JBQVUsQ0FBQztZQUNwQixFQUFFLEVBQUUsTUFBTSxJQUFJLENBQUMsWUFBWSxDQUFDLE9BQU8sQ0FBQyxZQUFZLENBQUM7WUFDakQsY0FBYztTQUNmLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFTyxLQUFLLENBQUMsWUFBWSxDQUFDLFVBQW1CO1FBQzVDLE1BQU0sSUFBSSxHQUFHLFVBQVUsSUFBSSxJQUFJLENBQUMsMkJBQTJCLEVBQUUsQ0FBQztRQUM5RCxJQUFJLElBQUksRUFBRSxDQUFDO1lBQ1QsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxZQUFFLENBQUMsaUJBQWlCLENBQUMsR0FBRyxDQUFDLHlCQUF5QixJQUFJLEVBQUUsQ0FBQyxDQUFDLENBQUM7WUFDdEYsSUFBSSxDQUFDO2dCQUNILElBQUksQ0FBQyxFQUFFLENBQUMsY0FBYyxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUM7b0JBQzdCLE9BQU8sU0FBUyxDQUFDO2dCQUNuQixDQUFDO2dCQUNELE9BQU8sRUFBRSxDQUFDLFlBQVksQ0FBQyxJQUFJLEVBQUUsRUFBRSxRQUFRLEVBQUUsT0FBTyxFQUFFLENBQUMsQ0FBQztZQUN0RCxDQUFDO1lBQUMsT0FBTyxDQUFNLEVBQUUsQ0FBQztnQkFDaEIsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxZQUFFLENBQUMsaUJBQWlCLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7Z0JBQ2hFLE9BQU8sU0FBUyxDQUFDO1lBQ25CLENBQUM7UUFDSCxDQUFDO1FBQ0QsT0FBTyxTQUFTLENBQUM7SUFDbkIsQ0FBQztJQUVEOztPQUVHO0lBQ0ssMkJBQTJCO1FBQ2pDLElBQUksT0FBTyxDQUFDLEdBQUcsQ0FBQyxhQUFhLEVBQUUsQ0FBQztZQUM5QixPQUFPLE9BQU8sQ0FBQyxHQUFHLENBQUMsYUFBYSxDQUFDO1FBQ25DLENBQUM7UUFDRCxJQUFJLE9BQU8sQ0FBQyxHQUFHLENBQUMsYUFBYSxFQUFFLENBQUM7WUFDOUIsT0FBTyxPQUFPLENBQUMsR0FBRyxDQUFDLGFBQWEsQ0FBQztRQUNuQyxDQUFDO1FBQ0QsT0FBTyxTQUFTLENBQUM7SUFDbkIsQ0FBQztDQUNGO0FBakRELGdEQWlEQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCAqIGFzIGZzIGZyb20gJ2ZzLWV4dHJhJztcbmltcG9ydCB7IFByb3h5QWdlbnQgfSBmcm9tICdwcm94eS1hZ2VudCc7XG5pbXBvcnQgdHlwZSB7IFNka0h0dHBPcHRpb25zIH0gZnJvbSAnLi90eXBlcyc7XG5pbXBvcnQgeyBJTywgdHlwZSBJb0hlbHBlciB9IGZyb20gJy4uL2lvL3ByaXZhdGUnO1xuXG5leHBvcnQgY2xhc3MgUHJveHlBZ2VudFByb3ZpZGVyIHtcbiAgcHJpdmF0ZSByZWFkb25seSBpb0hlbHBlcjogSW9IZWxwZXI7XG5cbiAgcHVibGljIGNvbnN0cnVjdG9yKGlvSGVscGVyOiBJb0hlbHBlcikge1xuICAgIHRoaXMuaW9IZWxwZXIgPSBpb0hlbHBlcjtcbiAgfVxuXG4gIHB1YmxpYyBhc3luYyBjcmVhdGUob3B0aW9uczogU2RrSHR0cE9wdGlvbnMpIHtcbiAgICAvLyBGb3JjZSBpdCB0byB1c2UgdGhlIHByb3h5IHByb3ZpZGVkIHRocm91Z2ggdGhlIGNvbW1hbmQgbGluZS5cbiAgICAvLyBPdGhlcndpc2UsIGxldCB0aGUgUHJveHlBZ2VudCBhdXRvLWRldGVjdCB0aGUgcHJveHkgdXNpbmcgZW52aXJvbm1lbnQgdmFyaWFibGVzLlxuICAgIGNvbnN0IGdldFByb3h5Rm9yVXJsID0gb3B0aW9ucy5wcm94eUFkZHJlc3MgIT0gbnVsbFxuICAgICAgPyAoKSA9PiBQcm9taXNlLnJlc29sdmUob3B0aW9ucy5wcm94eUFkZHJlc3MhKVxuICAgICAgOiB1bmRlZmluZWQ7XG5cbiAgICByZXR1cm4gbmV3IFByb3h5QWdlbnQoe1xuICAgICAgY2E6IGF3YWl0IHRoaXMudHJ5R2V0Q0FDZXJ0KG9wdGlvbnMuY2FCdW5kbGVQYXRoKSxcbiAgICAgIGdldFByb3h5Rm9yVXJsLFxuICAgIH0pO1xuICB9XG5cbiAgcHJpdmF0ZSBhc3luYyB0cnlHZXRDQUNlcnQoYnVuZGxlUGF0aD86IHN0cmluZykge1xuICAgIGNvbnN0IHBhdGggPSBidW5kbGVQYXRoIHx8IHRoaXMuY2FCdW5kbGVQYXRoRnJvbUVudmlyb25tZW50KCk7XG4gICAgaWYgKHBhdGgpIHtcbiAgICAgIGF3YWl0IHRoaXMuaW9IZWxwZXIubm90aWZ5KElPLkRFRkFVTFRfU0RLX0RFQlVHLm1zZyhgVXNpbmcgQ0EgYnVuZGxlIHBhdGg6ICR7cGF0aH1gKSk7XG4gICAgICB0cnkge1xuICAgICAgICBpZiAoIWZzLnBhdGhFeGlzdHNTeW5jKHBhdGgpKSB7XG4gICAgICAgICAgcmV0dXJuIHVuZGVmaW5lZDtcbiAgICAgICAgfVxuICAgICAgICByZXR1cm4gZnMucmVhZEZpbGVTeW5jKHBhdGgsIHsgZW5jb2Rpbmc6ICd1dGYtOCcgfSk7XG4gICAgICB9IGNhdGNoIChlOiBhbnkpIHtcbiAgICAgICAgYXdhaXQgdGhpcy5pb0hlbHBlci5ub3RpZnkoSU8uREVGQVVMVF9TREtfREVCVUcubXNnKFN0cmluZyhlKSkpO1xuICAgICAgICByZXR1cm4gdW5kZWZpbmVkO1xuICAgICAgfVxuICAgIH1cbiAgICByZXR1cm4gdW5kZWZpbmVkO1xuICB9XG5cbiAgLyoqXG4gICAqIEZpbmQgYW5kIHJldHVybiBhIENBIGNlcnRpZmljYXRlIGJ1bmRsZSBwYXRoIHRvIGJlIHBhc3NlZCBpbnRvIHRoZSBTREsuXG4gICAqL1xuICBwcml2YXRlIGNhQnVuZGxlUGF0aEZyb21FbnZpcm9ubWVudCgpOiBzdHJpbmcgfCB1bmRlZmluZWQge1xuICAgIGlmIChwcm9jZXNzLmVudi5hd3NfY2FfYnVuZGxlKSB7XG4gICAgICByZXR1cm4gcHJvY2Vzcy5lbnYuYXdzX2NhX2J1bmRsZTtcbiAgICB9XG4gICAgaWYgKHByb2Nlc3MuZW52LkFXU19DQV9CVU5ETEUpIHtcbiAgICAgIHJldHVybiBwcm9jZXNzLmVudi5BV1NfQ0FfQlVORExFO1xuICAgIH1cbiAgICByZXR1cm4gdW5kZWZpbmVkO1xuICB9XG59XG5cbiJdfQ==

package/lib/api/aws-auth/sdk-logger.d.ts

@@ -0,0 +1,69 @@
+import type { Logger } from '@smithy/types';
+import type { IoHelper } from '../io/private';
+export declare class SdkToCliLogger implements Logger {
+    private readonly ioHelper;
+    constructor(ioHelper: IoHelper);
+    private notify;
+    trace(..._content: any[]): void;
+    debug(..._content: any[]): void;
+    /**
+     * Info is called mostly (exclusively?) for successful API calls
+     *
+     * Payload:
+     *
+     * (Note the input contains entire CFN templates, for example)
+     *
+     * ```
+     * {
+     *   clientName: 'S3Client',
+     *   commandName: 'GetBucketLocationCommand',
+     *   input: {
+     *     Bucket: '.....',
+     *     ExpectedBucketOwner: undefined
+     *   },
+     *   output: { LocationConstraint: 'eu-central-1' },
+     *   metadata: {
+     *     httpStatusCode: 200,
+     *     requestId: '....',
+     *     extendedRequestId: '...',
+     *     cfId: undefined,
+     *     attempts: 1,
+     *     totalRetryDelay: 0
+     *   }
+     * }
+     * ```
+     */
+    info(...content: any[]): void;
+    warn(...content: any[]): void;
+    /**
+     * Error is called mostly (exclusively?) for failing API calls
+     *
+     * Payload (input would be the entire API call arguments).
+     *
+     * ```
+     * {
+     *   clientName: 'STSClient',
+     *   commandName: 'GetCallerIdentityCommand',
+     *   input: {},
+     *   error: AggregateError [ECONNREFUSED]:
+     *       at internalConnectMultiple (node:net:1121:18)
+     *       at afterConnectMultiple (node:net:1688:7) {
+     *     code: 'ECONNREFUSED',
+     *     '$metadata': { attempts: 3, totalRetryDelay: 600 },
+     *     [errors]: [ [Error], [Error] ]
+     *   },
+     *   metadata: { attempts: 3, totalRetryDelay: 600 }
+     * }
+     * ```
+     */
+    error(...content: any[]): void;
+}
+/**
+ * This can be anything.
+ *
+ * For debug, it seems to be mostly strings.
+ * For info, it seems to be objects.
+ *
+ * Stringify and join without separator.
+ */
+export declare function formatSdkLoggerContent(content: any[]): string;

package/lib/api/aws-auth/sdk-logger.js

@@ -0,0 +1,128 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SdkToCliLogger = void 0;
+exports.formatSdkLoggerContent = formatSdkLoggerContent;
+const util_1 = require("util");
+const util_2 = require("../../util");
+const private_1 = require("../io/private");
+class SdkToCliLogger {
+    ioHelper;
+    constructor(ioHelper) {
+        this.ioHelper = ioHelper;
+    }
+    notify(level, ...content) {
+        void this.ioHelper.notify(private_1.IO.CDK_SDK_I0100.msg((0, util_1.format)('[SDK %s] %s', level, formatSdkLoggerContent(content)), {
+            sdkLevel: level,
+            content,
+        }));
+    }
+    trace(..._content) {
+        // This is too much detail for our logs
+        // this.notify('trace', ...content);
+    }
+    debug(..._content) {
+        // This is too much detail for our logs
+        // this.notify('debug', ...content);
+    }
+    /**
+     * Info is called mostly (exclusively?) for successful API calls
+     *
+     * Payload:
+     *
+     * (Note the input contains entire CFN templates, for example)
+     *
+     * ```
+     * {
+     *   clientName: 'S3Client',
+     *   commandName: 'GetBucketLocationCommand',
+     *   input: {
+     *     Bucket: '.....',
+     *     ExpectedBucketOwner: undefined
+     *   },
+     *   output: { LocationConstraint: 'eu-central-1' },
+     *   metadata: {
+     *     httpStatusCode: 200,
+     *     requestId: '....',
+     *     extendedRequestId: '...',
+     *     cfId: undefined,
+     *     attempts: 1,
+     *     totalRetryDelay: 0
+     *   }
+     * }
+     * ```
+     */
+    info(...content) {
+        this.notify('info', ...content);
+    }
+    warn(...content) {
+        this.notify('warn', ...content);
+    }
+    /**
+     * Error is called mostly (exclusively?) for failing API calls
+     *
+     * Payload (input would be the entire API call arguments).
+     *
+     * ```
+     * {
+     *   clientName: 'STSClient',
+     *   commandName: 'GetCallerIdentityCommand',
+     *   input: {},
+     *   error: AggregateError [ECONNREFUSED]:
+     *       at internalConnectMultiple (node:net:1121:18)
+     *       at afterConnectMultiple (node:net:1688:7) {
+     *     code: 'ECONNREFUSED',
+     *     '$metadata': { attempts: 3, totalRetryDelay: 600 },
+     *     [errors]: [ [Error], [Error] ]
+     *   },
+     *   metadata: { attempts: 3, totalRetryDelay: 600 }
+     * }
+     * ```
+     */
+    error(...content) {
+        this.notify('error', ...content);
+    }
+}
+exports.SdkToCliLogger = SdkToCliLogger;
+/**
+ * This can be anything.
+ *
+ * For debug, it seems to be mostly strings.
+ * For info, it seems to be objects.
+ *
+ * Stringify and join without separator.
+ */
+function formatSdkLoggerContent(content) {
+    if (content.length === 1) {
+        const apiFmt = formatApiCall(content[0]);
+        if (apiFmt) {
+            return apiFmt;
+        }
+    }
+    return content.map((x) => typeof x === 'string' ? x : (0, util_1.inspect)(x)).join('');
+}
+function formatApiCall(content) {
+    if (!isSdkApiCallSuccess(content) && !isSdkApiCallError(content)) {
+        return undefined;
+    }
+    const service = content.clientName.replace(/Client$/, '');
+    const api = content.commandName.replace(/Command$/, '');
+    const parts = [];
+    if ((content.metadata?.attempts ?? 0) > 1) {
+        parts.push(`[${content.metadata?.attempts} attempts, ${content.metadata?.totalRetryDelay}ms retry]`);
+    }
+    parts.push(`${service}.${api}(${JSON.stringify(content.input, util_2.replacerBufferWithInfo)})`);
+    if (isSdkApiCallSuccess(content)) {
+        parts.push('-> OK');
+    }
+    else {
+        parts.push(`-> ${content.error}`);
+    }
+    return parts.join(' ');
+}
+function isSdkApiCallSuccess(x) {
+    return x && typeof x === 'object' && x.commandName && x.output;
+}
+function isSdkApiCallError(x) {
+    return x && typeof x === 'object' && x.commandName && x.error;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2RrLWxvZ2dlci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbInNkay1sb2dnZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBbUdBLHdEQVFDO0FBM0dELCtCQUF1QztBQUV2QyxxQ0FBb0Q7QUFFcEQsMkNBQW1DO0FBRW5DLE1BQWEsY0FBYztJQUNSLFFBQVEsQ0FBVztJQUVwQyxZQUFtQixRQUFrQjtRQUNuQyxJQUFJLENBQUMsUUFBUSxHQUFHLFFBQVEsQ0FBQztJQUMzQixDQUFDO0lBRU8sTUFBTSxDQUFDLEtBQWdDLEVBQUUsR0FBRyxPQUFjO1FBQ2hFLEtBQUssSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsWUFBRSxDQUFDLGFBQWEsQ0FBQyxHQUFHLENBQUMsSUFBQSxhQUFNLEVBQUMsYUFBYSxFQUFFLEtBQUssRUFBRSxzQkFBc0IsQ0FBQyxPQUFPLENBQUMsQ0FBQyxFQUFFO1lBQzVHLFFBQVEsRUFBRSxLQUFLO1lBQ2YsT0FBTztTQUNSLENBQUMsQ0FBQyxDQUFDO0lBQ04sQ0FBQztJQUVNLEtBQUssQ0FBQyxHQUFHLFFBQWU7UUFDN0IsdUNBQXVDO1FBQ3ZDLG9DQUFvQztJQUN0QyxDQUFDO0lBRU0sS0FBSyxDQUFDLEdBQUcsUUFBZTtRQUM3Qix1Q0FBdUM7UUFDdkMsb0NBQW9DO0lBQ3RDLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7T0EwQkc7SUFDSSxJQUFJLENBQUMsR0FBRyxPQUFjO1FBQzNCLElBQUksQ0FBQyxNQUFNLENBQUMsTUFBTSxFQUFFLEdBQUcsT0FBTyxDQUFDLENBQUM7SUFDbEMsQ0FBQztJQUVNLElBQUksQ0FBQyxHQUFHLE9BQWM7UUFDM0IsSUFBSSxDQUFDLE1BQU0sQ0FBQyxNQUFNLEVBQUUsR0FBRyxPQUFPLENBQUMsQ0FBQztJQUNsQyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O09Bb0JHO0lBQ0ksS0FBSyxDQUFDLEdBQUcsT0FBYztRQUM1QixJQUFJLENBQUMsTUFBTSxDQUFDLE9BQU8sRUFBRSxHQUFHLE9BQU8sQ0FBQyxDQUFDO0lBQ25DLENBQUM7Q0FDRjtBQW5GRCx3Q0FtRkM7QUFFRDs7Ozs7OztHQU9HO0FBQ0gsU0FBZ0Isc0JBQXNCLENBQUMsT0FBYztJQUNuRCxJQUFJLE9BQU8sQ0FBQyxNQUFNLEtBQUssQ0FBQyxFQUFFLENBQUM7UUFDekIsTUFBTSxNQUFNLEdBQUcsYUFBYSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQ3pDLElBQUksTUFBTSxFQUFFLENBQUM7WUFDWCxPQUFPLE1BQU0sQ0FBQztRQUNoQixDQUFDO0lBQ0gsQ0FBQztJQUNELE9BQU8sT0FBTyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsT0FBTyxDQUFDLEtBQUssUUFBUSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLElBQUEsY0FBTyxFQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxDQUFDO0FBQzdFLENBQUM7QUFFRCxTQUFTLGFBQWEsQ0FBQyxPQUFZO0lBQ2pDLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7UUFDakUsT0FBTyxTQUFTLENBQUM7SUFDbkIsQ0FBQztJQUVELE1BQU0sT0FBTyxHQUFHLE9BQU8sQ0FBQyxVQUFVLENBQUMsT0FBTyxDQUFDLFNBQVMsRUFBRSxFQUFFLENBQUMsQ0FBQztJQUMxRCxNQUFNLEdBQUcsR0FBRyxPQUFPLENBQUMsV0FBVyxDQUFDLE9BQU8sQ0FBQyxVQUFVLEVBQUUsRUFBRSxDQUFDLENBQUM7SUFFeEQsTUFBTSxLQUFLLEdBQUcsRUFBRSxDQUFDO0lBQ2pCLElBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxFQUFFLFFBQVEsSUFBSSxDQUFDLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQztRQUMxQyxLQUFLLENBQUMsSUFBSSxDQUFDLElBQUksT0FBTyxDQUFDLFFBQVEsRUFBRSxRQUFRLGNBQWMsT0FBTyxDQUFDLFFBQVEsRUFBRSxlQUFlLFdBQVcsQ0FBQyxDQUFDO0lBQ3ZHLENBQUM7SUFFRCxLQUFLLENBQUMsSUFBSSxDQUFDLEdBQUcsT0FBTyxJQUFJLEdBQUcsSUFBSSxJQUFJLENBQUMsU0FBUyxDQUFDLE9BQU8sQ0FBQyxLQUFLLEVBQUUsNkJBQXNCLENBQUMsR0FBRyxDQUFDLENBQUM7SUFFMUYsSUFBSSxtQkFBbUIsQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1FBQ2pDLEtBQUssQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUM7SUFDdEIsQ0FBQztTQUFNLENBQUM7UUFDTixLQUFLLENBQUMsSUFBSSxDQUFDLE1BQU0sT0FBTyxDQUFDLEtBQUssRUFBRSxDQUFDLENBQUM7SUFDcEMsQ0FBQztJQUVELE9BQU8sS0FBSyxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQztBQUN6QixDQUFDO0FBbUJELFNBQVMsbUJBQW1CLENBQUMsQ0FBTTtJQUNqQyxPQUFPLENBQUMsSUFBSSxPQUFPLENBQUMsS0FBSyxRQUFRLElBQUksQ0FBQyxDQUFDLFdBQVcsSUFBSSxDQUFDLENBQUMsTUFBTSxDQUFDO0FBQ2pFLENBQUM7QUFFRCxTQUFTLGlCQUFpQixDQUFDLENBQU07SUFDL0IsT0FBTyxDQUFDLElBQUksT0FBTyxDQUFDLEtBQUssUUFBUSxJQUFJLENBQUMsQ0FBQyxXQUFXLElBQUksQ0FBQyxDQUFDLEtBQUssQ0FBQztBQUNoRSxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgaW5zcGVjdCwgZm9ybWF0IH0gZnJvbSAndXRpbCc7XG5pbXBvcnQgdHlwZSB7IExvZ2dlciB9IGZyb20gJ0BzbWl0aHkvdHlwZXMnO1xuaW1wb3J0IHsgcmVwbGFjZXJCdWZmZXJXaXRoSW5mbyB9IGZyb20gJy4uLy4uL3V0aWwnO1xuaW1wb3J0IHR5cGUgeyBJb0hlbHBlciB9IGZyb20gJy4uL2lvL3ByaXZhdGUnO1xuaW1wb3J0IHsgSU8gfSBmcm9tICcuLi9pby9wcml2YXRlJztcblxuZXhwb3J0IGNsYXNzIFNka1RvQ2xpTG9nZ2VyIGltcGxlbWVudHMgTG9nZ2VyIHtcbiAgcHJpdmF0ZSByZWFkb25seSBpb0hlbHBlcjogSW9IZWxwZXI7XG5cbiAgcHVibGljIGNvbnN0cnVjdG9yKGlvSGVscGVyOiBJb0hlbHBlcikge1xuICAgIHRoaXMuaW9IZWxwZXIgPSBpb0hlbHBlcjtcbiAgfVxuXG4gIHByaXZhdGUgbm90aWZ5KGxldmVsOiAnaW5mbycgfCAnd2FybicgfCAnZXJyb3InLCAuLi5jb250ZW50OiBhbnlbXSkge1xuICAgIHZvaWQgdGhpcy5pb0hlbHBlci5ub3RpZnkoSU8uQ0RLX1NES19JMDEwMC5tc2coZm9ybWF0KCdbU0RLICVzXSAlcycsIGxldmVsLCBmb3JtYXRTZGtMb2dnZXJDb250ZW50KGNvbnRlbnQpKSwge1xuICAgICAgc2RrTGV2ZWw6IGxldmVsLFxuICAgICAgY29udGVudCxcbiAgICB9KSk7XG4gIH1cblxuICBwdWJsaWMgdHJhY2UoLi4uX2NvbnRlbnQ6IGFueVtdKSB7XG4gICAgLy8gVGhpcyBpcyB0b28gbXVjaCBkZXRhaWwgZm9yIG91ciBsb2dzXG4gICAgLy8gdGhpcy5ub3RpZnkoJ3RyYWNlJywgLi4uY29udGVudCk7XG4gIH1cblxuICBwdWJsaWMgZGVidWcoLi4uX2NvbnRlbnQ6IGFueVtdKSB7XG4gICAgLy8gVGhpcyBpcyB0b28gbXVjaCBkZXRhaWwgZm9yIG91ciBsb2dzXG4gICAgLy8gdGhpcy5ub3RpZnkoJ2RlYnVnJywgLi4uY29udGVudCk7XG4gIH1cblxuICAvKipcbiAgICogSW5mbyBpcyBjYWxsZWQgbW9zdGx5IChleGNsdXNpdmVseT8pIGZvciBzdWNjZXNzZnVsIEFQSSBjYWxsc1xuICAgKlxuICAgKiBQYXlsb2FkOlxuICAgKlxuICAgKiAoTm90ZSB0aGUgaW5wdXQgY29udGFpbnMgZW50aXJlIENGTiB0ZW1wbGF0ZXMsIGZvciBleGFtcGxlKVxuICAgKlxuICAgKiBgYGBcbiAgICoge1xuICAgKiAgIGNsaWVudE5hbWU6ICdTM0NsaWVudCcsXG4gICAqICAgY29tbWFuZE5hbWU6ICdHZXRCdWNrZXRMb2NhdGlvbkNvbW1hbmQnLFxuICAgKiAgIGlucHV0OiB7XG4gICAqICAgICBCdWNrZXQ6ICcuLi4uLicsXG4gICAqICAgICBFeHBlY3RlZEJ1Y2tldE93bmVyOiB1bmRlZmluZWRcbiAgICogICB9LFxuICAgKiAgIG91dHB1dDogeyBMb2NhdGlvbkNvbnN0cmFpbnQ6ICdldS1jZW50cmFsLTEnIH0sXG4gICAqICAgbWV0YWRhdGE6IHtcbiAgICogICAgIGh0dHBTdGF0dXNDb2RlOiAyMDAsXG4gICAqICAgICByZXF1ZXN0SWQ6ICcuLi4uJyxcbiAgICogICAgIGV4dGVuZGVkUmVxdWVzdElkOiAnLi4uJyxcbiAgICogICAgIGNmSWQ6IHVuZGVmaW5lZCxcbiAgICogICAgIGF0dGVtcHRzOiAxLFxuICAgKiAgICAgdG90YWxSZXRyeURlbGF5OiAwXG4gICAqICAgfVxuICAgKiB9XG4gICAqIGBgYFxuICAgKi9cbiAgcHVibGljIGluZm8oLi4uY29udGVudDogYW55W10pIHtcbiAgICB0aGlzLm5vdGlmeSgnaW5mbycsIC4uLmNvbnRlbnQpO1xuICB9XG5cbiAgcHVibGljIHdhcm4oLi4uY29udGVudDogYW55W10pIHtcbiAgICB0aGlzLm5vdGlmeSgnd2FybicsIC4uLmNvbnRlbnQpO1xuICB9XG5cbiAgLyoqXG4gICAqIEVycm9yIGlzIGNhbGxlZCBtb3N0bHkgKGV4Y2x1c2l2ZWx5PykgZm9yIGZhaWxpbmcgQVBJIGNhbGxzXG4gICAqXG4gICAqIFBheWxvYWQgKGlucHV0IHdvdWxkIGJlIHRoZSBlbnRpcmUgQVBJIGNhbGwgYXJndW1lbnRzKS5cbiAgICpcbiAgICogYGBgXG4gICAqIHtcbiAgICogICBjbGllbnROYW1lOiAnU1RTQ2xpZW50JyxcbiAgICogICBjb21tYW5kTmFtZTogJ0dldENhbGxlcklkZW50aXR5Q29tbWFuZCcsXG4gICAqICAgaW5wdXQ6IHt9LFxuICAgKiAgIGVycm9yOiBBZ2dyZWdhdGVFcnJvciBbRUNPTk5SRUZVU0VEXTpcbiAgICogICAgICAgYXQgaW50ZXJuYWxDb25uZWN0TXVsdGlwbGUgKG5vZGU6bmV0OjExMjE6MTgpXG4gICAqICAgICAgIGF0IGFmdGVyQ29ubmVjdE11bHRpcGxlIChub2RlOm5ldDoxNjg4OjcpIHtcbiAgICogICAgIGNvZGU6ICdFQ09OTlJFRlVTRUQnLFxuICAgKiAgICAgJyRtZXRhZGF0YSc6IHsgYXR0ZW1wdHM6IDMsIHRvdGFsUmV0cnlEZWxheTogNjAwIH0sXG4gICAqICAgICBbZXJyb3JzXTogWyBbRXJyb3JdLCBbRXJyb3JdIF1cbiAgICogICB9LFxuICAgKiAgIG1ldGFkYXRhOiB7IGF0dGVtcHRzOiAzLCB0b3RhbFJldHJ5RGVsYXk6IDYwMCB9XG4gICAqIH1cbiAgICogYGBgXG4gICAqL1xuICBwdWJsaWMgZXJyb3IoLi4uY29udGVudDogYW55W10pIHtcbiAgICB0aGlzLm5vdGlmeSgnZXJyb3InLCAuLi5jb250ZW50KTtcbiAgfVxufVxuXG4vKipcbiAqIFRoaXMgY2FuIGJlIGFueXRoaW5nLlxuICpcbiAqIEZvciBkZWJ1ZywgaXQgc2VlbXMgdG8gYmUgbW9zdGx5IHN0cmluZ3MuXG4gKiBGb3IgaW5mbywgaXQgc2VlbXMgdG8gYmUgb2JqZWN0cy5cbiAqXG4gKiBTdHJpbmdpZnkgYW5kIGpvaW4gd2l0aG91dCBzZXBhcmF0b3IuXG4gKi9cbmV4cG9ydCBmdW5jdGlvbiBmb3JtYXRTZGtMb2dnZXJDb250ZW50KGNvbnRlbnQ6IGFueVtdKSB7XG4gIGlmIChjb250ZW50Lmxlbmd0aCA9PT0gMSkge1xuICAgIGNvbnN0IGFwaUZtdCA9IGZvcm1hdEFwaUNhbGwoY29udGVudFswXSk7XG4gICAgaWYgKGFwaUZtdCkge1xuICAgICAgcmV0dXJuIGFwaUZtdDtcbiAgICB9XG4gIH1cbiAgcmV0dXJuIGNvbnRlbnQubWFwKCh4KSA9PiB0eXBlb2YgeCA9PT0gJ3N0cmluZycgPyB4IDogaW5zcGVjdCh4KSkuam9pbignJyk7XG59XG5cbmZ1bmN0aW9uIGZvcm1hdEFwaUNhbGwoY29udGVudDogYW55KTogc3RyaW5nIHwgdW5kZWZpbmVkIHtcbiAgaWYgKCFpc1Nka0FwaUNhbGxTdWNjZXNzKGNvbnRlbnQpICYmICFpc1Nka0FwaUNhbGxFcnJvcihjb250ZW50KSkge1xuICAgIHJldHVybiB1bmRlZmluZWQ7XG4gIH1cblxuICBjb25zdCBzZXJ2aWNlID0gY29udGVudC5jbGllbnROYW1lLnJlcGxhY2UoL0NsaWVudCQvLCAnJyk7XG4gIGNvbnN0IGFwaSA9IGNvbnRlbnQuY29tbWFuZE5hbWUucmVwbGFjZSgvQ29tbWFuZCQvLCAnJyk7XG5cbiAgY29uc3QgcGFydHMgPSBbXTtcbiAgaWYgKChjb250ZW50Lm1ldGFkYXRhPy5hdHRlbXB0cyA/PyAwKSA+IDEpIHtcbiAgICBwYXJ0cy5wdXNoKGBbJHtjb250ZW50Lm1ldGFkYXRhPy5hdHRlbXB0c30gYXR0ZW1wdHMsICR7Y29udGVudC5tZXRhZGF0YT8udG90YWxSZXRyeURlbGF5fW1zIHJldHJ5XWApO1xuICB9XG5cbiAgcGFydHMucHVzaChgJHtzZXJ2aWNlfS4ke2FwaX0oJHtKU09OLnN0cmluZ2lmeShjb250ZW50LmlucHV0LCByZXBsYWNlckJ1ZmZlcldpdGhJbmZvKX0pYCk7XG5cbiAgaWYgKGlzU2RrQXBpQ2FsbFN1Y2Nlc3MoY29udGVudCkpIHtcbiAgICBwYXJ0cy5wdXNoKCctPiBPSycpO1xuICB9IGVsc2Uge1xuICAgIHBhcnRzLnB1c2goYC0+ICR7Y29udGVudC5lcnJvcn1gKTtcbiAgfVxuXG4gIHJldHVybiBwYXJ0cy5qb2luKCcgJyk7XG59XG5cbmludGVyZmFjZSBTZGtBcGlDYWxsQmFzZSB7XG4gIGNsaWVudE5hbWU6IHN0cmluZztcbiAgY29tbWFuZE5hbWU6IHN0cmluZztcbiAgaW5wdXQ6IFJlY29yZDxzdHJpbmcsIHVua25vd24+O1xuICBtZXRhZGF0YT86IHtcbiAgICBodHRwU3RhdHVzQ29kZT86IG51bWJlcjtcbiAgICByZXF1ZXN0SWQ/OiBzdHJpbmc7XG4gICAgZXh0ZW5kZWRSZXF1ZXN0SWQ/OiBzdHJpbmc7XG4gICAgY2ZJZD86IHN0cmluZztcbiAgICBhdHRlbXB0cz86IG51bWJlcjtcbiAgICB0b3RhbFJldHJ5RGVsYXk/OiBudW1iZXI7XG4gIH07XG59XG5cbnR5cGUgU2RrQXBpQ2FsbFN1Y2Nlc3MgPSBTZGtBcGlDYWxsQmFzZSAmIHsgb3V0cHV0OiBSZWNvcmQ8c3RyaW5nLCB1bmtub3duPiB9O1xudHlwZSBTZGtBcGlDYWxsRXJyb3IgPSBTZGtBcGlDYWxsQmFzZSAmIHsgZXJyb3I6IEVycm9yIH07XG5cbmZ1bmN0aW9uIGlzU2RrQXBpQ2FsbFN1Y2Nlc3MoeDogYW55KTogeCBpcyBTZGtBcGlDYWxsU3VjY2VzcyB7XG4gIHJldHVybiB4ICYmIHR5cGVvZiB4ID09PSAnb2JqZWN0JyAmJiB4LmNvbW1hbmROYW1lICYmIHgub3V0cHV0O1xufVxuXG5mdW5jdGlvbiBpc1Nka0FwaUNhbGxFcnJvcih4OiBhbnkpOiB4IGlzIFNka0FwaUNhbGxFcnJvciB7XG4gIHJldHVybiB4ICYmIHR5cGVvZiB4ID09PSAnb2JqZWN0JyAmJiB4LmNvbW1hbmROYW1lICYmIHguZXJyb3I7XG59XG4iXX0=