@aws-sdk/credential-provider-ini 3.32.0 → 3.36.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +38 -0
- package/dist-cjs/index.js +105 -0
- package/dist-es/index.js +141 -0
- package/{dist/types → dist-types}/index.d.ts +0 -0
- package/{dist/types → dist-types}/ts3.4/index.d.ts +0 -0
- package/package.json +20 -16
- package/dist/cjs/index.js +0 -131
- package/dist/es/index.js +0 -165
- package/src/index.ts +0 -266
- package/tsconfig.cjs.json +0 -10
- package/tsconfig.es.json +0 -11
package/CHANGELOG.md
CHANGED
|
@@ -3,6 +3,44 @@
|
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
|
4
4
|
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
|
|
5
5
|
|
|
6
|
+
# [3.36.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.35.0...v3.36.0) (2021-10-08)
|
|
7
|
+
|
|
8
|
+
|
|
9
|
+
### Features
|
|
10
|
+
|
|
11
|
+
* publish files in dist-* only ([#2873](https://github.com/aws/aws-sdk-js-v3/issues/2873)) ([53b4243](https://github.com/aws/aws-sdk-js-v3/commit/53b4243b066f25ff2412d5f0dea1036054b2df32))
|
|
12
|
+
|
|
13
|
+
|
|
14
|
+
|
|
15
|
+
|
|
16
|
+
|
|
17
|
+
# [3.35.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.34.0...v3.35.0) (2021-10-04)
|
|
18
|
+
|
|
19
|
+
**Note:** Version bump only for package @aws-sdk/credential-provider-ini
|
|
20
|
+
|
|
21
|
+
|
|
22
|
+
|
|
23
|
+
|
|
24
|
+
|
|
25
|
+
# [3.34.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.33.0...v3.34.0) (2021-09-24)
|
|
26
|
+
|
|
27
|
+
|
|
28
|
+
### Features
|
|
29
|
+
|
|
30
|
+
* **non-clients:** remove comments from transpiled JS files ([#2813](https://github.com/aws/aws-sdk-js-v3/issues/2813)) ([e6fc7f3](https://github.com/aws/aws-sdk-js-v3/commit/e6fc7f3e0fa74785590ac19e7ed143c916bb9b6e))
|
|
31
|
+
|
|
32
|
+
|
|
33
|
+
|
|
34
|
+
|
|
35
|
+
|
|
36
|
+
# [3.33.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.32.0...v3.33.0) (2021-09-21)
|
|
37
|
+
|
|
38
|
+
**Note:** Version bump only for package @aws-sdk/credential-provider-ini
|
|
39
|
+
|
|
40
|
+
|
|
41
|
+
|
|
42
|
+
|
|
43
|
+
|
|
6
44
|
# [3.32.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.31.0...v3.32.0) (2021-09-17)
|
|
7
45
|
|
|
8
46
|
**Note:** Version bump only for package @aws-sdk/credential-provider-ini
|
|
@@ -0,0 +1,105 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.fromIni = void 0;
|
|
4
|
+
const credential_provider_env_1 = require("@aws-sdk/credential-provider-env");
|
|
5
|
+
const credential_provider_imds_1 = require("@aws-sdk/credential-provider-imds");
|
|
6
|
+
const credential_provider_sso_1 = require("@aws-sdk/credential-provider-sso");
|
|
7
|
+
const credential_provider_web_identity_1 = require("@aws-sdk/credential-provider-web-identity");
|
|
8
|
+
const property_provider_1 = require("@aws-sdk/property-provider");
|
|
9
|
+
const util_credentials_1 = require("@aws-sdk/util-credentials");
|
|
10
|
+
const isStaticCredsProfile = (arg) => Boolean(arg) &&
|
|
11
|
+
typeof arg === "object" &&
|
|
12
|
+
typeof arg.aws_access_key_id === "string" &&
|
|
13
|
+
typeof arg.aws_secret_access_key === "string" &&
|
|
14
|
+
["undefined", "string"].indexOf(typeof arg.aws_session_token) > -1;
|
|
15
|
+
const isWebIdentityProfile = (arg) => Boolean(arg) &&
|
|
16
|
+
typeof arg === "object" &&
|
|
17
|
+
typeof arg.web_identity_token_file === "string" &&
|
|
18
|
+
typeof arg.role_arn === "string" &&
|
|
19
|
+
["undefined", "string"].indexOf(typeof arg.role_session_name) > -1;
|
|
20
|
+
const isAssumeRoleProfile = (arg) => Boolean(arg) &&
|
|
21
|
+
typeof arg === "object" &&
|
|
22
|
+
typeof arg.role_arn === "string" &&
|
|
23
|
+
["undefined", "string"].indexOf(typeof arg.role_session_name) > -1 &&
|
|
24
|
+
["undefined", "string"].indexOf(typeof arg.external_id) > -1 &&
|
|
25
|
+
["undefined", "string"].indexOf(typeof arg.mfa_serial) > -1;
|
|
26
|
+
const isAssumeRoleWithSourceProfile = (arg) => isAssumeRoleProfile(arg) && typeof arg.source_profile === "string" && typeof arg.credential_source === "undefined";
|
|
27
|
+
const isAssumeRoleWithProviderProfile = (arg) => isAssumeRoleProfile(arg) && typeof arg.credential_source === "string" && typeof arg.source_profile === "undefined";
|
|
28
|
+
const fromIni = (init = {}) => async () => {
|
|
29
|
+
const profiles = await util_credentials_1.parseKnownFiles(init);
|
|
30
|
+
return resolveProfileData(util_credentials_1.getMasterProfileName(init), profiles, init);
|
|
31
|
+
};
|
|
32
|
+
exports.fromIni = fromIni;
|
|
33
|
+
const resolveProfileData = async (profileName, profiles, options, visitedProfiles = {}) => {
|
|
34
|
+
const data = profiles[profileName];
|
|
35
|
+
if (Object.keys(visitedProfiles).length > 0 && isStaticCredsProfile(data)) {
|
|
36
|
+
return resolveStaticCredentials(data);
|
|
37
|
+
}
|
|
38
|
+
if (isAssumeRoleWithSourceProfile(data) || isAssumeRoleWithProviderProfile(data)) {
|
|
39
|
+
const { external_id: ExternalId, mfa_serial, role_arn: RoleArn, role_session_name: RoleSessionName = "aws-sdk-js-" + Date.now(), source_profile, credential_source, } = data;
|
|
40
|
+
if (!options.roleAssumer) {
|
|
41
|
+
throw new property_provider_1.CredentialsProviderError(`Profile ${profileName} requires a role to be assumed, but no` + ` role assumption callback was provided.`, false);
|
|
42
|
+
}
|
|
43
|
+
if (source_profile && source_profile in visitedProfiles) {
|
|
44
|
+
throw new property_provider_1.CredentialsProviderError(`Detected a cycle attempting to resolve credentials for profile` +
|
|
45
|
+
` ${util_credentials_1.getMasterProfileName(options)}. Profiles visited: ` +
|
|
46
|
+
Object.keys(visitedProfiles).join(", "), false);
|
|
47
|
+
}
|
|
48
|
+
const sourceCreds = source_profile
|
|
49
|
+
? resolveProfileData(source_profile, profiles, options, {
|
|
50
|
+
...visitedProfiles,
|
|
51
|
+
[source_profile]: true,
|
|
52
|
+
})
|
|
53
|
+
: resolveCredentialSource(credential_source, profileName)();
|
|
54
|
+
const params = { RoleArn, RoleSessionName, ExternalId };
|
|
55
|
+
if (mfa_serial) {
|
|
56
|
+
if (!options.mfaCodeProvider) {
|
|
57
|
+
throw new property_provider_1.CredentialsProviderError(`Profile ${profileName} requires multi-factor authentication,` + ` but no MFA code callback was provided.`, false);
|
|
58
|
+
}
|
|
59
|
+
params.SerialNumber = mfa_serial;
|
|
60
|
+
params.TokenCode = await options.mfaCodeProvider(mfa_serial);
|
|
61
|
+
}
|
|
62
|
+
return options.roleAssumer(await sourceCreds, params);
|
|
63
|
+
}
|
|
64
|
+
if (isStaticCredsProfile(data)) {
|
|
65
|
+
return resolveStaticCredentials(data);
|
|
66
|
+
}
|
|
67
|
+
if (isWebIdentityProfile(data)) {
|
|
68
|
+
return resolveWebIdentityCredentials(data, options);
|
|
69
|
+
}
|
|
70
|
+
if (credential_provider_sso_1.isSsoProfile(data)) {
|
|
71
|
+
const { sso_start_url, sso_account_id, sso_region, sso_role_name } = credential_provider_sso_1.validateSsoProfile(data);
|
|
72
|
+
return credential_provider_sso_1.fromSSO({
|
|
73
|
+
ssoStartUrl: sso_start_url,
|
|
74
|
+
ssoAccountId: sso_account_id,
|
|
75
|
+
ssoRegion: sso_region,
|
|
76
|
+
ssoRoleName: sso_role_name,
|
|
77
|
+
})();
|
|
78
|
+
}
|
|
79
|
+
throw new property_provider_1.CredentialsProviderError(`Profile ${profileName} could not be found or parsed in shared` + ` credentials file.`);
|
|
80
|
+
};
|
|
81
|
+
const resolveCredentialSource = (credentialSource, profileName) => {
|
|
82
|
+
const sourceProvidersMap = {
|
|
83
|
+
EcsContainer: credential_provider_imds_1.fromContainerMetadata,
|
|
84
|
+
Ec2InstanceMetadata: credential_provider_imds_1.fromInstanceMetadata,
|
|
85
|
+
Environment: credential_provider_env_1.fromEnv,
|
|
86
|
+
};
|
|
87
|
+
if (credentialSource in sourceProvidersMap) {
|
|
88
|
+
return sourceProvidersMap[credentialSource]();
|
|
89
|
+
}
|
|
90
|
+
else {
|
|
91
|
+
throw new property_provider_1.CredentialsProviderError(`Unsupported credential source in profile ${profileName}. Got ${credentialSource}, ` +
|
|
92
|
+
`expected EcsContainer or Ec2InstanceMetadata or Environment.`);
|
|
93
|
+
}
|
|
94
|
+
};
|
|
95
|
+
const resolveStaticCredentials = (profile) => Promise.resolve({
|
|
96
|
+
accessKeyId: profile.aws_access_key_id,
|
|
97
|
+
secretAccessKey: profile.aws_secret_access_key,
|
|
98
|
+
sessionToken: profile.aws_session_token,
|
|
99
|
+
});
|
|
100
|
+
const resolveWebIdentityCredentials = async (profile, options) => credential_provider_web_identity_1.fromTokenFile({
|
|
101
|
+
webIdentityTokenFile: profile.web_identity_token_file,
|
|
102
|
+
roleArn: profile.role_arn,
|
|
103
|
+
roleSessionName: profile.role_session_name,
|
|
104
|
+
roleAssumerWithWebIdentity: options.roleAssumerWithWebIdentity,
|
|
105
|
+
})();
|
package/dist-es/index.js
ADDED
|
@@ -0,0 +1,141 @@
|
|
|
1
|
+
import { __assign, __awaiter, __generator } from "tslib";
|
|
2
|
+
import { fromEnv } from "@aws-sdk/credential-provider-env";
|
|
3
|
+
import { fromContainerMetadata, fromInstanceMetadata } from "@aws-sdk/credential-provider-imds";
|
|
4
|
+
import { fromSSO, isSsoProfile, validateSsoProfile } from "@aws-sdk/credential-provider-sso";
|
|
5
|
+
import { fromTokenFile } from "@aws-sdk/credential-provider-web-identity";
|
|
6
|
+
import { CredentialsProviderError } from "@aws-sdk/property-provider";
|
|
7
|
+
import { getMasterProfileName, parseKnownFiles } from "@aws-sdk/util-credentials";
|
|
8
|
+
var isStaticCredsProfile = function (arg) {
|
|
9
|
+
return Boolean(arg) &&
|
|
10
|
+
typeof arg === "object" &&
|
|
11
|
+
typeof arg.aws_access_key_id === "string" &&
|
|
12
|
+
typeof arg.aws_secret_access_key === "string" &&
|
|
13
|
+
["undefined", "string"].indexOf(typeof arg.aws_session_token) > -1;
|
|
14
|
+
};
|
|
15
|
+
var isWebIdentityProfile = function (arg) {
|
|
16
|
+
return Boolean(arg) &&
|
|
17
|
+
typeof arg === "object" &&
|
|
18
|
+
typeof arg.web_identity_token_file === "string" &&
|
|
19
|
+
typeof arg.role_arn === "string" &&
|
|
20
|
+
["undefined", "string"].indexOf(typeof arg.role_session_name) > -1;
|
|
21
|
+
};
|
|
22
|
+
var isAssumeRoleProfile = function (arg) {
|
|
23
|
+
return Boolean(arg) &&
|
|
24
|
+
typeof arg === "object" &&
|
|
25
|
+
typeof arg.role_arn === "string" &&
|
|
26
|
+
["undefined", "string"].indexOf(typeof arg.role_session_name) > -1 &&
|
|
27
|
+
["undefined", "string"].indexOf(typeof arg.external_id) > -1 &&
|
|
28
|
+
["undefined", "string"].indexOf(typeof arg.mfa_serial) > -1;
|
|
29
|
+
};
|
|
30
|
+
var isAssumeRoleWithSourceProfile = function (arg) {
|
|
31
|
+
return isAssumeRoleProfile(arg) && typeof arg.source_profile === "string" && typeof arg.credential_source === "undefined";
|
|
32
|
+
};
|
|
33
|
+
var isAssumeRoleWithProviderProfile = function (arg) {
|
|
34
|
+
return isAssumeRoleProfile(arg) && typeof arg.credential_source === "string" && typeof arg.source_profile === "undefined";
|
|
35
|
+
};
|
|
36
|
+
export var fromIni = function (init) {
|
|
37
|
+
if (init === void 0) { init = {}; }
|
|
38
|
+
return function () { return __awaiter(void 0, void 0, void 0, function () {
|
|
39
|
+
var profiles;
|
|
40
|
+
return __generator(this, function (_a) {
|
|
41
|
+
switch (_a.label) {
|
|
42
|
+
case 0: return [4, parseKnownFiles(init)];
|
|
43
|
+
case 1:
|
|
44
|
+
profiles = _a.sent();
|
|
45
|
+
return [2, resolveProfileData(getMasterProfileName(init), profiles, init)];
|
|
46
|
+
}
|
|
47
|
+
});
|
|
48
|
+
}); };
|
|
49
|
+
};
|
|
50
|
+
var resolveProfileData = function (profileName, profiles, options, visitedProfiles) {
|
|
51
|
+
if (visitedProfiles === void 0) { visitedProfiles = {}; }
|
|
52
|
+
return __awaiter(void 0, void 0, void 0, function () {
|
|
53
|
+
var data, ExternalId, mfa_serial, RoleArn, _a, RoleSessionName, source_profile, credential_source, sourceCreds, params, _b, _c, _d, _e, sso_start_url, sso_account_id, sso_region, sso_role_name;
|
|
54
|
+
var _f;
|
|
55
|
+
return __generator(this, function (_g) {
|
|
56
|
+
switch (_g.label) {
|
|
57
|
+
case 0:
|
|
58
|
+
data = profiles[profileName];
|
|
59
|
+
if (Object.keys(visitedProfiles).length > 0 && isStaticCredsProfile(data)) {
|
|
60
|
+
return [2, resolveStaticCredentials(data)];
|
|
61
|
+
}
|
|
62
|
+
if (!(isAssumeRoleWithSourceProfile(data) || isAssumeRoleWithProviderProfile(data))) return [3, 4];
|
|
63
|
+
ExternalId = data.external_id, mfa_serial = data.mfa_serial, RoleArn = data.role_arn, _a = data.role_session_name, RoleSessionName = _a === void 0 ? "aws-sdk-js-" + Date.now() : _a, source_profile = data.source_profile, credential_source = data.credential_source;
|
|
64
|
+
if (!options.roleAssumer) {
|
|
65
|
+
throw new CredentialsProviderError("Profile " + profileName + " requires a role to be assumed, but no" + " role assumption callback was provided.", false);
|
|
66
|
+
}
|
|
67
|
+
if (source_profile && source_profile in visitedProfiles) {
|
|
68
|
+
throw new CredentialsProviderError("Detected a cycle attempting to resolve credentials for profile" +
|
|
69
|
+
(" " + getMasterProfileName(options) + ". Profiles visited: ") +
|
|
70
|
+
Object.keys(visitedProfiles).join(", "), false);
|
|
71
|
+
}
|
|
72
|
+
sourceCreds = source_profile
|
|
73
|
+
? resolveProfileData(source_profile, profiles, options, __assign(__assign({}, visitedProfiles), (_f = {}, _f[source_profile] = true, _f)))
|
|
74
|
+
: resolveCredentialSource(credential_source, profileName)();
|
|
75
|
+
params = { RoleArn: RoleArn, RoleSessionName: RoleSessionName, ExternalId: ExternalId };
|
|
76
|
+
if (!mfa_serial) return [3, 2];
|
|
77
|
+
if (!options.mfaCodeProvider) {
|
|
78
|
+
throw new CredentialsProviderError("Profile " + profileName + " requires multi-factor authentication," + " but no MFA code callback was provided.", false);
|
|
79
|
+
}
|
|
80
|
+
params.SerialNumber = mfa_serial;
|
|
81
|
+
_b = params;
|
|
82
|
+
return [4, options.mfaCodeProvider(mfa_serial)];
|
|
83
|
+
case 1:
|
|
84
|
+
_b.TokenCode = _g.sent();
|
|
85
|
+
_g.label = 2;
|
|
86
|
+
case 2:
|
|
87
|
+
_d = (_c = options).roleAssumer;
|
|
88
|
+
return [4, sourceCreds];
|
|
89
|
+
case 3: return [2, _d.apply(_c, [_g.sent(), params])];
|
|
90
|
+
case 4:
|
|
91
|
+
if (isStaticCredsProfile(data)) {
|
|
92
|
+
return [2, resolveStaticCredentials(data)];
|
|
93
|
+
}
|
|
94
|
+
if (isWebIdentityProfile(data)) {
|
|
95
|
+
return [2, resolveWebIdentityCredentials(data, options)];
|
|
96
|
+
}
|
|
97
|
+
if (isSsoProfile(data)) {
|
|
98
|
+
_e = validateSsoProfile(data), sso_start_url = _e.sso_start_url, sso_account_id = _e.sso_account_id, sso_region = _e.sso_region, sso_role_name = _e.sso_role_name;
|
|
99
|
+
return [2, fromSSO({
|
|
100
|
+
ssoStartUrl: sso_start_url,
|
|
101
|
+
ssoAccountId: sso_account_id,
|
|
102
|
+
ssoRegion: sso_region,
|
|
103
|
+
ssoRoleName: sso_role_name,
|
|
104
|
+
})()];
|
|
105
|
+
}
|
|
106
|
+
throw new CredentialsProviderError("Profile " + profileName + " could not be found or parsed in shared" + " credentials file.");
|
|
107
|
+
}
|
|
108
|
+
});
|
|
109
|
+
});
|
|
110
|
+
};
|
|
111
|
+
var resolveCredentialSource = function (credentialSource, profileName) {
|
|
112
|
+
var sourceProvidersMap = {
|
|
113
|
+
EcsContainer: fromContainerMetadata,
|
|
114
|
+
Ec2InstanceMetadata: fromInstanceMetadata,
|
|
115
|
+
Environment: fromEnv,
|
|
116
|
+
};
|
|
117
|
+
if (credentialSource in sourceProvidersMap) {
|
|
118
|
+
return sourceProvidersMap[credentialSource]();
|
|
119
|
+
}
|
|
120
|
+
else {
|
|
121
|
+
throw new CredentialsProviderError("Unsupported credential source in profile " + profileName + ". Got " + credentialSource + ", " +
|
|
122
|
+
"expected EcsContainer or Ec2InstanceMetadata or Environment.");
|
|
123
|
+
}
|
|
124
|
+
};
|
|
125
|
+
var resolveStaticCredentials = function (profile) {
|
|
126
|
+
return Promise.resolve({
|
|
127
|
+
accessKeyId: profile.aws_access_key_id,
|
|
128
|
+
secretAccessKey: profile.aws_secret_access_key,
|
|
129
|
+
sessionToken: profile.aws_session_token,
|
|
130
|
+
});
|
|
131
|
+
};
|
|
132
|
+
var resolveWebIdentityCredentials = function (profile, options) { return __awaiter(void 0, void 0, void 0, function () {
|
|
133
|
+
return __generator(this, function (_a) {
|
|
134
|
+
return [2, fromTokenFile({
|
|
135
|
+
webIdentityTokenFile: profile.web_identity_token_file,
|
|
136
|
+
roleArn: profile.role_arn,
|
|
137
|
+
roleSessionName: profile.role_session_name,
|
|
138
|
+
roleAssumerWithWebIdentity: options.roleAssumerWithWebIdentity,
|
|
139
|
+
})()];
|
|
140
|
+
});
|
|
141
|
+
}); };
|
|
File without changes
|
|
File without changes
|
package/package.json
CHANGED
|
@@ -1,14 +1,15 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@aws-sdk/credential-provider-ini",
|
|
3
|
-
"version": "3.
|
|
3
|
+
"version": "3.36.0",
|
|
4
4
|
"description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config",
|
|
5
|
-
"main": "./dist
|
|
6
|
-
"module": "./dist
|
|
5
|
+
"main": "./dist-cjs/index.js",
|
|
6
|
+
"module": "./dist-es/index.js",
|
|
7
7
|
"scripts": {
|
|
8
|
+
"build": "yarn build:cjs && yarn build:es && yarn build:types",
|
|
8
9
|
"build:cjs": "tsc -p tsconfig.cjs.json",
|
|
9
10
|
"build:es": "tsc -p tsconfig.es.json",
|
|
10
|
-
"build": "
|
|
11
|
-
"downlevel-dts": "downlevel-dts dist
|
|
11
|
+
"build:types": "tsc -p tsconfig.types.json",
|
|
12
|
+
"downlevel-dts": "downlevel-dts dist-types dist-types/ts3.4",
|
|
12
13
|
"test": "jest"
|
|
13
14
|
},
|
|
14
15
|
"keywords": [
|
|
@@ -21,14 +22,14 @@
|
|
|
21
22
|
},
|
|
22
23
|
"license": "Apache-2.0",
|
|
23
24
|
"dependencies": {
|
|
24
|
-
"@aws-sdk/credential-provider-env": "3.
|
|
25
|
-
"@aws-sdk/credential-provider-imds": "3.
|
|
26
|
-
"@aws-sdk/credential-provider-sso": "3.
|
|
27
|
-
"@aws-sdk/credential-provider-web-identity": "3.
|
|
28
|
-
"@aws-sdk/property-provider": "3.
|
|
29
|
-
"@aws-sdk/shared-ini-file-loader": "3.
|
|
30
|
-
"@aws-sdk/types": "3.
|
|
31
|
-
"@aws-sdk/util-credentials": "3.
|
|
25
|
+
"@aws-sdk/credential-provider-env": "3.36.0",
|
|
26
|
+
"@aws-sdk/credential-provider-imds": "3.36.0",
|
|
27
|
+
"@aws-sdk/credential-provider-sso": "3.36.0",
|
|
28
|
+
"@aws-sdk/credential-provider-web-identity": "3.36.0",
|
|
29
|
+
"@aws-sdk/property-provider": "3.36.0",
|
|
30
|
+
"@aws-sdk/shared-ini-file-loader": "3.36.0",
|
|
31
|
+
"@aws-sdk/types": "3.36.0",
|
|
32
|
+
"@aws-sdk/util-credentials": "3.36.0",
|
|
32
33
|
"tslib": "^2.3.0"
|
|
33
34
|
},
|
|
34
35
|
"devDependencies": {
|
|
@@ -37,17 +38,20 @@
|
|
|
37
38
|
"jest": "^26.1.0",
|
|
38
39
|
"typescript": "~4.3.5"
|
|
39
40
|
},
|
|
40
|
-
"types": "./dist
|
|
41
|
+
"types": "./dist-types/index.d.ts",
|
|
41
42
|
"engines": {
|
|
42
43
|
"node": ">= 10.0.0"
|
|
43
44
|
},
|
|
44
45
|
"typesVersions": {
|
|
45
46
|
"<4.0": {
|
|
46
|
-
"dist
|
|
47
|
-
"dist
|
|
47
|
+
"dist-types/*": [
|
|
48
|
+
"dist-types/ts3.4/*"
|
|
48
49
|
]
|
|
49
50
|
}
|
|
50
51
|
},
|
|
52
|
+
"files": [
|
|
53
|
+
"dist-*"
|
|
54
|
+
],
|
|
51
55
|
"homepage": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini",
|
|
52
56
|
"repository": {
|
|
53
57
|
"type": "git",
|
package/dist/cjs/index.js
DELETED
|
@@ -1,131 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.fromIni = void 0;
|
|
4
|
-
const credential_provider_env_1 = require("@aws-sdk/credential-provider-env");
|
|
5
|
-
const credential_provider_imds_1 = require("@aws-sdk/credential-provider-imds");
|
|
6
|
-
const credential_provider_sso_1 = require("@aws-sdk/credential-provider-sso");
|
|
7
|
-
const credential_provider_web_identity_1 = require("@aws-sdk/credential-provider-web-identity");
|
|
8
|
-
const property_provider_1 = require("@aws-sdk/property-provider");
|
|
9
|
-
const util_credentials_1 = require("@aws-sdk/util-credentials");
|
|
10
|
-
const isStaticCredsProfile = (arg) => Boolean(arg) &&
|
|
11
|
-
typeof arg === "object" &&
|
|
12
|
-
typeof arg.aws_access_key_id === "string" &&
|
|
13
|
-
typeof arg.aws_secret_access_key === "string" &&
|
|
14
|
-
["undefined", "string"].indexOf(typeof arg.aws_session_token) > -1;
|
|
15
|
-
const isWebIdentityProfile = (arg) => Boolean(arg) &&
|
|
16
|
-
typeof arg === "object" &&
|
|
17
|
-
typeof arg.web_identity_token_file === "string" &&
|
|
18
|
-
typeof arg.role_arn === "string" &&
|
|
19
|
-
["undefined", "string"].indexOf(typeof arg.role_session_name) > -1;
|
|
20
|
-
const isAssumeRoleProfile = (arg) => Boolean(arg) &&
|
|
21
|
-
typeof arg === "object" &&
|
|
22
|
-
typeof arg.role_arn === "string" &&
|
|
23
|
-
["undefined", "string"].indexOf(typeof arg.role_session_name) > -1 &&
|
|
24
|
-
["undefined", "string"].indexOf(typeof arg.external_id) > -1 &&
|
|
25
|
-
["undefined", "string"].indexOf(typeof arg.mfa_serial) > -1;
|
|
26
|
-
const isAssumeRoleWithSourceProfile = (arg) => isAssumeRoleProfile(arg) && typeof arg.source_profile === "string" && typeof arg.credential_source === "undefined";
|
|
27
|
-
const isAssumeRoleWithProviderProfile = (arg) => isAssumeRoleProfile(arg) && typeof arg.credential_source === "string" && typeof arg.source_profile === "undefined";
|
|
28
|
-
/**
|
|
29
|
-
* Creates a credential provider that will read from ini files and supports
|
|
30
|
-
* role assumption and multi-factor authentication.
|
|
31
|
-
*/
|
|
32
|
-
const fromIni = (init = {}) => async () => {
|
|
33
|
-
const profiles = await util_credentials_1.parseKnownFiles(init);
|
|
34
|
-
return resolveProfileData(util_credentials_1.getMasterProfileName(init), profiles, init);
|
|
35
|
-
};
|
|
36
|
-
exports.fromIni = fromIni;
|
|
37
|
-
const resolveProfileData = async (profileName, profiles, options, visitedProfiles = {}) => {
|
|
38
|
-
const data = profiles[profileName];
|
|
39
|
-
// If this is not the first profile visited, static credentials should be
|
|
40
|
-
// preferred over role assumption metadata. This special treatment of
|
|
41
|
-
// second and subsequent hops is to ensure compatibility with the AWS CLI.
|
|
42
|
-
if (Object.keys(visitedProfiles).length > 0 && isStaticCredsProfile(data)) {
|
|
43
|
-
return resolveStaticCredentials(data);
|
|
44
|
-
}
|
|
45
|
-
// If this is the first profile visited, role assumption keys should be
|
|
46
|
-
// given precedence over static credentials.
|
|
47
|
-
if (isAssumeRoleWithSourceProfile(data) || isAssumeRoleWithProviderProfile(data)) {
|
|
48
|
-
const { external_id: ExternalId, mfa_serial, role_arn: RoleArn, role_session_name: RoleSessionName = "aws-sdk-js-" + Date.now(), source_profile, credential_source, } = data;
|
|
49
|
-
if (!options.roleAssumer) {
|
|
50
|
-
throw new property_provider_1.CredentialsProviderError(`Profile ${profileName} requires a role to be assumed, but no` + ` role assumption callback was provided.`, false);
|
|
51
|
-
}
|
|
52
|
-
if (source_profile && source_profile in visitedProfiles) {
|
|
53
|
-
throw new property_provider_1.CredentialsProviderError(`Detected a cycle attempting to resolve credentials for profile` +
|
|
54
|
-
` ${util_credentials_1.getMasterProfileName(options)}. Profiles visited: ` +
|
|
55
|
-
Object.keys(visitedProfiles).join(", "), false);
|
|
56
|
-
}
|
|
57
|
-
const sourceCreds = source_profile
|
|
58
|
-
? resolveProfileData(source_profile, profiles, options, {
|
|
59
|
-
...visitedProfiles,
|
|
60
|
-
[source_profile]: true,
|
|
61
|
-
})
|
|
62
|
-
: resolveCredentialSource(credential_source, profileName)();
|
|
63
|
-
const params = { RoleArn, RoleSessionName, ExternalId };
|
|
64
|
-
if (mfa_serial) {
|
|
65
|
-
if (!options.mfaCodeProvider) {
|
|
66
|
-
throw new property_provider_1.CredentialsProviderError(`Profile ${profileName} requires multi-factor authentication,` + ` but no MFA code callback was provided.`, false);
|
|
67
|
-
}
|
|
68
|
-
params.SerialNumber = mfa_serial;
|
|
69
|
-
params.TokenCode = await options.mfaCodeProvider(mfa_serial);
|
|
70
|
-
}
|
|
71
|
-
return options.roleAssumer(await sourceCreds, params);
|
|
72
|
-
}
|
|
73
|
-
// If no role assumption metadata is present, attempt to load static
|
|
74
|
-
// credentials from the selected profile.
|
|
75
|
-
if (isStaticCredsProfile(data)) {
|
|
76
|
-
return resolveStaticCredentials(data);
|
|
77
|
-
}
|
|
78
|
-
// If no static credentials are present, attempt to assume role with
|
|
79
|
-
// web identity if web_identity_token_file and role_arn is available
|
|
80
|
-
if (isWebIdentityProfile(data)) {
|
|
81
|
-
return resolveWebIdentityCredentials(data, options);
|
|
82
|
-
}
|
|
83
|
-
if (credential_provider_sso_1.isSsoProfile(data)) {
|
|
84
|
-
const { sso_start_url, sso_account_id, sso_region, sso_role_name } = credential_provider_sso_1.validateSsoProfile(data);
|
|
85
|
-
return credential_provider_sso_1.fromSSO({
|
|
86
|
-
ssoStartUrl: sso_start_url,
|
|
87
|
-
ssoAccountId: sso_account_id,
|
|
88
|
-
ssoRegion: sso_region,
|
|
89
|
-
ssoRoleName: sso_role_name,
|
|
90
|
-
})();
|
|
91
|
-
}
|
|
92
|
-
// If the profile cannot be parsed or contains neither static credentials
|
|
93
|
-
// nor role assumption metadata, throw an error. This should be considered a
|
|
94
|
-
// terminal resolution error if a profile has been specified by the user
|
|
95
|
-
// (whether via a parameter, an environment variable, or another profile's
|
|
96
|
-
// `source_profile` key).
|
|
97
|
-
throw new property_provider_1.CredentialsProviderError(`Profile ${profileName} could not be found or parsed in shared` + ` credentials file.`);
|
|
98
|
-
};
|
|
99
|
-
/**
|
|
100
|
-
* Resolve the `credential_source` entry from the profile, and return the
|
|
101
|
-
* credential providers respectively. No memoization is needed for the
|
|
102
|
-
* credential source providers because memoization should be added outside the
|
|
103
|
-
* fromIni() provider. The source credential needs to be refreshed every time
|
|
104
|
-
* fromIni() is called.
|
|
105
|
-
*/
|
|
106
|
-
const resolveCredentialSource = (credentialSource, profileName) => {
|
|
107
|
-
const sourceProvidersMap = {
|
|
108
|
-
EcsContainer: credential_provider_imds_1.fromContainerMetadata,
|
|
109
|
-
Ec2InstanceMetadata: credential_provider_imds_1.fromInstanceMetadata,
|
|
110
|
-
Environment: credential_provider_env_1.fromEnv,
|
|
111
|
-
};
|
|
112
|
-
if (credentialSource in sourceProvidersMap) {
|
|
113
|
-
return sourceProvidersMap[credentialSource]();
|
|
114
|
-
}
|
|
115
|
-
else {
|
|
116
|
-
throw new property_provider_1.CredentialsProviderError(`Unsupported credential source in profile ${profileName}. Got ${credentialSource}, ` +
|
|
117
|
-
`expected EcsContainer or Ec2InstanceMetadata or Environment.`);
|
|
118
|
-
}
|
|
119
|
-
};
|
|
120
|
-
const resolveStaticCredentials = (profile) => Promise.resolve({
|
|
121
|
-
accessKeyId: profile.aws_access_key_id,
|
|
122
|
-
secretAccessKey: profile.aws_secret_access_key,
|
|
123
|
-
sessionToken: profile.aws_session_token,
|
|
124
|
-
});
|
|
125
|
-
const resolveWebIdentityCredentials = async (profile, options) => credential_provider_web_identity_1.fromTokenFile({
|
|
126
|
-
webIdentityTokenFile: profile.web_identity_token_file,
|
|
127
|
-
roleArn: profile.role_arn,
|
|
128
|
-
roleSessionName: profile.role_session_name,
|
|
129
|
-
roleAssumerWithWebIdentity: options.roleAssumerWithWebIdentity,
|
|
130
|
-
})();
|
|
131
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsOEVBQTJEO0FBQzNELGdGQUFnRztBQUNoRyw4RUFBNkY7QUFDN0YsZ0dBQTJHO0FBQzNHLGtFQUFzRTtBQUd0RSxnRUFBcUc7QUF1RXJHLE1BQU0sb0JBQW9CLEdBQUcsQ0FBQyxHQUFRLEVBQTZCLEVBQUUsQ0FDbkUsT0FBTyxDQUFDLEdBQUcsQ0FBQztJQUNaLE9BQU8sR0FBRyxLQUFLLFFBQVE7SUFDdkIsT0FBTyxHQUFHLENBQUMsaUJBQWlCLEtBQUssUUFBUTtJQUN6QyxPQUFPLEdBQUcsQ0FBQyxxQkFBcUIsS0FBSyxRQUFRO0lBQzdDLENBQUMsV0FBVyxFQUFFLFFBQVEsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxPQUFPLEdBQUcsQ0FBQyxpQkFBaUIsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDO0FBUXJFLE1BQU0sb0JBQW9CLEdBQUcsQ0FBQyxHQUFRLEVBQTZCLEVBQUUsQ0FDbkUsT0FBTyxDQUFDLEdBQUcsQ0FBQztJQUNaLE9BQU8sR0FBRyxLQUFLLFFBQVE7SUFDdkIsT0FBTyxHQUFHLENBQUMsdUJBQXVCLEtBQUssUUFBUTtJQUMvQyxPQUFPLEdBQUcsQ0FBQyxRQUFRLEtBQUssUUFBUTtJQUNoQyxDQUFDLFdBQVcsRUFBRSxRQUFRLENBQUMsQ0FBQyxPQUFPLENBQUMsT0FBTyxHQUFHLENBQUMsaUJBQWlCLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQztBQVlyRSxNQUFNLG1CQUFtQixHQUFHLENBQUMsR0FBUSxFQUFFLEVBQUUsQ0FDdkMsT0FBTyxDQUFDLEdBQUcsQ0FBQztJQUNaLE9BQU8sR0FBRyxLQUFLLFFBQVE7SUFDdkIsT0FBTyxHQUFHLENBQUMsUUFBUSxLQUFLLFFBQVE7SUFDaEMsQ0FBQyxXQUFXLEVBQUUsUUFBUSxDQUFDLENBQUMsT0FBTyxDQUFDLE9BQU8sR0FBRyxDQUFDLGlCQUFpQixDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQ2xFLENBQUMsV0FBVyxFQUFFLFFBQVEsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxPQUFPLEdBQUcsQ0FBQyxXQUFXLENBQUMsR0FBRyxDQUFDLENBQUM7SUFDNUQsQ0FBQyxXQUFXLEVBQUUsUUFBUSxDQUFDLENBQUMsT0FBTyxDQUFDLE9BQU8sR0FBRyxDQUFDLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDO0FBRTlELE1BQU0sNkJBQTZCLEdBQUcsQ0FBQyxHQUFRLEVBQXNDLEVBQUUsQ0FDckYsbUJBQW1CLENBQUMsR0FBRyxDQUFDLElBQUksT0FBTyxHQUFHLENBQUMsY0FBYyxLQUFLLFFBQVEsSUFBSSxPQUFPLEdBQUcsQ0FBQyxpQkFBaUIsS0FBSyxXQUFXLENBQUM7QUFFckgsTUFBTSwrQkFBK0IsR0FBRyxDQUFDLEdBQVEsRUFBd0MsRUFBRSxDQUN6RixtQkFBbUIsQ0FBQyxHQUFHLENBQUMsSUFBSSxPQUFPLEdBQUcsQ0FBQyxpQkFBaUIsS0FBSyxRQUFRLElBQUksT0FBTyxHQUFHLENBQUMsY0FBYyxLQUFLLFdBQVcsQ0FBQztBQUVySDs7O0dBR0c7QUFDSSxNQUFNLE9BQU8sR0FDbEIsQ0FBQyxPQUFvQixFQUFFLEVBQXNCLEVBQUUsQ0FDL0MsS0FBSyxJQUFJLEVBQUU7SUFDVCxNQUFNLFFBQVEsR0FBRyxNQUFNLGtDQUFlLENBQUMsSUFBSSxDQUFDLENBQUM7SUFDN0MsT0FBTyxrQkFBa0IsQ0FBQyx1Q0FBb0IsQ0FBQyxJQUFJLENBQUMsRUFBRSxRQUFRLEVBQUUsSUFBSSxDQUFDLENBQUM7QUFDeEUsQ0FBQyxDQUFDO0FBTFMsUUFBQSxPQUFPLFdBS2hCO0FBRUosTUFBTSxrQkFBa0IsR0FBRyxLQUFLLEVBQzlCLFdBQW1CLEVBQ25CLFFBQXVCLEVBQ3ZCLE9BQW9CLEVBQ3BCLGtCQUFtRCxFQUFFLEVBQy9CLEVBQUU7SUFDeEIsTUFBTSxJQUFJLEdBQUcsUUFBUSxDQUFDLFdBQVcsQ0FBQyxDQUFDO0lBRW5DLHlFQUF5RTtJQUN6RSxxRUFBcUU7SUFDckUsMEVBQTBFO0lBQzFFLElBQUksTUFBTSxDQUFDLElBQUksQ0FBQyxlQUFlLENBQUMsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxJQUFJLG9CQUFvQixDQUFDLElBQUksQ0FBQyxFQUFFO1FBQ3pFLE9BQU8sd0JBQXdCLENBQUMsSUFBSSxDQUFDLENBQUM7S0FDdkM7SUFFRCx1RUFBdUU7SUFDdkUsNENBQTRDO0lBQzVDLElBQUksNkJBQTZCLENBQUMsSUFBSSxDQUFDLElBQUksK0JBQStCLENBQUMsSUFBSSxDQUFDLEVBQUU7UUFDaEYsTUFBTSxFQUNKLFdBQVcsRUFBRSxVQUFVLEVBQ3ZCLFVBQVUsRUFDVixRQUFRLEVBQUUsT0FBTyxFQUNqQixpQkFBaUIsRUFBRSxlQUFlLEdBQUcsYUFBYSxHQUFHLElBQUksQ0FBQyxHQUFHLEVBQUUsRUFDL0QsY0FBYyxFQUNkLGlCQUFpQixHQUNsQixHQUFHLElBQUksQ0FBQztRQUVULElBQUksQ0FBQyxPQUFPLENBQUMsV0FBVyxFQUFFO1lBQ3hCLE1BQU0sSUFBSSw0Q0FBd0IsQ0FDaEMsV0FBVyxXQUFXLHdDQUF3QyxHQUFHLHlDQUF5QyxFQUMxRyxLQUFLLENBQ04sQ0FBQztTQUNIO1FBRUQsSUFBSSxjQUFjLElBQUksY0FBYyxJQUFJLGVBQWUsRUFBRTtZQUN2RCxNQUFNLElBQUksNENBQXdCLENBQ2hDLGdFQUFnRTtnQkFDOUQsSUFBSSx1Q0FBb0IsQ0FBQyxPQUFPLENBQUMsc0JBQXNCO2dCQUN2RCxNQUFNLENBQUMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsRUFDekMsS0FBSyxDQUNOLENBQUM7U0FDSDtRQUVELE1BQU0sV0FBVyxHQUFHLGNBQWM7WUFDaEMsQ0FBQyxDQUFDLGtCQUFrQixDQUFDLGNBQWMsRUFBRSxRQUFRLEVBQUUsT0FBTyxFQUFFO2dCQUNwRCxHQUFHLGVBQWU7Z0JBQ2xCLENBQUMsY0FBYyxDQUFDLEVBQUUsSUFBSTthQUN2QixDQUFDO1lBQ0osQ0FBQyxDQUFDLHVCQUF1QixDQUFDLGlCQUFrQixFQUFFLFdBQVcsQ0FBQyxFQUFFLENBQUM7UUFFL0QsTUFBTSxNQUFNLEdBQXFCLEVBQUUsT0FBTyxFQUFFLGVBQWUsRUFBRSxVQUFVLEVBQUUsQ0FBQztRQUMxRSxJQUFJLFVBQVUsRUFBRTtZQUNkLElBQUksQ0FBQyxPQUFPLENBQUMsZUFBZSxFQUFFO2dCQUM1QixNQUFNLElBQUksNENBQXdCLENBQ2hDLFdBQVcsV0FBVyx3Q0FBd0MsR0FBRyx5Q0FBeUMsRUFDMUcsS0FBSyxDQUNOLENBQUM7YUFDSDtZQUNELE1BQU0sQ0FBQyxZQUFZLEdBQUcsVUFBVSxDQUFDO1lBQ2pDLE1BQU0sQ0FBQyxTQUFTLEdBQUcsTUFBTSxPQUFPLENBQUMsZUFBZSxDQUFDLFVBQVUsQ0FBQyxDQUFDO1NBQzlEO1FBRUQsT0FBTyxPQUFPLENBQUMsV0FBVyxDQUFDLE1BQU0sV0FBVyxFQUFFLE1BQU0sQ0FBQyxDQUFDO0tBQ3ZEO0lBRUQsb0VBQW9FO0lBQ3BFLHlDQUF5QztJQUN6QyxJQUFJLG9CQUFvQixDQUFDLElBQUksQ0FBQyxFQUFFO1FBQzlCLE9BQU8sd0JBQXdCLENBQUMsSUFBSSxDQUFDLENBQUM7S0FDdkM7SUFFRCxvRUFBb0U7SUFDcEUsb0VBQW9FO0lBQ3BFLElBQUksb0JBQW9CLENBQUMsSUFBSSxDQUFDLEVBQUU7UUFDOUIsT0FBTyw2QkFBNkIsQ0FBQyxJQUFJLEVBQUUsT0FBTyxDQUFDLENBQUM7S0FDckQ7SUFDRCxJQUFJLHNDQUFZLENBQUMsSUFBSSxDQUFDLEVBQUU7UUFDdEIsTUFBTSxFQUFFLGFBQWEsRUFBRSxjQUFjLEVBQUUsVUFBVSxFQUFFLGFBQWEsRUFBRSxHQUFHLDRDQUFrQixDQUFDLElBQUksQ0FBQyxDQUFDO1FBQzlGLE9BQU8saUNBQU8sQ0FBQztZQUNiLFdBQVcsRUFBRSxhQUFhO1lBQzFCLFlBQVksRUFBRSxjQUFjO1lBQzVCLFNBQVMsRUFBRSxVQUFVO1lBQ3JCLFdBQVcsRUFBRSxhQUFhO1NBQzNCLENBQUMsRUFBRSxDQUFDO0tBQ047SUFFRCx5RUFBeUU7SUFDekUsNEVBQTRFO0lBQzVFLHdFQUF3RTtJQUN4RSwwRUFBMEU7SUFDMUUseUJBQXlCO0lBQ3pCLE1BQU0sSUFBSSw0Q0FBd0IsQ0FDaEMsV0FBVyxXQUFXLHlDQUF5QyxHQUFHLG9CQUFvQixDQUN2RixDQUFDO0FBQ0osQ0FBQyxDQUFDO0FBRUY7Ozs7OztHQU1HO0FBQ0gsTUFBTSx1QkFBdUIsR0FBRyxDQUFDLGdCQUF3QixFQUFFLFdBQW1CLEVBQXNCLEVBQUU7SUFDcEcsTUFBTSxrQkFBa0IsR0FBaUQ7UUFDdkUsWUFBWSxFQUFFLGdEQUFxQjtRQUNuQyxtQkFBbUIsRUFBRSwrQ0FBb0I7UUFDekMsV0FBVyxFQUFFLGlDQUFPO0tBQ3JCLENBQUM7SUFDRixJQUFJLGdCQUFnQixJQUFJLGtCQUFrQixFQUFFO1FBQzFDLE9BQU8sa0JBQWtCLENBQUMsZ0JBQWdCLENBQUMsRUFBRSxDQUFDO0tBQy9DO1NBQU07UUFDTCxNQUFNLElBQUksNENBQXdCLENBQ2hDLDRDQUE0QyxXQUFXLFNBQVMsZ0JBQWdCLElBQUk7WUFDbEYsOERBQThELENBQ2pFLENBQUM7S0FDSDtBQUNILENBQUMsQ0FBQztBQUVGLE1BQU0sd0JBQXdCLEdBQUcsQ0FBQyxPQUEyQixFQUF3QixFQUFFLENBQ3JGLE9BQU8sQ0FBQyxPQUFPLENBQUM7SUFDZCxXQUFXLEVBQUUsT0FBTyxDQUFDLGlCQUFpQjtJQUN0QyxlQUFlLEVBQUUsT0FBTyxDQUFDLHFCQUFxQjtJQUM5QyxZQUFZLEVBQUUsT0FBTyxDQUFDLGlCQUFpQjtDQUN4QyxDQUFDLENBQUM7QUFFTCxNQUFNLDZCQUE2QixHQUFHLEtBQUssRUFBRSxPQUEyQixFQUFFLE9BQW9CLEVBQXdCLEVBQUUsQ0FDdEgsZ0RBQWEsQ0FBQztJQUNaLG9CQUFvQixFQUFFLE9BQU8sQ0FBQyx1QkFBdUI7SUFDckQsT0FBTyxFQUFFLE9BQU8sQ0FBQyxRQUFRO0lBQ3pCLGVBQWUsRUFBRSxPQUFPLENBQUMsaUJBQWlCO0lBQzFDLDBCQUEwQixFQUFFLE9BQU8sQ0FBQywwQkFBMEI7Q0FDL0QsQ0FBQyxFQUFFLENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBmcm9tRW52IH0gZnJvbSBcIkBhd3Mtc2RrL2NyZWRlbnRpYWwtcHJvdmlkZXItZW52XCI7XG5pbXBvcnQgeyBmcm9tQ29udGFpbmVyTWV0YWRhdGEsIGZyb21JbnN0YW5jZU1ldGFkYXRhIH0gZnJvbSBcIkBhd3Mtc2RrL2NyZWRlbnRpYWwtcHJvdmlkZXItaW1kc1wiO1xuaW1wb3J0IHsgZnJvbVNTTywgaXNTc29Qcm9maWxlLCB2YWxpZGF0ZVNzb1Byb2ZpbGUgfSBmcm9tIFwiQGF3cy1zZGsvY3JlZGVudGlhbC1wcm92aWRlci1zc29cIjtcbmltcG9ydCB7IEFzc3VtZVJvbGVXaXRoV2ViSWRlbnRpdHlQYXJhbXMsIGZyb21Ub2tlbkZpbGUgfSBmcm9tIFwiQGF3cy1zZGsvY3JlZGVudGlhbC1wcm92aWRlci13ZWItaWRlbnRpdHlcIjtcbmltcG9ydCB7IENyZWRlbnRpYWxzUHJvdmlkZXJFcnJvciB9IGZyb20gXCJAYXdzLXNkay9wcm9wZXJ0eS1wcm92aWRlclwiO1xuaW1wb3J0IHsgUGFyc2VkSW5pRGF0YSwgUHJvZmlsZSB9IGZyb20gXCJAYXdzLXNkay9zaGFyZWQtaW5pLWZpbGUtbG9hZGVyXCI7XG5pbXBvcnQgeyBDcmVkZW50aWFsUHJvdmlkZXIsIENyZWRlbnRpYWxzIH0gZnJvbSBcIkBhd3Mtc2RrL3R5cGVzXCI7XG5pbXBvcnQgeyBnZXRNYXN0ZXJQcm9maWxlTmFtZSwgcGFyc2VLbm93bkZpbGVzLCBTb3VyY2VQcm9maWxlSW5pdCB9IGZyb20gXCJAYXdzLXNkay91dGlsLWNyZWRlbnRpYWxzXCI7XG5cbi8qKlxuICogQHNlZSBodHRwOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9BV1NKYXZhU2NyaXB0U0RLL2xhdGVzdC9BV1MvU1RTLmh0bWwjYXNzdW1lUm9sZS1wcm9wZXJ0eVxuICogVE9ETyB1cGRhdGUgdGhlIGFib3ZlIHRvIGxpbmsgdG8gVjMgZG9jc1xuICovXG5leHBvcnQgaW50ZXJmYWNlIEFzc3VtZVJvbGVQYXJhbXMge1xuICAvKipcbiAgICogVGhlIGlkZW50aWZpZXIgb2YgdGhlIHJvbGUgdG8gYmUgYXNzdW1lZC5cbiAgICovXG4gIFJvbGVBcm46IHN0cmluZztcblxuICAvKipcbiAgICogQSBuYW1lIGZvciB0aGUgYXNzdW1lZCByb2xlIHNlc3Npb24uXG4gICAqL1xuICBSb2xlU2Vzc2lvbk5hbWU6IHN0cmluZztcblxuICAvKipcbiAgICogQSB1bmlxdWUgaWRlbnRpZmllciB0aGF0IGlzIHVzZWQgYnkgdGhpcmQgcGFydGllcyB3aGVuIGFzc3VtaW5nIHJvbGVzIGluXG4gICAqIHRoZWlyIGN1c3RvbWVycycgYWNjb3VudHMuXG4gICAqL1xuICBFeHRlcm5hbElkPzogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBUaGUgaWRlbnRpZmljYXRpb24gbnVtYmVyIG9mIHRoZSBNRkEgZGV2aWNlIHRoYXQgaXMgYXNzb2NpYXRlZCB3aXRoIHRoZVxuICAgKiB1c2VyIHdobyBpcyBtYWtpbmcgdGhlIGBBc3N1bWVSb2xlYCBjYWxsLlxuICAgKi9cbiAgU2VyaWFsTnVtYmVyPzogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBUaGUgdmFsdWUgcHJvdmlkZWQgYnkgdGhlIE1GQSBkZXZpY2UuXG4gICAqL1xuICBUb2tlbkNvZGU/OiBzdHJpbmc7XG59XG5cbmV4cG9ydCBpbnRlcmZhY2UgRnJvbUluaUluaXQgZXh0ZW5kcyBTb3VyY2VQcm9maWxlSW5pdCB7XG4gIC8qKlxuICAgKiBBIGZ1bmN0aW9uIHRoYXQgcmV0dXJucyBhIHByb21pc2UgZnVsZmlsbGVkIHdpdGggYW4gTUZBIHRva2VuIGNvZGUgZm9yXG4gICAqIHRoZSBwcm92aWRlZCBNRkEgU2VyaWFsIGNvZGUuIElmIGEgcHJvZmlsZSByZXF1aXJlcyBhbiBNRkEgY29kZSBhbmRcbiAgICogYG1mYUNvZGVQcm92aWRlcmAgaXMgbm90IGEgdmFsaWQgZnVuY3Rpb24sIHRoZSBjcmVkZW50aWFsIHByb3ZpZGVyXG4gICAqIHByb21pc2Ugd2lsbCBiZSByZWplY3RlZC5cbiAgICpcbiAgICogQHBhcmFtIG1mYVNlcmlhbCBUaGUgc2VyaWFsIGNvZGUgb2YgdGhlIE1GQSBkZXZpY2Ugc3BlY2lmaWVkLlxuICAgKi9cbiAgbWZhQ29kZVByb3ZpZGVyPzogKG1mYVNlcmlhbDogc3RyaW5nKSA9PiBQcm9taXNlPHN0cmluZz47XG5cbiAgLyoqXG4gICAqIEEgZnVuY3Rpb24gdGhhdCBhc3N1bWVzIGEgcm9sZSBhbmQgcmV0dXJucyBhIHByb21pc2UgZnVsZmlsbGVkIHdpdGhcbiAgICogY3JlZGVudGlhbHMgZm9yIHRoZSBhc3N1bWVkIHJvbGUuXG4gICAqXG4gICAqIEBwYXJhbSBzb3VyY2VDcmVkcyBUaGUgY3JlZGVudGlhbHMgd2l0aCB3aGljaCB0byBhc3N1bWUgYSByb2xlLlxuICAgKiBAcGFyYW0gcGFyYW1zXG4gICAqL1xuICByb2xlQXNzdW1lcj86IChzb3VyY2VDcmVkczogQ3JlZGVudGlhbHMsIHBhcmFtczogQXNzdW1lUm9sZVBhcmFtcykgPT4gUHJvbWlzZTxDcmVkZW50aWFscz47XG5cbiAgLyoqXG4gICAqIEEgZnVuY3Rpb24gdGhhdCBhc3N1bWVzIGEgcm9sZSB3aXRoIHdlYiBpZGVudGl0eSBhbmQgcmV0dXJucyBhIHByb21pc2UgZnVsZmlsbGVkIHdpdGhcbiAgICogY3JlZGVudGlhbHMgZm9yIHRoZSBhc3N1bWVkIHJvbGUuXG4gICAqXG4gICAqIEBwYXJhbSBzb3VyY2VDcmVkcyBUaGUgY3JlZGVudGlhbHMgd2l0aCB3aGljaCB0byBhc3N1bWUgYSByb2xlLlxuICAgKiBAcGFyYW0gcGFyYW1zXG4gICAqL1xuICByb2xlQXNzdW1lcldpdGhXZWJJZGVudGl0eT86IChwYXJhbXM6IEFzc3VtZVJvbGVXaXRoV2ViSWRlbnRpdHlQYXJhbXMpID0+IFByb21pc2U8Q3JlZGVudGlhbHM+O1xufVxuXG5pbnRlcmZhY2UgU3RhdGljQ3JlZHNQcm9maWxlIGV4dGVuZHMgUHJvZmlsZSB7XG4gIGF3c19hY2Nlc3Nfa2V5X2lkOiBzdHJpbmc7XG4gIGF3c19zZWNyZXRfYWNjZXNzX2tleTogc3RyaW5nO1xuICBhd3Nfc2Vzc2lvbl90b2tlbj86IHN0cmluZztcbn1cblxuY29uc3QgaXNTdGF0aWNDcmVkc1Byb2ZpbGUgPSAoYXJnOiBhbnkpOiBhcmcgaXMgU3RhdGljQ3JlZHNQcm9maWxlID0+XG4gIEJvb2xlYW4oYXJnKSAmJlxuICB0eXBlb2YgYXJnID09PSBcIm9iamVjdFwiICYmXG4gIHR5cGVvZiBhcmcuYXdzX2FjY2Vzc19rZXlfaWQgPT09IFwic3RyaW5nXCIgJiZcbiAgdHlwZW9mIGFyZy5hd3Nfc2VjcmV0X2FjY2Vzc19rZXkgPT09IFwic3RyaW5nXCIgJiZcbiAgW1widW5kZWZpbmVkXCIsIFwic3RyaW5nXCJdLmluZGV4T2YodHlwZW9mIGFyZy5hd3Nfc2Vzc2lvbl90b2tlbikgPiAtMTtcblxuaW50ZXJmYWNlIFdlYklkZW50aXR5UHJvZmlsZSBleHRlbmRzIFByb2ZpbGUge1xuICB3ZWJfaWRlbnRpdHlfdG9rZW5fZmlsZTogc3RyaW5nO1xuICByb2xlX2Fybjogc3RyaW5nO1xuICByb2xlX3Nlc3Npb25fbmFtZT86IHN0cmluZztcbn1cblxuY29uc3QgaXNXZWJJZGVudGl0eVByb2ZpbGUgPSAoYXJnOiBhbnkpOiBhcmcgaXMgV2ViSWRlbnRpdHlQcm9maWxlID0+XG4gIEJvb2xlYW4oYXJnKSAmJlxuICB0eXBlb2YgYXJnID09PSBcIm9iamVjdFwiICYmXG4gIHR5cGVvZiBhcmcud2ViX2lkZW50aXR5X3Rva2VuX2ZpbGUgPT09IFwic3RyaW5nXCIgJiZcbiAgdHlwZW9mIGFyZy5yb2xlX2FybiA9PT0gXCJzdHJpbmdcIiAmJlxuICBbXCJ1bmRlZmluZWRcIiwgXCJzdHJpbmdcIl0uaW5kZXhPZih0eXBlb2YgYXJnLnJvbGVfc2Vzc2lvbl9uYW1lKSA+IC0xO1xuXG5pbnRlcmZhY2UgQXNzdW1lUm9sZVdpdGhTb3VyY2VQcm9maWxlIGV4dGVuZHMgUHJvZmlsZSB7XG4gIHJvbGVfYXJuOiBzdHJpbmc7XG4gIHNvdXJjZV9wcm9maWxlOiBzdHJpbmc7XG59XG5cbmludGVyZmFjZSBBc3N1bWVSb2xlV2l0aFByb3ZpZGVyUHJvZmlsZSBleHRlbmRzIFByb2ZpbGUge1xuICByb2xlX2Fybjogc3RyaW5nO1xuICBjcmVkZW50aWFsX3NvdXJjZTogc3RyaW5nO1xufVxuXG5jb25zdCBpc0Fzc3VtZVJvbGVQcm9maWxlID0gKGFyZzogYW55KSA9PlxuICBCb29sZWFuKGFyZykgJiZcbiAgdHlwZW9mIGFyZyA9PT0gXCJvYmplY3RcIiAmJlxuICB0eXBlb2YgYXJnLnJvbGVfYXJuID09PSBcInN0cmluZ1wiICYmXG4gIFtcInVuZGVmaW5lZFwiLCBcInN0cmluZ1wiXS5pbmRleE9mKHR5cGVvZiBhcmcucm9sZV9zZXNzaW9uX25hbWUpID4gLTEgJiZcbiAgW1widW5kZWZpbmVkXCIsIFwic3RyaW5nXCJdLmluZGV4T2YodHlwZW9mIGFyZy5leHRlcm5hbF9pZCkgPiAtMSAmJlxuICBbXCJ1bmRlZmluZWRcIiwgXCJzdHJpbmdcIl0uaW5kZXhPZih0eXBlb2YgYXJnLm1mYV9zZXJpYWwpID4gLTE7XG5cbmNvbnN0IGlzQXNzdW1lUm9sZVdpdGhTb3VyY2VQcm9maWxlID0gKGFyZzogYW55KTogYXJnIGlzIEFzc3VtZVJvbGVXaXRoU291cmNlUHJvZmlsZSA9PlxuICBpc0Fzc3VtZVJvbGVQcm9maWxlKGFyZykgJiYgdHlwZW9mIGFyZy5zb3VyY2VfcHJvZmlsZSA9PT0gXCJzdHJpbmdcIiAmJiB0eXBlb2YgYXJnLmNyZWRlbnRpYWxfc291cmNlID09PSBcInVuZGVmaW5lZFwiO1xuXG5jb25zdCBpc0Fzc3VtZVJvbGVXaXRoUHJvdmlkZXJQcm9maWxlID0gKGFyZzogYW55KTogYXJnIGlzIEFzc3VtZVJvbGVXaXRoUHJvdmlkZXJQcm9maWxlID0+XG4gIGlzQXNzdW1lUm9sZVByb2ZpbGUoYXJnKSAmJiB0eXBlb2YgYXJnLmNyZWRlbnRpYWxfc291cmNlID09PSBcInN0cmluZ1wiICYmIHR5cGVvZiBhcmcuc291cmNlX3Byb2ZpbGUgPT09IFwidW5kZWZpbmVkXCI7XG5cbi8qKlxuICogQ3JlYXRlcyBhIGNyZWRlbnRpYWwgcHJvdmlkZXIgdGhhdCB3aWxsIHJlYWQgZnJvbSBpbmkgZmlsZXMgYW5kIHN1cHBvcnRzXG4gKiByb2xlIGFzc3VtcHRpb24gYW5kIG11bHRpLWZhY3RvciBhdXRoZW50aWNhdGlvbi5cbiAqL1xuZXhwb3J0IGNvbnN0IGZyb21JbmkgPVxuICAoaW5pdDogRnJvbUluaUluaXQgPSB7fSk6IENyZWRlbnRpYWxQcm92aWRlciA9PlxuICBhc3luYyAoKSA9PiB7XG4gICAgY29uc3QgcHJvZmlsZXMgPSBhd2FpdCBwYXJzZUtub3duRmlsZXMoaW5pdCk7XG4gICAgcmV0dXJuIHJlc29sdmVQcm9maWxlRGF0YShnZXRNYXN0ZXJQcm9maWxlTmFtZShpbml0KSwgcHJvZmlsZXMsIGluaXQpO1xuICB9O1xuXG5jb25zdCByZXNvbHZlUHJvZmlsZURhdGEgPSBhc3luYyAoXG4gIHByb2ZpbGVOYW1lOiBzdHJpbmcsXG4gIHByb2ZpbGVzOiBQYXJzZWRJbmlEYXRhLFxuICBvcHRpb25zOiBGcm9tSW5pSW5pdCxcbiAgdmlzaXRlZFByb2ZpbGVzOiB7IFtwcm9maWxlTmFtZTogc3RyaW5nXTogdHJ1ZSB9ID0ge31cbik6IFByb21pc2U8Q3JlZGVudGlhbHM+ID0+IHtcbiAgY29uc3QgZGF0YSA9IHByb2ZpbGVzW3Byb2ZpbGVOYW1lXTtcblxuICAvLyBJZiB0aGlzIGlzIG5vdCB0aGUgZmlyc3QgcHJvZmlsZSB2aXNpdGVkLCBzdGF0aWMgY3JlZGVudGlhbHMgc2hvdWxkIGJlXG4gIC8vIHByZWZlcnJlZCBvdmVyIHJvbGUgYXNzdW1wdGlvbiBtZXRhZGF0YS4gVGhpcyBzcGVjaWFsIHRyZWF0bWVudCBvZlxuICAvLyBzZWNvbmQgYW5kIHN1YnNlcXVlbnQgaG9wcyBpcyB0byBlbnN1cmUgY29tcGF0aWJpbGl0eSB3aXRoIHRoZSBBV1MgQ0xJLlxuICBpZiAoT2JqZWN0LmtleXModmlzaXRlZFByb2ZpbGVzKS5sZW5ndGggPiAwICYmIGlzU3RhdGljQ3JlZHNQcm9maWxlKGRhdGEpKSB7XG4gICAgcmV0dXJuIHJlc29sdmVTdGF0aWNDcmVkZW50aWFscyhkYXRhKTtcbiAgfVxuXG4gIC8vIElmIHRoaXMgaXMgdGhlIGZpcnN0IHByb2ZpbGUgdmlzaXRlZCwgcm9sZSBhc3N1bXB0aW9uIGtleXMgc2hvdWxkIGJlXG4gIC8vIGdpdmVuIHByZWNlZGVuY2Ugb3ZlciBzdGF0aWMgY3JlZGVudGlhbHMuXG4gIGlmIChpc0Fzc3VtZVJvbGVXaXRoU291cmNlUHJvZmlsZShkYXRhKSB8fCBpc0Fzc3VtZVJvbGVXaXRoUHJvdmlkZXJQcm9maWxlKGRhdGEpKSB7XG4gICAgY29uc3Qge1xuICAgICAgZXh0ZXJuYWxfaWQ6IEV4dGVybmFsSWQsXG4gICAgICBtZmFfc2VyaWFsLFxuICAgICAgcm9sZV9hcm46IFJvbGVBcm4sXG4gICAgICByb2xlX3Nlc3Npb25fbmFtZTogUm9sZVNlc3Npb25OYW1lID0gXCJhd3Mtc2RrLWpzLVwiICsgRGF0ZS5ub3coKSxcbiAgICAgIHNvdXJjZV9wcm9maWxlLFxuICAgICAgY3JlZGVudGlhbF9zb3VyY2UsXG4gICAgfSA9IGRhdGE7XG5cbiAgICBpZiAoIW9wdGlvbnMucm9sZUFzc3VtZXIpIHtcbiAgICAgIHRocm93IG5ldyBDcmVkZW50aWFsc1Byb3ZpZGVyRXJyb3IoXG4gICAgICAgIGBQcm9maWxlICR7cHJvZmlsZU5hbWV9IHJlcXVpcmVzIGEgcm9sZSB0byBiZSBhc3N1bWVkLCBidXQgbm9gICsgYCByb2xlIGFzc3VtcHRpb24gY2FsbGJhY2sgd2FzIHByb3ZpZGVkLmAsXG4gICAgICAgIGZhbHNlXG4gICAgICApO1xuICAgIH1cblxuICAgIGlmIChzb3VyY2VfcHJvZmlsZSAmJiBzb3VyY2VfcHJvZmlsZSBpbiB2aXNpdGVkUHJvZmlsZXMpIHtcbiAgICAgIHRocm93IG5ldyBDcmVkZW50aWFsc1Byb3ZpZGVyRXJyb3IoXG4gICAgICAgIGBEZXRlY3RlZCBhIGN5Y2xlIGF0dGVtcHRpbmcgdG8gcmVzb2x2ZSBjcmVkZW50aWFscyBmb3IgcHJvZmlsZWAgK1xuICAgICAgICAgIGAgJHtnZXRNYXN0ZXJQcm9maWxlTmFtZShvcHRpb25zKX0uIFByb2ZpbGVzIHZpc2l0ZWQ6IGAgK1xuICAgICAgICAgIE9iamVjdC5rZXlzKHZpc2l0ZWRQcm9maWxlcykuam9pbihcIiwgXCIpLFxuICAgICAgICBmYWxzZVxuICAgICAgKTtcbiAgICB9XG5cbiAgICBjb25zdCBzb3VyY2VDcmVkcyA9IHNvdXJjZV9wcm9maWxlXG4gICAgICA/IHJlc29sdmVQcm9maWxlRGF0YShzb3VyY2VfcHJvZmlsZSwgcHJvZmlsZXMsIG9wdGlvbnMsIHtcbiAgICAgICAgICAuLi52aXNpdGVkUHJvZmlsZXMsXG4gICAgICAgICAgW3NvdXJjZV9wcm9maWxlXTogdHJ1ZSxcbiAgICAgICAgfSlcbiAgICAgIDogcmVzb2x2ZUNyZWRlbnRpYWxTb3VyY2UoY3JlZGVudGlhbF9zb3VyY2UhLCBwcm9maWxlTmFtZSkoKTtcblxuICAgIGNvbnN0IHBhcmFtczogQXNzdW1lUm9sZVBhcmFtcyA9IHsgUm9sZUFybiwgUm9sZVNlc3Npb25OYW1lLCBFeHRlcm5hbElkIH07XG4gICAgaWYgKG1mYV9zZXJpYWwpIHtcbiAgICAgIGlmICghb3B0aW9ucy5tZmFDb2RlUHJvdmlkZXIpIHtcbiAgICAgICAgdGhyb3cgbmV3IENyZWRlbnRpYWxzUHJvdmlkZXJFcnJvcihcbiAgICAgICAgICBgUHJvZmlsZSAke3Byb2ZpbGVOYW1lfSByZXF1aXJlcyBtdWx0aS1mYWN0b3IgYXV0aGVudGljYXRpb24sYCArIGAgYnV0IG5vIE1GQSBjb2RlIGNhbGxiYWNrIHdhcyBwcm92aWRlZC5gLFxuICAgICAgICAgIGZhbHNlXG4gICAgICAgICk7XG4gICAgICB9XG4gICAgICBwYXJhbXMuU2VyaWFsTnVtYmVyID0gbWZhX3NlcmlhbDtcbiAgICAgIHBhcmFtcy5Ub2tlbkNvZGUgPSBhd2FpdCBvcHRpb25zLm1mYUNvZGVQcm92aWRlcihtZmFfc2VyaWFsKTtcbiAgICB9XG5cbiAgICByZXR1cm4gb3B0aW9ucy5yb2xlQXNzdW1lcihhd2FpdCBzb3VyY2VDcmVkcywgcGFyYW1zKTtcbiAgfVxuXG4gIC8vIElmIG5vIHJvbGUgYXNzdW1wdGlvbiBtZXRhZGF0YSBpcyBwcmVzZW50LCBhdHRlbXB0IHRvIGxvYWQgc3RhdGljXG4gIC8vIGNyZWRlbnRpYWxzIGZyb20gdGhlIHNlbGVjdGVkIHByb2ZpbGUuXG4gIGlmIChpc1N0YXRpY0NyZWRzUHJvZmlsZShkYXRhKSkge1xuICAgIHJldHVybiByZXNvbHZlU3RhdGljQ3JlZGVudGlhbHMoZGF0YSk7XG4gIH1cblxuICAvLyBJZiBubyBzdGF0aWMgY3JlZGVudGlhbHMgYXJlIHByZXNlbnQsIGF0dGVtcHQgdG8gYXNzdW1lIHJvbGUgd2l0aFxuICAvLyB3ZWIgaWRlbnRpdHkgaWYgd2ViX2lkZW50aXR5X3Rva2VuX2ZpbGUgYW5kIHJvbGVfYXJuIGlzIGF2YWlsYWJsZVxuICBpZiAoaXNXZWJJZGVudGl0eVByb2ZpbGUoZGF0YSkpIHtcbiAgICByZXR1cm4gcmVzb2x2ZVdlYklkZW50aXR5Q3JlZGVudGlhbHMoZGF0YSwgb3B0aW9ucyk7XG4gIH1cbiAgaWYgKGlzU3NvUHJvZmlsZShkYXRhKSkge1xuICAgIGNvbnN0IHsgc3NvX3N0YXJ0X3VybCwgc3NvX2FjY291bnRfaWQsIHNzb19yZWdpb24sIHNzb19yb2xlX25hbWUgfSA9IHZhbGlkYXRlU3NvUHJvZmlsZShkYXRhKTtcbiAgICByZXR1cm4gZnJvbVNTTyh7XG4gICAgICBzc29TdGFydFVybDogc3NvX3N0YXJ0X3VybCxcbiAgICAgIHNzb0FjY291bnRJZDogc3NvX2FjY291bnRfaWQsXG4gICAgICBzc29SZWdpb246IHNzb19yZWdpb24sXG4gICAgICBzc29Sb2xlTmFtZTogc3NvX3JvbGVfbmFtZSxcbiAgICB9KSgpO1xuICB9XG5cbiAgLy8gSWYgdGhlIHByb2ZpbGUgY2Fubm90IGJlIHBhcnNlZCBvciBjb250YWlucyBuZWl0aGVyIHN0YXRpYyBjcmVkZW50aWFsc1xuICAvLyBub3Igcm9sZSBhc3N1bXB0aW9uIG1ldGFkYXRhLCB0aHJvdyBhbiBlcnJvci4gVGhpcyBzaG91bGQgYmUgY29uc2lkZXJlZCBhXG4gIC8vIHRlcm1pbmFsIHJlc29sdXRpb24gZXJyb3IgaWYgYSBwcm9maWxlIGhhcyBiZWVuIHNwZWNpZmllZCBieSB0aGUgdXNlclxuICAvLyAod2hldGhlciB2aWEgYSBwYXJhbWV0ZXIsIGFuIGVudmlyb25tZW50IHZhcmlhYmxlLCBvciBhbm90aGVyIHByb2ZpbGUnc1xuICAvLyBgc291cmNlX3Byb2ZpbGVgIGtleSkuXG4gIHRocm93IG5ldyBDcmVkZW50aWFsc1Byb3ZpZGVyRXJyb3IoXG4gICAgYFByb2ZpbGUgJHtwcm9maWxlTmFtZX0gY291bGQgbm90IGJlIGZvdW5kIG9yIHBhcnNlZCBpbiBzaGFyZWRgICsgYCBjcmVkZW50aWFscyBmaWxlLmBcbiAgKTtcbn07XG5cbi8qKlxuICogUmVzb2x2ZSB0aGUgYGNyZWRlbnRpYWxfc291cmNlYCBlbnRyeSBmcm9tIHRoZSBwcm9maWxlLCBhbmQgcmV0dXJuIHRoZVxuICogY3JlZGVudGlhbCBwcm92aWRlcnMgcmVzcGVjdGl2ZWx5LiBObyBtZW1vaXphdGlvbiBpcyBuZWVkZWQgZm9yIHRoZVxuICogY3JlZGVudGlhbCBzb3VyY2UgcHJvdmlkZXJzIGJlY2F1c2UgbWVtb2l6YXRpb24gc2hvdWxkIGJlIGFkZGVkIG91dHNpZGUgdGhlXG4gKiBmcm9tSW5pKCkgcHJvdmlkZXIuIFRoZSBzb3VyY2UgY3JlZGVudGlhbCBuZWVkcyB0byBiZSByZWZyZXNoZWQgZXZlcnkgdGltZVxuICogZnJvbUluaSgpIGlzIGNhbGxlZC5cbiAqL1xuY29uc3QgcmVzb2x2ZUNyZWRlbnRpYWxTb3VyY2UgPSAoY3JlZGVudGlhbFNvdXJjZTogc3RyaW5nLCBwcm9maWxlTmFtZTogc3RyaW5nKTogQ3JlZGVudGlhbFByb3ZpZGVyID0+IHtcbiAgY29uc3Qgc291cmNlUHJvdmlkZXJzTWFwOiB7IFtuYW1lOiBzdHJpbmddOiAoKSA9PiBDcmVkZW50aWFsUHJvdmlkZXIgfSA9IHtcbiAgICBFY3NDb250YWluZXI6IGZyb21Db250YWluZXJNZXRhZGF0YSxcbiAgICBFYzJJbnN0YW5jZU1ldGFkYXRhOiBmcm9tSW5zdGFuY2VNZXRhZGF0YSxcbiAgICBFbnZpcm9ubWVudDogZnJvbUVudixcbiAgfTtcbiAgaWYgKGNyZWRlbnRpYWxTb3VyY2UgaW4gc291cmNlUHJvdmlkZXJzTWFwKSB7XG4gICAgcmV0dXJuIHNvdXJjZVByb3ZpZGVyc01hcFtjcmVkZW50aWFsU291cmNlXSgpO1xuICB9IGVsc2Uge1xuICAgIHRocm93IG5ldyBDcmVkZW50aWFsc1Byb3ZpZGVyRXJyb3IoXG4gICAgICBgVW5zdXBwb3J0ZWQgY3JlZGVudGlhbCBzb3VyY2UgaW4gcHJvZmlsZSAke3Byb2ZpbGVOYW1lfS4gR290ICR7Y3JlZGVudGlhbFNvdXJjZX0sIGAgK1xuICAgICAgICBgZXhwZWN0ZWQgRWNzQ29udGFpbmVyIG9yIEVjMkluc3RhbmNlTWV0YWRhdGEgb3IgRW52aXJvbm1lbnQuYFxuICAgICk7XG4gIH1cbn07XG5cbmNvbnN0IHJlc29sdmVTdGF0aWNDcmVkZW50aWFscyA9IChwcm9maWxlOiBTdGF0aWNDcmVkc1Byb2ZpbGUpOiBQcm9taXNlPENyZWRlbnRpYWxzPiA9PlxuICBQcm9taXNlLnJlc29sdmUoe1xuICAgIGFjY2Vzc0tleUlkOiBwcm9maWxlLmF3c19hY2Nlc3Nfa2V5X2lkLFxuICAgIHNlY3JldEFjY2Vzc0tleTogcHJvZmlsZS5hd3Nfc2VjcmV0X2FjY2Vzc19rZXksXG4gICAgc2Vzc2lvblRva2VuOiBwcm9maWxlLmF3c19zZXNzaW9uX3Rva2VuLFxuICB9KTtcblxuY29uc3QgcmVzb2x2ZVdlYklkZW50aXR5Q3JlZGVudGlhbHMgPSBhc3luYyAocHJvZmlsZTogV2ViSWRlbnRpdHlQcm9maWxlLCBvcHRpb25zOiBGcm9tSW5pSW5pdCk6IFByb21pc2U8Q3JlZGVudGlhbHM+ID0+XG4gIGZyb21Ub2tlbkZpbGUoe1xuICAgIHdlYklkZW50aXR5VG9rZW5GaWxlOiBwcm9maWxlLndlYl9pZGVudGl0eV90b2tlbl9maWxlLFxuICAgIHJvbGVBcm46IHByb2ZpbGUucm9sZV9hcm4sXG4gICAgcm9sZVNlc3Npb25OYW1lOiBwcm9maWxlLnJvbGVfc2Vzc2lvbl9uYW1lLFxuICAgIHJvbGVBc3N1bWVyV2l0aFdlYklkZW50aXR5OiBvcHRpb25zLnJvbGVBc3N1bWVyV2l0aFdlYklkZW50aXR5LFxuICB9KSgpO1xuIl19
|
package/dist/es/index.js
DELETED
|
@@ -1,165 +0,0 @@
|
|
|
1
|
-
import { __assign, __awaiter, __generator } from "tslib";
|
|
2
|
-
import { fromEnv } from "@aws-sdk/credential-provider-env";
|
|
3
|
-
import { fromContainerMetadata, fromInstanceMetadata } from "@aws-sdk/credential-provider-imds";
|
|
4
|
-
import { fromSSO, isSsoProfile, validateSsoProfile } from "@aws-sdk/credential-provider-sso";
|
|
5
|
-
import { fromTokenFile } from "@aws-sdk/credential-provider-web-identity";
|
|
6
|
-
import { CredentialsProviderError } from "@aws-sdk/property-provider";
|
|
7
|
-
import { getMasterProfileName, parseKnownFiles } from "@aws-sdk/util-credentials";
|
|
8
|
-
var isStaticCredsProfile = function (arg) {
|
|
9
|
-
return Boolean(arg) &&
|
|
10
|
-
typeof arg === "object" &&
|
|
11
|
-
typeof arg.aws_access_key_id === "string" &&
|
|
12
|
-
typeof arg.aws_secret_access_key === "string" &&
|
|
13
|
-
["undefined", "string"].indexOf(typeof arg.aws_session_token) > -1;
|
|
14
|
-
};
|
|
15
|
-
var isWebIdentityProfile = function (arg) {
|
|
16
|
-
return Boolean(arg) &&
|
|
17
|
-
typeof arg === "object" &&
|
|
18
|
-
typeof arg.web_identity_token_file === "string" &&
|
|
19
|
-
typeof arg.role_arn === "string" &&
|
|
20
|
-
["undefined", "string"].indexOf(typeof arg.role_session_name) > -1;
|
|
21
|
-
};
|
|
22
|
-
var isAssumeRoleProfile = function (arg) {
|
|
23
|
-
return Boolean(arg) &&
|
|
24
|
-
typeof arg === "object" &&
|
|
25
|
-
typeof arg.role_arn === "string" &&
|
|
26
|
-
["undefined", "string"].indexOf(typeof arg.role_session_name) > -1 &&
|
|
27
|
-
["undefined", "string"].indexOf(typeof arg.external_id) > -1 &&
|
|
28
|
-
["undefined", "string"].indexOf(typeof arg.mfa_serial) > -1;
|
|
29
|
-
};
|
|
30
|
-
var isAssumeRoleWithSourceProfile = function (arg) {
|
|
31
|
-
return isAssumeRoleProfile(arg) && typeof arg.source_profile === "string" && typeof arg.credential_source === "undefined";
|
|
32
|
-
};
|
|
33
|
-
var isAssumeRoleWithProviderProfile = function (arg) {
|
|
34
|
-
return isAssumeRoleProfile(arg) && typeof arg.credential_source === "string" && typeof arg.source_profile === "undefined";
|
|
35
|
-
};
|
|
36
|
-
/**
|
|
37
|
-
* Creates a credential provider that will read from ini files and supports
|
|
38
|
-
* role assumption and multi-factor authentication.
|
|
39
|
-
*/
|
|
40
|
-
export var fromIni = function (init) {
|
|
41
|
-
if (init === void 0) { init = {}; }
|
|
42
|
-
return function () { return __awaiter(void 0, void 0, void 0, function () {
|
|
43
|
-
var profiles;
|
|
44
|
-
return __generator(this, function (_a) {
|
|
45
|
-
switch (_a.label) {
|
|
46
|
-
case 0: return [4 /*yield*/, parseKnownFiles(init)];
|
|
47
|
-
case 1:
|
|
48
|
-
profiles = _a.sent();
|
|
49
|
-
return [2 /*return*/, resolveProfileData(getMasterProfileName(init), profiles, init)];
|
|
50
|
-
}
|
|
51
|
-
});
|
|
52
|
-
}); };
|
|
53
|
-
};
|
|
54
|
-
var resolveProfileData = function (profileName, profiles, options, visitedProfiles) {
|
|
55
|
-
if (visitedProfiles === void 0) { visitedProfiles = {}; }
|
|
56
|
-
return __awaiter(void 0, void 0, void 0, function () {
|
|
57
|
-
var data, ExternalId, mfa_serial, RoleArn, _a, RoleSessionName, source_profile, credential_source, sourceCreds, params, _b, _c, _d, _e, sso_start_url, sso_account_id, sso_region, sso_role_name;
|
|
58
|
-
var _f;
|
|
59
|
-
return __generator(this, function (_g) {
|
|
60
|
-
switch (_g.label) {
|
|
61
|
-
case 0:
|
|
62
|
-
data = profiles[profileName];
|
|
63
|
-
// If this is not the first profile visited, static credentials should be
|
|
64
|
-
// preferred over role assumption metadata. This special treatment of
|
|
65
|
-
// second and subsequent hops is to ensure compatibility with the AWS CLI.
|
|
66
|
-
if (Object.keys(visitedProfiles).length > 0 && isStaticCredsProfile(data)) {
|
|
67
|
-
return [2 /*return*/, resolveStaticCredentials(data)];
|
|
68
|
-
}
|
|
69
|
-
if (!(isAssumeRoleWithSourceProfile(data) || isAssumeRoleWithProviderProfile(data))) return [3 /*break*/, 4];
|
|
70
|
-
ExternalId = data.external_id, mfa_serial = data.mfa_serial, RoleArn = data.role_arn, _a = data.role_session_name, RoleSessionName = _a === void 0 ? "aws-sdk-js-" + Date.now() : _a, source_profile = data.source_profile, credential_source = data.credential_source;
|
|
71
|
-
if (!options.roleAssumer) {
|
|
72
|
-
throw new CredentialsProviderError("Profile " + profileName + " requires a role to be assumed, but no" + " role assumption callback was provided.", false);
|
|
73
|
-
}
|
|
74
|
-
if (source_profile && source_profile in visitedProfiles) {
|
|
75
|
-
throw new CredentialsProviderError("Detected a cycle attempting to resolve credentials for profile" +
|
|
76
|
-
(" " + getMasterProfileName(options) + ". Profiles visited: ") +
|
|
77
|
-
Object.keys(visitedProfiles).join(", "), false);
|
|
78
|
-
}
|
|
79
|
-
sourceCreds = source_profile
|
|
80
|
-
? resolveProfileData(source_profile, profiles, options, __assign(__assign({}, visitedProfiles), (_f = {}, _f[source_profile] = true, _f)))
|
|
81
|
-
: resolveCredentialSource(credential_source, profileName)();
|
|
82
|
-
params = { RoleArn: RoleArn, RoleSessionName: RoleSessionName, ExternalId: ExternalId };
|
|
83
|
-
if (!mfa_serial) return [3 /*break*/, 2];
|
|
84
|
-
if (!options.mfaCodeProvider) {
|
|
85
|
-
throw new CredentialsProviderError("Profile " + profileName + " requires multi-factor authentication," + " but no MFA code callback was provided.", false);
|
|
86
|
-
}
|
|
87
|
-
params.SerialNumber = mfa_serial;
|
|
88
|
-
_b = params;
|
|
89
|
-
return [4 /*yield*/, options.mfaCodeProvider(mfa_serial)];
|
|
90
|
-
case 1:
|
|
91
|
-
_b.TokenCode = _g.sent();
|
|
92
|
-
_g.label = 2;
|
|
93
|
-
case 2:
|
|
94
|
-
_d = (_c = options).roleAssumer;
|
|
95
|
-
return [4 /*yield*/, sourceCreds];
|
|
96
|
-
case 3: return [2 /*return*/, _d.apply(_c, [_g.sent(), params])];
|
|
97
|
-
case 4:
|
|
98
|
-
// If no role assumption metadata is present, attempt to load static
|
|
99
|
-
// credentials from the selected profile.
|
|
100
|
-
if (isStaticCredsProfile(data)) {
|
|
101
|
-
return [2 /*return*/, resolveStaticCredentials(data)];
|
|
102
|
-
}
|
|
103
|
-
// If no static credentials are present, attempt to assume role with
|
|
104
|
-
// web identity if web_identity_token_file and role_arn is available
|
|
105
|
-
if (isWebIdentityProfile(data)) {
|
|
106
|
-
return [2 /*return*/, resolveWebIdentityCredentials(data, options)];
|
|
107
|
-
}
|
|
108
|
-
if (isSsoProfile(data)) {
|
|
109
|
-
_e = validateSsoProfile(data), sso_start_url = _e.sso_start_url, sso_account_id = _e.sso_account_id, sso_region = _e.sso_region, sso_role_name = _e.sso_role_name;
|
|
110
|
-
return [2 /*return*/, fromSSO({
|
|
111
|
-
ssoStartUrl: sso_start_url,
|
|
112
|
-
ssoAccountId: sso_account_id,
|
|
113
|
-
ssoRegion: sso_region,
|
|
114
|
-
ssoRoleName: sso_role_name,
|
|
115
|
-
})()];
|
|
116
|
-
}
|
|
117
|
-
// If the profile cannot be parsed or contains neither static credentials
|
|
118
|
-
// nor role assumption metadata, throw an error. This should be considered a
|
|
119
|
-
// terminal resolution error if a profile has been specified by the user
|
|
120
|
-
// (whether via a parameter, an environment variable, or another profile's
|
|
121
|
-
// `source_profile` key).
|
|
122
|
-
throw new CredentialsProviderError("Profile " + profileName + " could not be found or parsed in shared" + " credentials file.");
|
|
123
|
-
}
|
|
124
|
-
});
|
|
125
|
-
});
|
|
126
|
-
};
|
|
127
|
-
/**
|
|
128
|
-
* Resolve the `credential_source` entry from the profile, and return the
|
|
129
|
-
* credential providers respectively. No memoization is needed for the
|
|
130
|
-
* credential source providers because memoization should be added outside the
|
|
131
|
-
* fromIni() provider. The source credential needs to be refreshed every time
|
|
132
|
-
* fromIni() is called.
|
|
133
|
-
*/
|
|
134
|
-
var resolveCredentialSource = function (credentialSource, profileName) {
|
|
135
|
-
var sourceProvidersMap = {
|
|
136
|
-
EcsContainer: fromContainerMetadata,
|
|
137
|
-
Ec2InstanceMetadata: fromInstanceMetadata,
|
|
138
|
-
Environment: fromEnv,
|
|
139
|
-
};
|
|
140
|
-
if (credentialSource in sourceProvidersMap) {
|
|
141
|
-
return sourceProvidersMap[credentialSource]();
|
|
142
|
-
}
|
|
143
|
-
else {
|
|
144
|
-
throw new CredentialsProviderError("Unsupported credential source in profile " + profileName + ". Got " + credentialSource + ", " +
|
|
145
|
-
"expected EcsContainer or Ec2InstanceMetadata or Environment.");
|
|
146
|
-
}
|
|
147
|
-
};
|
|
148
|
-
var resolveStaticCredentials = function (profile) {
|
|
149
|
-
return Promise.resolve({
|
|
150
|
-
accessKeyId: profile.aws_access_key_id,
|
|
151
|
-
secretAccessKey: profile.aws_secret_access_key,
|
|
152
|
-
sessionToken: profile.aws_session_token,
|
|
153
|
-
});
|
|
154
|
-
};
|
|
155
|
-
var resolveWebIdentityCredentials = function (profile, options) { return __awaiter(void 0, void 0, void 0, function () {
|
|
156
|
-
return __generator(this, function (_a) {
|
|
157
|
-
return [2 /*return*/, fromTokenFile({
|
|
158
|
-
webIdentityTokenFile: profile.web_identity_token_file,
|
|
159
|
-
roleArn: profile.role_arn,
|
|
160
|
-
roleSessionName: profile.role_session_name,
|
|
161
|
-
roleAssumerWithWebIdentity: options.roleAssumerWithWebIdentity,
|
|
162
|
-
})()];
|
|
163
|
-
});
|
|
164
|
-
}); };
|
|
165
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBLE9BQU8sRUFBRSxPQUFPLEVBQUUsTUFBTSxrQ0FBa0MsQ0FBQztBQUMzRCxPQUFPLEVBQUUscUJBQXFCLEVBQUUsb0JBQW9CLEVBQUUsTUFBTSxtQ0FBbUMsQ0FBQztBQUNoRyxPQUFPLEVBQUUsT0FBTyxFQUFFLFlBQVksRUFBRSxrQkFBa0IsRUFBRSxNQUFNLGtDQUFrQyxDQUFDO0FBQzdGLE9BQU8sRUFBbUMsYUFBYSxFQUFFLE1BQU0sMkNBQTJDLENBQUM7QUFDM0csT0FBTyxFQUFFLHdCQUF3QixFQUFFLE1BQU0sNEJBQTRCLENBQUM7QUFHdEUsT0FBTyxFQUFFLG9CQUFvQixFQUFFLGVBQWUsRUFBcUIsTUFBTSwyQkFBMkIsQ0FBQztBQXVFckcsSUFBTSxvQkFBb0IsR0FBRyxVQUFDLEdBQVE7SUFDcEMsT0FBQSxPQUFPLENBQUMsR0FBRyxDQUFDO1FBQ1osT0FBTyxHQUFHLEtBQUssUUFBUTtRQUN2QixPQUFPLEdBQUcsQ0FBQyxpQkFBaUIsS0FBSyxRQUFRO1FBQ3pDLE9BQU8sR0FBRyxDQUFDLHFCQUFxQixLQUFLLFFBQVE7UUFDN0MsQ0FBQyxXQUFXLEVBQUUsUUFBUSxDQUFDLENBQUMsT0FBTyxDQUFDLE9BQU8sR0FBRyxDQUFDLGlCQUFpQixDQUFDLEdBQUcsQ0FBQyxDQUFDO0FBSmxFLENBSWtFLENBQUM7QUFRckUsSUFBTSxvQkFBb0IsR0FBRyxVQUFDLEdBQVE7SUFDcEMsT0FBQSxPQUFPLENBQUMsR0FBRyxDQUFDO1FBQ1osT0FBTyxHQUFHLEtBQUssUUFBUTtRQUN2QixPQUFPLEdBQUcsQ0FBQyx1QkFBdUIsS0FBSyxRQUFRO1FBQy9DLE9BQU8sR0FBRyxDQUFDLFFBQVEsS0FBSyxRQUFRO1FBQ2hDLENBQUMsV0FBVyxFQUFFLFFBQVEsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxPQUFPLEdBQUcsQ0FBQyxpQkFBaUIsQ0FBQyxHQUFHLENBQUMsQ0FBQztBQUpsRSxDQUlrRSxDQUFDO0FBWXJFLElBQU0sbUJBQW1CLEdBQUcsVUFBQyxHQUFRO0lBQ25DLE9BQUEsT0FBTyxDQUFDLEdBQUcsQ0FBQztRQUNaLE9BQU8sR0FBRyxLQUFLLFFBQVE7UUFDdkIsT0FBTyxHQUFHLENBQUMsUUFBUSxLQUFLLFFBQVE7UUFDaEMsQ0FBQyxXQUFXLEVBQUUsUUFBUSxDQUFDLENBQUMsT0FBTyxDQUFDLE9BQU8sR0FBRyxDQUFDLGlCQUFpQixDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBQ2xFLENBQUMsV0FBVyxFQUFFLFFBQVEsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxPQUFPLEdBQUcsQ0FBQyxXQUFXLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDNUQsQ0FBQyxXQUFXLEVBQUUsUUFBUSxDQUFDLENBQUMsT0FBTyxDQUFDLE9BQU8sR0FBRyxDQUFDLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQztBQUwzRCxDQUsyRCxDQUFDO0FBRTlELElBQU0sNkJBQTZCLEdBQUcsVUFBQyxHQUFRO0lBQzdDLE9BQUEsbUJBQW1CLENBQUMsR0FBRyxDQUFDLElBQUksT0FBTyxHQUFHLENBQUMsY0FBYyxLQUFLLFFBQVEsSUFBSSxPQUFPLEdBQUcsQ0FBQyxpQkFBaUIsS0FBSyxXQUFXO0FBQWxILENBQWtILENBQUM7QUFFckgsSUFBTSwrQkFBK0IsR0FBRyxVQUFDLEdBQVE7SUFDL0MsT0FBQSxtQkFBbUIsQ0FBQyxHQUFHLENBQUMsSUFBSSxPQUFPLEdBQUcsQ0FBQyxpQkFBaUIsS0FBSyxRQUFRLElBQUksT0FBTyxHQUFHLENBQUMsY0FBYyxLQUFLLFdBQVc7QUFBbEgsQ0FBa0gsQ0FBQztBQUVySDs7O0dBR0c7QUFDSCxNQUFNLENBQUMsSUFBTSxPQUFPLEdBQ2xCLFVBQUMsSUFBc0I7SUFBdEIscUJBQUEsRUFBQSxTQUFzQjtJQUN2QixPQUFBOzs7O3dCQUNtQixxQkFBTSxlQUFlLENBQUMsSUFBSSxDQUFDLEVBQUE7O29CQUF0QyxRQUFRLEdBQUcsU0FBMkI7b0JBQzVDLHNCQUFPLGtCQUFrQixDQUFDLG9CQUFvQixDQUFDLElBQUksQ0FBQyxFQUFFLFFBQVEsRUFBRSxJQUFJLENBQUMsRUFBQzs7O1NBQ3ZFO0FBSEQsQ0FHQyxDQUFDO0FBRUosSUFBTSxrQkFBa0IsR0FBRyxVQUN6QixXQUFtQixFQUNuQixRQUF1QixFQUN2QixPQUFvQixFQUNwQixlQUFxRDtJQUFyRCxnQ0FBQSxFQUFBLG9CQUFxRDs7Ozs7OztvQkFFL0MsSUFBSSxHQUFHLFFBQVEsQ0FBQyxXQUFXLENBQUMsQ0FBQztvQkFFbkMseUVBQXlFO29CQUN6RSxxRUFBcUU7b0JBQ3JFLDBFQUEwRTtvQkFDMUUsSUFBSSxNQUFNLENBQUMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxDQUFDLE1BQU0sR0FBRyxDQUFDLElBQUksb0JBQW9CLENBQUMsSUFBSSxDQUFDLEVBQUU7d0JBQ3pFLHNCQUFPLHdCQUF3QixDQUFDLElBQUksQ0FBQyxFQUFDO3FCQUN2Qzt5QkFJRyxDQUFBLDZCQUE2QixDQUFDLElBQUksQ0FBQyxJQUFJLCtCQUErQixDQUFDLElBQUksQ0FBQyxDQUFBLEVBQTVFLHdCQUE0RTtvQkFFL0QsVUFBVSxHQU1yQixJQUFJLFlBTmlCLEVBQ3ZCLFVBQVUsR0FLUixJQUFJLFdBTEksRUFDQSxPQUFPLEdBSWYsSUFBSSxTQUpXLEVBQ2pCLEtBR0UsSUFBSSxrQkFIeUQsRUFBNUMsZUFBZSxtQkFBRyxhQUFhLEdBQUcsSUFBSSxDQUFDLEdBQUcsRUFBRSxLQUFBLEVBQy9ELGNBQWMsR0FFWixJQUFJLGVBRlEsRUFDZCxpQkFBaUIsR0FDZixJQUFJLGtCQURXLENBQ1Y7b0JBRVQsSUFBSSxDQUFDLE9BQU8sQ0FBQyxXQUFXLEVBQUU7d0JBQ3hCLE1BQU0sSUFBSSx3QkFBd0IsQ0FDaEMsYUFBVyxXQUFXLDJDQUF3QyxHQUFHLHlDQUF5QyxFQUMxRyxLQUFLLENBQ04sQ0FBQztxQkFDSDtvQkFFRCxJQUFJLGNBQWMsSUFBSSxjQUFjLElBQUksZUFBZSxFQUFFO3dCQUN2RCxNQUFNLElBQUksd0JBQXdCLENBQ2hDLGdFQUFnRTs2QkFDOUQsTUFBSSxvQkFBb0IsQ0FBQyxPQUFPLENBQUMseUJBQXNCLENBQUE7NEJBQ3ZELE1BQU0sQ0FBQyxJQUFJLENBQUMsZUFBZSxDQUFDLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxFQUN6QyxLQUFLLENBQ04sQ0FBQztxQkFDSDtvQkFFSyxXQUFXLEdBQUcsY0FBYzt3QkFDaEMsQ0FBQyxDQUFDLGtCQUFrQixDQUFDLGNBQWMsRUFBRSxRQUFRLEVBQUUsT0FBTyx3QkFDL0MsZUFBZSxnQkFDakIsY0FBYyxJQUFHLElBQUksT0FDdEI7d0JBQ0osQ0FBQyxDQUFDLHVCQUF1QixDQUFDLGlCQUFrQixFQUFFLFdBQVcsQ0FBQyxFQUFFLENBQUM7b0JBRXpELE1BQU0sR0FBcUIsRUFBRSxPQUFPLFNBQUEsRUFBRSxlQUFlLGlCQUFBLEVBQUUsVUFBVSxZQUFBLEVBQUUsQ0FBQzt5QkFDdEUsVUFBVSxFQUFWLHdCQUFVO29CQUNaLElBQUksQ0FBQyxPQUFPLENBQUMsZUFBZSxFQUFFO3dCQUM1QixNQUFNLElBQUksd0JBQXdCLENBQ2hDLGFBQVcsV0FBVywyQ0FBd0MsR0FBRyx5Q0FBeUMsRUFDMUcsS0FBSyxDQUNOLENBQUM7cUJBQ0g7b0JBQ0QsTUFBTSxDQUFDLFlBQVksR0FBRyxVQUFVLENBQUM7b0JBQ2pDLEtBQUEsTUFBTSxDQUFBO29CQUFhLHFCQUFNLE9BQU8sQ0FBQyxlQUFlLENBQUMsVUFBVSxDQUFDLEVBQUE7O29CQUE1RCxHQUFPLFNBQVMsR0FBRyxTQUF5QyxDQUFDOzs7b0JBR3hELEtBQUEsQ0FBQSxLQUFBLE9BQU8sQ0FBQSxDQUFDLFdBQVcsQ0FBQTtvQkFBQyxxQkFBTSxXQUFXLEVBQUE7d0JBQTVDLHNCQUFPLGNBQW9CLFNBQWlCLEVBQUUsTUFBTSxFQUFDLEVBQUM7O29CQUd4RCxvRUFBb0U7b0JBQ3BFLHlDQUF5QztvQkFDekMsSUFBSSxvQkFBb0IsQ0FBQyxJQUFJLENBQUMsRUFBRTt3QkFDOUIsc0JBQU8sd0JBQXdCLENBQUMsSUFBSSxDQUFDLEVBQUM7cUJBQ3ZDO29CQUVELG9FQUFvRTtvQkFDcEUsb0VBQW9FO29CQUNwRSxJQUFJLG9CQUFvQixDQUFDLElBQUksQ0FBQyxFQUFFO3dCQUM5QixzQkFBTyw2QkFBNkIsQ0FBQyxJQUFJLEVBQUUsT0FBTyxDQUFDLEVBQUM7cUJBQ3JEO29CQUNELElBQUksWUFBWSxDQUFDLElBQUksQ0FBQyxFQUFFO3dCQUNoQixLQUErRCxrQkFBa0IsQ0FBQyxJQUFJLENBQUMsRUFBckYsYUFBYSxtQkFBQSxFQUFFLGNBQWMsb0JBQUEsRUFBRSxVQUFVLGdCQUFBLEVBQUUsYUFBYSxtQkFBQSxDQUE4Qjt3QkFDOUYsc0JBQU8sT0FBTyxDQUFDO2dDQUNiLFdBQVcsRUFBRSxhQUFhO2dDQUMxQixZQUFZLEVBQUUsY0FBYztnQ0FDNUIsU0FBUyxFQUFFLFVBQVU7Z0NBQ3JCLFdBQVcsRUFBRSxhQUFhOzZCQUMzQixDQUFDLEVBQUUsRUFBQztxQkFDTjtvQkFFRCx5RUFBeUU7b0JBQ3pFLDRFQUE0RTtvQkFDNUUsd0VBQXdFO29CQUN4RSwwRUFBMEU7b0JBQzFFLHlCQUF5QjtvQkFDekIsTUFBTSxJQUFJLHdCQUF3QixDQUNoQyxhQUFXLFdBQVcsNENBQXlDLEdBQUcsb0JBQW9CLENBQ3ZGLENBQUM7Ozs7Q0FDSCxDQUFDO0FBRUY7Ozs7OztHQU1HO0FBQ0gsSUFBTSx1QkFBdUIsR0FBRyxVQUFDLGdCQUF3QixFQUFFLFdBQW1CO0lBQzVFLElBQU0sa0JBQWtCLEdBQWlEO1FBQ3ZFLFlBQVksRUFBRSxxQkFBcUI7UUFDbkMsbUJBQW1CLEVBQUUsb0JBQW9CO1FBQ3pDLFdBQVcsRUFBRSxPQUFPO0tBQ3JCLENBQUM7SUFDRixJQUFJLGdCQUFnQixJQUFJLGtCQUFrQixFQUFFO1FBQzFDLE9BQU8sa0JBQWtCLENBQUMsZ0JBQWdCLENBQUMsRUFBRSxDQUFDO0tBQy9DO1NBQU07UUFDTCxNQUFNLElBQUksd0JBQXdCLENBQ2hDLDhDQUE0QyxXQUFXLGNBQVMsZ0JBQWdCLE9BQUk7WUFDbEYsOERBQThELENBQ2pFLENBQUM7S0FDSDtBQUNILENBQUMsQ0FBQztBQUVGLElBQU0sd0JBQXdCLEdBQUcsVUFBQyxPQUEyQjtJQUMzRCxPQUFBLE9BQU8sQ0FBQyxPQUFPLENBQUM7UUFDZCxXQUFXLEVBQUUsT0FBTyxDQUFDLGlCQUFpQjtRQUN0QyxlQUFlLEVBQUUsT0FBTyxDQUFDLHFCQUFxQjtRQUM5QyxZQUFZLEVBQUUsT0FBTyxDQUFDLGlCQUFpQjtLQUN4QyxDQUFDO0FBSkYsQ0FJRSxDQUFDO0FBRUwsSUFBTSw2QkFBNkIsR0FBRyxVQUFPLE9BQTJCLEVBQUUsT0FBb0I7O1FBQzVGLHNCQUFBLGFBQWEsQ0FBQztnQkFDWixvQkFBb0IsRUFBRSxPQUFPLENBQUMsdUJBQXVCO2dCQUNyRCxPQUFPLEVBQUUsT0FBTyxDQUFDLFFBQVE7Z0JBQ3pCLGVBQWUsRUFBRSxPQUFPLENBQUMsaUJBQWlCO2dCQUMxQywwQkFBMEIsRUFBRSxPQUFPLENBQUMsMEJBQTBCO2FBQy9ELENBQUMsRUFBRSxFQUFBOztLQUFBLENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBmcm9tRW52IH0gZnJvbSBcIkBhd3Mtc2RrL2NyZWRlbnRpYWwtcHJvdmlkZXItZW52XCI7XG5pbXBvcnQgeyBmcm9tQ29udGFpbmVyTWV0YWRhdGEsIGZyb21JbnN0YW5jZU1ldGFkYXRhIH0gZnJvbSBcIkBhd3Mtc2RrL2NyZWRlbnRpYWwtcHJvdmlkZXItaW1kc1wiO1xuaW1wb3J0IHsgZnJvbVNTTywgaXNTc29Qcm9maWxlLCB2YWxpZGF0ZVNzb1Byb2ZpbGUgfSBmcm9tIFwiQGF3cy1zZGsvY3JlZGVudGlhbC1wcm92aWRlci1zc29cIjtcbmltcG9ydCB7IEFzc3VtZVJvbGVXaXRoV2ViSWRlbnRpdHlQYXJhbXMsIGZyb21Ub2tlbkZpbGUgfSBmcm9tIFwiQGF3cy1zZGsvY3JlZGVudGlhbC1wcm92aWRlci13ZWItaWRlbnRpdHlcIjtcbmltcG9ydCB7IENyZWRlbnRpYWxzUHJvdmlkZXJFcnJvciB9IGZyb20gXCJAYXdzLXNkay9wcm9wZXJ0eS1wcm92aWRlclwiO1xuaW1wb3J0IHsgUGFyc2VkSW5pRGF0YSwgUHJvZmlsZSB9IGZyb20gXCJAYXdzLXNkay9zaGFyZWQtaW5pLWZpbGUtbG9hZGVyXCI7XG5pbXBvcnQgeyBDcmVkZW50aWFsUHJvdmlkZXIsIENyZWRlbnRpYWxzIH0gZnJvbSBcIkBhd3Mtc2RrL3R5cGVzXCI7XG5pbXBvcnQgeyBnZXRNYXN0ZXJQcm9maWxlTmFtZSwgcGFyc2VLbm93bkZpbGVzLCBTb3VyY2VQcm9maWxlSW5pdCB9IGZyb20gXCJAYXdzLXNkay91dGlsLWNyZWRlbnRpYWxzXCI7XG5cbi8qKlxuICogQHNlZSBodHRwOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9BV1NKYXZhU2NyaXB0U0RLL2xhdGVzdC9BV1MvU1RTLmh0bWwjYXNzdW1lUm9sZS1wcm9wZXJ0eVxuICogVE9ETyB1cGRhdGUgdGhlIGFib3ZlIHRvIGxpbmsgdG8gVjMgZG9jc1xuICovXG5leHBvcnQgaW50ZXJmYWNlIEFzc3VtZVJvbGVQYXJhbXMge1xuICAvKipcbiAgICogVGhlIGlkZW50aWZpZXIgb2YgdGhlIHJvbGUgdG8gYmUgYXNzdW1lZC5cbiAgICovXG4gIFJvbGVBcm46IHN0cmluZztcblxuICAvKipcbiAgICogQSBuYW1lIGZvciB0aGUgYXNzdW1lZCByb2xlIHNlc3Npb24uXG4gICAqL1xuICBSb2xlU2Vzc2lvbk5hbWU6IHN0cmluZztcblxuICAvKipcbiAgICogQSB1bmlxdWUgaWRlbnRpZmllciB0aGF0IGlzIHVzZWQgYnkgdGhpcmQgcGFydGllcyB3aGVuIGFzc3VtaW5nIHJvbGVzIGluXG4gICAqIHRoZWlyIGN1c3RvbWVycycgYWNjb3VudHMuXG4gICAqL1xuICBFeHRlcm5hbElkPzogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBUaGUgaWRlbnRpZmljYXRpb24gbnVtYmVyIG9mIHRoZSBNRkEgZGV2aWNlIHRoYXQgaXMgYXNzb2NpYXRlZCB3aXRoIHRoZVxuICAgKiB1c2VyIHdobyBpcyBtYWtpbmcgdGhlIGBBc3N1bWVSb2xlYCBjYWxsLlxuICAgKi9cbiAgU2VyaWFsTnVtYmVyPzogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBUaGUgdmFsdWUgcHJvdmlkZWQgYnkgdGhlIE1GQSBkZXZpY2UuXG4gICAqL1xuICBUb2tlbkNvZGU/OiBzdHJpbmc7XG59XG5cbmV4cG9ydCBpbnRlcmZhY2UgRnJvbUluaUluaXQgZXh0ZW5kcyBTb3VyY2VQcm9maWxlSW5pdCB7XG4gIC8qKlxuICAgKiBBIGZ1bmN0aW9uIHRoYXQgcmV0dXJucyBhIHByb21pc2UgZnVsZmlsbGVkIHdpdGggYW4gTUZBIHRva2VuIGNvZGUgZm9yXG4gICAqIHRoZSBwcm92aWRlZCBNRkEgU2VyaWFsIGNvZGUuIElmIGEgcHJvZmlsZSByZXF1aXJlcyBhbiBNRkEgY29kZSBhbmRcbiAgICogYG1mYUNvZGVQcm92aWRlcmAgaXMgbm90IGEgdmFsaWQgZnVuY3Rpb24sIHRoZSBjcmVkZW50aWFsIHByb3ZpZGVyXG4gICAqIHByb21pc2Ugd2lsbCBiZSByZWplY3RlZC5cbiAgICpcbiAgICogQHBhcmFtIG1mYVNlcmlhbCBUaGUgc2VyaWFsIGNvZGUgb2YgdGhlIE1GQSBkZXZpY2Ugc3BlY2lmaWVkLlxuICAgKi9cbiAgbWZhQ29kZVByb3ZpZGVyPzogKG1mYVNlcmlhbDogc3RyaW5nKSA9PiBQcm9taXNlPHN0cmluZz47XG5cbiAgLyoqXG4gICAqIEEgZnVuY3Rpb24gdGhhdCBhc3N1bWVzIGEgcm9sZSBhbmQgcmV0dXJucyBhIHByb21pc2UgZnVsZmlsbGVkIHdpdGhcbiAgICogY3JlZGVudGlhbHMgZm9yIHRoZSBhc3N1bWVkIHJvbGUuXG4gICAqXG4gICAqIEBwYXJhbSBzb3VyY2VDcmVkcyBUaGUgY3JlZGVudGlhbHMgd2l0aCB3aGljaCB0byBhc3N1bWUgYSByb2xlLlxuICAgKiBAcGFyYW0gcGFyYW1zXG4gICAqL1xuICByb2xlQXNzdW1lcj86IChzb3VyY2VDcmVkczogQ3JlZGVudGlhbHMsIHBhcmFtczogQXNzdW1lUm9sZVBhcmFtcykgPT4gUHJvbWlzZTxDcmVkZW50aWFscz47XG5cbiAgLyoqXG4gICAqIEEgZnVuY3Rpb24gdGhhdCBhc3N1bWVzIGEgcm9sZSB3aXRoIHdlYiBpZGVudGl0eSBhbmQgcmV0dXJucyBhIHByb21pc2UgZnVsZmlsbGVkIHdpdGhcbiAgICogY3JlZGVudGlhbHMgZm9yIHRoZSBhc3N1bWVkIHJvbGUuXG4gICAqXG4gICAqIEBwYXJhbSBzb3VyY2VDcmVkcyBUaGUgY3JlZGVudGlhbHMgd2l0aCB3aGljaCB0byBhc3N1bWUgYSByb2xlLlxuICAgKiBAcGFyYW0gcGFyYW1zXG4gICAqL1xuICByb2xlQXNzdW1lcldpdGhXZWJJZGVudGl0eT86IChwYXJhbXM6IEFzc3VtZVJvbGVXaXRoV2ViSWRlbnRpdHlQYXJhbXMpID0+IFByb21pc2U8Q3JlZGVudGlhbHM+O1xufVxuXG5pbnRlcmZhY2UgU3RhdGljQ3JlZHNQcm9maWxlIGV4dGVuZHMgUHJvZmlsZSB7XG4gIGF3c19hY2Nlc3Nfa2V5X2lkOiBzdHJpbmc7XG4gIGF3c19zZWNyZXRfYWNjZXNzX2tleTogc3RyaW5nO1xuICBhd3Nfc2Vzc2lvbl90b2tlbj86IHN0cmluZztcbn1cblxuY29uc3QgaXNTdGF0aWNDcmVkc1Byb2ZpbGUgPSAoYXJnOiBhbnkpOiBhcmcgaXMgU3RhdGljQ3JlZHNQcm9maWxlID0+XG4gIEJvb2xlYW4oYXJnKSAmJlxuICB0eXBlb2YgYXJnID09PSBcIm9iamVjdFwiICYmXG4gIHR5cGVvZiBhcmcuYXdzX2FjY2Vzc19rZXlfaWQgPT09IFwic3RyaW5nXCIgJiZcbiAgdHlwZW9mIGFyZy5hd3Nfc2VjcmV0X2FjY2Vzc19rZXkgPT09IFwic3RyaW5nXCIgJiZcbiAgW1widW5kZWZpbmVkXCIsIFwic3RyaW5nXCJdLmluZGV4T2YodHlwZW9mIGFyZy5hd3Nfc2Vzc2lvbl90b2tlbikgPiAtMTtcblxuaW50ZXJmYWNlIFdlYklkZW50aXR5UHJvZmlsZSBleHRlbmRzIFByb2ZpbGUge1xuICB3ZWJfaWRlbnRpdHlfdG9rZW5fZmlsZTogc3RyaW5nO1xuICByb2xlX2Fybjogc3RyaW5nO1xuICByb2xlX3Nlc3Npb25fbmFtZT86IHN0cmluZztcbn1cblxuY29uc3QgaXNXZWJJZGVudGl0eVByb2ZpbGUgPSAoYXJnOiBhbnkpOiBhcmcgaXMgV2ViSWRlbnRpdHlQcm9maWxlID0+XG4gIEJvb2xlYW4oYXJnKSAmJlxuICB0eXBlb2YgYXJnID09PSBcIm9iamVjdFwiICYmXG4gIHR5cGVvZiBhcmcud2ViX2lkZW50aXR5X3Rva2VuX2ZpbGUgPT09IFwic3RyaW5nXCIgJiZcbiAgdHlwZW9mIGFyZy5yb2xlX2FybiA9PT0gXCJzdHJpbmdcIiAmJlxuICBbXCJ1bmRlZmluZWRcIiwgXCJzdHJpbmdcIl0uaW5kZXhPZih0eXBlb2YgYXJnLnJvbGVfc2Vzc2lvbl9uYW1lKSA+IC0xO1xuXG5pbnRlcmZhY2UgQXNzdW1lUm9sZVdpdGhTb3VyY2VQcm9maWxlIGV4dGVuZHMgUHJvZmlsZSB7XG4gIHJvbGVfYXJuOiBzdHJpbmc7XG4gIHNvdXJjZV9wcm9maWxlOiBzdHJpbmc7XG59XG5cbmludGVyZmFjZSBBc3N1bWVSb2xlV2l0aFByb3ZpZGVyUHJvZmlsZSBleHRlbmRzIFByb2ZpbGUge1xuICByb2xlX2Fybjogc3RyaW5nO1xuICBjcmVkZW50aWFsX3NvdXJjZTogc3RyaW5nO1xufVxuXG5jb25zdCBpc0Fzc3VtZVJvbGVQcm9maWxlID0gKGFyZzogYW55KSA9PlxuICBCb29sZWFuKGFyZykgJiZcbiAgdHlwZW9mIGFyZyA9PT0gXCJvYmplY3RcIiAmJlxuICB0eXBlb2YgYXJnLnJvbGVfYXJuID09PSBcInN0cmluZ1wiICYmXG4gIFtcInVuZGVmaW5lZFwiLCBcInN0cmluZ1wiXS5pbmRleE9mKHR5cGVvZiBhcmcucm9sZV9zZXNzaW9uX25hbWUpID4gLTEgJiZcbiAgW1widW5kZWZpbmVkXCIsIFwic3RyaW5nXCJdLmluZGV4T2YodHlwZW9mIGFyZy5leHRlcm5hbF9pZCkgPiAtMSAmJlxuICBbXCJ1bmRlZmluZWRcIiwgXCJzdHJpbmdcIl0uaW5kZXhPZih0eXBlb2YgYXJnLm1mYV9zZXJpYWwpID4gLTE7XG5cbmNvbnN0IGlzQXNzdW1lUm9sZVdpdGhTb3VyY2VQcm9maWxlID0gKGFyZzogYW55KTogYXJnIGlzIEFzc3VtZVJvbGVXaXRoU291cmNlUHJvZmlsZSA9PlxuICBpc0Fzc3VtZVJvbGVQcm9maWxlKGFyZykgJiYgdHlwZW9mIGFyZy5zb3VyY2VfcHJvZmlsZSA9PT0gXCJzdHJpbmdcIiAmJiB0eXBlb2YgYXJnLmNyZWRlbnRpYWxfc291cmNlID09PSBcInVuZGVmaW5lZFwiO1xuXG5jb25zdCBpc0Fzc3VtZVJvbGVXaXRoUHJvdmlkZXJQcm9maWxlID0gKGFyZzogYW55KTogYXJnIGlzIEFzc3VtZVJvbGVXaXRoUHJvdmlkZXJQcm9maWxlID0+XG4gIGlzQXNzdW1lUm9sZVByb2ZpbGUoYXJnKSAmJiB0eXBlb2YgYXJnLmNyZWRlbnRpYWxfc291cmNlID09PSBcInN0cmluZ1wiICYmIHR5cGVvZiBhcmcuc291cmNlX3Byb2ZpbGUgPT09IFwidW5kZWZpbmVkXCI7XG5cbi8qKlxuICogQ3JlYXRlcyBhIGNyZWRlbnRpYWwgcHJvdmlkZXIgdGhhdCB3aWxsIHJlYWQgZnJvbSBpbmkgZmlsZXMgYW5kIHN1cHBvcnRzXG4gKiByb2xlIGFzc3VtcHRpb24gYW5kIG11bHRpLWZhY3RvciBhdXRoZW50aWNhdGlvbi5cbiAqL1xuZXhwb3J0IGNvbnN0IGZyb21JbmkgPVxuICAoaW5pdDogRnJvbUluaUluaXQgPSB7fSk6IENyZWRlbnRpYWxQcm92aWRlciA9PlxuICBhc3luYyAoKSA9PiB7XG4gICAgY29uc3QgcHJvZmlsZXMgPSBhd2FpdCBwYXJzZUtub3duRmlsZXMoaW5pdCk7XG4gICAgcmV0dXJuIHJlc29sdmVQcm9maWxlRGF0YShnZXRNYXN0ZXJQcm9maWxlTmFtZShpbml0KSwgcHJvZmlsZXMsIGluaXQpO1xuICB9O1xuXG5jb25zdCByZXNvbHZlUHJvZmlsZURhdGEgPSBhc3luYyAoXG4gIHByb2ZpbGVOYW1lOiBzdHJpbmcsXG4gIHByb2ZpbGVzOiBQYXJzZWRJbmlEYXRhLFxuICBvcHRpb25zOiBGcm9tSW5pSW5pdCxcbiAgdmlzaXRlZFByb2ZpbGVzOiB7IFtwcm9maWxlTmFtZTogc3RyaW5nXTogdHJ1ZSB9ID0ge31cbik6IFByb21pc2U8Q3JlZGVudGlhbHM+ID0+IHtcbiAgY29uc3QgZGF0YSA9IHByb2ZpbGVzW3Byb2ZpbGVOYW1lXTtcblxuICAvLyBJZiB0aGlzIGlzIG5vdCB0aGUgZmlyc3QgcHJvZmlsZSB2aXNpdGVkLCBzdGF0aWMgY3JlZGVudGlhbHMgc2hvdWxkIGJlXG4gIC8vIHByZWZlcnJlZCBvdmVyIHJvbGUgYXNzdW1wdGlvbiBtZXRhZGF0YS4gVGhpcyBzcGVjaWFsIHRyZWF0bWVudCBvZlxuICAvLyBzZWNvbmQgYW5kIHN1YnNlcXVlbnQgaG9wcyBpcyB0byBlbnN1cmUgY29tcGF0aWJpbGl0eSB3aXRoIHRoZSBBV1MgQ0xJLlxuICBpZiAoT2JqZWN0LmtleXModmlzaXRlZFByb2ZpbGVzKS5sZW5ndGggPiAwICYmIGlzU3RhdGljQ3JlZHNQcm9maWxlKGRhdGEpKSB7XG4gICAgcmV0dXJuIHJlc29sdmVTdGF0aWNDcmVkZW50aWFscyhkYXRhKTtcbiAgfVxuXG4gIC8vIElmIHRoaXMgaXMgdGhlIGZpcnN0IHByb2ZpbGUgdmlzaXRlZCwgcm9sZSBhc3N1bXB0aW9uIGtleXMgc2hvdWxkIGJlXG4gIC8vIGdpdmVuIHByZWNlZGVuY2Ugb3ZlciBzdGF0aWMgY3JlZGVudGlhbHMuXG4gIGlmIChpc0Fzc3VtZVJvbGVXaXRoU291cmNlUHJvZmlsZShkYXRhKSB8fCBpc0Fzc3VtZVJvbGVXaXRoUHJvdmlkZXJQcm9maWxlKGRhdGEpKSB7XG4gICAgY29uc3Qge1xuICAgICAgZXh0ZXJuYWxfaWQ6IEV4dGVybmFsSWQsXG4gICAgICBtZmFfc2VyaWFsLFxuICAgICAgcm9sZV9hcm46IFJvbGVBcm4sXG4gICAgICByb2xlX3Nlc3Npb25fbmFtZTogUm9sZVNlc3Npb25OYW1lID0gXCJhd3Mtc2RrLWpzLVwiICsgRGF0ZS5ub3coKSxcbiAgICAgIHNvdXJjZV9wcm9maWxlLFxuICAgICAgY3JlZGVudGlhbF9zb3VyY2UsXG4gICAgfSA9IGRhdGE7XG5cbiAgICBpZiAoIW9wdGlvbnMucm9sZUFzc3VtZXIpIHtcbiAgICAgIHRocm93IG5ldyBDcmVkZW50aWFsc1Byb3ZpZGVyRXJyb3IoXG4gICAgICAgIGBQcm9maWxlICR7cHJvZmlsZU5hbWV9IHJlcXVpcmVzIGEgcm9sZSB0byBiZSBhc3N1bWVkLCBidXQgbm9gICsgYCByb2xlIGFzc3VtcHRpb24gY2FsbGJhY2sgd2FzIHByb3ZpZGVkLmAsXG4gICAgICAgIGZhbHNlXG4gICAgICApO1xuICAgIH1cblxuICAgIGlmIChzb3VyY2VfcHJvZmlsZSAmJiBzb3VyY2VfcHJvZmlsZSBpbiB2aXNpdGVkUHJvZmlsZXMpIHtcbiAgICAgIHRocm93IG5ldyBDcmVkZW50aWFsc1Byb3ZpZGVyRXJyb3IoXG4gICAgICAgIGBEZXRlY3RlZCBhIGN5Y2xlIGF0dGVtcHRpbmcgdG8gcmVzb2x2ZSBjcmVkZW50aWFscyBmb3IgcHJvZmlsZWAgK1xuICAgICAgICAgIGAgJHtnZXRNYXN0ZXJQcm9maWxlTmFtZShvcHRpb25zKX0uIFByb2ZpbGVzIHZpc2l0ZWQ6IGAgK1xuICAgICAgICAgIE9iamVjdC5rZXlzKHZpc2l0ZWRQcm9maWxlcykuam9pbihcIiwgXCIpLFxuICAgICAgICBmYWxzZVxuICAgICAgKTtcbiAgICB9XG5cbiAgICBjb25zdCBzb3VyY2VDcmVkcyA9IHNvdXJjZV9wcm9maWxlXG4gICAgICA/IHJlc29sdmVQcm9maWxlRGF0YShzb3VyY2VfcHJvZmlsZSwgcHJvZmlsZXMsIG9wdGlvbnMsIHtcbiAgICAgICAgICAuLi52aXNpdGVkUHJvZmlsZXMsXG4gICAgICAgICAgW3NvdXJjZV9wcm9maWxlXTogdHJ1ZSxcbiAgICAgICAgfSlcbiAgICAgIDogcmVzb2x2ZUNyZWRlbnRpYWxTb3VyY2UoY3JlZGVudGlhbF9zb3VyY2UhLCBwcm9maWxlTmFtZSkoKTtcblxuICAgIGNvbnN0IHBhcmFtczogQXNzdW1lUm9sZVBhcmFtcyA9IHsgUm9sZUFybiwgUm9sZVNlc3Npb25OYW1lLCBFeHRlcm5hbElkIH07XG4gICAgaWYgKG1mYV9zZXJpYWwpIHtcbiAgICAgIGlmICghb3B0aW9ucy5tZmFDb2RlUHJvdmlkZXIpIHtcbiAgICAgICAgdGhyb3cgbmV3IENyZWRlbnRpYWxzUHJvdmlkZXJFcnJvcihcbiAgICAgICAgICBgUHJvZmlsZSAke3Byb2ZpbGVOYW1lfSByZXF1aXJlcyBtdWx0aS1mYWN0b3IgYXV0aGVudGljYXRpb24sYCArIGAgYnV0IG5vIE1GQSBjb2RlIGNhbGxiYWNrIHdhcyBwcm92aWRlZC5gLFxuICAgICAgICAgIGZhbHNlXG4gICAgICAgICk7XG4gICAgICB9XG4gICAgICBwYXJhbXMuU2VyaWFsTnVtYmVyID0gbWZhX3NlcmlhbDtcbiAgICAgIHBhcmFtcy5Ub2tlbkNvZGUgPSBhd2FpdCBvcHRpb25zLm1mYUNvZGVQcm92aWRlcihtZmFfc2VyaWFsKTtcbiAgICB9XG5cbiAgICByZXR1cm4gb3B0aW9ucy5yb2xlQXNzdW1lcihhd2FpdCBzb3VyY2VDcmVkcywgcGFyYW1zKTtcbiAgfVxuXG4gIC8vIElmIG5vIHJvbGUgYXNzdW1wdGlvbiBtZXRhZGF0YSBpcyBwcmVzZW50LCBhdHRlbXB0IHRvIGxvYWQgc3RhdGljXG4gIC8vIGNyZWRlbnRpYWxzIGZyb20gdGhlIHNlbGVjdGVkIHByb2ZpbGUuXG4gIGlmIChpc1N0YXRpY0NyZWRzUHJvZmlsZShkYXRhKSkge1xuICAgIHJldHVybiByZXNvbHZlU3RhdGljQ3JlZGVudGlhbHMoZGF0YSk7XG4gIH1cblxuICAvLyBJZiBubyBzdGF0aWMgY3JlZGVudGlhbHMgYXJlIHByZXNlbnQsIGF0dGVtcHQgdG8gYXNzdW1lIHJvbGUgd2l0aFxuICAvLyB3ZWIgaWRlbnRpdHkgaWYgd2ViX2lkZW50aXR5X3Rva2VuX2ZpbGUgYW5kIHJvbGVfYXJuIGlzIGF2YWlsYWJsZVxuICBpZiAoaXNXZWJJZGVudGl0eVByb2ZpbGUoZGF0YSkpIHtcbiAgICByZXR1cm4gcmVzb2x2ZVdlYklkZW50aXR5Q3JlZGVudGlhbHMoZGF0YSwgb3B0aW9ucyk7XG4gIH1cbiAgaWYgKGlzU3NvUHJvZmlsZShkYXRhKSkge1xuICAgIGNvbnN0IHsgc3NvX3N0YXJ0X3VybCwgc3NvX2FjY291bnRfaWQsIHNzb19yZWdpb24sIHNzb19yb2xlX25hbWUgfSA9IHZhbGlkYXRlU3NvUHJvZmlsZShkYXRhKTtcbiAgICByZXR1cm4gZnJvbVNTTyh7XG4gICAgICBzc29TdGFydFVybDogc3NvX3N0YXJ0X3VybCxcbiAgICAgIHNzb0FjY291bnRJZDogc3NvX2FjY291bnRfaWQsXG4gICAgICBzc29SZWdpb246IHNzb19yZWdpb24sXG4gICAgICBzc29Sb2xlTmFtZTogc3NvX3JvbGVfbmFtZSxcbiAgICB9KSgpO1xuICB9XG5cbiAgLy8gSWYgdGhlIHByb2ZpbGUgY2Fubm90IGJlIHBhcnNlZCBvciBjb250YWlucyBuZWl0aGVyIHN0YXRpYyBjcmVkZW50aWFsc1xuICAvLyBub3Igcm9sZSBhc3N1bXB0aW9uIG1ldGFkYXRhLCB0aHJvdyBhbiBlcnJvci4gVGhpcyBzaG91bGQgYmUgY29uc2lkZXJlZCBhXG4gIC8vIHRlcm1pbmFsIHJlc29sdXRpb24gZXJyb3IgaWYgYSBwcm9maWxlIGhhcyBiZWVuIHNwZWNpZmllZCBieSB0aGUgdXNlclxuICAvLyAod2hldGhlciB2aWEgYSBwYXJhbWV0ZXIsIGFuIGVudmlyb25tZW50IHZhcmlhYmxlLCBvciBhbm90aGVyIHByb2ZpbGUnc1xuICAvLyBgc291cmNlX3Byb2ZpbGVgIGtleSkuXG4gIHRocm93IG5ldyBDcmVkZW50aWFsc1Byb3ZpZGVyRXJyb3IoXG4gICAgYFByb2ZpbGUgJHtwcm9maWxlTmFtZX0gY291bGQgbm90IGJlIGZvdW5kIG9yIHBhcnNlZCBpbiBzaGFyZWRgICsgYCBjcmVkZW50aWFscyBmaWxlLmBcbiAgKTtcbn07XG5cbi8qKlxuICogUmVzb2x2ZSB0aGUgYGNyZWRlbnRpYWxfc291cmNlYCBlbnRyeSBmcm9tIHRoZSBwcm9maWxlLCBhbmQgcmV0dXJuIHRoZVxuICogY3JlZGVudGlhbCBwcm92aWRlcnMgcmVzcGVjdGl2ZWx5LiBObyBtZW1vaXphdGlvbiBpcyBuZWVkZWQgZm9yIHRoZVxuICogY3JlZGVudGlhbCBzb3VyY2UgcHJvdmlkZXJzIGJlY2F1c2UgbWVtb2l6YXRpb24gc2hvdWxkIGJlIGFkZGVkIG91dHNpZGUgdGhlXG4gKiBmcm9tSW5pKCkgcHJvdmlkZXIuIFRoZSBzb3VyY2UgY3JlZGVudGlhbCBuZWVkcyB0byBiZSByZWZyZXNoZWQgZXZlcnkgdGltZVxuICogZnJvbUluaSgpIGlzIGNhbGxlZC5cbiAqL1xuY29uc3QgcmVzb2x2ZUNyZWRlbnRpYWxTb3VyY2UgPSAoY3JlZGVudGlhbFNvdXJjZTogc3RyaW5nLCBwcm9maWxlTmFtZTogc3RyaW5nKTogQ3JlZGVudGlhbFByb3ZpZGVyID0+IHtcbiAgY29uc3Qgc291cmNlUHJvdmlkZXJzTWFwOiB7IFtuYW1lOiBzdHJpbmddOiAoKSA9PiBDcmVkZW50aWFsUHJvdmlkZXIgfSA9IHtcbiAgICBFY3NDb250YWluZXI6IGZyb21Db250YWluZXJNZXRhZGF0YSxcbiAgICBFYzJJbnN0YW5jZU1ldGFkYXRhOiBmcm9tSW5zdGFuY2VNZXRhZGF0YSxcbiAgICBFbnZpcm9ubWVudDogZnJvbUVudixcbiAgfTtcbiAgaWYgKGNyZWRlbnRpYWxTb3VyY2UgaW4gc291cmNlUHJvdmlkZXJzTWFwKSB7XG4gICAgcmV0dXJuIHNvdXJjZVByb3ZpZGVyc01hcFtjcmVkZW50aWFsU291cmNlXSgpO1xuICB9IGVsc2Uge1xuICAgIHRocm93IG5ldyBDcmVkZW50aWFsc1Byb3ZpZGVyRXJyb3IoXG4gICAgICBgVW5zdXBwb3J0ZWQgY3JlZGVudGlhbCBzb3VyY2UgaW4gcHJvZmlsZSAke3Byb2ZpbGVOYW1lfS4gR290ICR7Y3JlZGVudGlhbFNvdXJjZX0sIGAgK1xuICAgICAgICBgZXhwZWN0ZWQgRWNzQ29udGFpbmVyIG9yIEVjMkluc3RhbmNlTWV0YWRhdGEgb3IgRW52aXJvbm1lbnQuYFxuICAgICk7XG4gIH1cbn07XG5cbmNvbnN0IHJlc29sdmVTdGF0aWNDcmVkZW50aWFscyA9IChwcm9maWxlOiBTdGF0aWNDcmVkc1Byb2ZpbGUpOiBQcm9taXNlPENyZWRlbnRpYWxzPiA9PlxuICBQcm9taXNlLnJlc29sdmUoe1xuICAgIGFjY2Vzc0tleUlkOiBwcm9maWxlLmF3c19hY2Nlc3Nfa2V5X2lkLFxuICAgIHNlY3JldEFjY2Vzc0tleTogcHJvZmlsZS5hd3Nfc2VjcmV0X2FjY2Vzc19rZXksXG4gICAgc2Vzc2lvblRva2VuOiBwcm9maWxlLmF3c19zZXNzaW9uX3Rva2VuLFxuICB9KTtcblxuY29uc3QgcmVzb2x2ZVdlYklkZW50aXR5Q3JlZGVudGlhbHMgPSBhc3luYyAocHJvZmlsZTogV2ViSWRlbnRpdHlQcm9maWxlLCBvcHRpb25zOiBGcm9tSW5pSW5pdCk6IFByb21pc2U8Q3JlZGVudGlhbHM+ID0+XG4gIGZyb21Ub2tlbkZpbGUoe1xuICAgIHdlYklkZW50aXR5VG9rZW5GaWxlOiBwcm9maWxlLndlYl9pZGVudGl0eV90b2tlbl9maWxlLFxuICAgIHJvbGVBcm46IHByb2ZpbGUucm9sZV9hcm4sXG4gICAgcm9sZVNlc3Npb25OYW1lOiBwcm9maWxlLnJvbGVfc2Vzc2lvbl9uYW1lLFxuICAgIHJvbGVBc3N1bWVyV2l0aFdlYklkZW50aXR5OiBvcHRpb25zLnJvbGVBc3N1bWVyV2l0aFdlYklkZW50aXR5LFxuICB9KSgpO1xuIl19
|
package/src/index.ts
DELETED
|
@@ -1,266 +0,0 @@
|
|
|
1
|
-
import { fromEnv } from "@aws-sdk/credential-provider-env";
|
|
2
|
-
import { fromContainerMetadata, fromInstanceMetadata } from "@aws-sdk/credential-provider-imds";
|
|
3
|
-
import { fromSSO, isSsoProfile, validateSsoProfile } from "@aws-sdk/credential-provider-sso";
|
|
4
|
-
import { AssumeRoleWithWebIdentityParams, fromTokenFile } from "@aws-sdk/credential-provider-web-identity";
|
|
5
|
-
import { CredentialsProviderError } from "@aws-sdk/property-provider";
|
|
6
|
-
import { ParsedIniData, Profile } from "@aws-sdk/shared-ini-file-loader";
|
|
7
|
-
import { CredentialProvider, Credentials } from "@aws-sdk/types";
|
|
8
|
-
import { getMasterProfileName, parseKnownFiles, SourceProfileInit } from "@aws-sdk/util-credentials";
|
|
9
|
-
|
|
10
|
-
/**
|
|
11
|
-
* @see http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/STS.html#assumeRole-property
|
|
12
|
-
* TODO update the above to link to V3 docs
|
|
13
|
-
*/
|
|
14
|
-
export interface AssumeRoleParams {
|
|
15
|
-
/**
|
|
16
|
-
* The identifier of the role to be assumed.
|
|
17
|
-
*/
|
|
18
|
-
RoleArn: string;
|
|
19
|
-
|
|
20
|
-
/**
|
|
21
|
-
* A name for the assumed role session.
|
|
22
|
-
*/
|
|
23
|
-
RoleSessionName: string;
|
|
24
|
-
|
|
25
|
-
/**
|
|
26
|
-
* A unique identifier that is used by third parties when assuming roles in
|
|
27
|
-
* their customers' accounts.
|
|
28
|
-
*/
|
|
29
|
-
ExternalId?: string;
|
|
30
|
-
|
|
31
|
-
/**
|
|
32
|
-
* The identification number of the MFA device that is associated with the
|
|
33
|
-
* user who is making the `AssumeRole` call.
|
|
34
|
-
*/
|
|
35
|
-
SerialNumber?: string;
|
|
36
|
-
|
|
37
|
-
/**
|
|
38
|
-
* The value provided by the MFA device.
|
|
39
|
-
*/
|
|
40
|
-
TokenCode?: string;
|
|
41
|
-
}
|
|
42
|
-
|
|
43
|
-
export interface FromIniInit extends SourceProfileInit {
|
|
44
|
-
/**
|
|
45
|
-
* A function that returns a promise fulfilled with an MFA token code for
|
|
46
|
-
* the provided MFA Serial code. If a profile requires an MFA code and
|
|
47
|
-
* `mfaCodeProvider` is not a valid function, the credential provider
|
|
48
|
-
* promise will be rejected.
|
|
49
|
-
*
|
|
50
|
-
* @param mfaSerial The serial code of the MFA device specified.
|
|
51
|
-
*/
|
|
52
|
-
mfaCodeProvider?: (mfaSerial: string) => Promise<string>;
|
|
53
|
-
|
|
54
|
-
/**
|
|
55
|
-
* A function that assumes a role and returns a promise fulfilled with
|
|
56
|
-
* credentials for the assumed role.
|
|
57
|
-
*
|
|
58
|
-
* @param sourceCreds The credentials with which to assume a role.
|
|
59
|
-
* @param params
|
|
60
|
-
*/
|
|
61
|
-
roleAssumer?: (sourceCreds: Credentials, params: AssumeRoleParams) => Promise<Credentials>;
|
|
62
|
-
|
|
63
|
-
/**
|
|
64
|
-
* A function that assumes a role with web identity and returns a promise fulfilled with
|
|
65
|
-
* credentials for the assumed role.
|
|
66
|
-
*
|
|
67
|
-
* @param sourceCreds The credentials with which to assume a role.
|
|
68
|
-
* @param params
|
|
69
|
-
*/
|
|
70
|
-
roleAssumerWithWebIdentity?: (params: AssumeRoleWithWebIdentityParams) => Promise<Credentials>;
|
|
71
|
-
}
|
|
72
|
-
|
|
73
|
-
interface StaticCredsProfile extends Profile {
|
|
74
|
-
aws_access_key_id: string;
|
|
75
|
-
aws_secret_access_key: string;
|
|
76
|
-
aws_session_token?: string;
|
|
77
|
-
}
|
|
78
|
-
|
|
79
|
-
const isStaticCredsProfile = (arg: any): arg is StaticCredsProfile =>
|
|
80
|
-
Boolean(arg) &&
|
|
81
|
-
typeof arg === "object" &&
|
|
82
|
-
typeof arg.aws_access_key_id === "string" &&
|
|
83
|
-
typeof arg.aws_secret_access_key === "string" &&
|
|
84
|
-
["undefined", "string"].indexOf(typeof arg.aws_session_token) > -1;
|
|
85
|
-
|
|
86
|
-
interface WebIdentityProfile extends Profile {
|
|
87
|
-
web_identity_token_file: string;
|
|
88
|
-
role_arn: string;
|
|
89
|
-
role_session_name?: string;
|
|
90
|
-
}
|
|
91
|
-
|
|
92
|
-
const isWebIdentityProfile = (arg: any): arg is WebIdentityProfile =>
|
|
93
|
-
Boolean(arg) &&
|
|
94
|
-
typeof arg === "object" &&
|
|
95
|
-
typeof arg.web_identity_token_file === "string" &&
|
|
96
|
-
typeof arg.role_arn === "string" &&
|
|
97
|
-
["undefined", "string"].indexOf(typeof arg.role_session_name) > -1;
|
|
98
|
-
|
|
99
|
-
interface AssumeRoleWithSourceProfile extends Profile {
|
|
100
|
-
role_arn: string;
|
|
101
|
-
source_profile: string;
|
|
102
|
-
}
|
|
103
|
-
|
|
104
|
-
interface AssumeRoleWithProviderProfile extends Profile {
|
|
105
|
-
role_arn: string;
|
|
106
|
-
credential_source: string;
|
|
107
|
-
}
|
|
108
|
-
|
|
109
|
-
const isAssumeRoleProfile = (arg: any) =>
|
|
110
|
-
Boolean(arg) &&
|
|
111
|
-
typeof arg === "object" &&
|
|
112
|
-
typeof arg.role_arn === "string" &&
|
|
113
|
-
["undefined", "string"].indexOf(typeof arg.role_session_name) > -1 &&
|
|
114
|
-
["undefined", "string"].indexOf(typeof arg.external_id) > -1 &&
|
|
115
|
-
["undefined", "string"].indexOf(typeof arg.mfa_serial) > -1;
|
|
116
|
-
|
|
117
|
-
const isAssumeRoleWithSourceProfile = (arg: any): arg is AssumeRoleWithSourceProfile =>
|
|
118
|
-
isAssumeRoleProfile(arg) && typeof arg.source_profile === "string" && typeof arg.credential_source === "undefined";
|
|
119
|
-
|
|
120
|
-
const isAssumeRoleWithProviderProfile = (arg: any): arg is AssumeRoleWithProviderProfile =>
|
|
121
|
-
isAssumeRoleProfile(arg) && typeof arg.credential_source === "string" && typeof arg.source_profile === "undefined";
|
|
122
|
-
|
|
123
|
-
/**
|
|
124
|
-
* Creates a credential provider that will read from ini files and supports
|
|
125
|
-
* role assumption and multi-factor authentication.
|
|
126
|
-
*/
|
|
127
|
-
export const fromIni =
|
|
128
|
-
(init: FromIniInit = {}): CredentialProvider =>
|
|
129
|
-
async () => {
|
|
130
|
-
const profiles = await parseKnownFiles(init);
|
|
131
|
-
return resolveProfileData(getMasterProfileName(init), profiles, init);
|
|
132
|
-
};
|
|
133
|
-
|
|
134
|
-
const resolveProfileData = async (
|
|
135
|
-
profileName: string,
|
|
136
|
-
profiles: ParsedIniData,
|
|
137
|
-
options: FromIniInit,
|
|
138
|
-
visitedProfiles: { [profileName: string]: true } = {}
|
|
139
|
-
): Promise<Credentials> => {
|
|
140
|
-
const data = profiles[profileName];
|
|
141
|
-
|
|
142
|
-
// If this is not the first profile visited, static credentials should be
|
|
143
|
-
// preferred over role assumption metadata. This special treatment of
|
|
144
|
-
// second and subsequent hops is to ensure compatibility with the AWS CLI.
|
|
145
|
-
if (Object.keys(visitedProfiles).length > 0 && isStaticCredsProfile(data)) {
|
|
146
|
-
return resolveStaticCredentials(data);
|
|
147
|
-
}
|
|
148
|
-
|
|
149
|
-
// If this is the first profile visited, role assumption keys should be
|
|
150
|
-
// given precedence over static credentials.
|
|
151
|
-
if (isAssumeRoleWithSourceProfile(data) || isAssumeRoleWithProviderProfile(data)) {
|
|
152
|
-
const {
|
|
153
|
-
external_id: ExternalId,
|
|
154
|
-
mfa_serial,
|
|
155
|
-
role_arn: RoleArn,
|
|
156
|
-
role_session_name: RoleSessionName = "aws-sdk-js-" + Date.now(),
|
|
157
|
-
source_profile,
|
|
158
|
-
credential_source,
|
|
159
|
-
} = data;
|
|
160
|
-
|
|
161
|
-
if (!options.roleAssumer) {
|
|
162
|
-
throw new CredentialsProviderError(
|
|
163
|
-
`Profile ${profileName} requires a role to be assumed, but no` + ` role assumption callback was provided.`,
|
|
164
|
-
false
|
|
165
|
-
);
|
|
166
|
-
}
|
|
167
|
-
|
|
168
|
-
if (source_profile && source_profile in visitedProfiles) {
|
|
169
|
-
throw new CredentialsProviderError(
|
|
170
|
-
`Detected a cycle attempting to resolve credentials for profile` +
|
|
171
|
-
` ${getMasterProfileName(options)}. Profiles visited: ` +
|
|
172
|
-
Object.keys(visitedProfiles).join(", "),
|
|
173
|
-
false
|
|
174
|
-
);
|
|
175
|
-
}
|
|
176
|
-
|
|
177
|
-
const sourceCreds = source_profile
|
|
178
|
-
? resolveProfileData(source_profile, profiles, options, {
|
|
179
|
-
...visitedProfiles,
|
|
180
|
-
[source_profile]: true,
|
|
181
|
-
})
|
|
182
|
-
: resolveCredentialSource(credential_source!, profileName)();
|
|
183
|
-
|
|
184
|
-
const params: AssumeRoleParams = { RoleArn, RoleSessionName, ExternalId };
|
|
185
|
-
if (mfa_serial) {
|
|
186
|
-
if (!options.mfaCodeProvider) {
|
|
187
|
-
throw new CredentialsProviderError(
|
|
188
|
-
`Profile ${profileName} requires multi-factor authentication,` + ` but no MFA code callback was provided.`,
|
|
189
|
-
false
|
|
190
|
-
);
|
|
191
|
-
}
|
|
192
|
-
params.SerialNumber = mfa_serial;
|
|
193
|
-
params.TokenCode = await options.mfaCodeProvider(mfa_serial);
|
|
194
|
-
}
|
|
195
|
-
|
|
196
|
-
return options.roleAssumer(await sourceCreds, params);
|
|
197
|
-
}
|
|
198
|
-
|
|
199
|
-
// If no role assumption metadata is present, attempt to load static
|
|
200
|
-
// credentials from the selected profile.
|
|
201
|
-
if (isStaticCredsProfile(data)) {
|
|
202
|
-
return resolveStaticCredentials(data);
|
|
203
|
-
}
|
|
204
|
-
|
|
205
|
-
// If no static credentials are present, attempt to assume role with
|
|
206
|
-
// web identity if web_identity_token_file and role_arn is available
|
|
207
|
-
if (isWebIdentityProfile(data)) {
|
|
208
|
-
return resolveWebIdentityCredentials(data, options);
|
|
209
|
-
}
|
|
210
|
-
if (isSsoProfile(data)) {
|
|
211
|
-
const { sso_start_url, sso_account_id, sso_region, sso_role_name } = validateSsoProfile(data);
|
|
212
|
-
return fromSSO({
|
|
213
|
-
ssoStartUrl: sso_start_url,
|
|
214
|
-
ssoAccountId: sso_account_id,
|
|
215
|
-
ssoRegion: sso_region,
|
|
216
|
-
ssoRoleName: sso_role_name,
|
|
217
|
-
})();
|
|
218
|
-
}
|
|
219
|
-
|
|
220
|
-
// If the profile cannot be parsed or contains neither static credentials
|
|
221
|
-
// nor role assumption metadata, throw an error. This should be considered a
|
|
222
|
-
// terminal resolution error if a profile has been specified by the user
|
|
223
|
-
// (whether via a parameter, an environment variable, or another profile's
|
|
224
|
-
// `source_profile` key).
|
|
225
|
-
throw new CredentialsProviderError(
|
|
226
|
-
`Profile ${profileName} could not be found or parsed in shared` + ` credentials file.`
|
|
227
|
-
);
|
|
228
|
-
};
|
|
229
|
-
|
|
230
|
-
/**
|
|
231
|
-
* Resolve the `credential_source` entry from the profile, and return the
|
|
232
|
-
* credential providers respectively. No memoization is needed for the
|
|
233
|
-
* credential source providers because memoization should be added outside the
|
|
234
|
-
* fromIni() provider. The source credential needs to be refreshed every time
|
|
235
|
-
* fromIni() is called.
|
|
236
|
-
*/
|
|
237
|
-
const resolveCredentialSource = (credentialSource: string, profileName: string): CredentialProvider => {
|
|
238
|
-
const sourceProvidersMap: { [name: string]: () => CredentialProvider } = {
|
|
239
|
-
EcsContainer: fromContainerMetadata,
|
|
240
|
-
Ec2InstanceMetadata: fromInstanceMetadata,
|
|
241
|
-
Environment: fromEnv,
|
|
242
|
-
};
|
|
243
|
-
if (credentialSource in sourceProvidersMap) {
|
|
244
|
-
return sourceProvidersMap[credentialSource]();
|
|
245
|
-
} else {
|
|
246
|
-
throw new CredentialsProviderError(
|
|
247
|
-
`Unsupported credential source in profile ${profileName}. Got ${credentialSource}, ` +
|
|
248
|
-
`expected EcsContainer or Ec2InstanceMetadata or Environment.`
|
|
249
|
-
);
|
|
250
|
-
}
|
|
251
|
-
};
|
|
252
|
-
|
|
253
|
-
const resolveStaticCredentials = (profile: StaticCredsProfile): Promise<Credentials> =>
|
|
254
|
-
Promise.resolve({
|
|
255
|
-
accessKeyId: profile.aws_access_key_id,
|
|
256
|
-
secretAccessKey: profile.aws_secret_access_key,
|
|
257
|
-
sessionToken: profile.aws_session_token,
|
|
258
|
-
});
|
|
259
|
-
|
|
260
|
-
const resolveWebIdentityCredentials = async (profile: WebIdentityProfile, options: FromIniInit): Promise<Credentials> =>
|
|
261
|
-
fromTokenFile({
|
|
262
|
-
webIdentityTokenFile: profile.web_identity_token_file,
|
|
263
|
-
roleArn: profile.role_arn,
|
|
264
|
-
roleSessionName: profile.role_session_name,
|
|
265
|
-
roleAssumerWithWebIdentity: options.roleAssumerWithWebIdentity,
|
|
266
|
-
})();
|
package/tsconfig.cjs.json
DELETED
package/tsconfig.es.json
DELETED