@aws-sdk/credential-provider-sso 3.21.0 → 3.25.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +43 -0
- package/README.md +22 -5
- package/dist/cjs/index.js +53 -21
- package/dist/es/index.js +98 -61
- package/dist/tsconfig.cjs.tsbuildinfo +1 -1
- package/dist/tsconfig.es.tsbuildinfo +1 -1
- package/dist/types/index.d.ts +38 -2
- package/dist/types/ts3.4/index.d.ts +38 -2
- package/package.json +9 -9
- package/src/index.spec.ts +193 -131
- package/src/index.ts +97 -29
package/CHANGELOG.md
CHANGED
|
@@ -3,6 +3,49 @@
|
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
|
4
4
|
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
|
|
5
5
|
|
|
6
|
+
# [3.25.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.24.0...v3.25.0) (2021-08-05)
|
|
7
|
+
|
|
8
|
+
**Note:** Version bump only for package @aws-sdk/credential-provider-sso
|
|
9
|
+
|
|
10
|
+
|
|
11
|
+
|
|
12
|
+
|
|
13
|
+
|
|
14
|
+
# [3.24.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.23.0...v3.24.0) (2021-07-29)
|
|
15
|
+
|
|
16
|
+
**Note:** Version bump only for package @aws-sdk/credential-provider-sso
|
|
17
|
+
|
|
18
|
+
|
|
19
|
+
|
|
20
|
+
|
|
21
|
+
|
|
22
|
+
# [3.23.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.22.0...v3.23.0) (2021-07-23)
|
|
23
|
+
|
|
24
|
+
|
|
25
|
+
### Bug Fixes
|
|
26
|
+
|
|
27
|
+
* bump up tslib to 2.3.0 ([#2601](https://github.com/aws/aws-sdk-js-v3/issues/2601)) ([7040faa](https://github.com/aws/aws-sdk-js-v3/commit/7040faac07976c1dcfd5240675b82a2f275b2a55))
|
|
28
|
+
|
|
29
|
+
|
|
30
|
+
|
|
31
|
+
|
|
32
|
+
|
|
33
|
+
# [3.22.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.21.0...v3.22.0) (2021-07-16)
|
|
34
|
+
|
|
35
|
+
|
|
36
|
+
### Bug Fixes
|
|
37
|
+
|
|
38
|
+
* **clients:** prefix `dist/` for typesVersions TS<4 ([#2580](https://github.com/aws/aws-sdk-js-v3/issues/2580)) ([dff5cd4](https://github.com/aws/aws-sdk-js-v3/commit/dff5cd4b6fa00453e938ce8f238c1542ee7ba3d6))
|
|
39
|
+
|
|
40
|
+
|
|
41
|
+
### Features
|
|
42
|
+
|
|
43
|
+
* **credential-provider-sso:** support sso credential when resolving shared credential file ([#2583](https://github.com/aws/aws-sdk-js-v3/issues/2583)) ([9480e70](https://github.com/aws/aws-sdk-js-v3/commit/9480e70da4ac59d4d08f01702b4e62bf42397394))
|
|
44
|
+
|
|
45
|
+
|
|
46
|
+
|
|
47
|
+
|
|
48
|
+
|
|
6
49
|
# [3.21.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.20.0...v3.21.0) (2021-07-09)
|
|
7
50
|
|
|
8
51
|
**Note:** Version bump only for package @aws-sdk/credential-provider-sso
|
package/README.md
CHANGED
|
@@ -6,20 +6,37 @@
|
|
|
6
6
|
## AWS Credential Provider for Node.js - AWS Single Sign-On (SSO)
|
|
7
7
|
|
|
8
8
|
This module provides a function, `fromSSO`, that creates
|
|
9
|
-
`CredentialProvider` functions that read from
|
|
10
|
-
shared configuration and credentials
|
|
11
|
-
files](https://docs.aws.amazon.com/credref/latest/refdocs/creds-config-files.html).
|
|
12
|
-
Profiles in the `credentials` file are given precedence over
|
|
13
|
-
profiles in the `config` file. This provider loads the
|
|
9
|
+
`CredentialProvider` functions that read from the
|
|
14
10
|
_resolved_ access token from local disk then requests temporary AWS
|
|
15
11
|
credentials. For guidance on the AWS Single Sign-On service, please
|
|
16
12
|
refer to [AWS's Single Sign-On documentation](https://aws.amazon.com/single-sign-on/).
|
|
17
13
|
|
|
14
|
+
You can create the `CredentialProvider` functions using the inline SSO
|
|
15
|
+
parameters(`ssoStartUrl`, `ssoAccountId`, `ssoRegion`, `ssoRoleName`) or load
|
|
16
|
+
them from [AWS SDKs and Tools shared configuration and credentials files](https://docs.aws.amazon.com/credref/latest/refdocs/creds-config-files.html).
|
|
17
|
+
Profiles in the `credentials` file are given precedence over
|
|
18
|
+
profiles in the `config` file.
|
|
19
|
+
|
|
20
|
+
This credential provider is intended for use with the AWS SDK for Node.js.
|
|
21
|
+
|
|
22
|
+
This credential provider **ONLY** supports profiles using the SSO credential. If
|
|
23
|
+
you have a profile that assumes a role which derived from the SSO credential,
|
|
24
|
+
you should use the `@aws-sdk/credential-provider-ini`, or
|
|
25
|
+
`@aws-sdk/credential-provider-node` package.
|
|
26
|
+
|
|
18
27
|
## Supported configuration
|
|
19
28
|
|
|
20
29
|
You may customize how credentials are resolved by providing an options hash to
|
|
21
30
|
the `fromSSO` factory function. The following options are supported:
|
|
22
31
|
|
|
32
|
+
- `ssoStartUrl`: The URL to the AWS SSO service. Required if any of the `sso*`
|
|
33
|
+
options(except for `ssoClient`) is provided.
|
|
34
|
+
- `ssoAccountId`: The ID of the AWS account to use for temporary credentials.
|
|
35
|
+
Required if any of the `sso*` options(except for `ssoClient`) is provided.
|
|
36
|
+
- `ssoRegion`: The AWS region to use for temporary credentials. Required if any
|
|
37
|
+
of the `sso*` options(except for `ssoClient`) is provided.
|
|
38
|
+
- `ssoRoleName`: The name of the AWS role to assume. Required if any of the
|
|
39
|
+
`sso*` options(except for `ssoClient`) is provided.
|
|
23
40
|
- `profile` - The configuration profile to use. If not specified, the provider
|
|
24
41
|
will use the value in the `AWS_PROFILE` environment variable or `default` by
|
|
25
42
|
default.
|
package/dist/cjs/index.js
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.fromSSO = exports.EXPIRE_WINDOW_MS = void 0;
|
|
3
|
+
exports.isSsoProfile = exports.validateSsoProfile = exports.fromSSO = exports.EXPIRE_WINDOW_MS = void 0;
|
|
4
4
|
const client_sso_1 = require("@aws-sdk/client-sso");
|
|
5
|
-
const credential_provider_ini_1 = require("@aws-sdk/credential-provider-ini");
|
|
6
5
|
const property_provider_1 = require("@aws-sdk/property-provider");
|
|
7
6
|
const shared_ini_file_loader_1 = require("@aws-sdk/shared-ini-file-loader");
|
|
7
|
+
const util_credentials_1 = require("@aws-sdk/util-credentials");
|
|
8
8
|
const crypto_1 = require("crypto");
|
|
9
9
|
const fs_1 = require("fs");
|
|
10
10
|
const path_1 = require("path");
|
|
@@ -21,25 +21,36 @@ const SHOULD_FAIL_CREDENTIAL_CHAIN = false;
|
|
|
21
21
|
* in ini files.
|
|
22
22
|
*/
|
|
23
23
|
const fromSSO = (init = {}) => async () => {
|
|
24
|
-
const
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
const
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
24
|
+
const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoClient } = init;
|
|
25
|
+
if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName) {
|
|
26
|
+
// Load the SSO config from shared AWS config file.
|
|
27
|
+
const profiles = await util_credentials_1.parseKnownFiles(init);
|
|
28
|
+
const profileName = util_credentials_1.getMasterProfileName(init);
|
|
29
|
+
const profile = profiles[profileName];
|
|
30
|
+
if (!exports.isSsoProfile(profile)) {
|
|
31
|
+
throw new property_provider_1.CredentialsProviderError(`Profile ${profileName} is not configured with SSO credentials.`);
|
|
32
|
+
}
|
|
33
|
+
const { sso_start_url, sso_account_id, sso_region, sso_role_name } = exports.validateSsoProfile(profile);
|
|
34
|
+
return resolveSSOCredentials({
|
|
35
|
+
ssoStartUrl: sso_start_url,
|
|
36
|
+
ssoAccountId: sso_account_id,
|
|
37
|
+
ssoRegion: sso_region,
|
|
38
|
+
ssoRoleName: sso_role_name,
|
|
39
|
+
ssoClient: ssoClient,
|
|
40
|
+
});
|
|
32
41
|
}
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
42
|
+
else if (!ssoStartUrl || !ssoAccountId || !ssoRegion || !ssoRoleName) {
|
|
43
|
+
throw new property_provider_1.CredentialsProviderError('Incomplete configuration. The fromSSO() argument hash must include "ssoStartUrl",' +
|
|
44
|
+
' "ssoAccountId", "ssoRegion", "ssoRoleName"');
|
|
36
45
|
}
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
`"sso_role_name", "sso_start_url". Reference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`, SHOULD_FAIL_CREDENTIAL_CHAIN);
|
|
46
|
+
else {
|
|
47
|
+
return resolveSSOCredentials({ ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoClient });
|
|
40
48
|
}
|
|
49
|
+
};
|
|
50
|
+
exports.fromSSO = fromSSO;
|
|
51
|
+
const resolveSSOCredentials = async ({ ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoClient, }) => {
|
|
41
52
|
const hasher = crypto_1.createHash("sha1");
|
|
42
|
-
const cacheName = hasher.update(
|
|
53
|
+
const cacheName = hasher.update(ssoStartUrl).digest("hex");
|
|
43
54
|
const tokenFile = path_1.join(shared_ini_file_loader_1.getHomeDir(), ".aws", "sso", "cache", `${cacheName}.json`);
|
|
44
55
|
let token;
|
|
45
56
|
try {
|
|
@@ -53,12 +64,12 @@ const resolveSSOCredentials = async (profileName, profiles, options) => {
|
|
|
53
64
|
`run aws sso login with the corresponding profile.`, SHOULD_FAIL_CREDENTIAL_CHAIN);
|
|
54
65
|
}
|
|
55
66
|
const { accessToken } = token;
|
|
56
|
-
const sso =
|
|
67
|
+
const sso = ssoClient || new client_sso_1.SSOClient({ region: ssoRegion });
|
|
57
68
|
let ssoResp;
|
|
58
69
|
try {
|
|
59
70
|
ssoResp = await sso.send(new client_sso_1.GetRoleCredentialsCommand({
|
|
60
|
-
accountId,
|
|
61
|
-
roleName,
|
|
71
|
+
accountId: ssoAccountId,
|
|
72
|
+
roleName: ssoRoleName,
|
|
62
73
|
accessToken,
|
|
63
74
|
}));
|
|
64
75
|
}
|
|
@@ -71,4 +82,25 @@ const resolveSSOCredentials = async (profileName, profiles, options) => {
|
|
|
71
82
|
}
|
|
72
83
|
return { accessKeyId, secretAccessKey, sessionToken, expiration: new Date(expiration) };
|
|
73
84
|
};
|
|
74
|
-
|
|
85
|
+
/**
|
|
86
|
+
* @internal
|
|
87
|
+
*/
|
|
88
|
+
const validateSsoProfile = (profile) => {
|
|
89
|
+
const { sso_start_url, sso_account_id, sso_region, sso_role_name } = profile;
|
|
90
|
+
if (!sso_start_url || !sso_account_id || !sso_region || !sso_role_name) {
|
|
91
|
+
throw new property_provider_1.CredentialsProviderError(`Profile is configured with invalid SSO credentials. Required parameters "sso_account_id", "sso_region", ` +
|
|
92
|
+
`"sso_role_name", "sso_start_url". Got ${Object.keys(profile).join(", ")}\nReference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`, SHOULD_FAIL_CREDENTIAL_CHAIN);
|
|
93
|
+
}
|
|
94
|
+
return profile;
|
|
95
|
+
};
|
|
96
|
+
exports.validateSsoProfile = validateSsoProfile;
|
|
97
|
+
/**
|
|
98
|
+
* @internal
|
|
99
|
+
*/
|
|
100
|
+
const isSsoProfile = (arg) => arg &&
|
|
101
|
+
(typeof arg.sso_start_url === "string" ||
|
|
102
|
+
typeof arg.sso_account_id === "string" ||
|
|
103
|
+
typeof arg.sso_region === "string" ||
|
|
104
|
+
typeof arg.sso_role_name === "string");
|
|
105
|
+
exports.isSsoProfile = isSsoProfile;
|
|
106
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsb0RBQTRHO0FBQzVHLGtFQUFzRTtBQUN0RSw0RUFBc0U7QUFFdEUsZ0VBQXFHO0FBQ3JHLG1DQUFvQztBQUNwQywyQkFBa0M7QUFDbEMsK0JBQTRCO0FBRTVCOzs7OztHQUtHO0FBQ1UsUUFBQSxnQkFBZ0IsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQztBQUUvQyxNQUFNLDRCQUE0QixHQUFHLEtBQUssQ0FBQztBQXVDM0M7OztHQUdHO0FBQ0ksTUFBTSxPQUFPLEdBQ2xCLENBQUMsT0FBd0QsRUFBUyxFQUFzQixFQUFFLENBQzFGLEtBQUssSUFBSSxFQUFFO0lBQ1QsTUFBTSxFQUFFLFdBQVcsRUFBRSxZQUFZLEVBQUUsU0FBUyxFQUFFLFdBQVcsRUFBRSxTQUFTLEVBQUUsR0FBRyxJQUFJLENBQUM7SUFDOUUsSUFBSSxDQUFDLFdBQVcsSUFBSSxDQUFDLFlBQVksSUFBSSxDQUFDLFNBQVMsSUFBSSxDQUFDLFdBQVcsRUFBRTtRQUMvRCxtREFBbUQ7UUFDbkQsTUFBTSxRQUFRLEdBQUcsTUFBTSxrQ0FBZSxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQzdDLE1BQU0sV0FBVyxHQUFHLHVDQUFvQixDQUFDLElBQUksQ0FBQyxDQUFDO1FBQy9DLE1BQU0sT0FBTyxHQUFHLFFBQVEsQ0FBQyxXQUFXLENBQUMsQ0FBQztRQUN0QyxJQUFJLENBQUMsb0JBQVksQ0FBQyxPQUFPLENBQUMsRUFBRTtZQUMxQixNQUFNLElBQUksNENBQXdCLENBQUMsV0FBVyxXQUFXLDBDQUEwQyxDQUFDLENBQUM7U0FDdEc7UUFDRCxNQUFNLEVBQUUsYUFBYSxFQUFFLGNBQWMsRUFBRSxVQUFVLEVBQUUsYUFBYSxFQUFFLEdBQUcsMEJBQWtCLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDakcsT0FBTyxxQkFBcUIsQ0FBQztZQUMzQixXQUFXLEVBQUUsYUFBYTtZQUMxQixZQUFZLEVBQUUsY0FBYztZQUM1QixTQUFTLEVBQUUsVUFBVTtZQUNyQixXQUFXLEVBQUUsYUFBYTtZQUMxQixTQUFTLEVBQUUsU0FBUztTQUNyQixDQUFDLENBQUM7S0FDSjtTQUFNLElBQUksQ0FBQyxXQUFXLElBQUksQ0FBQyxZQUFZLElBQUksQ0FBQyxTQUFTLElBQUksQ0FBQyxXQUFXLEVBQUU7UUFDdEUsTUFBTSxJQUFJLDRDQUF3QixDQUNoQyxtRkFBbUY7WUFDakYsNkNBQTZDLENBQ2hELENBQUM7S0FDSDtTQUFNO1FBQ0wsT0FBTyxxQkFBcUIsQ0FBQyxFQUFFLFdBQVcsRUFBRSxZQUFZLEVBQUUsU0FBUyxFQUFFLFdBQVcsRUFBRSxTQUFTLEVBQUUsQ0FBQyxDQUFDO0tBQ2hHO0FBQ0gsQ0FBQyxDQUFDO0FBNUJTLFFBQUEsT0FBTyxXQTRCaEI7QUFFSixNQUFNLHFCQUFxQixHQUFHLEtBQUssRUFBRSxFQUNuQyxXQUFXLEVBQ1gsWUFBWSxFQUNaLFNBQVMsRUFDVCxXQUFXLEVBQ1gsU0FBUyxHQUM4QixFQUF3QixFQUFFO0lBQ2pFLE1BQU0sTUFBTSxHQUFHLG1CQUFVLENBQUMsTUFBTSxDQUFDLENBQUM7SUFDbEMsTUFBTSxTQUFTLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQyxXQUFXLENBQUMsQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLENBQUM7SUFDM0QsTUFBTSxTQUFTLEdBQUcsV0FBSSxDQUFDLG1DQUFVLEVBQUUsRUFBRSxNQUFNLEVBQUUsS0FBSyxFQUFFLE9BQU8sRUFBRSxHQUFHLFNBQVMsT0FBTyxDQUFDLENBQUM7SUFDbEYsSUFBSSxLQUFlLENBQUM7SUFDcEIsSUFBSTtRQUNGLEtBQUssR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLGlCQUFZLENBQUMsU0FBUyxFQUFFLEVBQUUsUUFBUSxFQUFFLE9BQU8sRUFBRSxDQUFDLENBQUMsQ0FBQztRQUNuRSxJQUFJLElBQUksSUFBSSxDQUFDLEtBQUssQ0FBQyxTQUFTLENBQUMsQ0FBQyxPQUFPLEVBQUUsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLElBQUksd0JBQWdCLEVBQUU7WUFDeEUsTUFBTSxJQUFJLEtBQUssQ0FBQyx1QkFBdUIsQ0FBQyxDQUFDO1NBQzFDO0tBQ0Y7SUFBQyxPQUFPLENBQUMsRUFBRTtRQUNWLE1BQU0sSUFBSSw0Q0FBd0IsQ0FDaEMsZ0hBQWdIO1lBQzlHLG1EQUFtRCxFQUNyRCw0QkFBNEIsQ0FDN0IsQ0FBQztLQUNIO0lBQ0QsTUFBTSxFQUFFLFdBQVcsRUFBRSxHQUFHLEtBQUssQ0FBQztJQUM5QixNQUFNLEdBQUcsR0FBRyxTQUFTLElBQUksSUFBSSxzQkFBUyxDQUFDLEVBQUUsTUFBTSxFQUFFLFNBQVMsRUFBRSxDQUFDLENBQUM7SUFDOUQsSUFBSSxPQUF3QyxDQUFDO0lBQzdDLElBQUk7UUFDRixPQUFPLEdBQUcsTUFBTSxHQUFHLENBQUMsSUFBSSxDQUN0QixJQUFJLHNDQUF5QixDQUFDO1lBQzVCLFNBQVMsRUFBRSxZQUFZO1lBQ3ZCLFFBQVEsRUFBRSxXQUFXO1lBQ3JCLFdBQVc7U0FDWixDQUFDLENBQ0gsQ0FBQztLQUNIO0lBQUMsT0FBTyxDQUFDLEVBQUU7UUFDVixNQUFNLDRDQUF3QixDQUFDLElBQUksQ0FBQyxDQUFDLEVBQUUsNEJBQTRCLENBQUMsQ0FBQztLQUN0RTtJQUNELE1BQU0sRUFBRSxlQUFlLEVBQUUsRUFBRSxXQUFXLEVBQUUsZUFBZSxFQUFFLFlBQVksRUFBRSxVQUFVLEVBQUUsR0FBRyxFQUFFLEVBQUUsR0FBRyxPQUFPLENBQUM7SUFDckcsSUFBSSxDQUFDLFdBQVcsSUFBSSxDQUFDLGVBQWUsSUFBSSxDQUFDLFlBQVksSUFBSSxDQUFDLFVBQVUsRUFBRTtRQUNwRSxNQUFNLElBQUksNENBQXdCLENBQUMsOENBQThDLEVBQUUsNEJBQTRCLENBQUMsQ0FBQztLQUNsSDtJQUNELE9BQU8sRUFBRSxXQUFXLEVBQUUsZUFBZSxFQUFFLFlBQVksRUFBRSxVQUFVLEVBQUUsSUFBSSxJQUFJLENBQUMsVUFBVSxDQUFDLEVBQUUsQ0FBQztBQUMxRixDQUFDLENBQUM7QUFZRjs7R0FFRztBQUNJLE1BQU0sa0JBQWtCLEdBQUcsQ0FBQyxPQUE0QixFQUFjLEVBQUU7SUFDN0UsTUFBTSxFQUFFLGFBQWEsRUFBRSxjQUFjLEVBQUUsVUFBVSxFQUFFLGFBQWEsRUFBRSxHQUFHLE9BQU8sQ0FBQztJQUM3RSxJQUFJLENBQUMsYUFBYSxJQUFJLENBQUMsY0FBYyxJQUFJLENBQUMsVUFBVSxJQUFJLENBQUMsYUFBYSxFQUFFO1FBQ3RFLE1BQU0sSUFBSSw0Q0FBd0IsQ0FDaEMsMEdBQTBHO1lBQ3hHLHlDQUF5QyxNQUFNLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFDLElBQUksQ0FDaEUsSUFBSSxDQUNMLHNGQUFzRixFQUN6Riw0QkFBNEIsQ0FDN0IsQ0FBQztLQUNIO0lBQ0QsT0FBTyxPQUFxQixDQUFDO0FBQy9CLENBQUMsQ0FBQztBQVpXLFFBQUEsa0JBQWtCLHNCQVk3QjtBQUVGOztHQUVHO0FBQ0ksTUFBTSxZQUFZLEdBQUcsQ0FBQyxHQUFZLEVBQThCLEVBQUUsQ0FDdkUsR0FBRztJQUNILENBQUMsT0FBTyxHQUFHLENBQUMsYUFBYSxLQUFLLFFBQVE7UUFDcEMsT0FBTyxHQUFHLENBQUMsY0FBYyxLQUFLLFFBQVE7UUFDdEMsT0FBTyxHQUFHLENBQUMsVUFBVSxLQUFLLFFBQVE7UUFDbEMsT0FBTyxHQUFHLENBQUMsYUFBYSxLQUFLLFFBQVEsQ0FBQyxDQUFDO0FBTDlCLFFBQUEsWUFBWSxnQkFLa0IiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBHZXRSb2xlQ3JlZGVudGlhbHNDb21tYW5kLCBHZXRSb2xlQ3JlZGVudGlhbHNDb21tYW5kT3V0cHV0LCBTU09DbGllbnQgfSBmcm9tIFwiQGF3cy1zZGsvY2xpZW50LXNzb1wiO1xuaW1wb3J0IHsgQ3JlZGVudGlhbHNQcm92aWRlckVycm9yIH0gZnJvbSBcIkBhd3Mtc2RrL3Byb3BlcnR5LXByb3ZpZGVyXCI7XG5pbXBvcnQgeyBnZXRIb21lRGlyLCBQcm9maWxlIH0gZnJvbSBcIkBhd3Mtc2RrL3NoYXJlZC1pbmktZmlsZS1sb2FkZXJcIjtcbmltcG9ydCB7IENyZWRlbnRpYWxQcm92aWRlciwgQ3JlZGVudGlhbHMgfSBmcm9tIFwiQGF3cy1zZGsvdHlwZXNcIjtcbmltcG9ydCB7IGdldE1hc3RlclByb2ZpbGVOYW1lLCBwYXJzZUtub3duRmlsZXMsIFNvdXJjZVByb2ZpbGVJbml0IH0gZnJvbSBcIkBhd3Mtc2RrL3V0aWwtY3JlZGVudGlhbHNcIjtcbmltcG9ydCB7IGNyZWF0ZUhhc2ggfSBmcm9tIFwiY3J5cHRvXCI7XG5pbXBvcnQgeyByZWFkRmlsZVN5bmMgfSBmcm9tIFwiZnNcIjtcbmltcG9ydCB7IGpvaW4gfSBmcm9tIFwicGF0aFwiO1xuXG4vKipcbiAqIFRoZSB0aW1lIHdpbmRvdyAoMTUgbWlucykgdGhhdCBTREsgd2lsbCB0cmVhdCB0aGUgU1NPIHRva2VuIGV4cGlyZXMgaW4gYmVmb3JlIHRoZSBkZWZpbmVkIGV4cGlyYXRpb24gZGF0ZSBpbiB0b2tlbi5cbiAqIFRoaXMgaXMgbmVlZGVkIGJlY2F1c2Ugc2VydmVyIHNpZGUgbWF5IGhhdmUgaW52YWxpZGF0ZWQgdGhlIHRva2VuIGJlZm9yZSB0aGUgZGVmaW5lZCBleHBpcmF0aW9uIGRhdGUuXG4gKlxuICogQGludGVybmFsXG4gKi9cbmV4cG9ydCBjb25zdCBFWFBJUkVfV0lORE9XX01TID0gMTUgKiA2MCAqIDEwMDA7XG5cbmNvbnN0IFNIT1VMRF9GQUlMX0NSRURFTlRJQUxfQ0hBSU4gPSBmYWxzZTtcblxuLyoqXG4gKiBDYWNoZWQgU1NPIHRva2VuIHJldHJpZXZlZCBmcm9tIFNTTyBsb2dpbiBmbG93LlxuICovXG5pbnRlcmZhY2UgU1NPVG9rZW4ge1xuICAvLyBBIGJhc2U2NCBlbmNvZGVkIHN0cmluZyByZXR1cm5lZCBieSB0aGUgc3NvLW9pZGMgc2VydmljZS5cbiAgYWNjZXNzVG9rZW46IHN0cmluZztcbiAgLy8gUkZDMzMzOSBmb3JtYXQgdGltZXN0YW1wXG4gIGV4cGlyZXNBdDogc3RyaW5nO1xuICByZWdpb24/OiBzdHJpbmc7XG4gIHN0YXJ0VXJsPzogc3RyaW5nO1xufVxuXG5leHBvcnQgaW50ZXJmYWNlIFNzb0NyZWRlbnRpYWxzUGFyYW1ldGVycyB7XG4gIC8qKlxuICAgKiBUaGUgVVJMIHRvIHRoZSBBV1MgU1NPIHNlcnZpY2UuXG4gICAqL1xuICBzc29TdGFydFVybDogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBUaGUgSUQgb2YgdGhlIEFXUyBhY2NvdW50IHRvIHVzZSBmb3IgdGVtcG9yYXJ5IGNyZWRlbnRpYWxzLlxuICAgKi9cbiAgc3NvQWNjb3VudElkOiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIFRoZSBBV1MgcmVnaW9uIHRvIHVzZSBmb3IgdGVtcG9yYXJ5IGNyZWRlbnRpYWxzLlxuICAgKi9cbiAgc3NvUmVnaW9uOiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIFRoZSBuYW1lIG9mIHRoZSBBV1Mgcm9sZSB0byBhc3N1bWUuXG4gICAqL1xuICBzc29Sb2xlTmFtZTogc3RyaW5nO1xufVxuZXhwb3J0IGludGVyZmFjZSBGcm9tU1NPSW5pdCBleHRlbmRzIFNvdXJjZVByb2ZpbGVJbml0IHtcbiAgc3NvQ2xpZW50PzogU1NPQ2xpZW50O1xufVxuXG4vKipcbiAqIENyZWF0ZXMgYSBjcmVkZW50aWFsIHByb3ZpZGVyIHRoYXQgd2lsbCByZWFkIGZyb20gYSBjcmVkZW50aWFsX3Byb2Nlc3Mgc3BlY2lmaWVkXG4gKiBpbiBpbmkgZmlsZXMuXG4gKi9cbmV4cG9ydCBjb25zdCBmcm9tU1NPID1cbiAgKGluaXQ6IEZyb21TU09Jbml0ICYgUGFydGlhbDxTc29DcmVkZW50aWFsc1BhcmFtZXRlcnM+ID0ge30gYXMgYW55KTogQ3JlZGVudGlhbFByb3ZpZGVyID0+XG4gIGFzeW5jICgpID0+IHtcbiAgICBjb25zdCB7IHNzb1N0YXJ0VXJsLCBzc29BY2NvdW50SWQsIHNzb1JlZ2lvbiwgc3NvUm9sZU5hbWUsIHNzb0NsaWVudCB9ID0gaW5pdDtcbiAgICBpZiAoIXNzb1N0YXJ0VXJsICYmICFzc29BY2NvdW50SWQgJiYgIXNzb1JlZ2lvbiAmJiAhc3NvUm9sZU5hbWUpIHtcbiAgICAgIC8vIExvYWQgdGhlIFNTTyBjb25maWcgZnJvbSBzaGFyZWQgQVdTIGNvbmZpZyBmaWxlLlxuICAgICAgY29uc3QgcHJvZmlsZXMgPSBhd2FpdCBwYXJzZUtub3duRmlsZXMoaW5pdCk7XG4gICAgICBjb25zdCBwcm9maWxlTmFtZSA9IGdldE1hc3RlclByb2ZpbGVOYW1lKGluaXQpO1xuICAgICAgY29uc3QgcHJvZmlsZSA9IHByb2ZpbGVzW3Byb2ZpbGVOYW1lXTtcbiAgICAgIGlmICghaXNTc29Qcm9maWxlKHByb2ZpbGUpKSB7XG4gICAgICAgIHRocm93IG5ldyBDcmVkZW50aWFsc1Byb3ZpZGVyRXJyb3IoYFByb2ZpbGUgJHtwcm9maWxlTmFtZX0gaXMgbm90IGNvbmZpZ3VyZWQgd2l0aCBTU08gY3JlZGVudGlhbHMuYCk7XG4gICAgICB9XG4gICAgICBjb25zdCB7IHNzb19zdGFydF91cmwsIHNzb19hY2NvdW50X2lkLCBzc29fcmVnaW9uLCBzc29fcm9sZV9uYW1lIH0gPSB2YWxpZGF0ZVNzb1Byb2ZpbGUocHJvZmlsZSk7XG4gICAgICByZXR1cm4gcmVzb2x2ZVNTT0NyZWRlbnRpYWxzKHtcbiAgICAgICAgc3NvU3RhcnRVcmw6IHNzb19zdGFydF91cmwsXG4gICAgICAgIHNzb0FjY291bnRJZDogc3NvX2FjY291bnRfaWQsXG4gICAgICAgIHNzb1JlZ2lvbjogc3NvX3JlZ2lvbixcbiAgICAgICAgc3NvUm9sZU5hbWU6IHNzb19yb2xlX25hbWUsXG4gICAgICAgIHNzb0NsaWVudDogc3NvQ2xpZW50LFxuICAgICAgfSk7XG4gICAgfSBlbHNlIGlmICghc3NvU3RhcnRVcmwgfHwgIXNzb0FjY291bnRJZCB8fCAhc3NvUmVnaW9uIHx8ICFzc29Sb2xlTmFtZSkge1xuICAgICAgdGhyb3cgbmV3IENyZWRlbnRpYWxzUHJvdmlkZXJFcnJvcihcbiAgICAgICAgJ0luY29tcGxldGUgY29uZmlndXJhdGlvbi4gVGhlIGZyb21TU08oKSBhcmd1bWVudCBoYXNoIG11c3QgaW5jbHVkZSBcInNzb1N0YXJ0VXJsXCIsJyArXG4gICAgICAgICAgJyBcInNzb0FjY291bnRJZFwiLCBcInNzb1JlZ2lvblwiLCBcInNzb1JvbGVOYW1lXCInXG4gICAgICApO1xuICAgIH0gZWxzZSB7XG4gICAgICByZXR1cm4gcmVzb2x2ZVNTT0NyZWRlbnRpYWxzKHsgc3NvU3RhcnRVcmwsIHNzb0FjY291bnRJZCwgc3NvUmVnaW9uLCBzc29Sb2xlTmFtZSwgc3NvQ2xpZW50IH0pO1xuICAgIH1cbiAgfTtcblxuY29uc3QgcmVzb2x2ZVNTT0NyZWRlbnRpYWxzID0gYXN5bmMgKHtcbiAgc3NvU3RhcnRVcmwsXG4gIHNzb0FjY291bnRJZCxcbiAgc3NvUmVnaW9uLFxuICBzc29Sb2xlTmFtZSxcbiAgc3NvQ2xpZW50LFxufTogRnJvbVNTT0luaXQgJiBTc29DcmVkZW50aWFsc1BhcmFtZXRlcnMpOiBQcm9taXNlPENyZWRlbnRpYWxzPiA9PiB7XG4gIGNvbnN0IGhhc2hlciA9IGNyZWF0ZUhhc2goXCJzaGExXCIpO1xuICBjb25zdCBjYWNoZU5hbWUgPSBoYXNoZXIudXBkYXRlKHNzb1N0YXJ0VXJsKS5kaWdlc3QoXCJoZXhcIik7XG4gIGNvbnN0IHRva2VuRmlsZSA9IGpvaW4oZ2V0SG9tZURpcigpLCBcIi5hd3NcIiwgXCJzc29cIiwgXCJjYWNoZVwiLCBgJHtjYWNoZU5hbWV9Lmpzb25gKTtcbiAgbGV0IHRva2VuOiBTU09Ub2tlbjtcbiAgdHJ5IHtcbiAgICB0b2tlbiA9IEpTT04ucGFyc2UocmVhZEZpbGVTeW5jKHRva2VuRmlsZSwgeyBlbmNvZGluZzogXCJ1dGYtOFwiIH0pKTtcbiAgICBpZiAobmV3IERhdGUodG9rZW4uZXhwaXJlc0F0KS5nZXRUaW1lKCkgLSBEYXRlLm5vdygpIDw9IEVYUElSRV9XSU5ET1dfTVMpIHtcbiAgICAgIHRocm93IG5ldyBFcnJvcihcIlNTTyB0b2tlbiBpcyBleHBpcmVkLlwiKTtcbiAgICB9XG4gIH0gY2F0Y2ggKGUpIHtcbiAgICB0aHJvdyBuZXcgQ3JlZGVudGlhbHNQcm92aWRlckVycm9yKFxuICAgICAgYFRoZSBTU08gc2Vzc2lvbiBhc3NvY2lhdGVkIHdpdGggdGhpcyBwcm9maWxlIGhhcyBleHBpcmVkIG9yIGlzIG90aGVyd2lzZSBpbnZhbGlkLiBUbyByZWZyZXNoIHRoaXMgU1NPIHNlc3Npb24gYCArXG4gICAgICAgIGBydW4gYXdzIHNzbyBsb2dpbiB3aXRoIHRoZSBjb3JyZXNwb25kaW5nIHByb2ZpbGUuYCxcbiAgICAgIFNIT1VMRF9GQUlMX0NSRURFTlRJQUxfQ0hBSU5cbiAgICApO1xuICB9XG4gIGNvbnN0IHsgYWNjZXNzVG9rZW4gfSA9IHRva2VuO1xuICBjb25zdCBzc28gPSBzc29DbGllbnQgfHwgbmV3IFNTT0NsaWVudCh7IHJlZ2lvbjogc3NvUmVnaW9uIH0pO1xuICBsZXQgc3NvUmVzcDogR2V0Um9sZUNyZWRlbnRpYWxzQ29tbWFuZE91dHB1dDtcbiAgdHJ5IHtcbiAgICBzc29SZXNwID0gYXdhaXQgc3NvLnNlbmQoXG4gICAgICBuZXcgR2V0Um9sZUNyZWRlbnRpYWxzQ29tbWFuZCh7XG4gICAgICAgIGFjY291bnRJZDogc3NvQWNjb3VudElkLFxuICAgICAgICByb2xlTmFtZTogc3NvUm9sZU5hbWUsXG4gICAgICAgIGFjY2Vzc1Rva2VuLFxuICAgICAgfSlcbiAgICApO1xuICB9IGNhdGNoIChlKSB7XG4gICAgdGhyb3cgQ3JlZGVudGlhbHNQcm92aWRlckVycm9yLmZyb20oZSwgU0hPVUxEX0ZBSUxfQ1JFREVOVElBTF9DSEFJTik7XG4gIH1cbiAgY29uc3QgeyByb2xlQ3JlZGVudGlhbHM6IHsgYWNjZXNzS2V5SWQsIHNlY3JldEFjY2Vzc0tleSwgc2Vzc2lvblRva2VuLCBleHBpcmF0aW9uIH0gPSB7fSB9ID0gc3NvUmVzcDtcbiAgaWYgKCFhY2Nlc3NLZXlJZCB8fCAhc2VjcmV0QWNjZXNzS2V5IHx8ICFzZXNzaW9uVG9rZW4gfHwgIWV4cGlyYXRpb24pIHtcbiAgICB0aHJvdyBuZXcgQ3JlZGVudGlhbHNQcm92aWRlckVycm9yKFwiU1NPIHJldHVybnMgYW4gaW52YWxpZCB0ZW1wb3JhcnkgY3JlZGVudGlhbC5cIiwgU0hPVUxEX0ZBSUxfQ1JFREVOVElBTF9DSEFJTik7XG4gIH1cbiAgcmV0dXJuIHsgYWNjZXNzS2V5SWQsIHNlY3JldEFjY2Vzc0tleSwgc2Vzc2lvblRva2VuLCBleHBpcmF0aW9uOiBuZXcgRGF0ZShleHBpcmF0aW9uKSB9O1xufTtcblxuLyoqXG4gKiBAaW50ZXJuYWxcbiAqL1xuZXhwb3J0IGludGVyZmFjZSBTc29Qcm9maWxlIGV4dGVuZHMgUHJvZmlsZSB7XG4gIHNzb19zdGFydF91cmw6IHN0cmluZztcbiAgc3NvX2FjY291bnRfaWQ6IHN0cmluZztcbiAgc3NvX3JlZ2lvbjogc3RyaW5nO1xuICBzc29fcm9sZV9uYW1lOiBzdHJpbmc7XG59XG5cbi8qKlxuICogQGludGVybmFsXG4gKi9cbmV4cG9ydCBjb25zdCB2YWxpZGF0ZVNzb1Byb2ZpbGUgPSAocHJvZmlsZTogUGFydGlhbDxTc29Qcm9maWxlPik6IFNzb1Byb2ZpbGUgPT4ge1xuICBjb25zdCB7IHNzb19zdGFydF91cmwsIHNzb19hY2NvdW50X2lkLCBzc29fcmVnaW9uLCBzc29fcm9sZV9uYW1lIH0gPSBwcm9maWxlO1xuICBpZiAoIXNzb19zdGFydF91cmwgfHwgIXNzb19hY2NvdW50X2lkIHx8ICFzc29fcmVnaW9uIHx8ICFzc29fcm9sZV9uYW1lKSB7XG4gICAgdGhyb3cgbmV3IENyZWRlbnRpYWxzUHJvdmlkZXJFcnJvcihcbiAgICAgIGBQcm9maWxlIGlzIGNvbmZpZ3VyZWQgd2l0aCBpbnZhbGlkIFNTTyBjcmVkZW50aWFscy4gUmVxdWlyZWQgcGFyYW1ldGVycyBcInNzb19hY2NvdW50X2lkXCIsIFwic3NvX3JlZ2lvblwiLCBgICtcbiAgICAgICAgYFwic3NvX3JvbGVfbmFtZVwiLCBcInNzb19zdGFydF91cmxcIi4gR290ICR7T2JqZWN0LmtleXMocHJvZmlsZSkuam9pbihcbiAgICAgICAgICBcIiwgXCJcbiAgICAgICAgKX1cXG5SZWZlcmVuY2U6IGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9jbGkvbGF0ZXN0L3VzZXJndWlkZS9jbGktY29uZmlndXJlLXNzby5odG1sYCxcbiAgICAgIFNIT1VMRF9GQUlMX0NSRURFTlRJQUxfQ0hBSU5cbiAgICApO1xuICB9XG4gIHJldHVybiBwcm9maWxlIGFzIFNzb1Byb2ZpbGU7XG59O1xuXG4vKipcbiAqIEBpbnRlcm5hbFxuICovXG5leHBvcnQgY29uc3QgaXNTc29Qcm9maWxlID0gKGFyZzogUHJvZmlsZSk6IGFyZyBpcyBQYXJ0aWFsPFNzb1Byb2ZpbGU+ID0+XG4gIGFyZyAmJlxuICAodHlwZW9mIGFyZy5zc29fc3RhcnRfdXJsID09PSBcInN0cmluZ1wiIHx8XG4gICAgdHlwZW9mIGFyZy5zc29fYWNjb3VudF9pZCA9PT0gXCJzdHJpbmdcIiB8fFxuICAgIHR5cGVvZiBhcmcuc3NvX3JlZ2lvbiA9PT0gXCJzdHJpbmdcIiB8fFxuICAgIHR5cGVvZiBhcmcuc3NvX3JvbGVfbmFtZSA9PT0gXCJzdHJpbmdcIik7XG4iXX0=
|
package/dist/es/index.js
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
import { __awaiter, __generator } from "tslib";
|
|
2
2
|
import { GetRoleCredentialsCommand, SSOClient } from "@aws-sdk/client-sso";
|
|
3
|
-
import { getMasterProfileName, parseKnownFiles } from "@aws-sdk/credential-provider-ini";
|
|
4
3
|
import { CredentialsProviderError } from "@aws-sdk/property-provider";
|
|
5
4
|
import { getHomeDir } from "@aws-sdk/shared-ini-file-loader";
|
|
5
|
+
import { getMasterProfileName, parseKnownFiles } from "@aws-sdk/util-credentials";
|
|
6
6
|
import { createHash } from "crypto";
|
|
7
7
|
import { readFileSync } from "fs";
|
|
8
8
|
import { join } from "path";
|
|
@@ -21,70 +21,107 @@ var SHOULD_FAIL_CREDENTIAL_CHAIN = false;
|
|
|
21
21
|
export var fromSSO = function (init) {
|
|
22
22
|
if (init === void 0) { init = {}; }
|
|
23
23
|
return function () { return __awaiter(void 0, void 0, void 0, function () {
|
|
24
|
-
var profiles;
|
|
25
|
-
return __generator(this, function (
|
|
26
|
-
switch (
|
|
27
|
-
case 0:
|
|
24
|
+
var ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoClient, profiles, profileName, profile, _a, sso_start_url, sso_account_id, sso_region, sso_role_name;
|
|
25
|
+
return __generator(this, function (_b) {
|
|
26
|
+
switch (_b.label) {
|
|
27
|
+
case 0:
|
|
28
|
+
ssoStartUrl = init.ssoStartUrl, ssoAccountId = init.ssoAccountId, ssoRegion = init.ssoRegion, ssoRoleName = init.ssoRoleName, ssoClient = init.ssoClient;
|
|
29
|
+
if (!(!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName)) return [3 /*break*/, 2];
|
|
30
|
+
return [4 /*yield*/, parseKnownFiles(init)];
|
|
28
31
|
case 1:
|
|
29
|
-
profiles =
|
|
30
|
-
|
|
32
|
+
profiles = _b.sent();
|
|
33
|
+
profileName = getMasterProfileName(init);
|
|
34
|
+
profile = profiles[profileName];
|
|
35
|
+
if (!isSsoProfile(profile)) {
|
|
36
|
+
throw new CredentialsProviderError("Profile " + profileName + " is not configured with SSO credentials.");
|
|
37
|
+
}
|
|
38
|
+
_a = validateSsoProfile(profile), sso_start_url = _a.sso_start_url, sso_account_id = _a.sso_account_id, sso_region = _a.sso_region, sso_role_name = _a.sso_role_name;
|
|
39
|
+
return [2 /*return*/, resolveSSOCredentials({
|
|
40
|
+
ssoStartUrl: sso_start_url,
|
|
41
|
+
ssoAccountId: sso_account_id,
|
|
42
|
+
ssoRegion: sso_region,
|
|
43
|
+
ssoRoleName: sso_role_name,
|
|
44
|
+
ssoClient: ssoClient,
|
|
45
|
+
})];
|
|
46
|
+
case 2:
|
|
47
|
+
if (!ssoStartUrl || !ssoAccountId || !ssoRegion || !ssoRoleName) {
|
|
48
|
+
throw new CredentialsProviderError('Incomplete configuration. The fromSSO() argument hash must include "ssoStartUrl",' +
|
|
49
|
+
' "ssoAccountId", "ssoRegion", "ssoRoleName"');
|
|
50
|
+
}
|
|
51
|
+
else {
|
|
52
|
+
return [2 /*return*/, resolveSSOCredentials({ ssoStartUrl: ssoStartUrl, ssoAccountId: ssoAccountId, ssoRegion: ssoRegion, ssoRoleName: ssoRoleName, ssoClient: ssoClient })];
|
|
53
|
+
}
|
|
54
|
+
_b.label = 3;
|
|
55
|
+
case 3: return [2 /*return*/];
|
|
31
56
|
}
|
|
32
57
|
});
|
|
33
58
|
}); };
|
|
34
59
|
};
|
|
35
|
-
var resolveSSOCredentials = function (
|
|
36
|
-
var
|
|
37
|
-
return
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
"\"sso_role_name\", \"sso_start_url\". Reference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html", SHOULD_FAIL_CREDENTIAL_CHAIN);
|
|
51
|
-
}
|
|
52
|
-
hasher = createHash("sha1");
|
|
53
|
-
cacheName = hasher.update(startUrl).digest("hex");
|
|
54
|
-
tokenFile = join(getHomeDir(), ".aws", "sso", "cache", cacheName + ".json");
|
|
55
|
-
try {
|
|
56
|
-
token = JSON.parse(readFileSync(tokenFile, { encoding: "utf-8" }));
|
|
57
|
-
if (new Date(token.expiresAt).getTime() - Date.now() <= EXPIRE_WINDOW_MS) {
|
|
58
|
-
throw new Error("SSO token is expired.");
|
|
60
|
+
var resolveSSOCredentials = function (_a) {
|
|
61
|
+
var ssoStartUrl = _a.ssoStartUrl, ssoAccountId = _a.ssoAccountId, ssoRegion = _a.ssoRegion, ssoRoleName = _a.ssoRoleName, ssoClient = _a.ssoClient;
|
|
62
|
+
return __awaiter(void 0, void 0, void 0, function () {
|
|
63
|
+
var hasher, cacheName, tokenFile, token, accessToken, sso, ssoResp, e_1, _b, _c, accessKeyId, secretAccessKey, sessionToken, expiration;
|
|
64
|
+
return __generator(this, function (_d) {
|
|
65
|
+
switch (_d.label) {
|
|
66
|
+
case 0:
|
|
67
|
+
hasher = createHash("sha1");
|
|
68
|
+
cacheName = hasher.update(ssoStartUrl).digest("hex");
|
|
69
|
+
tokenFile = join(getHomeDir(), ".aws", "sso", "cache", cacheName + ".json");
|
|
70
|
+
try {
|
|
71
|
+
token = JSON.parse(readFileSync(tokenFile, { encoding: "utf-8" }));
|
|
72
|
+
if (new Date(token.expiresAt).getTime() - Date.now() <= EXPIRE_WINDOW_MS) {
|
|
73
|
+
throw new Error("SSO token is expired.");
|
|
74
|
+
}
|
|
59
75
|
}
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
}
|
|
76
|
+
catch (e) {
|
|
77
|
+
throw new CredentialsProviderError("The SSO session associated with this profile has expired or is otherwise invalid. To refresh this SSO session " +
|
|
78
|
+
"run aws sso login with the corresponding profile.", SHOULD_FAIL_CREDENTIAL_CHAIN);
|
|
79
|
+
}
|
|
80
|
+
accessToken = token.accessToken;
|
|
81
|
+
sso = ssoClient || new SSOClient({ region: ssoRegion });
|
|
82
|
+
_d.label = 1;
|
|
83
|
+
case 1:
|
|
84
|
+
_d.trys.push([1, 3, , 4]);
|
|
85
|
+
return [4 /*yield*/, sso.send(new GetRoleCredentialsCommand({
|
|
86
|
+
accountId: ssoAccountId,
|
|
87
|
+
roleName: ssoRoleName,
|
|
88
|
+
accessToken: accessToken,
|
|
89
|
+
}))];
|
|
90
|
+
case 2:
|
|
91
|
+
ssoResp = _d.sent();
|
|
92
|
+
return [3 /*break*/, 4];
|
|
93
|
+
case 3:
|
|
94
|
+
e_1 = _d.sent();
|
|
95
|
+
throw CredentialsProviderError.from(e_1, SHOULD_FAIL_CREDENTIAL_CHAIN);
|
|
96
|
+
case 4:
|
|
97
|
+
_b = ssoResp.roleCredentials, _c = _b === void 0 ? {} : _b, accessKeyId = _c.accessKeyId, secretAccessKey = _c.secretAccessKey, sessionToken = _c.sessionToken, expiration = _c.expiration;
|
|
98
|
+
if (!accessKeyId || !secretAccessKey || !sessionToken || !expiration) {
|
|
99
|
+
throw new CredentialsProviderError("SSO returns an invalid temporary credential.", SHOULD_FAIL_CREDENTIAL_CHAIN);
|
|
100
|
+
}
|
|
101
|
+
return [2 /*return*/, { accessKeyId: accessKeyId, secretAccessKey: secretAccessKey, sessionToken: sessionToken, expiration: new Date(expiration) }];
|
|
102
|
+
}
|
|
103
|
+
});
|
|
88
104
|
});
|
|
89
|
-
}
|
|
90
|
-
|
|
105
|
+
};
|
|
106
|
+
/**
|
|
107
|
+
* @internal
|
|
108
|
+
*/
|
|
109
|
+
export var validateSsoProfile = function (profile) {
|
|
110
|
+
var sso_start_url = profile.sso_start_url, sso_account_id = profile.sso_account_id, sso_region = profile.sso_region, sso_role_name = profile.sso_role_name;
|
|
111
|
+
if (!sso_start_url || !sso_account_id || !sso_region || !sso_role_name) {
|
|
112
|
+
throw new CredentialsProviderError("Profile is configured with invalid SSO credentials. Required parameters \"sso_account_id\", \"sso_region\", " +
|
|
113
|
+
("\"sso_role_name\", \"sso_start_url\". Got " + Object.keys(profile).join(", ") + "\nReference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html"), SHOULD_FAIL_CREDENTIAL_CHAIN);
|
|
114
|
+
}
|
|
115
|
+
return profile;
|
|
116
|
+
};
|
|
117
|
+
/**
|
|
118
|
+
* @internal
|
|
119
|
+
*/
|
|
120
|
+
export var isSsoProfile = function (arg) {
|
|
121
|
+
return arg &&
|
|
122
|
+
(typeof arg.sso_start_url === "string" ||
|
|
123
|
+
typeof arg.sso_account_id === "string" ||
|
|
124
|
+
typeof arg.sso_region === "string" ||
|
|
125
|
+
typeof arg.sso_role_name === "string");
|
|
126
|
+
};
|
|
127
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBLE9BQU8sRUFBRSx5QkFBeUIsRUFBbUMsU0FBUyxFQUFFLE1BQU0scUJBQXFCLENBQUM7QUFDNUcsT0FBTyxFQUFFLHdCQUF3QixFQUFFLE1BQU0sNEJBQTRCLENBQUM7QUFDdEUsT0FBTyxFQUFFLFVBQVUsRUFBVyxNQUFNLGlDQUFpQyxDQUFDO0FBRXRFLE9BQU8sRUFBRSxvQkFBb0IsRUFBRSxlQUFlLEVBQXFCLE1BQU0sMkJBQTJCLENBQUM7QUFDckcsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLFFBQVEsQ0FBQztBQUNwQyxPQUFPLEVBQUUsWUFBWSxFQUFFLE1BQU0sSUFBSSxDQUFDO0FBQ2xDLE9BQU8sRUFBRSxJQUFJLEVBQUUsTUFBTSxNQUFNLENBQUM7QUFFNUI7Ozs7O0dBS0c7QUFDSCxNQUFNLENBQUMsSUFBTSxnQkFBZ0IsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQztBQUUvQyxJQUFNLDRCQUE0QixHQUFHLEtBQUssQ0FBQztBQXVDM0M7OztHQUdHO0FBQ0gsTUFBTSxDQUFDLElBQU0sT0FBTyxHQUNsQixVQUFDLElBQWlFO0lBQWpFLHFCQUFBLEVBQUEsT0FBd0QsRUFBUztJQUNsRSxPQUFBOzs7OztvQkFDVSxXQUFXLEdBQXNELElBQUksWUFBMUQsRUFBRSxZQUFZLEdBQXdDLElBQUksYUFBNUMsRUFBRSxTQUFTLEdBQTZCLElBQUksVUFBakMsRUFBRSxXQUFXLEdBQWdCLElBQUksWUFBcEIsRUFBRSxTQUFTLEdBQUssSUFBSSxVQUFULENBQVU7eUJBQzFFLENBQUEsQ0FBQyxXQUFXLElBQUksQ0FBQyxZQUFZLElBQUksQ0FBQyxTQUFTLElBQUksQ0FBQyxXQUFXLENBQUEsRUFBM0Qsd0JBQTJEO29CQUU1QyxxQkFBTSxlQUFlLENBQUMsSUFBSSxDQUFDLEVBQUE7O29CQUF0QyxRQUFRLEdBQUcsU0FBMkI7b0JBQ3RDLFdBQVcsR0FBRyxvQkFBb0IsQ0FBQyxJQUFJLENBQUMsQ0FBQztvQkFDekMsT0FBTyxHQUFHLFFBQVEsQ0FBQyxXQUFXLENBQUMsQ0FBQztvQkFDdEMsSUFBSSxDQUFDLFlBQVksQ0FBQyxPQUFPLENBQUMsRUFBRTt3QkFDMUIsTUFBTSxJQUFJLHdCQUF3QixDQUFDLGFBQVcsV0FBVyw2Q0FBMEMsQ0FBQyxDQUFDO3FCQUN0RztvQkFDSyxLQUErRCxrQkFBa0IsQ0FBQyxPQUFPLENBQUMsRUFBeEYsYUFBYSxtQkFBQSxFQUFFLGNBQWMsb0JBQUEsRUFBRSxVQUFVLGdCQUFBLEVBQUUsYUFBYSxtQkFBQSxDQUFpQztvQkFDakcsc0JBQU8scUJBQXFCLENBQUM7NEJBQzNCLFdBQVcsRUFBRSxhQUFhOzRCQUMxQixZQUFZLEVBQUUsY0FBYzs0QkFDNUIsU0FBUyxFQUFFLFVBQVU7NEJBQ3JCLFdBQVcsRUFBRSxhQUFhOzRCQUMxQixTQUFTLEVBQUUsU0FBUzt5QkFDckIsQ0FBQyxFQUFDOztvQkFDRSxJQUFJLENBQUMsV0FBVyxJQUFJLENBQUMsWUFBWSxJQUFJLENBQUMsU0FBUyxJQUFJLENBQUMsV0FBVyxFQUFFO3dCQUN0RSxNQUFNLElBQUksd0JBQXdCLENBQ2hDLG1GQUFtRjs0QkFDakYsNkNBQTZDLENBQ2hELENBQUM7cUJBQ0g7eUJBQU07d0JBQ0wsc0JBQU8scUJBQXFCLENBQUMsRUFBRSxXQUFXLGFBQUEsRUFBRSxZQUFZLGNBQUEsRUFBRSxTQUFTLFdBQUEsRUFBRSxXQUFXLGFBQUEsRUFBRSxTQUFTLFdBQUEsRUFBRSxDQUFDLEVBQUM7cUJBQ2hHOzs7OztTQUNGO0FBMUJELENBMEJDLENBQUM7QUFFSixJQUFNLHFCQUFxQixHQUFHLFVBQU8sRUFNSTtRQUx2QyxXQUFXLGlCQUFBLEVBQ1gsWUFBWSxrQkFBQSxFQUNaLFNBQVMsZUFBQSxFQUNULFdBQVcsaUJBQUEsRUFDWCxTQUFTLGVBQUE7Ozs7OztvQkFFSCxNQUFNLEdBQUcsVUFBVSxDQUFDLE1BQU0sQ0FBQyxDQUFDO29CQUM1QixTQUFTLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQyxXQUFXLENBQUMsQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLENBQUM7b0JBQ3JELFNBQVMsR0FBRyxJQUFJLENBQUMsVUFBVSxFQUFFLEVBQUUsTUFBTSxFQUFFLEtBQUssRUFBRSxPQUFPLEVBQUssU0FBUyxVQUFPLENBQUMsQ0FBQztvQkFFbEYsSUFBSTt3QkFDRixLQUFLLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxZQUFZLENBQUMsU0FBUyxFQUFFLEVBQUUsUUFBUSxFQUFFLE9BQU8sRUFBRSxDQUFDLENBQUMsQ0FBQzt3QkFDbkUsSUFBSSxJQUFJLElBQUksQ0FBQyxLQUFLLENBQUMsU0FBUyxDQUFDLENBQUMsT0FBTyxFQUFFLEdBQUcsSUFBSSxDQUFDLEdBQUcsRUFBRSxJQUFJLGdCQUFnQixFQUFFOzRCQUN4RSxNQUFNLElBQUksS0FBSyxDQUFDLHVCQUF1QixDQUFDLENBQUM7eUJBQzFDO3FCQUNGO29CQUFDLE9BQU8sQ0FBQyxFQUFFO3dCQUNWLE1BQU0sSUFBSSx3QkFBd0IsQ0FDaEMsZ0hBQWdIOzRCQUM5RyxtREFBbUQsRUFDckQsNEJBQTRCLENBQzdCLENBQUM7cUJBQ0g7b0JBQ08sV0FBVyxHQUFLLEtBQUssWUFBVixDQUFXO29CQUN4QixHQUFHLEdBQUcsU0FBUyxJQUFJLElBQUksU0FBUyxDQUFDLEVBQUUsTUFBTSxFQUFFLFNBQVMsRUFBRSxDQUFDLENBQUM7Ozs7b0JBR2xELHFCQUFNLEdBQUcsQ0FBQyxJQUFJLENBQ3RCLElBQUkseUJBQXlCLENBQUM7NEJBQzVCLFNBQVMsRUFBRSxZQUFZOzRCQUN2QixRQUFRLEVBQUUsV0FBVzs0QkFDckIsV0FBVyxhQUFBO3lCQUNaLENBQUMsQ0FDSCxFQUFBOztvQkFORCxPQUFPLEdBQUcsU0FNVCxDQUFDOzs7O29CQUVGLE1BQU0sd0JBQXdCLENBQUMsSUFBSSxDQUFDLEdBQUMsRUFBRSw0QkFBNEIsQ0FBQyxDQUFDOztvQkFFL0QsS0FBcUYsT0FBTyxnQkFBWixFQUFoRixxQkFBOEUsRUFBRSxLQUFBLEVBQTdELFdBQVcsaUJBQUEsRUFBRSxlQUFlLHFCQUFBLEVBQUUsWUFBWSxrQkFBQSxFQUFFLFVBQVUsZ0JBQUEsQ0FBb0I7b0JBQ3JHLElBQUksQ0FBQyxXQUFXLElBQUksQ0FBQyxlQUFlLElBQUksQ0FBQyxZQUFZLElBQUksQ0FBQyxVQUFVLEVBQUU7d0JBQ3BFLE1BQU0sSUFBSSx3QkFBd0IsQ0FBQyw4Q0FBOEMsRUFBRSw0QkFBNEIsQ0FBQyxDQUFDO3FCQUNsSDtvQkFDRCxzQkFBTyxFQUFFLFdBQVcsYUFBQSxFQUFFLGVBQWUsaUJBQUEsRUFBRSxZQUFZLGNBQUEsRUFBRSxVQUFVLEVBQUUsSUFBSSxJQUFJLENBQUMsVUFBVSxDQUFDLEVBQUUsRUFBQzs7OztDQUN6RixDQUFDO0FBWUY7O0dBRUc7QUFDSCxNQUFNLENBQUMsSUFBTSxrQkFBa0IsR0FBRyxVQUFDLE9BQTRCO0lBQ3JELElBQUEsYUFBYSxHQUFnRCxPQUFPLGNBQXZELEVBQUUsY0FBYyxHQUFnQyxPQUFPLGVBQXZDLEVBQUUsVUFBVSxHQUFvQixPQUFPLFdBQTNCLEVBQUUsYUFBYSxHQUFLLE9BQU8sY0FBWixDQUFhO0lBQzdFLElBQUksQ0FBQyxhQUFhLElBQUksQ0FBQyxjQUFjLElBQUksQ0FBQyxVQUFVLElBQUksQ0FBQyxhQUFhLEVBQUU7UUFDdEUsTUFBTSxJQUFJLHdCQUF3QixDQUNoQyw4R0FBMEc7YUFDeEcsK0NBQXlDLE1BQU0sQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUMsSUFBSSxDQUNoRSxJQUFJLENBQ0wseUZBQXNGLENBQUEsRUFDekYsNEJBQTRCLENBQzdCLENBQUM7S0FDSDtJQUNELE9BQU8sT0FBcUIsQ0FBQztBQUMvQixDQUFDLENBQUM7QUFFRjs7R0FFRztBQUNILE1BQU0sQ0FBQyxJQUFNLFlBQVksR0FBRyxVQUFDLEdBQVk7SUFDdkMsT0FBQSxHQUFHO1FBQ0gsQ0FBQyxPQUFPLEdBQUcsQ0FBQyxhQUFhLEtBQUssUUFBUTtZQUNwQyxPQUFPLEdBQUcsQ0FBQyxjQUFjLEtBQUssUUFBUTtZQUN0QyxPQUFPLEdBQUcsQ0FBQyxVQUFVLEtBQUssUUFBUTtZQUNsQyxPQUFPLEdBQUcsQ0FBQyxhQUFhLEtBQUssUUFBUSxDQUFDO0FBSnhDLENBSXdDLENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBHZXRSb2xlQ3JlZGVudGlhbHNDb21tYW5kLCBHZXRSb2xlQ3JlZGVudGlhbHNDb21tYW5kT3V0cHV0LCBTU09DbGllbnQgfSBmcm9tIFwiQGF3cy1zZGsvY2xpZW50LXNzb1wiO1xuaW1wb3J0IHsgQ3JlZGVudGlhbHNQcm92aWRlckVycm9yIH0gZnJvbSBcIkBhd3Mtc2RrL3Byb3BlcnR5LXByb3ZpZGVyXCI7XG5pbXBvcnQgeyBnZXRIb21lRGlyLCBQcm9maWxlIH0gZnJvbSBcIkBhd3Mtc2RrL3NoYXJlZC1pbmktZmlsZS1sb2FkZXJcIjtcbmltcG9ydCB7IENyZWRlbnRpYWxQcm92aWRlciwgQ3JlZGVudGlhbHMgfSBmcm9tIFwiQGF3cy1zZGsvdHlwZXNcIjtcbmltcG9ydCB7IGdldE1hc3RlclByb2ZpbGVOYW1lLCBwYXJzZUtub3duRmlsZXMsIFNvdXJjZVByb2ZpbGVJbml0IH0gZnJvbSBcIkBhd3Mtc2RrL3V0aWwtY3JlZGVudGlhbHNcIjtcbmltcG9ydCB7IGNyZWF0ZUhhc2ggfSBmcm9tIFwiY3J5cHRvXCI7XG5pbXBvcnQgeyByZWFkRmlsZVN5bmMgfSBmcm9tIFwiZnNcIjtcbmltcG9ydCB7IGpvaW4gfSBmcm9tIFwicGF0aFwiO1xuXG4vKipcbiAqIFRoZSB0aW1lIHdpbmRvdyAoMTUgbWlucykgdGhhdCBTREsgd2lsbCB0cmVhdCB0aGUgU1NPIHRva2VuIGV4cGlyZXMgaW4gYmVmb3JlIHRoZSBkZWZpbmVkIGV4cGlyYXRpb24gZGF0ZSBpbiB0b2tlbi5cbiAqIFRoaXMgaXMgbmVlZGVkIGJlY2F1c2Ugc2VydmVyIHNpZGUgbWF5IGhhdmUgaW52YWxpZGF0ZWQgdGhlIHRva2VuIGJlZm9yZSB0aGUgZGVmaW5lZCBleHBpcmF0aW9uIGRhdGUuXG4gKlxuICogQGludGVybmFsXG4gKi9cbmV4cG9ydCBjb25zdCBFWFBJUkVfV0lORE9XX01TID0gMTUgKiA2MCAqIDEwMDA7XG5cbmNvbnN0IFNIT1VMRF9GQUlMX0NSRURFTlRJQUxfQ0hBSU4gPSBmYWxzZTtcblxuLyoqXG4gKiBDYWNoZWQgU1NPIHRva2VuIHJldHJpZXZlZCBmcm9tIFNTTyBsb2dpbiBmbG93LlxuICovXG5pbnRlcmZhY2UgU1NPVG9rZW4ge1xuICAvLyBBIGJhc2U2NCBlbmNvZGVkIHN0cmluZyByZXR1cm5lZCBieSB0aGUgc3NvLW9pZGMgc2VydmljZS5cbiAgYWNjZXNzVG9rZW46IHN0cmluZztcbiAgLy8gUkZDMzMzOSBmb3JtYXQgdGltZXN0YW1wXG4gIGV4cGlyZXNBdDogc3RyaW5nO1xuICByZWdpb24/OiBzdHJpbmc7XG4gIHN0YXJ0VXJsPzogc3RyaW5nO1xufVxuXG5leHBvcnQgaW50ZXJmYWNlIFNzb0NyZWRlbnRpYWxzUGFyYW1ldGVycyB7XG4gIC8qKlxuICAgKiBUaGUgVVJMIHRvIHRoZSBBV1MgU1NPIHNlcnZpY2UuXG4gICAqL1xuICBzc29TdGFydFVybDogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBUaGUgSUQgb2YgdGhlIEFXUyBhY2NvdW50IHRvIHVzZSBmb3IgdGVtcG9yYXJ5IGNyZWRlbnRpYWxzLlxuICAgKi9cbiAgc3NvQWNjb3VudElkOiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIFRoZSBBV1MgcmVnaW9uIHRvIHVzZSBmb3IgdGVtcG9yYXJ5IGNyZWRlbnRpYWxzLlxuICAgKi9cbiAgc3NvUmVnaW9uOiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIFRoZSBuYW1lIG9mIHRoZSBBV1Mgcm9sZSB0byBhc3N1bWUuXG4gICAqL1xuICBzc29Sb2xlTmFtZTogc3RyaW5nO1xufVxuZXhwb3J0IGludGVyZmFjZSBGcm9tU1NPSW5pdCBleHRlbmRzIFNvdXJjZVByb2ZpbGVJbml0IHtcbiAgc3NvQ2xpZW50PzogU1NPQ2xpZW50O1xufVxuXG4vKipcbiAqIENyZWF0ZXMgYSBjcmVkZW50aWFsIHByb3ZpZGVyIHRoYXQgd2lsbCByZWFkIGZyb20gYSBjcmVkZW50aWFsX3Byb2Nlc3Mgc3BlY2lmaWVkXG4gKiBpbiBpbmkgZmlsZXMuXG4gKi9cbmV4cG9ydCBjb25zdCBmcm9tU1NPID1cbiAgKGluaXQ6IEZyb21TU09Jbml0ICYgUGFydGlhbDxTc29DcmVkZW50aWFsc1BhcmFtZXRlcnM+ID0ge30gYXMgYW55KTogQ3JlZGVudGlhbFByb3ZpZGVyID0+XG4gIGFzeW5jICgpID0+IHtcbiAgICBjb25zdCB7IHNzb1N0YXJ0VXJsLCBzc29BY2NvdW50SWQsIHNzb1JlZ2lvbiwgc3NvUm9sZU5hbWUsIHNzb0NsaWVudCB9ID0gaW5pdDtcbiAgICBpZiAoIXNzb1N0YXJ0VXJsICYmICFzc29BY2NvdW50SWQgJiYgIXNzb1JlZ2lvbiAmJiAhc3NvUm9sZU5hbWUpIHtcbiAgICAgIC8vIExvYWQgdGhlIFNTTyBjb25maWcgZnJvbSBzaGFyZWQgQVdTIGNvbmZpZyBmaWxlLlxuICAgICAgY29uc3QgcHJvZmlsZXMgPSBhd2FpdCBwYXJzZUtub3duRmlsZXMoaW5pdCk7XG4gICAgICBjb25zdCBwcm9maWxlTmFtZSA9IGdldE1hc3RlclByb2ZpbGVOYW1lKGluaXQpO1xuICAgICAgY29uc3QgcHJvZmlsZSA9IHByb2ZpbGVzW3Byb2ZpbGVOYW1lXTtcbiAgICAgIGlmICghaXNTc29Qcm9maWxlKHByb2ZpbGUpKSB7XG4gICAgICAgIHRocm93IG5ldyBDcmVkZW50aWFsc1Byb3ZpZGVyRXJyb3IoYFByb2ZpbGUgJHtwcm9maWxlTmFtZX0gaXMgbm90IGNvbmZpZ3VyZWQgd2l0aCBTU08gY3JlZGVudGlhbHMuYCk7XG4gICAgICB9XG4gICAgICBjb25zdCB7IHNzb19zdGFydF91cmwsIHNzb19hY2NvdW50X2lkLCBzc29fcmVnaW9uLCBzc29fcm9sZV9uYW1lIH0gPSB2YWxpZGF0ZVNzb1Byb2ZpbGUocHJvZmlsZSk7XG4gICAgICByZXR1cm4gcmVzb2x2ZVNTT0NyZWRlbnRpYWxzKHtcbiAgICAgICAgc3NvU3RhcnRVcmw6IHNzb19zdGFydF91cmwsXG4gICAgICAgIHNzb0FjY291bnRJZDogc3NvX2FjY291bnRfaWQsXG4gICAgICAgIHNzb1JlZ2lvbjogc3NvX3JlZ2lvbixcbiAgICAgICAgc3NvUm9sZU5hbWU6IHNzb19yb2xlX25hbWUsXG4gICAgICAgIHNzb0NsaWVudDogc3NvQ2xpZW50LFxuICAgICAgfSk7XG4gICAgfSBlbHNlIGlmICghc3NvU3RhcnRVcmwgfHwgIXNzb0FjY291bnRJZCB8fCAhc3NvUmVnaW9uIHx8ICFzc29Sb2xlTmFtZSkge1xuICAgICAgdGhyb3cgbmV3IENyZWRlbnRpYWxzUHJvdmlkZXJFcnJvcihcbiAgICAgICAgJ0luY29tcGxldGUgY29uZmlndXJhdGlvbi4gVGhlIGZyb21TU08oKSBhcmd1bWVudCBoYXNoIG11c3QgaW5jbHVkZSBcInNzb1N0YXJ0VXJsXCIsJyArXG4gICAgICAgICAgJyBcInNzb0FjY291bnRJZFwiLCBcInNzb1JlZ2lvblwiLCBcInNzb1JvbGVOYW1lXCInXG4gICAgICApO1xuICAgIH0gZWxzZSB7XG4gICAgICByZXR1cm4gcmVzb2x2ZVNTT0NyZWRlbnRpYWxzKHsgc3NvU3RhcnRVcmwsIHNzb0FjY291bnRJZCwgc3NvUmVnaW9uLCBzc29Sb2xlTmFtZSwgc3NvQ2xpZW50IH0pO1xuICAgIH1cbiAgfTtcblxuY29uc3QgcmVzb2x2ZVNTT0NyZWRlbnRpYWxzID0gYXN5bmMgKHtcbiAgc3NvU3RhcnRVcmwsXG4gIHNzb0FjY291bnRJZCxcbiAgc3NvUmVnaW9uLFxuICBzc29Sb2xlTmFtZSxcbiAgc3NvQ2xpZW50LFxufTogRnJvbVNTT0luaXQgJiBTc29DcmVkZW50aWFsc1BhcmFtZXRlcnMpOiBQcm9taXNlPENyZWRlbnRpYWxzPiA9PiB7XG4gIGNvbnN0IGhhc2hlciA9IGNyZWF0ZUhhc2goXCJzaGExXCIpO1xuICBjb25zdCBjYWNoZU5hbWUgPSBoYXNoZXIudXBkYXRlKHNzb1N0YXJ0VXJsKS5kaWdlc3QoXCJoZXhcIik7XG4gIGNvbnN0IHRva2VuRmlsZSA9IGpvaW4oZ2V0SG9tZURpcigpLCBcIi5hd3NcIiwgXCJzc29cIiwgXCJjYWNoZVwiLCBgJHtjYWNoZU5hbWV9Lmpzb25gKTtcbiAgbGV0IHRva2VuOiBTU09Ub2tlbjtcbiAgdHJ5IHtcbiAgICB0b2tlbiA9IEpTT04ucGFyc2UocmVhZEZpbGVTeW5jKHRva2VuRmlsZSwgeyBlbmNvZGluZzogXCJ1dGYtOFwiIH0pKTtcbiAgICBpZiAobmV3IERhdGUodG9rZW4uZXhwaXJlc0F0KS5nZXRUaW1lKCkgLSBEYXRlLm5vdygpIDw9IEVYUElSRV9XSU5ET1dfTVMpIHtcbiAgICAgIHRocm93IG5ldyBFcnJvcihcIlNTTyB0b2tlbiBpcyBleHBpcmVkLlwiKTtcbiAgICB9XG4gIH0gY2F0Y2ggKGUpIHtcbiAgICB0aHJvdyBuZXcgQ3JlZGVudGlhbHNQcm92aWRlckVycm9yKFxuICAgICAgYFRoZSBTU08gc2Vzc2lvbiBhc3NvY2lhdGVkIHdpdGggdGhpcyBwcm9maWxlIGhhcyBleHBpcmVkIG9yIGlzIG90aGVyd2lzZSBpbnZhbGlkLiBUbyByZWZyZXNoIHRoaXMgU1NPIHNlc3Npb24gYCArXG4gICAgICAgIGBydW4gYXdzIHNzbyBsb2dpbiB3aXRoIHRoZSBjb3JyZXNwb25kaW5nIHByb2ZpbGUuYCxcbiAgICAgIFNIT1VMRF9GQUlMX0NSRURFTlRJQUxfQ0hBSU5cbiAgICApO1xuICB9XG4gIGNvbnN0IHsgYWNjZXNzVG9rZW4gfSA9IHRva2VuO1xuICBjb25zdCBzc28gPSBzc29DbGllbnQgfHwgbmV3IFNTT0NsaWVudCh7IHJlZ2lvbjogc3NvUmVnaW9uIH0pO1xuICBsZXQgc3NvUmVzcDogR2V0Um9sZUNyZWRlbnRpYWxzQ29tbWFuZE91dHB1dDtcbiAgdHJ5IHtcbiAgICBzc29SZXNwID0gYXdhaXQgc3NvLnNlbmQoXG4gICAgICBuZXcgR2V0Um9sZUNyZWRlbnRpYWxzQ29tbWFuZCh7XG4gICAgICAgIGFjY291bnRJZDogc3NvQWNjb3VudElkLFxuICAgICAgICByb2xlTmFtZTogc3NvUm9sZU5hbWUsXG4gICAgICAgIGFjY2Vzc1Rva2VuLFxuICAgICAgfSlcbiAgICApO1xuICB9IGNhdGNoIChlKSB7XG4gICAgdGhyb3cgQ3JlZGVudGlhbHNQcm92aWRlckVycm9yLmZyb20oZSwgU0hPVUxEX0ZBSUxfQ1JFREVOVElBTF9DSEFJTik7XG4gIH1cbiAgY29uc3QgeyByb2xlQ3JlZGVudGlhbHM6IHsgYWNjZXNzS2V5SWQsIHNlY3JldEFjY2Vzc0tleSwgc2Vzc2lvblRva2VuLCBleHBpcmF0aW9uIH0gPSB7fSB9ID0gc3NvUmVzcDtcbiAgaWYgKCFhY2Nlc3NLZXlJZCB8fCAhc2VjcmV0QWNjZXNzS2V5IHx8ICFzZXNzaW9uVG9rZW4gfHwgIWV4cGlyYXRpb24pIHtcbiAgICB0aHJvdyBuZXcgQ3JlZGVudGlhbHNQcm92aWRlckVycm9yKFwiU1NPIHJldHVybnMgYW4gaW52YWxpZCB0ZW1wb3JhcnkgY3JlZGVudGlhbC5cIiwgU0hPVUxEX0ZBSUxfQ1JFREVOVElBTF9DSEFJTik7XG4gIH1cbiAgcmV0dXJuIHsgYWNjZXNzS2V5SWQsIHNlY3JldEFjY2Vzc0tleSwgc2Vzc2lvblRva2VuLCBleHBpcmF0aW9uOiBuZXcgRGF0ZShleHBpcmF0aW9uKSB9O1xufTtcblxuLyoqXG4gKiBAaW50ZXJuYWxcbiAqL1xuZXhwb3J0IGludGVyZmFjZSBTc29Qcm9maWxlIGV4dGVuZHMgUHJvZmlsZSB7XG4gIHNzb19zdGFydF91cmw6IHN0cmluZztcbiAgc3NvX2FjY291bnRfaWQ6IHN0cmluZztcbiAgc3NvX3JlZ2lvbjogc3RyaW5nO1xuICBzc29fcm9sZV9uYW1lOiBzdHJpbmc7XG59XG5cbi8qKlxuICogQGludGVybmFsXG4gKi9cbmV4cG9ydCBjb25zdCB2YWxpZGF0ZVNzb1Byb2ZpbGUgPSAocHJvZmlsZTogUGFydGlhbDxTc29Qcm9maWxlPik6IFNzb1Byb2ZpbGUgPT4ge1xuICBjb25zdCB7IHNzb19zdGFydF91cmwsIHNzb19hY2NvdW50X2lkLCBzc29fcmVnaW9uLCBzc29fcm9sZV9uYW1lIH0gPSBwcm9maWxlO1xuICBpZiAoIXNzb19zdGFydF91cmwgfHwgIXNzb19hY2NvdW50X2lkIHx8ICFzc29fcmVnaW9uIHx8ICFzc29fcm9sZV9uYW1lKSB7XG4gICAgdGhyb3cgbmV3IENyZWRlbnRpYWxzUHJvdmlkZXJFcnJvcihcbiAgICAgIGBQcm9maWxlIGlzIGNvbmZpZ3VyZWQgd2l0aCBpbnZhbGlkIFNTTyBjcmVkZW50aWFscy4gUmVxdWlyZWQgcGFyYW1ldGVycyBcInNzb19hY2NvdW50X2lkXCIsIFwic3NvX3JlZ2lvblwiLCBgICtcbiAgICAgICAgYFwic3NvX3JvbGVfbmFtZVwiLCBcInNzb19zdGFydF91cmxcIi4gR290ICR7T2JqZWN0LmtleXMocHJvZmlsZSkuam9pbihcbiAgICAgICAgICBcIiwgXCJcbiAgICAgICAgKX1cXG5SZWZlcmVuY2U6IGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9jbGkvbGF0ZXN0L3VzZXJndWlkZS9jbGktY29uZmlndXJlLXNzby5odG1sYCxcbiAgICAgIFNIT1VMRF9GQUlMX0NSRURFTlRJQUxfQ0hBSU5cbiAgICApO1xuICB9XG4gIHJldHVybiBwcm9maWxlIGFzIFNzb1Byb2ZpbGU7XG59O1xuXG4vKipcbiAqIEBpbnRlcm5hbFxuICovXG5leHBvcnQgY29uc3QgaXNTc29Qcm9maWxlID0gKGFyZzogUHJvZmlsZSk6IGFyZyBpcyBQYXJ0aWFsPFNzb1Byb2ZpbGU+ID0+XG4gIGFyZyAmJlxuICAodHlwZW9mIGFyZy5zc29fc3RhcnRfdXJsID09PSBcInN0cmluZ1wiIHx8XG4gICAgdHlwZW9mIGFyZy5zc29fYWNjb3VudF9pZCA9PT0gXCJzdHJpbmdcIiB8fFxuICAgIHR5cGVvZiBhcmcuc3NvX3JlZ2lvbiA9PT0gXCJzdHJpbmdcIiB8fFxuICAgIHR5cGVvZiBhcmcuc3NvX3JvbGVfbmFtZSA9PT0gXCJzdHJpbmdcIik7XG4iXX0=
|