@beesolve/email-service 0.1.4 → 0.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (62) hide show
  1. package/dist/cdk.js +2 -1
  2. package/handler/chunk-5KDKGKT5.js +2 -0
  3. package/handler/chunk-5KDKGKT5.js.map +7 -0
  4. package/handler/chunk-7HH7JLQT.js +2 -0
  5. package/handler/chunk-7HH7JLQT.js.map +7 -0
  6. package/handler/chunk-BZDMPUOT.js +2 -0
  7. package/handler/chunk-BZDMPUOT.js.map +7 -0
  8. package/handler/chunk-CE3XDBWG.js +2 -0
  9. package/handler/chunk-CE3XDBWG.js.map +7 -0
  10. package/handler/chunk-EZK2FCFC.js +2 -0
  11. package/handler/chunk-EZK2FCFC.js.map +7 -0
  12. package/handler/chunk-IIV4KUZH.js +2 -0
  13. package/handler/chunk-IIV4KUZH.js.map +7 -0
  14. package/handler/chunk-IRALFVJ5.js +2 -0
  15. package/handler/chunk-IRALFVJ5.js.map +7 -0
  16. package/handler/chunk-K7I7SIAE.js +2 -0
  17. package/handler/chunk-K7I7SIAE.js.map +7 -0
  18. package/handler/chunk-LGEWB5OJ.js +2 -0
  19. package/handler/chunk-LGEWB5OJ.js.map +7 -0
  20. package/handler/chunk-MDLDTIXZ.js +2 -0
  21. package/handler/chunk-MDLDTIXZ.js.map +7 -0
  22. package/handler/chunk-MHYJWYJC.js +6 -0
  23. package/handler/chunk-MHYJWYJC.js.map +7 -0
  24. package/handler/chunk-NHK4IEJM.js +2 -0
  25. package/handler/chunk-NHK4IEJM.js.map +7 -0
  26. package/handler/chunk-NYFG5H6N.js +21 -0
  27. package/handler/chunk-NYFG5H6N.js.map +7 -0
  28. package/handler/chunk-Q46F4VQU.js +7 -0
  29. package/handler/chunk-Q46F4VQU.js.map +7 -0
  30. package/handler/chunk-QBFMAZ73.js +2 -0
  31. package/handler/chunk-QBFMAZ73.js.map +7 -0
  32. package/handler/chunk-RCPWAYJS.js +2 -0
  33. package/handler/chunk-RCPWAYJS.js.map +7 -0
  34. package/handler/chunk-XXOXLF5U.js +3 -0
  35. package/handler/chunk-XXOXLF5U.js.map +7 -0
  36. package/handler/dist-es-7QG4HPYM.js +2 -0
  37. package/handler/dist-es-7QG4HPYM.js.map +7 -0
  38. package/handler/dist-es-L65AGSLX.js +3 -0
  39. package/handler/dist-es-L65AGSLX.js.map +7 -0
  40. package/handler/dist-es-MTQKAI46.js +2 -0
  41. package/handler/dist-es-MTQKAI46.js.map +7 -0
  42. package/handler/dist-es-MX3QM4CF.js +6 -0
  43. package/handler/dist-es-MX3QM4CF.js.map +7 -0
  44. package/handler/dist-es-OFGVNFYO.js +2 -0
  45. package/handler/dist-es-OFGVNFYO.js.map +7 -0
  46. package/handler/dist-es-UGTHFA55.js +3 -0
  47. package/handler/dist-es-UGTHFA55.js.map +7 -0
  48. package/handler/dist-es-YFHCQQWD.js +2 -0
  49. package/handler/dist-es-YFHCQQWD.js.map +7 -0
  50. package/handler/event-streams-DYKXGPYV.js +2 -0
  51. package/handler/event-streams-DYKXGPYV.js.map +7 -0
  52. package/handler/handler.js +23 -0
  53. package/handler/handler.js.map +7 -0
  54. package/handler/loadSso-JSPP6LHU.js +2 -0
  55. package/handler/loadSso-JSPP6LHU.js.map +7 -0
  56. package/handler/signin-AH5DKK66.js +2 -0
  57. package/handler/signin-AH5DKK66.js.map +7 -0
  58. package/handler/sso-oidc-OXHEJLP6.js +2 -0
  59. package/handler/sso-oidc-OXHEJLP6.js.map +7 -0
  60. package/handler/sts-3PWPRV25.js +2 -0
  61. package/handler/sts-3PWPRV25.js.map +7 -0
  62. package/package.json +8 -5
package/handler/chunk-XXOXLF5U.js.map ADDED
@@ -0,0 +1,7 @@
1
+ {
2
+ "version": 3,
3
+ "sources": ["../../../node_modules/.bun/@smithy+util-stream@4.5.12/node_modules/@smithy/util-stream/dist-es/sdk-stream-mixin.js", "../../../node_modules/.bun/@smithy+fetch-http-handler@5.3.9/node_modules/@smithy/fetch-http-handler/dist-es/stream-collector.js", "../../../node_modules/.bun/@smithy+util-stream@4.5.12/node_modules/@smithy/util-stream/dist-es/stream-type-check.js", "../../../node_modules/.bun/@smithy+util-stream@4.5.12/node_modules/@smithy/util-stream/dist-es/sdk-stream-mixin.browser.js"],
4
+ "sourcesContent": ["import { streamCollector } from \"@smithy/node-http-handler\";\nimport { fromArrayBuffer } from \"@smithy/util-buffer-from\";\nimport { Readable } from \"stream\";\nimport { sdkStreamMixin as sdkStreamMixinReadableStream } from \"./sdk-stream-mixin.browser\";\nconst ERR_MSG_STREAM_HAS_BEEN_TRANSFORMED = \"The stream has already been transformed.\";\nexport const sdkStreamMixin = (stream) => {\n if (!(stream instanceof Readable)) {\n try {\n return sdkStreamMixinReadableStream(stream);\n }\n catch (e) {\n const name = stream?.__proto__?.constructor?.name || stream;\n throw new Error(`Unexpected stream implementation, expect Stream.Readable instance, got ${name}`);\n }\n }\n let transformed = false;\n const transformToByteArray = async () => {\n if (transformed) {\n throw new Error(ERR_MSG_STREAM_HAS_BEEN_TRANSFORMED);\n }\n transformed = true;\n return await streamCollector(stream);\n };\n return Object.assign(stream, {\n transformToByteArray,\n transformToString: async (encoding) => {\n const buf = await transformToByteArray();\n if (encoding === undefined || Buffer.isEncoding(encoding)) {\n return fromArrayBuffer(buf.buffer, buf.byteOffset, buf.byteLength).toString(encoding);\n }\n else {\n const decoder = new TextDecoder(encoding);\n return decoder.decode(buf);\n }\n },\n transformToWebStream: () => {\n if (transformed) {\n throw new Error(ERR_MSG_STREAM_HAS_BEEN_TRANSFORMED);\n }\n if (stream.readableFlowing !== null) {\n throw new Error(\"The stream has been consumed by other callbacks.\");\n }\n if (typeof Readable.toWeb !== \"function\") {\n throw new Error(\"Readable.toWeb() is not supported. Please ensure a polyfill is available.\");\n }\n transformed = true;\n return Readable.toWeb(stream);\n },\n });\n};\n", "import { fromBase64 } from \"@smithy/util-base64\";\nexport const streamCollector = async (stream) => {\n if ((typeof Blob === \"function\" && stream instanceof Blob) || stream.constructor?.name === \"Blob\") {\n if (Blob.prototype.arrayBuffer !== undefined) {\n return new Uint8Array(await stream.arrayBuffer());\n }\n return collectBlob(stream);\n }\n return collectStream(stream);\n};\nasync function collectBlob(blob) {\n const base64 = await readToBase64(blob);\n const arrayBuffer = fromBase64(base64);\n return new Uint8Array(arrayBuffer);\n}\nasync function collectStream(stream) {\n const chunks = [];\n const reader = stream.getReader();\n let isDone = false;\n let length = 0;\n while (!isDone) {\n const { done, value } = await reader.read();\n if (value) {\n chunks.push(value);\n length += value.length;\n }\n isDone = done;\n }\n const collected = new Uint8Array(length);\n let offset = 0;\n for (const chunk of chunks) {\n collected.set(chunk, offset);\n offset += chunk.length;\n }\n return collected;\n}\nfunction readToBase64(blob) {\n return new Promise((resolve, reject) => {\n const reader = new FileReader();\n reader.onloadend = () => {\n if (reader.readyState !== 2) {\n return reject(new Error(\"Reader aborted too early\"));\n }\n const result = (reader.result ?? \"\");\n const commaIndex = result.indexOf(\",\");\n const dataOffset = commaIndex > -1 ? commaIndex + 1 : result.length;\n resolve(result.substring(dataOffset));\n };\n reader.onabort = () => reject(new Error(\"Read aborted\"));\n reader.onerror = () => reject(reader.error);\n reader.readAsDataURL(blob);\n });\n}\n", "export const isReadableStream = (stream) => typeof ReadableStream === \"function\" &&\n (stream?.constructor?.name === ReadableStream.name || stream instanceof ReadableStream);\nexport const isBlob = (blob) => {\n return typeof Blob === \"function\" && (blob?.constructor?.name === Blob.name || blob instanceof Blob);\n};\n", "import { streamCollector } from \"@smithy/fetch-http-handler\";\nimport { toBase64 } from \"@smithy/util-base64\";\nimport { toHex } from \"@smithy/util-hex-encoding\";\nimport { toUtf8 } from \"@smithy/util-utf8\";\nimport { isReadableStream } from \"./stream-type-check\";\nconst ERR_MSG_STREAM_HAS_BEEN_TRANSFORMED = \"The stream has already been transformed.\";\nexport const sdkStreamMixin = (stream) => {\n if (!isBlobInstance(stream) && !isReadableStream(stream)) {\n const name = stream?.__proto__?.constructor?.name || stream;\n throw new Error(`Unexpected stream implementation, expect Blob or ReadableStream, got ${name}`);\n }\n let transformed = false;\n const transformToByteArray = async () => {\n if (transformed) {\n throw new Error(ERR_MSG_STREAM_HAS_BEEN_TRANSFORMED);\n }\n transformed = true;\n return await streamCollector(stream);\n };\n const blobToWebStream = (blob) => {\n if (typeof blob.stream !== \"function\") {\n throw new Error(\"Cannot transform payload Blob to web stream. Please make sure the Blob.stream() is polyfilled.\\n\" +\n \"If you are using React Native, this API is not yet supported, see: https://react-native.canny.io/feature-requests/p/fetch-streaming-body\");\n }\n return blob.stream();\n };\n return Object.assign(stream, {\n transformToByteArray: transformToByteArray,\n transformToString: async (encoding) => {\n const buf = await transformToByteArray();\n if (encoding === \"base64\") {\n return toBase64(buf);\n }\n else if (encoding === \"hex\") {\n return toHex(buf);\n }\n else if (encoding === undefined || encoding === \"utf8\" || encoding === \"utf-8\") {\n return toUtf8(buf);\n }\n else if (typeof TextDecoder === \"function\") {\n return new TextDecoder(encoding).decode(buf);\n }\n else {\n throw new Error(\"TextDecoder is not available, please make sure polyfill is provided.\");\n }\n },\n transformToWebStream: () => {\n if (transformed) {\n throw new Error(ERR_MSG_STREAM_HAS_BEEN_TRANSFORMED);\n }\n transformed = true;\n if (isBlobInstance(stream)) {\n return blobToWebStream(stream);\n }\n else if (isReadableStream(stream)) {\n return stream;\n }\n else {\n throw new Error(`Cannot transform payload to web stream, got ${stream}`);\n }\n },\n });\n};\nconst isBlobInstance = (stream) => typeof Blob === \"function\" && stream instanceof Blob;\n"],
5
+ "mappings": ";oJAEA,OAAS,YAAAA,MAAgB,SCDlB,IAAMC,EAAkBC,EAAA,MAAOC,GAC7B,OAAO,MAAS,YAAcA,aAAkB,MAASA,EAAO,aAAa,OAAS,OACnF,KAAK,UAAU,cAAgB,OACxB,IAAI,WAAW,MAAMA,EAAO,YAAY,CAAC,EAE7CC,EAAYD,CAAM,EAEtBE,EAAcF,CAAM,EAPA,mBAS/B,eAAeC,EAAYE,EAAM,CAC7B,IAAMC,EAAS,MAAMC,EAAaF,CAAI,EAChCG,EAAcC,EAAWH,CAAM,EACrC,OAAO,IAAI,WAAWE,CAAW,CACrC,CAJeP,EAAAE,EAAA,eAKf,eAAeC,EAAcF,EAAQ,CACjC,IAAMQ,EAAS,CAAC,EACVC,EAAST,EAAO,UAAU,EAC5BU,EAAS,GACTC,EAAS,EACb,KAAO,CAACD,GAAQ,CACZ,GAAM,CAAE,KAAAE,EAAM,MAAAC,CAAM,EAAI,MAAMJ,EAAO,KAAK,EACtCI,IACAL,EAAO,KAAKK,CAAK,EACjBF,GAAUE,EAAM,QAEpBH,EAASE,CACb,CACA,IAAME,EAAY,IAAI,WAAWH,CAAM,EACnCI,EAAS,EACb,QAAWC,KAASR,EAChBM,EAAU,IAAIE,EAAOD,CAAM,EAC3BA,GAAUC,EAAM,OAEpB,OAAOF,CACX,CApBef,EAAAG,EAAA,iBAqBf,SAASG,EAAaF,EAAM,CACxB,OAAO,IAAI,QAAQ,CAACc,EAASC,IAAW,CACpC,IAAMT,EAAS,IAAI,WACnBA,EAAO,UAAY,IAAM,CACrB,GAAIA,EAAO,aAAe,EACtB,OAAOS,EAAO,IAAI,MAAM,0BAA0B,CAAC,EAEvD,IAAMC,EAAUV,EAAO,QAAU,GAC3BW,EAAaD,EAAO,QAAQ,GAAG,EAC/BE,EAAaD,EAAa,GAAKA,EAAa,EAAID,EAAO,OAC7DF,EAAQE,EAAO,UAAUE,CAAU,CAAC,CACxC,EACAZ,EAAO,QAAU,IAAMS,EAAO,IAAI,MAAM,cAAc,CAAC,EACvDT,EAAO,QAAU,IAAMS,EAAOT,EAAO,KAAK,EAC1CA,EAAO,cAAcN,CAAI,CAC7B,CAAC,CACL,CAhBSJ,EAAAM,EAAA,gBCpCF,IAAMiB,EAAmBC,EAACC,GAAW,OAAO,gBAAmB,aACjEA,GAAQ,aAAa,OAAS,eAAe,MAAQA,aAAkB,gBAD5C,oBAEnBC,EAASF,EAACG,GACZ,OAAO,MAAS,aAAeA,GAAM,aAAa,OAAS,KAAK,MAAQA,aAAgB,MAD7E,UCGtB,IAAMC,EAAsC,2CAC/BC,EAAiBC,EAACC,GAAW,CACtC,GAAI,CAACC,EAAeD,CAAM,GAAK,CAACE,EAAiBF,CAAM,EAAG,CACtD,IAAMG,EAAOH,GAAQ,WAAW,aAAa,MAAQA,EACrD,MAAM,IAAI,MAAM,wEAAwEG,CAAI,EAAE,CAClG,CACA,IAAIC,EAAc,GACZC,EAAuBN,EAAA,SAAY,CACrC,GAAIK,EACA,MAAM,IAAI,MAAMP,CAAmC,EAEvD,OAAAO,EAAc,GACP,MAAME,EAAgBN,CAAM,CACvC,EAN6B,wBAOvBO,EAAkBR,EAACS,GAAS,CAC9B,GAAI,OAAOA,EAAK,QAAW,WACvB,MAAM,IAAI,MAAM;AAAA,yIAC8H,EAElJ,OAAOA,EAAK,OAAO,CACvB,EANwB,mBAOxB,OAAO,OAAO,OAAOR,EAAQ,CACzB,qBAAsBK,EACtB,kBAAmBN,EAAA,MAAOU,GAAa,CACnC,IAAMC,EAAM,MAAML,EAAqB,EACvC,GAAII,IAAa,SACb,OAAOE,EAASD,CAAG,EAElB,GAAID,IAAa,MAClB,OAAOG,EAAMF,CAAG,EAEf,GAAID,IAAa,QAAaA,IAAa,QAAUA,IAAa,QACnE,OAAOI,EAAOH,CAAG,EAEhB,GAAI,OAAO,aAAgB,WAC5B,OAAO,IAAI,YAAYD,CAAQ,EAAE,OAAOC,CAAG,EAG3C,MAAM,IAAI,MAAM,sEAAsE,CAE9F,EAjBmB,qBAkBnB,qBAAsBX,EAAA,IAAM,CACxB,GAAIK,EACA,MAAM,IAAI,MAAMP,CAAmC,EAGvD,GADAO,EAAc,GACVH,EAAeD,CAAM,EACrB,OAAOO,EAAgBP,CAAM,EAE5B,GAAIE,EAAiBF,CAAM,EAC5B,OAAOA,EAGP,MAAM,IAAI,MAAM,+CAA+CA,CAAM,EAAE,CAE/E,EAdsB,uBAe1B,CAAC,CACL,EAxD8B,kBAyDxBC,EAAiBF,EAACC,GAAW,OAAO,MAAS,YAAcA,aAAkB,KAA5D,kBH3DvB,IAAMc,EAAsC,2CAC/BC,EAAiBC,EAACC,GAAW,CACtC,GAAI,EAAEA,aAAkBC,GACpB,GAAI,CACA,OAAOH,EAA6BE,CAAM,CAC9C,MACU,CACN,IAAME,EAAOF,GAAQ,WAAW,aAAa,MAAQA,EACrD,MAAM,IAAI,MAAM,0EAA0EE,CAAI,EAAE,CACpG,CAEJ,IAAIC,EAAc,GACZC,EAAuBL,EAAA,SAAY,CACrC,GAAII,EACA,MAAM,IAAI,MAAMN,CAAmC,EAEvD,OAAAM,EAAc,GACP,MAAME,EAAgBL,CAAM,CACvC,EAN6B,wBAO7B,OAAO,OAAO,OAAOA,EAAQ,CACzB,qBAAAI,EACA,kBAAmBL,EAAA,MAAOO,GAAa,CACnC,IAAMC,EAAM,MAAMH,EAAqB,EACvC,OAAIE,IAAa,QAAa,OAAO,WAAWA,CAAQ,EAC7CE,EAAgBD,EAAI,OAAQA,EAAI,WAAYA,EAAI,UAAU,EAAE,SAASD,CAAQ,EAGpE,IAAI,YAAYA,CAAQ,EACzB,OAAOC,CAAG,CAEjC,EATmB,qBAUnB,qBAAsBR,EAAA,IAAM,CACxB,GAAII,EACA,MAAM,IAAI,MAAMN,CAAmC,EAEvD,GAAIG,EAAO,kBAAoB,KAC3B,MAAM,IAAI,MAAM,kDAAkD,EAEtE,GAAI,OAAOC,EAAS,OAAU,WAC1B,MAAM,IAAI,MAAM,2EAA2E,EAE/F,OAAAE,EAAc,GACPF,EAAS,MAAMD,CAAM,CAChC,EAZsB,uBAa1B,CAAC,CACL,EA5C8B",
6
+ "names": ["Readable", "streamCollector", "__name", "stream", "collectBlob", "collectStream", "blob", "base64", "readToBase64", "arrayBuffer", "fromBase64", "chunks", "reader", "isDone", "length", "done", "value", "collected", "offset", "chunk", "resolve", "reject", "result", "commaIndex", "dataOffset", "isReadableStream", "__name", "stream", "isBlob", "blob", "ERR_MSG_STREAM_HAS_BEEN_TRANSFORMED", "sdkStreamMixin", "__name", "stream", "isBlobInstance", "isReadableStream", "name", "transformed", "transformToByteArray", "streamCollector", "blobToWebStream", "blob", "encoding", "buf", "toBase64", "toHex", "toUtf8", "ERR_MSG_STREAM_HAS_BEEN_TRANSFORMED", "sdkStreamMixin", "__name", "stream", "Readable", "name", "transformed", "transformToByteArray", "streamCollector", "encoding", "buf", "fromArrayBuffer"]
7
+ }
package/handler/dist-es-7QG4HPYM.js ADDED
@@ -0,0 +1,2 @@
1
+ /* CommonJS polyfills */import { fileURLToPath } from 'node:url';import { createRequire } from 'node:module';const __filename = fileURLToPath(import.meta.url);const __dirname = fileURLToPath(new URL('.', import.meta.url));const require = createRequire(import.meta.url);/* end of CommonJS polyfills */
2
+ import{a as L}from"./chunk-MDLDTIXZ.js";import{a as D}from"./chunk-QBFMAZ73.js";import{b as _,e as O,h as E}from"./chunk-NHK4IEJM.js";import{a as l}from"./chunk-7HH7JLQT.js";import{b as d}from"./chunk-IIV4KUZH.js";import{a as i}from"./chunk-K7I7SIAE.js";var F=i((e,r,t)=>{let o={EcsContainer:i(async s=>{let{fromHttp:a}=await import("./dist-es-MX3QM4CF.js"),{fromContainerMetadata:n}=await import("./dist-es-UGTHFA55.js");return t?.debug("@aws-sdk/credential-provider-ini - credential_source is EcsContainer"),async()=>L(a(s??{}),n(s))().then(P)},"EcsContainer"),Ec2InstanceMetadata:i(async s=>{t?.debug("@aws-sdk/credential-provider-ini - credential_source is Ec2InstanceMetadata");let{fromInstanceMetadata:a}=await import("./dist-es-UGTHFA55.js");return async()=>a(s)().then(P)},"Ec2InstanceMetadata"),Environment:i(async s=>{t?.debug("@aws-sdk/credential-provider-ini - credential_source is Environment");let{fromEnv:a}=await import("./dist-es-YFHCQQWD.js");return async()=>a(s)().then(P)},"Environment")};if(e in o)return o[e];throw new d(`Unsupported credential source in profile ${r}. Got ${e}, expected EcsContainer or Ec2InstanceMetadata or Environment.`,{logger:t})},"resolveCredentialSource"),P=i(e=>l(e,"CREDENTIALS_PROFILE_NAMED_PROVIDER","p"),"setNamedProvider");var $=i((e,{profile:r="default",logger:t}={})=>!!e&&typeof e=="object"&&typeof e.role_arn=="string"&&["undefined","string"].indexOf(typeof e.role_session_name)>-1&&["undefined","string"].indexOf(typeof e.external_id)>-1&&["undefined","string"].indexOf(typeof e.mfa_serial)>-1&&(z(e,{profile:r,logger:t})||V(e,{profile:r,logger:t})),"isAssumeRoleProfile"),z=i((e,{profile:r,logger:t})=>{let o=typeof e.source_profile=="string"&&typeof e.credential_source>"u";return o&&t?.debug?.(` ${r} isAssumeRoleWithSourceProfile source_profile=${e.source_profile}`),o},"isAssumeRoleWithSourceProfile"),V=i((e,{profile:r,logger:t})=>{let o=typeof e.credential_source=="string"&&typeof e.source_profile>"u";return o&&t?.debug?.(` ${r} isCredentialSourceProfile credential_source=${e.credential_source}`),o},"isCredentialSourceProfile"),K=i(async(e,r,t,o,s={},a)=>{t.logger?.debug("@aws-sdk/credential-provider-ini - resolveAssumeRoleCredentials (STS)");let n=r[e],{source_profile:c,region:m}=n;if(!t.roleAssumer){let{getDefaultRoleAssumer:g}=await import("./sts-3PWPRV25.js");t.roleAssumer=g({...t.clientConfig,credentialProviderLogger:t.logger,parentClientConfig:{...o,...t?.parentClientConfig,region:m??t?.parentClientConfig?.region??o?.region}},t.clientPlugins)}if(c&&c in s)throw new d(`Detected a cycle attempting to resolve credentials for profile ${_(t)}. Profiles visited: `+Object.keys(s).join(", "),{logger:t.logger});t.logger?.debug(`@aws-sdk/credential-provider-ini - finding credential resolver using ${c?`source_profile=[${c}]`:`profile=[${e}]`}`);let h=c?a(c,r,t,o,{...s,[c]:!0},N(r[c]??{})):(await F(n.credential_source,e,t.logger)(t))();if(N(n))return h.then(g=>l(g,"CREDENTIALS_PROFILE_SOURCE_PROFILE","o"));{let g={RoleArn:n.role_arn,RoleSessionName:n.role_session_name||`aws-sdk-js-${Date.now()}`,ExternalId:n.external_id,DurationSeconds:parseInt(n.duration_seconds||"3600",10)},{mfa_serial:f}=n;if(f){if(!t.mfaCodeProvider)throw new d(`Profile ${e} requires multi-factor authentication, but no MFA code callback was provided.`,{logger:t.logger,tryNextLink:!1});g.SerialNumber=f,g.TokenCode=await t.mfaCodeProvider(f)}let p=await h;return t.roleAssumer(p,g).then(u=>l(u,"CREDENTIALS_PROFILE_SOURCE_PROFILE","o"))}},"resolveAssumeRoleCredentials"),N=i(e=>!e.role_arn&&!!e.credential_source,"isCredentialSourceWithoutRoleArn");import{createHash as X,createPrivateKey as Q,createPublicKey as Z,sign as ee}from"node:crypto";import{promises as T}from"node:fs";import{homedir as te}from"node:os";import{dirname as re,join as B}from"node:path";var S=class e{static{i(this,"LoginCredentialsFetcher")}profileData;init;callerClientConfig;static REFRESH_THRESHOLD=300*1e3;constructor(r,t,o){this.profileData=r,this.init=t,this.callerClientConfig=o}async loadCredentials(){let r=await this.loadToken();if(!r)throw new d(`Failed to load a token for session ${this.loginSession}, please re-authenticate using aws login`,{tryNextLink:!1,logger:this.logger});let t=r.accessToken,o=Date.now();return new Date(t.expiresAt).getTime()-o<=e.REFRESH_THRESHOLD?this.refresh(r):{accessKeyId:t.accessKeyId,secretAccessKey:t.secretAccessKey,sessionToken:t.sessionToken,accountId:t.accountId,expiration:new Date(t.expiresAt)}}get logger(){return this.init?.logger}get loginSession(){return this.profileData.login_session}async refresh(r){let{SigninClient:t,CreateOAuth2TokenCommand:o}=await import("./signin-AH5DKK66.js"),{logger:s,userAgentAppId:a}=this.callerClientConfig??{},c=i(f=>f?.metadata?.handlerProtocol==="h2","isH2")(this.callerClientConfig?.requestHandler)?void 0:this.callerClientConfig?.requestHandler,m=this.profileData.region??await this.callerClientConfig?.region?.()??process.env.AWS_REGION,h=new t({credentials:{accessKeyId:"",secretAccessKey:""},region:m,requestHandler:c,logger:s,userAgentAppId:a,...this.init?.clientConfig});this.createDPoPInterceptor(h.middlewareStack);let g={tokenInput:{clientId:r.clientId,refreshToken:r.refreshToken,grantType:"refresh_token"}};try{let f=await h.send(new o(g)),{accessKeyId:p,secretAccessKey:u,sessionToken:w}=f.tokenOutput?.accessToken??{},{refreshToken:C,expiresIn:A}=f.tokenOutput??{};if(!p||!u||!w||!C)throw new d("Token refresh response missing required fields",{logger:this.logger,tryNextLink:!1});let I=(A??900)*1e3,y=new Date(Date.now()+I),b={...r,accessToken:{...r.accessToken,accessKeyId:p,secretAccessKey:u,sessionToken:w,expiresAt:y.toISOString()},refreshToken:C};await this.saveToken(b);let k=b.accessToken;return{accessKeyId:k.accessKeyId,secretAccessKey:k.secretAccessKey,sessionToken:k.sessionToken,accountId:k.accountId,expiration:y}}catch(f){if(f.name==="AccessDeniedException"){let p=f.error,u;switch(p){case"TOKEN_EXPIRED":u="Your session has expired. Please reauthenticate.";break;case"USER_CREDENTIALS_CHANGED":u="Unable to refresh credentials because of a change in your password. Please reauthenticate with your new password.";break;case"INSUFFICIENT_PERMISSIONS":u="Unable to refresh credentials due to insufficient permissions. You may be missing permission for the 'CreateOAuth2Token' action.";break;default:u=`Failed to refresh token: ${String(f)}. Please re-authenticate using \`aws login\``}throw new d(u,{logger:this.logger,tryNextLink:!1})}throw new d(`Failed to refresh token: ${String(f)}. Please re-authenticate using aws login`,{logger:this.logger})}}async loadToken(){let r=this.getTokenFilePath();try{let t;try{t=await O(r,{ignoreCache:this.init?.ignoreCache})}catch{t=await T.readFile(r,"utf8")}let o=JSON.parse(t),s=["accessToken","clientId","refreshToken","dpopKey"].filter(a=>!o[a]);if(o.accessToken?.accountId||s.push("accountId"),s.length>0)throw new d(`Token validation failed, missing fields: ${s.join(", ")}`,{logger:this.logger,tryNextLink:!1});return o}catch(t){throw new d(`Failed to load token from ${r}: ${String(t)}`,{logger:this.logger,tryNextLink:!1})}}async saveToken(r){let t=this.getTokenFilePath(),o=re(t);try{await T.mkdir(o,{recursive:!0})}catch{}await T.writeFile(t,JSON.stringify(r,null,2),"utf8")}getTokenFilePath(){let r=process.env.AWS_LOGIN_CACHE_DIRECTORY??B(te(),".aws","login","cache"),t=Buffer.from(this.loginSession,"utf8"),o=X("sha256").update(t).digest("hex");return B(r,`${o}.json`)}derToRawSignature(r){let t=2;if(r[t]!==2)throw new Error("Invalid DER signature");t++;let o=r[t++],s=r.subarray(t,t+o);if(t+=o,r[t]!==2)throw new Error("Invalid DER signature");t++;let a=r[t++],n=r.subarray(t,t+a);s=s[0]===0?s.subarray(1):s,n=n[0]===0?n.subarray(1):n;let c=Buffer.concat([Buffer.alloc(32-s.length),s]),m=Buffer.concat([Buffer.alloc(32-n.length),n]);return Buffer.concat([c,m])}createDPoPInterceptor(r){r.add(t=>async o=>{if(D.isInstance(o.request)){let s=o.request,a=`${s.protocol}//${s.hostname}${s.port?`:${s.port}`:""}${s.path}`,n=await this.generateDpop(s.method,a);s.headers={...s.headers,DPoP:n}}return t(o)},{step:"finalizeRequest",name:"dpopInterceptor",override:!0})}async generateDpop(r="POST",t){let o=await this.loadToken();try{let s=Q({key:o.dpopKey,format:"pem",type:"sec1"}),n=Z(s).export({format:"der",type:"spki"}),c=-1;for(let y=0;y<n.length;y++)if(n[y]===4){c=y;break}let m=n.slice(c+1,c+33),h=n.slice(c+33,c+65),g={alg:"ES256",typ:"dpop+jwt",jwk:{kty:"EC",crv:"P-256",x:m.toString("base64url"),y:h.toString("base64url")}},f={jti:crypto.randomUUID(),htm:r,htu:t,iat:Math.floor(Date.now()/1e3)},p=Buffer.from(JSON.stringify(g)).toString("base64url"),u=Buffer.from(JSON.stringify(f)).toString("base64url"),w=`${p}.${u}`,C=ee("sha256",Buffer.from(w),s),I=this.derToRawSignature(C).toString("base64url");return`${w}.${I}`}catch(s){throw new d(`Failed to generate Dpop proof: ${s instanceof Error?s.message:String(s)}`,{logger:this.logger,tryNextLink:!1})}}};var H=i(e=>async({callerClientConfig:r}={})=>{e?.logger?.debug?.("@aws-sdk/credential-providers - fromLoginCredentials");let t=await E(e||{}),o=_({profile:e?.profile??r?.profile}),s=t[o];if(!s?.login_session)throw new d(`Profile ${o} does not contain login_session.`,{tryNextLink:!0,logger:e?.logger});let n=await new S(s,e,r).loadCredentials();return l(n,"CREDENTIALS_LOGIN","AD")},"fromLoginCredentials");var j=i(e=>!!(e&&e.login_session),"isLoginProfile"),W=i(async(e,r,t)=>{let o=await H({...r,profile:e})({callerClientConfig:t});return l(o,"CREDENTIALS_PROFILE_LOGIN","AC")},"resolveLoginCredentials");var q=i(e=>!!e&&typeof e=="object"&&typeof e.credential_process=="string","isProcessProfile"),M=i(async(e,r)=>import("./dist-es-MTQKAI46.js").then(({fromProcess:t})=>t({...e,profile:r})().then(o=>l(o,"CREDENTIALS_PROFILE_PROCESS","v"))),"resolveProcessCredentials");var U=i(async(e,r,t={},o)=>{let{fromSSO:s}=await import("./dist-es-L65AGSLX.js");return s({profile:e,logger:t.logger,parentClientConfig:t.parentClientConfig,clientConfig:t.clientConfig})({callerClientConfig:o}).then(a=>r.sso_session?l(a,"CREDENTIALS_PROFILE_SSO","r"):l(a,"CREDENTIALS_PROFILE_SSO_LEGACY","t"))},"resolveSsoCredentials"),G=i(e=>e&&(typeof e.sso_start_url=="string"||typeof e.sso_account_id=="string"||typeof e.sso_session=="string"||typeof e.sso_region=="string"||typeof e.sso_role_name=="string"),"isSsoProfile");var x=i(e=>!!e&&typeof e=="object"&&typeof e.aws_access_key_id=="string"&&typeof e.aws_secret_access_key=="string"&&["undefined","string"].indexOf(typeof e.aws_session_token)>-1&&["undefined","string"].indexOf(typeof e.aws_account_id)>-1,"isStaticCredsProfile"),v=i(async(e,r)=>{r?.logger?.debug("@aws-sdk/credential-provider-ini - resolveStaticCredentials");let t={accessKeyId:e.aws_access_key_id,secretAccessKey:e.aws_secret_access_key,sessionToken:e.aws_session_token,...e.aws_credential_scope&&{credentialScope:e.aws_credential_scope},...e.aws_account_id&&{accountId:e.aws_account_id}};return l(t,"CREDENTIALS_PROFILE","n")},"resolveStaticCredentials");var J=i(e=>!!e&&typeof e=="object"&&typeof e.web_identity_token_file=="string"&&typeof e.role_arn=="string"&&["undefined","string"].indexOf(typeof e.role_session_name)>-1,"isWebIdentityProfile"),Y=i(async(e,r,t)=>import("./dist-es-OFGVNFYO.js").then(({fromTokenFile:o})=>o({webIdentityTokenFile:e.web_identity_token_file,roleArn:e.role_arn,roleSessionName:e.role_session_name,roleAssumerWithWebIdentity:r.roleAssumerWithWebIdentity,logger:r.logger,parentClientConfig:r.parentClientConfig})({callerClientConfig:t}).then(s=>l(s,"CREDENTIALS_PROFILE_STS_WEB_ID_TOKEN","q"))),"resolveWebIdentityCredentials");var R=i(async(e,r,t,o,s={},a=!1)=>{let n=r[e];if(Object.keys(s).length>0&&x(n))return v(n,t);if(a||$(n,{profile:e,logger:t.logger}))return K(e,r,t,o,s,R);if(x(n))return v(n,t);if(J(n))return Y(n,t,o);if(q(n))return M(t,e);if(G(n))return await U(e,n,t,o);if(j(n))return W(e,t,o);throw new d(`Could not resolve credentials using profile: [${e}] in configuration/credentials file(s).`,{logger:t.logger})},"resolveProfileData");var tt=i((e={})=>async({callerClientConfig:r}={})=>{e.logger?.debug("@aws-sdk/credential-provider-ini - fromIni");let t=await E(e);return R(_({profile:e.profile??r?.profile}),t,e,r)},"fromIni");export{tt as fromIni};
package/handler/dist-es-7QG4HPYM.js.map ADDED
@@ -0,0 +1,7 @@
1
+ {
2
+ "version": 3,
3
+ "sources": ["../../../node_modules/.bun/@aws-sdk+credential-provider-ini@3.972.8/node_modules/@aws-sdk/credential-provider-ini/dist-es/resolveCredentialSource.js", "../../../node_modules/.bun/@aws-sdk+credential-provider-ini@3.972.8/node_modules/@aws-sdk/credential-provider-ini/dist-es/resolveAssumeRoleCredentials.js", "../../../node_modules/.bun/@aws-sdk+credential-provider-login@3.972.8/node_modules/@aws-sdk/credential-provider-login/dist-es/LoginCredentialsFetcher.js", "../../../node_modules/.bun/@aws-sdk+credential-provider-login@3.972.8/node_modules/@aws-sdk/credential-provider-login/dist-es/fromLoginCredentials.js", "../../../node_modules/.bun/@aws-sdk+credential-provider-ini@3.972.8/node_modules/@aws-sdk/credential-provider-ini/dist-es/resolveLoginCredentials.js", "../../../node_modules/.bun/@aws-sdk+credential-provider-ini@3.972.8/node_modules/@aws-sdk/credential-provider-ini/dist-es/resolveProcessCredentials.js", "../../../node_modules/.bun/@aws-sdk+credential-provider-ini@3.972.8/node_modules/@aws-sdk/credential-provider-ini/dist-es/resolveSsoCredentials.js", "../../../node_modules/.bun/@aws-sdk+credential-provider-ini@3.972.8/node_modules/@aws-sdk/credential-provider-ini/dist-es/resolveStaticCredentials.js", "../../../node_modules/.bun/@aws-sdk+credential-provider-ini@3.972.8/node_modules/@aws-sdk/credential-provider-ini/dist-es/resolveWebIdentityCredentials.js", "../../../node_modules/.bun/@aws-sdk+credential-provider-ini@3.972.8/node_modules/@aws-sdk/credential-provider-ini/dist-es/resolveProfileData.js", "../../../node_modules/.bun/@aws-sdk+credential-provider-ini@3.972.8/node_modules/@aws-sdk/credential-provider-ini/dist-es/fromIni.js"],
4
+ "sourcesContent": ["import { setCredentialFeature } from \"@aws-sdk/core/client\";\nimport { chain, CredentialsProviderError } from \"@smithy/property-provider\";\nexport const resolveCredentialSource = (credentialSource, profileName, logger) => {\n const sourceProvidersMap = {\n EcsContainer: async (options) => {\n const { fromHttp } = await import(\"@aws-sdk/credential-provider-http\");\n const { fromContainerMetadata } = await import(\"@smithy/credential-provider-imds\");\n logger?.debug(\"@aws-sdk/credential-provider-ini - credential_source is EcsContainer\");\n return async () => chain(fromHttp(options ?? {}), fromContainerMetadata(options))().then(setNamedProvider);\n },\n Ec2InstanceMetadata: async (options) => {\n logger?.debug(\"@aws-sdk/credential-provider-ini - credential_source is Ec2InstanceMetadata\");\n const { fromInstanceMetadata } = await import(\"@smithy/credential-provider-imds\");\n return async () => fromInstanceMetadata(options)().then(setNamedProvider);\n },\n Environment: async (options) => {\n logger?.debug(\"@aws-sdk/credential-provider-ini - credential_source is Environment\");\n const { fromEnv } = await import(\"@aws-sdk/credential-provider-env\");\n return async () => fromEnv(options)().then(setNamedProvider);\n },\n };\n if (credentialSource in sourceProvidersMap) {\n return sourceProvidersMap[credentialSource];\n }\n else {\n throw new CredentialsProviderError(`Unsupported credential source in profile ${profileName}. Got ${credentialSource}, ` +\n `expected EcsContainer or Ec2InstanceMetadata or Environment.`, { logger });\n }\n};\nconst setNamedProvider = (creds) => setCredentialFeature(creds, \"CREDENTIALS_PROFILE_NAMED_PROVIDER\", \"p\");\n", "import { setCredentialFeature } from \"@aws-sdk/core/client\";\nimport { CredentialsProviderError } from \"@smithy/property-provider\";\nimport { getProfileName } from \"@smithy/shared-ini-file-loader\";\nimport { resolveCredentialSource } from \"./resolveCredentialSource\";\nexport const isAssumeRoleProfile = (arg, { profile = \"default\", logger } = {}) => {\n return (Boolean(arg) &&\n typeof arg === \"object\" &&\n typeof arg.role_arn === \"string\" &&\n [\"undefined\", \"string\"].indexOf(typeof arg.role_session_name) > -1 &&\n [\"undefined\", \"string\"].indexOf(typeof arg.external_id) > -1 &&\n [\"undefined\", \"string\"].indexOf(typeof arg.mfa_serial) > -1 &&\n (isAssumeRoleWithSourceProfile(arg, { profile, logger }) || isCredentialSourceProfile(arg, { profile, logger })));\n};\nconst isAssumeRoleWithSourceProfile = (arg, { profile, logger }) => {\n const withSourceProfile = typeof arg.source_profile === \"string\" && typeof arg.credential_source === \"undefined\";\n if (withSourceProfile) {\n logger?.debug?.(` ${profile} isAssumeRoleWithSourceProfile source_profile=${arg.source_profile}`);\n }\n return withSourceProfile;\n};\nconst isCredentialSourceProfile = (arg, { profile, logger }) => {\n const withProviderProfile = typeof arg.credential_source === \"string\" && typeof arg.source_profile === \"undefined\";\n if (withProviderProfile) {\n logger?.debug?.(` ${profile} isCredentialSourceProfile credential_source=${arg.credential_source}`);\n }\n return withProviderProfile;\n};\nexport const resolveAssumeRoleCredentials = async (profileName, profiles, options, callerClientConfig, visitedProfiles = {}, resolveProfileData) => {\n options.logger?.debug(\"@aws-sdk/credential-provider-ini - resolveAssumeRoleCredentials (STS)\");\n const profileData = profiles[profileName];\n const { source_profile, region } = profileData;\n if (!options.roleAssumer) {\n const { getDefaultRoleAssumer } = await import(\"@aws-sdk/nested-clients/sts\");\n options.roleAssumer = getDefaultRoleAssumer({\n ...options.clientConfig,\n credentialProviderLogger: options.logger,\n parentClientConfig: {\n ...callerClientConfig,\n ...options?.parentClientConfig,\n region: region ?? options?.parentClientConfig?.region ?? callerClientConfig?.region,\n },\n }, options.clientPlugins);\n }\n if (source_profile && source_profile in visitedProfiles) {\n throw new CredentialsProviderError(`Detected a cycle attempting to resolve credentials for profile` +\n ` ${getProfileName(options)}. Profiles visited: ` +\n Object.keys(visitedProfiles).join(\", \"), { logger: options.logger });\n }\n options.logger?.debug(`@aws-sdk/credential-provider-ini - finding credential resolver using ${source_profile ? `source_profile=[${source_profile}]` : `profile=[${profileName}]`}`);\n const sourceCredsProvider = source_profile\n ? resolveProfileData(source_profile, profiles, options, callerClientConfig, {\n ...visitedProfiles,\n [source_profile]: true,\n }, isCredentialSourceWithoutRoleArn(profiles[source_profile] ?? {}))\n : (await resolveCredentialSource(profileData.credential_source, profileName, options.logger)(options))();\n if (isCredentialSourceWithoutRoleArn(profileData)) {\n return sourceCredsProvider.then((creds) => setCredentialFeature(creds, \"CREDENTIALS_PROFILE_SOURCE_PROFILE\", \"o\"));\n }\n else {\n const params = {\n RoleArn: profileData.role_arn,\n RoleSessionName: profileData.role_session_name || `aws-sdk-js-${Date.now()}`,\n ExternalId: profileData.external_id,\n DurationSeconds: parseInt(profileData.duration_seconds || \"3600\", 10),\n };\n const { mfa_serial } = profileData;\n if (mfa_serial) {\n if (!options.mfaCodeProvider) {\n throw new CredentialsProviderError(`Profile ${profileName} requires multi-factor authentication, but no MFA code callback was provided.`, { logger: options.logger, tryNextLink: false });\n }\n params.SerialNumber = mfa_serial;\n params.TokenCode = await options.mfaCodeProvider(mfa_serial);\n }\n const sourceCreds = await sourceCredsProvider;\n return options.roleAssumer(sourceCreds, params).then((creds) => setCredentialFeature(creds, \"CREDENTIALS_PROFILE_SOURCE_PROFILE\", \"o\"));\n }\n};\nconst isCredentialSourceWithoutRoleArn = (section) => {\n return !section.role_arn && !!section.credential_source;\n};\n", "import { CredentialsProviderError } from \"@smithy/property-provider\";\nimport { HttpRequest } from \"@smithy/protocol-http\";\nimport { readFile } from \"@smithy/shared-ini-file-loader\";\nimport { createHash, createPrivateKey, createPublicKey, sign } from \"node:crypto\";\nimport { promises as fs } from \"node:fs\";\nimport { homedir } from \"node:os\";\nimport { dirname, join } from \"node:path\";\nexport class LoginCredentialsFetcher {\n profileData;\n init;\n callerClientConfig;\n static REFRESH_THRESHOLD = 5 * 60 * 1000;\n constructor(profileData, init, callerClientConfig) {\n this.profileData = profileData;\n this.init = init;\n this.callerClientConfig = callerClientConfig;\n }\n async loadCredentials() {\n const token = await this.loadToken();\n if (!token) {\n throw new CredentialsProviderError(`Failed to load a token for session ${this.loginSession}, please re-authenticate using aws login`, { tryNextLink: false, logger: this.logger });\n }\n const accessToken = token.accessToken;\n const now = Date.now();\n const expiryTime = new Date(accessToken.expiresAt).getTime();\n const timeUntilExpiry = expiryTime - now;\n if (timeUntilExpiry <= LoginCredentialsFetcher.REFRESH_THRESHOLD) {\n return this.refresh(token);\n }\n return {\n accessKeyId: accessToken.accessKeyId,\n secretAccessKey: accessToken.secretAccessKey,\n sessionToken: accessToken.sessionToken,\n accountId: accessToken.accountId,\n expiration: new Date(accessToken.expiresAt),\n };\n }\n get logger() {\n return this.init?.logger;\n }\n get loginSession() {\n return this.profileData.login_session;\n }\n async refresh(token) {\n const { SigninClient, CreateOAuth2TokenCommand } = await import(\"@aws-sdk/nested-clients/signin\");\n const { logger, userAgentAppId } = this.callerClientConfig ?? {};\n const isH2 = (requestHandler) => {\n return requestHandler?.metadata?.handlerProtocol === \"h2\";\n };\n const requestHandler = isH2(this.callerClientConfig?.requestHandler)\n ? undefined\n : this.callerClientConfig?.requestHandler;\n const region = this.profileData.region ?? (await this.callerClientConfig?.region?.()) ?? process.env.AWS_REGION;\n const client = new SigninClient({\n credentials: {\n accessKeyId: \"\",\n secretAccessKey: \"\",\n },\n region,\n requestHandler,\n logger,\n userAgentAppId,\n ...this.init?.clientConfig,\n });\n this.createDPoPInterceptor(client.middlewareStack);\n const commandInput = {\n tokenInput: {\n clientId: token.clientId,\n refreshToken: token.refreshToken,\n grantType: \"refresh_token\",\n },\n };\n try {\n const response = await client.send(new CreateOAuth2TokenCommand(commandInput));\n const { accessKeyId, secretAccessKey, sessionToken } = response.tokenOutput?.accessToken ?? {};\n const { refreshToken, expiresIn } = response.tokenOutput ?? {};\n if (!accessKeyId || !secretAccessKey || !sessionToken || !refreshToken) {\n throw new CredentialsProviderError(\"Token refresh response missing required fields\", {\n logger: this.logger,\n tryNextLink: false,\n });\n }\n const expiresInMs = (expiresIn ?? 900) * 1000;\n const expiration = new Date(Date.now() + expiresInMs);\n const updatedToken = {\n ...token,\n accessToken: {\n ...token.accessToken,\n accessKeyId: accessKeyId,\n secretAccessKey: secretAccessKey,\n sessionToken: sessionToken,\n expiresAt: expiration.toISOString(),\n },\n refreshToken: refreshToken,\n };\n await this.saveToken(updatedToken);\n const newAccessToken = updatedToken.accessToken;\n return {\n accessKeyId: newAccessToken.accessKeyId,\n secretAccessKey: newAccessToken.secretAccessKey,\n sessionToken: newAccessToken.sessionToken,\n accountId: newAccessToken.accountId,\n expiration,\n };\n }\n catch (error) {\n if (error.name === \"AccessDeniedException\") {\n const errorType = error.error;\n let message;\n switch (errorType) {\n case \"TOKEN_EXPIRED\":\n message = \"Your session has expired. Please reauthenticate.\";\n break;\n case \"USER_CREDENTIALS_CHANGED\":\n message =\n \"Unable to refresh credentials because of a change in your password. Please reauthenticate with your new password.\";\n break;\n case \"INSUFFICIENT_PERMISSIONS\":\n message =\n \"Unable to refresh credentials due to insufficient permissions. You may be missing permission for the 'CreateOAuth2Token' action.\";\n break;\n default:\n message = `Failed to refresh token: ${String(error)}. Please re-authenticate using \\`aws login\\``;\n }\n throw new CredentialsProviderError(message, { logger: this.logger, tryNextLink: false });\n }\n throw new CredentialsProviderError(`Failed to refresh token: ${String(error)}. Please re-authenticate using aws login`, { logger: this.logger });\n }\n }\n async loadToken() {\n const tokenFilePath = this.getTokenFilePath();\n try {\n let tokenData;\n try {\n tokenData = await readFile(tokenFilePath, { ignoreCache: this.init?.ignoreCache });\n }\n catch {\n tokenData = await fs.readFile(tokenFilePath, \"utf8\");\n }\n const token = JSON.parse(tokenData);\n const missingFields = [\"accessToken\", \"clientId\", \"refreshToken\", \"dpopKey\"].filter((k) => !token[k]);\n if (!token.accessToken?.accountId) {\n missingFields.push(\"accountId\");\n }\n if (missingFields.length > 0) {\n throw new CredentialsProviderError(`Token validation failed, missing fields: ${missingFields.join(\", \")}`, {\n logger: this.logger,\n tryNextLink: false,\n });\n }\n return token;\n }\n catch (error) {\n throw new CredentialsProviderError(`Failed to load token from ${tokenFilePath}: ${String(error)}`, {\n logger: this.logger,\n tryNextLink: false,\n });\n }\n }\n async saveToken(token) {\n const tokenFilePath = this.getTokenFilePath();\n const directory = dirname(tokenFilePath);\n try {\n await fs.mkdir(directory, { recursive: true });\n }\n catch (error) {\n }\n await fs.writeFile(tokenFilePath, JSON.stringify(token, null, 2), \"utf8\");\n }\n getTokenFilePath() {\n const directory = process.env.AWS_LOGIN_CACHE_DIRECTORY ?? join(homedir(), \".aws\", \"login\", \"cache\");\n const loginSessionBytes = Buffer.from(this.loginSession, \"utf8\");\n const loginSessionSha256 = createHash(\"sha256\").update(loginSessionBytes).digest(\"hex\");\n return join(directory, `${loginSessionSha256}.json`);\n }\n derToRawSignature(derSignature) {\n let offset = 2;\n if (derSignature[offset] !== 0x02) {\n throw new Error(\"Invalid DER signature\");\n }\n offset++;\n const rLength = derSignature[offset++];\n let r = derSignature.subarray(offset, offset + rLength);\n offset += rLength;\n if (derSignature[offset] !== 0x02) {\n throw new Error(\"Invalid DER signature\");\n }\n offset++;\n const sLength = derSignature[offset++];\n let s = derSignature.subarray(offset, offset + sLength);\n r = r[0] === 0x00 ? r.subarray(1) : r;\n s = s[0] === 0x00 ? s.subarray(1) : s;\n const rPadded = Buffer.concat([Buffer.alloc(32 - r.length), r]);\n const sPadded = Buffer.concat([Buffer.alloc(32 - s.length), s]);\n return Buffer.concat([rPadded, sPadded]);\n }\n createDPoPInterceptor(middlewareStack) {\n middlewareStack.add((next) => async (args) => {\n if (HttpRequest.isInstance(args.request)) {\n const request = args.request;\n const actualEndpoint = `${request.protocol}//${request.hostname}${request.port ? `:${request.port}` : \"\"}${request.path}`;\n const dpop = await this.generateDpop(request.method, actualEndpoint);\n request.headers = {\n ...request.headers,\n DPoP: dpop,\n };\n }\n return next(args);\n }, {\n step: \"finalizeRequest\",\n name: \"dpopInterceptor\",\n override: true,\n });\n }\n async generateDpop(method = \"POST\", endpoint) {\n const token = await this.loadToken();\n try {\n const privateKey = createPrivateKey({\n key: token.dpopKey,\n format: \"pem\",\n type: \"sec1\",\n });\n const publicKey = createPublicKey(privateKey);\n const publicDer = publicKey.export({ format: \"der\", type: \"spki\" });\n let pointStart = -1;\n for (let i = 0; i < publicDer.length; i++) {\n if (publicDer[i] === 0x04) {\n pointStart = i;\n break;\n }\n }\n const x = publicDer.slice(pointStart + 1, pointStart + 33);\n const y = publicDer.slice(pointStart + 33, pointStart + 65);\n const header = {\n alg: \"ES256\",\n typ: \"dpop+jwt\",\n jwk: {\n kty: \"EC\",\n crv: \"P-256\",\n x: x.toString(\"base64url\"),\n y: y.toString(\"base64url\"),\n },\n };\n const payload = {\n jti: crypto.randomUUID(),\n htm: method,\n htu: endpoint,\n iat: Math.floor(Date.now() / 1000),\n };\n const headerB64 = Buffer.from(JSON.stringify(header)).toString(\"base64url\");\n const payloadB64 = Buffer.from(JSON.stringify(payload)).toString(\"base64url\");\n const message = `${headerB64}.${payloadB64}`;\n const asn1Signature = sign(\"sha256\", Buffer.from(message), privateKey);\n const rawSignature = this.derToRawSignature(asn1Signature);\n const signatureB64 = rawSignature.toString(\"base64url\");\n return `${message}.${signatureB64}`;\n }\n catch (error) {\n throw new CredentialsProviderError(`Failed to generate Dpop proof: ${error instanceof Error ? error.message : String(error)}`, { logger: this.logger, tryNextLink: false });\n }\n }\n}\n", "import { setCredentialFeature } from \"@aws-sdk/core/client\";\nimport { CredentialsProviderError } from \"@smithy/property-provider\";\nimport { getProfileName, parseKnownFiles } from \"@smithy/shared-ini-file-loader\";\nimport { LoginCredentialsFetcher } from \"./LoginCredentialsFetcher\";\nexport const fromLoginCredentials = (init) => async ({ callerClientConfig } = {}) => {\n init?.logger?.debug?.(\"@aws-sdk/credential-providers - fromLoginCredentials\");\n const profiles = await parseKnownFiles(init || {});\n const profileName = getProfileName({\n profile: init?.profile ?? callerClientConfig?.profile,\n });\n const profile = profiles[profileName];\n if (!profile?.login_session) {\n throw new CredentialsProviderError(`Profile ${profileName} does not contain login_session.`, {\n tryNextLink: true,\n logger: init?.logger,\n });\n }\n const fetcher = new LoginCredentialsFetcher(profile, init, callerClientConfig);\n const credentials = await fetcher.loadCredentials();\n return setCredentialFeature(credentials, \"CREDENTIALS_LOGIN\", \"AD\");\n};\n", "import { setCredentialFeature } from \"@aws-sdk/core/client\";\nimport { fromLoginCredentials } from \"@aws-sdk/credential-provider-login\";\nexport const isLoginProfile = (data) => {\n return Boolean(data && data.login_session);\n};\nexport const resolveLoginCredentials = async (profileName, options, callerClientConfig) => {\n const credentials = await fromLoginCredentials({\n ...options,\n profile: profileName,\n })({ callerClientConfig });\n return setCredentialFeature(credentials, \"CREDENTIALS_PROFILE_LOGIN\", \"AC\");\n};\n", "import { setCredentialFeature } from \"@aws-sdk/core/client\";\nexport const isProcessProfile = (arg) => Boolean(arg) && typeof arg === \"object\" && typeof arg.credential_process === \"string\";\nexport const resolveProcessCredentials = async (options, profile) => import(\"@aws-sdk/credential-provider-process\").then(({ fromProcess }) => fromProcess({\n ...options,\n profile,\n})().then((creds) => setCredentialFeature(creds, \"CREDENTIALS_PROFILE_PROCESS\", \"v\")));\n", "import { setCredentialFeature } from \"@aws-sdk/core/client\";\nexport const resolveSsoCredentials = async (profile, profileData, options = {}, callerClientConfig) => {\n const { fromSSO } = await import(\"@aws-sdk/credential-provider-sso\");\n return fromSSO({\n profile,\n logger: options.logger,\n parentClientConfig: options.parentClientConfig,\n clientConfig: options.clientConfig,\n })({\n callerClientConfig,\n }).then((creds) => {\n if (profileData.sso_session) {\n return setCredentialFeature(creds, \"CREDENTIALS_PROFILE_SSO\", \"r\");\n }\n else {\n return setCredentialFeature(creds, \"CREDENTIALS_PROFILE_SSO_LEGACY\", \"t\");\n }\n });\n};\nexport const isSsoProfile = (arg) => arg &&\n (typeof arg.sso_start_url === \"string\" ||\n typeof arg.sso_account_id === \"string\" ||\n typeof arg.sso_session === \"string\" ||\n typeof arg.sso_region === \"string\" ||\n typeof arg.sso_role_name === \"string\");\n", "import { setCredentialFeature } from \"@aws-sdk/core/client\";\nexport const isStaticCredsProfile = (arg) => Boolean(arg) &&\n typeof arg === \"object\" &&\n typeof arg.aws_access_key_id === \"string\" &&\n typeof arg.aws_secret_access_key === \"string\" &&\n [\"undefined\", \"string\"].indexOf(typeof arg.aws_session_token) > -1 &&\n [\"undefined\", \"string\"].indexOf(typeof arg.aws_account_id) > -1;\nexport const resolveStaticCredentials = async (profile, options) => {\n options?.logger?.debug(\"@aws-sdk/credential-provider-ini - resolveStaticCredentials\");\n const credentials = {\n accessKeyId: profile.aws_access_key_id,\n secretAccessKey: profile.aws_secret_access_key,\n sessionToken: profile.aws_session_token,\n ...(profile.aws_credential_scope && { credentialScope: profile.aws_credential_scope }),\n ...(profile.aws_account_id && { accountId: profile.aws_account_id }),\n };\n return setCredentialFeature(credentials, \"CREDENTIALS_PROFILE\", \"n\");\n};\n", "import { setCredentialFeature } from \"@aws-sdk/core/client\";\nexport const isWebIdentityProfile = (arg) => Boolean(arg) &&\n typeof arg === \"object\" &&\n typeof arg.web_identity_token_file === \"string\" &&\n typeof arg.role_arn === \"string\" &&\n [\"undefined\", \"string\"].indexOf(typeof arg.role_session_name) > -1;\nexport const resolveWebIdentityCredentials = async (profile, options, callerClientConfig) => import(\"@aws-sdk/credential-provider-web-identity\").then(({ fromTokenFile }) => fromTokenFile({\n webIdentityTokenFile: profile.web_identity_token_file,\n roleArn: profile.role_arn,\n roleSessionName: profile.role_session_name,\n roleAssumerWithWebIdentity: options.roleAssumerWithWebIdentity,\n logger: options.logger,\n parentClientConfig: options.parentClientConfig,\n})({\n callerClientConfig,\n}).then((creds) => setCredentialFeature(creds, \"CREDENTIALS_PROFILE_STS_WEB_ID_TOKEN\", \"q\")));\n", "import { CredentialsProviderError } from \"@smithy/property-provider\";\nimport { isAssumeRoleProfile, resolveAssumeRoleCredentials } from \"./resolveAssumeRoleCredentials\";\nimport { isLoginProfile, resolveLoginCredentials } from \"./resolveLoginCredentials\";\nimport { isProcessProfile, resolveProcessCredentials } from \"./resolveProcessCredentials\";\nimport { isSsoProfile, resolveSsoCredentials } from \"./resolveSsoCredentials\";\nimport { isStaticCredsProfile, resolveStaticCredentials } from \"./resolveStaticCredentials\";\nimport { isWebIdentityProfile, resolveWebIdentityCredentials } from \"./resolveWebIdentityCredentials\";\nexport const resolveProfileData = async (profileName, profiles, options, callerClientConfig, visitedProfiles = {}, isAssumeRoleRecursiveCall = false) => {\n const data = profiles[profileName];\n if (Object.keys(visitedProfiles).length > 0 && isStaticCredsProfile(data)) {\n return resolveStaticCredentials(data, options);\n }\n if (isAssumeRoleRecursiveCall || isAssumeRoleProfile(data, { profile: profileName, logger: options.logger })) {\n return resolveAssumeRoleCredentials(profileName, profiles, options, callerClientConfig, visitedProfiles, resolveProfileData);\n }\n if (isStaticCredsProfile(data)) {\n return resolveStaticCredentials(data, options);\n }\n if (isWebIdentityProfile(data)) {\n return resolveWebIdentityCredentials(data, options, callerClientConfig);\n }\n if (isProcessProfile(data)) {\n return resolveProcessCredentials(options, profileName);\n }\n if (isSsoProfile(data)) {\n return await resolveSsoCredentials(profileName, data, options, callerClientConfig);\n }\n if (isLoginProfile(data)) {\n return resolveLoginCredentials(profileName, options, callerClientConfig);\n }\n throw new CredentialsProviderError(`Could not resolve credentials using profile: [${profileName}] in configuration/credentials file(s).`, { logger: options.logger });\n};\n", "import { getProfileName, parseKnownFiles } from \"@smithy/shared-ini-file-loader\";\nimport { resolveProfileData } from \"./resolveProfileData\";\nexport const fromIni = (init = {}) => async ({ callerClientConfig } = {}) => {\n init.logger?.debug(\"@aws-sdk/credential-provider-ini - fromIni\");\n const profiles = await parseKnownFiles(init);\n return resolveProfileData(getProfileName({\n profile: init.profile ?? callerClientConfig?.profile,\n }), profiles, init, callerClientConfig);\n};\n"],
5
+ "mappings": ";8PAEO,IAAMA,EAA0BC,EAAA,CAACC,EAAkBC,EAAaC,IAAW,CAC9E,IAAMC,EAAqB,CACvB,aAAcJ,EAAA,MAAOK,GAAY,CAC7B,GAAM,CAAE,SAAAC,CAAS,EAAI,KAAM,QAAO,uBAAmC,EAC/D,CAAE,sBAAAC,CAAsB,EAAI,KAAM,QAAO,uBAAkC,EACjF,OAAAJ,GAAQ,MAAM,sEAAsE,EAC7E,SAAYK,EAAMF,EAASD,GAAW,CAAC,CAAC,EAAGE,EAAsBF,CAAO,CAAC,EAAE,EAAE,KAAKI,CAAgB,CAC7G,EALc,gBAMd,oBAAqBT,EAAA,MAAOK,GAAY,CACpCF,GAAQ,MAAM,6EAA6E,EAC3F,GAAM,CAAE,qBAAAO,CAAqB,EAAI,KAAM,QAAO,uBAAkC,EAChF,MAAO,UAAYA,EAAqBL,CAAO,EAAE,EAAE,KAAKI,CAAgB,CAC5E,EAJqB,uBAKrB,YAAaT,EAAA,MAAOK,GAAY,CAC5BF,GAAQ,MAAM,qEAAqE,EACnF,GAAM,CAAE,QAAAQ,CAAQ,EAAI,KAAM,QAAO,uBAAkC,EACnE,MAAO,UAAYA,EAAQN,CAAO,EAAE,EAAE,KAAKI,CAAgB,CAC/D,EAJa,cAKjB,EACA,GAAIR,KAAoBG,EACpB,OAAOA,EAAmBH,CAAgB,EAG1C,MAAM,IAAIW,EAAyB,4CAA4CV,CAAW,SAASD,CAAgB,iEAC/C,CAAE,OAAAE,CAAO,CAAC,CAEtF,EA1BuC,2BA2BjCM,EAAmBT,EAACa,GAAUC,EAAqBD,EAAO,qCAAsC,GAAG,EAAhF,oBCzBlB,IAAME,EAAsBC,EAAA,CAACC,EAAK,CAAE,QAAAC,EAAU,UAAW,OAAAC,CAAO,EAAI,CAAC,IAChE,EAAQF,GACZ,OAAOA,GAAQ,UACf,OAAOA,EAAI,UAAa,UACxB,CAAC,YAAa,QAAQ,EAAE,QAAQ,OAAOA,EAAI,iBAAiB,EAAI,IAChE,CAAC,YAAa,QAAQ,EAAE,QAAQ,OAAOA,EAAI,WAAW,EAAI,IAC1D,CAAC,YAAa,QAAQ,EAAE,QAAQ,OAAOA,EAAI,UAAU,EAAI,KACxDG,EAA8BH,EAAK,CAAE,QAAAC,EAAS,OAAAC,CAAO,CAAC,GAAKE,EAA0BJ,EAAK,CAAE,QAAAC,EAAS,OAAAC,CAAO,CAAC,GAPnF,uBAS7BC,EAAgCJ,EAAA,CAACC,EAAK,CAAE,QAAAC,EAAS,OAAAC,CAAO,IAAM,CAChE,IAAMG,EAAoB,OAAOL,EAAI,gBAAmB,UAAY,OAAOA,EAAI,kBAAsB,IACrG,OAAIK,GACAH,GAAQ,QAAQ,OAAOD,CAAO,iDAAiDD,EAAI,cAAc,EAAE,EAEhGK,CACX,EANsC,iCAOhCD,EAA4BL,EAAA,CAACC,EAAK,CAAE,QAAAC,EAAS,OAAAC,CAAO,IAAM,CAC5D,IAAMI,EAAsB,OAAON,EAAI,mBAAsB,UAAY,OAAOA,EAAI,eAAmB,IACvG,OAAIM,GACAJ,GAAQ,QAAQ,OAAOD,CAAO,gDAAgDD,EAAI,iBAAiB,EAAE,EAElGM,CACX,EANkC,6BAOrBC,EAA+BR,EAAA,MAAOS,EAAaC,EAAUC,EAASC,EAAoBC,EAAkB,CAAC,EAAGC,IAAuB,CAChJH,EAAQ,QAAQ,MAAM,uEAAuE,EAC7F,IAAMI,EAAcL,EAASD,CAAW,EAClC,CAAE,eAAAO,EAAgB,OAAAC,CAAO,EAAIF,EACnC,GAAI,CAACJ,EAAQ,YAAa,CACtB,GAAM,CAAE,sBAAAO,CAAsB,EAAI,KAAM,QAAO,mBAA6B,EAC5EP,EAAQ,YAAcO,EAAsB,CACxC,GAAGP,EAAQ,aACX,yBAA0BA,EAAQ,OAClC,mBAAoB,CAChB,GAAGC,EACH,GAAGD,GAAS,mBACZ,OAAQM,GAAUN,GAAS,oBAAoB,QAAUC,GAAoB,MACjF,CACJ,EAAGD,EAAQ,aAAa,CAC5B,CACA,GAAIK,GAAkBA,KAAkBH,EACpC,MAAM,IAAIM,EAAyB,kEAC3BC,EAAeT,CAAO,CAAC,uBAC3B,OAAO,KAAKE,CAAe,EAAE,KAAK,IAAI,EAAG,CAAE,OAAQF,EAAQ,MAAO,CAAC,EAE3EA,EAAQ,QAAQ,MAAM,wEAAwEK,EAAiB,mBAAmBA,CAAc,IAAM,YAAYP,CAAW,GAAG,EAAE,EAClL,IAAMY,EAAsBL,EACtBF,EAAmBE,EAAgBN,EAAUC,EAASC,EAAoB,CACxE,GAAGC,EACH,CAACG,CAAc,EAAG,EACtB,EAAGM,EAAiCZ,EAASM,CAAc,GAAK,CAAC,CAAC,CAAC,GAChE,MAAMO,EAAwBR,EAAY,kBAAmBN,EAAaE,EAAQ,MAAM,EAAEA,CAAO,GAAG,EAC3G,GAAIW,EAAiCP,CAAW,EAC5C,OAAOM,EAAoB,KAAMG,GAAUC,EAAqBD,EAAO,qCAAsC,GAAG,CAAC,EAEhH,CACD,IAAME,EAAS,CACX,QAASX,EAAY,SACrB,gBAAiBA,EAAY,mBAAqB,cAAc,KAAK,IAAI,CAAC,GAC1E,WAAYA,EAAY,YACxB,gBAAiB,SAASA,EAAY,kBAAoB,OAAQ,EAAE,CACxE,EACM,CAAE,WAAAY,CAAW,EAAIZ,EACvB,GAAIY,EAAY,CACZ,GAAI,CAAChB,EAAQ,gBACT,MAAM,IAAIQ,EAAyB,WAAWV,CAAW,gFAAiF,CAAE,OAAQE,EAAQ,OAAQ,YAAa,EAAM,CAAC,EAE5Le,EAAO,aAAeC,EACtBD,EAAO,UAAY,MAAMf,EAAQ,gBAAgBgB,CAAU,CAC/D,CACA,IAAMC,EAAc,MAAMP,EAC1B,OAAOV,EAAQ,YAAYiB,EAAaF,CAAM,EAAE,KAAMF,GAAUC,EAAqBD,EAAO,qCAAsC,GAAG,CAAC,CAC1I,CACJ,EAjD4C,gCAkDtCF,EAAmCtB,EAAC6B,GAC/B,CAACA,EAAQ,UAAY,CAAC,CAACA,EAAQ,kBADD,oCC1EzC,OAAS,cAAAC,EAAY,oBAAAC,EAAkB,mBAAAC,EAAiB,QAAAC,OAAY,cACpE,OAAS,YAAYC,MAAU,UAC/B,OAAS,WAAAC,OAAe,UACxB,OAAS,WAAAC,GAAS,QAAAC,MAAY,YACvB,IAAMC,EAAN,MAAMC,CAAwB,CAPrC,MAOqC,CAAAC,EAAA,gCACjC,YACA,KACA,mBACA,OAAO,kBAAoB,IAAS,IACpC,YAAYC,EAAaC,EAAMC,EAAoB,CAC/C,KAAK,YAAcF,EACnB,KAAK,KAAOC,EACZ,KAAK,mBAAqBC,CAC9B,CACA,MAAM,iBAAkB,CACpB,IAAMC,EAAQ,MAAM,KAAK,UAAU,EACnC,GAAI,CAACA,EACD,MAAM,IAAIC,EAAyB,sCAAsC,KAAK,YAAY,2CAA4C,CAAE,YAAa,GAAO,OAAQ,KAAK,MAAO,CAAC,EAErL,IAAMC,EAAcF,EAAM,YACpBG,EAAM,KAAK,IAAI,EAGrB,OAFmB,IAAI,KAAKD,EAAY,SAAS,EAAE,QAAQ,EACtBC,GACdR,EAAwB,kBACpC,KAAK,QAAQK,CAAK,EAEtB,CACH,YAAaE,EAAY,YACzB,gBAAiBA,EAAY,gBAC7B,aAAcA,EAAY,aAC1B,UAAWA,EAAY,UACvB,WAAY,IAAI,KAAKA,EAAY,SAAS,CAC9C,CACJ,CACA,IAAI,QAAS,CACT,OAAO,KAAK,MAAM,MACtB,CACA,IAAI,cAAe,CACf,OAAO,KAAK,YAAY,aAC5B,CACA,MAAM,QAAQF,EAAO,CACjB,GAAM,CAAE,aAAAI,EAAc,yBAAAC,CAAyB,EAAI,KAAM,QAAO,sBAAgC,EAC1F,CAAE,OAAAC,EAAQ,eAAAC,CAAe,EAAI,KAAK,oBAAsB,CAAC,EAIzDC,EAHOZ,EAACY,GACHA,GAAgB,UAAU,kBAAoB,KAD5C,QAGe,KAAK,oBAAoB,cAAc,EAC7D,OACA,KAAK,oBAAoB,eACzBC,EAAS,KAAK,YAAY,QAAW,MAAM,KAAK,oBAAoB,SAAS,GAAM,QAAQ,IAAI,WAC/FC,EAAS,IAAIN,EAAa,CAC5B,YAAa,CACT,YAAa,GACb,gBAAiB,EACrB,EACA,OAAAK,EACA,eAAAD,EACA,OAAAF,EACA,eAAAC,EACA,GAAG,KAAK,MAAM,YAClB,CAAC,EACD,KAAK,sBAAsBG,EAAO,eAAe,EACjD,IAAMC,EAAe,CACjB,WAAY,CACR,SAAUX,EAAM,SAChB,aAAcA,EAAM,aACpB,UAAW,eACf,CACJ,EACA,GAAI,CACA,IAAMY,EAAW,MAAMF,EAAO,KAAK,IAAIL,EAAyBM,CAAY,CAAC,EACvE,CAAE,YAAAE,EAAa,gBAAAC,EAAiB,aAAAC,CAAa,EAAIH,EAAS,aAAa,aAAe,CAAC,EACvF,CAAE,aAAAI,EAAc,UAAAC,CAAU,EAAIL,EAAS,aAAe,CAAC,EAC7D,GAAI,CAACC,GAAe,CAACC,GAAmB,CAACC,GAAgB,CAACC,EACtD,MAAM,IAAIf,EAAyB,iDAAkD,CACjF,OAAQ,KAAK,OACb,YAAa,EACjB,CAAC,EAEL,IAAMiB,GAAeD,GAAa,KAAO,IACnCE,EAAa,IAAI,KAAK,KAAK,IAAI,EAAID,CAAW,EAC9CE,EAAe,CACjB,GAAGpB,EACH,YAAa,CACT,GAAGA,EAAM,YACT,YAAaa,EACb,gBAAiBC,EACjB,aAAcC,EACd,UAAWI,EAAW,YAAY,CACtC,EACA,aAAcH,CAClB,EACA,MAAM,KAAK,UAAUI,CAAY,EACjC,IAAMC,EAAiBD,EAAa,YACpC,MAAO,CACH,YAAaC,EAAe,YAC5B,gBAAiBA,EAAe,gBAChC,aAAcA,EAAe,aAC7B,UAAWA,EAAe,UAC1B,WAAAF,CACJ,CACJ,OACOG,EAAO,CACV,GAAIA,EAAM,OAAS,wBAAyB,CACxC,IAAMC,EAAYD,EAAM,MACpBE,EACJ,OAAQD,EAAW,CACf,IAAK,gBACDC,EAAU,mDACV,MACJ,IAAK,2BACDA,EACI,oHACJ,MACJ,IAAK,2BACDA,EACI,mIACJ,MACJ,QACIA,EAAU,4BAA4B,OAAOF,CAAK,CAAC,8CAC3D,CACA,MAAM,IAAIrB,EAAyBuB,EAAS,CAAE,OAAQ,KAAK,OAAQ,YAAa,EAAM,CAAC,CAC3F,CACA,MAAM,IAAIvB,EAAyB,4BAA4B,OAAOqB,CAAK,CAAC,2CAA4C,CAAE,OAAQ,KAAK,MAAO,CAAC,CACnJ,CACJ,CACA,MAAM,WAAY,CACd,IAAMG,EAAgB,KAAK,iBAAiB,EAC5C,GAAI,CACA,IAAIC,EACJ,GAAI,CACAA,EAAY,MAAMC,EAASF,EAAe,CAAE,YAAa,KAAK,MAAM,WAAY,CAAC,CACrF,MACM,CACFC,EAAY,MAAME,EAAG,SAASH,EAAe,MAAM,CACvD,CACA,IAAMzB,EAAQ,KAAK,MAAM0B,CAAS,EAC5BG,EAAgB,CAAC,cAAe,WAAY,eAAgB,SAAS,EAAE,OAAQC,GAAM,CAAC9B,EAAM8B,CAAC,CAAC,EAIpG,GAHK9B,EAAM,aAAa,WACpB6B,EAAc,KAAK,WAAW,EAE9BA,EAAc,OAAS,EACvB,MAAM,IAAI5B,EAAyB,4CAA4C4B,EAAc,KAAK,IAAI,CAAC,GAAI,CACvG,OAAQ,KAAK,OACb,YAAa,EACjB,CAAC,EAEL,OAAO7B,CACX,OACOsB,EAAO,CACV,MAAM,IAAIrB,EAAyB,6BAA6BwB,CAAa,KAAK,OAAOH,CAAK,CAAC,GAAI,CAC/F,OAAQ,KAAK,OACb,YAAa,EACjB,CAAC,CACL,CACJ,CACA,MAAM,UAAUtB,EAAO,CACnB,IAAMyB,EAAgB,KAAK,iBAAiB,EACtCM,EAAYC,GAAQP,CAAa,EACvC,GAAI,CACA,MAAMG,EAAG,MAAMG,EAAW,CAAE,UAAW,EAAK,CAAC,CACjD,MACc,CACd,CACA,MAAMH,EAAG,UAAUH,EAAe,KAAK,UAAUzB,EAAO,KAAM,CAAC,EAAG,MAAM,CAC5E,CACA,kBAAmB,CACf,IAAM+B,EAAY,QAAQ,IAAI,2BAA6BE,EAAKC,GAAQ,EAAG,OAAQ,QAAS,OAAO,EAC7FC,EAAoB,OAAO,KAAK,KAAK,aAAc,MAAM,EACzDC,EAAqBC,EAAW,QAAQ,EAAE,OAAOF,CAAiB,EAAE,OAAO,KAAK,EACtF,OAAOF,EAAKF,EAAW,GAAGK,CAAkB,OAAO,CACvD,CACA,kBAAkBE,EAAc,CAC5B,IAAIC,EAAS,EACb,GAAID,EAAaC,CAAM,IAAM,EACzB,MAAM,IAAI,MAAM,uBAAuB,EAE3CA,IACA,IAAMC,EAAUF,EAAaC,GAAQ,EACjCE,EAAIH,EAAa,SAASC,EAAQA,EAASC,CAAO,EAEtD,GADAD,GAAUC,EACNF,EAAaC,CAAM,IAAM,EACzB,MAAM,IAAI,MAAM,uBAAuB,EAE3CA,IACA,IAAMG,EAAUJ,EAAaC,GAAQ,EACjCI,EAAIL,EAAa,SAASC,EAAQA,EAASG,CAAO,EACtDD,EAAIA,EAAE,CAAC,IAAM,EAAOA,EAAE,SAAS,CAAC,EAAIA,EACpCE,EAAIA,EAAE,CAAC,IAAM,EAAOA,EAAE,SAAS,CAAC,EAAIA,EACpC,IAAMC,EAAU,OAAO,OAAO,CAAC,OAAO,MAAM,GAAKH,EAAE,MAAM,EAAGA,CAAC,CAAC,EACxDI,EAAU,OAAO,OAAO,CAAC,OAAO,MAAM,GAAKF,EAAE,MAAM,EAAGA,CAAC,CAAC,EAC9D,OAAO,OAAO,OAAO,CAACC,EAASC,CAAO,CAAC,CAC3C,CACA,sBAAsBC,EAAiB,CACnCA,EAAgB,IAAKC,GAAS,MAAOC,GAAS,CAC1C,GAAIC,EAAY,WAAWD,EAAK,OAAO,EAAG,CACtC,IAAME,EAAUF,EAAK,QACfG,EAAiB,GAAGD,EAAQ,QAAQ,KAAKA,EAAQ,QAAQ,GAAGA,EAAQ,KAAO,IAAIA,EAAQ,IAAI,GAAK,EAAE,GAAGA,EAAQ,IAAI,GACjHE,EAAO,MAAM,KAAK,aAAaF,EAAQ,OAAQC,CAAc,EACnED,EAAQ,QAAU,CACd,GAAGA,EAAQ,QACX,KAAME,CACV,CACJ,CACA,OAAOL,EAAKC,CAAI,CACpB,EAAG,CACC,KAAM,kBACN,KAAM,kBACN,SAAU,EACd,CAAC,CACL,CACA,MAAM,aAAaK,EAAS,OAAQC,EAAU,CAC1C,IAAMtD,EAAQ,MAAM,KAAK,UAAU,EACnC,GAAI,CACA,IAAMuD,EAAaC,EAAiB,CAChC,IAAKxD,EAAM,QACX,OAAQ,MACR,KAAM,MACV,CAAC,EAEKyD,EADYC,EAAgBH,CAAU,EAChB,OAAO,CAAE,OAAQ,MAAO,KAAM,MAAO,CAAC,EAC9DI,EAAa,GACjB,QAASC,EAAI,EAAGA,EAAIH,EAAU,OAAQG,IAClC,GAAIH,EAAUG,CAAC,IAAM,EAAM,CACvBD,EAAaC,EACb,KACJ,CAEJ,IAAMC,EAAIJ,EAAU,MAAME,EAAa,EAAGA,EAAa,EAAE,EACnDG,EAAIL,EAAU,MAAME,EAAa,GAAIA,EAAa,EAAE,EACpDI,EAAS,CACX,IAAK,QACL,IAAK,WACL,IAAK,CACD,IAAK,KACL,IAAK,QACL,EAAGF,EAAE,SAAS,WAAW,EACzB,EAAGC,EAAE,SAAS,WAAW,CAC7B,CACJ,EACME,EAAU,CACZ,IAAK,OAAO,WAAW,EACvB,IAAKX,EACL,IAAKC,EACL,IAAK,KAAK,MAAM,KAAK,IAAI,EAAI,GAAI,CACrC,EACMW,EAAY,OAAO,KAAK,KAAK,UAAUF,CAAM,CAAC,EAAE,SAAS,WAAW,EACpEG,EAAa,OAAO,KAAK,KAAK,UAAUF,CAAO,CAAC,EAAE,SAAS,WAAW,EACtExC,EAAU,GAAGyC,CAAS,IAAIC,CAAU,GACpCC,EAAgBC,GAAK,SAAU,OAAO,KAAK5C,CAAO,EAAG+B,CAAU,EAE/Dc,EADe,KAAK,kBAAkBF,CAAa,EACvB,SAAS,WAAW,EACtD,MAAO,GAAG3C,CAAO,IAAI6C,CAAY,EACrC,OACO/C,EAAO,CACV,MAAM,IAAIrB,EAAyB,kCAAkCqB,aAAiB,MAAQA,EAAM,QAAU,OAAOA,CAAK,CAAC,GAAI,CAAE,OAAQ,KAAK,OAAQ,YAAa,EAAM,CAAC,CAC9K,CACJ,CACJ,ECjQO,IAAMgD,EAAuBC,EAACC,GAAS,MAAO,CAAE,mBAAAC,CAAmB,EAAI,CAAC,IAAM,CACjFD,GAAM,QAAQ,QAAQ,sDAAsD,EAC5E,IAAME,EAAW,MAAMC,EAAgBH,GAAQ,CAAC,CAAC,EAC3CI,EAAcC,EAAe,CAC/B,QAASL,GAAM,SAAWC,GAAoB,OAClD,CAAC,EACKK,EAAUJ,EAASE,CAAW,EACpC,GAAI,CAACE,GAAS,cACV,MAAM,IAAIC,EAAyB,WAAWH,CAAW,mCAAoC,CACzF,YAAa,GACb,OAAQJ,GAAM,MAClB,CAAC,EAGL,IAAMQ,EAAc,MADJ,IAAIC,EAAwBH,EAASN,EAAMC,CAAkB,EAC3C,gBAAgB,EAClD,OAAOS,EAAqBF,EAAa,oBAAqB,IAAI,CACtE,EAhBoC,wBCF7B,IAAMG,EAAiBC,EAACC,GACpB,GAAQA,GAAQA,EAAK,eADF,kBAGjBC,EAA0BF,EAAA,MAAOG,EAAaC,EAASC,IAAuB,CACvF,IAAMC,EAAc,MAAMC,EAAqB,CAC3C,GAAGH,EACH,QAASD,CACb,CAAC,EAAE,CAAE,mBAAAE,CAAmB,CAAC,EACzB,OAAOG,EAAqBF,EAAa,4BAA6B,IAAI,CAC9E,EANuC,2BCJhC,IAAMG,EAAmBC,EAACC,GAAQ,EAAQA,GAAQ,OAAOA,GAAQ,UAAY,OAAOA,EAAI,oBAAuB,SAAtF,oBACnBC,EAA4BF,EAAA,MAAOG,EAASC,IAAY,OAAO,uBAAsC,EAAE,KAAK,CAAC,CAAE,YAAAC,CAAY,IAAMA,EAAY,CACtJ,GAAGF,EACH,QAAAC,CACJ,CAAC,EAAE,EAAE,KAAME,GAAUC,EAAqBD,EAAO,8BAA+B,GAAG,CAAC,CAAC,EAH5C,6BCDlC,IAAME,EAAwBC,EAAA,MAAOC,EAASC,EAAaC,EAAU,CAAC,EAAGC,IAAuB,CACnG,GAAM,CAAE,QAAAC,CAAQ,EAAI,KAAM,QAAO,uBAAkC,EACnE,OAAOA,EAAQ,CACX,QAAAJ,EACA,OAAQE,EAAQ,OAChB,mBAAoBA,EAAQ,mBAC5B,aAAcA,EAAQ,YAC1B,CAAC,EAAE,CACC,mBAAAC,CACJ,CAAC,EAAE,KAAME,GACDJ,EAAY,YACLK,EAAqBD,EAAO,0BAA2B,GAAG,EAG1DC,EAAqBD,EAAO,iCAAkC,GAAG,CAE/E,CACL,EAjBqC,yBAkBxBE,EAAeR,EAACS,GAAQA,IAChC,OAAOA,EAAI,eAAkB,UAC1B,OAAOA,EAAI,gBAAmB,UAC9B,OAAOA,EAAI,aAAgB,UAC3B,OAAOA,EAAI,YAAe,UAC1B,OAAOA,EAAI,eAAkB,UALT,gBClBrB,IAAMC,EAAuBC,EAACC,GAAQ,EAAQA,GACjD,OAAOA,GAAQ,UACf,OAAOA,EAAI,mBAAsB,UACjC,OAAOA,EAAI,uBAA0B,UACrC,CAAC,YAAa,QAAQ,EAAE,QAAQ,OAAOA,EAAI,iBAAiB,EAAI,IAChE,CAAC,YAAa,QAAQ,EAAE,QAAQ,OAAOA,EAAI,cAAc,EAAI,GAL7B,wBAMvBC,EAA2BF,EAAA,MAAOG,EAASC,IAAY,CAChEA,GAAS,QAAQ,MAAM,6DAA6D,EACpF,IAAMC,EAAc,CAChB,YAAaF,EAAQ,kBACrB,gBAAiBA,EAAQ,sBACzB,aAAcA,EAAQ,kBACtB,GAAIA,EAAQ,sBAAwB,CAAE,gBAAiBA,EAAQ,oBAAqB,EACpF,GAAIA,EAAQ,gBAAkB,CAAE,UAAWA,EAAQ,cAAe,CACtE,EACA,OAAOG,EAAqBD,EAAa,sBAAuB,GAAG,CACvE,EAVwC,4BCNjC,IAAME,EAAuBC,EAACC,GAAQ,EAAQA,GACjD,OAAOA,GAAQ,UACf,OAAOA,EAAI,yBAA4B,UACvC,OAAOA,EAAI,UAAa,UACxB,CAAC,YAAa,QAAQ,EAAE,QAAQ,OAAOA,EAAI,iBAAiB,EAAI,GAJhC,wBAKvBC,EAAgCF,EAAA,MAAOG,EAASC,EAASC,IAAuB,OAAO,uBAA2C,EAAE,KAAK,CAAC,CAAE,cAAAC,CAAc,IAAMA,EAAc,CACvL,qBAAsBH,EAAQ,wBAC9B,QAASA,EAAQ,SACjB,gBAAiBA,EAAQ,kBACzB,2BAA4BC,EAAQ,2BACpC,OAAQA,EAAQ,OAChB,mBAAoBA,EAAQ,kBAChC,CAAC,EAAE,CACC,mBAAAC,CACJ,CAAC,EAAE,KAAME,GAAUC,EAAqBD,EAAO,uCAAwC,GAAG,CAAC,CAAC,EAT/C,iCCCtC,IAAME,EAAqBC,EAAA,MAAOC,EAAaC,EAAUC,EAASC,EAAoBC,EAAkB,CAAC,EAAGC,EAA4B,KAAU,CACrJ,IAAMC,EAAOL,EAASD,CAAW,EACjC,GAAI,OAAO,KAAKI,CAAe,EAAE,OAAS,GAAKG,EAAqBD,CAAI,EACpE,OAAOE,EAAyBF,EAAMJ,CAAO,EAEjD,GAAIG,GAA6BI,EAAoBH,EAAM,CAAE,QAASN,EAAa,OAAQE,EAAQ,MAAO,CAAC,EACvG,OAAOQ,EAA6BV,EAAaC,EAAUC,EAASC,EAAoBC,EAAiBN,CAAkB,EAE/H,GAAIS,EAAqBD,CAAI,EACzB,OAAOE,EAAyBF,EAAMJ,CAAO,EAEjD,GAAIS,EAAqBL,CAAI,EACzB,OAAOM,EAA8BN,EAAMJ,EAASC,CAAkB,EAE1E,GAAIU,EAAiBP,CAAI,EACrB,OAAOQ,EAA0BZ,EAASF,CAAW,EAEzD,GAAIe,EAAaT,CAAI,EACjB,OAAO,MAAMU,EAAsBhB,EAAaM,EAAMJ,EAASC,CAAkB,EAErF,GAAIc,EAAeX,CAAI,EACnB,OAAOY,EAAwBlB,EAAaE,EAASC,CAAkB,EAE3E,MAAM,IAAIgB,EAAyB,iDAAiDnB,CAAW,0CAA2C,CAAE,OAAQE,EAAQ,MAAO,CAAC,CACxK,EAxBkC,sBCL3B,IAAMkB,GAAUC,EAAA,CAACC,EAAO,CAAC,IAAM,MAAO,CAAE,mBAAAC,CAAmB,EAAI,CAAC,IAAM,CACzED,EAAK,QAAQ,MAAM,4CAA4C,EAC/D,IAAME,EAAW,MAAMC,EAAgBH,CAAI,EAC3C,OAAOI,EAAmBC,EAAe,CACrC,QAASL,EAAK,SAAWC,GAAoB,OACjD,CAAC,EAAGC,EAAUF,EAAMC,CAAkB,CAC1C,EANuB",
6
+ "names": ["resolveCredentialSource", "__name", "credentialSource", "profileName", "logger", "sourceProvidersMap", "options", "fromHttp", "fromContainerMetadata", "chain", "setNamedProvider", "fromInstanceMetadata", "fromEnv", "CredentialsProviderError", "creds", "setCredentialFeature", "isAssumeRoleProfile", "__name", "arg", "profile", "logger", "isAssumeRoleWithSourceProfile", "isCredentialSourceProfile", "withSourceProfile", "withProviderProfile", "resolveAssumeRoleCredentials", "profileName", "profiles", "options", "callerClientConfig", "visitedProfiles", "resolveProfileData", "profileData", "source_profile", "region", "getDefaultRoleAssumer", "CredentialsProviderError", "getProfileName", "sourceCredsProvider", "isCredentialSourceWithoutRoleArn", "resolveCredentialSource", "creds", "setCredentialFeature", "params", "mfa_serial", "sourceCreds", "section", "createHash", "createPrivateKey", "createPublicKey", "sign", "fs", "homedir", "dirname", "join", "LoginCredentialsFetcher", "_LoginCredentialsFetcher", "__name", "profileData", "init", "callerClientConfig", "token", "CredentialsProviderError", "accessToken", "now", "SigninClient", "CreateOAuth2TokenCommand", "logger", "userAgentAppId", "requestHandler", "region", "client", "commandInput", "response", "accessKeyId", "secretAccessKey", "sessionToken", "refreshToken", "expiresIn", "expiresInMs", "expiration", "updatedToken", "newAccessToken", "error", "errorType", "message", "tokenFilePath", "tokenData", "readFile", "fs", "missingFields", "k", "directory", "dirname", "join", "homedir", "loginSessionBytes", "loginSessionSha256", "createHash", "derSignature", "offset", "rLength", "r", "sLength", "s", "rPadded", "sPadded", "middlewareStack", "next", "args", "HttpRequest", "request", "actualEndpoint", "dpop", "method", "endpoint", "privateKey", "createPrivateKey", "publicDer", "createPublicKey", "pointStart", "i", "x", "y", "header", "payload", "headerB64", "payloadB64", "asn1Signature", "sign", "signatureB64", "fromLoginCredentials", "__name", "init", "callerClientConfig", "profiles", "parseKnownFiles", "profileName", "getProfileName", "profile", "CredentialsProviderError", "credentials", "LoginCredentialsFetcher", "setCredentialFeature", "isLoginProfile", "__name", "data", "resolveLoginCredentials", "profileName", "options", "callerClientConfig", "credentials", "fromLoginCredentials", "setCredentialFeature", "isProcessProfile", "__name", "arg", "resolveProcessCredentials", "options", "profile", "fromProcess", "creds", "setCredentialFeature", "resolveSsoCredentials", "__name", "profile", "profileData", "options", "callerClientConfig", "fromSSO", "creds", "setCredentialFeature", "isSsoProfile", "arg", "isStaticCredsProfile", "__name", "arg", "resolveStaticCredentials", "profile", "options", "credentials", "setCredentialFeature", "isWebIdentityProfile", "__name", "arg", "resolveWebIdentityCredentials", "profile", "options", "callerClientConfig", "fromTokenFile", "creds", "setCredentialFeature", "resolveProfileData", "__name", "profileName", "profiles", "options", "callerClientConfig", "visitedProfiles", "isAssumeRoleRecursiveCall", "data", "isStaticCredsProfile", "resolveStaticCredentials", "isAssumeRoleProfile", "resolveAssumeRoleCredentials", "isWebIdentityProfile", "resolveWebIdentityCredentials", "isProcessProfile", "resolveProcessCredentials", "isSsoProfile", "resolveSsoCredentials", "isLoginProfile", "resolveLoginCredentials", "CredentialsProviderError", "fromIni", "__name", "init", "callerClientConfig", "profiles", "parseKnownFiles", "resolveProfileData", "getProfileName"]
7
+ }
package/handler/dist-es-L65AGSLX.js ADDED
@@ -0,0 +1,3 @@
1
+ /* CommonJS polyfills */import { fileURLToPath } from 'node:url';import { createRequire } from 'node:module';const __filename = fileURLToPath(import.meta.url);const __dirname = fileURLToPath(new URL('.', import.meta.url));const require = createRequire(import.meta.url);/* end of CommonJS polyfills */
2
+ import{b as y,c as j,d as E,g as A,h as I}from"./chunk-NHK4IEJM.js";import{a as P}from"./chunk-7HH7JLQT.js";import{a as H,b as f}from"./chunk-IIV4KUZH.js";import{a as o}from"./chunk-K7I7SIAE.js";var g=class e extends H{static{o(this,"TokenProviderError")}name="TokenProviderError";constructor(s,r=!0){super(s,r),Object.setPrototypeOf(this,e.prototype)}};var U=o(e=>e&&(typeof e.sso_start_url=="string"||typeof e.sso_account_id=="string"||typeof e.sso_session=="string"||typeof e.sso_region=="string"||typeof e.sso_role_name=="string"),"isSsoProfile");var _="To refresh this SSO session run 'aws sso login' with the corresponding profile.";var q=o(async(e,s={},r)=>{let{SSOOIDCClient:n}=await import("./sso-oidc-OXHEJLP6.js"),i=o(p=>s.clientConfig?.[p]??s.parentClientConfig?.[p]??r?.[p],"coalesce");return new n(Object.assign({},s.clientConfig??{},{region:e??s.clientConfig?.region,logger:i("logger"),userAgentAppId:i("userAgentAppId")}))},"getSsoOidcClient");var W=o(async(e,s,r={},n)=>{let{CreateTokenCommand:i}=await import("./sso-oidc-OXHEJLP6.js");return(await q(s,r,n)).send(new i({clientId:e.clientId,clientSecret:e.clientSecret,refreshToken:e.refreshToken,grantType:"refresh_token"}))},"getNewSsoOidcToken");var v=o(e=>{if(e.expiration&&e.expiration.getTime()<Date.now())throw new g(`Token is expired. ${_}`,!1)},"validateTokenExpiry");var m=o((e,s,r=!1)=>{if(typeof s>"u")throw new g(`Value not present for '${e}' in SSO Token${r?". Cannot refresh":""}. ${_}`,!1)},"validateTokenKey");import{promises as B}from"fs";var{writeFile:Q}=B,X=o((e,s)=>{let r=j(e),n=JSON.stringify(s,null,2);return Q(r,n)},"writeSSOTokenToFile");var z=new Date(0),J=o((e={})=>async({callerClientConfig:s}={})=>{e.logger?.debug("@aws-sdk/token-providers - fromSso");let r=await I(e),n=y({profile:e.profile??s?.profile}),i=r[n];if(i){if(!i.sso_session)throw new g(`Profile '${n}' is missing required property 'sso_session'.`)}else throw new g(`Profile '${n}' could not be found in shared credentials file.`,!1);let l=i.sso_session,S=(await A(e))[l];if(!S)throw new g(`Sso session '${l}' could not be found in shared credentials file.`,!1);for(let a of["sso_start_url","sso_region"])if(!S[a])throw new g(`Sso session '${l}' is missing required property '${a}'.`,!1);let d=S.sso_start_url,C=S.sso_region,t;try{t=await E(l)}catch{throw new g(`The SSO session token associated with profile=${n} was not found or is invalid. ${_}`,!1)}m("accessToken",t.accessToken),m("expiresAt",t.expiresAt);let{accessToken:k,expiresAt:T}=t,c={token:k,expiration:new Date(T)};if(c.expiration.getTime()-Date.now()>3e5)return c;if(Date.now()-z.getTime()<30*1e3)return v(c),c;m("clientId",t.clientId,!0),m("clientSecret",t.clientSecret,!0),m("refreshToken",t.refreshToken,!0);try{z.setTime(Date.now());let a=await W(t,C,e,s);m("accessToken",a.accessToken),m("expiresIn",a.expiresIn);let w=new Date(Date.now()+a.expiresIn*1e3);try{await X(l,{...t,accessToken:a.accessToken,expiresAt:w.toISOString(),refreshToken:a.refreshToken})}catch{}return{token:a.accessToken,expiration:w}}catch{return v(c),c}},"fromSso");var x=!1,D=o(async({ssoStartUrl:e,ssoSession:s,ssoAccountId:r,ssoRegion:n,ssoRoleName:i,ssoClient:l,clientConfig:p,parentClientConfig:S,callerClientConfig:d,profile:C,filepath:t,configFilepath:k,ignoreCache:T,logger:c})=>{let a,w="To refresh this SSO session run aws sso login with the corresponding profile.";if(s)try{let h=await J({profile:C,filepath:t,configFilepath:k,ignoreCache:T})();a={accessToken:h.token,expiresAt:new Date(h.expiration).toISOString()}}catch(h){throw new f(h.message,{tryNextLink:x,logger:c})}else try{a=await E(e)}catch{throw new f(`The SSO session associated with this profile is invalid. ${w}`,{tryNextLink:x,logger:c})}if(new Date(a.expiresAt).getTime()-Date.now()<=0)throw new f(`The SSO session associated with this profile has expired. ${w}`,{tryNextLink:x,logger:c});let{accessToken:N}=a,{SSOClient:u,GetRoleCredentialsCommand:O}=await import("./loadSso-JSPP6LHU.js"),Y=l||new u(Object.assign({},p??{},{logger:p?.logger??d?.logger??S?.logger,region:p?.region??n,userAgentAppId:p?.userAgentAppId??d?.userAgentAppId??S?.userAgentAppId})),F;try{F=await Y.send(new O({accountId:r,roleName:i,accessToken:N}))}catch(h){throw new f(h,{tryNextLink:x,logger:c})}let{roleCredentials:{accessKeyId:$,secretAccessKey:L,sessionToken:b,expiration:M,credentialScope:G,accountId:K}={}}=F;if(!$||!L||!b||!M)throw new f("SSO returns an invalid temporary credential.",{tryNextLink:x,logger:c});let R={accessKeyId:$,secretAccessKey:L,sessionToken:b,expiration:new Date(M),...G&&{credentialScope:G},...K&&{accountId:K}};return s?P(R,"CREDENTIALS_SSO","s"):P(R,"CREDENTIALS_SSO_LEGACY","u"),R},"resolveSSOCredentials");var V=o((e,s)=>{let{sso_start_url:r,sso_account_id:n,sso_region:i,sso_role_name:l}=e;if(!r||!n||!i||!l)throw new f(`Profile is configured with invalid SSO credentials. Required parameters "sso_account_id", "sso_region", "sso_role_name", "sso_start_url". Got ${Object.keys(e).join(", ")}
3
+ Reference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`,{tryNextLink:!1,logger:s});return e},"validateSsoProfile");var Xe=o((e={})=>async({callerClientConfig:s}={})=>{e.logger?.debug("@aws-sdk/credential-provider-sso - fromSSO");let{ssoStartUrl:r,ssoAccountId:n,ssoRegion:i,ssoRoleName:l,ssoSession:p}=e,{ssoClient:S}=e,d=y({profile:e.profile??s?.profile});if(!r&&!n&&!i&&!l&&!p){let t=(await I(e))[d];if(!t)throw new f(`Profile ${d} was not found.`,{logger:e.logger});if(!U(t))throw new f(`Profile ${d} is not configured with SSO credentials.`,{logger:e.logger});if(t?.sso_session){let u=(await A(e))[t.sso_session],O=` configurations in profile ${d} and sso-session ${t.sso_session}`;if(i&&i!==u.sso_region)throw new f("Conflicting SSO region"+O,{tryNextLink:!1,logger:e.logger});if(r&&r!==u.sso_start_url)throw new f("Conflicting SSO start_url"+O,{tryNextLink:!1,logger:e.logger});t.sso_region=u.sso_region,t.sso_start_url=u.sso_start_url}let{sso_start_url:k,sso_account_id:T,sso_region:c,sso_role_name:a,sso_session:w}=V(t,e.logger);return D({ssoStartUrl:k,ssoSession:w,ssoAccountId:T,ssoRegion:c,ssoRoleName:a,ssoClient:S,clientConfig:e.clientConfig,parentClientConfig:e.parentClientConfig,callerClientConfig:e.callerClientConfig,profile:d,filepath:e.filepath,configFilepath:e.configFilepath,ignoreCache:e.ignoreCache,logger:e.logger})}else{if(!r||!n||!i||!l)throw new f('Incomplete configuration. The fromSSO() argument hash must include "ssoStartUrl", "ssoAccountId", "ssoRegion", "ssoRoleName"',{tryNextLink:!1,logger:e.logger});return D({ssoStartUrl:r,ssoSession:p,ssoAccountId:n,ssoRegion:i,ssoRoleName:l,ssoClient:S,clientConfig:e.clientConfig,parentClientConfig:e.parentClientConfig,callerClientConfig:e.callerClientConfig,profile:d,filepath:e.filepath,configFilepath:e.configFilepath,ignoreCache:e.ignoreCache,logger:e.logger})}},"fromSSO");export{Xe as fromSSO,U as isSsoProfile,V as validateSsoProfile};
package/handler/dist-es-L65AGSLX.js.map ADDED
@@ -0,0 +1,7 @@
1
+ {
2
+ "version": 3,
3
+ "sources": ["../../../node_modules/.bun/@smithy+property-provider@4.2.8/node_modules/@smithy/property-provider/dist-es/TokenProviderError.js", "../../../node_modules/.bun/@aws-sdk+credential-provider-sso@3.972.8/node_modules/@aws-sdk/credential-provider-sso/dist-es/isSsoProfile.js", "../../../node_modules/.bun/@aws-sdk+token-providers@3.990.0/node_modules/@aws-sdk/token-providers/dist-es/constants.js", "../../../node_modules/.bun/@aws-sdk+token-providers@3.990.0/node_modules/@aws-sdk/token-providers/dist-es/getSsoOidcClient.js", "../../../node_modules/.bun/@aws-sdk+token-providers@3.990.0/node_modules/@aws-sdk/token-providers/dist-es/getNewSsoOidcToken.js", "../../../node_modules/.bun/@aws-sdk+token-providers@3.990.0/node_modules/@aws-sdk/token-providers/dist-es/validateTokenExpiry.js", "../../../node_modules/.bun/@aws-sdk+token-providers@3.990.0/node_modules/@aws-sdk/token-providers/dist-es/validateTokenKey.js", "../../../node_modules/.bun/@aws-sdk+token-providers@3.990.0/node_modules/@aws-sdk/token-providers/dist-es/writeSSOTokenToFile.js", "../../../node_modules/.bun/@aws-sdk+token-providers@3.990.0/node_modules/@aws-sdk/token-providers/dist-es/fromSso.js", "../../../node_modules/.bun/@aws-sdk+credential-provider-sso@3.972.8/node_modules/@aws-sdk/credential-provider-sso/dist-es/resolveSSOCredentials.js", "../../../node_modules/.bun/@aws-sdk+credential-provider-sso@3.972.8/node_modules/@aws-sdk/credential-provider-sso/dist-es/validateSsoProfile.js", "../../../node_modules/.bun/@aws-sdk+credential-provider-sso@3.972.8/node_modules/@aws-sdk/credential-provider-sso/dist-es/fromSSO.js"],
4
+ "sourcesContent": ["import { ProviderError } from \"./ProviderError\";\nexport class TokenProviderError extends ProviderError {\n name = \"TokenProviderError\";\n constructor(message, options = true) {\n super(message, options);\n Object.setPrototypeOf(this, TokenProviderError.prototype);\n }\n}\n", "export const isSsoProfile = (arg) => arg &&\n (typeof arg.sso_start_url === \"string\" ||\n typeof arg.sso_account_id === \"string\" ||\n typeof arg.sso_session === \"string\" ||\n typeof arg.sso_region === \"string\" ||\n typeof arg.sso_role_name === \"string\");\n", "export const EXPIRE_WINDOW_MS = 5 * 60 * 1000;\nexport const REFRESH_MESSAGE = `To refresh this SSO session run 'aws sso login' with the corresponding profile.`;\n", "export const getSsoOidcClient = async (ssoRegion, init = {}, callerClientConfig) => {\n const { SSOOIDCClient } = await import(\"@aws-sdk/nested-clients/sso-oidc\");\n const coalesce = (prop) => init.clientConfig?.[prop] ?? init.parentClientConfig?.[prop] ?? callerClientConfig?.[prop];\n const ssoOidcClient = new SSOOIDCClient(Object.assign({}, init.clientConfig ?? {}, {\n region: ssoRegion ?? init.clientConfig?.region,\n logger: coalesce(\"logger\"),\n userAgentAppId: coalesce(\"userAgentAppId\"),\n }));\n return ssoOidcClient;\n};\n", "import { getSsoOidcClient } from \"./getSsoOidcClient\";\nexport const getNewSsoOidcToken = async (ssoToken, ssoRegion, init = {}, callerClientConfig) => {\n const { CreateTokenCommand } = await import(\"@aws-sdk/nested-clients/sso-oidc\");\n const ssoOidcClient = await getSsoOidcClient(ssoRegion, init, callerClientConfig);\n return ssoOidcClient.send(new CreateTokenCommand({\n clientId: ssoToken.clientId,\n clientSecret: ssoToken.clientSecret,\n refreshToken: ssoToken.refreshToken,\n grantType: \"refresh_token\",\n }));\n};\n", "import { TokenProviderError } from \"@smithy/property-provider\";\nimport { REFRESH_MESSAGE } from \"./constants\";\nexport const validateTokenExpiry = (token) => {\n if (token.expiration && token.expiration.getTime() < Date.now()) {\n throw new TokenProviderError(`Token is expired. ${REFRESH_MESSAGE}`, false);\n }\n};\n", "import { TokenProviderError } from \"@smithy/property-provider\";\nimport { REFRESH_MESSAGE } from \"./constants\";\nexport const validateTokenKey = (key, value, forRefresh = false) => {\n if (typeof value === \"undefined\") {\n throw new TokenProviderError(`Value not present for '${key}' in SSO Token${forRefresh ? \". Cannot refresh\" : \"\"}. ${REFRESH_MESSAGE}`, false);\n }\n};\n", "import { getSSOTokenFilepath } from \"@smithy/shared-ini-file-loader\";\nimport { promises as fsPromises } from \"fs\";\nconst { writeFile } = fsPromises;\nexport const writeSSOTokenToFile = (id, ssoToken) => {\n const tokenFilepath = getSSOTokenFilepath(id);\n const tokenString = JSON.stringify(ssoToken, null, 2);\n return writeFile(tokenFilepath, tokenString);\n};\n", "import { TokenProviderError } from \"@smithy/property-provider\";\nimport { getProfileName, getSSOTokenFromFile, loadSsoSessionData, parseKnownFiles, } from \"@smithy/shared-ini-file-loader\";\nimport { EXPIRE_WINDOW_MS, REFRESH_MESSAGE } from \"./constants\";\nimport { getNewSsoOidcToken } from \"./getNewSsoOidcToken\";\nimport { validateTokenExpiry } from \"./validateTokenExpiry\";\nimport { validateTokenKey } from \"./validateTokenKey\";\nimport { writeSSOTokenToFile } from \"./writeSSOTokenToFile\";\nconst lastRefreshAttemptTime = new Date(0);\nexport const fromSso = (init = {}) => async ({ callerClientConfig } = {}) => {\n init.logger?.debug(\"@aws-sdk/token-providers - fromSso\");\n const profiles = await parseKnownFiles(init);\n const profileName = getProfileName({\n profile: init.profile ?? callerClientConfig?.profile,\n });\n const profile = profiles[profileName];\n if (!profile) {\n throw new TokenProviderError(`Profile '${profileName}' could not be found in shared credentials file.`, false);\n }\n else if (!profile[\"sso_session\"]) {\n throw new TokenProviderError(`Profile '${profileName}' is missing required property 'sso_session'.`);\n }\n const ssoSessionName = profile[\"sso_session\"];\n const ssoSessions = await loadSsoSessionData(init);\n const ssoSession = ssoSessions[ssoSessionName];\n if (!ssoSession) {\n throw new TokenProviderError(`Sso session '${ssoSessionName}' could not be found in shared credentials file.`, false);\n }\n for (const ssoSessionRequiredKey of [\"sso_start_url\", \"sso_region\"]) {\n if (!ssoSession[ssoSessionRequiredKey]) {\n throw new TokenProviderError(`Sso session '${ssoSessionName}' is missing required property '${ssoSessionRequiredKey}'.`, false);\n }\n }\n const ssoStartUrl = ssoSession[\"sso_start_url\"];\n const ssoRegion = ssoSession[\"sso_region\"];\n let ssoToken;\n try {\n ssoToken = await getSSOTokenFromFile(ssoSessionName);\n }\n catch (e) {\n throw new TokenProviderError(`The SSO session token associated with profile=${profileName} was not found or is invalid. ${REFRESH_MESSAGE}`, false);\n }\n validateTokenKey(\"accessToken\", ssoToken.accessToken);\n validateTokenKey(\"expiresAt\", ssoToken.expiresAt);\n const { accessToken, expiresAt } = ssoToken;\n const existingToken = { token: accessToken, expiration: new Date(expiresAt) };\n if (existingToken.expiration.getTime() - Date.now() > EXPIRE_WINDOW_MS) {\n return existingToken;\n }\n if (Date.now() - lastRefreshAttemptTime.getTime() < 30 * 1000) {\n validateTokenExpiry(existingToken);\n return existingToken;\n }\n validateTokenKey(\"clientId\", ssoToken.clientId, true);\n validateTokenKey(\"clientSecret\", ssoToken.clientSecret, true);\n validateTokenKey(\"refreshToken\", ssoToken.refreshToken, true);\n try {\n lastRefreshAttemptTime.setTime(Date.now());\n const newSsoOidcToken = await getNewSsoOidcToken(ssoToken, ssoRegion, init, callerClientConfig);\n validateTokenKey(\"accessToken\", newSsoOidcToken.accessToken);\n validateTokenKey(\"expiresIn\", newSsoOidcToken.expiresIn);\n const newTokenExpiration = new Date(Date.now() + newSsoOidcToken.expiresIn * 1000);\n try {\n await writeSSOTokenToFile(ssoSessionName, {\n ...ssoToken,\n accessToken: newSsoOidcToken.accessToken,\n expiresAt: newTokenExpiration.toISOString(),\n refreshToken: newSsoOidcToken.refreshToken,\n });\n }\n catch (error) {\n }\n return {\n token: newSsoOidcToken.accessToken,\n expiration: newTokenExpiration,\n };\n }\n catch (error) {\n validateTokenExpiry(existingToken);\n return existingToken;\n }\n};\n", "import { setCredentialFeature } from \"@aws-sdk/core/client\";\nimport { fromSso as getSsoTokenProvider } from \"@aws-sdk/token-providers\";\nimport { CredentialsProviderError } from \"@smithy/property-provider\";\nimport { getSSOTokenFromFile } from \"@smithy/shared-ini-file-loader\";\nconst SHOULD_FAIL_CREDENTIAL_CHAIN = false;\nexport const resolveSSOCredentials = async ({ ssoStartUrl, ssoSession, ssoAccountId, ssoRegion, ssoRoleName, ssoClient, clientConfig, parentClientConfig, callerClientConfig, profile, filepath, configFilepath, ignoreCache, logger, }) => {\n let token;\n const refreshMessage = `To refresh this SSO session run aws sso login with the corresponding profile.`;\n if (ssoSession) {\n try {\n const _token = await getSsoTokenProvider({\n profile,\n filepath,\n configFilepath,\n ignoreCache,\n })();\n token = {\n accessToken: _token.token,\n expiresAt: new Date(_token.expiration).toISOString(),\n };\n }\n catch (e) {\n throw new CredentialsProviderError(e.message, {\n tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,\n logger,\n });\n }\n }\n else {\n try {\n token = await getSSOTokenFromFile(ssoStartUrl);\n }\n catch (e) {\n throw new CredentialsProviderError(`The SSO session associated with this profile is invalid. ${refreshMessage}`, {\n tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,\n logger,\n });\n }\n }\n if (new Date(token.expiresAt).getTime() - Date.now() <= 0) {\n throw new CredentialsProviderError(`The SSO session associated with this profile has expired. ${refreshMessage}`, {\n tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,\n logger,\n });\n }\n const { accessToken } = token;\n const { SSOClient, GetRoleCredentialsCommand } = await import(\"./loadSso\");\n const sso = ssoClient ||\n new SSOClient(Object.assign({}, clientConfig ?? {}, {\n logger: clientConfig?.logger ?? callerClientConfig?.logger ?? parentClientConfig?.logger,\n region: clientConfig?.region ?? ssoRegion,\n userAgentAppId: clientConfig?.userAgentAppId ?? callerClientConfig?.userAgentAppId ?? parentClientConfig?.userAgentAppId,\n }));\n let ssoResp;\n try {\n ssoResp = await sso.send(new GetRoleCredentialsCommand({\n accountId: ssoAccountId,\n roleName: ssoRoleName,\n accessToken,\n }));\n }\n catch (e) {\n throw new CredentialsProviderError(e, {\n tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,\n logger,\n });\n }\n const { roleCredentials: { accessKeyId, secretAccessKey, sessionToken, expiration, credentialScope, accountId } = {}, } = ssoResp;\n if (!accessKeyId || !secretAccessKey || !sessionToken || !expiration) {\n throw new CredentialsProviderError(\"SSO returns an invalid temporary credential.\", {\n tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,\n logger,\n });\n }\n const credentials = {\n accessKeyId,\n secretAccessKey,\n sessionToken,\n expiration: new Date(expiration),\n ...(credentialScope && { credentialScope }),\n ...(accountId && { accountId }),\n };\n if (ssoSession) {\n setCredentialFeature(credentials, \"CREDENTIALS_SSO\", \"s\");\n }\n else {\n setCredentialFeature(credentials, \"CREDENTIALS_SSO_LEGACY\", \"u\");\n }\n return credentials;\n};\n", "import { CredentialsProviderError } from \"@smithy/property-provider\";\nexport const validateSsoProfile = (profile, logger) => {\n const { sso_start_url, sso_account_id, sso_region, sso_role_name } = profile;\n if (!sso_start_url || !sso_account_id || !sso_region || !sso_role_name) {\n throw new CredentialsProviderError(`Profile is configured with invalid SSO credentials. Required parameters \"sso_account_id\", ` +\n `\"sso_region\", \"sso_role_name\", \"sso_start_url\". Got ${Object.keys(profile).join(\", \")}\\nReference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`, { tryNextLink: false, logger });\n }\n return profile;\n};\n", "import { CredentialsProviderError } from \"@smithy/property-provider\";\nimport { getProfileName, loadSsoSessionData, parseKnownFiles } from \"@smithy/shared-ini-file-loader\";\nimport { isSsoProfile } from \"./isSsoProfile\";\nimport { resolveSSOCredentials } from \"./resolveSSOCredentials\";\nimport { validateSsoProfile } from \"./validateSsoProfile\";\nexport const fromSSO = (init = {}) => async ({ callerClientConfig } = {}) => {\n init.logger?.debug(\"@aws-sdk/credential-provider-sso - fromSSO\");\n const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoSession } = init;\n const { ssoClient } = init;\n const profileName = getProfileName({\n profile: init.profile ?? callerClientConfig?.profile,\n });\n if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName && !ssoSession) {\n const profiles = await parseKnownFiles(init);\n const profile = profiles[profileName];\n if (!profile) {\n throw new CredentialsProviderError(`Profile ${profileName} was not found.`, { logger: init.logger });\n }\n if (!isSsoProfile(profile)) {\n throw new CredentialsProviderError(`Profile ${profileName} is not configured with SSO credentials.`, {\n logger: init.logger,\n });\n }\n if (profile?.sso_session) {\n const ssoSessions = await loadSsoSessionData(init);\n const session = ssoSessions[profile.sso_session];\n const conflictMsg = ` configurations in profile ${profileName} and sso-session ${profile.sso_session}`;\n if (ssoRegion && ssoRegion !== session.sso_region) {\n throw new CredentialsProviderError(`Conflicting SSO region` + conflictMsg, {\n tryNextLink: false,\n logger: init.logger,\n });\n }\n if (ssoStartUrl && ssoStartUrl !== session.sso_start_url) {\n throw new CredentialsProviderError(`Conflicting SSO start_url` + conflictMsg, {\n tryNextLink: false,\n logger: init.logger,\n });\n }\n profile.sso_region = session.sso_region;\n profile.sso_start_url = session.sso_start_url;\n }\n const { sso_start_url, sso_account_id, sso_region, sso_role_name, sso_session } = validateSsoProfile(profile, init.logger);\n return resolveSSOCredentials({\n ssoStartUrl: sso_start_url,\n ssoSession: sso_session,\n ssoAccountId: sso_account_id,\n ssoRegion: sso_region,\n ssoRoleName: sso_role_name,\n ssoClient: ssoClient,\n clientConfig: init.clientConfig,\n parentClientConfig: init.parentClientConfig,\n callerClientConfig: init.callerClientConfig,\n profile: profileName,\n filepath: init.filepath,\n configFilepath: init.configFilepath,\n ignoreCache: init.ignoreCache,\n logger: init.logger,\n });\n }\n else if (!ssoStartUrl || !ssoAccountId || !ssoRegion || !ssoRoleName) {\n throw new CredentialsProviderError(\"Incomplete configuration. The fromSSO() argument hash must include \" +\n '\"ssoStartUrl\", \"ssoAccountId\", \"ssoRegion\", \"ssoRoleName\"', { tryNextLink: false, logger: init.logger });\n }\n else {\n return resolveSSOCredentials({\n ssoStartUrl,\n ssoSession,\n ssoAccountId,\n ssoRegion,\n ssoRoleName,\n ssoClient,\n clientConfig: init.clientConfig,\n parentClientConfig: init.parentClientConfig,\n callerClientConfig: init.callerClientConfig,\n profile: profileName,\n filepath: init.filepath,\n configFilepath: init.configFilepath,\n ignoreCache: init.ignoreCache,\n logger: init.logger,\n });\n }\n};\n"],
5
+ "mappings": ";mMACO,IAAMA,EAAN,MAAMC,UAA2BC,CAAc,CADtD,MACsD,CAAAC,EAAA,2BAClD,KAAO,qBACP,YAAYC,EAASC,EAAU,GAAM,CACjC,MAAMD,EAASC,CAAO,EACtB,OAAO,eAAe,KAAMJ,EAAmB,SAAS,CAC5D,CACJ,ECPO,IAAMK,EAAeC,EAACC,GAAQA,IAChC,OAAOA,EAAI,eAAkB,UAC1B,OAAOA,EAAI,gBAAmB,UAC9B,OAAOA,EAAI,aAAgB,UAC3B,OAAOA,EAAI,YAAe,UAC1B,OAAOA,EAAI,eAAkB,UALT,gBCCrB,IAAMC,EAAkB,kFCDxB,IAAMC,EAAmBC,EAAA,MAAOC,EAAWC,EAAO,CAAC,EAAGC,IAAuB,CAChF,GAAM,CAAE,cAAAC,CAAc,EAAI,KAAM,QAAO,wBAAkC,EACnEC,EAAWL,EAACM,GAASJ,EAAK,eAAeI,CAAI,GAAKJ,EAAK,qBAAqBI,CAAI,GAAKH,IAAqBG,CAAI,EAAnG,YAMjB,OALsB,IAAIF,EAAc,OAAO,OAAO,CAAC,EAAGF,EAAK,cAAgB,CAAC,EAAG,CAC/E,OAAQD,GAAaC,EAAK,cAAc,OACxC,OAAQG,EAAS,QAAQ,EACzB,eAAgBA,EAAS,gBAAgB,CAC7C,CAAC,CAAC,CAEN,EATgC,oBCCzB,IAAME,EAAqBC,EAAA,MAAOC,EAAUC,EAAWC,EAAO,CAAC,EAAGC,IAAuB,CAC5F,GAAM,CAAE,mBAAAC,CAAmB,EAAI,KAAM,QAAO,wBAAkC,EAE9E,OADsB,MAAMC,EAAiBJ,EAAWC,EAAMC,CAAkB,GAC3D,KAAK,IAAIC,EAAmB,CAC7C,SAAUJ,EAAS,SACnB,aAAcA,EAAS,aACvB,aAAcA,EAAS,aACvB,UAAW,eACf,CAAC,CAAC,CACN,EATkC,sBCC3B,IAAMM,EAAsBC,EAACC,GAAU,CAC1C,GAAIA,EAAM,YAAcA,EAAM,WAAW,QAAQ,EAAI,KAAK,IAAI,EAC1D,MAAM,IAAIC,EAAmB,qBAAqBC,CAAe,GAAI,EAAK,CAElF,EAJmC,uBCA5B,IAAMC,EAAmBC,EAAA,CAACC,EAAKC,EAAOC,EAAa,KAAU,CAChE,GAAI,OAAOD,EAAU,IACjB,MAAM,IAAIE,EAAmB,0BAA0BH,CAAG,iBAAiBE,EAAa,mBAAqB,EAAE,KAAKE,CAAe,GAAI,EAAK,CAEpJ,EAJgC,oBCDhC,OAAS,YAAYC,MAAkB,KACvC,GAAM,CAAE,UAAAC,CAAU,EAAIC,EACTC,EAAsBC,EAAA,CAACC,EAAIC,IAAa,CACjD,IAAMC,EAAgBC,EAAoBH,CAAE,EACtCI,EAAc,KAAK,UAAUH,EAAU,KAAM,CAAC,EACpD,OAAOL,EAAUM,EAAeE,CAAW,CAC/C,EAJmC,uBCInC,IAAMC,EAAyB,IAAI,KAAK,CAAC,EAC5BC,EAAUC,EAAA,CAACC,EAAO,CAAC,IAAM,MAAO,CAAE,mBAAAC,CAAmB,EAAI,CAAC,IAAM,CACzED,EAAK,QAAQ,MAAM,oCAAoC,EACvD,IAAME,EAAW,MAAMC,EAAgBH,CAAI,EACrCI,EAAcC,EAAe,CAC/B,QAASL,EAAK,SAAWC,GAAoB,OACjD,CAAC,EACKK,EAAUJ,EAASE,CAAW,EACpC,GAAKE,GAGA,GAAI,CAACA,EAAQ,YACd,MAAM,IAAIC,EAAmB,YAAYH,CAAW,+CAA+C,MAHnG,OAAM,IAAIG,EAAmB,YAAYH,CAAW,mDAAoD,EAAK,EAKjH,IAAMI,EAAiBF,EAAQ,YAEzBG,GADc,MAAMC,EAAmBV,CAAI,GAClBQ,CAAc,EAC7C,GAAI,CAACC,EACD,MAAM,IAAIF,EAAmB,gBAAgBC,CAAc,mDAAoD,EAAK,EAExH,QAAWG,IAAyB,CAAC,gBAAiB,YAAY,EAC9D,GAAI,CAACF,EAAWE,CAAqB,EACjC,MAAM,IAAIJ,EAAmB,gBAAgBC,CAAc,mCAAmCG,CAAqB,KAAM,EAAK,EAGtI,IAAMC,EAAcH,EAAW,cACzBI,EAAYJ,EAAW,WACzBK,EACJ,GAAI,CACAA,EAAW,MAAMC,EAAoBP,CAAc,CACvD,MACU,CACN,MAAM,IAAID,EAAmB,iDAAiDH,CAAW,iCAAiCY,CAAe,GAAI,EAAK,CACtJ,CACAC,EAAiB,cAAeH,EAAS,WAAW,EACpDG,EAAiB,YAAaH,EAAS,SAAS,EAChD,GAAM,CAAE,YAAAI,EAAa,UAAAC,CAAU,EAAIL,EAC7BM,EAAgB,CAAE,MAAOF,EAAa,WAAY,IAAI,KAAKC,CAAS,CAAE,EAC5E,GAAIC,EAAc,WAAW,QAAQ,EAAI,KAAK,IAAI,EAAI,IAClD,OAAOA,EAEX,GAAI,KAAK,IAAI,EAAIvB,EAAuB,QAAQ,EAAI,GAAK,IACrD,OAAAwB,EAAoBD,CAAa,EAC1BA,EAEXH,EAAiB,WAAYH,EAAS,SAAU,EAAI,EACpDG,EAAiB,eAAgBH,EAAS,aAAc,EAAI,EAC5DG,EAAiB,eAAgBH,EAAS,aAAc,EAAI,EAC5D,GAAI,CACAjB,EAAuB,QAAQ,KAAK,IAAI,CAAC,EACzC,IAAMyB,EAAkB,MAAMC,EAAmBT,EAAUD,EAAWb,EAAMC,CAAkB,EAC9FgB,EAAiB,cAAeK,EAAgB,WAAW,EAC3DL,EAAiB,YAAaK,EAAgB,SAAS,EACvD,IAAME,EAAqB,IAAI,KAAK,KAAK,IAAI,EAAIF,EAAgB,UAAY,GAAI,EACjF,GAAI,CACA,MAAMG,EAAoBjB,EAAgB,CACtC,GAAGM,EACH,YAAaQ,EAAgB,YAC7B,UAAWE,EAAmB,YAAY,EAC1C,aAAcF,EAAgB,YAClC,CAAC,CACL,MACc,CACd,CACA,MAAO,CACH,MAAOA,EAAgB,YACvB,WAAYE,CAChB,CACJ,MACc,CACV,OAAAH,EAAoBD,CAAa,EAC1BA,CACX,CACJ,EAxEuB,WCJvB,IAAMM,EAA+B,GACxBC,EAAwBC,EAAA,MAAO,CAAE,YAAAC,EAAa,WAAAC,EAAY,aAAAC,EAAc,UAAAC,EAAW,YAAAC,EAAa,UAAAC,EAAW,aAAAC,EAAc,mBAAAC,EAAoB,mBAAAC,EAAoB,QAAAC,EAAS,SAAAC,EAAU,eAAAC,EAAgB,YAAAC,EAAa,OAAAC,CAAQ,IAAM,CACxO,IAAIC,EACEC,EAAiB,gFACvB,GAAId,EACA,GAAI,CACA,IAAMe,EAAS,MAAMC,EAAoB,CACrC,QAAAR,EACA,SAAAC,EACA,eAAAC,EACA,YAAAC,CACJ,CAAC,EAAE,EACHE,EAAQ,CACJ,YAAaE,EAAO,MACpB,UAAW,IAAI,KAAKA,EAAO,UAAU,EAAE,YAAY,CACvD,CACJ,OACOE,EAAG,CACN,MAAM,IAAIC,EAAyBD,EAAE,QAAS,CAC1C,YAAarB,EACb,OAAAgB,CACJ,CAAC,CACL,KAGA,IAAI,CACAC,EAAQ,MAAMM,EAAoBpB,CAAW,CACjD,MACU,CACN,MAAM,IAAImB,EAAyB,4DAA4DJ,CAAc,GAAI,CAC7G,YAAalB,EACb,OAAAgB,CACJ,CAAC,CACL,CAEJ,GAAI,IAAI,KAAKC,EAAM,SAAS,EAAE,QAAQ,EAAI,KAAK,IAAI,GAAK,EACpD,MAAM,IAAIK,EAAyB,6DAA6DJ,CAAc,GAAI,CAC9G,YAAalB,EACb,OAAAgB,CACJ,CAAC,EAEL,GAAM,CAAE,YAAAQ,CAAY,EAAIP,EAClB,CAAE,UAAAQ,EAAW,0BAAAC,CAA0B,EAAI,KAAM,QAAO,uBAAW,EACnEC,EAAMnB,GACR,IAAIiB,EAAU,OAAO,OAAO,CAAC,EAAGhB,GAAgB,CAAC,EAAG,CAChD,OAAQA,GAAc,QAAUE,GAAoB,QAAUD,GAAoB,OAClF,OAAQD,GAAc,QAAUH,EAChC,eAAgBG,GAAc,gBAAkBE,GAAoB,gBAAkBD,GAAoB,cAC9G,CAAC,CAAC,EACFkB,EACJ,GAAI,CACAA,EAAU,MAAMD,EAAI,KAAK,IAAID,EAA0B,CACnD,UAAWrB,EACX,SAAUE,EACV,YAAAiB,CACJ,CAAC,CAAC,CACN,OACOH,EAAG,CACN,MAAM,IAAIC,EAAyBD,EAAG,CAClC,YAAarB,EACb,OAAAgB,CACJ,CAAC,CACL,CACA,GAAM,CAAE,gBAAiB,CAAE,YAAAa,EAAa,gBAAAC,EAAiB,aAAAC,EAAc,WAAAC,EAAY,gBAAAC,EAAiB,UAAAC,CAAU,EAAI,CAAC,CAAG,EAAIN,EAC1H,GAAI,CAACC,GAAe,CAACC,GAAmB,CAACC,GAAgB,CAACC,EACtD,MAAM,IAAIV,EAAyB,+CAAgD,CAC/E,YAAatB,EACb,OAAAgB,CACJ,CAAC,EAEL,IAAMmB,EAAc,CAChB,YAAAN,EACA,gBAAAC,EACA,aAAAC,EACA,WAAY,IAAI,KAAKC,CAAU,EAC/B,GAAIC,GAAmB,CAAE,gBAAAA,CAAgB,EACzC,GAAIC,GAAa,CAAE,UAAAA,CAAU,CACjC,EACA,OAAI9B,EACAgC,EAAqBD,EAAa,kBAAmB,GAAG,EAGxDC,EAAqBD,EAAa,yBAA0B,GAAG,EAE5DA,CACX,EApFqC,yBCJ9B,IAAME,EAAqBC,EAAA,CAACC,EAASC,IAAW,CACnD,GAAM,CAAE,cAAAC,EAAe,eAAAC,EAAgB,WAAAC,EAAY,cAAAC,CAAc,EAAIL,EACrE,GAAI,CAACE,GAAiB,CAACC,GAAkB,CAACC,GAAc,CAACC,EACrD,MAAM,IAAIC,EAAyB,iJACwB,OAAO,KAAKN,CAAO,EAAE,KAAK,IAAI,CAAC;AAAA,oFAAwF,CAAE,YAAa,GAAO,OAAAC,CAAO,CAAC,EAEpN,OAAOD,CACX,EAPkC,sBCI3B,IAAMO,GAAUC,EAAA,CAACC,EAAO,CAAC,IAAM,MAAO,CAAE,mBAAAC,CAAmB,EAAI,CAAC,IAAM,CACzED,EAAK,QAAQ,MAAM,4CAA4C,EAC/D,GAAM,CAAE,YAAAE,EAAa,aAAAC,EAAc,UAAAC,EAAW,YAAAC,EAAa,WAAAC,CAAW,EAAIN,EACpE,CAAE,UAAAO,CAAU,EAAIP,EAChBQ,EAAcC,EAAe,CAC/B,QAAST,EAAK,SAAWC,GAAoB,OACjD,CAAC,EACD,GAAI,CAACC,GAAe,CAACC,GAAgB,CAACC,GAAa,CAACC,GAAe,CAACC,EAAY,CAE5E,IAAMI,GADW,MAAMC,EAAgBX,CAAI,GAClBQ,CAAW,EACpC,GAAI,CAACE,EACD,MAAM,IAAIE,EAAyB,WAAWJ,CAAW,kBAAmB,CAAE,OAAQR,EAAK,MAAO,CAAC,EAEvG,GAAI,CAACa,EAAaH,CAAO,EACrB,MAAM,IAAIE,EAAyB,WAAWJ,CAAW,2CAA4C,CACjG,OAAQR,EAAK,MACjB,CAAC,EAEL,GAAIU,GAAS,YAAa,CAEtB,IAAMI,GADc,MAAMC,EAAmBf,CAAI,GACrBU,EAAQ,WAAW,EACzCM,EAAc,8BAA8BR,CAAW,oBAAoBE,EAAQ,WAAW,GACpG,GAAIN,GAAaA,IAAcU,EAAQ,WACnC,MAAM,IAAIF,EAAyB,yBAA2BI,EAAa,CACvE,YAAa,GACb,OAAQhB,EAAK,MACjB,CAAC,EAEL,GAAIE,GAAeA,IAAgBY,EAAQ,cACvC,MAAM,IAAIF,EAAyB,4BAA8BI,EAAa,CAC1E,YAAa,GACb,OAAQhB,EAAK,MACjB,CAAC,EAELU,EAAQ,WAAaI,EAAQ,WAC7BJ,EAAQ,cAAgBI,EAAQ,aACpC,CACA,GAAM,CAAE,cAAAG,EAAe,eAAAC,EAAgB,WAAAC,EAAY,cAAAC,EAAe,YAAAC,CAAY,EAAIC,EAAmBZ,EAASV,EAAK,MAAM,EACzH,OAAOuB,EAAsB,CACzB,YAAaN,EACb,WAAYI,EACZ,aAAcH,EACd,UAAWC,EACX,YAAaC,EACb,UAAWb,EACX,aAAcP,EAAK,aACnB,mBAAoBA,EAAK,mBACzB,mBAAoBA,EAAK,mBACzB,QAASQ,EACT,SAAUR,EAAK,SACf,eAAgBA,EAAK,eACrB,YAAaA,EAAK,YAClB,OAAQA,EAAK,MACjB,CAAC,CACL,KACK,IAAI,CAACE,GAAe,CAACC,GAAgB,CAACC,GAAa,CAACC,EACrD,MAAM,IAAIO,EAAyB,+HAC8B,CAAE,YAAa,GAAO,OAAQZ,EAAK,MAAO,CAAC,EAG5G,OAAOuB,EAAsB,CACzB,YAAArB,EACA,WAAAI,EACA,aAAAH,EACA,UAAAC,EACA,YAAAC,EACA,UAAAE,EACA,aAAcP,EAAK,aACnB,mBAAoBA,EAAK,mBACzB,mBAAoBA,EAAK,mBACzB,QAASQ,EACT,SAAUR,EAAK,SACf,eAAgBA,EAAK,eACrB,YAAaA,EAAK,YAClB,OAAQA,EAAK,MACjB,CAAC,EAET,EA7EuB",
6
+ "names": ["TokenProviderError", "_TokenProviderError", "ProviderError", "__name", "message", "options", "isSsoProfile", "__name", "arg", "REFRESH_MESSAGE", "getSsoOidcClient", "__name", "ssoRegion", "init", "callerClientConfig", "SSOOIDCClient", "coalesce", "prop", "getNewSsoOidcToken", "__name", "ssoToken", "ssoRegion", "init", "callerClientConfig", "CreateTokenCommand", "getSsoOidcClient", "validateTokenExpiry", "__name", "token", "TokenProviderError", "REFRESH_MESSAGE", "validateTokenKey", "__name", "key", "value", "forRefresh", "TokenProviderError", "REFRESH_MESSAGE", "fsPromises", "writeFile", "fsPromises", "writeSSOTokenToFile", "__name", "id", "ssoToken", "tokenFilepath", "getSSOTokenFilepath", "tokenString", "lastRefreshAttemptTime", "fromSso", "__name", "init", "callerClientConfig", "profiles", "parseKnownFiles", "profileName", "getProfileName", "profile", "TokenProviderError", "ssoSessionName", "ssoSession", "loadSsoSessionData", "ssoSessionRequiredKey", "ssoStartUrl", "ssoRegion", "ssoToken", "getSSOTokenFromFile", "REFRESH_MESSAGE", "validateTokenKey", "accessToken", "expiresAt", "existingToken", "validateTokenExpiry", "newSsoOidcToken", "getNewSsoOidcToken", "newTokenExpiration", "writeSSOTokenToFile", "SHOULD_FAIL_CREDENTIAL_CHAIN", "resolveSSOCredentials", "__name", "ssoStartUrl", "ssoSession", "ssoAccountId", "ssoRegion", "ssoRoleName", "ssoClient", "clientConfig", "parentClientConfig", "callerClientConfig", "profile", "filepath", "configFilepath", "ignoreCache", "logger", "token", "refreshMessage", "_token", "fromSso", "e", "CredentialsProviderError", "getSSOTokenFromFile", "accessToken", "SSOClient", "GetRoleCredentialsCommand", "sso", "ssoResp", "accessKeyId", "secretAccessKey", "sessionToken", "expiration", "credentialScope", "accountId", "credentials", "setCredentialFeature", "validateSsoProfile", "__name", "profile", "logger", "sso_start_url", "sso_account_id", "sso_region", "sso_role_name", "CredentialsProviderError", "fromSSO", "__name", "init", "callerClientConfig", "ssoStartUrl", "ssoAccountId", "ssoRegion", "ssoRoleName", "ssoSession", "ssoClient", "profileName", "getProfileName", "profile", "parseKnownFiles", "CredentialsProviderError", "isSsoProfile", "session", "loadSsoSessionData", "conflictMsg", "sso_start_url", "sso_account_id", "sso_region", "sso_role_name", "sso_session", "validateSsoProfile", "resolveSSOCredentials"]
7
+ }
package/handler/dist-es-MTQKAI46.js ADDED
@@ -0,0 +1,2 @@
1
+ /* CommonJS polyfills */import { fileURLToPath } from 'node:url';import { createRequire } from 'node:module';const __filename = fileURLToPath(import.meta.url);const __dirname = fileURLToPath(new URL('.', import.meta.url));const require = createRequire(import.meta.url);/* end of CommonJS polyfills */
2
+ import{b as a,h as f,i as u}from"./chunk-NHK4IEJM.js";import{a as p}from"./chunk-7HH7JLQT.js";import{b as i}from"./chunk-IIV4KUZH.js";import{a as t}from"./chunk-K7I7SIAE.js";import{exec as P}from"child_process";import{promisify as x}from"util";var w=t((r,e,o)=>{if(e.Version!==1)throw Error(`Profile ${r} credential_process did not return Version 1.`);if(e.AccessKeyId===void 0||e.SecretAccessKey===void 0)throw Error(`Profile ${r} credential_process returned invalid credentials.`);if(e.Expiration){let d=new Date;if(new Date(e.Expiration)<d)throw Error(`Profile ${r} credential_process returned expired credentials.`)}let s=e.AccountId;!s&&o?.[r]?.aws_account_id&&(s=o[r].aws_account_id);let n={accessKeyId:e.AccessKeyId,secretAccessKey:e.SecretAccessKey,...e.SessionToken&&{sessionToken:e.SessionToken},...e.Expiration&&{expiration:new Date(e.Expiration)},...e.CredentialScope&&{credentialScope:e.CredentialScope},...s&&{accountId:s}};return p(n,"CREDENTIALS_PROCESS","w"),n},"getValidatedProcessCredentials");var m=t(async(r,e,o)=>{let s=e[r];if(e[r]){let n=s.credential_process;if(n!==void 0){let d=x(u?.getTokenRecord?.().exec??P);try{let{stdout:c}=await d(n),l;try{l=JSON.parse(c.trim())}catch{throw Error(`Profile ${r} credential_process returned invalid JSON.`)}return w(r,l,e)}catch(c){throw new i(c.message,{logger:o})}}else throw new i(`Profile ${r} did not contain credential_process.`,{logger:o})}else throw new i(`Profile ${r} could not be found in shared credentials file.`,{logger:o})},"resolveProcessCredentials");var $=t((r={})=>async({callerClientConfig:e}={})=>{r.logger?.debug("@aws-sdk/credential-provider-process - fromProcess");let o=await f(r);return m(a({profile:r.profile??e?.profile}),o,r.logger)},"fromProcess");export{$ as fromProcess};
package/handler/dist-es-MTQKAI46.js.map ADDED
@@ -0,0 +1,7 @@
1
+ {
2
+ "version": 3,
3
+ "sources": ["../../../node_modules/.bun/@aws-sdk+credential-provider-process@3.972.8/node_modules/@aws-sdk/credential-provider-process/dist-es/resolveProcessCredentials.js", "../../../node_modules/.bun/@aws-sdk+credential-provider-process@3.972.8/node_modules/@aws-sdk/credential-provider-process/dist-es/getValidatedProcessCredentials.js", "../../../node_modules/.bun/@aws-sdk+credential-provider-process@3.972.8/node_modules/@aws-sdk/credential-provider-process/dist-es/fromProcess.js"],
4
+ "sourcesContent": ["import { CredentialsProviderError } from \"@smithy/property-provider\";\nimport { externalDataInterceptor } from \"@smithy/shared-ini-file-loader\";\nimport { exec } from \"child_process\";\nimport { promisify } from \"util\";\nimport { getValidatedProcessCredentials } from \"./getValidatedProcessCredentials\";\nexport const resolveProcessCredentials = async (profileName, profiles, logger) => {\n const profile = profiles[profileName];\n if (profiles[profileName]) {\n const credentialProcess = profile[\"credential_process\"];\n if (credentialProcess !== undefined) {\n const execPromise = promisify(externalDataInterceptor?.getTokenRecord?.().exec ?? exec);\n try {\n const { stdout } = await execPromise(credentialProcess);\n let data;\n try {\n data = JSON.parse(stdout.trim());\n }\n catch {\n throw Error(`Profile ${profileName} credential_process returned invalid JSON.`);\n }\n return getValidatedProcessCredentials(profileName, data, profiles);\n }\n catch (error) {\n throw new CredentialsProviderError(error.message, { logger });\n }\n }\n else {\n throw new CredentialsProviderError(`Profile ${profileName} did not contain credential_process.`, { logger });\n }\n }\n else {\n throw new CredentialsProviderError(`Profile ${profileName} could not be found in shared credentials file.`, {\n logger,\n });\n }\n};\n", "import { setCredentialFeature } from \"@aws-sdk/core/client\";\nexport const getValidatedProcessCredentials = (profileName, data, profiles) => {\n if (data.Version !== 1) {\n throw Error(`Profile ${profileName} credential_process did not return Version 1.`);\n }\n if (data.AccessKeyId === undefined || data.SecretAccessKey === undefined) {\n throw Error(`Profile ${profileName} credential_process returned invalid credentials.`);\n }\n if (data.Expiration) {\n const currentTime = new Date();\n const expireTime = new Date(data.Expiration);\n if (expireTime < currentTime) {\n throw Error(`Profile ${profileName} credential_process returned expired credentials.`);\n }\n }\n let accountId = data.AccountId;\n if (!accountId && profiles?.[profileName]?.aws_account_id) {\n accountId = profiles[profileName].aws_account_id;\n }\n const credentials = {\n accessKeyId: data.AccessKeyId,\n secretAccessKey: data.SecretAccessKey,\n ...(data.SessionToken && { sessionToken: data.SessionToken }),\n ...(data.Expiration && { expiration: new Date(data.Expiration) }),\n ...(data.CredentialScope && { credentialScope: data.CredentialScope }),\n ...(accountId && { accountId }),\n };\n setCredentialFeature(credentials, \"CREDENTIALS_PROCESS\", \"w\");\n return credentials;\n};\n", "import { getProfileName, parseKnownFiles } from \"@smithy/shared-ini-file-loader\";\nimport { resolveProcessCredentials } from \"./resolveProcessCredentials\";\nexport const fromProcess = (init = {}) => async ({ callerClientConfig } = {}) => {\n init.logger?.debug(\"@aws-sdk/credential-provider-process - fromProcess\");\n const profiles = await parseKnownFiles(init);\n return resolveProcessCredentials(getProfileName({\n profile: init.profile ?? callerClientConfig?.profile,\n }), profiles, init.logger);\n};\n"],
5
+ "mappings": ";8KAEA,OAAS,QAAAA,MAAY,gBACrB,OAAS,aAAAC,MAAiB,OCFnB,IAAMC,EAAiCC,EAAA,CAACC,EAAaC,EAAMC,IAAa,CAC3E,GAAID,EAAK,UAAY,EACjB,MAAM,MAAM,WAAWD,CAAW,+CAA+C,EAErF,GAAIC,EAAK,cAAgB,QAAaA,EAAK,kBAAoB,OAC3D,MAAM,MAAM,WAAWD,CAAW,mDAAmD,EAEzF,GAAIC,EAAK,WAAY,CACjB,IAAME,EAAc,IAAI,KAExB,GADmB,IAAI,KAAKF,EAAK,UAAU,EAC1BE,EACb,MAAM,MAAM,WAAWH,CAAW,mDAAmD,CAE7F,CACA,IAAII,EAAYH,EAAK,UACjB,CAACG,GAAaF,IAAWF,CAAW,GAAG,iBACvCI,EAAYF,EAASF,CAAW,EAAE,gBAEtC,IAAMK,EAAc,CAChB,YAAaJ,EAAK,YAClB,gBAAiBA,EAAK,gBACtB,GAAIA,EAAK,cAAgB,CAAE,aAAcA,EAAK,YAAa,EAC3D,GAAIA,EAAK,YAAc,CAAE,WAAY,IAAI,KAAKA,EAAK,UAAU,CAAE,EAC/D,GAAIA,EAAK,iBAAmB,CAAE,gBAAiBA,EAAK,eAAgB,EACpE,GAAIG,GAAa,CAAE,UAAAA,CAAU,CACjC,EACA,OAAAE,EAAqBD,EAAa,sBAAuB,GAAG,EACrDA,CACX,EA5B8C,kCDIvC,IAAME,EAA4BC,EAAA,MAAOC,EAAaC,EAAUC,IAAW,CAC9E,IAAMC,EAAUF,EAASD,CAAW,EACpC,GAAIC,EAASD,CAAW,EAAG,CACvB,IAAMI,EAAoBD,EAAQ,mBAClC,GAAIC,IAAsB,OAAW,CACjC,IAAMC,EAAcC,EAAUC,GAAyB,iBAAiB,EAAE,MAAQC,CAAI,EACtF,GAAI,CACA,GAAM,CAAE,OAAAC,CAAO,EAAI,MAAMJ,EAAYD,CAAiB,EAClDM,EACJ,GAAI,CACAA,EAAO,KAAK,MAAMD,EAAO,KAAK,CAAC,CACnC,MACM,CACF,MAAM,MAAM,WAAWT,CAAW,4CAA4C,CAClF,CACA,OAAOW,EAA+BX,EAAaU,EAAMT,CAAQ,CACrE,OACOW,EAAO,CACV,MAAM,IAAIC,EAAyBD,EAAM,QAAS,CAAE,OAAAV,CAAO,CAAC,CAChE,CACJ,KAEI,OAAM,IAAIW,EAAyB,WAAWb,CAAW,uCAAwC,CAAE,OAAAE,CAAO,CAAC,CAEnH,KAEI,OAAM,IAAIW,EAAyB,WAAWb,CAAW,kDAAmD,CACxG,OAAAE,CACJ,CAAC,CAET,EA9ByC,6BEHlC,IAAMY,EAAcC,EAAA,CAACC,EAAO,CAAC,IAAM,MAAO,CAAE,mBAAAC,CAAmB,EAAI,CAAC,IAAM,CAC7ED,EAAK,QAAQ,MAAM,oDAAoD,EACvE,IAAME,EAAW,MAAMC,EAAgBH,CAAI,EAC3C,OAAOI,EAA0BC,EAAe,CAC5C,QAASL,EAAK,SAAWC,GAAoB,OACjD,CAAC,EAAGC,EAAUF,EAAK,MAAM,CAC7B,EAN2B",
6
+ "names": ["exec", "promisify", "getValidatedProcessCredentials", "__name", "profileName", "data", "profiles", "currentTime", "accountId", "credentials", "setCredentialFeature", "resolveProcessCredentials", "__name", "profileName", "profiles", "logger", "profile", "credentialProcess", "execPromise", "promisify", "externalDataInterceptor", "exec", "stdout", "data", "getValidatedProcessCredentials", "error", "CredentialsProviderError", "fromProcess", "__name", "init", "callerClientConfig", "profiles", "parseKnownFiles", "resolveProcessCredentials", "getProfileName"]
7
+ }
package/handler/dist-es-MX3QM4CF.js ADDED
@@ -0,0 +1,6 @@
1
+ /* CommonJS polyfills */import { fileURLToPath } from 'node:url';import { createRequire } from 'node:module';const __filename = fileURLToPath(import.meta.url);const __dirname = fileURLToPath(new URL('.', import.meta.url));const require = createRequire(import.meta.url);/* end of CommonJS polyfills */
2
+ import{c as C}from"./chunk-XXOXLF5U.js";import{e as h,j as l}from"./chunk-MHYJWYJC.js";import{a as A}from"./chunk-QBFMAZ73.js";import"./chunk-BZDMPUOT.js";import{a as p}from"./chunk-7HH7JLQT.js";import{b as i}from"./chunk-IIV4KUZH.js";import{a as s}from"./chunk-K7I7SIAE.js";import S from"fs/promises";var R="169.254.170.2",w="169.254.170.23",g="[fd00:ec2::23]",_=s((e,o)=>{if(e.protocol!=="https:"&&!(e.hostname===R||e.hostname===w||e.hostname===g)){if(e.hostname.includes("[")){if(e.hostname==="[::1]"||e.hostname==="[0000:0000:0000:0000:0000:0000:0000:0001]")return}else{if(e.hostname==="localhost")return;let n=e.hostname.split("."),r=s(t=>{let a=parseInt(t,10);return 0<=a&&a<=255},"inRange");if(n[0]==="127"&&r(n[1])&&r(n[2])&&r(n[3])&&n.length===4)return}throw new i(`URL not accepted. It must either be HTTPS or match one of the following:
3
+ - loopback CIDR 127.0.0.0/8 or [::1/128]
4
+ - ECS container host 169.254.170.2
5
+ - EKS container host 169.254.170.23 or [fd00:ec2::23]`,{logger:o})}},"checkUrl");function I(e){return new A({protocol:e.protocol,hostname:e.hostname,port:Number(e.port),path:e.pathname,query:Array.from(e.searchParams.entries()).reduce((o,[n,r])=>(o[n]=r,o),{}),fragment:e.hash})}s(I,"createGetRequest");async function f(e,o){let r=await C(e.body).transformToString();if(e.statusCode===200){let t=JSON.parse(r);if(typeof t.AccessKeyId!="string"||typeof t.SecretAccessKey!="string"||typeof t.Token!="string"||typeof t.Expiration!="string")throw new i("HTTP credential provider response not of the required format, an object matching: { AccessKeyId: string, SecretAccessKey: string, Token: string, Expiration: string(rfc3339) }",{logger:o});return{accessKeyId:t.AccessKeyId,secretAccessKey:t.SecretAccessKey,sessionToken:t.Token,expiration:l(t.Expiration)}}if(e.statusCode>=400&&e.statusCode<500){let t={};try{t=JSON.parse(r)}catch{}throw Object.assign(new i(`Server responded with status: ${e.statusCode}`,{logger:o}),{Code:t.Code,Message:t.Message})}throw new i(`Server responded with status: ${e.statusCode}`,{logger:o})}s(f,"getCredentials");var E=s((e,o,n)=>async()=>{for(let r=0;r<o;++r)try{return await e()}catch{await new Promise(a=>setTimeout(a,n))}return await e()},"retryWrapper");var O="AWS_CONTAINER_CREDENTIALS_RELATIVE_URI",L="http://169.254.170.2",y="AWS_CONTAINER_CREDENTIALS_FULL_URI",v="AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE",U="AWS_CONTAINER_AUTHORIZATION_TOKEN",k=s((e={})=>{e.logger?.debug("@aws-sdk/credential-provider-http - fromHttp");let o,n=e.awsContainerCredentialsRelativeUri??process.env[O],r=e.awsContainerCredentialsFullUri??process.env[y],t=e.awsContainerAuthorizationToken??process.env[U],a=e.awsContainerAuthorizationTokenFile??process.env[v],c=e.logger?.constructor?.name==="NoOpLogger"||!e.logger?.warn?console.warn:e.logger.warn.bind(e.logger);if(n&&r&&(c("@aws-sdk/credential-provider-http: you have set both awsContainerCredentialsRelativeUri and awsContainerCredentialsFullUri."),c("awsContainerCredentialsFullUri will take precedence.")),t&&a&&(c("@aws-sdk/credential-provider-http: you have set both awsContainerAuthorizationToken and awsContainerAuthorizationTokenFile."),c("awsContainerAuthorizationToken will take precedence.")),r)o=r;else if(n)o=`${L}${n}`;else throw new i(`No HTTP credential provider host provided.
6
+ Set AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI.`,{logger:e.logger});let T=new URL(o);_(T,e.logger);let N=h.create({requestTimeout:e.timeout??1e3,connectionTimeout:e.timeout??1e3});return E(async()=>{let d=I(T);t?d.headers.Authorization=t:a&&(d.headers.Authorization=(await S.readFile(a)).toString());try{let m=await N.handle(d);return f(m.response).then(u=>p(u,"CREDENTIALS_HTTP","z"))}catch(m){throw new i(String(m),{logger:e.logger})}},e.maxRetries??3,e.timeout??1e3)},"fromHttp");export{k as fromHttp};
package/handler/dist-es-MX3QM4CF.js.map ADDED
@@ -0,0 +1,7 @@
1
+ {
2
+ "version": 3,
3
+ "sources": ["../../../node_modules/.bun/@aws-sdk+credential-provider-http@3.972.10/node_modules/@aws-sdk/credential-provider-http/dist-es/fromHttp/fromHttp.js", "../../../node_modules/.bun/@aws-sdk+credential-provider-http@3.972.10/node_modules/@aws-sdk/credential-provider-http/dist-es/fromHttp/checkUrl.js", "../../../node_modules/.bun/@aws-sdk+credential-provider-http@3.972.10/node_modules/@aws-sdk/credential-provider-http/dist-es/fromHttp/requestHelpers.js", "../../../node_modules/.bun/@aws-sdk+credential-provider-http@3.972.10/node_modules/@aws-sdk/credential-provider-http/dist-es/fromHttp/retry-wrapper.js"],
4
+ "sourcesContent": ["import { setCredentialFeature } from \"@aws-sdk/core/client\";\nimport { NodeHttpHandler } from \"@smithy/node-http-handler\";\nimport { CredentialsProviderError } from \"@smithy/property-provider\";\nimport fs from \"fs/promises\";\nimport { checkUrl } from \"./checkUrl\";\nimport { createGetRequest, getCredentials } from \"./requestHelpers\";\nimport { retryWrapper } from \"./retry-wrapper\";\nconst AWS_CONTAINER_CREDENTIALS_RELATIVE_URI = \"AWS_CONTAINER_CREDENTIALS_RELATIVE_URI\";\nconst DEFAULT_LINK_LOCAL_HOST = \"http://169.254.170.2\";\nconst AWS_CONTAINER_CREDENTIALS_FULL_URI = \"AWS_CONTAINER_CREDENTIALS_FULL_URI\";\nconst AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE = \"AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE\";\nconst AWS_CONTAINER_AUTHORIZATION_TOKEN = \"AWS_CONTAINER_AUTHORIZATION_TOKEN\";\nexport const fromHttp = (options = {}) => {\n options.logger?.debug(\"@aws-sdk/credential-provider-http - fromHttp\");\n let host;\n const relative = options.awsContainerCredentialsRelativeUri ?? process.env[AWS_CONTAINER_CREDENTIALS_RELATIVE_URI];\n const full = options.awsContainerCredentialsFullUri ?? process.env[AWS_CONTAINER_CREDENTIALS_FULL_URI];\n const token = options.awsContainerAuthorizationToken ?? process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN];\n const tokenFile = options.awsContainerAuthorizationTokenFile ?? process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE];\n const warn = options.logger?.constructor?.name === \"NoOpLogger\" || !options.logger?.warn\n ? console.warn\n : options.logger.warn.bind(options.logger);\n if (relative && full) {\n warn(\"@aws-sdk/credential-provider-http: \" +\n \"you have set both awsContainerCredentialsRelativeUri and awsContainerCredentialsFullUri.\");\n warn(\"awsContainerCredentialsFullUri will take precedence.\");\n }\n if (token && tokenFile) {\n warn(\"@aws-sdk/credential-provider-http: \" +\n \"you have set both awsContainerAuthorizationToken and awsContainerAuthorizationTokenFile.\");\n warn(\"awsContainerAuthorizationToken will take precedence.\");\n }\n if (full) {\n host = full;\n }\n else if (relative) {\n host = `${DEFAULT_LINK_LOCAL_HOST}${relative}`;\n }\n else {\n throw new CredentialsProviderError(`No HTTP credential provider host provided.\nSet AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI.`, { logger: options.logger });\n }\n const url = new URL(host);\n checkUrl(url, options.logger);\n const requestHandler = NodeHttpHandler.create({\n requestTimeout: options.timeout ?? 1000,\n connectionTimeout: options.timeout ?? 1000,\n });\n return retryWrapper(async () => {\n const request = createGetRequest(url);\n if (token) {\n request.headers.Authorization = token;\n }\n else if (tokenFile) {\n request.headers.Authorization = (await fs.readFile(tokenFile)).toString();\n }\n try {\n const result = await requestHandler.handle(request);\n return getCredentials(result.response).then((creds) => setCredentialFeature(creds, \"CREDENTIALS_HTTP\", \"z\"));\n }\n catch (e) {\n throw new CredentialsProviderError(String(e), { logger: options.logger });\n }\n }, options.maxRetries ?? 3, options.timeout ?? 1000);\n};\n", "import { CredentialsProviderError } from \"@smithy/property-provider\";\nconst LOOPBACK_CIDR_IPv4 = \"127.0.0.0/8\";\nconst LOOPBACK_CIDR_IPv6 = \"::1/128\";\nconst ECS_CONTAINER_HOST = \"169.254.170.2\";\nconst EKS_CONTAINER_HOST_IPv4 = \"169.254.170.23\";\nconst EKS_CONTAINER_HOST_IPv6 = \"[fd00:ec2::23]\";\nexport const checkUrl = (url, logger) => {\n if (url.protocol === \"https:\") {\n return;\n }\n if (url.hostname === ECS_CONTAINER_HOST ||\n url.hostname === EKS_CONTAINER_HOST_IPv4 ||\n url.hostname === EKS_CONTAINER_HOST_IPv6) {\n return;\n }\n if (url.hostname.includes(\"[\")) {\n if (url.hostname === \"[::1]\" || url.hostname === \"[0000:0000:0000:0000:0000:0000:0000:0001]\") {\n return;\n }\n }\n else {\n if (url.hostname === \"localhost\") {\n return;\n }\n const ipComponents = url.hostname.split(\".\");\n const inRange = (component) => {\n const num = parseInt(component, 10);\n return 0 <= num && num <= 255;\n };\n if (ipComponents[0] === \"127\" &&\n inRange(ipComponents[1]) &&\n inRange(ipComponents[2]) &&\n inRange(ipComponents[3]) &&\n ipComponents.length === 4) {\n return;\n }\n }\n throw new CredentialsProviderError(`URL not accepted. It must either be HTTPS or match one of the following:\n - loopback CIDR 127.0.0.0/8 or [::1/128]\n - ECS container host 169.254.170.2\n - EKS container host 169.254.170.23 or [fd00:ec2::23]`, { logger });\n};\n", "import { CredentialsProviderError } from \"@smithy/property-provider\";\nimport { HttpRequest } from \"@smithy/protocol-http\";\nimport { parseRfc3339DateTime } from \"@smithy/smithy-client\";\nimport { sdkStreamMixin } from \"@smithy/util-stream\";\nexport function createGetRequest(url) {\n return new HttpRequest({\n protocol: url.protocol,\n hostname: url.hostname,\n port: Number(url.port),\n path: url.pathname,\n query: Array.from(url.searchParams.entries()).reduce((acc, [k, v]) => {\n acc[k] = v;\n return acc;\n }, {}),\n fragment: url.hash,\n });\n}\nexport async function getCredentials(response, logger) {\n const stream = sdkStreamMixin(response.body);\n const str = await stream.transformToString();\n if (response.statusCode === 200) {\n const parsed = JSON.parse(str);\n if (typeof parsed.AccessKeyId !== \"string\" ||\n typeof parsed.SecretAccessKey !== \"string\" ||\n typeof parsed.Token !== \"string\" ||\n typeof parsed.Expiration !== \"string\") {\n throw new CredentialsProviderError(\"HTTP credential provider response not of the required format, an object matching: \" +\n \"{ AccessKeyId: string, SecretAccessKey: string, Token: string, Expiration: string(rfc3339) }\", { logger });\n }\n return {\n accessKeyId: parsed.AccessKeyId,\n secretAccessKey: parsed.SecretAccessKey,\n sessionToken: parsed.Token,\n expiration: parseRfc3339DateTime(parsed.Expiration),\n };\n }\n if (response.statusCode >= 400 && response.statusCode < 500) {\n let parsedBody = {};\n try {\n parsedBody = JSON.parse(str);\n }\n catch (e) { }\n throw Object.assign(new CredentialsProviderError(`Server responded with status: ${response.statusCode}`, { logger }), {\n Code: parsedBody.Code,\n Message: parsedBody.Message,\n });\n }\n throw new CredentialsProviderError(`Server responded with status: ${response.statusCode}`, { logger });\n}\n", "export const retryWrapper = (toRetry, maxRetries, delayMs) => {\n return async () => {\n for (let i = 0; i < maxRetries; ++i) {\n try {\n return await toRetry();\n }\n catch (e) {\n await new Promise((resolve) => setTimeout(resolve, delayMs));\n }\n }\n return await toRetry();\n };\n};\n"],
5
+ "mappings": ";mRAGA,OAAOA,MAAQ,cCAf,IAAMC,EAAqB,gBACrBC,EAA0B,iBAC1BC,EAA0B,iBACnBC,EAAWC,EAAA,CAACC,EAAKC,IAAW,CACrC,GAAID,EAAI,WAAa,UAGjB,EAAAA,EAAI,WAAaL,GACjBK,EAAI,WAAaJ,GACjBI,EAAI,WAAaH,GAGrB,IAAIG,EAAI,SAAS,SAAS,GAAG,GACzB,GAAIA,EAAI,WAAa,SAAWA,EAAI,WAAa,4CAC7C,WAGH,CACD,GAAIA,EAAI,WAAa,YACjB,OAEJ,IAAME,EAAeF,EAAI,SAAS,MAAM,GAAG,EACrCG,EAAUJ,EAACK,GAAc,CAC3B,IAAMC,EAAM,SAASD,EAAW,EAAE,EAClC,MAAO,IAAKC,GAAOA,GAAO,GAC9B,EAHgB,WAIhB,GAAIH,EAAa,CAAC,IAAM,OACpBC,EAAQD,EAAa,CAAC,CAAC,GACvBC,EAAQD,EAAa,CAAC,CAAC,GACvBC,EAAQD,EAAa,CAAC,CAAC,GACvBA,EAAa,SAAW,EACxB,MAER,CACA,MAAM,IAAII,EAAyB;AAAA;AAAA;AAAA,yDAGmB,CAAE,OAAAL,CAAO,CAAC,EACpE,EAnCwB,YCFjB,SAASM,EAAiBC,EAAK,CAClC,OAAO,IAAIC,EAAY,CACnB,SAAUD,EAAI,SACd,SAAUA,EAAI,SACd,KAAM,OAAOA,EAAI,IAAI,EACrB,KAAMA,EAAI,SACV,MAAO,MAAM,KAAKA,EAAI,aAAa,QAAQ,CAAC,EAAE,OAAO,CAACE,EAAK,CAACC,EAAGC,CAAC,KAC5DF,EAAIC,CAAC,EAAIC,EACFF,GACR,CAAC,CAAC,EACL,SAAUF,EAAI,IAClB,CAAC,CACL,CAZgBK,EAAAN,EAAA,oBAahB,eAAsBO,EAAeC,EAAUC,EAAQ,CAEnD,IAAMC,EAAM,MADGC,EAAeH,EAAS,IAAI,EAClB,kBAAkB,EAC3C,GAAIA,EAAS,aAAe,IAAK,CAC7B,IAAMI,EAAS,KAAK,MAAMF,CAAG,EAC7B,GAAI,OAAOE,EAAO,aAAgB,UAC9B,OAAOA,EAAO,iBAAoB,UAClC,OAAOA,EAAO,OAAU,UACxB,OAAOA,EAAO,YAAe,SAC7B,MAAM,IAAIC,EAAyB,iLACiE,CAAE,OAAAJ,CAAO,CAAC,EAElH,MAAO,CACH,YAAaG,EAAO,YACpB,gBAAiBA,EAAO,gBACxB,aAAcA,EAAO,MACrB,WAAYE,EAAqBF,EAAO,UAAU,CACtD,CACJ,CACA,GAAIJ,EAAS,YAAc,KAAOA,EAAS,WAAa,IAAK,CACzD,IAAIO,EAAa,CAAC,EAClB,GAAI,CACAA,EAAa,KAAK,MAAML,CAAG,CAC/B,MACU,CAAE,CACZ,MAAM,OAAO,OAAO,IAAIG,EAAyB,iCAAiCL,EAAS,UAAU,GAAI,CAAE,OAAAC,CAAO,CAAC,EAAG,CAClH,KAAMM,EAAW,KACjB,QAASA,EAAW,OACxB,CAAC,CACL,CACA,MAAM,IAAIF,EAAyB,iCAAiCL,EAAS,UAAU,GAAI,CAAE,OAAAC,CAAO,CAAC,CACzG,CA/BsBH,EAAAC,EAAA,kBCjBf,IAAMS,EAAeC,EAAA,CAACC,EAASC,EAAYC,IACvC,SAAY,CACf,QAASC,EAAI,EAAGA,EAAIF,EAAY,EAAEE,EAC9B,GAAI,CACA,OAAO,MAAMH,EAAQ,CACzB,MACU,CACN,MAAM,IAAI,QAASI,GAAY,WAAWA,EAASF,CAAO,CAAC,CAC/D,CAEJ,OAAO,MAAMF,EAAQ,CACzB,EAXwB,gBHO5B,IAAMK,EAAyC,yCACzCC,EAA0B,uBAC1BC,EAAqC,qCACrCC,EAAyC,yCACzCC,EAAoC,oCAC7BC,EAAWC,EAAA,CAACC,EAAU,CAAC,IAAM,CACtCA,EAAQ,QAAQ,MAAM,8CAA8C,EACpE,IAAIC,EACEC,EAAWF,EAAQ,oCAAsC,QAAQ,IAAIP,CAAsC,EAC3GU,EAAOH,EAAQ,gCAAkC,QAAQ,IAAIL,CAAkC,EAC/FS,EAAQJ,EAAQ,gCAAkC,QAAQ,IAAIH,CAAiC,EAC/FQ,EAAYL,EAAQ,oCAAsC,QAAQ,IAAIJ,CAAsC,EAC5GU,EAAON,EAAQ,QAAQ,aAAa,OAAS,cAAgB,CAACA,EAAQ,QAAQ,KAC9E,QAAQ,KACRA,EAAQ,OAAO,KAAK,KAAKA,EAAQ,MAAM,EAW7C,GAVIE,GAAYC,IACZG,EAAK,6HACyF,EAC9FA,EAAK,sDAAsD,GAE3DF,GAASC,IACTC,EAAK,6HACyF,EAC9FA,EAAK,sDAAsD,GAE3DH,EACAF,EAAOE,UAEFD,EACLD,EAAO,GAAGP,CAAuB,GAAGQ,CAAQ,OAG5C,OAAM,IAAIK,EAAyB;AAAA,mFACyC,CAAE,OAAQP,EAAQ,MAAO,CAAC,EAE1G,IAAMQ,EAAM,IAAI,IAAIP,CAAI,EACxBQ,EAASD,EAAKR,EAAQ,MAAM,EAC5B,IAAMU,EAAiBC,EAAgB,OAAO,CAC1C,eAAgBX,EAAQ,SAAW,IACnC,kBAAmBA,EAAQ,SAAW,GAC1C,CAAC,EACD,OAAOY,EAAa,SAAY,CAC5B,IAAMC,EAAUC,EAAiBN,CAAG,EAChCJ,EACAS,EAAQ,QAAQ,cAAgBT,EAE3BC,IACLQ,EAAQ,QAAQ,eAAiB,MAAME,EAAG,SAASV,CAAS,GAAG,SAAS,GAE5E,GAAI,CACA,IAAMW,EAAS,MAAMN,EAAe,OAAOG,CAAO,EAClD,OAAOI,EAAeD,EAAO,QAAQ,EAAE,KAAME,GAAUC,EAAqBD,EAAO,mBAAoB,GAAG,CAAC,CAC/G,OACOE,EAAG,CACN,MAAM,IAAIb,EAAyB,OAAOa,CAAC,EAAG,CAAE,OAAQpB,EAAQ,MAAO,CAAC,CAC5E,CACJ,EAAGA,EAAQ,YAAc,EAAGA,EAAQ,SAAW,GAAI,CACvD,EApDwB",
6
+ "names": ["fs", "ECS_CONTAINER_HOST", "EKS_CONTAINER_HOST_IPv4", "EKS_CONTAINER_HOST_IPv6", "checkUrl", "__name", "url", "logger", "ipComponents", "inRange", "component", "num", "CredentialsProviderError", "createGetRequest", "url", "HttpRequest", "acc", "k", "v", "__name", "getCredentials", "response", "logger", "str", "sdkStreamMixin", "parsed", "CredentialsProviderError", "parseRfc3339DateTime", "parsedBody", "retryWrapper", "__name", "toRetry", "maxRetries", "delayMs", "i", "resolve", "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI", "DEFAULT_LINK_LOCAL_HOST", "AWS_CONTAINER_CREDENTIALS_FULL_URI", "AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE", "AWS_CONTAINER_AUTHORIZATION_TOKEN", "fromHttp", "__name", "options", "host", "relative", "full", "token", "tokenFile", "warn", "CredentialsProviderError", "url", "checkUrl", "requestHandler", "NodeHttpHandler", "retryWrapper", "request", "createGetRequest", "fs", "result", "getCredentials", "creds", "setCredentialFeature", "e"]
7
+ }
package/handler/dist-es-OFGVNFYO.js ADDED
@@ -0,0 +1,2 @@
1
+ /* CommonJS polyfills */import { fileURLToPath } from 'node:url';import { createRequire } from 'node:module';const __filename = fileURLToPath(import.meta.url);const __dirname = fileURLToPath(new URL('.', import.meta.url));const require = createRequire(import.meta.url);/* end of CommonJS polyfills */
2
+ import{i as a}from"./chunk-NHK4IEJM.js";import{a as c}from"./chunk-7HH7JLQT.js";import{b as d}from"./chunk-IIV4KUZH.js";import{a as t}from"./chunk-K7I7SIAE.js";import{readFileSync as S}from"fs";var m=t(e=>async s=>{e.logger?.debug("@aws-sdk/credential-provider-web-identity - fromWebToken");let{roleArn:o,roleSessionName:r,webIdentityToken:i,providerId:n,policyArns:p,policy:E,durationSeconds:f}=e,{roleAssumerWithWebIdentity:l}=e;if(!l){let{getDefaultRoleAssumerWithWebIdentity:_}=await import("./sts-3PWPRV25.js");l=_({...e.clientConfig,credentialProviderLogger:e.logger,parentClientConfig:{...s?.callerClientConfig,...e.parentClientConfig}},e.clientPlugins)}return l({RoleArn:o,RoleSessionName:r??`aws-sdk-js-session-${Date.now()}`,WebIdentityToken:i,ProviderId:n,PolicyArns:p,Policy:E,DurationSeconds:f})},"fromWebToken");var g="AWS_WEB_IDENTITY_TOKEN_FILE",N="AWS_ROLE_ARN",I="AWS_ROLE_SESSION_NAME",u=t((e={})=>async s=>{e.logger?.debug("@aws-sdk/credential-provider-web-identity - fromTokenFile");let o=e?.webIdentityTokenFile??process.env[g],r=e?.roleArn??process.env[N],i=e?.roleSessionName??process.env[I];if(!o||!r)throw new d("Web identity configuration not specified",{logger:e.logger});let n=await m({...e,webIdentityToken:a?.getTokenRecord?.()[o]??S(o,{encoding:"ascii"}),roleArn:r,roleSessionName:i})(s);return o===process.env[g]&&c(n,"CREDENTIALS_ENV_VARS_STS_WEB_ID_TOKEN","h"),n},"fromTokenFile");export{u as fromTokenFile,m as fromWebToken};
package/handler/dist-es-OFGVNFYO.js.map ADDED
@@ -0,0 +1,7 @@
1
+ {
2
+ "version": 3,
3
+ "sources": ["../../../node_modules/.bun/@aws-sdk+credential-provider-web-identity@3.972.8/node_modules/@aws-sdk/credential-provider-web-identity/dist-es/fromTokenFile.js", "../../../node_modules/.bun/@aws-sdk+credential-provider-web-identity@3.972.8/node_modules/@aws-sdk/credential-provider-web-identity/dist-es/fromWebToken.js"],
4
+ "sourcesContent": ["import { setCredentialFeature } from \"@aws-sdk/core/client\";\nimport { CredentialsProviderError } from \"@smithy/property-provider\";\nimport { externalDataInterceptor } from \"@smithy/shared-ini-file-loader\";\nimport { readFileSync } from \"fs\";\nimport { fromWebToken } from \"./fromWebToken\";\nconst ENV_TOKEN_FILE = \"AWS_WEB_IDENTITY_TOKEN_FILE\";\nconst ENV_ROLE_ARN = \"AWS_ROLE_ARN\";\nconst ENV_ROLE_SESSION_NAME = \"AWS_ROLE_SESSION_NAME\";\nexport const fromTokenFile = (init = {}) => async (awsIdentityProperties) => {\n init.logger?.debug(\"@aws-sdk/credential-provider-web-identity - fromTokenFile\");\n const webIdentityTokenFile = init?.webIdentityTokenFile ?? process.env[ENV_TOKEN_FILE];\n const roleArn = init?.roleArn ?? process.env[ENV_ROLE_ARN];\n const roleSessionName = init?.roleSessionName ?? process.env[ENV_ROLE_SESSION_NAME];\n if (!webIdentityTokenFile || !roleArn) {\n throw new CredentialsProviderError(\"Web identity configuration not specified\", {\n logger: init.logger,\n });\n }\n const credentials = await fromWebToken({\n ...init,\n webIdentityToken: externalDataInterceptor?.getTokenRecord?.()[webIdentityTokenFile] ??\n readFileSync(webIdentityTokenFile, { encoding: \"ascii\" }),\n roleArn,\n roleSessionName,\n })(awsIdentityProperties);\n if (webIdentityTokenFile === process.env[ENV_TOKEN_FILE]) {\n setCredentialFeature(credentials, \"CREDENTIALS_ENV_VARS_STS_WEB_ID_TOKEN\", \"h\");\n }\n return credentials;\n};\n", "export const fromWebToken = (init) => async (awsIdentityProperties) => {\n init.logger?.debug(\"@aws-sdk/credential-provider-web-identity - fromWebToken\");\n const { roleArn, roleSessionName, webIdentityToken, providerId, policyArns, policy, durationSeconds } = init;\n let { roleAssumerWithWebIdentity } = init;\n if (!roleAssumerWithWebIdentity) {\n const { getDefaultRoleAssumerWithWebIdentity } = await import(\"@aws-sdk/nested-clients/sts\");\n roleAssumerWithWebIdentity = getDefaultRoleAssumerWithWebIdentity({\n ...init.clientConfig,\n credentialProviderLogger: init.logger,\n parentClientConfig: {\n ...awsIdentityProperties?.callerClientConfig,\n ...init.parentClientConfig,\n },\n }, init.clientPlugins);\n }\n return roleAssumerWithWebIdentity({\n RoleArn: roleArn,\n RoleSessionName: roleSessionName ?? `aws-sdk-js-session-${Date.now()}`,\n WebIdentityToken: webIdentityToken,\n ProviderId: providerId,\n PolicyArns: policyArns,\n Policy: policy,\n DurationSeconds: durationSeconds,\n });\n};\n"],
5
+ "mappings": ";gKAGA,OAAS,gBAAAA,MAAoB,KCHtB,IAAMC,EAAeC,EAACC,GAAS,MAAOC,GAA0B,CACnED,EAAK,QAAQ,MAAM,0DAA0D,EAC7E,GAAM,CAAE,QAAAE,EAAS,gBAAAC,EAAiB,iBAAAC,EAAkB,WAAAC,EAAY,WAAAC,EAAY,OAAAC,EAAQ,gBAAAC,CAAgB,EAAIR,EACpG,CAAE,2BAAAS,CAA2B,EAAIT,EACrC,GAAI,CAACS,EAA4B,CAC7B,GAAM,CAAE,qCAAAC,CAAqC,EAAI,KAAM,QAAO,mBAA6B,EAC3FD,EAA6BC,EAAqC,CAC9D,GAAGV,EAAK,aACR,yBAA0BA,EAAK,OAC/B,mBAAoB,CAChB,GAAGC,GAAuB,mBAC1B,GAAGD,EAAK,kBACZ,CACJ,EAAGA,EAAK,aAAa,CACzB,CACA,OAAOS,EAA2B,CAC9B,QAASP,EACT,gBAAiBC,GAAmB,sBAAsB,KAAK,IAAI,CAAC,GACpE,iBAAkBC,EAClB,WAAYC,EACZ,WAAYC,EACZ,OAAQC,EACR,gBAAiBC,CACrB,CAAC,CACL,EAxB4B,gBDK5B,IAAMG,EAAiB,8BACjBC,EAAe,eACfC,EAAwB,wBACjBC,EAAgBC,EAAA,CAACC,EAAO,CAAC,IAAM,MAAOC,GAA0B,CACzED,EAAK,QAAQ,MAAM,2DAA2D,EAC9E,IAAME,EAAuBF,GAAM,sBAAwB,QAAQ,IAAIL,CAAc,EAC/EQ,EAAUH,GAAM,SAAW,QAAQ,IAAIJ,CAAY,EACnDQ,EAAkBJ,GAAM,iBAAmB,QAAQ,IAAIH,CAAqB,EAClF,GAAI,CAACK,GAAwB,CAACC,EAC1B,MAAM,IAAIE,EAAyB,2CAA4C,CAC3E,OAAQL,EAAK,MACjB,CAAC,EAEL,IAAMM,EAAc,MAAMC,EAAa,CACnC,GAAGP,EACH,iBAAkBQ,GAAyB,iBAAiB,EAAEN,CAAoB,GAC9EO,EAAaP,EAAsB,CAAE,SAAU,OAAQ,CAAC,EAC5D,QAAAC,EACA,gBAAAC,CACJ,CAAC,EAAEH,CAAqB,EACxB,OAAIC,IAAyB,QAAQ,IAAIP,CAAc,GACnDe,EAAqBJ,EAAa,wCAAyC,GAAG,EAE3EA,CACX,EArB6B",
6
+ "names": ["readFileSync", "fromWebToken", "__name", "init", "awsIdentityProperties", "roleArn", "roleSessionName", "webIdentityToken", "providerId", "policyArns", "policy", "durationSeconds", "roleAssumerWithWebIdentity", "getDefaultRoleAssumerWithWebIdentity", "ENV_TOKEN_FILE", "ENV_ROLE_ARN", "ENV_ROLE_SESSION_NAME", "fromTokenFile", "__name", "init", "awsIdentityProperties", "webIdentityTokenFile", "roleArn", "roleSessionName", "CredentialsProviderError", "credentials", "fromWebToken", "externalDataInterceptor", "readFileSync", "setCredentialFeature"]
7
+ }
package/handler/dist-es-UGTHFA55.js ADDED
@@ -0,0 +1,3 @@
1
+ /* CommonJS polyfills */import { fileURLToPath } from 'node:url';import { createRequire } from 'node:module';const __filename = fileURLToPath(import.meta.url);const __dirname = fileURLToPath(new URL('.', import.meta.url));const require = createRequire(import.meta.url);/* end of CommonJS polyfills */
2
+ import{a as y,c as A}from"./chunk-IRALFVJ5.js";import"./chunk-MDLDTIXZ.js";import"./chunk-NHK4IEJM.js";import{a as N,b as i}from"./chunk-IIV4KUZH.js";import{a as t}from"./chunk-K7I7SIAE.js";import{parse as B}from"url";import{Buffer as K}from"buffer";import{request as $}from"http";function f(e){return new Promise((o,a)=>{let r=$({method:"GET",...e,hostname:e.hostname?.replace(/^\[(.+)\]$/,"$1")});r.on("error",n=>{a(Object.assign(new N("Unable to connect to instance metadata service"),n)),r.destroy()}),r.on("timeout",()=>{a(new N("TimeoutError from instance metadata service")),r.destroy()}),r.on("response",n=>{let{statusCode:s=400}=n;(s<200||300<=s)&&(a(Object.assign(new N("Error response received from instance metadata service"),{statusCode:s})),r.destroy());let E=[];n.on("data",c=>{E.push(c)}),n.on("end",()=>{o(K.concat(E)),r.destroy()})}),r.end()})}t(f,"httpRequest");var g=t(e=>!!e&&typeof e=="object"&&typeof e.AccessKeyId=="string"&&typeof e.SecretAccessKey=="string"&&typeof e.Token=="string"&&typeof e.Expiration=="string","isImdsCredentials"),h=t(e=>({accessKeyId:e.AccessKeyId,secretAccessKey:e.SecretAccessKey,sessionToken:e.Token,expiration:new Date(e.Expiration),...e.AccountId&&{accountId:e.AccountId}}),"fromImdsCredentials");var Ee=1e3,Ie=0,v=t(({maxRetries:e=0,timeout:o=1e3})=>({maxRetries:e,timeout:o}),"providerConfigFromInit");var S=t((e,o)=>{let a=e();for(let r=0;r<o;r++)a=a.catch(e);return a},"retry");var O="AWS_CONTAINER_CREDENTIALS_FULL_URI",D="AWS_CONTAINER_CREDENTIALS_RELATIVE_URI",P="AWS_CONTAINER_AUTHORIZATION_TOKEN",Oe=t((e={})=>{let{timeout:o,maxRetries:a}=v(e);return()=>S(async()=>{let r=await Y({logger:e.logger}),n=JSON.parse(await G(o,r));if(!g(n))throw new i("Invalid response received from instance metadata service.",{logger:e.logger});return h(n)},a)},"fromContainerMetadata"),G=t(async(e,o)=>(process.env[P]&&(o.headers={...o.headers,Authorization:process.env[P]}),(await f({...o,timeout:e})).toString()),"requestFromEcsImds"),q="169.254.170.2",H={localhost:!0,"127.0.0.1":!0},j={"http:":!0,"https:":!0},Y=t(async({logger:e})=>{if(process.env[D])return{hostname:q,path:process.env[D]};if(process.env[O]){let o=B(process.env[O]);if(!o.hostname||!(o.hostname in H))throw new i(`${o.hostname} is not a valid container metadata service hostname`,{tryNextLink:!1,logger:e});if(!o.protocol||!(o.protocol in j))throw new i(`${o.protocol} is not a valid container metadata service protocol`,{tryNextLink:!1,logger:e});return{...o,port:o.port?parseInt(o.port,10):void 0}}throw new i(`The container metadata credential provider cannot be used unless the ${D} or ${O} environment variable is set`,{tryNextLink:!1,logger:e})},"getCmdsUri");var C=class e extends i{static{t(this,"InstanceMetadataV1FallbackError")}tryNextLink;name="InstanceMetadataV1FallbackError";constructor(o,a=!0){super(o,a),this.tryNextLink=a,Object.setPrototypeOf(this,e.prototype)}};var T;(function(e){e.IPv4="http://169.254.169.254",e.IPv6="http://[fd00:ec2::254]"})(T||(T={}));var J="AWS_EC2_METADATA_SERVICE_ENDPOINT",z="ec2_metadata_service_endpoint",R={environmentVariableSelector:t(e=>e[J],"environmentVariableSelector"),configFileSelector:t(e=>e[z],"configFileSelector"),default:void 0};var m;(function(e){e.IPv4="IPv4",e.IPv6="IPv6"})(m||(m={}));var X="AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE",Z="ec2_metadata_service_endpoint_mode",b={environmentVariableSelector:t(e=>e[X],"environmentVariableSelector"),configFileSelector:t(e=>e[Z],"configFileSelector"),default:m.IPv4};var w=t(async()=>y(await Q()||await ee()),"getInstanceMetadataEndpoint"),Q=t(async()=>A(R)(),"getFromEndpointConfig"),ee=t(async()=>{let e=await A(b)();switch(e){case m.IPv4:return T.IPv4;case m.IPv6:return T.IPv6;default:throw new Error(`Unsupported endpoint mode: ${e}. Select from ${Object.values(m)}`)}},"getFromEndpointModeConfig");var te="https://docs.aws.amazon.com/sdkref/latest/guide/feature-static-credentials.html",x=t((e,o)=>{let a=300+Math.floor(Math.random()*300),r=new Date(Date.now()+a*1e3);o.warn(`Attempting credential expiration extension due to a credential service availability issue. A refresh of these credentials will be attempted after ${new Date(r)}.
3
+ For more information, please visit: `+te);let n=e.originalExpiration??e.expiration;return{...e,...n?{originalExpiration:n}:{},expiration:r}},"getExtendedInstanceMetadataCredentials");var F=t((e,o={})=>{let a=o?.logger||console,r;return async()=>{let n;try{n=await e(),n.expiration&&n.expiration.getTime()<Date.now()&&(n=x(n,a))}catch(s){if(r)a.warn("Credential renew failed: ",s),n=x(r,a);else throw s}return r=n,n}},"staticStabilityProvider");var V="/latest/meta-data/iam/security-credentials/",oe="/latest/api/token",M="AWS_EC2_METADATA_V1_DISABLED",L="ec2_metadata_v1_disabled",k="x-aws-ec2-metadata-token",it=t((e={})=>F(re(e),{logger:e.logger}),"fromInstanceMetadata"),re=t((e={})=>{let o=!1,{logger:a,profile:r}=e,{timeout:n,maxRetries:s}=v(e),E=t(async(c,I)=>{if(o||I.headers?.[k]==null){let d=!1,l=!1,W=await A({environmentVariableSelector:t(p=>{let _=p[M];if(l=!!_&&_!=="false",_===void 0)throw new i(`${M} not set in env, checking config file next.`,{logger:e.logger});return l},"environmentVariableSelector"),configFileSelector:t(p=>{let _=p[L];return d=!!_&&_!=="false",d},"configFileSelector"),default:!1},{profile:r})();if(e.ec2MetadataV1Disabled||W){let p=[];throw e.ec2MetadataV1Disabled&&p.push("credential provider initialization (runtime option ec2MetadataV1Disabled)"),d&&p.push(`config file profile (${L})`),l&&p.push(`process environment variable (${M})`),new C(`AWS EC2 Metadata v1 fallback has been blocked by AWS SDK configuration in the following: [${p.join(", ")}].`)}}let U=(await S(async()=>{let d;try{d=await ae(I)}catch(l){throw l.statusCode===401&&(o=!1),l}return d},c)).trim();return S(async()=>{let d;try{d=await se(U,I,e)}catch(l){throw l.statusCode===401&&(o=!1),l}return d},c)},"getCredentials");return async()=>{let c=await w();if(o)return a?.debug("AWS SDK Instance Metadata","using v1 fallback (no token fetch)"),E(s,{...c,timeout:n});{let I;try{I=(await ne({...c,timeout:n})).toString()}catch(u){if(u?.statusCode===400)throw Object.assign(u,{message:"EC2 Metadata token request returned error"});return(u.message==="TimeoutError"||[403,404,405].includes(u.statusCode))&&(o=!0),a?.debug("AWS SDK Instance Metadata","using v1 fallback (initial)"),E(s,{...c,timeout:n})}return E(s,{...c,headers:{[k]:I},timeout:n})}}},"getInstanceMetadataProvider"),ne=t(async e=>f({...e,path:oe,method:"PUT",headers:{"x-aws-ec2-metadata-token-ttl-seconds":"21600"}}),"getMetadataToken"),ae=t(async e=>(await f({...e,path:V})).toString(),"getProfile"),se=t(async(e,o,a)=>{let r=JSON.parse((await f({...o,path:V+e})).toString());if(!g(r))throw new i("Invalid response received from instance metadata service.",{logger:a.logger});return h(r)},"getCredentialsFromProfile");export{Ie as DEFAULT_MAX_RETRIES,Ee as DEFAULT_TIMEOUT,P as ENV_CMDS_AUTH_TOKEN,O as ENV_CMDS_FULL_URI,D as ENV_CMDS_RELATIVE_URI,T as Endpoint,Oe as fromContainerMetadata,it as fromInstanceMetadata,w as getInstanceMetadataEndpoint,f as httpRequest,v as providerConfigFromInit};
package/handler/dist-es-UGTHFA55.js.map ADDED
@@ -0,0 +1,7 @@
1
+ {
2
+ "version": 3,
3
+ "sources": ["../../../node_modules/.bun/@smithy+credential-provider-imds@4.2.8/node_modules/@smithy/credential-provider-imds/dist-es/fromContainerMetadata.js", "../../../node_modules/.bun/@smithy+credential-provider-imds@4.2.8/node_modules/@smithy/credential-provider-imds/dist-es/remoteProvider/httpRequest.js", "../../../node_modules/.bun/@smithy+credential-provider-imds@4.2.8/node_modules/@smithy/credential-provider-imds/dist-es/remoteProvider/ImdsCredentials.js", "../../../node_modules/.bun/@smithy+credential-provider-imds@4.2.8/node_modules/@smithy/credential-provider-imds/dist-es/remoteProvider/RemoteProviderInit.js", "../../../node_modules/.bun/@smithy+credential-provider-imds@4.2.8/node_modules/@smithy/credential-provider-imds/dist-es/remoteProvider/retry.js", "../../../node_modules/.bun/@smithy+credential-provider-imds@4.2.8/node_modules/@smithy/credential-provider-imds/dist-es/error/InstanceMetadataV1FallbackError.js", "../../../node_modules/.bun/@smithy+credential-provider-imds@4.2.8/node_modules/@smithy/credential-provider-imds/dist-es/config/Endpoint.js", "../../../node_modules/.bun/@smithy+credential-provider-imds@4.2.8/node_modules/@smithy/credential-provider-imds/dist-es/config/EndpointConfigOptions.js", "../../../node_modules/.bun/@smithy+credential-provider-imds@4.2.8/node_modules/@smithy/credential-provider-imds/dist-es/config/EndpointMode.js", "../../../node_modules/.bun/@smithy+credential-provider-imds@4.2.8/node_modules/@smithy/credential-provider-imds/dist-es/config/EndpointModeConfigOptions.js", "../../../node_modules/.bun/@smithy+credential-provider-imds@4.2.8/node_modules/@smithy/credential-provider-imds/dist-es/utils/getInstanceMetadataEndpoint.js", "../../../node_modules/.bun/@smithy+credential-provider-imds@4.2.8/node_modules/@smithy/credential-provider-imds/dist-es/utils/getExtendedInstanceMetadataCredentials.js", "../../../node_modules/.bun/@smithy+credential-provider-imds@4.2.8/node_modules/@smithy/credential-provider-imds/dist-es/utils/staticStabilityProvider.js", "../../../node_modules/.bun/@smithy+credential-provider-imds@4.2.8/node_modules/@smithy/credential-provider-imds/dist-es/fromInstanceMetadata.js"],
4
+ "sourcesContent": ["import { CredentialsProviderError } from \"@smithy/property-provider\";\nimport { parse } from \"url\";\nimport { httpRequest } from \"./remoteProvider/httpRequest\";\nimport { fromImdsCredentials, isImdsCredentials } from \"./remoteProvider/ImdsCredentials\";\nimport { providerConfigFromInit } from \"./remoteProvider/RemoteProviderInit\";\nimport { retry } from \"./remoteProvider/retry\";\nexport const ENV_CMDS_FULL_URI = \"AWS_CONTAINER_CREDENTIALS_FULL_URI\";\nexport const ENV_CMDS_RELATIVE_URI = \"AWS_CONTAINER_CREDENTIALS_RELATIVE_URI\";\nexport const ENV_CMDS_AUTH_TOKEN = \"AWS_CONTAINER_AUTHORIZATION_TOKEN\";\nexport const fromContainerMetadata = (init = {}) => {\n const { timeout, maxRetries } = providerConfigFromInit(init);\n return () => retry(async () => {\n const requestOptions = await getCmdsUri({ logger: init.logger });\n const credsResponse = JSON.parse(await requestFromEcsImds(timeout, requestOptions));\n if (!isImdsCredentials(credsResponse)) {\n throw new CredentialsProviderError(\"Invalid response received from instance metadata service.\", {\n logger: init.logger,\n });\n }\n return fromImdsCredentials(credsResponse);\n }, maxRetries);\n};\nconst requestFromEcsImds = async (timeout, options) => {\n if (process.env[ENV_CMDS_AUTH_TOKEN]) {\n options.headers = {\n ...options.headers,\n Authorization: process.env[ENV_CMDS_AUTH_TOKEN],\n };\n }\n const buffer = await httpRequest({\n ...options,\n timeout,\n });\n return buffer.toString();\n};\nconst CMDS_IP = \"169.254.170.2\";\nconst GREENGRASS_HOSTS = {\n localhost: true,\n \"127.0.0.1\": true,\n};\nconst GREENGRASS_PROTOCOLS = {\n \"http:\": true,\n \"https:\": true,\n};\nconst getCmdsUri = async ({ logger }) => {\n if (process.env[ENV_CMDS_RELATIVE_URI]) {\n return {\n hostname: CMDS_IP,\n path: process.env[ENV_CMDS_RELATIVE_URI],\n };\n }\n if (process.env[ENV_CMDS_FULL_URI]) {\n const parsed = parse(process.env[ENV_CMDS_FULL_URI]);\n if (!parsed.hostname || !(parsed.hostname in GREENGRASS_HOSTS)) {\n throw new CredentialsProviderError(`${parsed.hostname} is not a valid container metadata service hostname`, {\n tryNextLink: false,\n logger,\n });\n }\n if (!parsed.protocol || !(parsed.protocol in GREENGRASS_PROTOCOLS)) {\n throw new CredentialsProviderError(`${parsed.protocol} is not a valid container metadata service protocol`, {\n tryNextLink: false,\n logger,\n });\n }\n return {\n ...parsed,\n port: parsed.port ? parseInt(parsed.port, 10) : undefined,\n };\n }\n throw new CredentialsProviderError(\"The container metadata credential provider cannot be used unless\" +\n ` the ${ENV_CMDS_RELATIVE_URI} or ${ENV_CMDS_FULL_URI} environment` +\n \" variable is set\", {\n tryNextLink: false,\n logger,\n });\n};\n", "import { ProviderError } from \"@smithy/property-provider\";\nimport { Buffer } from \"buffer\";\nimport { request } from \"http\";\nexport function httpRequest(options) {\n return new Promise((resolve, reject) => {\n const req = request({\n method: \"GET\",\n ...options,\n hostname: options.hostname?.replace(/^\\[(.+)\\]$/, \"$1\"),\n });\n req.on(\"error\", (err) => {\n reject(Object.assign(new ProviderError(\"Unable to connect to instance metadata service\"), err));\n req.destroy();\n });\n req.on(\"timeout\", () => {\n reject(new ProviderError(\"TimeoutError from instance metadata service\"));\n req.destroy();\n });\n req.on(\"response\", (res) => {\n const { statusCode = 400 } = res;\n if (statusCode < 200 || 300 <= statusCode) {\n reject(Object.assign(new ProviderError(\"Error response received from instance metadata service\"), { statusCode }));\n req.destroy();\n }\n const chunks = [];\n res.on(\"data\", (chunk) => {\n chunks.push(chunk);\n });\n res.on(\"end\", () => {\n resolve(Buffer.concat(chunks));\n req.destroy();\n });\n });\n req.end();\n });\n}\n", "export const isImdsCredentials = (arg) => Boolean(arg) &&\n typeof arg === \"object\" &&\n typeof arg.AccessKeyId === \"string\" &&\n typeof arg.SecretAccessKey === \"string\" &&\n typeof arg.Token === \"string\" &&\n typeof arg.Expiration === \"string\";\nexport const fromImdsCredentials = (creds) => ({\n accessKeyId: creds.AccessKeyId,\n secretAccessKey: creds.SecretAccessKey,\n sessionToken: creds.Token,\n expiration: new Date(creds.Expiration),\n ...(creds.AccountId && { accountId: creds.AccountId }),\n});\n", "export const DEFAULT_TIMEOUT = 1000;\nexport const DEFAULT_MAX_RETRIES = 0;\nexport const providerConfigFromInit = ({ maxRetries = DEFAULT_MAX_RETRIES, timeout = DEFAULT_TIMEOUT, }) => ({ maxRetries, timeout });\n", "export const retry = (toRetry, maxRetries) => {\n let promise = toRetry();\n for (let i = 0; i < maxRetries; i++) {\n promise = promise.catch(toRetry);\n }\n return promise;\n};\n", "import { CredentialsProviderError } from \"@smithy/property-provider\";\nexport class InstanceMetadataV1FallbackError extends CredentialsProviderError {\n tryNextLink;\n name = \"InstanceMetadataV1FallbackError\";\n constructor(message, tryNextLink = true) {\n super(message, tryNextLink);\n this.tryNextLink = tryNextLink;\n Object.setPrototypeOf(this, InstanceMetadataV1FallbackError.prototype);\n }\n}\n", "export var Endpoint;\n(function (Endpoint) {\n Endpoint[\"IPv4\"] = \"http://169.254.169.254\";\n Endpoint[\"IPv6\"] = \"http://[fd00:ec2::254]\";\n})(Endpoint || (Endpoint = {}));\n", "export const ENV_ENDPOINT_NAME = \"AWS_EC2_METADATA_SERVICE_ENDPOINT\";\nexport const CONFIG_ENDPOINT_NAME = \"ec2_metadata_service_endpoint\";\nexport const ENDPOINT_CONFIG_OPTIONS = {\n environmentVariableSelector: (env) => env[ENV_ENDPOINT_NAME],\n configFileSelector: (profile) => profile[CONFIG_ENDPOINT_NAME],\n default: undefined,\n};\n", "export var EndpointMode;\n(function (EndpointMode) {\n EndpointMode[\"IPv4\"] = \"IPv4\";\n EndpointMode[\"IPv6\"] = \"IPv6\";\n})(EndpointMode || (EndpointMode = {}));\n", "import { EndpointMode } from \"./EndpointMode\";\nexport const ENV_ENDPOINT_MODE_NAME = \"AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE\";\nexport const CONFIG_ENDPOINT_MODE_NAME = \"ec2_metadata_service_endpoint_mode\";\nexport const ENDPOINT_MODE_CONFIG_OPTIONS = {\n environmentVariableSelector: (env) => env[ENV_ENDPOINT_MODE_NAME],\n configFileSelector: (profile) => profile[CONFIG_ENDPOINT_MODE_NAME],\n default: EndpointMode.IPv4,\n};\n", "import { loadConfig } from \"@smithy/node-config-provider\";\nimport { parseUrl } from \"@smithy/url-parser\";\nimport { Endpoint as InstanceMetadataEndpoint } from \"../config/Endpoint\";\nimport { ENDPOINT_CONFIG_OPTIONS } from \"../config/EndpointConfigOptions\";\nimport { EndpointMode } from \"../config/EndpointMode\";\nimport { ENDPOINT_MODE_CONFIG_OPTIONS, } from \"../config/EndpointModeConfigOptions\";\nexport const getInstanceMetadataEndpoint = async () => parseUrl((await getFromEndpointConfig()) || (await getFromEndpointModeConfig()));\nconst getFromEndpointConfig = async () => loadConfig(ENDPOINT_CONFIG_OPTIONS)();\nconst getFromEndpointModeConfig = async () => {\n const endpointMode = await loadConfig(ENDPOINT_MODE_CONFIG_OPTIONS)();\n switch (endpointMode) {\n case EndpointMode.IPv4:\n return InstanceMetadataEndpoint.IPv4;\n case EndpointMode.IPv6:\n return InstanceMetadataEndpoint.IPv6;\n default:\n throw new Error(`Unsupported endpoint mode: ${endpointMode}.` + ` Select from ${Object.values(EndpointMode)}`);\n }\n};\n", "const STATIC_STABILITY_REFRESH_INTERVAL_SECONDS = 5 * 60;\nconst STATIC_STABILITY_REFRESH_INTERVAL_JITTER_WINDOW_SECONDS = 5 * 60;\nconst STATIC_STABILITY_DOC_URL = \"https://docs.aws.amazon.com/sdkref/latest/guide/feature-static-credentials.html\";\nexport const getExtendedInstanceMetadataCredentials = (credentials, logger) => {\n const refreshInterval = STATIC_STABILITY_REFRESH_INTERVAL_SECONDS +\n Math.floor(Math.random() * STATIC_STABILITY_REFRESH_INTERVAL_JITTER_WINDOW_SECONDS);\n const newExpiration = new Date(Date.now() + refreshInterval * 1000);\n logger.warn(\"Attempting credential expiration extension due to a credential service availability issue. A refresh of these \" +\n `credentials will be attempted after ${new Date(newExpiration)}.\\nFor more information, please visit: ` +\n STATIC_STABILITY_DOC_URL);\n const originalExpiration = credentials.originalExpiration ?? credentials.expiration;\n return {\n ...credentials,\n ...(originalExpiration ? { originalExpiration } : {}),\n expiration: newExpiration,\n };\n};\n", "import { getExtendedInstanceMetadataCredentials } from \"./getExtendedInstanceMetadataCredentials\";\nexport const staticStabilityProvider = (provider, options = {}) => {\n const logger = options?.logger || console;\n let pastCredentials;\n return async () => {\n let credentials;\n try {\n credentials = await provider();\n if (credentials.expiration && credentials.expiration.getTime() < Date.now()) {\n credentials = getExtendedInstanceMetadataCredentials(credentials, logger);\n }\n }\n catch (e) {\n if (pastCredentials) {\n logger.warn(\"Credential renew failed: \", e);\n credentials = getExtendedInstanceMetadataCredentials(pastCredentials, logger);\n }\n else {\n throw e;\n }\n }\n pastCredentials = credentials;\n return credentials;\n };\n};\n", "import { loadConfig } from \"@smithy/node-config-provider\";\nimport { CredentialsProviderError } from \"@smithy/property-provider\";\nimport { InstanceMetadataV1FallbackError } from \"./error/InstanceMetadataV1FallbackError\";\nimport { httpRequest } from \"./remoteProvider/httpRequest\";\nimport { fromImdsCredentials, isImdsCredentials } from \"./remoteProvider/ImdsCredentials\";\nimport { providerConfigFromInit } from \"./remoteProvider/RemoteProviderInit\";\nimport { retry } from \"./remoteProvider/retry\";\nimport { getInstanceMetadataEndpoint } from \"./utils/getInstanceMetadataEndpoint\";\nimport { staticStabilityProvider } from \"./utils/staticStabilityProvider\";\nconst IMDS_PATH = \"/latest/meta-data/iam/security-credentials/\";\nconst IMDS_TOKEN_PATH = \"/latest/api/token\";\nconst AWS_EC2_METADATA_V1_DISABLED = \"AWS_EC2_METADATA_V1_DISABLED\";\nconst PROFILE_AWS_EC2_METADATA_V1_DISABLED = \"ec2_metadata_v1_disabled\";\nconst X_AWS_EC2_METADATA_TOKEN = \"x-aws-ec2-metadata-token\";\nexport const fromInstanceMetadata = (init = {}) => staticStabilityProvider(getInstanceMetadataProvider(init), { logger: init.logger });\nconst getInstanceMetadataProvider = (init = {}) => {\n let disableFetchToken = false;\n const { logger, profile } = init;\n const { timeout, maxRetries } = providerConfigFromInit(init);\n const getCredentials = async (maxRetries, options) => {\n const isImdsV1Fallback = disableFetchToken || options.headers?.[X_AWS_EC2_METADATA_TOKEN] == null;\n if (isImdsV1Fallback) {\n let fallbackBlockedFromProfile = false;\n let fallbackBlockedFromProcessEnv = false;\n const configValue = await loadConfig({\n environmentVariableSelector: (env) => {\n const envValue = env[AWS_EC2_METADATA_V1_DISABLED];\n fallbackBlockedFromProcessEnv = !!envValue && envValue !== \"false\";\n if (envValue === undefined) {\n throw new CredentialsProviderError(`${AWS_EC2_METADATA_V1_DISABLED} not set in env, checking config file next.`, { logger: init.logger });\n }\n return fallbackBlockedFromProcessEnv;\n },\n configFileSelector: (profile) => {\n const profileValue = profile[PROFILE_AWS_EC2_METADATA_V1_DISABLED];\n fallbackBlockedFromProfile = !!profileValue && profileValue !== \"false\";\n return fallbackBlockedFromProfile;\n },\n default: false,\n }, {\n profile,\n })();\n if (init.ec2MetadataV1Disabled || configValue) {\n const causes = [];\n if (init.ec2MetadataV1Disabled)\n causes.push(\"credential provider initialization (runtime option ec2MetadataV1Disabled)\");\n if (fallbackBlockedFromProfile)\n causes.push(`config file profile (${PROFILE_AWS_EC2_METADATA_V1_DISABLED})`);\n if (fallbackBlockedFromProcessEnv)\n causes.push(`process environment variable (${AWS_EC2_METADATA_V1_DISABLED})`);\n throw new InstanceMetadataV1FallbackError(`AWS EC2 Metadata v1 fallback has been blocked by AWS SDK configuration in the following: [${causes.join(\", \")}].`);\n }\n }\n const imdsProfile = (await retry(async () => {\n let profile;\n try {\n profile = await getProfile(options);\n }\n catch (err) {\n if (err.statusCode === 401) {\n disableFetchToken = false;\n }\n throw err;\n }\n return profile;\n }, maxRetries)).trim();\n return retry(async () => {\n let creds;\n try {\n creds = await getCredentialsFromProfile(imdsProfile, options, init);\n }\n catch (err) {\n if (err.statusCode === 401) {\n disableFetchToken = false;\n }\n throw err;\n }\n return creds;\n }, maxRetries);\n };\n return async () => {\n const endpoint = await getInstanceMetadataEndpoint();\n if (disableFetchToken) {\n logger?.debug(\"AWS SDK Instance Metadata\", \"using v1 fallback (no token fetch)\");\n return getCredentials(maxRetries, { ...endpoint, timeout });\n }\n else {\n let token;\n try {\n token = (await getMetadataToken({ ...endpoint, timeout })).toString();\n }\n catch (error) {\n if (error?.statusCode === 400) {\n throw Object.assign(error, {\n message: \"EC2 Metadata token request returned error\",\n });\n }\n else if (error.message === \"TimeoutError\" || [403, 404, 405].includes(error.statusCode)) {\n disableFetchToken = true;\n }\n logger?.debug(\"AWS SDK Instance Metadata\", \"using v1 fallback (initial)\");\n return getCredentials(maxRetries, { ...endpoint, timeout });\n }\n return getCredentials(maxRetries, {\n ...endpoint,\n headers: {\n [X_AWS_EC2_METADATA_TOKEN]: token,\n },\n timeout,\n });\n }\n };\n};\nconst getMetadataToken = async (options) => httpRequest({\n ...options,\n path: IMDS_TOKEN_PATH,\n method: \"PUT\",\n headers: {\n \"x-aws-ec2-metadata-token-ttl-seconds\": \"21600\",\n },\n});\nconst getProfile = async (options) => (await httpRequest({ ...options, path: IMDS_PATH })).toString();\nconst getCredentialsFromProfile = async (profile, options, init) => {\n const credentialsResponse = JSON.parse((await httpRequest({\n ...options,\n path: IMDS_PATH + profile,\n })).toString());\n if (!isImdsCredentials(credentialsResponse)) {\n throw new CredentialsProviderError(\"Invalid response received from instance metadata service.\", {\n logger: init.logger,\n });\n }\n return fromImdsCredentials(credentialsResponse);\n};\n"],
5
+ "mappings": ";8LACA,OAAS,SAAAA,MAAa,MCAtB,OAAS,UAAAC,MAAc,SACvB,OAAS,WAAAC,MAAe,OACjB,SAASC,EAAYC,EAAS,CACjC,OAAO,IAAI,QAAQ,CAACC,EAASC,IAAW,CACpC,IAAMC,EAAMC,EAAQ,CAChB,OAAQ,MACR,GAAGJ,EACH,SAAUA,EAAQ,UAAU,QAAQ,aAAc,IAAI,CAC1D,CAAC,EACDG,EAAI,GAAG,QAAUE,GAAQ,CACrBH,EAAO,OAAO,OAAO,IAAII,EAAc,gDAAgD,EAAGD,CAAG,CAAC,EAC9FF,EAAI,QAAQ,CAChB,CAAC,EACDA,EAAI,GAAG,UAAW,IAAM,CACpBD,EAAO,IAAII,EAAc,6CAA6C,CAAC,EACvEH,EAAI,QAAQ,CAChB,CAAC,EACDA,EAAI,GAAG,WAAaI,GAAQ,CACxB,GAAM,CAAE,WAAAC,EAAa,GAAI,EAAID,GACzBC,EAAa,KAAO,KAAOA,KAC3BN,EAAO,OAAO,OAAO,IAAII,EAAc,wDAAwD,EAAG,CAAE,WAAAE,CAAW,CAAC,CAAC,EACjHL,EAAI,QAAQ,GAEhB,IAAMM,EAAS,CAAC,EAChBF,EAAI,GAAG,OAASG,GAAU,CACtBD,EAAO,KAAKC,CAAK,CACrB,CAAC,EACDH,EAAI,GAAG,MAAO,IAAM,CAChBN,EAAQU,EAAO,OAAOF,CAAM,CAAC,EAC7BN,EAAI,QAAQ,CAChB,CAAC,CACL,CAAC,EACDA,EAAI,IAAI,CACZ,CAAC,CACL,CAhCgBS,EAAAb,EAAA,eCHT,IAAMc,EAAoBC,EAACC,GAAQ,EAAQA,GAC9C,OAAOA,GAAQ,UACf,OAAOA,EAAI,aAAgB,UAC3B,OAAOA,EAAI,iBAAoB,UAC/B,OAAOA,EAAI,OAAU,UACrB,OAAOA,EAAI,YAAe,SALG,qBAMpBC,EAAsBF,EAACG,IAAW,CAC3C,YAAaA,EAAM,YACnB,gBAAiBA,EAAM,gBACvB,aAAcA,EAAM,MACpB,WAAY,IAAI,KAAKA,EAAM,UAAU,EACrC,GAAIA,EAAM,WAAa,CAAE,UAAWA,EAAM,SAAU,CACxD,GANmC,uBCN5B,IAAMC,GAAkB,IAClBC,GAAsB,EACtBC,EAAyBC,EAAA,CAAC,CAAE,WAAAC,EAAa,EAAqB,QAAAC,EAAU,GAAiB,KAAO,CAAE,WAAAD,EAAY,QAAAC,CAAQ,GAA7F,0BCF/B,IAAMC,EAAQC,EAAA,CAACC,EAASC,IAAe,CAC1C,IAAIC,EAAUF,EAAQ,EACtB,QAASG,EAAI,EAAGA,EAAIF,EAAYE,IAC5BD,EAAUA,EAAQ,MAAMF,CAAO,EAEnC,OAAOE,CACX,EANqB,SJMd,IAAME,EAAoB,qCACpBC,EAAwB,yCACxBC,EAAsB,oCACtBC,GAAwBC,EAAA,CAACC,EAAO,CAAC,IAAM,CAChD,GAAM,CAAE,QAAAC,EAAS,WAAAC,CAAW,EAAIC,EAAuBH,CAAI,EAC3D,MAAO,IAAMI,EAAM,SAAY,CAC3B,IAAMC,EAAiB,MAAMC,EAAW,CAAE,OAAQN,EAAK,MAAO,CAAC,EACzDO,EAAgB,KAAK,MAAM,MAAMC,EAAmBP,EAASI,CAAc,CAAC,EAClF,GAAI,CAACI,EAAkBF,CAAa,EAChC,MAAM,IAAIG,EAAyB,4DAA6D,CAC5F,OAAQV,EAAK,MACjB,CAAC,EAEL,OAAOW,EAAoBJ,CAAa,CAC5C,EAAGL,CAAU,CACjB,EAZqC,yBAa/BM,EAAqBT,EAAA,MAAOE,EAASW,KACnC,QAAQ,IAAIf,CAAmB,IAC/Be,EAAQ,QAAU,CACd,GAAGA,EAAQ,QACX,cAAe,QAAQ,IAAIf,CAAmB,CAClD,IAEW,MAAMgB,EAAY,CAC7B,GAAGD,EACH,QAAAX,CACJ,CAAC,GACa,SAAS,GAXA,sBAarBa,EAAU,gBACVC,EAAmB,CACrB,UAAW,GACX,YAAa,EACjB,EACMC,EAAuB,CACzB,QAAS,GACT,SAAU,EACd,EACMV,EAAaP,EAAA,MAAO,CAAE,OAAAkB,CAAO,IAAM,CACrC,GAAI,QAAQ,IAAIrB,CAAqB,EACjC,MAAO,CACH,SAAUkB,EACV,KAAM,QAAQ,IAAIlB,CAAqB,CAC3C,EAEJ,GAAI,QAAQ,IAAID,CAAiB,EAAG,CAChC,IAAMuB,EAASC,EAAM,QAAQ,IAAIxB,CAAiB,CAAC,EACnD,GAAI,CAACuB,EAAO,UAAY,EAAEA,EAAO,YAAYH,GACzC,MAAM,IAAIL,EAAyB,GAAGQ,EAAO,QAAQ,sDAAuD,CACxG,YAAa,GACb,OAAAD,CACJ,CAAC,EAEL,GAAI,CAACC,EAAO,UAAY,EAAEA,EAAO,YAAYF,GACzC,MAAM,IAAIN,EAAyB,GAAGQ,EAAO,QAAQ,sDAAuD,CACxG,YAAa,GACb,OAAAD,CACJ,CAAC,EAEL,MAAO,CACH,GAAGC,EACH,KAAMA,EAAO,KAAO,SAASA,EAAO,KAAM,EAAE,EAAI,MACpD,CACJ,CACA,MAAM,IAAIR,EAAyB,wEACvBd,CAAqB,OAAOD,CAAiB,+BACjC,CACpB,YAAa,GACb,OAAAsB,CACJ,CAAC,CACL,EAhCmB,cK3CZ,IAAMG,EAAN,MAAMC,UAAwCC,CAAyB,CAD9E,MAC8E,CAAAC,EAAA,wCAC1E,YACA,KAAO,kCACP,YAAYC,EAASC,EAAc,GAAM,CACrC,MAAMD,EAASC,CAAW,EAC1B,KAAK,YAAcA,EACnB,OAAO,eAAe,KAAMJ,EAAgC,SAAS,CACzE,CACJ,ECTO,IAAIK,GACV,SAAUA,EAAU,CACjBA,EAAS,KAAU,yBACnBA,EAAS,KAAU,wBACvB,GAAGA,IAAaA,EAAW,CAAC,EAAE,ECJvB,IAAMC,EAAoB,oCACpBC,EAAuB,gCACvBC,EAA0B,CACnC,4BAA6BC,EAACC,GAAQA,EAAIJ,CAAiB,EAA9B,+BAC7B,mBAAoBG,EAACE,GAAYA,EAAQJ,CAAoB,EAAzC,sBACpB,QAAS,MACb,ECNO,IAAIK,GACV,SAAUA,EAAc,CACrBA,EAAa,KAAU,OACvBA,EAAa,KAAU,MAC3B,GAAGA,IAAiBA,EAAe,CAAC,EAAE,ECH/B,IAAMC,EAAyB,yCACzBC,EAA4B,qCAC5BC,EAA+B,CACxC,4BAA6BC,EAACC,GAAQA,EAAIJ,CAAsB,EAAnC,+BAC7B,mBAAoBG,EAACE,GAAYA,EAAQJ,CAAyB,EAA9C,sBACpB,QAASK,EAAa,IAC1B,ECDO,IAAMC,EAA8BC,EAAA,SAAYC,EAAU,MAAMC,EAAsB,GAAO,MAAMC,GAA0B,CAAE,EAA3F,+BACrCD,EAAwBF,EAAA,SAAYI,EAAWC,CAAuB,EAAE,EAAhD,yBACxBF,GAA4BH,EAAA,SAAY,CAC1C,IAAMM,EAAe,MAAMF,EAAWG,CAA4B,EAAE,EACpE,OAAQD,EAAc,CAClB,KAAKE,EAAa,KACd,OAAOC,EAAyB,KACpC,KAAKD,EAAa,KACd,OAAOC,EAAyB,KACpC,QACI,MAAM,IAAI,MAAM,8BAA8BH,CAAY,iBAAsB,OAAO,OAAOE,CAAY,CAAC,EAAE,CACrH,CACJ,EAVkC,6BCNlC,IAAME,GAA2B,kFACpBC,EAAyCC,EAAA,CAACC,EAAaC,IAAW,CAC3E,IAAMC,EAAkB,IACpB,KAAK,MAAM,KAAK,OAAO,EAAI,GAAuD,EAChFC,EAAgB,IAAI,KAAK,KAAK,IAAI,EAAID,EAAkB,GAAI,EAClED,EAAO,KAAK,qJAC+B,IAAI,KAAKE,CAAa,CAAC;AAAA,sCAC9DN,EAAwB,EAC5B,IAAMO,EAAqBJ,EAAY,oBAAsBA,EAAY,WACzE,MAAO,CACH,GAAGA,EACH,GAAII,EAAqB,CAAE,mBAAAA,CAAmB,EAAI,CAAC,EACnD,WAAYD,CAChB,CACJ,EAbsD,0CCF/C,IAAME,EAA0BC,EAAA,CAACC,EAAUC,EAAU,CAAC,IAAM,CAC/D,IAAMC,EAASD,GAAS,QAAU,QAC9BE,EACJ,MAAO,UAAY,CACf,IAAIC,EACJ,GAAI,CACAA,EAAc,MAAMJ,EAAS,EACzBI,EAAY,YAAcA,EAAY,WAAW,QAAQ,EAAI,KAAK,IAAI,IACtEA,EAAcC,EAAuCD,EAAaF,CAAM,EAEhF,OACOI,EAAG,CACN,GAAIH,EACAD,EAAO,KAAK,4BAA6BI,CAAC,EAC1CF,EAAcC,EAAuCF,EAAiBD,CAAM,MAG5E,OAAMI,CAEd,CACA,OAAAH,EAAkBC,EACXA,CACX,CACJ,EAvBuC,2BCQvC,IAAMG,EAAY,8CACZC,GAAkB,oBAClBC,EAA+B,+BAC/BC,EAAuC,2BACvCC,EAA2B,2BACpBC,GAAuBC,EAAA,CAACC,EAAO,CAAC,IAAMC,EAAwBC,GAA4BF,CAAI,EAAG,CAAE,OAAQA,EAAK,MAAO,CAAC,EAAjG,wBAC9BE,GAA8BH,EAAA,CAACC,EAAO,CAAC,IAAM,CAC/C,IAAIG,EAAoB,GAClB,CAAE,OAAAC,EAAQ,QAAAC,CAAQ,EAAIL,EACtB,CAAE,QAAAM,EAAS,WAAAC,CAAW,EAAIC,EAAuBR,CAAI,EACrDS,EAAiBV,EAAA,MAAOQ,EAAYG,IAAY,CAElD,GADyBP,GAAqBO,EAAQ,UAAUb,CAAwB,GAAK,KACvE,CAClB,IAAIc,EAA6B,GAC7BC,EAAgC,GAC9BC,EAAc,MAAMC,EAAW,CACjC,4BAA6Bf,EAACgB,GAAQ,CAClC,IAAMC,EAAWD,EAAIpB,CAA4B,EAEjD,GADAiB,EAAgC,CAAC,CAACI,GAAYA,IAAa,QACvDA,IAAa,OACb,MAAM,IAAIC,EAAyB,GAAGtB,CAA4B,8CAA+C,CAAE,OAAQK,EAAK,MAAO,CAAC,EAE5I,OAAOY,CACX,EAP6B,+BAQ7B,mBAAoBb,EAACM,GAAY,CAC7B,IAAMa,EAAeb,EAAQT,CAAoC,EACjE,OAAAe,EAA6B,CAAC,CAACO,GAAgBA,IAAiB,QACzDP,CACX,EAJoB,sBAKpB,QAAS,EACb,EAAG,CACC,QAAAN,CACJ,CAAC,EAAE,EACH,GAAIL,EAAK,uBAAyBa,EAAa,CAC3C,IAAMM,EAAS,CAAC,EAChB,MAAInB,EAAK,uBACLmB,EAAO,KAAK,2EAA2E,EACvFR,GACAQ,EAAO,KAAK,wBAAwBvB,CAAoC,GAAG,EAC3EgB,GACAO,EAAO,KAAK,iCAAiCxB,CAA4B,GAAG,EAC1E,IAAIyB,EAAgC,6FAA6FD,EAAO,KAAK,IAAI,CAAC,IAAI,CAChK,CACJ,CACA,IAAME,GAAe,MAAMC,EAAM,SAAY,CACzC,IAAIjB,EACJ,GAAI,CACAA,EAAU,MAAMkB,GAAWb,CAAO,CACtC,OACOc,EAAK,CACR,MAAIA,EAAI,aAAe,MACnBrB,EAAoB,IAElBqB,CACV,CACA,OAAOnB,CACX,EAAGE,CAAU,GAAG,KAAK,EACrB,OAAOe,EAAM,SAAY,CACrB,IAAIG,EACJ,GAAI,CACAA,EAAQ,MAAMC,GAA0BL,EAAaX,EAASV,CAAI,CACtE,OACOwB,EAAK,CACR,MAAIA,EAAI,aAAe,MACnBrB,EAAoB,IAElBqB,CACV,CACA,OAAOC,CACX,EAAGlB,CAAU,CACjB,EA5DuB,kBA6DvB,MAAO,UAAY,CACf,IAAMoB,EAAW,MAAMC,EAA4B,EACnD,GAAIzB,EACA,OAAAC,GAAQ,MAAM,4BAA6B,oCAAoC,EACxEK,EAAeF,EAAY,CAAE,GAAGoB,EAAU,QAAArB,CAAQ,CAAC,EAEzD,CACD,IAAIuB,EACJ,GAAI,CACAA,GAAS,MAAMC,GAAiB,CAAE,GAAGH,EAAU,QAAArB,CAAQ,CAAC,GAAG,SAAS,CACxE,OACOyB,EAAO,CACV,GAAIA,GAAO,aAAe,IACtB,MAAM,OAAO,OAAOA,EAAO,CACvB,QAAS,2CACb,CAAC,EAEA,OAAIA,EAAM,UAAY,gBAAkB,CAAC,IAAK,IAAK,GAAG,EAAE,SAASA,EAAM,UAAU,KAClF5B,EAAoB,IAExBC,GAAQ,MAAM,4BAA6B,6BAA6B,EACjEK,EAAeF,EAAY,CAAE,GAAGoB,EAAU,QAAArB,CAAQ,CAAC,CAC9D,CACA,OAAOG,EAAeF,EAAY,CAC9B,GAAGoB,EACH,QAAS,CACL,CAAC9B,CAAwB,EAAGgC,CAChC,EACA,QAAAvB,CACJ,CAAC,CACL,CACJ,CACJ,EAjGoC,+BAkG9BwB,GAAmB/B,EAAA,MAAOW,GAAYsB,EAAY,CACpD,GAAGtB,EACH,KAAMhB,GACN,OAAQ,MACR,QAAS,CACL,uCAAwC,OAC5C,CACJ,CAAC,EAPwB,oBAQnB6B,GAAaxB,EAAA,MAAOW,IAAa,MAAMsB,EAAY,CAAE,GAAGtB,EAAS,KAAMjB,CAAU,CAAC,GAAG,SAAS,EAAjF,cACbiC,GAA4B3B,EAAA,MAAOM,EAASK,EAASV,IAAS,CAChE,IAAMiC,EAAsB,KAAK,OAAO,MAAMD,EAAY,CACtD,GAAGtB,EACH,KAAMjB,EAAYY,CACtB,CAAC,GAAG,SAAS,CAAC,EACd,GAAI,CAAC6B,EAAkBD,CAAmB,EACtC,MAAM,IAAIhB,EAAyB,4DAA6D,CAC5F,OAAQjB,EAAK,MACjB,CAAC,EAEL,OAAOmC,EAAoBF,CAAmB,CAClD,EAXkC",
6
+ "names": ["parse", "Buffer", "request", "httpRequest", "options", "resolve", "reject", "req", "request", "err", "ProviderError", "res", "statusCode", "chunks", "chunk", "Buffer", "__name", "isImdsCredentials", "__name", "arg", "fromImdsCredentials", "creds", "DEFAULT_TIMEOUT", "DEFAULT_MAX_RETRIES", "providerConfigFromInit", "__name", "maxRetries", "timeout", "retry", "__name", "toRetry", "maxRetries", "promise", "i", "ENV_CMDS_FULL_URI", "ENV_CMDS_RELATIVE_URI", "ENV_CMDS_AUTH_TOKEN", "fromContainerMetadata", "__name", "init", "timeout", "maxRetries", "providerConfigFromInit", "retry", "requestOptions", "getCmdsUri", "credsResponse", "requestFromEcsImds", "isImdsCredentials", "CredentialsProviderError", "fromImdsCredentials", "options", "httpRequest", "CMDS_IP", "GREENGRASS_HOSTS", "GREENGRASS_PROTOCOLS", "logger", "parsed", "parse", "InstanceMetadataV1FallbackError", "_InstanceMetadataV1FallbackError", "CredentialsProviderError", "__name", "message", "tryNextLink", "Endpoint", "ENV_ENDPOINT_NAME", "CONFIG_ENDPOINT_NAME", "ENDPOINT_CONFIG_OPTIONS", "__name", "env", "profile", "EndpointMode", "ENV_ENDPOINT_MODE_NAME", "CONFIG_ENDPOINT_MODE_NAME", "ENDPOINT_MODE_CONFIG_OPTIONS", "__name", "env", "profile", "EndpointMode", "getInstanceMetadataEndpoint", "__name", "parseUrl", "getFromEndpointConfig", "getFromEndpointModeConfig", "loadConfig", "ENDPOINT_CONFIG_OPTIONS", "endpointMode", "ENDPOINT_MODE_CONFIG_OPTIONS", "EndpointMode", "Endpoint", "STATIC_STABILITY_DOC_URL", "getExtendedInstanceMetadataCredentials", "__name", "credentials", "logger", "refreshInterval", "newExpiration", "originalExpiration", "staticStabilityProvider", "__name", "provider", "options", "logger", "pastCredentials", "credentials", "getExtendedInstanceMetadataCredentials", "e", "IMDS_PATH", "IMDS_TOKEN_PATH", "AWS_EC2_METADATA_V1_DISABLED", "PROFILE_AWS_EC2_METADATA_V1_DISABLED", "X_AWS_EC2_METADATA_TOKEN", "fromInstanceMetadata", "__name", "init", "staticStabilityProvider", "getInstanceMetadataProvider", "disableFetchToken", "logger", "profile", "timeout", "maxRetries", "providerConfigFromInit", "getCredentials", "options", "fallbackBlockedFromProfile", "fallbackBlockedFromProcessEnv", "configValue", "loadConfig", "env", "envValue", "CredentialsProviderError", "profileValue", "causes", "InstanceMetadataV1FallbackError", "imdsProfile", "retry", "getProfile", "err", "creds", "getCredentialsFromProfile", "endpoint", "getInstanceMetadataEndpoint", "token", "getMetadataToken", "error", "httpRequest", "credentialsResponse", "isImdsCredentials", "fromImdsCredentials"]
7
+ }
package/handler/dist-es-YFHCQQWD.js ADDED
@@ -0,0 +1,2 @@
1
+ /* CommonJS polyfills */import { fileURLToPath } from 'node:url';import { createRequire } from 'node:module';const __filename = fileURLToPath(import.meta.url);const __dirname = fileURLToPath(new URL('.', import.meta.url));const require = createRequire(import.meta.url);/* end of CommonJS polyfills */
2
+ import{a,b,c,d,e,f,g}from"./chunk-CE3XDBWG.js";import"./chunk-7HH7JLQT.js";import"./chunk-IIV4KUZH.js";import"./chunk-K7I7SIAE.js";export{f as ENV_ACCOUNT_ID,e as ENV_CREDENTIAL_SCOPE,d as ENV_EXPIRATION,a as ENV_KEY,b as ENV_SECRET,c as ENV_SESSION,g as fromEnv};
package/handler/dist-es-YFHCQQWD.js.map ADDED
@@ -0,0 +1,7 @@
1
+ {
2
+ "version": 3,
3
+ "sources": [],
4
+ "sourcesContent": [],
5
+ "mappings": "",
6
+ "names": []
7
+ }
package/handler/event-streams-DYKXGPYV.js ADDED
@@ -0,0 +1,2 @@
1
+ /* CommonJS polyfills */import { fileURLToPath } from 'node:url';import { createRequire } from 'node:module';const __filename = fileURLToPath(import.meta.url);const __dirname = fileURLToPath(new URL('.', import.meta.url));const require = createRequire(import.meta.url);/* end of CommonJS polyfills */
2
+ import{d as x,e as M}from"./chunk-BZDMPUOT.js";import{a as z}from"./chunk-K7I7SIAE.js";var T=class{static{z(this,"EventStreamSerde")}marshaller;serializer;deserializer;serdeContext;defaultContentType;constructor({marshaller:i,serializer:n,deserializer:o,serdeContext:m,defaultContentType:y}){this.marshaller=i,this.serializer=n,this.deserializer=o,this.serdeContext=m,this.defaultContentType=y}async serializeEventStream({eventStream:i,requestSchema:n,initialRequest:o}){let m=this.marshaller,y=n.getEventStreamMember(),b=n.getMemberSchema(y),d=this.serializer,f=this.defaultContentType,h=Symbol("initialRequestMarker"),p={async*[Symbol.asyncIterator](){if(o){let r={":event-type":{type:"string",value:"initial-request"},":message-type":{type:"string",value:"event"},":content-type":{type:"string",value:f}};d.write(n,o);let t=d.flush();yield{[h]:!0,headers:r,body:t}}for await(let r of i)yield r}};return m.serialize(p,r=>{if(r[h])return{headers:r.headers,body:r.body};let t=Object.keys(r).find(s=>s!=="__type")??"",{additionalHeaders:e,body:a,eventType:l,explicitPayloadContentType:c}=this.writeEventBody(t,b,r);return{headers:{":event-type":{type:"string",value:l},":message-type":{type:"string",value:"event"},":content-type":{type:"string",value:c??f},...e},body:a}})}async deserializeEventStream({response:i,responseSchema:n,initialResponseContainer:o}){let m=this.marshaller,y=n.getEventStreamMember(),d=n.getMemberSchema(y).getMemberSchemas(),f=Symbol("initialResponseMarker"),h=m.deserialize(i.body,async t=>{let e=Object.keys(t).find(l=>l!=="__type")??"",a=t[e].body;if(e==="initial-response"){let l=await this.deserializer.read(n,a);return delete l[y],{[f]:!0,...l}}else if(e in d){let l=d[e];if(l.isStructSchema()){let c={},u=!1;for(let[s,g]of l.structIterator()){let{eventHeader:v,eventPayload:w}=g.getMergedTraits();if(u=u||!!(v||w),w)g.isBlobSchema()?c[s]=a:g.isStringSchema()?c[s]=(this.serdeContext?.utf8Encoder??M)(a):g.isStructSchema()&&(c[s]=await this.deserializer.read(g,a));else if(v){let S=t[e].headers[s]?.value;S!=null&&(g.isNumericSchema()?S&&typeof S=="object"&&"bytes"in S?c[s]=BigInt(S.toString()):c[s]=Number(S):c[s]=S)}}if(u)return{[e]:c};if(a.byteLength===0)return{[e]:{}}}return{[e]:await this.deserializer.read(l,a)}}else return{$unknown:t}}),p=h[Symbol.asyncIterator](),r=await p.next();if(r.done)return h;if(r.value?.[f]){if(!n)throw new Error("@smithy::core/protocols - initial-response event encountered in event stream but no response schema given.");for(let[t,e]of Object.entries(r.value))o[t]=e}return{async*[Symbol.asyncIterator](){for(r?.value?.[f]||(yield r.value);;){let{done:t,value:e}=await p.next();if(t)break;yield e}}}}writeEventBody(i,n,o){let m=this.serializer,y=i,b=null,d,f=n.getSchema()[4].includes(i),h={};if(f){let t=n.getMemberSchema(i);if(t.isStructSchema()){for(let[e,a]of t.structIterator()){let{eventHeader:l,eventPayload:c}=a.getMergedTraits();if(c)b=e;else if(l){let u=o[i][e],s="binary";a.isNumericSchema()?(-2)**31<=u&&u<=2**31-1?s="integer":s="long":a.isTimestampSchema()?s="timestamp":a.isStringSchema()?s="string":a.isBooleanSchema()&&(s="boolean"),u!=null&&(h[e]={type:s,value:u},delete o[i][e])}}if(b!==null){let e=t.getMemberSchema(b);e.isBlobSchema()?d="application/octet-stream":e.isStringSchema()&&(d="text/plain"),m.write(e,o[i][b])}else m.write(t,o[i])}else throw new Error("@smithy/core/event-streams - non-struct member not supported in event stream union.")}else{let[t,e]=o[i];y=t,m.write(15,e)}let p=m.flush();return{body:typeof p=="string"?(this.serdeContext?.utf8Decoder??x)(p):p,eventType:y,explicitPayloadContentType:d,additionalHeaders:h}}};export{T as EventStreamSerde};