@cdklabs/cdk-ecs-codedeploy 0.0.284 → 0.0.286
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.jsii +3 -3
- package/lib/api-canary/index.js +1 -1
- package/lib/ecs-appspec/index.js +1 -1
- package/lib/ecs-deployment/index.js +1 -1
- package/lib/ecs-patterns/application-load-balanced-codedeployed-fargate-service.js +1 -1
- package/node_modules/@aws-sdk/client-codedeploy/dist-cjs/index.js +2 -2
- package/node_modules/@aws-sdk/client-codedeploy/dist-es/protocols/Aws_json1_1.js +2 -2
- package/node_modules/@aws-sdk/client-codedeploy/package.json +18 -18
- package/node_modules/@aws-sdk/client-sso/package.json +15 -15
- package/node_modules/@aws-sdk/client-sso-oidc/package.json +17 -17
- package/node_modules/@aws-sdk/client-sts/package.json +17 -17
- package/node_modules/@aws-sdk/core/package.json +8 -3
- package/node_modules/@aws-sdk/credential-provider-env/dist-cjs/index.js +2 -2
- package/node_modules/@aws-sdk/credential-provider-env/dist-es/fromEnv.js +2 -2
- package/node_modules/@aws-sdk/credential-provider-env/package.json +2 -2
- package/node_modules/@aws-sdk/credential-provider-http/dist-cjs/fromHttp/checkUrl.js +2 -2
- package/node_modules/@aws-sdk/credential-provider-http/dist-cjs/fromHttp/fromHttp.browser.js +4 -4
- package/node_modules/@aws-sdk/credential-provider-http/dist-cjs/fromHttp/fromHttp.js +12 -9
- package/node_modules/@aws-sdk/credential-provider-http/dist-cjs/fromHttp/requestHelpers.js +6 -5
- package/node_modules/@aws-sdk/credential-provider-http/dist-es/fromHttp/checkUrl.js +2 -2
- package/node_modules/@aws-sdk/credential-provider-http/dist-es/fromHttp/fromHttp.browser.js +4 -4
- package/node_modules/@aws-sdk/credential-provider-http/dist-es/fromHttp/fromHttp.js +12 -9
- package/node_modules/@aws-sdk/credential-provider-http/dist-es/fromHttp/requestHelpers.js +6 -5
- package/node_modules/@aws-sdk/credential-provider-http/dist-types/fromHttp/checkUrl.d.ts +3 -1
- package/node_modules/@aws-sdk/credential-provider-http/dist-types/fromHttp/fromHttp.browser.d.ts +1 -1
- package/node_modules/@aws-sdk/credential-provider-http/dist-types/fromHttp/fromHttp.d.ts +1 -1
- package/node_modules/@aws-sdk/credential-provider-http/dist-types/fromHttp/requestHelpers.d.ts +2 -2
- package/node_modules/@aws-sdk/credential-provider-http/dist-types/ts3.4/fromHttp/checkUrl.d.ts +2 -1
- package/node_modules/@aws-sdk/credential-provider-http/dist-types/ts3.4/fromHttp/fromHttp.browser.d.ts +1 -1
- package/node_modules/@aws-sdk/credential-provider-http/dist-types/ts3.4/fromHttp/fromHttp.d.ts +1 -1
- package/node_modules/@aws-sdk/credential-provider-http/dist-types/ts3.4/fromHttp/requestHelpers.d.ts +3 -2
- package/node_modules/@aws-sdk/credential-provider-http/package.json +3 -3
- package/node_modules/@aws-sdk/credential-provider-ini/dist-cjs/index.js +70 -20
- package/node_modules/@aws-sdk/credential-provider-ini/dist-es/fromIni.js +1 -1
- package/node_modules/@aws-sdk/credential-provider-ini/dist-es/resolveAssumeRoleCredentials.js +35 -14
- package/node_modules/@aws-sdk/credential-provider-ini/dist-es/resolveCredentialSource.js +19 -6
- package/node_modules/@aws-sdk/credential-provider-ini/dist-es/resolveProfileData.js +2 -2
- package/node_modules/@aws-sdk/credential-provider-ini/dist-es/resolveStaticCredentials.js +1 -1
- package/node_modules/@aws-sdk/credential-provider-ini/dist-types/resolveAssumeRoleCredentials.d.ts +5 -2
- package/node_modules/@aws-sdk/credential-provider-ini/dist-types/resolveCredentialSource.d.ts +2 -2
- package/node_modules/@aws-sdk/credential-provider-ini/dist-types/ts3.4/resolveAssumeRoleCredentials.d.ts +11 -2
- package/node_modules/@aws-sdk/credential-provider-ini/dist-types/ts3.4/resolveCredentialSource.d.ts +3 -2
- package/node_modules/@aws-sdk/credential-provider-ini/package.json +10 -9
- package/node_modules/@aws-sdk/credential-provider-node/dist-cjs/index.js +15 -11
- package/node_modules/@aws-sdk/credential-provider-node/dist-es/defaultProvider.js +11 -8
- package/node_modules/@aws-sdk/credential-provider-node/dist-es/remoteProvider.js +3 -3
- package/node_modules/@aws-sdk/credential-provider-node/dist-types/defaultProvider.d.ts +2 -1
- package/node_modules/@aws-sdk/credential-provider-node/dist-types/remoteProvider.d.ts +2 -1
- package/node_modules/@aws-sdk/credential-provider-node/dist-types/ts3.4/defaultProvider.d.ts +2 -0
- package/node_modules/@aws-sdk/credential-provider-node/dist-types/ts3.4/remoteProvider.d.ts +2 -1
- package/node_modules/@aws-sdk/credential-provider-node/package.json +10 -10
- package/node_modules/@aws-sdk/credential-provider-process/dist-cjs/index.js +8 -6
- package/node_modules/@aws-sdk/credential-provider-process/dist-es/fromProcess.js +2 -2
- package/node_modules/@aws-sdk/credential-provider-process/dist-es/resolveProcessCredentials.js +6 -4
- package/node_modules/@aws-sdk/credential-provider-process/dist-types/resolveProcessCredentials.d.ts +2 -2
- package/node_modules/@aws-sdk/credential-provider-process/dist-types/ts3.4/resolveProcessCredentials.d.ts +3 -2
- package/node_modules/@aws-sdk/credential-provider-process/package.json +3 -3
- package/node_modules/@aws-sdk/credential-provider-sso/dist-cjs/index.js +43 -21
- package/node_modules/@aws-sdk/credential-provider-sso/dist-es/fromSSO.js +15 -7
- package/node_modules/@aws-sdk/credential-provider-sso/dist-es/resolveSSOCredentials.js +21 -6
- package/node_modules/@aws-sdk/credential-provider-sso/dist-es/validateSsoProfile.js +2 -2
- package/node_modules/@aws-sdk/credential-provider-sso/dist-types/resolveSSOCredentials.d.ts +1 -1
- package/node_modules/@aws-sdk/credential-provider-sso/dist-types/ts3.4/resolveSSOCredentials.d.ts +1 -0
- package/node_modules/@aws-sdk/credential-provider-sso/dist-types/ts3.4/validateSsoProfile.d.ts +3 -1
- package/node_modules/@aws-sdk/credential-provider-sso/dist-types/validateSsoProfile.d.ts +2 -1
- package/node_modules/@aws-sdk/credential-provider-sso/package.json +5 -5
- package/node_modules/@aws-sdk/credential-provider-web-identity/dist-cjs/fromTokenFile.js +4 -2
- package/node_modules/@aws-sdk/credential-provider-web-identity/dist-cjs/fromWebToken.js +1 -1
- package/node_modules/@aws-sdk/credential-provider-web-identity/dist-es/fromTokenFile.js +4 -2
- package/node_modules/@aws-sdk/credential-provider-web-identity/dist-es/fromWebToken.js +1 -1
- package/node_modules/@aws-sdk/credential-provider-web-identity/package.json +3 -3
- package/node_modules/@aws-sdk/middleware-user-agent/package.json +2 -2
- package/node_modules/@aws-sdk/region-config-resolver/package.json +2 -2
- package/node_modules/@aws-sdk/token-providers/dist-cjs/index.js +2 -2
- package/node_modules/@aws-sdk/token-providers/dist-es/fromSso.js +1 -1
- package/node_modules/@aws-sdk/token-providers/dist-es/fromStatic.js +1 -1
- package/node_modules/@aws-sdk/token-providers/package.json +4 -4
- package/node_modules/@aws-sdk/util-endpoints/package.json +2 -2
- package/node_modules/@aws-sdk/util-user-agent-node/package.json +2 -2
- package/package.json +3 -3
|
@@ -13,20 +13,23 @@ const DEFAULT_LINK_LOCAL_HOST = "http://169.254.170.2";
|
|
|
13
13
|
const AWS_CONTAINER_CREDENTIALS_FULL_URI = "AWS_CONTAINER_CREDENTIALS_FULL_URI";
|
|
14
14
|
const AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE = "AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE";
|
|
15
15
|
const AWS_CONTAINER_AUTHORIZATION_TOKEN = "AWS_CONTAINER_AUTHORIZATION_TOKEN";
|
|
16
|
-
const fromHttp = (options) => {
|
|
17
|
-
options.logger?.debug("@aws-sdk/credential-provider-http
|
|
16
|
+
const fromHttp = (options = {}) => {
|
|
17
|
+
options.logger?.debug("@aws-sdk/credential-provider-http - fromHttp");
|
|
18
18
|
let host;
|
|
19
19
|
const relative = options.awsContainerCredentialsRelativeUri ?? process.env[AWS_CONTAINER_CREDENTIALS_RELATIVE_URI];
|
|
20
20
|
const full = options.awsContainerCredentialsFullUri ?? process.env[AWS_CONTAINER_CREDENTIALS_FULL_URI];
|
|
21
21
|
const token = options.awsContainerAuthorizationToken ?? process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN];
|
|
22
22
|
const tokenFile = options.awsContainerAuthorizationTokenFile ?? process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE];
|
|
23
|
+
const warn = options.logger?.constructor?.name === "NoOpLogger" || !options.logger ? console.warn : options.logger.warn;
|
|
23
24
|
if (relative && full) {
|
|
24
|
-
|
|
25
|
-
|
|
25
|
+
warn("@aws-sdk/credential-provider-http: " +
|
|
26
|
+
"you have set both awsContainerCredentialsRelativeUri and awsContainerCredentialsFullUri.");
|
|
27
|
+
warn("awsContainerCredentialsFullUri will take precedence.");
|
|
26
28
|
}
|
|
27
29
|
if (token && tokenFile) {
|
|
28
|
-
|
|
29
|
-
|
|
30
|
+
warn("@aws-sdk/credential-provider-http: " +
|
|
31
|
+
"you have set both awsContainerAuthorizationToken and awsContainerAuthorizationTokenFile.");
|
|
32
|
+
warn("awsContainerAuthorizationToken will take precedence.");
|
|
30
33
|
}
|
|
31
34
|
if (full) {
|
|
32
35
|
host = full;
|
|
@@ -36,10 +39,10 @@ const fromHttp = (options) => {
|
|
|
36
39
|
}
|
|
37
40
|
else {
|
|
38
41
|
throw new property_provider_1.CredentialsProviderError(`No HTTP credential provider host provided.
|
|
39
|
-
Set AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
|
|
42
|
+
Set AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI.`, { logger: options.logger });
|
|
40
43
|
}
|
|
41
44
|
const url = new URL(host);
|
|
42
|
-
(0, checkUrl_1.checkUrl)(url);
|
|
45
|
+
(0, checkUrl_1.checkUrl)(url, options.logger);
|
|
43
46
|
const requestHandler = new node_http_handler_1.NodeHttpHandler({
|
|
44
47
|
requestTimeout: options.timeout ?? 1000,
|
|
45
48
|
connectionTimeout: options.timeout ?? 1000,
|
|
@@ -57,7 +60,7 @@ Set AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
|
|
|
57
60
|
return (0, requestHelpers_1.getCredentials)(result.response);
|
|
58
61
|
}
|
|
59
62
|
catch (e) {
|
|
60
|
-
throw new property_provider_1.CredentialsProviderError(String(e));
|
|
63
|
+
throw new property_provider_1.CredentialsProviderError(String(e), { logger: options.logger });
|
|
61
64
|
}
|
|
62
65
|
}, options.maxRetries ?? 3, options.timeout ?? 1000);
|
|
63
66
|
};
|
|
@@ -19,10 +19,11 @@ function createGetRequest(url) {
|
|
|
19
19
|
});
|
|
20
20
|
}
|
|
21
21
|
exports.createGetRequest = createGetRequest;
|
|
22
|
-
async function getCredentials(response) {
|
|
22
|
+
async function getCredentials(response, logger) {
|
|
23
23
|
const contentType = response?.headers["content-type"] ?? response?.headers["Content-Type"] ?? "";
|
|
24
24
|
if (!contentType.includes("json")) {
|
|
25
|
-
|
|
25
|
+
const warn = logger?.constructor?.name === "NoOpLogger" || !logger ? console.warn : logger.warn;
|
|
26
|
+
warn("HTTP credential provider response header content-type was not application/json. Observed: " + contentType + ".");
|
|
26
27
|
}
|
|
27
28
|
const stream = (0, util_stream_1.sdkStreamMixin)(response.body);
|
|
28
29
|
const str = await stream.transformToString();
|
|
@@ -33,7 +34,7 @@ async function getCredentials(response) {
|
|
|
33
34
|
typeof parsed.Token !== "string" ||
|
|
34
35
|
typeof parsed.Expiration !== "string") {
|
|
35
36
|
throw new property_provider_1.CredentialsProviderError("HTTP credential provider response not of the required format, an object matching: " +
|
|
36
|
-
"{ AccessKeyId: string, SecretAccessKey: string, Token: string, Expiration: string(rfc3339) }");
|
|
37
|
+
"{ AccessKeyId: string, SecretAccessKey: string, Token: string, Expiration: string(rfc3339) }", { logger });
|
|
37
38
|
}
|
|
38
39
|
return {
|
|
39
40
|
accessKeyId: parsed.AccessKeyId,
|
|
@@ -48,11 +49,11 @@ async function getCredentials(response) {
|
|
|
48
49
|
parsedBody = JSON.parse(str);
|
|
49
50
|
}
|
|
50
51
|
catch (e) { }
|
|
51
|
-
throw Object.assign(new property_provider_1.CredentialsProviderError(`Server responded with status: ${response.statusCode}
|
|
52
|
+
throw Object.assign(new property_provider_1.CredentialsProviderError(`Server responded with status: ${response.statusCode}`, { logger }), {
|
|
52
53
|
Code: parsedBody.Code,
|
|
53
54
|
Message: parsedBody.Message,
|
|
54
55
|
});
|
|
55
56
|
}
|
|
56
|
-
throw new property_provider_1.CredentialsProviderError(`Server responded with status: ${response.statusCode}
|
|
57
|
+
throw new property_provider_1.CredentialsProviderError(`Server responded with status: ${response.statusCode}`, { logger });
|
|
57
58
|
}
|
|
58
59
|
exports.getCredentials = getCredentials;
|
|
@@ -4,7 +4,7 @@ const LOOPBACK_CIDR_IPv6 = "::1/128";
|
|
|
4
4
|
const ECS_CONTAINER_HOST = "169.254.170.2";
|
|
5
5
|
const EKS_CONTAINER_HOST_IPv4 = "169.254.170.23";
|
|
6
6
|
const EKS_CONTAINER_HOST_IPv6 = "[fd00:ec2::23]";
|
|
7
|
-
export const checkUrl = (url) => {
|
|
7
|
+
export const checkUrl = (url, logger) => {
|
|
8
8
|
if (url.protocol === "https:") {
|
|
9
9
|
return;
|
|
10
10
|
}
|
|
@@ -38,5 +38,5 @@ export const checkUrl = (url) => {
|
|
|
38
38
|
throw new CredentialsProviderError(`URL not accepted. It must either be HTTPS or match one of the following:
|
|
39
39
|
- loopback CIDR 127.0.0.0/8 or [::1/128]
|
|
40
40
|
- ECS container host 169.254.170.2
|
|
41
|
-
- EKS container host 169.254.170.23 or [fd00:ec2::23]
|
|
41
|
+
- EKS container host 169.254.170.23 or [fd00:ec2::23]`, { logger });
|
|
42
42
|
};
|
|
@@ -3,18 +3,18 @@ import { CredentialsProviderError } from "@smithy/property-provider";
|
|
|
3
3
|
import { checkUrl } from "./checkUrl";
|
|
4
4
|
import { createGetRequest, getCredentials } from "./requestHelpers";
|
|
5
5
|
import { retryWrapper } from "./retry-wrapper";
|
|
6
|
-
export const fromHttp = (options) => {
|
|
7
|
-
options.logger?.debug("@aws-sdk/credential-provider-http
|
|
6
|
+
export const fromHttp = (options = {}) => {
|
|
7
|
+
options.logger?.debug("@aws-sdk/credential-provider-http - fromHttp");
|
|
8
8
|
let host;
|
|
9
9
|
const full = options.credentialsFullUri;
|
|
10
10
|
if (full) {
|
|
11
11
|
host = full;
|
|
12
12
|
}
|
|
13
13
|
else {
|
|
14
|
-
throw new CredentialsProviderError("No HTTP credential provider host provided.");
|
|
14
|
+
throw new CredentialsProviderError("No HTTP credential provider host provided.", { logger: options.logger });
|
|
15
15
|
}
|
|
16
16
|
const url = new URL(host);
|
|
17
|
-
checkUrl(url);
|
|
17
|
+
checkUrl(url, options.logger);
|
|
18
18
|
const requestHandler = new FetchHttpHandler();
|
|
19
19
|
return retryWrapper(async () => {
|
|
20
20
|
const request = createGetRequest(url);
|
|
@@ -9,20 +9,23 @@ const DEFAULT_LINK_LOCAL_HOST = "http://169.254.170.2";
|
|
|
9
9
|
const AWS_CONTAINER_CREDENTIALS_FULL_URI = "AWS_CONTAINER_CREDENTIALS_FULL_URI";
|
|
10
10
|
const AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE = "AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE";
|
|
11
11
|
const AWS_CONTAINER_AUTHORIZATION_TOKEN = "AWS_CONTAINER_AUTHORIZATION_TOKEN";
|
|
12
|
-
export const fromHttp = (options) => {
|
|
13
|
-
options.logger?.debug("@aws-sdk/credential-provider-http
|
|
12
|
+
export const fromHttp = (options = {}) => {
|
|
13
|
+
options.logger?.debug("@aws-sdk/credential-provider-http - fromHttp");
|
|
14
14
|
let host;
|
|
15
15
|
const relative = options.awsContainerCredentialsRelativeUri ?? process.env[AWS_CONTAINER_CREDENTIALS_RELATIVE_URI];
|
|
16
16
|
const full = options.awsContainerCredentialsFullUri ?? process.env[AWS_CONTAINER_CREDENTIALS_FULL_URI];
|
|
17
17
|
const token = options.awsContainerAuthorizationToken ?? process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN];
|
|
18
18
|
const tokenFile = options.awsContainerAuthorizationTokenFile ?? process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE];
|
|
19
|
+
const warn = options.logger?.constructor?.name === "NoOpLogger" || !options.logger ? console.warn : options.logger.warn;
|
|
19
20
|
if (relative && full) {
|
|
20
|
-
|
|
21
|
-
|
|
21
|
+
warn("@aws-sdk/credential-provider-http: " +
|
|
22
|
+
"you have set both awsContainerCredentialsRelativeUri and awsContainerCredentialsFullUri.");
|
|
23
|
+
warn("awsContainerCredentialsFullUri will take precedence.");
|
|
22
24
|
}
|
|
23
25
|
if (token && tokenFile) {
|
|
24
|
-
|
|
25
|
-
|
|
26
|
+
warn("@aws-sdk/credential-provider-http: " +
|
|
27
|
+
"you have set both awsContainerAuthorizationToken and awsContainerAuthorizationTokenFile.");
|
|
28
|
+
warn("awsContainerAuthorizationToken will take precedence.");
|
|
26
29
|
}
|
|
27
30
|
if (full) {
|
|
28
31
|
host = full;
|
|
@@ -32,10 +35,10 @@ export const fromHttp = (options) => {
|
|
|
32
35
|
}
|
|
33
36
|
else {
|
|
34
37
|
throw new CredentialsProviderError(`No HTTP credential provider host provided.
|
|
35
|
-
Set AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
|
|
38
|
+
Set AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI.`, { logger: options.logger });
|
|
36
39
|
}
|
|
37
40
|
const url = new URL(host);
|
|
38
|
-
checkUrl(url);
|
|
41
|
+
checkUrl(url, options.logger);
|
|
39
42
|
const requestHandler = new NodeHttpHandler({
|
|
40
43
|
requestTimeout: options.timeout ?? 1000,
|
|
41
44
|
connectionTimeout: options.timeout ?? 1000,
|
|
@@ -53,7 +56,7 @@ Set AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
|
|
|
53
56
|
return getCredentials(result.response);
|
|
54
57
|
}
|
|
55
58
|
catch (e) {
|
|
56
|
-
throw new CredentialsProviderError(String(e));
|
|
59
|
+
throw new CredentialsProviderError(String(e), { logger: options.logger });
|
|
57
60
|
}
|
|
58
61
|
}, options.maxRetries ?? 3, options.timeout ?? 1000);
|
|
59
62
|
};
|
|
@@ -15,10 +15,11 @@ export function createGetRequest(url) {
|
|
|
15
15
|
fragment: url.hash,
|
|
16
16
|
});
|
|
17
17
|
}
|
|
18
|
-
export async function getCredentials(response) {
|
|
18
|
+
export async function getCredentials(response, logger) {
|
|
19
19
|
const contentType = response?.headers["content-type"] ?? response?.headers["Content-Type"] ?? "";
|
|
20
20
|
if (!contentType.includes("json")) {
|
|
21
|
-
|
|
21
|
+
const warn = logger?.constructor?.name === "NoOpLogger" || !logger ? console.warn : logger.warn;
|
|
22
|
+
warn("HTTP credential provider response header content-type was not application/json. Observed: " + contentType + ".");
|
|
22
23
|
}
|
|
23
24
|
const stream = sdkStreamMixin(response.body);
|
|
24
25
|
const str = await stream.transformToString();
|
|
@@ -29,7 +30,7 @@ export async function getCredentials(response) {
|
|
|
29
30
|
typeof parsed.Token !== "string" ||
|
|
30
31
|
typeof parsed.Expiration !== "string") {
|
|
31
32
|
throw new CredentialsProviderError("HTTP credential provider response not of the required format, an object matching: " +
|
|
32
|
-
"{ AccessKeyId: string, SecretAccessKey: string, Token: string, Expiration: string(rfc3339) }");
|
|
33
|
+
"{ AccessKeyId: string, SecretAccessKey: string, Token: string, Expiration: string(rfc3339) }", { logger });
|
|
33
34
|
}
|
|
34
35
|
return {
|
|
35
36
|
accessKeyId: parsed.AccessKeyId,
|
|
@@ -44,10 +45,10 @@ export async function getCredentials(response) {
|
|
|
44
45
|
parsedBody = JSON.parse(str);
|
|
45
46
|
}
|
|
46
47
|
catch (e) { }
|
|
47
|
-
throw Object.assign(new CredentialsProviderError(`Server responded with status: ${response.statusCode}
|
|
48
|
+
throw Object.assign(new CredentialsProviderError(`Server responded with status: ${response.statusCode}`, { logger }), {
|
|
48
49
|
Code: parsedBody.Code,
|
|
49
50
|
Message: parsedBody.Message,
|
|
50
51
|
});
|
|
51
52
|
}
|
|
52
|
-
throw new CredentialsProviderError(`Server responded with status: ${response.statusCode}
|
|
53
|
+
throw new CredentialsProviderError(`Server responded with status: ${response.statusCode}`, { logger });
|
|
53
54
|
}
|
|
@@ -1,7 +1,9 @@
|
|
|
1
|
+
import { Logger } from "@smithy/types";
|
|
1
2
|
/**
|
|
2
3
|
* @internal
|
|
3
4
|
*
|
|
4
5
|
* @param url - to be validated.
|
|
6
|
+
* @param logger - passed to CredentialsProviderError.
|
|
5
7
|
* @throws if not acceptable to this provider.
|
|
6
8
|
*/
|
|
7
|
-
export declare const checkUrl: (url: URL) => void;
|
|
9
|
+
export declare const checkUrl: (url: URL, logger?: Logger) => void;
|
package/node_modules/@aws-sdk/credential-provider-http/dist-types/fromHttp/fromHttp.browser.d.ts
CHANGED
|
@@ -3,4 +3,4 @@ import type { FromHttpOptions } from "./fromHttpTypes";
|
|
|
3
3
|
/**
|
|
4
4
|
* Creates a provider that gets credentials via HTTP request.
|
|
5
5
|
*/
|
|
6
|
-
export declare const fromHttp: (options
|
|
6
|
+
export declare const fromHttp: (options?: FromHttpOptions) => AwsCredentialIdentityProvider;
|
|
@@ -3,4 +3,4 @@ import type { FromHttpOptions } from "./fromHttpTypes";
|
|
|
3
3
|
/**
|
|
4
4
|
* Creates a provider that gets credentials via HTTP request.
|
|
5
5
|
*/
|
|
6
|
-
export declare const fromHttp: (options
|
|
6
|
+
export declare const fromHttp: (options?: FromHttpOptions) => AwsCredentialIdentityProvider;
|
package/node_modules/@aws-sdk/credential-provider-http/dist-types/fromHttp/requestHelpers.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { AwsCredentialIdentity } from "@aws-sdk/types";
|
|
2
2
|
import { HttpRequest } from "@smithy/protocol-http";
|
|
3
|
-
import { HttpResponse } from "@smithy/types";
|
|
3
|
+
import { HttpResponse, Logger } from "@smithy/types";
|
|
4
4
|
/**
|
|
5
5
|
* @internal
|
|
6
6
|
*/
|
|
@@ -8,4 +8,4 @@ export declare function createGetRequest(url: URL): HttpRequest;
|
|
|
8
8
|
/**
|
|
9
9
|
* @internal
|
|
10
10
|
*/
|
|
11
|
-
export declare function getCredentials(response: HttpResponse): Promise<AwsCredentialIdentity>;
|
|
11
|
+
export declare function getCredentials(response: HttpResponse, logger?: Logger): Promise<AwsCredentialIdentity>;
|
package/node_modules/@aws-sdk/credential-provider-http/dist-types/ts3.4/fromHttp/checkUrl.d.ts
CHANGED
|
@@ -1 +1,2 @@
|
|
|
1
|
-
|
|
1
|
+
import { Logger } from "@smithy/types";
|
|
2
|
+
export declare const checkUrl: (url: URL, logger?: Logger) => void;
|
package/node_modules/@aws-sdk/credential-provider-http/dist-types/ts3.4/fromHttp/requestHelpers.d.ts
CHANGED
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
import { AwsCredentialIdentity } from "@aws-sdk/types";
|
|
2
2
|
import { HttpRequest } from "@smithy/protocol-http";
|
|
3
|
-
import { HttpResponse } from "@smithy/types";
|
|
3
|
+
import { HttpResponse, Logger } from "@smithy/types";
|
|
4
4
|
export declare function createGetRequest(url: URL): HttpRequest;
|
|
5
5
|
export declare function getCredentials(
|
|
6
|
-
response: HttpResponse
|
|
6
|
+
response: HttpResponse,
|
|
7
|
+
logger?: Logger
|
|
7
8
|
): Promise<AwsCredentialIdentity>;
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@aws-sdk/credential-provider-http",
|
|
3
|
-
"version": "3.
|
|
3
|
+
"version": "3.587.0",
|
|
4
4
|
"description": "AWS credential provider for containers and HTTP sources",
|
|
5
5
|
"main": "./dist-cjs/index.js",
|
|
6
6
|
"module": "./dist-es/index.js",
|
|
@@ -29,9 +29,9 @@
|
|
|
29
29
|
"@aws-sdk/types": "3.577.0",
|
|
30
30
|
"@smithy/fetch-http-handler": "^3.0.1",
|
|
31
31
|
"@smithy/node-http-handler": "^3.0.0",
|
|
32
|
-
"@smithy/property-provider": "^3.
|
|
32
|
+
"@smithy/property-provider": "^3.1.0",
|
|
33
33
|
"@smithy/protocol-http": "^4.0.0",
|
|
34
|
-
"@smithy/smithy-client": "^3.
|
|
34
|
+
"@smithy/smithy-client": "^3.1.1",
|
|
35
35
|
"@smithy/types": "^3.0.0",
|
|
36
36
|
"@smithy/util-stream": "^3.0.1",
|
|
37
37
|
"tslib": "^2.6.2"
|
|
@@ -47,28 +47,58 @@ var import_shared_ini_file_loader = require("@smithy/shared-ini-file-loader");
|
|
|
47
47
|
|
|
48
48
|
// src/resolveCredentialSource.ts
|
|
49
49
|
var import_property_provider = require("@smithy/property-provider");
|
|
50
|
-
var resolveCredentialSource = /* @__PURE__ */ __name((credentialSource, profileName) => {
|
|
50
|
+
var resolveCredentialSource = /* @__PURE__ */ __name((credentialSource, profileName, logger) => {
|
|
51
51
|
const sourceProvidersMap = {
|
|
52
|
-
EcsContainer: (options) =>
|
|
53
|
-
|
|
54
|
-
|
|
52
|
+
EcsContainer: async (options) => {
|
|
53
|
+
const { fromHttp } = await Promise.resolve().then(() => __toESM(require("@aws-sdk/credential-provider-http")));
|
|
54
|
+
const { fromContainerMetadata } = await Promise.resolve().then(() => __toESM(require("@smithy/credential-provider-imds")));
|
|
55
|
+
logger == null ? void 0 : logger.debug("@aws-sdk/credential-provider-ini - credential_source is EcsContainer");
|
|
56
|
+
return (0, import_property_provider.chain)(fromHttp(options ?? {}), fromContainerMetadata(options));
|
|
57
|
+
},
|
|
58
|
+
Ec2InstanceMetadata: async (options) => {
|
|
59
|
+
logger == null ? void 0 : logger.debug("@aws-sdk/credential-provider-ini - credential_source is Ec2InstanceMetadata");
|
|
60
|
+
const { fromInstanceMetadata } = await Promise.resolve().then(() => __toESM(require("@smithy/credential-provider-imds")));
|
|
61
|
+
return fromInstanceMetadata(options);
|
|
62
|
+
},
|
|
63
|
+
Environment: async (options) => {
|
|
64
|
+
logger == null ? void 0 : logger.debug("@aws-sdk/credential-provider-ini - credential_source is Environment");
|
|
65
|
+
const { fromEnv } = await Promise.resolve().then(() => __toESM(require("@aws-sdk/credential-provider-env")));
|
|
66
|
+
return fromEnv(options);
|
|
67
|
+
}
|
|
55
68
|
};
|
|
56
69
|
if (credentialSource in sourceProvidersMap) {
|
|
57
70
|
return sourceProvidersMap[credentialSource];
|
|
58
71
|
} else {
|
|
59
72
|
throw new import_property_provider.CredentialsProviderError(
|
|
60
|
-
`Unsupported credential source in profile ${profileName}. Got ${credentialSource}, expected EcsContainer or Ec2InstanceMetadata or Environment
|
|
73
|
+
`Unsupported credential source in profile ${profileName}. Got ${credentialSource}, expected EcsContainer or Ec2InstanceMetadata or Environment.`,
|
|
74
|
+
{ logger }
|
|
61
75
|
);
|
|
62
76
|
}
|
|
63
77
|
}, "resolveCredentialSource");
|
|
64
78
|
|
|
65
79
|
// src/resolveAssumeRoleCredentials.ts
|
|
66
|
-
var isAssumeRoleProfile = /* @__PURE__ */ __name((arg
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
var
|
|
80
|
+
var isAssumeRoleProfile = /* @__PURE__ */ __name((arg, { profile = "default", logger } = {}) => {
|
|
81
|
+
return Boolean(arg) && typeof arg === "object" && typeof arg.role_arn === "string" && ["undefined", "string"].indexOf(typeof arg.role_session_name) > -1 && ["undefined", "string"].indexOf(typeof arg.external_id) > -1 && ["undefined", "string"].indexOf(typeof arg.mfa_serial) > -1 && (isAssumeRoleWithSourceProfile(arg, { profile, logger }) || isCredentialSourceProfile(arg, { profile, logger }));
|
|
82
|
+
}, "isAssumeRoleProfile");
|
|
83
|
+
var isAssumeRoleWithSourceProfile = /* @__PURE__ */ __name((arg, { profile, logger }) => {
|
|
84
|
+
var _a;
|
|
85
|
+
const withSourceProfile = typeof arg.source_profile === "string" && typeof arg.credential_source === "undefined";
|
|
86
|
+
if (withSourceProfile) {
|
|
87
|
+
(_a = logger == null ? void 0 : logger.debug) == null ? void 0 : _a.call(logger, ` ${profile} isAssumeRoleWithSourceProfile source_profile=${arg.source_profile}`);
|
|
88
|
+
}
|
|
89
|
+
return withSourceProfile;
|
|
90
|
+
}, "isAssumeRoleWithSourceProfile");
|
|
91
|
+
var isCredentialSourceProfile = /* @__PURE__ */ __name((arg, { profile, logger }) => {
|
|
70
92
|
var _a;
|
|
71
|
-
|
|
93
|
+
const withProviderProfile = typeof arg.credential_source === "string" && typeof arg.source_profile === "undefined";
|
|
94
|
+
if (withProviderProfile) {
|
|
95
|
+
(_a = logger == null ? void 0 : logger.debug) == null ? void 0 : _a.call(logger, ` ${profile} isCredentialSourceProfile credential_source=${arg.credential_source}`);
|
|
96
|
+
}
|
|
97
|
+
return withProviderProfile;
|
|
98
|
+
}, "isCredentialSourceProfile");
|
|
99
|
+
var resolveAssumeRoleCredentials = /* @__PURE__ */ __name(async (profileName, profiles, options, visitedProfiles = {}) => {
|
|
100
|
+
var _a, _b;
|
|
101
|
+
(_a = options.logger) == null ? void 0 : _a.debug("@aws-sdk/credential-provider-ini - resolveAssumeRoleCredentials (STS)");
|
|
72
102
|
const data = profiles[profileName];
|
|
73
103
|
if (!options.roleAssumer) {
|
|
74
104
|
const { getDefaultRoleAssumer } = await Promise.resolve().then(() => __toESM(require("@aws-sdk/client-sts")));
|
|
@@ -85,13 +115,30 @@ var resolveAssumeRoleCredentials = /* @__PURE__ */ __name(async (profileName, pr
|
|
|
85
115
|
if (source_profile && source_profile in visitedProfiles) {
|
|
86
116
|
throw new import_property_provider.CredentialsProviderError(
|
|
87
117
|
`Detected a cycle attempting to resolve credentials for profile ${(0, import_shared_ini_file_loader.getProfileName)(options)}. Profiles visited: ` + Object.keys(visitedProfiles).join(", "),
|
|
88
|
-
|
|
118
|
+
{ logger: options.logger }
|
|
89
119
|
);
|
|
90
120
|
}
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
121
|
+
(_b = options.logger) == null ? void 0 : _b.debug(
|
|
122
|
+
`@aws-sdk/credential-provider-ini - finding credential resolver using ${source_profile ? `source_profile=[${source_profile}]` : `profile=[${profileName}]`}`
|
|
123
|
+
);
|
|
124
|
+
const sourceCredsProvider = source_profile ? resolveProfileData(
|
|
125
|
+
source_profile,
|
|
126
|
+
{
|
|
127
|
+
...profiles,
|
|
128
|
+
[source_profile]: {
|
|
129
|
+
...profiles[source_profile],
|
|
130
|
+
// This assigns the role_arn of the "root" profile
|
|
131
|
+
// to the credential_source profile so this recursive call knows
|
|
132
|
+
// what role to assume.
|
|
133
|
+
role_arn: data.role_arn ?? profiles[source_profile].role_arn
|
|
134
|
+
}
|
|
135
|
+
},
|
|
136
|
+
options,
|
|
137
|
+
{
|
|
138
|
+
...visitedProfiles,
|
|
139
|
+
[source_profile]: true
|
|
140
|
+
}
|
|
141
|
+
) : (await resolveCredentialSource(data.credential_source, profileName, options.logger)(options))();
|
|
95
142
|
const params = {
|
|
96
143
|
RoleArn: data.role_arn,
|
|
97
144
|
RoleSessionName: data.role_session_name || `aws-sdk-js-${Date.now()}`,
|
|
@@ -103,7 +150,7 @@ var resolveAssumeRoleCredentials = /* @__PURE__ */ __name(async (profileName, pr
|
|
|
103
150
|
if (!options.mfaCodeProvider) {
|
|
104
151
|
throw new import_property_provider.CredentialsProviderError(
|
|
105
152
|
`Profile ${profileName} requires multi-factor authentication, but no MFA code callback was provided.`,
|
|
106
|
-
false
|
|
153
|
+
{ logger: options.logger, tryNextLink: false }
|
|
107
154
|
);
|
|
108
155
|
}
|
|
109
156
|
params.SerialNumber = mfa_serial;
|
|
@@ -136,7 +183,7 @@ var isSsoProfile = /* @__PURE__ */ __name((arg) => arg && (typeof arg.sso_start_
|
|
|
136
183
|
var isStaticCredsProfile = /* @__PURE__ */ __name((arg) => Boolean(arg) && typeof arg === "object" && typeof arg.aws_access_key_id === "string" && typeof arg.aws_secret_access_key === "string" && ["undefined", "string"].indexOf(typeof arg.aws_session_token) > -1, "isStaticCredsProfile");
|
|
137
184
|
var resolveStaticCredentials = /* @__PURE__ */ __name((profile, options) => {
|
|
138
185
|
var _a;
|
|
139
|
-
(_a = options == null ? void 0 : options.logger) == null ? void 0 : _a.debug("@aws-sdk/credential-provider-ini
|
|
186
|
+
(_a = options == null ? void 0 : options.logger) == null ? void 0 : _a.debug("@aws-sdk/credential-provider-ini - resolveStaticCredentials");
|
|
140
187
|
return Promise.resolve({
|
|
141
188
|
accessKeyId: profile.aws_access_key_id,
|
|
142
189
|
secretAccessKey: profile.aws_secret_access_key,
|
|
@@ -164,7 +211,7 @@ var resolveProfileData = /* @__PURE__ */ __name(async (profileName, profiles, op
|
|
|
164
211
|
if (Object.keys(visitedProfiles).length > 0 && isStaticCredsProfile(data)) {
|
|
165
212
|
return resolveStaticCredentials(data, options);
|
|
166
213
|
}
|
|
167
|
-
if (isAssumeRoleProfile(data)) {
|
|
214
|
+
if (isAssumeRoleProfile(data, { profile: profileName, logger: options.logger })) {
|
|
168
215
|
return resolveAssumeRoleCredentials(profileName, profiles, options, visitedProfiles);
|
|
169
216
|
}
|
|
170
217
|
if (isStaticCredsProfile(data)) {
|
|
@@ -179,13 +226,16 @@ var resolveProfileData = /* @__PURE__ */ __name(async (profileName, profiles, op
|
|
|
179
226
|
if (isSsoProfile(data)) {
|
|
180
227
|
return await resolveSsoCredentials(profileName, options);
|
|
181
228
|
}
|
|
182
|
-
throw new import_property_provider.CredentialsProviderError(
|
|
229
|
+
throw new import_property_provider.CredentialsProviderError(
|
|
230
|
+
`Could not resolve credentials using profile: [${profileName}] in configuration/credentials file(s).`,
|
|
231
|
+
{ logger: options.logger }
|
|
232
|
+
);
|
|
183
233
|
}, "resolveProfileData");
|
|
184
234
|
|
|
185
235
|
// src/fromIni.ts
|
|
186
236
|
var fromIni = /* @__PURE__ */ __name((init = {}) => async () => {
|
|
187
237
|
var _a;
|
|
188
|
-
(_a = init.logger) == null ? void 0 : _a.debug("@aws-sdk/credential-provider-ini
|
|
238
|
+
(_a = init.logger) == null ? void 0 : _a.debug("@aws-sdk/credential-provider-ini - fromIni");
|
|
189
239
|
const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init);
|
|
190
240
|
return resolveProfileData((0, import_shared_ini_file_loader.getProfileName)(init), profiles, init);
|
|
191
241
|
}, "fromIni");
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { getProfileName, parseKnownFiles } from "@smithy/shared-ini-file-loader";
|
|
2
2
|
import { resolveProfileData } from "./resolveProfileData";
|
|
3
3
|
export const fromIni = (init = {}) => async () => {
|
|
4
|
-
init.logger?.debug("@aws-sdk/credential-provider-ini
|
|
4
|
+
init.logger?.debug("@aws-sdk/credential-provider-ini - fromIni");
|
|
5
5
|
const profiles = await parseKnownFiles(init);
|
|
6
6
|
return resolveProfileData(getProfileName(init), profiles, init);
|
|
7
7
|
};
|
package/node_modules/@aws-sdk/credential-provider-ini/dist-es/resolveAssumeRoleCredentials.js
CHANGED
|
@@ -2,17 +2,31 @@ import { CredentialsProviderError } from "@smithy/property-provider";
|
|
|
2
2
|
import { getProfileName } from "@smithy/shared-ini-file-loader";
|
|
3
3
|
import { resolveCredentialSource } from "./resolveCredentialSource";
|
|
4
4
|
import { resolveProfileData } from "./resolveProfileData";
|
|
5
|
-
export const isAssumeRoleProfile = (arg) =>
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
5
|
+
export const isAssumeRoleProfile = (arg, { profile = "default", logger } = {}) => {
|
|
6
|
+
return (Boolean(arg) &&
|
|
7
|
+
typeof arg === "object" &&
|
|
8
|
+
typeof arg.role_arn === "string" &&
|
|
9
|
+
["undefined", "string"].indexOf(typeof arg.role_session_name) > -1 &&
|
|
10
|
+
["undefined", "string"].indexOf(typeof arg.external_id) > -1 &&
|
|
11
|
+
["undefined", "string"].indexOf(typeof arg.mfa_serial) > -1 &&
|
|
12
|
+
(isAssumeRoleWithSourceProfile(arg, { profile, logger }) || isCredentialSourceProfile(arg, { profile, logger })));
|
|
13
|
+
};
|
|
14
|
+
const isAssumeRoleWithSourceProfile = (arg, { profile, logger }) => {
|
|
15
|
+
const withSourceProfile = typeof arg.source_profile === "string" && typeof arg.credential_source === "undefined";
|
|
16
|
+
if (withSourceProfile) {
|
|
17
|
+
logger?.debug?.(` ${profile} isAssumeRoleWithSourceProfile source_profile=${arg.source_profile}`);
|
|
18
|
+
}
|
|
19
|
+
return withSourceProfile;
|
|
20
|
+
};
|
|
21
|
+
const isCredentialSourceProfile = (arg, { profile, logger }) => {
|
|
22
|
+
const withProviderProfile = typeof arg.credential_source === "string" && typeof arg.source_profile === "undefined";
|
|
23
|
+
if (withProviderProfile) {
|
|
24
|
+
logger?.debug?.(` ${profile} isCredentialSourceProfile credential_source=${arg.credential_source}`);
|
|
25
|
+
}
|
|
26
|
+
return withProviderProfile;
|
|
27
|
+
};
|
|
14
28
|
export const resolveAssumeRoleCredentials = async (profileName, profiles, options, visitedProfiles = {}) => {
|
|
15
|
-
options.logger?.debug("@aws-sdk/credential-provider-ini
|
|
29
|
+
options.logger?.debug("@aws-sdk/credential-provider-ini - resolveAssumeRoleCredentials (STS)");
|
|
16
30
|
const data = profiles[profileName];
|
|
17
31
|
if (!options.roleAssumer) {
|
|
18
32
|
const { getDefaultRoleAssumer } = await import("@aws-sdk/client-sts");
|
|
@@ -26,14 +40,21 @@ export const resolveAssumeRoleCredentials = async (profileName, profiles, option
|
|
|
26
40
|
if (source_profile && source_profile in visitedProfiles) {
|
|
27
41
|
throw new CredentialsProviderError(`Detected a cycle attempting to resolve credentials for profile` +
|
|
28
42
|
` ${getProfileName(options)}. Profiles visited: ` +
|
|
29
|
-
Object.keys(visitedProfiles).join(", "),
|
|
43
|
+
Object.keys(visitedProfiles).join(", "), { logger: options.logger });
|
|
30
44
|
}
|
|
45
|
+
options.logger?.debug(`@aws-sdk/credential-provider-ini - finding credential resolver using ${source_profile ? `source_profile=[${source_profile}]` : `profile=[${profileName}]`}`);
|
|
31
46
|
const sourceCredsProvider = source_profile
|
|
32
|
-
? resolveProfileData(source_profile,
|
|
47
|
+
? resolveProfileData(source_profile, {
|
|
48
|
+
...profiles,
|
|
49
|
+
[source_profile]: {
|
|
50
|
+
...profiles[source_profile],
|
|
51
|
+
role_arn: data.role_arn ?? profiles[source_profile].role_arn,
|
|
52
|
+
},
|
|
53
|
+
}, options, {
|
|
33
54
|
...visitedProfiles,
|
|
34
55
|
[source_profile]: true,
|
|
35
56
|
})
|
|
36
|
-
: (await resolveCredentialSource(data.credential_source, profileName)(options))();
|
|
57
|
+
: (await resolveCredentialSource(data.credential_source, profileName, options.logger)(options))();
|
|
37
58
|
const params = {
|
|
38
59
|
RoleArn: data.role_arn,
|
|
39
60
|
RoleSessionName: data.role_session_name || `aws-sdk-js-${Date.now()}`,
|
|
@@ -43,7 +64,7 @@ export const resolveAssumeRoleCredentials = async (profileName, profiles, option
|
|
|
43
64
|
const { mfa_serial } = data;
|
|
44
65
|
if (mfa_serial) {
|
|
45
66
|
if (!options.mfaCodeProvider) {
|
|
46
|
-
throw new CredentialsProviderError(`Profile ${profileName} requires multi-factor authentication, but no MFA code callback was provided.`, false);
|
|
67
|
+
throw new CredentialsProviderError(`Profile ${profileName} requires multi-factor authentication, but no MFA code callback was provided.`, { logger: options.logger, tryNextLink: false });
|
|
47
68
|
}
|
|
48
69
|
params.SerialNumber = mfa_serial;
|
|
49
70
|
params.TokenCode = await options.mfaCodeProvider(mfa_serial);
|
|
@@ -1,15 +1,28 @@
|
|
|
1
|
-
import { CredentialsProviderError } from "@smithy/property-provider";
|
|
2
|
-
export const resolveCredentialSource = (credentialSource, profileName) => {
|
|
1
|
+
import { chain, CredentialsProviderError } from "@smithy/property-provider";
|
|
2
|
+
export const resolveCredentialSource = (credentialSource, profileName, logger) => {
|
|
3
3
|
const sourceProvidersMap = {
|
|
4
|
-
EcsContainer: (options) =>
|
|
5
|
-
|
|
6
|
-
|
|
4
|
+
EcsContainer: async (options) => {
|
|
5
|
+
const { fromHttp } = await import("@aws-sdk/credential-provider-http");
|
|
6
|
+
const { fromContainerMetadata } = await import("@smithy/credential-provider-imds");
|
|
7
|
+
logger?.debug("@aws-sdk/credential-provider-ini - credential_source is EcsContainer");
|
|
8
|
+
return chain(fromHttp(options ?? {}), fromContainerMetadata(options));
|
|
9
|
+
},
|
|
10
|
+
Ec2InstanceMetadata: async (options) => {
|
|
11
|
+
logger?.debug("@aws-sdk/credential-provider-ini - credential_source is Ec2InstanceMetadata");
|
|
12
|
+
const { fromInstanceMetadata } = await import("@smithy/credential-provider-imds");
|
|
13
|
+
return fromInstanceMetadata(options);
|
|
14
|
+
},
|
|
15
|
+
Environment: async (options) => {
|
|
16
|
+
logger?.debug("@aws-sdk/credential-provider-ini - credential_source is Environment");
|
|
17
|
+
const { fromEnv } = await import("@aws-sdk/credential-provider-env");
|
|
18
|
+
return fromEnv(options);
|
|
19
|
+
},
|
|
7
20
|
};
|
|
8
21
|
if (credentialSource in sourceProvidersMap) {
|
|
9
22
|
return sourceProvidersMap[credentialSource];
|
|
10
23
|
}
|
|
11
24
|
else {
|
|
12
25
|
throw new CredentialsProviderError(`Unsupported credential source in profile ${profileName}. Got ${credentialSource}, ` +
|
|
13
|
-
`expected EcsContainer or Ec2InstanceMetadata or Environment
|
|
26
|
+
`expected EcsContainer or Ec2InstanceMetadata or Environment.`, { logger });
|
|
14
27
|
}
|
|
15
28
|
};
|
|
@@ -9,7 +9,7 @@ export const resolveProfileData = async (profileName, profiles, options, visited
|
|
|
9
9
|
if (Object.keys(visitedProfiles).length > 0 && isStaticCredsProfile(data)) {
|
|
10
10
|
return resolveStaticCredentials(data, options);
|
|
11
11
|
}
|
|
12
|
-
if (isAssumeRoleProfile(data)) {
|
|
12
|
+
if (isAssumeRoleProfile(data, { profile: profileName, logger: options.logger })) {
|
|
13
13
|
return resolveAssumeRoleCredentials(profileName, profiles, options, visitedProfiles);
|
|
14
14
|
}
|
|
15
15
|
if (isStaticCredsProfile(data)) {
|
|
@@ -24,5 +24,5 @@ export const resolveProfileData = async (profileName, profiles, options, visited
|
|
|
24
24
|
if (isSsoProfile(data)) {
|
|
25
25
|
return await resolveSsoCredentials(profileName, options);
|
|
26
26
|
}
|
|
27
|
-
throw new CredentialsProviderError(`
|
|
27
|
+
throw new CredentialsProviderError(`Could not resolve credentials using profile: [${profileName}] in configuration/credentials file(s).`, { logger: options.logger });
|
|
28
28
|
};
|
|
@@ -4,7 +4,7 @@ export const isStaticCredsProfile = (arg) => Boolean(arg) &&
|
|
|
4
4
|
typeof arg.aws_secret_access_key === "string" &&
|
|
5
5
|
["undefined", "string"].indexOf(typeof arg.aws_session_token) > -1;
|
|
6
6
|
export const resolveStaticCredentials = (profile, options) => {
|
|
7
|
-
options?.logger?.debug("@aws-sdk/credential-provider-ini
|
|
7
|
+
options?.logger?.debug("@aws-sdk/credential-provider-ini - resolveStaticCredentials");
|
|
8
8
|
return Promise.resolve({
|
|
9
9
|
accessKeyId: profile.aws_access_key_id,
|
|
10
10
|
secretAccessKey: profile.aws_secret_access_key,
|