@digipair/skill-s3 0.136.3 → 0.136.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (34) hide show
  1. package/dist/AwsRestJsonProtocol.esm.js +208 -123
  2. package/dist/externalDataInterceptor.esm.js +1 -1
  3. package/dist/getSSOTokenFromFile.esm.js +4 -4
  4. package/dist/index.esm.js +10 -8
  5. package/dist/index.esm10.js +81 -89
  6. package/dist/index.esm11.js +659 -420
  7. package/dist/index.esm12.js +231 -1138
  8. package/dist/index.esm13.js +896 -1600
  9. package/dist/index.esm14.js +210 -0
  10. package/dist/index.esm15.js +4780 -0
  11. package/dist/index.esm16.js +2057 -0
  12. package/dist/index.esm17.js +434 -0
  13. package/dist/index.esm18.js +1265 -0
  14. package/dist/index.esm19.js +456 -0
  15. package/dist/index.esm2.js +58503 -11
  16. package/dist/index.esm20.js +4885 -0
  17. package/dist/index.esm3.js +787 -51789
  18. package/dist/index.esm4.js +1154 -88
  19. package/dist/index.esm5.js +268 -4827
  20. package/dist/index.esm6.js +954 -951
  21. package/dist/index.esm7.js +2425 -119
  22. package/dist/index.esm8.js +124 -426
  23. package/dist/index.esm9.js +123 -2399
  24. package/dist/loadSso.esm.js +4966 -187
  25. package/dist/loadSso.esm2.js +6584 -0
  26. package/dist/{package.esm.js → loadSsoSessionData.esm.js} +155 -122
  27. package/dist/noAuth.esm.js +165 -0
  28. package/dist/parseKnownFiles.esm.js +1 -1
  29. package/dist/src/index.d.ts +2 -0
  30. package/dist/src/index.d.ts.map +1 -0
  31. package/dist/src/lib/skill-s3.d.ts +6 -0
  32. package/dist/src/lib/skill-s3.d.ts.map +1 -0
  33. package/package.json +1 -1
  34. package/dist/create-aggregated-client.esm.js +0 -366
package/dist/index.esm12.js CHANGED
@@ -1,711 +1,58 @@
1
- import { aX as ProviderError, aY as IniSectionType, aZ as CONFIG_PREFIX_SEPARATOR, a5 as readFile, a_ as getConfigFilepath, a$ as parseIni, x as getProfileName, C as CredentialsProviderError, s as setCredentialFeature } from './index.esm3.js';
2
- import { g as getSSOTokenFilepath, a as getSSOTokenFromFile } from './getSSOTokenFromFile.esm.js';
3
- import { promises } from 'node:fs';
4
- import { p as parseKnownFiles } from './parseKnownFiles.esm.js';
5
- import 'node:crypto';
6
- import 'node:path';
7
- import 'node:os';
1
+ import fs from 'fs/promises';
2
+ import { C as CredentialsProviderError, H as HttpRequest, b as parseRfc3339DateTime, d as sdkStreamMixin, N as NodeHttpHandler, s as setCredentialFeature } from './index.esm2.js';
3
+ import 'buffer';
4
+ import 'path';
5
+ import 'os';
8
6
  import 'node:fs/promises';
7
+ import 'stream';
8
+ import 'crypto';
9
9
  import 'node:stream';
10
- import 'node:process';
11
- import 'buffer';
12
- import 'node:https';
13
- import 'node:zlib';
14
-
15
- function _assert_this_initialized(self) {
16
- if (self === void 0) {
17
- throw new ReferenceError("this hasn't been initialised - super() hasn't been called");
18
- }
19
- return self;
20
- }
21
- function _class_call_check(instance, Constructor) {
22
- if (!(instance instanceof Constructor)) {
23
- throw new TypeError("Cannot call a class as a function");
24
- }
25
- }
26
- function _define_property$3(obj, key, value) {
27
- if (key in obj) {
28
- Object.defineProperty(obj, key, {
29
- value: value,
30
- enumerable: true,
31
- configurable: true,
32
- writable: true
33
- });
34
- } else {
35
- obj[key] = value;
36
- }
37
- return obj;
38
- }
39
- function _get_prototype_of(o) {
40
- _get_prototype_of = Object.setPrototypeOf ? Object.getPrototypeOf : function getPrototypeOf(o) {
41
- return o.__proto__ || Object.getPrototypeOf(o);
42
- };
43
- return _get_prototype_of(o);
44
- }
45
- function _inherits(subClass, superClass) {
46
- if (typeof superClass !== "function" && superClass !== null) {
47
- throw new TypeError("Super expression must either be null or a function");
48
- }
49
- subClass.prototype = Object.create(superClass && superClass.prototype, {
50
- constructor: {
51
- value: subClass,
52
- writable: true,
53
- configurable: true
54
- }
55
- });
56
- if (superClass) _set_prototype_of(subClass, superClass);
57
- }
58
- function _possible_constructor_return(self, call) {
59
- if (call && (_type_of(call) === "object" || typeof call === "function")) {
60
- return call;
61
- }
62
- return _assert_this_initialized(self);
63
- }
64
- function _set_prototype_of(o, p) {
65
- _set_prototype_of = Object.setPrototypeOf || function setPrototypeOf(o, p) {
66
- o.__proto__ = p;
67
- return o;
68
- };
69
- return _set_prototype_of(o, p);
70
- }
71
- function _type_of(obj) {
72
- "@swc/helpers - typeof";
73
- return obj && typeof Symbol !== "undefined" && obj.constructor === Symbol ? "symbol" : typeof obj;
74
- }
75
- function _is_native_reflect_construct() {
76
- if (typeof Reflect === "undefined" || !Reflect.construct) return false;
77
- if (Reflect.construct.sham) return false;
78
- if (typeof Proxy === "function") return true;
79
- try {
80
- Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function() {}));
81
- return true;
82
- } catch (e) {
83
- return false;
84
- }
85
- }
86
- function _create_super(Derived) {
87
- var hasNativeReflectConstruct = _is_native_reflect_construct();
88
- return function _createSuperInternal() {
89
- var Super = _get_prototype_of(Derived), result;
90
- if (hasNativeReflectConstruct) {
91
- var NewTarget = _get_prototype_of(this).constructor;
92
- result = Reflect.construct(Super, arguments, NewTarget);
93
- } else {
94
- result = Super.apply(this, arguments);
95
- }
96
- return _possible_constructor_return(this, result);
97
- };
98
- }
99
- var TokenProviderError = /*#__PURE__*/ function(ProviderError) {
100
- _inherits(TokenProviderError, ProviderError);
101
- var _super = _create_super(TokenProviderError);
102
- function TokenProviderError(message) {
103
- var options = arguments.length > 1 && arguments[1] !== void 0 ? arguments[1] : true;
104
- _class_call_check(this, TokenProviderError);
105
- var _this;
106
- _this = _super.call(this, message, options);
107
- _define_property$3(_assert_this_initialized(_this), "name", "TokenProviderError");
108
- Object.setPrototypeOf(_assert_this_initialized(_this), TokenProviderError.prototype);
109
- return _this;
110
- }
111
- return TokenProviderError;
112
- }(ProviderError);
10
+ import 'http';
11
+ import 'https';
12
+ import 'process';
13
+ import 'node:fs';
14
+ import 'zlib';
113
15
 
114
- function _array_like_to_array(arr, len) {
115
- if (len == null || len > arr.length) len = arr.length;
116
- for(var i = 0, arr2 = new Array(len); i < len; i++)arr2[i] = arr[i];
117
- return arr2;
118
- }
119
- function _array_with_holes(arr) {
120
- if (Array.isArray(arr)) return arr;
121
- }
122
- function _define_property$2(obj, key, value) {
123
- if (key in obj) {
124
- Object.defineProperty(obj, key, {
125
- value: value,
126
- enumerable: true,
127
- configurable: true,
128
- writable: true
129
- });
130
- } else {
131
- obj[key] = value;
132
- }
133
- return obj;
134
- }
135
- function _iterable_to_array_limit(arr, i) {
136
- var _i = arr == null ? null : typeof Symbol !== "undefined" && arr[Symbol.iterator] || arr["@@iterator"];
137
- if (_i == null) return;
138
- var _arr = [];
139
- var _n = true;
140
- var _d = false;
141
- var _s, _e;
142
- try {
143
- for(_i = _i.call(arr); !(_n = (_s = _i.next()).done); _n = true){
144
- _arr.push(_s.value);
145
- if (i && _arr.length === i) break;
146
- }
147
- } catch (err) {
148
- _d = true;
149
- _e = err;
150
- } finally{
151
- try {
152
- if (!_n && _i["return"] != null) _i["return"]();
153
- } finally{
154
- if (_d) throw _e;
155
- }
156
- }
157
- return _arr;
158
- }
159
- function _non_iterable_rest() {
160
- throw new TypeError("Invalid attempt to destructure non-iterable instance.\\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.");
161
- }
162
- function _object_spread$2(target) {
163
- for(var i = 1; i < arguments.length; i++){
164
- var source = arguments[i] != null ? arguments[i] : {};
165
- var ownKeys = Object.keys(source);
166
- if (typeof Object.getOwnPropertySymbols === "function") {
167
- ownKeys = ownKeys.concat(Object.getOwnPropertySymbols(source).filter(function(sym) {
168
- return Object.getOwnPropertyDescriptor(source, sym).enumerable;
169
- }));
170
- }
171
- ownKeys.forEach(function(key) {
172
- _define_property$2(target, key, source[key]);
173
- });
174
- }
175
- return target;
176
- }
177
- function ownKeys$1(object, enumerableOnly) {
178
- var keys = Object.keys(object);
179
- if (Object.getOwnPropertySymbols) {
180
- var symbols = Object.getOwnPropertySymbols(object);
181
- keys.push.apply(keys, symbols);
182
- }
183
- return keys;
184
- }
185
- function _object_spread_props$1(target, source) {
186
- source = source != null ? source : {};
187
- if (Object.getOwnPropertyDescriptors) {
188
- Object.defineProperties(target, Object.getOwnPropertyDescriptors(source));
189
- } else {
190
- ownKeys$1(Object(source)).forEach(function(key) {
191
- Object.defineProperty(target, key, Object.getOwnPropertyDescriptor(source, key));
192
- });
193
- }
194
- return target;
195
- }
196
- function _sliced_to_array(arr, i) {
197
- return _array_with_holes(arr) || _iterable_to_array_limit(arr, i) || _unsupported_iterable_to_array(arr, i) || _non_iterable_rest();
198
- }
199
- function _unsupported_iterable_to_array(o, minLen) {
200
- if (!o) return;
201
- if (typeof o === "string") return _array_like_to_array(o, minLen);
202
- var n = Object.prototype.toString.call(o).slice(8, -1);
203
- if (n === "Object" && o.constructor) n = o.constructor.name;
204
- if (n === "Map" || n === "Set") return Array.from(n);
205
- if (n === "Arguments" || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)) return _array_like_to_array(o, minLen);
206
- }
207
- var getSsoSessionData = function(data) {
208
- return Object.entries(data).filter(function(param) {
209
- var _param = _sliced_to_array(param, 1), key = _param[0];
210
- return key.startsWith(IniSectionType.SSO_SESSION + CONFIG_PREFIX_SEPARATOR);
211
- }).reduce(function(acc, param) {
212
- var _param = _sliced_to_array(param, 2), key = _param[0], value = _param[1];
213
- return _object_spread_props$1(_object_spread$2({}, acc), _define_property$2({}, key.substring(key.indexOf(CONFIG_PREFIX_SEPARATOR) + 1), value));
214
- }, {});
215
- };
216
-
217
- function asyncGeneratorStep$5(gen, resolve, reject, _next, _throw, key, arg) {
218
- try {
219
- var info = gen[key](arg);
220
- var value = info.value;
221
- } catch (error) {
222
- reject(error);
16
+ var ECS_CONTAINER_HOST = "169.254.170.2";
17
+ var EKS_CONTAINER_HOST_IPv4 = "169.254.170.23";
18
+ var EKS_CONTAINER_HOST_IPv6 = "[fd00:ec2::23]";
19
+ var checkUrl = function(url, logger) {
20
+ if (url.protocol === "https:") {
223
21
  return;
224
22
  }
225
- if (info.done) {
226
- resolve(value);
227
- } else {
228
- Promise.resolve(value).then(_next, _throw);
229
- }
230
- }
231
- function _async_to_generator$5(fn) {
232
- return function() {
233
- var self = this, args = arguments;
234
- return new Promise(function(resolve, reject) {
235
- var gen = fn.apply(self, args);
236
- function _next(value) {
237
- asyncGeneratorStep$5(gen, resolve, reject, _next, _throw, "next", value);
238
- }
239
- function _throw(err) {
240
- asyncGeneratorStep$5(gen, resolve, reject, _next, _throw, "throw", err);
241
- }
242
- _next(undefined);
243
- });
244
- };
245
- }
246
- function _ts_generator$5(thisArg, body) {
247
- var f, y, t, g, _ = {
248
- label: 0,
249
- sent: function() {
250
- if (t[0] & 1) throw t[1];
251
- return t[1];
252
- },
253
- trys: [],
254
- ops: []
255
- };
256
- return g = {
257
- next: verb(0),
258
- "throw": verb(1),
259
- "return": verb(2)
260
- }, typeof Symbol === "function" && (g[Symbol.iterator] = function() {
261
- return this;
262
- }), g;
263
- function verb(n) {
264
- return function(v) {
265
- return step([
266
- n,
267
- v
268
- ]);
269
- };
270
- }
271
- function step(op) {
272
- if (f) throw new TypeError("Generator is already executing.");
273
- while(_)try {
274
- if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
275
- if (y = 0, t) op = [
276
- op[0] & 2,
277
- t.value
278
- ];
279
- switch(op[0]){
280
- case 0:
281
- case 1:
282
- t = op;
283
- break;
284
- case 4:
285
- _.label++;
286
- return {
287
- value: op[1],
288
- done: false
289
- };
290
- case 5:
291
- _.label++;
292
- y = op[1];
293
- op = [
294
- 0
295
- ];
296
- continue;
297
- case 7:
298
- op = _.ops.pop();
299
- _.trys.pop();
300
- continue;
301
- default:
302
- if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) {
303
- _ = 0;
304
- continue;
305
- }
306
- if (op[0] === 3 && (!t || op[1] > t[0] && op[1] < t[3])) {
307
- _.label = op[1];
308
- break;
309
- }
310
- if (op[0] === 6 && _.label < t[1]) {
311
- _.label = t[1];
312
- t = op;
313
- break;
314
- }
315
- if (t && _.label < t[2]) {
316
- _.label = t[2];
317
- _.ops.push(op);
318
- break;
319
- }
320
- if (t[2]) _.ops.pop();
321
- _.trys.pop();
322
- continue;
323
- }
324
- op = body.call(thisArg, _);
325
- } catch (e) {
326
- op = [
327
- 6,
328
- e
329
- ];
330
- y = 0;
331
- } finally{
332
- f = t = 0;
333
- }
334
- if (op[0] & 5) throw op[1];
335
- return {
336
- value: op[0] ? op[1] : void 0,
337
- done: true
338
- };
339
- }
340
- }
341
- var swallowError = function() {
342
- return {};
343
- };
344
- var loadSsoSessionData = function() {
345
- var _ref = _async_to_generator$5(function() {
346
- var init, _init_configFilepath;
347
- var _arguments = arguments;
348
- return _ts_generator$5(this, function(_state) {
349
- init = _arguments.length > 0 && _arguments[0] !== void 0 ? _arguments[0] : {};
350
- return [
351
- 2,
352
- readFile((_init_configFilepath = init.configFilepath) !== null && _init_configFilepath !== void 0 ? _init_configFilepath : getConfigFilepath()).then(parseIni).then(getSsoSessionData).catch(swallowError)
353
- ];
354
- });
355
- });
356
- return function loadSsoSessionData() {
357
- return _ref.apply(this, arguments);
358
- };
359
- }();
360
-
361
- var isSsoProfile = function(arg) {
362
- return arg && (typeof arg.sso_start_url === "string" || typeof arg.sso_account_id === "string" || typeof arg.sso_session === "string" || typeof arg.sso_region === "string" || typeof arg.sso_role_name === "string");
363
- };
364
-
365
- var EXPIRE_WINDOW_MS = 5 * 60 * 1000;
366
- var REFRESH_MESSAGE = "To refresh this SSO session run 'aws sso login' with the corresponding profile.";
367
-
368
- function asyncGeneratorStep$4(gen, resolve, reject, _next, _throw, key, arg) {
369
- try {
370
- var info = gen[key](arg);
371
- var value = info.value;
372
- } catch (error) {
373
- reject(error);
23
+ if (url.hostname === ECS_CONTAINER_HOST || url.hostname === EKS_CONTAINER_HOST_IPv4 || url.hostname === EKS_CONTAINER_HOST_IPv6) {
374
24
  return;
375
25
  }
376
- if (info.done) {
377
- resolve(value);
378
- } else {
379
- Promise.resolve(value).then(_next, _throw);
380
- }
381
- }
382
- function _async_to_generator$4(fn) {
383
- return function() {
384
- var self = this, args = arguments;
385
- return new Promise(function(resolve, reject) {
386
- var gen = fn.apply(self, args);
387
- function _next(value) {
388
- asyncGeneratorStep$4(gen, resolve, reject, _next, _throw, "next", value);
389
- }
390
- function _throw(err) {
391
- asyncGeneratorStep$4(gen, resolve, reject, _next, _throw, "throw", err);
392
- }
393
- _next(undefined);
394
- });
395
- };
396
- }
397
- function _ts_generator$4(thisArg, body) {
398
- var f, y, t, g, _ = {
399
- label: 0,
400
- sent: function() {
401
- if (t[0] & 1) throw t[1];
402
- return t[1];
403
- },
404
- trys: [],
405
- ops: []
406
- };
407
- return g = {
408
- next: verb(0),
409
- "throw": verb(1),
410
- "return": verb(2)
411
- }, typeof Symbol === "function" && (g[Symbol.iterator] = function() {
412
- return this;
413
- }), g;
414
- function verb(n) {
415
- return function(v) {
416
- return step([
417
- n,
418
- v
419
- ]);
420
- };
421
- }
422
- function step(op) {
423
- if (f) throw new TypeError("Generator is already executing.");
424
- while(_)try {
425
- if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
426
- if (y = 0, t) op = [
427
- op[0] & 2,
428
- t.value
429
- ];
430
- switch(op[0]){
431
- case 0:
432
- case 1:
433
- t = op;
434
- break;
435
- case 4:
436
- _.label++;
437
- return {
438
- value: op[1],
439
- done: false
440
- };
441
- case 5:
442
- _.label++;
443
- y = op[1];
444
- op = [
445
- 0
446
- ];
447
- continue;
448
- case 7:
449
- op = _.ops.pop();
450
- _.trys.pop();
451
- continue;
452
- default:
453
- if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) {
454
- _ = 0;
455
- continue;
456
- }
457
- if (op[0] === 3 && (!t || op[1] > t[0] && op[1] < t[3])) {
458
- _.label = op[1];
459
- break;
460
- }
461
- if (op[0] === 6 && _.label < t[1]) {
462
- _.label = t[1];
463
- t = op;
464
- break;
465
- }
466
- if (t && _.label < t[2]) {
467
- _.label = t[2];
468
- _.ops.push(op);
469
- break;
470
- }
471
- if (t[2]) _.ops.pop();
472
- _.trys.pop();
473
- continue;
474
- }
475
- op = body.call(thisArg, _);
476
- } catch (e) {
477
- op = [
478
- 6,
479
- e
480
- ];
481
- y = 0;
482
- } finally{
483
- f = t = 0;
26
+ if (url.hostname.includes("[")) {
27
+ if (url.hostname === "[::1]" || url.hostname === "[0000:0000:0000:0000:0000:0000:0000:0001]") {
28
+ return;
484
29
  }
485
- if (op[0] & 5) throw op[1];
486
- return {
487
- value: op[0] ? op[1] : void 0,
488
- done: true
489
- };
490
- }
491
- }
492
- var getSsoOidcClient = function() {
493
- var _ref = _async_to_generator$4(function(ssoRegion) {
494
- var init, callerClientConfig, _init_clientConfig, SSOOIDCClient, coalesce, _init_clientConfig1, ssoOidcClient;
495
- var _arguments = arguments;
496
- return _ts_generator$4(this, function(_state) {
497
- switch(_state.label){
498
- case 0:
499
- init = _arguments.length > 1 && _arguments[1] !== void 0 ? _arguments[1] : {}, callerClientConfig = _arguments.length > 2 ? _arguments[2] : void 0;
500
- return [
501
- 4,
502
- import('./index.esm13.js')
503
- ];
504
- case 1:
505
- SSOOIDCClient = _state.sent().SSOOIDCClient;
506
- coalesce = function(prop) {
507
- var _init_clientConfig, _init_parentClientConfig;
508
- var _init_clientConfig_prop, _ref;
509
- return (_ref = (_init_clientConfig_prop = (_init_clientConfig = init.clientConfig) === null || _init_clientConfig === void 0 ? void 0 : _init_clientConfig[prop]) !== null && _init_clientConfig_prop !== void 0 ? _init_clientConfig_prop : (_init_parentClientConfig = init.parentClientConfig) === null || _init_parentClientConfig === void 0 ? void 0 : _init_parentClientConfig[prop]) !== null && _ref !== void 0 ? _ref : callerClientConfig === null || callerClientConfig === void 0 ? void 0 : callerClientConfig[prop];
510
- };
511
- ssoOidcClient = new SSOOIDCClient(Object.assign({}, (_init_clientConfig1 = init.clientConfig) !== null && _init_clientConfig1 !== void 0 ? _init_clientConfig1 : {}, {
512
- region: ssoRegion !== null && ssoRegion !== void 0 ? ssoRegion : (_init_clientConfig = init.clientConfig) === null || _init_clientConfig === void 0 ? void 0 : _init_clientConfig.region,
513
- logger: coalesce("logger"),
514
- userAgentAppId: coalesce("userAgentAppId")
515
- }));
516
- return [
517
- 2,
518
- ssoOidcClient
519
- ];
520
- }
521
- });
522
- });
523
- return function getSsoOidcClient(ssoRegion) {
524
- return _ref.apply(this, arguments);
525
- };
526
- }();
527
-
528
- function asyncGeneratorStep$3(gen, resolve, reject, _next, _throw, key, arg) {
529
- try {
530
- var info = gen[key](arg);
531
- var value = info.value;
532
- } catch (error) {
533
- reject(error);
534
- return;
535
- }
536
- if (info.done) {
537
- resolve(value);
538
30
  } else {
539
- Promise.resolve(value).then(_next, _throw);
540
- }
541
- }
542
- function _async_to_generator$3(fn) {
543
- return function() {
544
- var self = this, args = arguments;
545
- return new Promise(function(resolve, reject) {
546
- var gen = fn.apply(self, args);
547
- function _next(value) {
548
- asyncGeneratorStep$3(gen, resolve, reject, _next, _throw, "next", value);
549
- }
550
- function _throw(err) {
551
- asyncGeneratorStep$3(gen, resolve, reject, _next, _throw, "throw", err);
552
- }
553
- _next(undefined);
554
- });
555
- };
556
- }
557
- function _ts_generator$3(thisArg, body) {
558
- var f, y, t, g, _ = {
559
- label: 0,
560
- sent: function() {
561
- if (t[0] & 1) throw t[1];
562
- return t[1];
563
- },
564
- trys: [],
565
- ops: []
566
- };
567
- return g = {
568
- next: verb(0),
569
- "throw": verb(1),
570
- "return": verb(2)
571
- }, typeof Symbol === "function" && (g[Symbol.iterator] = function() {
572
- return this;
573
- }), g;
574
- function verb(n) {
575
- return function(v) {
576
- return step([
577
- n,
578
- v
579
- ]);
580
- };
581
- }
582
- function step(op) {
583
- if (f) throw new TypeError("Generator is already executing.");
584
- while(_)try {
585
- if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
586
- if (y = 0, t) op = [
587
- op[0] & 2,
588
- t.value
589
- ];
590
- switch(op[0]){
591
- case 0:
592
- case 1:
593
- t = op;
594
- break;
595
- case 4:
596
- _.label++;
597
- return {
598
- value: op[1],
599
- done: false
600
- };
601
- case 5:
602
- _.label++;
603
- y = op[1];
604
- op = [
605
- 0
606
- ];
607
- continue;
608
- case 7:
609
- op = _.ops.pop();
610
- _.trys.pop();
611
- continue;
612
- default:
613
- if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) {
614
- _ = 0;
615
- continue;
616
- }
617
- if (op[0] === 3 && (!t || op[1] > t[0] && op[1] < t[3])) {
618
- _.label = op[1];
619
- break;
620
- }
621
- if (op[0] === 6 && _.label < t[1]) {
622
- _.label = t[1];
623
- t = op;
624
- break;
625
- }
626
- if (t && _.label < t[2]) {
627
- _.label = t[2];
628
- _.ops.push(op);
629
- break;
630
- }
631
- if (t[2]) _.ops.pop();
632
- _.trys.pop();
633
- continue;
634
- }
635
- op = body.call(thisArg, _);
636
- } catch (e) {
637
- op = [
638
- 6,
639
- e
640
- ];
641
- y = 0;
642
- } finally{
643
- f = t = 0;
31
+ if (url.hostname === "localhost") {
32
+ return;
644
33
  }
645
- if (op[0] & 5) throw op[1];
646
- return {
647
- value: op[0] ? op[1] : void 0,
648
- done: true
34
+ var ipComponents = url.hostname.split(".");
35
+ var inRange = function(component) {
36
+ var num = parseInt(component, 10);
37
+ return 0 <= num && num <= 255;
649
38
  };
39
+ if (ipComponents[0] === "127" && inRange(ipComponents[1]) && inRange(ipComponents[2]) && inRange(ipComponents[3]) && ipComponents.length === 4) {
40
+ return;
41
+ }
650
42
  }
651
- }
652
- var getNewSsoOidcToken = function() {
653
- var _ref = _async_to_generator$3(function(ssoToken, ssoRegion) {
654
- var init, callerClientConfig, CreateTokenCommand, ssoOidcClient;
655
- var _arguments = arguments;
656
- return _ts_generator$3(this, function(_state) {
657
- switch(_state.label){
658
- case 0:
659
- init = _arguments.length > 2 && _arguments[2] !== void 0 ? _arguments[2] : {}, callerClientConfig = _arguments.length > 3 ? _arguments[3] : void 0;
660
- return [
661
- 4,
662
- import('./index.esm13.js')
663
- ];
664
- case 1:
665
- CreateTokenCommand = _state.sent().CreateTokenCommand;
666
- return [
667
- 4,
668
- getSsoOidcClient(ssoRegion, init, callerClientConfig)
669
- ];
670
- case 2:
671
- ssoOidcClient = _state.sent();
672
- return [
673
- 2,
674
- ssoOidcClient.send(new CreateTokenCommand({
675
- clientId: ssoToken.clientId,
676
- clientSecret: ssoToken.clientSecret,
677
- refreshToken: ssoToken.refreshToken,
678
- grantType: "refresh_token"
679
- }))
680
- ];
681
- }
682
- });
43
+ throw new CredentialsProviderError("URL not accepted. It must either be HTTPS or match one of the following:\n - loopback CIDR 127.0.0.0/8 or [::1/128]\n - ECS container host 169.254.170.2\n - EKS container host 169.254.170.23 or [fd00:ec2::23]", {
44
+ logger: logger
683
45
  });
684
- return function getNewSsoOidcToken(ssoToken, ssoRegion) {
685
- return _ref.apply(this, arguments);
686
- };
687
- }();
688
-
689
- var validateTokenExpiry = function(token) {
690
- if (token.expiration && token.expiration.getTime() < Date.now()) {
691
- throw new TokenProviderError("Token is expired. ".concat(REFRESH_MESSAGE), false);
692
- }
693
- };
694
-
695
- var validateTokenKey = function(key, value) {
696
- var forRefresh = arguments.length > 2 && arguments[2] !== void 0 ? arguments[2] : false;
697
- if (typeof value === "undefined") {
698
- throw new TokenProviderError("Value not present for '".concat(key, "' in SSO Token").concat(forRefresh ? ". Cannot refresh" : "", ". ").concat(REFRESH_MESSAGE), false);
699
- }
700
- };
701
-
702
- var writeFile = promises.writeFile;
703
- var writeSSOTokenToFile = function(id, ssoToken) {
704
- var tokenFilepath = getSSOTokenFilepath(id);
705
- var tokenString = JSON.stringify(ssoToken, null, 2);
706
- return writeFile(tokenFilepath, tokenString);
707
46
  };
708
47
 
48
+ function _array_like_to_array(arr, len) {
49
+ if (len == null || len > arr.length) len = arr.length;
50
+ for(var i = 0, arr2 = new Array(len); i < len; i++)arr2[i] = arr[i];
51
+ return arr2;
52
+ }
53
+ function _array_with_holes(arr) {
54
+ if (Array.isArray(arr)) return arr;
55
+ }
709
56
  function asyncGeneratorStep$2(gen, resolve, reject, _next, _throw, key, arg) {
710
57
  try {
711
58
  var info = gen[key](arg);
@@ -735,52 +82,43 @@ function _async_to_generator$2(fn) {
735
82
  });
736
83
  };
737
84
  }
738
- function _define_property$1(obj, key, value) {
739
- if (key in obj) {
740
- Object.defineProperty(obj, key, {
741
- value: value,
742
- enumerable: true,
743
- configurable: true,
744
- writable: true
745
- });
746
- } else {
747
- obj[key] = value;
748
- }
749
- return obj;
750
- }
751
- function _object_spread$1(target) {
752
- for(var i = 1; i < arguments.length; i++){
753
- var source = arguments[i] != null ? arguments[i] : {};
754
- var ownKeys = Object.keys(source);
755
- if (typeof Object.getOwnPropertySymbols === "function") {
756
- ownKeys = ownKeys.concat(Object.getOwnPropertySymbols(source).filter(function(sym) {
757
- return Object.getOwnPropertyDescriptor(source, sym).enumerable;
758
- }));
85
+ function _iterable_to_array_limit(arr, i) {
86
+ var _i = arr == null ? null : typeof Symbol !== "undefined" && arr[Symbol.iterator] || arr["@@iterator"];
87
+ if (_i == null) return;
88
+ var _arr = [];
89
+ var _n = true;
90
+ var _d = false;
91
+ var _s, _e;
92
+ try {
93
+ for(_i = _i.call(arr); !(_n = (_s = _i.next()).done); _n = true){
94
+ _arr.push(_s.value);
95
+ if (i && _arr.length === i) break;
96
+ }
97
+ } catch (err) {
98
+ _d = true;
99
+ _e = err;
100
+ } finally{
101
+ try {
102
+ if (!_n && _i["return"] != null) _i["return"]();
103
+ } finally{
104
+ if (_d) throw _e;
759
105
  }
760
- ownKeys.forEach(function(key) {
761
- _define_property$1(target, key, source[key]);
762
- });
763
106
  }
764
- return target;
107
+ return _arr;
765
108
  }
766
- function ownKeys(object, enumerableOnly) {
767
- var keys = Object.keys(object);
768
- if (Object.getOwnPropertySymbols) {
769
- var symbols = Object.getOwnPropertySymbols(object);
770
- keys.push.apply(keys, symbols);
771
- }
772
- return keys;
109
+ function _non_iterable_rest() {
110
+ throw new TypeError("Invalid attempt to destructure non-iterable instance.\\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.");
773
111
  }
774
- function _object_spread_props(target, source) {
775
- source = source != null ? source : {};
776
- if (Object.getOwnPropertyDescriptors) {
777
- Object.defineProperties(target, Object.getOwnPropertyDescriptors(source));
778
- } else {
779
- ownKeys(Object(source)).forEach(function(key) {
780
- Object.defineProperty(target, key, Object.getOwnPropertyDescriptor(source, key));
781
- });
782
- }
783
- return target;
112
+ function _sliced_to_array(arr, i) {
113
+ return _array_with_holes(arr) || _iterable_to_array_limit(arr, i) || _unsupported_iterable_to_array(arr, i) || _non_iterable_rest();
114
+ }
115
+ function _unsupported_iterable_to_array(o, minLen) {
116
+ if (!o) return;
117
+ if (typeof o === "string") return _array_like_to_array(o, minLen);
118
+ var n = Object.prototype.toString.call(o).slice(8, -1);
119
+ if (n === "Object" && o.constructor) n = o.constructor.name;
120
+ if (n === "Map" || n === "Set") return Array.from(n);
121
+ if (n === "Arguments" || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)) return _array_like_to_array(o, minLen);
784
122
  }
785
123
  function _ts_generator$2(thisArg, body) {
786
124
  var f, y, t, g, _ = {
@@ -877,168 +215,73 @@ function _ts_generator$2(thisArg, body) {
877
215
  };
878
216
  }
879
217
  }
880
- var lastRefreshAttemptTime = new Date(0);
881
- var fromSso = function() {
882
- var init = arguments.length > 0 && arguments[0] !== void 0 ? arguments[0] : {};
883
- return /*#__PURE__*/ _async_to_generator$2(function() {
884
- var callerClientConfig, _init_logger, profiles, _init_profile, profileName, profile, ssoSessionName, ssoSessions, ssoSession, _i, _iter, ssoSessionRequiredKey, ssoRegion, ssoToken, accessToken, expiresAt, existingToken, newSsoOidcToken, newTokenExpiration;
885
- var _arguments = arguments;
218
+ function createGetRequest(url) {
219
+ return new HttpRequest({
220
+ protocol: url.protocol,
221
+ hostname: url.hostname,
222
+ port: Number(url.port),
223
+ path: url.pathname,
224
+ query: Array.from(url.searchParams.entries()).reduce(function(acc, param) {
225
+ var _param = _sliced_to_array(param, 2), k = _param[0], v = _param[1];
226
+ acc[k] = v;
227
+ return acc;
228
+ }, {}),
229
+ fragment: url.hash
230
+ });
231
+ }
232
+ function getCredentials(response, logger) {
233
+ return _getCredentials.apply(this, arguments);
234
+ }
235
+ function _getCredentials() {
236
+ _getCredentials = _async_to_generator$2(function(response, logger) {
237
+ var stream, str, parsed, parsedBody;
886
238
  return _ts_generator$2(this, function(_state) {
887
239
  switch(_state.label){
888
240
  case 0:
889
- callerClientConfig = (_arguments.length > 0 && _arguments[0] !== void 0 ? _arguments[0] : {}).callerClientConfig;
890
- (_init_logger = init.logger) === null || _init_logger === void 0 ? void 0 : _init_logger.debug("@aws-sdk/token-providers - fromSso");
241
+ stream = sdkStreamMixin(response.body);
891
242
  return [
892
243
  4,
893
- parseKnownFiles(init)
244
+ stream.transformToString()
894
245
  ];
895
246
  case 1:
896
- profiles = _state.sent();
897
- profileName = getProfileName({
898
- profile: (_init_profile = init.profile) !== null && _init_profile !== void 0 ? _init_profile : callerClientConfig === null || callerClientConfig === void 0 ? void 0 : callerClientConfig.profile
899
- });
900
- profile = profiles[profileName];
901
- if (!profile) {
902
- throw new TokenProviderError("Profile '".concat(profileName, "' could not be found in shared credentials file."), false);
903
- } else if (!profile["sso_session"]) {
904
- throw new TokenProviderError("Profile '".concat(profileName, "' is missing required property 'sso_session'."));
905
- }
906
- ssoSessionName = profile["sso_session"];
907
- return [
908
- 4,
909
- loadSsoSessionData(init)
910
- ];
911
- case 2:
912
- ssoSessions = _state.sent();
913
- ssoSession = ssoSessions[ssoSessionName];
914
- if (!ssoSession) {
915
- throw new TokenProviderError("Sso session '".concat(ssoSessionName, "' could not be found in shared credentials file."), false);
916
- }
917
- for(_i = 0, _iter = [
918
- "sso_start_url",
919
- "sso_region"
920
- ]; _i < _iter.length; _i++){
921
- ssoSessionRequiredKey = _iter[_i];
922
- if (!ssoSession[ssoSessionRequiredKey]) {
923
- throw new TokenProviderError("Sso session '".concat(ssoSessionName, "' is missing required property '").concat(ssoSessionRequiredKey, "'."), false);
247
+ str = _state.sent();
248
+ if (response.statusCode === 200) {
249
+ parsed = JSON.parse(str);
250
+ if (typeof parsed.AccessKeyId !== "string" || typeof parsed.SecretAccessKey !== "string" || typeof parsed.Token !== "string" || typeof parsed.Expiration !== "string") {
251
+ throw new CredentialsProviderError("HTTP credential provider response not of the required format, an object matching: " + "{ AccessKeyId: string, SecretAccessKey: string, Token: string, Expiration: string(rfc3339) }", {
252
+ logger: logger
253
+ });
924
254
  }
925
- }
926
- ssoSession["sso_start_url"];
927
- ssoRegion = ssoSession["sso_region"];
928
- _state.label = 3;
929
- case 3:
930
- _state.trys.push([
931
- 3,
932
- 5,
933
- ,
934
- 6
935
- ]);
936
- return [
937
- 4,
938
- getSSOTokenFromFile(ssoSessionName)
939
- ];
940
- case 4:
941
- ssoToken = _state.sent();
942
- return [
943
- 3,
944
- 6
945
- ];
946
- case 5:
947
- _state.sent();
948
- throw new TokenProviderError("The SSO session token associated with profile=".concat(profileName, " was not found or is invalid. ").concat(REFRESH_MESSAGE), false);
949
- case 6:
950
- validateTokenKey("accessToken", ssoToken.accessToken);
951
- validateTokenKey("expiresAt", ssoToken.expiresAt);
952
- accessToken = ssoToken.accessToken, expiresAt = ssoToken.expiresAt;
953
- existingToken = {
954
- token: accessToken,
955
- expiration: new Date(expiresAt)
956
- };
957
- if (existingToken.expiration.getTime() - Date.now() > EXPIRE_WINDOW_MS) {
958
255
  return [
959
256
  2,
960
- existingToken
257
+ {
258
+ accessKeyId: parsed.AccessKeyId,
259
+ secretAccessKey: parsed.SecretAccessKey,
260
+ sessionToken: parsed.Token,
261
+ expiration: parseRfc3339DateTime(parsed.Expiration)
262
+ }
961
263
  ];
962
264
  }
963
- if (Date.now() - lastRefreshAttemptTime.getTime() < 30 * 1000) {
964
- validateTokenExpiry(existingToken);
965
- return [
966
- 2,
967
- existingToken
968
- ];
265
+ if (response.statusCode >= 400 && response.statusCode < 500) {
266
+ parsedBody = {};
267
+ try {
268
+ parsedBody = JSON.parse(str);
269
+ } catch (e) {}
270
+ throw Object.assign(new CredentialsProviderError("Server responded with status: ".concat(response.statusCode), {
271
+ logger: logger
272
+ }), {
273
+ Code: parsedBody.Code,
274
+ Message: parsedBody.Message
275
+ });
969
276
  }
970
- validateTokenKey("clientId", ssoToken.clientId, true);
971
- validateTokenKey("clientSecret", ssoToken.clientSecret, true);
972
- validateTokenKey("refreshToken", ssoToken.refreshToken, true);
973
- _state.label = 7;
974
- case 7:
975
- _state.trys.push([
976
- 7,
977
- 13,
978
- ,
979
- 14
980
- ]);
981
- lastRefreshAttemptTime.setTime(Date.now());
982
- return [
983
- 4,
984
- getNewSsoOidcToken(ssoToken, ssoRegion, init, callerClientConfig)
985
- ];
986
- case 8:
987
- newSsoOidcToken = _state.sent();
988
- validateTokenKey("accessToken", newSsoOidcToken.accessToken);
989
- validateTokenKey("expiresIn", newSsoOidcToken.expiresIn);
990
- newTokenExpiration = new Date(Date.now() + newSsoOidcToken.expiresIn * 1000);
991
- _state.label = 9;
992
- case 9:
993
- _state.trys.push([
994
- 9,
995
- 11,
996
- ,
997
- 12
998
- ]);
999
- return [
1000
- 4,
1001
- writeSSOTokenToFile(ssoSessionName, _object_spread_props(_object_spread$1({}, ssoToken), {
1002
- accessToken: newSsoOidcToken.accessToken,
1003
- expiresAt: newTokenExpiration.toISOString(),
1004
- refreshToken: newSsoOidcToken.refreshToken
1005
- }))
1006
- ];
1007
- case 10:
1008
- _state.sent();
1009
- return [
1010
- 3,
1011
- 12
1012
- ];
1013
- case 11:
1014
- _state.sent();
1015
- return [
1016
- 3,
1017
- 12
1018
- ];
1019
- case 12:
1020
- return [
1021
- 2,
1022
- {
1023
- token: newSsoOidcToken.accessToken,
1024
- expiration: newTokenExpiration
1025
- }
1026
- ];
1027
- case 13:
1028
- _state.sent();
1029
- validateTokenExpiry(existingToken);
1030
- return [
1031
- 2,
1032
- existingToken
1033
- ];
1034
- case 14:
1035
- return [
1036
- 2
1037
- ];
277
+ throw new CredentialsProviderError("Server responded with status: ".concat(response.statusCode), {
278
+ logger: logger
279
+ });
1038
280
  }
1039
281
  });
1040
282
  });
1041
- };
283
+ return _getCredentials.apply(this, arguments);
284
+ }
1042
285
 
1043
286
  function asyncGeneratorStep$1(gen, resolve, reject, _next, _throw, key, arg) {
1044
287
  try {
@@ -1069,34 +312,6 @@ function _async_to_generator$1(fn) {
1069
312
  });
1070
313
  };
1071
314
  }
1072
- function _define_property(obj, key, value) {
1073
- if (key in obj) {
1074
- Object.defineProperty(obj, key, {
1075
- value: value,
1076
- enumerable: true,
1077
- configurable: true,
1078
- writable: true
1079
- });
1080
- } else {
1081
- obj[key] = value;
1082
- }
1083
- return obj;
1084
- }
1085
- function _object_spread(target) {
1086
- for(var i = 1; i < arguments.length; i++){
1087
- var source = arguments[i] != null ? arguments[i] : {};
1088
- var ownKeys = Object.keys(source);
1089
- if (typeof Object.getOwnPropertySymbols === "function") {
1090
- ownKeys = ownKeys.concat(Object.getOwnPropertySymbols(source).filter(function(sym) {
1091
- return Object.getOwnPropertyDescriptor(source, sym).enumerable;
1092
- }));
1093
- }
1094
- ownKeys.forEach(function(key) {
1095
- _define_property(target, key, source[key]);
1096
- });
1097
- }
1098
- return target;
1099
- }
1100
315
  function _ts_generator$1(thisArg, body) {
1101
316
  var f, y, t, g, _ = {
1102
317
  label: 0,
@@ -1192,176 +407,69 @@ function _ts_generator$1(thisArg, body) {
1192
407
  };
1193
408
  }
1194
409
  }
1195
- var SHOULD_FAIL_CREDENTIAL_CHAIN = false;
1196
- var resolveSSOCredentials = function() {
1197
- var _ref = _async_to_generator$1(function(param) {
1198
- var ssoStartUrl, ssoSession, ssoAccountId, ssoRegion, ssoRoleName, ssoClient, clientConfig, parentClientConfig, callerClientConfig, profile, filepath, configFilepath, ignoreCache, logger, token, refreshMessage, _token, e, accessToken, _ref, SSOClient, GetRoleCredentialsCommand, _clientConfig_logger, _ref1, _clientConfig_region, _clientConfig_userAgentAppId, _ref2, sso, ssoResp, e2, tmp, _ref3, accessKeyId, secretAccessKey, sessionToken, expiration, credentialScope, accountId, credentials;
410
+ var retryWrapper = function(toRetry, maxRetries, delayMs) {
411
+ return /*#__PURE__*/ _async_to_generator$1(function() {
412
+ var i;
1199
413
  return _ts_generator$1(this, function(_state) {
1200
414
  switch(_state.label){
1201
415
  case 0:
1202
- ssoStartUrl = param.ssoStartUrl, ssoSession = param.ssoSession, ssoAccountId = param.ssoAccountId, ssoRegion = param.ssoRegion, ssoRoleName = param.ssoRoleName, ssoClient = param.ssoClient, clientConfig = param.clientConfig, parentClientConfig = param.parentClientConfig, callerClientConfig = param.callerClientConfig, profile = param.profile, filepath = param.filepath, configFilepath = param.configFilepath, ignoreCache = param.ignoreCache, logger = param.logger;
1203
- refreshMessage = "To refresh this SSO session run aws sso login with the corresponding profile.";
1204
- if (!ssoSession) return [
1205
- 3,
1206
- 5
1207
- ];
416
+ i = 0;
1208
417
  _state.label = 1;
1209
418
  case 1:
1210
- _state.trys.push([
1211
- 1,
419
+ if (!(i < maxRetries)) return [
1212
420
  3,
421
+ 7
422
+ ];
423
+ _state.label = 2;
424
+ case 2:
425
+ _state.trys.push([
426
+ 2,
427
+ 4,
1213
428
  ,
1214
- 4
429
+ 6
1215
430
  ]);
1216
431
  return [
1217
432
  4,
1218
- fromSso({
1219
- profile: profile,
1220
- filepath: filepath,
1221
- configFilepath: configFilepath,
1222
- ignoreCache: ignoreCache,
1223
- clientConfig: clientConfig,
1224
- parentClientConfig: parentClientConfig,
1225
- logger: logger
1226
- })({
1227
- callerClientConfig: callerClientConfig
1228
- })
433
+ toRetry()
1229
434
  ];
1230
- case 2:
1231
- _token = _state.sent();
1232
- token = {
1233
- accessToken: _token.token,
1234
- expiresAt: new Date(_token.expiration).toISOString()
1235
- };
435
+ case 3:
1236
436
  return [
1237
- 3,
1238
- 4
437
+ 2,
438
+ _state.sent()
1239
439
  ];
1240
- case 3:
1241
- e = _state.sent();
1242
- throw new CredentialsProviderError(e.message, {
1243
- tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,
1244
- logger: logger
1245
- });
1246
440
  case 4:
441
+ _state.sent();
1247
442
  return [
1248
- 3,
1249
- 8
443
+ 4,
444
+ new Promise(function(resolve) {
445
+ return setTimeout(resolve, delayMs);
446
+ })
1250
447
  ];
1251
448
  case 5:
1252
- _state.trys.push([
1253
- 5,
1254
- 7,
1255
- ,
1256
- 8
1257
- ]);
449
+ _state.sent();
1258
450
  return [
1259
- 4,
1260
- getSSOTokenFromFile(ssoStartUrl)
451
+ 3,
452
+ 6
1261
453
  ];
1262
454
  case 6:
1263
- token = _state.sent();
455
+ ++i;
1264
456
  return [
1265
457
  3,
1266
- 8
458
+ 1
1267
459
  ];
1268
460
  case 7:
1269
- _state.sent();
1270
- throw new CredentialsProviderError("The SSO session associated with this profile is invalid. ".concat(refreshMessage), {
1271
- tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,
1272
- logger: logger
1273
- });
1274
- case 8:
1275
- if (new Date(token.expiresAt).getTime() - Date.now() <= 0) {
1276
- throw new CredentialsProviderError("The SSO session associated with this profile has expired. ".concat(refreshMessage), {
1277
- tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,
1278
- logger: logger
1279
- });
1280
- }
1281
- accessToken = token.accessToken;
1282
- return [
1283
- 4,
1284
- import('./loadSso.esm.js')
1285
- ];
1286
- case 9:
1287
- _ref = _state.sent(), SSOClient = _ref.SSOClient, GetRoleCredentialsCommand = _ref.GetRoleCredentialsCommand;
1288
- sso = ssoClient || new SSOClient(Object.assign({}, clientConfig !== null && clientConfig !== void 0 ? clientConfig : {}, {
1289
- logger: (_ref1 = (_clientConfig_logger = clientConfig === null || clientConfig === void 0 ? void 0 : clientConfig.logger) !== null && _clientConfig_logger !== void 0 ? _clientConfig_logger : callerClientConfig === null || callerClientConfig === void 0 ? void 0 : callerClientConfig.logger) !== null && _ref1 !== void 0 ? _ref1 : parentClientConfig === null || parentClientConfig === void 0 ? void 0 : parentClientConfig.logger,
1290
- region: (_clientConfig_region = clientConfig === null || clientConfig === void 0 ? void 0 : clientConfig.region) !== null && _clientConfig_region !== void 0 ? _clientConfig_region : ssoRegion,
1291
- userAgentAppId: (_ref2 = (_clientConfig_userAgentAppId = clientConfig === null || clientConfig === void 0 ? void 0 : clientConfig.userAgentAppId) !== null && _clientConfig_userAgentAppId !== void 0 ? _clientConfig_userAgentAppId : callerClientConfig === null || callerClientConfig === void 0 ? void 0 : callerClientConfig.userAgentAppId) !== null && _ref2 !== void 0 ? _ref2 : parentClientConfig === null || parentClientConfig === void 0 ? void 0 : parentClientConfig.userAgentAppId
1292
- }));
1293
- _state.label = 10;
1294
- case 10:
1295
- _state.trys.push([
1296
- 10,
1297
- 12,
1298
- ,
1299
- 13
1300
- ]);
1301
461
  return [
1302
462
  4,
1303
- sso.send(new GetRoleCredentialsCommand({
1304
- accountId: ssoAccountId,
1305
- roleName: ssoRoleName,
1306
- accessToken: accessToken
1307
- }))
1308
- ];
1309
- case 11:
1310
- ssoResp = _state.sent();
1311
- return [
1312
- 3,
1313
- 13
463
+ toRetry()
1314
464
  ];
1315
- case 12:
1316
- e2 = _state.sent();
1317
- throw new CredentialsProviderError(e2, {
1318
- tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,
1319
- logger: logger
1320
- });
1321
- case 13:
1322
- tmp = ssoResp.roleCredentials, _ref3 = tmp === void 0 ? {} : tmp, accessKeyId = _ref3.accessKeyId, secretAccessKey = _ref3.secretAccessKey, sessionToken = _ref3.sessionToken, expiration = _ref3.expiration, credentialScope = _ref3.credentialScope, accountId = _ref3.accountId;
1323
- if (!accessKeyId || !secretAccessKey || !sessionToken || !expiration) {
1324
- throw new CredentialsProviderError("SSO returns an invalid temporary credential.", {
1325
- tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,
1326
- logger: logger
1327
- });
1328
- }
1329
- credentials = _object_spread({
1330
- accessKeyId: accessKeyId,
1331
- secretAccessKey: secretAccessKey,
1332
- sessionToken: sessionToken,
1333
- expiration: new Date(expiration)
1334
- }, credentialScope && {
1335
- credentialScope: credentialScope
1336
- }, accountId && {
1337
- accountId: accountId
1338
- });
1339
- if (ssoSession) {
1340
- setCredentialFeature(credentials, "CREDENTIALS_SSO", "s");
1341
- } else {
1342
- setCredentialFeature(credentials, "CREDENTIALS_SSO_LEGACY", "u");
1343
- }
465
+ case 8:
1344
466
  return [
1345
467
  2,
1346
- credentials
468
+ _state.sent()
1347
469
  ];
1348
470
  }
1349
471
  });
1350
472
  });
1351
- return function resolveSSOCredentials(_) {
1352
- return _ref.apply(this, arguments);
1353
- };
1354
- }();
1355
-
1356
- var validateSsoProfile = function(profile, logger) {
1357
- var sso_start_url = profile.sso_start_url, sso_account_id = profile.sso_account_id, sso_region = profile.sso_region, sso_role_name = profile.sso_role_name;
1358
- if (!sso_start_url || !sso_account_id || !sso_region || !sso_role_name) {
1359
- throw new CredentialsProviderError('Profile is configured with invalid SSO credentials. Required parameters "sso_account_id", ' + '"sso_region", "sso_role_name", "sso_start_url". Got '.concat(Object.keys(profile).join(", "), "\nReference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html"), {
1360
- tryNextLink: false,
1361
- logger: logger
1362
- });
1363
- }
1364
- return profile;
1365
473
  };
1366
474
 
1367
475
  function asyncGeneratorStep(gen, resolve, reject, _next, _throw, key, arg) {
@@ -1488,124 +596,109 @@ function _ts_generator(thisArg, body) {
1488
596
  };
1489
597
  }
1490
598
  }
1491
- var fromSSO = function() {
1492
- var init = arguments.length > 0 && arguments[0] !== void 0 ? arguments[0] : {};
1493
- return /*#__PURE__*/ _async_to_generator(function() {
1494
- var callerClientConfig, _init_logger, ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoSession, ssoClient, _init_profile, profileName, profiles, profile, ssoSessions, session, conflictMsg, _validateSsoProfile, sso_start_url, sso_account_id, sso_region, sso_role_name, sso_session;
1495
- var _arguments = arguments;
599
+ var AWS_CONTAINER_CREDENTIALS_RELATIVE_URI = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI";
600
+ var DEFAULT_LINK_LOCAL_HOST = "http://169.254.170.2";
601
+ var AWS_CONTAINER_CREDENTIALS_FULL_URI = "AWS_CONTAINER_CREDENTIALS_FULL_URI";
602
+ var AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE = "AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE";
603
+ var AWS_CONTAINER_AUTHORIZATION_TOKEN = "AWS_CONTAINER_AUTHORIZATION_TOKEN";
604
+ var fromHttp = function() {
605
+ var options = arguments.length > 0 && arguments[0] !== void 0 ? arguments[0] : {};
606
+ var _options_logger, _options_logger_constructor, _options_logger1, _options_logger2;
607
+ (_options_logger = options.logger) === null || _options_logger === void 0 ? void 0 : _options_logger.debug("@aws-sdk/credential-provider-http - fromHttp");
608
+ var host;
609
+ var _options_awsContainerCredentialsRelativeUri;
610
+ var relative = (_options_awsContainerCredentialsRelativeUri = options.awsContainerCredentialsRelativeUri) !== null && _options_awsContainerCredentialsRelativeUri !== void 0 ? _options_awsContainerCredentialsRelativeUri : process.env[AWS_CONTAINER_CREDENTIALS_RELATIVE_URI];
611
+ var _options_awsContainerCredentialsFullUri;
612
+ var full = (_options_awsContainerCredentialsFullUri = options.awsContainerCredentialsFullUri) !== null && _options_awsContainerCredentialsFullUri !== void 0 ? _options_awsContainerCredentialsFullUri : process.env[AWS_CONTAINER_CREDENTIALS_FULL_URI];
613
+ var _options_awsContainerAuthorizationToken;
614
+ var token = (_options_awsContainerAuthorizationToken = options.awsContainerAuthorizationToken) !== null && _options_awsContainerAuthorizationToken !== void 0 ? _options_awsContainerAuthorizationToken : process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN];
615
+ var _options_awsContainerAuthorizationTokenFile;
616
+ var tokenFile = (_options_awsContainerAuthorizationTokenFile = options.awsContainerAuthorizationTokenFile) !== null && _options_awsContainerAuthorizationTokenFile !== void 0 ? _options_awsContainerAuthorizationTokenFile : process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE];
617
+ var warn = ((_options_logger1 = options.logger) === null || _options_logger1 === void 0 ? void 0 : (_options_logger_constructor = _options_logger1.constructor) === null || _options_logger_constructor === void 0 ? void 0 : _options_logger_constructor.name) === "NoOpLogger" || !((_options_logger2 = options.logger) === null || _options_logger2 === void 0 ? void 0 : _options_logger2.warn) ? console.warn : options.logger.warn.bind(options.logger);
618
+ if (relative && full) {
619
+ warn("@aws-sdk/credential-provider-http: " + "you have set both awsContainerCredentialsRelativeUri and awsContainerCredentialsFullUri.");
620
+ warn("awsContainerCredentialsFullUri will take precedence.");
621
+ }
622
+ if (token && tokenFile) {
623
+ warn("@aws-sdk/credential-provider-http: " + "you have set both awsContainerAuthorizationToken and awsContainerAuthorizationTokenFile.");
624
+ warn("awsContainerAuthorizationToken will take precedence.");
625
+ }
626
+ if (full) {
627
+ host = full;
628
+ } else if (relative) {
629
+ host = "".concat(DEFAULT_LINK_LOCAL_HOST).concat(relative);
630
+ } else {
631
+ throw new CredentialsProviderError("No HTTP credential provider host provided.\nSet AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI.", {
632
+ logger: options.logger
633
+ });
634
+ }
635
+ var url = new URL(host);
636
+ checkUrl(url, options.logger);
637
+ var _options_timeout, _options_timeout1;
638
+ var requestHandler = NodeHttpHandler.create({
639
+ requestTimeout: (_options_timeout = options.timeout) !== null && _options_timeout !== void 0 ? _options_timeout : 1000,
640
+ connectionTimeout: (_options_timeout1 = options.timeout) !== null && _options_timeout1 !== void 0 ? _options_timeout1 : 1000
641
+ });
642
+ var _options_maxRetries, _options_timeout2;
643
+ return retryWrapper(/*#__PURE__*/ _async_to_generator(function() {
644
+ var request, _, result, e;
1496
645
  return _ts_generator(this, function(_state) {
1497
646
  switch(_state.label){
1498
647
  case 0:
1499
- callerClientConfig = (_arguments.length > 0 && _arguments[0] !== void 0 ? _arguments[0] : {}).callerClientConfig;
1500
- (_init_logger = init.logger) === null || _init_logger === void 0 ? void 0 : _init_logger.debug("@aws-sdk/credential-provider-sso - fromSSO");
1501
- ssoStartUrl = init.ssoStartUrl, ssoAccountId = init.ssoAccountId, ssoRegion = init.ssoRegion, ssoRoleName = init.ssoRoleName, ssoSession = init.ssoSession;
1502
- ssoClient = init.ssoClient;
1503
- profileName = getProfileName({
1504
- profile: (_init_profile = init.profile) !== null && _init_profile !== void 0 ? _init_profile : callerClientConfig === null || callerClientConfig === void 0 ? void 0 : callerClientConfig.profile
1505
- });
1506
- if (!(!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName && !ssoSession)) return [
648
+ request = createGetRequest(url);
649
+ if (!token) return [
1507
650
  3,
1508
- 4
651
+ 1
1509
652
  ];
653
+ request.headers.Authorization = token;
1510
654
  return [
1511
- 4,
1512
- parseKnownFiles(init)
655
+ 3,
656
+ 3
1513
657
  ];
1514
658
  case 1:
1515
- profiles = _state.sent();
1516
- profile = profiles[profileName];
1517
- if (!profile) {
1518
- throw new CredentialsProviderError("Profile ".concat(profileName, " was not found."), {
1519
- logger: init.logger
1520
- });
1521
- }
1522
- if (!isSsoProfile(profile)) {
1523
- throw new CredentialsProviderError("Profile ".concat(profileName, " is not configured with SSO credentials."), {
1524
- logger: init.logger
1525
- });
1526
- }
1527
- if (!(profile === null || profile === void 0 ? void 0 : profile.sso_session)) return [
659
+ if (!tokenFile) return [
1528
660
  3,
1529
661
  3
1530
662
  ];
663
+ _ = request.headers;
1531
664
  return [
1532
665
  4,
1533
- loadSsoSessionData(init)
666
+ fs.readFile(tokenFile)
1534
667
  ];
1535
668
  case 2:
1536
- ssoSessions = _state.sent();
1537
- session = ssoSessions[profile.sso_session];
1538
- conflictMsg = " configurations in profile ".concat(profileName, " and sso-session ").concat(profile.sso_session);
1539
- if (ssoRegion && ssoRegion !== session.sso_region) {
1540
- throw new CredentialsProviderError("Conflicting SSO region" + conflictMsg, {
1541
- tryNextLink: false,
1542
- logger: init.logger
1543
- });
1544
- }
1545
- if (ssoStartUrl && ssoStartUrl !== session.sso_start_url) {
1546
- throw new CredentialsProviderError("Conflicting SSO start_url" + conflictMsg, {
1547
- tryNextLink: false,
1548
- logger: init.logger
1549
- });
1550
- }
1551
- profile.sso_region = session.sso_region;
1552
- profile.sso_start_url = session.sso_start_url;
669
+ _.Authorization = _state.sent().toString();
1553
670
  _state.label = 3;
1554
671
  case 3:
1555
- _validateSsoProfile = validateSsoProfile(profile, init.logger), sso_start_url = _validateSsoProfile.sso_start_url, sso_account_id = _validateSsoProfile.sso_account_id, sso_region = _validateSsoProfile.sso_region, sso_role_name = _validateSsoProfile.sso_role_name, sso_session = _validateSsoProfile.sso_session;
672
+ _state.trys.push([
673
+ 3,
674
+ 5,
675
+ ,
676
+ 6
677
+ ]);
678
+ return [
679
+ 4,
680
+ requestHandler.handle(request)
681
+ ];
682
+ case 4:
683
+ result = _state.sent();
1556
684
  return [
1557
685
  2,
1558
- resolveSSOCredentials({
1559
- ssoStartUrl: sso_start_url,
1560
- ssoSession: sso_session,
1561
- ssoAccountId: sso_account_id,
1562
- ssoRegion: sso_region,
1563
- ssoRoleName: sso_role_name,
1564
- ssoClient: ssoClient,
1565
- clientConfig: init.clientConfig,
1566
- parentClientConfig: init.parentClientConfig,
1567
- callerClientConfig: init.callerClientConfig,
1568
- profile: profileName,
1569
- filepath: init.filepath,
1570
- configFilepath: init.configFilepath,
1571
- ignoreCache: init.ignoreCache,
1572
- logger: init.logger
686
+ getCredentials(result.response).then(function(creds) {
687
+ return setCredentialFeature(creds, "CREDENTIALS_HTTP", "z");
1573
688
  })
1574
689
  ];
1575
- case 4:
1576
- if (!ssoStartUrl || !ssoAccountId || !ssoRegion || !ssoRoleName) {
1577
- throw new CredentialsProviderError("Incomplete configuration. The fromSSO() argument hash must include " + '"ssoStartUrl", "ssoAccountId", "ssoRegion", "ssoRoleName"', {
1578
- tryNextLink: false,
1579
- logger: init.logger
1580
- });
1581
- } else {
1582
- return [
1583
- 2,
1584
- resolveSSOCredentials({
1585
- ssoStartUrl: ssoStartUrl,
1586
- ssoSession: ssoSession,
1587
- ssoAccountId: ssoAccountId,
1588
- ssoRegion: ssoRegion,
1589
- ssoRoleName: ssoRoleName,
1590
- ssoClient: ssoClient,
1591
- clientConfig: init.clientConfig,
1592
- parentClientConfig: init.parentClientConfig,
1593
- callerClientConfig: init.callerClientConfig,
1594
- profile: profileName,
1595
- filepath: init.filepath,
1596
- configFilepath: init.configFilepath,
1597
- ignoreCache: init.ignoreCache,
1598
- logger: init.logger
1599
- })
1600
- ];
1601
- }
1602
690
  case 5:
691
+ e = _state.sent();
692
+ throw new CredentialsProviderError(String(e), {
693
+ logger: options.logger
694
+ });
695
+ case 6:
1603
696
  return [
1604
697
  2
1605
698
  ];
1606
699
  }
1607
700
  });
1608
- });
701
+ }), (_options_maxRetries = options.maxRetries) !== null && _options_maxRetries !== void 0 ? _options_maxRetries : 3, (_options_timeout2 = options.timeout) !== null && _options_timeout2 !== void 0 ? _options_timeout2 : 1000);
1609
702
  };
1610
703
 
1611
- export { fromSSO, isSsoProfile, validateSsoProfile };
704
+ export { fromHttp };