@id-wispera/core 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +268 -0
- package/dist/audit.d.ts +68 -0
- package/dist/audit.d.ts.map +1 -0
- package/dist/audit.js +252 -0
- package/dist/audit.js.map +1 -0
- package/dist/auth/index.d.ts +8 -0
- package/dist/auth/index.d.ts.map +1 -0
- package/dist/auth/index.js +8 -0
- package/dist/auth/index.js.map +1 -0
- package/dist/auth/keychainProvider.d.ts +40 -0
- package/dist/auth/keychainProvider.d.ts.map +1 -0
- package/dist/auth/keychainProvider.js +98 -0
- package/dist/auth/keychainProvider.js.map +1 -0
- package/dist/auth/passphraseProvider.d.ts +80 -0
- package/dist/auth/passphraseProvider.d.ts.map +1 -0
- package/dist/auth/passphraseProvider.js +188 -0
- package/dist/auth/passphraseProvider.js.map +1 -0
- package/dist/auth/sessionTokenManager.d.ts +106 -0
- package/dist/auth/sessionTokenManager.d.ts.map +1 -0
- package/dist/auth/sessionTokenManager.js +263 -0
- package/dist/auth/sessionTokenManager.js.map +1 -0
- package/dist/delegation.d.ts +81 -0
- package/dist/delegation.d.ts.map +1 -0
- package/dist/delegation.js +299 -0
- package/dist/delegation.js.map +1 -0
- package/dist/detection.d.ts +35 -0
- package/dist/detection.d.ts.map +1 -0
- package/dist/detection.js +474 -0
- package/dist/detection.js.map +1 -0
- package/dist/exec/execManager.d.ts +60 -0
- package/dist/exec/execManager.d.ts.map +1 -0
- package/dist/exec/execManager.js +226 -0
- package/dist/exec/execManager.js.map +1 -0
- package/dist/exec/index.d.ts +6 -0
- package/dist/exec/index.d.ts.map +1 -0
- package/dist/exec/index.js +5 -0
- package/dist/exec/index.js.map +1 -0
- package/dist/index.d.ts +35 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +98 -0
- package/dist/index.js.map +1 -0
- package/dist/integrations/base.d.ts +64 -0
- package/dist/integrations/base.d.ts.map +1 -0
- package/dist/integrations/base.js +173 -0
- package/dist/integrations/base.js.map +1 -0
- package/dist/integrations/envMapping.d.ts +47 -0
- package/dist/integrations/envMapping.d.ts.map +1 -0
- package/dist/integrations/envMapping.js +174 -0
- package/dist/integrations/envMapping.js.map +1 -0
- package/dist/integrations/google-a2a.d.ts +48 -0
- package/dist/integrations/google-a2a.d.ts.map +1 -0
- package/dist/integrations/google-a2a.js +108 -0
- package/dist/integrations/google-a2a.js.map +1 -0
- package/dist/integrations/index.d.ts +14 -0
- package/dist/integrations/index.d.ts.map +1 -0
- package/dist/integrations/index.js +14 -0
- package/dist/integrations/index.js.map +1 -0
- package/dist/integrations/langchain.d.ts +38 -0
- package/dist/integrations/langchain.d.ts.map +1 -0
- package/dist/integrations/langchain.js +45 -0
- package/dist/integrations/langchain.js.map +1 -0
- package/dist/integrations/openai-agents.d.ts +76 -0
- package/dist/integrations/openai-agents.d.ts.map +1 -0
- package/dist/integrations/openai-agents.js +95 -0
- package/dist/integrations/openai-agents.js.map +1 -0
- package/dist/integrations/slack.d.ts +59 -0
- package/dist/integrations/slack.d.ts.map +1 -0
- package/dist/integrations/slack.js +113 -0
- package/dist/integrations/slack.js.map +1 -0
- package/dist/integrations/types.d.ts +107 -0
- package/dist/integrations/types.d.ts.map +1 -0
- package/dist/integrations/types.js +6 -0
- package/dist/integrations/types.js.map +1 -0
- package/dist/locations.d.ts +157 -0
- package/dist/locations.d.ts.map +1 -0
- package/dist/locations.js +733 -0
- package/dist/locations.js.map +1 -0
- package/dist/passport.d.ts +70 -0
- package/dist/passport.d.ts.map +1 -0
- package/dist/passport.js +429 -0
- package/dist/passport.js.map +1 -0
- package/dist/policy.d.ts +80 -0
- package/dist/policy.d.ts.map +1 -0
- package/dist/policy.js +392 -0
- package/dist/policy.js.map +1 -0
- package/dist/providers/openclaw.d.ts +80 -0
- package/dist/providers/openclaw.d.ts.map +1 -0
- package/dist/providers/openclaw.js +712 -0
- package/dist/providers/openclaw.js.map +1 -0
- package/dist/provisioning/adminPassport.d.ts +51 -0
- package/dist/provisioning/adminPassport.d.ts.map +1 -0
- package/dist/provisioning/adminPassport.js +101 -0
- package/dist/provisioning/adminPassport.js.map +1 -0
- package/dist/provisioning/index.d.ts +81 -0
- package/dist/provisioning/index.d.ts.map +1 -0
- package/dist/provisioning/index.js +141 -0
- package/dist/provisioning/index.js.map +1 -0
- package/dist/provisioning/provider.d.ts +59 -0
- package/dist/provisioning/provider.d.ts.map +1 -0
- package/dist/provisioning/provider.js +52 -0
- package/dist/provisioning/provider.js.map +1 -0
- package/dist/provisioning/providers/anthropic.d.ts +32 -0
- package/dist/provisioning/providers/anthropic.d.ts.map +1 -0
- package/dist/provisioning/providers/anthropic.js +116 -0
- package/dist/provisioning/providers/anthropic.js.map +1 -0
- package/dist/provisioning/providers/aws.d.ts +29 -0
- package/dist/provisioning/providers/aws.d.ts.map +1 -0
- package/dist/provisioning/providers/aws.js +455 -0
- package/dist/provisioning/providers/aws.js.map +1 -0
- package/dist/provisioning/providers/azure-entra.d.ts +32 -0
- package/dist/provisioning/providers/azure-entra.d.ts.map +1 -0
- package/dist/provisioning/providers/azure-entra.js +312 -0
- package/dist/provisioning/providers/azure-entra.js.map +1 -0
- package/dist/provisioning/providers/github.d.ts +24 -0
- package/dist/provisioning/providers/github.d.ts.map +1 -0
- package/dist/provisioning/providers/github.js +219 -0
- package/dist/provisioning/providers/github.js.map +1 -0
- package/dist/provisioning/providers/google-cloud.d.ts +34 -0
- package/dist/provisioning/providers/google-cloud.d.ts.map +1 -0
- package/dist/provisioning/providers/google-cloud.js +366 -0
- package/dist/provisioning/providers/google-cloud.js.map +1 -0
- package/dist/provisioning/providers/openai.d.ts +29 -0
- package/dist/provisioning/providers/openai.d.ts.map +1 -0
- package/dist/provisioning/providers/openai.js +263 -0
- package/dist/provisioning/providers/openai.js.map +1 -0
- package/dist/provisioning/providers/sendgrid.d.ts +27 -0
- package/dist/provisioning/providers/sendgrid.d.ts.map +1 -0
- package/dist/provisioning/providers/sendgrid.js +186 -0
- package/dist/provisioning/providers/sendgrid.js.map +1 -0
- package/dist/provisioning/providers/twilio.d.ts +27 -0
- package/dist/provisioning/providers/twilio.d.ts.map +1 -0
- package/dist/provisioning/providers/twilio.js +194 -0
- package/dist/provisioning/providers/twilio.js.map +1 -0
- package/dist/provisioning/types.d.ts +274 -0
- package/dist/provisioning/types.d.ts.map +1 -0
- package/dist/provisioning/types.js +6 -0
- package/dist/provisioning/types.js.map +1 -0
- package/dist/sharing.d.ts +60 -0
- package/dist/sharing.d.ts.map +1 -0
- package/dist/sharing.js +305 -0
- package/dist/sharing.js.map +1 -0
- package/dist/types.d.ts +396 -0
- package/dist/types.d.ts.map +1 -0
- package/dist/types.js +88 -0
- package/dist/types.js.map +1 -0
- package/dist/utils.d.ts +45 -0
- package/dist/utils.d.ts.map +1 -0
- package/dist/utils.js +110 -0
- package/dist/utils.js.map +1 -0
- package/dist/vault.d.ts +151 -0
- package/dist/vault.d.ts.map +1 -0
- package/dist/vault.js +499 -0
- package/dist/vault.js.map +1 -0
- package/package.json +117 -0
|
@@ -0,0 +1,116 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Anthropic Provisioning Provider
|
|
3
|
+
* Management-only provider: list, update, and disable API keys.
|
|
4
|
+
* Anthropic does NOT support key creation via API.
|
|
5
|
+
*/
|
|
6
|
+
import { BaseProvisioningProvider } from '../provider.js';
|
|
7
|
+
const ANTHROPIC_BASE_URL = 'https://api.anthropic.com/v1';
|
|
8
|
+
export class AnthropicProvider extends BaseProvisioningProvider {
|
|
9
|
+
provider = 'anthropic';
|
|
10
|
+
capabilities = {
|
|
11
|
+
canCreate: false,
|
|
12
|
+
canConfigurePermissions: false,
|
|
13
|
+
canRotate: false,
|
|
14
|
+
canRevoke: true,
|
|
15
|
+
canList: true,
|
|
16
|
+
supportsExpiry: false,
|
|
17
|
+
supportsScopedKeys: false,
|
|
18
|
+
};
|
|
19
|
+
/**
|
|
20
|
+
* Anthropic does not support key creation via API.
|
|
21
|
+
* This method always returns an error with guidance.
|
|
22
|
+
*/
|
|
23
|
+
async provision(request) {
|
|
24
|
+
this.ensureInitialized();
|
|
25
|
+
const config = request.config;
|
|
26
|
+
if (config.provider !== 'anthropic') {
|
|
27
|
+
return {
|
|
28
|
+
success: false,
|
|
29
|
+
error: {
|
|
30
|
+
code: 'INVALID_CONFIG',
|
|
31
|
+
message: `Expected anthropic config, got ${config.provider}`,
|
|
32
|
+
},
|
|
33
|
+
};
|
|
34
|
+
}
|
|
35
|
+
return {
|
|
36
|
+
success: false,
|
|
37
|
+
error: {
|
|
38
|
+
code: 'CREATE_NOT_SUPPORTED',
|
|
39
|
+
message: 'Anthropic does not support API key creation via API. ' +
|
|
40
|
+
'Create keys manually at console.anthropic.com, then use this provider to list, ' +
|
|
41
|
+
'manage, and disable existing keys.',
|
|
42
|
+
},
|
|
43
|
+
};
|
|
44
|
+
}
|
|
45
|
+
async list() {
|
|
46
|
+
this.ensureInitialized();
|
|
47
|
+
if (this.auth?.type !== 'api-key') {
|
|
48
|
+
throw new Error('Anthropic provider requires api-key authentication');
|
|
49
|
+
}
|
|
50
|
+
const config = this.buildHeaders();
|
|
51
|
+
const response = await fetch(`${ANTHROPIC_BASE_URL}/api_keys`, {
|
|
52
|
+
headers: config,
|
|
53
|
+
});
|
|
54
|
+
if (!response.ok) {
|
|
55
|
+
const errorBody = await response.text();
|
|
56
|
+
throw new Error(`Failed to list Anthropic keys: ${response.status} ${errorBody}`);
|
|
57
|
+
}
|
|
58
|
+
const data = await response.json();
|
|
59
|
+
return (data.data ?? []).map((key) => ({
|
|
60
|
+
id: key.id,
|
|
61
|
+
name: key.name,
|
|
62
|
+
createdAt: new Date(key.created_at),
|
|
63
|
+
status: key.status,
|
|
64
|
+
}));
|
|
65
|
+
}
|
|
66
|
+
async revoke(keyId) {
|
|
67
|
+
this.ensureInitialized();
|
|
68
|
+
if (this.auth?.type !== 'api-key') {
|
|
69
|
+
return { success: false, error: 'Anthropic provider requires api-key authentication' };
|
|
70
|
+
}
|
|
71
|
+
try {
|
|
72
|
+
const response = await fetch(`${ANTHROPIC_BASE_URL}/api_keys/${keyId}`, {
|
|
73
|
+
method: 'POST',
|
|
74
|
+
headers: this.buildHeaders(),
|
|
75
|
+
body: JSON.stringify({ status: 'disabled' }),
|
|
76
|
+
});
|
|
77
|
+
if (!response.ok) {
|
|
78
|
+
const errorBody = await response.text();
|
|
79
|
+
return { success: false, error: `Failed to disable key: ${response.status} ${errorBody}` };
|
|
80
|
+
}
|
|
81
|
+
return { success: true };
|
|
82
|
+
}
|
|
83
|
+
catch (err) {
|
|
84
|
+
const message = err instanceof Error ? err.message : String(err);
|
|
85
|
+
return { success: false, error: message };
|
|
86
|
+
}
|
|
87
|
+
}
|
|
88
|
+
async validateAuth() {
|
|
89
|
+
this.ensureInitialized();
|
|
90
|
+
if (this.auth?.type !== 'api-key') {
|
|
91
|
+
return { valid: false, error: 'Anthropic provider requires api-key authentication' };
|
|
92
|
+
}
|
|
93
|
+
try {
|
|
94
|
+
const response = await fetch(`${ANTHROPIC_BASE_URL}/api_keys?limit=1`, {
|
|
95
|
+
headers: this.buildHeaders(),
|
|
96
|
+
});
|
|
97
|
+
if (response.ok) {
|
|
98
|
+
return { valid: true };
|
|
99
|
+
}
|
|
100
|
+
return { valid: false, error: `Auth validation failed: ${response.status}` };
|
|
101
|
+
}
|
|
102
|
+
catch (err) {
|
|
103
|
+
const message = err instanceof Error ? err.message : String(err);
|
|
104
|
+
return { valid: false, error: message };
|
|
105
|
+
}
|
|
106
|
+
}
|
|
107
|
+
buildHeaders() {
|
|
108
|
+
const auth = this.auth;
|
|
109
|
+
return {
|
|
110
|
+
'x-api-key': auth.key,
|
|
111
|
+
'anthropic-version': '2023-06-01',
|
|
112
|
+
'Content-Type': 'application/json',
|
|
113
|
+
};
|
|
114
|
+
}
|
|
115
|
+
}
|
|
116
|
+
//# sourceMappingURL=anthropic.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"anthropic.js","sourceRoot":"","sources":["../../../src/provisioning/providers/anthropic.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC;AAoB1D,MAAM,kBAAkB,GAAG,8BAA8B,CAAC;AAE1D,MAAM,OAAO,iBAAkB,SAAQ,wBAAwB;IACpD,QAAQ,GAAyB,WAAW,CAAC;IAE7C,YAAY,GAAyB;QAC5C,SAAS,EAAE,KAAK;QAChB,uBAAuB,EAAE,KAAK;QAC9B,SAAS,EAAE,KAAK;QAChB,SAAS,EAAE,IAAI;QACf,OAAO,EAAE,IAAI;QACb,cAAc,EAAE,KAAK;QACrB,kBAAkB,EAAE,KAAK;KAC1B,CAAC;IAEF;;;OAGG;IACH,KAAK,CAAC,SAAS,CAAC,OAA4B;QAC1C,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAEzB,MAAM,MAAM,GAAG,OAAO,CAAC,MAAyB,CAAC;QACjD,IAAI,MAAM,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;YACpC,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACL,IAAI,EAAE,gBAAgB;oBACtB,OAAO,EAAE,kCAAkC,MAAM,CAAC,QAAQ,EAAE;iBAC7D;aACF,CAAC;QACJ,CAAC;QAED,OAAO;YACL,OAAO,EAAE,KAAK;YACd,KAAK,EAAE;gBACL,IAAI,EAAE,sBAAsB;gBAC5B,OAAO,EACL,uDAAuD;oBACvD,iFAAiF;oBACjF,oCAAoC;aACvC;SACF,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,IAAI;QACR,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAEzB,IAAI,IAAI,CAAC,IAAI,EAAE,IAAI,KAAK,SAAS,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QACxE,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;QAEnC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,kBAAkB,WAAW,EAAE;YAC7D,OAAO,EAAE,MAAM;SAChB,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CAAC,kCAAkC,QAAQ,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC,CAAC;QACpF,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAmC,CAAC;QACpE,OAAO,CAAC,IAAI,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YACrC,EAAE,EAAE,GAAG,CAAC,EAAE;YACV,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,SAAS,EAAE,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC;YACnC,MAAM,EAAE,GAAG,CAAC,MAAM;SACnB,CAAC,CAAC,CAAC;IACN,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAAa;QACxB,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAEzB,IAAI,IAAI,CAAC,IAAI,EAAE,IAAI,KAAK,SAAS,EAAE,CAAC;YAClC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,oDAAoD,EAAE,CAAC;QACzF,CAAC;QAED,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,kBAAkB,aAAa,KAAK,EAAE,EAAE;gBACtE,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,IAAI,CAAC,YAAY,EAAE;gBAC5B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC;aAC7C,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;gBACxC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,0BAA0B,QAAQ,CAAC,MAAM,IAAI,SAAS,EAAE,EAAE,CAAC;YAC7F,CAAC;YAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC3B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;QAC5C,CAAC;IACH,CAAC;IAED,KAAK,CAAC,YAAY;QAChB,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAEzB,IAAI,IAAI,CAAC,IAAI,EAAE,IAAI,KAAK,SAAS,EAAE,CAAC;YAClC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,oDAAoD,EAAE,CAAC;QACvF,CAAC;QAED,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,kBAAkB,mBAAmB,EAAE;gBACrE,OAAO,EAAE,IAAI,CAAC,YAAY,EAAE;aAC7B,CAAC,CAAC;YAEH,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAChB,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;YACzB,CAAC;YAED,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,2BAA2B,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC;QAC/E,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;QAC1C,CAAC;IACH,CAAC;IAEO,YAAY;QAClB,MAAM,IAAI,GAAG,IAAI,CAAC,IAAwC,CAAC;QAC3D,OAAO;YACL,WAAW,EAAE,IAAI,CAAC,GAAG;YACrB,mBAAmB,EAAE,YAAY;YACjC,cAAc,EAAE,kBAAkB;SACnC,CAAC;IACJ,CAAC;CACF"}
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* AWS Provisioning Provider
|
|
3
|
+
* Creates IAM access keys and STS temporary credentials
|
|
4
|
+
*/
|
|
5
|
+
import { BaseProvisioningProvider } from '../provider.js';
|
|
6
|
+
import { ProvisioningProvider, ProviderCapabilities, ProvisioningRequest, ProvisioningResult, RotationResult } from '../types.js';
|
|
7
|
+
export declare class AWSProvider extends BaseProvisioningProvider {
|
|
8
|
+
readonly provider: ProvisioningProvider;
|
|
9
|
+
readonly capabilities: ProviderCapabilities;
|
|
10
|
+
provision(request: ProvisioningRequest): Promise<ProvisioningResult>;
|
|
11
|
+
list(): Promise<Array<{
|
|
12
|
+
id: string;
|
|
13
|
+
name: string;
|
|
14
|
+
createdAt: Date;
|
|
15
|
+
status: string;
|
|
16
|
+
}>>;
|
|
17
|
+
rotate(existingKeyId: string, request: ProvisioningRequest): Promise<RotationResult>;
|
|
18
|
+
revoke(keyId: string): Promise<{
|
|
19
|
+
success: boolean;
|
|
20
|
+
error?: string;
|
|
21
|
+
}>;
|
|
22
|
+
validateAuth(): Promise<{
|
|
23
|
+
valid: boolean;
|
|
24
|
+
error?: string;
|
|
25
|
+
}>;
|
|
26
|
+
private createAccessKey;
|
|
27
|
+
private assumeRole;
|
|
28
|
+
}
|
|
29
|
+
//# sourceMappingURL=aws.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"aws.d.ts","sourceRoot":"","sources":["../../../src/provisioning/providers/aws.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC;AAC1D,OAAO,EACL,oBAAoB,EACpB,oBAAoB,EACpB,mBAAmB,EACnB,kBAAkB,EAClB,cAAc,EAGf,MAAM,aAAa,CAAC;AA6GrB,qBAAa,WAAY,SAAQ,wBAAwB;IACvD,QAAQ,CAAC,QAAQ,EAAE,oBAAoB,CAAS;IAEhD,QAAQ,CAAC,YAAY,EAAE,oBAAoB,CAQzC;IAEI,SAAS,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IA0CpE,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,IAAI,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IA2DrF,MAAM,CAAC,aAAa,EAAE,MAAM,EAAE,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,cAAc,CAAC;IAUpF,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAyCpE,YAAY,IAAI,OAAO,CAAC;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;YAwCnD,eAAe;YAiGf,UAAU;CAuIzB"}
|
|
@@ -0,0 +1,455 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* AWS Provisioning Provider
|
|
3
|
+
* Creates IAM access keys and STS temporary credentials
|
|
4
|
+
*/
|
|
5
|
+
import { BaseProvisioningProvider } from '../provider.js';
|
|
6
|
+
/**
|
|
7
|
+
* AWS SigV4 signing utilities
|
|
8
|
+
* Implements the essential parts of AWS Signature Version 4 signing process
|
|
9
|
+
*/
|
|
10
|
+
async function hmacSha256(key, message) {
|
|
11
|
+
const cryptoKey = await crypto.subtle.importKey('raw', key, { name: 'HMAC', hash: 'SHA-256' }, false, ['sign']);
|
|
12
|
+
return crypto.subtle.sign('HMAC', cryptoKey, new TextEncoder().encode(message));
|
|
13
|
+
}
|
|
14
|
+
async function sha256(message) {
|
|
15
|
+
const hash = await crypto.subtle.digest('SHA-256', new TextEncoder().encode(message));
|
|
16
|
+
return Array.from(new Uint8Array(hash))
|
|
17
|
+
.map((b) => b.toString(16).padStart(2, '0'))
|
|
18
|
+
.join('');
|
|
19
|
+
}
|
|
20
|
+
async function getSignatureKey(secretKey, dateStamp, region, service) {
|
|
21
|
+
const kDate = await hmacSha256(new TextEncoder().encode(`AWS4${secretKey}`).buffer, dateStamp);
|
|
22
|
+
const kRegion = await hmacSha256(kDate, region);
|
|
23
|
+
const kService = await hmacSha256(kRegion, service);
|
|
24
|
+
return hmacSha256(kService, 'aws4_request');
|
|
25
|
+
}
|
|
26
|
+
async function signRequest(params) {
|
|
27
|
+
const now = new Date();
|
|
28
|
+
const amzDate = now.toISOString().replace(/[:-]|\.\d{3}/g, '');
|
|
29
|
+
const dateStamp = amzDate.substring(0, 8);
|
|
30
|
+
const payloadHash = await sha256(params.body);
|
|
31
|
+
const canonicalHeaders = `content-type:application/x-www-form-urlencoded\n` +
|
|
32
|
+
`host:${params.host}\n` +
|
|
33
|
+
`x-amz-date:${amzDate}\n`;
|
|
34
|
+
const signedHeadersList = 'content-type;host;x-amz-date';
|
|
35
|
+
const canonicalRequest = [
|
|
36
|
+
params.method,
|
|
37
|
+
params.path,
|
|
38
|
+
'', // query string (empty for POST)
|
|
39
|
+
canonicalHeaders,
|
|
40
|
+
signedHeadersList,
|
|
41
|
+
payloadHash,
|
|
42
|
+
].join('\n');
|
|
43
|
+
const credentialScope = `${dateStamp}/${params.region}/${params.service}/aws4_request`;
|
|
44
|
+
const stringToSign = [
|
|
45
|
+
'AWS4-HMAC-SHA256',
|
|
46
|
+
amzDate,
|
|
47
|
+
credentialScope,
|
|
48
|
+
await sha256(canonicalRequest),
|
|
49
|
+
].join('\n');
|
|
50
|
+
const signingKey = await getSignatureKey(params.secretAccessKey, dateStamp, params.region, params.service);
|
|
51
|
+
const signatureBuffer = await hmacSha256(signingKey, stringToSign);
|
|
52
|
+
const signature = Array.from(new Uint8Array(signatureBuffer))
|
|
53
|
+
.map((b) => b.toString(16).padStart(2, '0'))
|
|
54
|
+
.join('');
|
|
55
|
+
const authorization = `AWS4-HMAC-SHA256 ` +
|
|
56
|
+
`Credential=${params.accessKeyId}/${credentialScope}, ` +
|
|
57
|
+
`SignedHeaders=${signedHeadersList}, ` +
|
|
58
|
+
`Signature=${signature}`;
|
|
59
|
+
return {
|
|
60
|
+
'Content-Type': 'application/x-www-form-urlencoded',
|
|
61
|
+
'Host': params.host,
|
|
62
|
+
'X-Amz-Date': amzDate,
|
|
63
|
+
'Authorization': authorization,
|
|
64
|
+
};
|
|
65
|
+
}
|
|
66
|
+
/**
|
|
67
|
+
* Parse AWS XML response into a simple key-value structure
|
|
68
|
+
*/
|
|
69
|
+
function parseXmlValue(xml, tag) {
|
|
70
|
+
const regex = new RegExp(`<${tag}>([^<]*)</${tag}>`);
|
|
71
|
+
const match = regex.exec(xml);
|
|
72
|
+
return match?.[1];
|
|
73
|
+
}
|
|
74
|
+
export class AWSProvider extends BaseProvisioningProvider {
|
|
75
|
+
provider = 'aws';
|
|
76
|
+
capabilities = {
|
|
77
|
+
canCreate: true,
|
|
78
|
+
canConfigurePermissions: true,
|
|
79
|
+
canRotate: true,
|
|
80
|
+
canRevoke: true,
|
|
81
|
+
canList: true,
|
|
82
|
+
supportsExpiry: true, // STS credentials expire
|
|
83
|
+
supportsScopedKeys: true, // STS supports session policies
|
|
84
|
+
};
|
|
85
|
+
async provision(request) {
|
|
86
|
+
this.ensureInitialized();
|
|
87
|
+
const config = request.config;
|
|
88
|
+
if (config.provider !== 'aws') {
|
|
89
|
+
return {
|
|
90
|
+
success: false,
|
|
91
|
+
error: {
|
|
92
|
+
code: 'INVALID_CONFIG',
|
|
93
|
+
message: `Expected aws config, got ${config.provider}`,
|
|
94
|
+
},
|
|
95
|
+
};
|
|
96
|
+
}
|
|
97
|
+
if (this.auth?.type !== 'aws-sigv4') {
|
|
98
|
+
return {
|
|
99
|
+
success: false,
|
|
100
|
+
error: {
|
|
101
|
+
code: 'INVALID_AUTH',
|
|
102
|
+
message: 'AWS provider requires aws-sigv4 authentication',
|
|
103
|
+
},
|
|
104
|
+
};
|
|
105
|
+
}
|
|
106
|
+
try {
|
|
107
|
+
if (config.roleArn) {
|
|
108
|
+
return await this.assumeRole(request, config);
|
|
109
|
+
}
|
|
110
|
+
else {
|
|
111
|
+
return await this.createAccessKey(request, config);
|
|
112
|
+
}
|
|
113
|
+
}
|
|
114
|
+
catch (err) {
|
|
115
|
+
const message = err instanceof Error ? err.message : String(err);
|
|
116
|
+
return {
|
|
117
|
+
success: false,
|
|
118
|
+
error: {
|
|
119
|
+
code: 'PROVISIONING_FAILED',
|
|
120
|
+
message: `AWS provisioning failed: ${message}`,
|
|
121
|
+
},
|
|
122
|
+
};
|
|
123
|
+
}
|
|
124
|
+
}
|
|
125
|
+
async list() {
|
|
126
|
+
this.ensureInitialized();
|
|
127
|
+
if (this.auth?.type !== 'aws-sigv4') {
|
|
128
|
+
throw new Error('AWS provider requires aws-sigv4 authentication');
|
|
129
|
+
}
|
|
130
|
+
const region = this.auth.region ?? 'us-east-1';
|
|
131
|
+
const body = 'Action=ListAccessKeys&Version=2010-05-08';
|
|
132
|
+
const host = 'iam.amazonaws.com';
|
|
133
|
+
const headers = await signRequest({
|
|
134
|
+
method: 'POST',
|
|
135
|
+
host,
|
|
136
|
+
path: '/',
|
|
137
|
+
body,
|
|
138
|
+
service: 'iam',
|
|
139
|
+
region,
|
|
140
|
+
accessKeyId: this.auth.accessKeyId,
|
|
141
|
+
secretAccessKey: this.auth.secretAccessKey,
|
|
142
|
+
});
|
|
143
|
+
const response = await fetch(`https://${host}/`, {
|
|
144
|
+
method: 'POST',
|
|
145
|
+
headers,
|
|
146
|
+
body,
|
|
147
|
+
});
|
|
148
|
+
if (!response.ok) {
|
|
149
|
+
const errorBody = await response.text();
|
|
150
|
+
throw new Error(`Failed to list AWS keys: ${response.status} ${errorBody}`);
|
|
151
|
+
}
|
|
152
|
+
const xml = await response.text();
|
|
153
|
+
// Parse AccessKeyMetadata entries from XML
|
|
154
|
+
const keys = [];
|
|
155
|
+
const memberRegex = /<member>([\s\S]*?)<\/member>/g;
|
|
156
|
+
let match;
|
|
157
|
+
while ((match = memberRegex.exec(xml)) !== null) {
|
|
158
|
+
const memberXml = match[1] ?? '';
|
|
159
|
+
const accessKeyId = parseXmlValue(memberXml, 'AccessKeyId');
|
|
160
|
+
const userName = parseXmlValue(memberXml, 'UserName');
|
|
161
|
+
const status = parseXmlValue(memberXml, 'Status');
|
|
162
|
+
const createDate = parseXmlValue(memberXml, 'CreateDate');
|
|
163
|
+
if (accessKeyId) {
|
|
164
|
+
keys.push({
|
|
165
|
+
id: accessKeyId,
|
|
166
|
+
name: userName ?? accessKeyId,
|
|
167
|
+
createdAt: createDate ? new Date(createDate) : new Date(),
|
|
168
|
+
status: status?.toLowerCase() ?? 'active',
|
|
169
|
+
});
|
|
170
|
+
}
|
|
171
|
+
}
|
|
172
|
+
return keys;
|
|
173
|
+
}
|
|
174
|
+
async rotate(existingKeyId, request) {
|
|
175
|
+
const newCredential = await this.provision(request);
|
|
176
|
+
return {
|
|
177
|
+
newCredential,
|
|
178
|
+
oldKeyId: existingKeyId,
|
|
179
|
+
recommendedRevocationDelay: 300, // 5 minutes for AWS propagation
|
|
180
|
+
};
|
|
181
|
+
}
|
|
182
|
+
async revoke(keyId) {
|
|
183
|
+
this.ensureInitialized();
|
|
184
|
+
if (this.auth?.type !== 'aws-sigv4') {
|
|
185
|
+
return { success: false, error: 'AWS provider requires aws-sigv4 authentication' };
|
|
186
|
+
}
|
|
187
|
+
try {
|
|
188
|
+
const region = this.auth.region ?? 'us-east-1';
|
|
189
|
+
const body = `Action=DeleteAccessKey&AccessKeyId=${encodeURIComponent(keyId)}&Version=2010-05-08`;
|
|
190
|
+
const host = 'iam.amazonaws.com';
|
|
191
|
+
const headers = await signRequest({
|
|
192
|
+
method: 'POST',
|
|
193
|
+
host,
|
|
194
|
+
path: '/',
|
|
195
|
+
body,
|
|
196
|
+
service: 'iam',
|
|
197
|
+
region,
|
|
198
|
+
accessKeyId: this.auth.accessKeyId,
|
|
199
|
+
secretAccessKey: this.auth.secretAccessKey,
|
|
200
|
+
});
|
|
201
|
+
const response = await fetch(`https://${host}/`, {
|
|
202
|
+
method: 'POST',
|
|
203
|
+
headers,
|
|
204
|
+
body,
|
|
205
|
+
});
|
|
206
|
+
if (!response.ok) {
|
|
207
|
+
const errorBody = await response.text();
|
|
208
|
+
return { success: false, error: `Failed to delete key: ${response.status} ${errorBody}` };
|
|
209
|
+
}
|
|
210
|
+
return { success: true };
|
|
211
|
+
}
|
|
212
|
+
catch (err) {
|
|
213
|
+
const message = err instanceof Error ? err.message : String(err);
|
|
214
|
+
return { success: false, error: message };
|
|
215
|
+
}
|
|
216
|
+
}
|
|
217
|
+
async validateAuth() {
|
|
218
|
+
this.ensureInitialized();
|
|
219
|
+
if (this.auth?.type !== 'aws-sigv4') {
|
|
220
|
+
return { valid: false, error: 'AWS provider requires aws-sigv4 authentication' };
|
|
221
|
+
}
|
|
222
|
+
try {
|
|
223
|
+
const region = this.auth.region ?? 'us-east-1';
|
|
224
|
+
const body = 'Action=GetCallerIdentity&Version=2011-06-15';
|
|
225
|
+
const host = 'sts.amazonaws.com';
|
|
226
|
+
const headers = await signRequest({
|
|
227
|
+
method: 'POST',
|
|
228
|
+
host,
|
|
229
|
+
path: '/',
|
|
230
|
+
body,
|
|
231
|
+
service: 'sts',
|
|
232
|
+
region,
|
|
233
|
+
accessKeyId: this.auth.accessKeyId,
|
|
234
|
+
secretAccessKey: this.auth.secretAccessKey,
|
|
235
|
+
});
|
|
236
|
+
const response = await fetch(`https://${host}/`, {
|
|
237
|
+
method: 'POST',
|
|
238
|
+
headers,
|
|
239
|
+
body,
|
|
240
|
+
});
|
|
241
|
+
if (response.ok) {
|
|
242
|
+
return { valid: true };
|
|
243
|
+
}
|
|
244
|
+
return { valid: false, error: `Auth validation failed: ${response.status}` };
|
|
245
|
+
}
|
|
246
|
+
catch (err) {
|
|
247
|
+
const message = err instanceof Error ? err.message : String(err);
|
|
248
|
+
return { valid: false, error: message };
|
|
249
|
+
}
|
|
250
|
+
}
|
|
251
|
+
async createAccessKey(request, config) {
|
|
252
|
+
const auth = this.auth;
|
|
253
|
+
const region = auth.region ?? 'us-east-1';
|
|
254
|
+
let body = 'Action=CreateAccessKey&Version=2010-05-08';
|
|
255
|
+
if (config.userName) {
|
|
256
|
+
body += `&UserName=${encodeURIComponent(config.userName)}`;
|
|
257
|
+
}
|
|
258
|
+
const host = 'iam.amazonaws.com';
|
|
259
|
+
const headers = await signRequest({
|
|
260
|
+
method: 'POST',
|
|
261
|
+
host,
|
|
262
|
+
path: '/',
|
|
263
|
+
body,
|
|
264
|
+
service: 'iam',
|
|
265
|
+
region,
|
|
266
|
+
accessKeyId: auth.accessKeyId,
|
|
267
|
+
secretAccessKey: auth.secretAccessKey,
|
|
268
|
+
});
|
|
269
|
+
const response = await fetch(`https://${host}/`, {
|
|
270
|
+
method: 'POST',
|
|
271
|
+
headers,
|
|
272
|
+
body,
|
|
273
|
+
});
|
|
274
|
+
if (!response.ok) {
|
|
275
|
+
const errorBody = await response.text();
|
|
276
|
+
const errorMessage = parseXmlValue(errorBody, 'Message') ?? `HTTP ${response.status}`;
|
|
277
|
+
const errorCode = parseXmlValue(errorBody, 'Code') ?? `AWS_${response.status}`;
|
|
278
|
+
return {
|
|
279
|
+
success: false,
|
|
280
|
+
error: {
|
|
281
|
+
code: errorCode,
|
|
282
|
+
message: errorMessage,
|
|
283
|
+
details: errorBody,
|
|
284
|
+
},
|
|
285
|
+
};
|
|
286
|
+
}
|
|
287
|
+
const xml = await response.text();
|
|
288
|
+
const accessKeyId = parseXmlValue(xml, 'AccessKeyId');
|
|
289
|
+
const secretAccessKey = parseXmlValue(xml, 'SecretAccessKey');
|
|
290
|
+
const userName = parseXmlValue(xml, 'UserName');
|
|
291
|
+
if (!accessKeyId || !secretAccessKey) {
|
|
292
|
+
return {
|
|
293
|
+
success: false,
|
|
294
|
+
error: {
|
|
295
|
+
code: 'PARSE_ERROR',
|
|
296
|
+
message: 'Failed to parse access key from AWS response',
|
|
297
|
+
},
|
|
298
|
+
};
|
|
299
|
+
}
|
|
300
|
+
const now = new Date().toISOString();
|
|
301
|
+
const hasElevated = !config.userName; // Root-level keys are elevated
|
|
302
|
+
return {
|
|
303
|
+
success: true,
|
|
304
|
+
credentialValue: accessKeyId,
|
|
305
|
+
secondaryValue: secretAccessKey,
|
|
306
|
+
providerKeyId: accessKeyId,
|
|
307
|
+
metadata: {
|
|
308
|
+
userName: userName ?? config.userName,
|
|
309
|
+
keyType: 'long-lived',
|
|
310
|
+
},
|
|
311
|
+
passportInput: {
|
|
312
|
+
name: request.name,
|
|
313
|
+
credentialType: 'api-key',
|
|
314
|
+
credentialValue: `${accessKeyId}:${secretAccessKey}`,
|
|
315
|
+
visaType: this.mapToVisaType('aws', hasElevated),
|
|
316
|
+
issuingAuthority: 'AWS IAM',
|
|
317
|
+
platforms: [this.mapToPlatform('aws')],
|
|
318
|
+
scope: ['iam'],
|
|
319
|
+
validFrom: now,
|
|
320
|
+
humanOwner: request.humanOwner,
|
|
321
|
+
agentId: request.agentId,
|
|
322
|
+
delegationChain: request.delegationChain ?? [
|
|
323
|
+
{
|
|
324
|
+
from: request.humanOwner,
|
|
325
|
+
to: request.agentId ?? request.name,
|
|
326
|
+
grantedAt: now,
|
|
327
|
+
scope: ['iam'],
|
|
328
|
+
notes: `Provisioned via AWS IAM CreateAccessKey${config.userName ? ` (user: ${config.userName})` : ''}`,
|
|
329
|
+
},
|
|
330
|
+
],
|
|
331
|
+
tags: [...(request.tags ?? []), 'provisioned', 'aws', 'iam', 'long-lived'],
|
|
332
|
+
notes: request.notes ?? `AWS IAM access key${config.userName ? ` for user ${config.userName}` : ''}`,
|
|
333
|
+
},
|
|
334
|
+
};
|
|
335
|
+
}
|
|
336
|
+
async assumeRole(request, config) {
|
|
337
|
+
const auth = this.auth;
|
|
338
|
+
const region = auth.region ?? 'us-east-1';
|
|
339
|
+
const permissions = request.permissions;
|
|
340
|
+
if (!config.roleArn) {
|
|
341
|
+
return {
|
|
342
|
+
success: false,
|
|
343
|
+
error: {
|
|
344
|
+
code: 'MISSING_ROLE_ARN',
|
|
345
|
+
message: 'roleArn is required for STS AssumeRole',
|
|
346
|
+
},
|
|
347
|
+
};
|
|
348
|
+
}
|
|
349
|
+
const sessionName = config.sessionName ?? 'id-wispera-session';
|
|
350
|
+
const durationSeconds = config.durationSeconds ?? 3600;
|
|
351
|
+
let body = `Action=AssumeRole&Version=2011-06-15` +
|
|
352
|
+
`&RoleArn=${encodeURIComponent(config.roleArn)}` +
|
|
353
|
+
`&RoleSessionName=${encodeURIComponent(sessionName)}` +
|
|
354
|
+
`&DurationSeconds=${durationSeconds}`;
|
|
355
|
+
if (config.externalId) {
|
|
356
|
+
body += `&ExternalId=${encodeURIComponent(config.externalId)}`;
|
|
357
|
+
}
|
|
358
|
+
if (permissions?.sessionPolicy) {
|
|
359
|
+
body += `&Policy=${encodeURIComponent(permissions.sessionPolicy)}`;
|
|
360
|
+
}
|
|
361
|
+
if (permissions?.policyArns) {
|
|
362
|
+
permissions.policyArns.forEach((arn, index) => {
|
|
363
|
+
body += `&PolicyArns.member.${index + 1}.arn=${encodeURIComponent(arn)}`;
|
|
364
|
+
});
|
|
365
|
+
}
|
|
366
|
+
const host = 'sts.amazonaws.com';
|
|
367
|
+
const headers = await signRequest({
|
|
368
|
+
method: 'POST',
|
|
369
|
+
host,
|
|
370
|
+
path: '/',
|
|
371
|
+
body,
|
|
372
|
+
service: 'sts',
|
|
373
|
+
region,
|
|
374
|
+
accessKeyId: auth.accessKeyId,
|
|
375
|
+
secretAccessKey: auth.secretAccessKey,
|
|
376
|
+
});
|
|
377
|
+
const response = await fetch(`https://${host}/`, {
|
|
378
|
+
method: 'POST',
|
|
379
|
+
headers,
|
|
380
|
+
body,
|
|
381
|
+
});
|
|
382
|
+
if (!response.ok) {
|
|
383
|
+
const errorBody = await response.text();
|
|
384
|
+
const errorMessage = parseXmlValue(errorBody, 'Message') ?? `HTTP ${response.status}`;
|
|
385
|
+
const errorCode = parseXmlValue(errorBody, 'Code') ?? `AWS_${response.status}`;
|
|
386
|
+
return {
|
|
387
|
+
success: false,
|
|
388
|
+
error: {
|
|
389
|
+
code: errorCode,
|
|
390
|
+
message: errorMessage,
|
|
391
|
+
details: errorBody,
|
|
392
|
+
},
|
|
393
|
+
};
|
|
394
|
+
}
|
|
395
|
+
const xml = await response.text();
|
|
396
|
+
const accessKeyId = parseXmlValue(xml, 'AccessKeyId');
|
|
397
|
+
const secretAccessKey = parseXmlValue(xml, 'SecretAccessKey');
|
|
398
|
+
const sessionToken = parseXmlValue(xml, 'SessionToken');
|
|
399
|
+
const expiration = parseXmlValue(xml, 'Expiration');
|
|
400
|
+
if (!accessKeyId || !secretAccessKey || !sessionToken) {
|
|
401
|
+
return {
|
|
402
|
+
success: false,
|
|
403
|
+
error: {
|
|
404
|
+
code: 'PARSE_ERROR',
|
|
405
|
+
message: 'Failed to parse STS credentials from AWS response',
|
|
406
|
+
},
|
|
407
|
+
};
|
|
408
|
+
}
|
|
409
|
+
const now = new Date().toISOString();
|
|
410
|
+
const expiresAt = expiration ? new Date(expiration) : new Date(Date.now() + durationSeconds * 1000);
|
|
411
|
+
const hasElevated = !permissions?.sessionPolicy; // Unrestricted sessions are elevated
|
|
412
|
+
// Determine scope from role/policies
|
|
413
|
+
const scope = permissions?.sessionPolicy ? ['scoped-session'] : ['full-session'];
|
|
414
|
+
return {
|
|
415
|
+
success: true,
|
|
416
|
+
credentialValue: accessKeyId,
|
|
417
|
+
secondaryValue: `${secretAccessKey}:${sessionToken}`,
|
|
418
|
+
providerKeyId: accessKeyId,
|
|
419
|
+
metadata: {
|
|
420
|
+
roleArn: config.roleArn,
|
|
421
|
+
sessionName,
|
|
422
|
+
sessionToken,
|
|
423
|
+
keyType: 'temporary',
|
|
424
|
+
durationSeconds,
|
|
425
|
+
},
|
|
426
|
+
expiresAt,
|
|
427
|
+
passportInput: {
|
|
428
|
+
name: request.name,
|
|
429
|
+
credentialType: 'api-key',
|
|
430
|
+
credentialValue: `${accessKeyId}:${secretAccessKey}:${sessionToken}`,
|
|
431
|
+
visaType: this.mapToVisaType('aws', hasElevated),
|
|
432
|
+
issuingAuthority: 'AWS STS',
|
|
433
|
+
platforms: [this.mapToPlatform('aws')],
|
|
434
|
+
scope,
|
|
435
|
+
validFrom: now,
|
|
436
|
+
validUntil: expiresAt.toISOString(),
|
|
437
|
+
humanOwner: request.humanOwner,
|
|
438
|
+
agentId: request.agentId,
|
|
439
|
+
delegationChain: request.delegationChain ?? [
|
|
440
|
+
{
|
|
441
|
+
from: request.humanOwner,
|
|
442
|
+
to: request.agentId ?? request.name,
|
|
443
|
+
grantedAt: now,
|
|
444
|
+
scope,
|
|
445
|
+
expiresAt: expiresAt.toISOString(),
|
|
446
|
+
notes: `Provisioned via AWS STS AssumeRole (role: ${config.roleArn})`,
|
|
447
|
+
},
|
|
448
|
+
],
|
|
449
|
+
tags: [...(request.tags ?? []), 'provisioned', 'aws', 'sts', 'temporary'],
|
|
450
|
+
notes: request.notes ?? `AWS STS temporary credentials for role ${config.roleArn} (expires: ${expiresAt.toISOString()})`,
|
|
451
|
+
},
|
|
452
|
+
};
|
|
453
|
+
}
|
|
454
|
+
}
|
|
455
|
+
//# sourceMappingURL=aws.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"aws.js","sourceRoot":"","sources":["../../../src/provisioning/providers/aws.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC;AAW1D;;;GAGG;AAEH,KAAK,UAAU,UAAU,CAAC,GAAgB,EAAE,OAAe;IACzD,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC7C,KAAK,EACL,GAAG,EACH,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,EACjC,KAAK,EACL,CAAC,MAAM,CAAC,CACT,CAAC;IACF,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;AAClF,CAAC;AAED,KAAK,UAAU,MAAM,CAAC,OAAe;IACnC,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;IACtF,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC;SACpC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SAC3C,IAAI,CAAC,EAAE,CAAC,CAAC;AACd,CAAC;AAED,KAAK,UAAU,eAAe,CAC5B,SAAiB,EACjB,SAAiB,EACjB,MAAc,EACd,OAAe;IAEf,MAAM,KAAK,GAAG,MAAM,UAAU,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,SAAS,EAAE,CAAC,CAAC,MAAqB,EAAE,SAAS,CAAC,CAAC;IAC9G,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IAChD,MAAM,QAAQ,GAAG,MAAM,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACpD,OAAO,UAAU,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;AAC9C,CAAC;AAMD,KAAK,UAAU,WAAW,CAAC,MAS1B;IACC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,OAAO,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC;IAC/D,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAE1C,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAE9C,MAAM,gBAAgB,GACpB,kDAAkD;QAClD,QAAQ,MAAM,CAAC,IAAI,IAAI;QACvB,cAAc,OAAO,IAAI,CAAC;IAC5B,MAAM,iBAAiB,GAAG,8BAA8B,CAAC;IAEzD,MAAM,gBAAgB,GAAG;QACvB,MAAM,CAAC,MAAM;QACb,MAAM,CAAC,IAAI;QACX,EAAE,EAAE,gCAAgC;QACpC,gBAAgB;QAChB,iBAAiB;QACjB,WAAW;KACZ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEb,MAAM,eAAe,GAAG,GAAG,SAAS,IAAI,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,OAAO,eAAe,CAAC;IACvF,MAAM,YAAY,GAAG;QACnB,kBAAkB;QAClB,OAAO;QACP,eAAe;QACf,MAAM,MAAM,CAAC,gBAAgB,CAAC;KAC/B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEb,MAAM,UAAU,GAAG,MAAM,eAAe,CAAC,MAAM,CAAC,eAAe,EAAE,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;IAC3G,MAAM,eAAe,GAAG,MAAM,UAAU,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;IACnE,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,eAAe,CAAC,CAAC;SAC1D,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SAC3C,IAAI,CAAC,EAAE,CAAC,CAAC;IAEZ,MAAM,aAAa,GACjB,mBAAmB;QACnB,cAAc,MAAM,CAAC,WAAW,IAAI,eAAe,IAAI;QACvD,iBAAiB,iBAAiB,IAAI;QACtC,aAAa,SAAS,EAAE,CAAC;IAE3B,OAAO;QACL,cAAc,EAAE,mCAAmC;QACnD,MAAM,EAAE,MAAM,CAAC,IAAI;QACnB,YAAY,EAAE,OAAO;QACrB,eAAe,EAAE,aAAa;KAC/B,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,GAAW,EAAE,GAAW;IAC7C,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,IAAI,GAAG,aAAa,GAAG,GAAG,CAAC,CAAC;IACrD,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC9B,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;AACpB,CAAC;AAED,MAAM,OAAO,WAAY,SAAQ,wBAAwB;IAC9C,QAAQ,GAAyB,KAAK,CAAC;IAEvC,YAAY,GAAyB;QAC5C,SAAS,EAAE,IAAI;QACf,uBAAuB,EAAE,IAAI;QAC7B,SAAS,EAAE,IAAI;QACf,SAAS,EAAE,IAAI;QACf,OAAO,EAAE,IAAI;QACb,cAAc,EAAE,IAAI,EAAE,yBAAyB;QAC/C,kBAAkB,EAAE,IAAI,EAAE,gCAAgC;KAC3D,CAAC;IAEF,KAAK,CAAC,SAAS,CAAC,OAA4B;QAC1C,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAEzB,MAAM,MAAM,GAAG,OAAO,CAAC,MAAmB,CAAC;QAC3C,IAAI,MAAM,CAAC,QAAQ,KAAK,KAAK,EAAE,CAAC;YAC9B,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACL,IAAI,EAAE,gBAAgB;oBACtB,OAAO,EAAE,4BAA4B,MAAM,CAAC,QAAQ,EAAE;iBACvD;aACF,CAAC;QACJ,CAAC;QAED,IAAI,IAAI,CAAC,IAAI,EAAE,IAAI,KAAK,WAAW,EAAE,CAAC;YACpC,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACL,IAAI,EAAE,cAAc;oBACpB,OAAO,EAAE,gDAAgD;iBAC1D;aACF,CAAC;QACJ,CAAC;QAED,IAAI,CAAC;YACH,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACnB,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAChD,CAAC;iBAAM,CAAC;gBACN,OAAO,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YACrD,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACL,IAAI,EAAE,qBAAqB;oBAC3B,OAAO,EAAE,4BAA4B,OAAO,EAAE;iBAC/C;aACF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,IAAI;QACR,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAEzB,IAAI,IAAI,CAAC,IAAI,EAAE,IAAI,KAAK,WAAW,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;QACpE,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,WAAW,CAAC;QAC/C,MAAM,IAAI,GAAG,0CAA0C,CAAC;QACxD,MAAM,IAAI,GAAG,mBAAmB,CAAC;QAEjC,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC;YAChC,MAAM,EAAE,MAAM;YACd,IAAI;YACJ,IAAI,EAAE,GAAG;YACT,IAAI;YACJ,OAAO,EAAE,KAAK;YACd,MAAM;YACN,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,WAAW;YAClC,eAAe,EAAE,IAAI,CAAC,IAAI,CAAC,eAAe;SAC3C,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,WAAW,IAAI,GAAG,EAAE;YAC/C,MAAM,EAAE,MAAM;YACd,OAAO;YACP,IAAI;SACL,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CAAC,4BAA4B,QAAQ,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC,CAAC;QAC9E,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAElC,2CAA2C;QAC3C,MAAM,IAAI,GAAyE,EAAE,CAAC;QACtF,MAAM,WAAW,GAAG,+BAA+B,CAAC;QACpD,IAAI,KAA6B,CAAC;QAClC,OAAO,CAAC,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAChD,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACjC,MAAM,WAAW,GAAG,aAAa,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;YAC5D,MAAM,QAAQ,GAAG,aAAa,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;YACtD,MAAM,MAAM,GAAG,aAAa,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;YAClD,MAAM,UAAU,GAAG,aAAa,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;YAE1D,IAAI,WAAW,EAAE,CAAC;gBAChB,IAAI,CAAC,IAAI,CAAC;oBACR,EAAE,EAAE,WAAW;oBACf,IAAI,EAAE,QAAQ,IAAI,WAAW;oBAC7B,SAAS,EAAE,UAAU,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE;oBACzD,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,QAAQ;iBAC1C,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,aAAqB,EAAE,OAA4B;QAC9D,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QAEpD,OAAO;YACL,aAAa;YACb,QAAQ,EAAE,aAAa;YACvB,0BAA0B,EAAE,GAAG,EAAE,gCAAgC;SAClE,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAAa;QACxB,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAEzB,IAAI,IAAI,CAAC,IAAI,EAAE,IAAI,KAAK,WAAW,EAAE,CAAC;YACpC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,gDAAgD,EAAE,CAAC;QACrF,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,WAAW,CAAC;YAC/C,MAAM,IAAI,GAAG,sCAAsC,kBAAkB,CAAC,KAAK,CAAC,qBAAqB,CAAC;YAClG,MAAM,IAAI,GAAG,mBAAmB,CAAC;YAEjC,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC;gBAChC,MAAM,EAAE,MAAM;gBACd,IAAI;gBACJ,IAAI,EAAE,GAAG;gBACT,IAAI;gBACJ,OAAO,EAAE,KAAK;gBACd,MAAM;gBACN,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,WAAW;gBAClC,eAAe,EAAE,IAAI,CAAC,IAAI,CAAC,eAAe;aAC3C,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,WAAW,IAAI,GAAG,EAAE;gBAC/C,MAAM,EAAE,MAAM;gBACd,OAAO;gBACP,IAAI;aACL,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;gBACxC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,yBAAyB,QAAQ,CAAC,MAAM,IAAI,SAAS,EAAE,EAAE,CAAC;YAC5F,CAAC;YAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC3B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;QAC5C,CAAC;IACH,CAAC;IAED,KAAK,CAAC,YAAY;QAChB,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAEzB,IAAI,IAAI,CAAC,IAAI,EAAE,IAAI,KAAK,WAAW,EAAE,CAAC;YACpC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,gDAAgD,EAAE,CAAC;QACnF,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,WAAW,CAAC;YAC/C,MAAM,IAAI,GAAG,6CAA6C,CAAC;YAC3D,MAAM,IAAI,GAAG,mBAAmB,CAAC;YAEjC,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC;gBAChC,MAAM,EAAE,MAAM;gBACd,IAAI;gBACJ,IAAI,EAAE,GAAG;gBACT,IAAI;gBACJ,OAAO,EAAE,KAAK;gBACd,MAAM;gBACN,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,WAAW;gBAClC,eAAe,EAAE,IAAI,CAAC,IAAI,CAAC,eAAe;aAC3C,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,WAAW,IAAI,GAAG,EAAE;gBAC/C,MAAM,EAAE,MAAM;gBACd,OAAO;gBACP,IAAI;aACL,CAAC,CAAC;YAEH,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAChB,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;YACzB,CAAC;YAED,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,2BAA2B,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC;QAC/E,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;QAC1C,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,eAAe,CAC3B,OAA4B,EAC5B,MAAiB;QAEjB,MAAM,IAAI,GAAG,IAAI,CAAC,IAA4F,CAAC;QAC/G,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,WAAW,CAAC;QAE1C,IAAI,IAAI,GAAG,2CAA2C,CAAC;QACvD,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACpB,IAAI,IAAI,aAAa,kBAAkB,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC7D,CAAC;QAED,MAAM,IAAI,GAAG,mBAAmB,CAAC;QACjC,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC;YAChC,MAAM,EAAE,MAAM;YACd,IAAI;YACJ,IAAI,EAAE,GAAG;YACT,IAAI;YACJ,OAAO,EAAE,KAAK;YACd,MAAM;YACN,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,eAAe,EAAE,IAAI,CAAC,eAAe;SACtC,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,WAAW,IAAI,GAAG,EAAE;YAC/C,MAAM,EAAE,MAAM;YACd,OAAO;YACP,IAAI;SACL,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACxC,MAAM,YAAY,GAAG,aAAa,CAAC,SAAS,EAAE,SAAS,CAAC,IAAI,QAAQ,QAAQ,CAAC,MAAM,EAAE,CAAC;YACtF,MAAM,SAAS,GAAG,aAAa,CAAC,SAAS,EAAE,MAAM,CAAC,IAAI,OAAO,QAAQ,CAAC,MAAM,EAAE,CAAC;YAC/E,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACL,IAAI,EAAE,SAAS;oBACf,OAAO,EAAE,YAAY;oBACrB,OAAO,EAAE,SAAS;iBACnB;aACF,CAAC;QACJ,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAClC,MAAM,WAAW,GAAG,aAAa,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC;QACtD,MAAM,eAAe,GAAG,aAAa,CAAC,GAAG,EAAE,iBAAiB,CAAC,CAAC;QAC9D,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;QAEhD,IAAI,CAAC,WAAW,IAAI,CAAC,eAAe,EAAE,CAAC;YACrC,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACL,IAAI,EAAE,aAAa;oBACnB,OAAO,EAAE,8CAA8C;iBACxD;aACF,CAAC;QACJ,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACrC,MAAM,WAAW,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,+BAA+B;QAErE,OAAO;YACL,OAAO,EAAE,IAAI;YACb,eAAe,EAAE,WAAW;YAC5B,cAAc,EAAE,eAAe;YAC/B,aAAa,EAAE,WAAW;YAC1B,QAAQ,EAAE;gBACR,QAAQ,EAAE,QAAQ,IAAI,MAAM,CAAC,QAAQ;gBACrC,OAAO,EAAE,YAAY;aACtB;YACD,aAAa,EAAE;gBACb,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,cAAc,EAAE,SAAS;gBACzB,eAAe,EAAE,GAAG,WAAW,IAAI,eAAe,EAAE;gBACpD,QAAQ,EAAE,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,WAAW,CAAC;gBAChD,gBAAgB,EAAE,SAAS;gBAC3B,SAAS,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;gBACtC,KAAK,EAAE,CAAC,KAAK,CAAC;gBACd,SAAS,EAAE,GAAG;gBACd,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,eAAe,EAAE,OAAO,CAAC,eAAe,IAAI;oBAC1C;wBACE,IAAI,EAAE,OAAO,CAAC,UAAU;wBACxB,EAAE,EAAE,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,IAAI;wBACnC,SAAS,EAAE,GAAG;wBACd,KAAK,EAAE,CAAC,KAAK,CAAC;wBACd,KAAK,EAAE,0CAA0C,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,MAAM,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;qBACxG;iBACF;gBACD,IAAI,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,EAAE,CAAC,EAAE,aAAa,EAAE,KAAK,EAAE,KAAK,EAAE,YAAY,CAAC;gBAC1E,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,qBAAqB,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,aAAa,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE;aACrG;SACF,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,UAAU,CACtB,OAA4B,EAC5B,MAAiB;QAEjB,MAAM,IAAI,GAAG,IAAI,CAAC,IAA4F,CAAC;QAC/G,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,WAAW,CAAC;QAC1C,MAAM,WAAW,GAAG,OAAO,CAAC,WAAyC,CAAC;QAEtE,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACL,IAAI,EAAE,kBAAkB;oBACxB,OAAO,EAAE,wCAAwC;iBAClD;aACF,CAAC;QACJ,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,IAAI,oBAAoB,CAAC;QAC/D,MAAM,eAAe,GAAG,MAAM,CAAC,eAAe,IAAI,IAAI,CAAC;QAEvD,IAAI,IAAI,GAAG,sCAAsC;YAC/C,YAAY,kBAAkB,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE;YAChD,oBAAoB,kBAAkB,CAAC,WAAW,CAAC,EAAE;YACrD,oBAAoB,eAAe,EAAE,CAAC;QAExC,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YACtB,IAAI,IAAI,eAAe,kBAAkB,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;QACjE,CAAC;QAED,IAAI,WAAW,EAAE,aAAa,EAAE,CAAC;YAC/B,IAAI,IAAI,WAAW,kBAAkB,CAAC,WAAW,CAAC,aAAa,CAAC,EAAE,CAAC;QACrE,CAAC;QAED,IAAI,WAAW,EAAE,UAAU,EAAE,CAAC;YAC5B,WAAW,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;gBAC5C,IAAI,IAAI,sBAAsB,KAAK,GAAG,CAAC,QAAQ,kBAAkB,CAAC,GAAG,CAAC,EAAE,CAAC;YAC3E,CAAC,CAAC,CAAC;QACL,CAAC;QAED,MAAM,IAAI,GAAG,mBAAmB,CAAC;QACjC,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC;YAChC,MAAM,EAAE,MAAM;YACd,IAAI;YACJ,IAAI,EAAE,GAAG;YACT,IAAI;YACJ,OAAO,EAAE,KAAK;YACd,MAAM;YACN,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,eAAe,EAAE,IAAI,CAAC,eAAe;SACtC,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,WAAW,IAAI,GAAG,EAAE;YAC/C,MAAM,EAAE,MAAM;YACd,OAAO;YACP,IAAI;SACL,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACxC,MAAM,YAAY,GAAG,aAAa,CAAC,SAAS,EAAE,SAAS,CAAC,IAAI,QAAQ,QAAQ,CAAC,MAAM,EAAE,CAAC;YACtF,MAAM,SAAS,GAAG,aAAa,CAAC,SAAS,EAAE,MAAM,CAAC,IAAI,OAAO,QAAQ,CAAC,MAAM,EAAE,CAAC;YAC/E,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACL,IAAI,EAAE,SAAS;oBACf,OAAO,EAAE,YAAY;oBACrB,OAAO,EAAE,SAAS;iBACnB;aACF,CAAC;QACJ,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAClC,MAAM,WAAW,GAAG,aAAa,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC;QACtD,MAAM,eAAe,GAAG,aAAa,CAAC,GAAG,EAAE,iBAAiB,CAAC,CAAC;QAC9D,MAAM,YAAY,GAAG,aAAa,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC;QACxD,MAAM,UAAU,GAAG,aAAa,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;QAEpD,IAAI,CAAC,WAAW,IAAI,CAAC,eAAe,IAAI,CAAC,YAAY,EAAE,CAAC;YACtD,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACL,IAAI,EAAE,aAAa;oBACnB,OAAO,EAAE,mDAAmD;iBAC7D;aACF,CAAC;QACJ,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACrC,MAAM,SAAS,GAAG,UAAU,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,eAAe,GAAG,IAAI,CAAC,CAAC;QACpG,MAAM,WAAW,GAAG,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC,qCAAqC;QAEtF,qCAAqC;QACrC,MAAM,KAAK,GAAG,WAAW,EAAE,aAAa,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC;QAEjF,OAAO;YACL,OAAO,EAAE,IAAI;YACb,eAAe,EAAE,WAAW;YAC5B,cAAc,EAAE,GAAG,eAAe,IAAI,YAAY,EAAE;YACpD,aAAa,EAAE,WAAW;YAC1B,QAAQ,EAAE;gBACR,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,WAAW;gBACX,YAAY;gBACZ,OAAO,EAAE,WAAW;gBACpB,eAAe;aAChB;YACD,SAAS;YACT,aAAa,EAAE;gBACb,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,cAAc,EAAE,SAAS;gBACzB,eAAe,EAAE,GAAG,WAAW,IAAI,eAAe,IAAI,YAAY,EAAE;gBACpE,QAAQ,EAAE,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,WAAW,CAAC;gBAChD,gBAAgB,EAAE,SAAS;gBAC3B,SAAS,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;gBACtC,KAAK;gBACL,SAAS,EAAE,GAAG;gBACd,UAAU,EAAE,SAAS,CAAC,WAAW,EAAE;gBACnC,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,eAAe,EAAE,OAAO,CAAC,eAAe,IAAI;oBAC1C;wBACE,IAAI,EAAE,OAAO,CAAC,UAAU;wBACxB,EAAE,EAAE,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,IAAI;wBACnC,SAAS,EAAE,GAAG;wBACd,KAAK;wBACL,SAAS,EAAE,SAAS,CAAC,WAAW,EAAE;wBAClC,KAAK,EAAE,6CAA6C,MAAM,CAAC,OAAO,GAAG;qBACtE;iBACF;gBACD,IAAI,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,EAAE,CAAC,EAAE,aAAa,EAAE,KAAK,EAAE,KAAK,EAAE,WAAW,CAAC;gBACzE,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,0CAA0C,MAAM,CAAC,OAAO,cAAc,SAAS,CAAC,WAAW,EAAE,GAAG;aACzH;SACF,CAAC;IACJ,CAAC;CACF"}
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Azure Entra (formerly Azure AD) Provisioning Provider
|
|
3
|
+
* Creates app registrations and client secrets via Microsoft Graph API.
|
|
4
|
+
*/
|
|
5
|
+
import { BaseProvisioningProvider } from '../provider.js';
|
|
6
|
+
import { ProvisioningProvider, ProviderCapabilities, ProvisioningRequest, ProvisioningResult, RotationResult } from '../types.js';
|
|
7
|
+
export declare class AzureEntraProvider extends BaseProvisioningProvider {
|
|
8
|
+
readonly provider: ProvisioningProvider;
|
|
9
|
+
readonly capabilities: ProviderCapabilities;
|
|
10
|
+
private accessToken?;
|
|
11
|
+
provision(request: ProvisioningRequest): Promise<ProvisioningResult>;
|
|
12
|
+
list(): Promise<Array<{
|
|
13
|
+
id: string;
|
|
14
|
+
name: string;
|
|
15
|
+
createdAt: Date;
|
|
16
|
+
status: string;
|
|
17
|
+
}>>;
|
|
18
|
+
rotate(existingKeyId: string, request: ProvisioningRequest): Promise<RotationResult>;
|
|
19
|
+
revoke(keyId: string): Promise<{
|
|
20
|
+
success: boolean;
|
|
21
|
+
error?: string;
|
|
22
|
+
}>;
|
|
23
|
+
validateAuth(): Promise<{
|
|
24
|
+
valid: boolean;
|
|
25
|
+
error?: string;
|
|
26
|
+
}>;
|
|
27
|
+
private ensureAccessToken;
|
|
28
|
+
private createAppAndSecret;
|
|
29
|
+
private addSecretToApp;
|
|
30
|
+
private addPasswordToApplication;
|
|
31
|
+
}
|
|
32
|
+
//# sourceMappingURL=azure-entra.d.ts.map
|