@karmaniverous/get-dotenv 7.0.6 → 7.0.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (51) hide show
  1. package/dist/chunks/{createCli-BkHLeYXL.mjs → createCli-CUPiFVdZ.mjs} +27 -10
  2. package/dist/chunks/index-CNXekCQC.mjs +96 -0
  3. package/dist/chunks/{index-Dd6S1nZ-.mjs → index-DnG3N6yj.mjs} +6 -6
  4. package/dist/chunks/{loader-V1vbmtyw.mjs → loader-C3DtD6HB.mjs} +4 -2
  5. package/dist/chunks/{readDotenvCascade-Dgx4SC1p.mjs → readDotenvCascade-CfFPgLCp.mjs} +52 -21
  6. package/dist/chunks/{readMergedOptions-CraAnYdB.mjs → readMergedOptions-BT1C87_u.mjs} +53 -13
  7. package/dist/chunks/{resolveCliOptions-BMBkWDYJ.mjs → resolveCliOptions-BbfouWSK.mjs} +1 -1
  8. package/dist/chunks/{spawnEnv-CKgnHGpr.mjs → spawnEnv-DvisqPiU.mjs} +28 -3
  9. package/dist/chunks/{types-BthqmnDr.mjs → types-BkQxnyZK.mjs} +1 -1
  10. package/dist/cli.d.ts +29 -8
  11. package/dist/cli.mjs +11 -15
  12. package/dist/cliHost.d.ts +29 -8
  13. package/dist/cliHost.mjs +6 -6
  14. package/dist/config.d.ts +1 -1
  15. package/dist/config.mjs +1 -1
  16. package/dist/env-overlay.d.ts +13 -9
  17. package/dist/env-overlay.mjs +2 -2
  18. package/dist/getdotenv.cli.mjs +11 -15
  19. package/dist/index.d.ts +30 -9
  20. package/dist/index.mjs +31 -23
  21. package/dist/plugins-aws.d.ts +12 -1
  22. package/dist/plugins-aws.mjs +8 -7
  23. package/dist/plugins-batch.d.ts +28 -1
  24. package/dist/plugins-batch.mjs +202 -68
  25. package/dist/plugins-cmd.d.ts +12 -1
  26. package/dist/plugins-cmd.mjs +6 -6
  27. package/dist/plugins-init.d.ts +12 -1
  28. package/dist/plugins-init.mjs +3 -3
  29. package/dist/plugins.d.ts +14 -1
  30. package/dist/plugins.mjs +10 -14
  31. package/package.json +40 -40
  32. package/schema/getdotenv.config.schema.json +207 -0
  33. package/dist/chunks/AwsRestJsonProtocol-4m7HHwvS.mjs +0 -1026
  34. package/dist/chunks/externalDataInterceptor-DyDNbv-D.mjs +0 -19
  35. package/dist/chunks/getSSOTokenFromFile-CkYcEieD.mjs +0 -22
  36. package/dist/chunks/index-B35hOhgq.mjs +0 -669
  37. package/dist/chunks/index-B3fM_U6F.mjs +0 -349
  38. package/dist/chunks/index-B_yJRqty.mjs +0 -541
  39. package/dist/chunks/index-BuxEK_Z4.mjs +0 -12529
  40. package/dist/chunks/index-C58EanKv.mjs +0 -383
  41. package/dist/chunks/index-CjWZ4uNg.mjs +0 -103
  42. package/dist/chunks/index-CsI5JuIM.mjs +0 -188
  43. package/dist/chunks/index-D-a5vkZL.mjs +0 -82
  44. package/dist/chunks/index-D6iVe1wh.mjs +0 -946
  45. package/dist/chunks/index-Dl8qC51H.mjs +0 -290
  46. package/dist/chunks/index-FT37CtcF.mjs +0 -31
  47. package/dist/chunks/index-QkVZTs6l.mjs +0 -519
  48. package/dist/chunks/loadSso-DF7GLUZf.mjs +0 -488
  49. package/dist/chunks/package-DbbYaehr.mjs +0 -5
  50. package/dist/chunks/parseKnownFiles-BZNrX_JE.mjs +0 -23
  51. package/dist/chunks/sdk-stream-mixin-BL49AxZx.mjs +0 -307
@@ -1,383 +0,0 @@
1
- import { parse } from 'node:url';
2
- import { request } from 'node:http';
3
- import { J as ProviderError, e as CredentialsProviderError, aA as parseUrl, ar as loadConfig } from './index-BuxEK_Z4.mjs';
4
- import './readMergedOptions-CraAnYdB.mjs';
5
- import 'zod';
6
- import '@commander-js/extra-typings';
7
- import './readDotenvCascade-Dgx4SC1p.mjs';
8
- import 'fs-extra';
9
- import 'radash';
10
- import 'node:buffer';
11
- import 'node:path';
12
- import './loadModuleDefault-Dj8B3Stt.mjs';
13
- import 'crypto';
14
- import 'path';
15
- import 'url';
16
- import 'dotenv';
17
- import 'nanoid';
18
- import './loader-V1vbmtyw.mjs';
19
- import 'package-directory';
20
- import 'yaml';
21
- import 'execa';
22
- import 'node:os';
23
- import 'node:fs/promises';
24
- import 'node:stream';
25
- import 'node:crypto';
26
- import 'node:fs';
27
- import 'node:https';
28
- import 'node:process';
29
-
30
- const isImdsCredentials = (arg) => Boolean(arg) &&
31
- typeof arg === "object" &&
32
- typeof arg.AccessKeyId === "string" &&
33
- typeof arg.SecretAccessKey === "string" &&
34
- typeof arg.Token === "string" &&
35
- typeof arg.Expiration === "string";
36
- const fromImdsCredentials = (creds) => ({
37
- accessKeyId: creds.AccessKeyId,
38
- secretAccessKey: creds.SecretAccessKey,
39
- sessionToken: creds.Token,
40
- expiration: new Date(creds.Expiration),
41
- ...(creds.AccountId && { accountId: creds.AccountId }),
42
- });
43
-
44
- const DEFAULT_TIMEOUT = 1000;
45
- const DEFAULT_MAX_RETRIES = 0;
46
- const providerConfigFromInit = ({ maxRetries = DEFAULT_MAX_RETRIES, timeout = DEFAULT_TIMEOUT, }) => ({ maxRetries, timeout });
47
-
48
- function httpRequest(options) {
49
- return new Promise((resolve, reject) => {
50
- const req = request({
51
- method: "GET",
52
- ...options,
53
- hostname: options.hostname?.replace(/^\[(.+)\]$/, "$1"),
54
- });
55
- req.on("error", (err) => {
56
- reject(Object.assign(new ProviderError("Unable to connect to instance metadata service"), err));
57
- req.destroy();
58
- });
59
- req.on("timeout", () => {
60
- reject(new ProviderError("TimeoutError from instance metadata service"));
61
- req.destroy();
62
- });
63
- req.on("response", (res) => {
64
- const { statusCode = 400 } = res;
65
- if (statusCode < 200 || 300 <= statusCode) {
66
- reject(Object.assign(new ProviderError("Error response received from instance metadata service"), { statusCode }));
67
- req.destroy();
68
- }
69
- const chunks = [];
70
- res.on("data", (chunk) => {
71
- chunks.push(chunk);
72
- });
73
- res.on("end", () => {
74
- resolve(Buffer.concat(chunks));
75
- req.destroy();
76
- });
77
- });
78
- req.end();
79
- });
80
- }
81
-
82
- const retry = (toRetry, maxRetries) => {
83
- let promise = toRetry();
84
- for (let i = 0; i < maxRetries; i++) {
85
- promise = promise.catch(toRetry);
86
- }
87
- return promise;
88
- };
89
-
90
- const ENV_CMDS_FULL_URI = "AWS_CONTAINER_CREDENTIALS_FULL_URI";
91
- const ENV_CMDS_RELATIVE_URI = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI";
92
- const ENV_CMDS_AUTH_TOKEN = "AWS_CONTAINER_AUTHORIZATION_TOKEN";
93
- const fromContainerMetadata = (init = {}) => {
94
- const { timeout, maxRetries } = providerConfigFromInit(init);
95
- return () => retry(async () => {
96
- const requestOptions = await getCmdsUri({ logger: init.logger });
97
- const credsResponse = JSON.parse(await requestFromEcsImds(timeout, requestOptions));
98
- if (!isImdsCredentials(credsResponse)) {
99
- throw new CredentialsProviderError("Invalid response received from instance metadata service.", {
100
- logger: init.logger,
101
- });
102
- }
103
- return fromImdsCredentials(credsResponse);
104
- }, maxRetries);
105
- };
106
- const requestFromEcsImds = async (timeout, options) => {
107
- if (process.env[ENV_CMDS_AUTH_TOKEN]) {
108
- options.headers = {
109
- ...options.headers,
110
- Authorization: process.env[ENV_CMDS_AUTH_TOKEN],
111
- };
112
- }
113
- const buffer = await httpRequest({
114
- ...options,
115
- timeout,
116
- });
117
- return buffer.toString();
118
- };
119
- const CMDS_IP = "169.254.170.2";
120
- const GREENGRASS_HOSTS = {
121
- localhost: true,
122
- "127.0.0.1": true,
123
- };
124
- const GREENGRASS_PROTOCOLS = {
125
- "http:": true,
126
- "https:": true,
127
- };
128
- const getCmdsUri = async ({ logger }) => {
129
- if (process.env[ENV_CMDS_RELATIVE_URI]) {
130
- return {
131
- hostname: CMDS_IP,
132
- path: process.env[ENV_CMDS_RELATIVE_URI],
133
- };
134
- }
135
- if (process.env[ENV_CMDS_FULL_URI]) {
136
- const parsed = parse(process.env[ENV_CMDS_FULL_URI]);
137
- if (!parsed.hostname || !(parsed.hostname in GREENGRASS_HOSTS)) {
138
- throw new CredentialsProviderError(`${parsed.hostname} is not a valid container metadata service hostname`, {
139
- tryNextLink: false,
140
- logger,
141
- });
142
- }
143
- if (!parsed.protocol || !(parsed.protocol in GREENGRASS_PROTOCOLS)) {
144
- throw new CredentialsProviderError(`${parsed.protocol} is not a valid container metadata service protocol`, {
145
- tryNextLink: false,
146
- logger,
147
- });
148
- }
149
- return {
150
- ...parsed,
151
- port: parsed.port ? parseInt(parsed.port, 10) : undefined,
152
- };
153
- }
154
- throw new CredentialsProviderError("The container metadata credential provider cannot be used unless" +
155
- ` the ${ENV_CMDS_RELATIVE_URI} or ${ENV_CMDS_FULL_URI} environment` +
156
- " variable is set", {
157
- tryNextLink: false,
158
- logger,
159
- });
160
- };
161
-
162
- class InstanceMetadataV1FallbackError extends CredentialsProviderError {
163
- tryNextLink;
164
- name = "InstanceMetadataV1FallbackError";
165
- constructor(message, tryNextLink = true) {
166
- super(message, tryNextLink);
167
- this.tryNextLink = tryNextLink;
168
- Object.setPrototypeOf(this, InstanceMetadataV1FallbackError.prototype);
169
- }
170
- }
171
-
172
- var Endpoint;
173
- (function (Endpoint) {
174
- Endpoint["IPv4"] = "http://169.254.169.254";
175
- Endpoint["IPv6"] = "http://[fd00:ec2::254]";
176
- })(Endpoint || (Endpoint = {}));
177
-
178
- const ENV_ENDPOINT_NAME = "AWS_EC2_METADATA_SERVICE_ENDPOINT";
179
- const CONFIG_ENDPOINT_NAME = "ec2_metadata_service_endpoint";
180
- const ENDPOINT_CONFIG_OPTIONS = {
181
- environmentVariableSelector: (env) => env[ENV_ENDPOINT_NAME],
182
- configFileSelector: (profile) => profile[CONFIG_ENDPOINT_NAME],
183
- default: undefined,
184
- };
185
-
186
- var EndpointMode;
187
- (function (EndpointMode) {
188
- EndpointMode["IPv4"] = "IPv4";
189
- EndpointMode["IPv6"] = "IPv6";
190
- })(EndpointMode || (EndpointMode = {}));
191
-
192
- const ENV_ENDPOINT_MODE_NAME = "AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE";
193
- const CONFIG_ENDPOINT_MODE_NAME = "ec2_metadata_service_endpoint_mode";
194
- const ENDPOINT_MODE_CONFIG_OPTIONS = {
195
- environmentVariableSelector: (env) => env[ENV_ENDPOINT_MODE_NAME],
196
- configFileSelector: (profile) => profile[CONFIG_ENDPOINT_MODE_NAME],
197
- default: EndpointMode.IPv4,
198
- };
199
-
200
- const getInstanceMetadataEndpoint = async () => parseUrl((await getFromEndpointConfig()) || (await getFromEndpointModeConfig()));
201
- const getFromEndpointConfig = async () => loadConfig(ENDPOINT_CONFIG_OPTIONS)();
202
- const getFromEndpointModeConfig = async () => {
203
- const endpointMode = await loadConfig(ENDPOINT_MODE_CONFIG_OPTIONS)();
204
- switch (endpointMode) {
205
- case EndpointMode.IPv4:
206
- return Endpoint.IPv4;
207
- case EndpointMode.IPv6:
208
- return Endpoint.IPv6;
209
- default:
210
- throw new Error(`Unsupported endpoint mode: ${endpointMode}.` + ` Select from ${Object.values(EndpointMode)}`);
211
- }
212
- };
213
-
214
- const STATIC_STABILITY_REFRESH_INTERVAL_SECONDS = 5 * 60;
215
- const STATIC_STABILITY_REFRESH_INTERVAL_JITTER_WINDOW_SECONDS = 5 * 60;
216
- const STATIC_STABILITY_DOC_URL = "https://docs.aws.amazon.com/sdkref/latest/guide/feature-static-credentials.html";
217
- const getExtendedInstanceMetadataCredentials = (credentials, logger) => {
218
- const refreshInterval = STATIC_STABILITY_REFRESH_INTERVAL_SECONDS +
219
- Math.floor(Math.random() * STATIC_STABILITY_REFRESH_INTERVAL_JITTER_WINDOW_SECONDS);
220
- const newExpiration = new Date(Date.now() + refreshInterval * 1000);
221
- logger.warn("Attempting credential expiration extension due to a credential service availability issue. A refresh of these " +
222
- `credentials will be attempted after ${new Date(newExpiration)}.\nFor more information, please visit: ` +
223
- STATIC_STABILITY_DOC_URL);
224
- const originalExpiration = credentials.originalExpiration ?? credentials.expiration;
225
- return {
226
- ...credentials,
227
- ...(originalExpiration ? { originalExpiration } : {}),
228
- expiration: newExpiration,
229
- };
230
- };
231
-
232
- const staticStabilityProvider = (provider, options = {}) => {
233
- const logger = options?.logger || console;
234
- let pastCredentials;
235
- return async () => {
236
- let credentials;
237
- try {
238
- credentials = await provider();
239
- if (credentials.expiration && credentials.expiration.getTime() < Date.now()) {
240
- credentials = getExtendedInstanceMetadataCredentials(credentials, logger);
241
- }
242
- }
243
- catch (e) {
244
- if (pastCredentials) {
245
- logger.warn("Credential renew failed: ", e);
246
- credentials = getExtendedInstanceMetadataCredentials(pastCredentials, logger);
247
- }
248
- else {
249
- throw e;
250
- }
251
- }
252
- pastCredentials = credentials;
253
- return credentials;
254
- };
255
- };
256
-
257
- const IMDS_PATH = "/latest/meta-data/iam/security-credentials/";
258
- const IMDS_TOKEN_PATH = "/latest/api/token";
259
- const AWS_EC2_METADATA_V1_DISABLED = "AWS_EC2_METADATA_V1_DISABLED";
260
- const PROFILE_AWS_EC2_METADATA_V1_DISABLED = "ec2_metadata_v1_disabled";
261
- const X_AWS_EC2_METADATA_TOKEN = "x-aws-ec2-metadata-token";
262
- const fromInstanceMetadata = (init = {}) => staticStabilityProvider(getInstanceMetadataProvider(init), { logger: init.logger });
263
- const getInstanceMetadataProvider = (init = {}) => {
264
- let disableFetchToken = false;
265
- const { logger, profile } = init;
266
- const { timeout, maxRetries } = providerConfigFromInit(init);
267
- const getCredentials = async (maxRetries, options) => {
268
- const isImdsV1Fallback = disableFetchToken || options.headers?.[X_AWS_EC2_METADATA_TOKEN] == null;
269
- if (isImdsV1Fallback) {
270
- let fallbackBlockedFromProfile = false;
271
- let fallbackBlockedFromProcessEnv = false;
272
- const configValue = await loadConfig({
273
- environmentVariableSelector: (env) => {
274
- const envValue = env[AWS_EC2_METADATA_V1_DISABLED];
275
- fallbackBlockedFromProcessEnv = !!envValue && envValue !== "false";
276
- if (envValue === undefined) {
277
- throw new CredentialsProviderError(`${AWS_EC2_METADATA_V1_DISABLED} not set in env, checking config file next.`, { logger: init.logger });
278
- }
279
- return fallbackBlockedFromProcessEnv;
280
- },
281
- configFileSelector: (profile) => {
282
- const profileValue = profile[PROFILE_AWS_EC2_METADATA_V1_DISABLED];
283
- fallbackBlockedFromProfile = !!profileValue && profileValue !== "false";
284
- return fallbackBlockedFromProfile;
285
- },
286
- default: false,
287
- }, {
288
- profile,
289
- })();
290
- if (init.ec2MetadataV1Disabled || configValue) {
291
- const causes = [];
292
- if (init.ec2MetadataV1Disabled)
293
- causes.push("credential provider initialization (runtime option ec2MetadataV1Disabled)");
294
- if (fallbackBlockedFromProfile)
295
- causes.push(`config file profile (${PROFILE_AWS_EC2_METADATA_V1_DISABLED})`);
296
- if (fallbackBlockedFromProcessEnv)
297
- causes.push(`process environment variable (${AWS_EC2_METADATA_V1_DISABLED})`);
298
- throw new InstanceMetadataV1FallbackError(`AWS EC2 Metadata v1 fallback has been blocked by AWS SDK configuration in the following: [${causes.join(", ")}].`);
299
- }
300
- }
301
- const imdsProfile = (await retry(async () => {
302
- let profile;
303
- try {
304
- profile = await getProfile(options);
305
- }
306
- catch (err) {
307
- if (err.statusCode === 401) {
308
- disableFetchToken = false;
309
- }
310
- throw err;
311
- }
312
- return profile;
313
- }, maxRetries)).trim();
314
- return retry(async () => {
315
- let creds;
316
- try {
317
- creds = await getCredentialsFromProfile(imdsProfile, options, init);
318
- }
319
- catch (err) {
320
- if (err.statusCode === 401) {
321
- disableFetchToken = false;
322
- }
323
- throw err;
324
- }
325
- return creds;
326
- }, maxRetries);
327
- };
328
- return async () => {
329
- const endpoint = await getInstanceMetadataEndpoint();
330
- if (disableFetchToken) {
331
- logger?.debug("AWS SDK Instance Metadata", "using v1 fallback (no token fetch)");
332
- return getCredentials(maxRetries, { ...endpoint, timeout });
333
- }
334
- else {
335
- let token;
336
- try {
337
- token = (await getMetadataToken({ ...endpoint, timeout })).toString();
338
- }
339
- catch (error) {
340
- if (error?.statusCode === 400) {
341
- throw Object.assign(error, {
342
- message: "EC2 Metadata token request returned error",
343
- });
344
- }
345
- else if (error.message === "TimeoutError" || [403, 404, 405].includes(error.statusCode)) {
346
- disableFetchToken = true;
347
- }
348
- logger?.debug("AWS SDK Instance Metadata", "using v1 fallback (initial)");
349
- return getCredentials(maxRetries, { ...endpoint, timeout });
350
- }
351
- return getCredentials(maxRetries, {
352
- ...endpoint,
353
- headers: {
354
- [X_AWS_EC2_METADATA_TOKEN]: token,
355
- },
356
- timeout,
357
- });
358
- }
359
- };
360
- };
361
- const getMetadataToken = async (options) => httpRequest({
362
- ...options,
363
- path: IMDS_TOKEN_PATH,
364
- method: "PUT",
365
- headers: {
366
- "x-aws-ec2-metadata-token-ttl-seconds": "21600",
367
- },
368
- });
369
- const getProfile = async (options) => (await httpRequest({ ...options, path: IMDS_PATH })).toString();
370
- const getCredentialsFromProfile = async (profile, options, init) => {
371
- const credentialsResponse = JSON.parse((await httpRequest({
372
- ...options,
373
- path: IMDS_PATH + profile,
374
- })).toString());
375
- if (!isImdsCredentials(credentialsResponse)) {
376
- throw new CredentialsProviderError("Invalid response received from instance metadata service.", {
377
- logger: init.logger,
378
- });
379
- }
380
- return fromImdsCredentials(credentialsResponse);
381
- };
382
-
383
- export { DEFAULT_MAX_RETRIES, DEFAULT_TIMEOUT, ENV_CMDS_AUTH_TOKEN, ENV_CMDS_FULL_URI, ENV_CMDS_RELATIVE_URI, Endpoint, fromContainerMetadata, fromInstanceMetadata, getInstanceMetadataEndpoint, httpRequest, providerConfigFromInit };
@@ -1,103 +0,0 @@
1
- import { exec } from 'node:child_process';
2
- import { promisify } from 'node:util';
3
- import { aO as setCredentialFeature, e as CredentialsProviderError, al as getProfileName } from './index-BuxEK_Z4.mjs';
4
- import { e as externalDataInterceptor } from './externalDataInterceptor-DyDNbv-D.mjs';
5
- import { p as parseKnownFiles } from './parseKnownFiles-BZNrX_JE.mjs';
6
- import './readMergedOptions-CraAnYdB.mjs';
7
- import 'zod';
8
- import '@commander-js/extra-typings';
9
- import './readDotenvCascade-Dgx4SC1p.mjs';
10
- import 'fs-extra';
11
- import 'radash';
12
- import 'node:buffer';
13
- import 'node:path';
14
- import './loadModuleDefault-Dj8B3Stt.mjs';
15
- import 'crypto';
16
- import 'path';
17
- import 'url';
18
- import 'dotenv';
19
- import 'nanoid';
20
- import './loader-V1vbmtyw.mjs';
21
- import 'package-directory';
22
- import 'yaml';
23
- import 'execa';
24
- import 'node:os';
25
- import 'node:fs/promises';
26
- import 'node:stream';
27
- import 'node:crypto';
28
- import 'node:fs';
29
- import 'node:https';
30
- import 'node:process';
31
- import './getSSOTokenFromFile-CkYcEieD.mjs';
32
-
33
- const getValidatedProcessCredentials = (profileName, data, profiles) => {
34
- if (data.Version !== 1) {
35
- throw Error(`Profile ${profileName} credential_process did not return Version 1.`);
36
- }
37
- if (data.AccessKeyId === undefined || data.SecretAccessKey === undefined) {
38
- throw Error(`Profile ${profileName} credential_process returned invalid credentials.`);
39
- }
40
- if (data.Expiration) {
41
- const currentTime = new Date();
42
- const expireTime = new Date(data.Expiration);
43
- if (expireTime < currentTime) {
44
- throw Error(`Profile ${profileName} credential_process returned expired credentials.`);
45
- }
46
- }
47
- let accountId = data.AccountId;
48
- if (!accountId && profiles?.[profileName]?.aws_account_id) {
49
- accountId = profiles[profileName].aws_account_id;
50
- }
51
- const credentials = {
52
- accessKeyId: data.AccessKeyId,
53
- secretAccessKey: data.SecretAccessKey,
54
- ...(data.SessionToken && { sessionToken: data.SessionToken }),
55
- ...(data.Expiration && { expiration: new Date(data.Expiration) }),
56
- ...(data.CredentialScope && { credentialScope: data.CredentialScope }),
57
- ...(accountId && { accountId }),
58
- };
59
- setCredentialFeature(credentials, "CREDENTIALS_PROCESS", "w");
60
- return credentials;
61
- };
62
-
63
- const resolveProcessCredentials = async (profileName, profiles, logger) => {
64
- const profile = profiles[profileName];
65
- if (profiles[profileName]) {
66
- const credentialProcess = profile["credential_process"];
67
- if (credentialProcess !== undefined) {
68
- const execPromise = promisify(externalDataInterceptor?.getTokenRecord?.().exec ?? exec);
69
- try {
70
- const { stdout } = await execPromise(credentialProcess);
71
- let data;
72
- try {
73
- data = JSON.parse(stdout.trim());
74
- }
75
- catch {
76
- throw Error(`Profile ${profileName} credential_process returned invalid JSON.`);
77
- }
78
- return getValidatedProcessCredentials(profileName, data, profiles);
79
- }
80
- catch (error) {
81
- throw new CredentialsProviderError(error.message, { logger });
82
- }
83
- }
84
- else {
85
- throw new CredentialsProviderError(`Profile ${profileName} did not contain credential_process.`, { logger });
86
- }
87
- }
88
- else {
89
- throw new CredentialsProviderError(`Profile ${profileName} could not be found in shared credentials file.`, {
90
- logger,
91
- });
92
- }
93
- };
94
-
95
- const fromProcess = (init = {}) => async ({ callerClientConfig } = {}) => {
96
- init.logger?.debug("@aws-sdk/credential-provider-process - fromProcess");
97
- const profiles = await parseKnownFiles(init);
98
- return resolveProcessCredentials(getProfileName({
99
- profile: init.profile ?? callerClientConfig?.profile,
100
- }), profiles, init.logger);
101
- };
102
-
103
- export { fromProcess };
@@ -1,188 +0,0 @@
1
- import fs from 'node:fs/promises';
2
- import { e as CredentialsProviderError, n as HttpRequest, ax as parseRfc3339DateTime, y as NodeHttpHandler, aO as setCredentialFeature } from './index-BuxEK_Z4.mjs';
3
- import { s as sdkStreamMixin } from './sdk-stream-mixin-BL49AxZx.mjs';
4
- import './readMergedOptions-CraAnYdB.mjs';
5
- import 'zod';
6
- import '@commander-js/extra-typings';
7
- import './readDotenvCascade-Dgx4SC1p.mjs';
8
- import 'fs-extra';
9
- import 'radash';
10
- import 'node:buffer';
11
- import 'node:path';
12
- import './loadModuleDefault-Dj8B3Stt.mjs';
13
- import 'crypto';
14
- import 'path';
15
- import 'url';
16
- import 'dotenv';
17
- import 'nanoid';
18
- import './loader-V1vbmtyw.mjs';
19
- import 'package-directory';
20
- import 'yaml';
21
- import 'execa';
22
- import 'node:os';
23
- import 'node:stream';
24
- import 'node:crypto';
25
- import 'node:fs';
26
- import 'node:https';
27
- import 'node:process';
28
-
29
- const ECS_CONTAINER_HOST = "169.254.170.2";
30
- const EKS_CONTAINER_HOST_IPv4 = "169.254.170.23";
31
- const EKS_CONTAINER_HOST_IPv6 = "[fd00:ec2::23]";
32
- const checkUrl = (url, logger) => {
33
- if (url.protocol === "https:") {
34
- return;
35
- }
36
- if (url.hostname === ECS_CONTAINER_HOST ||
37
- url.hostname === EKS_CONTAINER_HOST_IPv4 ||
38
- url.hostname === EKS_CONTAINER_HOST_IPv6) {
39
- return;
40
- }
41
- if (url.hostname.includes("[")) {
42
- if (url.hostname === "[::1]" || url.hostname === "[0000:0000:0000:0000:0000:0000:0000:0001]") {
43
- return;
44
- }
45
- }
46
- else {
47
- if (url.hostname === "localhost") {
48
- return;
49
- }
50
- const ipComponents = url.hostname.split(".");
51
- const inRange = (component) => {
52
- const num = parseInt(component, 10);
53
- return 0 <= num && num <= 255;
54
- };
55
- if (ipComponents[0] === "127" &&
56
- inRange(ipComponents[1]) &&
57
- inRange(ipComponents[2]) &&
58
- inRange(ipComponents[3]) &&
59
- ipComponents.length === 4) {
60
- return;
61
- }
62
- }
63
- throw new CredentialsProviderError(`URL not accepted. It must either be HTTPS or match one of the following:
64
- - loopback CIDR 127.0.0.0/8 or [::1/128]
65
- - ECS container host 169.254.170.2
66
- - EKS container host 169.254.170.23 or [fd00:ec2::23]`, { logger });
67
- };
68
-
69
- function createGetRequest(url) {
70
- return new HttpRequest({
71
- protocol: url.protocol,
72
- hostname: url.hostname,
73
- port: Number(url.port),
74
- path: url.pathname,
75
- query: Array.from(url.searchParams.entries()).reduce((acc, [k, v]) => {
76
- acc[k] = v;
77
- return acc;
78
- }, {}),
79
- fragment: url.hash,
80
- });
81
- }
82
- async function getCredentials(response, logger) {
83
- const stream = sdkStreamMixin(response.body);
84
- const str = await stream.transformToString();
85
- if (response.statusCode === 200) {
86
- const parsed = JSON.parse(str);
87
- if (typeof parsed.AccessKeyId !== "string" ||
88
- typeof parsed.SecretAccessKey !== "string" ||
89
- typeof parsed.Token !== "string" ||
90
- typeof parsed.Expiration !== "string") {
91
- throw new CredentialsProviderError("HTTP credential provider response not of the required format, an object matching: " +
92
- "{ AccessKeyId: string, SecretAccessKey: string, Token: string, Expiration: string(rfc3339) }", { logger });
93
- }
94
- return {
95
- accessKeyId: parsed.AccessKeyId,
96
- secretAccessKey: parsed.SecretAccessKey,
97
- sessionToken: parsed.Token,
98
- expiration: parseRfc3339DateTime(parsed.Expiration),
99
- };
100
- }
101
- if (response.statusCode >= 400 && response.statusCode < 500) {
102
- let parsedBody = {};
103
- try {
104
- parsedBody = JSON.parse(str);
105
- }
106
- catch (e) { }
107
- throw Object.assign(new CredentialsProviderError(`Server responded with status: ${response.statusCode}`, { logger }), {
108
- Code: parsedBody.Code,
109
- Message: parsedBody.Message,
110
- });
111
- }
112
- throw new CredentialsProviderError(`Server responded with status: ${response.statusCode}`, { logger });
113
- }
114
-
115
- const retryWrapper = (toRetry, maxRetries, delayMs) => {
116
- return async () => {
117
- for (let i = 0; i < maxRetries; ++i) {
118
- try {
119
- return await toRetry();
120
- }
121
- catch (e) {
122
- await new Promise((resolve) => setTimeout(resolve, delayMs));
123
- }
124
- }
125
- return await toRetry();
126
- };
127
- };
128
-
129
- const AWS_CONTAINER_CREDENTIALS_RELATIVE_URI = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI";
130
- const DEFAULT_LINK_LOCAL_HOST = "http://169.254.170.2";
131
- const AWS_CONTAINER_CREDENTIALS_FULL_URI = "AWS_CONTAINER_CREDENTIALS_FULL_URI";
132
- const AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE = "AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE";
133
- const AWS_CONTAINER_AUTHORIZATION_TOKEN = "AWS_CONTAINER_AUTHORIZATION_TOKEN";
134
- const fromHttp = (options = {}) => {
135
- options.logger?.debug("@aws-sdk/credential-provider-http - fromHttp");
136
- let host;
137
- const relative = options.awsContainerCredentialsRelativeUri ?? process.env[AWS_CONTAINER_CREDENTIALS_RELATIVE_URI];
138
- const full = options.awsContainerCredentialsFullUri ?? process.env[AWS_CONTAINER_CREDENTIALS_FULL_URI];
139
- const token = options.awsContainerAuthorizationToken ?? process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN];
140
- const tokenFile = options.awsContainerAuthorizationTokenFile ?? process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE];
141
- const warn = options.logger?.constructor?.name === "NoOpLogger" || !options.logger?.warn
142
- ? console.warn
143
- : options.logger.warn.bind(options.logger);
144
- if (relative && full) {
145
- warn("@aws-sdk/credential-provider-http: " +
146
- "you have set both awsContainerCredentialsRelativeUri and awsContainerCredentialsFullUri.");
147
- warn("awsContainerCredentialsFullUri will take precedence.");
148
- }
149
- if (token && tokenFile) {
150
- warn("@aws-sdk/credential-provider-http: " +
151
- "you have set both awsContainerAuthorizationToken and awsContainerAuthorizationTokenFile.");
152
- warn("awsContainerAuthorizationToken will take precedence.");
153
- }
154
- if (full) {
155
- host = full;
156
- }
157
- else if (relative) {
158
- host = `${DEFAULT_LINK_LOCAL_HOST}${relative}`;
159
- }
160
- else {
161
- throw new CredentialsProviderError(`No HTTP credential provider host provided.
162
- Set AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI.`, { logger: options.logger });
163
- }
164
- const url = new URL(host);
165
- checkUrl(url, options.logger);
166
- const requestHandler = NodeHttpHandler.create({
167
- requestTimeout: options.timeout ?? 1000,
168
- connectionTimeout: options.timeout ?? 1000,
169
- });
170
- return retryWrapper(async () => {
171
- const request = createGetRequest(url);
172
- if (token) {
173
- request.headers.Authorization = token;
174
- }
175
- else if (tokenFile) {
176
- request.headers.Authorization = (await fs.readFile(tokenFile)).toString();
177
- }
178
- try {
179
- const result = await requestHandler.handle(request);
180
- return getCredentials(result.response).then((creds) => setCredentialFeature(creds, "CREDENTIALS_HTTP", "z"));
181
- }
182
- catch (e) {
183
- throw new CredentialsProviderError(String(e), { logger: options.logger });
184
- }
185
- }, options.maxRetries ?? 3, options.timeout ?? 1000);
186
- };
187
-
188
- export { fromHttp };