@p0security/cli 0.26.14 → 0.26.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/build/dist/plugins/aws/api.d.ts +6 -1
  2. package/build/dist/plugins/aws/api.js +16 -2
  3. package/build/dist/plugins/aws/api.js.map +1 -1
  4. package/build/dist/plugins/aws/assumeRole.d.ts +2 -0
  5. package/build/dist/plugins/aws/assumeRole.js +8 -6
  6. package/build/dist/plugins/aws/assumeRole.js.map +1 -1
  7. package/build/dist/plugins/okta/aws.js +13 -6
  8. package/build/dist/plugins/okta/aws.js.map +1 -1
  9. package/build/tsconfig.build.tsbuildinfo +1 -1
  10. package/package.json +1 -1
package/build/dist/plugins/aws/api.d.ts CHANGED
@@ -9,4 +9,9 @@ This file is part of @p0security/cli
9
9
  You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
10
10
  **/
11
11
  export declare const AWS_API_VERSION = "2011-06-15";
12
- export declare const arnPrefix: (account: string) => string;
12
+ export declare const arnPrefix: (account: string, partition?: string) => string;
13
+ /** Returns a regional STS endpoint for the given AWS partition.
14
+ *
15
+ * Regional endpoints issue v2 tokens valid in all regions of the partition.
16
+ * Falls back to commercial us-east-1 for unknown partitions. */
17
+ export declare const stsEndpoint: (partition: string) => string;
package/build/dist/plugins/aws/api.js CHANGED
@@ -1,6 +1,6 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.arnPrefix = exports.AWS_API_VERSION = void 0;
3
+ exports.stsEndpoint = exports.arnPrefix = exports.AWS_API_VERSION = void 0;
4
4
  /** Copyright © 2024-present P0 Security
5
5
 
6
6
  This file is part of @p0security/cli
@@ -12,6 +12,20 @@ This file is part of @p0security/cli
12
12
  You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
13
13
  **/
14
14
  exports.AWS_API_VERSION = "2011-06-15";
15
- const arnPrefix = (account) => `arn:aws:iam::${account}`;
15
+ const arnPrefix = (account, partition = "aws") => `arn:${partition}:iam::${account}`;
16
16
  exports.arnPrefix = arnPrefix;
17
+ /** Returns a regional STS endpoint for the given AWS partition.
18
+ *
19
+ * Regional endpoints issue v2 tokens valid in all regions of the partition.
20
+ * Falls back to commercial us-east-1 for unknown partitions. */
21
+ const stsEndpoint = (partition) => {
22
+ switch (partition) {
23
+ case "aws-us-gov":
24
+ return "https://sts.us-gov-east-1.amazonaws.com";
25
+ case "aws":
26
+ default:
27
+ return "https://sts.us-east-1.amazonaws.com";
28
+ }
29
+ };
30
+ exports.stsEndpoint = stsEndpoint;
17
31
  //# sourceMappingURL=api.js.map
package/build/dist/plugins/aws/api.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"api.js","sourceRoot":"","sources":["../../../../src/plugins/aws/api.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;GASG;AACU,QAAA,eAAe,GAAG,YAAY,CAAC;AAErC,MAAM,SAAS,GAAG,CAAC,OAAe,EAAE,EAAE,CAAC,gBAAgB,OAAO,EAAE,CAAC;AAA3D,QAAA,SAAS,aAAkD"}
1
+ {"version":3,"file":"api.js","sourceRoot":"","sources":["../../../../src/plugins/aws/api.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;GASG;AACU,QAAA,eAAe,GAAG,YAAY,CAAC;AAErC,MAAM,SAAS,GAAG,CAAC,OAAe,EAAE,YAAoB,KAAK,EAAE,EAAE,CACtE,OAAO,SAAS,SAAS,OAAO,EAAE,CAAC;AADxB,QAAA,SAAS,aACe;AAErC;;;gEAGgE;AACzD,MAAM,WAAW,GAAG,CAAC,SAAiB,EAAU,EAAE;IACvD,QAAQ,SAAS,EAAE;QACjB,KAAK,YAAY;YACf,OAAO,yCAAyC,CAAC;QACnD,KAAK,KAAK,CAAC;QACX;YACE,OAAO,qCAAqC,CAAC;KAChD;AACH,CAAC,CAAC;AARW,QAAA,WAAW,eAQtB"}
package/build/dist/plugins/aws/assumeRole.d.ts CHANGED
@@ -3,6 +3,8 @@ import { AwsCredentials } from "./types";
3
3
  export declare const assumeRoleWithSaml: (args: {
4
4
  /** An AWS account identifier */
5
5
  account: string;
6
+ /** AWS partition for the role (e.g. "aws", "aws-us-gov", "aws-cn"). Defaults to "aws". */
7
+ partition?: string;
6
8
  /** The account-specific role name requested */
7
9
  role: string;
8
10
  saml: {
package/build/dist/plugins/aws/assumeRole.js CHANGED
@@ -24,14 +24,14 @@ const fetch_1 = require("../../common/fetch");
24
24
  const xml_1 = require("../../common/xml");
25
25
  const api_1 = require("./api");
26
26
  const api_2 = require("./api");
27
- const roleArn = (args) => `${(0, api_1.arnPrefix)(args.account)}:role/${args.role}`;
28
- const stsAssume = (params) => __awaiter(void 0, void 0, void 0, function* () {
27
+ const roleArn = (args) => `${(0, api_1.arnPrefix)(args.account, args.partition)}:role/${args.role}`;
28
+ const stsAssume = (partition, params) => __awaiter(void 0, void 0, void 0, function* () {
29
29
  // Regional endpoints issue version-2 tokens, which are valid in all AWS regions.
30
30
  // The us-east-1 and eu-south-1 regional endpoints are the only ones that are always on.
31
31
  // Use the us-east-1 as it should be closer to most users.
32
32
  // Calling the global endpoints issues version-1 tokens, which are only valid in default regions.
33
33
  // See https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_region-endpoints.html
34
- const url = `https://sts.us-east-1.amazonaws.com`;
34
+ const url = (0, api_1.stsEndpoint)(partition);
35
35
  const response = yield fetch(url, {
36
36
  method: "POST",
37
37
  body: new URLSearchParams(params),
@@ -49,15 +49,17 @@ const stsAssume = (params) => __awaiter(void 0, void 0, void 0, function* () {
49
49
  });
50
50
  /** Assumes an AWS role via SAML login */
51
51
  const assumeRoleWithSaml = (args) => __awaiter(void 0, void 0, void 0, function* () {
52
+ var _a;
53
+ const partition = (_a = args.partition) !== null && _a !== void 0 ? _a : "aws";
52
54
  const params = {
53
55
  Version: api_2.AWS_API_VERSION,
54
56
  Action: "AssumeRoleWithSAML",
55
- RoleArn: roleArn(args),
56
- PrincipalArn: `${(0, api_1.arnPrefix)(args.account)}:saml-provider/${args.saml.providerName}`,
57
+ RoleArn: roleArn(Object.assign(Object.assign({}, args), { partition })),
58
+ PrincipalArn: `${(0, api_1.arnPrefix)(args.account, partition)}:saml-provider/${args.saml.providerName}`,
57
59
  // Note that, despite the name, AWS actually expects a SAML Response
58
60
  SAMLAssertion: args.saml.response,
59
61
  };
60
- return yield stsAssume(params);
62
+ return yield stsAssume(partition, params);
61
63
  });
62
64
  exports.assumeRoleWithSaml = assumeRoleWithSaml;
63
65
  //# sourceMappingURL=assumeRole.js.map
package/build/dist/plugins/aws/assumeRole.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"assumeRole.js","sourceRoot":"","sources":["../../../../src/plugins/aws/assumeRole.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,8CAAsD;AACtD,0CAA4C;AAC5C,+BAAkC;AAClC,+BAAwC;AAGxC,MAAM,OAAO,GAAG,CAAC,IAAuC,EAAE,EAAE,CAC1D,GAAG,IAAA,eAAS,EAAC,IAAI,CAAC,OAAO,CAAC,SAAS,IAAI,CAAC,IAAI,EAAE,CAAC;AAEjD,MAAM,SAAS,GAAG,CAChB,MAA8B,EACL,EAAE;IAC3B,iFAAiF;IACjF,wFAAwF;IACxF,0DAA0D;IAC1D,iGAAiG;IACjG,iGAAiG;IACjG,MAAM,GAAG,GAAG,qCAAqC,CAAC;IAClD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAChC,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,IAAI,eAAe,CAAC,MAAM,CAAC;KAClC,CAAC,CAAC;IACH,MAAM,IAAA,wBAAgB,EAAC,QAAQ,CAAC,CAAC;IACjC,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IACrC,MAAM,SAAS,GAAG,IAAA,cAAQ,EAAC,MAAM,CAAC,CAAC;IACnC,MAAM,cAAc,GAClB,SAAS,CAAC,0BAA0B,CAAC,wBAAwB,CAAC,WAAW,CAAC;IAC5E,OAAO;QACL,iBAAiB,EAAE,cAAc,CAAC,WAAW;QAC7C,qBAAqB,EAAE,cAAc,CAAC,eAAe;QACrD,iBAAiB,EAAE,cAAc,CAAC,YAAY;QAC9C,kBAAkB,EAAE,cAAc,CAAC,YAAY;KAChD,CAAC;AACJ,CAAC,CAAA,CAAC;AAEF,yCAAyC;AAClC,MAAM,kBAAkB,GAAG,CAAO,IAWxC,EAA2B,EAAE;IAC5B,MAAM,MAAM,GAAG;QACb,OAAO,EAAE,qBAAe;QACxB,MAAM,EAAE,oBAAoB;QAC5B,OAAO,EAAE,OAAO,CAAC,IAAI,CAAC;QACtB,YAAY,EAAE,GAAG,IAAA,eAAS,EAAC,IAAI,CAAC,OAAO,CAAC,kBACtC,IAAI,CAAC,IAAI,CAAC,YACZ,EAAE;QACF,oEAAoE;QACpE,aAAa,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ;KAClC,CAAC;IACF,OAAO,MAAM,SAAS,CAAC,MAAM,CAAC,CAAC;AACjC,CAAC,CAAA,CAAC;AAvBW,QAAA,kBAAkB,sBAuB7B"}
1
+ {"version":3,"file":"assumeRole.js","sourceRoot":"","sources":["../../../../src/plugins/aws/assumeRole.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,8CAAsD;AACtD,0CAA4C;AAC5C,+BAA+C;AAC/C,+BAAwC;AAGxC,MAAM,OAAO,GAAG,CAAC,IAA0D,EAAE,EAAE,CAC7E,GAAG,IAAA,eAAS,EAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS,IAAI,CAAC,IAAI,EAAE,CAAC;AAEjE,MAAM,SAAS,GAAG,CAChB,SAAiB,EACjB,MAA8B,EACL,EAAE;IAC3B,iFAAiF;IACjF,wFAAwF;IACxF,0DAA0D;IAC1D,iGAAiG;IACjG,iGAAiG;IACjG,MAAM,GAAG,GAAG,IAAA,iBAAW,EAAC,SAAS,CAAC,CAAC;IACnC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAChC,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,IAAI,eAAe,CAAC,MAAM,CAAC;KAClC,CAAC,CAAC;IACH,MAAM,IAAA,wBAAgB,EAAC,QAAQ,CAAC,CAAC;IACjC,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IACrC,MAAM,SAAS,GAAG,IAAA,cAAQ,EAAC,MAAM,CAAC,CAAC;IACnC,MAAM,cAAc,GAClB,SAAS,CAAC,0BAA0B,CAAC,wBAAwB,CAAC,WAAW,CAAC;IAC5E,OAAO;QACL,iBAAiB,EAAE,cAAc,CAAC,WAAW;QAC7C,qBAAqB,EAAE,cAAc,CAAC,eAAe;QACrD,iBAAiB,EAAE,cAAc,CAAC,YAAY;QAC9C,kBAAkB,EAAE,cAAc,CAAC,YAAY;KAChD,CAAC;AACJ,CAAC,CAAA,CAAC;AAEF,yCAAyC;AAClC,MAAM,kBAAkB,GAAG,CAAO,IAaxC,EAA2B,EAAE;;IAC5B,MAAM,SAAS,GAAG,MAAA,IAAI,CAAC,SAAS,mCAAI,KAAK,CAAC;IAC1C,MAAM,MAAM,GAAG;QACb,OAAO,EAAE,qBAAe;QACxB,MAAM,EAAE,oBAAoB;QAC5B,OAAO,EAAE,OAAO,iCAAM,IAAI,KAAE,SAAS,IAAG;QACxC,YAAY,EAAE,GAAG,IAAA,eAAS,EAAC,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,kBACjD,IAAI,CAAC,IAAI,CAAC,YACZ,EAAE;QACF,oEAAoE;QACpE,aAAa,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ;KAClC,CAAC;IACF,OAAO,MAAM,SAAS,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;AAC5C,CAAC,CAAA,CAAC;AA1BW,QAAA,kBAAkB,sBA0B7B"}
package/build/dist/plugins/okta/aws.js CHANGED
@@ -34,9 +34,12 @@ const RETRY_ATTEMPTS = 14;
34
34
  const INITIAL_RETRY_DELAY_MS = 1000;
35
35
  const RETRY_MULTIPLIER = 2.0;
36
36
  const MAX_RETRY_DELAY_MS = 30000;
37
+ // Matches IAM role ARNs in known AWS partitions (commercial or GovCloud).
38
+ // Capture group 1: partition; capture group 2: account ID.
39
+ const ROLE_ARN_PATTERN = /^arn:(aws|aws-us-gov):iam::([^:]+):role\//;
37
40
  /** Extracts all roles from a SAML assertion */
38
41
  const rolesFromSaml = (account, saml) => {
39
- var _a;
42
+ var _a, _b, _c;
40
43
  const samlText = Buffer.from(saml, "base64").toString("ascii");
41
44
  const samlObject = (0, xml_1.parseXml)(samlText);
42
45
  const samlAttributes = samlObject["saml2p:Response"]["saml2:Assertion"]["saml2:AttributeStatement"]["saml2:Attribute"];
@@ -44,10 +47,13 @@ const rolesFromSaml = (account, saml) => {
44
47
  // Format:
45
48
  // 'arn:aws:iam::391052057035:saml-provider/p0dev-ext_okta_sso,arn:aws:iam::391052057035:role/path/to/role/SSOAmazonS3FullAccess'
46
49
  const arns = (_a = (0, lodash_1.flatten)([roleAttribute === null || roleAttribute === void 0 ? void 0 : roleAttribute["saml2:AttributeValue"]])) === null || _a === void 0 ? void 0 : _a.map((r) => r.split(",")[1]);
47
- const roles = arns
48
- .filter((r) => r.startsWith(`arn:aws:iam::${account}:role/`))
49
- .map((r) => r.split("/").slice(1).join("/"));
50
- return { arns, roles };
50
+ const matched = arns
51
+ .map((arn) => ({ arn, match: ROLE_ARN_PATTERN.exec(arn) }))
52
+ .filter((x) => x.match !== null && x.match[2] === account);
53
+ // Partition must flow to STS so we hit the right endpoint and emit ARNs in the matching partition.
54
+ const partition = (_c = (_b = matched[0]) === null || _b === void 0 ? void 0 : _b.match[1]) !== null && _c !== void 0 ? _c : "aws";
55
+ const roles = matched.map(({ arn }) => arn.split("/").slice(1).join("/"));
56
+ return { arns, roles, partition };
51
57
  };
52
58
  const isFederatedLogin = (config) => { var _a; return ((_a = config.login) === null || _a === void 0 ? void 0 : _a.type) === "federated"; };
53
59
  /** Retrieves the configured Okta SAML response for the specified account
@@ -74,12 +80,13 @@ const assumeRoleWithOktaSaml = (authn, args, debug) => __awaiter(void 0, void 0,
74
80
  // Add retry logic to handle this race condition.
75
81
  return yield (0, retry_1.retryWithSleep)(() => __awaiter(void 0, void 0, void 0, function* () {
76
82
  const { account, config, samlResponse } = yield initOktaSaml(authn, args.accountId, debug);
77
- const { roles } = rolesFromSaml(account, samlResponse);
83
+ const { roles, partition } = rolesFromSaml(account, samlResponse);
78
84
  if (!roles.includes(args.role)) {
79
85
  throw `Role ${args.role} not available. Available roles:\n${roles.map((r) => ` ${r}`).join("\n")}`;
80
86
  }
81
87
  return yield (0, assumeRole_1.assumeRoleWithSaml)({
82
88
  account,
89
+ partition,
83
90
  role: args.role,
84
91
  saml: {
85
92
  providerName: config.login.provider.identityProvider,
package/build/dist/plugins/okta/aws.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"aws.js","sourceRoot":"","sources":["../../../../src/plugins/okta/aws.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,8CAAoD;AACpD,0CAA4C;AAC5C,6CAA4C;AAE5C,kDAAuD;AACvD,0CAA6C;AAE7C,mCAAmD;AACnD,mCAAiC;AAEjC,6DAA6D;AAC7D,oFAAoF;AACpF,MAAM,0BAA0B,GAAG,0BAA0B,CAAC;AAC9D,MAAM,cAAc,GAAG,EAAE,CAAC;AAC1B,MAAM,sBAAsB,GAAG,IAAI,CAAC;AACpC,MAAM,gBAAgB,GAAG,GAAG,CAAC;AAC7B,MAAM,kBAAkB,GAAG,KAAK,CAAC;AAEjC,+CAA+C;AAC/C,MAAM,aAAa,GAAG,CAAC,OAAe,EAAE,IAAY,EAAE,EAAE;;IACtD,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC/D,MAAM,UAAU,GAAG,IAAA,cAAQ,EAAC,QAAQ,CAAC,CAAC;IACtC,MAAM,cAAc,GAClB,UAAU,CAAC,iBAAiB,CAAC,CAAC,iBAAiB,CAAC,CAC9C,0BAA0B,CAC3B,CAAC,iBAAiB,CAAC,CAAC;IACvB,MAAM,aAAa,GAAG,cAAc,CAAC,IAAI,CACvC,CAAC,CAAM,EAAE,EAAE,CACT,CAAC,CAAC,WAAW,CAAC,IAAI,KAAK,6CAA6C,CACvE,CAAC;IACF,UAAU;IACV,mIAAmI;IACnI,MAAM,IAAI,GAAG,MACX,IAAA,gBAAO,EAAC,CAAC,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAG,sBAAsB,CAAC,CAAC,CAClD,0CAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC,CAAC;IAChC,MAAM,KAAK,GAAG,IAAI;SACf,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,gBAAgB,OAAO,QAAQ,CAAC,CAAC;SAC5D,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC/C,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;AACzB,CAAC,CAAC;AAEF,MAAM,gBAAgB,GAAG,CACvB,MAAe,EACmC,EAAE,WACpD,OAAA,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,WAAW,CAAA,EAAA,CAAC;AAErC;;;;GAIG;AACH,MAAM,YAAY,GAAG,CACnB,KAAY,EACZ,OAA2B,EAC3B,KAAe,EACf,EAAE;;IACF,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,IAAA,qBAAY,EAAC,KAAK,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;IACvE,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC;QAC3B,MAAM,WAAW,MAAA,MAAM,CAAC,KAAK,mCAAI,MAAM,CAAC,EAAE,yCAAyC,CAAC;IACtF,MAAM,YAAY,GAAG,MAAM,IAAA,gCAAwB,EACjD,QAAQ,EACR,MAAM,CAAC,KAAK,EACZ,KAAK,CACN,CAAC;IACF,OAAO;QACL,YAAY;QACZ,MAAM;QACN,OAAO,EAAE,MAAM,CAAC,EAAE;KACnB,CAAC;AACJ,CAAC,CAAA,CAAC;AAEK,MAAM,sBAAsB,GAAG,CACpC,KAAY,EACZ,IAA0C,EAC1C,KAAe,EACf,EAAE;IACF,OAAA,MAAM,IAAA,aAAM,EACV,YAAY,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,IAAI,EAAE,EACzC,GAAS,EAAE;QACT,+FAA+F;QAC/F,2FAA2F;QAC3F,iDAAiD;QACjD,OAAO,MAAM,IAAA,sBAAc,EACzB,GAAS,EAAE;YACT,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,YAAY,CAC1D,KAAK,EACL,IAAI,CAAC,SAAS,EACd,KAAK,CACN,CAAC;YACF,MAAM,EAAE,KAAK,EAAE,GAAG,aAAa,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;YACvD,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;gBAC9B,MAAM,QAAQ,IAAI,CAAC,IAAI,qCAAqC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;aACrG;YACD,OAAO,MAAM,IAAA,+BAAkB,EAAC;gBAC9B,OAAO;gBACP,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,IAAI,EAAE;oBACJ,YAAY,EAAE,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,gBAAgB;oBACpD,QAAQ,EAAE,YAAY;iBACvB;aACF,CAAC,CAAC;QACL,CAAC,CAAA,EACD;YACE,WAAW,EAAE,CAAC,KAAc,EAAE,EAAE;gBAC9B,0EAA0E;gBAC1E,OAAO,CACL,OAAO,KAAK,KAAK,QAAQ;oBACzB,0BAA0B,CAAC,IAAI,CAAC,KAAK,CAAC,CACvC,CAAC;YACJ,CAAC;YACD,OAAO,EAAE,cAAc;YACvB,OAAO,EAAE,sBAAsB;YAC/B,UAAU,EAAE,gBAAgB;YAC5B,UAAU,EAAE,kBAAkB;YAC9B,KAAK;SACN,CACF,CAAC;IACJ,CAAC,CAAA,EACD,EAAE,QAAQ,EAAE,MAAM,EAAE,CACrB,CAAA;EAAA,CAAC;AAhDS,QAAA,sBAAsB,0BAgD/B"}
1
+ {"version":3,"file":"aws.js","sourceRoot":"","sources":["../../../../src/plugins/okta/aws.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,8CAAoD;AACpD,0CAA4C;AAC5C,6CAA4C;AAE5C,kDAAuD;AACvD,0CAA6C;AAE7C,mCAAmD;AACnD,mCAAiC;AAEjC,6DAA6D;AAC7D,oFAAoF;AACpF,MAAM,0BAA0B,GAAG,0BAA0B,CAAC;AAC9D,MAAM,cAAc,GAAG,EAAE,CAAC;AAC1B,MAAM,sBAAsB,GAAG,IAAI,CAAC;AACpC,MAAM,gBAAgB,GAAG,GAAG,CAAC;AAC7B,MAAM,kBAAkB,GAAG,KAAK,CAAC;AAEjC,0EAA0E;AAC1E,2DAA2D;AAC3D,MAAM,gBAAgB,GAAG,2CAA2C,CAAC;AAErE,+CAA+C;AAC/C,MAAM,aAAa,GAAG,CAAC,OAAe,EAAE,IAAY,EAAE,EAAE;;IACtD,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC/D,MAAM,UAAU,GAAG,IAAA,cAAQ,EAAC,QAAQ,CAAC,CAAC;IACtC,MAAM,cAAc,GAClB,UAAU,CAAC,iBAAiB,CAAC,CAAC,iBAAiB,CAAC,CAC9C,0BAA0B,CAC3B,CAAC,iBAAiB,CAAC,CAAC;IACvB,MAAM,aAAa,GAAG,cAAc,CAAC,IAAI,CACvC,CAAC,CAAM,EAAE,EAAE,CACT,CAAC,CAAC,WAAW,CAAC,IAAI,KAAK,6CAA6C,CACvE,CAAC;IACF,UAAU;IACV,mIAAmI;IACnI,MAAM,IAAI,GAAG,MACX,IAAA,gBAAO,EAAC,CAAC,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAG,sBAAsB,CAAC,CAAC,CAClD,0CAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC,CAAC;IAChC,MAAM,OAAO,GAAG,IAAI;SACjB,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;SAC1D,MAAM,CACL,CAAC,CAAC,EAAgD,EAAE,CAClD,CAAC,CAAC,KAAK,KAAK,IAAI,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,OAAO,CAC7C,CAAC;IACJ,mGAAmG;IACnG,MAAM,SAAS,GAAG,MAAA,MAAA,OAAO,CAAC,CAAC,CAAC,0CAAE,KAAK,CAAC,CAAC,CAAC,mCAAI,KAAK,CAAC;IAChD,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1E,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;AACpC,CAAC,CAAC;AAEF,MAAM,gBAAgB,GAAG,CACvB,MAAe,EACmC,EAAE,WACpD,OAAA,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,WAAW,CAAA,EAAA,CAAC;AAErC;;;;GAIG;AACH,MAAM,YAAY,GAAG,CACnB,KAAY,EACZ,OAA2B,EAC3B,KAAe,EACf,EAAE;;IACF,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,IAAA,qBAAY,EAAC,KAAK,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;IACvE,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC;QAC3B,MAAM,WAAW,MAAA,MAAM,CAAC,KAAK,mCAAI,MAAM,CAAC,EAAE,yCAAyC,CAAC;IACtF,MAAM,YAAY,GAAG,MAAM,IAAA,gCAAwB,EACjD,QAAQ,EACR,MAAM,CAAC,KAAK,EACZ,KAAK,CACN,CAAC;IACF,OAAO;QACL,YAAY;QACZ,MAAM;QACN,OAAO,EAAE,MAAM,CAAC,EAAE;KACnB,CAAC;AACJ,CAAC,CAAA,CAAC;AAEK,MAAM,sBAAsB,GAAG,CACpC,KAAY,EACZ,IAA0C,EAC1C,KAAe,EACf,EAAE;IACF,OAAA,MAAM,IAAA,aAAM,EACV,YAAY,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,IAAI,EAAE,EACzC,GAAS,EAAE;QACT,+FAA+F;QAC/F,2FAA2F;QAC3F,iDAAiD;QACjD,OAAO,MAAM,IAAA,sBAAc,EACzB,GAAS,EAAE;YACT,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,YAAY,CAC1D,KAAK,EACL,IAAI,CAAC,SAAS,EACd,KAAK,CACN,CAAC;YACF,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,aAAa,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;YAClE,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;gBAC9B,MAAM,QAAQ,IAAI,CAAC,IAAI,qCAAqC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;aACrG;YACD,OAAO,MAAM,IAAA,+BAAkB,EAAC;gBAC9B,OAAO;gBACP,SAAS;gBACT,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,IAAI,EAAE;oBACJ,YAAY,EAAE,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,gBAAgB;oBACpD,QAAQ,EAAE,YAAY;iBACvB;aACF,CAAC,CAAC;QACL,CAAC,CAAA,EACD;YACE,WAAW,EAAE,CAAC,KAAc,EAAE,EAAE;gBAC9B,0EAA0E;gBAC1E,OAAO,CACL,OAAO,KAAK,KAAK,QAAQ;oBACzB,0BAA0B,CAAC,IAAI,CAAC,KAAK,CAAC,CACvC,CAAC;YACJ,CAAC;YACD,OAAO,EAAE,cAAc;YACvB,OAAO,EAAE,sBAAsB;YAC/B,UAAU,EAAE,gBAAgB;YAC5B,UAAU,EAAE,kBAAkB;YAC9B,KAAK;SACN,CACF,CAAC;IACJ,CAAC,CAAA,EACD,EAAE,QAAQ,EAAE,MAAM,EAAE,CACrB,CAAA;EAAA,CAAC;AAjDS,QAAA,sBAAsB,0BAiD/B"}