@rharkor/caching-for-turbo 2.3.5 → 2.3.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (16) hide show
  1. package/README.md +2 -0
  2. package/dist/cli/136.index.js +100 -108
  3. package/dist/cli/136.index.js.map +1 -1
  4. package/dist/cli/443.index.js +97 -155
  5. package/dist/cli/443.index.js.map +1 -1
  6. package/dist/cli/762.index.js +71 -162
  7. package/dist/cli/762.index.js.map +1 -1
  8. package/dist/cli/869.index.js +22 -24
  9. package/dist/cli/869.index.js.map +1 -1
  10. package/dist/cli/956.index.js +100 -108
  11. package/dist/cli/956.index.js.map +1 -1
  12. package/dist/cli/998.index.js +164 -246
  13. package/dist/cli/998.index.js.map +1 -1
  14. package/dist/cli/index.js +7282 -9710
  15. package/dist/cli/licenses.txt +201 -0
  16. package/package.json +2 -2
package/dist/cli/869.index.js CHANGED
@@ -64,7 +64,7 @@ const isCredentialSourceProfile = (arg, { profile, logger }) => {
64
64
  }
65
65
  return withProviderProfile;
66
66
  };
67
- const resolveAssumeRoleCredentials = async (profileName, profiles, options, visitedProfiles = {}, resolveProfileData) => {
67
+ const resolveAssumeRoleCredentials = async (profileName, profiles, options, callerClientConfig, visitedProfiles = {}, resolveProfileData) => {
68
68
  options.logger?.debug("@aws-sdk/credential-provider-ini - resolveAssumeRoleCredentials (STS)");
69
69
  const profileData = profiles[profileName];
70
70
  const { source_profile, region } = profileData;
@@ -74,8 +74,9 @@ const resolveAssumeRoleCredentials = async (profileName, profiles, options, visi
74
74
  ...options.clientConfig,
75
75
  credentialProviderLogger: options.logger,
76
76
  parentClientConfig: {
77
+ ...callerClientConfig,
77
78
  ...options?.parentClientConfig,
78
- region: region ?? options?.parentClientConfig?.region,
79
+ region: region ?? options?.parentClientConfig?.region ?? callerClientConfig?.region,
79
80
  },
80
81
  }, options.clientPlugins);
81
82
  }
@@ -86,7 +87,7 @@ const resolveAssumeRoleCredentials = async (profileName, profiles, options, visi
86
87
  }
87
88
  options.logger?.debug(`@aws-sdk/credential-provider-ini - finding credential resolver using ${source_profile ? `source_profile=[${source_profile}]` : `profile=[${profileName}]`}`);
88
89
  const sourceCredsProvider = source_profile
89
- ? resolveProfileData(source_profile, profiles, options, {
90
+ ? resolveProfileData(source_profile, profiles, options, callerClientConfig, {
90
91
  ...visitedProfiles,
91
92
  [source_profile]: true,
92
93
  }, isCredentialSourceWithoutRoleArn(profiles[source_profile] ?? {}))
@@ -120,11 +121,11 @@ const isCredentialSourceWithoutRoleArn = (section) => {
120
121
  const isLoginProfile = (data) => {
121
122
  return Boolean(data && data.login_session);
122
123
  };
123
- const resolveLoginCredentials = async (profileName, options) => {
124
+ const resolveLoginCredentials = async (profileName, options, callerClientConfig) => {
124
125
  const credentials = await credentialProviderLogin.fromLoginCredentials({
125
126
  ...options,
126
127
  profile: profileName,
127
- })();
128
+ })({ callerClientConfig });
128
129
  return client.setCredentialFeature(credentials, "CREDENTIALS_PROFILE_LOGIN", "AC");
129
130
  };
130
131
 
@@ -134,14 +135,16 @@ const resolveProcessCredentials = async (options, profile) => __webpack_require_
134
135
  profile,
135
136
  })().then((creds) => client.setCredentialFeature(creds, "CREDENTIALS_PROFILE_PROCESS", "v")));
136
137
 
137
- const resolveSsoCredentials = async (profile, profileData, options = {}) => {
138
+ const resolveSsoCredentials = async (profile, profileData, options = {}, callerClientConfig) => {
138
139
  const { fromSSO } = await __webpack_require__.e(/* import() */ 998).then(__webpack_require__.t.bind(__webpack_require__, 60998, 19));
139
140
  return fromSSO({
140
141
  profile,
141
142
  logger: options.logger,
142
143
  parentClientConfig: options.parentClientConfig,
143
144
  clientConfig: options.clientConfig,
144
- })().then((creds) => {
145
+ })({
146
+ callerClientConfig,
147
+ }).then((creds) => {
145
148
  if (profileData.sso_session) {
146
149
  return client.setCredentialFeature(creds, "CREDENTIALS_PROFILE_SSO", "r");
147
150
  }
@@ -180,54 +183,49 @@ const isWebIdentityProfile = (arg) => Boolean(arg) &&
180
183
  typeof arg.web_identity_token_file === "string" &&
181
184
  typeof arg.role_arn === "string" &&
182
185
  ["undefined", "string"].indexOf(typeof arg.role_session_name) > -1;
183
- const resolveWebIdentityCredentials = async (profile, options) => __webpack_require__.e(/* import() */ 956).then(__webpack_require__.t.bind(__webpack_require__, 29956, 23)).then(({ fromTokenFile }) => fromTokenFile({
186
+ const resolveWebIdentityCredentials = async (profile, options, callerClientConfig) => __webpack_require__.e(/* import() */ 956).then(__webpack_require__.t.bind(__webpack_require__, 29956, 23)).then(({ fromTokenFile }) => fromTokenFile({
184
187
  webIdentityTokenFile: profile.web_identity_token_file,
185
188
  roleArn: profile.role_arn,
186
189
  roleSessionName: profile.role_session_name,
187
190
  roleAssumerWithWebIdentity: options.roleAssumerWithWebIdentity,
188
191
  logger: options.logger,
189
192
  parentClientConfig: options.parentClientConfig,
190
- })().then((creds) => client.setCredentialFeature(creds, "CREDENTIALS_PROFILE_STS_WEB_ID_TOKEN", "q")));
193
+ })({
194
+ callerClientConfig,
195
+ }).then((creds) => client.setCredentialFeature(creds, "CREDENTIALS_PROFILE_STS_WEB_ID_TOKEN", "q")));
191
196
 
192
- const resolveProfileData = async (profileName, profiles, options, visitedProfiles = {}, isAssumeRoleRecursiveCall = false) => {
197
+ const resolveProfileData = async (profileName, profiles, options, callerClientConfig, visitedProfiles = {}, isAssumeRoleRecursiveCall = false) => {
193
198
  const data = profiles[profileName];
194
199
  if (Object.keys(visitedProfiles).length > 0 && isStaticCredsProfile(data)) {
195
200
  return resolveStaticCredentials(data, options);
196
201
  }
197
202
  if (isAssumeRoleRecursiveCall || isAssumeRoleProfile(data, { profile: profileName, logger: options.logger })) {
198
- return resolveAssumeRoleCredentials(profileName, profiles, options, visitedProfiles, resolveProfileData);
203
+ return resolveAssumeRoleCredentials(profileName, profiles, options, callerClientConfig, visitedProfiles, resolveProfileData);
199
204
  }
200
205
  if (isStaticCredsProfile(data)) {
201
206
  return resolveStaticCredentials(data, options);
202
207
  }
203
208
  if (isWebIdentityProfile(data)) {
204
- return resolveWebIdentityCredentials(data, options);
209
+ return resolveWebIdentityCredentials(data, options, callerClientConfig);
205
210
  }
206
211
  if (isProcessProfile(data)) {
207
212
  return resolveProcessCredentials(options, profileName);
208
213
  }
209
214
  if (isSsoProfile(data)) {
210
- return await resolveSsoCredentials(profileName, data, options);
215
+ return await resolveSsoCredentials(profileName, data, options, callerClientConfig);
211
216
  }
212
217
  if (isLoginProfile(data)) {
213
- return resolveLoginCredentials(profileName, options);
218
+ return resolveLoginCredentials(profileName, options, callerClientConfig);
214
219
  }
215
220
  throw new propertyProvider.CredentialsProviderError(`Could not resolve credentials using profile: [${profileName}] in configuration/credentials file(s).`, { logger: options.logger });
216
221
  };
217
222
 
218
- const fromIni = (_init = {}) => async ({ callerClientConfig } = {}) => {
219
- const init = {
220
- ..._init,
221
- parentClientConfig: {
222
- ...callerClientConfig,
223
- ..._init.parentClientConfig,
224
- },
225
- };
223
+ const fromIni = (init = {}) => async ({ callerClientConfig } = {}) => {
226
224
  init.logger?.debug("@aws-sdk/credential-provider-ini - fromIni");
227
225
  const profiles = await sharedIniFileLoader.parseKnownFiles(init);
228
226
  return resolveProfileData(sharedIniFileLoader.getProfileName({
229
- profile: _init.profile ?? callerClientConfig?.profile,
230
- }), profiles, init);
227
+ profile: init.profile ?? callerClientConfig?.profile,
228
+ }), profiles, init, callerClientConfig);
231
229
  };
232
230
 
233
231
  exports.fromIni = fromIni;
package/dist/cli/869.index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"869.index.js","mappings":";;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACjOA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA","sources":[".././node_modules/@aws-sdk/credential-provider-ini/dist-cjs/index.js",".././node_modules/@aws-sdk/credential-provider-login/dist-cjs/index.js"],"sourcesContent":["'use strict';\n\nvar sharedIniFileLoader = require('@smithy/shared-ini-file-loader');\nvar propertyProvider = require('@smithy/property-provider');\nvar client = require('@aws-sdk/core/client');\nvar credentialProviderLogin = require('@aws-sdk/credential-provider-login');\n\nconst resolveCredentialSource = (credentialSource, profileName, logger) => {\n const sourceProvidersMap = {\n EcsContainer: async (options) => {\n const { fromHttp } = await import('@aws-sdk/credential-provider-http');\n const { fromContainerMetadata } = await import('@smithy/credential-provider-imds');\n logger?.debug(\"@aws-sdk/credential-provider-ini - credential_source is EcsContainer\");\n return async () => propertyProvider.chain(fromHttp(options ?? {}), fromContainerMetadata(options))().then(setNamedProvider);\n },\n Ec2InstanceMetadata: async (options) => {\n logger?.debug(\"@aws-sdk/credential-provider-ini - credential_source is Ec2InstanceMetadata\");\n const { fromInstanceMetadata } = await import('@smithy/credential-provider-imds');\n return async () => fromInstanceMetadata(options)().then(setNamedProvider);\n },\n Environment: async (options) => {\n logger?.debug(\"@aws-sdk/credential-provider-ini - credential_source is Environment\");\n const { fromEnv } = await import('@aws-sdk/credential-provider-env');\n return async () => fromEnv(options)().then(setNamedProvider);\n },\n };\n if (credentialSource in sourceProvidersMap) {\n return sourceProvidersMap[credentialSource];\n }\n else {\n throw new propertyProvider.CredentialsProviderError(`Unsupported credential source in profile ${profileName}. Got ${credentialSource}, ` +\n `expected EcsContainer or Ec2InstanceMetadata or Environment.`, { logger });\n }\n};\nconst setNamedProvider = (creds) => client.setCredentialFeature(creds, \"CREDENTIALS_PROFILE_NAMED_PROVIDER\", \"p\");\n\nconst isAssumeRoleProfile = (arg, { profile = \"default\", logger } = {}) => {\n return (Boolean(arg) &&\n typeof arg === \"object\" &&\n typeof arg.role_arn === \"string\" &&\n [\"undefined\", \"string\"].indexOf(typeof arg.role_session_name) > -1 &&\n [\"undefined\", \"string\"].indexOf(typeof arg.external_id) > -1 &&\n [\"undefined\", \"string\"].indexOf(typeof arg.mfa_serial) > -1 &&\n (isAssumeRoleWithSourceProfile(arg, { profile, logger }) || isCredentialSourceProfile(arg, { profile, logger })));\n};\nconst isAssumeRoleWithSourceProfile = (arg, { profile, logger }) => {\n const withSourceProfile = typeof arg.source_profile === \"string\" && typeof arg.credential_source === \"undefined\";\n if (withSourceProfile) {\n logger?.debug?.(` ${profile} isAssumeRoleWithSourceProfile source_profile=${arg.source_profile}`);\n }\n return withSourceProfile;\n};\nconst isCredentialSourceProfile = (arg, { profile, logger }) => {\n const withProviderProfile = typeof arg.credential_source === \"string\" && typeof arg.source_profile === \"undefined\";\n if (withProviderProfile) {\n logger?.debug?.(` ${profile} isCredentialSourceProfile credential_source=${arg.credential_source}`);\n }\n return withProviderProfile;\n};\nconst resolveAssumeRoleCredentials = async (profileName, profiles, options, visitedProfiles = {}, resolveProfileData) => {\n options.logger?.debug(\"@aws-sdk/credential-provider-ini - resolveAssumeRoleCredentials (STS)\");\n const profileData = profiles[profileName];\n const { source_profile, region } = profileData;\n if (!options.roleAssumer) {\n const { getDefaultRoleAssumer } = await import('@aws-sdk/nested-clients/sts');\n options.roleAssumer = getDefaultRoleAssumer({\n ...options.clientConfig,\n credentialProviderLogger: options.logger,\n parentClientConfig: {\n ...options?.parentClientConfig,\n region: region ?? options?.parentClientConfig?.region,\n },\n }, options.clientPlugins);\n }\n if (source_profile && source_profile in visitedProfiles) {\n throw new propertyProvider.CredentialsProviderError(`Detected a cycle attempting to resolve credentials for profile` +\n ` ${sharedIniFileLoader.getProfileName(options)}. Profiles visited: ` +\n Object.keys(visitedProfiles).join(\", \"), { logger: options.logger });\n }\n options.logger?.debug(`@aws-sdk/credential-provider-ini - finding credential resolver using ${source_profile ? `source_profile=[${source_profile}]` : `profile=[${profileName}]`}`);\n const sourceCredsProvider = source_profile\n ? resolveProfileData(source_profile, profiles, options, {\n ...visitedProfiles,\n [source_profile]: true,\n }, isCredentialSourceWithoutRoleArn(profiles[source_profile] ?? {}))\n : (await resolveCredentialSource(profileData.credential_source, profileName, options.logger)(options))();\n if (isCredentialSourceWithoutRoleArn(profileData)) {\n return sourceCredsProvider.then((creds) => client.setCredentialFeature(creds, \"CREDENTIALS_PROFILE_SOURCE_PROFILE\", \"o\"));\n }\n else {\n const params = {\n RoleArn: profileData.role_arn,\n RoleSessionName: profileData.role_session_name || `aws-sdk-js-${Date.now()}`,\n ExternalId: profileData.external_id,\n DurationSeconds: parseInt(profileData.duration_seconds || \"3600\", 10),\n };\n const { mfa_serial } = profileData;\n if (mfa_serial) {\n if (!options.mfaCodeProvider) {\n throw new propertyProvider.CredentialsProviderError(`Profile ${profileName} requires multi-factor authentication, but no MFA code callback was provided.`, { logger: options.logger, tryNextLink: false });\n }\n params.SerialNumber = mfa_serial;\n params.TokenCode = await options.mfaCodeProvider(mfa_serial);\n }\n const sourceCreds = await sourceCredsProvider;\n return options.roleAssumer(sourceCreds, params).then((creds) => client.setCredentialFeature(creds, \"CREDENTIALS_PROFILE_SOURCE_PROFILE\", \"o\"));\n }\n};\nconst isCredentialSourceWithoutRoleArn = (section) => {\n return !section.role_arn && !!section.credential_source;\n};\n\nconst isLoginProfile = (data) => {\n return Boolean(data && data.login_session);\n};\nconst resolveLoginCredentials = async (profileName, options) => {\n const credentials = await credentialProviderLogin.fromLoginCredentials({\n ...options,\n profile: profileName,\n })();\n return client.setCredentialFeature(credentials, \"CREDENTIALS_PROFILE_LOGIN\", \"AC\");\n};\n\nconst isProcessProfile = (arg) => Boolean(arg) && typeof arg === \"object\" && typeof arg.credential_process === \"string\";\nconst resolveProcessCredentials = async (options, profile) => import('@aws-sdk/credential-provider-process').then(({ fromProcess }) => fromProcess({\n ...options,\n profile,\n})().then((creds) => client.setCredentialFeature(creds, \"CREDENTIALS_PROFILE_PROCESS\", \"v\")));\n\nconst resolveSsoCredentials = async (profile, profileData, options = {}) => {\n const { fromSSO } = await import('@aws-sdk/credential-provider-sso');\n return fromSSO({\n profile,\n logger: options.logger,\n parentClientConfig: options.parentClientConfig,\n clientConfig: options.clientConfig,\n })().then((creds) => {\n if (profileData.sso_session) {\n return client.setCredentialFeature(creds, \"CREDENTIALS_PROFILE_SSO\", \"r\");\n }\n else {\n return client.setCredentialFeature(creds, \"CREDENTIALS_PROFILE_SSO_LEGACY\", \"t\");\n }\n });\n};\nconst isSsoProfile = (arg) => arg &&\n (typeof arg.sso_start_url === \"string\" ||\n typeof arg.sso_account_id === \"string\" ||\n typeof arg.sso_session === \"string\" ||\n typeof arg.sso_region === \"string\" ||\n typeof arg.sso_role_name === \"string\");\n\nconst isStaticCredsProfile = (arg) => Boolean(arg) &&\n typeof arg === \"object\" &&\n typeof arg.aws_access_key_id === \"string\" &&\n typeof arg.aws_secret_access_key === \"string\" &&\n [\"undefined\", \"string\"].indexOf(typeof arg.aws_session_token) > -1 &&\n [\"undefined\", \"string\"].indexOf(typeof arg.aws_account_id) > -1;\nconst resolveStaticCredentials = async (profile, options) => {\n options?.logger?.debug(\"@aws-sdk/credential-provider-ini - resolveStaticCredentials\");\n const credentials = {\n accessKeyId: profile.aws_access_key_id,\n secretAccessKey: profile.aws_secret_access_key,\n sessionToken: profile.aws_session_token,\n ...(profile.aws_credential_scope && { credentialScope: profile.aws_credential_scope }),\n ...(profile.aws_account_id && { accountId: profile.aws_account_id }),\n };\n return client.setCredentialFeature(credentials, \"CREDENTIALS_PROFILE\", \"n\");\n};\n\nconst isWebIdentityProfile = (arg) => Boolean(arg) &&\n typeof arg === \"object\" &&\n typeof arg.web_identity_token_file === \"string\" &&\n typeof arg.role_arn === \"string\" &&\n [\"undefined\", \"string\"].indexOf(typeof arg.role_session_name) > -1;\nconst resolveWebIdentityCredentials = async (profile, options) => import('@aws-sdk/credential-provider-web-identity').then(({ fromTokenFile }) => fromTokenFile({\n webIdentityTokenFile: profile.web_identity_token_file,\n roleArn: profile.role_arn,\n roleSessionName: profile.role_session_name,\n roleAssumerWithWebIdentity: options.roleAssumerWithWebIdentity,\n logger: options.logger,\n parentClientConfig: options.parentClientConfig,\n})().then((creds) => client.setCredentialFeature(creds, \"CREDENTIALS_PROFILE_STS_WEB_ID_TOKEN\", \"q\")));\n\nconst resolveProfileData = async (profileName, profiles, options, visitedProfiles = {}, isAssumeRoleRecursiveCall = false) => {\n const data = profiles[profileName];\n if (Object.keys(visitedProfiles).length > 0 && isStaticCredsProfile(data)) {\n return resolveStaticCredentials(data, options);\n }\n if (isAssumeRoleRecursiveCall || isAssumeRoleProfile(data, { profile: profileName, logger: options.logger })) {\n return resolveAssumeRoleCredentials(profileName, profiles, options, visitedProfiles, resolveProfileData);\n }\n if (isStaticCredsProfile(data)) {\n return resolveStaticCredentials(data, options);\n }\n if (isWebIdentityProfile(data)) {\n return resolveWebIdentityCredentials(data, options);\n }\n if (isProcessProfile(data)) {\n return resolveProcessCredentials(options, profileName);\n }\n if (isSsoProfile(data)) {\n return await resolveSsoCredentials(profileName, data, options);\n }\n if (isLoginProfile(data)) {\n return resolveLoginCredentials(profileName, options);\n }\n throw new propertyProvider.CredentialsProviderError(`Could not resolve credentials using profile: [${profileName}] in configuration/credentials file(s).`, { logger: options.logger });\n};\n\nconst fromIni = (_init = {}) => async ({ callerClientConfig } = {}) => {\n const init = {\n ..._init,\n parentClientConfig: {\n ...callerClientConfig,\n ..._init.parentClientConfig,\n },\n };\n init.logger?.debug(\"@aws-sdk/credential-provider-ini - fromIni\");\n const profiles = await sharedIniFileLoader.parseKnownFiles(init);\n return resolveProfileData(sharedIniFileLoader.getProfileName({\n profile: _init.profile ?? callerClientConfig?.profile,\n }), profiles, init);\n};\n\nexports.fromIni = fromIni;\n","'use strict';\n\nvar client = require('@aws-sdk/core/client');\nvar propertyProvider = require('@smithy/property-provider');\nvar sharedIniFileLoader = require('@smithy/shared-ini-file-loader');\nvar protocolHttp = require('@smithy/protocol-http');\nvar node_crypto = require('node:crypto');\nvar node_fs = require('node:fs');\nvar node_os = require('node:os');\nvar node_path = require('node:path');\n\nclass LoginCredentialsFetcher {\n profileData;\n init;\n callerClientConfig;\n static REFRESH_THRESHOLD = 5 * 60 * 1000;\n constructor(profileData, init, callerClientConfig) {\n this.profileData = profileData;\n this.init = init;\n this.callerClientConfig = callerClientConfig;\n }\n async loadCredentials() {\n const token = await this.loadToken();\n if (!token) {\n throw new propertyProvider.CredentialsProviderError(`Failed to load a token for session ${this.loginSession}, please re-authenticate using aws login`, { tryNextLink: false, logger: this.logger });\n }\n const accessToken = token.accessToken;\n const now = Date.now();\n const expiryTime = new Date(accessToken.expiresAt).getTime();\n const timeUntilExpiry = expiryTime - now;\n if (timeUntilExpiry <= LoginCredentialsFetcher.REFRESH_THRESHOLD) {\n return this.refresh(token);\n }\n return {\n accessKeyId: accessToken.accessKeyId,\n secretAccessKey: accessToken.secretAccessKey,\n sessionToken: accessToken.sessionToken,\n accountId: accessToken.accountId,\n expiration: new Date(accessToken.expiresAt),\n };\n }\n get logger() {\n return this.init?.logger;\n }\n get loginSession() {\n return this.profileData.login_session;\n }\n async refresh(token) {\n const { SigninClient, CreateOAuth2TokenCommand } = await import('@aws-sdk/nested-clients/signin');\n const { logger, userAgentAppId } = this.callerClientConfig ?? {};\n const isH2 = (requestHandler) => {\n return requestHandler?.metadata?.handlerProtocol === \"h2\";\n };\n const requestHandler = isH2(this.callerClientConfig?.requestHandler)\n ? undefined\n : this.callerClientConfig?.requestHandler;\n const region = this.profileData.region ?? (await this.callerClientConfig?.region?.()) ?? process.env.AWS_REGION;\n const client = new SigninClient({\n credentials: {\n accessKeyId: \"\",\n secretAccessKey: \"\",\n },\n region,\n requestHandler,\n logger,\n userAgentAppId,\n ...this.init?.clientConfig,\n });\n this.createDPoPInterceptor(client.middlewareStack);\n const commandInput = {\n tokenInput: {\n clientId: token.clientId,\n refreshToken: token.refreshToken,\n grantType: \"refresh_token\",\n },\n };\n try {\n const response = await client.send(new CreateOAuth2TokenCommand(commandInput));\n const { accessKeyId, secretAccessKey, sessionToken } = response.tokenOutput?.accessToken ?? {};\n const { refreshToken, expiresIn } = response.tokenOutput ?? {};\n if (!accessKeyId || !secretAccessKey || !sessionToken || !refreshToken) {\n throw new propertyProvider.CredentialsProviderError(\"Token refresh response missing required fields\", {\n logger: this.logger,\n tryNextLink: false,\n });\n }\n const expiresInMs = (expiresIn ?? 900) * 1000;\n const expiration = new Date(Date.now() + expiresInMs);\n const updatedToken = {\n ...token,\n accessToken: {\n ...token.accessToken,\n accessKeyId: accessKeyId,\n secretAccessKey: secretAccessKey,\n sessionToken: sessionToken,\n expiresAt: expiration.toISOString(),\n },\n refreshToken: refreshToken,\n };\n await this.saveToken(updatedToken);\n const newAccessToken = updatedToken.accessToken;\n return {\n accessKeyId: newAccessToken.accessKeyId,\n secretAccessKey: newAccessToken.secretAccessKey,\n sessionToken: newAccessToken.sessionToken,\n accountId: newAccessToken.accountId,\n expiration,\n };\n }\n catch (error) {\n if (error.name === \"AccessDeniedException\") {\n const errorType = error.error;\n let message;\n switch (errorType) {\n case \"TOKEN_EXPIRED\":\n message = \"Your session has expired. Please reauthenticate.\";\n break;\n case \"USER_CREDENTIALS_CHANGED\":\n message =\n \"Unable to refresh credentials because of a change in your password. Please reauthenticate with your new password.\";\n break;\n case \"INSUFFICIENT_PERMISSIONS\":\n message =\n \"Unable to refresh credentials due to insufficient permissions. You may be missing permission for the 'CreateOAuth2Token' action.\";\n break;\n default:\n message = `Failed to refresh token: ${String(error)}. Please re-authenticate using \\`aws login\\``;\n }\n throw new propertyProvider.CredentialsProviderError(message, { logger: this.logger, tryNextLink: false });\n }\n throw new propertyProvider.CredentialsProviderError(`Failed to refresh token: ${String(error)}. Please re-authenticate using aws login`, { logger: this.logger });\n }\n }\n async loadToken() {\n const tokenFilePath = this.getTokenFilePath();\n try {\n let tokenData;\n try {\n tokenData = await sharedIniFileLoader.readFile(tokenFilePath, { ignoreCache: this.init?.ignoreCache });\n }\n catch {\n tokenData = await node_fs.promises.readFile(tokenFilePath, \"utf8\");\n }\n const token = JSON.parse(tokenData);\n const missingFields = [\"accessToken\", \"clientId\", \"refreshToken\", \"dpopKey\"].filter((k) => !token[k]);\n if (!token.accessToken?.accountId) {\n missingFields.push(\"accountId\");\n }\n if (missingFields.length > 0) {\n throw new propertyProvider.CredentialsProviderError(`Token validation failed, missing fields: ${missingFields.join(\", \")}`, {\n logger: this.logger,\n tryNextLink: false,\n });\n }\n return token;\n }\n catch (error) {\n throw new propertyProvider.CredentialsProviderError(`Failed to load token from ${tokenFilePath}: ${String(error)}`, {\n logger: this.logger,\n tryNextLink: false,\n });\n }\n }\n async saveToken(token) {\n const tokenFilePath = this.getTokenFilePath();\n const directory = node_path.dirname(tokenFilePath);\n try {\n await node_fs.promises.mkdir(directory, { recursive: true });\n }\n catch (error) {\n }\n await node_fs.promises.writeFile(tokenFilePath, JSON.stringify(token, null, 2), \"utf8\");\n }\n getTokenFilePath() {\n const directory = process.env.AWS_LOGIN_CACHE_DIRECTORY ?? node_path.join(node_os.homedir(), \".aws\", \"login\", \"cache\");\n const loginSessionBytes = Buffer.from(this.loginSession, \"utf8\");\n const loginSessionSha256 = node_crypto.createHash(\"sha256\").update(loginSessionBytes).digest(\"hex\");\n return node_path.join(directory, `${loginSessionSha256}.json`);\n }\n derToRawSignature(derSignature) {\n let offset = 2;\n if (derSignature[offset] !== 0x02) {\n throw new Error(\"Invalid DER signature\");\n }\n offset++;\n const rLength = derSignature[offset++];\n let r = derSignature.subarray(offset, offset + rLength);\n offset += rLength;\n if (derSignature[offset] !== 0x02) {\n throw new Error(\"Invalid DER signature\");\n }\n offset++;\n const sLength = derSignature[offset++];\n let s = derSignature.subarray(offset, offset + sLength);\n r = r[0] === 0x00 ? r.subarray(1) : r;\n s = s[0] === 0x00 ? s.subarray(1) : s;\n const rPadded = Buffer.concat([Buffer.alloc(32 - r.length), r]);\n const sPadded = Buffer.concat([Buffer.alloc(32 - s.length), s]);\n return Buffer.concat([rPadded, sPadded]);\n }\n createDPoPInterceptor(middlewareStack) {\n middlewareStack.add((next) => async (args) => {\n if (protocolHttp.HttpRequest.isInstance(args.request)) {\n const request = args.request;\n const actualEndpoint = `${request.protocol}//${request.hostname}${request.port ? `:${request.port}` : \"\"}${request.path}`;\n const dpop = await this.generateDpop(request.method, actualEndpoint);\n request.headers = {\n ...request.headers,\n DPoP: dpop,\n };\n }\n return next(args);\n }, {\n step: \"finalizeRequest\",\n name: \"dpopInterceptor\",\n override: true,\n });\n }\n async generateDpop(method = \"POST\", endpoint) {\n const token = await this.loadToken();\n try {\n const privateKey = node_crypto.createPrivateKey({\n key: token.dpopKey,\n format: \"pem\",\n type: \"sec1\",\n });\n const publicKey = node_crypto.createPublicKey(privateKey);\n const publicDer = publicKey.export({ format: \"der\", type: \"spki\" });\n let pointStart = -1;\n for (let i = 0; i < publicDer.length; i++) {\n if (publicDer[i] === 0x04) {\n pointStart = i;\n break;\n }\n }\n const x = publicDer.slice(pointStart + 1, pointStart + 33);\n const y = publicDer.slice(pointStart + 33, pointStart + 65);\n const header = {\n alg: \"ES256\",\n typ: \"dpop+jwt\",\n jwk: {\n kty: \"EC\",\n crv: \"P-256\",\n x: x.toString(\"base64url\"),\n y: y.toString(\"base64url\"),\n },\n };\n const payload = {\n jti: crypto.randomUUID(),\n htm: method,\n htu: endpoint,\n iat: Math.floor(Date.now() / 1000),\n };\n const headerB64 = Buffer.from(JSON.stringify(header)).toString(\"base64url\");\n const payloadB64 = Buffer.from(JSON.stringify(payload)).toString(\"base64url\");\n const message = `${headerB64}.${payloadB64}`;\n const asn1Signature = node_crypto.sign(\"sha256\", Buffer.from(message), privateKey);\n const rawSignature = this.derToRawSignature(asn1Signature);\n const signatureB64 = rawSignature.toString(\"base64url\");\n return `${message}.${signatureB64}`;\n }\n catch (error) {\n throw new propertyProvider.CredentialsProviderError(`Failed to generate Dpop proof: ${error instanceof Error ? error.message : String(error)}`, { logger: this.logger, tryNextLink: false });\n }\n }\n}\n\nconst fromLoginCredentials = (init) => async ({ callerClientConfig } = {}) => {\n init?.logger?.debug?.(\"@aws-sdk/credential-providers - fromLoginCredentials\");\n const profiles = await sharedIniFileLoader.parseKnownFiles(init || {});\n const profileName = sharedIniFileLoader.getProfileName({\n profile: init?.profile ?? callerClientConfig?.profile,\n });\n const profile = profiles[profileName];\n if (!profile?.login_session) {\n throw new propertyProvider.CredentialsProviderError(`Profile ${profileName} does not contain login_session.`, {\n tryNextLink: true,\n logger: init?.logger,\n });\n }\n const fetcher = new LoginCredentialsFetcher(profile, init, callerClientConfig);\n const credentials = await fetcher.loadCredentials();\n return client.setCredentialFeature(credentials, \"CREDENTIALS_LOGIN\", \"AD\");\n};\n\nexports.fromLoginCredentials = fromLoginCredentials;\n"],"names":[],"sourceRoot":""}
1
+ {"version":3,"file":"869.index.js","mappings":";;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC/NA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA","sources":[".././node_modules/@aws-sdk/credential-provider-ini/dist-cjs/index.js",".././node_modules/@aws-sdk/credential-provider-login/dist-cjs/index.js"],"sourcesContent":["'use strict';\n\nvar sharedIniFileLoader = require('@smithy/shared-ini-file-loader');\nvar propertyProvider = require('@smithy/property-provider');\nvar client = require('@aws-sdk/core/client');\nvar credentialProviderLogin = require('@aws-sdk/credential-provider-login');\n\nconst resolveCredentialSource = (credentialSource, profileName, logger) => {\n const sourceProvidersMap = {\n EcsContainer: async (options) => {\n const { fromHttp } = await import('@aws-sdk/credential-provider-http');\n const { fromContainerMetadata } = await import('@smithy/credential-provider-imds');\n logger?.debug(\"@aws-sdk/credential-provider-ini - credential_source is EcsContainer\");\n return async () => propertyProvider.chain(fromHttp(options ?? {}), fromContainerMetadata(options))().then(setNamedProvider);\n },\n Ec2InstanceMetadata: async (options) => {\n logger?.debug(\"@aws-sdk/credential-provider-ini - credential_source is Ec2InstanceMetadata\");\n const { fromInstanceMetadata } = await import('@smithy/credential-provider-imds');\n return async () => fromInstanceMetadata(options)().then(setNamedProvider);\n },\n Environment: async (options) => {\n logger?.debug(\"@aws-sdk/credential-provider-ini - credential_source is Environment\");\n const { fromEnv } = await import('@aws-sdk/credential-provider-env');\n return async () => fromEnv(options)().then(setNamedProvider);\n },\n };\n if (credentialSource in sourceProvidersMap) {\n return sourceProvidersMap[credentialSource];\n }\n else {\n throw new propertyProvider.CredentialsProviderError(`Unsupported credential source in profile ${profileName}. Got ${credentialSource}, ` +\n `expected EcsContainer or Ec2InstanceMetadata or Environment.`, { logger });\n }\n};\nconst setNamedProvider = (creds) => client.setCredentialFeature(creds, \"CREDENTIALS_PROFILE_NAMED_PROVIDER\", \"p\");\n\nconst isAssumeRoleProfile = (arg, { profile = \"default\", logger } = {}) => {\n return (Boolean(arg) &&\n typeof arg === \"object\" &&\n typeof arg.role_arn === \"string\" &&\n [\"undefined\", \"string\"].indexOf(typeof arg.role_session_name) > -1 &&\n [\"undefined\", \"string\"].indexOf(typeof arg.external_id) > -1 &&\n [\"undefined\", \"string\"].indexOf(typeof arg.mfa_serial) > -1 &&\n (isAssumeRoleWithSourceProfile(arg, { profile, logger }) || isCredentialSourceProfile(arg, { profile, logger })));\n};\nconst isAssumeRoleWithSourceProfile = (arg, { profile, logger }) => {\n const withSourceProfile = typeof arg.source_profile === \"string\" && typeof arg.credential_source === \"undefined\";\n if (withSourceProfile) {\n logger?.debug?.(` ${profile} isAssumeRoleWithSourceProfile source_profile=${arg.source_profile}`);\n }\n return withSourceProfile;\n};\nconst isCredentialSourceProfile = (arg, { profile, logger }) => {\n const withProviderProfile = typeof arg.credential_source === \"string\" && typeof arg.source_profile === \"undefined\";\n if (withProviderProfile) {\n logger?.debug?.(` ${profile} isCredentialSourceProfile credential_source=${arg.credential_source}`);\n }\n return withProviderProfile;\n};\nconst resolveAssumeRoleCredentials = async (profileName, profiles, options, callerClientConfig, visitedProfiles = {}, resolveProfileData) => {\n options.logger?.debug(\"@aws-sdk/credential-provider-ini - resolveAssumeRoleCredentials (STS)\");\n const profileData = profiles[profileName];\n const { source_profile, region } = profileData;\n if (!options.roleAssumer) {\n const { getDefaultRoleAssumer } = await import('@aws-sdk/nested-clients/sts');\n options.roleAssumer = getDefaultRoleAssumer({\n ...options.clientConfig,\n credentialProviderLogger: options.logger,\n parentClientConfig: {\n ...callerClientConfig,\n ...options?.parentClientConfig,\n region: region ?? options?.parentClientConfig?.region ?? callerClientConfig?.region,\n },\n }, options.clientPlugins);\n }\n if (source_profile && source_profile in visitedProfiles) {\n throw new propertyProvider.CredentialsProviderError(`Detected a cycle attempting to resolve credentials for profile` +\n ` ${sharedIniFileLoader.getProfileName(options)}. Profiles visited: ` +\n Object.keys(visitedProfiles).join(\", \"), { logger: options.logger });\n }\n options.logger?.debug(`@aws-sdk/credential-provider-ini - finding credential resolver using ${source_profile ? `source_profile=[${source_profile}]` : `profile=[${profileName}]`}`);\n const sourceCredsProvider = source_profile\n ? resolveProfileData(source_profile, profiles, options, callerClientConfig, {\n ...visitedProfiles,\n [source_profile]: true,\n }, isCredentialSourceWithoutRoleArn(profiles[source_profile] ?? {}))\n : (await resolveCredentialSource(profileData.credential_source, profileName, options.logger)(options))();\n if (isCredentialSourceWithoutRoleArn(profileData)) {\n return sourceCredsProvider.then((creds) => client.setCredentialFeature(creds, \"CREDENTIALS_PROFILE_SOURCE_PROFILE\", \"o\"));\n }\n else {\n const params = {\n RoleArn: profileData.role_arn,\n RoleSessionName: profileData.role_session_name || `aws-sdk-js-${Date.now()}`,\n ExternalId: profileData.external_id,\n DurationSeconds: parseInt(profileData.duration_seconds || \"3600\", 10),\n };\n const { mfa_serial } = profileData;\n if (mfa_serial) {\n if (!options.mfaCodeProvider) {\n throw new propertyProvider.CredentialsProviderError(`Profile ${profileName} requires multi-factor authentication, but no MFA code callback was provided.`, { logger: options.logger, tryNextLink: false });\n }\n params.SerialNumber = mfa_serial;\n params.TokenCode = await options.mfaCodeProvider(mfa_serial);\n }\n const sourceCreds = await sourceCredsProvider;\n return options.roleAssumer(sourceCreds, params).then((creds) => client.setCredentialFeature(creds, \"CREDENTIALS_PROFILE_SOURCE_PROFILE\", \"o\"));\n }\n};\nconst isCredentialSourceWithoutRoleArn = (section) => {\n return !section.role_arn && !!section.credential_source;\n};\n\nconst isLoginProfile = (data) => {\n return Boolean(data && data.login_session);\n};\nconst resolveLoginCredentials = async (profileName, options, callerClientConfig) => {\n const credentials = await credentialProviderLogin.fromLoginCredentials({\n ...options,\n profile: profileName,\n })({ callerClientConfig });\n return client.setCredentialFeature(credentials, \"CREDENTIALS_PROFILE_LOGIN\", \"AC\");\n};\n\nconst isProcessProfile = (arg) => Boolean(arg) && typeof arg === \"object\" && typeof arg.credential_process === \"string\";\nconst resolveProcessCredentials = async (options, profile) => import('@aws-sdk/credential-provider-process').then(({ fromProcess }) => fromProcess({\n ...options,\n profile,\n})().then((creds) => client.setCredentialFeature(creds, \"CREDENTIALS_PROFILE_PROCESS\", \"v\")));\n\nconst resolveSsoCredentials = async (profile, profileData, options = {}, callerClientConfig) => {\n const { fromSSO } = await import('@aws-sdk/credential-provider-sso');\n return fromSSO({\n profile,\n logger: options.logger,\n parentClientConfig: options.parentClientConfig,\n clientConfig: options.clientConfig,\n })({\n callerClientConfig,\n }).then((creds) => {\n if (profileData.sso_session) {\n return client.setCredentialFeature(creds, \"CREDENTIALS_PROFILE_SSO\", \"r\");\n }\n else {\n return client.setCredentialFeature(creds, \"CREDENTIALS_PROFILE_SSO_LEGACY\", \"t\");\n }\n });\n};\nconst isSsoProfile = (arg) => arg &&\n (typeof arg.sso_start_url === \"string\" ||\n typeof arg.sso_account_id === \"string\" ||\n typeof arg.sso_session === \"string\" ||\n typeof arg.sso_region === \"string\" ||\n typeof arg.sso_role_name === \"string\");\n\nconst isStaticCredsProfile = (arg) => Boolean(arg) &&\n typeof arg === \"object\" &&\n typeof arg.aws_access_key_id === \"string\" &&\n typeof arg.aws_secret_access_key === \"string\" &&\n [\"undefined\", \"string\"].indexOf(typeof arg.aws_session_token) > -1 &&\n [\"undefined\", \"string\"].indexOf(typeof arg.aws_account_id) > -1;\nconst resolveStaticCredentials = async (profile, options) => {\n options?.logger?.debug(\"@aws-sdk/credential-provider-ini - resolveStaticCredentials\");\n const credentials = {\n accessKeyId: profile.aws_access_key_id,\n secretAccessKey: profile.aws_secret_access_key,\n sessionToken: profile.aws_session_token,\n ...(profile.aws_credential_scope && { credentialScope: profile.aws_credential_scope }),\n ...(profile.aws_account_id && { accountId: profile.aws_account_id }),\n };\n return client.setCredentialFeature(credentials, \"CREDENTIALS_PROFILE\", \"n\");\n};\n\nconst isWebIdentityProfile = (arg) => Boolean(arg) &&\n typeof arg === \"object\" &&\n typeof arg.web_identity_token_file === \"string\" &&\n typeof arg.role_arn === \"string\" &&\n [\"undefined\", \"string\"].indexOf(typeof arg.role_session_name) > -1;\nconst resolveWebIdentityCredentials = async (profile, options, callerClientConfig) => import('@aws-sdk/credential-provider-web-identity').then(({ fromTokenFile }) => fromTokenFile({\n webIdentityTokenFile: profile.web_identity_token_file,\n roleArn: profile.role_arn,\n roleSessionName: profile.role_session_name,\n roleAssumerWithWebIdentity: options.roleAssumerWithWebIdentity,\n logger: options.logger,\n parentClientConfig: options.parentClientConfig,\n})({\n callerClientConfig,\n}).then((creds) => client.setCredentialFeature(creds, \"CREDENTIALS_PROFILE_STS_WEB_ID_TOKEN\", \"q\")));\n\nconst resolveProfileData = async (profileName, profiles, options, callerClientConfig, visitedProfiles = {}, isAssumeRoleRecursiveCall = false) => {\n const data = profiles[profileName];\n if (Object.keys(visitedProfiles).length > 0 && isStaticCredsProfile(data)) {\n return resolveStaticCredentials(data, options);\n }\n if (isAssumeRoleRecursiveCall || isAssumeRoleProfile(data, { profile: profileName, logger: options.logger })) {\n return resolveAssumeRoleCredentials(profileName, profiles, options, callerClientConfig, visitedProfiles, resolveProfileData);\n }\n if (isStaticCredsProfile(data)) {\n return resolveStaticCredentials(data, options);\n }\n if (isWebIdentityProfile(data)) {\n return resolveWebIdentityCredentials(data, options, callerClientConfig);\n }\n if (isProcessProfile(data)) {\n return resolveProcessCredentials(options, profileName);\n }\n if (isSsoProfile(data)) {\n return await resolveSsoCredentials(profileName, data, options, callerClientConfig);\n }\n if (isLoginProfile(data)) {\n return resolveLoginCredentials(profileName, options, callerClientConfig);\n }\n throw new propertyProvider.CredentialsProviderError(`Could not resolve credentials using profile: [${profileName}] in configuration/credentials file(s).`, { logger: options.logger });\n};\n\nconst fromIni = (init = {}) => async ({ callerClientConfig } = {}) => {\n init.logger?.debug(\"@aws-sdk/credential-provider-ini - fromIni\");\n const profiles = await sharedIniFileLoader.parseKnownFiles(init);\n return resolveProfileData(sharedIniFileLoader.getProfileName({\n profile: init.profile ?? callerClientConfig?.profile,\n }), profiles, init, callerClientConfig);\n};\n\nexports.fromIni = fromIni;\n","'use strict';\n\nvar client = require('@aws-sdk/core/client');\nvar propertyProvider = require('@smithy/property-provider');\nvar sharedIniFileLoader = require('@smithy/shared-ini-file-loader');\nvar protocolHttp = require('@smithy/protocol-http');\nvar node_crypto = require('node:crypto');\nvar node_fs = require('node:fs');\nvar node_os = require('node:os');\nvar node_path = require('node:path');\n\nclass LoginCredentialsFetcher {\n profileData;\n init;\n callerClientConfig;\n static REFRESH_THRESHOLD = 5 * 60 * 1000;\n constructor(profileData, init, callerClientConfig) {\n this.profileData = profileData;\n this.init = init;\n this.callerClientConfig = callerClientConfig;\n }\n async loadCredentials() {\n const token = await this.loadToken();\n if (!token) {\n throw new propertyProvider.CredentialsProviderError(`Failed to load a token for session ${this.loginSession}, please re-authenticate using aws login`, { tryNextLink: false, logger: this.logger });\n }\n const accessToken = token.accessToken;\n const now = Date.now();\n const expiryTime = new Date(accessToken.expiresAt).getTime();\n const timeUntilExpiry = expiryTime - now;\n if (timeUntilExpiry <= LoginCredentialsFetcher.REFRESH_THRESHOLD) {\n return this.refresh(token);\n }\n return {\n accessKeyId: accessToken.accessKeyId,\n secretAccessKey: accessToken.secretAccessKey,\n sessionToken: accessToken.sessionToken,\n accountId: accessToken.accountId,\n expiration: new Date(accessToken.expiresAt),\n };\n }\n get logger() {\n return this.init?.logger;\n }\n get loginSession() {\n return this.profileData.login_session;\n }\n async refresh(token) {\n const { SigninClient, CreateOAuth2TokenCommand } = await import('@aws-sdk/nested-clients/signin');\n const { logger, userAgentAppId } = this.callerClientConfig ?? {};\n const isH2 = (requestHandler) => {\n return requestHandler?.metadata?.handlerProtocol === \"h2\";\n };\n const requestHandler = isH2(this.callerClientConfig?.requestHandler)\n ? undefined\n : this.callerClientConfig?.requestHandler;\n const region = this.profileData.region ?? (await this.callerClientConfig?.region?.()) ?? process.env.AWS_REGION;\n const client = new SigninClient({\n credentials: {\n accessKeyId: \"\",\n secretAccessKey: \"\",\n },\n region,\n requestHandler,\n logger,\n userAgentAppId,\n ...this.init?.clientConfig,\n });\n this.createDPoPInterceptor(client.middlewareStack);\n const commandInput = {\n tokenInput: {\n clientId: token.clientId,\n refreshToken: token.refreshToken,\n grantType: \"refresh_token\",\n },\n };\n try {\n const response = await client.send(new CreateOAuth2TokenCommand(commandInput));\n const { accessKeyId, secretAccessKey, sessionToken } = response.tokenOutput?.accessToken ?? {};\n const { refreshToken, expiresIn } = response.tokenOutput ?? {};\n if (!accessKeyId || !secretAccessKey || !sessionToken || !refreshToken) {\n throw new propertyProvider.CredentialsProviderError(\"Token refresh response missing required fields\", {\n logger: this.logger,\n tryNextLink: false,\n });\n }\n const expiresInMs = (expiresIn ?? 900) * 1000;\n const expiration = new Date(Date.now() + expiresInMs);\n const updatedToken = {\n ...token,\n accessToken: {\n ...token.accessToken,\n accessKeyId: accessKeyId,\n secretAccessKey: secretAccessKey,\n sessionToken: sessionToken,\n expiresAt: expiration.toISOString(),\n },\n refreshToken: refreshToken,\n };\n await this.saveToken(updatedToken);\n const newAccessToken = updatedToken.accessToken;\n return {\n accessKeyId: newAccessToken.accessKeyId,\n secretAccessKey: newAccessToken.secretAccessKey,\n sessionToken: newAccessToken.sessionToken,\n accountId: newAccessToken.accountId,\n expiration,\n };\n }\n catch (error) {\n if (error.name === \"AccessDeniedException\") {\n const errorType = error.error;\n let message;\n switch (errorType) {\n case \"TOKEN_EXPIRED\":\n message = \"Your session has expired. Please reauthenticate.\";\n break;\n case \"USER_CREDENTIALS_CHANGED\":\n message =\n \"Unable to refresh credentials because of a change in your password. Please reauthenticate with your new password.\";\n break;\n case \"INSUFFICIENT_PERMISSIONS\":\n message =\n \"Unable to refresh credentials due to insufficient permissions. You may be missing permission for the 'CreateOAuth2Token' action.\";\n break;\n default:\n message = `Failed to refresh token: ${String(error)}. Please re-authenticate using \\`aws login\\``;\n }\n throw new propertyProvider.CredentialsProviderError(message, { logger: this.logger, tryNextLink: false });\n }\n throw new propertyProvider.CredentialsProviderError(`Failed to refresh token: ${String(error)}. Please re-authenticate using aws login`, { logger: this.logger });\n }\n }\n async loadToken() {\n const tokenFilePath = this.getTokenFilePath();\n try {\n let tokenData;\n try {\n tokenData = await sharedIniFileLoader.readFile(tokenFilePath, { ignoreCache: this.init?.ignoreCache });\n }\n catch {\n tokenData = await node_fs.promises.readFile(tokenFilePath, \"utf8\");\n }\n const token = JSON.parse(tokenData);\n const missingFields = [\"accessToken\", \"clientId\", \"refreshToken\", \"dpopKey\"].filter((k) => !token[k]);\n if (!token.accessToken?.accountId) {\n missingFields.push(\"accountId\");\n }\n if (missingFields.length > 0) {\n throw new propertyProvider.CredentialsProviderError(`Token validation failed, missing fields: ${missingFields.join(\", \")}`, {\n logger: this.logger,\n tryNextLink: false,\n });\n }\n return token;\n }\n catch (error) {\n throw new propertyProvider.CredentialsProviderError(`Failed to load token from ${tokenFilePath}: ${String(error)}`, {\n logger: this.logger,\n tryNextLink: false,\n });\n }\n }\n async saveToken(token) {\n const tokenFilePath = this.getTokenFilePath();\n const directory = node_path.dirname(tokenFilePath);\n try {\n await node_fs.promises.mkdir(directory, { recursive: true });\n }\n catch (error) {\n }\n await node_fs.promises.writeFile(tokenFilePath, JSON.stringify(token, null, 2), \"utf8\");\n }\n getTokenFilePath() {\n const directory = process.env.AWS_LOGIN_CACHE_DIRECTORY ?? node_path.join(node_os.homedir(), \".aws\", \"login\", \"cache\");\n const loginSessionBytes = Buffer.from(this.loginSession, \"utf8\");\n const loginSessionSha256 = node_crypto.createHash(\"sha256\").update(loginSessionBytes).digest(\"hex\");\n return node_path.join(directory, `${loginSessionSha256}.json`);\n }\n derToRawSignature(derSignature) {\n let offset = 2;\n if (derSignature[offset] !== 0x02) {\n throw new Error(\"Invalid DER signature\");\n }\n offset++;\n const rLength = derSignature[offset++];\n let r = derSignature.subarray(offset, offset + rLength);\n offset += rLength;\n if (derSignature[offset] !== 0x02) {\n throw new Error(\"Invalid DER signature\");\n }\n offset++;\n const sLength = derSignature[offset++];\n let s = derSignature.subarray(offset, offset + sLength);\n r = r[0] === 0x00 ? r.subarray(1) : r;\n s = s[0] === 0x00 ? s.subarray(1) : s;\n const rPadded = Buffer.concat([Buffer.alloc(32 - r.length), r]);\n const sPadded = Buffer.concat([Buffer.alloc(32 - s.length), s]);\n return Buffer.concat([rPadded, sPadded]);\n }\n createDPoPInterceptor(middlewareStack) {\n middlewareStack.add((next) => async (args) => {\n if (protocolHttp.HttpRequest.isInstance(args.request)) {\n const request = args.request;\n const actualEndpoint = `${request.protocol}//${request.hostname}${request.port ? `:${request.port}` : \"\"}${request.path}`;\n const dpop = await this.generateDpop(request.method, actualEndpoint);\n request.headers = {\n ...request.headers,\n DPoP: dpop,\n };\n }\n return next(args);\n }, {\n step: \"finalizeRequest\",\n name: \"dpopInterceptor\",\n override: true,\n });\n }\n async generateDpop(method = \"POST\", endpoint) {\n const token = await this.loadToken();\n try {\n const privateKey = node_crypto.createPrivateKey({\n key: token.dpopKey,\n format: \"pem\",\n type: \"sec1\",\n });\n const publicKey = node_crypto.createPublicKey(privateKey);\n const publicDer = publicKey.export({ format: \"der\", type: \"spki\" });\n let pointStart = -1;\n for (let i = 0; i < publicDer.length; i++) {\n if (publicDer[i] === 0x04) {\n pointStart = i;\n break;\n }\n }\n const x = publicDer.slice(pointStart + 1, pointStart + 33);\n const y = publicDer.slice(pointStart + 33, pointStart + 65);\n const header = {\n alg: \"ES256\",\n typ: \"dpop+jwt\",\n jwk: {\n kty: \"EC\",\n crv: \"P-256\",\n x: x.toString(\"base64url\"),\n y: y.toString(\"base64url\"),\n },\n };\n const payload = {\n jti: crypto.randomUUID(),\n htm: method,\n htu: endpoint,\n iat: Math.floor(Date.now() / 1000),\n };\n const headerB64 = Buffer.from(JSON.stringify(header)).toString(\"base64url\");\n const payloadB64 = Buffer.from(JSON.stringify(payload)).toString(\"base64url\");\n const message = `${headerB64}.${payloadB64}`;\n const asn1Signature = node_crypto.sign(\"sha256\", Buffer.from(message), privateKey);\n const rawSignature = this.derToRawSignature(asn1Signature);\n const signatureB64 = rawSignature.toString(\"base64url\");\n return `${message}.${signatureB64}`;\n }\n catch (error) {\n throw new propertyProvider.CredentialsProviderError(`Failed to generate Dpop proof: ${error instanceof Error ? error.message : String(error)}`, { logger: this.logger, tryNextLink: false });\n }\n }\n}\n\nconst fromLoginCredentials = (init) => async ({ callerClientConfig } = {}) => {\n init?.logger?.debug?.(\"@aws-sdk/credential-providers - fromLoginCredentials\");\n const profiles = await sharedIniFileLoader.parseKnownFiles(init || {});\n const profileName = sharedIniFileLoader.getProfileName({\n profile: init?.profile ?? callerClientConfig?.profile,\n });\n const profile = profiles[profileName];\n if (!profile?.login_session) {\n throw new propertyProvider.CredentialsProviderError(`Profile ${profileName} does not contain login_session.`, {\n tryNextLink: true,\n logger: init?.logger,\n });\n }\n const fetcher = new LoginCredentialsFetcher(profile, init, callerClientConfig);\n const credentials = await fetcher.loadCredentials();\n return client.setCredentialFeature(credentials, \"CREDENTIALS_LOGIN\", \"AD\");\n};\n\nexports.fromLoginCredentials = fromLoginCredentials;\n"],"names":[],"sourceRoot":""}