@smithy/credential-provider-imds 4.2.14 → 4.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist-cjs/index.js +39 -41
- package/dist-es/error/InstanceMetadataV1FallbackError.js +1 -1
- package/dist-es/fromContainerMetadata.js +3 -3
- package/dist-es/fromInstanceMetadata.js +2 -3
- package/dist-es/remoteProvider/httpRequest.js +2 -3
- package/dist-es/utils/getInstanceMetadataEndpoint.js +2 -2
- package/dist-types/config/EndpointConfigOptions.d.ts +1 -1
- package/dist-types/config/EndpointModeConfigOptions.d.ts +1 -1
- package/dist-types/error/InstanceMetadataV1FallbackError.d.ts +1 -1
- package/dist-types/fromContainerMetadata.d.ts +1 -1
- package/dist-types/fromInstanceMetadata.d.ts +1 -1
- package/dist-types/remoteProvider/httpRequest.d.ts +1 -2
- package/package.json +2 -4
package/dist-cjs/index.js
CHANGED
|
@@ -1,31 +1,47 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
-
var
|
|
4
|
-
var
|
|
5
|
-
var
|
|
6
|
-
var
|
|
7
|
-
|
|
8
|
-
|
|
3
|
+
var node_url = require('node:url');
|
|
4
|
+
var config = require('@smithy/core/config');
|
|
5
|
+
var node_http = require('node:http');
|
|
6
|
+
var protocols = require('@smithy/core/protocols');
|
|
7
|
+
|
|
8
|
+
const isImdsCredentials = (arg) => Boolean(arg) &&
|
|
9
|
+
typeof arg === "object" &&
|
|
10
|
+
typeof arg.AccessKeyId === "string" &&
|
|
11
|
+
typeof arg.SecretAccessKey === "string" &&
|
|
12
|
+
typeof arg.Token === "string" &&
|
|
13
|
+
typeof arg.Expiration === "string";
|
|
14
|
+
const fromImdsCredentials = (creds) => ({
|
|
15
|
+
accessKeyId: creds.AccessKeyId,
|
|
16
|
+
secretAccessKey: creds.SecretAccessKey,
|
|
17
|
+
sessionToken: creds.Token,
|
|
18
|
+
expiration: new Date(creds.Expiration),
|
|
19
|
+
...(creds.AccountId && { accountId: creds.AccountId }),
|
|
20
|
+
});
|
|
21
|
+
|
|
22
|
+
const DEFAULT_TIMEOUT = 1000;
|
|
23
|
+
const DEFAULT_MAX_RETRIES = 0;
|
|
24
|
+
const providerConfigFromInit = ({ maxRetries = DEFAULT_MAX_RETRIES, timeout = DEFAULT_TIMEOUT, }) => ({ maxRetries, timeout });
|
|
9
25
|
|
|
10
26
|
function httpRequest(options) {
|
|
11
27
|
return new Promise((resolve, reject) => {
|
|
12
|
-
const req =
|
|
28
|
+
const req = node_http.request({
|
|
13
29
|
method: "GET",
|
|
14
30
|
...options,
|
|
15
31
|
hostname: options.hostname?.replace(/^\[(.+)\]$/, "$1"),
|
|
16
32
|
});
|
|
17
33
|
req.on("error", (err) => {
|
|
18
|
-
reject(Object.assign(new
|
|
34
|
+
reject(Object.assign(new config.ProviderError("Unable to connect to instance metadata service"), err));
|
|
19
35
|
req.destroy();
|
|
20
36
|
});
|
|
21
37
|
req.on("timeout", () => {
|
|
22
|
-
reject(new
|
|
38
|
+
reject(new config.ProviderError("TimeoutError from instance metadata service"));
|
|
23
39
|
req.destroy();
|
|
24
40
|
});
|
|
25
41
|
req.on("response", (res) => {
|
|
26
42
|
const { statusCode = 400 } = res;
|
|
27
43
|
if (statusCode < 200 || 300 <= statusCode) {
|
|
28
|
-
reject(Object.assign(new
|
|
44
|
+
reject(Object.assign(new config.ProviderError("Error response received from instance metadata service"), { statusCode }));
|
|
29
45
|
req.destroy();
|
|
30
46
|
}
|
|
31
47
|
const chunks = [];
|
|
@@ -33,7 +49,7 @@ function httpRequest(options) {
|
|
|
33
49
|
chunks.push(chunk);
|
|
34
50
|
});
|
|
35
51
|
res.on("end", () => {
|
|
36
|
-
resolve(
|
|
52
|
+
resolve(Buffer.concat(chunks));
|
|
37
53
|
req.destroy();
|
|
38
54
|
});
|
|
39
55
|
});
|
|
@@ -41,24 +57,6 @@ function httpRequest(options) {
|
|
|
41
57
|
});
|
|
42
58
|
}
|
|
43
59
|
|
|
44
|
-
const isImdsCredentials = (arg) => Boolean(arg) &&
|
|
45
|
-
typeof arg === "object" &&
|
|
46
|
-
typeof arg.AccessKeyId === "string" &&
|
|
47
|
-
typeof arg.SecretAccessKey === "string" &&
|
|
48
|
-
typeof arg.Token === "string" &&
|
|
49
|
-
typeof arg.Expiration === "string";
|
|
50
|
-
const fromImdsCredentials = (creds) => ({
|
|
51
|
-
accessKeyId: creds.AccessKeyId,
|
|
52
|
-
secretAccessKey: creds.SecretAccessKey,
|
|
53
|
-
sessionToken: creds.Token,
|
|
54
|
-
expiration: new Date(creds.Expiration),
|
|
55
|
-
...(creds.AccountId && { accountId: creds.AccountId }),
|
|
56
|
-
});
|
|
57
|
-
|
|
58
|
-
const DEFAULT_TIMEOUT = 1000;
|
|
59
|
-
const DEFAULT_MAX_RETRIES = 0;
|
|
60
|
-
const providerConfigFromInit = ({ maxRetries = DEFAULT_MAX_RETRIES, timeout = DEFAULT_TIMEOUT, }) => ({ maxRetries, timeout });
|
|
61
|
-
|
|
62
60
|
const retry = (toRetry, maxRetries) => {
|
|
63
61
|
let promise = toRetry();
|
|
64
62
|
for (let i = 0; i < maxRetries; i++) {
|
|
@@ -76,7 +74,7 @@ const fromContainerMetadata = (init = {}) => {
|
|
|
76
74
|
const requestOptions = await getCmdsUri({ logger: init.logger });
|
|
77
75
|
const credsResponse = JSON.parse(await requestFromEcsImds(timeout, requestOptions));
|
|
78
76
|
if (!isImdsCredentials(credsResponse)) {
|
|
79
|
-
throw new
|
|
77
|
+
throw new config.CredentialsProviderError("Invalid response received from instance metadata service.", {
|
|
80
78
|
logger: init.logger,
|
|
81
79
|
});
|
|
82
80
|
}
|
|
@@ -113,15 +111,15 @@ const getCmdsUri = async ({ logger }) => {
|
|
|
113
111
|
};
|
|
114
112
|
}
|
|
115
113
|
if (process.env[ENV_CMDS_FULL_URI]) {
|
|
116
|
-
const parsed =
|
|
114
|
+
const parsed = node_url.parse(process.env[ENV_CMDS_FULL_URI]);
|
|
117
115
|
if (!parsed.hostname || !(parsed.hostname in GREENGRASS_HOSTS)) {
|
|
118
|
-
throw new
|
|
116
|
+
throw new config.CredentialsProviderError(`${parsed.hostname} is not a valid container metadata service hostname`, {
|
|
119
117
|
tryNextLink: false,
|
|
120
118
|
logger,
|
|
121
119
|
});
|
|
122
120
|
}
|
|
123
121
|
if (!parsed.protocol || !(parsed.protocol in GREENGRASS_PROTOCOLS)) {
|
|
124
|
-
throw new
|
|
122
|
+
throw new config.CredentialsProviderError(`${parsed.protocol} is not a valid container metadata service protocol`, {
|
|
125
123
|
tryNextLink: false,
|
|
126
124
|
logger,
|
|
127
125
|
});
|
|
@@ -131,7 +129,7 @@ const getCmdsUri = async ({ logger }) => {
|
|
|
131
129
|
port: parsed.port ? parseInt(parsed.port, 10) : undefined,
|
|
132
130
|
};
|
|
133
131
|
}
|
|
134
|
-
throw new
|
|
132
|
+
throw new config.CredentialsProviderError("The container metadata credential provider cannot be used unless" +
|
|
135
133
|
` the ${ENV_CMDS_RELATIVE_URI} or ${ENV_CMDS_FULL_URI} environment` +
|
|
136
134
|
" variable is set", {
|
|
137
135
|
tryNextLink: false,
|
|
@@ -139,7 +137,7 @@ const getCmdsUri = async ({ logger }) => {
|
|
|
139
137
|
});
|
|
140
138
|
};
|
|
141
139
|
|
|
142
|
-
class InstanceMetadataV1FallbackError extends
|
|
140
|
+
class InstanceMetadataV1FallbackError extends config.CredentialsProviderError {
|
|
143
141
|
tryNextLink;
|
|
144
142
|
name = "InstanceMetadataV1FallbackError";
|
|
145
143
|
constructor(message, tryNextLink = true) {
|
|
@@ -177,10 +175,10 @@ const ENDPOINT_MODE_CONFIG_OPTIONS = {
|
|
|
177
175
|
default: EndpointMode.IPv4,
|
|
178
176
|
};
|
|
179
177
|
|
|
180
|
-
const getInstanceMetadataEndpoint = async () =>
|
|
181
|
-
const getFromEndpointConfig = async () =>
|
|
178
|
+
const getInstanceMetadataEndpoint = async () => protocols.parseUrl((await getFromEndpointConfig()) || (await getFromEndpointModeConfig()));
|
|
179
|
+
const getFromEndpointConfig = async () => config.loadConfig(ENDPOINT_CONFIG_OPTIONS)();
|
|
182
180
|
const getFromEndpointModeConfig = async () => {
|
|
183
|
-
const endpointMode = await
|
|
181
|
+
const endpointMode = await config.loadConfig(ENDPOINT_MODE_CONFIG_OPTIONS)();
|
|
184
182
|
switch (endpointMode) {
|
|
185
183
|
case EndpointMode.IPv4:
|
|
186
184
|
return exports.Endpoint.IPv4;
|
|
@@ -249,12 +247,12 @@ const getInstanceMetadataProvider = (init = {}) => {
|
|
|
249
247
|
if (isImdsV1Fallback) {
|
|
250
248
|
let fallbackBlockedFromProfile = false;
|
|
251
249
|
let fallbackBlockedFromProcessEnv = false;
|
|
252
|
-
const configValue = await
|
|
250
|
+
const configValue = await config.loadConfig({
|
|
253
251
|
environmentVariableSelector: (env) => {
|
|
254
252
|
const envValue = env[AWS_EC2_METADATA_V1_DISABLED];
|
|
255
253
|
fallbackBlockedFromProcessEnv = !!envValue && envValue !== "false";
|
|
256
254
|
if (envValue === undefined) {
|
|
257
|
-
throw new
|
|
255
|
+
throw new config.CredentialsProviderError(`${AWS_EC2_METADATA_V1_DISABLED} not set in env, checking config file next.`, { logger: init.logger });
|
|
258
256
|
}
|
|
259
257
|
return fallbackBlockedFromProcessEnv;
|
|
260
258
|
},
|
|
@@ -353,7 +351,7 @@ const getCredentialsFromProfile = async (profile, options, init) => {
|
|
|
353
351
|
path: IMDS_PATH + profile,
|
|
354
352
|
})).toString());
|
|
355
353
|
if (!isImdsCredentials(credentialsResponse)) {
|
|
356
|
-
throw new
|
|
354
|
+
throw new config.CredentialsProviderError("Invalid response received from instance metadata service.", {
|
|
357
355
|
logger: init.logger,
|
|
358
356
|
});
|
|
359
357
|
}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { CredentialsProviderError } from "@smithy/
|
|
1
|
+
import { CredentialsProviderError } from "@smithy/core/config";
|
|
2
2
|
export class InstanceMetadataV1FallbackError extends CredentialsProviderError {
|
|
3
3
|
tryNextLink;
|
|
4
4
|
name = "InstanceMetadataV1FallbackError";
|
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import {
|
|
3
|
-
import { httpRequest } from "./remoteProvider/httpRequest";
|
|
1
|
+
import { parse } from "node:url";
|
|
2
|
+
import { CredentialsProviderError } from "@smithy/core/config";
|
|
4
3
|
import { fromImdsCredentials, isImdsCredentials } from "./remoteProvider/ImdsCredentials";
|
|
5
4
|
import { providerConfigFromInit } from "./remoteProvider/RemoteProviderInit";
|
|
5
|
+
import { httpRequest } from "./remoteProvider/httpRequest";
|
|
6
6
|
import { retry } from "./remoteProvider/retry";
|
|
7
7
|
export const ENV_CMDS_FULL_URI = "AWS_CONTAINER_CREDENTIALS_FULL_URI";
|
|
8
8
|
export const ENV_CMDS_RELATIVE_URI = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI";
|
|
@@ -1,9 +1,8 @@
|
|
|
1
|
-
import { loadConfig } from "@smithy/
|
|
2
|
-
import { CredentialsProviderError } from "@smithy/property-provider";
|
|
1
|
+
import { CredentialsProviderError, loadConfig } from "@smithy/core/config";
|
|
3
2
|
import { InstanceMetadataV1FallbackError } from "./error/InstanceMetadataV1FallbackError";
|
|
4
|
-
import { httpRequest } from "./remoteProvider/httpRequest";
|
|
5
3
|
import { fromImdsCredentials, isImdsCredentials } from "./remoteProvider/ImdsCredentials";
|
|
6
4
|
import { providerConfigFromInit } from "./remoteProvider/RemoteProviderInit";
|
|
5
|
+
import { httpRequest } from "./remoteProvider/httpRequest";
|
|
7
6
|
import { retry } from "./remoteProvider/retry";
|
|
8
7
|
import { getInstanceMetadataEndpoint } from "./utils/getInstanceMetadataEndpoint";
|
|
9
8
|
import { staticStabilityProvider } from "./utils/staticStabilityProvider";
|
|
@@ -1,6 +1,5 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import {
|
|
3
|
-
import { request } from "http";
|
|
1
|
+
import { request } from "node:http";
|
|
2
|
+
import { ProviderError } from "@smithy/core/config";
|
|
4
3
|
export function httpRequest(options) {
|
|
5
4
|
return new Promise((resolve, reject) => {
|
|
6
5
|
const req = request({
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { loadConfig } from "@smithy/
|
|
2
|
-
import { parseUrl } from "@smithy/
|
|
1
|
+
import { loadConfig } from "@smithy/core/config";
|
|
2
|
+
import { parseUrl } from "@smithy/core/protocols";
|
|
3
3
|
import { Endpoint as InstanceMetadataEndpoint } from "../config/Endpoint";
|
|
4
4
|
import { ENDPOINT_CONFIG_OPTIONS } from "../config/EndpointConfigOptions";
|
|
5
5
|
import { EndpointMode } from "../config/EndpointMode";
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import type { Provider } from "@smithy/types";
|
|
2
|
-
import type
|
|
2
|
+
import { type RemoteProviderInit } from "./remoteProvider/RemoteProviderInit";
|
|
3
3
|
import type { InstanceMetadataCredentials } from "./types";
|
|
4
4
|
/**
|
|
5
5
|
* @internal
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@smithy/credential-provider-imds",
|
|
3
|
-
"version": "4.
|
|
3
|
+
"version": "4.3.0",
|
|
4
4
|
"description": "AWS credential provider that sources credentials from the EC2 instance metadata service and ECS container metadata service",
|
|
5
5
|
"main": "./dist-cjs/index.js",
|
|
6
6
|
"module": "./dist-es/index.js",
|
|
@@ -27,10 +27,8 @@
|
|
|
27
27
|
"license": "Apache-2.0",
|
|
28
28
|
"sideEffects": false,
|
|
29
29
|
"dependencies": {
|
|
30
|
-
"@smithy/
|
|
31
|
-
"@smithy/property-provider": "^4.2.14",
|
|
30
|
+
"@smithy/core": "^3.24.0",
|
|
32
31
|
"@smithy/types": "^4.14.1",
|
|
33
|
-
"@smithy/url-parser": "^4.2.14",
|
|
34
32
|
"tslib": "^2.6.2"
|
|
35
33
|
},
|
|
36
34
|
"devDependencies": {
|