aws-cdk 2.1006.0 → 3.0.0

package/lib/api/aws-auth/credential-plugins.js

@@ -1,152 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.CredentialPlugins = void 0;
-const util_1 = require("util");
-const provider_caching_1 = require("./provider-caching");
-const api_1 = require("../../../../@aws-cdk/tmp-toolkit-helpers/src/api");
-const logging_1 = require("../../logging");
-const util_2 = require("../../util");
-const plugin_1 = require("../plugin/plugin");
-/**
- * Cache for credential providers.
- *
- * Given an account and an operating mode (read or write) will return an
- * appropriate credential provider for credentials for the given account. The
- * credential provider will be cached so that multiple AWS clients for the same
- * environment will not make multiple network calls to obtain credentials.
- *
- * Will use default credentials if they are for the right account; otherwise,
- * all loaded credential provider plugins will be tried to obtain credentials
- * for the given account.
- */
-class CredentialPlugins {
-    constructor(host) {
-        this.cache = {};
-        this.host = host ?? plugin_1.PluginHost.instance;
-    }
-    async fetchCredentialsFor(awsAccountId, mode) {
-        const key = `${awsAccountId}-${mode}`;
-        if (!(key in this.cache)) {
-            this.cache[key] = await this.lookupCredentials(awsAccountId, mode);
-        }
-        return this.cache[key];
-    }
-    get availablePluginNames() {
-        return this.host.credentialProviderSources.map((s) => s.name);
-    }
-    async lookupCredentials(awsAccountId, mode) {
-        const triedSources = [];
-        // Otherwise, inspect the various credential sources we have
-        for (const source of this.host.credentialProviderSources) {
-            let available;
-            try {
-                available = await source.isAvailable();
-            }
-            catch (e) {
-                // This shouldn't happen, but let's guard against it anyway
-                (0, logging_1.warning)(`Uncaught exception in ${source.name}: ${(0, util_2.formatErrorMessage)(e)}`);
-                available = false;
-            }
-            if (!available) {
-                (0, logging_1.debug)('Credentials source %s is not available, ignoring it.', source.name);
-                continue;
-            }
-            triedSources.push(source);
-            let canProvide;
-            try {
-                canProvide = await source.canProvideCredentials(awsAccountId);
-            }
-            catch (e) {
-                // This shouldn't happen, but let's guard against it anyway
-                (0, logging_1.warning)(`Uncaught exception in ${source.name}: ${(0, util_2.formatErrorMessage)(e)}`);
-                canProvide = false;
-            }
-            if (!canProvide) {
-                continue;
-            }
-            (0, logging_1.debug)(`Using ${source.name} credentials for account ${awsAccountId}`);
-            return {
-                credentials: await v3ProviderFromPlugin(() => source.getProvider(awsAccountId, mode, {
-                    supportsV3Providers: true,
-                })),
-                pluginName: source.name,
-            };
-        }
-        return undefined;
-    }
-}
-exports.CredentialPlugins = CredentialPlugins;
-/**
- * Take a function that calls the plugin, and turn it into an SDKv3-compatible credential provider.
- *
- * What we will do is the following:
- *
- * - Query the plugin and see what kind of result it gives us.
- * - If the result is self-refreshing or doesn't need refreshing, we turn it into an SDKv3 provider
- *   and return it directly.
- *   * If the underlying return value is a provider, we will make it a caching provider
- *     (because we can't know if it will cache by itself or not).
- *   * If the underlying return value is a static credential, caching isn't relevant.
- *   * If the underlying return value is V2 credentials, those have caching built-in.
- * - If the result is a static credential that expires, we will wrap it in an SDKv3 provider
- *   that will query the plugin again when the credential expires.
- */
-async function v3ProviderFromPlugin(producer) {
-    const initial = await producer();
-    if (isV3Provider(initial)) {
-        // Already a provider, make caching
-        return (0, provider_caching_1.makeCachingProvider)(initial);
-    }
-    else if (isV3Credentials(initial) && initial.expiration === undefined) {
-        // Static credentials that don't need refreshing nor caching
-        return () => Promise.resolve(initial);
-    }
-    else if (isV3Credentials(initial) && initial.expiration !== undefined) {
-        // Static credentials that do need refreshing and caching
-        return refreshFromPluginProvider(initial, producer);
-    }
-    else if (isV2Credentials(initial)) {
-        // V2 credentials that refresh and cache themselves
-        return v3ProviderFromV2Credentials(initial);
-    }
-    else {
-        throw new api_1.AuthenticationError(`Plugin returned a value that doesn't resemble AWS credentials: ${(0, util_1.inspect)(initial)}`);
-    }
-}
-/**
- * Converts a V2 credential into a V3-compatible provider
- */
-function v3ProviderFromV2Credentials(x) {
-    return async () => {
-        // Get will fetch or refresh as necessary
-        await x.getPromise();
-        return {
-            accessKeyId: x.accessKeyId,
-            secretAccessKey: x.secretAccessKey,
-            sessionToken: x.sessionToken,
-            expiration: x.expireTime ?? undefined,
-        };
-    };
-}
-function refreshFromPluginProvider(current, producer) {
-    return async () => {
-        if ((0, provider_caching_1.credentialsAboutToExpire)(current)) {
-            const newCreds = await producer();
-            if (!isV3Credentials(newCreds)) {
-                throw new api_1.AuthenticationError(`Plugin initially returned static V3 credentials but now returned something else: ${(0, util_1.inspect)(newCreds)}`);
-            }
-            current = newCreds;
-        }
-        return current;
-    };
-}
-function isV3Provider(x) {
-    return typeof x === 'function';
-}
-function isV2Credentials(x) {
-    return !!(x && typeof x === 'object' && x.getPromise);
-}
-function isV3Credentials(x) {
-    return !!(x && typeof x === 'object' && x.accessKeyId && !isV2Credentials(x));
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY3JlZGVudGlhbC1wbHVnaW5zLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiY3JlZGVudGlhbC1wbHVnaW5zLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLCtCQUErQjtBQUcvQix5REFBbUY7QUFDbkYsMEVBQXVGO0FBQ3ZGLDJDQUErQztBQUMvQyxxQ0FBZ0Q7QUFFaEQsNkNBQThDO0FBRTlDOzs7Ozs7Ozs7OztHQVdHO0FBQ0gsTUFBYSxpQkFBaUI7SUFJNUIsWUFBWSxJQUFpQjtRQUhaLFVBQUssR0FBZ0UsRUFBRSxDQUFDO1FBSXZGLElBQUksQ0FBQyxJQUFJLEdBQUcsSUFBSSxJQUFJLG1CQUFVLENBQUMsUUFBUSxDQUFDO0lBQzFDLENBQUM7SUFFTSxLQUFLLENBQUMsbUJBQW1CLENBQUMsWUFBb0IsRUFBRSxJQUFVO1FBQy9ELE1BQU0sR0FBRyxHQUFHLEdBQUcsWUFBWSxJQUFJLElBQUksRUFBRSxDQUFDO1FBQ3RDLElBQUksQ0FBQyxDQUFDLEdBQUcsSUFBSSxJQUFJLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUN6QixJQUFJLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLFlBQVksRUFBRSxJQUFJLENBQUMsQ0FBQztRQUNyRSxDQUFDO1FBQ0QsT0FBTyxJQUFJLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQ3pCLENBQUM7SUFFRCxJQUFXLG9CQUFvQjtRQUM3QixPQUFPLElBQUksQ0FBQyxJQUFJLENBQUMseUJBQXlCLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLENBQUM7SUFDaEUsQ0FBQztJQUVPLEtBQUssQ0FBQyxpQkFBaUIsQ0FBQyxZQUFvQixFQUFFLElBQVU7UUFDOUQsTUFBTSxZQUFZLEdBQStCLEVBQUUsQ0FBQztRQUNwRCw0REFBNEQ7UUFDNUQsS0FBSyxNQUFNLE1BQU0sSUFBSSxJQUFJLENBQUMsSUFBSSxDQUFDLHlCQUF5QixFQUFFLENBQUM7WUFDekQsSUFBSSxTQUFrQixDQUFDO1lBQ3ZCLElBQUksQ0FBQztnQkFDSCxTQUFTLEdBQUcsTUFBTSxNQUFNLENBQUMsV0FBVyxFQUFFLENBQUM7WUFDekMsQ0FBQztZQUFDLE9BQU8sQ0FBTSxFQUFFLENBQUM7Z0JBQ2hCLDJEQUEyRDtnQkFDM0QsSUFBQSxpQkFBTyxFQUFDLHlCQUF5QixNQUFNLENBQUMsSUFBSSxLQUFLLElBQUEseUJBQWtCLEVBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDO2dCQUMxRSxTQUFTLEdBQUcsS0FBSyxDQUFDO1lBQ3BCLENBQUM7WUFFRCxJQUFJLENBQUMsU0FBUyxFQUFFLENBQUM7Z0JBQ2YsSUFBQSxlQUFLLEVBQUMsc0RBQXNELEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUFDO2dCQUMzRSxTQUFTO1lBQ1gsQ0FBQztZQUNELFlBQVksQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUM7WUFDMUIsSUFBSSxVQUFtQixDQUFDO1lBQ3hCLElBQUksQ0FBQztnQkFDSCxVQUFVLEdBQUcsTUFBTSxNQUFNLENBQUMscUJBQXFCLENBQUMsWUFBWSxDQUFDLENBQUM7WUFDaEUsQ0FBQztZQUFDLE9BQU8sQ0FBTSxFQUFFLENBQUM7Z0JBQ2hCLDJEQUEyRDtnQkFDM0QsSUFBQSxpQkFBTyxFQUFDLHlCQUF5QixNQUFNLENBQUMsSUFBSSxLQUFLLElBQUEseUJBQWtCLEVBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDO2dCQUMxRSxVQUFVLEdBQUcsS0FBSyxDQUFDO1lBQ3JCLENBQUM7WUFDRCxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7Z0JBQ2hCLFNBQVM7WUFDWCxDQUFDO1lBQ0QsSUFBQSxlQUFLLEVBQUMsU0FBUyxNQUFNLENBQUMsSUFBSSw0QkFBNEIsWUFBWSxFQUFFLENBQUMsQ0FBQztZQUV0RSxPQUFPO2dCQUNMLFdBQVcsRUFBRSxNQUFNLG9CQUFvQixDQUFDLEdBQUcsRUFBRSxDQUFDLE1BQU0sQ0FBQyxXQUFXLENBQUMsWUFBWSxFQUFFLElBQStCLEVBQUU7b0JBQzlHLG1CQUFtQixFQUFFLElBQUk7aUJBQzFCLENBQUMsQ0FBQztnQkFDSCxVQUFVLEVBQUUsTUFBTSxDQUFDLElBQUk7YUFDeEIsQ0FBQztRQUNKLENBQUM7UUFDRCxPQUFPLFNBQVMsQ0FBQztJQUNuQixDQUFDO0NBQ0Y7QUE1REQsOENBNERDO0FBaUJEOzs7Ozs7Ozs7Ozs7OztHQWNHO0FBQ0gsS0FBSyxVQUFVLG9CQUFvQixDQUFDLFFBQTZDO0lBQy9FLE1BQU0sT0FBTyxHQUFHLE1BQU0sUUFBUSxFQUFFLENBQUM7SUFFakMsSUFBSSxZQUFZLENBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztRQUMxQixtQ0FBbUM7UUFDbkMsT0FBTyxJQUFBLHNDQUFtQixFQUFDLE9BQU8sQ0FBQyxDQUFDO0lBQ3RDLENBQUM7U0FBTSxJQUFJLGVBQWUsQ0FBQyxPQUFPLENBQUMsSUFBSSxPQUFPLENBQUMsVUFBVSxLQUFLLFNBQVMsRUFBRSxDQUFDO1FBQ3hFLDREQUE0RDtRQUM1RCxPQUFPLEdBQUcsRUFBRSxDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLENBQUM7SUFDeEMsQ0FBQztTQUFNLElBQUksZUFBZSxDQUFDLE9BQU8sQ0FBQyxJQUFJLE9BQU8sQ0FBQyxVQUFVLEtBQUssU0FBUyxFQUFFLENBQUM7UUFDeEUseURBQXlEO1FBQ3pELE9BQU8seUJBQXlCLENBQUMsT0FBTyxFQUFFLFFBQVEsQ0FBQyxDQUFDO0lBQ3RELENBQUM7U0FBTSxJQUFJLGVBQWUsQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1FBQ3BDLG1EQUFtRDtRQUNuRCxPQUFPLDJCQUEyQixDQUFDLE9BQU8sQ0FBQyxDQUFDO0lBQzlDLENBQUM7U0FBTSxDQUFDO1FBQ04sTUFBTSxJQUFJLHlCQUFtQixDQUFDLGtFQUFrRSxJQUFBLGNBQU8sRUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDLENBQUM7SUFDdEgsQ0FBQztBQUNILENBQUM7QUFFRDs7R0FFRztBQUNILFNBQVMsMkJBQTJCLENBQUMsQ0FBNkI7SUFDaEUsT0FBTyxLQUFLLElBQUksRUFBRTtRQUNoQix5Q0FBeUM7UUFDekMsTUFBTSxDQUFDLENBQUMsVUFBVSxFQUFFLENBQUM7UUFFckIsT0FBTztZQUNMLFdBQVcsRUFBRSxDQUFDLENBQUMsV0FBVztZQUMxQixlQUFlLEVBQUUsQ0FBQyxDQUFDLGVBQWU7WUFDbEMsWUFBWSxFQUFFLENBQUMsQ0FBQyxZQUFZO1lBQzVCLFVBQVUsRUFBRSxDQUFDLENBQUMsVUFBVSxJQUFJLFNBQVM7U0FDdEMsQ0FBQztJQUNKLENBQUMsQ0FBQztBQUNKLENBQUM7QUFFRCxTQUFTLHlCQUF5QixDQUFDLE9BQThCLEVBQUUsUUFBNkM7SUFDOUcsT0FBTyxLQUFLLElBQUksRUFBRTtRQUNoQixJQUFJLElBQUEsMkNBQXdCLEVBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztZQUN0QyxNQUFNLFFBQVEsR0FBRyxNQUFNLFFBQVEsRUFBRSxDQUFDO1lBQ2xDLElBQUksQ0FBQyxlQUFlLENBQUMsUUFBUSxDQUFDLEVBQUUsQ0FBQztnQkFDL0IsTUFBTSxJQUFJLHlCQUFtQixDQUFDLG9GQUFvRixJQUFBLGNBQU8sRUFBQyxRQUFRLENBQUMsRUFBRSxDQUFDLENBQUM7WUFDekksQ0FBQztZQUNELE9BQU8sR0FBRyxRQUFRLENBQUM7UUFDckIsQ0FBQztRQUNELE9BQU8sT0FBTyxDQUFDO0lBQ2pCLENBQUMsQ0FBQztBQUNKLENBQUM7QUFFRCxTQUFTLFlBQVksQ0FBQyxDQUF1QjtJQUMzQyxPQUFPLE9BQU8sQ0FBQyxLQUFLLFVBQVUsQ0FBQztBQUNqQyxDQUFDO0FBRUQsU0FBUyxlQUFlLENBQUMsQ0FBdUI7SUFDOUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxDQUFDLElBQUksT0FBTyxDQUFDLEtBQUssUUFBUSxJQUFLLENBQWdDLENBQUMsVUFBVSxDQUFDLENBQUM7QUFDeEYsQ0FBQztBQUVELFNBQVMsZUFBZSxDQUFDLENBQXVCO0lBQzlDLE9BQU8sQ0FBQyxDQUFDLENBQUMsQ0FBQyxJQUFJLE9BQU8sQ0FBQyxLQUFLLFFBQVEsSUFBSSxDQUFDLENBQUMsV0FBVyxJQUFJLENBQUMsZUFBZSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7QUFDaEYsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IGluc3BlY3QgfSBmcm9tICd1dGlsJztcbmltcG9ydCB0eXBlIHsgQ3JlZGVudGlhbFByb3ZpZGVyU291cmNlLCBGb3JSZWFkaW5nLCBGb3JXcml0aW5nLCBQbHVnaW5Qcm92aWRlclJlc3VsdCwgU0RLdjJDb21wYXRpYmxlQ3JlZGVudGlhbHMsIFNES3YzQ29tcGF0aWJsZUNyZWRlbnRpYWxQcm92aWRlciwgU0RLdjNDb21wYXRpYmxlQ3JlZGVudGlhbHMgfSBmcm9tICdAYXdzLWNkay9jbGktcGx1Z2luLWNvbnRyYWN0JztcbmltcG9ydCB0eXBlIHsgQXdzQ3JlZGVudGlhbElkZW50aXR5LCBBd3NDcmVkZW50aWFsSWRlbnRpdHlQcm92aWRlciB9IGZyb20gJ0BzbWl0aHkvdHlwZXMnO1xuaW1wb3J0IHsgY3JlZGVudGlhbHNBYm91dFRvRXhwaXJlLCBtYWtlQ2FjaGluZ1Byb3ZpZGVyIH0gZnJvbSAnLi9wcm92aWRlci1jYWNoaW5nJztcbmltcG9ydCB7IEF1dGhlbnRpY2F0aW9uRXJyb3IgfSBmcm9tICcuLi8uLi8uLi8uLi9AYXdzLWNkay90bXAtdG9vbGtpdC1oZWxwZXJzL3NyYy9hcGknO1xuaW1wb3J0IHsgZGVidWcsIHdhcm5pbmcgfSBmcm9tICcuLi8uLi9sb2dnaW5nJztcbmltcG9ydCB7IGZvcm1hdEVycm9yTWVzc2FnZSB9IGZyb20gJy4uLy4uL3V0aWwnO1xuaW1wb3J0IHR5cGUgeyBNb2RlIH0gZnJvbSAnLi4vcGx1Z2luL21vZGUnO1xuaW1wb3J0IHsgUGx1Z2luSG9zdCB9IGZyb20gJy4uL3BsdWdpbi9wbHVnaW4nO1xuXG4vKipcbiAqIENhY2hlIGZvciBjcmVkZW50aWFsIHByb3ZpZGVycy5cbiAqXG4gKiBHaXZlbiBhbiBhY2NvdW50IGFuZCBhbiBvcGVyYXRpbmcgbW9kZSAocmVhZCBvciB3cml0ZSkgd2lsbCByZXR1cm4gYW5cbiAqIGFwcHJvcHJpYXRlIGNyZWRlbnRpYWwgcHJvdmlkZXIgZm9yIGNyZWRlbnRpYWxzIGZvciB0aGUgZ2l2ZW4gYWNjb3VudC4gVGhlXG4gKiBjcmVkZW50aWFsIHByb3ZpZGVyIHdpbGwgYmUgY2FjaGVkIHNvIHRoYXQgbXVsdGlwbGUgQVdTIGNsaWVudHMgZm9yIHRoZSBzYW1lXG4gKiBlbnZpcm9ubWVudCB3aWxsIG5vdCBtYWtlIG11bHRpcGxlIG5ldHdvcmsgY2FsbHMgdG8gb2J0YWluIGNyZWRlbnRpYWxzLlxuICpcbiAqIFdpbGwgdXNlIGRlZmF1bHQgY3JlZGVudGlhbHMgaWYgdGhleSBhcmUgZm9yIHRoZSByaWdodCBhY2NvdW50OyBvdGhlcndpc2UsXG4gKiBhbGwgbG9hZGVkIGNyZWRlbnRpYWwgcHJvdmlkZXIgcGx1Z2lucyB3aWxsIGJlIHRyaWVkIHRvIG9idGFpbiBjcmVkZW50aWFsc1xuICogZm9yIHRoZSBnaXZlbiBhY2NvdW50LlxuICovXG5leHBvcnQgY2xhc3MgQ3JlZGVudGlhbFBsdWdpbnMge1xuICBwcml2YXRlIHJlYWRvbmx5IGNhY2hlOiB7IFtrZXk6IHN0cmluZ106IFBsdWdpbkNyZWRlbnRpYWxzRmV0Y2hSZXN1bHQgfCB1bmRlZmluZWQgfSA9IHt9O1xuICBwcml2YXRlIHJlYWRvbmx5IGhvc3Q6IFBsdWdpbkhvc3Q7XG5cbiAgY29uc3RydWN0b3IoaG9zdD86IFBsdWdpbkhvc3QpIHtcbiAgICB0aGlzLmhvc3QgPSBob3N0ID8/IFBsdWdpbkhvc3QuaW5zdGFuY2U7XG4gIH1cblxuICBwdWJsaWMgYXN5bmMgZmV0Y2hDcmVkZW50aWFsc0Zvcihhd3NBY2NvdW50SWQ6IHN0cmluZywgbW9kZTogTW9kZSk6IFByb21pc2U8UGx1Z2luQ3JlZGVudGlhbHNGZXRjaFJlc3VsdCB8IHVuZGVmaW5lZD4ge1xuICAgIGNvbnN0IGtleSA9IGAke2F3c0FjY291bnRJZH0tJHttb2RlfWA7XG4gICAgaWYgKCEoa2V5IGluIHRoaXMuY2FjaGUpKSB7XG4gICAgICB0aGlzLmNhY2hlW2tleV0gPSBhd2FpdCB0aGlzLmxvb2t1cENyZWRlbnRpYWxzKGF3c0FjY291bnRJZCwgbW9kZSk7XG4gICAgfVxuICAgIHJldHVybiB0aGlzLmNhY2hlW2tleV07XG4gIH1cblxuICBwdWJsaWMgZ2V0IGF2YWlsYWJsZVBsdWdpbk5hbWVzKCk6IHN0cmluZ1tdIHtcbiAgICByZXR1cm4gdGhpcy5ob3N0LmNyZWRlbnRpYWxQcm92aWRlclNvdXJjZXMubWFwKChzKSA9PiBzLm5hbWUpO1xuICB9XG5cbiAgcHJpdmF0ZSBhc3luYyBsb29rdXBDcmVkZW50aWFscyhhd3NBY2NvdW50SWQ6IHN0cmluZywgbW9kZTogTW9kZSk6IFByb21pc2U8UGx1Z2luQ3JlZGVudGlhbHNGZXRjaFJlc3VsdCB8IHVuZGVmaW5lZD4ge1xuICAgIGNvbnN0IHRyaWVkU291cmNlczogQ3JlZGVudGlhbFByb3ZpZGVyU291cmNlW10gPSBbXTtcbiAgICAvLyBPdGhlcndpc2UsIGluc3BlY3QgdGhlIHZhcmlvdXMgY3JlZGVudGlhbCBzb3VyY2VzIHdlIGhhdmVcbiAgICBmb3IgKGNvbnN0IHNvdXJjZSBvZiB0aGlzLmhvc3QuY3JlZGVudGlhbFByb3ZpZGVyU291cmNlcykge1xuICAgICAgbGV0IGF2YWlsYWJsZTogYm9vbGVhbjtcbiAgICAgIHRyeSB7XG4gICAgICAgIGF2YWlsYWJsZSA9IGF3YWl0IHNvdXJjZS5pc0F2YWlsYWJsZSgpO1xuICAgICAgfSBjYXRjaCAoZTogYW55KSB7XG4gICAgICAgIC8vIFRoaXMgc2hvdWxkbid0IGhhcHBlbiwgYnV0IGxldCdzIGd1YXJkIGFnYWluc3QgaXQgYW55d2F5XG4gICAgICAgIHdhcm5pbmcoYFVuY2F1Z2h0IGV4Y2VwdGlvbiBpbiAke3NvdXJjZS5uYW1lfTogJHtmb3JtYXRFcnJvck1lc3NhZ2UoZSl9YCk7XG4gICAgICAgIGF2YWlsYWJsZSA9IGZhbHNlO1xuICAgICAgfVxuXG4gICAgICBpZiAoIWF2YWlsYWJsZSkge1xuICAgICAgICBkZWJ1ZygnQ3JlZGVudGlhbHMgc291cmNlICVzIGlzIG5vdCBhdmFpbGFibGUsIGlnbm9yaW5nIGl0LicsIHNvdXJjZS5uYW1lKTtcbiAgICAgICAgY29udGludWU7XG4gICAgICB9XG4gICAgICB0cmllZFNvdXJjZXMucHVzaChzb3VyY2UpO1xuICAgICAgbGV0IGNhblByb3ZpZGU6IGJvb2xlYW47XG4gICAgICB0cnkge1xuICAgICAgICBjYW5Qcm92aWRlID0gYXdhaXQgc291cmNlLmNhblByb3ZpZGVDcmVkZW50aWFscyhhd3NBY2NvdW50SWQpO1xuICAgICAgfSBjYXRjaCAoZTogYW55KSB7XG4gICAgICAgIC8vIFRoaXMgc2hvdWxkbid0IGhhcHBlbiwgYnV0IGxldCdzIGd1YXJkIGFnYWluc3QgaXQgYW55d2F5XG4gICAgICAgIHdhcm5pbmcoYFVuY2F1Z2h0IGV4Y2VwdGlvbiBpbiAke3NvdXJjZS5uYW1lfTogJHtmb3JtYXRFcnJvck1lc3NhZ2UoZSl9YCk7XG4gICAgICAgIGNhblByb3ZpZGUgPSBmYWxzZTtcbiAgICAgIH1cbiAgICAgIGlmICghY2FuUHJvdmlkZSkge1xuICAgICAgICBjb250aW51ZTtcbiAgICAgIH1cbiAgICAgIGRlYnVnKGBVc2luZyAke3NvdXJjZS5uYW1lfSBjcmVkZW50aWFscyBmb3IgYWNjb3VudCAke2F3c0FjY291bnRJZH1gKTtcblxuICAgICAgcmV0dXJuIHtcbiAgICAgICAgY3JlZGVudGlhbHM6IGF3YWl0IHYzUHJvdmlkZXJGcm9tUGx1Z2luKCgpID0+IHNvdXJjZS5nZXRQcm92aWRlcihhd3NBY2NvdW50SWQsIG1vZGUgYXMgRm9yUmVhZGluZyB8IEZvcldyaXRpbmcsIHtcbiAgICAgICAgICBzdXBwb3J0c1YzUHJvdmlkZXJzOiB0cnVlLFxuICAgICAgICB9KSksXG4gICAgICAgIHBsdWdpbk5hbWU6IHNvdXJjZS5uYW1lLFxuICAgICAgfTtcbiAgICB9XG4gICAgcmV0dXJuIHVuZGVmaW5lZDtcbiAgfVxufVxuXG4vKipcbiAqIFJlc3VsdCBmcm9tIHRyeWluZyB0byBmZXRjaCBjcmVkZW50aWFscyBmcm9tIHRoZSBQbHVnaW4gaG9zdFxuICovXG5leHBvcnQgaW50ZXJmYWNlIFBsdWdpbkNyZWRlbnRpYWxzRmV0Y2hSZXN1bHQge1xuICAvKipcbiAgICogU0RLLXYzIGNvbXBhdGlibGUgY3JlZGVudGlhbCBwcm92aWRlclxuICAgKi9cbiAgcmVhZG9ubHkgY3JlZGVudGlhbHM6IEF3c0NyZWRlbnRpYWxJZGVudGl0eVByb3ZpZGVyO1xuXG4gIC8qKlxuICAgKiBOYW1lIG9mIHBsdWdpbiB0aGF0IHN1Y2Nlc3NmdWxseSBwcm92aWRlZCBjcmVkZW50aWFsc1xuICAgKi9cbiAgcmVhZG9ubHkgcGx1Z2luTmFtZTogc3RyaW5nO1xufVxuXG4vKipcbiAqIFRha2UgYSBmdW5jdGlvbiB0aGF0IGNhbGxzIHRoZSBwbHVnaW4sIGFuZCB0dXJuIGl0IGludG8gYW4gU0RLdjMtY29tcGF0aWJsZSBjcmVkZW50aWFsIHByb3ZpZGVyLlxuICpcbiAqIFdoYXQgd2Ugd2lsbCBkbyBpcyB0aGUgZm9sbG93aW5nOlxuICpcbiAqIC0gUXVlcnkgdGhlIHBsdWdpbiBhbmQgc2VlIHdoYXQga2luZCBvZiByZXN1bHQgaXQgZ2l2ZXMgdXMuXG4gKiAtIElmIHRoZSByZXN1bHQgaXMgc2VsZi1yZWZyZXNoaW5nIG9yIGRvZXNuJ3QgbmVlZCByZWZyZXNoaW5nLCB3ZSB0dXJuIGl0IGludG8gYW4gU0RLdjMgcHJvdmlkZXJcbiAqICAgYW5kIHJldHVybiBpdCBkaXJlY3RseS5cbiAqICAgKiBJZiB0aGUgdW5kZXJseWluZyByZXR1cm4gdmFsdWUgaXMgYSBwcm92aWRlciwgd2Ugd2lsbCBtYWtlIGl0IGEgY2FjaGluZyBwcm92aWRlclxuICogICAgIChiZWNhdXNlIHdlIGNhbid0IGtub3cgaWYgaXQgd2lsbCBjYWNoZSBieSBpdHNlbGYgb3Igbm90KS5cbiAqICAgKiBJZiB0aGUgdW5kZXJseWluZyByZXR1cm4gdmFsdWUgaXMgYSBzdGF0aWMgY3JlZGVudGlhbCwgY2FjaGluZyBpc24ndCByZWxldmFudC5cbiAqICAgKiBJZiB0aGUgdW5kZXJseWluZyByZXR1cm4gdmFsdWUgaXMgVjIgY3JlZGVudGlhbHMsIHRob3NlIGhhdmUgY2FjaGluZyBidWlsdC1pbi5cbiAqIC0gSWYgdGhlIHJlc3VsdCBpcyBhIHN0YXRpYyBjcmVkZW50aWFsIHRoYXQgZXhwaXJlcywgd2Ugd2lsbCB3cmFwIGl0IGluIGFuIFNES3YzIHByb3ZpZGVyXG4gKiAgIHRoYXQgd2lsbCBxdWVyeSB0aGUgcGx1Z2luIGFnYWluIHdoZW4gdGhlIGNyZWRlbnRpYWwgZXhwaXJlcy5cbiAqL1xuYXN5bmMgZnVuY3Rpb24gdjNQcm92aWRlckZyb21QbHVnaW4ocHJvZHVjZXI6ICgpID0+IFByb21pc2U8UGx1Z2luUHJvdmlkZXJSZXN1bHQ+KTogUHJvbWlzZTxBd3NDcmVkZW50aWFsSWRlbnRpdHlQcm92aWRlcj4ge1xuICBjb25zdCBpbml0aWFsID0gYXdhaXQgcHJvZHVjZXIoKTtcblxuICBpZiAoaXNWM1Byb3ZpZGVyKGluaXRpYWwpKSB7XG4gICAgLy8gQWxyZWFkeSBhIHByb3ZpZGVyLCBtYWtlIGNhY2hpbmdcbiAgICByZXR1cm4gbWFrZUNhY2hpbmdQcm92aWRlcihpbml0aWFsKTtcbiAgfSBlbHNlIGlmIChpc1YzQ3JlZGVudGlhbHMoaW5pdGlhbCkgJiYgaW5pdGlhbC5leHBpcmF0aW9uID09PSB1bmRlZmluZWQpIHtcbiAgICAvLyBTdGF0aWMgY3JlZGVudGlhbHMgdGhhdCBkb24ndCBuZWVkIHJlZnJlc2hpbmcgbm9yIGNhY2hpbmdcbiAgICByZXR1cm4gKCkgPT4gUHJvbWlzZS5yZXNvbHZlKGluaXRpYWwpO1xuICB9IGVsc2UgaWYgKGlzVjNDcmVkZW50aWFscyhpbml0aWFsKSAmJiBpbml0aWFsLmV4cGlyYXRpb24gIT09IHVuZGVmaW5lZCkge1xuICAgIC8vIFN0YXRpYyBjcmVkZW50aWFscyB0aGF0IGRvIG5lZWQgcmVmcmVzaGluZyBhbmQgY2FjaGluZ1xuICAgIHJldHVybiByZWZyZXNoRnJvbVBsdWdpblByb3ZpZGVyKGluaXRpYWwsIHByb2R1Y2VyKTtcbiAgfSBlbHNlIGlmIChpc1YyQ3JlZGVudGlhbHMoaW5pdGlhbCkpIHtcbiAgICAvLyBWMiBjcmVkZW50aWFscyB0aGF0IHJlZnJlc2ggYW5kIGNhY2hlIHRoZW1zZWx2ZXNcbiAgICByZXR1cm4gdjNQcm92aWRlckZyb21WMkNyZWRlbnRpYWxzKGluaXRpYWwpO1xuICB9IGVsc2Uge1xuICAgIHRocm93IG5ldyBBdXRoZW50aWNhdGlvbkVycm9yKGBQbHVnaW4gcmV0dXJuZWQgYSB2YWx1ZSB0aGF0IGRvZXNuJ3QgcmVzZW1ibGUgQVdTIGNyZWRlbnRpYWxzOiAke2luc3BlY3QoaW5pdGlhbCl9YCk7XG4gIH1cbn1cblxuLyoqXG4gKiBDb252ZXJ0cyBhIFYyIGNyZWRlbnRpYWwgaW50byBhIFYzLWNvbXBhdGlibGUgcHJvdmlkZXJcbiAqL1xuZnVuY3Rpb24gdjNQcm92aWRlckZyb21WMkNyZWRlbnRpYWxzKHg6IFNES3YyQ29tcGF0aWJsZUNyZWRlbnRpYWxzKTogQXdzQ3JlZGVudGlhbElkZW50aXR5UHJvdmlkZXIge1xuICByZXR1cm4gYXN5bmMgKCkgPT4ge1xuICAgIC8vIEdldCB3aWxsIGZldGNoIG9yIHJlZnJlc2ggYXMgbmVjZXNzYXJ5XG4gICAgYXdhaXQgeC5nZXRQcm9taXNlKCk7XG5cbiAgICByZXR1cm4ge1xuICAgICAgYWNjZXNzS2V5SWQ6IHguYWNjZXNzS2V5SWQsXG4gICAgICBzZWNyZXRBY2Nlc3NLZXk6IHguc2VjcmV0QWNjZXNzS2V5LFxuICAgICAgc2Vzc2lvblRva2VuOiB4LnNlc3Npb25Ub2tlbixcbiAgICAgIGV4cGlyYXRpb246IHguZXhwaXJlVGltZSA/PyB1bmRlZmluZWQsXG4gICAgfTtcbiAgfTtcbn1cblxuZnVuY3Rpb24gcmVmcmVzaEZyb21QbHVnaW5Qcm92aWRlcihjdXJyZW50OiBBd3NDcmVkZW50aWFsSWRlbnRpdHksIHByb2R1Y2VyOiAoKSA9PiBQcm9taXNlPFBsdWdpblByb3ZpZGVyUmVzdWx0Pik6IEF3c0NyZWRlbnRpYWxJZGVudGl0eVByb3ZpZGVyIHtcbiAgcmV0dXJuIGFzeW5jICgpID0+IHtcbiAgICBpZiAoY3JlZGVudGlhbHNBYm91dFRvRXhwaXJlKGN1cnJlbnQpKSB7XG4gICAgICBjb25zdCBuZXdDcmVkcyA9IGF3YWl0IHByb2R1Y2VyKCk7XG4gICAgICBpZiAoIWlzVjNDcmVkZW50aWFscyhuZXdDcmVkcykpIHtcbiAgICAgICAgdGhyb3cgbmV3IEF1dGhlbnRpY2F0aW9uRXJyb3IoYFBsdWdpbiBpbml0aWFsbHkgcmV0dXJuZWQgc3RhdGljIFYzIGNyZWRlbnRpYWxzIGJ1dCBub3cgcmV0dXJuZWQgc29tZXRoaW5nIGVsc2U6ICR7aW5zcGVjdChuZXdDcmVkcyl9YCk7XG4gICAgICB9XG4gICAgICBjdXJyZW50ID0gbmV3Q3JlZHM7XG4gICAgfVxuICAgIHJldHVybiBjdXJyZW50O1xuICB9O1xufVxuXG5mdW5jdGlvbiBpc1YzUHJvdmlkZXIoeDogUGx1Z2luUHJvdmlkZXJSZXN1bHQpOiB4IGlzIFNES3YzQ29tcGF0aWJsZUNyZWRlbnRpYWxQcm92aWRlciB7XG4gIHJldHVybiB0eXBlb2YgeCA9PT0gJ2Z1bmN0aW9uJztcbn1cblxuZnVuY3Rpb24gaXNWMkNyZWRlbnRpYWxzKHg6IFBsdWdpblByb3ZpZGVyUmVzdWx0KTogeCBpcyBTREt2MkNvbXBhdGlibGVDcmVkZW50aWFscyB7XG4gIHJldHVybiAhISh4ICYmIHR5cGVvZiB4ID09PSAnb2JqZWN0JyAmJiAoeCBhcyBTREt2MkNvbXBhdGlibGVDcmVkZW50aWFscykuZ2V0UHJvbWlzZSk7XG59XG5cbmZ1bmN0aW9uIGlzVjNDcmVkZW50aWFscyh4OiBQbHVnaW5Qcm92aWRlclJlc3VsdCk6IHggaXMgU0RLdjNDb21wYXRpYmxlQ3JlZGVudGlhbHMge1xuICByZXR1cm4gISEoeCAmJiB0eXBlb2YgeCA9PT0gJ29iamVjdCcgJiYgeC5hY2Nlc3NLZXlJZCAmJiAhaXNWMkNyZWRlbnRpYWxzKHgpKTtcbn1cbiJdfQ==

package/lib/api/aws-auth/index.d.ts

@@ -1,3 +0,0 @@
-export * from './sdk';
-export * from './sdk-provider';
-export * from './sdk-logger';

package/lib/api/aws-auth/index.js

@@ -1,20 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __exportStar = (this && this.__exportStar) || function(m, exports) {
-    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-__exportStar(require("./sdk"), exports);
-__exportStar(require("./sdk-provider"), exports);
-__exportStar(require("./sdk-logger"), exports);
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJpbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsd0NBQXNCO0FBQ3RCLGlEQUErQjtBQUMvQiwrQ0FBNkIiLCJzb3VyY2VzQ29udGVudCI6WyJleHBvcnQgKiBmcm9tICcuL3Nkayc7XG5leHBvcnQgKiBmcm9tICcuL3Nkay1wcm92aWRlcic7XG5leHBvcnQgKiBmcm9tICcuL3Nkay1sb2dnZXInO1xuIl19

package/lib/api/aws-auth/provider-caching.d.ts

@@ -1,13 +0,0 @@
-import type { AwsCredentialIdentity, AwsCredentialIdentityProvider } from '@smithy/types';
-/**
- * Wrap a credential provider in a cache
- *
- * Some credential providers in the SDKv3 are cached (the default Node
- * chain, specifically) but most others are not.
- *
- * Since we want to avoid duplicate calls to `AssumeRole`, or duplicate
- * MFA prompts or what have you, we are going to liberally wrap providers
- * in caches which will return the cached value until it expires.
- */
-export declare function makeCachingProvider(provider: AwsCredentialIdentityProvider): AwsCredentialIdentityProvider;
-export declare function credentialsAboutToExpire(token: AwsCredentialIdentity): boolean;

package/lib/api/aws-auth/provider-caching.js

@@ -1,24 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.makeCachingProvider = makeCachingProvider;
-exports.credentialsAboutToExpire = credentialsAboutToExpire;
-const property_provider_1 = require("@smithy/property-provider");
-/**
- * Wrap a credential provider in a cache
- *
- * Some credential providers in the SDKv3 are cached (the default Node
- * chain, specifically) but most others are not.
- *
- * Since we want to avoid duplicate calls to `AssumeRole`, or duplicate
- * MFA prompts or what have you, we are going to liberally wrap providers
- * in caches which will return the cached value until it expires.
- */
-function makeCachingProvider(provider) {
-    return (0, property_provider_1.memoize)(provider, credentialsAboutToExpire, (token) => !!token.expiration);
-}
-function credentialsAboutToExpire(token) {
-    const expiryMarginSecs = 5;
-    // token.expiration is sometimes null
-    return !!token.expiration && token.expiration.getTime() - Date.now() < expiryMarginSecs * 1000;
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicHJvdmlkZXItY2FjaGluZy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbInByb3ZpZGVyLWNhY2hpbmcudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFhQSxrREFNQztBQUVELDREQUlDO0FBekJELGlFQUFvRDtBQUdwRDs7Ozs7Ozs7O0dBU0c7QUFDSCxTQUFnQixtQkFBbUIsQ0FBQyxRQUF1QztJQUN6RSxPQUFPLElBQUEsMkJBQU8sRUFDWixRQUFRLEVBQ1Isd0JBQXdCLEVBQ3hCLENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLFVBQVUsQ0FDOUIsQ0FBQztBQUNKLENBQUM7QUFFRCxTQUFnQix3QkFBd0IsQ0FBQyxLQUE0QjtJQUNuRSxNQUFNLGdCQUFnQixHQUFHLENBQUMsQ0FBQztJQUMzQixxQ0FBcUM7SUFDckMsT0FBTyxDQUFDLENBQUMsS0FBSyxDQUFDLFVBQVUsSUFBSSxLQUFLLENBQUMsVUFBVSxDQUFDLE9BQU8sRUFBRSxHQUFHLElBQUksQ0FBQyxHQUFHLEVBQUUsR0FBRyxnQkFBZ0IsR0FBRyxJQUFJLENBQUM7QUFDakcsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IG1lbW9pemUgfSBmcm9tICdAc21pdGh5L3Byb3BlcnR5LXByb3ZpZGVyJztcbmltcG9ydCB0eXBlIHsgQXdzQ3JlZGVudGlhbElkZW50aXR5LCBBd3NDcmVkZW50aWFsSWRlbnRpdHlQcm92aWRlciB9IGZyb20gJ0BzbWl0aHkvdHlwZXMnO1xuXG4vKipcbiAqIFdyYXAgYSBjcmVkZW50aWFsIHByb3ZpZGVyIGluIGEgY2FjaGVcbiAqXG4gKiBTb21lIGNyZWRlbnRpYWwgcHJvdmlkZXJzIGluIHRoZSBTREt2MyBhcmUgY2FjaGVkICh0aGUgZGVmYXVsdCBOb2RlXG4gKiBjaGFpbiwgc3BlY2lmaWNhbGx5KSBidXQgbW9zdCBvdGhlcnMgYXJlIG5vdC5cbiAqXG4gKiBTaW5jZSB3ZSB3YW50IHRvIGF2b2lkIGR1cGxpY2F0ZSBjYWxscyB0byBgQXNzdW1lUm9sZWAsIG9yIGR1cGxpY2F0ZVxuICogTUZBIHByb21wdHMgb3Igd2hhdCBoYXZlIHlvdSwgd2UgYXJlIGdvaW5nIHRvIGxpYmVyYWxseSB3cmFwIHByb3ZpZGVyc1xuICogaW4gY2FjaGVzIHdoaWNoIHdpbGwgcmV0dXJuIHRoZSBjYWNoZWQgdmFsdWUgdW50aWwgaXQgZXhwaXJlcy5cbiAqL1xuZXhwb3J0IGZ1bmN0aW9uIG1ha2VDYWNoaW5nUHJvdmlkZXIocHJvdmlkZXI6IEF3c0NyZWRlbnRpYWxJZGVudGl0eVByb3ZpZGVyKTogQXdzQ3JlZGVudGlhbElkZW50aXR5UHJvdmlkZXIge1xuICByZXR1cm4gbWVtb2l6ZShcbiAgICBwcm92aWRlcixcbiAgICBjcmVkZW50aWFsc0Fib3V0VG9FeHBpcmUsXG4gICAgKHRva2VuKSA9PiAhIXRva2VuLmV4cGlyYXRpb24sXG4gICk7XG59XG5cbmV4cG9ydCBmdW5jdGlvbiBjcmVkZW50aWFsc0Fib3V0VG9FeHBpcmUodG9rZW46IEF3c0NyZWRlbnRpYWxJZGVudGl0eSkge1xuICBjb25zdCBleHBpcnlNYXJnaW5TZWNzID0gNTtcbiAgLy8gdG9rZW4uZXhwaXJhdGlvbiBpcyBzb21ldGltZXMgbnVsbFxuICByZXR1cm4gISF0b2tlbi5leHBpcmF0aW9uICYmIHRva2VuLmV4cGlyYXRpb24uZ2V0VGltZSgpIC0gRGF0ZS5ub3coKSA8IGV4cGlyeU1hcmdpblNlY3MgKiAxMDAwO1xufVxuIl19

package/lib/api/aws-auth/sdk-logger.d.ts

@@ -1,69 +0,0 @@
-import type { Logger } from '@smithy/types';
-import type { IoHelper } from '../../../../@aws-cdk/tmp-toolkit-helpers/src/api/io/private';
-export declare class SdkToCliLogger implements Logger {
-    private readonly ioHelper;
-    constructor(ioHelper: IoHelper);
-    private notify;
-    trace(..._content: any[]): void;
-    debug(..._content: any[]): void;
-    /**
-     * Info is called mostly (exclusively?) for successful API calls
-     *
-     * Payload:
-     *
-     * (Note the input contains entire CFN templates, for example)
-     *
-     * ```
-     * {
-     *   clientName: 'S3Client',
-     *   commandName: 'GetBucketLocationCommand',
-     *   input: {
-     *     Bucket: '.....',
-     *     ExpectedBucketOwner: undefined
-     *   },
-     *   output: { LocationConstraint: 'eu-central-1' },
-     *   metadata: {
-     *     httpStatusCode: 200,
-     *     requestId: '....',
-     *     extendedRequestId: '...',
-     *     cfId: undefined,
-     *     attempts: 1,
-     *     totalRetryDelay: 0
-     *   }
-     * }
-     * ```
-     */
-    info(...content: any[]): void;
-    warn(...content: any[]): void;
-    /**
-     * Error is called mostly (exclusively?) for failing API calls
-     *
-     * Payload (input would be the entire API call arguments).
-     *
-     * ```
-     * {
-     *   clientName: 'STSClient',
-     *   commandName: 'GetCallerIdentityCommand',
-     *   input: {},
-     *   error: AggregateError [ECONNREFUSED]:
-     *       at internalConnectMultiple (node:net:1121:18)
-     *       at afterConnectMultiple (node:net:1688:7) {
-     *     code: 'ECONNREFUSED',
-     *     '$metadata': { attempts: 3, totalRetryDelay: 600 },
-     *     [errors]: [ [Error], [Error] ]
-     *   },
-     *   metadata: { attempts: 3, totalRetryDelay: 600 }
-     * }
-     * ```
-     */
-    error(...content: any[]): void;
-}
-/**
- * This can be anything.
- *
- * For debug, it seems to be mostly strings.
- * For info, it seems to be objects.
- *
- * Stringify and join without separator.
- */
-export declare function formatSdkLoggerContent(content: any[]): string;

package/lib/api/aws-auth/sdk-logger.js

@@ -1,124 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.SdkToCliLogger = void 0;
-exports.formatSdkLoggerContent = formatSdkLoggerContent;
-const util_1 = require("util");
-const private_1 = require("../../../../@aws-cdk/tmp-toolkit-helpers/src/api/io/private");
-const util_2 = require("../../util");
-class SdkToCliLogger {
-    constructor(ioHelper) {
-        this.ioHelper = ioHelper;
-    }
-    notify(level, ...content) {
-        void this.ioHelper.notify(private_1.IO.CDK_SDK_I0000.msg((0, util_1.format)('[SDK %s] %s', level, formatSdkLoggerContent(content))));
-    }
-    trace(..._content) {
-        // This is too much detail for our logs
-        // this.notify('trace', ...content);
-    }
-    debug(..._content) {
-        // This is too much detail for our logs
-        // this.notify('debug', ...content);
-    }
-    /**
-     * Info is called mostly (exclusively?) for successful API calls
-     *
-     * Payload:
-     *
-     * (Note the input contains entire CFN templates, for example)
-     *
-     * ```
-     * {
-     *   clientName: 'S3Client',
-     *   commandName: 'GetBucketLocationCommand',
-     *   input: {
-     *     Bucket: '.....',
-     *     ExpectedBucketOwner: undefined
-     *   },
-     *   output: { LocationConstraint: 'eu-central-1' },
-     *   metadata: {
-     *     httpStatusCode: 200,
-     *     requestId: '....',
-     *     extendedRequestId: '...',
-     *     cfId: undefined,
-     *     attempts: 1,
-     *     totalRetryDelay: 0
-     *   }
-     * }
-     * ```
-     */
-    info(...content) {
-        this.notify('info', ...content);
-    }
-    warn(...content) {
-        this.notify('warn', ...content);
-    }
-    /**
-     * Error is called mostly (exclusively?) for failing API calls
-     *
-     * Payload (input would be the entire API call arguments).
-     *
-     * ```
-     * {
-     *   clientName: 'STSClient',
-     *   commandName: 'GetCallerIdentityCommand',
-     *   input: {},
-     *   error: AggregateError [ECONNREFUSED]:
-     *       at internalConnectMultiple (node:net:1121:18)
-     *       at afterConnectMultiple (node:net:1688:7) {
-     *     code: 'ECONNREFUSED',
-     *     '$metadata': { attempts: 3, totalRetryDelay: 600 },
-     *     [errors]: [ [Error], [Error] ]
-     *   },
-     *   metadata: { attempts: 3, totalRetryDelay: 600 }
-     * }
-     * ```
-     */
-    error(...content) {
-        this.notify('error', ...content);
-    }
-}
-exports.SdkToCliLogger = SdkToCliLogger;
-/**
- * This can be anything.
- *
- * For debug, it seems to be mostly strings.
- * For info, it seems to be objects.
- *
- * Stringify and join without separator.
- */
-function formatSdkLoggerContent(content) {
-    if (content.length === 1) {
-        const apiFmt = formatApiCall(content[0]);
-        if (apiFmt) {
-            return apiFmt;
-        }
-    }
-    return content.map((x) => typeof x === 'string' ? x : (0, util_1.inspect)(x)).join('');
-}
-function formatApiCall(content) {
-    if (!isSdkApiCallSuccess(content) && !isSdkApiCallError(content)) {
-        return undefined;
-    }
-    const service = content.clientName.replace(/Client$/, '');
-    const api = content.commandName.replace(/Command$/, '');
-    const parts = [];
-    if ((content.metadata?.attempts ?? 0) > 1) {
-        parts.push(`[${content.metadata?.attempts} attempts, ${content.metadata?.totalRetryDelay}ms retry]`);
-    }
-    parts.push(`${service}.${api}(${JSON.stringify(content.input, util_2.replacerBufferWithInfo)})`);
-    if (isSdkApiCallSuccess(content)) {
-        parts.push('-> OK');
-    }
-    else {
-        parts.push(`-> ${content.error}`);
-    }
-    return parts.join(' ');
-}
-function isSdkApiCallSuccess(x) {
-    return x && typeof x === 'object' && x.commandName && x.output;
-}
-function isSdkApiCallError(x) {
-    return x && typeof x === 'object' && x.commandName && x.error;
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2RrLWxvZ2dlci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbInNkay1sb2dnZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBZ0dBLHdEQVFDO0FBeEdELCtCQUF1QztBQUd2Qyx5RkFBaUY7QUFDakYscUNBQW9EO0FBRXBELE1BQWEsY0FBYztJQUd6QixZQUFtQixRQUFrQjtRQUNuQyxJQUFJLENBQUMsUUFBUSxHQUFHLFFBQVEsQ0FBQztJQUMzQixDQUFDO0lBRU8sTUFBTSxDQUFDLEtBQTBDLEVBQUUsR0FBRyxPQUFjO1FBQzFFLEtBQUssSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsWUFBRSxDQUFDLGFBQWEsQ0FBQyxHQUFHLENBQUMsSUFBQSxhQUFNLEVBQUMsYUFBYSxFQUFFLEtBQUssRUFBRSxzQkFBc0IsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztJQUNqSCxDQUFDO0lBRU0sS0FBSyxDQUFDLEdBQUcsUUFBZTtRQUM3Qix1Q0FBdUM7UUFDdkMsb0NBQW9DO0lBQ3RDLENBQUM7SUFFTSxLQUFLLENBQUMsR0FBRyxRQUFlO1FBQzdCLHVDQUF1QztRQUN2QyxvQ0FBb0M7SUFDdEMsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztPQTBCRztJQUNJLElBQUksQ0FBQyxHQUFHLE9BQWM7UUFDM0IsSUFBSSxDQUFDLE1BQU0sQ0FBQyxNQUFNLEVBQUUsR0FBRyxPQUFPLENBQUMsQ0FBQztJQUNsQyxDQUFDO0lBRU0sSUFBSSxDQUFDLEdBQUcsT0FBYztRQUMzQixJQUFJLENBQUMsTUFBTSxDQUFDLE1BQU0sRUFBRSxHQUFHLE9BQU8sQ0FBQyxDQUFDO0lBQ2xDLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7T0FvQkc7SUFDSSxLQUFLLENBQUMsR0FBRyxPQUFjO1FBQzVCLElBQUksQ0FBQyxNQUFNLENBQUMsT0FBTyxFQUFFLEdBQUcsT0FBTyxDQUFDLENBQUM7SUFDbkMsQ0FBQztDQUNGO0FBaEZELHdDQWdGQztBQUVEOzs7Ozs7O0dBT0c7QUFDSCxTQUFnQixzQkFBc0IsQ0FBQyxPQUFjO0lBQ25ELElBQUksT0FBTyxDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQztRQUN6QixNQUFNLE1BQU0sR0FBRyxhQUFhLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDekMsSUFBSSxNQUFNLEVBQUUsQ0FBQztZQUNYLE9BQU8sTUFBTSxDQUFDO1FBQ2hCLENBQUM7SUFDSCxDQUFDO0lBQ0QsT0FBTyxPQUFPLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxPQUFPLENBQUMsS0FBSyxRQUFRLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsSUFBQSxjQUFPLEVBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLENBQUM7QUFDN0UsQ0FBQztBQUVELFNBQVMsYUFBYSxDQUFDLE9BQVk7SUFDakMsSUFBSSxDQUFDLG1CQUFtQixDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztRQUNqRSxPQUFPLFNBQVMsQ0FBQztJQUNuQixDQUFDO0lBRUQsTUFBTSxPQUFPLEdBQUcsT0FBTyxDQUFDLFVBQVUsQ0FBQyxPQUFPLENBQUMsU0FBUyxFQUFFLEVBQUUsQ0FBQyxDQUFDO0lBQzFELE1BQU0sR0FBRyxHQUFHLE9BQU8sQ0FBQyxXQUFXLENBQUMsT0FBTyxDQUFDLFVBQVUsRUFBRSxFQUFFLENBQUMsQ0FBQztJQUV4RCxNQUFNLEtBQUssR0FBRyxFQUFFLENBQUM7SUFDakIsSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLEVBQUUsUUFBUSxJQUFJLENBQUMsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDO1FBQzFDLEtBQUssQ0FBQyxJQUFJLENBQUMsSUFBSSxPQUFPLENBQUMsUUFBUSxFQUFFLFFBQVEsY0FBYyxPQUFPLENBQUMsUUFBUSxFQUFFLGVBQWUsV0FBVyxDQUFDLENBQUM7SUFDdkcsQ0FBQztJQUVELEtBQUssQ0FBQyxJQUFJLENBQUMsR0FBRyxPQUFPLElBQUksR0FBRyxJQUFJLElBQUksQ0FBQyxTQUFTLENBQUMsT0FBTyxDQUFDLEtBQUssRUFBRSw2QkFBc0IsQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUUxRixJQUFJLG1CQUFtQixDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7UUFDakMsS0FBSyxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQztJQUN0QixDQUFDO1NBQU0sQ0FBQztRQUNOLEtBQUssQ0FBQyxJQUFJLENBQUMsTUFBTSxPQUFPLENBQUMsS0FBSyxFQUFFLENBQUMsQ0FBQztJQUNwQyxDQUFDO0lBRUQsT0FBTyxLQUFLLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDO0FBQ3pCLENBQUM7QUFtQkQsU0FBUyxtQkFBbUIsQ0FBQyxDQUFNO0lBQ2pDLE9BQU8sQ0FBQyxJQUFJLE9BQU8sQ0FBQyxLQUFLLFFBQVEsSUFBSSxDQUFDLENBQUMsV0FBVyxJQUFJLENBQUMsQ0FBQyxNQUFNLENBQUM7QUFDakUsQ0FBQztBQUVELFNBQVMsaUJBQWlCLENBQUMsQ0FBTTtJQUMvQixPQUFPLENBQUMsSUFBSSxPQUFPLENBQUMsS0FBSyxRQUFRLElBQUksQ0FBQyxDQUFDLFdBQVcsSUFBSSxDQUFDLENBQUMsS0FBSyxDQUFDO0FBQ2hFLENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBpbnNwZWN0LCBmb3JtYXQgfSBmcm9tICd1dGlsJztcbmltcG9ydCB0eXBlIHsgTG9nZ2VyIH0gZnJvbSAnQHNtaXRoeS90eXBlcyc7XG5pbXBvcnQgdHlwZSB7IElvSGVscGVyIH0gZnJvbSAnLi4vLi4vLi4vLi4vQGF3cy1jZGsvdG1wLXRvb2xraXQtaGVscGVycy9zcmMvYXBpL2lvL3ByaXZhdGUnO1xuaW1wb3J0IHsgSU8gfSBmcm9tICcuLi8uLi8uLi8uLi9AYXdzLWNkay90bXAtdG9vbGtpdC1oZWxwZXJzL3NyYy9hcGkvaW8vcHJpdmF0ZSc7XG5pbXBvcnQgeyByZXBsYWNlckJ1ZmZlcldpdGhJbmZvIH0gZnJvbSAnLi4vLi4vdXRpbCc7XG5cbmV4cG9ydCBjbGFzcyBTZGtUb0NsaUxvZ2dlciBpbXBsZW1lbnRzIExvZ2dlciB7XG4gIHByaXZhdGUgcmVhZG9ubHkgaW9IZWxwZXI6IElvSGVscGVyO1xuXG4gIHB1YmxpYyBjb25zdHJ1Y3Rvcihpb0hlbHBlcjogSW9IZWxwZXIpIHtcbiAgICB0aGlzLmlvSGVscGVyID0gaW9IZWxwZXI7XG4gIH1cblxuICBwcml2YXRlIG5vdGlmeShsZXZlbDogJ2RlYnVnJyB8ICdpbmZvJyB8ICd3YXJuJyB8ICdlcnJvcicsIC4uLmNvbnRlbnQ6IGFueVtdKSB7XG4gICAgdm9pZCB0aGlzLmlvSGVscGVyLm5vdGlmeShJTy5DREtfU0RLX0kwMDAwLm1zZyhmb3JtYXQoJ1tTREsgJXNdICVzJywgbGV2ZWwsIGZvcm1hdFNka0xvZ2dlckNvbnRlbnQoY29udGVudCkpKSk7XG4gIH1cblxuICBwdWJsaWMgdHJhY2UoLi4uX2NvbnRlbnQ6IGFueVtdKSB7XG4gICAgLy8gVGhpcyBpcyB0b28gbXVjaCBkZXRhaWwgZm9yIG91ciBsb2dzXG4gICAgLy8gdGhpcy5ub3RpZnkoJ3RyYWNlJywgLi4uY29udGVudCk7XG4gIH1cblxuICBwdWJsaWMgZGVidWcoLi4uX2NvbnRlbnQ6IGFueVtdKSB7XG4gICAgLy8gVGhpcyBpcyB0b28gbXVjaCBkZXRhaWwgZm9yIG91ciBsb2dzXG4gICAgLy8gdGhpcy5ub3RpZnkoJ2RlYnVnJywgLi4uY29udGVudCk7XG4gIH1cblxuICAvKipcbiAgICogSW5mbyBpcyBjYWxsZWQgbW9zdGx5IChleGNsdXNpdmVseT8pIGZvciBzdWNjZXNzZnVsIEFQSSBjYWxsc1xuICAgKlxuICAgKiBQYXlsb2FkOlxuICAgKlxuICAgKiAoTm90ZSB0aGUgaW5wdXQgY29udGFpbnMgZW50aXJlIENGTiB0ZW1wbGF0ZXMsIGZvciBleGFtcGxlKVxuICAgKlxuICAgKiBgYGBcbiAgICoge1xuICAgKiAgIGNsaWVudE5hbWU6ICdTM0NsaWVudCcsXG4gICAqICAgY29tbWFuZE5hbWU6ICdHZXRCdWNrZXRMb2NhdGlvbkNvbW1hbmQnLFxuICAgKiAgIGlucHV0OiB7XG4gICAqICAgICBCdWNrZXQ6ICcuLi4uLicsXG4gICAqICAgICBFeHBlY3RlZEJ1Y2tldE93bmVyOiB1bmRlZmluZWRcbiAgICogICB9LFxuICAgKiAgIG91dHB1dDogeyBMb2NhdGlvbkNvbnN0cmFpbnQ6ICdldS1jZW50cmFsLTEnIH0sXG4gICAqICAgbWV0YWRhdGE6IHtcbiAgICogICAgIGh0dHBTdGF0dXNDb2RlOiAyMDAsXG4gICAqICAgICByZXF1ZXN0SWQ6ICcuLi4uJyxcbiAgICogICAgIGV4dGVuZGVkUmVxdWVzdElkOiAnLi4uJyxcbiAgICogICAgIGNmSWQ6IHVuZGVmaW5lZCxcbiAgICogICAgIGF0dGVtcHRzOiAxLFxuICAgKiAgICAgdG90YWxSZXRyeURlbGF5OiAwXG4gICAqICAgfVxuICAgKiB9XG4gICAqIGBgYFxuICAgKi9cbiAgcHVibGljIGluZm8oLi4uY29udGVudDogYW55W10pIHtcbiAgICB0aGlzLm5vdGlmeSgnaW5mbycsIC4uLmNvbnRlbnQpO1xuICB9XG5cbiAgcHVibGljIHdhcm4oLi4uY29udGVudDogYW55W10pIHtcbiAgICB0aGlzLm5vdGlmeSgnd2FybicsIC4uLmNvbnRlbnQpO1xuICB9XG5cbiAgLyoqXG4gICAqIEVycm9yIGlzIGNhbGxlZCBtb3N0bHkgKGV4Y2x1c2l2ZWx5PykgZm9yIGZhaWxpbmcgQVBJIGNhbGxzXG4gICAqXG4gICAqIFBheWxvYWQgKGlucHV0IHdvdWxkIGJlIHRoZSBlbnRpcmUgQVBJIGNhbGwgYXJndW1lbnRzKS5cbiAgICpcbiAgICogYGBgXG4gICAqIHtcbiAgICogICBjbGllbnROYW1lOiAnU1RTQ2xpZW50JyxcbiAgICogICBjb21tYW5kTmFtZTogJ0dldENhbGxlcklkZW50aXR5Q29tbWFuZCcsXG4gICAqICAgaW5wdXQ6IHt9LFxuICAgKiAgIGVycm9yOiBBZ2dyZWdhdGVFcnJvciBbRUNPTk5SRUZVU0VEXTpcbiAgICogICAgICAgYXQgaW50ZXJuYWxDb25uZWN0TXVsdGlwbGUgKG5vZGU6bmV0OjExMjE6MTgpXG4gICAqICAgICAgIGF0IGFmdGVyQ29ubmVjdE11bHRpcGxlIChub2RlOm5ldDoxNjg4OjcpIHtcbiAgICogICAgIGNvZGU6ICdFQ09OTlJFRlVTRUQnLFxuICAgKiAgICAgJyRtZXRhZGF0YSc6IHsgYXR0ZW1wdHM6IDMsIHRvdGFsUmV0cnlEZWxheTogNjAwIH0sXG4gICAqICAgICBbZXJyb3JzXTogWyBbRXJyb3JdLCBbRXJyb3JdIF1cbiAgICogICB9LFxuICAgKiAgIG1ldGFkYXRhOiB7IGF0dGVtcHRzOiAzLCB0b3RhbFJldHJ5RGVsYXk6IDYwMCB9XG4gICAqIH1cbiAgICogYGBgXG4gICAqL1xuICBwdWJsaWMgZXJyb3IoLi4uY29udGVudDogYW55W10pIHtcbiAgICB0aGlzLm5vdGlmeSgnZXJyb3InLCAuLi5jb250ZW50KTtcbiAgfVxufVxuXG4vKipcbiAqIFRoaXMgY2FuIGJlIGFueXRoaW5nLlxuICpcbiAqIEZvciBkZWJ1ZywgaXQgc2VlbXMgdG8gYmUgbW9zdGx5IHN0cmluZ3MuXG4gKiBGb3IgaW5mbywgaXQgc2VlbXMgdG8gYmUgb2JqZWN0cy5cbiAqXG4gKiBTdHJpbmdpZnkgYW5kIGpvaW4gd2l0aG91dCBzZXBhcmF0b3IuXG4gKi9cbmV4cG9ydCBmdW5jdGlvbiBmb3JtYXRTZGtMb2dnZXJDb250ZW50KGNvbnRlbnQ6IGFueVtdKSB7XG4gIGlmIChjb250ZW50Lmxlbmd0aCA9PT0gMSkge1xuICAgIGNvbnN0IGFwaUZtdCA9IGZvcm1hdEFwaUNhbGwoY29udGVudFswXSk7XG4gICAgaWYgKGFwaUZtdCkge1xuICAgICAgcmV0dXJuIGFwaUZtdDtcbiAgICB9XG4gIH1cbiAgcmV0dXJuIGNvbnRlbnQubWFwKCh4KSA9PiB0eXBlb2YgeCA9PT0gJ3N0cmluZycgPyB4IDogaW5zcGVjdCh4KSkuam9pbignJyk7XG59XG5cbmZ1bmN0aW9uIGZvcm1hdEFwaUNhbGwoY29udGVudDogYW55KTogc3RyaW5nIHwgdW5kZWZpbmVkIHtcbiAgaWYgKCFpc1Nka0FwaUNhbGxTdWNjZXNzKGNvbnRlbnQpICYmICFpc1Nka0FwaUNhbGxFcnJvcihjb250ZW50KSkge1xuICAgIHJldHVybiB1bmRlZmluZWQ7XG4gIH1cblxuICBjb25zdCBzZXJ2aWNlID0gY29udGVudC5jbGllbnROYW1lLnJlcGxhY2UoL0NsaWVudCQvLCAnJyk7XG4gIGNvbnN0IGFwaSA9IGNvbnRlbnQuY29tbWFuZE5hbWUucmVwbGFjZSgvQ29tbWFuZCQvLCAnJyk7XG5cbiAgY29uc3QgcGFydHMgPSBbXTtcbiAgaWYgKChjb250ZW50Lm1ldGFkYXRhPy5hdHRlbXB0cyA/PyAwKSA+IDEpIHtcbiAgICBwYXJ0cy5wdXNoKGBbJHtjb250ZW50Lm1ldGFkYXRhPy5hdHRlbXB0c30gYXR0ZW1wdHMsICR7Y29udGVudC5tZXRhZGF0YT8udG90YWxSZXRyeURlbGF5fW1zIHJldHJ5XWApO1xuICB9XG5cbiAgcGFydHMucHVzaChgJHtzZXJ2aWNlfS4ke2FwaX0oJHtKU09OLnN0cmluZ2lmeShjb250ZW50LmlucHV0LCByZXBsYWNlckJ1ZmZlcldpdGhJbmZvKX0pYCk7XG5cbiAgaWYgKGlzU2RrQXBpQ2FsbFN1Y2Nlc3MoY29udGVudCkpIHtcbiAgICBwYXJ0cy5wdXNoKCctPiBPSycpO1xuICB9IGVsc2Uge1xuICAgIHBhcnRzLnB1c2goYC0+ICR7Y29udGVudC5lcnJvcn1gKTtcbiAgfVxuXG4gIHJldHVybiBwYXJ0cy5qb2luKCcgJyk7XG59XG5cbmludGVyZmFjZSBTZGtBcGlDYWxsQmFzZSB7XG4gIGNsaWVudE5hbWU6IHN0cmluZztcbiAgY29tbWFuZE5hbWU6IHN0cmluZztcbiAgaW5wdXQ6IFJlY29yZDxzdHJpbmcsIHVua25vd24+O1xuICBtZXRhZGF0YT86IHtcbiAgICBodHRwU3RhdHVzQ29kZT86IG51bWJlcjtcbiAgICByZXF1ZXN0SWQ/OiBzdHJpbmc7XG4gICAgZXh0ZW5kZWRSZXF1ZXN0SWQ/OiBzdHJpbmc7XG4gICAgY2ZJZD86IHN0cmluZztcbiAgICBhdHRlbXB0cz86IG51bWJlcjtcbiAgICB0b3RhbFJldHJ5RGVsYXk/OiBudW1iZXI7XG4gIH07XG59XG5cbnR5cGUgU2RrQXBpQ2FsbFN1Y2Nlc3MgPSBTZGtBcGlDYWxsQmFzZSAmIHsgb3V0cHV0OiBSZWNvcmQ8c3RyaW5nLCB1bmtub3duPiB9O1xudHlwZSBTZGtBcGlDYWxsRXJyb3IgPSBTZGtBcGlDYWxsQmFzZSAmIHsgZXJyb3I6IEVycm9yIH07XG5cbmZ1bmN0aW9uIGlzU2RrQXBpQ2FsbFN1Y2Nlc3MoeDogYW55KTogeCBpcyBTZGtBcGlDYWxsU3VjY2VzcyB7XG4gIHJldHVybiB4ICYmIHR5cGVvZiB4ID09PSAnb2JqZWN0JyAmJiB4LmNvbW1hbmROYW1lICYmIHgub3V0cHV0O1xufVxuXG5mdW5jdGlvbiBpc1Nka0FwaUNhbGxFcnJvcih4OiBhbnkpOiB4IGlzIFNka0FwaUNhbGxFcnJvciB7XG4gIHJldHVybiB4ICYmIHR5cGVvZiB4ID09PSAnb2JqZWN0JyAmJiB4LmNvbW1hbmROYW1lICYmIHguZXJyb3I7XG59XG4iXX0=

package/lib/api/aws-auth/sdk-provider.d.ts

@@ -1,207 +0,0 @@
-import type { ContextLookupRoleOptions } from '@aws-cdk/cloud-assembly-schema';
-import type { Environment } from '@aws-cdk/cx-api';
-import type { AssumeRoleCommandInput } from '@aws-sdk/client-sts';
-import type { NodeHttpHandlerOptions } from '@smithy/node-http-handler';
-import type { AwsCredentialIdentityProvider, Logger } from '@smithy/types';
-import { SDK } from './sdk';
-import { Mode } from '../plugin/mode';
-export type AssumeRoleAdditionalOptions = Partial<Omit<AssumeRoleCommandInput, 'ExternalId' | 'RoleArn'>>;
-/**
- * Options for the default SDK provider
- */
-export interface SdkProviderOptions {
-    /**
-     * Profile to read from ~/.aws
-     *
-     * @default - No profile
-     */
-    readonly profile?: string;
-    /**
-     * HTTP options for SDK
-     */
-    readonly httpOptions?: SdkHttpOptions;
-    /**
-     * The logger for sdk calls.
-     */
-    readonly logger?: Logger;
-}
-/**
- * Options for individual SDKs
- */
-export interface SdkHttpOptions {
-    /**
-     * Proxy address to use
-     *
-     * @default No proxy
-     */
-    readonly proxyAddress?: string;
-    /**
-     * A path to a certificate bundle that contains a cert to be trusted.
-     *
-     * @default No certificate bundle
-     */
-    readonly caBundlePath?: string;
-}
-/**
- * SDK configuration for a given environment
- * 'forEnvironment' will attempt to assume a role and if it
- * is not successful, then it will either:
- *   1. Check to see if the default credentials (local credentials the CLI was executed with)
- *      are for the given environment. If they are then return those.
- *   2. If the default credentials are not for the given environment then
- *      throw an error
- *
- * 'didAssumeRole' allows callers to whether they are receiving the assume role
- * credentials or the default credentials.
- */
-export interface SdkForEnvironment {
-    /**
-     * The SDK for the given environment
-     */
-    readonly sdk: SDK;
-    /**
-     * Whether or not the assume role was successful.
-     * If the assume role was not successful (false)
-     * then that means that the 'sdk' returned contains
-     * the default credentials (not the assume role credentials)
-     */
-    readonly didAssumeRole: boolean;
-}
-/**
- * Creates instances of the AWS SDK appropriate for a given account/region.
- *
- * Behavior is as follows:
- *
- * - First, a set of "base" credentials are established
- *   - If a target environment is given and the default ("current") SDK credentials are for
- *     that account, return those; otherwise
- *   - If a target environment is given, scan all credential provider plugins
- *     for credentials, and return those if found; otherwise
- *   - Return default ("current") SDK credentials, noting that they might be wrong.
- *
- * - Second, a role may optionally need to be assumed. Use the base credentials
- *   established in the previous process to assume that role.
- *   - If assuming the role fails and the base credentials are for the correct
- *     account, return those. This is a fallback for people who are trying to interact
- *     with a Default Synthesized stack and already have right credentials setup.
- *
- *     Typical cases we see in the wild:
- *     - Credential plugin setup that, although not recommended, works for them
- *     - Seeded terminal with `ReadOnly` credentials in order to do `cdk diff`--the `ReadOnly`
- *       role doesn't have `sts:AssumeRole` and will fail for no real good reason.
- */
-export declare class SdkProvider {
-    private readonly defaultCredentialProvider;
-    /**
-     * Default region
-     */
-    readonly defaultRegion: string;
-    private readonly requestHandler;
-    private readonly logger?;
-    /**
-     * Create a new SdkProvider which gets its defaults in a way that behaves like the AWS CLI does
-     *
-     * The AWS SDK for JS behaves slightly differently from the AWS CLI in a number of ways; see the
-     * class `AwsCliCompatible` for the details.
-     */
-    static withAwsCliCompatibleDefaults(options?: SdkProviderOptions): Promise<SdkProvider>;
-    private readonly plugins;
-    constructor(defaultCredentialProvider: AwsCredentialIdentityProvider, 
-    /**
-     * Default region
-     */
-    defaultRegion: string, requestHandler?: NodeHttpHandlerOptions, logger?: Logger | undefined);
-    /**
-     * Return an SDK which can do operations in the given environment
-     *
-     * The `environment` parameter is resolved first (see `resolveEnvironment()`).
-     */
-    forEnvironment(environment: Environment, mode: Mode, options?: CredentialsOptions, quiet?: boolean): Promise<SdkForEnvironment>;
-    /**
-     * Return the partition that base credentials are for
-     *
-     * Returns `undefined` if there are no base credentials.
-     */
-    baseCredentialsPartition(environment: Environment, mode: Mode): Promise<string | undefined>;
-    /**
-     * Resolve the environment for a stack
-     *
-     * Replaces the magic values `UNKNOWN_REGION` and `UNKNOWN_ACCOUNT`
-     * with the defaults for the current SDK configuration (`~/.aws/config` or
-     * otherwise).
-     *
-     * It is an error if `UNKNOWN_ACCOUNT` is used but the user hasn't configured
-     * any SDK credentials.
-     */
-    resolveEnvironment(env: Environment): Promise<Environment>;
-    /**
-     * The account we'd auth into if we used default credentials.
-     *
-     * Default credentials are the set of ambiently configured credentials using
-     * one of the environment variables, or ~/.aws/credentials, or the *one*
-     * profile that was passed into the CLI.
-     *
-     * Might return undefined if there are no default/ambient credentials
-     * available (in which case the user should better hope they have
-     * credential plugins configured).
-     *
-     * Uses a cache to avoid STS calls if we don't need 'em.
-     */
-    defaultAccount(): Promise<Account | undefined>;
-    /**
-     * Get credentials for the given account ID in the given mode
-     *
-     * 1. Use the default credentials if the destination account matches the
-     *    current credentials' account.
-     * 2. Otherwise try all credential plugins.
-     * 3. Fail if neither of these yield any credentials.
-     * 4. Return a failure if any of them returned credentials
-     */
-    private obtainBaseCredentials;
-    /**
-     * Return an SDK which uses assumed role credentials
-     *
-     * The base credentials used to retrieve the assumed role credentials will be the
-     * same credentials returned by obtainCredentials if an environment and mode is passed,
-     * otherwise it will be the current credentials.
-     */
-    private withAssumedRole;
-}
-/**
- * An AWS account
- *
- * An AWS account always exists in only one partition. Usually we don't care about
- * the partition, but when we need to form ARNs we do.
- */
-export interface Account {
-    /**
-     * The account number
-     */
-    readonly accountId: string;
-    /**
-     * The partition ('aws' or 'aws-cn' or otherwise)
-     */
-    readonly partition: string;
-}
-/**
- * Options for obtaining credentials for an environment
- */
-export interface CredentialsOptions {
-    /**
-     * The ARN of the role that needs to be assumed, if any
-     */
-    readonly assumeRoleArn?: string;
-    /**
-     * External ID required to assume the given role.
-     */
-    readonly assumeRoleExternalId?: string;
-    /**
-     * Session tags required to assume the given role.
-     */
-    readonly assumeRoleAdditionalOptions?: AssumeRoleAdditionalOptions;
-}
-/**
- * Instantiate an SDK for context providers. This function ensures that all
- * lookup assume role options are used when context providers perform lookups.
- */
-export declare function initContextProviderSdk(aws: SdkProvider, options: ContextLookupRoleOptions): Promise<SDK>;