cdk-comprehend-s3olap 2.0.77 → 2.0.80

package/node_modules/aws-sdk/lib/token/sso_token_provider.js

@@ -0,0 +1,245 @@
+var AWS = require('../core');
+var crypto = require('crypto');
+var fs = require('fs');
+var path = require('path');
+var iniLoader = AWS.util.iniLoader;
+
+// Tracking refresh attempt to ensure refresh is not attempted more than once every 30 seconds.
+var lastRefreshAttemptTime = 0;
+
+/**
+ * Throws error is key is not present in token object.
+ *
+ * @param token [Object] Object to be validated.
+ * @param key [String] The key to be validated on the object.
+ */
+var validateTokenKey = function validateTokenKey(token, key) {
+  if (!token[key]) {
+    throw AWS.util.error(
+      new Error('Key "' + key + '" not present in SSO Token'),
+      { code: 'SSOTokenProviderFailure' }
+    );
+  }
+};
+
+/**
+ * Calls callback function with or without error based on provided times in case
+ * of unsuccessful refresh.
+ *
+ * @param currentTime [number] current time in milliseconds since ECMAScript epoch.
+ * @param tokenExpireTime [number] token expire time in milliseconds since ECMAScript epoch.
+ * @param callback [Function] Callback to call in case of error.
+ */
+var refreshUnsuccessful = function refreshUnsuccessful(
+  currentTime,
+  tokenExpireTime,
+  callback
+) {
+  if (tokenExpireTime > currentTime) {
+    // Cached token is still valid, return.
+    callback(null);
+  } else {
+    // Token invalid, throw error requesting user to sso login.
+    throw AWS.util.error(
+      new Error('SSO Token refresh failed. Please log in using "aws sso login"'),
+      { code: 'SSOTokenProviderFailure' }
+    );
+  }
+};
+
+/**
+ * Represents token loaded from disk derived from the AWS SSO device grant authorication flow.
+ *
+ * ## Using SSO Token Provider
+ *
+ * This provider is checked by default in the Node.js environment in TokenProviderChain.
+ * To use the SSO Token Provider, simply add your SSO Start URL and Region to the
+ * ~/.aws/config file in the following format:
+ *
+ *     [default]
+ *     sso_start_url = https://d-abc123.awsapps.com/start
+ *     sso_region = us-east-1
+ *
+ * ## Using custom profiles
+ *
+ * The SDK supports loading token for separate profiles. This can be done in two ways:
+ *
+ * 1. Set the `AWS_PROFILE` environment variable in your process prior to loading the SDK.
+ * 2. Directly load the AWS.SSOTokenProvider:
+ *
+ * ```javascript
+ * var ssoTokenProvider = new AWS.SSOTokenProvider({profile: 'myprofile'});
+ * ```
+ *
+ * @!macro nobrowser
+ */
+AWS.SSOTokenProvider = AWS.util.inherit(AWS.Token, {
+  /**
+   * Expiry window of five minutes.
+   */
+  expiryWindow: 5 * 60,
+
+  /**
+   * Creates a new token object from cached access token.
+   *
+   * @param options [map] a set of options
+   * @option options profile [String] (AWS_PROFILE env var or 'default')
+   *   the name of the profile to load.
+   * @option options callback [Function] (err) Token is eagerly loaded
+   *   by the constructor. When the callback is called with no error, the
+   *   token has been loaded successfully.
+   */
+  constructor: function SSOTokenProvider(options) {
+    AWS.Token.call(this);
+
+    options = options || {};
+
+    this.expired = true;
+    this.profile = options.profile || process.env.AWS_PROFILE || AWS.util.defaultProfile;
+    this.get(options.callback || AWS.util.fn.noop);
+  },
+
+  /**
+   * Reads sso_start_url from provided profile, and reads token from
+   * ~/.aws/sso/cache/<sha1-of-utf8-encoded-value-from-sso_start_url>.json
+   *
+   * Throws an error if required fields token and expiresAt are missing.
+   * Throws an error if token has expired and metadata to perform refresh is
+   * not available.
+   * Attempts to refresh the token if it's within 5 minutes before expiry time.
+   *
+   * @api private
+   */
+  load: function load(callback) {
+    var self = this;
+    var profiles = iniLoader.loadFrom({ isConfig: true });
+    var profile = profiles[this.profile] || {};
+
+    if (Object.keys(profile).length === 0) {
+      throw AWS.util.error(
+        new Error('Profile "' + this.profile + '" not found'),
+        { code: 'SSOTokenProviderFailure' }
+      );
+    } else if (!profile['sso_session']) {
+      throw AWS.util.error(
+        new Error('Profile "' + profileName + '" is missing required property "sso_session".'),
+        { code: 'SSOTokenProviderFailure' }
+      );
+    }
+
+    var ssoSessionName = profile['sso_session'];
+    var ssoSessions = iniLoader.loadSsoSessionsFrom();
+    var ssoSession = ssoSessions[ssoSessionName];
+
+    if (!ssoSession) {
+      throw AWS.util.error(
+        new Error('Sso session "' + ssoSessionName + '" not found'),
+        { code: 'SSOTokenProviderFailure' }
+      );
+    } else if (!ssoSession['sso_start_url']) {
+      throw AWS.util.error(
+        new Error('Sso session "' + profileName + '" is missing required property "sso_start_url".'),
+        { code: 'SSOTokenProviderFailure' }
+      );
+    } else if (!ssoSession['sso_region']) {
+      throw AWS.util.error(
+        new Error('Sso session "' + profileName + '" is missing required property "sso_region".'),
+        { code: 'SSOTokenProviderFailure' }
+      );
+    }
+
+    var hasher = crypto.createHash('sha1');
+    var fileName = hasher.update(ssoSessionName).digest('hex') + '.json';
+    var cachePath = path.join(iniLoader.getHomeDir(), '.aws', 'sso', 'cache', fileName);
+    var tokenFromCache = JSON.parse(fs.readFileSync(cachePath));
+
+    if (!tokenFromCache) {
+      throw AWS.util.error(
+        new Error('Cached token not found. Please log in using "aws sso login"'
+          + ' for profile "' + this.profile + '".'),
+        { code: 'SSOTokenProviderFailure' }
+      );
+    }
+
+    validateTokenKey(tokenFromCache, 'accessToken');
+    validateTokenKey(tokenFromCache, 'expiresAt');
+
+    var currentTime = AWS.util.date.getDate().getTime();
+    var adjustedTime = new Date(currentTime + this.expiryWindow * 1000);
+    var tokenExpireTime = new Date(tokenFromCache['expiresAt']);
+
+    if (tokenExpireTime > adjustedTime) {
+      // Token is valid and not expired.
+      self.token = tokenFromCache.accessToken;
+      self.expireTime = tokenExpireTime;
+      self.expired = false;
+      callback(null);
+      return;
+    }
+
+    // Skip new refresh, if last refresh was done within 30 seconds.
+    if (currentTime - lastRefreshAttemptTime < 30 * 1000) {
+      refreshUnsuccessful(currentTime, tokenExpireTime, callback);
+      return;
+    }
+
+    // Token is in expiry window, refresh from SSOOIDC.createToken() call.
+    validateTokenKey(tokenFromCache, 'clientId');
+    validateTokenKey(tokenFromCache, 'clientSecret');
+    validateTokenKey(tokenFromCache, 'refreshToken');
+
+    if (!self.service || self.service.config.region !== ssoSession.sso_region) {
+      self.service = new AWS.SSOOIDC({ region: ssoSession.sso_region });
+    }
+
+    var params = {
+      clientId: tokenFromCache.clientId,
+      clientSecret: tokenFromCache.clientSecret,
+      refreshToken: tokenFromCache.refreshToken,
+      grantType: 'refresh_token',
+    };
+
+    lastRefreshAttemptTime = AWS.util.date.getDate().getTime();
+    self.service.createToken(params, function(err, data) {
+      if (err || !data) {
+        refreshUnsuccessful(currentTime, tokenExpireTime, callback);
+      } else {
+        try {
+          validateTokenKey(data, 'accessToken');
+          validateTokenKey(data, 'expiresIn');
+          self.expired = false;
+          self.token = data.accessToken;
+          self.expireTime = new Date(Date.now() + data.expiresIn * 1000);
+          callback(null);
+
+          try {
+            // Write updated token data to disk.
+            tokenFromCache.accessToken = data.accessToken;
+            tokenFromCache.expiresAt = self.expireTime.toISOString();
+            tokenFromCache.refreshToken = data.refreshToken;
+            fs.writeFileSync(cachePath, JSON.stringify(tokenFromCache, null, 2));
+          } catch (error) {
+            // Swallow error if unable to write token to file.
+          }
+        } catch (error) {
+          refreshUnsuccessful(currentTime, tokenExpireTime, callback);
+        }
+      }
+    });
+  },
+
+  /**
+   * Loads the cached access token from disk.
+   *
+   * @callback callback function(err)
+   *   Called after the AWS SSO process has been executed. When this
+   *   callback is called with no error, it means that the token information
+   *   has been loaded into the object (as the `token` property).
+   *   @param err [Error] if an error occurred, this value will be filled.
+   * @see get
+   */
+  refresh: function refresh(callback) {
+    iniLoader.clearCachedFiles();
+    this.coalesceRefresh(callback || AWS.util.fn.callback);
+  },
+});

package/node_modules/aws-sdk/lib/token/static_token_provider.d.ts

@@ -0,0 +1,8 @@
+import {Token, TokenOptions} from '../token';
+
+export class StaticTokenProvider extends Token {
+    /**
+     * Creates a new StaticTokenProvider object.
+     */
+    constructor(options?: TokenOptions);
+}

package/node_modules/aws-sdk/lib/token/static_token_provider.js

@@ -0,0 +1,27 @@
+var AWS = require('../core');
+
+/**
+ * Represents the simplest token provider. It returns a static token string
+ * and has an optional expireTime.
+ */
+AWS.StaticTokenProvider = AWS.util.inherit(AWS.Token, {
+
+  /**
+   * Creates a new StaticTokenProvider class with a given {token} and
+   * optional {expireTime}.
+   *
+   * ```javascript
+   * var staticTokenProvider = new AWS.StaticTokenProvider({
+   *   token: 'token'
+   * });
+   * staticTokenProvider.token == 'token' // from constructor
+   * ```
+   *
+   * @option options token [String] represents the literal token string.
+   * @option options expireTime [Date] optional field representing the time at which
+   *   the token expires.
+   */
+  constructor: function StaticTokenProvider(options) {
+    AWS.Token.call(this, options);
+  }
+});

package/node_modules/aws-sdk/lib/token/token_provider_chain.d.ts

@@ -0,0 +1,24 @@
+import {Token} from '../token';
+import {AWSError} from '../error';
+export class TokenProviderChain {
+    /**
+     * Creates a new TokenProviderChain with a default set of providers specified by defaultProviders.
+     */
+    constructor(providers?: provider[])
+    /**
+     * Resolves the provider chain by searching for the first set of token in providers.
+     */
+    resolve(callback:(err: AWSError|null, token?: Token) => void): TokenProviderChain;
+    /**
+     * Return a Promise on resolve() function
+     */
+    resolvePromise(): Promise<Token>;
+    /**
+     * Returns a list of token objects or functions that return token objects. If the provider is a function, the function will be executed lazily when the provider needs to be checked for valid token. By default, this object will be set to the defaultProviders.
+     */
+    providers: Array<Token|provider>;
+
+    static defaultProviders: provider[]
+}
+
+type provider = () => Token;

package/node_modules/aws-sdk/lib/token/token_provider_chain.js

@@ -0,0 +1,165 @@
+var AWS = require('../core');
+
+/**
+ * Creates a token provider chain that searches for token in a list of
+ * token providers specified by the {providers} property.
+ *
+ * By default, the chain will use the {defaultProviders} to resolve token.
+ *
+ * ## Setting Providers
+ *
+ * Each provider in the {providers} list should be a function that returns
+ * a {AWS.Token} object, or a hardcoded token object. The function
+ * form allows for delayed execution of the Token construction.
+ *
+ * ## Resolving Token from a Chain
+ *
+ * Call {resolve} to return the first valid token object that can be
+ * loaded by the provider chain.
+ *
+ * For example, to resolve a chain with a custom provider that checks a file
+ * on disk after the set of {defaultProviders}:
+ *
+ * ```javascript
+ * var diskProvider = new FileTokenProvider('./token.json');
+ * var chain = new AWS.TokenProviderChain();
+ * chain.providers.push(diskProvider);
+ * chain.resolve();
+ * ```
+ *
+ * The above code will return the `diskProvider` object if the
+ * file contains token and the `defaultProviders` do not contain
+ * any token.
+ *
+ * @!attribute providers
+ *   @return [Array<AWS.Token, Function>]
+ *     a list of token objects or functions that return token
+ *     objects. If the provider is a function, the function will be
+ *     executed lazily when the provider needs to be checked for valid
+ *     token. By default, this object will be set to the {defaultProviders}.
+ *   @see defaultProviders
+ */
+AWS.TokenProviderChain = AWS.util.inherit(AWS.Token, {
+
+  /**
+   * Creates a new TokenProviderChain with a default set of providers
+   * specified by {defaultProviders}.
+   */
+  constructor: function TokenProviderChain(providers) {
+    if (providers) {
+      this.providers = providers;
+    } else {
+      this.providers = AWS.TokenProviderChain.defaultProviders.slice(0);
+    }
+    this.resolveCallbacks = [];
+  },
+
+  /**
+   * @!method  resolvePromise()
+   *   Returns a 'thenable' promise.
+   *   Resolves the provider chain by searching for the first token in {providers}.
+   *
+   *   Two callbacks can be provided to the `then` method on the returned promise.
+   *   The first callback will be called if the promise is fulfilled, and the second
+   *   callback will be called if the promise is rejected.
+   *   @callback fulfilledCallback function(token)
+   *     Called if the promise is fulfilled and the provider resolves the chain
+   *     to a token object
+   *     @param token [AWS.Token] the token object resolved by the provider chain.
+   *   @callback rejectedCallback function(error)
+   *     Called if the promise is rejected.
+   *     @param err [Error] the error object returned if no token is found.
+   *   @return [Promise] A promise that represents the state of the `resolve` method call.
+   *   @example Calling the `resolvePromise` method.
+   *     var promise = chain.resolvePromise();
+   *     promise.then(function(token) { ... }, function(err) { ... });
+   */
+
+  /**
+   * Resolves the provider chain by searching for the first token in {providers}.
+   *
+   * @callback callback function(err, token)
+   *   Called when the provider resolves the chain to a token object
+   *   or null if no token can be found.
+   *
+   *   @param err [Error] the error object returned if no token is found.
+   *   @param token [AWS.Token] the token object resolved by the provider chain.
+   * @return [AWS.TokenProviderChain] the provider, for chaining.
+   */
+  resolve: function resolve(callback) {
+    var self = this;
+    if (self.providers.length === 0) {
+      callback(new Error('No providers'));
+      return self;
+    }
+
+    if (self.resolveCallbacks.push(callback) === 1) {
+      var index = 0;
+      var providers = self.providers.slice(0);
+
+      function resolveNext(err, token) {
+        if ((!err && token) || index === providers.length) {
+          AWS.util.arrayEach(self.resolveCallbacks, function (callback) {
+            callback(err, token);
+          });
+          self.resolveCallbacks.length = 0;
+          return;
+        }
+
+        var provider = providers[index++];
+        if (typeof provider === 'function') {
+          token = provider.call();
+        } else {
+          token = provider;
+        }
+
+        if (token.get) {
+          token.get(function (getErr) {
+            resolveNext(getErr, getErr ? null : token);
+          });
+        } else {
+          resolveNext(null, token);
+        }
+      }
+
+      resolveNext();
+    }
+
+    return self;
+  }
+});
+
+/**
+ * The default set of providers used by a vanilla TokenProviderChain.
+ *
+ * In the browser:
+ *
+ * ```javascript
+ * AWS.TokenProviderChain.defaultProviders = []
+ * ```
+ *
+ * In Node.js:
+ *
+ * ```javascript
+ * AWS.TokenProviderChain.defaultProviders = [
+ *   function () { return new AWS.SSOTokenProvider(); },
+ * ]
+ * ```
+ */
+AWS.TokenProviderChain.defaultProviders = [];
+
+/**
+ * @api private
+ */
+AWS.TokenProviderChain.addPromisesToClass = function addPromisesToClass(PromiseDependency) {
+  this.prototype.resolvePromise = AWS.util.promisifyMethod('resolve', PromiseDependency);
+};
+
+/**
+ * @api private
+ */
+AWS.TokenProviderChain.deletePromisesFromClass = function deletePromisesFromClass() {
+  delete this.prototype.resolvePromise;
+};
+
+AWS.util.addPromises(AWS.TokenProviderChain);

package/node_modules/aws-sdk/lib/token.d.ts

@@ -0,0 +1,101 @@
+import {AWSError} from './error';
+
+/**
+ * Represents AWS token object, which contains {token}, and optional
+ * {expireTime}.
+ * Creating a `Token` object allows you to pass around your
+ * token to configuration and service objects.
+ *
+ * Note that this class typically does not need to be constructed manually,
+ * as the {AWS.Config} and {AWS.Service} classes both accept simple
+ * options hashes with the two keys. The token from this object will be used
+ * automatically in operations which require them.
+ *
+ * ## Expiring and Refreshing Token
+ *
+ * Occasionally token can expire in the middle of a long-running
+ * application. In this case, the SDK will automatically attempt to
+ * refresh the token from the storage location if the Token
+ * class implements the {refresh} method.
+ *
+ * If you are implementing a token storage location, you
+ * will want to create a subclass of the `Token` class and
+ * override the {refresh} method. This method allows token to be
+ * retrieved from the backing store, be it a file system, database, or
+ * some network storage. The method should reset the token attributes
+ * on the object.
+ */
+export class Token {
+  /**
+   * Creates a Token object with a given set of token information as an options hash.
+   *
+   * @param {object} options - An option hash containing a set of token information.
+   */
+  constructor(options: TokenOptions);
+
+  /**
+   * Gets the existing token, refreshing it if it's are not yet loaded or have expired.
+   * Users should call this method before using refresh(), as this will not attempt to reload
+   * tokeb when they are already loaded into the object.
+   *
+   * @param {get} callback - When called with no error, the token information has been loaded into the object.
+   */
+  get(callback: (err?: AWSError) => void): void;
+
+  /**
+   * Gets the existing token, refreshing ot if necessary, and returns
+   * a promise that will be fulfilled immediately (if no refresh is necessary)
+   * or when the refresh has completed.
+   */
+  getPromise(): Promise<void>;
+
+  /**
+   * Returns whether the token object should call refresh()
+   */
+  needsRefresh(): boolean;
+
+  /**
+   * Refreshes the token.
+   * Users should call get() before attempting to forcibly refresh token.
+   *
+   * @param {function} callback - When called with no error, the token information has been loaded into the object.
+   */
+  refresh(callback: (err?: AWSError) => void): void;
+
+  /**
+   * Invokes a token refresh and returns a promise that will be fulfilled
+   * when the refresh has completed or rejected when the refresh has failed.
+   * Users should call get() before attempting to forcibly refresh token.
+   */
+  refreshPromise(): Promise<void>;
+
+  /**
+   * The literal token string.
+   */
+  token: string;
+  
+  /**
+   * Whether the token has expired and require a refresh.
+   * Used in conjunction with expireTime.
+   */
+  expired: boolean;
+
+  /**
+   * Time when token should be considered expired.
+   * Used in conjunction with expired.
+   */
+  expireTime: Date;
+  
+  static expiryWindow: number;
+}
+
+export interface TokenOptions {
+  /**
+   * The literal token string.
+   */
+  token: string
+  /**
+   * The time at which the token expires.
+   */
+   expireTime?: Date
+}