npm - coze-coding-dev-sdk - Versions diffs - 0.7.18 → 0.7.19 - Mend

coze-coding-dev-sdk 0.7.18 → 0.7.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/dist/cjs/cli/index.js +75 -41
package/dist/cjs/cli/index.js.LICENSE.txt +58 -0
package/dist/cjs/index.js +29 -29
package/dist/esm/131.mjs +17 -17
package/dist/esm/1~113.mjs +1 -1
package/dist/esm/1~390.mjs +2 -2
package/dist/esm/1~398.mjs +2 -2
package/dist/esm/1~844.mjs +1 -1
package/dist/esm/687.mjs +1 -0
package/dist/esm/cli/index.mjs +29 -24
package/dist/esm/cli/index.mjs.LICENSE.txt +58 -0
package/dist/esm/rslib-runtime.mjs +1 -1
package/dist/types/cli/commands/storage.d.ts +6 -0
package/dist/types/cli/commands/storage.d.ts.map +1 -0
package/package.json +4 -2

package/dist/esm/1~113.mjs CHANGED Viewed

	@@ -1 +1 @@
1	- import{__webpack_require__ as e}from"./rslib-runtime.mjs";import{createHash as t,createPrivateKey as r,createPublicKey as n,sign as o}from"node:crypto";import{readFile_readFile as i,chain_chain as s,getProfileName as a,CredentialsProviderError as l,setCredentialFeature as c,HttpRequest as d}from"./131.mjs";import{homedir as f}from"./57.mjs";import{parseKnownFiles as g}from"./1~23.mjs";let _=e=>c(e,"CREDENTIALS_PROFILE_NAMED_PROVIDER","p"),u=async(e,t,r,n,o={},i)=>{r.logger?.debug("@aws-sdk/credential-provider-ini - resolveAssumeRoleCredentials (STS)");let d=t[e],{source_profile:f,region:g}=d;if(!r.roleAssumer){let{getDefaultRoleAssumer:e}=await import("./1~410.mjs").then(e=>({getDefaultRoleAssumer:e.defaultRoleAssumers_getDefaultRoleAssumer}));r.roleAssumer=e({...r.clientConfig,credentialProviderLogger:r.logger,parentClientConfig:{...n,...r?.parentClientConfig,region:g??r?.parentClientConfig?.region??n?.region}},r.clientPlugins)}if(f&&f in o)throw new l(`Detected a cycle attempting to resolve credentials for profile ${a(r)}. Profiles visited: `+Object.keys(o).join(", "),{logger:r.logger});r.logger?.debug(`@aws-sdk/credential-provider-ini - finding credential resolver using ${f?`source_profile=[${f}]`:`profile=[${e}]`}`);let u=f?i(f,t,r,n,{...o,[f]:!0},p(t[f]??{})):(await ((e,t,r)=>{let n={EcsContainer:async e=>{let{fromHttp:t}=await import("./1~35.mjs").then(e=>({fromHttp:e.fromHttp})),{fromContainerMetadata:n}=await import("./1~398.mjs").then(e=>({fromContainerMetadata:e.fromContainerMetadata}));return r?.debug("@aws-sdk/credential-provider-ini - credential_source is EcsContainer"),async()=>s(t(e??{}),n(e))().then(_)},Ec2InstanceMetadata:async e=>{r?.debug("@aws-sdk/credential-provider-ini - credential_source is Ec2InstanceMetadata");let{fromInstanceMetadata:t}=await import("./1~398.mjs").then(e=>({fromInstanceMetadata:e.fromInstanceMetadata}));return async()=>t(e)().then(_)},Environment:async e=>{r?.debug("@aws-sdk/credential-provider-ini - credential_source is Environment");let{fromEnv:t}=await import("./1~134.mjs").then(e=>({fromEnv:e.fromEnv_fromEnv}));return async()=>t(e)().then(_)}};if(e in n)return n[e];throw new l(`Unsupported credential source in profile ${t}. Got ${e}, expected EcsContainer or Ec2InstanceMetadata or Environment.`,{logger:r})})(d.credential_source,e,r.logger)(r))();if(p(d))return u.then(e=>c(e,"CREDENTIALS_PROFILE_SOURCE_PROFILE","o"));{let t={RoleArn:d.role_arn,RoleSessionName:d.role_session_name\|\|`aws-sdk-js-${Date.now()}`,ExternalId:d.external_id,DurationSeconds:parseInt(d.duration_seconds\|\|"3600",10)},{mfa_serial:n}=d;if(n){if(!r.mfaCodeProvider)throw new l(`Profile ${e} requires multi-factor authentication, but no MFA code callback was provided.`,{logger:r.logger,tryNextLink:!1});t.SerialNumber=n,t.TokenCode=await r.mfaCodeProvider(n)}let o=await u;return r.roleAssumer(o,t).then(e=>c(e,"CREDENTIALS_PROFILE_SOURCE_PROFILE","o"))}},p=e=>!e.role_arn&&!!e.credential_source,h=e("node:fs"),y=e("node:path");class C{profileData;init;callerClientConfig;static REFRESH_THRESHOLD=3e5;constructor(e,t,r){this.profileData=e,this.init=t,this.callerClientConfig=r}async loadCredentials(){let e=await this.loadToken();if(!e)throw new l(`Failed to load a token for session ${this.loginSession}, please re-authenticate using aws login`,{tryNextLink:!1,logger:this.logger});let t=e.accessToken,r=Date.now();return new Date(t.expiresAt).getTime()-r<=C.REFRESH_THRESHOLD?this.refresh(e):{accessKeyId:t.accessKeyId,secretAccessKey:t.secretAccessKey,sessionToken:t.sessionToken,accountId:t.accountId,expiration:new Date(t.expiresAt)}}get logger(){return this.init?.logger}get loginSession(){return this.profileData.login_session}async refresh(e){let t,{SigninClient:r,CreateOAuth2TokenCommand:n}=await import("./1~518.mjs").then(e=>({SigninClient:e.SigninClient,CreateOAuth2TokenCommand:e.CreateOAuth2TokenCommand})),{logger:o,userAgentAppId:i}=this.callerClientConfig??{},s=(t=this.callerClientConfig?.requestHandler,t?.metadata?.handlerProtocol==="h2")?void 0:this.callerClientConfig?.requestHandler,a=new r({credentials:{accessKeyId:"",secretAccessKey:""},region:this.profileData.region??await this.callerClientConfig?.region?.()??process.env.AWS_REGION,requestHandler:s,logger:o,userAgentAppId:i,...this.init?.clientConfig});this.createDPoPInterceptor(a.middlewareStack);let c={tokenInput:{clientId:e.clientId,refreshToken:e.refreshToken,grantType:"refresh_token"}};try{let t=await a.send(new n(c)),{accessKeyId:r,secretAccessKey:o,sessionToken:i}=t.tokenOutput?.accessToken??{},{refreshToken:s,expiresIn:d}=t.tokenOutput??{};if(!r\|\|!o\|\|!i\|\|!s)throw new l("Token refresh response missing required fields",{logger:this.logger,tryNextLink:!1});let f=new Date(Date.now()+(d??900)*1e3),g={...e,accessToken:{...e.accessToken,accessKeyId:r,secretAccessKey:o,sessionToken:i,expiresAt:f.toISOString()},refreshToken:s};await this.saveToken(g);let _=g.accessToken;return{accessKeyId:_.accessKeyId,secretAccessKey:_.secretAccessKey,sessionToken:_.sessionToken,accountId:_.accountId,expiration:f}}catch(e){if("AccessDeniedException"===e.name){let t;switch(e.error){case"TOKEN_EXPIRED":t="Your session has expired. Please reauthenticate.";break;case"USER_CREDENTIALS_CHANGED":t="Unable to refresh credentials because of a change in your password. Please reauthenticate with your new password.";break;case"INSUFFICIENT_PERMISSIONS":t="Unable to refresh credentials due to insufficient permissions. You may be missing permission for the 'CreateOAuth2Token' action.";break;default:t=`Failed to refresh token: ${String(e)}. Please re-authenticate using \`aws login\``}throw new l(t,{logger:this.logger,tryNextLink:!1})}throw new l(`Failed to refresh token: ${String(e)}. Please re-authenticate using aws login`,{logger:this.logger})}}async loadToken(){let e=this.getTokenFilePath();try{let t;try{t=await i(e,{ignoreCache:this.init?.ignoreCache})}catch{t=await h.promises.readFile(e,"utf8")}let r=JSON.parse(t),n=["accessToken","clientId","refreshToken","dpopKey"].filter(e=>!r[e]);if(r.accessToken?.accountId\|\|n.push("accountId"),n.length>0)throw new l(`Token validation failed, missing fields: ${n.join(", ")}`,{logger:this.logger,tryNextLink:!1});return r}catch(t){throw new l(`Failed to load token from ${e}: ${String(t)}`,{logger:this.logger,tryNextLink:!1})}}async saveToken(e){let t=this.getTokenFilePath(),r=(0,y.dirname)(t);try{await h.promises.mkdir(r,{recursive:!0})}catch(e){}await h.promises.writeFile(t,JSON.stringify(e,null,2),"utf8")}getTokenFilePath(){let e=process.env.AWS_LOGIN_CACHE_DIRECTORY??(0,y.join)(f(),".aws","login","cache"),r=Buffer.from(this.loginSession,"utf8"),n=t("sha256").update(r).digest("hex");return(0,y.join)(e,`${n}.json`)}derToRawSignature(e){let t=2;if(2!==e[2])throw Error("Invalid DER signature");t++;let r=e[t++],n=e.subarray(t,t+r);if(2!==e[t+=r])throw Error("Invalid DER signature");t++;let o=e[t++],i=e.subarray(t,t+o);n=0===n[0]?n.subarray(1):n,i=0===i[0]?i.subarray(1):i;let s=Buffer.concat([Buffer.alloc(32-n.length),n]),a=Buffer.concat([Buffer.alloc(32-i.length),i]);return Buffer.concat([s,a])}createDPoPInterceptor(e){e.add(e=>async t=>{if(d.isInstance(t.request)){let e=t.request,r=`${e.protocol}//${e.hostname}${e.port?`:${e.port}`:""}${e.path}`,n=await this.generateDpop(e.method,r);e.headers={...e.headers,DPoP:n}}return e(t)},{step:"finalizeRequest",name:"dpopInterceptor",override:!0})}async generateDpop(e="POST",t){let i=await this.loadToken();try{let s=r({key:i.dpopKey,format:"pem",type:"sec1"}),a=n(s).export({format:"der",type:"spki"}),l=-1;for(let e=0;e<a.length;e++)if(4===a[e]){l=e;break}let c=a.slice(l+1,l+33),d=a.slice(l+33,l+65),f={alg:"ES256",typ:"dpop+jwt",jwk:{kty:"EC",crv:"P-256",x:c.toString("base64url"),y:d.toString("base64url")}},g={jti:crypto.randomUUID(),htm:e,htu:t,iat:Math.floor(Date.now()/1e3)},_=Buffer.from(JSON.stringify(f)).toString("base64url"),u=Buffer.from(JSON.stringify(g)).toString("base64url"),p=`${_}.${u}`,h=o("sha256",Buffer.from(p),s),y=this.derToRawSignature(h).toString("base64url");return`${p}.${y}`}catch(e){throw new l(`Failed to generate Dpop proof: ${e instanceof Error?e.message:String(e)}`,{logger:this.logger,tryNextLink:!1})}}}let w=async(e,t,r)=>{let n,o=await (n={...t,profile:e},async({callerClientConfig:e}={})=>{n?.logger?.debug?.("@aws-sdk/credential-providers - fromLoginCredentials");let t=await g(n\|\|{}),r=a({profile:n?.profile??e?.profile}),o=t[r];if(!o?.login_session)throw new l(`Profile ${r} does not contain login_session.`,{tryNextLink:!0,logger:n?.logger});let i=new C(o,n,e);return c(await i.loadCredentials(),"CREDENTIALS_LOGIN","AD")})({callerClientConfig:r});return c(o,"CREDENTIALS_PROFILE_LOGIN","AC")},S=async(e,t)=>import("./1~844.mjs").then(e=>({fromProcess:e.fromProcess})).then(({fromProcess:r})=>r({...e,profile:t})().then(e=>c(e,"CREDENTIALS_PROFILE_PROCESS","v"))),m=async(e,t,r={},n)=>{let{fromSSO:o}=await import("./1~390.mjs").then(e=>({fromSSO:e.fromSSO}));return o({profile:e,logger:r.logger,parentClientConfig:r.parentClientConfig,clientConfig:r.clientConfig})({callerClientConfig:n}).then(e=>t.sso_session?c(e,"CREDENTIALS_PROFILE_SSO","r"):c(e,"CREDENTIALS_PROFILE_SSO_LEGACY","t"))},E=e=>!!e&&"object"==typeof e&&"string"==typeof e.aws_access_key_id&&"string"==typeof e.aws_secret_access_key&&["undefined","string"].indexOf(typeof e.aws_session_token)>-1&&["undefined","string"].indexOf(typeof e.aws_account_id)>-1,k=async(e,t)=>(t?.logger?.debug("@aws-sdk/credential-provider-ini - resolveStaticCredentials"),c({accessKeyId:e.aws_access_key_id,secretAccessKey:e.aws_secret_access_key,sessionToken:e.aws_session_token,...e.aws_credential_scope&&{credentialScope:e.aws_credential_scope},...e.aws_account_id&&{accountId:e.aws_account_id}},"CREDENTIALS_PROFILE","n")),I=async(e,t,r)=>import("./1~622.mjs").then(e=>({fromTokenFile:e.fromTokenFile})).then(({fromTokenFile:n})=>n({webIdentityTokenFile:e.web_identity_token_file,roleArn:e.role_arn,roleSessionName:e.role_session_name,roleAssumerWithWebIdentity:t.roleAssumerWithWebIdentity,logger:t.logger,parentClientConfig:t.parentClientConfig})({callerClientConfig:r}).then(e=>c(e,"CREDENTIALS_PROFILE_STS_WEB_ID_TOKEN","q"))),R=async(e,t,r,n,o={},i=!1)=>{let s=t[e];if(Object.keys(o).length>0&&E(s))return k(s,r);if(i\|\|((e,{profile:t="default",logger:r}={})=>!!e&&"object"==typeof e&&"string"==typeof e.role_arn&&["undefined","string"].indexOf(typeof e.role_session_name)>-1&&["undefined","string"].indexOf(typeof e.external_id)>-1&&["undefined","string"].indexOf(typeof e.mfa_serial)>-1&&(((e,{profile:t,logger:r})=>{let n="string"==typeof e.source_profile&&void 0===e.credential_source;return n&&r?.debug?.(` ${t} isAssumeRoleWithSourceProfile source_profile=${e.source_profile}`),n})(e,{profile:t,logger:r})\|\|((e,{profile:t,logger:r})=>{let n="string"==typeof e.credential_source&&void 0===e.source_profile;return n&&r?.debug?.(` ${t} isCredentialSourceProfile credential_source=${e.credential_source}`),n})(e,{profile:t,logger:r})))(s,{profile:e,logger:r.logger}))return u(e,t,r,n,o,R);if(E(s))return k(s,r);if(s&&"object"==typeof s&&"string"==typeof s.web_identity_token_file&&"string"==typeof s.role_arn&&["undefined","string"].indexOf(typeof s.role_session_name)>-1)return I(s,r,n);if(s&&"object"==typeof s&&"string"==typeof s.credential_process)return S(r,e);if(s&&("string"==typeof s.sso_start_url\|\|"string"==typeof s.sso_account_id\|\|"string"==typeof s.sso_session\|\|"string"==typeof s.sso_region\|\|"string"==typeof s.sso_role_name))return await m(e,s,r,n);if(s&&s.login_session)return w(e,r,n);throw new l(`Could not resolve credentials using profile: [${e}] in configuration/credentials file(s).`,{logger:r.logger})},A=(e={})=>async({callerClientConfig:t}={})=>{e.logger?.debug("@aws-sdk/credential-provider-ini - fromIni");let r=await g(e);return R(a({profile:e.profile??t?.profile}),r,e,t)};export{A as fromIni};
1	+ import{__webpack_require__ as e}from"./rslib-runtime.mjs";import{createHash as t,createPrivateKey as r,createPublicKey as n,sign as o}from"node:crypto";import{chain_chain as i,getProfileName as s,CredentialsProviderError as a,setCredentialFeature as l,HttpRequest as c,readFile as d}from"./131.mjs";import{homedir as f}from"./57.mjs";import{parseKnownFiles as g}from"./1~23.mjs";let _=e=>l(e,"CREDENTIALS_PROFILE_NAMED_PROVIDER","p"),u=async(e,t,r,n,o={},c)=>{r.logger?.debug("@aws-sdk/credential-provider-ini - resolveAssumeRoleCredentials (STS)");let d=t[e],{source_profile:f,region:g}=d;if(!r.roleAssumer){let{getDefaultRoleAssumer:e}=await import("./1~410.mjs").then(e=>({getDefaultRoleAssumer:e.defaultRoleAssumers_getDefaultRoleAssumer}));r.roleAssumer=e({...r.clientConfig,credentialProviderLogger:r.logger,parentClientConfig:{...n,...r?.parentClientConfig,region:g??r?.parentClientConfig?.region??n?.region}},r.clientPlugins)}if(f&&f in o)throw new a(`Detected a cycle attempting to resolve credentials for profile ${s(r)}. Profiles visited: `+Object.keys(o).join(", "),{logger:r.logger});r.logger?.debug(`@aws-sdk/credential-provider-ini - finding credential resolver using ${f?`source_profile=[${f}]`:`profile=[${e}]`}`);let u=f?c(f,t,r,n,{...o,[f]:!0},p(t[f]??{})):(await ((e,t,r)=>{let n={EcsContainer:async e=>{let{fromHttp:t}=await import("./1~35.mjs").then(e=>({fromHttp:e.fromHttp})),{fromContainerMetadata:n}=await import("./1~398.mjs").then(e=>({fromContainerMetadata:e.fromContainerMetadata}));return r?.debug("@aws-sdk/credential-provider-ini - credential_source is EcsContainer"),async()=>i(t(e??{}),n(e))().then(_)},Ec2InstanceMetadata:async e=>{r?.debug("@aws-sdk/credential-provider-ini - credential_source is Ec2InstanceMetadata");let{fromInstanceMetadata:t}=await import("./1~398.mjs").then(e=>({fromInstanceMetadata:e.fromInstanceMetadata}));return async()=>t(e)().then(_)},Environment:async e=>{r?.debug("@aws-sdk/credential-provider-ini - credential_source is Environment");let{fromEnv:t}=await import("./1~134.mjs").then(e=>({fromEnv:e.fromEnv_fromEnv}));return async()=>t(e)().then(_)}};if(e in n)return n[e];throw new a(`Unsupported credential source in profile ${t}. Got ${e}, expected EcsContainer or Ec2InstanceMetadata or Environment.`,{logger:r})})(d.credential_source,e,r.logger)(r))();if(p(d))return u.then(e=>l(e,"CREDENTIALS_PROFILE_SOURCE_PROFILE","o"));{let t={RoleArn:d.role_arn,RoleSessionName:d.role_session_name\|\|`aws-sdk-js-${Date.now()}`,ExternalId:d.external_id,DurationSeconds:parseInt(d.duration_seconds\|\|"3600",10)},{mfa_serial:n}=d;if(n){if(!r.mfaCodeProvider)throw new a(`Profile ${e} requires multi-factor authentication, but no MFA code callback was provided.`,{logger:r.logger,tryNextLink:!1});t.SerialNumber=n,t.TokenCode=await r.mfaCodeProvider(n)}let o=await u;return r.roleAssumer(o,t).then(e=>l(e,"CREDENTIALS_PROFILE_SOURCE_PROFILE","o"))}},p=e=>!e.role_arn&&!!e.credential_source,h=e("node:fs"),y=e("node:path");class C{profileData;init;callerClientConfig;static REFRESH_THRESHOLD=3e5;constructor(e,t,r){this.profileData=e,this.init=t,this.callerClientConfig=r}async loadCredentials(){let e=await this.loadToken();if(!e)throw new a(`Failed to load a token for session ${this.loginSession}, please re-authenticate using aws login`,{tryNextLink:!1,logger:this.logger});let t=e.accessToken,r=Date.now();return new Date(t.expiresAt).getTime()-r<=C.REFRESH_THRESHOLD?this.refresh(e):{accessKeyId:t.accessKeyId,secretAccessKey:t.secretAccessKey,sessionToken:t.sessionToken,accountId:t.accountId,expiration:new Date(t.expiresAt)}}get logger(){return this.init?.logger}get loginSession(){return this.profileData.login_session}async refresh(e){let t,{SigninClient:r,CreateOAuth2TokenCommand:n}=await import("./1~518.mjs").then(e=>({SigninClient:e.SigninClient,CreateOAuth2TokenCommand:e.CreateOAuth2TokenCommand})),{logger:o,userAgentAppId:i}=this.callerClientConfig??{},s=(t=this.callerClientConfig?.requestHandler,t?.metadata?.handlerProtocol==="h2")?void 0:this.callerClientConfig?.requestHandler,l=new r({credentials:{accessKeyId:"",secretAccessKey:""},region:this.profileData.region??await this.callerClientConfig?.region?.()??process.env.AWS_REGION,requestHandler:s,logger:o,userAgentAppId:i,...this.init?.clientConfig});this.createDPoPInterceptor(l.middlewareStack);let c={tokenInput:{clientId:e.clientId,refreshToken:e.refreshToken,grantType:"refresh_token"}};try{let t=await l.send(new n(c)),{accessKeyId:r,secretAccessKey:o,sessionToken:i}=t.tokenOutput?.accessToken??{},{refreshToken:s,expiresIn:d}=t.tokenOutput??{};if(!r\|\|!o\|\|!i\|\|!s)throw new a("Token refresh response missing required fields",{logger:this.logger,tryNextLink:!1});let f=new Date(Date.now()+(d??900)*1e3),g={...e,accessToken:{...e.accessToken,accessKeyId:r,secretAccessKey:o,sessionToken:i,expiresAt:f.toISOString()},refreshToken:s};await this.saveToken(g);let _=g.accessToken;return{accessKeyId:_.accessKeyId,secretAccessKey:_.secretAccessKey,sessionToken:_.sessionToken,accountId:_.accountId,expiration:f}}catch(e){if("AccessDeniedException"===e.name){let t;switch(e.error){case"TOKEN_EXPIRED":t="Your session has expired. Please reauthenticate.";break;case"USER_CREDENTIALS_CHANGED":t="Unable to refresh credentials because of a change in your password. Please reauthenticate with your new password.";break;case"INSUFFICIENT_PERMISSIONS":t="Unable to refresh credentials due to insufficient permissions. You may be missing permission for the 'CreateOAuth2Token' action.";break;default:t=`Failed to refresh token: ${String(e)}. Please re-authenticate using \`aws login\``}throw new a(t,{logger:this.logger,tryNextLink:!1})}throw new a(`Failed to refresh token: ${String(e)}. Please re-authenticate using aws login`,{logger:this.logger})}}async loadToken(){let e=this.getTokenFilePath();try{let t;try{t=await d(e,{ignoreCache:this.init?.ignoreCache})}catch{t=await h.promises.readFile(e,"utf8")}let r=JSON.parse(t),n=["accessToken","clientId","refreshToken","dpopKey"].filter(e=>!r[e]);if(r.accessToken?.accountId\|\|n.push("accountId"),n.length>0)throw new a(`Token validation failed, missing fields: ${n.join(", ")}`,{logger:this.logger,tryNextLink:!1});return r}catch(t){throw new a(`Failed to load token from ${e}: ${String(t)}`,{logger:this.logger,tryNextLink:!1})}}async saveToken(e){let t=this.getTokenFilePath(),r=(0,y.dirname)(t);try{await h.promises.mkdir(r,{recursive:!0})}catch(e){}await h.promises.writeFile(t,JSON.stringify(e,null,2),"utf8")}getTokenFilePath(){let e=process.env.AWS_LOGIN_CACHE_DIRECTORY??(0,y.join)(f(),".aws","login","cache"),r=Buffer.from(this.loginSession,"utf8"),n=t("sha256").update(r).digest("hex");return(0,y.join)(e,`${n}.json`)}derToRawSignature(e){let t=2;if(2!==e[2])throw Error("Invalid DER signature");t++;let r=e[t++],n=e.subarray(t,t+r);if(2!==e[t+=r])throw Error("Invalid DER signature");t++;let o=e[t++],i=e.subarray(t,t+o);n=0===n[0]?n.subarray(1):n,i=0===i[0]?i.subarray(1):i;let s=Buffer.concat([Buffer.alloc(32-n.length),n]),a=Buffer.concat([Buffer.alloc(32-i.length),i]);return Buffer.concat([s,a])}createDPoPInterceptor(e){e.add(e=>async t=>{if(c.isInstance(t.request)){let e=t.request,r=`${e.protocol}//${e.hostname}${e.port?`:${e.port}`:""}${e.path}`,n=await this.generateDpop(e.method,r);e.headers={...e.headers,DPoP:n}}return e(t)},{step:"finalizeRequest",name:"dpopInterceptor",override:!0})}async generateDpop(e="POST",t){let i=await this.loadToken();try{let s=r({key:i.dpopKey,format:"pem",type:"sec1"}),a=n(s).export({format:"der",type:"spki"}),l=-1;for(let e=0;e<a.length;e++)if(4===a[e]){l=e;break}let c=a.slice(l+1,l+33),d=a.slice(l+33,l+65),f={alg:"ES256",typ:"dpop+jwt",jwk:{kty:"EC",crv:"P-256",x:c.toString("base64url"),y:d.toString("base64url")}},g={jti:crypto.randomUUID(),htm:e,htu:t,iat:Math.floor(Date.now()/1e3)},_=Buffer.from(JSON.stringify(f)).toString("base64url"),u=Buffer.from(JSON.stringify(g)).toString("base64url"),p=`${_}.${u}`,h=o("sha256",Buffer.from(p),s),y=this.derToRawSignature(h).toString("base64url");return`${p}.${y}`}catch(e){throw new a(`Failed to generate Dpop proof: ${e instanceof Error?e.message:String(e)}`,{logger:this.logger,tryNextLink:!1})}}}let w=async(e,t,r)=>{let n,o=await (n={...t,profile:e},async({callerClientConfig:e}={})=>{n?.logger?.debug?.("@aws-sdk/credential-providers - fromLoginCredentials");let t=await g(n\|\|{}),r=s({profile:n?.profile??e?.profile}),o=t[r];if(!o?.login_session)throw new a(`Profile ${r} does not contain login_session.`,{tryNextLink:!0,logger:n?.logger});let i=new C(o,n,e);return l(await i.loadCredentials(),"CREDENTIALS_LOGIN","AD")})({callerClientConfig:r});return l(o,"CREDENTIALS_PROFILE_LOGIN","AC")},S=async(e,t)=>import("./1~844.mjs").then(e=>({fromProcess:e.fromProcess})).then(({fromProcess:r})=>r({...e,profile:t})().then(e=>l(e,"CREDENTIALS_PROFILE_PROCESS","v"))),m=async(e,t,r={},n)=>{let{fromSSO:o}=await import("./1~390.mjs").then(e=>({fromSSO:e.fromSSO}));return o({profile:e,logger:r.logger,parentClientConfig:r.parentClientConfig,clientConfig:r.clientConfig})({callerClientConfig:n}).then(e=>t.sso_session?l(e,"CREDENTIALS_PROFILE_SSO","r"):l(e,"CREDENTIALS_PROFILE_SSO_LEGACY","t"))},E=e=>!!e&&"object"==typeof e&&"string"==typeof e.aws_access_key_id&&"string"==typeof e.aws_secret_access_key&&["undefined","string"].indexOf(typeof e.aws_session_token)>-1&&["undefined","string"].indexOf(typeof e.aws_account_id)>-1,k=async(e,t)=>(t?.logger?.debug("@aws-sdk/credential-provider-ini - resolveStaticCredentials"),l({accessKeyId:e.aws_access_key_id,secretAccessKey:e.aws_secret_access_key,sessionToken:e.aws_session_token,...e.aws_credential_scope&&{credentialScope:e.aws_credential_scope},...e.aws_account_id&&{accountId:e.aws_account_id}},"CREDENTIALS_PROFILE","n")),I=async(e,t,r)=>import("./1~622.mjs").then(e=>({fromTokenFile:e.fromTokenFile})).then(({fromTokenFile:n})=>n({webIdentityTokenFile:e.web_identity_token_file,roleArn:e.role_arn,roleSessionName:e.role_session_name,roleAssumerWithWebIdentity:t.roleAssumerWithWebIdentity,logger:t.logger,parentClientConfig:t.parentClientConfig})({callerClientConfig:r}).then(e=>l(e,"CREDENTIALS_PROFILE_STS_WEB_ID_TOKEN","q"))),R=async(e,t,r,n,o={},i=!1)=>{let s=t[e];if(Object.keys(o).length>0&&E(s))return k(s,r);if(i\|\|((e,{profile:t="default",logger:r}={})=>!!e&&"object"==typeof e&&"string"==typeof e.role_arn&&["undefined","string"].indexOf(typeof e.role_session_name)>-1&&["undefined","string"].indexOf(typeof e.external_id)>-1&&["undefined","string"].indexOf(typeof e.mfa_serial)>-1&&(((e,{profile:t,logger:r})=>{let n="string"==typeof e.source_profile&&void 0===e.credential_source;return n&&r?.debug?.(` ${t} isAssumeRoleWithSourceProfile source_profile=${e.source_profile}`),n})(e,{profile:t,logger:r})\|\|((e,{profile:t,logger:r})=>{let n="string"==typeof e.credential_source&&void 0===e.source_profile;return n&&r?.debug?.(` ${t} isCredentialSourceProfile credential_source=${e.credential_source}`),n})(e,{profile:t,logger:r})))(s,{profile:e,logger:r.logger}))return u(e,t,r,n,o,R);if(E(s))return k(s,r);if(s&&"object"==typeof s&&"string"==typeof s.web_identity_token_file&&"string"==typeof s.role_arn&&["undefined","string"].indexOf(typeof s.role_session_name)>-1)return I(s,r,n);if(s&&"object"==typeof s&&"string"==typeof s.credential_process)return S(r,e);if(s&&("string"==typeof s.sso_start_url\|\|"string"==typeof s.sso_account_id\|\|"string"==typeof s.sso_session\|\|"string"==typeof s.sso_region\|\|"string"==typeof s.sso_role_name))return await m(e,s,r,n);if(s&&s.login_session)return w(e,r,n);throw new a(`Could not resolve credentials using profile: [${e}] in configuration/credentials file(s).`,{logger:r.logger})},A=(e={})=>async({callerClientConfig:t}={})=>{e.logger?.debug("@aws-sdk/credential-provider-ini - fromIni");let r=await g(e);return R(s({profile:e.profile??t?.profile}),r,e,t)};export{A as fromIni};

package/dist/esm/1~390.mjs CHANGED Viewed

@@ -1,2 +1,2 @@
-import{__webpack_require__ as e}from"./rslib-runtime.mjs";import{profile_IniSectionType as t,getProfileName as o,CredentialsProviderError as r,setCredentialFeature as i,readFile_readFile as n,getConfigFilepath as s,ProviderError as a,parseIni as l}from"./131.mjs";import{getSSOTokenFilepath as g,getSSOTokenFromFile as c}from"./1~462.mjs";import{parseKnownFiles as f}from"./1~23.mjs";let p=e=>Object.entries(e).filter(([e])=>e.startsWith(t.SSO_SESSION+".")).reduce((e,[t,o])=>({...e,[t.substring(t.indexOf(".")+1)]:o}),{}),w=()=>({}),h=async(e={})=>n(e.configFilepath??s()).then(l).then(p).catch(w);class _ extends a{name="TokenProviderError";constructor(e,t=!0){super(e,t),Object.setPrototypeOf(this,_.prototype)}}let S="To refresh this SSO session run 'aws sso login' with the corresponding profile.",d=async(e,t={},o)=>{let{SSOOIDCClient:r}=await import("./1~45.mjs").then(e=>({SSOOIDCClient:e.SSOOIDCClient})),i=e=>t.clientConfig?.[e]??t.parentClientConfig?.[e]??o?.[e];return new r(Object.assign({},t.clientConfig??{},{region:e??t.clientConfig?.region,logger:i("logger"),userAgentAppId:i("userAgentAppId")}))},C=async(e,t,o={},r)=>{let{CreateTokenCommand:i}=await import("./1~45.mjs").then(e=>({CreateTokenCommand:e.CreateTokenCommand}));return(await d(t,o,r)).send(new i({clientId:e.clientId,clientSecret:e.clientSecret,refreshToken:e.refreshToken,grantType:"refresh_token"}))},u=e=>{if(e.expiration&&e.expiration.getTime()<Date.now())throw new _(`Token is expired. ${S}`,!1)},m=(e,t,o=!1)=>{if(void 0===t)throw new _(`Value not present for '${e}' in SSO Token${o?". Cannot refresh":""}. ${S}`,!1)},{writeFile:k}=e("fs").promises,y=new Date(0),O=async({ssoStartUrl:e,ssoSession:t,ssoAccountId:n,ssoRegion:s,ssoRoleName:a,ssoClient:l,clientConfig:p,parentClientConfig:w,callerClientConfig:d,profile:O,filepath:T,configFilepath:x,ignoreCache:A,logger:I})=>{let N,$,R="To refresh this SSO session run aws sso login with the corresponding profile.";if(t)try{let e=await ((e={})=>async({callerClientConfig:t}={})=>{let r;e.logger?.debug("@aws-sdk/token-providers - fromSso");let i=await f(e),n=o({profile:e.profile??t?.profile}),s=i[n];if(s){if(!s.sso_session)throw new _(`Profile '${n}' is missing required property 'sso_session'.`)}else throw new _(`Profile '${n}' could not be found in shared credentials file.`,!1);let a=s.sso_session,l=(await h(e))[a];if(!l)throw new _(`Sso session '${a}' could not be found in shared credentials file.`,!1);for(let e of["sso_start_url","sso_region"])if(!l[e])throw new _(`Sso session '${a}' is missing required property '${e}'.`,!1);l.sso_start_url;let p=l.sso_region;try{r=await c(a)}catch(e){throw new _(`The SSO session token associated with profile=${n} was not found or is invalid. ${S}`,!1)}m("accessToken",r.accessToken),m("expiresAt",r.expiresAt);let{accessToken:w,expiresAt:d}=r,O={token:w,expiration:new Date(d)};if(O.expiration.getTime()-Date.now()>3e5)return O;if(Date.now()-y.getTime()<3e4)return u(O),O;m("clientId",r.clientId,!0),m("clientSecret",r.clientSecret,!0),m("refreshToken",r.refreshToken,!0);try{y.setTime(Date.now());let o=await C(r,p,e,t);m("accessToken",o.accessToken),m("expiresIn",o.expiresIn);let i=new Date(Date.now()+1e3*o.expiresIn);try{var T;let e;await (T={...r,accessToken:o.accessToken,expiresAt:i.toISOString(),refreshToken:o.refreshToken},e=g(a),k(e,JSON.stringify(T,null,2)))}catch(e){}return{token:o.accessToken,expiration:i}}catch(e){return u(O),O}})({profile:O,filepath:T,configFilepath:x,ignoreCache:A})();N={accessToken:e.token,expiresAt:new Date(e.expiration).toISOString()}}catch(e){throw new r(e.message,{tryNextLink:!1,logger:I})}else try{N=await c(e)}catch(e){throw new r(`The SSO session associated with this profile is invalid. ${R}`,{tryNextLink:!1,logger:I})}if(new Date(N.expiresAt).getTime()-Date.now()<=0)throw new r(`The SSO session associated with this profile has expired. ${R}`,{tryNextLink:!1,logger:I});let{accessToken:D}=N,{SSOClient:E,GetRoleCredentialsCommand:K}=await import("./1~967.mjs").then(e=>({SSOClient:e.SSOClient,GetRoleCredentialsCommand:e.GetRoleCredentialsCommand})),P=l||new E(Object.assign({},p??{},{logger:p?.logger??d?.logger??w?.logger,region:p?.region??s,userAgentAppId:p?.userAgentAppId??d?.userAgentAppId??w?.userAgentAppId}));try{$=await P.send(new K({accountId:n,roleName:a,accessToken:D}))}catch(e){throw new r(e,{tryNextLink:!1,logger:I})}let{roleCredentials:{accessKeyId:L,secretAccessKey:b,sessionToken:v,expiration:U,credentialScope:H,accountId:M}={}}=$;if(!L||!b||!v||!U)throw new r("SSO returns an invalid temporary credential.",{tryNextLink:!1,logger:I});let j={accessKeyId:L,secretAccessKey:b,sessionToken:v,expiration:new Date(U),...H&&{credentialScope:H},...M&&{accountId:M}};return t?i(j,"CREDENTIALS_SSO","s"):i(j,"CREDENTIALS_SSO_LEGACY","u"),j},T=(e={})=>async({callerClientConfig:t}={})=>{e.logger?.debug("@aws-sdk/credential-provider-sso - fromSSO");let{ssoStartUrl:i,ssoAccountId:n,ssoRegion:s,ssoRoleName:a,ssoSession:l}=e,{ssoClient:g}=e,c=o({profile:e.profile??t?.profile});if(i||n||s||a||l)if(i&&n&&s&&a)return O({ssoStartUrl:i,ssoSession:l,ssoAccountId:n,ssoRegion:s,ssoRoleName:a,ssoClient:g,clientConfig:e.clientConfig,parentClientConfig:e.parentClientConfig,callerClientConfig:e.callerClientConfig,profile:c,filepath:e.filepath,configFilepath:e.configFilepath,ignoreCache:e.ignoreCache,logger:e.logger});else throw new r('Incomplete configuration. The fromSSO() argument hash must include "ssoStartUrl", "ssoAccountId", "ssoRegion", "ssoRoleName"',{tryNextLink:!1,logger:e.logger});{let t=(await f(e))[c];if(!t)throw new r(`Profile ${c} was not found.`,{logger:e.logger});if(!(t&&("string"==typeof t.sso_start_url||"string"==typeof t.sso_account_id||"string"==typeof t.sso_session||"string"==typeof t.sso_region||"string"==typeof t.sso_role_name)))throw new r(`Profile ${c} is not configured with SSO credentials.`,{logger:e.logger});if(t?.sso_session){let o=(await h(e))[t.sso_session],n=` configurations in profile ${c} and sso-session ${t.sso_session}`;if(s&&s!==o.sso_region)throw new r("Conflicting SSO region"+n,{tryNextLink:!1,logger:e.logger});if(i&&i!==o.sso_start_url)throw new r("Conflicting SSO start_url"+n,{tryNextLink:!1,logger:e.logger});t.sso_region=o.sso_region,t.sso_start_url=o.sso_start_url}let{sso_start_url:o,sso_account_id:n,sso_region:a,sso_role_name:l,sso_session:p}=((e,t)=>{let{sso_start_url:o,sso_account_id:i,sso_region:n,sso_role_name:s}=e;if(!o||!i||!n||!s)throw new r(`Profile is configured with invalid SSO credentials. Required parameters "sso_account_id", "sso_region", "sso_role_name", "sso_start_url". Got ${Object.keys(e).join(", ")}
-Reference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`,{tryNextLink:!1,logger:t});return e})(t,e.logger);return O({ssoStartUrl:o,ssoSession:p,ssoAccountId:n,ssoRegion:a,ssoRoleName:l,ssoClient:g,clientConfig:e.clientConfig,parentClientConfig:e.parentClientConfig,callerClientConfig:e.callerClientConfig,profile:c,filepath:e.filepath,configFilepath:e.configFilepath,ignoreCache:e.ignoreCache,logger:e.logger})}};export{T as fromSSO};
+import{__webpack_require__ as e}from"./rslib-runtime.mjs";import{readFile as t,profile_IniSectionType as o,getProfileName as r,CredentialsProviderError as i,setCredentialFeature as n,getConfigFilepath as s,ProviderError as a,parseIni as l}from"./131.mjs";import{getSSOTokenFilepath as g,getSSOTokenFromFile as c}from"./1~462.mjs";import{parseKnownFiles as f}from"./1~23.mjs";let p=e=>Object.entries(e).filter(([e])=>e.startsWith(o.SSO_SESSION+".")).reduce((e,[t,o])=>({...e,[t.substring(t.indexOf(".")+1)]:o}),{}),w=()=>({}),h=async(e={})=>t(e.configFilepath??s()).then(l).then(p).catch(w);class _ extends a{name="TokenProviderError";constructor(e,t=!0){super(e,t),Object.setPrototypeOf(this,_.prototype)}}let S="To refresh this SSO session run 'aws sso login' with the corresponding profile.",d=async(e,t={},o)=>{let{SSOOIDCClient:r}=await import("./1~45.mjs").then(e=>({SSOOIDCClient:e.SSOOIDCClient})),i=e=>t.clientConfig?.[e]??t.parentClientConfig?.[e]??o?.[e];return new r(Object.assign({},t.clientConfig??{},{region:e??t.clientConfig?.region,logger:i("logger"),userAgentAppId:i("userAgentAppId")}))},C=async(e,t,o={},r)=>{let{CreateTokenCommand:i}=await import("./1~45.mjs").then(e=>({CreateTokenCommand:e.CreateTokenCommand}));return(await d(t,o,r)).send(new i({clientId:e.clientId,clientSecret:e.clientSecret,refreshToken:e.refreshToken,grantType:"refresh_token"}))},u=e=>{if(e.expiration&&e.expiration.getTime()<Date.now())throw new _(`Token is expired. ${S}`,!1)},m=(e,t,o=!1)=>{if(void 0===t)throw new _(`Value not present for '${e}' in SSO Token${o?". Cannot refresh":""}. ${S}`,!1)},{writeFile:k}=e("fs").promises,y=new Date(0),O=async({ssoStartUrl:e,ssoSession:t,ssoAccountId:o,ssoRegion:s,ssoRoleName:a,ssoClient:l,clientConfig:p,parentClientConfig:w,callerClientConfig:d,profile:O,filepath:T,configFilepath:x,ignoreCache:A,logger:I})=>{let N,$,R="To refresh this SSO session run aws sso login with the corresponding profile.";if(t)try{let e=await ((e={})=>async({callerClientConfig:t}={})=>{let o;e.logger?.debug("@aws-sdk/token-providers - fromSso");let i=await f(e),n=r({profile:e.profile??t?.profile}),s=i[n];if(s){if(!s.sso_session)throw new _(`Profile '${n}' is missing required property 'sso_session'.`)}else throw new _(`Profile '${n}' could not be found in shared credentials file.`,!1);let a=s.sso_session,l=(await h(e))[a];if(!l)throw new _(`Sso session '${a}' could not be found in shared credentials file.`,!1);for(let e of["sso_start_url","sso_region"])if(!l[e])throw new _(`Sso session '${a}' is missing required property '${e}'.`,!1);l.sso_start_url;let p=l.sso_region;try{o=await c(a)}catch(e){throw new _(`The SSO session token associated with profile=${n} was not found or is invalid. ${S}`,!1)}m("accessToken",o.accessToken),m("expiresAt",o.expiresAt);let{accessToken:w,expiresAt:d}=o,O={token:w,expiration:new Date(d)};if(O.expiration.getTime()-Date.now()>3e5)return O;if(Date.now()-y.getTime()<3e4)return u(O),O;m("clientId",o.clientId,!0),m("clientSecret",o.clientSecret,!0),m("refreshToken",o.refreshToken,!0);try{y.setTime(Date.now());let r=await C(o,p,e,t);m("accessToken",r.accessToken),m("expiresIn",r.expiresIn);let i=new Date(Date.now()+1e3*r.expiresIn);try{var T;let e;await (T={...o,accessToken:r.accessToken,expiresAt:i.toISOString(),refreshToken:r.refreshToken},e=g(a),k(e,JSON.stringify(T,null,2)))}catch(e){}return{token:r.accessToken,expiration:i}}catch(e){return u(O),O}})({profile:O,filepath:T,configFilepath:x,ignoreCache:A})();N={accessToken:e.token,expiresAt:new Date(e.expiration).toISOString()}}catch(e){throw new i(e.message,{tryNextLink:!1,logger:I})}else try{N=await c(e)}catch(e){throw new i(`The SSO session associated with this profile is invalid. ${R}`,{tryNextLink:!1,logger:I})}if(new Date(N.expiresAt).getTime()-Date.now()<=0)throw new i(`The SSO session associated with this profile has expired. ${R}`,{tryNextLink:!1,logger:I});let{accessToken:D}=N,{SSOClient:E,GetRoleCredentialsCommand:K}=await import("./1~967.mjs").then(e=>({SSOClient:e.SSOClient,GetRoleCredentialsCommand:e.GetRoleCredentialsCommand})),P=l||new E(Object.assign({},p??{},{logger:p?.logger??d?.logger??w?.logger,region:p?.region??s,userAgentAppId:p?.userAgentAppId??d?.userAgentAppId??w?.userAgentAppId}));try{$=await P.send(new K({accountId:o,roleName:a,accessToken:D}))}catch(e){throw new i(e,{tryNextLink:!1,logger:I})}let{roleCredentials:{accessKeyId:L,secretAccessKey:b,sessionToken:v,expiration:U,credentialScope:H,accountId:M}={}}=$;if(!L||!b||!v||!U)throw new i("SSO returns an invalid temporary credential.",{tryNextLink:!1,logger:I});let j={accessKeyId:L,secretAccessKey:b,sessionToken:v,expiration:new Date(U),...H&&{credentialScope:H},...M&&{accountId:M}};return t?n(j,"CREDENTIALS_SSO","s"):n(j,"CREDENTIALS_SSO_LEGACY","u"),j},T=(e={})=>async({callerClientConfig:t}={})=>{e.logger?.debug("@aws-sdk/credential-provider-sso - fromSSO");let{ssoStartUrl:o,ssoAccountId:n,ssoRegion:s,ssoRoleName:a,ssoSession:l}=e,{ssoClient:g}=e,c=r({profile:e.profile??t?.profile});if(o||n||s||a||l)if(o&&n&&s&&a)return O({ssoStartUrl:o,ssoSession:l,ssoAccountId:n,ssoRegion:s,ssoRoleName:a,ssoClient:g,clientConfig:e.clientConfig,parentClientConfig:e.parentClientConfig,callerClientConfig:e.callerClientConfig,profile:c,filepath:e.filepath,configFilepath:e.configFilepath,ignoreCache:e.ignoreCache,logger:e.logger});else throw new i('Incomplete configuration. The fromSSO() argument hash must include "ssoStartUrl", "ssoAccountId", "ssoRegion", "ssoRoleName"',{tryNextLink:!1,logger:e.logger});{let t=(await f(e))[c];if(!t)throw new i(`Profile ${c} was not found.`,{logger:e.logger});if(!(t&&("string"==typeof t.sso_start_url||"string"==typeof t.sso_account_id||"string"==typeof t.sso_session||"string"==typeof t.sso_region||"string"==typeof t.sso_role_name)))throw new i(`Profile ${c} is not configured with SSO credentials.`,{logger:e.logger});if(t?.sso_session){let r=(await h(e))[t.sso_session],n=` configurations in profile ${c} and sso-session ${t.sso_session}`;if(s&&s!==r.sso_region)throw new i("Conflicting SSO region"+n,{tryNextLink:!1,logger:e.logger});if(o&&o!==r.sso_start_url)throw new i("Conflicting SSO start_url"+n,{tryNextLink:!1,logger:e.logger});t.sso_region=r.sso_region,t.sso_start_url=r.sso_start_url}let{sso_start_url:r,sso_account_id:n,sso_region:a,sso_role_name:l,sso_session:p}=((e,t)=>{let{sso_start_url:o,sso_account_id:r,sso_region:n,sso_role_name:s}=e;if(!o||!r||!n||!s)throw new i(`Profile is configured with invalid SSO credentials. Required parameters "sso_account_id", "sso_region", "sso_role_name", "sso_start_url". Got ${Object.keys(e).join(", ")}
+Reference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`,{tryNextLink:!1,logger:t});return e})(t,e.logger);return O({ssoStartUrl:r,ssoSession:p,ssoAccountId:n,ssoRegion:a,ssoRoleName:l,ssoClient:g,clientConfig:e.clientConfig,parentClientConfig:e.parentClientConfig,callerClientConfig:e.callerClientConfig,profile:c,filepath:e.filepath,configFilepath:e.configFilepath,ignoreCache:e.ignoreCache,logger:e.logger})}};export{T as fromSSO};

package/dist/esm/1~398.mjs CHANGED Viewed

@@ -1,2 +1,2 @@
-var e,t,a,r;import{parse as n}from"url";import{loadConfig as o,dist_es_parseUrl as i,external_buffer_Buffer as s,ProviderError as c,CredentialsProviderError as l,external_http_request as d}from"./131.mjs";function p(e){return new Promise((t,a)=>{let r=d({method:"GET",...e,hostname:e.hostname?.replace(/^\[(.+)\]$/,"$1")});r.on("error",e=>{a(Object.assign(new c("Unable to connect to instance metadata service"),e)),r.destroy()}),r.on("timeout",()=>{a(new c("TimeoutError from instance metadata service")),r.destroy()}),r.on("response",e=>{let{statusCode:n=400}=e;(n<200||300<=n)&&(a(Object.assign(new c("Error response received from instance metadata service"),{statusCode:n})),r.destroy());let o=[];e.on("data",e=>{o.push(e)}),e.on("end",()=>{t(s.concat(o)),r.destroy()})}),r.end()})}let u=e=>!!e&&"object"==typeof e&&"string"==typeof e.AccessKeyId&&"string"==typeof e.SecretAccessKey&&"string"==typeof e.Token&&"string"==typeof e.Expiration,h=e=>({accessKeyId:e.AccessKeyId,secretAccessKey:e.SecretAccessKey,sessionToken:e.Token,expiration:new Date(e.Expiration),...e.AccountId&&{accountId:e.AccountId}}),m=1e3,f=0,v=({maxRetries:e=f,timeout:t=m})=>({maxRetries:e,timeout:t}),g=(e,t)=>{let a=e();for(let r=0;r<t;r++)a=a.catch(e);return a},w="AWS_CONTAINER_CREDENTIALS_FULL_URI",_="AWS_CONTAINER_CREDENTIALS_RELATIVE_URI",y="AWS_CONTAINER_AUTHORIZATION_TOKEN",I=(e={})=>{let{timeout:t,maxRetries:a}=v(e);return()=>g(async()=>{let a=await b({logger:e.logger}),r=JSON.parse(await E(t,a));if(!u(r))throw new l("Invalid response received from instance metadata service.",{logger:e.logger});return h(r)},a)},E=async(e,t)=>(process.env[y]&&(t.headers={...t.headers,Authorization:process.env[y]}),(await p({...t,timeout:e})).toString()),A={localhost:!0,"127.0.0.1":!0},S={"http:":!0,"https:":!0},b=async({logger:e})=>{if(process.env[_])return{hostname:"169.254.170.2",path:process.env[_]};if(process.env[w]){let t=n(process.env[w]);if(!t.hostname||!(t.hostname in A))throw new l(`${t.hostname} is not a valid container metadata service hostname`,{tryNextLink:!1,logger:e});if(!t.protocol||!(t.protocol in S))throw new l(`${t.protocol} is not a valid container metadata service protocol`,{tryNextLink:!1,logger:e});return{...t,port:t.port?parseInt(t.port,10):void 0}}throw new l(`The container metadata credential provider cannot be used unless the ${_} or ${w} environment variable is set`,{tryNextLink:!1,logger:e})};class T extends l{tryNextLink;name="InstanceMetadataV1FallbackError";constructor(e,t=!0){super(e,t),this.tryNextLink=t,Object.setPrototypeOf(this,T.prototype)}}(a=e||(e={})).IPv4="http://169.254.169.254",a.IPv6="http://[fd00:ec2::254]";let N={environmentVariableSelector:e=>e.AWS_EC2_METADATA_SERVICE_ENDPOINT,configFileSelector:e=>e.ec2_metadata_service_endpoint,default:void 0};(r=t||(t={})).IPv4="IPv4",r.IPv6="IPv6";let D={environmentVariableSelector:e=>e.AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE,configFileSelector:e=>e.ec2_metadata_service_endpoint_mode,default:t.IPv4},C=async()=>i(await k()||await x()),k=async()=>o(N)(),x=async()=>{let a=await o(D)();switch(a){case t.IPv4:return e.IPv4;case t.IPv6:return e.IPv6;default:throw Error(`Unsupported endpoint mode: ${a}. Select from ${Object.values(t)}`)}},M=(e,t)=>{let a=300+Math.floor(300*Math.random()),r=new Date(Date.now()+1e3*a);t.warn(`Attempting credential expiration extension due to a credential service availability issue. A refresh of these credentials will be attempted after ${new Date(r)}.
-For more information, please visit: https://docs.aws.amazon.com/sdkref/latest/guide/feature-static-credentials.html`);let n=e.originalExpiration??e.expiration;return{...e,...n?{originalExpiration:n}:{},expiration:r}},O="/latest/meta-data/iam/security-credentials/",P="AWS_EC2_METADATA_V1_DISABLED",R="ec2_metadata_v1_disabled",L="x-aws-ec2-metadata-token",V=(e={})=>((e,t={})=>{let a,r=t?.logger||console;return async()=>{let t;try{(t=await e()).expiration&&t.expiration.getTime()<Date.now()&&(t=M(t,r))}catch(e){if(a)r.warn("Credential renew failed: ",e),t=M(a,r);else throw e}return a=t,t}})($(e),{logger:e.logger}),$=(e={})=>{let t=!1,{logger:a,profile:r}=e,{timeout:n,maxRetries:i}=v(e),s=async(a,n)=>{if(t||n.headers?.[L]==null){let t=!1,a=!1,n=await o({environmentVariableSelector:t=>{let r=t[P];if(a=!!r&&"false"!==r,void 0===r)throw new l(`${P} not set in env, checking config file next.`,{logger:e.logger});return a},configFileSelector:e=>{let a=e[R];return t=!!a&&"false"!==a},default:!1},{profile:r})();if(e.ec2MetadataV1Disabled||n){let r=[];throw e.ec2MetadataV1Disabled&&r.push("credential provider initialization (runtime option ec2MetadataV1Disabled)"),t&&r.push(`config file profile (${R})`),a&&r.push(`process environment variable (${P})`),new T(`AWS EC2 Metadata v1 fallback has been blocked by AWS SDK configuration in the following: [${r.join(", ")}].`)}}let i=(await g(async()=>{let e;try{e=await U(n)}catch(e){throw 401===e.statusCode&&(t=!1),e}return e},a)).trim();return g(async()=>{let a;try{a=await W(i,n,e)}catch(e){throw 401===e.statusCode&&(t=!1),e}return a},a)};return async()=>{let e=await C();if(t)return a?.debug("AWS SDK Instance Metadata","using v1 fallback (no token fetch)"),s(i,{...e,timeout:n});{let r;try{r=(await K({...e,timeout:n})).toString()}catch(r){if(r?.statusCode===400)throw Object.assign(r,{message:"EC2 Metadata token request returned error"});return("TimeoutError"===r.message||[403,404,405].includes(r.statusCode))&&(t=!0),a?.debug("AWS SDK Instance Metadata","using v1 fallback (initial)"),s(i,{...e,timeout:n})}return s(i,{...e,headers:{[L]:r},timeout:n})}}},K=async e=>p({...e,path:"/latest/api/token",method:"PUT",headers:{"x-aws-ec2-metadata-token-ttl-seconds":"21600"}}),U=async e=>(await p({...e,path:O})).toString(),W=async(e,t,a)=>{let r=JSON.parse((await p({...t,path:O+e})).toString());if(!u(r))throw new l("Invalid response received from instance metadata service.",{logger:a.logger});return h(r)};export{w as ENV_CMDS_FULL_URI,_ as ENV_CMDS_RELATIVE_URI,I as fromContainerMetadata,V as fromInstanceMetadata,C as getInstanceMetadataEndpoint,p as httpRequest};
+var e,t,a,r;import{__webpack_require__ as n}from"./rslib-runtime.mjs";import{parse as o}from"url";import{loadConfig as i,dist_es_parseUrl as s,ProviderError as c,CredentialsProviderError as l,external_http_request as d}from"./131.mjs";let p=n("buffer");function u(e){return new Promise((t,a)=>{let r=d({method:"GET",...e,hostname:e.hostname?.replace(/^\[(.+)\]$/,"$1")});r.on("error",e=>{a(Object.assign(new c("Unable to connect to instance metadata service"),e)),r.destroy()}),r.on("timeout",()=>{a(new c("TimeoutError from instance metadata service")),r.destroy()}),r.on("response",e=>{let{statusCode:n=400}=e;(n<200||300<=n)&&(a(Object.assign(new c("Error response received from instance metadata service"),{statusCode:n})),r.destroy());let o=[];e.on("data",e=>{o.push(e)}),e.on("end",()=>{t(p.Buffer.concat(o)),r.destroy()})}),r.end()})}let f=e=>!!e&&"object"==typeof e&&"string"==typeof e.AccessKeyId&&"string"==typeof e.SecretAccessKey&&"string"==typeof e.Token&&"string"==typeof e.Expiration,m=e=>({accessKeyId:e.AccessKeyId,secretAccessKey:e.SecretAccessKey,sessionToken:e.Token,expiration:new Date(e.Expiration),...e.AccountId&&{accountId:e.AccountId}}),h=1e3,v=0,g=({maxRetries:e=v,timeout:t=h})=>({maxRetries:e,timeout:t}),w=(e,t)=>{let a=e();for(let r=0;r<t;r++)a=a.catch(e);return a},_="AWS_CONTAINER_CREDENTIALS_FULL_URI",y="AWS_CONTAINER_CREDENTIALS_RELATIVE_URI",I="AWS_CONTAINER_AUTHORIZATION_TOKEN",E=(e={})=>{let{timeout:t,maxRetries:a}=g(e);return()=>w(async()=>{let a=await T({logger:e.logger}),r=JSON.parse(await A(t,a));if(!f(r))throw new l("Invalid response received from instance metadata service.",{logger:e.logger});return m(r)},a)},A=async(e,t)=>(process.env[I]&&(t.headers={...t.headers,Authorization:process.env[I]}),(await u({...t,timeout:e})).toString()),S={localhost:!0,"127.0.0.1":!0},b={"http:":!0,"https:":!0},T=async({logger:e})=>{if(process.env[y])return{hostname:"169.254.170.2",path:process.env[y]};if(process.env[_]){let t=o(process.env[_]);if(!t.hostname||!(t.hostname in S))throw new l(`${t.hostname} is not a valid container metadata service hostname`,{tryNextLink:!1,logger:e});if(!t.protocol||!(t.protocol in b))throw new l(`${t.protocol} is not a valid container metadata service protocol`,{tryNextLink:!1,logger:e});return{...t,port:t.port?parseInt(t.port,10):void 0}}throw new l(`The container metadata credential provider cannot be used unless the ${y} or ${_} environment variable is set`,{tryNextLink:!1,logger:e})};class N extends l{tryNextLink;name="InstanceMetadataV1FallbackError";constructor(e,t=!0){super(e,t),this.tryNextLink=t,Object.setPrototypeOf(this,N.prototype)}}(a=e||(e={})).IPv4="http://169.254.169.254",a.IPv6="http://[fd00:ec2::254]";let C={environmentVariableSelector:e=>e.AWS_EC2_METADATA_SERVICE_ENDPOINT,configFileSelector:e=>e.ec2_metadata_service_endpoint,default:void 0};(r=t||(t={})).IPv4="IPv4",r.IPv6="IPv6";let D={environmentVariableSelector:e=>e.AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE,configFileSelector:e=>e.ec2_metadata_service_endpoint_mode,default:t.IPv4},M=async()=>s(await k()||await x()),k=async()=>i(C)(),x=async()=>{let a=await i(D)();switch(a){case t.IPv4:return e.IPv4;case t.IPv6:return e.IPv6;default:throw Error(`Unsupported endpoint mode: ${a}. Select from ${Object.values(t)}`)}},P=(e,t)=>{let a=300+Math.floor(300*Math.random()),r=new Date(Date.now()+1e3*a);t.warn(`Attempting credential expiration extension due to a credential service availability issue. A refresh of these credentials will be attempted after ${new Date(r)}.
+For more information, please visit: https://docs.aws.amazon.com/sdkref/latest/guide/feature-static-credentials.html`);let n=e.originalExpiration??e.expiration;return{...e,...n?{originalExpiration:n}:{},expiration:r}},O="/latest/meta-data/iam/security-credentials/",R="AWS_EC2_METADATA_V1_DISABLED",K="ec2_metadata_v1_disabled",L="x-aws-ec2-metadata-token",V=(e={})=>((e,t={})=>{let a,r=t?.logger||console;return async()=>{let t;try{(t=await e()).expiration&&t.expiration.getTime()<Date.now()&&(t=P(t,r))}catch(e){if(a)r.warn("Credential renew failed: ",e),t=P(a,r);else throw e}return a=t,t}})($(e),{logger:e.logger}),$=(e={})=>{let t=!1,{logger:a,profile:r}=e,{timeout:n,maxRetries:o}=g(e),s=async(a,n)=>{if(t||n.headers?.[L]==null){let t=!1,a=!1,n=await i({environmentVariableSelector:t=>{let r=t[R];if(a=!!r&&"false"!==r,void 0===r)throw new l(`${R} not set in env, checking config file next.`,{logger:e.logger});return a},configFileSelector:e=>{let a=e[K];return t=!!a&&"false"!==a},default:!1},{profile:r})();if(e.ec2MetadataV1Disabled||n){let r=[];throw e.ec2MetadataV1Disabled&&r.push("credential provider initialization (runtime option ec2MetadataV1Disabled)"),t&&r.push(`config file profile (${K})`),a&&r.push(`process environment variable (${R})`),new N(`AWS EC2 Metadata v1 fallback has been blocked by AWS SDK configuration in the following: [${r.join(", ")}].`)}}let o=(await w(async()=>{let e;try{e=await W(n)}catch(e){throw 401===e.statusCode&&(t=!1),e}return e},a)).trim();return w(async()=>{let a;try{a=await j(o,n,e)}catch(e){throw 401===e.statusCode&&(t=!1),e}return a},a)};return async()=>{let e=await M();if(t)return a?.debug("AWS SDK Instance Metadata","using v1 fallback (no token fetch)"),s(o,{...e,timeout:n});{let r;try{r=(await U({...e,timeout:n})).toString()}catch(r){if(r?.statusCode===400)throw Object.assign(r,{message:"EC2 Metadata token request returned error"});return("TimeoutError"===r.message||[403,404,405].includes(r.statusCode))&&(t=!0),a?.debug("AWS SDK Instance Metadata","using v1 fallback (initial)"),s(o,{...e,timeout:n})}return s(o,{...e,headers:{[L]:r},timeout:n})}}},U=async e=>u({...e,path:"/latest/api/token",method:"PUT",headers:{"x-aws-ec2-metadata-token-ttl-seconds":"21600"}}),W=async e=>(await u({...e,path:O})).toString(),j=async(e,t,a)=>{let r=JSON.parse((await u({...t,path:O+e})).toString());if(!f(r))throw new l("Invalid response received from instance metadata service.",{logger:a.logger});return m(r)};export{_ as ENV_CMDS_FULL_URI,y as ENV_CMDS_RELATIVE_URI,E as fromContainerMetadata,V as fromInstanceMetadata,M as getInstanceMetadataEndpoint,u as httpRequest};

package/dist/esm/1~844.mjs CHANGED Viewed

	@@ -1 +1 @@
1	- import{~~promisify~~ as e}from"~~util~~";import{exec as r,getProfileName as o,setCredentialFeature as i,CredentialsProviderError as t}from"./131.mjs";import{externalDataInterceptor as c}from"./1~666.mjs";import{parseKnownFiles as n}from"./1~23.mjs";let s=async(o,n,s)=>{let a=n[o];if(n[o]){let l=a.credential_process;if(void 0!==l){let a=e(c?.getTokenRecord?.().exec??r);try{let e,{stdout:r}=await a(l);try{e=JSON.parse(r.trim())}catch{throw Error(`Profile ${o} credential_process returned invalid JSON.`)}var d=e;if(1!==d.Version)throw Error(`Profile ${o} credential_process did not return Version 1.`);if(void 0===d.AccessKeyId\|\|void 0===d.SecretAccessKey)throw Error(`Profile ${o} credential_process returned invalid credentials.`);if(d.Expiration){let e=new Date;if(new Date(d.Expiration)<e)throw Error(`Profile ${o} credential_process returned expired credentials.`)}let t=d.AccountId;!t&&n?.[o]?.aws_account_id&&(t=n[o].aws_account_id);let c={accessKeyId:d.AccessKeyId,secretAccessKey:d.SecretAccessKey,...d.SessionToken&&{sessionToken:d.SessionToken},...d.Expiration&&{expiration:new Date(d.Expiration)},...d.CredentialScope&&{credentialScope:d.CredentialScope},...t&&{accountId:t}};return i(c,"CREDENTIALS_PROCESS","w"),c}catch(e){throw new t(e.message,{logger:s})}}throw new t(`Profile ${o} did not contain credential_process.`,{logger:s})}throw new t(`Profile ${o} could not be found in shared credentials file.`,{logger:s})},a=(e={})=>async({callerClientConfig:r}={})=>{e.logger?.debug("@aws-sdk/credential-provider-process - fromProcess");let i=await n(e);return s(o({profile:e.profile??r?.profile}),i,e.logger)};export{a as fromProcess};
1	+ import{__webpack_require__ as e}from"./rslib-runtime.mjs";import"./687.mjs";import{exec as r,getProfileName as o,setCredentialFeature as i,CredentialsProviderError as t}from"./131.mjs";import{externalDataInterceptor as c}from"./1~666.mjs";import{parseKnownFiles as s}from"./1~23.mjs";let n=e("util"),a=async(e,o,s)=>{let a=o[e];if(o[e]){let l=a.credential_process;if(void 0!==l){let a=(0,n.promisify)(c?.getTokenRecord?.().exec??r);try{let r,{stdout:t}=await a(l);try{r=JSON.parse(t.trim())}catch{throw Error(`Profile ${e} credential_process returned invalid JSON.`)}var d=r;if(1!==d.Version)throw Error(`Profile ${e} credential_process did not return Version 1.`);if(void 0===d.AccessKeyId\|\|void 0===d.SecretAccessKey)throw Error(`Profile ${e} credential_process returned invalid credentials.`);if(d.Expiration){let r=new Date;if(new Date(d.Expiration)<r)throw Error(`Profile ${e} credential_process returned expired credentials.`)}let c=d.AccountId;!c&&o?.[e]?.aws_account_id&&(c=o[e].aws_account_id);let s={accessKeyId:d.AccessKeyId,secretAccessKey:d.SecretAccessKey,...d.SessionToken&&{sessionToken:d.SessionToken},...d.Expiration&&{expiration:new Date(d.Expiration)},...d.CredentialScope&&{credentialScope:d.CredentialScope},...c&&{accountId:c}};return i(s,"CREDENTIALS_PROCESS","w"),s}catch(e){throw new t(e.message,{logger:s})}}throw new t(`Profile ${e} did not contain credential_process.`,{logger:s})}throw new t(`Profile ${e} could not be found in shared credentials file.`,{logger:s})},d=(e={})=>async({callerClientConfig:r}={})=>{e.logger?.debug("@aws-sdk/credential-provider-process - fromProcess");let i=await s(e);return a(o({profile:e.profile??r?.profile}),i,e.logger)};export{d as fromProcess};

package/dist/esm/687.mjs ADDED Viewed

	@@ -0,0 +1 @@
1	+ import*as o from"util";import{__webpack_require__ as r}from"./rslib-runtime.mjs";r.add({util(r){r.exports=o}});