203 lines
9.4 KiB
JavaScript
203 lines
9.4 KiB
JavaScript
'use strict';
|
|
|
|
var STSClient = require('./STSClient');
|
|
var smithyClient = require('@smithy/smithy-client');
|
|
var middlewareEndpoint = require('@smithy/middleware-endpoint');
|
|
var EndpointParameters = require('./endpoint/EndpointParameters');
|
|
var schemas_0 = require('./schemas/schemas_0');
|
|
var errors = require('./models/errors');
|
|
var client = require('@aws-sdk/core/client');
|
|
var regionConfigResolver = require('@aws-sdk/region-config-resolver');
|
|
var STSServiceException = require('./models/STSServiceException');
|
|
|
|
class AssumeRoleCommand extends smithyClient.Command
|
|
.classBuilder()
|
|
.ep(EndpointParameters.commonParams)
|
|
.m(function (Command, cs, config, o) {
|
|
return [middlewareEndpoint.getEndpointPlugin(config, Command.getEndpointParameterInstructions())];
|
|
})
|
|
.s("AWSSecurityTokenServiceV20110615", "AssumeRole", {})
|
|
.n("STSClient", "AssumeRoleCommand")
|
|
.sc(schemas_0.AssumeRole$)
|
|
.build() {
|
|
}
|
|
|
|
class AssumeRoleWithWebIdentityCommand extends smithyClient.Command
|
|
.classBuilder()
|
|
.ep(EndpointParameters.commonParams)
|
|
.m(function (Command, cs, config, o) {
|
|
return [middlewareEndpoint.getEndpointPlugin(config, Command.getEndpointParameterInstructions())];
|
|
})
|
|
.s("AWSSecurityTokenServiceV20110615", "AssumeRoleWithWebIdentity", {})
|
|
.n("STSClient", "AssumeRoleWithWebIdentityCommand")
|
|
.sc(schemas_0.AssumeRoleWithWebIdentity$)
|
|
.build() {
|
|
}
|
|
|
|
const commands = {
|
|
AssumeRoleCommand,
|
|
AssumeRoleWithWebIdentityCommand,
|
|
};
|
|
class STS extends STSClient.STSClient {
|
|
}
|
|
smithyClient.createAggregatedClient(commands, STS);
|
|
|
|
const getAccountIdFromAssumedRoleUser = (assumedRoleUser) => {
|
|
if (typeof assumedRoleUser?.Arn === "string") {
|
|
const arnComponents = assumedRoleUser.Arn.split(":");
|
|
if (arnComponents.length > 4 && arnComponents[4] !== "") {
|
|
return arnComponents[4];
|
|
}
|
|
}
|
|
return undefined;
|
|
};
|
|
const resolveRegion = async (_region, _parentRegion, credentialProviderLogger, loaderConfig = {}) => {
|
|
const region = typeof _region === "function" ? await _region() : _region;
|
|
const parentRegion = typeof _parentRegion === "function" ? await _parentRegion() : _parentRegion;
|
|
let stsDefaultRegion = "";
|
|
const resolvedRegion = region ?? parentRegion ?? (stsDefaultRegion = await regionConfigResolver.stsRegionDefaultResolver(loaderConfig)());
|
|
credentialProviderLogger?.debug?.("@aws-sdk/client-sts::resolveRegion", "accepting first of:", `${region} (credential provider clientConfig)`, `${parentRegion} (contextual client)`, `${stsDefaultRegion} (STS default: AWS_REGION, profile region, or us-east-1)`);
|
|
return resolvedRegion;
|
|
};
|
|
const getDefaultRoleAssumer$1 = (stsOptions, STSClient) => {
|
|
let stsClient;
|
|
let closureSourceCreds;
|
|
return async (sourceCreds, params) => {
|
|
closureSourceCreds = sourceCreds;
|
|
if (!stsClient) {
|
|
const { logger = stsOptions?.parentClientConfig?.logger, profile = stsOptions?.parentClientConfig?.profile, region, requestHandler = stsOptions?.parentClientConfig?.requestHandler, credentialProviderLogger, userAgentAppId = stsOptions?.parentClientConfig?.userAgentAppId, } = stsOptions;
|
|
const resolvedRegion = await resolveRegion(region, stsOptions?.parentClientConfig?.region, credentialProviderLogger, {
|
|
logger,
|
|
profile,
|
|
});
|
|
const isCompatibleRequestHandler = !isH2(requestHandler);
|
|
stsClient = new STSClient({
|
|
...stsOptions,
|
|
userAgentAppId,
|
|
profile,
|
|
credentialDefaultProvider: () => async () => closureSourceCreds,
|
|
region: resolvedRegion,
|
|
requestHandler: isCompatibleRequestHandler ? requestHandler : undefined,
|
|
logger: logger,
|
|
});
|
|
}
|
|
const { Credentials, AssumedRoleUser } = await stsClient.send(new AssumeRoleCommand(params));
|
|
if (!Credentials || !Credentials.AccessKeyId || !Credentials.SecretAccessKey) {
|
|
throw new Error(`Invalid response from STS.assumeRole call with role ${params.RoleArn}`);
|
|
}
|
|
const accountId = getAccountIdFromAssumedRoleUser(AssumedRoleUser);
|
|
const credentials = {
|
|
accessKeyId: Credentials.AccessKeyId,
|
|
secretAccessKey: Credentials.SecretAccessKey,
|
|
sessionToken: Credentials.SessionToken,
|
|
expiration: Credentials.Expiration,
|
|
...(Credentials.CredentialScope && { credentialScope: Credentials.CredentialScope }),
|
|
...(accountId && { accountId }),
|
|
};
|
|
client.setCredentialFeature(credentials, "CREDENTIALS_STS_ASSUME_ROLE", "i");
|
|
return credentials;
|
|
};
|
|
};
|
|
const getDefaultRoleAssumerWithWebIdentity$1 = (stsOptions, STSClient) => {
|
|
let stsClient;
|
|
return async (params) => {
|
|
if (!stsClient) {
|
|
const { logger = stsOptions?.parentClientConfig?.logger, profile = stsOptions?.parentClientConfig?.profile, region, requestHandler = stsOptions?.parentClientConfig?.requestHandler, credentialProviderLogger, userAgentAppId = stsOptions?.parentClientConfig?.userAgentAppId, } = stsOptions;
|
|
const resolvedRegion = await resolveRegion(region, stsOptions?.parentClientConfig?.region, credentialProviderLogger, {
|
|
logger,
|
|
profile,
|
|
});
|
|
const isCompatibleRequestHandler = !isH2(requestHandler);
|
|
stsClient = new STSClient({
|
|
...stsOptions,
|
|
userAgentAppId,
|
|
profile,
|
|
region: resolvedRegion,
|
|
requestHandler: isCompatibleRequestHandler ? requestHandler : undefined,
|
|
logger: logger,
|
|
});
|
|
}
|
|
const { Credentials, AssumedRoleUser } = await stsClient.send(new AssumeRoleWithWebIdentityCommand(params));
|
|
if (!Credentials || !Credentials.AccessKeyId || !Credentials.SecretAccessKey) {
|
|
throw new Error(`Invalid response from STS.assumeRoleWithWebIdentity call with role ${params.RoleArn}`);
|
|
}
|
|
const accountId = getAccountIdFromAssumedRoleUser(AssumedRoleUser);
|
|
const credentials = {
|
|
accessKeyId: Credentials.AccessKeyId,
|
|
secretAccessKey: Credentials.SecretAccessKey,
|
|
sessionToken: Credentials.SessionToken,
|
|
expiration: Credentials.Expiration,
|
|
...(Credentials.CredentialScope && { credentialScope: Credentials.CredentialScope }),
|
|
...(accountId && { accountId }),
|
|
};
|
|
if (accountId) {
|
|
client.setCredentialFeature(credentials, "RESOLVED_ACCOUNT_ID", "T");
|
|
}
|
|
client.setCredentialFeature(credentials, "CREDENTIALS_STS_ASSUME_ROLE_WEB_ID", "k");
|
|
return credentials;
|
|
};
|
|
};
|
|
const isH2 = (requestHandler) => {
|
|
return requestHandler?.metadata?.handlerProtocol === "h2";
|
|
};
|
|
|
|
const getCustomizableStsClientCtor = (baseCtor, customizations) => {
|
|
if (!customizations)
|
|
return baseCtor;
|
|
else
|
|
return class CustomizableSTSClient extends baseCtor {
|
|
constructor(config) {
|
|
super(config);
|
|
for (const customization of customizations) {
|
|
this.middlewareStack.use(customization);
|
|
}
|
|
}
|
|
};
|
|
};
|
|
const getDefaultRoleAssumer = (stsOptions = {}, stsPlugins) => getDefaultRoleAssumer$1(stsOptions, getCustomizableStsClientCtor(STSClient.STSClient, stsPlugins));
|
|
const getDefaultRoleAssumerWithWebIdentity = (stsOptions = {}, stsPlugins) => getDefaultRoleAssumerWithWebIdentity$1(stsOptions, getCustomizableStsClientCtor(STSClient.STSClient, stsPlugins));
|
|
const decorateDefaultCredentialProvider = (provider) => (input) => provider({
|
|
roleAssumer: getDefaultRoleAssumer(input),
|
|
roleAssumerWithWebIdentity: getDefaultRoleAssumerWithWebIdentity(input),
|
|
...input,
|
|
});
|
|
|
|
exports.$Command = smithyClient.Command;
|
|
exports.STSServiceException = STSServiceException.STSServiceException;
|
|
exports.AssumeRoleCommand = AssumeRoleCommand;
|
|
exports.AssumeRoleWithWebIdentityCommand = AssumeRoleWithWebIdentityCommand;
|
|
exports.STS = STS;
|
|
exports.decorateDefaultCredentialProvider = decorateDefaultCredentialProvider;
|
|
exports.getDefaultRoleAssumer = getDefaultRoleAssumer;
|
|
exports.getDefaultRoleAssumerWithWebIdentity = getDefaultRoleAssumerWithWebIdentity;
|
|
Object.prototype.hasOwnProperty.call(STSClient, '__proto__') &&
|
|
!Object.prototype.hasOwnProperty.call(exports, '__proto__') &&
|
|
Object.defineProperty(exports, '__proto__', {
|
|
enumerable: true,
|
|
value: STSClient['__proto__']
|
|
});
|
|
|
|
Object.keys(STSClient).forEach(function (k) {
|
|
if (k !== 'default' && !Object.prototype.hasOwnProperty.call(exports, k)) exports[k] = STSClient[k];
|
|
});
|
|
Object.prototype.hasOwnProperty.call(schemas_0, '__proto__') &&
|
|
!Object.prototype.hasOwnProperty.call(exports, '__proto__') &&
|
|
Object.defineProperty(exports, '__proto__', {
|
|
enumerable: true,
|
|
value: schemas_0['__proto__']
|
|
});
|
|
|
|
Object.keys(schemas_0).forEach(function (k) {
|
|
if (k !== 'default' && !Object.prototype.hasOwnProperty.call(exports, k)) exports[k] = schemas_0[k];
|
|
});
|
|
Object.prototype.hasOwnProperty.call(errors, '__proto__') &&
|
|
!Object.prototype.hasOwnProperty.call(exports, '__proto__') &&
|
|
Object.defineProperty(exports, '__proto__', {
|
|
enumerable: true,
|
|
value: errors['__proto__']
|
|
});
|
|
|
|
Object.keys(errors).forEach(function (k) {
|
|
if (k !== 'default' && !Object.prototype.hasOwnProperty.call(exports, k)) exports[k] = errors[k];
|
|
});
|