@integration-app/membrane-cli
Version:
CLI tool for importing and exporting Integration.app workspace data
3 lines (2 loc) • 7.35 kB
JavaScript
var M=Object.defineProperty;var a=(e,s)=>M(e,"name",{value:s,configurable:!0});import{P as U,I as H,k as D,m as W,n as X,o as z,q as J,h as $,r as P,C as f,s as F}from"./index-CNuB1luy.js";import"os";import"path";import"crypto";import{p as L}from"./parseKnownFiles-BrQvbftH.js";import{promises as V}from"fs";import"url";import"chalk";import"commander";import"inquirer";import"node:fs";import"node:path";import"js-yaml";import"@integration-app/sdk";import"zod";import"jsonwebtoken";import"events";import"constants";import"stream";import"util";import"assert";import"buffer";import"node:url";import"node:fs/promises";import"node:events";import"node:stream";import"node:string_decoder";import"zlib";import"form-data";import"async_hooks";import"http";import"https";import"http2";import"process";import"@anthropic-ai/sdk";class S extends U{static{a(this,"TokenProviderError")}constructor(s,o=!0){super(s,o),this.name="TokenProviderError",Object.setPrototypeOf(this,S.prototype)}}const Y=a(e=>Object.entries(e).filter(([s])=>s.startsWith(H.SSO_SESSION+D)).reduce((s,[o,n])=>({...s,[o.substring(o.indexOf(D)+1)]:n}),{}),"getSsoSessionData"),B=a(()=>({}),"swallowError"),v=a(async(e={})=>W(e.configFilepath??X()).then(z).then(Y).catch(B),"loadSsoSessionData"),b=a(e=>e&&(typeof e.sso_start_url=="string"||typeof e.sso_account_id=="string"||typeof e.sso_session=="string"||typeof e.sso_region=="string"||typeof e.sso_role_name=="string"),"isSsoProfile"),Q=5*60*1e3,I="To refresh this SSO session run 'aws sso login' with the corresponding profile.",Z=a(async(e,s={})=>{const{SSOOIDCClient:o}=await import("./index-BqhFuLYl.js");return new o(Object.assign({},s.clientConfig??{},{region:e??s.clientConfig?.region,logger:s.clientConfig?.logger??s.parentClientConfig?.logger}))},"getSsoOidcClient"),ee=a(async(e,s,o={})=>{const{CreateTokenCommand:n}=await import("./index-BqhFuLYl.js");return(await Z(s,o)).send(new n({clientId:e.clientId,clientSecret:e.clientSecret,refreshToken:e.refreshToken,grantType:"refresh_token"}))},"getNewSsoOidcToken"),j=a(e=>{if(e.expiration&&e.expiration.getTime()<Date.now())throw new S(`Token is expired. ${I}`,!1)},"validateTokenExpiry"),h=a((e,s,o=!1)=>{if(typeof s>"u")throw new S(`Value not present for '${e}' in SSO Token${o?". Cannot refresh":""}. ${I}`,!1)},"validateTokenKey"),{writeFile:se}=V,oe=a((e,s)=>{const o=J(e),n=JSON.stringify(s,null,2);return se(o,n)},"writeSSOTokenToFile"),q=new Date(0),te=a((e={})=>async({callerClientConfig:s}={})=>{const o={...e,parentClientConfig:{...s,...e.parentClientConfig}};o.logger?.debug("@aws-sdk/token-providers - fromSso");const n=await L(o),r=$({profile:o.profile??s?.profile}),p=n[r];if(p){if(!p.sso_session)throw new S(`Profile '${r}' is missing required property 'sso_session'.`)}else throw new S(`Profile '${r}' could not be found in shared credentials file.`,!1);const l=p.sso_session,c=(await v(o))[l];if(!c)throw new S(`Sso session '${l}' could not be found in shared credentials file.`,!1);for(const i of["sso_start_url","sso_region"])if(!c[i])throw new S(`Sso session '${l}' is missing required property '${i}'.`,!1);c.sso_start_url;const w=c.sso_region;let t;try{t=await P(l)}catch{throw new S(`The SSO session token associated with profile=${r} was not found or is invalid. ${I}`,!1)}h("accessToken",t.accessToken),h("expiresAt",t.expiresAt);const{accessToken:u,expiresAt:T}=t,g={token:u,expiration:new Date(T)};if(g.expiration.getTime()-Date.now()>Q)return g;if(Date.now()-q.getTime()<30*1e3)return j(g),g;h("clientId",t.clientId,!0),h("clientSecret",t.clientSecret,!0),h("refreshToken",t.refreshToken,!0);try{q.setTime(Date.now());const i=await ee(t,w,o);h("accessToken",i.accessToken),h("expiresIn",i.expiresIn);const _=new Date(Date.now()+i.expiresIn*1e3);try{await oe(l,{...t,accessToken:i.accessToken,expiresAt:_.toISOString(),refreshToken:i.refreshToken})}catch{}return{token:i.accessToken,expiration:_}}catch{return j(g),g}},"fromSso"),C=!1,G=a(async({ssoStartUrl:e,ssoSession:s,ssoAccountId:o,ssoRegion:n,ssoRoleName:r,ssoClient:p,clientConfig:l,parentClientConfig:k,profile:c,logger:w})=>{let t;const u="To refresh this SSO session run aws sso login with the corresponding profile.";if(s)try{const m=await te({profile:c})();t={accessToken:m.token,expiresAt:new Date(m.expiration).toISOString()}}catch(m){throw new f(m.message,{tryNextLink:C,logger:w})}else try{t=await P(e)}catch{throw new f(`The SSO session associated with this profile is invalid. ${u}`,{tryNextLink:C,logger:w})}if(new Date(t.expiresAt).getTime()-Date.now()<=0)throw new f(`The SSO session associated with this profile has expired. ${u}`,{tryNextLink:C,logger:w});const{accessToken:T}=t,{SSOClient:g,GetRoleCredentialsCommand:i}=await import("./loadSso-CJhZMGlK.js"),_=p||new g(Object.assign({},l??{},{logger:l?.logger??k?.logger,region:l?.region??n}));let y;try{y=await _.send(new i({accountId:o,roleName:r,accessToken:T}))}catch(m){throw new f(m,{tryNextLink:C,logger:w})}const{roleCredentials:{accessKeyId:d,secretAccessKey:O,sessionToken:N,expiration:E,credentialScope:R,accountId:A}={}}=y;if(!d||!O||!N||!E)throw new f("SSO returns an invalid temporary credential.",{tryNextLink:C,logger:w});const x={accessKeyId:d,secretAccessKey:O,sessionToken:N,expiration:new Date(E),...R&&{credentialScope:R},...A&&{accountId:A}};return s?F(x,"CREDENTIALS_SSO","s"):F(x,"CREDENTIALS_SSO_LEGACY","u"),x},"resolveSSOCredentials"),K=a((e,s)=>{const{sso_start_url:o,sso_account_id:n,sso_region:r,sso_role_name:p}=e;if(!o||!n||!r||!p)throw new f(`Profile is configured with invalid SSO credentials. Required parameters "sso_account_id", "sso_region", "sso_role_name", "sso_start_url". Got ${Object.keys(e).join(", ")}
Reference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`,{tryNextLink:!1,logger:s});return e},"validateSsoProfile"),ne=a((e={})=>async({callerClientConfig:s}={})=>{e.logger?.debug("@aws-sdk/credential-provider-sso - fromSSO");const{ssoStartUrl:o,ssoAccountId:n,ssoRegion:r,ssoRoleName:p,ssoSession:l}=e,{ssoClient:k}=e,c=$({profile:e.profile??s?.profile});if(!o&&!n&&!r&&!p&&!l){const t=(await L(e))[c];if(!t)throw new f(`Profile ${c} was not found.`,{logger:e.logger});if(!b(t))throw new f(`Profile ${c} is not configured with SSO credentials.`,{logger:e.logger});if(t?.sso_session){const d=(await v(e))[t.sso_session],O=` configurations in profile ${c} and sso-session ${t.sso_session}`;if(r&&r!==d.sso_region)throw new f("Conflicting SSO region"+O,{tryNextLink:!1,logger:e.logger});if(o&&o!==d.sso_start_url)throw new f("Conflicting SSO start_url"+O,{tryNextLink:!1,logger:e.logger});t.sso_region=d.sso_region,t.sso_start_url=d.sso_start_url}const{sso_start_url:u,sso_account_id:T,sso_region:g,sso_role_name:i,sso_session:_}=K(t,e.logger);return G({ssoStartUrl:u,ssoSession:_,ssoAccountId:T,ssoRegion:g,ssoRoleName:i,ssoClient:k,clientConfig:e.clientConfig,parentClientConfig:e.parentClientConfig,profile:c})}else{if(!o||!n||!r||!p)throw new f('Incomplete configuration. The fromSSO() argument hash must include "ssoStartUrl", "ssoAccountId", "ssoRegion", "ssoRoleName"',{tryNextLink:!1,logger:e.logger});return G({ssoStartUrl:o,ssoSession:l,ssoAccountId:n,ssoRegion:r,ssoRoleName:p,ssoClient:k,clientConfig:e.clientConfig,parentClientConfig:e.parentClientConfig,profile:c})}},"fromSSO");export{ne as fromSSO,b as isSsoProfile,K as validateSsoProfile};