@smythos/cli/dist/chunks/index15.cjs

SmythOS SRE Command Line Interface

#!/usr/bin/env node
"use strict";var T=Object.defineProperty;var i=(e,t)=>T(e,"name",{value:t,configurable:!0});var commands_agent=require("./agent.index.cjs");require("http2");require("stream");var Wr=require("fs/promises");require("buffer");require("node:stream");require("./index2.cjs");require("node:url");require("node:fs");require("node:fs/promises");require("node:util");require("node:path");require("fs");require("path");require("os");require("node:os");require("tty");require("util");require("inspector");require("node:perf_hooks");require("url");require("node:readline");require("node:process");require("node:tty");require("./index3.cjs");require("crypto");require("./index4.cjs");require("events");require("string_decoder");require("zlib");require("http");require("https");require("assert");require("process");require("querystring");require("net");require("tls");require("dns");require("child_process");require("punycode");require("node:stream/web");require("node:events");require("timers");require("node:crypto");require("readline");require("./index5.cjs");require("./index6.cjs");const ECS_CONTAINER_HOST="169.254.170.2",EKS_CONTAINER_HOST_IPv4="169.254.170.23",EKS_CONTAINER_HOST_IPv6="[fd00:ec2::23]",checkUrl=i((e,t)=>{if(e.protocol!=="https:"&&!(e.hostname===ECS_CONTAINER_HOST||e.hostname===EKS_CONTAINER_HOST_IPv4||e.hostname===EKS_CONTAINER_HOST_IPv6)){if(e.hostname.includes("[")){if(e.hostname==="[::1]"||e.hostname==="[0000:0000:0000:0000:0000:0000:0000:0001]")return}else{if(e.hostname==="localhost")return;const o=e.hostname.split("."),n=i(r=>{const s=parseInt(r,10);return 0<=s&&s<=255},"inRange");if(o[0]==="127"&&n(o[1])&&n(o[2])&&n(o[3])&&o.length===4)return}throw new commands_agent.CredentialsProviderError(`URL not accepted. It must either be HTTPS or match one of the following:
  - loopback CIDR 127.0.0.0/8 or [::1/128]
  - ECS container host 169.254.170.2
  - EKS container host 169.254.170.23 or [fd00:ec2::23]`,{logger:t})}},"checkUrl");function createGetRequest(e){return new commands_agent.HttpRequest({protocol:e.protocol,hostname:e.hostname,port:Number(e.port),path:e.pathname,query:Array.from(e.searchParams.entries()).reduce((t,[o,n])=>(t[o]=n,t),{}),fragment:e.hash})}i(createGetRequest,"createGetRequest");async function getCredentials(e,t){const n=await commands_agent.sdkStreamMixin(e.body).transformToString();if(e.statusCode===200){const r=JSON.parse(n);if(typeof r.AccessKeyId!="string"||typeof r.SecretAccessKey!="string"||typeof r.Token!="string"||typeof r.Expiration!="string")throw new commands_agent.CredentialsProviderError("HTTP credential provider response not of the required format, an object matching: { AccessKeyId: string, SecretAccessKey: string, Token: string, Expiration: string(rfc3339) }",{logger:t});return{accessKeyId:r.AccessKeyId,secretAccessKey:r.SecretAccessKey,sessionToken:r.Token,expiration:commands_agent.parseRfc3339DateTime(r.Expiration)}}if(e.statusCode>=400&&e.statusCode<500){let r={};try{r=JSON.parse(n)}catch{}throw Object.assign(new commands_agent.CredentialsProviderError(`Server responded with status: ${e.statusCode}`,{logger:t}),{Code:r.Code,Message:r.Message})}throw new commands_agent.CredentialsProviderError(`Server responded with status: ${e.statusCode}`,{logger:t})}i(getCredentials,"getCredentials");const retryWrapper=i((e,t,o)=>async()=>{for(let n=0;n<t;++n)try{return await e()}catch{await new Promise(s=>setTimeout(s,o))}return await e()},"retryWrapper"),AWS_CONTAINER_CREDENTIALS_RELATIVE_URI="AWS_CONTAINER_CREDENTIALS_RELATIVE_URI",DEFAULT_LINK_LOCAL_HOST="http://169.254.170.2",AWS_CONTAINER_CREDENTIALS_FULL_URI="AWS_CONTAINER_CREDENTIALS_FULL_URI",AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE="AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE",AWS_CONTAINER_AUTHORIZATION_TOKEN="AWS_CONTAINER_AUTHORIZATION_TOKEN",fromHttp=i((e={})=>{e.logger?.debug("@aws-sdk/credential-provider-http - fromHttp");let t;const o=e.awsContainerCredentialsRelativeUri??process.env[AWS_CONTAINER_CREDENTIALS_RELATIVE_URI],n=e.awsContainerCredentialsFullUri??process.env[AWS_CONTAINER_CREDENTIALS_FULL_URI],r=e.awsContainerAuthorizationToken??process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN],s=e.awsContainerAuthorizationTokenFile??process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE],a=e.logger?.constructor?.name==="NoOpLogger"||!e.logger?console.warn:e.logger.warn;if(o&&n&&(a("@aws-sdk/credential-provider-http: you have set both awsContainerCredentialsRelativeUri and awsContainerCredentialsFullUri."),a("awsContainerCredentialsFullUri will take precedence.")),r&&s&&(a("@aws-sdk/credential-provider-http: you have set both awsContainerAuthorizationToken and awsContainerAuthorizationTokenFile."),a("awsContainerAuthorizationToken will take precedence.")),n)t=n;else if(o)t=`${DEFAULT_LINK_LOCAL_HOST}${o}`;else throw new commands_agent.CredentialsProviderError(`No HTTP credential provider host provided.
Set AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI.`,{logger:e.logger});const d=new URL(t);checkUrl(d,e.logger);const h=new commands_agent.NodeHttpHandler({requestTimeout:e.timeout??1e3,connectionTimeout:e.timeout??1e3});return retryWrapper(async()=>{const c=createGetRequest(d);r?c.headers.Authorization=r:s&&(c.headers.Authorization=(await Wr.readFile(s)).toString());try{const u=await h.handle(c);return getCredentials(u.response).then(l=>commands_agent.setCredentialFeature(l,"CREDENTIALS_HTTP","z"))}catch(u){throw new commands_agent.CredentialsProviderError(String(u),{logger:e.logger})}},e.maxRetries??3,e.timeout??1e3)},"fromHttp");exports.fromHttp=fromHttp;