UNPKG

@smythos/cli

Version:

SmythOS SRE Command Line Interface

github.com/smythos/sre

smythos/sre

4 lines (3 loc) 10.9 kB
1
2
3
4
#!/usr/bin/env node "use strict";var m=Object.defineProperty;var r=(e,t)=>m(e,"name",{value:t,configurable:!0});var commands_agent=require("./agent.index.cjs"),require$$0$2=require("url"),require$$0$1=require("buffer"),require$$0=require("http");require("./index2.cjs");require("node:url");require("node:fs");require("node:fs/promises");require("node:util");require("node:path");require("fs");require("path");require("os");require("node:os");require("tty");require("util");require("inspector");require("node:perf_hooks");require("node:readline");require("node:process");require("node:tty");require("./index3.cjs");require("crypto");require("./index4.cjs");require("stream");require("events");require("string_decoder");require("zlib");require("https");require("assert");require("process");require("querystring");require("net");require("tls");require("dns");require("fs/promises");require("child_process");require("punycode");require("node:stream");require("node:stream/web");require("http2");require("node:events");require("timers");require("node:crypto");require("readline");require("./index5.cjs");require("./index6.cjs");function httpRequest(e){return new Promise((t,a)=>{const n=require$$0.request({method:"GET",...e,hostname:e.hostname?.replace(/^\[(.+)\]$/,"$1")});n.on("error",o=>{a(Object.assign(new commands_agent.ProviderError("Unable to connect to instance metadata service"),o)),n.destroy()}),n.on("timeout",()=>{a(new commands_agent.ProviderError("TimeoutError from instance metadata service")),n.destroy()}),n.on("response",o=>{const{statusCode:s=400}=o;(s<200||300<=s)&&(a(Object.assign(new commands_agent.ProviderError("Error response received from instance metadata service"),{statusCode:s})),n.destroy());const u=[];o.on("data",i=>{u.push(i)}),o.on("end",()=>{t(require$$0$1.Buffer.concat(u)),n.destroy()})}),n.end()})}r(httpRequest,"httpRequest");const isImdsCredentials=r(e=>!!e&&typeof e=="object"&&typeof e.AccessKeyId=="string"&&typeof e.SecretAccessKey=="string"&&typeof e.Token=="string"&&typeof e.Expiration=="string","isImdsCredentials"),fromImdsCredentials=r(e=>({accessKeyId:e.AccessKeyId,secretAccessKey:e.SecretAccessKey,sessionToken:e.Token,expiration:new Date(e.Expiration),...e.AccountId&&{accountId:e.AccountId}}),"fromImdsCredentials"),DEFAULT_TIMEOUT=1e3,DEFAULT_MAX_RETRIES=0,providerConfigFromInit=r(({maxRetries:e=DEFAULT_MAX_RETRIES,timeout:t=DEFAULT_TIMEOUT})=>({maxRetries:e,timeout:t}),"providerConfigFromInit"),retry=r((e,t)=>{let a=e();for(let n=0;n<t;n++)a=a.catch(e);return a},"retry"),ENV_CMDS_FULL_URI="AWS_CONTAINER_CREDENTIALS_FULL_URI",ENV_CMDS_RELATIVE_URI="AWS_CONTAINER_CREDENTIALS_RELATIVE_URI",ENV_CMDS_AUTH_TOKEN="AWS_CONTAINER_AUTHORIZATION_TOKEN",fromContainerMetadata=r((e={})=>{const{timeout:t,maxRetries:a}=providerConfigFromInit(e);return()=>retry(async()=>{const n=await getCmdsUri({logger:e.logger}),o=JSON.parse(await requestFromEcsImds(t,n));if(!isImdsCredentials(o))throw new commands_agent.CredentialsProviderError("Invalid response received from instance metadata service.",{logger:e.logger});return fromImdsCredentials(o)},a)},"fromContainerMetadata"),requestFromEcsImds=r(async(e,t)=>(process.env[ENV_CMDS_AUTH_TOKEN]&&(t.headers={...t.headers,Authorization:process.env[ENV_CMDS_AUTH_TOKEN]}),(await httpRequest({...t,timeout:e})).toString()),"requestFromEcsImds"),CMDS_IP="169.254.170.2",GREENGRASS_HOSTS={localhost:!0,"127.0.0.1":!0},GREENGRASS_PROTOCOLS={"http:":!0,"https:":!0},getCmdsUri=r(async({logger:e})=>{if(process.env[ENV_CMDS_RELATIVE_URI])return{hostname:CMDS_IP,path:process.env[ENV_CMDS_RELATIVE_URI]};if(process.env[ENV_CMDS_FULL_URI]){const t=require$$0$2.parse(process.env[ENV_CMDS_FULL_URI]);if(!t.hostname||!(t.hostname in GREENGRASS_HOSTS))throw new commands_agent.CredentialsProviderError(`${t.hostname} is not a valid container metadata service hostname`,{tryNextLink:!1,logger:e});if(!t.protocol||!(t.protocol in GREENGRASS_PROTOCOLS))throw new commands_agent.CredentialsProviderError(`${t.protocol} is not a valid container metadata service protocol`,{tryNextLink:!1,logger:e});return{...t,port:t.port?parseInt(t.port,10):void 0}}throw new commands_agent.CredentialsProviderError(`The container metadata credential provider cannot be used unless the ${ENV_CMDS_RELATIVE_URI} or ${ENV_CMDS_FULL_URI} environment variable is set`,{tryNextLink:!1,logger:e})},"getCmdsUri");class InstanceMetadataV1FallbackError extends commands_agent.CredentialsProviderError{static{r(this,"InstanceMetadataV1FallbackError")}constructor(t,a=!0){super(t,a),this.tryNextLink=a,this.name="InstanceMetadataV1FallbackError",Object.setPrototypeOf(this,InstanceMetadataV1FallbackError.prototype)}}exports.Endpoint=void 0;(function(e){e.IPv4="http://169.254.169.254",e.IPv6="http://[fd00:ec2::254]"})(exports.Endpoint||(exports.Endpoint={}));const ENV_ENDPOINT_NAME="AWS_EC2_METADATA_SERVICE_ENDPOINT",CONFIG_ENDPOINT_NAME="ec2_metadata_service_endpoint",ENDPOINT_CONFIG_OPTIONS={environmentVariableSelector:r(e=>e[ENV_ENDPOINT_NAME],"environmentVariableSelector"),configFileSelector:r(e=>e[CONFIG_ENDPOINT_NAME],"configFileSelector"),default:void 0};var EndpointMode;(function(e){e.IPv4="IPv4",e.IPv6="IPv6"})(EndpointMode||(EndpointMode={}));const ENV_ENDPOINT_MODE_NAME="AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE",CONFIG_ENDPOINT_MODE_NAME="ec2_metadata_service_endpoint_mode",ENDPOINT_MODE_CONFIG_OPTIONS={environmentVariableSelector:r(e=>e[ENV_ENDPOINT_MODE_NAME],"environmentVariableSelector"),configFileSelector:r(e=>e[CONFIG_ENDPOINT_MODE_NAME],"configFileSelector"),default:EndpointMode.IPv4},getInstanceMetadataEndpoint=r(async()=>commands_agent.parseUrl(await getFromEndpointConfig()||await getFromEndpointModeConfig()),"getInstanceMetadataEndpoint"),getFromEndpointConfig=r(async()=>commands_agent.loadConfig(ENDPOINT_CONFIG_OPTIONS)(),"getFromEndpointConfig"),getFromEndpointModeConfig=r(async()=>{const e=await commands_agent.loadConfig(ENDPOINT_MODE_CONFIG_OPTIONS)();switch(e){case EndpointMode.IPv4:return exports.Endpoint.IPv4;case EndpointMode.IPv6:return exports.Endpoint.IPv6;default:throw new Error(`Unsupported endpoint mode: ${e}. Select from ${Object.values(EndpointMode)}`)}},"getFromEndpointModeConfig"),STATIC_STABILITY_REFRESH_INTERVAL_SECONDS=5*60,STATIC_STABILITY_REFRESH_INTERVAL_JITTER_WINDOW_SECONDS=5*60,STATIC_STABILITY_DOC_URL="https://docs.aws.amazon.com/sdkref/latest/guide/feature-static-credentials.html",getExtendedInstanceMetadataCredentials=r((e,t)=>{const a=STATIC_STABILITY_REFRESH_INTERVAL_SECONDS+Math.floor(Math.random()*STATIC_STABILITY_REFRESH_INTERVAL_JITTER_WINDOW_SECONDS),n=new Date(Date.now()+a*1e3);t.warn(`Attempting credential expiration extension due to a credential service availability issue. A refresh of these credentials will be attempted after ${new Date(n)}. For more information, please visit: `+STATIC_STABILITY_DOC_URL);const o=e.originalExpiration??e.expiration;return{...e,...o?{originalExpiration:o}:{},expiration:n}},"getExtendedInstanceMetadataCredentials"),staticStabilityProvider=r((e,t={})=>{const a=t?.logger||console;let n;return async()=>{let o;try{o=await e(),o.expiration&&o.expiration.getTime()<Date.now()&&(o=getExtendedInstanceMetadataCredentials(o,a))}catch(s){if(n)a.warn("Credential renew failed: ",s),o=getExtendedInstanceMetadataCredentials(n,a);else throw s}return n=o,o}},"staticStabilityProvider"),IMDS_PATH="/latest/meta-data/iam/security-credentials/",IMDS_TOKEN_PATH="/latest/api/token",AWS_EC2_METADATA_V1_DISABLED="AWS_EC2_METADATA_V1_DISABLED",PROFILE_AWS_EC2_METADATA_V1_DISABLED="ec2_metadata_v1_disabled",X_AWS_EC2_METADATA_TOKEN="x-aws-ec2-metadata-token",fromInstanceMetadata=r((e={})=>staticStabilityProvider(getInstanceMetadataProvider(e),{logger:e.logger}),"fromInstanceMetadata"),getInstanceMetadataProvider=r((e={})=>{let t=!1;const{logger:a,profile:n}=e,{timeout:o,maxRetries:s}=providerConfigFromInit(e),u=r(async(i,E)=>{if(t||E.headers?.[X_AWS_EC2_METADATA_TOKEN]==null){let c=!1,d=!1;const I=await commands_agent.loadConfig({environmentVariableSelector:r(l=>{const p=l[AWS_EC2_METADATA_V1_DISABLED];if(d=!!p&&p!=="false",p===void 0)throw new commands_agent.CredentialsProviderError(`${AWS_EC2_METADATA_V1_DISABLED} not set in env, checking config file next.`,{logger:e.logger});return d},"environmentVariableSelector"),configFileSelector:r(l=>{const p=l[PROFILE_AWS_EC2_METADATA_V1_DISABLED];return c=!!p&&p!=="false",c},"configFileSelector"),default:!1},{profile:n})();if(e.ec2MetadataV1Disabled||I){const l=[];throw e.ec2MetadataV1Disabled&&l.push("credential provider initialization (runtime option ec2MetadataV1Disabled)"),c&&l.push(`config file profile (${PROFILE_AWS_EC2_METADATA_V1_DISABLED})`),d&&l.push(`process environment variable (${AWS_EC2_METADATA_V1_DISABLED})`),new InstanceMetadataV1FallbackError(`AWS EC2 Metadata v1 fallback has been blocked by AWS SDK configuration in the following: [${l.join(", ")}].`)}}const _=(await retry(async()=>{let c;try{c=await getProfile(E)}catch(d){throw d.statusCode===401&&(t=!1),d}return c},i)).trim();return retry(async()=>{let c;try{c=await getCredentialsFromProfile(_,E,e)}catch(d){throw d.statusCode===401&&(t=!1),d}return c},i)},"getCredentials");return async()=>{const i=await getInstanceMetadataEndpoint();if(t)return a?.debug("AWS SDK Instance Metadata","using v1 fallback (no token fetch)"),u(s,{...i,timeout:o});{let E;try{E=(await getMetadataToken({...i,timeout:o})).toString()}catch(f){if(f?.statusCode===400)throw Object.assign(f,{message:"EC2 Metadata token request returned error"});return(f.message==="TimeoutError"||[403,404,405].includes(f.statusCode))&&(t=!0),a?.debug("AWS SDK Instance Metadata","using v1 fallback (initial)"),u(s,{...i,timeout:o})}return u(s,{...i,headers:{[X_AWS_EC2_METADATA_TOKEN]:E},timeout:o})}}},"getInstanceMetadataProvider"),getMetadataToken=r(async e=>httpRequest({...e,path:IMDS_TOKEN_PATH,method:"PUT",headers:{"x-aws-ec2-metadata-token-ttl-seconds":"21600"}}),"getMetadataToken"),getProfile=r(async e=>(await httpRequest({...e,path:IMDS_PATH})).toString(),"getProfile"),getCredentialsFromProfile=r(async(e,t,a)=>{const n=JSON.parse((await httpRequest({...t,path:IMDS_PATH+e})).toString());if(!isImdsCredentials(n))throw new commands_agent.CredentialsProviderError("Invalid response received from instance metadata service.",{logger:a.logger});return fromImdsCredentials(n)},"getCredentialsFromProfile");exports.DEFAULT_MAX_RETRIES=DEFAULT_MAX_RETRIES;exports.DEFAULT_TIMEOUT=DEFAULT_TIMEOUT;exports.ENV_CMDS_AUTH_TOKEN=ENV_CMDS_AUTH_TOKEN;exports.ENV_CMDS_FULL_URI=ENV_CMDS_FULL_URI;exports.ENV_CMDS_RELATIVE_URI=ENV_CMDS_RELATIVE_URI;exports.fromContainerMetadata=fromContainerMetadata;exports.fromInstanceMetadata=fromInstanceMetadata;exports.getInstanceMetadataEndpoint=getInstanceMetadataEndpoint;exports.httpRequest=httpRequest;exports.providerConfigFromInit=providerConfigFromInit;