UNPKG

@smythos/cli

Version:

SmythOS SRE Command Line Interface

github.com/smythos/sre

smythos/sre

4 lines (3 loc) 9.2 kB
1
2
3
4
#!/usr/bin/env node "use strict";var O=Object.defineProperty;var d=(e,o)=>O(e,"name",{value:o,configurable:!0});var commands_agent=require("./agent.index.cjs");require("os");require("path");require("crypto");var loadSsoSessionData=require("./loadSsoSessionData.cjs"),parseKnownFiles=require("./parseKnownFiles.cjs"),P=require("fs");require("./index2.cjs");require("node:url");require("node:fs");require("node:fs/promises");require("node:util");require("node:path");require("node:os");require("tty");require("util");require("inspector");require("node:perf_hooks");require("url");require("node:readline");require("node:process");require("node:tty");require("./index3.cjs");require("buffer");require("./index4.cjs");require("stream");require("events");require("string_decoder");require("zlib");require("http");require("https");require("assert");require("process");require("querystring");require("net");require("tls");require("dns");require("fs/promises");require("child_process");require("punycode");require("node:stream");require("node:stream/web");require("http2");require("node:events");require("timers");require("node:crypto");require("readline");require("./index5.cjs");require("./index6.cjs");const isSsoProfile=d(e=>e&&(typeof e.sso_start_url=="string"||typeof e.sso_account_id=="string"||typeof e.sso_session=="string"||typeof e.sso_region=="string"||typeof e.sso_role_name=="string"),"isSsoProfile"),EXPIRE_WINDOW_MS=5*60*1e3,REFRESH_MESSAGE="To refresh this SSO session run 'aws sso login' with the corresponding profile.",getSsoOidcClient=d(async(e,o={})=>{const{SSOOIDCClient:r}=await Promise.resolve().then(function(){return require("./index22.cjs")});return new r(Object.assign({},o.clientConfig??{},{region:e??o.clientConfig?.region,logger:o.clientConfig?.logger??o.parentClientConfig?.logger}))},"getSsoOidcClient"),getNewSsoOidcToken=d(async(e,o,r={})=>{const{CreateTokenCommand:t}=await Promise.resolve().then(function(){return require("./index22.cjs")});return(await getSsoOidcClient(o,r)).send(new t({clientId:e.clientId,clientSecret:e.clientSecret,refreshToken:e.refreshToken,grantType:"refresh_token"}))},"getNewSsoOidcToken"),validateTokenExpiry=d(e=>{if(e.expiration&&e.expiration.getTime()<Date.now())throw new loadSsoSessionData.TokenProviderError(`Token is expired. ${REFRESH_MESSAGE}`,!1)},"validateTokenExpiry"),validateTokenKey=d((e,o,r=!1)=>{if(typeof o>"u")throw new loadSsoSessionData.TokenProviderError(`Value not present for '${e}' in SSO Token${r?". Cannot refresh":""}. ${REFRESH_MESSAGE}`,!1)},"validateTokenKey"),{writeFile}=P.promises,writeSSOTokenToFile=d((e,o)=>{const r=commands_agent.getSSOTokenFilepath(e),t=JSON.stringify(o,null,2);return writeFile(r,t)},"writeSSOTokenToFile"),lastRefreshAttemptTime=new Date(0),fromSso=d((e={})=>async({callerClientConfig:o}={})=>{const r={...e,parentClientConfig:{...o,...e.parentClientConfig}};r.logger?.debug("@aws-sdk/token-providers - fromSso");const t=await parseKnownFiles.parseKnownFiles(r),n=commands_agent.getProfileName({profile:r.profile??o?.profile}),l=t[n];if(l){if(!l.sso_session)throw new loadSsoSessionData.TokenProviderError(`Profile '${n}' is missing required property 'sso_session'.`)}else throw new loadSsoSessionData.TokenProviderError(`Profile '${n}' could not be found in shared credentials file.`,!1);const c=l.sso_session,a=(await loadSsoSessionData.loadSsoSessionData(r))[c];if(!a)throw new loadSsoSessionData.TokenProviderError(`Sso session '${c}' could not be found in shared credentials file.`,!1);for(const i of["sso_start_url","sso_region"])if(!a[i])throw new loadSsoSessionData.TokenProviderError(`Sso session '${c}' is missing required property '${i}'.`,!1);a.sso_start_url;const f=a.sso_region;let s;try{s=await commands_agent.getSSOTokenFromFile(c)}catch{throw new loadSsoSessionData.TokenProviderError(`The SSO session token associated with profile=${n} was not found or is invalid. ${REFRESH_MESSAGE}`,!1)}validateTokenKey("accessToken",s.accessToken),validateTokenKey("expiresAt",s.expiresAt);const{accessToken:p,expiresAt:_}=s,u={token:p,expiration:new Date(_)};if(u.expiration.getTime()-Date.now()>EXPIRE_WINDOW_MS)return u;if(Date.now()-lastRefreshAttemptTime.getTime()<30*1e3)return validateTokenExpiry(u),u;validateTokenKey("clientId",s.clientId,!0),validateTokenKey("clientSecret",s.clientSecret,!0),validateTokenKey("refreshToken",s.refreshToken,!0);try{lastRefreshAttemptTime.setTime(Date.now());const i=await getNewSsoOidcToken(s,f,r);validateTokenKey("accessToken",i.accessToken),validateTokenKey("expiresIn",i.expiresIn);const w=new Date(Date.now()+i.expiresIn*1e3);try{await writeSSOTokenToFile(c,{...s,accessToken:i.accessToken,expiresAt:w.toISOString(),refreshToken:i.refreshToken})}catch{}return{token:i.accessToken,expiration:w}}catch{return validateTokenExpiry(u),u}},"fromSso"),SHOULD_FAIL_CREDENTIAL_CHAIN=!1,resolveSSOCredentials=d(async({ssoStartUrl:e,ssoSession:o,ssoAccountId:r,ssoRegion:t,ssoRoleName:n,ssoClient:l,clientConfig:c,parentClientConfig:h,profile:a,logger:f})=>{let s;const p="To refresh this SSO session run aws sso login with the corresponding profile.";if(o)try{const S=await fromSso({profile:a})();s={accessToken:S.token,expiresAt:new Date(S.expiration).toISOString()}}catch(S){throw new commands_agent.CredentialsProviderError(S.message,{tryNextLink:SHOULD_FAIL_CREDENTIAL_CHAIN,logger:f})}else try{s=await commands_agent.getSSOTokenFromFile(e)}catch{throw new commands_agent.CredentialsProviderError(`The SSO session associated with this profile is invalid. ${p}`,{tryNextLink:SHOULD_FAIL_CREDENTIAL_CHAIN,logger:f})}if(new Date(s.expiresAt).getTime()-Date.now()<=0)throw new commands_agent.CredentialsProviderError(`The SSO session associated with this profile has expired. ${p}`,{tryNextLink:SHOULD_FAIL_CREDENTIAL_CHAIN,logger:f});const{accessToken:_}=s,{SSOClient:u,GetRoleCredentialsCommand:i}=await Promise.resolve().then(function(){return require("./loadSso.cjs")}),w=l||new u(Object.assign({},c??{},{logger:c?.logger??h?.logger,region:c?.region??t}));let q;try{q=await w.send(new i({accountId:r,roleName:n,accessToken:_}))}catch(S){throw new commands_agent.CredentialsProviderError(S,{tryNextLink:SHOULD_FAIL_CREDENTIAL_CHAIN,logger:f})}const{roleCredentials:{accessKeyId:g,secretAccessKey:k,sessionToken:C,expiration:T,credentialScope:y,accountId:x}={}}=q;if(!g||!k||!C||!T)throw new commands_agent.CredentialsProviderError("SSO returns an invalid temporary credential.",{tryNextLink:SHOULD_FAIL_CREDENTIAL_CHAIN,logger:f});const m={accessKeyId:g,secretAccessKey:k,sessionToken:C,expiration:new Date(T),...y&&{credentialScope:y},...x&&{accountId:x}};return o?commands_agent.setCredentialFeature(m,"CREDENTIALS_SSO","s"):commands_agent.setCredentialFeature(m,"CREDENTIALS_SSO_LEGACY","u"),m},"resolveSSOCredentials"),validateSsoProfile=d((e,o)=>{const{sso_start_url:r,sso_account_id:t,sso_region:n,sso_role_name:l}=e;if(!r||!t||!n||!l)throw new commands_agent.CredentialsProviderError(`Profile is configured with invalid SSO credentials. Required parameters "sso_account_id", "sso_region", "sso_role_name", "sso_start_url". Got ${Object.keys(e).join(", ")} Reference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`,{tryNextLink:!1,logger:o});return e},"validateSsoProfile"),fromSSO=d((e={})=>async({callerClientConfig:o}={})=>{e.logger?.debug("@aws-sdk/credential-provider-sso - fromSSO");const{ssoStartUrl:r,ssoAccountId:t,ssoRegion:n,ssoRoleName:l,ssoSession:c}=e,{ssoClient:h}=e,a=commands_agent.getProfileName({profile:e.profile??o?.profile});if(!r&&!t&&!n&&!l&&!c){const s=(await parseKnownFiles.parseKnownFiles(e))[a];if(!s)throw new commands_agent.CredentialsProviderError(`Profile ${a} was not found.`,{logger:e.logger});if(!isSsoProfile(s))throw new commands_agent.CredentialsProviderError(`Profile ${a} is not configured with SSO credentials.`,{logger:e.logger});if(s?.sso_session){const g=(await loadSsoSessionData.loadSsoSessionData(e))[s.sso_session],k=` configurations in profile ${a} and sso-session ${s.sso_session}`;if(n&&n!==g.sso_region)throw new commands_agent.CredentialsProviderError("Conflicting SSO region"+k,{tryNextLink:!1,logger:e.logger});if(r&&r!==g.sso_start_url)throw new commands_agent.CredentialsProviderError("Conflicting SSO start_url"+k,{tryNextLink:!1,logger:e.logger});s.sso_region=g.sso_region,s.sso_start_url=g.sso_start_url}const{sso_start_url:p,sso_account_id:_,sso_region:u,sso_role_name:i,sso_session:w}=validateSsoProfile(s,e.logger);return resolveSSOCredentials({ssoStartUrl:p,ssoSession:w,ssoAccountId:_,ssoRegion:u,ssoRoleName:i,ssoClient:h,clientConfig:e.clientConfig,parentClientConfig:e.parentClientConfig,profile:a})}else{if(!r||!t||!n||!l)throw new commands_agent.CredentialsProviderError('Incomplete configuration. The fromSSO() argument hash must include "ssoStartUrl", "ssoAccountId", "ssoRegion", "ssoRoleName"',{tryNextLink:!1,logger:e.logger});return resolveSSOCredentials({ssoStartUrl:r,ssoSession:c,ssoAccountId:t,ssoRegion:n,ssoRoleName:l,ssoClient:h,clientConfig:e.clientConfig,parentClientConfig:e.parentClientConfig,profile:a})}},"fromSSO");exports.fromSSO=fromSSO;exports.isSsoProfile=isSsoProfile;exports.validateSsoProfile=validateSsoProfile;