UNPKG

@softchef/cdk-iot-device-management

Version:

IoT device management is composed of things, thing types, thing groups, jobs, files API services. The constructs can be used independently, that are based on full-managed service to create an API Gateway & Lambda function.

github.com/SoftChef/cdk-iot-device-management

SoftChef/cdk-iot-device-management

106 lines (105 loc) 5.9 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.fromIni = void 0; const credential_provider_env_1 = require("@aws-sdk/credential-provider-env"); const credential_provider_imds_1 = require("@aws-sdk/credential-provider-imds"); const credential_provider_sso_1 = require("@aws-sdk/credential-provider-sso"); const credential_provider_web_identity_1 = require("@aws-sdk/credential-provider-web-identity"); const property_provider_1 = require("@aws-sdk/property-provider"); const util_credentials_1 = require("@aws-sdk/util-credentials"); const isStaticCredsProfile = (arg) => Boolean(arg) && typeof arg === "object" && typeof arg.aws_access_key_id === "string" && typeof arg.aws_secret_access_key === "string" && ["undefined", "string"].indexOf(typeof arg.aws_session_token) > -1; const isWebIdentityProfile = (arg) => Boolean(arg) && typeof arg === "object" && typeof arg.web_identity_token_file === "string" && typeof arg.role_arn === "string" && ["undefined", "string"].indexOf(typeof arg.role_session_name) > -1; const isAssumeRoleProfile = (arg) => Boolean(arg) && typeof arg === "object" && typeof arg.role_arn === "string" && ["undefined", "string"].indexOf(typeof arg.role_session_name) > -1 && ["undefined", "string"].indexOf(typeof arg.external_id) > -1 && ["undefined", "string"].indexOf(typeof arg.mfa_serial) > -1; const isAssumeRoleWithSourceProfile = (arg) => isAssumeRoleProfile(arg) && typeof arg.source_profile === "string" && typeof arg.credential_source === "undefined"; const isAssumeRoleWithProviderProfile = (arg) => isAssumeRoleProfile(arg) && typeof arg.credential_source === "string" && typeof arg.source_profile === "undefined"; const fromIni = (init = {}) => async () => { const profiles = await util_credentials_1.parseKnownFiles(init); return resolveProfileData(util_credentials_1.getMasterProfileName(init), profiles, init); }; exports.fromIni = fromIni; const resolveProfileData = async (profileName, profiles, options, visitedProfiles = {}) => { const data = profiles[profileName]; if (Object.keys(visitedProfiles).length > 0 && isStaticCredsProfile(data)) { return resolveStaticCredentials(data); } if (isAssumeRoleWithSourceProfile(data) || isAssumeRoleWithProviderProfile(data)) { const { external_id: ExternalId, mfa_serial, role_arn: RoleArn, role_session_name: RoleSessionName = "aws-sdk-js-" + Date.now(), source_profile, credential_source, } = data; if (!options.roleAssumer) { throw new property_provider_1.CredentialsProviderError(`Profile ${profileName} requires a role to be assumed, but no` + ` role assumption callback was provided.`, false); } if (source_profile && source_profile in visitedProfiles) { throw new property_provider_1.CredentialsProviderError(`Detected a cycle attempting to resolve credentials for profile` + ` ${util_credentials_1.getMasterProfileName(options)}. Profiles visited: ` + Object.keys(visitedProfiles).join(", "), false); } const sourceCreds = source_profile ? resolveProfileData(source_profile, profiles, options, { ...visitedProfiles, [source_profile]: true, }) : resolveCredentialSource(credential_source, profileName)(); const params = { RoleArn, RoleSessionName, ExternalId }; if (mfa_serial) { if (!options.mfaCodeProvider) { throw new property_provider_1.CredentialsProviderError(`Profile ${profileName} requires multi-factor authentication,` + ` but no MFA code callback was provided.`, false); } params.SerialNumber = mfa_serial; params.TokenCode = await options.mfaCodeProvider(mfa_serial); } return options.roleAssumer(await sourceCreds, params); } if (isStaticCredsProfile(data)) { return resolveStaticCredentials(data); } if (isWebIdentityProfile(data)) { return resolveWebIdentityCredentials(data, options); } if (credential_provider_sso_1.isSsoProfile(data)) { const { sso_start_url, sso_account_id, sso_region, sso_role_name } = credential_provider_sso_1.validateSsoProfile(data); return credential_provider_sso_1.fromSSO({ ssoStartUrl: sso_start_url, ssoAccountId: sso_account_id, ssoRegion: sso_region, ssoRoleName: sso_role_name, })(); } throw new property_provider_1.CredentialsProviderError(`Profile ${profileName} could not be found or parsed in shared` + ` credentials file.`); }; const resolveCredentialSource = (credentialSource, profileName) => { const sourceProvidersMap = { EcsContainer: credential_provider_imds_1.fromContainerMetadata, Ec2InstanceMetadata: credential_provider_imds_1.fromInstanceMetadata, Environment: credential_provider_env_1.fromEnv, }; if (credentialSource in sourceProvidersMap) { return sourceProvidersMap[credentialSource](); } else { throw new property_provider_1.CredentialsProviderError(`Unsupported credential source in profile ${profileName}. Got ${credentialSource}, ` + `expected EcsContainer or Ec2InstanceMetadata or Environment.`); } }; const resolveStaticCredentials = (profile) => Promise.resolve({ accessKeyId: profile.aws_access_key_id, secretAccessKey: profile.aws_secret_access_key, sessionToken: profile.aws_session_token, }); const resolveWebIdentityCredentials = async (profile, options) => credential_provider_web_identity_1.fromTokenFile({ webIdentityTokenFile: profile.web_identity_token_file, roleArn: profile.role_arn, roleSessionName: profile.role_session_name, roleAssumerWithWebIdentity: options.roleAssumerWithWebIdentity, })();