aws-cdk-lib/aws-bedrockagentcore/lib/identity/oauth2-credential-provider.js

Version 2 of the AWS Cloud Development Kit library

"use strict";var __runInitializers=exports&&exports.__runInitializers||function(thisArg,initializers,value){for(var useValue=arguments.length>2,i=0;i<initializers.length;i++)value=useValue?initializers[i].call(thisArg,value):initializers[i].call(thisArg);return useValue?value:void 0},__esDecorate=exports&&exports.__esDecorate||function(ctor,descriptorIn,decorators,contextIn,initializers,extraInitializers){function accept(f){if(f!==void 0&&typeof f!="function")throw new TypeError("Function expected");return f}for(var kind=contextIn.kind,key=kind==="getter"?"get":kind==="setter"?"set":"value",target=!descriptorIn&&ctor?contextIn.static?ctor:ctor.prototype:null,descriptor=descriptorIn||(target?Object.getOwnPropertyDescriptor(target,contextIn.name):{}),_,done=!1,i=decorators.length-1;i>=0;i--){var context={};for(var p in contextIn)context[p]=p==="access"?{}:contextIn[p];for(var p in contextIn.access)context.access[p]=contextIn.access[p];context.addInitializer=function(f){if(done)throw new TypeError("Cannot add initializers after decoration has completed");extraInitializers.push(accept(f||null))};var result=(0,decorators[i])(kind==="accessor"?{get:descriptor.get,set:descriptor.set}:descriptor[key],context);if(kind==="accessor"){if(result===void 0)continue;if(result===null||typeof result!="object")throw new TypeError("Object expected");(_=accept(result.get))&&(descriptor.get=_),(_=accept(result.set))&&(descriptor.set=_),(_=accept(result.init))&&initializers.unshift(_)}else(_=accept(result))&&(kind==="field"?initializers.unshift(_):descriptor[key]=_)}target&&Object.defineProperty(target,contextIn.name,descriptor),done=!0};Object.defineProperty(exports,"__esModule",{value:!0}),exports.OAuth2CredentialProvider=exports.OAuth2CredentialProviderVendor=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var grant_helpers_1=()=>{var tmp=require("./grant-helpers");return grant_helpers_1=()=>tmp,tmp},perms_1=()=>{var tmp=require("./perms");return perms_1=()=>tmp,tmp},validation_helpers_1=()=>{var tmp=require("./validation-helpers");return validation_helpers_1=()=>tmp,tmp},aws_bedrockagentcore_1=()=>{var tmp=require("../../../aws-bedrockagentcore");return aws_bedrockagentcore_1=()=>tmp,tmp},iam=()=>{var tmp=require("../../../aws-iam");return iam=()=>tmp,tmp},core_1=()=>{var tmp=require("../../../core");return core_1=()=>tmp,tmp},helpers_internal_1=()=>{var tmp=require("../../../core/lib/helpers-internal");return helpers_internal_1=()=>tmp,tmp},metadata_resource_1=()=>{var tmp=require("../../../core/lib/metadata-resource");return metadata_resource_1=()=>tmp,tmp},prop_injectable_1=()=>{var tmp=require("../../../core/lib/prop-injectable");return prop_injectable_1=()=>tmp,tmp};class OAuth2CredentialProviderVendor{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_bedrockagentcore.OAuth2CredentialProviderVendor",version:"2.257.0"};static GOOGLE=new OAuth2CredentialProviderVendor("GoogleOauth2");static GITHUB=new OAuth2CredentialProviderVendor("GithubOauth2");static SLACK=new OAuth2CredentialProviderVendor("SlackOauth2");static SALESFORCE=new OAuth2CredentialProviderVendor("SalesforceOauth2");static MICROSOFT=new OAuth2CredentialProviderVendor("MicrosoftOauth2");static CUSTOM=new OAuth2CredentialProviderVendor("CustomOauth2");static ATLASSIAN=new OAuth2CredentialProviderVendor("AtlassianOauth2");static LINKEDIN=new OAuth2CredentialProviderVendor("LinkedinOauth2");static X=new OAuth2CredentialProviderVendor("XOauth2");static OKTA=new OAuth2CredentialProviderVendor("OktaOauth2");static ONE_LOGIN=new OAuth2CredentialProviderVendor("OneLoginOauth2");static PING_ONE=new OAuth2CredentialProviderVendor("PingOneOauth2");static FACEBOOK=new OAuth2CredentialProviderVendor("FacebookOauth2");static YANDEX=new OAuth2CredentialProviderVendor("YandexOauth2");static REDDIT=new OAuth2CredentialProviderVendor("RedditOauth2");static ZOOM=new OAuth2CredentialProviderVendor("ZoomOauth2");static TWITCH=new OAuth2CredentialProviderVendor("TwitchOauth2");static SPOTIFY=new OAuth2CredentialProviderVendor("SpotifyOauth2");static DROPBOX=new OAuth2CredentialProviderVendor("DropboxOauth2");static NOTION=new OAuth2CredentialProviderVendor("NotionOauth2");static HUBSPOT=new OAuth2CredentialProviderVendor("HubspotOauth2");static CYBER_ARK=new OAuth2CredentialProviderVendor("CyberArkOauth2");static FUSION_AUTH=new OAuth2CredentialProviderVendor("FusionAuthOauth2");static AUTH0=new OAuth2CredentialProviderVendor("Auth0Oauth2");static COGNITO=new OAuth2CredentialProviderVendor("CognitoOauth2");static of(value){return new OAuth2CredentialProviderVendor(value)}value;constructor(value){this.value=value}toString(){return this.value}}exports.OAuth2CredentialProviderVendor=OAuth2CredentialProviderVendor;function oauth2AuthorizationServerMetadataContainsUnresolved(meta){for(const value of Object.values(meta)){if(typeof value=="string"&&core_1().Token.isUnresolved(value))return!0;if(Array.isArray(value)){for(const item of value)if(typeof item=="string"&&core_1().Token.isUnresolved(item))return!0}}return!1}function assertCustomOAuth2DiscoveryXor(scope,props){const discoveryUrl=props.discoveryUrl,metadata=props.authorizationServerMetadata,hasDiscoveryUrl=discoveryUrl!==void 0&&discoveryUrl!=="",hasMetadata=metadata!==void 0;if(hasDiscoveryUrl&&hasMetadata)throw new(core_1()).ValidationError((0,helpers_internal_1().lit)`CustomOAuth2DiscoveryExclusive`,"Provide either discoveryUrl or authorizationServerMetadata for a custom OAuth2 credential provider, not both.",scope);const discoveryUnresolved=discoveryUrl!==void 0&&core_1().Token.isUnresolved(discoveryUrl),metadataUnresolved=metadata!==void 0&&oauth2AuthorizationServerMetadataContainsUnresolved(metadata);if(!(discoveryUnresolved||metadataUnresolved)&&!hasDiscoveryUrl&&!hasMetadata)throw new(core_1()).ValidationError((0,helpers_internal_1().lit)`CustomOAuth2DiscoveryRequired`,"Provide either discoveryUrl or authorizationServerMetadata for a custom OAuth2 credential provider.",scope)}class OAuth2CredentialProviderBase extends core_1().Resource{grantPrincipal=new(iam()).UnknownPrincipal({resource:this});get oAuth2CredentialProviderRef(){return{credentialProviderArn:this.credentialProviderArn}}constructor(scope,id,props){super(scope,id,props)}grant(grantee,...actions){return iam().Grant.addToPrincipal({grantee,actions,resourceArns:(0,grant_helpers_1().buildIdentityResourceArns)(this,this.credentialProviderArn,grant_helpers_1().TOKEN_VAULT_OAUTH2_PARENT_RESOURCES)})}grantRead(grantee){return(0,grant_helpers_1().grantReadWithList)(this,grantee,this.credentialProviderArn,perms_1().OAuth2CredentialProviderIdentityPerms.READ_PERMS,perms_1().OAuth2CredentialProviderIdentityPerms.LIST_PERMS,grant_helpers_1().TOKEN_VAULT_OAUTH2_PARENT_RESOURCES)}grantAdmin(grantee){const bedrock=this.grant(grantee,...perms_1().OAuth2CredentialProviderIdentityPerms.ADMIN_PERMS),secret=(0,grant_helpers_1().grantCredentialSecret)(this,grantee,this.clientSecretArn,[...perms_1().TOKEN_VAULT_CREDENTIAL_SECRET_WRITE_PERMS]);return secret?bedrock.combine(secret):bedrock}grantUse(grantee){const bedrock=iam().Grant.addToPrincipal({grantee,actions:[...perms_1().OAuth2CredentialProviderIdentityPerms.USE_PERMS],resourceArns:(0,grant_helpers_1().buildIdentityResourceArns)(this,this.credentialProviderArn,[...grant_helpers_1().TOKEN_VAULT_OAUTH2_PARENT_RESOURCES,...grant_helpers_1().WORKLOAD_IDENTITY_USE_RESOURCES])}),secret=(0,grant_helpers_1().grantCredentialSecret)(this,grantee,this.clientSecretArn,[...perms_1().TOKEN_VAULT_CREDENTIAL_SECRET_READ_PERMS]);return secret?bedrock.combine(secret):bedrock}grantFullAccess(grantee){const bedrock=iam().Grant.addToPrincipal({grantee,actions:[...perms_1().OAuth2CredentialProviderIdentityPerms.FULL_ACCESS_PERMS],resourceArns:(0,grant_helpers_1().buildIdentityResourceArns)(this,this.credentialProviderArn,[...grant_helpers_1().TOKEN_VAULT_OAUTH2_PARENT_RESOURCES,...grant_helpers_1().WORKLOAD_IDENTITY_USE_RESOURCES])}),secret=(0,grant_helpers_1().grantCredentialSecret)(this,grantee,this.clientSecretArn,[...perms_1().TOKEN_VAULT_CREDENTIAL_SECRET_READ_PERMS,...perms_1().TOKEN_VAULT_CREDENTIAL_SECRET_WRITE_PERMS]);return secret?bedrock.combine(secret):bedrock}}function newOAuth2WithIncludedClientCredentialsOnly(scope,id,vendor,props){return new OAuth2CredentialProvider(scope,id,{oAuth2CredentialProviderName:props.oAuth2CredentialProviderName,tags:props.tags,credentialProviderVendor:vendor.value,oauth2ProviderConfigInput:{includedOauth2ProviderConfig:{clientId:props.clientId,clientSecret:props.clientSecret.unsafeUnwrap()}}})}function newOAuth2WithIncludedTenant(scope,id,vendor,props){return new OAuth2CredentialProvider(scope,id,{oAuth2CredentialProviderName:props.oAuth2CredentialProviderName,tags:props.tags,credentialProviderVendor:vendor.value,oauth2ProviderConfigInput:{includedOauth2ProviderConfig:{clientId:props.clientId,clientSecret:props.clientSecret.unsafeUnwrap(),authorizationEndpoint:props.authorizationEndpoint,issuer:props.issuer,tokenEndpoint:props.tokenEndpoint}}})}let OAuth2CredentialProvider=(()=>{let _classDecorators=[prop_injectable_1().propertyInjectable],_classDescriptor,_classExtraInitializers=[],_classThis,_classSuper=OAuth2CredentialProviderBase,_instanceExtraInitializers=[],_bindForGatewayOAuthTarget_decorators;var OAuth2CredentialProvider2=class extends _classSuper{static{_classThis=this}static{const _metadata=typeof Symbol=="function"&&Symbol.metadata?Object.create(_classSuper[Symbol.metadata]??null):void 0;_bindForGatewayOAuthTarget_decorators=[(0,metadata_resource_1().MethodMetadata)()],__esDecorate(this,null,_bindForGatewayOAuthTarget_decorators,{kind:"method",name:"bindForGatewayOAuthTarget",static:!1,private:!1,access:{has:obj=>"bindForGatewayOAuthTarget"in obj,get:obj=>obj.bindForGatewayOAuthTarget},metadata:_metadata},null,_instanceExtraInitializers),__esDecorate(null,_classDescriptor={value:_classThis},_classDecorators,{kind:"class",name:_classThis.name,metadata:_metadata},null,_classExtraInitializers),OAuth2CredentialProvider2=_classThis=_classDescriptor.value,_metadata&&Object.defineProperty(_classThis,Symbol.metadata,{enumerable:!0,configurable:!0,writable:!0,value:_metadata})}static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_bedrockagentcore.OAuth2CredentialProvider",version:"2.257.0"};static PROPERTY_INJECTION_ID="aws-cdk-lib.aws-bedrockagentcore.OAuth2CredentialProvider";static usingSlack(scope,id,props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_bedrockagentcore_SlackOAuth2CredentialProviderProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.usingSlack),error}return new OAuth2CredentialProvider2(scope,id,{oAuth2CredentialProviderName:props.oAuth2CredentialProviderName,tags:props.tags,credentialProviderVendor:OAuth2CredentialProviderVendor.SLACK.value,oauth2ProviderConfigInput:{slackOauth2ProviderConfig:{clientId:props.clientId,clientSecret:props.clientSecret.unsafeUnwrap()}}})}static usingGithub(scope,id,props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_bedrockagentcore_GithubOAuth2CredentialProviderProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.usingGithub),error}return new OAuth2CredentialProvider2(scope,id,{oAuth2CredentialProviderName:props.oAuth2CredentialProviderName,tags:props.tags,credentialProviderVendor:OAuth2CredentialProviderVendor.GITHUB.value,oauth2ProviderConfigInput:{githubOauth2ProviderConfig:{clientId:props.clientId,clientSecret:props.clientSecret.unsafeUnwrap()}}})}static usingGoogle(scope,id,props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_bedrockagentcore_GoogleOAuth2CredentialProviderProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.usingGoogle),error}return new OAuth2CredentialProvider2(scope,id,{oAuth2CredentialProviderName:props.oAuth2CredentialProviderName,tags:props.tags,credentialProviderVendor:OAuth2CredentialProviderVendor.GOOGLE.value,oauth2ProviderConfigInput:{googleOauth2ProviderConfig:{clientId:props.clientId,clientSecret:props.clientSecret.unsafeUnwrap()}}})}static usingSalesforce(scope,id,props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_bedrockagentcore_SalesforceOAuth2CredentialProviderProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.usingSalesforce),error}return new OAuth2CredentialProvider2(scope,id,{oAuth2CredentialProviderName:props.oAuth2CredentialProviderName,tags:props.tags,credentialProviderVendor:OAuth2CredentialProviderVendor.SALESFORCE.value,oauth2ProviderConfigInput:{salesforceOauth2ProviderConfig:{clientId:props.clientId,clientSecret:props.clientSecret.unsafeUnwrap()}}})}static usingMicrosoft(scope,id,props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_bedrockagentcore_MicrosoftOAuth2CredentialProviderProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.usingMicrosoft),error}return new OAuth2CredentialProvider2(scope,id,{oAuth2CredentialProviderName:props.oAuth2CredentialProviderName,tags:props.tags,credentialProviderVendor:OAuth2CredentialProviderVendor.MICROSOFT.value,oauth2ProviderConfigInput:{microsoftOauth2ProviderConfig:{clientId:props.clientId,clientSecret:props.clientSecret.unsafeUnwrap(),tenantId:props.tenantId}}})}static usingAtlassian(scope,id,props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_bedrockagentcore_AtlassianOAuth2CredentialProviderProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.usingAtlassian),error}return new OAuth2CredentialProvider2(scope,id,{oAuth2CredentialProviderName:props.oAuth2CredentialProviderName,tags:props.tags,credentialProviderVendor:OAuth2CredentialProviderVendor.ATLASSIAN.value,oauth2ProviderConfigInput:{atlassianOauth2ProviderConfig:{clientId:props.clientId,clientSecret:props.clientSecret.unsafeUnwrap()}}})}static usingLinkedin(scope,id,props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_bedrockagentcore_LinkedinOAuth2CredentialProviderProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.usingLinkedin),error}return new OAuth2CredentialProvider2(scope,id,{oAuth2CredentialProviderName:props.oAuth2CredentialProviderName,tags:props.tags,credentialProviderVendor:OAuth2CredentialProviderVendor.LINKEDIN.value,oauth2ProviderConfigInput:{linkedinOauth2ProviderConfig:{clientId:props.clientId,clientSecret:props.clientSecret.unsafeUnwrap()}}})}static usingOkta(scope,id,props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_bedrockagentcore_IncludedOauth2TenantCredentialProviderProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.usingOkta),error}return newOAuth2WithIncludedTenant(scope,id,OAuth2CredentialProviderVendor.OKTA,props)}static usingOneLogin(scope,id,props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_bedrockagentcore_IncludedOauth2TenantCredentialProviderProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.usingOneLogin),error}return newOAuth2WithIncludedTenant(scope,id,OAuth2CredentialProviderVendor.ONE_LOGIN,props)}static usingPingOne(scope,id,props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_bedrockagentcore_IncludedOauth2TenantCredentialProviderProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.usingPingOne),error}return newOAuth2WithIncludedTenant(scope,id,OAuth2CredentialProviderVendor.PING_ONE,props)}static usingX(scope,id,props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_bedrockagentcore_XOAuth2CredentialProviderProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.usingX),error}return newOAuth2WithIncludedClientCredentialsOnly(scope,id,OAuth2CredentialProviderVendor.X,props)}static usingFacebook(scope,id,props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_bedrockagentcore_FacebookOAuth2CredentialProviderProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.usingFacebook),error}return newOAuth2WithIncludedClientCredentialsOnly(scope,id,OAuth2CredentialProviderVendor.FACEBOOK,props)}static usingYandex(scope,id,props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_bedrockagentcore_YandexOAuth2CredentialProviderProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.usingYandex),error}return newOAuth2WithIncludedClientCredentialsOnly(scope,id,OAuth2CredentialProviderVendor.YANDEX,props)}static usingReddit(scope,id,props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_bedrockagentcore_RedditOAuth2CredentialProviderProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.usingReddit),error}return newOAuth2WithIncludedClientCredentialsOnly(scope,id,OAuth2CredentialProviderVendor.REDDIT,props)}static usingZoom(scope,id,props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_bedrockagentcore_ZoomOAuth2CredentialProviderProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.usingZoom),error}return newOAuth2WithIncludedClientCredentialsOnly(scope,id,OAuth2CredentialProviderVendor.ZOOM,props)}static usingTwitch(scope,id,props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_bedrockagentcore_TwitchOAuth2CredentialProviderProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.usingTwitch),error}return newOAuth2WithIncludedClientCredentialsOnly(scope,id,OAuth2CredentialProviderVendor.TWITCH,props)}static usingSpotify(scope,id,props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_bedrockagentcore_SpotifyOAuth2CredentialProviderProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.usingSpotify),error}return newOAuth2WithIncludedClientCredentialsOnly(scope,id,OAuth2CredentialProviderVendor.SPOTIFY,props)}static usingDropbox(scope,id,props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_bedrockagentcore_DropboxOAuth2CredentialProviderProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.usingDropbox),error}return newOAuth2WithIncludedClientCredentialsOnly(scope,id,OAuth2CredentialProviderVendor.DROPBOX,props)}static usingNotion(scope,id,props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_bedrockagentcore_NotionOAuth2CredentialProviderProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.usingNotion),error}return newOAuth2WithIncludedClientCredentialsOnly(scope,id,OAuth2CredentialProviderVendor.NOTION,props)}static usingHubspot(scope,id,props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_bedrockagentcore_HubspotOAuth2CredentialProviderProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.usingHubspot),error}return newOAuth2WithIncludedClientCredentialsOnly(scope,id,OAuth2CredentialProviderVendor.HUBSPOT,props)}static usingCyberArk(scope,id,props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_bedrockagentcore_IncludedOauth2TenantCredentialProviderProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.usingCyberArk),error}return newOAuth2WithIncludedTenant(scope,id,OAuth2CredentialProviderVendor.CYBER_ARK,props)}static usingFusionAuth(scope,id,props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_bedrockagentcore_IncludedOauth2TenantCredentialProviderProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.usingFusionAuth),error}return newOAuth2WithIncludedTenant(scope,id,OAuth2CredentialProviderVendor.FUSION_AUTH,props)}static usingAuth0(scope,id,props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_bedrockagentcore_IncludedOauth2TenantCredentialProviderProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.usingAuth0),error}return newOAuth2WithIncludedTenant(scope,id,OAuth2CredentialProviderVendor.AUTH0,props)}static usingCognito(scope,id,props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_bedrockagentcore_IncludedOauth2TenantCredentialProviderProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.usingCognito),error}return newOAuth2WithIncludedTenant(scope,id,OAuth2CredentialProviderVendor.COGNITO,props)}static usingCustom(scope,id,props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_bedrockagentcore_CustomOAuth2CredentialProviderProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.usingCustom),error}assertCustomOAuth2DiscoveryXor(scope,props);const oauthDiscovery=props.discoveryUrl!==void 0?{discoveryUrl:props.discoveryUrl}:{authorizationServerMetadata:props.authorizationServerMetadata};return new OAuth2CredentialProvider2(scope,id,{oAuth2CredentialProviderName:props.oAuth2CredentialProviderName,tags:props.tags,credentialProviderVendor:OAuth2CredentialProviderVendor.CUSTOM.value,oauth2ProviderConfigInput:{customOauth2ProviderConfig:{clientId:props.clientId,clientSecret:props.clientSecret.unsafeUnwrap(),oauthDiscovery}}})}static fromOAuth2CredentialProviderAttributes(scope,id,attrs){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_bedrockagentcore_OAuth2CredentialProviderAttributes(attrs)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromOAuth2CredentialProviderAttributes),error}class Import extends OAuth2CredentialProviderBase{credentialProviderArn=attrs.credentialProviderArn;credentialProviderVendor=attrs.credentialProviderVendor;callbackUrl=attrs.callbackUrl;clientSecretArn=attrs.clientSecretArn;createdTime=attrs.createdTime;lastUpdatedTime=attrs.lastUpdatedTime;constructor(s,i){super(s,i)}bindForGatewayOAuthTarget(scopes,customParameters){if(this.clientSecretArn==null||this.clientSecretArn==="")throw new(core_1()).ValidationError((0,helpers_internal_1().lit)`MissingOAuth2ClientSecretArn`,"clientSecretArn is not available on this OAuth2CredentialProvider (imported providers must pass clientSecretArn in fromOAuth2CredentialProviderAttributes).",this);return{providerArn:this.credentialProviderArn,secretArn:this.clientSecretArn,scopes,customParameters}}}return new Import(scope,id)}credentialProviderArn=__runInitializers(this,_instanceExtraInitializers);credentialProviderVendor;oAuth2CredentialProviderName;callbackUrl;createdTime;lastUpdatedTime;_clientSecretArn;__resource;get clientSecretArn(){return this._clientSecretArn===void 0&&(this._clientSecretArn=core_1().Token.asString(this.__resource.attrClientSecretArn)),this._clientSecretArn}constructor(scope,id,props){super(scope,id,{physicalName:props.oAuth2CredentialProviderName??core_1().Lazy.string({produce:()=>core_1().Names.uniqueResourceName(this,{maxLength:128})})});try{jsiiDeprecationWarnings().aws_cdk_lib_aws_bedrockagentcore_OAuth2CredentialProviderProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,OAuth2CredentialProvider2),error}(0,metadata_resource_1().addConstructMetadata)(this,props),this.oAuth2CredentialProviderName=this.physicalName,this.credentialProviderVendor=props.credentialProviderVendor,(0,validation_helpers_1().throwIfInvalid)(validation_helpers_1().validateCredentialProviderName,this.oAuth2CredentialProviderName,this),(0,validation_helpers_1().throwIfInvalid)(validation_helpers_1().validateCredentialProviderTags,props.tags,this);const cfnProps={name:this.oAuth2CredentialProviderName,credentialProviderVendor:props.credentialProviderVendor,oauth2ProviderConfigInput:props.oauth2ProviderConfigInput,tags:props.tags&&Object.keys(props.tags).length>0?Object.entries(props.tags).map(([key,value])=>({key,value})):void 0};this.__resource=new(aws_bedrockagentcore_1()).CfnOAuth2CredentialProvider(this,"Resource",cfnProps),this.credentialProviderArn=this.__resource.attrCredentialProviderArn,this.callbackUrl=this.__resource.attrCallbackUrl,this.createdTime=this.__resource.attrCreatedTime,this.lastUpdatedTime=this.__resource.attrLastUpdatedTime}bindForGatewayOAuthTarget(scopes,customParameters){const secretArn=this.clientSecretArn;if(secretArn==null)throw new(core_1()).ValidationError((0,helpers_internal_1().lit)`MissingOAuth2ClientSecretArn`,"clientSecretArn is not available \u2014 the CloudFormation attribute has not resolved yet.",this);return{providerArn:this.credentialProviderArn,secretArn,scopes,customParameters}}static{__runInitializers(_classThis,_classExtraInitializers)}};return OAuth2CredentialProvider2=_classThis})();exports.OAuth2CredentialProvider=OAuth2CredentialProvider;