UNPKG

aws-cdk

Version:

CDK Toolkit, the command line tool for CDK apps

164 lines (163 loc) 6.28 kB
import * as AWS from 'aws-sdk'; import type { ConfigurationOptions } from 'aws-sdk/lib/config-base'; import { Account } from './sdk-provider'; export interface ISDK { /** * The region this SDK has been instantiated for * * (As distinct from the `defaultRegion()` on SdkProvider which * represents the region configured in the default config). */ readonly currentRegion: string; /** * The Account this SDK has been instantiated for * * (As distinct from the `defaultAccount()` on SdkProvider which * represents the account available by using default credentials). */ currentAccount(): Promise<Account>; getEndpointSuffix(region: string): string; /** * Appends the given string as the extra information to put into the User-Agent header for any requests invoked by this SDK. * If the string is 'undefined', this method has no effect. */ appendCustomUserAgent(userAgentData?: string): void; /** * Removes the given string from the extra User-Agent header data used for requests invoked by this SDK. */ removeCustomUserAgent(userAgentData: string): void; lambda(): AWS.Lambda; cloudFormation(): AWS.CloudFormation; ec2(): AWS.EC2; iam(): AWS.IAM; ssm(): AWS.SSM; s3(): AWS.S3; route53(): AWS.Route53; ecr(): AWS.ECR; ecs(): AWS.ECS; elbv2(): AWS.ELBv2; secretsManager(): AWS.SecretsManager; kms(): AWS.KMS; stepFunctions(): AWS.StepFunctions; codeBuild(): AWS.CodeBuild; cloudWatchLogs(): AWS.CloudWatchLogs; appsync(): AWS.AppSync; } /** * Additional SDK configuration options */ export interface SdkOptions { /** * Additional descriptive strings that indicate where the "AssumeRole" credentials are coming from * * Will be printed in an error message to help users diagnose auth problems. */ readonly assumeRoleCredentialsSourceDescription?: string; } /** * Base functionality of SDK without credential fetching */ export declare class SDK implements ISDK { private readonly _credentials; private readonly sdkOptions; private static readonly accountCache; readonly currentRegion: string; private readonly config; /** * Default retry options for SDK clients. */ private readonly retryOptions; /** * The more generous retry policy for CloudFormation, which has a 1 TPM limit on certain APIs, * which are abundantly used for deployment tracking, ... * * So we're allowing way more retries, but waiting a bit more. */ private readonly cloudFormationRetryOptions; /** * STS is used to check credential validity, don't do too many retries. */ private readonly stsRetryOptions; /** * Whether we have proof that the credentials have not expired * * We need to do some manual plumbing around this because the JS SDKv2 treats `ExpiredToken` * as retriable and we have hefty retries on CFN calls making the CLI hang for a good 15 minutes * if the credentials have expired. */ private _credentialsValidated; constructor(_credentials: AWS.Credentials, region: string, httpOptions?: ConfigurationOptions, sdkOptions?: SdkOptions); appendCustomUserAgent(userAgentData?: string): void; removeCustomUserAgent(userAgentData: string): void; lambda(): AWS.Lambda; cloudFormation(): AWS.CloudFormation; ec2(): AWS.EC2; iam(): AWS.IAM; ssm(): AWS.SSM; s3(): AWS.S3; route53(): AWS.Route53; ecr(): AWS.ECR; ecs(): AWS.ECS; elbv2(): AWS.ELBv2; secretsManager(): AWS.SecretsManager; kms(): AWS.KMS; stepFunctions(): AWS.StepFunctions; codeBuild(): AWS.CodeBuild; cloudWatchLogs(): AWS.CloudWatchLogs; appsync(): AWS.AppSync; currentAccount(): Promise<Account>; /** * Return the current credentials * * Don't use -- only used to write tests around assuming roles. */ currentCredentials(): Promise<AWS.Credentials>; /** * Force retrieval of the current credentials * * Relevant if the current credentials are AssumeRole credentials -- do the actual * lookup, and translate any error into a useful error message (taking into * account credential provenance). */ forceCredentialRetrieval(): Promise<void>; /** * Make sure the the current credentials are not expired */ validateCredentials(): Promise<void>; getEndpointSuffix(region: string): string; /** * Return a wrapping object for the underlying service object * * Responds to failures in the underlying service calls, in two different * ways: * * - When errors are encountered, log the failing call and the error that * it triggered (at debug level). This is necessary because the lack of * stack traces in NodeJS otherwise makes it very hard to suss out where * a certain AWS error occurred. * - The JS SDK has a funny business of wrapping any credential-based error * in a super-generic (and in our case wrong) exception. If we then use a * 'ChainableTemporaryCredentials' and the target role doesn't exist, * the error message that shows up by default is super misleading * (https://github.com/aws/aws-sdk-js/issues/3272). We can fix this because * the exception contains the "inner exception", so we unwrap and throw * the correct error ("cannot assume role"). * * The wrapping business below is slightly more complicated than you'd think * because we must hook into the `promise()` method of the object that's being * returned from the methods of the object that we wrap, so there's two * levels of wrapping going on, and also some exceptions to the wrapping magic. */ private wrapServiceErrorHandling; /** * Extract a more detailed error out of a generic error if we can * * If this is an error about Assuming Roles, add in the context showing the * chain of credentials we used to try to assume the role. */ private makeDetailedException; } /** * Return whether an error should not be recovered from */ export declare function isUnrecoverableAwsError(e: Error): boolean;