aws-secrets-manager-wrapper/dist/610.index.js

A TypeScript wrapper for AWS Secrets Manager that simplifies common operations and provides a more user-friendly interface.

"use strict";exports.id=610,exports.ids=[610],exports.modules={3610:(e,t,r)=>{r.d(t,{fromHttp:()=>h});var o=r(244),n=r(4029),s=r(8112),a=r(1943),i=r.n(a),c=r(5479),l=r(1540),d=r(7509);const h=(e={})=>{let t;e.logger?.debug("@aws-sdk/credential-provider-http - fromHttp");const r=e.awsContainerCredentialsRelativeUri??process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI,a=e.awsContainerCredentialsFullUri??process.env.AWS_CONTAINER_CREDENTIALS_FULL_URI,h=e.awsContainerAuthorizationToken??process.env.AWS_CONTAINER_AUTHORIZATION_TOKEN,g=e.awsContainerAuthorizationTokenFile??process.env.AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE,p="NoOpLogger"!==e.logger?.constructor?.name&&e.logger?e.logger.warn:console.warn;if(r&&a&&(p("@aws-sdk/credential-provider-http: you have set both awsContainerCredentialsRelativeUri and awsContainerCredentialsFullUri."),p("awsContainerCredentialsFullUri will take precedence.")),h&&g&&(p("@aws-sdk/credential-provider-http: you have set both awsContainerAuthorizationToken and awsContainerAuthorizationTokenFile."),p("awsContainerAuthorizationToken will take precedence.")),a)t=a;else{if(!r)throw new s.C1("No HTTP credential provider host provided.\nSet AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI.",{logger:e.logger});t=`http://169.254.170.2${r}`}const u=new URL(t);((e,t)=>{if("https:"!==e.protocol&&"169.254.170.2"!==e.hostname&&"169.254.170.23"!==e.hostname&&"[fd00:ec2::23]"!==e.hostname){if(e.hostname.includes("[")){if("[::1]"===e.hostname||"[0000:0000:0000:0000:0000:0000:0000:0001]"===e.hostname)return}else{if("localhost"===e.hostname)return;const t=e.hostname.split("."),r=e=>{const t=parseInt(e,10);return 0<=t&&t<=255};if("127"===t[0]&&r(t[1])&&r(t[2])&&r(t[3])&&4===t.length)return}throw new s.C1("URL not accepted. It must either be HTTPS or match one of the following:\n  - loopback CIDR 127.0.0.0/8 or [::1/128]\n  - ECS container host 169.254.170.2\n  - EKS container host 169.254.170.23 or [fd00:ec2::23]",{logger:t})}})(u,e.logger);const w=new n.$c({requestTimeout:e.timeout??1e3,connectionTimeout:e.timeout??1e3});return C=async()=>{const t=function(e){return new c.Kd({protocol:e.protocol,hostname:e.hostname,port:Number(e.port),path:e.pathname,query:Array.from(e.searchParams.entries()).reduce(((e,[t,r])=>(e[t]=r,e)),{}),fragment:e.hash})}(u);h?t.headers.Authorization=h:g&&(t.headers.Authorization=(await i().readFile(g)).toString());try{return async function(e,t){const r=(0,d.c9)(e.body),o=await r.transformToString();if(200===e.statusCode){const e=JSON.parse(o);if("string"!=typeof e.AccessKeyId||"string"!=typeof e.SecretAccessKey||"string"!=typeof e.Token||"string"!=typeof e.Expiration)throw new s.C1("HTTP credential provider response not of the required format, an object matching: { AccessKeyId: string, SecretAccessKey: string, Token: string, Expiration: string(rfc3339) }",{logger:t});return{accessKeyId:e.AccessKeyId,secretAccessKey:e.SecretAccessKey,sessionToken:e.Token,expiration:(0,l.EI)(e.Expiration)}}if(e.statusCode>=400&&e.statusCode<500){let r={};try{r=JSON.parse(o)}catch(e){}throw Object.assign(new s.C1(`Server responded with status: ${e.statusCode}`,{logger:t}),{Code:r.Code,Message:r.Message})}throw new s.C1(`Server responded with status: ${e.statusCode}`,{logger:t})}((await w.handle(t)).response).then((e=>(0,o.g)(e,"CREDENTIALS_HTTP","z")))}catch(t){throw new s.C1(String(t),{logger:e.logger})}},T=e.maxRetries??3,A=e.timeout??1e3,async()=>{for(let e=0;e<T;++e)try{return await C()}catch(e){await new Promise((e=>setTimeout(e,A)))}return await C()};var C,T,A}}};