aws-secrets-manager-wrapper/dist/791.index.js

A TypeScript wrapper for AWS Secrets Manager that simplifies common operations and provides a more user-friendly interface.

"use strict";exports.id=791,exports.ids=[791],exports.modules={9791:(e,s,o)=>{o.d(s,{fromSSO:()=>S});var n=o(8112),t=o(2792),r=o(244);const i="To refresh this SSO session run 'aws sso login' with the corresponding profile.",a={},c=e=>{if(e.expiration&&e.expiration.getTime()<Date.now())throw new n.Jh(`Token is expired. ${i}`,!1)},l=(e,s,o=!1)=>{if(void 0===s)throw new n.Jh(`Value not present for '${e}' in SSO Token${o?". Cannot refresh":""}. ${i}`,!1)};var g=o(9896);const{writeFile:w}=g.promises,f=new Date(0),d=(e={})=>async()=>{e.logger?.debug("@aws-sdk/token-providers - fromSso");const s=await(0,t.YU)(e),r=(0,t.Bz)(e),g=s[r];if(!g)throw new n.Jh(`Profile '${r}' could not be found in shared credentials file.`,!1);if(!g.sso_session)throw new n.Jh(`Profile '${r}' is missing required property 'sso_session'.`);const d=g.sso_session,h=(await(0,t.qw)(e))[d];if(!h)throw new n.Jh(`Sso session '${d}' could not be found in shared credentials file.`,!1);for(const e of["sso_start_url","sso_region"])if(!h[e])throw new n.Jh(`Sso session '${d}' is missing required property '${e}'.`,!1);h.sso_start_url;const u=h.sso_region;let S;try{S=await(0,t.vf)(d)}catch(e){throw new n.Jh(`The SSO session token associated with profile=${r} was not found or is invalid. ${i}`,!1)}l("accessToken",S.accessToken),l("expiresAt",S.expiresAt);const{accessToken:_,expiresAt:p}=S,k={token:_,expiration:new Date(p)};if(k.expiration.getTime()-Date.now()>3e5)return k;if(Date.now()-f.getTime()<3e4)return c(k),k;l("clientId",S.clientId,!0),l("clientSecret",S.clientSecret,!0),l("refreshToken",S.refreshToken,!0);try{f.setTime(Date.now());const e=await(async(e,s)=>{const{CreateTokenCommand:n}=await o.e(526).then(o.bind(o,9526)),t=await(async e=>{const{SSOOIDCClient:s}=await o.e(526).then(o.bind(o,9526));if(a[e])return a[e];const n=new s({region:e});return a[e]=n,n})(s);return t.send(new n({clientId:e.clientId,clientSecret:e.clientSecret,refreshToken:e.refreshToken,grantType:"refresh_token"}))})(S,u);l("accessToken",e.accessToken),l("expiresIn",e.expiresIn);const s=new Date(Date.now()+1e3*e.expiresIn);try{await((e,s)=>{const o=(0,t.C9)(e),n=JSON.stringify(s,null,2);return w(o,n)})(d,{...S,accessToken:e.accessToken,expiresAt:s.toISOString(),refreshToken:e.refreshToken})}catch(e){}return{token:e.accessToken,expiration:s}}catch(e){return c(k),k}},h=!1,u=async({ssoStartUrl:e,ssoSession:s,ssoAccountId:i,ssoRegion:a,ssoRoleName:c,ssoClient:l,clientConfig:g,profile:w,logger:f})=>{let u;const S="To refresh this SSO session run aws sso login with the corresponding profile.";if(s)try{const e=await d({profile:w})();u={accessToken:e.token,expiresAt:new Date(e.expiration).toISOString()}}catch(e){throw new n.C1(e.message,{tryNextLink:h,logger:f})}else try{u=await(0,t.vf)(e)}catch(e){throw new n.C1(`The SSO session associated with this profile is invalid. ${S}`,{tryNextLink:h,logger:f})}if(new Date(u.expiresAt).getTime()-Date.now()<=0)throw new n.C1(`The SSO session associated with this profile has expired. ${S}`,{tryNextLink:h,logger:f});const{accessToken:_}=u,{SSOClient:p,GetRoleCredentialsCommand:k}=await o.e(563).then(o.bind(o,2563)),m=l||new p(Object.assign({},g??{},{region:g?.region??a}));let T;try{T=await m.send(new k({accountId:i,roleName:c,accessToken:_}))}catch(e){throw new n.C1(e,{tryNextLink:h,logger:f})}const{roleCredentials:{accessKeyId:y,secretAccessKey:C,sessionToken:x,expiration:O,credentialScope:I,accountId:N}={}}=T;if(!(y&&C&&x&&O))throw new n.C1("SSO returns an invalid temporary credential.",{tryNextLink:h,logger:f});const $={accessKeyId:y,secretAccessKey:C,sessionToken:x,expiration:new Date(O),...I&&{credentialScope:I},...N&&{accountId:N}};return s?(0,r.g)($,"CREDENTIALS_SSO","s"):(0,r.g)($,"CREDENTIALS_SSO_LEGACY","u"),$},S=(e={})=>async()=>{e.logger?.debug("@aws-sdk/credential-provider-sso - fromSSO");const{ssoStartUrl:s,ssoAccountId:o,ssoRegion:r,ssoRoleName:i,ssoSession:a}=e,{ssoClient:c}=e,l=(0,t.Bz)(e);if(s||o||r||i||a){if(s&&o&&r&&i)return u({ssoStartUrl:s,ssoSession:a,ssoAccountId:o,ssoRegion:r,ssoRoleName:i,ssoClient:c,clientConfig:e.clientConfig,profile:l});throw new n.C1('Incomplete configuration. The fromSSO() argument hash must include "ssoStartUrl", "ssoAccountId", "ssoRegion", "ssoRoleName"',{tryNextLink:!1,logger:e.logger})}{const o=(await(0,t.YU)(e))[l];if(!o)throw new n.C1(`Profile ${l} was not found.`,{logger:e.logger});if(!(g=o)||"string"!=typeof g.sso_start_url&&"string"!=typeof g.sso_account_id&&"string"!=typeof g.sso_session&&"string"!=typeof g.sso_region&&"string"!=typeof g.sso_role_name)throw new n.C1(`Profile ${l} is not configured with SSO credentials.`,{logger:e.logger});if(o?.sso_session){const i=(await(0,t.qw)(e))[o.sso_session],a=` configurations in profile ${l} and sso-session ${o.sso_session}`;if(r&&r!==i.sso_region)throw new n.C1("Conflicting SSO region"+a,{tryNextLink:!1,logger:e.logger});if(s&&s!==i.sso_start_url)throw new n.C1("Conflicting SSO start_url"+a,{tryNextLink:!1,logger:e.logger});o.sso_region=i.sso_region,o.sso_start_url=i.sso_start_url}const{sso_start_url:i,sso_account_id:a,sso_region:w,sso_role_name:f,sso_session:d}=((e,s)=>{const{sso_start_url:o,sso_account_id:t,sso_region:r,sso_role_name:i}=e;if(!(o&&t&&r&&i))throw new n.C1(`Profile is configured with invalid SSO credentials. Required parameters "sso_account_id", "sso_region", "sso_role_name", "sso_start_url". Got ${Object.keys(e).join(", ")}\nReference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`,{tryNextLink:!1,logger:s});return e})(o,e.logger);return u({ssoStartUrl:i,ssoSession:d,ssoAccountId:a,ssoRegion:w,ssoRoleName:f,ssoClient:c,clientConfig:e.clientConfig,profile:l})}var g}}};