UNPKG

failure-lambda

Version:

Failure injection for AWS Lambda - chaos engineering made simple

github.com/gunnargrosch/failure-lambda

gunnargrosch/failure-lambda

169 lines (164 loc) 6.75 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
#!/usr/bin/env node import { sdkStreamMixin } from "./chunk-VSWURCYJ.js"; import { NodeHttpHandler, parseRfc3339DateTime } from "./chunk-W3M6RT2M.js"; import { HttpRequest } from "./chunk-XDZ73E2B.js"; import "./chunk-VACN7GDP.js"; import { setCredentialFeature } from "./chunk-S6KKH4HA.js"; import { CredentialsProviderError } from "./chunk-M4AFYEP7.js"; import "./chunk-UT3JLF3M.js"; // node_modules/@aws-sdk/credential-provider-http/dist-es/fromHttp/fromHttp.js import fs from "fs/promises"; // node_modules/@aws-sdk/credential-provider-http/dist-es/fromHttp/checkUrl.js var ECS_CONTAINER_HOST = "169.254.170.2"; var EKS_CONTAINER_HOST_IPv4 = "169.254.170.23"; var EKS_CONTAINER_HOST_IPv6 = "[fd00:ec2::23]"; var checkUrl = (url, logger) => { if (url.protocol === "https:") { return; } if (url.hostname === ECS_CONTAINER_HOST || url.hostname === EKS_CONTAINER_HOST_IPv4 || url.hostname === EKS_CONTAINER_HOST_IPv6) { return; } if (url.hostname.includes("[")) { if (url.hostname === "[::1]" || url.hostname === "[0000:0000:0000:0000:0000:0000:0000:0001]") { return; } } else { if (url.hostname === "localhost") { return; } const ipComponents = url.hostname.split("."); const inRange = (component) => { const num = parseInt(component, 10); return 0 <= num && num <= 255; }; if (ipComponents[0] === "127" && inRange(ipComponents[1]) && inRange(ipComponents[2]) && inRange(ipComponents[3]) && ipComponents.length === 4) { return; } } throw new CredentialsProviderError(`URL not accepted. It must either be HTTPS or match one of the following: - loopback CIDR 127.0.0.0/8 or [::1/128] - ECS container host 169.254.170.2 - EKS container host 169.254.170.23 or [fd00:ec2::23]`, { logger }); }; // node_modules/@aws-sdk/credential-provider-http/dist-es/fromHttp/requestHelpers.js function createGetRequest(url) { return new HttpRequest({ protocol: url.protocol, hostname: url.hostname, port: Number(url.port), path: url.pathname, query: Array.from(url.searchParams.entries()).reduce((acc, [k, v]) => { acc[k] = v; return acc; }, {}), fragment: url.hash }); } async function getCredentials(response, logger) { const stream = sdkStreamMixin(response.body); const str = await stream.transformToString(); if (response.statusCode === 200) { const parsed = JSON.parse(str); if (typeof parsed.AccessKeyId !== "string" || typeof parsed.SecretAccessKey !== "string" || typeof parsed.Token !== "string" || typeof parsed.Expiration !== "string") { throw new CredentialsProviderError("HTTP credential provider response not of the required format, an object matching: { AccessKeyId: string, SecretAccessKey: string, Token: string, Expiration: string(rfc3339) }", { logger }); } return { accessKeyId: parsed.AccessKeyId, secretAccessKey: parsed.SecretAccessKey, sessionToken: parsed.Token, expiration: parseRfc3339DateTime(parsed.Expiration) }; } if (response.statusCode >= 400 && response.statusCode < 500) { let parsedBody = {}; try { parsedBody = JSON.parse(str); } catch (e) { } throw Object.assign(new CredentialsProviderError(`Server responded with status: ${response.statusCode}`, { logger }), { Code: parsedBody.Code, Message: parsedBody.Message }); } throw new CredentialsProviderError(`Server responded with status: ${response.statusCode}`, { logger }); } // node_modules/@aws-sdk/credential-provider-http/dist-es/fromHttp/retry-wrapper.js var retryWrapper = (toRetry, maxRetries, delayMs) => { return async () => { for (let i = 0; i < maxRetries; ++i) { try { return await toRetry(); } catch (e) { await new Promise((resolve) => setTimeout(resolve, delayMs)); } } return await toRetry(); }; }; // node_modules/@aws-sdk/credential-provider-http/dist-es/fromHttp/fromHttp.js var AWS_CONTAINER_CREDENTIALS_RELATIVE_URI = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"; var DEFAULT_LINK_LOCAL_HOST = "http://169.254.170.2"; var AWS_CONTAINER_CREDENTIALS_FULL_URI = "AWS_CONTAINER_CREDENTIALS_FULL_URI"; var AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE = "AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE"; var AWS_CONTAINER_AUTHORIZATION_TOKEN = "AWS_CONTAINER_AUTHORIZATION_TOKEN"; var fromHttp = (options = {}) => { options.logger?.debug("@aws-sdk/credential-provider-http - fromHttp"); let host; const relative = options.awsContainerCredentialsRelativeUri ?? process.env[AWS_CONTAINER_CREDENTIALS_RELATIVE_URI]; const full = options.awsContainerCredentialsFullUri ?? process.env[AWS_CONTAINER_CREDENTIALS_FULL_URI]; const token = options.awsContainerAuthorizationToken ?? process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN]; const tokenFile = options.awsContainerAuthorizationTokenFile ?? process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE]; const warn = options.logger?.constructor?.name === "NoOpLogger" || !options.logger?.warn ? console.warn : options.logger.warn.bind(options.logger); if (relative && full) { warn("@aws-sdk/credential-provider-http: you have set both awsContainerCredentialsRelativeUri and awsContainerCredentialsFullUri."); warn("awsContainerCredentialsFullUri will take precedence."); } if (token && tokenFile) { warn("@aws-sdk/credential-provider-http: you have set both awsContainerAuthorizationToken and awsContainerAuthorizationTokenFile."); warn("awsContainerAuthorizationToken will take precedence."); } if (full) { host = full; } else if (relative) { host = `${DEFAULT_LINK_LOCAL_HOST}${relative}`; } else { throw new CredentialsProviderError(`No HTTP credential provider host provided. Set AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI.`, { logger: options.logger }); } const url = new URL(host); checkUrl(url, options.logger); const requestHandler = NodeHttpHandler.create({ requestTimeout: options.timeout ?? 1e3, connectionTimeout: options.timeout ?? 1e3 }); return retryWrapper(async () => { const request = createGetRequest(url); if (token) { request.headers.Authorization = token; } else if (tokenFile) { request.headers.Authorization = (await fs.readFile(tokenFile)).toString(); } try { const result = await requestHandler.handle(request); return getCredentials(result.response).then((creds) => setCredentialFeature(creds, "CREDENTIALS_HTTP", "z")); } catch (e) { throw new CredentialsProviderError(String(e), { logger: options.logger }); } }, options.maxRetries ?? 3, options.timeout ?? 1e3); }; export { fromHttp }; //# sourceMappingURL=dist-es-U4WTKOAK.js.map