-
Notifications
You must be signed in to change notification settings - Fork 265
Expand file tree
/
Copy path360.index.js
More file actions
93 lines (82 loc) · 3.43 KB
/
360.index.js
File metadata and controls
93 lines (82 loc) · 3.43 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
"use strict";
exports.id = 360;
exports.ids = [360];
exports.modules = {
/***/ 5360:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
var sharedIniFileLoader = __webpack_require__(4964);
var propertyProvider = __webpack_require__(8857);
var child_process = __webpack_require__(5317);
var util = __webpack_require__(9023);
var client = __webpack_require__(5152);
const getValidatedProcessCredentials = (profileName, data, profiles) => {
if (data.Version !== 1) {
throw Error(`Profile ${profileName} credential_process did not return Version 1.`);
}
if (data.AccessKeyId === undefined || data.SecretAccessKey === undefined) {
throw Error(`Profile ${profileName} credential_process returned invalid credentials.`);
}
if (data.Expiration) {
const currentTime = new Date();
const expireTime = new Date(data.Expiration);
if (expireTime < currentTime) {
throw Error(`Profile ${profileName} credential_process returned expired credentials.`);
}
}
let accountId = data.AccountId;
if (!accountId && profiles?.[profileName]?.aws_account_id) {
accountId = profiles[profileName].aws_account_id;
}
const credentials = {
accessKeyId: data.AccessKeyId,
secretAccessKey: data.SecretAccessKey,
...(data.SessionToken && { sessionToken: data.SessionToken }),
...(data.Expiration && { expiration: new Date(data.Expiration) }),
...(data.CredentialScope && { credentialScope: data.CredentialScope }),
...(accountId && { accountId }),
};
client.setCredentialFeature(credentials, "CREDENTIALS_PROCESS", "w");
return credentials;
};
const resolveProcessCredentials = async (profileName, profiles, logger) => {
const profile = profiles[profileName];
if (profiles[profileName]) {
const credentialProcess = profile["credential_process"];
if (credentialProcess !== undefined) {
const execPromise = util.promisify(sharedIniFileLoader.externalDataInterceptor?.getTokenRecord?.().exec ?? child_process.exec);
try {
const { stdout } = await execPromise(credentialProcess);
let data;
try {
data = JSON.parse(stdout.trim());
}
catch {
throw Error(`Profile ${profileName} credential_process returned invalid JSON.`);
}
return getValidatedProcessCredentials(profileName, data, profiles);
}
catch (error) {
throw new propertyProvider.CredentialsProviderError(error.message, { logger });
}
}
else {
throw new propertyProvider.CredentialsProviderError(`Profile ${profileName} did not contain credential_process.`, { logger });
}
}
else {
throw new propertyProvider.CredentialsProviderError(`Profile ${profileName} could not be found in shared credentials file.`, {
logger,
});
}
};
const fromProcess = (init = {}) => async ({ callerClientConfig } = {}) => {
init.logger?.debug("@aws-sdk/credential-provider-process - fromProcess");
const profiles = await sharedIniFileLoader.parseKnownFiles(init);
return resolveProcessCredentials(sharedIniFileLoader.getProfileName({
profile: init.profile ?? callerClientConfig?.profile,
}), profiles, init.logger);
};
exports.fromProcess = fromProcess;
/***/ })
};
;