'use strict'; var STSClient = require('./STSClient'); var smithyClient = require('@smithy/smithy-client'); var middlewareEndpoint = require('@smithy/middleware-endpoint'); var EndpointParameters = require('./endpoint/EndpointParameters'); var schema = require('@smithy/core/schema'); var client = require('@aws-sdk/core/client'); var regionConfigResolver = require('@aws-sdk/region-config-resolver'); class STSServiceException extends smithyClient.ServiceException { constructor(options) { super(options); Object.setPrototypeOf(this, STSServiceException.prototype); } } class ExpiredTokenException extends STSServiceException { name = "ExpiredTokenException"; $fault = "client"; constructor(opts) { super({ name: "ExpiredTokenException", $fault: "client", ...opts, }); Object.setPrototypeOf(this, ExpiredTokenException.prototype); } } class MalformedPolicyDocumentException extends STSServiceException { name = "MalformedPolicyDocumentException"; $fault = "client"; constructor(opts) { super({ name: "MalformedPolicyDocumentException", $fault: "client", ...opts, }); Object.setPrototypeOf(this, MalformedPolicyDocumentException.prototype); } } class PackedPolicyTooLargeException extends STSServiceException { name = "PackedPolicyTooLargeException"; $fault = "client"; constructor(opts) { super({ name: "PackedPolicyTooLargeException", $fault: "client", ...opts, }); Object.setPrototypeOf(this, PackedPolicyTooLargeException.prototype); } } class RegionDisabledException extends STSServiceException { name = "RegionDisabledException"; $fault = "client"; constructor(opts) { super({ name: "RegionDisabledException", $fault: "client", ...opts, }); Object.setPrototypeOf(this, RegionDisabledException.prototype); } } class IDPRejectedClaimException extends STSServiceException { name = "IDPRejectedClaimException"; $fault = "client"; constructor(opts) { super({ name: "IDPRejectedClaimException", $fault: "client", ...opts, }); Object.setPrototypeOf(this, IDPRejectedClaimException.prototype); } } class InvalidIdentityTokenException extends STSServiceException { name = "InvalidIdentityTokenException"; $fault = "client"; constructor(opts) { super({ name: "InvalidIdentityTokenException", $fault: "client", ...opts, }); Object.setPrototypeOf(this, InvalidIdentityTokenException.prototype); } } class IDPCommunicationErrorException extends STSServiceException { name = "IDPCommunicationErrorException"; $fault = "client"; constructor(opts) { super({ name: "IDPCommunicationErrorException", $fault: "client", ...opts, }); Object.setPrototypeOf(this, IDPCommunicationErrorException.prototype); } } const _A = "Arn"; const _AKI = "AccessKeyId"; const _AR = "AssumeRole"; const _ARI = "AssumedRoleId"; const _ARR = "AssumeRoleRequest"; const _ARRs = "AssumeRoleResponse"; const _ARU = "AssumedRoleUser"; const _ARWWI = "AssumeRoleWithWebIdentity"; const _ARWWIR = "AssumeRoleWithWebIdentityRequest"; const _ARWWIRs = "AssumeRoleWithWebIdentityResponse"; const _Au = "Audience"; const _C = "Credentials"; const _CA = "ContextAssertion"; const _DS = "DurationSeconds"; const _E = "Expiration"; const _EI = "ExternalId"; const _ETE = "ExpiredTokenException"; const _IDPCEE = "IDPCommunicationErrorException"; const _IDPRCE = "IDPRejectedClaimException"; const _IITE = "InvalidIdentityTokenException"; const _K = "Key"; const _MPDE = "MalformedPolicyDocumentException"; const _P = "Policy"; const _PA = "PolicyArns"; const _PAr = "ProviderArn"; const _PC = "ProvidedContexts"; const _PCLT = "ProvidedContextsListType"; const _PCr = "ProvidedContext"; const _PDT = "PolicyDescriptorType"; const _PI = "ProviderId"; const _PPS = "PackedPolicySize"; const _PPTLE = "PackedPolicyTooLargeException"; const _Pr = "Provider"; const _RA = "RoleArn"; const _RDE = "RegionDisabledException"; const _RSN = "RoleSessionName"; const _SAK = "SecretAccessKey"; const _SFWIT = "SubjectFromWebIdentityToken"; const _SI = "SourceIdentity"; const _SN = "SerialNumber"; const _ST = "SessionToken"; const _T = "Tags"; const _TC = "TokenCode"; const _TTK = "TransitiveTagKeys"; const _Ta = "Tag"; const _V = "Value"; const _WIT = "WebIdentityToken"; const _a = "arn"; const _aKST = "accessKeySecretType"; const _aQE = "awsQueryError"; const _c = "client"; const _cTT = "clientTokenType"; const _e = "error"; const _hE = "httpError"; const _m = "message"; const _pDLT = "policyDescriptorListType"; const _s = "smithy.ts.sdk.synthetic.com.amazonaws.sts"; const _tLT = "tagListType"; const n0 = "com.amazonaws.sts"; var accessKeySecretType = [0, n0, _aKST, 8, 0]; var clientTokenType = [0, n0, _cTT, 8, 0]; var AssumedRoleUser$ = [3, n0, _ARU, 0, [_ARI, _A], [0, 0]]; var AssumeRoleRequest$ = [ 3, n0, _ARR, 0, [_RA, _RSN, _PA, _P, _DS, _T, _TTK, _EI, _SN, _TC, _SI, _PC], [0, 0, () => policyDescriptorListType, 0, 1, () => tagListType, 64 | 0, 0, 0, 0, 0, () => ProvidedContextsListType], ]; var AssumeRoleResponse$ = [ 3, n0, _ARRs, 0, [_C, _ARU, _PPS, _SI], [[() => Credentials$, 0], () => AssumedRoleUser$, 1, 0], ]; var AssumeRoleWithWebIdentityRequest$ = [ 3, n0, _ARWWIR, 0, [_RA, _RSN, _WIT, _PI, _PA, _P, _DS], [0, 0, [() => clientTokenType, 0], 0, () => policyDescriptorListType, 0, 1], ]; var AssumeRoleWithWebIdentityResponse$ = [ 3, n0, _ARWWIRs, 0, [_C, _SFWIT, _ARU, _PPS, _Pr, _Au, _SI], [[() => Credentials$, 0], 0, () => AssumedRoleUser$, 1, 0, 0, 0], ]; var Credentials$ = [ 3, n0, _C, 0, [_AKI, _SAK, _ST, _E], [0, [() => accessKeySecretType, 0], 0, 4], ]; var ExpiredTokenException$ = [ -3, n0, _ETE, { [_e]: _c, [_hE]: 400, [_aQE]: [`ExpiredTokenException`, 400] }, [_m], [0], ]; schema.TypeRegistry.for(n0).registerError(ExpiredTokenException$, ExpiredTokenException); var IDPCommunicationErrorException$ = [ -3, n0, _IDPCEE, { [_e]: _c, [_hE]: 400, [_aQE]: [`IDPCommunicationError`, 400] }, [_m], [0], ]; schema.TypeRegistry.for(n0).registerError(IDPCommunicationErrorException$, IDPCommunicationErrorException); var IDPRejectedClaimException$ = [ -3, n0, _IDPRCE, { [_e]: _c, [_hE]: 403, [_aQE]: [`IDPRejectedClaim`, 403] }, [_m], [0], ]; schema.TypeRegistry.for(n0).registerError(IDPRejectedClaimException$, IDPRejectedClaimException); var InvalidIdentityTokenException$ = [ -3, n0, _IITE, { [_e]: _c, [_hE]: 400, [_aQE]: [`InvalidIdentityToken`, 400] }, [_m], [0], ]; schema.TypeRegistry.for(n0).registerError(InvalidIdentityTokenException$, InvalidIdentityTokenException); var MalformedPolicyDocumentException$ = [ -3, n0, _MPDE, { [_e]: _c, [_hE]: 400, [_aQE]: [`MalformedPolicyDocument`, 400] }, [_m], [0], ]; schema.TypeRegistry.for(n0).registerError(MalformedPolicyDocumentException$, MalformedPolicyDocumentException); var PackedPolicyTooLargeException$ = [ -3, n0, _PPTLE, { [_e]: _c, [_hE]: 400, [_aQE]: [`PackedPolicyTooLarge`, 400] }, [_m], [0], ]; schema.TypeRegistry.for(n0).registerError(PackedPolicyTooLargeException$, PackedPolicyTooLargeException); var PolicyDescriptorType$ = [3, n0, _PDT, 0, [_a], [0]]; var ProvidedContext$ = [3, n0, _PCr, 0, [_PAr, _CA], [0, 0]]; var RegionDisabledException$ = [ -3, n0, _RDE, { [_e]: _c, [_hE]: 403, [_aQE]: [`RegionDisabledException`, 403] }, [_m], [0], ]; schema.TypeRegistry.for(n0).registerError(RegionDisabledException$, RegionDisabledException); var Tag$ = [3, n0, _Ta, 0, [_K, _V], [0, 0]]; var STSServiceException$ = [-3, _s, "STSServiceException", 0, [], []]; schema.TypeRegistry.for(_s).registerError(STSServiceException$, STSServiceException); var policyDescriptorListType = [1, n0, _pDLT, 0, () => PolicyDescriptorType$]; var ProvidedContextsListType = [1, n0, _PCLT, 0, () => ProvidedContext$]; var tagListType = [1, n0, _tLT, 0, () => Tag$]; var AssumeRole$ = [9, n0, _AR, 0, () => AssumeRoleRequest$, () => AssumeRoleResponse$]; var AssumeRoleWithWebIdentity$ = [ 9, n0, _ARWWI, 0, () => AssumeRoleWithWebIdentityRequest$, () => AssumeRoleWithWebIdentityResponse$, ]; class AssumeRoleCommand extends smithyClient.Command .classBuilder() .ep(EndpointParameters.commonParams) .m(function (Command, cs, config, o) { return [middlewareEndpoint.getEndpointPlugin(config, Command.getEndpointParameterInstructions())]; }) .s("AWSSecurityTokenServiceV20110615", "AssumeRole", {}) .n("STSClient", "AssumeRoleCommand") .sc(AssumeRole$) .build() { } class AssumeRoleWithWebIdentityCommand extends smithyClient.Command .classBuilder() .ep(EndpointParameters.commonParams) .m(function (Command, cs, config, o) { return [middlewareEndpoint.getEndpointPlugin(config, Command.getEndpointParameterInstructions())]; }) .s("AWSSecurityTokenServiceV20110615", "AssumeRoleWithWebIdentity", {}) .n("STSClient", "AssumeRoleWithWebIdentityCommand") .sc(AssumeRoleWithWebIdentity$) .build() { } const commands = { AssumeRoleCommand, AssumeRoleWithWebIdentityCommand, }; class STS extends STSClient.STSClient { } smithyClient.createAggregatedClient(commands, STS); const getAccountIdFromAssumedRoleUser = (assumedRoleUser) => { if (typeof assumedRoleUser?.Arn === "string") { const arnComponents = assumedRoleUser.Arn.split(":"); if (arnComponents.length > 4 && arnComponents[4] !== "") { return arnComponents[4]; } } return undefined; }; const resolveRegion = async (_region, _parentRegion, credentialProviderLogger, loaderConfig = {}) => { const region = typeof _region === "function" ? await _region() : _region; const parentRegion = typeof _parentRegion === "function" ? await _parentRegion() : _parentRegion; let stsDefaultRegion = ""; const resolvedRegion = region ?? parentRegion ?? (stsDefaultRegion = await regionConfigResolver.stsRegionDefaultResolver(loaderConfig)()); credentialProviderLogger?.debug?.("@aws-sdk/client-sts::resolveRegion", "accepting first of:", `${region} (credential provider clientConfig)`, `${parentRegion} (contextual client)`, `${stsDefaultRegion} (STS default: AWS_REGION, profile region, or us-east-1)`); return resolvedRegion; }; const getDefaultRoleAssumer$1 = (stsOptions, STSClient) => { let stsClient; let closureSourceCreds; return async (sourceCreds, params) => { closureSourceCreds = sourceCreds; if (!stsClient) { const { logger = stsOptions?.parentClientConfig?.logger, profile = stsOptions?.parentClientConfig?.profile, region, requestHandler = stsOptions?.parentClientConfig?.requestHandler, credentialProviderLogger, userAgentAppId = stsOptions?.parentClientConfig?.userAgentAppId, } = stsOptions; const resolvedRegion = await resolveRegion(region, stsOptions?.parentClientConfig?.region, credentialProviderLogger, { logger, profile, }); const isCompatibleRequestHandler = !isH2(requestHandler); stsClient = new STSClient({ ...stsOptions, userAgentAppId, profile, credentialDefaultProvider: () => async () => closureSourceCreds, region: resolvedRegion, requestHandler: isCompatibleRequestHandler ? requestHandler : undefined, logger: logger, }); } const { Credentials, AssumedRoleUser } = await stsClient.send(new AssumeRoleCommand(params)); if (!Credentials || !Credentials.AccessKeyId || !Credentials.SecretAccessKey) { throw new Error(`Invalid response from STS.assumeRole call with role ${params.RoleArn}`); } const accountId = getAccountIdFromAssumedRoleUser(AssumedRoleUser); const credentials = { accessKeyId: Credentials.AccessKeyId, secretAccessKey: Credentials.SecretAccessKey, sessionToken: Credentials.SessionToken, expiration: Credentials.Expiration, ...(Credentials.CredentialScope && { credentialScope: Credentials.CredentialScope }), ...(accountId && { accountId }), }; client.setCredentialFeature(credentials, "CREDENTIALS_STS_ASSUME_ROLE", "i"); return credentials; }; }; const getDefaultRoleAssumerWithWebIdentity$1 = (stsOptions, STSClient) => { let stsClient; return async (params) => { if (!stsClient) { const { logger = stsOptions?.parentClientConfig?.logger, profile = stsOptions?.parentClientConfig?.profile, region, requestHandler = stsOptions?.parentClientConfig?.requestHandler, credentialProviderLogger, userAgentAppId = stsOptions?.parentClientConfig?.userAgentAppId, } = stsOptions; const resolvedRegion = await resolveRegion(region, stsOptions?.parentClientConfig?.region, credentialProviderLogger, { logger, profile, }); const isCompatibleRequestHandler = !isH2(requestHandler); stsClient = new STSClient({ ...stsOptions, userAgentAppId, profile, region: resolvedRegion, requestHandler: isCompatibleRequestHandler ? requestHandler : undefined, logger: logger, }); } const { Credentials, AssumedRoleUser } = await stsClient.send(new AssumeRoleWithWebIdentityCommand(params)); if (!Credentials || !Credentials.AccessKeyId || !Credentials.SecretAccessKey) { throw new Error(`Invalid response from STS.assumeRoleWithWebIdentity call with role ${params.RoleArn}`); } const accountId = getAccountIdFromAssumedRoleUser(AssumedRoleUser); const credentials = { accessKeyId: Credentials.AccessKeyId, secretAccessKey: Credentials.SecretAccessKey, sessionToken: Credentials.SessionToken, expiration: Credentials.Expiration, ...(Credentials.CredentialScope && { credentialScope: Credentials.CredentialScope }), ...(accountId && { accountId }), }; if (accountId) { client.setCredentialFeature(credentials, "RESOLVED_ACCOUNT_ID", "T"); } client.setCredentialFeature(credentials, "CREDENTIALS_STS_ASSUME_ROLE_WEB_ID", "k"); return credentials; }; }; const isH2 = (requestHandler) => { return requestHandler?.metadata?.handlerProtocol === "h2"; }; const getCustomizableStsClientCtor = (baseCtor, customizations) => { if (!customizations) return baseCtor; else return class CustomizableSTSClient extends baseCtor { constructor(config) { super(config); for (const customization of customizations) { this.middlewareStack.use(customization); } } }; }; const getDefaultRoleAssumer = (stsOptions = {}, stsPlugins) => getDefaultRoleAssumer$1(stsOptions, getCustomizableStsClientCtor(STSClient.STSClient, stsPlugins)); const getDefaultRoleAssumerWithWebIdentity = (stsOptions = {}, stsPlugins) => getDefaultRoleAssumerWithWebIdentity$1(stsOptions, getCustomizableStsClientCtor(STSClient.STSClient, stsPlugins)); const decorateDefaultCredentialProvider = (provider) => (input) => provider({ roleAssumer: getDefaultRoleAssumer(input), roleAssumerWithWebIdentity: getDefaultRoleAssumerWithWebIdentity(input), ...input, }); Object.defineProperty(exports, "$Command", { enumerable: true, get: function () { return smithyClient.Command; } }); exports.AssumeRole$ = AssumeRole$; exports.AssumeRoleCommand = AssumeRoleCommand; exports.AssumeRoleRequest$ = AssumeRoleRequest$; exports.AssumeRoleResponse$ = AssumeRoleResponse$; exports.AssumeRoleWithWebIdentity$ = AssumeRoleWithWebIdentity$; exports.AssumeRoleWithWebIdentityCommand = AssumeRoleWithWebIdentityCommand; exports.AssumeRoleWithWebIdentityRequest$ = AssumeRoleWithWebIdentityRequest$; exports.AssumeRoleWithWebIdentityResponse$ = AssumeRoleWithWebIdentityResponse$; exports.AssumedRoleUser$ = AssumedRoleUser$; exports.Credentials$ = Credentials$; exports.ExpiredTokenException = ExpiredTokenException; exports.ExpiredTokenException$ = ExpiredTokenException$; exports.IDPCommunicationErrorException = IDPCommunicationErrorException; exports.IDPCommunicationErrorException$ = IDPCommunicationErrorException$; exports.IDPRejectedClaimException = IDPRejectedClaimException; exports.IDPRejectedClaimException$ = IDPRejectedClaimException$; exports.InvalidIdentityTokenException = InvalidIdentityTokenException; exports.InvalidIdentityTokenException$ = InvalidIdentityTokenException$; exports.MalformedPolicyDocumentException = MalformedPolicyDocumentException; exports.MalformedPolicyDocumentException$ = MalformedPolicyDocumentException$; exports.PackedPolicyTooLargeException = PackedPolicyTooLargeException; exports.PackedPolicyTooLargeException$ = PackedPolicyTooLargeException$; exports.PolicyDescriptorType$ = PolicyDescriptorType$; exports.ProvidedContext$ = ProvidedContext$; exports.RegionDisabledException = RegionDisabledException; exports.RegionDisabledException$ = RegionDisabledException$; exports.STS = STS; exports.STSServiceException = STSServiceException; exports.STSServiceException$ = STSServiceException$; exports.Tag$ = Tag$; exports.decorateDefaultCredentialProvider = decorateDefaultCredentialProvider; exports.getDefaultRoleAssumer = getDefaultRoleAssumer; exports.getDefaultRoleAssumerWithWebIdentity = getDefaultRoleAssumerWithWebIdentity; Object.keys(STSClient).forEach(function (k) { if (k !== 'default' && !Object.prototype.hasOwnProperty.call(exports, k)) Object.defineProperty(exports, k, { enumerable: true, get: function () { return STSClient[k]; } }); });