BinarySandia04/dragonroll
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
45f8f06505
dragonroll/backend/node_modules/@aws-sdk/credential-provider-ini/dist-es/resolveAssumeRoleCredentials.js

75 lines
3.9 KiB
JavaScript
Raw Normal View History

Prepared for pushing
2024-09-21 17:08:36 +00:00
import { CredentialsProviderError } from "@smithy/property-provider";
import { getProfileName } from "@smithy/shared-ini-file-loader";
import { resolveCredentialSource } from "./resolveCredentialSource";
import { resolveProfileData } from "./resolveProfileData";
export const isAssumeRoleProfile = (arg, { profile = "default", logger } = {}) => {
return (Boolean(arg) &&
typeof arg === "object" &&
typeof arg.role_arn === "string" &&
["undefined", "string"].indexOf(typeof arg.role_session_name) > -1 &&
["undefined", "string"].indexOf(typeof arg.external_id) > -1 &&
["undefined", "string"].indexOf(typeof arg.mfa_serial) > -1 &&
(isAssumeRoleWithSourceProfile(arg, { profile, logger }) || isCredentialSourceProfile(arg, { profile, logger })));
};
const isAssumeRoleWithSourceProfile = (arg, { profile, logger }) => {
const withSourceProfile = typeof arg.source_profile === "string" && typeof arg.credential_source === "undefined";
if (withSourceProfile) {
logger?.debug?.(` ${profile} isAssumeRoleWithSourceProfile source_profile=${arg.source_profile}`);
}
return withSourceProfile;
};
const isCredentialSourceProfile = (arg, { profile, logger }) => {
const withProviderProfile = typeof arg.credential_source === "string" && typeof arg.source_profile === "undefined";
if (withProviderProfile) {
logger?.debug?.(` ${profile} isCredentialSourceProfile credential_source=${arg.credential_source}`);
}
return withProviderProfile;
};
export const resolveAssumeRoleCredentials = async (profileName, profiles, options, visitedProfiles = {}) => {
options.logger?.debug("@aws-sdk/credential-provider-ini - resolveAssumeRoleCredentials (STS)");
const data = profiles[profileName];
if (!options.roleAssumer) {
const { getDefaultRoleAssumer } = await import("@aws-sdk/client-sts");
options.roleAssumer = getDefaultRoleAssumer({
...options.clientConfig,
credentialProviderLogger: options.logger,
parentClientConfig: options?.parentClientConfig,
}, options.clientPlugins);
}
const { source_profile } = data;
if (source_profile && source_profile in visitedProfiles) {
throw new CredentialsProviderError(`Detected a cycle attempting to resolve credentials for profile` +
` ${getProfileName(options)}. Profiles visited: ` +
Object.keys(visitedProfiles).join(", "), { logger: options.logger });
}
options.logger?.debug(`@aws-sdk/credential-provider-ini - finding credential resolver using ${source_profile ? `source_profile=[${source_profile}]` : `profile=[${profileName}]`}`);
const sourceCredsProvider = source_profile
? resolveProfileData(source_profile, {
...profiles,
[source_profile]: {
...profiles[source_profile],
role_arn: data.role_arn ?? profiles[source_profile].role_arn,
},
}, options, {
...visitedProfiles,
[source_profile]: true,
})
: (await resolveCredentialSource(data.credential_source, profileName, options.logger)(options))();
const params = {
RoleArn: data.role_arn,
RoleSessionName: data.role_session_name || `aws-sdk-js-${Date.now()}`,
ExternalId: data.external_id,
DurationSeconds: parseInt(data.duration_seconds || "3600", 10),
};
const { mfa_serial } = data;
if (mfa_serial) {
if (!options.mfaCodeProvider) {
throw new CredentialsProviderError(`Profile ${profileName} requires multi-factor authentication, but no MFA code callback was provided.`, { logger: options.logger, tryNextLink: false });
}
params.SerialNumber = mfa_serial;
params.TokenCode = await options.mfaCodeProvider(mfa_serial);
}
const sourceCreds = await sourceCredsProvider;
return options.roleAssumer(sourceCreds, params);
};
Reference in New Issue Copy Permalink