Single error code. For this exception the value will be access_denied.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { - super({ - name: "AccessDeniedException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _AccessDeniedException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; + createSerializer() { + const serializer = new JsonShapeSerializer(this.settings); + serializer.setSerdeContext(this.serdeContext); + return serializer; + } + createDeserializer() { + const deserializer = new JsonShapeDeserializer(this.settings); + deserializer.setSerdeContext(this.serdeContext); + return deserializer; } }; -var AuthorizationPendingException = class _AuthorizationPendingException extends SSOOIDCServiceException { + +// src/submodules/protocols/json/AwsJsonRpcProtocol.ts +var AwsJsonRpcProtocol = class extends import_protocols.RpcProtocol { static { - __name(this, "AuthorizationPendingException"); + __name(this, "AwsJsonRpcProtocol"); } - name = "AuthorizationPendingException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be
- * authorization_pending.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { + serializer; + deserializer; + codec; + constructor({ defaultNamespace }) { super({ - name: "AuthorizationPendingException", - $fault: "client", - ...opts + defaultNamespace }); - Object.setPrototypeOf(this, _AuthorizationPendingException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; - } -}; -var CreateTokenRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.clientSecret && { clientSecret: import_smithy_client4.SENSITIVE_STRING }, - ...obj.refreshToken && { refreshToken: import_smithy_client4.SENSITIVE_STRING }, - ...obj.codeVerifier && { codeVerifier: import_smithy_client4.SENSITIVE_STRING } -}), "CreateTokenRequestFilterSensitiveLog"); -var CreateTokenResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.accessToken && { accessToken: import_smithy_client4.SENSITIVE_STRING }, - ...obj.refreshToken && { refreshToken: import_smithy_client4.SENSITIVE_STRING }, - ...obj.idToken && { idToken: import_smithy_client4.SENSITIVE_STRING } -}), "CreateTokenResponseFilterSensitiveLog"); -var ExpiredTokenException = class _ExpiredTokenException extends SSOOIDCServiceException { - static { - __name(this, "ExpiredTokenException"); + this.codec = new JsonCodec({ + timestampFormat: { + useTrait: true, + default: import_schema3.SCHEMA.TIMESTAMP_EPOCH_SECONDS + }, + jsonName: false + }); + this.serializer = this.codec.createSerializer(); + this.deserializer = this.codec.createDeserializer(); } - name = "ExpiredTokenException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be expired_token.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { - super({ - name: "ExpiredTokenException", - $fault: "client", - ...opts + async serializeRequest(operationSchema, input, context) { + const request = await super.serializeRequest(operationSchema, input, context); + if (!request.path.endsWith("/")) { + request.path += "/"; + } + Object.assign(request.headers, { + "content-type": `application/x-amz-json-${this.getJsonRpcVersion()}`, + "x-amz-target": (this.getJsonRpcVersion() === "1.0" ? `JsonRpc10.` : `JsonProtocol.`) + import_schema3.NormalizedSchema.of(operationSchema).getName() }); - Object.setPrototypeOf(this, _ExpiredTokenException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; + if ((0, import_schema3.deref)(operationSchema.input) === "unit" || !request.body) { + request.body = "{}"; + } + try { + request.headers["content-length"] = String((0, import_util_body_length_browser.calculateBodyLength)(request.body)); + } catch (e) { + } + return request; } -}; -var InternalServerException = class _InternalServerException extends SSOOIDCServiceException { - static { - __name(this, "InternalServerException"); + getPayloadCodec() { + return this.codec; } - name = "InternalServerException"; - $fault = "server"; - /** - *Single error code. For this exception the value will be server_error.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { - super({ - name: "InternalServerException", - $fault: "server", - ...opts + async handleError(operationSchema, context, response, dataObject, metadata) { + const errorIdentifier = loadRestJsonErrorCode(response, dataObject) ?? "Unknown"; + let namespace = this.options.defaultNamespace; + let errorName = errorIdentifier; + if (errorIdentifier.includes("#")) { + [namespace, errorName] = errorIdentifier.split("#"); + } + const registry = import_schema3.TypeRegistry.for(namespace); + let errorSchema; + try { + errorSchema = registry.getSchema(errorIdentifier); + } catch (e) { + const baseExceptionSchema = import_schema3.TypeRegistry.for("smithy.ts.sdk.synthetic." + namespace).getBaseException(); + if (baseExceptionSchema) { + const ErrorCtor = baseExceptionSchema.ctor; + throw Object.assign(new ErrorCtor(errorName), dataObject); + } + throw new Error(errorName); + } + const ns = import_schema3.NormalizedSchema.of(errorSchema); + const message = dataObject.message ?? dataObject.Message ?? "Unknown"; + const exception = new errorSchema.ctor(message); + await this.deserializeHttpMessage(errorSchema, context, response, dataObject); + const output = {}; + for (const [name, member] of ns.structIterator()) { + const target = member.getMergedTraits().jsonName ?? name; + output[name] = this.codec.createDeserializer().readObject(member, dataObject[target]); + } + Object.assign(exception, { + $metadata: metadata, + $response: response, + $fault: ns.getMergedTraits().error, + message, + ...output }); - Object.setPrototypeOf(this, _InternalServerException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; + throw exception; } }; -var InvalidClientException = class _InvalidClientException extends SSOOIDCServiceException { + +// src/submodules/protocols/json/AwsJson1_0Protocol.ts +var AwsJson1_0Protocol = class extends AwsJsonRpcProtocol { static { - __name(this, "InvalidClientException"); + __name(this, "AwsJson1_0Protocol"); } - name = "InvalidClientException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be
- * invalid_client.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { + constructor({ defaultNamespace }) { super({ - name: "InvalidClientException", - $fault: "client", - ...opts + defaultNamespace }); - Object.setPrototypeOf(this, _InvalidClientException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; } -}; -var InvalidGrantException = class _InvalidGrantException extends SSOOIDCServiceException { - static { - __name(this, "InvalidGrantException"); + getShapeId() { + return "aws.protocols#awsJson1_0"; } - name = "InvalidGrantException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be invalid_grant.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { - super({ - name: "InvalidGrantException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _InvalidGrantException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; + getJsonRpcVersion() { + return "1.0"; } }; -var InvalidRequestException = class _InvalidRequestException extends SSOOIDCServiceException { + +// src/submodules/protocols/json/AwsJson1_1Protocol.ts +var AwsJson1_1Protocol = class extends AwsJsonRpcProtocol { static { - __name(this, "InvalidRequestException"); + __name(this, "AwsJson1_1Protocol"); } - name = "InvalidRequestException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be
- * invalid_request.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { + constructor({ defaultNamespace }) { super({ - name: "InvalidRequestException", - $fault: "client", - ...opts + defaultNamespace }); - Object.setPrototypeOf(this, _InvalidRequestException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; } -}; -var InvalidScopeException = class _InvalidScopeException extends SSOOIDCServiceException { - static { - __name(this, "InvalidScopeException"); + getShapeId() { + return "aws.protocols#awsJson1_1"; } - name = "InvalidScopeException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be invalid_scope.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { - super({ - name: "InvalidScopeException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _InvalidScopeException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; + getJsonRpcVersion() { + return "1.1"; } }; -var SlowDownException = class _SlowDownException extends SSOOIDCServiceException { + +// src/submodules/protocols/json/AwsRestJsonProtocol.ts +var import_protocols2 = __nccwpck_require__(2241); +var import_schema4 = __nccwpck_require__(9826); +var import_util_body_length_browser2 = __nccwpck_require__(713); +var AwsRestJsonProtocol = class extends import_protocols2.HttpBindingProtocol { static { - __name(this, "SlowDownException"); + __name(this, "AwsRestJsonProtocol"); } - name = "SlowDownException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be slow_down.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { + serializer; + deserializer; + codec; + constructor({ defaultNamespace }) { super({ - name: "SlowDownException", - $fault: "client", - ...opts + defaultNamespace }); - Object.setPrototypeOf(this, _SlowDownException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; + const settings = { + timestampFormat: { + useTrait: true, + default: import_schema4.SCHEMA.TIMESTAMP_EPOCH_SECONDS + }, + httpBindings: true, + jsonName: true + }; + this.codec = new JsonCodec(settings); + this.serializer = new import_protocols2.HttpInterceptingShapeSerializer(this.codec.createSerializer(), settings); + this.deserializer = new import_protocols2.HttpInterceptingShapeDeserializer(this.codec.createDeserializer(), settings); } -}; -var UnauthorizedClientException = class _UnauthorizedClientException extends SSOOIDCServiceException { - static { - __name(this, "UnauthorizedClientException"); + getShapeId() { + return "aws.protocols#restJson1"; } - name = "UnauthorizedClientException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be
- * unauthorized_client.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { - super({ - name: "UnauthorizedClientException", - $fault: "client", - ...opts + getPayloadCodec() { + return this.codec; + } + setSerdeContext(serdeContext) { + this.codec.setSerdeContext(serdeContext); + super.setSerdeContext(serdeContext); + } + async serializeRequest(operationSchema, input, context) { + const request = await super.serializeRequest(operationSchema, input, context); + const inputSchema = import_schema4.NormalizedSchema.of(operationSchema.input); + const members = inputSchema.getMemberSchemas(); + if (!request.headers["content-type"]) { + const httpPayloadMember = Object.values(members).find((m) => { + return !!m.getMergedTraits().httpPayload; + }); + if (httpPayloadMember) { + const mediaType = httpPayloadMember.getMergedTraits().mediaType; + if (mediaType) { + request.headers["content-type"] = mediaType; + } else if (httpPayloadMember.isStringSchema()) { + request.headers["content-type"] = "text/plain"; + } else if (httpPayloadMember.isBlobSchema()) { + request.headers["content-type"] = "application/octet-stream"; + } else { + request.headers["content-type"] = "application/json"; + } + } else if (!inputSchema.isUnitSchema()) { + const hasBody = Object.values(members).find((m) => { + const { httpQuery, httpQueryParams, httpHeader, httpLabel, httpPrefixHeaders } = m.getMergedTraits(); + return !httpQuery && !httpQueryParams && !httpHeader && !httpLabel && httpPrefixHeaders === void 0; + }); + if (hasBody) { + request.headers["content-type"] = "application/json"; + } + } + } + if (request.headers["content-type"] && !request.body) { + request.body = "{}"; + } + if (request.body) { + try { + request.headers["content-length"] = String((0, import_util_body_length_browser2.calculateBodyLength)(request.body)); + } catch (e) { + } + } + return request; + } + async handleError(operationSchema, context, response, dataObject, metadata) { + const errorIdentifier = loadRestJsonErrorCode(response, dataObject) ?? "Unknown"; + let namespace = this.options.defaultNamespace; + let errorName = errorIdentifier; + if (errorIdentifier.includes("#")) { + [namespace, errorName] = errorIdentifier.split("#"); + } + const registry = import_schema4.TypeRegistry.for(namespace); + let errorSchema; + try { + errorSchema = registry.getSchema(errorIdentifier); + } catch (e) { + const baseExceptionSchema = import_schema4.TypeRegistry.for("smithy.ts.sdk.synthetic." + namespace).getBaseException(); + if (baseExceptionSchema) { + const ErrorCtor = baseExceptionSchema.ctor; + throw Object.assign(new ErrorCtor(errorName), dataObject); + } + throw new Error(errorName); + } + const ns = import_schema4.NormalizedSchema.of(errorSchema); + const message = dataObject.message ?? dataObject.Message ?? "Unknown"; + const exception = new errorSchema.ctor(message); + await this.deserializeHttpMessage(errorSchema, context, response, dataObject); + const output = {}; + for (const [name, member] of ns.structIterator()) { + const target = member.getMergedTraits().jsonName ?? name; + output[name] = this.codec.createDeserializer().readObject(member, dataObject[target]); + } + Object.assign(exception, { + $metadata: metadata, + $response: response, + $fault: ns.getMergedTraits().error, + message, + ...output }); - Object.setPrototypeOf(this, _UnauthorizedClientException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; + throw exception; } }; -var UnsupportedGrantTypeException = class _UnsupportedGrantTypeException extends SSOOIDCServiceException { + +// src/submodules/protocols/json/awsExpectUnion.ts +var import_smithy_client2 = __nccwpck_require__(3570); +var awsExpectUnion = /* @__PURE__ */ __name((value) => { + if (value == null) { + return void 0; + } + if (typeof value === "object" && "__type" in value) { + delete value.__type; + } + return (0, import_smithy_client2.expectUnion)(value); +}, "awsExpectUnion"); + +// src/submodules/protocols/query/AwsQueryProtocol.ts +var import_protocols5 = __nccwpck_require__(2241); +var import_schema7 = __nccwpck_require__(9826); +var import_util_body_length_browser3 = __nccwpck_require__(713); + +// src/submodules/protocols/xml/XmlShapeDeserializer.ts +var import_protocols3 = __nccwpck_require__(2241); +var import_schema5 = __nccwpck_require__(9826); +var import_smithy_client3 = __nccwpck_require__(3570); +var import_util_utf8 = __nccwpck_require__(1895); +var import_fast_xml_parser = __nccwpck_require__(4577); +var XmlShapeDeserializer = class extends SerdeContextConfig { + constructor(settings) { + super(); + this.settings = settings; + this.stringDeserializer = new import_protocols3.FromStringShapeDeserializer(settings); + } static { - __name(this, "UnsupportedGrantTypeException"); + __name(this, "XmlShapeDeserializer"); + } + stringDeserializer; + setSerdeContext(serdeContext) { + this.serdeContext = serdeContext; + this.stringDeserializer.setSerdeContext(serdeContext); } - name = "UnsupportedGrantTypeException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be
- * unsupported_grant_type.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; /** - * @internal - */ - constructor(opts) { - super({ - name: "UnsupportedGrantTypeException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _UnsupportedGrantTypeException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; - } -}; - -// src/submodules/sso-oidc/protocols/Aws_restJson1.ts -var import_core2 = __nccwpck_require__(8078); -var import_core3 = __nccwpck_require__(5829); -var import_smithy_client5 = __nccwpck_require__(3570); -var se_CreateTokenCommand = /* @__PURE__ */ __name(async (input, context) => { - const b = (0, import_core3.requestBuilder)(input, context); - const headers = { - "content-type": "application/json" - }; - b.bp("/token"); - let body; - body = JSON.stringify( - (0, import_smithy_client5.take)(input, { - clientId: [], - clientSecret: [], - code: [], - codeVerifier: [], - deviceCode: [], - grantType: [], - redirectUri: [], - refreshToken: [], - scope: /* @__PURE__ */ __name((_) => (0, import_smithy_client5._json)(_), "scope") - }) - ); - b.m("POST").h(headers).b(body); - return b.build(); -}, "se_CreateTokenCommand"); -var de_CreateTokenCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode !== 200 && output.statusCode >= 300) { - return de_CommandError(output, context); - } - const contents = (0, import_smithy_client5.map)({ - $metadata: deserializeMetadata(output) - }); - const data = (0, import_smithy_client5.expectNonNull)((0, import_smithy_client5.expectObject)(await (0, import_core2.parseJsonBody)(output.body, context)), "body"); - const doc = (0, import_smithy_client5.take)(data, { - accessToken: import_smithy_client5.expectString, - expiresIn: import_smithy_client5.expectInt32, - idToken: import_smithy_client5.expectString, - refreshToken: import_smithy_client5.expectString, - tokenType: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - return contents; -}, "de_CreateTokenCommand"); -var de_CommandError = /* @__PURE__ */ __name(async (output, context) => { - const parsedOutput = { - ...output, - body: await (0, import_core2.parseJsonErrorBody)(output.body, context) - }; - const errorCode = (0, import_core2.loadRestJsonErrorCode)(output, parsedOutput.body); - switch (errorCode) { - case "AccessDeniedException": - case "com.amazonaws.ssooidc#AccessDeniedException": - throw await de_AccessDeniedExceptionRes(parsedOutput, context); - case "AuthorizationPendingException": - case "com.amazonaws.ssooidc#AuthorizationPendingException": - throw await de_AuthorizationPendingExceptionRes(parsedOutput, context); - case "ExpiredTokenException": - case "com.amazonaws.ssooidc#ExpiredTokenException": - throw await de_ExpiredTokenExceptionRes(parsedOutput, context); - case "InternalServerException": - case "com.amazonaws.ssooidc#InternalServerException": - throw await de_InternalServerExceptionRes(parsedOutput, context); - case "InvalidClientException": - case "com.amazonaws.ssooidc#InvalidClientException": - throw await de_InvalidClientExceptionRes(parsedOutput, context); - case "InvalidGrantException": - case "com.amazonaws.ssooidc#InvalidGrantException": - throw await de_InvalidGrantExceptionRes(parsedOutput, context); - case "InvalidRequestException": - case "com.amazonaws.ssooidc#InvalidRequestException": - throw await de_InvalidRequestExceptionRes(parsedOutput, context); - case "InvalidScopeException": - case "com.amazonaws.ssooidc#InvalidScopeException": - throw await de_InvalidScopeExceptionRes(parsedOutput, context); - case "SlowDownException": - case "com.amazonaws.ssooidc#SlowDownException": - throw await de_SlowDownExceptionRes(parsedOutput, context); - case "UnauthorizedClientException": - case "com.amazonaws.ssooidc#UnauthorizedClientException": - throw await de_UnauthorizedClientExceptionRes(parsedOutput, context); - case "UnsupportedGrantTypeException": - case "com.amazonaws.ssooidc#UnsupportedGrantTypeException": - throw await de_UnsupportedGrantTypeExceptionRes(parsedOutput, context); - default: - const parsedBody = parsedOutput.body; - return throwDefaultError({ - output, - parsedBody, - errorCode - }); - } -}, "de_CommandError"); -var throwDefaultError = (0, import_smithy_client5.withBaseException)(SSOOIDCServiceException); -var de_AccessDeniedExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new AccessDeniedException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_AccessDeniedExceptionRes"); -var de_AuthorizationPendingExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new AuthorizationPendingException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_AuthorizationPendingExceptionRes"); -var de_ExpiredTokenExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new ExpiredTokenException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_ExpiredTokenExceptionRes"); -var de_InternalServerExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new InternalServerException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_InternalServerExceptionRes"); -var de_InvalidClientExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new InvalidClientException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_InvalidClientExceptionRes"); -var de_InvalidGrantExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new InvalidGrantException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_InvalidGrantExceptionRes"); -var de_InvalidRequestExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new InvalidRequestException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_InvalidRequestExceptionRes"); -var de_InvalidScopeExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new InvalidScopeException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_InvalidScopeExceptionRes"); -var de_SlowDownExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new SlowDownException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_SlowDownExceptionRes"); -var de_UnauthorizedClientExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new UnauthorizedClientException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_UnauthorizedClientExceptionRes"); -var de_UnsupportedGrantTypeExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new UnsupportedGrantTypeException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_UnsupportedGrantTypeExceptionRes"); -var deserializeMetadata = /* @__PURE__ */ __name((output) => ({ - httpStatusCode: output.statusCode, - requestId: output.headers["x-amzn-requestid"] ?? output.headers["x-amzn-request-id"] ?? output.headers["x-amz-request-id"], - extendedRequestId: output.headers["x-amz-id-2"], - cfId: output.headers["x-amz-cf-id"] -}), "deserializeMetadata"); - -// src/submodules/sso-oidc/commands/CreateTokenCommand.ts -var CreateTokenCommand = class extends import_smithy_client6.Command.classBuilder().ep(commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint2.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("AWSSSOOIDCService", "CreateToken", {}).n("SSOOIDCClient", "CreateTokenCommand").f(CreateTokenRequestFilterSensitiveLog, CreateTokenResponseFilterSensitiveLog).ser(se_CreateTokenCommand).de(de_CreateTokenCommand).build() { - static { - __name(this, "CreateTokenCommand"); - } -}; - -// src/submodules/sso-oidc/SSOOIDC.ts -var commands = { - CreateTokenCommand -}; -var SSOOIDC = class extends SSOOIDCClient { - static { - __name(this, "SSOOIDC"); - } -}; -(0, import_smithy_client7.createAggregatedClient)(commands, SSOOIDC); -// Annotate the CommonJS export names for ESM import in node: -0 && (0); - - -/***/ }), - -/***/ 9750: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.getRuntimeConfig = void 0; -const tslib_1 = __nccwpck_require__(4351); -const package_json_1 = tslib_1.__importDefault(__nccwpck_require__(3942)); -const core_1 = __nccwpck_require__(8078); -const util_user_agent_node_1 = __nccwpck_require__(5380); -const config_resolver_1 = __nccwpck_require__(3098); -const hash_node_1 = __nccwpck_require__(3081); -const middleware_retry_1 = __nccwpck_require__(6039); -const node_config_provider_1 = __nccwpck_require__(3461); -const node_http_handler_1 = __nccwpck_require__(258); -const util_body_length_node_1 = __nccwpck_require__(8075); -const util_retry_1 = __nccwpck_require__(4902); -const runtimeConfig_shared_1 = __nccwpck_require__(8319); -const smithy_client_1 = __nccwpck_require__(3570); -const util_defaults_mode_node_1 = __nccwpck_require__(2429); -const smithy_client_2 = __nccwpck_require__(3570); -const getRuntimeConfig = (config) => { - (0, smithy_client_2.emitWarningIfUnsupportedVersion)(process.version); - const defaultsMode = (0, util_defaults_mode_node_1.resolveDefaultsModeConfig)(config); - const defaultConfigProvider = () => defaultsMode().then(smithy_client_1.loadConfigsForDefaultMode); - const clientSharedValues = (0, runtimeConfig_shared_1.getRuntimeConfig)(config); - (0, core_1.emitWarningIfUnsupportedVersion)(process.version); - const loaderConfig = { - profile: config?.profile, - logger: clientSharedValues.logger, - }; - return { - ...clientSharedValues, - ...config, - runtime: "node", - defaultsMode, - authSchemePreference: config?.authSchemePreference ?? (0, node_config_provider_1.loadConfig)(core_1.NODE_AUTH_SCHEME_PREFERENCE_OPTIONS, loaderConfig), - bodyLengthChecker: config?.bodyLengthChecker ?? util_body_length_node_1.calculateBodyLength, - defaultUserAgentProvider: config?.defaultUserAgentProvider ?? - (0, util_user_agent_node_1.createDefaultUserAgentProvider)({ serviceId: clientSharedValues.serviceId, clientVersion: package_json_1.default.version }), - maxAttempts: config?.maxAttempts ?? (0, node_config_provider_1.loadConfig)(middleware_retry_1.NODE_MAX_ATTEMPT_CONFIG_OPTIONS, config), - region: config?.region ?? - (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_REGION_CONFIG_OPTIONS, { ...config_resolver_1.NODE_REGION_CONFIG_FILE_OPTIONS, ...loaderConfig }), - requestHandler: node_http_handler_1.NodeHttpHandler.create(config?.requestHandler ?? defaultConfigProvider), - retryMode: config?.retryMode ?? - (0, node_config_provider_1.loadConfig)({ - ...middleware_retry_1.NODE_RETRY_MODE_CONFIG_OPTIONS, - default: async () => (await defaultConfigProvider()).retryMode || util_retry_1.DEFAULT_RETRY_MODE, - }, config), - sha256: config?.sha256 ?? hash_node_1.Hash.bind(null, "sha256"), - streamCollector: config?.streamCollector ?? node_http_handler_1.streamCollector, - useDualstackEndpoint: config?.useDualstackEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS, loaderConfig), - useFipsEndpoint: config?.useFipsEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS, loaderConfig), - userAgentAppId: config?.userAgentAppId ?? (0, node_config_provider_1.loadConfig)(util_user_agent_node_1.NODE_APP_ID_CONFIG_OPTIONS, loaderConfig), - }; -}; -exports.getRuntimeConfig = getRuntimeConfig; - - -/***/ }), - -/***/ 8319: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.getRuntimeConfig = void 0; -const core_1 = __nccwpck_require__(8078); -const core_2 = __nccwpck_require__(5829); -const smithy_client_1 = __nccwpck_require__(3570); -const url_parser_1 = __nccwpck_require__(4681); -const util_base64_1 = __nccwpck_require__(5600); -const util_utf8_1 = __nccwpck_require__(1895); -const httpAuthSchemeProvider_1 = __nccwpck_require__(7009); -const endpointResolver_1 = __nccwpck_require__(5065); -const getRuntimeConfig = (config) => { - return { - apiVersion: "2019-06-10", - base64Decoder: config?.base64Decoder ?? util_base64_1.fromBase64, - base64Encoder: config?.base64Encoder ?? util_base64_1.toBase64, - disableHostPrefix: config?.disableHostPrefix ?? false, - endpointProvider: config?.endpointProvider ?? endpointResolver_1.defaultEndpointResolver, - extensions: config?.extensions ?? [], - httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? httpAuthSchemeProvider_1.defaultSSOOIDCHttpAuthSchemeProvider, - httpAuthSchemes: config?.httpAuthSchemes ?? [ - { - schemeId: "aws.auth#sigv4", - identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4"), - signer: new core_1.AwsSdkSigV4Signer(), - }, - { - schemeId: "smithy.api#noAuth", - identityProvider: (ipc) => ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})), - signer: new core_2.NoAuthSigner(), - }, - ], - logger: config?.logger ?? new smithy_client_1.NoOpLogger(), - serviceId: config?.serviceId ?? "SSO OIDC", - urlParser: config?.urlParser ?? url_parser_1.parseUrl, - utf8Decoder: config?.utf8Decoder ?? util_utf8_1.fromUtf8, - utf8Encoder: config?.utf8Encoder ?? util_utf8_1.toUtf8, - }; -}; -exports.getRuntimeConfig = getRuntimeConfig; - - -/***/ }), - -/***/ 4113: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.STSClient = exports.__Client = void 0; -const middleware_host_header_1 = __nccwpck_require__(8725); -const middleware_logger_1 = __nccwpck_require__(2568); -const middleware_recursion_detection_1 = __nccwpck_require__(7960); -const middleware_user_agent_1 = __nccwpck_require__(3030); -const config_resolver_1 = __nccwpck_require__(3098); -const core_1 = __nccwpck_require__(5829); -const middleware_content_length_1 = __nccwpck_require__(2800); -const middleware_endpoint_1 = __nccwpck_require__(2918); -const middleware_retry_1 = __nccwpck_require__(6039); -const smithy_client_1 = __nccwpck_require__(3570); -Object.defineProperty(exports, "__Client", ({ enumerable: true, get: function () { return smithy_client_1.Client; } })); -const httpAuthSchemeProvider_1 = __nccwpck_require__(5569); -const EndpointParameters_1 = __nccwpck_require__(3207); -const runtimeConfig_1 = __nccwpck_require__(2719); -const runtimeExtensions_1 = __nccwpck_require__(9660); -class STSClient extends smithy_client_1.Client { - config; - constructor(...[configuration]) { - const _config_0 = (0, runtimeConfig_1.getRuntimeConfig)(configuration || {}); - super(_config_0); - this.initConfig = _config_0; - const _config_1 = (0, EndpointParameters_1.resolveClientEndpointParameters)(_config_0); - const _config_2 = (0, middleware_user_agent_1.resolveUserAgentConfig)(_config_1); - const _config_3 = (0, middleware_retry_1.resolveRetryConfig)(_config_2); - const _config_4 = (0, config_resolver_1.resolveRegionConfig)(_config_3); - const _config_5 = (0, middleware_host_header_1.resolveHostHeaderConfig)(_config_4); - const _config_6 = (0, middleware_endpoint_1.resolveEndpointConfig)(_config_5); - const _config_7 = (0, httpAuthSchemeProvider_1.resolveHttpAuthSchemeConfig)(_config_6); - const _config_8 = (0, runtimeExtensions_1.resolveRuntimeExtensions)(_config_7, configuration?.extensions || []); - this.config = _config_8; - this.middlewareStack.use((0, middleware_user_agent_1.getUserAgentPlugin)(this.config)); - this.middlewareStack.use((0, middleware_retry_1.getRetryPlugin)(this.config)); - this.middlewareStack.use((0, middleware_content_length_1.getContentLengthPlugin)(this.config)); - this.middlewareStack.use((0, middleware_host_header_1.getHostHeaderPlugin)(this.config)); - this.middlewareStack.use((0, middleware_logger_1.getLoggerPlugin)(this.config)); - this.middlewareStack.use((0, middleware_recursion_detection_1.getRecursionDetectionPlugin)(this.config)); - this.middlewareStack.use((0, core_1.getHttpAuthSchemeEndpointRuleSetPlugin)(this.config, { - httpAuthSchemeParametersProvider: httpAuthSchemeProvider_1.defaultSTSHttpAuthSchemeParametersProvider, - identityProviderConfigProvider: async (config) => new core_1.DefaultIdentityProviderConfig({ - "aws.auth#sigv4": config.credentials, - }), - })); - this.middlewareStack.use((0, core_1.getHttpSigningPlugin)(this.config)); - } - destroy() { - super.destroy(); - } -} -exports.STSClient = STSClient; - - -/***/ }), - -/***/ 2995: -/***/ ((__unused_webpack_module, exports) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.resolveHttpAuthRuntimeConfig = exports.getHttpAuthExtensionConfiguration = void 0; -const getHttpAuthExtensionConfiguration = (runtimeConfig) => { - const _httpAuthSchemes = runtimeConfig.httpAuthSchemes; - let _httpAuthSchemeProvider = runtimeConfig.httpAuthSchemeProvider; - let _credentials = runtimeConfig.credentials; - return { - setHttpAuthScheme(httpAuthScheme) { - const index = _httpAuthSchemes.findIndex((scheme) => scheme.schemeId === httpAuthScheme.schemeId); - if (index === -1) { - _httpAuthSchemes.push(httpAuthScheme); - } - else { - _httpAuthSchemes.splice(index, 1, httpAuthScheme); - } - }, - httpAuthSchemes() { - return _httpAuthSchemes; - }, - setHttpAuthSchemeProvider(httpAuthSchemeProvider) { - _httpAuthSchemeProvider = httpAuthSchemeProvider; - }, - httpAuthSchemeProvider() { - return _httpAuthSchemeProvider; - }, - setCredentials(credentials) { - _credentials = credentials; - }, - credentials() { - return _credentials; - }, - }; -}; -exports.getHttpAuthExtensionConfiguration = getHttpAuthExtensionConfiguration; -const resolveHttpAuthRuntimeConfig = (config) => { - return { - httpAuthSchemes: config.httpAuthSchemes(), - httpAuthSchemeProvider: config.httpAuthSchemeProvider(), - credentials: config.credentials(), - }; -}; -exports.resolveHttpAuthRuntimeConfig = resolveHttpAuthRuntimeConfig; - - -/***/ }), - -/***/ 5569: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.resolveHttpAuthSchemeConfig = exports.resolveStsAuthConfig = exports.defaultSTSHttpAuthSchemeProvider = exports.defaultSTSHttpAuthSchemeParametersProvider = void 0; -const core_1 = __nccwpck_require__(8078); -const util_middleware_1 = __nccwpck_require__(2390); -const STSClient_1 = __nccwpck_require__(4113); -const defaultSTSHttpAuthSchemeParametersProvider = async (config, context, input) => { - return { - operation: (0, util_middleware_1.getSmithyContext)(context).operation, - region: (await (0, util_middleware_1.normalizeProvider)(config.region)()) || - (() => { - throw new Error("expected `region` to be configured for `aws.auth#sigv4`"); - })(), - }; -}; -exports.defaultSTSHttpAuthSchemeParametersProvider = defaultSTSHttpAuthSchemeParametersProvider; -function createAwsAuthSigv4HttpAuthOption(authParameters) { - return { - schemeId: "aws.auth#sigv4", - signingProperties: { - name: "sts", - region: authParameters.region, - }, - propertiesExtractor: (config, context) => ({ - signingProperties: { - config, - context, - }, - }), - }; -} -function createSmithyApiNoAuthHttpAuthOption(authParameters) { - return { - schemeId: "smithy.api#noAuth", - }; -} -const defaultSTSHttpAuthSchemeProvider = (authParameters) => { - const options = []; - switch (authParameters.operation) { - case "AssumeRoleWithWebIdentity": { - options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); - break; - } - default: { - options.push(createAwsAuthSigv4HttpAuthOption(authParameters)); - } - } - return options; -}; -exports.defaultSTSHttpAuthSchemeProvider = defaultSTSHttpAuthSchemeProvider; -const resolveStsAuthConfig = (input) => Object.assign(input, { - stsClientCtor: STSClient_1.STSClient, -}); -exports.resolveStsAuthConfig = resolveStsAuthConfig; -const resolveHttpAuthSchemeConfig = (config) => { - const config_0 = (0, exports.resolveStsAuthConfig)(config); - const config_1 = (0, core_1.resolveAwsSdkSigV4Config)(config_0); - return Object.assign(config_1, { - authSchemePreference: (0, util_middleware_1.normalizeProvider)(config.authSchemePreference ?? []), - }); -}; -exports.resolveHttpAuthSchemeConfig = resolveHttpAuthSchemeConfig; - - -/***/ }), - -/***/ 3207: -/***/ ((__unused_webpack_module, exports) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.commonParams = exports.resolveClientEndpointParameters = void 0; -const resolveClientEndpointParameters = (options) => { - return Object.assign(options, { - useDualstackEndpoint: options.useDualstackEndpoint ?? false, - useFipsEndpoint: options.useFipsEndpoint ?? false, - useGlobalEndpoint: options.useGlobalEndpoint ?? false, - defaultSigningName: "sts", - }); -}; -exports.resolveClientEndpointParameters = resolveClientEndpointParameters; -exports.commonParams = { - UseGlobalEndpoint: { type: "builtInParams", name: "useGlobalEndpoint" }, - UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, - Endpoint: { type: "builtInParams", name: "endpoint" }, - Region: { type: "builtInParams", name: "region" }, - UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" }, -}; - - -/***/ }), - -/***/ 2282: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.defaultEndpointResolver = void 0; -const util_endpoints_1 = __nccwpck_require__(1256); -const util_endpoints_2 = __nccwpck_require__(5473); -const ruleset_1 = __nccwpck_require__(505); -const cache = new util_endpoints_2.EndpointCache({ - size: 50, - params: ["Endpoint", "Region", "UseDualStack", "UseFIPS", "UseGlobalEndpoint"], -}); -const defaultEndpointResolver = (endpointParams, context = {}) => { - return cache.get(endpointParams, () => (0, util_endpoints_2.resolveEndpoint)(ruleset_1.ruleSet, { - endpointParams: endpointParams, - logger: context.logger, - })); -}; -exports.defaultEndpointResolver = defaultEndpointResolver; -util_endpoints_2.customEndpointFunctions.aws = util_endpoints_1.awsEndpointFunctions; - - -/***/ }), - -/***/ 505: -/***/ ((__unused_webpack_module, exports) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.ruleSet = void 0; -const F = "required", G = "type", H = "fn", I = "argv", J = "ref"; -const a = false, b = true, c = "booleanEquals", d = "stringEquals", e = "sigv4", f = "sts", g = "us-east-1", h = "endpoint", i = "https://sts.{Region}.{PartitionResult#dnsSuffix}", j = "tree", k = "error", l = "getAttr", m = { [F]: false, [G]: "String" }, n = { [F]: true, "default": false, [G]: "Boolean" }, o = { [J]: "Endpoint" }, p = { [H]: "isSet", [I]: [{ [J]: "Region" }] }, q = { [J]: "Region" }, r = { [H]: "aws.partition", [I]: [q], "assign": "PartitionResult" }, s = { [J]: "UseFIPS" }, t = { [J]: "UseDualStack" }, u = { "url": "https://sts.amazonaws.com", "properties": { "authSchemes": [{ "name": e, "signingName": f, "signingRegion": g }] }, "headers": {} }, v = {}, w = { "conditions": [{ [H]: d, [I]: [q, "aws-global"] }], [h]: u, [G]: h }, x = { [H]: c, [I]: [s, true] }, y = { [H]: c, [I]: [t, true] }, z = { [H]: l, [I]: [{ [J]: "PartitionResult" }, "supportsFIPS"] }, A = { [J]: "PartitionResult" }, B = { [H]: c, [I]: [true, { [H]: l, [I]: [A, "supportsDualStack"] }] }, C = [{ [H]: "isSet", [I]: [o] }], D = [x], E = [y]; -const _data = { version: "1.0", parameters: { Region: m, UseDualStack: n, UseFIPS: n, Endpoint: m, UseGlobalEndpoint: n }, rules: [{ conditions: [{ [H]: c, [I]: [{ [J]: "UseGlobalEndpoint" }, b] }, { [H]: "not", [I]: C }, p, r, { [H]: c, [I]: [s, a] }, { [H]: c, [I]: [t, a] }], rules: [{ conditions: [{ [H]: d, [I]: [q, "ap-northeast-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "ap-south-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "ap-southeast-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "ap-southeast-2"] }], endpoint: u, [G]: h }, w, { conditions: [{ [H]: d, [I]: [q, "ca-central-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-central-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-north-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-west-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-west-2"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-west-3"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "sa-east-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, g] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "us-east-2"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "us-west-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "us-west-2"] }], endpoint: u, [G]: h }, { endpoint: { url: i, properties: { authSchemes: [{ name: e, signingName: f, signingRegion: "{Region}" }] }, headers: v }, [G]: h }], [G]: j }, { conditions: C, rules: [{ conditions: D, error: "Invalid Configuration: FIPS and custom endpoint are not supported", [G]: k }, { conditions: E, error: "Invalid Configuration: Dualstack and custom endpoint are not supported", [G]: k }, { endpoint: { url: o, properties: v, headers: v }, [G]: h }], [G]: j }, { conditions: [p], rules: [{ conditions: [r], rules: [{ conditions: [x, y], rules: [{ conditions: [{ [H]: c, [I]: [b, z] }, B], rules: [{ endpoint: { url: "https://sts-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: v, headers: v }, [G]: h }], [G]: j }, { error: "FIPS and DualStack are enabled, but this partition does not support one or both", [G]: k }], [G]: j }, { conditions: D, rules: [{ conditions: [{ [H]: c, [I]: [z, b] }], rules: [{ conditions: [{ [H]: d, [I]: [{ [H]: l, [I]: [A, "name"] }, "aws-us-gov"] }], endpoint: { url: "https://sts.{Region}.amazonaws.com", properties: v, headers: v }, [G]: h }, { endpoint: { url: "https://sts-fips.{Region}.{PartitionResult#dnsSuffix}", properties: v, headers: v }, [G]: h }], [G]: j }, { error: "FIPS is enabled but this partition does not support FIPS", [G]: k }], [G]: j }, { conditions: E, rules: [{ conditions: [B], rules: [{ endpoint: { url: "https://sts.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: v, headers: v }, [G]: h }], [G]: j }, { error: "DualStack is enabled but this partition does not support DualStack", [G]: k }], [G]: j }, w, { endpoint: { url: i, properties: v, headers: v }, [G]: h }], [G]: j }], [G]: j }, { error: "Invalid Configuration: Missing Region", [G]: k }] }; -exports.ruleSet = _data; - - -/***/ }), - -/***/ 3715: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default")); -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/submodules/sts/index.ts -var index_exports = {}; -__export(index_exports, { - AssumeRoleCommand: () => AssumeRoleCommand, - AssumeRoleResponseFilterSensitiveLog: () => AssumeRoleResponseFilterSensitiveLog, - AssumeRoleWithWebIdentityCommand: () => AssumeRoleWithWebIdentityCommand, - AssumeRoleWithWebIdentityRequestFilterSensitiveLog: () => AssumeRoleWithWebIdentityRequestFilterSensitiveLog, - AssumeRoleWithWebIdentityResponseFilterSensitiveLog: () => AssumeRoleWithWebIdentityResponseFilterSensitiveLog, - ClientInputEndpointParameters: () => import_EndpointParameters3.ClientInputEndpointParameters, - CredentialsFilterSensitiveLog: () => CredentialsFilterSensitiveLog, - ExpiredTokenException: () => ExpiredTokenException, - IDPCommunicationErrorException: () => IDPCommunicationErrorException, - IDPRejectedClaimException: () => IDPRejectedClaimException, - InvalidIdentityTokenException: () => InvalidIdentityTokenException, - MalformedPolicyDocumentException: () => MalformedPolicyDocumentException, - PackedPolicyTooLargeException: () => PackedPolicyTooLargeException, - RegionDisabledException: () => RegionDisabledException, - STS: () => STS, - STSServiceException: () => STSServiceException, - decorateDefaultCredentialProvider: () => decorateDefaultCredentialProvider, - getDefaultRoleAssumer: () => getDefaultRoleAssumer2, - getDefaultRoleAssumerWithWebIdentity: () => getDefaultRoleAssumerWithWebIdentity2 -}); -module.exports = __toCommonJS(index_exports); -__reExport(index_exports, __nccwpck_require__(4113), module.exports); - -// src/submodules/sts/STS.ts -var import_smithy_client6 = __nccwpck_require__(3570); - -// src/submodules/sts/commands/AssumeRoleCommand.ts -var import_middleware_endpoint = __nccwpck_require__(2918); -var import_middleware_serde = __nccwpck_require__(1238); -var import_smithy_client4 = __nccwpck_require__(3570); -var import_EndpointParameters = __nccwpck_require__(3207); - -// src/submodules/sts/models/models_0.ts -var import_smithy_client2 = __nccwpck_require__(3570); - -// src/submodules/sts/models/STSServiceException.ts -var import_smithy_client = __nccwpck_require__(3570); -var STSServiceException = class _STSServiceException extends import_smithy_client.ServiceException { - static { - __name(this, "STSServiceException"); - } - /** - * @internal - */ - constructor(options) { - super(options); - Object.setPrototypeOf(this, _STSServiceException.prototype); - } -}; - -// src/submodules/sts/models/models_0.ts -var CredentialsFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.SecretAccessKey && { SecretAccessKey: import_smithy_client2.SENSITIVE_STRING } -}), "CredentialsFilterSensitiveLog"); -var AssumeRoleResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) } -}), "AssumeRoleResponseFilterSensitiveLog"); -var ExpiredTokenException = class _ExpiredTokenException extends STSServiceException { - static { - __name(this, "ExpiredTokenException"); - } - name = "ExpiredTokenException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "ExpiredTokenException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _ExpiredTokenException.prototype); - } -}; -var MalformedPolicyDocumentException = class _MalformedPolicyDocumentException extends STSServiceException { - static { - __name(this, "MalformedPolicyDocumentException"); - } - name = "MalformedPolicyDocumentException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "MalformedPolicyDocumentException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _MalformedPolicyDocumentException.prototype); - } -}; -var PackedPolicyTooLargeException = class _PackedPolicyTooLargeException extends STSServiceException { - static { - __name(this, "PackedPolicyTooLargeException"); - } - name = "PackedPolicyTooLargeException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "PackedPolicyTooLargeException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _PackedPolicyTooLargeException.prototype); - } -}; -var RegionDisabledException = class _RegionDisabledException extends STSServiceException { - static { - __name(this, "RegionDisabledException"); - } - name = "RegionDisabledException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "RegionDisabledException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _RegionDisabledException.prototype); - } -}; -var IDPRejectedClaimException = class _IDPRejectedClaimException extends STSServiceException { - static { - __name(this, "IDPRejectedClaimException"); - } - name = "IDPRejectedClaimException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "IDPRejectedClaimException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _IDPRejectedClaimException.prototype); - } -}; -var InvalidIdentityTokenException = class _InvalidIdentityTokenException extends STSServiceException { - static { - __name(this, "InvalidIdentityTokenException"); - } - name = "InvalidIdentityTokenException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "InvalidIdentityTokenException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _InvalidIdentityTokenException.prototype); - } -}; -var AssumeRoleWithWebIdentityRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.WebIdentityToken && { WebIdentityToken: import_smithy_client2.SENSITIVE_STRING } -}), "AssumeRoleWithWebIdentityRequestFilterSensitiveLog"); -var AssumeRoleWithWebIdentityResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) } -}), "AssumeRoleWithWebIdentityResponseFilterSensitiveLog"); -var IDPCommunicationErrorException = class _IDPCommunicationErrorException extends STSServiceException { - static { - __name(this, "IDPCommunicationErrorException"); - } - name = "IDPCommunicationErrorException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "IDPCommunicationErrorException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _IDPCommunicationErrorException.prototype); - } -}; - -// src/submodules/sts/protocols/Aws_query.ts -var import_core = __nccwpck_require__(8078); -var import_protocol_http = __nccwpck_require__(4418); -var import_smithy_client3 = __nccwpck_require__(3570); -var se_AssumeRoleCommand = /* @__PURE__ */ __name(async (input, context) => { - const headers = SHARED_HEADERS; - let body; - body = buildFormUrlencodedString({ - ...se_AssumeRoleRequest(input, context), - [_A]: _AR, - [_V]: _ - }); - return buildHttpRpcRequest(context, headers, "/", void 0, body); -}, "se_AssumeRoleCommand"); -var se_AssumeRoleWithWebIdentityCommand = /* @__PURE__ */ __name(async (input, context) => { - const headers = SHARED_HEADERS; - let body; - body = buildFormUrlencodedString({ - ...se_AssumeRoleWithWebIdentityRequest(input, context), - [_A]: _ARWWI, - [_V]: _ - }); - return buildHttpRpcRequest(context, headers, "/", void 0, body); -}, "se_AssumeRoleWithWebIdentityCommand"); -var de_AssumeRoleCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode >= 300) { - return de_CommandError(output, context); - } - const data = await (0, import_core.parseXmlBody)(output.body, context); - let contents = {}; - contents = de_AssumeRoleResponse(data.AssumeRoleResult, context); - const response = { - $metadata: deserializeMetadata(output), - ...contents - }; - return response; -}, "de_AssumeRoleCommand"); -var de_AssumeRoleWithWebIdentityCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode >= 300) { - return de_CommandError(output, context); - } - const data = await (0, import_core.parseXmlBody)(output.body, context); - let contents = {}; - contents = de_AssumeRoleWithWebIdentityResponse(data.AssumeRoleWithWebIdentityResult, context); - const response = { - $metadata: deserializeMetadata(output), - ...contents - }; - return response; -}, "de_AssumeRoleWithWebIdentityCommand"); -var de_CommandError = /* @__PURE__ */ __name(async (output, context) => { - const parsedOutput = { - ...output, - body: await (0, import_core.parseXmlErrorBody)(output.body, context) - }; - const errorCode = loadQueryErrorCode(output, parsedOutput.body); - switch (errorCode) { - case "ExpiredTokenException": - case "com.amazonaws.sts#ExpiredTokenException": - throw await de_ExpiredTokenExceptionRes(parsedOutput, context); - case "MalformedPolicyDocument": - case "com.amazonaws.sts#MalformedPolicyDocumentException": - throw await de_MalformedPolicyDocumentExceptionRes(parsedOutput, context); - case "PackedPolicyTooLarge": - case "com.amazonaws.sts#PackedPolicyTooLargeException": - throw await de_PackedPolicyTooLargeExceptionRes(parsedOutput, context); - case "RegionDisabledException": - case "com.amazonaws.sts#RegionDisabledException": - throw await de_RegionDisabledExceptionRes(parsedOutput, context); - case "IDPCommunicationError": - case "com.amazonaws.sts#IDPCommunicationErrorException": - throw await de_IDPCommunicationErrorExceptionRes(parsedOutput, context); - case "IDPRejectedClaim": - case "com.amazonaws.sts#IDPRejectedClaimException": - throw await de_IDPRejectedClaimExceptionRes(parsedOutput, context); - case "InvalidIdentityToken": - case "com.amazonaws.sts#InvalidIdentityTokenException": - throw await de_InvalidIdentityTokenExceptionRes(parsedOutput, context); - default: - const parsedBody = parsedOutput.body; - return throwDefaultError({ - output, - parsedBody: parsedBody.Error, - errorCode - }); - } -}, "de_CommandError"); -var de_ExpiredTokenExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_ExpiredTokenException(body.Error, context); - const exception = new ExpiredTokenException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client3.decorateServiceException)(exception, body); -}, "de_ExpiredTokenExceptionRes"); -var de_IDPCommunicationErrorExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_IDPCommunicationErrorException(body.Error, context); - const exception = new IDPCommunicationErrorException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client3.decorateServiceException)(exception, body); -}, "de_IDPCommunicationErrorExceptionRes"); -var de_IDPRejectedClaimExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_IDPRejectedClaimException(body.Error, context); - const exception = new IDPRejectedClaimException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client3.decorateServiceException)(exception, body); -}, "de_IDPRejectedClaimExceptionRes"); -var de_InvalidIdentityTokenExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_InvalidIdentityTokenException(body.Error, context); - const exception = new InvalidIdentityTokenException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client3.decorateServiceException)(exception, body); -}, "de_InvalidIdentityTokenExceptionRes"); -var de_MalformedPolicyDocumentExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_MalformedPolicyDocumentException(body.Error, context); - const exception = new MalformedPolicyDocumentException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client3.decorateServiceException)(exception, body); -}, "de_MalformedPolicyDocumentExceptionRes"); -var de_PackedPolicyTooLargeExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_PackedPolicyTooLargeException(body.Error, context); - const exception = new PackedPolicyTooLargeException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client3.decorateServiceException)(exception, body); -}, "de_PackedPolicyTooLargeExceptionRes"); -var de_RegionDisabledExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_RegionDisabledException(body.Error, context); - const exception = new RegionDisabledException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client3.decorateServiceException)(exception, body); -}, "de_RegionDisabledExceptionRes"); -var se_AssumeRoleRequest = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_RA] != null) { - entries[_RA] = input[_RA]; - } - if (input[_RSN] != null) { - entries[_RSN] = input[_RSN]; - } - if (input[_PA] != null) { - const memberEntries = se_policyDescriptorListType(input[_PA], context); - if (input[_PA]?.length === 0) { - entries.PolicyArns = []; - } - Object.entries(memberEntries).forEach(([key, value]) => { - const loc = `PolicyArns.${key}`; - entries[loc] = value; - }); - } - if (input[_P] != null) { - entries[_P] = input[_P]; - } - if (input[_DS] != null) { - entries[_DS] = input[_DS]; - } - if (input[_T] != null) { - const memberEntries = se_tagListType(input[_T], context); - if (input[_T]?.length === 0) { - entries.Tags = []; - } - Object.entries(memberEntries).forEach(([key, value]) => { - const loc = `Tags.${key}`; - entries[loc] = value; - }); - } - if (input[_TTK] != null) { - const memberEntries = se_tagKeyListType(input[_TTK], context); - if (input[_TTK]?.length === 0) { - entries.TransitiveTagKeys = []; - } - Object.entries(memberEntries).forEach(([key, value]) => { - const loc = `TransitiveTagKeys.${key}`; - entries[loc] = value; - }); - } - if (input[_EI] != null) { - entries[_EI] = input[_EI]; - } - if (input[_SN] != null) { - entries[_SN] = input[_SN]; - } - if (input[_TC] != null) { - entries[_TC] = input[_TC]; - } - if (input[_SI] != null) { - entries[_SI] = input[_SI]; - } - if (input[_PC] != null) { - const memberEntries = se_ProvidedContextsListType(input[_PC], context); - if (input[_PC]?.length === 0) { - entries.ProvidedContexts = []; - } - Object.entries(memberEntries).forEach(([key, value]) => { - const loc = `ProvidedContexts.${key}`; - entries[loc] = value; - }); - } - return entries; -}, "se_AssumeRoleRequest"); -var se_AssumeRoleWithWebIdentityRequest = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_RA] != null) { - entries[_RA] = input[_RA]; - } - if (input[_RSN] != null) { - entries[_RSN] = input[_RSN]; - } - if (input[_WIT] != null) { - entries[_WIT] = input[_WIT]; - } - if (input[_PI] != null) { - entries[_PI] = input[_PI]; - } - if (input[_PA] != null) { - const memberEntries = se_policyDescriptorListType(input[_PA], context); - if (input[_PA]?.length === 0) { - entries.PolicyArns = []; - } - Object.entries(memberEntries).forEach(([key, value]) => { - const loc = `PolicyArns.${key}`; - entries[loc] = value; - }); - } - if (input[_P] != null) { - entries[_P] = input[_P]; - } - if (input[_DS] != null) { - entries[_DS] = input[_DS]; - } - return entries; -}, "se_AssumeRoleWithWebIdentityRequest"); -var se_policyDescriptorListType = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - let counter = 1; - for (const entry of input) { - if (entry === null) { - continue; - } - const memberEntries = se_PolicyDescriptorType(entry, context); - Object.entries(memberEntries).forEach(([key, value]) => { - entries[`member.${counter}.${key}`] = value; - }); - counter++; - } - return entries; -}, "se_policyDescriptorListType"); -var se_PolicyDescriptorType = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_a] != null) { - entries[_a] = input[_a]; - } - return entries; -}, "se_PolicyDescriptorType"); -var se_ProvidedContext = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_PAr] != null) { - entries[_PAr] = input[_PAr]; - } - if (input[_CA] != null) { - entries[_CA] = input[_CA]; - } - return entries; -}, "se_ProvidedContext"); -var se_ProvidedContextsListType = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - let counter = 1; - for (const entry of input) { - if (entry === null) { - continue; - } - const memberEntries = se_ProvidedContext(entry, context); - Object.entries(memberEntries).forEach(([key, value]) => { - entries[`member.${counter}.${key}`] = value; - }); - counter++; - } - return entries; -}, "se_ProvidedContextsListType"); -var se_Tag = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_K] != null) { - entries[_K] = input[_K]; - } - if (input[_Va] != null) { - entries[_Va] = input[_Va]; - } - return entries; -}, "se_Tag"); -var se_tagKeyListType = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - let counter = 1; - for (const entry of input) { - if (entry === null) { - continue; - } - entries[`member.${counter}`] = entry; - counter++; - } - return entries; -}, "se_tagKeyListType"); -var se_tagListType = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - let counter = 1; - for (const entry of input) { - if (entry === null) { - continue; - } - const memberEntries = se_Tag(entry, context); - Object.entries(memberEntries).forEach(([key, value]) => { - entries[`member.${counter}.${key}`] = value; - }); - counter++; - } - return entries; -}, "se_tagListType"); -var de_AssumedRoleUser = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_ARI] != null) { - contents[_ARI] = (0, import_smithy_client3.expectString)(output[_ARI]); - } - if (output[_Ar] != null) { - contents[_Ar] = (0, import_smithy_client3.expectString)(output[_Ar]); - } - return contents; -}, "de_AssumedRoleUser"); -var de_AssumeRoleResponse = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_C] != null) { - contents[_C] = de_Credentials(output[_C], context); - } - if (output[_ARU] != null) { - contents[_ARU] = de_AssumedRoleUser(output[_ARU], context); - } - if (output[_PPS] != null) { - contents[_PPS] = (0, import_smithy_client3.strictParseInt32)(output[_PPS]); - } - if (output[_SI] != null) { - contents[_SI] = (0, import_smithy_client3.expectString)(output[_SI]); - } - return contents; -}, "de_AssumeRoleResponse"); -var de_AssumeRoleWithWebIdentityResponse = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_C] != null) { - contents[_C] = de_Credentials(output[_C], context); - } - if (output[_SFWIT] != null) { - contents[_SFWIT] = (0, import_smithy_client3.expectString)(output[_SFWIT]); - } - if (output[_ARU] != null) { - contents[_ARU] = de_AssumedRoleUser(output[_ARU], context); - } - if (output[_PPS] != null) { - contents[_PPS] = (0, import_smithy_client3.strictParseInt32)(output[_PPS]); - } - if (output[_Pr] != null) { - contents[_Pr] = (0, import_smithy_client3.expectString)(output[_Pr]); - } - if (output[_Au] != null) { - contents[_Au] = (0, import_smithy_client3.expectString)(output[_Au]); - } - if (output[_SI] != null) { - contents[_SI] = (0, import_smithy_client3.expectString)(output[_SI]); - } - return contents; -}, "de_AssumeRoleWithWebIdentityResponse"); -var de_Credentials = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_AKI] != null) { - contents[_AKI] = (0, import_smithy_client3.expectString)(output[_AKI]); - } - if (output[_SAK] != null) { - contents[_SAK] = (0, import_smithy_client3.expectString)(output[_SAK]); - } - if (output[_ST] != null) { - contents[_ST] = (0, import_smithy_client3.expectString)(output[_ST]); - } - if (output[_E] != null) { - contents[_E] = (0, import_smithy_client3.expectNonNull)((0, import_smithy_client3.parseRfc3339DateTimeWithOffset)(output[_E])); - } - return contents; -}, "de_Credentials"); -var de_ExpiredTokenException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); - } - return contents; -}, "de_ExpiredTokenException"); -var de_IDPCommunicationErrorException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); - } - return contents; -}, "de_IDPCommunicationErrorException"); -var de_IDPRejectedClaimException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); - } - return contents; -}, "de_IDPRejectedClaimException"); -var de_InvalidIdentityTokenException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); - } - return contents; -}, "de_InvalidIdentityTokenException"); -var de_MalformedPolicyDocumentException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); - } - return contents; -}, "de_MalformedPolicyDocumentException"); -var de_PackedPolicyTooLargeException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); - } - return contents; -}, "de_PackedPolicyTooLargeException"); -var de_RegionDisabledException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); - } - return contents; -}, "de_RegionDisabledException"); -var deserializeMetadata = /* @__PURE__ */ __name((output) => ({ - httpStatusCode: output.statusCode, - requestId: output.headers["x-amzn-requestid"] ?? output.headers["x-amzn-request-id"] ?? output.headers["x-amz-request-id"], - extendedRequestId: output.headers["x-amz-id-2"], - cfId: output.headers["x-amz-cf-id"] -}), "deserializeMetadata"); -var throwDefaultError = (0, import_smithy_client3.withBaseException)(STSServiceException); -var buildHttpRpcRequest = /* @__PURE__ */ __name(async (context, headers, path, resolvedHostname, body) => { - const { hostname, protocol = "https", port, path: basePath } = await context.endpoint(); - const contents = { - protocol, - hostname, - port, - method: "POST", - path: basePath.endsWith("/") ? basePath.slice(0, -1) + path : basePath + path, - headers - }; - if (resolvedHostname !== void 0) { - contents.hostname = resolvedHostname; - } - if (body !== void 0) { - contents.body = body; - } - return new import_protocol_http.HttpRequest(contents); -}, "buildHttpRpcRequest"); -var SHARED_HEADERS = { - "content-type": "application/x-www-form-urlencoded" -}; -var _ = "2011-06-15"; -var _A = "Action"; -var _AKI = "AccessKeyId"; -var _AR = "AssumeRole"; -var _ARI = "AssumedRoleId"; -var _ARU = "AssumedRoleUser"; -var _ARWWI = "AssumeRoleWithWebIdentity"; -var _Ar = "Arn"; -var _Au = "Audience"; -var _C = "Credentials"; -var _CA = "ContextAssertion"; -var _DS = "DurationSeconds"; -var _E = "Expiration"; -var _EI = "ExternalId"; -var _K = "Key"; -var _P = "Policy"; -var _PA = "PolicyArns"; -var _PAr = "ProviderArn"; -var _PC = "ProvidedContexts"; -var _PI = "ProviderId"; -var _PPS = "PackedPolicySize"; -var _Pr = "Provider"; -var _RA = "RoleArn"; -var _RSN = "RoleSessionName"; -var _SAK = "SecretAccessKey"; -var _SFWIT = "SubjectFromWebIdentityToken"; -var _SI = "SourceIdentity"; -var _SN = "SerialNumber"; -var _ST = "SessionToken"; -var _T = "Tags"; -var _TC = "TokenCode"; -var _TTK = "TransitiveTagKeys"; -var _V = "Version"; -var _Va = "Value"; -var _WIT = "WebIdentityToken"; -var _a = "arn"; -var _m = "message"; -var buildFormUrlencodedString = /* @__PURE__ */ __name((formEntries) => Object.entries(formEntries).map(([key, value]) => (0, import_smithy_client3.extendedEncodeURIComponent)(key) + "=" + (0, import_smithy_client3.extendedEncodeURIComponent)(value)).join("&"), "buildFormUrlencodedString"); -var loadQueryErrorCode = /* @__PURE__ */ __name((output, data) => { - if (data.Error?.Code !== void 0) { - return data.Error.Code; - } - if (output.statusCode == 404) { - return "NotFound"; - } -}, "loadQueryErrorCode"); - -// src/submodules/sts/commands/AssumeRoleCommand.ts -var AssumeRoleCommand = class extends import_smithy_client4.Command.classBuilder().ep(import_EndpointParameters.commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("AWSSecurityTokenServiceV20110615", "AssumeRole", {}).n("STSClient", "AssumeRoleCommand").f(void 0, AssumeRoleResponseFilterSensitiveLog).ser(se_AssumeRoleCommand).de(de_AssumeRoleCommand).build() { - static { - __name(this, "AssumeRoleCommand"); - } -}; - -// src/submodules/sts/commands/AssumeRoleWithWebIdentityCommand.ts -var import_middleware_endpoint2 = __nccwpck_require__(2918); -var import_middleware_serde2 = __nccwpck_require__(1238); -var import_smithy_client5 = __nccwpck_require__(3570); -var import_EndpointParameters2 = __nccwpck_require__(3207); -var AssumeRoleWithWebIdentityCommand = class extends import_smithy_client5.Command.classBuilder().ep(import_EndpointParameters2.commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde2.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint2.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("AWSSecurityTokenServiceV20110615", "AssumeRoleWithWebIdentity", {}).n("STSClient", "AssumeRoleWithWebIdentityCommand").f(AssumeRoleWithWebIdentityRequestFilterSensitiveLog, AssumeRoleWithWebIdentityResponseFilterSensitiveLog).ser(se_AssumeRoleWithWebIdentityCommand).de(de_AssumeRoleWithWebIdentityCommand).build() { - static { - __name(this, "AssumeRoleWithWebIdentityCommand"); - } -}; - -// src/submodules/sts/STS.ts -var import_STSClient = __nccwpck_require__(4113); -var commands = { - AssumeRoleCommand, - AssumeRoleWithWebIdentityCommand -}; -var STS = class extends import_STSClient.STSClient { - static { - __name(this, "STS"); - } -}; -(0, import_smithy_client6.createAggregatedClient)(commands, STS); - -// src/submodules/sts/index.ts -var import_EndpointParameters3 = __nccwpck_require__(3207); - -// src/submodules/sts/defaultStsRoleAssumers.ts -var import_client = __nccwpck_require__(912); -var ASSUME_ROLE_DEFAULT_REGION = "us-east-1"; -var getAccountIdFromAssumedRoleUser = /* @__PURE__ */ __name((assumedRoleUser) => { - if (typeof assumedRoleUser?.Arn === "string") { - const arnComponents = assumedRoleUser.Arn.split(":"); - if (arnComponents.length > 4 && arnComponents[4] !== "") { - return arnComponents[4]; - } - } - return void 0; -}, "getAccountIdFromAssumedRoleUser"); -var resolveRegion = /* @__PURE__ */ __name(async (_region, _parentRegion, credentialProviderLogger) => { - const region = typeof _region === "function" ? await _region() : _region; - const parentRegion = typeof _parentRegion === "function" ? await _parentRegion() : _parentRegion; - credentialProviderLogger?.debug?.( - "@aws-sdk/client-sts::resolveRegion", - "accepting first of:", - `${region} (provider)`, - `${parentRegion} (parent client)`, - `${ASSUME_ROLE_DEFAULT_REGION} (STS default)` - ); - return region ?? parentRegion ?? ASSUME_ROLE_DEFAULT_REGION; -}, "resolveRegion"); -var getDefaultRoleAssumer = /* @__PURE__ */ __name((stsOptions, STSClient3) => { - let stsClient; - let closureSourceCreds; - return async (sourceCreds, params) => { - closureSourceCreds = sourceCreds; - if (!stsClient) { - const { - logger = stsOptions?.parentClientConfig?.logger, - region, - requestHandler = stsOptions?.parentClientConfig?.requestHandler, - credentialProviderLogger - } = stsOptions; - const resolvedRegion = await resolveRegion( - region, - stsOptions?.parentClientConfig?.region, - credentialProviderLogger - ); - const isCompatibleRequestHandler = !isH2(requestHandler); - stsClient = new STSClient3({ - profile: stsOptions?.parentClientConfig?.profile, - // A hack to make sts client uses the credential in current closure. - credentialDefaultProvider: /* @__PURE__ */ __name(() => async () => closureSourceCreds, "credentialDefaultProvider"), - region: resolvedRegion, - requestHandler: isCompatibleRequestHandler ? requestHandler : void 0, - logger - }); - } - const { Credentials: Credentials2, AssumedRoleUser: AssumedRoleUser2 } = await stsClient.send(new AssumeRoleCommand(params)); - if (!Credentials2 || !Credentials2.AccessKeyId || !Credentials2.SecretAccessKey) { - throw new Error(`Invalid response from STS.assumeRole call with role ${params.RoleArn}`); - } - const accountId = getAccountIdFromAssumedRoleUser(AssumedRoleUser2); - const credentials = { - accessKeyId: Credentials2.AccessKeyId, - secretAccessKey: Credentials2.SecretAccessKey, - sessionToken: Credentials2.SessionToken, - expiration: Credentials2.Expiration, - // TODO(credentialScope): access normally when shape is updated. - ...Credentials2.CredentialScope && { credentialScope: Credentials2.CredentialScope }, - ...accountId && { accountId } - }; - (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_STS_ASSUME_ROLE", "i"); - return credentials; - }; -}, "getDefaultRoleAssumer"); -var getDefaultRoleAssumerWithWebIdentity = /* @__PURE__ */ __name((stsOptions, STSClient3) => { - let stsClient; - return async (params) => { - if (!stsClient) { - const { - logger = stsOptions?.parentClientConfig?.logger, - region, - requestHandler = stsOptions?.parentClientConfig?.requestHandler, - credentialProviderLogger - } = stsOptions; - const resolvedRegion = await resolveRegion( - region, - stsOptions?.parentClientConfig?.region, - credentialProviderLogger - ); - const isCompatibleRequestHandler = !isH2(requestHandler); - stsClient = new STSClient3({ - profile: stsOptions?.parentClientConfig?.profile, - region: resolvedRegion, - requestHandler: isCompatibleRequestHandler ? requestHandler : void 0, - logger - }); - } - const { Credentials: Credentials2, AssumedRoleUser: AssumedRoleUser2 } = await stsClient.send(new AssumeRoleWithWebIdentityCommand(params)); - if (!Credentials2 || !Credentials2.AccessKeyId || !Credentials2.SecretAccessKey) { - throw new Error(`Invalid response from STS.assumeRoleWithWebIdentity call with role ${params.RoleArn}`); - } - const accountId = getAccountIdFromAssumedRoleUser(AssumedRoleUser2); - const credentials = { - accessKeyId: Credentials2.AccessKeyId, - secretAccessKey: Credentials2.SecretAccessKey, - sessionToken: Credentials2.SessionToken, - expiration: Credentials2.Expiration, - // TODO(credentialScope): access normally when shape is updated. - ...Credentials2.CredentialScope && { credentialScope: Credentials2.CredentialScope }, - ...accountId && { accountId } - }; - if (accountId) { - (0, import_client.setCredentialFeature)(credentials, "RESOLVED_ACCOUNT_ID", "T"); - } - (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_STS_ASSUME_ROLE_WEB_ID", "k"); - return credentials; - }; -}, "getDefaultRoleAssumerWithWebIdentity"); -var isH2 = /* @__PURE__ */ __name((requestHandler) => { - return requestHandler?.metadata?.handlerProtocol === "h2"; -}, "isH2"); - -// src/submodules/sts/defaultRoleAssumers.ts -var import_STSClient2 = __nccwpck_require__(4113); -var getCustomizableStsClientCtor = /* @__PURE__ */ __name((baseCtor, customizations) => { - if (!customizations) return baseCtor; - else - return class CustomizableSTSClient extends baseCtor { - static { - __name(this, "CustomizableSTSClient"); - } - constructor(config) { - super(config); - for (const customization of customizations) { - this.middlewareStack.use(customization); - } - } - }; -}, "getCustomizableStsClientCtor"); -var getDefaultRoleAssumer2 = /* @__PURE__ */ __name((stsOptions = {}, stsPlugins) => getDefaultRoleAssumer(stsOptions, getCustomizableStsClientCtor(import_STSClient2.STSClient, stsPlugins)), "getDefaultRoleAssumer"); -var getDefaultRoleAssumerWithWebIdentity2 = /* @__PURE__ */ __name((stsOptions = {}, stsPlugins) => getDefaultRoleAssumerWithWebIdentity(stsOptions, getCustomizableStsClientCtor(import_STSClient2.STSClient, stsPlugins)), "getDefaultRoleAssumerWithWebIdentity"); -var decorateDefaultCredentialProvider = /* @__PURE__ */ __name((provider) => (input) => provider({ - roleAssumer: getDefaultRoleAssumer2(input), - roleAssumerWithWebIdentity: getDefaultRoleAssumerWithWebIdentity2(input), - ...input -}), "decorateDefaultCredentialProvider"); -// Annotate the CommonJS export names for ESM import in node: -0 && (0); - - -/***/ }), - -/***/ 2719: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.getRuntimeConfig = void 0; -const tslib_1 = __nccwpck_require__(4351); -const package_json_1 = tslib_1.__importDefault(__nccwpck_require__(3942)); -const core_1 = __nccwpck_require__(8078); -const util_user_agent_node_1 = __nccwpck_require__(5380); -const config_resolver_1 = __nccwpck_require__(3098); -const core_2 = __nccwpck_require__(5829); -const hash_node_1 = __nccwpck_require__(3081); -const middleware_retry_1 = __nccwpck_require__(6039); -const node_config_provider_1 = __nccwpck_require__(3461); -const node_http_handler_1 = __nccwpck_require__(258); -const util_body_length_node_1 = __nccwpck_require__(8075); -const util_retry_1 = __nccwpck_require__(4902); -const runtimeConfig_shared_1 = __nccwpck_require__(993); -const smithy_client_1 = __nccwpck_require__(3570); -const util_defaults_mode_node_1 = __nccwpck_require__(2429); -const smithy_client_2 = __nccwpck_require__(3570); -const getRuntimeConfig = (config) => { - (0, smithy_client_2.emitWarningIfUnsupportedVersion)(process.version); - const defaultsMode = (0, util_defaults_mode_node_1.resolveDefaultsModeConfig)(config); - const defaultConfigProvider = () => defaultsMode().then(smithy_client_1.loadConfigsForDefaultMode); - const clientSharedValues = (0, runtimeConfig_shared_1.getRuntimeConfig)(config); - (0, core_1.emitWarningIfUnsupportedVersion)(process.version); - const loaderConfig = { - profile: config?.profile, - logger: clientSharedValues.logger, - }; - return { - ...clientSharedValues, - ...config, - runtime: "node", - defaultsMode, - authSchemePreference: config?.authSchemePreference ?? (0, node_config_provider_1.loadConfig)(core_1.NODE_AUTH_SCHEME_PREFERENCE_OPTIONS, loaderConfig), - bodyLengthChecker: config?.bodyLengthChecker ?? util_body_length_node_1.calculateBodyLength, - defaultUserAgentProvider: config?.defaultUserAgentProvider ?? - (0, util_user_agent_node_1.createDefaultUserAgentProvider)({ serviceId: clientSharedValues.serviceId, clientVersion: package_json_1.default.version }), - httpAuthSchemes: config?.httpAuthSchemes ?? [ - { - schemeId: "aws.auth#sigv4", - identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4") || - (async (idProps) => await config.credentialDefaultProvider(idProps?.__config || {})()), - signer: new core_1.AwsSdkSigV4Signer(), - }, - { - schemeId: "smithy.api#noAuth", - identityProvider: (ipc) => ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})), - signer: new core_2.NoAuthSigner(), - }, - ], - maxAttempts: config?.maxAttempts ?? (0, node_config_provider_1.loadConfig)(middleware_retry_1.NODE_MAX_ATTEMPT_CONFIG_OPTIONS, config), - region: config?.region ?? - (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_REGION_CONFIG_OPTIONS, { ...config_resolver_1.NODE_REGION_CONFIG_FILE_OPTIONS, ...loaderConfig }), - requestHandler: node_http_handler_1.NodeHttpHandler.create(config?.requestHandler ?? defaultConfigProvider), - retryMode: config?.retryMode ?? - (0, node_config_provider_1.loadConfig)({ - ...middleware_retry_1.NODE_RETRY_MODE_CONFIG_OPTIONS, - default: async () => (await defaultConfigProvider()).retryMode || util_retry_1.DEFAULT_RETRY_MODE, - }, config), - sha256: config?.sha256 ?? hash_node_1.Hash.bind(null, "sha256"), - streamCollector: config?.streamCollector ?? node_http_handler_1.streamCollector, - useDualstackEndpoint: config?.useDualstackEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS, loaderConfig), - useFipsEndpoint: config?.useFipsEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS, loaderConfig), - userAgentAppId: config?.userAgentAppId ?? (0, node_config_provider_1.loadConfig)(util_user_agent_node_1.NODE_APP_ID_CONFIG_OPTIONS, loaderConfig), - }; -}; -exports.getRuntimeConfig = getRuntimeConfig; - - -/***/ }), - -/***/ 993: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.getRuntimeConfig = void 0; -const core_1 = __nccwpck_require__(8078); -const core_2 = __nccwpck_require__(5829); -const smithy_client_1 = __nccwpck_require__(3570); -const url_parser_1 = __nccwpck_require__(4681); -const util_base64_1 = __nccwpck_require__(5600); -const util_utf8_1 = __nccwpck_require__(1895); -const httpAuthSchemeProvider_1 = __nccwpck_require__(5569); -const endpointResolver_1 = __nccwpck_require__(2282); -const getRuntimeConfig = (config) => { - return { - apiVersion: "2011-06-15", - base64Decoder: config?.base64Decoder ?? util_base64_1.fromBase64, - base64Encoder: config?.base64Encoder ?? util_base64_1.toBase64, - disableHostPrefix: config?.disableHostPrefix ?? false, - endpointProvider: config?.endpointProvider ?? endpointResolver_1.defaultEndpointResolver, - extensions: config?.extensions ?? [], - httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? httpAuthSchemeProvider_1.defaultSTSHttpAuthSchemeProvider, - httpAuthSchemes: config?.httpAuthSchemes ?? [ - { - schemeId: "aws.auth#sigv4", - identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4"), - signer: new core_1.AwsSdkSigV4Signer(), - }, - { - schemeId: "smithy.api#noAuth", - identityProvider: (ipc) => ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})), - signer: new core_2.NoAuthSigner(), - }, - ], - logger: config?.logger ?? new smithy_client_1.NoOpLogger(), - serviceId: config?.serviceId ?? "STS", - urlParser: config?.urlParser ?? url_parser_1.parseUrl, - utf8Decoder: config?.utf8Decoder ?? util_utf8_1.fromUtf8, - utf8Encoder: config?.utf8Encoder ?? util_utf8_1.toUtf8, - }; -}; -exports.getRuntimeConfig = getRuntimeConfig; - - -/***/ }), - -/***/ 9660: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.resolveRuntimeExtensions = void 0; -const region_config_resolver_1 = __nccwpck_require__(8859); -const protocol_http_1 = __nccwpck_require__(4418); -const smithy_client_1 = __nccwpck_require__(3570); -const httpAuthExtensionConfiguration_1 = __nccwpck_require__(2995); -const resolveRuntimeExtensions = (runtimeConfig, extensions) => { - const extensionConfiguration = Object.assign((0, region_config_resolver_1.getAwsRegionExtensionConfiguration)(runtimeConfig), (0, smithy_client_1.getDefaultExtensionConfiguration)(runtimeConfig), (0, protocol_http_1.getHttpHandlerExtensionConfiguration)(runtimeConfig), (0, httpAuthExtensionConfiguration_1.getHttpAuthExtensionConfiguration)(runtimeConfig)); - extensions.forEach((extension) => extension.configure(extensionConfiguration)); - return Object.assign(runtimeConfig, (0, region_config_resolver_1.resolveAwsRegionExtensionConfiguration)(extensionConfiguration), (0, smithy_client_1.resolveDefaultRuntimeConfig)(extensionConfiguration), (0, protocol_http_1.resolveHttpHandlerRuntimeConfig)(extensionConfiguration), (0, httpAuthExtensionConfiguration_1.resolveHttpAuthRuntimeConfig)(extensionConfiguration)); -}; -exports.resolveRuntimeExtensions = resolveRuntimeExtensions; - - -/***/ }), - -/***/ 8859: -/***/ ((module) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - NODE_REGION_CONFIG_FILE_OPTIONS: () => NODE_REGION_CONFIG_FILE_OPTIONS, - NODE_REGION_CONFIG_OPTIONS: () => NODE_REGION_CONFIG_OPTIONS, - REGION_ENV_NAME: () => REGION_ENV_NAME, - REGION_INI_NAME: () => REGION_INI_NAME, - getAwsRegionExtensionConfiguration: () => getAwsRegionExtensionConfiguration, - resolveAwsRegionExtensionConfiguration: () => resolveAwsRegionExtensionConfiguration, - resolveRegionConfig: () => resolveRegionConfig -}); -module.exports = __toCommonJS(index_exports); - -// src/extensions/index.ts -var getAwsRegionExtensionConfiguration = /* @__PURE__ */ __name((runtimeConfig) => { - return { - setRegion(region) { - runtimeConfig.region = region; - }, - region() { - return runtimeConfig.region; - } - }; -}, "getAwsRegionExtensionConfiguration"); -var resolveAwsRegionExtensionConfiguration = /* @__PURE__ */ __name((awsRegionExtensionConfiguration) => { - return { - region: awsRegionExtensionConfiguration.region() - }; -}, "resolveAwsRegionExtensionConfiguration"); - -// src/regionConfig/config.ts -var REGION_ENV_NAME = "AWS_REGION"; -var REGION_INI_NAME = "region"; -var NODE_REGION_CONFIG_OPTIONS = { - environmentVariableSelector: /* @__PURE__ */ __name((env) => env[REGION_ENV_NAME], "environmentVariableSelector"), - configFileSelector: /* @__PURE__ */ __name((profile) => profile[REGION_INI_NAME], "configFileSelector"), - default: /* @__PURE__ */ __name(() => { - throw new Error("Region is missing"); - }, "default") -}; -var NODE_REGION_CONFIG_FILE_OPTIONS = { - preferredFile: "credentials" -}; - -// src/regionConfig/isFipsRegion.ts -var isFipsRegion = /* @__PURE__ */ __name((region) => typeof region === "string" && (region.startsWith("fips-") || region.endsWith("-fips")), "isFipsRegion"); - -// src/regionConfig/getRealRegion.ts -var getRealRegion = /* @__PURE__ */ __name((region) => isFipsRegion(region) ? ["fips-aws-global", "aws-fips"].includes(region) ? "us-east-1" : region.replace(/fips-(dkr-|prod-)?|-fips/, "") : region, "getRealRegion"); - -// src/regionConfig/resolveRegionConfig.ts -var resolveRegionConfig = /* @__PURE__ */ __name((input) => { - const { region, useFipsEndpoint } = input; - if (!region) { - throw new Error("Region is missing"); - } - return Object.assign(input, { - region: /* @__PURE__ */ __name(async () => { - if (typeof region === "string") { - return getRealRegion(region); - } - const providedRegion = await region(); - return getRealRegion(providedRegion); - }, "region"), - useFipsEndpoint: /* @__PURE__ */ __name(async () => { - const providedRegion = typeof region === "string" ? region : await region(); - if (isFipsRegion(providedRegion)) { - return true; - } - return typeof useFipsEndpoint !== "function" ? Promise.resolve(!!useFipsEndpoint) : useFipsEndpoint(); - }, "useFipsEndpoint") - }); -}, "resolveRegionConfig"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 3822: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; - -var __create = Object.create; -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __getProtoOf = Object.getPrototypeOf; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps( - // If the importer is in node compatibility mode or this is not an ESM - // file that has been converted to a CommonJS file using a Babel- - // compatible transform (i.e. "__esModule" has not been set), then set - // "default" to the CommonJS "module.exports" for node compatibility. - isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target, - mod -)); -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - fromEnvSigningName: () => fromEnvSigningName, - fromSso: () => fromSso, - fromStatic: () => fromStatic, - nodeProvider: () => nodeProvider -}); -module.exports = __toCommonJS(index_exports); - -// src/fromEnvSigningName.ts -var import_client = __nccwpck_require__(912); -var import_httpAuthSchemes = __nccwpck_require__(5948); -var import_property_provider = __nccwpck_require__(9721); -var fromEnvSigningName = /* @__PURE__ */ __name(({ logger, signingName } = {}) => async () => { - logger?.debug?.("@aws-sdk/token-providers - fromEnvSigningName"); - if (!signingName) { - throw new import_property_provider.TokenProviderError("Please pass 'signingName' to compute environment variable key", { logger }); - } - const bearerTokenKey = (0, import_httpAuthSchemes.getBearerTokenEnvKey)(signingName); - if (!(bearerTokenKey in process.env)) { - throw new import_property_provider.TokenProviderError(`Token not present in '${bearerTokenKey}' environment variable`, { logger }); - } - const token = { token: process.env[bearerTokenKey] }; - (0, import_client.setTokenFeature)(token, "BEARER_SERVICE_ENV_VARS", "3"); - return token; -}, "fromEnvSigningName"); - -// src/fromSso.ts - - - -// src/constants.ts -var EXPIRE_WINDOW_MS = 5 * 60 * 1e3; -var REFRESH_MESSAGE = `To refresh this SSO session run 'aws sso login' with the corresponding profile.`; - -// src/getSsoOidcClient.ts -var getSsoOidcClient = /* @__PURE__ */ __name(async (ssoRegion, init = {}) => { - const { SSOOIDCClient } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(2604))); - const ssoOidcClient = new SSOOIDCClient( - Object.assign({}, init.clientConfig ?? {}, { - region: ssoRegion ?? init.clientConfig?.region, - logger: init.clientConfig?.logger ?? init.parentClientConfig?.logger - }) - ); - return ssoOidcClient; -}, "getSsoOidcClient"); - -// src/getNewSsoOidcToken.ts -var getNewSsoOidcToken = /* @__PURE__ */ __name(async (ssoToken, ssoRegion, init = {}) => { - const { CreateTokenCommand } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(2604))); - const ssoOidcClient = await getSsoOidcClient(ssoRegion, init); - return ssoOidcClient.send( - new CreateTokenCommand({ - clientId: ssoToken.clientId, - clientSecret: ssoToken.clientSecret, - refreshToken: ssoToken.refreshToken, - grantType: "refresh_token" - }) - ); -}, "getNewSsoOidcToken"); - -// src/validateTokenExpiry.ts - -var validateTokenExpiry = /* @__PURE__ */ __name((token) => { - if (token.expiration && token.expiration.getTime() < Date.now()) { - throw new import_property_provider.TokenProviderError(`Token is expired. ${REFRESH_MESSAGE}`, false); - } -}, "validateTokenExpiry"); - -// src/validateTokenKey.ts - -var validateTokenKey = /* @__PURE__ */ __name((key, value, forRefresh = false) => { - if (typeof value === "undefined") { - throw new import_property_provider.TokenProviderError( - `Value not present for '${key}' in SSO Token${forRefresh ? ". Cannot refresh" : ""}. ${REFRESH_MESSAGE}`, - false - ); - } -}, "validateTokenKey"); - -// src/writeSSOTokenToFile.ts -var import_shared_ini_file_loader = __nccwpck_require__(3507); -var import_fs = __nccwpck_require__(7147); -var { writeFile } = import_fs.promises; -var writeSSOTokenToFile = /* @__PURE__ */ __name((id, ssoToken) => { - const tokenFilepath = (0, import_shared_ini_file_loader.getSSOTokenFilepath)(id); - const tokenString = JSON.stringify(ssoToken, null, 2); - return writeFile(tokenFilepath, tokenString); -}, "writeSSOTokenToFile"); - -// src/fromSso.ts -var lastRefreshAttemptTime = /* @__PURE__ */ new Date(0); -var fromSso = /* @__PURE__ */ __name((_init = {}) => async ({ callerClientConfig } = {}) => { - const init = { - ..._init, - parentClientConfig: { - ...callerClientConfig, - ..._init.parentClientConfig - } - }; - init.logger?.debug("@aws-sdk/token-providers - fromSso"); - const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init); - const profileName = (0, import_shared_ini_file_loader.getProfileName)({ - profile: init.profile ?? callerClientConfig?.profile - }); - const profile = profiles[profileName]; - if (!profile) { - throw new import_property_provider.TokenProviderError(`Profile '${profileName}' could not be found in shared credentials file.`, false); - } else if (!profile["sso_session"]) { - throw new import_property_provider.TokenProviderError(`Profile '${profileName}' is missing required property 'sso_session'.`); - } - const ssoSessionName = profile["sso_session"]; - const ssoSessions = await (0, import_shared_ini_file_loader.loadSsoSessionData)(init); - const ssoSession = ssoSessions[ssoSessionName]; - if (!ssoSession) { - throw new import_property_provider.TokenProviderError( - `Sso session '${ssoSessionName}' could not be found in shared credentials file.`, - false - ); - } - for (const ssoSessionRequiredKey of ["sso_start_url", "sso_region"]) { - if (!ssoSession[ssoSessionRequiredKey]) { - throw new import_property_provider.TokenProviderError( - `Sso session '${ssoSessionName}' is missing required property '${ssoSessionRequiredKey}'.`, - false - ); - } - } - const ssoStartUrl = ssoSession["sso_start_url"]; - const ssoRegion = ssoSession["sso_region"]; - let ssoToken; - try { - ssoToken = await (0, import_shared_ini_file_loader.getSSOTokenFromFile)(ssoSessionName); - } catch (e) { - throw new import_property_provider.TokenProviderError( - `The SSO session token associated with profile=${profileName} was not found or is invalid. ${REFRESH_MESSAGE}`, - false - ); - } - validateTokenKey("accessToken", ssoToken.accessToken); - validateTokenKey("expiresAt", ssoToken.expiresAt); - const { accessToken, expiresAt } = ssoToken; - const existingToken = { token: accessToken, expiration: new Date(expiresAt) }; - if (existingToken.expiration.getTime() - Date.now() > EXPIRE_WINDOW_MS) { - return existingToken; - } - if (Date.now() - lastRefreshAttemptTime.getTime() < 30 * 1e3) { - validateTokenExpiry(existingToken); - return existingToken; - } - validateTokenKey("clientId", ssoToken.clientId, true); - validateTokenKey("clientSecret", ssoToken.clientSecret, true); - validateTokenKey("refreshToken", ssoToken.refreshToken, true); - try { - lastRefreshAttemptTime.setTime(Date.now()); - const newSsoOidcToken = await getNewSsoOidcToken(ssoToken, ssoRegion, init); - validateTokenKey("accessToken", newSsoOidcToken.accessToken); - validateTokenKey("expiresIn", newSsoOidcToken.expiresIn); - const newTokenExpiration = new Date(Date.now() + newSsoOidcToken.expiresIn * 1e3); - try { - await writeSSOTokenToFile(ssoSessionName, { - ...ssoToken, - accessToken: newSsoOidcToken.accessToken, - expiresAt: newTokenExpiration.toISOString(), - refreshToken: newSsoOidcToken.refreshToken - }); - } catch (error) { - } - return { - token: newSsoOidcToken.accessToken, - expiration: newTokenExpiration - }; - } catch (error) { - validateTokenExpiry(existingToken); - return existingToken; - } -}, "fromSso"); - -// src/fromStatic.ts - -var fromStatic = /* @__PURE__ */ __name(({ token, logger }) => async () => { - logger?.debug("@aws-sdk/token-providers - fromStatic"); - if (!token || !token.token) { - throw new import_property_provider.TokenProviderError(`Please pass a valid token to fromStatic`, false); - } - return token; -}, "fromStatic"); - -// src/nodeProvider.ts - -var nodeProvider = /* @__PURE__ */ __name((init = {}) => (0, import_property_provider.memoize)( - (0, import_property_provider.chain)(fromSso(init), async () => { - throw new import_property_provider.TokenProviderError("Could not load token from any providers", false); - }), - (token) => token.expiration !== void 0 && token.expiration.getTime() - Date.now() < 3e5, - (token) => token.expiration !== void 0 -), "nodeProvider"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 1256: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - ConditionObject: () => import_util_endpoints.ConditionObject, - DeprecatedObject: () => import_util_endpoints.DeprecatedObject, - EndpointError: () => import_util_endpoints.EndpointError, - EndpointObject: () => import_util_endpoints.EndpointObject, - EndpointObjectHeaders: () => import_util_endpoints.EndpointObjectHeaders, - EndpointObjectProperties: () => import_util_endpoints.EndpointObjectProperties, - EndpointParams: () => import_util_endpoints.EndpointParams, - EndpointResolverOptions: () => import_util_endpoints.EndpointResolverOptions, - EndpointRuleObject: () => import_util_endpoints.EndpointRuleObject, - ErrorRuleObject: () => import_util_endpoints.ErrorRuleObject, - EvaluateOptions: () => import_util_endpoints.EvaluateOptions, - Expression: () => import_util_endpoints.Expression, - FunctionArgv: () => import_util_endpoints.FunctionArgv, - FunctionObject: () => import_util_endpoints.FunctionObject, - FunctionReturn: () => import_util_endpoints.FunctionReturn, - ParameterObject: () => import_util_endpoints.ParameterObject, - ReferenceObject: () => import_util_endpoints.ReferenceObject, - ReferenceRecord: () => import_util_endpoints.ReferenceRecord, - RuleSetObject: () => import_util_endpoints.RuleSetObject, - RuleSetRules: () => import_util_endpoints.RuleSetRules, - TreeRuleObject: () => import_util_endpoints.TreeRuleObject, - awsEndpointFunctions: () => awsEndpointFunctions, - getUserAgentPrefix: () => getUserAgentPrefix, - isIpAddress: () => import_util_endpoints.isIpAddress, - partition: () => partition, - resolveDefaultAwsRegionalEndpointsConfig: () => resolveDefaultAwsRegionalEndpointsConfig, - resolveEndpoint: () => import_util_endpoints.resolveEndpoint, - setPartitionInfo: () => setPartitionInfo, - toEndpointV1: () => toEndpointV1, - useDefaultPartitionInfo: () => useDefaultPartitionInfo -}); -module.exports = __toCommonJS(index_exports); - -// src/aws.ts - - -// src/lib/aws/isVirtualHostableS3Bucket.ts - - -// src/lib/isIpAddress.ts -var import_util_endpoints = __nccwpck_require__(5473); - -// src/lib/aws/isVirtualHostableS3Bucket.ts -var isVirtualHostableS3Bucket = /* @__PURE__ */ __name((value, allowSubDomains = false) => { - if (allowSubDomains) { - for (const label of value.split(".")) { - if (!isVirtualHostableS3Bucket(label)) { - return false; - } - } - return true; - } - if (!(0, import_util_endpoints.isValidHostLabel)(value)) { - return false; - } - if (value.length < 3 || value.length > 63) { - return false; - } - if (value !== value.toLowerCase()) { - return false; - } - if ((0, import_util_endpoints.isIpAddress)(value)) { - return false; - } - return true; -}, "isVirtualHostableS3Bucket"); - -// src/lib/aws/parseArn.ts -var ARN_DELIMITER = ":"; -var RESOURCE_DELIMITER = "/"; -var parseArn = /* @__PURE__ */ __name((value) => { - const segments = value.split(ARN_DELIMITER); - if (segments.length < 6) return null; - const [arn, partition2, service, region, accountId, ...resourcePath] = segments; - if (arn !== "arn" || partition2 === "" || service === "" || resourcePath.join(ARN_DELIMITER) === "") return null; - const resourceId = resourcePath.map((resource) => resource.split(RESOURCE_DELIMITER)).flat(); - return { - partition: partition2, - service, - region, - accountId, - resourceId - }; -}, "parseArn"); - -// src/lib/aws/partitions.json -var partitions_default = { - partitions: [{ - id: "aws", - outputs: { - dnsSuffix: "amazonaws.com", - dualStackDnsSuffix: "api.aws", - implicitGlobalRegion: "us-east-1", - name: "aws", - supportsDualStack: true, - supportsFIPS: true - }, - regionRegex: "^(us|eu|ap|sa|ca|me|af|il|mx)\\-\\w+\\-\\d+$", - regions: { - "af-south-1": { - description: "Africa (Cape Town)" - }, - "ap-east-1": { - description: "Asia Pacific (Hong Kong)" - }, - "ap-east-2": { - description: "Asia Pacific (Taipei)" - }, - "ap-northeast-1": { - description: "Asia Pacific (Tokyo)" - }, - "ap-northeast-2": { - description: "Asia Pacific (Seoul)" - }, - "ap-northeast-3": { - description: "Asia Pacific (Osaka)" - }, - "ap-south-1": { - description: "Asia Pacific (Mumbai)" - }, - "ap-south-2": { - description: "Asia Pacific (Hyderabad)" - }, - "ap-southeast-1": { - description: "Asia Pacific (Singapore)" - }, - "ap-southeast-2": { - description: "Asia Pacific (Sydney)" - }, - "ap-southeast-3": { - description: "Asia Pacific (Jakarta)" - }, - "ap-southeast-4": { - description: "Asia Pacific (Melbourne)" - }, - "ap-southeast-5": { - description: "Asia Pacific (Malaysia)" - }, - "ap-southeast-7": { - description: "Asia Pacific (Thailand)" - }, - "aws-global": { - description: "AWS Standard global region" - }, - "ca-central-1": { - description: "Canada (Central)" - }, - "ca-west-1": { - description: "Canada West (Calgary)" - }, - "eu-central-1": { - description: "Europe (Frankfurt)" - }, - "eu-central-2": { - description: "Europe (Zurich)" - }, - "eu-north-1": { - description: "Europe (Stockholm)" - }, - "eu-south-1": { - description: "Europe (Milan)" - }, - "eu-south-2": { - description: "Europe (Spain)" - }, - "eu-west-1": { - description: "Europe (Ireland)" - }, - "eu-west-2": { - description: "Europe (London)" - }, - "eu-west-3": { - description: "Europe (Paris)" - }, - "il-central-1": { - description: "Israel (Tel Aviv)" - }, - "me-central-1": { - description: "Middle East (UAE)" - }, - "me-south-1": { - description: "Middle East (Bahrain)" - }, - "mx-central-1": { - description: "Mexico (Central)" - }, - "sa-east-1": { - description: "South America (Sao Paulo)" - }, - "us-east-1": { - description: "US East (N. Virginia)" - }, - "us-east-2": { - description: "US East (Ohio)" - }, - "us-west-1": { - description: "US West (N. California)" - }, - "us-west-2": { - description: "US West (Oregon)" - } - } - }, { - id: "aws-cn", - outputs: { - dnsSuffix: "amazonaws.com.cn", - dualStackDnsSuffix: "api.amazonwebservices.com.cn", - implicitGlobalRegion: "cn-northwest-1", - name: "aws-cn", - supportsDualStack: true, - supportsFIPS: true - }, - regionRegex: "^cn\\-\\w+\\-\\d+$", - regions: { - "aws-cn-global": { - description: "AWS China global region" - }, - "cn-north-1": { - description: "China (Beijing)" - }, - "cn-northwest-1": { - description: "China (Ningxia)" - } - } - }, { - id: "aws-us-gov", - outputs: { - dnsSuffix: "amazonaws.com", - dualStackDnsSuffix: "api.aws", - implicitGlobalRegion: "us-gov-west-1", - name: "aws-us-gov", - supportsDualStack: true, - supportsFIPS: true - }, - regionRegex: "^us\\-gov\\-\\w+\\-\\d+$", - regions: { - "aws-us-gov-global": { - description: "AWS GovCloud (US) global region" - }, - "us-gov-east-1": { - description: "AWS GovCloud (US-East)" - }, - "us-gov-west-1": { - description: "AWS GovCloud (US-West)" - } - } - }, { - id: "aws-iso", - outputs: { - dnsSuffix: "c2s.ic.gov", - dualStackDnsSuffix: "c2s.ic.gov", - implicitGlobalRegion: "us-iso-east-1", - name: "aws-iso", - supportsDualStack: false, - supportsFIPS: true - }, - regionRegex: "^us\\-iso\\-\\w+\\-\\d+$", - regions: { - "aws-iso-global": { - description: "AWS ISO (US) global region" - }, - "us-iso-east-1": { - description: "US ISO East" - }, - "us-iso-west-1": { - description: "US ISO WEST" - } - } - }, { - id: "aws-iso-b", - outputs: { - dnsSuffix: "sc2s.sgov.gov", - dualStackDnsSuffix: "sc2s.sgov.gov", - implicitGlobalRegion: "us-isob-east-1", - name: "aws-iso-b", - supportsDualStack: false, - supportsFIPS: true - }, - regionRegex: "^us\\-isob\\-\\w+\\-\\d+$", - regions: { - "aws-iso-b-global": { - description: "AWS ISOB (US) global region" - }, - "us-isob-east-1": { - description: "US ISOB East (Ohio)" - } - } - }, { - id: "aws-iso-e", - outputs: { - dnsSuffix: "cloud.adc-e.uk", - dualStackDnsSuffix: "cloud.adc-e.uk", - implicitGlobalRegion: "eu-isoe-west-1", - name: "aws-iso-e", - supportsDualStack: false, - supportsFIPS: true - }, - regionRegex: "^eu\\-isoe\\-\\w+\\-\\d+$", - regions: { - "aws-iso-e-global": { - description: "AWS ISOE (Europe) global region" - }, - "eu-isoe-west-1": { - description: "EU ISOE West" - } - } - }, { - id: "aws-iso-f", - outputs: { - dnsSuffix: "csp.hci.ic.gov", - dualStackDnsSuffix: "csp.hci.ic.gov", - implicitGlobalRegion: "us-isof-south-1", - name: "aws-iso-f", - supportsDualStack: false, - supportsFIPS: true - }, - regionRegex: "^us\\-isof\\-\\w+\\-\\d+$", - regions: { - "aws-iso-f-global": { - description: "AWS ISOF global region" - }, - "us-isof-east-1": { - description: "US ISOF EAST" - }, - "us-isof-south-1": { - description: "US ISOF SOUTH" - } - } - }, { - id: "aws-eusc", - outputs: { - dnsSuffix: "amazonaws.eu", - dualStackDnsSuffix: "amazonaws.eu", - implicitGlobalRegion: "eusc-de-east-1", - name: "aws-eusc", - supportsDualStack: false, - supportsFIPS: true - }, - regionRegex: "^eusc\\-(de)\\-\\w+\\-\\d+$", - regions: { - "eusc-de-east-1": { - description: "EU (Germany)" - } - } - }], - version: "1.1" -}; - -// src/lib/aws/partition.ts -var selectedPartitionsInfo = partitions_default; -var selectedUserAgentPrefix = ""; -var partition = /* @__PURE__ */ __name((value) => { - const { partitions } = selectedPartitionsInfo; - for (const partition2 of partitions) { - const { regions, outputs } = partition2; - for (const [region, regionData] of Object.entries(regions)) { - if (region === value) { - return { - ...outputs, - ...regionData - }; - } - } - } - for (const partition2 of partitions) { - const { regionRegex, outputs } = partition2; - if (new RegExp(regionRegex).test(value)) { - return { - ...outputs - }; - } - } - const DEFAULT_PARTITION = partitions.find((partition2) => partition2.id === "aws"); - if (!DEFAULT_PARTITION) { - throw new Error( - "Provided region was not found in the partition array or regex, and default partition with id 'aws' doesn't exist." - ); - } - return { - ...DEFAULT_PARTITION.outputs - }; -}, "partition"); -var setPartitionInfo = /* @__PURE__ */ __name((partitionsInfo, userAgentPrefix = "") => { - selectedPartitionsInfo = partitionsInfo; - selectedUserAgentPrefix = userAgentPrefix; -}, "setPartitionInfo"); -var useDefaultPartitionInfo = /* @__PURE__ */ __name(() => { - setPartitionInfo(partitions_default, ""); -}, "useDefaultPartitionInfo"); -var getUserAgentPrefix = /* @__PURE__ */ __name(() => selectedUserAgentPrefix, "getUserAgentPrefix"); - -// src/aws.ts -var awsEndpointFunctions = { - isVirtualHostableS3Bucket, - parseArn, - partition -}; -import_util_endpoints.customEndpointFunctions.aws = awsEndpointFunctions; - -// src/resolveDefaultAwsRegionalEndpointsConfig.ts -var import_url_parser = __nccwpck_require__(4681); -var resolveDefaultAwsRegionalEndpointsConfig = /* @__PURE__ */ __name((input) => { - if (typeof input.endpointProvider !== "function") { - throw new Error("@aws-sdk/util-endpoint - endpointProvider and endpoint missing in config for this client."); - } - const { endpoint } = input; - if (endpoint === void 0) { - input.endpoint = async () => { - return toEndpointV1( - input.endpointProvider( - { - Region: typeof input.region === "function" ? await input.region() : input.region, - UseDualStack: typeof input.useDualstackEndpoint === "function" ? await input.useDualstackEndpoint() : input.useDualstackEndpoint, - UseFIPS: typeof input.useFipsEndpoint === "function" ? await input.useFipsEndpoint() : input.useFipsEndpoint, - Endpoint: void 0 - }, - { logger: input.logger } - ) - ); - }; - } - return input; -}, "resolveDefaultAwsRegionalEndpointsConfig"); -var toEndpointV1 = /* @__PURE__ */ __name((endpoint) => (0, import_url_parser.parseUrl)(endpoint.url), "toEndpointV1"); - -// src/resolveEndpoint.ts - - -// src/types/EndpointError.ts - - -// src/types/EndpointRuleObject.ts - - -// src/types/ErrorRuleObject.ts - - -// src/types/RuleSetObject.ts - - -// src/types/TreeRuleObject.ts - - -// src/types/shared.ts - -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 5380: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - NODE_APP_ID_CONFIG_OPTIONS: () => NODE_APP_ID_CONFIG_OPTIONS, - UA_APP_ID_ENV_NAME: () => UA_APP_ID_ENV_NAME, - UA_APP_ID_INI_NAME: () => UA_APP_ID_INI_NAME, - createDefaultUserAgentProvider: () => createDefaultUserAgentProvider, - crtAvailability: () => crtAvailability, - defaultUserAgent: () => defaultUserAgent -}); -module.exports = __toCommonJS(index_exports); - -// src/defaultUserAgent.ts -var import_os = __nccwpck_require__(2037); -var import_process = __nccwpck_require__(7282); - -// src/crt-availability.ts -var crtAvailability = { - isCrtAvailable: false -}; - -// src/is-crt-available.ts -var isCrtAvailable = /* @__PURE__ */ __name(() => { - if (crtAvailability.isCrtAvailable) { - return ["md/crt-avail"]; - } - return null; -}, "isCrtAvailable"); - -// src/defaultUserAgent.ts -var createDefaultUserAgentProvider = /* @__PURE__ */ __name(({ serviceId, clientVersion }) => { - return async (config) => { - const sections = [ - // sdk-metadata - ["aws-sdk-js", clientVersion], - // ua-metadata - ["ua", "2.1"], - // os-metadata - [`os/${(0, import_os.platform)()}`, (0, import_os.release)()], - // language-metadata - // ECMAScript edition doesn't matter in JS, so no version needed. - ["lang/js"], - ["md/nodejs", `${import_process.versions.node}`] - ]; - const crtAvailable = isCrtAvailable(); - if (crtAvailable) { - sections.push(crtAvailable); - } - if (serviceId) { - sections.push([`api/${serviceId}`, clientVersion]); - } - if (import_process.env.AWS_EXECUTION_ENV) { - sections.push([`exec-env/${import_process.env.AWS_EXECUTION_ENV}`]); - } - const appId = await config?.userAgentAppId?.(); - const resolvedUserAgent = appId ? [...sections, [`app/${appId}`]] : [...sections]; - return resolvedUserAgent; - }; -}, "createDefaultUserAgentProvider"); -var defaultUserAgent = createDefaultUserAgentProvider; - -// src/nodeAppIdConfigOptions.ts -var import_middleware_user_agent = __nccwpck_require__(3030); -var UA_APP_ID_ENV_NAME = "AWS_SDK_UA_APP_ID"; -var UA_APP_ID_INI_NAME = "sdk_ua_app_id"; -var UA_APP_ID_INI_NAME_DEPRECATED = "sdk-ua-app-id"; -var NODE_APP_ID_CONFIG_OPTIONS = { - environmentVariableSelector: /* @__PURE__ */ __name((env2) => env2[UA_APP_ID_ENV_NAME], "environmentVariableSelector"), - configFileSelector: /* @__PURE__ */ __name((profile) => profile[UA_APP_ID_INI_NAME] ?? profile[UA_APP_ID_INI_NAME_DEPRECATED], "configFileSelector"), - default: import_middleware_user_agent.DEFAULT_UA_APP_ID -}; -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 7406: -/***/ ((module) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - XmlNode: () => XmlNode, - XmlText: () => XmlText -}); -module.exports = __toCommonJS(index_exports); - -// src/escape-attribute.ts -function escapeAttribute(value) { - return value.replace(/&/g, "&").replace(//g, ">").replace(/"/g, """); -} -__name(escapeAttribute, "escapeAttribute"); - -// src/escape-element.ts -function escapeElement(value) { - return value.replace(/&/g, "&").replace(/"/g, """).replace(/'/g, "'").replace(//g, ">").replace(/\r/g, " ").replace(/\n/g, " ").replace(/\u0085/g, "…").replace(/\u2028/, " "); -} -__name(escapeElement, "escapeElement"); - -// src/XmlText.ts -var XmlText = class { - constructor(value) { - this.value = value; - } - static { - __name(this, "XmlText"); - } - toString() { - return escapeElement("" + this.value); - } -}; - -// src/XmlNode.ts -var XmlNode = class _XmlNode { - constructor(name, children = []) { - this.name = name; - this.children = children; - } - static { - __name(this, "XmlNode"); - } - attributes = {}; - static of(name, childText, withName) { - const node = new _XmlNode(name); - if (childText !== void 0) { - node.addChildNode(new XmlText(childText)); - } - if (withName !== void 0) { - node.withName(withName); - } - return node; - } - withName(name) { - this.name = name; - return this; - } - addAttribute(name, value) { - this.attributes[name] = value; - return this; - } - addChildNode(child) { - this.children.push(child); - return this; - } - removeAttribute(name) { - delete this.attributes[name]; - return this; - } - /** - * @internal - * Alias of {@link XmlNode#withName(string)} for codegen brevity. - */ - n(name) { - this.name = name; - return this; - } - /** - * @internal - * Alias of {@link XmlNode#addChildNode(string)} for codegen brevity. - */ - c(child) { - this.children.push(child); - return this; - } - /** - * @internal - * Checked version of {@link XmlNode#addAttribute(string)} for codegen brevity. - */ - a(name, value) { - if (value != null) { - this.attributes[name] = value; - } - return this; - } - /** - * Create a child node. - * Used in serialization of string fields. - * @internal - */ - cc(input, field, withName = field) { - if (input[field] != null) { - const node = _XmlNode.of(field, input[field]).withName(withName); - this.c(node); - } - } - /** - * Creates list child nodes. - * @internal - */ - l(input, listName, memberName, valueProvider) { - if (input[listName] != null) { - const nodes = valueProvider(); - nodes.map((node) => { - node.withName(memberName); - this.c(node); - }); - } - } - /** - * Creates list child nodes with container. - * @internal - */ - lc(input, listName, memberName, valueProvider) { - if (input[listName] != null) { - const nodes = valueProvider(); - const containerNode = new _XmlNode(memberName); - nodes.map((node) => { - containerNode.c(node); - }); - this.c(containerNode); - } - } - toString() { - const hasChildren = Boolean(this.children.length); - let xmlText = `<${this.name}`; - const attributes = this.attributes; - for (const attributeName of Object.keys(attributes)) { - const attribute = attributes[attributeName]; - if (attribute != null) { - xmlText += ` ${attributeName}="${escapeAttribute("" + attribute)}"`; - } - } - return xmlText += !hasChildren ? "/>" : `>${this.children.map((c) => c.toString()).join("")}`; - } -}; -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 9344: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.resolveHttpAuthSchemeConfig = exports.defaultSSOHttpAuthSchemeProvider = exports.defaultSSOHttpAuthSchemeParametersProvider = void 0; -const core_1 = __nccwpck_require__(9963); -const util_middleware_1 = __nccwpck_require__(2390); -const defaultSSOHttpAuthSchemeParametersProvider = async (config, context, input) => { - return { - operation: (0, util_middleware_1.getSmithyContext)(context).operation, - region: (await (0, util_middleware_1.normalizeProvider)(config.region)()) || - (() => { - throw new Error("expected `region` to be configured for `aws.auth#sigv4`"); - })(), - }; -}; -exports.defaultSSOHttpAuthSchemeParametersProvider = defaultSSOHttpAuthSchemeParametersProvider; -function createAwsAuthSigv4HttpAuthOption(authParameters) { - return { - schemeId: "aws.auth#sigv4", - signingProperties: { - name: "awsssoportal", - region: authParameters.region, - }, - propertiesExtractor: (config, context) => ({ - signingProperties: { - config, - context, - }, - }), - }; -} -function createSmithyApiNoAuthHttpAuthOption(authParameters) { - return { - schemeId: "smithy.api#noAuth", - }; -} -const defaultSSOHttpAuthSchemeProvider = (authParameters) => { - const options = []; - switch (authParameters.operation) { - case "GetRoleCredentials": { - options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); - break; - } - case "ListAccountRoles": { - options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); - break; - } - case "ListAccounts": { - options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); - break; - } - case "Logout": { - options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); - break; - } - default: { - options.push(createAwsAuthSigv4HttpAuthOption(authParameters)); - } - } - return options; -}; -exports.defaultSSOHttpAuthSchemeProvider = defaultSSOHttpAuthSchemeProvider; -const resolveHttpAuthSchemeConfig = (config) => { - const config_0 = (0, core_1.resolveAwsSdkSigV4Config)(config); - return Object.assign(config_0, { - authSchemePreference: (0, util_middleware_1.normalizeProvider)(config.authSchemePreference ?? []), - }); -}; -exports.resolveHttpAuthSchemeConfig = resolveHttpAuthSchemeConfig; - - -/***/ }), - -/***/ 898: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.defaultEndpointResolver = void 0; -const util_endpoints_1 = __nccwpck_require__(3350); -const util_endpoints_2 = __nccwpck_require__(5473); -const ruleset_1 = __nccwpck_require__(3341); -const cache = new util_endpoints_2.EndpointCache({ - size: 50, - params: ["Endpoint", "Region", "UseDualStack", "UseFIPS"], -}); -const defaultEndpointResolver = (endpointParams, context = {}) => { - return cache.get(endpointParams, () => (0, util_endpoints_2.resolveEndpoint)(ruleset_1.ruleSet, { - endpointParams: endpointParams, - logger: context.logger, - })); -}; -exports.defaultEndpointResolver = defaultEndpointResolver; -util_endpoints_2.customEndpointFunctions.aws = util_endpoints_1.awsEndpointFunctions; - - -/***/ }), - -/***/ 3341: -/***/ ((__unused_webpack_module, exports) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.ruleSet = void 0; -const u = "required", v = "fn", w = "argv", x = "ref"; -const a = true, b = "isSet", c = "booleanEquals", d = "error", e = "endpoint", f = "tree", g = "PartitionResult", h = "getAttr", i = { [u]: false, "type": "String" }, j = { [u]: true, "default": false, "type": "Boolean" }, k = { [x]: "Endpoint" }, l = { [v]: c, [w]: [{ [x]: "UseFIPS" }, true] }, m = { [v]: c, [w]: [{ [x]: "UseDualStack" }, true] }, n = {}, o = { [v]: h, [w]: [{ [x]: g }, "supportsFIPS"] }, p = { [x]: g }, q = { [v]: c, [w]: [true, { [v]: h, [w]: [p, "supportsDualStack"] }] }, r = [l], s = [m], t = [{ [x]: "Region" }]; -const _data = { version: "1.0", parameters: { Region: i, UseDualStack: j, UseFIPS: j, Endpoint: i }, rules: [{ conditions: [{ [v]: b, [w]: [k] }], rules: [{ conditions: r, error: "Invalid Configuration: FIPS and custom endpoint are not supported", type: d }, { conditions: s, error: "Invalid Configuration: Dualstack and custom endpoint are not supported", type: d }, { endpoint: { url: k, properties: n, headers: n }, type: e }], type: f }, { conditions: [{ [v]: b, [w]: t }], rules: [{ conditions: [{ [v]: "aws.partition", [w]: t, assign: g }], rules: [{ conditions: [l, m], rules: [{ conditions: [{ [v]: c, [w]: [a, o] }, q], rules: [{ endpoint: { url: "https://portal.sso-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: n, headers: n }, type: e }], type: f }, { error: "FIPS and DualStack are enabled, but this partition does not support one or both", type: d }], type: f }, { conditions: r, rules: [{ conditions: [{ [v]: c, [w]: [o, a] }], rules: [{ conditions: [{ [v]: "stringEquals", [w]: [{ [v]: h, [w]: [p, "name"] }, "aws-us-gov"] }], endpoint: { url: "https://portal.sso.{Region}.amazonaws.com", properties: n, headers: n }, type: e }, { endpoint: { url: "https://portal.sso-fips.{Region}.{PartitionResult#dnsSuffix}", properties: n, headers: n }, type: e }], type: f }, { error: "FIPS is enabled but this partition does not support FIPS", type: d }], type: f }, { conditions: s, rules: [{ conditions: [q], rules: [{ endpoint: { url: "https://portal.sso.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: n, headers: n }, type: e }], type: f }, { error: "DualStack is enabled but this partition does not support DualStack", type: d }], type: f }, { endpoint: { url: "https://portal.sso.{Region}.{PartitionResult#dnsSuffix}", properties: n, headers: n }, type: e }], type: f }], type: f }, { error: "Invalid Configuration: Missing Region", type: d }] }; -exports.ruleSet = _data; - - -/***/ }), - -/***/ 2666: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - GetRoleCredentialsCommand: () => GetRoleCredentialsCommand, - GetRoleCredentialsRequestFilterSensitiveLog: () => GetRoleCredentialsRequestFilterSensitiveLog, - GetRoleCredentialsResponseFilterSensitiveLog: () => GetRoleCredentialsResponseFilterSensitiveLog, - InvalidRequestException: () => InvalidRequestException, - ListAccountRolesCommand: () => ListAccountRolesCommand, - ListAccountRolesRequestFilterSensitiveLog: () => ListAccountRolesRequestFilterSensitiveLog, - ListAccountsCommand: () => ListAccountsCommand, - ListAccountsRequestFilterSensitiveLog: () => ListAccountsRequestFilterSensitiveLog, - LogoutCommand: () => LogoutCommand, - LogoutRequestFilterSensitiveLog: () => LogoutRequestFilterSensitiveLog, - ResourceNotFoundException: () => ResourceNotFoundException, - RoleCredentialsFilterSensitiveLog: () => RoleCredentialsFilterSensitiveLog, - SSO: () => SSO, - SSOClient: () => SSOClient, - SSOServiceException: () => SSOServiceException, - TooManyRequestsException: () => TooManyRequestsException, - UnauthorizedException: () => UnauthorizedException, - __Client: () => import_smithy_client.Client, - paginateListAccountRoles: () => paginateListAccountRoles, - paginateListAccounts: () => paginateListAccounts -}); -module.exports = __toCommonJS(index_exports); - -// src/SSOClient.ts -var import_middleware_host_header = __nccwpck_require__(2545); -var import_middleware_logger = __nccwpck_require__(14); -var import_middleware_recursion_detection = __nccwpck_require__(5525); -var import_middleware_user_agent = __nccwpck_require__(4688); -var import_config_resolver = __nccwpck_require__(3098); -var import_core = __nccwpck_require__(5829); -var import_middleware_content_length = __nccwpck_require__(2800); -var import_middleware_endpoint = __nccwpck_require__(2918); -var import_middleware_retry = __nccwpck_require__(6039); - -var import_httpAuthSchemeProvider = __nccwpck_require__(9344); - -// src/endpoint/EndpointParameters.ts -var resolveClientEndpointParameters = /* @__PURE__ */ __name((options) => { - return Object.assign(options, { - useDualstackEndpoint: options.useDualstackEndpoint ?? false, - useFipsEndpoint: options.useFipsEndpoint ?? false, - defaultSigningName: "awsssoportal" - }); -}, "resolveClientEndpointParameters"); -var commonParams = { - UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, - Endpoint: { type: "builtInParams", name: "endpoint" }, - Region: { type: "builtInParams", name: "region" }, - UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" } -}; - -// src/SSOClient.ts -var import_runtimeConfig = __nccwpck_require__(9756); - -// src/runtimeExtensions.ts -var import_region_config_resolver = __nccwpck_require__(8156); -var import_protocol_http = __nccwpck_require__(4418); -var import_smithy_client = __nccwpck_require__(3570); - -// src/auth/httpAuthExtensionConfiguration.ts -var getHttpAuthExtensionConfiguration = /* @__PURE__ */ __name((runtimeConfig) => { - const _httpAuthSchemes = runtimeConfig.httpAuthSchemes; - let _httpAuthSchemeProvider = runtimeConfig.httpAuthSchemeProvider; - let _credentials = runtimeConfig.credentials; - return { - setHttpAuthScheme(httpAuthScheme) { - const index = _httpAuthSchemes.findIndex((scheme) => scheme.schemeId === httpAuthScheme.schemeId); - if (index === -1) { - _httpAuthSchemes.push(httpAuthScheme); - } else { - _httpAuthSchemes.splice(index, 1, httpAuthScheme); - } - }, - httpAuthSchemes() { - return _httpAuthSchemes; - }, - setHttpAuthSchemeProvider(httpAuthSchemeProvider) { - _httpAuthSchemeProvider = httpAuthSchemeProvider; - }, - httpAuthSchemeProvider() { - return _httpAuthSchemeProvider; - }, - setCredentials(credentials) { - _credentials = credentials; - }, - credentials() { - return _credentials; - } - }; -}, "getHttpAuthExtensionConfiguration"); -var resolveHttpAuthRuntimeConfig = /* @__PURE__ */ __name((config) => { - return { - httpAuthSchemes: config.httpAuthSchemes(), - httpAuthSchemeProvider: config.httpAuthSchemeProvider(), - credentials: config.credentials() - }; -}, "resolveHttpAuthRuntimeConfig"); - -// src/runtimeExtensions.ts -var resolveRuntimeExtensions = /* @__PURE__ */ __name((runtimeConfig, extensions) => { - const extensionConfiguration = Object.assign( - (0, import_region_config_resolver.getAwsRegionExtensionConfiguration)(runtimeConfig), - (0, import_smithy_client.getDefaultExtensionConfiguration)(runtimeConfig), - (0, import_protocol_http.getHttpHandlerExtensionConfiguration)(runtimeConfig), - getHttpAuthExtensionConfiguration(runtimeConfig) - ); - extensions.forEach((extension) => extension.configure(extensionConfiguration)); - return Object.assign( - runtimeConfig, - (0, import_region_config_resolver.resolveAwsRegionExtensionConfiguration)(extensionConfiguration), - (0, import_smithy_client.resolveDefaultRuntimeConfig)(extensionConfiguration), - (0, import_protocol_http.resolveHttpHandlerRuntimeConfig)(extensionConfiguration), - resolveHttpAuthRuntimeConfig(extensionConfiguration) - ); -}, "resolveRuntimeExtensions"); - -// src/SSOClient.ts -var SSOClient = class extends import_smithy_client.Client { - static { - __name(this, "SSOClient"); - } - /** - * The resolved configuration of SSOClient class. This is resolved and normalized from the {@link SSOClientConfig | constructor configuration interface}. - */ - config; - constructor(...[configuration]) { - const _config_0 = (0, import_runtimeConfig.getRuntimeConfig)(configuration || {}); - super(_config_0); - this.initConfig = _config_0; - const _config_1 = resolveClientEndpointParameters(_config_0); - const _config_2 = (0, import_middleware_user_agent.resolveUserAgentConfig)(_config_1); - const _config_3 = (0, import_middleware_retry.resolveRetryConfig)(_config_2); - const _config_4 = (0, import_config_resolver.resolveRegionConfig)(_config_3); - const _config_5 = (0, import_middleware_host_header.resolveHostHeaderConfig)(_config_4); - const _config_6 = (0, import_middleware_endpoint.resolveEndpointConfig)(_config_5); - const _config_7 = (0, import_httpAuthSchemeProvider.resolveHttpAuthSchemeConfig)(_config_6); - const _config_8 = resolveRuntimeExtensions(_config_7, configuration?.extensions || []); - this.config = _config_8; - this.middlewareStack.use((0, import_middleware_user_agent.getUserAgentPlugin)(this.config)); - this.middlewareStack.use((0, import_middleware_retry.getRetryPlugin)(this.config)); - this.middlewareStack.use((0, import_middleware_content_length.getContentLengthPlugin)(this.config)); - this.middlewareStack.use((0, import_middleware_host_header.getHostHeaderPlugin)(this.config)); - this.middlewareStack.use((0, import_middleware_logger.getLoggerPlugin)(this.config)); - this.middlewareStack.use((0, import_middleware_recursion_detection.getRecursionDetectionPlugin)(this.config)); - this.middlewareStack.use( - (0, import_core.getHttpAuthSchemeEndpointRuleSetPlugin)(this.config, { - httpAuthSchemeParametersProvider: import_httpAuthSchemeProvider.defaultSSOHttpAuthSchemeParametersProvider, - identityProviderConfigProvider: /* @__PURE__ */ __name(async (config) => new import_core.DefaultIdentityProviderConfig({ - "aws.auth#sigv4": config.credentials - }), "identityProviderConfigProvider") - }) - ); - this.middlewareStack.use((0, import_core.getHttpSigningPlugin)(this.config)); - } - /** - * Destroy underlying resources, like sockets. It's usually not necessary to do this. - * However in Node.js, it's best to explicitly shut down the client's agent when it is no longer needed. - * Otherwise, sockets might stay open for quite a long time before the server terminates them. - */ - destroy() { - super.destroy(); - } -}; - -// src/SSO.ts - - -// src/commands/GetRoleCredentialsCommand.ts - -var import_middleware_serde = __nccwpck_require__(1238); - - -// src/models/models_0.ts - - -// src/models/SSOServiceException.ts - -var SSOServiceException = class _SSOServiceException extends import_smithy_client.ServiceException { - static { - __name(this, "SSOServiceException"); - } - /** - * @internal - */ - constructor(options) { - super(options); - Object.setPrototypeOf(this, _SSOServiceException.prototype); - } -}; - -// src/models/models_0.ts -var InvalidRequestException = class _InvalidRequestException extends SSOServiceException { - static { - __name(this, "InvalidRequestException"); - } - name = "InvalidRequestException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "InvalidRequestException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _InvalidRequestException.prototype); - } -}; -var ResourceNotFoundException = class _ResourceNotFoundException extends SSOServiceException { - static { - __name(this, "ResourceNotFoundException"); - } - name = "ResourceNotFoundException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "ResourceNotFoundException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _ResourceNotFoundException.prototype); - } -}; -var TooManyRequestsException = class _TooManyRequestsException extends SSOServiceException { - static { - __name(this, "TooManyRequestsException"); - } - name = "TooManyRequestsException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "TooManyRequestsException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _TooManyRequestsException.prototype); - } -}; -var UnauthorizedException = class _UnauthorizedException extends SSOServiceException { - static { - __name(this, "UnauthorizedException"); - } - name = "UnauthorizedException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "UnauthorizedException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _UnauthorizedException.prototype); - } -}; -var GetRoleCredentialsRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.accessToken && { accessToken: import_smithy_client.SENSITIVE_STRING } -}), "GetRoleCredentialsRequestFilterSensitiveLog"); -var RoleCredentialsFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.secretAccessKey && { secretAccessKey: import_smithy_client.SENSITIVE_STRING }, - ...obj.sessionToken && { sessionToken: import_smithy_client.SENSITIVE_STRING } -}), "RoleCredentialsFilterSensitiveLog"); -var GetRoleCredentialsResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.roleCredentials && { roleCredentials: RoleCredentialsFilterSensitiveLog(obj.roleCredentials) } -}), "GetRoleCredentialsResponseFilterSensitiveLog"); -var ListAccountRolesRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.accessToken && { accessToken: import_smithy_client.SENSITIVE_STRING } -}), "ListAccountRolesRequestFilterSensitiveLog"); -var ListAccountsRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.accessToken && { accessToken: import_smithy_client.SENSITIVE_STRING } -}), "ListAccountsRequestFilterSensitiveLog"); -var LogoutRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.accessToken && { accessToken: import_smithy_client.SENSITIVE_STRING } -}), "LogoutRequestFilterSensitiveLog"); - -// src/protocols/Aws_restJson1.ts -var import_core2 = __nccwpck_require__(9963); - - -var se_GetRoleCredentialsCommand = /* @__PURE__ */ __name(async (input, context) => { - const b = (0, import_core.requestBuilder)(input, context); - const headers = (0, import_smithy_client.map)({}, import_smithy_client.isSerializableHeaderValue, { - [_xasbt]: input[_aT] - }); - b.bp("/federation/credentials"); - const query = (0, import_smithy_client.map)({ - [_rn]: [, (0, import_smithy_client.expectNonNull)(input[_rN], `roleName`)], - [_ai]: [, (0, import_smithy_client.expectNonNull)(input[_aI], `accountId`)] - }); - let body; - b.m("GET").h(headers).q(query).b(body); - return b.build(); -}, "se_GetRoleCredentialsCommand"); -var se_ListAccountRolesCommand = /* @__PURE__ */ __name(async (input, context) => { - const b = (0, import_core.requestBuilder)(input, context); - const headers = (0, import_smithy_client.map)({}, import_smithy_client.isSerializableHeaderValue, { - [_xasbt]: input[_aT] - }); - b.bp("/assignment/roles"); - const query = (0, import_smithy_client.map)({ - [_nt]: [, input[_nT]], - [_mr]: [() => input.maxResults !== void 0, () => input[_mR].toString()], - [_ai]: [, (0, import_smithy_client.expectNonNull)(input[_aI], `accountId`)] - }); - let body; - b.m("GET").h(headers).q(query).b(body); - return b.build(); -}, "se_ListAccountRolesCommand"); -var se_ListAccountsCommand = /* @__PURE__ */ __name(async (input, context) => { - const b = (0, import_core.requestBuilder)(input, context); - const headers = (0, import_smithy_client.map)({}, import_smithy_client.isSerializableHeaderValue, { - [_xasbt]: input[_aT] - }); - b.bp("/assignment/accounts"); - const query = (0, import_smithy_client.map)({ - [_nt]: [, input[_nT]], - [_mr]: [() => input.maxResults !== void 0, () => input[_mR].toString()] - }); - let body; - b.m("GET").h(headers).q(query).b(body); - return b.build(); -}, "se_ListAccountsCommand"); -var se_LogoutCommand = /* @__PURE__ */ __name(async (input, context) => { - const b = (0, import_core.requestBuilder)(input, context); - const headers = (0, import_smithy_client.map)({}, import_smithy_client.isSerializableHeaderValue, { - [_xasbt]: input[_aT] - }); - b.bp("/logout"); - let body; - b.m("POST").h(headers).b(body); - return b.build(); -}, "se_LogoutCommand"); -var de_GetRoleCredentialsCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode !== 200 && output.statusCode >= 300) { - return de_CommandError(output, context); - } - const contents = (0, import_smithy_client.map)({ - $metadata: deserializeMetadata(output) - }); - const data = (0, import_smithy_client.expectNonNull)((0, import_smithy_client.expectObject)(await (0, import_core2.parseJsonBody)(output.body, context)), "body"); - const doc = (0, import_smithy_client.take)(data, { - roleCredentials: import_smithy_client._json - }); - Object.assign(contents, doc); - return contents; -}, "de_GetRoleCredentialsCommand"); -var de_ListAccountRolesCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode !== 200 && output.statusCode >= 300) { - return de_CommandError(output, context); - } - const contents = (0, import_smithy_client.map)({ - $metadata: deserializeMetadata(output) - }); - const data = (0, import_smithy_client.expectNonNull)((0, import_smithy_client.expectObject)(await (0, import_core2.parseJsonBody)(output.body, context)), "body"); - const doc = (0, import_smithy_client.take)(data, { - nextToken: import_smithy_client.expectString, - roleList: import_smithy_client._json - }); - Object.assign(contents, doc); - return contents; -}, "de_ListAccountRolesCommand"); -var de_ListAccountsCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode !== 200 && output.statusCode >= 300) { - return de_CommandError(output, context); - } - const contents = (0, import_smithy_client.map)({ - $metadata: deserializeMetadata(output) - }); - const data = (0, import_smithy_client.expectNonNull)((0, import_smithy_client.expectObject)(await (0, import_core2.parseJsonBody)(output.body, context)), "body"); - const doc = (0, import_smithy_client.take)(data, { - accountList: import_smithy_client._json, - nextToken: import_smithy_client.expectString - }); - Object.assign(contents, doc); - return contents; -}, "de_ListAccountsCommand"); -var de_LogoutCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode !== 200 && output.statusCode >= 300) { - return de_CommandError(output, context); - } - const contents = (0, import_smithy_client.map)({ - $metadata: deserializeMetadata(output) - }); - await (0, import_smithy_client.collectBody)(output.body, context); - return contents; -}, "de_LogoutCommand"); -var de_CommandError = /* @__PURE__ */ __name(async (output, context) => { - const parsedOutput = { - ...output, - body: await (0, import_core2.parseJsonErrorBody)(output.body, context) - }; - const errorCode = (0, import_core2.loadRestJsonErrorCode)(output, parsedOutput.body); - switch (errorCode) { - case "InvalidRequestException": - case "com.amazonaws.sso#InvalidRequestException": - throw await de_InvalidRequestExceptionRes(parsedOutput, context); - case "ResourceNotFoundException": - case "com.amazonaws.sso#ResourceNotFoundException": - throw await de_ResourceNotFoundExceptionRes(parsedOutput, context); - case "TooManyRequestsException": - case "com.amazonaws.sso#TooManyRequestsException": - throw await de_TooManyRequestsExceptionRes(parsedOutput, context); - case "UnauthorizedException": - case "com.amazonaws.sso#UnauthorizedException": - throw await de_UnauthorizedExceptionRes(parsedOutput, context); - default: - const parsedBody = parsedOutput.body; - return throwDefaultError({ - output, - parsedBody, - errorCode - }); - } -}, "de_CommandError"); -var throwDefaultError = (0, import_smithy_client.withBaseException)(SSOServiceException); -var de_InvalidRequestExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client.take)(data, { - message: import_smithy_client.expectString - }); - Object.assign(contents, doc); - const exception = new InvalidRequestException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client.decorateServiceException)(exception, parsedOutput.body); -}, "de_InvalidRequestExceptionRes"); -var de_ResourceNotFoundExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client.take)(data, { - message: import_smithy_client.expectString - }); - Object.assign(contents, doc); - const exception = new ResourceNotFoundException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client.decorateServiceException)(exception, parsedOutput.body); -}, "de_ResourceNotFoundExceptionRes"); -var de_TooManyRequestsExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client.take)(data, { - message: import_smithy_client.expectString - }); - Object.assign(contents, doc); - const exception = new TooManyRequestsException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client.decorateServiceException)(exception, parsedOutput.body); -}, "de_TooManyRequestsExceptionRes"); -var de_UnauthorizedExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client.take)(data, { - message: import_smithy_client.expectString - }); - Object.assign(contents, doc); - const exception = new UnauthorizedException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client.decorateServiceException)(exception, parsedOutput.body); -}, "de_UnauthorizedExceptionRes"); -var deserializeMetadata = /* @__PURE__ */ __name((output) => ({ - httpStatusCode: output.statusCode, - requestId: output.headers["x-amzn-requestid"] ?? output.headers["x-amzn-request-id"] ?? output.headers["x-amz-request-id"], - extendedRequestId: output.headers["x-amz-id-2"], - cfId: output.headers["x-amz-cf-id"] -}), "deserializeMetadata"); -var _aI = "accountId"; -var _aT = "accessToken"; -var _ai = "account_id"; -var _mR = "maxResults"; -var _mr = "max_result"; -var _nT = "nextToken"; -var _nt = "next_token"; -var _rN = "roleName"; -var _rn = "role_name"; -var _xasbt = "x-amz-sso_bearer_token"; - -// src/commands/GetRoleCredentialsCommand.ts -var GetRoleCredentialsCommand = class extends import_smithy_client.Command.classBuilder().ep(commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("SWBPortalService", "GetRoleCredentials", {}).n("SSOClient", "GetRoleCredentialsCommand").f(GetRoleCredentialsRequestFilterSensitiveLog, GetRoleCredentialsResponseFilterSensitiveLog).ser(se_GetRoleCredentialsCommand).de(de_GetRoleCredentialsCommand).build() { - static { - __name(this, "GetRoleCredentialsCommand"); - } -}; - -// src/commands/ListAccountRolesCommand.ts - - - -var ListAccountRolesCommand = class extends import_smithy_client.Command.classBuilder().ep(commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("SWBPortalService", "ListAccountRoles", {}).n("SSOClient", "ListAccountRolesCommand").f(ListAccountRolesRequestFilterSensitiveLog, void 0).ser(se_ListAccountRolesCommand).de(de_ListAccountRolesCommand).build() { - static { - __name(this, "ListAccountRolesCommand"); - } -}; - -// src/commands/ListAccountsCommand.ts - - - -var ListAccountsCommand = class extends import_smithy_client.Command.classBuilder().ep(commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("SWBPortalService", "ListAccounts", {}).n("SSOClient", "ListAccountsCommand").f(ListAccountsRequestFilterSensitiveLog, void 0).ser(se_ListAccountsCommand).de(de_ListAccountsCommand).build() { - static { - __name(this, "ListAccountsCommand"); - } -}; - -// src/commands/LogoutCommand.ts - - - -var LogoutCommand = class extends import_smithy_client.Command.classBuilder().ep(commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("SWBPortalService", "Logout", {}).n("SSOClient", "LogoutCommand").f(LogoutRequestFilterSensitiveLog, void 0).ser(se_LogoutCommand).de(de_LogoutCommand).build() { - static { - __name(this, "LogoutCommand"); - } -}; - -// src/SSO.ts -var commands = { - GetRoleCredentialsCommand, - ListAccountRolesCommand, - ListAccountsCommand, - LogoutCommand -}; -var SSO = class extends SSOClient { - static { - __name(this, "SSO"); - } -}; -(0, import_smithy_client.createAggregatedClient)(commands, SSO); - -// src/pagination/ListAccountRolesPaginator.ts - -var paginateListAccountRoles = (0, import_core.createPaginator)(SSOClient, ListAccountRolesCommand, "nextToken", "nextToken", "maxResults"); - -// src/pagination/ListAccountsPaginator.ts - -var paginateListAccounts = (0, import_core.createPaginator)(SSOClient, ListAccountsCommand, "nextToken", "nextToken", "maxResults"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 9756: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.getRuntimeConfig = void 0; -const tslib_1 = __nccwpck_require__(4351); -const package_json_1 = tslib_1.__importDefault(__nccwpck_require__(1092)); -const core_1 = __nccwpck_require__(9963); -const util_user_agent_node_1 = __nccwpck_require__(8095); -const config_resolver_1 = __nccwpck_require__(3098); -const hash_node_1 = __nccwpck_require__(3081); -const middleware_retry_1 = __nccwpck_require__(6039); -const node_config_provider_1 = __nccwpck_require__(3461); -const node_http_handler_1 = __nccwpck_require__(258); -const util_body_length_node_1 = __nccwpck_require__(8075); -const util_retry_1 = __nccwpck_require__(4902); -const runtimeConfig_shared_1 = __nccwpck_require__(4809); -const smithy_client_1 = __nccwpck_require__(3570); -const util_defaults_mode_node_1 = __nccwpck_require__(2429); -const smithy_client_2 = __nccwpck_require__(3570); -const getRuntimeConfig = (config) => { - (0, smithy_client_2.emitWarningIfUnsupportedVersion)(process.version); - const defaultsMode = (0, util_defaults_mode_node_1.resolveDefaultsModeConfig)(config); - const defaultConfigProvider = () => defaultsMode().then(smithy_client_1.loadConfigsForDefaultMode); - const clientSharedValues = (0, runtimeConfig_shared_1.getRuntimeConfig)(config); - (0, core_1.emitWarningIfUnsupportedVersion)(process.version); - const loaderConfig = { - profile: config?.profile, - logger: clientSharedValues.logger, - }; - return { - ...clientSharedValues, - ...config, - runtime: "node", - defaultsMode, - authSchemePreference: config?.authSchemePreference ?? (0, node_config_provider_1.loadConfig)(core_1.NODE_AUTH_SCHEME_PREFERENCE_OPTIONS, loaderConfig), - bodyLengthChecker: config?.bodyLengthChecker ?? util_body_length_node_1.calculateBodyLength, - defaultUserAgentProvider: config?.defaultUserAgentProvider ?? - (0, util_user_agent_node_1.createDefaultUserAgentProvider)({ serviceId: clientSharedValues.serviceId, clientVersion: package_json_1.default.version }), - maxAttempts: config?.maxAttempts ?? (0, node_config_provider_1.loadConfig)(middleware_retry_1.NODE_MAX_ATTEMPT_CONFIG_OPTIONS, config), - region: config?.region ?? - (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_REGION_CONFIG_OPTIONS, { ...config_resolver_1.NODE_REGION_CONFIG_FILE_OPTIONS, ...loaderConfig }), - requestHandler: node_http_handler_1.NodeHttpHandler.create(config?.requestHandler ?? defaultConfigProvider), - retryMode: config?.retryMode ?? - (0, node_config_provider_1.loadConfig)({ - ...middleware_retry_1.NODE_RETRY_MODE_CONFIG_OPTIONS, - default: async () => (await defaultConfigProvider()).retryMode || util_retry_1.DEFAULT_RETRY_MODE, - }, config), - sha256: config?.sha256 ?? hash_node_1.Hash.bind(null, "sha256"), - streamCollector: config?.streamCollector ?? node_http_handler_1.streamCollector, - useDualstackEndpoint: config?.useDualstackEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS, loaderConfig), - useFipsEndpoint: config?.useFipsEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS, loaderConfig), - userAgentAppId: config?.userAgentAppId ?? (0, node_config_provider_1.loadConfig)(util_user_agent_node_1.NODE_APP_ID_CONFIG_OPTIONS, loaderConfig), - }; -}; -exports.getRuntimeConfig = getRuntimeConfig; - - -/***/ }), - -/***/ 4809: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.getRuntimeConfig = void 0; -const core_1 = __nccwpck_require__(9963); -const core_2 = __nccwpck_require__(5829); -const smithy_client_1 = __nccwpck_require__(3570); -const url_parser_1 = __nccwpck_require__(4681); -const util_base64_1 = __nccwpck_require__(5600); -const util_utf8_1 = __nccwpck_require__(1895); -const httpAuthSchemeProvider_1 = __nccwpck_require__(9344); -const endpointResolver_1 = __nccwpck_require__(898); -const getRuntimeConfig = (config) => { - return { - apiVersion: "2019-06-10", - base64Decoder: config?.base64Decoder ?? util_base64_1.fromBase64, - base64Encoder: config?.base64Encoder ?? util_base64_1.toBase64, - disableHostPrefix: config?.disableHostPrefix ?? false, - endpointProvider: config?.endpointProvider ?? endpointResolver_1.defaultEndpointResolver, - extensions: config?.extensions ?? [], - httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? httpAuthSchemeProvider_1.defaultSSOHttpAuthSchemeProvider, - httpAuthSchemes: config?.httpAuthSchemes ?? [ - { - schemeId: "aws.auth#sigv4", - identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4"), - signer: new core_1.AwsSdkSigV4Signer(), - }, - { - schemeId: "smithy.api#noAuth", - identityProvider: (ipc) => ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})), - signer: new core_2.NoAuthSigner(), - }, - ], - logger: config?.logger ?? new smithy_client_1.NoOpLogger(), - serviceId: config?.serviceId ?? "SSO", - urlParser: config?.urlParser ?? url_parser_1.parseUrl, - utf8Decoder: config?.utf8Decoder ?? util_utf8_1.fromUtf8, - utf8Encoder: config?.utf8Encoder ?? util_utf8_1.toUtf8, - }; -}; -exports.getRuntimeConfig = getRuntimeConfig; - - -/***/ }), - -/***/ 4195: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.STSClient = exports.__Client = void 0; -const middleware_host_header_1 = __nccwpck_require__(9514); -const middleware_logger_1 = __nccwpck_require__(5675); -const middleware_recursion_detection_1 = __nccwpck_require__(7977); -const middleware_user_agent_1 = __nccwpck_require__(6634); -const config_resolver_1 = __nccwpck_require__(3098); -const core_1 = __nccwpck_require__(5829); -const middleware_content_length_1 = __nccwpck_require__(2800); -const middleware_endpoint_1 = __nccwpck_require__(2918); -const middleware_retry_1 = __nccwpck_require__(6039); -const smithy_client_1 = __nccwpck_require__(3570); -Object.defineProperty(exports, "__Client", ({ enumerable: true, get: function () { return smithy_client_1.Client; } })); -const httpAuthSchemeProvider_1 = __nccwpck_require__(7145); -const EndpointParameters_1 = __nccwpck_require__(510); -const runtimeConfig_1 = __nccwpck_require__(3405); -const runtimeExtensions_1 = __nccwpck_require__(2053); -class STSClient extends smithy_client_1.Client { - config; - constructor(...[configuration]) { - const _config_0 = (0, runtimeConfig_1.getRuntimeConfig)(configuration || {}); - super(_config_0); - this.initConfig = _config_0; - const _config_1 = (0, EndpointParameters_1.resolveClientEndpointParameters)(_config_0); - const _config_2 = (0, middleware_user_agent_1.resolveUserAgentConfig)(_config_1); - const _config_3 = (0, middleware_retry_1.resolveRetryConfig)(_config_2); - const _config_4 = (0, config_resolver_1.resolveRegionConfig)(_config_3); - const _config_5 = (0, middleware_host_header_1.resolveHostHeaderConfig)(_config_4); - const _config_6 = (0, middleware_endpoint_1.resolveEndpointConfig)(_config_5); - const _config_7 = (0, httpAuthSchemeProvider_1.resolveHttpAuthSchemeConfig)(_config_6); - const _config_8 = (0, runtimeExtensions_1.resolveRuntimeExtensions)(_config_7, configuration?.extensions || []); - this.config = _config_8; - this.middlewareStack.use((0, middleware_user_agent_1.getUserAgentPlugin)(this.config)); - this.middlewareStack.use((0, middleware_retry_1.getRetryPlugin)(this.config)); - this.middlewareStack.use((0, middleware_content_length_1.getContentLengthPlugin)(this.config)); - this.middlewareStack.use((0, middleware_host_header_1.getHostHeaderPlugin)(this.config)); - this.middlewareStack.use((0, middleware_logger_1.getLoggerPlugin)(this.config)); - this.middlewareStack.use((0, middleware_recursion_detection_1.getRecursionDetectionPlugin)(this.config)); - this.middlewareStack.use((0, core_1.getHttpAuthSchemeEndpointRuleSetPlugin)(this.config, { - httpAuthSchemeParametersProvider: httpAuthSchemeProvider_1.defaultSTSHttpAuthSchemeParametersProvider, - identityProviderConfigProvider: async (config) => new core_1.DefaultIdentityProviderConfig({ - "aws.auth#sigv4": config.credentials, - }), - })); - this.middlewareStack.use((0, core_1.getHttpSigningPlugin)(this.config)); - } - destroy() { - super.destroy(); - } -} -exports.STSClient = STSClient; - - -/***/ }), - -/***/ 8527: -/***/ ((__unused_webpack_module, exports) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.resolveHttpAuthRuntimeConfig = exports.getHttpAuthExtensionConfiguration = void 0; -const getHttpAuthExtensionConfiguration = (runtimeConfig) => { - const _httpAuthSchemes = runtimeConfig.httpAuthSchemes; - let _httpAuthSchemeProvider = runtimeConfig.httpAuthSchemeProvider; - let _credentials = runtimeConfig.credentials; - return { - setHttpAuthScheme(httpAuthScheme) { - const index = _httpAuthSchemes.findIndex((scheme) => scheme.schemeId === httpAuthScheme.schemeId); - if (index === -1) { - _httpAuthSchemes.push(httpAuthScheme); - } - else { - _httpAuthSchemes.splice(index, 1, httpAuthScheme); - } - }, - httpAuthSchemes() { - return _httpAuthSchemes; - }, - setHttpAuthSchemeProvider(httpAuthSchemeProvider) { - _httpAuthSchemeProvider = httpAuthSchemeProvider; - }, - httpAuthSchemeProvider() { - return _httpAuthSchemeProvider; - }, - setCredentials(credentials) { - _credentials = credentials; - }, - credentials() { - return _credentials; - }, - }; -}; -exports.getHttpAuthExtensionConfiguration = getHttpAuthExtensionConfiguration; -const resolveHttpAuthRuntimeConfig = (config) => { - return { - httpAuthSchemes: config.httpAuthSchemes(), - httpAuthSchemeProvider: config.httpAuthSchemeProvider(), - credentials: config.credentials(), - }; -}; -exports.resolveHttpAuthRuntimeConfig = resolveHttpAuthRuntimeConfig; - - -/***/ }), - -/***/ 7145: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.resolveHttpAuthSchemeConfig = exports.resolveStsAuthConfig = exports.defaultSTSHttpAuthSchemeProvider = exports.defaultSTSHttpAuthSchemeParametersProvider = void 0; -const core_1 = __nccwpck_require__(2143); -const util_middleware_1 = __nccwpck_require__(2390); -const STSClient_1 = __nccwpck_require__(4195); -const defaultSTSHttpAuthSchemeParametersProvider = async (config, context, input) => { - return { - operation: (0, util_middleware_1.getSmithyContext)(context).operation, - region: (await (0, util_middleware_1.normalizeProvider)(config.region)()) || - (() => { - throw new Error("expected `region` to be configured for `aws.auth#sigv4`"); - })(), - }; -}; -exports.defaultSTSHttpAuthSchemeParametersProvider = defaultSTSHttpAuthSchemeParametersProvider; -function createAwsAuthSigv4HttpAuthOption(authParameters) { - return { - schemeId: "aws.auth#sigv4", - signingProperties: { - name: "sts", - region: authParameters.region, - }, - propertiesExtractor: (config, context) => ({ - signingProperties: { - config, - context, - }, - }), - }; -} -function createSmithyApiNoAuthHttpAuthOption(authParameters) { - return { - schemeId: "smithy.api#noAuth", - }; -} -const defaultSTSHttpAuthSchemeProvider = (authParameters) => { - const options = []; - switch (authParameters.operation) { - case "AssumeRoleWithSAML": { - options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); - break; - } - case "AssumeRoleWithWebIdentity": { - options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); - break; - } - default: { - options.push(createAwsAuthSigv4HttpAuthOption(authParameters)); - } - } - return options; -}; -exports.defaultSTSHttpAuthSchemeProvider = defaultSTSHttpAuthSchemeProvider; -const resolveStsAuthConfig = (input) => Object.assign(input, { - stsClientCtor: STSClient_1.STSClient, -}); -exports.resolveStsAuthConfig = resolveStsAuthConfig; -const resolveHttpAuthSchemeConfig = (config) => { - const config_0 = (0, exports.resolveStsAuthConfig)(config); - const config_1 = (0, core_1.resolveAwsSdkSigV4Config)(config_0); - return Object.assign(config_1, { - authSchemePreference: (0, util_middleware_1.normalizeProvider)(config.authSchemePreference ?? []), - }); -}; -exports.resolveHttpAuthSchemeConfig = resolveHttpAuthSchemeConfig; - - -/***/ }), - -/***/ 510: -/***/ ((__unused_webpack_module, exports) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.commonParams = exports.resolveClientEndpointParameters = void 0; -const resolveClientEndpointParameters = (options) => { - return Object.assign(options, { - useDualstackEndpoint: options.useDualstackEndpoint ?? false, - useFipsEndpoint: options.useFipsEndpoint ?? false, - useGlobalEndpoint: options.useGlobalEndpoint ?? false, - defaultSigningName: "sts", - }); -}; -exports.resolveClientEndpointParameters = resolveClientEndpointParameters; -exports.commonParams = { - UseGlobalEndpoint: { type: "builtInParams", name: "useGlobalEndpoint" }, - UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, - Endpoint: { type: "builtInParams", name: "endpoint" }, - Region: { type: "builtInParams", name: "region" }, - UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" }, -}; - - -/***/ }), - -/***/ 1203: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.defaultEndpointResolver = void 0; -const util_endpoints_1 = __nccwpck_require__(4241); -const util_endpoints_2 = __nccwpck_require__(5473); -const ruleset_1 = __nccwpck_require__(6882); -const cache = new util_endpoints_2.EndpointCache({ - size: 50, - params: ["Endpoint", "Region", "UseDualStack", "UseFIPS", "UseGlobalEndpoint"], -}); -const defaultEndpointResolver = (endpointParams, context = {}) => { - return cache.get(endpointParams, () => (0, util_endpoints_2.resolveEndpoint)(ruleset_1.ruleSet, { - endpointParams: endpointParams, - logger: context.logger, - })); -}; -exports.defaultEndpointResolver = defaultEndpointResolver; -util_endpoints_2.customEndpointFunctions.aws = util_endpoints_1.awsEndpointFunctions; - - -/***/ }), - -/***/ 6882: -/***/ ((__unused_webpack_module, exports) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.ruleSet = void 0; -const F = "required", G = "type", H = "fn", I = "argv", J = "ref"; -const a = false, b = true, c = "booleanEquals", d = "stringEquals", e = "sigv4", f = "sts", g = "us-east-1", h = "endpoint", i = "https://sts.{Region}.{PartitionResult#dnsSuffix}", j = "tree", k = "error", l = "getAttr", m = { [F]: false, [G]: "String" }, n = { [F]: true, "default": false, [G]: "Boolean" }, o = { [J]: "Endpoint" }, p = { [H]: "isSet", [I]: [{ [J]: "Region" }] }, q = { [J]: "Region" }, r = { [H]: "aws.partition", [I]: [q], "assign": "PartitionResult" }, s = { [J]: "UseFIPS" }, t = { [J]: "UseDualStack" }, u = { "url": "https://sts.amazonaws.com", "properties": { "authSchemes": [{ "name": e, "signingName": f, "signingRegion": g }] }, "headers": {} }, v = {}, w = { "conditions": [{ [H]: d, [I]: [q, "aws-global"] }], [h]: u, [G]: h }, x = { [H]: c, [I]: [s, true] }, y = { [H]: c, [I]: [t, true] }, z = { [H]: l, [I]: [{ [J]: "PartitionResult" }, "supportsFIPS"] }, A = { [J]: "PartitionResult" }, B = { [H]: c, [I]: [true, { [H]: l, [I]: [A, "supportsDualStack"] }] }, C = [{ [H]: "isSet", [I]: [o] }], D = [x], E = [y]; -const _data = { version: "1.0", parameters: { Region: m, UseDualStack: n, UseFIPS: n, Endpoint: m, UseGlobalEndpoint: n }, rules: [{ conditions: [{ [H]: c, [I]: [{ [J]: "UseGlobalEndpoint" }, b] }, { [H]: "not", [I]: C }, p, r, { [H]: c, [I]: [s, a] }, { [H]: c, [I]: [t, a] }], rules: [{ conditions: [{ [H]: d, [I]: [q, "ap-northeast-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "ap-south-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "ap-southeast-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "ap-southeast-2"] }], endpoint: u, [G]: h }, w, { conditions: [{ [H]: d, [I]: [q, "ca-central-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-central-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-north-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-west-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-west-2"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-west-3"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "sa-east-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, g] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "us-east-2"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "us-west-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "us-west-2"] }], endpoint: u, [G]: h }, { endpoint: { url: i, properties: { authSchemes: [{ name: e, signingName: f, signingRegion: "{Region}" }] }, headers: v }, [G]: h }], [G]: j }, { conditions: C, rules: [{ conditions: D, error: "Invalid Configuration: FIPS and custom endpoint are not supported", [G]: k }, { conditions: E, error: "Invalid Configuration: Dualstack and custom endpoint are not supported", [G]: k }, { endpoint: { url: o, properties: v, headers: v }, [G]: h }], [G]: j }, { conditions: [p], rules: [{ conditions: [r], rules: [{ conditions: [x, y], rules: [{ conditions: [{ [H]: c, [I]: [b, z] }, B], rules: [{ endpoint: { url: "https://sts-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: v, headers: v }, [G]: h }], [G]: j }, { error: "FIPS and DualStack are enabled, but this partition does not support one or both", [G]: k }], [G]: j }, { conditions: D, rules: [{ conditions: [{ [H]: c, [I]: [z, b] }], rules: [{ conditions: [{ [H]: d, [I]: [{ [H]: l, [I]: [A, "name"] }, "aws-us-gov"] }], endpoint: { url: "https://sts.{Region}.amazonaws.com", properties: v, headers: v }, [G]: h }, { endpoint: { url: "https://sts-fips.{Region}.{PartitionResult#dnsSuffix}", properties: v, headers: v }, [G]: h }], [G]: j }, { error: "FIPS is enabled but this partition does not support FIPS", [G]: k }], [G]: j }, { conditions: E, rules: [{ conditions: [B], rules: [{ endpoint: { url: "https://sts.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: v, headers: v }, [G]: h }], [G]: j }, { error: "DualStack is enabled but this partition does not support DualStack", [G]: k }], [G]: j }, w, { endpoint: { url: i, properties: v, headers: v }, [G]: h }], [G]: j }], [G]: j }, { error: "Invalid Configuration: Missing Region", [G]: k }] }; -exports.ruleSet = _data; - - -/***/ }), - -/***/ 2209: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default")); -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - AssumeRoleCommand: () => AssumeRoleCommand, - AssumeRoleResponseFilterSensitiveLog: () => AssumeRoleResponseFilterSensitiveLog, - AssumeRoleWithSAMLCommand: () => AssumeRoleWithSAMLCommand, - AssumeRoleWithSAMLRequestFilterSensitiveLog: () => AssumeRoleWithSAMLRequestFilterSensitiveLog, - AssumeRoleWithSAMLResponseFilterSensitiveLog: () => AssumeRoleWithSAMLResponseFilterSensitiveLog, - AssumeRoleWithWebIdentityCommand: () => AssumeRoleWithWebIdentityCommand, - AssumeRoleWithWebIdentityRequestFilterSensitiveLog: () => AssumeRoleWithWebIdentityRequestFilterSensitiveLog, - AssumeRoleWithWebIdentityResponseFilterSensitiveLog: () => AssumeRoleWithWebIdentityResponseFilterSensitiveLog, - AssumeRootCommand: () => AssumeRootCommand, - AssumeRootResponseFilterSensitiveLog: () => AssumeRootResponseFilterSensitiveLog, - ClientInputEndpointParameters: () => import_EndpointParameters10.ClientInputEndpointParameters, - CredentialsFilterSensitiveLog: () => CredentialsFilterSensitiveLog, - DecodeAuthorizationMessageCommand: () => DecodeAuthorizationMessageCommand, - ExpiredTokenException: () => ExpiredTokenException, - GetAccessKeyInfoCommand: () => GetAccessKeyInfoCommand, - GetCallerIdentityCommand: () => GetCallerIdentityCommand, - GetFederationTokenCommand: () => GetFederationTokenCommand, - GetFederationTokenResponseFilterSensitiveLog: () => GetFederationTokenResponseFilterSensitiveLog, - GetSessionTokenCommand: () => GetSessionTokenCommand, - GetSessionTokenResponseFilterSensitiveLog: () => GetSessionTokenResponseFilterSensitiveLog, - IDPCommunicationErrorException: () => IDPCommunicationErrorException, - IDPRejectedClaimException: () => IDPRejectedClaimException, - InvalidAuthorizationMessageException: () => InvalidAuthorizationMessageException, - InvalidIdentityTokenException: () => InvalidIdentityTokenException, - MalformedPolicyDocumentException: () => MalformedPolicyDocumentException, - PackedPolicyTooLargeException: () => PackedPolicyTooLargeException, - RegionDisabledException: () => RegionDisabledException, - STS: () => STS, - STSServiceException: () => STSServiceException, - decorateDefaultCredentialProvider: () => decorateDefaultCredentialProvider, - getDefaultRoleAssumer: () => getDefaultRoleAssumer2, - getDefaultRoleAssumerWithWebIdentity: () => getDefaultRoleAssumerWithWebIdentity2 -}); -module.exports = __toCommonJS(index_exports); -__reExport(index_exports, __nccwpck_require__(4195), module.exports); - -// src/STS.ts - - -// src/commands/AssumeRoleCommand.ts -var import_middleware_endpoint = __nccwpck_require__(2918); -var import_middleware_serde = __nccwpck_require__(1238); - -var import_EndpointParameters = __nccwpck_require__(510); - -// src/models/models_0.ts - - -// src/models/STSServiceException.ts -var import_smithy_client = __nccwpck_require__(3570); -var STSServiceException = class _STSServiceException extends import_smithy_client.ServiceException { - static { - __name(this, "STSServiceException"); - } - /** - * @internal - */ - constructor(options) { - super(options); - Object.setPrototypeOf(this, _STSServiceException.prototype); - } -}; - -// src/models/models_0.ts -var ExpiredTokenException = class _ExpiredTokenException extends STSServiceException { - static { - __name(this, "ExpiredTokenException"); - } - name = "ExpiredTokenException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "ExpiredTokenException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _ExpiredTokenException.prototype); - } -}; -var MalformedPolicyDocumentException = class _MalformedPolicyDocumentException extends STSServiceException { - static { - __name(this, "MalformedPolicyDocumentException"); - } - name = "MalformedPolicyDocumentException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "MalformedPolicyDocumentException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _MalformedPolicyDocumentException.prototype); - } -}; -var PackedPolicyTooLargeException = class _PackedPolicyTooLargeException extends STSServiceException { - static { - __name(this, "PackedPolicyTooLargeException"); - } - name = "PackedPolicyTooLargeException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "PackedPolicyTooLargeException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _PackedPolicyTooLargeException.prototype); - } -}; -var RegionDisabledException = class _RegionDisabledException extends STSServiceException { - static { - __name(this, "RegionDisabledException"); - } - name = "RegionDisabledException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "RegionDisabledException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _RegionDisabledException.prototype); - } -}; -var IDPRejectedClaimException = class _IDPRejectedClaimException extends STSServiceException { - static { - __name(this, "IDPRejectedClaimException"); - } - name = "IDPRejectedClaimException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "IDPRejectedClaimException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _IDPRejectedClaimException.prototype); - } -}; -var InvalidIdentityTokenException = class _InvalidIdentityTokenException extends STSServiceException { - static { - __name(this, "InvalidIdentityTokenException"); - } - name = "InvalidIdentityTokenException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "InvalidIdentityTokenException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _InvalidIdentityTokenException.prototype); - } -}; -var IDPCommunicationErrorException = class _IDPCommunicationErrorException extends STSServiceException { - static { - __name(this, "IDPCommunicationErrorException"); - } - name = "IDPCommunicationErrorException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "IDPCommunicationErrorException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _IDPCommunicationErrorException.prototype); - } -}; -var InvalidAuthorizationMessageException = class _InvalidAuthorizationMessageException extends STSServiceException { - static { - __name(this, "InvalidAuthorizationMessageException"); - } - name = "InvalidAuthorizationMessageException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "InvalidAuthorizationMessageException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _InvalidAuthorizationMessageException.prototype); - } -}; -var CredentialsFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.SecretAccessKey && { SecretAccessKey: import_smithy_client.SENSITIVE_STRING } -}), "CredentialsFilterSensitiveLog"); -var AssumeRoleResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) } -}), "AssumeRoleResponseFilterSensitiveLog"); -var AssumeRoleWithSAMLRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.SAMLAssertion && { SAMLAssertion: import_smithy_client.SENSITIVE_STRING } -}), "AssumeRoleWithSAMLRequestFilterSensitiveLog"); -var AssumeRoleWithSAMLResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) } -}), "AssumeRoleWithSAMLResponseFilterSensitiveLog"); -var AssumeRoleWithWebIdentityRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.WebIdentityToken && { WebIdentityToken: import_smithy_client.SENSITIVE_STRING } -}), "AssumeRoleWithWebIdentityRequestFilterSensitiveLog"); -var AssumeRoleWithWebIdentityResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) } -}), "AssumeRoleWithWebIdentityResponseFilterSensitiveLog"); -var AssumeRootResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) } -}), "AssumeRootResponseFilterSensitiveLog"); -var GetFederationTokenResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) } -}), "GetFederationTokenResponseFilterSensitiveLog"); -var GetSessionTokenResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) } -}), "GetSessionTokenResponseFilterSensitiveLog"); - -// src/protocols/Aws_query.ts -var import_core = __nccwpck_require__(2143); -var import_protocol_http = __nccwpck_require__(4418); - -var se_AssumeRoleCommand = /* @__PURE__ */ __name(async (input, context) => { - const headers = SHARED_HEADERS; - let body; - body = buildFormUrlencodedString({ - ...se_AssumeRoleRequest(input, context), - [_A]: _AR, - [_V]: _ - }); - return buildHttpRpcRequest(context, headers, "/", void 0, body); -}, "se_AssumeRoleCommand"); -var se_AssumeRoleWithSAMLCommand = /* @__PURE__ */ __name(async (input, context) => { - const headers = SHARED_HEADERS; - let body; - body = buildFormUrlencodedString({ - ...se_AssumeRoleWithSAMLRequest(input, context), - [_A]: _ARWSAML, - [_V]: _ - }); - return buildHttpRpcRequest(context, headers, "/", void 0, body); -}, "se_AssumeRoleWithSAMLCommand"); -var se_AssumeRoleWithWebIdentityCommand = /* @__PURE__ */ __name(async (input, context) => { - const headers = SHARED_HEADERS; - let body; - body = buildFormUrlencodedString({ - ...se_AssumeRoleWithWebIdentityRequest(input, context), - [_A]: _ARWWI, - [_V]: _ - }); - return buildHttpRpcRequest(context, headers, "/", void 0, body); -}, "se_AssumeRoleWithWebIdentityCommand"); -var se_AssumeRootCommand = /* @__PURE__ */ __name(async (input, context) => { - const headers = SHARED_HEADERS; - let body; - body = buildFormUrlencodedString({ - ...se_AssumeRootRequest(input, context), - [_A]: _ARs, - [_V]: _ - }); - return buildHttpRpcRequest(context, headers, "/", void 0, body); -}, "se_AssumeRootCommand"); -var se_DecodeAuthorizationMessageCommand = /* @__PURE__ */ __name(async (input, context) => { - const headers = SHARED_HEADERS; - let body; - body = buildFormUrlencodedString({ - ...se_DecodeAuthorizationMessageRequest(input, context), - [_A]: _DAM, - [_V]: _ - }); - return buildHttpRpcRequest(context, headers, "/", void 0, body); -}, "se_DecodeAuthorizationMessageCommand"); -var se_GetAccessKeyInfoCommand = /* @__PURE__ */ __name(async (input, context) => { - const headers = SHARED_HEADERS; - let body; - body = buildFormUrlencodedString({ - ...se_GetAccessKeyInfoRequest(input, context), - [_A]: _GAKI, - [_V]: _ - }); - return buildHttpRpcRequest(context, headers, "/", void 0, body); -}, "se_GetAccessKeyInfoCommand"); -var se_GetCallerIdentityCommand = /* @__PURE__ */ __name(async (input, context) => { - const headers = SHARED_HEADERS; - let body; - body = buildFormUrlencodedString({ - ...se_GetCallerIdentityRequest(input, context), - [_A]: _GCI, - [_V]: _ - }); - return buildHttpRpcRequest(context, headers, "/", void 0, body); -}, "se_GetCallerIdentityCommand"); -var se_GetFederationTokenCommand = /* @__PURE__ */ __name(async (input, context) => { - const headers = SHARED_HEADERS; - let body; - body = buildFormUrlencodedString({ - ...se_GetFederationTokenRequest(input, context), - [_A]: _GFT, - [_V]: _ - }); - return buildHttpRpcRequest(context, headers, "/", void 0, body); -}, "se_GetFederationTokenCommand"); -var se_GetSessionTokenCommand = /* @__PURE__ */ __name(async (input, context) => { - const headers = SHARED_HEADERS; - let body; - body = buildFormUrlencodedString({ - ...se_GetSessionTokenRequest(input, context), - [_A]: _GST, - [_V]: _ - }); - return buildHttpRpcRequest(context, headers, "/", void 0, body); -}, "se_GetSessionTokenCommand"); -var de_AssumeRoleCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode >= 300) { - return de_CommandError(output, context); - } - const data = await (0, import_core.parseXmlBody)(output.body, context); - let contents = {}; - contents = de_AssumeRoleResponse(data.AssumeRoleResult, context); - const response = { - $metadata: deserializeMetadata(output), - ...contents - }; - return response; -}, "de_AssumeRoleCommand"); -var de_AssumeRoleWithSAMLCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode >= 300) { - return de_CommandError(output, context); - } - const data = await (0, import_core.parseXmlBody)(output.body, context); - let contents = {}; - contents = de_AssumeRoleWithSAMLResponse(data.AssumeRoleWithSAMLResult, context); - const response = { - $metadata: deserializeMetadata(output), - ...contents - }; - return response; -}, "de_AssumeRoleWithSAMLCommand"); -var de_AssumeRoleWithWebIdentityCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode >= 300) { - return de_CommandError(output, context); - } - const data = await (0, import_core.parseXmlBody)(output.body, context); - let contents = {}; - contents = de_AssumeRoleWithWebIdentityResponse(data.AssumeRoleWithWebIdentityResult, context); - const response = { - $metadata: deserializeMetadata(output), - ...contents - }; - return response; -}, "de_AssumeRoleWithWebIdentityCommand"); -var de_AssumeRootCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode >= 300) { - return de_CommandError(output, context); - } - const data = await (0, import_core.parseXmlBody)(output.body, context); - let contents = {}; - contents = de_AssumeRootResponse(data.AssumeRootResult, context); - const response = { - $metadata: deserializeMetadata(output), - ...contents - }; - return response; -}, "de_AssumeRootCommand"); -var de_DecodeAuthorizationMessageCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode >= 300) { - return de_CommandError(output, context); - } - const data = await (0, import_core.parseXmlBody)(output.body, context); - let contents = {}; - contents = de_DecodeAuthorizationMessageResponse(data.DecodeAuthorizationMessageResult, context); - const response = { - $metadata: deserializeMetadata(output), - ...contents - }; - return response; -}, "de_DecodeAuthorizationMessageCommand"); -var de_GetAccessKeyInfoCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode >= 300) { - return de_CommandError(output, context); - } - const data = await (0, import_core.parseXmlBody)(output.body, context); - let contents = {}; - contents = de_GetAccessKeyInfoResponse(data.GetAccessKeyInfoResult, context); - const response = { - $metadata: deserializeMetadata(output), - ...contents - }; - return response; -}, "de_GetAccessKeyInfoCommand"); -var de_GetCallerIdentityCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode >= 300) { - return de_CommandError(output, context); - } - const data = await (0, import_core.parseXmlBody)(output.body, context); - let contents = {}; - contents = de_GetCallerIdentityResponse(data.GetCallerIdentityResult, context); - const response = { - $metadata: deserializeMetadata(output), - ...contents - }; - return response; -}, "de_GetCallerIdentityCommand"); -var de_GetFederationTokenCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode >= 300) { - return de_CommandError(output, context); - } - const data = await (0, import_core.parseXmlBody)(output.body, context); - let contents = {}; - contents = de_GetFederationTokenResponse(data.GetFederationTokenResult, context); - const response = { - $metadata: deserializeMetadata(output), - ...contents - }; - return response; -}, "de_GetFederationTokenCommand"); -var de_GetSessionTokenCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode >= 300) { - return de_CommandError(output, context); - } - const data = await (0, import_core.parseXmlBody)(output.body, context); - let contents = {}; - contents = de_GetSessionTokenResponse(data.GetSessionTokenResult, context); - const response = { - $metadata: deserializeMetadata(output), - ...contents - }; - return response; -}, "de_GetSessionTokenCommand"); -var de_CommandError = /* @__PURE__ */ __name(async (output, context) => { - const parsedOutput = { - ...output, - body: await (0, import_core.parseXmlErrorBody)(output.body, context) - }; - const errorCode = loadQueryErrorCode(output, parsedOutput.body); - switch (errorCode) { - case "ExpiredTokenException": - case "com.amazonaws.sts#ExpiredTokenException": - throw await de_ExpiredTokenExceptionRes(parsedOutput, context); - case "MalformedPolicyDocument": - case "com.amazonaws.sts#MalformedPolicyDocumentException": - throw await de_MalformedPolicyDocumentExceptionRes(parsedOutput, context); - case "PackedPolicyTooLarge": - case "com.amazonaws.sts#PackedPolicyTooLargeException": - throw await de_PackedPolicyTooLargeExceptionRes(parsedOutput, context); - case "RegionDisabledException": - case "com.amazonaws.sts#RegionDisabledException": - throw await de_RegionDisabledExceptionRes(parsedOutput, context); - case "IDPRejectedClaim": - case "com.amazonaws.sts#IDPRejectedClaimException": - throw await de_IDPRejectedClaimExceptionRes(parsedOutput, context); - case "InvalidIdentityToken": - case "com.amazonaws.sts#InvalidIdentityTokenException": - throw await de_InvalidIdentityTokenExceptionRes(parsedOutput, context); - case "IDPCommunicationError": - case "com.amazonaws.sts#IDPCommunicationErrorException": - throw await de_IDPCommunicationErrorExceptionRes(parsedOutput, context); - case "InvalidAuthorizationMessageException": - case "com.amazonaws.sts#InvalidAuthorizationMessageException": - throw await de_InvalidAuthorizationMessageExceptionRes(parsedOutput, context); - default: - const parsedBody = parsedOutput.body; - return throwDefaultError({ - output, - parsedBody: parsedBody.Error, - errorCode - }); - } -}, "de_CommandError"); -var de_ExpiredTokenExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_ExpiredTokenException(body.Error, context); - const exception = new ExpiredTokenException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client.decorateServiceException)(exception, body); -}, "de_ExpiredTokenExceptionRes"); -var de_IDPCommunicationErrorExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_IDPCommunicationErrorException(body.Error, context); - const exception = new IDPCommunicationErrorException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client.decorateServiceException)(exception, body); -}, "de_IDPCommunicationErrorExceptionRes"); -var de_IDPRejectedClaimExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_IDPRejectedClaimException(body.Error, context); - const exception = new IDPRejectedClaimException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client.decorateServiceException)(exception, body); -}, "de_IDPRejectedClaimExceptionRes"); -var de_InvalidAuthorizationMessageExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_InvalidAuthorizationMessageException(body.Error, context); - const exception = new InvalidAuthorizationMessageException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client.decorateServiceException)(exception, body); -}, "de_InvalidAuthorizationMessageExceptionRes"); -var de_InvalidIdentityTokenExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_InvalidIdentityTokenException(body.Error, context); - const exception = new InvalidIdentityTokenException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client.decorateServiceException)(exception, body); -}, "de_InvalidIdentityTokenExceptionRes"); -var de_MalformedPolicyDocumentExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_MalformedPolicyDocumentException(body.Error, context); - const exception = new MalformedPolicyDocumentException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client.decorateServiceException)(exception, body); -}, "de_MalformedPolicyDocumentExceptionRes"); -var de_PackedPolicyTooLargeExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_PackedPolicyTooLargeException(body.Error, context); - const exception = new PackedPolicyTooLargeException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client.decorateServiceException)(exception, body); -}, "de_PackedPolicyTooLargeExceptionRes"); -var de_RegionDisabledExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_RegionDisabledException(body.Error, context); - const exception = new RegionDisabledException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client.decorateServiceException)(exception, body); -}, "de_RegionDisabledExceptionRes"); -var se_AssumeRoleRequest = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_RA] != null) { - entries[_RA] = input[_RA]; - } - if (input[_RSN] != null) { - entries[_RSN] = input[_RSN]; - } - if (input[_PA] != null) { - const memberEntries = se_policyDescriptorListType(input[_PA], context); - if (input[_PA]?.length === 0) { - entries.PolicyArns = []; - } - Object.entries(memberEntries).forEach(([key, value]) => { - const loc = `PolicyArns.${key}`; - entries[loc] = value; - }); - } - if (input[_P] != null) { - entries[_P] = input[_P]; - } - if (input[_DS] != null) { - entries[_DS] = input[_DS]; - } - if (input[_T] != null) { - const memberEntries = se_tagListType(input[_T], context); - if (input[_T]?.length === 0) { - entries.Tags = []; - } - Object.entries(memberEntries).forEach(([key, value]) => { - const loc = `Tags.${key}`; - entries[loc] = value; - }); - } - if (input[_TTK] != null) { - const memberEntries = se_tagKeyListType(input[_TTK], context); - if (input[_TTK]?.length === 0) { - entries.TransitiveTagKeys = []; - } - Object.entries(memberEntries).forEach(([key, value]) => { - const loc = `TransitiveTagKeys.${key}`; - entries[loc] = value; - }); - } - if (input[_EI] != null) { - entries[_EI] = input[_EI]; - } - if (input[_SN] != null) { - entries[_SN] = input[_SN]; - } - if (input[_TC] != null) { - entries[_TC] = input[_TC]; - } - if (input[_SI] != null) { - entries[_SI] = input[_SI]; - } - if (input[_PC] != null) { - const memberEntries = se_ProvidedContextsListType(input[_PC], context); - if (input[_PC]?.length === 0) { - entries.ProvidedContexts = []; - } - Object.entries(memberEntries).forEach(([key, value]) => { - const loc = `ProvidedContexts.${key}`; - entries[loc] = value; - }); - } - return entries; -}, "se_AssumeRoleRequest"); -var se_AssumeRoleWithSAMLRequest = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_RA] != null) { - entries[_RA] = input[_RA]; - } - if (input[_PAr] != null) { - entries[_PAr] = input[_PAr]; - } - if (input[_SAMLA] != null) { - entries[_SAMLA] = input[_SAMLA]; - } - if (input[_PA] != null) { - const memberEntries = se_policyDescriptorListType(input[_PA], context); - if (input[_PA]?.length === 0) { - entries.PolicyArns = []; - } - Object.entries(memberEntries).forEach(([key, value]) => { - const loc = `PolicyArns.${key}`; - entries[loc] = value; - }); - } - if (input[_P] != null) { - entries[_P] = input[_P]; - } - if (input[_DS] != null) { - entries[_DS] = input[_DS]; - } - return entries; -}, "se_AssumeRoleWithSAMLRequest"); -var se_AssumeRoleWithWebIdentityRequest = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_RA] != null) { - entries[_RA] = input[_RA]; - } - if (input[_RSN] != null) { - entries[_RSN] = input[_RSN]; - } - if (input[_WIT] != null) { - entries[_WIT] = input[_WIT]; - } - if (input[_PI] != null) { - entries[_PI] = input[_PI]; - } - if (input[_PA] != null) { - const memberEntries = se_policyDescriptorListType(input[_PA], context); - if (input[_PA]?.length === 0) { - entries.PolicyArns = []; - } - Object.entries(memberEntries).forEach(([key, value]) => { - const loc = `PolicyArns.${key}`; - entries[loc] = value; - }); - } - if (input[_P] != null) { - entries[_P] = input[_P]; - } - if (input[_DS] != null) { - entries[_DS] = input[_DS]; - } - return entries; -}, "se_AssumeRoleWithWebIdentityRequest"); -var se_AssumeRootRequest = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_TP] != null) { - entries[_TP] = input[_TP]; - } - if (input[_TPA] != null) { - const memberEntries = se_PolicyDescriptorType(input[_TPA], context); - Object.entries(memberEntries).forEach(([key, value]) => { - const loc = `TaskPolicyArn.${key}`; - entries[loc] = value; - }); - } - if (input[_DS] != null) { - entries[_DS] = input[_DS]; - } - return entries; -}, "se_AssumeRootRequest"); -var se_DecodeAuthorizationMessageRequest = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_EM] != null) { - entries[_EM] = input[_EM]; - } - return entries; -}, "se_DecodeAuthorizationMessageRequest"); -var se_GetAccessKeyInfoRequest = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_AKI] != null) { - entries[_AKI] = input[_AKI]; - } - return entries; -}, "se_GetAccessKeyInfoRequest"); -var se_GetCallerIdentityRequest = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - return entries; -}, "se_GetCallerIdentityRequest"); -var se_GetFederationTokenRequest = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_N] != null) { - entries[_N] = input[_N]; - } - if (input[_P] != null) { - entries[_P] = input[_P]; - } - if (input[_PA] != null) { - const memberEntries = se_policyDescriptorListType(input[_PA], context); - if (input[_PA]?.length === 0) { - entries.PolicyArns = []; - } - Object.entries(memberEntries).forEach(([key, value]) => { - const loc = `PolicyArns.${key}`; - entries[loc] = value; - }); - } - if (input[_DS] != null) { - entries[_DS] = input[_DS]; - } - if (input[_T] != null) { - const memberEntries = se_tagListType(input[_T], context); - if (input[_T]?.length === 0) { - entries.Tags = []; - } - Object.entries(memberEntries).forEach(([key, value]) => { - const loc = `Tags.${key}`; - entries[loc] = value; - }); - } - return entries; -}, "se_GetFederationTokenRequest"); -var se_GetSessionTokenRequest = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_DS] != null) { - entries[_DS] = input[_DS]; - } - if (input[_SN] != null) { - entries[_SN] = input[_SN]; - } - if (input[_TC] != null) { - entries[_TC] = input[_TC]; - } - return entries; -}, "se_GetSessionTokenRequest"); -var se_policyDescriptorListType = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - let counter = 1; - for (const entry of input) { - if (entry === null) { - continue; - } - const memberEntries = se_PolicyDescriptorType(entry, context); - Object.entries(memberEntries).forEach(([key, value]) => { - entries[`member.${counter}.${key}`] = value; - }); - counter++; - } - return entries; -}, "se_policyDescriptorListType"); -var se_PolicyDescriptorType = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_a] != null) { - entries[_a] = input[_a]; - } - return entries; -}, "se_PolicyDescriptorType"); -var se_ProvidedContext = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_PAro] != null) { - entries[_PAro] = input[_PAro]; - } - if (input[_CA] != null) { - entries[_CA] = input[_CA]; - } - return entries; -}, "se_ProvidedContext"); -var se_ProvidedContextsListType = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - let counter = 1; - for (const entry of input) { - if (entry === null) { - continue; - } - const memberEntries = se_ProvidedContext(entry, context); - Object.entries(memberEntries).forEach(([key, value]) => { - entries[`member.${counter}.${key}`] = value; - }); - counter++; - } - return entries; -}, "se_ProvidedContextsListType"); -var se_Tag = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_K] != null) { - entries[_K] = input[_K]; - } - if (input[_Va] != null) { - entries[_Va] = input[_Va]; - } - return entries; -}, "se_Tag"); -var se_tagKeyListType = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - let counter = 1; - for (const entry of input) { - if (entry === null) { - continue; - } - entries[`member.${counter}`] = entry; - counter++; - } - return entries; -}, "se_tagKeyListType"); -var se_tagListType = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - let counter = 1; - for (const entry of input) { - if (entry === null) { - continue; - } - const memberEntries = se_Tag(entry, context); - Object.entries(memberEntries).forEach(([key, value]) => { - entries[`member.${counter}.${key}`] = value; - }); - counter++; - } - return entries; -}, "se_tagListType"); -var de_AssumedRoleUser = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_ARI] != null) { - contents[_ARI] = (0, import_smithy_client.expectString)(output[_ARI]); - } - if (output[_Ar] != null) { - contents[_Ar] = (0, import_smithy_client.expectString)(output[_Ar]); - } - return contents; -}, "de_AssumedRoleUser"); -var de_AssumeRoleResponse = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_C] != null) { - contents[_C] = de_Credentials(output[_C], context); - } - if (output[_ARU] != null) { - contents[_ARU] = de_AssumedRoleUser(output[_ARU], context); - } - if (output[_PPS] != null) { - contents[_PPS] = (0, import_smithy_client.strictParseInt32)(output[_PPS]); - } - if (output[_SI] != null) { - contents[_SI] = (0, import_smithy_client.expectString)(output[_SI]); - } - return contents; -}, "de_AssumeRoleResponse"); -var de_AssumeRoleWithSAMLResponse = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_C] != null) { - contents[_C] = de_Credentials(output[_C], context); - } - if (output[_ARU] != null) { - contents[_ARU] = de_AssumedRoleUser(output[_ARU], context); - } - if (output[_PPS] != null) { - contents[_PPS] = (0, import_smithy_client.strictParseInt32)(output[_PPS]); - } - if (output[_S] != null) { - contents[_S] = (0, import_smithy_client.expectString)(output[_S]); - } - if (output[_ST] != null) { - contents[_ST] = (0, import_smithy_client.expectString)(output[_ST]); - } - if (output[_I] != null) { - contents[_I] = (0, import_smithy_client.expectString)(output[_I]); - } - if (output[_Au] != null) { - contents[_Au] = (0, import_smithy_client.expectString)(output[_Au]); - } - if (output[_NQ] != null) { - contents[_NQ] = (0, import_smithy_client.expectString)(output[_NQ]); - } - if (output[_SI] != null) { - contents[_SI] = (0, import_smithy_client.expectString)(output[_SI]); - } - return contents; -}, "de_AssumeRoleWithSAMLResponse"); -var de_AssumeRoleWithWebIdentityResponse = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_C] != null) { - contents[_C] = de_Credentials(output[_C], context); - } - if (output[_SFWIT] != null) { - contents[_SFWIT] = (0, import_smithy_client.expectString)(output[_SFWIT]); - } - if (output[_ARU] != null) { - contents[_ARU] = de_AssumedRoleUser(output[_ARU], context); - } - if (output[_PPS] != null) { - contents[_PPS] = (0, import_smithy_client.strictParseInt32)(output[_PPS]); - } - if (output[_Pr] != null) { - contents[_Pr] = (0, import_smithy_client.expectString)(output[_Pr]); - } - if (output[_Au] != null) { - contents[_Au] = (0, import_smithy_client.expectString)(output[_Au]); - } - if (output[_SI] != null) { - contents[_SI] = (0, import_smithy_client.expectString)(output[_SI]); - } - return contents; -}, "de_AssumeRoleWithWebIdentityResponse"); -var de_AssumeRootResponse = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_C] != null) { - contents[_C] = de_Credentials(output[_C], context); - } - if (output[_SI] != null) { - contents[_SI] = (0, import_smithy_client.expectString)(output[_SI]); - } - return contents; -}, "de_AssumeRootResponse"); -var de_Credentials = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_AKI] != null) { - contents[_AKI] = (0, import_smithy_client.expectString)(output[_AKI]); - } - if (output[_SAK] != null) { - contents[_SAK] = (0, import_smithy_client.expectString)(output[_SAK]); - } - if (output[_STe] != null) { - contents[_STe] = (0, import_smithy_client.expectString)(output[_STe]); - } - if (output[_E] != null) { - contents[_E] = (0, import_smithy_client.expectNonNull)((0, import_smithy_client.parseRfc3339DateTimeWithOffset)(output[_E])); - } - return contents; -}, "de_Credentials"); -var de_DecodeAuthorizationMessageResponse = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_DM] != null) { - contents[_DM] = (0, import_smithy_client.expectString)(output[_DM]); - } - return contents; -}, "de_DecodeAuthorizationMessageResponse"); -var de_ExpiredTokenException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client.expectString)(output[_m]); - } - return contents; -}, "de_ExpiredTokenException"); -var de_FederatedUser = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_FUI] != null) { - contents[_FUI] = (0, import_smithy_client.expectString)(output[_FUI]); - } - if (output[_Ar] != null) { - contents[_Ar] = (0, import_smithy_client.expectString)(output[_Ar]); - } - return contents; -}, "de_FederatedUser"); -var de_GetAccessKeyInfoResponse = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_Ac] != null) { - contents[_Ac] = (0, import_smithy_client.expectString)(output[_Ac]); - } - return contents; -}, "de_GetAccessKeyInfoResponse"); -var de_GetCallerIdentityResponse = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_UI] != null) { - contents[_UI] = (0, import_smithy_client.expectString)(output[_UI]); - } - if (output[_Ac] != null) { - contents[_Ac] = (0, import_smithy_client.expectString)(output[_Ac]); - } - if (output[_Ar] != null) { - contents[_Ar] = (0, import_smithy_client.expectString)(output[_Ar]); - } - return contents; -}, "de_GetCallerIdentityResponse"); -var de_GetFederationTokenResponse = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_C] != null) { - contents[_C] = de_Credentials(output[_C], context); - } - if (output[_FU] != null) { - contents[_FU] = de_FederatedUser(output[_FU], context); - } - if (output[_PPS] != null) { - contents[_PPS] = (0, import_smithy_client.strictParseInt32)(output[_PPS]); - } - return contents; -}, "de_GetFederationTokenResponse"); -var de_GetSessionTokenResponse = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_C] != null) { - contents[_C] = de_Credentials(output[_C], context); - } - return contents; -}, "de_GetSessionTokenResponse"); -var de_IDPCommunicationErrorException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client.expectString)(output[_m]); - } - return contents; -}, "de_IDPCommunicationErrorException"); -var de_IDPRejectedClaimException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client.expectString)(output[_m]); - } - return contents; -}, "de_IDPRejectedClaimException"); -var de_InvalidAuthorizationMessageException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client.expectString)(output[_m]); - } - return contents; -}, "de_InvalidAuthorizationMessageException"); -var de_InvalidIdentityTokenException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client.expectString)(output[_m]); - } - return contents; -}, "de_InvalidIdentityTokenException"); -var de_MalformedPolicyDocumentException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client.expectString)(output[_m]); - } - return contents; -}, "de_MalformedPolicyDocumentException"); -var de_PackedPolicyTooLargeException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client.expectString)(output[_m]); - } - return contents; -}, "de_PackedPolicyTooLargeException"); -var de_RegionDisabledException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client.expectString)(output[_m]); - } - return contents; -}, "de_RegionDisabledException"); -var deserializeMetadata = /* @__PURE__ */ __name((output) => ({ - httpStatusCode: output.statusCode, - requestId: output.headers["x-amzn-requestid"] ?? output.headers["x-amzn-request-id"] ?? output.headers["x-amz-request-id"], - extendedRequestId: output.headers["x-amz-id-2"], - cfId: output.headers["x-amz-cf-id"] -}), "deserializeMetadata"); -var throwDefaultError = (0, import_smithy_client.withBaseException)(STSServiceException); -var buildHttpRpcRequest = /* @__PURE__ */ __name(async (context, headers, path, resolvedHostname, body) => { - const { hostname, protocol = "https", port, path: basePath } = await context.endpoint(); - const contents = { - protocol, - hostname, - port, - method: "POST", - path: basePath.endsWith("/") ? basePath.slice(0, -1) + path : basePath + path, - headers - }; - if (resolvedHostname !== void 0) { - contents.hostname = resolvedHostname; - } - if (body !== void 0) { - contents.body = body; - } - return new import_protocol_http.HttpRequest(contents); -}, "buildHttpRpcRequest"); -var SHARED_HEADERS = { - "content-type": "application/x-www-form-urlencoded" -}; -var _ = "2011-06-15"; -var _A = "Action"; -var _AKI = "AccessKeyId"; -var _AR = "AssumeRole"; -var _ARI = "AssumedRoleId"; -var _ARU = "AssumedRoleUser"; -var _ARWSAML = "AssumeRoleWithSAML"; -var _ARWWI = "AssumeRoleWithWebIdentity"; -var _ARs = "AssumeRoot"; -var _Ac = "Account"; -var _Ar = "Arn"; -var _Au = "Audience"; -var _C = "Credentials"; -var _CA = "ContextAssertion"; -var _DAM = "DecodeAuthorizationMessage"; -var _DM = "DecodedMessage"; -var _DS = "DurationSeconds"; -var _E = "Expiration"; -var _EI = "ExternalId"; -var _EM = "EncodedMessage"; -var _FU = "FederatedUser"; -var _FUI = "FederatedUserId"; -var _GAKI = "GetAccessKeyInfo"; -var _GCI = "GetCallerIdentity"; -var _GFT = "GetFederationToken"; -var _GST = "GetSessionToken"; -var _I = "Issuer"; -var _K = "Key"; -var _N = "Name"; -var _NQ = "NameQualifier"; -var _P = "Policy"; -var _PA = "PolicyArns"; -var _PAr = "PrincipalArn"; -var _PAro = "ProviderArn"; -var _PC = "ProvidedContexts"; -var _PI = "ProviderId"; -var _PPS = "PackedPolicySize"; -var _Pr = "Provider"; -var _RA = "RoleArn"; -var _RSN = "RoleSessionName"; -var _S = "Subject"; -var _SAK = "SecretAccessKey"; -var _SAMLA = "SAMLAssertion"; -var _SFWIT = "SubjectFromWebIdentityToken"; -var _SI = "SourceIdentity"; -var _SN = "SerialNumber"; -var _ST = "SubjectType"; -var _STe = "SessionToken"; -var _T = "Tags"; -var _TC = "TokenCode"; -var _TP = "TargetPrincipal"; -var _TPA = "TaskPolicyArn"; -var _TTK = "TransitiveTagKeys"; -var _UI = "UserId"; -var _V = "Version"; -var _Va = "Value"; -var _WIT = "WebIdentityToken"; -var _a = "arn"; -var _m = "message"; -var buildFormUrlencodedString = /* @__PURE__ */ __name((formEntries) => Object.entries(formEntries).map(([key, value]) => (0, import_smithy_client.extendedEncodeURIComponent)(key) + "=" + (0, import_smithy_client.extendedEncodeURIComponent)(value)).join("&"), "buildFormUrlencodedString"); -var loadQueryErrorCode = /* @__PURE__ */ __name((output, data) => { - if (data.Error?.Code !== void 0) { - return data.Error.Code; - } - if (output.statusCode == 404) { - return "NotFound"; - } -}, "loadQueryErrorCode"); - -// src/commands/AssumeRoleCommand.ts -var AssumeRoleCommand = class extends import_smithy_client.Command.classBuilder().ep(import_EndpointParameters.commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("AWSSecurityTokenServiceV20110615", "AssumeRole", {}).n("STSClient", "AssumeRoleCommand").f(void 0, AssumeRoleResponseFilterSensitiveLog).ser(se_AssumeRoleCommand).de(de_AssumeRoleCommand).build() { - static { - __name(this, "AssumeRoleCommand"); - } -}; - -// src/commands/AssumeRoleWithSAMLCommand.ts - - - -var import_EndpointParameters2 = __nccwpck_require__(510); -var AssumeRoleWithSAMLCommand = class extends import_smithy_client.Command.classBuilder().ep(import_EndpointParameters2.commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("AWSSecurityTokenServiceV20110615", "AssumeRoleWithSAML", {}).n("STSClient", "AssumeRoleWithSAMLCommand").f(AssumeRoleWithSAMLRequestFilterSensitiveLog, AssumeRoleWithSAMLResponseFilterSensitiveLog).ser(se_AssumeRoleWithSAMLCommand).de(de_AssumeRoleWithSAMLCommand).build() { - static { - __name(this, "AssumeRoleWithSAMLCommand"); - } -}; - -// src/commands/AssumeRoleWithWebIdentityCommand.ts - - - -var import_EndpointParameters3 = __nccwpck_require__(510); -var AssumeRoleWithWebIdentityCommand = class extends import_smithy_client.Command.classBuilder().ep(import_EndpointParameters3.commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("AWSSecurityTokenServiceV20110615", "AssumeRoleWithWebIdentity", {}).n("STSClient", "AssumeRoleWithWebIdentityCommand").f(AssumeRoleWithWebIdentityRequestFilterSensitiveLog, AssumeRoleWithWebIdentityResponseFilterSensitiveLog).ser(se_AssumeRoleWithWebIdentityCommand).de(de_AssumeRoleWithWebIdentityCommand).build() { - static { - __name(this, "AssumeRoleWithWebIdentityCommand"); - } -}; - -// src/commands/AssumeRootCommand.ts - - - -var import_EndpointParameters4 = __nccwpck_require__(510); -var AssumeRootCommand = class extends import_smithy_client.Command.classBuilder().ep(import_EndpointParameters4.commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("AWSSecurityTokenServiceV20110615", "AssumeRoot", {}).n("STSClient", "AssumeRootCommand").f(void 0, AssumeRootResponseFilterSensitiveLog).ser(se_AssumeRootCommand).de(de_AssumeRootCommand).build() { - static { - __name(this, "AssumeRootCommand"); - } -}; - -// src/commands/DecodeAuthorizationMessageCommand.ts - - - -var import_EndpointParameters5 = __nccwpck_require__(510); -var DecodeAuthorizationMessageCommand = class extends import_smithy_client.Command.classBuilder().ep(import_EndpointParameters5.commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("AWSSecurityTokenServiceV20110615", "DecodeAuthorizationMessage", {}).n("STSClient", "DecodeAuthorizationMessageCommand").f(void 0, void 0).ser(se_DecodeAuthorizationMessageCommand).de(de_DecodeAuthorizationMessageCommand).build() { - static { - __name(this, "DecodeAuthorizationMessageCommand"); - } -}; - -// src/commands/GetAccessKeyInfoCommand.ts - - - -var import_EndpointParameters6 = __nccwpck_require__(510); -var GetAccessKeyInfoCommand = class extends import_smithy_client.Command.classBuilder().ep(import_EndpointParameters6.commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("AWSSecurityTokenServiceV20110615", "GetAccessKeyInfo", {}).n("STSClient", "GetAccessKeyInfoCommand").f(void 0, void 0).ser(se_GetAccessKeyInfoCommand).de(de_GetAccessKeyInfoCommand).build() { - static { - __name(this, "GetAccessKeyInfoCommand"); - } -}; - -// src/commands/GetCallerIdentityCommand.ts - - - -var import_EndpointParameters7 = __nccwpck_require__(510); -var GetCallerIdentityCommand = class extends import_smithy_client.Command.classBuilder().ep(import_EndpointParameters7.commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("AWSSecurityTokenServiceV20110615", "GetCallerIdentity", {}).n("STSClient", "GetCallerIdentityCommand").f(void 0, void 0).ser(se_GetCallerIdentityCommand).de(de_GetCallerIdentityCommand).build() { - static { - __name(this, "GetCallerIdentityCommand"); - } -}; - -// src/commands/GetFederationTokenCommand.ts - - - -var import_EndpointParameters8 = __nccwpck_require__(510); -var GetFederationTokenCommand = class extends import_smithy_client.Command.classBuilder().ep(import_EndpointParameters8.commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("AWSSecurityTokenServiceV20110615", "GetFederationToken", {}).n("STSClient", "GetFederationTokenCommand").f(void 0, GetFederationTokenResponseFilterSensitiveLog).ser(se_GetFederationTokenCommand).de(de_GetFederationTokenCommand).build() { - static { - __name(this, "GetFederationTokenCommand"); - } -}; - -// src/commands/GetSessionTokenCommand.ts - - - -var import_EndpointParameters9 = __nccwpck_require__(510); -var GetSessionTokenCommand = class extends import_smithy_client.Command.classBuilder().ep(import_EndpointParameters9.commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("AWSSecurityTokenServiceV20110615", "GetSessionToken", {}).n("STSClient", "GetSessionTokenCommand").f(void 0, GetSessionTokenResponseFilterSensitiveLog).ser(se_GetSessionTokenCommand).de(de_GetSessionTokenCommand).build() { - static { - __name(this, "GetSessionTokenCommand"); - } -}; - -// src/STS.ts -var import_STSClient = __nccwpck_require__(4195); -var commands = { - AssumeRoleCommand, - AssumeRoleWithSAMLCommand, - AssumeRoleWithWebIdentityCommand, - AssumeRootCommand, - DecodeAuthorizationMessageCommand, - GetAccessKeyInfoCommand, - GetCallerIdentityCommand, - GetFederationTokenCommand, - GetSessionTokenCommand -}; -var STS = class extends import_STSClient.STSClient { - static { - __name(this, "STS"); - } -}; -(0, import_smithy_client.createAggregatedClient)(commands, STS); - -// src/index.ts -var import_EndpointParameters10 = __nccwpck_require__(510); - -// src/defaultStsRoleAssumers.ts -var import_client = __nccwpck_require__(6510); -var ASSUME_ROLE_DEFAULT_REGION = "us-east-1"; -var getAccountIdFromAssumedRoleUser = /* @__PURE__ */ __name((assumedRoleUser) => { - if (typeof assumedRoleUser?.Arn === "string") { - const arnComponents = assumedRoleUser.Arn.split(":"); - if (arnComponents.length > 4 && arnComponents[4] !== "") { - return arnComponents[4]; - } - } - return void 0; -}, "getAccountIdFromAssumedRoleUser"); -var resolveRegion = /* @__PURE__ */ __name(async (_region, _parentRegion, credentialProviderLogger) => { - const region = typeof _region === "function" ? await _region() : _region; - const parentRegion = typeof _parentRegion === "function" ? await _parentRegion() : _parentRegion; - credentialProviderLogger?.debug?.( - "@aws-sdk/client-sts::resolveRegion", - "accepting first of:", - `${region} (provider)`, - `${parentRegion} (parent client)`, - `${ASSUME_ROLE_DEFAULT_REGION} (STS default)` - ); - return region ?? parentRegion ?? ASSUME_ROLE_DEFAULT_REGION; -}, "resolveRegion"); -var getDefaultRoleAssumer = /* @__PURE__ */ __name((stsOptions, STSClient3) => { - let stsClient; - let closureSourceCreds; - return async (sourceCreds, params) => { - closureSourceCreds = sourceCreds; - if (!stsClient) { - const { - logger = stsOptions?.parentClientConfig?.logger, - region, - requestHandler = stsOptions?.parentClientConfig?.requestHandler, - credentialProviderLogger - } = stsOptions; - const resolvedRegion = await resolveRegion( - region, - stsOptions?.parentClientConfig?.region, - credentialProviderLogger - ); - const isCompatibleRequestHandler = !isH2(requestHandler); - stsClient = new STSClient3({ - profile: stsOptions?.parentClientConfig?.profile, - // A hack to make sts client uses the credential in current closure. - credentialDefaultProvider: /* @__PURE__ */ __name(() => async () => closureSourceCreds, "credentialDefaultProvider"), - region: resolvedRegion, - requestHandler: isCompatibleRequestHandler ? requestHandler : void 0, - logger - }); - } - const { Credentials: Credentials2, AssumedRoleUser: AssumedRoleUser2 } = await stsClient.send(new AssumeRoleCommand(params)); - if (!Credentials2 || !Credentials2.AccessKeyId || !Credentials2.SecretAccessKey) { - throw new Error(`Invalid response from STS.assumeRole call with role ${params.RoleArn}`); - } - const accountId = getAccountIdFromAssumedRoleUser(AssumedRoleUser2); - const credentials = { - accessKeyId: Credentials2.AccessKeyId, - secretAccessKey: Credentials2.SecretAccessKey, - sessionToken: Credentials2.SessionToken, - expiration: Credentials2.Expiration, - // TODO(credentialScope): access normally when shape is updated. - ...Credentials2.CredentialScope && { credentialScope: Credentials2.CredentialScope }, - ...accountId && { accountId } - }; - (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_STS_ASSUME_ROLE", "i"); - return credentials; - }; -}, "getDefaultRoleAssumer"); -var getDefaultRoleAssumerWithWebIdentity = /* @__PURE__ */ __name((stsOptions, STSClient3) => { - let stsClient; - return async (params) => { - if (!stsClient) { - const { - logger = stsOptions?.parentClientConfig?.logger, - region, - requestHandler = stsOptions?.parentClientConfig?.requestHandler, - credentialProviderLogger - } = stsOptions; - const resolvedRegion = await resolveRegion( - region, - stsOptions?.parentClientConfig?.region, - credentialProviderLogger - ); - const isCompatibleRequestHandler = !isH2(requestHandler); - stsClient = new STSClient3({ - profile: stsOptions?.parentClientConfig?.profile, - region: resolvedRegion, - requestHandler: isCompatibleRequestHandler ? requestHandler : void 0, - logger - }); - } - const { Credentials: Credentials2, AssumedRoleUser: AssumedRoleUser2 } = await stsClient.send(new AssumeRoleWithWebIdentityCommand(params)); - if (!Credentials2 || !Credentials2.AccessKeyId || !Credentials2.SecretAccessKey) { - throw new Error(`Invalid response from STS.assumeRoleWithWebIdentity call with role ${params.RoleArn}`); - } - const accountId = getAccountIdFromAssumedRoleUser(AssumedRoleUser2); - const credentials = { - accessKeyId: Credentials2.AccessKeyId, - secretAccessKey: Credentials2.SecretAccessKey, - sessionToken: Credentials2.SessionToken, - expiration: Credentials2.Expiration, - // TODO(credentialScope): access normally when shape is updated. - ...Credentials2.CredentialScope && { credentialScope: Credentials2.CredentialScope }, - ...accountId && { accountId } - }; - if (accountId) { - (0, import_client.setCredentialFeature)(credentials, "RESOLVED_ACCOUNT_ID", "T"); - } - (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_STS_ASSUME_ROLE_WEB_ID", "k"); - return credentials; - }; -}, "getDefaultRoleAssumerWithWebIdentity"); -var isH2 = /* @__PURE__ */ __name((requestHandler) => { - return requestHandler?.metadata?.handlerProtocol === "h2"; -}, "isH2"); - -// src/defaultRoleAssumers.ts -var import_STSClient2 = __nccwpck_require__(4195); -var getCustomizableStsClientCtor = /* @__PURE__ */ __name((baseCtor, customizations) => { - if (!customizations) return baseCtor; - else - return class CustomizableSTSClient extends baseCtor { - static { - __name(this, "CustomizableSTSClient"); - } - constructor(config) { - super(config); - for (const customization of customizations) { - this.middlewareStack.use(customization); - } - } - }; -}, "getCustomizableStsClientCtor"); -var getDefaultRoleAssumer2 = /* @__PURE__ */ __name((stsOptions = {}, stsPlugins) => getDefaultRoleAssumer(stsOptions, getCustomizableStsClientCtor(import_STSClient2.STSClient, stsPlugins)), "getDefaultRoleAssumer"); -var getDefaultRoleAssumerWithWebIdentity2 = /* @__PURE__ */ __name((stsOptions = {}, stsPlugins) => getDefaultRoleAssumerWithWebIdentity(stsOptions, getCustomizableStsClientCtor(import_STSClient2.STSClient, stsPlugins)), "getDefaultRoleAssumerWithWebIdentity"); -var decorateDefaultCredentialProvider = /* @__PURE__ */ __name((provider) => (input) => provider({ - roleAssumer: getDefaultRoleAssumer2(input), - roleAssumerWithWebIdentity: getDefaultRoleAssumerWithWebIdentity2(input), - ...input -}), "decorateDefaultCredentialProvider"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 3405: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.getRuntimeConfig = void 0; -const tslib_1 = __nccwpck_require__(4351); -const package_json_1 = tslib_1.__importDefault(__nccwpck_require__(7947)); -const core_1 = __nccwpck_require__(2143); -const credential_provider_node_1 = __nccwpck_require__(3196); -const util_user_agent_node_1 = __nccwpck_require__(7330); -const config_resolver_1 = __nccwpck_require__(3098); -const core_2 = __nccwpck_require__(5829); -const hash_node_1 = __nccwpck_require__(3081); -const middleware_retry_1 = __nccwpck_require__(6039); -const node_config_provider_1 = __nccwpck_require__(3461); -const node_http_handler_1 = __nccwpck_require__(258); -const util_body_length_node_1 = __nccwpck_require__(8075); -const util_retry_1 = __nccwpck_require__(4902); -const runtimeConfig_shared_1 = __nccwpck_require__(2642); -const smithy_client_1 = __nccwpck_require__(3570); -const util_defaults_mode_node_1 = __nccwpck_require__(2429); -const smithy_client_2 = __nccwpck_require__(3570); -const getRuntimeConfig = (config) => { - (0, smithy_client_2.emitWarningIfUnsupportedVersion)(process.version); - const defaultsMode = (0, util_defaults_mode_node_1.resolveDefaultsModeConfig)(config); - const defaultConfigProvider = () => defaultsMode().then(smithy_client_1.loadConfigsForDefaultMode); - const clientSharedValues = (0, runtimeConfig_shared_1.getRuntimeConfig)(config); - (0, core_1.emitWarningIfUnsupportedVersion)(process.version); - const loaderConfig = { - profile: config?.profile, - logger: clientSharedValues.logger, - }; - return { - ...clientSharedValues, - ...config, - runtime: "node", - defaultsMode, - authSchemePreference: config?.authSchemePreference ?? (0, node_config_provider_1.loadConfig)(core_1.NODE_AUTH_SCHEME_PREFERENCE_OPTIONS, loaderConfig), - bodyLengthChecker: config?.bodyLengthChecker ?? util_body_length_node_1.calculateBodyLength, - credentialDefaultProvider: config?.credentialDefaultProvider ?? credential_provider_node_1.defaultProvider, - defaultUserAgentProvider: config?.defaultUserAgentProvider ?? - (0, util_user_agent_node_1.createDefaultUserAgentProvider)({ serviceId: clientSharedValues.serviceId, clientVersion: package_json_1.default.version }), - httpAuthSchemes: config?.httpAuthSchemes ?? [ - { - schemeId: "aws.auth#sigv4", - identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4") || - (async (idProps) => await (0, credential_provider_node_1.defaultProvider)(idProps?.__config || {})()), - signer: new core_1.AwsSdkSigV4Signer(), - }, - { - schemeId: "smithy.api#noAuth", - identityProvider: (ipc) => ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})), - signer: new core_2.NoAuthSigner(), - }, - ], - maxAttempts: config?.maxAttempts ?? (0, node_config_provider_1.loadConfig)(middleware_retry_1.NODE_MAX_ATTEMPT_CONFIG_OPTIONS, config), - region: config?.region ?? - (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_REGION_CONFIG_OPTIONS, { ...config_resolver_1.NODE_REGION_CONFIG_FILE_OPTIONS, ...loaderConfig }), - requestHandler: node_http_handler_1.NodeHttpHandler.create(config?.requestHandler ?? defaultConfigProvider), - retryMode: config?.retryMode ?? - (0, node_config_provider_1.loadConfig)({ - ...middleware_retry_1.NODE_RETRY_MODE_CONFIG_OPTIONS, - default: async () => (await defaultConfigProvider()).retryMode || util_retry_1.DEFAULT_RETRY_MODE, - }, config), - sha256: config?.sha256 ?? hash_node_1.Hash.bind(null, "sha256"), - streamCollector: config?.streamCollector ?? node_http_handler_1.streamCollector, - useDualstackEndpoint: config?.useDualstackEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS, loaderConfig), - useFipsEndpoint: config?.useFipsEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS, loaderConfig), - userAgentAppId: config?.userAgentAppId ?? (0, node_config_provider_1.loadConfig)(util_user_agent_node_1.NODE_APP_ID_CONFIG_OPTIONS, loaderConfig), - }; -}; -exports.getRuntimeConfig = getRuntimeConfig; - - -/***/ }), - -/***/ 2642: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.getRuntimeConfig = void 0; -const core_1 = __nccwpck_require__(2143); -const core_2 = __nccwpck_require__(5829); -const smithy_client_1 = __nccwpck_require__(3570); -const url_parser_1 = __nccwpck_require__(4681); -const util_base64_1 = __nccwpck_require__(5600); -const util_utf8_1 = __nccwpck_require__(1895); -const httpAuthSchemeProvider_1 = __nccwpck_require__(7145); -const endpointResolver_1 = __nccwpck_require__(1203); -const getRuntimeConfig = (config) => { - return { - apiVersion: "2011-06-15", - base64Decoder: config?.base64Decoder ?? util_base64_1.fromBase64, - base64Encoder: config?.base64Encoder ?? util_base64_1.toBase64, - disableHostPrefix: config?.disableHostPrefix ?? false, - endpointProvider: config?.endpointProvider ?? endpointResolver_1.defaultEndpointResolver, - extensions: config?.extensions ?? [], - httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? httpAuthSchemeProvider_1.defaultSTSHttpAuthSchemeProvider, - httpAuthSchemes: config?.httpAuthSchemes ?? [ - { - schemeId: "aws.auth#sigv4", - identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4"), - signer: new core_1.AwsSdkSigV4Signer(), - }, - { - schemeId: "smithy.api#noAuth", - identityProvider: (ipc) => ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})), - signer: new core_2.NoAuthSigner(), - }, - ], - logger: config?.logger ?? new smithy_client_1.NoOpLogger(), - serviceId: config?.serviceId ?? "STS", - urlParser: config?.urlParser ?? url_parser_1.parseUrl, - utf8Decoder: config?.utf8Decoder ?? util_utf8_1.fromUtf8, - utf8Encoder: config?.utf8Encoder ?? util_utf8_1.toUtf8, - }; -}; -exports.getRuntimeConfig = getRuntimeConfig; - - -/***/ }), - -/***/ 2053: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.resolveRuntimeExtensions = void 0; -const region_config_resolver_1 = __nccwpck_require__(6976); -const protocol_http_1 = __nccwpck_require__(4418); -const smithy_client_1 = __nccwpck_require__(3570); -const httpAuthExtensionConfiguration_1 = __nccwpck_require__(8527); -const resolveRuntimeExtensions = (runtimeConfig, extensions) => { - const extensionConfiguration = Object.assign((0, region_config_resolver_1.getAwsRegionExtensionConfiguration)(runtimeConfig), (0, smithy_client_1.getDefaultExtensionConfiguration)(runtimeConfig), (0, protocol_http_1.getHttpHandlerExtensionConfiguration)(runtimeConfig), (0, httpAuthExtensionConfiguration_1.getHttpAuthExtensionConfiguration)(runtimeConfig)); - extensions.forEach((extension) => extension.configure(extensionConfiguration)); - return Object.assign(runtimeConfig, (0, region_config_resolver_1.resolveAwsRegionExtensionConfiguration)(extensionConfiguration), (0, smithy_client_1.resolveDefaultRuntimeConfig)(extensionConfiguration), (0, protocol_http_1.resolveHttpHandlerRuntimeConfig)(extensionConfiguration), (0, httpAuthExtensionConfiguration_1.resolveHttpAuthRuntimeConfig)(extensionConfiguration)); -}; -exports.resolveRuntimeExtensions = resolveRuntimeExtensions; - - -/***/ }), - -/***/ 6555: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.resolveHttpAuthSchemeConfig = exports.defaultSSOHttpAuthSchemeProvider = exports.defaultSSOHttpAuthSchemeParametersProvider = void 0; -const core_1 = __nccwpck_require__(2143); -const util_middleware_1 = __nccwpck_require__(2390); -const defaultSSOHttpAuthSchemeParametersProvider = async (config, context, input) => { - return { - operation: (0, util_middleware_1.getSmithyContext)(context).operation, - region: (await (0, util_middleware_1.normalizeProvider)(config.region)()) || - (() => { - throw new Error("expected `region` to be configured for `aws.auth#sigv4`"); - })(), - }; -}; -exports.defaultSSOHttpAuthSchemeParametersProvider = defaultSSOHttpAuthSchemeParametersProvider; -function createAwsAuthSigv4HttpAuthOption(authParameters) { - return { - schemeId: "aws.auth#sigv4", - signingProperties: { - name: "awsssoportal", - region: authParameters.region, - }, - propertiesExtractor: (config, context) => ({ - signingProperties: { - config, - context, - }, - }), - }; -} -function createSmithyApiNoAuthHttpAuthOption(authParameters) { - return { - schemeId: "smithy.api#noAuth", - }; -} -const defaultSSOHttpAuthSchemeProvider = (authParameters) => { - const options = []; - switch (authParameters.operation) { - case "GetRoleCredentials": { - options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); - break; - } - case "ListAccountRoles": { - options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); - break; - } - case "ListAccounts": { - options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); - break; - } - case "Logout": { - options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); - break; - } - default: { - options.push(createAwsAuthSigv4HttpAuthOption(authParameters)); - } - } - return options; -}; -exports.defaultSSOHttpAuthSchemeProvider = defaultSSOHttpAuthSchemeProvider; -const resolveHttpAuthSchemeConfig = (config) => { - const config_0 = (0, core_1.resolveAwsSdkSigV4Config)(config); - return Object.assign(config_0, { - authSchemePreference: (0, util_middleware_1.normalizeProvider)(config.authSchemePreference ?? []), - }); -}; -exports.resolveHttpAuthSchemeConfig = resolveHttpAuthSchemeConfig; - - -/***/ }), - -/***/ 3584: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.defaultEndpointResolver = void 0; -const util_endpoints_1 = __nccwpck_require__(4241); -const util_endpoints_2 = __nccwpck_require__(5473); -const ruleset_1 = __nccwpck_require__(7957); -const cache = new util_endpoints_2.EndpointCache({ - size: 50, - params: ["Endpoint", "Region", "UseDualStack", "UseFIPS"], -}); -const defaultEndpointResolver = (endpointParams, context = {}) => { - return cache.get(endpointParams, () => (0, util_endpoints_2.resolveEndpoint)(ruleset_1.ruleSet, { - endpointParams: endpointParams, - logger: context.logger, - })); -}; -exports.defaultEndpointResolver = defaultEndpointResolver; -util_endpoints_2.customEndpointFunctions.aws = util_endpoints_1.awsEndpointFunctions; - - -/***/ }), - -/***/ 7957: -/***/ ((__unused_webpack_module, exports) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.ruleSet = void 0; -const u = "required", v = "fn", w = "argv", x = "ref"; -const a = true, b = "isSet", c = "booleanEquals", d = "error", e = "endpoint", f = "tree", g = "PartitionResult", h = "getAttr", i = { [u]: false, "type": "String" }, j = { [u]: true, "default": false, "type": "Boolean" }, k = { [x]: "Endpoint" }, l = { [v]: c, [w]: [{ [x]: "UseFIPS" }, true] }, m = { [v]: c, [w]: [{ [x]: "UseDualStack" }, true] }, n = {}, o = { [v]: h, [w]: [{ [x]: g }, "supportsFIPS"] }, p = { [x]: g }, q = { [v]: c, [w]: [true, { [v]: h, [w]: [p, "supportsDualStack"] }] }, r = [l], s = [m], t = [{ [x]: "Region" }]; -const _data = { version: "1.0", parameters: { Region: i, UseDualStack: j, UseFIPS: j, Endpoint: i }, rules: [{ conditions: [{ [v]: b, [w]: [k] }], rules: [{ conditions: r, error: "Invalid Configuration: FIPS and custom endpoint are not supported", type: d }, { conditions: s, error: "Invalid Configuration: Dualstack and custom endpoint are not supported", type: d }, { endpoint: { url: k, properties: n, headers: n }, type: e }], type: f }, { conditions: [{ [v]: b, [w]: t }], rules: [{ conditions: [{ [v]: "aws.partition", [w]: t, assign: g }], rules: [{ conditions: [l, m], rules: [{ conditions: [{ [v]: c, [w]: [a, o] }, q], rules: [{ endpoint: { url: "https://portal.sso-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: n, headers: n }, type: e }], type: f }, { error: "FIPS and DualStack are enabled, but this partition does not support one or both", type: d }], type: f }, { conditions: r, rules: [{ conditions: [{ [v]: c, [w]: [o, a] }], rules: [{ conditions: [{ [v]: "stringEquals", [w]: [{ [v]: h, [w]: [p, "name"] }, "aws-us-gov"] }], endpoint: { url: "https://portal.sso.{Region}.amazonaws.com", properties: n, headers: n }, type: e }, { endpoint: { url: "https://portal.sso-fips.{Region}.{PartitionResult#dnsSuffix}", properties: n, headers: n }, type: e }], type: f }, { error: "FIPS is enabled but this partition does not support FIPS", type: d }], type: f }, { conditions: s, rules: [{ conditions: [q], rules: [{ endpoint: { url: "https://portal.sso.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: n, headers: n }, type: e }], type: f }, { error: "DualStack is enabled but this partition does not support DualStack", type: d }], type: f }, { endpoint: { url: "https://portal.sso.{Region}.{PartitionResult#dnsSuffix}", properties: n, headers: n }, type: e }], type: f }], type: f }, { error: "Invalid Configuration: Missing Region", type: d }] }; -exports.ruleSet = _data; - - -/***/ }), - -/***/ 1687: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - GetRoleCredentialsCommand: () => GetRoleCredentialsCommand, - GetRoleCredentialsRequestFilterSensitiveLog: () => GetRoleCredentialsRequestFilterSensitiveLog, - GetRoleCredentialsResponseFilterSensitiveLog: () => GetRoleCredentialsResponseFilterSensitiveLog, - InvalidRequestException: () => InvalidRequestException, - ListAccountRolesCommand: () => ListAccountRolesCommand, - ListAccountRolesRequestFilterSensitiveLog: () => ListAccountRolesRequestFilterSensitiveLog, - ListAccountsCommand: () => ListAccountsCommand, - ListAccountsRequestFilterSensitiveLog: () => ListAccountsRequestFilterSensitiveLog, - LogoutCommand: () => LogoutCommand, - LogoutRequestFilterSensitiveLog: () => LogoutRequestFilterSensitiveLog, - ResourceNotFoundException: () => ResourceNotFoundException, - RoleCredentialsFilterSensitiveLog: () => RoleCredentialsFilterSensitiveLog, - SSO: () => SSO, - SSOClient: () => SSOClient, - SSOServiceException: () => SSOServiceException, - TooManyRequestsException: () => TooManyRequestsException, - UnauthorizedException: () => UnauthorizedException, - __Client: () => import_smithy_client.Client, - paginateListAccountRoles: () => paginateListAccountRoles, - paginateListAccounts: () => paginateListAccounts -}); -module.exports = __toCommonJS(index_exports); - -// src/SSOClient.ts -var import_middleware_host_header = __nccwpck_require__(9514); -var import_middleware_logger = __nccwpck_require__(5675); -var import_middleware_recursion_detection = __nccwpck_require__(7977); -var import_middleware_user_agent = __nccwpck_require__(6634); -var import_config_resolver = __nccwpck_require__(3098); -var import_core = __nccwpck_require__(5829); -var import_middleware_content_length = __nccwpck_require__(2800); -var import_middleware_endpoint = __nccwpck_require__(2918); -var import_middleware_retry = __nccwpck_require__(6039); - -var import_httpAuthSchemeProvider = __nccwpck_require__(6555); - -// src/endpoint/EndpointParameters.ts -var resolveClientEndpointParameters = /* @__PURE__ */ __name((options) => { - return Object.assign(options, { - useDualstackEndpoint: options.useDualstackEndpoint ?? false, - useFipsEndpoint: options.useFipsEndpoint ?? false, - defaultSigningName: "awsssoportal" - }); -}, "resolveClientEndpointParameters"); -var commonParams = { - UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, - Endpoint: { type: "builtInParams", name: "endpoint" }, - Region: { type: "builtInParams", name: "region" }, - UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" } -}; - -// src/SSOClient.ts -var import_runtimeConfig = __nccwpck_require__(1012); - -// src/runtimeExtensions.ts -var import_region_config_resolver = __nccwpck_require__(6976); -var import_protocol_http = __nccwpck_require__(4418); -var import_smithy_client = __nccwpck_require__(3570); - -// src/auth/httpAuthExtensionConfiguration.ts -var getHttpAuthExtensionConfiguration = /* @__PURE__ */ __name((runtimeConfig) => { - const _httpAuthSchemes = runtimeConfig.httpAuthSchemes; - let _httpAuthSchemeProvider = runtimeConfig.httpAuthSchemeProvider; - let _credentials = runtimeConfig.credentials; - return { - setHttpAuthScheme(httpAuthScheme) { - const index = _httpAuthSchemes.findIndex((scheme) => scheme.schemeId === httpAuthScheme.schemeId); - if (index === -1) { - _httpAuthSchemes.push(httpAuthScheme); - } else { - _httpAuthSchemes.splice(index, 1, httpAuthScheme); - } - }, - httpAuthSchemes() { - return _httpAuthSchemes; - }, - setHttpAuthSchemeProvider(httpAuthSchemeProvider) { - _httpAuthSchemeProvider = httpAuthSchemeProvider; - }, - httpAuthSchemeProvider() { - return _httpAuthSchemeProvider; - }, - setCredentials(credentials) { - _credentials = credentials; - }, - credentials() { - return _credentials; - } - }; -}, "getHttpAuthExtensionConfiguration"); -var resolveHttpAuthRuntimeConfig = /* @__PURE__ */ __name((config) => { - return { - httpAuthSchemes: config.httpAuthSchemes(), - httpAuthSchemeProvider: config.httpAuthSchemeProvider(), - credentials: config.credentials() - }; -}, "resolveHttpAuthRuntimeConfig"); - -// src/runtimeExtensions.ts -var resolveRuntimeExtensions = /* @__PURE__ */ __name((runtimeConfig, extensions) => { - const extensionConfiguration = Object.assign( - (0, import_region_config_resolver.getAwsRegionExtensionConfiguration)(runtimeConfig), - (0, import_smithy_client.getDefaultExtensionConfiguration)(runtimeConfig), - (0, import_protocol_http.getHttpHandlerExtensionConfiguration)(runtimeConfig), - getHttpAuthExtensionConfiguration(runtimeConfig) - ); - extensions.forEach((extension) => extension.configure(extensionConfiguration)); - return Object.assign( - runtimeConfig, - (0, import_region_config_resolver.resolveAwsRegionExtensionConfiguration)(extensionConfiguration), - (0, import_smithy_client.resolveDefaultRuntimeConfig)(extensionConfiguration), - (0, import_protocol_http.resolveHttpHandlerRuntimeConfig)(extensionConfiguration), - resolveHttpAuthRuntimeConfig(extensionConfiguration) - ); -}, "resolveRuntimeExtensions"); - -// src/SSOClient.ts -var SSOClient = class extends import_smithy_client.Client { - static { - __name(this, "SSOClient"); - } - /** - * The resolved configuration of SSOClient class. This is resolved and normalized from the {@link SSOClientConfig | constructor configuration interface}. - */ - config; - constructor(...[configuration]) { - const _config_0 = (0, import_runtimeConfig.getRuntimeConfig)(configuration || {}); - super(_config_0); - this.initConfig = _config_0; - const _config_1 = resolveClientEndpointParameters(_config_0); - const _config_2 = (0, import_middleware_user_agent.resolveUserAgentConfig)(_config_1); - const _config_3 = (0, import_middleware_retry.resolveRetryConfig)(_config_2); - const _config_4 = (0, import_config_resolver.resolveRegionConfig)(_config_3); - const _config_5 = (0, import_middleware_host_header.resolveHostHeaderConfig)(_config_4); - const _config_6 = (0, import_middleware_endpoint.resolveEndpointConfig)(_config_5); - const _config_7 = (0, import_httpAuthSchemeProvider.resolveHttpAuthSchemeConfig)(_config_6); - const _config_8 = resolveRuntimeExtensions(_config_7, configuration?.extensions || []); - this.config = _config_8; - this.middlewareStack.use((0, import_middleware_user_agent.getUserAgentPlugin)(this.config)); - this.middlewareStack.use((0, import_middleware_retry.getRetryPlugin)(this.config)); - this.middlewareStack.use((0, import_middleware_content_length.getContentLengthPlugin)(this.config)); - this.middlewareStack.use((0, import_middleware_host_header.getHostHeaderPlugin)(this.config)); - this.middlewareStack.use((0, import_middleware_logger.getLoggerPlugin)(this.config)); - this.middlewareStack.use((0, import_middleware_recursion_detection.getRecursionDetectionPlugin)(this.config)); - this.middlewareStack.use( - (0, import_core.getHttpAuthSchemeEndpointRuleSetPlugin)(this.config, { - httpAuthSchemeParametersProvider: import_httpAuthSchemeProvider.defaultSSOHttpAuthSchemeParametersProvider, - identityProviderConfigProvider: /* @__PURE__ */ __name(async (config) => new import_core.DefaultIdentityProviderConfig({ - "aws.auth#sigv4": config.credentials - }), "identityProviderConfigProvider") - }) - ); - this.middlewareStack.use((0, import_core.getHttpSigningPlugin)(this.config)); - } - /** - * Destroy underlying resources, like sockets. It's usually not necessary to do this. - * However in Node.js, it's best to explicitly shut down the client's agent when it is no longer needed. - * Otherwise, sockets might stay open for quite a long time before the server terminates them. - */ - destroy() { - super.destroy(); - } -}; - -// src/SSO.ts - - -// src/commands/GetRoleCredentialsCommand.ts - -var import_middleware_serde = __nccwpck_require__(1238); - - -// src/models/models_0.ts - - -// src/models/SSOServiceException.ts - -var SSOServiceException = class _SSOServiceException extends import_smithy_client.ServiceException { - static { - __name(this, "SSOServiceException"); - } - /** - * @internal - */ - constructor(options) { - super(options); - Object.setPrototypeOf(this, _SSOServiceException.prototype); - } -}; - -// src/models/models_0.ts -var InvalidRequestException = class _InvalidRequestException extends SSOServiceException { - static { - __name(this, "InvalidRequestException"); - } - name = "InvalidRequestException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "InvalidRequestException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _InvalidRequestException.prototype); - } -}; -var ResourceNotFoundException = class _ResourceNotFoundException extends SSOServiceException { - static { - __name(this, "ResourceNotFoundException"); - } - name = "ResourceNotFoundException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "ResourceNotFoundException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _ResourceNotFoundException.prototype); - } -}; -var TooManyRequestsException = class _TooManyRequestsException extends SSOServiceException { - static { - __name(this, "TooManyRequestsException"); - } - name = "TooManyRequestsException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "TooManyRequestsException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _TooManyRequestsException.prototype); - } -}; -var UnauthorizedException = class _UnauthorizedException extends SSOServiceException { - static { - __name(this, "UnauthorizedException"); - } - name = "UnauthorizedException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "UnauthorizedException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _UnauthorizedException.prototype); - } -}; -var GetRoleCredentialsRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.accessToken && { accessToken: import_smithy_client.SENSITIVE_STRING } -}), "GetRoleCredentialsRequestFilterSensitiveLog"); -var RoleCredentialsFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.secretAccessKey && { secretAccessKey: import_smithy_client.SENSITIVE_STRING }, - ...obj.sessionToken && { sessionToken: import_smithy_client.SENSITIVE_STRING } -}), "RoleCredentialsFilterSensitiveLog"); -var GetRoleCredentialsResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.roleCredentials && { roleCredentials: RoleCredentialsFilterSensitiveLog(obj.roleCredentials) } -}), "GetRoleCredentialsResponseFilterSensitiveLog"); -var ListAccountRolesRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.accessToken && { accessToken: import_smithy_client.SENSITIVE_STRING } -}), "ListAccountRolesRequestFilterSensitiveLog"); -var ListAccountsRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.accessToken && { accessToken: import_smithy_client.SENSITIVE_STRING } -}), "ListAccountsRequestFilterSensitiveLog"); -var LogoutRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.accessToken && { accessToken: import_smithy_client.SENSITIVE_STRING } -}), "LogoutRequestFilterSensitiveLog"); - -// src/protocols/Aws_restJson1.ts -var import_core2 = __nccwpck_require__(2143); - - -var se_GetRoleCredentialsCommand = /* @__PURE__ */ __name(async (input, context) => { - const b = (0, import_core.requestBuilder)(input, context); - const headers = (0, import_smithy_client.map)({}, import_smithy_client.isSerializableHeaderValue, { - [_xasbt]: input[_aT] - }); - b.bp("/federation/credentials"); - const query = (0, import_smithy_client.map)({ - [_rn]: [, (0, import_smithy_client.expectNonNull)(input[_rN], `roleName`)], - [_ai]: [, (0, import_smithy_client.expectNonNull)(input[_aI], `accountId`)] - }); - let body; - b.m("GET").h(headers).q(query).b(body); - return b.build(); -}, "se_GetRoleCredentialsCommand"); -var se_ListAccountRolesCommand = /* @__PURE__ */ __name(async (input, context) => { - const b = (0, import_core.requestBuilder)(input, context); - const headers = (0, import_smithy_client.map)({}, import_smithy_client.isSerializableHeaderValue, { - [_xasbt]: input[_aT] - }); - b.bp("/assignment/roles"); - const query = (0, import_smithy_client.map)({ - [_nt]: [, input[_nT]], - [_mr]: [() => input.maxResults !== void 0, () => input[_mR].toString()], - [_ai]: [, (0, import_smithy_client.expectNonNull)(input[_aI], `accountId`)] - }); - let body; - b.m("GET").h(headers).q(query).b(body); - return b.build(); -}, "se_ListAccountRolesCommand"); -var se_ListAccountsCommand = /* @__PURE__ */ __name(async (input, context) => { - const b = (0, import_core.requestBuilder)(input, context); - const headers = (0, import_smithy_client.map)({}, import_smithy_client.isSerializableHeaderValue, { - [_xasbt]: input[_aT] - }); - b.bp("/assignment/accounts"); - const query = (0, import_smithy_client.map)({ - [_nt]: [, input[_nT]], - [_mr]: [() => input.maxResults !== void 0, () => input[_mR].toString()] - }); - let body; - b.m("GET").h(headers).q(query).b(body); - return b.build(); -}, "se_ListAccountsCommand"); -var se_LogoutCommand = /* @__PURE__ */ __name(async (input, context) => { - const b = (0, import_core.requestBuilder)(input, context); - const headers = (0, import_smithy_client.map)({}, import_smithy_client.isSerializableHeaderValue, { - [_xasbt]: input[_aT] - }); - b.bp("/logout"); - let body; - b.m("POST").h(headers).b(body); - return b.build(); -}, "se_LogoutCommand"); -var de_GetRoleCredentialsCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode !== 200 && output.statusCode >= 300) { - return de_CommandError(output, context); - } - const contents = (0, import_smithy_client.map)({ - $metadata: deserializeMetadata(output) - }); - const data = (0, import_smithy_client.expectNonNull)((0, import_smithy_client.expectObject)(await (0, import_core2.parseJsonBody)(output.body, context)), "body"); - const doc = (0, import_smithy_client.take)(data, { - roleCredentials: import_smithy_client._json - }); - Object.assign(contents, doc); - return contents; -}, "de_GetRoleCredentialsCommand"); -var de_ListAccountRolesCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode !== 200 && output.statusCode >= 300) { - return de_CommandError(output, context); - } - const contents = (0, import_smithy_client.map)({ - $metadata: deserializeMetadata(output) - }); - const data = (0, import_smithy_client.expectNonNull)((0, import_smithy_client.expectObject)(await (0, import_core2.parseJsonBody)(output.body, context)), "body"); - const doc = (0, import_smithy_client.take)(data, { - nextToken: import_smithy_client.expectString, - roleList: import_smithy_client._json - }); - Object.assign(contents, doc); - return contents; -}, "de_ListAccountRolesCommand"); -var de_ListAccountsCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode !== 200 && output.statusCode >= 300) { - return de_CommandError(output, context); - } - const contents = (0, import_smithy_client.map)({ - $metadata: deserializeMetadata(output) - }); - const data = (0, import_smithy_client.expectNonNull)((0, import_smithy_client.expectObject)(await (0, import_core2.parseJsonBody)(output.body, context)), "body"); - const doc = (0, import_smithy_client.take)(data, { - accountList: import_smithy_client._json, - nextToken: import_smithy_client.expectString - }); - Object.assign(contents, doc); - return contents; -}, "de_ListAccountsCommand"); -var de_LogoutCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode !== 200 && output.statusCode >= 300) { - return de_CommandError(output, context); - } - const contents = (0, import_smithy_client.map)({ - $metadata: deserializeMetadata(output) - }); - await (0, import_smithy_client.collectBody)(output.body, context); - return contents; -}, "de_LogoutCommand"); -var de_CommandError = /* @__PURE__ */ __name(async (output, context) => { - const parsedOutput = { - ...output, - body: await (0, import_core2.parseJsonErrorBody)(output.body, context) - }; - const errorCode = (0, import_core2.loadRestJsonErrorCode)(output, parsedOutput.body); - switch (errorCode) { - case "InvalidRequestException": - case "com.amazonaws.sso#InvalidRequestException": - throw await de_InvalidRequestExceptionRes(parsedOutput, context); - case "ResourceNotFoundException": - case "com.amazonaws.sso#ResourceNotFoundException": - throw await de_ResourceNotFoundExceptionRes(parsedOutput, context); - case "TooManyRequestsException": - case "com.amazonaws.sso#TooManyRequestsException": - throw await de_TooManyRequestsExceptionRes(parsedOutput, context); - case "UnauthorizedException": - case "com.amazonaws.sso#UnauthorizedException": - throw await de_UnauthorizedExceptionRes(parsedOutput, context); - default: - const parsedBody = parsedOutput.body; - return throwDefaultError({ - output, - parsedBody, - errorCode - }); - } -}, "de_CommandError"); -var throwDefaultError = (0, import_smithy_client.withBaseException)(SSOServiceException); -var de_InvalidRequestExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client.take)(data, { - message: import_smithy_client.expectString - }); - Object.assign(contents, doc); - const exception = new InvalidRequestException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client.decorateServiceException)(exception, parsedOutput.body); -}, "de_InvalidRequestExceptionRes"); -var de_ResourceNotFoundExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client.take)(data, { - message: import_smithy_client.expectString - }); - Object.assign(contents, doc); - const exception = new ResourceNotFoundException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client.decorateServiceException)(exception, parsedOutput.body); -}, "de_ResourceNotFoundExceptionRes"); -var de_TooManyRequestsExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client.take)(data, { - message: import_smithy_client.expectString - }); - Object.assign(contents, doc); - const exception = new TooManyRequestsException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client.decorateServiceException)(exception, parsedOutput.body); -}, "de_TooManyRequestsExceptionRes"); -var de_UnauthorizedExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client.take)(data, { - message: import_smithy_client.expectString - }); - Object.assign(contents, doc); - const exception = new UnauthorizedException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client.decorateServiceException)(exception, parsedOutput.body); -}, "de_UnauthorizedExceptionRes"); -var deserializeMetadata = /* @__PURE__ */ __name((output) => ({ - httpStatusCode: output.statusCode, - requestId: output.headers["x-amzn-requestid"] ?? output.headers["x-amzn-request-id"] ?? output.headers["x-amz-request-id"], - extendedRequestId: output.headers["x-amz-id-2"], - cfId: output.headers["x-amz-cf-id"] -}), "deserializeMetadata"); -var _aI = "accountId"; -var _aT = "accessToken"; -var _ai = "account_id"; -var _mR = "maxResults"; -var _mr = "max_result"; -var _nT = "nextToken"; -var _nt = "next_token"; -var _rN = "roleName"; -var _rn = "role_name"; -var _xasbt = "x-amz-sso_bearer_token"; - -// src/commands/GetRoleCredentialsCommand.ts -var GetRoleCredentialsCommand = class extends import_smithy_client.Command.classBuilder().ep(commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("SWBPortalService", "GetRoleCredentials", {}).n("SSOClient", "GetRoleCredentialsCommand").f(GetRoleCredentialsRequestFilterSensitiveLog, GetRoleCredentialsResponseFilterSensitiveLog).ser(se_GetRoleCredentialsCommand).de(de_GetRoleCredentialsCommand).build() { - static { - __name(this, "GetRoleCredentialsCommand"); - } -}; - -// src/commands/ListAccountRolesCommand.ts - - - -var ListAccountRolesCommand = class extends import_smithy_client.Command.classBuilder().ep(commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("SWBPortalService", "ListAccountRoles", {}).n("SSOClient", "ListAccountRolesCommand").f(ListAccountRolesRequestFilterSensitiveLog, void 0).ser(se_ListAccountRolesCommand).de(de_ListAccountRolesCommand).build() { - static { - __name(this, "ListAccountRolesCommand"); - } -}; - -// src/commands/ListAccountsCommand.ts - - - -var ListAccountsCommand = class extends import_smithy_client.Command.classBuilder().ep(commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("SWBPortalService", "ListAccounts", {}).n("SSOClient", "ListAccountsCommand").f(ListAccountsRequestFilterSensitiveLog, void 0).ser(se_ListAccountsCommand).de(de_ListAccountsCommand).build() { - static { - __name(this, "ListAccountsCommand"); - } -}; - -// src/commands/LogoutCommand.ts - - - -var LogoutCommand = class extends import_smithy_client.Command.classBuilder().ep(commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("SWBPortalService", "Logout", {}).n("SSOClient", "LogoutCommand").f(LogoutRequestFilterSensitiveLog, void 0).ser(se_LogoutCommand).de(de_LogoutCommand).build() { - static { - __name(this, "LogoutCommand"); - } -}; - -// src/SSO.ts -var commands = { - GetRoleCredentialsCommand, - ListAccountRolesCommand, - ListAccountsCommand, - LogoutCommand -}; -var SSO = class extends SSOClient { - static { - __name(this, "SSO"); - } -}; -(0, import_smithy_client.createAggregatedClient)(commands, SSO); - -// src/pagination/ListAccountRolesPaginator.ts - -var paginateListAccountRoles = (0, import_core.createPaginator)(SSOClient, ListAccountRolesCommand, "nextToken", "nextToken", "maxResults"); - -// src/pagination/ListAccountsPaginator.ts - -var paginateListAccounts = (0, import_core.createPaginator)(SSOClient, ListAccountsCommand, "nextToken", "nextToken", "maxResults"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 1012: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.getRuntimeConfig = void 0; -const tslib_1 = __nccwpck_require__(4351); -const package_json_1 = tslib_1.__importDefault(__nccwpck_require__(4665)); -const core_1 = __nccwpck_require__(2143); -const util_user_agent_node_1 = __nccwpck_require__(7330); -const config_resolver_1 = __nccwpck_require__(3098); -const hash_node_1 = __nccwpck_require__(3081); -const middleware_retry_1 = __nccwpck_require__(6039); -const node_config_provider_1 = __nccwpck_require__(3461); -const node_http_handler_1 = __nccwpck_require__(258); -const util_body_length_node_1 = __nccwpck_require__(8075); -const util_retry_1 = __nccwpck_require__(4902); -const runtimeConfig_shared_1 = __nccwpck_require__(7369); -const smithy_client_1 = __nccwpck_require__(3570); -const util_defaults_mode_node_1 = __nccwpck_require__(2429); -const smithy_client_2 = __nccwpck_require__(3570); -const getRuntimeConfig = (config) => { - (0, smithy_client_2.emitWarningIfUnsupportedVersion)(process.version); - const defaultsMode = (0, util_defaults_mode_node_1.resolveDefaultsModeConfig)(config); - const defaultConfigProvider = () => defaultsMode().then(smithy_client_1.loadConfigsForDefaultMode); - const clientSharedValues = (0, runtimeConfig_shared_1.getRuntimeConfig)(config); - (0, core_1.emitWarningIfUnsupportedVersion)(process.version); - const loaderConfig = { - profile: config?.profile, - logger: clientSharedValues.logger, - }; - return { - ...clientSharedValues, - ...config, - runtime: "node", - defaultsMode, - authSchemePreference: config?.authSchemePreference ?? (0, node_config_provider_1.loadConfig)(core_1.NODE_AUTH_SCHEME_PREFERENCE_OPTIONS, loaderConfig), - bodyLengthChecker: config?.bodyLengthChecker ?? util_body_length_node_1.calculateBodyLength, - defaultUserAgentProvider: config?.defaultUserAgentProvider ?? - (0, util_user_agent_node_1.createDefaultUserAgentProvider)({ serviceId: clientSharedValues.serviceId, clientVersion: package_json_1.default.version }), - maxAttempts: config?.maxAttempts ?? (0, node_config_provider_1.loadConfig)(middleware_retry_1.NODE_MAX_ATTEMPT_CONFIG_OPTIONS, config), - region: config?.region ?? - (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_REGION_CONFIG_OPTIONS, { ...config_resolver_1.NODE_REGION_CONFIG_FILE_OPTIONS, ...loaderConfig }), - requestHandler: node_http_handler_1.NodeHttpHandler.create(config?.requestHandler ?? defaultConfigProvider), - retryMode: config?.retryMode ?? - (0, node_config_provider_1.loadConfig)({ - ...middleware_retry_1.NODE_RETRY_MODE_CONFIG_OPTIONS, - default: async () => (await defaultConfigProvider()).retryMode || util_retry_1.DEFAULT_RETRY_MODE, - }, config), - sha256: config?.sha256 ?? hash_node_1.Hash.bind(null, "sha256"), - streamCollector: config?.streamCollector ?? node_http_handler_1.streamCollector, - useDualstackEndpoint: config?.useDualstackEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS, loaderConfig), - useFipsEndpoint: config?.useFipsEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS, loaderConfig), - userAgentAppId: config?.userAgentAppId ?? (0, node_config_provider_1.loadConfig)(util_user_agent_node_1.NODE_APP_ID_CONFIG_OPTIONS, loaderConfig), - }; -}; -exports.getRuntimeConfig = getRuntimeConfig; - - -/***/ }), - -/***/ 7369: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.getRuntimeConfig = void 0; -const core_1 = __nccwpck_require__(2143); -const core_2 = __nccwpck_require__(5829); -const smithy_client_1 = __nccwpck_require__(3570); -const url_parser_1 = __nccwpck_require__(4681); -const util_base64_1 = __nccwpck_require__(5600); -const util_utf8_1 = __nccwpck_require__(1895); -const httpAuthSchemeProvider_1 = __nccwpck_require__(6555); -const endpointResolver_1 = __nccwpck_require__(3584); -const getRuntimeConfig = (config) => { - return { - apiVersion: "2019-06-10", - base64Decoder: config?.base64Decoder ?? util_base64_1.fromBase64, - base64Encoder: config?.base64Encoder ?? util_base64_1.toBase64, - disableHostPrefix: config?.disableHostPrefix ?? false, - endpointProvider: config?.endpointProvider ?? endpointResolver_1.defaultEndpointResolver, - extensions: config?.extensions ?? [], - httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? httpAuthSchemeProvider_1.defaultSSOHttpAuthSchemeProvider, - httpAuthSchemes: config?.httpAuthSchemes ?? [ - { - schemeId: "aws.auth#sigv4", - identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4"), - signer: new core_1.AwsSdkSigV4Signer(), - }, - { - schemeId: "smithy.api#noAuth", - identityProvider: (ipc) => ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})), - signer: new core_2.NoAuthSigner(), - }, - ], - logger: config?.logger ?? new smithy_client_1.NoOpLogger(), - serviceId: config?.serviceId ?? "SSO", - urlParser: config?.urlParser ?? url_parser_1.parseUrl, - utf8Decoder: config?.utf8Decoder ?? util_utf8_1.fromUtf8, - utf8Encoder: config?.utf8Encoder ?? util_utf8_1.toUtf8, - }; -}; -exports.getRuntimeConfig = getRuntimeConfig; - - -/***/ }), - -/***/ 2143: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -const tslib_1 = __nccwpck_require__(4351); -tslib_1.__exportStar(__nccwpck_require__(6510), exports); -tslib_1.__exportStar(__nccwpck_require__(3017), exports); -tslib_1.__exportStar(__nccwpck_require__(5743), exports); - - -/***/ }), - -/***/ 6510: -/***/ ((module) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/submodules/client/index.ts -var index_exports = {}; -__export(index_exports, { - emitWarningIfUnsupportedVersion: () => emitWarningIfUnsupportedVersion, - setCredentialFeature: () => setCredentialFeature, - setFeature: () => setFeature, - setTokenFeature: () => setTokenFeature, - state: () => state -}); -module.exports = __toCommonJS(index_exports); - -// src/submodules/client/emitWarningIfUnsupportedVersion.ts -var state = { - warningEmitted: false -}; -var emitWarningIfUnsupportedVersion = /* @__PURE__ */ __name((version) => { - if (version && !state.warningEmitted && parseInt(version.substring(1, version.indexOf("."))) < 18) { - state.warningEmitted = true; - process.emitWarning( - `NodeDeprecationWarning: The AWS SDK for JavaScript (v3) will -no longer support Node.js 16.x on January 6, 2025. - -To continue receiving updates to AWS services, bug fixes, and security -updates please upgrade to a supported Node.js LTS version. - -More information can be found at: https://a.co/74kJMmI` - ); - } -}, "emitWarningIfUnsupportedVersion"); - -// src/submodules/client/setCredentialFeature.ts -function setCredentialFeature(credentials, feature, value) { - if (!credentials.$source) { - credentials.$source = {}; - } - credentials.$source[feature] = value; - return credentials; -} -__name(setCredentialFeature, "setCredentialFeature"); - -// src/submodules/client/setFeature.ts -function setFeature(context, feature, value) { - if (!context.__aws_sdk_context) { - context.__aws_sdk_context = { - features: {} - }; - } else if (!context.__aws_sdk_context.features) { - context.__aws_sdk_context.features = {}; - } - context.__aws_sdk_context.features[feature] = value; -} -__name(setFeature, "setFeature"); - -// src/submodules/client/setTokenFeature.ts -function setTokenFeature(token, feature, value) { - if (!token.$source) { - token.$source = {}; - } - token.$source[feature] = value; - return token; -} -__name(setTokenFeature, "setTokenFeature"); -// Annotate the CommonJS export names for ESM import in node: -0 && (0); - - -/***/ }), - -/***/ 3017: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/submodules/httpAuthSchemes/index.ts -var index_exports = {}; -__export(index_exports, { - AWSSDKSigV4Signer: () => AWSSDKSigV4Signer, - AwsSdkSigV4ASigner: () => AwsSdkSigV4ASigner, - AwsSdkSigV4Signer: () => AwsSdkSigV4Signer, - NODE_AUTH_SCHEME_PREFERENCE_OPTIONS: () => NODE_AUTH_SCHEME_PREFERENCE_OPTIONS, - NODE_SIGV4A_CONFIG_OPTIONS: () => NODE_SIGV4A_CONFIG_OPTIONS, - getBearerTokenEnvKey: () => getBearerTokenEnvKey, - resolveAWSSDKSigV4Config: () => resolveAWSSDKSigV4Config, - resolveAwsSdkSigV4AConfig: () => resolveAwsSdkSigV4AConfig, - resolveAwsSdkSigV4Config: () => resolveAwsSdkSigV4Config, - validateSigningProperties: () => validateSigningProperties -}); -module.exports = __toCommonJS(index_exports); - -// src/submodules/httpAuthSchemes/aws_sdk/AwsSdkSigV4Signer.ts -var import_protocol_http2 = __nccwpck_require__(4418); - -// src/submodules/httpAuthSchemes/utils/getDateHeader.ts -var import_protocol_http = __nccwpck_require__(4418); -var getDateHeader = /* @__PURE__ */ __name((response) => import_protocol_http.HttpResponse.isInstance(response) ? response.headers?.date ?? response.headers?.Date : void 0, "getDateHeader"); - -// src/submodules/httpAuthSchemes/utils/getSkewCorrectedDate.ts -var getSkewCorrectedDate = /* @__PURE__ */ __name((systemClockOffset) => new Date(Date.now() + systemClockOffset), "getSkewCorrectedDate"); - -// src/submodules/httpAuthSchemes/utils/isClockSkewed.ts -var isClockSkewed = /* @__PURE__ */ __name((clockTime, systemClockOffset) => Math.abs(getSkewCorrectedDate(systemClockOffset).getTime() - clockTime) >= 3e5, "isClockSkewed"); - -// src/submodules/httpAuthSchemes/utils/getUpdatedSystemClockOffset.ts -var getUpdatedSystemClockOffset = /* @__PURE__ */ __name((clockTime, currentSystemClockOffset) => { - const clockTimeInMs = Date.parse(clockTime); - if (isClockSkewed(clockTimeInMs, currentSystemClockOffset)) { - return clockTimeInMs - Date.now(); - } - return currentSystemClockOffset; -}, "getUpdatedSystemClockOffset"); - -// src/submodules/httpAuthSchemes/aws_sdk/AwsSdkSigV4Signer.ts -var throwSigningPropertyError = /* @__PURE__ */ __name((name, property) => { - if (!property) { - throw new Error(`Property \`${name}\` is not resolved for AWS SDK SigV4Auth`); - } - return property; -}, "throwSigningPropertyError"); -var validateSigningProperties = /* @__PURE__ */ __name(async (signingProperties) => { - const context = throwSigningPropertyError( - "context", - signingProperties.context - ); - const config = throwSigningPropertyError("config", signingProperties.config); - const authScheme = context.endpointV2?.properties?.authSchemes?.[0]; - const signerFunction = throwSigningPropertyError( - "signer", - config.signer - ); - const signer = await signerFunction(authScheme); - const signingRegion = signingProperties?.signingRegion; - const signingRegionSet = signingProperties?.signingRegionSet; - const signingName = signingProperties?.signingName; - return { - config, - signer, - signingRegion, - signingRegionSet, - signingName - }; -}, "validateSigningProperties"); -var AwsSdkSigV4Signer = class { - static { - __name(this, "AwsSdkSigV4Signer"); - } - async sign(httpRequest, identity, signingProperties) { - if (!import_protocol_http2.HttpRequest.isInstance(httpRequest)) { - throw new Error("The request is not an instance of `HttpRequest` and cannot be signed"); - } - const validatedProps = await validateSigningProperties(signingProperties); - const { config, signer } = validatedProps; - let { signingRegion, signingName } = validatedProps; - const handlerExecutionContext = signingProperties.context; - if (handlerExecutionContext?.authSchemes?.length ?? 0 > 1) { - const [first, second] = handlerExecutionContext.authSchemes; - if (first?.name === "sigv4a" && second?.name === "sigv4") { - signingRegion = second?.signingRegion ?? signingRegion; - signingName = second?.signingName ?? signingName; - } - } - const signedRequest = await signer.sign(httpRequest, { - signingDate: getSkewCorrectedDate(config.systemClockOffset), - signingRegion, - signingService: signingName - }); - return signedRequest; - } - errorHandler(signingProperties) { - return (error) => { - const serverTime = error.ServerTime ?? getDateHeader(error.$response); - if (serverTime) { - const config = throwSigningPropertyError("config", signingProperties.config); - const initialSystemClockOffset = config.systemClockOffset; - config.systemClockOffset = getUpdatedSystemClockOffset(serverTime, config.systemClockOffset); - const clockSkewCorrected = config.systemClockOffset !== initialSystemClockOffset; - if (clockSkewCorrected && error.$metadata) { - error.$metadata.clockSkewCorrected = true; - } - } - throw error; - }; - } - successHandler(httpResponse, signingProperties) { - const dateHeader = getDateHeader(httpResponse); - if (dateHeader) { - const config = throwSigningPropertyError("config", signingProperties.config); - config.systemClockOffset = getUpdatedSystemClockOffset(dateHeader, config.systemClockOffset); - } - } -}; -var AWSSDKSigV4Signer = AwsSdkSigV4Signer; - -// src/submodules/httpAuthSchemes/aws_sdk/AwsSdkSigV4ASigner.ts -var import_protocol_http3 = __nccwpck_require__(4418); -var AwsSdkSigV4ASigner = class extends AwsSdkSigV4Signer { - static { - __name(this, "AwsSdkSigV4ASigner"); - } - async sign(httpRequest, identity, signingProperties) { - if (!import_protocol_http3.HttpRequest.isInstance(httpRequest)) { - throw new Error("The request is not an instance of `HttpRequest` and cannot be signed"); - } - const { config, signer, signingRegion, signingRegionSet, signingName } = await validateSigningProperties( - signingProperties - ); - const configResolvedSigningRegionSet = await config.sigv4aSigningRegionSet?.(); - const multiRegionOverride = (configResolvedSigningRegionSet ?? signingRegionSet ?? [signingRegion]).join(","); - const signedRequest = await signer.sign(httpRequest, { - signingDate: getSkewCorrectedDate(config.systemClockOffset), - signingRegion: multiRegionOverride, - signingService: signingName - }); - return signedRequest; - } -}; - -// src/submodules/httpAuthSchemes/utils/getArrayForCommaSeparatedString.ts -var getArrayForCommaSeparatedString = /* @__PURE__ */ __name((str) => typeof str === "string" && str.length > 0 ? str.split(",").map((item) => item.trim()) : [], "getArrayForCommaSeparatedString"); - -// src/submodules/httpAuthSchemes/utils/getBearerTokenEnvKey.ts -var getBearerTokenEnvKey = /* @__PURE__ */ __name((signingName) => `AWS_BEARER_TOKEN_${signingName.replace(/[\s-]/g, "_").toUpperCase()}`, "getBearerTokenEnvKey"); - -// src/submodules/httpAuthSchemes/aws_sdk/NODE_AUTH_SCHEME_PREFERENCE_OPTIONS.ts -var NODE_AUTH_SCHEME_PREFERENCE_ENV_KEY = "AWS_AUTH_SCHEME_PREFERENCE"; -var NODE_AUTH_SCHEME_PREFERENCE_CONFIG_KEY = "auth_scheme_preference"; -var NODE_AUTH_SCHEME_PREFERENCE_OPTIONS = { - /** - * Retrieves auth scheme preference from environment variables - * @param env - Node process environment object - * @returns Array of auth scheme strings if preference is set, undefined otherwise - */ - environmentVariableSelector: /* @__PURE__ */ __name((env, options) => { - if (options?.signingName) { - const bearerTokenKey = getBearerTokenEnvKey(options.signingName); - if (bearerTokenKey in env) return ["httpBearerAuth"]; - } - if (!(NODE_AUTH_SCHEME_PREFERENCE_ENV_KEY in env)) return void 0; - return getArrayForCommaSeparatedString(env[NODE_AUTH_SCHEME_PREFERENCE_ENV_KEY]); - }, "environmentVariableSelector"), - /** - * Retrieves auth scheme preference from config file - * @param profile - Config profile object - * @returns Array of auth scheme strings if preference is set, undefined otherwise - */ - configFileSelector: /* @__PURE__ */ __name((profile) => { - if (!(NODE_AUTH_SCHEME_PREFERENCE_CONFIG_KEY in profile)) return void 0; - return getArrayForCommaSeparatedString(profile[NODE_AUTH_SCHEME_PREFERENCE_CONFIG_KEY]); - }, "configFileSelector"), - /** - * Default auth scheme preference if not specified in environment or config - */ - default: [] -}; - -// src/submodules/httpAuthSchemes/aws_sdk/resolveAwsSdkSigV4AConfig.ts -var import_core = __nccwpck_require__(5829); -var import_property_provider = __nccwpck_require__(9721); -var resolveAwsSdkSigV4AConfig = /* @__PURE__ */ __name((config) => { - config.sigv4aSigningRegionSet = (0, import_core.normalizeProvider)(config.sigv4aSigningRegionSet); - return config; -}, "resolveAwsSdkSigV4AConfig"); -var NODE_SIGV4A_CONFIG_OPTIONS = { - environmentVariableSelector(env) { - if (env.AWS_SIGV4A_SIGNING_REGION_SET) { - return env.AWS_SIGV4A_SIGNING_REGION_SET.split(",").map((_) => _.trim()); - } - throw new import_property_provider.ProviderError("AWS_SIGV4A_SIGNING_REGION_SET not set in env.", { - tryNextLink: true - }); - }, - configFileSelector(profile) { - if (profile.sigv4a_signing_region_set) { - return (profile.sigv4a_signing_region_set ?? "").split(",").map((_) => _.trim()); - } - throw new import_property_provider.ProviderError("sigv4a_signing_region_set not set in profile.", { - tryNextLink: true - }); - }, - default: void 0 -}; - -// src/submodules/httpAuthSchemes/aws_sdk/resolveAwsSdkSigV4Config.ts -var import_client = __nccwpck_require__(6510); -var import_core2 = __nccwpck_require__(5829); -var import_signature_v4 = __nccwpck_require__(1528); -var resolveAwsSdkSigV4Config = /* @__PURE__ */ __name((config) => { - let inputCredentials = config.credentials; - let isUserSupplied = !!config.credentials; - let resolvedCredentials = void 0; - Object.defineProperty(config, "credentials", { - set(credentials) { - if (credentials && credentials !== inputCredentials && credentials !== resolvedCredentials) { - isUserSupplied = true; - } - inputCredentials = credentials; - const memoizedProvider = normalizeCredentialProvider(config, { - credentials: inputCredentials, - credentialDefaultProvider: config.credentialDefaultProvider - }); - const boundProvider = bindCallerConfig(config, memoizedProvider); - if (isUserSupplied && !boundProvider.attributed) { - resolvedCredentials = /* @__PURE__ */ __name(async (options) => boundProvider(options).then( - (creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_CODE", "e") - ), "resolvedCredentials"); - resolvedCredentials.memoized = boundProvider.memoized; - resolvedCredentials.configBound = boundProvider.configBound; - resolvedCredentials.attributed = true; - } else { - resolvedCredentials = boundProvider; - } - }, - get() { - return resolvedCredentials; - }, - enumerable: true, - configurable: true - }); - config.credentials = inputCredentials; - const { - // Default for signingEscapePath - signingEscapePath = true, - // Default for systemClockOffset - systemClockOffset = config.systemClockOffset || 0, - // No default for sha256 since it is platform dependent - sha256 - } = config; - let signer; - if (config.signer) { - signer = (0, import_core2.normalizeProvider)(config.signer); - } else if (config.regionInfoProvider) { - signer = /* @__PURE__ */ __name(() => (0, import_core2.normalizeProvider)(config.region)().then( - async (region) => [ - await config.regionInfoProvider(region, { - useFipsEndpoint: await config.useFipsEndpoint(), - useDualstackEndpoint: await config.useDualstackEndpoint() - }) || {}, - region - ] - ).then(([regionInfo, region]) => { - const { signingRegion, signingService } = regionInfo; - config.signingRegion = config.signingRegion || signingRegion || region; - config.signingName = config.signingName || signingService || config.serviceId; - const params = { - ...config, - credentials: config.credentials, - region: config.signingRegion, - service: config.signingName, - sha256, - uriEscapePath: signingEscapePath - }; - const SignerCtor = config.signerConstructor || import_signature_v4.SignatureV4; - return new SignerCtor(params); - }), "signer"); - } else { - signer = /* @__PURE__ */ __name(async (authScheme) => { - authScheme = Object.assign( - {}, - { - name: "sigv4", - signingName: config.signingName || config.defaultSigningName, - signingRegion: await (0, import_core2.normalizeProvider)(config.region)(), - properties: {} - }, - authScheme - ); - const signingRegion = authScheme.signingRegion; - const signingService = authScheme.signingName; - config.signingRegion = config.signingRegion || signingRegion; - config.signingName = config.signingName || signingService || config.serviceId; - const params = { - ...config, - credentials: config.credentials, - region: config.signingRegion, - service: config.signingName, - sha256, - uriEscapePath: signingEscapePath - }; - const SignerCtor = config.signerConstructor || import_signature_v4.SignatureV4; - return new SignerCtor(params); - }, "signer"); - } - const resolvedConfig = Object.assign(config, { - systemClockOffset, - signingEscapePath, - signer - }); - return resolvedConfig; -}, "resolveAwsSdkSigV4Config"); -var resolveAWSSDKSigV4Config = resolveAwsSdkSigV4Config; -function normalizeCredentialProvider(config, { - credentials, - credentialDefaultProvider -}) { - let credentialsProvider; - if (credentials) { - if (!credentials?.memoized) { - credentialsProvider = (0, import_core2.memoizeIdentityProvider)(credentials, import_core2.isIdentityExpired, import_core2.doesIdentityRequireRefresh); - } else { - credentialsProvider = credentials; - } - } else { - if (credentialDefaultProvider) { - credentialsProvider = (0, import_core2.normalizeProvider)( - credentialDefaultProvider( - Object.assign({}, config, { - parentClientConfig: config - }) - ) - ); - } else { - credentialsProvider = /* @__PURE__ */ __name(async () => { - throw new Error( - "@aws-sdk/core::resolveAwsSdkSigV4Config - `credentials` not provided and no credentialDefaultProvider was configured." - ); - }, "credentialsProvider"); - } - } - credentialsProvider.memoized = true; - return credentialsProvider; -} -__name(normalizeCredentialProvider, "normalizeCredentialProvider"); -function bindCallerConfig(config, credentialsProvider) { - if (credentialsProvider.configBound) { - return credentialsProvider; - } - const fn = /* @__PURE__ */ __name(async (options) => credentialsProvider({ ...options, callerClientConfig: config }), "fn"); - fn.memoized = credentialsProvider.memoized; - fn.configBound = true; - return fn; -} -__name(bindCallerConfig, "bindCallerConfig"); -// Annotate the CommonJS export names for ESM import in node: -0 && (0); - - -/***/ }), - -/***/ 5743: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/submodules/protocols/index.ts -var index_exports = {}; -__export(index_exports, { - AwsEc2QueryProtocol: () => AwsEc2QueryProtocol, - AwsJson1_0Protocol: () => AwsJson1_0Protocol, - AwsJson1_1Protocol: () => AwsJson1_1Protocol, - AwsJsonRpcProtocol: () => AwsJsonRpcProtocol, - AwsQueryProtocol: () => AwsQueryProtocol, - AwsRestJsonProtocol: () => AwsRestJsonProtocol, - AwsRestXmlProtocol: () => AwsRestXmlProtocol, - JsonCodec: () => JsonCodec, - JsonShapeDeserializer: () => JsonShapeDeserializer, - JsonShapeSerializer: () => JsonShapeSerializer, - XmlCodec: () => XmlCodec, - XmlShapeDeserializer: () => XmlShapeDeserializer, - XmlShapeSerializer: () => XmlShapeSerializer, - _toBool: () => _toBool, - _toNum: () => _toNum, - _toStr: () => _toStr, - awsExpectUnion: () => awsExpectUnion, - loadRestJsonErrorCode: () => loadRestJsonErrorCode, - loadRestXmlErrorCode: () => loadRestXmlErrorCode, - parseJsonBody: () => parseJsonBody, - parseJsonErrorBody: () => parseJsonErrorBody, - parseXmlBody: () => parseXmlBody, - parseXmlErrorBody: () => parseXmlErrorBody -}); -module.exports = __toCommonJS(index_exports); - -// src/submodules/protocols/coercing-serializers.ts -var _toStr = /* @__PURE__ */ __name((val) => { - if (val == null) { - return val; - } - if (typeof val === "number" || typeof val === "bigint") { - const warning = new Error(`Received number ${val} where a string was expected.`); - warning.name = "Warning"; - console.warn(warning); - return String(val); - } - if (typeof val === "boolean") { - const warning = new Error(`Received boolean ${val} where a string was expected.`); - warning.name = "Warning"; - console.warn(warning); - return String(val); - } - return val; -}, "_toStr"); -var _toBool = /* @__PURE__ */ __name((val) => { - if (val == null) { - return val; - } - if (typeof val === "number") { - } - if (typeof val === "string") { - const lowercase = val.toLowerCase(); - if (val !== "" && lowercase !== "false" && lowercase !== "true") { - const warning = new Error(`Received string "${val}" where a boolean was expected.`); - warning.name = "Warning"; - console.warn(warning); - } - return val !== "" && lowercase !== "false"; - } - return val; -}, "_toBool"); -var _toNum = /* @__PURE__ */ __name((val) => { - if (val == null) { - return val; - } - if (typeof val === "boolean") { - } - if (typeof val === "string") { - const num = Number(val); - if (num.toString() !== val) { - const warning = new Error(`Received string "${val}" where a number was expected.`); - warning.name = "Warning"; - console.warn(warning); - return val; - } - return num; - } - return val; -}, "_toNum"); - -// src/submodules/protocols/json/AwsJsonRpcProtocol.ts -var import_protocols = __nccwpck_require__(2241); -var import_schema3 = __nccwpck_require__(9826); -var import_util_body_length_browser = __nccwpck_require__(713); - -// src/submodules/protocols/ConfigurableSerdeContext.ts -var SerdeContextConfig = class { - static { - __name(this, "SerdeContextConfig"); - } - serdeContext; - setSerdeContext(serdeContext) { - this.serdeContext = serdeContext; - } -}; - -// src/submodules/protocols/json/JsonShapeDeserializer.ts -var import_schema = __nccwpck_require__(9826); -var import_serde2 = __nccwpck_require__(7669); -var import_util_base64 = __nccwpck_require__(5600); - -// src/submodules/protocols/json/jsonReviver.ts -var import_serde = __nccwpck_require__(7669); -function jsonReviver(key, value, context) { - if (context?.source) { - const numericString = context.source; - if (typeof value === "number") { - if (value > Number.MAX_SAFE_INTEGER || value < Number.MIN_SAFE_INTEGER || numericString !== String(value)) { - const isFractional = numericString.includes("."); - if (isFractional) { - return new import_serde.NumericValue(numericString, "bigDecimal"); - } else { - return BigInt(numericString); - } - } - } - } - return value; -} -__name(jsonReviver, "jsonReviver"); - -// src/submodules/protocols/common.ts -var import_smithy_client = __nccwpck_require__(3570); -var collectBodyString = /* @__PURE__ */ __name((streamBody, context) => (0, import_smithy_client.collectBody)(streamBody, context).then((body) => context.utf8Encoder(body)), "collectBodyString"); - -// src/submodules/protocols/json/parseJsonBody.ts -var parseJsonBody = /* @__PURE__ */ __name((streamBody, context) => collectBodyString(streamBody, context).then((encoded) => { - if (encoded.length) { - try { - return JSON.parse(encoded); - } catch (e) { - if (e?.name === "SyntaxError") { - Object.defineProperty(e, "$responseBodyText", { - value: encoded - }); - } - throw e; - } - } - return {}; -}), "parseJsonBody"); -var parseJsonErrorBody = /* @__PURE__ */ __name(async (errorBody, context) => { - const value = await parseJsonBody(errorBody, context); - value.message = value.message ?? value.Message; - return value; -}, "parseJsonErrorBody"); -var loadRestJsonErrorCode = /* @__PURE__ */ __name((output, data) => { - const findKey = /* @__PURE__ */ __name((object, key) => Object.keys(object).find((k) => k.toLowerCase() === key.toLowerCase()), "findKey"); - const sanitizeErrorCode = /* @__PURE__ */ __name((rawValue) => { - let cleanValue = rawValue; - if (typeof cleanValue === "number") { - cleanValue = cleanValue.toString(); - } - if (cleanValue.indexOf(",") >= 0) { - cleanValue = cleanValue.split(",")[0]; - } - if (cleanValue.indexOf(":") >= 0) { - cleanValue = cleanValue.split(":")[0]; - } - if (cleanValue.indexOf("#") >= 0) { - cleanValue = cleanValue.split("#")[1]; - } - return cleanValue; - }, "sanitizeErrorCode"); - const headerKey = findKey(output.headers, "x-amzn-errortype"); - if (headerKey !== void 0) { - return sanitizeErrorCode(output.headers[headerKey]); - } - if (data && typeof data === "object") { - const codeKey = findKey(data, "code"); - if (codeKey && data[codeKey] !== void 0) { - return sanitizeErrorCode(data[codeKey]); - } - if (data["__type"] !== void 0) { - return sanitizeErrorCode(data["__type"]); - } - } -}, "loadRestJsonErrorCode"); - -// src/submodules/protocols/json/JsonShapeDeserializer.ts -var JsonShapeDeserializer = class extends SerdeContextConfig { - constructor(settings) { - super(); - this.settings = settings; - } - static { - __name(this, "JsonShapeDeserializer"); - } - async read(schema, data) { - return this._read( - schema, - typeof data === "string" ? JSON.parse(data, jsonReviver) : await parseJsonBody(data, this.serdeContext) - ); - } - readObject(schema, data) { - return this._read(schema, data); - } - _read(schema, value) { - const isObject = value !== null && typeof value === "object"; - const ns = import_schema.NormalizedSchema.of(schema); - if (ns.isListSchema() && Array.isArray(value)) { - const listMember = ns.getValueSchema(); - const out = []; - const sparse = !!ns.getMergedTraits().sparse; - for (const item of value) { - if (sparse || item != null) { - out.push(this._read(listMember, item)); - } - } - return out; - } else if (ns.isMapSchema() && isObject) { - const mapMember = ns.getValueSchema(); - const out = {}; - const sparse = !!ns.getMergedTraits().sparse; - for (const [_k, _v] of Object.entries(value)) { - if (sparse || _v != null) { - out[_k] = this._read(mapMember, _v); - } - } - return out; - } else if (ns.isStructSchema() && isObject) { - const out = {}; - for (const [memberName, memberSchema] of ns.structIterator()) { - const fromKey = this.settings.jsonName ? memberSchema.getMergedTraits().jsonName ?? memberName : memberName; - const deserializedValue = this._read(memberSchema, value[fromKey]); - if (deserializedValue != null) { - out[memberName] = deserializedValue; - } - } - return out; - } - if (ns.isBlobSchema() && typeof value === "string") { - return (0, import_util_base64.fromBase64)(value); - } - const mediaType = ns.getMergedTraits().mediaType; - if (ns.isStringSchema() && typeof value === "string" && mediaType) { - const isJson = mediaType === "application/json" || mediaType.endsWith("+json"); - if (isJson) { - return import_serde2.LazyJsonString.from(value); - } - } - if (ns.isTimestampSchema()) { - const options = this.settings.timestampFormat; - const format = options.useTrait ? ns.getSchema() === import_schema.SCHEMA.TIMESTAMP_DEFAULT ? options.default : ns.getSchema() ?? options.default : options.default; - switch (format) { - case import_schema.SCHEMA.TIMESTAMP_DATE_TIME: - return (0, import_serde2.parseRfc3339DateTimeWithOffset)(value); - case import_schema.SCHEMA.TIMESTAMP_HTTP_DATE: - return (0, import_serde2.parseRfc7231DateTime)(value); - case import_schema.SCHEMA.TIMESTAMP_EPOCH_SECONDS: - return (0, import_serde2.parseEpochTimestamp)(value); - default: - console.warn("Missing timestamp format, parsing value with Date constructor:", value); - return new Date(value); - } - } - if (ns.isBigIntegerSchema() && (typeof value === "number" || typeof value === "string")) { - return BigInt(value); - } - if (ns.isBigDecimalSchema() && value != void 0) { - if (value instanceof import_serde2.NumericValue) { - return value; - } - return new import_serde2.NumericValue(String(value), "bigDecimal"); - } - if (ns.isNumericSchema() && typeof value === "string") { - switch (value) { - case "Infinity": - return Infinity; - case "-Infinity": - return -Infinity; - case "NaN": - return NaN; - } - } - return value; - } -}; - -// src/submodules/protocols/json/JsonShapeSerializer.ts -var import_schema2 = __nccwpck_require__(9826); -var import_serde4 = __nccwpck_require__(7669); -var import_serde5 = __nccwpck_require__(7669); - -// src/submodules/protocols/json/jsonReplacer.ts -var import_serde3 = __nccwpck_require__(7669); -var NUMERIC_CONTROL_CHAR = String.fromCharCode(925); -var JsonReplacer = class { - static { - __name(this, "JsonReplacer"); - } - /** - * Stores placeholder key to true serialized value lookup. - */ - values = /* @__PURE__ */ new Map(); - counter = 0; - stage = 0; - /** - * Creates a jsonReplacer function that reserves big integer and big decimal values - * for later replacement. - */ - createReplacer() { - if (this.stage === 1) { - throw new Error("@aws-sdk/core/protocols - JsonReplacer already created."); - } - if (this.stage === 2) { - throw new Error("@aws-sdk/core/protocols - JsonReplacer exhausted."); - } - this.stage = 1; - return (key, value) => { - if (value instanceof import_serde3.NumericValue) { - const v = `${NUMERIC_CONTROL_CHAR + +"nv" + this.counter++}_` + value.string; - this.values.set(`"${v}"`, value.string); - return v; - } - if (typeof value === "bigint") { - const s = value.toString(); - const v = `${NUMERIC_CONTROL_CHAR + "b" + this.counter++}_` + s; - this.values.set(`"${v}"`, s); - return v; - } - return value; - }; - } - /** - * Replaces placeholder keys with their true values. - */ - replaceInJson(json) { - if (this.stage === 0) { - throw new Error("@aws-sdk/core/protocols - JsonReplacer not created yet."); - } - if (this.stage === 2) { - throw new Error("@aws-sdk/core/protocols - JsonReplacer exhausted."); - } - this.stage = 2; - if (this.counter === 0) { - return json; - } - for (const [key, value] of this.values) { - json = json.replace(key, value); - } - return json; - } -}; - -// src/submodules/protocols/json/JsonShapeSerializer.ts -var JsonShapeSerializer = class extends SerdeContextConfig { - constructor(settings) { - super(); - this.settings = settings; - } - static { - __name(this, "JsonShapeSerializer"); - } - buffer; - rootSchema; - write(schema, value) { - this.rootSchema = import_schema2.NormalizedSchema.of(schema); - this.buffer = this._write(this.rootSchema, value); - } - flush() { - if (this.rootSchema?.isStructSchema() || this.rootSchema?.isDocumentSchema()) { - const replacer = new JsonReplacer(); - return replacer.replaceInJson(JSON.stringify(this.buffer, replacer.createReplacer(), 0)); - } - return this.buffer; - } - _write(schema, value, container) { - const isObject = value !== null && typeof value === "object"; - const ns = import_schema2.NormalizedSchema.of(schema); - if (ns.isListSchema() && Array.isArray(value)) { - const listMember = ns.getValueSchema(); - const out = []; - const sparse = !!ns.getMergedTraits().sparse; - for (const item of value) { - if (sparse || item != null) { - out.push(this._write(listMember, item)); - } - } - return out; - } else if (ns.isMapSchema() && isObject) { - const mapMember = ns.getValueSchema(); - const out = {}; - const sparse = !!ns.getMergedTraits().sparse; - for (const [_k, _v] of Object.entries(value)) { - if (sparse || _v != null) { - out[_k] = this._write(mapMember, _v); - } - } - return out; - } else if (ns.isStructSchema() && isObject) { - const out = {}; - for (const [memberName, memberSchema] of ns.structIterator()) { - const targetKey = this.settings.jsonName ? memberSchema.getMergedTraits().jsonName ?? memberName : memberName; - const serializableValue = this._write(memberSchema, value[memberName], ns); - if (serializableValue !== void 0) { - out[targetKey] = serializableValue; - } - } - return out; - } - if (value === null && container?.isStructSchema()) { - return void 0; - } - if (ns.isBlobSchema() && (value instanceof Uint8Array || typeof value === "string")) { - if (ns === this.rootSchema) { - return value; - } - if (!this.serdeContext?.base64Encoder) { - throw new Error("Missing base64Encoder in serdeContext"); - } - return this.serdeContext?.base64Encoder(value); - } - if (ns.isTimestampSchema() && value instanceof Date) { - const options = this.settings.timestampFormat; - const format = options.useTrait ? ns.getSchema() === import_schema2.SCHEMA.TIMESTAMP_DEFAULT ? options.default : ns.getSchema() ?? options.default : options.default; - switch (format) { - case import_schema2.SCHEMA.TIMESTAMP_DATE_TIME: - return value.toISOString().replace(".000Z", "Z"); - case import_schema2.SCHEMA.TIMESTAMP_HTTP_DATE: - return (0, import_serde4.dateToUtcString)(value); - case import_schema2.SCHEMA.TIMESTAMP_EPOCH_SECONDS: - return value.getTime() / 1e3; - default: - console.warn("Missing timestamp format, using epoch seconds", value); - return value.getTime() / 1e3; - } - } - if (ns.isNumericSchema() && typeof value === "number") { - if (Math.abs(value) === Infinity || isNaN(value)) { - return String(value); - } - } - const mediaType = ns.getMergedTraits().mediaType; - if (ns.isStringSchema() && typeof value === "string" && mediaType) { - const isJson = mediaType === "application/json" || mediaType.endsWith("+json"); - if (isJson) { - return import_serde5.LazyJsonString.from(value); - } - } - return value; - } -}; - -// src/submodules/protocols/json/JsonCodec.ts -var JsonCodec = class extends SerdeContextConfig { - constructor(settings) { - super(); - this.settings = settings; - } - static { - __name(this, "JsonCodec"); - } - createSerializer() { - const serializer = new JsonShapeSerializer(this.settings); - serializer.setSerdeContext(this.serdeContext); - return serializer; - } - createDeserializer() { - const deserializer = new JsonShapeDeserializer(this.settings); - deserializer.setSerdeContext(this.serdeContext); - return deserializer; - } -}; - -// src/submodules/protocols/json/AwsJsonRpcProtocol.ts -var AwsJsonRpcProtocol = class extends import_protocols.RpcProtocol { - static { - __name(this, "AwsJsonRpcProtocol"); - } - serializer; - deserializer; - codec; - constructor({ defaultNamespace }) { - super({ - defaultNamespace - }); - this.codec = new JsonCodec({ - timestampFormat: { - useTrait: true, - default: import_schema3.SCHEMA.TIMESTAMP_EPOCH_SECONDS - }, - jsonName: false - }); - this.serializer = this.codec.createSerializer(); - this.deserializer = this.codec.createDeserializer(); - } - async serializeRequest(operationSchema, input, context) { - const request = await super.serializeRequest(operationSchema, input, context); - if (!request.path.endsWith("/")) { - request.path += "/"; - } - Object.assign(request.headers, { - "content-type": `application/x-amz-json-${this.getJsonRpcVersion()}`, - "x-amz-target": (this.getJsonRpcVersion() === "1.0" ? `JsonRpc10.` : `JsonProtocol.`) + import_schema3.NormalizedSchema.of(operationSchema).getName() - }); - if ((0, import_schema3.deref)(operationSchema.input) === "unit" || !request.body) { - request.body = "{}"; - } - try { - request.headers["content-length"] = String((0, import_util_body_length_browser.calculateBodyLength)(request.body)); - } catch (e) { - } - return request; - } - getPayloadCodec() { - return this.codec; - } - async handleError(operationSchema, context, response, dataObject, metadata) { - const errorIdentifier = loadRestJsonErrorCode(response, dataObject) ?? "Unknown"; - let namespace = this.options.defaultNamespace; - let errorName = errorIdentifier; - if (errorIdentifier.includes("#")) { - [namespace, errorName] = errorIdentifier.split("#"); - } - const registry = import_schema3.TypeRegistry.for(namespace); - let errorSchema; - try { - errorSchema = registry.getSchema(errorIdentifier); - } catch (e) { - const baseExceptionSchema = import_schema3.TypeRegistry.for("smithy.ts.sdk.synthetic." + namespace).getBaseException(); - if (baseExceptionSchema) { - const ErrorCtor = baseExceptionSchema.ctor; - throw Object.assign(new ErrorCtor(errorName), dataObject); - } - throw new Error(errorName); - } - const ns = import_schema3.NormalizedSchema.of(errorSchema); - const message = dataObject.message ?? dataObject.Message ?? "Unknown"; - const exception = new errorSchema.ctor(message); - await this.deserializeHttpMessage(errorSchema, context, response, dataObject); - const output = {}; - for (const [name, member] of ns.structIterator()) { - const target = member.getMergedTraits().jsonName ?? name; - output[name] = this.codec.createDeserializer().readObject(member, dataObject[target]); - } - Object.assign(exception, { - $metadata: metadata, - $response: response, - $fault: ns.getMergedTraits().error, - message, - ...output - }); - throw exception; - } -}; - -// src/submodules/protocols/json/AwsJson1_0Protocol.ts -var AwsJson1_0Protocol = class extends AwsJsonRpcProtocol { - static { - __name(this, "AwsJson1_0Protocol"); - } - constructor({ defaultNamespace }) { - super({ - defaultNamespace - }); - } - getShapeId() { - return "aws.protocols#awsJson1_0"; - } - getJsonRpcVersion() { - return "1.0"; - } -}; - -// src/submodules/protocols/json/AwsJson1_1Protocol.ts -var AwsJson1_1Protocol = class extends AwsJsonRpcProtocol { - static { - __name(this, "AwsJson1_1Protocol"); - } - constructor({ defaultNamespace }) { - super({ - defaultNamespace - }); - } - getShapeId() { - return "aws.protocols#awsJson1_1"; - } - getJsonRpcVersion() { - return "1.1"; - } -}; - -// src/submodules/protocols/json/AwsRestJsonProtocol.ts -var import_protocols2 = __nccwpck_require__(2241); -var import_schema4 = __nccwpck_require__(9826); -var import_util_body_length_browser2 = __nccwpck_require__(713); -var AwsRestJsonProtocol = class extends import_protocols2.HttpBindingProtocol { - static { - __name(this, "AwsRestJsonProtocol"); - } - serializer; - deserializer; - codec; - constructor({ defaultNamespace }) { - super({ - defaultNamespace - }); - const settings = { - timestampFormat: { - useTrait: true, - default: import_schema4.SCHEMA.TIMESTAMP_EPOCH_SECONDS - }, - httpBindings: true, - jsonName: true - }; - this.codec = new JsonCodec(settings); - this.serializer = new import_protocols2.HttpInterceptingShapeSerializer(this.codec.createSerializer(), settings); - this.deserializer = new import_protocols2.HttpInterceptingShapeDeserializer(this.codec.createDeserializer(), settings); - } - getShapeId() { - return "aws.protocols#restJson1"; - } - getPayloadCodec() { - return this.codec; - } - setSerdeContext(serdeContext) { - this.codec.setSerdeContext(serdeContext); - super.setSerdeContext(serdeContext); - } - async serializeRequest(operationSchema, input, context) { - const request = await super.serializeRequest(operationSchema, input, context); - const inputSchema = import_schema4.NormalizedSchema.of(operationSchema.input); - const members = inputSchema.getMemberSchemas(); - if (!request.headers["content-type"]) { - const httpPayloadMember = Object.values(members).find((m) => { - return !!m.getMergedTraits().httpPayload; - }); - if (httpPayloadMember) { - const mediaType = httpPayloadMember.getMergedTraits().mediaType; - if (mediaType) { - request.headers["content-type"] = mediaType; - } else if (httpPayloadMember.isStringSchema()) { - request.headers["content-type"] = "text/plain"; - } else if (httpPayloadMember.isBlobSchema()) { - request.headers["content-type"] = "application/octet-stream"; - } else { - request.headers["content-type"] = "application/json"; - } - } else if (!inputSchema.isUnitSchema()) { - const hasBody = Object.values(members).find((m) => { - const { httpQuery, httpQueryParams, httpHeader, httpLabel, httpPrefixHeaders } = m.getMergedTraits(); - return !httpQuery && !httpQueryParams && !httpHeader && !httpLabel && httpPrefixHeaders === void 0; - }); - if (hasBody) { - request.headers["content-type"] = "application/json"; - } - } - } - if (request.headers["content-type"] && !request.body) { - request.body = "{}"; - } - if (request.body) { - try { - request.headers["content-length"] = String((0, import_util_body_length_browser2.calculateBodyLength)(request.body)); - } catch (e) { - } - } - return request; - } - async handleError(operationSchema, context, response, dataObject, metadata) { - const errorIdentifier = loadRestJsonErrorCode(response, dataObject) ?? "Unknown"; - let namespace = this.options.defaultNamespace; - let errorName = errorIdentifier; - if (errorIdentifier.includes("#")) { - [namespace, errorName] = errorIdentifier.split("#"); - } - const registry = import_schema4.TypeRegistry.for(namespace); - let errorSchema; - try { - errorSchema = registry.getSchema(errorIdentifier); - } catch (e) { - const baseExceptionSchema = import_schema4.TypeRegistry.for("smithy.ts.sdk.synthetic." + namespace).getBaseException(); - if (baseExceptionSchema) { - const ErrorCtor = baseExceptionSchema.ctor; - throw Object.assign(new ErrorCtor(errorName), dataObject); - } - throw new Error(errorName); - } - const ns = import_schema4.NormalizedSchema.of(errorSchema); - const message = dataObject.message ?? dataObject.Message ?? "Unknown"; - const exception = new errorSchema.ctor(message); - await this.deserializeHttpMessage(errorSchema, context, response, dataObject); - const output = {}; - for (const [name, member] of ns.structIterator()) { - const target = member.getMergedTraits().jsonName ?? name; - output[name] = this.codec.createDeserializer().readObject(member, dataObject[target]); - } - Object.assign(exception, { - $metadata: metadata, - $response: response, - $fault: ns.getMergedTraits().error, - message, - ...output - }); - throw exception; - } -}; - -// src/submodules/protocols/json/awsExpectUnion.ts -var import_smithy_client2 = __nccwpck_require__(3570); -var awsExpectUnion = /* @__PURE__ */ __name((value) => { - if (value == null) { - return void 0; - } - if (typeof value === "object" && "__type" in value) { - delete value.__type; - } - return (0, import_smithy_client2.expectUnion)(value); -}, "awsExpectUnion"); - -// src/submodules/protocols/query/AwsQueryProtocol.ts -var import_protocols5 = __nccwpck_require__(2241); -var import_schema7 = __nccwpck_require__(9826); -var import_util_body_length_browser3 = __nccwpck_require__(713); - -// src/submodules/protocols/xml/XmlShapeDeserializer.ts -var import_protocols3 = __nccwpck_require__(2241); -var import_schema5 = __nccwpck_require__(9826); -var import_smithy_client3 = __nccwpck_require__(3570); -var import_util_utf8 = __nccwpck_require__(1895); -var import_fast_xml_parser = __nccwpck_require__(7773); -var XmlShapeDeserializer = class extends SerdeContextConfig { - constructor(settings) { - super(); - this.settings = settings; - this.stringDeserializer = new import_protocols3.FromStringShapeDeserializer(settings); - } - static { - __name(this, "XmlShapeDeserializer"); - } - stringDeserializer; - setSerdeContext(serdeContext) { - this.serdeContext = serdeContext; - this.stringDeserializer.setSerdeContext(serdeContext); - } - /** - * @param schema - describing the data. - * @param bytes - serialized data. - * @param key - used by AwsQuery to step one additional depth into the object before reading it. - */ - read(schema, bytes, key) { - const ns = import_schema5.NormalizedSchema.of(schema); - const memberSchemas = ns.getMemberSchemas(); - const isEventPayload = ns.isStructSchema() && ns.isMemberSchema() && !!Object.values(memberSchemas).find((memberNs) => { - return !!memberNs.getMemberTraits().eventPayload; - }); - if (isEventPayload) { - const output = {}; - const memberName = Object.keys(memberSchemas)[0]; - const eventMemberSchema = memberSchemas[memberName]; - if (eventMemberSchema.isBlobSchema()) { - output[memberName] = bytes; - } else { - output[memberName] = this.read(memberSchemas[memberName], bytes); - } - return output; - } - const xmlString = (this.serdeContext?.utf8Encoder ?? import_util_utf8.toUtf8)(bytes); - const parsedObject = this.parseXml(xmlString); - return this.readSchema(schema, key ? parsedObject[key] : parsedObject); - } - readSchema(_schema, value) { - const ns = import_schema5.NormalizedSchema.of(_schema); - const traits = ns.getMergedTraits(); - const schema = ns.getSchema(); - if (ns.isListSchema() && !Array.isArray(value)) { - return this.readSchema(schema, [value]); - } - if (value == null) { - return value; - } - if (typeof value === "object") { - const sparse = !!traits.sparse; - const flat = !!traits.xmlFlattened; - if (ns.isListSchema()) { - const listValue = ns.getValueSchema(); - const buffer2 = []; - const sourceKey = listValue.getMergedTraits().xmlName ?? "member"; - const source = flat ? value : (value[0] ?? value)[sourceKey]; - const sourceArray = Array.isArray(source) ? source : [source]; - for (const v of sourceArray) { - if (v != null || sparse) { - buffer2.push(this.readSchema(listValue, v)); - } - } - return buffer2; - } - const buffer = {}; - if (ns.isMapSchema()) { - const keyNs = ns.getKeySchema(); - const memberNs = ns.getValueSchema(); - let entries; - if (flat) { - entries = Array.isArray(value) ? value : [value]; - } else { - entries = Array.isArray(value.entry) ? value.entry : [value.entry]; - } - const keyProperty = keyNs.getMergedTraits().xmlName ?? "key"; - const valueProperty = memberNs.getMergedTraits().xmlName ?? "value"; - for (const entry of entries) { - const key = entry[keyProperty]; - const value2 = entry[valueProperty]; - if (value2 != null || sparse) { - buffer[key] = this.readSchema(memberNs, value2); - } - } - return buffer; - } - if (ns.isStructSchema()) { - for (const [memberName, memberSchema] of ns.structIterator()) { - const memberTraits = memberSchema.getMergedTraits(); - const xmlObjectKey = !memberTraits.httpPayload ? memberSchema.getMemberTraits().xmlName ?? memberName : memberTraits.xmlName ?? memberSchema.getName(); - if (value[xmlObjectKey] != null) { - buffer[memberName] = this.readSchema(memberSchema, value[xmlObjectKey]); - } - } - return buffer; - } - if (ns.isDocumentSchema()) { - return value; - } - throw new Error(`@aws-sdk/core/protocols - xml deserializer unhandled schema type for ${ns.getName(true)}`); - } else { - if (ns.isListSchema()) { - return []; - } else if (ns.isMapSchema() || ns.isStructSchema()) { - return {}; - } - return this.stringDeserializer.read(ns, value); - } - } - parseXml(xml) { - if (xml.length) { - const parser = new import_fast_xml_parser.XMLParser({ - attributeNamePrefix: "", - htmlEntities: true, - ignoreAttributes: false, - ignoreDeclaration: true, - parseTagValue: false, - trimValues: false, - tagValueProcessor: /* @__PURE__ */ __name((_, val) => val.trim() === "" && val.includes("\n") ? "" : void 0, "tagValueProcessor") - }); - parser.addEntity("#xD", "\r"); - parser.addEntity("#10", "\n"); - let parsedObj; - try { - parsedObj = parser.parse(xml, true); - } catch (e) { - if (e && typeof e === "object") { - Object.defineProperty(e, "$responseBodyText", { - value: xml - }); - } - throw e; - } - const textNodeName = "#text"; - const key = Object.keys(parsedObj)[0]; - const parsedObjToReturn = parsedObj[key]; - if (parsedObjToReturn[textNodeName]) { - parsedObjToReturn[key] = parsedObjToReturn[textNodeName]; - delete parsedObjToReturn[textNodeName]; - } - return (0, import_smithy_client3.getValueFromTextNode)(parsedObjToReturn); - } - return {}; - } -}; - -// src/submodules/protocols/query/QueryShapeSerializer.ts -var import_protocols4 = __nccwpck_require__(2241); -var import_schema6 = __nccwpck_require__(9826); -var import_serde6 = __nccwpck_require__(7669); -var import_smithy_client4 = __nccwpck_require__(3570); -var import_util_base642 = __nccwpck_require__(5600); -var QueryShapeSerializer = class extends SerdeContextConfig { - constructor(settings) { - super(); - this.settings = settings; - } - static { - __name(this, "QueryShapeSerializer"); - } - buffer; - write(schema, value, prefix = "") { - if (this.buffer === void 0) { - this.buffer = ""; - } - const ns = import_schema6.NormalizedSchema.of(schema); - if (prefix && !prefix.endsWith(".")) { - prefix += "."; - } - if (ns.isBlobSchema()) { - if (typeof value === "string" || value instanceof Uint8Array) { - this.writeKey(prefix); - this.writeValue((this.serdeContext?.base64Encoder ?? import_util_base642.toBase64)(value)); - } - } else if (ns.isBooleanSchema() || ns.isNumericSchema() || ns.isStringSchema()) { - if (value != null) { - this.writeKey(prefix); - this.writeValue(String(value)); - } - } else if (ns.isBigIntegerSchema()) { - if (value != null) { - this.writeKey(prefix); - this.writeValue(String(value)); - } - } else if (ns.isBigDecimalSchema()) { - if (value != null) { - this.writeKey(prefix); - this.writeValue(value instanceof import_serde6.NumericValue ? value.string : String(value)); - } - } else if (ns.isTimestampSchema()) { - if (value instanceof Date) { - this.writeKey(prefix); - const format = (0, import_protocols4.determineTimestampFormat)(ns, this.settings); - switch (format) { - case import_schema6.SCHEMA.TIMESTAMP_DATE_TIME: - this.writeValue(value.toISOString().replace(".000Z", "Z")); - break; - case import_schema6.SCHEMA.TIMESTAMP_HTTP_DATE: - this.writeValue((0, import_smithy_client4.dateToUtcString)(value)); - break; - case import_schema6.SCHEMA.TIMESTAMP_EPOCH_SECONDS: - this.writeValue(String(value.getTime() / 1e3)); - break; - } - } - } else if (ns.isDocumentSchema()) { - throw new Error(`@aws-sdk/core/protocols - QuerySerializer unsupported document type ${ns.getName(true)}`); - } else if (ns.isListSchema()) { - if (Array.isArray(value)) { - if (value.length === 0) { - if (this.settings.serializeEmptyLists) { - this.writeKey(prefix); - this.writeValue(""); - } - } else { - const member = ns.getValueSchema(); - const flat = this.settings.flattenLists || ns.getMergedTraits().xmlFlattened; - let i = 1; - for (const item of value) { - if (item == null) { - continue; - } - const suffix = this.getKey("member", member.getMergedTraits().xmlName); - const key = flat ? `${prefix}${i}` : `${prefix}${suffix}.${i}`; - this.write(member, item, key); - ++i; - } - } - } - } else if (ns.isMapSchema()) { - if (value && typeof value === "object") { - const keySchema = ns.getKeySchema(); - const memberSchema = ns.getValueSchema(); - const flat = ns.getMergedTraits().xmlFlattened; - let i = 1; - for (const [k, v] of Object.entries(value)) { - if (v == null) { - continue; - } - const keySuffix = this.getKey("key", keySchema.getMergedTraits().xmlName); - const key = flat ? `${prefix}${i}.${keySuffix}` : `${prefix}entry.${i}.${keySuffix}`; - const valueSuffix = this.getKey("value", memberSchema.getMergedTraits().xmlName); - const valueKey = flat ? `${prefix}${i}.${valueSuffix}` : `${prefix}entry.${i}.${valueSuffix}`; - this.write(keySchema, k, key); - this.write(memberSchema, v, valueKey); - ++i; - } - } - } else if (ns.isStructSchema()) { - if (value && typeof value === "object") { - for (const [memberName, member] of ns.structIterator()) { - if (value[memberName] == null) { - continue; - } - const suffix = this.getKey(memberName, member.getMergedTraits().xmlName); - const key = `${prefix}${suffix}`; - this.write(member, value[memberName], key); - } - } - } else if (ns.isUnitSchema()) { - } else { - throw new Error(`@aws-sdk/core/protocols - QuerySerializer unrecognized schema type ${ns.getName(true)}`); - } - } - flush() { - if (this.buffer === void 0) { - throw new Error("@aws-sdk/core/protocols - QuerySerializer cannot flush with nothing written to buffer."); - } - const str = this.buffer; - delete this.buffer; - return str; - } - getKey(memberName, xmlName) { - const key = xmlName ?? memberName; - if (this.settings.capitalizeKeys) { - return key[0].toUpperCase() + key.slice(1); - } - return key; - } - writeKey(key) { - if (key.endsWith(".")) { - key = key.slice(0, key.length - 1); - } - this.buffer += `&${(0, import_protocols4.extendedEncodeURIComponent)(key)}=`; - } - writeValue(value) { - this.buffer += (0, import_protocols4.extendedEncodeURIComponent)(value); - } -}; - -// src/submodules/protocols/query/AwsQueryProtocol.ts -var AwsQueryProtocol = class extends import_protocols5.RpcProtocol { - constructor(options) { - super({ - defaultNamespace: options.defaultNamespace - }); - this.options = options; - const settings = { - timestampFormat: { - useTrait: true, - default: import_schema7.SCHEMA.TIMESTAMP_DATE_TIME - }, - httpBindings: false, - xmlNamespace: options.xmlNamespace, - serviceNamespace: options.defaultNamespace, - serializeEmptyLists: true - }; - this.serializer = new QueryShapeSerializer(settings); - this.deserializer = new XmlShapeDeserializer(settings); - } - static { - __name(this, "AwsQueryProtocol"); - } - serializer; - deserializer; - getShapeId() { - return "aws.protocols#awsQuery"; - } - setSerdeContext(serdeContext) { - this.serializer.setSerdeContext(serdeContext); - this.deserializer.setSerdeContext(serdeContext); - } - getPayloadCodec() { - throw new Error("AWSQuery protocol has no payload codec."); - } - async serializeRequest(operationSchema, input, context) { - const request = await super.serializeRequest(operationSchema, input, context); - if (!request.path.endsWith("/")) { - request.path += "/"; - } - Object.assign(request.headers, { - "content-type": `application/x-www-form-urlencoded` - }); - if ((0, import_schema7.deref)(operationSchema.input) === "unit" || !request.body) { - request.body = ""; - } - request.body = `Action=${operationSchema.name.split("#")[1]}&Version=${this.options.version}` + request.body; - if (request.body.endsWith("&")) { - request.body = request.body.slice(-1); - } - try { - request.headers["content-length"] = String((0, import_util_body_length_browser3.calculateBodyLength)(request.body)); - } catch (e) { - } - return request; - } - async deserializeResponse(operationSchema, context, response) { - const deserializer = this.deserializer; - const ns = import_schema7.NormalizedSchema.of(operationSchema.output); - const dataObject = {}; - if (response.statusCode >= 300) { - const bytes2 = await (0, import_protocols5.collectBody)(response.body, context); - if (bytes2.byteLength > 0) { - Object.assign(dataObject, await deserializer.read(import_schema7.SCHEMA.DOCUMENT, bytes2)); - } - await this.handleError(operationSchema, context, response, dataObject, this.deserializeMetadata(response)); - } - for (const header in response.headers) { - const value = response.headers[header]; - delete response.headers[header]; - response.headers[header.toLowerCase()] = value; - } - const awsQueryResultKey = ns.isStructSchema() && this.useNestedResult() ? operationSchema.name.split("#")[1] + "Result" : void 0; - const bytes = await (0, import_protocols5.collectBody)(response.body, context); - if (bytes.byteLength > 0) { - Object.assign(dataObject, await deserializer.read(ns, bytes, awsQueryResultKey)); - } - const output = { - $metadata: this.deserializeMetadata(response), - ...dataObject - }; - return output; - } - /** - * EC2 Query overrides this. - */ - useNestedResult() { - return true; - } - async handleError(operationSchema, context, response, dataObject, metadata) { - const errorIdentifier = this.loadQueryErrorCode(response, dataObject) ?? "Unknown"; - let namespace = this.options.defaultNamespace; - let errorName = errorIdentifier; - if (errorIdentifier.includes("#")) { - [namespace, errorName] = errorIdentifier.split("#"); - } - const errorDataSource = this.loadQueryError(dataObject); - const registry = import_schema7.TypeRegistry.for(namespace); - let errorSchema; - try { - errorSchema = registry.find( - (schema) => import_schema7.NormalizedSchema.of(schema).getMergedTraits().awsQueryError?.[0] === errorName - ); - if (!errorSchema) { - errorSchema = registry.getSchema(errorIdentifier); - } - } catch (e) { - const baseExceptionSchema = import_schema7.TypeRegistry.for("smithy.ts.sdk.synthetic." + namespace).getBaseException(); - if (baseExceptionSchema) { - const ErrorCtor = baseExceptionSchema.ctor; - throw Object.assign(new ErrorCtor(errorName), errorDataSource); - } - throw new Error(errorName); - } - const ns = import_schema7.NormalizedSchema.of(errorSchema); - const message = this.loadQueryErrorMessage(dataObject); - const exception = new errorSchema.ctor(message); - const output = {}; - for (const [name, member] of ns.structIterator()) { - const target = member.getMergedTraits().xmlName ?? name; - const value = errorDataSource[target] ?? dataObject[target]; - output[name] = this.deserializer.readSchema(member, value); - } - Object.assign(exception, { - $metadata: metadata, - $response: response, - $fault: ns.getMergedTraits().error, - message, - ...output - }); - throw exception; - } - /** - * The variations in the error and error message locations are attributed to - * divergence between AWS Query and EC2 Query behavior. - */ - loadQueryErrorCode(output, data) { - const code = (data.Errors?.[0]?.Error ?? data.Errors?.Error ?? data.Error)?.Code; - if (code !== void 0) { - return code; - } - if (output.statusCode == 404) { - return "NotFound"; - } - } - loadQueryError(data) { - return data.Errors?.[0]?.Error ?? data.Errors?.Error ?? data.Error; - } - loadQueryErrorMessage(data) { - const errorData = this.loadQueryError(data); - return errorData?.message ?? errorData?.Message ?? data.message ?? data.Message ?? "Unknown"; - } -}; - -// src/submodules/protocols/query/AwsEc2QueryProtocol.ts -var AwsEc2QueryProtocol = class extends AwsQueryProtocol { - constructor(options) { - super(options); - this.options = options; - const ec2Settings = { - capitalizeKeys: true, - flattenLists: true, - serializeEmptyLists: false - }; - Object.assign(this.serializer.settings, ec2Settings); - } - static { - __name(this, "AwsEc2QueryProtocol"); - } - /** - * EC2 Query reads XResponse.XResult instead of XResponse directly. - */ - useNestedResult() { - return false; - } -}; - -// src/submodules/protocols/xml/AwsRestXmlProtocol.ts -var import_protocols6 = __nccwpck_require__(2241); -var import_schema9 = __nccwpck_require__(9826); -var import_util_body_length_browser4 = __nccwpck_require__(713); - -// src/submodules/protocols/xml/parseXmlBody.ts -var import_smithy_client5 = __nccwpck_require__(3570); -var import_fast_xml_parser2 = __nccwpck_require__(7773); -var parseXmlBody = /* @__PURE__ */ __name((streamBody, context) => collectBodyString(streamBody, context).then((encoded) => { - if (encoded.length) { - const parser = new import_fast_xml_parser2.XMLParser({ - attributeNamePrefix: "", - htmlEntities: true, - ignoreAttributes: false, - ignoreDeclaration: true, - parseTagValue: false, - trimValues: false, - tagValueProcessor: /* @__PURE__ */ __name((_, val) => val.trim() === "" && val.includes("\n") ? "" : void 0, "tagValueProcessor") - }); - parser.addEntity("#xD", "\r"); - parser.addEntity("#10", "\n"); - let parsedObj; - try { - parsedObj = parser.parse(encoded, true); - } catch (e) { - if (e && typeof e === "object") { - Object.defineProperty(e, "$responseBodyText", { - value: encoded - }); - } - throw e; - } - const textNodeName = "#text"; - const key = Object.keys(parsedObj)[0]; - const parsedObjToReturn = parsedObj[key]; - if (parsedObjToReturn[textNodeName]) { - parsedObjToReturn[key] = parsedObjToReturn[textNodeName]; - delete parsedObjToReturn[textNodeName]; - } - return (0, import_smithy_client5.getValueFromTextNode)(parsedObjToReturn); - } - return {}; -}), "parseXmlBody"); -var parseXmlErrorBody = /* @__PURE__ */ __name(async (errorBody, context) => { - const value = await parseXmlBody(errorBody, context); - if (value.Error) { - value.Error.message = value.Error.message ?? value.Error.Message; - } - return value; -}, "parseXmlErrorBody"); -var loadRestXmlErrorCode = /* @__PURE__ */ __name((output, data) => { - if (data?.Error?.Code !== void 0) { - return data.Error.Code; - } - if (data?.Code !== void 0) { - return data.Code; - } - if (output.statusCode == 404) { - return "NotFound"; - } -}, "loadRestXmlErrorCode"); - -// src/submodules/protocols/xml/XmlShapeSerializer.ts -var import_xml_builder = __nccwpck_require__(2329); -var import_schema8 = __nccwpck_require__(9826); -var import_serde7 = __nccwpck_require__(7669); -var import_smithy_client6 = __nccwpck_require__(3570); -var import_util_base643 = __nccwpck_require__(5600); -var XmlShapeSerializer = class extends SerdeContextConfig { - constructor(settings) { - super(); - this.settings = settings; - } - static { - __name(this, "XmlShapeSerializer"); - } - stringBuffer; - byteBuffer; - buffer; - write(schema, value) { - const ns = import_schema8.NormalizedSchema.of(schema); - if (ns.isStringSchema() && typeof value === "string") { - this.stringBuffer = value; - } else if (ns.isBlobSchema()) { - this.byteBuffer = "byteLength" in value ? value : (this.serdeContext?.base64Decoder ?? import_util_base643.fromBase64)(value); - } else { - this.buffer = this.writeStruct(ns, value, void 0); - const traits = ns.getMergedTraits(); - if (traits.httpPayload && !traits.xmlName) { - this.buffer.withName(ns.getName()); - } - } - } - flush() { - if (this.byteBuffer !== void 0) { - const bytes = this.byteBuffer; - delete this.byteBuffer; - return bytes; - } - if (this.stringBuffer !== void 0) { - const str = this.stringBuffer; - delete this.stringBuffer; - return str; - } - const buffer = this.buffer; - if (this.settings.xmlNamespace) { - if (!buffer?.attributes?.["xmlns"]) { - buffer.addAttribute("xmlns", this.settings.xmlNamespace); - } - } - delete this.buffer; - return buffer.toString(); - } - writeStruct(ns, value, parentXmlns) { - const traits = ns.getMergedTraits(); - const name = ns.isMemberSchema() && !traits.httpPayload ? ns.getMemberTraits().xmlName ?? ns.getMemberName() : traits.xmlName ?? ns.getName(); - if (!name || !ns.isStructSchema()) { - throw new Error( - `@aws-sdk/core/protocols - xml serializer, cannot write struct with empty name or non-struct, schema=${ns.getName( - true - )}.` - ); - } - const structXmlNode = import_xml_builder.XmlNode.of(name); - const [xmlnsAttr, xmlns] = this.getXmlnsAttribute(ns, parentXmlns); - if (xmlns) { - structXmlNode.addAttribute(xmlnsAttr, xmlns); - } - for (const [memberName, memberSchema] of ns.structIterator()) { - const val = value[memberName]; - if (val != null) { - if (memberSchema.getMergedTraits().xmlAttribute) { - structXmlNode.addAttribute( - memberSchema.getMergedTraits().xmlName ?? memberName, - this.writeSimple(memberSchema, val) - ); - continue; - } - if (memberSchema.isListSchema()) { - this.writeList(memberSchema, val, structXmlNode, xmlns); - } else if (memberSchema.isMapSchema()) { - this.writeMap(memberSchema, val, structXmlNode, xmlns); - } else if (memberSchema.isStructSchema()) { - structXmlNode.addChildNode(this.writeStruct(memberSchema, val, xmlns)); - } else { - const memberNode = import_xml_builder.XmlNode.of(memberSchema.getMergedTraits().xmlName ?? memberSchema.getMemberName()); - this.writeSimpleInto(memberSchema, val, memberNode, xmlns); - structXmlNode.addChildNode(memberNode); - } - } - } - return structXmlNode; - } - writeList(listMember, array, container, parentXmlns) { - if (!listMember.isMemberSchema()) { - throw new Error( - `@aws-sdk/core/protocols - xml serializer, cannot write non-member list: ${listMember.getName(true)}` - ); - } - const listTraits = listMember.getMergedTraits(); - const listValueSchema = listMember.getValueSchema(); - const listValueTraits = listValueSchema.getMergedTraits(); - const sparse = !!listValueTraits.sparse; - const flat = !!listTraits.xmlFlattened; - const [xmlnsAttr, xmlns] = this.getXmlnsAttribute(listMember, parentXmlns); - const writeItem = /* @__PURE__ */ __name((container2, value) => { - if (listValueSchema.isListSchema()) { - this.writeList(listValueSchema, Array.isArray(value) ? value : [value], container2, xmlns); - } else if (listValueSchema.isMapSchema()) { - this.writeMap(listValueSchema, value, container2, xmlns); - } else if (listValueSchema.isStructSchema()) { - const struct = this.writeStruct(listValueSchema, value, xmlns); - container2.addChildNode( - struct.withName(flat ? listTraits.xmlName ?? listMember.getMemberName() : listValueTraits.xmlName ?? "member") - ); - } else { - const listItemNode = import_xml_builder.XmlNode.of( - flat ? listTraits.xmlName ?? listMember.getMemberName() : listValueTraits.xmlName ?? "member" - ); - this.writeSimpleInto(listValueSchema, value, listItemNode, xmlns); - container2.addChildNode(listItemNode); - } - }, "writeItem"); - if (flat) { - for (const value of array) { - if (sparse || value != null) { - writeItem(container, value); - } - } - } else { - const listNode = import_xml_builder.XmlNode.of(listTraits.xmlName ?? listMember.getMemberName()); - if (xmlns) { - listNode.addAttribute(xmlnsAttr, xmlns); - } - for (const value of array) { - if (sparse || value != null) { - writeItem(listNode, value); - } - } - container.addChildNode(listNode); - } - } - writeMap(mapMember, map, container, parentXmlns, containerIsMap = false) { - if (!mapMember.isMemberSchema()) { - throw new Error( - `@aws-sdk/core/protocols - xml serializer, cannot write non-member map: ${mapMember.getName(true)}` - ); - } - const mapTraits = mapMember.getMergedTraits(); - const mapKeySchema = mapMember.getKeySchema(); - const mapKeyTraits = mapKeySchema.getMergedTraits(); - const keyTag = mapKeyTraits.xmlName ?? "key"; - const mapValueSchema = mapMember.getValueSchema(); - const mapValueTraits = mapValueSchema.getMergedTraits(); - const valueTag = mapValueTraits.xmlName ?? "value"; - const sparse = !!mapValueTraits.sparse; - const flat = !!mapTraits.xmlFlattened; - const [xmlnsAttr, xmlns] = this.getXmlnsAttribute(mapMember, parentXmlns); - const addKeyValue = /* @__PURE__ */ __name((entry, key, val) => { - const keyNode = import_xml_builder.XmlNode.of(keyTag, key); - const [keyXmlnsAttr, keyXmlns] = this.getXmlnsAttribute(mapKeySchema, xmlns); - if (keyXmlns) { - keyNode.addAttribute(keyXmlnsAttr, keyXmlns); - } - entry.addChildNode(keyNode); - let valueNode = import_xml_builder.XmlNode.of(valueTag); - if (mapValueSchema.isListSchema()) { - this.writeList(mapValueSchema, val, valueNode, xmlns); - } else if (mapValueSchema.isMapSchema()) { - this.writeMap(mapValueSchema, val, valueNode, xmlns, true); - } else if (mapValueSchema.isStructSchema()) { - valueNode = this.writeStruct(mapValueSchema, val, xmlns); - } else { - this.writeSimpleInto(mapValueSchema, val, valueNode, xmlns); - } - entry.addChildNode(valueNode); - }, "addKeyValue"); - if (flat) { - for (const [key, val] of Object.entries(map)) { - if (sparse || val != null) { - const entry = import_xml_builder.XmlNode.of(mapTraits.xmlName ?? mapMember.getMemberName()); - addKeyValue(entry, key, val); - container.addChildNode(entry); - } - } - } else { - let mapNode; - if (!containerIsMap) { - mapNode = import_xml_builder.XmlNode.of(mapTraits.xmlName ?? mapMember.getMemberName()); - if (xmlns) { - mapNode.addAttribute(xmlnsAttr, xmlns); - } - container.addChildNode(mapNode); - } - for (const [key, val] of Object.entries(map)) { - if (sparse || val != null) { - const entry = import_xml_builder.XmlNode.of("entry"); - addKeyValue(entry, key, val); - (containerIsMap ? container : mapNode).addChildNode(entry); - } - } - } - } - writeSimple(_schema, value) { - if (null === value) { - throw new Error("@aws-sdk/core/protocols - (XML serializer) cannot write null value."); - } - const ns = import_schema8.NormalizedSchema.of(_schema); - let nodeContents = null; - if (value && typeof value === "object") { - if (ns.isBlobSchema()) { - nodeContents = (this.serdeContext?.base64Encoder ?? import_util_base643.toBase64)(value); - } else if (ns.isTimestampSchema() && value instanceof Date) { - const options = this.settings.timestampFormat; - const format = options.useTrait ? ns.getSchema() === import_schema8.SCHEMA.TIMESTAMP_DEFAULT ? options.default : ns.getSchema() ?? options.default : options.default; - switch (format) { - case import_schema8.SCHEMA.TIMESTAMP_DATE_TIME: - nodeContents = value.toISOString().replace(".000Z", "Z"); - break; - case import_schema8.SCHEMA.TIMESTAMP_HTTP_DATE: - nodeContents = (0, import_smithy_client6.dateToUtcString)(value); - break; - case import_schema8.SCHEMA.TIMESTAMP_EPOCH_SECONDS: - nodeContents = String(value.getTime() / 1e3); - break; - default: - console.warn("Missing timestamp format, using http date", value); - nodeContents = (0, import_smithy_client6.dateToUtcString)(value); - break; - } - } else if (ns.isBigDecimalSchema() && value) { - if (value instanceof import_serde7.NumericValue) { - return value.string; - } - return String(value); - } else if (ns.isMapSchema() || ns.isListSchema()) { - throw new Error( - "@aws-sdk/core/protocols - xml serializer, cannot call _write() on List/Map schema, call writeList or writeMap() instead." - ); - } else { - throw new Error( - `@aws-sdk/core/protocols - xml serializer, unhandled schema type for object value and schema: ${ns.getName( - true - )}` - ); - } - } - if (ns.isStringSchema() || ns.isBooleanSchema() || ns.isNumericSchema() || ns.isBigIntegerSchema() || ns.isBigDecimalSchema()) { - nodeContents = String(value); - } - if (nodeContents === null) { - throw new Error(`Unhandled schema-value pair ${ns.getName(true)}=${value}`); - } - return nodeContents; - } - writeSimpleInto(_schema, value, into, parentXmlns) { - const nodeContents = this.writeSimple(_schema, value); - const ns = import_schema8.NormalizedSchema.of(_schema); - const content = new import_xml_builder.XmlText(nodeContents); - const [xmlnsAttr, xmlns] = this.getXmlnsAttribute(ns, parentXmlns); - if (xmlns) { - into.addAttribute(xmlnsAttr, xmlns); - } - into.addChildNode(content); - } - getXmlnsAttribute(ns, parentXmlns) { - const traits = ns.getMergedTraits(); - const [prefix, xmlns] = traits.xmlNamespace ?? []; - if (xmlns && xmlns !== parentXmlns) { - return [prefix ? `xmlns:${prefix}` : "xmlns", xmlns]; - } - return [void 0, void 0]; - } -}; - -// src/submodules/protocols/xml/XmlCodec.ts -var XmlCodec = class extends SerdeContextConfig { - constructor(settings) { - super(); - this.settings = settings; - } - static { - __name(this, "XmlCodec"); - } - createSerializer() { - const serializer = new XmlShapeSerializer(this.settings); - serializer.setSerdeContext(this.serdeContext); - return serializer; - } - createDeserializer() { - const deserializer = new XmlShapeDeserializer(this.settings); - deserializer.setSerdeContext(this.serdeContext); - return deserializer; - } -}; - -// src/submodules/protocols/xml/AwsRestXmlProtocol.ts -var AwsRestXmlProtocol = class extends import_protocols6.HttpBindingProtocol { - static { - __name(this, "AwsRestXmlProtocol"); - } - codec; - serializer; - deserializer; - constructor(options) { - super(options); - const settings = { - timestampFormat: { - useTrait: true, - default: import_schema9.SCHEMA.TIMESTAMP_DATE_TIME - }, - httpBindings: true, - xmlNamespace: options.xmlNamespace, - serviceNamespace: options.defaultNamespace - }; - this.codec = new XmlCodec(settings); - this.serializer = new import_protocols6.HttpInterceptingShapeSerializer(this.codec.createSerializer(), settings); - this.deserializer = new import_protocols6.HttpInterceptingShapeDeserializer(this.codec.createDeserializer(), settings); - } - getPayloadCodec() { - return this.codec; - } - getShapeId() { - return "aws.protocols#restXml"; - } - async serializeRequest(operationSchema, input, context) { - const request = await super.serializeRequest(operationSchema, input, context); - const ns = import_schema9.NormalizedSchema.of(operationSchema.input); - const members = ns.getMemberSchemas(); - request.path = String(request.path).split("/").filter((segment) => { - return segment !== "{Bucket}"; - }).join("/") || "/"; - if (!request.headers["content-type"]) { - const httpPayloadMember = Object.values(members).find((m) => { - return !!m.getMergedTraits().httpPayload; - }); - if (httpPayloadMember) { - const mediaType = httpPayloadMember.getMergedTraits().mediaType; - if (mediaType) { - request.headers["content-type"] = mediaType; - } else if (httpPayloadMember.isStringSchema()) { - request.headers["content-type"] = "text/plain"; - } else if (httpPayloadMember.isBlobSchema()) { - request.headers["content-type"] = "application/octet-stream"; - } else { - request.headers["content-type"] = "application/xml"; - } - } else if (!ns.isUnitSchema()) { - const hasBody = Object.values(members).find((m) => { - const { httpQuery, httpQueryParams, httpHeader, httpLabel, httpPrefixHeaders } = m.getMergedTraits(); - return !httpQuery && !httpQueryParams && !httpHeader && !httpLabel && httpPrefixHeaders === void 0; - }); - if (hasBody) { - request.headers["content-type"] = "application/xml"; - } - } - } - if (request.headers["content-type"] === "application/xml") { - if (typeof request.body === "string") { - request.body = '' + request.body; - } - } - if (request.body) { - try { - request.headers["content-length"] = String((0, import_util_body_length_browser4.calculateBodyLength)(request.body)); - } catch (e) { - } - } - return request; - } - async deserializeResponse(operationSchema, context, response) { - return super.deserializeResponse(operationSchema, context, response); - } - async handleError(operationSchema, context, response, dataObject, metadata) { - const errorIdentifier = loadRestXmlErrorCode(response, dataObject) ?? "Unknown"; - let namespace = this.options.defaultNamespace; - let errorName = errorIdentifier; - if (errorIdentifier.includes("#")) { - [namespace, errorName] = errorIdentifier.split("#"); - } - const registry = import_schema9.TypeRegistry.for(namespace); - let errorSchema; - try { - errorSchema = registry.getSchema(errorIdentifier); - } catch (e) { - const baseExceptionSchema = import_schema9.TypeRegistry.for("smithy.ts.sdk.synthetic." + namespace).getBaseException(); - if (baseExceptionSchema) { - const ErrorCtor = baseExceptionSchema.ctor; - throw Object.assign(new ErrorCtor(errorName), dataObject); - } - throw new Error(errorName); - } - const ns = import_schema9.NormalizedSchema.of(errorSchema); - const message = dataObject.Error?.message ?? dataObject.Error?.Message ?? dataObject.message ?? dataObject.Message ?? "Unknown"; - const exception = new errorSchema.ctor(message); - await this.deserializeHttpMessage(errorSchema, context, response, dataObject); - const output = {}; - for (const [name, member] of ns.structIterator()) { - const target = member.getMergedTraits().xmlName ?? name; - const value = dataObject.Error?.[target] ?? dataObject[target]; - output[name] = this.codec.createDeserializer().readSchema(member, value); - } - Object.assign(exception, { - $metadata: metadata, - $response: response, - $fault: ns.getMergedTraits().error, - message, - ...output - }); - throw exception; - } -}; -// Annotate the CommonJS export names for ESM import in node: -0 && (0); - - -/***/ }), - -/***/ 4407: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - ENV_ACCOUNT_ID: () => ENV_ACCOUNT_ID, - ENV_CREDENTIAL_SCOPE: () => ENV_CREDENTIAL_SCOPE, - ENV_EXPIRATION: () => ENV_EXPIRATION, - ENV_KEY: () => ENV_KEY, - ENV_SECRET: () => ENV_SECRET, - ENV_SESSION: () => ENV_SESSION, - fromEnv: () => fromEnv -}); -module.exports = __toCommonJS(index_exports); - -// src/fromEnv.ts -var import_client = __nccwpck_require__(6510); -var import_property_provider = __nccwpck_require__(9721); -var ENV_KEY = "AWS_ACCESS_KEY_ID"; -var ENV_SECRET = "AWS_SECRET_ACCESS_KEY"; -var ENV_SESSION = "AWS_SESSION_TOKEN"; -var ENV_EXPIRATION = "AWS_CREDENTIAL_EXPIRATION"; -var ENV_CREDENTIAL_SCOPE = "AWS_CREDENTIAL_SCOPE"; -var ENV_ACCOUNT_ID = "AWS_ACCOUNT_ID"; -var fromEnv = /* @__PURE__ */ __name((init) => async () => { - init?.logger?.debug("@aws-sdk/credential-provider-env - fromEnv"); - const accessKeyId = process.env[ENV_KEY]; - const secretAccessKey = process.env[ENV_SECRET]; - const sessionToken = process.env[ENV_SESSION]; - const expiry = process.env[ENV_EXPIRATION]; - const credentialScope = process.env[ENV_CREDENTIAL_SCOPE]; - const accountId = process.env[ENV_ACCOUNT_ID]; - if (accessKeyId && secretAccessKey) { - const credentials = { - accessKeyId, - secretAccessKey, - ...sessionToken && { sessionToken }, - ...expiry && { expiration: new Date(expiry) }, - ...credentialScope && { credentialScope }, - ...accountId && { accountId } - }; - (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_ENV_VARS", "g"); - return credentials; - } - throw new import_property_provider.CredentialsProviderError("Unable to find environment variable credentials.", { logger: init?.logger }); -}, "fromEnv"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 7519: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.checkUrl = void 0; -const property_provider_1 = __nccwpck_require__(9721); -const LOOPBACK_CIDR_IPv4 = "127.0.0.0/8"; -const LOOPBACK_CIDR_IPv6 = "::1/128"; -const ECS_CONTAINER_HOST = "169.254.170.2"; -const EKS_CONTAINER_HOST_IPv4 = "169.254.170.23"; -const EKS_CONTAINER_HOST_IPv6 = "[fd00:ec2::23]"; -const checkUrl = (url, logger) => { - if (url.protocol === "https:") { - return; - } - if (url.hostname === ECS_CONTAINER_HOST || - url.hostname === EKS_CONTAINER_HOST_IPv4 || - url.hostname === EKS_CONTAINER_HOST_IPv6) { - return; - } - if (url.hostname.includes("[")) { - if (url.hostname === "[::1]" || url.hostname === "[0000:0000:0000:0000:0000:0000:0000:0001]") { - return; - } - } - else { - if (url.hostname === "localhost") { - return; - } - const ipComponents = url.hostname.split("."); - const inRange = (component) => { - const num = parseInt(component, 10); - return 0 <= num && num <= 255; - }; - if (ipComponents[0] === "127" && - inRange(ipComponents[1]) && - inRange(ipComponents[2]) && - inRange(ipComponents[3]) && - ipComponents.length === 4) { - return; - } - } - throw new property_provider_1.CredentialsProviderError(`URL not accepted. It must either be HTTPS or match one of the following: - - loopback CIDR 127.0.0.0/8 or [::1/128] - - ECS container host 169.254.170.2 - - EKS container host 169.254.170.23 or [fd00:ec2::23]`, { logger }); -}; -exports.checkUrl = checkUrl; - - -/***/ }), - -/***/ 9546: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.fromHttp = void 0; -const tslib_1 = __nccwpck_require__(4351); -const client_1 = __nccwpck_require__(6510); -const node_http_handler_1 = __nccwpck_require__(258); -const property_provider_1 = __nccwpck_require__(9721); -const promises_1 = tslib_1.__importDefault(__nccwpck_require__(3292)); -const checkUrl_1 = __nccwpck_require__(7519); -const requestHelpers_1 = __nccwpck_require__(2707); -const retry_wrapper_1 = __nccwpck_require__(9138); -const AWS_CONTAINER_CREDENTIALS_RELATIVE_URI = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"; -const DEFAULT_LINK_LOCAL_HOST = "http://169.254.170.2"; -const AWS_CONTAINER_CREDENTIALS_FULL_URI = "AWS_CONTAINER_CREDENTIALS_FULL_URI"; -const AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE = "AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE"; -const AWS_CONTAINER_AUTHORIZATION_TOKEN = "AWS_CONTAINER_AUTHORIZATION_TOKEN"; -const fromHttp = (options = {}) => { - options.logger?.debug("@aws-sdk/credential-provider-http - fromHttp"); - let host; - const relative = options.awsContainerCredentialsRelativeUri ?? process.env[AWS_CONTAINER_CREDENTIALS_RELATIVE_URI]; - const full = options.awsContainerCredentialsFullUri ?? process.env[AWS_CONTAINER_CREDENTIALS_FULL_URI]; - const token = options.awsContainerAuthorizationToken ?? process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN]; - const tokenFile = options.awsContainerAuthorizationTokenFile ?? process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE]; - const warn = options.logger?.constructor?.name === "NoOpLogger" || !options.logger ? console.warn : options.logger.warn; - if (relative && full) { - warn("@aws-sdk/credential-provider-http: " + - "you have set both awsContainerCredentialsRelativeUri and awsContainerCredentialsFullUri."); - warn("awsContainerCredentialsFullUri will take precedence."); - } - if (token && tokenFile) { - warn("@aws-sdk/credential-provider-http: " + - "you have set both awsContainerAuthorizationToken and awsContainerAuthorizationTokenFile."); - warn("awsContainerAuthorizationToken will take precedence."); - } - if (full) { - host = full; - } - else if (relative) { - host = `${DEFAULT_LINK_LOCAL_HOST}${relative}`; - } - else { - throw new property_provider_1.CredentialsProviderError(`No HTTP credential provider host provided. -Set AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI.`, { logger: options.logger }); - } - const url = new URL(host); - (0, checkUrl_1.checkUrl)(url, options.logger); - const requestHandler = new node_http_handler_1.NodeHttpHandler({ - requestTimeout: options.timeout ?? 1000, - connectionTimeout: options.timeout ?? 1000, - }); - return (0, retry_wrapper_1.retryWrapper)(async () => { - const request = (0, requestHelpers_1.createGetRequest)(url); - if (token) { - request.headers.Authorization = token; - } - else if (tokenFile) { - request.headers.Authorization = (await promises_1.default.readFile(tokenFile)).toString(); - } - try { - const result = await requestHandler.handle(request); - return (0, requestHelpers_1.getCredentials)(result.response).then((creds) => (0, client_1.setCredentialFeature)(creds, "CREDENTIALS_HTTP", "z")); - } - catch (e) { - throw new property_provider_1.CredentialsProviderError(String(e), { logger: options.logger }); - } - }, options.maxRetries ?? 3, options.timeout ?? 1000); -}; -exports.fromHttp = fromHttp; - - -/***/ }), - -/***/ 2707: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.createGetRequest = createGetRequest; -exports.getCredentials = getCredentials; -const property_provider_1 = __nccwpck_require__(9721); -const protocol_http_1 = __nccwpck_require__(4418); -const smithy_client_1 = __nccwpck_require__(3570); -const util_stream_1 = __nccwpck_require__(6607); -function createGetRequest(url) { - return new protocol_http_1.HttpRequest({ - protocol: url.protocol, - hostname: url.hostname, - port: Number(url.port), - path: url.pathname, - query: Array.from(url.searchParams.entries()).reduce((acc, [k, v]) => { - acc[k] = v; - return acc; - }, {}), - fragment: url.hash, - }); -} -async function getCredentials(response, logger) { - const stream = (0, util_stream_1.sdkStreamMixin)(response.body); - const str = await stream.transformToString(); - if (response.statusCode === 200) { - const parsed = JSON.parse(str); - if (typeof parsed.AccessKeyId !== "string" || - typeof parsed.SecretAccessKey !== "string" || - typeof parsed.Token !== "string" || - typeof parsed.Expiration !== "string") { - throw new property_provider_1.CredentialsProviderError("HTTP credential provider response not of the required format, an object matching: " + - "{ AccessKeyId: string, SecretAccessKey: string, Token: string, Expiration: string(rfc3339) }", { logger }); - } - return { - accessKeyId: parsed.AccessKeyId, - secretAccessKey: parsed.SecretAccessKey, - sessionToken: parsed.Token, - expiration: (0, smithy_client_1.parseRfc3339DateTime)(parsed.Expiration), - }; - } - if (response.statusCode >= 400 && response.statusCode < 500) { - let parsedBody = {}; - try { - parsedBody = JSON.parse(str); - } - catch (e) { } - throw Object.assign(new property_provider_1.CredentialsProviderError(`Server responded with status: ${response.statusCode}`, { logger }), { - Code: parsedBody.Code, - Message: parsedBody.Message, - }); - } - throw new property_provider_1.CredentialsProviderError(`Server responded with status: ${response.statusCode}`, { logger }); -} - - -/***/ }), - -/***/ 9138: -/***/ ((__unused_webpack_module, exports) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.retryWrapper = void 0; -const retryWrapper = (toRetry, maxRetries, delayMs) => { - return async () => { - for (let i = 0; i < maxRetries; ++i) { - try { - return await toRetry(); - } - catch (e) { - await new Promise((resolve) => setTimeout(resolve, delayMs)); - } - } - return await toRetry(); - }; -}; -exports.retryWrapper = retryWrapper; - - -/***/ }), - -/***/ 5554: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.fromHttp = void 0; -var fromHttp_1 = __nccwpck_require__(9546); -Object.defineProperty(exports, "fromHttp", ({ enumerable: true, get: function () { return fromHttp_1.fromHttp; } })); - - -/***/ }), - -/***/ 5736: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; - -var __create = Object.create; -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __getProtoOf = Object.getPrototypeOf; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps( - // If the importer is in node compatibility mode or this is not an ESM - // file that has been converted to a CommonJS file using a Babel- - // compatible transform (i.e. "__esModule" has not been set), then set - // "default" to the CommonJS "module.exports" for node compatibility. - isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target, - mod -)); -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - fromIni: () => fromIni -}); -module.exports = __toCommonJS(index_exports); - -// src/fromIni.ts - - -// src/resolveProfileData.ts - - -// src/resolveAssumeRoleCredentials.ts - - -var import_shared_ini_file_loader = __nccwpck_require__(3507); - -// src/resolveCredentialSource.ts -var import_client = __nccwpck_require__(6510); -var import_property_provider = __nccwpck_require__(9721); -var resolveCredentialSource = /* @__PURE__ */ __name((credentialSource, profileName, logger) => { - const sourceProvidersMap = { - EcsContainer: /* @__PURE__ */ __name(async (options) => { - const { fromHttp } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(5554))); - const { fromContainerMetadata } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(7477))); - logger?.debug("@aws-sdk/credential-provider-ini - credential_source is EcsContainer"); - return async () => (0, import_property_provider.chain)(fromHttp(options ?? {}), fromContainerMetadata(options))().then(setNamedProvider); - }, "EcsContainer"), - Ec2InstanceMetadata: /* @__PURE__ */ __name(async (options) => { - logger?.debug("@aws-sdk/credential-provider-ini - credential_source is Ec2InstanceMetadata"); - const { fromInstanceMetadata } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(7477))); - return async () => fromInstanceMetadata(options)().then(setNamedProvider); - }, "Ec2InstanceMetadata"), - Environment: /* @__PURE__ */ __name(async (options) => { - logger?.debug("@aws-sdk/credential-provider-ini - credential_source is Environment"); - const { fromEnv } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(4407))); - return async () => fromEnv(options)().then(setNamedProvider); - }, "Environment") - }; - if (credentialSource in sourceProvidersMap) { - return sourceProvidersMap[credentialSource]; - } else { - throw new import_property_provider.CredentialsProviderError( - `Unsupported credential source in profile ${profileName}. Got ${credentialSource}, expected EcsContainer or Ec2InstanceMetadata or Environment.`, - { logger } - ); - } -}, "resolveCredentialSource"); -var setNamedProvider = /* @__PURE__ */ __name((creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_NAMED_PROVIDER", "p"), "setNamedProvider"); - -// src/resolveAssumeRoleCredentials.ts -var isAssumeRoleProfile = /* @__PURE__ */ __name((arg, { profile = "default", logger } = {}) => { - return Boolean(arg) && typeof arg === "object" && typeof arg.role_arn === "string" && ["undefined", "string"].indexOf(typeof arg.role_session_name) > -1 && ["undefined", "string"].indexOf(typeof arg.external_id) > -1 && ["undefined", "string"].indexOf(typeof arg.mfa_serial) > -1 && (isAssumeRoleWithSourceProfile(arg, { profile, logger }) || isCredentialSourceProfile(arg, { profile, logger })); -}, "isAssumeRoleProfile"); -var isAssumeRoleWithSourceProfile = /* @__PURE__ */ __name((arg, { profile, logger }) => { - const withSourceProfile = typeof arg.source_profile === "string" && typeof arg.credential_source === "undefined"; - if (withSourceProfile) { - logger?.debug?.(` ${profile} isAssumeRoleWithSourceProfile source_profile=${arg.source_profile}`); - } - return withSourceProfile; -}, "isAssumeRoleWithSourceProfile"); -var isCredentialSourceProfile = /* @__PURE__ */ __name((arg, { profile, logger }) => { - const withProviderProfile = typeof arg.credential_source === "string" && typeof arg.source_profile === "undefined"; - if (withProviderProfile) { - logger?.debug?.(` ${profile} isCredentialSourceProfile credential_source=${arg.credential_source}`); - } - return withProviderProfile; -}, "isCredentialSourceProfile"); -var resolveAssumeRoleCredentials = /* @__PURE__ */ __name(async (profileName, profiles, options, visitedProfiles = {}) => { - options.logger?.debug("@aws-sdk/credential-provider-ini - resolveAssumeRoleCredentials (STS)"); - const profileData = profiles[profileName]; - const { source_profile, region } = profileData; - if (!options.roleAssumer) { - const { getDefaultRoleAssumer } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(3764))); - options.roleAssumer = getDefaultRoleAssumer( - { - ...options.clientConfig, - credentialProviderLogger: options.logger, - parentClientConfig: { - ...options?.parentClientConfig, - region: region ?? options?.parentClientConfig?.region - } - }, - options.clientPlugins - ); - } - if (source_profile && source_profile in visitedProfiles) { - throw new import_property_provider.CredentialsProviderError( - `Detected a cycle attempting to resolve credentials for profile ${(0, import_shared_ini_file_loader.getProfileName)(options)}. Profiles visited: ` + Object.keys(visitedProfiles).join(", "), - { logger: options.logger } - ); - } - options.logger?.debug( - `@aws-sdk/credential-provider-ini - finding credential resolver using ${source_profile ? `source_profile=[${source_profile}]` : `profile=[${profileName}]`}` - ); - const sourceCredsProvider = source_profile ? resolveProfileData( - source_profile, - profiles, - options, - { - ...visitedProfiles, - [source_profile]: true - }, - isCredentialSourceWithoutRoleArn(profiles[source_profile] ?? {}) - ) : (await resolveCredentialSource(profileData.credential_source, profileName, options.logger)(options))(); - if (isCredentialSourceWithoutRoleArn(profileData)) { - return sourceCredsProvider.then((creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_SOURCE_PROFILE", "o")); - } else { - const params = { - RoleArn: profileData.role_arn, - RoleSessionName: profileData.role_session_name || `aws-sdk-js-${Date.now()}`, - ExternalId: profileData.external_id, - DurationSeconds: parseInt(profileData.duration_seconds || "3600", 10) - }; - const { mfa_serial } = profileData; - if (mfa_serial) { - if (!options.mfaCodeProvider) { - throw new import_property_provider.CredentialsProviderError( - `Profile ${profileName} requires multi-factor authentication, but no MFA code callback was provided.`, - { logger: options.logger, tryNextLink: false } - ); - } - params.SerialNumber = mfa_serial; - params.TokenCode = await options.mfaCodeProvider(mfa_serial); - } - const sourceCreds = await sourceCredsProvider; - return options.roleAssumer(sourceCreds, params).then( - (creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_SOURCE_PROFILE", "o") - ); - } -}, "resolveAssumeRoleCredentials"); -var isCredentialSourceWithoutRoleArn = /* @__PURE__ */ __name((section) => { - return !section.role_arn && !!section.credential_source; -}, "isCredentialSourceWithoutRoleArn"); - -// src/resolveProcessCredentials.ts - -var isProcessProfile = /* @__PURE__ */ __name((arg) => Boolean(arg) && typeof arg === "object" && typeof arg.credential_process === "string", "isProcessProfile"); -var resolveProcessCredentials = /* @__PURE__ */ __name(async (options, profile) => Promise.resolve().then(() => __toESM(__nccwpck_require__(8638))).then( - ({ fromProcess }) => fromProcess({ - ...options, - profile - })().then((creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_PROCESS", "v")) -), "resolveProcessCredentials"); - -// src/resolveSsoCredentials.ts - -var resolveSsoCredentials = /* @__PURE__ */ __name(async (profile, profileData, options = {}) => { - const { fromSSO } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(5284))); - return fromSSO({ - profile, - logger: options.logger, - parentClientConfig: options.parentClientConfig, - clientConfig: options.clientConfig - })().then((creds) => { - if (profileData.sso_session) { - return (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_SSO", "r"); - } else { - return (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_SSO_LEGACY", "t"); - } - }); -}, "resolveSsoCredentials"); -var isSsoProfile = /* @__PURE__ */ __name((arg) => arg && (typeof arg.sso_start_url === "string" || typeof arg.sso_account_id === "string" || typeof arg.sso_session === "string" || typeof arg.sso_region === "string" || typeof arg.sso_role_name === "string"), "isSsoProfile"); - -// src/resolveStaticCredentials.ts - -var isStaticCredsProfile = /* @__PURE__ */ __name((arg) => Boolean(arg) && typeof arg === "object" && typeof arg.aws_access_key_id === "string" && typeof arg.aws_secret_access_key === "string" && ["undefined", "string"].indexOf(typeof arg.aws_session_token) > -1 && ["undefined", "string"].indexOf(typeof arg.aws_account_id) > -1, "isStaticCredsProfile"); -var resolveStaticCredentials = /* @__PURE__ */ __name(async (profile, options) => { - options?.logger?.debug("@aws-sdk/credential-provider-ini - resolveStaticCredentials"); - const credentials = { - accessKeyId: profile.aws_access_key_id, - secretAccessKey: profile.aws_secret_access_key, - sessionToken: profile.aws_session_token, - ...profile.aws_credential_scope && { credentialScope: profile.aws_credential_scope }, - ...profile.aws_account_id && { accountId: profile.aws_account_id } - }; - return (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_PROFILE", "n"); -}, "resolveStaticCredentials"); - -// src/resolveWebIdentityCredentials.ts - -var isWebIdentityProfile = /* @__PURE__ */ __name((arg) => Boolean(arg) && typeof arg === "object" && typeof arg.web_identity_token_file === "string" && typeof arg.role_arn === "string" && ["undefined", "string"].indexOf(typeof arg.role_session_name) > -1, "isWebIdentityProfile"); -var resolveWebIdentityCredentials = /* @__PURE__ */ __name(async (profile, options) => Promise.resolve().then(() => __toESM(__nccwpck_require__(5603))).then( - ({ fromTokenFile }) => fromTokenFile({ - webIdentityTokenFile: profile.web_identity_token_file, - roleArn: profile.role_arn, - roleSessionName: profile.role_session_name, - roleAssumerWithWebIdentity: options.roleAssumerWithWebIdentity, - logger: options.logger, - parentClientConfig: options.parentClientConfig - })().then((creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_STS_WEB_ID_TOKEN", "q")) -), "resolveWebIdentityCredentials"); - -// src/resolveProfileData.ts -var resolveProfileData = /* @__PURE__ */ __name(async (profileName, profiles, options, visitedProfiles = {}, isAssumeRoleRecursiveCall = false) => { - const data = profiles[profileName]; - if (Object.keys(visitedProfiles).length > 0 && isStaticCredsProfile(data)) { - return resolveStaticCredentials(data, options); - } - if (isAssumeRoleRecursiveCall || isAssumeRoleProfile(data, { profile: profileName, logger: options.logger })) { - return resolveAssumeRoleCredentials(profileName, profiles, options, visitedProfiles); - } - if (isStaticCredsProfile(data)) { - return resolveStaticCredentials(data, options); - } - if (isWebIdentityProfile(data)) { - return resolveWebIdentityCredentials(data, options); - } - if (isProcessProfile(data)) { - return resolveProcessCredentials(options, profileName); - } - if (isSsoProfile(data)) { - return await resolveSsoCredentials(profileName, data, options); - } - throw new import_property_provider.CredentialsProviderError( - `Could not resolve credentials using profile: [${profileName}] in configuration/credentials file(s).`, - { logger: options.logger } - ); -}, "resolveProfileData"); - -// src/fromIni.ts -var fromIni = /* @__PURE__ */ __name((_init = {}) => async ({ callerClientConfig } = {}) => { - const init = { - ..._init, - parentClientConfig: { - ...callerClientConfig, - ..._init.parentClientConfig - } - }; - init.logger?.debug("@aws-sdk/credential-provider-ini - fromIni"); - const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init); - return resolveProfileData( - (0, import_shared_ini_file_loader.getProfileName)({ - profile: _init.profile ?? callerClientConfig?.profile - }), - profiles, - init - ); -}, "fromIni"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 3196: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; - -var __create = Object.create; -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __getProtoOf = Object.getPrototypeOf; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps( - // If the importer is in node compatibility mode or this is not an ESM - // file that has been converted to a CommonJS file using a Babel- - // compatible transform (i.e. "__esModule" has not been set), then set - // "default" to the CommonJS "module.exports" for node compatibility. - isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target, - mod -)); -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - credentialsTreatedAsExpired: () => credentialsTreatedAsExpired, - credentialsWillNeedRefresh: () => credentialsWillNeedRefresh, - defaultProvider: () => defaultProvider -}); -module.exports = __toCommonJS(index_exports); - -// src/defaultProvider.ts -var import_credential_provider_env = __nccwpck_require__(4407); - -var import_shared_ini_file_loader = __nccwpck_require__(3507); - -// src/remoteProvider.ts -var import_property_provider = __nccwpck_require__(9721); -var ENV_IMDS_DISABLED = "AWS_EC2_METADATA_DISABLED"; -var remoteProvider = /* @__PURE__ */ __name(async (init) => { - const { ENV_CMDS_FULL_URI, ENV_CMDS_RELATIVE_URI, fromContainerMetadata, fromInstanceMetadata } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(7477))); - if (process.env[ENV_CMDS_RELATIVE_URI] || process.env[ENV_CMDS_FULL_URI]) { - init.logger?.debug("@aws-sdk/credential-provider-node - remoteProvider::fromHttp/fromContainerMetadata"); - const { fromHttp } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(5554))); - return (0, import_property_provider.chain)(fromHttp(init), fromContainerMetadata(init)); - } - if (process.env[ENV_IMDS_DISABLED] && process.env[ENV_IMDS_DISABLED] !== "false") { - return async () => { - throw new import_property_provider.CredentialsProviderError("EC2 Instance Metadata Service access disabled", { logger: init.logger }); - }; - } - init.logger?.debug("@aws-sdk/credential-provider-node - remoteProvider::fromInstanceMetadata"); - return fromInstanceMetadata(init); -}, "remoteProvider"); - -// src/defaultProvider.ts -var multipleCredentialSourceWarningEmitted = false; -var defaultProvider = /* @__PURE__ */ __name((init = {}) => (0, import_property_provider.memoize)( - (0, import_property_provider.chain)( - async () => { - const profile = init.profile ?? process.env[import_shared_ini_file_loader.ENV_PROFILE]; - if (profile) { - const envStaticCredentialsAreSet = process.env[import_credential_provider_env.ENV_KEY] && process.env[import_credential_provider_env.ENV_SECRET]; - if (envStaticCredentialsAreSet) { - if (!multipleCredentialSourceWarningEmitted) { - const warnFn = init.logger?.warn && init.logger?.constructor?.name !== "NoOpLogger" ? init.logger.warn : console.warn; - warnFn( - `@aws-sdk/credential-provider-node - defaultProvider::fromEnv WARNING: - Multiple credential sources detected: - Both AWS_PROFILE and the pair AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY static credentials are set. - This SDK will proceed with the AWS_PROFILE value. - - However, a future version may change this behavior to prefer the ENV static credentials. - Please ensure that your environment only sets either the AWS_PROFILE or the - AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY pair. -` - ); - multipleCredentialSourceWarningEmitted = true; - } - } - throw new import_property_provider.CredentialsProviderError("AWS_PROFILE is set, skipping fromEnv provider.", { - logger: init.logger, - tryNextLink: true - }); - } - init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromEnv"); - return (0, import_credential_provider_env.fromEnv)(init)(); - }, - async () => { - init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromSSO"); - const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoSession } = init; - if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName && !ssoSession) { - throw new import_property_provider.CredentialsProviderError( - "Skipping SSO provider in default chain (inputs do not include SSO fields).", - { logger: init.logger } - ); - } - const { fromSSO } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(5284))); - return fromSSO(init)(); - }, - async () => { - init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromIni"); - const { fromIni } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(5736))); - return fromIni(init)(); - }, - async () => { - init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromProcess"); - const { fromProcess } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(8638))); - return fromProcess(init)(); - }, - async () => { - init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromTokenFile"); - const { fromTokenFile } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(5603))); - return fromTokenFile(init)(); - }, - async () => { - init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::remoteProvider"); - return (await remoteProvider(init))(); - }, - async () => { - throw new import_property_provider.CredentialsProviderError("Could not load credentials from any providers", { - tryNextLink: false, - logger: init.logger - }); - } - ), - credentialsTreatedAsExpired, - credentialsWillNeedRefresh -), "defaultProvider"); -var credentialsWillNeedRefresh = /* @__PURE__ */ __name((credentials) => credentials?.expiration !== void 0, "credentialsWillNeedRefresh"); -var credentialsTreatedAsExpired = /* @__PURE__ */ __name((credentials) => credentials?.expiration !== void 0 && credentials.expiration.getTime() - Date.now() < 3e5, "credentialsTreatedAsExpired"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 8638: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - fromProcess: () => fromProcess -}); -module.exports = __toCommonJS(index_exports); - -// src/fromProcess.ts -var import_shared_ini_file_loader = __nccwpck_require__(3507); - -// src/resolveProcessCredentials.ts -var import_property_provider = __nccwpck_require__(9721); -var import_child_process = __nccwpck_require__(2081); -var import_util = __nccwpck_require__(3837); - -// src/getValidatedProcessCredentials.ts -var import_client = __nccwpck_require__(6510); -var getValidatedProcessCredentials = /* @__PURE__ */ __name((profileName, data, profiles) => { - if (data.Version !== 1) { - throw Error(`Profile ${profileName} credential_process did not return Version 1.`); - } - if (data.AccessKeyId === void 0 || data.SecretAccessKey === void 0) { - throw Error(`Profile ${profileName} credential_process returned invalid credentials.`); - } - if (data.Expiration) { - const currentTime = /* @__PURE__ */ new Date(); - const expireTime = new Date(data.Expiration); - if (expireTime < currentTime) { - throw Error(`Profile ${profileName} credential_process returned expired credentials.`); - } - } - let accountId = data.AccountId; - if (!accountId && profiles?.[profileName]?.aws_account_id) { - accountId = profiles[profileName].aws_account_id; - } - const credentials = { - accessKeyId: data.AccessKeyId, - secretAccessKey: data.SecretAccessKey, - ...data.SessionToken && { sessionToken: data.SessionToken }, - ...data.Expiration && { expiration: new Date(data.Expiration) }, - ...data.CredentialScope && { credentialScope: data.CredentialScope }, - ...accountId && { accountId } - }; - (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_PROCESS", "w"); - return credentials; -}, "getValidatedProcessCredentials"); - -// src/resolveProcessCredentials.ts -var resolveProcessCredentials = /* @__PURE__ */ __name(async (profileName, profiles, logger) => { - const profile = profiles[profileName]; - if (profiles[profileName]) { - const credentialProcess = profile["credential_process"]; - if (credentialProcess !== void 0) { - const execPromise = (0, import_util.promisify)(import_child_process.exec); - try { - const { stdout } = await execPromise(credentialProcess); - let data; - try { - data = JSON.parse(stdout.trim()); - } catch { - throw Error(`Profile ${profileName} credential_process returned invalid JSON.`); - } - return getValidatedProcessCredentials(profileName, data, profiles); - } catch (error) { - throw new import_property_provider.CredentialsProviderError(error.message, { logger }); - } - } else { - throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} did not contain credential_process.`, { logger }); - } - } else { - throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} could not be found in shared credentials file.`, { - logger - }); - } -}, "resolveProcessCredentials"); - -// src/fromProcess.ts -var fromProcess = /* @__PURE__ */ __name((init = {}) => async ({ callerClientConfig } = {}) => { - init.logger?.debug("@aws-sdk/credential-provider-process - fromProcess"); - const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init); - return resolveProcessCredentials( - (0, import_shared_ini_file_loader.getProfileName)({ - profile: init.profile ?? callerClientConfig?.profile - }), - profiles, - init.logger - ); -}, "fromProcess"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 5284: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __esm = (fn, res) => function __init() { - return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res; -}; -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/loadSso.ts -var loadSso_exports = {}; -__export(loadSso_exports, { - GetRoleCredentialsCommand: () => import_client_sso.GetRoleCredentialsCommand, - SSOClient: () => import_client_sso.SSOClient -}); -var import_client_sso; -var init_loadSso = __esm({ - "src/loadSso.ts"() { - "use strict"; - import_client_sso = __nccwpck_require__(1687); - } -}); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - fromSSO: () => fromSSO, - isSsoProfile: () => isSsoProfile, - validateSsoProfile: () => validateSsoProfile -}); -module.exports = __toCommonJS(index_exports); - -// src/fromSSO.ts - - - -// src/isSsoProfile.ts -var isSsoProfile = /* @__PURE__ */ __name((arg) => arg && (typeof arg.sso_start_url === "string" || typeof arg.sso_account_id === "string" || typeof arg.sso_session === "string" || typeof arg.sso_region === "string" || typeof arg.sso_role_name === "string"), "isSsoProfile"); - -// src/resolveSSOCredentials.ts -var import_client = __nccwpck_require__(6510); -var import_token_providers = __nccwpck_require__(7182); -var import_property_provider = __nccwpck_require__(9721); -var import_shared_ini_file_loader = __nccwpck_require__(3507); -var SHOULD_FAIL_CREDENTIAL_CHAIN = false; -var resolveSSOCredentials = /* @__PURE__ */ __name(async ({ - ssoStartUrl, - ssoSession, - ssoAccountId, - ssoRegion, - ssoRoleName, - ssoClient, - clientConfig, - parentClientConfig, - profile, - logger -}) => { - let token; - const refreshMessage = `To refresh this SSO session run aws sso login with the corresponding profile.`; - if (ssoSession) { - try { - const _token = await (0, import_token_providers.fromSso)({ profile })(); - token = { - accessToken: _token.token, - expiresAt: new Date(_token.expiration).toISOString() - }; - } catch (e) { - throw new import_property_provider.CredentialsProviderError(e.message, { - tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, - logger - }); - } - } else { - try { - token = await (0, import_shared_ini_file_loader.getSSOTokenFromFile)(ssoStartUrl); - } catch (e) { - throw new import_property_provider.CredentialsProviderError(`The SSO session associated with this profile is invalid. ${refreshMessage}`, { - tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, - logger - }); - } - } - if (new Date(token.expiresAt).getTime() - Date.now() <= 0) { - throw new import_property_provider.CredentialsProviderError(`The SSO session associated with this profile has expired. ${refreshMessage}`, { - tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, - logger - }); - } - const { accessToken } = token; - const { SSOClient: SSOClient2, GetRoleCredentialsCommand: GetRoleCredentialsCommand2 } = await Promise.resolve().then(() => (init_loadSso(), loadSso_exports)); - const sso = ssoClient || new SSOClient2( - Object.assign({}, clientConfig ?? {}, { - logger: clientConfig?.logger ?? parentClientConfig?.logger, - region: clientConfig?.region ?? ssoRegion - }) - ); - let ssoResp; - try { - ssoResp = await sso.send( - new GetRoleCredentialsCommand2({ - accountId: ssoAccountId, - roleName: ssoRoleName, - accessToken - }) - ); - } catch (e) { - throw new import_property_provider.CredentialsProviderError(e, { - tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, - logger - }); - } - const { - roleCredentials: { accessKeyId, secretAccessKey, sessionToken, expiration, credentialScope, accountId } = {} - } = ssoResp; - if (!accessKeyId || !secretAccessKey || !sessionToken || !expiration) { - throw new import_property_provider.CredentialsProviderError("SSO returns an invalid temporary credential.", { - tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, - logger - }); - } - const credentials = { - accessKeyId, - secretAccessKey, - sessionToken, - expiration: new Date(expiration), - ...credentialScope && { credentialScope }, - ...accountId && { accountId } - }; - if (ssoSession) { - (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_SSO", "s"); - } else { - (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_SSO_LEGACY", "u"); - } - return credentials; -}, "resolveSSOCredentials"); - -// src/validateSsoProfile.ts - -var validateSsoProfile = /* @__PURE__ */ __name((profile, logger) => { - const { sso_start_url, sso_account_id, sso_region, sso_role_name } = profile; - if (!sso_start_url || !sso_account_id || !sso_region || !sso_role_name) { - throw new import_property_provider.CredentialsProviderError( - `Profile is configured with invalid SSO credentials. Required parameters "sso_account_id", "sso_region", "sso_role_name", "sso_start_url". Got ${Object.keys(profile).join( - ", " - )} -Reference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`, - { tryNextLink: false, logger } - ); - } - return profile; -}, "validateSsoProfile"); - -// src/fromSSO.ts -var fromSSO = /* @__PURE__ */ __name((init = {}) => async ({ callerClientConfig } = {}) => { - init.logger?.debug("@aws-sdk/credential-provider-sso - fromSSO"); - const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoSession } = init; - const { ssoClient } = init; - const profileName = (0, import_shared_ini_file_loader.getProfileName)({ - profile: init.profile ?? callerClientConfig?.profile - }); - if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName && !ssoSession) { - const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init); - const profile = profiles[profileName]; - if (!profile) { - throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} was not found.`, { logger: init.logger }); - } - if (!isSsoProfile(profile)) { - throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} is not configured with SSO credentials.`, { - logger: init.logger - }); - } - if (profile?.sso_session) { - const ssoSessions = await (0, import_shared_ini_file_loader.loadSsoSessionData)(init); - const session = ssoSessions[profile.sso_session]; - const conflictMsg = ` configurations in profile ${profileName} and sso-session ${profile.sso_session}`; - if (ssoRegion && ssoRegion !== session.sso_region) { - throw new import_property_provider.CredentialsProviderError(`Conflicting SSO region` + conflictMsg, { - tryNextLink: false, - logger: init.logger - }); - } - if (ssoStartUrl && ssoStartUrl !== session.sso_start_url) { - throw new import_property_provider.CredentialsProviderError(`Conflicting SSO start_url` + conflictMsg, { - tryNextLink: false, - logger: init.logger - }); - } - profile.sso_region = session.sso_region; - profile.sso_start_url = session.sso_start_url; - } - const { sso_start_url, sso_account_id, sso_region, sso_role_name, sso_session } = validateSsoProfile( - profile, - init.logger - ); - return resolveSSOCredentials({ - ssoStartUrl: sso_start_url, - ssoSession: sso_session, - ssoAccountId: sso_account_id, - ssoRegion: sso_region, - ssoRoleName: sso_role_name, - ssoClient, - clientConfig: init.clientConfig, - parentClientConfig: init.parentClientConfig, - profile: profileName - }); - } else if (!ssoStartUrl || !ssoAccountId || !ssoRegion || !ssoRoleName) { - throw new import_property_provider.CredentialsProviderError( - 'Incomplete configuration. The fromSSO() argument hash must include "ssoStartUrl", "ssoAccountId", "ssoRegion", "ssoRoleName"', - { tryNextLink: false, logger: init.logger } - ); - } else { - return resolveSSOCredentials({ - ssoStartUrl, - ssoSession, - ssoAccountId, - ssoRegion, - ssoRoleName, - ssoClient, - clientConfig: init.clientConfig, - parentClientConfig: init.parentClientConfig, - profile: profileName - }); - } -}, "fromSSO"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 279: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.fromTokenFile = void 0; -const client_1 = __nccwpck_require__(6510); -const property_provider_1 = __nccwpck_require__(9721); -const fs_1 = __nccwpck_require__(7147); -const fromWebToken_1 = __nccwpck_require__(9527); -const ENV_TOKEN_FILE = "AWS_WEB_IDENTITY_TOKEN_FILE"; -const ENV_ROLE_ARN = "AWS_ROLE_ARN"; -const ENV_ROLE_SESSION_NAME = "AWS_ROLE_SESSION_NAME"; -const fromTokenFile = (init = {}) => async () => { - init.logger?.debug("@aws-sdk/credential-provider-web-identity - fromTokenFile"); - const webIdentityTokenFile = init?.webIdentityTokenFile ?? process.env[ENV_TOKEN_FILE]; - const roleArn = init?.roleArn ?? process.env[ENV_ROLE_ARN]; - const roleSessionName = init?.roleSessionName ?? process.env[ENV_ROLE_SESSION_NAME]; - if (!webIdentityTokenFile || !roleArn) { - throw new property_provider_1.CredentialsProviderError("Web identity configuration not specified", { - logger: init.logger, - }); - } - const credentials = await (0, fromWebToken_1.fromWebToken)({ - ...init, - webIdentityToken: (0, fs_1.readFileSync)(webIdentityTokenFile, { encoding: "ascii" }), - roleArn, - roleSessionName, - })(); - if (webIdentityTokenFile === process.env[ENV_TOKEN_FILE]) { - (0, client_1.setCredentialFeature)(credentials, "CREDENTIALS_ENV_VARS_STS_WEB_ID_TOKEN", "h"); - } - return credentials; -}; -exports.fromTokenFile = fromTokenFile; - - -/***/ }), - -/***/ 9527: -/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { - -"use strict"; - -var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { - if (k2 === undefined) k2 = k; - var desc = Object.getOwnPropertyDescriptor(m, k); - if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { - desc = { enumerable: true, get: function() { return m[k]; } }; - } - Object.defineProperty(o, k2, desc); -}) : (function(o, m, k, k2) { - if (k2 === undefined) k2 = k; - o[k2] = m[k]; -})); -var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { - Object.defineProperty(o, "default", { enumerable: true, value: v }); -}) : function(o, v) { - o["default"] = v; -}); -var __importStar = (this && this.__importStar) || (function () { - var ownKeys = function(o) { - ownKeys = Object.getOwnPropertyNames || function (o) { - var ar = []; - for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k; - return ar; - }; - return ownKeys(o); - }; - return function (mod) { - if (mod && mod.__esModule) return mod; - var result = {}; - if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]); - __setModuleDefault(result, mod); - return result; - }; -})(); -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.fromWebToken = void 0; -const fromWebToken = (init) => async (awsIdentityProperties) => { - init.logger?.debug("@aws-sdk/credential-provider-web-identity - fromWebToken"); - const { roleArn, roleSessionName, webIdentityToken, providerId, policyArns, policy, durationSeconds } = init; - let { roleAssumerWithWebIdentity } = init; - if (!roleAssumerWithWebIdentity) { - const { getDefaultRoleAssumerWithWebIdentity } = await Promise.resolve().then(() => __importStar(__nccwpck_require__(3764))); - roleAssumerWithWebIdentity = getDefaultRoleAssumerWithWebIdentity({ - ...init.clientConfig, - credentialProviderLogger: init.logger, - parentClientConfig: { - ...awsIdentityProperties?.callerClientConfig, - ...init.parentClientConfig, - }, - }, init.clientPlugins); - } - return roleAssumerWithWebIdentity({ - RoleArn: roleArn, - RoleSessionName: roleSessionName ?? `aws-sdk-js-session-${Date.now()}`, - WebIdentityToken: webIdentityToken, - ProviderId: providerId, - PolicyArns: policyArns, - Policy: policy, - DurationSeconds: durationSeconds, - }); -}; -exports.fromWebToken = fromWebToken; - - -/***/ }), - -/***/ 5603: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default")); -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -module.exports = __toCommonJS(index_exports); -__reExport(index_exports, __nccwpck_require__(279), module.exports); -__reExport(index_exports, __nccwpck_require__(9527), module.exports); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 9514: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - getHostHeaderPlugin: () => getHostHeaderPlugin, - hostHeaderMiddleware: () => hostHeaderMiddleware, - hostHeaderMiddlewareOptions: () => hostHeaderMiddlewareOptions, - resolveHostHeaderConfig: () => resolveHostHeaderConfig -}); -module.exports = __toCommonJS(index_exports); -var import_protocol_http = __nccwpck_require__(4418); -function resolveHostHeaderConfig(input) { - return input; -} -__name(resolveHostHeaderConfig, "resolveHostHeaderConfig"); -var hostHeaderMiddleware = /* @__PURE__ */ __name((options) => (next) => async (args) => { - if (!import_protocol_http.HttpRequest.isInstance(args.request)) return next(args); - const { request } = args; - const { handlerProtocol = "" } = options.requestHandler.metadata || {}; - if (handlerProtocol.indexOf("h2") >= 0 && !request.headers[":authority"]) { - delete request.headers["host"]; - request.headers[":authority"] = request.hostname + (request.port ? ":" + request.port : ""); - } else if (!request.headers["host"]) { - let host = request.hostname; - if (request.port != null) host += `:${request.port}`; - request.headers["host"] = host; - } - return next(args); -}, "hostHeaderMiddleware"); -var hostHeaderMiddlewareOptions = { - name: "hostHeaderMiddleware", - step: "build", - priority: "low", - tags: ["HOST"], - override: true -}; -var getHostHeaderPlugin = /* @__PURE__ */ __name((options) => ({ - applyToStack: /* @__PURE__ */ __name((clientStack) => { - clientStack.add(hostHeaderMiddleware(options), hostHeaderMiddlewareOptions); - }, "applyToStack") -}), "getHostHeaderPlugin"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 5675: -/***/ ((module) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - getLoggerPlugin: () => getLoggerPlugin, - loggerMiddleware: () => loggerMiddleware, - loggerMiddlewareOptions: () => loggerMiddlewareOptions -}); -module.exports = __toCommonJS(index_exports); - -// src/loggerMiddleware.ts -var loggerMiddleware = /* @__PURE__ */ __name(() => (next, context) => async (args) => { - try { - const response = await next(args); - const { clientName, commandName, logger, dynamoDbDocumentClientOptions = {} } = context; - const { overrideInputFilterSensitiveLog, overrideOutputFilterSensitiveLog } = dynamoDbDocumentClientOptions; - const inputFilterSensitiveLog = overrideInputFilterSensitiveLog ?? context.inputFilterSensitiveLog; - const outputFilterSensitiveLog = overrideOutputFilterSensitiveLog ?? context.outputFilterSensitiveLog; - const { $metadata, ...outputWithoutMetadata } = response.output; - logger?.info?.({ - clientName, - commandName, - input: inputFilterSensitiveLog(args.input), - output: outputFilterSensitiveLog(outputWithoutMetadata), - metadata: $metadata - }); - return response; - } catch (error) { - const { clientName, commandName, logger, dynamoDbDocumentClientOptions = {} } = context; - const { overrideInputFilterSensitiveLog } = dynamoDbDocumentClientOptions; - const inputFilterSensitiveLog = overrideInputFilterSensitiveLog ?? context.inputFilterSensitiveLog; - logger?.error?.({ - clientName, - commandName, - input: inputFilterSensitiveLog(args.input), - error, - metadata: error.$metadata - }); - throw error; - } -}, "loggerMiddleware"); -var loggerMiddlewareOptions = { - name: "loggerMiddleware", - tags: ["LOGGER"], - step: "initialize", - override: true -}; -var getLoggerPlugin = /* @__PURE__ */ __name((options) => ({ - applyToStack: /* @__PURE__ */ __name((clientStack) => { - clientStack.add(loggerMiddleware(), loggerMiddlewareOptions); - }, "applyToStack") -}), "getLoggerPlugin"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 7977: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - addRecursionDetectionMiddlewareOptions: () => addRecursionDetectionMiddlewareOptions, - getRecursionDetectionPlugin: () => getRecursionDetectionPlugin, - recursionDetectionMiddleware: () => recursionDetectionMiddleware -}); -module.exports = __toCommonJS(index_exports); -var import_protocol_http = __nccwpck_require__(4418); -var TRACE_ID_HEADER_NAME = "X-Amzn-Trace-Id"; -var ENV_LAMBDA_FUNCTION_NAME = "AWS_LAMBDA_FUNCTION_NAME"; -var ENV_TRACE_ID = "_X_AMZN_TRACE_ID"; -var recursionDetectionMiddleware = /* @__PURE__ */ __name((options) => (next) => async (args) => { - const { request } = args; - if (!import_protocol_http.HttpRequest.isInstance(request) || options.runtime !== "node") { - return next(args); - } - const traceIdHeader = Object.keys(request.headers ?? {}).find((h) => h.toLowerCase() === TRACE_ID_HEADER_NAME.toLowerCase()) ?? TRACE_ID_HEADER_NAME; - if (request.headers.hasOwnProperty(traceIdHeader)) { - return next(args); - } - const functionName = process.env[ENV_LAMBDA_FUNCTION_NAME]; - const traceId = process.env[ENV_TRACE_ID]; - const nonEmptyString = /* @__PURE__ */ __name((str) => typeof str === "string" && str.length > 0, "nonEmptyString"); - if (nonEmptyString(functionName) && nonEmptyString(traceId)) { - request.headers[TRACE_ID_HEADER_NAME] = traceId; - } - return next({ - ...args, - request - }); -}, "recursionDetectionMiddleware"); -var addRecursionDetectionMiddlewareOptions = { - step: "build", - tags: ["RECURSION_DETECTION"], - name: "recursionDetectionMiddleware", - override: true, - priority: "low" -}; -var getRecursionDetectionPlugin = /* @__PURE__ */ __name((options) => ({ - applyToStack: /* @__PURE__ */ __name((clientStack) => { - clientStack.add(recursionDetectionMiddleware(options), addRecursionDetectionMiddlewareOptions); - }, "applyToStack") -}), "getRecursionDetectionPlugin"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 6634: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - DEFAULT_UA_APP_ID: () => DEFAULT_UA_APP_ID, - getUserAgentMiddlewareOptions: () => getUserAgentMiddlewareOptions, - getUserAgentPlugin: () => getUserAgentPlugin, - resolveUserAgentConfig: () => resolveUserAgentConfig, - userAgentMiddleware: () => userAgentMiddleware -}); -module.exports = __toCommonJS(index_exports); - -// src/configurations.ts -var import_core = __nccwpck_require__(5829); -var DEFAULT_UA_APP_ID = void 0; -function isValidUserAgentAppId(appId) { - if (appId === void 0) { - return true; - } - return typeof appId === "string" && appId.length <= 50; -} -__name(isValidUserAgentAppId, "isValidUserAgentAppId"); -function resolveUserAgentConfig(input) { - const normalizedAppIdProvider = (0, import_core.normalizeProvider)(input.userAgentAppId ?? DEFAULT_UA_APP_ID); - const { customUserAgent } = input; - return Object.assign(input, { - customUserAgent: typeof customUserAgent === "string" ? [[customUserAgent]] : customUserAgent, - userAgentAppId: /* @__PURE__ */ __name(async () => { - const appId = await normalizedAppIdProvider(); - if (!isValidUserAgentAppId(appId)) { - const logger = input.logger?.constructor?.name === "NoOpLogger" || !input.logger ? console : input.logger; - if (typeof appId !== "string") { - logger?.warn("userAgentAppId must be a string or undefined."); - } else if (appId.length > 50) { - logger?.warn("The provided userAgentAppId exceeds the maximum length of 50 characters."); - } - } - return appId; - }, "userAgentAppId") - }); -} -__name(resolveUserAgentConfig, "resolveUserAgentConfig"); - -// src/user-agent-middleware.ts -var import_util_endpoints = __nccwpck_require__(4241); -var import_protocol_http = __nccwpck_require__(4418); - -// src/check-features.ts -var import_core2 = __nccwpck_require__(2143); -var ACCOUNT_ID_ENDPOINT_REGEX = /\d{12}\.ddb/; -async function checkFeatures(context, config, args) { - const request = args.request; - if (request?.headers?.["smithy-protocol"] === "rpc-v2-cbor") { - (0, import_core2.setFeature)(context, "PROTOCOL_RPC_V2_CBOR", "M"); - } - if (typeof config.retryStrategy === "function") { - const retryStrategy = await config.retryStrategy(); - if (typeof retryStrategy.acquireInitialRetryToken === "function") { - if (retryStrategy.constructor?.name?.includes("Adaptive")) { - (0, import_core2.setFeature)(context, "RETRY_MODE_ADAPTIVE", "F"); - } else { - (0, import_core2.setFeature)(context, "RETRY_MODE_STANDARD", "E"); - } - } else { - (0, import_core2.setFeature)(context, "RETRY_MODE_LEGACY", "D"); - } - } - if (typeof config.accountIdEndpointMode === "function") { - const endpointV2 = context.endpointV2; - if (String(endpointV2?.url?.hostname).match(ACCOUNT_ID_ENDPOINT_REGEX)) { - (0, import_core2.setFeature)(context, "ACCOUNT_ID_ENDPOINT", "O"); - } - switch (await config.accountIdEndpointMode?.()) { - case "disabled": - (0, import_core2.setFeature)(context, "ACCOUNT_ID_MODE_DISABLED", "Q"); - break; - case "preferred": - (0, import_core2.setFeature)(context, "ACCOUNT_ID_MODE_PREFERRED", "P"); - break; - case "required": - (0, import_core2.setFeature)(context, "ACCOUNT_ID_MODE_REQUIRED", "R"); - break; - } - } - const identity = context.__smithy_context?.selectedHttpAuthScheme?.identity; - if (identity?.$source) { - const credentials = identity; - if (credentials.accountId) { - (0, import_core2.setFeature)(context, "RESOLVED_ACCOUNT_ID", "T"); - } - for (const [key, value] of Object.entries(credentials.$source ?? {})) { - (0, import_core2.setFeature)(context, key, value); - } - } -} -__name(checkFeatures, "checkFeatures"); - -// src/constants.ts -var USER_AGENT = "user-agent"; -var X_AMZ_USER_AGENT = "x-amz-user-agent"; -var SPACE = " "; -var UA_NAME_SEPARATOR = "/"; -var UA_NAME_ESCAPE_REGEX = /[^\!\$\%\&\'\*\+\-\.\^\_\`\|\~\d\w]/g; -var UA_VALUE_ESCAPE_REGEX = /[^\!\$\%\&\'\*\+\-\.\^\_\`\|\~\d\w\#]/g; -var UA_ESCAPE_CHAR = "-"; - -// src/encode-features.ts -var BYTE_LIMIT = 1024; -function encodeFeatures(features) { - let buffer = ""; - for (const key in features) { - const val = features[key]; - if (buffer.length + val.length + 1 <= BYTE_LIMIT) { - if (buffer.length) { - buffer += "," + val; - } else { - buffer += val; - } - continue; - } - break; - } - return buffer; -} -__name(encodeFeatures, "encodeFeatures"); - -// src/user-agent-middleware.ts -var userAgentMiddleware = /* @__PURE__ */ __name((options) => (next, context) => async (args) => { - const { request } = args; - if (!import_protocol_http.HttpRequest.isInstance(request)) { - return next(args); - } - const { headers } = request; - const userAgent = context?.userAgent?.map(escapeUserAgent) || []; - const defaultUserAgent = (await options.defaultUserAgentProvider()).map(escapeUserAgent); - await checkFeatures(context, options, args); - const awsContext = context; - defaultUserAgent.push( - `m/${encodeFeatures( - Object.assign({}, context.__smithy_context?.features, awsContext.__aws_sdk_context?.features) - )}` - ); - const customUserAgent = options?.customUserAgent?.map(escapeUserAgent) || []; - const appId = await options.userAgentAppId(); - if (appId) { - defaultUserAgent.push(escapeUserAgent([`app/${appId}`])); - } - const prefix = (0, import_util_endpoints.getUserAgentPrefix)(); - const sdkUserAgentValue = (prefix ? [prefix] : []).concat([...defaultUserAgent, ...userAgent, ...customUserAgent]).join(SPACE); - const normalUAValue = [ - ...defaultUserAgent.filter((section) => section.startsWith("aws-sdk-")), - ...customUserAgent - ].join(SPACE); - if (options.runtime !== "browser") { - if (normalUAValue) { - headers[X_AMZ_USER_AGENT] = headers[X_AMZ_USER_AGENT] ? `${headers[USER_AGENT]} ${normalUAValue}` : normalUAValue; - } - headers[USER_AGENT] = sdkUserAgentValue; - } else { - headers[X_AMZ_USER_AGENT] = sdkUserAgentValue; - } - return next({ - ...args, - request - }); -}, "userAgentMiddleware"); -var escapeUserAgent = /* @__PURE__ */ __name((userAgentPair) => { - const name = userAgentPair[0].split(UA_NAME_SEPARATOR).map((part) => part.replace(UA_NAME_ESCAPE_REGEX, UA_ESCAPE_CHAR)).join(UA_NAME_SEPARATOR); - const version = userAgentPair[1]?.replace(UA_VALUE_ESCAPE_REGEX, UA_ESCAPE_CHAR); - const prefixSeparatorIndex = name.indexOf(UA_NAME_SEPARATOR); - const prefix = name.substring(0, prefixSeparatorIndex); - let uaName = name.substring(prefixSeparatorIndex + 1); - if (prefix === "api") { - uaName = uaName.toLowerCase(); - } - return [prefix, uaName, version].filter((item) => item && item.length > 0).reduce((acc, item, index) => { - switch (index) { - case 0: - return item; - case 1: - return `${acc}/${item}`; - default: - return `${acc}#${item}`; - } - }, ""); -}, "escapeUserAgent"); -var getUserAgentMiddlewareOptions = { - name: "getUserAgentMiddleware", - step: "build", - priority: "low", - tags: ["SET_USER_AGENT", "USER_AGENT"], - override: true -}; -var getUserAgentPlugin = /* @__PURE__ */ __name((config) => ({ - applyToStack: /* @__PURE__ */ __name((clientStack) => { - clientStack.add(userAgentMiddleware(config), getUserAgentMiddlewareOptions); - }, "applyToStack") -}), "getUserAgentPlugin"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 9002: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.resolveHttpAuthSchemeConfig = exports.defaultSSOOIDCHttpAuthSchemeProvider = exports.defaultSSOOIDCHttpAuthSchemeParametersProvider = void 0; -const core_1 = __nccwpck_require__(2143); -const util_middleware_1 = __nccwpck_require__(2390); -const defaultSSOOIDCHttpAuthSchemeParametersProvider = async (config, context, input) => { - return { - operation: (0, util_middleware_1.getSmithyContext)(context).operation, - region: (await (0, util_middleware_1.normalizeProvider)(config.region)()) || - (() => { - throw new Error("expected `region` to be configured for `aws.auth#sigv4`"); - })(), - }; -}; -exports.defaultSSOOIDCHttpAuthSchemeParametersProvider = defaultSSOOIDCHttpAuthSchemeParametersProvider; -function createAwsAuthSigv4HttpAuthOption(authParameters) { - return { - schemeId: "aws.auth#sigv4", - signingProperties: { - name: "sso-oauth", - region: authParameters.region, - }, - propertiesExtractor: (config, context) => ({ - signingProperties: { - config, - context, - }, - }), - }; -} -function createSmithyApiNoAuthHttpAuthOption(authParameters) { - return { - schemeId: "smithy.api#noAuth", - }; -} -const defaultSSOOIDCHttpAuthSchemeProvider = (authParameters) => { - const options = []; - switch (authParameters.operation) { - case "CreateToken": { - options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); - break; - } - default: { - options.push(createAwsAuthSigv4HttpAuthOption(authParameters)); - } - } - return options; -}; -exports.defaultSSOOIDCHttpAuthSchemeProvider = defaultSSOOIDCHttpAuthSchemeProvider; -const resolveHttpAuthSchemeConfig = (config) => { - const config_0 = (0, core_1.resolveAwsSdkSigV4Config)(config); - return Object.assign(config_0, { - authSchemePreference: (0, util_middleware_1.normalizeProvider)(config.authSchemePreference ?? []), - }); -}; -exports.resolveHttpAuthSchemeConfig = resolveHttpAuthSchemeConfig; - - -/***/ }), - -/***/ 8012: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.defaultEndpointResolver = void 0; -const util_endpoints_1 = __nccwpck_require__(4241); -const util_endpoints_2 = __nccwpck_require__(5473); -const ruleset_1 = __nccwpck_require__(2507); -const cache = new util_endpoints_2.EndpointCache({ - size: 50, - params: ["Endpoint", "Region", "UseDualStack", "UseFIPS"], -}); -const defaultEndpointResolver = (endpointParams, context = {}) => { - return cache.get(endpointParams, () => (0, util_endpoints_2.resolveEndpoint)(ruleset_1.ruleSet, { - endpointParams: endpointParams, - logger: context.logger, - })); -}; -exports.defaultEndpointResolver = defaultEndpointResolver; -util_endpoints_2.customEndpointFunctions.aws = util_endpoints_1.awsEndpointFunctions; - - -/***/ }), - -/***/ 2507: -/***/ ((__unused_webpack_module, exports) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.ruleSet = void 0; -const u = "required", v = "fn", w = "argv", x = "ref"; -const a = true, b = "isSet", c = "booleanEquals", d = "error", e = "endpoint", f = "tree", g = "PartitionResult", h = "getAttr", i = { [u]: false, "type": "String" }, j = { [u]: true, "default": false, "type": "Boolean" }, k = { [x]: "Endpoint" }, l = { [v]: c, [w]: [{ [x]: "UseFIPS" }, true] }, m = { [v]: c, [w]: [{ [x]: "UseDualStack" }, true] }, n = {}, o = { [v]: h, [w]: [{ [x]: g }, "supportsFIPS"] }, p = { [x]: g }, q = { [v]: c, [w]: [true, { [v]: h, [w]: [p, "supportsDualStack"] }] }, r = [l], s = [m], t = [{ [x]: "Region" }]; -const _data = { version: "1.0", parameters: { Region: i, UseDualStack: j, UseFIPS: j, Endpoint: i }, rules: [{ conditions: [{ [v]: b, [w]: [k] }], rules: [{ conditions: r, error: "Invalid Configuration: FIPS and custom endpoint are not supported", type: d }, { conditions: s, error: "Invalid Configuration: Dualstack and custom endpoint are not supported", type: d }, { endpoint: { url: k, properties: n, headers: n }, type: e }], type: f }, { conditions: [{ [v]: b, [w]: t }], rules: [{ conditions: [{ [v]: "aws.partition", [w]: t, assign: g }], rules: [{ conditions: [l, m], rules: [{ conditions: [{ [v]: c, [w]: [a, o] }, q], rules: [{ endpoint: { url: "https://oidc-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: n, headers: n }, type: e }], type: f }, { error: "FIPS and DualStack are enabled, but this partition does not support one or both", type: d }], type: f }, { conditions: r, rules: [{ conditions: [{ [v]: c, [w]: [o, a] }], rules: [{ conditions: [{ [v]: "stringEquals", [w]: [{ [v]: h, [w]: [p, "name"] }, "aws-us-gov"] }], endpoint: { url: "https://oidc.{Region}.amazonaws.com", properties: n, headers: n }, type: e }, { endpoint: { url: "https://oidc-fips.{Region}.{PartitionResult#dnsSuffix}", properties: n, headers: n }, type: e }], type: f }, { error: "FIPS is enabled but this partition does not support FIPS", type: d }], type: f }, { conditions: s, rules: [{ conditions: [q], rules: [{ endpoint: { url: "https://oidc.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: n, headers: n }, type: e }], type: f }, { error: "DualStack is enabled but this partition does not support DualStack", type: d }], type: f }, { endpoint: { url: "https://oidc.{Region}.{PartitionResult#dnsSuffix}", properties: n, headers: n }, type: e }], type: f }], type: f }, { error: "Invalid Configuration: Missing Region", type: d }] }; -exports.ruleSet = _data; - - -/***/ }), - -/***/ 8959: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/submodules/sso-oidc/index.ts -var index_exports = {}; -__export(index_exports, { - $Command: () => import_smithy_client6.Command, - AccessDeniedException: () => AccessDeniedException, - AuthorizationPendingException: () => AuthorizationPendingException, - CreateTokenCommand: () => CreateTokenCommand, - CreateTokenRequestFilterSensitiveLog: () => CreateTokenRequestFilterSensitiveLog, - CreateTokenResponseFilterSensitiveLog: () => CreateTokenResponseFilterSensitiveLog, - ExpiredTokenException: () => ExpiredTokenException, - InternalServerException: () => InternalServerException, - InvalidClientException: () => InvalidClientException, - InvalidGrantException: () => InvalidGrantException, - InvalidRequestException: () => InvalidRequestException, - InvalidScopeException: () => InvalidScopeException, - SSOOIDC: () => SSOOIDC, - SSOOIDCClient: () => SSOOIDCClient, - SSOOIDCServiceException: () => SSOOIDCServiceException, - SlowDownException: () => SlowDownException, - UnauthorizedClientException: () => UnauthorizedClientException, - UnsupportedGrantTypeException: () => UnsupportedGrantTypeException, - __Client: () => import_smithy_client2.Client -}); -module.exports = __toCommonJS(index_exports); - -// src/submodules/sso-oidc/SSOOIDCClient.ts -var import_middleware_host_header = __nccwpck_require__(9514); -var import_middleware_logger = __nccwpck_require__(5675); -var import_middleware_recursion_detection = __nccwpck_require__(7977); -var import_middleware_user_agent = __nccwpck_require__(6634); -var import_config_resolver = __nccwpck_require__(3098); -var import_core = __nccwpck_require__(5829); -var import_middleware_content_length = __nccwpck_require__(2800); -var import_middleware_endpoint = __nccwpck_require__(2918); -var import_middleware_retry = __nccwpck_require__(6039); -var import_smithy_client2 = __nccwpck_require__(3570); -var import_httpAuthSchemeProvider = __nccwpck_require__(9002); - -// src/submodules/sso-oidc/endpoint/EndpointParameters.ts -var resolveClientEndpointParameters = /* @__PURE__ */ __name((options) => { - return Object.assign(options, { - useDualstackEndpoint: options.useDualstackEndpoint ?? false, - useFipsEndpoint: options.useFipsEndpoint ?? false, - defaultSigningName: "sso-oauth" - }); -}, "resolveClientEndpointParameters"); -var commonParams = { - UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, - Endpoint: { type: "builtInParams", name: "endpoint" }, - Region: { type: "builtInParams", name: "region" }, - UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" } -}; - -// src/submodules/sso-oidc/SSOOIDCClient.ts -var import_runtimeConfig = __nccwpck_require__(5875); - -// src/submodules/sso-oidc/runtimeExtensions.ts -var import_region_config_resolver = __nccwpck_require__(6976); -var import_protocol_http = __nccwpck_require__(4418); -var import_smithy_client = __nccwpck_require__(3570); - -// src/submodules/sso-oidc/auth/httpAuthExtensionConfiguration.ts -var getHttpAuthExtensionConfiguration = /* @__PURE__ */ __name((runtimeConfig) => { - const _httpAuthSchemes = runtimeConfig.httpAuthSchemes; - let _httpAuthSchemeProvider = runtimeConfig.httpAuthSchemeProvider; - let _credentials = runtimeConfig.credentials; - return { - setHttpAuthScheme(httpAuthScheme) { - const index = _httpAuthSchemes.findIndex((scheme) => scheme.schemeId === httpAuthScheme.schemeId); - if (index === -1) { - _httpAuthSchemes.push(httpAuthScheme); - } else { - _httpAuthSchemes.splice(index, 1, httpAuthScheme); - } - }, - httpAuthSchemes() { - return _httpAuthSchemes; - }, - setHttpAuthSchemeProvider(httpAuthSchemeProvider) { - _httpAuthSchemeProvider = httpAuthSchemeProvider; - }, - httpAuthSchemeProvider() { - return _httpAuthSchemeProvider; - }, - setCredentials(credentials) { - _credentials = credentials; - }, - credentials() { - return _credentials; - } - }; -}, "getHttpAuthExtensionConfiguration"); -var resolveHttpAuthRuntimeConfig = /* @__PURE__ */ __name((config) => { - return { - httpAuthSchemes: config.httpAuthSchemes(), - httpAuthSchemeProvider: config.httpAuthSchemeProvider(), - credentials: config.credentials() - }; -}, "resolveHttpAuthRuntimeConfig"); - -// src/submodules/sso-oidc/runtimeExtensions.ts -var resolveRuntimeExtensions = /* @__PURE__ */ __name((runtimeConfig, extensions) => { - const extensionConfiguration = Object.assign( - (0, import_region_config_resolver.getAwsRegionExtensionConfiguration)(runtimeConfig), - (0, import_smithy_client.getDefaultExtensionConfiguration)(runtimeConfig), - (0, import_protocol_http.getHttpHandlerExtensionConfiguration)(runtimeConfig), - getHttpAuthExtensionConfiguration(runtimeConfig) - ); - extensions.forEach((extension) => extension.configure(extensionConfiguration)); - return Object.assign( - runtimeConfig, - (0, import_region_config_resolver.resolveAwsRegionExtensionConfiguration)(extensionConfiguration), - (0, import_smithy_client.resolveDefaultRuntimeConfig)(extensionConfiguration), - (0, import_protocol_http.resolveHttpHandlerRuntimeConfig)(extensionConfiguration), - resolveHttpAuthRuntimeConfig(extensionConfiguration) - ); -}, "resolveRuntimeExtensions"); - -// src/submodules/sso-oidc/SSOOIDCClient.ts -var SSOOIDCClient = class extends import_smithy_client2.Client { - static { - __name(this, "SSOOIDCClient"); - } - /** - * The resolved configuration of SSOOIDCClient class. This is resolved and normalized from the {@link SSOOIDCClientConfig | constructor configuration interface}. - */ - config; - constructor(...[configuration]) { - const _config_0 = (0, import_runtimeConfig.getRuntimeConfig)(configuration || {}); - super(_config_0); - this.initConfig = _config_0; - const _config_1 = resolveClientEndpointParameters(_config_0); - const _config_2 = (0, import_middleware_user_agent.resolveUserAgentConfig)(_config_1); - const _config_3 = (0, import_middleware_retry.resolveRetryConfig)(_config_2); - const _config_4 = (0, import_config_resolver.resolveRegionConfig)(_config_3); - const _config_5 = (0, import_middleware_host_header.resolveHostHeaderConfig)(_config_4); - const _config_6 = (0, import_middleware_endpoint.resolveEndpointConfig)(_config_5); - const _config_7 = (0, import_httpAuthSchemeProvider.resolveHttpAuthSchemeConfig)(_config_6); - const _config_8 = resolveRuntimeExtensions(_config_7, configuration?.extensions || []); - this.config = _config_8; - this.middlewareStack.use((0, import_middleware_user_agent.getUserAgentPlugin)(this.config)); - this.middlewareStack.use((0, import_middleware_retry.getRetryPlugin)(this.config)); - this.middlewareStack.use((0, import_middleware_content_length.getContentLengthPlugin)(this.config)); - this.middlewareStack.use((0, import_middleware_host_header.getHostHeaderPlugin)(this.config)); - this.middlewareStack.use((0, import_middleware_logger.getLoggerPlugin)(this.config)); - this.middlewareStack.use((0, import_middleware_recursion_detection.getRecursionDetectionPlugin)(this.config)); - this.middlewareStack.use( - (0, import_core.getHttpAuthSchemeEndpointRuleSetPlugin)(this.config, { - httpAuthSchemeParametersProvider: import_httpAuthSchemeProvider.defaultSSOOIDCHttpAuthSchemeParametersProvider, - identityProviderConfigProvider: /* @__PURE__ */ __name(async (config) => new import_core.DefaultIdentityProviderConfig({ - "aws.auth#sigv4": config.credentials - }), "identityProviderConfigProvider") - }) - ); - this.middlewareStack.use((0, import_core.getHttpSigningPlugin)(this.config)); - } - /** - * Destroy underlying resources, like sockets. It's usually not necessary to do this. - * However in Node.js, it's best to explicitly shut down the client's agent when it is no longer needed. - * Otherwise, sockets might stay open for quite a long time before the server terminates them. - */ - destroy() { - super.destroy(); - } -}; - -// src/submodules/sso-oidc/SSOOIDC.ts -var import_smithy_client7 = __nccwpck_require__(3570); - -// src/submodules/sso-oidc/commands/CreateTokenCommand.ts -var import_middleware_endpoint2 = __nccwpck_require__(2918); -var import_middleware_serde = __nccwpck_require__(1238); -var import_smithy_client6 = __nccwpck_require__(3570); - -// src/submodules/sso-oidc/models/models_0.ts -var import_smithy_client4 = __nccwpck_require__(3570); - -// src/submodules/sso-oidc/models/SSOOIDCServiceException.ts -var import_smithy_client3 = __nccwpck_require__(3570); -var SSOOIDCServiceException = class _SSOOIDCServiceException extends import_smithy_client3.ServiceException { - static { - __name(this, "SSOOIDCServiceException"); - } - /** - * @internal - */ - constructor(options) { - super(options); - Object.setPrototypeOf(this, _SSOOIDCServiceException.prototype); - } -}; - -// src/submodules/sso-oidc/models/models_0.ts -var AccessDeniedException = class _AccessDeniedException extends SSOOIDCServiceException { - static { - __name(this, "AccessDeniedException"); - } - name = "AccessDeniedException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be access_denied.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { - super({ - name: "AccessDeniedException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _AccessDeniedException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; - } -}; -var AuthorizationPendingException = class _AuthorizationPendingException extends SSOOIDCServiceException { - static { - __name(this, "AuthorizationPendingException"); - } - name = "AuthorizationPendingException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be
- * authorization_pending.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { - super({ - name: "AuthorizationPendingException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _AuthorizationPendingException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; - } -}; -var CreateTokenRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.clientSecret && { clientSecret: import_smithy_client4.SENSITIVE_STRING }, - ...obj.refreshToken && { refreshToken: import_smithy_client4.SENSITIVE_STRING }, - ...obj.codeVerifier && { codeVerifier: import_smithy_client4.SENSITIVE_STRING } -}), "CreateTokenRequestFilterSensitiveLog"); -var CreateTokenResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.accessToken && { accessToken: import_smithy_client4.SENSITIVE_STRING }, - ...obj.refreshToken && { refreshToken: import_smithy_client4.SENSITIVE_STRING }, - ...obj.idToken && { idToken: import_smithy_client4.SENSITIVE_STRING } -}), "CreateTokenResponseFilterSensitiveLog"); -var ExpiredTokenException = class _ExpiredTokenException extends SSOOIDCServiceException { - static { - __name(this, "ExpiredTokenException"); - } - name = "ExpiredTokenException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be expired_token.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { - super({ - name: "ExpiredTokenException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _ExpiredTokenException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; - } -}; -var InternalServerException = class _InternalServerException extends SSOOIDCServiceException { - static { - __name(this, "InternalServerException"); - } - name = "InternalServerException"; - $fault = "server"; - /** - *Single error code. For this exception the value will be server_error.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { - super({ - name: "InternalServerException", - $fault: "server", - ...opts - }); - Object.setPrototypeOf(this, _InternalServerException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; - } -}; -var InvalidClientException = class _InvalidClientException extends SSOOIDCServiceException { - static { - __name(this, "InvalidClientException"); - } - name = "InvalidClientException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be
- * invalid_client.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { - super({ - name: "InvalidClientException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _InvalidClientException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; - } -}; -var InvalidGrantException = class _InvalidGrantException extends SSOOIDCServiceException { - static { - __name(this, "InvalidGrantException"); - } - name = "InvalidGrantException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be invalid_grant.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { - super({ - name: "InvalidGrantException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _InvalidGrantException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; - } -}; -var InvalidRequestException = class _InvalidRequestException extends SSOOIDCServiceException { - static { - __name(this, "InvalidRequestException"); - } - name = "InvalidRequestException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be
- * invalid_request.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { - super({ - name: "InvalidRequestException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _InvalidRequestException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; - } -}; -var InvalidScopeException = class _InvalidScopeException extends SSOOIDCServiceException { - static { - __name(this, "InvalidScopeException"); - } - name = "InvalidScopeException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be invalid_scope.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { - super({ - name: "InvalidScopeException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _InvalidScopeException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; - } -}; -var SlowDownException = class _SlowDownException extends SSOOIDCServiceException { - static { - __name(this, "SlowDownException"); - } - name = "SlowDownException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be slow_down.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { - super({ - name: "SlowDownException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _SlowDownException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; - } -}; -var UnauthorizedClientException = class _UnauthorizedClientException extends SSOOIDCServiceException { - static { - __name(this, "UnauthorizedClientException"); - } - name = "UnauthorizedClientException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be
- * unauthorized_client.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { - super({ - name: "UnauthorizedClientException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _UnauthorizedClientException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; - } -}; -var UnsupportedGrantTypeException = class _UnsupportedGrantTypeException extends SSOOIDCServiceException { - static { - __name(this, "UnsupportedGrantTypeException"); - } - name = "UnsupportedGrantTypeException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be
- * unsupported_grant_type.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { - super({ - name: "UnsupportedGrantTypeException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _UnsupportedGrantTypeException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; - } -}; - -// src/submodules/sso-oidc/protocols/Aws_restJson1.ts -var import_core2 = __nccwpck_require__(2143); -var import_core3 = __nccwpck_require__(5829); -var import_smithy_client5 = __nccwpck_require__(3570); -var se_CreateTokenCommand = /* @__PURE__ */ __name(async (input, context) => { - const b = (0, import_core3.requestBuilder)(input, context); - const headers = { - "content-type": "application/json" - }; - b.bp("/token"); - let body; - body = JSON.stringify( - (0, import_smithy_client5.take)(input, { - clientId: [], - clientSecret: [], - code: [], - codeVerifier: [], - deviceCode: [], - grantType: [], - redirectUri: [], - refreshToken: [], - scope: /* @__PURE__ */ __name((_) => (0, import_smithy_client5._json)(_), "scope") - }) - ); - b.m("POST").h(headers).b(body); - return b.build(); -}, "se_CreateTokenCommand"); -var de_CreateTokenCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode !== 200 && output.statusCode >= 300) { - return de_CommandError(output, context); - } - const contents = (0, import_smithy_client5.map)({ - $metadata: deserializeMetadata(output) - }); - const data = (0, import_smithy_client5.expectNonNull)((0, import_smithy_client5.expectObject)(await (0, import_core2.parseJsonBody)(output.body, context)), "body"); - const doc = (0, import_smithy_client5.take)(data, { - accessToken: import_smithy_client5.expectString, - expiresIn: import_smithy_client5.expectInt32, - idToken: import_smithy_client5.expectString, - refreshToken: import_smithy_client5.expectString, - tokenType: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - return contents; -}, "de_CreateTokenCommand"); -var de_CommandError = /* @__PURE__ */ __name(async (output, context) => { - const parsedOutput = { - ...output, - body: await (0, import_core2.parseJsonErrorBody)(output.body, context) - }; - const errorCode = (0, import_core2.loadRestJsonErrorCode)(output, parsedOutput.body); - switch (errorCode) { - case "AccessDeniedException": - case "com.amazonaws.ssooidc#AccessDeniedException": - throw await de_AccessDeniedExceptionRes(parsedOutput, context); - case "AuthorizationPendingException": - case "com.amazonaws.ssooidc#AuthorizationPendingException": - throw await de_AuthorizationPendingExceptionRes(parsedOutput, context); - case "ExpiredTokenException": - case "com.amazonaws.ssooidc#ExpiredTokenException": - throw await de_ExpiredTokenExceptionRes(parsedOutput, context); - case "InternalServerException": - case "com.amazonaws.ssooidc#InternalServerException": - throw await de_InternalServerExceptionRes(parsedOutput, context); - case "InvalidClientException": - case "com.amazonaws.ssooidc#InvalidClientException": - throw await de_InvalidClientExceptionRes(parsedOutput, context); - case "InvalidGrantException": - case "com.amazonaws.ssooidc#InvalidGrantException": - throw await de_InvalidGrantExceptionRes(parsedOutput, context); - case "InvalidRequestException": - case "com.amazonaws.ssooidc#InvalidRequestException": - throw await de_InvalidRequestExceptionRes(parsedOutput, context); - case "InvalidScopeException": - case "com.amazonaws.ssooidc#InvalidScopeException": - throw await de_InvalidScopeExceptionRes(parsedOutput, context); - case "SlowDownException": - case "com.amazonaws.ssooidc#SlowDownException": - throw await de_SlowDownExceptionRes(parsedOutput, context); - case "UnauthorizedClientException": - case "com.amazonaws.ssooidc#UnauthorizedClientException": - throw await de_UnauthorizedClientExceptionRes(parsedOutput, context); - case "UnsupportedGrantTypeException": - case "com.amazonaws.ssooidc#UnsupportedGrantTypeException": - throw await de_UnsupportedGrantTypeExceptionRes(parsedOutput, context); - default: - const parsedBody = parsedOutput.body; - return throwDefaultError({ - output, - parsedBody, - errorCode - }); - } -}, "de_CommandError"); -var throwDefaultError = (0, import_smithy_client5.withBaseException)(SSOOIDCServiceException); -var de_AccessDeniedExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new AccessDeniedException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_AccessDeniedExceptionRes"); -var de_AuthorizationPendingExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new AuthorizationPendingException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_AuthorizationPendingExceptionRes"); -var de_ExpiredTokenExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new ExpiredTokenException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_ExpiredTokenExceptionRes"); -var de_InternalServerExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new InternalServerException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_InternalServerExceptionRes"); -var de_InvalidClientExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new InvalidClientException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_InvalidClientExceptionRes"); -var de_InvalidGrantExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new InvalidGrantException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_InvalidGrantExceptionRes"); -var de_InvalidRequestExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new InvalidRequestException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_InvalidRequestExceptionRes"); -var de_InvalidScopeExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new InvalidScopeException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_InvalidScopeExceptionRes"); -var de_SlowDownExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new SlowDownException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_SlowDownExceptionRes"); -var de_UnauthorizedClientExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new UnauthorizedClientException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_UnauthorizedClientExceptionRes"); -var de_UnsupportedGrantTypeExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new UnsupportedGrantTypeException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_UnsupportedGrantTypeExceptionRes"); -var deserializeMetadata = /* @__PURE__ */ __name((output) => ({ - httpStatusCode: output.statusCode, - requestId: output.headers["x-amzn-requestid"] ?? output.headers["x-amzn-request-id"] ?? output.headers["x-amz-request-id"], - extendedRequestId: output.headers["x-amz-id-2"], - cfId: output.headers["x-amz-cf-id"] -}), "deserializeMetadata"); - -// src/submodules/sso-oidc/commands/CreateTokenCommand.ts -var CreateTokenCommand = class extends import_smithy_client6.Command.classBuilder().ep(commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint2.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("AWSSSOOIDCService", "CreateToken", {}).n("SSOOIDCClient", "CreateTokenCommand").f(CreateTokenRequestFilterSensitiveLog, CreateTokenResponseFilterSensitiveLog).ser(se_CreateTokenCommand).de(de_CreateTokenCommand).build() { - static { - __name(this, "CreateTokenCommand"); - } -}; - -// src/submodules/sso-oidc/SSOOIDC.ts -var commands = { - CreateTokenCommand -}; -var SSOOIDC = class extends SSOOIDCClient { - static { - __name(this, "SSOOIDC"); - } -}; -(0, import_smithy_client7.createAggregatedClient)(commands, SSOOIDC); -// Annotate the CommonJS export names for ESM import in node: -0 && (0); - - -/***/ }), - -/***/ 5875: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.getRuntimeConfig = void 0; -const tslib_1 = __nccwpck_require__(4351); -const package_json_1 = tslib_1.__importDefault(__nccwpck_require__(4178)); -const core_1 = __nccwpck_require__(2143); -const util_user_agent_node_1 = __nccwpck_require__(7330); -const config_resolver_1 = __nccwpck_require__(3098); -const hash_node_1 = __nccwpck_require__(3081); -const middleware_retry_1 = __nccwpck_require__(6039); -const node_config_provider_1 = __nccwpck_require__(3461); -const node_http_handler_1 = __nccwpck_require__(258); -const util_body_length_node_1 = __nccwpck_require__(8075); -const util_retry_1 = __nccwpck_require__(4902); -const runtimeConfig_shared_1 = __nccwpck_require__(3695); -const smithy_client_1 = __nccwpck_require__(3570); -const util_defaults_mode_node_1 = __nccwpck_require__(2429); -const smithy_client_2 = __nccwpck_require__(3570); -const getRuntimeConfig = (config) => { - (0, smithy_client_2.emitWarningIfUnsupportedVersion)(process.version); - const defaultsMode = (0, util_defaults_mode_node_1.resolveDefaultsModeConfig)(config); - const defaultConfigProvider = () => defaultsMode().then(smithy_client_1.loadConfigsForDefaultMode); - const clientSharedValues = (0, runtimeConfig_shared_1.getRuntimeConfig)(config); - (0, core_1.emitWarningIfUnsupportedVersion)(process.version); - const loaderConfig = { - profile: config?.profile, - logger: clientSharedValues.logger, - }; - return { - ...clientSharedValues, - ...config, - runtime: "node", - defaultsMode, - authSchemePreference: config?.authSchemePreference ?? (0, node_config_provider_1.loadConfig)(core_1.NODE_AUTH_SCHEME_PREFERENCE_OPTIONS, loaderConfig), - bodyLengthChecker: config?.bodyLengthChecker ?? util_body_length_node_1.calculateBodyLength, - defaultUserAgentProvider: config?.defaultUserAgentProvider ?? - (0, util_user_agent_node_1.createDefaultUserAgentProvider)({ serviceId: clientSharedValues.serviceId, clientVersion: package_json_1.default.version }), - maxAttempts: config?.maxAttempts ?? (0, node_config_provider_1.loadConfig)(middleware_retry_1.NODE_MAX_ATTEMPT_CONFIG_OPTIONS, config), - region: config?.region ?? - (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_REGION_CONFIG_OPTIONS, { ...config_resolver_1.NODE_REGION_CONFIG_FILE_OPTIONS, ...loaderConfig }), - requestHandler: node_http_handler_1.NodeHttpHandler.create(config?.requestHandler ?? defaultConfigProvider), - retryMode: config?.retryMode ?? - (0, node_config_provider_1.loadConfig)({ - ...middleware_retry_1.NODE_RETRY_MODE_CONFIG_OPTIONS, - default: async () => (await defaultConfigProvider()).retryMode || util_retry_1.DEFAULT_RETRY_MODE, - }, config), - sha256: config?.sha256 ?? hash_node_1.Hash.bind(null, "sha256"), - streamCollector: config?.streamCollector ?? node_http_handler_1.streamCollector, - useDualstackEndpoint: config?.useDualstackEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS, loaderConfig), - useFipsEndpoint: config?.useFipsEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS, loaderConfig), - userAgentAppId: config?.userAgentAppId ?? (0, node_config_provider_1.loadConfig)(util_user_agent_node_1.NODE_APP_ID_CONFIG_OPTIONS, loaderConfig), - }; -}; -exports.getRuntimeConfig = getRuntimeConfig; - - -/***/ }), - -/***/ 3695: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.getRuntimeConfig = void 0; -const core_1 = __nccwpck_require__(2143); -const core_2 = __nccwpck_require__(5829); -const smithy_client_1 = __nccwpck_require__(3570); -const url_parser_1 = __nccwpck_require__(4681); -const util_base64_1 = __nccwpck_require__(5600); -const util_utf8_1 = __nccwpck_require__(1895); -const httpAuthSchemeProvider_1 = __nccwpck_require__(9002); -const endpointResolver_1 = __nccwpck_require__(8012); -const getRuntimeConfig = (config) => { - return { - apiVersion: "2019-06-10", - base64Decoder: config?.base64Decoder ?? util_base64_1.fromBase64, - base64Encoder: config?.base64Encoder ?? util_base64_1.toBase64, - disableHostPrefix: config?.disableHostPrefix ?? false, - endpointProvider: config?.endpointProvider ?? endpointResolver_1.defaultEndpointResolver, - extensions: config?.extensions ?? [], - httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? httpAuthSchemeProvider_1.defaultSSOOIDCHttpAuthSchemeProvider, - httpAuthSchemes: config?.httpAuthSchemes ?? [ - { - schemeId: "aws.auth#sigv4", - identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4"), - signer: new core_1.AwsSdkSigV4Signer(), - }, - { - schemeId: "smithy.api#noAuth", - identityProvider: (ipc) => ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})), - signer: new core_2.NoAuthSigner(), - }, - ], - logger: config?.logger ?? new smithy_client_1.NoOpLogger(), - serviceId: config?.serviceId ?? "SSO OIDC", - urlParser: config?.urlParser ?? url_parser_1.parseUrl, - utf8Decoder: config?.utf8Decoder ?? util_utf8_1.fromUtf8, - utf8Encoder: config?.utf8Encoder ?? util_utf8_1.toUtf8, - }; -}; -exports.getRuntimeConfig = getRuntimeConfig; - - -/***/ }), - -/***/ 6878: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.STSClient = exports.__Client = void 0; -const middleware_host_header_1 = __nccwpck_require__(9514); -const middleware_logger_1 = __nccwpck_require__(5675); -const middleware_recursion_detection_1 = __nccwpck_require__(7977); -const middleware_user_agent_1 = __nccwpck_require__(6634); -const config_resolver_1 = __nccwpck_require__(3098); -const core_1 = __nccwpck_require__(5829); -const middleware_content_length_1 = __nccwpck_require__(2800); -const middleware_endpoint_1 = __nccwpck_require__(2918); -const middleware_retry_1 = __nccwpck_require__(6039); -const smithy_client_1 = __nccwpck_require__(3570); -Object.defineProperty(exports, "__Client", ({ enumerable: true, get: function () { return smithy_client_1.Client; } })); -const httpAuthSchemeProvider_1 = __nccwpck_require__(3061); -const EndpointParameters_1 = __nccwpck_require__(981); -const runtimeConfig_1 = __nccwpck_require__(302); -const runtimeExtensions_1 = __nccwpck_require__(9913); -class STSClient extends smithy_client_1.Client { - config; - constructor(...[configuration]) { - const _config_0 = (0, runtimeConfig_1.getRuntimeConfig)(configuration || {}); - super(_config_0); - this.initConfig = _config_0; - const _config_1 = (0, EndpointParameters_1.resolveClientEndpointParameters)(_config_0); - const _config_2 = (0, middleware_user_agent_1.resolveUserAgentConfig)(_config_1); - const _config_3 = (0, middleware_retry_1.resolveRetryConfig)(_config_2); - const _config_4 = (0, config_resolver_1.resolveRegionConfig)(_config_3); - const _config_5 = (0, middleware_host_header_1.resolveHostHeaderConfig)(_config_4); - const _config_6 = (0, middleware_endpoint_1.resolveEndpointConfig)(_config_5); - const _config_7 = (0, httpAuthSchemeProvider_1.resolveHttpAuthSchemeConfig)(_config_6); - const _config_8 = (0, runtimeExtensions_1.resolveRuntimeExtensions)(_config_7, configuration?.extensions || []); - this.config = _config_8; - this.middlewareStack.use((0, middleware_user_agent_1.getUserAgentPlugin)(this.config)); - this.middlewareStack.use((0, middleware_retry_1.getRetryPlugin)(this.config)); - this.middlewareStack.use((0, middleware_content_length_1.getContentLengthPlugin)(this.config)); - this.middlewareStack.use((0, middleware_host_header_1.getHostHeaderPlugin)(this.config)); - this.middlewareStack.use((0, middleware_logger_1.getLoggerPlugin)(this.config)); - this.middlewareStack.use((0, middleware_recursion_detection_1.getRecursionDetectionPlugin)(this.config)); - this.middlewareStack.use((0, core_1.getHttpAuthSchemeEndpointRuleSetPlugin)(this.config, { - httpAuthSchemeParametersProvider: httpAuthSchemeProvider_1.defaultSTSHttpAuthSchemeParametersProvider, - identityProviderConfigProvider: async (config) => new core_1.DefaultIdentityProviderConfig({ - "aws.auth#sigv4": config.credentials, - }), - })); - this.middlewareStack.use((0, core_1.getHttpSigningPlugin)(this.config)); - } - destroy() { - super.destroy(); - } -} -exports.STSClient = STSClient; - - -/***/ }), - -/***/ 1746: -/***/ ((__unused_webpack_module, exports) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.resolveHttpAuthRuntimeConfig = exports.getHttpAuthExtensionConfiguration = void 0; -const getHttpAuthExtensionConfiguration = (runtimeConfig) => { - const _httpAuthSchemes = runtimeConfig.httpAuthSchemes; - let _httpAuthSchemeProvider = runtimeConfig.httpAuthSchemeProvider; - let _credentials = runtimeConfig.credentials; - return { - setHttpAuthScheme(httpAuthScheme) { - const index = _httpAuthSchemes.findIndex((scheme) => scheme.schemeId === httpAuthScheme.schemeId); - if (index === -1) { - _httpAuthSchemes.push(httpAuthScheme); - } - else { - _httpAuthSchemes.splice(index, 1, httpAuthScheme); - } - }, - httpAuthSchemes() { - return _httpAuthSchemes; - }, - setHttpAuthSchemeProvider(httpAuthSchemeProvider) { - _httpAuthSchemeProvider = httpAuthSchemeProvider; - }, - httpAuthSchemeProvider() { - return _httpAuthSchemeProvider; - }, - setCredentials(credentials) { - _credentials = credentials; - }, - credentials() { - return _credentials; - }, - }; -}; -exports.getHttpAuthExtensionConfiguration = getHttpAuthExtensionConfiguration; -const resolveHttpAuthRuntimeConfig = (config) => { - return { - httpAuthSchemes: config.httpAuthSchemes(), - httpAuthSchemeProvider: config.httpAuthSchemeProvider(), - credentials: config.credentials(), - }; -}; -exports.resolveHttpAuthRuntimeConfig = resolveHttpAuthRuntimeConfig; - - -/***/ }), - -/***/ 3061: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.resolveHttpAuthSchemeConfig = exports.resolveStsAuthConfig = exports.defaultSTSHttpAuthSchemeProvider = exports.defaultSTSHttpAuthSchemeParametersProvider = void 0; -const core_1 = __nccwpck_require__(2143); -const util_middleware_1 = __nccwpck_require__(2390); -const STSClient_1 = __nccwpck_require__(6878); -const defaultSTSHttpAuthSchemeParametersProvider = async (config, context, input) => { - return { - operation: (0, util_middleware_1.getSmithyContext)(context).operation, - region: (await (0, util_middleware_1.normalizeProvider)(config.region)()) || - (() => { - throw new Error("expected `region` to be configured for `aws.auth#sigv4`"); - })(), - }; -}; -exports.defaultSTSHttpAuthSchemeParametersProvider = defaultSTSHttpAuthSchemeParametersProvider; -function createAwsAuthSigv4HttpAuthOption(authParameters) { - return { - schemeId: "aws.auth#sigv4", - signingProperties: { - name: "sts", - region: authParameters.region, - }, - propertiesExtractor: (config, context) => ({ - signingProperties: { - config, - context, - }, - }), - }; -} -function createSmithyApiNoAuthHttpAuthOption(authParameters) { - return { - schemeId: "smithy.api#noAuth", - }; -} -const defaultSTSHttpAuthSchemeProvider = (authParameters) => { - const options = []; - switch (authParameters.operation) { - case "AssumeRoleWithWebIdentity": { - options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); - break; - } - default: { - options.push(createAwsAuthSigv4HttpAuthOption(authParameters)); - } - } - return options; -}; -exports.defaultSTSHttpAuthSchemeProvider = defaultSTSHttpAuthSchemeProvider; -const resolveStsAuthConfig = (input) => Object.assign(input, { - stsClientCtor: STSClient_1.STSClient, -}); -exports.resolveStsAuthConfig = resolveStsAuthConfig; -const resolveHttpAuthSchemeConfig = (config) => { - const config_0 = (0, exports.resolveStsAuthConfig)(config); - const config_1 = (0, core_1.resolveAwsSdkSigV4Config)(config_0); - return Object.assign(config_1, { - authSchemePreference: (0, util_middleware_1.normalizeProvider)(config.authSchemePreference ?? []), - }); -}; -exports.resolveHttpAuthSchemeConfig = resolveHttpAuthSchemeConfig; - - -/***/ }), - -/***/ 981: -/***/ ((__unused_webpack_module, exports) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.commonParams = exports.resolveClientEndpointParameters = void 0; -const resolveClientEndpointParameters = (options) => { - return Object.assign(options, { - useDualstackEndpoint: options.useDualstackEndpoint ?? false, - useFipsEndpoint: options.useFipsEndpoint ?? false, - useGlobalEndpoint: options.useGlobalEndpoint ?? false, - defaultSigningName: "sts", - }); -}; -exports.resolveClientEndpointParameters = resolveClientEndpointParameters; -exports.commonParams = { - UseGlobalEndpoint: { type: "builtInParams", name: "useGlobalEndpoint" }, - UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, - Endpoint: { type: "builtInParams", name: "endpoint" }, - Region: { type: "builtInParams", name: "region" }, - UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" }, -}; - - -/***/ }), - -/***/ 8181: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.defaultEndpointResolver = void 0; -const util_endpoints_1 = __nccwpck_require__(4241); -const util_endpoints_2 = __nccwpck_require__(5473); -const ruleset_1 = __nccwpck_require__(5713); -const cache = new util_endpoints_2.EndpointCache({ - size: 50, - params: ["Endpoint", "Region", "UseDualStack", "UseFIPS", "UseGlobalEndpoint"], -}); -const defaultEndpointResolver = (endpointParams, context = {}) => { - return cache.get(endpointParams, () => (0, util_endpoints_2.resolveEndpoint)(ruleset_1.ruleSet, { - endpointParams: endpointParams, - logger: context.logger, - })); -}; -exports.defaultEndpointResolver = defaultEndpointResolver; -util_endpoints_2.customEndpointFunctions.aws = util_endpoints_1.awsEndpointFunctions; - - -/***/ }), - -/***/ 5713: -/***/ ((__unused_webpack_module, exports) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.ruleSet = void 0; -const F = "required", G = "type", H = "fn", I = "argv", J = "ref"; -const a = false, b = true, c = "booleanEquals", d = "stringEquals", e = "sigv4", f = "sts", g = "us-east-1", h = "endpoint", i = "https://sts.{Region}.{PartitionResult#dnsSuffix}", j = "tree", k = "error", l = "getAttr", m = { [F]: false, [G]: "String" }, n = { [F]: true, "default": false, [G]: "Boolean" }, o = { [J]: "Endpoint" }, p = { [H]: "isSet", [I]: [{ [J]: "Region" }] }, q = { [J]: "Region" }, r = { [H]: "aws.partition", [I]: [q], "assign": "PartitionResult" }, s = { [J]: "UseFIPS" }, t = { [J]: "UseDualStack" }, u = { "url": "https://sts.amazonaws.com", "properties": { "authSchemes": [{ "name": e, "signingName": f, "signingRegion": g }] }, "headers": {} }, v = {}, w = { "conditions": [{ [H]: d, [I]: [q, "aws-global"] }], [h]: u, [G]: h }, x = { [H]: c, [I]: [s, true] }, y = { [H]: c, [I]: [t, true] }, z = { [H]: l, [I]: [{ [J]: "PartitionResult" }, "supportsFIPS"] }, A = { [J]: "PartitionResult" }, B = { [H]: c, [I]: [true, { [H]: l, [I]: [A, "supportsDualStack"] }] }, C = [{ [H]: "isSet", [I]: [o] }], D = [x], E = [y]; -const _data = { version: "1.0", parameters: { Region: m, UseDualStack: n, UseFIPS: n, Endpoint: m, UseGlobalEndpoint: n }, rules: [{ conditions: [{ [H]: c, [I]: [{ [J]: "UseGlobalEndpoint" }, b] }, { [H]: "not", [I]: C }, p, r, { [H]: c, [I]: [s, a] }, { [H]: c, [I]: [t, a] }], rules: [{ conditions: [{ [H]: d, [I]: [q, "ap-northeast-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "ap-south-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "ap-southeast-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "ap-southeast-2"] }], endpoint: u, [G]: h }, w, { conditions: [{ [H]: d, [I]: [q, "ca-central-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-central-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-north-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-west-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-west-2"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-west-3"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "sa-east-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, g] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "us-east-2"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "us-west-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "us-west-2"] }], endpoint: u, [G]: h }, { endpoint: { url: i, properties: { authSchemes: [{ name: e, signingName: f, signingRegion: "{Region}" }] }, headers: v }, [G]: h }], [G]: j }, { conditions: C, rules: [{ conditions: D, error: "Invalid Configuration: FIPS and custom endpoint are not supported", [G]: k }, { conditions: E, error: "Invalid Configuration: Dualstack and custom endpoint are not supported", [G]: k }, { endpoint: { url: o, properties: v, headers: v }, [G]: h }], [G]: j }, { conditions: [p], rules: [{ conditions: [r], rules: [{ conditions: [x, y], rules: [{ conditions: [{ [H]: c, [I]: [b, z] }, B], rules: [{ endpoint: { url: "https://sts-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: v, headers: v }, [G]: h }], [G]: j }, { error: "FIPS and DualStack are enabled, but this partition does not support one or both", [G]: k }], [G]: j }, { conditions: D, rules: [{ conditions: [{ [H]: c, [I]: [z, b] }], rules: [{ conditions: [{ [H]: d, [I]: [{ [H]: l, [I]: [A, "name"] }, "aws-us-gov"] }], endpoint: { url: "https://sts.{Region}.amazonaws.com", properties: v, headers: v }, [G]: h }, { endpoint: { url: "https://sts-fips.{Region}.{PartitionResult#dnsSuffix}", properties: v, headers: v }, [G]: h }], [G]: j }, { error: "FIPS is enabled but this partition does not support FIPS", [G]: k }], [G]: j }, { conditions: E, rules: [{ conditions: [B], rules: [{ endpoint: { url: "https://sts.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: v, headers: v }, [G]: h }], [G]: j }, { error: "DualStack is enabled but this partition does not support DualStack", [G]: k }], [G]: j }, w, { endpoint: { url: i, properties: v, headers: v }, [G]: h }], [G]: j }], [G]: j }, { error: "Invalid Configuration: Missing Region", [G]: k }] }; -exports.ruleSet = _data; - - -/***/ }), - -/***/ 3764: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default")); -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/submodules/sts/index.ts -var index_exports = {}; -__export(index_exports, { - AssumeRoleCommand: () => AssumeRoleCommand, - AssumeRoleResponseFilterSensitiveLog: () => AssumeRoleResponseFilterSensitiveLog, - AssumeRoleWithWebIdentityCommand: () => AssumeRoleWithWebIdentityCommand, - AssumeRoleWithWebIdentityRequestFilterSensitiveLog: () => AssumeRoleWithWebIdentityRequestFilterSensitiveLog, - AssumeRoleWithWebIdentityResponseFilterSensitiveLog: () => AssumeRoleWithWebIdentityResponseFilterSensitiveLog, - ClientInputEndpointParameters: () => import_EndpointParameters3.ClientInputEndpointParameters, - CredentialsFilterSensitiveLog: () => CredentialsFilterSensitiveLog, - ExpiredTokenException: () => ExpiredTokenException, - IDPCommunicationErrorException: () => IDPCommunicationErrorException, - IDPRejectedClaimException: () => IDPRejectedClaimException, - InvalidIdentityTokenException: () => InvalidIdentityTokenException, - MalformedPolicyDocumentException: () => MalformedPolicyDocumentException, - PackedPolicyTooLargeException: () => PackedPolicyTooLargeException, - RegionDisabledException: () => RegionDisabledException, - STS: () => STS, - STSServiceException: () => STSServiceException, - decorateDefaultCredentialProvider: () => decorateDefaultCredentialProvider, - getDefaultRoleAssumer: () => getDefaultRoleAssumer2, - getDefaultRoleAssumerWithWebIdentity: () => getDefaultRoleAssumerWithWebIdentity2 -}); -module.exports = __toCommonJS(index_exports); -__reExport(index_exports, __nccwpck_require__(6878), module.exports); - -// src/submodules/sts/STS.ts -var import_smithy_client6 = __nccwpck_require__(3570); - -// src/submodules/sts/commands/AssumeRoleCommand.ts -var import_middleware_endpoint = __nccwpck_require__(2918); -var import_middleware_serde = __nccwpck_require__(1238); -var import_smithy_client4 = __nccwpck_require__(3570); -var import_EndpointParameters = __nccwpck_require__(981); - -// src/submodules/sts/models/models_0.ts -var import_smithy_client2 = __nccwpck_require__(3570); - -// src/submodules/sts/models/STSServiceException.ts -var import_smithy_client = __nccwpck_require__(3570); -var STSServiceException = class _STSServiceException extends import_smithy_client.ServiceException { - static { - __name(this, "STSServiceException"); - } - /** - * @internal - */ - constructor(options) { - super(options); - Object.setPrototypeOf(this, _STSServiceException.prototype); - } -}; - -// src/submodules/sts/models/models_0.ts -var CredentialsFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.SecretAccessKey && { SecretAccessKey: import_smithy_client2.SENSITIVE_STRING } -}), "CredentialsFilterSensitiveLog"); -var AssumeRoleResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) } -}), "AssumeRoleResponseFilterSensitiveLog"); -var ExpiredTokenException = class _ExpiredTokenException extends STSServiceException { - static { - __name(this, "ExpiredTokenException"); - } - name = "ExpiredTokenException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "ExpiredTokenException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _ExpiredTokenException.prototype); - } -}; -var MalformedPolicyDocumentException = class _MalformedPolicyDocumentException extends STSServiceException { - static { - __name(this, "MalformedPolicyDocumentException"); - } - name = "MalformedPolicyDocumentException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "MalformedPolicyDocumentException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _MalformedPolicyDocumentException.prototype); - } -}; -var PackedPolicyTooLargeException = class _PackedPolicyTooLargeException extends STSServiceException { - static { - __name(this, "PackedPolicyTooLargeException"); - } - name = "PackedPolicyTooLargeException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "PackedPolicyTooLargeException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _PackedPolicyTooLargeException.prototype); - } -}; -var RegionDisabledException = class _RegionDisabledException extends STSServiceException { - static { - __name(this, "RegionDisabledException"); - } - name = "RegionDisabledException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "RegionDisabledException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _RegionDisabledException.prototype); - } -}; -var IDPRejectedClaimException = class _IDPRejectedClaimException extends STSServiceException { - static { - __name(this, "IDPRejectedClaimException"); - } - name = "IDPRejectedClaimException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "IDPRejectedClaimException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _IDPRejectedClaimException.prototype); - } -}; -var InvalidIdentityTokenException = class _InvalidIdentityTokenException extends STSServiceException { - static { - __name(this, "InvalidIdentityTokenException"); - } - name = "InvalidIdentityTokenException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "InvalidIdentityTokenException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _InvalidIdentityTokenException.prototype); - } -}; -var AssumeRoleWithWebIdentityRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.WebIdentityToken && { WebIdentityToken: import_smithy_client2.SENSITIVE_STRING } -}), "AssumeRoleWithWebIdentityRequestFilterSensitiveLog"); -var AssumeRoleWithWebIdentityResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) } -}), "AssumeRoleWithWebIdentityResponseFilterSensitiveLog"); -var IDPCommunicationErrorException = class _IDPCommunicationErrorException extends STSServiceException { - static { - __name(this, "IDPCommunicationErrorException"); - } - name = "IDPCommunicationErrorException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "IDPCommunicationErrorException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _IDPCommunicationErrorException.prototype); - } -}; - -// src/submodules/sts/protocols/Aws_query.ts -var import_core = __nccwpck_require__(2143); -var import_protocol_http = __nccwpck_require__(4418); -var import_smithy_client3 = __nccwpck_require__(3570); -var se_AssumeRoleCommand = /* @__PURE__ */ __name(async (input, context) => { - const headers = SHARED_HEADERS; - let body; - body = buildFormUrlencodedString({ - ...se_AssumeRoleRequest(input, context), - [_A]: _AR, - [_V]: _ - }); - return buildHttpRpcRequest(context, headers, "/", void 0, body); -}, "se_AssumeRoleCommand"); -var se_AssumeRoleWithWebIdentityCommand = /* @__PURE__ */ __name(async (input, context) => { - const headers = SHARED_HEADERS; - let body; - body = buildFormUrlencodedString({ - ...se_AssumeRoleWithWebIdentityRequest(input, context), - [_A]: _ARWWI, - [_V]: _ - }); - return buildHttpRpcRequest(context, headers, "/", void 0, body); -}, "se_AssumeRoleWithWebIdentityCommand"); -var de_AssumeRoleCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode >= 300) { - return de_CommandError(output, context); - } - const data = await (0, import_core.parseXmlBody)(output.body, context); - let contents = {}; - contents = de_AssumeRoleResponse(data.AssumeRoleResult, context); - const response = { - $metadata: deserializeMetadata(output), - ...contents - }; - return response; -}, "de_AssumeRoleCommand"); -var de_AssumeRoleWithWebIdentityCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode >= 300) { - return de_CommandError(output, context); - } - const data = await (0, import_core.parseXmlBody)(output.body, context); - let contents = {}; - contents = de_AssumeRoleWithWebIdentityResponse(data.AssumeRoleWithWebIdentityResult, context); - const response = { - $metadata: deserializeMetadata(output), - ...contents - }; - return response; -}, "de_AssumeRoleWithWebIdentityCommand"); -var de_CommandError = /* @__PURE__ */ __name(async (output, context) => { - const parsedOutput = { - ...output, - body: await (0, import_core.parseXmlErrorBody)(output.body, context) - }; - const errorCode = loadQueryErrorCode(output, parsedOutput.body); - switch (errorCode) { - case "ExpiredTokenException": - case "com.amazonaws.sts#ExpiredTokenException": - throw await de_ExpiredTokenExceptionRes(parsedOutput, context); - case "MalformedPolicyDocument": - case "com.amazonaws.sts#MalformedPolicyDocumentException": - throw await de_MalformedPolicyDocumentExceptionRes(parsedOutput, context); - case "PackedPolicyTooLarge": - case "com.amazonaws.sts#PackedPolicyTooLargeException": - throw await de_PackedPolicyTooLargeExceptionRes(parsedOutput, context); - case "RegionDisabledException": - case "com.amazonaws.sts#RegionDisabledException": - throw await de_RegionDisabledExceptionRes(parsedOutput, context); - case "IDPCommunicationError": - case "com.amazonaws.sts#IDPCommunicationErrorException": - throw await de_IDPCommunicationErrorExceptionRes(parsedOutput, context); - case "IDPRejectedClaim": - case "com.amazonaws.sts#IDPRejectedClaimException": - throw await de_IDPRejectedClaimExceptionRes(parsedOutput, context); - case "InvalidIdentityToken": - case "com.amazonaws.sts#InvalidIdentityTokenException": - throw await de_InvalidIdentityTokenExceptionRes(parsedOutput, context); - default: - const parsedBody = parsedOutput.body; - return throwDefaultError({ - output, - parsedBody: parsedBody.Error, - errorCode - }); - } -}, "de_CommandError"); -var de_ExpiredTokenExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_ExpiredTokenException(body.Error, context); - const exception = new ExpiredTokenException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client3.decorateServiceException)(exception, body); -}, "de_ExpiredTokenExceptionRes"); -var de_IDPCommunicationErrorExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_IDPCommunicationErrorException(body.Error, context); - const exception = new IDPCommunicationErrorException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client3.decorateServiceException)(exception, body); -}, "de_IDPCommunicationErrorExceptionRes"); -var de_IDPRejectedClaimExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_IDPRejectedClaimException(body.Error, context); - const exception = new IDPRejectedClaimException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client3.decorateServiceException)(exception, body); -}, "de_IDPRejectedClaimExceptionRes"); -var de_InvalidIdentityTokenExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_InvalidIdentityTokenException(body.Error, context); - const exception = new InvalidIdentityTokenException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client3.decorateServiceException)(exception, body); -}, "de_InvalidIdentityTokenExceptionRes"); -var de_MalformedPolicyDocumentExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_MalformedPolicyDocumentException(body.Error, context); - const exception = new MalformedPolicyDocumentException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client3.decorateServiceException)(exception, body); -}, "de_MalformedPolicyDocumentExceptionRes"); -var de_PackedPolicyTooLargeExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_PackedPolicyTooLargeException(body.Error, context); - const exception = new PackedPolicyTooLargeException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client3.decorateServiceException)(exception, body); -}, "de_PackedPolicyTooLargeExceptionRes"); -var de_RegionDisabledExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_RegionDisabledException(body.Error, context); - const exception = new RegionDisabledException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client3.decorateServiceException)(exception, body); -}, "de_RegionDisabledExceptionRes"); -var se_AssumeRoleRequest = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_RA] != null) { - entries[_RA] = input[_RA]; - } - if (input[_RSN] != null) { - entries[_RSN] = input[_RSN]; - } - if (input[_PA] != null) { - const memberEntries = se_policyDescriptorListType(input[_PA], context); - if (input[_PA]?.length === 0) { - entries.PolicyArns = []; - } - Object.entries(memberEntries).forEach(([key, value]) => { - const loc = `PolicyArns.${key}`; - entries[loc] = value; - }); - } - if (input[_P] != null) { - entries[_P] = input[_P]; - } - if (input[_DS] != null) { - entries[_DS] = input[_DS]; - } - if (input[_T] != null) { - const memberEntries = se_tagListType(input[_T], context); - if (input[_T]?.length === 0) { - entries.Tags = []; - } - Object.entries(memberEntries).forEach(([key, value]) => { - const loc = `Tags.${key}`; - entries[loc] = value; - }); - } - if (input[_TTK] != null) { - const memberEntries = se_tagKeyListType(input[_TTK], context); - if (input[_TTK]?.length === 0) { - entries.TransitiveTagKeys = []; - } - Object.entries(memberEntries).forEach(([key, value]) => { - const loc = `TransitiveTagKeys.${key}`; - entries[loc] = value; - }); - } - if (input[_EI] != null) { - entries[_EI] = input[_EI]; - } - if (input[_SN] != null) { - entries[_SN] = input[_SN]; - } - if (input[_TC] != null) { - entries[_TC] = input[_TC]; - } - if (input[_SI] != null) { - entries[_SI] = input[_SI]; - } - if (input[_PC] != null) { - const memberEntries = se_ProvidedContextsListType(input[_PC], context); - if (input[_PC]?.length === 0) { - entries.ProvidedContexts = []; - } - Object.entries(memberEntries).forEach(([key, value]) => { - const loc = `ProvidedContexts.${key}`; - entries[loc] = value; - }); - } - return entries; -}, "se_AssumeRoleRequest"); -var se_AssumeRoleWithWebIdentityRequest = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_RA] != null) { - entries[_RA] = input[_RA]; - } - if (input[_RSN] != null) { - entries[_RSN] = input[_RSN]; - } - if (input[_WIT] != null) { - entries[_WIT] = input[_WIT]; - } - if (input[_PI] != null) { - entries[_PI] = input[_PI]; - } - if (input[_PA] != null) { - const memberEntries = se_policyDescriptorListType(input[_PA], context); - if (input[_PA]?.length === 0) { - entries.PolicyArns = []; - } - Object.entries(memberEntries).forEach(([key, value]) => { - const loc = `PolicyArns.${key}`; - entries[loc] = value; - }); - } - if (input[_P] != null) { - entries[_P] = input[_P]; - } - if (input[_DS] != null) { - entries[_DS] = input[_DS]; - } - return entries; -}, "se_AssumeRoleWithWebIdentityRequest"); -var se_policyDescriptorListType = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - let counter = 1; - for (const entry of input) { - if (entry === null) { - continue; - } - const memberEntries = se_PolicyDescriptorType(entry, context); - Object.entries(memberEntries).forEach(([key, value]) => { - entries[`member.${counter}.${key}`] = value; - }); - counter++; - } - return entries; -}, "se_policyDescriptorListType"); -var se_PolicyDescriptorType = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_a] != null) { - entries[_a] = input[_a]; - } - return entries; -}, "se_PolicyDescriptorType"); -var se_ProvidedContext = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_PAr] != null) { - entries[_PAr] = input[_PAr]; - } - if (input[_CA] != null) { - entries[_CA] = input[_CA]; - } - return entries; -}, "se_ProvidedContext"); -var se_ProvidedContextsListType = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - let counter = 1; - for (const entry of input) { - if (entry === null) { - continue; - } - const memberEntries = se_ProvidedContext(entry, context); - Object.entries(memberEntries).forEach(([key, value]) => { - entries[`member.${counter}.${key}`] = value; - }); - counter++; - } - return entries; -}, "se_ProvidedContextsListType"); -var se_Tag = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_K] != null) { - entries[_K] = input[_K]; - } - if (input[_Va] != null) { - entries[_Va] = input[_Va]; - } - return entries; -}, "se_Tag"); -var se_tagKeyListType = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - let counter = 1; - for (const entry of input) { - if (entry === null) { - continue; - } - entries[`member.${counter}`] = entry; - counter++; - } - return entries; -}, "se_tagKeyListType"); -var se_tagListType = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - let counter = 1; - for (const entry of input) { - if (entry === null) { - continue; - } - const memberEntries = se_Tag(entry, context); - Object.entries(memberEntries).forEach(([key, value]) => { - entries[`member.${counter}.${key}`] = value; - }); - counter++; - } - return entries; -}, "se_tagListType"); -var de_AssumedRoleUser = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_ARI] != null) { - contents[_ARI] = (0, import_smithy_client3.expectString)(output[_ARI]); - } - if (output[_Ar] != null) { - contents[_Ar] = (0, import_smithy_client3.expectString)(output[_Ar]); - } - return contents; -}, "de_AssumedRoleUser"); -var de_AssumeRoleResponse = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_C] != null) { - contents[_C] = de_Credentials(output[_C], context); - } - if (output[_ARU] != null) { - contents[_ARU] = de_AssumedRoleUser(output[_ARU], context); - } - if (output[_PPS] != null) { - contents[_PPS] = (0, import_smithy_client3.strictParseInt32)(output[_PPS]); - } - if (output[_SI] != null) { - contents[_SI] = (0, import_smithy_client3.expectString)(output[_SI]); - } - return contents; -}, "de_AssumeRoleResponse"); -var de_AssumeRoleWithWebIdentityResponse = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_C] != null) { - contents[_C] = de_Credentials(output[_C], context); - } - if (output[_SFWIT] != null) { - contents[_SFWIT] = (0, import_smithy_client3.expectString)(output[_SFWIT]); - } - if (output[_ARU] != null) { - contents[_ARU] = de_AssumedRoleUser(output[_ARU], context); - } - if (output[_PPS] != null) { - contents[_PPS] = (0, import_smithy_client3.strictParseInt32)(output[_PPS]); - } - if (output[_Pr] != null) { - contents[_Pr] = (0, import_smithy_client3.expectString)(output[_Pr]); - } - if (output[_Au] != null) { - contents[_Au] = (0, import_smithy_client3.expectString)(output[_Au]); - } - if (output[_SI] != null) { - contents[_SI] = (0, import_smithy_client3.expectString)(output[_SI]); - } - return contents; -}, "de_AssumeRoleWithWebIdentityResponse"); -var de_Credentials = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_AKI] != null) { - contents[_AKI] = (0, import_smithy_client3.expectString)(output[_AKI]); - } - if (output[_SAK] != null) { - contents[_SAK] = (0, import_smithy_client3.expectString)(output[_SAK]); - } - if (output[_ST] != null) { - contents[_ST] = (0, import_smithy_client3.expectString)(output[_ST]); - } - if (output[_E] != null) { - contents[_E] = (0, import_smithy_client3.expectNonNull)((0, import_smithy_client3.parseRfc3339DateTimeWithOffset)(output[_E])); - } - return contents; -}, "de_Credentials"); -var de_ExpiredTokenException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); - } - return contents; -}, "de_ExpiredTokenException"); -var de_IDPCommunicationErrorException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); - } - return contents; -}, "de_IDPCommunicationErrorException"); -var de_IDPRejectedClaimException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); - } - return contents; -}, "de_IDPRejectedClaimException"); -var de_InvalidIdentityTokenException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); - } - return contents; -}, "de_InvalidIdentityTokenException"); -var de_MalformedPolicyDocumentException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); - } - return contents; -}, "de_MalformedPolicyDocumentException"); -var de_PackedPolicyTooLargeException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); - } - return contents; -}, "de_PackedPolicyTooLargeException"); -var de_RegionDisabledException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); - } - return contents; -}, "de_RegionDisabledException"); -var deserializeMetadata = /* @__PURE__ */ __name((output) => ({ - httpStatusCode: output.statusCode, - requestId: output.headers["x-amzn-requestid"] ?? output.headers["x-amzn-request-id"] ?? output.headers["x-amz-request-id"], - extendedRequestId: output.headers["x-amz-id-2"], - cfId: output.headers["x-amz-cf-id"] -}), "deserializeMetadata"); -var throwDefaultError = (0, import_smithy_client3.withBaseException)(STSServiceException); -var buildHttpRpcRequest = /* @__PURE__ */ __name(async (context, headers, path, resolvedHostname, body) => { - const { hostname, protocol = "https", port, path: basePath } = await context.endpoint(); - const contents = { - protocol, - hostname, - port, - method: "POST", - path: basePath.endsWith("/") ? basePath.slice(0, -1) + path : basePath + path, - headers - }; - if (resolvedHostname !== void 0) { - contents.hostname = resolvedHostname; - } - if (body !== void 0) { - contents.body = body; - } - return new import_protocol_http.HttpRequest(contents); -}, "buildHttpRpcRequest"); -var SHARED_HEADERS = { - "content-type": "application/x-www-form-urlencoded" -}; -var _ = "2011-06-15"; -var _A = "Action"; -var _AKI = "AccessKeyId"; -var _AR = "AssumeRole"; -var _ARI = "AssumedRoleId"; -var _ARU = "AssumedRoleUser"; -var _ARWWI = "AssumeRoleWithWebIdentity"; -var _Ar = "Arn"; -var _Au = "Audience"; -var _C = "Credentials"; -var _CA = "ContextAssertion"; -var _DS = "DurationSeconds"; -var _E = "Expiration"; -var _EI = "ExternalId"; -var _K = "Key"; -var _P = "Policy"; -var _PA = "PolicyArns"; -var _PAr = "ProviderArn"; -var _PC = "ProvidedContexts"; -var _PI = "ProviderId"; -var _PPS = "PackedPolicySize"; -var _Pr = "Provider"; -var _RA = "RoleArn"; -var _RSN = "RoleSessionName"; -var _SAK = "SecretAccessKey"; -var _SFWIT = "SubjectFromWebIdentityToken"; -var _SI = "SourceIdentity"; -var _SN = "SerialNumber"; -var _ST = "SessionToken"; -var _T = "Tags"; -var _TC = "TokenCode"; -var _TTK = "TransitiveTagKeys"; -var _V = "Version"; -var _Va = "Value"; -var _WIT = "WebIdentityToken"; -var _a = "arn"; -var _m = "message"; -var buildFormUrlencodedString = /* @__PURE__ */ __name((formEntries) => Object.entries(formEntries).map(([key, value]) => (0, import_smithy_client3.extendedEncodeURIComponent)(key) + "=" + (0, import_smithy_client3.extendedEncodeURIComponent)(value)).join("&"), "buildFormUrlencodedString"); -var loadQueryErrorCode = /* @__PURE__ */ __name((output, data) => { - if (data.Error?.Code !== void 0) { - return data.Error.Code; - } - if (output.statusCode == 404) { - return "NotFound"; - } -}, "loadQueryErrorCode"); - -// src/submodules/sts/commands/AssumeRoleCommand.ts -var AssumeRoleCommand = class extends import_smithy_client4.Command.classBuilder().ep(import_EndpointParameters.commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("AWSSecurityTokenServiceV20110615", "AssumeRole", {}).n("STSClient", "AssumeRoleCommand").f(void 0, AssumeRoleResponseFilterSensitiveLog).ser(se_AssumeRoleCommand).de(de_AssumeRoleCommand).build() { - static { - __name(this, "AssumeRoleCommand"); - } -}; - -// src/submodules/sts/commands/AssumeRoleWithWebIdentityCommand.ts -var import_middleware_endpoint2 = __nccwpck_require__(2918); -var import_middleware_serde2 = __nccwpck_require__(1238); -var import_smithy_client5 = __nccwpck_require__(3570); -var import_EndpointParameters2 = __nccwpck_require__(981); -var AssumeRoleWithWebIdentityCommand = class extends import_smithy_client5.Command.classBuilder().ep(import_EndpointParameters2.commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde2.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint2.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("AWSSecurityTokenServiceV20110615", "AssumeRoleWithWebIdentity", {}).n("STSClient", "AssumeRoleWithWebIdentityCommand").f(AssumeRoleWithWebIdentityRequestFilterSensitiveLog, AssumeRoleWithWebIdentityResponseFilterSensitiveLog).ser(se_AssumeRoleWithWebIdentityCommand).de(de_AssumeRoleWithWebIdentityCommand).build() { - static { - __name(this, "AssumeRoleWithWebIdentityCommand"); - } -}; - -// src/submodules/sts/STS.ts -var import_STSClient = __nccwpck_require__(6878); -var commands = { - AssumeRoleCommand, - AssumeRoleWithWebIdentityCommand -}; -var STS = class extends import_STSClient.STSClient { - static { - __name(this, "STS"); - } -}; -(0, import_smithy_client6.createAggregatedClient)(commands, STS); - -// src/submodules/sts/index.ts -var import_EndpointParameters3 = __nccwpck_require__(981); - -// src/submodules/sts/defaultStsRoleAssumers.ts -var import_client = __nccwpck_require__(6510); -var ASSUME_ROLE_DEFAULT_REGION = "us-east-1"; -var getAccountIdFromAssumedRoleUser = /* @__PURE__ */ __name((assumedRoleUser) => { - if (typeof assumedRoleUser?.Arn === "string") { - const arnComponents = assumedRoleUser.Arn.split(":"); - if (arnComponents.length > 4 && arnComponents[4] !== "") { - return arnComponents[4]; - } - } - return void 0; -}, "getAccountIdFromAssumedRoleUser"); -var resolveRegion = /* @__PURE__ */ __name(async (_region, _parentRegion, credentialProviderLogger) => { - const region = typeof _region === "function" ? await _region() : _region; - const parentRegion = typeof _parentRegion === "function" ? await _parentRegion() : _parentRegion; - credentialProviderLogger?.debug?.( - "@aws-sdk/client-sts::resolveRegion", - "accepting first of:", - `${region} (provider)`, - `${parentRegion} (parent client)`, - `${ASSUME_ROLE_DEFAULT_REGION} (STS default)` - ); - return region ?? parentRegion ?? ASSUME_ROLE_DEFAULT_REGION; -}, "resolveRegion"); -var getDefaultRoleAssumer = /* @__PURE__ */ __name((stsOptions, STSClient3) => { - let stsClient; - let closureSourceCreds; - return async (sourceCreds, params) => { - closureSourceCreds = sourceCreds; - if (!stsClient) { - const { - logger = stsOptions?.parentClientConfig?.logger, - region, - requestHandler = stsOptions?.parentClientConfig?.requestHandler, - credentialProviderLogger - } = stsOptions; - const resolvedRegion = await resolveRegion( - region, - stsOptions?.parentClientConfig?.region, - credentialProviderLogger - ); - const isCompatibleRequestHandler = !isH2(requestHandler); - stsClient = new STSClient3({ - profile: stsOptions?.parentClientConfig?.profile, - // A hack to make sts client uses the credential in current closure. - credentialDefaultProvider: /* @__PURE__ */ __name(() => async () => closureSourceCreds, "credentialDefaultProvider"), - region: resolvedRegion, - requestHandler: isCompatibleRequestHandler ? requestHandler : void 0, - logger - }); - } - const { Credentials: Credentials2, AssumedRoleUser: AssumedRoleUser2 } = await stsClient.send(new AssumeRoleCommand(params)); - if (!Credentials2 || !Credentials2.AccessKeyId || !Credentials2.SecretAccessKey) { - throw new Error(`Invalid response from STS.assumeRole call with role ${params.RoleArn}`); - } - const accountId = getAccountIdFromAssumedRoleUser(AssumedRoleUser2); - const credentials = { - accessKeyId: Credentials2.AccessKeyId, - secretAccessKey: Credentials2.SecretAccessKey, - sessionToken: Credentials2.SessionToken, - expiration: Credentials2.Expiration, - // TODO(credentialScope): access normally when shape is updated. - ...Credentials2.CredentialScope && { credentialScope: Credentials2.CredentialScope }, - ...accountId && { accountId } - }; - (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_STS_ASSUME_ROLE", "i"); - return credentials; - }; -}, "getDefaultRoleAssumer"); -var getDefaultRoleAssumerWithWebIdentity = /* @__PURE__ */ __name((stsOptions, STSClient3) => { - let stsClient; - return async (params) => { - if (!stsClient) { - const { - logger = stsOptions?.parentClientConfig?.logger, - region, - requestHandler = stsOptions?.parentClientConfig?.requestHandler, - credentialProviderLogger - } = stsOptions; - const resolvedRegion = await resolveRegion( - region, - stsOptions?.parentClientConfig?.region, - credentialProviderLogger - ); - const isCompatibleRequestHandler = !isH2(requestHandler); - stsClient = new STSClient3({ - profile: stsOptions?.parentClientConfig?.profile, - region: resolvedRegion, - requestHandler: isCompatibleRequestHandler ? requestHandler : void 0, - logger - }); - } - const { Credentials: Credentials2, AssumedRoleUser: AssumedRoleUser2 } = await stsClient.send(new AssumeRoleWithWebIdentityCommand(params)); - if (!Credentials2 || !Credentials2.AccessKeyId || !Credentials2.SecretAccessKey) { - throw new Error(`Invalid response from STS.assumeRoleWithWebIdentity call with role ${params.RoleArn}`); - } - const accountId = getAccountIdFromAssumedRoleUser(AssumedRoleUser2); - const credentials = { - accessKeyId: Credentials2.AccessKeyId, - secretAccessKey: Credentials2.SecretAccessKey, - sessionToken: Credentials2.SessionToken, - expiration: Credentials2.Expiration, - // TODO(credentialScope): access normally when shape is updated. - ...Credentials2.CredentialScope && { credentialScope: Credentials2.CredentialScope }, - ...accountId && { accountId } - }; - if (accountId) { - (0, import_client.setCredentialFeature)(credentials, "RESOLVED_ACCOUNT_ID", "T"); - } - (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_STS_ASSUME_ROLE_WEB_ID", "k"); - return credentials; - }; -}, "getDefaultRoleAssumerWithWebIdentity"); -var isH2 = /* @__PURE__ */ __name((requestHandler) => { - return requestHandler?.metadata?.handlerProtocol === "h2"; -}, "isH2"); - -// src/submodules/sts/defaultRoleAssumers.ts -var import_STSClient2 = __nccwpck_require__(6878); -var getCustomizableStsClientCtor = /* @__PURE__ */ __name((baseCtor, customizations) => { - if (!customizations) return baseCtor; - else - return class CustomizableSTSClient extends baseCtor { - static { - __name(this, "CustomizableSTSClient"); - } - constructor(config) { - super(config); - for (const customization of customizations) { - this.middlewareStack.use(customization); - } - } - }; -}, "getCustomizableStsClientCtor"); -var getDefaultRoleAssumer2 = /* @__PURE__ */ __name((stsOptions = {}, stsPlugins) => getDefaultRoleAssumer(stsOptions, getCustomizableStsClientCtor(import_STSClient2.STSClient, stsPlugins)), "getDefaultRoleAssumer"); -var getDefaultRoleAssumerWithWebIdentity2 = /* @__PURE__ */ __name((stsOptions = {}, stsPlugins) => getDefaultRoleAssumerWithWebIdentity(stsOptions, getCustomizableStsClientCtor(import_STSClient2.STSClient, stsPlugins)), "getDefaultRoleAssumerWithWebIdentity"); -var decorateDefaultCredentialProvider = /* @__PURE__ */ __name((provider) => (input) => provider({ - roleAssumer: getDefaultRoleAssumer2(input), - roleAssumerWithWebIdentity: getDefaultRoleAssumerWithWebIdentity2(input), - ...input -}), "decorateDefaultCredentialProvider"); -// Annotate the CommonJS export names for ESM import in node: -0 && (0); - - -/***/ }), - -/***/ 302: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.getRuntimeConfig = void 0; -const tslib_1 = __nccwpck_require__(4351); -const package_json_1 = tslib_1.__importDefault(__nccwpck_require__(4178)); -const core_1 = __nccwpck_require__(2143); -const util_user_agent_node_1 = __nccwpck_require__(7330); -const config_resolver_1 = __nccwpck_require__(3098); -const core_2 = __nccwpck_require__(5829); -const hash_node_1 = __nccwpck_require__(3081); -const middleware_retry_1 = __nccwpck_require__(6039); -const node_config_provider_1 = __nccwpck_require__(3461); -const node_http_handler_1 = __nccwpck_require__(258); -const util_body_length_node_1 = __nccwpck_require__(8075); -const util_retry_1 = __nccwpck_require__(4902); -const runtimeConfig_shared_1 = __nccwpck_require__(9165); -const smithy_client_1 = __nccwpck_require__(3570); -const util_defaults_mode_node_1 = __nccwpck_require__(2429); -const smithy_client_2 = __nccwpck_require__(3570); -const getRuntimeConfig = (config) => { - (0, smithy_client_2.emitWarningIfUnsupportedVersion)(process.version); - const defaultsMode = (0, util_defaults_mode_node_1.resolveDefaultsModeConfig)(config); - const defaultConfigProvider = () => defaultsMode().then(smithy_client_1.loadConfigsForDefaultMode); - const clientSharedValues = (0, runtimeConfig_shared_1.getRuntimeConfig)(config); - (0, core_1.emitWarningIfUnsupportedVersion)(process.version); - const loaderConfig = { - profile: config?.profile, - logger: clientSharedValues.logger, - }; - return { - ...clientSharedValues, - ...config, - runtime: "node", - defaultsMode, - authSchemePreference: config?.authSchemePreference ?? (0, node_config_provider_1.loadConfig)(core_1.NODE_AUTH_SCHEME_PREFERENCE_OPTIONS, loaderConfig), - bodyLengthChecker: config?.bodyLengthChecker ?? util_body_length_node_1.calculateBodyLength, - defaultUserAgentProvider: config?.defaultUserAgentProvider ?? - (0, util_user_agent_node_1.createDefaultUserAgentProvider)({ serviceId: clientSharedValues.serviceId, clientVersion: package_json_1.default.version }), - httpAuthSchemes: config?.httpAuthSchemes ?? [ - { - schemeId: "aws.auth#sigv4", - identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4") || - (async (idProps) => await config.credentialDefaultProvider(idProps?.__config || {})()), - signer: new core_1.AwsSdkSigV4Signer(), - }, - { - schemeId: "smithy.api#noAuth", - identityProvider: (ipc) => ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})), - signer: new core_2.NoAuthSigner(), - }, - ], - maxAttempts: config?.maxAttempts ?? (0, node_config_provider_1.loadConfig)(middleware_retry_1.NODE_MAX_ATTEMPT_CONFIG_OPTIONS, config), - region: config?.region ?? - (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_REGION_CONFIG_OPTIONS, { ...config_resolver_1.NODE_REGION_CONFIG_FILE_OPTIONS, ...loaderConfig }), - requestHandler: node_http_handler_1.NodeHttpHandler.create(config?.requestHandler ?? defaultConfigProvider), - retryMode: config?.retryMode ?? - (0, node_config_provider_1.loadConfig)({ - ...middleware_retry_1.NODE_RETRY_MODE_CONFIG_OPTIONS, - default: async () => (await defaultConfigProvider()).retryMode || util_retry_1.DEFAULT_RETRY_MODE, - }, config), - sha256: config?.sha256 ?? hash_node_1.Hash.bind(null, "sha256"), - streamCollector: config?.streamCollector ?? node_http_handler_1.streamCollector, - useDualstackEndpoint: config?.useDualstackEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS, loaderConfig), - useFipsEndpoint: config?.useFipsEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS, loaderConfig), - userAgentAppId: config?.userAgentAppId ?? (0, node_config_provider_1.loadConfig)(util_user_agent_node_1.NODE_APP_ID_CONFIG_OPTIONS, loaderConfig), - }; -}; -exports.getRuntimeConfig = getRuntimeConfig; - - -/***/ }), - -/***/ 9165: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.getRuntimeConfig = void 0; -const core_1 = __nccwpck_require__(2143); -const core_2 = __nccwpck_require__(5829); -const smithy_client_1 = __nccwpck_require__(3570); -const url_parser_1 = __nccwpck_require__(4681); -const util_base64_1 = __nccwpck_require__(5600); -const util_utf8_1 = __nccwpck_require__(1895); -const httpAuthSchemeProvider_1 = __nccwpck_require__(3061); -const endpointResolver_1 = __nccwpck_require__(8181); -const getRuntimeConfig = (config) => { - return { - apiVersion: "2011-06-15", - base64Decoder: config?.base64Decoder ?? util_base64_1.fromBase64, - base64Encoder: config?.base64Encoder ?? util_base64_1.toBase64, - disableHostPrefix: config?.disableHostPrefix ?? false, - endpointProvider: config?.endpointProvider ?? endpointResolver_1.defaultEndpointResolver, - extensions: config?.extensions ?? [], - httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? httpAuthSchemeProvider_1.defaultSTSHttpAuthSchemeProvider, - httpAuthSchemes: config?.httpAuthSchemes ?? [ - { - schemeId: "aws.auth#sigv4", - identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4"), - signer: new core_1.AwsSdkSigV4Signer(), - }, - { - schemeId: "smithy.api#noAuth", - identityProvider: (ipc) => ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})), - signer: new core_2.NoAuthSigner(), - }, - ], - logger: config?.logger ?? new smithy_client_1.NoOpLogger(), - serviceId: config?.serviceId ?? "STS", - urlParser: config?.urlParser ?? url_parser_1.parseUrl, - utf8Decoder: config?.utf8Decoder ?? util_utf8_1.fromUtf8, - utf8Encoder: config?.utf8Encoder ?? util_utf8_1.toUtf8, - }; -}; -exports.getRuntimeConfig = getRuntimeConfig; - - -/***/ }), - -/***/ 9913: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.resolveRuntimeExtensions = void 0; -const region_config_resolver_1 = __nccwpck_require__(6976); -const protocol_http_1 = __nccwpck_require__(4418); -const smithy_client_1 = __nccwpck_require__(3570); -const httpAuthExtensionConfiguration_1 = __nccwpck_require__(1746); -const resolveRuntimeExtensions = (runtimeConfig, extensions) => { - const extensionConfiguration = Object.assign((0, region_config_resolver_1.getAwsRegionExtensionConfiguration)(runtimeConfig), (0, smithy_client_1.getDefaultExtensionConfiguration)(runtimeConfig), (0, protocol_http_1.getHttpHandlerExtensionConfiguration)(runtimeConfig), (0, httpAuthExtensionConfiguration_1.getHttpAuthExtensionConfiguration)(runtimeConfig)); - extensions.forEach((extension) => extension.configure(extensionConfiguration)); - return Object.assign(runtimeConfig, (0, region_config_resolver_1.resolveAwsRegionExtensionConfiguration)(extensionConfiguration), (0, smithy_client_1.resolveDefaultRuntimeConfig)(extensionConfiguration), (0, protocol_http_1.resolveHttpHandlerRuntimeConfig)(extensionConfiguration), (0, httpAuthExtensionConfiguration_1.resolveHttpAuthRuntimeConfig)(extensionConfiguration)); -}; -exports.resolveRuntimeExtensions = resolveRuntimeExtensions; - - -/***/ }), - -/***/ 6976: -/***/ ((module) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - NODE_REGION_CONFIG_FILE_OPTIONS: () => NODE_REGION_CONFIG_FILE_OPTIONS, - NODE_REGION_CONFIG_OPTIONS: () => NODE_REGION_CONFIG_OPTIONS, - REGION_ENV_NAME: () => REGION_ENV_NAME, - REGION_INI_NAME: () => REGION_INI_NAME, - getAwsRegionExtensionConfiguration: () => getAwsRegionExtensionConfiguration, - resolveAwsRegionExtensionConfiguration: () => resolveAwsRegionExtensionConfiguration, - resolveRegionConfig: () => resolveRegionConfig -}); -module.exports = __toCommonJS(index_exports); - -// src/extensions/index.ts -var getAwsRegionExtensionConfiguration = /* @__PURE__ */ __name((runtimeConfig) => { - return { - setRegion(region) { - runtimeConfig.region = region; - }, - region() { - return runtimeConfig.region; - } - }; -}, "getAwsRegionExtensionConfiguration"); -var resolveAwsRegionExtensionConfiguration = /* @__PURE__ */ __name((awsRegionExtensionConfiguration) => { - return { - region: awsRegionExtensionConfiguration.region() - }; -}, "resolveAwsRegionExtensionConfiguration"); - -// src/regionConfig/config.ts -var REGION_ENV_NAME = "AWS_REGION"; -var REGION_INI_NAME = "region"; -var NODE_REGION_CONFIG_OPTIONS = { - environmentVariableSelector: /* @__PURE__ */ __name((env) => env[REGION_ENV_NAME], "environmentVariableSelector"), - configFileSelector: /* @__PURE__ */ __name((profile) => profile[REGION_INI_NAME], "configFileSelector"), - default: /* @__PURE__ */ __name(() => { - throw new Error("Region is missing"); - }, "default") -}; -var NODE_REGION_CONFIG_FILE_OPTIONS = { - preferredFile: "credentials" -}; - -// src/regionConfig/isFipsRegion.ts -var isFipsRegion = /* @__PURE__ */ __name((region) => typeof region === "string" && (region.startsWith("fips-") || region.endsWith("-fips")), "isFipsRegion"); - -// src/regionConfig/getRealRegion.ts -var getRealRegion = /* @__PURE__ */ __name((region) => isFipsRegion(region) ? ["fips-aws-global", "aws-fips"].includes(region) ? "us-east-1" : region.replace(/fips-(dkr-|prod-)?|-fips/, "") : region, "getRealRegion"); - -// src/regionConfig/resolveRegionConfig.ts -var resolveRegionConfig = /* @__PURE__ */ __name((input) => { - const { region, useFipsEndpoint } = input; - if (!region) { - throw new Error("Region is missing"); - } - return Object.assign(input, { - region: /* @__PURE__ */ __name(async () => { - if (typeof region === "string") { - return getRealRegion(region); - } - const providedRegion = await region(); - return getRealRegion(providedRegion); - }, "region"), - useFipsEndpoint: /* @__PURE__ */ __name(async () => { - const providedRegion = typeof region === "string" ? region : await region(); - if (isFipsRegion(providedRegion)) { - return true; - } - return typeof useFipsEndpoint !== "function" ? Promise.resolve(!!useFipsEndpoint) : useFipsEndpoint(); - }, "useFipsEndpoint") - }); -}, "resolveRegionConfig"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 7182: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; - -var __create = Object.create; -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __getProtoOf = Object.getPrototypeOf; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps( - // If the importer is in node compatibility mode or this is not an ESM - // file that has been converted to a CommonJS file using a Babel- - // compatible transform (i.e. "__esModule" has not been set), then set - // "default" to the CommonJS "module.exports" for node compatibility. - isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target, - mod -)); -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - fromEnvSigningName: () => fromEnvSigningName, - fromSso: () => fromSso, - fromStatic: () => fromStatic, - nodeProvider: () => nodeProvider -}); -module.exports = __toCommonJS(index_exports); - -// src/fromEnvSigningName.ts -var import_client = __nccwpck_require__(6510); -var import_httpAuthSchemes = __nccwpck_require__(3017); -var import_property_provider = __nccwpck_require__(9721); -var fromEnvSigningName = /* @__PURE__ */ __name(({ logger, signingName } = {}) => async () => { - logger?.debug?.("@aws-sdk/token-providers - fromEnvSigningName"); - if (!signingName) { - throw new import_property_provider.TokenProviderError("Please pass 'signingName' to compute environment variable key", { logger }); - } - const bearerTokenKey = (0, import_httpAuthSchemes.getBearerTokenEnvKey)(signingName); - if (!(bearerTokenKey in process.env)) { - throw new import_property_provider.TokenProviderError(`Token not present in '${bearerTokenKey}' environment variable`, { logger }); - } - const token = { token: process.env[bearerTokenKey] }; - (0, import_client.setTokenFeature)(token, "BEARER_SERVICE_ENV_VARS", "3"); - return token; -}, "fromEnvSigningName"); - -// src/fromSso.ts - - - -// src/constants.ts -var EXPIRE_WINDOW_MS = 5 * 60 * 1e3; -var REFRESH_MESSAGE = `To refresh this SSO session run 'aws sso login' with the corresponding profile.`; - -// src/getSsoOidcClient.ts -var getSsoOidcClient = /* @__PURE__ */ __name(async (ssoRegion, init = {}) => { - const { SSOOIDCClient } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(8959))); - const ssoOidcClient = new SSOOIDCClient( - Object.assign({}, init.clientConfig ?? {}, { - region: ssoRegion ?? init.clientConfig?.region, - logger: init.clientConfig?.logger ?? init.parentClientConfig?.logger - }) - ); - return ssoOidcClient; -}, "getSsoOidcClient"); - -// src/getNewSsoOidcToken.ts -var getNewSsoOidcToken = /* @__PURE__ */ __name(async (ssoToken, ssoRegion, init = {}) => { - const { CreateTokenCommand } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(8959))); - const ssoOidcClient = await getSsoOidcClient(ssoRegion, init); - return ssoOidcClient.send( - new CreateTokenCommand({ - clientId: ssoToken.clientId, - clientSecret: ssoToken.clientSecret, - refreshToken: ssoToken.refreshToken, - grantType: "refresh_token" - }) - ); -}, "getNewSsoOidcToken"); - -// src/validateTokenExpiry.ts - -var validateTokenExpiry = /* @__PURE__ */ __name((token) => { - if (token.expiration && token.expiration.getTime() < Date.now()) { - throw new import_property_provider.TokenProviderError(`Token is expired. ${REFRESH_MESSAGE}`, false); - } -}, "validateTokenExpiry"); - -// src/validateTokenKey.ts - -var validateTokenKey = /* @__PURE__ */ __name((key, value, forRefresh = false) => { - if (typeof value === "undefined") { - throw new import_property_provider.TokenProviderError( - `Value not present for '${key}' in SSO Token${forRefresh ? ". Cannot refresh" : ""}. ${REFRESH_MESSAGE}`, - false - ); - } -}, "validateTokenKey"); - -// src/writeSSOTokenToFile.ts -var import_shared_ini_file_loader = __nccwpck_require__(3507); -var import_fs = __nccwpck_require__(7147); -var { writeFile } = import_fs.promises; -var writeSSOTokenToFile = /* @__PURE__ */ __name((id, ssoToken) => { - const tokenFilepath = (0, import_shared_ini_file_loader.getSSOTokenFilepath)(id); - const tokenString = JSON.stringify(ssoToken, null, 2); - return writeFile(tokenFilepath, tokenString); -}, "writeSSOTokenToFile"); - -// src/fromSso.ts -var lastRefreshAttemptTime = /* @__PURE__ */ new Date(0); -var fromSso = /* @__PURE__ */ __name((_init = {}) => async ({ callerClientConfig } = {}) => { - const init = { - ..._init, - parentClientConfig: { - ...callerClientConfig, - ..._init.parentClientConfig - } - }; - init.logger?.debug("@aws-sdk/token-providers - fromSso"); - const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init); - const profileName = (0, import_shared_ini_file_loader.getProfileName)({ - profile: init.profile ?? callerClientConfig?.profile - }); - const profile = profiles[profileName]; - if (!profile) { - throw new import_property_provider.TokenProviderError(`Profile '${profileName}' could not be found in shared credentials file.`, false); - } else if (!profile["sso_session"]) { - throw new import_property_provider.TokenProviderError(`Profile '${profileName}' is missing required property 'sso_session'.`); - } - const ssoSessionName = profile["sso_session"]; - const ssoSessions = await (0, import_shared_ini_file_loader.loadSsoSessionData)(init); - const ssoSession = ssoSessions[ssoSessionName]; - if (!ssoSession) { - throw new import_property_provider.TokenProviderError( - `Sso session '${ssoSessionName}' could not be found in shared credentials file.`, - false - ); - } - for (const ssoSessionRequiredKey of ["sso_start_url", "sso_region"]) { - if (!ssoSession[ssoSessionRequiredKey]) { - throw new import_property_provider.TokenProviderError( - `Sso session '${ssoSessionName}' is missing required property '${ssoSessionRequiredKey}'.`, - false - ); - } - } - const ssoStartUrl = ssoSession["sso_start_url"]; - const ssoRegion = ssoSession["sso_region"]; - let ssoToken; - try { - ssoToken = await (0, import_shared_ini_file_loader.getSSOTokenFromFile)(ssoSessionName); - } catch (e) { - throw new import_property_provider.TokenProviderError( - `The SSO session token associated with profile=${profileName} was not found or is invalid. ${REFRESH_MESSAGE}`, - false - ); - } - validateTokenKey("accessToken", ssoToken.accessToken); - validateTokenKey("expiresAt", ssoToken.expiresAt); - const { accessToken, expiresAt } = ssoToken; - const existingToken = { token: accessToken, expiration: new Date(expiresAt) }; - if (existingToken.expiration.getTime() - Date.now() > EXPIRE_WINDOW_MS) { - return existingToken; - } - if (Date.now() - lastRefreshAttemptTime.getTime() < 30 * 1e3) { - validateTokenExpiry(existingToken); - return existingToken; - } - validateTokenKey("clientId", ssoToken.clientId, true); - validateTokenKey("clientSecret", ssoToken.clientSecret, true); - validateTokenKey("refreshToken", ssoToken.refreshToken, true); - try { - lastRefreshAttemptTime.setTime(Date.now()); - const newSsoOidcToken = await getNewSsoOidcToken(ssoToken, ssoRegion, init); - validateTokenKey("accessToken", newSsoOidcToken.accessToken); - validateTokenKey("expiresIn", newSsoOidcToken.expiresIn); - const newTokenExpiration = new Date(Date.now() + newSsoOidcToken.expiresIn * 1e3); - try { - await writeSSOTokenToFile(ssoSessionName, { - ...ssoToken, - accessToken: newSsoOidcToken.accessToken, - expiresAt: newTokenExpiration.toISOString(), - refreshToken: newSsoOidcToken.refreshToken - }); - } catch (error) { - } - return { - token: newSsoOidcToken.accessToken, - expiration: newTokenExpiration - }; - } catch (error) { - validateTokenExpiry(existingToken); - return existingToken; - } -}, "fromSso"); - -// src/fromStatic.ts - -var fromStatic = /* @__PURE__ */ __name(({ token, logger }) => async () => { - logger?.debug("@aws-sdk/token-providers - fromStatic"); - if (!token || !token.token) { - throw new import_property_provider.TokenProviderError(`Please pass a valid token to fromStatic`, false); - } - return token; -}, "fromStatic"); - -// src/nodeProvider.ts - -var nodeProvider = /* @__PURE__ */ __name((init = {}) => (0, import_property_provider.memoize)( - (0, import_property_provider.chain)(fromSso(init), async () => { - throw new import_property_provider.TokenProviderError("Could not load token from any providers", false); - }), - (token) => token.expiration !== void 0 && token.expiration.getTime() - Date.now() < 3e5, - (token) => token.expiration !== void 0 -), "nodeProvider"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 4241: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - ConditionObject: () => import_util_endpoints.ConditionObject, - DeprecatedObject: () => import_util_endpoints.DeprecatedObject, - EndpointError: () => import_util_endpoints.EndpointError, - EndpointObject: () => import_util_endpoints.EndpointObject, - EndpointObjectHeaders: () => import_util_endpoints.EndpointObjectHeaders, - EndpointObjectProperties: () => import_util_endpoints.EndpointObjectProperties, - EndpointParams: () => import_util_endpoints.EndpointParams, - EndpointResolverOptions: () => import_util_endpoints.EndpointResolverOptions, - EndpointRuleObject: () => import_util_endpoints.EndpointRuleObject, - ErrorRuleObject: () => import_util_endpoints.ErrorRuleObject, - EvaluateOptions: () => import_util_endpoints.EvaluateOptions, - Expression: () => import_util_endpoints.Expression, - FunctionArgv: () => import_util_endpoints.FunctionArgv, - FunctionObject: () => import_util_endpoints.FunctionObject, - FunctionReturn: () => import_util_endpoints.FunctionReturn, - ParameterObject: () => import_util_endpoints.ParameterObject, - ReferenceObject: () => import_util_endpoints.ReferenceObject, - ReferenceRecord: () => import_util_endpoints.ReferenceRecord, - RuleSetObject: () => import_util_endpoints.RuleSetObject, - RuleSetRules: () => import_util_endpoints.RuleSetRules, - TreeRuleObject: () => import_util_endpoints.TreeRuleObject, - awsEndpointFunctions: () => awsEndpointFunctions, - getUserAgentPrefix: () => getUserAgentPrefix, - isIpAddress: () => import_util_endpoints.isIpAddress, - partition: () => partition, - resolveDefaultAwsRegionalEndpointsConfig: () => resolveDefaultAwsRegionalEndpointsConfig, - resolveEndpoint: () => import_util_endpoints.resolveEndpoint, - setPartitionInfo: () => setPartitionInfo, - toEndpointV1: () => toEndpointV1, - useDefaultPartitionInfo: () => useDefaultPartitionInfo -}); -module.exports = __toCommonJS(index_exports); - -// src/aws.ts - - -// src/lib/aws/isVirtualHostableS3Bucket.ts - - -// src/lib/isIpAddress.ts -var import_util_endpoints = __nccwpck_require__(5473); - -// src/lib/aws/isVirtualHostableS3Bucket.ts -var isVirtualHostableS3Bucket = /* @__PURE__ */ __name((value, allowSubDomains = false) => { - if (allowSubDomains) { - for (const label of value.split(".")) { - if (!isVirtualHostableS3Bucket(label)) { - return false; - } - } - return true; - } - if (!(0, import_util_endpoints.isValidHostLabel)(value)) { - return false; - } - if (value.length < 3 || value.length > 63) { - return false; - } - if (value !== value.toLowerCase()) { - return false; - } - if ((0, import_util_endpoints.isIpAddress)(value)) { - return false; - } - return true; -}, "isVirtualHostableS3Bucket"); - -// src/lib/aws/parseArn.ts -var ARN_DELIMITER = ":"; -var RESOURCE_DELIMITER = "/"; -var parseArn = /* @__PURE__ */ __name((value) => { - const segments = value.split(ARN_DELIMITER); - if (segments.length < 6) return null; - const [arn, partition2, service, region, accountId, ...resourcePath] = segments; - if (arn !== "arn" || partition2 === "" || service === "" || resourcePath.join(ARN_DELIMITER) === "") return null; - const resourceId = resourcePath.map((resource) => resource.split(RESOURCE_DELIMITER)).flat(); - return { - partition: partition2, - service, - region, - accountId, - resourceId - }; -}, "parseArn"); - -// src/lib/aws/partitions.json -var partitions_default = { - partitions: [{ - id: "aws", - outputs: { - dnsSuffix: "amazonaws.com", - dualStackDnsSuffix: "api.aws", - implicitGlobalRegion: "us-east-1", - name: "aws", - supportsDualStack: true, - supportsFIPS: true - }, - regionRegex: "^(us|eu|ap|sa|ca|me|af|il|mx)\\-\\w+\\-\\d+$", - regions: { - "af-south-1": { - description: "Africa (Cape Town)" - }, - "ap-east-1": { - description: "Asia Pacific (Hong Kong)" - }, - "ap-east-2": { - description: "Asia Pacific (Taipei)" - }, - "ap-northeast-1": { - description: "Asia Pacific (Tokyo)" - }, - "ap-northeast-2": { - description: "Asia Pacific (Seoul)" - }, - "ap-northeast-3": { - description: "Asia Pacific (Osaka)" - }, - "ap-south-1": { - description: "Asia Pacific (Mumbai)" - }, - "ap-south-2": { - description: "Asia Pacific (Hyderabad)" - }, - "ap-southeast-1": { - description: "Asia Pacific (Singapore)" - }, - "ap-southeast-2": { - description: "Asia Pacific (Sydney)" - }, - "ap-southeast-3": { - description: "Asia Pacific (Jakarta)" - }, - "ap-southeast-4": { - description: "Asia Pacific (Melbourne)" - }, - "ap-southeast-5": { - description: "Asia Pacific (Malaysia)" - }, - "ap-southeast-7": { - description: "Asia Pacific (Thailand)" - }, - "aws-global": { - description: "AWS Standard global region" - }, - "ca-central-1": { - description: "Canada (Central)" - }, - "ca-west-1": { - description: "Canada West (Calgary)" - }, - "eu-central-1": { - description: "Europe (Frankfurt)" - }, - "eu-central-2": { - description: "Europe (Zurich)" - }, - "eu-north-1": { - description: "Europe (Stockholm)" - }, - "eu-south-1": { - description: "Europe (Milan)" - }, - "eu-south-2": { - description: "Europe (Spain)" - }, - "eu-west-1": { - description: "Europe (Ireland)" - }, - "eu-west-2": { - description: "Europe (London)" - }, - "eu-west-3": { - description: "Europe (Paris)" - }, - "il-central-1": { - description: "Israel (Tel Aviv)" - }, - "me-central-1": { - description: "Middle East (UAE)" - }, - "me-south-1": { - description: "Middle East (Bahrain)" - }, - "mx-central-1": { - description: "Mexico (Central)" - }, - "sa-east-1": { - description: "South America (Sao Paulo)" - }, - "us-east-1": { - description: "US East (N. Virginia)" - }, - "us-east-2": { - description: "US East (Ohio)" - }, - "us-west-1": { - description: "US West (N. California)" - }, - "us-west-2": { - description: "US West (Oregon)" - } - } - }, { - id: "aws-cn", - outputs: { - dnsSuffix: "amazonaws.com.cn", - dualStackDnsSuffix: "api.amazonwebservices.com.cn", - implicitGlobalRegion: "cn-northwest-1", - name: "aws-cn", - supportsDualStack: true, - supportsFIPS: true - }, - regionRegex: "^cn\\-\\w+\\-\\d+$", - regions: { - "aws-cn-global": { - description: "AWS China global region" - }, - "cn-north-1": { - description: "China (Beijing)" - }, - "cn-northwest-1": { - description: "China (Ningxia)" - } - } - }, { - id: "aws-us-gov", - outputs: { - dnsSuffix: "amazonaws.com", - dualStackDnsSuffix: "api.aws", - implicitGlobalRegion: "us-gov-west-1", - name: "aws-us-gov", - supportsDualStack: true, - supportsFIPS: true - }, - regionRegex: "^us\\-gov\\-\\w+\\-\\d+$", - regions: { - "aws-us-gov-global": { - description: "AWS GovCloud (US) global region" - }, - "us-gov-east-1": { - description: "AWS GovCloud (US-East)" - }, - "us-gov-west-1": { - description: "AWS GovCloud (US-West)" - } - } - }, { - id: "aws-iso", - outputs: { - dnsSuffix: "c2s.ic.gov", - dualStackDnsSuffix: "c2s.ic.gov", - implicitGlobalRegion: "us-iso-east-1", - name: "aws-iso", - supportsDualStack: false, - supportsFIPS: true - }, - regionRegex: "^us\\-iso\\-\\w+\\-\\d+$", - regions: { - "aws-iso-global": { - description: "AWS ISO (US) global region" - }, - "us-iso-east-1": { - description: "US ISO East" - }, - "us-iso-west-1": { - description: "US ISO WEST" - } - } - }, { - id: "aws-iso-b", - outputs: { - dnsSuffix: "sc2s.sgov.gov", - dualStackDnsSuffix: "sc2s.sgov.gov", - implicitGlobalRegion: "us-isob-east-1", - name: "aws-iso-b", - supportsDualStack: false, - supportsFIPS: true - }, - regionRegex: "^us\\-isob\\-\\w+\\-\\d+$", - regions: { - "aws-iso-b-global": { - description: "AWS ISOB (US) global region" - }, - "us-isob-east-1": { - description: "US ISOB East (Ohio)" - } - } - }, { - id: "aws-iso-e", - outputs: { - dnsSuffix: "cloud.adc-e.uk", - dualStackDnsSuffix: "cloud.adc-e.uk", - implicitGlobalRegion: "eu-isoe-west-1", - name: "aws-iso-e", - supportsDualStack: false, - supportsFIPS: true - }, - regionRegex: "^eu\\-isoe\\-\\w+\\-\\d+$", - regions: { - "aws-iso-e-global": { - description: "AWS ISOE (Europe) global region" - }, - "eu-isoe-west-1": { - description: "EU ISOE West" - } - } - }, { - id: "aws-iso-f", - outputs: { - dnsSuffix: "csp.hci.ic.gov", - dualStackDnsSuffix: "csp.hci.ic.gov", - implicitGlobalRegion: "us-isof-south-1", - name: "aws-iso-f", - supportsDualStack: false, - supportsFIPS: true - }, - regionRegex: "^us\\-isof\\-\\w+\\-\\d+$", - regions: { - "aws-iso-f-global": { - description: "AWS ISOF global region" - }, - "us-isof-east-1": { - description: "US ISOF EAST" - }, - "us-isof-south-1": { - description: "US ISOF SOUTH" - } - } - }, { - id: "aws-eusc", - outputs: { - dnsSuffix: "amazonaws.eu", - dualStackDnsSuffix: "amazonaws.eu", - implicitGlobalRegion: "eusc-de-east-1", - name: "aws-eusc", - supportsDualStack: false, - supportsFIPS: true - }, - regionRegex: "^eusc\\-(de)\\-\\w+\\-\\d+$", - regions: { - "eusc-de-east-1": { - description: "EU (Germany)" - } - } - }], - version: "1.1" -}; - -// src/lib/aws/partition.ts -var selectedPartitionsInfo = partitions_default; -var selectedUserAgentPrefix = ""; -var partition = /* @__PURE__ */ __name((value) => { - const { partitions } = selectedPartitionsInfo; - for (const partition2 of partitions) { - const { regions, outputs } = partition2; - for (const [region, regionData] of Object.entries(regions)) { - if (region === value) { - return { - ...outputs, - ...regionData - }; - } - } - } - for (const partition2 of partitions) { - const { regionRegex, outputs } = partition2; - if (new RegExp(regionRegex).test(value)) { - return { - ...outputs - }; - } - } - const DEFAULT_PARTITION = partitions.find((partition2) => partition2.id === "aws"); - if (!DEFAULT_PARTITION) { - throw new Error( - "Provided region was not found in the partition array or regex, and default partition with id 'aws' doesn't exist." - ); - } - return { - ...DEFAULT_PARTITION.outputs - }; -}, "partition"); -var setPartitionInfo = /* @__PURE__ */ __name((partitionsInfo, userAgentPrefix = "") => { - selectedPartitionsInfo = partitionsInfo; - selectedUserAgentPrefix = userAgentPrefix; -}, "setPartitionInfo"); -var useDefaultPartitionInfo = /* @__PURE__ */ __name(() => { - setPartitionInfo(partitions_default, ""); -}, "useDefaultPartitionInfo"); -var getUserAgentPrefix = /* @__PURE__ */ __name(() => selectedUserAgentPrefix, "getUserAgentPrefix"); - -// src/aws.ts -var awsEndpointFunctions = { - isVirtualHostableS3Bucket, - parseArn, - partition -}; -import_util_endpoints.customEndpointFunctions.aws = awsEndpointFunctions; - -// src/resolveDefaultAwsRegionalEndpointsConfig.ts -var import_url_parser = __nccwpck_require__(4681); -var resolveDefaultAwsRegionalEndpointsConfig = /* @__PURE__ */ __name((input) => { - if (typeof input.endpointProvider !== "function") { - throw new Error("@aws-sdk/util-endpoint - endpointProvider and endpoint missing in config for this client."); - } - const { endpoint } = input; - if (endpoint === void 0) { - input.endpoint = async () => { - return toEndpointV1( - input.endpointProvider( - { - Region: typeof input.region === "function" ? await input.region() : input.region, - UseDualStack: typeof input.useDualstackEndpoint === "function" ? await input.useDualstackEndpoint() : input.useDualstackEndpoint, - UseFIPS: typeof input.useFipsEndpoint === "function" ? await input.useFipsEndpoint() : input.useFipsEndpoint, - Endpoint: void 0 - }, - { logger: input.logger } - ) - ); - }; - } - return input; -}, "resolveDefaultAwsRegionalEndpointsConfig"); -var toEndpointV1 = /* @__PURE__ */ __name((endpoint) => (0, import_url_parser.parseUrl)(endpoint.url), "toEndpointV1"); - -// src/resolveEndpoint.ts - - -// src/types/EndpointError.ts - - -// src/types/EndpointRuleObject.ts - - -// src/types/ErrorRuleObject.ts - - -// src/types/RuleSetObject.ts - - -// src/types/TreeRuleObject.ts - - -// src/types/shared.ts - -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 7330: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - NODE_APP_ID_CONFIG_OPTIONS: () => NODE_APP_ID_CONFIG_OPTIONS, - UA_APP_ID_ENV_NAME: () => UA_APP_ID_ENV_NAME, - UA_APP_ID_INI_NAME: () => UA_APP_ID_INI_NAME, - createDefaultUserAgentProvider: () => createDefaultUserAgentProvider, - crtAvailability: () => crtAvailability, - defaultUserAgent: () => defaultUserAgent -}); -module.exports = __toCommonJS(index_exports); - -// src/defaultUserAgent.ts -var import_os = __nccwpck_require__(2037); -var import_process = __nccwpck_require__(7282); - -// src/crt-availability.ts -var crtAvailability = { - isCrtAvailable: false -}; - -// src/is-crt-available.ts -var isCrtAvailable = /* @__PURE__ */ __name(() => { - if (crtAvailability.isCrtAvailable) { - return ["md/crt-avail"]; - } - return null; -}, "isCrtAvailable"); - -// src/defaultUserAgent.ts -var createDefaultUserAgentProvider = /* @__PURE__ */ __name(({ serviceId, clientVersion }) => { - return async (config) => { - const sections = [ - // sdk-metadata - ["aws-sdk-js", clientVersion], - // ua-metadata - ["ua", "2.1"], - // os-metadata - [`os/${(0, import_os.platform)()}`, (0, import_os.release)()], - // language-metadata - // ECMAScript edition doesn't matter in JS, so no version needed. - ["lang/js"], - ["md/nodejs", `${import_process.versions.node}`] - ]; - const crtAvailable = isCrtAvailable(); - if (crtAvailable) { - sections.push(crtAvailable); - } - if (serviceId) { - sections.push([`api/${serviceId}`, clientVersion]); - } - if (import_process.env.AWS_EXECUTION_ENV) { - sections.push([`exec-env/${import_process.env.AWS_EXECUTION_ENV}`]); - } - const appId = await config?.userAgentAppId?.(); - const resolvedUserAgent = appId ? [...sections, [`app/${appId}`]] : [...sections]; - return resolvedUserAgent; - }; -}, "createDefaultUserAgentProvider"); -var defaultUserAgent = createDefaultUserAgentProvider; - -// src/nodeAppIdConfigOptions.ts -var import_middleware_user_agent = __nccwpck_require__(6634); -var UA_APP_ID_ENV_NAME = "AWS_SDK_UA_APP_ID"; -var UA_APP_ID_INI_NAME = "sdk_ua_app_id"; -var UA_APP_ID_INI_NAME_DEPRECATED = "sdk-ua-app-id"; -var NODE_APP_ID_CONFIG_OPTIONS = { - environmentVariableSelector: /* @__PURE__ */ __name((env2) => env2[UA_APP_ID_ENV_NAME], "environmentVariableSelector"), - configFileSelector: /* @__PURE__ */ __name((profile) => profile[UA_APP_ID_INI_NAME] ?? profile[UA_APP_ID_INI_NAME_DEPRECATED], "configFileSelector"), - default: import_middleware_user_agent.DEFAULT_UA_APP_ID -}; -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 9963: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -const tslib_1 = __nccwpck_require__(4351); -tslib_1.__exportStar(__nccwpck_require__(2825), exports); -tslib_1.__exportStar(__nccwpck_require__(7862), exports); -tslib_1.__exportStar(__nccwpck_require__(785), exports); - - -/***/ }), - -/***/ 2825: -/***/ ((module) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/submodules/client/index.ts -var index_exports = {}; -__export(index_exports, { - emitWarningIfUnsupportedVersion: () => emitWarningIfUnsupportedVersion, - setCredentialFeature: () => setCredentialFeature, - setFeature: () => setFeature, - state: () => state -}); -module.exports = __toCommonJS(index_exports); - -// src/submodules/client/emitWarningIfUnsupportedVersion.ts -var state = { - warningEmitted: false -}; -var emitWarningIfUnsupportedVersion = /* @__PURE__ */ __name((version) => { - if (version && !state.warningEmitted && parseInt(version.substring(1, version.indexOf("."))) < 18) { - state.warningEmitted = true; - process.emitWarning( - `NodeDeprecationWarning: The AWS SDK for JavaScript (v3) will -no longer support Node.js 16.x on January 6, 2025. - -To continue receiving updates to AWS services, bug fixes, and security -updates please upgrade to a supported Node.js LTS version. - -More information can be found at: https://a.co/74kJMmI` - ); - } -}, "emitWarningIfUnsupportedVersion"); - -// src/submodules/client/setCredentialFeature.ts -function setCredentialFeature(credentials, feature, value) { - if (!credentials.$source) { - credentials.$source = {}; - } - credentials.$source[feature] = value; - return credentials; -} -__name(setCredentialFeature, "setCredentialFeature"); - -// src/submodules/client/setFeature.ts -function setFeature(context, feature, value) { - if (!context.__aws_sdk_context) { - context.__aws_sdk_context = { - features: {} - }; - } else if (!context.__aws_sdk_context.features) { - context.__aws_sdk_context.features = {}; - } - context.__aws_sdk_context.features[feature] = value; -} -__name(setFeature, "setFeature"); -// Annotate the CommonJS export names for ESM import in node: -0 && (0); - - -/***/ }), - -/***/ 7862: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/submodules/httpAuthSchemes/index.ts -var index_exports = {}; -__export(index_exports, { - AWSSDKSigV4Signer: () => AWSSDKSigV4Signer, - AwsSdkSigV4ASigner: () => AwsSdkSigV4ASigner, - AwsSdkSigV4Signer: () => AwsSdkSigV4Signer, - NODE_AUTH_SCHEME_PREFERENCE_OPTIONS: () => NODE_AUTH_SCHEME_PREFERENCE_OPTIONS, - NODE_SIGV4A_CONFIG_OPTIONS: () => NODE_SIGV4A_CONFIG_OPTIONS, - getBearerTokenEnvKey: () => getBearerTokenEnvKey, - resolveAWSSDKSigV4Config: () => resolveAWSSDKSigV4Config, - resolveAwsSdkSigV4AConfig: () => resolveAwsSdkSigV4AConfig, - resolveAwsSdkSigV4Config: () => resolveAwsSdkSigV4Config, - validateSigningProperties: () => validateSigningProperties -}); -module.exports = __toCommonJS(index_exports); - -// src/submodules/httpAuthSchemes/aws_sdk/AwsSdkSigV4Signer.ts -var import_protocol_http2 = __nccwpck_require__(4418); - -// src/submodules/httpAuthSchemes/utils/getDateHeader.ts -var import_protocol_http = __nccwpck_require__(4418); -var getDateHeader = /* @__PURE__ */ __name((response) => import_protocol_http.HttpResponse.isInstance(response) ? response.headers?.date ?? response.headers?.Date : void 0, "getDateHeader"); - -// src/submodules/httpAuthSchemes/utils/getSkewCorrectedDate.ts -var getSkewCorrectedDate = /* @__PURE__ */ __name((systemClockOffset) => new Date(Date.now() + systemClockOffset), "getSkewCorrectedDate"); - -// src/submodules/httpAuthSchemes/utils/isClockSkewed.ts -var isClockSkewed = /* @__PURE__ */ __name((clockTime, systemClockOffset) => Math.abs(getSkewCorrectedDate(systemClockOffset).getTime() - clockTime) >= 3e5, "isClockSkewed"); - -// src/submodules/httpAuthSchemes/utils/getUpdatedSystemClockOffset.ts -var getUpdatedSystemClockOffset = /* @__PURE__ */ __name((clockTime, currentSystemClockOffset) => { - const clockTimeInMs = Date.parse(clockTime); - if (isClockSkewed(clockTimeInMs, currentSystemClockOffset)) { - return clockTimeInMs - Date.now(); - } - return currentSystemClockOffset; -}, "getUpdatedSystemClockOffset"); - -// src/submodules/httpAuthSchemes/aws_sdk/AwsSdkSigV4Signer.ts -var throwSigningPropertyError = /* @__PURE__ */ __name((name, property) => { - if (!property) { - throw new Error(`Property \`${name}\` is not resolved for AWS SDK SigV4Auth`); - } - return property; -}, "throwSigningPropertyError"); -var validateSigningProperties = /* @__PURE__ */ __name(async (signingProperties) => { - const context = throwSigningPropertyError( - "context", - signingProperties.context - ); - const config = throwSigningPropertyError("config", signingProperties.config); - const authScheme = context.endpointV2?.properties?.authSchemes?.[0]; - const signerFunction = throwSigningPropertyError( - "signer", - config.signer - ); - const signer = await signerFunction(authScheme); - const signingRegion = signingProperties?.signingRegion; - const signingRegionSet = signingProperties?.signingRegionSet; - const signingName = signingProperties?.signingName; - return { - config, - signer, - signingRegion, - signingRegionSet, - signingName - }; -}, "validateSigningProperties"); -var AwsSdkSigV4Signer = class { - static { - __name(this, "AwsSdkSigV4Signer"); - } - async sign(httpRequest, identity, signingProperties) { - if (!import_protocol_http2.HttpRequest.isInstance(httpRequest)) { - throw new Error("The request is not an instance of `HttpRequest` and cannot be signed"); - } - const validatedProps = await validateSigningProperties(signingProperties); - const { config, signer } = validatedProps; - let { signingRegion, signingName } = validatedProps; - const handlerExecutionContext = signingProperties.context; - if (handlerExecutionContext?.authSchemes?.length ?? 0 > 1) { - const [first, second] = handlerExecutionContext.authSchemes; - if (first?.name === "sigv4a" && second?.name === "sigv4") { - signingRegion = second?.signingRegion ?? signingRegion; - signingName = second?.signingName ?? signingName; - } - } - const signedRequest = await signer.sign(httpRequest, { - signingDate: getSkewCorrectedDate(config.systemClockOffset), - signingRegion, - signingService: signingName - }); - return signedRequest; - } - errorHandler(signingProperties) { - return (error) => { - const serverTime = error.ServerTime ?? getDateHeader(error.$response); - if (serverTime) { - const config = throwSigningPropertyError("config", signingProperties.config); - const initialSystemClockOffset = config.systemClockOffset; - config.systemClockOffset = getUpdatedSystemClockOffset(serverTime, config.systemClockOffset); - const clockSkewCorrected = config.systemClockOffset !== initialSystemClockOffset; - if (clockSkewCorrected && error.$metadata) { - error.$metadata.clockSkewCorrected = true; - } - } - throw error; - }; - } - successHandler(httpResponse, signingProperties) { - const dateHeader = getDateHeader(httpResponse); - if (dateHeader) { - const config = throwSigningPropertyError("config", signingProperties.config); - config.systemClockOffset = getUpdatedSystemClockOffset(dateHeader, config.systemClockOffset); - } - } -}; -var AWSSDKSigV4Signer = AwsSdkSigV4Signer; - -// src/submodules/httpAuthSchemes/aws_sdk/AwsSdkSigV4ASigner.ts -var import_protocol_http3 = __nccwpck_require__(4418); -var AwsSdkSigV4ASigner = class extends AwsSdkSigV4Signer { - static { - __name(this, "AwsSdkSigV4ASigner"); - } - async sign(httpRequest, identity, signingProperties) { - if (!import_protocol_http3.HttpRequest.isInstance(httpRequest)) { - throw new Error("The request is not an instance of `HttpRequest` and cannot be signed"); - } - const { config, signer, signingRegion, signingRegionSet, signingName } = await validateSigningProperties( - signingProperties - ); - const configResolvedSigningRegionSet = await config.sigv4aSigningRegionSet?.(); - const multiRegionOverride = (configResolvedSigningRegionSet ?? signingRegionSet ?? [signingRegion]).join(","); - const signedRequest = await signer.sign(httpRequest, { - signingDate: getSkewCorrectedDate(config.systemClockOffset), - signingRegion: multiRegionOverride, - signingService: signingName - }); - return signedRequest; - } -}; - -// src/submodules/httpAuthSchemes/utils/getArrayForCommaSeparatedString.ts -var getArrayForCommaSeparatedString = /* @__PURE__ */ __name((str) => typeof str === "string" && str.length > 0 ? str.split(",").map((item) => item.trim()) : [], "getArrayForCommaSeparatedString"); - -// src/submodules/httpAuthSchemes/utils/getBearerTokenEnvKey.ts -var getBearerTokenEnvKey = /* @__PURE__ */ __name((signingName) => `AWS_BEARER_TOKEN_${signingName.replace(/[\s-]/g, "_").toUpperCase()}`, "getBearerTokenEnvKey"); - -// src/submodules/httpAuthSchemes/aws_sdk/NODE_AUTH_SCHEME_PREFERENCE_OPTIONS.ts -var NODE_AUTH_SCHEME_PREFERENCE_ENV_KEY = "AWS_AUTH_SCHEME_PREFERENCE"; -var NODE_AUTH_SCHEME_PREFERENCE_CONFIG_KEY = "auth_scheme_preference"; -var NODE_AUTH_SCHEME_PREFERENCE_OPTIONS = { - /** - * Retrieves auth scheme preference from environment variables - * @param env - Node process environment object - * @returns Array of auth scheme strings if preference is set, undefined otherwise - */ - environmentVariableSelector: /* @__PURE__ */ __name((env, options) => { - if (options?.signingName) { - const bearerTokenKey = getBearerTokenEnvKey(options.signingName); - if (bearerTokenKey in env) return ["httpBearerAuth"]; - } - if (!(NODE_AUTH_SCHEME_PREFERENCE_ENV_KEY in env)) return void 0; - return getArrayForCommaSeparatedString(env[NODE_AUTH_SCHEME_PREFERENCE_ENV_KEY]); - }, "environmentVariableSelector"), - /** - * Retrieves auth scheme preference from config file - * @param profile - Config profile object - * @returns Array of auth scheme strings if preference is set, undefined otherwise - */ - configFileSelector: /* @__PURE__ */ __name((profile) => { - if (!(NODE_AUTH_SCHEME_PREFERENCE_CONFIG_KEY in profile)) return void 0; - return getArrayForCommaSeparatedString(profile[NODE_AUTH_SCHEME_PREFERENCE_CONFIG_KEY]); - }, "configFileSelector"), - /** - * Default auth scheme preference if not specified in environment or config - */ - default: [] -}; - -// src/submodules/httpAuthSchemes/aws_sdk/resolveAwsSdkSigV4AConfig.ts -var import_core = __nccwpck_require__(5829); -var import_property_provider = __nccwpck_require__(9721); -var resolveAwsSdkSigV4AConfig = /* @__PURE__ */ __name((config) => { - config.sigv4aSigningRegionSet = (0, import_core.normalizeProvider)(config.sigv4aSigningRegionSet); - return config; -}, "resolveAwsSdkSigV4AConfig"); -var NODE_SIGV4A_CONFIG_OPTIONS = { - environmentVariableSelector(env) { - if (env.AWS_SIGV4A_SIGNING_REGION_SET) { - return env.AWS_SIGV4A_SIGNING_REGION_SET.split(",").map((_) => _.trim()); - } - throw new import_property_provider.ProviderError("AWS_SIGV4A_SIGNING_REGION_SET not set in env.", { - tryNextLink: true - }); - }, - configFileSelector(profile) { - if (profile.sigv4a_signing_region_set) { - return (profile.sigv4a_signing_region_set ?? "").split(",").map((_) => _.trim()); - } - throw new import_property_provider.ProviderError("sigv4a_signing_region_set not set in profile.", { - tryNextLink: true - }); - }, - default: void 0 -}; - -// src/submodules/httpAuthSchemes/aws_sdk/resolveAwsSdkSigV4Config.ts -var import_client = __nccwpck_require__(2825); -var import_core2 = __nccwpck_require__(5829); -var import_signature_v4 = __nccwpck_require__(1528); -var resolveAwsSdkSigV4Config = /* @__PURE__ */ __name((config) => { - let inputCredentials = config.credentials; - let isUserSupplied = !!config.credentials; - let resolvedCredentials = void 0; - Object.defineProperty(config, "credentials", { - set(credentials) { - if (credentials && credentials !== inputCredentials && credentials !== resolvedCredentials) { - isUserSupplied = true; - } - inputCredentials = credentials; - const memoizedProvider = normalizeCredentialProvider(config, { - credentials: inputCredentials, - credentialDefaultProvider: config.credentialDefaultProvider - }); - const boundProvider = bindCallerConfig(config, memoizedProvider); - if (isUserSupplied && !boundProvider.attributed) { - resolvedCredentials = /* @__PURE__ */ __name(async (options) => boundProvider(options).then( - (creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_CODE", "e") - ), "resolvedCredentials"); - resolvedCredentials.memoized = boundProvider.memoized; - resolvedCredentials.configBound = boundProvider.configBound; - resolvedCredentials.attributed = true; - } else { - resolvedCredentials = boundProvider; - } - }, - get() { - return resolvedCredentials; - }, - enumerable: true, - configurable: true - }); - config.credentials = inputCredentials; - const { - // Default for signingEscapePath - signingEscapePath = true, - // Default for systemClockOffset - systemClockOffset = config.systemClockOffset || 0, - // No default for sha256 since it is platform dependent - sha256 - } = config; - let signer; - if (config.signer) { - signer = (0, import_core2.normalizeProvider)(config.signer); - } else if (config.regionInfoProvider) { - signer = /* @__PURE__ */ __name(() => (0, import_core2.normalizeProvider)(config.region)().then( - async (region) => [ - await config.regionInfoProvider(region, { - useFipsEndpoint: await config.useFipsEndpoint(), - useDualstackEndpoint: await config.useDualstackEndpoint() - }) || {}, - region - ] - ).then(([regionInfo, region]) => { - const { signingRegion, signingService } = regionInfo; - config.signingRegion = config.signingRegion || signingRegion || region; - config.signingName = config.signingName || signingService || config.serviceId; - const params = { - ...config, - credentials: config.credentials, - region: config.signingRegion, - service: config.signingName, - sha256, - uriEscapePath: signingEscapePath - }; - const SignerCtor = config.signerConstructor || import_signature_v4.SignatureV4; - return new SignerCtor(params); - }), "signer"); - } else { - signer = /* @__PURE__ */ __name(async (authScheme) => { - authScheme = Object.assign( - {}, - { - name: "sigv4", - signingName: config.signingName || config.defaultSigningName, - signingRegion: await (0, import_core2.normalizeProvider)(config.region)(), - properties: {} - }, - authScheme - ); - const signingRegion = authScheme.signingRegion; - const signingService = authScheme.signingName; - config.signingRegion = config.signingRegion || signingRegion; - config.signingName = config.signingName || signingService || config.serviceId; - const params = { - ...config, - credentials: config.credentials, - region: config.signingRegion, - service: config.signingName, - sha256, - uriEscapePath: signingEscapePath - }; - const SignerCtor = config.signerConstructor || import_signature_v4.SignatureV4; - return new SignerCtor(params); - }, "signer"); - } - const resolvedConfig = Object.assign(config, { - systemClockOffset, - signingEscapePath, - signer - }); - return resolvedConfig; -}, "resolveAwsSdkSigV4Config"); -var resolveAWSSDKSigV4Config = resolveAwsSdkSigV4Config; -function normalizeCredentialProvider(config, { - credentials, - credentialDefaultProvider -}) { - let credentialsProvider; - if (credentials) { - if (!credentials?.memoized) { - credentialsProvider = (0, import_core2.memoizeIdentityProvider)(credentials, import_core2.isIdentityExpired, import_core2.doesIdentityRequireRefresh); - } else { - credentialsProvider = credentials; - } - } else { - if (credentialDefaultProvider) { - credentialsProvider = (0, import_core2.normalizeProvider)( - credentialDefaultProvider( - Object.assign({}, config, { - parentClientConfig: config - }) - ) - ); - } else { - credentialsProvider = /* @__PURE__ */ __name(async () => { - throw new Error( - "@aws-sdk/core::resolveAwsSdkSigV4Config - `credentials` not provided and no credentialDefaultProvider was configured." - ); - }, "credentialsProvider"); - } - } - credentialsProvider.memoized = true; - return credentialsProvider; -} -__name(normalizeCredentialProvider, "normalizeCredentialProvider"); -function bindCallerConfig(config, credentialsProvider) { - if (credentialsProvider.configBound) { - return credentialsProvider; - } - const fn = /* @__PURE__ */ __name(async (options) => credentialsProvider({ ...options, callerClientConfig: config }), "fn"); - fn.memoized = credentialsProvider.memoized; - fn.configBound = true; - return fn; -} -__name(bindCallerConfig, "bindCallerConfig"); -// Annotate the CommonJS export names for ESM import in node: -0 && (0); - - -/***/ }), - -/***/ 785: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/submodules/protocols/index.ts -var index_exports = {}; -__export(index_exports, { - AwsEc2QueryProtocol: () => AwsEc2QueryProtocol, - AwsJson1_0Protocol: () => AwsJson1_0Protocol, - AwsJson1_1Protocol: () => AwsJson1_1Protocol, - AwsJsonRpcProtocol: () => AwsJsonRpcProtocol, - AwsQueryProtocol: () => AwsQueryProtocol, - AwsRestJsonProtocol: () => AwsRestJsonProtocol, - AwsRestXmlProtocol: () => AwsRestXmlProtocol, - JsonCodec: () => JsonCodec, - JsonShapeDeserializer: () => JsonShapeDeserializer, - JsonShapeSerializer: () => JsonShapeSerializer, - XmlCodec: () => XmlCodec, - XmlShapeDeserializer: () => XmlShapeDeserializer, - XmlShapeSerializer: () => XmlShapeSerializer, - _toBool: () => _toBool, - _toNum: () => _toNum, - _toStr: () => _toStr, - awsExpectUnion: () => awsExpectUnion, - loadRestJsonErrorCode: () => loadRestJsonErrorCode, - loadRestXmlErrorCode: () => loadRestXmlErrorCode, - parseJsonBody: () => parseJsonBody, - parseJsonErrorBody: () => parseJsonErrorBody, - parseXmlBody: () => parseXmlBody, - parseXmlErrorBody: () => parseXmlErrorBody -}); -module.exports = __toCommonJS(index_exports); - -// src/submodules/protocols/coercing-serializers.ts -var _toStr = /* @__PURE__ */ __name((val) => { - if (val == null) { - return val; - } - if (typeof val === "number" || typeof val === "bigint") { - const warning = new Error(`Received number ${val} where a string was expected.`); - warning.name = "Warning"; - console.warn(warning); - return String(val); - } - if (typeof val === "boolean") { - const warning = new Error(`Received boolean ${val} where a string was expected.`); - warning.name = "Warning"; - console.warn(warning); - return String(val); - } - return val; -}, "_toStr"); -var _toBool = /* @__PURE__ */ __name((val) => { - if (val == null) { - return val; - } - if (typeof val === "number") { - } - if (typeof val === "string") { - const lowercase = val.toLowerCase(); - if (val !== "" && lowercase !== "false" && lowercase !== "true") { - const warning = new Error(`Received string "${val}" where a boolean was expected.`); - warning.name = "Warning"; - console.warn(warning); - } - return val !== "" && lowercase !== "false"; - } - return val; -}, "_toBool"); -var _toNum = /* @__PURE__ */ __name((val) => { - if (val == null) { - return val; - } - if (typeof val === "boolean") { - } - if (typeof val === "string") { - const num = Number(val); - if (num.toString() !== val) { - const warning = new Error(`Received string "${val}" where a number was expected.`); - warning.name = "Warning"; - console.warn(warning); - return val; - } - return num; - } - return val; -}, "_toNum"); - -// src/submodules/protocols/json/AwsJsonRpcProtocol.ts -var import_protocols = __nccwpck_require__(2241); -var import_schema3 = __nccwpck_require__(9826); -var import_util_body_length_browser = __nccwpck_require__(713); - -// src/submodules/protocols/ConfigurableSerdeContext.ts -var SerdeContextConfig = class { - static { - __name(this, "SerdeContextConfig"); - } - serdeContext; - setSerdeContext(serdeContext) { - this.serdeContext = serdeContext; - } -}; - -// src/submodules/protocols/json/JsonShapeDeserializer.ts -var import_schema = __nccwpck_require__(9826); -var import_serde2 = __nccwpck_require__(7669); -var import_util_base64 = __nccwpck_require__(5600); - -// src/submodules/protocols/json/jsonReviver.ts -var import_serde = __nccwpck_require__(7669); -function jsonReviver(key, value, context) { - if (context?.source) { - const numericString = context.source; - if (typeof value === "number") { - if (value > Number.MAX_SAFE_INTEGER || value < Number.MIN_SAFE_INTEGER || numericString !== String(value)) { - const isFractional = numericString.includes("."); - if (isFractional) { - return new import_serde.NumericValue(numericString, "bigDecimal"); - } else { - return BigInt(numericString); - } - } - } - } - return value; -} -__name(jsonReviver, "jsonReviver"); - -// src/submodules/protocols/common.ts -var import_smithy_client = __nccwpck_require__(3570); -var collectBodyString = /* @__PURE__ */ __name((streamBody, context) => (0, import_smithy_client.collectBody)(streamBody, context).then((body) => context.utf8Encoder(body)), "collectBodyString"); - -// src/submodules/protocols/json/parseJsonBody.ts -var parseJsonBody = /* @__PURE__ */ __name((streamBody, context) => collectBodyString(streamBody, context).then((encoded) => { - if (encoded.length) { - try { - return JSON.parse(encoded); - } catch (e) { - if (e?.name === "SyntaxError") { - Object.defineProperty(e, "$responseBodyText", { - value: encoded - }); - } - throw e; - } - } - return {}; -}), "parseJsonBody"); -var parseJsonErrorBody = /* @__PURE__ */ __name(async (errorBody, context) => { - const value = await parseJsonBody(errorBody, context); - value.message = value.message ?? value.Message; - return value; -}, "parseJsonErrorBody"); -var loadRestJsonErrorCode = /* @__PURE__ */ __name((output, data) => { - const findKey = /* @__PURE__ */ __name((object, key) => Object.keys(object).find((k) => k.toLowerCase() === key.toLowerCase()), "findKey"); - const sanitizeErrorCode = /* @__PURE__ */ __name((rawValue) => { - let cleanValue = rawValue; - if (typeof cleanValue === "number") { - cleanValue = cleanValue.toString(); - } - if (cleanValue.indexOf(",") >= 0) { - cleanValue = cleanValue.split(",")[0]; - } - if (cleanValue.indexOf(":") >= 0) { - cleanValue = cleanValue.split(":")[0]; - } - if (cleanValue.indexOf("#") >= 0) { - cleanValue = cleanValue.split("#")[1]; - } - return cleanValue; - }, "sanitizeErrorCode"); - const headerKey = findKey(output.headers, "x-amzn-errortype"); - if (headerKey !== void 0) { - return sanitizeErrorCode(output.headers[headerKey]); - } - if (data && typeof data === "object") { - const codeKey = findKey(data, "code"); - if (codeKey && data[codeKey] !== void 0) { - return sanitizeErrorCode(data[codeKey]); - } - if (data["__type"] !== void 0) { - return sanitizeErrorCode(data["__type"]); - } - } -}, "loadRestJsonErrorCode"); - -// src/submodules/protocols/json/JsonShapeDeserializer.ts -var JsonShapeDeserializer = class extends SerdeContextConfig { - constructor(settings) { - super(); - this.settings = settings; - } - static { - __name(this, "JsonShapeDeserializer"); - } - async read(schema, data) { - return this._read( - schema, - typeof data === "string" ? JSON.parse(data, jsonReviver) : await parseJsonBody(data, this.serdeContext) - ); - } - readObject(schema, data) { - return this._read(schema, data); - } - _read(schema, value) { - const isObject = value !== null && typeof value === "object"; - const ns = import_schema.NormalizedSchema.of(schema); - if (ns.isListSchema() && Array.isArray(value)) { - const listMember = ns.getValueSchema(); - const out = []; - const sparse = !!ns.getMergedTraits().sparse; - for (const item of value) { - if (sparse || item != null) { - out.push(this._read(listMember, item)); - } - } - return out; - } else if (ns.isMapSchema() && isObject) { - const mapMember = ns.getValueSchema(); - const out = {}; - const sparse = !!ns.getMergedTraits().sparse; - for (const [_k, _v] of Object.entries(value)) { - if (sparse || _v != null) { - out[_k] = this._read(mapMember, _v); - } - } - return out; - } else if (ns.isStructSchema() && isObject) { - const out = {}; - for (const [memberName, memberSchema] of ns.structIterator()) { - const fromKey = this.settings.jsonName ? memberSchema.getMergedTraits().jsonName ?? memberName : memberName; - const deserializedValue = this._read(memberSchema, value[fromKey]); - if (deserializedValue != null) { - out[memberName] = deserializedValue; - } - } - return out; - } - if (ns.isBlobSchema() && typeof value === "string") { - return (0, import_util_base64.fromBase64)(value); - } - const mediaType = ns.getMergedTraits().mediaType; - if (ns.isStringSchema() && typeof value === "string" && mediaType) { - const isJson = mediaType === "application/json" || mediaType.endsWith("+json"); - if (isJson) { - return import_serde2.LazyJsonString.from(value); - } - } - if (ns.isTimestampSchema()) { - const options = this.settings.timestampFormat; - const format = options.useTrait ? ns.getSchema() === import_schema.SCHEMA.TIMESTAMP_DEFAULT ? options.default : ns.getSchema() ?? options.default : options.default; - switch (format) { - case import_schema.SCHEMA.TIMESTAMP_DATE_TIME: - return (0, import_serde2.parseRfc3339DateTimeWithOffset)(value); - case import_schema.SCHEMA.TIMESTAMP_HTTP_DATE: - return (0, import_serde2.parseRfc7231DateTime)(value); - case import_schema.SCHEMA.TIMESTAMP_EPOCH_SECONDS: - return (0, import_serde2.parseEpochTimestamp)(value); - default: - console.warn("Missing timestamp format, parsing value with Date constructor:", value); - return new Date(value); - } - } - if (ns.isBigIntegerSchema() && (typeof value === "number" || typeof value === "string")) { - return BigInt(value); - } - if (ns.isBigDecimalSchema() && value != void 0) { - if (value instanceof import_serde2.NumericValue) { - return value; - } - return new import_serde2.NumericValue(String(value), "bigDecimal"); - } - if (ns.isNumericSchema() && typeof value === "string") { - switch (value) { - case "Infinity": - return Infinity; - case "-Infinity": - return -Infinity; - case "NaN": - return NaN; - } - } - return value; - } -}; - -// src/submodules/protocols/json/JsonShapeSerializer.ts -var import_schema2 = __nccwpck_require__(9826); -var import_serde4 = __nccwpck_require__(7669); -var import_serde5 = __nccwpck_require__(7669); - -// src/submodules/protocols/json/jsonReplacer.ts -var import_serde3 = __nccwpck_require__(7669); -var NUMERIC_CONTROL_CHAR = String.fromCharCode(925); -var JsonReplacer = class { - static { - __name(this, "JsonReplacer"); - } - /** - * Stores placeholder key to true serialized value lookup. - */ - values = /* @__PURE__ */ new Map(); - counter = 0; - stage = 0; - /** - * Creates a jsonReplacer function that reserves big integer and big decimal values - * for later replacement. - */ - createReplacer() { - if (this.stage === 1) { - throw new Error("@aws-sdk/core/protocols - JsonReplacer already created."); - } - if (this.stage === 2) { - throw new Error("@aws-sdk/core/protocols - JsonReplacer exhausted."); - } - this.stage = 1; - return (key, value) => { - if (value instanceof import_serde3.NumericValue) { - const v = `${NUMERIC_CONTROL_CHAR + +"nv" + this.counter++}_` + value.string; - this.values.set(`"${v}"`, value.string); - return v; - } - if (typeof value === "bigint") { - const s = value.toString(); - const v = `${NUMERIC_CONTROL_CHAR + "b" + this.counter++}_` + s; - this.values.set(`"${v}"`, s); - return v; - } - return value; - }; - } - /** - * Replaces placeholder keys with their true values. - */ - replaceInJson(json) { - if (this.stage === 0) { - throw new Error("@aws-sdk/core/protocols - JsonReplacer not created yet."); - } - if (this.stage === 2) { - throw new Error("@aws-sdk/core/protocols - JsonReplacer exhausted."); - } - this.stage = 2; - if (this.counter === 0) { - return json; - } - for (const [key, value] of this.values) { - json = json.replace(key, value); - } - return json; - } -}; - -// src/submodules/protocols/json/JsonShapeSerializer.ts -var JsonShapeSerializer = class extends SerdeContextConfig { - constructor(settings) { - super(); - this.settings = settings; - } - static { - __name(this, "JsonShapeSerializer"); - } - buffer; - rootSchema; - write(schema, value) { - this.rootSchema = import_schema2.NormalizedSchema.of(schema); - this.buffer = this._write(this.rootSchema, value); - } - flush() { - if (this.rootSchema?.isStructSchema() || this.rootSchema?.isDocumentSchema()) { - const replacer = new JsonReplacer(); - return replacer.replaceInJson(JSON.stringify(this.buffer, replacer.createReplacer(), 0)); - } - return this.buffer; - } - _write(schema, value, container) { - const isObject = value !== null && typeof value === "object"; - const ns = import_schema2.NormalizedSchema.of(schema); - if (ns.isListSchema() && Array.isArray(value)) { - const listMember = ns.getValueSchema(); - const out = []; - const sparse = !!ns.getMergedTraits().sparse; - for (const item of value) { - if (sparse || item != null) { - out.push(this._write(listMember, item)); - } - } - return out; - } else if (ns.isMapSchema() && isObject) { - const mapMember = ns.getValueSchema(); - const out = {}; - const sparse = !!ns.getMergedTraits().sparse; - for (const [_k, _v] of Object.entries(value)) { - if (sparse || _v != null) { - out[_k] = this._write(mapMember, _v); - } - } - return out; - } else if (ns.isStructSchema() && isObject) { - const out = {}; - for (const [memberName, memberSchema] of ns.structIterator()) { - const targetKey = this.settings.jsonName ? memberSchema.getMergedTraits().jsonName ?? memberName : memberName; - const serializableValue = this._write(memberSchema, value[memberName], ns); - if (serializableValue !== void 0) { - out[targetKey] = serializableValue; - } - } - return out; - } - if (value === null && container?.isStructSchema()) { - return void 0; - } - if (ns.isBlobSchema() && (value instanceof Uint8Array || typeof value === "string")) { - if (ns === this.rootSchema) { - return value; - } - if (!this.serdeContext?.base64Encoder) { - throw new Error("Missing base64Encoder in serdeContext"); - } - return this.serdeContext?.base64Encoder(value); - } - if (ns.isTimestampSchema() && value instanceof Date) { - const options = this.settings.timestampFormat; - const format = options.useTrait ? ns.getSchema() === import_schema2.SCHEMA.TIMESTAMP_DEFAULT ? options.default : ns.getSchema() ?? options.default : options.default; - switch (format) { - case import_schema2.SCHEMA.TIMESTAMP_DATE_TIME: - return value.toISOString().replace(".000Z", "Z"); - case import_schema2.SCHEMA.TIMESTAMP_HTTP_DATE: - return (0, import_serde4.dateToUtcString)(value); - case import_schema2.SCHEMA.TIMESTAMP_EPOCH_SECONDS: - return value.getTime() / 1e3; - default: - console.warn("Missing timestamp format, using epoch seconds", value); - return value.getTime() / 1e3; - } - } - if (ns.isNumericSchema() && typeof value === "number") { - if (Math.abs(value) === Infinity || isNaN(value)) { - return String(value); - } - } - const mediaType = ns.getMergedTraits().mediaType; - if (ns.isStringSchema() && typeof value === "string" && mediaType) { - const isJson = mediaType === "application/json" || mediaType.endsWith("+json"); - if (isJson) { - return import_serde5.LazyJsonString.from(value); - } - } - return value; - } -}; - -// src/submodules/protocols/json/JsonCodec.ts -var JsonCodec = class extends SerdeContextConfig { - constructor(settings) { - super(); - this.settings = settings; - } - static { - __name(this, "JsonCodec"); - } - createSerializer() { - const serializer = new JsonShapeSerializer(this.settings); - serializer.setSerdeContext(this.serdeContext); - return serializer; - } - createDeserializer() { - const deserializer = new JsonShapeDeserializer(this.settings); - deserializer.setSerdeContext(this.serdeContext); - return deserializer; - } -}; - -// src/submodules/protocols/json/AwsJsonRpcProtocol.ts -var AwsJsonRpcProtocol = class extends import_protocols.RpcProtocol { - static { - __name(this, "AwsJsonRpcProtocol"); - } - serializer; - deserializer; - codec; - constructor({ defaultNamespace }) { - super({ - defaultNamespace - }); - this.codec = new JsonCodec({ - timestampFormat: { - useTrait: true, - default: import_schema3.SCHEMA.TIMESTAMP_EPOCH_SECONDS - }, - jsonName: false - }); - this.serializer = this.codec.createSerializer(); - this.deserializer = this.codec.createDeserializer(); - } - async serializeRequest(operationSchema, input, context) { - const request = await super.serializeRequest(operationSchema, input, context); - if (!request.path.endsWith("/")) { - request.path += "/"; - } - Object.assign(request.headers, { - "content-type": `application/x-amz-json-${this.getJsonRpcVersion()}`, - "x-amz-target": (this.getJsonRpcVersion() === "1.0" ? `JsonRpc10.` : `JsonProtocol.`) + import_schema3.NormalizedSchema.of(operationSchema).getName() - }); - if ((0, import_schema3.deref)(operationSchema.input) === "unit" || !request.body) { - request.body = "{}"; - } - try { - request.headers["content-length"] = String((0, import_util_body_length_browser.calculateBodyLength)(request.body)); - } catch (e) { - } - return request; - } - getPayloadCodec() { - return this.codec; - } - async handleError(operationSchema, context, response, dataObject, metadata) { - const errorIdentifier = loadRestJsonErrorCode(response, dataObject) ?? "Unknown"; - let namespace = this.options.defaultNamespace; - let errorName = errorIdentifier; - if (errorIdentifier.includes("#")) { - [namespace, errorName] = errorIdentifier.split("#"); - } - const registry = import_schema3.TypeRegistry.for(namespace); - let errorSchema; - try { - errorSchema = registry.getSchema(errorIdentifier); - } catch (e) { - const baseExceptionSchema = import_schema3.TypeRegistry.for("smithy.ts.sdk.synthetic." + namespace).getBaseException(); - if (baseExceptionSchema) { - const ErrorCtor = baseExceptionSchema.ctor; - throw Object.assign(new ErrorCtor(errorName), dataObject); - } - throw new Error(errorName); - } - const ns = import_schema3.NormalizedSchema.of(errorSchema); - const message = dataObject.message ?? dataObject.Message ?? "Unknown"; - const exception = new errorSchema.ctor(message); - await this.deserializeHttpMessage(errorSchema, context, response, dataObject); - const output = {}; - for (const [name, member] of ns.structIterator()) { - const target = member.getMergedTraits().jsonName ?? name; - output[name] = this.codec.createDeserializer().readObject(member, dataObject[target]); - } - Object.assign(exception, { - $metadata: metadata, - $response: response, - $fault: ns.getMergedTraits().error, - message, - ...output - }); - throw exception; - } -}; - -// src/submodules/protocols/json/AwsJson1_0Protocol.ts -var AwsJson1_0Protocol = class extends AwsJsonRpcProtocol { - static { - __name(this, "AwsJson1_0Protocol"); - } - constructor({ defaultNamespace }) { - super({ - defaultNamespace - }); - } - getShapeId() { - return "aws.protocols#awsJson1_0"; - } - getJsonRpcVersion() { - return "1.0"; - } -}; - -// src/submodules/protocols/json/AwsJson1_1Protocol.ts -var AwsJson1_1Protocol = class extends AwsJsonRpcProtocol { - static { - __name(this, "AwsJson1_1Protocol"); - } - constructor({ defaultNamespace }) { - super({ - defaultNamespace - }); - } - getShapeId() { - return "aws.protocols#awsJson1_1"; - } - getJsonRpcVersion() { - return "1.1"; - } -}; - -// src/submodules/protocols/json/AwsRestJsonProtocol.ts -var import_protocols2 = __nccwpck_require__(2241); -var import_schema4 = __nccwpck_require__(9826); -var import_util_body_length_browser2 = __nccwpck_require__(713); -var AwsRestJsonProtocol = class extends import_protocols2.HttpBindingProtocol { - static { - __name(this, "AwsRestJsonProtocol"); - } - serializer; - deserializer; - codec; - constructor({ defaultNamespace }) { - super({ - defaultNamespace - }); - const settings = { - timestampFormat: { - useTrait: true, - default: import_schema4.SCHEMA.TIMESTAMP_EPOCH_SECONDS - }, - httpBindings: true, - jsonName: true - }; - this.codec = new JsonCodec(settings); - this.serializer = new import_protocols2.HttpInterceptingShapeSerializer(this.codec.createSerializer(), settings); - this.deserializer = new import_protocols2.HttpInterceptingShapeDeserializer(this.codec.createDeserializer(), settings); - } - getShapeId() { - return "aws.protocols#restJson1"; - } - getPayloadCodec() { - return this.codec; - } - setSerdeContext(serdeContext) { - this.codec.setSerdeContext(serdeContext); - super.setSerdeContext(serdeContext); - } - async serializeRequest(operationSchema, input, context) { - const request = await super.serializeRequest(operationSchema, input, context); - const inputSchema = import_schema4.NormalizedSchema.of(operationSchema.input); - const members = inputSchema.getMemberSchemas(); - if (!request.headers["content-type"]) { - const httpPayloadMember = Object.values(members).find((m) => { - return !!m.getMergedTraits().httpPayload; - }); - if (httpPayloadMember) { - const mediaType = httpPayloadMember.getMergedTraits().mediaType; - if (mediaType) { - request.headers["content-type"] = mediaType; - } else if (httpPayloadMember.isStringSchema()) { - request.headers["content-type"] = "text/plain"; - } else if (httpPayloadMember.isBlobSchema()) { - request.headers["content-type"] = "application/octet-stream"; - } else { - request.headers["content-type"] = "application/json"; - } - } else if (!inputSchema.isUnitSchema()) { - const hasBody = Object.values(members).find((m) => { - const { httpQuery, httpQueryParams, httpHeader, httpLabel, httpPrefixHeaders } = m.getMergedTraits(); - return !httpQuery && !httpQueryParams && !httpHeader && !httpLabel && httpPrefixHeaders === void 0; - }); - if (hasBody) { - request.headers["content-type"] = "application/json"; - } - } - } - if (request.headers["content-type"] && !request.body) { - request.body = "{}"; - } - if (request.body) { - try { - request.headers["content-length"] = String((0, import_util_body_length_browser2.calculateBodyLength)(request.body)); - } catch (e) { - } - } - return request; - } - async handleError(operationSchema, context, response, dataObject, metadata) { - const errorIdentifier = loadRestJsonErrorCode(response, dataObject) ?? "Unknown"; - let namespace = this.options.defaultNamespace; - let errorName = errorIdentifier; - if (errorIdentifier.includes("#")) { - [namespace, errorName] = errorIdentifier.split("#"); - } - const registry = import_schema4.TypeRegistry.for(namespace); - let errorSchema; - try { - errorSchema = registry.getSchema(errorIdentifier); - } catch (e) { - const baseExceptionSchema = import_schema4.TypeRegistry.for("smithy.ts.sdk.synthetic." + namespace).getBaseException(); - if (baseExceptionSchema) { - const ErrorCtor = baseExceptionSchema.ctor; - throw Object.assign(new ErrorCtor(errorName), dataObject); - } - throw new Error(errorName); - } - const ns = import_schema4.NormalizedSchema.of(errorSchema); - const message = dataObject.message ?? dataObject.Message ?? "Unknown"; - const exception = new errorSchema.ctor(message); - await this.deserializeHttpMessage(errorSchema, context, response, dataObject); - const output = {}; - for (const [name, member] of ns.structIterator()) { - const target = member.getMergedTraits().jsonName ?? name; - output[name] = this.codec.createDeserializer().readObject(member, dataObject[target]); - } - Object.assign(exception, { - $metadata: metadata, - $response: response, - $fault: ns.getMergedTraits().error, - message, - ...output - }); - throw exception; - } -}; - -// src/submodules/protocols/json/awsExpectUnion.ts -var import_smithy_client2 = __nccwpck_require__(3570); -var awsExpectUnion = /* @__PURE__ */ __name((value) => { - if (value == null) { - return void 0; - } - if (typeof value === "object" && "__type" in value) { - delete value.__type; - } - return (0, import_smithy_client2.expectUnion)(value); -}, "awsExpectUnion"); - -// src/submodules/protocols/query/AwsQueryProtocol.ts -var import_protocols5 = __nccwpck_require__(2241); -var import_schema7 = __nccwpck_require__(9826); -var import_util_body_length_browser3 = __nccwpck_require__(713); - -// src/submodules/protocols/xml/XmlShapeDeserializer.ts -var import_protocols3 = __nccwpck_require__(2241); -var import_schema5 = __nccwpck_require__(9826); -var import_smithy_client3 = __nccwpck_require__(3570); -var import_util_utf8 = __nccwpck_require__(1895); -var import_fast_xml_parser = __nccwpck_require__(2603); -var XmlShapeDeserializer = class extends SerdeContextConfig { - constructor(settings) { - super(); - this.settings = settings; - this.stringDeserializer = new import_protocols3.FromStringShapeDeserializer(settings); - } - static { - __name(this, "XmlShapeDeserializer"); - } - stringDeserializer; - setSerdeContext(serdeContext) { - this.serdeContext = serdeContext; - this.stringDeserializer.setSerdeContext(serdeContext); - } - /** - * @param schema - describing the data. - * @param bytes - serialized data. - * @param key - used by AwsQuery to step one additional depth into the object before reading it. + * @param schema - describing the data. + * @param bytes - serialized data. + * @param key - used by AwsQuery to step one additional depth into the object before reading it. */ read(schema, bytes, key) { const ns = import_schema5.NormalizedSchema.of(schema); @@ -44257,7 +28929,7 @@ var import_util_body_length_browser4 = __nccwpck_require__(713); // src/submodules/protocols/xml/parseXmlBody.ts var import_smithy_client5 = __nccwpck_require__(3570); -var import_fast_xml_parser2 = __nccwpck_require__(2603); +var import_fast_xml_parser2 = __nccwpck_require__(4577); var parseXmlBody = /* @__PURE__ */ __name((streamBody, context) => collectBodyString(streamBody, context).then((encoded) => { if (encoded.length) { const parser = new import_fast_xml_parser2.XMLParser({ @@ -44728,7 +29400,7 @@ var AwsRestXmlProtocol = class extends import_protocols6.HttpBindingProtocol { /***/ }), -/***/ 5972: +/***/ 4407: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; @@ -44766,7 +29438,7 @@ __export(index_exports, { module.exports = __toCommonJS(index_exports); // src/fromEnv.ts -var import_client = __nccwpck_require__(2825); +var import_client = __nccwpck_require__(6510); var import_property_provider = __nccwpck_require__(9721); var ENV_KEY = "AWS_ACCESS_KEY_ID"; var ENV_SECRET = "AWS_SECRET_ACCESS_KEY"; @@ -44804,7 +29476,7 @@ var fromEnv = /* @__PURE__ */ __name((init) => async () => { /***/ }), -/***/ 3757: +/***/ 7519: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; @@ -44858,7 +29530,7 @@ exports.checkUrl = checkUrl; /***/ }), -/***/ 6070: +/***/ 9546: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; @@ -44866,13 +29538,13 @@ exports.checkUrl = checkUrl; Object.defineProperty(exports, "__esModule", ({ value: true })); exports.fromHttp = void 0; const tslib_1 = __nccwpck_require__(4351); -const client_1 = __nccwpck_require__(2825); +const client_1 = __nccwpck_require__(6510); const node_http_handler_1 = __nccwpck_require__(258); const property_provider_1 = __nccwpck_require__(9721); const promises_1 = tslib_1.__importDefault(__nccwpck_require__(3292)); -const checkUrl_1 = __nccwpck_require__(3757); -const requestHelpers_1 = __nccwpck_require__(9287); -const retry_wrapper_1 = __nccwpck_require__(9921); +const checkUrl_1 = __nccwpck_require__(7519); +const requestHelpers_1 = __nccwpck_require__(2707); +const retry_wrapper_1 = __nccwpck_require__(9138); const AWS_CONTAINER_CREDENTIALS_RELATIVE_URI = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"; const DEFAULT_LINK_LOCAL_HOST = "http://169.254.170.2"; const AWS_CONTAINER_CREDENTIALS_FULL_URI = "AWS_CONTAINER_CREDENTIALS_FULL_URI"; @@ -44934,7 +29606,7 @@ exports.fromHttp = fromHttp; /***/ }), -/***/ 9287: +/***/ 2707: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; @@ -44995,7 +29667,7 @@ async function getCredentials(response, logger) { /***/ }), -/***/ 9921: +/***/ 9138: /***/ ((__unused_webpack_module, exports) => { "use strict"; @@ -45020,20 +29692,20 @@ exports.retryWrapper = retryWrapper; /***/ }), -/***/ 7290: +/***/ 5554: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; Object.defineProperty(exports, "__esModule", ({ value: true })); exports.fromHttp = void 0; -var fromHttp_1 = __nccwpck_require__(6070); +var fromHttp_1 = __nccwpck_require__(9546); Object.defineProperty(exports, "fromHttp", ({ enumerable: true, get: function () { return fromHttp_1.fromHttp; } })); /***/ }), -/***/ 4203: +/***/ 5736: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; @@ -45086,12 +29758,12 @@ module.exports = __toCommonJS(index_exports); var import_shared_ini_file_loader = __nccwpck_require__(3507); // src/resolveCredentialSource.ts -var import_client = __nccwpck_require__(2825); +var import_client = __nccwpck_require__(6510); var import_property_provider = __nccwpck_require__(9721); var resolveCredentialSource = /* @__PURE__ */ __name((credentialSource, profileName, logger) => { const sourceProvidersMap = { EcsContainer: /* @__PURE__ */ __name(async (options) => { - const { fromHttp } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(7290))); + const { fromHttp } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(5554))); const { fromContainerMetadata } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(7477))); logger?.debug("@aws-sdk/credential-provider-ini - credential_source is EcsContainer"); return async () => (0, import_property_provider.chain)(fromHttp(options ?? {}), fromContainerMetadata(options))().then(setNamedProvider); @@ -45103,7 +29775,7 @@ var resolveCredentialSource = /* @__PURE__ */ __name((credentialSource, profileN }, "Ec2InstanceMetadata"), Environment: /* @__PURE__ */ __name(async (options) => { logger?.debug("@aws-sdk/credential-provider-ini - credential_source is Environment"); - const { fromEnv } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(5972))); + const { fromEnv } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(4407))); return async () => fromEnv(options)().then(setNamedProvider); }, "Environment") }; @@ -45141,7 +29813,7 @@ var resolveAssumeRoleCredentials = /* @__PURE__ */ __name(async (profileName, pr const profileData = profiles[profileName]; const { source_profile, region } = profileData; if (!options.roleAssumer) { - const { getDefaultRoleAssumer } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(2273))); + const { getDefaultRoleAssumer } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(3764))); options.roleAssumer = getDefaultRoleAssumer( { ...options.clientConfig, @@ -45206,7 +29878,7 @@ var isCredentialSourceWithoutRoleArn = /* @__PURE__ */ __name((section) => { // src/resolveProcessCredentials.ts var isProcessProfile = /* @__PURE__ */ __name((arg) => Boolean(arg) && typeof arg === "object" && typeof arg.credential_process === "string", "isProcessProfile"); -var resolveProcessCredentials = /* @__PURE__ */ __name(async (options, profile) => Promise.resolve().then(() => __toESM(__nccwpck_require__(9969))).then( +var resolveProcessCredentials = /* @__PURE__ */ __name(async (options, profile) => Promise.resolve().then(() => __toESM(__nccwpck_require__(8638))).then( ({ fromProcess }) => fromProcess({ ...options, profile @@ -45216,7 +29888,7 @@ var resolveProcessCredentials = /* @__PURE__ */ __name(async (options, profile) // src/resolveSsoCredentials.ts var resolveSsoCredentials = /* @__PURE__ */ __name(async (profile, profileData, options = {}) => { - const { fromSSO } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(6414))); + const { fromSSO } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(5284))); return fromSSO({ profile, logger: options.logger, @@ -45250,7 +29922,7 @@ var resolveStaticCredentials = /* @__PURE__ */ __name(async (profile, options) = // src/resolveWebIdentityCredentials.ts var isWebIdentityProfile = /* @__PURE__ */ __name((arg) => Boolean(arg) && typeof arg === "object" && typeof arg.web_identity_token_file === "string" && typeof arg.role_arn === "string" && ["undefined", "string"].indexOf(typeof arg.role_session_name) > -1, "isWebIdentityProfile"); -var resolveWebIdentityCredentials = /* @__PURE__ */ __name(async (profile, options) => Promise.resolve().then(() => __toESM(__nccwpck_require__(5646))).then( +var resolveWebIdentityCredentials = /* @__PURE__ */ __name(async (profile, options) => Promise.resolve().then(() => __toESM(__nccwpck_require__(5603))).then( ({ fromTokenFile }) => fromTokenFile({ webIdentityTokenFile: profile.web_identity_token_file, roleArn: profile.role_arn, @@ -45315,7 +29987,7 @@ var fromIni = /* @__PURE__ */ __name((_init = {}) => async ({ callerClientConfig /***/ }), -/***/ 5531: +/***/ 3196: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; @@ -45359,7 +30031,7 @@ __export(index_exports, { module.exports = __toCommonJS(index_exports); // src/defaultProvider.ts -var import_credential_provider_env = __nccwpck_require__(5972); +var import_credential_provider_env = __nccwpck_require__(4407); var import_shared_ini_file_loader = __nccwpck_require__(3507); @@ -45370,7 +30042,7 @@ var remoteProvider = /* @__PURE__ */ __name(async (init) => { const { ENV_CMDS_FULL_URI, ENV_CMDS_RELATIVE_URI, fromContainerMetadata, fromInstanceMetadata } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(7477))); if (process.env[ENV_CMDS_RELATIVE_URI] || process.env[ENV_CMDS_FULL_URI]) { init.logger?.debug("@aws-sdk/credential-provider-node - remoteProvider::fromHttp/fromContainerMetadata"); - const { fromHttp } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(7290))); + const { fromHttp } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(5554))); return (0, import_property_provider.chain)(fromHttp(init), fromContainerMetadata(init)); } if (process.env[ENV_IMDS_DISABLED] && process.env[ENV_IMDS_DISABLED] !== "false") { @@ -45424,553 +30096,40 @@ var defaultProvider = /* @__PURE__ */ __name((init = {}) => (0, import_property_ { logger: init.logger } ); } - const { fromSSO } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(6414))); - return fromSSO(init)(); - }, - async () => { - init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromIni"); - const { fromIni } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(4203))); - return fromIni(init)(); - }, - async () => { - init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromProcess"); - const { fromProcess } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(9969))); - return fromProcess(init)(); - }, - async () => { - init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromTokenFile"); - const { fromTokenFile } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(5646))); - return fromTokenFile(init)(); - }, - async () => { - init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::remoteProvider"); - return (await remoteProvider(init))(); - }, - async () => { - throw new import_property_provider.CredentialsProviderError("Could not load credentials from any providers", { - tryNextLink: false, - logger: init.logger - }); - } - ), - credentialsTreatedAsExpired, - credentialsWillNeedRefresh -), "defaultProvider"); -var credentialsWillNeedRefresh = /* @__PURE__ */ __name((credentials) => credentials?.expiration !== void 0, "credentialsWillNeedRefresh"); -var credentialsTreatedAsExpired = /* @__PURE__ */ __name((credentials) => credentials?.expiration !== void 0 && credentials.expiration.getTime() - Date.now() < 3e5, "credentialsTreatedAsExpired"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 9969: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - fromProcess: () => fromProcess -}); -module.exports = __toCommonJS(index_exports); - -// src/fromProcess.ts -var import_shared_ini_file_loader = __nccwpck_require__(3507); - -// src/resolveProcessCredentials.ts -var import_property_provider = __nccwpck_require__(9721); -var import_child_process = __nccwpck_require__(2081); -var import_util = __nccwpck_require__(3837); - -// src/getValidatedProcessCredentials.ts -var import_client = __nccwpck_require__(2825); -var getValidatedProcessCredentials = /* @__PURE__ */ __name((profileName, data, profiles) => { - if (data.Version !== 1) { - throw Error(`Profile ${profileName} credential_process did not return Version 1.`); - } - if (data.AccessKeyId === void 0 || data.SecretAccessKey === void 0) { - throw Error(`Profile ${profileName} credential_process returned invalid credentials.`); - } - if (data.Expiration) { - const currentTime = /* @__PURE__ */ new Date(); - const expireTime = new Date(data.Expiration); - if (expireTime < currentTime) { - throw Error(`Profile ${profileName} credential_process returned expired credentials.`); - } - } - let accountId = data.AccountId; - if (!accountId && profiles?.[profileName]?.aws_account_id) { - accountId = profiles[profileName].aws_account_id; - } - const credentials = { - accessKeyId: data.AccessKeyId, - secretAccessKey: data.SecretAccessKey, - ...data.SessionToken && { sessionToken: data.SessionToken }, - ...data.Expiration && { expiration: new Date(data.Expiration) }, - ...data.CredentialScope && { credentialScope: data.CredentialScope }, - ...accountId && { accountId } - }; - (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_PROCESS", "w"); - return credentials; -}, "getValidatedProcessCredentials"); - -// src/resolveProcessCredentials.ts -var resolveProcessCredentials = /* @__PURE__ */ __name(async (profileName, profiles, logger) => { - const profile = profiles[profileName]; - if (profiles[profileName]) { - const credentialProcess = profile["credential_process"]; - if (credentialProcess !== void 0) { - const execPromise = (0, import_util.promisify)(import_child_process.exec); - try { - const { stdout } = await execPromise(credentialProcess); - let data; - try { - data = JSON.parse(stdout.trim()); - } catch { - throw Error(`Profile ${profileName} credential_process returned invalid JSON.`); - } - return getValidatedProcessCredentials(profileName, data, profiles); - } catch (error) { - throw new import_property_provider.CredentialsProviderError(error.message, { logger }); - } - } else { - throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} did not contain credential_process.`, { logger }); - } - } else { - throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} could not be found in shared credentials file.`, { - logger - }); - } -}, "resolveProcessCredentials"); - -// src/fromProcess.ts -var fromProcess = /* @__PURE__ */ __name((init = {}) => async ({ callerClientConfig } = {}) => { - init.logger?.debug("@aws-sdk/credential-provider-process - fromProcess"); - const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init); - return resolveProcessCredentials( - (0, import_shared_ini_file_loader.getProfileName)({ - profile: init.profile ?? callerClientConfig?.profile - }), - profiles, - init.logger - ); -}, "fromProcess"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 6414: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __esm = (fn, res) => function __init() { - return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res; -}; -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/loadSso.ts -var loadSso_exports = {}; -__export(loadSso_exports, { - GetRoleCredentialsCommand: () => import_client_sso.GetRoleCredentialsCommand, - SSOClient: () => import_client_sso.SSOClient -}); -var import_client_sso; -var init_loadSso = __esm({ - "src/loadSso.ts"() { - "use strict"; - import_client_sso = __nccwpck_require__(2666); - } -}); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - fromSSO: () => fromSSO, - isSsoProfile: () => isSsoProfile, - validateSsoProfile: () => validateSsoProfile -}); -module.exports = __toCommonJS(index_exports); - -// src/fromSSO.ts - - - -// src/isSsoProfile.ts -var isSsoProfile = /* @__PURE__ */ __name((arg) => arg && (typeof arg.sso_start_url === "string" || typeof arg.sso_account_id === "string" || typeof arg.sso_session === "string" || typeof arg.sso_region === "string" || typeof arg.sso_role_name === "string"), "isSsoProfile"); - -// src/resolveSSOCredentials.ts -var import_client = __nccwpck_require__(2825); -var import_token_providers = __nccwpck_require__(2843); -var import_property_provider = __nccwpck_require__(9721); -var import_shared_ini_file_loader = __nccwpck_require__(3507); -var SHOULD_FAIL_CREDENTIAL_CHAIN = false; -var resolveSSOCredentials = /* @__PURE__ */ __name(async ({ - ssoStartUrl, - ssoSession, - ssoAccountId, - ssoRegion, - ssoRoleName, - ssoClient, - clientConfig, - parentClientConfig, - profile, - logger -}) => { - let token; - const refreshMessage = `To refresh this SSO session run aws sso login with the corresponding profile.`; - if (ssoSession) { - try { - const _token = await (0, import_token_providers.fromSso)({ profile })(); - token = { - accessToken: _token.token, - expiresAt: new Date(_token.expiration).toISOString() - }; - } catch (e) { - throw new import_property_provider.CredentialsProviderError(e.message, { - tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, - logger - }); - } - } else { - try { - token = await (0, import_shared_ini_file_loader.getSSOTokenFromFile)(ssoStartUrl); - } catch (e) { - throw new import_property_provider.CredentialsProviderError(`The SSO session associated with this profile is invalid. ${refreshMessage}`, { - tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, - logger - }); - } - } - if (new Date(token.expiresAt).getTime() - Date.now() <= 0) { - throw new import_property_provider.CredentialsProviderError(`The SSO session associated with this profile has expired. ${refreshMessage}`, { - tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, - logger - }); - } - const { accessToken } = token; - const { SSOClient: SSOClient2, GetRoleCredentialsCommand: GetRoleCredentialsCommand2 } = await Promise.resolve().then(() => (init_loadSso(), loadSso_exports)); - const sso = ssoClient || new SSOClient2( - Object.assign({}, clientConfig ?? {}, { - logger: clientConfig?.logger ?? parentClientConfig?.logger, - region: clientConfig?.region ?? ssoRegion - }) - ); - let ssoResp; - try { - ssoResp = await sso.send( - new GetRoleCredentialsCommand2({ - accountId: ssoAccountId, - roleName: ssoRoleName, - accessToken - }) - ); - } catch (e) { - throw new import_property_provider.CredentialsProviderError(e, { - tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, - logger - }); - } - const { - roleCredentials: { accessKeyId, secretAccessKey, sessionToken, expiration, credentialScope, accountId } = {} - } = ssoResp; - if (!accessKeyId || !secretAccessKey || !sessionToken || !expiration) { - throw new import_property_provider.CredentialsProviderError("SSO returns an invalid temporary credential.", { - tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, - logger - }); - } - const credentials = { - accessKeyId, - secretAccessKey, - sessionToken, - expiration: new Date(expiration), - ...credentialScope && { credentialScope }, - ...accountId && { accountId } - }; - if (ssoSession) { - (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_SSO", "s"); - } else { - (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_SSO_LEGACY", "u"); - } - return credentials; -}, "resolveSSOCredentials"); - -// src/validateSsoProfile.ts - -var validateSsoProfile = /* @__PURE__ */ __name((profile, logger) => { - const { sso_start_url, sso_account_id, sso_region, sso_role_name } = profile; - if (!sso_start_url || !sso_account_id || !sso_region || !sso_role_name) { - throw new import_property_provider.CredentialsProviderError( - `Profile is configured with invalid SSO credentials. Required parameters "sso_account_id", "sso_region", "sso_role_name", "sso_start_url". Got ${Object.keys(profile).join( - ", " - )} -Reference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`, - { tryNextLink: false, logger } - ); - } - return profile; -}, "validateSsoProfile"); - -// src/fromSSO.ts -var fromSSO = /* @__PURE__ */ __name((init = {}) => async ({ callerClientConfig } = {}) => { - init.logger?.debug("@aws-sdk/credential-provider-sso - fromSSO"); - const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoSession } = init; - const { ssoClient } = init; - const profileName = (0, import_shared_ini_file_loader.getProfileName)({ - profile: init.profile ?? callerClientConfig?.profile - }); - if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName && !ssoSession) { - const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init); - const profile = profiles[profileName]; - if (!profile) { - throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} was not found.`, { logger: init.logger }); - } - if (!isSsoProfile(profile)) { - throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} is not configured with SSO credentials.`, { - logger: init.logger - }); - } - if (profile?.sso_session) { - const ssoSessions = await (0, import_shared_ini_file_loader.loadSsoSessionData)(init); - const session = ssoSessions[profile.sso_session]; - const conflictMsg = ` configurations in profile ${profileName} and sso-session ${profile.sso_session}`; - if (ssoRegion && ssoRegion !== session.sso_region) { - throw new import_property_provider.CredentialsProviderError(`Conflicting SSO region` + conflictMsg, { - tryNextLink: false, - logger: init.logger - }); - } - if (ssoStartUrl && ssoStartUrl !== session.sso_start_url) { - throw new import_property_provider.CredentialsProviderError(`Conflicting SSO start_url` + conflictMsg, { - tryNextLink: false, - logger: init.logger - }); - } - profile.sso_region = session.sso_region; - profile.sso_start_url = session.sso_start_url; - } - const { sso_start_url, sso_account_id, sso_region, sso_role_name, sso_session } = validateSsoProfile( - profile, - init.logger - ); - return resolveSSOCredentials({ - ssoStartUrl: sso_start_url, - ssoSession: sso_session, - ssoAccountId: sso_account_id, - ssoRegion: sso_region, - ssoRoleName: sso_role_name, - ssoClient, - clientConfig: init.clientConfig, - parentClientConfig: init.parentClientConfig, - profile: profileName - }); - } else if (!ssoStartUrl || !ssoAccountId || !ssoRegion || !ssoRoleName) { - throw new import_property_provider.CredentialsProviderError( - 'Incomplete configuration. The fromSSO() argument hash must include "ssoStartUrl", "ssoAccountId", "ssoRegion", "ssoRoleName"', - { tryNextLink: false, logger: init.logger } - ); - } else { - return resolveSSOCredentials({ - ssoStartUrl, - ssoSession, - ssoAccountId, - ssoRegion, - ssoRoleName, - ssoClient, - clientConfig: init.clientConfig, - parentClientConfig: init.parentClientConfig, - profile: profileName - }); - } -}, "fromSSO"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 5614: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.fromTokenFile = void 0; -const client_1 = __nccwpck_require__(2825); -const property_provider_1 = __nccwpck_require__(9721); -const fs_1 = __nccwpck_require__(7147); -const fromWebToken_1 = __nccwpck_require__(7905); -const ENV_TOKEN_FILE = "AWS_WEB_IDENTITY_TOKEN_FILE"; -const ENV_ROLE_ARN = "AWS_ROLE_ARN"; -const ENV_ROLE_SESSION_NAME = "AWS_ROLE_SESSION_NAME"; -const fromTokenFile = (init = {}) => async () => { - init.logger?.debug("@aws-sdk/credential-provider-web-identity - fromTokenFile"); - const webIdentityTokenFile = init?.webIdentityTokenFile ?? process.env[ENV_TOKEN_FILE]; - const roleArn = init?.roleArn ?? process.env[ENV_ROLE_ARN]; - const roleSessionName = init?.roleSessionName ?? process.env[ENV_ROLE_SESSION_NAME]; - if (!webIdentityTokenFile || !roleArn) { - throw new property_provider_1.CredentialsProviderError("Web identity configuration not specified", { - logger: init.logger, - }); - } - const credentials = await (0, fromWebToken_1.fromWebToken)({ - ...init, - webIdentityToken: (0, fs_1.readFileSync)(webIdentityTokenFile, { encoding: "ascii" }), - roleArn, - roleSessionName, - })(); - if (webIdentityTokenFile === process.env[ENV_TOKEN_FILE]) { - (0, client_1.setCredentialFeature)(credentials, "CREDENTIALS_ENV_VARS_STS_WEB_ID_TOKEN", "h"); - } - return credentials; -}; -exports.fromTokenFile = fromTokenFile; - - -/***/ }), - -/***/ 7905: -/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { - -"use strict"; - -var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { - if (k2 === undefined) k2 = k; - var desc = Object.getOwnPropertyDescriptor(m, k); - if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { - desc = { enumerable: true, get: function() { return m[k]; } }; - } - Object.defineProperty(o, k2, desc); -}) : (function(o, m, k, k2) { - if (k2 === undefined) k2 = k; - o[k2] = m[k]; -})); -var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { - Object.defineProperty(o, "default", { enumerable: true, value: v }); -}) : function(o, v) { - o["default"] = v; -}); -var __importStar = (this && this.__importStar) || (function () { - var ownKeys = function(o) { - ownKeys = Object.getOwnPropertyNames || function (o) { - var ar = []; - for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k; - return ar; - }; - return ownKeys(o); - }; - return function (mod) { - if (mod && mod.__esModule) return mod; - var result = {}; - if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]); - __setModuleDefault(result, mod); - return result; - }; -})(); -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.fromWebToken = void 0; -const fromWebToken = (init) => async (awsIdentityProperties) => { - init.logger?.debug("@aws-sdk/credential-provider-web-identity - fromWebToken"); - const { roleArn, roleSessionName, webIdentityToken, providerId, policyArns, policy, durationSeconds } = init; - let { roleAssumerWithWebIdentity } = init; - if (!roleAssumerWithWebIdentity) { - const { getDefaultRoleAssumerWithWebIdentity } = await Promise.resolve().then(() => __importStar(__nccwpck_require__(2273))); - roleAssumerWithWebIdentity = getDefaultRoleAssumerWithWebIdentity({ - ...init.clientConfig, - credentialProviderLogger: init.logger, - parentClientConfig: { - ...awsIdentityProperties?.callerClientConfig, - ...init.parentClientConfig, - }, - }, init.clientPlugins); + const { fromSSO } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(5284))); + return fromSSO(init)(); + }, + async () => { + init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromIni"); + const { fromIni } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(5736))); + return fromIni(init)(); + }, + async () => { + init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromProcess"); + const { fromProcess } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(8638))); + return fromProcess(init)(); + }, + async () => { + init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromTokenFile"); + const { fromTokenFile } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(5603))); + return fromTokenFile(init)(); + }, + async () => { + init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::remoteProvider"); + return (await remoteProvider(init))(); + }, + async () => { + throw new import_property_provider.CredentialsProviderError("Could not load credentials from any providers", { + tryNextLink: false, + logger: init.logger + }); } - return roleAssumerWithWebIdentity({ - RoleArn: roleArn, - RoleSessionName: roleSessionName ?? `aws-sdk-js-session-${Date.now()}`, - WebIdentityToken: webIdentityToken, - ProviderId: providerId, - PolicyArns: policyArns, - Policy: policy, - DurationSeconds: durationSeconds, - }); -}; -exports.fromWebToken = fromWebToken; - - -/***/ }), - -/***/ 5646: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default")); -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -module.exports = __toCommonJS(index_exports); -__reExport(index_exports, __nccwpck_require__(5614), module.exports); -__reExport(index_exports, __nccwpck_require__(7905), module.exports); + ), + credentialsTreatedAsExpired, + credentialsWillNeedRefresh +), "defaultProvider"); +var credentialsWillNeedRefresh = /* @__PURE__ */ __name((credentials) => credentials?.expiration !== void 0, "credentialsWillNeedRefresh"); +var credentialsTreatedAsExpired = /* @__PURE__ */ __name((credentials) => credentials?.expiration !== void 0 && credentials.expiration.getTime() - Date.now() < 3e5, "credentialsTreatedAsExpired"); // Annotate the CommonJS export names for ESM import in node: 0 && (0); @@ -45979,7 +30138,7 @@ __reExport(index_exports, __nccwpck_require__(7905), module.exports); /***/ }), -/***/ 6689: +/***/ 8638: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; @@ -46006,426 +30165,91 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru // src/index.ts var index_exports = {}; __export(index_exports, { - NODE_DISABLE_MULTIREGION_ACCESS_POINT_CONFIG_OPTIONS: () => NODE_DISABLE_MULTIREGION_ACCESS_POINT_CONFIG_OPTIONS, - NODE_DISABLE_MULTIREGION_ACCESS_POINT_ENV_NAME: () => NODE_DISABLE_MULTIREGION_ACCESS_POINT_ENV_NAME, - NODE_DISABLE_MULTIREGION_ACCESS_POINT_INI_NAME: () => NODE_DISABLE_MULTIREGION_ACCESS_POINT_INI_NAME, - NODE_USE_ARN_REGION_CONFIG_OPTIONS: () => NODE_USE_ARN_REGION_CONFIG_OPTIONS, - NODE_USE_ARN_REGION_ENV_NAME: () => NODE_USE_ARN_REGION_ENV_NAME, - NODE_USE_ARN_REGION_INI_NAME: () => NODE_USE_ARN_REGION_INI_NAME, - bucketEndpointMiddleware: () => bucketEndpointMiddleware, - bucketEndpointMiddlewareOptions: () => bucketEndpointMiddlewareOptions, - bucketHostname: () => bucketHostname, - getArnResources: () => getArnResources, - getBucketEndpointPlugin: () => getBucketEndpointPlugin, - getSuffixForArnEndpoint: () => getSuffixForArnEndpoint, - resolveBucketEndpointConfig: () => resolveBucketEndpointConfig, - validateAccountId: () => validateAccountId, - validateDNSHostLabel: () => validateDNSHostLabel, - validateNoDualstack: () => validateNoDualstack, - validateNoFIPS: () => validateNoFIPS, - validateOutpostService: () => validateOutpostService, - validatePartition: () => validatePartition, - validateRegion: () => validateRegion + fromProcess: () => fromProcess }); module.exports = __toCommonJS(index_exports); -// src/NodeDisableMultiregionAccessPointConfigOptions.ts -var import_util_config_provider = __nccwpck_require__(3375); -var NODE_DISABLE_MULTIREGION_ACCESS_POINT_ENV_NAME = "AWS_S3_DISABLE_MULTIREGION_ACCESS_POINTS"; -var NODE_DISABLE_MULTIREGION_ACCESS_POINT_INI_NAME = "s3_disable_multiregion_access_points"; -var NODE_DISABLE_MULTIREGION_ACCESS_POINT_CONFIG_OPTIONS = { - environmentVariableSelector: /* @__PURE__ */ __name((env) => (0, import_util_config_provider.booleanSelector)(env, NODE_DISABLE_MULTIREGION_ACCESS_POINT_ENV_NAME, import_util_config_provider.SelectorType.ENV), "environmentVariableSelector"), - configFileSelector: /* @__PURE__ */ __name((profile) => (0, import_util_config_provider.booleanSelector)(profile, NODE_DISABLE_MULTIREGION_ACCESS_POINT_INI_NAME, import_util_config_provider.SelectorType.CONFIG), "configFileSelector"), - default: false -}; - -// src/NodeUseArnRegionConfigOptions.ts - -var NODE_USE_ARN_REGION_ENV_NAME = "AWS_S3_USE_ARN_REGION"; -var NODE_USE_ARN_REGION_INI_NAME = "s3_use_arn_region"; -var NODE_USE_ARN_REGION_CONFIG_OPTIONS = { - environmentVariableSelector: /* @__PURE__ */ __name((env) => (0, import_util_config_provider.booleanSelector)(env, NODE_USE_ARN_REGION_ENV_NAME, import_util_config_provider.SelectorType.ENV), "environmentVariableSelector"), - configFileSelector: /* @__PURE__ */ __name((profile) => (0, import_util_config_provider.booleanSelector)(profile, NODE_USE_ARN_REGION_INI_NAME, import_util_config_provider.SelectorType.CONFIG), "configFileSelector"), - /** - * useArnRegion has specific behavior when undefined instead of false. - * We therefore use undefined as the default value instead of false. - */ - default: void 0 -}; +// src/fromProcess.ts +var import_shared_ini_file_loader = __nccwpck_require__(3507); -// src/bucketEndpointMiddleware.ts -var import_util_arn_parser = __nccwpck_require__(5487); -var import_protocol_http = __nccwpck_require__(4418); +// src/resolveProcessCredentials.ts +var import_property_provider = __nccwpck_require__(9721); +var import_child_process = __nccwpck_require__(2081); +var import_util = __nccwpck_require__(3837); -// src/bucketHostnameUtils.ts -var DOMAIN_PATTERN = /^[a-z0-9][a-z0-9\.\-]{1,61}[a-z0-9]$/; -var IP_ADDRESS_PATTERN = /(\d+\.){3}\d+/; -var DOTS_PATTERN = /\.\./; -var DOT_PATTERN = /\./; -var S3_HOSTNAME_PATTERN = /^(.+\.)?s3(-fips)?(\.dualstack)?[.-]([a-z0-9-]+)\./; -var S3_US_EAST_1_ALTNAME_PATTERN = /^s3(-external-1)?\.amazonaws\.com$/; -var AWS_PARTITION_SUFFIX = "amazonaws.com"; -var isBucketNameOptions = /* @__PURE__ */ __name((options) => typeof options.bucketName === "string", "isBucketNameOptions"); -var isDnsCompatibleBucketName = /* @__PURE__ */ __name((bucketName) => DOMAIN_PATTERN.test(bucketName) && !IP_ADDRESS_PATTERN.test(bucketName) && !DOTS_PATTERN.test(bucketName), "isDnsCompatibleBucketName"); -var getRegionalSuffix = /* @__PURE__ */ __name((hostname) => { - const parts = hostname.match(S3_HOSTNAME_PATTERN); - return [parts[4], hostname.replace(new RegExp(`^${parts[0]}`), "")]; -}, "getRegionalSuffix"); -var getSuffix = /* @__PURE__ */ __name((hostname) => S3_US_EAST_1_ALTNAME_PATTERN.test(hostname) ? ["us-east-1", AWS_PARTITION_SUFFIX] : getRegionalSuffix(hostname), "getSuffix"); -var getSuffixForArnEndpoint = /* @__PURE__ */ __name((hostname) => S3_US_EAST_1_ALTNAME_PATTERN.test(hostname) ? [hostname.replace(`.${AWS_PARTITION_SUFFIX}`, ""), AWS_PARTITION_SUFFIX] : getRegionalSuffix(hostname), "getSuffixForArnEndpoint"); -var validateArnEndpointOptions = /* @__PURE__ */ __name((options) => { - if (options.pathStyleEndpoint) { - throw new Error("Path-style S3 endpoint is not supported when bucket is an ARN"); - } - if (options.accelerateEndpoint) { - throw new Error("Accelerate endpoint is not supported when bucket is an ARN"); - } - if (!options.tlsCompatible) { - throw new Error("HTTPS is required when bucket is an ARN"); - } -}, "validateArnEndpointOptions"); -var validateService = /* @__PURE__ */ __name((service) => { - if (service !== "s3" && service !== "s3-outposts" && service !== "s3-object-lambda") { - throw new Error("Expect 's3' or 's3-outposts' or 's3-object-lambda' in ARN service component"); - } -}, "validateService"); -var validateS3Service = /* @__PURE__ */ __name((service) => { - if (service !== "s3") { - throw new Error("Expect 's3' in Accesspoint ARN service component"); - } -}, "validateS3Service"); -var validateOutpostService = /* @__PURE__ */ __name((service) => { - if (service !== "s3-outposts") { - throw new Error("Expect 's3-posts' in Outpost ARN service component"); - } -}, "validateOutpostService"); -var validatePartition = /* @__PURE__ */ __name((partition, options) => { - if (partition !== options.clientPartition) { - throw new Error(`Partition in ARN is incompatible, got "${partition}" but expected "${options.clientPartition}"`); - } -}, "validatePartition"); -var validateRegion = /* @__PURE__ */ __name((region, options) => { -}, "validateRegion"); -var validateRegionalClient = /* @__PURE__ */ __name((region) => { - if (["s3-external-1", "aws-global"].includes(region)) { - throw new Error(`Client region ${region} is not regional`); - } -}, "validateRegionalClient"); -var validateAccountId = /* @__PURE__ */ __name((accountId) => { - if (!/[0-9]{12}/.exec(accountId)) { - throw new Error("Access point ARN accountID does not match regex '[0-9]{12}'"); - } -}, "validateAccountId"); -var validateDNSHostLabel = /* @__PURE__ */ __name((label, options = { tlsCompatible: true }) => { - if (label.length >= 64 || !/^[a-z0-9][a-z0-9.-]*[a-z0-9]$/.test(label) || /(\d+\.){3}\d+/.test(label) || /[.-]{2}/.test(label) || options?.tlsCompatible && DOT_PATTERN.test(label)) { - throw new Error(`Invalid DNS label ${label}`); +// src/getValidatedProcessCredentials.ts +var import_client = __nccwpck_require__(6510); +var getValidatedProcessCredentials = /* @__PURE__ */ __name((profileName, data, profiles) => { + if (data.Version !== 1) { + throw Error(`Profile ${profileName} credential_process did not return Version 1.`); } -}, "validateDNSHostLabel"); -var validateCustomEndpoint = /* @__PURE__ */ __name((options) => { - if (options.isCustomEndpoint) { - if (options.dualstackEndpoint) throw new Error("Dualstack endpoint is not supported with custom endpoint"); - if (options.accelerateEndpoint) throw new Error("Accelerate endpoint is not supported with custom endpoint"); + if (data.AccessKeyId === void 0 || data.SecretAccessKey === void 0) { + throw Error(`Profile ${profileName} credential_process returned invalid credentials.`); } -}, "validateCustomEndpoint"); -var getArnResources = /* @__PURE__ */ __name((resource) => { - const delimiter = resource.includes(":") ? ":" : "/"; - const [resourceType, ...rest] = resource.split(delimiter); - if (resourceType === "accesspoint") { - if (rest.length !== 1 || rest[0] === "") { - throw new Error(`Access Point ARN should have one resource accesspoint${delimiter}{accesspointname}`); - } - return { accesspointName: rest[0] }; - } else if (resourceType === "outpost") { - if (!rest[0] || rest[1] !== "accesspoint" || !rest[2] || rest.length !== 3) { - throw new Error( - `Outpost ARN should have resource outpost${delimiter}{outpostId}${delimiter}accesspoint${delimiter}{accesspointName}` - ); + if (data.Expiration) { + const currentTime = /* @__PURE__ */ new Date(); + const expireTime = new Date(data.Expiration); + if (expireTime < currentTime) { + throw Error(`Profile ${profileName} credential_process returned expired credentials.`); } - const [outpostId, _, accesspointName] = rest; - return { outpostId, accesspointName }; - } else { - throw new Error(`ARN resource should begin with 'accesspoint${delimiter}' or 'outpost${delimiter}'`); - } -}, "getArnResources"); -var validateNoDualstack = /* @__PURE__ */ __name((dualstackEndpoint) => { -}, "validateNoDualstack"); -var validateNoFIPS = /* @__PURE__ */ __name((useFipsEndpoint) => { - if (useFipsEndpoint) throw new Error(`FIPS region is not supported with Outpost.`); -}, "validateNoFIPS"); -var validateMrapAlias = /* @__PURE__ */ __name((name) => { - try { - name.split(".").forEach((label) => { - validateDNSHostLabel(label); - }); - } catch (e) { - throw new Error(`"${name}" is not a DNS compatible name.`); - } -}, "validateMrapAlias"); - -// src/bucketHostname.ts -var bucketHostname = /* @__PURE__ */ __name((options) => { - validateCustomEndpoint(options); - return isBucketNameOptions(options) ? ( - // Construct endpoint when bucketName is a string referring to a bucket name - getEndpointFromBucketName(options) - ) : ( - // Construct endpoint when bucketName is an ARN referring to an S3 resource like Access Point - getEndpointFromArn(options) - ); -}, "bucketHostname"); -var getEndpointFromBucketName = /* @__PURE__ */ __name(({ - accelerateEndpoint = false, - clientRegion: region, - baseHostname, - bucketName, - dualstackEndpoint = false, - fipsEndpoint = false, - pathStyleEndpoint = false, - tlsCompatible = true, - isCustomEndpoint = false -}) => { - const [clientRegion, hostnameSuffix] = isCustomEndpoint ? [region, baseHostname] : getSuffix(baseHostname); - if (pathStyleEndpoint || !isDnsCompatibleBucketName(bucketName) || tlsCompatible && DOT_PATTERN.test(bucketName)) { - return { - bucketEndpoint: false, - hostname: dualstackEndpoint ? `s3.dualstack.${clientRegion}.${hostnameSuffix}` : baseHostname - }; - } - if (accelerateEndpoint) { - baseHostname = `s3-accelerate${dualstackEndpoint ? ".dualstack" : ""}.${hostnameSuffix}`; - } else if (dualstackEndpoint) { - baseHostname = `s3.dualstack.${clientRegion}.${hostnameSuffix}`; - } - return { - bucketEndpoint: true, - hostname: `${bucketName}.${baseHostname}` - }; -}, "getEndpointFromBucketName"); -var getEndpointFromArn = /* @__PURE__ */ __name((options) => { - const { isCustomEndpoint, baseHostname, clientRegion } = options; - const hostnameSuffix = isCustomEndpoint ? baseHostname : getSuffixForArnEndpoint(baseHostname)[1]; - const { - pathStyleEndpoint, - accelerateEndpoint = false, - fipsEndpoint = false, - tlsCompatible = true, - bucketName, - clientPartition = "aws" - } = options; - validateArnEndpointOptions({ pathStyleEndpoint, accelerateEndpoint, tlsCompatible }); - const { service, partition, accountId, region, resource } = bucketName; - validateService(service); - validatePartition(partition, { clientPartition }); - validateAccountId(accountId); - const { accesspointName, outpostId } = getArnResources(resource); - if (service === "s3-object-lambda") { - return getEndpointFromObjectLambdaArn({ ...options, tlsCompatible, bucketName, accesspointName, hostnameSuffix }); - } - if (region === "") { - return getEndpointFromMRAPArn({ ...options, clientRegion, mrapAlias: accesspointName, hostnameSuffix }); - } - if (outpostId) { - return getEndpointFromOutpostArn({ ...options, clientRegion, outpostId, accesspointName, hostnameSuffix }); } - return getEndpointFromAccessPointArn({ ...options, clientRegion, accesspointName, hostnameSuffix }); -}, "getEndpointFromArn"); -var getEndpointFromObjectLambdaArn = /* @__PURE__ */ __name(({ - dualstackEndpoint = false, - fipsEndpoint = false, - tlsCompatible = true, - useArnRegion, - clientRegion, - clientSigningRegion = clientRegion, - accesspointName, - bucketName, - hostnameSuffix -}) => { - const { accountId, region, service } = bucketName; - validateRegionalClient(clientRegion); - const DNSHostLabel = `${accesspointName}-${accountId}`; - validateDNSHostLabel(DNSHostLabel, { tlsCompatible }); - const endpointRegion = useArnRegion ? region : clientRegion; - const signingRegion = useArnRegion ? region : clientSigningRegion; - return { - bucketEndpoint: true, - hostname: `${DNSHostLabel}.${service}${fipsEndpoint ? "-fips" : ""}.${endpointRegion}.${hostnameSuffix}`, - signingRegion, - signingService: service - }; -}, "getEndpointFromObjectLambdaArn"); -var getEndpointFromMRAPArn = /* @__PURE__ */ __name(({ - disableMultiregionAccessPoints, - dualstackEndpoint = false, - isCustomEndpoint, - mrapAlias, - hostnameSuffix -}) => { - if (disableMultiregionAccessPoints === true) { - throw new Error("SDK is attempting to use a MRAP ARN. Please enable to feature."); + let accountId = data.AccountId; + if (!accountId && profiles?.[profileName]?.aws_account_id) { + accountId = profiles[profileName].aws_account_id; } - validateMrapAlias(mrapAlias); - return { - bucketEndpoint: true, - hostname: `${mrapAlias}${isCustomEndpoint ? "" : `.accesspoint.s3-global`}.${hostnameSuffix}`, - signingRegion: "*" - }; -}, "getEndpointFromMRAPArn"); -var getEndpointFromOutpostArn = /* @__PURE__ */ __name(({ - useArnRegion, - clientRegion, - clientSigningRegion = clientRegion, - bucketName, - outpostId, - dualstackEndpoint = false, - fipsEndpoint = false, - tlsCompatible = true, - accesspointName, - isCustomEndpoint, - hostnameSuffix -}) => { - validateRegionalClient(clientRegion); - const DNSHostLabel = `${accesspointName}-${bucketName.accountId}`; - validateDNSHostLabel(DNSHostLabel, { tlsCompatible }); - const endpointRegion = useArnRegion ? bucketName.region : clientRegion; - const signingRegion = useArnRegion ? bucketName.region : clientSigningRegion; - validateOutpostService(bucketName.service); - validateDNSHostLabel(outpostId, { tlsCompatible }); - validateNoFIPS(fipsEndpoint); - const hostnamePrefix = `${DNSHostLabel}.${outpostId}`; - return { - bucketEndpoint: true, - hostname: `${hostnamePrefix}${isCustomEndpoint ? "" : `.s3-outposts.${endpointRegion}`}.${hostnameSuffix}`, - signingRegion, - signingService: "s3-outposts" - }; -}, "getEndpointFromOutpostArn"); -var getEndpointFromAccessPointArn = /* @__PURE__ */ __name(({ - useArnRegion, - clientRegion, - clientSigningRegion = clientRegion, - bucketName, - dualstackEndpoint = false, - fipsEndpoint = false, - tlsCompatible = true, - accesspointName, - isCustomEndpoint, - hostnameSuffix -}) => { - validateRegionalClient(clientRegion); - const hostnamePrefix = `${accesspointName}-${bucketName.accountId}`; - validateDNSHostLabel(hostnamePrefix, { tlsCompatible }); - const endpointRegion = useArnRegion ? bucketName.region : clientRegion; - const signingRegion = useArnRegion ? bucketName.region : clientSigningRegion; - validateS3Service(bucketName.service); - return { - bucketEndpoint: true, - hostname: `${hostnamePrefix}${isCustomEndpoint ? "" : `.s3-accesspoint${fipsEndpoint ? "-fips" : ""}${dualstackEndpoint ? ".dualstack" : ""}.${endpointRegion}`}.${hostnameSuffix}`, - signingRegion + const credentials = { + accessKeyId: data.AccessKeyId, + secretAccessKey: data.SecretAccessKey, + ...data.SessionToken && { sessionToken: data.SessionToken }, + ...data.Expiration && { expiration: new Date(data.Expiration) }, + ...data.CredentialScope && { credentialScope: data.CredentialScope }, + ...accountId && { accountId } }; -}, "getEndpointFromAccessPointArn"); + (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_PROCESS", "w"); + return credentials; +}, "getValidatedProcessCredentials"); -// src/bucketEndpointMiddleware.ts -var bucketEndpointMiddleware = /* @__PURE__ */ __name((options) => (next, context) => async (args) => { - const { Bucket: bucketName } = args.input; - let replaceBucketInPath = options.bucketEndpoint; - const request = args.request; - if (import_protocol_http.HttpRequest.isInstance(request)) { - if (options.bucketEndpoint) { - request.hostname = bucketName; - } else if ((0, import_util_arn_parser.validate)(bucketName)) { - const bucketArn = (0, import_util_arn_parser.parse)(bucketName); - const clientRegion = await options.region(); - const useDualstackEndpoint = await options.useDualstackEndpoint(); - const useFipsEndpoint = await options.useFipsEndpoint(); - const { partition, signingRegion = clientRegion } = await options.regionInfoProvider(clientRegion, { useDualstackEndpoint, useFipsEndpoint }) || {}; - const useArnRegion = await options.useArnRegion(); - const { - hostname, - bucketEndpoint, - signingRegion: modifiedSigningRegion, - signingService - } = bucketHostname({ - bucketName: bucketArn, - baseHostname: request.hostname, - accelerateEndpoint: options.useAccelerateEndpoint, - dualstackEndpoint: useDualstackEndpoint, - fipsEndpoint: useFipsEndpoint, - pathStyleEndpoint: options.forcePathStyle, - tlsCompatible: request.protocol === "https:", - useArnRegion, - clientPartition: partition, - clientSigningRegion: signingRegion, - clientRegion, - isCustomEndpoint: options.isCustomEndpoint, - disableMultiregionAccessPoints: await options.disableMultiregionAccessPoints() - }); - if (modifiedSigningRegion && modifiedSigningRegion !== signingRegion) { - context["signing_region"] = modifiedSigningRegion; - } - if (signingService && signingService !== "s3") { - context["signing_service"] = signingService; - } - request.hostname = hostname; - replaceBucketInPath = bucketEndpoint; - } else { - const clientRegion = await options.region(); - const dualstackEndpoint = await options.useDualstackEndpoint(); - const fipsEndpoint = await options.useFipsEndpoint(); - const { hostname, bucketEndpoint } = bucketHostname({ - bucketName, - clientRegion, - baseHostname: request.hostname, - accelerateEndpoint: options.useAccelerateEndpoint, - dualstackEndpoint, - fipsEndpoint, - pathStyleEndpoint: options.forcePathStyle, - tlsCompatible: request.protocol === "https:", - isCustomEndpoint: options.isCustomEndpoint - }); - request.hostname = hostname; - replaceBucketInPath = bucketEndpoint; - } - if (replaceBucketInPath) { - request.path = request.path.replace(/^(\/)?[^\/]+/, ""); - if (request.path === "") { - request.path = "/"; +// src/resolveProcessCredentials.ts +var resolveProcessCredentials = /* @__PURE__ */ __name(async (profileName, profiles, logger) => { + const profile = profiles[profileName]; + if (profiles[profileName]) { + const credentialProcess = profile["credential_process"]; + if (credentialProcess !== void 0) { + const execPromise = (0, import_util.promisify)(import_child_process.exec); + try { + const { stdout } = await execPromise(credentialProcess); + let data; + try { + data = JSON.parse(stdout.trim()); + } catch { + throw Error(`Profile ${profileName} credential_process returned invalid JSON.`); + } + return getValidatedProcessCredentials(profileName, data, profiles); + } catch (error) { + throw new import_property_provider.CredentialsProviderError(error.message, { logger }); } - } - } - return next({ ...args, request }); -}, "bucketEndpointMiddleware"); -var bucketEndpointMiddlewareOptions = { - tags: ["BUCKET_ENDPOINT"], - name: "bucketEndpointMiddleware", - relation: "before", - toMiddleware: "hostHeaderMiddleware", - override: true -}; -var getBucketEndpointPlugin = /* @__PURE__ */ __name((options) => ({ - applyToStack: /* @__PURE__ */ __name((clientStack) => { - clientStack.addRelativeTo(bucketEndpointMiddleware(options), bucketEndpointMiddlewareOptions); - }, "applyToStack") -}), "getBucketEndpointPlugin"); + } else { + throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} did not contain credential_process.`, { logger }); + } + } else { + throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} could not be found in shared credentials file.`, { + logger + }); + } +}, "resolveProcessCredentials"); -// src/configurations.ts -function resolveBucketEndpointConfig(input) { - const { - bucketEndpoint = false, - forcePathStyle = false, - useAccelerateEndpoint = false, - // useArnRegion has specific behavior when undefined instead of false. - useArnRegion, - disableMultiregionAccessPoints = false - } = input; - return Object.assign(input, { - bucketEndpoint, - forcePathStyle, - useAccelerateEndpoint, - useArnRegion: typeof useArnRegion === "function" ? useArnRegion : () => Promise.resolve(useArnRegion), - disableMultiregionAccessPoints: typeof disableMultiregionAccessPoints === "function" ? disableMultiregionAccessPoints : () => Promise.resolve(disableMultiregionAccessPoints) - }); -} -__name(resolveBucketEndpointConfig, "resolveBucketEndpointConfig"); +// src/fromProcess.ts +var fromProcess = /* @__PURE__ */ __name((init = {}) => async ({ callerClientConfig } = {}) => { + init.logger?.debug("@aws-sdk/credential-provider-process - fromProcess"); + const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init); + return resolveProcessCredentials( + (0, import_shared_ini_file_loader.getProfileName)({ + profile: init.profile ?? callerClientConfig?.profile + }), + profiles, + init.logger + ); +}, "fromProcess"); // Annotate the CommonJS export names for ESM import in node: 0 && (0); @@ -46434,7 +30258,7 @@ __name(resolveBucketEndpointConfig, "resolveBucketEndpointConfig"); /***/ }), -/***/ 1990: +/***/ 5284: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; @@ -46444,6 +30268,9 @@ var __getOwnPropDesc = Object.getOwnPropertyDescriptor; var __getOwnPropNames = Object.getOwnPropertyNames; var __hasOwnProp = Object.prototype.hasOwnProperty; var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __esm = (fn, res) => function __init() { + return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res; +}; var __export = (target, all) => { for (var name in all) __defProp(target, name, { get: all[name], enumerable: true }); @@ -46458,44 +30285,221 @@ var __copyProps = (to, from, except, desc) => { }; var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); +// src/loadSso.ts +var loadSso_exports = {}; +__export(loadSso_exports, { + GetRoleCredentialsCommand: () => import_client_sso.GetRoleCredentialsCommand, + SSOClient: () => import_client_sso.SSOClient +}); +var import_client_sso; +var init_loadSso = __esm({ + "src/loadSso.ts"() { + "use strict"; + import_client_sso = __nccwpck_require__(1687); + } +}); + // src/index.ts var index_exports = {}; __export(index_exports, { - addExpectContinueMiddleware: () => addExpectContinueMiddleware, - addExpectContinueMiddlewareOptions: () => addExpectContinueMiddlewareOptions, - getAddExpectContinuePlugin: () => getAddExpectContinuePlugin + fromSSO: () => fromSSO, + isSsoProfile: () => isSsoProfile, + validateSsoProfile: () => validateSsoProfile }); module.exports = __toCommonJS(index_exports); -var import_protocol_http = __nccwpck_require__(4418); -function addExpectContinueMiddleware(options) { - return (next) => async (args) => { - const { request } = args; - if (import_protocol_http.HttpRequest.isInstance(request) && request.body && options.runtime === "node") { - if (options.requestHandler?.constructor?.name !== "FetchHttpHandler") { - request.headers = { - ...request.headers, - Expect: "100-continue" - }; - } + +// src/fromSSO.ts + + + +// src/isSsoProfile.ts +var isSsoProfile = /* @__PURE__ */ __name((arg) => arg && (typeof arg.sso_start_url === "string" || typeof arg.sso_account_id === "string" || typeof arg.sso_session === "string" || typeof arg.sso_region === "string" || typeof arg.sso_role_name === "string"), "isSsoProfile"); + +// src/resolveSSOCredentials.ts +var import_client = __nccwpck_require__(6510); +var import_token_providers = __nccwpck_require__(7182); +var import_property_provider = __nccwpck_require__(9721); +var import_shared_ini_file_loader = __nccwpck_require__(3507); +var SHOULD_FAIL_CREDENTIAL_CHAIN = false; +var resolveSSOCredentials = /* @__PURE__ */ __name(async ({ + ssoStartUrl, + ssoSession, + ssoAccountId, + ssoRegion, + ssoRoleName, + ssoClient, + clientConfig, + parentClientConfig, + profile, + logger +}) => { + let token; + const refreshMessage = `To refresh this SSO session run aws sso login with the corresponding profile.`; + if (ssoSession) { + try { + const _token = await (0, import_token_providers.fromSso)({ profile })(); + token = { + accessToken: _token.token, + expiresAt: new Date(_token.expiration).toISOString() + }; + } catch (e) { + throw new import_property_provider.CredentialsProviderError(e.message, { + tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, + logger + }); } - return next({ - ...args, - request + } else { + try { + token = await (0, import_shared_ini_file_loader.getSSOTokenFromFile)(ssoStartUrl); + } catch (e) { + throw new import_property_provider.CredentialsProviderError(`The SSO session associated with this profile is invalid. ${refreshMessage}`, { + tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, + logger + }); + } + } + if (new Date(token.expiresAt).getTime() - Date.now() <= 0) { + throw new import_property_provider.CredentialsProviderError(`The SSO session associated with this profile has expired. ${refreshMessage}`, { + tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, + logger + }); + } + const { accessToken } = token; + const { SSOClient: SSOClient2, GetRoleCredentialsCommand: GetRoleCredentialsCommand2 } = await Promise.resolve().then(() => (init_loadSso(), loadSso_exports)); + const sso = ssoClient || new SSOClient2( + Object.assign({}, clientConfig ?? {}, { + logger: clientConfig?.logger ?? parentClientConfig?.logger, + region: clientConfig?.region ?? ssoRegion + }) + ); + let ssoResp; + try { + ssoResp = await sso.send( + new GetRoleCredentialsCommand2({ + accountId: ssoAccountId, + roleName: ssoRoleName, + accessToken + }) + ); + } catch (e) { + throw new import_property_provider.CredentialsProviderError(e, { + tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, + logger + }); + } + const { + roleCredentials: { accessKeyId, secretAccessKey, sessionToken, expiration, credentialScope, accountId } = {} + } = ssoResp; + if (!accessKeyId || !secretAccessKey || !sessionToken || !expiration) { + throw new import_property_provider.CredentialsProviderError("SSO returns an invalid temporary credential.", { + tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, + logger }); + } + const credentials = { + accessKeyId, + secretAccessKey, + sessionToken, + expiration: new Date(expiration), + ...credentialScope && { credentialScope }, + ...accountId && { accountId } }; -} -__name(addExpectContinueMiddleware, "addExpectContinueMiddleware"); -var addExpectContinueMiddlewareOptions = { - step: "build", - tags: ["SET_EXPECT_HEADER", "EXPECT_HEADER"], - name: "addExpectContinueMiddleware", - override: true -}; -var getAddExpectContinuePlugin = /* @__PURE__ */ __name((options) => ({ - applyToStack: /* @__PURE__ */ __name((clientStack) => { - clientStack.add(addExpectContinueMiddleware(options), addExpectContinueMiddlewareOptions); - }, "applyToStack") -}), "getAddExpectContinuePlugin"); + if (ssoSession) { + (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_SSO", "s"); + } else { + (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_SSO_LEGACY", "u"); + } + return credentials; +}, "resolveSSOCredentials"); + +// src/validateSsoProfile.ts + +var validateSsoProfile = /* @__PURE__ */ __name((profile, logger) => { + const { sso_start_url, sso_account_id, sso_region, sso_role_name } = profile; + if (!sso_start_url || !sso_account_id || !sso_region || !sso_role_name) { + throw new import_property_provider.CredentialsProviderError( + `Profile is configured with invalid SSO credentials. Required parameters "sso_account_id", "sso_region", "sso_role_name", "sso_start_url". Got ${Object.keys(profile).join( + ", " + )} +Reference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`, + { tryNextLink: false, logger } + ); + } + return profile; +}, "validateSsoProfile"); + +// src/fromSSO.ts +var fromSSO = /* @__PURE__ */ __name((init = {}) => async ({ callerClientConfig } = {}) => { + init.logger?.debug("@aws-sdk/credential-provider-sso - fromSSO"); + const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoSession } = init; + const { ssoClient } = init; + const profileName = (0, import_shared_ini_file_loader.getProfileName)({ + profile: init.profile ?? callerClientConfig?.profile + }); + if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName && !ssoSession) { + const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init); + const profile = profiles[profileName]; + if (!profile) { + throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} was not found.`, { logger: init.logger }); + } + if (!isSsoProfile(profile)) { + throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} is not configured with SSO credentials.`, { + logger: init.logger + }); + } + if (profile?.sso_session) { + const ssoSessions = await (0, import_shared_ini_file_loader.loadSsoSessionData)(init); + const session = ssoSessions[profile.sso_session]; + const conflictMsg = ` configurations in profile ${profileName} and sso-session ${profile.sso_session}`; + if (ssoRegion && ssoRegion !== session.sso_region) { + throw new import_property_provider.CredentialsProviderError(`Conflicting SSO region` + conflictMsg, { + tryNextLink: false, + logger: init.logger + }); + } + if (ssoStartUrl && ssoStartUrl !== session.sso_start_url) { + throw new import_property_provider.CredentialsProviderError(`Conflicting SSO start_url` + conflictMsg, { + tryNextLink: false, + logger: init.logger + }); + } + profile.sso_region = session.sso_region; + profile.sso_start_url = session.sso_start_url; + } + const { sso_start_url, sso_account_id, sso_region, sso_role_name, sso_session } = validateSsoProfile( + profile, + init.logger + ); + return resolveSSOCredentials({ + ssoStartUrl: sso_start_url, + ssoSession: sso_session, + ssoAccountId: sso_account_id, + ssoRegion: sso_region, + ssoRoleName: sso_role_name, + ssoClient, + clientConfig: init.clientConfig, + parentClientConfig: init.parentClientConfig, + profile: profileName + }); + } else if (!ssoStartUrl || !ssoAccountId || !ssoRegion || !ssoRoleName) { + throw new import_property_provider.CredentialsProviderError( + 'Incomplete configuration. The fromSSO() argument hash must include "ssoStartUrl", "ssoAccountId", "ssoRegion", "ssoRoleName"', + { tryNextLink: false, logger: init.logger } + ); + } else { + return resolveSSOCredentials({ + ssoStartUrl, + ssoSession, + ssoAccountId, + ssoRegion, + ssoRoleName, + ssoClient, + clientConfig: init.clientConfig, + parentClientConfig: init.parentClientConfig, + profile: profileName + }); + } +}, "fromSSO"); // Annotate the CommonJS export names for ESM import in node: 0 && (0); @@ -46504,570 +30508,306 @@ var getAddExpectContinuePlugin = /* @__PURE__ */ __name((options) => ({ /***/ }), -/***/ 1436: +/***/ 279: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.getCrc32ChecksumAlgorithmFunction = void 0; -const tslib_1 = __nccwpck_require__(4351); -const crc32_1 = __nccwpck_require__(8408); -const util_1 = __nccwpck_require__(4871); -const zlib = tslib_1.__importStar(__nccwpck_require__(9796)); -class NodeCrc32 { - checksum = 0; - update(data) { - this.checksum = zlib.crc32(data, this.checksum); - } - async digest() { - return (0, util_1.numToUint8)(this.checksum); - } - reset() { - this.checksum = 0; +exports.fromTokenFile = void 0; +const client_1 = __nccwpck_require__(6510); +const property_provider_1 = __nccwpck_require__(9721); +const fs_1 = __nccwpck_require__(7147); +const fromWebToken_1 = __nccwpck_require__(9527); +const ENV_TOKEN_FILE = "AWS_WEB_IDENTITY_TOKEN_FILE"; +const ENV_ROLE_ARN = "AWS_ROLE_ARN"; +const ENV_ROLE_SESSION_NAME = "AWS_ROLE_SESSION_NAME"; +const fromTokenFile = (init = {}) => async () => { + init.logger?.debug("@aws-sdk/credential-provider-web-identity - fromTokenFile"); + const webIdentityTokenFile = init?.webIdentityTokenFile ?? process.env[ENV_TOKEN_FILE]; + const roleArn = init?.roleArn ?? process.env[ENV_ROLE_ARN]; + const roleSessionName = init?.roleSessionName ?? process.env[ENV_ROLE_SESSION_NAME]; + if (!webIdentityTokenFile || !roleArn) { + throw new property_provider_1.CredentialsProviderError("Web identity configuration not specified", { + logger: init.logger, + }); } -} -const getCrc32ChecksumAlgorithmFunction = () => { - if (typeof zlib.crc32 === "undefined") { - return crc32_1.AwsCrc32; + const credentials = await (0, fromWebToken_1.fromWebToken)({ + ...init, + webIdentityToken: (0, fs_1.readFileSync)(webIdentityTokenFile, { encoding: "ascii" }), + roleArn, + roleSessionName, + })(); + if (webIdentityTokenFile === process.env[ENV_TOKEN_FILE]) { + (0, client_1.setCredentialFeature)(credentials, "CREDENTIALS_ENV_VARS_STS_WEB_ID_TOKEN", "h"); } - return NodeCrc32; + return credentials; }; -exports.getCrc32ChecksumAlgorithmFunction = getCrc32ChecksumAlgorithmFunction; +exports.fromTokenFile = fromTokenFile; /***/ }), -/***/ 3799: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +/***/ 9527: +/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { "use strict"; -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - CONFIG_REQUEST_CHECKSUM_CALCULATION: () => CONFIG_REQUEST_CHECKSUM_CALCULATION, - CONFIG_RESPONSE_CHECKSUM_VALIDATION: () => CONFIG_RESPONSE_CHECKSUM_VALIDATION, - ChecksumAlgorithm: () => ChecksumAlgorithm, - ChecksumLocation: () => ChecksumLocation, - DEFAULT_CHECKSUM_ALGORITHM: () => DEFAULT_CHECKSUM_ALGORITHM, - DEFAULT_REQUEST_CHECKSUM_CALCULATION: () => DEFAULT_REQUEST_CHECKSUM_CALCULATION, - DEFAULT_RESPONSE_CHECKSUM_VALIDATION: () => DEFAULT_RESPONSE_CHECKSUM_VALIDATION, - ENV_REQUEST_CHECKSUM_CALCULATION: () => ENV_REQUEST_CHECKSUM_CALCULATION, - ENV_RESPONSE_CHECKSUM_VALIDATION: () => ENV_RESPONSE_CHECKSUM_VALIDATION, - NODE_REQUEST_CHECKSUM_CALCULATION_CONFIG_OPTIONS: () => NODE_REQUEST_CHECKSUM_CALCULATION_CONFIG_OPTIONS, - NODE_RESPONSE_CHECKSUM_VALIDATION_CONFIG_OPTIONS: () => NODE_RESPONSE_CHECKSUM_VALIDATION_CONFIG_OPTIONS, - RequestChecksumCalculation: () => RequestChecksumCalculation, - ResponseChecksumValidation: () => ResponseChecksumValidation, - crc64NvmeCrtContainer: () => crc64NvmeCrtContainer, - flexibleChecksumsMiddleware: () => flexibleChecksumsMiddleware, - flexibleChecksumsMiddlewareOptions: () => flexibleChecksumsMiddlewareOptions, - getFlexibleChecksumsPlugin: () => getFlexibleChecksumsPlugin, - resolveFlexibleChecksumsConfig: () => resolveFlexibleChecksumsConfig +var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { + if (k2 === undefined) k2 = k; + var desc = Object.getOwnPropertyDescriptor(m, k); + if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { + desc = { enumerable: true, get: function() { return m[k]; } }; + } + Object.defineProperty(o, k2, desc); +}) : (function(o, m, k, k2) { + if (k2 === undefined) k2 = k; + o[k2] = m[k]; +})); +var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { + Object.defineProperty(o, "default", { enumerable: true, value: v }); +}) : function(o, v) { + o["default"] = v; }); -module.exports = __toCommonJS(index_exports); - -// src/constants.ts -var RequestChecksumCalculation = { - /** - * When set, a checksum will be calculated for all request payloads of operations - * modeled with the {@link httpChecksum} trait where `requestChecksumRequired` is `true` - * AND/OR a `requestAlgorithmMember` is modeled. - * {@link https://smithy.io/2.0/aws/aws-core.html#aws-protocols-httpchecksum-trait httpChecksum} - */ - WHEN_SUPPORTED: "WHEN_SUPPORTED", - /** - * When set, a checksum will only be calculated for request payloads of operations - * modeled with the {@link httpChecksum} trait where `requestChecksumRequired` is `true` - * OR where a `requestAlgorithmMember` is modeled and the user sets it. - * {@link https://smithy.io/2.0/aws/aws-core.html#aws-protocols-httpchecksum-trait httpChecksum} - */ - WHEN_REQUIRED: "WHEN_REQUIRED" -}; -var DEFAULT_REQUEST_CHECKSUM_CALCULATION = RequestChecksumCalculation.WHEN_SUPPORTED; -var ResponseChecksumValidation = { - /** - * When set, checksum validation MUST be performed on all response payloads of operations - * modeled with the {@link httpChecksum} trait where `responseAlgorithms` is modeled, - * except when no modeled checksum algorithms are supported by an SDK. - * {@link https://smithy.io/2.0/aws/aws-core.html#aws-protocols-httpchecksum-trait httpChecksum} - */ - WHEN_SUPPORTED: "WHEN_SUPPORTED", - /** - * When set, checksum validation MUST NOT be performed on response payloads of operations UNLESS - * the SDK supports the modeled checksum algorithms AND the user has set the `requestValidationModeMember` to `ENABLED`. - * It is currently impossible to model an operation as requiring a response checksum, - * but this setting leaves the door open for future updates. - */ - WHEN_REQUIRED: "WHEN_REQUIRED" -}; -var DEFAULT_RESPONSE_CHECKSUM_VALIDATION = RequestChecksumCalculation.WHEN_SUPPORTED; -var ChecksumAlgorithm = /* @__PURE__ */ ((ChecksumAlgorithm3) => { - ChecksumAlgorithm3["MD5"] = "MD5"; - ChecksumAlgorithm3["CRC32"] = "CRC32"; - ChecksumAlgorithm3["CRC32C"] = "CRC32C"; - ChecksumAlgorithm3["CRC64NVME"] = "CRC64NVME"; - ChecksumAlgorithm3["SHA1"] = "SHA1"; - ChecksumAlgorithm3["SHA256"] = "SHA256"; - return ChecksumAlgorithm3; -})(ChecksumAlgorithm || {}); -var ChecksumLocation = /* @__PURE__ */ ((ChecksumLocation2) => { - ChecksumLocation2["HEADER"] = "header"; - ChecksumLocation2["TRAILER"] = "trailer"; - return ChecksumLocation2; -})(ChecksumLocation || {}); -var DEFAULT_CHECKSUM_ALGORITHM = "CRC32" /* CRC32 */; - -// src/stringUnionSelector.ts -var stringUnionSelector = /* @__PURE__ */ __name((obj, key, union, type) => { - if (!(key in obj)) return void 0; - const value = obj[key].toUpperCase(); - if (!Object.values(union).includes(value)) { - throw new TypeError(`Cannot load ${type} '${key}'. Expected one of ${Object.values(union)}, got '${obj[key]}'.`); - } - return value; -}, "stringUnionSelector"); - -// src/NODE_REQUEST_CHECKSUM_CALCULATION_CONFIG_OPTIONS.ts -var ENV_REQUEST_CHECKSUM_CALCULATION = "AWS_REQUEST_CHECKSUM_CALCULATION"; -var CONFIG_REQUEST_CHECKSUM_CALCULATION = "request_checksum_calculation"; -var NODE_REQUEST_CHECKSUM_CALCULATION_CONFIG_OPTIONS = { - environmentVariableSelector: /* @__PURE__ */ __name((env) => stringUnionSelector(env, ENV_REQUEST_CHECKSUM_CALCULATION, RequestChecksumCalculation, "env" /* ENV */), "environmentVariableSelector"), - configFileSelector: /* @__PURE__ */ __name((profile) => stringUnionSelector(profile, CONFIG_REQUEST_CHECKSUM_CALCULATION, RequestChecksumCalculation, "shared config entry" /* CONFIG */), "configFileSelector"), - default: DEFAULT_REQUEST_CHECKSUM_CALCULATION -}; - -// src/NODE_RESPONSE_CHECKSUM_VALIDATION_CONFIG_OPTIONS.ts -var ENV_RESPONSE_CHECKSUM_VALIDATION = "AWS_RESPONSE_CHECKSUM_VALIDATION"; -var CONFIG_RESPONSE_CHECKSUM_VALIDATION = "response_checksum_validation"; -var NODE_RESPONSE_CHECKSUM_VALIDATION_CONFIG_OPTIONS = { - environmentVariableSelector: /* @__PURE__ */ __name((env) => stringUnionSelector(env, ENV_RESPONSE_CHECKSUM_VALIDATION, ResponseChecksumValidation, "env" /* ENV */), "environmentVariableSelector"), - configFileSelector: /* @__PURE__ */ __name((profile) => stringUnionSelector(profile, CONFIG_RESPONSE_CHECKSUM_VALIDATION, ResponseChecksumValidation, "shared config entry" /* CONFIG */), "configFileSelector"), - default: DEFAULT_RESPONSE_CHECKSUM_VALIDATION -}; - -// src/crc64-nvme-crt-container.ts -var crc64NvmeCrtContainer = { - CrtCrc64Nvme: null +var __importStar = (this && this.__importStar) || (function () { + var ownKeys = function(o) { + ownKeys = Object.getOwnPropertyNames || function (o) { + var ar = []; + for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k; + return ar; + }; + return ownKeys(o); + }; + return function (mod) { + if (mod && mod.__esModule) return mod; + var result = {}; + if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]); + __setModuleDefault(result, mod); + return result; + }; +})(); +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.fromWebToken = void 0; +const fromWebToken = (init) => async (awsIdentityProperties) => { + init.logger?.debug("@aws-sdk/credential-provider-web-identity - fromWebToken"); + const { roleArn, roleSessionName, webIdentityToken, providerId, policyArns, policy, durationSeconds } = init; + let { roleAssumerWithWebIdentity } = init; + if (!roleAssumerWithWebIdentity) { + const { getDefaultRoleAssumerWithWebIdentity } = await Promise.resolve().then(() => __importStar(__nccwpck_require__(3764))); + roleAssumerWithWebIdentity = getDefaultRoleAssumerWithWebIdentity({ + ...init.clientConfig, + credentialProviderLogger: init.logger, + parentClientConfig: { + ...awsIdentityProperties?.callerClientConfig, + ...init.parentClientConfig, + }, + }, init.clientPlugins); + } + return roleAssumerWithWebIdentity({ + RoleArn: roleArn, + RoleSessionName: roleSessionName ?? `aws-sdk-js-session-${Date.now()}`, + WebIdentityToken: webIdentityToken, + ProviderId: providerId, + PolicyArns: policyArns, + Policy: policy, + DurationSeconds: durationSeconds, + }); }; +exports.fromWebToken = fromWebToken; -// src/flexibleChecksumsMiddleware.ts -var import_core = __nccwpck_require__(8171); -var import_protocol_http = __nccwpck_require__(4418); -var import_util_stream = __nccwpck_require__(6607); -// src/types.ts -var CLIENT_SUPPORTED_ALGORITHMS = [ - "CRC32" /* CRC32 */, - "CRC32C" /* CRC32C */, - "CRC64NVME" /* CRC64NVME */, - "SHA1" /* SHA1 */, - "SHA256" /* SHA256 */ -]; -var PRIORITY_ORDER_ALGORITHMS = [ - "SHA256" /* SHA256 */, - "SHA1" /* SHA1 */, - "CRC32" /* CRC32 */, - "CRC32C" /* CRC32C */, - "CRC64NVME" /* CRC64NVME */ -]; +/***/ }), -// src/getChecksumAlgorithmForRequest.ts -var getChecksumAlgorithmForRequest = /* @__PURE__ */ __name((input, { requestChecksumRequired, requestAlgorithmMember, requestChecksumCalculation }) => { - if (!requestAlgorithmMember) { - return requestChecksumCalculation === RequestChecksumCalculation.WHEN_SUPPORTED || requestChecksumRequired ? DEFAULT_CHECKSUM_ALGORITHM : void 0; - } - if (!input[requestAlgorithmMember]) { - return void 0; - } - const checksumAlgorithm = input[requestAlgorithmMember]; - if (!CLIENT_SUPPORTED_ALGORITHMS.includes(checksumAlgorithm)) { - throw new Error( - `The checksum algorithm "${checksumAlgorithm}" is not supported by the client. Select one of ${CLIENT_SUPPORTED_ALGORITHMS}.` - ); - } - return checksumAlgorithm; -}, "getChecksumAlgorithmForRequest"); +/***/ 5603: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { -// src/getChecksumLocationName.ts -var getChecksumLocationName = /* @__PURE__ */ __name((algorithm) => algorithm === "MD5" /* MD5 */ ? "content-md5" : `x-amz-checksum-${algorithm.toLowerCase()}`, "getChecksumLocationName"); +"use strict"; -// src/hasHeader.ts -var hasHeader = /* @__PURE__ */ __name((header, headers) => { - const soughtHeader = header.toLowerCase(); - for (const headerName of Object.keys(headers)) { - if (soughtHeader === headerName.toLowerCase()) { - return true; - } +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } - return false; -}, "hasHeader"); + return to; +}; +var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default")); +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -// src/hasHeaderWithPrefix.ts -var hasHeaderWithPrefix = /* @__PURE__ */ __name((headerPrefix, headers) => { - const soughtHeaderPrefix = headerPrefix.toLowerCase(); - for (const headerName of Object.keys(headers)) { - if (headerName.toLowerCase().startsWith(soughtHeaderPrefix)) { - return true; - } - } - return false; -}, "hasHeaderWithPrefix"); +// src/index.ts +var index_exports = {}; +module.exports = __toCommonJS(index_exports); +__reExport(index_exports, __nccwpck_require__(279), module.exports); +__reExport(index_exports, __nccwpck_require__(9527), module.exports); +// Annotate the CommonJS export names for ESM import in node: -// src/isStreaming.ts -var import_is_array_buffer = __nccwpck_require__(780); -var isStreaming = /* @__PURE__ */ __name((body) => body !== void 0 && typeof body !== "string" && !ArrayBuffer.isView(body) && !(0, import_is_array_buffer.isArrayBuffer)(body), "isStreaming"); +0 && (0); -// src/selectChecksumAlgorithmFunction.ts -var import_crc32c = __nccwpck_require__(7035); -var import_getCrc32ChecksumAlgorithmFunction = __nccwpck_require__(1436); -var selectChecksumAlgorithmFunction = /* @__PURE__ */ __name((checksumAlgorithm, config) => { - switch (checksumAlgorithm) { - case "MD5" /* MD5 */: - return config.md5; - case "CRC32" /* CRC32 */: - return (0, import_getCrc32ChecksumAlgorithmFunction.getCrc32ChecksumAlgorithmFunction)(); - case "CRC32C" /* CRC32C */: - return import_crc32c.AwsCrc32c; - case "CRC64NVME" /* CRC64NVME */: - if (typeof crc64NvmeCrtContainer.CrtCrc64Nvme !== "function") { - throw new Error( - `Please check whether you have installed the "@aws-sdk/crc64-nvme-crt" package explicitly. -You must also register the package by calling [require("@aws-sdk/crc64-nvme-crt");] or an ESM equivalent such as [import "@aws-sdk/crc64-nvme-crt";]. -For more information please go to https://github.com/aws/aws-sdk-js-v3#functionality-requiring-aws-common-runtime-crt` - ); - } - return crc64NvmeCrtContainer.CrtCrc64Nvme; - case "SHA1" /* SHA1 */: - return config.sha1; - case "SHA256" /* SHA256 */: - return config.sha256; - default: - throw new Error(`Unsupported checksum algorithm: ${checksumAlgorithm}`); - } -}, "selectChecksumAlgorithmFunction"); -// src/stringHasher.ts -var import_util_utf8 = __nccwpck_require__(1895); -var stringHasher = /* @__PURE__ */ __name((checksumAlgorithmFn, body) => { - const hash = new checksumAlgorithmFn(); - hash.update((0, import_util_utf8.toUint8Array)(body || "")); - return hash.digest(); -}, "stringHasher"); -// src/flexibleChecksumsMiddleware.ts -var flexibleChecksumsMiddlewareOptions = { - name: "flexibleChecksumsMiddleware", - step: "build", - tags: ["BODY_CHECKSUM"], - override: true -}; -var flexibleChecksumsMiddleware = /* @__PURE__ */ __name((config, middlewareConfig) => (next, context) => async (args) => { - if (!import_protocol_http.HttpRequest.isInstance(args.request)) { - return next(args); - } - if (hasHeaderWithPrefix("x-amz-checksum-", args.request.headers)) { - return next(args); - } - const { request, input } = args; - const { body: requestBody, headers } = request; - const { base64Encoder, streamHasher } = config; - const { requestChecksumRequired, requestAlgorithmMember } = middlewareConfig; - const requestChecksumCalculation = await config.requestChecksumCalculation(); - const requestAlgorithmMemberName = requestAlgorithmMember?.name; - const requestAlgorithmMemberHttpHeader = requestAlgorithmMember?.httpHeader; - if (requestAlgorithmMemberName && !input[requestAlgorithmMemberName]) { - if (requestChecksumCalculation === RequestChecksumCalculation.WHEN_SUPPORTED || requestChecksumRequired) { - input[requestAlgorithmMemberName] = DEFAULT_CHECKSUM_ALGORITHM; - if (requestAlgorithmMemberHttpHeader) { - headers[requestAlgorithmMemberHttpHeader] = DEFAULT_CHECKSUM_ALGORITHM; - } - } - } - const checksumAlgorithm = getChecksumAlgorithmForRequest(input, { - requestChecksumRequired, - requestAlgorithmMember: requestAlgorithmMember?.name, - requestChecksumCalculation - }); - let updatedBody = requestBody; - let updatedHeaders = headers; - if (checksumAlgorithm) { - switch (checksumAlgorithm) { - case "CRC32" /* CRC32 */: - (0, import_core.setFeature)(context, "FLEXIBLE_CHECKSUMS_REQ_CRC32", "U"); - break; - case "CRC32C" /* CRC32C */: - (0, import_core.setFeature)(context, "FLEXIBLE_CHECKSUMS_REQ_CRC32C", "V"); - break; - case "CRC64NVME" /* CRC64NVME */: - (0, import_core.setFeature)(context, "FLEXIBLE_CHECKSUMS_REQ_CRC64", "W"); - break; - case "SHA1" /* SHA1 */: - (0, import_core.setFeature)(context, "FLEXIBLE_CHECKSUMS_REQ_SHA1", "X"); - break; - case "SHA256" /* SHA256 */: - (0, import_core.setFeature)(context, "FLEXIBLE_CHECKSUMS_REQ_SHA256", "Y"); - break; - } - const checksumLocationName = getChecksumLocationName(checksumAlgorithm); - const checksumAlgorithmFn = selectChecksumAlgorithmFunction(checksumAlgorithm, config); - if (isStreaming(requestBody)) { - const { getAwsChunkedEncodingStream, bodyLengthChecker } = config; - updatedBody = getAwsChunkedEncodingStream( - typeof config.requestStreamBufferSize === "number" && config.requestStreamBufferSize >= 8 * 1024 ? (0, import_util_stream.createBufferedReadable)(requestBody, config.requestStreamBufferSize, context.logger) : requestBody, - { - base64Encoder, - bodyLengthChecker, - checksumLocationName, - checksumAlgorithmFn, - streamHasher - } - ); - updatedHeaders = { - ...headers, - "content-encoding": headers["content-encoding"] ? `${headers["content-encoding"]},aws-chunked` : "aws-chunked", - "transfer-encoding": "chunked", - "x-amz-decoded-content-length": headers["content-length"], - "x-amz-content-sha256": "STREAMING-UNSIGNED-PAYLOAD-TRAILER", - "x-amz-trailer": checksumLocationName - }; - delete updatedHeaders["content-length"]; - } else if (!hasHeader(checksumLocationName, headers)) { - const rawChecksum = await stringHasher(checksumAlgorithmFn, requestBody); - updatedHeaders = { - ...headers, - [checksumLocationName]: base64Encoder(rawChecksum) - }; - } - } - const result = await next({ - ...args, - request: { - ...request, - headers: updatedHeaders, - body: updatedBody - } - }); - return result; -}, "flexibleChecksumsMiddleware"); +/***/ }), -// src/flexibleChecksumsInputMiddleware.ts +/***/ 9514: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { -var flexibleChecksumsInputMiddlewareOptions = { - name: "flexibleChecksumsInputMiddleware", - toMiddleware: "serializerMiddleware", - relation: "before", - tags: ["BODY_CHECKSUM"], - override: true +"use strict"; + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); }; -var flexibleChecksumsInputMiddleware = /* @__PURE__ */ __name((config, middlewareConfig) => (next, context) => async (args) => { - const input = args.input; - const { requestValidationModeMember } = middlewareConfig; - const requestChecksumCalculation = await config.requestChecksumCalculation(); - const responseChecksumValidation = await config.responseChecksumValidation(); - switch (requestChecksumCalculation) { - case RequestChecksumCalculation.WHEN_REQUIRED: - (0, import_core.setFeature)(context, "FLEXIBLE_CHECKSUMS_REQ_WHEN_REQUIRED", "a"); - break; - case RequestChecksumCalculation.WHEN_SUPPORTED: - (0, import_core.setFeature)(context, "FLEXIBLE_CHECKSUMS_REQ_WHEN_SUPPORTED", "Z"); - break; - } - switch (responseChecksumValidation) { - case ResponseChecksumValidation.WHEN_REQUIRED: - (0, import_core.setFeature)(context, "FLEXIBLE_CHECKSUMS_RES_WHEN_REQUIRED", "c"); - break; - case ResponseChecksumValidation.WHEN_SUPPORTED: - (0, import_core.setFeature)(context, "FLEXIBLE_CHECKSUMS_RES_WHEN_SUPPORTED", "b"); - break; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } - if (requestValidationModeMember && !input[requestValidationModeMember]) { - if (responseChecksumValidation === ResponseChecksumValidation.WHEN_SUPPORTED) { - input[requestValidationModeMember] = "ENABLED"; - } + return to; +}; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/index.ts +var index_exports = {}; +__export(index_exports, { + getHostHeaderPlugin: () => getHostHeaderPlugin, + hostHeaderMiddleware: () => hostHeaderMiddleware, + hostHeaderMiddlewareOptions: () => hostHeaderMiddlewareOptions, + resolveHostHeaderConfig: () => resolveHostHeaderConfig +}); +module.exports = __toCommonJS(index_exports); +var import_protocol_http = __nccwpck_require__(4418); +function resolveHostHeaderConfig(input) { + return input; +} +__name(resolveHostHeaderConfig, "resolveHostHeaderConfig"); +var hostHeaderMiddleware = /* @__PURE__ */ __name((options) => (next) => async (args) => { + if (!import_protocol_http.HttpRequest.isInstance(args.request)) return next(args); + const { request } = args; + const { handlerProtocol = "" } = options.requestHandler.metadata || {}; + if (handlerProtocol.indexOf("h2") >= 0 && !request.headers[":authority"]) { + delete request.headers["host"]; + request.headers[":authority"] = request.hostname + (request.port ? ":" + request.port : ""); + } else if (!request.headers["host"]) { + let host = request.hostname; + if (request.port != null) host += `:${request.port}`; + request.headers["host"] = host; } return next(args); -}, "flexibleChecksumsInputMiddleware"); - -// src/flexibleChecksumsResponseMiddleware.ts - +}, "hostHeaderMiddleware"); +var hostHeaderMiddlewareOptions = { + name: "hostHeaderMiddleware", + step: "build", + priority: "low", + tags: ["HOST"], + override: true +}; +var getHostHeaderPlugin = /* @__PURE__ */ __name((options) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.add(hostHeaderMiddleware(options), hostHeaderMiddlewareOptions); + }, "applyToStack") +}), "getHostHeaderPlugin"); +// Annotate the CommonJS export names for ESM import in node: -// src/getChecksumAlgorithmListForResponse.ts -var getChecksumAlgorithmListForResponse = /* @__PURE__ */ __name((responseAlgorithms = []) => { - const validChecksumAlgorithms = []; - for (const algorithm of PRIORITY_ORDER_ALGORITHMS) { - if (!responseAlgorithms.includes(algorithm) || !CLIENT_SUPPORTED_ALGORITHMS.includes(algorithm)) { - continue; - } - validChecksumAlgorithms.push(algorithm); - } - return validChecksumAlgorithms; -}, "getChecksumAlgorithmListForResponse"); +0 && (0); -// src/isChecksumWithPartNumber.ts -var isChecksumWithPartNumber = /* @__PURE__ */ __name((checksum) => { - const lastHyphenIndex = checksum.lastIndexOf("-"); - if (lastHyphenIndex !== -1) { - const numberPart = checksum.slice(lastHyphenIndex + 1); - if (!numberPart.startsWith("0")) { - const number = parseInt(numberPart, 10); - if (!isNaN(number) && number >= 1 && number <= 1e4) { - return true; - } - } - } - return false; -}, "isChecksumWithPartNumber"); -// src/validateChecksumFromResponse.ts +/***/ }), -// src/getChecksum.ts -var getChecksum = /* @__PURE__ */ __name(async (body, { checksumAlgorithmFn, base64Encoder }) => base64Encoder(await stringHasher(checksumAlgorithmFn, body)), "getChecksum"); +/***/ 5675: +/***/ ((module) => { -// src/validateChecksumFromResponse.ts -var validateChecksumFromResponse = /* @__PURE__ */ __name(async (response, { config, responseAlgorithms, logger }) => { - const checksumAlgorithms = getChecksumAlgorithmListForResponse(responseAlgorithms); - const { body: responseBody, headers: responseHeaders } = response; - for (const algorithm of checksumAlgorithms) { - const responseHeader = getChecksumLocationName(algorithm); - const checksumFromResponse = responseHeaders[responseHeader]; - if (checksumFromResponse) { - let checksumAlgorithmFn; - try { - checksumAlgorithmFn = selectChecksumAlgorithmFunction(algorithm, config); - } catch (error) { - if (algorithm === "CRC64NVME" /* CRC64NVME */) { - logger?.warn(`Skipping ${"CRC64NVME" /* CRC64NVME */} checksum validation: ${error.message}`); - continue; - } - throw error; - } - const { base64Encoder } = config; - if (isStreaming(responseBody)) { - response.body = (0, import_util_stream.createChecksumStream)({ - expectedChecksum: checksumFromResponse, - checksumSourceLocation: responseHeader, - checksum: new checksumAlgorithmFn(), - source: responseBody, - base64Encoder - }); - return; - } - const checksum = await getChecksum(responseBody, { checksumAlgorithmFn, base64Encoder }); - if (checksum === checksumFromResponse) { - break; - } - throw new Error( - `Checksum mismatch: expected "${checksum}" but received "${checksumFromResponse}" in response header "${responseHeader}".` - ); - } - } -}, "validateChecksumFromResponse"); +"use strict"; -// src/flexibleChecksumsResponseMiddleware.ts -var flexibleChecksumsResponseMiddlewareOptions = { - name: "flexibleChecksumsResponseMiddleware", - toMiddleware: "deserializerMiddleware", - relation: "after", - tags: ["BODY_CHECKSUM"], - override: true +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); }; -var flexibleChecksumsResponseMiddleware = /* @__PURE__ */ __name((config, middlewareConfig) => (next, context) => async (args) => { - if (!import_protocol_http.HttpRequest.isInstance(args.request)) { - return next(args); +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } - const input = args.input; - const result = await next(args); - const response = result.response; - const { requestValidationModeMember, responseAlgorithms } = middlewareConfig; - if (requestValidationModeMember && input[requestValidationModeMember] === "ENABLED") { - const { clientName, commandName } = context; - const isS3WholeObjectMultipartGetResponseChecksum = clientName === "S3Client" && commandName === "GetObjectCommand" && getChecksumAlgorithmListForResponse(responseAlgorithms).every((algorithm) => { - const responseHeader = getChecksumLocationName(algorithm); - const checksumFromResponse = response.headers[responseHeader]; - return !checksumFromResponse || isChecksumWithPartNumber(checksumFromResponse); + return to; +}; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/index.ts +var index_exports = {}; +__export(index_exports, { + getLoggerPlugin: () => getLoggerPlugin, + loggerMiddleware: () => loggerMiddleware, + loggerMiddlewareOptions: () => loggerMiddlewareOptions +}); +module.exports = __toCommonJS(index_exports); + +// src/loggerMiddleware.ts +var loggerMiddleware = /* @__PURE__ */ __name(() => (next, context) => async (args) => { + try { + const response = await next(args); + const { clientName, commandName, logger, dynamoDbDocumentClientOptions = {} } = context; + const { overrideInputFilterSensitiveLog, overrideOutputFilterSensitiveLog } = dynamoDbDocumentClientOptions; + const inputFilterSensitiveLog = overrideInputFilterSensitiveLog ?? context.inputFilterSensitiveLog; + const outputFilterSensitiveLog = overrideOutputFilterSensitiveLog ?? context.outputFilterSensitiveLog; + const { $metadata, ...outputWithoutMetadata } = response.output; + logger?.info?.({ + clientName, + commandName, + input: inputFilterSensitiveLog(args.input), + output: outputFilterSensitiveLog(outputWithoutMetadata), + metadata: $metadata }); - if (isS3WholeObjectMultipartGetResponseChecksum) { - return result; - } - await validateChecksumFromResponse(response, { - config, - responseAlgorithms, - logger: context.logger + return response; + } catch (error) { + const { clientName, commandName, logger, dynamoDbDocumentClientOptions = {} } = context; + const { overrideInputFilterSensitiveLog } = dynamoDbDocumentClientOptions; + const inputFilterSensitiveLog = overrideInputFilterSensitiveLog ?? context.inputFilterSensitiveLog; + logger?.error?.({ + clientName, + commandName, + input: inputFilterSensitiveLog(args.input), + error, + metadata: error.$metadata }); + throw error; } - return result; -}, "flexibleChecksumsResponseMiddleware"); - -// src/getFlexibleChecksumsPlugin.ts -var getFlexibleChecksumsPlugin = /* @__PURE__ */ __name((config, middlewareConfig) => ({ +}, "loggerMiddleware"); +var loggerMiddlewareOptions = { + name: "loggerMiddleware", + tags: ["LOGGER"], + step: "initialize", + override: true +}; +var getLoggerPlugin = /* @__PURE__ */ __name((options) => ({ applyToStack: /* @__PURE__ */ __name((clientStack) => { - clientStack.add(flexibleChecksumsMiddleware(config, middlewareConfig), flexibleChecksumsMiddlewareOptions); - clientStack.addRelativeTo( - flexibleChecksumsInputMiddleware(config, middlewareConfig), - flexibleChecksumsInputMiddlewareOptions - ); - clientStack.addRelativeTo( - flexibleChecksumsResponseMiddleware(config, middlewareConfig), - flexibleChecksumsResponseMiddlewareOptions - ); + clientStack.add(loggerMiddleware(), loggerMiddlewareOptions); }, "applyToStack") -}), "getFlexibleChecksumsPlugin"); - -// src/resolveFlexibleChecksumsConfig.ts -var import_util_middleware = __nccwpck_require__(2390); -var resolveFlexibleChecksumsConfig = /* @__PURE__ */ __name((input) => { - const { requestChecksumCalculation, responseChecksumValidation, requestStreamBufferSize } = input; - return Object.assign(input, { - requestChecksumCalculation: (0, import_util_middleware.normalizeProvider)(requestChecksumCalculation ?? DEFAULT_REQUEST_CHECKSUM_CALCULATION), - responseChecksumValidation: (0, import_util_middleware.normalizeProvider)(responseChecksumValidation ?? DEFAULT_RESPONSE_CHECKSUM_VALIDATION), - requestStreamBufferSize: Number(requestStreamBufferSize ?? 0) - }); -}, "resolveFlexibleChecksumsConfig"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 8171: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { +}), "getLoggerPlugin"); +// Annotate the CommonJS export names for ESM import in node: -"use strict"; +0 && (0); -Object.defineProperty(exports, "__esModule", ({ value: true })); -const tslib_1 = __nccwpck_require__(4351); -tslib_1.__exportStar(__nccwpck_require__(8574), exports); -tslib_1.__exportStar(__nccwpck_require__(1523), exports); -tslib_1.__exportStar(__nccwpck_require__(5986), exports); /***/ }), -/***/ 8574: -/***/ ((module) => { +/***/ 7977: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; @@ -47090,75 +30830,59 @@ var __copyProps = (to, from, except, desc) => { }; var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -// src/submodules/client/index.ts +// src/index.ts var index_exports = {}; __export(index_exports, { - emitWarningIfUnsupportedVersion: () => emitWarningIfUnsupportedVersion, - setCredentialFeature: () => setCredentialFeature, - setFeature: () => setFeature, - setTokenFeature: () => setTokenFeature, - state: () => state + addRecursionDetectionMiddlewareOptions: () => addRecursionDetectionMiddlewareOptions, + getRecursionDetectionPlugin: () => getRecursionDetectionPlugin, + recursionDetectionMiddleware: () => recursionDetectionMiddleware }); module.exports = __toCommonJS(index_exports); - -// src/submodules/client/emitWarningIfUnsupportedVersion.ts -var state = { - warningEmitted: false -}; -var emitWarningIfUnsupportedVersion = /* @__PURE__ */ __name((version) => { - if (version && !state.warningEmitted && parseInt(version.substring(1, version.indexOf("."))) < 18) { - state.warningEmitted = true; - process.emitWarning( - `NodeDeprecationWarning: The AWS SDK for JavaScript (v3) will -no longer support Node.js 16.x on January 6, 2025. - -To continue receiving updates to AWS services, bug fixes, and security -updates please upgrade to a supported Node.js LTS version. - -More information can be found at: https://a.co/74kJMmI` - ); - } -}, "emitWarningIfUnsupportedVersion"); - -// src/submodules/client/setCredentialFeature.ts -function setCredentialFeature(credentials, feature, value) { - if (!credentials.$source) { - credentials.$source = {}; +var import_protocol_http = __nccwpck_require__(4418); +var TRACE_ID_HEADER_NAME = "X-Amzn-Trace-Id"; +var ENV_LAMBDA_FUNCTION_NAME = "AWS_LAMBDA_FUNCTION_NAME"; +var ENV_TRACE_ID = "_X_AMZN_TRACE_ID"; +var recursionDetectionMiddleware = /* @__PURE__ */ __name((options) => (next) => async (args) => { + const { request } = args; + if (!import_protocol_http.HttpRequest.isInstance(request) || options.runtime !== "node") { + return next(args); } - credentials.$source[feature] = value; - return credentials; -} -__name(setCredentialFeature, "setCredentialFeature"); - -// src/submodules/client/setFeature.ts -function setFeature(context, feature, value) { - if (!context.__aws_sdk_context) { - context.__aws_sdk_context = { - features: {} - }; - } else if (!context.__aws_sdk_context.features) { - context.__aws_sdk_context.features = {}; + const traceIdHeader = Object.keys(request.headers ?? {}).find((h) => h.toLowerCase() === TRACE_ID_HEADER_NAME.toLowerCase()) ?? TRACE_ID_HEADER_NAME; + if (request.headers.hasOwnProperty(traceIdHeader)) { + return next(args); } - context.__aws_sdk_context.features[feature] = value; -} -__name(setFeature, "setFeature"); - -// src/submodules/client/setTokenFeature.ts -function setTokenFeature(token, feature, value) { - if (!token.$source) { - token.$source = {}; + const functionName = process.env[ENV_LAMBDA_FUNCTION_NAME]; + const traceId = process.env[ENV_TRACE_ID]; + const nonEmptyString = /* @__PURE__ */ __name((str) => typeof str === "string" && str.length > 0, "nonEmptyString"); + if (nonEmptyString(functionName) && nonEmptyString(traceId)) { + request.headers[TRACE_ID_HEADER_NAME] = traceId; } - token.$source[feature] = value; - return token; -} -__name(setTokenFeature, "setTokenFeature"); + return next({ + ...args, + request + }); +}, "recursionDetectionMiddleware"); +var addRecursionDetectionMiddlewareOptions = { + step: "build", + tags: ["RECURSION_DETECTION"], + name: "recursionDetectionMiddleware", + override: true, + priority: "low" +}; +var getRecursionDetectionPlugin = /* @__PURE__ */ __name((options) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.add(recursionDetectionMiddleware(options), addRecursionDetectionMiddlewareOptions); + }, "applyToStack") +}), "getRecursionDetectionPlugin"); // Annotate the CommonJS export names for ESM import in node: + 0 && (0); + /***/ }), -/***/ 1523: +/***/ 6634: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; @@ -47182,371 +30906,317 @@ var __copyProps = (to, from, except, desc) => { }; var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -// src/submodules/httpAuthSchemes/index.ts +// src/index.ts var index_exports = {}; __export(index_exports, { - AWSSDKSigV4Signer: () => AWSSDKSigV4Signer, - AwsSdkSigV4ASigner: () => AwsSdkSigV4ASigner, - AwsSdkSigV4Signer: () => AwsSdkSigV4Signer, - NODE_AUTH_SCHEME_PREFERENCE_OPTIONS: () => NODE_AUTH_SCHEME_PREFERENCE_OPTIONS, - NODE_SIGV4A_CONFIG_OPTIONS: () => NODE_SIGV4A_CONFIG_OPTIONS, - getBearerTokenEnvKey: () => getBearerTokenEnvKey, - resolveAWSSDKSigV4Config: () => resolveAWSSDKSigV4Config, - resolveAwsSdkSigV4AConfig: () => resolveAwsSdkSigV4AConfig, - resolveAwsSdkSigV4Config: () => resolveAwsSdkSigV4Config, - validateSigningProperties: () => validateSigningProperties + DEFAULT_UA_APP_ID: () => DEFAULT_UA_APP_ID, + getUserAgentMiddlewareOptions: () => getUserAgentMiddlewareOptions, + getUserAgentPlugin: () => getUserAgentPlugin, + resolveUserAgentConfig: () => resolveUserAgentConfig, + userAgentMiddleware: () => userAgentMiddleware }); module.exports = __toCommonJS(index_exports); -// src/submodules/httpAuthSchemes/aws_sdk/AwsSdkSigV4Signer.ts -var import_protocol_http2 = __nccwpck_require__(4418); +// src/configurations.ts +var import_core = __nccwpck_require__(5829); +var DEFAULT_UA_APP_ID = void 0; +function isValidUserAgentAppId(appId) { + if (appId === void 0) { + return true; + } + return typeof appId === "string" && appId.length <= 50; +} +__name(isValidUserAgentAppId, "isValidUserAgentAppId"); +function resolveUserAgentConfig(input) { + const normalizedAppIdProvider = (0, import_core.normalizeProvider)(input.userAgentAppId ?? DEFAULT_UA_APP_ID); + const { customUserAgent } = input; + return Object.assign(input, { + customUserAgent: typeof customUserAgent === "string" ? [[customUserAgent]] : customUserAgent, + userAgentAppId: /* @__PURE__ */ __name(async () => { + const appId = await normalizedAppIdProvider(); + if (!isValidUserAgentAppId(appId)) { + const logger = input.logger?.constructor?.name === "NoOpLogger" || !input.logger ? console : input.logger; + if (typeof appId !== "string") { + logger?.warn("userAgentAppId must be a string or undefined."); + } else if (appId.length > 50) { + logger?.warn("The provided userAgentAppId exceeds the maximum length of 50 characters."); + } + } + return appId; + }, "userAgentAppId") + }); +} +__name(resolveUserAgentConfig, "resolveUserAgentConfig"); -// src/submodules/httpAuthSchemes/utils/getDateHeader.ts +// src/user-agent-middleware.ts +var import_util_endpoints = __nccwpck_require__(4241); var import_protocol_http = __nccwpck_require__(4418); -var getDateHeader = /* @__PURE__ */ __name((response) => import_protocol_http.HttpResponse.isInstance(response) ? response.headers?.date ?? response.headers?.Date : void 0, "getDateHeader"); - -// src/submodules/httpAuthSchemes/utils/getSkewCorrectedDate.ts -var getSkewCorrectedDate = /* @__PURE__ */ __name((systemClockOffset) => new Date(Date.now() + systemClockOffset), "getSkewCorrectedDate"); - -// src/submodules/httpAuthSchemes/utils/isClockSkewed.ts -var isClockSkewed = /* @__PURE__ */ __name((clockTime, systemClockOffset) => Math.abs(getSkewCorrectedDate(systemClockOffset).getTime() - clockTime) >= 3e5, "isClockSkewed"); - -// src/submodules/httpAuthSchemes/utils/getUpdatedSystemClockOffset.ts -var getUpdatedSystemClockOffset = /* @__PURE__ */ __name((clockTime, currentSystemClockOffset) => { - const clockTimeInMs = Date.parse(clockTime); - if (isClockSkewed(clockTimeInMs, currentSystemClockOffset)) { - return clockTimeInMs - Date.now(); - } - return currentSystemClockOffset; -}, "getUpdatedSystemClockOffset"); -// src/submodules/httpAuthSchemes/aws_sdk/AwsSdkSigV4Signer.ts -var throwSigningPropertyError = /* @__PURE__ */ __name((name, property) => { - if (!property) { - throw new Error(`Property \`${name}\` is not resolved for AWS SDK SigV4Auth`); - } - return property; -}, "throwSigningPropertyError"); -var validateSigningProperties = /* @__PURE__ */ __name(async (signingProperties) => { - const context = throwSigningPropertyError( - "context", - signingProperties.context - ); - const config = throwSigningPropertyError("config", signingProperties.config); - const authScheme = context.endpointV2?.properties?.authSchemes?.[0]; - const signerFunction = throwSigningPropertyError( - "signer", - config.signer - ); - const signer = await signerFunction(authScheme); - const signingRegion = signingProperties?.signingRegion; - const signingRegionSet = signingProperties?.signingRegionSet; - const signingName = signingProperties?.signingName; - return { - config, - signer, - signingRegion, - signingRegionSet, - signingName - }; -}, "validateSigningProperties"); -var AwsSdkSigV4Signer = class { - static { - __name(this, "AwsSdkSigV4Signer"); +// src/check-features.ts +var import_core2 = __nccwpck_require__(2143); +var ACCOUNT_ID_ENDPOINT_REGEX = /\d{12}\.ddb/; +async function checkFeatures(context, config, args) { + const request = args.request; + if (request?.headers?.["smithy-protocol"] === "rpc-v2-cbor") { + (0, import_core2.setFeature)(context, "PROTOCOL_RPC_V2_CBOR", "M"); } - async sign(httpRequest, identity, signingProperties) { - if (!import_protocol_http2.HttpRequest.isInstance(httpRequest)) { - throw new Error("The request is not an instance of `HttpRequest` and cannot be signed"); - } - const validatedProps = await validateSigningProperties(signingProperties); - const { config, signer } = validatedProps; - let { signingRegion, signingName } = validatedProps; - const handlerExecutionContext = signingProperties.context; - if (handlerExecutionContext?.authSchemes?.length ?? 0 > 1) { - const [first, second] = handlerExecutionContext.authSchemes; - if (first?.name === "sigv4a" && second?.name === "sigv4") { - signingRegion = second?.signingRegion ?? signingRegion; - signingName = second?.signingName ?? signingName; + if (typeof config.retryStrategy === "function") { + const retryStrategy = await config.retryStrategy(); + if (typeof retryStrategy.acquireInitialRetryToken === "function") { + if (retryStrategy.constructor?.name?.includes("Adaptive")) { + (0, import_core2.setFeature)(context, "RETRY_MODE_ADAPTIVE", "F"); + } else { + (0, import_core2.setFeature)(context, "RETRY_MODE_STANDARD", "E"); } + } else { + (0, import_core2.setFeature)(context, "RETRY_MODE_LEGACY", "D"); } - const signedRequest = await signer.sign(httpRequest, { - signingDate: getSkewCorrectedDate(config.systemClockOffset), - signingRegion, - signingService: signingName - }); - return signedRequest; - } - errorHandler(signingProperties) { - return (error) => { - const serverTime = error.ServerTime ?? getDateHeader(error.$response); - if (serverTime) { - const config = throwSigningPropertyError("config", signingProperties.config); - const initialSystemClockOffset = config.systemClockOffset; - config.systemClockOffset = getUpdatedSystemClockOffset(serverTime, config.systemClockOffset); - const clockSkewCorrected = config.systemClockOffset !== initialSystemClockOffset; - if (clockSkewCorrected && error.$metadata) { - error.$metadata.clockSkewCorrected = true; - } - } - throw error; - }; } - successHandler(httpResponse, signingProperties) { - const dateHeader = getDateHeader(httpResponse); - if (dateHeader) { - const config = throwSigningPropertyError("config", signingProperties.config); - config.systemClockOffset = getUpdatedSystemClockOffset(dateHeader, config.systemClockOffset); + if (typeof config.accountIdEndpointMode === "function") { + const endpointV2 = context.endpointV2; + if (String(endpointV2?.url?.hostname).match(ACCOUNT_ID_ENDPOINT_REGEX)) { + (0, import_core2.setFeature)(context, "ACCOUNT_ID_ENDPOINT", "O"); } - } -}; -var AWSSDKSigV4Signer = AwsSdkSigV4Signer; - -// src/submodules/httpAuthSchemes/aws_sdk/AwsSdkSigV4ASigner.ts -var import_protocol_http3 = __nccwpck_require__(4418); -var AwsSdkSigV4ASigner = class extends AwsSdkSigV4Signer { - static { - __name(this, "AwsSdkSigV4ASigner"); - } - async sign(httpRequest, identity, signingProperties) { - if (!import_protocol_http3.HttpRequest.isInstance(httpRequest)) { - throw new Error("The request is not an instance of `HttpRequest` and cannot be signed"); + switch (await config.accountIdEndpointMode?.()) { + case "disabled": + (0, import_core2.setFeature)(context, "ACCOUNT_ID_MODE_DISABLED", "Q"); + break; + case "preferred": + (0, import_core2.setFeature)(context, "ACCOUNT_ID_MODE_PREFERRED", "P"); + break; + case "required": + (0, import_core2.setFeature)(context, "ACCOUNT_ID_MODE_REQUIRED", "R"); + break; } - const { config, signer, signingRegion, signingRegionSet, signingName } = await validateSigningProperties( - signingProperties - ); - const configResolvedSigningRegionSet = await config.sigv4aSigningRegionSet?.(); - const multiRegionOverride = (configResolvedSigningRegionSet ?? signingRegionSet ?? [signingRegion]).join(","); - const signedRequest = await signer.sign(httpRequest, { - signingDate: getSkewCorrectedDate(config.systemClockOffset), - signingRegion: multiRegionOverride, - signingService: signingName - }); - return signedRequest; } -}; - -// src/submodules/httpAuthSchemes/utils/getArrayForCommaSeparatedString.ts -var getArrayForCommaSeparatedString = /* @__PURE__ */ __name((str) => typeof str === "string" && str.length > 0 ? str.split(",").map((item) => item.trim()) : [], "getArrayForCommaSeparatedString"); - -// src/submodules/httpAuthSchemes/utils/getBearerTokenEnvKey.ts -var getBearerTokenEnvKey = /* @__PURE__ */ __name((signingName) => `AWS_BEARER_TOKEN_${signingName.replace(/[\s-]/g, "_").toUpperCase()}`, "getBearerTokenEnvKey"); - -// src/submodules/httpAuthSchemes/aws_sdk/NODE_AUTH_SCHEME_PREFERENCE_OPTIONS.ts -var NODE_AUTH_SCHEME_PREFERENCE_ENV_KEY = "AWS_AUTH_SCHEME_PREFERENCE"; -var NODE_AUTH_SCHEME_PREFERENCE_CONFIG_KEY = "auth_scheme_preference"; -var NODE_AUTH_SCHEME_PREFERENCE_OPTIONS = { - /** - * Retrieves auth scheme preference from environment variables - * @param env - Node process environment object - * @returns Array of auth scheme strings if preference is set, undefined otherwise - */ - environmentVariableSelector: /* @__PURE__ */ __name((env, options) => { - if (options?.signingName) { - const bearerTokenKey = getBearerTokenEnvKey(options.signingName); - if (bearerTokenKey in env) return ["httpBearerAuth"]; - } - if (!(NODE_AUTH_SCHEME_PREFERENCE_ENV_KEY in env)) return void 0; - return getArrayForCommaSeparatedString(env[NODE_AUTH_SCHEME_PREFERENCE_ENV_KEY]); - }, "environmentVariableSelector"), - /** - * Retrieves auth scheme preference from config file - * @param profile - Config profile object - * @returns Array of auth scheme strings if preference is set, undefined otherwise - */ - configFileSelector: /* @__PURE__ */ __name((profile) => { - if (!(NODE_AUTH_SCHEME_PREFERENCE_CONFIG_KEY in profile)) return void 0; - return getArrayForCommaSeparatedString(profile[NODE_AUTH_SCHEME_PREFERENCE_CONFIG_KEY]); - }, "configFileSelector"), - /** - * Default auth scheme preference if not specified in environment or config - */ - default: [] -}; - -// src/submodules/httpAuthSchemes/aws_sdk/resolveAwsSdkSigV4AConfig.ts -var import_core = __nccwpck_require__(5829); -var import_property_provider = __nccwpck_require__(9721); -var resolveAwsSdkSigV4AConfig = /* @__PURE__ */ __name((config) => { - config.sigv4aSigningRegionSet = (0, import_core.normalizeProvider)(config.sigv4aSigningRegionSet); - return config; -}, "resolveAwsSdkSigV4AConfig"); -var NODE_SIGV4A_CONFIG_OPTIONS = { - environmentVariableSelector(env) { - if (env.AWS_SIGV4A_SIGNING_REGION_SET) { - return env.AWS_SIGV4A_SIGNING_REGION_SET.split(",").map((_) => _.trim()); + const identity = context.__smithy_context?.selectedHttpAuthScheme?.identity; + if (identity?.$source) { + const credentials = identity; + if (credentials.accountId) { + (0, import_core2.setFeature)(context, "RESOLVED_ACCOUNT_ID", "T"); } - throw new import_property_provider.ProviderError("AWS_SIGV4A_SIGNING_REGION_SET not set in env.", { - tryNextLink: true - }); - }, - configFileSelector(profile) { - if (profile.sigv4a_signing_region_set) { - return (profile.sigv4a_signing_region_set ?? "").split(",").map((_) => _.trim()); + for (const [key, value] of Object.entries(credentials.$source ?? {})) { + (0, import_core2.setFeature)(context, key, value); } - throw new import_property_provider.ProviderError("sigv4a_signing_region_set not set in profile.", { - tryNextLink: true - }); - }, - default: void 0 -}; + } +} +__name(checkFeatures, "checkFeatures"); -// src/submodules/httpAuthSchemes/aws_sdk/resolveAwsSdkSigV4Config.ts -var import_client = __nccwpck_require__(8574); -var import_core2 = __nccwpck_require__(5829); -var import_signature_v4 = __nccwpck_require__(1528); -var resolveAwsSdkSigV4Config = /* @__PURE__ */ __name((config) => { - let inputCredentials = config.credentials; - let isUserSupplied = !!config.credentials; - let resolvedCredentials = void 0; - Object.defineProperty(config, "credentials", { - set(credentials) { - if (credentials && credentials !== inputCredentials && credentials !== resolvedCredentials) { - isUserSupplied = true; - } - inputCredentials = credentials; - const memoizedProvider = normalizeCredentialProvider(config, { - credentials: inputCredentials, - credentialDefaultProvider: config.credentialDefaultProvider - }); - const boundProvider = bindCallerConfig(config, memoizedProvider); - if (isUserSupplied && !boundProvider.attributed) { - resolvedCredentials = /* @__PURE__ */ __name(async (options) => boundProvider(options).then( - (creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_CODE", "e") - ), "resolvedCredentials"); - resolvedCredentials.memoized = boundProvider.memoized; - resolvedCredentials.configBound = boundProvider.configBound; - resolvedCredentials.attributed = true; +// src/constants.ts +var USER_AGENT = "user-agent"; +var X_AMZ_USER_AGENT = "x-amz-user-agent"; +var SPACE = " "; +var UA_NAME_SEPARATOR = "/"; +var UA_NAME_ESCAPE_REGEX = /[^\!\$\%\&\'\*\+\-\.\^\_\`\|\~\d\w]/g; +var UA_VALUE_ESCAPE_REGEX = /[^\!\$\%\&\'\*\+\-\.\^\_\`\|\~\d\w\#]/g; +var UA_ESCAPE_CHAR = "-"; + +// src/encode-features.ts +var BYTE_LIMIT = 1024; +function encodeFeatures(features) { + let buffer = ""; + for (const key in features) { + const val = features[key]; + if (buffer.length + val.length + 1 <= BYTE_LIMIT) { + if (buffer.length) { + buffer += "," + val; } else { - resolvedCredentials = boundProvider; + buffer += val; } - }, - get() { - return resolvedCredentials; - }, - enumerable: true, - configurable: true - }); - config.credentials = inputCredentials; - const { - // Default for signingEscapePath - signingEscapePath = true, - // Default for systemClockOffset - systemClockOffset = config.systemClockOffset || 0, - // No default for sha256 since it is platform dependent - sha256 - } = config; - let signer; - if (config.signer) { - signer = (0, import_core2.normalizeProvider)(config.signer); - } else if (config.regionInfoProvider) { - signer = /* @__PURE__ */ __name(() => (0, import_core2.normalizeProvider)(config.region)().then( - async (region) => [ - await config.regionInfoProvider(region, { - useFipsEndpoint: await config.useFipsEndpoint(), - useDualstackEndpoint: await config.useDualstackEndpoint() - }) || {}, - region - ] - ).then(([regionInfo, region]) => { - const { signingRegion, signingService } = regionInfo; - config.signingRegion = config.signingRegion || signingRegion || region; - config.signingName = config.signingName || signingService || config.serviceId; - const params = { - ...config, - credentials: config.credentials, - region: config.signingRegion, - service: config.signingName, - sha256, - uriEscapePath: signingEscapePath - }; - const SignerCtor = config.signerConstructor || import_signature_v4.SignatureV4; - return new SignerCtor(params); - }), "signer"); - } else { - signer = /* @__PURE__ */ __name(async (authScheme) => { - authScheme = Object.assign( - {}, - { - name: "sigv4", - signingName: config.signingName || config.defaultSigningName, - signingRegion: await (0, import_core2.normalizeProvider)(config.region)(), - properties: {} - }, - authScheme - ); - const signingRegion = authScheme.signingRegion; - const signingService = authScheme.signingName; - config.signingRegion = config.signingRegion || signingRegion; - config.signingName = config.signingName || signingService || config.serviceId; - const params = { - ...config, - credentials: config.credentials, - region: config.signingRegion, - service: config.signingName, - sha256, - uriEscapePath: signingEscapePath - }; - const SignerCtor = config.signerConstructor || import_signature_v4.SignatureV4; - return new SignerCtor(params); - }, "signer"); + continue; + } + break; + } + return buffer; +} +__name(encodeFeatures, "encodeFeatures"); + +// src/user-agent-middleware.ts +var userAgentMiddleware = /* @__PURE__ */ __name((options) => (next, context) => async (args) => { + const { request } = args; + if (!import_protocol_http.HttpRequest.isInstance(request)) { + return next(args); + } + const { headers } = request; + const userAgent = context?.userAgent?.map(escapeUserAgent) || []; + const defaultUserAgent = (await options.defaultUserAgentProvider()).map(escapeUserAgent); + await checkFeatures(context, options, args); + const awsContext = context; + defaultUserAgent.push( + `m/${encodeFeatures( + Object.assign({}, context.__smithy_context?.features, awsContext.__aws_sdk_context?.features) + )}` + ); + const customUserAgent = options?.customUserAgent?.map(escapeUserAgent) || []; + const appId = await options.userAgentAppId(); + if (appId) { + defaultUserAgent.push(escapeUserAgent([`app/${appId}`])); } - const resolvedConfig = Object.assign(config, { - systemClockOffset, - signingEscapePath, - signer - }); - return resolvedConfig; -}, "resolveAwsSdkSigV4Config"); -var resolveAWSSDKSigV4Config = resolveAwsSdkSigV4Config; -function normalizeCredentialProvider(config, { - credentials, - credentialDefaultProvider -}) { - let credentialsProvider; - if (credentials) { - if (!credentials?.memoized) { - credentialsProvider = (0, import_core2.memoizeIdentityProvider)(credentials, import_core2.isIdentityExpired, import_core2.doesIdentityRequireRefresh); - } else { - credentialsProvider = credentials; + const prefix = (0, import_util_endpoints.getUserAgentPrefix)(); + const sdkUserAgentValue = (prefix ? [prefix] : []).concat([...defaultUserAgent, ...userAgent, ...customUserAgent]).join(SPACE); + const normalUAValue = [ + ...defaultUserAgent.filter((section) => section.startsWith("aws-sdk-")), + ...customUserAgent + ].join(SPACE); + if (options.runtime !== "browser") { + if (normalUAValue) { + headers[X_AMZ_USER_AGENT] = headers[X_AMZ_USER_AGENT] ? `${headers[USER_AGENT]} ${normalUAValue}` : normalUAValue; } + headers[USER_AGENT] = sdkUserAgentValue; } else { - if (credentialDefaultProvider) { - credentialsProvider = (0, import_core2.normalizeProvider)( - credentialDefaultProvider( - Object.assign({}, config, { - parentClientConfig: config - }) - ) - ); - } else { - credentialsProvider = /* @__PURE__ */ __name(async () => { - throw new Error( - "@aws-sdk/core::resolveAwsSdkSigV4Config - `credentials` not provided and no credentialDefaultProvider was configured." - ); - }, "credentialsProvider"); - } + headers[X_AMZ_USER_AGENT] = sdkUserAgentValue; } - credentialsProvider.memoized = true; - return credentialsProvider; -} -__name(normalizeCredentialProvider, "normalizeCredentialProvider"); -function bindCallerConfig(config, credentialsProvider) { - if (credentialsProvider.configBound) { - return credentialsProvider; + return next({ + ...args, + request + }); +}, "userAgentMiddleware"); +var escapeUserAgent = /* @__PURE__ */ __name((userAgentPair) => { + const name = userAgentPair[0].split(UA_NAME_SEPARATOR).map((part) => part.replace(UA_NAME_ESCAPE_REGEX, UA_ESCAPE_CHAR)).join(UA_NAME_SEPARATOR); + const version = userAgentPair[1]?.replace(UA_VALUE_ESCAPE_REGEX, UA_ESCAPE_CHAR); + const prefixSeparatorIndex = name.indexOf(UA_NAME_SEPARATOR); + const prefix = name.substring(0, prefixSeparatorIndex); + let uaName = name.substring(prefixSeparatorIndex + 1); + if (prefix === "api") { + uaName = uaName.toLowerCase(); } - const fn = /* @__PURE__ */ __name(async (options) => credentialsProvider({ ...options, callerClientConfig: config }), "fn"); - fn.memoized = credentialsProvider.memoized; - fn.configBound = true; - return fn; -} -__name(bindCallerConfig, "bindCallerConfig"); + return [prefix, uaName, version].filter((item) => item && item.length > 0).reduce((acc, item, index) => { + switch (index) { + case 0: + return item; + case 1: + return `${acc}/${item}`; + default: + return `${acc}#${item}`; + } + }, ""); +}, "escapeUserAgent"); +var getUserAgentMiddlewareOptions = { + name: "getUserAgentMiddleware", + step: "build", + priority: "low", + tags: ["SET_USER_AGENT", "USER_AGENT"], + override: true +}; +var getUserAgentPlugin = /* @__PURE__ */ __name((config) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.add(userAgentMiddleware(config), getUserAgentMiddlewareOptions); + }, "applyToStack") +}), "getUserAgentPlugin"); // Annotate the CommonJS export names for ESM import in node: + 0 && (0); + +/***/ }), + +/***/ 9002: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.resolveHttpAuthSchemeConfig = exports.defaultSSOOIDCHttpAuthSchemeProvider = exports.defaultSSOOIDCHttpAuthSchemeParametersProvider = void 0; +const core_1 = __nccwpck_require__(2143); +const util_middleware_1 = __nccwpck_require__(2390); +const defaultSSOOIDCHttpAuthSchemeParametersProvider = async (config, context, input) => { + return { + operation: (0, util_middleware_1.getSmithyContext)(context).operation, + region: (await (0, util_middleware_1.normalizeProvider)(config.region)()) || + (() => { + throw new Error("expected `region` to be configured for `aws.auth#sigv4`"); + })(), + }; +}; +exports.defaultSSOOIDCHttpAuthSchemeParametersProvider = defaultSSOOIDCHttpAuthSchemeParametersProvider; +function createAwsAuthSigv4HttpAuthOption(authParameters) { + return { + schemeId: "aws.auth#sigv4", + signingProperties: { + name: "sso-oauth", + region: authParameters.region, + }, + propertiesExtractor: (config, context) => ({ + signingProperties: { + config, + context, + }, + }), + }; +} +function createSmithyApiNoAuthHttpAuthOption(authParameters) { + return { + schemeId: "smithy.api#noAuth", + }; +} +const defaultSSOOIDCHttpAuthSchemeProvider = (authParameters) => { + const options = []; + switch (authParameters.operation) { + case "CreateToken": { + options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); + break; + } + default: { + options.push(createAwsAuthSigv4HttpAuthOption(authParameters)); + } + } + return options; +}; +exports.defaultSSOOIDCHttpAuthSchemeProvider = defaultSSOOIDCHttpAuthSchemeProvider; +const resolveHttpAuthSchemeConfig = (config) => { + const config_0 = (0, core_1.resolveAwsSdkSigV4Config)(config); + return Object.assign(config_0, { + authSchemePreference: (0, util_middleware_1.normalizeProvider)(config.authSchemePreference ?? []), + }); +}; +exports.resolveHttpAuthSchemeConfig = resolveHttpAuthSchemeConfig; + + +/***/ }), + +/***/ 8012: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.defaultEndpointResolver = void 0; +const util_endpoints_1 = __nccwpck_require__(4241); +const util_endpoints_2 = __nccwpck_require__(5473); +const ruleset_1 = __nccwpck_require__(2507); +const cache = new util_endpoints_2.EndpointCache({ + size: 50, + params: ["Endpoint", "Region", "UseDualStack", "UseFIPS"], +}); +const defaultEndpointResolver = (endpointParams, context = {}) => { + return cache.get(endpointParams, () => (0, util_endpoints_2.resolveEndpoint)(ruleset_1.ruleSet, { + endpointParams: endpointParams, + logger: context.logger, + })); +}; +exports.defaultEndpointResolver = defaultEndpointResolver; +util_endpoints_2.customEndpointFunctions.aws = util_endpoints_1.awsEndpointFunctions; + + +/***/ }), + +/***/ 2507: +/***/ ((__unused_webpack_module, exports) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.ruleSet = void 0; +const u = "required", v = "fn", w = "argv", x = "ref"; +const a = true, b = "isSet", c = "booleanEquals", d = "error", e = "endpoint", f = "tree", g = "PartitionResult", h = "getAttr", i = { [u]: false, "type": "String" }, j = { [u]: true, "default": false, "type": "Boolean" }, k = { [x]: "Endpoint" }, l = { [v]: c, [w]: [{ [x]: "UseFIPS" }, true] }, m = { [v]: c, [w]: [{ [x]: "UseDualStack" }, true] }, n = {}, o = { [v]: h, [w]: [{ [x]: g }, "supportsFIPS"] }, p = { [x]: g }, q = { [v]: c, [w]: [true, { [v]: h, [w]: [p, "supportsDualStack"] }] }, r = [l], s = [m], t = [{ [x]: "Region" }]; +const _data = { version: "1.0", parameters: { Region: i, UseDualStack: j, UseFIPS: j, Endpoint: i }, rules: [{ conditions: [{ [v]: b, [w]: [k] }], rules: [{ conditions: r, error: "Invalid Configuration: FIPS and custom endpoint are not supported", type: d }, { conditions: s, error: "Invalid Configuration: Dualstack and custom endpoint are not supported", type: d }, { endpoint: { url: k, properties: n, headers: n }, type: e }], type: f }, { conditions: [{ [v]: b, [w]: t }], rules: [{ conditions: [{ [v]: "aws.partition", [w]: t, assign: g }], rules: [{ conditions: [l, m], rules: [{ conditions: [{ [v]: c, [w]: [a, o] }, q], rules: [{ endpoint: { url: "https://oidc-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: n, headers: n }, type: e }], type: f }, { error: "FIPS and DualStack are enabled, but this partition does not support one or both", type: d }], type: f }, { conditions: r, rules: [{ conditions: [{ [v]: c, [w]: [o, a] }], rules: [{ conditions: [{ [v]: "stringEquals", [w]: [{ [v]: h, [w]: [p, "name"] }, "aws-us-gov"] }], endpoint: { url: "https://oidc.{Region}.amazonaws.com", properties: n, headers: n }, type: e }, { endpoint: { url: "https://oidc-fips.{Region}.{PartitionResult#dnsSuffix}", properties: n, headers: n }, type: e }], type: f }, { error: "FIPS is enabled but this partition does not support FIPS", type: d }], type: f }, { conditions: s, rules: [{ conditions: [q], rules: [{ endpoint: { url: "https://oidc.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: n, headers: n }, type: e }], type: f }, { error: "DualStack is enabled but this partition does not support DualStack", type: d }], type: f }, { endpoint: { url: "https://oidc.{Region}.{PartitionResult#dnsSuffix}", properties: n, headers: n }, type: e }], type: f }], type: f }, { error: "Invalid Configuration: Missing Region", type: d }] }; +exports.ruleSet = _data; + + /***/ }), -/***/ 5986: +/***/ 8959: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; @@ -47570,2044 +31240,2285 @@ var __copyProps = (to, from, except, desc) => { }; var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -// src/submodules/protocols/index.ts +// src/submodules/sso-oidc/index.ts var index_exports = {}; __export(index_exports, { - AwsEc2QueryProtocol: () => AwsEc2QueryProtocol, - AwsJson1_0Protocol: () => AwsJson1_0Protocol, - AwsJson1_1Protocol: () => AwsJson1_1Protocol, - AwsJsonRpcProtocol: () => AwsJsonRpcProtocol, - AwsQueryProtocol: () => AwsQueryProtocol, - AwsRestJsonProtocol: () => AwsRestJsonProtocol, - AwsRestXmlProtocol: () => AwsRestXmlProtocol, - JsonCodec: () => JsonCodec, - JsonShapeDeserializer: () => JsonShapeDeserializer, - JsonShapeSerializer: () => JsonShapeSerializer, - XmlCodec: () => XmlCodec, - XmlShapeDeserializer: () => XmlShapeDeserializer, - XmlShapeSerializer: () => XmlShapeSerializer, - _toBool: () => _toBool, - _toNum: () => _toNum, - _toStr: () => _toStr, - awsExpectUnion: () => awsExpectUnion, - loadRestJsonErrorCode: () => loadRestJsonErrorCode, - loadRestXmlErrorCode: () => loadRestXmlErrorCode, - parseJsonBody: () => parseJsonBody, - parseJsonErrorBody: () => parseJsonErrorBody, - parseXmlBody: () => parseXmlBody, - parseXmlErrorBody: () => parseXmlErrorBody + $Command: () => import_smithy_client6.Command, + AccessDeniedException: () => AccessDeniedException, + AuthorizationPendingException: () => AuthorizationPendingException, + CreateTokenCommand: () => CreateTokenCommand, + CreateTokenRequestFilterSensitiveLog: () => CreateTokenRequestFilterSensitiveLog, + CreateTokenResponseFilterSensitiveLog: () => CreateTokenResponseFilterSensitiveLog, + ExpiredTokenException: () => ExpiredTokenException, + InternalServerException: () => InternalServerException, + InvalidClientException: () => InvalidClientException, + InvalidGrantException: () => InvalidGrantException, + InvalidRequestException: () => InvalidRequestException, + InvalidScopeException: () => InvalidScopeException, + SSOOIDC: () => SSOOIDC, + SSOOIDCClient: () => SSOOIDCClient, + SSOOIDCServiceException: () => SSOOIDCServiceException, + SlowDownException: () => SlowDownException, + UnauthorizedClientException: () => UnauthorizedClientException, + UnsupportedGrantTypeException: () => UnsupportedGrantTypeException, + __Client: () => import_smithy_client2.Client }); module.exports = __toCommonJS(index_exports); -// src/submodules/protocols/coercing-serializers.ts -var _toStr = /* @__PURE__ */ __name((val) => { - if (val == null) { - return val; - } - if (typeof val === "number" || typeof val === "bigint") { - const warning = new Error(`Received number ${val} where a string was expected.`); - warning.name = "Warning"; - console.warn(warning); - return String(val); - } - if (typeof val === "boolean") { - const warning = new Error(`Received boolean ${val} where a string was expected.`); - warning.name = "Warning"; - console.warn(warning); - return String(val); - } - return val; -}, "_toStr"); -var _toBool = /* @__PURE__ */ __name((val) => { - if (val == null) { - return val; - } - if (typeof val === "number") { - } - if (typeof val === "string") { - const lowercase = val.toLowerCase(); - if (val !== "" && lowercase !== "false" && lowercase !== "true") { - const warning = new Error(`Received string "${val}" where a boolean was expected.`); - warning.name = "Warning"; - console.warn(warning); - } - return val !== "" && lowercase !== "false"; - } - return val; -}, "_toBool"); -var _toNum = /* @__PURE__ */ __name((val) => { - if (val == null) { - return val; - } - if (typeof val === "boolean") { - } - if (typeof val === "string") { - const num = Number(val); - if (num.toString() !== val) { - const warning = new Error(`Received string "${val}" where a number was expected.`); - warning.name = "Warning"; - console.warn(warning); - return val; - } - return num; - } - return val; -}, "_toNum"); - -// src/submodules/protocols/json/AwsJsonRpcProtocol.ts -var import_protocols = __nccwpck_require__(2241); -var import_schema3 = __nccwpck_require__(9826); -var import_util_body_length_browser = __nccwpck_require__(713); - -// src/submodules/protocols/ConfigurableSerdeContext.ts -var SerdeContextConfig = class { - static { - __name(this, "SerdeContextConfig"); - } - serdeContext; - setSerdeContext(serdeContext) { - this.serdeContext = serdeContext; - } -}; - -// src/submodules/protocols/json/JsonShapeDeserializer.ts -var import_schema = __nccwpck_require__(9826); -var import_serde2 = __nccwpck_require__(7669); -var import_util_base64 = __nccwpck_require__(5600); - -// src/submodules/protocols/json/jsonReviver.ts -var import_serde = __nccwpck_require__(7669); -function jsonReviver(key, value, context) { - if (context?.source) { - const numericString = context.source; - if (typeof value === "number") { - if (value > Number.MAX_SAFE_INTEGER || value < Number.MIN_SAFE_INTEGER || numericString !== String(value)) { - const isFractional = numericString.includes("."); - if (isFractional) { - return new import_serde.NumericValue(numericString, "bigDecimal"); - } else { - return BigInt(numericString); - } - } - } - } - return value; -} -__name(jsonReviver, "jsonReviver"); - -// src/submodules/protocols/common.ts -var import_smithy_client = __nccwpck_require__(3570); -var collectBodyString = /* @__PURE__ */ __name((streamBody, context) => (0, import_smithy_client.collectBody)(streamBody, context).then((body) => context.utf8Encoder(body)), "collectBodyString"); - -// src/submodules/protocols/json/parseJsonBody.ts -var parseJsonBody = /* @__PURE__ */ __name((streamBody, context) => collectBodyString(streamBody, context).then((encoded) => { - if (encoded.length) { - try { - return JSON.parse(encoded); - } catch (e) { - if (e?.name === "SyntaxError") { - Object.defineProperty(e, "$responseBodyText", { - value: encoded - }); - } - throw e; - } - } - return {}; -}), "parseJsonBody"); -var parseJsonErrorBody = /* @__PURE__ */ __name(async (errorBody, context) => { - const value = await parseJsonBody(errorBody, context); - value.message = value.message ?? value.Message; - return value; -}, "parseJsonErrorBody"); -var loadRestJsonErrorCode = /* @__PURE__ */ __name((output, data) => { - const findKey = /* @__PURE__ */ __name((object, key) => Object.keys(object).find((k) => k.toLowerCase() === key.toLowerCase()), "findKey"); - const sanitizeErrorCode = /* @__PURE__ */ __name((rawValue) => { - let cleanValue = rawValue; - if (typeof cleanValue === "number") { - cleanValue = cleanValue.toString(); - } - if (cleanValue.indexOf(",") >= 0) { - cleanValue = cleanValue.split(",")[0]; - } - if (cleanValue.indexOf(":") >= 0) { - cleanValue = cleanValue.split(":")[0]; - } - if (cleanValue.indexOf("#") >= 0) { - cleanValue = cleanValue.split("#")[1]; - } - return cleanValue; - }, "sanitizeErrorCode"); - const headerKey = findKey(output.headers, "x-amzn-errortype"); - if (headerKey !== void 0) { - return sanitizeErrorCode(output.headers[headerKey]); - } - if (data && typeof data === "object") { - const codeKey = findKey(data, "code"); - if (codeKey && data[codeKey] !== void 0) { - return sanitizeErrorCode(data[codeKey]); - } - if (data["__type"] !== void 0) { - return sanitizeErrorCode(data["__type"]); - } - } -}, "loadRestJsonErrorCode"); +// src/submodules/sso-oidc/SSOOIDCClient.ts +var import_middleware_host_header = __nccwpck_require__(9514); +var import_middleware_logger = __nccwpck_require__(5675); +var import_middleware_recursion_detection = __nccwpck_require__(7977); +var import_middleware_user_agent = __nccwpck_require__(6634); +var import_config_resolver = __nccwpck_require__(3098); +var import_core = __nccwpck_require__(5829); +var import_middleware_content_length = __nccwpck_require__(2800); +var import_middleware_endpoint = __nccwpck_require__(2918); +var import_middleware_retry = __nccwpck_require__(6039); +var import_smithy_client2 = __nccwpck_require__(3570); +var import_httpAuthSchemeProvider = __nccwpck_require__(9002); -// src/submodules/protocols/json/JsonShapeDeserializer.ts -var JsonShapeDeserializer = class extends SerdeContextConfig { - constructor(settings) { - super(); - this.settings = settings; - } - static { - __name(this, "JsonShapeDeserializer"); - } - async read(schema, data) { - return this._read( - schema, - typeof data === "string" ? JSON.parse(data, jsonReviver) : await parseJsonBody(data, this.serdeContext) - ); - } - readObject(schema, data) { - return this._read(schema, data); - } - _read(schema, value) { - const isObject = value !== null && typeof value === "object"; - const ns = import_schema.NormalizedSchema.of(schema); - if (ns.isListSchema() && Array.isArray(value)) { - const listMember = ns.getValueSchema(); - const out = []; - const sparse = !!ns.getMergedTraits().sparse; - for (const item of value) { - if (sparse || item != null) { - out.push(this._read(listMember, item)); - } - } - return out; - } else if (ns.isMapSchema() && isObject) { - const mapMember = ns.getValueSchema(); - const out = {}; - const sparse = !!ns.getMergedTraits().sparse; - for (const [_k, _v] of Object.entries(value)) { - if (sparse || _v != null) { - out[_k] = this._read(mapMember, _v); - } - } - return out; - } else if (ns.isStructSchema() && isObject) { - const out = {}; - for (const [memberName, memberSchema] of ns.structIterator()) { - const fromKey = this.settings.jsonName ? memberSchema.getMergedTraits().jsonName ?? memberName : memberName; - const deserializedValue = this._read(memberSchema, value[fromKey]); - if (deserializedValue != null) { - out[memberName] = deserializedValue; - } - } - return out; - } - if (ns.isBlobSchema() && typeof value === "string") { - return (0, import_util_base64.fromBase64)(value); - } - const mediaType = ns.getMergedTraits().mediaType; - if (ns.isStringSchema() && typeof value === "string" && mediaType) { - const isJson = mediaType === "application/json" || mediaType.endsWith("+json"); - if (isJson) { - return import_serde2.LazyJsonString.from(value); - } - } - if (ns.isTimestampSchema()) { - const options = this.settings.timestampFormat; - const format = options.useTrait ? ns.getSchema() === import_schema.SCHEMA.TIMESTAMP_DEFAULT ? options.default : ns.getSchema() ?? options.default : options.default; - switch (format) { - case import_schema.SCHEMA.TIMESTAMP_DATE_TIME: - return (0, import_serde2.parseRfc3339DateTimeWithOffset)(value); - case import_schema.SCHEMA.TIMESTAMP_HTTP_DATE: - return (0, import_serde2.parseRfc7231DateTime)(value); - case import_schema.SCHEMA.TIMESTAMP_EPOCH_SECONDS: - return (0, import_serde2.parseEpochTimestamp)(value); - default: - console.warn("Missing timestamp format, parsing value with Date constructor:", value); - return new Date(value); - } - } - if (ns.isBigIntegerSchema() && (typeof value === "number" || typeof value === "string")) { - return BigInt(value); - } - if (ns.isBigDecimalSchema() && value != void 0) { - if (value instanceof import_serde2.NumericValue) { - return value; - } - return new import_serde2.NumericValue(String(value), "bigDecimal"); - } - if (ns.isNumericSchema() && typeof value === "string") { - switch (value) { - case "Infinity": - return Infinity; - case "-Infinity": - return -Infinity; - case "NaN": - return NaN; +// src/submodules/sso-oidc/endpoint/EndpointParameters.ts +var resolveClientEndpointParameters = /* @__PURE__ */ __name((options) => { + return Object.assign(options, { + useDualstackEndpoint: options.useDualstackEndpoint ?? false, + useFipsEndpoint: options.useFipsEndpoint ?? false, + defaultSigningName: "sso-oauth" + }); +}, "resolveClientEndpointParameters"); +var commonParams = { + UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, + Endpoint: { type: "builtInParams", name: "endpoint" }, + Region: { type: "builtInParams", name: "region" }, + UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" } +}; + +// src/submodules/sso-oidc/SSOOIDCClient.ts +var import_runtimeConfig = __nccwpck_require__(5875); + +// src/submodules/sso-oidc/runtimeExtensions.ts +var import_region_config_resolver = __nccwpck_require__(6976); +var import_protocol_http = __nccwpck_require__(4418); +var import_smithy_client = __nccwpck_require__(3570); + +// src/submodules/sso-oidc/auth/httpAuthExtensionConfiguration.ts +var getHttpAuthExtensionConfiguration = /* @__PURE__ */ __name((runtimeConfig) => { + const _httpAuthSchemes = runtimeConfig.httpAuthSchemes; + let _httpAuthSchemeProvider = runtimeConfig.httpAuthSchemeProvider; + let _credentials = runtimeConfig.credentials; + return { + setHttpAuthScheme(httpAuthScheme) { + const index = _httpAuthSchemes.findIndex((scheme) => scheme.schemeId === httpAuthScheme.schemeId); + if (index === -1) { + _httpAuthSchemes.push(httpAuthScheme); + } else { + _httpAuthSchemes.splice(index, 1, httpAuthScheme); } + }, + httpAuthSchemes() { + return _httpAuthSchemes; + }, + setHttpAuthSchemeProvider(httpAuthSchemeProvider) { + _httpAuthSchemeProvider = httpAuthSchemeProvider; + }, + httpAuthSchemeProvider() { + return _httpAuthSchemeProvider; + }, + setCredentials(credentials) { + _credentials = credentials; + }, + credentials() { + return _credentials; } - return value; - } -}; + }; +}, "getHttpAuthExtensionConfiguration"); +var resolveHttpAuthRuntimeConfig = /* @__PURE__ */ __name((config) => { + return { + httpAuthSchemes: config.httpAuthSchemes(), + httpAuthSchemeProvider: config.httpAuthSchemeProvider(), + credentials: config.credentials() + }; +}, "resolveHttpAuthRuntimeConfig"); -// src/submodules/protocols/json/JsonShapeSerializer.ts -var import_schema2 = __nccwpck_require__(9826); -var import_serde4 = __nccwpck_require__(7669); +// src/submodules/sso-oidc/runtimeExtensions.ts +var resolveRuntimeExtensions = /* @__PURE__ */ __name((runtimeConfig, extensions) => { + const extensionConfiguration = Object.assign( + (0, import_region_config_resolver.getAwsRegionExtensionConfiguration)(runtimeConfig), + (0, import_smithy_client.getDefaultExtensionConfiguration)(runtimeConfig), + (0, import_protocol_http.getHttpHandlerExtensionConfiguration)(runtimeConfig), + getHttpAuthExtensionConfiguration(runtimeConfig) + ); + extensions.forEach((extension) => extension.configure(extensionConfiguration)); + return Object.assign( + runtimeConfig, + (0, import_region_config_resolver.resolveAwsRegionExtensionConfiguration)(extensionConfiguration), + (0, import_smithy_client.resolveDefaultRuntimeConfig)(extensionConfiguration), + (0, import_protocol_http.resolveHttpHandlerRuntimeConfig)(extensionConfiguration), + resolveHttpAuthRuntimeConfig(extensionConfiguration) + ); +}, "resolveRuntimeExtensions"); -// src/submodules/protocols/json/jsonReplacer.ts -var import_serde3 = __nccwpck_require__(7669); -var NUMERIC_CONTROL_CHAR = String.fromCharCode(925); -var JsonReplacer = class { +// src/submodules/sso-oidc/SSOOIDCClient.ts +var SSOOIDCClient = class extends import_smithy_client2.Client { static { - __name(this, "JsonReplacer"); + __name(this, "SSOOIDCClient"); } /** - * Stores placeholder key to true serialized value lookup. - */ - values = /* @__PURE__ */ new Map(); - counter = 0; - stage = 0; - /** - * Creates a jsonReplacer function that reserves big integer and big decimal values - * for later replacement. + * The resolved configuration of SSOOIDCClient class. This is resolved and normalized from the {@link SSOOIDCClientConfig | constructor configuration interface}. */ - createReplacer() { - if (this.stage === 1) { - throw new Error("@aws-sdk/core/protocols - JsonReplacer already created."); - } - if (this.stage === 2) { - throw new Error("@aws-sdk/core/protocols - JsonReplacer exhausted."); - } - this.stage = 1; - return (key, value) => { - if (value instanceof import_serde3.NumericValue) { - const v = `${NUMERIC_CONTROL_CHAR + "nv" + this.counter++}_` + value.string; - this.values.set(`"${v}"`, value.string); - return v; - } - if (typeof value === "bigint") { - const s = value.toString(); - const v = `${NUMERIC_CONTROL_CHAR + "b" + this.counter++}_` + s; - this.values.set(`"${v}"`, s); - return v; - } - return value; - }; + config; + constructor(...[configuration]) { + const _config_0 = (0, import_runtimeConfig.getRuntimeConfig)(configuration || {}); + super(_config_0); + this.initConfig = _config_0; + const _config_1 = resolveClientEndpointParameters(_config_0); + const _config_2 = (0, import_middleware_user_agent.resolveUserAgentConfig)(_config_1); + const _config_3 = (0, import_middleware_retry.resolveRetryConfig)(_config_2); + const _config_4 = (0, import_config_resolver.resolveRegionConfig)(_config_3); + const _config_5 = (0, import_middleware_host_header.resolveHostHeaderConfig)(_config_4); + const _config_6 = (0, import_middleware_endpoint.resolveEndpointConfig)(_config_5); + const _config_7 = (0, import_httpAuthSchemeProvider.resolveHttpAuthSchemeConfig)(_config_6); + const _config_8 = resolveRuntimeExtensions(_config_7, configuration?.extensions || []); + this.config = _config_8; + this.middlewareStack.use((0, import_middleware_user_agent.getUserAgentPlugin)(this.config)); + this.middlewareStack.use((0, import_middleware_retry.getRetryPlugin)(this.config)); + this.middlewareStack.use((0, import_middleware_content_length.getContentLengthPlugin)(this.config)); + this.middlewareStack.use((0, import_middleware_host_header.getHostHeaderPlugin)(this.config)); + this.middlewareStack.use((0, import_middleware_logger.getLoggerPlugin)(this.config)); + this.middlewareStack.use((0, import_middleware_recursion_detection.getRecursionDetectionPlugin)(this.config)); + this.middlewareStack.use( + (0, import_core.getHttpAuthSchemeEndpointRuleSetPlugin)(this.config, { + httpAuthSchemeParametersProvider: import_httpAuthSchemeProvider.defaultSSOOIDCHttpAuthSchemeParametersProvider, + identityProviderConfigProvider: /* @__PURE__ */ __name(async (config) => new import_core.DefaultIdentityProviderConfig({ + "aws.auth#sigv4": config.credentials + }), "identityProviderConfigProvider") + }) + ); + this.middlewareStack.use((0, import_core.getHttpSigningPlugin)(this.config)); } /** - * Replaces placeholder keys with their true values. + * Destroy underlying resources, like sockets. It's usually not necessary to do this. + * However in Node.js, it's best to explicitly shut down the client's agent when it is no longer needed. + * Otherwise, sockets might stay open for quite a long time before the server terminates them. */ - replaceInJson(json) { - if (this.stage === 0) { - throw new Error("@aws-sdk/core/protocols - JsonReplacer not created yet."); - } - if (this.stage === 2) { - throw new Error("@aws-sdk/core/protocols - JsonReplacer exhausted."); - } - this.stage = 2; - if (this.counter === 0) { - return json; - } - for (const [key, value] of this.values) { - json = json.replace(key, value); - } - return json; + destroy() { + super.destroy(); } }; -// src/submodules/protocols/json/JsonShapeSerializer.ts -var JsonShapeSerializer = class extends SerdeContextConfig { - constructor(settings) { - super(); - this.settings = settings; - } +// src/submodules/sso-oidc/SSOOIDC.ts +var import_smithy_client7 = __nccwpck_require__(3570); + +// src/submodules/sso-oidc/commands/CreateTokenCommand.ts +var import_middleware_endpoint2 = __nccwpck_require__(2918); +var import_middleware_serde = __nccwpck_require__(1238); +var import_smithy_client6 = __nccwpck_require__(3570); + +// src/submodules/sso-oidc/models/models_0.ts +var import_smithy_client4 = __nccwpck_require__(3570); + +// src/submodules/sso-oidc/models/SSOOIDCServiceException.ts +var import_smithy_client3 = __nccwpck_require__(3570); +var SSOOIDCServiceException = class _SSOOIDCServiceException extends import_smithy_client3.ServiceException { static { - __name(this, "JsonShapeSerializer"); - } - buffer; - rootSchema; - write(schema, value) { - this.rootSchema = import_schema2.NormalizedSchema.of(schema); - this.buffer = this._write(this.rootSchema, value); - } - flush() { - if (this.rootSchema?.isStructSchema() || this.rootSchema?.isDocumentSchema()) { - const replacer = new JsonReplacer(); - return replacer.replaceInJson(JSON.stringify(this.buffer, replacer.createReplacer(), 0)); - } - return this.buffer; + __name(this, "SSOOIDCServiceException"); } - _write(schema, value, container) { - const isObject = value !== null && typeof value === "object"; - const ns = import_schema2.NormalizedSchema.of(schema); - if (ns.isListSchema() && Array.isArray(value)) { - const listMember = ns.getValueSchema(); - const out = []; - const sparse = !!ns.getMergedTraits().sparse; - for (const item of value) { - if (sparse || item != null) { - out.push(this._write(listMember, item)); - } - } - return out; - } else if (ns.isMapSchema() && isObject) { - const mapMember = ns.getValueSchema(); - const out = {}; - const sparse = !!ns.getMergedTraits().sparse; - for (const [_k, _v] of Object.entries(value)) { - if (sparse || _v != null) { - out[_k] = this._write(mapMember, _v); - } - } - return out; - } else if (ns.isStructSchema() && isObject) { - const out = {}; - for (const [memberName, memberSchema] of ns.structIterator()) { - const targetKey = this.settings.jsonName ? memberSchema.getMergedTraits().jsonName ?? memberName : memberName; - const serializableValue = this._write(memberSchema, value[memberName], ns); - if (serializableValue !== void 0) { - out[targetKey] = serializableValue; - } - } - return out; - } - if (value === null && container?.isStructSchema()) { - return void 0; - } - if (ns.isBlobSchema() && (value instanceof Uint8Array || typeof value === "string")) { - if (ns === this.rootSchema) { - return value; - } - if (!this.serdeContext?.base64Encoder) { - throw new Error("Missing base64Encoder in serdeContext"); - } - return this.serdeContext?.base64Encoder(value); - } - if (ns.isTimestampSchema() && value instanceof Date) { - const options = this.settings.timestampFormat; - const format = options.useTrait ? ns.getSchema() === import_schema2.SCHEMA.TIMESTAMP_DEFAULT ? options.default : ns.getSchema() ?? options.default : options.default; - switch (format) { - case import_schema2.SCHEMA.TIMESTAMP_DATE_TIME: - return value.toISOString().replace(".000Z", "Z"); - case import_schema2.SCHEMA.TIMESTAMP_HTTP_DATE: - return (0, import_serde4.dateToUtcString)(value); - case import_schema2.SCHEMA.TIMESTAMP_EPOCH_SECONDS: - return value.getTime() / 1e3; - default: - console.warn("Missing timestamp format, using epoch seconds", value); - return value.getTime() / 1e3; - } - } - if (ns.isNumericSchema() && typeof value === "number") { - if (Math.abs(value) === Infinity || isNaN(value)) { - return String(value); - } - } - if (ns.isStringSchema()) { - if (typeof value === "undefined" && ns.isIdempotencyToken()) { - return (0, import_serde4.generateIdempotencyToken)(); - } - const mediaType = ns.getMergedTraits().mediaType; - if (typeof value === "string" && mediaType) { - const isJson = mediaType === "application/json" || mediaType.endsWith("+json"); - if (isJson) { - return import_serde4.LazyJsonString.from(value); - } - } - } - return value; + /** + * @internal + */ + constructor(options) { + super(options); + Object.setPrototypeOf(this, _SSOOIDCServiceException.prototype); } }; -// src/submodules/protocols/json/JsonCodec.ts -var JsonCodec = class extends SerdeContextConfig { - constructor(settings) { - super(); - this.settings = settings; - } +// src/submodules/sso-oidc/models/models_0.ts +var AccessDeniedException = class _AccessDeniedException extends SSOOIDCServiceException { static { - __name(this, "JsonCodec"); - } - createSerializer() { - const serializer = new JsonShapeSerializer(this.settings); - serializer.setSerdeContext(this.serdeContext); - return serializer; + __name(this, "AccessDeniedException"); } - createDeserializer() { - const deserializer = new JsonShapeDeserializer(this.settings); - deserializer.setSerdeContext(this.serdeContext); - return deserializer; + name = "AccessDeniedException"; + $fault = "client"; + /** + *Single error code. For this exception the value will be access_denied.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; + /** + * @internal + */ + constructor(opts) { + super({ + name: "AccessDeniedException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _AccessDeniedException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; } }; - -// src/submodules/protocols/json/AwsJsonRpcProtocol.ts -var AwsJsonRpcProtocol = class extends import_protocols.RpcProtocol { +var AuthorizationPendingException = class _AuthorizationPendingException extends SSOOIDCServiceException { static { - __name(this, "AwsJsonRpcProtocol"); + __name(this, "AuthorizationPendingException"); } - serializer; - deserializer; - serviceTarget; - codec; - constructor({ defaultNamespace, serviceTarget }) { + name = "AuthorizationPendingException"; + $fault = "client"; + /** + *Single error code. For this exception the value will be
+ * authorization_pending.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; + /** + * @internal + */ + constructor(opts) { super({ - defaultNamespace + name: "AuthorizationPendingException", + $fault: "client", + ...opts }); - this.serviceTarget = serviceTarget; - this.codec = new JsonCodec({ - timestampFormat: { - useTrait: true, - default: import_schema3.SCHEMA.TIMESTAMP_EPOCH_SECONDS - }, - jsonName: false + Object.setPrototypeOf(this, _AuthorizationPendingException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; + } +}; +var CreateTokenRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.clientSecret && { clientSecret: import_smithy_client4.SENSITIVE_STRING }, + ...obj.refreshToken && { refreshToken: import_smithy_client4.SENSITIVE_STRING }, + ...obj.codeVerifier && { codeVerifier: import_smithy_client4.SENSITIVE_STRING } +}), "CreateTokenRequestFilterSensitiveLog"); +var CreateTokenResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.accessToken && { accessToken: import_smithy_client4.SENSITIVE_STRING }, + ...obj.refreshToken && { refreshToken: import_smithy_client4.SENSITIVE_STRING }, + ...obj.idToken && { idToken: import_smithy_client4.SENSITIVE_STRING } +}), "CreateTokenResponseFilterSensitiveLog"); +var ExpiredTokenException = class _ExpiredTokenException extends SSOOIDCServiceException { + static { + __name(this, "ExpiredTokenException"); + } + name = "ExpiredTokenException"; + $fault = "client"; + /** + *Single error code. For this exception the value will be expired_token.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; + /** + * @internal + */ + constructor(opts) { + super({ + name: "ExpiredTokenException", + $fault: "client", + ...opts }); - this.serializer = this.codec.createSerializer(); - this.deserializer = this.codec.createDeserializer(); + Object.setPrototypeOf(this, _ExpiredTokenException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; } - async serializeRequest(operationSchema, input, context) { - const request = await super.serializeRequest(operationSchema, input, context); - if (!request.path.endsWith("/")) { - request.path += "/"; - } - Object.assign(request.headers, { - "content-type": `application/x-amz-json-${this.getJsonRpcVersion()}`, - "x-amz-target": `${this.serviceTarget}.${import_schema3.NormalizedSchema.of(operationSchema).getName()}` +}; +var InternalServerException = class _InternalServerException extends SSOOIDCServiceException { + static { + __name(this, "InternalServerException"); + } + name = "InternalServerException"; + $fault = "server"; + /** + *Single error code. For this exception the value will be server_error.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; + /** + * @internal + */ + constructor(opts) { + super({ + name: "InternalServerException", + $fault: "server", + ...opts }); - if ((0, import_schema3.deref)(operationSchema.input) === "unit" || !request.body) { - request.body = "{}"; - } - try { - request.headers["content-length"] = String((0, import_util_body_length_browser.calculateBodyLength)(request.body)); - } catch (e) { - } - return request; + Object.setPrototypeOf(this, _InternalServerException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; } - getPayloadCodec() { - return this.codec; +}; +var InvalidClientException = class _InvalidClientException extends SSOOIDCServiceException { + static { + __name(this, "InvalidClientException"); } - async handleError(operationSchema, context, response, dataObject, metadata) { - const errorIdentifier = loadRestJsonErrorCode(response, dataObject) ?? "Unknown"; - let namespace = this.options.defaultNamespace; - let errorName = errorIdentifier; - if (errorIdentifier.includes("#")) { - [namespace, errorName] = errorIdentifier.split("#"); - } - const registry = import_schema3.TypeRegistry.for(namespace); - let errorSchema; - try { - errorSchema = registry.getSchema(errorIdentifier); - } catch (e) { - const baseExceptionSchema = import_schema3.TypeRegistry.for("smithy.ts.sdk.synthetic." + namespace).getBaseException(); - if (baseExceptionSchema) { - const ErrorCtor = baseExceptionSchema.ctor; - throw Object.assign(new ErrorCtor(errorName), dataObject); - } - throw new Error(errorName); - } - const ns = import_schema3.NormalizedSchema.of(errorSchema); - const message = dataObject.message ?? dataObject.Message ?? "Unknown"; - const exception = new errorSchema.ctor(message); - await this.deserializeHttpMessage(errorSchema, context, response, dataObject); - const output = {}; - for (const [name, member] of ns.structIterator()) { - const target = member.getMergedTraits().jsonName ?? name; - output[name] = this.codec.createDeserializer().readObject(member, dataObject[target]); - } - Object.assign(exception, { - $metadata: metadata, - $response: response, - $fault: ns.getMergedTraits().error, - message, - ...output + name = "InvalidClientException"; + $fault = "client"; + /** + *Single error code. For this exception the value will be
+ * invalid_client.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; + /** + * @internal + */ + constructor(opts) { + super({ + name: "InvalidClientException", + $fault: "client", + ...opts }); - throw exception; + Object.setPrototypeOf(this, _InvalidClientException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; } }; - -// src/submodules/protocols/json/AwsJson1_0Protocol.ts -var AwsJson1_0Protocol = class extends AwsJsonRpcProtocol { +var InvalidGrantException = class _InvalidGrantException extends SSOOIDCServiceException { static { - __name(this, "AwsJson1_0Protocol"); + __name(this, "InvalidGrantException"); } - constructor({ defaultNamespace, serviceTarget }) { + name = "InvalidGrantException"; + $fault = "client"; + /** + *Single error code. For this exception the value will be invalid_grant.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; + /** + * @internal + */ + constructor(opts) { super({ - defaultNamespace, - serviceTarget + name: "InvalidGrantException", + $fault: "client", + ...opts }); + Object.setPrototypeOf(this, _InvalidGrantException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; } - getShapeId() { - return "aws.protocols#awsJson1_0"; - } - getJsonRpcVersion() { - return "1.0"; +}; +var InvalidRequestException = class _InvalidRequestException extends SSOOIDCServiceException { + static { + __name(this, "InvalidRequestException"); } + name = "InvalidRequestException"; + $fault = "client"; /** - * @override + *Single error code. For this exception the value will be
+ * invalid_request.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; + /** + * @internal + */ + constructor(opts) { + super({ + name: "InvalidRequestException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _InvalidRequestException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; } }; - -// src/submodules/protocols/json/AwsJson1_1Protocol.ts -var AwsJson1_1Protocol = class extends AwsJsonRpcProtocol { +var InvalidScopeException = class _InvalidScopeException extends SSOOIDCServiceException { static { - __name(this, "AwsJson1_1Protocol"); + __name(this, "InvalidScopeException"); } - constructor({ defaultNamespace, serviceTarget }) { + name = "InvalidScopeException"; + $fault = "client"; + /** + *Single error code. For this exception the value will be invalid_scope.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; + /** + * @internal + */ + constructor(opts) { super({ - defaultNamespace, - serviceTarget + name: "InvalidScopeException", + $fault: "client", + ...opts }); + Object.setPrototypeOf(this, _InvalidScopeException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; } - getShapeId() { - return "aws.protocols#awsJson1_1"; - } - getJsonRpcVersion() { - return "1.1"; +}; +var SlowDownException = class _SlowDownException extends SSOOIDCServiceException { + static { + __name(this, "SlowDownException"); } + name = "SlowDownException"; + $fault = "client"; /** - * @override + *Single error code. For this exception the value will be slow_down.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; + /** + * @internal + */ + constructor(opts) { + super({ + name: "SlowDownException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _SlowDownException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; } }; - -// src/submodules/protocols/json/AwsRestJsonProtocol.ts -var import_protocols2 = __nccwpck_require__(2241); -var import_schema4 = __nccwpck_require__(9826); -var import_util_body_length_browser2 = __nccwpck_require__(713); -var AwsRestJsonProtocol = class extends import_protocols2.HttpBindingProtocol { +var UnauthorizedClientException = class _UnauthorizedClientException extends SSOOIDCServiceException { static { - __name(this, "AwsRestJsonProtocol"); + __name(this, "UnauthorizedClientException"); } - serializer; - deserializer; - codec; - constructor({ defaultNamespace }) { + name = "UnauthorizedClientException"; + $fault = "client"; + /** + *Single error code. For this exception the value will be
+ * unauthorized_client.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; + /** + * @internal + */ + constructor(opts) { super({ - defaultNamespace + name: "UnauthorizedClientException", + $fault: "client", + ...opts }); - const settings = { - timestampFormat: { - useTrait: true, - default: import_schema4.SCHEMA.TIMESTAMP_EPOCH_SECONDS - }, - httpBindings: true, - jsonName: true - }; - this.codec = new JsonCodec(settings); - this.serializer = new import_protocols2.HttpInterceptingShapeSerializer(this.codec.createSerializer(), settings); - this.deserializer = new import_protocols2.HttpInterceptingShapeDeserializer(this.codec.createDeserializer(), settings); + Object.setPrototypeOf(this, _UnauthorizedClientException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; } - getShapeId() { - return "aws.protocols#restJson1"; +}; +var UnsupportedGrantTypeException = class _UnsupportedGrantTypeException extends SSOOIDCServiceException { + static { + __name(this, "UnsupportedGrantTypeException"); } - getPayloadCodec() { - return this.codec; + name = "UnsupportedGrantTypeException"; + $fault = "client"; + /** + *Single error code. For this exception the value will be
+ * unsupported_grant_type.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; + /** + * @internal + */ + constructor(opts) { + super({ + name: "UnsupportedGrantTypeException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _UnsupportedGrantTypeException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; } - setSerdeContext(serdeContext) { - this.codec.setSerdeContext(serdeContext); - super.setSerdeContext(serdeContext); +}; + +// src/submodules/sso-oidc/protocols/Aws_restJson1.ts +var import_core2 = __nccwpck_require__(2143); +var import_core3 = __nccwpck_require__(5829); +var import_smithy_client5 = __nccwpck_require__(3570); +var se_CreateTokenCommand = /* @__PURE__ */ __name(async (input, context) => { + const b = (0, import_core3.requestBuilder)(input, context); + const headers = { + "content-type": "application/json" + }; + b.bp("/token"); + let body; + body = JSON.stringify( + (0, import_smithy_client5.take)(input, { + clientId: [], + clientSecret: [], + code: [], + codeVerifier: [], + deviceCode: [], + grantType: [], + redirectUri: [], + refreshToken: [], + scope: /* @__PURE__ */ __name((_) => (0, import_smithy_client5._json)(_), "scope") + }) + ); + b.m("POST").h(headers).b(body); + return b.build(); +}, "se_CreateTokenCommand"); +var de_CreateTokenCommand = /* @__PURE__ */ __name(async (output, context) => { + if (output.statusCode !== 200 && output.statusCode >= 300) { + return de_CommandError(output, context); } - async serializeRequest(operationSchema, input, context) { - const request = await super.serializeRequest(operationSchema, input, context); - const inputSchema = import_schema4.NormalizedSchema.of(operationSchema.input); - const members = inputSchema.getMemberSchemas(); - if (!request.headers["content-type"]) { - const httpPayloadMember = Object.values(members).find((m) => { - return !!m.getMergedTraits().httpPayload; + const contents = (0, import_smithy_client5.map)({ + $metadata: deserializeMetadata(output) + }); + const data = (0, import_smithy_client5.expectNonNull)((0, import_smithy_client5.expectObject)(await (0, import_core2.parseJsonBody)(output.body, context)), "body"); + const doc = (0, import_smithy_client5.take)(data, { + accessToken: import_smithy_client5.expectString, + expiresIn: import_smithy_client5.expectInt32, + idToken: import_smithy_client5.expectString, + refreshToken: import_smithy_client5.expectString, + tokenType: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + return contents; +}, "de_CreateTokenCommand"); +var de_CommandError = /* @__PURE__ */ __name(async (output, context) => { + const parsedOutput = { + ...output, + body: await (0, import_core2.parseJsonErrorBody)(output.body, context) + }; + const errorCode = (0, import_core2.loadRestJsonErrorCode)(output, parsedOutput.body); + switch (errorCode) { + case "AccessDeniedException": + case "com.amazonaws.ssooidc#AccessDeniedException": + throw await de_AccessDeniedExceptionRes(parsedOutput, context); + case "AuthorizationPendingException": + case "com.amazonaws.ssooidc#AuthorizationPendingException": + throw await de_AuthorizationPendingExceptionRes(parsedOutput, context); + case "ExpiredTokenException": + case "com.amazonaws.ssooidc#ExpiredTokenException": + throw await de_ExpiredTokenExceptionRes(parsedOutput, context); + case "InternalServerException": + case "com.amazonaws.ssooidc#InternalServerException": + throw await de_InternalServerExceptionRes(parsedOutput, context); + case "InvalidClientException": + case "com.amazonaws.ssooidc#InvalidClientException": + throw await de_InvalidClientExceptionRes(parsedOutput, context); + case "InvalidGrantException": + case "com.amazonaws.ssooidc#InvalidGrantException": + throw await de_InvalidGrantExceptionRes(parsedOutput, context); + case "InvalidRequestException": + case "com.amazonaws.ssooidc#InvalidRequestException": + throw await de_InvalidRequestExceptionRes(parsedOutput, context); + case "InvalidScopeException": + case "com.amazonaws.ssooidc#InvalidScopeException": + throw await de_InvalidScopeExceptionRes(parsedOutput, context); + case "SlowDownException": + case "com.amazonaws.ssooidc#SlowDownException": + throw await de_SlowDownExceptionRes(parsedOutput, context); + case "UnauthorizedClientException": + case "com.amazonaws.ssooidc#UnauthorizedClientException": + throw await de_UnauthorizedClientExceptionRes(parsedOutput, context); + case "UnsupportedGrantTypeException": + case "com.amazonaws.ssooidc#UnsupportedGrantTypeException": + throw await de_UnsupportedGrantTypeExceptionRes(parsedOutput, context); + default: + const parsedBody = parsedOutput.body; + return throwDefaultError({ + output, + parsedBody, + errorCode }); - if (httpPayloadMember) { - const mediaType = httpPayloadMember.getMergedTraits().mediaType; - if (mediaType) { - request.headers["content-type"] = mediaType; - } else if (httpPayloadMember.isStringSchema()) { - request.headers["content-type"] = "text/plain"; - } else if (httpPayloadMember.isBlobSchema()) { - request.headers["content-type"] = "application/octet-stream"; - } else { - request.headers["content-type"] = this.getDefaultContentType(); - } - } else if (!inputSchema.isUnitSchema()) { - const hasBody = Object.values(members).find((m) => { - const { httpQuery, httpQueryParams, httpHeader, httpLabel, httpPrefixHeaders } = m.getMergedTraits(); - return !httpQuery && !httpQueryParams && !httpHeader && !httpLabel && httpPrefixHeaders === void 0; - }); - if (hasBody) { - request.headers["content-type"] = this.getDefaultContentType(); - } - } - } - if (request.headers["content-type"] && !request.body) { - request.body = "{}"; - } - if (request.body) { - try { - request.headers["content-length"] = String((0, import_util_body_length_browser2.calculateBodyLength)(request.body)); - } catch (e) { - } - } - return request; - } - async handleError(operationSchema, context, response, dataObject, metadata) { - const errorIdentifier = loadRestJsonErrorCode(response, dataObject) ?? "Unknown"; - let namespace = this.options.defaultNamespace; - let errorName = errorIdentifier; - if (errorIdentifier.includes("#")) { - [namespace, errorName] = errorIdentifier.split("#"); - } - const registry = import_schema4.TypeRegistry.for(namespace); - let errorSchema; - try { - errorSchema = registry.getSchema(errorIdentifier); - } catch (e) { - const baseExceptionSchema = import_schema4.TypeRegistry.for("smithy.ts.sdk.synthetic." + namespace).getBaseException(); - if (baseExceptionSchema) { - const ErrorCtor = baseExceptionSchema.ctor; - throw Object.assign(new ErrorCtor(errorName), dataObject); - } - throw new Error(errorName); - } - const ns = import_schema4.NormalizedSchema.of(errorSchema); - const message = dataObject.message ?? dataObject.Message ?? "Unknown"; - const exception = new errorSchema.ctor(message); - await this.deserializeHttpMessage(errorSchema, context, response, dataObject); - const output = {}; - for (const [name, member] of ns.structIterator()) { - const target = member.getMergedTraits().jsonName ?? name; - output[name] = this.codec.createDeserializer().readObject(member, dataObject[target]); - } - Object.assign(exception, { - $metadata: metadata, - $response: response, - $fault: ns.getMergedTraits().error, - message, - ...output - }); - throw exception; } - /** - * @override - */ - getDefaultContentType() { - return "application/json"; +}, "de_CommandError"); +var throwDefaultError = (0, import_smithy_client5.withBaseException)(SSOOIDCServiceException); +var de_AccessDeniedExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + const exception = new AccessDeniedException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_AccessDeniedExceptionRes"); +var de_AuthorizationPendingExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + const exception = new AuthorizationPendingException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_AuthorizationPendingExceptionRes"); +var de_ExpiredTokenExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + const exception = new ExpiredTokenException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_ExpiredTokenExceptionRes"); +var de_InternalServerExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + const exception = new InternalServerException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_InternalServerExceptionRes"); +var de_InvalidClientExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + const exception = new InvalidClientException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_InvalidClientExceptionRes"); +var de_InvalidGrantExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + const exception = new InvalidGrantException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_InvalidGrantExceptionRes"); +var de_InvalidRequestExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + const exception = new InvalidRequestException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_InvalidRequestExceptionRes"); +var de_InvalidScopeExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + const exception = new InvalidScopeException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_InvalidScopeExceptionRes"); +var de_SlowDownExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + const exception = new SlowDownException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_SlowDownExceptionRes"); +var de_UnauthorizedClientExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + const exception = new UnauthorizedClientException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_UnauthorizedClientExceptionRes"); +var de_UnsupportedGrantTypeExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + const exception = new UnsupportedGrantTypeException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_UnsupportedGrantTypeExceptionRes"); +var deserializeMetadata = /* @__PURE__ */ __name((output) => ({ + httpStatusCode: output.statusCode, + requestId: output.headers["x-amzn-requestid"] ?? output.headers["x-amzn-request-id"] ?? output.headers["x-amz-request-id"], + extendedRequestId: output.headers["x-amz-id-2"], + cfId: output.headers["x-amz-cf-id"] +}), "deserializeMetadata"); + +// src/submodules/sso-oidc/commands/CreateTokenCommand.ts +var CreateTokenCommand = class extends import_smithy_client6.Command.classBuilder().ep(commonParams).m(function(Command, cs, config, o) { + return [ + (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), + (0, import_middleware_endpoint2.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) + ]; +}).s("AWSSSOOIDCService", "CreateToken", {}).n("SSOOIDCClient", "CreateTokenCommand").f(CreateTokenRequestFilterSensitiveLog, CreateTokenResponseFilterSensitiveLog).ser(se_CreateTokenCommand).de(de_CreateTokenCommand).build() { + static { + __name(this, "CreateTokenCommand"); } }; -// src/submodules/protocols/json/awsExpectUnion.ts -var import_smithy_client2 = __nccwpck_require__(3570); -var awsExpectUnion = /* @__PURE__ */ __name((value) => { - if (value == null) { - return void 0; - } - if (typeof value === "object" && "__type" in value) { - delete value.__type; +// src/submodules/sso-oidc/SSOOIDC.ts +var commands = { + CreateTokenCommand +}; +var SSOOIDC = class extends SSOOIDCClient { + static { + __name(this, "SSOOIDC"); } - return (0, import_smithy_client2.expectUnion)(value); -}, "awsExpectUnion"); +}; +(0, import_smithy_client7.createAggregatedClient)(commands, SSOOIDC); +// Annotate the CommonJS export names for ESM import in node: +0 && (0); -// src/submodules/protocols/query/AwsQueryProtocol.ts -var import_protocols5 = __nccwpck_require__(2241); -var import_schema7 = __nccwpck_require__(9826); -var import_util_body_length_browser3 = __nccwpck_require__(713); -// src/submodules/protocols/xml/XmlShapeDeserializer.ts -var import_protocols3 = __nccwpck_require__(2241); -var import_schema5 = __nccwpck_require__(9826); -var import_smithy_client3 = __nccwpck_require__(3570); -var import_util_utf8 = __nccwpck_require__(1895); -var import_fast_xml_parser = __nccwpck_require__(4678); -var XmlShapeDeserializer = class extends SerdeContextConfig { - constructor(settings) { - super(); - this.settings = settings; - this.stringDeserializer = new import_protocols3.FromStringShapeDeserializer(settings); - } - static { - __name(this, "XmlShapeDeserializer"); - } - stringDeserializer; - setSerdeContext(serdeContext) { - this.serdeContext = serdeContext; - this.stringDeserializer.setSerdeContext(serdeContext); - } - /** - * @param schema - describing the data. - * @param bytes - serialized data. - * @param key - used by AwsQuery to step one additional depth into the object before reading it. - */ - read(schema, bytes, key) { - const ns = import_schema5.NormalizedSchema.of(schema); - const memberSchemas = ns.getMemberSchemas(); - const isEventPayload = ns.isStructSchema() && ns.isMemberSchema() && !!Object.values(memberSchemas).find((memberNs) => { - return !!memberNs.getMemberTraits().eventPayload; - }); - if (isEventPayload) { - const output = {}; - const memberName = Object.keys(memberSchemas)[0]; - const eventMemberSchema = memberSchemas[memberName]; - if (eventMemberSchema.isBlobSchema()) { - output[memberName] = bytes; - } else { - output[memberName] = this.read(memberSchemas[memberName], bytes); - } - return output; - } - const xmlString = (this.serdeContext?.utf8Encoder ?? import_util_utf8.toUtf8)(bytes); - const parsedObject = this.parseXml(xmlString); - return this.readSchema(schema, key ? parsedObject[key] : parsedObject); - } - readSchema(_schema, value) { - const ns = import_schema5.NormalizedSchema.of(_schema); - const traits = ns.getMergedTraits(); - if (ns.isListSchema() && !Array.isArray(value)) { - return this.readSchema(ns, [value]); - } - if (value == null) { - return value; - } - if (typeof value === "object") { - const sparse = !!traits.sparse; - const flat = !!traits.xmlFlattened; - if (ns.isListSchema()) { - const listValue = ns.getValueSchema(); - const buffer2 = []; - const sourceKey = listValue.getMergedTraits().xmlName ?? "member"; - const source = flat ? value : (value[0] ?? value)[sourceKey]; - const sourceArray = Array.isArray(source) ? source : [source]; - for (const v of sourceArray) { - if (v != null || sparse) { - buffer2.push(this.readSchema(listValue, v)); - } - } - return buffer2; - } - const buffer = {}; - if (ns.isMapSchema()) { - const keyNs = ns.getKeySchema(); - const memberNs = ns.getValueSchema(); - let entries; - if (flat) { - entries = Array.isArray(value) ? value : [value]; - } else { - entries = Array.isArray(value.entry) ? value.entry : [value.entry]; - } - const keyProperty = keyNs.getMergedTraits().xmlName ?? "key"; - const valueProperty = memberNs.getMergedTraits().xmlName ?? "value"; - for (const entry of entries) { - const key = entry[keyProperty]; - const value2 = entry[valueProperty]; - if (value2 != null || sparse) { - buffer[key] = this.readSchema(memberNs, value2); - } - } - return buffer; - } - if (ns.isStructSchema()) { - for (const [memberName, memberSchema] of ns.structIterator()) { - const memberTraits = memberSchema.getMergedTraits(); - const xmlObjectKey = !memberTraits.httpPayload ? memberSchema.getMemberTraits().xmlName ?? memberName : memberTraits.xmlName ?? memberSchema.getName(); - if (value[xmlObjectKey] != null) { - buffer[memberName] = this.readSchema(memberSchema, value[xmlObjectKey]); - } - } - return buffer; - } - if (ns.isDocumentSchema()) { - return value; - } - throw new Error(`@aws-sdk/core/protocols - xml deserializer unhandled schema type for ${ns.getName(true)}`); - } - if (ns.isListSchema()) { - return []; - } - if (ns.isMapSchema() || ns.isStructSchema()) { - return {}; - } - return this.stringDeserializer.read(ns, value); - } - parseXml(xml) { - if (xml.length) { - const parser = new import_fast_xml_parser.XMLParser({ - attributeNamePrefix: "", - htmlEntities: true, - ignoreAttributes: false, - ignoreDeclaration: true, - parseTagValue: false, - trimValues: false, - tagValueProcessor: /* @__PURE__ */ __name((_, val) => val.trim() === "" && val.includes("\n") ? "" : void 0, "tagValueProcessor") - }); - parser.addEntity("#xD", "\r"); - parser.addEntity("#10", "\n"); - let parsedObj; - try { - parsedObj = parser.parse(xml, true); - } catch (e) { - if (e && typeof e === "object") { - Object.defineProperty(e, "$responseBodyText", { - value: xml - }); - } - throw e; - } - const textNodeName = "#text"; - const key = Object.keys(parsedObj)[0]; - const parsedObjToReturn = parsedObj[key]; - if (parsedObjToReturn[textNodeName]) { - parsedObjToReturn[key] = parsedObjToReturn[textNodeName]; - delete parsedObjToReturn[textNodeName]; - } - return (0, import_smithy_client3.getValueFromTextNode)(parsedObjToReturn); - } - return {}; - } +/***/ }), + +/***/ 5875: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.getRuntimeConfig = void 0; +const tslib_1 = __nccwpck_require__(4351); +const package_json_1 = tslib_1.__importDefault(__nccwpck_require__(4178)); +const core_1 = __nccwpck_require__(2143); +const util_user_agent_node_1 = __nccwpck_require__(7330); +const config_resolver_1 = __nccwpck_require__(3098); +const hash_node_1 = __nccwpck_require__(3081); +const middleware_retry_1 = __nccwpck_require__(6039); +const node_config_provider_1 = __nccwpck_require__(3461); +const node_http_handler_1 = __nccwpck_require__(258); +const util_body_length_node_1 = __nccwpck_require__(8075); +const util_retry_1 = __nccwpck_require__(4902); +const runtimeConfig_shared_1 = __nccwpck_require__(3695); +const smithy_client_1 = __nccwpck_require__(3570); +const util_defaults_mode_node_1 = __nccwpck_require__(2429); +const smithy_client_2 = __nccwpck_require__(3570); +const getRuntimeConfig = (config) => { + (0, smithy_client_2.emitWarningIfUnsupportedVersion)(process.version); + const defaultsMode = (0, util_defaults_mode_node_1.resolveDefaultsModeConfig)(config); + const defaultConfigProvider = () => defaultsMode().then(smithy_client_1.loadConfigsForDefaultMode); + const clientSharedValues = (0, runtimeConfig_shared_1.getRuntimeConfig)(config); + (0, core_1.emitWarningIfUnsupportedVersion)(process.version); + const loaderConfig = { + profile: config?.profile, + logger: clientSharedValues.logger, + }; + return { + ...clientSharedValues, + ...config, + runtime: "node", + defaultsMode, + authSchemePreference: config?.authSchemePreference ?? (0, node_config_provider_1.loadConfig)(core_1.NODE_AUTH_SCHEME_PREFERENCE_OPTIONS, loaderConfig), + bodyLengthChecker: config?.bodyLengthChecker ?? util_body_length_node_1.calculateBodyLength, + defaultUserAgentProvider: config?.defaultUserAgentProvider ?? + (0, util_user_agent_node_1.createDefaultUserAgentProvider)({ serviceId: clientSharedValues.serviceId, clientVersion: package_json_1.default.version }), + maxAttempts: config?.maxAttempts ?? (0, node_config_provider_1.loadConfig)(middleware_retry_1.NODE_MAX_ATTEMPT_CONFIG_OPTIONS, config), + region: config?.region ?? + (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_REGION_CONFIG_OPTIONS, { ...config_resolver_1.NODE_REGION_CONFIG_FILE_OPTIONS, ...loaderConfig }), + requestHandler: node_http_handler_1.NodeHttpHandler.create(config?.requestHandler ?? defaultConfigProvider), + retryMode: config?.retryMode ?? + (0, node_config_provider_1.loadConfig)({ + ...middleware_retry_1.NODE_RETRY_MODE_CONFIG_OPTIONS, + default: async () => (await defaultConfigProvider()).retryMode || util_retry_1.DEFAULT_RETRY_MODE, + }, config), + sha256: config?.sha256 ?? hash_node_1.Hash.bind(null, "sha256"), + streamCollector: config?.streamCollector ?? node_http_handler_1.streamCollector, + useDualstackEndpoint: config?.useDualstackEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS, loaderConfig), + useFipsEndpoint: config?.useFipsEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS, loaderConfig), + userAgentAppId: config?.userAgentAppId ?? (0, node_config_provider_1.loadConfig)(util_user_agent_node_1.NODE_APP_ID_CONFIG_OPTIONS, loaderConfig), + }; }; +exports.getRuntimeConfig = getRuntimeConfig; -// src/submodules/protocols/query/QueryShapeSerializer.ts -var import_protocols4 = __nccwpck_require__(2241); -var import_schema6 = __nccwpck_require__(9826); -var import_serde5 = __nccwpck_require__(7669); -var import_smithy_client4 = __nccwpck_require__(3570); -var import_util_base642 = __nccwpck_require__(5600); -var QueryShapeSerializer = class extends SerdeContextConfig { - constructor(settings) { - super(); - this.settings = settings; - } - static { - __name(this, "QueryShapeSerializer"); - } - buffer; - write(schema, value, prefix = "") { - if (this.buffer === void 0) { - this.buffer = ""; + +/***/ }), + +/***/ 3695: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.getRuntimeConfig = void 0; +const core_1 = __nccwpck_require__(2143); +const core_2 = __nccwpck_require__(5829); +const smithy_client_1 = __nccwpck_require__(3570); +const url_parser_1 = __nccwpck_require__(4681); +const util_base64_1 = __nccwpck_require__(5600); +const util_utf8_1 = __nccwpck_require__(1895); +const httpAuthSchemeProvider_1 = __nccwpck_require__(9002); +const endpointResolver_1 = __nccwpck_require__(8012); +const getRuntimeConfig = (config) => { + return { + apiVersion: "2019-06-10", + base64Decoder: config?.base64Decoder ?? util_base64_1.fromBase64, + base64Encoder: config?.base64Encoder ?? util_base64_1.toBase64, + disableHostPrefix: config?.disableHostPrefix ?? false, + endpointProvider: config?.endpointProvider ?? endpointResolver_1.defaultEndpointResolver, + extensions: config?.extensions ?? [], + httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? httpAuthSchemeProvider_1.defaultSSOOIDCHttpAuthSchemeProvider, + httpAuthSchemes: config?.httpAuthSchemes ?? [ + { + schemeId: "aws.auth#sigv4", + identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4"), + signer: new core_1.AwsSdkSigV4Signer(), + }, + { + schemeId: "smithy.api#noAuth", + identityProvider: (ipc) => ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})), + signer: new core_2.NoAuthSigner(), + }, + ], + logger: config?.logger ?? new smithy_client_1.NoOpLogger(), + serviceId: config?.serviceId ?? "SSO OIDC", + urlParser: config?.urlParser ?? url_parser_1.parseUrl, + utf8Decoder: config?.utf8Decoder ?? util_utf8_1.fromUtf8, + utf8Encoder: config?.utf8Encoder ?? util_utf8_1.toUtf8, + }; +}; +exports.getRuntimeConfig = getRuntimeConfig; + + +/***/ }), + +/***/ 6878: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.STSClient = exports.__Client = void 0; +const middleware_host_header_1 = __nccwpck_require__(9514); +const middleware_logger_1 = __nccwpck_require__(5675); +const middleware_recursion_detection_1 = __nccwpck_require__(7977); +const middleware_user_agent_1 = __nccwpck_require__(6634); +const config_resolver_1 = __nccwpck_require__(3098); +const core_1 = __nccwpck_require__(5829); +const middleware_content_length_1 = __nccwpck_require__(2800); +const middleware_endpoint_1 = __nccwpck_require__(2918); +const middleware_retry_1 = __nccwpck_require__(6039); +const smithy_client_1 = __nccwpck_require__(3570); +Object.defineProperty(exports, "__Client", ({ enumerable: true, get: function () { return smithy_client_1.Client; } })); +const httpAuthSchemeProvider_1 = __nccwpck_require__(3061); +const EndpointParameters_1 = __nccwpck_require__(981); +const runtimeConfig_1 = __nccwpck_require__(302); +const runtimeExtensions_1 = __nccwpck_require__(9913); +class STSClient extends smithy_client_1.Client { + config; + constructor(...[configuration]) { + const _config_0 = (0, runtimeConfig_1.getRuntimeConfig)(configuration || {}); + super(_config_0); + this.initConfig = _config_0; + const _config_1 = (0, EndpointParameters_1.resolveClientEndpointParameters)(_config_0); + const _config_2 = (0, middleware_user_agent_1.resolveUserAgentConfig)(_config_1); + const _config_3 = (0, middleware_retry_1.resolveRetryConfig)(_config_2); + const _config_4 = (0, config_resolver_1.resolveRegionConfig)(_config_3); + const _config_5 = (0, middleware_host_header_1.resolveHostHeaderConfig)(_config_4); + const _config_6 = (0, middleware_endpoint_1.resolveEndpointConfig)(_config_5); + const _config_7 = (0, httpAuthSchemeProvider_1.resolveHttpAuthSchemeConfig)(_config_6); + const _config_8 = (0, runtimeExtensions_1.resolveRuntimeExtensions)(_config_7, configuration?.extensions || []); + this.config = _config_8; + this.middlewareStack.use((0, middleware_user_agent_1.getUserAgentPlugin)(this.config)); + this.middlewareStack.use((0, middleware_retry_1.getRetryPlugin)(this.config)); + this.middlewareStack.use((0, middleware_content_length_1.getContentLengthPlugin)(this.config)); + this.middlewareStack.use((0, middleware_host_header_1.getHostHeaderPlugin)(this.config)); + this.middlewareStack.use((0, middleware_logger_1.getLoggerPlugin)(this.config)); + this.middlewareStack.use((0, middleware_recursion_detection_1.getRecursionDetectionPlugin)(this.config)); + this.middlewareStack.use((0, core_1.getHttpAuthSchemeEndpointRuleSetPlugin)(this.config, { + httpAuthSchemeParametersProvider: httpAuthSchemeProvider_1.defaultSTSHttpAuthSchemeParametersProvider, + identityProviderConfigProvider: async (config) => new core_1.DefaultIdentityProviderConfig({ + "aws.auth#sigv4": config.credentials, + }), + })); + this.middlewareStack.use((0, core_1.getHttpSigningPlugin)(this.config)); } - const ns = import_schema6.NormalizedSchema.of(schema); - if (prefix && !prefix.endsWith(".")) { - prefix += "."; + destroy() { + super.destroy(); } - if (ns.isBlobSchema()) { - if (typeof value === "string" || value instanceof Uint8Array) { - this.writeKey(prefix); - this.writeValue((this.serdeContext?.base64Encoder ?? import_util_base642.toBase64)(value)); - } - } else if (ns.isBooleanSchema() || ns.isNumericSchema() || ns.isStringSchema()) { - if (value != null) { - this.writeKey(prefix); - this.writeValue(String(value)); - } else if (ns.isIdempotencyToken()) { - this.writeKey(prefix); - this.writeValue((0, import_serde5.generateIdempotencyToken)()); - } - } else if (ns.isBigIntegerSchema()) { - if (value != null) { - this.writeKey(prefix); - this.writeValue(String(value)); - } - } else if (ns.isBigDecimalSchema()) { - if (value != null) { - this.writeKey(prefix); - this.writeValue(value instanceof import_serde5.NumericValue ? value.string : String(value)); - } - } else if (ns.isTimestampSchema()) { - if (value instanceof Date) { - this.writeKey(prefix); - const format = (0, import_protocols4.determineTimestampFormat)(ns, this.settings); - switch (format) { - case import_schema6.SCHEMA.TIMESTAMP_DATE_TIME: - this.writeValue(value.toISOString().replace(".000Z", "Z")); - break; - case import_schema6.SCHEMA.TIMESTAMP_HTTP_DATE: - this.writeValue((0, import_smithy_client4.dateToUtcString)(value)); - break; - case import_schema6.SCHEMA.TIMESTAMP_EPOCH_SECONDS: - this.writeValue(String(value.getTime() / 1e3)); +} +exports.STSClient = STSClient; + + +/***/ }), + +/***/ 1746: +/***/ ((__unused_webpack_module, exports) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.resolveHttpAuthRuntimeConfig = exports.getHttpAuthExtensionConfiguration = void 0; +const getHttpAuthExtensionConfiguration = (runtimeConfig) => { + const _httpAuthSchemes = runtimeConfig.httpAuthSchemes; + let _httpAuthSchemeProvider = runtimeConfig.httpAuthSchemeProvider; + let _credentials = runtimeConfig.credentials; + return { + setHttpAuthScheme(httpAuthScheme) { + const index = _httpAuthSchemes.findIndex((scheme) => scheme.schemeId === httpAuthScheme.schemeId); + if (index === -1) { + _httpAuthSchemes.push(httpAuthScheme); + } + else { + _httpAuthSchemes.splice(index, 1, httpAuthScheme); + } + }, + httpAuthSchemes() { + return _httpAuthSchemes; + }, + setHttpAuthSchemeProvider(httpAuthSchemeProvider) { + _httpAuthSchemeProvider = httpAuthSchemeProvider; + }, + httpAuthSchemeProvider() { + return _httpAuthSchemeProvider; + }, + setCredentials(credentials) { + _credentials = credentials; + }, + credentials() { + return _credentials; + }, + }; +}; +exports.getHttpAuthExtensionConfiguration = getHttpAuthExtensionConfiguration; +const resolveHttpAuthRuntimeConfig = (config) => { + return { + httpAuthSchemes: config.httpAuthSchemes(), + httpAuthSchemeProvider: config.httpAuthSchemeProvider(), + credentials: config.credentials(), + }; +}; +exports.resolveHttpAuthRuntimeConfig = resolveHttpAuthRuntimeConfig; + + +/***/ }), + +/***/ 3061: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.resolveHttpAuthSchemeConfig = exports.resolveStsAuthConfig = exports.defaultSTSHttpAuthSchemeProvider = exports.defaultSTSHttpAuthSchemeParametersProvider = void 0; +const core_1 = __nccwpck_require__(2143); +const util_middleware_1 = __nccwpck_require__(2390); +const STSClient_1 = __nccwpck_require__(6878); +const defaultSTSHttpAuthSchemeParametersProvider = async (config, context, input) => { + return { + operation: (0, util_middleware_1.getSmithyContext)(context).operation, + region: (await (0, util_middleware_1.normalizeProvider)(config.region)()) || + (() => { + throw new Error("expected `region` to be configured for `aws.auth#sigv4`"); + })(), + }; +}; +exports.defaultSTSHttpAuthSchemeParametersProvider = defaultSTSHttpAuthSchemeParametersProvider; +function createAwsAuthSigv4HttpAuthOption(authParameters) { + return { + schemeId: "aws.auth#sigv4", + signingProperties: { + name: "sts", + region: authParameters.region, + }, + propertiesExtractor: (config, context) => ({ + signingProperties: { + config, + context, + }, + }), + }; +} +function createSmithyApiNoAuthHttpAuthOption(authParameters) { + return { + schemeId: "smithy.api#noAuth", + }; +} +const defaultSTSHttpAuthSchemeProvider = (authParameters) => { + const options = []; + switch (authParameters.operation) { + case "AssumeRoleWithWebIdentity": { + options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); break; } - } - } else if (ns.isDocumentSchema()) { - throw new Error(`@aws-sdk/core/protocols - QuerySerializer unsupported document type ${ns.getName(true)}`); - } else if (ns.isListSchema()) { - if (Array.isArray(value)) { - if (value.length === 0) { - if (this.settings.serializeEmptyLists) { - this.writeKey(prefix); - this.writeValue(""); - } - } else { - const member = ns.getValueSchema(); - const flat = this.settings.flattenLists || ns.getMergedTraits().xmlFlattened; - let i = 1; - for (const item of value) { - if (item == null) { - continue; - } - const suffix = this.getKey("member", member.getMergedTraits().xmlName); - const key = flat ? `${prefix}${i}` : `${prefix}${suffix}.${i}`; - this.write(member, item, key); - ++i; - } - } - } - } else if (ns.isMapSchema()) { - if (value && typeof value === "object") { - const keySchema = ns.getKeySchema(); - const memberSchema = ns.getValueSchema(); - const flat = ns.getMergedTraits().xmlFlattened; - let i = 1; - for (const [k, v] of Object.entries(value)) { - if (v == null) { - continue; - } - const keySuffix = this.getKey("key", keySchema.getMergedTraits().xmlName); - const key = flat ? `${prefix}${i}.${keySuffix}` : `${prefix}entry.${i}.${keySuffix}`; - const valueSuffix = this.getKey("value", memberSchema.getMergedTraits().xmlName); - const valueKey = flat ? `${prefix}${i}.${valueSuffix}` : `${prefix}entry.${i}.${valueSuffix}`; - this.write(keySchema, k, key); - this.write(memberSchema, v, valueKey); - ++i; - } - } - } else if (ns.isStructSchema()) { - if (value && typeof value === "object") { - for (const [memberName, member] of ns.structIterator()) { - if (value[memberName] == null && !member.isIdempotencyToken()) { - continue; - } - const suffix = this.getKey(memberName, member.getMergedTraits().xmlName); - const key = `${prefix}${suffix}`; - this.write(member, value[memberName], key); + default: { + options.push(createAwsAuthSigv4HttpAuthOption(authParameters)); } - } - } else if (ns.isUnitSchema()) { - } else { - throw new Error(`@aws-sdk/core/protocols - QuerySerializer unrecognized schema type ${ns.getName(true)}`); - } - } - flush() { - if (this.buffer === void 0) { - throw new Error("@aws-sdk/core/protocols - QuerySerializer cannot flush with nothing written to buffer."); - } - const str = this.buffer; - delete this.buffer; - return str; - } - getKey(memberName, xmlName) { - const key = xmlName ?? memberName; - if (this.settings.capitalizeKeys) { - return key[0].toUpperCase() + key.slice(1); } - return key; + return options; +}; +exports.defaultSTSHttpAuthSchemeProvider = defaultSTSHttpAuthSchemeProvider; +const resolveStsAuthConfig = (input) => Object.assign(input, { + stsClientCtor: STSClient_1.STSClient, +}); +exports.resolveStsAuthConfig = resolveStsAuthConfig; +const resolveHttpAuthSchemeConfig = (config) => { + const config_0 = (0, exports.resolveStsAuthConfig)(config); + const config_1 = (0, core_1.resolveAwsSdkSigV4Config)(config_0); + return Object.assign(config_1, { + authSchemePreference: (0, util_middleware_1.normalizeProvider)(config.authSchemePreference ?? []), + }); +}; +exports.resolveHttpAuthSchemeConfig = resolveHttpAuthSchemeConfig; + + +/***/ }), + +/***/ 981: +/***/ ((__unused_webpack_module, exports) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.commonParams = exports.resolveClientEndpointParameters = void 0; +const resolveClientEndpointParameters = (options) => { + return Object.assign(options, { + useDualstackEndpoint: options.useDualstackEndpoint ?? false, + useFipsEndpoint: options.useFipsEndpoint ?? false, + useGlobalEndpoint: options.useGlobalEndpoint ?? false, + defaultSigningName: "sts", + }); +}; +exports.resolveClientEndpointParameters = resolveClientEndpointParameters; +exports.commonParams = { + UseGlobalEndpoint: { type: "builtInParams", name: "useGlobalEndpoint" }, + UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, + Endpoint: { type: "builtInParams", name: "endpoint" }, + Region: { type: "builtInParams", name: "region" }, + UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" }, +}; + + +/***/ }), + +/***/ 8181: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.defaultEndpointResolver = void 0; +const util_endpoints_1 = __nccwpck_require__(4241); +const util_endpoints_2 = __nccwpck_require__(5473); +const ruleset_1 = __nccwpck_require__(5713); +const cache = new util_endpoints_2.EndpointCache({ + size: 50, + params: ["Endpoint", "Region", "UseDualStack", "UseFIPS", "UseGlobalEndpoint"], +}); +const defaultEndpointResolver = (endpointParams, context = {}) => { + return cache.get(endpointParams, () => (0, util_endpoints_2.resolveEndpoint)(ruleset_1.ruleSet, { + endpointParams: endpointParams, + logger: context.logger, + })); +}; +exports.defaultEndpointResolver = defaultEndpointResolver; +util_endpoints_2.customEndpointFunctions.aws = util_endpoints_1.awsEndpointFunctions; + + +/***/ }), + +/***/ 5713: +/***/ ((__unused_webpack_module, exports) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.ruleSet = void 0; +const F = "required", G = "type", H = "fn", I = "argv", J = "ref"; +const a = false, b = true, c = "booleanEquals", d = "stringEquals", e = "sigv4", f = "sts", g = "us-east-1", h = "endpoint", i = "https://sts.{Region}.{PartitionResult#dnsSuffix}", j = "tree", k = "error", l = "getAttr", m = { [F]: false, [G]: "String" }, n = { [F]: true, "default": false, [G]: "Boolean" }, o = { [J]: "Endpoint" }, p = { [H]: "isSet", [I]: [{ [J]: "Region" }] }, q = { [J]: "Region" }, r = { [H]: "aws.partition", [I]: [q], "assign": "PartitionResult" }, s = { [J]: "UseFIPS" }, t = { [J]: "UseDualStack" }, u = { "url": "https://sts.amazonaws.com", "properties": { "authSchemes": [{ "name": e, "signingName": f, "signingRegion": g }] }, "headers": {} }, v = {}, w = { "conditions": [{ [H]: d, [I]: [q, "aws-global"] }], [h]: u, [G]: h }, x = { [H]: c, [I]: [s, true] }, y = { [H]: c, [I]: [t, true] }, z = { [H]: l, [I]: [{ [J]: "PartitionResult" }, "supportsFIPS"] }, A = { [J]: "PartitionResult" }, B = { [H]: c, [I]: [true, { [H]: l, [I]: [A, "supportsDualStack"] }] }, C = [{ [H]: "isSet", [I]: [o] }], D = [x], E = [y]; +const _data = { version: "1.0", parameters: { Region: m, UseDualStack: n, UseFIPS: n, Endpoint: m, UseGlobalEndpoint: n }, rules: [{ conditions: [{ [H]: c, [I]: [{ [J]: "UseGlobalEndpoint" }, b] }, { [H]: "not", [I]: C }, p, r, { [H]: c, [I]: [s, a] }, { [H]: c, [I]: [t, a] }], rules: [{ conditions: [{ [H]: d, [I]: [q, "ap-northeast-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "ap-south-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "ap-southeast-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "ap-southeast-2"] }], endpoint: u, [G]: h }, w, { conditions: [{ [H]: d, [I]: [q, "ca-central-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-central-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-north-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-west-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-west-2"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-west-3"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "sa-east-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, g] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "us-east-2"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "us-west-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "us-west-2"] }], endpoint: u, [G]: h }, { endpoint: { url: i, properties: { authSchemes: [{ name: e, signingName: f, signingRegion: "{Region}" }] }, headers: v }, [G]: h }], [G]: j }, { conditions: C, rules: [{ conditions: D, error: "Invalid Configuration: FIPS and custom endpoint are not supported", [G]: k }, { conditions: E, error: "Invalid Configuration: Dualstack and custom endpoint are not supported", [G]: k }, { endpoint: { url: o, properties: v, headers: v }, [G]: h }], [G]: j }, { conditions: [p], rules: [{ conditions: [r], rules: [{ conditions: [x, y], rules: [{ conditions: [{ [H]: c, [I]: [b, z] }, B], rules: [{ endpoint: { url: "https://sts-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: v, headers: v }, [G]: h }], [G]: j }, { error: "FIPS and DualStack are enabled, but this partition does not support one or both", [G]: k }], [G]: j }, { conditions: D, rules: [{ conditions: [{ [H]: c, [I]: [z, b] }], rules: [{ conditions: [{ [H]: d, [I]: [{ [H]: l, [I]: [A, "name"] }, "aws-us-gov"] }], endpoint: { url: "https://sts.{Region}.amazonaws.com", properties: v, headers: v }, [G]: h }, { endpoint: { url: "https://sts-fips.{Region}.{PartitionResult#dnsSuffix}", properties: v, headers: v }, [G]: h }], [G]: j }, { error: "FIPS is enabled but this partition does not support FIPS", [G]: k }], [G]: j }, { conditions: E, rules: [{ conditions: [B], rules: [{ endpoint: { url: "https://sts.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: v, headers: v }, [G]: h }], [G]: j }, { error: "DualStack is enabled but this partition does not support DualStack", [G]: k }], [G]: j }, w, { endpoint: { url: i, properties: v, headers: v }, [G]: h }], [G]: j }], [G]: j }, { error: "Invalid Configuration: Missing Region", [G]: k }] }; +exports.ruleSet = _data; + + +/***/ }), + +/***/ 3764: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +"use strict"; + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } - writeKey(key) { - if (key.endsWith(".")) { - key = key.slice(0, key.length - 1); - } - this.buffer += `&${(0, import_protocols4.extendedEncodeURIComponent)(key)}=`; + return to; +}; +var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default")); +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/submodules/sts/index.ts +var index_exports = {}; +__export(index_exports, { + AssumeRoleCommand: () => AssumeRoleCommand, + AssumeRoleResponseFilterSensitiveLog: () => AssumeRoleResponseFilterSensitiveLog, + AssumeRoleWithWebIdentityCommand: () => AssumeRoleWithWebIdentityCommand, + AssumeRoleWithWebIdentityRequestFilterSensitiveLog: () => AssumeRoleWithWebIdentityRequestFilterSensitiveLog, + AssumeRoleWithWebIdentityResponseFilterSensitiveLog: () => AssumeRoleWithWebIdentityResponseFilterSensitiveLog, + ClientInputEndpointParameters: () => import_EndpointParameters3.ClientInputEndpointParameters, + CredentialsFilterSensitiveLog: () => CredentialsFilterSensitiveLog, + ExpiredTokenException: () => ExpiredTokenException, + IDPCommunicationErrorException: () => IDPCommunicationErrorException, + IDPRejectedClaimException: () => IDPRejectedClaimException, + InvalidIdentityTokenException: () => InvalidIdentityTokenException, + MalformedPolicyDocumentException: () => MalformedPolicyDocumentException, + PackedPolicyTooLargeException: () => PackedPolicyTooLargeException, + RegionDisabledException: () => RegionDisabledException, + STS: () => STS, + STSServiceException: () => STSServiceException, + decorateDefaultCredentialProvider: () => decorateDefaultCredentialProvider, + getDefaultRoleAssumer: () => getDefaultRoleAssumer2, + getDefaultRoleAssumerWithWebIdentity: () => getDefaultRoleAssumerWithWebIdentity2 +}); +module.exports = __toCommonJS(index_exports); +__reExport(index_exports, __nccwpck_require__(6878), module.exports); + +// src/submodules/sts/STS.ts +var import_smithy_client6 = __nccwpck_require__(3570); + +// src/submodules/sts/commands/AssumeRoleCommand.ts +var import_middleware_endpoint = __nccwpck_require__(2918); +var import_middleware_serde = __nccwpck_require__(1238); +var import_smithy_client4 = __nccwpck_require__(3570); +var import_EndpointParameters = __nccwpck_require__(981); + +// src/submodules/sts/models/models_0.ts +var import_smithy_client2 = __nccwpck_require__(3570); + +// src/submodules/sts/models/STSServiceException.ts +var import_smithy_client = __nccwpck_require__(3570); +var STSServiceException = class _STSServiceException extends import_smithy_client.ServiceException { + static { + __name(this, "STSServiceException"); } - writeValue(value) { - this.buffer += (0, import_protocols4.extendedEncodeURIComponent)(value); + /** + * @internal + */ + constructor(options) { + super(options); + Object.setPrototypeOf(this, _STSServiceException.prototype); } }; -// src/submodules/protocols/query/AwsQueryProtocol.ts -var AwsQueryProtocol = class extends import_protocols5.RpcProtocol { - constructor(options) { +// src/submodules/sts/models/models_0.ts +var CredentialsFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.SecretAccessKey && { SecretAccessKey: import_smithy_client2.SENSITIVE_STRING } +}), "CredentialsFilterSensitiveLog"); +var AssumeRoleResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) } +}), "AssumeRoleResponseFilterSensitiveLog"); +var ExpiredTokenException = class _ExpiredTokenException extends STSServiceException { + static { + __name(this, "ExpiredTokenException"); + } + name = "ExpiredTokenException"; + $fault = "client"; + /** + * @internal + */ + constructor(opts) { super({ - defaultNamespace: options.defaultNamespace + name: "ExpiredTokenException", + $fault: "client", + ...opts }); - this.options = options; - const settings = { - timestampFormat: { - useTrait: true, - default: import_schema7.SCHEMA.TIMESTAMP_DATE_TIME - }, - httpBindings: false, - xmlNamespace: options.xmlNamespace, - serviceNamespace: options.defaultNamespace, - serializeEmptyLists: true - }; - this.serializer = new QueryShapeSerializer(settings); - this.deserializer = new XmlShapeDeserializer(settings); + Object.setPrototypeOf(this, _ExpiredTokenException.prototype); } +}; +var MalformedPolicyDocumentException = class _MalformedPolicyDocumentException extends STSServiceException { static { - __name(this, "AwsQueryProtocol"); - } - serializer; - deserializer; - getShapeId() { - return "aws.protocols#awsQuery"; + __name(this, "MalformedPolicyDocumentException"); } - setSerdeContext(serdeContext) { - this.serializer.setSerdeContext(serdeContext); - this.deserializer.setSerdeContext(serdeContext); + name = "MalformedPolicyDocumentException"; + $fault = "client"; + /** + * @internal + */ + constructor(opts) { + super({ + name: "MalformedPolicyDocumentException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _MalformedPolicyDocumentException.prototype); } - getPayloadCodec() { - throw new Error("AWSQuery protocol has no payload codec."); +}; +var PackedPolicyTooLargeException = class _PackedPolicyTooLargeException extends STSServiceException { + static { + __name(this, "PackedPolicyTooLargeException"); } - async serializeRequest(operationSchema, input, context) { - const request = await super.serializeRequest(operationSchema, input, context); - if (!request.path.endsWith("/")) { - request.path += "/"; - } - Object.assign(request.headers, { - "content-type": `application/x-www-form-urlencoded` + name = "PackedPolicyTooLargeException"; + $fault = "client"; + /** + * @internal + */ + constructor(opts) { + super({ + name: "PackedPolicyTooLargeException", + $fault: "client", + ...opts }); - if ((0, import_schema7.deref)(operationSchema.input) === "unit" || !request.body) { - request.body = ""; - } - request.body = `Action=${operationSchema.name.split("#")[1]}&Version=${this.options.version}` + request.body; - if (request.body.endsWith("&")) { - request.body = request.body.slice(-1); - } - try { - request.headers["content-length"] = String((0, import_util_body_length_browser3.calculateBodyLength)(request.body)); - } catch (e) { - } - return request; + Object.setPrototypeOf(this, _PackedPolicyTooLargeException.prototype); } - async deserializeResponse(operationSchema, context, response) { - const deserializer = this.deserializer; - const ns = import_schema7.NormalizedSchema.of(operationSchema.output); - const dataObject = {}; - if (response.statusCode >= 300) { - const bytes2 = await (0, import_protocols5.collectBody)(response.body, context); - if (bytes2.byteLength > 0) { - Object.assign(dataObject, await deserializer.read(import_schema7.SCHEMA.DOCUMENT, bytes2)); - } - await this.handleError(operationSchema, context, response, dataObject, this.deserializeMetadata(response)); - } - for (const header in response.headers) { - const value = response.headers[header]; - delete response.headers[header]; - response.headers[header.toLowerCase()] = value; - } - const awsQueryResultKey = ns.isStructSchema() && this.useNestedResult() ? operationSchema.name.split("#")[1] + "Result" : void 0; - const bytes = await (0, import_protocols5.collectBody)(response.body, context); - if (bytes.byteLength > 0) { - Object.assign(dataObject, await deserializer.read(ns, bytes, awsQueryResultKey)); - } - const output = { - $metadata: this.deserializeMetadata(response), - ...dataObject - }; - return output; +}; +var RegionDisabledException = class _RegionDisabledException extends STSServiceException { + static { + __name(this, "RegionDisabledException"); } + name = "RegionDisabledException"; + $fault = "client"; /** - * EC2 Query overrides this. + * @internal */ - useNestedResult() { - return true; - } - async handleError(operationSchema, context, response, dataObject, metadata) { - const errorIdentifier = this.loadQueryErrorCode(response, dataObject) ?? "Unknown"; - let namespace = this.options.defaultNamespace; - let errorName = errorIdentifier; - if (errorIdentifier.includes("#")) { - [namespace, errorName] = errorIdentifier.split("#"); - } - const errorDataSource = this.loadQueryError(dataObject); - const registry = import_schema7.TypeRegistry.for(namespace); - let errorSchema; - try { - errorSchema = registry.find( - (schema) => import_schema7.NormalizedSchema.of(schema).getMergedTraits().awsQueryError?.[0] === errorName - ); - if (!errorSchema) { - errorSchema = registry.getSchema(errorIdentifier); - } - } catch (e) { - const baseExceptionSchema = import_schema7.TypeRegistry.for("smithy.ts.sdk.synthetic." + namespace).getBaseException(); - if (baseExceptionSchema) { - const ErrorCtor = baseExceptionSchema.ctor; - throw Object.assign(new ErrorCtor(errorName), errorDataSource); - } - throw new Error(errorName); - } - const ns = import_schema7.NormalizedSchema.of(errorSchema); - const message = this.loadQueryErrorMessage(dataObject); - const exception = new errorSchema.ctor(message); - const output = {}; - for (const [name, member] of ns.structIterator()) { - const target = member.getMergedTraits().xmlName ?? name; - const value = errorDataSource[target] ?? dataObject[target]; - output[name] = this.deserializer.readSchema(member, value); - } - Object.assign(exception, { - $metadata: metadata, - $response: response, - $fault: ns.getMergedTraits().error, - message, - ...output + constructor(opts) { + super({ + name: "RegionDisabledException", + $fault: "client", + ...opts }); - throw exception; + Object.setPrototypeOf(this, _RegionDisabledException.prototype); + } +}; +var IDPRejectedClaimException = class _IDPRejectedClaimException extends STSServiceException { + static { + __name(this, "IDPRejectedClaimException"); } + name = "IDPRejectedClaimException"; + $fault = "client"; /** - * The variations in the error and error message locations are attributed to - * divergence between AWS Query and EC2 Query behavior. + * @internal */ - loadQueryErrorCode(output, data) { - const code = (data.Errors?.[0]?.Error ?? data.Errors?.Error ?? data.Error)?.Code; - if (code !== void 0) { - return code; - } - if (output.statusCode == 404) { - return "NotFound"; - } - } - loadQueryError(data) { - return data.Errors?.[0]?.Error ?? data.Errors?.Error ?? data.Error; + constructor(opts) { + super({ + name: "IDPRejectedClaimException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _IDPRejectedClaimException.prototype); } - loadQueryErrorMessage(data) { - const errorData = this.loadQueryError(data); - return errorData?.message ?? errorData?.Message ?? data.message ?? data.Message ?? "Unknown"; +}; +var InvalidIdentityTokenException = class _InvalidIdentityTokenException extends STSServiceException { + static { + __name(this, "InvalidIdentityTokenException"); } + name = "InvalidIdentityTokenException"; + $fault = "client"; /** - * @override + * @internal */ - getDefaultContentType() { - return "application/x-www-form-urlencoded"; + constructor(opts) { + super({ + name: "InvalidIdentityTokenException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _InvalidIdentityTokenException.prototype); } }; - -// src/submodules/protocols/query/AwsEc2QueryProtocol.ts -var AwsEc2QueryProtocol = class extends AwsQueryProtocol { - constructor(options) { - super(options); - this.options = options; - const ec2Settings = { - capitalizeKeys: true, - flattenLists: true, - serializeEmptyLists: false - }; - Object.assign(this.serializer.settings, ec2Settings); - } +var AssumeRoleWithWebIdentityRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.WebIdentityToken && { WebIdentityToken: import_smithy_client2.SENSITIVE_STRING } +}), "AssumeRoleWithWebIdentityRequestFilterSensitiveLog"); +var AssumeRoleWithWebIdentityResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) } +}), "AssumeRoleWithWebIdentityResponseFilterSensitiveLog"); +var IDPCommunicationErrorException = class _IDPCommunicationErrorException extends STSServiceException { static { - __name(this, "AwsEc2QueryProtocol"); + __name(this, "IDPCommunicationErrorException"); } + name = "IDPCommunicationErrorException"; + $fault = "client"; /** - * EC2 Query reads XResponse.XResult instead of XResponse directly. + * @internal */ - useNestedResult() { - return false; - } -}; - -// src/submodules/protocols/xml/AwsRestXmlProtocol.ts -var import_protocols6 = __nccwpck_require__(2241); -var import_schema9 = __nccwpck_require__(9826); -var import_util_body_length_browser4 = __nccwpck_require__(713); - -// src/submodules/protocols/xml/parseXmlBody.ts -var import_smithy_client5 = __nccwpck_require__(3570); -var import_fast_xml_parser2 = __nccwpck_require__(4678); -var parseXmlBody = /* @__PURE__ */ __name((streamBody, context) => collectBodyString(streamBody, context).then((encoded) => { - if (encoded.length) { - const parser = new import_fast_xml_parser2.XMLParser({ - attributeNamePrefix: "", - htmlEntities: true, - ignoreAttributes: false, - ignoreDeclaration: true, - parseTagValue: false, - trimValues: false, - tagValueProcessor: /* @__PURE__ */ __name((_, val) => val.trim() === "" && val.includes("\n") ? "" : void 0, "tagValueProcessor") + constructor(opts) { + super({ + name: "IDPCommunicationErrorException", + $fault: "client", + ...opts }); - parser.addEntity("#xD", "\r"); - parser.addEntity("#10", "\n"); - let parsedObj; - try { - parsedObj = parser.parse(encoded, true); - } catch (e) { - if (e && typeof e === "object") { - Object.defineProperty(e, "$responseBodyText", { - value: encoded - }); - } - throw e; - } - const textNodeName = "#text"; - const key = Object.keys(parsedObj)[0]; - const parsedObjToReturn = parsedObj[key]; - if (parsedObjToReturn[textNodeName]) { - parsedObjToReturn[key] = parsedObjToReturn[textNodeName]; - delete parsedObjToReturn[textNodeName]; - } - return (0, import_smithy_client5.getValueFromTextNode)(parsedObjToReturn); - } - return {}; -}), "parseXmlBody"); -var parseXmlErrorBody = /* @__PURE__ */ __name(async (errorBody, context) => { - const value = await parseXmlBody(errorBody, context); - if (value.Error) { - value.Error.message = value.Error.message ?? value.Error.Message; - } - return value; -}, "parseXmlErrorBody"); -var loadRestXmlErrorCode = /* @__PURE__ */ __name((output, data) => { - if (data?.Error?.Code !== void 0) { - return data.Error.Code; - } - if (data?.Code !== void 0) { - return data.Code; - } - if (output.statusCode == 404) { - return "NotFound"; + Object.setPrototypeOf(this, _IDPCommunicationErrorException.prototype); } -}, "loadRestXmlErrorCode"); +}; -// src/submodules/protocols/xml/XmlShapeSerializer.ts -var import_xml_builder = __nccwpck_require__(1003); -var import_schema8 = __nccwpck_require__(9826); -var import_serde6 = __nccwpck_require__(7669); -var import_smithy_client6 = __nccwpck_require__(3570); -var import_util_base643 = __nccwpck_require__(5600); -var XmlShapeSerializer = class extends SerdeContextConfig { - constructor(settings) { - super(); - this.settings = settings; - } - static { - __name(this, "XmlShapeSerializer"); - } - stringBuffer; - byteBuffer; - buffer; - write(schema, value) { - const ns = import_schema8.NormalizedSchema.of(schema); - if (ns.isStringSchema() && typeof value === "string") { - this.stringBuffer = value; - } else if (ns.isBlobSchema()) { - this.byteBuffer = "byteLength" in value ? value : (this.serdeContext?.base64Decoder ?? import_util_base643.fromBase64)(value); - } else { - this.buffer = this.writeStruct(ns, value, void 0); - const traits = ns.getMergedTraits(); - if (traits.httpPayload && !traits.xmlName) { - this.buffer.withName(ns.getName()); - } - } - } - flush() { - if (this.byteBuffer !== void 0) { - const bytes = this.byteBuffer; - delete this.byteBuffer; - return bytes; - } - if (this.stringBuffer !== void 0) { - const str = this.stringBuffer; - delete this.stringBuffer; - return str; - } - const buffer = this.buffer; - if (this.settings.xmlNamespace) { - if (!buffer?.attributes?.["xmlns"]) { - buffer.addAttribute("xmlns", this.settings.xmlNamespace); - } - } - delete this.buffer; - return buffer.toString(); - } - writeStruct(ns, value, parentXmlns) { - const traits = ns.getMergedTraits(); - const name = ns.isMemberSchema() && !traits.httpPayload ? ns.getMemberTraits().xmlName ?? ns.getMemberName() : traits.xmlName ?? ns.getName(); - if (!name || !ns.isStructSchema()) { - throw new Error( - `@aws-sdk/core/protocols - xml serializer, cannot write struct with empty name or non-struct, schema=${ns.getName( - true - )}.` - ); - } - const structXmlNode = import_xml_builder.XmlNode.of(name); - const [xmlnsAttr, xmlns] = this.getXmlnsAttribute(ns, parentXmlns); - if (xmlns) { - structXmlNode.addAttribute(xmlnsAttr, xmlns); - } - for (const [memberName, memberSchema] of ns.structIterator()) { - const val = value[memberName]; - if (val != null || memberSchema.isIdempotencyToken()) { - if (memberSchema.getMergedTraits().xmlAttribute) { - structXmlNode.addAttribute( - memberSchema.getMergedTraits().xmlName ?? memberName, - this.writeSimple(memberSchema, val) - ); - continue; - } - if (memberSchema.isListSchema()) { - this.writeList(memberSchema, val, structXmlNode, xmlns); - } else if (memberSchema.isMapSchema()) { - this.writeMap(memberSchema, val, structXmlNode, xmlns); - } else if (memberSchema.isStructSchema()) { - structXmlNode.addChildNode(this.writeStruct(memberSchema, val, xmlns)); - } else { - const memberNode = import_xml_builder.XmlNode.of(memberSchema.getMergedTraits().xmlName ?? memberSchema.getMemberName()); - this.writeSimpleInto(memberSchema, val, memberNode, xmlns); - structXmlNode.addChildNode(memberNode); - } - } - } - return structXmlNode; +// src/submodules/sts/protocols/Aws_query.ts +var import_core = __nccwpck_require__(2143); +var import_protocol_http = __nccwpck_require__(4418); +var import_smithy_client3 = __nccwpck_require__(3570); +var se_AssumeRoleCommand = /* @__PURE__ */ __name(async (input, context) => { + const headers = SHARED_HEADERS; + let body; + body = buildFormUrlencodedString({ + ...se_AssumeRoleRequest(input, context), + [_A]: _AR, + [_V]: _ + }); + return buildHttpRpcRequest(context, headers, "/", void 0, body); +}, "se_AssumeRoleCommand"); +var se_AssumeRoleWithWebIdentityCommand = /* @__PURE__ */ __name(async (input, context) => { + const headers = SHARED_HEADERS; + let body; + body = buildFormUrlencodedString({ + ...se_AssumeRoleWithWebIdentityRequest(input, context), + [_A]: _ARWWI, + [_V]: _ + }); + return buildHttpRpcRequest(context, headers, "/", void 0, body); +}, "se_AssumeRoleWithWebIdentityCommand"); +var de_AssumeRoleCommand = /* @__PURE__ */ __name(async (output, context) => { + if (output.statusCode >= 300) { + return de_CommandError(output, context); } - writeList(listMember, array, container, parentXmlns) { - if (!listMember.isMemberSchema()) { - throw new Error( - `@aws-sdk/core/protocols - xml serializer, cannot write non-member list: ${listMember.getName(true)}` - ); - } - const listTraits = listMember.getMergedTraits(); - const listValueSchema = listMember.getValueSchema(); - const listValueTraits = listValueSchema.getMergedTraits(); - const sparse = !!listValueTraits.sparse; - const flat = !!listTraits.xmlFlattened; - const [xmlnsAttr, xmlns] = this.getXmlnsAttribute(listMember, parentXmlns); - const writeItem = /* @__PURE__ */ __name((container2, value) => { - if (listValueSchema.isListSchema()) { - this.writeList(listValueSchema, Array.isArray(value) ? value : [value], container2, xmlns); - } else if (listValueSchema.isMapSchema()) { - this.writeMap(listValueSchema, value, container2, xmlns); - } else if (listValueSchema.isStructSchema()) { - const struct = this.writeStruct(listValueSchema, value, xmlns); - container2.addChildNode( - struct.withName(flat ? listTraits.xmlName ?? listMember.getMemberName() : listValueTraits.xmlName ?? "member") - ); - } else { - const listItemNode = import_xml_builder.XmlNode.of( - flat ? listTraits.xmlName ?? listMember.getMemberName() : listValueTraits.xmlName ?? "member" - ); - this.writeSimpleInto(listValueSchema, value, listItemNode, xmlns); - container2.addChildNode(listItemNode); - } - }, "writeItem"); - if (flat) { - for (const value of array) { - if (sparse || value != null) { - writeItem(container, value); - } - } - } else { - const listNode = import_xml_builder.XmlNode.of(listTraits.xmlName ?? listMember.getMemberName()); - if (xmlns) { - listNode.addAttribute(xmlnsAttr, xmlns); - } - for (const value of array) { - if (sparse || value != null) { - writeItem(listNode, value); - } - } - container.addChildNode(listNode); - } + const data = await (0, import_core.parseXmlBody)(output.body, context); + let contents = {}; + contents = de_AssumeRoleResponse(data.AssumeRoleResult, context); + const response = { + $metadata: deserializeMetadata(output), + ...contents + }; + return response; +}, "de_AssumeRoleCommand"); +var de_AssumeRoleWithWebIdentityCommand = /* @__PURE__ */ __name(async (output, context) => { + if (output.statusCode >= 300) { + return de_CommandError(output, context); } - writeMap(mapMember, map, container, parentXmlns, containerIsMap = false) { - if (!mapMember.isMemberSchema()) { - throw new Error( - `@aws-sdk/core/protocols - xml serializer, cannot write non-member map: ${mapMember.getName(true)}` - ); - } - const mapTraits = mapMember.getMergedTraits(); - const mapKeySchema = mapMember.getKeySchema(); - const mapKeyTraits = mapKeySchema.getMergedTraits(); - const keyTag = mapKeyTraits.xmlName ?? "key"; - const mapValueSchema = mapMember.getValueSchema(); - const mapValueTraits = mapValueSchema.getMergedTraits(); - const valueTag = mapValueTraits.xmlName ?? "value"; - const sparse = !!mapValueTraits.sparse; - const flat = !!mapTraits.xmlFlattened; - const [xmlnsAttr, xmlns] = this.getXmlnsAttribute(mapMember, parentXmlns); - const addKeyValue = /* @__PURE__ */ __name((entry, key, val) => { - const keyNode = import_xml_builder.XmlNode.of(keyTag, key); - const [keyXmlnsAttr, keyXmlns] = this.getXmlnsAttribute(mapKeySchema, xmlns); - if (keyXmlns) { - keyNode.addAttribute(keyXmlnsAttr, keyXmlns); - } - entry.addChildNode(keyNode); - let valueNode = import_xml_builder.XmlNode.of(valueTag); - if (mapValueSchema.isListSchema()) { - this.writeList(mapValueSchema, val, valueNode, xmlns); - } else if (mapValueSchema.isMapSchema()) { - this.writeMap(mapValueSchema, val, valueNode, xmlns, true); - } else if (mapValueSchema.isStructSchema()) { - valueNode = this.writeStruct(mapValueSchema, val, xmlns); - } else { - this.writeSimpleInto(mapValueSchema, val, valueNode, xmlns); - } - entry.addChildNode(valueNode); - }, "addKeyValue"); - if (flat) { - for (const [key, val] of Object.entries(map)) { - if (sparse || val != null) { - const entry = import_xml_builder.XmlNode.of(mapTraits.xmlName ?? mapMember.getMemberName()); - addKeyValue(entry, key, val); - container.addChildNode(entry); - } - } - } else { - let mapNode; - if (!containerIsMap) { - mapNode = import_xml_builder.XmlNode.of(mapTraits.xmlName ?? mapMember.getMemberName()); - if (xmlns) { - mapNode.addAttribute(xmlnsAttr, xmlns); - } - container.addChildNode(mapNode); - } - for (const [key, val] of Object.entries(map)) { - if (sparse || val != null) { - const entry = import_xml_builder.XmlNode.of("entry"); - addKeyValue(entry, key, val); - (containerIsMap ? container : mapNode).addChildNode(entry); - } - } - } + const data = await (0, import_core.parseXmlBody)(output.body, context); + let contents = {}; + contents = de_AssumeRoleWithWebIdentityResponse(data.AssumeRoleWithWebIdentityResult, context); + const response = { + $metadata: deserializeMetadata(output), + ...contents + }; + return response; +}, "de_AssumeRoleWithWebIdentityCommand"); +var de_CommandError = /* @__PURE__ */ __name(async (output, context) => { + const parsedOutput = { + ...output, + body: await (0, import_core.parseXmlErrorBody)(output.body, context) + }; + const errorCode = loadQueryErrorCode(output, parsedOutput.body); + switch (errorCode) { + case "ExpiredTokenException": + case "com.amazonaws.sts#ExpiredTokenException": + throw await de_ExpiredTokenExceptionRes(parsedOutput, context); + case "MalformedPolicyDocument": + case "com.amazonaws.sts#MalformedPolicyDocumentException": + throw await de_MalformedPolicyDocumentExceptionRes(parsedOutput, context); + case "PackedPolicyTooLarge": + case "com.amazonaws.sts#PackedPolicyTooLargeException": + throw await de_PackedPolicyTooLargeExceptionRes(parsedOutput, context); + case "RegionDisabledException": + case "com.amazonaws.sts#RegionDisabledException": + throw await de_RegionDisabledExceptionRes(parsedOutput, context); + case "IDPCommunicationError": + case "com.amazonaws.sts#IDPCommunicationErrorException": + throw await de_IDPCommunicationErrorExceptionRes(parsedOutput, context); + case "IDPRejectedClaim": + case "com.amazonaws.sts#IDPRejectedClaimException": + throw await de_IDPRejectedClaimExceptionRes(parsedOutput, context); + case "InvalidIdentityToken": + case "com.amazonaws.sts#InvalidIdentityTokenException": + throw await de_InvalidIdentityTokenExceptionRes(parsedOutput, context); + default: + const parsedBody = parsedOutput.body; + return throwDefaultError({ + output, + parsedBody: parsedBody.Error, + errorCode + }); } - writeSimple(_schema, value) { - if (null === value) { - throw new Error("@aws-sdk/core/protocols - (XML serializer) cannot write null value."); - } - const ns = import_schema8.NormalizedSchema.of(_schema); - let nodeContents = null; - if (value && typeof value === "object") { - if (ns.isBlobSchema()) { - nodeContents = (this.serdeContext?.base64Encoder ?? import_util_base643.toBase64)(value); - } else if (ns.isTimestampSchema() && value instanceof Date) { - const options = this.settings.timestampFormat; - const format = options.useTrait ? ns.getSchema() === import_schema8.SCHEMA.TIMESTAMP_DEFAULT ? options.default : ns.getSchema() ?? options.default : options.default; - switch (format) { - case import_schema8.SCHEMA.TIMESTAMP_DATE_TIME: - nodeContents = value.toISOString().replace(".000Z", "Z"); - break; - case import_schema8.SCHEMA.TIMESTAMP_HTTP_DATE: - nodeContents = (0, import_smithy_client6.dateToUtcString)(value); - break; - case import_schema8.SCHEMA.TIMESTAMP_EPOCH_SECONDS: - nodeContents = String(value.getTime() / 1e3); - break; - default: - console.warn("Missing timestamp format, using http date", value); - nodeContents = (0, import_smithy_client6.dateToUtcString)(value); - break; - } - } else if (ns.isBigDecimalSchema() && value) { - if (value instanceof import_serde6.NumericValue) { - return value.string; - } - return String(value); - } else if (ns.isMapSchema() || ns.isListSchema()) { - throw new Error( - "@aws-sdk/core/protocols - xml serializer, cannot call _write() on List/Map schema, call writeList or writeMap() instead." - ); - } else { - throw new Error( - `@aws-sdk/core/protocols - xml serializer, unhandled schema type for object value and schema: ${ns.getName( - true - )}` - ); - } - } - if (ns.isBooleanSchema() || ns.isNumericSchema() || ns.isBigIntegerSchema() || ns.isBigDecimalSchema()) { - nodeContents = String(value); - } - if (ns.isStringSchema()) { - if (value === void 0 && ns.isIdempotencyToken()) { - nodeContents = (0, import_serde6.generateIdempotencyToken)(); - } else { - nodeContents = String(value); - } - } - if (nodeContents === null) { - throw new Error(`Unhandled schema-value pair ${ns.getName(true)}=${value}`); +}, "de_CommandError"); +var de_ExpiredTokenExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const body = parsedOutput.body; + const deserialized = de_ExpiredTokenException(body.Error, context); + const exception = new ExpiredTokenException({ + $metadata: deserializeMetadata(parsedOutput), + ...deserialized + }); + return (0, import_smithy_client3.decorateServiceException)(exception, body); +}, "de_ExpiredTokenExceptionRes"); +var de_IDPCommunicationErrorExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const body = parsedOutput.body; + const deserialized = de_IDPCommunicationErrorException(body.Error, context); + const exception = new IDPCommunicationErrorException({ + $metadata: deserializeMetadata(parsedOutput), + ...deserialized + }); + return (0, import_smithy_client3.decorateServiceException)(exception, body); +}, "de_IDPCommunicationErrorExceptionRes"); +var de_IDPRejectedClaimExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const body = parsedOutput.body; + const deserialized = de_IDPRejectedClaimException(body.Error, context); + const exception = new IDPRejectedClaimException({ + $metadata: deserializeMetadata(parsedOutput), + ...deserialized + }); + return (0, import_smithy_client3.decorateServiceException)(exception, body); +}, "de_IDPRejectedClaimExceptionRes"); +var de_InvalidIdentityTokenExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const body = parsedOutput.body; + const deserialized = de_InvalidIdentityTokenException(body.Error, context); + const exception = new InvalidIdentityTokenException({ + $metadata: deserializeMetadata(parsedOutput), + ...deserialized + }); + return (0, import_smithy_client3.decorateServiceException)(exception, body); +}, "de_InvalidIdentityTokenExceptionRes"); +var de_MalformedPolicyDocumentExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const body = parsedOutput.body; + const deserialized = de_MalformedPolicyDocumentException(body.Error, context); + const exception = new MalformedPolicyDocumentException({ + $metadata: deserializeMetadata(parsedOutput), + ...deserialized + }); + return (0, import_smithy_client3.decorateServiceException)(exception, body); +}, "de_MalformedPolicyDocumentExceptionRes"); +var de_PackedPolicyTooLargeExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const body = parsedOutput.body; + const deserialized = de_PackedPolicyTooLargeException(body.Error, context); + const exception = new PackedPolicyTooLargeException({ + $metadata: deserializeMetadata(parsedOutput), + ...deserialized + }); + return (0, import_smithy_client3.decorateServiceException)(exception, body); +}, "de_PackedPolicyTooLargeExceptionRes"); +var de_RegionDisabledExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const body = parsedOutput.body; + const deserialized = de_RegionDisabledException(body.Error, context); + const exception = new RegionDisabledException({ + $metadata: deserializeMetadata(parsedOutput), + ...deserialized + }); + return (0, import_smithy_client3.decorateServiceException)(exception, body); +}, "de_RegionDisabledExceptionRes"); +var se_AssumeRoleRequest = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + if (input[_RA] != null) { + entries[_RA] = input[_RA]; + } + if (input[_RSN] != null) { + entries[_RSN] = input[_RSN]; + } + if (input[_PA] != null) { + const memberEntries = se_policyDescriptorListType(input[_PA], context); + if (input[_PA]?.length === 0) { + entries.PolicyArns = []; } - return nodeContents; + Object.entries(memberEntries).forEach(([key, value]) => { + const loc = `PolicyArns.${key}`; + entries[loc] = value; + }); } - writeSimpleInto(_schema, value, into, parentXmlns) { - const nodeContents = this.writeSimple(_schema, value); - const ns = import_schema8.NormalizedSchema.of(_schema); - const content = new import_xml_builder.XmlText(nodeContents); - const [xmlnsAttr, xmlns] = this.getXmlnsAttribute(ns, parentXmlns); - if (xmlns) { - into.addAttribute(xmlnsAttr, xmlns); + if (input[_P] != null) { + entries[_P] = input[_P]; + } + if (input[_DS] != null) { + entries[_DS] = input[_DS]; + } + if (input[_T] != null) { + const memberEntries = se_tagListType(input[_T], context); + if (input[_T]?.length === 0) { + entries.Tags = []; } - into.addChildNode(content); + Object.entries(memberEntries).forEach(([key, value]) => { + const loc = `Tags.${key}`; + entries[loc] = value; + }); } - getXmlnsAttribute(ns, parentXmlns) { - const traits = ns.getMergedTraits(); - const [prefix, xmlns] = traits.xmlNamespace ?? []; - if (xmlns && xmlns !== parentXmlns) { - return [prefix ? `xmlns:${prefix}` : "xmlns", xmlns]; + if (input[_TTK] != null) { + const memberEntries = se_tagKeyListType(input[_TTK], context); + if (input[_TTK]?.length === 0) { + entries.TransitiveTagKeys = []; } - return [void 0, void 0]; + Object.entries(memberEntries).forEach(([key, value]) => { + const loc = `TransitiveTagKeys.${key}`; + entries[loc] = value; + }); } -}; - -// src/submodules/protocols/xml/XmlCodec.ts -var XmlCodec = class extends SerdeContextConfig { - constructor(settings) { - super(); - this.settings = settings; + if (input[_EI] != null) { + entries[_EI] = input[_EI]; } - static { - __name(this, "XmlCodec"); + if (input[_SN] != null) { + entries[_SN] = input[_SN]; } - createSerializer() { - const serializer = new XmlShapeSerializer(this.settings); - serializer.setSerdeContext(this.serdeContext); - return serializer; + if (input[_TC] != null) { + entries[_TC] = input[_TC]; } - createDeserializer() { - const deserializer = new XmlShapeDeserializer(this.settings); - deserializer.setSerdeContext(this.serdeContext); - return deserializer; + if (input[_SI] != null) { + entries[_SI] = input[_SI]; } -}; - -// src/submodules/protocols/xml/AwsRestXmlProtocol.ts -var AwsRestXmlProtocol = class extends import_protocols6.HttpBindingProtocol { - static { - __name(this, "AwsRestXmlProtocol"); + if (input[_PC] != null) { + const memberEntries = se_ProvidedContextsListType(input[_PC], context); + if (input[_PC]?.length === 0) { + entries.ProvidedContexts = []; + } + Object.entries(memberEntries).forEach(([key, value]) => { + const loc = `ProvidedContexts.${key}`; + entries[loc] = value; + }); } - codec; - serializer; - deserializer; - constructor(options) { - super(options); - const settings = { - timestampFormat: { - useTrait: true, - default: import_schema9.SCHEMA.TIMESTAMP_DATE_TIME - }, - httpBindings: true, - xmlNamespace: options.xmlNamespace, - serviceNamespace: options.defaultNamespace - }; - this.codec = new XmlCodec(settings); - this.serializer = new import_protocols6.HttpInterceptingShapeSerializer(this.codec.createSerializer(), settings); - this.deserializer = new import_protocols6.HttpInterceptingShapeDeserializer(this.codec.createDeserializer(), settings); + return entries; +}, "se_AssumeRoleRequest"); +var se_AssumeRoleWithWebIdentityRequest = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + if (input[_RA] != null) { + entries[_RA] = input[_RA]; } - getPayloadCodec() { - return this.codec; + if (input[_RSN] != null) { + entries[_RSN] = input[_RSN]; } - getShapeId() { - return "aws.protocols#restXml"; + if (input[_WIT] != null) { + entries[_WIT] = input[_WIT]; } - async serializeRequest(operationSchema, input, context) { - const request = await super.serializeRequest(operationSchema, input, context); - const ns = import_schema9.NormalizedSchema.of(operationSchema.input); - const members = ns.getMemberSchemas(); - request.path = String(request.path).split("/").filter((segment) => { - return segment !== "{Bucket}"; - }).join("/") || "/"; - if (!request.headers["content-type"]) { - const httpPayloadMember = Object.values(members).find((m) => { - return !!m.getMergedTraits().httpPayload; - }); - if (httpPayloadMember) { - const mediaType = httpPayloadMember.getMergedTraits().mediaType; - if (mediaType) { - request.headers["content-type"] = mediaType; - } else if (httpPayloadMember.isStringSchema()) { - request.headers["content-type"] = "text/plain"; - } else if (httpPayloadMember.isBlobSchema()) { - request.headers["content-type"] = "application/octet-stream"; - } else { - request.headers["content-type"] = this.getDefaultContentType(); - } - } else if (!ns.isUnitSchema()) { - const hasBody = Object.values(members).find((m) => { - const { httpQuery, httpQueryParams, httpHeader, httpLabel, httpPrefixHeaders } = m.getMergedTraits(); - return !httpQuery && !httpQueryParams && !httpHeader && !httpLabel && httpPrefixHeaders === void 0; - }); - if (hasBody) { - request.headers["content-type"] = this.getDefaultContentType(); - } - } - } - if (request.headers["content-type"] === this.getDefaultContentType()) { - if (typeof request.body === "string") { - request.body = '' + request.body; - } + if (input[_PI] != null) { + entries[_PI] = input[_PI]; + } + if (input[_PA] != null) { + const memberEntries = se_policyDescriptorListType(input[_PA], context); + if (input[_PA]?.length === 0) { + entries.PolicyArns = []; } - if (request.body) { - try { - request.headers["content-length"] = String((0, import_util_body_length_browser4.calculateBodyLength)(request.body)); - } catch (e) { - } + Object.entries(memberEntries).forEach(([key, value]) => { + const loc = `PolicyArns.${key}`; + entries[loc] = value; + }); + } + if (input[_P] != null) { + entries[_P] = input[_P]; + } + if (input[_DS] != null) { + entries[_DS] = input[_DS]; + } + return entries; +}, "se_AssumeRoleWithWebIdentityRequest"); +var se_policyDescriptorListType = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + let counter = 1; + for (const entry of input) { + if (entry === null) { + continue; } - return request; + const memberEntries = se_PolicyDescriptorType(entry, context); + Object.entries(memberEntries).forEach(([key, value]) => { + entries[`member.${counter}.${key}`] = value; + }); + counter++; } - async deserializeResponse(operationSchema, context, response) { - return super.deserializeResponse(operationSchema, context, response); + return entries; +}, "se_policyDescriptorListType"); +var se_PolicyDescriptorType = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + if (input[_a] != null) { + entries[_a] = input[_a]; } - async handleError(operationSchema, context, response, dataObject, metadata) { - const errorIdentifier = loadRestXmlErrorCode(response, dataObject) ?? "Unknown"; - let namespace = this.options.defaultNamespace; - let errorName = errorIdentifier; - if (errorIdentifier.includes("#")) { - [namespace, errorName] = errorIdentifier.split("#"); + return entries; +}, "se_PolicyDescriptorType"); +var se_ProvidedContext = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + if (input[_PAr] != null) { + entries[_PAr] = input[_PAr]; + } + if (input[_CA] != null) { + entries[_CA] = input[_CA]; + } + return entries; +}, "se_ProvidedContext"); +var se_ProvidedContextsListType = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + let counter = 1; + for (const entry of input) { + if (entry === null) { + continue; } - const registry = import_schema9.TypeRegistry.for(namespace); - let errorSchema; - try { - errorSchema = registry.getSchema(errorIdentifier); - } catch (e) { - const baseExceptionSchema = import_schema9.TypeRegistry.for("smithy.ts.sdk.synthetic." + namespace).getBaseException(); - if (baseExceptionSchema) { - const ErrorCtor = baseExceptionSchema.ctor; - throw Object.assign(new ErrorCtor(errorName), dataObject); - } - throw new Error(errorName); + const memberEntries = se_ProvidedContext(entry, context); + Object.entries(memberEntries).forEach(([key, value]) => { + entries[`member.${counter}.${key}`] = value; + }); + counter++; + } + return entries; +}, "se_ProvidedContextsListType"); +var se_Tag = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + if (input[_K] != null) { + entries[_K] = input[_K]; + } + if (input[_Va] != null) { + entries[_Va] = input[_Va]; + } + return entries; +}, "se_Tag"); +var se_tagKeyListType = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + let counter = 1; + for (const entry of input) { + if (entry === null) { + continue; } - const ns = import_schema9.NormalizedSchema.of(errorSchema); - const message = dataObject.Error?.message ?? dataObject.Error?.Message ?? dataObject.message ?? dataObject.Message ?? "Unknown"; - const exception = new errorSchema.ctor(message); - await this.deserializeHttpMessage(errorSchema, context, response, dataObject); - const output = {}; - for (const [name, member] of ns.structIterator()) { - const target = member.getMergedTraits().xmlName ?? name; - const value = dataObject.Error?.[target] ?? dataObject[target]; - output[name] = this.codec.createDeserializer().readSchema(member, value); + entries[`member.${counter}`] = entry; + counter++; + } + return entries; +}, "se_tagKeyListType"); +var se_tagListType = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + let counter = 1; + for (const entry of input) { + if (entry === null) { + continue; } - Object.assign(exception, { - $metadata: metadata, - $response: response, - $fault: ns.getMergedTraits().error, - message, - ...output + const memberEntries = se_Tag(entry, context); + Object.entries(memberEntries).forEach(([key, value]) => { + entries[`member.${counter}.${key}`] = value; }); - throw exception; + counter++; } - /** - * @override - */ - getDefaultContentType() { - return "application/xml"; + return entries; +}, "se_tagListType"); +var de_AssumedRoleUser = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_ARI] != null) { + contents[_ARI] = (0, import_smithy_client3.expectString)(output[_ARI]); + } + if (output[_Ar] != null) { + contents[_Ar] = (0, import_smithy_client3.expectString)(output[_Ar]); + } + return contents; +}, "de_AssumedRoleUser"); +var de_AssumeRoleResponse = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_C] != null) { + contents[_C] = de_Credentials(output[_C], context); + } + if (output[_ARU] != null) { + contents[_ARU] = de_AssumedRoleUser(output[_ARU], context); + } + if (output[_PPS] != null) { + contents[_PPS] = (0, import_smithy_client3.strictParseInt32)(output[_PPS]); + } + if (output[_SI] != null) { + contents[_SI] = (0, import_smithy_client3.expectString)(output[_SI]); + } + return contents; +}, "de_AssumeRoleResponse"); +var de_AssumeRoleWithWebIdentityResponse = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_C] != null) { + contents[_C] = de_Credentials(output[_C], context); + } + if (output[_SFWIT] != null) { + contents[_SFWIT] = (0, import_smithy_client3.expectString)(output[_SFWIT]); + } + if (output[_ARU] != null) { + contents[_ARU] = de_AssumedRoleUser(output[_ARU], context); + } + if (output[_PPS] != null) { + contents[_PPS] = (0, import_smithy_client3.strictParseInt32)(output[_PPS]); + } + if (output[_Pr] != null) { + contents[_Pr] = (0, import_smithy_client3.expectString)(output[_Pr]); + } + if (output[_Au] != null) { + contents[_Au] = (0, import_smithy_client3.expectString)(output[_Au]); + } + if (output[_SI] != null) { + contents[_SI] = (0, import_smithy_client3.expectString)(output[_SI]); + } + return contents; +}, "de_AssumeRoleWithWebIdentityResponse"); +var de_Credentials = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_AKI] != null) { + contents[_AKI] = (0, import_smithy_client3.expectString)(output[_AKI]); + } + if (output[_SAK] != null) { + contents[_SAK] = (0, import_smithy_client3.expectString)(output[_SAK]); + } + if (output[_ST] != null) { + contents[_ST] = (0, import_smithy_client3.expectString)(output[_ST]); + } + if (output[_E] != null) { + contents[_E] = (0, import_smithy_client3.expectNonNull)((0, import_smithy_client3.parseRfc3339DateTimeWithOffset)(output[_E])); + } + return contents; +}, "de_Credentials"); +var de_ExpiredTokenException = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_m] != null) { + contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); + } + return contents; +}, "de_ExpiredTokenException"); +var de_IDPCommunicationErrorException = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_m] != null) { + contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); + } + return contents; +}, "de_IDPCommunicationErrorException"); +var de_IDPRejectedClaimException = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_m] != null) { + contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); + } + return contents; +}, "de_IDPRejectedClaimException"); +var de_InvalidIdentityTokenException = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_m] != null) { + contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); + } + return contents; +}, "de_InvalidIdentityTokenException"); +var de_MalformedPolicyDocumentException = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_m] != null) { + contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); + } + return contents; +}, "de_MalformedPolicyDocumentException"); +var de_PackedPolicyTooLargeException = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_m] != null) { + contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); + } + return contents; +}, "de_PackedPolicyTooLargeException"); +var de_RegionDisabledException = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_m] != null) { + contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); + } + return contents; +}, "de_RegionDisabledException"); +var deserializeMetadata = /* @__PURE__ */ __name((output) => ({ + httpStatusCode: output.statusCode, + requestId: output.headers["x-amzn-requestid"] ?? output.headers["x-amzn-request-id"] ?? output.headers["x-amz-request-id"], + extendedRequestId: output.headers["x-amz-id-2"], + cfId: output.headers["x-amz-cf-id"] +}), "deserializeMetadata"); +var throwDefaultError = (0, import_smithy_client3.withBaseException)(STSServiceException); +var buildHttpRpcRequest = /* @__PURE__ */ __name(async (context, headers, path, resolvedHostname, body) => { + const { hostname, protocol = "https", port, path: basePath } = await context.endpoint(); + const contents = { + protocol, + hostname, + port, + method: "POST", + path: basePath.endsWith("/") ? basePath.slice(0, -1) + path : basePath + path, + headers + }; + if (resolvedHostname !== void 0) { + contents.hostname = resolvedHostname; + } + if (body !== void 0) { + contents.body = body; } + return new import_protocol_http.HttpRequest(contents); +}, "buildHttpRpcRequest"); +var SHARED_HEADERS = { + "content-type": "application/x-www-form-urlencoded" }; -// Annotate the CommonJS export names for ESM import in node: -0 && (0); - - -/***/ }), - -/***/ 1003: -/***/ ((module) => { - -"use strict"; +var _ = "2011-06-15"; +var _A = "Action"; +var _AKI = "AccessKeyId"; +var _AR = "AssumeRole"; +var _ARI = "AssumedRoleId"; +var _ARU = "AssumedRoleUser"; +var _ARWWI = "AssumeRoleWithWebIdentity"; +var _Ar = "Arn"; +var _Au = "Audience"; +var _C = "Credentials"; +var _CA = "ContextAssertion"; +var _DS = "DurationSeconds"; +var _E = "Expiration"; +var _EI = "ExternalId"; +var _K = "Key"; +var _P = "Policy"; +var _PA = "PolicyArns"; +var _PAr = "ProviderArn"; +var _PC = "ProvidedContexts"; +var _PI = "ProviderId"; +var _PPS = "PackedPolicySize"; +var _Pr = "Provider"; +var _RA = "RoleArn"; +var _RSN = "RoleSessionName"; +var _SAK = "SecretAccessKey"; +var _SFWIT = "SubjectFromWebIdentityToken"; +var _SI = "SourceIdentity"; +var _SN = "SerialNumber"; +var _ST = "SessionToken"; +var _T = "Tags"; +var _TC = "TokenCode"; +var _TTK = "TransitiveTagKeys"; +var _V = "Version"; +var _Va = "Value"; +var _WIT = "WebIdentityToken"; +var _a = "arn"; +var _m = "message"; +var buildFormUrlencodedString = /* @__PURE__ */ __name((formEntries) => Object.entries(formEntries).map(([key, value]) => (0, import_smithy_client3.extendedEncodeURIComponent)(key) + "=" + (0, import_smithy_client3.extendedEncodeURIComponent)(value)).join("&"), "buildFormUrlencodedString"); +var loadQueryErrorCode = /* @__PURE__ */ __name((output, data) => { + if (data.Error?.Code !== void 0) { + return data.Error.Code; + } + if (output.statusCode == 404) { + return "NotFound"; + } +}, "loadQueryErrorCode"); -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); +// src/submodules/sts/commands/AssumeRoleCommand.ts +var AssumeRoleCommand = class extends import_smithy_client4.Command.classBuilder().ep(import_EndpointParameters.commonParams).m(function(Command, cs, config, o) { + return [ + (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), + (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) + ]; +}).s("AWSSecurityTokenServiceV20110615", "AssumeRole", {}).n("STSClient", "AssumeRoleCommand").f(void 0, AssumeRoleResponseFilterSensitiveLog).ser(se_AssumeRoleCommand).de(de_AssumeRoleCommand).build() { + static { + __name(this, "AssumeRoleCommand"); } - return to; }; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - XmlNode: () => XmlNode, - XmlText: () => XmlText -}); -module.exports = __toCommonJS(index_exports); - -// src/escape-attribute.ts -function escapeAttribute(value) { - return value.replace(/&/g, "&").replace(//g, ">").replace(/"/g, """); -} -__name(escapeAttribute, "escapeAttribute"); -// src/escape-element.ts -function escapeElement(value) { - return value.replace(/&/g, "&").replace(/"/g, """).replace(/'/g, "'").replace(//g, ">").replace(/\r/g, " ").replace(/\n/g, " ").replace(/\u0085/g, "…").replace(/\u2028/, " "); -} -__name(escapeElement, "escapeElement"); - -// src/XmlText.ts -var XmlText = class { - constructor(value) { - this.value = value; - } +// src/submodules/sts/commands/AssumeRoleWithWebIdentityCommand.ts +var import_middleware_endpoint2 = __nccwpck_require__(2918); +var import_middleware_serde2 = __nccwpck_require__(1238); +var import_smithy_client5 = __nccwpck_require__(3570); +var import_EndpointParameters2 = __nccwpck_require__(981); +var AssumeRoleWithWebIdentityCommand = class extends import_smithy_client5.Command.classBuilder().ep(import_EndpointParameters2.commonParams).m(function(Command, cs, config, o) { + return [ + (0, import_middleware_serde2.getSerdePlugin)(config, this.serialize, this.deserialize), + (0, import_middleware_endpoint2.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) + ]; +}).s("AWSSecurityTokenServiceV20110615", "AssumeRoleWithWebIdentity", {}).n("STSClient", "AssumeRoleWithWebIdentityCommand").f(AssumeRoleWithWebIdentityRequestFilterSensitiveLog, AssumeRoleWithWebIdentityResponseFilterSensitiveLog).ser(se_AssumeRoleWithWebIdentityCommand).de(de_AssumeRoleWithWebIdentityCommand).build() { static { - __name(this, "XmlText"); - } - toString() { - return escapeElement("" + this.value); + __name(this, "AssumeRoleWithWebIdentityCommand"); } }; -// src/XmlNode.ts -var XmlNode = class _XmlNode { - constructor(name, children = []) { - this.name = name; - this.children = children; - } +// src/submodules/sts/STS.ts +var import_STSClient = __nccwpck_require__(6878); +var commands = { + AssumeRoleCommand, + AssumeRoleWithWebIdentityCommand +}; +var STS = class extends import_STSClient.STSClient { static { - __name(this, "XmlNode"); + __name(this, "STS"); } - attributes = {}; - static of(name, childText, withName) { - const node = new _XmlNode(name); - if (childText !== void 0) { - node.addChildNode(new XmlText(childText)); - } - if (withName !== void 0) { - node.withName(withName); +}; +(0, import_smithy_client6.createAggregatedClient)(commands, STS); + +// src/submodules/sts/index.ts +var import_EndpointParameters3 = __nccwpck_require__(981); + +// src/submodules/sts/defaultStsRoleAssumers.ts +var import_client = __nccwpck_require__(6510); +var ASSUME_ROLE_DEFAULT_REGION = "us-east-1"; +var getAccountIdFromAssumedRoleUser = /* @__PURE__ */ __name((assumedRoleUser) => { + if (typeof assumedRoleUser?.Arn === "string") { + const arnComponents = assumedRoleUser.Arn.split(":"); + if (arnComponents.length > 4 && arnComponents[4] !== "") { + return arnComponents[4]; } - return node; - } - withName(name) { - this.name = name; - return this; - } - addAttribute(name, value) { - this.attributes[name] = value; - return this; - } - addChildNode(child) { - this.children.push(child); - return this; - } - removeAttribute(name) { - delete this.attributes[name]; - return this; - } - /** - * @internal - * Alias of {@link XmlNode#withName(string)} for codegen brevity. - */ - n(name) { - this.name = name; - return this; - } - /** - * @internal - * Alias of {@link XmlNode#addChildNode(string)} for codegen brevity. - */ - c(child) { - this.children.push(child); - return this; } - /** - * @internal - * Checked version of {@link XmlNode#addAttribute(string)} for codegen brevity. - */ - a(name, value) { - if (value != null) { - this.attributes[name] = value; + return void 0; +}, "getAccountIdFromAssumedRoleUser"); +var resolveRegion = /* @__PURE__ */ __name(async (_region, _parentRegion, credentialProviderLogger) => { + const region = typeof _region === "function" ? await _region() : _region; + const parentRegion = typeof _parentRegion === "function" ? await _parentRegion() : _parentRegion; + credentialProviderLogger?.debug?.( + "@aws-sdk/client-sts::resolveRegion", + "accepting first of:", + `${region} (provider)`, + `${parentRegion} (parent client)`, + `${ASSUME_ROLE_DEFAULT_REGION} (STS default)` + ); + return region ?? parentRegion ?? ASSUME_ROLE_DEFAULT_REGION; +}, "resolveRegion"); +var getDefaultRoleAssumer = /* @__PURE__ */ __name((stsOptions, STSClient3) => { + let stsClient; + let closureSourceCreds; + return async (sourceCreds, params) => { + closureSourceCreds = sourceCreds; + if (!stsClient) { + const { + logger = stsOptions?.parentClientConfig?.logger, + region, + requestHandler = stsOptions?.parentClientConfig?.requestHandler, + credentialProviderLogger + } = stsOptions; + const resolvedRegion = await resolveRegion( + region, + stsOptions?.parentClientConfig?.region, + credentialProviderLogger + ); + const isCompatibleRequestHandler = !isH2(requestHandler); + stsClient = new STSClient3({ + profile: stsOptions?.parentClientConfig?.profile, + // A hack to make sts client uses the credential in current closure. + credentialDefaultProvider: /* @__PURE__ */ __name(() => async () => closureSourceCreds, "credentialDefaultProvider"), + region: resolvedRegion, + requestHandler: isCompatibleRequestHandler ? requestHandler : void 0, + logger + }); } - return this; - } - /** - * Create a child node. - * Used in serialization of string fields. - * @internal - */ - cc(input, field, withName = field) { - if (input[field] != null) { - const node = _XmlNode.of(field, input[field]).withName(withName); - this.c(node); + const { Credentials: Credentials2, AssumedRoleUser: AssumedRoleUser2 } = await stsClient.send(new AssumeRoleCommand(params)); + if (!Credentials2 || !Credentials2.AccessKeyId || !Credentials2.SecretAccessKey) { + throw new Error(`Invalid response from STS.assumeRole call with role ${params.RoleArn}`); } - } - /** - * Creates list child nodes. - * @internal - */ - l(input, listName, memberName, valueProvider) { - if (input[listName] != null) { - const nodes = valueProvider(); - nodes.map((node) => { - node.withName(memberName); - this.c(node); + const accountId = getAccountIdFromAssumedRoleUser(AssumedRoleUser2); + const credentials = { + accessKeyId: Credentials2.AccessKeyId, + secretAccessKey: Credentials2.SecretAccessKey, + sessionToken: Credentials2.SessionToken, + expiration: Credentials2.Expiration, + // TODO(credentialScope): access normally when shape is updated. + ...Credentials2.CredentialScope && { credentialScope: Credentials2.CredentialScope }, + ...accountId && { accountId } + }; + (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_STS_ASSUME_ROLE", "i"); + return credentials; + }; +}, "getDefaultRoleAssumer"); +var getDefaultRoleAssumerWithWebIdentity = /* @__PURE__ */ __name((stsOptions, STSClient3) => { + let stsClient; + return async (params) => { + if (!stsClient) { + const { + logger = stsOptions?.parentClientConfig?.logger, + region, + requestHandler = stsOptions?.parentClientConfig?.requestHandler, + credentialProviderLogger + } = stsOptions; + const resolvedRegion = await resolveRegion( + region, + stsOptions?.parentClientConfig?.region, + credentialProviderLogger + ); + const isCompatibleRequestHandler = !isH2(requestHandler); + stsClient = new STSClient3({ + profile: stsOptions?.parentClientConfig?.profile, + region: resolvedRegion, + requestHandler: isCompatibleRequestHandler ? requestHandler : void 0, + logger }); } - } - /** - * Creates list child nodes with container. - * @internal - */ - lc(input, listName, memberName, valueProvider) { - if (input[listName] != null) { - const nodes = valueProvider(); - const containerNode = new _XmlNode(memberName); - nodes.map((node) => { - containerNode.c(node); - }); - this.c(containerNode); + const { Credentials: Credentials2, AssumedRoleUser: AssumedRoleUser2 } = await stsClient.send(new AssumeRoleWithWebIdentityCommand(params)); + if (!Credentials2 || !Credentials2.AccessKeyId || !Credentials2.SecretAccessKey) { + throw new Error(`Invalid response from STS.assumeRoleWithWebIdentity call with role ${params.RoleArn}`); } - } - toString() { - const hasChildren = Boolean(this.children.length); - let xmlText = `<${this.name}`; - const attributes = this.attributes; - for (const attributeName of Object.keys(attributes)) { - const attribute = attributes[attributeName]; - if (attribute != null) { - xmlText += ` ${attributeName}="${escapeAttribute("" + attribute)}"`; - } + const accountId = getAccountIdFromAssumedRoleUser(AssumedRoleUser2); + const credentials = { + accessKeyId: Credentials2.AccessKeyId, + secretAccessKey: Credentials2.SecretAccessKey, + sessionToken: Credentials2.SessionToken, + expiration: Credentials2.Expiration, + // TODO(credentialScope): access normally when shape is updated. + ...Credentials2.CredentialScope && { credentialScope: Credentials2.CredentialScope }, + ...accountId && { accountId } + }; + if (accountId) { + (0, import_client.setCredentialFeature)(credentials, "RESOLVED_ACCOUNT_ID", "T"); } - return xmlText += !hasChildren ? "/>" : `>${this.children.map((c) => c.toString()).join("")}`; - } -}; -// Annotate the CommonJS export names for ESM import in node: + (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_STS_ASSUME_ROLE_WEB_ID", "k"); + return credentials; + }; +}, "getDefaultRoleAssumerWithWebIdentity"); +var isH2 = /* @__PURE__ */ __name((requestHandler) => { + return requestHandler?.metadata?.handlerProtocol === "h2"; +}, "isH2"); +// src/submodules/sts/defaultRoleAssumers.ts +var import_STSClient2 = __nccwpck_require__(6878); +var getCustomizableStsClientCtor = /* @__PURE__ */ __name((baseCtor, customizations) => { + if (!customizations) return baseCtor; + else + return class CustomizableSTSClient extends baseCtor { + static { + __name(this, "CustomizableSTSClient"); + } + constructor(config) { + super(config); + for (const customization of customizations) { + this.middlewareStack.use(customization); + } + } + }; +}, "getCustomizableStsClientCtor"); +var getDefaultRoleAssumer2 = /* @__PURE__ */ __name((stsOptions = {}, stsPlugins) => getDefaultRoleAssumer(stsOptions, getCustomizableStsClientCtor(import_STSClient2.STSClient, stsPlugins)), "getDefaultRoleAssumer"); +var getDefaultRoleAssumerWithWebIdentity2 = /* @__PURE__ */ __name((stsOptions = {}, stsPlugins) => getDefaultRoleAssumerWithWebIdentity(stsOptions, getCustomizableStsClientCtor(import_STSClient2.STSClient, stsPlugins)), "getDefaultRoleAssumerWithWebIdentity"); +var decorateDefaultCredentialProvider = /* @__PURE__ */ __name((provider) => (input) => provider({ + roleAssumer: getDefaultRoleAssumer2(input), + roleAssumerWithWebIdentity: getDefaultRoleAssumerWithWebIdentity2(input), + ...input +}), "decorateDefaultCredentialProvider"); +// Annotate the CommonJS export names for ESM import in node: 0 && (0); - /***/ }), -/***/ 2545: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +/***/ 302: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - getHostHeaderPlugin: () => getHostHeaderPlugin, - hostHeaderMiddleware: () => hostHeaderMiddleware, - hostHeaderMiddlewareOptions: () => hostHeaderMiddlewareOptions, - resolveHostHeaderConfig: () => resolveHostHeaderConfig -}); -module.exports = __toCommonJS(index_exports); -var import_protocol_http = __nccwpck_require__(4418); -function resolveHostHeaderConfig(input) { - return input; -} -__name(resolveHostHeaderConfig, "resolveHostHeaderConfig"); -var hostHeaderMiddleware = /* @__PURE__ */ __name((options) => (next) => async (args) => { - if (!import_protocol_http.HttpRequest.isInstance(args.request)) return next(args); - const { request } = args; - const { handlerProtocol = "" } = options.requestHandler.metadata || {}; - if (handlerProtocol.indexOf("h2") >= 0 && !request.headers[":authority"]) { - delete request.headers["host"]; - request.headers[":authority"] = request.hostname + (request.port ? ":" + request.port : ""); - } else if (!request.headers["host"]) { - let host = request.hostname; - if (request.port != null) host += `:${request.port}`; - request.headers["host"] = host; - } - return next(args); -}, "hostHeaderMiddleware"); -var hostHeaderMiddlewareOptions = { - name: "hostHeaderMiddleware", - step: "build", - priority: "low", - tags: ["HOST"], - override: true +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.getRuntimeConfig = void 0; +const tslib_1 = __nccwpck_require__(4351); +const package_json_1 = tslib_1.__importDefault(__nccwpck_require__(4178)); +const core_1 = __nccwpck_require__(2143); +const util_user_agent_node_1 = __nccwpck_require__(7330); +const config_resolver_1 = __nccwpck_require__(3098); +const core_2 = __nccwpck_require__(5829); +const hash_node_1 = __nccwpck_require__(3081); +const middleware_retry_1 = __nccwpck_require__(6039); +const node_config_provider_1 = __nccwpck_require__(3461); +const node_http_handler_1 = __nccwpck_require__(258); +const util_body_length_node_1 = __nccwpck_require__(8075); +const util_retry_1 = __nccwpck_require__(4902); +const runtimeConfig_shared_1 = __nccwpck_require__(9165); +const smithy_client_1 = __nccwpck_require__(3570); +const util_defaults_mode_node_1 = __nccwpck_require__(2429); +const smithy_client_2 = __nccwpck_require__(3570); +const getRuntimeConfig = (config) => { + (0, smithy_client_2.emitWarningIfUnsupportedVersion)(process.version); + const defaultsMode = (0, util_defaults_mode_node_1.resolveDefaultsModeConfig)(config); + const defaultConfigProvider = () => defaultsMode().then(smithy_client_1.loadConfigsForDefaultMode); + const clientSharedValues = (0, runtimeConfig_shared_1.getRuntimeConfig)(config); + (0, core_1.emitWarningIfUnsupportedVersion)(process.version); + const loaderConfig = { + profile: config?.profile, + logger: clientSharedValues.logger, + }; + return { + ...clientSharedValues, + ...config, + runtime: "node", + defaultsMode, + authSchemePreference: config?.authSchemePreference ?? (0, node_config_provider_1.loadConfig)(core_1.NODE_AUTH_SCHEME_PREFERENCE_OPTIONS, loaderConfig), + bodyLengthChecker: config?.bodyLengthChecker ?? util_body_length_node_1.calculateBodyLength, + defaultUserAgentProvider: config?.defaultUserAgentProvider ?? + (0, util_user_agent_node_1.createDefaultUserAgentProvider)({ serviceId: clientSharedValues.serviceId, clientVersion: package_json_1.default.version }), + httpAuthSchemes: config?.httpAuthSchemes ?? [ + { + schemeId: "aws.auth#sigv4", + identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4") || + (async (idProps) => await config.credentialDefaultProvider(idProps?.__config || {})()), + signer: new core_1.AwsSdkSigV4Signer(), + }, + { + schemeId: "smithy.api#noAuth", + identityProvider: (ipc) => ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})), + signer: new core_2.NoAuthSigner(), + }, + ], + maxAttempts: config?.maxAttempts ?? (0, node_config_provider_1.loadConfig)(middleware_retry_1.NODE_MAX_ATTEMPT_CONFIG_OPTIONS, config), + region: config?.region ?? + (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_REGION_CONFIG_OPTIONS, { ...config_resolver_1.NODE_REGION_CONFIG_FILE_OPTIONS, ...loaderConfig }), + requestHandler: node_http_handler_1.NodeHttpHandler.create(config?.requestHandler ?? defaultConfigProvider), + retryMode: config?.retryMode ?? + (0, node_config_provider_1.loadConfig)({ + ...middleware_retry_1.NODE_RETRY_MODE_CONFIG_OPTIONS, + default: async () => (await defaultConfigProvider()).retryMode || util_retry_1.DEFAULT_RETRY_MODE, + }, config), + sha256: config?.sha256 ?? hash_node_1.Hash.bind(null, "sha256"), + streamCollector: config?.streamCollector ?? node_http_handler_1.streamCollector, + useDualstackEndpoint: config?.useDualstackEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS, loaderConfig), + useFipsEndpoint: config?.useFipsEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS, loaderConfig), + userAgentAppId: config?.userAgentAppId ?? (0, node_config_provider_1.loadConfig)(util_user_agent_node_1.NODE_APP_ID_CONFIG_OPTIONS, loaderConfig), + }; }; -var getHostHeaderPlugin = /* @__PURE__ */ __name((options) => ({ - applyToStack: /* @__PURE__ */ __name((clientStack) => { - clientStack.add(hostHeaderMiddleware(options), hostHeaderMiddlewareOptions); - }, "applyToStack") -}), "getHostHeaderPlugin"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - +exports.getRuntimeConfig = getRuntimeConfig; /***/ }), -/***/ 2098: -/***/ ((module) => { +/***/ 9165: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - getLocationConstraintPlugin: () => getLocationConstraintPlugin, - locationConstraintMiddleware: () => locationConstraintMiddleware, - locationConstraintMiddlewareOptions: () => locationConstraintMiddlewareOptions -}); -module.exports = __toCommonJS(index_exports); -function locationConstraintMiddleware(options) { - return (next) => async (args) => { - const { CreateBucketConfiguration } = args.input; - const region = await options.region(); - if (!CreateBucketConfiguration?.LocationConstraint && !CreateBucketConfiguration?.Location) { - args = { - ...args, - input: { - ...args.input, - CreateBucketConfiguration: region === "us-east-1" ? void 0 : { LocationConstraint: region } - } - }; - } - return next(args); - }; -} -__name(locationConstraintMiddleware, "locationConstraintMiddleware"); -var locationConstraintMiddlewareOptions = { - step: "initialize", - tags: ["LOCATION_CONSTRAINT", "CREATE_BUCKET_CONFIGURATION"], - name: "locationConstraintMiddleware", - override: true +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.getRuntimeConfig = void 0; +const core_1 = __nccwpck_require__(2143); +const core_2 = __nccwpck_require__(5829); +const smithy_client_1 = __nccwpck_require__(3570); +const url_parser_1 = __nccwpck_require__(4681); +const util_base64_1 = __nccwpck_require__(5600); +const util_utf8_1 = __nccwpck_require__(1895); +const httpAuthSchemeProvider_1 = __nccwpck_require__(3061); +const endpointResolver_1 = __nccwpck_require__(8181); +const getRuntimeConfig = (config) => { + return { + apiVersion: "2011-06-15", + base64Decoder: config?.base64Decoder ?? util_base64_1.fromBase64, + base64Encoder: config?.base64Encoder ?? util_base64_1.toBase64, + disableHostPrefix: config?.disableHostPrefix ?? false, + endpointProvider: config?.endpointProvider ?? endpointResolver_1.defaultEndpointResolver, + extensions: config?.extensions ?? [], + httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? httpAuthSchemeProvider_1.defaultSTSHttpAuthSchemeProvider, + httpAuthSchemes: config?.httpAuthSchemes ?? [ + { + schemeId: "aws.auth#sigv4", + identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4"), + signer: new core_1.AwsSdkSigV4Signer(), + }, + { + schemeId: "smithy.api#noAuth", + identityProvider: (ipc) => ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})), + signer: new core_2.NoAuthSigner(), + }, + ], + logger: config?.logger ?? new smithy_client_1.NoOpLogger(), + serviceId: config?.serviceId ?? "STS", + urlParser: config?.urlParser ?? url_parser_1.parseUrl, + utf8Decoder: config?.utf8Decoder ?? util_utf8_1.fromUtf8, + utf8Encoder: config?.utf8Encoder ?? util_utf8_1.toUtf8, + }; }; -var getLocationConstraintPlugin = /* @__PURE__ */ __name((config) => ({ - applyToStack: /* @__PURE__ */ __name((clientStack) => { - clientStack.add(locationConstraintMiddleware(config), locationConstraintMiddlewareOptions); - }, "applyToStack") -}), "getLocationConstraintPlugin"); -// Annotate the CommonJS export names for ESM import in node: +exports.getRuntimeConfig = getRuntimeConfig; -0 && (0); +/***/ }), + +/***/ 9913: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.resolveRuntimeExtensions = void 0; +const region_config_resolver_1 = __nccwpck_require__(6976); +const protocol_http_1 = __nccwpck_require__(4418); +const smithy_client_1 = __nccwpck_require__(3570); +const httpAuthExtensionConfiguration_1 = __nccwpck_require__(1746); +const resolveRuntimeExtensions = (runtimeConfig, extensions) => { + const extensionConfiguration = Object.assign((0, region_config_resolver_1.getAwsRegionExtensionConfiguration)(runtimeConfig), (0, smithy_client_1.getDefaultExtensionConfiguration)(runtimeConfig), (0, protocol_http_1.getHttpHandlerExtensionConfiguration)(runtimeConfig), (0, httpAuthExtensionConfiguration_1.getHttpAuthExtensionConfiguration)(runtimeConfig)); + extensions.forEach((extension) => extension.configure(extensionConfiguration)); + return Object.assign(runtimeConfig, (0, region_config_resolver_1.resolveAwsRegionExtensionConfiguration)(extensionConfiguration), (0, smithy_client_1.resolveDefaultRuntimeConfig)(extensionConfiguration), (0, protocol_http_1.resolveHttpHandlerRuntimeConfig)(extensionConfiguration), (0, httpAuthExtensionConfiguration_1.resolveHttpAuthRuntimeConfig)(extensionConfiguration)); +}; +exports.resolveRuntimeExtensions = resolveRuntimeExtensions; /***/ }), -/***/ 14: +/***/ 6976: /***/ ((module) => { "use strict"; @@ -49634,54 +33545,76 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru // src/index.ts var index_exports = {}; __export(index_exports, { - getLoggerPlugin: () => getLoggerPlugin, - loggerMiddleware: () => loggerMiddleware, - loggerMiddlewareOptions: () => loggerMiddlewareOptions + NODE_REGION_CONFIG_FILE_OPTIONS: () => NODE_REGION_CONFIG_FILE_OPTIONS, + NODE_REGION_CONFIG_OPTIONS: () => NODE_REGION_CONFIG_OPTIONS, + REGION_ENV_NAME: () => REGION_ENV_NAME, + REGION_INI_NAME: () => REGION_INI_NAME, + getAwsRegionExtensionConfiguration: () => getAwsRegionExtensionConfiguration, + resolveAwsRegionExtensionConfiguration: () => resolveAwsRegionExtensionConfiguration, + resolveRegionConfig: () => resolveRegionConfig }); module.exports = __toCommonJS(index_exports); -// src/loggerMiddleware.ts -var loggerMiddleware = /* @__PURE__ */ __name(() => (next, context) => async (args) => { - try { - const response = await next(args); - const { clientName, commandName, logger, dynamoDbDocumentClientOptions = {} } = context; - const { overrideInputFilterSensitiveLog, overrideOutputFilterSensitiveLog } = dynamoDbDocumentClientOptions; - const inputFilterSensitiveLog = overrideInputFilterSensitiveLog ?? context.inputFilterSensitiveLog; - const outputFilterSensitiveLog = overrideOutputFilterSensitiveLog ?? context.outputFilterSensitiveLog; - const { $metadata, ...outputWithoutMetadata } = response.output; - logger?.info?.({ - clientName, - commandName, - input: inputFilterSensitiveLog(args.input), - output: outputFilterSensitiveLog(outputWithoutMetadata), - metadata: $metadata - }); - return response; - } catch (error) { - const { clientName, commandName, logger, dynamoDbDocumentClientOptions = {} } = context; - const { overrideInputFilterSensitiveLog } = dynamoDbDocumentClientOptions; - const inputFilterSensitiveLog = overrideInputFilterSensitiveLog ?? context.inputFilterSensitiveLog; - logger?.error?.({ - clientName, - commandName, - input: inputFilterSensitiveLog(args.input), - error, - metadata: error.$metadata - }); - throw error; - } -}, "loggerMiddleware"); -var loggerMiddlewareOptions = { - name: "loggerMiddleware", - tags: ["LOGGER"], - step: "initialize", - override: true +// src/extensions/index.ts +var getAwsRegionExtensionConfiguration = /* @__PURE__ */ __name((runtimeConfig) => { + return { + setRegion(region) { + runtimeConfig.region = region; + }, + region() { + return runtimeConfig.region; + } + }; +}, "getAwsRegionExtensionConfiguration"); +var resolveAwsRegionExtensionConfiguration = /* @__PURE__ */ __name((awsRegionExtensionConfiguration) => { + return { + region: awsRegionExtensionConfiguration.region() + }; +}, "resolveAwsRegionExtensionConfiguration"); + +// src/regionConfig/config.ts +var REGION_ENV_NAME = "AWS_REGION"; +var REGION_INI_NAME = "region"; +var NODE_REGION_CONFIG_OPTIONS = { + environmentVariableSelector: /* @__PURE__ */ __name((env) => env[REGION_ENV_NAME], "environmentVariableSelector"), + configFileSelector: /* @__PURE__ */ __name((profile) => profile[REGION_INI_NAME], "configFileSelector"), + default: /* @__PURE__ */ __name(() => { + throw new Error("Region is missing"); + }, "default") }; -var getLoggerPlugin = /* @__PURE__ */ __name((options) => ({ - applyToStack: /* @__PURE__ */ __name((clientStack) => { - clientStack.add(loggerMiddleware(), loggerMiddlewareOptions); - }, "applyToStack") -}), "getLoggerPlugin"); +var NODE_REGION_CONFIG_FILE_OPTIONS = { + preferredFile: "credentials" +}; + +// src/regionConfig/isFipsRegion.ts +var isFipsRegion = /* @__PURE__ */ __name((region) => typeof region === "string" && (region.startsWith("fips-") || region.endsWith("-fips")), "isFipsRegion"); + +// src/regionConfig/getRealRegion.ts +var getRealRegion = /* @__PURE__ */ __name((region) => isFipsRegion(region) ? ["fips-aws-global", "aws-fips"].includes(region) ? "us-east-1" : region.replace(/fips-(dkr-|prod-)?|-fips/, "") : region, "getRealRegion"); + +// src/regionConfig/resolveRegionConfig.ts +var resolveRegionConfig = /* @__PURE__ */ __name((input) => { + const { region, useFipsEndpoint } = input; + if (!region) { + throw new Error("Region is missing"); + } + return Object.assign(input, { + region: /* @__PURE__ */ __name(async () => { + if (typeof region === "string") { + return getRealRegion(region); + } + const providedRegion = await region(); + return getRealRegion(providedRegion); + }, "region"), + useFipsEndpoint: /* @__PURE__ */ __name(async () => { + const providedRegion = typeof region === "string" ? region : await region(); + if (isFipsRegion(providedRegion)) { + return true; + } + return typeof useFipsEndpoint !== "function" ? Promise.resolve(!!useFipsEndpoint) : useFipsEndpoint(); + }, "useFipsEndpoint") + }); +}, "resolveRegionConfig"); // Annotate the CommonJS export names for ESM import in node: 0 && (0); @@ -49690,14 +33623,16 @@ var getLoggerPlugin = /* @__PURE__ */ __name((options) => ({ /***/ }), -/***/ 5525: +/***/ 7182: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; +var __create = Object.create; var __defProp = Object.defineProperty; var __getOwnPropDesc = Object.getOwnPropertyDescriptor; var __getOwnPropNames = Object.getOwnPropertyNames; +var __getProtoOf = Object.getPrototypeOf; var __hasOwnProp = Object.prototype.hasOwnProperty; var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); var __export = (target, all) => { @@ -49712,726 +33647,797 @@ var __copyProps = (to, from, except, desc) => { } return to; }; +var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps( + // If the importer is in node compatibility mode or this is not an ESM + // file that has been converted to a CommonJS file using a Babel- + // compatible transform (i.e. "__esModule" has not been set), then set + // "default" to the CommonJS "module.exports" for node compatibility. + isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target, + mod +)); var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); // src/index.ts var index_exports = {}; __export(index_exports, { - addRecursionDetectionMiddlewareOptions: () => addRecursionDetectionMiddlewareOptions, - getRecursionDetectionPlugin: () => getRecursionDetectionPlugin, - recursionDetectionMiddleware: () => recursionDetectionMiddleware + fromEnvSigningName: () => fromEnvSigningName, + fromSso: () => fromSso, + fromStatic: () => fromStatic, + nodeProvider: () => nodeProvider }); module.exports = __toCommonJS(index_exports); -var import_protocol_http = __nccwpck_require__(4418); -var TRACE_ID_HEADER_NAME = "X-Amzn-Trace-Id"; -var ENV_LAMBDA_FUNCTION_NAME = "AWS_LAMBDA_FUNCTION_NAME"; -var ENV_TRACE_ID = "_X_AMZN_TRACE_ID"; -var recursionDetectionMiddleware = /* @__PURE__ */ __name((options) => (next) => async (args) => { - const { request } = args; - if (!import_protocol_http.HttpRequest.isInstance(request) || options.runtime !== "node") { - return next(args); - } - const traceIdHeader = Object.keys(request.headers ?? {}).find((h) => h.toLowerCase() === TRACE_ID_HEADER_NAME.toLowerCase()) ?? TRACE_ID_HEADER_NAME; - if (request.headers.hasOwnProperty(traceIdHeader)) { - return next(args); + +// src/fromEnvSigningName.ts +var import_client = __nccwpck_require__(6510); +var import_httpAuthSchemes = __nccwpck_require__(3017); +var import_property_provider = __nccwpck_require__(9721); +var fromEnvSigningName = /* @__PURE__ */ __name(({ logger, signingName } = {}) => async () => { + logger?.debug?.("@aws-sdk/token-providers - fromEnvSigningName"); + if (!signingName) { + throw new import_property_provider.TokenProviderError("Please pass 'signingName' to compute environment variable key", { logger }); } - const functionName = process.env[ENV_LAMBDA_FUNCTION_NAME]; - const traceId = process.env[ENV_TRACE_ID]; - const nonEmptyString = /* @__PURE__ */ __name((str) => typeof str === "string" && str.length > 0, "nonEmptyString"); - if (nonEmptyString(functionName) && nonEmptyString(traceId)) { - request.headers[TRACE_ID_HEADER_NAME] = traceId; + const bearerTokenKey = (0, import_httpAuthSchemes.getBearerTokenEnvKey)(signingName); + if (!(bearerTokenKey in process.env)) { + throw new import_property_provider.TokenProviderError(`Token not present in '${bearerTokenKey}' environment variable`, { logger }); } - return next({ - ...args, - request - }); -}, "recursionDetectionMiddleware"); -var addRecursionDetectionMiddlewareOptions = { - step: "build", - tags: ["RECURSION_DETECTION"], - name: "recursionDetectionMiddleware", - override: true, - priority: "low" -}; -var getRecursionDetectionPlugin = /* @__PURE__ */ __name((options) => ({ - applyToStack: /* @__PURE__ */ __name((clientStack) => { - clientStack.add(recursionDetectionMiddleware(options), addRecursionDetectionMiddlewareOptions); - }, "applyToStack") -}), "getRecursionDetectionPlugin"); -// Annotate the CommonJS export names for ESM import in node: + const token = { token: process.env[bearerTokenKey] }; + (0, import_client.setTokenFeature)(token, "BEARER_SERVICE_ENV_VARS", "3"); + return token; +}, "fromEnvSigningName"); -0 && (0); +// src/fromSso.ts -/***/ }), +// src/constants.ts +var EXPIRE_WINDOW_MS = 5 * 60 * 1e3; +var REFRESH_MESSAGE = `To refresh this SSO session run 'aws sso login' with the corresponding profile.`; -/***/ 1139: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +// src/getSsoOidcClient.ts +var getSsoOidcClient = /* @__PURE__ */ __name(async (ssoRegion, init = {}) => { + const { SSOOIDCClient } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(8959))); + const ssoOidcClient = new SSOOIDCClient( + Object.assign({}, init.clientConfig ?? {}, { + region: ssoRegion ?? init.clientConfig?.region, + logger: init.clientConfig?.logger ?? init.parentClientConfig?.logger + }) + ); + return ssoOidcClient; +}, "getSsoOidcClient"); -"use strict"; +// src/getNewSsoOidcToken.ts +var getNewSsoOidcToken = /* @__PURE__ */ __name(async (ssoToken, ssoRegion, init = {}) => { + const { CreateTokenCommand } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(8959))); + const ssoOidcClient = await getSsoOidcClient(ssoRegion, init); + return ssoOidcClient.send( + new CreateTokenCommand({ + clientId: ssoToken.clientId, + clientSecret: ssoToken.clientSecret, + refreshToken: ssoToken.refreshToken, + grantType: "refresh_token" + }) + ); +}, "getNewSsoOidcToken"); -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); +// src/validateTokenExpiry.ts + +var validateTokenExpiry = /* @__PURE__ */ __name((token) => { + if (token.expiration && token.expiration.getTime() < Date.now()) { + throw new import_property_provider.TokenProviderError(`Token is expired. ${REFRESH_MESSAGE}`, false); } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); +}, "validateTokenExpiry"); -// src/index.ts -var index_exports = {}; -__export(index_exports, { - NODE_DISABLE_S3_EXPRESS_SESSION_AUTH_OPTIONS: () => NODE_DISABLE_S3_EXPRESS_SESSION_AUTH_OPTIONS, - S3ExpressIdentityCache: () => S3ExpressIdentityCache, - S3ExpressIdentityCacheEntry: () => S3ExpressIdentityCacheEntry, - S3ExpressIdentityProviderImpl: () => S3ExpressIdentityProviderImpl, - SignatureV4S3Express: () => SignatureV4S3Express, - checkContentLengthHeader: () => checkContentLengthHeader, - checkContentLengthHeaderMiddlewareOptions: () => checkContentLengthHeaderMiddlewareOptions, - getCheckContentLengthHeaderPlugin: () => getCheckContentLengthHeaderPlugin, - getRegionRedirectMiddlewarePlugin: () => getRegionRedirectMiddlewarePlugin, - getS3ExpiresMiddlewarePlugin: () => getS3ExpiresMiddlewarePlugin, - getS3ExpressHttpSigningPlugin: () => getS3ExpressHttpSigningPlugin, - getS3ExpressPlugin: () => getS3ExpressPlugin, - getThrow200ExceptionsPlugin: () => getThrow200ExceptionsPlugin, - getValidateBucketNamePlugin: () => getValidateBucketNamePlugin, - regionRedirectEndpointMiddleware: () => regionRedirectEndpointMiddleware, - regionRedirectEndpointMiddlewareOptions: () => regionRedirectEndpointMiddlewareOptions, - regionRedirectMiddleware: () => regionRedirectMiddleware, - regionRedirectMiddlewareOptions: () => regionRedirectMiddlewareOptions, - resolveS3Config: () => resolveS3Config, - s3ExpiresMiddleware: () => s3ExpiresMiddleware, - s3ExpiresMiddlewareOptions: () => s3ExpiresMiddlewareOptions, - s3ExpressHttpSigningMiddleware: () => s3ExpressHttpSigningMiddleware, - s3ExpressHttpSigningMiddlewareOptions: () => s3ExpressHttpSigningMiddlewareOptions, - s3ExpressMiddleware: () => s3ExpressMiddleware, - s3ExpressMiddlewareOptions: () => s3ExpressMiddlewareOptions, - throw200ExceptionsMiddleware: () => throw200ExceptionsMiddleware, - throw200ExceptionsMiddlewareOptions: () => throw200ExceptionsMiddlewareOptions, - validateBucketNameMiddleware: () => validateBucketNameMiddleware, - validateBucketNameMiddlewareOptions: () => validateBucketNameMiddlewareOptions -}); -module.exports = __toCommonJS(index_exports); +// src/validateTokenKey.ts -// src/check-content-length-header.ts -var import_protocol_http = __nccwpck_require__(4418); -var import_smithy_client = __nccwpck_require__(3570); -var CONTENT_LENGTH_HEADER = "content-length"; -var DECODED_CONTENT_LENGTH_HEADER = "x-amz-decoded-content-length"; -function checkContentLengthHeader() { - return (next, context) => async (args) => { - const { request } = args; - if (import_protocol_http.HttpRequest.isInstance(request)) { - if (!(CONTENT_LENGTH_HEADER in request.headers) && !(DECODED_CONTENT_LENGTH_HEADER in request.headers)) { - const message = `Are you using a Stream of unknown length as the Body of a PutObject request? Consider using Upload instead from @aws-sdk/lib-storage.`; - if (typeof context?.logger?.warn === "function" && !(context.logger instanceof import_smithy_client.NoOpLogger)) { - context.logger.warn(message); - } else { - console.warn(message); - } - } +var validateTokenKey = /* @__PURE__ */ __name((key, value, forRefresh = false) => { + if (typeof value === "undefined") { + throw new import_property_provider.TokenProviderError( + `Value not present for '${key}' in SSO Token${forRefresh ? ". Cannot refresh" : ""}. ${REFRESH_MESSAGE}`, + false + ); + } +}, "validateTokenKey"); + +// src/writeSSOTokenToFile.ts +var import_shared_ini_file_loader = __nccwpck_require__(3507); +var import_fs = __nccwpck_require__(7147); +var { writeFile } = import_fs.promises; +var writeSSOTokenToFile = /* @__PURE__ */ __name((id, ssoToken) => { + const tokenFilepath = (0, import_shared_ini_file_loader.getSSOTokenFilepath)(id); + const tokenString = JSON.stringify(ssoToken, null, 2); + return writeFile(tokenFilepath, tokenString); +}, "writeSSOTokenToFile"); + +// src/fromSso.ts +var lastRefreshAttemptTime = /* @__PURE__ */ new Date(0); +var fromSso = /* @__PURE__ */ __name((_init = {}) => async ({ callerClientConfig } = {}) => { + const init = { + ..._init, + parentClientConfig: { + ...callerClientConfig, + ..._init.parentClientConfig } - return next({ ...args }); }; -} -__name(checkContentLengthHeader, "checkContentLengthHeader"); -var checkContentLengthHeaderMiddlewareOptions = { - step: "finalizeRequest", - tags: ["CHECK_CONTENT_LENGTH_HEADER"], - name: "getCheckContentLengthHeaderPlugin", - override: true -}; -var getCheckContentLengthHeaderPlugin = /* @__PURE__ */ __name((unused) => ({ - applyToStack: /* @__PURE__ */ __name((clientStack) => { - clientStack.add(checkContentLengthHeader(), checkContentLengthHeaderMiddlewareOptions); - }, "applyToStack") -}), "getCheckContentLengthHeaderPlugin"); - -// src/region-redirect-endpoint-middleware.ts -var regionRedirectEndpointMiddleware = /* @__PURE__ */ __name((config) => { - return (next, context) => async (args) => { - const originalRegion = await config.region(); - const regionProviderRef = config.region; - let unlock = /* @__PURE__ */ __name(() => { - }, "unlock"); - if (context.__s3RegionRedirect) { - Object.defineProperty(config, "region", { - writable: false, - value: /* @__PURE__ */ __name(async () => { - return context.__s3RegionRedirect; - }, "value") - }); - unlock = /* @__PURE__ */ __name(() => Object.defineProperty(config, "region", { - writable: true, - value: regionProviderRef - }), "unlock"); + init.logger?.debug("@aws-sdk/token-providers - fromSso"); + const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init); + const profileName = (0, import_shared_ini_file_loader.getProfileName)({ + profile: init.profile ?? callerClientConfig?.profile + }); + const profile = profiles[profileName]; + if (!profile) { + throw new import_property_provider.TokenProviderError(`Profile '${profileName}' could not be found in shared credentials file.`, false); + } else if (!profile["sso_session"]) { + throw new import_property_provider.TokenProviderError(`Profile '${profileName}' is missing required property 'sso_session'.`); + } + const ssoSessionName = profile["sso_session"]; + const ssoSessions = await (0, import_shared_ini_file_loader.loadSsoSessionData)(init); + const ssoSession = ssoSessions[ssoSessionName]; + if (!ssoSession) { + throw new import_property_provider.TokenProviderError( + `Sso session '${ssoSessionName}' could not be found in shared credentials file.`, + false + ); + } + for (const ssoSessionRequiredKey of ["sso_start_url", "sso_region"]) { + if (!ssoSession[ssoSessionRequiredKey]) { + throw new import_property_provider.TokenProviderError( + `Sso session '${ssoSessionName}' is missing required property '${ssoSessionRequiredKey}'.`, + false + ); } + } + const ssoStartUrl = ssoSession["sso_start_url"]; + const ssoRegion = ssoSession["sso_region"]; + let ssoToken; + try { + ssoToken = await (0, import_shared_ini_file_loader.getSSOTokenFromFile)(ssoSessionName); + } catch (e) { + throw new import_property_provider.TokenProviderError( + `The SSO session token associated with profile=${profileName} was not found or is invalid. ${REFRESH_MESSAGE}`, + false + ); + } + validateTokenKey("accessToken", ssoToken.accessToken); + validateTokenKey("expiresAt", ssoToken.expiresAt); + const { accessToken, expiresAt } = ssoToken; + const existingToken = { token: accessToken, expiration: new Date(expiresAt) }; + if (existingToken.expiration.getTime() - Date.now() > EXPIRE_WINDOW_MS) { + return existingToken; + } + if (Date.now() - lastRefreshAttemptTime.getTime() < 30 * 1e3) { + validateTokenExpiry(existingToken); + return existingToken; + } + validateTokenKey("clientId", ssoToken.clientId, true); + validateTokenKey("clientSecret", ssoToken.clientSecret, true); + validateTokenKey("refreshToken", ssoToken.refreshToken, true); + try { + lastRefreshAttemptTime.setTime(Date.now()); + const newSsoOidcToken = await getNewSsoOidcToken(ssoToken, ssoRegion, init); + validateTokenKey("accessToken", newSsoOidcToken.accessToken); + validateTokenKey("expiresIn", newSsoOidcToken.expiresIn); + const newTokenExpiration = new Date(Date.now() + newSsoOidcToken.expiresIn * 1e3); try { - const result = await next(args); - if (context.__s3RegionRedirect) { - unlock(); - const region = await config.region(); - if (originalRegion !== region) { - throw new Error("Region was not restored following S3 region redirect."); - } - } - return result; - } catch (e) { - unlock(); - throw e; + await writeSSOTokenToFile(ssoSessionName, { + ...ssoToken, + accessToken: newSsoOidcToken.accessToken, + expiresAt: newTokenExpiration.toISOString(), + refreshToken: newSsoOidcToken.refreshToken + }); + } catch (error) { } - }; -}, "regionRedirectEndpointMiddleware"); -var regionRedirectEndpointMiddlewareOptions = { - tags: ["REGION_REDIRECT", "S3"], - name: "regionRedirectEndpointMiddleware", - override: true, - relation: "before", - toMiddleware: "endpointV2Middleware" -}; + return { + token: newSsoOidcToken.accessToken, + expiration: newTokenExpiration + }; + } catch (error) { + validateTokenExpiry(existingToken); + return existingToken; + } +}, "fromSso"); + +// src/fromStatic.ts + +var fromStatic = /* @__PURE__ */ __name(({ token, logger }) => async () => { + logger?.debug("@aws-sdk/token-providers - fromStatic"); + if (!token || !token.token) { + throw new import_property_provider.TokenProviderError(`Please pass a valid token to fromStatic`, false); + } + return token; +}, "fromStatic"); + +// src/nodeProvider.ts + +var nodeProvider = /* @__PURE__ */ __name((init = {}) => (0, import_property_provider.memoize)( + (0, import_property_provider.chain)(fromSso(init), async () => { + throw new import_property_provider.TokenProviderError("Could not load token from any providers", false); + }), + (token) => token.expiration !== void 0 && token.expiration.getTime() - Date.now() < 3e5, + (token) => token.expiration !== void 0 +), "nodeProvider"); +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); + + + +/***/ }), -// src/region-redirect-middleware.ts -function regionRedirectMiddleware(clientConfig) { - return (next, context) => async (args) => { - try { - return await next(args); - } catch (err) { - if (clientConfig.followRegionRedirects) { - if (err?.$metadata?.httpStatusCode === 301 || // err.name === "PermanentRedirect" && --> removing the error name check, as that allows for HEAD operations (which have the 301 status code, but not the same error name) to be covered for region redirection as well - err?.$metadata?.httpStatusCode === 400 && err?.name === "IllegalLocationConstraintException") { - try { - const actualRegion = err.$response.headers["x-amz-bucket-region"]; - context.logger?.debug(`Redirecting from ${await clientConfig.region()} to ${actualRegion}`); - context.__s3RegionRedirect = actualRegion; - } catch (e) { - throw new Error("Region redirect failed: " + e); - } - return next(args); - } - } - throw err; - } - }; -} -__name(regionRedirectMiddleware, "regionRedirectMiddleware"); -var regionRedirectMiddlewareOptions = { - step: "initialize", - tags: ["REGION_REDIRECT", "S3"], - name: "regionRedirectMiddleware", - override: true +/***/ 4241: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +"use strict"; + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); }; -var getRegionRedirectMiddlewarePlugin = /* @__PURE__ */ __name((clientConfig) => ({ - applyToStack: /* @__PURE__ */ __name((clientStack) => { - clientStack.add(regionRedirectMiddleware(clientConfig), regionRedirectMiddlewareOptions); - clientStack.addRelativeTo(regionRedirectEndpointMiddleware(clientConfig), regionRedirectEndpointMiddlewareOptions); - }, "applyToStack") -}), "getRegionRedirectMiddlewarePlugin"); +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + } + return to; +}; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -// src/s3-expires-middleware.ts +// src/index.ts +var index_exports = {}; +__export(index_exports, { + ConditionObject: () => import_util_endpoints.ConditionObject, + DeprecatedObject: () => import_util_endpoints.DeprecatedObject, + EndpointError: () => import_util_endpoints.EndpointError, + EndpointObject: () => import_util_endpoints.EndpointObject, + EndpointObjectHeaders: () => import_util_endpoints.EndpointObjectHeaders, + EndpointObjectProperties: () => import_util_endpoints.EndpointObjectProperties, + EndpointParams: () => import_util_endpoints.EndpointParams, + EndpointResolverOptions: () => import_util_endpoints.EndpointResolverOptions, + EndpointRuleObject: () => import_util_endpoints.EndpointRuleObject, + ErrorRuleObject: () => import_util_endpoints.ErrorRuleObject, + EvaluateOptions: () => import_util_endpoints.EvaluateOptions, + Expression: () => import_util_endpoints.Expression, + FunctionArgv: () => import_util_endpoints.FunctionArgv, + FunctionObject: () => import_util_endpoints.FunctionObject, + FunctionReturn: () => import_util_endpoints.FunctionReturn, + ParameterObject: () => import_util_endpoints.ParameterObject, + ReferenceObject: () => import_util_endpoints.ReferenceObject, + ReferenceRecord: () => import_util_endpoints.ReferenceRecord, + RuleSetObject: () => import_util_endpoints.RuleSetObject, + RuleSetRules: () => import_util_endpoints.RuleSetRules, + TreeRuleObject: () => import_util_endpoints.TreeRuleObject, + awsEndpointFunctions: () => awsEndpointFunctions, + getUserAgentPrefix: () => getUserAgentPrefix, + isIpAddress: () => import_util_endpoints.isIpAddress, + partition: () => partition, + resolveDefaultAwsRegionalEndpointsConfig: () => resolveDefaultAwsRegionalEndpointsConfig, + resolveEndpoint: () => import_util_endpoints.resolveEndpoint, + setPartitionInfo: () => setPartitionInfo, + toEndpointV1: () => toEndpointV1, + useDefaultPartitionInfo: () => useDefaultPartitionInfo +}); +module.exports = __toCommonJS(index_exports); +// src/aws.ts -var s3ExpiresMiddleware = /* @__PURE__ */ __name((config) => { - return (next, context) => async (args) => { - const result = await next(args); - const { response } = result; - if (import_protocol_http.HttpResponse.isInstance(response)) { - if (response.headers.expires) { - response.headers.expiresstring = response.headers.expires; - try { - (0, import_smithy_client.parseRfc7231DateTime)(response.headers.expires); - } catch (e) { - context.logger?.warn( - `AWS SDK Warning for ${context.clientName}::${context.commandName} response parsing (${response.headers.expires}): ${e}` - ); - delete response.headers.expires; - } + +// src/lib/aws/isVirtualHostableS3Bucket.ts + + +// src/lib/isIpAddress.ts +var import_util_endpoints = __nccwpck_require__(5473); + +// src/lib/aws/isVirtualHostableS3Bucket.ts +var isVirtualHostableS3Bucket = /* @__PURE__ */ __name((value, allowSubDomains = false) => { + if (allowSubDomains) { + for (const label of value.split(".")) { + if (!isVirtualHostableS3Bucket(label)) { + return false; } } - return result; - }; -}, "s3ExpiresMiddleware"); -var s3ExpiresMiddlewareOptions = { - tags: ["S3"], - name: "s3ExpiresMiddleware", - override: true, - relation: "after", - toMiddleware: "deserializerMiddleware" -}; -var getS3ExpiresMiddlewarePlugin = /* @__PURE__ */ __name((clientConfig) => ({ - applyToStack: /* @__PURE__ */ __name((clientStack) => { - clientStack.addRelativeTo(s3ExpiresMiddleware(clientConfig), s3ExpiresMiddlewareOptions); - }, "applyToStack") -}), "getS3ExpiresMiddlewarePlugin"); - -// src/s3-express/classes/S3ExpressIdentityCache.ts -var S3ExpressIdentityCache = class _S3ExpressIdentityCache { - constructor(data = {}) { - this.data = data; + return true; } - static { - __name(this, "S3ExpressIdentityCache"); + if (!(0, import_util_endpoints.isValidHostLabel)(value)) { + return false; } - lastPurgeTime = Date.now(); - static EXPIRED_CREDENTIAL_PURGE_INTERVAL_MS = 3e4; - get(key) { - const entry = this.data[key]; - if (!entry) { - return; - } - return entry; + if (value.length < 3 || value.length > 63) { + return false; } - set(key, entry) { - this.data[key] = entry; - return entry; + if (value !== value.toLowerCase()) { + return false; } - delete(key) { - delete this.data[key]; + if ((0, import_util_endpoints.isIpAddress)(value)) { + return false; } - async purgeExpired() { - const now = Date.now(); - if (this.lastPurgeTime + _S3ExpressIdentityCache.EXPIRED_CREDENTIAL_PURGE_INTERVAL_MS > now) { - return; + return true; +}, "isVirtualHostableS3Bucket"); + +// src/lib/aws/parseArn.ts +var ARN_DELIMITER = ":"; +var RESOURCE_DELIMITER = "/"; +var parseArn = /* @__PURE__ */ __name((value) => { + const segments = value.split(ARN_DELIMITER); + if (segments.length < 6) return null; + const [arn, partition2, service, region, accountId, ...resourcePath] = segments; + if (arn !== "arn" || partition2 === "" || service === "" || resourcePath.join(ARN_DELIMITER) === "") return null; + const resourceId = resourcePath.map((resource) => resource.split(RESOURCE_DELIMITER)).flat(); + return { + partition: partition2, + service, + region, + accountId, + resourceId + }; +}, "parseArn"); + +// src/lib/aws/partitions.json +var partitions_default = { + partitions: [{ + id: "aws", + outputs: { + dnsSuffix: "amazonaws.com", + dualStackDnsSuffix: "api.aws", + implicitGlobalRegion: "us-east-1", + name: "aws", + supportsDualStack: true, + supportsFIPS: true + }, + regionRegex: "^(us|eu|ap|sa|ca|me|af|il|mx)\\-\\w+\\-\\d+$", + regions: { + "af-south-1": { + description: "Africa (Cape Town)" + }, + "ap-east-1": { + description: "Asia Pacific (Hong Kong)" + }, + "ap-east-2": { + description: "Asia Pacific (Taipei)" + }, + "ap-northeast-1": { + description: "Asia Pacific (Tokyo)" + }, + "ap-northeast-2": { + description: "Asia Pacific (Seoul)" + }, + "ap-northeast-3": { + description: "Asia Pacific (Osaka)" + }, + "ap-south-1": { + description: "Asia Pacific (Mumbai)" + }, + "ap-south-2": { + description: "Asia Pacific (Hyderabad)" + }, + "ap-southeast-1": { + description: "Asia Pacific (Singapore)" + }, + "ap-southeast-2": { + description: "Asia Pacific (Sydney)" + }, + "ap-southeast-3": { + description: "Asia Pacific (Jakarta)" + }, + "ap-southeast-4": { + description: "Asia Pacific (Melbourne)" + }, + "ap-southeast-5": { + description: "Asia Pacific (Malaysia)" + }, + "ap-southeast-7": { + description: "Asia Pacific (Thailand)" + }, + "aws-global": { + description: "AWS Standard global region" + }, + "ca-central-1": { + description: "Canada (Central)" + }, + "ca-west-1": { + description: "Canada West (Calgary)" + }, + "eu-central-1": { + description: "Europe (Frankfurt)" + }, + "eu-central-2": { + description: "Europe (Zurich)" + }, + "eu-north-1": { + description: "Europe (Stockholm)" + }, + "eu-south-1": { + description: "Europe (Milan)" + }, + "eu-south-2": { + description: "Europe (Spain)" + }, + "eu-west-1": { + description: "Europe (Ireland)" + }, + "eu-west-2": { + description: "Europe (London)" + }, + "eu-west-3": { + description: "Europe (Paris)" + }, + "il-central-1": { + description: "Israel (Tel Aviv)" + }, + "me-central-1": { + description: "Middle East (UAE)" + }, + "me-south-1": { + description: "Middle East (Bahrain)" + }, + "mx-central-1": { + description: "Mexico (Central)" + }, + "sa-east-1": { + description: "South America (Sao Paulo)" + }, + "us-east-1": { + description: "US East (N. Virginia)" + }, + "us-east-2": { + description: "US East (Ohio)" + }, + "us-west-1": { + description: "US West (N. California)" + }, + "us-west-2": { + description: "US West (Oregon)" + } } - for (const key in this.data) { - const entry = this.data[key]; - if (!entry.isRefreshing) { - const credential = await entry.identity; - if (credential.expiration) { - if (credential.expiration.getTime() < now) { - delete this.data[key]; - } - } + }, { + id: "aws-cn", + outputs: { + dnsSuffix: "amazonaws.com.cn", + dualStackDnsSuffix: "api.amazonwebservices.com.cn", + implicitGlobalRegion: "cn-northwest-1", + name: "aws-cn", + supportsDualStack: true, + supportsFIPS: true + }, + regionRegex: "^cn\\-\\w+\\-\\d+$", + regions: { + "aws-cn-global": { + description: "AWS China global region" + }, + "cn-north-1": { + description: "China (Beijing)" + }, + "cn-northwest-1": { + description: "China (Ningxia)" } } - } -}; - -// src/s3-express/classes/S3ExpressIdentityCacheEntry.ts -var S3ExpressIdentityCacheEntry = class { - /** - * @param identity - stored identity. - * @param accessed - timestamp of last access in epoch ms. - * @param isRefreshing - this key is currently in the process of being refreshed (background). - */ - constructor(_identity, isRefreshing = false, accessed = Date.now()) { - this._identity = _identity; - this.isRefreshing = isRefreshing; - this.accessed = accessed; - } - static { - __name(this, "S3ExpressIdentityCacheEntry"); - } - get identity() { - this.accessed = Date.now(); - return this._identity; - } + }, { + id: "aws-us-gov", + outputs: { + dnsSuffix: "amazonaws.com", + dualStackDnsSuffix: "api.aws", + implicitGlobalRegion: "us-gov-west-1", + name: "aws-us-gov", + supportsDualStack: true, + supportsFIPS: true + }, + regionRegex: "^us\\-gov\\-\\w+\\-\\d+$", + regions: { + "aws-us-gov-global": { + description: "AWS GovCloud (US) global region" + }, + "us-gov-east-1": { + description: "AWS GovCloud (US-East)" + }, + "us-gov-west-1": { + description: "AWS GovCloud (US-West)" + } + } + }, { + id: "aws-iso", + outputs: { + dnsSuffix: "c2s.ic.gov", + dualStackDnsSuffix: "c2s.ic.gov", + implicitGlobalRegion: "us-iso-east-1", + name: "aws-iso", + supportsDualStack: false, + supportsFIPS: true + }, + regionRegex: "^us\\-iso\\-\\w+\\-\\d+$", + regions: { + "aws-iso-global": { + description: "AWS ISO (US) global region" + }, + "us-iso-east-1": { + description: "US ISO East" + }, + "us-iso-west-1": { + description: "US ISO WEST" + } + } + }, { + id: "aws-iso-b", + outputs: { + dnsSuffix: "sc2s.sgov.gov", + dualStackDnsSuffix: "sc2s.sgov.gov", + implicitGlobalRegion: "us-isob-east-1", + name: "aws-iso-b", + supportsDualStack: false, + supportsFIPS: true + }, + regionRegex: "^us\\-isob\\-\\w+\\-\\d+$", + regions: { + "aws-iso-b-global": { + description: "AWS ISOB (US) global region" + }, + "us-isob-east-1": { + description: "US ISOB East (Ohio)" + } + } + }, { + id: "aws-iso-e", + outputs: { + dnsSuffix: "cloud.adc-e.uk", + dualStackDnsSuffix: "cloud.adc-e.uk", + implicitGlobalRegion: "eu-isoe-west-1", + name: "aws-iso-e", + supportsDualStack: false, + supportsFIPS: true + }, + regionRegex: "^eu\\-isoe\\-\\w+\\-\\d+$", + regions: { + "aws-iso-e-global": { + description: "AWS ISOE (Europe) global region" + }, + "eu-isoe-west-1": { + description: "EU ISOE West" + } + } + }, { + id: "aws-iso-f", + outputs: { + dnsSuffix: "csp.hci.ic.gov", + dualStackDnsSuffix: "csp.hci.ic.gov", + implicitGlobalRegion: "us-isof-south-1", + name: "aws-iso-f", + supportsDualStack: false, + supportsFIPS: true + }, + regionRegex: "^us\\-isof\\-\\w+\\-\\d+$", + regions: { + "aws-iso-f-global": { + description: "AWS ISOF global region" + }, + "us-isof-east-1": { + description: "US ISOF EAST" + }, + "us-isof-south-1": { + description: "US ISOF SOUTH" + } + } + }, { + id: "aws-eusc", + outputs: { + dnsSuffix: "amazonaws.eu", + dualStackDnsSuffix: "amazonaws.eu", + implicitGlobalRegion: "eusc-de-east-1", + name: "aws-eusc", + supportsDualStack: false, + supportsFIPS: true + }, + regionRegex: "^eusc\\-(de)\\-\\w+\\-\\d+$", + regions: { + "eusc-de-east-1": { + description: "EU (Germany)" + } + } + }], + version: "1.1" }; -// src/s3-express/classes/S3ExpressIdentityProviderImpl.ts -var S3ExpressIdentityProviderImpl = class _S3ExpressIdentityProviderImpl { - constructor(createSessionFn, cache = new S3ExpressIdentityCache()) { - this.createSessionFn = createSessionFn; - this.cache = cache; - } - static { - __name(this, "S3ExpressIdentityProviderImpl"); - } - static REFRESH_WINDOW_MS = 6e4; - async getS3ExpressIdentity(awsIdentity, identityProperties) { - const key = identityProperties.Bucket; - const { cache } = this; - const entry = cache.get(key); - if (entry) { - return entry.identity.then((identity) => { - const isExpired = (identity.expiration?.getTime() ?? 0) < Date.now(); - if (isExpired) { - return cache.set(key, new S3ExpressIdentityCacheEntry(this.getIdentity(key))).identity; - } - const isExpiringSoon = (identity.expiration?.getTime() ?? 0) < Date.now() + _S3ExpressIdentityProviderImpl.REFRESH_WINDOW_MS; - if (isExpiringSoon && !entry.isRefreshing) { - entry.isRefreshing = true; - this.getIdentity(key).then((id) => { - cache.set(key, new S3ExpressIdentityCacheEntry(Promise.resolve(id))); - }); - } - return identity; - }); +// src/lib/aws/partition.ts +var selectedPartitionsInfo = partitions_default; +var selectedUserAgentPrefix = ""; +var partition = /* @__PURE__ */ __name((value) => { + const { partitions } = selectedPartitionsInfo; + for (const partition2 of partitions) { + const { regions, outputs } = partition2; + for (const [region, regionData] of Object.entries(regions)) { + if (region === value) { + return { + ...outputs, + ...regionData + }; + } } - return cache.set(key, new S3ExpressIdentityCacheEntry(this.getIdentity(key))).identity; } - async getIdentity(key) { - await this.cache.purgeExpired().catch((error) => { - console.warn("Error while clearing expired entries in S3ExpressIdentityCache: \n" + error); - }); - const session = await this.createSessionFn(key); - if (!session.Credentials?.AccessKeyId || !session.Credentials?.SecretAccessKey) { - throw new Error("s3#createSession response credential missing AccessKeyId or SecretAccessKey."); + for (const partition2 of partitions) { + const { regionRegex, outputs } = partition2; + if (new RegExp(regionRegex).test(value)) { + return { + ...outputs + }; } - const identity = { - accessKeyId: session.Credentials.AccessKeyId, - secretAccessKey: session.Credentials.SecretAccessKey, - sessionToken: session.Credentials.SessionToken, - expiration: session.Credentials.Expiration ? new Date(session.Credentials.Expiration) : void 0 - }; - return identity; } -}; - -// src/s3-express/classes/SignatureV4S3Express.ts -var import_signature_v4 = __nccwpck_require__(1528); + const DEFAULT_PARTITION = partitions.find((partition2) => partition2.id === "aws"); + if (!DEFAULT_PARTITION) { + throw new Error( + "Provided region was not found in the partition array or regex, and default partition with id 'aws' doesn't exist." + ); + } + return { + ...DEFAULT_PARTITION.outputs + }; +}, "partition"); +var setPartitionInfo = /* @__PURE__ */ __name((partitionsInfo, userAgentPrefix = "") => { + selectedPartitionsInfo = partitionsInfo; + selectedUserAgentPrefix = userAgentPrefix; +}, "setPartitionInfo"); +var useDefaultPartitionInfo = /* @__PURE__ */ __name(() => { + setPartitionInfo(partitions_default, ""); +}, "useDefaultPartitionInfo"); +var getUserAgentPrefix = /* @__PURE__ */ __name(() => selectedUserAgentPrefix, "getUserAgentPrefix"); -// src/s3-express/constants.ts -var import_util_config_provider = __nccwpck_require__(3375); -var S3_EXPRESS_BUCKET_TYPE = "Directory"; -var S3_EXPRESS_BACKEND = "S3Express"; -var S3_EXPRESS_AUTH_SCHEME = "sigv4-s3express"; -var SESSION_TOKEN_QUERY_PARAM = "X-Amz-S3session-Token"; -var SESSION_TOKEN_HEADER = SESSION_TOKEN_QUERY_PARAM.toLowerCase(); -var NODE_DISABLE_S3_EXPRESS_SESSION_AUTH_ENV_NAME = "AWS_S3_DISABLE_EXPRESS_SESSION_AUTH"; -var NODE_DISABLE_S3_EXPRESS_SESSION_AUTH_INI_NAME = "s3_disable_express_session_auth"; -var NODE_DISABLE_S3_EXPRESS_SESSION_AUTH_OPTIONS = { - environmentVariableSelector: /* @__PURE__ */ __name((env) => (0, import_util_config_provider.booleanSelector)(env, NODE_DISABLE_S3_EXPRESS_SESSION_AUTH_ENV_NAME, import_util_config_provider.SelectorType.ENV), "environmentVariableSelector"), - configFileSelector: /* @__PURE__ */ __name((profile) => (0, import_util_config_provider.booleanSelector)(profile, NODE_DISABLE_S3_EXPRESS_SESSION_AUTH_INI_NAME, import_util_config_provider.SelectorType.CONFIG), "configFileSelector"), - default: false +// src/aws.ts +var awsEndpointFunctions = { + isVirtualHostableS3Bucket, + parseArn, + partition }; +import_util_endpoints.customEndpointFunctions.aws = awsEndpointFunctions; -// src/s3-express/classes/SignatureV4S3Express.ts -var SignatureV4S3Express = class extends import_signature_v4.SignatureV4 { - static { - __name(this, "SignatureV4S3Express"); - } - /** - * Signs with alternate provided credentials instead of those provided in the - * constructor. - * - * Additionally omits the credential sessionToken and assigns it to the - * alternate header field for S3 Express. - */ - async signWithCredentials(requestToSign, credentials, options) { - const credentialsWithoutSessionToken = getCredentialsWithoutSessionToken(credentials); - requestToSign.headers[SESSION_TOKEN_HEADER] = credentials.sessionToken; - const privateAccess = this; - setSingleOverride(privateAccess, credentialsWithoutSessionToken); - return privateAccess.signRequest(requestToSign, options ?? {}); +// src/resolveDefaultAwsRegionalEndpointsConfig.ts +var import_url_parser = __nccwpck_require__(4681); +var resolveDefaultAwsRegionalEndpointsConfig = /* @__PURE__ */ __name((input) => { + if (typeof input.endpointProvider !== "function") { + throw new Error("@aws-sdk/util-endpoint - endpointProvider and endpoint missing in config for this client."); } - /** - * Similar to {@link SignatureV4S3Express#signWithCredentials} but for presigning. - */ - async presignWithCredentials(requestToSign, credentials, options) { - const credentialsWithoutSessionToken = getCredentialsWithoutSessionToken(credentials); - delete requestToSign.headers[SESSION_TOKEN_HEADER]; - requestToSign.headers[SESSION_TOKEN_QUERY_PARAM] = credentials.sessionToken; - requestToSign.query = requestToSign.query ?? {}; - requestToSign.query[SESSION_TOKEN_QUERY_PARAM] = credentials.sessionToken; - const privateAccess = this; - setSingleOverride(privateAccess, credentialsWithoutSessionToken); - return this.presign(requestToSign, options); + const { endpoint } = input; + if (endpoint === void 0) { + input.endpoint = async () => { + return toEndpointV1( + input.endpointProvider( + { + Region: typeof input.region === "function" ? await input.region() : input.region, + UseDualStack: typeof input.useDualstackEndpoint === "function" ? await input.useDualstackEndpoint() : input.useDualstackEndpoint, + UseFIPS: typeof input.useFipsEndpoint === "function" ? await input.useFipsEndpoint() : input.useFipsEndpoint, + Endpoint: void 0 + }, + { logger: input.logger } + ) + ); + }; } -}; -function getCredentialsWithoutSessionToken(credentials) { - const credentialsWithoutSessionToken = { - accessKeyId: credentials.accessKeyId, - secretAccessKey: credentials.secretAccessKey, - expiration: credentials.expiration - }; - return credentialsWithoutSessionToken; -} -__name(getCredentialsWithoutSessionToken, "getCredentialsWithoutSessionToken"); -function setSingleOverride(privateAccess, credentialsWithoutSessionToken) { - const id = setTimeout(() => { - throw new Error("SignatureV4S3Express credential override was created but not called."); - }, 10); - const currentCredentialProvider = privateAccess.credentialProvider; - const overrideCredentialsProviderOnce = /* @__PURE__ */ __name(() => { - clearTimeout(id); - privateAccess.credentialProvider = currentCredentialProvider; - return Promise.resolve(credentialsWithoutSessionToken); - }, "overrideCredentialsProviderOnce"); - privateAccess.credentialProvider = overrideCredentialsProviderOnce; -} -__name(setSingleOverride, "setSingleOverride"); + return input; +}, "resolveDefaultAwsRegionalEndpointsConfig"); +var toEndpointV1 = /* @__PURE__ */ __name((endpoint) => (0, import_url_parser.parseUrl)(endpoint.url), "toEndpointV1"); -// src/s3-express/functions/s3ExpressMiddleware.ts -var import_core = __nccwpck_require__(9559); +// src/resolveEndpoint.ts -var s3ExpressMiddleware = /* @__PURE__ */ __name((options) => { - return (next, context) => async (args) => { - if (context.endpointV2) { - const endpoint = context.endpointV2; - const isS3ExpressAuth = endpoint.properties?.authSchemes?.[0]?.name === S3_EXPRESS_AUTH_SCHEME; - const isS3ExpressBucket = endpoint.properties?.backend === S3_EXPRESS_BACKEND || endpoint.properties?.bucketType === S3_EXPRESS_BUCKET_TYPE; - if (isS3ExpressBucket) { - (0, import_core.setFeature)(context, "S3_EXPRESS_BUCKET", "J"); - context.isS3ExpressBucket = true; - } - if (isS3ExpressAuth) { - const requestBucket = args.input.Bucket; - if (requestBucket) { - const s3ExpressIdentity = await options.s3ExpressIdentityProvider.getS3ExpressIdentity( - await options.credentials(), - { - Bucket: requestBucket - } - ); - context.s3ExpressIdentity = s3ExpressIdentity; - if (import_protocol_http.HttpRequest.isInstance(args.request) && s3ExpressIdentity.sessionToken) { - args.request.headers[SESSION_TOKEN_HEADER] = s3ExpressIdentity.sessionToken; - } - } - } - } - return next(args); - }; -}, "s3ExpressMiddleware"); -var s3ExpressMiddlewareOptions = { - name: "s3ExpressMiddleware", - step: "build", - tags: ["S3", "S3_EXPRESS"], - override: true -}; -var getS3ExpressPlugin = /* @__PURE__ */ __name((options) => ({ - applyToStack: /* @__PURE__ */ __name((clientStack) => { - clientStack.add(s3ExpressMiddleware(options), s3ExpressMiddlewareOptions); - }, "applyToStack") -}), "getS3ExpressPlugin"); -// src/s3-express/functions/s3ExpressHttpSigningMiddleware.ts -var import_core2 = __nccwpck_require__(5829); +// src/types/EndpointError.ts -var import_util_middleware = __nccwpck_require__(2390); -// src/s3-express/functions/signS3Express.ts -var signS3Express = /* @__PURE__ */ __name(async (s3ExpressIdentity, signingOptions, request, sigV4MultiRegionSigner) => { - const signedRequest = await sigV4MultiRegionSigner.signWithCredentials(request, s3ExpressIdentity, {}); - if (signedRequest.headers["X-Amz-Security-Token"] || signedRequest.headers["x-amz-security-token"]) { - throw new Error("X-Amz-Security-Token must not be set for s3-express requests."); - } - return signedRequest; -}, "signS3Express"); +// src/types/EndpointRuleObject.ts -// src/s3-express/functions/s3ExpressHttpSigningMiddleware.ts -var defaultErrorHandler = /* @__PURE__ */ __name((signingProperties) => (error) => { - throw error; -}, "defaultErrorHandler"); -var defaultSuccessHandler = /* @__PURE__ */ __name((httpResponse, signingProperties) => { -}, "defaultSuccessHandler"); -var s3ExpressHttpSigningMiddlewareOptions = import_core2.httpSigningMiddlewareOptions; -var s3ExpressHttpSigningMiddleware = /* @__PURE__ */ __name((config) => (next, context) => async (args) => { - if (!import_protocol_http.HttpRequest.isInstance(args.request)) { - return next(args); - } - const smithyContext = (0, import_util_middleware.getSmithyContext)(context); - const scheme = smithyContext.selectedHttpAuthScheme; - if (!scheme) { - throw new Error(`No HttpAuthScheme was selected: unable to sign request`); - } - const { - httpAuthOption: { signingProperties = {} }, - identity, - signer - } = scheme; - let request; - if (context.s3ExpressIdentity) { - request = await signS3Express( - context.s3ExpressIdentity, - signingProperties, - args.request, - await config.signer() - ); - } else { - request = await signer.sign(args.request, identity, signingProperties); - } - const output = await next({ - ...args, - request - }).catch((signer.errorHandler || defaultErrorHandler)(signingProperties)); - (signer.successHandler || defaultSuccessHandler)(output.response, signingProperties); - return output; -}, "s3ExpressHttpSigningMiddleware"); -var getS3ExpressHttpSigningPlugin = /* @__PURE__ */ __name((config) => ({ - applyToStack: /* @__PURE__ */ __name((clientStack) => { - clientStack.addRelativeTo( - s3ExpressHttpSigningMiddleware(config), - import_core2.httpSigningMiddlewareOptions - ); - }, "applyToStack") -}), "getS3ExpressHttpSigningPlugin"); -// src/s3Configuration.ts -var resolveS3Config = /* @__PURE__ */ __name((input, { - session -}) => { - const [s3ClientProvider, CreateSessionCommandCtor] = session; - const { - forcePathStyle, - useAccelerateEndpoint, - disableMultiregionAccessPoints, - followRegionRedirects, - s3ExpressIdentityProvider, - bucketEndpoint - } = input; - return Object.assign(input, { - forcePathStyle: forcePathStyle ?? false, - useAccelerateEndpoint: useAccelerateEndpoint ?? false, - disableMultiregionAccessPoints: disableMultiregionAccessPoints ?? false, - followRegionRedirects: followRegionRedirects ?? false, - s3ExpressIdentityProvider: s3ExpressIdentityProvider ?? new S3ExpressIdentityProviderImpl( - async (key) => s3ClientProvider().send( - new CreateSessionCommandCtor({ - Bucket: key - }) - ) - ), - bucketEndpoint: bucketEndpoint ?? false - }); -}, "resolveS3Config"); +// src/types/ErrorRuleObject.ts -// src/throw-200-exceptions.ts -var import_util_stream = __nccwpck_require__(6607); -var THROW_IF_EMPTY_BODY = { - CopyObjectCommand: true, - UploadPartCopyCommand: true, - CompleteMultipartUploadCommand: true +// src/types/RuleSetObject.ts + + +// src/types/TreeRuleObject.ts + + +// src/types/shared.ts + +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); + + + +/***/ }), + +/***/ 7330: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +"use strict"; + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); }; -var MAX_BYTES_TO_INSPECT = 3e3; -var throw200ExceptionsMiddleware = /* @__PURE__ */ __name((config) => (next, context) => async (args) => { - const result = await next(args); - const { response } = result; - if (!import_protocol_http.HttpResponse.isInstance(response)) { - return result; - } - const { statusCode, body: sourceBody } = response; - if (statusCode < 200 || statusCode >= 300) { - return result; - } - const isSplittableStream = typeof sourceBody?.stream === "function" || typeof sourceBody?.pipe === "function" || typeof sourceBody?.tee === "function"; - if (!isSplittableStream) { - return result; - } - let bodyCopy = sourceBody; - let body = sourceBody; - if (sourceBody && typeof sourceBody === "object" && !(sourceBody instanceof Uint8Array)) { - [bodyCopy, body] = await (0, import_util_stream.splitStream)(sourceBody); - } - response.body = body; - const bodyBytes = await collectBody(bodyCopy, { - streamCollector: /* @__PURE__ */ __name(async (stream) => { - return (0, import_util_stream.headStream)(stream, MAX_BYTES_TO_INSPECT); - }, "streamCollector") - }); - if (typeof bodyCopy?.destroy === "function") { - bodyCopy.destroy(); - } - const bodyStringTail = config.utf8Encoder(bodyBytes.subarray(bodyBytes.length - 16)); - if (bodyBytes.length === 0 && THROW_IF_EMPTY_BODY[context.commandName]) { - const err = new Error("S3 aborted request"); - err.name = "InternalError"; - throw err; - } - if (bodyStringTail && bodyStringTail.endsWith("")) { - response.statusCode = 400; - } - return result; -}, "throw200ExceptionsMiddleware"); -var collectBody = /* @__PURE__ */ __name((streamBody = new Uint8Array(), context) => { - if (streamBody instanceof Uint8Array) { - return Promise.resolve(streamBody); +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } - return context.streamCollector(streamBody) || Promise.resolve(new Uint8Array()); -}, "collectBody"); -var throw200ExceptionsMiddlewareOptions = { - relation: "after", - toMiddleware: "deserializerMiddleware", - tags: ["THROW_200_EXCEPTIONS", "S3"], - name: "throw200ExceptionsMiddleware", - override: true + return to; }; -var getThrow200ExceptionsPlugin = /* @__PURE__ */ __name((config) => ({ - applyToStack: /* @__PURE__ */ __name((clientStack) => { - clientStack.addRelativeTo(throw200ExceptionsMiddleware(config), throw200ExceptionsMiddlewareOptions); - }, "applyToStack") -}), "getThrow200ExceptionsPlugin"); +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -// src/validate-bucket-name.ts -var import_util_arn_parser = __nccwpck_require__(5487); +// src/index.ts +var index_exports = {}; +__export(index_exports, { + NODE_APP_ID_CONFIG_OPTIONS: () => NODE_APP_ID_CONFIG_OPTIONS, + UA_APP_ID_ENV_NAME: () => UA_APP_ID_ENV_NAME, + UA_APP_ID_INI_NAME: () => UA_APP_ID_INI_NAME, + createDefaultUserAgentProvider: () => createDefaultUserAgentProvider, + crtAvailability: () => crtAvailability, + defaultUserAgent: () => defaultUserAgent +}); +module.exports = __toCommonJS(index_exports); -// src/bucket-endpoint-middleware.ts -function bucketEndpointMiddleware(options) { - return (next, context) => async (args) => { - if (options.bucketEndpoint) { - const endpoint = context.endpointV2; - if (endpoint) { - const bucket = args.input.Bucket; - if (typeof bucket === "string") { - try { - const bucketEndpointUrl = new URL(bucket); - context.endpointV2 = { - ...endpoint, - url: bucketEndpointUrl - }; - } catch (e) { - const warning = `@aws-sdk/middleware-sdk-s3: bucketEndpoint=true was set but Bucket=${bucket} could not be parsed as URL.`; - if (context.logger?.constructor?.name === "NoOpLogger") { - console.warn(warning); - } else { - context.logger?.warn?.(warning); - } - throw e; - } - } - } - } - return next(args); - }; -} -__name(bucketEndpointMiddleware, "bucketEndpointMiddleware"); -var bucketEndpointMiddlewareOptions = { - name: "bucketEndpointMiddleware", - override: true, - relation: "after", - toMiddleware: "endpointV2Middleware" +// src/defaultUserAgent.ts +var import_os = __nccwpck_require__(2037); +var import_process = __nccwpck_require__(7282); + +// src/crt-availability.ts +var crtAvailability = { + isCrtAvailable: false }; -// src/validate-bucket-name.ts -function validateBucketNameMiddleware({ bucketEndpoint }) { - return (next) => async (args) => { - const { - input: { Bucket } - } = args; - if (!bucketEndpoint && typeof Bucket === "string" && !(0, import_util_arn_parser.validate)(Bucket) && Bucket.indexOf("/") >= 0) { - const err = new Error(`Bucket name shouldn't contain '/', received '${Bucket}'`); - err.name = "InvalidBucketName"; - throw err; +// src/is-crt-available.ts +var isCrtAvailable = /* @__PURE__ */ __name(() => { + if (crtAvailability.isCrtAvailable) { + return ["md/crt-avail"]; + } + return null; +}, "isCrtAvailable"); + +// src/defaultUserAgent.ts +var createDefaultUserAgentProvider = /* @__PURE__ */ __name(({ serviceId, clientVersion }) => { + return async (config) => { + const sections = [ + // sdk-metadata + ["aws-sdk-js", clientVersion], + // ua-metadata + ["ua", "2.1"], + // os-metadata + [`os/${(0, import_os.platform)()}`, (0, import_os.release)()], + // language-metadata + // ECMAScript edition doesn't matter in JS, so no version needed. + ["lang/js"], + ["md/nodejs", `${import_process.versions.node}`] + ]; + const crtAvailable = isCrtAvailable(); + if (crtAvailable) { + sections.push(crtAvailable); } - return next({ ...args }); + if (serviceId) { + sections.push([`api/${serviceId}`, clientVersion]); + } + if (import_process.env.AWS_EXECUTION_ENV) { + sections.push([`exec-env/${import_process.env.AWS_EXECUTION_ENV}`]); + } + const appId = await config?.userAgentAppId?.(); + const resolvedUserAgent = appId ? [...sections, [`app/${appId}`]] : [...sections]; + return resolvedUserAgent; }; -} -__name(validateBucketNameMiddleware, "validateBucketNameMiddleware"); -var validateBucketNameMiddlewareOptions = { - step: "initialize", - tags: ["VALIDATE_BUCKET_NAME"], - name: "validateBucketNameMiddleware", - override: true +}, "createDefaultUserAgentProvider"); +var defaultUserAgent = createDefaultUserAgentProvider; + +// src/nodeAppIdConfigOptions.ts +var import_middleware_user_agent = __nccwpck_require__(6634); +var UA_APP_ID_ENV_NAME = "AWS_SDK_UA_APP_ID"; +var UA_APP_ID_INI_NAME = "sdk_ua_app_id"; +var UA_APP_ID_INI_NAME_DEPRECATED = "sdk-ua-app-id"; +var NODE_APP_ID_CONFIG_OPTIONS = { + environmentVariableSelector: /* @__PURE__ */ __name((env2) => env2[UA_APP_ID_ENV_NAME], "environmentVariableSelector"), + configFileSelector: /* @__PURE__ */ __name((profile) => profile[UA_APP_ID_INI_NAME] ?? profile[UA_APP_ID_INI_NAME_DEPRECATED], "configFileSelector"), + default: import_middleware_user_agent.DEFAULT_UA_APP_ID }; -var getValidateBucketNamePlugin = /* @__PURE__ */ __name((options) => ({ - applyToStack: /* @__PURE__ */ __name((clientStack) => { - clientStack.add(validateBucketNameMiddleware(options), validateBucketNameMiddlewareOptions); - clientStack.addRelativeTo(bucketEndpointMiddleware(options), bucketEndpointMiddlewareOptions); - }, "applyToStack") -}), "getValidateBucketNamePlugin"); // Annotate the CommonJS export names for ESM import in node: 0 && (0); @@ -50440,21 +34446,21 @@ var getValidateBucketNamePlugin = /* @__PURE__ */ __name((options) => ({ /***/ }), -/***/ 9559: +/***/ 9963: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; Object.defineProperty(exports, "__esModule", ({ value: true })); const tslib_1 = __nccwpck_require__(4351); -tslib_1.__exportStar(__nccwpck_require__(9263), exports); -tslib_1.__exportStar(__nccwpck_require__(7379), exports); -tslib_1.__exportStar(__nccwpck_require__(6764), exports); +tslib_1.__exportStar(__nccwpck_require__(2825), exports); +tslib_1.__exportStar(__nccwpck_require__(7862), exports); +tslib_1.__exportStar(__nccwpck_require__(785), exports); /***/ }), -/***/ 9263: +/***/ 2825: /***/ ((module) => { "use strict"; @@ -50546,7 +34552,7 @@ __name(setTokenFeature, "setTokenFeature"); /***/ }), -/***/ 7379: +/***/ 7862: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; @@ -50779,7 +34785,7 @@ var NODE_SIGV4A_CONFIG_OPTIONS = { }; // src/submodules/httpAuthSchemes/aws_sdk/resolveAwsSdkSigV4Config.ts -var import_client = __nccwpck_require__(9263); +var import_client = __nccwpck_require__(2825); var import_core2 = __nccwpck_require__(5829); var import_signature_v4 = __nccwpck_require__(1528); var resolveAwsSdkSigV4Config = /* @__PURE__ */ __name((config) => { @@ -50934,7 +34940,7 @@ __name(bindCallerConfig, "bindCallerConfig"); /***/ }), -/***/ 6764: +/***/ 785: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; @@ -51709,7 +35715,7 @@ var import_protocols3 = __nccwpck_require__(2241); var import_schema5 = __nccwpck_require__(9826); var import_smithy_client3 = __nccwpck_require__(3570); var import_util_utf8 = __nccwpck_require__(1895); -var import_fast_xml_parser = __nccwpck_require__(6388); +var import_fast_xml_parser = __nccwpck_require__(4577); var XmlShapeDeserializer = class extends SerdeContextConfig { constructor(settings) { super(); @@ -52193,7 +36199,7 @@ var import_util_body_length_browser4 = __nccwpck_require__(713); // src/submodules/protocols/xml/parseXmlBody.ts var import_smithy_client5 = __nccwpck_require__(3570); -var import_fast_xml_parser2 = __nccwpck_require__(6388); +var import_fast_xml_parser2 = __nccwpck_require__(4577); var parseXmlBody = /* @__PURE__ */ __name((streamBody, context) => collectBodyString(streamBody, context).then((encoded) => { if (encoded.length) { const parser = new import_fast_xml_parser2.XMLParser({ @@ -52249,7 +36255,7 @@ var loadRestXmlErrorCode = /* @__PURE__ */ __name((output, data) => { }, "loadRestXmlErrorCode"); // src/submodules/protocols/xml/XmlShapeSerializer.ts -var import_xml_builder = __nccwpck_require__(5721); +var import_xml_builder = __nccwpck_require__(3816); var import_schema8 = __nccwpck_require__(9826); var import_serde6 = __nccwpck_require__(7669); var import_smithy_client6 = __nccwpck_require__(3570); @@ -52677,14 +36683,499 @@ var AwsRestXmlProtocol = class extends import_protocols6.HttpBindingProtocol { /***/ }), -/***/ 5721: -/***/ ((module) => { +/***/ 3816: +/***/ ((module) => { + +"use strict"; + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + } + return to; +}; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/index.ts +var index_exports = {}; +__export(index_exports, { + XmlNode: () => XmlNode, + XmlText: () => XmlText +}); +module.exports = __toCommonJS(index_exports); + +// src/escape-attribute.ts +function escapeAttribute(value) { + return value.replace(/&/g, "&").replace(//g, ">").replace(/"/g, """); +} +__name(escapeAttribute, "escapeAttribute"); + +// src/escape-element.ts +function escapeElement(value) { + return value.replace(/&/g, "&").replace(/"/g, """).replace(/'/g, "'").replace(//g, ">").replace(/\r/g, " ").replace(/\n/g, " ").replace(/\u0085/g, "…").replace(/\u2028/, " "); +} +__name(escapeElement, "escapeElement"); + +// src/XmlText.ts +var XmlText = class { + constructor(value) { + this.value = value; + } + static { + __name(this, "XmlText"); + } + toString() { + return escapeElement("" + this.value); + } +}; + +// src/XmlNode.ts +var XmlNode = class _XmlNode { + constructor(name, children = []) { + this.name = name; + this.children = children; + } + static { + __name(this, "XmlNode"); + } + attributes = {}; + static of(name, childText, withName) { + const node = new _XmlNode(name); + if (childText !== void 0) { + node.addChildNode(new XmlText(childText)); + } + if (withName !== void 0) { + node.withName(withName); + } + return node; + } + withName(name) { + this.name = name; + return this; + } + addAttribute(name, value) { + this.attributes[name] = value; + return this; + } + addChildNode(child) { + this.children.push(child); + return this; + } + removeAttribute(name) { + delete this.attributes[name]; + return this; + } + /** + * @internal + * Alias of {@link XmlNode#withName(string)} for codegen brevity. + */ + n(name) { + this.name = name; + return this; + } + /** + * @internal + * Alias of {@link XmlNode#addChildNode(string)} for codegen brevity. + */ + c(child) { + this.children.push(child); + return this; + } + /** + * @internal + * Checked version of {@link XmlNode#addAttribute(string)} for codegen brevity. + */ + a(name, value) { + if (value != null) { + this.attributes[name] = value; + } + return this; + } + /** + * Create a child node. + * Used in serialization of string fields. + * @internal + */ + cc(input, field, withName = field) { + if (input[field] != null) { + const node = _XmlNode.of(field, input[field]).withName(withName); + this.c(node); + } + } + /** + * Creates list child nodes. + * @internal + */ + l(input, listName, memberName, valueProvider) { + if (input[listName] != null) { + const nodes = valueProvider(); + nodes.map((node) => { + node.withName(memberName); + this.c(node); + }); + } + } + /** + * Creates list child nodes with container. + * @internal + */ + lc(input, listName, memberName, valueProvider) { + if (input[listName] != null) { + const nodes = valueProvider(); + const containerNode = new _XmlNode(memberName); + nodes.map((node) => { + containerNode.c(node); + }); + this.c(containerNode); + } + } + toString() { + const hasChildren = Boolean(this.children.length); + let xmlText = `<${this.name}`; + const attributes = this.attributes; + for (const attributeName of Object.keys(attributes)) { + const attribute = attributes[attributeName]; + if (attribute != null) { + xmlText += ` ${attributeName}="${escapeAttribute("" + attribute)}"`; + } + } + return xmlText += !hasChildren ? "/>" : `>${this.children.map((c) => c.toString()).join("")}`; + } +}; +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); + + + +/***/ }), + +/***/ 5972: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +"use strict"; + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + } + return to; +}; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/index.ts +var index_exports = {}; +__export(index_exports, { + ENV_ACCOUNT_ID: () => ENV_ACCOUNT_ID, + ENV_CREDENTIAL_SCOPE: () => ENV_CREDENTIAL_SCOPE, + ENV_EXPIRATION: () => ENV_EXPIRATION, + ENV_KEY: () => ENV_KEY, + ENV_SECRET: () => ENV_SECRET, + ENV_SESSION: () => ENV_SESSION, + fromEnv: () => fromEnv +}); +module.exports = __toCommonJS(index_exports); + +// src/fromEnv.ts +var import_client = __nccwpck_require__(2825); +var import_property_provider = __nccwpck_require__(9721); +var ENV_KEY = "AWS_ACCESS_KEY_ID"; +var ENV_SECRET = "AWS_SECRET_ACCESS_KEY"; +var ENV_SESSION = "AWS_SESSION_TOKEN"; +var ENV_EXPIRATION = "AWS_CREDENTIAL_EXPIRATION"; +var ENV_CREDENTIAL_SCOPE = "AWS_CREDENTIAL_SCOPE"; +var ENV_ACCOUNT_ID = "AWS_ACCOUNT_ID"; +var fromEnv = /* @__PURE__ */ __name((init) => async () => { + init?.logger?.debug("@aws-sdk/credential-provider-env - fromEnv"); + const accessKeyId = process.env[ENV_KEY]; + const secretAccessKey = process.env[ENV_SECRET]; + const sessionToken = process.env[ENV_SESSION]; + const expiry = process.env[ENV_EXPIRATION]; + const credentialScope = process.env[ENV_CREDENTIAL_SCOPE]; + const accountId = process.env[ENV_ACCOUNT_ID]; + if (accessKeyId && secretAccessKey) { + const credentials = { + accessKeyId, + secretAccessKey, + ...sessionToken && { sessionToken }, + ...expiry && { expiration: new Date(expiry) }, + ...credentialScope && { credentialScope }, + ...accountId && { accountId } + }; + (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_ENV_VARS", "g"); + return credentials; + } + throw new import_property_provider.CredentialsProviderError("Unable to find environment variable credentials.", { logger: init?.logger }); +}, "fromEnv"); +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); + + + +/***/ }), + +/***/ 3757: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.checkUrl = void 0; +const property_provider_1 = __nccwpck_require__(9721); +const LOOPBACK_CIDR_IPv4 = "127.0.0.0/8"; +const LOOPBACK_CIDR_IPv6 = "::1/128"; +const ECS_CONTAINER_HOST = "169.254.170.2"; +const EKS_CONTAINER_HOST_IPv4 = "169.254.170.23"; +const EKS_CONTAINER_HOST_IPv6 = "[fd00:ec2::23]"; +const checkUrl = (url, logger) => { + if (url.protocol === "https:") { + return; + } + if (url.hostname === ECS_CONTAINER_HOST || + url.hostname === EKS_CONTAINER_HOST_IPv4 || + url.hostname === EKS_CONTAINER_HOST_IPv6) { + return; + } + if (url.hostname.includes("[")) { + if (url.hostname === "[::1]" || url.hostname === "[0000:0000:0000:0000:0000:0000:0000:0001]") { + return; + } + } + else { + if (url.hostname === "localhost") { + return; + } + const ipComponents = url.hostname.split("."); + const inRange = (component) => { + const num = parseInt(component, 10); + return 0 <= num && num <= 255; + }; + if (ipComponents[0] === "127" && + inRange(ipComponents[1]) && + inRange(ipComponents[2]) && + inRange(ipComponents[3]) && + ipComponents.length === 4) { + return; + } + } + throw new property_provider_1.CredentialsProviderError(`URL not accepted. It must either be HTTPS or match one of the following: + - loopback CIDR 127.0.0.0/8 or [::1/128] + - ECS container host 169.254.170.2 + - EKS container host 169.254.170.23 or [fd00:ec2::23]`, { logger }); +}; +exports.checkUrl = checkUrl; + + +/***/ }), + +/***/ 6070: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.fromHttp = void 0; +const tslib_1 = __nccwpck_require__(4351); +const client_1 = __nccwpck_require__(2825); +const node_http_handler_1 = __nccwpck_require__(258); +const property_provider_1 = __nccwpck_require__(9721); +const promises_1 = tslib_1.__importDefault(__nccwpck_require__(3292)); +const checkUrl_1 = __nccwpck_require__(3757); +const requestHelpers_1 = __nccwpck_require__(9287); +const retry_wrapper_1 = __nccwpck_require__(9921); +const AWS_CONTAINER_CREDENTIALS_RELATIVE_URI = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"; +const DEFAULT_LINK_LOCAL_HOST = "http://169.254.170.2"; +const AWS_CONTAINER_CREDENTIALS_FULL_URI = "AWS_CONTAINER_CREDENTIALS_FULL_URI"; +const AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE = "AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE"; +const AWS_CONTAINER_AUTHORIZATION_TOKEN = "AWS_CONTAINER_AUTHORIZATION_TOKEN"; +const fromHttp = (options = {}) => { + options.logger?.debug("@aws-sdk/credential-provider-http - fromHttp"); + let host; + const relative = options.awsContainerCredentialsRelativeUri ?? process.env[AWS_CONTAINER_CREDENTIALS_RELATIVE_URI]; + const full = options.awsContainerCredentialsFullUri ?? process.env[AWS_CONTAINER_CREDENTIALS_FULL_URI]; + const token = options.awsContainerAuthorizationToken ?? process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN]; + const tokenFile = options.awsContainerAuthorizationTokenFile ?? process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE]; + const warn = options.logger?.constructor?.name === "NoOpLogger" || !options.logger ? console.warn : options.logger.warn; + if (relative && full) { + warn("@aws-sdk/credential-provider-http: " + + "you have set both awsContainerCredentialsRelativeUri and awsContainerCredentialsFullUri."); + warn("awsContainerCredentialsFullUri will take precedence."); + } + if (token && tokenFile) { + warn("@aws-sdk/credential-provider-http: " + + "you have set both awsContainerAuthorizationToken and awsContainerAuthorizationTokenFile."); + warn("awsContainerAuthorizationToken will take precedence."); + } + if (full) { + host = full; + } + else if (relative) { + host = `${DEFAULT_LINK_LOCAL_HOST}${relative}`; + } + else { + throw new property_provider_1.CredentialsProviderError(`No HTTP credential provider host provided. +Set AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI.`, { logger: options.logger }); + } + const url = new URL(host); + (0, checkUrl_1.checkUrl)(url, options.logger); + const requestHandler = new node_http_handler_1.NodeHttpHandler({ + requestTimeout: options.timeout ?? 1000, + connectionTimeout: options.timeout ?? 1000, + }); + return (0, retry_wrapper_1.retryWrapper)(async () => { + const request = (0, requestHelpers_1.createGetRequest)(url); + if (token) { + request.headers.Authorization = token; + } + else if (tokenFile) { + request.headers.Authorization = (await promises_1.default.readFile(tokenFile)).toString(); + } + try { + const result = await requestHandler.handle(request); + return (0, requestHelpers_1.getCredentials)(result.response).then((creds) => (0, client_1.setCredentialFeature)(creds, "CREDENTIALS_HTTP", "z")); + } + catch (e) { + throw new property_provider_1.CredentialsProviderError(String(e), { logger: options.logger }); + } + }, options.maxRetries ?? 3, options.timeout ?? 1000); +}; +exports.fromHttp = fromHttp; + + +/***/ }), + +/***/ 9287: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.createGetRequest = createGetRequest; +exports.getCredentials = getCredentials; +const property_provider_1 = __nccwpck_require__(9721); +const protocol_http_1 = __nccwpck_require__(4418); +const smithy_client_1 = __nccwpck_require__(3570); +const util_stream_1 = __nccwpck_require__(6607); +function createGetRequest(url) { + return new protocol_http_1.HttpRequest({ + protocol: url.protocol, + hostname: url.hostname, + port: Number(url.port), + path: url.pathname, + query: Array.from(url.searchParams.entries()).reduce((acc, [k, v]) => { + acc[k] = v; + return acc; + }, {}), + fragment: url.hash, + }); +} +async function getCredentials(response, logger) { + const stream = (0, util_stream_1.sdkStreamMixin)(response.body); + const str = await stream.transformToString(); + if (response.statusCode === 200) { + const parsed = JSON.parse(str); + if (typeof parsed.AccessKeyId !== "string" || + typeof parsed.SecretAccessKey !== "string" || + typeof parsed.Token !== "string" || + typeof parsed.Expiration !== "string") { + throw new property_provider_1.CredentialsProviderError("HTTP credential provider response not of the required format, an object matching: " + + "{ AccessKeyId: string, SecretAccessKey: string, Token: string, Expiration: string(rfc3339) }", { logger }); + } + return { + accessKeyId: parsed.AccessKeyId, + secretAccessKey: parsed.SecretAccessKey, + sessionToken: parsed.Token, + expiration: (0, smithy_client_1.parseRfc3339DateTime)(parsed.Expiration), + }; + } + if (response.statusCode >= 400 && response.statusCode < 500) { + let parsedBody = {}; + try { + parsedBody = JSON.parse(str); + } + catch (e) { } + throw Object.assign(new property_provider_1.CredentialsProviderError(`Server responded with status: ${response.statusCode}`, { logger }), { + Code: parsedBody.Code, + Message: parsedBody.Message, + }); + } + throw new property_provider_1.CredentialsProviderError(`Server responded with status: ${response.statusCode}`, { logger }); +} + + +/***/ }), + +/***/ 9921: +/***/ ((__unused_webpack_module, exports) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.retryWrapper = void 0; +const retryWrapper = (toRetry, maxRetries, delayMs) => { + return async () => { + for (let i = 0; i < maxRetries; ++i) { + try { + return await toRetry(); + } + catch (e) { + await new Promise((resolve) => setTimeout(resolve, delayMs)); + } + } + return await toRetry(); + }; +}; +exports.retryWrapper = retryWrapper; + + +/***/ }), + +/***/ 7290: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.fromHttp = void 0; +var fromHttp_1 = __nccwpck_require__(6070); +Object.defineProperty(exports, "fromHttp", ({ enumerable: true, get: function () { return fromHttp_1.fromHttp; } })); + + +/***/ }), + +/***/ 4203: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; +var __create = Object.create; var __defProp = Object.defineProperty; var __getOwnPropDesc = Object.getOwnPropertyDescriptor; var __getOwnPropNames = Object.getOwnPropertyNames; +var __getProtoOf = Object.getPrototypeOf; var __hasOwnProp = Object.prototype.hasOwnProperty; var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); var __export = (target, all) => { @@ -52699,154 +37190,256 @@ var __copyProps = (to, from, except, desc) => { } return to; }; +var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps( + // If the importer is in node compatibility mode or this is not an ESM + // file that has been converted to a CommonJS file using a Babel- + // compatible transform (i.e. "__esModule" has not been set), then set + // "default" to the CommonJS "module.exports" for node compatibility. + isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target, + mod +)); var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); // src/index.ts var index_exports = {}; __export(index_exports, { - XmlNode: () => XmlNode, - XmlText: () => XmlText + fromIni: () => fromIni }); module.exports = __toCommonJS(index_exports); -// src/escape-attribute.ts -function escapeAttribute(value) { - return value.replace(/&/g, "&").replace(//g, ">").replace(/"/g, """); -} -__name(escapeAttribute, "escapeAttribute"); +// src/fromIni.ts -// src/escape-element.ts -function escapeElement(value) { - return value.replace(/&/g, "&").replace(/"/g, """).replace(/'/g, "'").replace(//g, ">").replace(/\r/g, " ").replace(/\n/g, " ").replace(/\u0085/g, "…").replace(/\u2028/, " "); -} -__name(escapeElement, "escapeElement"); -// src/XmlText.ts -var XmlText = class { - constructor(value) { - this.value = value; - } - static { - __name(this, "XmlText"); - } - toString() { - return escapeElement("" + this.value); - } -}; +// src/resolveProfileData.ts -// src/XmlNode.ts -var XmlNode = class _XmlNode { - constructor(name, children = []) { - this.name = name; - this.children = children; - } - static { - __name(this, "XmlNode"); + +// src/resolveAssumeRoleCredentials.ts + + +var import_shared_ini_file_loader = __nccwpck_require__(3507); + +// src/resolveCredentialSource.ts +var import_client = __nccwpck_require__(2825); +var import_property_provider = __nccwpck_require__(9721); +var resolveCredentialSource = /* @__PURE__ */ __name((credentialSource, profileName, logger) => { + const sourceProvidersMap = { + EcsContainer: /* @__PURE__ */ __name(async (options) => { + const { fromHttp } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(7290))); + const { fromContainerMetadata } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(7477))); + logger?.debug("@aws-sdk/credential-provider-ini - credential_source is EcsContainer"); + return async () => (0, import_property_provider.chain)(fromHttp(options ?? {}), fromContainerMetadata(options))().then(setNamedProvider); + }, "EcsContainer"), + Ec2InstanceMetadata: /* @__PURE__ */ __name(async (options) => { + logger?.debug("@aws-sdk/credential-provider-ini - credential_source is Ec2InstanceMetadata"); + const { fromInstanceMetadata } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(7477))); + return async () => fromInstanceMetadata(options)().then(setNamedProvider); + }, "Ec2InstanceMetadata"), + Environment: /* @__PURE__ */ __name(async (options) => { + logger?.debug("@aws-sdk/credential-provider-ini - credential_source is Environment"); + const { fromEnv } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(5972))); + return async () => fromEnv(options)().then(setNamedProvider); + }, "Environment") + }; + if (credentialSource in sourceProvidersMap) { + return sourceProvidersMap[credentialSource]; + } else { + throw new import_property_provider.CredentialsProviderError( + `Unsupported credential source in profile ${profileName}. Got ${credentialSource}, expected EcsContainer or Ec2InstanceMetadata or Environment.`, + { logger } + ); } - attributes = {}; - static of(name, childText, withName) { - const node = new _XmlNode(name); - if (childText !== void 0) { - node.addChildNode(new XmlText(childText)); - } - if (withName !== void 0) { - node.withName(withName); - } - return node; +}, "resolveCredentialSource"); +var setNamedProvider = /* @__PURE__ */ __name((creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_NAMED_PROVIDER", "p"), "setNamedProvider"); + +// src/resolveAssumeRoleCredentials.ts +var isAssumeRoleProfile = /* @__PURE__ */ __name((arg, { profile = "default", logger } = {}) => { + return Boolean(arg) && typeof arg === "object" && typeof arg.role_arn === "string" && ["undefined", "string"].indexOf(typeof arg.role_session_name) > -1 && ["undefined", "string"].indexOf(typeof arg.external_id) > -1 && ["undefined", "string"].indexOf(typeof arg.mfa_serial) > -1 && (isAssumeRoleWithSourceProfile(arg, { profile, logger }) || isCredentialSourceProfile(arg, { profile, logger })); +}, "isAssumeRoleProfile"); +var isAssumeRoleWithSourceProfile = /* @__PURE__ */ __name((arg, { profile, logger }) => { + const withSourceProfile = typeof arg.source_profile === "string" && typeof arg.credential_source === "undefined"; + if (withSourceProfile) { + logger?.debug?.(` ${profile} isAssumeRoleWithSourceProfile source_profile=${arg.source_profile}`); } - withName(name) { - this.name = name; - return this; + return withSourceProfile; +}, "isAssumeRoleWithSourceProfile"); +var isCredentialSourceProfile = /* @__PURE__ */ __name((arg, { profile, logger }) => { + const withProviderProfile = typeof arg.credential_source === "string" && typeof arg.source_profile === "undefined"; + if (withProviderProfile) { + logger?.debug?.(` ${profile} isCredentialSourceProfile credential_source=${arg.credential_source}`); } - addAttribute(name, value) { - this.attributes[name] = value; - return this; + return withProviderProfile; +}, "isCredentialSourceProfile"); +var resolveAssumeRoleCredentials = /* @__PURE__ */ __name(async (profileName, profiles, options, visitedProfiles = {}) => { + options.logger?.debug("@aws-sdk/credential-provider-ini - resolveAssumeRoleCredentials (STS)"); + const profileData = profiles[profileName]; + const { source_profile, region } = profileData; + if (!options.roleAssumer) { + const { getDefaultRoleAssumer } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(2273))); + options.roleAssumer = getDefaultRoleAssumer( + { + ...options.clientConfig, + credentialProviderLogger: options.logger, + parentClientConfig: { + ...options?.parentClientConfig, + region: region ?? options?.parentClientConfig?.region + } + }, + options.clientPlugins + ); } - addChildNode(child) { - this.children.push(child); - return this; + if (source_profile && source_profile in visitedProfiles) { + throw new import_property_provider.CredentialsProviderError( + `Detected a cycle attempting to resolve credentials for profile ${(0, import_shared_ini_file_loader.getProfileName)(options)}. Profiles visited: ` + Object.keys(visitedProfiles).join(", "), + { logger: options.logger } + ); } - removeAttribute(name) { - delete this.attributes[name]; - return this; + options.logger?.debug( + `@aws-sdk/credential-provider-ini - finding credential resolver using ${source_profile ? `source_profile=[${source_profile}]` : `profile=[${profileName}]`}` + ); + const sourceCredsProvider = source_profile ? resolveProfileData( + source_profile, + profiles, + options, + { + ...visitedProfiles, + [source_profile]: true + }, + isCredentialSourceWithoutRoleArn(profiles[source_profile] ?? {}) + ) : (await resolveCredentialSource(profileData.credential_source, profileName, options.logger)(options))(); + if (isCredentialSourceWithoutRoleArn(profileData)) { + return sourceCredsProvider.then((creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_SOURCE_PROFILE", "o")); + } else { + const params = { + RoleArn: profileData.role_arn, + RoleSessionName: profileData.role_session_name || `aws-sdk-js-${Date.now()}`, + ExternalId: profileData.external_id, + DurationSeconds: parseInt(profileData.duration_seconds || "3600", 10) + }; + const { mfa_serial } = profileData; + if (mfa_serial) { + if (!options.mfaCodeProvider) { + throw new import_property_provider.CredentialsProviderError( + `Profile ${profileName} requires multi-factor authentication, but no MFA code callback was provided.`, + { logger: options.logger, tryNextLink: false } + ); + } + params.SerialNumber = mfa_serial; + params.TokenCode = await options.mfaCodeProvider(mfa_serial); + } + const sourceCreds = await sourceCredsProvider; + return options.roleAssumer(sourceCreds, params).then( + (creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_SOURCE_PROFILE", "o") + ); } - /** - * @internal - * Alias of {@link XmlNode#withName(string)} for codegen brevity. - */ - n(name) { - this.name = name; - return this; +}, "resolveAssumeRoleCredentials"); +var isCredentialSourceWithoutRoleArn = /* @__PURE__ */ __name((section) => { + return !section.role_arn && !!section.credential_source; +}, "isCredentialSourceWithoutRoleArn"); + +// src/resolveProcessCredentials.ts + +var isProcessProfile = /* @__PURE__ */ __name((arg) => Boolean(arg) && typeof arg === "object" && typeof arg.credential_process === "string", "isProcessProfile"); +var resolveProcessCredentials = /* @__PURE__ */ __name(async (options, profile) => Promise.resolve().then(() => __toESM(__nccwpck_require__(9969))).then( + ({ fromProcess }) => fromProcess({ + ...options, + profile + })().then((creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_PROCESS", "v")) +), "resolveProcessCredentials"); + +// src/resolveSsoCredentials.ts + +var resolveSsoCredentials = /* @__PURE__ */ __name(async (profile, profileData, options = {}) => { + const { fromSSO } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(6414))); + return fromSSO({ + profile, + logger: options.logger, + parentClientConfig: options.parentClientConfig, + clientConfig: options.clientConfig + })().then((creds) => { + if (profileData.sso_session) { + return (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_SSO", "r"); + } else { + return (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_SSO_LEGACY", "t"); + } + }); +}, "resolveSsoCredentials"); +var isSsoProfile = /* @__PURE__ */ __name((arg) => arg && (typeof arg.sso_start_url === "string" || typeof arg.sso_account_id === "string" || typeof arg.sso_session === "string" || typeof arg.sso_region === "string" || typeof arg.sso_role_name === "string"), "isSsoProfile"); + +// src/resolveStaticCredentials.ts + +var isStaticCredsProfile = /* @__PURE__ */ __name((arg) => Boolean(arg) && typeof arg === "object" && typeof arg.aws_access_key_id === "string" && typeof arg.aws_secret_access_key === "string" && ["undefined", "string"].indexOf(typeof arg.aws_session_token) > -1 && ["undefined", "string"].indexOf(typeof arg.aws_account_id) > -1, "isStaticCredsProfile"); +var resolveStaticCredentials = /* @__PURE__ */ __name(async (profile, options) => { + options?.logger?.debug("@aws-sdk/credential-provider-ini - resolveStaticCredentials"); + const credentials = { + accessKeyId: profile.aws_access_key_id, + secretAccessKey: profile.aws_secret_access_key, + sessionToken: profile.aws_session_token, + ...profile.aws_credential_scope && { credentialScope: profile.aws_credential_scope }, + ...profile.aws_account_id && { accountId: profile.aws_account_id } + }; + return (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_PROFILE", "n"); +}, "resolveStaticCredentials"); + +// src/resolveWebIdentityCredentials.ts + +var isWebIdentityProfile = /* @__PURE__ */ __name((arg) => Boolean(arg) && typeof arg === "object" && typeof arg.web_identity_token_file === "string" && typeof arg.role_arn === "string" && ["undefined", "string"].indexOf(typeof arg.role_session_name) > -1, "isWebIdentityProfile"); +var resolveWebIdentityCredentials = /* @__PURE__ */ __name(async (profile, options) => Promise.resolve().then(() => __toESM(__nccwpck_require__(5646))).then( + ({ fromTokenFile }) => fromTokenFile({ + webIdentityTokenFile: profile.web_identity_token_file, + roleArn: profile.role_arn, + roleSessionName: profile.role_session_name, + roleAssumerWithWebIdentity: options.roleAssumerWithWebIdentity, + logger: options.logger, + parentClientConfig: options.parentClientConfig + })().then((creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_STS_WEB_ID_TOKEN", "q")) +), "resolveWebIdentityCredentials"); + +// src/resolveProfileData.ts +var resolveProfileData = /* @__PURE__ */ __name(async (profileName, profiles, options, visitedProfiles = {}, isAssumeRoleRecursiveCall = false) => { + const data = profiles[profileName]; + if (Object.keys(visitedProfiles).length > 0 && isStaticCredsProfile(data)) { + return resolveStaticCredentials(data, options); } - /** - * @internal - * Alias of {@link XmlNode#addChildNode(string)} for codegen brevity. - */ - c(child) { - this.children.push(child); - return this; + if (isAssumeRoleRecursiveCall || isAssumeRoleProfile(data, { profile: profileName, logger: options.logger })) { + return resolveAssumeRoleCredentials(profileName, profiles, options, visitedProfiles); } - /** - * @internal - * Checked version of {@link XmlNode#addAttribute(string)} for codegen brevity. - */ - a(name, value) { - if (value != null) { - this.attributes[name] = value; - } - return this; + if (isStaticCredsProfile(data)) { + return resolveStaticCredentials(data, options); } - /** - * Create a child node. - * Used in serialization of string fields. - * @internal - */ - cc(input, field, withName = field) { - if (input[field] != null) { - const node = _XmlNode.of(field, input[field]).withName(withName); - this.c(node); - } + if (isWebIdentityProfile(data)) { + return resolveWebIdentityCredentials(data, options); } - /** - * Creates list child nodes. - * @internal - */ - l(input, listName, memberName, valueProvider) { - if (input[listName] != null) { - const nodes = valueProvider(); - nodes.map((node) => { - node.withName(memberName); - this.c(node); - }); - } + if (isProcessProfile(data)) { + return resolveProcessCredentials(options, profileName); } - /** - * Creates list child nodes with container. - * @internal - */ - lc(input, listName, memberName, valueProvider) { - if (input[listName] != null) { - const nodes = valueProvider(); - const containerNode = new _XmlNode(memberName); - nodes.map((node) => { - containerNode.c(node); - }); - this.c(containerNode); - } + if (isSsoProfile(data)) { + return await resolveSsoCredentials(profileName, data, options); } - toString() { - const hasChildren = Boolean(this.children.length); - let xmlText = `<${this.name}`; - const attributes = this.attributes; - for (const attributeName of Object.keys(attributes)) { - const attribute = attributes[attributeName]; - if (attribute != null) { - xmlText += ` ${attributeName}="${escapeAttribute("" + attribute)}"`; - } + throw new import_property_provider.CredentialsProviderError( + `Could not resolve credentials using profile: [${profileName}] in configuration/credentials file(s).`, + { logger: options.logger } + ); +}, "resolveProfileData"); + +// src/fromIni.ts +var fromIni = /* @__PURE__ */ __name((_init = {}) => async ({ callerClientConfig } = {}) => { + const init = { + ..._init, + parentClientConfig: { + ...callerClientConfig, + ..._init.parentClientConfig } - return xmlText += !hasChildren ? "/>" : `>${this.children.map((c) => c.toString()).join("")}`; - } -}; + }; + init.logger?.debug("@aws-sdk/credential-provider-ini - fromIni"); + const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init); + return resolveProfileData( + (0, import_shared_ini_file_loader.getProfileName)({ + profile: _init.profile ?? callerClientConfig?.profile + }), + profiles, + init + ); +}, "fromIni"); // Annotate the CommonJS export names for ESM import in node: 0 && (0); @@ -52855,14 +37448,16 @@ var XmlNode = class _XmlNode { /***/ }), -/***/ 9718: -/***/ ((module) => { +/***/ 5531: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; +var __create = Object.create; var __defProp = Object.defineProperty; var __getOwnPropDesc = Object.getOwnPropertyDescriptor; var __getOwnPropNames = Object.getOwnPropertyNames; +var __getProtoOf = Object.getPrototypeOf; var __hasOwnProp = Object.prototype.hasOwnProperty; var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); var __export = (target, all) => { @@ -52877,79 +37472,125 @@ var __copyProps = (to, from, except, desc) => { } return to; }; +var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps( + // If the importer is in node compatibility mode or this is not an ESM + // file that has been converted to a CommonJS file using a Babel- + // compatible transform (i.e. "__esModule" has not been set), then set + // "default" to the CommonJS "module.exports" for node compatibility. + isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target, + mod +)); var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); // src/index.ts var index_exports = {}; __export(index_exports, { - getSsecPlugin: () => getSsecPlugin, - isValidBase64EncodedSSECustomerKey: () => isValidBase64EncodedSSECustomerKey, - ssecMiddleware: () => ssecMiddleware, - ssecMiddlewareOptions: () => ssecMiddlewareOptions + credentialsTreatedAsExpired: () => credentialsTreatedAsExpired, + credentialsWillNeedRefresh: () => credentialsWillNeedRefresh, + defaultProvider: () => defaultProvider }); module.exports = __toCommonJS(index_exports); -function ssecMiddleware(options) { - return (next) => async (args) => { - const input = { ...args.input }; - const properties = [ - { - target: "SSECustomerKey", - hash: "SSECustomerKeyMD5" - }, - { - target: "CopySourceSSECustomerKey", - hash: "CopySourceSSECustomerKeyMD5" - } - ]; - for (const prop of properties) { - const value = input[prop.target]; - if (value) { - let valueForHash; - if (typeof value === "string") { - if (isValidBase64EncodedSSECustomerKey(value, options)) { - valueForHash = options.base64Decoder(value); - } else { - valueForHash = options.utf8Decoder(value); - input[prop.target] = options.base64Encoder(valueForHash); + +// src/defaultProvider.ts +var import_credential_provider_env = __nccwpck_require__(5972); + +var import_shared_ini_file_loader = __nccwpck_require__(3507); + +// src/remoteProvider.ts +var import_property_provider = __nccwpck_require__(9721); +var ENV_IMDS_DISABLED = "AWS_EC2_METADATA_DISABLED"; +var remoteProvider = /* @__PURE__ */ __name(async (init) => { + const { ENV_CMDS_FULL_URI, ENV_CMDS_RELATIVE_URI, fromContainerMetadata, fromInstanceMetadata } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(7477))); + if (process.env[ENV_CMDS_RELATIVE_URI] || process.env[ENV_CMDS_FULL_URI]) { + init.logger?.debug("@aws-sdk/credential-provider-node - remoteProvider::fromHttp/fromContainerMetadata"); + const { fromHttp } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(7290))); + return (0, import_property_provider.chain)(fromHttp(init), fromContainerMetadata(init)); + } + if (process.env[ENV_IMDS_DISABLED] && process.env[ENV_IMDS_DISABLED] !== "false") { + return async () => { + throw new import_property_provider.CredentialsProviderError("EC2 Instance Metadata Service access disabled", { logger: init.logger }); + }; + } + init.logger?.debug("@aws-sdk/credential-provider-node - remoteProvider::fromInstanceMetadata"); + return fromInstanceMetadata(init); +}, "remoteProvider"); + +// src/defaultProvider.ts +var multipleCredentialSourceWarningEmitted = false; +var defaultProvider = /* @__PURE__ */ __name((init = {}) => (0, import_property_provider.memoize)( + (0, import_property_provider.chain)( + async () => { + const profile = init.profile ?? process.env[import_shared_ini_file_loader.ENV_PROFILE]; + if (profile) { + const envStaticCredentialsAreSet = process.env[import_credential_provider_env.ENV_KEY] && process.env[import_credential_provider_env.ENV_SECRET]; + if (envStaticCredentialsAreSet) { + if (!multipleCredentialSourceWarningEmitted) { + const warnFn = init.logger?.warn && init.logger?.constructor?.name !== "NoOpLogger" ? init.logger.warn : console.warn; + warnFn( + `@aws-sdk/credential-provider-node - defaultProvider::fromEnv WARNING: + Multiple credential sources detected: + Both AWS_PROFILE and the pair AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY static credentials are set. + This SDK will proceed with the AWS_PROFILE value. + + However, a future version may change this behavior to prefer the ENV static credentials. + Please ensure that your environment only sets either the AWS_PROFILE or the + AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY pair. +` + ); + multipleCredentialSourceWarningEmitted = true; } - } else { - valueForHash = ArrayBuffer.isView(value) ? new Uint8Array(value.buffer, value.byteOffset, value.byteLength) : new Uint8Array(value); - input[prop.target] = options.base64Encoder(valueForHash); } - const hash = new options.md5(); - hash.update(valueForHash); - input[prop.hash] = options.base64Encoder(await hash.digest()); + throw new import_property_provider.CredentialsProviderError("AWS_PROFILE is set, skipping fromEnv provider.", { + logger: init.logger, + tryNextLink: true + }); } - } - return next({ - ...args, - input - }); - }; -} -__name(ssecMiddleware, "ssecMiddleware"); -var ssecMiddlewareOptions = { - name: "ssecMiddleware", - step: "initialize", - tags: ["SSE"], - override: true -}; -var getSsecPlugin = /* @__PURE__ */ __name((config) => ({ - applyToStack: /* @__PURE__ */ __name((clientStack) => { - clientStack.add(ssecMiddleware(config), ssecMiddlewareOptions); - }, "applyToStack") -}), "getSsecPlugin"); -function isValidBase64EncodedSSECustomerKey(str, options) { - const base64Regex = /^(?:[A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/; - if (!base64Regex.test(str)) return false; - try { - const decodedBytes = options.base64Decoder(str); - return decodedBytes.length === 32; - } catch { - return false; - } -} -__name(isValidBase64EncodedSSECustomerKey, "isValidBase64EncodedSSECustomerKey"); + init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromEnv"); + return (0, import_credential_provider_env.fromEnv)(init)(); + }, + async () => { + init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromSSO"); + const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoSession } = init; + if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName && !ssoSession) { + throw new import_property_provider.CredentialsProviderError( + "Skipping SSO provider in default chain (inputs do not include SSO fields).", + { logger: init.logger } + ); + } + const { fromSSO } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(6414))); + return fromSSO(init)(); + }, + async () => { + init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromIni"); + const { fromIni } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(4203))); + return fromIni(init)(); + }, + async () => { + init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromProcess"); + const { fromProcess } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(9969))); + return fromProcess(init)(); + }, + async () => { + init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromTokenFile"); + const { fromTokenFile } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(5646))); + return fromTokenFile(init)(); + }, + async () => { + init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::remoteProvider"); + return (await remoteProvider(init))(); + }, + async () => { + throw new import_property_provider.CredentialsProviderError("Could not load credentials from any providers", { + tryNextLink: false, + logger: init.logger + }); + } + ), + credentialsTreatedAsExpired, + credentialsWillNeedRefresh +), "defaultProvider"); +var credentialsWillNeedRefresh = /* @__PURE__ */ __name((credentials) => credentials?.expiration !== void 0, "credentialsWillNeedRefresh"); +var credentialsTreatedAsExpired = /* @__PURE__ */ __name((credentials) => credentials?.expiration !== void 0 && credentials.expiration.getTime() - Date.now() < 3e5, "credentialsTreatedAsExpired"); // Annotate the CommonJS export names for ESM import in node: 0 && (0); @@ -52958,7 +37599,7 @@ __name(isValidBase64EncodedSSECustomerKey, "isValidBase64EncodedSSECustomerKey") /***/ }), -/***/ 4688: +/***/ 9969: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; @@ -52985,200 +37626,341 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru // src/index.ts var index_exports = {}; __export(index_exports, { - DEFAULT_UA_APP_ID: () => DEFAULT_UA_APP_ID, - getUserAgentMiddlewareOptions: () => getUserAgentMiddlewareOptions, - getUserAgentPlugin: () => getUserAgentPlugin, - resolveUserAgentConfig: () => resolveUserAgentConfig, - userAgentMiddleware: () => userAgentMiddleware + fromProcess: () => fromProcess }); module.exports = __toCommonJS(index_exports); -// src/configurations.ts -var import_core = __nccwpck_require__(5829); -var DEFAULT_UA_APP_ID = void 0; -function isValidUserAgentAppId(appId) { - if (appId === void 0) { - return true; - } - return typeof appId === "string" && appId.length <= 50; -} -__name(isValidUserAgentAppId, "isValidUserAgentAppId"); -function resolveUserAgentConfig(input) { - const normalizedAppIdProvider = (0, import_core.normalizeProvider)(input.userAgentAppId ?? DEFAULT_UA_APP_ID); - const { customUserAgent } = input; - return Object.assign(input, { - customUserAgent: typeof customUserAgent === "string" ? [[customUserAgent]] : customUserAgent, - userAgentAppId: /* @__PURE__ */ __name(async () => { - const appId = await normalizedAppIdProvider(); - if (!isValidUserAgentAppId(appId)) { - const logger = input.logger?.constructor?.name === "NoOpLogger" || !input.logger ? console : input.logger; - if (typeof appId !== "string") { - logger?.warn("userAgentAppId must be a string or undefined."); - } else if (appId.length > 50) { - logger?.warn("The provided userAgentAppId exceeds the maximum length of 50 characters."); - } - } - return appId; - }, "userAgentAppId") - }); -} -__name(resolveUserAgentConfig, "resolveUserAgentConfig"); +// src/fromProcess.ts +var import_shared_ini_file_loader = __nccwpck_require__(3507); -// src/user-agent-middleware.ts -var import_util_endpoints = __nccwpck_require__(3350); -var import_protocol_http = __nccwpck_require__(4418); +// src/resolveProcessCredentials.ts +var import_property_provider = __nccwpck_require__(9721); +var import_child_process = __nccwpck_require__(2081); +var import_util = __nccwpck_require__(3837); -// src/check-features.ts -var import_core2 = __nccwpck_require__(9963); -var ACCOUNT_ID_ENDPOINT_REGEX = /\d{12}\.ddb/; -async function checkFeatures(context, config, args) { - const request = args.request; - if (request?.headers?.["smithy-protocol"] === "rpc-v2-cbor") { - (0, import_core2.setFeature)(context, "PROTOCOL_RPC_V2_CBOR", "M"); +// src/getValidatedProcessCredentials.ts +var import_client = __nccwpck_require__(2825); +var getValidatedProcessCredentials = /* @__PURE__ */ __name((profileName, data, profiles) => { + if (data.Version !== 1) { + throw Error(`Profile ${profileName} credential_process did not return Version 1.`); } - if (typeof config.retryStrategy === "function") { - const retryStrategy = await config.retryStrategy(); - if (typeof retryStrategy.acquireInitialRetryToken === "function") { - if (retryStrategy.constructor?.name?.includes("Adaptive")) { - (0, import_core2.setFeature)(context, "RETRY_MODE_ADAPTIVE", "F"); - } else { - (0, import_core2.setFeature)(context, "RETRY_MODE_STANDARD", "E"); + if (data.AccessKeyId === void 0 || data.SecretAccessKey === void 0) { + throw Error(`Profile ${profileName} credential_process returned invalid credentials.`); + } + if (data.Expiration) { + const currentTime = /* @__PURE__ */ new Date(); + const expireTime = new Date(data.Expiration); + if (expireTime < currentTime) { + throw Error(`Profile ${profileName} credential_process returned expired credentials.`); + } + } + let accountId = data.AccountId; + if (!accountId && profiles?.[profileName]?.aws_account_id) { + accountId = profiles[profileName].aws_account_id; + } + const credentials = { + accessKeyId: data.AccessKeyId, + secretAccessKey: data.SecretAccessKey, + ...data.SessionToken && { sessionToken: data.SessionToken }, + ...data.Expiration && { expiration: new Date(data.Expiration) }, + ...data.CredentialScope && { credentialScope: data.CredentialScope }, + ...accountId && { accountId } + }; + (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_PROCESS", "w"); + return credentials; +}, "getValidatedProcessCredentials"); + +// src/resolveProcessCredentials.ts +var resolveProcessCredentials = /* @__PURE__ */ __name(async (profileName, profiles, logger) => { + const profile = profiles[profileName]; + if (profiles[profileName]) { + const credentialProcess = profile["credential_process"]; + if (credentialProcess !== void 0) { + const execPromise = (0, import_util.promisify)(import_child_process.exec); + try { + const { stdout } = await execPromise(credentialProcess); + let data; + try { + data = JSON.parse(stdout.trim()); + } catch { + throw Error(`Profile ${profileName} credential_process returned invalid JSON.`); + } + return getValidatedProcessCredentials(profileName, data, profiles); + } catch (error) { + throw new import_property_provider.CredentialsProviderError(error.message, { logger }); } } else { - (0, import_core2.setFeature)(context, "RETRY_MODE_LEGACY", "D"); + throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} did not contain credential_process.`, { logger }); } + } else { + throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} could not be found in shared credentials file.`, { + logger + }); } - if (typeof config.accountIdEndpointMode === "function") { - const endpointV2 = context.endpointV2; - if (String(endpointV2?.url?.hostname).match(ACCOUNT_ID_ENDPOINT_REGEX)) { - (0, import_core2.setFeature)(context, "ACCOUNT_ID_ENDPOINT", "O"); - } - switch (await config.accountIdEndpointMode?.()) { - case "disabled": - (0, import_core2.setFeature)(context, "ACCOUNT_ID_MODE_DISABLED", "Q"); - break; - case "preferred": - (0, import_core2.setFeature)(context, "ACCOUNT_ID_MODE_PREFERRED", "P"); - break; - case "required": - (0, import_core2.setFeature)(context, "ACCOUNT_ID_MODE_REQUIRED", "R"); - break; - } +}, "resolveProcessCredentials"); + +// src/fromProcess.ts +var fromProcess = /* @__PURE__ */ __name((init = {}) => async ({ callerClientConfig } = {}) => { + init.logger?.debug("@aws-sdk/credential-provider-process - fromProcess"); + const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init); + return resolveProcessCredentials( + (0, import_shared_ini_file_loader.getProfileName)({ + profile: init.profile ?? callerClientConfig?.profile + }), + profiles, + init.logger + ); +}, "fromProcess"); +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); + + + +/***/ }), + +/***/ 6414: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +"use strict"; + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __esm = (fn, res) => function __init() { + return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res; +}; +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } - const identity = context.__smithy_context?.selectedHttpAuthScheme?.identity; - if (identity?.$source) { - const credentials = identity; - if (credentials.accountId) { - (0, import_core2.setFeature)(context, "RESOLVED_ACCOUNT_ID", "T"); - } - for (const [key, value] of Object.entries(credentials.$source ?? {})) { - (0, import_core2.setFeature)(context, key, value); - } + return to; +}; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/loadSso.ts +var loadSso_exports = {}; +__export(loadSso_exports, { + GetRoleCredentialsCommand: () => import_client_sso.GetRoleCredentialsCommand, + SSOClient: () => import_client_sso.SSOClient +}); +var import_client_sso; +var init_loadSso = __esm({ + "src/loadSso.ts"() { + "use strict"; + import_client_sso = __nccwpck_require__(2666); } -} -__name(checkFeatures, "checkFeatures"); +}); -// src/constants.ts -var USER_AGENT = "user-agent"; -var X_AMZ_USER_AGENT = "x-amz-user-agent"; -var SPACE = " "; -var UA_NAME_SEPARATOR = "/"; -var UA_NAME_ESCAPE_REGEX = /[^\!\$\%\&\'\*\+\-\.\^\_\`\|\~\d\w]/g; -var UA_VALUE_ESCAPE_REGEX = /[^\!\$\%\&\'\*\+\-\.\^\_\`\|\~\d\w\#]/g; -var UA_ESCAPE_CHAR = "-"; +// src/index.ts +var index_exports = {}; +__export(index_exports, { + fromSSO: () => fromSSO, + isSsoProfile: () => isSsoProfile, + validateSsoProfile: () => validateSsoProfile +}); +module.exports = __toCommonJS(index_exports); -// src/encode-features.ts -var BYTE_LIMIT = 1024; -function encodeFeatures(features) { - let buffer = ""; - for (const key in features) { - const val = features[key]; - if (buffer.length + val.length + 1 <= BYTE_LIMIT) { - if (buffer.length) { - buffer += "," + val; - } else { - buffer += val; - } - continue; +// src/fromSSO.ts + + + +// src/isSsoProfile.ts +var isSsoProfile = /* @__PURE__ */ __name((arg) => arg && (typeof arg.sso_start_url === "string" || typeof arg.sso_account_id === "string" || typeof arg.sso_session === "string" || typeof arg.sso_region === "string" || typeof arg.sso_role_name === "string"), "isSsoProfile"); + +// src/resolveSSOCredentials.ts +var import_client = __nccwpck_require__(2825); +var import_token_providers = __nccwpck_require__(2843); +var import_property_provider = __nccwpck_require__(9721); +var import_shared_ini_file_loader = __nccwpck_require__(3507); +var SHOULD_FAIL_CREDENTIAL_CHAIN = false; +var resolveSSOCredentials = /* @__PURE__ */ __name(async ({ + ssoStartUrl, + ssoSession, + ssoAccountId, + ssoRegion, + ssoRoleName, + ssoClient, + clientConfig, + parentClientConfig, + profile, + logger +}) => { + let token; + const refreshMessage = `To refresh this SSO session run aws sso login with the corresponding profile.`; + if (ssoSession) { + try { + const _token = await (0, import_token_providers.fromSso)({ profile })(); + token = { + accessToken: _token.token, + expiresAt: new Date(_token.expiration).toISOString() + }; + } catch (e) { + throw new import_property_provider.CredentialsProviderError(e.message, { + tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, + logger + }); + } + } else { + try { + token = await (0, import_shared_ini_file_loader.getSSOTokenFromFile)(ssoStartUrl); + } catch (e) { + throw new import_property_provider.CredentialsProviderError(`The SSO session associated with this profile is invalid. ${refreshMessage}`, { + tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, + logger + }); } - break; } - return buffer; -} -__name(encodeFeatures, "encodeFeatures"); - -// src/user-agent-middleware.ts -var userAgentMiddleware = /* @__PURE__ */ __name((options) => (next, context) => async (args) => { - const { request } = args; - if (!import_protocol_http.HttpRequest.isInstance(request)) { - return next(args); + if (new Date(token.expiresAt).getTime() - Date.now() <= 0) { + throw new import_property_provider.CredentialsProviderError(`The SSO session associated with this profile has expired. ${refreshMessage}`, { + tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, + logger + }); } - const { headers } = request; - const userAgent = context?.userAgent?.map(escapeUserAgent) || []; - const defaultUserAgent = (await options.defaultUserAgentProvider()).map(escapeUserAgent); - await checkFeatures(context, options, args); - const awsContext = context; - defaultUserAgent.push( - `m/${encodeFeatures( - Object.assign({}, context.__smithy_context?.features, awsContext.__aws_sdk_context?.features) - )}` + const { accessToken } = token; + const { SSOClient: SSOClient2, GetRoleCredentialsCommand: GetRoleCredentialsCommand2 } = await Promise.resolve().then(() => (init_loadSso(), loadSso_exports)); + const sso = ssoClient || new SSOClient2( + Object.assign({}, clientConfig ?? {}, { + logger: clientConfig?.logger ?? parentClientConfig?.logger, + region: clientConfig?.region ?? ssoRegion + }) ); - const customUserAgent = options?.customUserAgent?.map(escapeUserAgent) || []; - const appId = await options.userAgentAppId(); - if (appId) { - defaultUserAgent.push(escapeUserAgent([`app/${appId}`])); + let ssoResp; + try { + ssoResp = await sso.send( + new GetRoleCredentialsCommand2({ + accountId: ssoAccountId, + roleName: ssoRoleName, + accessToken + }) + ); + } catch (e) { + throw new import_property_provider.CredentialsProviderError(e, { + tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, + logger + }); } - const prefix = (0, import_util_endpoints.getUserAgentPrefix)(); - const sdkUserAgentValue = (prefix ? [prefix] : []).concat([...defaultUserAgent, ...userAgent, ...customUserAgent]).join(SPACE); - const normalUAValue = [ - ...defaultUserAgent.filter((section) => section.startsWith("aws-sdk-")), - ...customUserAgent - ].join(SPACE); - if (options.runtime !== "browser") { - if (normalUAValue) { - headers[X_AMZ_USER_AGENT] = headers[X_AMZ_USER_AGENT] ? `${headers[USER_AGENT]} ${normalUAValue}` : normalUAValue; - } - headers[USER_AGENT] = sdkUserAgentValue; + const { + roleCredentials: { accessKeyId, secretAccessKey, sessionToken, expiration, credentialScope, accountId } = {} + } = ssoResp; + if (!accessKeyId || !secretAccessKey || !sessionToken || !expiration) { + throw new import_property_provider.CredentialsProviderError("SSO returns an invalid temporary credential.", { + tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, + logger + }); + } + const credentials = { + accessKeyId, + secretAccessKey, + sessionToken, + expiration: new Date(expiration), + ...credentialScope && { credentialScope }, + ...accountId && { accountId } + }; + if (ssoSession) { + (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_SSO", "s"); } else { - headers[X_AMZ_USER_AGENT] = sdkUserAgentValue; + (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_SSO_LEGACY", "u"); } - return next({ - ...args, - request - }); -}, "userAgentMiddleware"); -var escapeUserAgent = /* @__PURE__ */ __name((userAgentPair) => { - const name = userAgentPair[0].split(UA_NAME_SEPARATOR).map((part) => part.replace(UA_NAME_ESCAPE_REGEX, UA_ESCAPE_CHAR)).join(UA_NAME_SEPARATOR); - const version = userAgentPair[1]?.replace(UA_VALUE_ESCAPE_REGEX, UA_ESCAPE_CHAR); - const prefixSeparatorIndex = name.indexOf(UA_NAME_SEPARATOR); - const prefix = name.substring(0, prefixSeparatorIndex); - let uaName = name.substring(prefixSeparatorIndex + 1); - if (prefix === "api") { - uaName = uaName.toLowerCase(); + return credentials; +}, "resolveSSOCredentials"); + +// src/validateSsoProfile.ts + +var validateSsoProfile = /* @__PURE__ */ __name((profile, logger) => { + const { sso_start_url, sso_account_id, sso_region, sso_role_name } = profile; + if (!sso_start_url || !sso_account_id || !sso_region || !sso_role_name) { + throw new import_property_provider.CredentialsProviderError( + `Profile is configured with invalid SSO credentials. Required parameters "sso_account_id", "sso_region", "sso_role_name", "sso_start_url". Got ${Object.keys(profile).join( + ", " + )} +Reference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`, + { tryNextLink: false, logger } + ); } - return [prefix, uaName, version].filter((item) => item && item.length > 0).reduce((acc, item, index) => { - switch (index) { - case 0: - return item; - case 1: - return `${acc}/${item}`; - default: - return `${acc}#${item}`; + return profile; +}, "validateSsoProfile"); + +// src/fromSSO.ts +var fromSSO = /* @__PURE__ */ __name((init = {}) => async ({ callerClientConfig } = {}) => { + init.logger?.debug("@aws-sdk/credential-provider-sso - fromSSO"); + const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoSession } = init; + const { ssoClient } = init; + const profileName = (0, import_shared_ini_file_loader.getProfileName)({ + profile: init.profile ?? callerClientConfig?.profile + }); + if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName && !ssoSession) { + const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init); + const profile = profiles[profileName]; + if (!profile) { + throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} was not found.`, { logger: init.logger }); } - }, ""); -}, "escapeUserAgent"); -var getUserAgentMiddlewareOptions = { - name: "getUserAgentMiddleware", - step: "build", - priority: "low", - tags: ["SET_USER_AGENT", "USER_AGENT"], - override: true -}; -var getUserAgentPlugin = /* @__PURE__ */ __name((config) => ({ - applyToStack: /* @__PURE__ */ __name((clientStack) => { - clientStack.add(userAgentMiddleware(config), getUserAgentMiddlewareOptions); - }, "applyToStack") -}), "getUserAgentPlugin"); + if (!isSsoProfile(profile)) { + throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} is not configured with SSO credentials.`, { + logger: init.logger + }); + } + if (profile?.sso_session) { + const ssoSessions = await (0, import_shared_ini_file_loader.loadSsoSessionData)(init); + const session = ssoSessions[profile.sso_session]; + const conflictMsg = ` configurations in profile ${profileName} and sso-session ${profile.sso_session}`; + if (ssoRegion && ssoRegion !== session.sso_region) { + throw new import_property_provider.CredentialsProviderError(`Conflicting SSO region` + conflictMsg, { + tryNextLink: false, + logger: init.logger + }); + } + if (ssoStartUrl && ssoStartUrl !== session.sso_start_url) { + throw new import_property_provider.CredentialsProviderError(`Conflicting SSO start_url` + conflictMsg, { + tryNextLink: false, + logger: init.logger + }); + } + profile.sso_region = session.sso_region; + profile.sso_start_url = session.sso_start_url; + } + const { sso_start_url, sso_account_id, sso_region, sso_role_name, sso_session } = validateSsoProfile( + profile, + init.logger + ); + return resolveSSOCredentials({ + ssoStartUrl: sso_start_url, + ssoSession: sso_session, + ssoAccountId: sso_account_id, + ssoRegion: sso_region, + ssoRoleName: sso_role_name, + ssoClient, + clientConfig: init.clientConfig, + parentClientConfig: init.parentClientConfig, + profile: profileName + }); + } else if (!ssoStartUrl || !ssoAccountId || !ssoRegion || !ssoRoleName) { + throw new import_property_provider.CredentialsProviderError( + 'Incomplete configuration. The fromSSO() argument hash must include "ssoStartUrl", "ssoAccountId", "ssoRegion", "ssoRoleName"', + { tryNextLink: false, logger: init.logger } + ); + } else { + return resolveSSOCredentials({ + ssoStartUrl, + ssoSession, + ssoAccountId, + ssoRegion, + ssoRoleName, + ssoClient, + clientConfig: init.clientConfig, + parentClientConfig: init.parentClientConfig, + profile: profileName + }); + } +}, "fromSSO"); // Annotate the CommonJS export names for ESM import in node: 0 && (0); @@ -53187,112 +37969,150 @@ var getUserAgentPlugin = /* @__PURE__ */ __name((config) => ({ /***/ }), -/***/ 9414: +/***/ 5614: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.resolveHttpAuthSchemeConfig = exports.defaultSSOOIDCHttpAuthSchemeProvider = exports.defaultSSOOIDCHttpAuthSchemeParametersProvider = void 0; -const core_1 = __nccwpck_require__(9963); -const util_middleware_1 = __nccwpck_require__(2390); -const defaultSSOOIDCHttpAuthSchemeParametersProvider = async (config, context, input) => { - return { - operation: (0, util_middleware_1.getSmithyContext)(context).operation, - region: (await (0, util_middleware_1.normalizeProvider)(config.region)()) || - (() => { - throw new Error("expected `region` to be configured for `aws.auth#sigv4`"); - })(), - }; -}; -exports.defaultSSOOIDCHttpAuthSchemeParametersProvider = defaultSSOOIDCHttpAuthSchemeParametersProvider; -function createAwsAuthSigv4HttpAuthOption(authParameters) { - return { - schemeId: "aws.auth#sigv4", - signingProperties: { - name: "sso-oauth", - region: authParameters.region, - }, - propertiesExtractor: (config, context) => ({ - signingProperties: { - config, - context, - }, - }), - }; -} -function createSmithyApiNoAuthHttpAuthOption(authParameters) { - return { - schemeId: "smithy.api#noAuth", - }; -} -const defaultSSOOIDCHttpAuthSchemeProvider = (authParameters) => { - const options = []; - switch (authParameters.operation) { - case "CreateToken": { - options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); - break; - } - default: { - options.push(createAwsAuthSigv4HttpAuthOption(authParameters)); - } +exports.fromTokenFile = void 0; +const client_1 = __nccwpck_require__(2825); +const property_provider_1 = __nccwpck_require__(9721); +const fs_1 = __nccwpck_require__(7147); +const fromWebToken_1 = __nccwpck_require__(7905); +const ENV_TOKEN_FILE = "AWS_WEB_IDENTITY_TOKEN_FILE"; +const ENV_ROLE_ARN = "AWS_ROLE_ARN"; +const ENV_ROLE_SESSION_NAME = "AWS_ROLE_SESSION_NAME"; +const fromTokenFile = (init = {}) => async () => { + init.logger?.debug("@aws-sdk/credential-provider-web-identity - fromTokenFile"); + const webIdentityTokenFile = init?.webIdentityTokenFile ?? process.env[ENV_TOKEN_FILE]; + const roleArn = init?.roleArn ?? process.env[ENV_ROLE_ARN]; + const roleSessionName = init?.roleSessionName ?? process.env[ENV_ROLE_SESSION_NAME]; + if (!webIdentityTokenFile || !roleArn) { + throw new property_provider_1.CredentialsProviderError("Web identity configuration not specified", { + logger: init.logger, + }); } - return options; -}; -exports.defaultSSOOIDCHttpAuthSchemeProvider = defaultSSOOIDCHttpAuthSchemeProvider; -const resolveHttpAuthSchemeConfig = (config) => { - const config_0 = (0, core_1.resolveAwsSdkSigV4Config)(config); - return Object.assign(config_0, { - authSchemePreference: (0, util_middleware_1.normalizeProvider)(config.authSchemePreference ?? []), - }); + const credentials = await (0, fromWebToken_1.fromWebToken)({ + ...init, + webIdentityToken: (0, fs_1.readFileSync)(webIdentityTokenFile, { encoding: "ascii" }), + roleArn, + roleSessionName, + })(); + if (webIdentityTokenFile === process.env[ENV_TOKEN_FILE]) { + (0, client_1.setCredentialFeature)(credentials, "CREDENTIALS_ENV_VARS_STS_WEB_ID_TOKEN", "h"); + } + return credentials; }; -exports.resolveHttpAuthSchemeConfig = resolveHttpAuthSchemeConfig; +exports.fromTokenFile = fromTokenFile; /***/ }), -/***/ 5: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { +/***/ 7905: +/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { "use strict"; -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.defaultEndpointResolver = void 0; -const util_endpoints_1 = __nccwpck_require__(3350); -const util_endpoints_2 = __nccwpck_require__(5473); -const ruleset_1 = __nccwpck_require__(932); -const cache = new util_endpoints_2.EndpointCache({ - size: 50, - params: ["Endpoint", "Region", "UseDualStack", "UseFIPS"], +var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { + if (k2 === undefined) k2 = k; + var desc = Object.getOwnPropertyDescriptor(m, k); + if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { + desc = { enumerable: true, get: function() { return m[k]; } }; + } + Object.defineProperty(o, k2, desc); +}) : (function(o, m, k, k2) { + if (k2 === undefined) k2 = k; + o[k2] = m[k]; +})); +var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { + Object.defineProperty(o, "default", { enumerable: true, value: v }); +}) : function(o, v) { + o["default"] = v; }); -const defaultEndpointResolver = (endpointParams, context = {}) => { - return cache.get(endpointParams, () => (0, util_endpoints_2.resolveEndpoint)(ruleset_1.ruleSet, { - endpointParams: endpointParams, - logger: context.logger, - })); +var __importStar = (this && this.__importStar) || (function () { + var ownKeys = function(o) { + ownKeys = Object.getOwnPropertyNames || function (o) { + var ar = []; + for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k; + return ar; + }; + return ownKeys(o); + }; + return function (mod) { + if (mod && mod.__esModule) return mod; + var result = {}; + if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]); + __setModuleDefault(result, mod); + return result; + }; +})(); +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.fromWebToken = void 0; +const fromWebToken = (init) => async (awsIdentityProperties) => { + init.logger?.debug("@aws-sdk/credential-provider-web-identity - fromWebToken"); + const { roleArn, roleSessionName, webIdentityToken, providerId, policyArns, policy, durationSeconds } = init; + let { roleAssumerWithWebIdentity } = init; + if (!roleAssumerWithWebIdentity) { + const { getDefaultRoleAssumerWithWebIdentity } = await Promise.resolve().then(() => __importStar(__nccwpck_require__(2273))); + roleAssumerWithWebIdentity = getDefaultRoleAssumerWithWebIdentity({ + ...init.clientConfig, + credentialProviderLogger: init.logger, + parentClientConfig: { + ...awsIdentityProperties?.callerClientConfig, + ...init.parentClientConfig, + }, + }, init.clientPlugins); + } + return roleAssumerWithWebIdentity({ + RoleArn: roleArn, + RoleSessionName: roleSessionName ?? `aws-sdk-js-session-${Date.now()}`, + WebIdentityToken: webIdentityToken, + ProviderId: providerId, + PolicyArns: policyArns, + Policy: policy, + DurationSeconds: durationSeconds, + }); }; -exports.defaultEndpointResolver = defaultEndpointResolver; -util_endpoints_2.customEndpointFunctions.aws = util_endpoints_1.awsEndpointFunctions; +exports.fromWebToken = fromWebToken; /***/ }), -/***/ 932: -/***/ ((__unused_webpack_module, exports) => { +/***/ 5646: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.ruleSet = void 0; -const u = "required", v = "fn", w = "argv", x = "ref"; -const a = true, b = "isSet", c = "booleanEquals", d = "error", e = "endpoint", f = "tree", g = "PartitionResult", h = "getAttr", i = { [u]: false, "type": "String" }, j = { [u]: true, "default": false, "type": "Boolean" }, k = { [x]: "Endpoint" }, l = { [v]: c, [w]: [{ [x]: "UseFIPS" }, true] }, m = { [v]: c, [w]: [{ [x]: "UseDualStack" }, true] }, n = {}, o = { [v]: h, [w]: [{ [x]: g }, "supportsFIPS"] }, p = { [x]: g }, q = { [v]: c, [w]: [true, { [v]: h, [w]: [p, "supportsDualStack"] }] }, r = [l], s = [m], t = [{ [x]: "Region" }]; -const _data = { version: "1.0", parameters: { Region: i, UseDualStack: j, UseFIPS: j, Endpoint: i }, rules: [{ conditions: [{ [v]: b, [w]: [k] }], rules: [{ conditions: r, error: "Invalid Configuration: FIPS and custom endpoint are not supported", type: d }, { conditions: s, error: "Invalid Configuration: Dualstack and custom endpoint are not supported", type: d }, { endpoint: { url: k, properties: n, headers: n }, type: e }], type: f }, { conditions: [{ [v]: b, [w]: t }], rules: [{ conditions: [{ [v]: "aws.partition", [w]: t, assign: g }], rules: [{ conditions: [l, m], rules: [{ conditions: [{ [v]: c, [w]: [a, o] }, q], rules: [{ endpoint: { url: "https://oidc-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: n, headers: n }, type: e }], type: f }, { error: "FIPS and DualStack are enabled, but this partition does not support one or both", type: d }], type: f }, { conditions: r, rules: [{ conditions: [{ [v]: c, [w]: [o, a] }], rules: [{ conditions: [{ [v]: "stringEquals", [w]: [{ [v]: h, [w]: [p, "name"] }, "aws-us-gov"] }], endpoint: { url: "https://oidc.{Region}.amazonaws.com", properties: n, headers: n }, type: e }, { endpoint: { url: "https://oidc-fips.{Region}.{PartitionResult#dnsSuffix}", properties: n, headers: n }, type: e }], type: f }, { error: "FIPS is enabled but this partition does not support FIPS", type: d }], type: f }, { conditions: s, rules: [{ conditions: [q], rules: [{ endpoint: { url: "https://oidc.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: n, headers: n }, type: e }], type: f }, { error: "DualStack is enabled but this partition does not support DualStack", type: d }], type: f }, { endpoint: { url: "https://oidc.{Region}.{PartitionResult#dnsSuffix}", properties: n, headers: n }, type: e }], type: f }], type: f }, { error: "Invalid Configuration: Missing Region", type: d }] }; -exports.ruleSet = _data; +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + } + return to; +}; +var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default")); +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/index.ts +var index_exports = {}; +module.exports = __toCommonJS(index_exports); +__reExport(index_exports, __nccwpck_require__(5614), module.exports); +__reExport(index_exports, __nccwpck_require__(7905), module.exports); +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); + /***/ }), -/***/ 7334: +/***/ 6689: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; @@ -53316,1203 +38136,1129 @@ var __copyProps = (to, from, except, desc) => { }; var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -// src/submodules/sso-oidc/index.ts +// src/index.ts var index_exports = {}; __export(index_exports, { - $Command: () => import_smithy_client6.Command, - AccessDeniedException: () => AccessDeniedException, - AuthorizationPendingException: () => AuthorizationPendingException, - CreateTokenCommand: () => CreateTokenCommand, - CreateTokenRequestFilterSensitiveLog: () => CreateTokenRequestFilterSensitiveLog, - CreateTokenResponseFilterSensitiveLog: () => CreateTokenResponseFilterSensitiveLog, - ExpiredTokenException: () => ExpiredTokenException, - InternalServerException: () => InternalServerException, - InvalidClientException: () => InvalidClientException, - InvalidGrantException: () => InvalidGrantException, - InvalidRequestException: () => InvalidRequestException, - InvalidScopeException: () => InvalidScopeException, - SSOOIDC: () => SSOOIDC, - SSOOIDCClient: () => SSOOIDCClient, - SSOOIDCServiceException: () => SSOOIDCServiceException, - SlowDownException: () => SlowDownException, - UnauthorizedClientException: () => UnauthorizedClientException, - UnsupportedGrantTypeException: () => UnsupportedGrantTypeException, - __Client: () => import_smithy_client2.Client + NODE_DISABLE_MULTIREGION_ACCESS_POINT_CONFIG_OPTIONS: () => NODE_DISABLE_MULTIREGION_ACCESS_POINT_CONFIG_OPTIONS, + NODE_DISABLE_MULTIREGION_ACCESS_POINT_ENV_NAME: () => NODE_DISABLE_MULTIREGION_ACCESS_POINT_ENV_NAME, + NODE_DISABLE_MULTIREGION_ACCESS_POINT_INI_NAME: () => NODE_DISABLE_MULTIREGION_ACCESS_POINT_INI_NAME, + NODE_USE_ARN_REGION_CONFIG_OPTIONS: () => NODE_USE_ARN_REGION_CONFIG_OPTIONS, + NODE_USE_ARN_REGION_ENV_NAME: () => NODE_USE_ARN_REGION_ENV_NAME, + NODE_USE_ARN_REGION_INI_NAME: () => NODE_USE_ARN_REGION_INI_NAME, + bucketEndpointMiddleware: () => bucketEndpointMiddleware, + bucketEndpointMiddlewareOptions: () => bucketEndpointMiddlewareOptions, + bucketHostname: () => bucketHostname, + getArnResources: () => getArnResources, + getBucketEndpointPlugin: () => getBucketEndpointPlugin, + getSuffixForArnEndpoint: () => getSuffixForArnEndpoint, + resolveBucketEndpointConfig: () => resolveBucketEndpointConfig, + validateAccountId: () => validateAccountId, + validateDNSHostLabel: () => validateDNSHostLabel, + validateNoDualstack: () => validateNoDualstack, + validateNoFIPS: () => validateNoFIPS, + validateOutpostService: () => validateOutpostService, + validatePartition: () => validatePartition, + validateRegion: () => validateRegion }); module.exports = __toCommonJS(index_exports); -// src/submodules/sso-oidc/SSOOIDCClient.ts -var import_middleware_host_header = __nccwpck_require__(2545); -var import_middleware_logger = __nccwpck_require__(14); -var import_middleware_recursion_detection = __nccwpck_require__(5525); -var import_middleware_user_agent = __nccwpck_require__(4688); -var import_config_resolver = __nccwpck_require__(3098); -var import_core = __nccwpck_require__(5829); -var import_middleware_content_length = __nccwpck_require__(2800); -var import_middleware_endpoint = __nccwpck_require__(2918); -var import_middleware_retry = __nccwpck_require__(6039); -var import_smithy_client2 = __nccwpck_require__(3570); -var import_httpAuthSchemeProvider = __nccwpck_require__(9414); - -// src/submodules/sso-oidc/endpoint/EndpointParameters.ts -var resolveClientEndpointParameters = /* @__PURE__ */ __name((options) => { - return Object.assign(options, { - useDualstackEndpoint: options.useDualstackEndpoint ?? false, - useFipsEndpoint: options.useFipsEndpoint ?? false, - defaultSigningName: "sso-oauth" - }); -}, "resolveClientEndpointParameters"); -var commonParams = { - UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, - Endpoint: { type: "builtInParams", name: "endpoint" }, - Region: { type: "builtInParams", name: "region" }, - UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" } +// src/NodeDisableMultiregionAccessPointConfigOptions.ts +var import_util_config_provider = __nccwpck_require__(3375); +var NODE_DISABLE_MULTIREGION_ACCESS_POINT_ENV_NAME = "AWS_S3_DISABLE_MULTIREGION_ACCESS_POINTS"; +var NODE_DISABLE_MULTIREGION_ACCESS_POINT_INI_NAME = "s3_disable_multiregion_access_points"; +var NODE_DISABLE_MULTIREGION_ACCESS_POINT_CONFIG_OPTIONS = { + environmentVariableSelector: /* @__PURE__ */ __name((env) => (0, import_util_config_provider.booleanSelector)(env, NODE_DISABLE_MULTIREGION_ACCESS_POINT_ENV_NAME, import_util_config_provider.SelectorType.ENV), "environmentVariableSelector"), + configFileSelector: /* @__PURE__ */ __name((profile) => (0, import_util_config_provider.booleanSelector)(profile, NODE_DISABLE_MULTIREGION_ACCESS_POINT_INI_NAME, import_util_config_provider.SelectorType.CONFIG), "configFileSelector"), + default: false }; -// src/submodules/sso-oidc/SSOOIDCClient.ts -var import_runtimeConfig = __nccwpck_require__(7277); - -// src/submodules/sso-oidc/runtimeExtensions.ts -var import_region_config_resolver = __nccwpck_require__(8156); -var import_protocol_http = __nccwpck_require__(4418); -var import_smithy_client = __nccwpck_require__(3570); - -// src/submodules/sso-oidc/auth/httpAuthExtensionConfiguration.ts -var getHttpAuthExtensionConfiguration = /* @__PURE__ */ __name((runtimeConfig) => { - const _httpAuthSchemes = runtimeConfig.httpAuthSchemes; - let _httpAuthSchemeProvider = runtimeConfig.httpAuthSchemeProvider; - let _credentials = runtimeConfig.credentials; - return { - setHttpAuthScheme(httpAuthScheme) { - const index = _httpAuthSchemes.findIndex((scheme) => scheme.schemeId === httpAuthScheme.schemeId); - if (index === -1) { - _httpAuthSchemes.push(httpAuthScheme); - } else { - _httpAuthSchemes.splice(index, 1, httpAuthScheme); - } - }, - httpAuthSchemes() { - return _httpAuthSchemes; - }, - setHttpAuthSchemeProvider(httpAuthSchemeProvider) { - _httpAuthSchemeProvider = httpAuthSchemeProvider; - }, - httpAuthSchemeProvider() { - return _httpAuthSchemeProvider; - }, - setCredentials(credentials) { - _credentials = credentials; - }, - credentials() { - return _credentials; - } - }; -}, "getHttpAuthExtensionConfiguration"); -var resolveHttpAuthRuntimeConfig = /* @__PURE__ */ __name((config) => { - return { - httpAuthSchemes: config.httpAuthSchemes(), - httpAuthSchemeProvider: config.httpAuthSchemeProvider(), - credentials: config.credentials() - }; -}, "resolveHttpAuthRuntimeConfig"); - -// src/submodules/sso-oidc/runtimeExtensions.ts -var resolveRuntimeExtensions = /* @__PURE__ */ __name((runtimeConfig, extensions) => { - const extensionConfiguration = Object.assign( - (0, import_region_config_resolver.getAwsRegionExtensionConfiguration)(runtimeConfig), - (0, import_smithy_client.getDefaultExtensionConfiguration)(runtimeConfig), - (0, import_protocol_http.getHttpHandlerExtensionConfiguration)(runtimeConfig), - getHttpAuthExtensionConfiguration(runtimeConfig) - ); - extensions.forEach((extension) => extension.configure(extensionConfiguration)); - return Object.assign( - runtimeConfig, - (0, import_region_config_resolver.resolveAwsRegionExtensionConfiguration)(extensionConfiguration), - (0, import_smithy_client.resolveDefaultRuntimeConfig)(extensionConfiguration), - (0, import_protocol_http.resolveHttpHandlerRuntimeConfig)(extensionConfiguration), - resolveHttpAuthRuntimeConfig(extensionConfiguration) - ); -}, "resolveRuntimeExtensions"); +// src/NodeUseArnRegionConfigOptions.ts -// src/submodules/sso-oidc/SSOOIDCClient.ts -var SSOOIDCClient = class extends import_smithy_client2.Client { - static { - __name(this, "SSOOIDCClient"); - } - /** - * The resolved configuration of SSOOIDCClient class. This is resolved and normalized from the {@link SSOOIDCClientConfig | constructor configuration interface}. - */ - config; - constructor(...[configuration]) { - const _config_0 = (0, import_runtimeConfig.getRuntimeConfig)(configuration || {}); - super(_config_0); - this.initConfig = _config_0; - const _config_1 = resolveClientEndpointParameters(_config_0); - const _config_2 = (0, import_middleware_user_agent.resolveUserAgentConfig)(_config_1); - const _config_3 = (0, import_middleware_retry.resolveRetryConfig)(_config_2); - const _config_4 = (0, import_config_resolver.resolveRegionConfig)(_config_3); - const _config_5 = (0, import_middleware_host_header.resolveHostHeaderConfig)(_config_4); - const _config_6 = (0, import_middleware_endpoint.resolveEndpointConfig)(_config_5); - const _config_7 = (0, import_httpAuthSchemeProvider.resolveHttpAuthSchemeConfig)(_config_6); - const _config_8 = resolveRuntimeExtensions(_config_7, configuration?.extensions || []); - this.config = _config_8; - this.middlewareStack.use((0, import_middleware_user_agent.getUserAgentPlugin)(this.config)); - this.middlewareStack.use((0, import_middleware_retry.getRetryPlugin)(this.config)); - this.middlewareStack.use((0, import_middleware_content_length.getContentLengthPlugin)(this.config)); - this.middlewareStack.use((0, import_middleware_host_header.getHostHeaderPlugin)(this.config)); - this.middlewareStack.use((0, import_middleware_logger.getLoggerPlugin)(this.config)); - this.middlewareStack.use((0, import_middleware_recursion_detection.getRecursionDetectionPlugin)(this.config)); - this.middlewareStack.use( - (0, import_core.getHttpAuthSchemeEndpointRuleSetPlugin)(this.config, { - httpAuthSchemeParametersProvider: import_httpAuthSchemeProvider.defaultSSOOIDCHttpAuthSchemeParametersProvider, - identityProviderConfigProvider: /* @__PURE__ */ __name(async (config) => new import_core.DefaultIdentityProviderConfig({ - "aws.auth#sigv4": config.credentials - }), "identityProviderConfigProvider") - }) - ); - this.middlewareStack.use((0, import_core.getHttpSigningPlugin)(this.config)); - } +var NODE_USE_ARN_REGION_ENV_NAME = "AWS_S3_USE_ARN_REGION"; +var NODE_USE_ARN_REGION_INI_NAME = "s3_use_arn_region"; +var NODE_USE_ARN_REGION_CONFIG_OPTIONS = { + environmentVariableSelector: /* @__PURE__ */ __name((env) => (0, import_util_config_provider.booleanSelector)(env, NODE_USE_ARN_REGION_ENV_NAME, import_util_config_provider.SelectorType.ENV), "environmentVariableSelector"), + configFileSelector: /* @__PURE__ */ __name((profile) => (0, import_util_config_provider.booleanSelector)(profile, NODE_USE_ARN_REGION_INI_NAME, import_util_config_provider.SelectorType.CONFIG), "configFileSelector"), /** - * Destroy underlying resources, like sockets. It's usually not necessary to do this. - * However in Node.js, it's best to explicitly shut down the client's agent when it is no longer needed. - * Otherwise, sockets might stay open for quite a long time before the server terminates them. + * useArnRegion has specific behavior when undefined instead of false. + * We therefore use undefined as the default value instead of false. */ - destroy() { - super.destroy(); - } + default: void 0 }; -// src/submodules/sso-oidc/SSOOIDC.ts -var import_smithy_client7 = __nccwpck_require__(3570); - -// src/submodules/sso-oidc/commands/CreateTokenCommand.ts -var import_middleware_endpoint2 = __nccwpck_require__(2918); -var import_middleware_serde = __nccwpck_require__(1238); -var import_smithy_client6 = __nccwpck_require__(3570); - -// src/submodules/sso-oidc/models/models_0.ts -var import_smithy_client4 = __nccwpck_require__(3570); +// src/bucketEndpointMiddleware.ts +var import_util_arn_parser = __nccwpck_require__(5487); +var import_protocol_http = __nccwpck_require__(4418); -// src/submodules/sso-oidc/models/SSOOIDCServiceException.ts -var import_smithy_client3 = __nccwpck_require__(3570); -var SSOOIDCServiceException = class _SSOOIDCServiceException extends import_smithy_client3.ServiceException { - static { - __name(this, "SSOOIDCServiceException"); +// src/bucketHostnameUtils.ts +var DOMAIN_PATTERN = /^[a-z0-9][a-z0-9\.\-]{1,61}[a-z0-9]$/; +var IP_ADDRESS_PATTERN = /(\d+\.){3}\d+/; +var DOTS_PATTERN = /\.\./; +var DOT_PATTERN = /\./; +var S3_HOSTNAME_PATTERN = /^(.+\.)?s3(-fips)?(\.dualstack)?[.-]([a-z0-9-]+)\./; +var S3_US_EAST_1_ALTNAME_PATTERN = /^s3(-external-1)?\.amazonaws\.com$/; +var AWS_PARTITION_SUFFIX = "amazonaws.com"; +var isBucketNameOptions = /* @__PURE__ */ __name((options) => typeof options.bucketName === "string", "isBucketNameOptions"); +var isDnsCompatibleBucketName = /* @__PURE__ */ __name((bucketName) => DOMAIN_PATTERN.test(bucketName) && !IP_ADDRESS_PATTERN.test(bucketName) && !DOTS_PATTERN.test(bucketName), "isDnsCompatibleBucketName"); +var getRegionalSuffix = /* @__PURE__ */ __name((hostname) => { + const parts = hostname.match(S3_HOSTNAME_PATTERN); + return [parts[4], hostname.replace(new RegExp(`^${parts[0]}`), "")]; +}, "getRegionalSuffix"); +var getSuffix = /* @__PURE__ */ __name((hostname) => S3_US_EAST_1_ALTNAME_PATTERN.test(hostname) ? ["us-east-1", AWS_PARTITION_SUFFIX] : getRegionalSuffix(hostname), "getSuffix"); +var getSuffixForArnEndpoint = /* @__PURE__ */ __name((hostname) => S3_US_EAST_1_ALTNAME_PATTERN.test(hostname) ? [hostname.replace(`.${AWS_PARTITION_SUFFIX}`, ""), AWS_PARTITION_SUFFIX] : getRegionalSuffix(hostname), "getSuffixForArnEndpoint"); +var validateArnEndpointOptions = /* @__PURE__ */ __name((options) => { + if (options.pathStyleEndpoint) { + throw new Error("Path-style S3 endpoint is not supported when bucket is an ARN"); } - /** - * @internal - */ - constructor(options) { - super(options); - Object.setPrototypeOf(this, _SSOOIDCServiceException.prototype); + if (options.accelerateEndpoint) { + throw new Error("Accelerate endpoint is not supported when bucket is an ARN"); } -}; - -// src/submodules/sso-oidc/models/models_0.ts -var AccessDeniedException = class _AccessDeniedException extends SSOOIDCServiceException { - static { - __name(this, "AccessDeniedException"); + if (!options.tlsCompatible) { + throw new Error("HTTPS is required when bucket is an ARN"); } - name = "AccessDeniedException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be access_denied.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { - super({ - name: "AccessDeniedException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _AccessDeniedException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; +}, "validateArnEndpointOptions"); +var validateService = /* @__PURE__ */ __name((service) => { + if (service !== "s3" && service !== "s3-outposts" && service !== "s3-object-lambda") { + throw new Error("Expect 's3' or 's3-outposts' or 's3-object-lambda' in ARN service component"); } -}; -var AuthorizationPendingException = class _AuthorizationPendingException extends SSOOIDCServiceException { - static { - __name(this, "AuthorizationPendingException"); +}, "validateService"); +var validateS3Service = /* @__PURE__ */ __name((service) => { + if (service !== "s3") { + throw new Error("Expect 's3' in Accesspoint ARN service component"); } - name = "AuthorizationPendingException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be
- * authorization_pending.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { - super({ - name: "AuthorizationPendingException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _AuthorizationPendingException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; +}, "validateS3Service"); +var validateOutpostService = /* @__PURE__ */ __name((service) => { + if (service !== "s3-outposts") { + throw new Error("Expect 's3-posts' in Outpost ARN service component"); + } +}, "validateOutpostService"); +var validatePartition = /* @__PURE__ */ __name((partition, options) => { + if (partition !== options.clientPartition) { + throw new Error(`Partition in ARN is incompatible, got "${partition}" but expected "${options.clientPartition}"`); } -}; -var CreateTokenRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.clientSecret && { clientSecret: import_smithy_client4.SENSITIVE_STRING }, - ...obj.refreshToken && { refreshToken: import_smithy_client4.SENSITIVE_STRING }, - ...obj.codeVerifier && { codeVerifier: import_smithy_client4.SENSITIVE_STRING } -}), "CreateTokenRequestFilterSensitiveLog"); -var CreateTokenResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.accessToken && { accessToken: import_smithy_client4.SENSITIVE_STRING }, - ...obj.refreshToken && { refreshToken: import_smithy_client4.SENSITIVE_STRING }, - ...obj.idToken && { idToken: import_smithy_client4.SENSITIVE_STRING } -}), "CreateTokenResponseFilterSensitiveLog"); -var ExpiredTokenException = class _ExpiredTokenException extends SSOOIDCServiceException { - static { - __name(this, "ExpiredTokenException"); +}, "validatePartition"); +var validateRegion = /* @__PURE__ */ __name((region, options) => { +}, "validateRegion"); +var validateRegionalClient = /* @__PURE__ */ __name((region) => { + if (["s3-external-1", "aws-global"].includes(region)) { + throw new Error(`Client region ${region} is not regional`); } - name = "ExpiredTokenException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be expired_token.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { - super({ - name: "ExpiredTokenException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _ExpiredTokenException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; +}, "validateRegionalClient"); +var validateAccountId = /* @__PURE__ */ __name((accountId) => { + if (!/[0-9]{12}/.exec(accountId)) { + throw new Error("Access point ARN accountID does not match regex '[0-9]{12}'"); } -}; -var InternalServerException = class _InternalServerException extends SSOOIDCServiceException { - static { - __name(this, "InternalServerException"); +}, "validateAccountId"); +var validateDNSHostLabel = /* @__PURE__ */ __name((label, options = { tlsCompatible: true }) => { + if (label.length >= 64 || !/^[a-z0-9][a-z0-9.-]*[a-z0-9]$/.test(label) || /(\d+\.){3}\d+/.test(label) || /[.-]{2}/.test(label) || options?.tlsCompatible && DOT_PATTERN.test(label)) { + throw new Error(`Invalid DNS label ${label}`); } - name = "InternalServerException"; - $fault = "server"; - /** - *Single error code. For this exception the value will be server_error.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { - super({ - name: "InternalServerException", - $fault: "server", - ...opts - }); - Object.setPrototypeOf(this, _InternalServerException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; +}, "validateDNSHostLabel"); +var validateCustomEndpoint = /* @__PURE__ */ __name((options) => { + if (options.isCustomEndpoint) { + if (options.dualstackEndpoint) throw new Error("Dualstack endpoint is not supported with custom endpoint"); + if (options.accelerateEndpoint) throw new Error("Accelerate endpoint is not supported with custom endpoint"); } -}; -var InvalidClientException = class _InvalidClientException extends SSOOIDCServiceException { - static { - __name(this, "InvalidClientException"); +}, "validateCustomEndpoint"); +var getArnResources = /* @__PURE__ */ __name((resource) => { + const delimiter = resource.includes(":") ? ":" : "/"; + const [resourceType, ...rest] = resource.split(delimiter); + if (resourceType === "accesspoint") { + if (rest.length !== 1 || rest[0] === "") { + throw new Error(`Access Point ARN should have one resource accesspoint${delimiter}{accesspointname}`); + } + return { accesspointName: rest[0] }; + } else if (resourceType === "outpost") { + if (!rest[0] || rest[1] !== "accesspoint" || !rest[2] || rest.length !== 3) { + throw new Error( + `Outpost ARN should have resource outpost${delimiter}{outpostId}${delimiter}accesspoint${delimiter}{accesspointName}` + ); + } + const [outpostId, _, accesspointName] = rest; + return { outpostId, accesspointName }; + } else { + throw new Error(`ARN resource should begin with 'accesspoint${delimiter}' or 'outpost${delimiter}'`); } - name = "InvalidClientException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be
- * invalid_client.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { - super({ - name: "InvalidClientException", - $fault: "client", - ...opts +}, "getArnResources"); +var validateNoDualstack = /* @__PURE__ */ __name((dualstackEndpoint) => { +}, "validateNoDualstack"); +var validateNoFIPS = /* @__PURE__ */ __name((useFipsEndpoint) => { + if (useFipsEndpoint) throw new Error(`FIPS region is not supported with Outpost.`); +}, "validateNoFIPS"); +var validateMrapAlias = /* @__PURE__ */ __name((name) => { + try { + name.split(".").forEach((label) => { + validateDNSHostLabel(label); }); - Object.setPrototypeOf(this, _InvalidClientException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; + } catch (e) { + throw new Error(`"${name}" is not a DNS compatible name.`); } -}; -var InvalidGrantException = class _InvalidGrantException extends SSOOIDCServiceException { - static { - __name(this, "InvalidGrantException"); +}, "validateMrapAlias"); + +// src/bucketHostname.ts +var bucketHostname = /* @__PURE__ */ __name((options) => { + validateCustomEndpoint(options); + return isBucketNameOptions(options) ? ( + // Construct endpoint when bucketName is a string referring to a bucket name + getEndpointFromBucketName(options) + ) : ( + // Construct endpoint when bucketName is an ARN referring to an S3 resource like Access Point + getEndpointFromArn(options) + ); +}, "bucketHostname"); +var getEndpointFromBucketName = /* @__PURE__ */ __name(({ + accelerateEndpoint = false, + clientRegion: region, + baseHostname, + bucketName, + dualstackEndpoint = false, + fipsEndpoint = false, + pathStyleEndpoint = false, + tlsCompatible = true, + isCustomEndpoint = false +}) => { + const [clientRegion, hostnameSuffix] = isCustomEndpoint ? [region, baseHostname] : getSuffix(baseHostname); + if (pathStyleEndpoint || !isDnsCompatibleBucketName(bucketName) || tlsCompatible && DOT_PATTERN.test(bucketName)) { + return { + bucketEndpoint: false, + hostname: dualstackEndpoint ? `s3.dualstack.${clientRegion}.${hostnameSuffix}` : baseHostname + }; } - name = "InvalidGrantException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be invalid_grant.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { - super({ - name: "InvalidGrantException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _InvalidGrantException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; + if (accelerateEndpoint) { + baseHostname = `s3-accelerate${dualstackEndpoint ? ".dualstack" : ""}.${hostnameSuffix}`; + } else if (dualstackEndpoint) { + baseHostname = `s3.dualstack.${clientRegion}.${hostnameSuffix}`; } -}; -var InvalidRequestException = class _InvalidRequestException extends SSOOIDCServiceException { - static { - __name(this, "InvalidRequestException"); + return { + bucketEndpoint: true, + hostname: `${bucketName}.${baseHostname}` + }; +}, "getEndpointFromBucketName"); +var getEndpointFromArn = /* @__PURE__ */ __name((options) => { + const { isCustomEndpoint, baseHostname, clientRegion } = options; + const hostnameSuffix = isCustomEndpoint ? baseHostname : getSuffixForArnEndpoint(baseHostname)[1]; + const { + pathStyleEndpoint, + accelerateEndpoint = false, + fipsEndpoint = false, + tlsCompatible = true, + bucketName, + clientPartition = "aws" + } = options; + validateArnEndpointOptions({ pathStyleEndpoint, accelerateEndpoint, tlsCompatible }); + const { service, partition, accountId, region, resource } = bucketName; + validateService(service); + validatePartition(partition, { clientPartition }); + validateAccountId(accountId); + const { accesspointName, outpostId } = getArnResources(resource); + if (service === "s3-object-lambda") { + return getEndpointFromObjectLambdaArn({ ...options, tlsCompatible, bucketName, accesspointName, hostnameSuffix }); } - name = "InvalidRequestException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be
- * invalid_request.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { - super({ - name: "InvalidRequestException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _InvalidRequestException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; + if (region === "") { + return getEndpointFromMRAPArn({ ...options, clientRegion, mrapAlias: accesspointName, hostnameSuffix }); } -}; -var InvalidScopeException = class _InvalidScopeException extends SSOOIDCServiceException { - static { - __name(this, "InvalidScopeException"); + if (outpostId) { + return getEndpointFromOutpostArn({ ...options, clientRegion, outpostId, accesspointName, hostnameSuffix }); } - name = "InvalidScopeException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be invalid_scope.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { - super({ - name: "InvalidScopeException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _InvalidScopeException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; + return getEndpointFromAccessPointArn({ ...options, clientRegion, accesspointName, hostnameSuffix }); +}, "getEndpointFromArn"); +var getEndpointFromObjectLambdaArn = /* @__PURE__ */ __name(({ + dualstackEndpoint = false, + fipsEndpoint = false, + tlsCompatible = true, + useArnRegion, + clientRegion, + clientSigningRegion = clientRegion, + accesspointName, + bucketName, + hostnameSuffix +}) => { + const { accountId, region, service } = bucketName; + validateRegionalClient(clientRegion); + const DNSHostLabel = `${accesspointName}-${accountId}`; + validateDNSHostLabel(DNSHostLabel, { tlsCompatible }); + const endpointRegion = useArnRegion ? region : clientRegion; + const signingRegion = useArnRegion ? region : clientSigningRegion; + return { + bucketEndpoint: true, + hostname: `${DNSHostLabel}.${service}${fipsEndpoint ? "-fips" : ""}.${endpointRegion}.${hostnameSuffix}`, + signingRegion, + signingService: service + }; +}, "getEndpointFromObjectLambdaArn"); +var getEndpointFromMRAPArn = /* @__PURE__ */ __name(({ + disableMultiregionAccessPoints, + dualstackEndpoint = false, + isCustomEndpoint, + mrapAlias, + hostnameSuffix +}) => { + if (disableMultiregionAccessPoints === true) { + throw new Error("SDK is attempting to use a MRAP ARN. Please enable to feature."); + } + validateMrapAlias(mrapAlias); + return { + bucketEndpoint: true, + hostname: `${mrapAlias}${isCustomEndpoint ? "" : `.accesspoint.s3-global`}.${hostnameSuffix}`, + signingRegion: "*" + }; +}, "getEndpointFromMRAPArn"); +var getEndpointFromOutpostArn = /* @__PURE__ */ __name(({ + useArnRegion, + clientRegion, + clientSigningRegion = clientRegion, + bucketName, + outpostId, + dualstackEndpoint = false, + fipsEndpoint = false, + tlsCompatible = true, + accesspointName, + isCustomEndpoint, + hostnameSuffix +}) => { + validateRegionalClient(clientRegion); + const DNSHostLabel = `${accesspointName}-${bucketName.accountId}`; + validateDNSHostLabel(DNSHostLabel, { tlsCompatible }); + const endpointRegion = useArnRegion ? bucketName.region : clientRegion; + const signingRegion = useArnRegion ? bucketName.region : clientSigningRegion; + validateOutpostService(bucketName.service); + validateDNSHostLabel(outpostId, { tlsCompatible }); + validateNoFIPS(fipsEndpoint); + const hostnamePrefix = `${DNSHostLabel}.${outpostId}`; + return { + bucketEndpoint: true, + hostname: `${hostnamePrefix}${isCustomEndpoint ? "" : `.s3-outposts.${endpointRegion}`}.${hostnameSuffix}`, + signingRegion, + signingService: "s3-outposts" + }; +}, "getEndpointFromOutpostArn"); +var getEndpointFromAccessPointArn = /* @__PURE__ */ __name(({ + useArnRegion, + clientRegion, + clientSigningRegion = clientRegion, + bucketName, + dualstackEndpoint = false, + fipsEndpoint = false, + tlsCompatible = true, + accesspointName, + isCustomEndpoint, + hostnameSuffix +}) => { + validateRegionalClient(clientRegion); + const hostnamePrefix = `${accesspointName}-${bucketName.accountId}`; + validateDNSHostLabel(hostnamePrefix, { tlsCompatible }); + const endpointRegion = useArnRegion ? bucketName.region : clientRegion; + const signingRegion = useArnRegion ? bucketName.region : clientSigningRegion; + validateS3Service(bucketName.service); + return { + bucketEndpoint: true, + hostname: `${hostnamePrefix}${isCustomEndpoint ? "" : `.s3-accesspoint${fipsEndpoint ? "-fips" : ""}${dualstackEndpoint ? ".dualstack" : ""}.${endpointRegion}`}.${hostnameSuffix}`, + signingRegion + }; +}, "getEndpointFromAccessPointArn"); + +// src/bucketEndpointMiddleware.ts +var bucketEndpointMiddleware = /* @__PURE__ */ __name((options) => (next, context) => async (args) => { + const { Bucket: bucketName } = args.input; + let replaceBucketInPath = options.bucketEndpoint; + const request = args.request; + if (import_protocol_http.HttpRequest.isInstance(request)) { + if (options.bucketEndpoint) { + request.hostname = bucketName; + } else if ((0, import_util_arn_parser.validate)(bucketName)) { + const bucketArn = (0, import_util_arn_parser.parse)(bucketName); + const clientRegion = await options.region(); + const useDualstackEndpoint = await options.useDualstackEndpoint(); + const useFipsEndpoint = await options.useFipsEndpoint(); + const { partition, signingRegion = clientRegion } = await options.regionInfoProvider(clientRegion, { useDualstackEndpoint, useFipsEndpoint }) || {}; + const useArnRegion = await options.useArnRegion(); + const { + hostname, + bucketEndpoint, + signingRegion: modifiedSigningRegion, + signingService + } = bucketHostname({ + bucketName: bucketArn, + baseHostname: request.hostname, + accelerateEndpoint: options.useAccelerateEndpoint, + dualstackEndpoint: useDualstackEndpoint, + fipsEndpoint: useFipsEndpoint, + pathStyleEndpoint: options.forcePathStyle, + tlsCompatible: request.protocol === "https:", + useArnRegion, + clientPartition: partition, + clientSigningRegion: signingRegion, + clientRegion, + isCustomEndpoint: options.isCustomEndpoint, + disableMultiregionAccessPoints: await options.disableMultiregionAccessPoints() + }); + if (modifiedSigningRegion && modifiedSigningRegion !== signingRegion) { + context["signing_region"] = modifiedSigningRegion; + } + if (signingService && signingService !== "s3") { + context["signing_service"] = signingService; + } + request.hostname = hostname; + replaceBucketInPath = bucketEndpoint; + } else { + const clientRegion = await options.region(); + const dualstackEndpoint = await options.useDualstackEndpoint(); + const fipsEndpoint = await options.useFipsEndpoint(); + const { hostname, bucketEndpoint } = bucketHostname({ + bucketName, + clientRegion, + baseHostname: request.hostname, + accelerateEndpoint: options.useAccelerateEndpoint, + dualstackEndpoint, + fipsEndpoint, + pathStyleEndpoint: options.forcePathStyle, + tlsCompatible: request.protocol === "https:", + isCustomEndpoint: options.isCustomEndpoint + }); + request.hostname = hostname; + replaceBucketInPath = bucketEndpoint; + } + if (replaceBucketInPath) { + request.path = request.path.replace(/^(\/)?[^\/]+/, ""); + if (request.path === "") { + request.path = "/"; + } + } } + return next({ ...args, request }); +}, "bucketEndpointMiddleware"); +var bucketEndpointMiddlewareOptions = { + tags: ["BUCKET_ENDPOINT"], + name: "bucketEndpointMiddleware", + relation: "before", + toMiddleware: "hostHeaderMiddleware", + override: true +}; +var getBucketEndpointPlugin = /* @__PURE__ */ __name((options) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.addRelativeTo(bucketEndpointMiddleware(options), bucketEndpointMiddlewareOptions); + }, "applyToStack") +}), "getBucketEndpointPlugin"); + +// src/configurations.ts +function resolveBucketEndpointConfig(input) { + const { + bucketEndpoint = false, + forcePathStyle = false, + useAccelerateEndpoint = false, + // useArnRegion has specific behavior when undefined instead of false. + useArnRegion, + disableMultiregionAccessPoints = false + } = input; + return Object.assign(input, { + bucketEndpoint, + forcePathStyle, + useAccelerateEndpoint, + useArnRegion: typeof useArnRegion === "function" ? useArnRegion : () => Promise.resolve(useArnRegion), + disableMultiregionAccessPoints: typeof disableMultiregionAccessPoints === "function" ? disableMultiregionAccessPoints : () => Promise.resolve(disableMultiregionAccessPoints) + }); +} +__name(resolveBucketEndpointConfig, "resolveBucketEndpointConfig"); +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); + + + +/***/ }), + +/***/ 1990: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +"use strict"; + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); }; -var SlowDownException = class _SlowDownException extends SSOOIDCServiceException { - static { - __name(this, "SlowDownException"); - } - name = "SlowDownException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be slow_down.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { - super({ - name: "SlowDownException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _SlowDownException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } + return to; }; -var UnauthorizedClientException = class _UnauthorizedClientException extends SSOOIDCServiceException { - static { - __name(this, "UnauthorizedClientException"); - } - name = "UnauthorizedClientException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be
- * unauthorized_client.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { - super({ - name: "UnauthorizedClientException", - $fault: "client", - ...opts +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/index.ts +var index_exports = {}; +__export(index_exports, { + addExpectContinueMiddleware: () => addExpectContinueMiddleware, + addExpectContinueMiddlewareOptions: () => addExpectContinueMiddlewareOptions, + getAddExpectContinuePlugin: () => getAddExpectContinuePlugin +}); +module.exports = __toCommonJS(index_exports); +var import_protocol_http = __nccwpck_require__(4418); +function addExpectContinueMiddleware(options) { + return (next) => async (args) => { + const { request } = args; + if (import_protocol_http.HttpRequest.isInstance(request) && request.body && options.runtime === "node") { + if (options.requestHandler?.constructor?.name !== "FetchHttpHandler") { + request.headers = { + ...request.headers, + Expect: "100-continue" + }; + } + } + return next({ + ...args, + request }); - Object.setPrototypeOf(this, _UnauthorizedClientException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; - } + }; +} +__name(addExpectContinueMiddleware, "addExpectContinueMiddleware"); +var addExpectContinueMiddlewareOptions = { + step: "build", + tags: ["SET_EXPECT_HEADER", "EXPECT_HEADER"], + name: "addExpectContinueMiddleware", + override: true }; -var UnsupportedGrantTypeException = class _UnsupportedGrantTypeException extends SSOOIDCServiceException { - static { - __name(this, "UnsupportedGrantTypeException"); +var getAddExpectContinuePlugin = /* @__PURE__ */ __name((options) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.add(addExpectContinueMiddleware(options), addExpectContinueMiddlewareOptions); + }, "applyToStack") +}), "getAddExpectContinuePlugin"); +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); + + + +/***/ }), + +/***/ 1436: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.getCrc32ChecksumAlgorithmFunction = void 0; +const tslib_1 = __nccwpck_require__(4351); +const crc32_1 = __nccwpck_require__(8408); +const util_1 = __nccwpck_require__(4871); +const zlib = tslib_1.__importStar(__nccwpck_require__(9796)); +class NodeCrc32 { + checksum = 0; + update(data) { + this.checksum = zlib.crc32(data, this.checksum); + } + async digest() { + return (0, util_1.numToUint8)(this.checksum); + } + reset() { + this.checksum = 0; + } +} +const getCrc32ChecksumAlgorithmFunction = () => { + if (typeof zlib.crc32 === "undefined") { + return crc32_1.AwsCrc32; + } + return NodeCrc32; +}; +exports.getCrc32ChecksumAlgorithmFunction = getCrc32ChecksumAlgorithmFunction; + + +/***/ }), + +/***/ 3799: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +"use strict"; + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } - name = "UnsupportedGrantTypeException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be
- * unsupported_grant_type.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public + * When set, a checksum will be calculated for all request payloads of operations + * modeled with the {@link httpChecksum} trait where `requestChecksumRequired` is `true` + * AND/OR a `requestAlgorithmMember` is modeled. + * {@link https://smithy.io/2.0/aws/aws-core.html#aws-protocols-httpchecksum-trait httpChecksum} */ - error_description; + WHEN_SUPPORTED: "WHEN_SUPPORTED", /** - * @internal + * When set, a checksum will only be calculated for request payloads of operations + * modeled with the {@link httpChecksum} trait where `requestChecksumRequired` is `true` + * OR where a `requestAlgorithmMember` is modeled and the user sets it. + * {@link https://smithy.io/2.0/aws/aws-core.html#aws-protocols-httpchecksum-trait httpChecksum} */ - constructor(opts) { - super({ - name: "UnsupportedGrantTypeException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _UnsupportedGrantTypeException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; - } + WHEN_REQUIRED: "WHEN_REQUIRED" }; - -// src/submodules/sso-oidc/protocols/Aws_restJson1.ts -var import_core2 = __nccwpck_require__(9963); -var import_core3 = __nccwpck_require__(5829); -var import_smithy_client5 = __nccwpck_require__(3570); -var se_CreateTokenCommand = /* @__PURE__ */ __name(async (input, context) => { - const b = (0, import_core3.requestBuilder)(input, context); - const headers = { - "content-type": "application/json" - }; - b.bp("/token"); - let body; - body = JSON.stringify( - (0, import_smithy_client5.take)(input, { - clientId: [], - clientSecret: [], - code: [], - codeVerifier: [], - deviceCode: [], - grantType: [], - redirectUri: [], - refreshToken: [], - scope: /* @__PURE__ */ __name((_) => (0, import_smithy_client5._json)(_), "scope") - }) - ); - b.m("POST").h(headers).b(body); - return b.build(); -}, "se_CreateTokenCommand"); -var de_CreateTokenCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode !== 200 && output.statusCode >= 300) { - return de_CommandError(output, context); - } - const contents = (0, import_smithy_client5.map)({ - $metadata: deserializeMetadata(output) - }); - const data = (0, import_smithy_client5.expectNonNull)((0, import_smithy_client5.expectObject)(await (0, import_core2.parseJsonBody)(output.body, context)), "body"); - const doc = (0, import_smithy_client5.take)(data, { - accessToken: import_smithy_client5.expectString, - expiresIn: import_smithy_client5.expectInt32, - idToken: import_smithy_client5.expectString, - refreshToken: import_smithy_client5.expectString, - tokenType: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - return contents; -}, "de_CreateTokenCommand"); -var de_CommandError = /* @__PURE__ */ __name(async (output, context) => { - const parsedOutput = { - ...output, - body: await (0, import_core2.parseJsonErrorBody)(output.body, context) - }; - const errorCode = (0, import_core2.loadRestJsonErrorCode)(output, parsedOutput.body); - switch (errorCode) { - case "AccessDeniedException": - case "com.amazonaws.ssooidc#AccessDeniedException": - throw await de_AccessDeniedExceptionRes(parsedOutput, context); - case "AuthorizationPendingException": - case "com.amazonaws.ssooidc#AuthorizationPendingException": - throw await de_AuthorizationPendingExceptionRes(parsedOutput, context); - case "ExpiredTokenException": - case "com.amazonaws.ssooidc#ExpiredTokenException": - throw await de_ExpiredTokenExceptionRes(parsedOutput, context); - case "InternalServerException": - case "com.amazonaws.ssooidc#InternalServerException": - throw await de_InternalServerExceptionRes(parsedOutput, context); - case "InvalidClientException": - case "com.amazonaws.ssooidc#InvalidClientException": - throw await de_InvalidClientExceptionRes(parsedOutput, context); - case "InvalidGrantException": - case "com.amazonaws.ssooidc#InvalidGrantException": - throw await de_InvalidGrantExceptionRes(parsedOutput, context); - case "InvalidRequestException": - case "com.amazonaws.ssooidc#InvalidRequestException": - throw await de_InvalidRequestExceptionRes(parsedOutput, context); - case "InvalidScopeException": - case "com.amazonaws.ssooidc#InvalidScopeException": - throw await de_InvalidScopeExceptionRes(parsedOutput, context); - case "SlowDownException": - case "com.amazonaws.ssooidc#SlowDownException": - throw await de_SlowDownExceptionRes(parsedOutput, context); - case "UnauthorizedClientException": - case "com.amazonaws.ssooidc#UnauthorizedClientException": - throw await de_UnauthorizedClientExceptionRes(parsedOutput, context); - case "UnsupportedGrantTypeException": - case "com.amazonaws.ssooidc#UnsupportedGrantTypeException": - throw await de_UnsupportedGrantTypeExceptionRes(parsedOutput, context); - default: - const parsedBody = parsedOutput.body; - return throwDefaultError({ - output, - parsedBody, - errorCode - }); - } -}, "de_CommandError"); -var throwDefaultError = (0, import_smithy_client5.withBaseException)(SSOOIDCServiceException); -var de_AccessDeniedExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new AccessDeniedException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_AccessDeniedExceptionRes"); -var de_AuthorizationPendingExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new AuthorizationPendingException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_AuthorizationPendingExceptionRes"); -var de_ExpiredTokenExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new ExpiredTokenException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_ExpiredTokenExceptionRes"); -var de_InternalServerExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new InternalServerException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_InternalServerExceptionRes"); -var de_InvalidClientExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new InvalidClientException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_InvalidClientExceptionRes"); -var de_InvalidGrantExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new InvalidGrantException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_InvalidGrantExceptionRes"); -var de_InvalidRequestExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new InvalidRequestException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_InvalidRequestExceptionRes"); -var de_InvalidScopeExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new InvalidScopeException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_InvalidScopeExceptionRes"); -var de_SlowDownExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new SlowDownException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_SlowDownExceptionRes"); -var de_UnauthorizedClientExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new UnauthorizedClientException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_UnauthorizedClientExceptionRes"); -var de_UnsupportedGrantTypeExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new UnsupportedGrantTypeException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_UnsupportedGrantTypeExceptionRes"); -var deserializeMetadata = /* @__PURE__ */ __name((output) => ({ - httpStatusCode: output.statusCode, - requestId: output.headers["x-amzn-requestid"] ?? output.headers["x-amzn-request-id"] ?? output.headers["x-amz-request-id"], - extendedRequestId: output.headers["x-amz-id-2"], - cfId: output.headers["x-amz-cf-id"] -}), "deserializeMetadata"); - -// src/submodules/sso-oidc/commands/CreateTokenCommand.ts -var CreateTokenCommand = class extends import_smithy_client6.Command.classBuilder().ep(commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint2.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("AWSSSOOIDCService", "CreateToken", {}).n("SSOOIDCClient", "CreateTokenCommand").f(CreateTokenRequestFilterSensitiveLog, CreateTokenResponseFilterSensitiveLog).ser(se_CreateTokenCommand).de(de_CreateTokenCommand).build() { - static { - __name(this, "CreateTokenCommand"); - } +var DEFAULT_REQUEST_CHECKSUM_CALCULATION = RequestChecksumCalculation.WHEN_SUPPORTED; +var ResponseChecksumValidation = { + /** + * When set, checksum validation MUST be performed on all response payloads of operations + * modeled with the {@link httpChecksum} trait where `responseAlgorithms` is modeled, + * except when no modeled checksum algorithms are supported by an SDK. + * {@link https://smithy.io/2.0/aws/aws-core.html#aws-protocols-httpchecksum-trait httpChecksum} + */ + WHEN_SUPPORTED: "WHEN_SUPPORTED", + /** + * When set, checksum validation MUST NOT be performed on response payloads of operations UNLESS + * the SDK supports the modeled checksum algorithms AND the user has set the `requestValidationModeMember` to `ENABLED`. + * It is currently impossible to model an operation as requiring a response checksum, + * but this setting leaves the door open for future updates. + */ + WHEN_REQUIRED: "WHEN_REQUIRED" }; +var DEFAULT_RESPONSE_CHECKSUM_VALIDATION = RequestChecksumCalculation.WHEN_SUPPORTED; +var ChecksumAlgorithm = /* @__PURE__ */ ((ChecksumAlgorithm3) => { + ChecksumAlgorithm3["MD5"] = "MD5"; + ChecksumAlgorithm3["CRC32"] = "CRC32"; + ChecksumAlgorithm3["CRC32C"] = "CRC32C"; + ChecksumAlgorithm3["CRC64NVME"] = "CRC64NVME"; + ChecksumAlgorithm3["SHA1"] = "SHA1"; + ChecksumAlgorithm3["SHA256"] = "SHA256"; + return ChecksumAlgorithm3; +})(ChecksumAlgorithm || {}); +var ChecksumLocation = /* @__PURE__ */ ((ChecksumLocation2) => { + ChecksumLocation2["HEADER"] = "header"; + ChecksumLocation2["TRAILER"] = "trailer"; + return ChecksumLocation2; +})(ChecksumLocation || {}); +var DEFAULT_CHECKSUM_ALGORITHM = "CRC32" /* CRC32 */; -// src/submodules/sso-oidc/SSOOIDC.ts -var commands = { - CreateTokenCommand -}; -var SSOOIDC = class extends SSOOIDCClient { - static { - __name(this, "SSOOIDC"); +// src/stringUnionSelector.ts +var stringUnionSelector = /* @__PURE__ */ __name((obj, key, union, type) => { + if (!(key in obj)) return void 0; + const value = obj[key].toUpperCase(); + if (!Object.values(union).includes(value)) { + throw new TypeError(`Cannot load ${type} '${key}'. Expected one of ${Object.values(union)}, got '${obj[key]}'.`); } -}; -(0, import_smithy_client7.createAggregatedClient)(commands, SSOOIDC); -// Annotate the CommonJS export names for ESM import in node: -0 && (0); - - -/***/ }), + return value; +}, "stringUnionSelector"); -/***/ 7277: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { +// src/NODE_REQUEST_CHECKSUM_CALCULATION_CONFIG_OPTIONS.ts +var ENV_REQUEST_CHECKSUM_CALCULATION = "AWS_REQUEST_CHECKSUM_CALCULATION"; +var CONFIG_REQUEST_CHECKSUM_CALCULATION = "request_checksum_calculation"; +var NODE_REQUEST_CHECKSUM_CALCULATION_CONFIG_OPTIONS = { + environmentVariableSelector: /* @__PURE__ */ __name((env) => stringUnionSelector(env, ENV_REQUEST_CHECKSUM_CALCULATION, RequestChecksumCalculation, "env" /* ENV */), "environmentVariableSelector"), + configFileSelector: /* @__PURE__ */ __name((profile) => stringUnionSelector(profile, CONFIG_REQUEST_CHECKSUM_CALCULATION, RequestChecksumCalculation, "shared config entry" /* CONFIG */), "configFileSelector"), + default: DEFAULT_REQUEST_CHECKSUM_CALCULATION +}; -"use strict"; +// src/NODE_RESPONSE_CHECKSUM_VALIDATION_CONFIG_OPTIONS.ts +var ENV_RESPONSE_CHECKSUM_VALIDATION = "AWS_RESPONSE_CHECKSUM_VALIDATION"; +var CONFIG_RESPONSE_CHECKSUM_VALIDATION = "response_checksum_validation"; +var NODE_RESPONSE_CHECKSUM_VALIDATION_CONFIG_OPTIONS = { + environmentVariableSelector: /* @__PURE__ */ __name((env) => stringUnionSelector(env, ENV_RESPONSE_CHECKSUM_VALIDATION, ResponseChecksumValidation, "env" /* ENV */), "environmentVariableSelector"), + configFileSelector: /* @__PURE__ */ __name((profile) => stringUnionSelector(profile, CONFIG_RESPONSE_CHECKSUM_VALIDATION, ResponseChecksumValidation, "shared config entry" /* CONFIG */), "configFileSelector"), + default: DEFAULT_RESPONSE_CHECKSUM_VALIDATION +}; -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.getRuntimeConfig = void 0; -const tslib_1 = __nccwpck_require__(4351); -const package_json_1 = tslib_1.__importDefault(__nccwpck_require__(8842)); -const core_1 = __nccwpck_require__(9963); -const util_user_agent_node_1 = __nccwpck_require__(8095); -const config_resolver_1 = __nccwpck_require__(3098); -const hash_node_1 = __nccwpck_require__(3081); -const middleware_retry_1 = __nccwpck_require__(6039); -const node_config_provider_1 = __nccwpck_require__(3461); -const node_http_handler_1 = __nccwpck_require__(258); -const util_body_length_node_1 = __nccwpck_require__(8075); -const util_retry_1 = __nccwpck_require__(4902); -const runtimeConfig_shared_1 = __nccwpck_require__(9513); -const smithy_client_1 = __nccwpck_require__(3570); -const util_defaults_mode_node_1 = __nccwpck_require__(2429); -const smithy_client_2 = __nccwpck_require__(3570); -const getRuntimeConfig = (config) => { - (0, smithy_client_2.emitWarningIfUnsupportedVersion)(process.version); - const defaultsMode = (0, util_defaults_mode_node_1.resolveDefaultsModeConfig)(config); - const defaultConfigProvider = () => defaultsMode().then(smithy_client_1.loadConfigsForDefaultMode); - const clientSharedValues = (0, runtimeConfig_shared_1.getRuntimeConfig)(config); - (0, core_1.emitWarningIfUnsupportedVersion)(process.version); - const loaderConfig = { - profile: config?.profile, - logger: clientSharedValues.logger, - }; - return { - ...clientSharedValues, - ...config, - runtime: "node", - defaultsMode, - authSchemePreference: config?.authSchemePreference ?? (0, node_config_provider_1.loadConfig)(core_1.NODE_AUTH_SCHEME_PREFERENCE_OPTIONS, loaderConfig), - bodyLengthChecker: config?.bodyLengthChecker ?? util_body_length_node_1.calculateBodyLength, - defaultUserAgentProvider: config?.defaultUserAgentProvider ?? - (0, util_user_agent_node_1.createDefaultUserAgentProvider)({ serviceId: clientSharedValues.serviceId, clientVersion: package_json_1.default.version }), - maxAttempts: config?.maxAttempts ?? (0, node_config_provider_1.loadConfig)(middleware_retry_1.NODE_MAX_ATTEMPT_CONFIG_OPTIONS, config), - region: config?.region ?? - (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_REGION_CONFIG_OPTIONS, { ...config_resolver_1.NODE_REGION_CONFIG_FILE_OPTIONS, ...loaderConfig }), - requestHandler: node_http_handler_1.NodeHttpHandler.create(config?.requestHandler ?? defaultConfigProvider), - retryMode: config?.retryMode ?? - (0, node_config_provider_1.loadConfig)({ - ...middleware_retry_1.NODE_RETRY_MODE_CONFIG_OPTIONS, - default: async () => (await defaultConfigProvider()).retryMode || util_retry_1.DEFAULT_RETRY_MODE, - }, config), - sha256: config?.sha256 ?? hash_node_1.Hash.bind(null, "sha256"), - streamCollector: config?.streamCollector ?? node_http_handler_1.streamCollector, - useDualstackEndpoint: config?.useDualstackEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS, loaderConfig), - useFipsEndpoint: config?.useFipsEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS, loaderConfig), - userAgentAppId: config?.userAgentAppId ?? (0, node_config_provider_1.loadConfig)(util_user_agent_node_1.NODE_APP_ID_CONFIG_OPTIONS, loaderConfig), - }; +// src/crc64-nvme-crt-container.ts +var crc64NvmeCrtContainer = { + CrtCrc64Nvme: null }; -exports.getRuntimeConfig = getRuntimeConfig; +// src/flexibleChecksumsMiddleware.ts +var import_core = __nccwpck_require__(9963); +var import_protocol_http = __nccwpck_require__(4418); +var import_util_stream = __nccwpck_require__(6607); -/***/ }), +// src/types.ts +var CLIENT_SUPPORTED_ALGORITHMS = [ + "CRC32" /* CRC32 */, + "CRC32C" /* CRC32C */, + "CRC64NVME" /* CRC64NVME */, + "SHA1" /* SHA1 */, + "SHA256" /* SHA256 */ +]; +var PRIORITY_ORDER_ALGORITHMS = [ + "SHA256" /* SHA256 */, + "SHA1" /* SHA1 */, + "CRC32" /* CRC32 */, + "CRC32C" /* CRC32C */, + "CRC64NVME" /* CRC64NVME */ +]; -/***/ 9513: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { +// src/getChecksumAlgorithmForRequest.ts +var getChecksumAlgorithmForRequest = /* @__PURE__ */ __name((input, { requestChecksumRequired, requestAlgorithmMember, requestChecksumCalculation }) => { + if (!requestAlgorithmMember) { + return requestChecksumCalculation === RequestChecksumCalculation.WHEN_SUPPORTED || requestChecksumRequired ? DEFAULT_CHECKSUM_ALGORITHM : void 0; + } + if (!input[requestAlgorithmMember]) { + return void 0; + } + const checksumAlgorithm = input[requestAlgorithmMember]; + if (!CLIENT_SUPPORTED_ALGORITHMS.includes(checksumAlgorithm)) { + throw new Error( + `The checksum algorithm "${checksumAlgorithm}" is not supported by the client. Select one of ${CLIENT_SUPPORTED_ALGORITHMS}.` + ); + } + return checksumAlgorithm; +}, "getChecksumAlgorithmForRequest"); -"use strict"; +// src/getChecksumLocationName.ts +var getChecksumLocationName = /* @__PURE__ */ __name((algorithm) => algorithm === "MD5" /* MD5 */ ? "content-md5" : `x-amz-checksum-${algorithm.toLowerCase()}`, "getChecksumLocationName"); -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.getRuntimeConfig = void 0; -const core_1 = __nccwpck_require__(9963); -const core_2 = __nccwpck_require__(5829); -const smithy_client_1 = __nccwpck_require__(3570); -const url_parser_1 = __nccwpck_require__(4681); -const util_base64_1 = __nccwpck_require__(5600); -const util_utf8_1 = __nccwpck_require__(1895); -const httpAuthSchemeProvider_1 = __nccwpck_require__(9414); -const endpointResolver_1 = __nccwpck_require__(5); -const getRuntimeConfig = (config) => { - return { - apiVersion: "2019-06-10", - base64Decoder: config?.base64Decoder ?? util_base64_1.fromBase64, - base64Encoder: config?.base64Encoder ?? util_base64_1.toBase64, - disableHostPrefix: config?.disableHostPrefix ?? false, - endpointProvider: config?.endpointProvider ?? endpointResolver_1.defaultEndpointResolver, - extensions: config?.extensions ?? [], - httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? httpAuthSchemeProvider_1.defaultSSOOIDCHttpAuthSchemeProvider, - httpAuthSchemes: config?.httpAuthSchemes ?? [ - { - schemeId: "aws.auth#sigv4", - identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4"), - signer: new core_1.AwsSdkSigV4Signer(), - }, - { - schemeId: "smithy.api#noAuth", - identityProvider: (ipc) => ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})), - signer: new core_2.NoAuthSigner(), - }, - ], - logger: config?.logger ?? new smithy_client_1.NoOpLogger(), - serviceId: config?.serviceId ?? "SSO OIDC", - urlParser: config?.urlParser ?? url_parser_1.parseUrl, - utf8Decoder: config?.utf8Decoder ?? util_utf8_1.fromUtf8, - utf8Encoder: config?.utf8Encoder ?? util_utf8_1.toUtf8, - }; -}; -exports.getRuntimeConfig = getRuntimeConfig; +// src/hasHeader.ts +var hasHeader = /* @__PURE__ */ __name((header, headers) => { + const soughtHeader = header.toLowerCase(); + for (const headerName of Object.keys(headers)) { + if (soughtHeader === headerName.toLowerCase()) { + return true; + } + } + return false; +}, "hasHeader"); +// src/hasHeaderWithPrefix.ts +var hasHeaderWithPrefix = /* @__PURE__ */ __name((headerPrefix, headers) => { + const soughtHeaderPrefix = headerPrefix.toLowerCase(); + for (const headerName of Object.keys(headers)) { + if (headerName.toLowerCase().startsWith(soughtHeaderPrefix)) { + return true; + } + } + return false; +}, "hasHeaderWithPrefix"); -/***/ }), +// src/isStreaming.ts +var import_is_array_buffer = __nccwpck_require__(780); +var isStreaming = /* @__PURE__ */ __name((body) => body !== void 0 && typeof body !== "string" && !ArrayBuffer.isView(body) && !(0, import_is_array_buffer.isArrayBuffer)(body), "isStreaming"); -/***/ 8974: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { +// src/selectChecksumAlgorithmFunction.ts +var import_crc32c = __nccwpck_require__(7035); +var import_getCrc32ChecksumAlgorithmFunction = __nccwpck_require__(1436); +var selectChecksumAlgorithmFunction = /* @__PURE__ */ __name((checksumAlgorithm, config) => { + switch (checksumAlgorithm) { + case "MD5" /* MD5 */: + return config.md5; + case "CRC32" /* CRC32 */: + return (0, import_getCrc32ChecksumAlgorithmFunction.getCrc32ChecksumAlgorithmFunction)(); + case "CRC32C" /* CRC32C */: + return import_crc32c.AwsCrc32c; + case "CRC64NVME" /* CRC64NVME */: + if (typeof crc64NvmeCrtContainer.CrtCrc64Nvme !== "function") { + throw new Error( + `Please check whether you have installed the "@aws-sdk/crc64-nvme-crt" package explicitly. +You must also register the package by calling [require("@aws-sdk/crc64-nvme-crt");] or an ESM equivalent such as [import "@aws-sdk/crc64-nvme-crt";]. +For more information please go to https://github.com/aws/aws-sdk-js-v3#functionality-requiring-aws-common-runtime-crt` + ); + } + return crc64NvmeCrtContainer.CrtCrc64Nvme; + case "SHA1" /* SHA1 */: + return config.sha1; + case "SHA256" /* SHA256 */: + return config.sha256; + default: + throw new Error(`Unsupported checksum algorithm: ${checksumAlgorithm}`); + } +}, "selectChecksumAlgorithmFunction"); -"use strict"; +// src/stringHasher.ts +var import_util_utf8 = __nccwpck_require__(1895); +var stringHasher = /* @__PURE__ */ __name((checksumAlgorithmFn, body) => { + const hash = new checksumAlgorithmFn(); + hash.update((0, import_util_utf8.toUint8Array)(body || "")); + return hash.digest(); +}, "stringHasher"); -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.STSClient = exports.__Client = void 0; -const middleware_host_header_1 = __nccwpck_require__(2545); -const middleware_logger_1 = __nccwpck_require__(14); -const middleware_recursion_detection_1 = __nccwpck_require__(5525); -const middleware_user_agent_1 = __nccwpck_require__(4688); -const config_resolver_1 = __nccwpck_require__(3098); -const core_1 = __nccwpck_require__(5829); -const middleware_content_length_1 = __nccwpck_require__(2800); -const middleware_endpoint_1 = __nccwpck_require__(2918); -const middleware_retry_1 = __nccwpck_require__(6039); -const smithy_client_1 = __nccwpck_require__(3570); -Object.defineProperty(exports, "__Client", ({ enumerable: true, get: function () { return smithy_client_1.Client; } })); -const httpAuthSchemeProvider_1 = __nccwpck_require__(8013); -const EndpointParameters_1 = __nccwpck_require__(1765); -const runtimeConfig_1 = __nccwpck_require__(1798); -const runtimeExtensions_1 = __nccwpck_require__(669); -class STSClient extends smithy_client_1.Client { - config; - constructor(...[configuration]) { - const _config_0 = (0, runtimeConfig_1.getRuntimeConfig)(configuration || {}); - super(_config_0); - this.initConfig = _config_0; - const _config_1 = (0, EndpointParameters_1.resolveClientEndpointParameters)(_config_0); - const _config_2 = (0, middleware_user_agent_1.resolveUserAgentConfig)(_config_1); - const _config_3 = (0, middleware_retry_1.resolveRetryConfig)(_config_2); - const _config_4 = (0, config_resolver_1.resolveRegionConfig)(_config_3); - const _config_5 = (0, middleware_host_header_1.resolveHostHeaderConfig)(_config_4); - const _config_6 = (0, middleware_endpoint_1.resolveEndpointConfig)(_config_5); - const _config_7 = (0, httpAuthSchemeProvider_1.resolveHttpAuthSchemeConfig)(_config_6); - const _config_8 = (0, runtimeExtensions_1.resolveRuntimeExtensions)(_config_7, configuration?.extensions || []); - this.config = _config_8; - this.middlewareStack.use((0, middleware_user_agent_1.getUserAgentPlugin)(this.config)); - this.middlewareStack.use((0, middleware_retry_1.getRetryPlugin)(this.config)); - this.middlewareStack.use((0, middleware_content_length_1.getContentLengthPlugin)(this.config)); - this.middlewareStack.use((0, middleware_host_header_1.getHostHeaderPlugin)(this.config)); - this.middlewareStack.use((0, middleware_logger_1.getLoggerPlugin)(this.config)); - this.middlewareStack.use((0, middleware_recursion_detection_1.getRecursionDetectionPlugin)(this.config)); - this.middlewareStack.use((0, core_1.getHttpAuthSchemeEndpointRuleSetPlugin)(this.config, { - httpAuthSchemeParametersProvider: httpAuthSchemeProvider_1.defaultSTSHttpAuthSchemeParametersProvider, - identityProviderConfigProvider: async (config) => new core_1.DefaultIdentityProviderConfig({ - "aws.auth#sigv4": config.credentials, - }), - })); - this.middlewareStack.use((0, core_1.getHttpSigningPlugin)(this.config)); +// src/flexibleChecksumsMiddleware.ts +var flexibleChecksumsMiddlewareOptions = { + name: "flexibleChecksumsMiddleware", + step: "build", + tags: ["BODY_CHECKSUM"], + override: true +}; +var flexibleChecksumsMiddleware = /* @__PURE__ */ __name((config, middlewareConfig) => (next, context) => async (args) => { + if (!import_protocol_http.HttpRequest.isInstance(args.request)) { + return next(args); + } + if (hasHeaderWithPrefix("x-amz-checksum-", args.request.headers)) { + return next(args); + } + const { request, input } = args; + const { body: requestBody, headers } = request; + const { base64Encoder, streamHasher } = config; + const { requestChecksumRequired, requestAlgorithmMember } = middlewareConfig; + const requestChecksumCalculation = await config.requestChecksumCalculation(); + const requestAlgorithmMemberName = requestAlgorithmMember?.name; + const requestAlgorithmMemberHttpHeader = requestAlgorithmMember?.httpHeader; + if (requestAlgorithmMemberName && !input[requestAlgorithmMemberName]) { + if (requestChecksumCalculation === RequestChecksumCalculation.WHEN_SUPPORTED || requestChecksumRequired) { + input[requestAlgorithmMemberName] = DEFAULT_CHECKSUM_ALGORITHM; + if (requestAlgorithmMemberHttpHeader) { + headers[requestAlgorithmMemberHttpHeader] = DEFAULT_CHECKSUM_ALGORITHM; + } } - destroy() { - super.destroy(); + } + const checksumAlgorithm = getChecksumAlgorithmForRequest(input, { + requestChecksumRequired, + requestAlgorithmMember: requestAlgorithmMember?.name, + requestChecksumCalculation + }); + let updatedBody = requestBody; + let updatedHeaders = headers; + if (checksumAlgorithm) { + switch (checksumAlgorithm) { + case "CRC32" /* CRC32 */: + (0, import_core.setFeature)(context, "FLEXIBLE_CHECKSUMS_REQ_CRC32", "U"); + break; + case "CRC32C" /* CRC32C */: + (0, import_core.setFeature)(context, "FLEXIBLE_CHECKSUMS_REQ_CRC32C", "V"); + break; + case "CRC64NVME" /* CRC64NVME */: + (0, import_core.setFeature)(context, "FLEXIBLE_CHECKSUMS_REQ_CRC64", "W"); + break; + case "SHA1" /* SHA1 */: + (0, import_core.setFeature)(context, "FLEXIBLE_CHECKSUMS_REQ_SHA1", "X"); + break; + case "SHA256" /* SHA256 */: + (0, import_core.setFeature)(context, "FLEXIBLE_CHECKSUMS_REQ_SHA256", "Y"); + break; } -} -exports.STSClient = STSClient; + const checksumLocationName = getChecksumLocationName(checksumAlgorithm); + const checksumAlgorithmFn = selectChecksumAlgorithmFunction(checksumAlgorithm, config); + if (isStreaming(requestBody)) { + const { getAwsChunkedEncodingStream, bodyLengthChecker } = config; + updatedBody = getAwsChunkedEncodingStream( + typeof config.requestStreamBufferSize === "number" && config.requestStreamBufferSize >= 8 * 1024 ? (0, import_util_stream.createBufferedReadable)(requestBody, config.requestStreamBufferSize, context.logger) : requestBody, + { + base64Encoder, + bodyLengthChecker, + checksumLocationName, + checksumAlgorithmFn, + streamHasher + } + ); + updatedHeaders = { + ...headers, + "content-encoding": headers["content-encoding"] ? `${headers["content-encoding"]},aws-chunked` : "aws-chunked", + "transfer-encoding": "chunked", + "x-amz-decoded-content-length": headers["content-length"], + "x-amz-content-sha256": "STREAMING-UNSIGNED-PAYLOAD-TRAILER", + "x-amz-trailer": checksumLocationName + }; + delete updatedHeaders["content-length"]; + } else if (!hasHeader(checksumLocationName, headers)) { + const rawChecksum = await stringHasher(checksumAlgorithmFn, requestBody); + updatedHeaders = { + ...headers, + [checksumLocationName]: base64Encoder(rawChecksum) + }; + } + } + const result = await next({ + ...args, + request: { + ...request, + headers: updatedHeaders, + body: updatedBody + } + }); + return result; +}, "flexibleChecksumsMiddleware"); +// src/flexibleChecksumsInputMiddleware.ts -/***/ }), +var flexibleChecksumsInputMiddlewareOptions = { + name: "flexibleChecksumsInputMiddleware", + toMiddleware: "serializerMiddleware", + relation: "before", + tags: ["BODY_CHECKSUM"], + override: true +}; +var flexibleChecksumsInputMiddleware = /* @__PURE__ */ __name((config, middlewareConfig) => (next, context) => async (args) => { + const input = args.input; + const { requestValidationModeMember } = middlewareConfig; + const requestChecksumCalculation = await config.requestChecksumCalculation(); + const responseChecksumValidation = await config.responseChecksumValidation(); + switch (requestChecksumCalculation) { + case RequestChecksumCalculation.WHEN_REQUIRED: + (0, import_core.setFeature)(context, "FLEXIBLE_CHECKSUMS_REQ_WHEN_REQUIRED", "a"); + break; + case RequestChecksumCalculation.WHEN_SUPPORTED: + (0, import_core.setFeature)(context, "FLEXIBLE_CHECKSUMS_REQ_WHEN_SUPPORTED", "Z"); + break; + } + switch (responseChecksumValidation) { + case ResponseChecksumValidation.WHEN_REQUIRED: + (0, import_core.setFeature)(context, "FLEXIBLE_CHECKSUMS_RES_WHEN_REQUIRED", "c"); + break; + case ResponseChecksumValidation.WHEN_SUPPORTED: + (0, import_core.setFeature)(context, "FLEXIBLE_CHECKSUMS_RES_WHEN_SUPPORTED", "b"); + break; + } + if (requestValidationModeMember && !input[requestValidationModeMember]) { + if (responseChecksumValidation === ResponseChecksumValidation.WHEN_SUPPORTED) { + input[requestValidationModeMember] = "ENABLED"; + } + } + return next(args); +}, "flexibleChecksumsInputMiddleware"); -/***/ 4935: -/***/ ((__unused_webpack_module, exports) => { +// src/flexibleChecksumsResponseMiddleware.ts -"use strict"; -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.resolveHttpAuthRuntimeConfig = exports.getHttpAuthExtensionConfiguration = void 0; -const getHttpAuthExtensionConfiguration = (runtimeConfig) => { - const _httpAuthSchemes = runtimeConfig.httpAuthSchemes; - let _httpAuthSchemeProvider = runtimeConfig.httpAuthSchemeProvider; - let _credentials = runtimeConfig.credentials; - return { - setHttpAuthScheme(httpAuthScheme) { - const index = _httpAuthSchemes.findIndex((scheme) => scheme.schemeId === httpAuthScheme.schemeId); - if (index === -1) { - _httpAuthSchemes.push(httpAuthScheme); - } - else { - _httpAuthSchemes.splice(index, 1, httpAuthScheme); - } - }, - httpAuthSchemes() { - return _httpAuthSchemes; - }, - setHttpAuthSchemeProvider(httpAuthSchemeProvider) { - _httpAuthSchemeProvider = httpAuthSchemeProvider; - }, - httpAuthSchemeProvider() { - return _httpAuthSchemeProvider; - }, - setCredentials(credentials) { - _credentials = credentials; - }, - credentials() { - return _credentials; - }, - }; -}; -exports.getHttpAuthExtensionConfiguration = getHttpAuthExtensionConfiguration; -const resolveHttpAuthRuntimeConfig = (config) => { - return { - httpAuthSchemes: config.httpAuthSchemes(), - httpAuthSchemeProvider: config.httpAuthSchemeProvider(), - credentials: config.credentials(), - }; -}; -exports.resolveHttpAuthRuntimeConfig = resolveHttpAuthRuntimeConfig; +// src/getChecksumAlgorithmListForResponse.ts +var getChecksumAlgorithmListForResponse = /* @__PURE__ */ __name((responseAlgorithms = []) => { + const validChecksumAlgorithms = []; + for (const algorithm of PRIORITY_ORDER_ALGORITHMS) { + if (!responseAlgorithms.includes(algorithm) || !CLIENT_SUPPORTED_ALGORITHMS.includes(algorithm)) { + continue; + } + validChecksumAlgorithms.push(algorithm); + } + return validChecksumAlgorithms; +}, "getChecksumAlgorithmListForResponse"); +// src/isChecksumWithPartNumber.ts +var isChecksumWithPartNumber = /* @__PURE__ */ __name((checksum) => { + const lastHyphenIndex = checksum.lastIndexOf("-"); + if (lastHyphenIndex !== -1) { + const numberPart = checksum.slice(lastHyphenIndex + 1); + if (!numberPart.startsWith("0")) { + const number = parseInt(numberPart, 10); + if (!isNaN(number) && number >= 1 && number <= 1e4) { + return true; + } + } + } + return false; +}, "isChecksumWithPartNumber"); -/***/ }), +// src/validateChecksumFromResponse.ts -/***/ 8013: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { -"use strict"; +// src/getChecksum.ts +var getChecksum = /* @__PURE__ */ __name(async (body, { checksumAlgorithmFn, base64Encoder }) => base64Encoder(await stringHasher(checksumAlgorithmFn, body)), "getChecksum"); -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.resolveHttpAuthSchemeConfig = exports.resolveStsAuthConfig = exports.defaultSTSHttpAuthSchemeProvider = exports.defaultSTSHttpAuthSchemeParametersProvider = void 0; -const core_1 = __nccwpck_require__(9963); -const util_middleware_1 = __nccwpck_require__(2390); -const STSClient_1 = __nccwpck_require__(8974); -const defaultSTSHttpAuthSchemeParametersProvider = async (config, context, input) => { - return { - operation: (0, util_middleware_1.getSmithyContext)(context).operation, - region: (await (0, util_middleware_1.normalizeProvider)(config.region)()) || - (() => { - throw new Error("expected `region` to be configured for `aws.auth#sigv4`"); - })(), - }; -}; -exports.defaultSTSHttpAuthSchemeParametersProvider = defaultSTSHttpAuthSchemeParametersProvider; -function createAwsAuthSigv4HttpAuthOption(authParameters) { - return { - schemeId: "aws.auth#sigv4", - signingProperties: { - name: "sts", - region: authParameters.region, - }, - propertiesExtractor: (config, context) => ({ - signingProperties: { - config, - context, - }, - }), - }; -} -function createSmithyApiNoAuthHttpAuthOption(authParameters) { - return { - schemeId: "smithy.api#noAuth", - }; -} -const defaultSTSHttpAuthSchemeProvider = (authParameters) => { - const options = []; - switch (authParameters.operation) { - case "AssumeRoleWithWebIdentity": { - options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); - break; - } - default: { - options.push(createAwsAuthSigv4HttpAuthOption(authParameters)); +// src/validateChecksumFromResponse.ts +var validateChecksumFromResponse = /* @__PURE__ */ __name(async (response, { config, responseAlgorithms, logger }) => { + const checksumAlgorithms = getChecksumAlgorithmListForResponse(responseAlgorithms); + const { body: responseBody, headers: responseHeaders } = response; + for (const algorithm of checksumAlgorithms) { + const responseHeader = getChecksumLocationName(algorithm); + const checksumFromResponse = responseHeaders[responseHeader]; + if (checksumFromResponse) { + let checksumAlgorithmFn; + try { + checksumAlgorithmFn = selectChecksumAlgorithmFunction(algorithm, config); + } catch (error) { + if (algorithm === "CRC64NVME" /* CRC64NVME */) { + logger?.warn(`Skipping ${"CRC64NVME" /* CRC64NVME */} checksum validation: ${error.message}`); + continue; } + throw error; + } + const { base64Encoder } = config; + if (isStreaming(responseBody)) { + response.body = (0, import_util_stream.createChecksumStream)({ + expectedChecksum: checksumFromResponse, + checksumSourceLocation: responseHeader, + checksum: new checksumAlgorithmFn(), + source: responseBody, + base64Encoder + }); + return; + } + const checksum = await getChecksum(responseBody, { checksumAlgorithmFn, base64Encoder }); + if (checksum === checksumFromResponse) { + break; + } + throw new Error( + `Checksum mismatch: expected "${checksum}" but received "${checksumFromResponse}" in response header "${responseHeader}".` + ); } - return options; + } +}, "validateChecksumFromResponse"); + +// src/flexibleChecksumsResponseMiddleware.ts +var flexibleChecksumsResponseMiddlewareOptions = { + name: "flexibleChecksumsResponseMiddleware", + toMiddleware: "deserializerMiddleware", + relation: "after", + tags: ["BODY_CHECKSUM"], + override: true }; -exports.defaultSTSHttpAuthSchemeProvider = defaultSTSHttpAuthSchemeProvider; -const resolveStsAuthConfig = (input) => Object.assign(input, { - stsClientCtor: STSClient_1.STSClient, -}); -exports.resolveStsAuthConfig = resolveStsAuthConfig; -const resolveHttpAuthSchemeConfig = (config) => { - const config_0 = (0, exports.resolveStsAuthConfig)(config); - const config_1 = (0, core_1.resolveAwsSdkSigV4Config)(config_0); - return Object.assign(config_1, { - authSchemePreference: (0, util_middleware_1.normalizeProvider)(config.authSchemePreference ?? []), +var flexibleChecksumsResponseMiddleware = /* @__PURE__ */ __name((config, middlewareConfig) => (next, context) => async (args) => { + if (!import_protocol_http.HttpRequest.isInstance(args.request)) { + return next(args); + } + const input = args.input; + const result = await next(args); + const response = result.response; + const { requestValidationModeMember, responseAlgorithms } = middlewareConfig; + if (requestValidationModeMember && input[requestValidationModeMember] === "ENABLED") { + const { clientName, commandName } = context; + const isS3WholeObjectMultipartGetResponseChecksum = clientName === "S3Client" && commandName === "GetObjectCommand" && getChecksumAlgorithmListForResponse(responseAlgorithms).every((algorithm) => { + const responseHeader = getChecksumLocationName(algorithm); + const checksumFromResponse = response.headers[responseHeader]; + return !checksumFromResponse || isChecksumWithPartNumber(checksumFromResponse); }); -}; -exports.resolveHttpAuthSchemeConfig = resolveHttpAuthSchemeConfig; - + if (isS3WholeObjectMultipartGetResponseChecksum) { + return result; + } + await validateChecksumFromResponse(response, { + config, + responseAlgorithms, + logger: context.logger + }); + } + return result; +}, "flexibleChecksumsResponseMiddleware"); -/***/ }), +// src/getFlexibleChecksumsPlugin.ts +var getFlexibleChecksumsPlugin = /* @__PURE__ */ __name((config, middlewareConfig) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.add(flexibleChecksumsMiddleware(config, middlewareConfig), flexibleChecksumsMiddlewareOptions); + clientStack.addRelativeTo( + flexibleChecksumsInputMiddleware(config, middlewareConfig), + flexibleChecksumsInputMiddlewareOptions + ); + clientStack.addRelativeTo( + flexibleChecksumsResponseMiddleware(config, middlewareConfig), + flexibleChecksumsResponseMiddlewareOptions + ); + }, "applyToStack") +}), "getFlexibleChecksumsPlugin"); -/***/ 1765: -/***/ ((__unused_webpack_module, exports) => { +// src/resolveFlexibleChecksumsConfig.ts +var import_util_middleware = __nccwpck_require__(2390); +var resolveFlexibleChecksumsConfig = /* @__PURE__ */ __name((input) => { + const { requestChecksumCalculation, responseChecksumValidation, requestStreamBufferSize } = input; + return Object.assign(input, { + requestChecksumCalculation: (0, import_util_middleware.normalizeProvider)(requestChecksumCalculation ?? DEFAULT_REQUEST_CHECKSUM_CALCULATION), + responseChecksumValidation: (0, import_util_middleware.normalizeProvider)(responseChecksumValidation ?? DEFAULT_RESPONSE_CHECKSUM_VALIDATION), + requestStreamBufferSize: Number(requestStreamBufferSize ?? 0) + }); +}, "resolveFlexibleChecksumsConfig"); +// Annotate the CommonJS export names for ESM import in node: -"use strict"; +0 && (0); -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.commonParams = exports.resolveClientEndpointParameters = void 0; -const resolveClientEndpointParameters = (options) => { - return Object.assign(options, { - useDualstackEndpoint: options.useDualstackEndpoint ?? false, - useFipsEndpoint: options.useFipsEndpoint ?? false, - useGlobalEndpoint: options.useGlobalEndpoint ?? false, - defaultSigningName: "sts", - }); -}; -exports.resolveClientEndpointParameters = resolveClientEndpointParameters; -exports.commonParams = { - UseGlobalEndpoint: { type: "builtInParams", name: "useGlobalEndpoint" }, - UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, - Endpoint: { type: "builtInParams", name: "endpoint" }, - Region: { type: "builtInParams", name: "region" }, - UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" }, -}; /***/ }), -/***/ 7561: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { +/***/ 2545: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.defaultEndpointResolver = void 0; -const util_endpoints_1 = __nccwpck_require__(3350); -const util_endpoints_2 = __nccwpck_require__(5473); -const ruleset_1 = __nccwpck_require__(9127); -const cache = new util_endpoints_2.EndpointCache({ - size: 50, - params: ["Endpoint", "Region", "UseDualStack", "UseFIPS", "UseGlobalEndpoint"], -}); -const defaultEndpointResolver = (endpointParams, context = {}) => { - return cache.get(endpointParams, () => (0, util_endpoints_2.resolveEndpoint)(ruleset_1.ruleSet, { - endpointParams: endpointParams, - logger: context.logger, - })); +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); }; -exports.defaultEndpointResolver = defaultEndpointResolver; -util_endpoints_2.customEndpointFunctions.aws = util_endpoints_1.awsEndpointFunctions; - - -/***/ }), +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + } + return to; +}; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -/***/ 9127: -/***/ ((__unused_webpack_module, exports) => { +// src/index.ts +var index_exports = {}; +__export(index_exports, { + getHostHeaderPlugin: () => getHostHeaderPlugin, + hostHeaderMiddleware: () => hostHeaderMiddleware, + hostHeaderMiddlewareOptions: () => hostHeaderMiddlewareOptions, + resolveHostHeaderConfig: () => resolveHostHeaderConfig +}); +module.exports = __toCommonJS(index_exports); +var import_protocol_http = __nccwpck_require__(4418); +function resolveHostHeaderConfig(input) { + return input; +} +__name(resolveHostHeaderConfig, "resolveHostHeaderConfig"); +var hostHeaderMiddleware = /* @__PURE__ */ __name((options) => (next) => async (args) => { + if (!import_protocol_http.HttpRequest.isInstance(args.request)) return next(args); + const { request } = args; + const { handlerProtocol = "" } = options.requestHandler.metadata || {}; + if (handlerProtocol.indexOf("h2") >= 0 && !request.headers[":authority"]) { + delete request.headers["host"]; + request.headers[":authority"] = request.hostname + (request.port ? ":" + request.port : ""); + } else if (!request.headers["host"]) { + let host = request.hostname; + if (request.port != null) host += `:${request.port}`; + request.headers["host"] = host; + } + return next(args); +}, "hostHeaderMiddleware"); +var hostHeaderMiddlewareOptions = { + name: "hostHeaderMiddleware", + step: "build", + priority: "low", + tags: ["HOST"], + override: true +}; +var getHostHeaderPlugin = /* @__PURE__ */ __name((options) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.add(hostHeaderMiddleware(options), hostHeaderMiddlewareOptions); + }, "applyToStack") +}), "getHostHeaderPlugin"); +// Annotate the CommonJS export names for ESM import in node: -"use strict"; +0 && (0); -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.ruleSet = void 0; -const F = "required", G = "type", H = "fn", I = "argv", J = "ref"; -const a = false, b = true, c = "booleanEquals", d = "stringEquals", e = "sigv4", f = "sts", g = "us-east-1", h = "endpoint", i = "https://sts.{Region}.{PartitionResult#dnsSuffix}", j = "tree", k = "error", l = "getAttr", m = { [F]: false, [G]: "String" }, n = { [F]: true, "default": false, [G]: "Boolean" }, o = { [J]: "Endpoint" }, p = { [H]: "isSet", [I]: [{ [J]: "Region" }] }, q = { [J]: "Region" }, r = { [H]: "aws.partition", [I]: [q], "assign": "PartitionResult" }, s = { [J]: "UseFIPS" }, t = { [J]: "UseDualStack" }, u = { "url": "https://sts.amazonaws.com", "properties": { "authSchemes": [{ "name": e, "signingName": f, "signingRegion": g }] }, "headers": {} }, v = {}, w = { "conditions": [{ [H]: d, [I]: [q, "aws-global"] }], [h]: u, [G]: h }, x = { [H]: c, [I]: [s, true] }, y = { [H]: c, [I]: [t, true] }, z = { [H]: l, [I]: [{ [J]: "PartitionResult" }, "supportsFIPS"] }, A = { [J]: "PartitionResult" }, B = { [H]: c, [I]: [true, { [H]: l, [I]: [A, "supportsDualStack"] }] }, C = [{ [H]: "isSet", [I]: [o] }], D = [x], E = [y]; -const _data = { version: "1.0", parameters: { Region: m, UseDualStack: n, UseFIPS: n, Endpoint: m, UseGlobalEndpoint: n }, rules: [{ conditions: [{ [H]: c, [I]: [{ [J]: "UseGlobalEndpoint" }, b] }, { [H]: "not", [I]: C }, p, r, { [H]: c, [I]: [s, a] }, { [H]: c, [I]: [t, a] }], rules: [{ conditions: [{ [H]: d, [I]: [q, "ap-northeast-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "ap-south-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "ap-southeast-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "ap-southeast-2"] }], endpoint: u, [G]: h }, w, { conditions: [{ [H]: d, [I]: [q, "ca-central-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-central-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-north-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-west-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-west-2"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-west-3"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "sa-east-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, g] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "us-east-2"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "us-west-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "us-west-2"] }], endpoint: u, [G]: h }, { endpoint: { url: i, properties: { authSchemes: [{ name: e, signingName: f, signingRegion: "{Region}" }] }, headers: v }, [G]: h }], [G]: j }, { conditions: C, rules: [{ conditions: D, error: "Invalid Configuration: FIPS and custom endpoint are not supported", [G]: k }, { conditions: E, error: "Invalid Configuration: Dualstack and custom endpoint are not supported", [G]: k }, { endpoint: { url: o, properties: v, headers: v }, [G]: h }], [G]: j }, { conditions: [p], rules: [{ conditions: [r], rules: [{ conditions: [x, y], rules: [{ conditions: [{ [H]: c, [I]: [b, z] }, B], rules: [{ endpoint: { url: "https://sts-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: v, headers: v }, [G]: h }], [G]: j }, { error: "FIPS and DualStack are enabled, but this partition does not support one or both", [G]: k }], [G]: j }, { conditions: D, rules: [{ conditions: [{ [H]: c, [I]: [z, b] }], rules: [{ conditions: [{ [H]: d, [I]: [{ [H]: l, [I]: [A, "name"] }, "aws-us-gov"] }], endpoint: { url: "https://sts.{Region}.amazonaws.com", properties: v, headers: v }, [G]: h }, { endpoint: { url: "https://sts-fips.{Region}.{PartitionResult#dnsSuffix}", properties: v, headers: v }, [G]: h }], [G]: j }, { error: "FIPS is enabled but this partition does not support FIPS", [G]: k }], [G]: j }, { conditions: E, rules: [{ conditions: [B], rules: [{ endpoint: { url: "https://sts.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: v, headers: v }, [G]: h }], [G]: j }, { error: "DualStack is enabled but this partition does not support DualStack", [G]: k }], [G]: j }, w, { endpoint: { url: i, properties: v, headers: v }, [G]: h }], [G]: j }], [G]: j }, { error: "Invalid Configuration: Missing Region", [G]: k }] }; -exports.ruleSet = _data; /***/ }), -/***/ 2273: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +/***/ 2098: +/***/ ((module) => { "use strict"; @@ -54533,1068 +39279,886 @@ var __copyProps = (to, from, except, desc) => { } return to; }; -var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default")); var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -// src/submodules/sts/index.ts +// src/index.ts var index_exports = {}; __export(index_exports, { - AssumeRoleCommand: () => AssumeRoleCommand, - AssumeRoleResponseFilterSensitiveLog: () => AssumeRoleResponseFilterSensitiveLog, - AssumeRoleWithWebIdentityCommand: () => AssumeRoleWithWebIdentityCommand, - AssumeRoleWithWebIdentityRequestFilterSensitiveLog: () => AssumeRoleWithWebIdentityRequestFilterSensitiveLog, - AssumeRoleWithWebIdentityResponseFilterSensitiveLog: () => AssumeRoleWithWebIdentityResponseFilterSensitiveLog, - ClientInputEndpointParameters: () => import_EndpointParameters3.ClientInputEndpointParameters, - CredentialsFilterSensitiveLog: () => CredentialsFilterSensitiveLog, - ExpiredTokenException: () => ExpiredTokenException, - IDPCommunicationErrorException: () => IDPCommunicationErrorException, - IDPRejectedClaimException: () => IDPRejectedClaimException, - InvalidIdentityTokenException: () => InvalidIdentityTokenException, - MalformedPolicyDocumentException: () => MalformedPolicyDocumentException, - PackedPolicyTooLargeException: () => PackedPolicyTooLargeException, - RegionDisabledException: () => RegionDisabledException, - STS: () => STS, - STSServiceException: () => STSServiceException, - decorateDefaultCredentialProvider: () => decorateDefaultCredentialProvider, - getDefaultRoleAssumer: () => getDefaultRoleAssumer2, - getDefaultRoleAssumerWithWebIdentity: () => getDefaultRoleAssumerWithWebIdentity2 + getLocationConstraintPlugin: () => getLocationConstraintPlugin, + locationConstraintMiddleware: () => locationConstraintMiddleware, + locationConstraintMiddlewareOptions: () => locationConstraintMiddlewareOptions }); module.exports = __toCommonJS(index_exports); -__reExport(index_exports, __nccwpck_require__(8974), module.exports); +function locationConstraintMiddleware(options) { + return (next) => async (args) => { + const { CreateBucketConfiguration } = args.input; + const region = await options.region(); + if (!CreateBucketConfiguration?.LocationConstraint && !CreateBucketConfiguration?.Location) { + args = { + ...args, + input: { + ...args.input, + CreateBucketConfiguration: region === "us-east-1" ? void 0 : { LocationConstraint: region } + } + }; + } + return next(args); + }; +} +__name(locationConstraintMiddleware, "locationConstraintMiddleware"); +var locationConstraintMiddlewareOptions = { + step: "initialize", + tags: ["LOCATION_CONSTRAINT", "CREATE_BUCKET_CONFIGURATION"], + name: "locationConstraintMiddleware", + override: true +}; +var getLocationConstraintPlugin = /* @__PURE__ */ __name((config) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.add(locationConstraintMiddleware(config), locationConstraintMiddlewareOptions); + }, "applyToStack") +}), "getLocationConstraintPlugin"); +// Annotate the CommonJS export names for ESM import in node: -// src/submodules/sts/STS.ts -var import_smithy_client6 = __nccwpck_require__(3570); +0 && (0); -// src/submodules/sts/commands/AssumeRoleCommand.ts -var import_middleware_endpoint = __nccwpck_require__(2918); -var import_middleware_serde = __nccwpck_require__(1238); -var import_smithy_client4 = __nccwpck_require__(3570); -var import_EndpointParameters = __nccwpck_require__(1765); -// src/submodules/sts/models/models_0.ts -var import_smithy_client2 = __nccwpck_require__(3570); -// src/submodules/sts/models/STSServiceException.ts -var import_smithy_client = __nccwpck_require__(3570); -var STSServiceException = class _STSServiceException extends import_smithy_client.ServiceException { - static { - __name(this, "STSServiceException"); - } - /** - * @internal - */ - constructor(options) { - super(options); - Object.setPrototypeOf(this, _STSServiceException.prototype); - } -}; +/***/ }), -// src/submodules/sts/models/models_0.ts -var CredentialsFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.SecretAccessKey && { SecretAccessKey: import_smithy_client2.SENSITIVE_STRING } -}), "CredentialsFilterSensitiveLog"); -var AssumeRoleResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) } -}), "AssumeRoleResponseFilterSensitiveLog"); -var ExpiredTokenException = class _ExpiredTokenException extends STSServiceException { - static { - __name(this, "ExpiredTokenException"); - } - name = "ExpiredTokenException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "ExpiredTokenException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _ExpiredTokenException.prototype); - } -}; -var MalformedPolicyDocumentException = class _MalformedPolicyDocumentException extends STSServiceException { - static { - __name(this, "MalformedPolicyDocumentException"); - } - name = "MalformedPolicyDocumentException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "MalformedPolicyDocumentException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _MalformedPolicyDocumentException.prototype); - } -}; -var PackedPolicyTooLargeException = class _PackedPolicyTooLargeException extends STSServiceException { - static { - __name(this, "PackedPolicyTooLargeException"); - } - name = "PackedPolicyTooLargeException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "PackedPolicyTooLargeException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _PackedPolicyTooLargeException.prototype); - } -}; -var RegionDisabledException = class _RegionDisabledException extends STSServiceException { - static { - __name(this, "RegionDisabledException"); - } - name = "RegionDisabledException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "RegionDisabledException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _RegionDisabledException.prototype); - } +/***/ 14: +/***/ ((module) => { + +"use strict"; + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); }; -var IDPRejectedClaimException = class _IDPRejectedClaimException extends STSServiceException { - static { - __name(this, "IDPRejectedClaimException"); - } - name = "IDPRejectedClaimException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "IDPRejectedClaimException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _IDPRejectedClaimException.prototype); +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } + return to; }; -var InvalidIdentityTokenException = class _InvalidIdentityTokenException extends STSServiceException { - static { - __name(this, "InvalidIdentityTokenException"); - } - name = "InvalidIdentityTokenException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "InvalidIdentityTokenException", - $fault: "client", - ...opts +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/index.ts +var index_exports = {}; +__export(index_exports, { + getLoggerPlugin: () => getLoggerPlugin, + loggerMiddleware: () => loggerMiddleware, + loggerMiddlewareOptions: () => loggerMiddlewareOptions +}); +module.exports = __toCommonJS(index_exports); + +// src/loggerMiddleware.ts +var loggerMiddleware = /* @__PURE__ */ __name(() => (next, context) => async (args) => { + try { + const response = await next(args); + const { clientName, commandName, logger, dynamoDbDocumentClientOptions = {} } = context; + const { overrideInputFilterSensitiveLog, overrideOutputFilterSensitiveLog } = dynamoDbDocumentClientOptions; + const inputFilterSensitiveLog = overrideInputFilterSensitiveLog ?? context.inputFilterSensitiveLog; + const outputFilterSensitiveLog = overrideOutputFilterSensitiveLog ?? context.outputFilterSensitiveLog; + const { $metadata, ...outputWithoutMetadata } = response.output; + logger?.info?.({ + clientName, + commandName, + input: inputFilterSensitiveLog(args.input), + output: outputFilterSensitiveLog(outputWithoutMetadata), + metadata: $metadata }); - Object.setPrototypeOf(this, _InvalidIdentityTokenException.prototype); + return response; + } catch (error) { + const { clientName, commandName, logger, dynamoDbDocumentClientOptions = {} } = context; + const { overrideInputFilterSensitiveLog } = dynamoDbDocumentClientOptions; + const inputFilterSensitiveLog = overrideInputFilterSensitiveLog ?? context.inputFilterSensitiveLog; + logger?.error?.({ + clientName, + commandName, + input: inputFilterSensitiveLog(args.input), + error, + metadata: error.$metadata + }); + throw error; } +}, "loggerMiddleware"); +var loggerMiddlewareOptions = { + name: "loggerMiddleware", + tags: ["LOGGER"], + step: "initialize", + override: true }; -var AssumeRoleWithWebIdentityRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.WebIdentityToken && { WebIdentityToken: import_smithy_client2.SENSITIVE_STRING } -}), "AssumeRoleWithWebIdentityRequestFilterSensitiveLog"); -var AssumeRoleWithWebIdentityResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) } -}), "AssumeRoleWithWebIdentityResponseFilterSensitiveLog"); -var IDPCommunicationErrorException = class _IDPCommunicationErrorException extends STSServiceException { - static { - __name(this, "IDPCommunicationErrorException"); - } - name = "IDPCommunicationErrorException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "IDPCommunicationErrorException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _IDPCommunicationErrorException.prototype); +var getLoggerPlugin = /* @__PURE__ */ __name((options) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.add(loggerMiddleware(), loggerMiddlewareOptions); + }, "applyToStack") +}), "getLoggerPlugin"); +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); + + + +/***/ }), + +/***/ 5525: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +"use strict"; + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } + return to; }; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -// src/submodules/sts/protocols/Aws_query.ts -var import_core = __nccwpck_require__(9963); +// src/index.ts +var index_exports = {}; +__export(index_exports, { + addRecursionDetectionMiddlewareOptions: () => addRecursionDetectionMiddlewareOptions, + getRecursionDetectionPlugin: () => getRecursionDetectionPlugin, + recursionDetectionMiddleware: () => recursionDetectionMiddleware +}); +module.exports = __toCommonJS(index_exports); var import_protocol_http = __nccwpck_require__(4418); -var import_smithy_client3 = __nccwpck_require__(3570); -var se_AssumeRoleCommand = /* @__PURE__ */ __name(async (input, context) => { - const headers = SHARED_HEADERS; - let body; - body = buildFormUrlencodedString({ - ...se_AssumeRoleRequest(input, context), - [_A]: _AR, - [_V]: _ - }); - return buildHttpRpcRequest(context, headers, "/", void 0, body); -}, "se_AssumeRoleCommand"); -var se_AssumeRoleWithWebIdentityCommand = /* @__PURE__ */ __name(async (input, context) => { - const headers = SHARED_HEADERS; - let body; - body = buildFormUrlencodedString({ - ...se_AssumeRoleWithWebIdentityRequest(input, context), - [_A]: _ARWWI, - [_V]: _ - }); - return buildHttpRpcRequest(context, headers, "/", void 0, body); -}, "se_AssumeRoleWithWebIdentityCommand"); -var de_AssumeRoleCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode >= 300) { - return de_CommandError(output, context); +var TRACE_ID_HEADER_NAME = "X-Amzn-Trace-Id"; +var ENV_LAMBDA_FUNCTION_NAME = "AWS_LAMBDA_FUNCTION_NAME"; +var ENV_TRACE_ID = "_X_AMZN_TRACE_ID"; +var recursionDetectionMiddleware = /* @__PURE__ */ __name((options) => (next) => async (args) => { + const { request } = args; + if (!import_protocol_http.HttpRequest.isInstance(request) || options.runtime !== "node") { + return next(args); } - const data = await (0, import_core.parseXmlBody)(output.body, context); - let contents = {}; - contents = de_AssumeRoleResponse(data.AssumeRoleResult, context); - const response = { - $metadata: deserializeMetadata(output), - ...contents - }; - return response; -}, "de_AssumeRoleCommand"); -var de_AssumeRoleWithWebIdentityCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode >= 300) { - return de_CommandError(output, context); + const traceIdHeader = Object.keys(request.headers ?? {}).find((h) => h.toLowerCase() === TRACE_ID_HEADER_NAME.toLowerCase()) ?? TRACE_ID_HEADER_NAME; + if (request.headers.hasOwnProperty(traceIdHeader)) { + return next(args); } - const data = await (0, import_core.parseXmlBody)(output.body, context); - let contents = {}; - contents = de_AssumeRoleWithWebIdentityResponse(data.AssumeRoleWithWebIdentityResult, context); - const response = { - $metadata: deserializeMetadata(output), - ...contents - }; - return response; -}, "de_AssumeRoleWithWebIdentityCommand"); -var de_CommandError = /* @__PURE__ */ __name(async (output, context) => { - const parsedOutput = { - ...output, - body: await (0, import_core.parseXmlErrorBody)(output.body, context) - }; - const errorCode = loadQueryErrorCode(output, parsedOutput.body); - switch (errorCode) { - case "ExpiredTokenException": - case "com.amazonaws.sts#ExpiredTokenException": - throw await de_ExpiredTokenExceptionRes(parsedOutput, context); - case "MalformedPolicyDocument": - case "com.amazonaws.sts#MalformedPolicyDocumentException": - throw await de_MalformedPolicyDocumentExceptionRes(parsedOutput, context); - case "PackedPolicyTooLarge": - case "com.amazonaws.sts#PackedPolicyTooLargeException": - throw await de_PackedPolicyTooLargeExceptionRes(parsedOutput, context); - case "RegionDisabledException": - case "com.amazonaws.sts#RegionDisabledException": - throw await de_RegionDisabledExceptionRes(parsedOutput, context); - case "IDPCommunicationError": - case "com.amazonaws.sts#IDPCommunicationErrorException": - throw await de_IDPCommunicationErrorExceptionRes(parsedOutput, context); - case "IDPRejectedClaim": - case "com.amazonaws.sts#IDPRejectedClaimException": - throw await de_IDPRejectedClaimExceptionRes(parsedOutput, context); - case "InvalidIdentityToken": - case "com.amazonaws.sts#InvalidIdentityTokenException": - throw await de_InvalidIdentityTokenExceptionRes(parsedOutput, context); - default: - const parsedBody = parsedOutput.body; - return throwDefaultError({ - output, - parsedBody: parsedBody.Error, - errorCode - }); + const functionName = process.env[ENV_LAMBDA_FUNCTION_NAME]; + const traceId = process.env[ENV_TRACE_ID]; + const nonEmptyString = /* @__PURE__ */ __name((str) => typeof str === "string" && str.length > 0, "nonEmptyString"); + if (nonEmptyString(functionName) && nonEmptyString(traceId)) { + request.headers[TRACE_ID_HEADER_NAME] = traceId; } -}, "de_CommandError"); -var de_ExpiredTokenExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_ExpiredTokenException(body.Error, context); - const exception = new ExpiredTokenException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client3.decorateServiceException)(exception, body); -}, "de_ExpiredTokenExceptionRes"); -var de_IDPCommunicationErrorExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_IDPCommunicationErrorException(body.Error, context); - const exception = new IDPCommunicationErrorException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client3.decorateServiceException)(exception, body); -}, "de_IDPCommunicationErrorExceptionRes"); -var de_IDPRejectedClaimExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_IDPRejectedClaimException(body.Error, context); - const exception = new IDPRejectedClaimException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client3.decorateServiceException)(exception, body); -}, "de_IDPRejectedClaimExceptionRes"); -var de_InvalidIdentityTokenExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_InvalidIdentityTokenException(body.Error, context); - const exception = new InvalidIdentityTokenException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client3.decorateServiceException)(exception, body); -}, "de_InvalidIdentityTokenExceptionRes"); -var de_MalformedPolicyDocumentExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_MalformedPolicyDocumentException(body.Error, context); - const exception = new MalformedPolicyDocumentException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client3.decorateServiceException)(exception, body); -}, "de_MalformedPolicyDocumentExceptionRes"); -var de_PackedPolicyTooLargeExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_PackedPolicyTooLargeException(body.Error, context); - const exception = new PackedPolicyTooLargeException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client3.decorateServiceException)(exception, body); -}, "de_PackedPolicyTooLargeExceptionRes"); -var de_RegionDisabledExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_RegionDisabledException(body.Error, context); - const exception = new RegionDisabledException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized + return next({ + ...args, + request }); - return (0, import_smithy_client3.decorateServiceException)(exception, body); -}, "de_RegionDisabledExceptionRes"); -var se_AssumeRoleRequest = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_RA] != null) { - entries[_RA] = input[_RA]; - } - if (input[_RSN] != null) { - entries[_RSN] = input[_RSN]; - } - if (input[_PA] != null) { - const memberEntries = se_policyDescriptorListType(input[_PA], context); - if (input[_PA]?.length === 0) { - entries.PolicyArns = []; - } - Object.entries(memberEntries).forEach(([key, value]) => { - const loc = `PolicyArns.${key}`; - entries[loc] = value; - }); - } - if (input[_P] != null) { - entries[_P] = input[_P]; - } - if (input[_DS] != null) { - entries[_DS] = input[_DS]; - } - if (input[_T] != null) { - const memberEntries = se_tagListType(input[_T], context); - if (input[_T]?.length === 0) { - entries.Tags = []; - } - Object.entries(memberEntries).forEach(([key, value]) => { - const loc = `Tags.${key}`; - entries[loc] = value; - }); +}, "recursionDetectionMiddleware"); +var addRecursionDetectionMiddlewareOptions = { + step: "build", + tags: ["RECURSION_DETECTION"], + name: "recursionDetectionMiddleware", + override: true, + priority: "low" +}; +var getRecursionDetectionPlugin = /* @__PURE__ */ __name((options) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.add(recursionDetectionMiddleware(options), addRecursionDetectionMiddlewareOptions); + }, "applyToStack") +}), "getRecursionDetectionPlugin"); +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); + + + +/***/ }), + +/***/ 1139: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +"use strict"; + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } - if (input[_TTK] != null) { - const memberEntries = se_tagKeyListType(input[_TTK], context); - if (input[_TTK]?.length === 0) { - entries.TransitiveTagKeys = []; + return to; +}; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/index.ts +var index_exports = {}; +__export(index_exports, { + NODE_DISABLE_S3_EXPRESS_SESSION_AUTH_OPTIONS: () => NODE_DISABLE_S3_EXPRESS_SESSION_AUTH_OPTIONS, + S3ExpressIdentityCache: () => S3ExpressIdentityCache, + S3ExpressIdentityCacheEntry: () => S3ExpressIdentityCacheEntry, + S3ExpressIdentityProviderImpl: () => S3ExpressIdentityProviderImpl, + SignatureV4S3Express: () => SignatureV4S3Express, + checkContentLengthHeader: () => checkContentLengthHeader, + checkContentLengthHeaderMiddlewareOptions: () => checkContentLengthHeaderMiddlewareOptions, + getCheckContentLengthHeaderPlugin: () => getCheckContentLengthHeaderPlugin, + getRegionRedirectMiddlewarePlugin: () => getRegionRedirectMiddlewarePlugin, + getS3ExpiresMiddlewarePlugin: () => getS3ExpiresMiddlewarePlugin, + getS3ExpressHttpSigningPlugin: () => getS3ExpressHttpSigningPlugin, + getS3ExpressPlugin: () => getS3ExpressPlugin, + getThrow200ExceptionsPlugin: () => getThrow200ExceptionsPlugin, + getValidateBucketNamePlugin: () => getValidateBucketNamePlugin, + regionRedirectEndpointMiddleware: () => regionRedirectEndpointMiddleware, + regionRedirectEndpointMiddlewareOptions: () => regionRedirectEndpointMiddlewareOptions, + regionRedirectMiddleware: () => regionRedirectMiddleware, + regionRedirectMiddlewareOptions: () => regionRedirectMiddlewareOptions, + resolveS3Config: () => resolveS3Config, + s3ExpiresMiddleware: () => s3ExpiresMiddleware, + s3ExpiresMiddlewareOptions: () => s3ExpiresMiddlewareOptions, + s3ExpressHttpSigningMiddleware: () => s3ExpressHttpSigningMiddleware, + s3ExpressHttpSigningMiddlewareOptions: () => s3ExpressHttpSigningMiddlewareOptions, + s3ExpressMiddleware: () => s3ExpressMiddleware, + s3ExpressMiddlewareOptions: () => s3ExpressMiddlewareOptions, + throw200ExceptionsMiddleware: () => throw200ExceptionsMiddleware, + throw200ExceptionsMiddlewareOptions: () => throw200ExceptionsMiddlewareOptions, + validateBucketNameMiddleware: () => validateBucketNameMiddleware, + validateBucketNameMiddlewareOptions: () => validateBucketNameMiddlewareOptions +}); +module.exports = __toCommonJS(index_exports); + +// src/check-content-length-header.ts +var import_protocol_http = __nccwpck_require__(4418); +var import_smithy_client = __nccwpck_require__(3570); +var CONTENT_LENGTH_HEADER = "content-length"; +var DECODED_CONTENT_LENGTH_HEADER = "x-amz-decoded-content-length"; +function checkContentLengthHeader() { + return (next, context) => async (args) => { + const { request } = args; + if (import_protocol_http.HttpRequest.isInstance(request)) { + if (!(CONTENT_LENGTH_HEADER in request.headers) && !(DECODED_CONTENT_LENGTH_HEADER in request.headers)) { + const message = `Are you using a Stream of unknown length as the Body of a PutObject request? Consider using Upload instead from @aws-sdk/lib-storage.`; + if (typeof context?.logger?.warn === "function" && !(context.logger instanceof import_smithy_client.NoOpLogger)) { + context.logger.warn(message); + } else { + console.warn(message); + } + } } - Object.entries(memberEntries).forEach(([key, value]) => { - const loc = `TransitiveTagKeys.${key}`; - entries[loc] = value; - }); - } - if (input[_EI] != null) { - entries[_EI] = input[_EI]; - } - if (input[_SN] != null) { - entries[_SN] = input[_SN]; - } - if (input[_TC] != null) { - entries[_TC] = input[_TC]; - } - if (input[_SI] != null) { - entries[_SI] = input[_SI]; - } - if (input[_PC] != null) { - const memberEntries = se_ProvidedContextsListType(input[_PC], context); - if (input[_PC]?.length === 0) { - entries.ProvidedContexts = []; + return next({ ...args }); + }; +} +__name(checkContentLengthHeader, "checkContentLengthHeader"); +var checkContentLengthHeaderMiddlewareOptions = { + step: "finalizeRequest", + tags: ["CHECK_CONTENT_LENGTH_HEADER"], + name: "getCheckContentLengthHeaderPlugin", + override: true +}; +var getCheckContentLengthHeaderPlugin = /* @__PURE__ */ __name((unused) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.add(checkContentLengthHeader(), checkContentLengthHeaderMiddlewareOptions); + }, "applyToStack") +}), "getCheckContentLengthHeaderPlugin"); + +// src/region-redirect-endpoint-middleware.ts +var regionRedirectEndpointMiddleware = /* @__PURE__ */ __name((config) => { + return (next, context) => async (args) => { + const originalRegion = await config.region(); + const regionProviderRef = config.region; + let unlock = /* @__PURE__ */ __name(() => { + }, "unlock"); + if (context.__s3RegionRedirect) { + Object.defineProperty(config, "region", { + writable: false, + value: /* @__PURE__ */ __name(async () => { + return context.__s3RegionRedirect; + }, "value") + }); + unlock = /* @__PURE__ */ __name(() => Object.defineProperty(config, "region", { + writable: true, + value: regionProviderRef + }), "unlock"); } - Object.entries(memberEntries).forEach(([key, value]) => { - const loc = `ProvidedContexts.${key}`; - entries[loc] = value; - }); - } - return entries; -}, "se_AssumeRoleRequest"); -var se_AssumeRoleWithWebIdentityRequest = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_RA] != null) { - entries[_RA] = input[_RA]; - } - if (input[_RSN] != null) { - entries[_RSN] = input[_RSN]; - } - if (input[_WIT] != null) { - entries[_WIT] = input[_WIT]; - } - if (input[_PI] != null) { - entries[_PI] = input[_PI]; - } - if (input[_PA] != null) { - const memberEntries = se_policyDescriptorListType(input[_PA], context); - if (input[_PA]?.length === 0) { - entries.PolicyArns = []; + try { + const result = await next(args); + if (context.__s3RegionRedirect) { + unlock(); + const region = await config.region(); + if (originalRegion !== region) { + throw new Error("Region was not restored following S3 region redirect."); + } + } + return result; + } catch (e) { + unlock(); + throw e; } - Object.entries(memberEntries).forEach(([key, value]) => { - const loc = `PolicyArns.${key}`; - entries[loc] = value; - }); - } - if (input[_P] != null) { - entries[_P] = input[_P]; - } - if (input[_DS] != null) { - entries[_DS] = input[_DS]; - } - return entries; -}, "se_AssumeRoleWithWebIdentityRequest"); -var se_policyDescriptorListType = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - let counter = 1; - for (const entry of input) { - if (entry === null) { - continue; + }; +}, "regionRedirectEndpointMiddleware"); +var regionRedirectEndpointMiddlewareOptions = { + tags: ["REGION_REDIRECT", "S3"], + name: "regionRedirectEndpointMiddleware", + override: true, + relation: "before", + toMiddleware: "endpointV2Middleware" +}; + +// src/region-redirect-middleware.ts +function regionRedirectMiddleware(clientConfig) { + return (next, context) => async (args) => { + try { + return await next(args); + } catch (err) { + if (clientConfig.followRegionRedirects) { + if (err?.$metadata?.httpStatusCode === 301 || // err.name === "PermanentRedirect" && --> removing the error name check, as that allows for HEAD operations (which have the 301 status code, but not the same error name) to be covered for region redirection as well + err?.$metadata?.httpStatusCode === 400 && err?.name === "IllegalLocationConstraintException") { + try { + const actualRegion = err.$response.headers["x-amz-bucket-region"]; + context.logger?.debug(`Redirecting from ${await clientConfig.region()} to ${actualRegion}`); + context.__s3RegionRedirect = actualRegion; + } catch (e) { + throw new Error("Region redirect failed: " + e); + } + return next(args); + } + } + throw err; } - const memberEntries = se_PolicyDescriptorType(entry, context); - Object.entries(memberEntries).forEach(([key, value]) => { - entries[`member.${counter}.${key}`] = value; - }); - counter++; - } - return entries; -}, "se_policyDescriptorListType"); -var se_PolicyDescriptorType = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_a] != null) { - entries[_a] = input[_a]; - } - return entries; -}, "se_PolicyDescriptorType"); -var se_ProvidedContext = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_PAr] != null) { - entries[_PAr] = input[_PAr]; + }; +} +__name(regionRedirectMiddleware, "regionRedirectMiddleware"); +var regionRedirectMiddlewareOptions = { + step: "initialize", + tags: ["REGION_REDIRECT", "S3"], + name: "regionRedirectMiddleware", + override: true +}; +var getRegionRedirectMiddlewarePlugin = /* @__PURE__ */ __name((clientConfig) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.add(regionRedirectMiddleware(clientConfig), regionRedirectMiddlewareOptions); + clientStack.addRelativeTo(regionRedirectEndpointMiddleware(clientConfig), regionRedirectEndpointMiddlewareOptions); + }, "applyToStack") +}), "getRegionRedirectMiddlewarePlugin"); + +// src/s3-expires-middleware.ts + + +var s3ExpiresMiddleware = /* @__PURE__ */ __name((config) => { + return (next, context) => async (args) => { + const result = await next(args); + const { response } = result; + if (import_protocol_http.HttpResponse.isInstance(response)) { + if (response.headers.expires) { + response.headers.expiresstring = response.headers.expires; + try { + (0, import_smithy_client.parseRfc7231DateTime)(response.headers.expires); + } catch (e) { + context.logger?.warn( + `AWS SDK Warning for ${context.clientName}::${context.commandName} response parsing (${response.headers.expires}): ${e}` + ); + delete response.headers.expires; + } + } + } + return result; + }; +}, "s3ExpiresMiddleware"); +var s3ExpiresMiddlewareOptions = { + tags: ["S3"], + name: "s3ExpiresMiddleware", + override: true, + relation: "after", + toMiddleware: "deserializerMiddleware" +}; +var getS3ExpiresMiddlewarePlugin = /* @__PURE__ */ __name((clientConfig) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.addRelativeTo(s3ExpiresMiddleware(clientConfig), s3ExpiresMiddlewareOptions); + }, "applyToStack") +}), "getS3ExpiresMiddlewarePlugin"); + +// src/s3-express/classes/S3ExpressIdentityCache.ts +var S3ExpressIdentityCache = class _S3ExpressIdentityCache { + constructor(data = {}) { + this.data = data; } - if (input[_CA] != null) { - entries[_CA] = input[_CA]; + static { + __name(this, "S3ExpressIdentityCache"); } - return entries; -}, "se_ProvidedContext"); -var se_ProvidedContextsListType = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - let counter = 1; - for (const entry of input) { - if (entry === null) { - continue; + lastPurgeTime = Date.now(); + static EXPIRED_CREDENTIAL_PURGE_INTERVAL_MS = 3e4; + get(key) { + const entry = this.data[key]; + if (!entry) { + return; } - const memberEntries = se_ProvidedContext(entry, context); - Object.entries(memberEntries).forEach(([key, value]) => { - entries[`member.${counter}.${key}`] = value; - }); - counter++; + return entry; } - return entries; -}, "se_ProvidedContextsListType"); -var se_Tag = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_K] != null) { - entries[_K] = input[_K]; + set(key, entry) { + this.data[key] = entry; + return entry; } - if (input[_Va] != null) { - entries[_Va] = input[_Va]; + delete(key) { + delete this.data[key]; } - return entries; -}, "se_Tag"); -var se_tagKeyListType = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - let counter = 1; - for (const entry of input) { - if (entry === null) { - continue; + async purgeExpired() { + const now = Date.now(); + if (this.lastPurgeTime + _S3ExpressIdentityCache.EXPIRED_CREDENTIAL_PURGE_INTERVAL_MS > now) { + return; } - entries[`member.${counter}`] = entry; - counter++; - } - return entries; -}, "se_tagKeyListType"); -var se_tagListType = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - let counter = 1; - for (const entry of input) { - if (entry === null) { - continue; + for (const key in this.data) { + const entry = this.data[key]; + if (!entry.isRefreshing) { + const credential = await entry.identity; + if (credential.expiration) { + if (credential.expiration.getTime() < now) { + delete this.data[key]; + } + } + } } - const memberEntries = se_Tag(entry, context); - Object.entries(memberEntries).forEach(([key, value]) => { - entries[`member.${counter}.${key}`] = value; - }); - counter++; - } - return entries; -}, "se_tagListType"); -var de_AssumedRoleUser = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_ARI] != null) { - contents[_ARI] = (0, import_smithy_client3.expectString)(output[_ARI]); - } - if (output[_Ar] != null) { - contents[_Ar] = (0, import_smithy_client3.expectString)(output[_Ar]); - } - return contents; -}, "de_AssumedRoleUser"); -var de_AssumeRoleResponse = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_C] != null) { - contents[_C] = de_Credentials(output[_C], context); - } - if (output[_ARU] != null) { - contents[_ARU] = de_AssumedRoleUser(output[_ARU], context); - } - if (output[_PPS] != null) { - contents[_PPS] = (0, import_smithy_client3.strictParseInt32)(output[_PPS]); - } - if (output[_SI] != null) { - contents[_SI] = (0, import_smithy_client3.expectString)(output[_SI]); - } - return contents; -}, "de_AssumeRoleResponse"); -var de_AssumeRoleWithWebIdentityResponse = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_C] != null) { - contents[_C] = de_Credentials(output[_C], context); - } - if (output[_SFWIT] != null) { - contents[_SFWIT] = (0, import_smithy_client3.expectString)(output[_SFWIT]); - } - if (output[_ARU] != null) { - contents[_ARU] = de_AssumedRoleUser(output[_ARU], context); - } - if (output[_PPS] != null) { - contents[_PPS] = (0, import_smithy_client3.strictParseInt32)(output[_PPS]); - } - if (output[_Pr] != null) { - contents[_Pr] = (0, import_smithy_client3.expectString)(output[_Pr]); - } - if (output[_Au] != null) { - contents[_Au] = (0, import_smithy_client3.expectString)(output[_Au]); - } - if (output[_SI] != null) { - contents[_SI] = (0, import_smithy_client3.expectString)(output[_SI]); - } - return contents; -}, "de_AssumeRoleWithWebIdentityResponse"); -var de_Credentials = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_AKI] != null) { - contents[_AKI] = (0, import_smithy_client3.expectString)(output[_AKI]); - } - if (output[_SAK] != null) { - contents[_SAK] = (0, import_smithy_client3.expectString)(output[_SAK]); - } - if (output[_ST] != null) { - contents[_ST] = (0, import_smithy_client3.expectString)(output[_ST]); - } - if (output[_E] != null) { - contents[_E] = (0, import_smithy_client3.expectNonNull)((0, import_smithy_client3.parseRfc3339DateTimeWithOffset)(output[_E])); - } - return contents; -}, "de_Credentials"); -var de_ExpiredTokenException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); - } - return contents; -}, "de_ExpiredTokenException"); -var de_IDPCommunicationErrorException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); - } - return contents; -}, "de_IDPCommunicationErrorException"); -var de_IDPRejectedClaimException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); - } - return contents; -}, "de_IDPRejectedClaimException"); -var de_InvalidIdentityTokenException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); - } - return contents; -}, "de_InvalidIdentityTokenException"); -var de_MalformedPolicyDocumentException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); - } - return contents; -}, "de_MalformedPolicyDocumentException"); -var de_PackedPolicyTooLargeException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); - } - return contents; -}, "de_PackedPolicyTooLargeException"); -var de_RegionDisabledException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); - } - return contents; -}, "de_RegionDisabledException"); -var deserializeMetadata = /* @__PURE__ */ __name((output) => ({ - httpStatusCode: output.statusCode, - requestId: output.headers["x-amzn-requestid"] ?? output.headers["x-amzn-request-id"] ?? output.headers["x-amz-request-id"], - extendedRequestId: output.headers["x-amz-id-2"], - cfId: output.headers["x-amz-cf-id"] -}), "deserializeMetadata"); -var throwDefaultError = (0, import_smithy_client3.withBaseException)(STSServiceException); -var buildHttpRpcRequest = /* @__PURE__ */ __name(async (context, headers, path, resolvedHostname, body) => { - const { hostname, protocol = "https", port, path: basePath } = await context.endpoint(); - const contents = { - protocol, - hostname, - port, - method: "POST", - path: basePath.endsWith("/") ? basePath.slice(0, -1) + path : basePath + path, - headers - }; - if (resolvedHostname !== void 0) { - contents.hostname = resolvedHostname; - } - if (body !== void 0) { - contents.body = body; } - return new import_protocol_http.HttpRequest(contents); -}, "buildHttpRpcRequest"); -var SHARED_HEADERS = { - "content-type": "application/x-www-form-urlencoded" }; -var _ = "2011-06-15"; -var _A = "Action"; -var _AKI = "AccessKeyId"; -var _AR = "AssumeRole"; -var _ARI = "AssumedRoleId"; -var _ARU = "AssumedRoleUser"; -var _ARWWI = "AssumeRoleWithWebIdentity"; -var _Ar = "Arn"; -var _Au = "Audience"; -var _C = "Credentials"; -var _CA = "ContextAssertion"; -var _DS = "DurationSeconds"; -var _E = "Expiration"; -var _EI = "ExternalId"; -var _K = "Key"; -var _P = "Policy"; -var _PA = "PolicyArns"; -var _PAr = "ProviderArn"; -var _PC = "ProvidedContexts"; -var _PI = "ProviderId"; -var _PPS = "PackedPolicySize"; -var _Pr = "Provider"; -var _RA = "RoleArn"; -var _RSN = "RoleSessionName"; -var _SAK = "SecretAccessKey"; -var _SFWIT = "SubjectFromWebIdentityToken"; -var _SI = "SourceIdentity"; -var _SN = "SerialNumber"; -var _ST = "SessionToken"; -var _T = "Tags"; -var _TC = "TokenCode"; -var _TTK = "TransitiveTagKeys"; -var _V = "Version"; -var _Va = "Value"; -var _WIT = "WebIdentityToken"; -var _a = "arn"; -var _m = "message"; -var buildFormUrlencodedString = /* @__PURE__ */ __name((formEntries) => Object.entries(formEntries).map(([key, value]) => (0, import_smithy_client3.extendedEncodeURIComponent)(key) + "=" + (0, import_smithy_client3.extendedEncodeURIComponent)(value)).join("&"), "buildFormUrlencodedString"); -var loadQueryErrorCode = /* @__PURE__ */ __name((output, data) => { - if (data.Error?.Code !== void 0) { - return data.Error.Code; - } - if (output.statusCode == 404) { - return "NotFound"; - } -}, "loadQueryErrorCode"); -// src/submodules/sts/commands/AssumeRoleCommand.ts -var AssumeRoleCommand = class extends import_smithy_client4.Command.classBuilder().ep(import_EndpointParameters.commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("AWSSecurityTokenServiceV20110615", "AssumeRole", {}).n("STSClient", "AssumeRoleCommand").f(void 0, AssumeRoleResponseFilterSensitiveLog).ser(se_AssumeRoleCommand).de(de_AssumeRoleCommand).build() { - static { - __name(this, "AssumeRoleCommand"); +// src/s3-express/classes/S3ExpressIdentityCacheEntry.ts +var S3ExpressIdentityCacheEntry = class { + /** + * @param identity - stored identity. + * @param accessed - timestamp of last access in epoch ms. + * @param isRefreshing - this key is currently in the process of being refreshed (background). + */ + constructor(_identity, isRefreshing = false, accessed = Date.now()) { + this._identity = _identity; + this.isRefreshing = isRefreshing; + this.accessed = accessed; } -}; - -// src/submodules/sts/commands/AssumeRoleWithWebIdentityCommand.ts -var import_middleware_endpoint2 = __nccwpck_require__(2918); -var import_middleware_serde2 = __nccwpck_require__(1238); -var import_smithy_client5 = __nccwpck_require__(3570); -var import_EndpointParameters2 = __nccwpck_require__(1765); -var AssumeRoleWithWebIdentityCommand = class extends import_smithy_client5.Command.classBuilder().ep(import_EndpointParameters2.commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde2.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint2.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("AWSSecurityTokenServiceV20110615", "AssumeRoleWithWebIdentity", {}).n("STSClient", "AssumeRoleWithWebIdentityCommand").f(AssumeRoleWithWebIdentityRequestFilterSensitiveLog, AssumeRoleWithWebIdentityResponseFilterSensitiveLog).ser(se_AssumeRoleWithWebIdentityCommand).de(de_AssumeRoleWithWebIdentityCommand).build() { static { - __name(this, "AssumeRoleWithWebIdentityCommand"); + __name(this, "S3ExpressIdentityCacheEntry"); } -}; - -// src/submodules/sts/STS.ts -var import_STSClient = __nccwpck_require__(8974); -var commands = { - AssumeRoleCommand, - AssumeRoleWithWebIdentityCommand -}; -var STS = class extends import_STSClient.STSClient { - static { - __name(this, "STS"); + get identity() { + this.accessed = Date.now(); + return this._identity; } }; -(0, import_smithy_client6.createAggregatedClient)(commands, STS); - -// src/submodules/sts/index.ts -var import_EndpointParameters3 = __nccwpck_require__(1765); -// src/submodules/sts/defaultStsRoleAssumers.ts -var import_client = __nccwpck_require__(2825); -var ASSUME_ROLE_DEFAULT_REGION = "us-east-1"; -var getAccountIdFromAssumedRoleUser = /* @__PURE__ */ __name((assumedRoleUser) => { - if (typeof assumedRoleUser?.Arn === "string") { - const arnComponents = assumedRoleUser.Arn.split(":"); - if (arnComponents.length > 4 && arnComponents[4] !== "") { - return arnComponents[4]; - } +// src/s3-express/classes/S3ExpressIdentityProviderImpl.ts +var S3ExpressIdentityProviderImpl = class _S3ExpressIdentityProviderImpl { + constructor(createSessionFn, cache = new S3ExpressIdentityCache()) { + this.createSessionFn = createSessionFn; + this.cache = cache; } - return void 0; -}, "getAccountIdFromAssumedRoleUser"); -var resolveRegion = /* @__PURE__ */ __name(async (_region, _parentRegion, credentialProviderLogger) => { - const region = typeof _region === "function" ? await _region() : _region; - const parentRegion = typeof _parentRegion === "function" ? await _parentRegion() : _parentRegion; - credentialProviderLogger?.debug?.( - "@aws-sdk/client-sts::resolveRegion", - "accepting first of:", - `${region} (provider)`, - `${parentRegion} (parent client)`, - `${ASSUME_ROLE_DEFAULT_REGION} (STS default)` - ); - return region ?? parentRegion ?? ASSUME_ROLE_DEFAULT_REGION; -}, "resolveRegion"); -var getDefaultRoleAssumer = /* @__PURE__ */ __name((stsOptions, STSClient3) => { - let stsClient; - let closureSourceCreds; - return async (sourceCreds, params) => { - closureSourceCreds = sourceCreds; - if (!stsClient) { - const { - logger = stsOptions?.parentClientConfig?.logger, - region, - requestHandler = stsOptions?.parentClientConfig?.requestHandler, - credentialProviderLogger - } = stsOptions; - const resolvedRegion = await resolveRegion( - region, - stsOptions?.parentClientConfig?.region, - credentialProviderLogger - ); - const isCompatibleRequestHandler = !isH2(requestHandler); - stsClient = new STSClient3({ - profile: stsOptions?.parentClientConfig?.profile, - // A hack to make sts client uses the credential in current closure. - credentialDefaultProvider: /* @__PURE__ */ __name(() => async () => closureSourceCreds, "credentialDefaultProvider"), - region: resolvedRegion, - requestHandler: isCompatibleRequestHandler ? requestHandler : void 0, - logger - }); - } - const { Credentials: Credentials2, AssumedRoleUser: AssumedRoleUser2 } = await stsClient.send(new AssumeRoleCommand(params)); - if (!Credentials2 || !Credentials2.AccessKeyId || !Credentials2.SecretAccessKey) { - throw new Error(`Invalid response from STS.assumeRole call with role ${params.RoleArn}`); - } - const accountId = getAccountIdFromAssumedRoleUser(AssumedRoleUser2); - const credentials = { - accessKeyId: Credentials2.AccessKeyId, - secretAccessKey: Credentials2.SecretAccessKey, - sessionToken: Credentials2.SessionToken, - expiration: Credentials2.Expiration, - // TODO(credentialScope): access normally when shape is updated. - ...Credentials2.CredentialScope && { credentialScope: Credentials2.CredentialScope }, - ...accountId && { accountId } - }; - (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_STS_ASSUME_ROLE", "i"); - return credentials; - }; -}, "getDefaultRoleAssumer"); -var getDefaultRoleAssumerWithWebIdentity = /* @__PURE__ */ __name((stsOptions, STSClient3) => { - let stsClient; - return async (params) => { - if (!stsClient) { - const { - logger = stsOptions?.parentClientConfig?.logger, - region, - requestHandler = stsOptions?.parentClientConfig?.requestHandler, - credentialProviderLogger - } = stsOptions; - const resolvedRegion = await resolveRegion( - region, - stsOptions?.parentClientConfig?.region, - credentialProviderLogger - ); - const isCompatibleRequestHandler = !isH2(requestHandler); - stsClient = new STSClient3({ - profile: stsOptions?.parentClientConfig?.profile, - region: resolvedRegion, - requestHandler: isCompatibleRequestHandler ? requestHandler : void 0, - logger + static { + __name(this, "S3ExpressIdentityProviderImpl"); + } + static REFRESH_WINDOW_MS = 6e4; + async getS3ExpressIdentity(awsIdentity, identityProperties) { + const key = identityProperties.Bucket; + const { cache } = this; + const entry = cache.get(key); + if (entry) { + return entry.identity.then((identity) => { + const isExpired = (identity.expiration?.getTime() ?? 0) < Date.now(); + if (isExpired) { + return cache.set(key, new S3ExpressIdentityCacheEntry(this.getIdentity(key))).identity; + } + const isExpiringSoon = (identity.expiration?.getTime() ?? 0) < Date.now() + _S3ExpressIdentityProviderImpl.REFRESH_WINDOW_MS; + if (isExpiringSoon && !entry.isRefreshing) { + entry.isRefreshing = true; + this.getIdentity(key).then((id) => { + cache.set(key, new S3ExpressIdentityCacheEntry(Promise.resolve(id))); + }); + } + return identity; }); } - const { Credentials: Credentials2, AssumedRoleUser: AssumedRoleUser2 } = await stsClient.send(new AssumeRoleWithWebIdentityCommand(params)); - if (!Credentials2 || !Credentials2.AccessKeyId || !Credentials2.SecretAccessKey) { - throw new Error(`Invalid response from STS.assumeRoleWithWebIdentity call with role ${params.RoleArn}`); - } - const accountId = getAccountIdFromAssumedRoleUser(AssumedRoleUser2); - const credentials = { - accessKeyId: Credentials2.AccessKeyId, - secretAccessKey: Credentials2.SecretAccessKey, - sessionToken: Credentials2.SessionToken, - expiration: Credentials2.Expiration, - // TODO(credentialScope): access normally when shape is updated. - ...Credentials2.CredentialScope && { credentialScope: Credentials2.CredentialScope }, - ...accountId && { accountId } - }; - if (accountId) { - (0, import_client.setCredentialFeature)(credentials, "RESOLVED_ACCOUNT_ID", "T"); + return cache.set(key, new S3ExpressIdentityCacheEntry(this.getIdentity(key))).identity; + } + async getIdentity(key) { + await this.cache.purgeExpired().catch((error) => { + console.warn("Error while clearing expired entries in S3ExpressIdentityCache: \n" + error); + }); + const session = await this.createSessionFn(key); + if (!session.Credentials?.AccessKeyId || !session.Credentials?.SecretAccessKey) { + throw new Error("s3#createSession response credential missing AccessKeyId or SecretAccessKey."); } - (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_STS_ASSUME_ROLE_WEB_ID", "k"); - return credentials; - }; -}, "getDefaultRoleAssumerWithWebIdentity"); -var isH2 = /* @__PURE__ */ __name((requestHandler) => { - return requestHandler?.metadata?.handlerProtocol === "h2"; -}, "isH2"); - -// src/submodules/sts/defaultRoleAssumers.ts -var import_STSClient2 = __nccwpck_require__(8974); -var getCustomizableStsClientCtor = /* @__PURE__ */ __name((baseCtor, customizations) => { - if (!customizations) return baseCtor; - else - return class CustomizableSTSClient extends baseCtor { - static { - __name(this, "CustomizableSTSClient"); - } - constructor(config) { - super(config); - for (const customization of customizations) { - this.middlewareStack.use(customization); - } - } + const identity = { + accessKeyId: session.Credentials.AccessKeyId, + secretAccessKey: session.Credentials.SecretAccessKey, + sessionToken: session.Credentials.SessionToken, + expiration: session.Credentials.Expiration ? new Date(session.Credentials.Expiration) : void 0 }; -}, "getCustomizableStsClientCtor"); -var getDefaultRoleAssumer2 = /* @__PURE__ */ __name((stsOptions = {}, stsPlugins) => getDefaultRoleAssumer(stsOptions, getCustomizableStsClientCtor(import_STSClient2.STSClient, stsPlugins)), "getDefaultRoleAssumer"); -var getDefaultRoleAssumerWithWebIdentity2 = /* @__PURE__ */ __name((stsOptions = {}, stsPlugins) => getDefaultRoleAssumerWithWebIdentity(stsOptions, getCustomizableStsClientCtor(import_STSClient2.STSClient, stsPlugins)), "getDefaultRoleAssumerWithWebIdentity"); -var decorateDefaultCredentialProvider = /* @__PURE__ */ __name((provider) => (input) => provider({ - roleAssumer: getDefaultRoleAssumer2(input), - roleAssumerWithWebIdentity: getDefaultRoleAssumerWithWebIdentity2(input), - ...input -}), "decorateDefaultCredentialProvider"); -// Annotate the CommonJS export names for ESM import in node: -0 && (0); + return identity; + } +}; +// src/s3-express/classes/SignatureV4S3Express.ts +var import_signature_v4 = __nccwpck_require__(1528); -/***/ }), +// src/s3-express/constants.ts +var import_util_config_provider = __nccwpck_require__(3375); +var S3_EXPRESS_BUCKET_TYPE = "Directory"; +var S3_EXPRESS_BACKEND = "S3Express"; +var S3_EXPRESS_AUTH_SCHEME = "sigv4-s3express"; +var SESSION_TOKEN_QUERY_PARAM = "X-Amz-S3session-Token"; +var SESSION_TOKEN_HEADER = SESSION_TOKEN_QUERY_PARAM.toLowerCase(); +var NODE_DISABLE_S3_EXPRESS_SESSION_AUTH_ENV_NAME = "AWS_S3_DISABLE_EXPRESS_SESSION_AUTH"; +var NODE_DISABLE_S3_EXPRESS_SESSION_AUTH_INI_NAME = "s3_disable_express_session_auth"; +var NODE_DISABLE_S3_EXPRESS_SESSION_AUTH_OPTIONS = { + environmentVariableSelector: /* @__PURE__ */ __name((env) => (0, import_util_config_provider.booleanSelector)(env, NODE_DISABLE_S3_EXPRESS_SESSION_AUTH_ENV_NAME, import_util_config_provider.SelectorType.ENV), "environmentVariableSelector"), + configFileSelector: /* @__PURE__ */ __name((profile) => (0, import_util_config_provider.booleanSelector)(profile, NODE_DISABLE_S3_EXPRESS_SESSION_AUTH_INI_NAME, import_util_config_provider.SelectorType.CONFIG), "configFileSelector"), + default: false +}; -/***/ 1798: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { +// src/s3-express/classes/SignatureV4S3Express.ts +var SignatureV4S3Express = class extends import_signature_v4.SignatureV4 { + static { + __name(this, "SignatureV4S3Express"); + } + /** + * Signs with alternate provided credentials instead of those provided in the + * constructor. + * + * Additionally omits the credential sessionToken and assigns it to the + * alternate header field for S3 Express. + */ + async signWithCredentials(requestToSign, credentials, options) { + const credentialsWithoutSessionToken = getCredentialsWithoutSessionToken(credentials); + requestToSign.headers[SESSION_TOKEN_HEADER] = credentials.sessionToken; + const privateAccess = this; + setSingleOverride(privateAccess, credentialsWithoutSessionToken); + return privateAccess.signRequest(requestToSign, options ?? {}); + } + /** + * Similar to {@link SignatureV4S3Express#signWithCredentials} but for presigning. + */ + async presignWithCredentials(requestToSign, credentials, options) { + const credentialsWithoutSessionToken = getCredentialsWithoutSessionToken(credentials); + delete requestToSign.headers[SESSION_TOKEN_HEADER]; + requestToSign.headers[SESSION_TOKEN_QUERY_PARAM] = credentials.sessionToken; + requestToSign.query = requestToSign.query ?? {}; + requestToSign.query[SESSION_TOKEN_QUERY_PARAM] = credentials.sessionToken; + const privateAccess = this; + setSingleOverride(privateAccess, credentialsWithoutSessionToken); + return this.presign(requestToSign, options); + } +}; +function getCredentialsWithoutSessionToken(credentials) { + const credentialsWithoutSessionToken = { + accessKeyId: credentials.accessKeyId, + secretAccessKey: credentials.secretAccessKey, + expiration: credentials.expiration + }; + return credentialsWithoutSessionToken; +} +__name(getCredentialsWithoutSessionToken, "getCredentialsWithoutSessionToken"); +function setSingleOverride(privateAccess, credentialsWithoutSessionToken) { + const id = setTimeout(() => { + throw new Error("SignatureV4S3Express credential override was created but not called."); + }, 10); + const currentCredentialProvider = privateAccess.credentialProvider; + const overrideCredentialsProviderOnce = /* @__PURE__ */ __name(() => { + clearTimeout(id); + privateAccess.credentialProvider = currentCredentialProvider; + return Promise.resolve(credentialsWithoutSessionToken); + }, "overrideCredentialsProviderOnce"); + privateAccess.credentialProvider = overrideCredentialsProviderOnce; +} +__name(setSingleOverride, "setSingleOverride"); -"use strict"; +// src/s3-express/functions/s3ExpressMiddleware.ts +var import_core = __nccwpck_require__(9963); -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.getRuntimeConfig = void 0; -const tslib_1 = __nccwpck_require__(4351); -const package_json_1 = tslib_1.__importDefault(__nccwpck_require__(8842)); -const core_1 = __nccwpck_require__(9963); -const util_user_agent_node_1 = __nccwpck_require__(8095); -const config_resolver_1 = __nccwpck_require__(3098); -const core_2 = __nccwpck_require__(5829); -const hash_node_1 = __nccwpck_require__(3081); -const middleware_retry_1 = __nccwpck_require__(6039); -const node_config_provider_1 = __nccwpck_require__(3461); -const node_http_handler_1 = __nccwpck_require__(258); -const util_body_length_node_1 = __nccwpck_require__(8075); -const util_retry_1 = __nccwpck_require__(4902); -const runtimeConfig_shared_1 = __nccwpck_require__(5238); -const smithy_client_1 = __nccwpck_require__(3570); -const util_defaults_mode_node_1 = __nccwpck_require__(2429); -const smithy_client_2 = __nccwpck_require__(3570); -const getRuntimeConfig = (config) => { - (0, smithy_client_2.emitWarningIfUnsupportedVersion)(process.version); - const defaultsMode = (0, util_defaults_mode_node_1.resolveDefaultsModeConfig)(config); - const defaultConfigProvider = () => defaultsMode().then(smithy_client_1.loadConfigsForDefaultMode); - const clientSharedValues = (0, runtimeConfig_shared_1.getRuntimeConfig)(config); - (0, core_1.emitWarningIfUnsupportedVersion)(process.version); - const loaderConfig = { - profile: config?.profile, - logger: clientSharedValues.logger, - }; - return { - ...clientSharedValues, - ...config, - runtime: "node", - defaultsMode, - authSchemePreference: config?.authSchemePreference ?? (0, node_config_provider_1.loadConfig)(core_1.NODE_AUTH_SCHEME_PREFERENCE_OPTIONS, loaderConfig), - bodyLengthChecker: config?.bodyLengthChecker ?? util_body_length_node_1.calculateBodyLength, - defaultUserAgentProvider: config?.defaultUserAgentProvider ?? - (0, util_user_agent_node_1.createDefaultUserAgentProvider)({ serviceId: clientSharedValues.serviceId, clientVersion: package_json_1.default.version }), - httpAuthSchemes: config?.httpAuthSchemes ?? [ - { - schemeId: "aws.auth#sigv4", - identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4") || - (async (idProps) => await config.credentialDefaultProvider(idProps?.__config || {})()), - signer: new core_1.AwsSdkSigV4Signer(), - }, +var s3ExpressMiddleware = /* @__PURE__ */ __name((options) => { + return (next, context) => async (args) => { + if (context.endpointV2) { + const endpoint = context.endpointV2; + const isS3ExpressAuth = endpoint.properties?.authSchemes?.[0]?.name === S3_EXPRESS_AUTH_SCHEME; + const isS3ExpressBucket = endpoint.properties?.backend === S3_EXPRESS_BACKEND || endpoint.properties?.bucketType === S3_EXPRESS_BUCKET_TYPE; + if (isS3ExpressBucket) { + (0, import_core.setFeature)(context, "S3_EXPRESS_BUCKET", "J"); + context.isS3ExpressBucket = true; + } + if (isS3ExpressAuth) { + const requestBucket = args.input.Bucket; + if (requestBucket) { + const s3ExpressIdentity = await options.s3ExpressIdentityProvider.getS3ExpressIdentity( + await options.credentials(), { - schemeId: "smithy.api#noAuth", - identityProvider: (ipc) => ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})), - signer: new core_2.NoAuthSigner(), - }, - ], - maxAttempts: config?.maxAttempts ?? (0, node_config_provider_1.loadConfig)(middleware_retry_1.NODE_MAX_ATTEMPT_CONFIG_OPTIONS, config), - region: config?.region ?? - (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_REGION_CONFIG_OPTIONS, { ...config_resolver_1.NODE_REGION_CONFIG_FILE_OPTIONS, ...loaderConfig }), - requestHandler: node_http_handler_1.NodeHttpHandler.create(config?.requestHandler ?? defaultConfigProvider), - retryMode: config?.retryMode ?? - (0, node_config_provider_1.loadConfig)({ - ...middleware_retry_1.NODE_RETRY_MODE_CONFIG_OPTIONS, - default: async () => (await defaultConfigProvider()).retryMode || util_retry_1.DEFAULT_RETRY_MODE, - }, config), - sha256: config?.sha256 ?? hash_node_1.Hash.bind(null, "sha256"), - streamCollector: config?.streamCollector ?? node_http_handler_1.streamCollector, - useDualstackEndpoint: config?.useDualstackEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS, loaderConfig), - useFipsEndpoint: config?.useFipsEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS, loaderConfig), - userAgentAppId: config?.userAgentAppId ?? (0, node_config_provider_1.loadConfig)(util_user_agent_node_1.NODE_APP_ID_CONFIG_OPTIONS, loaderConfig), - }; + Bucket: requestBucket + } + ); + context.s3ExpressIdentity = s3ExpressIdentity; + if (import_protocol_http.HttpRequest.isInstance(args.request) && s3ExpressIdentity.sessionToken) { + args.request.headers[SESSION_TOKEN_HEADER] = s3ExpressIdentity.sessionToken; + } + } + } + } + return next(args); + }; +}, "s3ExpressMiddleware"); +var s3ExpressMiddlewareOptions = { + name: "s3ExpressMiddleware", + step: "build", + tags: ["S3", "S3_EXPRESS"], + override: true }; -exports.getRuntimeConfig = getRuntimeConfig; +var getS3ExpressPlugin = /* @__PURE__ */ __name((options) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.add(s3ExpressMiddleware(options), s3ExpressMiddlewareOptions); + }, "applyToStack") +}), "getS3ExpressPlugin"); +// src/s3-express/functions/s3ExpressHttpSigningMiddleware.ts +var import_core2 = __nccwpck_require__(5829); -/***/ }), +var import_util_middleware = __nccwpck_require__(2390); -/***/ 5238: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { +// src/s3-express/functions/signS3Express.ts +var signS3Express = /* @__PURE__ */ __name(async (s3ExpressIdentity, signingOptions, request, sigV4MultiRegionSigner) => { + const signedRequest = await sigV4MultiRegionSigner.signWithCredentials(request, s3ExpressIdentity, {}); + if (signedRequest.headers["X-Amz-Security-Token"] || signedRequest.headers["x-amz-security-token"]) { + throw new Error("X-Amz-Security-Token must not be set for s3-express requests."); + } + return signedRequest; +}, "signS3Express"); -"use strict"; +// src/s3-express/functions/s3ExpressHttpSigningMiddleware.ts +var defaultErrorHandler = /* @__PURE__ */ __name((signingProperties) => (error) => { + throw error; +}, "defaultErrorHandler"); +var defaultSuccessHandler = /* @__PURE__ */ __name((httpResponse, signingProperties) => { +}, "defaultSuccessHandler"); +var s3ExpressHttpSigningMiddlewareOptions = import_core2.httpSigningMiddlewareOptions; +var s3ExpressHttpSigningMiddleware = /* @__PURE__ */ __name((config) => (next, context) => async (args) => { + if (!import_protocol_http.HttpRequest.isInstance(args.request)) { + return next(args); + } + const smithyContext = (0, import_util_middleware.getSmithyContext)(context); + const scheme = smithyContext.selectedHttpAuthScheme; + if (!scheme) { + throw new Error(`No HttpAuthScheme was selected: unable to sign request`); + } + const { + httpAuthOption: { signingProperties = {} }, + identity, + signer + } = scheme; + let request; + if (context.s3ExpressIdentity) { + request = await signS3Express( + context.s3ExpressIdentity, + signingProperties, + args.request, + await config.signer() + ); + } else { + request = await signer.sign(args.request, identity, signingProperties); + } + const output = await next({ + ...args, + request + }).catch((signer.errorHandler || defaultErrorHandler)(signingProperties)); + (signer.successHandler || defaultSuccessHandler)(output.response, signingProperties); + return output; +}, "s3ExpressHttpSigningMiddleware"); +var getS3ExpressHttpSigningPlugin = /* @__PURE__ */ __name((config) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.addRelativeTo( + s3ExpressHttpSigningMiddleware(config), + import_core2.httpSigningMiddlewareOptions + ); + }, "applyToStack") +}), "getS3ExpressHttpSigningPlugin"); -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.getRuntimeConfig = void 0; -const core_1 = __nccwpck_require__(9963); -const core_2 = __nccwpck_require__(5829); -const smithy_client_1 = __nccwpck_require__(3570); -const url_parser_1 = __nccwpck_require__(4681); -const util_base64_1 = __nccwpck_require__(5600); -const util_utf8_1 = __nccwpck_require__(1895); -const httpAuthSchemeProvider_1 = __nccwpck_require__(8013); -const endpointResolver_1 = __nccwpck_require__(7561); -const getRuntimeConfig = (config) => { - return { - apiVersion: "2011-06-15", - base64Decoder: config?.base64Decoder ?? util_base64_1.fromBase64, - base64Encoder: config?.base64Encoder ?? util_base64_1.toBase64, - disableHostPrefix: config?.disableHostPrefix ?? false, - endpointProvider: config?.endpointProvider ?? endpointResolver_1.defaultEndpointResolver, - extensions: config?.extensions ?? [], - httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? httpAuthSchemeProvider_1.defaultSTSHttpAuthSchemeProvider, - httpAuthSchemes: config?.httpAuthSchemes ?? [ - { - schemeId: "aws.auth#sigv4", - identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4"), - signer: new core_1.AwsSdkSigV4Signer(), - }, - { - schemeId: "smithy.api#noAuth", - identityProvider: (ipc) => ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})), - signer: new core_2.NoAuthSigner(), - }, - ], - logger: config?.logger ?? new smithy_client_1.NoOpLogger(), - serviceId: config?.serviceId ?? "STS", - urlParser: config?.urlParser ?? url_parser_1.parseUrl, - utf8Decoder: config?.utf8Decoder ?? util_utf8_1.fromUtf8, - utf8Encoder: config?.utf8Encoder ?? util_utf8_1.toUtf8, - }; +// src/s3Configuration.ts +var resolveS3Config = /* @__PURE__ */ __name((input, { + session +}) => { + const [s3ClientProvider, CreateSessionCommandCtor] = session; + const { + forcePathStyle, + useAccelerateEndpoint, + disableMultiregionAccessPoints, + followRegionRedirects, + s3ExpressIdentityProvider, + bucketEndpoint + } = input; + return Object.assign(input, { + forcePathStyle: forcePathStyle ?? false, + useAccelerateEndpoint: useAccelerateEndpoint ?? false, + disableMultiregionAccessPoints: disableMultiregionAccessPoints ?? false, + followRegionRedirects: followRegionRedirects ?? false, + s3ExpressIdentityProvider: s3ExpressIdentityProvider ?? new S3ExpressIdentityProviderImpl( + async (key) => s3ClientProvider().send( + new CreateSessionCommandCtor({ + Bucket: key + }) + ) + ), + bucketEndpoint: bucketEndpoint ?? false + }); +}, "resolveS3Config"); + +// src/throw-200-exceptions.ts + +var import_util_stream = __nccwpck_require__(6607); +var THROW_IF_EMPTY_BODY = { + CopyObjectCommand: true, + UploadPartCopyCommand: true, + CompleteMultipartUploadCommand: true }; -exports.getRuntimeConfig = getRuntimeConfig; +var MAX_BYTES_TO_INSPECT = 3e3; +var throw200ExceptionsMiddleware = /* @__PURE__ */ __name((config) => (next, context) => async (args) => { + const result = await next(args); + const { response } = result; + if (!import_protocol_http.HttpResponse.isInstance(response)) { + return result; + } + const { statusCode, body: sourceBody } = response; + if (statusCode < 200 || statusCode >= 300) { + return result; + } + const isSplittableStream = typeof sourceBody?.stream === "function" || typeof sourceBody?.pipe === "function" || typeof sourceBody?.tee === "function"; + if (!isSplittableStream) { + return result; + } + let bodyCopy = sourceBody; + let body = sourceBody; + if (sourceBody && typeof sourceBody === "object" && !(sourceBody instanceof Uint8Array)) { + [bodyCopy, body] = await (0, import_util_stream.splitStream)(sourceBody); + } + response.body = body; + const bodyBytes = await collectBody(bodyCopy, { + streamCollector: /* @__PURE__ */ __name(async (stream) => { + return (0, import_util_stream.headStream)(stream, MAX_BYTES_TO_INSPECT); + }, "streamCollector") + }); + if (typeof bodyCopy?.destroy === "function") { + bodyCopy.destroy(); + } + const bodyStringTail = config.utf8Encoder(bodyBytes.subarray(bodyBytes.length - 16)); + if (bodyBytes.length === 0 && THROW_IF_EMPTY_BODY[context.commandName]) { + const err = new Error("S3 aborted request"); + err.name = "InternalError"; + throw err; + } + if (bodyStringTail && bodyStringTail.endsWith("")) { + response.statusCode = 400; + } + return result; +}, "throw200ExceptionsMiddleware"); +var collectBody = /* @__PURE__ */ __name((streamBody = new Uint8Array(), context) => { + if (streamBody instanceof Uint8Array) { + return Promise.resolve(streamBody); + } + return context.streamCollector(streamBody) || Promise.resolve(new Uint8Array()); +}, "collectBody"); +var throw200ExceptionsMiddlewareOptions = { + relation: "after", + toMiddleware: "deserializerMiddleware", + tags: ["THROW_200_EXCEPTIONS", "S3"], + name: "throw200ExceptionsMiddleware", + override: true +}; +var getThrow200ExceptionsPlugin = /* @__PURE__ */ __name((config) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.addRelativeTo(throw200ExceptionsMiddleware(config), throw200ExceptionsMiddlewareOptions); + }, "applyToStack") +}), "getThrow200ExceptionsPlugin"); +// src/validate-bucket-name.ts +var import_util_arn_parser = __nccwpck_require__(5487); -/***/ }), +// src/bucket-endpoint-middleware.ts +function bucketEndpointMiddleware(options) { + return (next, context) => async (args) => { + if (options.bucketEndpoint) { + const endpoint = context.endpointV2; + if (endpoint) { + const bucket = args.input.Bucket; + if (typeof bucket === "string") { + try { + const bucketEndpointUrl = new URL(bucket); + context.endpointV2 = { + ...endpoint, + url: bucketEndpointUrl + }; + } catch (e) { + const warning = `@aws-sdk/middleware-sdk-s3: bucketEndpoint=true was set but Bucket=${bucket} could not be parsed as URL.`; + if (context.logger?.constructor?.name === "NoOpLogger") { + console.warn(warning); + } else { + context.logger?.warn?.(warning); + } + throw e; + } + } + } + } + return next(args); + }; +} +__name(bucketEndpointMiddleware, "bucketEndpointMiddleware"); +var bucketEndpointMiddlewareOptions = { + name: "bucketEndpointMiddleware", + override: true, + relation: "after", + toMiddleware: "endpointV2Middleware" +}; -/***/ 669: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { +// src/validate-bucket-name.ts +function validateBucketNameMiddleware({ bucketEndpoint }) { + return (next) => async (args) => { + const { + input: { Bucket } + } = args; + if (!bucketEndpoint && typeof Bucket === "string" && !(0, import_util_arn_parser.validate)(Bucket) && Bucket.indexOf("/") >= 0) { + const err = new Error(`Bucket name shouldn't contain '/', received '${Bucket}'`); + err.name = "InvalidBucketName"; + throw err; + } + return next({ ...args }); + }; +} +__name(validateBucketNameMiddleware, "validateBucketNameMiddleware"); +var validateBucketNameMiddlewareOptions = { + step: "initialize", + tags: ["VALIDATE_BUCKET_NAME"], + name: "validateBucketNameMiddleware", + override: true +}; +var getValidateBucketNamePlugin = /* @__PURE__ */ __name((options) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.add(validateBucketNameMiddleware(options), validateBucketNameMiddlewareOptions); + clientStack.addRelativeTo(bucketEndpointMiddleware(options), bucketEndpointMiddlewareOptions); + }, "applyToStack") +}), "getValidateBucketNamePlugin"); +// Annotate the CommonJS export names for ESM import in node: -"use strict"; +0 && (0); -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.resolveRuntimeExtensions = void 0; -const region_config_resolver_1 = __nccwpck_require__(8156); -const protocol_http_1 = __nccwpck_require__(4418); -const smithy_client_1 = __nccwpck_require__(3570); -const httpAuthExtensionConfiguration_1 = __nccwpck_require__(4935); -const resolveRuntimeExtensions = (runtimeConfig, extensions) => { - const extensionConfiguration = Object.assign((0, region_config_resolver_1.getAwsRegionExtensionConfiguration)(runtimeConfig), (0, smithy_client_1.getDefaultExtensionConfiguration)(runtimeConfig), (0, protocol_http_1.getHttpHandlerExtensionConfiguration)(runtimeConfig), (0, httpAuthExtensionConfiguration_1.getHttpAuthExtensionConfiguration)(runtimeConfig)); - extensions.forEach((extension) => extension.configure(extensionConfiguration)); - return Object.assign(runtimeConfig, (0, region_config_resolver_1.resolveAwsRegionExtensionConfiguration)(extensionConfiguration), (0, smithy_client_1.resolveDefaultRuntimeConfig)(extensionConfiguration), (0, protocol_http_1.resolveHttpHandlerRuntimeConfig)(extensionConfiguration), (0, httpAuthExtensionConfiguration_1.resolveHttpAuthRuntimeConfig)(extensionConfiguration)); -}; -exports.resolveRuntimeExtensions = resolveRuntimeExtensions; /***/ }), -/***/ 8156: +/***/ 9718: /***/ ((module) => { "use strict"; @@ -55621,76 +40185,74 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru // src/index.ts var index_exports = {}; __export(index_exports, { - NODE_REGION_CONFIG_FILE_OPTIONS: () => NODE_REGION_CONFIG_FILE_OPTIONS, - NODE_REGION_CONFIG_OPTIONS: () => NODE_REGION_CONFIG_OPTIONS, - REGION_ENV_NAME: () => REGION_ENV_NAME, - REGION_INI_NAME: () => REGION_INI_NAME, - getAwsRegionExtensionConfiguration: () => getAwsRegionExtensionConfiguration, - resolveAwsRegionExtensionConfiguration: () => resolveAwsRegionExtensionConfiguration, - resolveRegionConfig: () => resolveRegionConfig + getSsecPlugin: () => getSsecPlugin, + isValidBase64EncodedSSECustomerKey: () => isValidBase64EncodedSSECustomerKey, + ssecMiddleware: () => ssecMiddleware, + ssecMiddlewareOptions: () => ssecMiddlewareOptions }); module.exports = __toCommonJS(index_exports); - -// src/extensions/index.ts -var getAwsRegionExtensionConfiguration = /* @__PURE__ */ __name((runtimeConfig) => { - return { - setRegion(region) { - runtimeConfig.region = region; - }, - region() { - return runtimeConfig.region; +function ssecMiddleware(options) { + return (next) => async (args) => { + const input = { ...args.input }; + const properties = [ + { + target: "SSECustomerKey", + hash: "SSECustomerKeyMD5" + }, + { + target: "CopySourceSSECustomerKey", + hash: "CopySourceSSECustomerKeyMD5" + } + ]; + for (const prop of properties) { + const value = input[prop.target]; + if (value) { + let valueForHash; + if (typeof value === "string") { + if (isValidBase64EncodedSSECustomerKey(value, options)) { + valueForHash = options.base64Decoder(value); + } else { + valueForHash = options.utf8Decoder(value); + input[prop.target] = options.base64Encoder(valueForHash); + } + } else { + valueForHash = ArrayBuffer.isView(value) ? new Uint8Array(value.buffer, value.byteOffset, value.byteLength) : new Uint8Array(value); + input[prop.target] = options.base64Encoder(valueForHash); + } + const hash = new options.md5(); + hash.update(valueForHash); + input[prop.hash] = options.base64Encoder(await hash.digest()); + } } + return next({ + ...args, + input + }); }; -}, "getAwsRegionExtensionConfiguration"); -var resolveAwsRegionExtensionConfiguration = /* @__PURE__ */ __name((awsRegionExtensionConfiguration) => { - return { - region: awsRegionExtensionConfiguration.region() - }; -}, "resolveAwsRegionExtensionConfiguration"); - -// src/regionConfig/config.ts -var REGION_ENV_NAME = "AWS_REGION"; -var REGION_INI_NAME = "region"; -var NODE_REGION_CONFIG_OPTIONS = { - environmentVariableSelector: /* @__PURE__ */ __name((env) => env[REGION_ENV_NAME], "environmentVariableSelector"), - configFileSelector: /* @__PURE__ */ __name((profile) => profile[REGION_INI_NAME], "configFileSelector"), - default: /* @__PURE__ */ __name(() => { - throw new Error("Region is missing"); - }, "default") -}; -var NODE_REGION_CONFIG_FILE_OPTIONS = { - preferredFile: "credentials" +} +__name(ssecMiddleware, "ssecMiddleware"); +var ssecMiddlewareOptions = { + name: "ssecMiddleware", + step: "initialize", + tags: ["SSE"], + override: true }; - -// src/regionConfig/isFipsRegion.ts -var isFipsRegion = /* @__PURE__ */ __name((region) => typeof region === "string" && (region.startsWith("fips-") || region.endsWith("-fips")), "isFipsRegion"); - -// src/regionConfig/getRealRegion.ts -var getRealRegion = /* @__PURE__ */ __name((region) => isFipsRegion(region) ? ["fips-aws-global", "aws-fips"].includes(region) ? "us-east-1" : region.replace(/fips-(dkr-|prod-)?|-fips/, "") : region, "getRealRegion"); - -// src/regionConfig/resolveRegionConfig.ts -var resolveRegionConfig = /* @__PURE__ */ __name((input) => { - const { region, useFipsEndpoint } = input; - if (!region) { - throw new Error("Region is missing"); +var getSsecPlugin = /* @__PURE__ */ __name((config) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.add(ssecMiddleware(config), ssecMiddlewareOptions); + }, "applyToStack") +}), "getSsecPlugin"); +function isValidBase64EncodedSSECustomerKey(str, options) { + const base64Regex = /^(?:[A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/; + if (!base64Regex.test(str)) return false; + try { + const decodedBytes = options.base64Decoder(str); + return decodedBytes.length === 32; + } catch { + return false; } - return Object.assign(input, { - region: /* @__PURE__ */ __name(async () => { - if (typeof region === "string") { - return getRealRegion(region); - } - const providedRegion = await region(); - return getRealRegion(providedRegion); - }, "region"), - useFipsEndpoint: /* @__PURE__ */ __name(async () => { - const providedRegion = typeof region === "string" ? region : await region(); - if (isFipsRegion(providedRegion)) { - return true; - } - return typeof useFipsEndpoint !== "function" ? Promise.resolve(!!useFipsEndpoint) : useFipsEndpoint(); - }, "useFipsEndpoint") - }); -}, "resolveRegionConfig"); +} +__name(isValidBase64EncodedSSECustomerKey, "isValidBase64EncodedSSECustomerKey"); // Annotate the CommonJS export names for ESM import in node: 0 && (0); @@ -55699,7 +40261,7 @@ var resolveRegionConfig = /* @__PURE__ */ __name((input) => { /***/ }), -/***/ 1856: +/***/ 4688: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; @@ -55726,144 +40288,321 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru // src/index.ts var index_exports = {}; __export(index_exports, { - SignatureV4MultiRegion: () => SignatureV4MultiRegion, - signatureV4CrtContainer: () => signatureV4CrtContainer + DEFAULT_UA_APP_ID: () => DEFAULT_UA_APP_ID, + getUserAgentMiddlewareOptions: () => getUserAgentMiddlewareOptions, + getUserAgentPlugin: () => getUserAgentPlugin, + resolveUserAgentConfig: () => resolveUserAgentConfig, + userAgentMiddleware: () => userAgentMiddleware }); module.exports = __toCommonJS(index_exports); -// src/SignatureV4MultiRegion.ts -var import_middleware_sdk_s3 = __nccwpck_require__(1139); -var import_signature_v4 = __nccwpck_require__(1528); +// src/configurations.ts +var import_core = __nccwpck_require__(5829); +var DEFAULT_UA_APP_ID = void 0; +function isValidUserAgentAppId(appId) { + if (appId === void 0) { + return true; + } + return typeof appId === "string" && appId.length <= 50; +} +__name(isValidUserAgentAppId, "isValidUserAgentAppId"); +function resolveUserAgentConfig(input) { + const normalizedAppIdProvider = (0, import_core.normalizeProvider)(input.userAgentAppId ?? DEFAULT_UA_APP_ID); + const { customUserAgent } = input; + return Object.assign(input, { + customUserAgent: typeof customUserAgent === "string" ? [[customUserAgent]] : customUserAgent, + userAgentAppId: /* @__PURE__ */ __name(async () => { + const appId = await normalizedAppIdProvider(); + if (!isValidUserAgentAppId(appId)) { + const logger = input.logger?.constructor?.name === "NoOpLogger" || !input.logger ? console : input.logger; + if (typeof appId !== "string") { + logger?.warn("userAgentAppId must be a string or undefined."); + } else if (appId.length > 50) { + logger?.warn("The provided userAgentAppId exceeds the maximum length of 50 characters."); + } + } + return appId; + }, "userAgentAppId") + }); +} +__name(resolveUserAgentConfig, "resolveUserAgentConfig"); -// src/signature-v4-crt-container.ts -var signatureV4CrtContainer = { - CrtSignerV4: null -}; +// src/user-agent-middleware.ts +var import_util_endpoints = __nccwpck_require__(3350); +var import_protocol_http = __nccwpck_require__(4418); -// src/SignatureV4MultiRegion.ts -var SignatureV4MultiRegion = class { - static { - __name(this, "SignatureV4MultiRegion"); +// src/check-features.ts +var import_core2 = __nccwpck_require__(9963); +var ACCOUNT_ID_ENDPOINT_REGEX = /\d{12}\.ddb/; +async function checkFeatures(context, config, args) { + const request = args.request; + if (request?.headers?.["smithy-protocol"] === "rpc-v2-cbor") { + (0, import_core2.setFeature)(context, "PROTOCOL_RPC_V2_CBOR", "M"); } - sigv4aSigner; - sigv4Signer; - signerOptions; - static sigv4aDependency() { - if (typeof signatureV4CrtContainer.CrtSignerV4 === "function") { - return "crt"; - } else if (typeof import_signature_v4.signatureV4aContainer.SignatureV4a === "function") { - return "js"; + if (typeof config.retryStrategy === "function") { + const retryStrategy = await config.retryStrategy(); + if (typeof retryStrategy.acquireInitialRetryToken === "function") { + if (retryStrategy.constructor?.name?.includes("Adaptive")) { + (0, import_core2.setFeature)(context, "RETRY_MODE_ADAPTIVE", "F"); + } else { + (0, import_core2.setFeature)(context, "RETRY_MODE_STANDARD", "E"); + } + } else { + (0, import_core2.setFeature)(context, "RETRY_MODE_LEGACY", "D"); } - return "none"; - } - constructor(options) { - this.sigv4Signer = new import_middleware_sdk_s3.SignatureV4S3Express(options); - this.signerOptions = options; } - async sign(requestToSign, options = {}) { - if (options.signingRegion === "*") { - return this.getSigv4aSigner().sign(requestToSign, options); + if (typeof config.accountIdEndpointMode === "function") { + const endpointV2 = context.endpointV2; + if (String(endpointV2?.url?.hostname).match(ACCOUNT_ID_ENDPOINT_REGEX)) { + (0, import_core2.setFeature)(context, "ACCOUNT_ID_ENDPOINT", "O"); + } + switch (await config.accountIdEndpointMode?.()) { + case "disabled": + (0, import_core2.setFeature)(context, "ACCOUNT_ID_MODE_DISABLED", "Q"); + break; + case "preferred": + (0, import_core2.setFeature)(context, "ACCOUNT_ID_MODE_PREFERRED", "P"); + break; + case "required": + (0, import_core2.setFeature)(context, "ACCOUNT_ID_MODE_REQUIRED", "R"); + break; } - return this.sigv4Signer.sign(requestToSign, options); } - /** - * Sign with alternate credentials to the ones provided in the constructor. - * Note: This is only supported for SigV4a when using the CRT implementation. - */ - async signWithCredentials(requestToSign, credentials, options = {}) { - if (options.signingRegion === "*") { - const signer = this.getSigv4aSigner(); - const CrtSignerV4 = signatureV4CrtContainer.CrtSignerV4; - if (CrtSignerV4 && signer instanceof CrtSignerV4) { - return signer.signWithCredentials(requestToSign, credentials, options); - } else { - throw new Error( - `signWithCredentials with signingRegion '*' is only supported when using the CRT dependency @aws-sdk/signature-v4-crt. Please check whether you have installed the "@aws-sdk/signature-v4-crt" package explicitly. You must also register the package by calling [require("@aws-sdk/signature-v4-crt");] or an ESM equivalent such as [import "@aws-sdk/signature-v4-crt";]. For more information please go to https://github.com/aws/aws-sdk-js-v3#functionality-requiring-aws-common-runtime-crt` - ); - } + const identity = context.__smithy_context?.selectedHttpAuthScheme?.identity; + if (identity?.$source) { + const credentials = identity; + if (credentials.accountId) { + (0, import_core2.setFeature)(context, "RESOLVED_ACCOUNT_ID", "T"); + } + for (const [key, value] of Object.entries(credentials.$source ?? {})) { + (0, import_core2.setFeature)(context, key, value); } - return this.sigv4Signer.signWithCredentials(requestToSign, credentials, options); } - /** - * Presign a request. - * Note: This is only supported for SigV4a when using the CRT implementation. - */ - async presign(originalRequest, options = {}) { - if (options.signingRegion === "*") { - const signer = this.getSigv4aSigner(); - const CrtSignerV4 = signatureV4CrtContainer.CrtSignerV4; - if (CrtSignerV4 && signer instanceof CrtSignerV4) { - return signer.presign(originalRequest, options); +} +__name(checkFeatures, "checkFeatures"); + +// src/constants.ts +var USER_AGENT = "user-agent"; +var X_AMZ_USER_AGENT = "x-amz-user-agent"; +var SPACE = " "; +var UA_NAME_SEPARATOR = "/"; +var UA_NAME_ESCAPE_REGEX = /[^\!\$\%\&\'\*\+\-\.\^\_\`\|\~\d\w]/g; +var UA_VALUE_ESCAPE_REGEX = /[^\!\$\%\&\'\*\+\-\.\^\_\`\|\~\d\w\#]/g; +var UA_ESCAPE_CHAR = "-"; + +// src/encode-features.ts +var BYTE_LIMIT = 1024; +function encodeFeatures(features) { + let buffer = ""; + for (const key in features) { + const val = features[key]; + if (buffer.length + val.length + 1 <= BYTE_LIMIT) { + if (buffer.length) { + buffer += "," + val; } else { - throw new Error( - `presign with signingRegion '*' is only supported when using the CRT dependency @aws-sdk/signature-v4-crt. Please check whether you have installed the "@aws-sdk/signature-v4-crt" package explicitly. You must also register the package by calling [require("@aws-sdk/signature-v4-crt");] or an ESM equivalent such as [import "@aws-sdk/signature-v4-crt";]. For more information please go to https://github.com/aws/aws-sdk-js-v3#functionality-requiring-aws-common-runtime-crt` - ); + buffer += val; } + continue; } - return this.sigv4Signer.presign(originalRequest, options); + break; } - async presignWithCredentials(originalRequest, credentials, options = {}) { - if (options.signingRegion === "*") { - throw new Error("Method presignWithCredentials is not supported for [signingRegion=*]."); + return buffer; +} +__name(encodeFeatures, "encodeFeatures"); + +// src/user-agent-middleware.ts +var userAgentMiddleware = /* @__PURE__ */ __name((options) => (next, context) => async (args) => { + const { request } = args; + if (!import_protocol_http.HttpRequest.isInstance(request)) { + return next(args); + } + const { headers } = request; + const userAgent = context?.userAgent?.map(escapeUserAgent) || []; + const defaultUserAgent = (await options.defaultUserAgentProvider()).map(escapeUserAgent); + await checkFeatures(context, options, args); + const awsContext = context; + defaultUserAgent.push( + `m/${encodeFeatures( + Object.assign({}, context.__smithy_context?.features, awsContext.__aws_sdk_context?.features) + )}` + ); + const customUserAgent = options?.customUserAgent?.map(escapeUserAgent) || []; + const appId = await options.userAgentAppId(); + if (appId) { + defaultUserAgent.push(escapeUserAgent([`app/${appId}`])); + } + const prefix = (0, import_util_endpoints.getUserAgentPrefix)(); + const sdkUserAgentValue = (prefix ? [prefix] : []).concat([...defaultUserAgent, ...userAgent, ...customUserAgent]).join(SPACE); + const normalUAValue = [ + ...defaultUserAgent.filter((section) => section.startsWith("aws-sdk-")), + ...customUserAgent + ].join(SPACE); + if (options.runtime !== "browser") { + if (normalUAValue) { + headers[X_AMZ_USER_AGENT] = headers[X_AMZ_USER_AGENT] ? `${headers[USER_AGENT]} ${normalUAValue}` : normalUAValue; } - return this.sigv4Signer.presignWithCredentials(originalRequest, credentials, options); + headers[USER_AGENT] = sdkUserAgentValue; + } else { + headers[X_AMZ_USER_AGENT] = sdkUserAgentValue; } - getSigv4aSigner() { - if (!this.sigv4aSigner) { - const CrtSignerV4 = signatureV4CrtContainer.CrtSignerV4; - const JsSigV4aSigner = import_signature_v4.signatureV4aContainer.SignatureV4a; - if (this.signerOptions.runtime === "node") { - if (!CrtSignerV4 && !JsSigV4aSigner) { - throw new Error( - "Neither CRT nor JS SigV4a implementation is available. Please load either @aws-sdk/signature-v4-crt or @aws-sdk/signature-v4a. For more information please go to https://github.com/aws/aws-sdk-js-v3#functionality-requiring-aws-common-runtime-crt" - ); - } - if (CrtSignerV4 && typeof CrtSignerV4 === "function") { - this.sigv4aSigner = new CrtSignerV4({ - ...this.signerOptions, - signingAlgorithm: 1 - }); - } else if (JsSigV4aSigner && typeof JsSigV4aSigner === "function") { - this.sigv4aSigner = new JsSigV4aSigner({ - ...this.signerOptions - }); - } else { - throw new Error( - "Available SigV4a implementation is not a valid constructor. Please ensure you've properly imported @aws-sdk/signature-v4-crt or @aws-sdk/signature-v4a.For more information please go to https://github.com/aws/aws-sdk-js-v3#functionality-requiring-aws-common-runtime-crt" - ); + return next({ + ...args, + request + }); +}, "userAgentMiddleware"); +var escapeUserAgent = /* @__PURE__ */ __name((userAgentPair) => { + const name = userAgentPair[0].split(UA_NAME_SEPARATOR).map((part) => part.replace(UA_NAME_ESCAPE_REGEX, UA_ESCAPE_CHAR)).join(UA_NAME_SEPARATOR); + const version = userAgentPair[1]?.replace(UA_VALUE_ESCAPE_REGEX, UA_ESCAPE_CHAR); + const prefixSeparatorIndex = name.indexOf(UA_NAME_SEPARATOR); + const prefix = name.substring(0, prefixSeparatorIndex); + let uaName = name.substring(prefixSeparatorIndex + 1); + if (prefix === "api") { + uaName = uaName.toLowerCase(); + } + return [prefix, uaName, version].filter((item) => item && item.length > 0).reduce((acc, item, index) => { + switch (index) { + case 0: + return item; + case 1: + return `${acc}/${item}`; + default: + return `${acc}#${item}`; + } + }, ""); +}, "escapeUserAgent"); +var getUserAgentMiddlewareOptions = { + name: "getUserAgentMiddleware", + step: "build", + priority: "low", + tags: ["SET_USER_AGENT", "USER_AGENT"], + override: true +}; +var getUserAgentPlugin = /* @__PURE__ */ __name((config) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.add(userAgentMiddleware(config), getUserAgentMiddlewareOptions); + }, "applyToStack") +}), "getUserAgentPlugin"); +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); + + + +/***/ }), + +/***/ 9414: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.resolveHttpAuthSchemeConfig = exports.defaultSSOOIDCHttpAuthSchemeProvider = exports.defaultSSOOIDCHttpAuthSchemeParametersProvider = void 0; +const core_1 = __nccwpck_require__(9963); +const util_middleware_1 = __nccwpck_require__(2390); +const defaultSSOOIDCHttpAuthSchemeParametersProvider = async (config, context, input) => { + return { + operation: (0, util_middleware_1.getSmithyContext)(context).operation, + region: (await (0, util_middleware_1.normalizeProvider)(config.region)()) || + (() => { + throw new Error("expected `region` to be configured for `aws.auth#sigv4`"); + })(), + }; +}; +exports.defaultSSOOIDCHttpAuthSchemeParametersProvider = defaultSSOOIDCHttpAuthSchemeParametersProvider; +function createAwsAuthSigv4HttpAuthOption(authParameters) { + return { + schemeId: "aws.auth#sigv4", + signingProperties: { + name: "sso-oauth", + region: authParameters.region, + }, + propertiesExtractor: (config, context) => ({ + signingProperties: { + config, + context, + }, + }), + }; +} +function createSmithyApiNoAuthHttpAuthOption(authParameters) { + return { + schemeId: "smithy.api#noAuth", + }; +} +const defaultSSOOIDCHttpAuthSchemeProvider = (authParameters) => { + const options = []; + switch (authParameters.operation) { + case "CreateToken": { + options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); + break; } - } else { - if (!JsSigV4aSigner || typeof JsSigV4aSigner !== "function") { - throw new Error( - "JS SigV4a implementation is not available or not a valid constructor. Please check whether you have installed the @aws-sdk/signature-v4a package explicitly. The CRT implementation is not available for browsers. You must also register the package by calling [require('@aws-sdk/signature-v4a');] or an ESM equivalent such as [import '@aws-sdk/signature-v4a';]. For more information please go to https://github.com/aws/aws-sdk-js-v3#using-javascript-non-crt-implementation-of-sigv4a" - ); + default: { + options.push(createAwsAuthSigv4HttpAuthOption(authParameters)); } - this.sigv4aSigner = new JsSigV4aSigner({ - ...this.signerOptions - }); - } } - return this.sigv4aSigner; - } + return options; +}; +exports.defaultSSOOIDCHttpAuthSchemeProvider = defaultSSOOIDCHttpAuthSchemeProvider; +const resolveHttpAuthSchemeConfig = (config) => { + const config_0 = (0, core_1.resolveAwsSdkSigV4Config)(config); + return Object.assign(config_0, { + authSchemePreference: (0, util_middleware_1.normalizeProvider)(config.authSchemePreference ?? []), + }); +}; +exports.resolveHttpAuthSchemeConfig = resolveHttpAuthSchemeConfig; + + +/***/ }), + +/***/ 5: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.defaultEndpointResolver = void 0; +const util_endpoints_1 = __nccwpck_require__(3350); +const util_endpoints_2 = __nccwpck_require__(5473); +const ruleset_1 = __nccwpck_require__(932); +const cache = new util_endpoints_2.EndpointCache({ + size: 50, + params: ["Endpoint", "Region", "UseDualStack", "UseFIPS"], +}); +const defaultEndpointResolver = (endpointParams, context = {}) => { + return cache.get(endpointParams, () => (0, util_endpoints_2.resolveEndpoint)(ruleset_1.ruleSet, { + endpointParams: endpointParams, + logger: context.logger, + })); }; -// Annotate the CommonJS export names for ESM import in node: +exports.defaultEndpointResolver = defaultEndpointResolver; +util_endpoints_2.customEndpointFunctions.aws = util_endpoints_1.awsEndpointFunctions; -0 && (0); +/***/ }), + +/***/ 932: +/***/ ((__unused_webpack_module, exports) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.ruleSet = void 0; +const u = "required", v = "fn", w = "argv", x = "ref"; +const a = true, b = "isSet", c = "booleanEquals", d = "error", e = "endpoint", f = "tree", g = "PartitionResult", h = "getAttr", i = { [u]: false, "type": "String" }, j = { [u]: true, "default": false, "type": "Boolean" }, k = { [x]: "Endpoint" }, l = { [v]: c, [w]: [{ [x]: "UseFIPS" }, true] }, m = { [v]: c, [w]: [{ [x]: "UseDualStack" }, true] }, n = {}, o = { [v]: h, [w]: [{ [x]: g }, "supportsFIPS"] }, p = { [x]: g }, q = { [v]: c, [w]: [true, { [v]: h, [w]: [p, "supportsDualStack"] }] }, r = [l], s = [m], t = [{ [x]: "Region" }]; +const _data = { version: "1.0", parameters: { Region: i, UseDualStack: j, UseFIPS: j, Endpoint: i }, rules: [{ conditions: [{ [v]: b, [w]: [k] }], rules: [{ conditions: r, error: "Invalid Configuration: FIPS and custom endpoint are not supported", type: d }, { conditions: s, error: "Invalid Configuration: Dualstack and custom endpoint are not supported", type: d }, { endpoint: { url: k, properties: n, headers: n }, type: e }], type: f }, { conditions: [{ [v]: b, [w]: t }], rules: [{ conditions: [{ [v]: "aws.partition", [w]: t, assign: g }], rules: [{ conditions: [l, m], rules: [{ conditions: [{ [v]: c, [w]: [a, o] }, q], rules: [{ endpoint: { url: "https://oidc-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: n, headers: n }, type: e }], type: f }, { error: "FIPS and DualStack are enabled, but this partition does not support one or both", type: d }], type: f }, { conditions: r, rules: [{ conditions: [{ [v]: c, [w]: [o, a] }], rules: [{ conditions: [{ [v]: "stringEquals", [w]: [{ [v]: h, [w]: [p, "name"] }, "aws-us-gov"] }], endpoint: { url: "https://oidc.{Region}.amazonaws.com", properties: n, headers: n }, type: e }, { endpoint: { url: "https://oidc-fips.{Region}.{PartitionResult#dnsSuffix}", properties: n, headers: n }, type: e }], type: f }, { error: "FIPS is enabled but this partition does not support FIPS", type: d }], type: f }, { conditions: s, rules: [{ conditions: [q], rules: [{ endpoint: { url: "https://oidc.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: n, headers: n }, type: e }], type: f }, { error: "DualStack is enabled but this partition does not support DualStack", type: d }], type: f }, { endpoint: { url: "https://oidc.{Region}.{PartitionResult#dnsSuffix}", properties: n, headers: n }, type: e }], type: f }], type: f }, { error: "Invalid Configuration: Missing Region", type: d }] }; +exports.ruleSet = _data; /***/ }), -/***/ 2843: +/***/ 7334: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; -var __create = Object.create; var __defProp = Object.defineProperty; var __getOwnPropDesc = Object.getOwnPropertyDescriptor; var __getOwnPropNames = Object.getOwnPropertyNames; -var __getProtoOf = Object.getPrototypeOf; var __hasOwnProp = Object.prototype.hasOwnProperty; var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); var __export = (target, all) => { @@ -55878,1020 +40617,1208 @@ var __copyProps = (to, from, except, desc) => { } return to; }; -var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps( - // If the importer is in node compatibility mode or this is not an ESM - // file that has been converted to a CommonJS file using a Babel- - // compatible transform (i.e. "__esModule" has not been set), then set - // "default" to the CommonJS "module.exports" for node compatibility. - isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target, - mod -)); var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -// src/index.ts +// src/submodules/sso-oidc/index.ts var index_exports = {}; __export(index_exports, { - fromEnvSigningName: () => fromEnvSigningName, - fromSso: () => fromSso, - fromStatic: () => fromStatic, - nodeProvider: () => nodeProvider + $Command: () => import_smithy_client6.Command, + AccessDeniedException: () => AccessDeniedException, + AuthorizationPendingException: () => AuthorizationPendingException, + CreateTokenCommand: () => CreateTokenCommand, + CreateTokenRequestFilterSensitiveLog: () => CreateTokenRequestFilterSensitiveLog, + CreateTokenResponseFilterSensitiveLog: () => CreateTokenResponseFilterSensitiveLog, + ExpiredTokenException: () => ExpiredTokenException, + InternalServerException: () => InternalServerException, + InvalidClientException: () => InvalidClientException, + InvalidGrantException: () => InvalidGrantException, + InvalidRequestException: () => InvalidRequestException, + InvalidScopeException: () => InvalidScopeException, + SSOOIDC: () => SSOOIDC, + SSOOIDCClient: () => SSOOIDCClient, + SSOOIDCServiceException: () => SSOOIDCServiceException, + SlowDownException: () => SlowDownException, + UnauthorizedClientException: () => UnauthorizedClientException, + UnsupportedGrantTypeException: () => UnsupportedGrantTypeException, + __Client: () => import_smithy_client2.Client }); module.exports = __toCommonJS(index_exports); -// src/fromEnvSigningName.ts -var import_core = __nccwpck_require__(9963); -var import_property_provider = __nccwpck_require__(9721); -var fromEnvSigningName = /* @__PURE__ */ __name(({ logger, signingName } = {}) => async () => { - logger?.debug?.("@aws-sdk/token-providers - fromEnvSigningName"); - if (!signingName) { - throw new import_property_provider.TokenProviderError("Please pass 'signingName' to compute environment variable key", { logger }); - } - const bearerTokenKey = (0, import_core.getBearerTokenEnvKey)(signingName); - if (!(bearerTokenKey in process.env)) { - throw new import_property_provider.TokenProviderError(`Token not present in '${bearerTokenKey}' environment variable`, { logger }); - } - return { token: process.env[bearerTokenKey] }; -}, "fromEnvSigningName"); +// src/submodules/sso-oidc/SSOOIDCClient.ts +var import_middleware_host_header = __nccwpck_require__(2545); +var import_middleware_logger = __nccwpck_require__(14); +var import_middleware_recursion_detection = __nccwpck_require__(5525); +var import_middleware_user_agent = __nccwpck_require__(4688); +var import_config_resolver = __nccwpck_require__(3098); +var import_core = __nccwpck_require__(5829); +var import_middleware_content_length = __nccwpck_require__(2800); +var import_middleware_endpoint = __nccwpck_require__(2918); +var import_middleware_retry = __nccwpck_require__(6039); +var import_smithy_client2 = __nccwpck_require__(3570); +var import_httpAuthSchemeProvider = __nccwpck_require__(9414); -// src/fromSso.ts +// src/submodules/sso-oidc/endpoint/EndpointParameters.ts +var resolveClientEndpointParameters = /* @__PURE__ */ __name((options) => { + return Object.assign(options, { + useDualstackEndpoint: options.useDualstackEndpoint ?? false, + useFipsEndpoint: options.useFipsEndpoint ?? false, + defaultSigningName: "sso-oauth" + }); +}, "resolveClientEndpointParameters"); +var commonParams = { + UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, + Endpoint: { type: "builtInParams", name: "endpoint" }, + Region: { type: "builtInParams", name: "region" }, + UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" } +}; +// src/submodules/sso-oidc/SSOOIDCClient.ts +var import_runtimeConfig = __nccwpck_require__(7277); +// src/submodules/sso-oidc/runtimeExtensions.ts +var import_region_config_resolver = __nccwpck_require__(8156); +var import_protocol_http = __nccwpck_require__(4418); +var import_smithy_client = __nccwpck_require__(3570); -// src/constants.ts -var EXPIRE_WINDOW_MS = 5 * 60 * 1e3; -var REFRESH_MESSAGE = `To refresh this SSO session run 'aws sso login' with the corresponding profile.`; +// src/submodules/sso-oidc/auth/httpAuthExtensionConfiguration.ts +var getHttpAuthExtensionConfiguration = /* @__PURE__ */ __name((runtimeConfig) => { + const _httpAuthSchemes = runtimeConfig.httpAuthSchemes; + let _httpAuthSchemeProvider = runtimeConfig.httpAuthSchemeProvider; + let _credentials = runtimeConfig.credentials; + return { + setHttpAuthScheme(httpAuthScheme) { + const index = _httpAuthSchemes.findIndex((scheme) => scheme.schemeId === httpAuthScheme.schemeId); + if (index === -1) { + _httpAuthSchemes.push(httpAuthScheme); + } else { + _httpAuthSchemes.splice(index, 1, httpAuthScheme); + } + }, + httpAuthSchemes() { + return _httpAuthSchemes; + }, + setHttpAuthSchemeProvider(httpAuthSchemeProvider) { + _httpAuthSchemeProvider = httpAuthSchemeProvider; + }, + httpAuthSchemeProvider() { + return _httpAuthSchemeProvider; + }, + setCredentials(credentials) { + _credentials = credentials; + }, + credentials() { + return _credentials; + } + }; +}, "getHttpAuthExtensionConfiguration"); +var resolveHttpAuthRuntimeConfig = /* @__PURE__ */ __name((config) => { + return { + httpAuthSchemes: config.httpAuthSchemes(), + httpAuthSchemeProvider: config.httpAuthSchemeProvider(), + credentials: config.credentials() + }; +}, "resolveHttpAuthRuntimeConfig"); -// src/getSsoOidcClient.ts -var getSsoOidcClient = /* @__PURE__ */ __name(async (ssoRegion, init = {}) => { - const { SSOOIDCClient } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(7334))); - const ssoOidcClient = new SSOOIDCClient( - Object.assign({}, init.clientConfig ?? {}, { - region: ssoRegion ?? init.clientConfig?.region, - logger: init.clientConfig?.logger ?? init.parentClientConfig?.logger - }) +// src/submodules/sso-oidc/runtimeExtensions.ts +var resolveRuntimeExtensions = /* @__PURE__ */ __name((runtimeConfig, extensions) => { + const extensionConfiguration = Object.assign( + (0, import_region_config_resolver.getAwsRegionExtensionConfiguration)(runtimeConfig), + (0, import_smithy_client.getDefaultExtensionConfiguration)(runtimeConfig), + (0, import_protocol_http.getHttpHandlerExtensionConfiguration)(runtimeConfig), + getHttpAuthExtensionConfiguration(runtimeConfig) ); - return ssoOidcClient; -}, "getSsoOidcClient"); - -// src/getNewSsoOidcToken.ts -var getNewSsoOidcToken = /* @__PURE__ */ __name(async (ssoToken, ssoRegion, init = {}) => { - const { CreateTokenCommand } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(7334))); - const ssoOidcClient = await getSsoOidcClient(ssoRegion, init); - return ssoOidcClient.send( - new CreateTokenCommand({ - clientId: ssoToken.clientId, - clientSecret: ssoToken.clientSecret, - refreshToken: ssoToken.refreshToken, - grantType: "refresh_token" - }) + extensions.forEach((extension) => extension.configure(extensionConfiguration)); + return Object.assign( + runtimeConfig, + (0, import_region_config_resolver.resolveAwsRegionExtensionConfiguration)(extensionConfiguration), + (0, import_smithy_client.resolveDefaultRuntimeConfig)(extensionConfiguration), + (0, import_protocol_http.resolveHttpHandlerRuntimeConfig)(extensionConfiguration), + resolveHttpAuthRuntimeConfig(extensionConfiguration) ); -}, "getNewSsoOidcToken"); +}, "resolveRuntimeExtensions"); -// src/validateTokenExpiry.ts +// src/submodules/sso-oidc/SSOOIDCClient.ts +var SSOOIDCClient = class extends import_smithy_client2.Client { + static { + __name(this, "SSOOIDCClient"); + } + /** + * The resolved configuration of SSOOIDCClient class. This is resolved and normalized from the {@link SSOOIDCClientConfig | constructor configuration interface}. + */ + config; + constructor(...[configuration]) { + const _config_0 = (0, import_runtimeConfig.getRuntimeConfig)(configuration || {}); + super(_config_0); + this.initConfig = _config_0; + const _config_1 = resolveClientEndpointParameters(_config_0); + const _config_2 = (0, import_middleware_user_agent.resolveUserAgentConfig)(_config_1); + const _config_3 = (0, import_middleware_retry.resolveRetryConfig)(_config_2); + const _config_4 = (0, import_config_resolver.resolveRegionConfig)(_config_3); + const _config_5 = (0, import_middleware_host_header.resolveHostHeaderConfig)(_config_4); + const _config_6 = (0, import_middleware_endpoint.resolveEndpointConfig)(_config_5); + const _config_7 = (0, import_httpAuthSchemeProvider.resolveHttpAuthSchemeConfig)(_config_6); + const _config_8 = resolveRuntimeExtensions(_config_7, configuration?.extensions || []); + this.config = _config_8; + this.middlewareStack.use((0, import_middleware_user_agent.getUserAgentPlugin)(this.config)); + this.middlewareStack.use((0, import_middleware_retry.getRetryPlugin)(this.config)); + this.middlewareStack.use((0, import_middleware_content_length.getContentLengthPlugin)(this.config)); + this.middlewareStack.use((0, import_middleware_host_header.getHostHeaderPlugin)(this.config)); + this.middlewareStack.use((0, import_middleware_logger.getLoggerPlugin)(this.config)); + this.middlewareStack.use((0, import_middleware_recursion_detection.getRecursionDetectionPlugin)(this.config)); + this.middlewareStack.use( + (0, import_core.getHttpAuthSchemeEndpointRuleSetPlugin)(this.config, { + httpAuthSchemeParametersProvider: import_httpAuthSchemeProvider.defaultSSOOIDCHttpAuthSchemeParametersProvider, + identityProviderConfigProvider: /* @__PURE__ */ __name(async (config) => new import_core.DefaultIdentityProviderConfig({ + "aws.auth#sigv4": config.credentials + }), "identityProviderConfigProvider") + }) + ); + this.middlewareStack.use((0, import_core.getHttpSigningPlugin)(this.config)); + } + /** + * Destroy underlying resources, like sockets. It's usually not necessary to do this. + * However in Node.js, it's best to explicitly shut down the client's agent when it is no longer needed. + * Otherwise, sockets might stay open for quite a long time before the server terminates them. + */ + destroy() { + super.destroy(); + } +}; -var validateTokenExpiry = /* @__PURE__ */ __name((token) => { - if (token.expiration && token.expiration.getTime() < Date.now()) { - throw new import_property_provider.TokenProviderError(`Token is expired. ${REFRESH_MESSAGE}`, false); +// src/submodules/sso-oidc/SSOOIDC.ts +var import_smithy_client7 = __nccwpck_require__(3570); + +// src/submodules/sso-oidc/commands/CreateTokenCommand.ts +var import_middleware_endpoint2 = __nccwpck_require__(2918); +var import_middleware_serde = __nccwpck_require__(1238); +var import_smithy_client6 = __nccwpck_require__(3570); + +// src/submodules/sso-oidc/models/models_0.ts +var import_smithy_client4 = __nccwpck_require__(3570); + +// src/submodules/sso-oidc/models/SSOOIDCServiceException.ts +var import_smithy_client3 = __nccwpck_require__(3570); +var SSOOIDCServiceException = class _SSOOIDCServiceException extends import_smithy_client3.ServiceException { + static { + __name(this, "SSOOIDCServiceException"); + } + /** + * @internal + */ + constructor(options) { + super(options); + Object.setPrototypeOf(this, _SSOOIDCServiceException.prototype); + } +}; + +// src/submodules/sso-oidc/models/models_0.ts +var AccessDeniedException = class _AccessDeniedException extends SSOOIDCServiceException { + static { + __name(this, "AccessDeniedException"); + } + name = "AccessDeniedException"; + $fault = "client"; + /** + *Single error code. For this exception the value will be access_denied.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; + /** + * @internal + */ + constructor(opts) { + super({ + name: "AccessDeniedException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _AccessDeniedException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; + } +}; +var AuthorizationPendingException = class _AuthorizationPendingException extends SSOOIDCServiceException { + static { + __name(this, "AuthorizationPendingException"); + } + name = "AuthorizationPendingException"; + $fault = "client"; + /** + *Single error code. For this exception the value will be
+ * authorization_pending.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; + /** + * @internal + */ + constructor(opts) { + super({ + name: "AuthorizationPendingException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _AuthorizationPendingException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; + } +}; +var CreateTokenRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.clientSecret && { clientSecret: import_smithy_client4.SENSITIVE_STRING }, + ...obj.refreshToken && { refreshToken: import_smithy_client4.SENSITIVE_STRING }, + ...obj.codeVerifier && { codeVerifier: import_smithy_client4.SENSITIVE_STRING } +}), "CreateTokenRequestFilterSensitiveLog"); +var CreateTokenResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.accessToken && { accessToken: import_smithy_client4.SENSITIVE_STRING }, + ...obj.refreshToken && { refreshToken: import_smithy_client4.SENSITIVE_STRING }, + ...obj.idToken && { idToken: import_smithy_client4.SENSITIVE_STRING } +}), "CreateTokenResponseFilterSensitiveLog"); +var ExpiredTokenException = class _ExpiredTokenException extends SSOOIDCServiceException { + static { + __name(this, "ExpiredTokenException"); + } + name = "ExpiredTokenException"; + $fault = "client"; + /** + *Single error code. For this exception the value will be expired_token.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; + /** + * @internal + */ + constructor(opts) { + super({ + name: "ExpiredTokenException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _ExpiredTokenException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; + } +}; +var InternalServerException = class _InternalServerException extends SSOOIDCServiceException { + static { + __name(this, "InternalServerException"); + } + name = "InternalServerException"; + $fault = "server"; + /** + *Single error code. For this exception the value will be server_error.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; + /** + * @internal + */ + constructor(opts) { + super({ + name: "InternalServerException", + $fault: "server", + ...opts + }); + Object.setPrototypeOf(this, _InternalServerException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; + } +}; +var InvalidClientException = class _InvalidClientException extends SSOOIDCServiceException { + static { + __name(this, "InvalidClientException"); + } + name = "InvalidClientException"; + $fault = "client"; + /** + *Single error code. For this exception the value will be
+ * invalid_client.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; + /** + * @internal + */ + constructor(opts) { + super({ + name: "InvalidClientException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _InvalidClientException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; + } +}; +var InvalidGrantException = class _InvalidGrantException extends SSOOIDCServiceException { + static { + __name(this, "InvalidGrantException"); + } + name = "InvalidGrantException"; + $fault = "client"; + /** + *Single error code. For this exception the value will be invalid_grant.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; + /** + * @internal + */ + constructor(opts) { + super({ + name: "InvalidGrantException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _InvalidGrantException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; + } +}; +var InvalidRequestException = class _InvalidRequestException extends SSOOIDCServiceException { + static { + __name(this, "InvalidRequestException"); + } + name = "InvalidRequestException"; + $fault = "client"; + /** + *Single error code. For this exception the value will be
+ * invalid_request.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; + /** + * @internal + */ + constructor(opts) { + super({ + name: "InvalidRequestException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _InvalidRequestException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; + } +}; +var InvalidScopeException = class _InvalidScopeException extends SSOOIDCServiceException { + static { + __name(this, "InvalidScopeException"); + } + name = "InvalidScopeException"; + $fault = "client"; + /** + *Single error code. For this exception the value will be invalid_scope.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; + /** + * @internal + */ + constructor(opts) { + super({ + name: "InvalidScopeException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _InvalidScopeException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; } -}, "validateTokenExpiry"); - -// src/validateTokenKey.ts - -var validateTokenKey = /* @__PURE__ */ __name((key, value, forRefresh = false) => { - if (typeof value === "undefined") { - throw new import_property_provider.TokenProviderError( - `Value not present for '${key}' in SSO Token${forRefresh ? ". Cannot refresh" : ""}. ${REFRESH_MESSAGE}`, - false - ); +}; +var SlowDownException = class _SlowDownException extends SSOOIDCServiceException { + static { + __name(this, "SlowDownException"); } -}, "validateTokenKey"); - -// src/writeSSOTokenToFile.ts -var import_shared_ini_file_loader = __nccwpck_require__(3507); -var import_fs = __nccwpck_require__(7147); -var { writeFile } = import_fs.promises; -var writeSSOTokenToFile = /* @__PURE__ */ __name((id, ssoToken) => { - const tokenFilepath = (0, import_shared_ini_file_loader.getSSOTokenFilepath)(id); - const tokenString = JSON.stringify(ssoToken, null, 2); - return writeFile(tokenFilepath, tokenString); -}, "writeSSOTokenToFile"); - -// src/fromSso.ts -var lastRefreshAttemptTime = /* @__PURE__ */ new Date(0); -var fromSso = /* @__PURE__ */ __name((_init = {}) => async ({ callerClientConfig } = {}) => { - const init = { - ..._init, - parentClientConfig: { - ...callerClientConfig, - ..._init.parentClientConfig - } - }; - init.logger?.debug("@aws-sdk/token-providers - fromSso"); - const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init); - const profileName = (0, import_shared_ini_file_loader.getProfileName)({ - profile: init.profile ?? callerClientConfig?.profile - }); - const profile = profiles[profileName]; - if (!profile) { - throw new import_property_provider.TokenProviderError(`Profile '${profileName}' could not be found in shared credentials file.`, false); - } else if (!profile["sso_session"]) { - throw new import_property_provider.TokenProviderError(`Profile '${profileName}' is missing required property 'sso_session'.`); + name = "SlowDownException"; + $fault = "client"; + /** + *Single error code. For this exception the value will be slow_down.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; + /** + * @internal + */ + constructor(opts) { + super({ + name: "SlowDownException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _SlowDownException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; } - const ssoSessionName = profile["sso_session"]; - const ssoSessions = await (0, import_shared_ini_file_loader.loadSsoSessionData)(init); - const ssoSession = ssoSessions[ssoSessionName]; - if (!ssoSession) { - throw new import_property_provider.TokenProviderError( - `Sso session '${ssoSessionName}' could not be found in shared credentials file.`, - false - ); +}; +var UnauthorizedClientException = class _UnauthorizedClientException extends SSOOIDCServiceException { + static { + __name(this, "UnauthorizedClientException"); } - for (const ssoSessionRequiredKey of ["sso_start_url", "sso_region"]) { - if (!ssoSession[ssoSessionRequiredKey]) { - throw new import_property_provider.TokenProviderError( - `Sso session '${ssoSessionName}' is missing required property '${ssoSessionRequiredKey}'.`, - false - ); - } + name = "UnauthorizedClientException"; + $fault = "client"; + /** + *Single error code. For this exception the value will be
+ * unauthorized_client.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; + /** + * @internal + */ + constructor(opts) { + super({ + name: "UnauthorizedClientException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _UnauthorizedClientException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; } - const ssoStartUrl = ssoSession["sso_start_url"]; - const ssoRegion = ssoSession["sso_region"]; - let ssoToken; - try { - ssoToken = await (0, import_shared_ini_file_loader.getSSOTokenFromFile)(ssoSessionName); - } catch (e) { - throw new import_property_provider.TokenProviderError( - `The SSO session token associated with profile=${profileName} was not found or is invalid. ${REFRESH_MESSAGE}`, - false - ); +}; +var UnsupportedGrantTypeException = class _UnsupportedGrantTypeException extends SSOOIDCServiceException { + static { + __name(this, "UnsupportedGrantTypeException"); } - validateTokenKey("accessToken", ssoToken.accessToken); - validateTokenKey("expiresAt", ssoToken.expiresAt); - const { accessToken, expiresAt } = ssoToken; - const existingToken = { token: accessToken, expiration: new Date(expiresAt) }; - if (existingToken.expiration.getTime() - Date.now() > EXPIRE_WINDOW_MS) { - return existingToken; + name = "UnsupportedGrantTypeException"; + $fault = "client"; + /** + *Single error code. For this exception the value will be
+ * unsupported_grant_type.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; + /** + * @internal + */ + constructor(opts) { + super({ + name: "UnsupportedGrantTypeException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _UnsupportedGrantTypeException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; } - if (Date.now() - lastRefreshAttemptTime.getTime() < 30 * 1e3) { - validateTokenExpiry(existingToken); - return existingToken; +}; + +// src/submodules/sso-oidc/protocols/Aws_restJson1.ts +var import_core2 = __nccwpck_require__(9963); +var import_core3 = __nccwpck_require__(5829); +var import_smithy_client5 = __nccwpck_require__(3570); +var se_CreateTokenCommand = /* @__PURE__ */ __name(async (input, context) => { + const b = (0, import_core3.requestBuilder)(input, context); + const headers = { + "content-type": "application/json" + }; + b.bp("/token"); + let body; + body = JSON.stringify( + (0, import_smithy_client5.take)(input, { + clientId: [], + clientSecret: [], + code: [], + codeVerifier: [], + deviceCode: [], + grantType: [], + redirectUri: [], + refreshToken: [], + scope: /* @__PURE__ */ __name((_) => (0, import_smithy_client5._json)(_), "scope") + }) + ); + b.m("POST").h(headers).b(body); + return b.build(); +}, "se_CreateTokenCommand"); +var de_CreateTokenCommand = /* @__PURE__ */ __name(async (output, context) => { + if (output.statusCode !== 200 && output.statusCode >= 300) { + return de_CommandError(output, context); } - validateTokenKey("clientId", ssoToken.clientId, true); - validateTokenKey("clientSecret", ssoToken.clientSecret, true); - validateTokenKey("refreshToken", ssoToken.refreshToken, true); - try { - lastRefreshAttemptTime.setTime(Date.now()); - const newSsoOidcToken = await getNewSsoOidcToken(ssoToken, ssoRegion, init); - validateTokenKey("accessToken", newSsoOidcToken.accessToken); - validateTokenKey("expiresIn", newSsoOidcToken.expiresIn); - const newTokenExpiration = new Date(Date.now() + newSsoOidcToken.expiresIn * 1e3); - try { - await writeSSOTokenToFile(ssoSessionName, { - ...ssoToken, - accessToken: newSsoOidcToken.accessToken, - expiresAt: newTokenExpiration.toISOString(), - refreshToken: newSsoOidcToken.refreshToken + const contents = (0, import_smithy_client5.map)({ + $metadata: deserializeMetadata(output) + }); + const data = (0, import_smithy_client5.expectNonNull)((0, import_smithy_client5.expectObject)(await (0, import_core2.parseJsonBody)(output.body, context)), "body"); + const doc = (0, import_smithy_client5.take)(data, { + accessToken: import_smithy_client5.expectString, + expiresIn: import_smithy_client5.expectInt32, + idToken: import_smithy_client5.expectString, + refreshToken: import_smithy_client5.expectString, + tokenType: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + return contents; +}, "de_CreateTokenCommand"); +var de_CommandError = /* @__PURE__ */ __name(async (output, context) => { + const parsedOutput = { + ...output, + body: await (0, import_core2.parseJsonErrorBody)(output.body, context) + }; + const errorCode = (0, import_core2.loadRestJsonErrorCode)(output, parsedOutput.body); + switch (errorCode) { + case "AccessDeniedException": + case "com.amazonaws.ssooidc#AccessDeniedException": + throw await de_AccessDeniedExceptionRes(parsedOutput, context); + case "AuthorizationPendingException": + case "com.amazonaws.ssooidc#AuthorizationPendingException": + throw await de_AuthorizationPendingExceptionRes(parsedOutput, context); + case "ExpiredTokenException": + case "com.amazonaws.ssooidc#ExpiredTokenException": + throw await de_ExpiredTokenExceptionRes(parsedOutput, context); + case "InternalServerException": + case "com.amazonaws.ssooidc#InternalServerException": + throw await de_InternalServerExceptionRes(parsedOutput, context); + case "InvalidClientException": + case "com.amazonaws.ssooidc#InvalidClientException": + throw await de_InvalidClientExceptionRes(parsedOutput, context); + case "InvalidGrantException": + case "com.amazonaws.ssooidc#InvalidGrantException": + throw await de_InvalidGrantExceptionRes(parsedOutput, context); + case "InvalidRequestException": + case "com.amazonaws.ssooidc#InvalidRequestException": + throw await de_InvalidRequestExceptionRes(parsedOutput, context); + case "InvalidScopeException": + case "com.amazonaws.ssooidc#InvalidScopeException": + throw await de_InvalidScopeExceptionRes(parsedOutput, context); + case "SlowDownException": + case "com.amazonaws.ssooidc#SlowDownException": + throw await de_SlowDownExceptionRes(parsedOutput, context); + case "UnauthorizedClientException": + case "com.amazonaws.ssooidc#UnauthorizedClientException": + throw await de_UnauthorizedClientExceptionRes(parsedOutput, context); + case "UnsupportedGrantTypeException": + case "com.amazonaws.ssooidc#UnsupportedGrantTypeException": + throw await de_UnsupportedGrantTypeExceptionRes(parsedOutput, context); + default: + const parsedBody = parsedOutput.body; + return throwDefaultError({ + output, + parsedBody, + errorCode }); - } catch (error) { - } - return { - token: newSsoOidcToken.accessToken, - expiration: newTokenExpiration - }; - } catch (error) { - validateTokenExpiry(existingToken); - return existingToken; } -}, "fromSso"); - -// src/fromStatic.ts +}, "de_CommandError"); +var throwDefaultError = (0, import_smithy_client5.withBaseException)(SSOOIDCServiceException); +var de_AccessDeniedExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + const exception = new AccessDeniedException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_AccessDeniedExceptionRes"); +var de_AuthorizationPendingExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + const exception = new AuthorizationPendingException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_AuthorizationPendingExceptionRes"); +var de_ExpiredTokenExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + const exception = new ExpiredTokenException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_ExpiredTokenExceptionRes"); +var de_InternalServerExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + const exception = new InternalServerException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_InternalServerExceptionRes"); +var de_InvalidClientExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + const exception = new InvalidClientException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_InvalidClientExceptionRes"); +var de_InvalidGrantExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + const exception = new InvalidGrantException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_InvalidGrantExceptionRes"); +var de_InvalidRequestExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + const exception = new InvalidRequestException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_InvalidRequestExceptionRes"); +var de_InvalidScopeExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + const exception = new InvalidScopeException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_InvalidScopeExceptionRes"); +var de_SlowDownExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + const exception = new SlowDownException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_SlowDownExceptionRes"); +var de_UnauthorizedClientExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + const exception = new UnauthorizedClientException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_UnauthorizedClientExceptionRes"); +var de_UnsupportedGrantTypeExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + const exception = new UnsupportedGrantTypeException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_UnsupportedGrantTypeExceptionRes"); +var deserializeMetadata = /* @__PURE__ */ __name((output) => ({ + httpStatusCode: output.statusCode, + requestId: output.headers["x-amzn-requestid"] ?? output.headers["x-amzn-request-id"] ?? output.headers["x-amz-request-id"], + extendedRequestId: output.headers["x-amz-id-2"], + cfId: output.headers["x-amz-cf-id"] +}), "deserializeMetadata"); -var fromStatic = /* @__PURE__ */ __name(({ token, logger }) => async () => { - logger?.debug("@aws-sdk/token-providers - fromStatic"); - if (!token || !token.token) { - throw new import_property_provider.TokenProviderError(`Please pass a valid token to fromStatic`, false); +// src/submodules/sso-oidc/commands/CreateTokenCommand.ts +var CreateTokenCommand = class extends import_smithy_client6.Command.classBuilder().ep(commonParams).m(function(Command, cs, config, o) { + return [ + (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), + (0, import_middleware_endpoint2.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) + ]; +}).s("AWSSSOOIDCService", "CreateToken", {}).n("SSOOIDCClient", "CreateTokenCommand").f(CreateTokenRequestFilterSensitiveLog, CreateTokenResponseFilterSensitiveLog).ser(se_CreateTokenCommand).de(de_CreateTokenCommand).build() { + static { + __name(this, "CreateTokenCommand"); } - return token; -}, "fromStatic"); - -// src/nodeProvider.ts - -var nodeProvider = /* @__PURE__ */ __name((init = {}) => (0, import_property_provider.memoize)( - (0, import_property_provider.chain)(fromSso(init), async () => { - throw new import_property_provider.TokenProviderError("Could not load token from any providers", false); - }), - (token) => token.expiration !== void 0 && token.expiration.getTime() - Date.now() < 3e5, - (token) => token.expiration !== void 0 -), "nodeProvider"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 5487: -/***/ ((module) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); }; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; + +// src/submodules/sso-oidc/SSOOIDC.ts +var commands = { + CreateTokenCommand }; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - build: () => build, - parse: () => parse, - validate: () => validate -}); -module.exports = __toCommonJS(index_exports); -var validate = /* @__PURE__ */ __name((str) => typeof str === "string" && str.indexOf("arn:") === 0 && str.split(":").length >= 6, "validate"); -var parse = /* @__PURE__ */ __name((arn) => { - const segments = arn.split(":"); - if (segments.length < 6 || segments[0] !== "arn") throw new Error("Malformed ARN"); - const [ - , - //Skip "arn" literal - partition, - service, - region, - accountId, - ...resource - ] = segments; - return { - partition, - service, - region, - accountId, - resource: resource.join(":") - }; -}, "parse"); -var build = /* @__PURE__ */ __name((arnObject) => { - const { partition = "aws", service, region, accountId, resource } = arnObject; - if ([service, region, accountId, resource].some((segment) => typeof segment !== "string")) { - throw new Error("Input ARN object is invalid"); +var SSOOIDC = class extends SSOOIDCClient { + static { + __name(this, "SSOOIDC"); } - return `arn:${partition}:${service}:${region}:${accountId}:${resource}`; -}, "build"); +}; +(0, import_smithy_client7.createAggregatedClient)(commands, SSOOIDC); // Annotate the CommonJS export names for ESM import in node: - 0 && (0); - /***/ }), -/***/ 3350: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +/***/ 7277: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - ConditionObject: () => import_util_endpoints.ConditionObject, - DeprecatedObject: () => import_util_endpoints.DeprecatedObject, - EndpointError: () => import_util_endpoints.EndpointError, - EndpointObject: () => import_util_endpoints.EndpointObject, - EndpointObjectHeaders: () => import_util_endpoints.EndpointObjectHeaders, - EndpointObjectProperties: () => import_util_endpoints.EndpointObjectProperties, - EndpointParams: () => import_util_endpoints.EndpointParams, - EndpointResolverOptions: () => import_util_endpoints.EndpointResolverOptions, - EndpointRuleObject: () => import_util_endpoints.EndpointRuleObject, - ErrorRuleObject: () => import_util_endpoints.ErrorRuleObject, - EvaluateOptions: () => import_util_endpoints.EvaluateOptions, - Expression: () => import_util_endpoints.Expression, - FunctionArgv: () => import_util_endpoints.FunctionArgv, - FunctionObject: () => import_util_endpoints.FunctionObject, - FunctionReturn: () => import_util_endpoints.FunctionReturn, - ParameterObject: () => import_util_endpoints.ParameterObject, - ReferenceObject: () => import_util_endpoints.ReferenceObject, - ReferenceRecord: () => import_util_endpoints.ReferenceRecord, - RuleSetObject: () => import_util_endpoints.RuleSetObject, - RuleSetRules: () => import_util_endpoints.RuleSetRules, - TreeRuleObject: () => import_util_endpoints.TreeRuleObject, - awsEndpointFunctions: () => awsEndpointFunctions, - getUserAgentPrefix: () => getUserAgentPrefix, - isIpAddress: () => import_util_endpoints.isIpAddress, - partition: () => partition, - resolveEndpoint: () => import_util_endpoints.resolveEndpoint, - setPartitionInfo: () => setPartitionInfo, - useDefaultPartitionInfo: () => useDefaultPartitionInfo -}); -module.exports = __toCommonJS(index_exports); - -// src/aws.ts - - -// src/lib/aws/isVirtualHostableS3Bucket.ts - - -// src/lib/isIpAddress.ts -var import_util_endpoints = __nccwpck_require__(5473); - -// src/lib/aws/isVirtualHostableS3Bucket.ts -var isVirtualHostableS3Bucket = /* @__PURE__ */ __name((value, allowSubDomains = false) => { - if (allowSubDomains) { - for (const label of value.split(".")) { - if (!isVirtualHostableS3Bucket(label)) { - return false; - } - } - return true; - } - if (!(0, import_util_endpoints.isValidHostLabel)(value)) { - return false; - } - if (value.length < 3 || value.length > 63) { - return false; - } - if (value !== value.toLowerCase()) { - return false; - } - if ((0, import_util_endpoints.isIpAddress)(value)) { - return false; - } - return true; -}, "isVirtualHostableS3Bucket"); - -// src/lib/aws/parseArn.ts -var ARN_DELIMITER = ":"; -var RESOURCE_DELIMITER = "/"; -var parseArn = /* @__PURE__ */ __name((value) => { - const segments = value.split(ARN_DELIMITER); - if (segments.length < 6) return null; - const [arn, partition2, service, region, accountId, ...resourcePath] = segments; - if (arn !== "arn" || partition2 === "" || service === "" || resourcePath.join(ARN_DELIMITER) === "") return null; - const resourceId = resourcePath.map((resource) => resource.split(RESOURCE_DELIMITER)).flat(); - return { - partition: partition2, - service, - region, - accountId, - resourceId - }; -}, "parseArn"); - -// src/lib/aws/partitions.json -var partitions_default = { - partitions: [{ - id: "aws", - outputs: { - dnsSuffix: "amazonaws.com", - dualStackDnsSuffix: "api.aws", - implicitGlobalRegion: "us-east-1", - name: "aws", - supportsDualStack: true, - supportsFIPS: true - }, - regionRegex: "^(us|eu|ap|sa|ca|me|af|il|mx)\\-\\w+\\-\\d+$", - regions: { - "af-south-1": { - description: "Africa (Cape Town)" - }, - "ap-east-1": { - description: "Asia Pacific (Hong Kong)" - }, - "ap-northeast-1": { - description: "Asia Pacific (Tokyo)" - }, - "ap-northeast-2": { - description: "Asia Pacific (Seoul)" - }, - "ap-northeast-3": { - description: "Asia Pacific (Osaka)" - }, - "ap-south-1": { - description: "Asia Pacific (Mumbai)" - }, - "ap-south-2": { - description: "Asia Pacific (Hyderabad)" - }, - "ap-southeast-1": { - description: "Asia Pacific (Singapore)" - }, - "ap-southeast-2": { - description: "Asia Pacific (Sydney)" - }, - "ap-southeast-3": { - description: "Asia Pacific (Jakarta)" - }, - "ap-southeast-4": { - description: "Asia Pacific (Melbourne)" - }, - "ap-southeast-5": { - description: "Asia Pacific (Malaysia)" - }, - "ap-southeast-7": { - description: "Asia Pacific (Thailand)" - }, - "aws-global": { - description: "AWS Standard global region" - }, - "ca-central-1": { - description: "Canada (Central)" - }, - "ca-west-1": { - description: "Canada West (Calgary)" - }, - "eu-central-1": { - description: "Europe (Frankfurt)" - }, - "eu-central-2": { - description: "Europe (Zurich)" - }, - "eu-north-1": { - description: "Europe (Stockholm)" - }, - "eu-south-1": { - description: "Europe (Milan)" - }, - "eu-south-2": { - description: "Europe (Spain)" - }, - "eu-west-1": { - description: "Europe (Ireland)" - }, - "eu-west-2": { - description: "Europe (London)" - }, - "eu-west-3": { - description: "Europe (Paris)" - }, - "il-central-1": { - description: "Israel (Tel Aviv)" - }, - "me-central-1": { - description: "Middle East (UAE)" - }, - "me-south-1": { - description: "Middle East (Bahrain)" - }, - "mx-central-1": { - description: "Mexico (Central)" - }, - "sa-east-1": { - description: "South America (Sao Paulo)" - }, - "us-east-1": { - description: "US East (N. Virginia)" - }, - "us-east-2": { - description: "US East (Ohio)" - }, - "us-west-1": { - description: "US West (N. California)" - }, - "us-west-2": { - description: "US West (Oregon)" - } - } - }, { - id: "aws-cn", - outputs: { - dnsSuffix: "amazonaws.com.cn", - dualStackDnsSuffix: "api.amazonwebservices.com.cn", - implicitGlobalRegion: "cn-northwest-1", - name: "aws-cn", - supportsDualStack: true, - supportsFIPS: true - }, - regionRegex: "^cn\\-\\w+\\-\\d+$", - regions: { - "aws-cn-global": { - description: "AWS China global region" - }, - "cn-north-1": { - description: "China (Beijing)" - }, - "cn-northwest-1": { - description: "China (Ningxia)" - } - } - }, { - id: "aws-us-gov", - outputs: { - dnsSuffix: "amazonaws.com", - dualStackDnsSuffix: "api.aws", - implicitGlobalRegion: "us-gov-west-1", - name: "aws-us-gov", - supportsDualStack: true, - supportsFIPS: true - }, - regionRegex: "^us\\-gov\\-\\w+\\-\\d+$", - regions: { - "aws-us-gov-global": { - description: "AWS GovCloud (US) global region" - }, - "us-gov-east-1": { - description: "AWS GovCloud (US-East)" - }, - "us-gov-west-1": { - description: "AWS GovCloud (US-West)" - } - } - }, { - id: "aws-iso", - outputs: { - dnsSuffix: "c2s.ic.gov", - dualStackDnsSuffix: "c2s.ic.gov", - implicitGlobalRegion: "us-iso-east-1", - name: "aws-iso", - supportsDualStack: false, - supportsFIPS: true - }, - regionRegex: "^us\\-iso\\-\\w+\\-\\d+$", - regions: { - "aws-iso-global": { - description: "AWS ISO (US) global region" - }, - "us-iso-east-1": { - description: "US ISO East" - }, - "us-iso-west-1": { - description: "US ISO WEST" - } - } - }, { - id: "aws-iso-b", - outputs: { - dnsSuffix: "sc2s.sgov.gov", - dualStackDnsSuffix: "sc2s.sgov.gov", - implicitGlobalRegion: "us-isob-east-1", - name: "aws-iso-b", - supportsDualStack: false, - supportsFIPS: true - }, - regionRegex: "^us\\-isob\\-\\w+\\-\\d+$", - regions: { - "aws-iso-b-global": { - description: "AWS ISOB (US) global region" - }, - "us-isob-east-1": { - description: "US ISOB East (Ohio)" - } - } - }, { - id: "aws-iso-e", - outputs: { - dnsSuffix: "cloud.adc-e.uk", - dualStackDnsSuffix: "cloud.adc-e.uk", - implicitGlobalRegion: "eu-isoe-west-1", - name: "aws-iso-e", - supportsDualStack: false, - supportsFIPS: true - }, - regionRegex: "^eu\\-isoe\\-\\w+\\-\\d+$", - regions: { - "aws-iso-e-global": { - description: "AWS ISOE (Europe) global region" - }, - "eu-isoe-west-1": { - description: "EU ISOE West" - } - } - }, { - id: "aws-iso-f", - outputs: { - dnsSuffix: "csp.hci.ic.gov", - dualStackDnsSuffix: "csp.hci.ic.gov", - implicitGlobalRegion: "us-isof-south-1", - name: "aws-iso-f", - supportsDualStack: false, - supportsFIPS: true - }, - regionRegex: "^us\\-isof\\-\\w+\\-\\d+$", - regions: { - "aws-iso-f-global": { - description: "AWS ISOF global region" - }, - "us-isof-east-1": { - description: "US ISOF EAST" - }, - "us-isof-south-1": { - description: "US ISOF SOUTH" - } - } - }, { - id: "aws-eusc", - outputs: { - dnsSuffix: "amazonaws.eu", - dualStackDnsSuffix: "amazonaws.eu", - implicitGlobalRegion: "eusc-de-east-1", - name: "aws-eusc", - supportsDualStack: false, - supportsFIPS: true - }, - regionRegex: "^eusc\\-(de)\\-\\w+\\-\\d+$", - regions: { - "eusc-de-east-1": { - description: "EU (Germany)" - } - } - }], - version: "1.1" -}; - -// src/lib/aws/partition.ts -var selectedPartitionsInfo = partitions_default; -var selectedUserAgentPrefix = ""; -var partition = /* @__PURE__ */ __name((value) => { - const { partitions } = selectedPartitionsInfo; - for (const partition2 of partitions) { - const { regions, outputs } = partition2; - for (const [region, regionData] of Object.entries(regions)) { - if (region === value) { - return { - ...outputs, - ...regionData - }; - } - } - } - for (const partition2 of partitions) { - const { regionRegex, outputs } = partition2; - if (new RegExp(regionRegex).test(value)) { - return { - ...outputs - }; - } - } - const DEFAULT_PARTITION = partitions.find((partition2) => partition2.id === "aws"); - if (!DEFAULT_PARTITION) { - throw new Error( - "Provided region was not found in the partition array or regex, and default partition with id 'aws' doesn't exist." - ); - } - return { - ...DEFAULT_PARTITION.outputs - }; -}, "partition"); -var setPartitionInfo = /* @__PURE__ */ __name((partitionsInfo, userAgentPrefix = "") => { - selectedPartitionsInfo = partitionsInfo; - selectedUserAgentPrefix = userAgentPrefix; -}, "setPartitionInfo"); -var useDefaultPartitionInfo = /* @__PURE__ */ __name(() => { - setPartitionInfo(partitions_default, ""); -}, "useDefaultPartitionInfo"); -var getUserAgentPrefix = /* @__PURE__ */ __name(() => selectedUserAgentPrefix, "getUserAgentPrefix"); - -// src/aws.ts -var awsEndpointFunctions = { - isVirtualHostableS3Bucket, - parseArn, - partition +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.getRuntimeConfig = void 0; +const tslib_1 = __nccwpck_require__(4351); +const package_json_1 = tslib_1.__importDefault(__nccwpck_require__(8842)); +const core_1 = __nccwpck_require__(9963); +const util_user_agent_node_1 = __nccwpck_require__(8095); +const config_resolver_1 = __nccwpck_require__(3098); +const hash_node_1 = __nccwpck_require__(3081); +const middleware_retry_1 = __nccwpck_require__(6039); +const node_config_provider_1 = __nccwpck_require__(3461); +const node_http_handler_1 = __nccwpck_require__(258); +const util_body_length_node_1 = __nccwpck_require__(8075); +const util_retry_1 = __nccwpck_require__(4902); +const runtimeConfig_shared_1 = __nccwpck_require__(9513); +const smithy_client_1 = __nccwpck_require__(3570); +const util_defaults_mode_node_1 = __nccwpck_require__(2429); +const smithy_client_2 = __nccwpck_require__(3570); +const getRuntimeConfig = (config) => { + (0, smithy_client_2.emitWarningIfUnsupportedVersion)(process.version); + const defaultsMode = (0, util_defaults_mode_node_1.resolveDefaultsModeConfig)(config); + const defaultConfigProvider = () => defaultsMode().then(smithy_client_1.loadConfigsForDefaultMode); + const clientSharedValues = (0, runtimeConfig_shared_1.getRuntimeConfig)(config); + (0, core_1.emitWarningIfUnsupportedVersion)(process.version); + const loaderConfig = { + profile: config?.profile, + logger: clientSharedValues.logger, + }; + return { + ...clientSharedValues, + ...config, + runtime: "node", + defaultsMode, + authSchemePreference: config?.authSchemePreference ?? (0, node_config_provider_1.loadConfig)(core_1.NODE_AUTH_SCHEME_PREFERENCE_OPTIONS, loaderConfig), + bodyLengthChecker: config?.bodyLengthChecker ?? util_body_length_node_1.calculateBodyLength, + defaultUserAgentProvider: config?.defaultUserAgentProvider ?? + (0, util_user_agent_node_1.createDefaultUserAgentProvider)({ serviceId: clientSharedValues.serviceId, clientVersion: package_json_1.default.version }), + maxAttempts: config?.maxAttempts ?? (0, node_config_provider_1.loadConfig)(middleware_retry_1.NODE_MAX_ATTEMPT_CONFIG_OPTIONS, config), + region: config?.region ?? + (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_REGION_CONFIG_OPTIONS, { ...config_resolver_1.NODE_REGION_CONFIG_FILE_OPTIONS, ...loaderConfig }), + requestHandler: node_http_handler_1.NodeHttpHandler.create(config?.requestHandler ?? defaultConfigProvider), + retryMode: config?.retryMode ?? + (0, node_config_provider_1.loadConfig)({ + ...middleware_retry_1.NODE_RETRY_MODE_CONFIG_OPTIONS, + default: async () => (await defaultConfigProvider()).retryMode || util_retry_1.DEFAULT_RETRY_MODE, + }, config), + sha256: config?.sha256 ?? hash_node_1.Hash.bind(null, "sha256"), + streamCollector: config?.streamCollector ?? node_http_handler_1.streamCollector, + useDualstackEndpoint: config?.useDualstackEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS, loaderConfig), + useFipsEndpoint: config?.useFipsEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS, loaderConfig), + userAgentAppId: config?.userAgentAppId ?? (0, node_config_provider_1.loadConfig)(util_user_agent_node_1.NODE_APP_ID_CONFIG_OPTIONS, loaderConfig), + }; }; -import_util_endpoints.customEndpointFunctions.aws = awsEndpointFunctions; - -// src/resolveEndpoint.ts +exports.getRuntimeConfig = getRuntimeConfig; -// src/types/EndpointError.ts +/***/ }), +/***/ 9513: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { -// src/types/EndpointRuleObject.ts +"use strict"; +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.getRuntimeConfig = void 0; +const core_1 = __nccwpck_require__(9963); +const core_2 = __nccwpck_require__(5829); +const smithy_client_1 = __nccwpck_require__(3570); +const url_parser_1 = __nccwpck_require__(4681); +const util_base64_1 = __nccwpck_require__(5600); +const util_utf8_1 = __nccwpck_require__(1895); +const httpAuthSchemeProvider_1 = __nccwpck_require__(9414); +const endpointResolver_1 = __nccwpck_require__(5); +const getRuntimeConfig = (config) => { + return { + apiVersion: "2019-06-10", + base64Decoder: config?.base64Decoder ?? util_base64_1.fromBase64, + base64Encoder: config?.base64Encoder ?? util_base64_1.toBase64, + disableHostPrefix: config?.disableHostPrefix ?? false, + endpointProvider: config?.endpointProvider ?? endpointResolver_1.defaultEndpointResolver, + extensions: config?.extensions ?? [], + httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? httpAuthSchemeProvider_1.defaultSSOOIDCHttpAuthSchemeProvider, + httpAuthSchemes: config?.httpAuthSchemes ?? [ + { + schemeId: "aws.auth#sigv4", + identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4"), + signer: new core_1.AwsSdkSigV4Signer(), + }, + { + schemeId: "smithy.api#noAuth", + identityProvider: (ipc) => ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})), + signer: new core_2.NoAuthSigner(), + }, + ], + logger: config?.logger ?? new smithy_client_1.NoOpLogger(), + serviceId: config?.serviceId ?? "SSO OIDC", + urlParser: config?.urlParser ?? url_parser_1.parseUrl, + utf8Decoder: config?.utf8Decoder ?? util_utf8_1.fromUtf8, + utf8Encoder: config?.utf8Encoder ?? util_utf8_1.toUtf8, + }; +}; +exports.getRuntimeConfig = getRuntimeConfig; -// src/types/ErrorRuleObject.ts +/***/ }), -// src/types/RuleSetObject.ts +/***/ 8974: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { +"use strict"; -// src/types/TreeRuleObject.ts +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.STSClient = exports.__Client = void 0; +const middleware_host_header_1 = __nccwpck_require__(2545); +const middleware_logger_1 = __nccwpck_require__(14); +const middleware_recursion_detection_1 = __nccwpck_require__(5525); +const middleware_user_agent_1 = __nccwpck_require__(4688); +const config_resolver_1 = __nccwpck_require__(3098); +const core_1 = __nccwpck_require__(5829); +const middleware_content_length_1 = __nccwpck_require__(2800); +const middleware_endpoint_1 = __nccwpck_require__(2918); +const middleware_retry_1 = __nccwpck_require__(6039); +const smithy_client_1 = __nccwpck_require__(3570); +Object.defineProperty(exports, "__Client", ({ enumerable: true, get: function () { return smithy_client_1.Client; } })); +const httpAuthSchemeProvider_1 = __nccwpck_require__(8013); +const EndpointParameters_1 = __nccwpck_require__(1765); +const runtimeConfig_1 = __nccwpck_require__(1798); +const runtimeExtensions_1 = __nccwpck_require__(669); +class STSClient extends smithy_client_1.Client { + config; + constructor(...[configuration]) { + const _config_0 = (0, runtimeConfig_1.getRuntimeConfig)(configuration || {}); + super(_config_0); + this.initConfig = _config_0; + const _config_1 = (0, EndpointParameters_1.resolveClientEndpointParameters)(_config_0); + const _config_2 = (0, middleware_user_agent_1.resolveUserAgentConfig)(_config_1); + const _config_3 = (0, middleware_retry_1.resolveRetryConfig)(_config_2); + const _config_4 = (0, config_resolver_1.resolveRegionConfig)(_config_3); + const _config_5 = (0, middleware_host_header_1.resolveHostHeaderConfig)(_config_4); + const _config_6 = (0, middleware_endpoint_1.resolveEndpointConfig)(_config_5); + const _config_7 = (0, httpAuthSchemeProvider_1.resolveHttpAuthSchemeConfig)(_config_6); + const _config_8 = (0, runtimeExtensions_1.resolveRuntimeExtensions)(_config_7, configuration?.extensions || []); + this.config = _config_8; + this.middlewareStack.use((0, middleware_user_agent_1.getUserAgentPlugin)(this.config)); + this.middlewareStack.use((0, middleware_retry_1.getRetryPlugin)(this.config)); + this.middlewareStack.use((0, middleware_content_length_1.getContentLengthPlugin)(this.config)); + this.middlewareStack.use((0, middleware_host_header_1.getHostHeaderPlugin)(this.config)); + this.middlewareStack.use((0, middleware_logger_1.getLoggerPlugin)(this.config)); + this.middlewareStack.use((0, middleware_recursion_detection_1.getRecursionDetectionPlugin)(this.config)); + this.middlewareStack.use((0, core_1.getHttpAuthSchemeEndpointRuleSetPlugin)(this.config, { + httpAuthSchemeParametersProvider: httpAuthSchemeProvider_1.defaultSTSHttpAuthSchemeParametersProvider, + identityProviderConfigProvider: async (config) => new core_1.DefaultIdentityProviderConfig({ + "aws.auth#sigv4": config.credentials, + }), + })); + this.middlewareStack.use((0, core_1.getHttpSigningPlugin)(this.config)); + } + destroy() { + super.destroy(); + } +} +exports.STSClient = STSClient; -// src/types/shared.ts +/***/ }), -// Annotate the CommonJS export names for ESM import in node: +/***/ 4935: +/***/ ((__unused_webpack_module, exports) => { -0 && (0); +"use strict"; +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.resolveHttpAuthRuntimeConfig = exports.getHttpAuthExtensionConfiguration = void 0; +const getHttpAuthExtensionConfiguration = (runtimeConfig) => { + const _httpAuthSchemes = runtimeConfig.httpAuthSchemes; + let _httpAuthSchemeProvider = runtimeConfig.httpAuthSchemeProvider; + let _credentials = runtimeConfig.credentials; + return { + setHttpAuthScheme(httpAuthScheme) { + const index = _httpAuthSchemes.findIndex((scheme) => scheme.schemeId === httpAuthScheme.schemeId); + if (index === -1) { + _httpAuthSchemes.push(httpAuthScheme); + } + else { + _httpAuthSchemes.splice(index, 1, httpAuthScheme); + } + }, + httpAuthSchemes() { + return _httpAuthSchemes; + }, + setHttpAuthSchemeProvider(httpAuthSchemeProvider) { + _httpAuthSchemeProvider = httpAuthSchemeProvider; + }, + httpAuthSchemeProvider() { + return _httpAuthSchemeProvider; + }, + setCredentials(credentials) { + _credentials = credentials; + }, + credentials() { + return _credentials; + }, + }; +}; +exports.getHttpAuthExtensionConfiguration = getHttpAuthExtensionConfiguration; +const resolveHttpAuthRuntimeConfig = (config) => { + return { + httpAuthSchemes: config.httpAuthSchemes(), + httpAuthSchemeProvider: config.httpAuthSchemeProvider(), + credentials: config.credentials(), + }; +}; +exports.resolveHttpAuthRuntimeConfig = resolveHttpAuthRuntimeConfig; /***/ }), -/***/ 8095: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +/***/ 8013: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.resolveHttpAuthSchemeConfig = exports.resolveStsAuthConfig = exports.defaultSTSHttpAuthSchemeProvider = exports.defaultSTSHttpAuthSchemeParametersProvider = void 0; +const core_1 = __nccwpck_require__(9963); +const util_middleware_1 = __nccwpck_require__(2390); +const STSClient_1 = __nccwpck_require__(8974); +const defaultSTSHttpAuthSchemeParametersProvider = async (config, context, input) => { + return { + operation: (0, util_middleware_1.getSmithyContext)(context).operation, + region: (await (0, util_middleware_1.normalizeProvider)(config.region)()) || + (() => { + throw new Error("expected `region` to be configured for `aws.auth#sigv4`"); + })(), + }; }; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; +exports.defaultSTSHttpAuthSchemeParametersProvider = defaultSTSHttpAuthSchemeParametersProvider; +function createAwsAuthSigv4HttpAuthOption(authParameters) { + return { + schemeId: "aws.auth#sigv4", + signingProperties: { + name: "sts", + region: authParameters.region, + }, + propertiesExtractor: (config, context) => ({ + signingProperties: { + config, + context, + }, + }), + }; +} +function createSmithyApiNoAuthHttpAuthOption(authParameters) { + return { + schemeId: "smithy.api#noAuth", + }; +} +const defaultSTSHttpAuthSchemeProvider = (authParameters) => { + const options = []; + switch (authParameters.operation) { + case "AssumeRoleWithWebIdentity": { + options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); + break; + } + default: { + options.push(createAwsAuthSigv4HttpAuthOption(authParameters)); + } + } + return options; }; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - NODE_APP_ID_CONFIG_OPTIONS: () => NODE_APP_ID_CONFIG_OPTIONS, - UA_APP_ID_ENV_NAME: () => UA_APP_ID_ENV_NAME, - UA_APP_ID_INI_NAME: () => UA_APP_ID_INI_NAME, - createDefaultUserAgentProvider: () => createDefaultUserAgentProvider, - crtAvailability: () => crtAvailability, - defaultUserAgent: () => defaultUserAgent +exports.defaultSTSHttpAuthSchemeProvider = defaultSTSHttpAuthSchemeProvider; +const resolveStsAuthConfig = (input) => Object.assign(input, { + stsClientCtor: STSClient_1.STSClient, }); -module.exports = __toCommonJS(index_exports); - -// src/defaultUserAgent.ts -var import_os = __nccwpck_require__(2037); -var import_process = __nccwpck_require__(7282); - -// src/crt-availability.ts -var crtAvailability = { - isCrtAvailable: false +exports.resolveStsAuthConfig = resolveStsAuthConfig; +const resolveHttpAuthSchemeConfig = (config) => { + const config_0 = (0, exports.resolveStsAuthConfig)(config); + const config_1 = (0, core_1.resolveAwsSdkSigV4Config)(config_0); + return Object.assign(config_1, { + authSchemePreference: (0, util_middleware_1.normalizeProvider)(config.authSchemePreference ?? []), + }); }; +exports.resolveHttpAuthSchemeConfig = resolveHttpAuthSchemeConfig; -// src/is-crt-available.ts -var isCrtAvailable = /* @__PURE__ */ __name(() => { - if (crtAvailability.isCrtAvailable) { - return ["md/crt-avail"]; - } - return null; -}, "isCrtAvailable"); -// src/defaultUserAgent.ts -var createDefaultUserAgentProvider = /* @__PURE__ */ __name(({ serviceId, clientVersion }) => { - return async (config) => { - const sections = [ - // sdk-metadata - ["aws-sdk-js", clientVersion], - // ua-metadata - ["ua", "2.1"], - // os-metadata - [`os/${(0, import_os.platform)()}`, (0, import_os.release)()], - // language-metadata - // ECMAScript edition doesn't matter in JS, so no version needed. - ["lang/js"], - ["md/nodejs", `${import_process.versions.node}`] - ]; - const crtAvailable = isCrtAvailable(); - if (crtAvailable) { - sections.push(crtAvailable); - } - if (serviceId) { - sections.push([`api/${serviceId}`, clientVersion]); - } - if (import_process.env.AWS_EXECUTION_ENV) { - sections.push([`exec-env/${import_process.env.AWS_EXECUTION_ENV}`]); - } - const appId = await config?.userAgentAppId?.(); - const resolvedUserAgent = appId ? [...sections, [`app/${appId}`]] : [...sections]; - return resolvedUserAgent; - }; -}, "createDefaultUserAgentProvider"); -var defaultUserAgent = createDefaultUserAgentProvider; +/***/ }), -// src/nodeAppIdConfigOptions.ts -var import_middleware_user_agent = __nccwpck_require__(4688); -var UA_APP_ID_ENV_NAME = "AWS_SDK_UA_APP_ID"; -var UA_APP_ID_INI_NAME = "sdk_ua_app_id"; -var UA_APP_ID_INI_NAME_DEPRECATED = "sdk-ua-app-id"; -var NODE_APP_ID_CONFIG_OPTIONS = { - environmentVariableSelector: /* @__PURE__ */ __name((env2) => env2[UA_APP_ID_ENV_NAME], "environmentVariableSelector"), - configFileSelector: /* @__PURE__ */ __name((profile) => profile[UA_APP_ID_INI_NAME] ?? profile[UA_APP_ID_INI_NAME_DEPRECATED], "configFileSelector"), - default: import_middleware_user_agent.DEFAULT_UA_APP_ID -}; -// Annotate the CommonJS export names for ESM import in node: +/***/ 1765: +/***/ ((__unused_webpack_module, exports) => { -0 && (0); +"use strict"; +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.commonParams = exports.resolveClientEndpointParameters = void 0; +const resolveClientEndpointParameters = (options) => { + return Object.assign(options, { + useDualstackEndpoint: options.useDualstackEndpoint ?? false, + useFipsEndpoint: options.useFipsEndpoint ?? false, + useGlobalEndpoint: options.useGlobalEndpoint ?? false, + defaultSigningName: "sts", + }); +}; +exports.resolveClientEndpointParameters = resolveClientEndpointParameters; +exports.commonParams = { + UseGlobalEndpoint: { type: "builtInParams", name: "useGlobalEndpoint" }, + UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, + Endpoint: { type: "builtInParams", name: "endpoint" }, + Region: { type: "builtInParams", name: "region" }, + UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" }, +}; /***/ }), -/***/ 2329: -/***/ ((module) => { +/***/ 7561: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - XmlNode: () => XmlNode, - XmlText: () => XmlText +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.defaultEndpointResolver = void 0; +const util_endpoints_1 = __nccwpck_require__(3350); +const util_endpoints_2 = __nccwpck_require__(5473); +const ruleset_1 = __nccwpck_require__(9127); +const cache = new util_endpoints_2.EndpointCache({ + size: 50, + params: ["Endpoint", "Region", "UseDualStack", "UseFIPS", "UseGlobalEndpoint"], }); -module.exports = __toCommonJS(index_exports); - -// src/escape-attribute.ts -function escapeAttribute(value) { - return value.replace(/&/g, "&").replace(//g, ">").replace(/"/g, """); -} -__name(escapeAttribute, "escapeAttribute"); +const defaultEndpointResolver = (endpointParams, context = {}) => { + return cache.get(endpointParams, () => (0, util_endpoints_2.resolveEndpoint)(ruleset_1.ruleSet, { + endpointParams: endpointParams, + logger: context.logger, + })); +}; +exports.defaultEndpointResolver = defaultEndpointResolver; +util_endpoints_2.customEndpointFunctions.aws = util_endpoints_1.awsEndpointFunctions; -// src/escape-element.ts -function escapeElement(value) { - return value.replace(/&/g, "&").replace(/"/g, """).replace(/'/g, "'").replace(//g, ">").replace(/\r/g, " ").replace(/\n/g, " ").replace(/\u0085/g, "…").replace(/\u2028/, " "); -} -__name(escapeElement, "escapeElement"); -// src/XmlText.ts -var XmlText = class { - constructor(value) { - this.value = value; - } - static { - __name(this, "XmlText"); - } - toString() { - return escapeElement("" + this.value); - } -}; +/***/ }), -// src/XmlNode.ts -var XmlNode = class _XmlNode { - constructor(name, children = []) { - this.name = name; - this.children = children; - } - static { - __name(this, "XmlNode"); - } - attributes = {}; - static of(name, childText, withName) { - const node = new _XmlNode(name); - if (childText !== void 0) { - node.addChildNode(new XmlText(childText)); - } - if (withName !== void 0) { - node.withName(withName); - } - return node; - } - withName(name) { - this.name = name; - return this; - } - addAttribute(name, value) { - this.attributes[name] = value; - return this; - } - addChildNode(child) { - this.children.push(child); - return this; - } - removeAttribute(name) { - delete this.attributes[name]; - return this; - } - /** - * @internal - * Alias of {@link XmlNode#withName(string)} for codegen brevity. - */ - n(name) { - this.name = name; - return this; - } - /** - * @internal - * Alias of {@link XmlNode#addChildNode(string)} for codegen brevity. - */ - c(child) { - this.children.push(child); - return this; - } - /** - * @internal - * Checked version of {@link XmlNode#addAttribute(string)} for codegen brevity. - */ - a(name, value) { - if (value != null) { - this.attributes[name] = value; - } - return this; - } - /** - * Create a child node. - * Used in serialization of string fields. - * @internal - */ - cc(input, field, withName = field) { - if (input[field] != null) { - const node = _XmlNode.of(field, input[field]).withName(withName); - this.c(node); - } - } - /** - * Creates list child nodes. - * @internal - */ - l(input, listName, memberName, valueProvider) { - if (input[listName] != null) { - const nodes = valueProvider(); - nodes.map((node) => { - node.withName(memberName); - this.c(node); - }); - } - } - /** - * Creates list child nodes with container. - * @internal - */ - lc(input, listName, memberName, valueProvider) { - if (input[listName] != null) { - const nodes = valueProvider(); - const containerNode = new _XmlNode(memberName); - nodes.map((node) => { - containerNode.c(node); - }); - this.c(containerNode); - } - } - toString() { - const hasChildren = Boolean(this.children.length); - let xmlText = `<${this.name}`; - const attributes = this.attributes; - for (const attributeName of Object.keys(attributes)) { - const attribute = attributes[attributeName]; - if (attribute != null) { - xmlText += ` ${attributeName}="${escapeAttribute("" + attribute)}"`; - } - } - return xmlText += !hasChildren ? "/>" : `>${this.children.map((c) => c.toString()).join("")}`; - } -}; -// Annotate the CommonJS export names for ESM import in node: +/***/ 9127: +/***/ ((__unused_webpack_module, exports) => { -0 && (0); +"use strict"; +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.ruleSet = void 0; +const F = "required", G = "type", H = "fn", I = "argv", J = "ref"; +const a = false, b = true, c = "booleanEquals", d = "stringEquals", e = "sigv4", f = "sts", g = "us-east-1", h = "endpoint", i = "https://sts.{Region}.{PartitionResult#dnsSuffix}", j = "tree", k = "error", l = "getAttr", m = { [F]: false, [G]: "String" }, n = { [F]: true, "default": false, [G]: "Boolean" }, o = { [J]: "Endpoint" }, p = { [H]: "isSet", [I]: [{ [J]: "Region" }] }, q = { [J]: "Region" }, r = { [H]: "aws.partition", [I]: [q], "assign": "PartitionResult" }, s = { [J]: "UseFIPS" }, t = { [J]: "UseDualStack" }, u = { "url": "https://sts.amazonaws.com", "properties": { "authSchemes": [{ "name": e, "signingName": f, "signingRegion": g }] }, "headers": {} }, v = {}, w = { "conditions": [{ [H]: d, [I]: [q, "aws-global"] }], [h]: u, [G]: h }, x = { [H]: c, [I]: [s, true] }, y = { [H]: c, [I]: [t, true] }, z = { [H]: l, [I]: [{ [J]: "PartitionResult" }, "supportsFIPS"] }, A = { [J]: "PartitionResult" }, B = { [H]: c, [I]: [true, { [H]: l, [I]: [A, "supportsDualStack"] }] }, C = [{ [H]: "isSet", [I]: [o] }], D = [x], E = [y]; +const _data = { version: "1.0", parameters: { Region: m, UseDualStack: n, UseFIPS: n, Endpoint: m, UseGlobalEndpoint: n }, rules: [{ conditions: [{ [H]: c, [I]: [{ [J]: "UseGlobalEndpoint" }, b] }, { [H]: "not", [I]: C }, p, r, { [H]: c, [I]: [s, a] }, { [H]: c, [I]: [t, a] }], rules: [{ conditions: [{ [H]: d, [I]: [q, "ap-northeast-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "ap-south-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "ap-southeast-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "ap-southeast-2"] }], endpoint: u, [G]: h }, w, { conditions: [{ [H]: d, [I]: [q, "ca-central-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-central-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-north-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-west-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-west-2"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-west-3"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "sa-east-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, g] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "us-east-2"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "us-west-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "us-west-2"] }], endpoint: u, [G]: h }, { endpoint: { url: i, properties: { authSchemes: [{ name: e, signingName: f, signingRegion: "{Region}" }] }, headers: v }, [G]: h }], [G]: j }, { conditions: C, rules: [{ conditions: D, error: "Invalid Configuration: FIPS and custom endpoint are not supported", [G]: k }, { conditions: E, error: "Invalid Configuration: Dualstack and custom endpoint are not supported", [G]: k }, { endpoint: { url: o, properties: v, headers: v }, [G]: h }], [G]: j }, { conditions: [p], rules: [{ conditions: [r], rules: [{ conditions: [x, y], rules: [{ conditions: [{ [H]: c, [I]: [b, z] }, B], rules: [{ endpoint: { url: "https://sts-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: v, headers: v }, [G]: h }], [G]: j }, { error: "FIPS and DualStack are enabled, but this partition does not support one or both", [G]: k }], [G]: j }, { conditions: D, rules: [{ conditions: [{ [H]: c, [I]: [z, b] }], rules: [{ conditions: [{ [H]: d, [I]: [{ [H]: l, [I]: [A, "name"] }, "aws-us-gov"] }], endpoint: { url: "https://sts.{Region}.amazonaws.com", properties: v, headers: v }, [G]: h }, { endpoint: { url: "https://sts-fips.{Region}.{PartitionResult#dnsSuffix}", properties: v, headers: v }, [G]: h }], [G]: j }, { error: "FIPS is enabled but this partition does not support FIPS", [G]: k }], [G]: j }, { conditions: E, rules: [{ conditions: [B], rules: [{ endpoint: { url: "https://sts.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: v, headers: v }, [G]: h }], [G]: j }, { error: "DualStack is enabled but this partition does not support DualStack", [G]: k }], [G]: j }, w, { endpoint: { url: i, properties: v, headers: v }, [G]: h }], [G]: j }], [G]: j }, { error: "Invalid Configuration: Missing Region", [G]: k }] }; +exports.ruleSet = _data; /***/ }), -/***/ 3098: +/***/ 2273: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + var __defProp = Object.defineProperty; var __getOwnPropDesc = Object.getOwnPropertyDescriptor; var __getOwnPropNames = Object.getOwnPropertyNames; @@ -56909,649 +41836,1077 @@ var __copyProps = (to, from, except, desc) => { } return to; }; +var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default")); var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -// src/index.ts -var src_exports = {}; -__export(src_exports, { - CONFIG_USE_DUALSTACK_ENDPOINT: () => CONFIG_USE_DUALSTACK_ENDPOINT, - CONFIG_USE_FIPS_ENDPOINT: () => CONFIG_USE_FIPS_ENDPOINT, - DEFAULT_USE_DUALSTACK_ENDPOINT: () => DEFAULT_USE_DUALSTACK_ENDPOINT, - DEFAULT_USE_FIPS_ENDPOINT: () => DEFAULT_USE_FIPS_ENDPOINT, - ENV_USE_DUALSTACK_ENDPOINT: () => ENV_USE_DUALSTACK_ENDPOINT, - ENV_USE_FIPS_ENDPOINT: () => ENV_USE_FIPS_ENDPOINT, - NODE_REGION_CONFIG_FILE_OPTIONS: () => NODE_REGION_CONFIG_FILE_OPTIONS, - NODE_REGION_CONFIG_OPTIONS: () => NODE_REGION_CONFIG_OPTIONS, - NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS: () => NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS, - NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS: () => NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS, - REGION_ENV_NAME: () => REGION_ENV_NAME, - REGION_INI_NAME: () => REGION_INI_NAME, - getRegionInfo: () => getRegionInfo, - resolveCustomEndpointsConfig: () => resolveCustomEndpointsConfig, - resolveEndpointsConfig: () => resolveEndpointsConfig, - resolveRegionConfig: () => resolveRegionConfig +// src/submodules/sts/index.ts +var index_exports = {}; +__export(index_exports, { + AssumeRoleCommand: () => AssumeRoleCommand, + AssumeRoleResponseFilterSensitiveLog: () => AssumeRoleResponseFilterSensitiveLog, + AssumeRoleWithWebIdentityCommand: () => AssumeRoleWithWebIdentityCommand, + AssumeRoleWithWebIdentityRequestFilterSensitiveLog: () => AssumeRoleWithWebIdentityRequestFilterSensitiveLog, + AssumeRoleWithWebIdentityResponseFilterSensitiveLog: () => AssumeRoleWithWebIdentityResponseFilterSensitiveLog, + ClientInputEndpointParameters: () => import_EndpointParameters3.ClientInputEndpointParameters, + CredentialsFilterSensitiveLog: () => CredentialsFilterSensitiveLog, + ExpiredTokenException: () => ExpiredTokenException, + IDPCommunicationErrorException: () => IDPCommunicationErrorException, + IDPRejectedClaimException: () => IDPRejectedClaimException, + InvalidIdentityTokenException: () => InvalidIdentityTokenException, + MalformedPolicyDocumentException: () => MalformedPolicyDocumentException, + PackedPolicyTooLargeException: () => PackedPolicyTooLargeException, + RegionDisabledException: () => RegionDisabledException, + STS: () => STS, + STSServiceException: () => STSServiceException, + decorateDefaultCredentialProvider: () => decorateDefaultCredentialProvider, + getDefaultRoleAssumer: () => getDefaultRoleAssumer2, + getDefaultRoleAssumerWithWebIdentity: () => getDefaultRoleAssumerWithWebIdentity2 }); -module.exports = __toCommonJS(src_exports); - -// src/endpointsConfig/NodeUseDualstackEndpointConfigOptions.ts -var import_util_config_provider = __nccwpck_require__(3375); -var ENV_USE_DUALSTACK_ENDPOINT = "AWS_USE_DUALSTACK_ENDPOINT"; -var CONFIG_USE_DUALSTACK_ENDPOINT = "use_dualstack_endpoint"; -var DEFAULT_USE_DUALSTACK_ENDPOINT = false; -var NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS = { - environmentVariableSelector: (env) => (0, import_util_config_provider.booleanSelector)(env, ENV_USE_DUALSTACK_ENDPOINT, import_util_config_provider.SelectorType.ENV), - configFileSelector: (profile) => (0, import_util_config_provider.booleanSelector)(profile, CONFIG_USE_DUALSTACK_ENDPOINT, import_util_config_provider.SelectorType.CONFIG), - default: false -}; - -// src/endpointsConfig/NodeUseFipsEndpointConfigOptions.ts - -var ENV_USE_FIPS_ENDPOINT = "AWS_USE_FIPS_ENDPOINT"; -var CONFIG_USE_FIPS_ENDPOINT = "use_fips_endpoint"; -var DEFAULT_USE_FIPS_ENDPOINT = false; -var NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS = { - environmentVariableSelector: (env) => (0, import_util_config_provider.booleanSelector)(env, ENV_USE_FIPS_ENDPOINT, import_util_config_provider.SelectorType.ENV), - configFileSelector: (profile) => (0, import_util_config_provider.booleanSelector)(profile, CONFIG_USE_FIPS_ENDPOINT, import_util_config_provider.SelectorType.CONFIG), - default: false -}; +module.exports = __toCommonJS(index_exports); +__reExport(index_exports, __nccwpck_require__(8974), module.exports); -// src/endpointsConfig/resolveCustomEndpointsConfig.ts -var import_util_middleware = __nccwpck_require__(2390); -var resolveCustomEndpointsConfig = /* @__PURE__ */ __name((input) => { - const { tls, endpoint, urlParser, useDualstackEndpoint } = input; - return Object.assign(input, { - tls: tls ?? true, - endpoint: (0, import_util_middleware.normalizeProvider)(typeof endpoint === "string" ? urlParser(endpoint) : endpoint), - isCustomEndpoint: true, - useDualstackEndpoint: (0, import_util_middleware.normalizeProvider)(useDualstackEndpoint ?? false) - }); -}, "resolveCustomEndpointsConfig"); +// src/submodules/sts/STS.ts +var import_smithy_client6 = __nccwpck_require__(3570); -// src/endpointsConfig/resolveEndpointsConfig.ts +// src/submodules/sts/commands/AssumeRoleCommand.ts +var import_middleware_endpoint = __nccwpck_require__(2918); +var import_middleware_serde = __nccwpck_require__(1238); +var import_smithy_client4 = __nccwpck_require__(3570); +var import_EndpointParameters = __nccwpck_require__(1765); +// src/submodules/sts/models/models_0.ts +var import_smithy_client2 = __nccwpck_require__(3570); -// src/endpointsConfig/utils/getEndpointFromRegion.ts -var getEndpointFromRegion = /* @__PURE__ */ __name(async (input) => { - const { tls = true } = input; - const region = await input.region(); - const dnsHostRegex = new RegExp(/^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]{0,61}[a-zA-Z0-9])$/); - if (!dnsHostRegex.test(region)) { - throw new Error("Invalid region in client config"); +// src/submodules/sts/models/STSServiceException.ts +var import_smithy_client = __nccwpck_require__(3570); +var STSServiceException = class _STSServiceException extends import_smithy_client.ServiceException { + static { + __name(this, "STSServiceException"); } - const useDualstackEndpoint = await input.useDualstackEndpoint(); - const useFipsEndpoint = await input.useFipsEndpoint(); - const { hostname } = await input.regionInfoProvider(region, { useDualstackEndpoint, useFipsEndpoint }) ?? {}; - if (!hostname) { - throw new Error("Cannot resolve hostname from client config"); + /** + * @internal + */ + constructor(options) { + super(options); + Object.setPrototypeOf(this, _STSServiceException.prototype); } - return input.urlParser(`${tls ? "https:" : "http:"}//${hostname}`); -}, "getEndpointFromRegion"); - -// src/endpointsConfig/resolveEndpointsConfig.ts -var resolveEndpointsConfig = /* @__PURE__ */ __name((input) => { - const useDualstackEndpoint = (0, import_util_middleware.normalizeProvider)(input.useDualstackEndpoint ?? false); - const { endpoint, useFipsEndpoint, urlParser, tls } = input; - return Object.assign(input, { - tls: tls ?? true, - endpoint: endpoint ? (0, import_util_middleware.normalizeProvider)(typeof endpoint === "string" ? urlParser(endpoint) : endpoint) : () => getEndpointFromRegion({ ...input, useDualstackEndpoint, useFipsEndpoint }), - isCustomEndpoint: !!endpoint, - useDualstackEndpoint - }); -}, "resolveEndpointsConfig"); +}; -// src/regionConfig/config.ts -var REGION_ENV_NAME = "AWS_REGION"; -var REGION_INI_NAME = "region"; -var NODE_REGION_CONFIG_OPTIONS = { - environmentVariableSelector: (env) => env[REGION_ENV_NAME], - configFileSelector: (profile) => profile[REGION_INI_NAME], - default: () => { - throw new Error("Region is missing"); +// src/submodules/sts/models/models_0.ts +var CredentialsFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.SecretAccessKey && { SecretAccessKey: import_smithy_client2.SENSITIVE_STRING } +}), "CredentialsFilterSensitiveLog"); +var AssumeRoleResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) } +}), "AssumeRoleResponseFilterSensitiveLog"); +var ExpiredTokenException = class _ExpiredTokenException extends STSServiceException { + static { + __name(this, "ExpiredTokenException"); + } + name = "ExpiredTokenException"; + $fault = "client"; + /** + * @internal + */ + constructor(opts) { + super({ + name: "ExpiredTokenException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _ExpiredTokenException.prototype); } }; -var NODE_REGION_CONFIG_FILE_OPTIONS = { - preferredFile: "credentials" +var MalformedPolicyDocumentException = class _MalformedPolicyDocumentException extends STSServiceException { + static { + __name(this, "MalformedPolicyDocumentException"); + } + name = "MalformedPolicyDocumentException"; + $fault = "client"; + /** + * @internal + */ + constructor(opts) { + super({ + name: "MalformedPolicyDocumentException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _MalformedPolicyDocumentException.prototype); + } +}; +var PackedPolicyTooLargeException = class _PackedPolicyTooLargeException extends STSServiceException { + static { + __name(this, "PackedPolicyTooLargeException"); + } + name = "PackedPolicyTooLargeException"; + $fault = "client"; + /** + * @internal + */ + constructor(opts) { + super({ + name: "PackedPolicyTooLargeException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _PackedPolicyTooLargeException.prototype); + } +}; +var RegionDisabledException = class _RegionDisabledException extends STSServiceException { + static { + __name(this, "RegionDisabledException"); + } + name = "RegionDisabledException"; + $fault = "client"; + /** + * @internal + */ + constructor(opts) { + super({ + name: "RegionDisabledException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _RegionDisabledException.prototype); + } +}; +var IDPRejectedClaimException = class _IDPRejectedClaimException extends STSServiceException { + static { + __name(this, "IDPRejectedClaimException"); + } + name = "IDPRejectedClaimException"; + $fault = "client"; + /** + * @internal + */ + constructor(opts) { + super({ + name: "IDPRejectedClaimException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _IDPRejectedClaimException.prototype); + } +}; +var InvalidIdentityTokenException = class _InvalidIdentityTokenException extends STSServiceException { + static { + __name(this, "InvalidIdentityTokenException"); + } + name = "InvalidIdentityTokenException"; + $fault = "client"; + /** + * @internal + */ + constructor(opts) { + super({ + name: "InvalidIdentityTokenException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _InvalidIdentityTokenException.prototype); + } +}; +var AssumeRoleWithWebIdentityRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.WebIdentityToken && { WebIdentityToken: import_smithy_client2.SENSITIVE_STRING } +}), "AssumeRoleWithWebIdentityRequestFilterSensitiveLog"); +var AssumeRoleWithWebIdentityResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) } +}), "AssumeRoleWithWebIdentityResponseFilterSensitiveLog"); +var IDPCommunicationErrorException = class _IDPCommunicationErrorException extends STSServiceException { + static { + __name(this, "IDPCommunicationErrorException"); + } + name = "IDPCommunicationErrorException"; + $fault = "client"; + /** + * @internal + */ + constructor(opts) { + super({ + name: "IDPCommunicationErrorException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _IDPCommunicationErrorException.prototype); + } }; -// src/regionConfig/isFipsRegion.ts -var isFipsRegion = /* @__PURE__ */ __name((region) => typeof region === "string" && (region.startsWith("fips-") || region.endsWith("-fips")), "isFipsRegion"); - -// src/regionConfig/getRealRegion.ts -var getRealRegion = /* @__PURE__ */ __name((region) => isFipsRegion(region) ? ["fips-aws-global", "aws-fips"].includes(region) ? "us-east-1" : region.replace(/fips-(dkr-|prod-)?|-fips/, "") : region, "getRealRegion"); - -// src/regionConfig/resolveRegionConfig.ts -var resolveRegionConfig = /* @__PURE__ */ __name((input) => { - const { region, useFipsEndpoint } = input; - if (!region) { - throw new Error("Region is missing"); +// src/submodules/sts/protocols/Aws_query.ts +var import_core = __nccwpck_require__(9963); +var import_protocol_http = __nccwpck_require__(4418); +var import_smithy_client3 = __nccwpck_require__(3570); +var se_AssumeRoleCommand = /* @__PURE__ */ __name(async (input, context) => { + const headers = SHARED_HEADERS; + let body; + body = buildFormUrlencodedString({ + ...se_AssumeRoleRequest(input, context), + [_A]: _AR, + [_V]: _ + }); + return buildHttpRpcRequest(context, headers, "/", void 0, body); +}, "se_AssumeRoleCommand"); +var se_AssumeRoleWithWebIdentityCommand = /* @__PURE__ */ __name(async (input, context) => { + const headers = SHARED_HEADERS; + let body; + body = buildFormUrlencodedString({ + ...se_AssumeRoleWithWebIdentityRequest(input, context), + [_A]: _ARWWI, + [_V]: _ + }); + return buildHttpRpcRequest(context, headers, "/", void 0, body); +}, "se_AssumeRoleWithWebIdentityCommand"); +var de_AssumeRoleCommand = /* @__PURE__ */ __name(async (output, context) => { + if (output.statusCode >= 300) { + return de_CommandError(output, context); } - return Object.assign(input, { - region: async () => { - if (typeof region === "string") { - return getRealRegion(region); - } - const providedRegion = await region(); - return getRealRegion(providedRegion); - }, - useFipsEndpoint: async () => { - const providedRegion = typeof region === "string" ? region : await region(); - if (isFipsRegion(providedRegion)) { - return true; - } - return typeof useFipsEndpoint !== "function" ? Promise.resolve(!!useFipsEndpoint) : useFipsEndpoint(); - } + const data = await (0, import_core.parseXmlBody)(output.body, context); + let contents = {}; + contents = de_AssumeRoleResponse(data.AssumeRoleResult, context); + const response = { + $metadata: deserializeMetadata(output), + ...contents + }; + return response; +}, "de_AssumeRoleCommand"); +var de_AssumeRoleWithWebIdentityCommand = /* @__PURE__ */ __name(async (output, context) => { + if (output.statusCode >= 300) { + return de_CommandError(output, context); + } + const data = await (0, import_core.parseXmlBody)(output.body, context); + let contents = {}; + contents = de_AssumeRoleWithWebIdentityResponse(data.AssumeRoleWithWebIdentityResult, context); + const response = { + $metadata: deserializeMetadata(output), + ...contents + }; + return response; +}, "de_AssumeRoleWithWebIdentityCommand"); +var de_CommandError = /* @__PURE__ */ __name(async (output, context) => { + const parsedOutput = { + ...output, + body: await (0, import_core.parseXmlErrorBody)(output.body, context) + }; + const errorCode = loadQueryErrorCode(output, parsedOutput.body); + switch (errorCode) { + case "ExpiredTokenException": + case "com.amazonaws.sts#ExpiredTokenException": + throw await de_ExpiredTokenExceptionRes(parsedOutput, context); + case "MalformedPolicyDocument": + case "com.amazonaws.sts#MalformedPolicyDocumentException": + throw await de_MalformedPolicyDocumentExceptionRes(parsedOutput, context); + case "PackedPolicyTooLarge": + case "com.amazonaws.sts#PackedPolicyTooLargeException": + throw await de_PackedPolicyTooLargeExceptionRes(parsedOutput, context); + case "RegionDisabledException": + case "com.amazonaws.sts#RegionDisabledException": + throw await de_RegionDisabledExceptionRes(parsedOutput, context); + case "IDPCommunicationError": + case "com.amazonaws.sts#IDPCommunicationErrorException": + throw await de_IDPCommunicationErrorExceptionRes(parsedOutput, context); + case "IDPRejectedClaim": + case "com.amazonaws.sts#IDPRejectedClaimException": + throw await de_IDPRejectedClaimExceptionRes(parsedOutput, context); + case "InvalidIdentityToken": + case "com.amazonaws.sts#InvalidIdentityTokenException": + throw await de_InvalidIdentityTokenExceptionRes(parsedOutput, context); + default: + const parsedBody = parsedOutput.body; + return throwDefaultError({ + output, + parsedBody: parsedBody.Error, + errorCode + }); + } +}, "de_CommandError"); +var de_ExpiredTokenExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const body = parsedOutput.body; + const deserialized = de_ExpiredTokenException(body.Error, context); + const exception = new ExpiredTokenException({ + $metadata: deserializeMetadata(parsedOutput), + ...deserialized }); -}, "resolveRegionConfig"); - -// src/regionInfo/getHostnameFromVariants.ts -var getHostnameFromVariants = /* @__PURE__ */ __name((variants = [], { useFipsEndpoint, useDualstackEndpoint }) => variants.find( - ({ tags }) => useFipsEndpoint === tags.includes("fips") && useDualstackEndpoint === tags.includes("dualstack") -)?.hostname, "getHostnameFromVariants"); - -// src/regionInfo/getResolvedHostname.ts -var getResolvedHostname = /* @__PURE__ */ __name((resolvedRegion, { regionHostname, partitionHostname }) => regionHostname ? regionHostname : partitionHostname ? partitionHostname.replace("{region}", resolvedRegion) : void 0, "getResolvedHostname"); - -// src/regionInfo/getResolvedPartition.ts -var getResolvedPartition = /* @__PURE__ */ __name((region, { partitionHash }) => Object.keys(partitionHash || {}).find((key) => partitionHash[key].regions.includes(region)) ?? "aws", "getResolvedPartition"); - -// src/regionInfo/getResolvedSigningRegion.ts -var getResolvedSigningRegion = /* @__PURE__ */ __name((hostname, { signingRegion, regionRegex, useFipsEndpoint }) => { - if (signingRegion) { - return signingRegion; - } else if (useFipsEndpoint) { - const regionRegexJs = regionRegex.replace("\\\\", "\\").replace(/^\^/g, "\\.").replace(/\$$/g, "\\."); - const regionRegexmatchArray = hostname.match(regionRegexJs); - if (regionRegexmatchArray) { - return regionRegexmatchArray[0].slice(1, -1); + return (0, import_smithy_client3.decorateServiceException)(exception, body); +}, "de_ExpiredTokenExceptionRes"); +var de_IDPCommunicationErrorExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const body = parsedOutput.body; + const deserialized = de_IDPCommunicationErrorException(body.Error, context); + const exception = new IDPCommunicationErrorException({ + $metadata: deserializeMetadata(parsedOutput), + ...deserialized + }); + return (0, import_smithy_client3.decorateServiceException)(exception, body); +}, "de_IDPCommunicationErrorExceptionRes"); +var de_IDPRejectedClaimExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const body = parsedOutput.body; + const deserialized = de_IDPRejectedClaimException(body.Error, context); + const exception = new IDPRejectedClaimException({ + $metadata: deserializeMetadata(parsedOutput), + ...deserialized + }); + return (0, import_smithy_client3.decorateServiceException)(exception, body); +}, "de_IDPRejectedClaimExceptionRes"); +var de_InvalidIdentityTokenExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const body = parsedOutput.body; + const deserialized = de_InvalidIdentityTokenException(body.Error, context); + const exception = new InvalidIdentityTokenException({ + $metadata: deserializeMetadata(parsedOutput), + ...deserialized + }); + return (0, import_smithy_client3.decorateServiceException)(exception, body); +}, "de_InvalidIdentityTokenExceptionRes"); +var de_MalformedPolicyDocumentExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const body = parsedOutput.body; + const deserialized = de_MalformedPolicyDocumentException(body.Error, context); + const exception = new MalformedPolicyDocumentException({ + $metadata: deserializeMetadata(parsedOutput), + ...deserialized + }); + return (0, import_smithy_client3.decorateServiceException)(exception, body); +}, "de_MalformedPolicyDocumentExceptionRes"); +var de_PackedPolicyTooLargeExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const body = parsedOutput.body; + const deserialized = de_PackedPolicyTooLargeException(body.Error, context); + const exception = new PackedPolicyTooLargeException({ + $metadata: deserializeMetadata(parsedOutput), + ...deserialized + }); + return (0, import_smithy_client3.decorateServiceException)(exception, body); +}, "de_PackedPolicyTooLargeExceptionRes"); +var de_RegionDisabledExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const body = parsedOutput.body; + const deserialized = de_RegionDisabledException(body.Error, context); + const exception = new RegionDisabledException({ + $metadata: deserializeMetadata(parsedOutput), + ...deserialized + }); + return (0, import_smithy_client3.decorateServiceException)(exception, body); +}, "de_RegionDisabledExceptionRes"); +var se_AssumeRoleRequest = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + if (input[_RA] != null) { + entries[_RA] = input[_RA]; + } + if (input[_RSN] != null) { + entries[_RSN] = input[_RSN]; + } + if (input[_PA] != null) { + const memberEntries = se_policyDescriptorListType(input[_PA], context); + if (input[_PA]?.length === 0) { + entries.PolicyArns = []; + } + Object.entries(memberEntries).forEach(([key, value]) => { + const loc = `PolicyArns.${key}`; + entries[loc] = value; + }); + } + if (input[_P] != null) { + entries[_P] = input[_P]; + } + if (input[_DS] != null) { + entries[_DS] = input[_DS]; + } + if (input[_T] != null) { + const memberEntries = se_tagListType(input[_T], context); + if (input[_T]?.length === 0) { + entries.Tags = []; + } + Object.entries(memberEntries).forEach(([key, value]) => { + const loc = `Tags.${key}`; + entries[loc] = value; + }); + } + if (input[_TTK] != null) { + const memberEntries = se_tagKeyListType(input[_TTK], context); + if (input[_TTK]?.length === 0) { + entries.TransitiveTagKeys = []; } + Object.entries(memberEntries).forEach(([key, value]) => { + const loc = `TransitiveTagKeys.${key}`; + entries[loc] = value; + }); } -}, "getResolvedSigningRegion"); - -// src/regionInfo/getRegionInfo.ts -var getRegionInfo = /* @__PURE__ */ __name((region, { - useFipsEndpoint = false, - useDualstackEndpoint = false, - signingService, - regionHash, - partitionHash -}) => { - const partition = getResolvedPartition(region, { partitionHash }); - const resolvedRegion = region in regionHash ? region : partitionHash[partition]?.endpoint ?? region; - const hostnameOptions = { useFipsEndpoint, useDualstackEndpoint }; - const regionHostname = getHostnameFromVariants(regionHash[resolvedRegion]?.variants, hostnameOptions); - const partitionHostname = getHostnameFromVariants(partitionHash[partition]?.variants, hostnameOptions); - const hostname = getResolvedHostname(resolvedRegion, { regionHostname, partitionHostname }); - if (hostname === void 0) { - throw new Error(`Endpoint resolution failed for: ${{ resolvedRegion, useFipsEndpoint, useDualstackEndpoint }}`); + if (input[_EI] != null) { + entries[_EI] = input[_EI]; } - const signingRegion = getResolvedSigningRegion(hostname, { - signingRegion: regionHash[resolvedRegion]?.signingRegion, - regionRegex: partitionHash[partition].regionRegex, - useFipsEndpoint - }); - return { - partition, - signingService, - hostname, - ...signingRegion && { signingRegion }, - ...regionHash[resolvedRegion]?.signingService && { - signingService: regionHash[resolvedRegion].signingService + if (input[_SN] != null) { + entries[_SN] = input[_SN]; + } + if (input[_TC] != null) { + entries[_TC] = input[_TC]; + } + if (input[_SI] != null) { + entries[_SI] = input[_SI]; + } + if (input[_PC] != null) { + const memberEntries = se_ProvidedContextsListType(input[_PC], context); + if (input[_PC]?.length === 0) { + entries.ProvidedContexts = []; } - }; -}, "getRegionInfo"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 5829: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + Object.entries(memberEntries).forEach(([key, value]) => { + const loc = `ProvidedContexts.${key}`; + entries[loc] = value; + }); } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var src_exports = {}; -__export(src_exports, { - DefaultIdentityProviderConfig: () => DefaultIdentityProviderConfig, - EXPIRATION_MS: () => EXPIRATION_MS, - HttpApiKeyAuthSigner: () => HttpApiKeyAuthSigner, - HttpBearerAuthSigner: () => HttpBearerAuthSigner, - NoAuthSigner: () => NoAuthSigner, - createIsIdentityExpiredFunction: () => createIsIdentityExpiredFunction, - createPaginator: () => createPaginator, - doesIdentityRequireRefresh: () => doesIdentityRequireRefresh, - getHttpAuthSchemeEndpointRuleSetPlugin: () => getHttpAuthSchemeEndpointRuleSetPlugin, - getHttpAuthSchemePlugin: () => getHttpAuthSchemePlugin, - getHttpSigningPlugin: () => getHttpSigningPlugin, - getSmithyContext: () => getSmithyContext, - httpAuthSchemeEndpointRuleSetMiddlewareOptions: () => httpAuthSchemeEndpointRuleSetMiddlewareOptions, - httpAuthSchemeMiddleware: () => httpAuthSchemeMiddleware, - httpAuthSchemeMiddlewareOptions: () => httpAuthSchemeMiddlewareOptions, - httpSigningMiddleware: () => httpSigningMiddleware, - httpSigningMiddlewareOptions: () => httpSigningMiddlewareOptions, - isIdentityExpired: () => isIdentityExpired, - memoizeIdentityProvider: () => memoizeIdentityProvider, - normalizeProvider: () => normalizeProvider, - requestBuilder: () => import_protocols.requestBuilder, - setFeature: () => setFeature -}); -module.exports = __toCommonJS(src_exports); - -// src/getSmithyContext.ts -var import_types = __nccwpck_require__(5756); -var getSmithyContext = /* @__PURE__ */ __name((context) => context[import_types.SMITHY_CONTEXT_KEY] || (context[import_types.SMITHY_CONTEXT_KEY] = {}), "getSmithyContext"); - -// src/middleware-http-auth-scheme/httpAuthSchemeMiddleware.ts -var import_util_middleware = __nccwpck_require__(2390); - -// src/middleware-http-auth-scheme/resolveAuthOptions.ts -var resolveAuthOptions = /* @__PURE__ */ __name((candidateAuthOptions, authSchemePreference) => { - if (!authSchemePreference || authSchemePreference.length === 0) { - return candidateAuthOptions; + return entries; +}, "se_AssumeRoleRequest"); +var se_AssumeRoleWithWebIdentityRequest = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + if (input[_RA] != null) { + entries[_RA] = input[_RA]; } - const preferredAuthOptions = []; - for (const preferredSchemeName of authSchemePreference) { - for (const candidateAuthOption of candidateAuthOptions) { - const candidateAuthSchemeName = candidateAuthOption.schemeId.split("#")[1]; - if (candidateAuthSchemeName === preferredSchemeName) { - preferredAuthOptions.push(candidateAuthOption); - } + if (input[_RSN] != null) { + entries[_RSN] = input[_RSN]; + } + if (input[_WIT] != null) { + entries[_WIT] = input[_WIT]; + } + if (input[_PI] != null) { + entries[_PI] = input[_PI]; + } + if (input[_PA] != null) { + const memberEntries = se_policyDescriptorListType(input[_PA], context); + if (input[_PA]?.length === 0) { + entries.PolicyArns = []; } + Object.entries(memberEntries).forEach(([key, value]) => { + const loc = `PolicyArns.${key}`; + entries[loc] = value; + }); } - for (const candidateAuthOption of candidateAuthOptions) { - if (!preferredAuthOptions.find(({ schemeId }) => schemeId === candidateAuthOption.schemeId)) { - preferredAuthOptions.push(candidateAuthOption); + if (input[_P] != null) { + entries[_P] = input[_P]; + } + if (input[_DS] != null) { + entries[_DS] = input[_DS]; + } + return entries; +}, "se_AssumeRoleWithWebIdentityRequest"); +var se_policyDescriptorListType = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + let counter = 1; + for (const entry of input) { + if (entry === null) { + continue; } + const memberEntries = se_PolicyDescriptorType(entry, context); + Object.entries(memberEntries).forEach(([key, value]) => { + entries[`member.${counter}.${key}`] = value; + }); + counter++; } - return preferredAuthOptions; -}, "resolveAuthOptions"); - -// src/middleware-http-auth-scheme/httpAuthSchemeMiddleware.ts -function convertHttpAuthSchemesToMap(httpAuthSchemes) { - const map = /* @__PURE__ */ new Map(); - for (const scheme of httpAuthSchemes) { - map.set(scheme.schemeId, scheme); + return entries; +}, "se_policyDescriptorListType"); +var se_PolicyDescriptorType = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + if (input[_a] != null) { + entries[_a] = input[_a]; } - return map; -} -__name(convertHttpAuthSchemesToMap, "convertHttpAuthSchemesToMap"); -var httpAuthSchemeMiddleware = /* @__PURE__ */ __name((config, mwOptions) => (next, context) => async (args) => { - const options = config.httpAuthSchemeProvider( - await mwOptions.httpAuthSchemeParametersProvider(config, context, args.input) - ); - const authSchemePreference = config.authSchemePreference ? await config.authSchemePreference() : []; - const resolvedOptions = resolveAuthOptions(options, authSchemePreference); - const authSchemes = convertHttpAuthSchemesToMap(config.httpAuthSchemes); - const smithyContext = (0, import_util_middleware.getSmithyContext)(context); - const failureReasons = []; - for (const option of resolvedOptions) { - const scheme = authSchemes.get(option.schemeId); - if (!scheme) { - failureReasons.push(`HttpAuthScheme \`${option.schemeId}\` was not enabled for this service.`); + return entries; +}, "se_PolicyDescriptorType"); +var se_ProvidedContext = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + if (input[_PAr] != null) { + entries[_PAr] = input[_PAr]; + } + if (input[_CA] != null) { + entries[_CA] = input[_CA]; + } + return entries; +}, "se_ProvidedContext"); +var se_ProvidedContextsListType = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + let counter = 1; + for (const entry of input) { + if (entry === null) { continue; } - const identityProvider = scheme.identityProvider(await mwOptions.identityProviderConfigProvider(config)); - if (!identityProvider) { - failureReasons.push(`HttpAuthScheme \`${option.schemeId}\` did not have an IdentityProvider configured.`); + const memberEntries = se_ProvidedContext(entry, context); + Object.entries(memberEntries).forEach(([key, value]) => { + entries[`member.${counter}.${key}`] = value; + }); + counter++; + } + return entries; +}, "se_ProvidedContextsListType"); +var se_Tag = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + if (input[_K] != null) { + entries[_K] = input[_K]; + } + if (input[_Va] != null) { + entries[_Va] = input[_Va]; + } + return entries; +}, "se_Tag"); +var se_tagKeyListType = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + let counter = 1; + for (const entry of input) { + if (entry === null) { continue; } - const { identityProperties = {}, signingProperties = {} } = option.propertiesExtractor?.(config, context) || {}; - option.identityProperties = Object.assign(option.identityProperties || {}, identityProperties); - option.signingProperties = Object.assign(option.signingProperties || {}, signingProperties); - smithyContext.selectedHttpAuthScheme = { - httpAuthOption: option, - identity: await identityProvider(option.identityProperties), - signer: scheme.signer - }; - break; + entries[`member.${counter}`] = entry; + counter++; } - if (!smithyContext.selectedHttpAuthScheme) { - throw new Error(failureReasons.join("\n")); + return entries; +}, "se_tagKeyListType"); +var se_tagListType = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + let counter = 1; + for (const entry of input) { + if (entry === null) { + continue; + } + const memberEntries = se_Tag(entry, context); + Object.entries(memberEntries).forEach(([key, value]) => { + entries[`member.${counter}.${key}`] = value; + }); + counter++; } - return next(args); -}, "httpAuthSchemeMiddleware"); - -// src/middleware-http-auth-scheme/getHttpAuthSchemeEndpointRuleSetPlugin.ts -var httpAuthSchemeEndpointRuleSetMiddlewareOptions = { - step: "serialize", - tags: ["HTTP_AUTH_SCHEME"], - name: "httpAuthSchemeMiddleware", - override: true, - relation: "before", - toMiddleware: "endpointV2Middleware" -}; -var getHttpAuthSchemeEndpointRuleSetPlugin = /* @__PURE__ */ __name((config, { - httpAuthSchemeParametersProvider, - identityProviderConfigProvider -}) => ({ - applyToStack: (clientStack) => { - clientStack.addRelativeTo( - httpAuthSchemeMiddleware(config, { - httpAuthSchemeParametersProvider, - identityProviderConfigProvider - }), - httpAuthSchemeEndpointRuleSetMiddlewareOptions - ); + return entries; +}, "se_tagListType"); +var de_AssumedRoleUser = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_ARI] != null) { + contents[_ARI] = (0, import_smithy_client3.expectString)(output[_ARI]); } -}), "getHttpAuthSchemeEndpointRuleSetPlugin"); - -// src/middleware-http-auth-scheme/getHttpAuthSchemePlugin.ts -var import_middleware_serde = __nccwpck_require__(1238); -var httpAuthSchemeMiddlewareOptions = { - step: "serialize", - tags: ["HTTP_AUTH_SCHEME"], - name: "httpAuthSchemeMiddleware", - override: true, - relation: "before", - toMiddleware: import_middleware_serde.serializerMiddlewareOption.name -}; -var getHttpAuthSchemePlugin = /* @__PURE__ */ __name((config, { - httpAuthSchemeParametersProvider, - identityProviderConfigProvider -}) => ({ - applyToStack: (clientStack) => { - clientStack.addRelativeTo( - httpAuthSchemeMiddleware(config, { - httpAuthSchemeParametersProvider, - identityProviderConfigProvider - }), - httpAuthSchemeMiddlewareOptions - ); + if (output[_Ar] != null) { + contents[_Ar] = (0, import_smithy_client3.expectString)(output[_Ar]); } -}), "getHttpAuthSchemePlugin"); - -// src/middleware-http-signing/httpSigningMiddleware.ts -var import_protocol_http = __nccwpck_require__(4418); - -var defaultErrorHandler = /* @__PURE__ */ __name((signingProperties) => (error) => { - throw error; -}, "defaultErrorHandler"); -var defaultSuccessHandler = /* @__PURE__ */ __name((httpResponse, signingProperties) => { -}, "defaultSuccessHandler"); -var httpSigningMiddleware = /* @__PURE__ */ __name((config) => (next, context) => async (args) => { - if (!import_protocol_http.HttpRequest.isInstance(args.request)) { - return next(args); + return contents; +}, "de_AssumedRoleUser"); +var de_AssumeRoleResponse = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_C] != null) { + contents[_C] = de_Credentials(output[_C], context); } - const smithyContext = (0, import_util_middleware.getSmithyContext)(context); - const scheme = smithyContext.selectedHttpAuthScheme; - if (!scheme) { - throw new Error(`No HttpAuthScheme was selected: unable to sign request`); + if (output[_ARU] != null) { + contents[_ARU] = de_AssumedRoleUser(output[_ARU], context); } - const { - httpAuthOption: { signingProperties = {} }, - identity, - signer - } = scheme; - const output = await next({ - ...args, - request: await signer.sign(args.request, identity, signingProperties) - }).catch((signer.errorHandler || defaultErrorHandler)(signingProperties)); - (signer.successHandler || defaultSuccessHandler)(output.response, signingProperties); - return output; -}, "httpSigningMiddleware"); - -// src/middleware-http-signing/getHttpSigningMiddleware.ts -var httpSigningMiddlewareOptions = { - step: "finalizeRequest", - tags: ["HTTP_SIGNING"], - name: "httpSigningMiddleware", - aliases: ["apiKeyMiddleware", "tokenMiddleware", "awsAuthMiddleware"], - override: true, - relation: "after", - toMiddleware: "retryMiddleware" -}; -var getHttpSigningPlugin = /* @__PURE__ */ __name((config) => ({ - applyToStack: (clientStack) => { - clientStack.addRelativeTo(httpSigningMiddleware(config), httpSigningMiddlewareOptions); + if (output[_PPS] != null) { + contents[_PPS] = (0, import_smithy_client3.strictParseInt32)(output[_PPS]); } -}), "getHttpSigningPlugin"); - -// src/normalizeProvider.ts -var normalizeProvider = /* @__PURE__ */ __name((input) => { - if (typeof input === "function") - return input; - const promisified = Promise.resolve(input); - return () => promisified; -}, "normalizeProvider"); - -// src/pagination/createPaginator.ts -var makePagedClientRequest = /* @__PURE__ */ __name(async (CommandCtor, client, input, withCommand = (_) => _, ...args) => { - let command = new CommandCtor(input); - command = withCommand(command) ?? command; - return await client.send(command, ...args); -}, "makePagedClientRequest"); -function createPaginator(ClientCtor, CommandCtor, inputTokenName, outputTokenName, pageSizeTokenName) { - return /* @__PURE__ */ __name(async function* paginateOperation(config, input, ...additionalArguments) { - const _input = input; - let token = config.startingToken ?? _input[inputTokenName]; - let hasNext = true; - let page; - while (hasNext) { - _input[inputTokenName] = token; - if (pageSizeTokenName) { - _input[pageSizeTokenName] = _input[pageSizeTokenName] ?? config.pageSize; - } - if (config.client instanceof ClientCtor) { - page = await makePagedClientRequest( - CommandCtor, - config.client, - input, - config.withCommand, - ...additionalArguments - ); - } else { - throw new Error(`Invalid client, expected instance of ${ClientCtor.name}`); - } - yield page; - const prevToken = token; - token = get(page, outputTokenName); - hasNext = !!(token && (!config.stopOnSameToken || token !== prevToken)); - } - return void 0; - }, "paginateOperation"); -} -__name(createPaginator, "createPaginator"); -var get = /* @__PURE__ */ __name((fromObject, path) => { - let cursor = fromObject; - const pathComponents = path.split("."); - for (const step of pathComponents) { - if (!cursor || typeof cursor !== "object") { - return void 0; - } - cursor = cursor[step]; + if (output[_SI] != null) { + contents[_SI] = (0, import_smithy_client3.expectString)(output[_SI]); + } + return contents; +}, "de_AssumeRoleResponse"); +var de_AssumeRoleWithWebIdentityResponse = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_C] != null) { + contents[_C] = de_Credentials(output[_C], context); + } + if (output[_SFWIT] != null) { + contents[_SFWIT] = (0, import_smithy_client3.expectString)(output[_SFWIT]); + } + if (output[_ARU] != null) { + contents[_ARU] = de_AssumedRoleUser(output[_ARU], context); + } + if (output[_PPS] != null) { + contents[_PPS] = (0, import_smithy_client3.strictParseInt32)(output[_PPS]); + } + if (output[_Pr] != null) { + contents[_Pr] = (0, import_smithy_client3.expectString)(output[_Pr]); + } + if (output[_Au] != null) { + contents[_Au] = (0, import_smithy_client3.expectString)(output[_Au]); + } + if (output[_SI] != null) { + contents[_SI] = (0, import_smithy_client3.expectString)(output[_SI]); + } + return contents; +}, "de_AssumeRoleWithWebIdentityResponse"); +var de_Credentials = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_AKI] != null) { + contents[_AKI] = (0, import_smithy_client3.expectString)(output[_AKI]); + } + if (output[_SAK] != null) { + contents[_SAK] = (0, import_smithy_client3.expectString)(output[_SAK]); + } + if (output[_ST] != null) { + contents[_ST] = (0, import_smithy_client3.expectString)(output[_ST]); + } + if (output[_E] != null) { + contents[_E] = (0, import_smithy_client3.expectNonNull)((0, import_smithy_client3.parseRfc3339DateTimeWithOffset)(output[_E])); + } + return contents; +}, "de_Credentials"); +var de_ExpiredTokenException = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_m] != null) { + contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); + } + return contents; +}, "de_ExpiredTokenException"); +var de_IDPCommunicationErrorException = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_m] != null) { + contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); + } + return contents; +}, "de_IDPCommunicationErrorException"); +var de_IDPRejectedClaimException = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_m] != null) { + contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); + } + return contents; +}, "de_IDPRejectedClaimException"); +var de_InvalidIdentityTokenException = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_m] != null) { + contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); } - return cursor; -}, "get"); - -// src/protocols/requestBuilder.ts -var import_protocols = __nccwpck_require__(2241); - -// src/setFeature.ts -function setFeature(context, feature, value) { - if (!context.__smithy_context) { - context.__smithy_context = { - features: {} - }; - } else if (!context.__smithy_context.features) { - context.__smithy_context.features = {}; + return contents; +}, "de_InvalidIdentityTokenException"); +var de_MalformedPolicyDocumentException = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_m] != null) { + contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); } - context.__smithy_context.features[feature] = value; -} -__name(setFeature, "setFeature"); - -// src/util-identity-and-auth/DefaultIdentityProviderConfig.ts -var DefaultIdentityProviderConfig = class { - /** - * Creates an IdentityProviderConfig with a record of scheme IDs to identity providers. - * - * @param config scheme IDs and identity providers to configure - */ - constructor(config) { - this.authSchemes = /* @__PURE__ */ new Map(); - for (const [key, value] of Object.entries(config)) { - if (value !== void 0) { - this.authSchemes.set(key, value); - } - } + return contents; +}, "de_MalformedPolicyDocumentException"); +var de_PackedPolicyTooLargeException = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_m] != null) { + contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); } - static { - __name(this, "DefaultIdentityProviderConfig"); + return contents; +}, "de_PackedPolicyTooLargeException"); +var de_RegionDisabledException = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_m] != null) { + contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); } - getIdentityProvider(schemeId) { - return this.authSchemes.get(schemeId); + return contents; +}, "de_RegionDisabledException"); +var deserializeMetadata = /* @__PURE__ */ __name((output) => ({ + httpStatusCode: output.statusCode, + requestId: output.headers["x-amzn-requestid"] ?? output.headers["x-amzn-request-id"] ?? output.headers["x-amz-request-id"], + extendedRequestId: output.headers["x-amz-id-2"], + cfId: output.headers["x-amz-cf-id"] +}), "deserializeMetadata"); +var throwDefaultError = (0, import_smithy_client3.withBaseException)(STSServiceException); +var buildHttpRpcRequest = /* @__PURE__ */ __name(async (context, headers, path, resolvedHostname, body) => { + const { hostname, protocol = "https", port, path: basePath } = await context.endpoint(); + const contents = { + protocol, + hostname, + port, + method: "POST", + path: basePath.endsWith("/") ? basePath.slice(0, -1) + path : basePath + path, + headers + }; + if (resolvedHostname !== void 0) { + contents.hostname = resolvedHostname; } + if (body !== void 0) { + contents.body = body; + } + return new import_protocol_http.HttpRequest(contents); +}, "buildHttpRpcRequest"); +var SHARED_HEADERS = { + "content-type": "application/x-www-form-urlencoded" }; +var _ = "2011-06-15"; +var _A = "Action"; +var _AKI = "AccessKeyId"; +var _AR = "AssumeRole"; +var _ARI = "AssumedRoleId"; +var _ARU = "AssumedRoleUser"; +var _ARWWI = "AssumeRoleWithWebIdentity"; +var _Ar = "Arn"; +var _Au = "Audience"; +var _C = "Credentials"; +var _CA = "ContextAssertion"; +var _DS = "DurationSeconds"; +var _E = "Expiration"; +var _EI = "ExternalId"; +var _K = "Key"; +var _P = "Policy"; +var _PA = "PolicyArns"; +var _PAr = "ProviderArn"; +var _PC = "ProvidedContexts"; +var _PI = "ProviderId"; +var _PPS = "PackedPolicySize"; +var _Pr = "Provider"; +var _RA = "RoleArn"; +var _RSN = "RoleSessionName"; +var _SAK = "SecretAccessKey"; +var _SFWIT = "SubjectFromWebIdentityToken"; +var _SI = "SourceIdentity"; +var _SN = "SerialNumber"; +var _ST = "SessionToken"; +var _T = "Tags"; +var _TC = "TokenCode"; +var _TTK = "TransitiveTagKeys"; +var _V = "Version"; +var _Va = "Value"; +var _WIT = "WebIdentityToken"; +var _a = "arn"; +var _m = "message"; +var buildFormUrlencodedString = /* @__PURE__ */ __name((formEntries) => Object.entries(formEntries).map(([key, value]) => (0, import_smithy_client3.extendedEncodeURIComponent)(key) + "=" + (0, import_smithy_client3.extendedEncodeURIComponent)(value)).join("&"), "buildFormUrlencodedString"); +var loadQueryErrorCode = /* @__PURE__ */ __name((output, data) => { + if (data.Error?.Code !== void 0) { + return data.Error.Code; + } + if (output.statusCode == 404) { + return "NotFound"; + } +}, "loadQueryErrorCode"); -// src/util-identity-and-auth/httpAuthSchemes/httpApiKeyAuth.ts - - -var HttpApiKeyAuthSigner = class { +// src/submodules/sts/commands/AssumeRoleCommand.ts +var AssumeRoleCommand = class extends import_smithy_client4.Command.classBuilder().ep(import_EndpointParameters.commonParams).m(function(Command, cs, config, o) { + return [ + (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), + (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) + ]; +}).s("AWSSecurityTokenServiceV20110615", "AssumeRole", {}).n("STSClient", "AssumeRoleCommand").f(void 0, AssumeRoleResponseFilterSensitiveLog).ser(se_AssumeRoleCommand).de(de_AssumeRoleCommand).build() { static { - __name(this, "HttpApiKeyAuthSigner"); - } - async sign(httpRequest, identity, signingProperties) { - if (!signingProperties) { - throw new Error( - "request could not be signed with `apiKey` since the `name` and `in` signer properties are missing" - ); - } - if (!signingProperties.name) { - throw new Error("request could not be signed with `apiKey` since the `name` signer property is missing"); - } - if (!signingProperties.in) { - throw new Error("request could not be signed with `apiKey` since the `in` signer property is missing"); - } - if (!identity.apiKey) { - throw new Error("request could not be signed with `apiKey` since the `apiKey` is not defined"); - } - const clonedRequest = import_protocol_http.HttpRequest.clone(httpRequest); - if (signingProperties.in === import_types.HttpApiKeyAuthLocation.QUERY) { - clonedRequest.query[signingProperties.name] = identity.apiKey; - } else if (signingProperties.in === import_types.HttpApiKeyAuthLocation.HEADER) { - clonedRequest.headers[signingProperties.name] = signingProperties.scheme ? `${signingProperties.scheme} ${identity.apiKey}` : identity.apiKey; - } else { - throw new Error( - "request can only be signed with `apiKey` locations `query` or `header`, but found: `" + signingProperties.in + "`" - ); - } - return clonedRequest; + __name(this, "AssumeRoleCommand"); } }; -// src/util-identity-and-auth/httpAuthSchemes/httpBearerAuth.ts - -var HttpBearerAuthSigner = class { +// src/submodules/sts/commands/AssumeRoleWithWebIdentityCommand.ts +var import_middleware_endpoint2 = __nccwpck_require__(2918); +var import_middleware_serde2 = __nccwpck_require__(1238); +var import_smithy_client5 = __nccwpck_require__(3570); +var import_EndpointParameters2 = __nccwpck_require__(1765); +var AssumeRoleWithWebIdentityCommand = class extends import_smithy_client5.Command.classBuilder().ep(import_EndpointParameters2.commonParams).m(function(Command, cs, config, o) { + return [ + (0, import_middleware_serde2.getSerdePlugin)(config, this.serialize, this.deserialize), + (0, import_middleware_endpoint2.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) + ]; +}).s("AWSSecurityTokenServiceV20110615", "AssumeRoleWithWebIdentity", {}).n("STSClient", "AssumeRoleWithWebIdentityCommand").f(AssumeRoleWithWebIdentityRequestFilterSensitiveLog, AssumeRoleWithWebIdentityResponseFilterSensitiveLog).ser(se_AssumeRoleWithWebIdentityCommand).de(de_AssumeRoleWithWebIdentityCommand).build() { static { - __name(this, "HttpBearerAuthSigner"); - } - async sign(httpRequest, identity, signingProperties) { - const clonedRequest = import_protocol_http.HttpRequest.clone(httpRequest); - if (!identity.token) { - throw new Error("request could not be signed with `token` since the `token` is not defined"); - } - clonedRequest.headers["Authorization"] = `Bearer ${identity.token}`; - return clonedRequest; + __name(this, "AssumeRoleWithWebIdentityCommand"); } }; -// src/util-identity-and-auth/httpAuthSchemes/noAuth.ts -var NoAuthSigner = class { +// src/submodules/sts/STS.ts +var import_STSClient = __nccwpck_require__(8974); +var commands = { + AssumeRoleCommand, + AssumeRoleWithWebIdentityCommand +}; +var STS = class extends import_STSClient.STSClient { static { - __name(this, "NoAuthSigner"); - } - async sign(httpRequest, identity, signingProperties) { - return httpRequest; + __name(this, "STS"); } }; +(0, import_smithy_client6.createAggregatedClient)(commands, STS); -// src/util-identity-and-auth/memoizeIdentityProvider.ts -var createIsIdentityExpiredFunction = /* @__PURE__ */ __name((expirationMs) => (identity) => doesIdentityRequireRefresh(identity) && identity.expiration.getTime() - Date.now() < expirationMs, "createIsIdentityExpiredFunction"); -var EXPIRATION_MS = 3e5; -var isIdentityExpired = createIsIdentityExpiredFunction(EXPIRATION_MS); -var doesIdentityRequireRefresh = /* @__PURE__ */ __name((identity) => identity.expiration !== void 0, "doesIdentityRequireRefresh"); -var memoizeIdentityProvider = /* @__PURE__ */ __name((provider, isExpired, requiresRefresh) => { - if (provider === void 0) { - return void 0; +// src/submodules/sts/index.ts +var import_EndpointParameters3 = __nccwpck_require__(1765); + +// src/submodules/sts/defaultStsRoleAssumers.ts +var import_client = __nccwpck_require__(2825); +var ASSUME_ROLE_DEFAULT_REGION = "us-east-1"; +var getAccountIdFromAssumedRoleUser = /* @__PURE__ */ __name((assumedRoleUser) => { + if (typeof assumedRoleUser?.Arn === "string") { + const arnComponents = assumedRoleUser.Arn.split(":"); + if (arnComponents.length > 4 && arnComponents[4] !== "") { + return arnComponents[4]; + } } - const normalizedProvider = typeof provider !== "function" ? async () => Promise.resolve(provider) : provider; - let resolved; - let pending; - let hasResult; - let isConstant = false; - const coalesceProvider = /* @__PURE__ */ __name(async (options) => { - if (!pending) { - pending = normalizedProvider(options); + return void 0; +}, "getAccountIdFromAssumedRoleUser"); +var resolveRegion = /* @__PURE__ */ __name(async (_region, _parentRegion, credentialProviderLogger) => { + const region = typeof _region === "function" ? await _region() : _region; + const parentRegion = typeof _parentRegion === "function" ? await _parentRegion() : _parentRegion; + credentialProviderLogger?.debug?.( + "@aws-sdk/client-sts::resolveRegion", + "accepting first of:", + `${region} (provider)`, + `${parentRegion} (parent client)`, + `${ASSUME_ROLE_DEFAULT_REGION} (STS default)` + ); + return region ?? parentRegion ?? ASSUME_ROLE_DEFAULT_REGION; +}, "resolveRegion"); +var getDefaultRoleAssumer = /* @__PURE__ */ __name((stsOptions, STSClient3) => { + let stsClient; + let closureSourceCreds; + return async (sourceCreds, params) => { + closureSourceCreds = sourceCreds; + if (!stsClient) { + const { + logger = stsOptions?.parentClientConfig?.logger, + region, + requestHandler = stsOptions?.parentClientConfig?.requestHandler, + credentialProviderLogger + } = stsOptions; + const resolvedRegion = await resolveRegion( + region, + stsOptions?.parentClientConfig?.region, + credentialProviderLogger + ); + const isCompatibleRequestHandler = !isH2(requestHandler); + stsClient = new STSClient3({ + profile: stsOptions?.parentClientConfig?.profile, + // A hack to make sts client uses the credential in current closure. + credentialDefaultProvider: /* @__PURE__ */ __name(() => async () => closureSourceCreds, "credentialDefaultProvider"), + region: resolvedRegion, + requestHandler: isCompatibleRequestHandler ? requestHandler : void 0, + logger + }); } - try { - resolved = await pending; - hasResult = true; - isConstant = false; - } finally { - pending = void 0; + const { Credentials: Credentials2, AssumedRoleUser: AssumedRoleUser2 } = await stsClient.send(new AssumeRoleCommand(params)); + if (!Credentials2 || !Credentials2.AccessKeyId || !Credentials2.SecretAccessKey) { + throw new Error(`Invalid response from STS.assumeRole call with role ${params.RoleArn}`); } - return resolved; - }, "coalesceProvider"); - if (isExpired === void 0) { - return async (options) => { - if (!hasResult || options?.forceRefresh) { - resolved = await coalesceProvider(options); - } - return resolved; + const accountId = getAccountIdFromAssumedRoleUser(AssumedRoleUser2); + const credentials = { + accessKeyId: Credentials2.AccessKeyId, + secretAccessKey: Credentials2.SecretAccessKey, + sessionToken: Credentials2.SessionToken, + expiration: Credentials2.Expiration, + // TODO(credentialScope): access normally when shape is updated. + ...Credentials2.CredentialScope && { credentialScope: Credentials2.CredentialScope }, + ...accountId && { accountId } }; - } - return async (options) => { - if (!hasResult || options?.forceRefresh) { - resolved = await coalesceProvider(options); - } - if (isConstant) { - return resolved; + (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_STS_ASSUME_ROLE", "i"); + return credentials; + }; +}, "getDefaultRoleAssumer"); +var getDefaultRoleAssumerWithWebIdentity = /* @__PURE__ */ __name((stsOptions, STSClient3) => { + let stsClient; + return async (params) => { + if (!stsClient) { + const { + logger = stsOptions?.parentClientConfig?.logger, + region, + requestHandler = stsOptions?.parentClientConfig?.requestHandler, + credentialProviderLogger + } = stsOptions; + const resolvedRegion = await resolveRegion( + region, + stsOptions?.parentClientConfig?.region, + credentialProviderLogger + ); + const isCompatibleRequestHandler = !isH2(requestHandler); + stsClient = new STSClient3({ + profile: stsOptions?.parentClientConfig?.profile, + region: resolvedRegion, + requestHandler: isCompatibleRequestHandler ? requestHandler : void 0, + logger + }); } - if (!requiresRefresh(resolved)) { - isConstant = true; - return resolved; + const { Credentials: Credentials2, AssumedRoleUser: AssumedRoleUser2 } = await stsClient.send(new AssumeRoleWithWebIdentityCommand(params)); + if (!Credentials2 || !Credentials2.AccessKeyId || !Credentials2.SecretAccessKey) { + throw new Error(`Invalid response from STS.assumeRoleWithWebIdentity call with role ${params.RoleArn}`); } - if (isExpired(resolved)) { - await coalesceProvider(options); - return resolved; + const accountId = getAccountIdFromAssumedRoleUser(AssumedRoleUser2); + const credentials = { + accessKeyId: Credentials2.AccessKeyId, + secretAccessKey: Credentials2.SecretAccessKey, + sessionToken: Credentials2.SessionToken, + expiration: Credentials2.Expiration, + // TODO(credentialScope): access normally when shape is updated. + ...Credentials2.CredentialScope && { credentialScope: Credentials2.CredentialScope }, + ...accountId && { accountId } + }; + if (accountId) { + (0, import_client.setCredentialFeature)(credentials, "RESOLVED_ACCOUNT_ID", "T"); } - return resolved; + (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_STS_ASSUME_ROLE_WEB_ID", "k"); + return credentials; }; -}, "memoizeIdentityProvider"); +}, "getDefaultRoleAssumerWithWebIdentity"); +var isH2 = /* @__PURE__ */ __name((requestHandler) => { + return requestHandler?.metadata?.handlerProtocol === "h2"; +}, "isH2"); + +// src/submodules/sts/defaultRoleAssumers.ts +var import_STSClient2 = __nccwpck_require__(8974); +var getCustomizableStsClientCtor = /* @__PURE__ */ __name((baseCtor, customizations) => { + if (!customizations) return baseCtor; + else + return class CustomizableSTSClient extends baseCtor { + static { + __name(this, "CustomizableSTSClient"); + } + constructor(config) { + super(config); + for (const customization of customizations) { + this.middlewareStack.use(customization); + } + } + }; +}, "getCustomizableStsClientCtor"); +var getDefaultRoleAssumer2 = /* @__PURE__ */ __name((stsOptions = {}, stsPlugins) => getDefaultRoleAssumer(stsOptions, getCustomizableStsClientCtor(import_STSClient2.STSClient, stsPlugins)), "getDefaultRoleAssumer"); +var getDefaultRoleAssumerWithWebIdentity2 = /* @__PURE__ */ __name((stsOptions = {}, stsPlugins) => getDefaultRoleAssumerWithWebIdentity(stsOptions, getCustomizableStsClientCtor(import_STSClient2.STSClient, stsPlugins)), "getDefaultRoleAssumerWithWebIdentity"); +var decorateDefaultCredentialProvider = /* @__PURE__ */ __name((provider) => (input) => provider({ + roleAssumer: getDefaultRoleAssumer2(input), + roleAssumerWithWebIdentity: getDefaultRoleAssumerWithWebIdentity2(input), + ...input +}), "decorateDefaultCredentialProvider"); // Annotate the CommonJS export names for ESM import in node: +0 && (0); + + +/***/ }), + +/***/ 1798: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.getRuntimeConfig = void 0; +const tslib_1 = __nccwpck_require__(4351); +const package_json_1 = tslib_1.__importDefault(__nccwpck_require__(8842)); +const core_1 = __nccwpck_require__(9963); +const util_user_agent_node_1 = __nccwpck_require__(8095); +const config_resolver_1 = __nccwpck_require__(3098); +const core_2 = __nccwpck_require__(5829); +const hash_node_1 = __nccwpck_require__(3081); +const middleware_retry_1 = __nccwpck_require__(6039); +const node_config_provider_1 = __nccwpck_require__(3461); +const node_http_handler_1 = __nccwpck_require__(258); +const util_body_length_node_1 = __nccwpck_require__(8075); +const util_retry_1 = __nccwpck_require__(4902); +const runtimeConfig_shared_1 = __nccwpck_require__(5238); +const smithy_client_1 = __nccwpck_require__(3570); +const util_defaults_mode_node_1 = __nccwpck_require__(2429); +const smithy_client_2 = __nccwpck_require__(3570); +const getRuntimeConfig = (config) => { + (0, smithy_client_2.emitWarningIfUnsupportedVersion)(process.version); + const defaultsMode = (0, util_defaults_mode_node_1.resolveDefaultsModeConfig)(config); + const defaultConfigProvider = () => defaultsMode().then(smithy_client_1.loadConfigsForDefaultMode); + const clientSharedValues = (0, runtimeConfig_shared_1.getRuntimeConfig)(config); + (0, core_1.emitWarningIfUnsupportedVersion)(process.version); + const loaderConfig = { + profile: config?.profile, + logger: clientSharedValues.logger, + }; + return { + ...clientSharedValues, + ...config, + runtime: "node", + defaultsMode, + authSchemePreference: config?.authSchemePreference ?? (0, node_config_provider_1.loadConfig)(core_1.NODE_AUTH_SCHEME_PREFERENCE_OPTIONS, loaderConfig), + bodyLengthChecker: config?.bodyLengthChecker ?? util_body_length_node_1.calculateBodyLength, + defaultUserAgentProvider: config?.defaultUserAgentProvider ?? + (0, util_user_agent_node_1.createDefaultUserAgentProvider)({ serviceId: clientSharedValues.serviceId, clientVersion: package_json_1.default.version }), + httpAuthSchemes: config?.httpAuthSchemes ?? [ + { + schemeId: "aws.auth#sigv4", + identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4") || + (async (idProps) => await config.credentialDefaultProvider(idProps?.__config || {})()), + signer: new core_1.AwsSdkSigV4Signer(), + }, + { + schemeId: "smithy.api#noAuth", + identityProvider: (ipc) => ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})), + signer: new core_2.NoAuthSigner(), + }, + ], + maxAttempts: config?.maxAttempts ?? (0, node_config_provider_1.loadConfig)(middleware_retry_1.NODE_MAX_ATTEMPT_CONFIG_OPTIONS, config), + region: config?.region ?? + (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_REGION_CONFIG_OPTIONS, { ...config_resolver_1.NODE_REGION_CONFIG_FILE_OPTIONS, ...loaderConfig }), + requestHandler: node_http_handler_1.NodeHttpHandler.create(config?.requestHandler ?? defaultConfigProvider), + retryMode: config?.retryMode ?? + (0, node_config_provider_1.loadConfig)({ + ...middleware_retry_1.NODE_RETRY_MODE_CONFIG_OPTIONS, + default: async () => (await defaultConfigProvider()).retryMode || util_retry_1.DEFAULT_RETRY_MODE, + }, config), + sha256: config?.sha256 ?? hash_node_1.Hash.bind(null, "sha256"), + streamCollector: config?.streamCollector ?? node_http_handler_1.streamCollector, + useDualstackEndpoint: config?.useDualstackEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS, loaderConfig), + useFipsEndpoint: config?.useFipsEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS, loaderConfig), + userAgentAppId: config?.userAgentAppId ?? (0, node_config_provider_1.loadConfig)(util_user_agent_node_1.NODE_APP_ID_CONFIG_OPTIONS, loaderConfig), + }; +}; +exports.getRuntimeConfig = getRuntimeConfig; + + +/***/ }), + +/***/ 5238: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.getRuntimeConfig = void 0; +const core_1 = __nccwpck_require__(9963); +const core_2 = __nccwpck_require__(5829); +const smithy_client_1 = __nccwpck_require__(3570); +const url_parser_1 = __nccwpck_require__(4681); +const util_base64_1 = __nccwpck_require__(5600); +const util_utf8_1 = __nccwpck_require__(1895); +const httpAuthSchemeProvider_1 = __nccwpck_require__(8013); +const endpointResolver_1 = __nccwpck_require__(7561); +const getRuntimeConfig = (config) => { + return { + apiVersion: "2011-06-15", + base64Decoder: config?.base64Decoder ?? util_base64_1.fromBase64, + base64Encoder: config?.base64Encoder ?? util_base64_1.toBase64, + disableHostPrefix: config?.disableHostPrefix ?? false, + endpointProvider: config?.endpointProvider ?? endpointResolver_1.defaultEndpointResolver, + extensions: config?.extensions ?? [], + httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? httpAuthSchemeProvider_1.defaultSTSHttpAuthSchemeProvider, + httpAuthSchemes: config?.httpAuthSchemes ?? [ + { + schemeId: "aws.auth#sigv4", + identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4"), + signer: new core_1.AwsSdkSigV4Signer(), + }, + { + schemeId: "smithy.api#noAuth", + identityProvider: (ipc) => ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})), + signer: new core_2.NoAuthSigner(), + }, + ], + logger: config?.logger ?? new smithy_client_1.NoOpLogger(), + serviceId: config?.serviceId ?? "STS", + urlParser: config?.urlParser ?? url_parser_1.parseUrl, + utf8Decoder: config?.utf8Decoder ?? util_utf8_1.fromUtf8, + utf8Encoder: config?.utf8Encoder ?? util_utf8_1.toUtf8, + }; +}; +exports.getRuntimeConfig = getRuntimeConfig; -0 && (0); +/***/ }), + +/***/ 669: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.resolveRuntimeExtensions = void 0; +const region_config_resolver_1 = __nccwpck_require__(8156); +const protocol_http_1 = __nccwpck_require__(4418); +const smithy_client_1 = __nccwpck_require__(3570); +const httpAuthExtensionConfiguration_1 = __nccwpck_require__(4935); +const resolveRuntimeExtensions = (runtimeConfig, extensions) => { + const extensionConfiguration = Object.assign((0, region_config_resolver_1.getAwsRegionExtensionConfiguration)(runtimeConfig), (0, smithy_client_1.getDefaultExtensionConfiguration)(runtimeConfig), (0, protocol_http_1.getHttpHandlerExtensionConfiguration)(runtimeConfig), (0, httpAuthExtensionConfiguration_1.getHttpAuthExtensionConfiguration)(runtimeConfig)); + extensions.forEach((extension) => extension.configure(extensionConfiguration)); + return Object.assign(runtimeConfig, (0, region_config_resolver_1.resolveAwsRegionExtensionConfiguration)(extensionConfiguration), (0, smithy_client_1.resolveDefaultRuntimeConfig)(extensionConfiguration), (0, protocol_http_1.resolveHttpHandlerRuntimeConfig)(extensionConfiguration), (0, httpAuthExtensionConfiguration_1.resolveHttpAuthRuntimeConfig)(extensionConfiguration)); +}; +exports.resolveRuntimeExtensions = resolveRuntimeExtensions; /***/ }), -/***/ 2241: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +/***/ 8156: +/***/ ((module) => { + +"use strict"; var __defProp = Object.defineProperty; var __getOwnPropDesc = Object.getOwnPropertyDescriptor; var __getOwnPropNames = Object.getOwnPropertyNames; var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); var __export = (target, all) => { for (var name in all) __defProp(target, name, { get: all[name], enumerable: true }); @@ -57566,819 +42921,492 @@ var __copyProps = (to, from, except, desc) => { }; var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -// src/submodules/protocols/index.ts -var protocols_exports = {}; -__export(protocols_exports, { - FromStringShapeDeserializer: () => FromStringShapeDeserializer, - HttpBindingProtocol: () => HttpBindingProtocol, - HttpInterceptingShapeDeserializer: () => HttpInterceptingShapeDeserializer, - HttpInterceptingShapeSerializer: () => HttpInterceptingShapeSerializer, - RequestBuilder: () => RequestBuilder, - RpcProtocol: () => RpcProtocol, - ToStringShapeSerializer: () => ToStringShapeSerializer, - collectBody: () => collectBody, - determineTimestampFormat: () => determineTimestampFormat, - extendedEncodeURIComponent: () => extendedEncodeURIComponent, - requestBuilder: () => requestBuilder, - resolvedPath: () => resolvedPath +// src/index.ts +var index_exports = {}; +__export(index_exports, { + NODE_REGION_CONFIG_FILE_OPTIONS: () => NODE_REGION_CONFIG_FILE_OPTIONS, + NODE_REGION_CONFIG_OPTIONS: () => NODE_REGION_CONFIG_OPTIONS, + REGION_ENV_NAME: () => REGION_ENV_NAME, + REGION_INI_NAME: () => REGION_INI_NAME, + getAwsRegionExtensionConfiguration: () => getAwsRegionExtensionConfiguration, + resolveAwsRegionExtensionConfiguration: () => resolveAwsRegionExtensionConfiguration, + resolveRegionConfig: () => resolveRegionConfig }); -module.exports = __toCommonJS(protocols_exports); +module.exports = __toCommonJS(index_exports); -// src/submodules/protocols/collect-stream-body.ts -var import_util_stream = __nccwpck_require__(6607); -var collectBody = async (streamBody = new Uint8Array(), context) => { - if (streamBody instanceof Uint8Array) { - return import_util_stream.Uint8ArrayBlobAdapter.mutate(streamBody); - } - if (!streamBody) { - return import_util_stream.Uint8ArrayBlobAdapter.mutate(new Uint8Array()); - } - const fromContext = context.streamCollector(streamBody); - return import_util_stream.Uint8ArrayBlobAdapter.mutate(await fromContext); -}; +// src/extensions/index.ts +var getAwsRegionExtensionConfiguration = /* @__PURE__ */ __name((runtimeConfig) => { + return { + setRegion(region) { + runtimeConfig.region = region; + }, + region() { + return runtimeConfig.region; + } + }; +}, "getAwsRegionExtensionConfiguration"); +var resolveAwsRegionExtensionConfiguration = /* @__PURE__ */ __name((awsRegionExtensionConfiguration) => { + return { + region: awsRegionExtensionConfiguration.region() + }; +}, "resolveAwsRegionExtensionConfiguration"); -// src/submodules/protocols/extended-encode-uri-component.ts -function extendedEncodeURIComponent(str) { - return encodeURIComponent(str).replace(/[!'()*]/g, function(c) { - return "%" + c.charCodeAt(0).toString(16).toUpperCase(); - }); -} +// src/regionConfig/config.ts +var REGION_ENV_NAME = "AWS_REGION"; +var REGION_INI_NAME = "region"; +var NODE_REGION_CONFIG_OPTIONS = { + environmentVariableSelector: /* @__PURE__ */ __name((env) => env[REGION_ENV_NAME], "environmentVariableSelector"), + configFileSelector: /* @__PURE__ */ __name((profile) => profile[REGION_INI_NAME], "configFileSelector"), + default: /* @__PURE__ */ __name(() => { + throw new Error("Region is missing"); + }, "default") +}; +var NODE_REGION_CONFIG_FILE_OPTIONS = { + preferredFile: "credentials" +}; -// src/submodules/protocols/HttpBindingProtocol.ts -var import_schema2 = __nccwpck_require__(9826); -var import_serde = __nccwpck_require__(7669); -var import_protocol_http2 = __nccwpck_require__(4418); -var import_util_stream2 = __nccwpck_require__(6607); +// src/regionConfig/isFipsRegion.ts +var isFipsRegion = /* @__PURE__ */ __name((region) => typeof region === "string" && (region.startsWith("fips-") || region.endsWith("-fips")), "isFipsRegion"); -// src/submodules/protocols/HttpProtocol.ts -var import_schema = __nccwpck_require__(9826); -var import_protocol_http = __nccwpck_require__(4418); -var HttpProtocol = class { - constructor(options) { - this.options = options; - } - getRequestType() { - return import_protocol_http.HttpRequest; - } - getResponseType() { - return import_protocol_http.HttpResponse; - } - setSerdeContext(serdeContext) { - this.serdeContext = serdeContext; - this.serializer.setSerdeContext(serdeContext); - this.deserializer.setSerdeContext(serdeContext); - if (this.getPayloadCodec()) { - this.getPayloadCodec().setSerdeContext(serdeContext); - } - } - updateServiceEndpoint(request, endpoint) { - if ("url" in endpoint) { - request.protocol = endpoint.url.protocol; - request.hostname = endpoint.url.hostname; - request.port = endpoint.url.port ? Number(endpoint.url.port) : void 0; - request.path = endpoint.url.pathname; - request.fragment = endpoint.url.hash || void 0; - request.username = endpoint.url.username || void 0; - request.password = endpoint.url.password || void 0; - for (const [k, v] of endpoint.url.searchParams.entries()) { - if (!request.query) { - request.query = {}; - } - request.query[k] = v; - } - return request; - } else { - request.protocol = endpoint.protocol; - request.hostname = endpoint.hostname; - request.port = endpoint.port ? Number(endpoint.port) : void 0; - request.path = endpoint.path; - request.query = { - ...endpoint.query - }; - return request; - } - } - setHostPrefix(request, operationSchema, input) { - const operationNs = import_schema.NormalizedSchema.of(operationSchema); - const inputNs = import_schema.NormalizedSchema.of(operationSchema.input); - if (operationNs.getMergedTraits().endpoint) { - let hostPrefix = operationNs.getMergedTraits().endpoint?.[0]; - if (typeof hostPrefix === "string") { - const hostLabelInputs = [...inputNs.structIterator()].filter( - ([, member]) => member.getMergedTraits().hostLabel - ); - for (const [name] of hostLabelInputs) { - const replacement = input[name]; - if (typeof replacement !== "string") { - throw new Error(`@smithy/core/schema - ${name} in input must be a string as hostLabel.`); - } - hostPrefix = hostPrefix.replace(`{${name}}`, replacement); - } - request.hostname = hostPrefix + request.hostname; - } - } - } - deserializeMetadata(output) { - return { - httpStatusCode: output.statusCode, - requestId: output.headers["x-amzn-requestid"] ?? output.headers["x-amzn-request-id"] ?? output.headers["x-amz-request-id"], - extendedRequestId: output.headers["x-amz-id-2"], - cfId: output.headers["x-amz-cf-id"] - }; - } - async deserializeHttpMessage(schema, context, response, arg4, arg5) { - return []; - } -}; +// src/regionConfig/getRealRegion.ts +var getRealRegion = /* @__PURE__ */ __name((region) => isFipsRegion(region) ? ["fips-aws-global", "aws-fips"].includes(region) ? "us-east-1" : region.replace(/fips-(dkr-|prod-)?|-fips/, "") : region, "getRealRegion"); -// src/submodules/protocols/HttpBindingProtocol.ts -var HttpBindingProtocol = class extends HttpProtocol { - async serializeRequest(operationSchema, _input, context) { - const input = { - ..._input ?? {} - }; - const serializer = this.serializer; - const query = {}; - const headers = {}; - const endpoint = await context.endpoint(); - const ns = import_schema2.NormalizedSchema.of(operationSchema?.input); - const schema = ns.getSchema(); - let hasNonHttpBindingMember = false; - let payload; - const request = new import_protocol_http2.HttpRequest({ - protocol: "", - hostname: "", - port: void 0, - path: "", - fragment: void 0, - query, - headers, - body: void 0 - }); - if (endpoint) { - this.updateServiceEndpoint(request, endpoint); - this.setHostPrefix(request, operationSchema, input); - const opTraits = import_schema2.NormalizedSchema.translateTraits(operationSchema.traits); - if (opTraits.http) { - request.method = opTraits.http[0]; - const [path, search] = opTraits.http[1].split("?"); - if (request.path == "/") { - request.path = path; - } else { - request.path += path; - } - const traitSearchParams = new URLSearchParams(search ?? ""); - Object.assign(query, Object.fromEntries(traitSearchParams)); - } - } - for (const [memberName, memberNs] of ns.structIterator()) { - const memberTraits = memberNs.getMergedTraits() ?? {}; - const inputMemberValue = input[memberName]; - if (inputMemberValue == null) { - continue; - } - if (memberTraits.httpPayload) { - const isStreaming = memberNs.isStreaming(); - if (isStreaming) { - const isEventStream = memberNs.isStructSchema(); - if (isEventStream) { - throw new Error("serialization of event streams is not yet implemented"); - } else { - payload = inputMemberValue; - } - } else { - serializer.write(memberNs, inputMemberValue); - payload = serializer.flush(); - } - delete input[memberName]; - } else if (memberTraits.httpLabel) { - serializer.write(memberNs, inputMemberValue); - const replacement = serializer.flush(); - if (request.path.includes(`{${memberName}+}`)) { - request.path = request.path.replace( - `{${memberName}+}`, - replacement.split("/").map(extendedEncodeURIComponent).join("/") - ); - } else if (request.path.includes(`{${memberName}}`)) { - request.path = request.path.replace(`{${memberName}}`, extendedEncodeURIComponent(replacement)); - } - delete input[memberName]; - } else if (memberTraits.httpHeader) { - serializer.write(memberNs, inputMemberValue); - headers[memberTraits.httpHeader.toLowerCase()] = String(serializer.flush()); - delete input[memberName]; - } else if (typeof memberTraits.httpPrefixHeaders === "string") { - for (const [key, val] of Object.entries(inputMemberValue)) { - const amalgam = memberTraits.httpPrefixHeaders + key; - serializer.write([memberNs.getValueSchema(), { httpHeader: amalgam }], val); - headers[amalgam.toLowerCase()] = serializer.flush(); - } - delete input[memberName]; - } else if (memberTraits.httpQuery || memberTraits.httpQueryParams) { - this.serializeQuery(memberNs, inputMemberValue, query); - delete input[memberName]; - } else { - hasNonHttpBindingMember = true; - } - } - if (hasNonHttpBindingMember && input) { - serializer.write(schema, input); - payload = serializer.flush(); - } - request.headers = headers; - request.query = query; - request.body = payload; - return request; - } - serializeQuery(ns, data, query) { - const serializer = this.serializer; - const traits = ns.getMergedTraits(); - if (traits.httpQueryParams) { - for (const [key, val] of Object.entries(data)) { - if (!(key in query)) { - this.serializeQuery( - import_schema2.NormalizedSchema.of([ - ns.getValueSchema(), - { - // We pass on the traits to the sub-schema - // because we are still in the process of serializing the map itself. - ...traits, - httpQuery: key, - httpQueryParams: void 0 - } - ]), - val, - query - ); - } - } - return; - } - if (ns.isListSchema()) { - const sparse = !!ns.getMergedTraits().sparse; - const buffer = []; - for (const item of data) { - serializer.write([ns.getValueSchema(), traits], item); - const serializable = serializer.flush(); - if (sparse || serializable !== void 0) { - buffer.push(serializable); - } - } - query[traits.httpQuery] = buffer; - } else { - serializer.write([ns, traits], data); - query[traits.httpQuery] = serializer.flush(); - } - } - async deserializeResponse(operationSchema, context, response) { - const deserializer = this.deserializer; - const ns = import_schema2.NormalizedSchema.of(operationSchema.output); - const dataObject = {}; - if (response.statusCode >= 300) { - const bytes = await collectBody(response.body, context); - if (bytes.byteLength > 0) { - Object.assign(dataObject, await deserializer.read(import_schema2.SCHEMA.DOCUMENT, bytes)); - } - await this.handleError(operationSchema, context, response, dataObject, this.deserializeMetadata(response)); - throw new Error("@smithy/core/protocols - HTTP Protocol error handler failed to throw."); - } - for (const header in response.headers) { - const value = response.headers[header]; - delete response.headers[header]; - response.headers[header.toLowerCase()] = value; - } - const nonHttpBindingMembers = await this.deserializeHttpMessage(ns, context, response, dataObject); - if (nonHttpBindingMembers.length) { - const bytes = await collectBody(response.body, context); - if (bytes.byteLength > 0) { - const dataFromBody = await deserializer.read(ns, bytes); - for (const member of nonHttpBindingMembers) { - dataObject[member] = dataFromBody[member]; - } - } - } - const output = { - $metadata: this.deserializeMetadata(response), - ...dataObject - }; - return output; +// src/regionConfig/resolveRegionConfig.ts +var resolveRegionConfig = /* @__PURE__ */ __name((input) => { + const { region, useFipsEndpoint } = input; + if (!region) { + throw new Error("Region is missing"); } - async deserializeHttpMessage(schema, context, response, arg4, arg5) { - let dataObject; - if (arg4 instanceof Set) { - dataObject = arg5; - } else { - dataObject = arg4; - } - const deserializer = this.deserializer; - const ns = import_schema2.NormalizedSchema.of(schema); - const nonHttpBindingMembers = []; - for (const [memberName, memberSchema] of ns.structIterator()) { - const memberTraits = memberSchema.getMemberTraits(); - if (memberTraits.httpPayload) { - const isStreaming = memberSchema.isStreaming(); - if (isStreaming) { - const isEventStream = memberSchema.isStructSchema(); - if (isEventStream) { - const context2 = this.serdeContext; - if (!context2.eventStreamMarshaller) { - throw new Error("@smithy/core - HttpProtocol: eventStreamMarshaller missing in serdeContext."); - } - const memberSchemas = memberSchema.getMemberSchemas(); - dataObject[memberName] = context2.eventStreamMarshaller.deserialize(response.body, async (event) => { - const unionMember = Object.keys(event).find((key) => { - return key !== "__type"; - }) ?? ""; - if (unionMember in memberSchemas) { - const eventStreamSchema = memberSchemas[unionMember]; - return { - [unionMember]: await deserializer.read(eventStreamSchema, event[unionMember].body) - }; - } else { - return { - $unknown: event - }; - } - }); - } else { - dataObject[memberName] = (0, import_util_stream2.sdkStreamMixin)(response.body); - } - } else if (response.body) { - const bytes = await collectBody(response.body, context); - if (bytes.byteLength > 0) { - dataObject[memberName] = await deserializer.read(memberSchema, bytes); - } - } - } else if (memberTraits.httpHeader) { - const key = String(memberTraits.httpHeader).toLowerCase(); - const value = response.headers[key]; - if (null != value) { - if (memberSchema.isListSchema()) { - const headerListValueSchema = memberSchema.getValueSchema(); - let sections; - if (headerListValueSchema.isTimestampSchema() && headerListValueSchema.getSchema() === import_schema2.SCHEMA.TIMESTAMP_DEFAULT) { - sections = (0, import_serde.splitEvery)(value, ",", 2); - } else { - sections = (0, import_serde.splitHeader)(value); - } - const list = []; - for (const section of sections) { - list.push(await deserializer.read([headerListValueSchema, { httpHeader: key }], section.trim())); - } - dataObject[memberName] = list; - } else { - dataObject[memberName] = await deserializer.read(memberSchema, value); - } - } - } else if (memberTraits.httpPrefixHeaders !== void 0) { - dataObject[memberName] = {}; - for (const [header, value] of Object.entries(response.headers)) { - if (header.startsWith(memberTraits.httpPrefixHeaders)) { - dataObject[memberName][header.slice(memberTraits.httpPrefixHeaders.length)] = await deserializer.read( - [memberSchema.getValueSchema(), { httpHeader: header }], - value - ); - } - } - } else if (memberTraits.httpResponseCode) { - dataObject[memberName] = response.statusCode; - } else { - nonHttpBindingMembers.push(memberName); + return Object.assign(input, { + region: /* @__PURE__ */ __name(async () => { + if (typeof region === "string") { + return getRealRegion(region); } - } - return nonHttpBindingMembers; - } -}; - -// src/submodules/protocols/RpcProtocol.ts -var import_schema3 = __nccwpck_require__(9826); -var import_protocol_http3 = __nccwpck_require__(4418); -var RpcProtocol = class extends HttpProtocol { - async serializeRequest(operationSchema, input, context) { - const serializer = this.serializer; - const query = {}; - const headers = {}; - const endpoint = await context.endpoint(); - const ns = import_schema3.NormalizedSchema.of(operationSchema?.input); - const schema = ns.getSchema(); - let payload; - const request = new import_protocol_http3.HttpRequest({ - protocol: "", - hostname: "", - port: void 0, - path: "/", - fragment: void 0, - query, - headers, - body: void 0 - }); - if (endpoint) { - this.updateServiceEndpoint(request, endpoint); - this.setHostPrefix(request, operationSchema, input); - } - const _input = { - ...input - }; - if (input) { - serializer.write(schema, _input); - payload = serializer.flush(); - } - request.headers = headers; - request.query = query; - request.body = payload; - request.method = "POST"; - return request; - } - async deserializeResponse(operationSchema, context, response) { - const deserializer = this.deserializer; - const ns = import_schema3.NormalizedSchema.of(operationSchema.output); - const dataObject = {}; - if (response.statusCode >= 300) { - const bytes2 = await collectBody(response.body, context); - if (bytes2.byteLength > 0) { - Object.assign(dataObject, await deserializer.read(import_schema3.SCHEMA.DOCUMENT, bytes2)); + const providedRegion = await region(); + return getRealRegion(providedRegion); + }, "region"), + useFipsEndpoint: /* @__PURE__ */ __name(async () => { + const providedRegion = typeof region === "string" ? region : await region(); + if (isFipsRegion(providedRegion)) { + return true; } - await this.handleError(operationSchema, context, response, dataObject, this.deserializeMetadata(response)); - throw new Error("@smithy/core/protocols - RPC Protocol error handler failed to throw."); - } - for (const header in response.headers) { - const value = response.headers[header]; - delete response.headers[header]; - response.headers[header.toLowerCase()] = value; - } - const bytes = await collectBody(response.body, context); - if (bytes.byteLength > 0) { - Object.assign(dataObject, await deserializer.read(ns, bytes)); - } - const output = { - $metadata: this.deserializeMetadata(response), - ...dataObject - }; - return output; + return typeof useFipsEndpoint !== "function" ? Promise.resolve(!!useFipsEndpoint) : useFipsEndpoint(); + }, "useFipsEndpoint") + }); +}, "resolveRegionConfig"); +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); + + + +/***/ }), + +/***/ 1856: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +"use strict"; + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } + return to; }; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -// src/submodules/protocols/requestBuilder.ts -var import_protocol_http4 = __nccwpck_require__(4418); +// src/index.ts +var index_exports = {}; +__export(index_exports, { + SignatureV4MultiRegion: () => SignatureV4MultiRegion, + signatureV4CrtContainer: () => signatureV4CrtContainer +}); +module.exports = __toCommonJS(index_exports); -// src/submodules/protocols/resolve-path.ts -var resolvedPath = (resolvedPath2, input, memberName, labelValueProvider, uriLabel, isGreedyLabel) => { - if (input != null && input[memberName] !== void 0) { - const labelValue = labelValueProvider(); - if (labelValue.length <= 0) { - throw new Error("Empty value provided for input HTTP label: " + memberName + "."); - } - resolvedPath2 = resolvedPath2.replace( - uriLabel, - isGreedyLabel ? labelValue.split("/").map((segment) => extendedEncodeURIComponent(segment)).join("/") : extendedEncodeURIComponent(labelValue) - ); - } else { - throw new Error("No value provided for input HTTP label: " + memberName + "."); - } - return resolvedPath2; +// src/SignatureV4MultiRegion.ts +var import_middleware_sdk_s3 = __nccwpck_require__(1139); +var import_signature_v4 = __nccwpck_require__(1528); + +// src/signature-v4-crt-container.ts +var signatureV4CrtContainer = { + CrtSignerV4: null }; -// src/submodules/protocols/requestBuilder.ts -function requestBuilder(input, context) { - return new RequestBuilder(input, context); -} -var RequestBuilder = class { - constructor(input, context) { - this.input = input; - this.context = context; - this.query = {}; - this.method = ""; - this.headers = {}; - this.path = ""; - this.body = null; - this.hostname = ""; - this.resolvePathStack = []; +// src/SignatureV4MultiRegion.ts +var SignatureV4MultiRegion = class { + static { + __name(this, "SignatureV4MultiRegion"); } - async build() { - const { hostname, protocol = "https", port, path: basePath } = await this.context.endpoint(); - this.path = basePath; - for (const resolvePath of this.resolvePathStack) { - resolvePath(this.path); + sigv4aSigner; + sigv4Signer; + signerOptions; + static sigv4aDependency() { + if (typeof signatureV4CrtContainer.CrtSignerV4 === "function") { + return "crt"; + } else if (typeof import_signature_v4.signatureV4aContainer.SignatureV4a === "function") { + return "js"; } - return new import_protocol_http4.HttpRequest({ - protocol, - hostname: this.hostname || hostname, - port, - method: this.method, - path: this.path, - query: this.query, - body: this.body, - headers: this.headers - }); - } - /** - * Brevity setter for "hostname". - */ - hn(hostname) { - this.hostname = hostname; - return this; - } - /** - * Brevity initial builder for "basepath". - */ - bp(uriLabel) { - this.resolvePathStack.push((basePath) => { - this.path = `${basePath?.endsWith("/") ? basePath.slice(0, -1) : basePath || ""}` + uriLabel; - }); - return this; - } - /** - * Brevity incremental builder for "path". - */ - p(memberName, labelValueProvider, uriLabel, isGreedyLabel) { - this.resolvePathStack.push((path) => { - this.path = resolvedPath(path, this.input, memberName, labelValueProvider, uriLabel, isGreedyLabel); - }); - return this; + return "none"; } - /** - * Brevity setter for "headers". - */ - h(headers) { - this.headers = headers; - return this; + constructor(options) { + this.sigv4Signer = new import_middleware_sdk_s3.SignatureV4S3Express(options); + this.signerOptions = options; } - /** - * Brevity setter for "query". - */ - q(query) { - this.query = query; - return this; + async sign(requestToSign, options = {}) { + if (options.signingRegion === "*") { + return this.getSigv4aSigner().sign(requestToSign, options); + } + return this.sigv4Signer.sign(requestToSign, options); } /** - * Brevity setter for "body". + * Sign with alternate credentials to the ones provided in the constructor. + * Note: This is only supported for SigV4a when using the CRT implementation. */ - b(body) { - this.body = body; - return this; + async signWithCredentials(requestToSign, credentials, options = {}) { + if (options.signingRegion === "*") { + const signer = this.getSigv4aSigner(); + const CrtSignerV4 = signatureV4CrtContainer.CrtSignerV4; + if (CrtSignerV4 && signer instanceof CrtSignerV4) { + return signer.signWithCredentials(requestToSign, credentials, options); + } else { + throw new Error( + `signWithCredentials with signingRegion '*' is only supported when using the CRT dependency @aws-sdk/signature-v4-crt. Please check whether you have installed the "@aws-sdk/signature-v4-crt" package explicitly. You must also register the package by calling [require("@aws-sdk/signature-v4-crt");] or an ESM equivalent such as [import "@aws-sdk/signature-v4-crt";]. For more information please go to https://github.com/aws/aws-sdk-js-v3#functionality-requiring-aws-common-runtime-crt` + ); + } + } + return this.sigv4Signer.signWithCredentials(requestToSign, credentials, options); } /** - * Brevity setter for "method". + * Presign a request. + * Note: This is only supported for SigV4a when using the CRT implementation. */ - m(method) { - this.method = method; - return this; - } -}; - -// src/submodules/protocols/serde/FromStringShapeDeserializer.ts -var import_schema5 = __nccwpck_require__(9826); -var import_serde2 = __nccwpck_require__(7669); -var import_util_base64 = __nccwpck_require__(5600); -var import_util_utf8 = __nccwpck_require__(1895); - -// src/submodules/protocols/serde/determineTimestampFormat.ts -var import_schema4 = __nccwpck_require__(9826); -function determineTimestampFormat(ns, settings) { - if (settings.timestampFormat.useTrait) { - if (ns.isTimestampSchema() && (ns.getSchema() === import_schema4.SCHEMA.TIMESTAMP_DATE_TIME || ns.getSchema() === import_schema4.SCHEMA.TIMESTAMP_HTTP_DATE || ns.getSchema() === import_schema4.SCHEMA.TIMESTAMP_EPOCH_SECONDS)) { - return ns.getSchema(); + async presign(originalRequest, options = {}) { + if (options.signingRegion === "*") { + const signer = this.getSigv4aSigner(); + const CrtSignerV4 = signatureV4CrtContainer.CrtSignerV4; + if (CrtSignerV4 && signer instanceof CrtSignerV4) { + return signer.presign(originalRequest, options); + } else { + throw new Error( + `presign with signingRegion '*' is only supported when using the CRT dependency @aws-sdk/signature-v4-crt. Please check whether you have installed the "@aws-sdk/signature-v4-crt" package explicitly. You must also register the package by calling [require("@aws-sdk/signature-v4-crt");] or an ESM equivalent such as [import "@aws-sdk/signature-v4-crt";]. For more information please go to https://github.com/aws/aws-sdk-js-v3#functionality-requiring-aws-common-runtime-crt` + ); + } } + return this.sigv4Signer.presign(originalRequest, options); } - const { httpLabel, httpPrefixHeaders, httpHeader, httpQuery } = ns.getMergedTraits(); - const bindingFormat = settings.httpBindings ? typeof httpPrefixHeaders === "string" || Boolean(httpHeader) ? import_schema4.SCHEMA.TIMESTAMP_HTTP_DATE : Boolean(httpQuery) || Boolean(httpLabel) ? import_schema4.SCHEMA.TIMESTAMP_DATE_TIME : void 0 : void 0; - return bindingFormat ?? settings.timestampFormat.default; -} - -// src/submodules/protocols/serde/FromStringShapeDeserializer.ts -var FromStringShapeDeserializer = class { - constructor(settings) { - this.settings = settings; - } - setSerdeContext(serdeContext) { - this.serdeContext = serdeContext; - } - read(_schema, data) { - const ns = import_schema5.NormalizedSchema.of(_schema); - if (ns.isListSchema()) { - return (0, import_serde2.splitHeader)(data).map((item) => this.read(ns.getValueSchema(), item)); - } - if (ns.isBlobSchema()) { - return (this.serdeContext?.base64Decoder ?? import_util_base64.fromBase64)(data); - } - if (ns.isTimestampSchema()) { - const format = determineTimestampFormat(ns, this.settings); - switch (format) { - case import_schema5.SCHEMA.TIMESTAMP_DATE_TIME: - return (0, import_serde2.parseRfc3339DateTimeWithOffset)(data); - case import_schema5.SCHEMA.TIMESTAMP_HTTP_DATE: - return (0, import_serde2.parseRfc7231DateTime)(data); - case import_schema5.SCHEMA.TIMESTAMP_EPOCH_SECONDS: - return (0, import_serde2.parseEpochTimestamp)(data); - default: - console.warn("Missing timestamp format, parsing value with Date constructor:", data); - return new Date(data); - } + async presignWithCredentials(originalRequest, credentials, options = {}) { + if (options.signingRegion === "*") { + throw new Error("Method presignWithCredentials is not supported for [signingRegion=*]."); } - if (ns.isStringSchema()) { - const mediaType = ns.getMergedTraits().mediaType; - let intermediateValue = data; - if (mediaType) { - if (ns.getMergedTraits().httpHeader) { - intermediateValue = this.base64ToUtf8(intermediateValue); + return this.sigv4Signer.presignWithCredentials(originalRequest, credentials, options); + } + getSigv4aSigner() { + if (!this.sigv4aSigner) { + const CrtSignerV4 = signatureV4CrtContainer.CrtSignerV4; + const JsSigV4aSigner = import_signature_v4.signatureV4aContainer.SignatureV4a; + if (this.signerOptions.runtime === "node") { + if (!CrtSignerV4 && !JsSigV4aSigner) { + throw new Error( + "Neither CRT nor JS SigV4a implementation is available. Please load either @aws-sdk/signature-v4-crt or @aws-sdk/signature-v4a. For more information please go to https://github.com/aws/aws-sdk-js-v3#functionality-requiring-aws-common-runtime-crt" + ); } - const isJson = mediaType === "application/json" || mediaType.endsWith("+json"); - if (isJson) { - intermediateValue = import_serde2.LazyJsonString.from(intermediateValue); + if (CrtSignerV4 && typeof CrtSignerV4 === "function") { + this.sigv4aSigner = new CrtSignerV4({ + ...this.signerOptions, + signingAlgorithm: 1 + }); + } else if (JsSigV4aSigner && typeof JsSigV4aSigner === "function") { + this.sigv4aSigner = new JsSigV4aSigner({ + ...this.signerOptions + }); + } else { + throw new Error( + "Available SigV4a implementation is not a valid constructor. Please ensure you've properly imported @aws-sdk/signature-v4-crt or @aws-sdk/signature-v4a.For more information please go to https://github.com/aws/aws-sdk-js-v3#functionality-requiring-aws-common-runtime-crt" + ); } - return intermediateValue; + } else { + if (!JsSigV4aSigner || typeof JsSigV4aSigner !== "function") { + throw new Error( + "JS SigV4a implementation is not available or not a valid constructor. Please check whether you have installed the @aws-sdk/signature-v4a package explicitly. The CRT implementation is not available for browsers. You must also register the package by calling [require('@aws-sdk/signature-v4a');] or an ESM equivalent such as [import '@aws-sdk/signature-v4a';]. For more information please go to https://github.com/aws/aws-sdk-js-v3#using-javascript-non-crt-implementation-of-sigv4a" + ); + } + this.sigv4aSigner = new JsSigV4aSigner({ + ...this.signerOptions + }); } } - switch (true) { - case ns.isNumericSchema(): - return Number(data); - case ns.isBigIntegerSchema(): - return BigInt(data); - case ns.isBigDecimalSchema(): - return new import_serde2.NumericValue(data, "bigDecimal"); - case ns.isBooleanSchema(): - return String(data).toLowerCase() === "true"; - } - return data; - } - base64ToUtf8(base64String) { - return (this.serdeContext?.utf8Encoder ?? import_util_utf8.toUtf8)((this.serdeContext?.base64Decoder ?? import_util_base64.fromBase64)(base64String)); + return this.sigv4aSigner; } }; +// Annotate the CommonJS export names for ESM import in node: -// src/submodules/protocols/serde/HttpInterceptingShapeDeserializer.ts -var import_schema6 = __nccwpck_require__(9826); -var import_util_utf82 = __nccwpck_require__(1895); -var HttpInterceptingShapeDeserializer = class { - constructor(codecDeserializer, codecSettings) { - this.codecDeserializer = codecDeserializer; - this.stringDeserializer = new FromStringShapeDeserializer(codecSettings); - } - setSerdeContext(serdeContext) { - this.stringDeserializer.setSerdeContext(serdeContext); - this.codecDeserializer.setSerdeContext(serdeContext); - this.serdeContext = serdeContext; - } - read(schema, data) { - const ns = import_schema6.NormalizedSchema.of(schema); - const traits = ns.getMergedTraits(); - const toString = this.serdeContext?.utf8Encoder ?? import_util_utf82.toUtf8; - if (traits.httpHeader || traits.httpResponseCode) { - return this.stringDeserializer.read(ns, toString(data)); - } - if (traits.httpPayload) { - if (ns.isBlobSchema()) { - const toBytes = this.serdeContext?.utf8Decoder ?? import_util_utf82.fromUtf8; - if (typeof data === "string") { - return toBytes(data); - } - return data; - } else if (ns.isStringSchema()) { - if ("byteLength" in data) { - return toString(data); - } - return data; - } - } - return this.codecDeserializer.read(ns, data); +0 && (0); + + + +/***/ }), + +/***/ 2843: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +"use strict"; + +var __create = Object.create; +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __getProtoOf = Object.getPrototypeOf; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } + return to; }; +var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps( + // If the importer is in node compatibility mode or this is not an ESM + // file that has been converted to a CommonJS file using a Babel- + // compatible transform (i.e. "__esModule" has not been set), then set + // "default" to the CommonJS "module.exports" for node compatibility. + isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target, + mod +)); +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -// src/submodules/protocols/serde/HttpInterceptingShapeSerializer.ts -var import_schema8 = __nccwpck_require__(9826); +// src/index.ts +var index_exports = {}; +__export(index_exports, { + fromEnvSigningName: () => fromEnvSigningName, + fromSso: () => fromSso, + fromStatic: () => fromStatic, + nodeProvider: () => nodeProvider +}); +module.exports = __toCommonJS(index_exports); -// src/submodules/protocols/serde/ToStringShapeSerializer.ts -var import_schema7 = __nccwpck_require__(9826); -var import_serde3 = __nccwpck_require__(7669); -var import_util_base642 = __nccwpck_require__(5600); -var ToStringShapeSerializer = class { - constructor(settings) { - this.settings = settings; - this.stringBuffer = ""; - this.serdeContext = void 0; +// src/fromEnvSigningName.ts +var import_client = __nccwpck_require__(2825); +var import_httpAuthSchemes = __nccwpck_require__(7862); +var import_property_provider = __nccwpck_require__(9721); +var fromEnvSigningName = /* @__PURE__ */ __name(({ logger, signingName } = {}) => async () => { + logger?.debug?.("@aws-sdk/token-providers - fromEnvSigningName"); + if (!signingName) { + throw new import_property_provider.TokenProviderError("Please pass 'signingName' to compute environment variable key", { logger }); } - setSerdeContext(serdeContext) { - this.serdeContext = serdeContext; + const bearerTokenKey = (0, import_httpAuthSchemes.getBearerTokenEnvKey)(signingName); + if (!(bearerTokenKey in process.env)) { + throw new import_property_provider.TokenProviderError(`Token not present in '${bearerTokenKey}' environment variable`, { logger }); } - write(schema, value) { - const ns = import_schema7.NormalizedSchema.of(schema); - switch (typeof value) { - case "object": - if (value === null) { - this.stringBuffer = "null"; - return; - } - if (ns.isTimestampSchema()) { - if (!(value instanceof Date)) { - throw new Error( - `@smithy/core/protocols - received non-Date value ${value} when schema expected Date in ${ns.getName(true)}` - ); - } - const format = determineTimestampFormat(ns, this.settings); - switch (format) { - case import_schema7.SCHEMA.TIMESTAMP_DATE_TIME: - this.stringBuffer = value.toISOString().replace(".000Z", "Z"); - break; - case import_schema7.SCHEMA.TIMESTAMP_HTTP_DATE: - this.stringBuffer = (0, import_serde3.dateToUtcString)(value); - break; - case import_schema7.SCHEMA.TIMESTAMP_EPOCH_SECONDS: - this.stringBuffer = String(value.getTime() / 1e3); - break; - default: - console.warn("Missing timestamp format, using epoch seconds", value); - this.stringBuffer = String(value.getTime() / 1e3); - } - return; - } - if (ns.isBlobSchema() && "byteLength" in value) { - this.stringBuffer = (this.serdeContext?.base64Encoder ?? import_util_base642.toBase64)(value); - return; - } - if (ns.isListSchema() && Array.isArray(value)) { - let buffer = ""; - for (const item of value) { - this.write([ns.getValueSchema(), ns.getMergedTraits()], item); - const headerItem = this.flush(); - const serialized = ns.getValueSchema().isTimestampSchema() ? headerItem : (0, import_serde3.quoteHeader)(headerItem); - if (buffer !== "") { - buffer += ", "; - } - buffer += serialized; - } - this.stringBuffer = buffer; - return; - } - this.stringBuffer = JSON.stringify(value, null, 2); - break; - case "string": - const mediaType = ns.getMergedTraits().mediaType; - let intermediateValue = value; - if (mediaType) { - const isJson = mediaType === "application/json" || mediaType.endsWith("+json"); - if (isJson) { - intermediateValue = import_serde3.LazyJsonString.from(intermediateValue); - } - if (ns.getMergedTraits().httpHeader) { - this.stringBuffer = (this.serdeContext?.base64Encoder ?? import_util_base642.toBase64)(intermediateValue.toString()); - return; - } - } - this.stringBuffer = value; - break; - default: - this.stringBuffer = String(value); - } + const token = { token: process.env[bearerTokenKey] }; + (0, import_client.setTokenFeature)(token, "BEARER_SERVICE_ENV_VARS", "3"); + return token; +}, "fromEnvSigningName"); + +// src/fromSso.ts + + + +// src/constants.ts +var EXPIRE_WINDOW_MS = 5 * 60 * 1e3; +var REFRESH_MESSAGE = `To refresh this SSO session run 'aws sso login' with the corresponding profile.`; + +// src/getSsoOidcClient.ts +var getSsoOidcClient = /* @__PURE__ */ __name(async (ssoRegion, init = {}) => { + const { SSOOIDCClient } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(7334))); + const ssoOidcClient = new SSOOIDCClient( + Object.assign({}, init.clientConfig ?? {}, { + region: ssoRegion ?? init.clientConfig?.region, + logger: init.clientConfig?.logger ?? init.parentClientConfig?.logger + }) + ); + return ssoOidcClient; +}, "getSsoOidcClient"); + +// src/getNewSsoOidcToken.ts +var getNewSsoOidcToken = /* @__PURE__ */ __name(async (ssoToken, ssoRegion, init = {}) => { + const { CreateTokenCommand } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(7334))); + const ssoOidcClient = await getSsoOidcClient(ssoRegion, init); + return ssoOidcClient.send( + new CreateTokenCommand({ + clientId: ssoToken.clientId, + clientSecret: ssoToken.clientSecret, + refreshToken: ssoToken.refreshToken, + grantType: "refresh_token" + }) + ); +}, "getNewSsoOidcToken"); + +// src/validateTokenExpiry.ts + +var validateTokenExpiry = /* @__PURE__ */ __name((token) => { + if (token.expiration && token.expiration.getTime() < Date.now()) { + throw new import_property_provider.TokenProviderError(`Token is expired. ${REFRESH_MESSAGE}`, false); } - flush() { - const buffer = this.stringBuffer; - this.stringBuffer = ""; - return buffer; +}, "validateTokenExpiry"); + +// src/validateTokenKey.ts + +var validateTokenKey = /* @__PURE__ */ __name((key, value, forRefresh = false) => { + if (typeof value === "undefined") { + throw new import_property_provider.TokenProviderError( + `Value not present for '${key}' in SSO Token${forRefresh ? ". Cannot refresh" : ""}. ${REFRESH_MESSAGE}`, + false + ); } -}; +}, "validateTokenKey"); -// src/submodules/protocols/serde/HttpInterceptingShapeSerializer.ts -var HttpInterceptingShapeSerializer = class { - constructor(codecSerializer, codecSettings, stringSerializer = new ToStringShapeSerializer(codecSettings)) { - this.codecSerializer = codecSerializer; - this.stringSerializer = stringSerializer; +// src/writeSSOTokenToFile.ts +var import_shared_ini_file_loader = __nccwpck_require__(3507); +var import_fs = __nccwpck_require__(7147); +var { writeFile } = import_fs.promises; +var writeSSOTokenToFile = /* @__PURE__ */ __name((id, ssoToken) => { + const tokenFilepath = (0, import_shared_ini_file_loader.getSSOTokenFilepath)(id); + const tokenString = JSON.stringify(ssoToken, null, 2); + return writeFile(tokenFilepath, tokenString); +}, "writeSSOTokenToFile"); + +// src/fromSso.ts +var lastRefreshAttemptTime = /* @__PURE__ */ new Date(0); +var fromSso = /* @__PURE__ */ __name((_init = {}) => async ({ callerClientConfig } = {}) => { + const init = { + ..._init, + parentClientConfig: { + ...callerClientConfig, + ..._init.parentClientConfig + } + }; + init.logger?.debug("@aws-sdk/token-providers - fromSso"); + const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init); + const profileName = (0, import_shared_ini_file_loader.getProfileName)({ + profile: init.profile ?? callerClientConfig?.profile + }); + const profile = profiles[profileName]; + if (!profile) { + throw new import_property_provider.TokenProviderError(`Profile '${profileName}' could not be found in shared credentials file.`, false); + } else if (!profile["sso_session"]) { + throw new import_property_provider.TokenProviderError(`Profile '${profileName}' is missing required property 'sso_session'.`); } - setSerdeContext(serdeContext) { - this.codecSerializer.setSerdeContext(serdeContext); - this.stringSerializer.setSerdeContext(serdeContext); + const ssoSessionName = profile["sso_session"]; + const ssoSessions = await (0, import_shared_ini_file_loader.loadSsoSessionData)(init); + const ssoSession = ssoSessions[ssoSessionName]; + if (!ssoSession) { + throw new import_property_provider.TokenProviderError( + `Sso session '${ssoSessionName}' could not be found in shared credentials file.`, + false + ); } - write(schema, value) { - const ns = import_schema8.NormalizedSchema.of(schema); - const traits = ns.getMergedTraits(); - if (traits.httpHeader || traits.httpLabel || traits.httpQuery) { - this.stringSerializer.write(ns, value); - this.buffer = this.stringSerializer.flush(); - return; + for (const ssoSessionRequiredKey of ["sso_start_url", "sso_region"]) { + if (!ssoSession[ssoSessionRequiredKey]) { + throw new import_property_provider.TokenProviderError( + `Sso session '${ssoSessionName}' is missing required property '${ssoSessionRequiredKey}'.`, + false + ); } - return this.codecSerializer.write(ns, value); } - flush() { - if (this.buffer !== void 0) { - const buffer = this.buffer; - this.buffer = void 0; - return buffer; + const ssoStartUrl = ssoSession["sso_start_url"]; + const ssoRegion = ssoSession["sso_region"]; + let ssoToken; + try { + ssoToken = await (0, import_shared_ini_file_loader.getSSOTokenFromFile)(ssoSessionName); + } catch (e) { + throw new import_property_provider.TokenProviderError( + `The SSO session token associated with profile=${profileName} was not found or is invalid. ${REFRESH_MESSAGE}`, + false + ); + } + validateTokenKey("accessToken", ssoToken.accessToken); + validateTokenKey("expiresAt", ssoToken.expiresAt); + const { accessToken, expiresAt } = ssoToken; + const existingToken = { token: accessToken, expiration: new Date(expiresAt) }; + if (existingToken.expiration.getTime() - Date.now() > EXPIRE_WINDOW_MS) { + return existingToken; + } + if (Date.now() - lastRefreshAttemptTime.getTime() < 30 * 1e3) { + validateTokenExpiry(existingToken); + return existingToken; + } + validateTokenKey("clientId", ssoToken.clientId, true); + validateTokenKey("clientSecret", ssoToken.clientSecret, true); + validateTokenKey("refreshToken", ssoToken.refreshToken, true); + try { + lastRefreshAttemptTime.setTime(Date.now()); + const newSsoOidcToken = await getNewSsoOidcToken(ssoToken, ssoRegion, init); + validateTokenKey("accessToken", newSsoOidcToken.accessToken); + validateTokenKey("expiresIn", newSsoOidcToken.expiresIn); + const newTokenExpiration = new Date(Date.now() + newSsoOidcToken.expiresIn * 1e3); + try { + await writeSSOTokenToFile(ssoSessionName, { + ...ssoToken, + accessToken: newSsoOidcToken.accessToken, + expiresAt: newTokenExpiration.toISOString(), + refreshToken: newSsoOidcToken.refreshToken + }); + } catch (error) { } - return this.codecSerializer.flush(); + return { + token: newSsoOidcToken.accessToken, + expiration: newTokenExpiration + }; + } catch (error) { + validateTokenExpiry(existingToken); + return existingToken; } -}; +}, "fromSso"); + +// src/fromStatic.ts + +var fromStatic = /* @__PURE__ */ __name(({ token, logger }) => async () => { + logger?.debug("@aws-sdk/token-providers - fromStatic"); + if (!token || !token.token) { + throw new import_property_provider.TokenProviderError(`Please pass a valid token to fromStatic`, false); + } + return token; +}, "fromStatic"); + +// src/nodeProvider.ts + +var nodeProvider = /* @__PURE__ */ __name((init = {}) => (0, import_property_provider.memoize)( + (0, import_property_provider.chain)(fromSso(init), async () => { + throw new import_property_provider.TokenProviderError("Could not load token from any providers", false); + }), + (token) => token.expiration !== void 0 && token.expiration.getTime() - Date.now() < 3e5, + (token) => token.expiration !== void 0 +), "nodeProvider"); // Annotate the CommonJS export names for ESM import in node: + 0 && (0); + /***/ }), -/***/ 9826: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +/***/ 5487: +/***/ ((module) => { + +"use strict"; var __defProp = Object.defineProperty; var __getOwnPropDesc = Object.getOwnPropertyDescriptor; var __getOwnPropNames = Object.getOwnPropertyNames; var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); var __export = (target, all) => { for (var name in all) __defProp(target, name, { get: all[name], enumerable: true }); @@ -58393,838 +43421,643 @@ var __copyProps = (to, from, except, desc) => { }; var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -// src/submodules/schema/index.ts -var schema_exports = {}; -__export(schema_exports, { - ErrorSchema: () => ErrorSchema, - ListSchema: () => ListSchema, - MapSchema: () => MapSchema, - NormalizedSchema: () => NormalizedSchema, - OperationSchema: () => OperationSchema, - SCHEMA: () => SCHEMA, - Schema: () => Schema, - SimpleSchema: () => SimpleSchema, - StructureSchema: () => StructureSchema, - TypeRegistry: () => TypeRegistry, - deref: () => deref, - deserializerMiddlewareOption: () => deserializerMiddlewareOption, - error: () => error, - getSchemaSerdePlugin: () => getSchemaSerdePlugin, - list: () => list, - map: () => map, - op: () => op, - serializerMiddlewareOption: () => serializerMiddlewareOption, - sim: () => sim, - struct: () => struct +// src/index.ts +var index_exports = {}; +__export(index_exports, { + build: () => build, + parse: () => parse, + validate: () => validate }); -module.exports = __toCommonJS(schema_exports); - -// src/submodules/schema/deref.ts -var deref = (schemaRef) => { - if (typeof schemaRef === "function") { - return schemaRef(); - } - return schemaRef; -}; - -// src/submodules/schema/middleware/schemaDeserializationMiddleware.ts -var import_protocol_http = __nccwpck_require__(4418); -var import_util_middleware = __nccwpck_require__(2390); -var schemaDeserializationMiddleware = (config) => (next, context) => async (args) => { - const { response } = await next(args); - const { operationSchema } = (0, import_util_middleware.getSmithyContext)(context); - try { - const parsed = await config.protocol.deserializeResponse( - operationSchema, - { - ...config, - ...context - }, - response - ); - return { - response, - output: parsed - }; - } catch (error2) { - Object.defineProperty(error2, "$response", { - value: response - }); - if (!("$metadata" in error2)) { - const hint = `Deserialization error: to see the raw response, inspect the hidden field {error}.$response on this object.`; - try { - error2.message += "\n " + hint; - } catch (e) { - if (!context.logger || context.logger?.constructor?.name === "NoOpLogger") { - console.warn(hint); - } else { - context.logger?.warn?.(hint); - } - } - if (typeof error2.$responseBodyText !== "undefined") { - if (error2.$response) { - error2.$response.body = error2.$responseBodyText; - } - } - try { - if (import_protocol_http.HttpResponse.isInstance(response)) { - const { headers = {} } = response; - const headerEntries = Object.entries(headers); - error2.$metadata = { - httpStatusCode: response.statusCode, - requestId: findHeader(/^x-[\w-]+-request-?id$/, headerEntries), - extendedRequestId: findHeader(/^x-[\w-]+-id-2$/, headerEntries), - cfId: findHeader(/^x-[\w-]+-cf-id$/, headerEntries) - }; - } - } catch (e) { - } - } - throw error2; - } -}; -var findHeader = (pattern, headers) => { - return (headers.find(([k]) => { - return k.match(pattern); - }) || [void 0, void 0])[1]; -}; - -// src/submodules/schema/middleware/schemaSerializationMiddleware.ts -var import_util_middleware2 = __nccwpck_require__(2390); -var schemaSerializationMiddleware = (config) => (next, context) => async (args) => { - const { operationSchema } = (0, import_util_middleware2.getSmithyContext)(context); - const endpoint = context.endpointV2?.url && config.urlParser ? async () => config.urlParser(context.endpointV2.url) : config.endpoint; - const request = await config.protocol.serializeRequest(operationSchema, args.input, { - ...config, - ...context, - endpoint - }); - return next({ - ...args, - request - }); -}; - -// src/submodules/schema/middleware/getSchemaSerdePlugin.ts -var deserializerMiddlewareOption = { - name: "deserializerMiddleware", - step: "deserialize", - tags: ["DESERIALIZER"], - override: true -}; -var serializerMiddlewareOption = { - name: "serializerMiddleware", - step: "serialize", - tags: ["SERIALIZER"], - override: true -}; -function getSchemaSerdePlugin(config) { +module.exports = __toCommonJS(index_exports); +var validate = /* @__PURE__ */ __name((str) => typeof str === "string" && str.indexOf("arn:") === 0 && str.split(":").length >= 6, "validate"); +var parse = /* @__PURE__ */ __name((arn) => { + const segments = arn.split(":"); + if (segments.length < 6 || segments[0] !== "arn") throw new Error("Malformed ARN"); + const [ + , + //Skip "arn" literal + partition, + service, + region, + accountId, + ...resource + ] = segments; return { - applyToStack: (commandStack) => { - commandStack.add(schemaSerializationMiddleware(config), serializerMiddlewareOption); - commandStack.add(schemaDeserializationMiddleware(config), deserializerMiddlewareOption); - config.protocol.setSerdeContext(config); - } + partition, + service, + region, + accountId, + resource: resource.join(":") }; -} - -// src/submodules/schema/TypeRegistry.ts -var TypeRegistry = class _TypeRegistry { - constructor(namespace, schemas = /* @__PURE__ */ new Map()) { - this.namespace = namespace; - this.schemas = schemas; - } - static { - this.registries = /* @__PURE__ */ new Map(); - } - /** - * @param namespace - specifier. - * @returns the schema for that namespace, creating it if necessary. - */ - static for(namespace) { - if (!_TypeRegistry.registries.has(namespace)) { - _TypeRegistry.registries.set(namespace, new _TypeRegistry(namespace)); - } - return _TypeRegistry.registries.get(namespace); - } - /** - * Adds the given schema to a type registry with the same namespace. - * - * @param shapeId - to be registered. - * @param schema - to be registered. - */ - register(shapeId, schema) { - const qualifiedName = this.normalizeShapeId(shapeId); - const registry = _TypeRegistry.for(this.getNamespace(shapeId)); - registry.schemas.set(qualifiedName, schema); - } - /** - * @param shapeId - query. - * @returns the schema. - */ - getSchema(shapeId) { - const id = this.normalizeShapeId(shapeId); - if (!this.schemas.has(id)) { - throw new Error(`@smithy/core/schema - schema not found for ${id}`); - } - return this.schemas.get(id); - } - /** - * The smithy-typescript code generator generates a synthetic (i.e. unmodeled) base exception, - * because generated SDKs before the introduction of schemas have the notion of a ServiceBaseException, which - * is unique per service/model. - * - * This is generated under a unique prefix that is combined with the service namespace, and this - * method is used to retrieve it. - * - * The base exception synthetic schema is used when an error is returned by a service, but we cannot - * determine what existing schema to use to deserialize it. - * - * @returns the synthetic base exception of the service namespace associated with this registry instance. - */ - getBaseException() { - for (const [id, schema] of this.schemas.entries()) { - if (id.startsWith("smithy.ts.sdk.synthetic.") && id.endsWith("ServiceException")) { - return schema; - } - } - return void 0; - } - /** - * @param predicate - criterion. - * @returns a schema in this registry matching the predicate. - */ - find(predicate) { - return [...this.schemas.values()].find(predicate); - } - /** - * Unloads the current TypeRegistry. - */ - destroy() { - _TypeRegistry.registries.delete(this.namespace); - this.schemas.clear(); - } - normalizeShapeId(shapeId) { - if (shapeId.includes("#")) { - return shapeId; - } - return this.namespace + "#" + shapeId; - } - getNamespace(shapeId) { - return this.normalizeShapeId(shapeId).split("#")[0]; - } -}; - -// src/submodules/schema/schemas/Schema.ts -var Schema = class { - constructor(name, traits) { - this.name = name; - this.traits = traits; - } -}; - -// src/submodules/schema/schemas/ListSchema.ts -var ListSchema = class _ListSchema extends Schema { - constructor(name, traits, valueSchema) { - super(name, traits); - this.name = name; - this.traits = traits; - this.valueSchema = valueSchema; - this.symbol = _ListSchema.symbol; - } - static { - this.symbol = Symbol.for("@smithy/core/schema::ListSchema"); - } - static [Symbol.hasInstance](lhs) { - const isPrototype = _ListSchema.prototype.isPrototypeOf(lhs); - if (!isPrototype && typeof lhs === "object" && lhs !== null) { - const list2 = lhs; - return list2.symbol === _ListSchema.symbol; - } - return isPrototype; - } -}; -function list(namespace, name, traits = {}, valueSchema) { - const schema = new ListSchema( - namespace + "#" + name, - traits, - typeof valueSchema === "function" ? valueSchema() : valueSchema - ); - TypeRegistry.for(namespace).register(name, schema); - return schema; -} - -// src/submodules/schema/schemas/MapSchema.ts -var MapSchema = class _MapSchema extends Schema { - constructor(name, traits, keySchema, valueSchema) { - super(name, traits); - this.name = name; - this.traits = traits; - this.keySchema = keySchema; - this.valueSchema = valueSchema; - this.symbol = _MapSchema.symbol; - } - static { - this.symbol = Symbol.for("@smithy/core/schema::MapSchema"); - } - static [Symbol.hasInstance](lhs) { - const isPrototype = _MapSchema.prototype.isPrototypeOf(lhs); - if (!isPrototype && typeof lhs === "object" && lhs !== null) { - const map2 = lhs; - return map2.symbol === _MapSchema.symbol; - } - return isPrototype; - } -}; -function map(namespace, name, traits = {}, keySchema, valueSchema) { - const schema = new MapSchema( - namespace + "#" + name, - traits, - keySchema, - typeof valueSchema === "function" ? valueSchema() : valueSchema - ); - TypeRegistry.for(namespace).register(name, schema); - return schema; -} - -// src/submodules/schema/schemas/OperationSchema.ts -var OperationSchema = class extends Schema { - constructor(name, traits, input, output) { - super(name, traits); - this.name = name; - this.traits = traits; - this.input = input; - this.output = output; +}, "parse"); +var build = /* @__PURE__ */ __name((arnObject) => { + const { partition = "aws", service, region, accountId, resource } = arnObject; + if ([service, region, accountId, resource].some((segment) => typeof segment !== "string")) { + throw new Error("Input ARN object is invalid"); } -}; -function op(namespace, name, traits = {}, input, output) { - const schema = new OperationSchema(namespace + "#" + name, traits, input, output); - TypeRegistry.for(namespace).register(name, schema); - return schema; -} + return `arn:${partition}:${service}:${region}:${accountId}:${resource}`; +}, "build"); +// Annotate the CommonJS export names for ESM import in node: -// src/submodules/schema/schemas/StructureSchema.ts -var StructureSchema = class _StructureSchema extends Schema { - constructor(name, traits, memberNames, memberList) { - super(name, traits); - this.name = name; - this.traits = traits; - this.memberNames = memberNames; - this.memberList = memberList; - this.symbol = _StructureSchema.symbol; - this.members = {}; - for (let i = 0; i < memberNames.length; ++i) { - this.members[memberNames[i]] = Array.isArray(memberList[i]) ? memberList[i] : [memberList[i], 0]; - } - } - static { - this.symbol = Symbol.for("@smithy/core/schema::StructureSchema"); - } - static [Symbol.hasInstance](lhs) { - const isPrototype = _StructureSchema.prototype.isPrototypeOf(lhs); - if (!isPrototype && typeof lhs === "object" && lhs !== null) { - const struct2 = lhs; - return struct2.symbol === _StructureSchema.symbol; - } - return isPrototype; - } -}; -function struct(namespace, name, traits, memberNames, memberList) { - const schema = new StructureSchema(namespace + "#" + name, traits, memberNames, memberList); - TypeRegistry.for(namespace).register(name, schema); - return schema; -} +0 && (0); -// src/submodules/schema/schemas/ErrorSchema.ts -var ErrorSchema = class _ErrorSchema extends StructureSchema { - constructor(name, traits, memberNames, memberList, ctor) { - super(name, traits, memberNames, memberList); - this.name = name; - this.traits = traits; - this.memberNames = memberNames; - this.memberList = memberList; - this.ctor = ctor; - this.symbol = _ErrorSchema.symbol; - } - static { - this.symbol = Symbol.for("@smithy/core/schema::ErrorSchema"); - } - static [Symbol.hasInstance](lhs) { - const isPrototype = _ErrorSchema.prototype.isPrototypeOf(lhs); - if (!isPrototype && typeof lhs === "object" && lhs !== null) { - const err = lhs; - return err.symbol === _ErrorSchema.symbol; - } - return isPrototype; - } -}; -function error(namespace, name, traits = {}, memberNames, memberList, ctor) { - const schema = new ErrorSchema(namespace + "#" + name, traits, memberNames, memberList, ctor); - TypeRegistry.for(namespace).register(name, schema); - return schema; -} -// src/submodules/schema/schemas/sentinels.ts -var SCHEMA = { - BLOB: 21, - // 21 - STREAMING_BLOB: 42, - // 42 - BOOLEAN: 2, - // 2 - STRING: 0, - // 0 - NUMERIC: 1, - // 1 - BIG_INTEGER: 17, - // 17 - BIG_DECIMAL: 19, - // 19 - DOCUMENT: 15, - // 15 - TIMESTAMP_DEFAULT: 4, - // 4 - TIMESTAMP_DATE_TIME: 5, - // 5 - TIMESTAMP_HTTP_DATE: 6, - // 6 - TIMESTAMP_EPOCH_SECONDS: 7, - // 7 - LIST_MODIFIER: 64, - // 64 - MAP_MODIFIER: 128 - // 128 -}; -// src/submodules/schema/schemas/SimpleSchema.ts -var SimpleSchema = class _SimpleSchema extends Schema { - constructor(name, schemaRef, traits) { - super(name, traits); - this.name = name; - this.schemaRef = schemaRef; - this.traits = traits; - this.symbol = _SimpleSchema.symbol; - } - static { - this.symbol = Symbol.for("@smithy/core/schema::SimpleSchema"); - } - static [Symbol.hasInstance](lhs) { - const isPrototype = _SimpleSchema.prototype.isPrototypeOf(lhs); - if (!isPrototype && typeof lhs === "object" && lhs !== null) { - const sim2 = lhs; - return sim2.symbol === _SimpleSchema.symbol; - } - return isPrototype; +/***/ }), + +/***/ 3350: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +"use strict"; + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } + return to; }; -function sim(namespace, name, schemaRef, traits) { - const schema = new SimpleSchema(namespace + "#" + name, schemaRef, traits); - TypeRegistry.for(namespace).register(name, schema); - return schema; -} +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -// src/submodules/schema/schemas/NormalizedSchema.ts -var NormalizedSchema = class _NormalizedSchema { - /** - * @param ref - a polymorphic SchemaRef to be dereferenced/normalized. - * @param memberName - optional memberName if this NormalizedSchema should be considered a member schema. - */ - constructor(ref, memberName) { - this.ref = ref; - this.memberName = memberName; - this.symbol = _NormalizedSchema.symbol; - const traitStack = []; - let _ref = ref; - let schema = ref; - this._isMemberSchema = false; - while (Array.isArray(_ref)) { - traitStack.push(_ref[1]); - _ref = _ref[0]; - schema = deref(_ref); - this._isMemberSchema = true; - } - if (traitStack.length > 0) { - this.memberTraits = {}; - for (let i = traitStack.length - 1; i >= 0; --i) { - const traitSet = traitStack[i]; - Object.assign(this.memberTraits, _NormalizedSchema.translateTraits(traitSet)); +// src/index.ts +var index_exports = {}; +__export(index_exports, { + ConditionObject: () => import_util_endpoints.ConditionObject, + DeprecatedObject: () => import_util_endpoints.DeprecatedObject, + EndpointError: () => import_util_endpoints.EndpointError, + EndpointObject: () => import_util_endpoints.EndpointObject, + EndpointObjectHeaders: () => import_util_endpoints.EndpointObjectHeaders, + EndpointObjectProperties: () => import_util_endpoints.EndpointObjectProperties, + EndpointParams: () => import_util_endpoints.EndpointParams, + EndpointResolverOptions: () => import_util_endpoints.EndpointResolverOptions, + EndpointRuleObject: () => import_util_endpoints.EndpointRuleObject, + ErrorRuleObject: () => import_util_endpoints.ErrorRuleObject, + EvaluateOptions: () => import_util_endpoints.EvaluateOptions, + Expression: () => import_util_endpoints.Expression, + FunctionArgv: () => import_util_endpoints.FunctionArgv, + FunctionObject: () => import_util_endpoints.FunctionObject, + FunctionReturn: () => import_util_endpoints.FunctionReturn, + ParameterObject: () => import_util_endpoints.ParameterObject, + ReferenceObject: () => import_util_endpoints.ReferenceObject, + ReferenceRecord: () => import_util_endpoints.ReferenceRecord, + RuleSetObject: () => import_util_endpoints.RuleSetObject, + RuleSetRules: () => import_util_endpoints.RuleSetRules, + TreeRuleObject: () => import_util_endpoints.TreeRuleObject, + awsEndpointFunctions: () => awsEndpointFunctions, + getUserAgentPrefix: () => getUserAgentPrefix, + isIpAddress: () => import_util_endpoints.isIpAddress, + partition: () => partition, + resolveDefaultAwsRegionalEndpointsConfig: () => resolveDefaultAwsRegionalEndpointsConfig, + resolveEndpoint: () => import_util_endpoints.resolveEndpoint, + setPartitionInfo: () => setPartitionInfo, + toEndpointV1: () => toEndpointV1, + useDefaultPartitionInfo: () => useDefaultPartitionInfo +}); +module.exports = __toCommonJS(index_exports); + +// src/aws.ts + + +// src/lib/aws/isVirtualHostableS3Bucket.ts + + +// src/lib/isIpAddress.ts +var import_util_endpoints = __nccwpck_require__(5473); + +// src/lib/aws/isVirtualHostableS3Bucket.ts +var isVirtualHostableS3Bucket = /* @__PURE__ */ __name((value, allowSubDomains = false) => { + if (allowSubDomains) { + for (const label of value.split(".")) { + if (!isVirtualHostableS3Bucket(label)) { + return false; } - } else { - this.memberTraits = 0; - } - if (schema instanceof _NormalizedSchema) { - this.name = schema.name; - this.traits = schema.traits; - this._isMemberSchema = schema._isMemberSchema; - this.schema = schema.schema; - this.memberTraits = Object.assign({}, schema.getMemberTraits(), this.getMemberTraits()); - this.normalizedTraits = void 0; - this.ref = schema.ref; - this.memberName = memberName ?? schema.memberName; - return; - } - this.schema = deref(schema); - if (this.schema && typeof this.schema === "object") { - this.traits = this.schema?.traits ?? {}; - } else { - this.traits = 0; - } - this.name = (typeof this.schema === "object" ? this.schema?.name : void 0) ?? this.memberName ?? this.getSchemaName(); - if (this._isMemberSchema && !memberName) { - throw new Error( - `@smithy/core/schema - NormalizedSchema member schema ${this.getName( - true - )} must initialize with memberName argument.` - ); } + return true; } - static { - this.symbol = Symbol.for("@smithy/core/schema::NormalizedSchema"); + if (!(0, import_util_endpoints.isValidHostLabel)(value)) { + return false; } - static [Symbol.hasInstance](lhs) { - const isPrototype = _NormalizedSchema.prototype.isPrototypeOf(lhs); - if (!isPrototype && typeof lhs === "object" && lhs !== null) { - const ns = lhs; - return ns.symbol === _NormalizedSchema.symbol; - } - return isPrototype; + if (value.length < 3 || value.length > 63) { + return false; } - /** - * Static constructor that attempts to avoid wrapping a NormalizedSchema within another. - */ - static of(ref, memberName) { - if (ref instanceof _NormalizedSchema) { - return ref; - } - return new _NormalizedSchema(ref, memberName); + if (value !== value.toLowerCase()) { + return false; } - /** - * @param indicator - numeric indicator for preset trait combination. - * @returns equivalent trait object. - */ - static translateTraits(indicator) { - if (typeof indicator === "object") { - return indicator; - } - indicator = indicator | 0; - const traits = {}; - if ((indicator & 1) === 1) { - traits.httpLabel = 1; - } - if ((indicator >> 1 & 1) === 1) { - traits.idempotent = 1; - } - if ((indicator >> 2 & 1) === 1) { - traits.idempotencyToken = 1; - } - if ((indicator >> 3 & 1) === 1) { - traits.sensitive = 1; - } - if ((indicator >> 4 & 1) === 1) { - traits.httpPayload = 1; + if ((0, import_util_endpoints.isIpAddress)(value)) { + return false; + } + return true; +}, "isVirtualHostableS3Bucket"); + +// src/lib/aws/parseArn.ts +var ARN_DELIMITER = ":"; +var RESOURCE_DELIMITER = "/"; +var parseArn = /* @__PURE__ */ __name((value) => { + const segments = value.split(ARN_DELIMITER); + if (segments.length < 6) return null; + const [arn, partition2, service, region, accountId, ...resourcePath] = segments; + if (arn !== "arn" || partition2 === "" || service === "" || resourcePath.join(ARN_DELIMITER) === "") return null; + const resourceId = resourcePath.map((resource) => resource.split(RESOURCE_DELIMITER)).flat(); + return { + partition: partition2, + service, + region, + accountId, + resourceId + }; +}, "parseArn"); + +// src/lib/aws/partitions.json +var partitions_default = { + partitions: [{ + id: "aws", + outputs: { + dnsSuffix: "amazonaws.com", + dualStackDnsSuffix: "api.aws", + implicitGlobalRegion: "us-east-1", + name: "aws", + supportsDualStack: true, + supportsFIPS: true + }, + regionRegex: "^(us|eu|ap|sa|ca|me|af|il|mx)\\-\\w+\\-\\d+$", + regions: { + "af-south-1": { + description: "Africa (Cape Town)" + }, + "ap-east-1": { + description: "Asia Pacific (Hong Kong)" + }, + "ap-east-2": { + description: "Asia Pacific (Taipei)" + }, + "ap-northeast-1": { + description: "Asia Pacific (Tokyo)" + }, + "ap-northeast-2": { + description: "Asia Pacific (Seoul)" + }, + "ap-northeast-3": { + description: "Asia Pacific (Osaka)" + }, + "ap-south-1": { + description: "Asia Pacific (Mumbai)" + }, + "ap-south-2": { + description: "Asia Pacific (Hyderabad)" + }, + "ap-southeast-1": { + description: "Asia Pacific (Singapore)" + }, + "ap-southeast-2": { + description: "Asia Pacific (Sydney)" + }, + "ap-southeast-3": { + description: "Asia Pacific (Jakarta)" + }, + "ap-southeast-4": { + description: "Asia Pacific (Melbourne)" + }, + "ap-southeast-5": { + description: "Asia Pacific (Malaysia)" + }, + "ap-southeast-7": { + description: "Asia Pacific (Thailand)" + }, + "aws-global": { + description: "AWS Standard global region" + }, + "ca-central-1": { + description: "Canada (Central)" + }, + "ca-west-1": { + description: "Canada West (Calgary)" + }, + "eu-central-1": { + description: "Europe (Frankfurt)" + }, + "eu-central-2": { + description: "Europe (Zurich)" + }, + "eu-north-1": { + description: "Europe (Stockholm)" + }, + "eu-south-1": { + description: "Europe (Milan)" + }, + "eu-south-2": { + description: "Europe (Spain)" + }, + "eu-west-1": { + description: "Europe (Ireland)" + }, + "eu-west-2": { + description: "Europe (London)" + }, + "eu-west-3": { + description: "Europe (Paris)" + }, + "il-central-1": { + description: "Israel (Tel Aviv)" + }, + "me-central-1": { + description: "Middle East (UAE)" + }, + "me-south-1": { + description: "Middle East (Bahrain)" + }, + "mx-central-1": { + description: "Mexico (Central)" + }, + "sa-east-1": { + description: "South America (Sao Paulo)" + }, + "us-east-1": { + description: "US East (N. Virginia)" + }, + "us-east-2": { + description: "US East (Ohio)" + }, + "us-west-1": { + description: "US West (N. California)" + }, + "us-west-2": { + description: "US West (Oregon)" + } } - if ((indicator >> 5 & 1) === 1) { - traits.httpResponseCode = 1; + }, { + id: "aws-cn", + outputs: { + dnsSuffix: "amazonaws.com.cn", + dualStackDnsSuffix: "api.amazonwebservices.com.cn", + implicitGlobalRegion: "cn-northwest-1", + name: "aws-cn", + supportsDualStack: true, + supportsFIPS: true + }, + regionRegex: "^cn\\-\\w+\\-\\d+$", + regions: { + "aws-cn-global": { + description: "AWS China global region" + }, + "cn-north-1": { + description: "China (Beijing)" + }, + "cn-northwest-1": { + description: "China (Ningxia)" + } } - if ((indicator >> 6 & 1) === 1) { - traits.httpQueryParams = 1; + }, { + id: "aws-us-gov", + outputs: { + dnsSuffix: "amazonaws.com", + dualStackDnsSuffix: "api.aws", + implicitGlobalRegion: "us-gov-west-1", + name: "aws-us-gov", + supportsDualStack: true, + supportsFIPS: true + }, + regionRegex: "^us\\-gov\\-\\w+\\-\\d+$", + regions: { + "aws-us-gov-global": { + description: "AWS GovCloud (US) global region" + }, + "us-gov-east-1": { + description: "AWS GovCloud (US-East)" + }, + "us-gov-west-1": { + description: "AWS GovCloud (US-West)" + } } - return traits; - } - /** - * Creates a normalized member schema from the given schema and member name. - */ - static memberFrom(memberSchema, memberName) { - if (memberSchema instanceof _NormalizedSchema) { - memberSchema.memberName = memberName; - memberSchema._isMemberSchema = true; - return memberSchema; + }, { + id: "aws-iso", + outputs: { + dnsSuffix: "c2s.ic.gov", + dualStackDnsSuffix: "c2s.ic.gov", + implicitGlobalRegion: "us-iso-east-1", + name: "aws-iso", + supportsDualStack: false, + supportsFIPS: true + }, + regionRegex: "^us\\-iso\\-\\w+\\-\\d+$", + regions: { + "aws-iso-global": { + description: "AWS ISO (US) global region" + }, + "us-iso-east-1": { + description: "US ISO East" + }, + "us-iso-west-1": { + description: "US ISO WEST" + } } - return new _NormalizedSchema(memberSchema, memberName); - } - /** - * @returns the underlying non-normalized schema. - */ - getSchema() { - if (this.schema instanceof _NormalizedSchema) { - return this.schema = this.schema.getSchema(); + }, { + id: "aws-iso-b", + outputs: { + dnsSuffix: "sc2s.sgov.gov", + dualStackDnsSuffix: "sc2s.sgov.gov", + implicitGlobalRegion: "us-isob-east-1", + name: "aws-iso-b", + supportsDualStack: false, + supportsFIPS: true + }, + regionRegex: "^us\\-isob\\-\\w+\\-\\d+$", + regions: { + "aws-iso-b-global": { + description: "AWS ISOB (US) global region" + }, + "us-isob-east-1": { + description: "US ISOB East (Ohio)" + } } - if (this.schema instanceof SimpleSchema) { - return deref(this.schema.schemaRef); + }, { + id: "aws-iso-e", + outputs: { + dnsSuffix: "cloud.adc-e.uk", + dualStackDnsSuffix: "cloud.adc-e.uk", + implicitGlobalRegion: "eu-isoe-west-1", + name: "aws-iso-e", + supportsDualStack: false, + supportsFIPS: true + }, + regionRegex: "^eu\\-isoe\\-\\w+\\-\\d+$", + regions: { + "aws-iso-e-global": { + description: "AWS ISOE (Europe) global region" + }, + "eu-isoe-west-1": { + description: "EU ISOE West" + } } - return deref(this.schema); - } - /** - * @param withNamespace - qualifies the name. - * @returns e.g. `MyShape` or `com.namespace#MyShape`. - */ - getName(withNamespace = false) { - if (!withNamespace) { - if (this.name && this.name.includes("#")) { - return this.name.split("#")[1]; + }, { + id: "aws-iso-f", + outputs: { + dnsSuffix: "csp.hci.ic.gov", + dualStackDnsSuffix: "csp.hci.ic.gov", + implicitGlobalRegion: "us-isof-south-1", + name: "aws-iso-f", + supportsDualStack: false, + supportsFIPS: true + }, + regionRegex: "^us\\-isof\\-\\w+\\-\\d+$", + regions: { + "aws-iso-f-global": { + description: "AWS ISOF global region" + }, + "us-isof-east-1": { + description: "US ISOF EAST" + }, + "us-isof-south-1": { + description: "US ISOF SOUTH" } } - return this.name || void 0; - } - /** - * @returns the member name if the schema is a member schema. - * @throws Error when the schema isn't a member schema. - */ - getMemberName() { - if (!this.isMemberSchema()) { - throw new Error(`@smithy/core/schema - cannot get member name on non-member schema: ${this.getName(true)}`); + }, { + id: "aws-eusc", + outputs: { + dnsSuffix: "amazonaws.eu", + dualStackDnsSuffix: "amazonaws.eu", + implicitGlobalRegion: "eusc-de-east-1", + name: "aws-eusc", + supportsDualStack: false, + supportsFIPS: true + }, + regionRegex: "^eusc\\-(de)\\-\\w+\\-\\d+$", + regions: { + "eusc-de-east-1": { + description: "EU (Germany)" + } } - return this.memberName; - } - isMemberSchema() { - return this._isMemberSchema; - } - isUnitSchema() { - return this.getSchema() === "unit"; - } - /** - * boolean methods on this class help control flow in shape serialization and deserialization. - */ - isListSchema() { - const inner = this.getSchema(); - if (typeof inner === "number") { - return inner >= SCHEMA.LIST_MODIFIER && inner < SCHEMA.MAP_MODIFIER; + }], + version: "1.1" +}; + +// src/lib/aws/partition.ts +var selectedPartitionsInfo = partitions_default; +var selectedUserAgentPrefix = ""; +var partition = /* @__PURE__ */ __name((value) => { + const { partitions } = selectedPartitionsInfo; + for (const partition2 of partitions) { + const { regions, outputs } = partition2; + for (const [region, regionData] of Object.entries(regions)) { + if (region === value) { + return { + ...outputs, + ...regionData + }; + } } - return inner instanceof ListSchema; } - isMapSchema() { - const inner = this.getSchema(); - if (typeof inner === "number") { - return inner >= SCHEMA.MAP_MODIFIER && inner <= 255; + for (const partition2 of partitions) { + const { regionRegex, outputs } = partition2; + if (new RegExp(regionRegex).test(value)) { + return { + ...outputs + }; } - return inner instanceof MapSchema; - } - isDocumentSchema() { - return this.getSchema() === SCHEMA.DOCUMENT; - } - isStructSchema() { - const inner = this.getSchema(); - return inner !== null && typeof inner === "object" && "members" in inner || inner instanceof StructureSchema; - } - isBlobSchema() { - return this.getSchema() === SCHEMA.BLOB || this.getSchema() === SCHEMA.STREAMING_BLOB; } - isTimestampSchema() { - const schema = this.getSchema(); - return typeof schema === "number" && schema >= SCHEMA.TIMESTAMP_DEFAULT && schema <= SCHEMA.TIMESTAMP_EPOCH_SECONDS; - } - isStringSchema() { - return this.getSchema() === SCHEMA.STRING; - } - isBooleanSchema() { - return this.getSchema() === SCHEMA.BOOLEAN; - } - isNumericSchema() { - return this.getSchema() === SCHEMA.NUMERIC; - } - isBigIntegerSchema() { - return this.getSchema() === SCHEMA.BIG_INTEGER; - } - isBigDecimalSchema() { - return this.getSchema() === SCHEMA.BIG_DECIMAL; - } - isStreaming() { - const streaming = !!this.getMergedTraits().streaming; - if (streaming) { - return true; - } - return this.getSchema() === SCHEMA.STREAMING_BLOB; + const DEFAULT_PARTITION = partitions.find((partition2) => partition2.id === "aws"); + if (!DEFAULT_PARTITION) { + throw new Error( + "Provided region was not found in the partition array or regex, and default partition with id 'aws' doesn't exist." + ); } - /** - * This is a shortcut to avoid calling `getMergedTraits().idempotencyToken` on every string. - * @returns whether the schema has the idempotencyToken trait. - */ - isIdempotencyToken() { - if (typeof this.traits === "number") { - return (this.traits & 4) === 4; - } else if (typeof this.traits === "object") { - return !!this.traits.idempotencyToken; - } - return false; + return { + ...DEFAULT_PARTITION.outputs + }; +}, "partition"); +var setPartitionInfo = /* @__PURE__ */ __name((partitionsInfo, userAgentPrefix = "") => { + selectedPartitionsInfo = partitionsInfo; + selectedUserAgentPrefix = userAgentPrefix; +}, "setPartitionInfo"); +var useDefaultPartitionInfo = /* @__PURE__ */ __name(() => { + setPartitionInfo(partitions_default, ""); +}, "useDefaultPartitionInfo"); +var getUserAgentPrefix = /* @__PURE__ */ __name(() => selectedUserAgentPrefix, "getUserAgentPrefix"); + +// src/aws.ts +var awsEndpointFunctions = { + isVirtualHostableS3Bucket, + parseArn, + partition +}; +import_util_endpoints.customEndpointFunctions.aws = awsEndpointFunctions; + +// src/resolveDefaultAwsRegionalEndpointsConfig.ts +var import_url_parser = __nccwpck_require__(4681); +var resolveDefaultAwsRegionalEndpointsConfig = /* @__PURE__ */ __name((input) => { + if (typeof input.endpointProvider !== "function") { + throw new Error("@aws-sdk/util-endpoint - endpointProvider and endpoint missing in config for this client."); } - /** - * @returns own traits merged with member traits, where member traits of the same trait key take priority. - * This method is cached. - */ - getMergedTraits() { - if (this.normalizedTraits) { - return this.normalizedTraits; - } - this.normalizedTraits = { - ...this.getOwnTraits(), - ...this.getMemberTraits() + const { endpoint } = input; + if (endpoint === void 0) { + input.endpoint = async () => { + return toEndpointV1( + input.endpointProvider( + { + Region: typeof input.region === "function" ? await input.region() : input.region, + UseDualStack: typeof input.useDualstackEndpoint === "function" ? await input.useDualstackEndpoint() : input.useDualstackEndpoint, + UseFIPS: typeof input.useFipsEndpoint === "function" ? await input.useFipsEndpoint() : input.useFipsEndpoint, + Endpoint: void 0 + }, + { logger: input.logger } + ) + ); }; - return this.normalizedTraits; - } - /** - * @returns only the member traits. If the schema is not a member, this returns empty. - */ - getMemberTraits() { - return _NormalizedSchema.translateTraits(this.memberTraits); - } - /** - * @returns only the traits inherent to the shape or member target shape if this schema is a member. - * If there are any member traits they are excluded. - */ - getOwnTraits() { - return _NormalizedSchema.translateTraits(this.traits); - } - /** - * @returns the map's key's schema. Returns a dummy Document schema if this schema is a Document. - * - * @throws Error if the schema is not a Map or Document. - */ - getKeySchema() { - if (this.isDocumentSchema()) { - return _NormalizedSchema.memberFrom([SCHEMA.DOCUMENT, 0], "key"); - } - if (!this.isMapSchema()) { - throw new Error(`@smithy/core/schema - cannot get key schema for non-map schema: ${this.getName(true)}`); - } - const schema = this.getSchema(); - if (typeof schema === "number") { - return _NormalizedSchema.memberFrom([63 & schema, 0], "key"); - } - return _NormalizedSchema.memberFrom([schema.keySchema, 0], "key"); - } - /** - * @returns the schema of the map's value or list's member. - * Returns a dummy Document schema if this schema is a Document. - * - * @throws Error if the schema is not a Map, List, nor Document. - */ - getValueSchema() { - const schema = this.getSchema(); - if (typeof schema === "number") { - if (this.isMapSchema()) { - return _NormalizedSchema.memberFrom([63 & schema, 0], "value"); - } else if (this.isListSchema()) { - return _NormalizedSchema.memberFrom([63 & schema, 0], "member"); - } - } - if (schema && typeof schema === "object") { - if (this.isStructSchema()) { - throw new Error(`cannot call getValueSchema() with StructureSchema ${this.getName(true)}`); - } - const collection = schema; - if ("valueSchema" in collection) { - if (this.isMapSchema()) { - return _NormalizedSchema.memberFrom([collection.valueSchema, 0], "value"); - } else if (this.isListSchema()) { - return _NormalizedSchema.memberFrom([collection.valueSchema, 0], "member"); - } - } - } - if (this.isDocumentSchema()) { - return _NormalizedSchema.memberFrom([SCHEMA.DOCUMENT, 0], "value"); - } - throw new Error(`@smithy/core/schema - the schema ${this.getName(true)} does not have a value member.`); } - /** - * @returns the NormalizedSchema for the given member name. The returned instance will return true for `isMemberSchema()` - * and will have the member name given. - * @param member - which member to retrieve and wrap. - * - * @throws Error if member does not exist or the schema is neither a document nor structure. - * Note that errors are assumed to be structures and unions are considered structures for these purposes. - */ - getMemberSchema(member) { - if (this.isStructSchema()) { - const struct2 = this.getSchema(); - if (!(member in struct2.members)) { - throw new Error( - `@smithy/core/schema - the schema ${this.getName(true)} does not have a member with name=${member}.` - ); - } - return _NormalizedSchema.memberFrom(struct2.members[member], member); - } - if (this.isDocumentSchema()) { - return _NormalizedSchema.memberFrom([SCHEMA.DOCUMENT, 0], member); - } - throw new Error(`@smithy/core/schema - the schema ${this.getName(true)} does not have members.`); + return input; +}, "resolveDefaultAwsRegionalEndpointsConfig"); +var toEndpointV1 = /* @__PURE__ */ __name((endpoint) => (0, import_url_parser.parseUrl)(endpoint.url), "toEndpointV1"); + +// src/resolveEndpoint.ts + + +// src/types/EndpointError.ts + + +// src/types/EndpointRuleObject.ts + + +// src/types/ErrorRuleObject.ts + + +// src/types/RuleSetObject.ts + + +// src/types/TreeRuleObject.ts + + +// src/types/shared.ts + +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); + + + +/***/ }), + +/***/ 8095: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +"use strict"; + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } - /** - * This can be used for checking the members as a hashmap. - * Prefer the structIterator method for iteration. - * - * This does NOT return list and map members, it is only for structures. - * - * @returns a map of member names to member schemas (normalized). - */ - getMemberSchemas() { - const { schema } = this; - const struct2 = schema; - if (!struct2 || typeof struct2 !== "object") { - return {}; - } - if ("members" in struct2) { - const buffer = {}; - for (const member of struct2.memberNames) { - buffer[member] = this.getMemberSchema(member); - } - return buffer; - } - return {}; + return to; +}; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/index.ts +var index_exports = {}; +__export(index_exports, { + NODE_APP_ID_CONFIG_OPTIONS: () => NODE_APP_ID_CONFIG_OPTIONS, + UA_APP_ID_ENV_NAME: () => UA_APP_ID_ENV_NAME, + UA_APP_ID_INI_NAME: () => UA_APP_ID_INI_NAME, + createDefaultUserAgentProvider: () => createDefaultUserAgentProvider, + crtAvailability: () => crtAvailability, + defaultUserAgent: () => defaultUserAgent +}); +module.exports = __toCommonJS(index_exports); + +// src/defaultUserAgent.ts +var import_os = __nccwpck_require__(2037); +var import_process = __nccwpck_require__(7282); + +// src/crt-availability.ts +var crtAvailability = { + isCrtAvailable: false +}; + +// src/is-crt-available.ts +var isCrtAvailable = /* @__PURE__ */ __name(() => { + if (crtAvailability.isCrtAvailable) { + return ["md/crt-avail"]; } - /** - * Allows iteration over members of a structure schema. - * Each yield is a pair of the member name and member schema. - * - * This avoids the overhead of calling Object.entries(ns.getMemberSchemas()). - */ - *structIterator() { - if (this.isUnitSchema()) { - return; - } - if (!this.isStructSchema()) { - throw new Error("@smithy/core/schema - cannot acquire structIterator on non-struct schema."); + return null; +}, "isCrtAvailable"); + +// src/defaultUserAgent.ts +var createDefaultUserAgentProvider = /* @__PURE__ */ __name(({ serviceId, clientVersion }) => { + return async (config) => { + const sections = [ + // sdk-metadata + ["aws-sdk-js", clientVersion], + // ua-metadata + ["ua", "2.1"], + // os-metadata + [`os/${(0, import_os.platform)()}`, (0, import_os.release)()], + // language-metadata + // ECMAScript edition doesn't matter in JS, so no version needed. + ["lang/js"], + ["md/nodejs", `${import_process.versions.node}`] + ]; + const crtAvailable = isCrtAvailable(); + if (crtAvailable) { + sections.push(crtAvailable); } - const struct2 = this.getSchema(); - for (let i = 0; i < struct2.memberNames.length; ++i) { - yield [struct2.memberNames[i], _NormalizedSchema.memberFrom([struct2.memberList[i], 0], struct2.memberNames[i])]; + if (serviceId) { + sections.push([`api/${serviceId}`, clientVersion]); } - } - /** - * @returns a last-resort human-readable name for the schema if it has no other identifiers. - */ - getSchemaName() { - const schema = this.getSchema(); - if (typeof schema === "number") { - const _schema = 63 & schema; - const container = 192 & schema; - const type = Object.entries(SCHEMA).find(([, value]) => { - return value === _schema; - })?.[0] ?? "Unknown"; - switch (container) { - case SCHEMA.MAP_MODIFIER: - return `${type}Map`; - case SCHEMA.LIST_MODIFIER: - return `${type}List`; - case 0: - return type; - } + if (import_process.env.AWS_EXECUTION_ENV) { + sections.push([`exec-env/${import_process.env.AWS_EXECUTION_ENV}`]); } - return "Unknown"; - } + const appId = await config?.userAgentAppId?.(); + const resolvedUserAgent = appId ? [...sections, [`app/${appId}`]] : [...sections]; + return resolvedUserAgent; + }; +}, "createDefaultUserAgentProvider"); +var defaultUserAgent = createDefaultUserAgentProvider; + +// src/nodeAppIdConfigOptions.ts +var import_middleware_user_agent = __nccwpck_require__(4688); +var UA_APP_ID_ENV_NAME = "AWS_SDK_UA_APP_ID"; +var UA_APP_ID_INI_NAME = "sdk_ua_app_id"; +var UA_APP_ID_INI_NAME_DEPRECATED = "sdk-ua-app-id"; +var NODE_APP_ID_CONFIG_OPTIONS = { + environmentVariableSelector: /* @__PURE__ */ __name((env2) => env2[UA_APP_ID_ENV_NAME], "environmentVariableSelector"), + configFileSelector: /* @__PURE__ */ __name((profile) => profile[UA_APP_ID_INI_NAME] ?? profile[UA_APP_ID_INI_NAME_DEPRECATED], "configFileSelector"), + default: import_middleware_user_agent.DEFAULT_UA_APP_ID }; // Annotate the CommonJS export names for ESM import in node: + 0 && (0); + /***/ }), -/***/ 7669: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +/***/ 2329: +/***/ ((module) => { + +"use strict"; var __defProp = Object.defineProperty; var __getOwnPropDesc = Object.getOwnPropertyDescriptor; var __getOwnPropNames = Object.getOwnPropertyNames; var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); var __export = (target, all) => { for (var name in all) __defProp(target, name, { get: all[name], enumerable: true }); @@ -59239,670 +44072,823 @@ var __copyProps = (to, from, except, desc) => { }; var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -// src/submodules/serde/index.ts -var serde_exports = {}; -__export(serde_exports, { - LazyJsonString: () => LazyJsonString, - NumericValue: () => NumericValue, - copyDocumentWithTransform: () => copyDocumentWithTransform, - dateToUtcString: () => dateToUtcString, - expectBoolean: () => expectBoolean, - expectByte: () => expectByte, - expectFloat32: () => expectFloat32, - expectInt: () => expectInt, - expectInt32: () => expectInt32, - expectLong: () => expectLong, - expectNonNull: () => expectNonNull, - expectNumber: () => expectNumber, - expectObject: () => expectObject, - expectShort: () => expectShort, - expectString: () => expectString, - expectUnion: () => expectUnion, - generateIdempotencyToken: () => import_uuid.v4, - handleFloat: () => handleFloat, - limitedParseDouble: () => limitedParseDouble, - limitedParseFloat: () => limitedParseFloat, - limitedParseFloat32: () => limitedParseFloat32, - logger: () => logger, - nv: () => nv, - parseBoolean: () => parseBoolean, - parseEpochTimestamp: () => parseEpochTimestamp, - parseRfc3339DateTime: () => parseRfc3339DateTime, - parseRfc3339DateTimeWithOffset: () => parseRfc3339DateTimeWithOffset, - parseRfc7231DateTime: () => parseRfc7231DateTime, - quoteHeader: () => quoteHeader, - splitEvery: () => splitEvery, - splitHeader: () => splitHeader, - strictParseByte: () => strictParseByte, - strictParseDouble: () => strictParseDouble, - strictParseFloat: () => strictParseFloat, - strictParseFloat32: () => strictParseFloat32, - strictParseInt: () => strictParseInt, - strictParseInt32: () => strictParseInt32, - strictParseLong: () => strictParseLong, - strictParseShort: () => strictParseShort +// src/index.ts +var index_exports = {}; +__export(index_exports, { + XmlNode: () => XmlNode, + XmlText: () => XmlText }); -module.exports = __toCommonJS(serde_exports); +module.exports = __toCommonJS(index_exports); -// src/submodules/serde/copyDocumentWithTransform.ts -var copyDocumentWithTransform = (source, schemaRef, transform = (_) => _) => source; +// src/escape-attribute.ts +function escapeAttribute(value) { + return value.replace(/&/g, "&").replace(//g, ">").replace(/"/g, """); +} +__name(escapeAttribute, "escapeAttribute"); -// src/submodules/serde/parse-utils.ts -var parseBoolean = (value) => { - switch (value) { - case "true": - return true; - case "false": - return false; - default: - throw new Error(`Unable to parse boolean value "${value}"`); - } -}; -var expectBoolean = (value) => { - if (value === null || value === void 0) { - return void 0; - } - if (typeof value === "number") { - if (value === 0 || value === 1) { - logger.warn(stackTraceWarning(`Expected boolean, got ${typeof value}: ${value}`)); - } - if (value === 0) { - return false; - } - if (value === 1) { - return true; - } +// src/escape-element.ts +function escapeElement(value) { + return value.replace(/&/g, "&").replace(/"/g, """).replace(/'/g, "'").replace(//g, ">").replace(/\r/g, " ").replace(/\n/g, " ").replace(/\u0085/g, "…").replace(/\u2028/, " "); +} +__name(escapeElement, "escapeElement"); + +// src/XmlText.ts +var XmlText = class { + constructor(value) { + this.value = value; } - if (typeof value === "string") { - const lower = value.toLowerCase(); - if (lower === "false" || lower === "true") { - logger.warn(stackTraceWarning(`Expected boolean, got ${typeof value}: ${value}`)); - } - if (lower === "false") { - return false; - } - if (lower === "true") { - return true; - } + static { + __name(this, "XmlText"); } - if (typeof value === "boolean") { - return value; + toString() { + return escapeElement("" + this.value); } - throw new TypeError(`Expected boolean, got ${typeof value}: ${value}`); }; -var expectNumber = (value) => { - if (value === null || value === void 0) { - return void 0; - } - if (typeof value === "string") { - const parsed = parseFloat(value); - if (!Number.isNaN(parsed)) { - if (String(parsed) !== String(value)) { - logger.warn(stackTraceWarning(`Expected number but observed string: ${value}`)); - } - return parsed; - } + +// src/XmlNode.ts +var XmlNode = class _XmlNode { + constructor(name, children = []) { + this.name = name; + this.children = children; } - if (typeof value === "number") { - return value; + static { + __name(this, "XmlNode"); } - throw new TypeError(`Expected number, got ${typeof value}: ${value}`); -}; -var MAX_FLOAT = Math.ceil(2 ** 127 * (2 - 2 ** -23)); -var expectFloat32 = (value) => { - const expected = expectNumber(value); - if (expected !== void 0 && !Number.isNaN(expected) && expected !== Infinity && expected !== -Infinity) { - if (Math.abs(expected) > MAX_FLOAT) { - throw new TypeError(`Expected 32-bit float, got ${value}`); + attributes = {}; + static of(name, childText, withName) { + const node = new _XmlNode(name); + if (childText !== void 0) { + node.addChildNode(new XmlText(childText)); } - } - return expected; -}; -var expectLong = (value) => { - if (value === null || value === void 0) { - return void 0; - } - if (Number.isInteger(value) && !Number.isNaN(value)) { - return value; - } - throw new TypeError(`Expected integer, got ${typeof value}: ${value}`); -}; -var expectInt = expectLong; -var expectInt32 = (value) => expectSizedInt(value, 32); -var expectShort = (value) => expectSizedInt(value, 16); -var expectByte = (value) => expectSizedInt(value, 8); -var expectSizedInt = (value, size) => { - const expected = expectLong(value); - if (expected !== void 0 && castInt(expected, size) !== expected) { - throw new TypeError(`Expected ${size}-bit integer, got ${value}`); - } - return expected; -}; -var castInt = (value, size) => { - switch (size) { - case 32: - return Int32Array.of(value)[0]; - case 16: - return Int16Array.of(value)[0]; - case 8: - return Int8Array.of(value)[0]; - } -}; -var expectNonNull = (value, location) => { - if (value === null || value === void 0) { - if (location) { - throw new TypeError(`Expected a non-null value for ${location}`); + if (withName !== void 0) { + node.withName(withName); } - throw new TypeError("Expected a non-null value"); - } - return value; -}; -var expectObject = (value) => { - if (value === null || value === void 0) { - return void 0; - } - if (typeof value === "object" && !Array.isArray(value)) { - return value; - } - const receivedType = Array.isArray(value) ? "array" : typeof value; - throw new TypeError(`Expected object, got ${receivedType}: ${value}`); -}; -var expectString = (value) => { - if (value === null || value === void 0) { - return void 0; - } - if (typeof value === "string") { - return value; - } - if (["boolean", "number", "bigint"].includes(typeof value)) { - logger.warn(stackTraceWarning(`Expected string, got ${typeof value}: ${value}`)); - return String(value); + return node; } - throw new TypeError(`Expected string, got ${typeof value}: ${value}`); -}; -var expectUnion = (value) => { - if (value === null || value === void 0) { - return void 0; + withName(name) { + this.name = name; + return this; } - const asObject = expectObject(value); - const setKeys = Object.entries(asObject).filter(([, v]) => v != null).map(([k]) => k); - if (setKeys.length === 0) { - throw new TypeError(`Unions must have exactly one non-null member. None were found.`); + addAttribute(name, value) { + this.attributes[name] = value; + return this; } - if (setKeys.length > 1) { - throw new TypeError(`Unions must have exactly one non-null member. Keys ${setKeys} were not null.`); + addChildNode(child) { + this.children.push(child); + return this; } - return asObject; -}; -var strictParseDouble = (value) => { - if (typeof value == "string") { - return expectNumber(parseNumber(value)); + removeAttribute(name) { + delete this.attributes[name]; + return this; } - return expectNumber(value); -}; -var strictParseFloat = strictParseDouble; -var strictParseFloat32 = (value) => { - if (typeof value == "string") { - return expectFloat32(parseNumber(value)); + /** + * @internal + * Alias of {@link XmlNode#withName(string)} for codegen brevity. + */ + n(name) { + this.name = name; + return this; } - return expectFloat32(value); -}; -var NUMBER_REGEX = /(-?(?:0|[1-9]\d*)(?:\.\d+)?(?:[eE][+-]?\d+)?)|(-?Infinity)|(NaN)/g; -var parseNumber = (value) => { - const matches = value.match(NUMBER_REGEX); - if (matches === null || matches[0].length !== value.length) { - throw new TypeError(`Expected real number, got implicit NaN`); + /** + * @internal + * Alias of {@link XmlNode#addChildNode(string)} for codegen brevity. + */ + c(child) { + this.children.push(child); + return this; } - return parseFloat(value); -}; -var limitedParseDouble = (value) => { - if (typeof value == "string") { - return parseFloatString(value); + /** + * @internal + * Checked version of {@link XmlNode#addAttribute(string)} for codegen brevity. + */ + a(name, value) { + if (value != null) { + this.attributes[name] = value; + } + return this; } - return expectNumber(value); -}; -var handleFloat = limitedParseDouble; -var limitedParseFloat = limitedParseDouble; -var limitedParseFloat32 = (value) => { - if (typeof value == "string") { - return parseFloatString(value); + /** + * Create a child node. + * Used in serialization of string fields. + * @internal + */ + cc(input, field, withName = field) { + if (input[field] != null) { + const node = _XmlNode.of(field, input[field]).withName(withName); + this.c(node); + } } - return expectFloat32(value); -}; -var parseFloatString = (value) => { - switch (value) { - case "NaN": - return NaN; - case "Infinity": - return Infinity; - case "-Infinity": - return -Infinity; - default: - throw new Error(`Unable to parse float value: ${value}`); + /** + * Creates list child nodes. + * @internal + */ + l(input, listName, memberName, valueProvider) { + if (input[listName] != null) { + const nodes = valueProvider(); + nodes.map((node) => { + node.withName(memberName); + this.c(node); + }); + } } -}; -var strictParseLong = (value) => { - if (typeof value === "string") { - return expectLong(parseNumber(value)); + /** + * Creates list child nodes with container. + * @internal + */ + lc(input, listName, memberName, valueProvider) { + if (input[listName] != null) { + const nodes = valueProvider(); + const containerNode = new _XmlNode(memberName); + nodes.map((node) => { + containerNode.c(node); + }); + this.c(containerNode); + } } - return expectLong(value); -}; -var strictParseInt = strictParseLong; -var strictParseInt32 = (value) => { - if (typeof value === "string") { - return expectInt32(parseNumber(value)); + toString() { + const hasChildren = Boolean(this.children.length); + let xmlText = `<${this.name}`; + const attributes = this.attributes; + for (const attributeName of Object.keys(attributes)) { + const attribute = attributes[attributeName]; + if (attribute != null) { + xmlText += ` ${attributeName}="${escapeAttribute("" + attribute)}"`; + } + } + return xmlText += !hasChildren ? "/>" : `>${this.children.map((c) => c.toString()).join("")}`; } - return expectInt32(value); }; -var strictParseShort = (value) => { - if (typeof value === "string") { - return expectShort(parseNumber(value)); - } - return expectShort(value); +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); + + + +/***/ }), + +/***/ 3098: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); }; -var strictParseByte = (value) => { - if (typeof value === "string") { - return expectByte(parseNumber(value)); +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } - return expectByte(value); -}; -var stackTraceWarning = (message) => { - return String(new TypeError(message).stack || message).split("\n").slice(0, 5).filter((s) => !s.includes("stackTraceWarning")).join("\n"); + return to; }; -var logger = { - warn: console.warn +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/index.ts +var src_exports = {}; +__export(src_exports, { + CONFIG_USE_DUALSTACK_ENDPOINT: () => CONFIG_USE_DUALSTACK_ENDPOINT, + CONFIG_USE_FIPS_ENDPOINT: () => CONFIG_USE_FIPS_ENDPOINT, + DEFAULT_USE_DUALSTACK_ENDPOINT: () => DEFAULT_USE_DUALSTACK_ENDPOINT, + DEFAULT_USE_FIPS_ENDPOINT: () => DEFAULT_USE_FIPS_ENDPOINT, + ENV_USE_DUALSTACK_ENDPOINT: () => ENV_USE_DUALSTACK_ENDPOINT, + ENV_USE_FIPS_ENDPOINT: () => ENV_USE_FIPS_ENDPOINT, + NODE_REGION_CONFIG_FILE_OPTIONS: () => NODE_REGION_CONFIG_FILE_OPTIONS, + NODE_REGION_CONFIG_OPTIONS: () => NODE_REGION_CONFIG_OPTIONS, + NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS: () => NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS, + NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS: () => NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS, + REGION_ENV_NAME: () => REGION_ENV_NAME, + REGION_INI_NAME: () => REGION_INI_NAME, + getRegionInfo: () => getRegionInfo, + resolveCustomEndpointsConfig: () => resolveCustomEndpointsConfig, + resolveEndpointsConfig: () => resolveEndpointsConfig, + resolveRegionConfig: () => resolveRegionConfig +}); +module.exports = __toCommonJS(src_exports); + +// src/endpointsConfig/NodeUseDualstackEndpointConfigOptions.ts +var import_util_config_provider = __nccwpck_require__(3375); +var ENV_USE_DUALSTACK_ENDPOINT = "AWS_USE_DUALSTACK_ENDPOINT"; +var CONFIG_USE_DUALSTACK_ENDPOINT = "use_dualstack_endpoint"; +var DEFAULT_USE_DUALSTACK_ENDPOINT = false; +var NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS = { + environmentVariableSelector: (env) => (0, import_util_config_provider.booleanSelector)(env, ENV_USE_DUALSTACK_ENDPOINT, import_util_config_provider.SelectorType.ENV), + configFileSelector: (profile) => (0, import_util_config_provider.booleanSelector)(profile, CONFIG_USE_DUALSTACK_ENDPOINT, import_util_config_provider.SelectorType.CONFIG), + default: false }; -// src/submodules/serde/date-utils.ts -var DAYS = ["Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"]; -var MONTHS = ["Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"]; -function dateToUtcString(date) { - const year = date.getUTCFullYear(); - const month = date.getUTCMonth(); - const dayOfWeek = date.getUTCDay(); - const dayOfMonthInt = date.getUTCDate(); - const hoursInt = date.getUTCHours(); - const minutesInt = date.getUTCMinutes(); - const secondsInt = date.getUTCSeconds(); - const dayOfMonthString = dayOfMonthInt < 10 ? `0${dayOfMonthInt}` : `${dayOfMonthInt}`; - const hoursString = hoursInt < 10 ? `0${hoursInt}` : `${hoursInt}`; - const minutesString = minutesInt < 10 ? `0${minutesInt}` : `${minutesInt}`; - const secondsString = secondsInt < 10 ? `0${secondsInt}` : `${secondsInt}`; - return `${DAYS[dayOfWeek]}, ${dayOfMonthString} ${MONTHS[month]} ${year} ${hoursString}:${minutesString}:${secondsString} GMT`; -} -var RFC3339 = new RegExp(/^(\d{4})-(\d{2})-(\d{2})[tT](\d{2}):(\d{2}):(\d{2})(?:\.(\d+))?[zZ]$/); -var parseRfc3339DateTime = (value) => { - if (value === null || value === void 0) { - return void 0; - } - if (typeof value !== "string") { - throw new TypeError("RFC-3339 date-times must be expressed as strings"); - } - const match = RFC3339.exec(value); - if (!match) { - throw new TypeError("Invalid RFC-3339 date-time value"); - } - const [_, yearStr, monthStr, dayStr, hours, minutes, seconds, fractionalMilliseconds] = match; - const year = strictParseShort(stripLeadingZeroes(yearStr)); - const month = parseDateValue(monthStr, "month", 1, 12); - const day = parseDateValue(dayStr, "day", 1, 31); - return buildDate(year, month, day, { hours, minutes, seconds, fractionalMilliseconds }); +// src/endpointsConfig/NodeUseFipsEndpointConfigOptions.ts + +var ENV_USE_FIPS_ENDPOINT = "AWS_USE_FIPS_ENDPOINT"; +var CONFIG_USE_FIPS_ENDPOINT = "use_fips_endpoint"; +var DEFAULT_USE_FIPS_ENDPOINT = false; +var NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS = { + environmentVariableSelector: (env) => (0, import_util_config_provider.booleanSelector)(env, ENV_USE_FIPS_ENDPOINT, import_util_config_provider.SelectorType.ENV), + configFileSelector: (profile) => (0, import_util_config_provider.booleanSelector)(profile, CONFIG_USE_FIPS_ENDPOINT, import_util_config_provider.SelectorType.CONFIG), + default: false }; -var RFC3339_WITH_OFFSET = new RegExp( - /^(\d{4})-(\d{2})-(\d{2})[tT](\d{2}):(\d{2}):(\d{2})(?:\.(\d+))?(([-+]\d{2}\:\d{2})|[zZ])$/ -); -var parseRfc3339DateTimeWithOffset = (value) => { - if (value === null || value === void 0) { - return void 0; - } - if (typeof value !== "string") { - throw new TypeError("RFC-3339 date-times must be expressed as strings"); + +// src/endpointsConfig/resolveCustomEndpointsConfig.ts +var import_util_middleware = __nccwpck_require__(2390); +var resolveCustomEndpointsConfig = /* @__PURE__ */ __name((input) => { + const { tls, endpoint, urlParser, useDualstackEndpoint } = input; + return Object.assign(input, { + tls: tls ?? true, + endpoint: (0, import_util_middleware.normalizeProvider)(typeof endpoint === "string" ? urlParser(endpoint) : endpoint), + isCustomEndpoint: true, + useDualstackEndpoint: (0, import_util_middleware.normalizeProvider)(useDualstackEndpoint ?? false) + }); +}, "resolveCustomEndpointsConfig"); + +// src/endpointsConfig/resolveEndpointsConfig.ts + + +// src/endpointsConfig/utils/getEndpointFromRegion.ts +var getEndpointFromRegion = /* @__PURE__ */ __name(async (input) => { + const { tls = true } = input; + const region = await input.region(); + const dnsHostRegex = new RegExp(/^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]{0,61}[a-zA-Z0-9])$/); + if (!dnsHostRegex.test(region)) { + throw new Error("Invalid region in client config"); } - const match = RFC3339_WITH_OFFSET.exec(value); - if (!match) { - throw new TypeError("Invalid RFC-3339 date-time value"); + const useDualstackEndpoint = await input.useDualstackEndpoint(); + const useFipsEndpoint = await input.useFipsEndpoint(); + const { hostname } = await input.regionInfoProvider(region, { useDualstackEndpoint, useFipsEndpoint }) ?? {}; + if (!hostname) { + throw new Error("Cannot resolve hostname from client config"); } - const [_, yearStr, monthStr, dayStr, hours, minutes, seconds, fractionalMilliseconds, offsetStr] = match; - const year = strictParseShort(stripLeadingZeroes(yearStr)); - const month = parseDateValue(monthStr, "month", 1, 12); - const day = parseDateValue(dayStr, "day", 1, 31); - const date = buildDate(year, month, day, { hours, minutes, seconds, fractionalMilliseconds }); - if (offsetStr.toUpperCase() != "Z") { - date.setTime(date.getTime() - parseOffsetToMilliseconds(offsetStr)); + return input.urlParser(`${tls ? "https:" : "http:"}//${hostname}`); +}, "getEndpointFromRegion"); + +// src/endpointsConfig/resolveEndpointsConfig.ts +var resolveEndpointsConfig = /* @__PURE__ */ __name((input) => { + const useDualstackEndpoint = (0, import_util_middleware.normalizeProvider)(input.useDualstackEndpoint ?? false); + const { endpoint, useFipsEndpoint, urlParser, tls } = input; + return Object.assign(input, { + tls: tls ?? true, + endpoint: endpoint ? (0, import_util_middleware.normalizeProvider)(typeof endpoint === "string" ? urlParser(endpoint) : endpoint) : () => getEndpointFromRegion({ ...input, useDualstackEndpoint, useFipsEndpoint }), + isCustomEndpoint: !!endpoint, + useDualstackEndpoint + }); +}, "resolveEndpointsConfig"); + +// src/regionConfig/config.ts +var REGION_ENV_NAME = "AWS_REGION"; +var REGION_INI_NAME = "region"; +var NODE_REGION_CONFIG_OPTIONS = { + environmentVariableSelector: (env) => env[REGION_ENV_NAME], + configFileSelector: (profile) => profile[REGION_INI_NAME], + default: () => { + throw new Error("Region is missing"); } - return date; }; -var IMF_FIXDATE = new RegExp( - /^(?:Mon|Tue|Wed|Thu|Fri|Sat|Sun), (\d{2}) (Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) (\d{4}) (\d{1,2}):(\d{2}):(\d{2})(?:\.(\d+))? GMT$/ -); -var RFC_850_DATE = new RegExp( - /^(?:Monday|Tuesday|Wednesday|Thursday|Friday|Saturday|Sunday), (\d{2})-(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)-(\d{2}) (\d{1,2}):(\d{2}):(\d{2})(?:\.(\d+))? GMT$/ -); -var ASC_TIME = new RegExp( - /^(?:Mon|Tue|Wed|Thu|Fri|Sat|Sun) (Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) ( [1-9]|\d{2}) (\d{1,2}):(\d{2}):(\d{2})(?:\.(\d+))? (\d{4})$/ -); -var parseRfc7231DateTime = (value) => { - if (value === null || value === void 0) { - return void 0; - } - if (typeof value !== "string") { - throw new TypeError("RFC-7231 date-times must be expressed as strings"); +var NODE_REGION_CONFIG_FILE_OPTIONS = { + preferredFile: "credentials" +}; + +// src/regionConfig/isFipsRegion.ts +var isFipsRegion = /* @__PURE__ */ __name((region) => typeof region === "string" && (region.startsWith("fips-") || region.endsWith("-fips")), "isFipsRegion"); + +// src/regionConfig/getRealRegion.ts +var getRealRegion = /* @__PURE__ */ __name((region) => isFipsRegion(region) ? ["fips-aws-global", "aws-fips"].includes(region) ? "us-east-1" : region.replace(/fips-(dkr-|prod-)?|-fips/, "") : region, "getRealRegion"); + +// src/regionConfig/resolveRegionConfig.ts +var resolveRegionConfig = /* @__PURE__ */ __name((input) => { + const { region, useFipsEndpoint } = input; + if (!region) { + throw new Error("Region is missing"); } - let match = IMF_FIXDATE.exec(value); - if (match) { - const [_, dayStr, monthStr, yearStr, hours, minutes, seconds, fractionalMilliseconds] = match; - return buildDate( - strictParseShort(stripLeadingZeroes(yearStr)), - parseMonthByShortName(monthStr), - parseDateValue(dayStr, "day", 1, 31), - { hours, minutes, seconds, fractionalMilliseconds } - ); + return Object.assign(input, { + region: async () => { + if (typeof region === "string") { + return getRealRegion(region); + } + const providedRegion = await region(); + return getRealRegion(providedRegion); + }, + useFipsEndpoint: async () => { + const providedRegion = typeof region === "string" ? region : await region(); + if (isFipsRegion(providedRegion)) { + return true; + } + return typeof useFipsEndpoint !== "function" ? Promise.resolve(!!useFipsEndpoint) : useFipsEndpoint(); + } + }); +}, "resolveRegionConfig"); + +// src/regionInfo/getHostnameFromVariants.ts +var getHostnameFromVariants = /* @__PURE__ */ __name((variants = [], { useFipsEndpoint, useDualstackEndpoint }) => variants.find( + ({ tags }) => useFipsEndpoint === tags.includes("fips") && useDualstackEndpoint === tags.includes("dualstack") +)?.hostname, "getHostnameFromVariants"); + +// src/regionInfo/getResolvedHostname.ts +var getResolvedHostname = /* @__PURE__ */ __name((resolvedRegion, { regionHostname, partitionHostname }) => regionHostname ? regionHostname : partitionHostname ? partitionHostname.replace("{region}", resolvedRegion) : void 0, "getResolvedHostname"); + +// src/regionInfo/getResolvedPartition.ts +var getResolvedPartition = /* @__PURE__ */ __name((region, { partitionHash }) => Object.keys(partitionHash || {}).find((key) => partitionHash[key].regions.includes(region)) ?? "aws", "getResolvedPartition"); + +// src/regionInfo/getResolvedSigningRegion.ts +var getResolvedSigningRegion = /* @__PURE__ */ __name((hostname, { signingRegion, regionRegex, useFipsEndpoint }) => { + if (signingRegion) { + return signingRegion; + } else if (useFipsEndpoint) { + const regionRegexJs = regionRegex.replace("\\\\", "\\").replace(/^\^/g, "\\.").replace(/\$$/g, "\\."); + const regionRegexmatchArray = hostname.match(regionRegexJs); + if (regionRegexmatchArray) { + return regionRegexmatchArray[0].slice(1, -1); + } } - match = RFC_850_DATE.exec(value); - if (match) { - const [_, dayStr, monthStr, yearStr, hours, minutes, seconds, fractionalMilliseconds] = match; - return adjustRfc850Year( - buildDate(parseTwoDigitYear(yearStr), parseMonthByShortName(monthStr), parseDateValue(dayStr, "day", 1, 31), { - hours, - minutes, - seconds, - fractionalMilliseconds - }) - ); +}, "getResolvedSigningRegion"); + +// src/regionInfo/getRegionInfo.ts +var getRegionInfo = /* @__PURE__ */ __name((region, { + useFipsEndpoint = false, + useDualstackEndpoint = false, + signingService, + regionHash, + partitionHash +}) => { + const partition = getResolvedPartition(region, { partitionHash }); + const resolvedRegion = region in regionHash ? region : partitionHash[partition]?.endpoint ?? region; + const hostnameOptions = { useFipsEndpoint, useDualstackEndpoint }; + const regionHostname = getHostnameFromVariants(regionHash[resolvedRegion]?.variants, hostnameOptions); + const partitionHostname = getHostnameFromVariants(partitionHash[partition]?.variants, hostnameOptions); + const hostname = getResolvedHostname(resolvedRegion, { regionHostname, partitionHostname }); + if (hostname === void 0) { + throw new Error(`Endpoint resolution failed for: ${{ resolvedRegion, useFipsEndpoint, useDualstackEndpoint }}`); } - match = ASC_TIME.exec(value); - if (match) { - const [_, monthStr, dayStr, hours, minutes, seconds, fractionalMilliseconds, yearStr] = match; - return buildDate( - strictParseShort(stripLeadingZeroes(yearStr)), - parseMonthByShortName(monthStr), - parseDateValue(dayStr.trimLeft(), "day", 1, 31), - { hours, minutes, seconds, fractionalMilliseconds } - ); + const signingRegion = getResolvedSigningRegion(hostname, { + signingRegion: regionHash[resolvedRegion]?.signingRegion, + regionRegex: partitionHash[partition].regionRegex, + useFipsEndpoint + }); + return { + partition, + signingService, + hostname, + ...signingRegion && { signingRegion }, + ...regionHash[resolvedRegion]?.signingService && { + signingService: regionHash[resolvedRegion].signingService + } + }; +}, "getRegionInfo"); +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); + + + +/***/ }), + +/***/ 5829: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } - throw new TypeError("Invalid RFC-7231 date-time value"); + return to; }; -var parseEpochTimestamp = (value) => { - if (value === null || value === void 0) { - return void 0; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/index.ts +var src_exports = {}; +__export(src_exports, { + DefaultIdentityProviderConfig: () => DefaultIdentityProviderConfig, + EXPIRATION_MS: () => EXPIRATION_MS, + HttpApiKeyAuthSigner: () => HttpApiKeyAuthSigner, + HttpBearerAuthSigner: () => HttpBearerAuthSigner, + NoAuthSigner: () => NoAuthSigner, + createIsIdentityExpiredFunction: () => createIsIdentityExpiredFunction, + createPaginator: () => createPaginator, + doesIdentityRequireRefresh: () => doesIdentityRequireRefresh, + getHttpAuthSchemeEndpointRuleSetPlugin: () => getHttpAuthSchemeEndpointRuleSetPlugin, + getHttpAuthSchemePlugin: () => getHttpAuthSchemePlugin, + getHttpSigningPlugin: () => getHttpSigningPlugin, + getSmithyContext: () => getSmithyContext, + httpAuthSchemeEndpointRuleSetMiddlewareOptions: () => httpAuthSchemeEndpointRuleSetMiddlewareOptions, + httpAuthSchemeMiddleware: () => httpAuthSchemeMiddleware, + httpAuthSchemeMiddlewareOptions: () => httpAuthSchemeMiddlewareOptions, + httpSigningMiddleware: () => httpSigningMiddleware, + httpSigningMiddlewareOptions: () => httpSigningMiddlewareOptions, + isIdentityExpired: () => isIdentityExpired, + memoizeIdentityProvider: () => memoizeIdentityProvider, + normalizeProvider: () => normalizeProvider, + requestBuilder: () => import_protocols.requestBuilder, + setFeature: () => setFeature +}); +module.exports = __toCommonJS(src_exports); + +// src/getSmithyContext.ts +var import_types = __nccwpck_require__(5756); +var getSmithyContext = /* @__PURE__ */ __name((context) => context[import_types.SMITHY_CONTEXT_KEY] || (context[import_types.SMITHY_CONTEXT_KEY] = {}), "getSmithyContext"); + +// src/middleware-http-auth-scheme/httpAuthSchemeMiddleware.ts +var import_util_middleware = __nccwpck_require__(2390); + +// src/middleware-http-auth-scheme/resolveAuthOptions.ts +var resolveAuthOptions = /* @__PURE__ */ __name((candidateAuthOptions, authSchemePreference) => { + if (!authSchemePreference || authSchemePreference.length === 0) { + return candidateAuthOptions; } - let valueAsDouble; - if (typeof value === "number") { - valueAsDouble = value; - } else if (typeof value === "string") { - valueAsDouble = strictParseDouble(value); - } else if (typeof value === "object" && value.tag === 1) { - valueAsDouble = value.value; - } else { - throw new TypeError("Epoch timestamps must be expressed as floating point numbers or their string representation"); + const preferredAuthOptions = []; + for (const preferredSchemeName of authSchemePreference) { + for (const candidateAuthOption of candidateAuthOptions) { + const candidateAuthSchemeName = candidateAuthOption.schemeId.split("#")[1]; + if (candidateAuthSchemeName === preferredSchemeName) { + preferredAuthOptions.push(candidateAuthOption); + } + } } - if (Number.isNaN(valueAsDouble) || valueAsDouble === Infinity || valueAsDouble === -Infinity) { - throw new TypeError("Epoch timestamps must be valid, non-Infinite, non-NaN numerics"); + for (const candidateAuthOption of candidateAuthOptions) { + if (!preferredAuthOptions.find(({ schemeId }) => schemeId === candidateAuthOption.schemeId)) { + preferredAuthOptions.push(candidateAuthOption); + } } - return new Date(Math.round(valueAsDouble * 1e3)); -}; -var buildDate = (year, month, day, time) => { - const adjustedMonth = month - 1; - validateDayOfMonth(year, adjustedMonth, day); - return new Date( - Date.UTC( - year, - adjustedMonth, - day, - parseDateValue(time.hours, "hour", 0, 23), - parseDateValue(time.minutes, "minute", 0, 59), - // seconds can go up to 60 for leap seconds - parseDateValue(time.seconds, "seconds", 0, 60), - parseMilliseconds(time.fractionalMilliseconds) - ) + return preferredAuthOptions; +}, "resolveAuthOptions"); + +// src/middleware-http-auth-scheme/httpAuthSchemeMiddleware.ts +function convertHttpAuthSchemesToMap(httpAuthSchemes) { + const map = /* @__PURE__ */ new Map(); + for (const scheme of httpAuthSchemes) { + map.set(scheme.schemeId, scheme); + } + return map; +} +__name(convertHttpAuthSchemesToMap, "convertHttpAuthSchemesToMap"); +var httpAuthSchemeMiddleware = /* @__PURE__ */ __name((config, mwOptions) => (next, context) => async (args) => { + const options = config.httpAuthSchemeProvider( + await mwOptions.httpAuthSchemeParametersProvider(config, context, args.input) ); -}; -var parseTwoDigitYear = (value) => { - const thisYear = (/* @__PURE__ */ new Date()).getUTCFullYear(); - const valueInThisCentury = Math.floor(thisYear / 100) * 100 + strictParseShort(stripLeadingZeroes(value)); - if (valueInThisCentury < thisYear) { - return valueInThisCentury + 100; + const authSchemePreference = config.authSchemePreference ? await config.authSchemePreference() : []; + const resolvedOptions = resolveAuthOptions(options, authSchemePreference); + const authSchemes = convertHttpAuthSchemesToMap(config.httpAuthSchemes); + const smithyContext = (0, import_util_middleware.getSmithyContext)(context); + const failureReasons = []; + for (const option of resolvedOptions) { + const scheme = authSchemes.get(option.schemeId); + if (!scheme) { + failureReasons.push(`HttpAuthScheme \`${option.schemeId}\` was not enabled for this service.`); + continue; + } + const identityProvider = scheme.identityProvider(await mwOptions.identityProviderConfigProvider(config)); + if (!identityProvider) { + failureReasons.push(`HttpAuthScheme \`${option.schemeId}\` did not have an IdentityProvider configured.`); + continue; + } + const { identityProperties = {}, signingProperties = {} } = option.propertiesExtractor?.(config, context) || {}; + option.identityProperties = Object.assign(option.identityProperties || {}, identityProperties); + option.signingProperties = Object.assign(option.signingProperties || {}, signingProperties); + smithyContext.selectedHttpAuthScheme = { + httpAuthOption: option, + identity: await identityProvider(option.identityProperties), + signer: scheme.signer + }; + break; } - return valueInThisCentury; + if (!smithyContext.selectedHttpAuthScheme) { + throw new Error(failureReasons.join("\n")); + } + return next(args); +}, "httpAuthSchemeMiddleware"); + +// src/middleware-http-auth-scheme/getHttpAuthSchemeEndpointRuleSetPlugin.ts +var httpAuthSchemeEndpointRuleSetMiddlewareOptions = { + step: "serialize", + tags: ["HTTP_AUTH_SCHEME"], + name: "httpAuthSchemeMiddleware", + override: true, + relation: "before", + toMiddleware: "endpointV2Middleware" }; -var FIFTY_YEARS_IN_MILLIS = 50 * 365 * 24 * 60 * 60 * 1e3; -var adjustRfc850Year = (input) => { - if (input.getTime() - (/* @__PURE__ */ new Date()).getTime() > FIFTY_YEARS_IN_MILLIS) { - return new Date( - Date.UTC( - input.getUTCFullYear() - 100, - input.getUTCMonth(), - input.getUTCDate(), - input.getUTCHours(), - input.getUTCMinutes(), - input.getUTCSeconds(), - input.getUTCMilliseconds() - ) +var getHttpAuthSchemeEndpointRuleSetPlugin = /* @__PURE__ */ __name((config, { + httpAuthSchemeParametersProvider, + identityProviderConfigProvider +}) => ({ + applyToStack: (clientStack) => { + clientStack.addRelativeTo( + httpAuthSchemeMiddleware(config, { + httpAuthSchemeParametersProvider, + identityProviderConfigProvider + }), + httpAuthSchemeEndpointRuleSetMiddlewareOptions ); } - return input; +}), "getHttpAuthSchemeEndpointRuleSetPlugin"); + +// src/middleware-http-auth-scheme/getHttpAuthSchemePlugin.ts +var import_middleware_serde = __nccwpck_require__(1238); +var httpAuthSchemeMiddlewareOptions = { + step: "serialize", + tags: ["HTTP_AUTH_SCHEME"], + name: "httpAuthSchemeMiddleware", + override: true, + relation: "before", + toMiddleware: import_middleware_serde.serializerMiddlewareOption.name }; -var parseMonthByShortName = (value) => { - const monthIdx = MONTHS.indexOf(value); - if (monthIdx < 0) { - throw new TypeError(`Invalid month: ${value}`); +var getHttpAuthSchemePlugin = /* @__PURE__ */ __name((config, { + httpAuthSchemeParametersProvider, + identityProviderConfigProvider +}) => ({ + applyToStack: (clientStack) => { + clientStack.addRelativeTo( + httpAuthSchemeMiddleware(config, { + httpAuthSchemeParametersProvider, + identityProviderConfigProvider + }), + httpAuthSchemeMiddlewareOptions + ); } - return monthIdx + 1; -}; -var DAYS_IN_MONTH = [31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31]; -var validateDayOfMonth = (year, month, day) => { - let maxDays = DAYS_IN_MONTH[month]; - if (month === 1 && isLeapYear(year)) { - maxDays = 29; +}), "getHttpAuthSchemePlugin"); + +// src/middleware-http-signing/httpSigningMiddleware.ts +var import_protocol_http = __nccwpck_require__(4418); + +var defaultErrorHandler = /* @__PURE__ */ __name((signingProperties) => (error) => { + throw error; +}, "defaultErrorHandler"); +var defaultSuccessHandler = /* @__PURE__ */ __name((httpResponse, signingProperties) => { +}, "defaultSuccessHandler"); +var httpSigningMiddleware = /* @__PURE__ */ __name((config) => (next, context) => async (args) => { + if (!import_protocol_http.HttpRequest.isInstance(args.request)) { + return next(args); } - if (day > maxDays) { - throw new TypeError(`Invalid day for ${MONTHS[month]} in ${year}: ${day}`); + const smithyContext = (0, import_util_middleware.getSmithyContext)(context); + const scheme = smithyContext.selectedHttpAuthScheme; + if (!scheme) { + throw new Error(`No HttpAuthScheme was selected: unable to sign request`); } + const { + httpAuthOption: { signingProperties = {} }, + identity, + signer + } = scheme; + const output = await next({ + ...args, + request: await signer.sign(args.request, identity, signingProperties) + }).catch((signer.errorHandler || defaultErrorHandler)(signingProperties)); + (signer.successHandler || defaultSuccessHandler)(output.response, signingProperties); + return output; +}, "httpSigningMiddleware"); + +// src/middleware-http-signing/getHttpSigningMiddleware.ts +var httpSigningMiddlewareOptions = { + step: "finalizeRequest", + tags: ["HTTP_SIGNING"], + name: "httpSigningMiddleware", + aliases: ["apiKeyMiddleware", "tokenMiddleware", "awsAuthMiddleware"], + override: true, + relation: "after", + toMiddleware: "retryMiddleware" }; -var isLeapYear = (year) => { - return year % 4 === 0 && (year % 100 !== 0 || year % 400 === 0); -}; -var parseDateValue = (value, type, lower, upper) => { - const dateVal = strictParseByte(stripLeadingZeroes(value)); - if (dateVal < lower || dateVal > upper) { - throw new TypeError(`${type} must be between ${lower} and ${upper}, inclusive`); +var getHttpSigningPlugin = /* @__PURE__ */ __name((config) => ({ + applyToStack: (clientStack) => { + clientStack.addRelativeTo(httpSigningMiddleware(config), httpSigningMiddlewareOptions); } - return dateVal; -}; -var parseMilliseconds = (value) => { - if (value === null || value === void 0) { - return 0; +}), "getHttpSigningPlugin"); + +// src/normalizeProvider.ts +var normalizeProvider = /* @__PURE__ */ __name((input) => { + if (typeof input === "function") + return input; + const promisified = Promise.resolve(input); + return () => promisified; +}, "normalizeProvider"); + +// src/pagination/createPaginator.ts +var makePagedClientRequest = /* @__PURE__ */ __name(async (CommandCtor, client, input, withCommand = (_) => _, ...args) => { + let command = new CommandCtor(input); + command = withCommand(command) ?? command; + return await client.send(command, ...args); +}, "makePagedClientRequest"); +function createPaginator(ClientCtor, CommandCtor, inputTokenName, outputTokenName, pageSizeTokenName) { + return /* @__PURE__ */ __name(async function* paginateOperation(config, input, ...additionalArguments) { + const _input = input; + let token = config.startingToken ?? _input[inputTokenName]; + let hasNext = true; + let page; + while (hasNext) { + _input[inputTokenName] = token; + if (pageSizeTokenName) { + _input[pageSizeTokenName] = _input[pageSizeTokenName] ?? config.pageSize; + } + if (config.client instanceof ClientCtor) { + page = await makePagedClientRequest( + CommandCtor, + config.client, + input, + config.withCommand, + ...additionalArguments + ); + } else { + throw new Error(`Invalid client, expected instance of ${ClientCtor.name}`); + } + yield page; + const prevToken = token; + token = get(page, outputTokenName); + hasNext = !!(token && (!config.stopOnSameToken || token !== prevToken)); + } + return void 0; + }, "paginateOperation"); +} +__name(createPaginator, "createPaginator"); +var get = /* @__PURE__ */ __name((fromObject, path) => { + let cursor = fromObject; + const pathComponents = path.split("."); + for (const step of pathComponents) { + if (!cursor || typeof cursor !== "object") { + return void 0; + } + cursor = cursor[step]; } - return strictParseFloat32("0." + value) * 1e3; -}; -var parseOffsetToMilliseconds = (value) => { - const directionStr = value[0]; - let direction = 1; - if (directionStr == "+") { - direction = 1; - } else if (directionStr == "-") { - direction = -1; - } else { - throw new TypeError(`Offset direction, ${directionStr}, must be "+" or "-"`); + return cursor; +}, "get"); + +// src/protocols/requestBuilder.ts +var import_protocols = __nccwpck_require__(2241); + +// src/setFeature.ts +function setFeature(context, feature, value) { + if (!context.__smithy_context) { + context.__smithy_context = { + features: {} + }; + } else if (!context.__smithy_context.features) { + context.__smithy_context.features = {}; } - const hour = Number(value.substring(1, 3)); - const minute = Number(value.substring(4, 6)); - return direction * (hour * 60 + minute) * 60 * 1e3; -}; -var stripLeadingZeroes = (value) => { - let idx = 0; - while (idx < value.length - 1 && value.charAt(idx) === "0") { - idx++; + context.__smithy_context.features[feature] = value; +} +__name(setFeature, "setFeature"); + +// src/util-identity-and-auth/DefaultIdentityProviderConfig.ts +var DefaultIdentityProviderConfig = class { + /** + * Creates an IdentityProviderConfig with a record of scheme IDs to identity providers. + * + * @param config scheme IDs and identity providers to configure + */ + constructor(config) { + this.authSchemes = /* @__PURE__ */ new Map(); + for (const [key, value] of Object.entries(config)) { + if (value !== void 0) { + this.authSchemes.set(key, value); + } + } } - if (idx === 0) { - return value; + static { + __name(this, "DefaultIdentityProviderConfig"); + } + getIdentityProvider(schemeId) { + return this.authSchemes.get(schemeId); } - return value.slice(idx); }; -// src/submodules/serde/generateIdempotencyToken.ts -var import_uuid = __nccwpck_require__(5840); +// src/util-identity-and-auth/httpAuthSchemes/httpApiKeyAuth.ts -// src/submodules/serde/lazy-json.ts -var LazyJsonString = function LazyJsonString2(val) { - const str = Object.assign(new String(val), { - deserializeJSON() { - return JSON.parse(String(val)); - }, - toString() { - return String(val); - }, - toJSON() { - return String(val); + +var HttpApiKeyAuthSigner = class { + static { + __name(this, "HttpApiKeyAuthSigner"); + } + async sign(httpRequest, identity, signingProperties) { + if (!signingProperties) { + throw new Error( + "request could not be signed with `apiKey` since the `name` and `in` signer properties are missing" + ); } - }); - return str; -}; -LazyJsonString.from = (object) => { - if (object && typeof object === "object" && (object instanceof LazyJsonString || "deserializeJSON" in object)) { - return object; - } else if (typeof object === "string" || Object.getPrototypeOf(object) === String.prototype) { - return LazyJsonString(String(object)); + if (!signingProperties.name) { + throw new Error("request could not be signed with `apiKey` since the `name` signer property is missing"); + } + if (!signingProperties.in) { + throw new Error("request could not be signed with `apiKey` since the `in` signer property is missing"); + } + if (!identity.apiKey) { + throw new Error("request could not be signed with `apiKey` since the `apiKey` is not defined"); + } + const clonedRequest = import_protocol_http.HttpRequest.clone(httpRequest); + if (signingProperties.in === import_types.HttpApiKeyAuthLocation.QUERY) { + clonedRequest.query[signingProperties.name] = identity.apiKey; + } else if (signingProperties.in === import_types.HttpApiKeyAuthLocation.HEADER) { + clonedRequest.headers[signingProperties.name] = signingProperties.scheme ? `${signingProperties.scheme} ${identity.apiKey}` : identity.apiKey; + } else { + throw new Error( + "request can only be signed with `apiKey` locations `query` or `header`, but found: `" + signingProperties.in + "`" + ); + } + return clonedRequest; } - return LazyJsonString(JSON.stringify(object)); }; -LazyJsonString.fromObject = LazyJsonString.from; -// src/submodules/serde/quote-header.ts -function quoteHeader(part) { - if (part.includes(",") || part.includes('"')) { - part = `"${part.replace(/"/g, '\\"')}"`; - } - return part; -} +// src/util-identity-and-auth/httpAuthSchemes/httpBearerAuth.ts -// src/submodules/serde/split-every.ts -function splitEvery(value, delimiter, numDelimiters) { - if (numDelimiters <= 0 || !Number.isInteger(numDelimiters)) { - throw new Error("Invalid number of delimiters (" + numDelimiters + ") for splitEvery."); - } - const segments = value.split(delimiter); - if (numDelimiters === 1) { - return segments; +var HttpBearerAuthSigner = class { + static { + __name(this, "HttpBearerAuthSigner"); } - const compoundSegments = []; - let currentSegment = ""; - for (let i = 0; i < segments.length; i++) { - if (currentSegment === "") { - currentSegment = segments[i]; - } else { - currentSegment += delimiter + segments[i]; - } - if ((i + 1) % numDelimiters === 0) { - compoundSegments.push(currentSegment); - currentSegment = ""; + async sign(httpRequest, identity, signingProperties) { + const clonedRequest = import_protocol_http.HttpRequest.clone(httpRequest); + if (!identity.token) { + throw new Error("request could not be signed with `token` since the `token` is not defined"); } + clonedRequest.headers["Authorization"] = `Bearer ${identity.token}`; + return clonedRequest; } - if (currentSegment !== "") { - compoundSegments.push(currentSegment); +}; + +// src/util-identity-and-auth/httpAuthSchemes/noAuth.ts +var NoAuthSigner = class { + static { + __name(this, "NoAuthSigner"); } - return compoundSegments; -} + async sign(httpRequest, identity, signingProperties) { + return httpRequest; + } +}; -// src/submodules/serde/split-header.ts -var splitHeader = (value) => { - const z = value.length; - const values = []; - let withinQuotes = false; - let prevChar = void 0; - let anchor = 0; - for (let i = 0; i < z; ++i) { - const char = value[i]; - switch (char) { - case `"`: - if (prevChar !== "\\") { - withinQuotes = !withinQuotes; - } - break; - case ",": - if (!withinQuotes) { - values.push(value.slice(anchor, i)); - anchor = i + 1; - } - break; - default: - } - prevChar = char; +// src/util-identity-and-auth/memoizeIdentityProvider.ts +var createIsIdentityExpiredFunction = /* @__PURE__ */ __name((expirationMs) => (identity) => doesIdentityRequireRefresh(identity) && identity.expiration.getTime() - Date.now() < expirationMs, "createIsIdentityExpiredFunction"); +var EXPIRATION_MS = 3e5; +var isIdentityExpired = createIsIdentityExpiredFunction(EXPIRATION_MS); +var doesIdentityRequireRefresh = /* @__PURE__ */ __name((identity) => identity.expiration !== void 0, "doesIdentityRequireRefresh"); +var memoizeIdentityProvider = /* @__PURE__ */ __name((provider, isExpired, requiresRefresh) => { + if (provider === void 0) { + return void 0; } - values.push(value.slice(anchor)); - return values.map((v) => { - v = v.trim(); - const z2 = v.length; - if (z2 < 2) { - return v; + const normalizedProvider = typeof provider !== "function" ? async () => Promise.resolve(provider) : provider; + let resolved; + let pending; + let hasResult; + let isConstant = false; + const coalesceProvider = /* @__PURE__ */ __name(async (options) => { + if (!pending) { + pending = normalizedProvider(options); } - if (v[0] === `"` && v[z2 - 1] === `"`) { - v = v.slice(1, z2 - 1); + try { + resolved = await pending; + hasResult = true; + isConstant = false; + } finally { + pending = void 0; } - return v.replace(/\\"/g, '"'); - }); -}; - -// src/submodules/serde/value/NumericValue.ts -var NumericValue = class _NumericValue { - constructor(string, type) { - this.string = string; - this.type = type; - let dot = 0; - for (let i = 0; i < string.length; ++i) { - const char = string.charCodeAt(i); - if (i === 0 && char === 45) { - continue; - } - if (char === 46) { - if (dot) { - throw new Error("@smithy/core/serde - NumericValue must contain at most one decimal point."); - } - dot = 1; - continue; - } - if (char < 48 || char > 57) { - throw new Error( - `@smithy/core/serde - NumericValue must only contain [0-9], at most one decimal point ".", and an optional negation prefix "-".` - ); + return resolved; + }, "coalesceProvider"); + if (isExpired === void 0) { + return async (options) => { + if (!hasResult || options?.forceRefresh) { + resolved = await coalesceProvider(options); } - } - } - toString() { - return this.string; + return resolved; + }; } - static [Symbol.hasInstance](object) { - if (!object || typeof object !== "object") { - return false; + return async (options) => { + if (!hasResult || options?.forceRefresh) { + resolved = await coalesceProvider(options); } - const _nv = object; - const prototypeMatch = _NumericValue.prototype.isPrototypeOf(object.constructor?.prototype); - if (prototypeMatch) { - return prototypeMatch; + if (isConstant) { + return resolved; } - if (typeof _nv.string === "string" && typeof _nv.type === "string" && _nv.constructor?.name === "NumericValue") { - return true; + if (!requiresRefresh(resolved)) { + isConstant = true; + return resolved; } - return prototypeMatch; - } -}; -function nv(input) { - return new NumericValue(String(input), "bigDecimal"); -} + if (isExpired(resolved)) { + await coalesceProvider(options); + return resolved; + } + return resolved; + }; +}, "memoizeIdentityProvider"); // Annotate the CommonJS export names for ESM import in node: + 0 && (0); + /***/ }), -/***/ 7477: +/***/ 2241: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { var __defProp = Object.defineProperty; var __getOwnPropDesc = Object.getOwnPropertyDescriptor; var __getOwnPropNames = Object.getOwnPropertyNames; var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); var __export = (target, all) => { for (var name in all) __defProp(target, name, { get: all[name], enumerable: true }); @@ -59917,1494 +44903,1665 @@ var __copyProps = (to, from, except, desc) => { }; var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -// src/index.ts -var src_exports = {}; -__export(src_exports, { - DEFAULT_MAX_RETRIES: () => DEFAULT_MAX_RETRIES, - DEFAULT_TIMEOUT: () => DEFAULT_TIMEOUT, - ENV_CMDS_AUTH_TOKEN: () => ENV_CMDS_AUTH_TOKEN, - ENV_CMDS_FULL_URI: () => ENV_CMDS_FULL_URI, - ENV_CMDS_RELATIVE_URI: () => ENV_CMDS_RELATIVE_URI, - Endpoint: () => Endpoint, - fromContainerMetadata: () => fromContainerMetadata, - fromInstanceMetadata: () => fromInstanceMetadata, - getInstanceMetadataEndpoint: () => getInstanceMetadataEndpoint, - httpRequest: () => httpRequest, - providerConfigFromInit: () => providerConfigFromInit +// src/submodules/protocols/index.ts +var protocols_exports = {}; +__export(protocols_exports, { + FromStringShapeDeserializer: () => FromStringShapeDeserializer, + HttpBindingProtocol: () => HttpBindingProtocol, + HttpInterceptingShapeDeserializer: () => HttpInterceptingShapeDeserializer, + HttpInterceptingShapeSerializer: () => HttpInterceptingShapeSerializer, + RequestBuilder: () => RequestBuilder, + RpcProtocol: () => RpcProtocol, + ToStringShapeSerializer: () => ToStringShapeSerializer, + collectBody: () => collectBody, + determineTimestampFormat: () => determineTimestampFormat, + extendedEncodeURIComponent: () => extendedEncodeURIComponent, + requestBuilder: () => requestBuilder, + resolvedPath: () => resolvedPath }); -module.exports = __toCommonJS(src_exports); - -// src/fromContainerMetadata.ts +module.exports = __toCommonJS(protocols_exports); -var import_url = __nccwpck_require__(7310); +// src/submodules/protocols/collect-stream-body.ts +var import_util_stream = __nccwpck_require__(6607); +var collectBody = async (streamBody = new Uint8Array(), context) => { + if (streamBody instanceof Uint8Array) { + return import_util_stream.Uint8ArrayBlobAdapter.mutate(streamBody); + } + if (!streamBody) { + return import_util_stream.Uint8ArrayBlobAdapter.mutate(new Uint8Array()); + } + const fromContext = context.streamCollector(streamBody); + return import_util_stream.Uint8ArrayBlobAdapter.mutate(await fromContext); +}; -// src/remoteProvider/httpRequest.ts -var import_property_provider = __nccwpck_require__(9721); -var import_buffer = __nccwpck_require__(4300); -var import_http = __nccwpck_require__(3685); -function httpRequest(options) { - return new Promise((resolve, reject) => { - const req = (0, import_http.request)({ - method: "GET", - ...options, - // Node.js http module doesn't accept hostname with square brackets - // Refs: https://github.com/nodejs/node/issues/39738 - hostname: options.hostname?.replace(/^\[(.+)\]$/, "$1") - }); - req.on("error", (err) => { - reject(Object.assign(new import_property_provider.ProviderError("Unable to connect to instance metadata service"), err)); - req.destroy(); - }); - req.on("timeout", () => { - reject(new import_property_provider.ProviderError("TimeoutError from instance metadata service")); - req.destroy(); - }); - req.on("response", (res) => { - const { statusCode = 400 } = res; - if (statusCode < 200 || 300 <= statusCode) { - reject( - Object.assign(new import_property_provider.ProviderError("Error response received from instance metadata service"), { statusCode }) - ); - req.destroy(); - } - const chunks = []; - res.on("data", (chunk) => { - chunks.push(chunk); - }); - res.on("end", () => { - resolve(import_buffer.Buffer.concat(chunks)); - req.destroy(); - }); - }); - req.end(); +// src/submodules/protocols/extended-encode-uri-component.ts +function extendedEncodeURIComponent(str) { + return encodeURIComponent(str).replace(/[!'()*]/g, function(c) { + return "%" + c.charCodeAt(0).toString(16).toUpperCase(); }); } -__name(httpRequest, "httpRequest"); - -// src/remoteProvider/ImdsCredentials.ts -var isImdsCredentials = /* @__PURE__ */ __name((arg) => Boolean(arg) && typeof arg === "object" && typeof arg.AccessKeyId === "string" && typeof arg.SecretAccessKey === "string" && typeof arg.Token === "string" && typeof arg.Expiration === "string", "isImdsCredentials"); -var fromImdsCredentials = /* @__PURE__ */ __name((creds) => ({ - accessKeyId: creds.AccessKeyId, - secretAccessKey: creds.SecretAccessKey, - sessionToken: creds.Token, - expiration: new Date(creds.Expiration), - ...creds.AccountId && { accountId: creds.AccountId } -}), "fromImdsCredentials"); -// src/remoteProvider/RemoteProviderInit.ts -var DEFAULT_TIMEOUT = 1e3; -var DEFAULT_MAX_RETRIES = 0; -var providerConfigFromInit = /* @__PURE__ */ __name(({ - maxRetries = DEFAULT_MAX_RETRIES, - timeout = DEFAULT_TIMEOUT -}) => ({ maxRetries, timeout }), "providerConfigFromInit"); +// src/submodules/protocols/HttpBindingProtocol.ts +var import_schema2 = __nccwpck_require__(9826); +var import_serde = __nccwpck_require__(7669); +var import_protocol_http2 = __nccwpck_require__(4418); +var import_util_stream2 = __nccwpck_require__(6607); -// src/remoteProvider/retry.ts -var retry = /* @__PURE__ */ __name((toRetry, maxRetries) => { - let promise = toRetry(); - for (let i = 0; i < maxRetries; i++) { - promise = promise.catch(toRetry); +// src/submodules/protocols/HttpProtocol.ts +var import_schema = __nccwpck_require__(9826); +var import_protocol_http = __nccwpck_require__(4418); +var HttpProtocol = class { + constructor(options) { + this.options = options; } - return promise; -}, "retry"); - -// src/fromContainerMetadata.ts -var ENV_CMDS_FULL_URI = "AWS_CONTAINER_CREDENTIALS_FULL_URI"; -var ENV_CMDS_RELATIVE_URI = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"; -var ENV_CMDS_AUTH_TOKEN = "AWS_CONTAINER_AUTHORIZATION_TOKEN"; -var fromContainerMetadata = /* @__PURE__ */ __name((init = {}) => { - const { timeout, maxRetries } = providerConfigFromInit(init); - return () => retry(async () => { - const requestOptions = await getCmdsUri({ logger: init.logger }); - const credsResponse = JSON.parse(await requestFromEcsImds(timeout, requestOptions)); - if (!isImdsCredentials(credsResponse)) { - throw new import_property_provider.CredentialsProviderError("Invalid response received from instance metadata service.", { - logger: init.logger - }); - } - return fromImdsCredentials(credsResponse); - }, maxRetries); -}, "fromContainerMetadata"); -var requestFromEcsImds = /* @__PURE__ */ __name(async (timeout, options) => { - if (process.env[ENV_CMDS_AUTH_TOKEN]) { - options.headers = { - ...options.headers, - Authorization: process.env[ENV_CMDS_AUTH_TOKEN] - }; + getRequestType() { + return import_protocol_http.HttpRequest; } - const buffer = await httpRequest({ - ...options, - timeout - }); - return buffer.toString(); -}, "requestFromEcsImds"); -var CMDS_IP = "169.254.170.2"; -var GREENGRASS_HOSTS = { - localhost: true, - "127.0.0.1": true -}; -var GREENGRASS_PROTOCOLS = { - "http:": true, - "https:": true -}; -var getCmdsUri = /* @__PURE__ */ __name(async ({ logger }) => { - if (process.env[ENV_CMDS_RELATIVE_URI]) { - return { - hostname: CMDS_IP, - path: process.env[ENV_CMDS_RELATIVE_URI] - }; + getResponseType() { + return import_protocol_http.HttpResponse; } - if (process.env[ENV_CMDS_FULL_URI]) { - const parsed = (0, import_url.parse)(process.env[ENV_CMDS_FULL_URI]); - if (!parsed.hostname || !(parsed.hostname in GREENGRASS_HOSTS)) { - throw new import_property_provider.CredentialsProviderError(`${parsed.hostname} is not a valid container metadata service hostname`, { - tryNextLink: false, - logger - }); + setSerdeContext(serdeContext) { + this.serdeContext = serdeContext; + this.serializer.setSerdeContext(serdeContext); + this.deserializer.setSerdeContext(serdeContext); + if (this.getPayloadCodec()) { + this.getPayloadCodec().setSerdeContext(serdeContext); } - if (!parsed.protocol || !(parsed.protocol in GREENGRASS_PROTOCOLS)) { - throw new import_property_provider.CredentialsProviderError(`${parsed.protocol} is not a valid container metadata service protocol`, { - tryNextLink: false, - logger - }); + } + updateServiceEndpoint(request, endpoint) { + if ("url" in endpoint) { + request.protocol = endpoint.url.protocol; + request.hostname = endpoint.url.hostname; + request.port = endpoint.url.port ? Number(endpoint.url.port) : void 0; + request.path = endpoint.url.pathname; + request.fragment = endpoint.url.hash || void 0; + request.username = endpoint.url.username || void 0; + request.password = endpoint.url.password || void 0; + for (const [k, v] of endpoint.url.searchParams.entries()) { + if (!request.query) { + request.query = {}; + } + request.query[k] = v; + } + return request; + } else { + request.protocol = endpoint.protocol; + request.hostname = endpoint.hostname; + request.port = endpoint.port ? Number(endpoint.port) : void 0; + request.path = endpoint.path; + request.query = { + ...endpoint.query + }; + return request; + } + } + setHostPrefix(request, operationSchema, input) { + const operationNs = import_schema.NormalizedSchema.of(operationSchema); + const inputNs = import_schema.NormalizedSchema.of(operationSchema.input); + if (operationNs.getMergedTraits().endpoint) { + let hostPrefix = operationNs.getMergedTraits().endpoint?.[0]; + if (typeof hostPrefix === "string") { + const hostLabelInputs = [...inputNs.structIterator()].filter( + ([, member]) => member.getMergedTraits().hostLabel + ); + for (const [name] of hostLabelInputs) { + const replacement = input[name]; + if (typeof replacement !== "string") { + throw new Error(`@smithy/core/schema - ${name} in input must be a string as hostLabel.`); + } + hostPrefix = hostPrefix.replace(`{${name}}`, replacement); + } + request.hostname = hostPrefix + request.hostname; + } } + } + deserializeMetadata(output) { return { - ...parsed, - port: parsed.port ? parseInt(parsed.port, 10) : void 0 + httpStatusCode: output.statusCode, + requestId: output.headers["x-amzn-requestid"] ?? output.headers["x-amzn-request-id"] ?? output.headers["x-amz-request-id"], + extendedRequestId: output.headers["x-amz-id-2"], + cfId: output.headers["x-amz-cf-id"] }; } - throw new import_property_provider.CredentialsProviderError( - `The container metadata credential provider cannot be used unless the ${ENV_CMDS_RELATIVE_URI} or ${ENV_CMDS_FULL_URI} environment variable is set`, - { - tryNextLink: false, - logger - } - ); -}, "getCmdsUri"); - -// src/fromInstanceMetadata.ts - - - -// src/error/InstanceMetadataV1FallbackError.ts - -var InstanceMetadataV1FallbackError = class _InstanceMetadataV1FallbackError extends import_property_provider.CredentialsProviderError { - constructor(message, tryNextLink = true) { - super(message, tryNextLink); - this.tryNextLink = tryNextLink; - this.name = "InstanceMetadataV1FallbackError"; - Object.setPrototypeOf(this, _InstanceMetadataV1FallbackError.prototype); - } - static { - __name(this, "InstanceMetadataV1FallbackError"); + async deserializeHttpMessage(schema, context, response, arg4, arg5) { + return []; } }; -// src/utils/getInstanceMetadataEndpoint.ts -var import_node_config_provider = __nccwpck_require__(3461); -var import_url_parser = __nccwpck_require__(4681); - -// src/config/Endpoint.ts -var Endpoint = /* @__PURE__ */ ((Endpoint2) => { - Endpoint2["IPv4"] = "http://169.254.169.254"; - Endpoint2["IPv6"] = "http://[fd00:ec2::254]"; - return Endpoint2; -})(Endpoint || {}); - -// src/config/EndpointConfigOptions.ts -var ENV_ENDPOINT_NAME = "AWS_EC2_METADATA_SERVICE_ENDPOINT"; -var CONFIG_ENDPOINT_NAME = "ec2_metadata_service_endpoint"; -var ENDPOINT_CONFIG_OPTIONS = { - environmentVariableSelector: (env) => env[ENV_ENDPOINT_NAME], - configFileSelector: (profile) => profile[CONFIG_ENDPOINT_NAME], - default: void 0 -}; - -// src/config/EndpointMode.ts -var EndpointMode = /* @__PURE__ */ ((EndpointMode2) => { - EndpointMode2["IPv4"] = "IPv4"; - EndpointMode2["IPv6"] = "IPv6"; - return EndpointMode2; -})(EndpointMode || {}); - -// src/config/EndpointModeConfigOptions.ts -var ENV_ENDPOINT_MODE_NAME = "AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE"; -var CONFIG_ENDPOINT_MODE_NAME = "ec2_metadata_service_endpoint_mode"; -var ENDPOINT_MODE_CONFIG_OPTIONS = { - environmentVariableSelector: (env) => env[ENV_ENDPOINT_MODE_NAME], - configFileSelector: (profile) => profile[CONFIG_ENDPOINT_MODE_NAME], - default: "IPv4" /* IPv4 */ -}; - -// src/utils/getInstanceMetadataEndpoint.ts -var getInstanceMetadataEndpoint = /* @__PURE__ */ __name(async () => (0, import_url_parser.parseUrl)(await getFromEndpointConfig() || await getFromEndpointModeConfig()), "getInstanceMetadataEndpoint"); -var getFromEndpointConfig = /* @__PURE__ */ __name(async () => (0, import_node_config_provider.loadConfig)(ENDPOINT_CONFIG_OPTIONS)(), "getFromEndpointConfig"); -var getFromEndpointModeConfig = /* @__PURE__ */ __name(async () => { - const endpointMode = await (0, import_node_config_provider.loadConfig)(ENDPOINT_MODE_CONFIG_OPTIONS)(); - switch (endpointMode) { - case "IPv4" /* IPv4 */: - return "http://169.254.169.254" /* IPv4 */; - case "IPv6" /* IPv6 */: - return "http://[fd00:ec2::254]" /* IPv6 */; - default: - throw new Error(`Unsupported endpoint mode: ${endpointMode}. Select from ${Object.values(EndpointMode)}`); - } -}, "getFromEndpointModeConfig"); - -// src/utils/getExtendedInstanceMetadataCredentials.ts -var STATIC_STABILITY_REFRESH_INTERVAL_SECONDS = 5 * 60; -var STATIC_STABILITY_REFRESH_INTERVAL_JITTER_WINDOW_SECONDS = 5 * 60; -var STATIC_STABILITY_DOC_URL = "https://docs.aws.amazon.com/sdkref/latest/guide/feature-static-credentials.html"; -var getExtendedInstanceMetadataCredentials = /* @__PURE__ */ __name((credentials, logger) => { - const refreshInterval = STATIC_STABILITY_REFRESH_INTERVAL_SECONDS + Math.floor(Math.random() * STATIC_STABILITY_REFRESH_INTERVAL_JITTER_WINDOW_SECONDS); - const newExpiration = new Date(Date.now() + refreshInterval * 1e3); - logger.warn( - `Attempting credential expiration extension due to a credential service availability issue. A refresh of these credentials will be attempted after ${new Date(newExpiration)}. -For more information, please visit: ` + STATIC_STABILITY_DOC_URL - ); - const originalExpiration = credentials.originalExpiration ?? credentials.expiration; - return { - ...credentials, - ...originalExpiration ? { originalExpiration } : {}, - expiration: newExpiration - }; -}, "getExtendedInstanceMetadataCredentials"); - -// src/utils/staticStabilityProvider.ts -var staticStabilityProvider = /* @__PURE__ */ __name((provider, options = {}) => { - const logger = options?.logger || console; - let pastCredentials; - return async () => { - let credentials; - try { - credentials = await provider(); - if (credentials.expiration && credentials.expiration.getTime() < Date.now()) { - credentials = getExtendedInstanceMetadataCredentials(credentials, logger); +// src/submodules/protocols/HttpBindingProtocol.ts +var HttpBindingProtocol = class extends HttpProtocol { + async serializeRequest(operationSchema, _input, context) { + const input = { + ..._input ?? {} + }; + const serializer = this.serializer; + const query = {}; + const headers = {}; + const endpoint = await context.endpoint(); + const ns = import_schema2.NormalizedSchema.of(operationSchema?.input); + const schema = ns.getSchema(); + let hasNonHttpBindingMember = false; + let payload; + const request = new import_protocol_http2.HttpRequest({ + protocol: "", + hostname: "", + port: void 0, + path: "", + fragment: void 0, + query, + headers, + body: void 0 + }); + if (endpoint) { + this.updateServiceEndpoint(request, endpoint); + this.setHostPrefix(request, operationSchema, input); + const opTraits = import_schema2.NormalizedSchema.translateTraits(operationSchema.traits); + if (opTraits.http) { + request.method = opTraits.http[0]; + const [path, search] = opTraits.http[1].split("?"); + if (request.path == "/") { + request.path = path; + } else { + request.path += path; + } + const traitSearchParams = new URLSearchParams(search ?? ""); + Object.assign(query, Object.fromEntries(traitSearchParams)); } - } catch (e) { - if (pastCredentials) { - logger.warn("Credential renew failed: ", e); - credentials = getExtendedInstanceMetadataCredentials(pastCredentials, logger); + } + for (const [memberName, memberNs] of ns.structIterator()) { + const memberTraits = memberNs.getMergedTraits() ?? {}; + const inputMemberValue = input[memberName]; + if (inputMemberValue == null) { + continue; + } + if (memberTraits.httpPayload) { + const isStreaming = memberNs.isStreaming(); + if (isStreaming) { + const isEventStream = memberNs.isStructSchema(); + if (isEventStream) { + throw new Error("serialization of event streams is not yet implemented"); + } else { + payload = inputMemberValue; + } + } else { + serializer.write(memberNs, inputMemberValue); + payload = serializer.flush(); + } + delete input[memberName]; + } else if (memberTraits.httpLabel) { + serializer.write(memberNs, inputMemberValue); + const replacement = serializer.flush(); + if (request.path.includes(`{${memberName}+}`)) { + request.path = request.path.replace( + `{${memberName}+}`, + replacement.split("/").map(extendedEncodeURIComponent).join("/") + ); + } else if (request.path.includes(`{${memberName}}`)) { + request.path = request.path.replace(`{${memberName}}`, extendedEncodeURIComponent(replacement)); + } + delete input[memberName]; + } else if (memberTraits.httpHeader) { + serializer.write(memberNs, inputMemberValue); + headers[memberTraits.httpHeader.toLowerCase()] = String(serializer.flush()); + delete input[memberName]; + } else if (typeof memberTraits.httpPrefixHeaders === "string") { + for (const [key, val] of Object.entries(inputMemberValue)) { + const amalgam = memberTraits.httpPrefixHeaders + key; + serializer.write([memberNs.getValueSchema(), { httpHeader: amalgam }], val); + headers[amalgam.toLowerCase()] = serializer.flush(); + } + delete input[memberName]; + } else if (memberTraits.httpQuery || memberTraits.httpQueryParams) { + this.serializeQuery(memberNs, inputMemberValue, query); + delete input[memberName]; } else { - throw e; + hasNonHttpBindingMember = true; } } - pastCredentials = credentials; - return credentials; - }; -}, "staticStabilityProvider"); - -// src/fromInstanceMetadata.ts -var IMDS_PATH = "/latest/meta-data/iam/security-credentials/"; -var IMDS_TOKEN_PATH = "/latest/api/token"; -var AWS_EC2_METADATA_V1_DISABLED = "AWS_EC2_METADATA_V1_DISABLED"; -var PROFILE_AWS_EC2_METADATA_V1_DISABLED = "ec2_metadata_v1_disabled"; -var X_AWS_EC2_METADATA_TOKEN = "x-aws-ec2-metadata-token"; -var fromInstanceMetadata = /* @__PURE__ */ __name((init = {}) => staticStabilityProvider(getInstanceMetadataProvider(init), { logger: init.logger }), "fromInstanceMetadata"); -var getInstanceMetadataProvider = /* @__PURE__ */ __name((init = {}) => { - let disableFetchToken = false; - const { logger, profile } = init; - const { timeout, maxRetries } = providerConfigFromInit(init); - const getCredentials = /* @__PURE__ */ __name(async (maxRetries2, options) => { - const isImdsV1Fallback = disableFetchToken || options.headers?.[X_AWS_EC2_METADATA_TOKEN] == null; - if (isImdsV1Fallback) { - let fallbackBlockedFromProfile = false; - let fallbackBlockedFromProcessEnv = false; - const configValue = await (0, import_node_config_provider.loadConfig)( - { - environmentVariableSelector: (env) => { - const envValue = env[AWS_EC2_METADATA_V1_DISABLED]; - fallbackBlockedFromProcessEnv = !!envValue && envValue !== "false"; - if (envValue === void 0) { - throw new import_property_provider.CredentialsProviderError( - `${AWS_EC2_METADATA_V1_DISABLED} not set in env, checking config file next.`, - { logger: init.logger } - ); - } - return fallbackBlockedFromProcessEnv; - }, - configFileSelector: (profile2) => { - const profileValue = profile2[PROFILE_AWS_EC2_METADATA_V1_DISABLED]; - fallbackBlockedFromProfile = !!profileValue && profileValue !== "false"; - return fallbackBlockedFromProfile; - }, - default: false - }, - { - profile + if (hasNonHttpBindingMember && input) { + serializer.write(schema, input); + payload = serializer.flush(); + } + request.headers = headers; + request.query = query; + request.body = payload; + return request; + } + serializeQuery(ns, data, query) { + const serializer = this.serializer; + const traits = ns.getMergedTraits(); + if (traits.httpQueryParams) { + for (const [key, val] of Object.entries(data)) { + if (!(key in query)) { + this.serializeQuery( + import_schema2.NormalizedSchema.of([ + ns.getValueSchema(), + { + // We pass on the traits to the sub-schema + // because we are still in the process of serializing the map itself. + ...traits, + httpQuery: key, + httpQueryParams: void 0 + } + ]), + val, + query + ); } - )(); - if (init.ec2MetadataV1Disabled || configValue) { - const causes = []; - if (init.ec2MetadataV1Disabled) - causes.push("credential provider initialization (runtime option ec2MetadataV1Disabled)"); - if (fallbackBlockedFromProfile) - causes.push(`config file profile (${PROFILE_AWS_EC2_METADATA_V1_DISABLED})`); - if (fallbackBlockedFromProcessEnv) - causes.push(`process environment variable (${AWS_EC2_METADATA_V1_DISABLED})`); - throw new InstanceMetadataV1FallbackError( - `AWS EC2 Metadata v1 fallback has been blocked by AWS SDK configuration in the following: [${causes.join( - ", " - )}].` - ); } + return; } - const imdsProfile = (await retry(async () => { - let profile2; - try { - profile2 = await getProfile(options); - } catch (err) { - if (err.statusCode === 401) { - disableFetchToken = false; + if (ns.isListSchema()) { + const sparse = !!ns.getMergedTraits().sparse; + const buffer = []; + for (const item of data) { + serializer.write([ns.getValueSchema(), traits], item); + const serializable = serializer.flush(); + if (sparse || serializable !== void 0) { + buffer.push(serializable); } - throw err; } - return profile2; - }, maxRetries2)).trim(); - return retry(async () => { - let creds; - try { - creds = await getCredentialsFromProfile(imdsProfile, options, init); - } catch (err) { - if (err.statusCode === 401) { - disableFetchToken = false; + query[traits.httpQuery] = buffer; + } else { + serializer.write([ns, traits], data); + query[traits.httpQuery] = serializer.flush(); + } + } + async deserializeResponse(operationSchema, context, response) { + const deserializer = this.deserializer; + const ns = import_schema2.NormalizedSchema.of(operationSchema.output); + const dataObject = {}; + if (response.statusCode >= 300) { + const bytes = await collectBody(response.body, context); + if (bytes.byteLength > 0) { + Object.assign(dataObject, await deserializer.read(import_schema2.SCHEMA.DOCUMENT, bytes)); + } + await this.handleError(operationSchema, context, response, dataObject, this.deserializeMetadata(response)); + throw new Error("@smithy/core/protocols - HTTP Protocol error handler failed to throw."); + } + for (const header in response.headers) { + const value = response.headers[header]; + delete response.headers[header]; + response.headers[header.toLowerCase()] = value; + } + const nonHttpBindingMembers = await this.deserializeHttpMessage(ns, context, response, dataObject); + if (nonHttpBindingMembers.length) { + const bytes = await collectBody(response.body, context); + if (bytes.byteLength > 0) { + const dataFromBody = await deserializer.read(ns, bytes); + for (const member of nonHttpBindingMembers) { + dataObject[member] = dataFromBody[member]; } - throw err; } - return creds; - }, maxRetries2); - }, "getCredentials"); - return async () => { - const endpoint = await getInstanceMetadataEndpoint(); - if (disableFetchToken) { - logger?.debug("AWS SDK Instance Metadata", "using v1 fallback (no token fetch)"); - return getCredentials(maxRetries, { ...endpoint, timeout }); + } + const output = { + $metadata: this.deserializeMetadata(response), + ...dataObject + }; + return output; + } + async deserializeHttpMessage(schema, context, response, arg4, arg5) { + let dataObject; + if (arg4 instanceof Set) { + dataObject = arg5; } else { - let token; - try { - token = (await getMetadataToken({ ...endpoint, timeout })).toString(); - } catch (error) { - if (error?.statusCode === 400) { - throw Object.assign(error, { - message: "EC2 Metadata token request returned error" - }); - } else if (error.message === "TimeoutError" || [403, 404, 405].includes(error.statusCode)) { - disableFetchToken = true; + dataObject = arg4; + } + const deserializer = this.deserializer; + const ns = import_schema2.NormalizedSchema.of(schema); + const nonHttpBindingMembers = []; + for (const [memberName, memberSchema] of ns.structIterator()) { + const memberTraits = memberSchema.getMemberTraits(); + if (memberTraits.httpPayload) { + const isStreaming = memberSchema.isStreaming(); + if (isStreaming) { + const isEventStream = memberSchema.isStructSchema(); + if (isEventStream) { + const context2 = this.serdeContext; + if (!context2.eventStreamMarshaller) { + throw new Error("@smithy/core - HttpProtocol: eventStreamMarshaller missing in serdeContext."); + } + const memberSchemas = memberSchema.getMemberSchemas(); + dataObject[memberName] = context2.eventStreamMarshaller.deserialize(response.body, async (event) => { + const unionMember = Object.keys(event).find((key) => { + return key !== "__type"; + }) ?? ""; + if (unionMember in memberSchemas) { + const eventStreamSchema = memberSchemas[unionMember]; + return { + [unionMember]: await deserializer.read(eventStreamSchema, event[unionMember].body) + }; + } else { + return { + $unknown: event + }; + } + }); + } else { + dataObject[memberName] = (0, import_util_stream2.sdkStreamMixin)(response.body); + } + } else if (response.body) { + const bytes = await collectBody(response.body, context); + if (bytes.byteLength > 0) { + dataObject[memberName] = await deserializer.read(memberSchema, bytes); + } } - logger?.debug("AWS SDK Instance Metadata", "using v1 fallback (initial)"); - return getCredentials(maxRetries, { ...endpoint, timeout }); + } else if (memberTraits.httpHeader) { + const key = String(memberTraits.httpHeader).toLowerCase(); + const value = response.headers[key]; + if (null != value) { + if (memberSchema.isListSchema()) { + const headerListValueSchema = memberSchema.getValueSchema(); + let sections; + if (headerListValueSchema.isTimestampSchema() && headerListValueSchema.getSchema() === import_schema2.SCHEMA.TIMESTAMP_DEFAULT) { + sections = (0, import_serde.splitEvery)(value, ",", 2); + } else { + sections = (0, import_serde.splitHeader)(value); + } + const list = []; + for (const section of sections) { + list.push(await deserializer.read([headerListValueSchema, { httpHeader: key }], section.trim())); + } + dataObject[memberName] = list; + } else { + dataObject[memberName] = await deserializer.read(memberSchema, value); + } + } + } else if (memberTraits.httpPrefixHeaders !== void 0) { + dataObject[memberName] = {}; + for (const [header, value] of Object.entries(response.headers)) { + if (header.startsWith(memberTraits.httpPrefixHeaders)) { + dataObject[memberName][header.slice(memberTraits.httpPrefixHeaders.length)] = await deserializer.read( + [memberSchema.getValueSchema(), { httpHeader: header }], + value + ); + } + } + } else if (memberTraits.httpResponseCode) { + dataObject[memberName] = response.statusCode; + } else { + nonHttpBindingMembers.push(memberName); } - return getCredentials(maxRetries, { - ...endpoint, - headers: { - [X_AWS_EC2_METADATA_TOKEN]: token - }, - timeout - }); } - }; -}, "getInstanceMetadataProvider"); -var getMetadataToken = /* @__PURE__ */ __name(async (options) => httpRequest({ - ...options, - path: IMDS_TOKEN_PATH, - method: "PUT", - headers: { - "x-aws-ec2-metadata-token-ttl-seconds": "21600" + return nonHttpBindingMembers; + } +}; + +// src/submodules/protocols/RpcProtocol.ts +var import_schema3 = __nccwpck_require__(9826); +var import_protocol_http3 = __nccwpck_require__(4418); +var RpcProtocol = class extends HttpProtocol { + async serializeRequest(operationSchema, input, context) { + const serializer = this.serializer; + const query = {}; + const headers = {}; + const endpoint = await context.endpoint(); + const ns = import_schema3.NormalizedSchema.of(operationSchema?.input); + const schema = ns.getSchema(); + let payload; + const request = new import_protocol_http3.HttpRequest({ + protocol: "", + hostname: "", + port: void 0, + path: "/", + fragment: void 0, + query, + headers, + body: void 0 + }); + if (endpoint) { + this.updateServiceEndpoint(request, endpoint); + this.setHostPrefix(request, operationSchema, input); + } + const _input = { + ...input + }; + if (input) { + serializer.write(schema, _input); + payload = serializer.flush(); + } + request.headers = headers; + request.query = query; + request.body = payload; + request.method = "POST"; + return request; } -}), "getMetadataToken"); -var getProfile = /* @__PURE__ */ __name(async (options) => (await httpRequest({ ...options, path: IMDS_PATH })).toString(), "getProfile"); -var getCredentialsFromProfile = /* @__PURE__ */ __name(async (profile, options, init) => { - const credentialsResponse = JSON.parse( - (await httpRequest({ - ...options, - path: IMDS_PATH + profile - })).toString() - ); - if (!isImdsCredentials(credentialsResponse)) { - throw new import_property_provider.CredentialsProviderError("Invalid response received from instance metadata service.", { - logger: init.logger - }); + async deserializeResponse(operationSchema, context, response) { + const deserializer = this.deserializer; + const ns = import_schema3.NormalizedSchema.of(operationSchema.output); + const dataObject = {}; + if (response.statusCode >= 300) { + const bytes2 = await collectBody(response.body, context); + if (bytes2.byteLength > 0) { + Object.assign(dataObject, await deserializer.read(import_schema3.SCHEMA.DOCUMENT, bytes2)); + } + await this.handleError(operationSchema, context, response, dataObject, this.deserializeMetadata(response)); + throw new Error("@smithy/core/protocols - RPC Protocol error handler failed to throw."); + } + for (const header in response.headers) { + const value = response.headers[header]; + delete response.headers[header]; + response.headers[header.toLowerCase()] = value; + } + const bytes = await collectBody(response.body, context); + if (bytes.byteLength > 0) { + Object.assign(dataObject, await deserializer.read(ns, bytes)); + } + const output = { + $metadata: this.deserializeMetadata(response), + ...dataObject + }; + return output; } - return fromImdsCredentials(credentialsResponse); -}, "getCredentialsFromProfile"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), +}; -/***/ 6459: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +// src/submodules/protocols/requestBuilder.ts +var import_protocol_http4 = __nccwpck_require__(4418); -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); +// src/submodules/protocols/resolve-path.ts +var resolvedPath = (resolvedPath2, input, memberName, labelValueProvider, uriLabel, isGreedyLabel) => { + if (input != null && input[memberName] !== void 0) { + const labelValue = labelValueProvider(); + if (labelValue.length <= 0) { + throw new Error("Empty value provided for input HTTP label: " + memberName + "."); + } + resolvedPath2 = resolvedPath2.replace( + uriLabel, + isGreedyLabel ? labelValue.split("/").map((segment) => extendedEncodeURIComponent(segment)).join("/") : extendedEncodeURIComponent(labelValue) + ); + } else { + throw new Error("No value provided for input HTTP label: " + memberName + "."); } - return to; + return resolvedPath2; }; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var src_exports = {}; -__export(src_exports, { - EventStreamCodec: () => EventStreamCodec, - HeaderMarshaller: () => HeaderMarshaller, - Int64: () => Int64, - MessageDecoderStream: () => MessageDecoderStream, - MessageEncoderStream: () => MessageEncoderStream, - SmithyMessageDecoderStream: () => SmithyMessageDecoderStream, - SmithyMessageEncoderStream: () => SmithyMessageEncoderStream -}); -module.exports = __toCommonJS(src_exports); - -// src/EventStreamCodec.ts -var import_crc322 = __nccwpck_require__(8408); -// src/HeaderMarshaller.ts +// src/submodules/protocols/requestBuilder.ts +function requestBuilder(input, context) { + return new RequestBuilder(input, context); +} +var RequestBuilder = class { + constructor(input, context) { + this.input = input; + this.context = context; + this.query = {}; + this.method = ""; + this.headers = {}; + this.path = ""; + this.body = null; + this.hostname = ""; + this.resolvePathStack = []; + } + async build() { + const { hostname, protocol = "https", port, path: basePath } = await this.context.endpoint(); + this.path = basePath; + for (const resolvePath of this.resolvePathStack) { + resolvePath(this.path); + } + return new import_protocol_http4.HttpRequest({ + protocol, + hostname: this.hostname || hostname, + port, + method: this.method, + path: this.path, + query: this.query, + body: this.body, + headers: this.headers + }); + } + /** + * Brevity setter for "hostname". + */ + hn(hostname) { + this.hostname = hostname; + return this; + } + /** + * Brevity initial builder for "basepath". + */ + bp(uriLabel) { + this.resolvePathStack.push((basePath) => { + this.path = `${basePath?.endsWith("/") ? basePath.slice(0, -1) : basePath || ""}` + uriLabel; + }); + return this; + } + /** + * Brevity incremental builder for "path". + */ + p(memberName, labelValueProvider, uriLabel, isGreedyLabel) { + this.resolvePathStack.push((path) => { + this.path = resolvedPath(path, this.input, memberName, labelValueProvider, uriLabel, isGreedyLabel); + }); + return this; + } + /** + * Brevity setter for "headers". + */ + h(headers) { + this.headers = headers; + return this; + } + /** + * Brevity setter for "query". + */ + q(query) { + this.query = query; + return this; + } + /** + * Brevity setter for "body". + */ + b(body) { + this.body = body; + return this; + } + /** + * Brevity setter for "method". + */ + m(method) { + this.method = method; + return this; + } +}; +// src/submodules/protocols/serde/FromStringShapeDeserializer.ts +var import_schema5 = __nccwpck_require__(9826); +var import_serde2 = __nccwpck_require__(7669); +var import_util_base64 = __nccwpck_require__(5600); +var import_util_utf8 = __nccwpck_require__(1895); -// src/Int64.ts -var import_util_hex_encoding = __nccwpck_require__(5364); -var Int64 = class _Int64 { - constructor(bytes) { - this.bytes = bytes; - if (bytes.byteLength !== 8) { - throw new Error("Int64 buffers must be exactly 8 bytes"); +// src/submodules/protocols/serde/determineTimestampFormat.ts +var import_schema4 = __nccwpck_require__(9826); +function determineTimestampFormat(ns, settings) { + if (settings.timestampFormat.useTrait) { + if (ns.isTimestampSchema() && (ns.getSchema() === import_schema4.SCHEMA.TIMESTAMP_DATE_TIME || ns.getSchema() === import_schema4.SCHEMA.TIMESTAMP_HTTP_DATE || ns.getSchema() === import_schema4.SCHEMA.TIMESTAMP_EPOCH_SECONDS)) { + return ns.getSchema(); } } - static { - __name(this, "Int64"); + const { httpLabel, httpPrefixHeaders, httpHeader, httpQuery } = ns.getMergedTraits(); + const bindingFormat = settings.httpBindings ? typeof httpPrefixHeaders === "string" || Boolean(httpHeader) ? import_schema4.SCHEMA.TIMESTAMP_HTTP_DATE : Boolean(httpQuery) || Boolean(httpLabel) ? import_schema4.SCHEMA.TIMESTAMP_DATE_TIME : void 0 : void 0; + return bindingFormat ?? settings.timestampFormat.default; +} + +// src/submodules/protocols/serde/FromStringShapeDeserializer.ts +var FromStringShapeDeserializer = class { + constructor(settings) { + this.settings = settings; } - static fromNumber(number) { - if (number > 9223372036854776e3 || number < -9223372036854776e3) { - throw new Error(`${number} is too large (or, if negative, too small) to represent as an Int64`); + setSerdeContext(serdeContext) { + this.serdeContext = serdeContext; + } + read(_schema, data) { + const ns = import_schema5.NormalizedSchema.of(_schema); + if (ns.isListSchema()) { + return (0, import_serde2.splitHeader)(data).map((item) => this.read(ns.getValueSchema(), item)); } - const bytes = new Uint8Array(8); - for (let i = 7, remaining = Math.abs(Math.round(number)); i > -1 && remaining > 0; i--, remaining /= 256) { - bytes[i] = remaining; + if (ns.isBlobSchema()) { + return (this.serdeContext?.base64Decoder ?? import_util_base64.fromBase64)(data); } - if (number < 0) { - negate(bytes); + if (ns.isTimestampSchema()) { + const format = determineTimestampFormat(ns, this.settings); + switch (format) { + case import_schema5.SCHEMA.TIMESTAMP_DATE_TIME: + return (0, import_serde2.parseRfc3339DateTimeWithOffset)(data); + case import_schema5.SCHEMA.TIMESTAMP_HTTP_DATE: + return (0, import_serde2.parseRfc7231DateTime)(data); + case import_schema5.SCHEMA.TIMESTAMP_EPOCH_SECONDS: + return (0, import_serde2.parseEpochTimestamp)(data); + default: + console.warn("Missing timestamp format, parsing value with Date constructor:", data); + return new Date(data); + } } - return new _Int64(bytes); - } - /** - * Called implicitly by infix arithmetic operators. - */ - valueOf() { - const bytes = this.bytes.slice(0); - const negative = bytes[0] & 128; - if (negative) { - negate(bytes); + if (ns.isStringSchema()) { + const mediaType = ns.getMergedTraits().mediaType; + let intermediateValue = data; + if (mediaType) { + if (ns.getMergedTraits().httpHeader) { + intermediateValue = this.base64ToUtf8(intermediateValue); + } + const isJson = mediaType === "application/json" || mediaType.endsWith("+json"); + if (isJson) { + intermediateValue = import_serde2.LazyJsonString.from(intermediateValue); + } + return intermediateValue; + } } - return parseInt((0, import_util_hex_encoding.toHex)(bytes), 16) * (negative ? -1 : 1); + switch (true) { + case ns.isNumericSchema(): + return Number(data); + case ns.isBigIntegerSchema(): + return BigInt(data); + case ns.isBigDecimalSchema(): + return new import_serde2.NumericValue(data, "bigDecimal"); + case ns.isBooleanSchema(): + return String(data).toLowerCase() === "true"; + } + return data; } - toString() { - return String(this.valueOf()); + base64ToUtf8(base64String) { + return (this.serdeContext?.utf8Encoder ?? import_util_utf8.toUtf8)((this.serdeContext?.base64Decoder ?? import_util_base64.fromBase64)(base64String)); } }; -function negate(bytes) { - for (let i = 0; i < 8; i++) { - bytes[i] ^= 255; - } - for (let i = 7; i > -1; i--) { - bytes[i]++; - if (bytes[i] !== 0) - break; - } -} -__name(negate, "negate"); -// src/HeaderMarshaller.ts -var HeaderMarshaller = class { - constructor(toUtf8, fromUtf8) { - this.toUtf8 = toUtf8; - this.fromUtf8 = fromUtf8; +// src/submodules/protocols/serde/HttpInterceptingShapeDeserializer.ts +var import_schema6 = __nccwpck_require__(9826); +var import_util_utf82 = __nccwpck_require__(1895); +var HttpInterceptingShapeDeserializer = class { + constructor(codecDeserializer, codecSettings) { + this.codecDeserializer = codecDeserializer; + this.stringDeserializer = new FromStringShapeDeserializer(codecSettings); } - static { - __name(this, "HeaderMarshaller"); + setSerdeContext(serdeContext) { + this.stringDeserializer.setSerdeContext(serdeContext); + this.codecDeserializer.setSerdeContext(serdeContext); + this.serdeContext = serdeContext; } - format(headers) { - const chunks = []; - for (const headerName of Object.keys(headers)) { - const bytes = this.fromUtf8(headerName); - chunks.push(Uint8Array.from([bytes.byteLength]), bytes, this.formatHeaderValue(headers[headerName])); + read(schema, data) { + const ns = import_schema6.NormalizedSchema.of(schema); + const traits = ns.getMergedTraits(); + const toString = this.serdeContext?.utf8Encoder ?? import_util_utf82.toUtf8; + if (traits.httpHeader || traits.httpResponseCode) { + return this.stringDeserializer.read(ns, toString(data)); } - const out = new Uint8Array(chunks.reduce((carry, bytes) => carry + bytes.byteLength, 0)); - let position = 0; - for (const chunk of chunks) { - out.set(chunk, position); - position += chunk.byteLength; + if (traits.httpPayload) { + if (ns.isBlobSchema()) { + const toBytes = this.serdeContext?.utf8Decoder ?? import_util_utf82.fromUtf8; + if (typeof data === "string") { + return toBytes(data); + } + return data; + } else if (ns.isStringSchema()) { + if ("byteLength" in data) { + return toString(data); + } + return data; + } } - return out; + return this.codecDeserializer.read(ns, data); } - formatHeaderValue(header) { - switch (header.type) { - case "boolean": - return Uint8Array.from([header.value ? 0 /* boolTrue */ : 1 /* boolFalse */]); - case "byte": - return Uint8Array.from([2 /* byte */, header.value]); - case "short": - const shortView = new DataView(new ArrayBuffer(3)); - shortView.setUint8(0, 3 /* short */); - shortView.setInt16(1, header.value, false); - return new Uint8Array(shortView.buffer); - case "integer": - const intView = new DataView(new ArrayBuffer(5)); - intView.setUint8(0, 4 /* integer */); - intView.setInt32(1, header.value, false); - return new Uint8Array(intView.buffer); - case "long": - const longBytes = new Uint8Array(9); - longBytes[0] = 5 /* long */; - longBytes.set(header.value.bytes, 1); - return longBytes; - case "binary": - const binView = new DataView(new ArrayBuffer(3 + header.value.byteLength)); - binView.setUint8(0, 6 /* byteArray */); - binView.setUint16(1, header.value.byteLength, false); - const binBytes = new Uint8Array(binView.buffer); - binBytes.set(header.value, 3); - return binBytes; +}; + +// src/submodules/protocols/serde/HttpInterceptingShapeSerializer.ts +var import_schema8 = __nccwpck_require__(9826); + +// src/submodules/protocols/serde/ToStringShapeSerializer.ts +var import_schema7 = __nccwpck_require__(9826); +var import_serde3 = __nccwpck_require__(7669); +var import_util_base642 = __nccwpck_require__(5600); +var ToStringShapeSerializer = class { + constructor(settings) { + this.settings = settings; + this.stringBuffer = ""; + this.serdeContext = void 0; + } + setSerdeContext(serdeContext) { + this.serdeContext = serdeContext; + } + write(schema, value) { + const ns = import_schema7.NormalizedSchema.of(schema); + switch (typeof value) { + case "object": + if (value === null) { + this.stringBuffer = "null"; + return; + } + if (ns.isTimestampSchema()) { + if (!(value instanceof Date)) { + throw new Error( + `@smithy/core/protocols - received non-Date value ${value} when schema expected Date in ${ns.getName(true)}` + ); + } + const format = determineTimestampFormat(ns, this.settings); + switch (format) { + case import_schema7.SCHEMA.TIMESTAMP_DATE_TIME: + this.stringBuffer = value.toISOString().replace(".000Z", "Z"); + break; + case import_schema7.SCHEMA.TIMESTAMP_HTTP_DATE: + this.stringBuffer = (0, import_serde3.dateToUtcString)(value); + break; + case import_schema7.SCHEMA.TIMESTAMP_EPOCH_SECONDS: + this.stringBuffer = String(value.getTime() / 1e3); + break; + default: + console.warn("Missing timestamp format, using epoch seconds", value); + this.stringBuffer = String(value.getTime() / 1e3); + } + return; + } + if (ns.isBlobSchema() && "byteLength" in value) { + this.stringBuffer = (this.serdeContext?.base64Encoder ?? import_util_base642.toBase64)(value); + return; + } + if (ns.isListSchema() && Array.isArray(value)) { + let buffer = ""; + for (const item of value) { + this.write([ns.getValueSchema(), ns.getMergedTraits()], item); + const headerItem = this.flush(); + const serialized = ns.getValueSchema().isTimestampSchema() ? headerItem : (0, import_serde3.quoteHeader)(headerItem); + if (buffer !== "") { + buffer += ", "; + } + buffer += serialized; + } + this.stringBuffer = buffer; + return; + } + this.stringBuffer = JSON.stringify(value, null, 2); + break; case "string": - const utf8Bytes = this.fromUtf8(header.value); - const strView = new DataView(new ArrayBuffer(3 + utf8Bytes.byteLength)); - strView.setUint8(0, 7 /* string */); - strView.setUint16(1, utf8Bytes.byteLength, false); - const strBytes = new Uint8Array(strView.buffer); - strBytes.set(utf8Bytes, 3); - return strBytes; - case "timestamp": - const tsBytes = new Uint8Array(9); - tsBytes[0] = 8 /* timestamp */; - tsBytes.set(Int64.fromNumber(header.value.valueOf()).bytes, 1); - return tsBytes; - case "uuid": - if (!UUID_PATTERN.test(header.value)) { - throw new Error(`Invalid UUID received: ${header.value}`); + const mediaType = ns.getMergedTraits().mediaType; + let intermediateValue = value; + if (mediaType) { + const isJson = mediaType === "application/json" || mediaType.endsWith("+json"); + if (isJson) { + intermediateValue = import_serde3.LazyJsonString.from(intermediateValue); + } + if (ns.getMergedTraits().httpHeader) { + this.stringBuffer = (this.serdeContext?.base64Encoder ?? import_util_base642.toBase64)(intermediateValue.toString()); + return; + } } - const uuidBytes = new Uint8Array(17); - uuidBytes[0] = 9 /* uuid */; - uuidBytes.set((0, import_util_hex_encoding.fromHex)(header.value.replace(/\-/g, "")), 1); - return uuidBytes; + this.stringBuffer = value; + break; + default: + this.stringBuffer = String(value); + } + } + flush() { + const buffer = this.stringBuffer; + this.stringBuffer = ""; + return buffer; + } +}; + +// src/submodules/protocols/serde/HttpInterceptingShapeSerializer.ts +var HttpInterceptingShapeSerializer = class { + constructor(codecSerializer, codecSettings, stringSerializer = new ToStringShapeSerializer(codecSettings)) { + this.codecSerializer = codecSerializer; + this.stringSerializer = stringSerializer; + } + setSerdeContext(serdeContext) { + this.codecSerializer.setSerdeContext(serdeContext); + this.stringSerializer.setSerdeContext(serdeContext); + } + write(schema, value) { + const ns = import_schema8.NormalizedSchema.of(schema); + const traits = ns.getMergedTraits(); + if (traits.httpHeader || traits.httpLabel || traits.httpQuery) { + this.stringSerializer.write(ns, value); + this.buffer = this.stringSerializer.flush(); + return; } + return this.codecSerializer.write(ns, value); } - parse(headers) { - const out = {}; - let position = 0; - while (position < headers.byteLength) { - const nameLength = headers.getUint8(position++); - const name = this.toUtf8(new Uint8Array(headers.buffer, headers.byteOffset + position, nameLength)); - position += nameLength; - switch (headers.getUint8(position++)) { - case 0 /* boolTrue */: - out[name] = { - type: BOOLEAN_TAG, - value: true - }; - break; - case 1 /* boolFalse */: - out[name] = { - type: BOOLEAN_TAG, - value: false - }; - break; - case 2 /* byte */: - out[name] = { - type: BYTE_TAG, - value: headers.getInt8(position++) - }; - break; - case 3 /* short */: - out[name] = { - type: SHORT_TAG, - value: headers.getInt16(position, false) - }; - position += 2; - break; - case 4 /* integer */: - out[name] = { - type: INT_TAG, - value: headers.getInt32(position, false) - }; - position += 4; - break; - case 5 /* long */: - out[name] = { - type: LONG_TAG, - value: new Int64(new Uint8Array(headers.buffer, headers.byteOffset + position, 8)) - }; - position += 8; - break; - case 6 /* byteArray */: - const binaryLength = headers.getUint16(position, false); - position += 2; - out[name] = { - type: BINARY_TAG, - value: new Uint8Array(headers.buffer, headers.byteOffset + position, binaryLength) - }; - position += binaryLength; - break; - case 7 /* string */: - const stringLength = headers.getUint16(position, false); - position += 2; - out[name] = { - type: STRING_TAG, - value: this.toUtf8(new Uint8Array(headers.buffer, headers.byteOffset + position, stringLength)) - }; - position += stringLength; - break; - case 8 /* timestamp */: - out[name] = { - type: TIMESTAMP_TAG, - value: new Date(new Int64(new Uint8Array(headers.buffer, headers.byteOffset + position, 8)).valueOf()) - }; - position += 8; - break; - case 9 /* uuid */: - const uuidBytes = new Uint8Array(headers.buffer, headers.byteOffset + position, 16); - position += 16; - out[name] = { - type: UUID_TAG, - value: `${(0, import_util_hex_encoding.toHex)(uuidBytes.subarray(0, 4))}-${(0, import_util_hex_encoding.toHex)(uuidBytes.subarray(4, 6))}-${(0, import_util_hex_encoding.toHex)( - uuidBytes.subarray(6, 8) - )}-${(0, import_util_hex_encoding.toHex)(uuidBytes.subarray(8, 10))}-${(0, import_util_hex_encoding.toHex)(uuidBytes.subarray(10))}` - }; - break; - default: - throw new Error(`Unrecognized header type tag`); - } + flush() { + if (this.buffer !== void 0) { + const buffer = this.buffer; + this.buffer = void 0; + return buffer; } - return out; + return this.codecSerializer.flush(); } }; -var BOOLEAN_TAG = "boolean"; -var BYTE_TAG = "byte"; -var SHORT_TAG = "short"; -var INT_TAG = "integer"; -var LONG_TAG = "long"; -var BINARY_TAG = "binary"; -var STRING_TAG = "string"; -var TIMESTAMP_TAG = "timestamp"; -var UUID_TAG = "uuid"; -var UUID_PATTERN = /^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/; +// Annotate the CommonJS export names for ESM import in node: +0 && (0); -// src/splitMessage.ts -var import_crc32 = __nccwpck_require__(8408); -var PRELUDE_MEMBER_LENGTH = 4; -var PRELUDE_LENGTH = PRELUDE_MEMBER_LENGTH * 2; -var CHECKSUM_LENGTH = 4; -var MINIMUM_MESSAGE_LENGTH = PRELUDE_LENGTH + CHECKSUM_LENGTH * 2; -function splitMessage({ byteLength, byteOffset, buffer }) { - if (byteLength < MINIMUM_MESSAGE_LENGTH) { - throw new Error("Provided message too short to accommodate event stream message overhead"); - } - const view = new DataView(buffer, byteOffset, byteLength); - const messageLength = view.getUint32(0, false); - if (byteLength !== messageLength) { - throw new Error("Reported message length does not match received message length"); + +/***/ }), + +/***/ 9826: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } - const headerLength = view.getUint32(PRELUDE_MEMBER_LENGTH, false); - const expectedPreludeChecksum = view.getUint32(PRELUDE_LENGTH, false); - const expectedMessageChecksum = view.getUint32(byteLength - CHECKSUM_LENGTH, false); - const checksummer = new import_crc32.Crc32().update(new Uint8Array(buffer, byteOffset, PRELUDE_LENGTH)); - if (expectedPreludeChecksum !== checksummer.digest()) { - throw new Error( - `The prelude checksum specified in the message (${expectedPreludeChecksum}) does not match the calculated CRC32 checksum (${checksummer.digest()})` - ); + return to; +}; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/submodules/schema/index.ts +var schema_exports = {}; +__export(schema_exports, { + ErrorSchema: () => ErrorSchema, + ListSchema: () => ListSchema, + MapSchema: () => MapSchema, + NormalizedSchema: () => NormalizedSchema, + OperationSchema: () => OperationSchema, + SCHEMA: () => SCHEMA, + Schema: () => Schema, + SimpleSchema: () => SimpleSchema, + StructureSchema: () => StructureSchema, + TypeRegistry: () => TypeRegistry, + deref: () => deref, + deserializerMiddlewareOption: () => deserializerMiddlewareOption, + error: () => error, + getSchemaSerdePlugin: () => getSchemaSerdePlugin, + list: () => list, + map: () => map, + op: () => op, + serializerMiddlewareOption: () => serializerMiddlewareOption, + sim: () => sim, + struct: () => struct +}); +module.exports = __toCommonJS(schema_exports); + +// src/submodules/schema/deref.ts +var deref = (schemaRef) => { + if (typeof schemaRef === "function") { + return schemaRef(); } - checksummer.update( - new Uint8Array(buffer, byteOffset + PRELUDE_LENGTH, byteLength - (PRELUDE_LENGTH + CHECKSUM_LENGTH)) - ); - if (expectedMessageChecksum !== checksummer.digest()) { - throw new Error( - `The message checksum (${checksummer.digest()}) did not match the expected value of ${expectedMessageChecksum}` + return schemaRef; +}; + +// src/submodules/schema/middleware/schemaDeserializationMiddleware.ts +var import_protocol_http = __nccwpck_require__(4418); +var import_util_middleware = __nccwpck_require__(2390); +var schemaDeserializationMiddleware = (config) => (next, context) => async (args) => { + const { response } = await next(args); + const { operationSchema } = (0, import_util_middleware.getSmithyContext)(context); + try { + const parsed = await config.protocol.deserializeResponse( + operationSchema, + { + ...config, + ...context + }, + response ); + return { + response, + output: parsed + }; + } catch (error2) { + Object.defineProperty(error2, "$response", { + value: response + }); + if (!("$metadata" in error2)) { + const hint = `Deserialization error: to see the raw response, inspect the hidden field {error}.$response on this object.`; + try { + error2.message += "\n " + hint; + } catch (e) { + if (!context.logger || context.logger?.constructor?.name === "NoOpLogger") { + console.warn(hint); + } else { + context.logger?.warn?.(hint); + } + } + if (typeof error2.$responseBodyText !== "undefined") { + if (error2.$response) { + error2.$response.body = error2.$responseBodyText; + } + } + try { + if (import_protocol_http.HttpResponse.isInstance(response)) { + const { headers = {} } = response; + const headerEntries = Object.entries(headers); + error2.$metadata = { + httpStatusCode: response.statusCode, + requestId: findHeader(/^x-[\w-]+-request-?id$/, headerEntries), + extendedRequestId: findHeader(/^x-[\w-]+-id-2$/, headerEntries), + cfId: findHeader(/^x-[\w-]+-cf-id$/, headerEntries) + }; + } + } catch (e) { + } + } + throw error2; } +}; +var findHeader = (pattern, headers) => { + return (headers.find(([k]) => { + return k.match(pattern); + }) || [void 0, void 0])[1]; +}; + +// src/submodules/schema/middleware/schemaSerializationMiddleware.ts +var import_util_middleware2 = __nccwpck_require__(2390); +var schemaSerializationMiddleware = (config) => (next, context) => async (args) => { + const { operationSchema } = (0, import_util_middleware2.getSmithyContext)(context); + const endpoint = context.endpointV2?.url && config.urlParser ? async () => config.urlParser(context.endpointV2.url) : config.endpoint; + const request = await config.protocol.serializeRequest(operationSchema, args.input, { + ...config, + ...context, + endpoint + }); + return next({ + ...args, + request + }); +}; + +// src/submodules/schema/middleware/getSchemaSerdePlugin.ts +var deserializerMiddlewareOption = { + name: "deserializerMiddleware", + step: "deserialize", + tags: ["DESERIALIZER"], + override: true +}; +var serializerMiddlewareOption = { + name: "serializerMiddleware", + step: "serialize", + tags: ["SERIALIZER"], + override: true +}; +function getSchemaSerdePlugin(config) { return { - headers: new DataView(buffer, byteOffset + PRELUDE_LENGTH + CHECKSUM_LENGTH, headerLength), - body: new Uint8Array( - buffer, - byteOffset + PRELUDE_LENGTH + CHECKSUM_LENGTH + headerLength, - messageLength - headerLength - (PRELUDE_LENGTH + CHECKSUM_LENGTH + CHECKSUM_LENGTH) - ) + applyToStack: (commandStack) => { + commandStack.add(schemaSerializationMiddleware(config), serializerMiddlewareOption); + commandStack.add(schemaDeserializationMiddleware(config), deserializerMiddlewareOption); + config.protocol.setSerdeContext(config); + } }; } -__name(splitMessage, "splitMessage"); -// src/EventStreamCodec.ts -var EventStreamCodec = class { - static { - __name(this, "EventStreamCodec"); - } - constructor(toUtf8, fromUtf8) { - this.headerMarshaller = new HeaderMarshaller(toUtf8, fromUtf8); - this.messageBuffer = []; - this.isEndOfStream = false; +// src/submodules/schema/TypeRegistry.ts +var TypeRegistry = class _TypeRegistry { + constructor(namespace, schemas = /* @__PURE__ */ new Map()) { + this.namespace = namespace; + this.schemas = schemas; } - feed(message) { - this.messageBuffer.push(this.decode(message)); + static { + this.registries = /* @__PURE__ */ new Map(); } - endOfStream() { - this.isEndOfStream = true; + /** + * @param namespace - specifier. + * @returns the schema for that namespace, creating it if necessary. + */ + static for(namespace) { + if (!_TypeRegistry.registries.has(namespace)) { + _TypeRegistry.registries.set(namespace, new _TypeRegistry(namespace)); + } + return _TypeRegistry.registries.get(namespace); } - getMessage() { - const message = this.messageBuffer.pop(); - const isEndOfStream = this.isEndOfStream; - return { - getMessage() { - return message; - }, - isEndOfStream() { - return isEndOfStream; - } - }; + /** + * Adds the given schema to a type registry with the same namespace. + * + * @param shapeId - to be registered. + * @param schema - to be registered. + */ + register(shapeId, schema) { + const qualifiedName = this.normalizeShapeId(shapeId); + const registry = _TypeRegistry.for(this.getNamespace(shapeId)); + registry.schemas.set(qualifiedName, schema); } - getAvailableMessages() { - const messages = this.messageBuffer; - this.messageBuffer = []; - const isEndOfStream = this.isEndOfStream; - return { - getMessages() { - return messages; - }, - isEndOfStream() { - return isEndOfStream; - } - }; + /** + * @param shapeId - query. + * @returns the schema. + */ + getSchema(shapeId) { + const id = this.normalizeShapeId(shapeId); + if (!this.schemas.has(id)) { + throw new Error(`@smithy/core/schema - schema not found for ${id}`); + } + return this.schemas.get(id); } /** - * Convert a structured JavaScript object with tagged headers into a binary - * event stream message. + * The smithy-typescript code generator generates a synthetic (i.e. unmodeled) base exception, + * because generated SDKs before the introduction of schemas have the notion of a ServiceBaseException, which + * is unique per service/model. + * + * This is generated under a unique prefix that is combined with the service namespace, and this + * method is used to retrieve it. + * + * The base exception synthetic schema is used when an error is returned by a service, but we cannot + * determine what existing schema to use to deserialize it. + * + * @returns the synthetic base exception of the service namespace associated with this registry instance. */ - encode({ headers: rawHeaders, body }) { - const headers = this.headerMarshaller.format(rawHeaders); - const length = headers.byteLength + body.byteLength + 16; - const out = new Uint8Array(length); - const view = new DataView(out.buffer, out.byteOffset, out.byteLength); - const checksum = new import_crc322.Crc32(); - view.setUint32(0, length, false); - view.setUint32(4, headers.byteLength, false); - view.setUint32(8, checksum.update(out.subarray(0, 8)).digest(), false); - out.set(headers, 12); - out.set(body, headers.byteLength + 12); - view.setUint32(length - 4, checksum.update(out.subarray(8, length - 4)).digest(), false); - return out; + getBaseException() { + for (const [id, schema] of this.schemas.entries()) { + if (id.startsWith("smithy.ts.sdk.synthetic.") && id.endsWith("ServiceException")) { + return schema; + } + } + return void 0; } /** - * Convert a binary event stream message into a JavaScript object with an - * opaque, binary body and tagged, parsed headers. + * @param predicate - criterion. + * @returns a schema in this registry matching the predicate. */ - decode(message) { - const { headers, body } = splitMessage(message); - return { headers: this.headerMarshaller.parse(headers), body }; + find(predicate) { + return [...this.schemas.values()].find(predicate); } /** - * Convert a structured JavaScript object with tagged headers into a binary - * event stream message header. + * Unloads the current TypeRegistry. */ - formatHeaders(rawHeaders) { - return this.headerMarshaller.format(rawHeaders); + destroy() { + _TypeRegistry.registries.delete(this.namespace); + this.schemas.clear(); + } + normalizeShapeId(shapeId) { + if (shapeId.includes("#")) { + return shapeId; + } + return this.namespace + "#" + shapeId; + } + getNamespace(shapeId) { + return this.normalizeShapeId(shapeId).split("#")[0]; } }; -// src/MessageDecoderStream.ts -var MessageDecoderStream = class { - constructor(options) { - this.options = options; +// src/submodules/schema/schemas/Schema.ts +var Schema = class { + constructor(name, traits) { + this.name = name; + this.traits = traits; + } +}; + +// src/submodules/schema/schemas/ListSchema.ts +var ListSchema = class _ListSchema extends Schema { + constructor(name, traits, valueSchema) { + super(name, traits); + this.name = name; + this.traits = traits; + this.valueSchema = valueSchema; + this.symbol = _ListSchema.symbol; } static { - __name(this, "MessageDecoderStream"); + this.symbol = Symbol.for("@smithy/core/schema::ListSchema"); } - [Symbol.asyncIterator]() { - return this.asyncIterator(); + static [Symbol.hasInstance](lhs) { + const isPrototype = _ListSchema.prototype.isPrototypeOf(lhs); + if (!isPrototype && typeof lhs === "object" && lhs !== null) { + const list2 = lhs; + return list2.symbol === _ListSchema.symbol; + } + return isPrototype; } - async *asyncIterator() { - for await (const bytes of this.options.inputStream) { - const decoded = this.options.decoder.decode(bytes); - yield decoded; +}; +function list(namespace, name, traits = {}, valueSchema) { + const schema = new ListSchema( + namespace + "#" + name, + traits, + typeof valueSchema === "function" ? valueSchema() : valueSchema + ); + TypeRegistry.for(namespace).register(name, schema); + return schema; +} + +// src/submodules/schema/schemas/MapSchema.ts +var MapSchema = class _MapSchema extends Schema { + constructor(name, traits, keySchema, valueSchema) { + super(name, traits); + this.name = name; + this.traits = traits; + this.keySchema = keySchema; + this.valueSchema = valueSchema; + this.symbol = _MapSchema.symbol; + } + static { + this.symbol = Symbol.for("@smithy/core/schema::MapSchema"); + } + static [Symbol.hasInstance](lhs) { + const isPrototype = _MapSchema.prototype.isPrototypeOf(lhs); + if (!isPrototype && typeof lhs === "object" && lhs !== null) { + const map2 = lhs; + return map2.symbol === _MapSchema.symbol; } + return isPrototype; + } +}; +function map(namespace, name, traits = {}, keySchema, valueSchema) { + const schema = new MapSchema( + namespace + "#" + name, + traits, + keySchema, + typeof valueSchema === "function" ? valueSchema() : valueSchema + ); + TypeRegistry.for(namespace).register(name, schema); + return schema; +} + +// src/submodules/schema/schemas/OperationSchema.ts +var OperationSchema = class extends Schema { + constructor(name, traits, input, output) { + super(name, traits); + this.name = name; + this.traits = traits; + this.input = input; + this.output = output; } }; +function op(namespace, name, traits = {}, input, output) { + const schema = new OperationSchema(namespace + "#" + name, traits, input, output); + TypeRegistry.for(namespace).register(name, schema); + return schema; +} -// src/MessageEncoderStream.ts -var MessageEncoderStream = class { - constructor(options) { - this.options = options; +// src/submodules/schema/schemas/StructureSchema.ts +var StructureSchema = class _StructureSchema extends Schema { + constructor(name, traits, memberNames, memberList) { + super(name, traits); + this.name = name; + this.traits = traits; + this.memberNames = memberNames; + this.memberList = memberList; + this.symbol = _StructureSchema.symbol; + this.members = {}; + for (let i = 0; i < memberNames.length; ++i) { + this.members[memberNames[i]] = Array.isArray(memberList[i]) ? memberList[i] : [memberList[i], 0]; + } } static { - __name(this, "MessageEncoderStream"); - } - [Symbol.asyncIterator]() { - return this.asyncIterator(); + this.symbol = Symbol.for("@smithy/core/schema::StructureSchema"); } - async *asyncIterator() { - for await (const msg of this.options.messageStream) { - const encoded = this.options.encoder.encode(msg); - yield encoded; - } - if (this.options.includeEndFrame) { - yield new Uint8Array(0); + static [Symbol.hasInstance](lhs) { + const isPrototype = _StructureSchema.prototype.isPrototypeOf(lhs); + if (!isPrototype && typeof lhs === "object" && lhs !== null) { + const struct2 = lhs; + return struct2.symbol === _StructureSchema.symbol; } + return isPrototype; } }; +function struct(namespace, name, traits, memberNames, memberList) { + const schema = new StructureSchema(namespace + "#" + name, traits, memberNames, memberList); + TypeRegistry.for(namespace).register(name, schema); + return schema; +} -// src/SmithyMessageDecoderStream.ts -var SmithyMessageDecoderStream = class { - constructor(options) { - this.options = options; +// src/submodules/schema/schemas/ErrorSchema.ts +var ErrorSchema = class _ErrorSchema extends StructureSchema { + constructor(name, traits, memberNames, memberList, ctor) { + super(name, traits, memberNames, memberList); + this.name = name; + this.traits = traits; + this.memberNames = memberNames; + this.memberList = memberList; + this.ctor = ctor; + this.symbol = _ErrorSchema.symbol; } static { - __name(this, "SmithyMessageDecoderStream"); - } - [Symbol.asyncIterator]() { - return this.asyncIterator(); + this.symbol = Symbol.for("@smithy/core/schema::ErrorSchema"); } - async *asyncIterator() { - for await (const message of this.options.messageStream) { - const deserialized = await this.options.deserializer(message); - if (deserialized === void 0) - continue; - yield deserialized; + static [Symbol.hasInstance](lhs) { + const isPrototype = _ErrorSchema.prototype.isPrototypeOf(lhs); + if (!isPrototype && typeof lhs === "object" && lhs !== null) { + const err = lhs; + return err.symbol === _ErrorSchema.symbol; } + return isPrototype; } }; +function error(namespace, name, traits = {}, memberNames, memberList, ctor) { + const schema = new ErrorSchema(namespace + "#" + name, traits, memberNames, memberList, ctor); + TypeRegistry.for(namespace).register(name, schema); + return schema; +} -// src/SmithyMessageEncoderStream.ts -var SmithyMessageEncoderStream = class { - constructor(options) { - this.options = options; +// src/submodules/schema/schemas/sentinels.ts +var SCHEMA = { + BLOB: 21, + // 21 + STREAMING_BLOB: 42, + // 42 + BOOLEAN: 2, + // 2 + STRING: 0, + // 0 + NUMERIC: 1, + // 1 + BIG_INTEGER: 17, + // 17 + BIG_DECIMAL: 19, + // 19 + DOCUMENT: 15, + // 15 + TIMESTAMP_DEFAULT: 4, + // 4 + TIMESTAMP_DATE_TIME: 5, + // 5 + TIMESTAMP_HTTP_DATE: 6, + // 6 + TIMESTAMP_EPOCH_SECONDS: 7, + // 7 + LIST_MODIFIER: 64, + // 64 + MAP_MODIFIER: 128 + // 128 +}; + +// src/submodules/schema/schemas/SimpleSchema.ts +var SimpleSchema = class _SimpleSchema extends Schema { + constructor(name, schemaRef, traits) { + super(name, traits); + this.name = name; + this.schemaRef = schemaRef; + this.traits = traits; + this.symbol = _SimpleSchema.symbol; } static { - __name(this, "SmithyMessageEncoderStream"); - } - [Symbol.asyncIterator]() { - return this.asyncIterator(); + this.symbol = Symbol.for("@smithy/core/schema::SimpleSchema"); } - async *asyncIterator() { - for await (const chunk of this.options.inputStream) { - const payloadBuf = this.options.serializer(chunk); - yield payloadBuf; + static [Symbol.hasInstance](lhs) { + const isPrototype = _SimpleSchema.prototype.isPrototypeOf(lhs); + if (!isPrototype && typeof lhs === "object" && lhs !== null) { + const sim2 = lhs; + return sim2.symbol === _SimpleSchema.symbol; } + return isPrototype; } }; -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 6181: -/***/ ((module) => { - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var src_exports = {}; -__export(src_exports, { - resolveEventStreamSerdeConfig: () => resolveEventStreamSerdeConfig -}); -module.exports = __toCommonJS(src_exports); - -// src/EventStreamSerdeConfig.ts -var resolveEventStreamSerdeConfig = /* @__PURE__ */ __name((input) => Object.assign(input, { - eventStreamMarshaller: input.eventStreamSerdeProvider(input) -}), "resolveEventStreamSerdeConfig"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 7682: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var src_exports = {}; -__export(src_exports, { - EventStreamMarshaller: () => EventStreamMarshaller, - eventStreamSerdeProvider: () => eventStreamSerdeProvider -}); -module.exports = __toCommonJS(src_exports); - -// src/EventStreamMarshaller.ts -var import_eventstream_serde_universal = __nccwpck_require__(6673); -var import_stream = __nccwpck_require__(2781); +function sim(namespace, name, schemaRef, traits) { + const schema = new SimpleSchema(namespace + "#" + name, schemaRef, traits); + TypeRegistry.for(namespace).register(name, schema); + return schema; +} -// src/utils.ts -async function* readabletoIterable(readStream) { - let streamEnded = false; - let generationEnded = false; - const records = new Array(); - readStream.on("error", (err) => { - if (!streamEnded) { - streamEnded = true; +// src/submodules/schema/schemas/NormalizedSchema.ts +var NormalizedSchema = class _NormalizedSchema { + /** + * @param ref - a polymorphic SchemaRef to be dereferenced/normalized. + * @param memberName - optional memberName if this NormalizedSchema should be considered a member schema. + */ + constructor(ref, memberName) { + this.ref = ref; + this.memberName = memberName; + this.symbol = _NormalizedSchema.symbol; + const traitStack = []; + let _ref = ref; + let schema = ref; + this._isMemberSchema = false; + while (Array.isArray(_ref)) { + traitStack.push(_ref[1]); + _ref = _ref[0]; + schema = deref(_ref); + this._isMemberSchema = true; } - if (err) { - throw err; + if (traitStack.length > 0) { + this.memberTraits = {}; + for (let i = traitStack.length - 1; i >= 0; --i) { + const traitSet = traitStack[i]; + Object.assign(this.memberTraits, _NormalizedSchema.translateTraits(traitSet)); + } + } else { + this.memberTraits = 0; } - }); - readStream.on("data", (data) => { - records.push(data); - }); - readStream.on("end", () => { - streamEnded = true; - }); - while (!generationEnded) { - const value = await new Promise((resolve) => setTimeout(() => resolve(records.shift()), 0)); - if (value) { - yield value; + if (schema instanceof _NormalizedSchema) { + this.name = schema.name; + this.traits = schema.traits; + this._isMemberSchema = schema._isMemberSchema; + this.schema = schema.schema; + this.memberTraits = Object.assign({}, schema.getMemberTraits(), this.getMemberTraits()); + this.normalizedTraits = void 0; + this.ref = schema.ref; + this.memberName = memberName ?? schema.memberName; + return; + } + this.schema = deref(schema); + if (this.schema && typeof this.schema === "object") { + this.traits = this.schema?.traits ?? {}; + } else { + this.traits = 0; + } + this.name = (typeof this.schema === "object" ? this.schema?.name : void 0) ?? this.memberName ?? this.getSchemaName(); + if (this._isMemberSchema && !memberName) { + throw new Error( + `@smithy/core/schema - NormalizedSchema member schema ${this.getName( + true + )} must initialize with memberName argument.` + ); } - generationEnded = streamEnded && records.length === 0; } -} -__name(readabletoIterable, "readabletoIterable"); - -// src/EventStreamMarshaller.ts -var EventStreamMarshaller = class { static { - __name(this, "EventStreamMarshaller"); + this.symbol = Symbol.for("@smithy/core/schema::NormalizedSchema"); } - constructor({ utf8Encoder, utf8Decoder }) { - this.universalMarshaller = new import_eventstream_serde_universal.EventStreamMarshaller({ - utf8Decoder, - utf8Encoder - }); + static [Symbol.hasInstance](lhs) { + const isPrototype = _NormalizedSchema.prototype.isPrototypeOf(lhs); + if (!isPrototype && typeof lhs === "object" && lhs !== null) { + const ns = lhs; + return ns.symbol === _NormalizedSchema.symbol; + } + return isPrototype; } - deserialize(body, deserializer) { - const bodyIterable = typeof body[Symbol.asyncIterator] === "function" ? body : readabletoIterable(body); - return this.universalMarshaller.deserialize(bodyIterable, deserializer); + /** + * Static constructor that attempts to avoid wrapping a NormalizedSchema within another. + */ + static of(ref, memberName) { + if (ref instanceof _NormalizedSchema) { + return ref; + } + return new _NormalizedSchema(ref, memberName); } - serialize(input, serializer) { - return import_stream.Readable.from(this.universalMarshaller.serialize(input, serializer)); + /** + * @param indicator - numeric indicator for preset trait combination. + * @returns equivalent trait object. + */ + static translateTraits(indicator) { + if (typeof indicator === "object") { + return indicator; + } + indicator = indicator | 0; + const traits = {}; + if ((indicator & 1) === 1) { + traits.httpLabel = 1; + } + if ((indicator >> 1 & 1) === 1) { + traits.idempotent = 1; + } + if ((indicator >> 2 & 1) === 1) { + traits.idempotencyToken = 1; + } + if ((indicator >> 3 & 1) === 1) { + traits.sensitive = 1; + } + if ((indicator >> 4 & 1) === 1) { + traits.httpPayload = 1; + } + if ((indicator >> 5 & 1) === 1) { + traits.httpResponseCode = 1; + } + if ((indicator >> 6 & 1) === 1) { + traits.httpQueryParams = 1; + } + return traits; } -}; - -// src/provider.ts -var eventStreamSerdeProvider = /* @__PURE__ */ __name((options) => new EventStreamMarshaller(options), "eventStreamSerdeProvider"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 6673: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + /** + * Creates a normalized member schema from the given schema and member name. + */ + static memberFrom(memberSchema, memberName) { + if (memberSchema instanceof _NormalizedSchema) { + memberSchema.memberName = memberName; + memberSchema._isMemberSchema = true; + return memberSchema; + } + return new _NormalizedSchema(memberSchema, memberName); } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var src_exports = {}; -__export(src_exports, { - EventStreamMarshaller: () => EventStreamMarshaller, - eventStreamSerdeProvider: () => eventStreamSerdeProvider -}); -module.exports = __toCommonJS(src_exports); - -// src/EventStreamMarshaller.ts -var import_eventstream_codec = __nccwpck_require__(6459); - -// src/getChunkedStream.ts -function getChunkedStream(source) { - let currentMessageTotalLength = 0; - let currentMessagePendingLength = 0; - let currentMessage = null; - let messageLengthBuffer = null; - const allocateMessage = /* @__PURE__ */ __name((size) => { - if (typeof size !== "number") { - throw new Error("Attempted to allocate an event message where size was not a number: " + size); + /** + * @returns the underlying non-normalized schema. + */ + getSchema() { + if (this.schema instanceof _NormalizedSchema) { + return this.schema = this.schema.getSchema(); } - currentMessageTotalLength = size; - currentMessagePendingLength = 4; - currentMessage = new Uint8Array(size); - const currentMessageView = new DataView(currentMessage.buffer); - currentMessageView.setUint32(0, size, false); - }, "allocateMessage"); - const iterator = /* @__PURE__ */ __name(async function* () { - const sourceIterator = source[Symbol.asyncIterator](); - while (true) { - const { value, done } = await sourceIterator.next(); - if (done) { - if (!currentMessageTotalLength) { - return; - } else if (currentMessageTotalLength === currentMessagePendingLength) { - yield currentMessage; - } else { - throw new Error("Truncated event message received."); - } - return; - } - const chunkLength = value.length; - let currentOffset = 0; - while (currentOffset < chunkLength) { - if (!currentMessage) { - const bytesRemaining = chunkLength - currentOffset; - if (!messageLengthBuffer) { - messageLengthBuffer = new Uint8Array(4); - } - const numBytesForTotal = Math.min( - 4 - currentMessagePendingLength, - // remaining bytes to fill the messageLengthBuffer - bytesRemaining - // bytes left in chunk - ); - messageLengthBuffer.set( - // @ts-ignore error TS2532: Object is possibly 'undefined' for value - value.slice(currentOffset, currentOffset + numBytesForTotal), - currentMessagePendingLength - ); - currentMessagePendingLength += numBytesForTotal; - currentOffset += numBytesForTotal; - if (currentMessagePendingLength < 4) { - break; - } - allocateMessage(new DataView(messageLengthBuffer.buffer).getUint32(0, false)); - messageLengthBuffer = null; - } - const numBytesToWrite = Math.min( - currentMessageTotalLength - currentMessagePendingLength, - // number of bytes left to complete message - chunkLength - currentOffset - // number of bytes left in the original chunk - ); - currentMessage.set( - // @ts-ignore error TS2532: Object is possibly 'undefined' for value - value.slice(currentOffset, currentOffset + numBytesToWrite), - currentMessagePendingLength - ); - currentMessagePendingLength += numBytesToWrite; - currentOffset += numBytesToWrite; - if (currentMessageTotalLength && currentMessageTotalLength === currentMessagePendingLength) { - yield currentMessage; - currentMessage = null; - currentMessageTotalLength = 0; - currentMessagePendingLength = 0; - } + if (this.schema instanceof SimpleSchema) { + return deref(this.schema.schemaRef); + } + return deref(this.schema); + } + /** + * @param withNamespace - qualifies the name. + * @returns e.g. `MyShape` or `com.namespace#MyShape`. + */ + getName(withNamespace = false) { + if (!withNamespace) { + if (this.name && this.name.includes("#")) { + return this.name.split("#")[1]; } } - }, "iterator"); - return { - [Symbol.asyncIterator]: iterator - }; -} -__name(getChunkedStream, "getChunkedStream"); - -// src/getUnmarshalledStream.ts -function getMessageUnmarshaller(deserializer, toUtf8) { - return async function(message) { - const { value: messageType } = message.headers[":message-type"]; - if (messageType === "error") { - const unmodeledError = new Error(message.headers[":error-message"].value || "UnknownError"); - unmodeledError.name = message.headers[":error-code"].value; - throw unmodeledError; - } else if (messageType === "exception") { - const code = message.headers[":exception-type"].value; - const exception = { [code]: message }; - const deserializedException = await deserializer(exception); - if (deserializedException.$unknown) { - const error = new Error(toUtf8(message.body)); - error.name = code; - throw error; - } - throw deserializedException[code]; - } else if (messageType === "event") { - const event = { - [message.headers[":event-type"].value]: message - }; - const deserialized = await deserializer(event); - if (deserialized.$unknown) - return; - return deserialized; - } else { - throw Error(`Unrecognizable event type: ${message.headers[":event-type"].value}`); + return this.name || void 0; + } + /** + * @returns the member name if the schema is a member schema. + * @throws Error when the schema isn't a member schema. + */ + getMemberName() { + if (!this.isMemberSchema()) { + throw new Error(`@smithy/core/schema - cannot get member name on non-member schema: ${this.getName(true)}`); } - }; -} -__name(getMessageUnmarshaller, "getMessageUnmarshaller"); - -// src/EventStreamMarshaller.ts -var EventStreamMarshaller = class { - static { - __name(this, "EventStreamMarshaller"); + return this.memberName; } - constructor({ utf8Encoder, utf8Decoder }) { - this.eventStreamCodec = new import_eventstream_codec.EventStreamCodec(utf8Encoder, utf8Decoder); - this.utfEncoder = utf8Encoder; + isMemberSchema() { + return this._isMemberSchema; } - deserialize(body, deserializer) { - const inputStream = getChunkedStream(body); - return new import_eventstream_codec.SmithyMessageDecoderStream({ - messageStream: new import_eventstream_codec.MessageDecoderStream({ inputStream, decoder: this.eventStreamCodec }), - // @ts-expect-error Type 'T' is not assignable to type 'Record