@aws-sdk/credential-provider-imds
Advanced tools
Comparing version 3.178.0 to 3.183.0
@@ -6,2 +6,10 @@ # Change Log | ||
# [3.183.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.182.0...v3.183.0) (2022-10-03) | ||
**Note:** Version bump only for package @aws-sdk/credential-provider-imds | ||
# [3.178.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.177.0...v3.178.0) (2022-09-23) | ||
@@ -8,0 +16,0 @@ |
@@ -1,7 +0,7 @@ | ||
export var ENV_ENDPOINT_NAME = "AWS_EC2_METADATA_SERVICE_ENDPOINT"; | ||
export var CONFIG_ENDPOINT_NAME = "ec2_metadata_service_endpoint"; | ||
export var ENDPOINT_CONFIG_OPTIONS = { | ||
environmentVariableSelector: function (env) { return env[ENV_ENDPOINT_NAME]; }, | ||
configFileSelector: function (profile) { return profile[CONFIG_ENDPOINT_NAME]; }, | ||
export const ENV_ENDPOINT_NAME = "AWS_EC2_METADATA_SERVICE_ENDPOINT"; | ||
export const CONFIG_ENDPOINT_NAME = "ec2_metadata_service_endpoint"; | ||
export const ENDPOINT_CONFIG_OPTIONS = { | ||
environmentVariableSelector: (env) => env[ENV_ENDPOINT_NAME], | ||
configFileSelector: (profile) => profile[CONFIG_ENDPOINT_NAME], | ||
default: undefined, | ||
}; |
import { EndpointMode } from "./EndpointMode"; | ||
export var ENV_ENDPOINT_MODE_NAME = "AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE"; | ||
export var CONFIG_ENDPOINT_MODE_NAME = "ec2_metadata_service_endpoint_mode"; | ||
export var ENDPOINT_MODE_CONFIG_OPTIONS = { | ||
environmentVariableSelector: function (env) { return env[ENV_ENDPOINT_MODE_NAME]; }, | ||
configFileSelector: function (profile) { return profile[CONFIG_ENDPOINT_MODE_NAME]; }, | ||
export const ENV_ENDPOINT_MODE_NAME = "AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE"; | ||
export const CONFIG_ENDPOINT_MODE_NAME = "ec2_metadata_service_endpoint_mode"; | ||
export const ENDPOINT_MODE_CONFIG_OPTIONS = { | ||
environmentVariableSelector: (env) => env[ENV_ENDPOINT_MODE_NAME], | ||
configFileSelector: (profile) => profile[CONFIG_ENDPOINT_MODE_NAME], | ||
default: EndpointMode.IPv4, | ||
}; |
@@ -1,2 +0,1 @@ | ||
import { __assign, __awaiter, __generator } from "tslib"; | ||
import { CredentialsProviderError } from "@aws-sdk/property-provider"; | ||
@@ -8,76 +7,61 @@ import { parse } from "url"; | ||
import { retry } from "./remoteProvider/retry"; | ||
export var ENV_CMDS_FULL_URI = "AWS_CONTAINER_CREDENTIALS_FULL_URI"; | ||
export var ENV_CMDS_RELATIVE_URI = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"; | ||
export var ENV_CMDS_AUTH_TOKEN = "AWS_CONTAINER_AUTHORIZATION_TOKEN"; | ||
export var fromContainerMetadata = function (init) { | ||
if (init === void 0) { init = {}; } | ||
var _a = providerConfigFromInit(init), timeout = _a.timeout, maxRetries = _a.maxRetries; | ||
return function () { | ||
return retry(function () { return __awaiter(void 0, void 0, void 0, function () { | ||
var requestOptions, credsResponse, _a, _b; | ||
return __generator(this, function (_c) { | ||
switch (_c.label) { | ||
case 0: return [4, getCmdsUri()]; | ||
case 1: | ||
requestOptions = _c.sent(); | ||
_b = (_a = JSON).parse; | ||
return [4, requestFromEcsImds(timeout, requestOptions)]; | ||
case 2: | ||
credsResponse = _b.apply(_a, [_c.sent()]); | ||
if (!isImdsCredentials(credsResponse)) { | ||
throw new CredentialsProviderError("Invalid response received from instance metadata service."); | ||
} | ||
return [2, fromImdsCredentials(credsResponse)]; | ||
} | ||
}); | ||
}); }, maxRetries); | ||
}; | ||
export const ENV_CMDS_FULL_URI = "AWS_CONTAINER_CREDENTIALS_FULL_URI"; | ||
export const ENV_CMDS_RELATIVE_URI = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"; | ||
export const ENV_CMDS_AUTH_TOKEN = "AWS_CONTAINER_AUTHORIZATION_TOKEN"; | ||
export const fromContainerMetadata = (init = {}) => { | ||
const { timeout, maxRetries } = providerConfigFromInit(init); | ||
return () => retry(async () => { | ||
const requestOptions = await getCmdsUri(); | ||
const credsResponse = JSON.parse(await requestFromEcsImds(timeout, requestOptions)); | ||
if (!isImdsCredentials(credsResponse)) { | ||
throw new CredentialsProviderError("Invalid response received from instance metadata service."); | ||
} | ||
return fromImdsCredentials(credsResponse); | ||
}, maxRetries); | ||
}; | ||
var requestFromEcsImds = function (timeout, options) { return __awaiter(void 0, void 0, void 0, function () { | ||
var buffer; | ||
return __generator(this, function (_a) { | ||
switch (_a.label) { | ||
case 0: | ||
if (process.env[ENV_CMDS_AUTH_TOKEN]) { | ||
options.headers = __assign(__assign({}, options.headers), { Authorization: process.env[ENV_CMDS_AUTH_TOKEN] }); | ||
} | ||
return [4, httpRequest(__assign(__assign({}, options), { timeout: timeout }))]; | ||
case 1: | ||
buffer = _a.sent(); | ||
return [2, buffer.toString()]; | ||
} | ||
const requestFromEcsImds = async (timeout, options) => { | ||
if (process.env[ENV_CMDS_AUTH_TOKEN]) { | ||
options.headers = { | ||
...options.headers, | ||
Authorization: process.env[ENV_CMDS_AUTH_TOKEN], | ||
}; | ||
} | ||
const buffer = await httpRequest({ | ||
...options, | ||
timeout, | ||
}); | ||
}); }; | ||
var CMDS_IP = "169.254.170.2"; | ||
var GREENGRASS_HOSTS = { | ||
return buffer.toString(); | ||
}; | ||
const CMDS_IP = "169.254.170.2"; | ||
const GREENGRASS_HOSTS = { | ||
localhost: true, | ||
"127.0.0.1": true, | ||
}; | ||
var GREENGRASS_PROTOCOLS = { | ||
const GREENGRASS_PROTOCOLS = { | ||
"http:": true, | ||
"https:": true, | ||
}; | ||
var getCmdsUri = function () { return __awaiter(void 0, void 0, void 0, function () { | ||
var parsed; | ||
return __generator(this, function (_a) { | ||
if (process.env[ENV_CMDS_RELATIVE_URI]) { | ||
return [2, { | ||
hostname: CMDS_IP, | ||
path: process.env[ENV_CMDS_RELATIVE_URI], | ||
}]; | ||
const getCmdsUri = async () => { | ||
if (process.env[ENV_CMDS_RELATIVE_URI]) { | ||
return { | ||
hostname: CMDS_IP, | ||
path: process.env[ENV_CMDS_RELATIVE_URI], | ||
}; | ||
} | ||
if (process.env[ENV_CMDS_FULL_URI]) { | ||
const parsed = parse(process.env[ENV_CMDS_FULL_URI]); | ||
if (!parsed.hostname || !(parsed.hostname in GREENGRASS_HOSTS)) { | ||
throw new CredentialsProviderError(`${parsed.hostname} is not a valid container metadata service hostname`, false); | ||
} | ||
if (process.env[ENV_CMDS_FULL_URI]) { | ||
parsed = parse(process.env[ENV_CMDS_FULL_URI]); | ||
if (!parsed.hostname || !(parsed.hostname in GREENGRASS_HOSTS)) { | ||
throw new CredentialsProviderError("".concat(parsed.hostname, " is not a valid container metadata service hostname"), false); | ||
} | ||
if (!parsed.protocol || !(parsed.protocol in GREENGRASS_PROTOCOLS)) { | ||
throw new CredentialsProviderError("".concat(parsed.protocol, " is not a valid container metadata service protocol"), false); | ||
} | ||
return [2, __assign(__assign({}, parsed), { port: parsed.port ? parseInt(parsed.port, 10) : undefined })]; | ||
if (!parsed.protocol || !(parsed.protocol in GREENGRASS_PROTOCOLS)) { | ||
throw new CredentialsProviderError(`${parsed.protocol} is not a valid container metadata service protocol`, false); | ||
} | ||
throw new CredentialsProviderError("The container metadata credential provider cannot be used unless" + | ||
" the ".concat(ENV_CMDS_RELATIVE_URI, " or ").concat(ENV_CMDS_FULL_URI, " environment") + | ||
" variable is set", false); | ||
}); | ||
}); }; | ||
return { | ||
...parsed, | ||
port: parsed.port ? parseInt(parsed.port, 10) : undefined, | ||
}; | ||
} | ||
throw new CredentialsProviderError("The container metadata credential provider cannot be used unless" + | ||
` the ${ENV_CMDS_RELATIVE_URI} or ${ENV_CMDS_FULL_URI} environment` + | ||
" variable is set", false); | ||
}; |
@@ -1,2 +0,1 @@ | ||
import { __assign, __awaiter, __generator } from "tslib"; | ||
import { CredentialsProviderError } from "@aws-sdk/property-provider"; | ||
@@ -9,124 +8,85 @@ import { httpRequest } from "./remoteProvider/httpRequest"; | ||
import { staticStabilityProvider } from "./utils/staticStabilityProvider"; | ||
var IMDS_PATH = "/latest/meta-data/iam/security-credentials/"; | ||
var IMDS_TOKEN_PATH = "/latest/api/token"; | ||
export var fromInstanceMetadata = function (init) { | ||
if (init === void 0) { init = {}; } | ||
return staticStabilityProvider(getInstanceImdsProvider(init), { logger: init.logger }); | ||
}; | ||
var getInstanceImdsProvider = function (init) { | ||
var disableFetchToken = false; | ||
var _a = providerConfigFromInit(init), timeout = _a.timeout, maxRetries = _a.maxRetries; | ||
var getCredentials = function (maxRetries, options) { return __awaiter(void 0, void 0, void 0, function () { | ||
var profile; | ||
return __generator(this, function (_a) { | ||
switch (_a.label) { | ||
case 0: return [4, retry(function () { return __awaiter(void 0, void 0, void 0, function () { | ||
var profile, err_1; | ||
return __generator(this, function (_a) { | ||
switch (_a.label) { | ||
case 0: | ||
_a.trys.push([0, 2, , 3]); | ||
return [4, getProfile(options)]; | ||
case 1: | ||
profile = _a.sent(); | ||
return [3, 3]; | ||
case 2: | ||
err_1 = _a.sent(); | ||
if (err_1.statusCode === 401) { | ||
disableFetchToken = false; | ||
} | ||
throw err_1; | ||
case 3: return [2, profile]; | ||
} | ||
}); | ||
}); }, maxRetries)]; | ||
case 1: | ||
profile = (_a.sent()).trim(); | ||
return [2, retry(function () { return __awaiter(void 0, void 0, void 0, function () { | ||
var creds, err_2; | ||
return __generator(this, function (_a) { | ||
switch (_a.label) { | ||
case 0: | ||
_a.trys.push([0, 2, , 3]); | ||
return [4, getCredentialsFromProfile(profile, options)]; | ||
case 1: | ||
creds = _a.sent(); | ||
return [3, 3]; | ||
case 2: | ||
err_2 = _a.sent(); | ||
if (err_2.statusCode === 401) { | ||
disableFetchToken = false; | ||
} | ||
throw err_2; | ||
case 3: return [2, creds]; | ||
} | ||
}); | ||
}); }, maxRetries)]; | ||
const IMDS_PATH = "/latest/meta-data/iam/security-credentials/"; | ||
const IMDS_TOKEN_PATH = "/latest/api/token"; | ||
export const fromInstanceMetadata = (init = {}) => staticStabilityProvider(getInstanceImdsProvider(init), { logger: init.logger }); | ||
const getInstanceImdsProvider = (init) => { | ||
let disableFetchToken = false; | ||
const { timeout, maxRetries } = providerConfigFromInit(init); | ||
const getCredentials = async (maxRetries, options) => { | ||
const profile = (await retry(async () => { | ||
let profile; | ||
try { | ||
profile = await getProfile(options); | ||
} | ||
}); | ||
}); }; | ||
return function () { return __awaiter(void 0, void 0, void 0, function () { | ||
var endpoint, token, error_1; | ||
return __generator(this, function (_a) { | ||
switch (_a.label) { | ||
case 0: return [4, getInstanceMetadataEndpoint()]; | ||
case 1: | ||
endpoint = _a.sent(); | ||
if (!disableFetchToken) return [3, 2]; | ||
return [2, getCredentials(maxRetries, __assign(__assign({}, endpoint), { timeout: timeout }))]; | ||
case 2: | ||
token = void 0; | ||
_a.label = 3; | ||
case 3: | ||
_a.trys.push([3, 5, , 6]); | ||
return [4, getMetadataToken(__assign(__assign({}, endpoint), { timeout: timeout }))]; | ||
case 4: | ||
token = (_a.sent()).toString(); | ||
return [3, 6]; | ||
case 5: | ||
error_1 = _a.sent(); | ||
if ((error_1 === null || error_1 === void 0 ? void 0 : error_1.statusCode) === 400) { | ||
throw Object.assign(error_1, { | ||
message: "EC2 Metadata token request returned error", | ||
}); | ||
} | ||
else if (error_1.message === "TimeoutError" || [403, 404, 405].includes(error_1.statusCode)) { | ||
disableFetchToken = true; | ||
} | ||
return [2, getCredentials(maxRetries, __assign(__assign({}, endpoint), { timeout: timeout }))]; | ||
case 6: return [2, getCredentials(maxRetries, __assign(__assign({}, endpoint), { headers: { | ||
"x-aws-ec2-metadata-token": token, | ||
}, timeout: timeout }))]; | ||
catch (err) { | ||
if (err.statusCode === 401) { | ||
disableFetchToken = false; | ||
} | ||
throw err; | ||
} | ||
}); | ||
}); }; | ||
return profile; | ||
}, maxRetries)).trim(); | ||
return retry(async () => { | ||
let creds; | ||
try { | ||
creds = await getCredentialsFromProfile(profile, options); | ||
} | ||
catch (err) { | ||
if (err.statusCode === 401) { | ||
disableFetchToken = false; | ||
} | ||
throw err; | ||
} | ||
return creds; | ||
}, maxRetries); | ||
}; | ||
return async () => { | ||
const endpoint = await getInstanceMetadataEndpoint(); | ||
if (disableFetchToken) { | ||
return getCredentials(maxRetries, { ...endpoint, timeout }); | ||
} | ||
else { | ||
let token; | ||
try { | ||
token = (await getMetadataToken({ ...endpoint, timeout })).toString(); | ||
} | ||
catch (error) { | ||
if (error?.statusCode === 400) { | ||
throw Object.assign(error, { | ||
message: "EC2 Metadata token request returned error", | ||
}); | ||
} | ||
else if (error.message === "TimeoutError" || [403, 404, 405].includes(error.statusCode)) { | ||
disableFetchToken = true; | ||
} | ||
return getCredentials(maxRetries, { ...endpoint, timeout }); | ||
} | ||
return getCredentials(maxRetries, { | ||
...endpoint, | ||
headers: { | ||
"x-aws-ec2-metadata-token": token, | ||
}, | ||
timeout, | ||
}); | ||
} | ||
}; | ||
}; | ||
var getMetadataToken = function (options) { return __awaiter(void 0, void 0, void 0, function () { | ||
return __generator(this, function (_a) { | ||
return [2, httpRequest(__assign(__assign({}, options), { path: IMDS_TOKEN_PATH, method: "PUT", headers: { | ||
"x-aws-ec2-metadata-token-ttl-seconds": "21600", | ||
} }))]; | ||
}); | ||
}); }; | ||
var getProfile = function (options) { return __awaiter(void 0, void 0, void 0, function () { return __generator(this, function (_a) { | ||
switch (_a.label) { | ||
case 0: return [4, httpRequest(__assign(__assign({}, options), { path: IMDS_PATH }))]; | ||
case 1: return [2, (_a.sent()).toString()]; | ||
const getMetadataToken = async (options) => httpRequest({ | ||
...options, | ||
path: IMDS_TOKEN_PATH, | ||
method: "PUT", | ||
headers: { | ||
"x-aws-ec2-metadata-token-ttl-seconds": "21600", | ||
}, | ||
}); | ||
const getProfile = async (options) => (await httpRequest({ ...options, path: IMDS_PATH })).toString(); | ||
const getCredentialsFromProfile = async (profile, options) => { | ||
const credsResponse = JSON.parse((await httpRequest({ | ||
...options, | ||
path: IMDS_PATH + profile, | ||
})).toString()); | ||
if (!isImdsCredentials(credsResponse)) { | ||
throw new CredentialsProviderError("Invalid response received from instance metadata service."); | ||
} | ||
}); }); }; | ||
var getCredentialsFromProfile = function (profile, options) { return __awaiter(void 0, void 0, void 0, function () { | ||
var credsResponse, _a, _b; | ||
return __generator(this, function (_c) { | ||
switch (_c.label) { | ||
case 0: | ||
_b = (_a = JSON).parse; | ||
return [4, httpRequest(__assign(__assign({}, options), { path: IMDS_PATH + profile }))]; | ||
case 1: | ||
credsResponse = _b.apply(_a, [(_c.sent()).toString()]); | ||
if (!isImdsCredentials(credsResponse)) { | ||
throw new CredentialsProviderError("Invalid response received from instance metadata service."); | ||
} | ||
return [2, fromImdsCredentials(credsResponse)]; | ||
} | ||
}); | ||
}); }; | ||
return fromImdsCredentials(credsResponse); | ||
}; |
@@ -1,2 +0,1 @@ | ||
import { __assign } from "tslib"; | ||
import { ProviderError } from "@aws-sdk/property-provider"; | ||
@@ -6,24 +5,27 @@ import { Buffer } from "buffer"; | ||
export function httpRequest(options) { | ||
return new Promise(function (resolve, reject) { | ||
var _a; | ||
var req = request(__assign(__assign({ method: "GET" }, options), { hostname: (_a = options.hostname) === null || _a === void 0 ? void 0 : _a.replace(/^\[(.+)\]$/, "$1") })); | ||
req.on("error", function (err) { | ||
return new Promise((resolve, reject) => { | ||
const req = request({ | ||
method: "GET", | ||
...options, | ||
hostname: options.hostname?.replace(/^\[(.+)\]$/, "$1"), | ||
}); | ||
req.on("error", (err) => { | ||
reject(Object.assign(new ProviderError("Unable to connect to instance metadata service"), err)); | ||
req.destroy(); | ||
}); | ||
req.on("timeout", function () { | ||
req.on("timeout", () => { | ||
reject(new ProviderError("TimeoutError from instance metadata service")); | ||
req.destroy(); | ||
}); | ||
req.on("response", function (res) { | ||
var _a = res.statusCode, statusCode = _a === void 0 ? 400 : _a; | ||
req.on("response", (res) => { | ||
const { statusCode = 400 } = res; | ||
if (statusCode < 200 || 300 <= statusCode) { | ||
reject(Object.assign(new ProviderError("Error response received from instance metadata service"), { statusCode: statusCode })); | ||
reject(Object.assign(new ProviderError("Error response received from instance metadata service"), { statusCode })); | ||
req.destroy(); | ||
} | ||
var chunks = []; | ||
res.on("data", function (chunk) { | ||
const chunks = []; | ||
res.on("data", (chunk) => { | ||
chunks.push(chunk); | ||
}); | ||
res.on("end", function () { | ||
res.on("end", () => { | ||
resolve(Buffer.concat(chunks)); | ||
@@ -30,0 +32,0 @@ req.destroy(); |
@@ -1,10 +0,8 @@ | ||
export var isImdsCredentials = function (arg) { | ||
return Boolean(arg) && | ||
typeof arg === "object" && | ||
typeof arg.AccessKeyId === "string" && | ||
typeof arg.SecretAccessKey === "string" && | ||
typeof arg.Token === "string" && | ||
typeof arg.Expiration === "string"; | ||
}; | ||
export var fromImdsCredentials = function (creds) { return ({ | ||
export const isImdsCredentials = (arg) => Boolean(arg) && | ||
typeof arg === "object" && | ||
typeof arg.AccessKeyId === "string" && | ||
typeof arg.SecretAccessKey === "string" && | ||
typeof arg.Token === "string" && | ||
typeof arg.Expiration === "string"; | ||
export const fromImdsCredentials = (creds) => ({ | ||
accessKeyId: creds.AccessKeyId, | ||
@@ -14,2 +12,2 @@ secretAccessKey: creds.SecretAccessKey, | ||
expiration: new Date(creds.Expiration), | ||
}); }; | ||
}); |
@@ -1,6 +0,3 @@ | ||
export var DEFAULT_TIMEOUT = 1000; | ||
export var DEFAULT_MAX_RETRIES = 0; | ||
export var providerConfigFromInit = function (_a) { | ||
var _b = _a.maxRetries, maxRetries = _b === void 0 ? DEFAULT_MAX_RETRIES : _b, _c = _a.timeout, timeout = _c === void 0 ? DEFAULT_TIMEOUT : _c; | ||
return ({ maxRetries: maxRetries, timeout: timeout }); | ||
}; | ||
export const DEFAULT_TIMEOUT = 1000; | ||
export const DEFAULT_MAX_RETRIES = 0; | ||
export const providerConfigFromInit = ({ maxRetries = DEFAULT_MAX_RETRIES, timeout = DEFAULT_TIMEOUT, }) => ({ maxRetries, timeout }); |
@@ -1,4 +0,4 @@ | ||
export var retry = function (toRetry, maxRetries) { | ||
var promise = toRetry(); | ||
for (var i = 0; i < maxRetries; i++) { | ||
export const retry = (toRetry, maxRetries) => { | ||
let promise = toRetry(); | ||
for (let i = 0; i < maxRetries; i++) { | ||
promise = promise.catch(toRetry); | ||
@@ -5,0 +5,0 @@ } |
@@ -1,15 +0,17 @@ | ||
import { __assign } from "tslib"; | ||
var STATIC_STABILITY_REFRESH_INTERVAL_SECONDS = 5 * 60; | ||
var STATIC_STABILITY_REFRESH_INTERVAL_JITTER_WINDOW_SECONDS = 5 * 60; | ||
var STATIC_STABILITY_DOC_URL = "https://docs.aws.amazon.com/sdkref/latest/guide/feature-static-credentials.html"; | ||
export var getExtendedInstanceMetadataCredentials = function (credentials, logger) { | ||
var _a; | ||
var refreshInterval = STATIC_STABILITY_REFRESH_INTERVAL_SECONDS + | ||
const STATIC_STABILITY_REFRESH_INTERVAL_SECONDS = 5 * 60; | ||
const STATIC_STABILITY_REFRESH_INTERVAL_JITTER_WINDOW_SECONDS = 5 * 60; | ||
const STATIC_STABILITY_DOC_URL = "https://docs.aws.amazon.com/sdkref/latest/guide/feature-static-credentials.html"; | ||
export const getExtendedInstanceMetadataCredentials = (credentials, logger) => { | ||
const refreshInterval = STATIC_STABILITY_REFRESH_INTERVAL_SECONDS + | ||
Math.floor(Math.random() * STATIC_STABILITY_REFRESH_INTERVAL_JITTER_WINDOW_SECONDS); | ||
var newExpiration = new Date(Date.now() + refreshInterval * 1000); | ||
const newExpiration = new Date(Date.now() + refreshInterval * 1000); | ||
logger.warn("Attempting credential expiration extension due to a credential service availability issue. A refresh of these " + | ||
"credentials will be attempted after ${new Date(newExpiration)}.\nFor more information, please visit: " + | ||
STATIC_STABILITY_DOC_URL); | ||
var originalExpiration = (_a = credentials.originalExpiration) !== null && _a !== void 0 ? _a : credentials.expiration; | ||
return __assign(__assign(__assign({}, credentials), (originalExpiration ? { originalExpiration: originalExpiration } : {})), { expiration: newExpiration }); | ||
const originalExpiration = credentials.originalExpiration ?? credentials.expiration; | ||
return { | ||
...credentials, | ||
...(originalExpiration ? { originalExpiration } : {}), | ||
expiration: newExpiration, | ||
}; | ||
}; |
@@ -1,2 +0,1 @@ | ||
import { __awaiter, __generator } from "tslib"; | ||
import { loadConfig } from "@aws-sdk/node-config-provider"; | ||
@@ -8,38 +7,14 @@ import { parseUrl } from "@aws-sdk/url-parser"; | ||
import { ENDPOINT_MODE_CONFIG_OPTIONS, } from "../config/EndpointModeConfigOptions"; | ||
export var getInstanceMetadataEndpoint = function () { return __awaiter(void 0, void 0, void 0, function () { var _a, _b; return __generator(this, function (_c) { | ||
switch (_c.label) { | ||
case 0: | ||
_a = parseUrl; | ||
return [4, getFromEndpointConfig()]; | ||
case 1: | ||
_b = (_c.sent()); | ||
if (_b) return [3, 3]; | ||
return [4, getFromEndpointModeConfig()]; | ||
case 2: | ||
_b = (_c.sent()); | ||
_c.label = 3; | ||
case 3: return [2, _a.apply(void 0, [_b])]; | ||
export const getInstanceMetadataEndpoint = async () => parseUrl((await getFromEndpointConfig()) || (await getFromEndpointModeConfig())); | ||
const getFromEndpointConfig = async () => loadConfig(ENDPOINT_CONFIG_OPTIONS)(); | ||
const getFromEndpointModeConfig = async () => { | ||
const endpointMode = await loadConfig(ENDPOINT_MODE_CONFIG_OPTIONS)(); | ||
switch (endpointMode) { | ||
case EndpointMode.IPv4: | ||
return InstanceMetadataEndpoint.IPv4; | ||
case EndpointMode.IPv6: | ||
return InstanceMetadataEndpoint.IPv6; | ||
default: | ||
throw new Error(`Unsupported endpoint mode: ${endpointMode}.` + ` Select from ${Object.values(EndpointMode)}`); | ||
} | ||
}); }); }; | ||
var getFromEndpointConfig = function () { return __awaiter(void 0, void 0, void 0, function () { return __generator(this, function (_a) { | ||
return [2, loadConfig(ENDPOINT_CONFIG_OPTIONS)()]; | ||
}); }); }; | ||
var getFromEndpointModeConfig = function () { return __awaiter(void 0, void 0, void 0, function () { | ||
var endpointMode; | ||
return __generator(this, function (_a) { | ||
switch (_a.label) { | ||
case 0: return [4, loadConfig(ENDPOINT_MODE_CONFIG_OPTIONS)()]; | ||
case 1: | ||
endpointMode = _a.sent(); | ||
switch (endpointMode) { | ||
case EndpointMode.IPv4: | ||
return [2, InstanceMetadataEndpoint.IPv4]; | ||
case EndpointMode.IPv6: | ||
return [2, InstanceMetadataEndpoint.IPv6]; | ||
default: | ||
throw new Error("Unsupported endpoint mode: ".concat(endpointMode, ".") + " Select from ".concat(Object.values(EndpointMode))); | ||
} | ||
return [2]; | ||
} | ||
}); | ||
}); }; | ||
}; |
@@ -1,36 +0,25 @@ | ||
import { __awaiter, __generator } from "tslib"; | ||
import { getExtendedInstanceMetadataCredentials } from "./getExtendedInstanceMetadataCredentials"; | ||
export var staticStabilityProvider = function (provider, options) { | ||
if (options === void 0) { options = {}; } | ||
var logger = (options === null || options === void 0 ? void 0 : options.logger) || console; | ||
var pastCredentials; | ||
return function () { return __awaiter(void 0, void 0, void 0, function () { | ||
var credentials, e_1; | ||
return __generator(this, function (_a) { | ||
switch (_a.label) { | ||
case 0: | ||
_a.trys.push([0, 2, , 3]); | ||
return [4, provider()]; | ||
case 1: | ||
credentials = _a.sent(); | ||
if (credentials.expiration && credentials.expiration.getTime() < Date.now()) { | ||
credentials = getExtendedInstanceMetadataCredentials(credentials, logger); | ||
} | ||
return [3, 3]; | ||
case 2: | ||
e_1 = _a.sent(); | ||
if (pastCredentials) { | ||
logger.warn("Credential renew failed: ", e_1); | ||
credentials = getExtendedInstanceMetadataCredentials(pastCredentials, logger); | ||
} | ||
else { | ||
throw e_1; | ||
} | ||
return [3, 3]; | ||
case 3: | ||
pastCredentials = credentials; | ||
return [2, credentials]; | ||
export const staticStabilityProvider = (provider, options = {}) => { | ||
const logger = options?.logger || console; | ||
let pastCredentials; | ||
return async () => { | ||
let credentials; | ||
try { | ||
credentials = await provider(); | ||
if (credentials.expiration && credentials.expiration.getTime() < Date.now()) { | ||
credentials = getExtendedInstanceMetadataCredentials(credentials, logger); | ||
} | ||
}); | ||
}); }; | ||
} | ||
catch (e) { | ||
if (pastCredentials) { | ||
logger.warn("Credential renew failed: ", e); | ||
credentials = getExtendedInstanceMetadataCredentials(pastCredentials, logger); | ||
} | ||
else { | ||
throw e; | ||
} | ||
} | ||
pastCredentials = credentials; | ||
return credentials; | ||
}; | ||
}; |
{ | ||
"name": "@aws-sdk/credential-provider-imds", | ||
"version": "3.178.0", | ||
"version": "3.183.0", | ||
"description": "AWS credential provider that sources credentials from the EC2 instance metadata service and ECS container metadata service", | ||
@@ -27,6 +27,6 @@ "main": "./dist-cjs/index.js", | ||
"dependencies": { | ||
"@aws-sdk/node-config-provider": "3.178.0", | ||
"@aws-sdk/property-provider": "3.178.0", | ||
"@aws-sdk/types": "3.178.0", | ||
"@aws-sdk/url-parser": "3.178.0", | ||
"@aws-sdk/node-config-provider": "3.183.0", | ||
"@aws-sdk/property-provider": "3.183.0", | ||
"@aws-sdk/types": "3.183.0", | ||
"@aws-sdk/url-parser": "3.183.0", | ||
"tslib": "^2.3.1" | ||
@@ -33,0 +33,0 @@ }, |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
89209
903
+ Added@aws-sdk/node-config-provider@3.183.0(transitive)
+ Added@aws-sdk/property-provider@3.183.0(transitive)
+ Added@aws-sdk/querystring-parser@3.183.0(transitive)
+ Added@aws-sdk/shared-ini-file-loader@3.183.0(transitive)
+ Added@aws-sdk/types@3.183.0(transitive)
+ Added@aws-sdk/url-parser@3.183.0(transitive)
- Removed@aws-sdk/node-config-provider@3.178.0(transitive)
- Removed@aws-sdk/property-provider@3.178.0(transitive)
- Removed@aws-sdk/querystring-parser@3.178.0(transitive)
- Removed@aws-sdk/shared-ini-file-loader@3.178.0(transitive)
- Removed@aws-sdk/types@3.178.0(transitive)
- Removed@aws-sdk/url-parser@3.178.0(transitive)
Updated@aws-sdk/types@3.183.0
Updated@aws-sdk/url-parser@3.183.0