docker/login-action
1
0
Fork 0
mirror of https://github.com/docker/login-action.git synced 2026-03-10 01:12:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: docker:master
Branches Tags
docker:master
docker:dependabot/npm_and_yarn/docker/actions-toolkit-0.80.0
docker:dependabot/github_actions/docker/bake-action-7
docker:dependabot/npm_and_yarn/aws-sdk-dependencies-35041e3d3e
docker:releases/v3
docker:releases/v2
docker:releases/v1
docker:v4
docker:v4.0.0
docker:v3.7.0
docker:v3
docker:v3.6.0
docker:v3.5.0
docker:v3.4.0
docker:v3.3.0
docker:v3.2.0
docker:v3.1.0
docker:v3.0.0
docker:v2.2.0
docker:v2
docker:v2.1.0
docker:v2.0.0
docker:v1.14.1
docker:v1
docker:v1.14.0
docker:v1.13.0
docker:v1.12.0
docker:v1.11.0
docker:v1.10.0
docker:v1.9.0
docker:v1.8.0
docker:v1.7.0
docker:v1.6.0
docker:v1.5.0
docker:v1.4.1
docker:v1.4.0
docker:v1.3.0
docker:v1.2.0
docker:v1.1.1
docker:v1.1.0
docker:v1.0.1
docker:v1.0.0
..
compare: docker:v3.1.0
Branches Tags
docker:dependabot/npm_and_yarn/docker/actions-toolkit-0.80.0
docker:dependabot/github_actions/docker/bake-action-7
docker:master
docker:dependabot/npm_and_yarn/aws-sdk-dependencies-35041e3d3e
docker:releases/v3
docker:releases/v2
docker:releases/v1
docker:v4
docker:v4.0.0
docker:v3.7.0
docker:v3
docker:v3.6.0
docker:v3.5.0
docker:v3.4.0
docker:v3.3.0
docker:v3.2.0
docker:v3.1.0
docker:v3.0.0
docker:v2.2.0
docker:v2
docker:v2.1.0
docker:v2.0.0
docker:v1.14.1
docker:v1
docker:v1.14.0
docker:v1.13.0
docker:v1.12.0
docker:v1.11.0
docker:v1.10.0
docker:v1.9.0
docker:v1.8.0
docker:v1.7.0
docker:v1.6.0
docker:v1.5.0
docker:v1.4.1
docker:v1.4.0
docker:v1.3.0
docker:v1.2.0
docker:v1.1.1
docker:v1.1.0
docker:v1.0.1
docker:v1.0.0

No commits in common. "master" and "v3.1.0" have entirely different histories.
master ... v3.1.0

60 changed files with 16153 additions and 12461 deletions
Show Stats Expand all files Collapse all files

12
.dockerignore
View File

@ -1,12 +1,2 @@
/coverage
# Dependency directories
node_modules/
jspm_packages/
# yarn v2
.yarn/cache
.yarn/unplugged
.yarn/build-state.yml
.yarn/install-state.gz
.pnp.*
/node_modules

3
.eslintignore Normal file
View File

@ -0,0 +1,3 @@
/dist/**
/coverage/**
/node_modules/**

24
.eslintrc.json Normal file
View File

@ -0,0 +1,24 @@
{
"env": {
"node": true,
"es6": true,
"jest": true
},
"extends": [
"eslint:recommended",
"plugin:@typescript-eslint/eslint-recommended",
"plugin:@typescript-eslint/recommended",
"plugin:jest/recommended",
"plugin:prettier/recommended"
],
"parser": "@typescript-eslint/parser",
"parserOptions": {
"ecmaVersion": "latest",
"sourceType": "module"
},
"plugins": [
"@typescript-eslint",
"jest",
"prettier"
]
}

2
.gitattributes vendored
View File

@ -1,4 +1,2 @@
/.yarn/releases/** binary
/.yarn/plugins/** binary
/dist/** linguist-generated=true
/lib/** linguist-generated=true

224
.github/workflows/ci.yml vendored
View File

@ -19,7 +19,7 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v6
uses: actions/checkout@v4
-
name: Stop docker
run: |
@ -43,7 +43,7 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v6
uses: actions/checkout@v4
-
name: Login to GitHub Container Registry
uses: ./
@ -60,7 +60,7 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v6
uses: actions/checkout@v4
-
name: Login to GitHub Container Registry
uses: ./
@ -85,7 +85,7 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v6
uses: actions/checkout@v4
-
name: Login to ACR
uses: ./
@ -105,7 +105,7 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v6
uses: actions/checkout@v4
-
name: Login to Docker Hub
uses: ./
@ -124,7 +124,7 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v6
uses: actions/checkout@v4
-
name: Login to ECR
uses: ./
@ -144,10 +144,10 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v6
uses: actions/checkout@v4
-
name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v6
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@ -169,7 +169,7 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v6
uses: actions/checkout@v4
-
name: Login to Public ECR
continue-on-error: ${{ matrix.os == 'windows-latest' }}
@ -192,10 +192,10 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v6
uses: actions/checkout@v4
-
name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v6
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@ -207,7 +207,7 @@ jobs:
with:
registry: public.ecr.aws
ghcr:
github-container:
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
@ -218,7 +218,7 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v6
uses: actions/checkout@v4
-
name: Login to GitHub Container Registry
uses: ./
@ -238,7 +238,7 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v6
uses: actions/checkout@v4
-
name: Login to GitLab
uses: ./
@ -258,7 +258,7 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v6
uses: actions/checkout@v4
-
name: Login to Google Artifact Registry
uses: ./
@ -278,7 +278,7 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v6
uses: actions/checkout@v4
-
name: Login to Google Container Registry
uses: ./
@ -286,195 +286,3 @@ jobs:
registry: gcr.io
username: _json_key
password: ${{ secrets.GCR_JSON_KEY }}
registry-auth:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v6
-
name: Login to registries
uses: ./
with:
registry-auth: |
- username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- registry: public.ecr.aws
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- registry: registry.gitlab.com
username: ${{ secrets.GITLAB_USERNAME }}
password: ${{ secrets.GITLAB_TOKEN }}
registry-auth-dup:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v6
-
name: Login to registries
uses: ./
with:
registry-auth: |
- registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- registry: public.ecr.aws
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
registry-auth-exclusive:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v6
-
name: Login to registries
id: login
continue-on-error: true
uses: ./
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
registry-auth: |
- username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Check
run: |
if [ "${{ steps.login.outcome }}" != "failure" ] || [ "${{ steps.login.conclusion }}" != "success" ]; then
echo "::error::Should have failed"
exit 1
fi
scope-dockerhub:
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os:
- ubuntu-latest
- windows-latest
steps:
-
name: Checkout
uses: actions/checkout@v6
-
name: Login to Docker Hub
uses: ./
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
scope: '@push'
-
name: Print config.json files
shell: bash
run: |
shopt -s globstar nullglob
for file in ~/.docker/**/config.json; do
echo "## ${file}"
jq '(.auths[]?.auth) |= "REDACTED"' "$file"
echo ""
done
scope-dockerhub-repo:
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os:
- ubuntu-latest
- windows-latest
steps:
-
name: Checkout
uses: actions/checkout@v6
-
name: Login to Docker Hub
uses: ./
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
scope: 'docker/buildx-bin@push'
-
name: Print config.json files
shell: bash
run: |
shopt -s globstar nullglob
for file in ~/.docker/**/config.json; do
echo "## ${file}"
jq '(.auths[]?.auth) |= "REDACTED"' "$file"
echo ""
done
scope-ghcr:
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os:
- ubuntu-latest
- windows-latest
steps:
-
name: Checkout
uses: actions/checkout@v6
-
name: Login to GitHub Container Registry
uses: ./
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
scope: '@push'
-
name: Print config.json files
shell: bash
run: |
shopt -s globstar nullglob
for file in ~/.docker/**/config.json; do
echo "## ${file}"
jq '(.auths[]?.auth) |= "REDACTED"' "$file"
echo ""
done
scope-ghcr-repo:
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os:
- ubuntu-latest
- windows-latest
steps:
-
name: Checkout
uses: actions/checkout@v6
-
name: Login to GitHub Container Registry
uses: ./
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
scope: 'docker/login-action@push'
-
name: Print config.json files
shell: bash
run: |
shopt -s globstar nullglob
for file in ~/.docker/**/config.json; do
echo "## ${file}"
jq '(.auths[]?.auth) |= "REDACTED"' "$file"
echo ""
done

8
.github/workflows/codeql.yml vendored
View File

@ -31,10 +31,10 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v6
uses: actions/checkout@v4
-
name: Initialize CodeQL
uses: github/codeql-action/init@v4
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
config: |
@ -42,9 +42,9 @@ jobs:
- src
-
name: Autobuild
uses: github/codeql-action/autobuild@v4
uses: github/codeql-action/autobuild@v3
-
name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v4
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{matrix.language}}"

17
.github/workflows/pr-assign-author.yml vendored
View File

@ -1,17 +0,0 @@
name: pr-assign-author
permissions:
contents: read
on:
pull_request_target:
types:
- opened
- reopened
jobs:
run:
uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@1b673f36fad86812f538c1df9794904038a23cbf
permissions:
contents: read
pull-requests: write

21
.github/workflows/publish.yml vendored
View File

@ -1,21 +0,0 @@
name: publish
on:
release:
types:
- published
jobs:
publish:
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
packages: write
steps:
-
name: Checkout
uses: actions/checkout@v6
-
name: Publish
uses: actions/publish-immutable-action@v0.0.4

9
.github/workflows/test.yml vendored
View File

@ -17,16 +17,15 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v6
uses: actions/checkout@v4
-
name: Test
uses: docker/bake-action@v6
uses: docker/bake-action@v4
with:
source: .
targets: test
-
name: Upload coverage
uses: codecov/codecov-action@v5
uses: codecov/codecov-action@v4
with:
files: ./coverage/clover.xml
file: ./coverage/clover.xml
token: ${{ secrets.CODECOV_TOKEN }}

49
.github/workflows/update-dist.yml vendored
View File

@ -1,49 +0,0 @@
name: update-dist
on:
pull_request:
types:
- opened
- synchronize
jobs:
update-dist:
if: github.actor == 'dependabot[bot]'
runs-on: ubuntu-latest
steps:
-
name: GitHub auth token from GitHub App
id: docker-read-app
uses: actions/create-github-app-token@v2
with:
app-id: ${{ secrets.GHACTIONS_REPO_WRITE_APP_ID }}
private-key: ${{ secrets.GHACTIONS_REPO_WRITE_APP_PRIVATE_KEY }}
owner: docker
-
name: Checkout
uses: actions/checkout@v6
with:
ref: ${{ github.event.pull_request.head.ref }}
fetch-depth: 0
token: ${{ steps.docker-read-app.outputs.token || github.token }}
-
name: Build
uses: docker/bake-action@v6
with:
source: .
targets: build
-
name: Commit and push dist
run: |
if [ -n "$(git status --porcelain -- dist)" ]; then
(
set -x
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git add dist
git commit -m "chore: update generated content"
git push
)
else
echo "No changes in dist"
fi

18
.github/workflows/validate.yml vendored
View File

@ -15,17 +15,16 @@ jobs:
prepare:
runs-on: ubuntu-latest
outputs:
targets: ${{ steps.generate.outputs.targets }}
targets: ${{ steps.targets.outputs.matrix }}
steps:
-
name: Checkout
uses: actions/checkout@v6
uses: actions/checkout@v4
-
name: List targets
id: generate
uses: docker/bake-action/subaction/list-targets@v6
with:
target: validate
name: Targets matrix
id: targets
run: |
echo "matrix=$(docker buildx bake validate --print | jq -cr '.group.validate.targets')" >> $GITHUB_OUTPUT
validate:
runs-on: ubuntu-latest
@ -36,8 +35,11 @@ jobs:
matrix:
target: ${{ fromJson(needs.prepare.outputs.targets) }}
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Validate
uses: docker/bake-action@v6
uses: docker/bake-action@v4
with:
targets: ${{ matrix.target }}

66
.gitignore vendored
View File

@ -1,5 +1,7 @@
# https://raw.githubusercontent.com/github/gitignore/main/Node.gitignore
node_modules/
lib
# Rest of the file pulled from https://github.com/github/gitignore/blob/master/Node.gitignore
# Logs
logs
*.log
@ -7,7 +9,6 @@ npm-debug.log*
yarn-debug.log*
yarn-error.log*
lerna-debug.log*
.pnpm-debug.log*
# Diagnostic reports (https://nodejs.org/api/report.html)
report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
@ -18,14 +19,34 @@ pids
*.seed
*.pid.lock
# Directory for instrumented libs generated by jscoverage/JSCover
lib-cov
# Coverage directory used by tools like istanbul
coverage
*.lcov
# nyc test coverage
.nyc_output
# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
.grunt
# Bower dependency directory (https://bower.io/)
bower_components
# node-waf configuration
.lock-wscript
# Compiled binary addons (https://nodejs.org/api/addons.html)
build/Release
# Dependency directories
node_modules/
jspm_packages/
# TypeScript v1 declaration files
typings/
# TypeScript cache
*.tsbuildinfo
@ -35,19 +56,36 @@ jspm_packages/
# Optional eslint cache
.eslintcache
# Optional REPL history
.node_repl_history
# Output of 'npm pack'
*.tgz
# Yarn Integrity file
.yarn-integrity
# dotenv environment variable files
# dotenv environment variables file
.env
.env.development.local
.env.test.local
.env.production.local
.env.local
.env.test
# yarn v2
.yarn/cache
.yarn/unplugged
.yarn/build-state.yml
.yarn/install-state.gz
.pnp.*
# parcel-bundler cache (https://parceljs.org/)
.cache
# next.js build output
.next
# nuxt.js build output
.nuxt
# vuepress build output
.vuepress/dist
# Serverless directories
.serverless/
# FuseBox cache
.fusebox/
# DynamoDB Local files
.dynamodb/

6
.prettierignore
View File

@ -1,6 +0,0 @@
# Dependency directories
node_modules/
jspm_packages/
# yarn v2
.yarn/

3
.prettierrc.json
View File

@ -6,5 +6,6 @@
"singleQuote": true,
"trailingComma": "none",
"bracketSpacing": false,
"arrowParens": "avoid"
"arrowParens": "avoid",
"parser": "typescript"
}

17
.yarnrc.yml
View File

@ -1,17 +0,0 @@
# https://yarnpkg.com/configuration/yarnrc
compressionLevel: mixed
enableGlobalCache: false
enableHardenedMode: true
logFilters:
- code: YN0013
level: discard
- code: YN0019
level: discard
- code: YN0076
level: discard
- code: YN0086
level: discard
nodeLinker: node-modules

239
README.md
View File

@ -23,12 +23,9 @@ ___
* [AWS Public Elastic Container Registry (ECR)](#aws-public-elastic-container-registry-ecr)
* [OCI Oracle Cloud Infrastructure Registry (OCIR)](#oci-oracle-cloud-infrastructure-registry-ocir)
* [Quay.io](#quayio)
* [DigitalOcean](#digitalocean-container-registry)
* [Authenticate to multiple registries](#authenticate-to-multiple-registries)
* [Set scopes for the authentication token](#set-scopes-for-the-authentication-token)
* [Customizing](#customizing)
* [inputs](#inputs)
* [Contributing](#contributing)
* [Keep up-to-date with GitHub Dependabot](#keep-up-to-date-with-github-dependabot)
## Usage
@ -51,9 +48,9 @@ jobs:
steps:
-
name: Login to Docker Hub
uses: docker/login-action@v4
uses: docker/login-action@v3
with:
username: ${{ vars.DOCKERHUB_USERNAME }}
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
```
@ -76,7 +73,7 @@ jobs:
steps:
-
name: Login to GitHub Container Registry
uses: docker/login-action@v4
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
@ -104,10 +101,10 @@ jobs:
steps:
-
name: Login to GitLab
uses: docker/login-action@v4
uses: docker/login-action@v3
with:
registry: registry.gitlab.com
username: ${{ vars.GITLAB_USERNAME }}
username: ${{ secrets.GITLAB_USERNAME }}
password: ${{ secrets.GITLAB_PASSWORD }}
```
@ -135,10 +132,10 @@ jobs:
steps:
-
name: Login to ACR
uses: docker/login-action@v4
uses: docker/login-action@v3
with:
registry: <registry-name>.azurecr.io
username: ${{ vars.AZURE_CLIENT_ID }}
username: ${{ secrets.AZURE_CLIENT_ID }}
password: ${{ secrets.AZURE_CLIENT_SECRET }}
```
@ -183,7 +180,7 @@ jobs:
service_account: <service_account>
-
name: Login to GCR
uses: docker/login-action@v4
uses: docker/login-action@v3
with:
registry: gcr.io
username: oauth2accesstoken
@ -201,7 +198,8 @@ jobs:
Use a service account with permission to push to GCR and [configure access control](https://cloud.google.com/container-registry/docs/access-control).
Download the key for the service account as a JSON file. Save the contents of
the file [as a secret](https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets#creating-encrypted-secrets-for-a-repository)
named `GCR_JSON_KEY` in your GitHub repository. Set the username to `_json_key`.
named `GCR_JSON_KEY` in your GitHub repository. Set the username to `_json_key`,
or `_json_key_base64` if you use a base64-encoded key.
```yaml
name: ci
@ -216,7 +214,7 @@ jobs:
steps:
-
name: Login to GCR
uses: docker/login-action@v4
uses: docker/login-action@v3
with:
registry: gcr.io
username: _json_key
@ -229,9 +227,10 @@ You can authenticate with workload identity federation or a service account.
#### Workload identity federation
Your service account must have permission to push to GAR. Use the
`google-github-actions/auth` action to authenticate using workload identity as
shown in the following example:
Download the key for the service account as a JSON file. Save the contents of
the file [as a secret](https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets#creating-encrypted-secrets-for-a-repository)
named `GCR_JSON_KEY` in your GitHub repository. Set the username to `_json_key`,
or `_json_key_base64` if you use a base64-encoded key.
```yaml
name: ci
@ -254,7 +253,7 @@ jobs:
service_account: <service_account>
-
name: Login to GAR
uses: docker/login-action@v4
uses: docker/login-action@v3
with:
registry: <location>-docker.pkg.dev
username: oauth2accesstoken
@ -275,7 +274,7 @@ jobs:
Use a service account with permission to push to GAR and [configure access control](https://cloud.google.com/artifact-registry/docs/access-control).
Download the key for the service account as a JSON file. Save the contents of
the file [as a secret](https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets#creating-encrypted-secrets-for-a-repository)
named `GAR_JSON_KEY` in your GitHub repository. Set the username to `_json_key`,
named `GCR_JSON_KEY` in your GitHub repository. Set the username to `_json_key`,
or `_json_key_base64` if you use a base64-encoded key.
```yaml
@ -291,7 +290,7 @@ jobs:
steps:
-
name: Login to GAR
uses: docker/login-action@v4
uses: docker/login-action@v3
with:
registry: <location>-docker.pkg.dev
username: _json_key
@ -303,7 +302,7 @@ jobs:
### AWS Elastic Container Registry (ECR)
Use an IAM user with the ability to [push to ECR with `AmazonEC2ContainerRegistryPowerUser` managed policy for example](https://docs.aws.amazon.com/AmazonECR/latest/userguide/security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonEC2ContainerRegistryPowerUser).
Use an IAM user with the ability to [push to ECR with `AmazonEC2ContainerRegistryPowerUser` managed policy for example](https://docs.aws.amazon.com/AmazonECR/latest/userguide/ecr_managed_policies.html#AmazonEC2ContainerRegistryPowerUser).
Download the access keys and save them as `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` [as secrets](https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets#creating-encrypted-secrets-for-a-repository)
in your GitHub repo.
@ -320,10 +319,10 @@ jobs:
steps:
-
name: Login to ECR
uses: docker/login-action@v4
uses: docker/login-action@v3
with:
registry: <aws-account-number>.dkr.ecr.<region>.amazonaws.com
username: ${{ vars.AWS_ACCESS_KEY_ID }}
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
```
@ -343,10 +342,10 @@ jobs:
steps:
-
name: Login to ECR
uses: docker/login-action@v4
uses: docker/login-action@v3
with:
registry: <aws-account-number>.dkr.ecr.<region>.amazonaws.com
username: ${{ vars.AWS_ACCESS_KEY_ID }}
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
env:
AWS_ACCOUNT_IDS: 012345678910,023456789012
@ -372,12 +371,12 @@ jobs:
name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ vars.AWS_ACCESS_KEY_ID }}
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: <region>
-
name: Login to ECR
uses: docker/login-action@v4
uses: docker/login-action@v3
with:
registry: <aws-account-number>.dkr.ecr.<region>.amazonaws.com
```
@ -404,10 +403,10 @@ jobs:
steps:
-
name: Login to Public ECR
uses: docker/login-action@v4
uses: docker/login-action@v3
with:
registry: public.ecr.aws
username: ${{ vars.AWS_ACCESS_KEY_ID }}
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
env:
AWS_REGION: <region>
@ -438,10 +437,10 @@ jobs:
steps:
-
name: Login to OCIR
uses: docker/login-action@v4
uses: docker/login-action@v3
with:
registry: <region>.ocir.io
username: ${{ vars.OCI_USERNAME }}
username: ${{ secrets.OCI_USERNAME }}
password: ${{ secrets.OCI_TOKEN }}
```
@ -465,173 +464,39 @@ jobs:
steps:
-
name: Login to Quay.io
uses: docker/login-action@v4
uses: docker/login-action@v3
with:
registry: quay.io
username: ${{ vars.QUAY_USERNAME }}
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_ROBOT_TOKEN }}
```
### DigitalOcean Container Registry
Use your DigitalOcean registered email address and an API access token to authenticate.
```yaml
name: ci
on:
push:
branches: main
jobs:
login:
runs-on: ubuntu-latest
steps:
-
name: Login to DigitalOcean Container Registry
uses: docker/login-action@v4
with:
registry: registry.digitalocean.com
username: ${{ vars.DIGITALOCEAN_USERNAME }}
password: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
```
### Authenticate to multiple registries
To authenticate against multiple registries, you can specify the login-action
step multiple times in your workflow:
```yaml
name: ci
on:
push:
branches: main
jobs:
login:
runs-on: ubuntu-latest
steps:
-
name: Login to Docker Hub
uses: docker/login-action@v4
with:
username: ${{ vars.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Login to GitHub Container Registry
uses: docker/login-action@v4
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
```
You can also use the `registry-auth` input for raw authentication to
registries, defined as YAML objects. Each object have the same attributes as
current inputs (except `logout`):
> [!WARNING]
> We don't recommend using this method, it's better to use the action multiple
> times as shown above.
```yaml
name: ci
on:
push:
branches: main
jobs:
login:
runs-on: ubuntu-latest
steps:
-
name: Login to registries
uses: docker/login-action@v4
with:
registry-auth: |
- username: ${{ vars.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
```
### Set scopes for the authentication token
The `scope` input allows limiting registry credentials to a specific repository
or namespace scope when building images with Buildx.
This is useful in GitHub Actions to avoid overriding the Docker Hub
authentication token embedded in GitHub-hosted runners, which is used for
pulling images without rate limits. By scoping credentials, you can
authenticate only where needed (typically for pushing), while keeping
unauthenticated pulls for base images.
When `scope` is set, credentials are written to the Buildx configuration
instead of the global Docker configuration. This means:
* Authentication applies only to the specified scope
* The default Docker Hub credentials remain available for pulls
* Credentials are used only by Buildx during the build
> [!IMPORTANT]
> Credentials written to the Buildx configuration are only accessible by Buildx.
> They are not available to `docker pull`, `docker push`, or any other Docker
> CLI commands outside Buildx.
> [!NOTE]
> This feature requires Buildx version 0.31.0 or later.
```yaml
name: ci
on:
push:
branches: main
jobs:
login:
runs-on: ubuntu-latest
steps:
-
name: Login to Docker Hub (scoped)
uses: docker/login-action@v4
with:
username: ${{ vars.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
scope: 'myorg/myimage@push'
-
name: Build and push
uses: docker/build-push-action@v6
with:
push: true
tags: myorg/myimage:latest
```
In this example, base images are pulled using the embedded GitHub-hosted runner
credentials, while authenticated access is used only to push `myorg/myimage`.
## Customizing
### inputs
The following inputs can be used as `step.with` keys:
| Name | Type | Default | Description |
|-----------------|--------|-------------|-------------------------------------------------------------------------------|
| `registry` | String | `docker.io` | Server address of Docker registry. If not set then will default to Docker Hub |
| `username` | String | | Username for authenticating to the Docker registry |
| `password` | String | | Password or personal access token for authenticating the Docker registry |
| `scope` | String | | Scope for the authentication token |
| `ecr` | String | `auto` | Specifies whether the given registry is ECR (`auto`, `true` or `false`) |
| `logout` | Bool | `true` | Log out from the Docker registry at the end of a job |
| `registry-auth` | YAML | | Raw authentication to registries, defined as YAML objects |
| Name | Type | Default | Description |
|------------|--------|---------|-------------------------------------------------------------------------------|
| `registry` | String | | Server address of Docker registry. If not set then will default to Docker Hub |
| `username` | String | | Username for authenticating to the Docker registry |
| `password` | String | | Password or personal access token for authenticating the Docker registry |
| `ecr` | String | `auto` | Specifies whether the given registry is ECR (`auto`, `true` or `false`) |
| `logout` | Bool | `true` | Log out from the Docker registry at the end of a job |
> [!NOTE]
> The `registry-auth` input cannot be used with other inputs except `logout`.
## Keep up-to-date with GitHub Dependabot
## Contributing
Since [Dependabot](https://docs.github.com/en/github/administering-a-repository/keeping-your-actions-up-to-date-with-github-dependabot)
has [native GitHub Actions support](https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates#package-ecosystem),
to enable it on your GitHub repo all you need to do is add the `.github/dependabot.yml` file:
Want to contribute? Awesome! You can find information about contributing to
this project in the [CONTRIBUTING.md](/.github/CONTRIBUTING.md)
```yaml
version: 2
updates:
# Maintain dependencies for GitHub Actions
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
```

42
__tests__/aws.test.ts
View File

@ -1,7 +1,7 @@
import {beforeEach, describe, expect, test, vi} from 'vitest';
import {beforeEach, describe, expect, jest, test} from '@jest/globals';
import {AuthorizationData} from '@aws-sdk/client-ecr';
import * as aws from '../src/aws.js';
import * as aws from '../src/aws';
describe('isECR', () => {
test.each([
@ -10,10 +10,7 @@ describe('isECR', () => {
['012345678901.dkr.ecr.eu-west-3.amazonaws.com', true],
['876820548815.dkr.ecr.cn-north-1.amazonaws.com.cn', true],
['390948362332.dkr.ecr.cn-northwest-1.amazonaws.com.cn', true],
['012345678901.dkr-ecr.eu-north-1.on.aws', true],
['012345678901.dkr.ecr.eusc-de-east-1.amazonaws.eu', true],
['public.ecr.aws', true],
['ecr-public.aws.com', true]
['public.ecr.aws', true]
])('given registry %p', async (registry, expected) => {
expect(aws.isECR(registry)).toEqual(expected);
});
@ -26,10 +23,7 @@ describe('isPubECR', () => {
['012345678901.dkr.ecr.eu-west-3.amazonaws.com', false],
['876820548815.dkr.ecr.cn-north-1.amazonaws.com.cn', false],
['390948362332.dkr.ecr.cn-northwest-1.amazonaws.com.cn', false],
['012345678901.dkr-ecr.eu-north-1.on.aws', false],
['012345678901.dkr.ecr.eusc-de-east-1.amazonaws.eu', false],
['public.ecr.aws', true],
['ecr-public.aws.com', true]
['public.ecr.aws', true]
])('given registry %p', async (registry, expected) => {
expect(aws.isPubECR(registry)).toEqual(expected);
});
@ -40,8 +34,6 @@ describe('getRegion', () => {
['012345678901.dkr.ecr.eu-west-3.amazonaws.com', 'eu-west-3'],
['876820548815.dkr.ecr.cn-north-1.amazonaws.com.cn', 'cn-north-1'],
['390948362332.dkr.ecr.cn-northwest-1.amazonaws.com.cn', 'cn-northwest-1'],
['012345678901.dkr-ecr.eu-north-1.on.aws', 'eu-north-1'],
['012345678901.dkr.ecr.eusc-de-east-1.amazonaws.eu', 'eusc-de-east-1'],
['public.ecr.aws', 'us-east-1']
])('given registry %p', async (registry, expected) => {
expect(aws.getRegion(registry)).toEqual(expected);
@ -54,8 +46,6 @@ describe('getAccountIDs', () => {
['012345678901.dkr.ecr.eu-west-3.amazonaws.com', '012345678910,023456789012', ['012345678901', '012345678910', '023456789012']],
['012345678901.dkr.ecr.eu-west-3.amazonaws.com', '012345678901,012345678910,023456789012', ['012345678901', '012345678910', '023456789012']],
['390948362332.dkr.ecr.cn-northwest-1.amazonaws.com.cn', '012345678910,023456789012', ['390948362332', '012345678910', '023456789012']],
['876820548815.dkr-ecr.eu-north-1.on.aws', '012345678910,023456789012', ['876820548815', '012345678910', '023456789012']],
['012345678901.dkr.ecr.eusc-de-east-1.amazonaws.eu', '012345678910,023456789012', ['012345678901', '012345678910', '023456789012']],
['public.ecr.aws', undefined, []]
])('given registry %p', async (registry, accountIDsEnv, expected) => {
if (accountIDsEnv) {
@ -65,28 +55,26 @@ describe('getAccountIDs', () => {
});
});
const mockEcrGetAuthToken = vi.fn();
const mockEcrPublicGetAuthToken = vi.fn();
vi.mock('@aws-sdk/client-ecr', () => {
class ECR {
getAuthorizationToken = mockEcrGetAuthToken;
}
const mockEcrGetAuthToken = jest.fn();
const mockEcrPublicGetAuthToken = jest.fn();
jest.mock('@aws-sdk/client-ecr', () => {
return {
ECR
ECR: jest.fn(() => ({
getAuthorizationToken: mockEcrGetAuthToken
}))
};
});
vi.mock('@aws-sdk/client-ecr-public', () => {
class ECRPUBLIC {
getAuthorizationToken = mockEcrPublicGetAuthToken;
}
jest.mock('@aws-sdk/client-ecr-public', () => {
return {
ECRPUBLIC
ECRPUBLIC: jest.fn(() => ({
getAuthorizationToken: mockEcrPublicGetAuthToken
}))
};
});
describe('getRegistriesData', () => {
beforeEach(() => {
vi.clearAllMocks();
jest.clearAllMocks();
delete process.env.AWS_ACCOUNT_IDS;
});
// prettier-ignore

4
__tests__/context.test.ts
View File

@ -1,6 +1,6 @@
import {expect, test} from 'vitest';
import {expect, test} from '@jest/globals';
import {getInputs} from '../src/context.js';
import {getInputs} from '../src/context';
test('with password and username getInputs does not throw error', async () => {
process.env['INPUT_USERNAME'] = 'dbowie';

29
__tests__/docker.test.ts
View File

@ -1,16 +1,15 @@
import {expect, test, vi} from 'vitest';
import {expect, jest, test} from '@jest/globals';
import * as path from 'path';
import {Docker} from '@docker/actions-toolkit/lib/docker/docker.js';
import {loginStandard, logout} from '../src/docker.js';
import {loginStandard, logout} from '../src/docker';
import {Exec} from '@docker/actions-toolkit/lib/exec';
process.env['RUNNER_TEMP'] = path.join(__dirname, 'runner');
test('loginStandard calls exec', async () => {
// eslint-disable-next-line @typescript-eslint/ban-ts-comment
// @ts-ignore
const execSpy = vi.spyOn(Docker, 'getExecOutput').mockImplementation(async () => {
const execSpy = jest.spyOn(Exec, 'getExecOutput').mockImplementation(async () => {
return {
exitCode: expect.any(Number),
stdout: expect.any(Function),
@ -24,13 +23,7 @@ test('loginStandard calls exec', async () => {
await loginStandard(registry, username, password);
expect(execSpy).toHaveBeenCalledTimes(1);
const callfunc = execSpy.mock.calls[0];
if (callfunc && callfunc[1]) {
// we don't want to check env opt
callfunc[1].env = undefined;
}
expect(execSpy).toHaveBeenCalledWith(['login', '--password-stdin', '--username', username, registry], {
expect(execSpy).toHaveBeenCalledWith(`docker`, ['login', '--password-stdin', '--username', username, registry], {
input: Buffer.from(password),
silent: true,
ignoreReturnCode: true
@ -40,7 +33,7 @@ test('loginStandard calls exec', async () => {
test('logout calls exec', async () => {
// eslint-disable-next-line @typescript-eslint/ban-ts-comment
// @ts-ignore
const execSpy = vi.spyOn(Docker, 'getExecOutput').mockImplementation(async () => {
const execSpy = jest.spyOn(Exec, 'getExecOutput').mockImplementation(async () => {
return {
exitCode: expect.any(Number),
stdout: expect.any(Function),
@ -50,15 +43,9 @@ test('logout calls exec', async () => {
const registry = 'https://ghcr.io';
await logout(registry, '');
await logout(registry);
expect(execSpy).toHaveBeenCalledTimes(1);
const callfunc = execSpy.mock.calls[0];
if (callfunc && callfunc[1]) {
// we don't want to check env opt
callfunc[1].env = undefined;
}
expect(execSpy).toHaveBeenCalledWith(['logout', registry], {
expect(execSpy).toHaveBeenCalledWith(`docker`, ['logout', registry], {
ignoreReturnCode: true
});
});

12
__tests__/setup.unit.ts
View File

@ -1,12 +0,0 @@
import fs from 'node:fs';
import os from 'node:os';
import path from 'node:path';
const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'docker-login-action-'));
process.env = Object.assign({}, process.env, {
TEMP: tmpDir,
GITHUB_REPOSITORY: 'docker/login-action',
RUNNER_TEMP: path.join(tmpDir, 'runner-temp'),
RUNNER_TOOL_CACHE: path.join(tmpDir, 'runner-tool-cache')
});

9
action.yml
View File

@ -18,19 +18,14 @@ inputs:
required: false
ecr:
description: 'Specifies whether the given registry is ECR (auto, true or false)'
required: false
scope:
description: 'Scope for the authentication token'
default: 'auto'
required: false
logout:
description: 'Log out from the Docker registry at the end of a job'
default: 'true'
required: false
registry-auth:
description: 'Raw authentication to registries, defined as YAML objects'
required: false
runs:
using: 'node24'
using: 'node20'
main: 'dist/index.js'
post: 'dist/index.js'

40
dev.Dockerfile
View File

@ -1,21 +1,13 @@
# syntax=docker/dockerfile:1
ARG NODE_VERSION=24
ARG NODE_VERSION=20
FROM node:${NODE_VERSION}-alpine AS base
RUN apk add --no-cache cpio findutils git rsync
RUN apk add --no-cache cpio findutils git
WORKDIR /src
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache <<EOT
set -e
corepack enable
yarn --version
yarn config set --home enableTelemetry 0
EOT
FROM base AS deps
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache \
--mount=type=cache,target=/src/node_modules \
yarn install && mkdir /vendor && cp yarn.lock /vendor
@ -28,34 +20,24 @@ RUN --mount=type=bind,target=.,rw <<EOT
git add -A
cp -rf /vendor/* .
if [ -n "$(git status --porcelain -- yarn.lock)" ]; then
echo >&2 'ERROR: Vendor result differs. Please vendor your package with "docker buildx bake vendor"'
echo >&2 'ERROR: Vendor result differs. Please vendor your package with "docker buildx bake vendor-update"'
git status --porcelain -- yarn.lock
exit 1
fi
EOT
FROM deps AS build
RUN --mount=target=/context \
--mount=type=cache,target=/src/.yarn/cache \
--mount=type=cache,target=/src/node_modules <<EOT
set -e
rsync -a /context/. .
rm -rf dist
yarn run build
mkdir /out
cp -r dist /out
EOT
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/node_modules \
yarn run build && mkdir /out && cp -Rf dist /out/
FROM scratch AS build-update
COPY --from=build /out /
FROM build AS build-validate
RUN --mount=target=/context \
--mount=target=.,type=tmpfs <<EOT
RUN --mount=type=bind,target=.,rw <<EOT
set -e
rsync -a /context/. .
git add -A
rm -rf dist
cp -rf /out/* .
if [ -n "$(git status --porcelain -- dist)" ]; then
echo >&2 'ERROR: Build result differs. Please build first with "docker buildx bake build"'
@ -66,16 +48,15 @@ EOT
FROM deps AS format
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache \
--mount=type=cache,target=/src/node_modules \
yarn run format && mkdir /out && find . -name '*.ts' -not -path './node_modules/*' -not -path './.yarn/*' | cpio -pdm /out
yarn run format \
&& mkdir /out && find . -name '*.ts' -not -path './node_modules/*' | cpio -pdm /out
FROM scratch AS format-update
COPY --from=format /out /
FROM deps AS lint
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache \
--mount=type=cache,target=/src/node_modules \
yarn run lint
@ -83,9 +64,8 @@ FROM deps AS test
ENV RUNNER_TEMP=/tmp/github_runner
ENV RUNNER_TOOL_CACHE=/tmp/github_tool_cache
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache \
--mount=type=cache,target=/src/node_modules \
yarn run test --coverage --coverage.reportsDirectory=/tmp/coverage
yarn run test --coverage --coverageDirectory=/tmp/coverage
FROM scratch AS test-coverage
COPY --from=test /tmp/coverage /

1080
dist/136.index.js generated vendored
View File

File diff suppressed because it is too large Load Diff

1
dist/136.index.js.map generated vendored
View File

File diff suppressed because one or more lines are too long

93
dist/360.index.js generated vendored
View File

@ -1,93 +0,0 @@
export const id = 360;
export const ids = [360];
export const modules = {
/***/ 5360:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
var sharedIniFileLoader = __webpack_require__(4964);
var propertyProvider = __webpack_require__(8857);
var node_child_process = __webpack_require__(1421);
var node_util = __webpack_require__(7975);
var client = __webpack_require__(5152);
const getValidatedProcessCredentials = (profileName, data, profiles) => {
if (data.Version !== 1) {
throw Error(`Profile ${profileName} credential_process did not return Version 1.`);
}
if (data.AccessKeyId === undefined || data.SecretAccessKey === undefined) {
throw Error(`Profile ${profileName} credential_process returned invalid credentials.`);
}
if (data.Expiration) {
const currentTime = new Date();
const expireTime = new Date(data.Expiration);
if (expireTime < currentTime) {
throw Error(`Profile ${profileName} credential_process returned expired credentials.`);
}
}
let accountId = data.AccountId;
if (!accountId && profiles?.[profileName]?.aws_account_id) {
accountId = profiles[profileName].aws_account_id;
}
const credentials = {
accessKeyId: data.AccessKeyId,
secretAccessKey: data.SecretAccessKey,
...(data.SessionToken && { sessionToken: data.SessionToken }),
...(data.Expiration && { expiration: new Date(data.Expiration) }),
...(data.CredentialScope && { credentialScope: data.CredentialScope }),
...(accountId && { accountId }),
};
client.setCredentialFeature(credentials, "CREDENTIALS_PROCESS", "w");
return credentials;
};
const resolveProcessCredentials = async (profileName, profiles, logger) => {
const profile = profiles[profileName];
if (profiles[profileName]) {
const credentialProcess = profile["credential_process"];
if (credentialProcess !== undefined) {
const execPromise = node_util.promisify(sharedIniFileLoader.externalDataInterceptor?.getTokenRecord?.().exec ?? node_child_process.exec);
try {
const { stdout } = await execPromise(credentialProcess);
let data;
try {
data = JSON.parse(stdout.trim());
}
catch {
throw Error(`Profile ${profileName} credential_process returned invalid JSON.`);
}
return getValidatedProcessCredentials(profileName, data, profiles);
}
catch (error) {
throw new propertyProvider.CredentialsProviderError(error.message, { logger });
}
}
else {
throw new propertyProvider.CredentialsProviderError(`Profile ${profileName} did not contain credential_process.`, { logger });
}
}
else {
throw new propertyProvider.CredentialsProviderError(`Profile ${profileName} could not be found in shared credentials file.`, {
logger,
});
}
};
const fromProcess = (init = {}) => async ({ callerClientConfig } = {}) => {
init.logger?.debug("@aws-sdk/credential-provider-process - fromProcess");
const profiles = await sharedIniFileLoader.parseKnownFiles(init);
return resolveProcessCredentials(sharedIniFileLoader.getProfileName({
profile: init.profile ?? callerClientConfig?.profile,
}), profiles, init.logger);
};
exports.fromProcess = fromProcess;
/***/ })
};
//# sourceMappingURL=360.index.js.map

1
dist/360.index.js.map generated vendored
View File

@ -1 +0,0 @@
{"version":3,"file":"360.index.js","mappings":";;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA","sources":[".././node_modules/@aws-sdk/credential-provider-process/dist-cjs/index.js"],"sourcesContent":["'use strict';\n\nvar sharedIniFileLoader = require('@smithy/shared-ini-file-loader');\nvar propertyProvider = require('@smithy/property-provider');\nvar node_child_process = require('node:child_process');\nvar node_util = require('node:util');\nvar client = require('@aws-sdk/core/client');\n\nconst getValidatedProcessCredentials = (profileName, data, profiles) => {\n if (data.Version !== 1) {\n throw Error(`Profile ${profileName} credential_process did not return Version 1.`);\n }\n if (data.AccessKeyId === undefined || data.SecretAccessKey === undefined) {\n throw Error(`Profile ${profileName} credential_process returned invalid credentials.`);\n }\n if (data.Expiration) {\n const currentTime = new Date();\n const expireTime = new Date(data.Expiration);\n if (expireTime < currentTime) {\n throw Error(`Profile ${profileName} credential_process returned expired credentials.`);\n }\n }\n let accountId = data.AccountId;\n if (!accountId && profiles?.[profileName]?.aws_account_id) {\n accountId = profiles[profileName].aws_account_id;\n }\n const credentials = {\n accessKeyId: data.AccessKeyId,\n secretAccessKey: data.SecretAccessKey,\n ...(data.SessionToken && { sessionToken: data.SessionToken }),\n ...(data.Expiration && { expiration: new Date(data.Expiration) }),\n ...(data.CredentialScope && { credentialScope: data.CredentialScope }),\n ...(accountId && { accountId }),\n };\n client.setCredentialFeature(credentials, \"CREDENTIALS_PROCESS\", \"w\");\n return credentials;\n};\n\nconst resolveProcessCredentials = async (profileName, profiles, logger) => {\n const profile = profiles[profileName];\n if (profiles[profileName]) {\n const credentialProcess = profile[\"credential_process\"];\n if (credentialProcess !== undefined) {\n const execPromise = node_util.promisify(sharedIniFileLoader.externalDataInterceptor?.getTokenRecord?.().exec ?? node_child_process.exec);\n try {\n const { stdout } = await execPromise(credentialProcess);\n let data;\n try {\n data = JSON.parse(stdout.trim());\n }\n catch {\n throw Error(`Profile ${profileName} credential_process returned invalid JSON.`);\n }\n return getValidatedProcessCredentials(profileName, data, profiles);\n }\n catch (error) {\n throw new propertyProvider.CredentialsProviderError(error.message, { logger });\n }\n }\n else {\n throw new propertyProvider.CredentialsProviderError(`Profile ${profileName} did not contain credential_process.`, { logger });\n }\n }\n else {\n throw new propertyProvider.CredentialsProviderError(`Profile ${profileName} could not be found in shared credentials file.`, {\n logger,\n });\n }\n};\n\nconst fromProcess = (init = {}) => async ({ callerClientConfig } = {}) => {\n init.logger?.debug(\"@aws-sdk/credential-provider-process - fromProcess\");\n const profiles = await sharedIniFileLoader.parseKnownFiles(init);\n return resolveProcessCredentials(sharedIniFileLoader.getProfileName({\n profile: init.profile ?? callerClientConfig?.profile,\n }), profiles, init.logger);\n};\n\nexports.fromProcess = fromProcess;\n"],"names":[],"sourceRoot":""}

871
dist/443.index.js generated vendored
View File

@ -1,871 +0,0 @@
export const id = 443;
export const ids = [443];
export const modules = {
/***/ 8396:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.resolveHttpAuthSchemeConfig = exports.defaultSSOOIDCHttpAuthSchemeProvider = exports.defaultSSOOIDCHttpAuthSchemeParametersProvider = void 0;
const core_1 = __webpack_require__(8704);
const util_middleware_1 = __webpack_require__(6324);
const defaultSSOOIDCHttpAuthSchemeParametersProvider = async (config, context, input) => {
return {
operation: (0, util_middleware_1.getSmithyContext)(context).operation,
region: (await (0, util_middleware_1.normalizeProvider)(config.region)()) ||
(() => {
throw new Error("expected `region` to be configured for `aws.auth#sigv4`");
})(),
};
};
exports.defaultSSOOIDCHttpAuthSchemeParametersProvider = defaultSSOOIDCHttpAuthSchemeParametersProvider;
function createAwsAuthSigv4HttpAuthOption(authParameters) {
return {
schemeId: "aws.auth#sigv4",
signingProperties: {
name: "sso-oauth",
region: authParameters.region,
},
propertiesExtractor: (config, context) => ({
signingProperties: {
config,
context,
},
}),
};
}
function createSmithyApiNoAuthHttpAuthOption(authParameters) {
return {
schemeId: "smithy.api#noAuth",
};
}
const defaultSSOOIDCHttpAuthSchemeProvider = (authParameters) => {
const options = [];
switch (authParameters.operation) {
case "CreateToken": {
options.push(createSmithyApiNoAuthHttpAuthOption(authParameters));
break;
}
default: {
options.push(createAwsAuthSigv4HttpAuthOption(authParameters));
}
}
return options;
};
exports.defaultSSOOIDCHttpAuthSchemeProvider = defaultSSOOIDCHttpAuthSchemeProvider;
const resolveHttpAuthSchemeConfig = (config) => {
const config_0 = (0, core_1.resolveAwsSdkSigV4Config)(config);
return Object.assign(config_0, {
authSchemePreference: (0, util_middleware_1.normalizeProvider)(config.authSchemePreference ?? []),
});
};
exports.resolveHttpAuthSchemeConfig = resolveHttpAuthSchemeConfig;
/***/ }),
/***/ 546:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.defaultEndpointResolver = void 0;
const util_endpoints_1 = __webpack_require__(3068);
const util_endpoints_2 = __webpack_require__(9674);
const ruleset_1 = __webpack_require__(9947);
const cache = new util_endpoints_2.EndpointCache({
size: 50,
params: ["Endpoint", "Region", "UseDualStack", "UseFIPS"],
});
const defaultEndpointResolver = (endpointParams, context = {}) => {
return cache.get(endpointParams, () => (0, util_endpoints_2.resolveEndpoint)(ruleset_1.ruleSet, {
endpointParams: endpointParams,
logger: context.logger,
}));
};
exports.defaultEndpointResolver = defaultEndpointResolver;
util_endpoints_2.customEndpointFunctions.aws = util_endpoints_1.awsEndpointFunctions;
/***/ }),
/***/ 9947:
/***/ ((__unused_webpack_module, exports) => {
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.ruleSet = void 0;
const u = "required", v = "fn", w = "argv", x = "ref";
const a = true, b = "isSet", c = "booleanEquals", d = "error", e = "endpoint", f = "tree", g = "PartitionResult", h = "getAttr", i = { [u]: false, type: "string" }, j = { [u]: true, default: false, type: "boolean" }, k = { [x]: "Endpoint" }, l = { [v]: c, [w]: [{ [x]: "UseFIPS" }, true] }, m = { [v]: c, [w]: [{ [x]: "UseDualStack" }, true] }, n = {}, o = { [v]: h, [w]: [{ [x]: g }, "supportsFIPS"] }, p = { [x]: g }, q = { [v]: c, [w]: [true, { [v]: h, [w]: [p, "supportsDualStack"] }] }, r = [l], s = [m], t = [{ [x]: "Region" }];
const _data = {
version: "1.0",
parameters: { Region: i, UseDualStack: j, UseFIPS: j, Endpoint: i },
rules: [
{
conditions: [{ [v]: b, [w]: [k] }],
rules: [
{ conditions: r, error: "Invalid Configuration: FIPS and custom endpoint are not supported", type: d },
{ conditions: s, error: "Invalid Configuration: Dualstack and custom endpoint are not supported", type: d },
{ endpoint: { url: k, properties: n, headers: n }, type: e },
],
type: f,
},
{
conditions: [{ [v]: b, [w]: t }],
rules: [
{
conditions: [{ [v]: "aws.partition", [w]: t, assign: g }],
rules: [
{
conditions: [l, m],
rules: [
{
conditions: [{ [v]: c, [w]: [a, o] }, q],
rules: [
{
endpoint: {
url: "https://oidc-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",
properties: n,
headers: n,
},
type: e,
},
],
type: f,
},
{ error: "FIPS and DualStack are enabled, but this partition does not support one or both", type: d },
],
type: f,
},
{
conditions: r,
rules: [
{
conditions: [{ [v]: c, [w]: [o, a] }],
rules: [
{
conditions: [{ [v]: "stringEquals", [w]: [{ [v]: h, [w]: [p, "name"] }, "aws-us-gov"] }],
endpoint: { url: "https://oidc.{Region}.amazonaws.com", properties: n, headers: n },
type: e,
},
{
endpoint: {
url: "https://oidc-fips.{Region}.{PartitionResult#dnsSuffix}",
properties: n,
headers: n,
},
type: e,
},
],
type: f,
},
{ error: "FIPS is enabled but this partition does not support FIPS", type: d },
],
type: f,
},
{
conditions: s,
rules: [
{
conditions: [q],
rules: [
{
endpoint: {
url: "https://oidc.{Region}.{PartitionResult#dualStackDnsSuffix}",
properties: n,
headers: n,
},
type: e,
},
],
type: f,
},
{ error: "DualStack is enabled but this partition does not support DualStack", type: d },
],
type: f,
},
{
endpoint: { url: "https://oidc.{Region}.{PartitionResult#dnsSuffix}", properties: n, headers: n },
type: e,
},
],
type: f,
},
],
type: f,
},
{ error: "Invalid Configuration: Missing Region", type: d },
],
};
exports.ruleSet = _data;
/***/ }),
/***/ 9443:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
var middlewareHostHeader = __webpack_require__(2590);
var middlewareLogger = __webpack_require__(5242);
var middlewareRecursionDetection = __webpack_require__(1568);
var middlewareUserAgent = __webpack_require__(2959);
var configResolver = __webpack_require__(9316);
var core = __webpack_require__(402);
var schema = __webpack_require__(6890);
var middlewareContentLength = __webpack_require__(7212);
var middlewareEndpoint = __webpack_require__(99);
var middlewareRetry = __webpack_require__(9618);
var smithyClient = __webpack_require__(1411);
var httpAuthSchemeProvider = __webpack_require__(8396);
var runtimeConfig = __webpack_require__(6901);
var regionConfigResolver = __webpack_require__(6463);
var protocolHttp = __webpack_require__(2356);
var schemas_0 = __webpack_require__(7143);
var errors = __webpack_require__(5843);
var SSOOIDCServiceException = __webpack_require__(3952);
const resolveClientEndpointParameters = (options) => {
return Object.assign(options, {
useDualstackEndpoint: options.useDualstackEndpoint ?? false,
useFipsEndpoint: options.useFipsEndpoint ?? false,
defaultSigningName: "sso-oauth",
});
};
const commonParams = {
UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" },
Endpoint: { type: "builtInParams", name: "endpoint" },
Region: { type: "builtInParams", name: "region" },
UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" },
};
const getHttpAuthExtensionConfiguration = (runtimeConfig) => {
const _httpAuthSchemes = runtimeConfig.httpAuthSchemes;
let _httpAuthSchemeProvider = runtimeConfig.httpAuthSchemeProvider;
let _credentials = runtimeConfig.credentials;
return {
setHttpAuthScheme(httpAuthScheme) {
const index = _httpAuthSchemes.findIndex((scheme) => scheme.schemeId === httpAuthScheme.schemeId);
if (index === -1) {
_httpAuthSchemes.push(httpAuthScheme);
}
else {
_httpAuthSchemes.splice(index, 1, httpAuthScheme);
}
},
httpAuthSchemes() {
return _httpAuthSchemes;
},
setHttpAuthSchemeProvider(httpAuthSchemeProvider) {
_httpAuthSchemeProvider = httpAuthSchemeProvider;
},
httpAuthSchemeProvider() {
return _httpAuthSchemeProvider;
},
setCredentials(credentials) {
_credentials = credentials;
},
credentials() {
return _credentials;
},
};
};
const resolveHttpAuthRuntimeConfig = (config) => {
return {
httpAuthSchemes: config.httpAuthSchemes(),
httpAuthSchemeProvider: config.httpAuthSchemeProvider(),
credentials: config.credentials(),
};
};
const resolveRuntimeExtensions = (runtimeConfig, extensions) => {
const extensionConfiguration = Object.assign(regionConfigResolver.getAwsRegionExtensionConfiguration(runtimeConfig), smithyClient.getDefaultExtensionConfiguration(runtimeConfig), protocolHttp.getHttpHandlerExtensionConfiguration(runtimeConfig), getHttpAuthExtensionConfiguration(runtimeConfig));
extensions.forEach((extension) => extension.configure(extensionConfiguration));
return Object.assign(runtimeConfig, regionConfigResolver.resolveAwsRegionExtensionConfiguration(extensionConfiguration), smithyClient.resolveDefaultRuntimeConfig(extensionConfiguration), protocolHttp.resolveHttpHandlerRuntimeConfig(extensionConfiguration), resolveHttpAuthRuntimeConfig(extensionConfiguration));
};
class SSOOIDCClient extends smithyClient.Client {
config;
constructor(...[configuration]) {
const _config_0 = runtimeConfig.getRuntimeConfig(configuration || {});
super(_config_0);
this.initConfig = _config_0;
const _config_1 = resolveClientEndpointParameters(_config_0);
const _config_2 = middlewareUserAgent.resolveUserAgentConfig(_config_1);
const _config_3 = middlewareRetry.resolveRetryConfig(_config_2);
const _config_4 = configResolver.resolveRegionConfig(_config_3);
const _config_5 = middlewareHostHeader.resolveHostHeaderConfig(_config_4);
const _config_6 = middlewareEndpoint.resolveEndpointConfig(_config_5);
const _config_7 = httpAuthSchemeProvider.resolveHttpAuthSchemeConfig(_config_6);
const _config_8 = resolveRuntimeExtensions(_config_7, configuration?.extensions || []);
this.config = _config_8;
this.middlewareStack.use(schema.getSchemaSerdePlugin(this.config));
this.middlewareStack.use(middlewareUserAgent.getUserAgentPlugin(this.config));
this.middlewareStack.use(middlewareRetry.getRetryPlugin(this.config));
this.middlewareStack.use(middlewareContentLength.getContentLengthPlugin(this.config));
this.middlewareStack.use(middlewareHostHeader.getHostHeaderPlugin(this.config));
this.middlewareStack.use(middlewareLogger.getLoggerPlugin(this.config));
this.middlewareStack.use(middlewareRecursionDetection.getRecursionDetectionPlugin(this.config));
this.middlewareStack.use(core.getHttpAuthSchemeEndpointRuleSetPlugin(this.config, {
httpAuthSchemeParametersProvider: httpAuthSchemeProvider.defaultSSOOIDCHttpAuthSchemeParametersProvider,
identityProviderConfigProvider: async (config) => new core.DefaultIdentityProviderConfig({
"aws.auth#sigv4": config.credentials,
}),
}));
this.middlewareStack.use(core.getHttpSigningPlugin(this.config));
}
destroy() {
super.destroy();
}
}
class CreateTokenCommand extends smithyClient.Command
.classBuilder()
.ep(commonParams)
.m(function (Command, cs, config, o) {
return [middlewareEndpoint.getEndpointPlugin(config, Command.getEndpointParameterInstructions())];
})
.s("AWSSSOOIDCService", "CreateToken", {})
.n("SSOOIDCClient", "CreateTokenCommand")
.sc(schemas_0.CreateToken$)
.build() {
}
const commands = {
CreateTokenCommand,
};
class SSOOIDC extends SSOOIDCClient {
}
smithyClient.createAggregatedClient(commands, SSOOIDC);
const AccessDeniedExceptionReason = {
KMS_ACCESS_DENIED: "KMS_AccessDeniedException",
};
const InvalidRequestExceptionReason = {
KMS_DISABLED_KEY: "KMS_DisabledException",
KMS_INVALID_KEY_USAGE: "KMS_InvalidKeyUsageException",
KMS_INVALID_STATE: "KMS_InvalidStateException",
KMS_KEY_NOT_FOUND: "KMS_NotFoundException",
};
exports.$Command = smithyClient.Command;
exports.__Client = smithyClient.Client;
exports.SSOOIDCServiceException = SSOOIDCServiceException.SSOOIDCServiceException;
exports.AccessDeniedExceptionReason = AccessDeniedExceptionReason;
exports.CreateTokenCommand = CreateTokenCommand;
exports.InvalidRequestExceptionReason = InvalidRequestExceptionReason;
exports.SSOOIDC = SSOOIDC;
exports.SSOOIDCClient = SSOOIDCClient;
Object.prototype.hasOwnProperty.call(schemas_0, '__proto__') &&
!Object.prototype.hasOwnProperty.call(exports, '__proto__') &&
Object.defineProperty(exports, '__proto__', {
enumerable: true,
value: schemas_0['__proto__']
});
Object.keys(schemas_0).forEach(function (k) {
if (k !== 'default' && !Object.prototype.hasOwnProperty.call(exports, k)) exports[k] = schemas_0[k];
});
Object.prototype.hasOwnProperty.call(errors, '__proto__') &&
!Object.prototype.hasOwnProperty.call(exports, '__proto__') &&
Object.defineProperty(exports, '__proto__', {
enumerable: true,
value: errors['__proto__']
});
Object.keys(errors).forEach(function (k) {
if (k !== 'default' && !Object.prototype.hasOwnProperty.call(exports, k)) exports[k] = errors[k];
});
/***/ }),
/***/ 3952:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.SSOOIDCServiceException = exports.__ServiceException = void 0;
const smithy_client_1 = __webpack_require__(1411);
Object.defineProperty(exports, "__ServiceException", ({ enumerable: true, get: function () { return smithy_client_1.ServiceException; } }));
class SSOOIDCServiceException extends smithy_client_1.ServiceException {
constructor(options) {
super(options);
Object.setPrototypeOf(this, SSOOIDCServiceException.prototype);
}
}
exports.SSOOIDCServiceException = SSOOIDCServiceException;
/***/ }),
/***/ 5843:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.UnsupportedGrantTypeException = exports.UnauthorizedClientException = exports.SlowDownException = exports.InvalidScopeException = exports.InvalidRequestException = exports.InvalidGrantException = exports.InvalidClientException = exports.InternalServerException = exports.ExpiredTokenException = exports.AuthorizationPendingException = exports.AccessDeniedException = void 0;
const SSOOIDCServiceException_1 = __webpack_require__(3952);
class AccessDeniedException extends SSOOIDCServiceException_1.SSOOIDCServiceException {
name = "AccessDeniedException";
$fault = "client";
error;
reason;
error_description;
constructor(opts) {
super({
name: "AccessDeniedException",
$fault: "client",
...opts,
});
Object.setPrototypeOf(this, AccessDeniedException.prototype);
this.error = opts.error;
this.reason = opts.reason;
this.error_description = opts.error_description;
}
}
exports.AccessDeniedException = AccessDeniedException;
class AuthorizationPendingException extends SSOOIDCServiceException_1.SSOOIDCServiceException {
name = "AuthorizationPendingException";
$fault = "client";
error;
error_description;
constructor(opts) {
super({
name: "AuthorizationPendingException",
$fault: "client",
...opts,
});
Object.setPrototypeOf(this, AuthorizationPendingException.prototype);
this.error = opts.error;
this.error_description = opts.error_description;
}
}
exports.AuthorizationPendingException = AuthorizationPendingException;
class ExpiredTokenException extends SSOOIDCServiceException_1.SSOOIDCServiceException {
name = "ExpiredTokenException";
$fault = "client";
error;
error_description;
constructor(opts) {
super({
name: "ExpiredTokenException",
$fault: "client",
...opts,
});
Object.setPrototypeOf(this, ExpiredTokenException.prototype);
this.error = opts.error;
this.error_description = opts.error_description;
}
}
exports.ExpiredTokenException = ExpiredTokenException;
class InternalServerException extends SSOOIDCServiceException_1.SSOOIDCServiceException {
name = "InternalServerException";
$fault = "server";
error;
error_description;
constructor(opts) {
super({
name: "InternalServerException",
$fault: "server",
...opts,
});
Object.setPrototypeOf(this, InternalServerException.prototype);
this.error = opts.error;
this.error_description = opts.error_description;
}
}
exports.InternalServerException = InternalServerException;
class InvalidClientException extends SSOOIDCServiceException_1.SSOOIDCServiceException {
name = "InvalidClientException";
$fault = "client";
error;
error_description;
constructor(opts) {
super({
name: "InvalidClientException",
$fault: "client",
...opts,
});
Object.setPrototypeOf(this, InvalidClientException.prototype);
this.error = opts.error;
this.error_description = opts.error_description;
}
}
exports.InvalidClientException = InvalidClientException;
class InvalidGrantException extends SSOOIDCServiceException_1.SSOOIDCServiceException {
name = "InvalidGrantException";
$fault = "client";
error;
error_description;
constructor(opts) {
super({
name: "InvalidGrantException",
$fault: "client",
...opts,
});
Object.setPrototypeOf(this, InvalidGrantException.prototype);
this.error = opts.error;
this.error_description = opts.error_description;
}
}
exports.InvalidGrantException = InvalidGrantException;
class InvalidRequestException extends SSOOIDCServiceException_1.SSOOIDCServiceException {
name = "InvalidRequestException";
$fault = "client";
error;
reason;
error_description;
constructor(opts) {
super({
name: "InvalidRequestException",
$fault: "client",
...opts,
});
Object.setPrototypeOf(this, InvalidRequestException.prototype);
this.error = opts.error;
this.reason = opts.reason;
this.error_description = opts.error_description;
}
}
exports.InvalidRequestException = InvalidRequestException;
class InvalidScopeException extends SSOOIDCServiceException_1.SSOOIDCServiceException {
name = "InvalidScopeException";
$fault = "client";
error;
error_description;
constructor(opts) {
super({
name: "InvalidScopeException",
$fault: "client",
...opts,
});
Object.setPrototypeOf(this, InvalidScopeException.prototype);
this.error = opts.error;
this.error_description = opts.error_description;
}
}
exports.InvalidScopeException = InvalidScopeException;
class SlowDownException extends SSOOIDCServiceException_1.SSOOIDCServiceException {
name = "SlowDownException";
$fault = "client";
error;
error_description;
constructor(opts) {
super({
name: "SlowDownException",
$fault: "client",
...opts,
});
Object.setPrototypeOf(this, SlowDownException.prototype);
this.error = opts.error;
this.error_description = opts.error_description;
}
}
exports.SlowDownException = SlowDownException;
class UnauthorizedClientException extends SSOOIDCServiceException_1.SSOOIDCServiceException {
name = "UnauthorizedClientException";
$fault = "client";
error;
error_description;
constructor(opts) {
super({
name: "UnauthorizedClientException",
$fault: "client",
...opts,
});
Object.setPrototypeOf(this, UnauthorizedClientException.prototype);
this.error = opts.error;
this.error_description = opts.error_description;
}
}
exports.UnauthorizedClientException = UnauthorizedClientException;
class UnsupportedGrantTypeException extends SSOOIDCServiceException_1.SSOOIDCServiceException {
name = "UnsupportedGrantTypeException";
$fault = "client";
error;
error_description;
constructor(opts) {
super({
name: "UnsupportedGrantTypeException",
$fault: "client",
...opts,
});
Object.setPrototypeOf(this, UnsupportedGrantTypeException.prototype);
this.error = opts.error;
this.error_description = opts.error_description;
}
}
exports.UnsupportedGrantTypeException = UnsupportedGrantTypeException;
/***/ }),
/***/ 6901:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.getRuntimeConfig = void 0;
const tslib_1 = __webpack_require__(1860);
const package_json_1 = tslib_1.__importDefault(__webpack_require__(9955));
const core_1 = __webpack_require__(8704);
const util_user_agent_node_1 = __webpack_require__(1656);
const config_resolver_1 = __webpack_require__(9316);
const hash_node_1 = __webpack_require__(2711);
const middleware_retry_1 = __webpack_require__(9618);
const node_config_provider_1 = __webpack_require__(5704);
const node_http_handler_1 = __webpack_require__(1279);
const smithy_client_1 = __webpack_require__(1411);
const util_body_length_node_1 = __webpack_require__(3638);
const util_defaults_mode_node_1 = __webpack_require__(673);
const util_retry_1 = __webpack_require__(5518);
const runtimeConfig_shared_1 = __webpack_require__(1546);
const getRuntimeConfig = (config) => {
(0, smithy_client_1.emitWarningIfUnsupportedVersion)(process.version);
const defaultsMode = (0, util_defaults_mode_node_1.resolveDefaultsModeConfig)(config);
const defaultConfigProvider = () => defaultsMode().then(smithy_client_1.loadConfigsForDefaultMode);
const clientSharedValues = (0, runtimeConfig_shared_1.getRuntimeConfig)(config);
(0, core_1.emitWarningIfUnsupportedVersion)(process.version);
const loaderConfig = {
profile: config?.profile,
logger: clientSharedValues.logger,
};
return {
...clientSharedValues,
...config,
runtime: "node",
defaultsMode,
authSchemePreference: config?.authSchemePreference ?? (0, node_config_provider_1.loadConfig)(core_1.NODE_AUTH_SCHEME_PREFERENCE_OPTIONS, loaderConfig),
bodyLengthChecker: config?.bodyLengthChecker ?? util_body_length_node_1.calculateBodyLength,
defaultUserAgentProvider: config?.defaultUserAgentProvider ??
(0, util_user_agent_node_1.createDefaultUserAgentProvider)({ serviceId: clientSharedValues.serviceId, clientVersion: package_json_1.default.version }),
maxAttempts: config?.maxAttempts ?? (0, node_config_provider_1.loadConfig)(middleware_retry_1.NODE_MAX_ATTEMPT_CONFIG_OPTIONS, config),
region: config?.region ??
(0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_REGION_CONFIG_OPTIONS, { ...config_resolver_1.NODE_REGION_CONFIG_FILE_OPTIONS, ...loaderConfig }),
requestHandler: node_http_handler_1.NodeHttpHandler.create(config?.requestHandler ?? defaultConfigProvider),
retryMode: config?.retryMode ??
(0, node_config_provider_1.loadConfig)({
...middleware_retry_1.NODE_RETRY_MODE_CONFIG_OPTIONS,
default: async () => (await defaultConfigProvider()).retryMode || util_retry_1.DEFAULT_RETRY_MODE,
}, config),
sha256: config?.sha256 ?? hash_node_1.Hash.bind(null, "sha256"),
streamCollector: config?.streamCollector ?? node_http_handler_1.streamCollector,
useDualstackEndpoint: config?.useDualstackEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS, loaderConfig),
useFipsEndpoint: config?.useFipsEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS, loaderConfig),
userAgentAppId: config?.userAgentAppId ?? (0, node_config_provider_1.loadConfig)(util_user_agent_node_1.NODE_APP_ID_CONFIG_OPTIONS, loaderConfig),
};
};
exports.getRuntimeConfig = getRuntimeConfig;
/***/ }),
/***/ 1546:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.getRuntimeConfig = void 0;
const core_1 = __webpack_require__(8704);
const protocols_1 = __webpack_require__(7288);
const core_2 = __webpack_require__(402);
const smithy_client_1 = __webpack_require__(1411);
const url_parser_1 = __webpack_require__(4494);
const util_base64_1 = __webpack_require__(8385);
const util_utf8_1 = __webpack_require__(1577);
const httpAuthSchemeProvider_1 = __webpack_require__(8396);
const endpointResolver_1 = __webpack_require__(546);
const schemas_0_1 = __webpack_require__(7143);
const getRuntimeConfig = (config) => {
return {
apiVersion: "2019-06-10",
base64Decoder: config?.base64Decoder ?? util_base64_1.fromBase64,
base64Encoder: config?.base64Encoder ?? util_base64_1.toBase64,
disableHostPrefix: config?.disableHostPrefix ?? false,
endpointProvider: config?.endpointProvider ?? endpointResolver_1.defaultEndpointResolver,
extensions: config?.extensions ?? [],
httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? httpAuthSchemeProvider_1.defaultSSOOIDCHttpAuthSchemeProvider,
httpAuthSchemes: config?.httpAuthSchemes ?? [
{
schemeId: "aws.auth#sigv4",
identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4"),
signer: new core_1.AwsSdkSigV4Signer(),
},
{
schemeId: "smithy.api#noAuth",
identityProvider: (ipc) => ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})),
signer: new core_2.NoAuthSigner(),
},
],
logger: config?.logger ?? new smithy_client_1.NoOpLogger(),
protocol: config?.protocol ?? protocols_1.AwsRestJsonProtocol,
protocolSettings: config?.protocolSettings ?? {
defaultNamespace: "com.amazonaws.ssooidc",
errorTypeRegistries: schemas_0_1.errorTypeRegistries,
version: "2019-06-10",
serviceTarget: "AWSSSOOIDCService",
},
serviceId: config?.serviceId ?? "SSO OIDC",
urlParser: config?.urlParser ?? url_parser_1.parseUrl,
utf8Decoder: config?.utf8Decoder ?? util_utf8_1.fromUtf8,
utf8Encoder: config?.utf8Encoder ?? util_utf8_1.toUtf8,
};
};
exports.getRuntimeConfig = getRuntimeConfig;
/***/ }),
/***/ 7143:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.CreateToken$ = exports.CreateTokenResponse$ = exports.CreateTokenRequest$ = exports.errorTypeRegistries = exports.UnsupportedGrantTypeException$ = exports.UnauthorizedClientException$ = exports.SlowDownException$ = exports.InvalidScopeException$ = exports.InvalidRequestException$ = exports.InvalidGrantException$ = exports.InvalidClientException$ = exports.InternalServerException$ = exports.ExpiredTokenException$ = exports.AuthorizationPendingException$ = exports.AccessDeniedException$ = exports.SSOOIDCServiceException$ = void 0;
const _ADE = "AccessDeniedException";
const _APE = "AuthorizationPendingException";
const _AT = "AccessToken";
const _CS = "ClientSecret";
const _CT = "CreateToken";
const _CTR = "CreateTokenRequest";
const _CTRr = "CreateTokenResponse";
const _CV = "CodeVerifier";
const _ETE = "ExpiredTokenException";
const _ICE = "InvalidClientException";
const _IGE = "InvalidGrantException";
const _IRE = "InvalidRequestException";
const _ISE = "InternalServerException";
const _ISEn = "InvalidScopeException";
const _IT = "IdToken";
const _RT = "RefreshToken";
const _SDE = "SlowDownException";
const _UCE = "UnauthorizedClientException";
const _UGTE = "UnsupportedGrantTypeException";
const _aT = "accessToken";
const _c = "client";
const _cI = "clientId";
const _cS = "clientSecret";
const _cV = "codeVerifier";
const _co = "code";
const _dC = "deviceCode";
const _e = "error";
const _eI = "expiresIn";
const _ed = "error_description";
const _gT = "grantType";
const _h = "http";
const _hE = "httpError";
const _iT = "idToken";
const _r = "reason";
const _rT = "refreshToken";
const _rU = "redirectUri";
const _s = "smithy.ts.sdk.synthetic.com.amazonaws.ssooidc";
const _sc = "scope";
const _se = "server";
const _tT = "tokenType";
const n0 = "com.amazonaws.ssooidc";
const schema_1 = __webpack_require__(6890);
const errors_1 = __webpack_require__(5843);
const SSOOIDCServiceException_1 = __webpack_require__(3952);
const _s_registry = schema_1.TypeRegistry.for(_s);
exports.SSOOIDCServiceException$ = [-3, _s, "SSOOIDCServiceException", 0, [], []];
_s_registry.registerError(exports.SSOOIDCServiceException$, SSOOIDCServiceException_1.SSOOIDCServiceException);
const n0_registry = schema_1.TypeRegistry.for(n0);
exports.AccessDeniedException$ = [
-3,
n0,
_ADE,
{ [_e]: _c, [_hE]: 400 },
[_e, _r, _ed],
[0, 0, 0],
];
n0_registry.registerError(exports.AccessDeniedException$, errors_1.AccessDeniedException);
exports.AuthorizationPendingException$ = [
-3,
n0,
_APE,
{ [_e]: _c, [_hE]: 400 },
[_e, _ed],
[0, 0],
];
n0_registry.registerError(exports.AuthorizationPendingException$, errors_1.AuthorizationPendingException);
exports.ExpiredTokenException$ = [-3, n0, _ETE, { [_e]: _c, [_hE]: 400 }, [_e, _ed], [0, 0]];
n0_registry.registerError(exports.ExpiredTokenException$, errors_1.ExpiredTokenException);
exports.InternalServerException$ = [-3, n0, _ISE, { [_e]: _se, [_hE]: 500 }, [_e, _ed], [0, 0]];
n0_registry.registerError(exports.InternalServerException$, errors_1.InternalServerException);
exports.InvalidClientException$ = [-3, n0, _ICE, { [_e]: _c, [_hE]: 401 }, [_e, _ed], [0, 0]];
n0_registry.registerError(exports.InvalidClientException$, errors_1.InvalidClientException);
exports.InvalidGrantException$ = [-3, n0, _IGE, { [_e]: _c, [_hE]: 400 }, [_e, _ed], [0, 0]];
n0_registry.registerError(exports.InvalidGrantException$, errors_1.InvalidGrantException);
exports.InvalidRequestException$ = [
-3,
n0,
_IRE,
{ [_e]: _c, [_hE]: 400 },
[_e, _r, _ed],
[0, 0, 0],
];
n0_registry.registerError(exports.InvalidRequestException$, errors_1.InvalidRequestException);
exports.InvalidScopeException$ = [-3, n0, _ISEn, { [_e]: _c, [_hE]: 400 }, [_e, _ed], [0, 0]];
n0_registry.registerError(exports.InvalidScopeException$, errors_1.InvalidScopeException);
exports.SlowDownException$ = [-3, n0, _SDE, { [_e]: _c, [_hE]: 400 }, [_e, _ed], [0, 0]];
n0_registry.registerError(exports.SlowDownException$, errors_1.SlowDownException);
exports.UnauthorizedClientException$ = [
-3,
n0,
_UCE,
{ [_e]: _c, [_hE]: 400 },
[_e, _ed],
[0, 0],
];
n0_registry.registerError(exports.UnauthorizedClientException$, errors_1.UnauthorizedClientException);
exports.UnsupportedGrantTypeException$ = [
-3,
n0,
_UGTE,
{ [_e]: _c, [_hE]: 400 },
[_e, _ed],
[0, 0],
];
n0_registry.registerError(exports.UnsupportedGrantTypeException$, errors_1.UnsupportedGrantTypeException);
exports.errorTypeRegistries = [_s_registry, n0_registry];
var AccessToken = [0, n0, _AT, 8, 0];
var ClientSecret = [0, n0, _CS, 8, 0];
var CodeVerifier = [0, n0, _CV, 8, 0];
var IdToken = [0, n0, _IT, 8, 0];
var RefreshToken = [0, n0, _RT, 8, 0];
exports.CreateTokenRequest$ = [
3,
n0,
_CTR,
0,
[_cI, _cS, _gT, _dC, _co, _rT, _sc, _rU, _cV],
[0, [() => ClientSecret, 0], 0, 0, 0, [() => RefreshToken, 0], 64 | 0, 0, [() => CodeVerifier, 0]],
3,
];
exports.CreateTokenResponse$ = [
3,
n0,
_CTRr,
0,
[_aT, _tT, _eI, _rT, _iT],
[[() => AccessToken, 0], 0, 1, [() => RefreshToken, 0], [() => IdToken, 0]],
];
var Scopes = (/* unused pure expression or super */ null && (64 | 0));
exports.CreateToken$ = [
9,
n0,
_CT,
{ [_h]: ["POST", "/token", 200] },
() => exports.CreateTokenRequest$,
() => exports.CreateTokenResponse$,
];
/***/ })
};
//# sourceMappingURL=443.index.js.map

1
dist/443.index.js.map generated vendored
View File

File diff suppressed because one or more lines are too long

387
dist/566.index.js generated vendored
View File

@ -1,387 +0,0 @@
export const id = 566;
export const ids = [566];
export const modules = {
/***/ 566:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
var __webpack_unused_export__;
var propertyProvider = __webpack_require__(8857);
var url = __webpack_require__(7016);
var buffer = __webpack_require__(181);
var http = __webpack_require__(8611);
var nodeConfigProvider = __webpack_require__(5704);
var urlParser = __webpack_require__(4494);
function httpRequest(options) {
return new Promise((resolve, reject) => {
const req = http.request({
method: "GET",
...options,
hostname: options.hostname?.replace(/^\[(.+)\]$/, "$1"),
});
req.on("error", (err) => {
reject(Object.assign(new propertyProvider.ProviderError("Unable to connect to instance metadata service"), err));
req.destroy();
});
req.on("timeout", () => {
reject(new propertyProvider.ProviderError("TimeoutError from instance metadata service"));
req.destroy();
});
req.on("response", (res) => {
const { statusCode = 400 } = res;
if (statusCode < 200 || 300 <= statusCode) {
reject(Object.assign(new propertyProvider.ProviderError("Error response received from instance metadata service"), { statusCode }));
req.destroy();
}
const chunks = [];
res.on("data", (chunk) => {
chunks.push(chunk);
});
res.on("end", () => {
resolve(buffer.Buffer.concat(chunks));
req.destroy();
});
});
req.end();
});
}
const isImdsCredentials = (arg) => Boolean(arg) &&
typeof arg === "object" &&
typeof arg.AccessKeyId === "string" &&
typeof arg.SecretAccessKey === "string" &&
typeof arg.Token === "string" &&
typeof arg.Expiration === "string";
const fromImdsCredentials = (creds) => ({
accessKeyId: creds.AccessKeyId,
secretAccessKey: creds.SecretAccessKey,
sessionToken: creds.Token,
expiration: new Date(creds.Expiration),
...(creds.AccountId && { accountId: creds.AccountId }),
});
const DEFAULT_TIMEOUT = 1000;
const DEFAULT_MAX_RETRIES = 0;
const providerConfigFromInit = ({ maxRetries = DEFAULT_MAX_RETRIES, timeout = DEFAULT_TIMEOUT, }) => ({ maxRetries, timeout });
const retry = (toRetry, maxRetries) => {
let promise = toRetry();
for (let i = 0; i < maxRetries; i++) {
promise = promise.catch(toRetry);
}
return promise;
};
const ENV_CMDS_FULL_URI = "AWS_CONTAINER_CREDENTIALS_FULL_URI";
const ENV_CMDS_RELATIVE_URI = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI";
const ENV_CMDS_AUTH_TOKEN = "AWS_CONTAINER_AUTHORIZATION_TOKEN";
const fromContainerMetadata = (init = {}) => {
const { timeout, maxRetries } = providerConfigFromInit(init);
return () => retry(async () => {
const requestOptions = await getCmdsUri({ logger: init.logger });
const credsResponse = JSON.parse(await requestFromEcsImds(timeout, requestOptions));
if (!isImdsCredentials(credsResponse)) {
throw new propertyProvider.CredentialsProviderError("Invalid response received from instance metadata service.", {
logger: init.logger,
});
}
return fromImdsCredentials(credsResponse);
}, maxRetries);
};
const requestFromEcsImds = async (timeout, options) => {
if (process.env[ENV_CMDS_AUTH_TOKEN]) {
options.headers = {
...options.headers,
Authorization: process.env[ENV_CMDS_AUTH_TOKEN],
};
}
const buffer = await httpRequest({
...options,
timeout,
});
return buffer.toString();
};
const CMDS_IP = "169.254.170.2";
const GREENGRASS_HOSTS = {
localhost: true,
"127.0.0.1": true,
};
const GREENGRASS_PROTOCOLS = {
"http:": true,
"https:": true,
};
const getCmdsUri = async ({ logger }) => {
if (process.env[ENV_CMDS_RELATIVE_URI]) {
return {
hostname: CMDS_IP,
path: process.env[ENV_CMDS_RELATIVE_URI],
};
}
if (process.env[ENV_CMDS_FULL_URI]) {
const parsed = url.parse(process.env[ENV_CMDS_FULL_URI]);
if (!parsed.hostname || !(parsed.hostname in GREENGRASS_HOSTS)) {
throw new propertyProvider.CredentialsProviderError(`${parsed.hostname} is not a valid container metadata service hostname`, {
tryNextLink: false,
logger,
});
}
if (!parsed.protocol || !(parsed.protocol in GREENGRASS_PROTOCOLS)) {
throw new propertyProvider.CredentialsProviderError(`${parsed.protocol} is not a valid container metadata service protocol`, {
tryNextLink: false,
logger,
});
}
return {
...parsed,
port: parsed.port ? parseInt(parsed.port, 10) : undefined,
};
}
throw new propertyProvider.CredentialsProviderError("The container metadata credential provider cannot be used unless" +
` the ${ENV_CMDS_RELATIVE_URI} or ${ENV_CMDS_FULL_URI} environment` +
" variable is set", {
tryNextLink: false,
logger,
});
};
class InstanceMetadataV1FallbackError extends propertyProvider.CredentialsProviderError {
tryNextLink;
name = "InstanceMetadataV1FallbackError";
constructor(message, tryNextLink = true) {
super(message, tryNextLink);
this.tryNextLink = tryNextLink;
Object.setPrototypeOf(this, InstanceMetadataV1FallbackError.prototype);
}
}
exports.yI = void 0;
(function (Endpoint) {
Endpoint["IPv4"] = "http://169.254.169.254";
Endpoint["IPv6"] = "http://[fd00:ec2::254]";
})(exports.yI || (exports.yI = {}));
const ENV_ENDPOINT_NAME = "AWS_EC2_METADATA_SERVICE_ENDPOINT";
const CONFIG_ENDPOINT_NAME = "ec2_metadata_service_endpoint";
const ENDPOINT_CONFIG_OPTIONS = {
environmentVariableSelector: (env) => env[ENV_ENDPOINT_NAME],
configFileSelector: (profile) => profile[CONFIG_ENDPOINT_NAME],
default: undefined,
};
var EndpointMode;
(function (EndpointMode) {
EndpointMode["IPv4"] = "IPv4";
EndpointMode["IPv6"] = "IPv6";
})(EndpointMode || (EndpointMode = {}));
const ENV_ENDPOINT_MODE_NAME = "AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE";
const CONFIG_ENDPOINT_MODE_NAME = "ec2_metadata_service_endpoint_mode";
const ENDPOINT_MODE_CONFIG_OPTIONS = {
environmentVariableSelector: (env) => env[ENV_ENDPOINT_MODE_NAME],
configFileSelector: (profile) => profile[CONFIG_ENDPOINT_MODE_NAME],
default: EndpointMode.IPv4,
};
const getInstanceMetadataEndpoint = async () => urlParser.parseUrl((await getFromEndpointConfig()) || (await getFromEndpointModeConfig()));
const getFromEndpointConfig = async () => nodeConfigProvider.loadConfig(ENDPOINT_CONFIG_OPTIONS)();
const getFromEndpointModeConfig = async () => {
const endpointMode = await nodeConfigProvider.loadConfig(ENDPOINT_MODE_CONFIG_OPTIONS)();
switch (endpointMode) {
case EndpointMode.IPv4:
return exports.yI.IPv4;
case EndpointMode.IPv6:
return exports.yI.IPv6;
default:
throw new Error(`Unsupported endpoint mode: ${endpointMode}.` + ` Select from ${Object.values(EndpointMode)}`);
}
};
const STATIC_STABILITY_REFRESH_INTERVAL_SECONDS = 5 * 60;
const STATIC_STABILITY_REFRESH_INTERVAL_JITTER_WINDOW_SECONDS = 5 * 60;
const STATIC_STABILITY_DOC_URL = "https://docs.aws.amazon.com/sdkref/latest/guide/feature-static-credentials.html";
const getExtendedInstanceMetadataCredentials = (credentials, logger) => {
const refreshInterval = STATIC_STABILITY_REFRESH_INTERVAL_SECONDS +
Math.floor(Math.random() * STATIC_STABILITY_REFRESH_INTERVAL_JITTER_WINDOW_SECONDS);
const newExpiration = new Date(Date.now() + refreshInterval * 1000);
logger.warn("Attempting credential expiration extension due to a credential service availability issue. A refresh of these " +
`credentials will be attempted after ${new Date(newExpiration)}.\nFor more information, please visit: ` +
STATIC_STABILITY_DOC_URL);
const originalExpiration = credentials.originalExpiration ?? credentials.expiration;
return {
...credentials,
...(originalExpiration ? { originalExpiration } : {}),
expiration: newExpiration,
};
};
const staticStabilityProvider = (provider, options = {}) => {
const logger = options?.logger || console;
let pastCredentials;
return async () => {
let credentials;
try {
credentials = await provider();
if (credentials.expiration && credentials.expiration.getTime() < Date.now()) {
credentials = getExtendedInstanceMetadataCredentials(credentials, logger);
}
}
catch (e) {
if (pastCredentials) {
logger.warn("Credential renew failed: ", e);
credentials = getExtendedInstanceMetadataCredentials(pastCredentials, logger);
}
else {
throw e;
}
}
pastCredentials = credentials;
return credentials;
};
};
const IMDS_PATH = "/latest/meta-data/iam/security-credentials/";
const IMDS_TOKEN_PATH = "/latest/api/token";
const AWS_EC2_METADATA_V1_DISABLED = "AWS_EC2_METADATA_V1_DISABLED";
const PROFILE_AWS_EC2_METADATA_V1_DISABLED = "ec2_metadata_v1_disabled";
const X_AWS_EC2_METADATA_TOKEN = "x-aws-ec2-metadata-token";
const fromInstanceMetadata = (init = {}) => staticStabilityProvider(getInstanceMetadataProvider(init), { logger: init.logger });
const getInstanceMetadataProvider = (init = {}) => {
let disableFetchToken = false;
const { logger, profile } = init;
const { timeout, maxRetries } = providerConfigFromInit(init);
const getCredentials = async (maxRetries, options) => {
const isImdsV1Fallback = disableFetchToken || options.headers?.[X_AWS_EC2_METADATA_TOKEN] == null;
if (isImdsV1Fallback) {
let fallbackBlockedFromProfile = false;
let fallbackBlockedFromProcessEnv = false;
const configValue = await nodeConfigProvider.loadConfig({
environmentVariableSelector: (env) => {
const envValue = env[AWS_EC2_METADATA_V1_DISABLED];
fallbackBlockedFromProcessEnv = !!envValue && envValue !== "false";
if (envValue === undefined) {
throw new propertyProvider.CredentialsProviderError(`${AWS_EC2_METADATA_V1_DISABLED} not set in env, checking config file next.`, { logger: init.logger });
}
return fallbackBlockedFromProcessEnv;
},
configFileSelector: (profile) => {
const profileValue = profile[PROFILE_AWS_EC2_METADATA_V1_DISABLED];
fallbackBlockedFromProfile = !!profileValue && profileValue !== "false";
return fallbackBlockedFromProfile;
},
default: false,
}, {
profile,
})();
if (init.ec2MetadataV1Disabled || configValue) {
const causes = [];
if (init.ec2MetadataV1Disabled)
causes.push("credential provider initialization (runtime option ec2MetadataV1Disabled)");
if (fallbackBlockedFromProfile)
causes.push(`config file profile (${PROFILE_AWS_EC2_METADATA_V1_DISABLED})`);
if (fallbackBlockedFromProcessEnv)
causes.push(`process environment variable (${AWS_EC2_METADATA_V1_DISABLED})`);
throw new InstanceMetadataV1FallbackError(`AWS EC2 Metadata v1 fallback has been blocked by AWS SDK configuration in the following: [${causes.join(", ")}].`);
}
}
const imdsProfile = (await retry(async () => {
let profile;
try {
profile = await getProfile(options);
}
catch (err) {
if (err.statusCode === 401) {
disableFetchToken = false;
}
throw err;
}
return profile;
}, maxRetries)).trim();
return retry(async () => {
let creds;
try {
creds = await getCredentialsFromProfile(imdsProfile, options, init);
}
catch (err) {
if (err.statusCode === 401) {
disableFetchToken = false;
}
throw err;
}
return creds;
}, maxRetries);
};
return async () => {
const endpoint = await getInstanceMetadataEndpoint();
if (disableFetchToken) {
logger?.debug("AWS SDK Instance Metadata", "using v1 fallback (no token fetch)");
return getCredentials(maxRetries, { ...endpoint, timeout });
}
else {
let token;
try {
token = (await getMetadataToken({ ...endpoint, timeout })).toString();
}
catch (error) {
if (error?.statusCode === 400) {
throw Object.assign(error, {
message: "EC2 Metadata token request returned error",
});
}
else if (error.message === "TimeoutError" || [403, 404, 405].includes(error.statusCode)) {
disableFetchToken = true;
}
logger?.debug("AWS SDK Instance Metadata", "using v1 fallback (initial)");
return getCredentials(maxRetries, { ...endpoint, timeout });
}
return getCredentials(maxRetries, {
...endpoint,
headers: {
[X_AWS_EC2_METADATA_TOKEN]: token,
},
timeout,
});
}
};
};
const getMetadataToken = async (options) => httpRequest({
...options,
path: IMDS_TOKEN_PATH,
method: "PUT",
headers: {
"x-aws-ec2-metadata-token-ttl-seconds": "21600",
},
});
const getProfile = async (options) => (await httpRequest({ ...options, path: IMDS_PATH })).toString();
const getCredentialsFromProfile = async (profile, options, init) => {
const credentialsResponse = JSON.parse((await httpRequest({
...options,
path: IMDS_PATH + profile,
})).toString());
if (!isImdsCredentials(credentialsResponse)) {
throw new propertyProvider.CredentialsProviderError("Invalid response received from instance metadata service.", {
logger: init.logger,
});
}
return fromImdsCredentials(credentialsResponse);
};
__webpack_unused_export__ = DEFAULT_MAX_RETRIES;
__webpack_unused_export__ = DEFAULT_TIMEOUT;
__webpack_unused_export__ = ENV_CMDS_AUTH_TOKEN;
exports.ENV_CMDS_FULL_URI = ENV_CMDS_FULL_URI;
exports.ENV_CMDS_RELATIVE_URI = ENV_CMDS_RELATIVE_URI;
exports.fromContainerMetadata = fromContainerMetadata;
exports.fromInstanceMetadata = fromInstanceMetadata;
exports.getInstanceMetadataEndpoint = getInstanceMetadataEndpoint;
exports.httpRequest = httpRequest;
__webpack_unused_export__ = providerConfigFromInit;
/***/ })
};
//# sourceMappingURL=566.index.js.map

1
dist/566.index.js.map generated vendored
View File

File diff suppressed because one or more lines are too long

273
dist/579.index.js generated vendored
View File

@ -1,273 +0,0 @@
export const id = 579;
export const ids = [579];
export const modules = {
/***/ 6579:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
var utilUtf8 = __webpack_require__(1577);
class EventStreamSerde {
marshaller;
serializer;
deserializer;
serdeContext;
defaultContentType;
constructor({ marshaller, serializer, deserializer, serdeContext, defaultContentType, }) {
this.marshaller = marshaller;
this.serializer = serializer;
this.deserializer = deserializer;
this.serdeContext = serdeContext;
this.defaultContentType = defaultContentType;
}
async serializeEventStream({ eventStream, requestSchema, initialRequest, }) {
const marshaller = this.marshaller;
const eventStreamMember = requestSchema.getEventStreamMember();
const unionSchema = requestSchema.getMemberSchema(eventStreamMember);
const serializer = this.serializer;
const defaultContentType = this.defaultContentType;
const initialRequestMarker = Symbol("initialRequestMarker");
const eventStreamIterable = {
async *[Symbol.asyncIterator]() {
if (initialRequest) {
const headers = {
":event-type": { type: "string", value: "initial-request" },
":message-type": { type: "string", value: "event" },
":content-type": { type: "string", value: defaultContentType },
};
serializer.write(requestSchema, initialRequest);
const body = serializer.flush();
yield {
[initialRequestMarker]: true,
headers,
body,
};
}
for await (const page of eventStream) {
yield page;
}
},
};
return marshaller.serialize(eventStreamIterable, (event) => {
if (event[initialRequestMarker]) {
return {
headers: event.headers,
body: event.body,
};
}
const unionMember = Object.keys(event).find((key) => {
return key !== "__type";
}) ?? "";
const { additionalHeaders, body, eventType, explicitPayloadContentType } = this.writeEventBody(unionMember, unionSchema, event);
const headers = {
":event-type": { type: "string", value: eventType },
":message-type": { type: "string", value: "event" },
":content-type": { type: "string", value: explicitPayloadContentType ?? defaultContentType },
...additionalHeaders,
};
return {
headers,
body,
};
});
}
async deserializeEventStream({ response, responseSchema, initialResponseContainer, }) {
const marshaller = this.marshaller;
const eventStreamMember = responseSchema.getEventStreamMember();
const unionSchema = responseSchema.getMemberSchema(eventStreamMember);
const memberSchemas = unionSchema.getMemberSchemas();
const initialResponseMarker = Symbol("initialResponseMarker");
const asyncIterable = marshaller.deserialize(response.body, async (event) => {
const unionMember = Object.keys(event).find((key) => {
return key !== "__type";
}) ?? "";
const body = event[unionMember].body;
if (unionMember === "initial-response") {
const dataObject = await this.deserializer.read(responseSchema, body);
delete dataObject[eventStreamMember];
return {
[initialResponseMarker]: true,
...dataObject,
};
}
else if (unionMember in memberSchemas) {
const eventStreamSchema = memberSchemas[unionMember];
if (eventStreamSchema.isStructSchema()) {
const out = {};
let hasBindings = false;
for (const [name, member] of eventStreamSchema.structIterator()) {
const { eventHeader, eventPayload } = member.getMergedTraits();
hasBindings = hasBindings || Boolean(eventHeader || eventPayload);
if (eventPayload) {
if (member.isBlobSchema()) {
out[name] = body;
}
else if (member.isStringSchema()) {
out[name] = (this.serdeContext?.utf8Encoder ?? utilUtf8.toUtf8)(body);
}
else if (member.isStructSchema()) {
out[name] = await this.deserializer.read(member, body);
}
}
else if (eventHeader) {
const value = event[unionMember].headers[name]?.value;
if (value != null) {
if (member.isNumericSchema()) {
if (value && typeof value === "object" && "bytes" in value) {
out[name] = BigInt(value.toString());
}
else {
out[name] = Number(value);
}
}
else {
out[name] = value;
}
}
}
}
if (hasBindings) {
return {
[unionMember]: out,
};
}
if (body.byteLength === 0) {
return {
[unionMember]: {},
};
}
}
return {
[unionMember]: await this.deserializer.read(eventStreamSchema, body),
};
}
else {
return {
$unknown: event,
};
}
});
const asyncIterator = asyncIterable[Symbol.asyncIterator]();
const firstEvent = await asyncIterator.next();
if (firstEvent.done) {
return asyncIterable;
}
if (firstEvent.value?.[initialResponseMarker]) {
if (!responseSchema) {
throw new Error("@smithy::core/protocols - initial-response event encountered in event stream but no response schema given.");
}
for (const [key, value] of Object.entries(firstEvent.value)) {
initialResponseContainer[key] = value;
}
}
return {
async *[Symbol.asyncIterator]() {
if (!firstEvent?.value?.[initialResponseMarker]) {
yield firstEvent.value;
}
while (true) {
const { done, value } = await asyncIterator.next();
if (done) {
break;
}
yield value;
}
},
};
}
writeEventBody(unionMember, unionSchema, event) {
const serializer = this.serializer;
let eventType = unionMember;
let explicitPayloadMember = null;
let explicitPayloadContentType;
const isKnownSchema = (() => {
const struct = unionSchema.getSchema();
return struct[4].includes(unionMember);
})();
const additionalHeaders = {};
if (!isKnownSchema) {
const [type, value] = event[unionMember];
eventType = type;
serializer.write(15, value);
}
else {
const eventSchema = unionSchema.getMemberSchema(unionMember);
if (eventSchema.isStructSchema()) {
for (const [memberName, memberSchema] of eventSchema.structIterator()) {
const { eventHeader, eventPayload } = memberSchema.getMergedTraits();
if (eventPayload) {
explicitPayloadMember = memberName;
}
else if (eventHeader) {
const value = event[unionMember][memberName];
let type = "binary";
if (memberSchema.isNumericSchema()) {
if ((-2) ** 31 <= value && value <= 2 ** 31 - 1) {
type = "integer";
}
else {
type = "long";
}
}
else if (memberSchema.isTimestampSchema()) {
type = "timestamp";
}
else if (memberSchema.isStringSchema()) {
type = "string";
}
else if (memberSchema.isBooleanSchema()) {
type = "boolean";
}
if (value != null) {
additionalHeaders[memberName] = {
type,
value,
};
delete event[unionMember][memberName];
}
}
}
if (explicitPayloadMember !== null) {
const payloadSchema = eventSchema.getMemberSchema(explicitPayloadMember);
if (payloadSchema.isBlobSchema()) {
explicitPayloadContentType = "application/octet-stream";
}
else if (payloadSchema.isStringSchema()) {
explicitPayloadContentType = "text/plain";
}
serializer.write(payloadSchema, event[unionMember][explicitPayloadMember]);
}
else {
serializer.write(eventSchema, event[unionMember]);
}
}
else if (eventSchema.isUnitSchema()) {
serializer.write(eventSchema, {});
}
else {
throw new Error("@smithy/core/event-streams - non-struct member not supported in event stream union.");
}
}
const messageSerialization = serializer.flush();
const body = typeof messageSerialization === "string"
? (this.serdeContext?.utf8Decoder ?? utilUtf8.fromUtf8)(messageSerialization)
: messageSerialization;
return {
body,
eventType,
explicitPayloadContentType,
additionalHeaders,
};
}
}
exports.EventStreamSerde = EventStreamSerde;
/***/ })
};
//# sourceMappingURL=579.index.js.map

1
dist/579.index.js.map generated vendored
View File

File diff suppressed because one or more lines are too long

234
dist/605.index.js generated vendored
View File

@ -1,234 +0,0 @@
export const id = 605;
export const ids = [605];
export const modules = {
/***/ 1509:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.checkUrl = void 0;
const property_provider_1 = __webpack_require__(8857);
const LOOPBACK_CIDR_IPv4 = "127.0.0.0/8";
const LOOPBACK_CIDR_IPv6 = "::1/128";
const ECS_CONTAINER_HOST = "169.254.170.2";
const EKS_CONTAINER_HOST_IPv4 = "169.254.170.23";
const EKS_CONTAINER_HOST_IPv6 = "[fd00:ec2::23]";
const checkUrl = (url, logger) => {
if (url.protocol === "https:") {
return;
}
if (url.hostname === ECS_CONTAINER_HOST ||
url.hostname === EKS_CONTAINER_HOST_IPv4 ||
url.hostname === EKS_CONTAINER_HOST_IPv6) {
return;
}
if (url.hostname.includes("[")) {
if (url.hostname === "[::1]" || url.hostname === "[0000:0000:0000:0000:0000:0000:0000:0001]") {
return;
}
}
else {
if (url.hostname === "localhost") {
return;
}
const ipComponents = url.hostname.split(".");
const inRange = (component) => {
const num = parseInt(component, 10);
return 0 <= num && num <= 255;
};
if (ipComponents[0] === "127" &&
inRange(ipComponents[1]) &&
inRange(ipComponents[2]) &&
inRange(ipComponents[3]) &&
ipComponents.length === 4) {
return;
}
}
throw new property_provider_1.CredentialsProviderError(`URL not accepted. It must either be HTTPS or match one of the following:
- loopback CIDR 127.0.0.0/8 or [::1/128]
- ECS container host 169.254.170.2
- EKS container host 169.254.170.23 or [fd00:ec2::23]`, { logger });
};
exports.checkUrl = checkUrl;
/***/ }),
/***/ 8712:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.fromHttp = void 0;
const tslib_1 = __webpack_require__(1860);
const client_1 = __webpack_require__(5152);
const node_http_handler_1 = __webpack_require__(1279);
const property_provider_1 = __webpack_require__(8857);
const promises_1 = tslib_1.__importDefault(__webpack_require__(1455));
const checkUrl_1 = __webpack_require__(1509);
const requestHelpers_1 = __webpack_require__(6533);
const retry_wrapper_1 = __webpack_require__(1122);
const AWS_CONTAINER_CREDENTIALS_RELATIVE_URI = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI";
const DEFAULT_LINK_LOCAL_HOST = "http://169.254.170.2";
const AWS_CONTAINER_CREDENTIALS_FULL_URI = "AWS_CONTAINER_CREDENTIALS_FULL_URI";
const AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE = "AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE";
const AWS_CONTAINER_AUTHORIZATION_TOKEN = "AWS_CONTAINER_AUTHORIZATION_TOKEN";
const fromHttp = (options = {}) => {
options.logger?.debug("@aws-sdk/credential-provider-http - fromHttp");
let host;
const relative = options.awsContainerCredentialsRelativeUri ?? process.env[AWS_CONTAINER_CREDENTIALS_RELATIVE_URI];
const full = options.awsContainerCredentialsFullUri ?? process.env[AWS_CONTAINER_CREDENTIALS_FULL_URI];
const token = options.awsContainerAuthorizationToken ?? process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN];
const tokenFile = options.awsContainerAuthorizationTokenFile ?? process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE];
const warn = options.logger?.constructor?.name === "NoOpLogger" || !options.logger?.warn
? console.warn
: options.logger.warn.bind(options.logger);
if (relative && full) {
warn("@aws-sdk/credential-provider-http: " +
"you have set both awsContainerCredentialsRelativeUri and awsContainerCredentialsFullUri.");
warn("awsContainerCredentialsFullUri will take precedence.");
}
if (token && tokenFile) {
warn("@aws-sdk/credential-provider-http: " +
"you have set both awsContainerAuthorizationToken and awsContainerAuthorizationTokenFile.");
warn("awsContainerAuthorizationToken will take precedence.");
}
if (full) {
host = full;
}
else if (relative) {
host = `${DEFAULT_LINK_LOCAL_HOST}${relative}`;
}
else {
throw new property_provider_1.CredentialsProviderError(`No HTTP credential provider host provided.
Set AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI.`, { logger: options.logger });
}
const url = new URL(host);
(0, checkUrl_1.checkUrl)(url, options.logger);
const requestHandler = node_http_handler_1.NodeHttpHandler.create({
requestTimeout: options.timeout ?? 1000,
connectionTimeout: options.timeout ?? 1000,
});
return (0, retry_wrapper_1.retryWrapper)(async () => {
const request = (0, requestHelpers_1.createGetRequest)(url);
if (token) {
request.headers.Authorization = token;
}
else if (tokenFile) {
request.headers.Authorization = (await promises_1.default.readFile(tokenFile)).toString();
}
try {
const result = await requestHandler.handle(request);
return (0, requestHelpers_1.getCredentials)(result.response).then((creds) => (0, client_1.setCredentialFeature)(creds, "CREDENTIALS_HTTP", "z"));
}
catch (e) {
throw new property_provider_1.CredentialsProviderError(String(e), { logger: options.logger });
}
}, options.maxRetries ?? 3, options.timeout ?? 1000);
};
exports.fromHttp = fromHttp;
/***/ }),
/***/ 6533:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.createGetRequest = createGetRequest;
exports.getCredentials = getCredentials;
const property_provider_1 = __webpack_require__(8857);
const protocol_http_1 = __webpack_require__(2356);
const smithy_client_1 = __webpack_require__(1411);
const util_stream_1 = __webpack_require__(4252);
function createGetRequest(url) {
return new protocol_http_1.HttpRequest({
protocol: url.protocol,
hostname: url.hostname,
port: Number(url.port),
path: url.pathname,
query: Array.from(url.searchParams.entries()).reduce((acc, [k, v]) => {
acc[k] = v;
return acc;
}, {}),
fragment: url.hash,
});
}
async function getCredentials(response, logger) {
const stream = (0, util_stream_1.sdkStreamMixin)(response.body);
const str = await stream.transformToString();
if (response.statusCode === 200) {
const parsed = JSON.parse(str);
if (typeof parsed.AccessKeyId !== "string" ||
typeof parsed.SecretAccessKey !== "string" ||
typeof parsed.Token !== "string" ||
typeof parsed.Expiration !== "string") {
throw new property_provider_1.CredentialsProviderError("HTTP credential provider response not of the required format, an object matching: " +
"{ AccessKeyId: string, SecretAccessKey: string, Token: string, Expiration: string(rfc3339) }", { logger });
}
return {
accessKeyId: parsed.AccessKeyId,
secretAccessKey: parsed.SecretAccessKey,
sessionToken: parsed.Token,
expiration: (0, smithy_client_1.parseRfc3339DateTime)(parsed.Expiration),
};
}
if (response.statusCode >= 400 && response.statusCode < 500) {
let parsedBody = {};
try {
parsedBody = JSON.parse(str);
}
catch (e) { }
throw Object.assign(new property_provider_1.CredentialsProviderError(`Server responded with status: ${response.statusCode}`, { logger }), {
Code: parsedBody.Code,
Message: parsedBody.Message,
});
}
throw new property_provider_1.CredentialsProviderError(`Server responded with status: ${response.statusCode}`, { logger });
}
/***/ }),
/***/ 1122:
/***/ ((__unused_webpack_module, exports) => {
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.retryWrapper = void 0;
const retryWrapper = (toRetry, maxRetries, delayMs) => {
return async () => {
for (let i = 0; i < maxRetries; ++i) {
try {
return await toRetry();
}
catch (e) {
await new Promise((resolve) => setTimeout(resolve, delayMs));
}
}
return await toRetry();
};
};
exports.retryWrapper = retryWrapper;
/***/ }),
/***/ 8605:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
var __webpack_unused_export__;
__webpack_unused_export__ = ({ value: true });
exports.fromHttp = void 0;
var fromHttp_1 = __webpack_require__(8712);
Object.defineProperty(exports, "fromHttp", ({ enumerable: true, get: function () { return fromHttp_1.fromHttp; } }));
/***/ })
};
//# sourceMappingURL=605.index.js.map

1
dist/605.index.js.map generated vendored
View File

File diff suppressed because one or more lines are too long

757
dist/762.index.js generated vendored
View File

@ -1,757 +0,0 @@
export const id = 762;
export const ids = [762];
export const modules = {
/***/ 7709:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.resolveHttpAuthSchemeConfig = exports.defaultSigninHttpAuthSchemeProvider = exports.defaultSigninHttpAuthSchemeParametersProvider = void 0;
const core_1 = __webpack_require__(8704);
const util_middleware_1 = __webpack_require__(6324);
const defaultSigninHttpAuthSchemeParametersProvider = async (config, context, input) => {
return {
operation: (0, util_middleware_1.getSmithyContext)(context).operation,
region: (await (0, util_middleware_1.normalizeProvider)(config.region)()) ||
(() => {
throw new Error("expected `region` to be configured for `aws.auth#sigv4`");
})(),
};
};
exports.defaultSigninHttpAuthSchemeParametersProvider = defaultSigninHttpAuthSchemeParametersProvider;
function createAwsAuthSigv4HttpAuthOption(authParameters) {
return {
schemeId: "aws.auth#sigv4",
signingProperties: {
name: "signin",
region: authParameters.region,
},
propertiesExtractor: (config, context) => ({
signingProperties: {
config,
context,
},
}),
};
}
function createSmithyApiNoAuthHttpAuthOption(authParameters) {
return {
schemeId: "smithy.api#noAuth",
};
}
const defaultSigninHttpAuthSchemeProvider = (authParameters) => {
const options = [];
switch (authParameters.operation) {
case "CreateOAuth2Token": {
options.push(createSmithyApiNoAuthHttpAuthOption(authParameters));
break;
}
default: {
options.push(createAwsAuthSigv4HttpAuthOption(authParameters));
}
}
return options;
};
exports.defaultSigninHttpAuthSchemeProvider = defaultSigninHttpAuthSchemeProvider;
const resolveHttpAuthSchemeConfig = (config) => {
const config_0 = (0, core_1.resolveAwsSdkSigV4Config)(config);
return Object.assign(config_0, {
authSchemePreference: (0, util_middleware_1.normalizeProvider)(config.authSchemePreference ?? []),
});
};
exports.resolveHttpAuthSchemeConfig = resolveHttpAuthSchemeConfig;
/***/ }),
/***/ 2547:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.defaultEndpointResolver = void 0;
const util_endpoints_1 = __webpack_require__(3068);
const util_endpoints_2 = __webpack_require__(9674);
const ruleset_1 = __webpack_require__(6904);
const cache = new util_endpoints_2.EndpointCache({
size: 50,
params: ["Endpoint", "Region", "UseDualStack", "UseFIPS"],
});
const defaultEndpointResolver = (endpointParams, context = {}) => {
return cache.get(endpointParams, () => (0, util_endpoints_2.resolveEndpoint)(ruleset_1.ruleSet, {
endpointParams: endpointParams,
logger: context.logger,
}));
};
exports.defaultEndpointResolver = defaultEndpointResolver;
util_endpoints_2.customEndpointFunctions.aws = util_endpoints_1.awsEndpointFunctions;
/***/ }),
/***/ 6904:
/***/ ((__unused_webpack_module, exports) => {
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.ruleSet = void 0;
const u = "required", v = "fn", w = "argv", x = "ref";
const a = true, b = "isSet", c = "booleanEquals", d = "error", e = "endpoint", f = "tree", g = "PartitionResult", h = "stringEquals", i = { [u]: true, default: false, type: "boolean" }, j = { [u]: false, type: "string" }, k = { [x]: "Endpoint" }, l = { [v]: c, [w]: [{ [x]: "UseFIPS" }, true] }, m = { [v]: c, [w]: [{ [x]: "UseDualStack" }, true] }, n = {}, o = { [v]: "getAttr", [w]: [{ [x]: g }, "name"] }, p = { [v]: c, [w]: [{ [x]: "UseFIPS" }, false] }, q = { [v]: c, [w]: [{ [x]: "UseDualStack" }, false] }, r = { [v]: "getAttr", [w]: [{ [x]: g }, "supportsFIPS"] }, s = { [v]: c, [w]: [true, { [v]: "getAttr", [w]: [{ [x]: g }, "supportsDualStack"] }] }, t = [{ [x]: "Region" }];
const _data = {
version: "1.0",
parameters: { UseDualStack: i, UseFIPS: i, Endpoint: j, Region: j },
rules: [
{
conditions: [{ [v]: b, [w]: [k] }],
rules: [
{ conditions: [l], error: "Invalid Configuration: FIPS and custom endpoint are not supported", type: d },
{
rules: [
{
conditions: [m],
error: "Invalid Configuration: Dualstack and custom endpoint are not supported",
type: d,
},
{ endpoint: { url: k, properties: n, headers: n }, type: e },
],
type: f,
},
],
type: f,
},
{
rules: [
{
conditions: [{ [v]: b, [w]: t }],
rules: [
{
conditions: [{ [v]: "aws.partition", [w]: t, assign: g }],
rules: [
{
conditions: [{ [v]: h, [w]: [o, "aws"] }, p, q],
endpoint: { url: "https://{Region}.signin.aws.amazon.com", properties: n, headers: n },
type: e,
},
{
conditions: [{ [v]: h, [w]: [o, "aws-cn"] }, p, q],
endpoint: { url: "https://{Region}.signin.amazonaws.cn", properties: n, headers: n },
type: e,
},
{
conditions: [{ [v]: h, [w]: [o, "aws-us-gov"] }, p, q],
endpoint: { url: "https://{Region}.signin.amazonaws-us-gov.com", properties: n, headers: n },
type: e,
},
{
conditions: [l, m],
rules: [
{
conditions: [{ [v]: c, [w]: [a, r] }, s],
rules: [
{
endpoint: {
url: "https://signin-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",
properties: n,
headers: n,
},
type: e,
},
],
type: f,
},
{
error: "FIPS and DualStack are enabled, but this partition does not support one or both",
type: d,
},
],
type: f,
},
{
conditions: [l, q],
rules: [
{
conditions: [{ [v]: c, [w]: [r, a] }],
rules: [
{
endpoint: {
url: "https://signin-fips.{Region}.{PartitionResult#dnsSuffix}",
properties: n,
headers: n,
},
type: e,
},
],
type: f,
},
{ error: "FIPS is enabled but this partition does not support FIPS", type: d },
],
type: f,
},
{
conditions: [p, m],
rules: [
{
conditions: [s],
rules: [
{
endpoint: {
url: "https://signin.{Region}.{PartitionResult#dualStackDnsSuffix}",
properties: n,
headers: n,
},
type: e,
},
],
type: f,
},
{ error: "DualStack is enabled but this partition does not support DualStack", type: d },
],
type: f,
},
{
endpoint: { url: "https://signin.{Region}.{PartitionResult#dnsSuffix}", properties: n, headers: n },
type: e,
},
],
type: f,
},
],
type: f,
},
{ error: "Invalid Configuration: Missing Region", type: d },
],
type: f,
},
],
};
exports.ruleSet = _data;
/***/ }),
/***/ 9762:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
var middlewareHostHeader = __webpack_require__(2590);
var middlewareLogger = __webpack_require__(5242);
var middlewareRecursionDetection = __webpack_require__(1568);
var middlewareUserAgent = __webpack_require__(2959);
var configResolver = __webpack_require__(9316);
var core = __webpack_require__(402);
var schema = __webpack_require__(6890);
var middlewareContentLength = __webpack_require__(7212);
var middlewareEndpoint = __webpack_require__(99);
var middlewareRetry = __webpack_require__(9618);
var smithyClient = __webpack_require__(1411);
var httpAuthSchemeProvider = __webpack_require__(7709);
var runtimeConfig = __webpack_require__(2836);
var regionConfigResolver = __webpack_require__(6463);
var protocolHttp = __webpack_require__(2356);
var schemas_0 = __webpack_require__(890);
var errors = __webpack_require__(7214);
var SigninServiceException = __webpack_require__(2831);
const resolveClientEndpointParameters = (options) => {
return Object.assign(options, {
useDualstackEndpoint: options.useDualstackEndpoint ?? false,
useFipsEndpoint: options.useFipsEndpoint ?? false,
defaultSigningName: "signin",
});
};
const commonParams = {
UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" },
Endpoint: { type: "builtInParams", name: "endpoint" },
Region: { type: "builtInParams", name: "region" },
UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" },
};
const getHttpAuthExtensionConfiguration = (runtimeConfig) => {
const _httpAuthSchemes = runtimeConfig.httpAuthSchemes;
let _httpAuthSchemeProvider = runtimeConfig.httpAuthSchemeProvider;
let _credentials = runtimeConfig.credentials;
return {
setHttpAuthScheme(httpAuthScheme) {
const index = _httpAuthSchemes.findIndex((scheme) => scheme.schemeId === httpAuthScheme.schemeId);
if (index === -1) {
_httpAuthSchemes.push(httpAuthScheme);
}
else {
_httpAuthSchemes.splice(index, 1, httpAuthScheme);
}
},
httpAuthSchemes() {
return _httpAuthSchemes;
},
setHttpAuthSchemeProvider(httpAuthSchemeProvider) {
_httpAuthSchemeProvider = httpAuthSchemeProvider;
},
httpAuthSchemeProvider() {
return _httpAuthSchemeProvider;
},
setCredentials(credentials) {
_credentials = credentials;
},
credentials() {
return _credentials;
},
};
};
const resolveHttpAuthRuntimeConfig = (config) => {
return {
httpAuthSchemes: config.httpAuthSchemes(),
httpAuthSchemeProvider: config.httpAuthSchemeProvider(),
credentials: config.credentials(),
};
};
const resolveRuntimeExtensions = (runtimeConfig, extensions) => {
const extensionConfiguration = Object.assign(regionConfigResolver.getAwsRegionExtensionConfiguration(runtimeConfig), smithyClient.getDefaultExtensionConfiguration(runtimeConfig), protocolHttp.getHttpHandlerExtensionConfiguration(runtimeConfig), getHttpAuthExtensionConfiguration(runtimeConfig));
extensions.forEach((extension) => extension.configure(extensionConfiguration));
return Object.assign(runtimeConfig, regionConfigResolver.resolveAwsRegionExtensionConfiguration(extensionConfiguration), smithyClient.resolveDefaultRuntimeConfig(extensionConfiguration), protocolHttp.resolveHttpHandlerRuntimeConfig(extensionConfiguration), resolveHttpAuthRuntimeConfig(extensionConfiguration));
};
class SigninClient extends smithyClient.Client {
config;
constructor(...[configuration]) {
const _config_0 = runtimeConfig.getRuntimeConfig(configuration || {});
super(_config_0);
this.initConfig = _config_0;
const _config_1 = resolveClientEndpointParameters(_config_0);
const _config_2 = middlewareUserAgent.resolveUserAgentConfig(_config_1);
const _config_3 = middlewareRetry.resolveRetryConfig(_config_2);
const _config_4 = configResolver.resolveRegionConfig(_config_3);
const _config_5 = middlewareHostHeader.resolveHostHeaderConfig(_config_4);
const _config_6 = middlewareEndpoint.resolveEndpointConfig(_config_5);
const _config_7 = httpAuthSchemeProvider.resolveHttpAuthSchemeConfig(_config_6);
const _config_8 = resolveRuntimeExtensions(_config_7, configuration?.extensions || []);
this.config = _config_8;
this.middlewareStack.use(schema.getSchemaSerdePlugin(this.config));
this.middlewareStack.use(middlewareUserAgent.getUserAgentPlugin(this.config));
this.middlewareStack.use(middlewareRetry.getRetryPlugin(this.config));
this.middlewareStack.use(middlewareContentLength.getContentLengthPlugin(this.config));
this.middlewareStack.use(middlewareHostHeader.getHostHeaderPlugin(this.config));
this.middlewareStack.use(middlewareLogger.getLoggerPlugin(this.config));
this.middlewareStack.use(middlewareRecursionDetection.getRecursionDetectionPlugin(this.config));
this.middlewareStack.use(core.getHttpAuthSchemeEndpointRuleSetPlugin(this.config, {
httpAuthSchemeParametersProvider: httpAuthSchemeProvider.defaultSigninHttpAuthSchemeParametersProvider,
identityProviderConfigProvider: async (config) => new core.DefaultIdentityProviderConfig({
"aws.auth#sigv4": config.credentials,
}),
}));
this.middlewareStack.use(core.getHttpSigningPlugin(this.config));
}
destroy() {
super.destroy();
}
}
class CreateOAuth2TokenCommand extends smithyClient.Command
.classBuilder()
.ep(commonParams)
.m(function (Command, cs, config, o) {
return [middlewareEndpoint.getEndpointPlugin(config, Command.getEndpointParameterInstructions())];
})
.s("Signin", "CreateOAuth2Token", {})
.n("SigninClient", "CreateOAuth2TokenCommand")
.sc(schemas_0.CreateOAuth2Token$)
.build() {
}
const commands = {
CreateOAuth2TokenCommand,
};
class Signin extends SigninClient {
}
smithyClient.createAggregatedClient(commands, Signin);
const OAuth2ErrorCode = {
AUTHCODE_EXPIRED: "AUTHCODE_EXPIRED",
INSUFFICIENT_PERMISSIONS: "INSUFFICIENT_PERMISSIONS",
INVALID_REQUEST: "INVALID_REQUEST",
SERVER_ERROR: "server_error",
TOKEN_EXPIRED: "TOKEN_EXPIRED",
USER_CREDENTIALS_CHANGED: "USER_CREDENTIALS_CHANGED",
};
exports.$Command = smithyClient.Command;
exports.__Client = smithyClient.Client;
exports.SigninServiceException = SigninServiceException.SigninServiceException;
exports.CreateOAuth2TokenCommand = CreateOAuth2TokenCommand;
exports.OAuth2ErrorCode = OAuth2ErrorCode;
exports.Signin = Signin;
exports.SigninClient = SigninClient;
Object.prototype.hasOwnProperty.call(schemas_0, '__proto__') &&
!Object.prototype.hasOwnProperty.call(exports, '__proto__') &&
Object.defineProperty(exports, '__proto__', {
enumerable: true,
value: schemas_0['__proto__']
});
Object.keys(schemas_0).forEach(function (k) {
if (k !== 'default' && !Object.prototype.hasOwnProperty.call(exports, k)) exports[k] = schemas_0[k];
});
Object.prototype.hasOwnProperty.call(errors, '__proto__') &&
!Object.prototype.hasOwnProperty.call(exports, '__proto__') &&
Object.defineProperty(exports, '__proto__', {
enumerable: true,
value: errors['__proto__']
});
Object.keys(errors).forEach(function (k) {
if (k !== 'default' && !Object.prototype.hasOwnProperty.call(exports, k)) exports[k] = errors[k];
});
/***/ }),
/***/ 2831:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.SigninServiceException = exports.__ServiceException = void 0;
const smithy_client_1 = __webpack_require__(1411);
Object.defineProperty(exports, "__ServiceException", ({ enumerable: true, get: function () { return smithy_client_1.ServiceException; } }));
class SigninServiceException extends smithy_client_1.ServiceException {
constructor(options) {
super(options);
Object.setPrototypeOf(this, SigninServiceException.prototype);
}
}
exports.SigninServiceException = SigninServiceException;
/***/ }),
/***/ 7214:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.ValidationException = exports.TooManyRequestsError = exports.InternalServerException = exports.AccessDeniedException = void 0;
const SigninServiceException_1 = __webpack_require__(2831);
class AccessDeniedException extends SigninServiceException_1.SigninServiceException {
name = "AccessDeniedException";
$fault = "client";
error;
constructor(opts) {
super({
name: "AccessDeniedException",
$fault: "client",
...opts,
});
Object.setPrototypeOf(this, AccessDeniedException.prototype);
this.error = opts.error;
}
}
exports.AccessDeniedException = AccessDeniedException;
class InternalServerException extends SigninServiceException_1.SigninServiceException {
name = "InternalServerException";
$fault = "server";
error;
constructor(opts) {
super({
name: "InternalServerException",
$fault: "server",
...opts,
});
Object.setPrototypeOf(this, InternalServerException.prototype);
this.error = opts.error;
}
}
exports.InternalServerException = InternalServerException;
class TooManyRequestsError extends SigninServiceException_1.SigninServiceException {
name = "TooManyRequestsError";
$fault = "client";
error;
constructor(opts) {
super({
name: "TooManyRequestsError",
$fault: "client",
...opts,
});
Object.setPrototypeOf(this, TooManyRequestsError.prototype);
this.error = opts.error;
}
}
exports.TooManyRequestsError = TooManyRequestsError;
class ValidationException extends SigninServiceException_1.SigninServiceException {
name = "ValidationException";
$fault = "client";
error;
constructor(opts) {
super({
name: "ValidationException",
$fault: "client",
...opts,
});
Object.setPrototypeOf(this, ValidationException.prototype);
this.error = opts.error;
}
}
exports.ValidationException = ValidationException;
/***/ }),
/***/ 2836:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.getRuntimeConfig = void 0;
const tslib_1 = __webpack_require__(1860);
const package_json_1 = tslib_1.__importDefault(__webpack_require__(9955));
const core_1 = __webpack_require__(8704);
const util_user_agent_node_1 = __webpack_require__(1656);
const config_resolver_1 = __webpack_require__(9316);
const hash_node_1 = __webpack_require__(2711);
const middleware_retry_1 = __webpack_require__(9618);
const node_config_provider_1 = __webpack_require__(5704);
const node_http_handler_1 = __webpack_require__(1279);
const smithy_client_1 = __webpack_require__(1411);
const util_body_length_node_1 = __webpack_require__(3638);
const util_defaults_mode_node_1 = __webpack_require__(673);
const util_retry_1 = __webpack_require__(5518);
const runtimeConfig_shared_1 = __webpack_require__(357);
const getRuntimeConfig = (config) => {
(0, smithy_client_1.emitWarningIfUnsupportedVersion)(process.version);
const defaultsMode = (0, util_defaults_mode_node_1.resolveDefaultsModeConfig)(config);
const defaultConfigProvider = () => defaultsMode().then(smithy_client_1.loadConfigsForDefaultMode);
const clientSharedValues = (0, runtimeConfig_shared_1.getRuntimeConfig)(config);
(0, core_1.emitWarningIfUnsupportedVersion)(process.version);
const loaderConfig = {
profile: config?.profile,
logger: clientSharedValues.logger,
};
return {
...clientSharedValues,
...config,
runtime: "node",
defaultsMode,
authSchemePreference: config?.authSchemePreference ?? (0, node_config_provider_1.loadConfig)(core_1.NODE_AUTH_SCHEME_PREFERENCE_OPTIONS, loaderConfig),
bodyLengthChecker: config?.bodyLengthChecker ?? util_body_length_node_1.calculateBodyLength,
defaultUserAgentProvider: config?.defaultUserAgentProvider ??
(0, util_user_agent_node_1.createDefaultUserAgentProvider)({ serviceId: clientSharedValues.serviceId, clientVersion: package_json_1.default.version }),
maxAttempts: config?.maxAttempts ?? (0, node_config_provider_1.loadConfig)(middleware_retry_1.NODE_MAX_ATTEMPT_CONFIG_OPTIONS, config),
region: config?.region ??
(0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_REGION_CONFIG_OPTIONS, { ...config_resolver_1.NODE_REGION_CONFIG_FILE_OPTIONS, ...loaderConfig }),
requestHandler: node_http_handler_1.NodeHttpHandler.create(config?.requestHandler ?? defaultConfigProvider),
retryMode: config?.retryMode ??
(0, node_config_provider_1.loadConfig)({
...middleware_retry_1.NODE_RETRY_MODE_CONFIG_OPTIONS,
default: async () => (await defaultConfigProvider()).retryMode || util_retry_1.DEFAULT_RETRY_MODE,
}, config),
sha256: config?.sha256 ?? hash_node_1.Hash.bind(null, "sha256"),
streamCollector: config?.streamCollector ?? node_http_handler_1.streamCollector,
useDualstackEndpoint: config?.useDualstackEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS, loaderConfig),
useFipsEndpoint: config?.useFipsEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS, loaderConfig),
userAgentAppId: config?.userAgentAppId ?? (0, node_config_provider_1.loadConfig)(util_user_agent_node_1.NODE_APP_ID_CONFIG_OPTIONS, loaderConfig),
};
};
exports.getRuntimeConfig = getRuntimeConfig;
/***/ }),
/***/ 357:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.getRuntimeConfig = void 0;
const core_1 = __webpack_require__(8704);
const protocols_1 = __webpack_require__(7288);
const core_2 = __webpack_require__(402);
const smithy_client_1 = __webpack_require__(1411);
const url_parser_1 = __webpack_require__(4494);
const util_base64_1 = __webpack_require__(8385);
const util_utf8_1 = __webpack_require__(1577);
const httpAuthSchemeProvider_1 = __webpack_require__(7709);
const endpointResolver_1 = __webpack_require__(2547);
const schemas_0_1 = __webpack_require__(890);
const getRuntimeConfig = (config) => {
return {
apiVersion: "2023-01-01",
base64Decoder: config?.base64Decoder ?? util_base64_1.fromBase64,
base64Encoder: config?.base64Encoder ?? util_base64_1.toBase64,
disableHostPrefix: config?.disableHostPrefix ?? false,
endpointProvider: config?.endpointProvider ?? endpointResolver_1.defaultEndpointResolver,
extensions: config?.extensions ?? [],
httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? httpAuthSchemeProvider_1.defaultSigninHttpAuthSchemeProvider,
httpAuthSchemes: config?.httpAuthSchemes ?? [
{
schemeId: "aws.auth#sigv4",
identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4"),
signer: new core_1.AwsSdkSigV4Signer(),
},
{
schemeId: "smithy.api#noAuth",
identityProvider: (ipc) => ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})),
signer: new core_2.NoAuthSigner(),
},
],
logger: config?.logger ?? new smithy_client_1.NoOpLogger(),
protocol: config?.protocol ?? protocols_1.AwsRestJsonProtocol,
protocolSettings: config?.protocolSettings ?? {
defaultNamespace: "com.amazonaws.signin",
errorTypeRegistries: schemas_0_1.errorTypeRegistries,
version: "2023-01-01",
serviceTarget: "Signin",
},
serviceId: config?.serviceId ?? "Signin",
urlParser: config?.urlParser ?? url_parser_1.parseUrl,
utf8Decoder: config?.utf8Decoder ?? util_utf8_1.fromUtf8,
utf8Encoder: config?.utf8Encoder ?? util_utf8_1.toUtf8,
};
};
exports.getRuntimeConfig = getRuntimeConfig;
/***/ }),
/***/ 890:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.CreateOAuth2Token$ = exports.CreateOAuth2TokenResponseBody$ = exports.CreateOAuth2TokenResponse$ = exports.CreateOAuth2TokenRequestBody$ = exports.CreateOAuth2TokenRequest$ = exports.AccessToken$ = exports.errorTypeRegistries = exports.ValidationException$ = exports.TooManyRequestsError$ = exports.InternalServerException$ = exports.AccessDeniedException$ = exports.SigninServiceException$ = void 0;
const _ADE = "AccessDeniedException";
const _AT = "AccessToken";
const _COAT = "CreateOAuth2Token";
const _COATR = "CreateOAuth2TokenRequest";
const _COATRB = "CreateOAuth2TokenRequestBody";
const _COATRBr = "CreateOAuth2TokenResponseBody";
const _COATRr = "CreateOAuth2TokenResponse";
const _ISE = "InternalServerException";
const _RT = "RefreshToken";
const _TMRE = "TooManyRequestsError";
const _VE = "ValidationException";
const _aKI = "accessKeyId";
const _aT = "accessToken";
const _c = "client";
const _cI = "clientId";
const _cV = "codeVerifier";
const _co = "code";
const _e = "error";
const _eI = "expiresIn";
const _gT = "grantType";
const _h = "http";
const _hE = "httpError";
const _iT = "idToken";
const _jN = "jsonName";
const _m = "message";
const _rT = "refreshToken";
const _rU = "redirectUri";
const _s = "smithy.ts.sdk.synthetic.com.amazonaws.signin";
const _sAK = "secretAccessKey";
const _sT = "sessionToken";
const _se = "server";
const _tI = "tokenInput";
const _tO = "tokenOutput";
const _tT = "tokenType";
const n0 = "com.amazonaws.signin";
const schema_1 = __webpack_require__(6890);
const errors_1 = __webpack_require__(7214);
const SigninServiceException_1 = __webpack_require__(2831);
const _s_registry = schema_1.TypeRegistry.for(_s);
exports.SigninServiceException$ = [-3, _s, "SigninServiceException", 0, [], []];
_s_registry.registerError(exports.SigninServiceException$, SigninServiceException_1.SigninServiceException);
const n0_registry = schema_1.TypeRegistry.for(n0);
exports.AccessDeniedException$ = [-3, n0, _ADE, { [_e]: _c }, [_e, _m], [0, 0], 2];
n0_registry.registerError(exports.AccessDeniedException$, errors_1.AccessDeniedException);
exports.InternalServerException$ = [-3, n0, _ISE, { [_e]: _se, [_hE]: 500 }, [_e, _m], [0, 0], 2];
n0_registry.registerError(exports.InternalServerException$, errors_1.InternalServerException);
exports.TooManyRequestsError$ = [-3, n0, _TMRE, { [_e]: _c, [_hE]: 429 }, [_e, _m], [0, 0], 2];
n0_registry.registerError(exports.TooManyRequestsError$, errors_1.TooManyRequestsError);
exports.ValidationException$ = [-3, n0, _VE, { [_e]: _c, [_hE]: 400 }, [_e, _m], [0, 0], 2];
n0_registry.registerError(exports.ValidationException$, errors_1.ValidationException);
exports.errorTypeRegistries = [_s_registry, n0_registry];
var RefreshToken = [0, n0, _RT, 8, 0];
exports.AccessToken$ = [
3,
n0,
_AT,
8,
[_aKI, _sAK, _sT],
[
[0, { [_jN]: _aKI }],
[0, { [_jN]: _sAK }],
[0, { [_jN]: _sT }],
],
3,
];
exports.CreateOAuth2TokenRequest$ = [
3,
n0,
_COATR,
0,
[_tI],
[[() => exports.CreateOAuth2TokenRequestBody$, 16]],
1,
];
exports.CreateOAuth2TokenRequestBody$ = [
3,
n0,
_COATRB,
0,
[_cI, _gT, _co, _rU, _cV, _rT],
[
[0, { [_jN]: _cI }],
[0, { [_jN]: _gT }],
0,
[0, { [_jN]: _rU }],
[0, { [_jN]: _cV }],
[() => RefreshToken, { [_jN]: _rT }],
],
2,
];
exports.CreateOAuth2TokenResponse$ = [
3,
n0,
_COATRr,
0,
[_tO],
[[() => exports.CreateOAuth2TokenResponseBody$, 16]],
1,
];
exports.CreateOAuth2TokenResponseBody$ = [
3,
n0,
_COATRBr,
0,
[_aT, _tT, _eI, _rT, _iT],
[
[() => exports.AccessToken$, { [_jN]: _aT }],
[0, { [_jN]: _tT }],
[1, { [_jN]: _eI }],
[() => RefreshToken, { [_jN]: _rT }],
[0, { [_jN]: _iT }],
],
4,
];
exports.CreateOAuth2Token$ = [
9,
n0,
_COAT,
{ [_h]: ["POST", "/v1/token", 200] },
() => exports.CreateOAuth2TokenRequest$,
() => exports.CreateOAuth2TokenResponse$,
];
/***/ }),
/***/ 9955:
/***/ ((module) => {
module.exports = /*#__PURE__*/JSON.parse('{"name":"@aws-sdk/nested-clients","version":"3.996.3","description":"Nested clients for AWS SDK packages.","main":"./dist-cjs/index.js","module":"./dist-es/index.js","types":"./dist-types/index.d.ts","scripts":{"build":"yarn lint && concurrently \'yarn:build:types\' \'yarn:build:es\' && yarn build:cjs","build:cjs":"node ../../scripts/compilation/inline nested-clients","build:es":"tsc -p tsconfig.es.json","build:include:deps":"yarn g:turbo run build -F=\\"$npm_package_name\\"","build:types":"tsc -p tsconfig.types.json","build:types:downlevel":"downlevel-dts dist-types dist-types/ts3.4","clean":"premove dist-cjs dist-es dist-types tsconfig.cjs.tsbuildinfo tsconfig.es.tsbuildinfo tsconfig.types.tsbuildinfo","lint":"node ../../scripts/validation/submodules-linter.js --pkg nested-clients","test":"yarn g:vitest run","test:watch":"yarn g:vitest watch"},"engines":{"node":">=20.0.0"},"sideEffects":false,"author":{"name":"AWS SDK for JavaScript Team","url":"https://aws.amazon.com/javascript/"},"license":"Apache-2.0","dependencies":{"@aws-crypto/sha256-browser":"5.2.0","@aws-crypto/sha256-js":"5.2.0","@aws-sdk/core":"^3.973.15","@aws-sdk/middleware-host-header":"^3.972.6","@aws-sdk/middleware-logger":"^3.972.6","@aws-sdk/middleware-recursion-detection":"^3.972.6","@aws-sdk/middleware-user-agent":"^3.972.15","@aws-sdk/region-config-resolver":"^3.972.6","@aws-sdk/types":"^3.973.4","@aws-sdk/util-endpoints":"^3.996.3","@aws-sdk/util-user-agent-browser":"^3.972.6","@aws-sdk/util-user-agent-node":"^3.973.0","@smithy/config-resolver":"^4.4.9","@smithy/core":"^3.23.6","@smithy/fetch-http-handler":"^5.3.11","@smithy/hash-node":"^4.2.10","@smithy/invalid-dependency":"^4.2.10","@smithy/middleware-content-length":"^4.2.10","@smithy/middleware-endpoint":"^4.4.20","@smithy/middleware-retry":"^4.4.37","@smithy/middleware-serde":"^4.2.11","@smithy/middleware-stack":"^4.2.10","@smithy/node-config-provider":"^4.3.10","@smithy/node-http-handler":"^4.4.12","@smithy/protocol-http":"^5.3.10","@smithy/smithy-client":"^4.12.0","@smithy/types":"^4.13.0","@smithy/url-parser":"^4.2.10","@smithy/util-base64":"^4.3.1","@smithy/util-body-length-browser":"^4.2.1","@smithy/util-body-length-node":"^4.2.2","@smithy/util-defaults-mode-browser":"^4.3.36","@smithy/util-defaults-mode-node":"^4.2.39","@smithy/util-endpoints":"^3.3.1","@smithy/util-middleware":"^4.2.10","@smithy/util-retry":"^4.2.10","@smithy/util-utf8":"^4.2.1","tslib":"^2.6.2"},"devDependencies":{"concurrently":"7.0.0","downlevel-dts":"0.10.1","premove":"4.0.0","typescript":"~5.8.3"},"typesVersions":{"<4.0":{"dist-types/*":["dist-types/ts3.4/*"]}},"files":["./cognito-identity.d.ts","./cognito-identity.js","./signin.d.ts","./signin.js","./sso-oidc.d.ts","./sso-oidc.js","./sso.d.ts","./sso.js","./sts.d.ts","./sts.js","dist-*/**"],"browser":{"./dist-es/submodules/signin/runtimeConfig":"./dist-es/submodules/signin/runtimeConfig.browser","./dist-es/submodules/sso-oidc/runtimeConfig":"./dist-es/submodules/sso-oidc/runtimeConfig.browser","./dist-es/submodules/sts/runtimeConfig":"./dist-es/submodules/sts/runtimeConfig.browser"},"react-native":{},"homepage":"https://github.com/aws/aws-sdk-js-v3/tree/main/packages/nested-clients","repository":{"type":"git","url":"https://github.com/aws/aws-sdk-js-v3.git","directory":"packages/nested-clients"},"exports":{"./package.json":"./package.json","./sso-oidc":{"types":"./dist-types/submodules/sso-oidc/index.d.ts","module":"./dist-es/submodules/sso-oidc/index.js","node":"./dist-cjs/submodules/sso-oidc/index.js","import":"./dist-es/submodules/sso-oidc/index.js","require":"./dist-cjs/submodules/sso-oidc/index.js"},"./sts":{"types":"./dist-types/submodules/sts/index.d.ts","module":"./dist-es/submodules/sts/index.js","node":"./dist-cjs/submodules/sts/index.js","import":"./dist-es/submodules/sts/index.js","require":"./dist-cjs/submodules/sts/index.js"},"./signin":{"types":"./dist-types/submodules/signin/index.d.ts","module":"./dist-es/submodules/signin/index.js","node":"./dist-cjs/submodules/signin/index.js","import":"./dist-es/submodules/signin/index.js","require":"./dist-cjs/submodules/signin/index.js"},"./cognito-identity":{"types":"./dist-types/submodules/cognito-identity/index.d.ts","module":"./dist-es/submodules/cognito-identity/index.js","node":"./dist-cjs/submodules/cognito-identity/index.js","import":"./dist-es/submodules/cognito-identity/index.js","require":"./dist-cjs/submodules/cognito-identity/index.js"},"./sso":{"types":"./dist-types/submodules/sso/index.d.ts","module":"./dist-es/submodules/sso/index.js","node":"./dist-cjs/submodules/sso/index.js","import":"./dist-es/submodules/sso/index.js","require":"./dist-cjs/submodules/sso/index.js"}}}');
/***/ })
};
//# sourceMappingURL=762.index.js.map

1
dist/762.index.js.map generated vendored
View File

File diff suppressed because one or more lines are too long

531
dist/869.index.js generated vendored
View File

@ -1,531 +0,0 @@
export const id = 869;
export const ids = [869];
export const modules = {
/***/ 5869:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
var sharedIniFileLoader = __webpack_require__(4964);
var propertyProvider = __webpack_require__(8857);
var client = __webpack_require__(5152);
var credentialProviderLogin = __webpack_require__(4072);
const resolveCredentialSource = (credentialSource, profileName, logger) => {
const sourceProvidersMap = {
EcsContainer: async (options) => {
const { fromHttp } = await __webpack_require__.e(/* import() */ 605).then(__webpack_require__.bind(__webpack_require__, 8605));
const { fromContainerMetadata } = await __webpack_require__.e(/* import() */ 566).then(__webpack_require__.t.bind(__webpack_require__, 566, 19));
logger?.debug("@aws-sdk/credential-provider-ini - credential_source is EcsContainer");
return async () => propertyProvider.chain(fromHttp(options ?? {}), fromContainerMetadata(options))().then(setNamedProvider);
},
Ec2InstanceMetadata: async (options) => {
logger?.debug("@aws-sdk/credential-provider-ini - credential_source is Ec2InstanceMetadata");
const { fromInstanceMetadata } = await __webpack_require__.e(/* import() */ 566).then(__webpack_require__.t.bind(__webpack_require__, 566, 19));
return async () => fromInstanceMetadata(options)().then(setNamedProvider);
},
Environment: async (options) => {
logger?.debug("@aws-sdk/credential-provider-ini - credential_source is Environment");
const { fromEnv } = await Promise.resolve(/* import() */).then(__webpack_require__.t.bind(__webpack_require__, 5606, 19));
return async () => fromEnv(options)().then(setNamedProvider);
},
};
if (credentialSource in sourceProvidersMap) {
return sourceProvidersMap[credentialSource];
}
else {
throw new propertyProvider.CredentialsProviderError(`Unsupported credential source in profile ${profileName}. Got ${credentialSource}, ` +
`expected EcsContainer or Ec2InstanceMetadata or Environment.`, { logger });
}
};
const setNamedProvider = (creds) => client.setCredentialFeature(creds, "CREDENTIALS_PROFILE_NAMED_PROVIDER", "p");
const isAssumeRoleProfile = (arg, { profile = "default", logger } = {}) => {
return (Boolean(arg) &&
typeof arg === "object" &&
typeof arg.role_arn === "string" &&
["undefined", "string"].indexOf(typeof arg.role_session_name) > -1 &&
["undefined", "string"].indexOf(typeof arg.external_id) > -1 &&
["undefined", "string"].indexOf(typeof arg.mfa_serial) > -1 &&
(isAssumeRoleWithSourceProfile(arg, { profile, logger }) || isCredentialSourceProfile(arg, { profile, logger })));
};
const isAssumeRoleWithSourceProfile = (arg, { profile, logger }) => {
const withSourceProfile = typeof arg.source_profile === "string" && typeof arg.credential_source === "undefined";
if (withSourceProfile) {
logger?.debug?.(` ${profile} isAssumeRoleWithSourceProfile source_profile=${arg.source_profile}`);
}
return withSourceProfile;
};
const isCredentialSourceProfile = (arg, { profile, logger }) => {
const withProviderProfile = typeof arg.credential_source === "string" && typeof arg.source_profile === "undefined";
if (withProviderProfile) {
logger?.debug?.(` ${profile} isCredentialSourceProfile credential_source=${arg.credential_source}`);
}
return withProviderProfile;
};
const resolveAssumeRoleCredentials = async (profileName, profiles, options, callerClientConfig, visitedProfiles = {}, resolveProfileData) => {
options.logger?.debug("@aws-sdk/credential-provider-ini - resolveAssumeRoleCredentials (STS)");
const profileData = profiles[profileName];
const { source_profile, region } = profileData;
if (!options.roleAssumer) {
const { getDefaultRoleAssumer } = await __webpack_require__.e(/* import() */ 136).then(__webpack_require__.t.bind(__webpack_require__, 1136, 23));
options.roleAssumer = getDefaultRoleAssumer({
...options.clientConfig,
credentialProviderLogger: options.logger,
parentClientConfig: {
...callerClientConfig,
...options?.parentClientConfig,
region: region ?? options?.parentClientConfig?.region ?? callerClientConfig?.region,
},
}, options.clientPlugins);
}
if (source_profile && source_profile in visitedProfiles) {
throw new propertyProvider.CredentialsProviderError(`Detected a cycle attempting to resolve credentials for profile` +
` ${sharedIniFileLoader.getProfileName(options)}. Profiles visited: ` +
Object.keys(visitedProfiles).join(", "), { logger: options.logger });
}
options.logger?.debug(`@aws-sdk/credential-provider-ini - finding credential resolver using ${source_profile ? `source_profile=[${source_profile}]` : `profile=[${profileName}]`}`);
const sourceCredsProvider = source_profile
? resolveProfileData(source_profile, profiles, options, callerClientConfig, {
...visitedProfiles,
[source_profile]: true,
}, isCredentialSourceWithoutRoleArn(profiles[source_profile] ?? {}))
: (await resolveCredentialSource(profileData.credential_source, profileName, options.logger)(options))();
if (isCredentialSourceWithoutRoleArn(profileData)) {
return sourceCredsProvider.then((creds) => client.setCredentialFeature(creds, "CREDENTIALS_PROFILE_SOURCE_PROFILE", "o"));
}
else {
const params = {
RoleArn: profileData.role_arn,
RoleSessionName: profileData.role_session_name || `aws-sdk-js-${Date.now()}`,
ExternalId: profileData.external_id,
DurationSeconds: parseInt(profileData.duration_seconds || "3600", 10),
};
const { mfa_serial } = profileData;
if (mfa_serial) {
if (!options.mfaCodeProvider) {
throw new propertyProvider.CredentialsProviderError(`Profile ${profileName} requires multi-factor authentication, but no MFA code callback was provided.`, { logger: options.logger, tryNextLink: false });
}
params.SerialNumber = mfa_serial;
params.TokenCode = await options.mfaCodeProvider(mfa_serial);
}
const sourceCreds = await sourceCredsProvider;
return options.roleAssumer(sourceCreds, params).then((creds) => client.setCredentialFeature(creds, "CREDENTIALS_PROFILE_SOURCE_PROFILE", "o"));
}
};
const isCredentialSourceWithoutRoleArn = (section) => {
return !section.role_arn && !!section.credential_source;
};
const isLoginProfile = (data) => {
return Boolean(data && data.login_session);
};
const resolveLoginCredentials = async (profileName, options, callerClientConfig) => {
const credentials = await credentialProviderLogin.fromLoginCredentials({
...options,
profile: profileName,
})({ callerClientConfig });
return client.setCredentialFeature(credentials, "CREDENTIALS_PROFILE_LOGIN", "AC");
};
const isProcessProfile = (arg) => Boolean(arg) && typeof arg === "object" && typeof arg.credential_process === "string";
const resolveProcessCredentials = async (options, profile) => __webpack_require__.e(/* import() */ 360).then(__webpack_require__.t.bind(__webpack_require__, 5360, 19)).then(({ fromProcess }) => fromProcess({
...options,
profile,
})().then((creds) => client.setCredentialFeature(creds, "CREDENTIALS_PROFILE_PROCESS", "v")));
const resolveSsoCredentials = async (profile, profileData, options = {}, callerClientConfig) => {
const { fromSSO } = await __webpack_require__.e(/* import() */ 998).then(__webpack_require__.t.bind(__webpack_require__, 998, 19));
return fromSSO({
profile,
logger: options.logger,
parentClientConfig: options.parentClientConfig,
clientConfig: options.clientConfig,
})({
callerClientConfig,
}).then((creds) => {
if (profileData.sso_session) {
return client.setCredentialFeature(creds, "CREDENTIALS_PROFILE_SSO", "r");
}
else {
return client.setCredentialFeature(creds, "CREDENTIALS_PROFILE_SSO_LEGACY", "t");
}
});
};
const isSsoProfile = (arg) => arg &&
(typeof arg.sso_start_url === "string" ||
typeof arg.sso_account_id === "string" ||
typeof arg.sso_session === "string" ||
typeof arg.sso_region === "string" ||
typeof arg.sso_role_name === "string");
const isStaticCredsProfile = (arg) => Boolean(arg) &&
typeof arg === "object" &&
typeof arg.aws_access_key_id === "string" &&
typeof arg.aws_secret_access_key === "string" &&
["undefined", "string"].indexOf(typeof arg.aws_session_token) > -1 &&
["undefined", "string"].indexOf(typeof arg.aws_account_id) > -1;
const resolveStaticCredentials = async (profile, options) => {
options?.logger?.debug("@aws-sdk/credential-provider-ini - resolveStaticCredentials");
const credentials = {
accessKeyId: profile.aws_access_key_id,
secretAccessKey: profile.aws_secret_access_key,
sessionToken: profile.aws_session_token,
...(profile.aws_credential_scope && { credentialScope: profile.aws_credential_scope }),
...(profile.aws_account_id && { accountId: profile.aws_account_id }),
};
return client.setCredentialFeature(credentials, "CREDENTIALS_PROFILE", "n");
};
const isWebIdentityProfile = (arg) => Boolean(arg) &&
typeof arg === "object" &&
typeof arg.web_identity_token_file === "string" &&
typeof arg.role_arn === "string" &&
["undefined", "string"].indexOf(typeof arg.role_session_name) > -1;
const resolveWebIdentityCredentials = async (profile, options, callerClientConfig) => Promise.all(/* import() */[__webpack_require__.e(136), __webpack_require__.e(956)]).then(__webpack_require__.t.bind(__webpack_require__, 9956, 23)).then(({ fromTokenFile }) => fromTokenFile({
webIdentityTokenFile: profile.web_identity_token_file,
roleArn: profile.role_arn,
roleSessionName: profile.role_session_name,
roleAssumerWithWebIdentity: options.roleAssumerWithWebIdentity,
logger: options.logger,
parentClientConfig: options.parentClientConfig,
})({
callerClientConfig,
}).then((creds) => client.setCredentialFeature(creds, "CREDENTIALS_PROFILE_STS_WEB_ID_TOKEN", "q")));
const resolveProfileData = async (profileName, profiles, options, callerClientConfig, visitedProfiles = {}, isAssumeRoleRecursiveCall = false) => {
const data = profiles[profileName];
if (Object.keys(visitedProfiles).length > 0 && isStaticCredsProfile(data)) {
return resolveStaticCredentials(data, options);
}
if (isAssumeRoleRecursiveCall || isAssumeRoleProfile(data, { profile: profileName, logger: options.logger })) {
return resolveAssumeRoleCredentials(profileName, profiles, options, callerClientConfig, visitedProfiles, resolveProfileData);
}
if (isStaticCredsProfile(data)) {
return resolveStaticCredentials(data, options);
}
if (isWebIdentityProfile(data)) {
return resolveWebIdentityCredentials(data, options, callerClientConfig);
}
if (isProcessProfile(data)) {
return resolveProcessCredentials(options, profileName);
}
if (isSsoProfile(data)) {
return await resolveSsoCredentials(profileName, data, options, callerClientConfig);
}
if (isLoginProfile(data)) {
return resolveLoginCredentials(profileName, options, callerClientConfig);
}
throw new propertyProvider.CredentialsProviderError(`Could not resolve credentials using profile: [${profileName}] in configuration/credentials file(s).`, { logger: options.logger });
};
const fromIni = (init = {}) => async ({ callerClientConfig } = {}) => {
init.logger?.debug("@aws-sdk/credential-provider-ini - fromIni");
const profiles = await sharedIniFileLoader.parseKnownFiles(init);
return resolveProfileData(sharedIniFileLoader.getProfileName({
profile: init.profile ?? callerClientConfig?.profile,
}), profiles, init, callerClientConfig);
};
exports.fromIni = fromIni;
/***/ }),
/***/ 4072:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
var client = __webpack_require__(5152);
var propertyProvider = __webpack_require__(8857);
var sharedIniFileLoader = __webpack_require__(4964);
var protocolHttp = __webpack_require__(2356);
var node_crypto = __webpack_require__(7598);
var node_fs = __webpack_require__(3024);
var node_os = __webpack_require__(8161);
var node_path = __webpack_require__(6760);
class LoginCredentialsFetcher {
profileData;
init;
callerClientConfig;
static REFRESH_THRESHOLD = 5 * 60 * 1000;
constructor(profileData, init, callerClientConfig) {
this.profileData = profileData;
this.init = init;
this.callerClientConfig = callerClientConfig;
}
async loadCredentials() {
const token = await this.loadToken();
if (!token) {
throw new propertyProvider.CredentialsProviderError(`Failed to load a token for session ${this.loginSession}, please re-authenticate using aws login`, { tryNextLink: false, logger: this.logger });
}
const accessToken = token.accessToken;
const now = Date.now();
const expiryTime = new Date(accessToken.expiresAt).getTime();
const timeUntilExpiry = expiryTime - now;
if (timeUntilExpiry <= LoginCredentialsFetcher.REFRESH_THRESHOLD) {
return this.refresh(token);
}
return {
accessKeyId: accessToken.accessKeyId,
secretAccessKey: accessToken.secretAccessKey,
sessionToken: accessToken.sessionToken,
accountId: accessToken.accountId,
expiration: new Date(accessToken.expiresAt),
};
}
get logger() {
return this.init?.logger;
}
get loginSession() {
return this.profileData.login_session;
}
async refresh(token) {
const { SigninClient, CreateOAuth2TokenCommand } = await __webpack_require__.e(/* import() */ 762).then(__webpack_require__.t.bind(__webpack_require__, 9762, 23));
const { logger, userAgentAppId } = this.callerClientConfig ?? {};
const isH2 = (requestHandler) => {
return requestHandler?.metadata?.handlerProtocol === "h2";
};
const requestHandler = isH2(this.callerClientConfig?.requestHandler)
? undefined
: this.callerClientConfig?.requestHandler;
const region = this.profileData.region ?? (await this.callerClientConfig?.region?.()) ?? process.env.AWS_REGION;
const client = new SigninClient({
credentials: {
accessKeyId: "",
secretAccessKey: "",
},
region,
requestHandler,
logger,
userAgentAppId,
...this.init?.clientConfig,
});
this.createDPoPInterceptor(client.middlewareStack);
const commandInput = {
tokenInput: {
clientId: token.clientId,
refreshToken: token.refreshToken,
grantType: "refresh_token",
},
};
try {
const response = await client.send(new CreateOAuth2TokenCommand(commandInput));
const { accessKeyId, secretAccessKey, sessionToken } = response.tokenOutput?.accessToken ?? {};
const { refreshToken, expiresIn } = response.tokenOutput ?? {};
if (!accessKeyId || !secretAccessKey || !sessionToken || !refreshToken) {
throw new propertyProvider.CredentialsProviderError("Token refresh response missing required fields", {
logger: this.logger,
tryNextLink: false,
});
}
const expiresInMs = (expiresIn ?? 900) * 1000;
const expiration = new Date(Date.now() + expiresInMs);
const updatedToken = {
...token,
accessToken: {
...token.accessToken,
accessKeyId: accessKeyId,
secretAccessKey: secretAccessKey,
sessionToken: sessionToken,
expiresAt: expiration.toISOString(),
},
refreshToken: refreshToken,
};
await this.saveToken(updatedToken);
const newAccessToken = updatedToken.accessToken;
return {
accessKeyId: newAccessToken.accessKeyId,
secretAccessKey: newAccessToken.secretAccessKey,
sessionToken: newAccessToken.sessionToken,
accountId: newAccessToken.accountId,
expiration,
};
}
catch (error) {
if (error.name === "AccessDeniedException") {
const errorType = error.error;
let message;
switch (errorType) {
case "TOKEN_EXPIRED":
message = "Your session has expired. Please reauthenticate.";
break;
case "USER_CREDENTIALS_CHANGED":
message =
"Unable to refresh credentials because of a change in your password. Please reauthenticate with your new password.";
break;
case "INSUFFICIENT_PERMISSIONS":
message =
"Unable to refresh credentials due to insufficient permissions. You may be missing permission for the 'CreateOAuth2Token' action.";
break;
default:
message = `Failed to refresh token: ${String(error)}. Please re-authenticate using \`aws login\``;
}
throw new propertyProvider.CredentialsProviderError(message, { logger: this.logger, tryNextLink: false });
}
throw new propertyProvider.CredentialsProviderError(`Failed to refresh token: ${String(error)}. Please re-authenticate using aws login`, { logger: this.logger });
}
}
async loadToken() {
const tokenFilePath = this.getTokenFilePath();
try {
let tokenData;
try {
tokenData = await sharedIniFileLoader.readFile(tokenFilePath, { ignoreCache: this.init?.ignoreCache });
}
catch {
tokenData = await node_fs.promises.readFile(tokenFilePath, "utf8");
}
const token = JSON.parse(tokenData);
const missingFields = ["accessToken", "clientId", "refreshToken", "dpopKey"].filter((k) => !token[k]);
if (!token.accessToken?.accountId) {
missingFields.push("accountId");
}
if (missingFields.length > 0) {
throw new propertyProvider.CredentialsProviderError(`Token validation failed, missing fields: ${missingFields.join(", ")}`, {
logger: this.logger,
tryNextLink: false,
});
}
return token;
}
catch (error) {
throw new propertyProvider.CredentialsProviderError(`Failed to load token from ${tokenFilePath}: ${String(error)}`, {
logger: this.logger,
tryNextLink: false,
});
}
}
async saveToken(token) {
const tokenFilePath = this.getTokenFilePath();
const directory = node_path.dirname(tokenFilePath);
try {
await node_fs.promises.mkdir(directory, { recursive: true });
}
catch (error) {
}
await node_fs.promises.writeFile(tokenFilePath, JSON.stringify(token, null, 2), "utf8");
}
getTokenFilePath() {
const directory = process.env.AWS_LOGIN_CACHE_DIRECTORY ?? node_path.join(node_os.homedir(), ".aws", "login", "cache");
const loginSessionBytes = Buffer.from(this.loginSession, "utf8");
const loginSessionSha256 = node_crypto.createHash("sha256").update(loginSessionBytes).digest("hex");
return node_path.join(directory, `${loginSessionSha256}.json`);
}
derToRawSignature(derSignature) {
let offset = 2;
if (derSignature[offset] !== 0x02) {
throw new Error("Invalid DER signature");
}
offset++;
const rLength = derSignature[offset++];
let r = derSignature.subarray(offset, offset + rLength);
offset += rLength;
if (derSignature[offset] !== 0x02) {
throw new Error("Invalid DER signature");
}
offset++;
const sLength = derSignature[offset++];
let s = derSignature.subarray(offset, offset + sLength);
r = r[0] === 0x00 ? r.subarray(1) : r;
s = s[0] === 0x00 ? s.subarray(1) : s;
const rPadded = Buffer.concat([Buffer.alloc(32 - r.length), r]);
const sPadded = Buffer.concat([Buffer.alloc(32 - s.length), s]);
return Buffer.concat([rPadded, sPadded]);
}
createDPoPInterceptor(middlewareStack) {
middlewareStack.add((next) => async (args) => {
if (protocolHttp.HttpRequest.isInstance(args.request)) {
const request = args.request;
const actualEndpoint = `${request.protocol}//${request.hostname}${request.port ? `:${request.port}` : ""}${request.path}`;
const dpop = await this.generateDpop(request.method, actualEndpoint);
request.headers = {
...request.headers,
DPoP: dpop,
};
}
return next(args);
}, {
step: "finalizeRequest",
name: "dpopInterceptor",
override: true,
});
}
async generateDpop(method = "POST", endpoint) {
const token = await this.loadToken();
try {
const privateKey = node_crypto.createPrivateKey({
key: token.dpopKey,
format: "pem",
type: "sec1",
});
const publicKey = node_crypto.createPublicKey(privateKey);
const publicDer = publicKey.export({ format: "der", type: "spki" });
let pointStart = -1;
for (let i = 0; i < publicDer.length; i++) {
if (publicDer[i] === 0x04) {
pointStart = i;
break;
}
}
const x = publicDer.slice(pointStart + 1, pointStart + 33);
const y = publicDer.slice(pointStart + 33, pointStart + 65);
const header = {
alg: "ES256",
typ: "dpop+jwt",
jwk: {
kty: "EC",
crv: "P-256",
x: x.toString("base64url"),
y: y.toString("base64url"),
},
};
const payload = {
jti: crypto.randomUUID(),
htm: method,
htu: endpoint,
iat: Math.floor(Date.now() / 1000),
};
const headerB64 = Buffer.from(JSON.stringify(header)).toString("base64url");
const payloadB64 = Buffer.from(JSON.stringify(payload)).toString("base64url");
const message = `${headerB64}.${payloadB64}`;
const asn1Signature = node_crypto.sign("sha256", Buffer.from(message), privateKey);
const rawSignature = this.derToRawSignature(asn1Signature);
const signatureB64 = rawSignature.toString("base64url");
return `${message}.${signatureB64}`;
}
catch (error) {
throw new propertyProvider.CredentialsProviderError(`Failed to generate Dpop proof: ${error instanceof Error ? error.message : String(error)}`, { logger: this.logger, tryNextLink: false });
}
}
}
const fromLoginCredentials = (init) => async ({ callerClientConfig } = {}) => {
init?.logger?.debug?.("@aws-sdk/credential-providers - fromLoginCredentials");
const profiles = await sharedIniFileLoader.parseKnownFiles(init || {});
const profileName = sharedIniFileLoader.getProfileName({
profile: init?.profile ?? callerClientConfig?.profile,
});
const profile = profiles[profileName];
if (!profile?.login_session) {
throw new propertyProvider.CredentialsProviderError(`Profile ${profileName} does not contain login_session.`, {
tryNextLink: true,
logger: init?.logger,
});
}
const fetcher = new LoginCredentialsFetcher(profile, init, callerClientConfig);
const credentials = await fetcher.loadCredentials();
return client.setCredentialFeature(credentials, "CREDENTIALS_LOGIN", "AD");
};
exports.fromLoginCredentials = fromLoginCredentials;
/***/ })
};
//# sourceMappingURL=869.index.js.map

1
dist/869.index.js.map generated vendored
View File

File diff suppressed because one or more lines are too long

151
dist/956.index.js generated vendored
View File

@ -1,151 +0,0 @@
export const id = 956;
export const ids = [956];
export const modules = {
/***/ 8079:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.fromTokenFile = void 0;
const client_1 = __webpack_require__(5152);
const property_provider_1 = __webpack_require__(8857);
const shared_ini_file_loader_1 = __webpack_require__(4964);
const node_fs_1 = __webpack_require__(3024);
const fromWebToken_1 = __webpack_require__(4453);
const ENV_TOKEN_FILE = "AWS_WEB_IDENTITY_TOKEN_FILE";
const ENV_ROLE_ARN = "AWS_ROLE_ARN";
const ENV_ROLE_SESSION_NAME = "AWS_ROLE_SESSION_NAME";
const fromTokenFile = (init = {}) => async (awsIdentityProperties) => {
init.logger?.debug("@aws-sdk/credential-provider-web-identity - fromTokenFile");
const webIdentityTokenFile = init?.webIdentityTokenFile ?? process.env[ENV_TOKEN_FILE];
const roleArn = init?.roleArn ?? process.env[ENV_ROLE_ARN];
const roleSessionName = init?.roleSessionName ?? process.env[ENV_ROLE_SESSION_NAME];
if (!webIdentityTokenFile || !roleArn) {
throw new property_provider_1.CredentialsProviderError("Web identity configuration not specified", {
logger: init.logger,
});
}
const credentials = await (0, fromWebToken_1.fromWebToken)({
...init,
webIdentityToken: shared_ini_file_loader_1.externalDataInterceptor?.getTokenRecord?.()[webIdentityTokenFile] ??
(0, node_fs_1.readFileSync)(webIdentityTokenFile, { encoding: "ascii" }),
roleArn,
roleSessionName,
})(awsIdentityProperties);
if (webIdentityTokenFile === process.env[ENV_TOKEN_FILE]) {
(0, client_1.setCredentialFeature)(credentials, "CREDENTIALS_ENV_VARS_STS_WEB_ID_TOKEN", "h");
}
return credentials;
};
exports.fromTokenFile = fromTokenFile;
/***/ }),
/***/ 4453:
/***/ (function(__unused_webpack_module, exports, __webpack_require__) {
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || (function () {
var ownKeys = function(o) {
ownKeys = Object.getOwnPropertyNames || function (o) {
var ar = [];
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
return ar;
};
return ownKeys(o);
};
return function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
__setModuleDefault(result, mod);
return result;
};
})();
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.fromWebToken = void 0;
const fromWebToken = (init) => async (awsIdentityProperties) => {
init.logger?.debug("@aws-sdk/credential-provider-web-identity - fromWebToken");
const { roleArn, roleSessionName, webIdentityToken, providerId, policyArns, policy, durationSeconds } = init;
let { roleAssumerWithWebIdentity } = init;
if (!roleAssumerWithWebIdentity) {
const { getDefaultRoleAssumerWithWebIdentity } = await Promise.resolve().then(() => __importStar(__webpack_require__(1136)));
roleAssumerWithWebIdentity = getDefaultRoleAssumerWithWebIdentity({
...init.clientConfig,
credentialProviderLogger: init.logger,
parentClientConfig: {
...awsIdentityProperties?.callerClientConfig,
...init.parentClientConfig,
},
}, init.clientPlugins);
}
return roleAssumerWithWebIdentity({
RoleArn: roleArn,
RoleSessionName: roleSessionName ?? `aws-sdk-js-session-${Date.now()}`,
WebIdentityToken: webIdentityToken,
ProviderId: providerId,
PolicyArns: policyArns,
Policy: policy,
DurationSeconds: durationSeconds,
});
};
exports.fromWebToken = fromWebToken;
/***/ }),
/***/ 9956:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
var fromTokenFile = __webpack_require__(8079);
var fromWebToken = __webpack_require__(4453);
Object.prototype.hasOwnProperty.call(fromTokenFile, '__proto__') &&
!Object.prototype.hasOwnProperty.call(exports, '__proto__') &&
Object.defineProperty(exports, '__proto__', {
enumerable: true,
value: fromTokenFile['__proto__']
});
Object.keys(fromTokenFile).forEach(function (k) {
if (k !== 'default' && !Object.prototype.hasOwnProperty.call(exports, k)) exports[k] = fromTokenFile[k];
});
Object.prototype.hasOwnProperty.call(fromWebToken, '__proto__') &&
!Object.prototype.hasOwnProperty.call(exports, '__proto__') &&
Object.defineProperty(exports, '__proto__', {
enumerable: true,
value: fromWebToken['__proto__']
});
Object.keys(fromWebToken).forEach(function (k) {
if (k !== 'default' && !Object.prototype.hasOwnProperty.call(exports, k)) exports[k] = fromWebToken[k];
});
/***/ })
};
//# sourceMappingURL=956.index.js.map

1
dist/956.index.js.map generated vendored
View File

File diff suppressed because one or more lines are too long

1370
dist/998.index.js generated vendored
View File

File diff suppressed because it is too large Load Diff

1
dist/998.index.js.map generated vendored
View File

File diff suppressed because one or more lines are too long

35
dist/index.js generated vendored
View File

File diff suppressed because one or more lines are too long

2
dist/index.js.map generated vendored
View File

File diff suppressed because one or more lines are too long

10761
dist/licenses.txt generated vendored
View File

File diff suppressed because it is too large Load Diff

3
dist/package.json generated vendored
View File

@ -1,3 +0,0 @@
{
"type": "module"
}

1
dist/sourcemap-register.cjs generated vendored
View File

File diff suppressed because one or more lines are too long

1
dist/sourcemap-register.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

17
docker-bake.hcl
View File

@ -1,15 +1,9 @@
target "_common" {
args = {
BUILDKIT_CONTEXT_KEEP_GIT_DIR = 1
}
}
group "default" {
targets = ["build"]
}
group "pre-checkin" {
targets = ["vendor", "format", "build"]
targets = ["vendor-update", "format", "build"]
}
group "validate" {
@ -17,49 +11,42 @@ group "validate" {
}
target "build" {
inherits = ["_common"]
dockerfile = "dev.Dockerfile"
target = "build-update"
output = ["."]
}
target "build-validate" {
inherits = ["_common"]
dockerfile = "dev.Dockerfile"
target = "build-validate"
output = ["type=cacheonly"]
}
target "format" {
inherits = ["_common"]
dockerfile = "dev.Dockerfile"
target = "format-update"
output = ["."]
}
target "lint" {
inherits = ["_common"]
dockerfile = "dev.Dockerfile"
target = "lint"
output = ["type=cacheonly"]
}
target "vendor" {
inherits = ["_common"]
target "vendor-update" {
dockerfile = "dev.Dockerfile"
target = "vendor-update"
output = ["."]
}
target "vendor-validate" {
inherits = ["_common"]
dockerfile = "dev.Dockerfile"
target = "vendor-validate"
output = ["type=cacheonly"]
}
target "test" {
inherits = ["_common"]
dockerfile = "dev.Dockerfile"
target = "test-coverage"
output = ["./coverage"]

52
eslint.config.mjs
View File

@ -1,52 +0,0 @@
import {defineConfig} from 'eslint/config';
import js from '@eslint/js';
import tseslint from '@typescript-eslint/eslint-plugin';
import vitest from '@vitest/eslint-plugin';
import globals from 'globals';
import eslintConfigPrettier from 'eslint-config-prettier/flat';
import eslintPluginPrettier from 'eslint-plugin-prettier';
export default defineConfig([
{
ignores: ['.yarn/**/*', 'coverage/**/*', 'dist/**/*']
},
js.configs.recommended,
...tseslint.configs['flat/recommended'],
eslintConfigPrettier,
{
languageOptions: {
globals: {
...globals.node
}
}
},
{
files: ['__tests__/**'],
...vitest.configs.recommended,
languageOptions: {
globals: {
...globals.node,
...vitest.environments.env.globals
}
},
rules: {
...vitest.configs.recommended.rules,
'vitest/no-conditional-expect': 'error',
'vitest/no-disabled-tests': 0
}
},
{
plugins: {
prettier: eslintPluginPrettier
},
rules: {
'prettier/prettier': 'error',
'@typescript-eslint/no-require-imports': [
'error',
{
allowAsImport: true
}
]
}
}
]);

30
jest.config.ts Normal file
View File

@ -0,0 +1,30 @@
import fs from 'fs';
import os from 'os';
import path from 'path';
const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'docker-login-action-')).split(path.sep).join(path.posix.sep);
process.env = Object.assign({}, process.env, {
TEMP: tmpDir,
GITHUB_REPOSITORY: 'docker/login-action',
RUNNER_TEMP: path.join(tmpDir, 'runner-temp').split(path.sep).join(path.posix.sep),
RUNNER_TOOL_CACHE: path.join(tmpDir, 'runner-tool-cache').split(path.sep).join(path.posix.sep)
}) as {
[key: string]: string;
};
module.exports = {
clearMocks: true,
testEnvironment: 'node',
moduleFileExtensions: ['js', 'ts'],
testMatch: ['**/*.test.ts'],
transform: {
'^.+\\.ts$': 'ts-jest'
},
moduleNameMapper: {
'^csv-parse/sync': '<rootDir>/node_modules/csv-parse/dist/cjs/sync.cjs'
},
collectCoverageFrom: ['src/**/{!(main.ts),}.ts'],
coveragePathIgnorePatterns: ['lib/', 'node_modules/', '__tests__/'],
verbose: true
};

56
package.json
View File

@ -1,13 +1,17 @@
{
"name": "docker-login",
"description": "GitHub Action to login against a Docker registry",
"type": "module",
"main": "src/main.ts",
"main": "lib/main.js",
"scripts": {
"build": "ncc build --source-map --minify --license licenses.txt",
"lint": "eslint --max-warnings=0 .",
"format": "eslint --fix .",
"test": "vitest run"
"build": "ncc build src/main.ts --source-map --minify --license licenses.txt",
"lint": "yarn run prettier && yarn run eslint",
"format": "yarn run prettier:fix && yarn run eslint:fix",
"eslint": "eslint --max-warnings=0 .",
"eslint:fix": "eslint --fix .",
"prettier": "prettier --check \"./**/*.ts\"",
"prettier:fix": "prettier --write \"./**/*.ts\"",
"test": "jest",
"all": "yarn run build && yarn run format && yarn test"
},
"repository": {
"type": "git",
@ -20,31 +24,27 @@
],
"author": "Docker Inc.",
"license": "Apache-2.0",
"packageManager": "yarn@4.9.2",
"dependencies": {
"@actions/core": "^3.0.0",
"@aws-sdk/client-ecr": "^3.1000.0",
"@aws-sdk/client-ecr-public": "^3.1000.0",
"@docker/actions-toolkit": "^0.79.0",
"@actions/core": "^1.10.1",
"@aws-sdk/client-ecr": "^3.529.1",
"@aws-sdk/client-ecr-public": "^3.529.1",
"@docker/actions-toolkit": "^0.18.0",
"http-proxy-agent": "^7.0.2",
"https-proxy-agent": "^7.0.6",
"js-yaml": "^4.1.1"
"https-proxy-agent": "^7.0.4"
},
"devDependencies": {
"@eslint/js": "^9.39.3",
"@types/js-yaml": "^4.0.9",
"@types/node": "^24.11.0",
"@typescript-eslint/eslint-plugin": "^8.56.1",
"@typescript-eslint/parser": "^8.56.1",
"@vercel/ncc": "^0.38.4",
"@vitest/coverage-v8": "^4.0.18",
"@vitest/eslint-plugin": "^1.6.9",
"eslint": "^9.39.3",
"eslint-config-prettier": "^10.1.8",
"eslint-plugin-prettier": "^5.5.5",
"globals": "^17.3.0",
"prettier": "^3.8.1",
"typescript": "^5.9.3",
"vitest": "^4.0.18"
"@types/node": "^20.5.9",
"@typescript-eslint/eslint-plugin": "^6.6.0",
"@typescript-eslint/parser": "^6.6.0",
"@vercel/ncc": "^0.38.0",
"eslint": "^8.48.0",
"eslint-config-prettier": "^9.0.0",
"eslint-plugin-jest": "^27.2.3",
"eslint-plugin-prettier": "^5.0.0",
"jest": "^29.6.4",
"prettier": "^3.0.3",
"ts-jest": "^29.1.1",
"ts-node": "^10.9.1",
"typescript": "^5.2.2"
}
}

7
src/aws.ts
View File

@ -5,15 +5,14 @@ import {NodeHttpHandler} from '@smithy/node-http-handler';
import {HttpProxyAgent} from 'http-proxy-agent';
import {HttpsProxyAgent} from 'https-proxy-agent';
const ecrRegistryRegex = /^(([0-9]{12})\.(dkr\.ecr|dkr-ecr)\.(.+)\.(on\.aws|amazonaws\.(com(.cn)?|eu)))(\/([^:]+)(:.+)?)?$/;
const ecrPublicRegistryRegex = /public\.ecr\.aws|ecr-public\.aws\.com/;
const ecrRegistryRegex = /^(([0-9]{12})\.dkr\.ecr\.(.+)\.amazonaws\.com(.cn)?)(\/([^:]+)(:.+)?)?$/;
export const isECR = (registry: string): boolean => {
return ecrRegistryRegex.test(registry) || isPubECR(registry);
};
export const isPubECR = (registry: string): boolean => {
return ecrPublicRegistryRegex.test(registry);
return registry === 'public.ecr.aws';
};
export const getRegion = (registry: string): string => {
@ -24,7 +23,7 @@ export const getRegion = (registry: string): string => {
if (!matches) {
return '';
}
return matches[4];
return matches[3];
};
export const getAccountIDs = (registry: string): string[] => {

73
src/context.ts
View File

@ -1,27 +1,11 @@
import path from 'path';
import * as core from '@actions/core';
import * as yaml from 'js-yaml';
import {Buildx} from '@docker/actions-toolkit/lib/buildx/buildx.js';
import {Util} from '@docker/actions-toolkit/lib/util.js';
export interface Inputs {
registry: string;
username: string;
password: string;
scope: string;
ecr: string;
logout: boolean;
registryAuth: string;
}
export interface Auth {
registry: string;
username: string;
password: string;
scope: string;
ecr: string;
configDir: string;
}
export function getInputs(): Inputs {
@ -29,62 +13,7 @@ export function getInputs(): Inputs {
registry: core.getInput('registry'),
username: core.getInput('username'),
password: core.getInput('password'),
scope: core.getInput('scope'),
ecr: core.getInput('ecr'),
logout: core.getBooleanInput('logout'),
registryAuth: core.getInput('registry-auth')
logout: core.getBooleanInput('logout')
};
}
export function getAuthList(inputs: Inputs): Array<Auth> {
if (inputs.registryAuth && (inputs.registry || inputs.username || inputs.password || inputs.scope || inputs.ecr)) {
throw new Error('Cannot use registry-auth with other inputs');
}
let auths: Array<Auth> = [];
if (!inputs.registryAuth) {
auths.push({
registry: inputs.registry || 'docker.io',
username: inputs.username,
password: inputs.password,
scope: inputs.scope,
ecr: inputs.ecr || 'auto',
configDir: scopeToConfigDir(inputs.registry, inputs.scope)
});
} else {
auths = (yaml.load(inputs.registryAuth) as Array<Auth>).map(auth => {
core.setSecret(auth.password); // redacted in workflow logs
return {
registry: auth.registry || 'docker.io',
username: auth.username,
password: auth.password,
scope: auth.scope,
ecr: auth.ecr || 'auto',
configDir: scopeToConfigDir(auth.registry || 'docker.io', auth.scope)
};
});
}
if (auths.length == 0) {
throw new Error('No registry to login');
}
return auths;
}
export function scopeToConfigDir(registry: string, scope?: string): string {
if (scopeDisabled() || !scope || scope === '') {
return '';
}
let configDir = path.join(Buildx.configDir, 'config', registry === 'docker.io' ? 'registry-1.docker.io' : registry);
if (scope.startsWith('@')) {
configDir += scope;
} else {
configDir = path.join(configDir, scope);
}
return configDir;
}
function scopeDisabled(): boolean {
if (process.env.DOCKER_LOGIN_SCOPE_DISABLED) {
return Util.parseBool(process.env.DOCKER_LOGIN_SCOPE_DISABLED);
}
return false;
}

92
src/docker.ts
View File

@ -1,31 +1,18 @@
import * as aws from './aws';
import * as core from '@actions/core';
import {Exec} from '@docker/actions-toolkit/lib/exec';
import {Docker} from '@docker/actions-toolkit/lib/docker/docker.js';
import * as aws from './aws.js';
import * as context from './context.js';
export async function login(auth: context.Auth): Promise<void> {
if (/true/i.test(auth.ecr) || (auth.ecr == 'auto' && aws.isECR(auth.registry))) {
await loginECR(auth.registry, auth.username, auth.password, auth.scope);
export async function login(registry: string, username: string, password: string, ecr: string): Promise<void> {
if (/true/i.test(ecr) || (ecr == 'auto' && aws.isECR(registry))) {
await loginECR(registry, username, password);
} else {
await loginStandard(auth.registry, auth.username, auth.password, auth.scope);
await loginStandard(registry, username, password);
}
}
export async function logout(registry: string, configDir: string): Promise<void> {
let envs: {[key: string]: string} | undefined;
if (configDir !== '') {
envs = Object.assign({}, process.env, {
DOCKER_CONFIG: configDir
}) as {
[key: string]: string;
};
core.info(`Alternative config dir: ${configDir}`);
}
await Docker.getExecOutput(['logout', registry], {
ignoreReturnCode: true,
env: envs
export async function logout(registry: string): Promise<void> {
await Exec.getExecOutput('docker', ['logout', registry], {
ignoreReturnCode: true
}).then(res => {
if (res.stderr.length > 0 && res.exitCode != 0) {
core.warning(res.stderr.trim());
@ -33,49 +20,46 @@ export async function logout(registry: string, configDir: string): Promise<void>
});
}
export async function loginStandard(registry: string, username: string, password: string, scope?: string): Promise<void> {
if (!username && !password) {
export async function loginStandard(registry: string, username: string, password: string): Promise<void> {
if (!username || !password) {
throw new Error('Username and password required');
}
if (!username) {
throw new Error('Username required');
}
if (!password) {
throw new Error('Password required');
}
await loginExec(registry, username, password, scope);
}
export async function loginECR(registry: string, username: string, password: string, scope?: string): Promise<void> {
core.info(`Retrieving registries data through AWS SDK...`);
const regDatas = await aws.getRegistriesData(registry, username, password);
for (const regData of regDatas) {
await loginExec(regData.registry, regData.username, regData.password, scope);
}
}
const loginArgs: Array<string> = ['login', '--password-stdin'];
loginArgs.push('--username', username);
loginArgs.push(registry);
async function loginExec(registry: string, username: string, password: string, scope?: string): Promise<void> {
let envs: {[key: string]: string} | undefined;
const configDir = context.scopeToConfigDir(registry, scope);
if (configDir !== '') {
envs = Object.assign({}, process.env, {
DOCKER_CONFIG: configDir
}) as {
[key: string]: string;
};
core.info(`Logging into ${registry} (scope ${scope})...`);
} else {
if (registry) {
core.info(`Logging into ${registry}...`);
} else {
core.info(`Logging into Docker Hub...`);
}
await Docker.getExecOutput(['login', '--password-stdin', '--username', username, registry], {
await Exec.getExecOutput('docker', loginArgs, {
ignoreReturnCode: true,
silent: true,
input: Buffer.from(password),
env: envs
input: Buffer.from(password)
}).then(res => {
if (res.stderr.length > 0 && res.exitCode != 0) {
throw new Error(res.stderr.trim());
}
core.info('Login Succeeded!');
core.info(`Login Succeeded!`);
});
}
export async function loginECR(registry: string, username: string, password: string): Promise<void> {
core.info(`Retrieving registries data through AWS SDK...`);
const regDatas = await aws.getRegistriesData(registry, username, password);
for (const regData of regDatas) {
core.info(`Logging into ${regData.registry}...`);
await Exec.getExecOutput('docker', ['login', '--password-stdin', '--username', regData.username, regData.registry], {
ignoreReturnCode: true,
silent: true,
input: Buffer.from(regData.password)
}).then(res => {
if (res.stderr.length > 0 && res.exitCode != 0) {
throw new Error(res.stderr.trim());
}
core.info('Login Succeeded!');
});
}
}

33
src/main.ts
View File

@ -1,38 +1,21 @@
import * as core from '@actions/core';
import * as actionsToolkit from '@docker/actions-toolkit';
import * as context from './context.js';
import * as docker from './docker.js';
import * as stateHelper from './state-helper.js';
import * as context from './context';
import * as docker from './docker';
import * as stateHelper from './state-helper';
export async function main(): Promise<void> {
const inputs: context.Inputs = context.getInputs();
stateHelper.setLogout(inputs.logout);
const auths = context.getAuthList(inputs);
stateHelper.setRegistries(Array.from(new Map(auths.map(auth => [`${auth.registry}|${auth.configDir}`, {registry: auth.registry, configDir: auth.configDir} as stateHelper.RegistryState])).values()));
if (auths.length === 1) {
await docker.login(auths[0]);
return;
}
for (const auth of auths) {
await core.group(`Login to ${auth.registry}`, async () => {
await docker.login(auth);
});
}
const input: context.Inputs = context.getInputs();
stateHelper.setRegistry(input.registry);
stateHelper.setLogout(input.logout);
await docker.login(input.registry, input.username, input.password, input.ecr);
}
async function post(): Promise<void> {
if (!stateHelper.logout) {
return;
}
for (const registryState of stateHelper.registries) {
await core.group(`Logout from ${registryState.registry}`, async () => {
await docker.logout(registryState.registry, registryState.configDir);
});
}
await docker.logout(stateHelper.registry);
}
actionsToolkit.run(main, post);

11
src/state-helper.ts
View File

@ -1,15 +1,10 @@
import * as core from '@actions/core';
export const registries = process.env['STATE_registries'] ? (JSON.parse(process.env['STATE_registries']) as Array<RegistryState>) : [];
export const registry = process.env['STATE_registry'] || '';
export const logout = /true/i.test(process.env['STATE_logout'] || '');
export interface RegistryState {
registry: string;
configDir: string;
}
export function setRegistries(registries: Array<RegistryState>) {
core.saveState('registries', JSON.stringify(registries));
export function setRegistry(registry: string) {
core.saveState('registry', registry);
}
export function setLogout(logout: boolean) {

12
tsconfig.json
View File

@ -1,8 +1,9 @@
{
"compilerOptions": {
"module": "nodenext",
"moduleResolution": "nodenext",
"esModuleInterop": true,
"target": "es6",
"module": "commonjs",
"strict": true,
"newLine": "lf",
"outDir": "./lib",
"rootDir": "./src",
@ -11,7 +12,10 @@
"resolveJsonModule": true,
"useUnknownInCatchVariables": false,
},
"include": [
"src/**/*.ts"
"exclude": [
"./__tests__/**/*",
"./lib/**/*",
"node_modules",
"jest.config.ts"
]
}

16
vitest.config.ts
View File

@ -1,16 +0,0 @@
import {defineConfig} from 'vitest/config';
export default defineConfig({
test: {
clearMocks: true,
environment: 'node',
setupFiles: ['./__tests__/setup.unit.ts'],
include: ['**/*.test.ts'],
coverage: {
provider: 'v8',
reporter: ['clover'],
include: ['src/**/*.ts'],
exclude: ['src/**/main.ts']
}
}
});

10801
yarn.lock
View File

File diff suppressed because it is too large Load Diff