File Explorer

/var/runtime/node_modules/@aws-sdk/nested-clients/dist-cjs/submodules/sts
This explorer reads the filesystem of the server it runs on, so /workspace/user isn't present here. Browsing and the terminal still work against this server's own disk from /.
2 dirs
5 files
index.js36.9 KB · 976 lines
1'use strict';2 3var client$1 = require('@aws-sdk/core/client');4var core = require('@smithy/core');5var client = require('@smithy/core/client');6var config = require('@smithy/core/config');7var endpoints = require('@smithy/core/endpoints');8var protocols = require('@smithy/core/protocols');9var retry = require('@smithy/core/retry');10var schema = require('@smithy/core/schema');11var httpAuthSchemes = require('@aws-sdk/core/httpAuthSchemes');12var signatureV4MultiRegion = require('@aws-sdk/signature-v4-multi-region');13var serde = require('@smithy/core/serde');14var nodeHttpHandler = require('@smithy/node-http-handler');15var protocols$1 = require('@aws-sdk/core/protocols');16 17const q = "ref";18const a = -1, b = true, c = "isSet", d = "PartitionResult", e = "booleanEquals", f = "stringEquals", g = "getAttr", h = "us-east-1", i = "sigv4", j = "sts", k = "https://sts.{Region}.{PartitionResult#dnsSuffix}", l = { [q]: "Endpoint" }, m = { [q]: "Region" }, n = { [q]: d }, o = {}, p = [m];19const _data = {20    conditions: [21        [c, [l]],22        [c, p],23        ["aws.partition", p, d],24        [e, [{ [q]: "UseFIPS" }, b]],25        [e, [{ [q]: "UseDualStack" }, b]],26        [f, [m, "aws-global"]],27        [e, [{ [q]: "UseGlobalEndpoint" }, b]],28        [f, [m, "eu-central-1"]],29        [e, [{ fn: g, argv: [n, "supportsDualStack"] }, b]],30        [e, [{ fn: g, argv: [n, "supportsFIPS"] }, b]],31        [f, [m, "ap-south-1"]],32        [f, [m, "eu-north-1"]],33        [f, [m, "eu-west-1"]],34        [f, [m, "eu-west-2"]],35        [f, [m, "eu-west-3"]],36        [f, [m, "sa-east-1"]],37        [f, [m, h]],38        [f, [m, "us-east-2"]],39        [f, [m, "us-west-2"]],40        [f, [m, "us-west-1"]],41        [f, [m, "ca-central-1"]],42        [f, [m, "ap-southeast-1"]],43        [f, [m, "ap-northeast-1"]],44        [f, [m, "ap-southeast-2"]],45        [f, [{ fn: g, argv: [n, "name"] }, "aws-us-gov"]],46    ],47    results: [48        [a],49        ["https://sts.amazonaws.com", { authSchemes: [{ name: i, signingName: j, signingRegion: h }] }],50        [k, { authSchemes: [{ name: i, signingName: j, signingRegion: "{Region}" }] }],51        [a, "Invalid Configuration: FIPS and custom endpoint are not supported"],52        [a, "Invalid Configuration: Dualstack and custom endpoint are not supported"],53        [l, o],54        ["https://sts-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", o],55        [a, "FIPS and DualStack are enabled, but this partition does not support one or both"],56        ["https://sts.{Region}.amazonaws.com", o],57        ["https://sts-fips.{Region}.{PartitionResult#dnsSuffix}", o],58        [a, "FIPS is enabled but this partition does not support FIPS"],59        ["https://sts.{Region}.{PartitionResult#dualStackDnsSuffix}", o],60        [a, "DualStack is enabled but this partition does not support DualStack"],61        [k, o],62        [a, "Invalid Configuration: Missing Region"],63    ],64};65const root = 2;66const r = 100_000_000;67const nodes = new Int32Array([68    -1,69    1,70    -1,71    0,72    30,73    3,74    1,75    4,76    r + 14,77    2,78    5,79    r + 14,80    3,81    25,82    6,83    4,84    24,85    7,86    5,87    r + 1,88    8,89    6,90    9,91    r + 13,92    7,93    r + 1,94    10,95    10,96    r + 1,97    11,98    11,99    r + 1,100    12,101    12,102    r + 1,103    13,104    13,105    r + 1,106    14,107    14,108    r + 1,109    15,110    15,111    r + 1,112    16,113    16,114    r + 1,115    17,116    17,117    r + 1,118    18,119    18,120    r + 1,121    19,122    19,123    r + 1,124    20,125    20,126    r + 1,127    21,128    21,129    r + 1,130    22,131    22,132    r + 1,133    23,134    23,135    r + 1,136    r + 2,137    8,138    r + 11,139    r + 12,140    4,141    28,142    26,143    9,144    27,145    r + 10,146    24,147    r + 8,148    r + 9,149    8,150    29,151    r + 7,152    9,153    r + 6,154    r + 7,155    3,156    r + 3,157    31,158    4,159    r + 4,160    r + 5,161]);162const bdd = endpoints.BinaryDecisionDiagram.from(nodes, root, _data.conditions, _data.results);163 164const cache = new endpoints.EndpointCache({165    size: 50,166    params: ["Endpoint", "Region", "UseDualStack", "UseFIPS", "UseGlobalEndpoint"],167});168const defaultEndpointResolver = (endpointParams, context = {}) => {169    return cache.get(endpointParams, () => endpoints.decideEndpoint(bdd, {170        endpointParams: endpointParams,171        logger: context.logger,172    }));173};174endpoints.customEndpointFunctions.aws = client$1.awsEndpointFunctions;175 176const createEndpointRuleSetHttpAuthSchemeParametersProvider = (defaultHttpAuthSchemeParametersProvider) => async (config, context, input) => {177    if (!input) {178        throw new Error("Could not find `input` for `defaultEndpointRuleSetHttpAuthSchemeParametersProvider`");179    }180    const defaultParameters = await defaultHttpAuthSchemeParametersProvider(config, context, input);181    const instructionsFn = client.getSmithyContext(context)?.commandInstance?.constructor182        ?.getEndpointParameterInstructions;183    if (!instructionsFn) {184        throw new Error(`getEndpointParameterInstructions() is not defined on '${context.commandName}'`);185    }186    const endpointParameters = await endpoints.resolveParams(input, { getEndpointParameterInstructions: instructionsFn }, config);187    return Object.assign(defaultParameters, endpointParameters);188};189const _defaultSTSHttpAuthSchemeParametersProvider = async (config, context, input) => {190    return {191        operation: client.getSmithyContext(context).operation,192        region: (await client.normalizeProvider(config.region)()) ||193            (() => {194                throw new Error("expected `region` to be configured for `aws.auth#sigv4`");195            })(),196    };197};198const defaultSTSHttpAuthSchemeParametersProvider = createEndpointRuleSetHttpAuthSchemeParametersProvider(_defaultSTSHttpAuthSchemeParametersProvider);199function createAwsAuthSigv4HttpAuthOption(authParameters) {200    return {201        schemeId: "aws.auth#sigv4",202        signingProperties: {203            name: "sts",204            region: authParameters.region,205        },206        propertiesExtractor: (config, context) => ({207            signingProperties: {208                config,209                context,210            },211        }),212    };213}214function createAwsAuthSigv4aHttpAuthOption(authParameters) {215    return {216        schemeId: "aws.auth#sigv4a",217        signingProperties: {218            name: "sts",219            region: authParameters.region,220        },221        propertiesExtractor: (config, context) => ({222            signingProperties: {223                config,224                context,225            },226        }),227    };228}229function createSmithyApiNoAuthHttpAuthOption(authParameters) {230    return {231        schemeId: "smithy.api#noAuth",232    };233}234const createEndpointRuleSetHttpAuthSchemeProvider = (defaultEndpointResolver, defaultHttpAuthSchemeResolver, createHttpAuthOptionFunctions) => {235    const endpointRuleSetHttpAuthSchemeProvider = (authParameters) => {236        const endpoint = defaultEndpointResolver(authParameters);237        const authSchemes = endpoint.properties?.authSchemes;238        if (!authSchemes) {239            return defaultHttpAuthSchemeResolver(authParameters);240        }241        const options = [];242        for (const scheme of authSchemes) {243            const { name: resolvedName, properties = {}, ...rest } = scheme;244            const name = resolvedName.toLowerCase();245            if (resolvedName !== name) {246                console.warn(`HttpAuthScheme has been normalized with lowercasing: '${resolvedName}' to '${name}'`);247            }248            let schemeId;249            if (name === "sigv4a") {250                schemeId = "aws.auth#sigv4a";251                const sigv4Present = authSchemes.find((s) => {252                    const name = s.name.toLowerCase();253                    return name !== "sigv4a" && name.startsWith("sigv4");254                });255                if (signatureV4MultiRegion.SignatureV4MultiRegion.sigv4aDependency() === "none" && sigv4Present) {256                    continue;257                }258            }259            else if (name.startsWith("sigv4")) {260                schemeId = "aws.auth#sigv4";261            }262            else {263                throw new Error(`Unknown HttpAuthScheme found in '@smithy.rules#endpointRuleSet': '${name}'`);264            }265            const createOption = createHttpAuthOptionFunctions[schemeId];266            if (!createOption) {267                throw new Error(`Could not find HttpAuthOption create function for '${schemeId}'`);268            }269            const option = createOption(authParameters);270            option.schemeId = schemeId;271            option.signingProperties = { ...(option.signingProperties || {}), ...rest, ...properties };272            options.push(option);273        }274        return options;275    };276    return endpointRuleSetHttpAuthSchemeProvider;277};278const _defaultSTSHttpAuthSchemeProvider = (authParameters) => {279    const options = [];280    switch (authParameters.operation) {281        case "AssumeRoleWithWebIdentity": {282            options.push(createSmithyApiNoAuthHttpAuthOption());283            options.push(createAwsAuthSigv4aHttpAuthOption(authParameters));284            break;285        }286        default: {287            options.push(createAwsAuthSigv4HttpAuthOption(authParameters));288            options.push(createAwsAuthSigv4aHttpAuthOption(authParameters));289        }290    }291    return options;292};293const defaultSTSHttpAuthSchemeProvider = createEndpointRuleSetHttpAuthSchemeProvider(defaultEndpointResolver, _defaultSTSHttpAuthSchemeProvider, {294    "aws.auth#sigv4": createAwsAuthSigv4HttpAuthOption,295    "aws.auth#sigv4a": createAwsAuthSigv4aHttpAuthOption,296    "smithy.api#noAuth": createSmithyApiNoAuthHttpAuthOption,297});298const resolveHttpAuthSchemeConfig = (config) => {299    const config_0 = httpAuthSchemes.resolveAwsSdkSigV4Config(config);300    const config_1 = httpAuthSchemes.resolveAwsSdkSigV4AConfig(config_0);301    return Object.assign(config_1, {302        authSchemePreference: client.normalizeProvider(config.authSchemePreference ?? []),303    });304};305 306const resolveClientEndpointParameters = (options) => {307    return Object.assign(options, {308        useDualstackEndpoint: options.useDualstackEndpoint ?? false,309        useFipsEndpoint: options.useFipsEndpoint ?? false,310        useGlobalEndpoint: options.useGlobalEndpoint ?? false,311        defaultSigningName: "sts",312    });313};314const commonParams = {315    UseGlobalEndpoint: { type: "builtInParams", name: "useGlobalEndpoint" },316    UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" },317    Endpoint: { type: "builtInParams", name: "endpoint" },318    Region: { type: "builtInParams", name: "region" },319    UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" },320};321 322var version = "3.997.9";323var packageInfo = {324	version: version};325 326class STSServiceException extends client.ServiceException {327    constructor(options) {328        super(options);329        Object.setPrototypeOf(this, STSServiceException.prototype);330    }331}332 333class ExpiredTokenException extends STSServiceException {334    name = "ExpiredTokenException";335    $fault = "client";336    constructor(opts) {337        super({338            name: "ExpiredTokenException",339            $fault: "client",340            ...opts,341        });342        Object.setPrototypeOf(this, ExpiredTokenException.prototype);343    }344}345class MalformedPolicyDocumentException extends STSServiceException {346    name = "MalformedPolicyDocumentException";347    $fault = "client";348    constructor(opts) {349        super({350            name: "MalformedPolicyDocumentException",351            $fault: "client",352            ...opts,353        });354        Object.setPrototypeOf(this, MalformedPolicyDocumentException.prototype);355    }356}357class PackedPolicyTooLargeException extends STSServiceException {358    name = "PackedPolicyTooLargeException";359    $fault = "client";360    constructor(opts) {361        super({362            name: "PackedPolicyTooLargeException",363            $fault: "client",364            ...opts,365        });366        Object.setPrototypeOf(this, PackedPolicyTooLargeException.prototype);367    }368}369class RegionDisabledException extends STSServiceException {370    name = "RegionDisabledException";371    $fault = "client";372    constructor(opts) {373        super({374            name: "RegionDisabledException",375            $fault: "client",376            ...opts,377        });378        Object.setPrototypeOf(this, RegionDisabledException.prototype);379    }380}381class IDPRejectedClaimException extends STSServiceException {382    name = "IDPRejectedClaimException";383    $fault = "client";384    constructor(opts) {385        super({386            name: "IDPRejectedClaimException",387            $fault: "client",388            ...opts,389        });390        Object.setPrototypeOf(this, IDPRejectedClaimException.prototype);391    }392}393class InvalidIdentityTokenException extends STSServiceException {394    name = "InvalidIdentityTokenException";395    $fault = "client";396    constructor(opts) {397        super({398            name: "InvalidIdentityTokenException",399            $fault: "client",400            ...opts,401        });402        Object.setPrototypeOf(this, InvalidIdentityTokenException.prototype);403    }404}405class IDPCommunicationErrorException extends STSServiceException {406    name = "IDPCommunicationErrorException";407    $fault = "client";408    $retryable = {};409    constructor(opts) {410        super({411            name: "IDPCommunicationErrorException",412            $fault: "client",413            ...opts,414        });415        Object.setPrototypeOf(this, IDPCommunicationErrorException.prototype);416    }417}418 419const _A = "Arn";420const _AKI = "AccessKeyId";421const _AR = "AssumeRole";422const _ARI = "AssumedRoleId";423const _ARR = "AssumeRoleRequest";424const _ARRs = "AssumeRoleResponse";425const _ARU = "AssumedRoleUser";426const _ARWWI = "AssumeRoleWithWebIdentity";427const _ARWWIR = "AssumeRoleWithWebIdentityRequest";428const _ARWWIRs = "AssumeRoleWithWebIdentityResponse";429const _Au = "Audience";430const _C = "Credentials";431const _CA = "ContextAssertion";432const _DS = "DurationSeconds";433const _E = "Expiration";434const _EI = "ExternalId";435const _ETE = "ExpiredTokenException";436const _IDPCEE = "IDPCommunicationErrorException";437const _IDPRCE = "IDPRejectedClaimException";438const _IITE = "InvalidIdentityTokenException";439const _K = "Key";440const _MPDE = "MalformedPolicyDocumentException";441const _P = "Policy";442const _PA = "PolicyArns";443const _PAr = "ProviderArn";444const _PC = "ProvidedContexts";445const _PCLT = "ProvidedContextsListType";446const _PCr = "ProvidedContext";447const _PDT = "PolicyDescriptorType";448const _PI = "ProviderId";449const _PPS = "PackedPolicySize";450const _PPTLE = "PackedPolicyTooLargeException";451const _Pr = "Provider";452const _RA = "RoleArn";453const _RDE = "RegionDisabledException";454const _RSN = "RoleSessionName";455const _SAK = "SecretAccessKey";456const _SFWIT = "SubjectFromWebIdentityToken";457const _SI = "SourceIdentity";458const _SN = "SerialNumber";459const _ST = "SessionToken";460const _T = "Tags";461const _TC = "TokenCode";462const _TTK = "TransitiveTagKeys";463const _Ta = "Tag";464const _V = "Value";465const _WIT = "WebIdentityToken";466const _a = "arn";467const _aKST = "accessKeySecretType";468const _aQE = "awsQueryError";469const _c = "client";470const _cTT = "clientTokenType";471const _e = "error";472const _hE = "httpError";473const _m = "message";474const _pDLT = "policyDescriptorListType";475const _s = "smithy.ts.sdk.synthetic.com.amazonaws.sts";476const _tLT = "tagListType";477const n0 = "com.amazonaws.sts";478const _s_registry = schema.TypeRegistry.for(_s);479var STSServiceException$ = [-3, _s, "STSServiceException", 0, [], []];480_s_registry.registerError(STSServiceException$, STSServiceException);481const n0_registry = schema.TypeRegistry.for(n0);482var ExpiredTokenException$ = [483    -3,484    n0,485    _ETE,486    { [_aQE]: [`ExpiredTokenException`, 400], [_e]: _c, [_hE]: 400 },487    [_m],488    [0],489];490n0_registry.registerError(ExpiredTokenException$, ExpiredTokenException);491var IDPCommunicationErrorException$ = [492    -3,493    n0,494    _IDPCEE,495    { [_aQE]: [`IDPCommunicationError`, 400], [_e]: _c, [_hE]: 400 },496    [_m],497    [0],498];499n0_registry.registerError(IDPCommunicationErrorException$, IDPCommunicationErrorException);500var IDPRejectedClaimException$ = [501    -3,502    n0,503    _IDPRCE,504    { [_aQE]: [`IDPRejectedClaim`, 403], [_e]: _c, [_hE]: 403 },505    [_m],506    [0],507];508n0_registry.registerError(IDPRejectedClaimException$, IDPRejectedClaimException);509var InvalidIdentityTokenException$ = [510    -3,511    n0,512    _IITE,513    { [_aQE]: [`InvalidIdentityToken`, 400], [_e]: _c, [_hE]: 400 },514    [_m],515    [0],516];517n0_registry.registerError(InvalidIdentityTokenException$, InvalidIdentityTokenException);518var MalformedPolicyDocumentException$ = [519    -3,520    n0,521    _MPDE,522    { [_aQE]: [`MalformedPolicyDocument`, 400], [_e]: _c, [_hE]: 400 },523    [_m],524    [0],525];526n0_registry.registerError(MalformedPolicyDocumentException$, MalformedPolicyDocumentException);527var PackedPolicyTooLargeException$ = [528    -3,529    n0,530    _PPTLE,531    { [_aQE]: [`PackedPolicyTooLarge`, 400], [_e]: _c, [_hE]: 400 },532    [_m],533    [0],534];535n0_registry.registerError(PackedPolicyTooLargeException$, PackedPolicyTooLargeException);536var RegionDisabledException$ = [537    -3,538    n0,539    _RDE,540    { [_aQE]: [`RegionDisabledException`, 403], [_e]: _c, [_hE]: 403 },541    [_m],542    [0],543];544n0_registry.registerError(RegionDisabledException$, RegionDisabledException);545const errorTypeRegistries = [_s_registry, n0_registry];546var accessKeySecretType = [0, n0, _aKST, 8, 0];547var clientTokenType = [0, n0, _cTT, 8, 0];548var AssumedRoleUser$ = [3, n0, _ARU, 0, [_ARI, _A], [0, 0], 2];549var AssumeRoleRequest$ = [550    3,551    n0,552    _ARR,553    0,554    [_RA, _RSN, _PA, _P, _DS, _T, _TTK, _EI, _SN, _TC, _SI, _PC],555    [0, 0, () => policyDescriptorListType, 0, 1, () => tagListType, 64 | 0, 0, 0, 0, 0, () => ProvidedContextsListType],556    2,557];558var AssumeRoleResponse$ = [559    3,560    n0,561    _ARRs,562    0,563    [_C, _ARU, _PPS, _SI],564    [[() => Credentials$, 0], () => AssumedRoleUser$, 1, 0],565];566var AssumeRoleWithWebIdentityRequest$ = [567    3,568    n0,569    _ARWWIR,570    0,571    [_RA, _RSN, _WIT, _PI, _PA, _P, _DS],572    [0, 0, [() => clientTokenType, 0], 0, () => policyDescriptorListType, 0, 1],573    3,574];575var AssumeRoleWithWebIdentityResponse$ = [576    3,577    n0,578    _ARWWIRs,579    0,580    [_C, _SFWIT, _ARU, _PPS, _Pr, _Au, _SI],581    [[() => Credentials$, 0], 0, () => AssumedRoleUser$, 1, 0, 0, 0],582];583var Credentials$ = [584    3,585    n0,586    _C,587    0,588    [_AKI, _SAK, _ST, _E],589    [0, [() => accessKeySecretType, 0], 0, 4],590    4,591];592var PolicyDescriptorType$ = [3, n0, _PDT, 0, [_a], [0]];593var ProvidedContext$ = [3, n0, _PCr, 0, [_PAr, _CA], [0, 0]];594var Tag$ = [3, n0, _Ta, 0, [_K, _V], [0, 0], 2];595var policyDescriptorListType = [1, n0, _pDLT, 0, () => PolicyDescriptorType$];596var ProvidedContextsListType = [1, n0, _PCLT, 0, () => ProvidedContext$];597var tagListType = [1, n0, _tLT, 0, () => Tag$];598var AssumeRole$ = [9, n0, _AR, 0, () => AssumeRoleRequest$, () => AssumeRoleResponse$];599var AssumeRoleWithWebIdentity$ = [600    9,601    n0,602    _ARWWI,603    0,604    () => AssumeRoleWithWebIdentityRequest$,605    () => AssumeRoleWithWebIdentityResponse$,606];607 608const getRuntimeConfig$1 = (config) => {609    return {610        apiVersion: "2011-06-15",611        base64Decoder: config?.base64Decoder ?? serde.fromBase64,612        base64Encoder: config?.base64Encoder ?? serde.toBase64,613        disableHostPrefix: config?.disableHostPrefix ?? false,614        endpointProvider: config?.endpointProvider ?? defaultEndpointResolver,615        extensions: config?.extensions ?? [],616        httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? defaultSTSHttpAuthSchemeProvider,617        httpAuthSchemes: config?.httpAuthSchemes ?? [618            {619                schemeId: "aws.auth#sigv4",620                identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4"),621                signer: new httpAuthSchemes.AwsSdkSigV4Signer(),622            },623            {624                schemeId: "aws.auth#sigv4a",625                identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4a"),626                signer: new httpAuthSchemes.AwsSdkSigV4ASigner(),627            },628            {629                schemeId: "smithy.api#noAuth",630                identityProvider: (ipc) => ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})),631                signer: new core.NoAuthSigner(),632            },633        ],634        logger: config?.logger ?? new client.NoOpLogger(),635        protocol: config?.protocol ?? protocols$1.AwsQueryProtocol,636        protocolSettings: config?.protocolSettings ?? {637            defaultNamespace: "com.amazonaws.sts",638            errorTypeRegistries,639            xmlNamespace: "https://sts.amazonaws.com/doc/2011-06-15/",640            version: "2011-06-15",641            serviceTarget: "AWSSecurityTokenServiceV20110615",642        },643        serviceId: config?.serviceId ?? "STS",644        signerConstructor: config?.signerConstructor ?? signatureV4MultiRegion.SignatureV4MultiRegion,645        urlParser: config?.urlParser ?? protocols.parseUrl,646        utf8Decoder: config?.utf8Decoder ?? serde.fromUtf8,647        utf8Encoder: config?.utf8Encoder ?? serde.toUtf8,648    };649};650 651const getRuntimeConfig = (config$1) => {652    client.emitWarningIfUnsupportedVersion(process.version);653    const defaultsMode = config.resolveDefaultsModeConfig(config$1);654    const defaultConfigProvider = () => defaultsMode().then(client.loadConfigsForDefaultMode);655    const clientSharedValues = getRuntimeConfig$1(config$1);656    client$1.emitWarningIfUnsupportedVersion(process.version);657    const loaderConfig = {658        profile: config$1?.profile,659        logger: clientSharedValues.logger,660    };661    return {662        ...clientSharedValues,663        ...config$1,664        runtime: "node",665        defaultsMode,666        authSchemePreference: config$1?.authSchemePreference ?? config.loadConfig(httpAuthSchemes.NODE_AUTH_SCHEME_PREFERENCE_OPTIONS, loaderConfig),667        bodyLengthChecker: config$1?.bodyLengthChecker ?? serde.calculateBodyLength,668        defaultUserAgentProvider: config$1?.defaultUserAgentProvider ??669            client$1.createDefaultUserAgentProvider({ serviceId: clientSharedValues.serviceId, clientVersion: packageInfo.version }),670        httpAuthSchemes: config$1?.httpAuthSchemes ?? [671            {672                schemeId: "aws.auth#sigv4",673                identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4") ||674                    (async (idProps) => await config$1.credentialDefaultProvider(idProps?.__config || {})()),675                signer: new httpAuthSchemes.AwsSdkSigV4Signer(),676            },677            {678                schemeId: "aws.auth#sigv4a",679                identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4a"),680                signer: new httpAuthSchemes.AwsSdkSigV4ASigner(),681            },682            {683                schemeId: "smithy.api#noAuth",684                identityProvider: (ipc) => ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})),685                signer: new core.NoAuthSigner(),686            },687        ],688        maxAttempts: config$1?.maxAttempts ?? config.loadConfig(retry.NODE_MAX_ATTEMPT_CONFIG_OPTIONS, config$1),689        region: config$1?.region ??690            config.loadConfig(config.NODE_REGION_CONFIG_OPTIONS, { ...config.NODE_REGION_CONFIG_FILE_OPTIONS, ...loaderConfig }),691        requestHandler: nodeHttpHandler.NodeHttpHandler.create(config$1?.requestHandler ?? defaultConfigProvider),692        retryMode: config$1?.retryMode ??693            config.loadConfig({694                ...retry.NODE_RETRY_MODE_CONFIG_OPTIONS,695                default: async () => (await defaultConfigProvider()).retryMode || retry.DEFAULT_RETRY_MODE,696            }, config$1),697        sha256: config$1?.sha256 ?? serde.Hash.bind(null, "sha256"),698        sigv4aSigningRegionSet: config$1?.sigv4aSigningRegionSet ?? config.loadConfig(httpAuthSchemes.NODE_SIGV4A_CONFIG_OPTIONS, loaderConfig),699        streamCollector: config$1?.streamCollector ?? nodeHttpHandler.streamCollector,700        useDualstackEndpoint: config$1?.useDualstackEndpoint ?? config.loadConfig(config.NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS, loaderConfig),701        useFipsEndpoint: config$1?.useFipsEndpoint ?? config.loadConfig(config.NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS, loaderConfig),702        userAgentAppId: config$1?.userAgentAppId ?? config.loadConfig(client$1.NODE_APP_ID_CONFIG_OPTIONS, loaderConfig),703    };704};705 706const getHttpAuthExtensionConfiguration = (runtimeConfig) => {707    const _httpAuthSchemes = runtimeConfig.httpAuthSchemes;708    let _httpAuthSchemeProvider = runtimeConfig.httpAuthSchemeProvider;709    let _credentials = runtimeConfig.credentials;710    return {711        setHttpAuthScheme(httpAuthScheme) {712            const index = _httpAuthSchemes.findIndex((scheme) => scheme.schemeId === httpAuthScheme.schemeId);713            if (index === -1) {714                _httpAuthSchemes.push(httpAuthScheme);715            }716            else {717                _httpAuthSchemes.splice(index, 1, httpAuthScheme);718            }719        },720        httpAuthSchemes() {721            return _httpAuthSchemes;722        },723        setHttpAuthSchemeProvider(httpAuthSchemeProvider) {724            _httpAuthSchemeProvider = httpAuthSchemeProvider;725        },726        httpAuthSchemeProvider() {727            return _httpAuthSchemeProvider;728        },729        setCredentials(credentials) {730            _credentials = credentials;731        },732        credentials() {733            return _credentials;734        },735    };736};737const resolveHttpAuthRuntimeConfig = (config) => {738    return {739        httpAuthSchemes: config.httpAuthSchemes(),740        httpAuthSchemeProvider: config.httpAuthSchemeProvider(),741        credentials: config.credentials(),742    };743};744 745const resolveRuntimeExtensions = (runtimeConfig, extensions) => {746    const extensionConfiguration = Object.assign(client$1.getAwsRegionExtensionConfiguration(runtimeConfig), client.getDefaultExtensionConfiguration(runtimeConfig), protocols.getHttpHandlerExtensionConfiguration(runtimeConfig), getHttpAuthExtensionConfiguration(runtimeConfig));747    extensions.forEach((extension) => extension.configure(extensionConfiguration));748    return Object.assign(runtimeConfig, client$1.resolveAwsRegionExtensionConfiguration(extensionConfiguration), client.resolveDefaultRuntimeConfig(extensionConfiguration), protocols.resolveHttpHandlerRuntimeConfig(extensionConfiguration), resolveHttpAuthRuntimeConfig(extensionConfiguration));749};750 751class STSClient extends client.Client {752    config;753    constructor(...[configuration]) {754        const _config_0 = getRuntimeConfig(configuration || {});755        super(_config_0);756        this.initConfig = _config_0;757        const _config_1 = resolveClientEndpointParameters(_config_0);758        const _config_2 = client$1.resolveUserAgentConfig(_config_1);759        const _config_3 = retry.resolveRetryConfig(_config_2);760        const _config_4 = config.resolveRegionConfig(_config_3);761        const _config_5 = client$1.resolveHostHeaderConfig(_config_4);762        const _config_6 = endpoints.resolveEndpointConfig(_config_5);763        const _config_7 = resolveHttpAuthSchemeConfig(_config_6);764        const _config_8 = resolveRuntimeExtensions(_config_7, configuration?.extensions || []);765        this.config = _config_8;766        this.middlewareStack.use(schema.getSchemaSerdePlugin(this.config));767        this.middlewareStack.use(client$1.getUserAgentPlugin(this.config));768        this.middlewareStack.use(retry.getRetryPlugin(this.config));769        this.middlewareStack.use(protocols.getContentLengthPlugin(this.config));770        this.middlewareStack.use(client$1.getHostHeaderPlugin(this.config));771        this.middlewareStack.use(client$1.getLoggerPlugin(this.config));772        this.middlewareStack.use(client$1.getRecursionDetectionPlugin(this.config));773        this.middlewareStack.use(core.getHttpAuthSchemeEndpointRuleSetPlugin(this.config, {774            httpAuthSchemeParametersProvider: defaultSTSHttpAuthSchemeParametersProvider,775            identityProviderConfigProvider: async (config) => new core.DefaultIdentityProviderConfig({776                "aws.auth#sigv4": config.credentials,777                "aws.auth#sigv4a": config.credentials,778            }),779        }));780        this.middlewareStack.use(core.getHttpSigningPlugin(this.config));781    }782    destroy() {783        super.destroy();784    }785}786 787class AssumeRoleCommand extends client.Command788    .classBuilder()789    .ep(commonParams)790    .m(function (Command, cs, config, o) {791    return [endpoints.getEndpointPlugin(config, Command.getEndpointParameterInstructions())];792})793    .s("AWSSecurityTokenServiceV20110615", "AssumeRole", {})794    .n("STSClient", "AssumeRoleCommand")795    .sc(AssumeRole$)796    .build() {797}798 799class AssumeRoleWithWebIdentityCommand extends client.Command800    .classBuilder()801    .ep(commonParams)802    .m(function (Command, cs, config, o) {803    return [endpoints.getEndpointPlugin(config, Command.getEndpointParameterInstructions())];804})805    .s("AWSSecurityTokenServiceV20110615", "AssumeRoleWithWebIdentity", {})806    .n("STSClient", "AssumeRoleWithWebIdentityCommand")807    .sc(AssumeRoleWithWebIdentity$)808    .build() {809}810 811const commands = {812    AssumeRoleCommand,813    AssumeRoleWithWebIdentityCommand,814};815class STS extends STSClient {816}817client.createAggregatedClient(commands, STS);818 819const getAccountIdFromAssumedRoleUser = (assumedRoleUser) => {820    if (typeof assumedRoleUser?.Arn === "string") {821        const arnComponents = assumedRoleUser.Arn.split(":");822        if (arnComponents.length > 4 && arnComponents[4] !== "") {823            return arnComponents[4];824        }825    }826    return undefined;827};828const resolveRegion = async (_region, _parentRegion, credentialProviderLogger, loaderConfig = {}) => {829    const region = typeof _region === "function" ? await _region() : _region;830    const parentRegion = typeof _parentRegion === "function" ? await _parentRegion() : _parentRegion;831    let stsDefaultRegion = "";832    const resolvedRegion = region ?? parentRegion ?? (stsDefaultRegion = await client$1.stsRegionDefaultResolver(loaderConfig)());833    credentialProviderLogger?.debug?.("@aws-sdk/client-sts::resolveRegion", "accepting first of:", `${region} (credential provider clientConfig)`, `${parentRegion} (contextual client)`, `${stsDefaultRegion} (STS default: AWS_REGION, profile region, or us-east-1)`);834    return resolvedRegion;835};836const getDefaultRoleAssumer$1 = (stsOptions, STSClient) => {837    let stsClient;838    let closureSourceCreds;839    return async (sourceCreds, params) => {840        closureSourceCreds = sourceCreds;841        if (!stsClient) {842            const { logger = stsOptions?.parentClientConfig?.logger, profile = stsOptions?.parentClientConfig?.profile, region, requestHandler = stsOptions?.parentClientConfig?.requestHandler, credentialProviderLogger, userAgentAppId = stsOptions?.parentClientConfig?.userAgentAppId, } = stsOptions;843            const resolvedRegion = await resolveRegion(region, stsOptions?.parentClientConfig?.region, credentialProviderLogger, {844                logger,845                profile,846            });847            const isCompatibleRequestHandler = !isH2(requestHandler);848            stsClient = new STSClient({849                ...stsOptions,850                userAgentAppId,851                profile,852                credentialDefaultProvider: () => async () => closureSourceCreds,853                region: resolvedRegion,854                requestHandler: isCompatibleRequestHandler ? requestHandler : undefined,855                logger: logger,856            });857        }858        const { Credentials, AssumedRoleUser } = await stsClient.send(new AssumeRoleCommand(params));859        if (!Credentials || !Credentials.AccessKeyId || !Credentials.SecretAccessKey) {860            throw new Error(`Invalid response from STS.assumeRole call with role ${params.RoleArn}`);861        }862        const accountId = getAccountIdFromAssumedRoleUser(AssumedRoleUser);863        const credentials = {864            accessKeyId: Credentials.AccessKeyId,865            secretAccessKey: Credentials.SecretAccessKey,866            sessionToken: Credentials.SessionToken,867            expiration: Credentials.Expiration,868            ...(Credentials.CredentialScope && { credentialScope: Credentials.CredentialScope }),869            ...(accountId && { accountId }),870        };871        client$1.setCredentialFeature(credentials, "CREDENTIALS_STS_ASSUME_ROLE", "i");872        return credentials;873    };874};875const getDefaultRoleAssumerWithWebIdentity$1 = (stsOptions, STSClient) => {876    let stsClient;877    return async (params) => {878        if (!stsClient) {879            const { logger = stsOptions?.parentClientConfig?.logger, profile = stsOptions?.parentClientConfig?.profile, region, requestHandler = stsOptions?.parentClientConfig?.requestHandler, credentialProviderLogger, userAgentAppId = stsOptions?.parentClientConfig?.userAgentAppId, } = stsOptions;880            const resolvedRegion = await resolveRegion(region, stsOptions?.parentClientConfig?.region, credentialProviderLogger, {881                logger,882                profile,883            });884            const isCompatibleRequestHandler = !isH2(requestHandler);885            stsClient = new STSClient({886                ...stsOptions,887                userAgentAppId,888                profile,889                region: resolvedRegion,890                requestHandler: isCompatibleRequestHandler ? requestHandler : undefined,891                logger: logger,892            });893        }894        const { Credentials, AssumedRoleUser } = await stsClient.send(new AssumeRoleWithWebIdentityCommand(params));895        if (!Credentials || !Credentials.AccessKeyId || !Credentials.SecretAccessKey) {896            throw new Error(`Invalid response from STS.assumeRoleWithWebIdentity call with role ${params.RoleArn}`);897        }898        const accountId = getAccountIdFromAssumedRoleUser(AssumedRoleUser);899        const credentials = {900            accessKeyId: Credentials.AccessKeyId,901            secretAccessKey: Credentials.SecretAccessKey,902            sessionToken: Credentials.SessionToken,903            expiration: Credentials.Expiration,904            ...(Credentials.CredentialScope && { credentialScope: Credentials.CredentialScope }),905            ...(accountId && { accountId }),906        };907        if (accountId) {908            client$1.setCredentialFeature(credentials, "RESOLVED_ACCOUNT_ID", "T");909        }910        client$1.setCredentialFeature(credentials, "CREDENTIALS_STS_ASSUME_ROLE_WEB_ID", "k");911        return credentials;912    };913};914const isH2 = (requestHandler) => {915    return requestHandler?.metadata?.handlerProtocol === "h2";916};917 918const getCustomizableStsClientCtor = (baseCtor, customizations) => {919    if (!customizations)920        return baseCtor;921    else922        return class CustomizableSTSClient extends baseCtor {923            constructor(config) {924                super(config);925                for (const customization of customizations) {926                    this.middlewareStack.use(customization);927                }928            }929        };930};931const getDefaultRoleAssumer = (stsOptions = {}, stsPlugins) => getDefaultRoleAssumer$1(stsOptions, getCustomizableStsClientCtor(STSClient, stsPlugins));932const getDefaultRoleAssumerWithWebIdentity = (stsOptions = {}, stsPlugins) => getDefaultRoleAssumerWithWebIdentity$1(stsOptions, getCustomizableStsClientCtor(STSClient, stsPlugins));933const decorateDefaultCredentialProvider = (provider) => (input) => provider({934    roleAssumer: getDefaultRoleAssumer(input),935    roleAssumerWithWebIdentity: getDefaultRoleAssumerWithWebIdentity(input),936    ...input,937});938 939exports.$Command = client.Command;940exports.__Client = client.Client;941exports.AssumeRole$ = AssumeRole$;942exports.AssumeRoleCommand = AssumeRoleCommand;943exports.AssumeRoleRequest$ = AssumeRoleRequest$;944exports.AssumeRoleResponse$ = AssumeRoleResponse$;945exports.AssumeRoleWithWebIdentity$ = AssumeRoleWithWebIdentity$;946exports.AssumeRoleWithWebIdentityCommand = AssumeRoleWithWebIdentityCommand;947exports.AssumeRoleWithWebIdentityRequest$ = AssumeRoleWithWebIdentityRequest$;948exports.AssumeRoleWithWebIdentityResponse$ = AssumeRoleWithWebIdentityResponse$;949exports.AssumedRoleUser$ = AssumedRoleUser$;950exports.Credentials$ = Credentials$;951exports.ExpiredTokenException = ExpiredTokenException;952exports.ExpiredTokenException$ = ExpiredTokenException$;953exports.IDPCommunicationErrorException = IDPCommunicationErrorException;954exports.IDPCommunicationErrorException$ = IDPCommunicationErrorException$;955exports.IDPRejectedClaimException = IDPRejectedClaimException;956exports.IDPRejectedClaimException$ = IDPRejectedClaimException$;957exports.InvalidIdentityTokenException = InvalidIdentityTokenException;958exports.InvalidIdentityTokenException$ = InvalidIdentityTokenException$;959exports.MalformedPolicyDocumentException = MalformedPolicyDocumentException;960exports.MalformedPolicyDocumentException$ = MalformedPolicyDocumentException$;961exports.PackedPolicyTooLargeException = PackedPolicyTooLargeException;962exports.PackedPolicyTooLargeException$ = PackedPolicyTooLargeException$;963exports.PolicyDescriptorType$ = PolicyDescriptorType$;964exports.ProvidedContext$ = ProvidedContext$;965exports.RegionDisabledException = RegionDisabledException;966exports.RegionDisabledException$ = RegionDisabledException$;967exports.STS = STS;968exports.STSClient = STSClient;969exports.STSServiceException = STSServiceException;970exports.STSServiceException$ = STSServiceException$;971exports.Tag$ = Tag$;972exports.decorateDefaultCredentialProvider = decorateDefaultCredentialProvider;973exports.errorTypeRegistries = errorTypeRegistries;974exports.getDefaultRoleAssumer = getDefaultRoleAssumer;975exports.getDefaultRoleAssumerWithWebIdentity = getDefaultRoleAssumerWithWebIdentity;976