Single error code. For this exception the value will be access_denied.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { + serializer; + deserializer; + serviceTarget; + codec; + constructor({ defaultNamespace, serviceTarget }) { super({ - name: "AccessDeniedException", - $fault: "client", - ...opts + defaultNamespace }); - Object.setPrototypeOf(this, _AccessDeniedException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; - } -}; -var AuthorizationPendingException = class _AuthorizationPendingException extends SSOOIDCServiceException { - static { - __name(this, "AuthorizationPendingException"); + this.serviceTarget = serviceTarget; + this.codec = new JsonCodec({ + timestampFormat: { + useTrait: true, + default: import_schema3.SCHEMA.TIMESTAMP_EPOCH_SECONDS + }, + jsonName: false + }); + this.serializer = this.codec.createSerializer(); + this.deserializer = this.codec.createDeserializer(); } - name = "AuthorizationPendingException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be
- * authorization_pending.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { - super({ - name: "AuthorizationPendingException", - $fault: "client", - ...opts + async serializeRequest(operationSchema, input, context) { + const request = await super.serializeRequest(operationSchema, input, context); + if (!request.path.endsWith("/")) { + request.path += "/"; + } + Object.assign(request.headers, { + "content-type": `application/x-amz-json-${this.getJsonRpcVersion()}`, + "x-amz-target": `${this.serviceTarget}.${import_schema3.NormalizedSchema.of(operationSchema).getName()}` }); - Object.setPrototypeOf(this, _AuthorizationPendingException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; + if ((0, import_schema3.deref)(operationSchema.input) === "unit" || !request.body) { + request.body = "{}"; + } + try { + request.headers["content-length"] = String((0, import_util_body_length_browser.calculateBodyLength)(request.body)); + } catch (e) { + } + return request; } -}; -var CreateTokenRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.clientSecret && { clientSecret: import_smithy_client4.SENSITIVE_STRING }, - ...obj.refreshToken && { refreshToken: import_smithy_client4.SENSITIVE_STRING }, - ...obj.codeVerifier && { codeVerifier: import_smithy_client4.SENSITIVE_STRING } -}), "CreateTokenRequestFilterSensitiveLog"); -var CreateTokenResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.accessToken && { accessToken: import_smithy_client4.SENSITIVE_STRING }, - ...obj.refreshToken && { refreshToken: import_smithy_client4.SENSITIVE_STRING }, - ...obj.idToken && { idToken: import_smithy_client4.SENSITIVE_STRING } -}), "CreateTokenResponseFilterSensitiveLog"); -var ExpiredTokenException = class _ExpiredTokenException extends SSOOIDCServiceException { - static { - __name(this, "ExpiredTokenException"); + getPayloadCodec() { + return this.codec; } - name = "ExpiredTokenException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be expired_token.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { - super({ - name: "ExpiredTokenException", - $fault: "client", - ...opts + async handleError(operationSchema, context, response, dataObject, metadata) { + const errorIdentifier = loadRestJsonErrorCode(response, dataObject) ?? "Unknown"; + let namespace = this.options.defaultNamespace; + let errorName = errorIdentifier; + if (errorIdentifier.includes("#")) { + [namespace, errorName] = errorIdentifier.split("#"); + } + const registry = import_schema3.TypeRegistry.for(namespace); + let errorSchema; + try { + errorSchema = registry.getSchema(errorIdentifier); + } catch (e) { + const baseExceptionSchema = import_schema3.TypeRegistry.for("smithy.ts.sdk.synthetic." + namespace).getBaseException(); + if (baseExceptionSchema) { + const ErrorCtor = baseExceptionSchema.ctor; + throw Object.assign(new ErrorCtor(errorName), dataObject); + } + throw new Error(errorName); + } + const ns = import_schema3.NormalizedSchema.of(errorSchema); + const message = dataObject.message ?? dataObject.Message ?? "Unknown"; + const exception = new errorSchema.ctor(message); + await this.deserializeHttpMessage(errorSchema, context, response, dataObject); + const output = {}; + for (const [name, member] of ns.structIterator()) { + const target = member.getMergedTraits().jsonName ?? name; + output[name] = this.codec.createDeserializer().readObject(member, dataObject[target]); + } + Object.assign(exception, { + $metadata: metadata, + $response: response, + $fault: ns.getMergedTraits().error, + message, + ...output }); - Object.setPrototypeOf(this, _ExpiredTokenException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; + throw exception; } }; -var InternalServerException = class _InternalServerException extends SSOOIDCServiceException { + +// src/submodules/protocols/json/AwsJson1_0Protocol.ts +var AwsJson1_0Protocol = class extends AwsJsonRpcProtocol { static { - __name(this, "InternalServerException"); + __name(this, "AwsJson1_0Protocol"); } - name = "InternalServerException"; - $fault = "server"; - /** - *Single error code. For this exception the value will be server_error.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { + constructor({ defaultNamespace, serviceTarget }) { super({ - name: "InternalServerException", - $fault: "server", - ...opts + defaultNamespace, + serviceTarget }); - Object.setPrototypeOf(this, _InternalServerException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; } -}; -var InvalidClientException = class _InvalidClientException extends SSOOIDCServiceException { - static { - __name(this, "InvalidClientException"); + getShapeId() { + return "aws.protocols#awsJson1_0"; + } + getJsonRpcVersion() { + return "1.0"; } - name = "InvalidClientException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be
- * invalid_client.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; /** - * @internal + * @override */ - constructor(opts) { - super({ - name: "InvalidClientException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _InvalidClientException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; + getDefaultContentType() { + return "application/x-amz-json-1.0"; } }; -var InvalidGrantException = class _InvalidGrantException extends SSOOIDCServiceException { + +// src/submodules/protocols/json/AwsJson1_1Protocol.ts +var AwsJson1_1Protocol = class extends AwsJsonRpcProtocol { static { - __name(this, "InvalidGrantException"); + __name(this, "AwsJson1_1Protocol"); } - name = "InvalidGrantException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be invalid_grant.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { + constructor({ defaultNamespace, serviceTarget }) { super({ - name: "InvalidGrantException", - $fault: "client", - ...opts + defaultNamespace, + serviceTarget }); - Object.setPrototypeOf(this, _InvalidGrantException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; } -}; -var InvalidRequestException = class _InvalidRequestException extends SSOOIDCServiceException { - static { - __name(this, "InvalidRequestException"); + getShapeId() { + return "aws.protocols#awsJson1_1"; + } + getJsonRpcVersion() { + return "1.1"; } - name = "InvalidRequestException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be
- * invalid_request.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; /** - * @internal + * @override */ - constructor(opts) { - super({ - name: "InvalidRequestException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _InvalidRequestException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; + getDefaultContentType() { + return "application/x-amz-json-1.1"; } }; -var InvalidScopeException = class _InvalidScopeException extends SSOOIDCServiceException { + +// src/submodules/protocols/json/AwsRestJsonProtocol.ts +var import_protocols2 = __nccwpck_require__(2241); +var import_schema4 = __nccwpck_require__(9826); +var import_util_body_length_browser2 = __nccwpck_require__(713); +var AwsRestJsonProtocol = class extends import_protocols2.HttpBindingProtocol { static { - __name(this, "InvalidScopeException"); + __name(this, "AwsRestJsonProtocol"); } - name = "InvalidScopeException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be invalid_scope.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { + serializer; + deserializer; + codec; + constructor({ defaultNamespace }) { super({ - name: "InvalidScopeException", - $fault: "client", - ...opts + defaultNamespace }); - Object.setPrototypeOf(this, _InvalidScopeException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; + const settings = { + timestampFormat: { + useTrait: true, + default: import_schema4.SCHEMA.TIMESTAMP_EPOCH_SECONDS + }, + httpBindings: true, + jsonName: true + }; + this.codec = new JsonCodec(settings); + this.serializer = new import_protocols2.HttpInterceptingShapeSerializer(this.codec.createSerializer(), settings); + this.deserializer = new import_protocols2.HttpInterceptingShapeDeserializer(this.codec.createDeserializer(), settings); } -}; -var SlowDownException = class _SlowDownException extends SSOOIDCServiceException { - static { - __name(this, "SlowDownException"); + getShapeId() { + return "aws.protocols#restJson1"; } - name = "SlowDownException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be slow_down.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { - super({ - name: "SlowDownException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _SlowDownException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; + getPayloadCodec() { + return this.codec; } -}; -var UnauthorizedClientException = class _UnauthorizedClientException extends SSOOIDCServiceException { - static { - __name(this, "UnauthorizedClientException"); + setSerdeContext(serdeContext) { + this.codec.setSerdeContext(serdeContext); + super.setSerdeContext(serdeContext); + } + async serializeRequest(operationSchema, input, context) { + const request = await super.serializeRequest(operationSchema, input, context); + const inputSchema = import_schema4.NormalizedSchema.of(operationSchema.input); + const members = inputSchema.getMemberSchemas(); + if (!request.headers["content-type"]) { + const httpPayloadMember = Object.values(members).find((m) => { + return !!m.getMergedTraits().httpPayload; + }); + if (httpPayloadMember) { + const mediaType = httpPayloadMember.getMergedTraits().mediaType; + if (mediaType) { + request.headers["content-type"] = mediaType; + } else if (httpPayloadMember.isStringSchema()) { + request.headers["content-type"] = "text/plain"; + } else if (httpPayloadMember.isBlobSchema()) { + request.headers["content-type"] = "application/octet-stream"; + } else { + request.headers["content-type"] = this.getDefaultContentType(); + } + } else if (!inputSchema.isUnitSchema()) { + const hasBody = Object.values(members).find((m) => { + const { httpQuery, httpQueryParams, httpHeader, httpLabel, httpPrefixHeaders } = m.getMergedTraits(); + return !httpQuery && !httpQueryParams && !httpHeader && !httpLabel && httpPrefixHeaders === void 0; + }); + if (hasBody) { + request.headers["content-type"] = this.getDefaultContentType(); + } + } + } + if (request.headers["content-type"] && !request.body) { + request.body = "{}"; + } + if (request.body) { + try { + request.headers["content-length"] = String((0, import_util_body_length_browser2.calculateBodyLength)(request.body)); + } catch (e) { + } + } + return request; + } + async handleError(operationSchema, context, response, dataObject, metadata) { + const errorIdentifier = loadRestJsonErrorCode(response, dataObject) ?? "Unknown"; + let namespace = this.options.defaultNamespace; + let errorName = errorIdentifier; + if (errorIdentifier.includes("#")) { + [namespace, errorName] = errorIdentifier.split("#"); + } + const registry = import_schema4.TypeRegistry.for(namespace); + let errorSchema; + try { + errorSchema = registry.getSchema(errorIdentifier); + } catch (e) { + const baseExceptionSchema = import_schema4.TypeRegistry.for("smithy.ts.sdk.synthetic." + namespace).getBaseException(); + if (baseExceptionSchema) { + const ErrorCtor = baseExceptionSchema.ctor; + throw Object.assign(new ErrorCtor(errorName), dataObject); + } + throw new Error(errorName); + } + const ns = import_schema4.NormalizedSchema.of(errorSchema); + const message = dataObject.message ?? dataObject.Message ?? "Unknown"; + const exception = new errorSchema.ctor(message); + await this.deserializeHttpMessage(errorSchema, context, response, dataObject); + const output = {}; + for (const [name, member] of ns.structIterator()) { + const target = member.getMergedTraits().jsonName ?? name; + output[name] = this.codec.createDeserializer().readObject(member, dataObject[target]); + } + Object.assign(exception, { + $metadata: metadata, + $response: response, + $fault: ns.getMergedTraits().error, + message, + ...output + }); + throw exception; } - name = "UnauthorizedClientException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be
- * unauthorized_client.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; /** - * @internal + * @override */ - constructor(opts) { - super({ - name: "UnauthorizedClientException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _UnauthorizedClientException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; + getDefaultContentType() { + return "application/json"; } }; -var UnsupportedGrantTypeException = class _UnsupportedGrantTypeException extends SSOOIDCServiceException { + +// src/submodules/protocols/json/awsExpectUnion.ts +var import_smithy_client2 = __nccwpck_require__(3570); +var awsExpectUnion = /* @__PURE__ */ __name((value) => { + if (value == null) { + return void 0; + } + if (typeof value === "object" && "__type" in value) { + delete value.__type; + } + return (0, import_smithy_client2.expectUnion)(value); +}, "awsExpectUnion"); + +// src/submodules/protocols/query/AwsQueryProtocol.ts +var import_protocols5 = __nccwpck_require__(2241); +var import_schema7 = __nccwpck_require__(9826); +var import_util_body_length_browser3 = __nccwpck_require__(713); + +// src/submodules/protocols/xml/XmlShapeDeserializer.ts +var import_protocols3 = __nccwpck_require__(2241); +var import_schema5 = __nccwpck_require__(9826); +var import_smithy_client3 = __nccwpck_require__(3570); +var import_util_utf8 = __nccwpck_require__(1895); +var import_fast_xml_parser = __nccwpck_require__(2689); +var XmlShapeDeserializer = class extends SerdeContextConfig { + constructor(settings) { + super(); + this.settings = settings; + this.stringDeserializer = new import_protocols3.FromStringShapeDeserializer(settings); + } static { - __name(this, "UnsupportedGrantTypeException"); + __name(this, "XmlShapeDeserializer"); + } + stringDeserializer; + setSerdeContext(serdeContext) { + this.serdeContext = serdeContext; + this.stringDeserializer.setSerdeContext(serdeContext); } - name = "UnsupportedGrantTypeException"; - $fault = "client"; /** - *Single error code. For this exception the value will be
- * unsupported_grant_type.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public + read(schema, bytes, key) { + const ns = import_schema5.NormalizedSchema.of(schema); + const memberSchemas = ns.getMemberSchemas(); + const isEventPayload = ns.isStructSchema() && ns.isMemberSchema() && !!Object.values(memberSchemas).find((memberNs) => { + return !!memberNs.getMemberTraits().eventPayload; + }); + if (isEventPayload) { + const output = {}; + const memberName = Object.keys(memberSchemas)[0]; + const eventMemberSchema = memberSchemas[memberName]; + if (eventMemberSchema.isBlobSchema()) { + output[memberName] = bytes; + } else { + output[memberName] = this.read(memberSchemas[memberName], bytes); + } + return output; + } + const xmlString = (this.serdeContext?.utf8Encoder ?? import_util_utf8.toUtf8)(bytes); + const parsedObject = this.parseXml(xmlString); + return this.readSchema(schema, key ? parsedObject[key] : parsedObject); + } + readSchema(_schema, value) { + const ns = import_schema5.NormalizedSchema.of(_schema); + const traits = ns.getMergedTraits(); + if (ns.isListSchema() && !Array.isArray(value)) { + return this.readSchema(ns, [value]); + } + if (value == null) { + return value; + } + if (typeof value === "object") { + const sparse = !!traits.sparse; + const flat = !!traits.xmlFlattened; + if (ns.isListSchema()) { + const listValue = ns.getValueSchema(); + const buffer2 = []; + const sourceKey = listValue.getMergedTraits().xmlName ?? "member"; + const source = flat ? value : (value[0] ?? value)[sourceKey]; + const sourceArray = Array.isArray(source) ? source : [source]; + for (const v of sourceArray) { + if (v != null || sparse) { + buffer2.push(this.readSchema(listValue, v)); + } + } + return buffer2; + } + const buffer = {}; + if (ns.isMapSchema()) { + const keyNs = ns.getKeySchema(); + const memberNs = ns.getValueSchema(); + let entries; + if (flat) { + entries = Array.isArray(value) ? value : [value]; + } else { + entries = Array.isArray(value.entry) ? value.entry : [value.entry]; + } + const keyProperty = keyNs.getMergedTraits().xmlName ?? "key"; + const valueProperty = memberNs.getMergedTraits().xmlName ?? "value"; + for (const entry of entries) { + const key = entry[keyProperty]; + const value2 = entry[valueProperty]; + if (value2 != null || sparse) { + buffer[key] = this.readSchema(memberNs, value2); + } + } + return buffer; + } + if (ns.isStructSchema()) { + for (const [memberName, memberSchema] of ns.structIterator()) { + const memberTraits = memberSchema.getMergedTraits(); + const xmlObjectKey = !memberTraits.httpPayload ? memberSchema.getMemberTraits().xmlName ?? memberName : memberTraits.xmlName ?? memberSchema.getName(); + if (value[xmlObjectKey] != null) { + buffer[memberName] = this.readSchema(memberSchema, value[xmlObjectKey]); + } + } + return buffer; + } + if (ns.isDocumentSchema()) { + return value; + } + throw new Error(`@aws-sdk/core/protocols - xml deserializer unhandled schema type for ${ns.getName(true)}`); + } + if (ns.isListSchema()) { + return []; + } + if (ns.isMapSchema() || ns.isStructSchema()) { + return {}; + } + return this.stringDeserializer.read(ns, value); + } + parseXml(xml) { + if (xml.length) { + const parser = new import_fast_xml_parser.XMLParser({ + attributeNamePrefix: "", + htmlEntities: true, + ignoreAttributes: false, + ignoreDeclaration: true, + parseTagValue: false, + trimValues: false, + tagValueProcessor: /* @__PURE__ */ __name((_, val) => val.trim() === "" && val.includes("\n") ? "" : void 0, "tagValueProcessor") + }); + parser.addEntity("#xD", "\r"); + parser.addEntity("#10", "\n"); + let parsedObj; + try { + parsedObj = parser.parse(xml, true); + } catch (e) { + if (e && typeof e === "object") { + Object.defineProperty(e, "$responseBodyText", { + value: xml + }); + } + throw e; + } + const textNodeName = "#text"; + const key = Object.keys(parsedObj)[0]; + const parsedObjToReturn = parsedObj[key]; + if (parsedObjToReturn[textNodeName]) { + parsedObjToReturn[key] = parsedObjToReturn[textNodeName]; + delete parsedObjToReturn[textNodeName]; + } + return (0, import_smithy_client3.getValueFromTextNode)(parsedObjToReturn); + } + return {}; + } +}; + +// src/submodules/protocols/query/QueryShapeSerializer.ts +var import_protocols4 = __nccwpck_require__(2241); +var import_schema6 = __nccwpck_require__(9826); +var import_serde5 = __nccwpck_require__(7669); +var import_smithy_client4 = __nccwpck_require__(3570); +var import_util_base642 = __nccwpck_require__(5600); +var QueryShapeSerializer = class extends SerdeContextConfig { + constructor(settings) { + super(); + this.settings = settings; + } + static { + __name(this, "QueryShapeSerializer"); + } + buffer; + write(schema, value, prefix = "") { + if (this.buffer === void 0) { + this.buffer = ""; + } + const ns = import_schema6.NormalizedSchema.of(schema); + if (prefix && !prefix.endsWith(".")) { + prefix += "."; + } + if (ns.isBlobSchema()) { + if (typeof value === "string" || value instanceof Uint8Array) { + this.writeKey(prefix); + this.writeValue((this.serdeContext?.base64Encoder ?? import_util_base642.toBase64)(value)); + } + } else if (ns.isBooleanSchema() || ns.isNumericSchema() || ns.isStringSchema()) { + if (value != null) { + this.writeKey(prefix); + this.writeValue(String(value)); + } else if (ns.isIdempotencyToken()) { + this.writeKey(prefix); + this.writeValue((0, import_serde5.generateIdempotencyToken)()); + } + } else if (ns.isBigIntegerSchema()) { + if (value != null) { + this.writeKey(prefix); + this.writeValue(String(value)); + } + } else if (ns.isBigDecimalSchema()) { + if (value != null) { + this.writeKey(prefix); + this.writeValue(value instanceof import_serde5.NumericValue ? value.string : String(value)); + } + } else if (ns.isTimestampSchema()) { + if (value instanceof Date) { + this.writeKey(prefix); + const format = (0, import_protocols4.determineTimestampFormat)(ns, this.settings); + switch (format) { + case import_schema6.SCHEMA.TIMESTAMP_DATE_TIME: + this.writeValue(value.toISOString().replace(".000Z", "Z")); + break; + case import_schema6.SCHEMA.TIMESTAMP_HTTP_DATE: + this.writeValue((0, import_smithy_client4.dateToUtcString)(value)); + break; + case import_schema6.SCHEMA.TIMESTAMP_EPOCH_SECONDS: + this.writeValue(String(value.getTime() / 1e3)); + break; + } + } + } else if (ns.isDocumentSchema()) { + throw new Error(`@aws-sdk/core/protocols - QuerySerializer unsupported document type ${ns.getName(true)}`); + } else if (ns.isListSchema()) { + if (Array.isArray(value)) { + if (value.length === 0) { + if (this.settings.serializeEmptyLists) { + this.writeKey(prefix); + this.writeValue(""); + } + } else { + const member = ns.getValueSchema(); + const flat = this.settings.flattenLists || ns.getMergedTraits().xmlFlattened; + let i = 1; + for (const item of value) { + if (item == null) { + continue; + } + const suffix = this.getKey("member", member.getMergedTraits().xmlName); + const key = flat ? `${prefix}${i}` : `${prefix}${suffix}.${i}`; + this.write(member, item, key); + ++i; + } + } + } + } else if (ns.isMapSchema()) { + if (value && typeof value === "object") { + const keySchema = ns.getKeySchema(); + const memberSchema = ns.getValueSchema(); + const flat = ns.getMergedTraits().xmlFlattened; + let i = 1; + for (const [k, v] of Object.entries(value)) { + if (v == null) { + continue; + } + const keySuffix = this.getKey("key", keySchema.getMergedTraits().xmlName); + const key = flat ? `${prefix}${i}.${keySuffix}` : `${prefix}entry.${i}.${keySuffix}`; + const valueSuffix = this.getKey("value", memberSchema.getMergedTraits().xmlName); + const valueKey = flat ? `${prefix}${i}.${valueSuffix}` : `${prefix}entry.${i}.${valueSuffix}`; + this.write(keySchema, k, key); + this.write(memberSchema, v, valueKey); + ++i; + } + } + } else if (ns.isStructSchema()) { + if (value && typeof value === "object") { + for (const [memberName, member] of ns.structIterator()) { + if (value[memberName] == null && !member.isIdempotencyToken()) { + continue; + } + const suffix = this.getKey(memberName, member.getMergedTraits().xmlName); + const key = `${prefix}${suffix}`; + this.write(member, value[memberName], key); + } + } + } else if (ns.isUnitSchema()) { + } else { + throw new Error(`@aws-sdk/core/protocols - QuerySerializer unrecognized schema type ${ns.getName(true)}`); + } + } + flush() { + if (this.buffer === void 0) { + throw new Error("@aws-sdk/core/protocols - QuerySerializer cannot flush with nothing written to buffer."); + } + const str = this.buffer; + delete this.buffer; + return str; + } + getKey(memberName, xmlName) { + const key = xmlName ?? memberName; + if (this.settings.capitalizeKeys) { + return key[0].toUpperCase() + key.slice(1); + } + return key; + } + writeKey(key) { + if (key.endsWith(".")) { + key = key.slice(0, key.length - 1); + } + this.buffer += `&${(0, import_protocols4.extendedEncodeURIComponent)(key)}=`; + } + writeValue(value) { + this.buffer += (0, import_protocols4.extendedEncodeURIComponent)(value); + } +}; + +// src/submodules/protocols/query/AwsQueryProtocol.ts +var AwsQueryProtocol = class extends import_protocols5.RpcProtocol { + constructor(options) { + super({ + defaultNamespace: options.defaultNamespace + }); + this.options = options; + const settings = { + timestampFormat: { + useTrait: true, + default: import_schema7.SCHEMA.TIMESTAMP_DATE_TIME + }, + httpBindings: false, + xmlNamespace: options.xmlNamespace, + serviceNamespace: options.defaultNamespace, + serializeEmptyLists: true + }; + this.serializer = new QueryShapeSerializer(settings); + this.deserializer = new XmlShapeDeserializer(settings); + } + static { + __name(this, "AwsQueryProtocol"); + } + serializer; + deserializer; + getShapeId() { + return "aws.protocols#awsQuery"; + } + setSerdeContext(serdeContext) { + this.serializer.setSerdeContext(serdeContext); + this.deserializer.setSerdeContext(serdeContext); + } + getPayloadCodec() { + throw new Error("AWSQuery protocol has no payload codec."); + } + async serializeRequest(operationSchema, input, context) { + const request = await super.serializeRequest(operationSchema, input, context); + if (!request.path.endsWith("/")) { + request.path += "/"; + } + Object.assign(request.headers, { + "content-type": `application/x-www-form-urlencoded` + }); + if ((0, import_schema7.deref)(operationSchema.input) === "unit" || !request.body) { + request.body = ""; + } + request.body = `Action=${operationSchema.name.split("#")[1]}&Version=${this.options.version}` + request.body; + if (request.body.endsWith("&")) { + request.body = request.body.slice(-1); + } + try { + request.headers["content-length"] = String((0, import_util_body_length_browser3.calculateBodyLength)(request.body)); + } catch (e) { + } + return request; + } + async deserializeResponse(operationSchema, context, response) { + const deserializer = this.deserializer; + const ns = import_schema7.NormalizedSchema.of(operationSchema.output); + const dataObject = {}; + if (response.statusCode >= 300) { + const bytes2 = await (0, import_protocols5.collectBody)(response.body, context); + if (bytes2.byteLength > 0) { + Object.assign(dataObject, await deserializer.read(import_schema7.SCHEMA.DOCUMENT, bytes2)); + } + await this.handleError(operationSchema, context, response, dataObject, this.deserializeMetadata(response)); + } + for (const header in response.headers) { + const value = response.headers[header]; + delete response.headers[header]; + response.headers[header.toLowerCase()] = value; + } + const awsQueryResultKey = ns.isStructSchema() && this.useNestedResult() ? operationSchema.name.split("#")[1] + "Result" : void 0; + const bytes = await (0, import_protocols5.collectBody)(response.body, context); + if (bytes.byteLength > 0) { + Object.assign(dataObject, await deserializer.read(ns, bytes, awsQueryResultKey)); + } + const output = { + $metadata: this.deserializeMetadata(response), + ...dataObject + }; + return output; + } + /** + * EC2 Query overrides this. + */ + useNestedResult() { + return true; + } + async handleError(operationSchema, context, response, dataObject, metadata) { + const errorIdentifier = this.loadQueryErrorCode(response, dataObject) ?? "Unknown"; + let namespace = this.options.defaultNamespace; + let errorName = errorIdentifier; + if (errorIdentifier.includes("#")) { + [namespace, errorName] = errorIdentifier.split("#"); + } + const errorDataSource = this.loadQueryError(dataObject); + const registry = import_schema7.TypeRegistry.for(namespace); + let errorSchema; + try { + errorSchema = registry.find( + (schema) => import_schema7.NormalizedSchema.of(schema).getMergedTraits().awsQueryError?.[0] === errorName + ); + if (!errorSchema) { + errorSchema = registry.getSchema(errorIdentifier); + } + } catch (e) { + const baseExceptionSchema = import_schema7.TypeRegistry.for("smithy.ts.sdk.synthetic." + namespace).getBaseException(); + if (baseExceptionSchema) { + const ErrorCtor = baseExceptionSchema.ctor; + throw Object.assign(new ErrorCtor(errorName), errorDataSource); + } + throw new Error(errorName); + } + const ns = import_schema7.NormalizedSchema.of(errorSchema); + const message = this.loadQueryErrorMessage(dataObject); + const exception = new errorSchema.ctor(message); + const output = {}; + for (const [name, member] of ns.structIterator()) { + const target = member.getMergedTraits().xmlName ?? name; + const value = errorDataSource[target] ?? dataObject[target]; + output[name] = this.deserializer.readSchema(member, value); + } + Object.assign(exception, { + $metadata: metadata, + $response: response, + $fault: ns.getMergedTraits().error, + message, + ...output + }); + throw exception; + } + /** + * The variations in the error and error message locations are attributed to + * divergence between AWS Query and EC2 Query behavior. + */ + loadQueryErrorCode(output, data) { + const code = (data.Errors?.[0]?.Error ?? data.Errors?.Error ?? data.Error)?.Code; + if (code !== void 0) { + return code; + } + if (output.statusCode == 404) { + return "NotFound"; + } + } + loadQueryError(data) { + return data.Errors?.[0]?.Error ?? data.Errors?.Error ?? data.Error; + } + loadQueryErrorMessage(data) { + const errorData = this.loadQueryError(data); + return errorData?.message ?? errorData?.Message ?? data.message ?? data.Message ?? "Unknown"; + } + /** + * @override + */ + getDefaultContentType() { + return "application/x-www-form-urlencoded"; + } +}; + +// src/submodules/protocols/query/AwsEc2QueryProtocol.ts +var AwsEc2QueryProtocol = class extends AwsQueryProtocol { + constructor(options) { + super(options); + this.options = options; + const ec2Settings = { + capitalizeKeys: true, + flattenLists: true, + serializeEmptyLists: false + }; + Object.assign(this.serializer.settings, ec2Settings); + } + static { + __name(this, "AwsEc2QueryProtocol"); + } + /** + * EC2 Query reads XResponse.XResult instead of XResponse directly. + */ + useNestedResult() { + return false; + } +}; + +// src/submodules/protocols/xml/AwsRestXmlProtocol.ts +var import_protocols6 = __nccwpck_require__(2241); +var import_schema9 = __nccwpck_require__(9826); +var import_util_body_length_browser4 = __nccwpck_require__(713); + +// src/submodules/protocols/xml/parseXmlBody.ts +var import_smithy_client5 = __nccwpck_require__(3570); +var import_fast_xml_parser2 = __nccwpck_require__(2689); +var parseXmlBody = /* @__PURE__ */ __name((streamBody, context) => collectBodyString(streamBody, context).then((encoded) => { + if (encoded.length) { + const parser = new import_fast_xml_parser2.XMLParser({ + attributeNamePrefix: "", + htmlEntities: true, + ignoreAttributes: false, + ignoreDeclaration: true, + parseTagValue: false, + trimValues: false, + tagValueProcessor: /* @__PURE__ */ __name((_, val) => val.trim() === "" && val.includes("\n") ? "" : void 0, "tagValueProcessor") + }); + parser.addEntity("#xD", "\r"); + parser.addEntity("#10", "\n"); + let parsedObj; + try { + parsedObj = parser.parse(encoded, true); + } catch (e) { + if (e && typeof e === "object") { + Object.defineProperty(e, "$responseBodyText", { + value: encoded + }); + } + throw e; + } + const textNodeName = "#text"; + const key = Object.keys(parsedObj)[0]; + const parsedObjToReturn = parsedObj[key]; + if (parsedObjToReturn[textNodeName]) { + parsedObjToReturn[key] = parsedObjToReturn[textNodeName]; + delete parsedObjToReturn[textNodeName]; + } + return (0, import_smithy_client5.getValueFromTextNode)(parsedObjToReturn); + } + return {}; +}), "parseXmlBody"); +var parseXmlErrorBody = /* @__PURE__ */ __name(async (errorBody, context) => { + const value = await parseXmlBody(errorBody, context); + if (value.Error) { + value.Error.message = value.Error.message ?? value.Error.Message; + } + return value; +}, "parseXmlErrorBody"); +var loadRestXmlErrorCode = /* @__PURE__ */ __name((output, data) => { + if (data?.Error?.Code !== void 0) { + return data.Error.Code; + } + if (data?.Code !== void 0) { + return data.Code; + } + if (output.statusCode == 404) { + return "NotFound"; + } +}, "loadRestXmlErrorCode"); + +// src/submodules/protocols/xml/XmlShapeSerializer.ts +var import_xml_builder = __nccwpck_require__(7406); +var import_schema8 = __nccwpck_require__(9826); +var import_serde6 = __nccwpck_require__(7669); +var import_smithy_client6 = __nccwpck_require__(3570); +var import_util_base643 = __nccwpck_require__(5600); +var XmlShapeSerializer = class extends SerdeContextConfig { + constructor(settings) { + super(); + this.settings = settings; + } + static { + __name(this, "XmlShapeSerializer"); + } + stringBuffer; + byteBuffer; + buffer; + write(schema, value) { + const ns = import_schema8.NormalizedSchema.of(schema); + if (ns.isStringSchema() && typeof value === "string") { + this.stringBuffer = value; + } else if (ns.isBlobSchema()) { + this.byteBuffer = "byteLength" in value ? value : (this.serdeContext?.base64Decoder ?? import_util_base643.fromBase64)(value); + } else { + this.buffer = this.writeStruct(ns, value, void 0); + const traits = ns.getMergedTraits(); + if (traits.httpPayload && !traits.xmlName) { + this.buffer.withName(ns.getName()); + } + } + } + flush() { + if (this.byteBuffer !== void 0) { + const bytes = this.byteBuffer; + delete this.byteBuffer; + return bytes; + } + if (this.stringBuffer !== void 0) { + const str = this.stringBuffer; + delete this.stringBuffer; + return str; + } + const buffer = this.buffer; + if (this.settings.xmlNamespace) { + if (!buffer?.attributes?.["xmlns"]) { + buffer.addAttribute("xmlns", this.settings.xmlNamespace); + } + } + delete this.buffer; + return buffer.toString(); + } + writeStruct(ns, value, parentXmlns) { + const traits = ns.getMergedTraits(); + const name = ns.isMemberSchema() && !traits.httpPayload ? ns.getMemberTraits().xmlName ?? ns.getMemberName() : traits.xmlName ?? ns.getName(); + if (!name || !ns.isStructSchema()) { + throw new Error( + `@aws-sdk/core/protocols - xml serializer, cannot write struct with empty name or non-struct, schema=${ns.getName( + true + )}.` + ); + } + const structXmlNode = import_xml_builder.XmlNode.of(name); + const [xmlnsAttr, xmlns] = this.getXmlnsAttribute(ns, parentXmlns); + if (xmlns) { + structXmlNode.addAttribute(xmlnsAttr, xmlns); + } + for (const [memberName, memberSchema] of ns.structIterator()) { + const val = value[memberName]; + if (val != null || memberSchema.isIdempotencyToken()) { + if (memberSchema.getMergedTraits().xmlAttribute) { + structXmlNode.addAttribute( + memberSchema.getMergedTraits().xmlName ?? memberName, + this.writeSimple(memberSchema, val) + ); + continue; + } + if (memberSchema.isListSchema()) { + this.writeList(memberSchema, val, structXmlNode, xmlns); + } else if (memberSchema.isMapSchema()) { + this.writeMap(memberSchema, val, structXmlNode, xmlns); + } else if (memberSchema.isStructSchema()) { + structXmlNode.addChildNode(this.writeStruct(memberSchema, val, xmlns)); + } else { + const memberNode = import_xml_builder.XmlNode.of(memberSchema.getMergedTraits().xmlName ?? memberSchema.getMemberName()); + this.writeSimpleInto(memberSchema, val, memberNode, xmlns); + structXmlNode.addChildNode(memberNode); + } + } + } + return structXmlNode; + } + writeList(listMember, array, container, parentXmlns) { + if (!listMember.isMemberSchema()) { + throw new Error( + `@aws-sdk/core/protocols - xml serializer, cannot write non-member list: ${listMember.getName(true)}` + ); + } + const listTraits = listMember.getMergedTraits(); + const listValueSchema = listMember.getValueSchema(); + const listValueTraits = listValueSchema.getMergedTraits(); + const sparse = !!listValueTraits.sparse; + const flat = !!listTraits.xmlFlattened; + const [xmlnsAttr, xmlns] = this.getXmlnsAttribute(listMember, parentXmlns); + const writeItem = /* @__PURE__ */ __name((container2, value) => { + if (listValueSchema.isListSchema()) { + this.writeList(listValueSchema, Array.isArray(value) ? value : [value], container2, xmlns); + } else if (listValueSchema.isMapSchema()) { + this.writeMap(listValueSchema, value, container2, xmlns); + } else if (listValueSchema.isStructSchema()) { + const struct = this.writeStruct(listValueSchema, value, xmlns); + container2.addChildNode( + struct.withName(flat ? listTraits.xmlName ?? listMember.getMemberName() : listValueTraits.xmlName ?? "member") + ); + } else { + const listItemNode = import_xml_builder.XmlNode.of( + flat ? listTraits.xmlName ?? listMember.getMemberName() : listValueTraits.xmlName ?? "member" + ); + this.writeSimpleInto(listValueSchema, value, listItemNode, xmlns); + container2.addChildNode(listItemNode); + } + }, "writeItem"); + if (flat) { + for (const value of array) { + if (sparse || value != null) { + writeItem(container, value); + } + } + } else { + const listNode = import_xml_builder.XmlNode.of(listTraits.xmlName ?? listMember.getMemberName()); + if (xmlns) { + listNode.addAttribute(xmlnsAttr, xmlns); + } + for (const value of array) { + if (sparse || value != null) { + writeItem(listNode, value); + } + } + container.addChildNode(listNode); + } + } + writeMap(mapMember, map, container, parentXmlns, containerIsMap = false) { + if (!mapMember.isMemberSchema()) { + throw new Error( + `@aws-sdk/core/protocols - xml serializer, cannot write non-member map: ${mapMember.getName(true)}` + ); + } + const mapTraits = mapMember.getMergedTraits(); + const mapKeySchema = mapMember.getKeySchema(); + const mapKeyTraits = mapKeySchema.getMergedTraits(); + const keyTag = mapKeyTraits.xmlName ?? "key"; + const mapValueSchema = mapMember.getValueSchema(); + const mapValueTraits = mapValueSchema.getMergedTraits(); + const valueTag = mapValueTraits.xmlName ?? "value"; + const sparse = !!mapValueTraits.sparse; + const flat = !!mapTraits.xmlFlattened; + const [xmlnsAttr, xmlns] = this.getXmlnsAttribute(mapMember, parentXmlns); + const addKeyValue = /* @__PURE__ */ __name((entry, key, val) => { + const keyNode = import_xml_builder.XmlNode.of(keyTag, key); + const [keyXmlnsAttr, keyXmlns] = this.getXmlnsAttribute(mapKeySchema, xmlns); + if (keyXmlns) { + keyNode.addAttribute(keyXmlnsAttr, keyXmlns); + } + entry.addChildNode(keyNode); + let valueNode = import_xml_builder.XmlNode.of(valueTag); + if (mapValueSchema.isListSchema()) { + this.writeList(mapValueSchema, val, valueNode, xmlns); + } else if (mapValueSchema.isMapSchema()) { + this.writeMap(mapValueSchema, val, valueNode, xmlns, true); + } else if (mapValueSchema.isStructSchema()) { + valueNode = this.writeStruct(mapValueSchema, val, xmlns); + } else { + this.writeSimpleInto(mapValueSchema, val, valueNode, xmlns); + } + entry.addChildNode(valueNode); + }, "addKeyValue"); + if (flat) { + for (const [key, val] of Object.entries(map)) { + if (sparse || val != null) { + const entry = import_xml_builder.XmlNode.of(mapTraits.xmlName ?? mapMember.getMemberName()); + addKeyValue(entry, key, val); + container.addChildNode(entry); + } + } + } else { + let mapNode; + if (!containerIsMap) { + mapNode = import_xml_builder.XmlNode.of(mapTraits.xmlName ?? mapMember.getMemberName()); + if (xmlns) { + mapNode.addAttribute(xmlnsAttr, xmlns); + } + container.addChildNode(mapNode); + } + for (const [key, val] of Object.entries(map)) { + if (sparse || val != null) { + const entry = import_xml_builder.XmlNode.of("entry"); + addKeyValue(entry, key, val); + (containerIsMap ? container : mapNode).addChildNode(entry); + } + } + } + } + writeSimple(_schema, value) { + if (null === value) { + throw new Error("@aws-sdk/core/protocols - (XML serializer) cannot write null value."); + } + const ns = import_schema8.NormalizedSchema.of(_schema); + let nodeContents = null; + if (value && typeof value === "object") { + if (ns.isBlobSchema()) { + nodeContents = (this.serdeContext?.base64Encoder ?? import_util_base643.toBase64)(value); + } else if (ns.isTimestampSchema() && value instanceof Date) { + const options = this.settings.timestampFormat; + const format = options.useTrait ? ns.getSchema() === import_schema8.SCHEMA.TIMESTAMP_DEFAULT ? options.default : ns.getSchema() ?? options.default : options.default; + switch (format) { + case import_schema8.SCHEMA.TIMESTAMP_DATE_TIME: + nodeContents = value.toISOString().replace(".000Z", "Z"); + break; + case import_schema8.SCHEMA.TIMESTAMP_HTTP_DATE: + nodeContents = (0, import_smithy_client6.dateToUtcString)(value); + break; + case import_schema8.SCHEMA.TIMESTAMP_EPOCH_SECONDS: + nodeContents = String(value.getTime() / 1e3); + break; + default: + console.warn("Missing timestamp format, using http date", value); + nodeContents = (0, import_smithy_client6.dateToUtcString)(value); + break; + } + } else if (ns.isBigDecimalSchema() && value) { + if (value instanceof import_serde6.NumericValue) { + return value.string; + } + return String(value); + } else if (ns.isMapSchema() || ns.isListSchema()) { + throw new Error( + "@aws-sdk/core/protocols - xml serializer, cannot call _write() on List/Map schema, call writeList or writeMap() instead." + ); + } else { + throw new Error( + `@aws-sdk/core/protocols - xml serializer, unhandled schema type for object value and schema: ${ns.getName( + true + )}` + ); + } + } + if (ns.isBooleanSchema() || ns.isNumericSchema() || ns.isBigIntegerSchema() || ns.isBigDecimalSchema()) { + nodeContents = String(value); + } + if (ns.isStringSchema()) { + if (value === void 0 && ns.isIdempotencyToken()) { + nodeContents = (0, import_serde6.generateIdempotencyToken)(); + } else { + nodeContents = String(value); + } + } + if (nodeContents === null) { + throw new Error(`Unhandled schema-value pair ${ns.getName(true)}=${value}`); + } + return nodeContents; + } + writeSimpleInto(_schema, value, into, parentXmlns) { + const nodeContents = this.writeSimple(_schema, value); + const ns = import_schema8.NormalizedSchema.of(_schema); + const content = new import_xml_builder.XmlText(nodeContents); + const [xmlnsAttr, xmlns] = this.getXmlnsAttribute(ns, parentXmlns); + if (xmlns) { + into.addAttribute(xmlnsAttr, xmlns); + } + into.addChildNode(content); + } + getXmlnsAttribute(ns, parentXmlns) { + const traits = ns.getMergedTraits(); + const [prefix, xmlns] = traits.xmlNamespace ?? []; + if (xmlns && xmlns !== parentXmlns) { + return [prefix ? `xmlns:${prefix}` : "xmlns", xmlns]; + } + return [void 0, void 0]; + } +}; + +// src/submodules/protocols/xml/XmlCodec.ts +var XmlCodec = class extends SerdeContextConfig { + constructor(settings) { + super(); + this.settings = settings; + } + static { + __name(this, "XmlCodec"); + } + createSerializer() { + const serializer = new XmlShapeSerializer(this.settings); + serializer.setSerdeContext(this.serdeContext); + return serializer; + } + createDeserializer() { + const deserializer = new XmlShapeDeserializer(this.settings); + deserializer.setSerdeContext(this.serdeContext); + return deserializer; + } +}; + +// src/submodules/protocols/xml/AwsRestXmlProtocol.ts +var AwsRestXmlProtocol = class extends import_protocols6.HttpBindingProtocol { + static { + __name(this, "AwsRestXmlProtocol"); + } + codec; + serializer; + deserializer; + constructor(options) { + super(options); + const settings = { + timestampFormat: { + useTrait: true, + default: import_schema9.SCHEMA.TIMESTAMP_DATE_TIME + }, + httpBindings: true, + xmlNamespace: options.xmlNamespace, + serviceNamespace: options.defaultNamespace + }; + this.codec = new XmlCodec(settings); + this.serializer = new import_protocols6.HttpInterceptingShapeSerializer(this.codec.createSerializer(), settings); + this.deserializer = new import_protocols6.HttpInterceptingShapeDeserializer(this.codec.createDeserializer(), settings); + } + getPayloadCodec() { + return this.codec; + } + getShapeId() { + return "aws.protocols#restXml"; + } + async serializeRequest(operationSchema, input, context) { + const request = await super.serializeRequest(operationSchema, input, context); + const ns = import_schema9.NormalizedSchema.of(operationSchema.input); + const members = ns.getMemberSchemas(); + request.path = String(request.path).split("/").filter((segment) => { + return segment !== "{Bucket}"; + }).join("/") || "/"; + if (!request.headers["content-type"]) { + const httpPayloadMember = Object.values(members).find((m) => { + return !!m.getMergedTraits().httpPayload; + }); + if (httpPayloadMember) { + const mediaType = httpPayloadMember.getMergedTraits().mediaType; + if (mediaType) { + request.headers["content-type"] = mediaType; + } else if (httpPayloadMember.isStringSchema()) { + request.headers["content-type"] = "text/plain"; + } else if (httpPayloadMember.isBlobSchema()) { + request.headers["content-type"] = "application/octet-stream"; + } else { + request.headers["content-type"] = this.getDefaultContentType(); + } + } else if (!ns.isUnitSchema()) { + const hasBody = Object.values(members).find((m) => { + const { httpQuery, httpQueryParams, httpHeader, httpLabel, httpPrefixHeaders } = m.getMergedTraits(); + return !httpQuery && !httpQueryParams && !httpHeader && !httpLabel && httpPrefixHeaders === void 0; + }); + if (hasBody) { + request.headers["content-type"] = this.getDefaultContentType(); + } + } + } + if (request.headers["content-type"] === this.getDefaultContentType()) { + if (typeof request.body === "string") { + request.body = '' + request.body; + } + } + if (request.body) { + try { + request.headers["content-length"] = String((0, import_util_body_length_browser4.calculateBodyLength)(request.body)); + } catch (e) { + } + } + return request; + } + async deserializeResponse(operationSchema, context, response) { + return super.deserializeResponse(operationSchema, context, response); + } + async handleError(operationSchema, context, response, dataObject, metadata) { + const errorIdentifier = loadRestXmlErrorCode(response, dataObject) ?? "Unknown"; + let namespace = this.options.defaultNamespace; + let errorName = errorIdentifier; + if (errorIdentifier.includes("#")) { + [namespace, errorName] = errorIdentifier.split("#"); + } + const registry = import_schema9.TypeRegistry.for(namespace); + let errorSchema; + try { + errorSchema = registry.getSchema(errorIdentifier); + } catch (e) { + const baseExceptionSchema = import_schema9.TypeRegistry.for("smithy.ts.sdk.synthetic." + namespace).getBaseException(); + if (baseExceptionSchema) { + const ErrorCtor = baseExceptionSchema.ctor; + throw Object.assign(new ErrorCtor(errorName), dataObject); + } + throw new Error(errorName); + } + const ns = import_schema9.NormalizedSchema.of(errorSchema); + const message = dataObject.Error?.message ?? dataObject.Error?.Message ?? dataObject.message ?? dataObject.Message ?? "Unknown"; + const exception = new errorSchema.ctor(message); + await this.deserializeHttpMessage(errorSchema, context, response, dataObject); + const output = {}; + for (const [name, member] of ns.structIterator()) { + const target = member.getMergedTraits().xmlName ?? name; + const value = dataObject.Error?.[target] ?? dataObject[target]; + output[name] = this.codec.createDeserializer().readSchema(member, value); + } + Object.assign(exception, { + $metadata: metadata, + $response: response, + $fault: ns.getMergedTraits().error, + message, + ...output + }); + throw exception; + } + /** + * @override + */ + getDefaultContentType() { + return "application/xml"; + } +}; +// Annotate the CommonJS export names for ESM import in node: +0 && (0); + + +/***/ }), + +/***/ 8519: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +"use strict"; + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + } + return to; +}; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/index.ts +var index_exports = {}; +__export(index_exports, { + ENV_ACCOUNT_ID: () => ENV_ACCOUNT_ID, + ENV_CREDENTIAL_SCOPE: () => ENV_CREDENTIAL_SCOPE, + ENV_EXPIRATION: () => ENV_EXPIRATION, + ENV_KEY: () => ENV_KEY, + ENV_SECRET: () => ENV_SECRET, + ENV_SESSION: () => ENV_SESSION, + fromEnv: () => fromEnv +}); +module.exports = __toCommonJS(index_exports); + +// src/fromEnv.ts +var import_client = __nccwpck_require__(912); +var import_property_provider = __nccwpck_require__(9721); +var ENV_KEY = "AWS_ACCESS_KEY_ID"; +var ENV_SECRET = "AWS_SECRET_ACCESS_KEY"; +var ENV_SESSION = "AWS_SESSION_TOKEN"; +var ENV_EXPIRATION = "AWS_CREDENTIAL_EXPIRATION"; +var ENV_CREDENTIAL_SCOPE = "AWS_CREDENTIAL_SCOPE"; +var ENV_ACCOUNT_ID = "AWS_ACCOUNT_ID"; +var fromEnv = /* @__PURE__ */ __name((init) => async () => { + init?.logger?.debug("@aws-sdk/credential-provider-env - fromEnv"); + const accessKeyId = process.env[ENV_KEY]; + const secretAccessKey = process.env[ENV_SECRET]; + const sessionToken = process.env[ENV_SESSION]; + const expiry = process.env[ENV_EXPIRATION]; + const credentialScope = process.env[ENV_CREDENTIAL_SCOPE]; + const accountId = process.env[ENV_ACCOUNT_ID]; + if (accessKeyId && secretAccessKey) { + const credentials = { + accessKeyId, + secretAccessKey, + ...sessionToken && { sessionToken }, + ...expiry && { expiration: new Date(expiry) }, + ...credentialScope && { credentialScope }, + ...accountId && { accountId } + }; + (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_ENV_VARS", "g"); + return credentials; + } + throw new import_property_provider.CredentialsProviderError("Unable to find environment variable credentials.", { logger: init?.logger }); +}, "fromEnv"); +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); + + + +/***/ }), + +/***/ 7606: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.checkUrl = void 0; +const property_provider_1 = __nccwpck_require__(9721); +const LOOPBACK_CIDR_IPv4 = "127.0.0.0/8"; +const LOOPBACK_CIDR_IPv6 = "::1/128"; +const ECS_CONTAINER_HOST = "169.254.170.2"; +const EKS_CONTAINER_HOST_IPv4 = "169.254.170.23"; +const EKS_CONTAINER_HOST_IPv6 = "[fd00:ec2::23]"; +const checkUrl = (url, logger) => { + if (url.protocol === "https:") { + return; + } + if (url.hostname === ECS_CONTAINER_HOST || + url.hostname === EKS_CONTAINER_HOST_IPv4 || + url.hostname === EKS_CONTAINER_HOST_IPv6) { + return; + } + if (url.hostname.includes("[")) { + if (url.hostname === "[::1]" || url.hostname === "[0000:0000:0000:0000:0000:0000:0000:0001]") { + return; + } + } + else { + if (url.hostname === "localhost") { + return; + } + const ipComponents = url.hostname.split("."); + const inRange = (component) => { + const num = parseInt(component, 10); + return 0 <= num && num <= 255; + }; + if (ipComponents[0] === "127" && + inRange(ipComponents[1]) && + inRange(ipComponents[2]) && + inRange(ipComponents[3]) && + ipComponents.length === 4) { + return; + } + } + throw new property_provider_1.CredentialsProviderError(`URL not accepted. It must either be HTTPS or match one of the following: + - loopback CIDR 127.0.0.0/8 or [::1/128] + - ECS container host 169.254.170.2 + - EKS container host 169.254.170.23 or [fd00:ec2::23]`, { logger }); +}; +exports.checkUrl = checkUrl; + + +/***/ }), + +/***/ 2120: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.fromHttp = void 0; +const tslib_1 = __nccwpck_require__(4351); +const client_1 = __nccwpck_require__(912); +const node_http_handler_1 = __nccwpck_require__(258); +const property_provider_1 = __nccwpck_require__(9721); +const promises_1 = tslib_1.__importDefault(__nccwpck_require__(3292)); +const checkUrl_1 = __nccwpck_require__(7606); +const requestHelpers_1 = __nccwpck_require__(8082); +const retry_wrapper_1 = __nccwpck_require__(9359); +const AWS_CONTAINER_CREDENTIALS_RELATIVE_URI = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"; +const DEFAULT_LINK_LOCAL_HOST = "http://169.254.170.2"; +const AWS_CONTAINER_CREDENTIALS_FULL_URI = "AWS_CONTAINER_CREDENTIALS_FULL_URI"; +const AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE = "AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE"; +const AWS_CONTAINER_AUTHORIZATION_TOKEN = "AWS_CONTAINER_AUTHORIZATION_TOKEN"; +const fromHttp = (options = {}) => { + options.logger?.debug("@aws-sdk/credential-provider-http - fromHttp"); + let host; + const relative = options.awsContainerCredentialsRelativeUri ?? process.env[AWS_CONTAINER_CREDENTIALS_RELATIVE_URI]; + const full = options.awsContainerCredentialsFullUri ?? process.env[AWS_CONTAINER_CREDENTIALS_FULL_URI]; + const token = options.awsContainerAuthorizationToken ?? process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN]; + const tokenFile = options.awsContainerAuthorizationTokenFile ?? process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE]; + const warn = options.logger?.constructor?.name === "NoOpLogger" || !options.logger ? console.warn : options.logger.warn; + if (relative && full) { + warn("@aws-sdk/credential-provider-http: " + + "you have set both awsContainerCredentialsRelativeUri and awsContainerCredentialsFullUri."); + warn("awsContainerCredentialsFullUri will take precedence."); + } + if (token && tokenFile) { + warn("@aws-sdk/credential-provider-http: " + + "you have set both awsContainerAuthorizationToken and awsContainerAuthorizationTokenFile."); + warn("awsContainerAuthorizationToken will take precedence."); + } + if (full) { + host = full; + } + else if (relative) { + host = `${DEFAULT_LINK_LOCAL_HOST}${relative}`; + } + else { + throw new property_provider_1.CredentialsProviderError(`No HTTP credential provider host provided. +Set AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI.`, { logger: options.logger }); + } + const url = new URL(host); + (0, checkUrl_1.checkUrl)(url, options.logger); + const requestHandler = new node_http_handler_1.NodeHttpHandler({ + requestTimeout: options.timeout ?? 1000, + connectionTimeout: options.timeout ?? 1000, + }); + return (0, retry_wrapper_1.retryWrapper)(async () => { + const request = (0, requestHelpers_1.createGetRequest)(url); + if (token) { + request.headers.Authorization = token; + } + else if (tokenFile) { + request.headers.Authorization = (await promises_1.default.readFile(tokenFile)).toString(); + } + try { + const result = await requestHandler.handle(request); + return (0, requestHelpers_1.getCredentials)(result.response).then((creds) => (0, client_1.setCredentialFeature)(creds, "CREDENTIALS_HTTP", "z")); + } + catch (e) { + throw new property_provider_1.CredentialsProviderError(String(e), { logger: options.logger }); + } + }, options.maxRetries ?? 3, options.timeout ?? 1000); +}; +exports.fromHttp = fromHttp; + + +/***/ }), + +/***/ 8082: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.createGetRequest = createGetRequest; +exports.getCredentials = getCredentials; +const property_provider_1 = __nccwpck_require__(9721); +const protocol_http_1 = __nccwpck_require__(4418); +const smithy_client_1 = __nccwpck_require__(3570); +const util_stream_1 = __nccwpck_require__(6607); +function createGetRequest(url) { + return new protocol_http_1.HttpRequest({ + protocol: url.protocol, + hostname: url.hostname, + port: Number(url.port), + path: url.pathname, + query: Array.from(url.searchParams.entries()).reduce((acc, [k, v]) => { + acc[k] = v; + return acc; + }, {}), + fragment: url.hash, + }); +} +async function getCredentials(response, logger) { + const stream = (0, util_stream_1.sdkStreamMixin)(response.body); + const str = await stream.transformToString(); + if (response.statusCode === 200) { + const parsed = JSON.parse(str); + if (typeof parsed.AccessKeyId !== "string" || + typeof parsed.SecretAccessKey !== "string" || + typeof parsed.Token !== "string" || + typeof parsed.Expiration !== "string") { + throw new property_provider_1.CredentialsProviderError("HTTP credential provider response not of the required format, an object matching: " + + "{ AccessKeyId: string, SecretAccessKey: string, Token: string, Expiration: string(rfc3339) }", { logger }); + } + return { + accessKeyId: parsed.AccessKeyId, + secretAccessKey: parsed.SecretAccessKey, + sessionToken: parsed.Token, + expiration: (0, smithy_client_1.parseRfc3339DateTime)(parsed.Expiration), + }; + } + if (response.statusCode >= 400 && response.statusCode < 500) { + let parsedBody = {}; + try { + parsedBody = JSON.parse(str); + } + catch (e) { } + throw Object.assign(new property_provider_1.CredentialsProviderError(`Server responded with status: ${response.statusCode}`, { logger }), { + Code: parsedBody.Code, + Message: parsedBody.Message, + }); + } + throw new property_provider_1.CredentialsProviderError(`Server responded with status: ${response.statusCode}`, { logger }); +} + + +/***/ }), + +/***/ 9359: +/***/ ((__unused_webpack_module, exports) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.retryWrapper = void 0; +const retryWrapper = (toRetry, maxRetries, delayMs) => { + return async () => { + for (let i = 0; i < maxRetries; ++i) { + try { + return await toRetry(); + } + catch (e) { + await new Promise((resolve) => setTimeout(resolve, delayMs)); + } + } + return await toRetry(); + }; +}; +exports.retryWrapper = retryWrapper; + + +/***/ }), + +/***/ 2618: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.fromHttp = void 0; +var fromHttp_1 = __nccwpck_require__(2120); +Object.defineProperty(exports, "fromHttp", ({ enumerable: true, get: function () { return fromHttp_1.fromHttp; } })); + + +/***/ }), + +/***/ 9139: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +"use strict"; + +var __create = Object.create; +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __getProtoOf = Object.getPrototypeOf; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + } + return to; +}; +var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps( + // If the importer is in node compatibility mode or this is not an ESM + // file that has been converted to a CommonJS file using a Babel- + // compatible transform (i.e. "__esModule" has not been set), then set + // "default" to the CommonJS "module.exports" for node compatibility. + isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target, + mod +)); +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/index.ts +var index_exports = {}; +__export(index_exports, { + fromIni: () => fromIni +}); +module.exports = __toCommonJS(index_exports); + +// src/fromIni.ts + + +// src/resolveProfileData.ts + + +// src/resolveAssumeRoleCredentials.ts + + +var import_shared_ini_file_loader = __nccwpck_require__(3507); + +// src/resolveCredentialSource.ts +var import_client = __nccwpck_require__(912); +var import_property_provider = __nccwpck_require__(9721); +var resolveCredentialSource = /* @__PURE__ */ __name((credentialSource, profileName, logger) => { + const sourceProvidersMap = { + EcsContainer: /* @__PURE__ */ __name(async (options) => { + const { fromHttp } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(2618))); + const { fromContainerMetadata } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(7477))); + logger?.debug("@aws-sdk/credential-provider-ini - credential_source is EcsContainer"); + return async () => (0, import_property_provider.chain)(fromHttp(options ?? {}), fromContainerMetadata(options))().then(setNamedProvider); + }, "EcsContainer"), + Ec2InstanceMetadata: /* @__PURE__ */ __name(async (options) => { + logger?.debug("@aws-sdk/credential-provider-ini - credential_source is Ec2InstanceMetadata"); + const { fromInstanceMetadata } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(7477))); + return async () => fromInstanceMetadata(options)().then(setNamedProvider); + }, "Ec2InstanceMetadata"), + Environment: /* @__PURE__ */ __name(async (options) => { + logger?.debug("@aws-sdk/credential-provider-ini - credential_source is Environment"); + const { fromEnv } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(8519))); + return async () => fromEnv(options)().then(setNamedProvider); + }, "Environment") + }; + if (credentialSource in sourceProvidersMap) { + return sourceProvidersMap[credentialSource]; + } else { + throw new import_property_provider.CredentialsProviderError( + `Unsupported credential source in profile ${profileName}. Got ${credentialSource}, expected EcsContainer or Ec2InstanceMetadata or Environment.`, + { logger } + ); + } +}, "resolveCredentialSource"); +var setNamedProvider = /* @__PURE__ */ __name((creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_NAMED_PROVIDER", "p"), "setNamedProvider"); + +// src/resolveAssumeRoleCredentials.ts +var isAssumeRoleProfile = /* @__PURE__ */ __name((arg, { profile = "default", logger } = {}) => { + return Boolean(arg) && typeof arg === "object" && typeof arg.role_arn === "string" && ["undefined", "string"].indexOf(typeof arg.role_session_name) > -1 && ["undefined", "string"].indexOf(typeof arg.external_id) > -1 && ["undefined", "string"].indexOf(typeof arg.mfa_serial) > -1 && (isAssumeRoleWithSourceProfile(arg, { profile, logger }) || isCredentialSourceProfile(arg, { profile, logger })); +}, "isAssumeRoleProfile"); +var isAssumeRoleWithSourceProfile = /* @__PURE__ */ __name((arg, { profile, logger }) => { + const withSourceProfile = typeof arg.source_profile === "string" && typeof arg.credential_source === "undefined"; + if (withSourceProfile) { + logger?.debug?.(` ${profile} isAssumeRoleWithSourceProfile source_profile=${arg.source_profile}`); + } + return withSourceProfile; +}, "isAssumeRoleWithSourceProfile"); +var isCredentialSourceProfile = /* @__PURE__ */ __name((arg, { profile, logger }) => { + const withProviderProfile = typeof arg.credential_source === "string" && typeof arg.source_profile === "undefined"; + if (withProviderProfile) { + logger?.debug?.(` ${profile} isCredentialSourceProfile credential_source=${arg.credential_source}`); + } + return withProviderProfile; +}, "isCredentialSourceProfile"); +var resolveAssumeRoleCredentials = /* @__PURE__ */ __name(async (profileName, profiles, options, visitedProfiles = {}) => { + options.logger?.debug("@aws-sdk/credential-provider-ini - resolveAssumeRoleCredentials (STS)"); + const profileData = profiles[profileName]; + const { source_profile, region } = profileData; + if (!options.roleAssumer) { + const { getDefaultRoleAssumer } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(3715))); + options.roleAssumer = getDefaultRoleAssumer( + { + ...options.clientConfig, + credentialProviderLogger: options.logger, + parentClientConfig: { + ...options?.parentClientConfig, + region: region ?? options?.parentClientConfig?.region + } + }, + options.clientPlugins + ); + } + if (source_profile && source_profile in visitedProfiles) { + throw new import_property_provider.CredentialsProviderError( + `Detected a cycle attempting to resolve credentials for profile ${(0, import_shared_ini_file_loader.getProfileName)(options)}. Profiles visited: ` + Object.keys(visitedProfiles).join(", "), + { logger: options.logger } + ); + } + options.logger?.debug( + `@aws-sdk/credential-provider-ini - finding credential resolver using ${source_profile ? `source_profile=[${source_profile}]` : `profile=[${profileName}]`}` + ); + const sourceCredsProvider = source_profile ? resolveProfileData( + source_profile, + profiles, + options, + { + ...visitedProfiles, + [source_profile]: true + }, + isCredentialSourceWithoutRoleArn(profiles[source_profile] ?? {}) + ) : (await resolveCredentialSource(profileData.credential_source, profileName, options.logger)(options))(); + if (isCredentialSourceWithoutRoleArn(profileData)) { + return sourceCredsProvider.then((creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_SOURCE_PROFILE", "o")); + } else { + const params = { + RoleArn: profileData.role_arn, + RoleSessionName: profileData.role_session_name || `aws-sdk-js-${Date.now()}`, + ExternalId: profileData.external_id, + DurationSeconds: parseInt(profileData.duration_seconds || "3600", 10) + }; + const { mfa_serial } = profileData; + if (mfa_serial) { + if (!options.mfaCodeProvider) { + throw new import_property_provider.CredentialsProviderError( + `Profile ${profileName} requires multi-factor authentication, but no MFA code callback was provided.`, + { logger: options.logger, tryNextLink: false } + ); + } + params.SerialNumber = mfa_serial; + params.TokenCode = await options.mfaCodeProvider(mfa_serial); + } + const sourceCreds = await sourceCredsProvider; + return options.roleAssumer(sourceCreds, params).then( + (creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_SOURCE_PROFILE", "o") + ); + } +}, "resolveAssumeRoleCredentials"); +var isCredentialSourceWithoutRoleArn = /* @__PURE__ */ __name((section) => { + return !section.role_arn && !!section.credential_source; +}, "isCredentialSourceWithoutRoleArn"); + +// src/resolveProcessCredentials.ts + +var isProcessProfile = /* @__PURE__ */ __name((arg) => Boolean(arg) && typeof arg === "object" && typeof arg.credential_process === "string", "isProcessProfile"); +var resolveProcessCredentials = /* @__PURE__ */ __name(async (options, profile) => Promise.resolve().then(() => __toESM(__nccwpck_require__(9197))).then( + ({ fromProcess }) => fromProcess({ + ...options, + profile + })().then((creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_PROCESS", "v")) +), "resolveProcessCredentials"); + +// src/resolveSsoCredentials.ts + +var resolveSsoCredentials = /* @__PURE__ */ __name(async (profile, profileData, options = {}) => { + const { fromSSO } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(7027))); + return fromSSO({ + profile, + logger: options.logger, + parentClientConfig: options.parentClientConfig, + clientConfig: options.clientConfig + })().then((creds) => { + if (profileData.sso_session) { + return (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_SSO", "r"); + } else { + return (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_SSO_LEGACY", "t"); + } + }); +}, "resolveSsoCredentials"); +var isSsoProfile = /* @__PURE__ */ __name((arg) => arg && (typeof arg.sso_start_url === "string" || typeof arg.sso_account_id === "string" || typeof arg.sso_session === "string" || typeof arg.sso_region === "string" || typeof arg.sso_role_name === "string"), "isSsoProfile"); + +// src/resolveStaticCredentials.ts + +var isStaticCredsProfile = /* @__PURE__ */ __name((arg) => Boolean(arg) && typeof arg === "object" && typeof arg.aws_access_key_id === "string" && typeof arg.aws_secret_access_key === "string" && ["undefined", "string"].indexOf(typeof arg.aws_session_token) > -1 && ["undefined", "string"].indexOf(typeof arg.aws_account_id) > -1, "isStaticCredsProfile"); +var resolveStaticCredentials = /* @__PURE__ */ __name(async (profile, options) => { + options?.logger?.debug("@aws-sdk/credential-provider-ini - resolveStaticCredentials"); + const credentials = { + accessKeyId: profile.aws_access_key_id, + secretAccessKey: profile.aws_secret_access_key, + sessionToken: profile.aws_session_token, + ...profile.aws_credential_scope && { credentialScope: profile.aws_credential_scope }, + ...profile.aws_account_id && { accountId: profile.aws_account_id } + }; + return (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_PROFILE", "n"); +}, "resolveStaticCredentials"); + +// src/resolveWebIdentityCredentials.ts + +var isWebIdentityProfile = /* @__PURE__ */ __name((arg) => Boolean(arg) && typeof arg === "object" && typeof arg.web_identity_token_file === "string" && typeof arg.role_arn === "string" && ["undefined", "string"].indexOf(typeof arg.role_session_name) > -1, "isWebIdentityProfile"); +var resolveWebIdentityCredentials = /* @__PURE__ */ __name(async (profile, options) => Promise.resolve().then(() => __toESM(__nccwpck_require__(4331))).then( + ({ fromTokenFile }) => fromTokenFile({ + webIdentityTokenFile: profile.web_identity_token_file, + roleArn: profile.role_arn, + roleSessionName: profile.role_session_name, + roleAssumerWithWebIdentity: options.roleAssumerWithWebIdentity, + logger: options.logger, + parentClientConfig: options.parentClientConfig + })().then((creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_STS_WEB_ID_TOKEN", "q")) +), "resolveWebIdentityCredentials"); + +// src/resolveProfileData.ts +var resolveProfileData = /* @__PURE__ */ __name(async (profileName, profiles, options, visitedProfiles = {}, isAssumeRoleRecursiveCall = false) => { + const data = profiles[profileName]; + if (Object.keys(visitedProfiles).length > 0 && isStaticCredsProfile(data)) { + return resolveStaticCredentials(data, options); + } + if (isAssumeRoleRecursiveCall || isAssumeRoleProfile(data, { profile: profileName, logger: options.logger })) { + return resolveAssumeRoleCredentials(profileName, profiles, options, visitedProfiles); + } + if (isStaticCredsProfile(data)) { + return resolveStaticCredentials(data, options); + } + if (isWebIdentityProfile(data)) { + return resolveWebIdentityCredentials(data, options); + } + if (isProcessProfile(data)) { + return resolveProcessCredentials(options, profileName); + } + if (isSsoProfile(data)) { + return await resolveSsoCredentials(profileName, data, options); + } + throw new import_property_provider.CredentialsProviderError( + `Could not resolve credentials using profile: [${profileName}] in configuration/credentials file(s).`, + { logger: options.logger } + ); +}, "resolveProfileData"); + +// src/fromIni.ts +var fromIni = /* @__PURE__ */ __name((_init = {}) => async ({ callerClientConfig } = {}) => { + const init = { + ..._init, + parentClientConfig: { + ...callerClientConfig, + ..._init.parentClientConfig + } + }; + init.logger?.debug("@aws-sdk/credential-provider-ini - fromIni"); + const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init); + return resolveProfileData( + (0, import_shared_ini_file_loader.getProfileName)({ + profile: _init.profile ?? callerClientConfig?.profile + }), + profiles, + init + ); +}, "fromIni"); +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); + + + +/***/ }), + +/***/ 2424: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +"use strict"; + +var __create = Object.create; +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __getProtoOf = Object.getPrototypeOf; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + } + return to; +}; +var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps( + // If the importer is in node compatibility mode or this is not an ESM + // file that has been converted to a CommonJS file using a Babel- + // compatible transform (i.e. "__esModule" has not been set), then set + // "default" to the CommonJS "module.exports" for node compatibility. + isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target, + mod +)); +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/index.ts +var index_exports = {}; +__export(index_exports, { + credentialsTreatedAsExpired: () => credentialsTreatedAsExpired, + credentialsWillNeedRefresh: () => credentialsWillNeedRefresh, + defaultProvider: () => defaultProvider +}); +module.exports = __toCommonJS(index_exports); + +// src/defaultProvider.ts +var import_credential_provider_env = __nccwpck_require__(8519); + +var import_shared_ini_file_loader = __nccwpck_require__(3507); + +// src/remoteProvider.ts +var import_property_provider = __nccwpck_require__(9721); +var ENV_IMDS_DISABLED = "AWS_EC2_METADATA_DISABLED"; +var remoteProvider = /* @__PURE__ */ __name(async (init) => { + const { ENV_CMDS_FULL_URI, ENV_CMDS_RELATIVE_URI, fromContainerMetadata, fromInstanceMetadata } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(7477))); + if (process.env[ENV_CMDS_RELATIVE_URI] || process.env[ENV_CMDS_FULL_URI]) { + init.logger?.debug("@aws-sdk/credential-provider-node - remoteProvider::fromHttp/fromContainerMetadata"); + const { fromHttp } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(2618))); + return (0, import_property_provider.chain)(fromHttp(init), fromContainerMetadata(init)); + } + if (process.env[ENV_IMDS_DISABLED] && process.env[ENV_IMDS_DISABLED] !== "false") { + return async () => { + throw new import_property_provider.CredentialsProviderError("EC2 Instance Metadata Service access disabled", { logger: init.logger }); + }; + } + init.logger?.debug("@aws-sdk/credential-provider-node - remoteProvider::fromInstanceMetadata"); + return fromInstanceMetadata(init); +}, "remoteProvider"); + +// src/defaultProvider.ts +var multipleCredentialSourceWarningEmitted = false; +var defaultProvider = /* @__PURE__ */ __name((init = {}) => (0, import_property_provider.memoize)( + (0, import_property_provider.chain)( + async () => { + const profile = init.profile ?? process.env[import_shared_ini_file_loader.ENV_PROFILE]; + if (profile) { + const envStaticCredentialsAreSet = process.env[import_credential_provider_env.ENV_KEY] && process.env[import_credential_provider_env.ENV_SECRET]; + if (envStaticCredentialsAreSet) { + if (!multipleCredentialSourceWarningEmitted) { + const warnFn = init.logger?.warn && init.logger?.constructor?.name !== "NoOpLogger" ? init.logger.warn : console.warn; + warnFn( + `@aws-sdk/credential-provider-node - defaultProvider::fromEnv WARNING: + Multiple credential sources detected: + Both AWS_PROFILE and the pair AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY static credentials are set. + This SDK will proceed with the AWS_PROFILE value. + + However, a future version may change this behavior to prefer the ENV static credentials. + Please ensure that your environment only sets either the AWS_PROFILE or the + AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY pair. +` + ); + multipleCredentialSourceWarningEmitted = true; + } + } + throw new import_property_provider.CredentialsProviderError("AWS_PROFILE is set, skipping fromEnv provider.", { + logger: init.logger, + tryNextLink: true + }); + } + init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromEnv"); + return (0, import_credential_provider_env.fromEnv)(init)(); + }, + async () => { + init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromSSO"); + const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoSession } = init; + if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName && !ssoSession) { + throw new import_property_provider.CredentialsProviderError( + "Skipping SSO provider in default chain (inputs do not include SSO fields).", + { logger: init.logger } + ); + } + const { fromSSO } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(7027))); + return fromSSO(init)(); + }, + async () => { + init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromIni"); + const { fromIni } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(9139))); + return fromIni(init)(); + }, + async () => { + init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromProcess"); + const { fromProcess } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(9197))); + return fromProcess(init)(); + }, + async () => { + init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromTokenFile"); + const { fromTokenFile } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(4331))); + return fromTokenFile(init)(); + }, + async () => { + init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::remoteProvider"); + return (await remoteProvider(init))(); + }, + async () => { + throw new import_property_provider.CredentialsProviderError("Could not load credentials from any providers", { + tryNextLink: false, + logger: init.logger + }); + } + ), + credentialsTreatedAsExpired, + credentialsWillNeedRefresh +), "defaultProvider"); +var credentialsWillNeedRefresh = /* @__PURE__ */ __name((credentials) => credentials?.expiration !== void 0, "credentialsWillNeedRefresh"); +var credentialsTreatedAsExpired = /* @__PURE__ */ __name((credentials) => credentials?.expiration !== void 0 && credentials.expiration.getTime() - Date.now() < 3e5, "credentialsTreatedAsExpired"); +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); + + + +/***/ }), + +/***/ 9197: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +"use strict"; + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + } + return to; +}; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/index.ts +var index_exports = {}; +__export(index_exports, { + fromProcess: () => fromProcess +}); +module.exports = __toCommonJS(index_exports); + +// src/fromProcess.ts +var import_shared_ini_file_loader = __nccwpck_require__(3507); + +// src/resolveProcessCredentials.ts +var import_property_provider = __nccwpck_require__(9721); +var import_child_process = __nccwpck_require__(2081); +var import_util = __nccwpck_require__(3837); + +// src/getValidatedProcessCredentials.ts +var import_client = __nccwpck_require__(912); +var getValidatedProcessCredentials = /* @__PURE__ */ __name((profileName, data, profiles) => { + if (data.Version !== 1) { + throw Error(`Profile ${profileName} credential_process did not return Version 1.`); + } + if (data.AccessKeyId === void 0 || data.SecretAccessKey === void 0) { + throw Error(`Profile ${profileName} credential_process returned invalid credentials.`); + } + if (data.Expiration) { + const currentTime = /* @__PURE__ */ new Date(); + const expireTime = new Date(data.Expiration); + if (expireTime < currentTime) { + throw Error(`Profile ${profileName} credential_process returned expired credentials.`); + } + } + let accountId = data.AccountId; + if (!accountId && profiles?.[profileName]?.aws_account_id) { + accountId = profiles[profileName].aws_account_id; + } + const credentials = { + accessKeyId: data.AccessKeyId, + secretAccessKey: data.SecretAccessKey, + ...data.SessionToken && { sessionToken: data.SessionToken }, + ...data.Expiration && { expiration: new Date(data.Expiration) }, + ...data.CredentialScope && { credentialScope: data.CredentialScope }, + ...accountId && { accountId } + }; + (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_PROCESS", "w"); + return credentials; +}, "getValidatedProcessCredentials"); + +// src/resolveProcessCredentials.ts +var resolveProcessCredentials = /* @__PURE__ */ __name(async (profileName, profiles, logger) => { + const profile = profiles[profileName]; + if (profiles[profileName]) { + const credentialProcess = profile["credential_process"]; + if (credentialProcess !== void 0) { + const execPromise = (0, import_util.promisify)(import_child_process.exec); + try { + const { stdout } = await execPromise(credentialProcess); + let data; + try { + data = JSON.parse(stdout.trim()); + } catch { + throw Error(`Profile ${profileName} credential_process returned invalid JSON.`); + } + return getValidatedProcessCredentials(profileName, data, profiles); + } catch (error) { + throw new import_property_provider.CredentialsProviderError(error.message, { logger }); + } + } else { + throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} did not contain credential_process.`, { logger }); + } + } else { + throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} could not be found in shared credentials file.`, { + logger + }); + } +}, "resolveProcessCredentials"); + +// src/fromProcess.ts +var fromProcess = /* @__PURE__ */ __name((init = {}) => async ({ callerClientConfig } = {}) => { + init.logger?.debug("@aws-sdk/credential-provider-process - fromProcess"); + const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init); + return resolveProcessCredentials( + (0, import_shared_ini_file_loader.getProfileName)({ + profile: init.profile ?? callerClientConfig?.profile + }), + profiles, + init.logger + ); +}, "fromProcess"); +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); + + + +/***/ }), + +/***/ 7027: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +"use strict"; + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __esm = (fn, res) => function __init() { + return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res; +}; +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + } + return to; +}; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/loadSso.ts +var loadSso_exports = {}; +__export(loadSso_exports, { + GetRoleCredentialsCommand: () => import_client_sso.GetRoleCredentialsCommand, + SSOClient: () => import_client_sso.SSOClient +}); +var import_client_sso; +var init_loadSso = __esm({ + "src/loadSso.ts"() { + "use strict"; + import_client_sso = __nccwpck_require__(3015); + } +}); + +// src/index.ts +var index_exports = {}; +__export(index_exports, { + fromSSO: () => fromSSO, + isSsoProfile: () => isSsoProfile, + validateSsoProfile: () => validateSsoProfile +}); +module.exports = __toCommonJS(index_exports); + +// src/fromSSO.ts + + + +// src/isSsoProfile.ts +var isSsoProfile = /* @__PURE__ */ __name((arg) => arg && (typeof arg.sso_start_url === "string" || typeof arg.sso_account_id === "string" || typeof arg.sso_session === "string" || typeof arg.sso_region === "string" || typeof arg.sso_role_name === "string"), "isSsoProfile"); + +// src/resolveSSOCredentials.ts +var import_client = __nccwpck_require__(912); +var import_token_providers = __nccwpck_require__(3822); +var import_property_provider = __nccwpck_require__(9721); +var import_shared_ini_file_loader = __nccwpck_require__(3507); +var SHOULD_FAIL_CREDENTIAL_CHAIN = false; +var resolveSSOCredentials = /* @__PURE__ */ __name(async ({ + ssoStartUrl, + ssoSession, + ssoAccountId, + ssoRegion, + ssoRoleName, + ssoClient, + clientConfig, + parentClientConfig, + profile, + logger +}) => { + let token; + const refreshMessage = `To refresh this SSO session run aws sso login with the corresponding profile.`; + if (ssoSession) { + try { + const _token = await (0, import_token_providers.fromSso)({ profile })(); + token = { + accessToken: _token.token, + expiresAt: new Date(_token.expiration).toISOString() + }; + } catch (e) { + throw new import_property_provider.CredentialsProviderError(e.message, { + tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, + logger + }); + } + } else { + try { + token = await (0, import_shared_ini_file_loader.getSSOTokenFromFile)(ssoStartUrl); + } catch (e) { + throw new import_property_provider.CredentialsProviderError(`The SSO session associated with this profile is invalid. ${refreshMessage}`, { + tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, + logger + }); + } + } + if (new Date(token.expiresAt).getTime() - Date.now() <= 0) { + throw new import_property_provider.CredentialsProviderError(`The SSO session associated with this profile has expired. ${refreshMessage}`, { + tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, + logger + }); + } + const { accessToken } = token; + const { SSOClient: SSOClient2, GetRoleCredentialsCommand: GetRoleCredentialsCommand2 } = await Promise.resolve().then(() => (init_loadSso(), loadSso_exports)); + const sso = ssoClient || new SSOClient2( + Object.assign({}, clientConfig ?? {}, { + logger: clientConfig?.logger ?? parentClientConfig?.logger, + region: clientConfig?.region ?? ssoRegion + }) + ); + let ssoResp; + try { + ssoResp = await sso.send( + new GetRoleCredentialsCommand2({ + accountId: ssoAccountId, + roleName: ssoRoleName, + accessToken + }) + ); + } catch (e) { + throw new import_property_provider.CredentialsProviderError(e, { + tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, + logger + }); + } + const { + roleCredentials: { accessKeyId, secretAccessKey, sessionToken, expiration, credentialScope, accountId } = {} + } = ssoResp; + if (!accessKeyId || !secretAccessKey || !sessionToken || !expiration) { + throw new import_property_provider.CredentialsProviderError("SSO returns an invalid temporary credential.", { + tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, + logger + }); + } + const credentials = { + accessKeyId, + secretAccessKey, + sessionToken, + expiration: new Date(expiration), + ...credentialScope && { credentialScope }, + ...accountId && { accountId } + }; + if (ssoSession) { + (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_SSO", "s"); + } else { + (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_SSO_LEGACY", "u"); + } + return credentials; +}, "resolveSSOCredentials"); + +// src/validateSsoProfile.ts + +var validateSsoProfile = /* @__PURE__ */ __name((profile, logger) => { + const { sso_start_url, sso_account_id, sso_region, sso_role_name } = profile; + if (!sso_start_url || !sso_account_id || !sso_region || !sso_role_name) { + throw new import_property_provider.CredentialsProviderError( + `Profile is configured with invalid SSO credentials. Required parameters "sso_account_id", "sso_region", "sso_role_name", "sso_start_url". Got ${Object.keys(profile).join( + ", " + )} +Reference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`, + { tryNextLink: false, logger } + ); + } + return profile; +}, "validateSsoProfile"); + +// src/fromSSO.ts +var fromSSO = /* @__PURE__ */ __name((init = {}) => async ({ callerClientConfig } = {}) => { + init.logger?.debug("@aws-sdk/credential-provider-sso - fromSSO"); + const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoSession } = init; + const { ssoClient } = init; + const profileName = (0, import_shared_ini_file_loader.getProfileName)({ + profile: init.profile ?? callerClientConfig?.profile + }); + if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName && !ssoSession) { + const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init); + const profile = profiles[profileName]; + if (!profile) { + throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} was not found.`, { logger: init.logger }); + } + if (!isSsoProfile(profile)) { + throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} is not configured with SSO credentials.`, { + logger: init.logger + }); + } + if (profile?.sso_session) { + const ssoSessions = await (0, import_shared_ini_file_loader.loadSsoSessionData)(init); + const session = ssoSessions[profile.sso_session]; + const conflictMsg = ` configurations in profile ${profileName} and sso-session ${profile.sso_session}`; + if (ssoRegion && ssoRegion !== session.sso_region) { + throw new import_property_provider.CredentialsProviderError(`Conflicting SSO region` + conflictMsg, { + tryNextLink: false, + logger: init.logger + }); + } + if (ssoStartUrl && ssoStartUrl !== session.sso_start_url) { + throw new import_property_provider.CredentialsProviderError(`Conflicting SSO start_url` + conflictMsg, { + tryNextLink: false, + logger: init.logger + }); + } + profile.sso_region = session.sso_region; + profile.sso_start_url = session.sso_start_url; + } + const { sso_start_url, sso_account_id, sso_region, sso_role_name, sso_session } = validateSsoProfile( + profile, + init.logger + ); + return resolveSSOCredentials({ + ssoStartUrl: sso_start_url, + ssoSession: sso_session, + ssoAccountId: sso_account_id, + ssoRegion: sso_region, + ssoRoleName: sso_role_name, + ssoClient, + clientConfig: init.clientConfig, + parentClientConfig: init.parentClientConfig, + profile: profileName + }); + } else if (!ssoStartUrl || !ssoAccountId || !ssoRegion || !ssoRoleName) { + throw new import_property_provider.CredentialsProviderError( + 'Incomplete configuration. The fromSSO() argument hash must include "ssoStartUrl", "ssoAccountId", "ssoRegion", "ssoRoleName"', + { tryNextLink: false, logger: init.logger } + ); + } else { + return resolveSSOCredentials({ + ssoStartUrl, + ssoSession, + ssoAccountId, + ssoRegion, + ssoRoleName, + ssoClient, + clientConfig: init.clientConfig, + parentClientConfig: init.parentClientConfig, + profile: profileName + }); + } +}, "fromSSO"); +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); + + + +/***/ }), + +/***/ 673: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.fromTokenFile = void 0; +const client_1 = __nccwpck_require__(912); +const property_provider_1 = __nccwpck_require__(9721); +const fs_1 = __nccwpck_require__(7147); +const fromWebToken_1 = __nccwpck_require__(2978); +const ENV_TOKEN_FILE = "AWS_WEB_IDENTITY_TOKEN_FILE"; +const ENV_ROLE_ARN = "AWS_ROLE_ARN"; +const ENV_ROLE_SESSION_NAME = "AWS_ROLE_SESSION_NAME"; +const fromTokenFile = (init = {}) => async () => { + init.logger?.debug("@aws-sdk/credential-provider-web-identity - fromTokenFile"); + const webIdentityTokenFile = init?.webIdentityTokenFile ?? process.env[ENV_TOKEN_FILE]; + const roleArn = init?.roleArn ?? process.env[ENV_ROLE_ARN]; + const roleSessionName = init?.roleSessionName ?? process.env[ENV_ROLE_SESSION_NAME]; + if (!webIdentityTokenFile || !roleArn) { + throw new property_provider_1.CredentialsProviderError("Web identity configuration not specified", { + logger: init.logger, + }); + } + const credentials = await (0, fromWebToken_1.fromWebToken)({ + ...init, + webIdentityToken: (0, fs_1.readFileSync)(webIdentityTokenFile, { encoding: "ascii" }), + roleArn, + roleSessionName, + })(); + if (webIdentityTokenFile === process.env[ENV_TOKEN_FILE]) { + (0, client_1.setCredentialFeature)(credentials, "CREDENTIALS_ENV_VARS_STS_WEB_ID_TOKEN", "h"); + } + return credentials; +}; +exports.fromTokenFile = fromTokenFile; + + +/***/ }), + +/***/ 2978: +/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { + +"use strict"; + +var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { + if (k2 === undefined) k2 = k; + var desc = Object.getOwnPropertyDescriptor(m, k); + if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { + desc = { enumerable: true, get: function() { return m[k]; } }; + } + Object.defineProperty(o, k2, desc); +}) : (function(o, m, k, k2) { + if (k2 === undefined) k2 = k; + o[k2] = m[k]; +})); +var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { + Object.defineProperty(o, "default", { enumerable: true, value: v }); +}) : function(o, v) { + o["default"] = v; +}); +var __importStar = (this && this.__importStar) || (function () { + var ownKeys = function(o) { + ownKeys = Object.getOwnPropertyNames || function (o) { + var ar = []; + for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k; + return ar; + }; + return ownKeys(o); + }; + return function (mod) { + if (mod && mod.__esModule) return mod; + var result = {}; + if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]); + __setModuleDefault(result, mod); + return result; + }; +})(); +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.fromWebToken = void 0; +const fromWebToken = (init) => async (awsIdentityProperties) => { + init.logger?.debug("@aws-sdk/credential-provider-web-identity - fromWebToken"); + const { roleArn, roleSessionName, webIdentityToken, providerId, policyArns, policy, durationSeconds } = init; + let { roleAssumerWithWebIdentity } = init; + if (!roleAssumerWithWebIdentity) { + const { getDefaultRoleAssumerWithWebIdentity } = await Promise.resolve().then(() => __importStar(__nccwpck_require__(3715))); + roleAssumerWithWebIdentity = getDefaultRoleAssumerWithWebIdentity({ + ...init.clientConfig, + credentialProviderLogger: init.logger, + parentClientConfig: { + ...awsIdentityProperties?.callerClientConfig, + ...init.parentClientConfig, + }, + }, init.clientPlugins); + } + return roleAssumerWithWebIdentity({ + RoleArn: roleArn, + RoleSessionName: roleSessionName ?? `aws-sdk-js-session-${Date.now()}`, + WebIdentityToken: webIdentityToken, + ProviderId: providerId, + PolicyArns: policyArns, + Policy: policy, + DurationSeconds: durationSeconds, + }); +}; +exports.fromWebToken = fromWebToken; + + +/***/ }), + +/***/ 4331: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +"use strict"; + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + } + return to; +}; +var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default")); +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/index.ts +var index_exports = {}; +module.exports = __toCommonJS(index_exports); +__reExport(index_exports, __nccwpck_require__(673), module.exports); +__reExport(index_exports, __nccwpck_require__(2978), module.exports); +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); + + + +/***/ }), + +/***/ 8725: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +"use strict"; + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + } + return to; +}; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/index.ts +var index_exports = {}; +__export(index_exports, { + getHostHeaderPlugin: () => getHostHeaderPlugin, + hostHeaderMiddleware: () => hostHeaderMiddleware, + hostHeaderMiddlewareOptions: () => hostHeaderMiddlewareOptions, + resolveHostHeaderConfig: () => resolveHostHeaderConfig +}); +module.exports = __toCommonJS(index_exports); +var import_protocol_http = __nccwpck_require__(4418); +function resolveHostHeaderConfig(input) { + return input; +} +__name(resolveHostHeaderConfig, "resolveHostHeaderConfig"); +var hostHeaderMiddleware = /* @__PURE__ */ __name((options) => (next) => async (args) => { + if (!import_protocol_http.HttpRequest.isInstance(args.request)) return next(args); + const { request } = args; + const { handlerProtocol = "" } = options.requestHandler.metadata || {}; + if (handlerProtocol.indexOf("h2") >= 0 && !request.headers[":authority"]) { + delete request.headers["host"]; + request.headers[":authority"] = request.hostname + (request.port ? ":" + request.port : ""); + } else if (!request.headers["host"]) { + let host = request.hostname; + if (request.port != null) host += `:${request.port}`; + request.headers["host"] = host; + } + return next(args); +}, "hostHeaderMiddleware"); +var hostHeaderMiddlewareOptions = { + name: "hostHeaderMiddleware", + step: "build", + priority: "low", + tags: ["HOST"], + override: true +}; +var getHostHeaderPlugin = /* @__PURE__ */ __name((options) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.add(hostHeaderMiddleware(options), hostHeaderMiddlewareOptions); + }, "applyToStack") +}), "getHostHeaderPlugin"); +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); + + + +/***/ }), + +/***/ 2568: +/***/ ((module) => { + +"use strict"; + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + } + return to; +}; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/index.ts +var index_exports = {}; +__export(index_exports, { + getLoggerPlugin: () => getLoggerPlugin, + loggerMiddleware: () => loggerMiddleware, + loggerMiddlewareOptions: () => loggerMiddlewareOptions +}); +module.exports = __toCommonJS(index_exports); + +// src/loggerMiddleware.ts +var loggerMiddleware = /* @__PURE__ */ __name(() => (next, context) => async (args) => { + try { + const response = await next(args); + const { clientName, commandName, logger, dynamoDbDocumentClientOptions = {} } = context; + const { overrideInputFilterSensitiveLog, overrideOutputFilterSensitiveLog } = dynamoDbDocumentClientOptions; + const inputFilterSensitiveLog = overrideInputFilterSensitiveLog ?? context.inputFilterSensitiveLog; + const outputFilterSensitiveLog = overrideOutputFilterSensitiveLog ?? context.outputFilterSensitiveLog; + const { $metadata, ...outputWithoutMetadata } = response.output; + logger?.info?.({ + clientName, + commandName, + input: inputFilterSensitiveLog(args.input), + output: outputFilterSensitiveLog(outputWithoutMetadata), + metadata: $metadata + }); + return response; + } catch (error) { + const { clientName, commandName, logger, dynamoDbDocumentClientOptions = {} } = context; + const { overrideInputFilterSensitiveLog } = dynamoDbDocumentClientOptions; + const inputFilterSensitiveLog = overrideInputFilterSensitiveLog ?? context.inputFilterSensitiveLog; + logger?.error?.({ + clientName, + commandName, + input: inputFilterSensitiveLog(args.input), + error, + metadata: error.$metadata + }); + throw error; + } +}, "loggerMiddleware"); +var loggerMiddlewareOptions = { + name: "loggerMiddleware", + tags: ["LOGGER"], + step: "initialize", + override: true +}; +var getLoggerPlugin = /* @__PURE__ */ __name((options) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.add(loggerMiddleware(), loggerMiddlewareOptions); + }, "applyToStack") +}), "getLoggerPlugin"); +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); + + + +/***/ }), + +/***/ 7960: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +"use strict"; + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + } + return to; +}; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/index.ts +var index_exports = {}; +__export(index_exports, { + addRecursionDetectionMiddlewareOptions: () => addRecursionDetectionMiddlewareOptions, + getRecursionDetectionPlugin: () => getRecursionDetectionPlugin, + recursionDetectionMiddleware: () => recursionDetectionMiddleware +}); +module.exports = __toCommonJS(index_exports); +var import_protocol_http = __nccwpck_require__(4418); +var TRACE_ID_HEADER_NAME = "X-Amzn-Trace-Id"; +var ENV_LAMBDA_FUNCTION_NAME = "AWS_LAMBDA_FUNCTION_NAME"; +var ENV_TRACE_ID = "_X_AMZN_TRACE_ID"; +var recursionDetectionMiddleware = /* @__PURE__ */ __name((options) => (next) => async (args) => { + const { request } = args; + if (!import_protocol_http.HttpRequest.isInstance(request) || options.runtime !== "node") { + return next(args); + } + const traceIdHeader = Object.keys(request.headers ?? {}).find((h) => h.toLowerCase() === TRACE_ID_HEADER_NAME.toLowerCase()) ?? TRACE_ID_HEADER_NAME; + if (request.headers.hasOwnProperty(traceIdHeader)) { + return next(args); + } + const functionName = process.env[ENV_LAMBDA_FUNCTION_NAME]; + const traceId = process.env[ENV_TRACE_ID]; + const nonEmptyString = /* @__PURE__ */ __name((str) => typeof str === "string" && str.length > 0, "nonEmptyString"); + if (nonEmptyString(functionName) && nonEmptyString(traceId)) { + request.headers[TRACE_ID_HEADER_NAME] = traceId; + } + return next({ + ...args, + request + }); +}, "recursionDetectionMiddleware"); +var addRecursionDetectionMiddlewareOptions = { + step: "build", + tags: ["RECURSION_DETECTION"], + name: "recursionDetectionMiddleware", + override: true, + priority: "low" +}; +var getRecursionDetectionPlugin = /* @__PURE__ */ __name((options) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.add(recursionDetectionMiddleware(options), addRecursionDetectionMiddlewareOptions); + }, "applyToStack") +}), "getRecursionDetectionPlugin"); +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); + + + +/***/ }), + +/***/ 3030: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +"use strict"; + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + } + return to; +}; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/index.ts +var index_exports = {}; +__export(index_exports, { + DEFAULT_UA_APP_ID: () => DEFAULT_UA_APP_ID, + getUserAgentMiddlewareOptions: () => getUserAgentMiddlewareOptions, + getUserAgentPlugin: () => getUserAgentPlugin, + resolveUserAgentConfig: () => resolveUserAgentConfig, + userAgentMiddleware: () => userAgentMiddleware +}); +module.exports = __toCommonJS(index_exports); + +// src/configurations.ts +var import_core = __nccwpck_require__(5829); +var DEFAULT_UA_APP_ID = void 0; +function isValidUserAgentAppId(appId) { + if (appId === void 0) { + return true; + } + return typeof appId === "string" && appId.length <= 50; +} +__name(isValidUserAgentAppId, "isValidUserAgentAppId"); +function resolveUserAgentConfig(input) { + const normalizedAppIdProvider = (0, import_core.normalizeProvider)(input.userAgentAppId ?? DEFAULT_UA_APP_ID); + const { customUserAgent } = input; + return Object.assign(input, { + customUserAgent: typeof customUserAgent === "string" ? [[customUserAgent]] : customUserAgent, + userAgentAppId: /* @__PURE__ */ __name(async () => { + const appId = await normalizedAppIdProvider(); + if (!isValidUserAgentAppId(appId)) { + const logger = input.logger?.constructor?.name === "NoOpLogger" || !input.logger ? console : input.logger; + if (typeof appId !== "string") { + logger?.warn("userAgentAppId must be a string or undefined."); + } else if (appId.length > 50) { + logger?.warn("The provided userAgentAppId exceeds the maximum length of 50 characters."); + } + } + return appId; + }, "userAgentAppId") + }); +} +__name(resolveUserAgentConfig, "resolveUserAgentConfig"); + +// src/user-agent-middleware.ts +var import_util_endpoints = __nccwpck_require__(1256); +var import_protocol_http = __nccwpck_require__(4418); + +// src/check-features.ts +var import_core2 = __nccwpck_require__(8078); +var ACCOUNT_ID_ENDPOINT_REGEX = /\d{12}\.ddb/; +async function checkFeatures(context, config, args) { + const request = args.request; + if (request?.headers?.["smithy-protocol"] === "rpc-v2-cbor") { + (0, import_core2.setFeature)(context, "PROTOCOL_RPC_V2_CBOR", "M"); + } + if (typeof config.retryStrategy === "function") { + const retryStrategy = await config.retryStrategy(); + if (typeof retryStrategy.acquireInitialRetryToken === "function") { + if (retryStrategy.constructor?.name?.includes("Adaptive")) { + (0, import_core2.setFeature)(context, "RETRY_MODE_ADAPTIVE", "F"); + } else { + (0, import_core2.setFeature)(context, "RETRY_MODE_STANDARD", "E"); + } + } else { + (0, import_core2.setFeature)(context, "RETRY_MODE_LEGACY", "D"); + } + } + if (typeof config.accountIdEndpointMode === "function") { + const endpointV2 = context.endpointV2; + if (String(endpointV2?.url?.hostname).match(ACCOUNT_ID_ENDPOINT_REGEX)) { + (0, import_core2.setFeature)(context, "ACCOUNT_ID_ENDPOINT", "O"); + } + switch (await config.accountIdEndpointMode?.()) { + case "disabled": + (0, import_core2.setFeature)(context, "ACCOUNT_ID_MODE_DISABLED", "Q"); + break; + case "preferred": + (0, import_core2.setFeature)(context, "ACCOUNT_ID_MODE_PREFERRED", "P"); + break; + case "required": + (0, import_core2.setFeature)(context, "ACCOUNT_ID_MODE_REQUIRED", "R"); + break; + } + } + const identity = context.__smithy_context?.selectedHttpAuthScheme?.identity; + if (identity?.$source) { + const credentials = identity; + if (credentials.accountId) { + (0, import_core2.setFeature)(context, "RESOLVED_ACCOUNT_ID", "T"); + } + for (const [key, value] of Object.entries(credentials.$source ?? {})) { + (0, import_core2.setFeature)(context, key, value); + } + } +} +__name(checkFeatures, "checkFeatures"); + +// src/constants.ts +var USER_AGENT = "user-agent"; +var X_AMZ_USER_AGENT = "x-amz-user-agent"; +var SPACE = " "; +var UA_NAME_SEPARATOR = "/"; +var UA_NAME_ESCAPE_REGEX = /[^\!\$\%\&\'\*\+\-\.\^\_\`\|\~\d\w]/g; +var UA_VALUE_ESCAPE_REGEX = /[^\!\$\%\&\'\*\+\-\.\^\_\`\|\~\d\w\#]/g; +var UA_ESCAPE_CHAR = "-"; + +// src/encode-features.ts +var BYTE_LIMIT = 1024; +function encodeFeatures(features) { + let buffer = ""; + for (const key in features) { + const val = features[key]; + if (buffer.length + val.length + 1 <= BYTE_LIMIT) { + if (buffer.length) { + buffer += "," + val; + } else { + buffer += val; + } + continue; + } + break; + } + return buffer; +} +__name(encodeFeatures, "encodeFeatures"); + +// src/user-agent-middleware.ts +var userAgentMiddleware = /* @__PURE__ */ __name((options) => (next, context) => async (args) => { + const { request } = args; + if (!import_protocol_http.HttpRequest.isInstance(request)) { + return next(args); + } + const { headers } = request; + const userAgent = context?.userAgent?.map(escapeUserAgent) || []; + const defaultUserAgent = (await options.defaultUserAgentProvider()).map(escapeUserAgent); + await checkFeatures(context, options, args); + const awsContext = context; + defaultUserAgent.push( + `m/${encodeFeatures( + Object.assign({}, context.__smithy_context?.features, awsContext.__aws_sdk_context?.features) + )}` + ); + const customUserAgent = options?.customUserAgent?.map(escapeUserAgent) || []; + const appId = await options.userAgentAppId(); + if (appId) { + defaultUserAgent.push(escapeUserAgent([`app/${appId}`])); + } + const prefix = (0, import_util_endpoints.getUserAgentPrefix)(); + const sdkUserAgentValue = (prefix ? [prefix] : []).concat([...defaultUserAgent, ...userAgent, ...customUserAgent]).join(SPACE); + const normalUAValue = [ + ...defaultUserAgent.filter((section) => section.startsWith("aws-sdk-")), + ...customUserAgent + ].join(SPACE); + if (options.runtime !== "browser") { + if (normalUAValue) { + headers[X_AMZ_USER_AGENT] = headers[X_AMZ_USER_AGENT] ? `${headers[USER_AGENT]} ${normalUAValue}` : normalUAValue; + } + headers[USER_AGENT] = sdkUserAgentValue; + } else { + headers[X_AMZ_USER_AGENT] = sdkUserAgentValue; + } + return next({ + ...args, + request + }); +}, "userAgentMiddleware"); +var escapeUserAgent = /* @__PURE__ */ __name((userAgentPair) => { + const name = userAgentPair[0].split(UA_NAME_SEPARATOR).map((part) => part.replace(UA_NAME_ESCAPE_REGEX, UA_ESCAPE_CHAR)).join(UA_NAME_SEPARATOR); + const version = userAgentPair[1]?.replace(UA_VALUE_ESCAPE_REGEX, UA_ESCAPE_CHAR); + const prefixSeparatorIndex = name.indexOf(UA_NAME_SEPARATOR); + const prefix = name.substring(0, prefixSeparatorIndex); + let uaName = name.substring(prefixSeparatorIndex + 1); + if (prefix === "api") { + uaName = uaName.toLowerCase(); + } + return [prefix, uaName, version].filter((item) => item && item.length > 0).reduce((acc, item, index) => { + switch (index) { + case 0: + return item; + case 1: + return `${acc}/${item}`; + default: + return `${acc}#${item}`; + } + }, ""); +}, "escapeUserAgent"); +var getUserAgentMiddlewareOptions = { + name: "getUserAgentMiddleware", + step: "build", + priority: "low", + tags: ["SET_USER_AGENT", "USER_AGENT"], + override: true +}; +var getUserAgentPlugin = /* @__PURE__ */ __name((config) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.add(userAgentMiddleware(config), getUserAgentMiddlewareOptions); + }, "applyToStack") +}), "getUserAgentPlugin"); +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); + + + +/***/ }), + +/***/ 7009: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.resolveHttpAuthSchemeConfig = exports.defaultSSOOIDCHttpAuthSchemeProvider = exports.defaultSSOOIDCHttpAuthSchemeParametersProvider = void 0; +const core_1 = __nccwpck_require__(8078); +const util_middleware_1 = __nccwpck_require__(2390); +const defaultSSOOIDCHttpAuthSchemeParametersProvider = async (config, context, input) => { + return { + operation: (0, util_middleware_1.getSmithyContext)(context).operation, + region: (await (0, util_middleware_1.normalizeProvider)(config.region)()) || + (() => { + throw new Error("expected `region` to be configured for `aws.auth#sigv4`"); + })(), + }; +}; +exports.defaultSSOOIDCHttpAuthSchemeParametersProvider = defaultSSOOIDCHttpAuthSchemeParametersProvider; +function createAwsAuthSigv4HttpAuthOption(authParameters) { + return { + schemeId: "aws.auth#sigv4", + signingProperties: { + name: "sso-oauth", + region: authParameters.region, + }, + propertiesExtractor: (config, context) => ({ + signingProperties: { + config, + context, + }, + }), + }; +} +function createSmithyApiNoAuthHttpAuthOption(authParameters) { + return { + schemeId: "smithy.api#noAuth", + }; +} +const defaultSSOOIDCHttpAuthSchemeProvider = (authParameters) => { + const options = []; + switch (authParameters.operation) { + case "CreateToken": { + options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); + break; + } + default: { + options.push(createAwsAuthSigv4HttpAuthOption(authParameters)); + } + } + return options; +}; +exports.defaultSSOOIDCHttpAuthSchemeProvider = defaultSSOOIDCHttpAuthSchemeProvider; +const resolveHttpAuthSchemeConfig = (config) => { + const config_0 = (0, core_1.resolveAwsSdkSigV4Config)(config); + return Object.assign(config_0, { + authSchemePreference: (0, util_middleware_1.normalizeProvider)(config.authSchemePreference ?? []), + }); +}; +exports.resolveHttpAuthSchemeConfig = resolveHttpAuthSchemeConfig; + + +/***/ }), + +/***/ 5065: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.defaultEndpointResolver = void 0; +const util_endpoints_1 = __nccwpck_require__(1256); +const util_endpoints_2 = __nccwpck_require__(5473); +const ruleset_1 = __nccwpck_require__(6723); +const cache = new util_endpoints_2.EndpointCache({ + size: 50, + params: ["Endpoint", "Region", "UseDualStack", "UseFIPS"], +}); +const defaultEndpointResolver = (endpointParams, context = {}) => { + return cache.get(endpointParams, () => (0, util_endpoints_2.resolveEndpoint)(ruleset_1.ruleSet, { + endpointParams: endpointParams, + logger: context.logger, + })); +}; +exports.defaultEndpointResolver = defaultEndpointResolver; +util_endpoints_2.customEndpointFunctions.aws = util_endpoints_1.awsEndpointFunctions; + + +/***/ }), + +/***/ 6723: +/***/ ((__unused_webpack_module, exports) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.ruleSet = void 0; +const u = "required", v = "fn", w = "argv", x = "ref"; +const a = true, b = "isSet", c = "booleanEquals", d = "error", e = "endpoint", f = "tree", g = "PartitionResult", h = "getAttr", i = { [u]: false, "type": "String" }, j = { [u]: true, "default": false, "type": "Boolean" }, k = { [x]: "Endpoint" }, l = { [v]: c, [w]: [{ [x]: "UseFIPS" }, true] }, m = { [v]: c, [w]: [{ [x]: "UseDualStack" }, true] }, n = {}, o = { [v]: h, [w]: [{ [x]: g }, "supportsFIPS"] }, p = { [x]: g }, q = { [v]: c, [w]: [true, { [v]: h, [w]: [p, "supportsDualStack"] }] }, r = [l], s = [m], t = [{ [x]: "Region" }]; +const _data = { version: "1.0", parameters: { Region: i, UseDualStack: j, UseFIPS: j, Endpoint: i }, rules: [{ conditions: [{ [v]: b, [w]: [k] }], rules: [{ conditions: r, error: "Invalid Configuration: FIPS and custom endpoint are not supported", type: d }, { conditions: s, error: "Invalid Configuration: Dualstack and custom endpoint are not supported", type: d }, { endpoint: { url: k, properties: n, headers: n }, type: e }], type: f }, { conditions: [{ [v]: b, [w]: t }], rules: [{ conditions: [{ [v]: "aws.partition", [w]: t, assign: g }], rules: [{ conditions: [l, m], rules: [{ conditions: [{ [v]: c, [w]: [a, o] }, q], rules: [{ endpoint: { url: "https://oidc-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: n, headers: n }, type: e }], type: f }, { error: "FIPS and DualStack are enabled, but this partition does not support one or both", type: d }], type: f }, { conditions: r, rules: [{ conditions: [{ [v]: c, [w]: [o, a] }], rules: [{ conditions: [{ [v]: "stringEquals", [w]: [{ [v]: h, [w]: [p, "name"] }, "aws-us-gov"] }], endpoint: { url: "https://oidc.{Region}.amazonaws.com", properties: n, headers: n }, type: e }, { endpoint: { url: "https://oidc-fips.{Region}.{PartitionResult#dnsSuffix}", properties: n, headers: n }, type: e }], type: f }, { error: "FIPS is enabled but this partition does not support FIPS", type: d }], type: f }, { conditions: s, rules: [{ conditions: [q], rules: [{ endpoint: { url: "https://oidc.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: n, headers: n }, type: e }], type: f }, { error: "DualStack is enabled but this partition does not support DualStack", type: d }], type: f }, { endpoint: { url: "https://oidc.{Region}.{PartitionResult#dnsSuffix}", properties: n, headers: n }, type: e }], type: f }], type: f }, { error: "Invalid Configuration: Missing Region", type: d }] }; +exports.ruleSet = _data; + + +/***/ }), + +/***/ 2604: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +"use strict"; + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + } + return to; +}; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/submodules/sso-oidc/index.ts +var index_exports = {}; +__export(index_exports, { + $Command: () => import_smithy_client6.Command, + AccessDeniedException: () => AccessDeniedException, + AuthorizationPendingException: () => AuthorizationPendingException, + CreateTokenCommand: () => CreateTokenCommand, + CreateTokenRequestFilterSensitiveLog: () => CreateTokenRequestFilterSensitiveLog, + CreateTokenResponseFilterSensitiveLog: () => CreateTokenResponseFilterSensitiveLog, + ExpiredTokenException: () => ExpiredTokenException, + InternalServerException: () => InternalServerException, + InvalidClientException: () => InvalidClientException, + InvalidGrantException: () => InvalidGrantException, + InvalidRequestException: () => InvalidRequestException, + InvalidScopeException: () => InvalidScopeException, + SSOOIDC: () => SSOOIDC, + SSOOIDCClient: () => SSOOIDCClient, + SSOOIDCServiceException: () => SSOOIDCServiceException, + SlowDownException: () => SlowDownException, + UnauthorizedClientException: () => UnauthorizedClientException, + UnsupportedGrantTypeException: () => UnsupportedGrantTypeException, + __Client: () => import_smithy_client2.Client +}); +module.exports = __toCommonJS(index_exports); + +// src/submodules/sso-oidc/SSOOIDCClient.ts +var import_middleware_host_header = __nccwpck_require__(8725); +var import_middleware_logger = __nccwpck_require__(2568); +var import_middleware_recursion_detection = __nccwpck_require__(7960); +var import_middleware_user_agent = __nccwpck_require__(3030); +var import_config_resolver = __nccwpck_require__(3098); +var import_core = __nccwpck_require__(5829); +var import_middleware_content_length = __nccwpck_require__(2800); +var import_middleware_endpoint = __nccwpck_require__(2918); +var import_middleware_retry = __nccwpck_require__(6039); +var import_smithy_client2 = __nccwpck_require__(3570); +var import_httpAuthSchemeProvider = __nccwpck_require__(7009); + +// src/submodules/sso-oidc/endpoint/EndpointParameters.ts +var resolveClientEndpointParameters = /* @__PURE__ */ __name((options) => { + return Object.assign(options, { + useDualstackEndpoint: options.useDualstackEndpoint ?? false, + useFipsEndpoint: options.useFipsEndpoint ?? false, + defaultSigningName: "sso-oauth" + }); +}, "resolveClientEndpointParameters"); +var commonParams = { + UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, + Endpoint: { type: "builtInParams", name: "endpoint" }, + Region: { type: "builtInParams", name: "region" }, + UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" } +}; + +// src/submodules/sso-oidc/SSOOIDCClient.ts +var import_runtimeConfig = __nccwpck_require__(9750); + +// src/submodules/sso-oidc/runtimeExtensions.ts +var import_region_config_resolver = __nccwpck_require__(8859); +var import_protocol_http = __nccwpck_require__(4418); +var import_smithy_client = __nccwpck_require__(3570); + +// src/submodules/sso-oidc/auth/httpAuthExtensionConfiguration.ts +var getHttpAuthExtensionConfiguration = /* @__PURE__ */ __name((runtimeConfig) => { + const _httpAuthSchemes = runtimeConfig.httpAuthSchemes; + let _httpAuthSchemeProvider = runtimeConfig.httpAuthSchemeProvider; + let _credentials = runtimeConfig.credentials; + return { + setHttpAuthScheme(httpAuthScheme) { + const index = _httpAuthSchemes.findIndex((scheme) => scheme.schemeId === httpAuthScheme.schemeId); + if (index === -1) { + _httpAuthSchemes.push(httpAuthScheme); + } else { + _httpAuthSchemes.splice(index, 1, httpAuthScheme); + } + }, + httpAuthSchemes() { + return _httpAuthSchemes; + }, + setHttpAuthSchemeProvider(httpAuthSchemeProvider) { + _httpAuthSchemeProvider = httpAuthSchemeProvider; + }, + httpAuthSchemeProvider() { + return _httpAuthSchemeProvider; + }, + setCredentials(credentials) { + _credentials = credentials; + }, + credentials() { + return _credentials; + } + }; +}, "getHttpAuthExtensionConfiguration"); +var resolveHttpAuthRuntimeConfig = /* @__PURE__ */ __name((config) => { + return { + httpAuthSchemes: config.httpAuthSchemes(), + httpAuthSchemeProvider: config.httpAuthSchemeProvider(), + credentials: config.credentials() + }; +}, "resolveHttpAuthRuntimeConfig"); + +// src/submodules/sso-oidc/runtimeExtensions.ts +var resolveRuntimeExtensions = /* @__PURE__ */ __name((runtimeConfig, extensions) => { + const extensionConfiguration = Object.assign( + (0, import_region_config_resolver.getAwsRegionExtensionConfiguration)(runtimeConfig), + (0, import_smithy_client.getDefaultExtensionConfiguration)(runtimeConfig), + (0, import_protocol_http.getHttpHandlerExtensionConfiguration)(runtimeConfig), + getHttpAuthExtensionConfiguration(runtimeConfig) + ); + extensions.forEach((extension) => extension.configure(extensionConfiguration)); + return Object.assign( + runtimeConfig, + (0, import_region_config_resolver.resolveAwsRegionExtensionConfiguration)(extensionConfiguration), + (0, import_smithy_client.resolveDefaultRuntimeConfig)(extensionConfiguration), + (0, import_protocol_http.resolveHttpHandlerRuntimeConfig)(extensionConfiguration), + resolveHttpAuthRuntimeConfig(extensionConfiguration) + ); +}, "resolveRuntimeExtensions"); + +// src/submodules/sso-oidc/SSOOIDCClient.ts +var SSOOIDCClient = class extends import_smithy_client2.Client { + static { + __name(this, "SSOOIDCClient"); + } + /** + * The resolved configuration of SSOOIDCClient class. This is resolved and normalized from the {@link SSOOIDCClientConfig | constructor configuration interface}. + */ + config; + constructor(...[configuration]) { + const _config_0 = (0, import_runtimeConfig.getRuntimeConfig)(configuration || {}); + super(_config_0); + this.initConfig = _config_0; + const _config_1 = resolveClientEndpointParameters(_config_0); + const _config_2 = (0, import_middleware_user_agent.resolveUserAgentConfig)(_config_1); + const _config_3 = (0, import_middleware_retry.resolveRetryConfig)(_config_2); + const _config_4 = (0, import_config_resolver.resolveRegionConfig)(_config_3); + const _config_5 = (0, import_middleware_host_header.resolveHostHeaderConfig)(_config_4); + const _config_6 = (0, import_middleware_endpoint.resolveEndpointConfig)(_config_5); + const _config_7 = (0, import_httpAuthSchemeProvider.resolveHttpAuthSchemeConfig)(_config_6); + const _config_8 = resolveRuntimeExtensions(_config_7, configuration?.extensions || []); + this.config = _config_8; + this.middlewareStack.use((0, import_middleware_user_agent.getUserAgentPlugin)(this.config)); + this.middlewareStack.use((0, import_middleware_retry.getRetryPlugin)(this.config)); + this.middlewareStack.use((0, import_middleware_content_length.getContentLengthPlugin)(this.config)); + this.middlewareStack.use((0, import_middleware_host_header.getHostHeaderPlugin)(this.config)); + this.middlewareStack.use((0, import_middleware_logger.getLoggerPlugin)(this.config)); + this.middlewareStack.use((0, import_middleware_recursion_detection.getRecursionDetectionPlugin)(this.config)); + this.middlewareStack.use( + (0, import_core.getHttpAuthSchemeEndpointRuleSetPlugin)(this.config, { + httpAuthSchemeParametersProvider: import_httpAuthSchemeProvider.defaultSSOOIDCHttpAuthSchemeParametersProvider, + identityProviderConfigProvider: /* @__PURE__ */ __name(async (config) => new import_core.DefaultIdentityProviderConfig({ + "aws.auth#sigv4": config.credentials + }), "identityProviderConfigProvider") + }) + ); + this.middlewareStack.use((0, import_core.getHttpSigningPlugin)(this.config)); + } + /** + * Destroy underlying resources, like sockets. It's usually not necessary to do this. + * However in Node.js, it's best to explicitly shut down the client's agent when it is no longer needed. + * Otherwise, sockets might stay open for quite a long time before the server terminates them. + */ + destroy() { + super.destroy(); + } +}; + +// src/submodules/sso-oidc/SSOOIDC.ts +var import_smithy_client7 = __nccwpck_require__(3570); + +// src/submodules/sso-oidc/commands/CreateTokenCommand.ts +var import_middleware_endpoint2 = __nccwpck_require__(2918); +var import_middleware_serde = __nccwpck_require__(1238); +var import_smithy_client6 = __nccwpck_require__(3570); + +// src/submodules/sso-oidc/models/models_0.ts +var import_smithy_client4 = __nccwpck_require__(3570); + +// src/submodules/sso-oidc/models/SSOOIDCServiceException.ts +var import_smithy_client3 = __nccwpck_require__(3570); +var SSOOIDCServiceException = class _SSOOIDCServiceException extends import_smithy_client3.ServiceException { + static { + __name(this, "SSOOIDCServiceException"); + } + /** + * @internal + */ + constructor(options) { + super(options); + Object.setPrototypeOf(this, _SSOOIDCServiceException.prototype); + } +}; + +// src/submodules/sso-oidc/models/models_0.ts +var AccessDeniedException = class _AccessDeniedException extends SSOOIDCServiceException { + static { + __name(this, "AccessDeniedException"); + } + name = "AccessDeniedException"; + $fault = "client"; + /** + *Single error code. For this exception the value will be access_denied.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; + /** + * @internal + */ + constructor(opts) { + super({ + name: "AccessDeniedException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _AccessDeniedException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; + } +}; +var AuthorizationPendingException = class _AuthorizationPendingException extends SSOOIDCServiceException { + static { + __name(this, "AuthorizationPendingException"); + } + name = "AuthorizationPendingException"; + $fault = "client"; + /** + *Single error code. For this exception the value will be
+ * authorization_pending.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; + /** + * @internal + */ + constructor(opts) { + super({ + name: "AuthorizationPendingException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _AuthorizationPendingException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; + } +}; +var CreateTokenRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.clientSecret && { clientSecret: import_smithy_client4.SENSITIVE_STRING }, + ...obj.refreshToken && { refreshToken: import_smithy_client4.SENSITIVE_STRING }, + ...obj.codeVerifier && { codeVerifier: import_smithy_client4.SENSITIVE_STRING } +}), "CreateTokenRequestFilterSensitiveLog"); +var CreateTokenResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.accessToken && { accessToken: import_smithy_client4.SENSITIVE_STRING }, + ...obj.refreshToken && { refreshToken: import_smithy_client4.SENSITIVE_STRING }, + ...obj.idToken && { idToken: import_smithy_client4.SENSITIVE_STRING } +}), "CreateTokenResponseFilterSensitiveLog"); +var ExpiredTokenException = class _ExpiredTokenException extends SSOOIDCServiceException { + static { + __name(this, "ExpiredTokenException"); + } + name = "ExpiredTokenException"; + $fault = "client"; + /** + *Single error code. For this exception the value will be expired_token.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; + /** + * @internal + */ + constructor(opts) { + super({ + name: "ExpiredTokenException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _ExpiredTokenException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; + } +}; +var InternalServerException = class _InternalServerException extends SSOOIDCServiceException { + static { + __name(this, "InternalServerException"); + } + name = "InternalServerException"; + $fault = "server"; + /** + *Single error code. For this exception the value will be server_error.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; + /** + * @internal + */ + constructor(opts) { + super({ + name: "InternalServerException", + $fault: "server", + ...opts + }); + Object.setPrototypeOf(this, _InternalServerException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; + } +}; +var InvalidClientException = class _InvalidClientException extends SSOOIDCServiceException { + static { + __name(this, "InvalidClientException"); + } + name = "InvalidClientException"; + $fault = "client"; + /** + *Single error code. For this exception the value will be
+ * invalid_client.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; + /** + * @internal + */ + constructor(opts) { + super({ + name: "InvalidClientException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _InvalidClientException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; + } +}; +var InvalidGrantException = class _InvalidGrantException extends SSOOIDCServiceException { + static { + __name(this, "InvalidGrantException"); + } + name = "InvalidGrantException"; + $fault = "client"; + /** + *Single error code. For this exception the value will be invalid_grant.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; + /** + * @internal + */ + constructor(opts) { + super({ + name: "InvalidGrantException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _InvalidGrantException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; + } +}; +var InvalidRequestException = class _InvalidRequestException extends SSOOIDCServiceException { + static { + __name(this, "InvalidRequestException"); + } + name = "InvalidRequestException"; + $fault = "client"; + /** + *Single error code. For this exception the value will be
+ * invalid_request.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; + /** + * @internal + */ + constructor(opts) { + super({ + name: "InvalidRequestException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _InvalidRequestException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; + } +}; +var InvalidScopeException = class _InvalidScopeException extends SSOOIDCServiceException { + static { + __name(this, "InvalidScopeException"); + } + name = "InvalidScopeException"; + $fault = "client"; + /** + *Single error code. For this exception the value will be invalid_scope.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; + /** + * @internal + */ + constructor(opts) { + super({ + name: "InvalidScopeException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _InvalidScopeException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; + } +}; +var SlowDownException = class _SlowDownException extends SSOOIDCServiceException { + static { + __name(this, "SlowDownException"); + } + name = "SlowDownException"; + $fault = "client"; + /** + *Single error code. For this exception the value will be slow_down.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; + /** + * @internal + */ + constructor(opts) { + super({ + name: "SlowDownException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _SlowDownException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; + } +}; +var UnauthorizedClientException = class _UnauthorizedClientException extends SSOOIDCServiceException { + static { + __name(this, "UnauthorizedClientException"); + } + name = "UnauthorizedClientException"; + $fault = "client"; + /** + *Single error code. For this exception the value will be
+ * unauthorized_client.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; + /** + * @internal + */ + constructor(opts) { + super({ + name: "UnauthorizedClientException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _UnauthorizedClientException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; + } +}; +var UnsupportedGrantTypeException = class _UnsupportedGrantTypeException extends SSOOIDCServiceException { + static { + __name(this, "UnsupportedGrantTypeException"); + } + name = "UnsupportedGrantTypeException"; + $fault = "client"; + /** + *Single error code. For this exception the value will be
+ * unsupported_grant_type.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; + /** + * @internal + */ + constructor(opts) { + super({ + name: "UnsupportedGrantTypeException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _UnsupportedGrantTypeException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; + } +}; + +// src/submodules/sso-oidc/protocols/Aws_restJson1.ts +var import_core2 = __nccwpck_require__(8078); +var import_core3 = __nccwpck_require__(5829); +var import_smithy_client5 = __nccwpck_require__(3570); +var se_CreateTokenCommand = /* @__PURE__ */ __name(async (input, context) => { + const b = (0, import_core3.requestBuilder)(input, context); + const headers = { + "content-type": "application/json" + }; + b.bp("/token"); + let body; + body = JSON.stringify( + (0, import_smithy_client5.take)(input, { + clientId: [], + clientSecret: [], + code: [], + codeVerifier: [], + deviceCode: [], + grantType: [], + redirectUri: [], + refreshToken: [], + scope: /* @__PURE__ */ __name((_) => (0, import_smithy_client5._json)(_), "scope") + }) + ); + b.m("POST").h(headers).b(body); + return b.build(); +}, "se_CreateTokenCommand"); +var de_CreateTokenCommand = /* @__PURE__ */ __name(async (output, context) => { + if (output.statusCode !== 200 && output.statusCode >= 300) { + return de_CommandError(output, context); + } + const contents = (0, import_smithy_client5.map)({ + $metadata: deserializeMetadata(output) + }); + const data = (0, import_smithy_client5.expectNonNull)((0, import_smithy_client5.expectObject)(await (0, import_core2.parseJsonBody)(output.body, context)), "body"); + const doc = (0, import_smithy_client5.take)(data, { + accessToken: import_smithy_client5.expectString, + expiresIn: import_smithy_client5.expectInt32, + idToken: import_smithy_client5.expectString, + refreshToken: import_smithy_client5.expectString, + tokenType: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + return contents; +}, "de_CreateTokenCommand"); +var de_CommandError = /* @__PURE__ */ __name(async (output, context) => { + const parsedOutput = { + ...output, + body: await (0, import_core2.parseJsonErrorBody)(output.body, context) + }; + const errorCode = (0, import_core2.loadRestJsonErrorCode)(output, parsedOutput.body); + switch (errorCode) { + case "AccessDeniedException": + case "com.amazonaws.ssooidc#AccessDeniedException": + throw await de_AccessDeniedExceptionRes(parsedOutput, context); + case "AuthorizationPendingException": + case "com.amazonaws.ssooidc#AuthorizationPendingException": + throw await de_AuthorizationPendingExceptionRes(parsedOutput, context); + case "ExpiredTokenException": + case "com.amazonaws.ssooidc#ExpiredTokenException": + throw await de_ExpiredTokenExceptionRes(parsedOutput, context); + case "InternalServerException": + case "com.amazonaws.ssooidc#InternalServerException": + throw await de_InternalServerExceptionRes(parsedOutput, context); + case "InvalidClientException": + case "com.amazonaws.ssooidc#InvalidClientException": + throw await de_InvalidClientExceptionRes(parsedOutput, context); + case "InvalidGrantException": + case "com.amazonaws.ssooidc#InvalidGrantException": + throw await de_InvalidGrantExceptionRes(parsedOutput, context); + case "InvalidRequestException": + case "com.amazonaws.ssooidc#InvalidRequestException": + throw await de_InvalidRequestExceptionRes(parsedOutput, context); + case "InvalidScopeException": + case "com.amazonaws.ssooidc#InvalidScopeException": + throw await de_InvalidScopeExceptionRes(parsedOutput, context); + case "SlowDownException": + case "com.amazonaws.ssooidc#SlowDownException": + throw await de_SlowDownExceptionRes(parsedOutput, context); + case "UnauthorizedClientException": + case "com.amazonaws.ssooidc#UnauthorizedClientException": + throw await de_UnauthorizedClientExceptionRes(parsedOutput, context); + case "UnsupportedGrantTypeException": + case "com.amazonaws.ssooidc#UnsupportedGrantTypeException": + throw await de_UnsupportedGrantTypeExceptionRes(parsedOutput, context); + default: + const parsedBody = parsedOutput.body; + return throwDefaultError({ + output, + parsedBody, + errorCode + }); + } +}, "de_CommandError"); +var throwDefaultError = (0, import_smithy_client5.withBaseException)(SSOOIDCServiceException); +var de_AccessDeniedExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + const exception = new AccessDeniedException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_AccessDeniedExceptionRes"); +var de_AuthorizationPendingExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + const exception = new AuthorizationPendingException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_AuthorizationPendingExceptionRes"); +var de_ExpiredTokenExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + const exception = new ExpiredTokenException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_ExpiredTokenExceptionRes"); +var de_InternalServerExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + const exception = new InternalServerException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_InternalServerExceptionRes"); +var de_InvalidClientExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + const exception = new InvalidClientException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_InvalidClientExceptionRes"); +var de_InvalidGrantExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + const exception = new InvalidGrantException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_InvalidGrantExceptionRes"); +var de_InvalidRequestExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + const exception = new InvalidRequestException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_InvalidRequestExceptionRes"); +var de_InvalidScopeExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + const exception = new InvalidScopeException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_InvalidScopeExceptionRes"); +var de_SlowDownExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + const exception = new SlowDownException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_SlowDownExceptionRes"); +var de_UnauthorizedClientExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + const exception = new UnauthorizedClientException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_UnauthorizedClientExceptionRes"); +var de_UnsupportedGrantTypeExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + const exception = new UnsupportedGrantTypeException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_UnsupportedGrantTypeExceptionRes"); +var deserializeMetadata = /* @__PURE__ */ __name((output) => ({ + httpStatusCode: output.statusCode, + requestId: output.headers["x-amzn-requestid"] ?? output.headers["x-amzn-request-id"] ?? output.headers["x-amz-request-id"], + extendedRequestId: output.headers["x-amz-id-2"], + cfId: output.headers["x-amz-cf-id"] +}), "deserializeMetadata"); + +// src/submodules/sso-oidc/commands/CreateTokenCommand.ts +var CreateTokenCommand = class extends import_smithy_client6.Command.classBuilder().ep(commonParams).m(function(Command, cs, config, o) { + return [ + (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), + (0, import_middleware_endpoint2.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) + ]; +}).s("AWSSSOOIDCService", "CreateToken", {}).n("SSOOIDCClient", "CreateTokenCommand").f(CreateTokenRequestFilterSensitiveLog, CreateTokenResponseFilterSensitiveLog).ser(se_CreateTokenCommand).de(de_CreateTokenCommand).build() { + static { + __name(this, "CreateTokenCommand"); + } +}; + +// src/submodules/sso-oidc/SSOOIDC.ts +var commands = { + CreateTokenCommand +}; +var SSOOIDC = class extends SSOOIDCClient { + static { + __name(this, "SSOOIDC"); + } +}; +(0, import_smithy_client7.createAggregatedClient)(commands, SSOOIDC); +// Annotate the CommonJS export names for ESM import in node: +0 && (0); + + +/***/ }), + +/***/ 9750: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.getRuntimeConfig = void 0; +const tslib_1 = __nccwpck_require__(4351); +const package_json_1 = tslib_1.__importDefault(__nccwpck_require__(3942)); +const core_1 = __nccwpck_require__(8078); +const util_user_agent_node_1 = __nccwpck_require__(5380); +const config_resolver_1 = __nccwpck_require__(3098); +const hash_node_1 = __nccwpck_require__(3081); +const middleware_retry_1 = __nccwpck_require__(6039); +const node_config_provider_1 = __nccwpck_require__(3461); +const node_http_handler_1 = __nccwpck_require__(258); +const util_body_length_node_1 = __nccwpck_require__(8075); +const util_retry_1 = __nccwpck_require__(4902); +const runtimeConfig_shared_1 = __nccwpck_require__(8319); +const smithy_client_1 = __nccwpck_require__(3570); +const util_defaults_mode_node_1 = __nccwpck_require__(2429); +const smithy_client_2 = __nccwpck_require__(3570); +const getRuntimeConfig = (config) => { + (0, smithy_client_2.emitWarningIfUnsupportedVersion)(process.version); + const defaultsMode = (0, util_defaults_mode_node_1.resolveDefaultsModeConfig)(config); + const defaultConfigProvider = () => defaultsMode().then(smithy_client_1.loadConfigsForDefaultMode); + const clientSharedValues = (0, runtimeConfig_shared_1.getRuntimeConfig)(config); + (0, core_1.emitWarningIfUnsupportedVersion)(process.version); + const loaderConfig = { + profile: config?.profile, + logger: clientSharedValues.logger, + }; + return { + ...clientSharedValues, + ...config, + runtime: "node", + defaultsMode, + authSchemePreference: config?.authSchemePreference ?? (0, node_config_provider_1.loadConfig)(core_1.NODE_AUTH_SCHEME_PREFERENCE_OPTIONS, loaderConfig), + bodyLengthChecker: config?.bodyLengthChecker ?? util_body_length_node_1.calculateBodyLength, + defaultUserAgentProvider: config?.defaultUserAgentProvider ?? + (0, util_user_agent_node_1.createDefaultUserAgentProvider)({ serviceId: clientSharedValues.serviceId, clientVersion: package_json_1.default.version }), + maxAttempts: config?.maxAttempts ?? (0, node_config_provider_1.loadConfig)(middleware_retry_1.NODE_MAX_ATTEMPT_CONFIG_OPTIONS, config), + region: config?.region ?? + (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_REGION_CONFIG_OPTIONS, { ...config_resolver_1.NODE_REGION_CONFIG_FILE_OPTIONS, ...loaderConfig }), + requestHandler: node_http_handler_1.NodeHttpHandler.create(config?.requestHandler ?? defaultConfigProvider), + retryMode: config?.retryMode ?? + (0, node_config_provider_1.loadConfig)({ + ...middleware_retry_1.NODE_RETRY_MODE_CONFIG_OPTIONS, + default: async () => (await defaultConfigProvider()).retryMode || util_retry_1.DEFAULT_RETRY_MODE, + }, config), + sha256: config?.sha256 ?? hash_node_1.Hash.bind(null, "sha256"), + streamCollector: config?.streamCollector ?? node_http_handler_1.streamCollector, + useDualstackEndpoint: config?.useDualstackEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS, loaderConfig), + useFipsEndpoint: config?.useFipsEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS, loaderConfig), + userAgentAppId: config?.userAgentAppId ?? (0, node_config_provider_1.loadConfig)(util_user_agent_node_1.NODE_APP_ID_CONFIG_OPTIONS, loaderConfig), + }; +}; +exports.getRuntimeConfig = getRuntimeConfig; + + +/***/ }), + +/***/ 8319: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.getRuntimeConfig = void 0; +const core_1 = __nccwpck_require__(8078); +const core_2 = __nccwpck_require__(5829); +const smithy_client_1 = __nccwpck_require__(3570); +const url_parser_1 = __nccwpck_require__(4681); +const util_base64_1 = __nccwpck_require__(5600); +const util_utf8_1 = __nccwpck_require__(1895); +const httpAuthSchemeProvider_1 = __nccwpck_require__(7009); +const endpointResolver_1 = __nccwpck_require__(5065); +const getRuntimeConfig = (config) => { + return { + apiVersion: "2019-06-10", + base64Decoder: config?.base64Decoder ?? util_base64_1.fromBase64, + base64Encoder: config?.base64Encoder ?? util_base64_1.toBase64, + disableHostPrefix: config?.disableHostPrefix ?? false, + endpointProvider: config?.endpointProvider ?? endpointResolver_1.defaultEndpointResolver, + extensions: config?.extensions ?? [], + httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? httpAuthSchemeProvider_1.defaultSSOOIDCHttpAuthSchemeProvider, + httpAuthSchemes: config?.httpAuthSchemes ?? [ + { + schemeId: "aws.auth#sigv4", + identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4"), + signer: new core_1.AwsSdkSigV4Signer(), + }, + { + schemeId: "smithy.api#noAuth", + identityProvider: (ipc) => ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})), + signer: new core_2.NoAuthSigner(), + }, + ], + logger: config?.logger ?? new smithy_client_1.NoOpLogger(), + serviceId: config?.serviceId ?? "SSO OIDC", + urlParser: config?.urlParser ?? url_parser_1.parseUrl, + utf8Decoder: config?.utf8Decoder ?? util_utf8_1.fromUtf8, + utf8Encoder: config?.utf8Encoder ?? util_utf8_1.toUtf8, + }; +}; +exports.getRuntimeConfig = getRuntimeConfig; + + +/***/ }), + +/***/ 4113: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.STSClient = exports.__Client = void 0; +const middleware_host_header_1 = __nccwpck_require__(8725); +const middleware_logger_1 = __nccwpck_require__(2568); +const middleware_recursion_detection_1 = __nccwpck_require__(7960); +const middleware_user_agent_1 = __nccwpck_require__(3030); +const config_resolver_1 = __nccwpck_require__(3098); +const core_1 = __nccwpck_require__(5829); +const middleware_content_length_1 = __nccwpck_require__(2800); +const middleware_endpoint_1 = __nccwpck_require__(2918); +const middleware_retry_1 = __nccwpck_require__(6039); +const smithy_client_1 = __nccwpck_require__(3570); +Object.defineProperty(exports, "__Client", ({ enumerable: true, get: function () { return smithy_client_1.Client; } })); +const httpAuthSchemeProvider_1 = __nccwpck_require__(5569); +const EndpointParameters_1 = __nccwpck_require__(3207); +const runtimeConfig_1 = __nccwpck_require__(2719); +const runtimeExtensions_1 = __nccwpck_require__(9660); +class STSClient extends smithy_client_1.Client { + config; + constructor(...[configuration]) { + const _config_0 = (0, runtimeConfig_1.getRuntimeConfig)(configuration || {}); + super(_config_0); + this.initConfig = _config_0; + const _config_1 = (0, EndpointParameters_1.resolveClientEndpointParameters)(_config_0); + const _config_2 = (0, middleware_user_agent_1.resolveUserAgentConfig)(_config_1); + const _config_3 = (0, middleware_retry_1.resolveRetryConfig)(_config_2); + const _config_4 = (0, config_resolver_1.resolveRegionConfig)(_config_3); + const _config_5 = (0, middleware_host_header_1.resolveHostHeaderConfig)(_config_4); + const _config_6 = (0, middleware_endpoint_1.resolveEndpointConfig)(_config_5); + const _config_7 = (0, httpAuthSchemeProvider_1.resolveHttpAuthSchemeConfig)(_config_6); + const _config_8 = (0, runtimeExtensions_1.resolveRuntimeExtensions)(_config_7, configuration?.extensions || []); + this.config = _config_8; + this.middlewareStack.use((0, middleware_user_agent_1.getUserAgentPlugin)(this.config)); + this.middlewareStack.use((0, middleware_retry_1.getRetryPlugin)(this.config)); + this.middlewareStack.use((0, middleware_content_length_1.getContentLengthPlugin)(this.config)); + this.middlewareStack.use((0, middleware_host_header_1.getHostHeaderPlugin)(this.config)); + this.middlewareStack.use((0, middleware_logger_1.getLoggerPlugin)(this.config)); + this.middlewareStack.use((0, middleware_recursion_detection_1.getRecursionDetectionPlugin)(this.config)); + this.middlewareStack.use((0, core_1.getHttpAuthSchemeEndpointRuleSetPlugin)(this.config, { + httpAuthSchemeParametersProvider: httpAuthSchemeProvider_1.defaultSTSHttpAuthSchemeParametersProvider, + identityProviderConfigProvider: async (config) => new core_1.DefaultIdentityProviderConfig({ + "aws.auth#sigv4": config.credentials, + }), + })); + this.middlewareStack.use((0, core_1.getHttpSigningPlugin)(this.config)); + } + destroy() { + super.destroy(); + } +} +exports.STSClient = STSClient; + + +/***/ }), + +/***/ 2995: +/***/ ((__unused_webpack_module, exports) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.resolveHttpAuthRuntimeConfig = exports.getHttpAuthExtensionConfiguration = void 0; +const getHttpAuthExtensionConfiguration = (runtimeConfig) => { + const _httpAuthSchemes = runtimeConfig.httpAuthSchemes; + let _httpAuthSchemeProvider = runtimeConfig.httpAuthSchemeProvider; + let _credentials = runtimeConfig.credentials; + return { + setHttpAuthScheme(httpAuthScheme) { + const index = _httpAuthSchemes.findIndex((scheme) => scheme.schemeId === httpAuthScheme.schemeId); + if (index === -1) { + _httpAuthSchemes.push(httpAuthScheme); + } + else { + _httpAuthSchemes.splice(index, 1, httpAuthScheme); + } + }, + httpAuthSchemes() { + return _httpAuthSchemes; + }, + setHttpAuthSchemeProvider(httpAuthSchemeProvider) { + _httpAuthSchemeProvider = httpAuthSchemeProvider; + }, + httpAuthSchemeProvider() { + return _httpAuthSchemeProvider; + }, + setCredentials(credentials) { + _credentials = credentials; + }, + credentials() { + return _credentials; + }, + }; +}; +exports.getHttpAuthExtensionConfiguration = getHttpAuthExtensionConfiguration; +const resolveHttpAuthRuntimeConfig = (config) => { + return { + httpAuthSchemes: config.httpAuthSchemes(), + httpAuthSchemeProvider: config.httpAuthSchemeProvider(), + credentials: config.credentials(), + }; +}; +exports.resolveHttpAuthRuntimeConfig = resolveHttpAuthRuntimeConfig; + + +/***/ }), + +/***/ 5569: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.resolveHttpAuthSchemeConfig = exports.resolveStsAuthConfig = exports.defaultSTSHttpAuthSchemeProvider = exports.defaultSTSHttpAuthSchemeParametersProvider = void 0; +const core_1 = __nccwpck_require__(8078); +const util_middleware_1 = __nccwpck_require__(2390); +const STSClient_1 = __nccwpck_require__(4113); +const defaultSTSHttpAuthSchemeParametersProvider = async (config, context, input) => { + return { + operation: (0, util_middleware_1.getSmithyContext)(context).operation, + region: (await (0, util_middleware_1.normalizeProvider)(config.region)()) || + (() => { + throw new Error("expected `region` to be configured for `aws.auth#sigv4`"); + })(), + }; +}; +exports.defaultSTSHttpAuthSchemeParametersProvider = defaultSTSHttpAuthSchemeParametersProvider; +function createAwsAuthSigv4HttpAuthOption(authParameters) { + return { + schemeId: "aws.auth#sigv4", + signingProperties: { + name: "sts", + region: authParameters.region, + }, + propertiesExtractor: (config, context) => ({ + signingProperties: { + config, + context, + }, + }), + }; +} +function createSmithyApiNoAuthHttpAuthOption(authParameters) { + return { + schemeId: "smithy.api#noAuth", + }; +} +const defaultSTSHttpAuthSchemeProvider = (authParameters) => { + const options = []; + switch (authParameters.operation) { + case "AssumeRoleWithWebIdentity": { + options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); + break; + } + default: { + options.push(createAwsAuthSigv4HttpAuthOption(authParameters)); + } + } + return options; +}; +exports.defaultSTSHttpAuthSchemeProvider = defaultSTSHttpAuthSchemeProvider; +const resolveStsAuthConfig = (input) => Object.assign(input, { + stsClientCtor: STSClient_1.STSClient, +}); +exports.resolveStsAuthConfig = resolveStsAuthConfig; +const resolveHttpAuthSchemeConfig = (config) => { + const config_0 = (0, exports.resolveStsAuthConfig)(config); + const config_1 = (0, core_1.resolveAwsSdkSigV4Config)(config_0); + return Object.assign(config_1, { + authSchemePreference: (0, util_middleware_1.normalizeProvider)(config.authSchemePreference ?? []), + }); +}; +exports.resolveHttpAuthSchemeConfig = resolveHttpAuthSchemeConfig; + + +/***/ }), + +/***/ 3207: +/***/ ((__unused_webpack_module, exports) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.commonParams = exports.resolveClientEndpointParameters = void 0; +const resolveClientEndpointParameters = (options) => { + return Object.assign(options, { + useDualstackEndpoint: options.useDualstackEndpoint ?? false, + useFipsEndpoint: options.useFipsEndpoint ?? false, + useGlobalEndpoint: options.useGlobalEndpoint ?? false, + defaultSigningName: "sts", + }); +}; +exports.resolveClientEndpointParameters = resolveClientEndpointParameters; +exports.commonParams = { + UseGlobalEndpoint: { type: "builtInParams", name: "useGlobalEndpoint" }, + UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, + Endpoint: { type: "builtInParams", name: "endpoint" }, + Region: { type: "builtInParams", name: "region" }, + UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" }, +}; + + +/***/ }), + +/***/ 2282: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.defaultEndpointResolver = void 0; +const util_endpoints_1 = __nccwpck_require__(1256); +const util_endpoints_2 = __nccwpck_require__(5473); +const ruleset_1 = __nccwpck_require__(505); +const cache = new util_endpoints_2.EndpointCache({ + size: 50, + params: ["Endpoint", "Region", "UseDualStack", "UseFIPS", "UseGlobalEndpoint"], +}); +const defaultEndpointResolver = (endpointParams, context = {}) => { + return cache.get(endpointParams, () => (0, util_endpoints_2.resolveEndpoint)(ruleset_1.ruleSet, { + endpointParams: endpointParams, + logger: context.logger, + })); +}; +exports.defaultEndpointResolver = defaultEndpointResolver; +util_endpoints_2.customEndpointFunctions.aws = util_endpoints_1.awsEndpointFunctions; + + +/***/ }), + +/***/ 505: +/***/ ((__unused_webpack_module, exports) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.ruleSet = void 0; +const F = "required", G = "type", H = "fn", I = "argv", J = "ref"; +const a = false, b = true, c = "booleanEquals", d = "stringEquals", e = "sigv4", f = "sts", g = "us-east-1", h = "endpoint", i = "https://sts.{Region}.{PartitionResult#dnsSuffix}", j = "tree", k = "error", l = "getAttr", m = { [F]: false, [G]: "String" }, n = { [F]: true, "default": false, [G]: "Boolean" }, o = { [J]: "Endpoint" }, p = { [H]: "isSet", [I]: [{ [J]: "Region" }] }, q = { [J]: "Region" }, r = { [H]: "aws.partition", [I]: [q], "assign": "PartitionResult" }, s = { [J]: "UseFIPS" }, t = { [J]: "UseDualStack" }, u = { "url": "https://sts.amazonaws.com", "properties": { "authSchemes": [{ "name": e, "signingName": f, "signingRegion": g }] }, "headers": {} }, v = {}, w = { "conditions": [{ [H]: d, [I]: [q, "aws-global"] }], [h]: u, [G]: h }, x = { [H]: c, [I]: [s, true] }, y = { [H]: c, [I]: [t, true] }, z = { [H]: l, [I]: [{ [J]: "PartitionResult" }, "supportsFIPS"] }, A = { [J]: "PartitionResult" }, B = { [H]: c, [I]: [true, { [H]: l, [I]: [A, "supportsDualStack"] }] }, C = [{ [H]: "isSet", [I]: [o] }], D = [x], E = [y]; +const _data = { version: "1.0", parameters: { Region: m, UseDualStack: n, UseFIPS: n, Endpoint: m, UseGlobalEndpoint: n }, rules: [{ conditions: [{ [H]: c, [I]: [{ [J]: "UseGlobalEndpoint" }, b] }, { [H]: "not", [I]: C }, p, r, { [H]: c, [I]: [s, a] }, { [H]: c, [I]: [t, a] }], rules: [{ conditions: [{ [H]: d, [I]: [q, "ap-northeast-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "ap-south-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "ap-southeast-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "ap-southeast-2"] }], endpoint: u, [G]: h }, w, { conditions: [{ [H]: d, [I]: [q, "ca-central-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-central-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-north-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-west-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-west-2"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-west-3"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "sa-east-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, g] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "us-east-2"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "us-west-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "us-west-2"] }], endpoint: u, [G]: h }, { endpoint: { url: i, properties: { authSchemes: [{ name: e, signingName: f, signingRegion: "{Region}" }] }, headers: v }, [G]: h }], [G]: j }, { conditions: C, rules: [{ conditions: D, error: "Invalid Configuration: FIPS and custom endpoint are not supported", [G]: k }, { conditions: E, error: "Invalid Configuration: Dualstack and custom endpoint are not supported", [G]: k }, { endpoint: { url: o, properties: v, headers: v }, [G]: h }], [G]: j }, { conditions: [p], rules: [{ conditions: [r], rules: [{ conditions: [x, y], rules: [{ conditions: [{ [H]: c, [I]: [b, z] }, B], rules: [{ endpoint: { url: "https://sts-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: v, headers: v }, [G]: h }], [G]: j }, { error: "FIPS and DualStack are enabled, but this partition does not support one or both", [G]: k }], [G]: j }, { conditions: D, rules: [{ conditions: [{ [H]: c, [I]: [z, b] }], rules: [{ conditions: [{ [H]: d, [I]: [{ [H]: l, [I]: [A, "name"] }, "aws-us-gov"] }], endpoint: { url: "https://sts.{Region}.amazonaws.com", properties: v, headers: v }, [G]: h }, { endpoint: { url: "https://sts-fips.{Region}.{PartitionResult#dnsSuffix}", properties: v, headers: v }, [G]: h }], [G]: j }, { error: "FIPS is enabled but this partition does not support FIPS", [G]: k }], [G]: j }, { conditions: E, rules: [{ conditions: [B], rules: [{ endpoint: { url: "https://sts.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: v, headers: v }, [G]: h }], [G]: j }, { error: "DualStack is enabled but this partition does not support DualStack", [G]: k }], [G]: j }, w, { endpoint: { url: i, properties: v, headers: v }, [G]: h }], [G]: j }], [G]: j }, { error: "Invalid Configuration: Missing Region", [G]: k }] }; +exports.ruleSet = _data; + + +/***/ }), + +/***/ 3715: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +"use strict"; + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + } + return to; +}; +var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default")); +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/submodules/sts/index.ts +var index_exports = {}; +__export(index_exports, { + AssumeRoleCommand: () => AssumeRoleCommand, + AssumeRoleResponseFilterSensitiveLog: () => AssumeRoleResponseFilterSensitiveLog, + AssumeRoleWithWebIdentityCommand: () => AssumeRoleWithWebIdentityCommand, + AssumeRoleWithWebIdentityRequestFilterSensitiveLog: () => AssumeRoleWithWebIdentityRequestFilterSensitiveLog, + AssumeRoleWithWebIdentityResponseFilterSensitiveLog: () => AssumeRoleWithWebIdentityResponseFilterSensitiveLog, + ClientInputEndpointParameters: () => import_EndpointParameters3.ClientInputEndpointParameters, + CredentialsFilterSensitiveLog: () => CredentialsFilterSensitiveLog, + ExpiredTokenException: () => ExpiredTokenException, + IDPCommunicationErrorException: () => IDPCommunicationErrorException, + IDPRejectedClaimException: () => IDPRejectedClaimException, + InvalidIdentityTokenException: () => InvalidIdentityTokenException, + MalformedPolicyDocumentException: () => MalformedPolicyDocumentException, + PackedPolicyTooLargeException: () => PackedPolicyTooLargeException, + RegionDisabledException: () => RegionDisabledException, + STS: () => STS, + STSServiceException: () => STSServiceException, + decorateDefaultCredentialProvider: () => decorateDefaultCredentialProvider, + getDefaultRoleAssumer: () => getDefaultRoleAssumer2, + getDefaultRoleAssumerWithWebIdentity: () => getDefaultRoleAssumerWithWebIdentity2 +}); +module.exports = __toCommonJS(index_exports); +__reExport(index_exports, __nccwpck_require__(4113), module.exports); + +// src/submodules/sts/STS.ts +var import_smithy_client6 = __nccwpck_require__(3570); + +// src/submodules/sts/commands/AssumeRoleCommand.ts +var import_middleware_endpoint = __nccwpck_require__(2918); +var import_middleware_serde = __nccwpck_require__(1238); +var import_smithy_client4 = __nccwpck_require__(3570); +var import_EndpointParameters = __nccwpck_require__(3207); + +// src/submodules/sts/models/models_0.ts +var import_smithy_client2 = __nccwpck_require__(3570); + +// src/submodules/sts/models/STSServiceException.ts +var import_smithy_client = __nccwpck_require__(3570); +var STSServiceException = class _STSServiceException extends import_smithy_client.ServiceException { + static { + __name(this, "STSServiceException"); + } + /** + * @internal + */ + constructor(options) { + super(options); + Object.setPrototypeOf(this, _STSServiceException.prototype); + } +}; + +// src/submodules/sts/models/models_0.ts +var CredentialsFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.SecretAccessKey && { SecretAccessKey: import_smithy_client2.SENSITIVE_STRING } +}), "CredentialsFilterSensitiveLog"); +var AssumeRoleResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) } +}), "AssumeRoleResponseFilterSensitiveLog"); +var ExpiredTokenException = class _ExpiredTokenException extends STSServiceException { + static { + __name(this, "ExpiredTokenException"); + } + name = "ExpiredTokenException"; + $fault = "client"; + /** + * @internal + */ + constructor(opts) { + super({ + name: "ExpiredTokenException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _ExpiredTokenException.prototype); + } +}; +var MalformedPolicyDocumentException = class _MalformedPolicyDocumentException extends STSServiceException { + static { + __name(this, "MalformedPolicyDocumentException"); + } + name = "MalformedPolicyDocumentException"; + $fault = "client"; + /** + * @internal + */ + constructor(opts) { + super({ + name: "MalformedPolicyDocumentException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _MalformedPolicyDocumentException.prototype); + } +}; +var PackedPolicyTooLargeException = class _PackedPolicyTooLargeException extends STSServiceException { + static { + __name(this, "PackedPolicyTooLargeException"); + } + name = "PackedPolicyTooLargeException"; + $fault = "client"; + /** + * @internal + */ + constructor(opts) { + super({ + name: "PackedPolicyTooLargeException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _PackedPolicyTooLargeException.prototype); + } +}; +var RegionDisabledException = class _RegionDisabledException extends STSServiceException { + static { + __name(this, "RegionDisabledException"); + } + name = "RegionDisabledException"; + $fault = "client"; + /** + * @internal + */ + constructor(opts) { + super({ + name: "RegionDisabledException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _RegionDisabledException.prototype); + } +}; +var IDPRejectedClaimException = class _IDPRejectedClaimException extends STSServiceException { + static { + __name(this, "IDPRejectedClaimException"); + } + name = "IDPRejectedClaimException"; + $fault = "client"; + /** + * @internal + */ + constructor(opts) { + super({ + name: "IDPRejectedClaimException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _IDPRejectedClaimException.prototype); + } +}; +var InvalidIdentityTokenException = class _InvalidIdentityTokenException extends STSServiceException { + static { + __name(this, "InvalidIdentityTokenException"); + } + name = "InvalidIdentityTokenException"; + $fault = "client"; + /** + * @internal + */ + constructor(opts) { + super({ + name: "InvalidIdentityTokenException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _InvalidIdentityTokenException.prototype); + } +}; +var AssumeRoleWithWebIdentityRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.WebIdentityToken && { WebIdentityToken: import_smithy_client2.SENSITIVE_STRING } +}), "AssumeRoleWithWebIdentityRequestFilterSensitiveLog"); +var AssumeRoleWithWebIdentityResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) } +}), "AssumeRoleWithWebIdentityResponseFilterSensitiveLog"); +var IDPCommunicationErrorException = class _IDPCommunicationErrorException extends STSServiceException { + static { + __name(this, "IDPCommunicationErrorException"); + } + name = "IDPCommunicationErrorException"; + $fault = "client"; + /** + * @internal + */ + constructor(opts) { + super({ + name: "IDPCommunicationErrorException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _IDPCommunicationErrorException.prototype); + } +}; + +// src/submodules/sts/protocols/Aws_query.ts +var import_core = __nccwpck_require__(8078); +var import_protocol_http = __nccwpck_require__(4418); +var import_smithy_client3 = __nccwpck_require__(3570); +var se_AssumeRoleCommand = /* @__PURE__ */ __name(async (input, context) => { + const headers = SHARED_HEADERS; + let body; + body = buildFormUrlencodedString({ + ...se_AssumeRoleRequest(input, context), + [_A]: _AR, + [_V]: _ + }); + return buildHttpRpcRequest(context, headers, "/", void 0, body); +}, "se_AssumeRoleCommand"); +var se_AssumeRoleWithWebIdentityCommand = /* @__PURE__ */ __name(async (input, context) => { + const headers = SHARED_HEADERS; + let body; + body = buildFormUrlencodedString({ + ...se_AssumeRoleWithWebIdentityRequest(input, context), + [_A]: _ARWWI, + [_V]: _ + }); + return buildHttpRpcRequest(context, headers, "/", void 0, body); +}, "se_AssumeRoleWithWebIdentityCommand"); +var de_AssumeRoleCommand = /* @__PURE__ */ __name(async (output, context) => { + if (output.statusCode >= 300) { + return de_CommandError(output, context); + } + const data = await (0, import_core.parseXmlBody)(output.body, context); + let contents = {}; + contents = de_AssumeRoleResponse(data.AssumeRoleResult, context); + const response = { + $metadata: deserializeMetadata(output), + ...contents + }; + return response; +}, "de_AssumeRoleCommand"); +var de_AssumeRoleWithWebIdentityCommand = /* @__PURE__ */ __name(async (output, context) => { + if (output.statusCode >= 300) { + return de_CommandError(output, context); + } + const data = await (0, import_core.parseXmlBody)(output.body, context); + let contents = {}; + contents = de_AssumeRoleWithWebIdentityResponse(data.AssumeRoleWithWebIdentityResult, context); + const response = { + $metadata: deserializeMetadata(output), + ...contents + }; + return response; +}, "de_AssumeRoleWithWebIdentityCommand"); +var de_CommandError = /* @__PURE__ */ __name(async (output, context) => { + const parsedOutput = { + ...output, + body: await (0, import_core.parseXmlErrorBody)(output.body, context) + }; + const errorCode = loadQueryErrorCode(output, parsedOutput.body); + switch (errorCode) { + case "ExpiredTokenException": + case "com.amazonaws.sts#ExpiredTokenException": + throw await de_ExpiredTokenExceptionRes(parsedOutput, context); + case "MalformedPolicyDocument": + case "com.amazonaws.sts#MalformedPolicyDocumentException": + throw await de_MalformedPolicyDocumentExceptionRes(parsedOutput, context); + case "PackedPolicyTooLarge": + case "com.amazonaws.sts#PackedPolicyTooLargeException": + throw await de_PackedPolicyTooLargeExceptionRes(parsedOutput, context); + case "RegionDisabledException": + case "com.amazonaws.sts#RegionDisabledException": + throw await de_RegionDisabledExceptionRes(parsedOutput, context); + case "IDPCommunicationError": + case "com.amazonaws.sts#IDPCommunicationErrorException": + throw await de_IDPCommunicationErrorExceptionRes(parsedOutput, context); + case "IDPRejectedClaim": + case "com.amazonaws.sts#IDPRejectedClaimException": + throw await de_IDPRejectedClaimExceptionRes(parsedOutput, context); + case "InvalidIdentityToken": + case "com.amazonaws.sts#InvalidIdentityTokenException": + throw await de_InvalidIdentityTokenExceptionRes(parsedOutput, context); + default: + const parsedBody = parsedOutput.body; + return throwDefaultError({ + output, + parsedBody: parsedBody.Error, + errorCode + }); + } +}, "de_CommandError"); +var de_ExpiredTokenExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const body = parsedOutput.body; + const deserialized = de_ExpiredTokenException(body.Error, context); + const exception = new ExpiredTokenException({ + $metadata: deserializeMetadata(parsedOutput), + ...deserialized + }); + return (0, import_smithy_client3.decorateServiceException)(exception, body); +}, "de_ExpiredTokenExceptionRes"); +var de_IDPCommunicationErrorExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const body = parsedOutput.body; + const deserialized = de_IDPCommunicationErrorException(body.Error, context); + const exception = new IDPCommunicationErrorException({ + $metadata: deserializeMetadata(parsedOutput), + ...deserialized + }); + return (0, import_smithy_client3.decorateServiceException)(exception, body); +}, "de_IDPCommunicationErrorExceptionRes"); +var de_IDPRejectedClaimExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const body = parsedOutput.body; + const deserialized = de_IDPRejectedClaimException(body.Error, context); + const exception = new IDPRejectedClaimException({ + $metadata: deserializeMetadata(parsedOutput), + ...deserialized + }); + return (0, import_smithy_client3.decorateServiceException)(exception, body); +}, "de_IDPRejectedClaimExceptionRes"); +var de_InvalidIdentityTokenExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const body = parsedOutput.body; + const deserialized = de_InvalidIdentityTokenException(body.Error, context); + const exception = new InvalidIdentityTokenException({ + $metadata: deserializeMetadata(parsedOutput), + ...deserialized + }); + return (0, import_smithy_client3.decorateServiceException)(exception, body); +}, "de_InvalidIdentityTokenExceptionRes"); +var de_MalformedPolicyDocumentExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const body = parsedOutput.body; + const deserialized = de_MalformedPolicyDocumentException(body.Error, context); + const exception = new MalformedPolicyDocumentException({ + $metadata: deserializeMetadata(parsedOutput), + ...deserialized + }); + return (0, import_smithy_client3.decorateServiceException)(exception, body); +}, "de_MalformedPolicyDocumentExceptionRes"); +var de_PackedPolicyTooLargeExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const body = parsedOutput.body; + const deserialized = de_PackedPolicyTooLargeException(body.Error, context); + const exception = new PackedPolicyTooLargeException({ + $metadata: deserializeMetadata(parsedOutput), + ...deserialized + }); + return (0, import_smithy_client3.decorateServiceException)(exception, body); +}, "de_PackedPolicyTooLargeExceptionRes"); +var de_RegionDisabledExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const body = parsedOutput.body; + const deserialized = de_RegionDisabledException(body.Error, context); + const exception = new RegionDisabledException({ + $metadata: deserializeMetadata(parsedOutput), + ...deserialized + }); + return (0, import_smithy_client3.decorateServiceException)(exception, body); +}, "de_RegionDisabledExceptionRes"); +var se_AssumeRoleRequest = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + if (input[_RA] != null) { + entries[_RA] = input[_RA]; + } + if (input[_RSN] != null) { + entries[_RSN] = input[_RSN]; + } + if (input[_PA] != null) { + const memberEntries = se_policyDescriptorListType(input[_PA], context); + if (input[_PA]?.length === 0) { + entries.PolicyArns = []; + } + Object.entries(memberEntries).forEach(([key, value]) => { + const loc = `PolicyArns.${key}`; + entries[loc] = value; + }); + } + if (input[_P] != null) { + entries[_P] = input[_P]; + } + if (input[_DS] != null) { + entries[_DS] = input[_DS]; + } + if (input[_T] != null) { + const memberEntries = se_tagListType(input[_T], context); + if (input[_T]?.length === 0) { + entries.Tags = []; + } + Object.entries(memberEntries).forEach(([key, value]) => { + const loc = `Tags.${key}`; + entries[loc] = value; + }); + } + if (input[_TTK] != null) { + const memberEntries = se_tagKeyListType(input[_TTK], context); + if (input[_TTK]?.length === 0) { + entries.TransitiveTagKeys = []; + } + Object.entries(memberEntries).forEach(([key, value]) => { + const loc = `TransitiveTagKeys.${key}`; + entries[loc] = value; + }); + } + if (input[_EI] != null) { + entries[_EI] = input[_EI]; + } + if (input[_SN] != null) { + entries[_SN] = input[_SN]; + } + if (input[_TC] != null) { + entries[_TC] = input[_TC]; + } + if (input[_SI] != null) { + entries[_SI] = input[_SI]; + } + if (input[_PC] != null) { + const memberEntries = se_ProvidedContextsListType(input[_PC], context); + if (input[_PC]?.length === 0) { + entries.ProvidedContexts = []; + } + Object.entries(memberEntries).forEach(([key, value]) => { + const loc = `ProvidedContexts.${key}`; + entries[loc] = value; + }); + } + return entries; +}, "se_AssumeRoleRequest"); +var se_AssumeRoleWithWebIdentityRequest = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + if (input[_RA] != null) { + entries[_RA] = input[_RA]; + } + if (input[_RSN] != null) { + entries[_RSN] = input[_RSN]; + } + if (input[_WIT] != null) { + entries[_WIT] = input[_WIT]; + } + if (input[_PI] != null) { + entries[_PI] = input[_PI]; + } + if (input[_PA] != null) { + const memberEntries = se_policyDescriptorListType(input[_PA], context); + if (input[_PA]?.length === 0) { + entries.PolicyArns = []; + } + Object.entries(memberEntries).forEach(([key, value]) => { + const loc = `PolicyArns.${key}`; + entries[loc] = value; + }); + } + if (input[_P] != null) { + entries[_P] = input[_P]; + } + if (input[_DS] != null) { + entries[_DS] = input[_DS]; + } + return entries; +}, "se_AssumeRoleWithWebIdentityRequest"); +var se_policyDescriptorListType = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + let counter = 1; + for (const entry of input) { + if (entry === null) { + continue; + } + const memberEntries = se_PolicyDescriptorType(entry, context); + Object.entries(memberEntries).forEach(([key, value]) => { + entries[`member.${counter}.${key}`] = value; + }); + counter++; + } + return entries; +}, "se_policyDescriptorListType"); +var se_PolicyDescriptorType = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + if (input[_a] != null) { + entries[_a] = input[_a]; + } + return entries; +}, "se_PolicyDescriptorType"); +var se_ProvidedContext = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + if (input[_PAr] != null) { + entries[_PAr] = input[_PAr]; + } + if (input[_CA] != null) { + entries[_CA] = input[_CA]; + } + return entries; +}, "se_ProvidedContext"); +var se_ProvidedContextsListType = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + let counter = 1; + for (const entry of input) { + if (entry === null) { + continue; + } + const memberEntries = se_ProvidedContext(entry, context); + Object.entries(memberEntries).forEach(([key, value]) => { + entries[`member.${counter}.${key}`] = value; + }); + counter++; + } + return entries; +}, "se_ProvidedContextsListType"); +var se_Tag = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + if (input[_K] != null) { + entries[_K] = input[_K]; + } + if (input[_Va] != null) { + entries[_Va] = input[_Va]; + } + return entries; +}, "se_Tag"); +var se_tagKeyListType = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + let counter = 1; + for (const entry of input) { + if (entry === null) { + continue; + } + entries[`member.${counter}`] = entry; + counter++; + } + return entries; +}, "se_tagKeyListType"); +var se_tagListType = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + let counter = 1; + for (const entry of input) { + if (entry === null) { + continue; + } + const memberEntries = se_Tag(entry, context); + Object.entries(memberEntries).forEach(([key, value]) => { + entries[`member.${counter}.${key}`] = value; + }); + counter++; + } + return entries; +}, "se_tagListType"); +var de_AssumedRoleUser = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_ARI] != null) { + contents[_ARI] = (0, import_smithy_client3.expectString)(output[_ARI]); + } + if (output[_Ar] != null) { + contents[_Ar] = (0, import_smithy_client3.expectString)(output[_Ar]); + } + return contents; +}, "de_AssumedRoleUser"); +var de_AssumeRoleResponse = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_C] != null) { + contents[_C] = de_Credentials(output[_C], context); + } + if (output[_ARU] != null) { + contents[_ARU] = de_AssumedRoleUser(output[_ARU], context); + } + if (output[_PPS] != null) { + contents[_PPS] = (0, import_smithy_client3.strictParseInt32)(output[_PPS]); + } + if (output[_SI] != null) { + contents[_SI] = (0, import_smithy_client3.expectString)(output[_SI]); + } + return contents; +}, "de_AssumeRoleResponse"); +var de_AssumeRoleWithWebIdentityResponse = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_C] != null) { + contents[_C] = de_Credentials(output[_C], context); + } + if (output[_SFWIT] != null) { + contents[_SFWIT] = (0, import_smithy_client3.expectString)(output[_SFWIT]); + } + if (output[_ARU] != null) { + contents[_ARU] = de_AssumedRoleUser(output[_ARU], context); + } + if (output[_PPS] != null) { + contents[_PPS] = (0, import_smithy_client3.strictParseInt32)(output[_PPS]); + } + if (output[_Pr] != null) { + contents[_Pr] = (0, import_smithy_client3.expectString)(output[_Pr]); + } + if (output[_Au] != null) { + contents[_Au] = (0, import_smithy_client3.expectString)(output[_Au]); + } + if (output[_SI] != null) { + contents[_SI] = (0, import_smithy_client3.expectString)(output[_SI]); + } + return contents; +}, "de_AssumeRoleWithWebIdentityResponse"); +var de_Credentials = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_AKI] != null) { + contents[_AKI] = (0, import_smithy_client3.expectString)(output[_AKI]); + } + if (output[_SAK] != null) { + contents[_SAK] = (0, import_smithy_client3.expectString)(output[_SAK]); + } + if (output[_ST] != null) { + contents[_ST] = (0, import_smithy_client3.expectString)(output[_ST]); + } + if (output[_E] != null) { + contents[_E] = (0, import_smithy_client3.expectNonNull)((0, import_smithy_client3.parseRfc3339DateTimeWithOffset)(output[_E])); + } + return contents; +}, "de_Credentials"); +var de_ExpiredTokenException = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_m] != null) { + contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); + } + return contents; +}, "de_ExpiredTokenException"); +var de_IDPCommunicationErrorException = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_m] != null) { + contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); + } + return contents; +}, "de_IDPCommunicationErrorException"); +var de_IDPRejectedClaimException = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_m] != null) { + contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); + } + return contents; +}, "de_IDPRejectedClaimException"); +var de_InvalidIdentityTokenException = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_m] != null) { + contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); + } + return contents; +}, "de_InvalidIdentityTokenException"); +var de_MalformedPolicyDocumentException = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_m] != null) { + contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); + } + return contents; +}, "de_MalformedPolicyDocumentException"); +var de_PackedPolicyTooLargeException = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_m] != null) { + contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); + } + return contents; +}, "de_PackedPolicyTooLargeException"); +var de_RegionDisabledException = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_m] != null) { + contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); + } + return contents; +}, "de_RegionDisabledException"); +var deserializeMetadata = /* @__PURE__ */ __name((output) => ({ + httpStatusCode: output.statusCode, + requestId: output.headers["x-amzn-requestid"] ?? output.headers["x-amzn-request-id"] ?? output.headers["x-amz-request-id"], + extendedRequestId: output.headers["x-amz-id-2"], + cfId: output.headers["x-amz-cf-id"] +}), "deserializeMetadata"); +var throwDefaultError = (0, import_smithy_client3.withBaseException)(STSServiceException); +var buildHttpRpcRequest = /* @__PURE__ */ __name(async (context, headers, path, resolvedHostname, body) => { + const { hostname, protocol = "https", port, path: basePath } = await context.endpoint(); + const contents = { + protocol, + hostname, + port, + method: "POST", + path: basePath.endsWith("/") ? basePath.slice(0, -1) + path : basePath + path, + headers + }; + if (resolvedHostname !== void 0) { + contents.hostname = resolvedHostname; + } + if (body !== void 0) { + contents.body = body; + } + return new import_protocol_http.HttpRequest(contents); +}, "buildHttpRpcRequest"); +var SHARED_HEADERS = { + "content-type": "application/x-www-form-urlencoded" +}; +var _ = "2011-06-15"; +var _A = "Action"; +var _AKI = "AccessKeyId"; +var _AR = "AssumeRole"; +var _ARI = "AssumedRoleId"; +var _ARU = "AssumedRoleUser"; +var _ARWWI = "AssumeRoleWithWebIdentity"; +var _Ar = "Arn"; +var _Au = "Audience"; +var _C = "Credentials"; +var _CA = "ContextAssertion"; +var _DS = "DurationSeconds"; +var _E = "Expiration"; +var _EI = "ExternalId"; +var _K = "Key"; +var _P = "Policy"; +var _PA = "PolicyArns"; +var _PAr = "ProviderArn"; +var _PC = "ProvidedContexts"; +var _PI = "ProviderId"; +var _PPS = "PackedPolicySize"; +var _Pr = "Provider"; +var _RA = "RoleArn"; +var _RSN = "RoleSessionName"; +var _SAK = "SecretAccessKey"; +var _SFWIT = "SubjectFromWebIdentityToken"; +var _SI = "SourceIdentity"; +var _SN = "SerialNumber"; +var _ST = "SessionToken"; +var _T = "Tags"; +var _TC = "TokenCode"; +var _TTK = "TransitiveTagKeys"; +var _V = "Version"; +var _Va = "Value"; +var _WIT = "WebIdentityToken"; +var _a = "arn"; +var _m = "message"; +var buildFormUrlencodedString = /* @__PURE__ */ __name((formEntries) => Object.entries(formEntries).map(([key, value]) => (0, import_smithy_client3.extendedEncodeURIComponent)(key) + "=" + (0, import_smithy_client3.extendedEncodeURIComponent)(value)).join("&"), "buildFormUrlencodedString"); +var loadQueryErrorCode = /* @__PURE__ */ __name((output, data) => { + if (data.Error?.Code !== void 0) { + return data.Error.Code; + } + if (output.statusCode == 404) { + return "NotFound"; + } +}, "loadQueryErrorCode"); + +// src/submodules/sts/commands/AssumeRoleCommand.ts +var AssumeRoleCommand = class extends import_smithy_client4.Command.classBuilder().ep(import_EndpointParameters.commonParams).m(function(Command, cs, config, o) { + return [ + (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), + (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) + ]; +}).s("AWSSecurityTokenServiceV20110615", "AssumeRole", {}).n("STSClient", "AssumeRoleCommand").f(void 0, AssumeRoleResponseFilterSensitiveLog).ser(se_AssumeRoleCommand).de(de_AssumeRoleCommand).build() { + static { + __name(this, "AssumeRoleCommand"); + } +}; + +// src/submodules/sts/commands/AssumeRoleWithWebIdentityCommand.ts +var import_middleware_endpoint2 = __nccwpck_require__(2918); +var import_middleware_serde2 = __nccwpck_require__(1238); +var import_smithy_client5 = __nccwpck_require__(3570); +var import_EndpointParameters2 = __nccwpck_require__(3207); +var AssumeRoleWithWebIdentityCommand = class extends import_smithy_client5.Command.classBuilder().ep(import_EndpointParameters2.commonParams).m(function(Command, cs, config, o) { + return [ + (0, import_middleware_serde2.getSerdePlugin)(config, this.serialize, this.deserialize), + (0, import_middleware_endpoint2.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) + ]; +}).s("AWSSecurityTokenServiceV20110615", "AssumeRoleWithWebIdentity", {}).n("STSClient", "AssumeRoleWithWebIdentityCommand").f(AssumeRoleWithWebIdentityRequestFilterSensitiveLog, AssumeRoleWithWebIdentityResponseFilterSensitiveLog).ser(se_AssumeRoleWithWebIdentityCommand).de(de_AssumeRoleWithWebIdentityCommand).build() { + static { + __name(this, "AssumeRoleWithWebIdentityCommand"); + } +}; + +// src/submodules/sts/STS.ts +var import_STSClient = __nccwpck_require__(4113); +var commands = { + AssumeRoleCommand, + AssumeRoleWithWebIdentityCommand +}; +var STS = class extends import_STSClient.STSClient { + static { + __name(this, "STS"); + } +}; +(0, import_smithy_client6.createAggregatedClient)(commands, STS); + +// src/submodules/sts/index.ts +var import_EndpointParameters3 = __nccwpck_require__(3207); + +// src/submodules/sts/defaultStsRoleAssumers.ts +var import_client = __nccwpck_require__(912); +var ASSUME_ROLE_DEFAULT_REGION = "us-east-1"; +var getAccountIdFromAssumedRoleUser = /* @__PURE__ */ __name((assumedRoleUser) => { + if (typeof assumedRoleUser?.Arn === "string") { + const arnComponents = assumedRoleUser.Arn.split(":"); + if (arnComponents.length > 4 && arnComponents[4] !== "") { + return arnComponents[4]; + } + } + return void 0; +}, "getAccountIdFromAssumedRoleUser"); +var resolveRegion = /* @__PURE__ */ __name(async (_region, _parentRegion, credentialProviderLogger) => { + const region = typeof _region === "function" ? await _region() : _region; + const parentRegion = typeof _parentRegion === "function" ? await _parentRegion() : _parentRegion; + credentialProviderLogger?.debug?.( + "@aws-sdk/client-sts::resolveRegion", + "accepting first of:", + `${region} (provider)`, + `${parentRegion} (parent client)`, + `${ASSUME_ROLE_DEFAULT_REGION} (STS default)` + ); + return region ?? parentRegion ?? ASSUME_ROLE_DEFAULT_REGION; +}, "resolveRegion"); +var getDefaultRoleAssumer = /* @__PURE__ */ __name((stsOptions, STSClient3) => { + let stsClient; + let closureSourceCreds; + return async (sourceCreds, params) => { + closureSourceCreds = sourceCreds; + if (!stsClient) { + const { + logger = stsOptions?.parentClientConfig?.logger, + region, + requestHandler = stsOptions?.parentClientConfig?.requestHandler, + credentialProviderLogger + } = stsOptions; + const resolvedRegion = await resolveRegion( + region, + stsOptions?.parentClientConfig?.region, + credentialProviderLogger + ); + const isCompatibleRequestHandler = !isH2(requestHandler); + stsClient = new STSClient3({ + profile: stsOptions?.parentClientConfig?.profile, + // A hack to make sts client uses the credential in current closure. + credentialDefaultProvider: /* @__PURE__ */ __name(() => async () => closureSourceCreds, "credentialDefaultProvider"), + region: resolvedRegion, + requestHandler: isCompatibleRequestHandler ? requestHandler : void 0, + logger + }); + } + const { Credentials: Credentials2, AssumedRoleUser: AssumedRoleUser2 } = await stsClient.send(new AssumeRoleCommand(params)); + if (!Credentials2 || !Credentials2.AccessKeyId || !Credentials2.SecretAccessKey) { + throw new Error(`Invalid response from STS.assumeRole call with role ${params.RoleArn}`); + } + const accountId = getAccountIdFromAssumedRoleUser(AssumedRoleUser2); + const credentials = { + accessKeyId: Credentials2.AccessKeyId, + secretAccessKey: Credentials2.SecretAccessKey, + sessionToken: Credentials2.SessionToken, + expiration: Credentials2.Expiration, + // TODO(credentialScope): access normally when shape is updated. + ...Credentials2.CredentialScope && { credentialScope: Credentials2.CredentialScope }, + ...accountId && { accountId } + }; + (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_STS_ASSUME_ROLE", "i"); + return credentials; + }; +}, "getDefaultRoleAssumer"); +var getDefaultRoleAssumerWithWebIdentity = /* @__PURE__ */ __name((stsOptions, STSClient3) => { + let stsClient; + return async (params) => { + if (!stsClient) { + const { + logger = stsOptions?.parentClientConfig?.logger, + region, + requestHandler = stsOptions?.parentClientConfig?.requestHandler, + credentialProviderLogger + } = stsOptions; + const resolvedRegion = await resolveRegion( + region, + stsOptions?.parentClientConfig?.region, + credentialProviderLogger + ); + const isCompatibleRequestHandler = !isH2(requestHandler); + stsClient = new STSClient3({ + profile: stsOptions?.parentClientConfig?.profile, + region: resolvedRegion, + requestHandler: isCompatibleRequestHandler ? requestHandler : void 0, + logger + }); + } + const { Credentials: Credentials2, AssumedRoleUser: AssumedRoleUser2 } = await stsClient.send(new AssumeRoleWithWebIdentityCommand(params)); + if (!Credentials2 || !Credentials2.AccessKeyId || !Credentials2.SecretAccessKey) { + throw new Error(`Invalid response from STS.assumeRoleWithWebIdentity call with role ${params.RoleArn}`); + } + const accountId = getAccountIdFromAssumedRoleUser(AssumedRoleUser2); + const credentials = { + accessKeyId: Credentials2.AccessKeyId, + secretAccessKey: Credentials2.SecretAccessKey, + sessionToken: Credentials2.SessionToken, + expiration: Credentials2.Expiration, + // TODO(credentialScope): access normally when shape is updated. + ...Credentials2.CredentialScope && { credentialScope: Credentials2.CredentialScope }, + ...accountId && { accountId } + }; + if (accountId) { + (0, import_client.setCredentialFeature)(credentials, "RESOLVED_ACCOUNT_ID", "T"); + } + (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_STS_ASSUME_ROLE_WEB_ID", "k"); + return credentials; + }; +}, "getDefaultRoleAssumerWithWebIdentity"); +var isH2 = /* @__PURE__ */ __name((requestHandler) => { + return requestHandler?.metadata?.handlerProtocol === "h2"; +}, "isH2"); + +// src/submodules/sts/defaultRoleAssumers.ts +var import_STSClient2 = __nccwpck_require__(4113); +var getCustomizableStsClientCtor = /* @__PURE__ */ __name((baseCtor, customizations) => { + if (!customizations) return baseCtor; + else + return class CustomizableSTSClient extends baseCtor { + static { + __name(this, "CustomizableSTSClient"); + } + constructor(config) { + super(config); + for (const customization of customizations) { + this.middlewareStack.use(customization); + } + } + }; +}, "getCustomizableStsClientCtor"); +var getDefaultRoleAssumer2 = /* @__PURE__ */ __name((stsOptions = {}, stsPlugins) => getDefaultRoleAssumer(stsOptions, getCustomizableStsClientCtor(import_STSClient2.STSClient, stsPlugins)), "getDefaultRoleAssumer"); +var getDefaultRoleAssumerWithWebIdentity2 = /* @__PURE__ */ __name((stsOptions = {}, stsPlugins) => getDefaultRoleAssumerWithWebIdentity(stsOptions, getCustomizableStsClientCtor(import_STSClient2.STSClient, stsPlugins)), "getDefaultRoleAssumerWithWebIdentity"); +var decorateDefaultCredentialProvider = /* @__PURE__ */ __name((provider) => (input) => provider({ + roleAssumer: getDefaultRoleAssumer2(input), + roleAssumerWithWebIdentity: getDefaultRoleAssumerWithWebIdentity2(input), + ...input +}), "decorateDefaultCredentialProvider"); +// Annotate the CommonJS export names for ESM import in node: +0 && (0); + + +/***/ }), + +/***/ 2719: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.getRuntimeConfig = void 0; +const tslib_1 = __nccwpck_require__(4351); +const package_json_1 = tslib_1.__importDefault(__nccwpck_require__(3942)); +const core_1 = __nccwpck_require__(8078); +const util_user_agent_node_1 = __nccwpck_require__(5380); +const config_resolver_1 = __nccwpck_require__(3098); +const core_2 = __nccwpck_require__(5829); +const hash_node_1 = __nccwpck_require__(3081); +const middleware_retry_1 = __nccwpck_require__(6039); +const node_config_provider_1 = __nccwpck_require__(3461); +const node_http_handler_1 = __nccwpck_require__(258); +const util_body_length_node_1 = __nccwpck_require__(8075); +const util_retry_1 = __nccwpck_require__(4902); +const runtimeConfig_shared_1 = __nccwpck_require__(993); +const smithy_client_1 = __nccwpck_require__(3570); +const util_defaults_mode_node_1 = __nccwpck_require__(2429); +const smithy_client_2 = __nccwpck_require__(3570); +const getRuntimeConfig = (config) => { + (0, smithy_client_2.emitWarningIfUnsupportedVersion)(process.version); + const defaultsMode = (0, util_defaults_mode_node_1.resolveDefaultsModeConfig)(config); + const defaultConfigProvider = () => defaultsMode().then(smithy_client_1.loadConfigsForDefaultMode); + const clientSharedValues = (0, runtimeConfig_shared_1.getRuntimeConfig)(config); + (0, core_1.emitWarningIfUnsupportedVersion)(process.version); + const loaderConfig = { + profile: config?.profile, + logger: clientSharedValues.logger, + }; + return { + ...clientSharedValues, + ...config, + runtime: "node", + defaultsMode, + authSchemePreference: config?.authSchemePreference ?? (0, node_config_provider_1.loadConfig)(core_1.NODE_AUTH_SCHEME_PREFERENCE_OPTIONS, loaderConfig), + bodyLengthChecker: config?.bodyLengthChecker ?? util_body_length_node_1.calculateBodyLength, + defaultUserAgentProvider: config?.defaultUserAgentProvider ?? + (0, util_user_agent_node_1.createDefaultUserAgentProvider)({ serviceId: clientSharedValues.serviceId, clientVersion: package_json_1.default.version }), + httpAuthSchemes: config?.httpAuthSchemes ?? [ + { + schemeId: "aws.auth#sigv4", + identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4") || + (async (idProps) => await config.credentialDefaultProvider(idProps?.__config || {})()), + signer: new core_1.AwsSdkSigV4Signer(), + }, + { + schemeId: "smithy.api#noAuth", + identityProvider: (ipc) => ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})), + signer: new core_2.NoAuthSigner(), + }, + ], + maxAttempts: config?.maxAttempts ?? (0, node_config_provider_1.loadConfig)(middleware_retry_1.NODE_MAX_ATTEMPT_CONFIG_OPTIONS, config), + region: config?.region ?? + (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_REGION_CONFIG_OPTIONS, { ...config_resolver_1.NODE_REGION_CONFIG_FILE_OPTIONS, ...loaderConfig }), + requestHandler: node_http_handler_1.NodeHttpHandler.create(config?.requestHandler ?? defaultConfigProvider), + retryMode: config?.retryMode ?? + (0, node_config_provider_1.loadConfig)({ + ...middleware_retry_1.NODE_RETRY_MODE_CONFIG_OPTIONS, + default: async () => (await defaultConfigProvider()).retryMode || util_retry_1.DEFAULT_RETRY_MODE, + }, config), + sha256: config?.sha256 ?? hash_node_1.Hash.bind(null, "sha256"), + streamCollector: config?.streamCollector ?? node_http_handler_1.streamCollector, + useDualstackEndpoint: config?.useDualstackEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS, loaderConfig), + useFipsEndpoint: config?.useFipsEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS, loaderConfig), + userAgentAppId: config?.userAgentAppId ?? (0, node_config_provider_1.loadConfig)(util_user_agent_node_1.NODE_APP_ID_CONFIG_OPTIONS, loaderConfig), + }; +}; +exports.getRuntimeConfig = getRuntimeConfig; + + +/***/ }), + +/***/ 993: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.getRuntimeConfig = void 0; +const core_1 = __nccwpck_require__(8078); +const core_2 = __nccwpck_require__(5829); +const smithy_client_1 = __nccwpck_require__(3570); +const url_parser_1 = __nccwpck_require__(4681); +const util_base64_1 = __nccwpck_require__(5600); +const util_utf8_1 = __nccwpck_require__(1895); +const httpAuthSchemeProvider_1 = __nccwpck_require__(5569); +const endpointResolver_1 = __nccwpck_require__(2282); +const getRuntimeConfig = (config) => { + return { + apiVersion: "2011-06-15", + base64Decoder: config?.base64Decoder ?? util_base64_1.fromBase64, + base64Encoder: config?.base64Encoder ?? util_base64_1.toBase64, + disableHostPrefix: config?.disableHostPrefix ?? false, + endpointProvider: config?.endpointProvider ?? endpointResolver_1.defaultEndpointResolver, + extensions: config?.extensions ?? [], + httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? httpAuthSchemeProvider_1.defaultSTSHttpAuthSchemeProvider, + httpAuthSchemes: config?.httpAuthSchemes ?? [ + { + schemeId: "aws.auth#sigv4", + identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4"), + signer: new core_1.AwsSdkSigV4Signer(), + }, + { + schemeId: "smithy.api#noAuth", + identityProvider: (ipc) => ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})), + signer: new core_2.NoAuthSigner(), + }, + ], + logger: config?.logger ?? new smithy_client_1.NoOpLogger(), + serviceId: config?.serviceId ?? "STS", + urlParser: config?.urlParser ?? url_parser_1.parseUrl, + utf8Decoder: config?.utf8Decoder ?? util_utf8_1.fromUtf8, + utf8Encoder: config?.utf8Encoder ?? util_utf8_1.toUtf8, + }; +}; +exports.getRuntimeConfig = getRuntimeConfig; + + +/***/ }), + +/***/ 9660: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.resolveRuntimeExtensions = void 0; +const region_config_resolver_1 = __nccwpck_require__(8859); +const protocol_http_1 = __nccwpck_require__(4418); +const smithy_client_1 = __nccwpck_require__(3570); +const httpAuthExtensionConfiguration_1 = __nccwpck_require__(2995); +const resolveRuntimeExtensions = (runtimeConfig, extensions) => { + const extensionConfiguration = Object.assign((0, region_config_resolver_1.getAwsRegionExtensionConfiguration)(runtimeConfig), (0, smithy_client_1.getDefaultExtensionConfiguration)(runtimeConfig), (0, protocol_http_1.getHttpHandlerExtensionConfiguration)(runtimeConfig), (0, httpAuthExtensionConfiguration_1.getHttpAuthExtensionConfiguration)(runtimeConfig)); + extensions.forEach((extension) => extension.configure(extensionConfiguration)); + return Object.assign(runtimeConfig, (0, region_config_resolver_1.resolveAwsRegionExtensionConfiguration)(extensionConfiguration), (0, smithy_client_1.resolveDefaultRuntimeConfig)(extensionConfiguration), (0, protocol_http_1.resolveHttpHandlerRuntimeConfig)(extensionConfiguration), (0, httpAuthExtensionConfiguration_1.resolveHttpAuthRuntimeConfig)(extensionConfiguration)); +}; +exports.resolveRuntimeExtensions = resolveRuntimeExtensions; + + +/***/ }), + +/***/ 8859: +/***/ ((module) => { + +"use strict"; + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + } + return to; +}; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/index.ts +var index_exports = {}; +__export(index_exports, { + NODE_REGION_CONFIG_FILE_OPTIONS: () => NODE_REGION_CONFIG_FILE_OPTIONS, + NODE_REGION_CONFIG_OPTIONS: () => NODE_REGION_CONFIG_OPTIONS, + REGION_ENV_NAME: () => REGION_ENV_NAME, + REGION_INI_NAME: () => REGION_INI_NAME, + getAwsRegionExtensionConfiguration: () => getAwsRegionExtensionConfiguration, + resolveAwsRegionExtensionConfiguration: () => resolveAwsRegionExtensionConfiguration, + resolveRegionConfig: () => resolveRegionConfig +}); +module.exports = __toCommonJS(index_exports); + +// src/extensions/index.ts +var getAwsRegionExtensionConfiguration = /* @__PURE__ */ __name((runtimeConfig) => { + return { + setRegion(region) { + runtimeConfig.region = region; + }, + region() { + return runtimeConfig.region; + } + }; +}, "getAwsRegionExtensionConfiguration"); +var resolveAwsRegionExtensionConfiguration = /* @__PURE__ */ __name((awsRegionExtensionConfiguration) => { + return { + region: awsRegionExtensionConfiguration.region() + }; +}, "resolveAwsRegionExtensionConfiguration"); + +// src/regionConfig/config.ts +var REGION_ENV_NAME = "AWS_REGION"; +var REGION_INI_NAME = "region"; +var NODE_REGION_CONFIG_OPTIONS = { + environmentVariableSelector: /* @__PURE__ */ __name((env) => env[REGION_ENV_NAME], "environmentVariableSelector"), + configFileSelector: /* @__PURE__ */ __name((profile) => profile[REGION_INI_NAME], "configFileSelector"), + default: /* @__PURE__ */ __name(() => { + throw new Error("Region is missing"); + }, "default") +}; +var NODE_REGION_CONFIG_FILE_OPTIONS = { + preferredFile: "credentials" +}; + +// src/regionConfig/isFipsRegion.ts +var isFipsRegion = /* @__PURE__ */ __name((region) => typeof region === "string" && (region.startsWith("fips-") || region.endsWith("-fips")), "isFipsRegion"); + +// src/regionConfig/getRealRegion.ts +var getRealRegion = /* @__PURE__ */ __name((region) => isFipsRegion(region) ? ["fips-aws-global", "aws-fips"].includes(region) ? "us-east-1" : region.replace(/fips-(dkr-|prod-)?|-fips/, "") : region, "getRealRegion"); + +// src/regionConfig/resolveRegionConfig.ts +var resolveRegionConfig = /* @__PURE__ */ __name((input) => { + const { region, useFipsEndpoint } = input; + if (!region) { + throw new Error("Region is missing"); + } + return Object.assign(input, { + region: /* @__PURE__ */ __name(async () => { + if (typeof region === "string") { + return getRealRegion(region); + } + const providedRegion = await region(); + return getRealRegion(providedRegion); + }, "region"), + useFipsEndpoint: /* @__PURE__ */ __name(async () => { + const providedRegion = typeof region === "string" ? region : await region(); + if (isFipsRegion(providedRegion)) { + return true; + } + return typeof useFipsEndpoint !== "function" ? Promise.resolve(!!useFipsEndpoint) : useFipsEndpoint(); + }, "useFipsEndpoint") + }); +}, "resolveRegionConfig"); +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); + + + +/***/ }), + +/***/ 3822: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +"use strict"; + +var __create = Object.create; +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __getProtoOf = Object.getPrototypeOf; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + } + return to; +}; +var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps( + // If the importer is in node compatibility mode or this is not an ESM + // file that has been converted to a CommonJS file using a Babel- + // compatible transform (i.e. "__esModule" has not been set), then set + // "default" to the CommonJS "module.exports" for node compatibility. + isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target, + mod +)); +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/index.ts +var index_exports = {}; +__export(index_exports, { + fromEnvSigningName: () => fromEnvSigningName, + fromSso: () => fromSso, + fromStatic: () => fromStatic, + nodeProvider: () => nodeProvider +}); +module.exports = __toCommonJS(index_exports); + +// src/fromEnvSigningName.ts +var import_client = __nccwpck_require__(912); +var import_httpAuthSchemes = __nccwpck_require__(5948); +var import_property_provider = __nccwpck_require__(9721); +var fromEnvSigningName = /* @__PURE__ */ __name(({ logger, signingName } = {}) => async () => { + logger?.debug?.("@aws-sdk/token-providers - fromEnvSigningName"); + if (!signingName) { + throw new import_property_provider.TokenProviderError("Please pass 'signingName' to compute environment variable key", { logger }); + } + const bearerTokenKey = (0, import_httpAuthSchemes.getBearerTokenEnvKey)(signingName); + if (!(bearerTokenKey in process.env)) { + throw new import_property_provider.TokenProviderError(`Token not present in '${bearerTokenKey}' environment variable`, { logger }); + } + const token = { token: process.env[bearerTokenKey] }; + (0, import_client.setTokenFeature)(token, "BEARER_SERVICE_ENV_VARS", "3"); + return token; +}, "fromEnvSigningName"); + +// src/fromSso.ts + + + +// src/constants.ts +var EXPIRE_WINDOW_MS = 5 * 60 * 1e3; +var REFRESH_MESSAGE = `To refresh this SSO session run 'aws sso login' with the corresponding profile.`; + +// src/getSsoOidcClient.ts +var getSsoOidcClient = /* @__PURE__ */ __name(async (ssoRegion, init = {}) => { + const { SSOOIDCClient } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(2604))); + const ssoOidcClient = new SSOOIDCClient( + Object.assign({}, init.clientConfig ?? {}, { + region: ssoRegion ?? init.clientConfig?.region, + logger: init.clientConfig?.logger ?? init.parentClientConfig?.logger + }) + ); + return ssoOidcClient; +}, "getSsoOidcClient"); + +// src/getNewSsoOidcToken.ts +var getNewSsoOidcToken = /* @__PURE__ */ __name(async (ssoToken, ssoRegion, init = {}) => { + const { CreateTokenCommand } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(2604))); + const ssoOidcClient = await getSsoOidcClient(ssoRegion, init); + return ssoOidcClient.send( + new CreateTokenCommand({ + clientId: ssoToken.clientId, + clientSecret: ssoToken.clientSecret, + refreshToken: ssoToken.refreshToken, + grantType: "refresh_token" + }) + ); +}, "getNewSsoOidcToken"); + +// src/validateTokenExpiry.ts + +var validateTokenExpiry = /* @__PURE__ */ __name((token) => { + if (token.expiration && token.expiration.getTime() < Date.now()) { + throw new import_property_provider.TokenProviderError(`Token is expired. ${REFRESH_MESSAGE}`, false); + } +}, "validateTokenExpiry"); + +// src/validateTokenKey.ts + +var validateTokenKey = /* @__PURE__ */ __name((key, value, forRefresh = false) => { + if (typeof value === "undefined") { + throw new import_property_provider.TokenProviderError( + `Value not present for '${key}' in SSO Token${forRefresh ? ". Cannot refresh" : ""}. ${REFRESH_MESSAGE}`, + false + ); + } +}, "validateTokenKey"); + +// src/writeSSOTokenToFile.ts +var import_shared_ini_file_loader = __nccwpck_require__(3507); +var import_fs = __nccwpck_require__(7147); +var { writeFile } = import_fs.promises; +var writeSSOTokenToFile = /* @__PURE__ */ __name((id, ssoToken) => { + const tokenFilepath = (0, import_shared_ini_file_loader.getSSOTokenFilepath)(id); + const tokenString = JSON.stringify(ssoToken, null, 2); + return writeFile(tokenFilepath, tokenString); +}, "writeSSOTokenToFile"); + +// src/fromSso.ts +var lastRefreshAttemptTime = /* @__PURE__ */ new Date(0); +var fromSso = /* @__PURE__ */ __name((_init = {}) => async ({ callerClientConfig } = {}) => { + const init = { + ..._init, + parentClientConfig: { + ...callerClientConfig, + ..._init.parentClientConfig + } + }; + init.logger?.debug("@aws-sdk/token-providers - fromSso"); + const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init); + const profileName = (0, import_shared_ini_file_loader.getProfileName)({ + profile: init.profile ?? callerClientConfig?.profile + }); + const profile = profiles[profileName]; + if (!profile) { + throw new import_property_provider.TokenProviderError(`Profile '${profileName}' could not be found in shared credentials file.`, false); + } else if (!profile["sso_session"]) { + throw new import_property_provider.TokenProviderError(`Profile '${profileName}' is missing required property 'sso_session'.`); + } + const ssoSessionName = profile["sso_session"]; + const ssoSessions = await (0, import_shared_ini_file_loader.loadSsoSessionData)(init); + const ssoSession = ssoSessions[ssoSessionName]; + if (!ssoSession) { + throw new import_property_provider.TokenProviderError( + `Sso session '${ssoSessionName}' could not be found in shared credentials file.`, + false + ); + } + for (const ssoSessionRequiredKey of ["sso_start_url", "sso_region"]) { + if (!ssoSession[ssoSessionRequiredKey]) { + throw new import_property_provider.TokenProviderError( + `Sso session '${ssoSessionName}' is missing required property '${ssoSessionRequiredKey}'.`, + false + ); + } + } + const ssoStartUrl = ssoSession["sso_start_url"]; + const ssoRegion = ssoSession["sso_region"]; + let ssoToken; + try { + ssoToken = await (0, import_shared_ini_file_loader.getSSOTokenFromFile)(ssoSessionName); + } catch (e) { + throw new import_property_provider.TokenProviderError( + `The SSO session token associated with profile=${profileName} was not found or is invalid. ${REFRESH_MESSAGE}`, + false + ); + } + validateTokenKey("accessToken", ssoToken.accessToken); + validateTokenKey("expiresAt", ssoToken.expiresAt); + const { accessToken, expiresAt } = ssoToken; + const existingToken = { token: accessToken, expiration: new Date(expiresAt) }; + if (existingToken.expiration.getTime() - Date.now() > EXPIRE_WINDOW_MS) { + return existingToken; + } + if (Date.now() - lastRefreshAttemptTime.getTime() < 30 * 1e3) { + validateTokenExpiry(existingToken); + return existingToken; + } + validateTokenKey("clientId", ssoToken.clientId, true); + validateTokenKey("clientSecret", ssoToken.clientSecret, true); + validateTokenKey("refreshToken", ssoToken.refreshToken, true); + try { + lastRefreshAttemptTime.setTime(Date.now()); + const newSsoOidcToken = await getNewSsoOidcToken(ssoToken, ssoRegion, init); + validateTokenKey("accessToken", newSsoOidcToken.accessToken); + validateTokenKey("expiresIn", newSsoOidcToken.expiresIn); + const newTokenExpiration = new Date(Date.now() + newSsoOidcToken.expiresIn * 1e3); + try { + await writeSSOTokenToFile(ssoSessionName, { + ...ssoToken, + accessToken: newSsoOidcToken.accessToken, + expiresAt: newTokenExpiration.toISOString(), + refreshToken: newSsoOidcToken.refreshToken + }); + } catch (error) { + } + return { + token: newSsoOidcToken.accessToken, + expiration: newTokenExpiration + }; + } catch (error) { + validateTokenExpiry(existingToken); + return existingToken; + } +}, "fromSso"); + +// src/fromStatic.ts + +var fromStatic = /* @__PURE__ */ __name(({ token, logger }) => async () => { + logger?.debug("@aws-sdk/token-providers - fromStatic"); + if (!token || !token.token) { + throw new import_property_provider.TokenProviderError(`Please pass a valid token to fromStatic`, false); + } + return token; +}, "fromStatic"); + +// src/nodeProvider.ts + +var nodeProvider = /* @__PURE__ */ __name((init = {}) => (0, import_property_provider.memoize)( + (0, import_property_provider.chain)(fromSso(init), async () => { + throw new import_property_provider.TokenProviderError("Could not load token from any providers", false); + }), + (token) => token.expiration !== void 0 && token.expiration.getTime() - Date.now() < 3e5, + (token) => token.expiration !== void 0 +), "nodeProvider"); +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); + + + +/***/ }), + +/***/ 1256: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +"use strict"; + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + } + return to; +}; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/index.ts +var index_exports = {}; +__export(index_exports, { + ConditionObject: () => import_util_endpoints.ConditionObject, + DeprecatedObject: () => import_util_endpoints.DeprecatedObject, + EndpointError: () => import_util_endpoints.EndpointError, + EndpointObject: () => import_util_endpoints.EndpointObject, + EndpointObjectHeaders: () => import_util_endpoints.EndpointObjectHeaders, + EndpointObjectProperties: () => import_util_endpoints.EndpointObjectProperties, + EndpointParams: () => import_util_endpoints.EndpointParams, + EndpointResolverOptions: () => import_util_endpoints.EndpointResolverOptions, + EndpointRuleObject: () => import_util_endpoints.EndpointRuleObject, + ErrorRuleObject: () => import_util_endpoints.ErrorRuleObject, + EvaluateOptions: () => import_util_endpoints.EvaluateOptions, + Expression: () => import_util_endpoints.Expression, + FunctionArgv: () => import_util_endpoints.FunctionArgv, + FunctionObject: () => import_util_endpoints.FunctionObject, + FunctionReturn: () => import_util_endpoints.FunctionReturn, + ParameterObject: () => import_util_endpoints.ParameterObject, + ReferenceObject: () => import_util_endpoints.ReferenceObject, + ReferenceRecord: () => import_util_endpoints.ReferenceRecord, + RuleSetObject: () => import_util_endpoints.RuleSetObject, + RuleSetRules: () => import_util_endpoints.RuleSetRules, + TreeRuleObject: () => import_util_endpoints.TreeRuleObject, + awsEndpointFunctions: () => awsEndpointFunctions, + getUserAgentPrefix: () => getUserAgentPrefix, + isIpAddress: () => import_util_endpoints.isIpAddress, + partition: () => partition, + resolveDefaultAwsRegionalEndpointsConfig: () => resolveDefaultAwsRegionalEndpointsConfig, + resolveEndpoint: () => import_util_endpoints.resolveEndpoint, + setPartitionInfo: () => setPartitionInfo, + toEndpointV1: () => toEndpointV1, + useDefaultPartitionInfo: () => useDefaultPartitionInfo +}); +module.exports = __toCommonJS(index_exports); + +// src/aws.ts + + +// src/lib/aws/isVirtualHostableS3Bucket.ts + + +// src/lib/isIpAddress.ts +var import_util_endpoints = __nccwpck_require__(5473); + +// src/lib/aws/isVirtualHostableS3Bucket.ts +var isVirtualHostableS3Bucket = /* @__PURE__ */ __name((value, allowSubDomains = false) => { + if (allowSubDomains) { + for (const label of value.split(".")) { + if (!isVirtualHostableS3Bucket(label)) { + return false; + } + } + return true; + } + if (!(0, import_util_endpoints.isValidHostLabel)(value)) { + return false; + } + if (value.length < 3 || value.length > 63) { + return false; + } + if (value !== value.toLowerCase()) { + return false; + } + if ((0, import_util_endpoints.isIpAddress)(value)) { + return false; + } + return true; +}, "isVirtualHostableS3Bucket"); + +// src/lib/aws/parseArn.ts +var ARN_DELIMITER = ":"; +var RESOURCE_DELIMITER = "/"; +var parseArn = /* @__PURE__ */ __name((value) => { + const segments = value.split(ARN_DELIMITER); + if (segments.length < 6) return null; + const [arn, partition2, service, region, accountId, ...resourcePath] = segments; + if (arn !== "arn" || partition2 === "" || service === "" || resourcePath.join(ARN_DELIMITER) === "") return null; + const resourceId = resourcePath.map((resource) => resource.split(RESOURCE_DELIMITER)).flat(); + return { + partition: partition2, + service, + region, + accountId, + resourceId + }; +}, "parseArn"); + +// src/lib/aws/partitions.json +var partitions_default = { + partitions: [{ + id: "aws", + outputs: { + dnsSuffix: "amazonaws.com", + dualStackDnsSuffix: "api.aws", + implicitGlobalRegion: "us-east-1", + name: "aws", + supportsDualStack: true, + supportsFIPS: true + }, + regionRegex: "^(us|eu|ap|sa|ca|me|af|il|mx)\\-\\w+\\-\\d+$", + regions: { + "af-south-1": { + description: "Africa (Cape Town)" + }, + "ap-east-1": { + description: "Asia Pacific (Hong Kong)" + }, + "ap-east-2": { + description: "Asia Pacific (Taipei)" + }, + "ap-northeast-1": { + description: "Asia Pacific (Tokyo)" + }, + "ap-northeast-2": { + description: "Asia Pacific (Seoul)" + }, + "ap-northeast-3": { + description: "Asia Pacific (Osaka)" + }, + "ap-south-1": { + description: "Asia Pacific (Mumbai)" + }, + "ap-south-2": { + description: "Asia Pacific (Hyderabad)" + }, + "ap-southeast-1": { + description: "Asia Pacific (Singapore)" + }, + "ap-southeast-2": { + description: "Asia Pacific (Sydney)" + }, + "ap-southeast-3": { + description: "Asia Pacific (Jakarta)" + }, + "ap-southeast-4": { + description: "Asia Pacific (Melbourne)" + }, + "ap-southeast-5": { + description: "Asia Pacific (Malaysia)" + }, + "ap-southeast-7": { + description: "Asia Pacific (Thailand)" + }, + "aws-global": { + description: "AWS Standard global region" + }, + "ca-central-1": { + description: "Canada (Central)" + }, + "ca-west-1": { + description: "Canada West (Calgary)" + }, + "eu-central-1": { + description: "Europe (Frankfurt)" + }, + "eu-central-2": { + description: "Europe (Zurich)" + }, + "eu-north-1": { + description: "Europe (Stockholm)" + }, + "eu-south-1": { + description: "Europe (Milan)" + }, + "eu-south-2": { + description: "Europe (Spain)" + }, + "eu-west-1": { + description: "Europe (Ireland)" + }, + "eu-west-2": { + description: "Europe (London)" + }, + "eu-west-3": { + description: "Europe (Paris)" + }, + "il-central-1": { + description: "Israel (Tel Aviv)" + }, + "me-central-1": { + description: "Middle East (UAE)" + }, + "me-south-1": { + description: "Middle East (Bahrain)" + }, + "mx-central-1": { + description: "Mexico (Central)" + }, + "sa-east-1": { + description: "South America (Sao Paulo)" + }, + "us-east-1": { + description: "US East (N. Virginia)" + }, + "us-east-2": { + description: "US East (Ohio)" + }, + "us-west-1": { + description: "US West (N. California)" + }, + "us-west-2": { + description: "US West (Oregon)" + } + } + }, { + id: "aws-cn", + outputs: { + dnsSuffix: "amazonaws.com.cn", + dualStackDnsSuffix: "api.amazonwebservices.com.cn", + implicitGlobalRegion: "cn-northwest-1", + name: "aws-cn", + supportsDualStack: true, + supportsFIPS: true + }, + regionRegex: "^cn\\-\\w+\\-\\d+$", + regions: { + "aws-cn-global": { + description: "AWS China global region" + }, + "cn-north-1": { + description: "China (Beijing)" + }, + "cn-northwest-1": { + description: "China (Ningxia)" + } + } + }, { + id: "aws-us-gov", + outputs: { + dnsSuffix: "amazonaws.com", + dualStackDnsSuffix: "api.aws", + implicitGlobalRegion: "us-gov-west-1", + name: "aws-us-gov", + supportsDualStack: true, + supportsFIPS: true + }, + regionRegex: "^us\\-gov\\-\\w+\\-\\d+$", + regions: { + "aws-us-gov-global": { + description: "AWS GovCloud (US) global region" + }, + "us-gov-east-1": { + description: "AWS GovCloud (US-East)" + }, + "us-gov-west-1": { + description: "AWS GovCloud (US-West)" + } + } + }, { + id: "aws-iso", + outputs: { + dnsSuffix: "c2s.ic.gov", + dualStackDnsSuffix: "c2s.ic.gov", + implicitGlobalRegion: "us-iso-east-1", + name: "aws-iso", + supportsDualStack: false, + supportsFIPS: true + }, + regionRegex: "^us\\-iso\\-\\w+\\-\\d+$", + regions: { + "aws-iso-global": { + description: "AWS ISO (US) global region" + }, + "us-iso-east-1": { + description: "US ISO East" + }, + "us-iso-west-1": { + description: "US ISO WEST" + } + } + }, { + id: "aws-iso-b", + outputs: { + dnsSuffix: "sc2s.sgov.gov", + dualStackDnsSuffix: "sc2s.sgov.gov", + implicitGlobalRegion: "us-isob-east-1", + name: "aws-iso-b", + supportsDualStack: false, + supportsFIPS: true + }, + regionRegex: "^us\\-isob\\-\\w+\\-\\d+$", + regions: { + "aws-iso-b-global": { + description: "AWS ISOB (US) global region" + }, + "us-isob-east-1": { + description: "US ISOB East (Ohio)" + } + } + }, { + id: "aws-iso-e", + outputs: { + dnsSuffix: "cloud.adc-e.uk", + dualStackDnsSuffix: "cloud.adc-e.uk", + implicitGlobalRegion: "eu-isoe-west-1", + name: "aws-iso-e", + supportsDualStack: false, + supportsFIPS: true + }, + regionRegex: "^eu\\-isoe\\-\\w+\\-\\d+$", + regions: { + "aws-iso-e-global": { + description: "AWS ISOE (Europe) global region" + }, + "eu-isoe-west-1": { + description: "EU ISOE West" + } + } + }, { + id: "aws-iso-f", + outputs: { + dnsSuffix: "csp.hci.ic.gov", + dualStackDnsSuffix: "csp.hci.ic.gov", + implicitGlobalRegion: "us-isof-south-1", + name: "aws-iso-f", + supportsDualStack: false, + supportsFIPS: true + }, + regionRegex: "^us\\-isof\\-\\w+\\-\\d+$", + regions: { + "aws-iso-f-global": { + description: "AWS ISOF global region" + }, + "us-isof-east-1": { + description: "US ISOF EAST" + }, + "us-isof-south-1": { + description: "US ISOF SOUTH" + } + } + }, { + id: "aws-eusc", + outputs: { + dnsSuffix: "amazonaws.eu", + dualStackDnsSuffix: "amazonaws.eu", + implicitGlobalRegion: "eusc-de-east-1", + name: "aws-eusc", + supportsDualStack: false, + supportsFIPS: true + }, + regionRegex: "^eusc\\-(de)\\-\\w+\\-\\d+$", + regions: { + "eusc-de-east-1": { + description: "EU (Germany)" + } + } + }], + version: "1.1" +}; + +// src/lib/aws/partition.ts +var selectedPartitionsInfo = partitions_default; +var selectedUserAgentPrefix = ""; +var partition = /* @__PURE__ */ __name((value) => { + const { partitions } = selectedPartitionsInfo; + for (const partition2 of partitions) { + const { regions, outputs } = partition2; + for (const [region, regionData] of Object.entries(regions)) { + if (region === value) { + return { + ...outputs, + ...regionData + }; + } + } + } + for (const partition2 of partitions) { + const { regionRegex, outputs } = partition2; + if (new RegExp(regionRegex).test(value)) { + return { + ...outputs + }; + } + } + const DEFAULT_PARTITION = partitions.find((partition2) => partition2.id === "aws"); + if (!DEFAULT_PARTITION) { + throw new Error( + "Provided region was not found in the partition array or regex, and default partition with id 'aws' doesn't exist." + ); + } + return { + ...DEFAULT_PARTITION.outputs + }; +}, "partition"); +var setPartitionInfo = /* @__PURE__ */ __name((partitionsInfo, userAgentPrefix = "") => { + selectedPartitionsInfo = partitionsInfo; + selectedUserAgentPrefix = userAgentPrefix; +}, "setPartitionInfo"); +var useDefaultPartitionInfo = /* @__PURE__ */ __name(() => { + setPartitionInfo(partitions_default, ""); +}, "useDefaultPartitionInfo"); +var getUserAgentPrefix = /* @__PURE__ */ __name(() => selectedUserAgentPrefix, "getUserAgentPrefix"); + +// src/aws.ts +var awsEndpointFunctions = { + isVirtualHostableS3Bucket, + parseArn, + partition +}; +import_util_endpoints.customEndpointFunctions.aws = awsEndpointFunctions; + +// src/resolveDefaultAwsRegionalEndpointsConfig.ts +var import_url_parser = __nccwpck_require__(4681); +var resolveDefaultAwsRegionalEndpointsConfig = /* @__PURE__ */ __name((input) => { + if (typeof input.endpointProvider !== "function") { + throw new Error("@aws-sdk/util-endpoint - endpointProvider and endpoint missing in config for this client."); + } + const { endpoint } = input; + if (endpoint === void 0) { + input.endpoint = async () => { + return toEndpointV1( + input.endpointProvider( + { + Region: typeof input.region === "function" ? await input.region() : input.region, + UseDualStack: typeof input.useDualstackEndpoint === "function" ? await input.useDualstackEndpoint() : input.useDualstackEndpoint, + UseFIPS: typeof input.useFipsEndpoint === "function" ? await input.useFipsEndpoint() : input.useFipsEndpoint, + Endpoint: void 0 + }, + { logger: input.logger } + ) + ); + }; + } + return input; +}, "resolveDefaultAwsRegionalEndpointsConfig"); +var toEndpointV1 = /* @__PURE__ */ __name((endpoint) => (0, import_url_parser.parseUrl)(endpoint.url), "toEndpointV1"); + +// src/resolveEndpoint.ts + + +// src/types/EndpointError.ts + + +// src/types/EndpointRuleObject.ts + + +// src/types/ErrorRuleObject.ts + + +// src/types/RuleSetObject.ts + + +// src/types/TreeRuleObject.ts + + +// src/types/shared.ts + +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); + + + +/***/ }), + +/***/ 5380: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +"use strict"; + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + } + return to; +}; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/index.ts +var index_exports = {}; +__export(index_exports, { + NODE_APP_ID_CONFIG_OPTIONS: () => NODE_APP_ID_CONFIG_OPTIONS, + UA_APP_ID_ENV_NAME: () => UA_APP_ID_ENV_NAME, + UA_APP_ID_INI_NAME: () => UA_APP_ID_INI_NAME, + createDefaultUserAgentProvider: () => createDefaultUserAgentProvider, + crtAvailability: () => crtAvailability, + defaultUserAgent: () => defaultUserAgent +}); +module.exports = __toCommonJS(index_exports); + +// src/defaultUserAgent.ts +var import_os = __nccwpck_require__(2037); +var import_process = __nccwpck_require__(7282); + +// src/crt-availability.ts +var crtAvailability = { + isCrtAvailable: false +}; + +// src/is-crt-available.ts +var isCrtAvailable = /* @__PURE__ */ __name(() => { + if (crtAvailability.isCrtAvailable) { + return ["md/crt-avail"]; + } + return null; +}, "isCrtAvailable"); + +// src/defaultUserAgent.ts +var createDefaultUserAgentProvider = /* @__PURE__ */ __name(({ serviceId, clientVersion }) => { + return async (config) => { + const sections = [ + // sdk-metadata + ["aws-sdk-js", clientVersion], + // ua-metadata + ["ua", "2.1"], + // os-metadata + [`os/${(0, import_os.platform)()}`, (0, import_os.release)()], + // language-metadata + // ECMAScript edition doesn't matter in JS, so no version needed. + ["lang/js"], + ["md/nodejs", `${import_process.versions.node}`] + ]; + const crtAvailable = isCrtAvailable(); + if (crtAvailable) { + sections.push(crtAvailable); + } + if (serviceId) { + sections.push([`api/${serviceId}`, clientVersion]); + } + if (import_process.env.AWS_EXECUTION_ENV) { + sections.push([`exec-env/${import_process.env.AWS_EXECUTION_ENV}`]); + } + const appId = await config?.userAgentAppId?.(); + const resolvedUserAgent = appId ? [...sections, [`app/${appId}`]] : [...sections]; + return resolvedUserAgent; + }; +}, "createDefaultUserAgentProvider"); +var defaultUserAgent = createDefaultUserAgentProvider; + +// src/nodeAppIdConfigOptions.ts +var import_middleware_user_agent = __nccwpck_require__(3030); +var UA_APP_ID_ENV_NAME = "AWS_SDK_UA_APP_ID"; +var UA_APP_ID_INI_NAME = "sdk_ua_app_id"; +var UA_APP_ID_INI_NAME_DEPRECATED = "sdk-ua-app-id"; +var NODE_APP_ID_CONFIG_OPTIONS = { + environmentVariableSelector: /* @__PURE__ */ __name((env2) => env2[UA_APP_ID_ENV_NAME], "environmentVariableSelector"), + configFileSelector: /* @__PURE__ */ __name((profile) => profile[UA_APP_ID_INI_NAME] ?? profile[UA_APP_ID_INI_NAME_DEPRECATED], "configFileSelector"), + default: import_middleware_user_agent.DEFAULT_UA_APP_ID +}; +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); + + + +/***/ }), + +/***/ 7406: +/***/ ((module) => { + +"use strict"; + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + } + return to; +}; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/index.ts +var index_exports = {}; +__export(index_exports, { + XmlNode: () => XmlNode, + XmlText: () => XmlText +}); +module.exports = __toCommonJS(index_exports); + +// src/escape-attribute.ts +function escapeAttribute(value) { + return value.replace(/&/g, "&").replace(//g, ">").replace(/"/g, """); +} +__name(escapeAttribute, "escapeAttribute"); + +// src/escape-element.ts +function escapeElement(value) { + return value.replace(/&/g, "&").replace(/"/g, """).replace(/'/g, "'").replace(//g, ">").replace(/\r/g, " ").replace(/\n/g, " ").replace(/\u0085/g, "…").replace(/\u2028/, " "); +} +__name(escapeElement, "escapeElement"); + +// src/XmlText.ts +var XmlText = class { + constructor(value) { + this.value = value; + } + static { + __name(this, "XmlText"); + } + toString() { + return escapeElement("" + this.value); + } +}; + +// src/XmlNode.ts +var XmlNode = class _XmlNode { + constructor(name, children = []) { + this.name = name; + this.children = children; + } + static { + __name(this, "XmlNode"); + } + attributes = {}; + static of(name, childText, withName) { + const node = new _XmlNode(name); + if (childText !== void 0) { + node.addChildNode(new XmlText(childText)); + } + if (withName !== void 0) { + node.withName(withName); + } + return node; + } + withName(name) { + this.name = name; + return this; + } + addAttribute(name, value) { + this.attributes[name] = value; + return this; + } + addChildNode(child) { + this.children.push(child); + return this; + } + removeAttribute(name) { + delete this.attributes[name]; + return this; + } + /** + * @internal + * Alias of {@link XmlNode#withName(string)} for codegen brevity. + */ + n(name) { + this.name = name; + return this; + } + /** + * @internal + * Alias of {@link XmlNode#addChildNode(string)} for codegen brevity. + */ + c(child) { + this.children.push(child); + return this; + } + /** + * @internal + * Checked version of {@link XmlNode#addAttribute(string)} for codegen brevity. + */ + a(name, value) { + if (value != null) { + this.attributes[name] = value; + } + return this; + } + /** + * Create a child node. + * Used in serialization of string fields. + * @internal + */ + cc(input, field, withName = field) { + if (input[field] != null) { + const node = _XmlNode.of(field, input[field]).withName(withName); + this.c(node); + } + } + /** + * Creates list child nodes. + * @internal + */ + l(input, listName, memberName, valueProvider) { + if (input[listName] != null) { + const nodes = valueProvider(); + nodes.map((node) => { + node.withName(memberName); + this.c(node); + }); + } + } + /** + * Creates list child nodes with container. + * @internal */ - error_description; + lc(input, listName, memberName, valueProvider) { + if (input[listName] != null) { + const nodes = valueProvider(); + const containerNode = new _XmlNode(memberName); + nodes.map((node) => { + containerNode.c(node); + }); + this.c(containerNode); + } + } + toString() { + const hasChildren = Boolean(this.children.length); + let xmlText = `<${this.name}`; + const attributes = this.attributes; + for (const attributeName of Object.keys(attributes)) { + const attribute = attributes[attributeName]; + if (attribute != null) { + xmlText += ` ${attributeName}="${escapeAttribute("" + attribute)}"`; + } + } + return xmlText += !hasChildren ? "/>" : `>${this.children.map((c) => c.toString()).join("")}`; + } +}; +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); + + + +/***/ }), + +/***/ 9344: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.resolveHttpAuthSchemeConfig = exports.defaultSSOHttpAuthSchemeProvider = exports.defaultSSOHttpAuthSchemeParametersProvider = void 0; +const core_1 = __nccwpck_require__(9963); +const util_middleware_1 = __nccwpck_require__(2390); +const defaultSSOHttpAuthSchemeParametersProvider = async (config, context, input) => { + return { + operation: (0, util_middleware_1.getSmithyContext)(context).operation, + region: (await (0, util_middleware_1.normalizeProvider)(config.region)()) || + (() => { + throw new Error("expected `region` to be configured for `aws.auth#sigv4`"); + })(), + }; +}; +exports.defaultSSOHttpAuthSchemeParametersProvider = defaultSSOHttpAuthSchemeParametersProvider; +function createAwsAuthSigv4HttpAuthOption(authParameters) { + return { + schemeId: "aws.auth#sigv4", + signingProperties: { + name: "awsssoportal", + region: authParameters.region, + }, + propertiesExtractor: (config, context) => ({ + signingProperties: { + config, + context, + }, + }), + }; +} +function createSmithyApiNoAuthHttpAuthOption(authParameters) { + return { + schemeId: "smithy.api#noAuth", + }; +} +const defaultSSOHttpAuthSchemeProvider = (authParameters) => { + const options = []; + switch (authParameters.operation) { + case "GetRoleCredentials": { + options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); + break; + } + case "ListAccountRoles": { + options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); + break; + } + case "ListAccounts": { + options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); + break; + } + case "Logout": { + options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); + break; + } + default: { + options.push(createAwsAuthSigv4HttpAuthOption(authParameters)); + } + } + return options; +}; +exports.defaultSSOHttpAuthSchemeProvider = defaultSSOHttpAuthSchemeProvider; +const resolveHttpAuthSchemeConfig = (config) => { + const config_0 = (0, core_1.resolveAwsSdkSigV4Config)(config); + return Object.assign(config_0, { + authSchemePreference: (0, util_middleware_1.normalizeProvider)(config.authSchemePreference ?? []), + }); +}; +exports.resolveHttpAuthSchemeConfig = resolveHttpAuthSchemeConfig; + + +/***/ }), + +/***/ 898: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.defaultEndpointResolver = void 0; +const util_endpoints_1 = __nccwpck_require__(3350); +const util_endpoints_2 = __nccwpck_require__(5473); +const ruleset_1 = __nccwpck_require__(3341); +const cache = new util_endpoints_2.EndpointCache({ + size: 50, + params: ["Endpoint", "Region", "UseDualStack", "UseFIPS"], +}); +const defaultEndpointResolver = (endpointParams, context = {}) => { + return cache.get(endpointParams, () => (0, util_endpoints_2.resolveEndpoint)(ruleset_1.ruleSet, { + endpointParams: endpointParams, + logger: context.logger, + })); +}; +exports.defaultEndpointResolver = defaultEndpointResolver; +util_endpoints_2.customEndpointFunctions.aws = util_endpoints_1.awsEndpointFunctions; + + +/***/ }), + +/***/ 3341: +/***/ ((__unused_webpack_module, exports) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.ruleSet = void 0; +const u = "required", v = "fn", w = "argv", x = "ref"; +const a = true, b = "isSet", c = "booleanEquals", d = "error", e = "endpoint", f = "tree", g = "PartitionResult", h = "getAttr", i = { [u]: false, "type": "String" }, j = { [u]: true, "default": false, "type": "Boolean" }, k = { [x]: "Endpoint" }, l = { [v]: c, [w]: [{ [x]: "UseFIPS" }, true] }, m = { [v]: c, [w]: [{ [x]: "UseDualStack" }, true] }, n = {}, o = { [v]: h, [w]: [{ [x]: g }, "supportsFIPS"] }, p = { [x]: g }, q = { [v]: c, [w]: [true, { [v]: h, [w]: [p, "supportsDualStack"] }] }, r = [l], s = [m], t = [{ [x]: "Region" }]; +const _data = { version: "1.0", parameters: { Region: i, UseDualStack: j, UseFIPS: j, Endpoint: i }, rules: [{ conditions: [{ [v]: b, [w]: [k] }], rules: [{ conditions: r, error: "Invalid Configuration: FIPS and custom endpoint are not supported", type: d }, { conditions: s, error: "Invalid Configuration: Dualstack and custom endpoint are not supported", type: d }, { endpoint: { url: k, properties: n, headers: n }, type: e }], type: f }, { conditions: [{ [v]: b, [w]: t }], rules: [{ conditions: [{ [v]: "aws.partition", [w]: t, assign: g }], rules: [{ conditions: [l, m], rules: [{ conditions: [{ [v]: c, [w]: [a, o] }, q], rules: [{ endpoint: { url: "https://portal.sso-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: n, headers: n }, type: e }], type: f }, { error: "FIPS and DualStack are enabled, but this partition does not support one or both", type: d }], type: f }, { conditions: r, rules: [{ conditions: [{ [v]: c, [w]: [o, a] }], rules: [{ conditions: [{ [v]: "stringEquals", [w]: [{ [v]: h, [w]: [p, "name"] }, "aws-us-gov"] }], endpoint: { url: "https://portal.sso.{Region}.amazonaws.com", properties: n, headers: n }, type: e }, { endpoint: { url: "https://portal.sso-fips.{Region}.{PartitionResult#dnsSuffix}", properties: n, headers: n }, type: e }], type: f }, { error: "FIPS is enabled but this partition does not support FIPS", type: d }], type: f }, { conditions: s, rules: [{ conditions: [q], rules: [{ endpoint: { url: "https://portal.sso.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: n, headers: n }, type: e }], type: f }, { error: "DualStack is enabled but this partition does not support DualStack", type: d }], type: f }, { endpoint: { url: "https://portal.sso.{Region}.{PartitionResult#dnsSuffix}", properties: n, headers: n }, type: e }], type: f }], type: f }, { error: "Invalid Configuration: Missing Region", type: d }] }; +exports.ruleSet = _data; + + +/***/ }), + +/***/ 2666: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +"use strict"; + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + } + return to; +}; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/index.ts +var index_exports = {}; +__export(index_exports, { + GetRoleCredentialsCommand: () => GetRoleCredentialsCommand, + GetRoleCredentialsRequestFilterSensitiveLog: () => GetRoleCredentialsRequestFilterSensitiveLog, + GetRoleCredentialsResponseFilterSensitiveLog: () => GetRoleCredentialsResponseFilterSensitiveLog, + InvalidRequestException: () => InvalidRequestException, + ListAccountRolesCommand: () => ListAccountRolesCommand, + ListAccountRolesRequestFilterSensitiveLog: () => ListAccountRolesRequestFilterSensitiveLog, + ListAccountsCommand: () => ListAccountsCommand, + ListAccountsRequestFilterSensitiveLog: () => ListAccountsRequestFilterSensitiveLog, + LogoutCommand: () => LogoutCommand, + LogoutRequestFilterSensitiveLog: () => LogoutRequestFilterSensitiveLog, + ResourceNotFoundException: () => ResourceNotFoundException, + RoleCredentialsFilterSensitiveLog: () => RoleCredentialsFilterSensitiveLog, + SSO: () => SSO, + SSOClient: () => SSOClient, + SSOServiceException: () => SSOServiceException, + TooManyRequestsException: () => TooManyRequestsException, + UnauthorizedException: () => UnauthorizedException, + __Client: () => import_smithy_client.Client, + paginateListAccountRoles: () => paginateListAccountRoles, + paginateListAccounts: () => paginateListAccounts +}); +module.exports = __toCommonJS(index_exports); + +// src/SSOClient.ts +var import_middleware_host_header = __nccwpck_require__(2545); +var import_middleware_logger = __nccwpck_require__(14); +var import_middleware_recursion_detection = __nccwpck_require__(5525); +var import_middleware_user_agent = __nccwpck_require__(4688); +var import_config_resolver = __nccwpck_require__(3098); +var import_core = __nccwpck_require__(5829); +var import_middleware_content_length = __nccwpck_require__(2800); +var import_middleware_endpoint = __nccwpck_require__(2918); +var import_middleware_retry = __nccwpck_require__(6039); + +var import_httpAuthSchemeProvider = __nccwpck_require__(9344); + +// src/endpoint/EndpointParameters.ts +var resolveClientEndpointParameters = /* @__PURE__ */ __name((options) => { + return Object.assign(options, { + useDualstackEndpoint: options.useDualstackEndpoint ?? false, + useFipsEndpoint: options.useFipsEndpoint ?? false, + defaultSigningName: "awsssoportal" + }); +}, "resolveClientEndpointParameters"); +var commonParams = { + UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, + Endpoint: { type: "builtInParams", name: "endpoint" }, + Region: { type: "builtInParams", name: "region" }, + UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" } +}; + +// src/SSOClient.ts +var import_runtimeConfig = __nccwpck_require__(9756); + +// src/runtimeExtensions.ts +var import_region_config_resolver = __nccwpck_require__(8156); +var import_protocol_http = __nccwpck_require__(4418); +var import_smithy_client = __nccwpck_require__(3570); + +// src/auth/httpAuthExtensionConfiguration.ts +var getHttpAuthExtensionConfiguration = /* @__PURE__ */ __name((runtimeConfig) => { + const _httpAuthSchemes = runtimeConfig.httpAuthSchemes; + let _httpAuthSchemeProvider = runtimeConfig.httpAuthSchemeProvider; + let _credentials = runtimeConfig.credentials; + return { + setHttpAuthScheme(httpAuthScheme) { + const index = _httpAuthSchemes.findIndex((scheme) => scheme.schemeId === httpAuthScheme.schemeId); + if (index === -1) { + _httpAuthSchemes.push(httpAuthScheme); + } else { + _httpAuthSchemes.splice(index, 1, httpAuthScheme); + } + }, + httpAuthSchemes() { + return _httpAuthSchemes; + }, + setHttpAuthSchemeProvider(httpAuthSchemeProvider) { + _httpAuthSchemeProvider = httpAuthSchemeProvider; + }, + httpAuthSchemeProvider() { + return _httpAuthSchemeProvider; + }, + setCredentials(credentials) { + _credentials = credentials; + }, + credentials() { + return _credentials; + } + }; +}, "getHttpAuthExtensionConfiguration"); +var resolveHttpAuthRuntimeConfig = /* @__PURE__ */ __name((config) => { + return { + httpAuthSchemes: config.httpAuthSchemes(), + httpAuthSchemeProvider: config.httpAuthSchemeProvider(), + credentials: config.credentials() + }; +}, "resolveHttpAuthRuntimeConfig"); + +// src/runtimeExtensions.ts +var resolveRuntimeExtensions = /* @__PURE__ */ __name((runtimeConfig, extensions) => { + const extensionConfiguration = Object.assign( + (0, import_region_config_resolver.getAwsRegionExtensionConfiguration)(runtimeConfig), + (0, import_smithy_client.getDefaultExtensionConfiguration)(runtimeConfig), + (0, import_protocol_http.getHttpHandlerExtensionConfiguration)(runtimeConfig), + getHttpAuthExtensionConfiguration(runtimeConfig) + ); + extensions.forEach((extension) => extension.configure(extensionConfiguration)); + return Object.assign( + runtimeConfig, + (0, import_region_config_resolver.resolveAwsRegionExtensionConfiguration)(extensionConfiguration), + (0, import_smithy_client.resolveDefaultRuntimeConfig)(extensionConfiguration), + (0, import_protocol_http.resolveHttpHandlerRuntimeConfig)(extensionConfiguration), + resolveHttpAuthRuntimeConfig(extensionConfiguration) + ); +}, "resolveRuntimeExtensions"); + +// src/SSOClient.ts +var SSOClient = class extends import_smithy_client.Client { + static { + __name(this, "SSOClient"); + } + /** + * The resolved configuration of SSOClient class. This is resolved and normalized from the {@link SSOClientConfig | constructor configuration interface}. + */ + config; + constructor(...[configuration]) { + const _config_0 = (0, import_runtimeConfig.getRuntimeConfig)(configuration || {}); + super(_config_0); + this.initConfig = _config_0; + const _config_1 = resolveClientEndpointParameters(_config_0); + const _config_2 = (0, import_middleware_user_agent.resolveUserAgentConfig)(_config_1); + const _config_3 = (0, import_middleware_retry.resolveRetryConfig)(_config_2); + const _config_4 = (0, import_config_resolver.resolveRegionConfig)(_config_3); + const _config_5 = (0, import_middleware_host_header.resolveHostHeaderConfig)(_config_4); + const _config_6 = (0, import_middleware_endpoint.resolveEndpointConfig)(_config_5); + const _config_7 = (0, import_httpAuthSchemeProvider.resolveHttpAuthSchemeConfig)(_config_6); + const _config_8 = resolveRuntimeExtensions(_config_7, configuration?.extensions || []); + this.config = _config_8; + this.middlewareStack.use((0, import_middleware_user_agent.getUserAgentPlugin)(this.config)); + this.middlewareStack.use((0, import_middleware_retry.getRetryPlugin)(this.config)); + this.middlewareStack.use((0, import_middleware_content_length.getContentLengthPlugin)(this.config)); + this.middlewareStack.use((0, import_middleware_host_header.getHostHeaderPlugin)(this.config)); + this.middlewareStack.use((0, import_middleware_logger.getLoggerPlugin)(this.config)); + this.middlewareStack.use((0, import_middleware_recursion_detection.getRecursionDetectionPlugin)(this.config)); + this.middlewareStack.use( + (0, import_core.getHttpAuthSchemeEndpointRuleSetPlugin)(this.config, { + httpAuthSchemeParametersProvider: import_httpAuthSchemeProvider.defaultSSOHttpAuthSchemeParametersProvider, + identityProviderConfigProvider: /* @__PURE__ */ __name(async (config) => new import_core.DefaultIdentityProviderConfig({ + "aws.auth#sigv4": config.credentials + }), "identityProviderConfigProvider") + }) + ); + this.middlewareStack.use((0, import_core.getHttpSigningPlugin)(this.config)); + } + /** + * Destroy underlying resources, like sockets. It's usually not necessary to do this. + * However in Node.js, it's best to explicitly shut down the client's agent when it is no longer needed. + * Otherwise, sockets might stay open for quite a long time before the server terminates them. + */ + destroy() { + super.destroy(); + } +}; + +// src/SSO.ts + + +// src/commands/GetRoleCredentialsCommand.ts + +var import_middleware_serde = __nccwpck_require__(1238); + + +// src/models/models_0.ts + + +// src/models/SSOServiceException.ts + +var SSOServiceException = class _SSOServiceException extends import_smithy_client.ServiceException { + static { + __name(this, "SSOServiceException"); + } + /** + * @internal + */ + constructor(options) { + super(options); + Object.setPrototypeOf(this, _SSOServiceException.prototype); + } +}; + +// src/models/models_0.ts +var InvalidRequestException = class _InvalidRequestException extends SSOServiceException { + static { + __name(this, "InvalidRequestException"); + } + name = "InvalidRequestException"; + $fault = "client"; /** * @internal */ constructor(opts) { super({ - name: "UnsupportedGrantTypeException", + name: "InvalidRequestException", $fault: "client", ...opts }); - Object.setPrototypeOf(this, _UnsupportedGrantTypeException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; + Object.setPrototypeOf(this, _InvalidRequestException.prototype); + } +}; +var ResourceNotFoundException = class _ResourceNotFoundException extends SSOServiceException { + static { + __name(this, "ResourceNotFoundException"); + } + name = "ResourceNotFoundException"; + $fault = "client"; + /** + * @internal + */ + constructor(opts) { + super({ + name: "ResourceNotFoundException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _ResourceNotFoundException.prototype); + } +}; +var TooManyRequestsException = class _TooManyRequestsException extends SSOServiceException { + static { + __name(this, "TooManyRequestsException"); + } + name = "TooManyRequestsException"; + $fault = "client"; + /** + * @internal + */ + constructor(opts) { + super({ + name: "TooManyRequestsException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _TooManyRequestsException.prototype); + } +}; +var UnauthorizedException = class _UnauthorizedException extends SSOServiceException { + static { + __name(this, "UnauthorizedException"); + } + name = "UnauthorizedException"; + $fault = "client"; + /** + * @internal + */ + constructor(opts) { + super({ + name: "UnauthorizedException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _UnauthorizedException.prototype); } }; +var GetRoleCredentialsRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.accessToken && { accessToken: import_smithy_client.SENSITIVE_STRING } +}), "GetRoleCredentialsRequestFilterSensitiveLog"); +var RoleCredentialsFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.secretAccessKey && { secretAccessKey: import_smithy_client.SENSITIVE_STRING }, + ...obj.sessionToken && { sessionToken: import_smithy_client.SENSITIVE_STRING } +}), "RoleCredentialsFilterSensitiveLog"); +var GetRoleCredentialsResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.roleCredentials && { roleCredentials: RoleCredentialsFilterSensitiveLog(obj.roleCredentials) } +}), "GetRoleCredentialsResponseFilterSensitiveLog"); +var ListAccountRolesRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.accessToken && { accessToken: import_smithy_client.SENSITIVE_STRING } +}), "ListAccountRolesRequestFilterSensitiveLog"); +var ListAccountsRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.accessToken && { accessToken: import_smithy_client.SENSITIVE_STRING } +}), "ListAccountsRequestFilterSensitiveLog"); +var LogoutRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.accessToken && { accessToken: import_smithy_client.SENSITIVE_STRING } +}), "LogoutRequestFilterSensitiveLog"); -// src/submodules/sso-oidc/protocols/Aws_restJson1.ts +// src/protocols/Aws_restJson1.ts var import_core2 = __nccwpck_require__(9963); -var import_core3 = __nccwpck_require__(5829); -var import_smithy_client5 = __nccwpck_require__(3570); -var se_CreateTokenCommand = /* @__PURE__ */ __name(async (input, context) => { - const b = (0, import_core3.requestBuilder)(input, context); - const headers = { - "content-type": "application/json" - }; - b.bp("/token"); + + +var se_GetRoleCredentialsCommand = /* @__PURE__ */ __name(async (input, context) => { + const b = (0, import_core.requestBuilder)(input, context); + const headers = (0, import_smithy_client.map)({}, import_smithy_client.isSerializableHeaderValue, { + [_xasbt]: input[_aT] + }); + b.bp("/federation/credentials"); + const query = (0, import_smithy_client.map)({ + [_rn]: [, (0, import_smithy_client.expectNonNull)(input[_rN], `roleName`)], + [_ai]: [, (0, import_smithy_client.expectNonNull)(input[_aI], `accountId`)] + }); + let body; + b.m("GET").h(headers).q(query).b(body); + return b.build(); +}, "se_GetRoleCredentialsCommand"); +var se_ListAccountRolesCommand = /* @__PURE__ */ __name(async (input, context) => { + const b = (0, import_core.requestBuilder)(input, context); + const headers = (0, import_smithy_client.map)({}, import_smithy_client.isSerializableHeaderValue, { + [_xasbt]: input[_aT] + }); + b.bp("/assignment/roles"); + const query = (0, import_smithy_client.map)({ + [_nt]: [, input[_nT]], + [_mr]: [() => input.maxResults !== void 0, () => input[_mR].toString()], + [_ai]: [, (0, import_smithy_client.expectNonNull)(input[_aI], `accountId`)] + }); + let body; + b.m("GET").h(headers).q(query).b(body); + return b.build(); +}, "se_ListAccountRolesCommand"); +var se_ListAccountsCommand = /* @__PURE__ */ __name(async (input, context) => { + const b = (0, import_core.requestBuilder)(input, context); + const headers = (0, import_smithy_client.map)({}, import_smithy_client.isSerializableHeaderValue, { + [_xasbt]: input[_aT] + }); + b.bp("/assignment/accounts"); + const query = (0, import_smithy_client.map)({ + [_nt]: [, input[_nT]], + [_mr]: [() => input.maxResults !== void 0, () => input[_mR].toString()] + }); + let body; + b.m("GET").h(headers).q(query).b(body); + return b.build(); +}, "se_ListAccountsCommand"); +var se_LogoutCommand = /* @__PURE__ */ __name(async (input, context) => { + const b = (0, import_core.requestBuilder)(input, context); + const headers = (0, import_smithy_client.map)({}, import_smithy_client.isSerializableHeaderValue, { + [_xasbt]: input[_aT] + }); + b.bp("/logout"); let body; - body = JSON.stringify( - (0, import_smithy_client5.take)(input, { - clientId: [], - clientSecret: [], - code: [], - codeVerifier: [], - deviceCode: [], - grantType: [], - redirectUri: [], - refreshToken: [], - scope: /* @__PURE__ */ __name((_) => (0, import_smithy_client5._json)(_), "scope") - }) - ); b.m("POST").h(headers).b(body); return b.build(); -}, "se_CreateTokenCommand"); -var de_CreateTokenCommand = /* @__PURE__ */ __name(async (output, context) => { +}, "se_LogoutCommand"); +var de_GetRoleCredentialsCommand = /* @__PURE__ */ __name(async (output, context) => { if (output.statusCode !== 200 && output.statusCode >= 300) { return de_CommandError(output, context); } - const contents = (0, import_smithy_client5.map)({ + const contents = (0, import_smithy_client.map)({ $metadata: deserializeMetadata(output) }); - const data = (0, import_smithy_client5.expectNonNull)((0, import_smithy_client5.expectObject)(await (0, import_core2.parseJsonBody)(output.body, context)), "body"); - const doc = (0, import_smithy_client5.take)(data, { - accessToken: import_smithy_client5.expectString, - expiresIn: import_smithy_client5.expectInt32, - idToken: import_smithy_client5.expectString, - refreshToken: import_smithy_client5.expectString, - tokenType: import_smithy_client5.expectString + const data = (0, import_smithy_client.expectNonNull)((0, import_smithy_client.expectObject)(await (0, import_core2.parseJsonBody)(output.body, context)), "body"); + const doc = (0, import_smithy_client.take)(data, { + roleCredentials: import_smithy_client._json }); Object.assign(contents, doc); return contents; -}, "de_CreateTokenCommand"); +}, "de_GetRoleCredentialsCommand"); +var de_ListAccountRolesCommand = /* @__PURE__ */ __name(async (output, context) => { + if (output.statusCode !== 200 && output.statusCode >= 300) { + return de_CommandError(output, context); + } + const contents = (0, import_smithy_client.map)({ + $metadata: deserializeMetadata(output) + }); + const data = (0, import_smithy_client.expectNonNull)((0, import_smithy_client.expectObject)(await (0, import_core2.parseJsonBody)(output.body, context)), "body"); + const doc = (0, import_smithy_client.take)(data, { + nextToken: import_smithy_client.expectString, + roleList: import_smithy_client._json + }); + Object.assign(contents, doc); + return contents; +}, "de_ListAccountRolesCommand"); +var de_ListAccountsCommand = /* @__PURE__ */ __name(async (output, context) => { + if (output.statusCode !== 200 && output.statusCode >= 300) { + return de_CommandError(output, context); + } + const contents = (0, import_smithy_client.map)({ + $metadata: deserializeMetadata(output) + }); + const data = (0, import_smithy_client.expectNonNull)((0, import_smithy_client.expectObject)(await (0, import_core2.parseJsonBody)(output.body, context)), "body"); + const doc = (0, import_smithy_client.take)(data, { + accountList: import_smithy_client._json, + nextToken: import_smithy_client.expectString + }); + Object.assign(contents, doc); + return contents; +}, "de_ListAccountsCommand"); +var de_LogoutCommand = /* @__PURE__ */ __name(async (output, context) => { + if (output.statusCode !== 200 && output.statusCode >= 300) { + return de_CommandError(output, context); + } + const contents = (0, import_smithy_client.map)({ + $metadata: deserializeMetadata(output) + }); + await (0, import_smithy_client.collectBody)(output.body, context); + return contents; +}, "de_LogoutCommand"); var de_CommandError = /* @__PURE__ */ __name(async (output, context) => { const parsedOutput = { ...output, @@ -25455,39 +32268,18 @@ var de_CommandError = /* @__PURE__ */ __name(async (output, context) => { }; const errorCode = (0, import_core2.loadRestJsonErrorCode)(output, parsedOutput.body); switch (errorCode) { - case "AccessDeniedException": - case "com.amazonaws.ssooidc#AccessDeniedException": - throw await de_AccessDeniedExceptionRes(parsedOutput, context); - case "AuthorizationPendingException": - case "com.amazonaws.ssooidc#AuthorizationPendingException": - throw await de_AuthorizationPendingExceptionRes(parsedOutput, context); - case "ExpiredTokenException": - case "com.amazonaws.ssooidc#ExpiredTokenException": - throw await de_ExpiredTokenExceptionRes(parsedOutput, context); - case "InternalServerException": - case "com.amazonaws.ssooidc#InternalServerException": - throw await de_InternalServerExceptionRes(parsedOutput, context); - case "InvalidClientException": - case "com.amazonaws.ssooidc#InvalidClientException": - throw await de_InvalidClientExceptionRes(parsedOutput, context); - case "InvalidGrantException": - case "com.amazonaws.ssooidc#InvalidGrantException": - throw await de_InvalidGrantExceptionRes(parsedOutput, context); case "InvalidRequestException": - case "com.amazonaws.ssooidc#InvalidRequestException": + case "com.amazonaws.sso#InvalidRequestException": throw await de_InvalidRequestExceptionRes(parsedOutput, context); - case "InvalidScopeException": - case "com.amazonaws.ssooidc#InvalidScopeException": - throw await de_InvalidScopeExceptionRes(parsedOutput, context); - case "SlowDownException": - case "com.amazonaws.ssooidc#SlowDownException": - throw await de_SlowDownExceptionRes(parsedOutput, context); - case "UnauthorizedClientException": - case "com.amazonaws.ssooidc#UnauthorizedClientException": - throw await de_UnauthorizedClientExceptionRes(parsedOutput, context); - case "UnsupportedGrantTypeException": - case "com.amazonaws.ssooidc#UnsupportedGrantTypeException": - throw await de_UnsupportedGrantTypeExceptionRes(parsedOutput, context); + case "ResourceNotFoundException": + case "com.amazonaws.sso#ResourceNotFoundException": + throw await de_ResourceNotFoundExceptionRes(parsedOutput, context); + case "TooManyRequestsException": + case "com.amazonaws.sso#TooManyRequestsException": + throw await de_TooManyRequestsExceptionRes(parsedOutput, context); + case "UnauthorizedException": + case "com.amazonaws.sso#UnauthorizedException": + throw await de_UnauthorizedExceptionRes(parsedOutput, context); default: const parsedBody = parsedOutput.body; return throwDefaultError({ @@ -25497,197 +32289,163 @@ var de_CommandError = /* @__PURE__ */ __name(async (output, context) => { }); } }, "de_CommandError"); -var throwDefaultError = (0, import_smithy_client5.withBaseException)(SSOOIDCServiceException); -var de_AccessDeniedExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new AccessDeniedException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_AccessDeniedExceptionRes"); -var de_AuthorizationPendingExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new AuthorizationPendingException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_AuthorizationPendingExceptionRes"); -var de_ExpiredTokenExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new ExpiredTokenException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_ExpiredTokenExceptionRes"); -var de_InternalServerExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new InternalServerException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_InternalServerExceptionRes"); -var de_InvalidClientExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new InvalidClientException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_InvalidClientExceptionRes"); -var de_InvalidGrantExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new InvalidGrantException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_InvalidGrantExceptionRes"); +var throwDefaultError = (0, import_smithy_client.withBaseException)(SSOServiceException); var de_InvalidRequestExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); + const contents = (0, import_smithy_client.map)({}); const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString + const doc = (0, import_smithy_client.take)(data, { + message: import_smithy_client.expectString }); Object.assign(contents, doc); const exception = new InvalidRequestException({ $metadata: deserializeMetadata(parsedOutput), ...contents }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); + return (0, import_smithy_client.decorateServiceException)(exception, parsedOutput.body); }, "de_InvalidRequestExceptionRes"); -var de_InvalidScopeExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new InvalidScopeException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_InvalidScopeExceptionRes"); -var de_SlowDownExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); +var de_ResourceNotFoundExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client.map)({}); const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString + const doc = (0, import_smithy_client.take)(data, { + message: import_smithy_client.expectString }); Object.assign(contents, doc); - const exception = new SlowDownException({ + const exception = new ResourceNotFoundException({ $metadata: deserializeMetadata(parsedOutput), ...contents }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_SlowDownExceptionRes"); -var de_UnauthorizedClientExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); + return (0, import_smithy_client.decorateServiceException)(exception, parsedOutput.body); +}, "de_ResourceNotFoundExceptionRes"); +var de_TooManyRequestsExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client.map)({}); const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString + const doc = (0, import_smithy_client.take)(data, { + message: import_smithy_client.expectString }); Object.assign(contents, doc); - const exception = new UnauthorizedClientException({ + const exception = new TooManyRequestsException({ $metadata: deserializeMetadata(parsedOutput), ...contents }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_UnauthorizedClientExceptionRes"); -var de_UnsupportedGrantTypeExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); + return (0, import_smithy_client.decorateServiceException)(exception, parsedOutput.body); +}, "de_TooManyRequestsExceptionRes"); +var de_UnauthorizedExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client.map)({}); const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString + const doc = (0, import_smithy_client.take)(data, { + message: import_smithy_client.expectString }); Object.assign(contents, doc); - const exception = new UnsupportedGrantTypeException({ + const exception = new UnauthorizedException({ $metadata: deserializeMetadata(parsedOutput), ...contents }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_UnsupportedGrantTypeExceptionRes"); + return (0, import_smithy_client.decorateServiceException)(exception, parsedOutput.body); +}, "de_UnauthorizedExceptionRes"); var deserializeMetadata = /* @__PURE__ */ __name((output) => ({ httpStatusCode: output.statusCode, requestId: output.headers["x-amzn-requestid"] ?? output.headers["x-amzn-request-id"] ?? output.headers["x-amz-request-id"], extendedRequestId: output.headers["x-amz-id-2"], cfId: output.headers["x-amz-cf-id"] }), "deserializeMetadata"); +var _aI = "accountId"; +var _aT = "accessToken"; +var _ai = "account_id"; +var _mR = "maxResults"; +var _mr = "max_result"; +var _nT = "nextToken"; +var _nt = "next_token"; +var _rN = "roleName"; +var _rn = "role_name"; +var _xasbt = "x-amz-sso_bearer_token"; -// src/submodules/sso-oidc/commands/CreateTokenCommand.ts -var CreateTokenCommand = class extends import_smithy_client6.Command.classBuilder().ep(commonParams).m(function(Command, cs, config, o) { +// src/commands/GetRoleCredentialsCommand.ts +var GetRoleCredentialsCommand = class extends import_smithy_client.Command.classBuilder().ep(commonParams).m(function(Command, cs, config, o) { return [ (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint2.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) + (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) ]; -}).s("AWSSSOOIDCService", "CreateToken", {}).n("SSOOIDCClient", "CreateTokenCommand").f(CreateTokenRequestFilterSensitiveLog, CreateTokenResponseFilterSensitiveLog).ser(se_CreateTokenCommand).de(de_CreateTokenCommand).build() { +}).s("SWBPortalService", "GetRoleCredentials", {}).n("SSOClient", "GetRoleCredentialsCommand").f(GetRoleCredentialsRequestFilterSensitiveLog, GetRoleCredentialsResponseFilterSensitiveLog).ser(se_GetRoleCredentialsCommand).de(de_GetRoleCredentialsCommand).build() { static { - __name(this, "CreateTokenCommand"); + __name(this, "GetRoleCredentialsCommand"); } }; -// src/submodules/sso-oidc/SSOOIDC.ts +// src/commands/ListAccountRolesCommand.ts + + + +var ListAccountRolesCommand = class extends import_smithy_client.Command.classBuilder().ep(commonParams).m(function(Command, cs, config, o) { + return [ + (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), + (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) + ]; +}).s("SWBPortalService", "ListAccountRoles", {}).n("SSOClient", "ListAccountRolesCommand").f(ListAccountRolesRequestFilterSensitiveLog, void 0).ser(se_ListAccountRolesCommand).de(de_ListAccountRolesCommand).build() { + static { + __name(this, "ListAccountRolesCommand"); + } +}; + +// src/commands/ListAccountsCommand.ts + + + +var ListAccountsCommand = class extends import_smithy_client.Command.classBuilder().ep(commonParams).m(function(Command, cs, config, o) { + return [ + (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), + (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) + ]; +}).s("SWBPortalService", "ListAccounts", {}).n("SSOClient", "ListAccountsCommand").f(ListAccountsRequestFilterSensitiveLog, void 0).ser(se_ListAccountsCommand).de(de_ListAccountsCommand).build() { + static { + __name(this, "ListAccountsCommand"); + } +}; + +// src/commands/LogoutCommand.ts + + + +var LogoutCommand = class extends import_smithy_client.Command.classBuilder().ep(commonParams).m(function(Command, cs, config, o) { + return [ + (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), + (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) + ]; +}).s("SWBPortalService", "Logout", {}).n("SSOClient", "LogoutCommand").f(LogoutRequestFilterSensitiveLog, void 0).ser(se_LogoutCommand).de(de_LogoutCommand).build() { + static { + __name(this, "LogoutCommand"); + } +}; + +// src/SSO.ts var commands = { - CreateTokenCommand + GetRoleCredentialsCommand, + ListAccountRolesCommand, + ListAccountsCommand, + LogoutCommand }; -var SSOOIDC = class extends SSOOIDCClient { +var SSO = class extends SSOClient { static { - __name(this, "SSOOIDC"); + __name(this, "SSO"); } }; -(0, import_smithy_client7.createAggregatedClient)(commands, SSOOIDC); +(0, import_smithy_client.createAggregatedClient)(commands, SSO); + +// src/pagination/ListAccountRolesPaginator.ts + +var paginateListAccountRoles = (0, import_core.createPaginator)(SSOClient, ListAccountRolesCommand, "nextToken", "nextToken", "maxResults"); + +// src/pagination/ListAccountsPaginator.ts + +var paginateListAccounts = (0, import_core.createPaginator)(SSOClient, ListAccountsCommand, "nextToken", "nextToken", "maxResults"); // Annotate the CommonJS export names for ESM import in node: + 0 && (0); + /***/ }), -/***/ 9750: +/***/ 9756: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; @@ -25695,9 +32453,9 @@ var SSOOIDC = class extends SSOOIDCClient { Object.defineProperty(exports, "__esModule", ({ value: true })); exports.getRuntimeConfig = void 0; const tslib_1 = __nccwpck_require__(4351); -const package_json_1 = tslib_1.__importDefault(__nccwpck_require__(3942)); +const package_json_1 = tslib_1.__importDefault(__nccwpck_require__(1092)); const core_1 = __nccwpck_require__(9963); -const util_user_agent_node_1 = __nccwpck_require__(5380); +const util_user_agent_node_1 = __nccwpck_require__(8095); const config_resolver_1 = __nccwpck_require__(3098); const hash_node_1 = __nccwpck_require__(3081); const middleware_retry_1 = __nccwpck_require__(6039); @@ -25705,7 +32463,7 @@ const node_config_provider_1 = __nccwpck_require__(3461); const node_http_handler_1 = __nccwpck_require__(258); const util_body_length_node_1 = __nccwpck_require__(8075); const util_retry_1 = __nccwpck_require__(4902); -const runtimeConfig_shared_1 = __nccwpck_require__(8319); +const runtimeConfig_shared_1 = __nccwpck_require__(4809); const smithy_client_1 = __nccwpck_require__(3570); const util_defaults_mode_node_1 = __nccwpck_require__(2429); const smithy_client_2 = __nccwpck_require__(3570); @@ -25749,7 +32507,7 @@ exports.getRuntimeConfig = getRuntimeConfig; /***/ }), -/***/ 8319: +/***/ 4809: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; @@ -25762,8 +32520,8 @@ const smithy_client_1 = __nccwpck_require__(3570); const url_parser_1 = __nccwpck_require__(4681); const util_base64_1 = __nccwpck_require__(5600); const util_utf8_1 = __nccwpck_require__(1895); -const httpAuthSchemeProvider_1 = __nccwpck_require__(7009); -const endpointResolver_1 = __nccwpck_require__(5065); +const httpAuthSchemeProvider_1 = __nccwpck_require__(9344); +const endpointResolver_1 = __nccwpck_require__(898); const getRuntimeConfig = (config) => { return { apiVersion: "2019-06-10", @@ -25772,7 +32530,7 @@ const getRuntimeConfig = (config) => { disableHostPrefix: config?.disableHostPrefix ?? false, endpointProvider: config?.endpointProvider ?? endpointResolver_1.defaultEndpointResolver, extensions: config?.extensions ?? [], - httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? httpAuthSchemeProvider_1.defaultSSOOIDCHttpAuthSchemeProvider, + httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? httpAuthSchemeProvider_1.defaultSSOHttpAuthSchemeProvider, httpAuthSchemes: config?.httpAuthSchemes ?? [ { schemeId: "aws.auth#sigv4", @@ -25786,7 +32544,7 @@ const getRuntimeConfig = (config) => { }, ], logger: config?.logger ?? new smithy_client_1.NoOpLogger(), - serviceId: config?.serviceId ?? "SSO OIDC", + serviceId: config?.serviceId ?? "SSO", urlParser: config?.urlParser ?? url_parser_1.parseUrl, utf8Decoder: config?.utf8Decoder ?? util_utf8_1.fromUtf8, utf8Encoder: config?.utf8Encoder ?? util_utf8_1.toUtf8, @@ -25797,17 +32555,17 @@ exports.getRuntimeConfig = getRuntimeConfig; /***/ }), -/***/ 4113: +/***/ 4195: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; Object.defineProperty(exports, "__esModule", ({ value: true })); exports.STSClient = exports.__Client = void 0; -const middleware_host_header_1 = __nccwpck_require__(2545); -const middleware_logger_1 = __nccwpck_require__(14); -const middleware_recursion_detection_1 = __nccwpck_require__(5525); -const middleware_user_agent_1 = __nccwpck_require__(3030); +const middleware_host_header_1 = __nccwpck_require__(9514); +const middleware_logger_1 = __nccwpck_require__(5675); +const middleware_recursion_detection_1 = __nccwpck_require__(7977); +const middleware_user_agent_1 = __nccwpck_require__(6634); const config_resolver_1 = __nccwpck_require__(3098); const core_1 = __nccwpck_require__(5829); const middleware_content_length_1 = __nccwpck_require__(2800); @@ -25815,10 +32573,10 @@ const middleware_endpoint_1 = __nccwpck_require__(2918); const middleware_retry_1 = __nccwpck_require__(6039); const smithy_client_1 = __nccwpck_require__(3570); Object.defineProperty(exports, "__Client", ({ enumerable: true, get: function () { return smithy_client_1.Client; } })); -const httpAuthSchemeProvider_1 = __nccwpck_require__(5569); -const EndpointParameters_1 = __nccwpck_require__(3207); -const runtimeConfig_1 = __nccwpck_require__(2719); -const runtimeExtensions_1 = __nccwpck_require__(9660); +const httpAuthSchemeProvider_1 = __nccwpck_require__(7145); +const EndpointParameters_1 = __nccwpck_require__(510); +const runtimeConfig_1 = __nccwpck_require__(3405); +const runtimeExtensions_1 = __nccwpck_require__(2053); class STSClient extends smithy_client_1.Client { config; constructor(...[configuration]) { @@ -25857,7 +32615,7 @@ exports.STSClient = STSClient; /***/ }), -/***/ 2995: +/***/ 8527: /***/ ((__unused_webpack_module, exports) => { "use strict"; @@ -25908,16 +32666,16 @@ exports.resolveHttpAuthRuntimeConfig = resolveHttpAuthRuntimeConfig; /***/ }), -/***/ 5569: +/***/ 7145: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; Object.defineProperty(exports, "__esModule", ({ value: true })); exports.resolveHttpAuthSchemeConfig = exports.resolveStsAuthConfig = exports.defaultSTSHttpAuthSchemeProvider = exports.defaultSTSHttpAuthSchemeParametersProvider = void 0; -const core_1 = __nccwpck_require__(9963); +const core_1 = __nccwpck_require__(2143); const util_middleware_1 = __nccwpck_require__(2390); -const STSClient_1 = __nccwpck_require__(4113); +const STSClient_1 = __nccwpck_require__(4195); const defaultSTSHttpAuthSchemeParametersProvider = async (config, context, input) => { return { operation: (0, util_middleware_1.getSmithyContext)(context).operation, @@ -25951,6 +32709,10 @@ function createSmithyApiNoAuthHttpAuthOption(authParameters) { const defaultSTSHttpAuthSchemeProvider = (authParameters) => { const options = []; switch (authParameters.operation) { + case "AssumeRoleWithSAML": { + options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); + break; + } case "AssumeRoleWithWebIdentity": { options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); break; @@ -25978,7 +32740,7 @@ exports.resolveHttpAuthSchemeConfig = resolveHttpAuthSchemeConfig; /***/ }), -/***/ 3207: +/***/ 510: /***/ ((__unused_webpack_module, exports) => { "use strict"; @@ -26005,16 +32767,16 @@ exports.commonParams = { /***/ }), -/***/ 2282: +/***/ 1203: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; Object.defineProperty(exports, "__esModule", ({ value: true })); exports.defaultEndpointResolver = void 0; -const util_endpoints_1 = __nccwpck_require__(1256); +const util_endpoints_1 = __nccwpck_require__(4241); const util_endpoints_2 = __nccwpck_require__(5473); -const ruleset_1 = __nccwpck_require__(505); +const ruleset_1 = __nccwpck_require__(6882); const cache = new util_endpoints_2.EndpointCache({ size: 50, params: ["Endpoint", "Region", "UseDualStack", "UseFIPS", "UseGlobalEndpoint"], @@ -26031,7 +32793,7 @@ util_endpoints_2.customEndpointFunctions.aws = util_endpoints_1.awsEndpointFunct /***/ }), -/***/ 505: +/***/ 6882: /***/ ((__unused_webpack_module, exports) => { "use strict"; @@ -26046,7 +32808,7 @@ exports.ruleSet = _data; /***/ }), -/***/ 3715: +/***/ 2209: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; @@ -26071,19 +32833,32 @@ var __copyProps = (to, from, except, desc) => { var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default")); var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -// src/submodules/sts/index.ts +// src/index.ts var index_exports = {}; __export(index_exports, { AssumeRoleCommand: () => AssumeRoleCommand, AssumeRoleResponseFilterSensitiveLog: () => AssumeRoleResponseFilterSensitiveLog, + AssumeRoleWithSAMLCommand: () => AssumeRoleWithSAMLCommand, + AssumeRoleWithSAMLRequestFilterSensitiveLog: () => AssumeRoleWithSAMLRequestFilterSensitiveLog, + AssumeRoleWithSAMLResponseFilterSensitiveLog: () => AssumeRoleWithSAMLResponseFilterSensitiveLog, AssumeRoleWithWebIdentityCommand: () => AssumeRoleWithWebIdentityCommand, AssumeRoleWithWebIdentityRequestFilterSensitiveLog: () => AssumeRoleWithWebIdentityRequestFilterSensitiveLog, AssumeRoleWithWebIdentityResponseFilterSensitiveLog: () => AssumeRoleWithWebIdentityResponseFilterSensitiveLog, - ClientInputEndpointParameters: () => import_EndpointParameters3.ClientInputEndpointParameters, + AssumeRootCommand: () => AssumeRootCommand, + AssumeRootResponseFilterSensitiveLog: () => AssumeRootResponseFilterSensitiveLog, + ClientInputEndpointParameters: () => import_EndpointParameters10.ClientInputEndpointParameters, CredentialsFilterSensitiveLog: () => CredentialsFilterSensitiveLog, + DecodeAuthorizationMessageCommand: () => DecodeAuthorizationMessageCommand, ExpiredTokenException: () => ExpiredTokenException, + GetAccessKeyInfoCommand: () => GetAccessKeyInfoCommand, + GetCallerIdentityCommand: () => GetCallerIdentityCommand, + GetFederationTokenCommand: () => GetFederationTokenCommand, + GetFederationTokenResponseFilterSensitiveLog: () => GetFederationTokenResponseFilterSensitiveLog, + GetSessionTokenCommand: () => GetSessionTokenCommand, + GetSessionTokenResponseFilterSensitiveLog: () => GetSessionTokenResponseFilterSensitiveLog, IDPCommunicationErrorException: () => IDPCommunicationErrorException, IDPRejectedClaimException: () => IDPRejectedClaimException, + InvalidAuthorizationMessageException: () => InvalidAuthorizationMessageException, InvalidIdentityTokenException: () => InvalidIdentityTokenException, MalformedPolicyDocumentException: () => MalformedPolicyDocumentException, PackedPolicyTooLargeException: () => PackedPolicyTooLargeException, @@ -26095,21 +32870,21 @@ __export(index_exports, { getDefaultRoleAssumerWithWebIdentity: () => getDefaultRoleAssumerWithWebIdentity2 }); module.exports = __toCommonJS(index_exports); -__reExport(index_exports, __nccwpck_require__(4113), module.exports); +__reExport(index_exports, __nccwpck_require__(4195), module.exports); -// src/submodules/sts/STS.ts -var import_smithy_client6 = __nccwpck_require__(3570); +// src/STS.ts -// src/submodules/sts/commands/AssumeRoleCommand.ts + +// src/commands/AssumeRoleCommand.ts var import_middleware_endpoint = __nccwpck_require__(2918); var import_middleware_serde = __nccwpck_require__(1238); -var import_smithy_client4 = __nccwpck_require__(3570); -var import_EndpointParameters = __nccwpck_require__(3207); -// src/submodules/sts/models/models_0.ts -var import_smithy_client2 = __nccwpck_require__(3570); +var import_EndpointParameters = __nccwpck_require__(510); -// src/submodules/sts/models/STSServiceException.ts +// src/models/models_0.ts + + +// src/models/STSServiceException.ts var import_smithy_client = __nccwpck_require__(3570); var STSServiceException = class _STSServiceException extends import_smithy_client.ServiceException { static { @@ -26124,15 +32899,7 @@ var STSServiceException = class _STSServiceException extends import_smithy_clien } }; -// src/submodules/sts/models/models_0.ts -var CredentialsFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.SecretAccessKey && { SecretAccessKey: import_smithy_client2.SENSITIVE_STRING } -}), "CredentialsFilterSensitiveLog"); -var AssumeRoleResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) } -}), "AssumeRoleResponseFilterSensitiveLog"); +// src/models/models_0.ts var ExpiredTokenException = class _ExpiredTokenException extends STSServiceException { static { __name(this, "ExpiredTokenException"); @@ -26225,53 +32992,99 @@ var IDPRejectedClaimException = class _IDPRejectedClaimException extends STSServ }; var InvalidIdentityTokenException = class _InvalidIdentityTokenException extends STSServiceException { static { - __name(this, "InvalidIdentityTokenException"); + __name(this, "InvalidIdentityTokenException"); + } + name = "InvalidIdentityTokenException"; + $fault = "client"; + /** + * @internal + */ + constructor(opts) { + super({ + name: "InvalidIdentityTokenException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _InvalidIdentityTokenException.prototype); + } +}; +var IDPCommunicationErrorException = class _IDPCommunicationErrorException extends STSServiceException { + static { + __name(this, "IDPCommunicationErrorException"); + } + name = "IDPCommunicationErrorException"; + $fault = "client"; + /** + * @internal + */ + constructor(opts) { + super({ + name: "IDPCommunicationErrorException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _IDPCommunicationErrorException.prototype); + } +}; +var InvalidAuthorizationMessageException = class _InvalidAuthorizationMessageException extends STSServiceException { + static { + __name(this, "InvalidAuthorizationMessageException"); } - name = "InvalidIdentityTokenException"; + name = "InvalidAuthorizationMessageException"; $fault = "client"; /** * @internal */ constructor(opts) { super({ - name: "InvalidIdentityTokenException", + name: "InvalidAuthorizationMessageException", $fault: "client", ...opts }); - Object.setPrototypeOf(this, _InvalidIdentityTokenException.prototype); + Object.setPrototypeOf(this, _InvalidAuthorizationMessageException.prototype); } }; +var CredentialsFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.SecretAccessKey && { SecretAccessKey: import_smithy_client.SENSITIVE_STRING } +}), "CredentialsFilterSensitiveLog"); +var AssumeRoleResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) } +}), "AssumeRoleResponseFilterSensitiveLog"); +var AssumeRoleWithSAMLRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.SAMLAssertion && { SAMLAssertion: import_smithy_client.SENSITIVE_STRING } +}), "AssumeRoleWithSAMLRequestFilterSensitiveLog"); +var AssumeRoleWithSAMLResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) } +}), "AssumeRoleWithSAMLResponseFilterSensitiveLog"); var AssumeRoleWithWebIdentityRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ ...obj, - ...obj.WebIdentityToken && { WebIdentityToken: import_smithy_client2.SENSITIVE_STRING } + ...obj.WebIdentityToken && { WebIdentityToken: import_smithy_client.SENSITIVE_STRING } }), "AssumeRoleWithWebIdentityRequestFilterSensitiveLog"); var AssumeRoleWithWebIdentityResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ ...obj, ...obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) } }), "AssumeRoleWithWebIdentityResponseFilterSensitiveLog"); -var IDPCommunicationErrorException = class _IDPCommunicationErrorException extends STSServiceException { - static { - __name(this, "IDPCommunicationErrorException"); - } - name = "IDPCommunicationErrorException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "IDPCommunicationErrorException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _IDPCommunicationErrorException.prototype); - } -}; +var AssumeRootResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) } +}), "AssumeRootResponseFilterSensitiveLog"); +var GetFederationTokenResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) } +}), "GetFederationTokenResponseFilterSensitiveLog"); +var GetSessionTokenResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) } +}), "GetSessionTokenResponseFilterSensitiveLog"); -// src/submodules/sts/protocols/Aws_query.ts -var import_core = __nccwpck_require__(9963); +// src/protocols/Aws_query.ts +var import_core = __nccwpck_require__(2143); var import_protocol_http = __nccwpck_require__(4418); -var import_smithy_client3 = __nccwpck_require__(3570); + var se_AssumeRoleCommand = /* @__PURE__ */ __name(async (input, context) => { const headers = SHARED_HEADERS; let body; @@ -26282,6 +33095,16 @@ var se_AssumeRoleCommand = /* @__PURE__ */ __name(async (input, context) => { }); return buildHttpRpcRequest(context, headers, "/", void 0, body); }, "se_AssumeRoleCommand"); +var se_AssumeRoleWithSAMLCommand = /* @__PURE__ */ __name(async (input, context) => { + const headers = SHARED_HEADERS; + let body; + body = buildFormUrlencodedString({ + ...se_AssumeRoleWithSAMLRequest(input, context), + [_A]: _ARWSAML, + [_V]: _ + }); + return buildHttpRpcRequest(context, headers, "/", void 0, body); +}, "se_AssumeRoleWithSAMLCommand"); var se_AssumeRoleWithWebIdentityCommand = /* @__PURE__ */ __name(async (input, context) => { const headers = SHARED_HEADERS; let body; @@ -26292,6 +33115,66 @@ var se_AssumeRoleWithWebIdentityCommand = /* @__PURE__ */ __name(async (input, c }); return buildHttpRpcRequest(context, headers, "/", void 0, body); }, "se_AssumeRoleWithWebIdentityCommand"); +var se_AssumeRootCommand = /* @__PURE__ */ __name(async (input, context) => { + const headers = SHARED_HEADERS; + let body; + body = buildFormUrlencodedString({ + ...se_AssumeRootRequest(input, context), + [_A]: _ARs, + [_V]: _ + }); + return buildHttpRpcRequest(context, headers, "/", void 0, body); +}, "se_AssumeRootCommand"); +var se_DecodeAuthorizationMessageCommand = /* @__PURE__ */ __name(async (input, context) => { + const headers = SHARED_HEADERS; + let body; + body = buildFormUrlencodedString({ + ...se_DecodeAuthorizationMessageRequest(input, context), + [_A]: _DAM, + [_V]: _ + }); + return buildHttpRpcRequest(context, headers, "/", void 0, body); +}, "se_DecodeAuthorizationMessageCommand"); +var se_GetAccessKeyInfoCommand = /* @__PURE__ */ __name(async (input, context) => { + const headers = SHARED_HEADERS; + let body; + body = buildFormUrlencodedString({ + ...se_GetAccessKeyInfoRequest(input, context), + [_A]: _GAKI, + [_V]: _ + }); + return buildHttpRpcRequest(context, headers, "/", void 0, body); +}, "se_GetAccessKeyInfoCommand"); +var se_GetCallerIdentityCommand = /* @__PURE__ */ __name(async (input, context) => { + const headers = SHARED_HEADERS; + let body; + body = buildFormUrlencodedString({ + ...se_GetCallerIdentityRequest(input, context), + [_A]: _GCI, + [_V]: _ + }); + return buildHttpRpcRequest(context, headers, "/", void 0, body); +}, "se_GetCallerIdentityCommand"); +var se_GetFederationTokenCommand = /* @__PURE__ */ __name(async (input, context) => { + const headers = SHARED_HEADERS; + let body; + body = buildFormUrlencodedString({ + ...se_GetFederationTokenRequest(input, context), + [_A]: _GFT, + [_V]: _ + }); + return buildHttpRpcRequest(context, headers, "/", void 0, body); +}, "se_GetFederationTokenCommand"); +var se_GetSessionTokenCommand = /* @__PURE__ */ __name(async (input, context) => { + const headers = SHARED_HEADERS; + let body; + body = buildFormUrlencodedString({ + ...se_GetSessionTokenRequest(input, context), + [_A]: _GST, + [_V]: _ + }); + return buildHttpRpcRequest(context, headers, "/", void 0, body); +}, "se_GetSessionTokenCommand"); var de_AssumeRoleCommand = /* @__PURE__ */ __name(async (output, context) => { if (output.statusCode >= 300) { return de_CommandError(output, context); @@ -26305,6 +33188,19 @@ var de_AssumeRoleCommand = /* @__PURE__ */ __name(async (output, context) => { }; return response; }, "de_AssumeRoleCommand"); +var de_AssumeRoleWithSAMLCommand = /* @__PURE__ */ __name(async (output, context) => { + if (output.statusCode >= 300) { + return de_CommandError(output, context); + } + const data = await (0, import_core.parseXmlBody)(output.body, context); + let contents = {}; + contents = de_AssumeRoleWithSAMLResponse(data.AssumeRoleWithSAMLResult, context); + const response = { + $metadata: deserializeMetadata(output), + ...contents + }; + return response; +}, "de_AssumeRoleWithSAMLCommand"); var de_AssumeRoleWithWebIdentityCommand = /* @__PURE__ */ __name(async (output, context) => { if (output.statusCode >= 300) { return de_CommandError(output, context); @@ -26318,6 +33214,84 @@ var de_AssumeRoleWithWebIdentityCommand = /* @__PURE__ */ __name(async (output, }; return response; }, "de_AssumeRoleWithWebIdentityCommand"); +var de_AssumeRootCommand = /* @__PURE__ */ __name(async (output, context) => { + if (output.statusCode >= 300) { + return de_CommandError(output, context); + } + const data = await (0, import_core.parseXmlBody)(output.body, context); + let contents = {}; + contents = de_AssumeRootResponse(data.AssumeRootResult, context); + const response = { + $metadata: deserializeMetadata(output), + ...contents + }; + return response; +}, "de_AssumeRootCommand"); +var de_DecodeAuthorizationMessageCommand = /* @__PURE__ */ __name(async (output, context) => { + if (output.statusCode >= 300) { + return de_CommandError(output, context); + } + const data = await (0, import_core.parseXmlBody)(output.body, context); + let contents = {}; + contents = de_DecodeAuthorizationMessageResponse(data.DecodeAuthorizationMessageResult, context); + const response = { + $metadata: deserializeMetadata(output), + ...contents + }; + return response; +}, "de_DecodeAuthorizationMessageCommand"); +var de_GetAccessKeyInfoCommand = /* @__PURE__ */ __name(async (output, context) => { + if (output.statusCode >= 300) { + return de_CommandError(output, context); + } + const data = await (0, import_core.parseXmlBody)(output.body, context); + let contents = {}; + contents = de_GetAccessKeyInfoResponse(data.GetAccessKeyInfoResult, context); + const response = { + $metadata: deserializeMetadata(output), + ...contents + }; + return response; +}, "de_GetAccessKeyInfoCommand"); +var de_GetCallerIdentityCommand = /* @__PURE__ */ __name(async (output, context) => { + if (output.statusCode >= 300) { + return de_CommandError(output, context); + } + const data = await (0, import_core.parseXmlBody)(output.body, context); + let contents = {}; + contents = de_GetCallerIdentityResponse(data.GetCallerIdentityResult, context); + const response = { + $metadata: deserializeMetadata(output), + ...contents + }; + return response; +}, "de_GetCallerIdentityCommand"); +var de_GetFederationTokenCommand = /* @__PURE__ */ __name(async (output, context) => { + if (output.statusCode >= 300) { + return de_CommandError(output, context); + } + const data = await (0, import_core.parseXmlBody)(output.body, context); + let contents = {}; + contents = de_GetFederationTokenResponse(data.GetFederationTokenResult, context); + const response = { + $metadata: deserializeMetadata(output), + ...contents + }; + return response; +}, "de_GetFederationTokenCommand"); +var de_GetSessionTokenCommand = /* @__PURE__ */ __name(async (output, context) => { + if (output.statusCode >= 300) { + return de_CommandError(output, context); + } + const data = await (0, import_core.parseXmlBody)(output.body, context); + let contents = {}; + contents = de_GetSessionTokenResponse(data.GetSessionTokenResult, context); + const response = { + $metadata: deserializeMetadata(output), + ...contents + }; + return response; +}, "de_GetSessionTokenCommand"); var de_CommandError = /* @__PURE__ */ __name(async (output, context) => { const parsedOutput = { ...output, @@ -26337,15 +33311,18 @@ var de_CommandError = /* @__PURE__ */ __name(async (output, context) => { case "RegionDisabledException": case "com.amazonaws.sts#RegionDisabledException": throw await de_RegionDisabledExceptionRes(parsedOutput, context); - case "IDPCommunicationError": - case "com.amazonaws.sts#IDPCommunicationErrorException": - throw await de_IDPCommunicationErrorExceptionRes(parsedOutput, context); case "IDPRejectedClaim": case "com.amazonaws.sts#IDPRejectedClaimException": throw await de_IDPRejectedClaimExceptionRes(parsedOutput, context); case "InvalidIdentityToken": case "com.amazonaws.sts#InvalidIdentityTokenException": throw await de_InvalidIdentityTokenExceptionRes(parsedOutput, context); + case "IDPCommunicationError": + case "com.amazonaws.sts#IDPCommunicationErrorException": + throw await de_IDPCommunicationErrorExceptionRes(parsedOutput, context); + case "InvalidAuthorizationMessageException": + case "com.amazonaws.sts#InvalidAuthorizationMessageException": + throw await de_InvalidAuthorizationMessageExceptionRes(parsedOutput, context); default: const parsedBody = parsedOutput.body; return throwDefaultError({ @@ -26362,7 +33339,7 @@ var de_ExpiredTokenExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, co $metadata: deserializeMetadata(parsedOutput), ...deserialized }); - return (0, import_smithy_client3.decorateServiceException)(exception, body); + return (0, import_smithy_client.decorateServiceException)(exception, body); }, "de_ExpiredTokenExceptionRes"); var de_IDPCommunicationErrorExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { const body = parsedOutput.body; @@ -26371,7 +33348,7 @@ var de_IDPCommunicationErrorExceptionRes = /* @__PURE__ */ __name(async (parsedO $metadata: deserializeMetadata(parsedOutput), ...deserialized }); - return (0, import_smithy_client3.decorateServiceException)(exception, body); + return (0, import_smithy_client.decorateServiceException)(exception, body); }, "de_IDPCommunicationErrorExceptionRes"); var de_IDPRejectedClaimExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { const body = parsedOutput.body; @@ -26380,8 +33357,17 @@ var de_IDPRejectedClaimExceptionRes = /* @__PURE__ */ __name(async (parsedOutput $metadata: deserializeMetadata(parsedOutput), ...deserialized }); - return (0, import_smithy_client3.decorateServiceException)(exception, body); + return (0, import_smithy_client.decorateServiceException)(exception, body); }, "de_IDPRejectedClaimExceptionRes"); +var de_InvalidAuthorizationMessageExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const body = parsedOutput.body; + const deserialized = de_InvalidAuthorizationMessageException(body.Error, context); + const exception = new InvalidAuthorizationMessageException({ + $metadata: deserializeMetadata(parsedOutput), + ...deserialized + }); + return (0, import_smithy_client.decorateServiceException)(exception, body); +}, "de_InvalidAuthorizationMessageExceptionRes"); var de_InvalidIdentityTokenExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { const body = parsedOutput.body; const deserialized = de_InvalidIdentityTokenException(body.Error, context); @@ -26389,7 +33375,7 @@ var de_InvalidIdentityTokenExceptionRes = /* @__PURE__ */ __name(async (parsedOu $metadata: deserializeMetadata(parsedOutput), ...deserialized }); - return (0, import_smithy_client3.decorateServiceException)(exception, body); + return (0, import_smithy_client.decorateServiceException)(exception, body); }, "de_InvalidIdentityTokenExceptionRes"); var de_MalformedPolicyDocumentExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { const body = parsedOutput.body; @@ -26398,7 +33384,7 @@ var de_MalformedPolicyDocumentExceptionRes = /* @__PURE__ */ __name(async (parse $metadata: deserializeMetadata(parsedOutput), ...deserialized }); - return (0, import_smithy_client3.decorateServiceException)(exception, body); + return (0, import_smithy_client.decorateServiceException)(exception, body); }, "de_MalformedPolicyDocumentExceptionRes"); var de_PackedPolicyTooLargeExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { const body = parsedOutput.body; @@ -26407,7 +33393,7 @@ var de_PackedPolicyTooLargeExceptionRes = /* @__PURE__ */ __name(async (parsedOu $metadata: deserializeMetadata(parsedOutput), ...deserialized }); - return (0, import_smithy_client3.decorateServiceException)(exception, body); + return (0, import_smithy_client.decorateServiceException)(exception, body); }, "de_PackedPolicyTooLargeExceptionRes"); var de_RegionDisabledExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { const body = parsedOutput.body; @@ -26416,7 +33402,7 @@ var de_RegionDisabledExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, $metadata: deserializeMetadata(parsedOutput), ...deserialized }); - return (0, import_smithy_client3.decorateServiceException)(exception, body); + return (0, import_smithy_client.decorateServiceException)(exception, body); }, "de_RegionDisabledExceptionRes"); var se_AssumeRoleRequest = /* @__PURE__ */ __name((input, context) => { const entries = {}; @@ -26486,6 +33472,35 @@ var se_AssumeRoleRequest = /* @__PURE__ */ __name((input, context) => { } return entries; }, "se_AssumeRoleRequest"); +var se_AssumeRoleWithSAMLRequest = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + if (input[_RA] != null) { + entries[_RA] = input[_RA]; + } + if (input[_PAr] != null) { + entries[_PAr] = input[_PAr]; + } + if (input[_SAMLA] != null) { + entries[_SAMLA] = input[_SAMLA]; + } + if (input[_PA] != null) { + const memberEntries = se_policyDescriptorListType(input[_PA], context); + if (input[_PA]?.length === 0) { + entries.PolicyArns = []; + } + Object.entries(memberEntries).forEach(([key, value]) => { + const loc = `PolicyArns.${key}`; + entries[loc] = value; + }); + } + if (input[_P] != null) { + entries[_P] = input[_P]; + } + if (input[_DS] != null) { + entries[_DS] = input[_DS]; + } + return entries; +}, "se_AssumeRoleWithSAMLRequest"); var se_AssumeRoleWithWebIdentityRequest = /* @__PURE__ */ __name((input, context) => { const entries = {}; if (input[_RA] != null) { @@ -26518,6 +33533,87 @@ var se_AssumeRoleWithWebIdentityRequest = /* @__PURE__ */ __name((input, context } return entries; }, "se_AssumeRoleWithWebIdentityRequest"); +var se_AssumeRootRequest = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + if (input[_TP] != null) { + entries[_TP] = input[_TP]; + } + if (input[_TPA] != null) { + const memberEntries = se_PolicyDescriptorType(input[_TPA], context); + Object.entries(memberEntries).forEach(([key, value]) => { + const loc = `TaskPolicyArn.${key}`; + entries[loc] = value; + }); + } + if (input[_DS] != null) { + entries[_DS] = input[_DS]; + } + return entries; +}, "se_AssumeRootRequest"); +var se_DecodeAuthorizationMessageRequest = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + if (input[_EM] != null) { + entries[_EM] = input[_EM]; + } + return entries; +}, "se_DecodeAuthorizationMessageRequest"); +var se_GetAccessKeyInfoRequest = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + if (input[_AKI] != null) { + entries[_AKI] = input[_AKI]; + } + return entries; +}, "se_GetAccessKeyInfoRequest"); +var se_GetCallerIdentityRequest = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + return entries; +}, "se_GetCallerIdentityRequest"); +var se_GetFederationTokenRequest = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + if (input[_N] != null) { + entries[_N] = input[_N]; + } + if (input[_P] != null) { + entries[_P] = input[_P]; + } + if (input[_PA] != null) { + const memberEntries = se_policyDescriptorListType(input[_PA], context); + if (input[_PA]?.length === 0) { + entries.PolicyArns = []; + } + Object.entries(memberEntries).forEach(([key, value]) => { + const loc = `PolicyArns.${key}`; + entries[loc] = value; + }); + } + if (input[_DS] != null) { + entries[_DS] = input[_DS]; + } + if (input[_T] != null) { + const memberEntries = se_tagListType(input[_T], context); + if (input[_T]?.length === 0) { + entries.Tags = []; + } + Object.entries(memberEntries).forEach(([key, value]) => { + const loc = `Tags.${key}`; + entries[loc] = value; + }); + } + return entries; +}, "se_GetFederationTokenRequest"); +var se_GetSessionTokenRequest = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + if (input[_DS] != null) { + entries[_DS] = input[_DS]; + } + if (input[_SN] != null) { + entries[_SN] = input[_SN]; + } + if (input[_TC] != null) { + entries[_TC] = input[_TC]; + } + return entries; +}, "se_GetSessionTokenRequest"); var se_policyDescriptorListType = /* @__PURE__ */ __name((input, context) => { const entries = {}; let counter = 1; @@ -26542,8 +33638,8 @@ var se_PolicyDescriptorType = /* @__PURE__ */ __name((input, context) => { }, "se_PolicyDescriptorType"); var se_ProvidedContext = /* @__PURE__ */ __name((input, context) => { const entries = {}; - if (input[_PAr] != null) { - entries[_PAr] = input[_PAr]; + if (input[_PAro] != null) { + entries[_PAro] = input[_PAro]; } if (input[_CA] != null) { entries[_CA] = input[_CA]; @@ -26605,10 +33701,10 @@ var se_tagListType = /* @__PURE__ */ __name((input, context) => { var de_AssumedRoleUser = /* @__PURE__ */ __name((output, context) => { const contents = {}; if (output[_ARI] != null) { - contents[_ARI] = (0, import_smithy_client3.expectString)(output[_ARI]); + contents[_ARI] = (0, import_smithy_client.expectString)(output[_ARI]); } if (output[_Ar] != null) { - contents[_Ar] = (0, import_smithy_client3.expectString)(output[_Ar]); + contents[_Ar] = (0, import_smithy_client.expectString)(output[_Ar]); } return contents; }, "de_AssumedRoleUser"); @@ -26621,100 +33717,205 @@ var de_AssumeRoleResponse = /* @__PURE__ */ __name((output, context) => { contents[_ARU] = de_AssumedRoleUser(output[_ARU], context); } if (output[_PPS] != null) { - contents[_PPS] = (0, import_smithy_client3.strictParseInt32)(output[_PPS]); + contents[_PPS] = (0, import_smithy_client.strictParseInt32)(output[_PPS]); } if (output[_SI] != null) { - contents[_SI] = (0, import_smithy_client3.expectString)(output[_SI]); + contents[_SI] = (0, import_smithy_client.expectString)(output[_SI]); } return contents; }, "de_AssumeRoleResponse"); +var de_AssumeRoleWithSAMLResponse = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_C] != null) { + contents[_C] = de_Credentials(output[_C], context); + } + if (output[_ARU] != null) { + contents[_ARU] = de_AssumedRoleUser(output[_ARU], context); + } + if (output[_PPS] != null) { + contents[_PPS] = (0, import_smithy_client.strictParseInt32)(output[_PPS]); + } + if (output[_S] != null) { + contents[_S] = (0, import_smithy_client.expectString)(output[_S]); + } + if (output[_ST] != null) { + contents[_ST] = (0, import_smithy_client.expectString)(output[_ST]); + } + if (output[_I] != null) { + contents[_I] = (0, import_smithy_client.expectString)(output[_I]); + } + if (output[_Au] != null) { + contents[_Au] = (0, import_smithy_client.expectString)(output[_Au]); + } + if (output[_NQ] != null) { + contents[_NQ] = (0, import_smithy_client.expectString)(output[_NQ]); + } + if (output[_SI] != null) { + contents[_SI] = (0, import_smithy_client.expectString)(output[_SI]); + } + return contents; +}, "de_AssumeRoleWithSAMLResponse"); var de_AssumeRoleWithWebIdentityResponse = /* @__PURE__ */ __name((output, context) => { const contents = {}; if (output[_C] != null) { contents[_C] = de_Credentials(output[_C], context); } if (output[_SFWIT] != null) { - contents[_SFWIT] = (0, import_smithy_client3.expectString)(output[_SFWIT]); + contents[_SFWIT] = (0, import_smithy_client.expectString)(output[_SFWIT]); } if (output[_ARU] != null) { contents[_ARU] = de_AssumedRoleUser(output[_ARU], context); } if (output[_PPS] != null) { - contents[_PPS] = (0, import_smithy_client3.strictParseInt32)(output[_PPS]); + contents[_PPS] = (0, import_smithy_client.strictParseInt32)(output[_PPS]); } if (output[_Pr] != null) { - contents[_Pr] = (0, import_smithy_client3.expectString)(output[_Pr]); + contents[_Pr] = (0, import_smithy_client.expectString)(output[_Pr]); } if (output[_Au] != null) { - contents[_Au] = (0, import_smithy_client3.expectString)(output[_Au]); + contents[_Au] = (0, import_smithy_client.expectString)(output[_Au]); } if (output[_SI] != null) { - contents[_SI] = (0, import_smithy_client3.expectString)(output[_SI]); + contents[_SI] = (0, import_smithy_client.expectString)(output[_SI]); } return contents; }, "de_AssumeRoleWithWebIdentityResponse"); +var de_AssumeRootResponse = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_C] != null) { + contents[_C] = de_Credentials(output[_C], context); + } + if (output[_SI] != null) { + contents[_SI] = (0, import_smithy_client.expectString)(output[_SI]); + } + return contents; +}, "de_AssumeRootResponse"); var de_Credentials = /* @__PURE__ */ __name((output, context) => { const contents = {}; if (output[_AKI] != null) { - contents[_AKI] = (0, import_smithy_client3.expectString)(output[_AKI]); + contents[_AKI] = (0, import_smithy_client.expectString)(output[_AKI]); } if (output[_SAK] != null) { - contents[_SAK] = (0, import_smithy_client3.expectString)(output[_SAK]); + contents[_SAK] = (0, import_smithy_client.expectString)(output[_SAK]); } - if (output[_ST] != null) { - contents[_ST] = (0, import_smithy_client3.expectString)(output[_ST]); + if (output[_STe] != null) { + contents[_STe] = (0, import_smithy_client.expectString)(output[_STe]); } if (output[_E] != null) { - contents[_E] = (0, import_smithy_client3.expectNonNull)((0, import_smithy_client3.parseRfc3339DateTimeWithOffset)(output[_E])); + contents[_E] = (0, import_smithy_client.expectNonNull)((0, import_smithy_client.parseRfc3339DateTimeWithOffset)(output[_E])); } return contents; }, "de_Credentials"); +var de_DecodeAuthorizationMessageResponse = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_DM] != null) { + contents[_DM] = (0, import_smithy_client.expectString)(output[_DM]); + } + return contents; +}, "de_DecodeAuthorizationMessageResponse"); var de_ExpiredTokenException = /* @__PURE__ */ __name((output, context) => { const contents = {}; if (output[_m] != null) { - contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); + contents[_m] = (0, import_smithy_client.expectString)(output[_m]); } return contents; }, "de_ExpiredTokenException"); +var de_FederatedUser = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_FUI] != null) { + contents[_FUI] = (0, import_smithy_client.expectString)(output[_FUI]); + } + if (output[_Ar] != null) { + contents[_Ar] = (0, import_smithy_client.expectString)(output[_Ar]); + } + return contents; +}, "de_FederatedUser"); +var de_GetAccessKeyInfoResponse = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_Ac] != null) { + contents[_Ac] = (0, import_smithy_client.expectString)(output[_Ac]); + } + return contents; +}, "de_GetAccessKeyInfoResponse"); +var de_GetCallerIdentityResponse = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_UI] != null) { + contents[_UI] = (0, import_smithy_client.expectString)(output[_UI]); + } + if (output[_Ac] != null) { + contents[_Ac] = (0, import_smithy_client.expectString)(output[_Ac]); + } + if (output[_Ar] != null) { + contents[_Ar] = (0, import_smithy_client.expectString)(output[_Ar]); + } + return contents; +}, "de_GetCallerIdentityResponse"); +var de_GetFederationTokenResponse = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_C] != null) { + contents[_C] = de_Credentials(output[_C], context); + } + if (output[_FU] != null) { + contents[_FU] = de_FederatedUser(output[_FU], context); + } + if (output[_PPS] != null) { + contents[_PPS] = (0, import_smithy_client.strictParseInt32)(output[_PPS]); + } + return contents; +}, "de_GetFederationTokenResponse"); +var de_GetSessionTokenResponse = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_C] != null) { + contents[_C] = de_Credentials(output[_C], context); + } + return contents; +}, "de_GetSessionTokenResponse"); var de_IDPCommunicationErrorException = /* @__PURE__ */ __name((output, context) => { const contents = {}; if (output[_m] != null) { - contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); + contents[_m] = (0, import_smithy_client.expectString)(output[_m]); } return contents; }, "de_IDPCommunicationErrorException"); var de_IDPRejectedClaimException = /* @__PURE__ */ __name((output, context) => { const contents = {}; if (output[_m] != null) { - contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); + contents[_m] = (0, import_smithy_client.expectString)(output[_m]); } return contents; }, "de_IDPRejectedClaimException"); +var de_InvalidAuthorizationMessageException = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_m] != null) { + contents[_m] = (0, import_smithy_client.expectString)(output[_m]); + } + return contents; +}, "de_InvalidAuthorizationMessageException"); var de_InvalidIdentityTokenException = /* @__PURE__ */ __name((output, context) => { const contents = {}; if (output[_m] != null) { - contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); + contents[_m] = (0, import_smithy_client.expectString)(output[_m]); } return contents; }, "de_InvalidIdentityTokenException"); var de_MalformedPolicyDocumentException = /* @__PURE__ */ __name((output, context) => { const contents = {}; if (output[_m] != null) { - contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); + contents[_m] = (0, import_smithy_client.expectString)(output[_m]); } return contents; }, "de_MalformedPolicyDocumentException"); var de_PackedPolicyTooLargeException = /* @__PURE__ */ __name((output, context) => { const contents = {}; if (output[_m] != null) { - contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); + contents[_m] = (0, import_smithy_client.expectString)(output[_m]); } return contents; }, "de_PackedPolicyTooLargeException"); var de_RegionDisabledException = /* @__PURE__ */ __name((output, context) => { const contents = {}; if (output[_m] != null) { - contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); + contents[_m] = (0, import_smithy_client.expectString)(output[_m]); } return contents; }, "de_RegionDisabledException"); @@ -26724,7 +33925,7 @@ var deserializeMetadata = /* @__PURE__ */ __name((output) => ({ extendedRequestId: output.headers["x-amz-id-2"], cfId: output.headers["x-amz-cf-id"] }), "deserializeMetadata"); -var throwDefaultError = (0, import_smithy_client3.withBaseException)(STSServiceException); +var throwDefaultError = (0, import_smithy_client.withBaseException)(STSServiceException); var buildHttpRpcRequest = /* @__PURE__ */ __name(async (context, headers, path, resolvedHostname, body) => { const { hostname, protocol = "https", port, path: basePath } = await context.endpoint(); const contents = { @@ -26752,38 +33953,60 @@ var _AKI = "AccessKeyId"; var _AR = "AssumeRole"; var _ARI = "AssumedRoleId"; var _ARU = "AssumedRoleUser"; +var _ARWSAML = "AssumeRoleWithSAML"; var _ARWWI = "AssumeRoleWithWebIdentity"; +var _ARs = "AssumeRoot"; +var _Ac = "Account"; var _Ar = "Arn"; var _Au = "Audience"; var _C = "Credentials"; var _CA = "ContextAssertion"; +var _DAM = "DecodeAuthorizationMessage"; +var _DM = "DecodedMessage"; var _DS = "DurationSeconds"; var _E = "Expiration"; var _EI = "ExternalId"; +var _EM = "EncodedMessage"; +var _FU = "FederatedUser"; +var _FUI = "FederatedUserId"; +var _GAKI = "GetAccessKeyInfo"; +var _GCI = "GetCallerIdentity"; +var _GFT = "GetFederationToken"; +var _GST = "GetSessionToken"; +var _I = "Issuer"; var _K = "Key"; +var _N = "Name"; +var _NQ = "NameQualifier"; var _P = "Policy"; var _PA = "PolicyArns"; -var _PAr = "ProviderArn"; +var _PAr = "PrincipalArn"; +var _PAro = "ProviderArn"; var _PC = "ProvidedContexts"; var _PI = "ProviderId"; var _PPS = "PackedPolicySize"; var _Pr = "Provider"; var _RA = "RoleArn"; var _RSN = "RoleSessionName"; +var _S = "Subject"; var _SAK = "SecretAccessKey"; +var _SAMLA = "SAMLAssertion"; var _SFWIT = "SubjectFromWebIdentityToken"; var _SI = "SourceIdentity"; var _SN = "SerialNumber"; -var _ST = "SessionToken"; +var _ST = "SubjectType"; +var _STe = "SessionToken"; var _T = "Tags"; var _TC = "TokenCode"; +var _TP = "TargetPrincipal"; +var _TPA = "TaskPolicyArn"; var _TTK = "TransitiveTagKeys"; +var _UI = "UserId"; var _V = "Version"; var _Va = "Value"; var _WIT = "WebIdentityToken"; var _a = "arn"; var _m = "message"; -var buildFormUrlencodedString = /* @__PURE__ */ __name((formEntries) => Object.entries(formEntries).map(([key, value]) => (0, import_smithy_client3.extendedEncodeURIComponent)(key) + "=" + (0, import_smithy_client3.extendedEncodeURIComponent)(value)).join("&"), "buildFormUrlencodedString"); +var buildFormUrlencodedString = /* @__PURE__ */ __name((formEntries) => Object.entries(formEntries).map(([key, value]) => (0, import_smithy_client.extendedEncodeURIComponent)(key) + "=" + (0, import_smithy_client.extendedEncodeURIComponent)(value)).join("&"), "buildFormUrlencodedString"); var loadQueryErrorCode = /* @__PURE__ */ __name((output, data) => { if (data.Error?.Code !== void 0) { return data.Error.Code; @@ -26793,8 +34016,8 @@ var loadQueryErrorCode = /* @__PURE__ */ __name((output, data) => { } }, "loadQueryErrorCode"); -// src/submodules/sts/commands/AssumeRoleCommand.ts -var AssumeRoleCommand = class extends import_smithy_client4.Command.classBuilder().ep(import_EndpointParameters.commonParams).m(function(Command, cs, config, o) { +// src/commands/AssumeRoleCommand.ts +var AssumeRoleCommand = class extends import_smithy_client.Command.classBuilder().ep(import_EndpointParameters.commonParams).m(function(Command, cs, config, o) { return [ (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) @@ -26805,15 +34028,31 @@ var AssumeRoleCommand = class extends import_smithy_client4.Command.classBuilder } }; -// src/submodules/sts/commands/AssumeRoleWithWebIdentityCommand.ts -var import_middleware_endpoint2 = __nccwpck_require__(2918); -var import_middleware_serde2 = __nccwpck_require__(1238); -var import_smithy_client5 = __nccwpck_require__(3570); -var import_EndpointParameters2 = __nccwpck_require__(3207); -var AssumeRoleWithWebIdentityCommand = class extends import_smithy_client5.Command.classBuilder().ep(import_EndpointParameters2.commonParams).m(function(Command, cs, config, o) { +// src/commands/AssumeRoleWithSAMLCommand.ts + + + +var import_EndpointParameters2 = __nccwpck_require__(510); +var AssumeRoleWithSAMLCommand = class extends import_smithy_client.Command.classBuilder().ep(import_EndpointParameters2.commonParams).m(function(Command, cs, config, o) { return [ - (0, import_middleware_serde2.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint2.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) + (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), + (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) + ]; +}).s("AWSSecurityTokenServiceV20110615", "AssumeRoleWithSAML", {}).n("STSClient", "AssumeRoleWithSAMLCommand").f(AssumeRoleWithSAMLRequestFilterSensitiveLog, AssumeRoleWithSAMLResponseFilterSensitiveLog).ser(se_AssumeRoleWithSAMLCommand).de(de_AssumeRoleWithSAMLCommand).build() { + static { + __name(this, "AssumeRoleWithSAMLCommand"); + } +}; + +// src/commands/AssumeRoleWithWebIdentityCommand.ts + + + +var import_EndpointParameters3 = __nccwpck_require__(510); +var AssumeRoleWithWebIdentityCommand = class extends import_smithy_client.Command.classBuilder().ep(import_EndpointParameters3.commonParams).m(function(Command, cs, config, o) { + return [ + (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), + (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) ]; }).s("AWSSecurityTokenServiceV20110615", "AssumeRoleWithWebIdentity", {}).n("STSClient", "AssumeRoleWithWebIdentityCommand").f(AssumeRoleWithWebIdentityRequestFilterSensitiveLog, AssumeRoleWithWebIdentityResponseFilterSensitiveLog).ser(se_AssumeRoleWithWebIdentityCommand).de(de_AssumeRoleWithWebIdentityCommand).build() { static { @@ -26821,24 +34060,127 @@ var AssumeRoleWithWebIdentityCommand = class extends import_smithy_client5.Comma } }; -// src/submodules/sts/STS.ts -var import_STSClient = __nccwpck_require__(4113); +// src/commands/AssumeRootCommand.ts + + + +var import_EndpointParameters4 = __nccwpck_require__(510); +var AssumeRootCommand = class extends import_smithy_client.Command.classBuilder().ep(import_EndpointParameters4.commonParams).m(function(Command, cs, config, o) { + return [ + (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), + (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) + ]; +}).s("AWSSecurityTokenServiceV20110615", "AssumeRoot", {}).n("STSClient", "AssumeRootCommand").f(void 0, AssumeRootResponseFilterSensitiveLog).ser(se_AssumeRootCommand).de(de_AssumeRootCommand).build() { + static { + __name(this, "AssumeRootCommand"); + } +}; + +// src/commands/DecodeAuthorizationMessageCommand.ts + + + +var import_EndpointParameters5 = __nccwpck_require__(510); +var DecodeAuthorizationMessageCommand = class extends import_smithy_client.Command.classBuilder().ep(import_EndpointParameters5.commonParams).m(function(Command, cs, config, o) { + return [ + (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), + (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) + ]; +}).s("AWSSecurityTokenServiceV20110615", "DecodeAuthorizationMessage", {}).n("STSClient", "DecodeAuthorizationMessageCommand").f(void 0, void 0).ser(se_DecodeAuthorizationMessageCommand).de(de_DecodeAuthorizationMessageCommand).build() { + static { + __name(this, "DecodeAuthorizationMessageCommand"); + } +}; + +// src/commands/GetAccessKeyInfoCommand.ts + + + +var import_EndpointParameters6 = __nccwpck_require__(510); +var GetAccessKeyInfoCommand = class extends import_smithy_client.Command.classBuilder().ep(import_EndpointParameters6.commonParams).m(function(Command, cs, config, o) { + return [ + (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), + (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) + ]; +}).s("AWSSecurityTokenServiceV20110615", "GetAccessKeyInfo", {}).n("STSClient", "GetAccessKeyInfoCommand").f(void 0, void 0).ser(se_GetAccessKeyInfoCommand).de(de_GetAccessKeyInfoCommand).build() { + static { + __name(this, "GetAccessKeyInfoCommand"); + } +}; + +// src/commands/GetCallerIdentityCommand.ts + + + +var import_EndpointParameters7 = __nccwpck_require__(510); +var GetCallerIdentityCommand = class extends import_smithy_client.Command.classBuilder().ep(import_EndpointParameters7.commonParams).m(function(Command, cs, config, o) { + return [ + (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), + (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) + ]; +}).s("AWSSecurityTokenServiceV20110615", "GetCallerIdentity", {}).n("STSClient", "GetCallerIdentityCommand").f(void 0, void 0).ser(se_GetCallerIdentityCommand).de(de_GetCallerIdentityCommand).build() { + static { + __name(this, "GetCallerIdentityCommand"); + } +}; + +// src/commands/GetFederationTokenCommand.ts + + + +var import_EndpointParameters8 = __nccwpck_require__(510); +var GetFederationTokenCommand = class extends import_smithy_client.Command.classBuilder().ep(import_EndpointParameters8.commonParams).m(function(Command, cs, config, o) { + return [ + (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), + (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) + ]; +}).s("AWSSecurityTokenServiceV20110615", "GetFederationToken", {}).n("STSClient", "GetFederationTokenCommand").f(void 0, GetFederationTokenResponseFilterSensitiveLog).ser(se_GetFederationTokenCommand).de(de_GetFederationTokenCommand).build() { + static { + __name(this, "GetFederationTokenCommand"); + } +}; + +// src/commands/GetSessionTokenCommand.ts + + + +var import_EndpointParameters9 = __nccwpck_require__(510); +var GetSessionTokenCommand = class extends import_smithy_client.Command.classBuilder().ep(import_EndpointParameters9.commonParams).m(function(Command, cs, config, o) { + return [ + (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), + (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) + ]; +}).s("AWSSecurityTokenServiceV20110615", "GetSessionToken", {}).n("STSClient", "GetSessionTokenCommand").f(void 0, GetSessionTokenResponseFilterSensitiveLog).ser(se_GetSessionTokenCommand).de(de_GetSessionTokenCommand).build() { + static { + __name(this, "GetSessionTokenCommand"); + } +}; + +// src/STS.ts +var import_STSClient = __nccwpck_require__(4195); var commands = { AssumeRoleCommand, - AssumeRoleWithWebIdentityCommand + AssumeRoleWithSAMLCommand, + AssumeRoleWithWebIdentityCommand, + AssumeRootCommand, + DecodeAuthorizationMessageCommand, + GetAccessKeyInfoCommand, + GetCallerIdentityCommand, + GetFederationTokenCommand, + GetSessionTokenCommand }; var STS = class extends import_STSClient.STSClient { static { __name(this, "STS"); } }; -(0, import_smithy_client6.createAggregatedClient)(commands, STS); +(0, import_smithy_client.createAggregatedClient)(commands, STS); -// src/submodules/sts/index.ts -var import_EndpointParameters3 = __nccwpck_require__(3207); +// src/index.ts +var import_EndpointParameters10 = __nccwpck_require__(510); -// src/submodules/sts/defaultStsRoleAssumers.ts -var import_client = __nccwpck_require__(2825); +// src/defaultStsRoleAssumers.ts +var import_client = __nccwpck_require__(6510); var ASSUME_ROLE_DEFAULT_REGION = "us-east-1"; var getAccountIdFromAssumedRoleUser = /* @__PURE__ */ __name((assumedRoleUser) => { if (typeof assumedRoleUser?.Arn === "string") { @@ -26954,8 +34296,8 @@ var isH2 = /* @__PURE__ */ __name((requestHandler) => { return requestHandler?.metadata?.handlerProtocol === "h2"; }, "isH2"); -// src/submodules/sts/defaultRoleAssumers.ts -var import_STSClient2 = __nccwpck_require__(4113); +// src/defaultRoleAssumers.ts +var import_STSClient2 = __nccwpck_require__(4195); var getCustomizableStsClientCtor = /* @__PURE__ */ __name((baseCtor, customizations) => { if (!customizations) return baseCtor; else @@ -26979,12 +34321,14 @@ var decorateDefaultCredentialProvider = /* @__PURE__ */ __name((provider) => (in ...input }), "decorateDefaultCredentialProvider"); // Annotate the CommonJS export names for ESM import in node: + 0 && (0); + /***/ }), -/***/ 2719: +/***/ 3405: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; @@ -26992,9 +34336,10 @@ var decorateDefaultCredentialProvider = /* @__PURE__ */ __name((provider) => (in Object.defineProperty(exports, "__esModule", ({ value: true })); exports.getRuntimeConfig = void 0; const tslib_1 = __nccwpck_require__(4351); -const package_json_1 = tslib_1.__importDefault(__nccwpck_require__(3942)); -const core_1 = __nccwpck_require__(9963); -const util_user_agent_node_1 = __nccwpck_require__(5380); +const package_json_1 = tslib_1.__importDefault(__nccwpck_require__(7947)); +const core_1 = __nccwpck_require__(2143); +const credential_provider_node_1 = __nccwpck_require__(3196); +const util_user_agent_node_1 = __nccwpck_require__(7330); const config_resolver_1 = __nccwpck_require__(3098); const core_2 = __nccwpck_require__(5829); const hash_node_1 = __nccwpck_require__(3081); @@ -27003,7 +34348,7 @@ const node_config_provider_1 = __nccwpck_require__(3461); const node_http_handler_1 = __nccwpck_require__(258); const util_body_length_node_1 = __nccwpck_require__(8075); const util_retry_1 = __nccwpck_require__(4902); -const runtimeConfig_shared_1 = __nccwpck_require__(993); +const runtimeConfig_shared_1 = __nccwpck_require__(2642); const smithy_client_1 = __nccwpck_require__(3570); const util_defaults_mode_node_1 = __nccwpck_require__(2429); const smithy_client_2 = __nccwpck_require__(3570); @@ -27024,13 +34369,14 @@ const getRuntimeConfig = (config) => { defaultsMode, authSchemePreference: config?.authSchemePreference ?? (0, node_config_provider_1.loadConfig)(core_1.NODE_AUTH_SCHEME_PREFERENCE_OPTIONS, loaderConfig), bodyLengthChecker: config?.bodyLengthChecker ?? util_body_length_node_1.calculateBodyLength, + credentialDefaultProvider: config?.credentialDefaultProvider ?? credential_provider_node_1.defaultProvider, defaultUserAgentProvider: config?.defaultUserAgentProvider ?? (0, util_user_agent_node_1.createDefaultUserAgentProvider)({ serviceId: clientSharedValues.serviceId, clientVersion: package_json_1.default.version }), httpAuthSchemes: config?.httpAuthSchemes ?? [ { schemeId: "aws.auth#sigv4", identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4") || - (async (idProps) => await config.credentialDefaultProvider(idProps?.__config || {})()), + (async (idProps) => await (0, credential_provider_node_1.defaultProvider)(idProps?.__config || {})()), signer: new core_1.AwsSdkSigV4Signer(), }, { @@ -27060,21 +34406,21 @@ exports.getRuntimeConfig = getRuntimeConfig; /***/ }), -/***/ 993: +/***/ 2642: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; Object.defineProperty(exports, "__esModule", ({ value: true })); exports.getRuntimeConfig = void 0; -const core_1 = __nccwpck_require__(9963); +const core_1 = __nccwpck_require__(2143); const core_2 = __nccwpck_require__(5829); const smithy_client_1 = __nccwpck_require__(3570); const url_parser_1 = __nccwpck_require__(4681); const util_base64_1 = __nccwpck_require__(5600); const util_utf8_1 = __nccwpck_require__(1895); -const httpAuthSchemeProvider_1 = __nccwpck_require__(5569); -const endpointResolver_1 = __nccwpck_require__(2282); +const httpAuthSchemeProvider_1 = __nccwpck_require__(7145); +const endpointResolver_1 = __nccwpck_require__(1203); const getRuntimeConfig = (config) => { return { apiVersion: "2011-06-15", @@ -27108,17 +34454,17 @@ exports.getRuntimeConfig = getRuntimeConfig; /***/ }), -/***/ 9660: +/***/ 2053: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; Object.defineProperty(exports, "__esModule", ({ value: true })); exports.resolveRuntimeExtensions = void 0; -const region_config_resolver_1 = __nccwpck_require__(8156); +const region_config_resolver_1 = __nccwpck_require__(6976); const protocol_http_1 = __nccwpck_require__(4418); const smithy_client_1 = __nccwpck_require__(3570); -const httpAuthExtensionConfiguration_1 = __nccwpck_require__(2995); +const httpAuthExtensionConfiguration_1 = __nccwpck_require__(8527); const resolveRuntimeExtensions = (runtimeConfig, extensions) => { const extensionConfiguration = Object.assign((0, region_config_resolver_1.getAwsRegionExtensionConfiguration)(runtimeConfig), (0, smithy_client_1.getDefaultExtensionConfiguration)(runtimeConfig), (0, protocol_http_1.getHttpHandlerExtensionConfiguration)(runtimeConfig), (0, httpAuthExtensionConfiguration_1.getHttpAuthExtensionConfiguration)(runtimeConfig)); extensions.forEach((extension) => extension.configure(extensionConfiguration)); @@ -27129,16 +34475,131 @@ exports.resolveRuntimeExtensions = resolveRuntimeExtensions; /***/ }), -/***/ 3822: +/***/ 6555: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.resolveHttpAuthSchemeConfig = exports.defaultSSOHttpAuthSchemeProvider = exports.defaultSSOHttpAuthSchemeParametersProvider = void 0; +const core_1 = __nccwpck_require__(2143); +const util_middleware_1 = __nccwpck_require__(2390); +const defaultSSOHttpAuthSchemeParametersProvider = async (config, context, input) => { + return { + operation: (0, util_middleware_1.getSmithyContext)(context).operation, + region: (await (0, util_middleware_1.normalizeProvider)(config.region)()) || + (() => { + throw new Error("expected `region` to be configured for `aws.auth#sigv4`"); + })(), + }; +}; +exports.defaultSSOHttpAuthSchemeParametersProvider = defaultSSOHttpAuthSchemeParametersProvider; +function createAwsAuthSigv4HttpAuthOption(authParameters) { + return { + schemeId: "aws.auth#sigv4", + signingProperties: { + name: "awsssoportal", + region: authParameters.region, + }, + propertiesExtractor: (config, context) => ({ + signingProperties: { + config, + context, + }, + }), + }; +} +function createSmithyApiNoAuthHttpAuthOption(authParameters) { + return { + schemeId: "smithy.api#noAuth", + }; +} +const defaultSSOHttpAuthSchemeProvider = (authParameters) => { + const options = []; + switch (authParameters.operation) { + case "GetRoleCredentials": { + options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); + break; + } + case "ListAccountRoles": { + options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); + break; + } + case "ListAccounts": { + options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); + break; + } + case "Logout": { + options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); + break; + } + default: { + options.push(createAwsAuthSigv4HttpAuthOption(authParameters)); + } + } + return options; +}; +exports.defaultSSOHttpAuthSchemeProvider = defaultSSOHttpAuthSchemeProvider; +const resolveHttpAuthSchemeConfig = (config) => { + const config_0 = (0, core_1.resolveAwsSdkSigV4Config)(config); + return Object.assign(config_0, { + authSchemePreference: (0, util_middleware_1.normalizeProvider)(config.authSchemePreference ?? []), + }); +}; +exports.resolveHttpAuthSchemeConfig = resolveHttpAuthSchemeConfig; + + +/***/ }), + +/***/ 3584: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.defaultEndpointResolver = void 0; +const util_endpoints_1 = __nccwpck_require__(4241); +const util_endpoints_2 = __nccwpck_require__(5473); +const ruleset_1 = __nccwpck_require__(7957); +const cache = new util_endpoints_2.EndpointCache({ + size: 50, + params: ["Endpoint", "Region", "UseDualStack", "UseFIPS"], +}); +const defaultEndpointResolver = (endpointParams, context = {}) => { + return cache.get(endpointParams, () => (0, util_endpoints_2.resolveEndpoint)(ruleset_1.ruleSet, { + endpointParams: endpointParams, + logger: context.logger, + })); +}; +exports.defaultEndpointResolver = defaultEndpointResolver; +util_endpoints_2.customEndpointFunctions.aws = util_endpoints_1.awsEndpointFunctions; + + +/***/ }), + +/***/ 7957: +/***/ ((__unused_webpack_module, exports) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.ruleSet = void 0; +const u = "required", v = "fn", w = "argv", x = "ref"; +const a = true, b = "isSet", c = "booleanEquals", d = "error", e = "endpoint", f = "tree", g = "PartitionResult", h = "getAttr", i = { [u]: false, "type": "String" }, j = { [u]: true, "default": false, "type": "Boolean" }, k = { [x]: "Endpoint" }, l = { [v]: c, [w]: [{ [x]: "UseFIPS" }, true] }, m = { [v]: c, [w]: [{ [x]: "UseDualStack" }, true] }, n = {}, o = { [v]: h, [w]: [{ [x]: g }, "supportsFIPS"] }, p = { [x]: g }, q = { [v]: c, [w]: [true, { [v]: h, [w]: [p, "supportsDualStack"] }] }, r = [l], s = [m], t = [{ [x]: "Region" }]; +const _data = { version: "1.0", parameters: { Region: i, UseDualStack: j, UseFIPS: j, Endpoint: i }, rules: [{ conditions: [{ [v]: b, [w]: [k] }], rules: [{ conditions: r, error: "Invalid Configuration: FIPS and custom endpoint are not supported", type: d }, { conditions: s, error: "Invalid Configuration: Dualstack and custom endpoint are not supported", type: d }, { endpoint: { url: k, properties: n, headers: n }, type: e }], type: f }, { conditions: [{ [v]: b, [w]: t }], rules: [{ conditions: [{ [v]: "aws.partition", [w]: t, assign: g }], rules: [{ conditions: [l, m], rules: [{ conditions: [{ [v]: c, [w]: [a, o] }, q], rules: [{ endpoint: { url: "https://portal.sso-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: n, headers: n }, type: e }], type: f }, { error: "FIPS and DualStack are enabled, but this partition does not support one or both", type: d }], type: f }, { conditions: r, rules: [{ conditions: [{ [v]: c, [w]: [o, a] }], rules: [{ conditions: [{ [v]: "stringEquals", [w]: [{ [v]: h, [w]: [p, "name"] }, "aws-us-gov"] }], endpoint: { url: "https://portal.sso.{Region}.amazonaws.com", properties: n, headers: n }, type: e }, { endpoint: { url: "https://portal.sso-fips.{Region}.{PartitionResult#dnsSuffix}", properties: n, headers: n }, type: e }], type: f }, { error: "FIPS is enabled but this partition does not support FIPS", type: d }], type: f }, { conditions: s, rules: [{ conditions: [q], rules: [{ endpoint: { url: "https://portal.sso.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: n, headers: n }, type: e }], type: f }, { error: "DualStack is enabled but this partition does not support DualStack", type: d }], type: f }, { endpoint: { url: "https://portal.sso.{Region}.{PartitionResult#dnsSuffix}", properties: n, headers: n }, type: e }], type: f }], type: f }, { error: "Invalid Configuration: Missing Region", type: d }] }; +exports.ruleSet = _data; + + +/***/ }), + +/***/ 1687: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; -var __create = Object.create; var __defProp = Object.defineProperty; var __getOwnPropDesc = Object.getOwnPropertyDescriptor; var __getOwnPropNames = Object.getOwnPropertyNames; -var __getProtoOf = Object.getPrototypeOf; var __hasOwnProp = Object.prototype.hasOwnProperty; var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); var __export = (target, all) => { @@ -27151,213 +34612,589 @@ var __copyProps = (to, from, except, desc) => { if (!__hasOwnProp.call(to, key) && key !== except) __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } - return to; + return to; +}; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/index.ts +var index_exports = {}; +__export(index_exports, { + GetRoleCredentialsCommand: () => GetRoleCredentialsCommand, + GetRoleCredentialsRequestFilterSensitiveLog: () => GetRoleCredentialsRequestFilterSensitiveLog, + GetRoleCredentialsResponseFilterSensitiveLog: () => GetRoleCredentialsResponseFilterSensitiveLog, + InvalidRequestException: () => InvalidRequestException, + ListAccountRolesCommand: () => ListAccountRolesCommand, + ListAccountRolesRequestFilterSensitiveLog: () => ListAccountRolesRequestFilterSensitiveLog, + ListAccountsCommand: () => ListAccountsCommand, + ListAccountsRequestFilterSensitiveLog: () => ListAccountsRequestFilterSensitiveLog, + LogoutCommand: () => LogoutCommand, + LogoutRequestFilterSensitiveLog: () => LogoutRequestFilterSensitiveLog, + ResourceNotFoundException: () => ResourceNotFoundException, + RoleCredentialsFilterSensitiveLog: () => RoleCredentialsFilterSensitiveLog, + SSO: () => SSO, + SSOClient: () => SSOClient, + SSOServiceException: () => SSOServiceException, + TooManyRequestsException: () => TooManyRequestsException, + UnauthorizedException: () => UnauthorizedException, + __Client: () => import_smithy_client.Client, + paginateListAccountRoles: () => paginateListAccountRoles, + paginateListAccounts: () => paginateListAccounts +}); +module.exports = __toCommonJS(index_exports); + +// src/SSOClient.ts +var import_middleware_host_header = __nccwpck_require__(9514); +var import_middleware_logger = __nccwpck_require__(5675); +var import_middleware_recursion_detection = __nccwpck_require__(7977); +var import_middleware_user_agent = __nccwpck_require__(6634); +var import_config_resolver = __nccwpck_require__(3098); +var import_core = __nccwpck_require__(5829); +var import_middleware_content_length = __nccwpck_require__(2800); +var import_middleware_endpoint = __nccwpck_require__(2918); +var import_middleware_retry = __nccwpck_require__(6039); + +var import_httpAuthSchemeProvider = __nccwpck_require__(6555); + +// src/endpoint/EndpointParameters.ts +var resolveClientEndpointParameters = /* @__PURE__ */ __name((options) => { + return Object.assign(options, { + useDualstackEndpoint: options.useDualstackEndpoint ?? false, + useFipsEndpoint: options.useFipsEndpoint ?? false, + defaultSigningName: "awsssoportal" + }); +}, "resolveClientEndpointParameters"); +var commonParams = { + UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, + Endpoint: { type: "builtInParams", name: "endpoint" }, + Region: { type: "builtInParams", name: "region" }, + UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" } +}; + +// src/SSOClient.ts +var import_runtimeConfig = __nccwpck_require__(1012); + +// src/runtimeExtensions.ts +var import_region_config_resolver = __nccwpck_require__(6976); +var import_protocol_http = __nccwpck_require__(4418); +var import_smithy_client = __nccwpck_require__(3570); + +// src/auth/httpAuthExtensionConfiguration.ts +var getHttpAuthExtensionConfiguration = /* @__PURE__ */ __name((runtimeConfig) => { + const _httpAuthSchemes = runtimeConfig.httpAuthSchemes; + let _httpAuthSchemeProvider = runtimeConfig.httpAuthSchemeProvider; + let _credentials = runtimeConfig.credentials; + return { + setHttpAuthScheme(httpAuthScheme) { + const index = _httpAuthSchemes.findIndex((scheme) => scheme.schemeId === httpAuthScheme.schemeId); + if (index === -1) { + _httpAuthSchemes.push(httpAuthScheme); + } else { + _httpAuthSchemes.splice(index, 1, httpAuthScheme); + } + }, + httpAuthSchemes() { + return _httpAuthSchemes; + }, + setHttpAuthSchemeProvider(httpAuthSchemeProvider) { + _httpAuthSchemeProvider = httpAuthSchemeProvider; + }, + httpAuthSchemeProvider() { + return _httpAuthSchemeProvider; + }, + setCredentials(credentials) { + _credentials = credentials; + }, + credentials() { + return _credentials; + } + }; +}, "getHttpAuthExtensionConfiguration"); +var resolveHttpAuthRuntimeConfig = /* @__PURE__ */ __name((config) => { + return { + httpAuthSchemes: config.httpAuthSchemes(), + httpAuthSchemeProvider: config.httpAuthSchemeProvider(), + credentials: config.credentials() + }; +}, "resolveHttpAuthRuntimeConfig"); + +// src/runtimeExtensions.ts +var resolveRuntimeExtensions = /* @__PURE__ */ __name((runtimeConfig, extensions) => { + const extensionConfiguration = Object.assign( + (0, import_region_config_resolver.getAwsRegionExtensionConfiguration)(runtimeConfig), + (0, import_smithy_client.getDefaultExtensionConfiguration)(runtimeConfig), + (0, import_protocol_http.getHttpHandlerExtensionConfiguration)(runtimeConfig), + getHttpAuthExtensionConfiguration(runtimeConfig) + ); + extensions.forEach((extension) => extension.configure(extensionConfiguration)); + return Object.assign( + runtimeConfig, + (0, import_region_config_resolver.resolveAwsRegionExtensionConfiguration)(extensionConfiguration), + (0, import_smithy_client.resolveDefaultRuntimeConfig)(extensionConfiguration), + (0, import_protocol_http.resolveHttpHandlerRuntimeConfig)(extensionConfiguration), + resolveHttpAuthRuntimeConfig(extensionConfiguration) + ); +}, "resolveRuntimeExtensions"); + +// src/SSOClient.ts +var SSOClient = class extends import_smithy_client.Client { + static { + __name(this, "SSOClient"); + } + /** + * The resolved configuration of SSOClient class. This is resolved and normalized from the {@link SSOClientConfig | constructor configuration interface}. + */ + config; + constructor(...[configuration]) { + const _config_0 = (0, import_runtimeConfig.getRuntimeConfig)(configuration || {}); + super(_config_0); + this.initConfig = _config_0; + const _config_1 = resolveClientEndpointParameters(_config_0); + const _config_2 = (0, import_middleware_user_agent.resolveUserAgentConfig)(_config_1); + const _config_3 = (0, import_middleware_retry.resolveRetryConfig)(_config_2); + const _config_4 = (0, import_config_resolver.resolveRegionConfig)(_config_3); + const _config_5 = (0, import_middleware_host_header.resolveHostHeaderConfig)(_config_4); + const _config_6 = (0, import_middleware_endpoint.resolveEndpointConfig)(_config_5); + const _config_7 = (0, import_httpAuthSchemeProvider.resolveHttpAuthSchemeConfig)(_config_6); + const _config_8 = resolveRuntimeExtensions(_config_7, configuration?.extensions || []); + this.config = _config_8; + this.middlewareStack.use((0, import_middleware_user_agent.getUserAgentPlugin)(this.config)); + this.middlewareStack.use((0, import_middleware_retry.getRetryPlugin)(this.config)); + this.middlewareStack.use((0, import_middleware_content_length.getContentLengthPlugin)(this.config)); + this.middlewareStack.use((0, import_middleware_host_header.getHostHeaderPlugin)(this.config)); + this.middlewareStack.use((0, import_middleware_logger.getLoggerPlugin)(this.config)); + this.middlewareStack.use((0, import_middleware_recursion_detection.getRecursionDetectionPlugin)(this.config)); + this.middlewareStack.use( + (0, import_core.getHttpAuthSchemeEndpointRuleSetPlugin)(this.config, { + httpAuthSchemeParametersProvider: import_httpAuthSchemeProvider.defaultSSOHttpAuthSchemeParametersProvider, + identityProviderConfigProvider: /* @__PURE__ */ __name(async (config) => new import_core.DefaultIdentityProviderConfig({ + "aws.auth#sigv4": config.credentials + }), "identityProviderConfigProvider") + }) + ); + this.middlewareStack.use((0, import_core.getHttpSigningPlugin)(this.config)); + } + /** + * Destroy underlying resources, like sockets. It's usually not necessary to do this. + * However in Node.js, it's best to explicitly shut down the client's agent when it is no longer needed. + * Otherwise, sockets might stay open for quite a long time before the server terminates them. + */ + destroy() { + super.destroy(); + } }; -var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps( - // If the importer is in node compatibility mode or this is not an ESM - // file that has been converted to a CommonJS file using a Babel- - // compatible transform (i.e. "__esModule" has not been set), then set - // "default" to the CommonJS "module.exports" for node compatibility. - isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target, - mod -)); -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - fromEnvSigningName: () => fromEnvSigningName, - fromSso: () => fromSso, - fromStatic: () => fromStatic, - nodeProvider: () => nodeProvider -}); -module.exports = __toCommonJS(index_exports); -// src/fromEnvSigningName.ts -var import_core = __nccwpck_require__(9963); -var import_property_provider = __nccwpck_require__(9721); -var fromEnvSigningName = /* @__PURE__ */ __name(({ logger, signingName } = {}) => async () => { - logger?.debug?.("@aws-sdk/token-providers - fromEnvSigningName"); - if (!signingName) { - throw new import_property_provider.TokenProviderError("Please pass 'signingName' to compute environment variable key", { logger }); - } - const bearerTokenKey = (0, import_core.getBearerTokenEnvKey)(signingName); - if (!(bearerTokenKey in process.env)) { - throw new import_property_provider.TokenProviderError(`Token not present in '${bearerTokenKey}' environment variable`, { logger }); - } - return { token: process.env[bearerTokenKey] }; -}, "fromEnvSigningName"); +// src/SSO.ts -// src/fromSso.ts +// src/commands/GetRoleCredentialsCommand.ts +var import_middleware_serde = __nccwpck_require__(1238); -// src/constants.ts -var EXPIRE_WINDOW_MS = 5 * 60 * 1e3; -var REFRESH_MESSAGE = `To refresh this SSO session run 'aws sso login' with the corresponding profile.`; -// src/getSsoOidcClient.ts -var getSsoOidcClient = /* @__PURE__ */ __name(async (ssoRegion, init = {}) => { - const { SSOOIDCClient } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(2604))); - const ssoOidcClient = new SSOOIDCClient( - Object.assign({}, init.clientConfig ?? {}, { - region: ssoRegion ?? init.clientConfig?.region, - logger: init.clientConfig?.logger ?? init.parentClientConfig?.logger - }) - ); - return ssoOidcClient; -}, "getSsoOidcClient"); +// src/models/models_0.ts -// src/getNewSsoOidcToken.ts -var getNewSsoOidcToken = /* @__PURE__ */ __name(async (ssoToken, ssoRegion, init = {}) => { - const { CreateTokenCommand } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(2604))); - const ssoOidcClient = await getSsoOidcClient(ssoRegion, init); - return ssoOidcClient.send( - new CreateTokenCommand({ - clientId: ssoToken.clientId, - clientSecret: ssoToken.clientSecret, - refreshToken: ssoToken.refreshToken, - grantType: "refresh_token" - }) - ); -}, "getNewSsoOidcToken"); -// src/validateTokenExpiry.ts +// src/models/SSOServiceException.ts -var validateTokenExpiry = /* @__PURE__ */ __name((token) => { - if (token.expiration && token.expiration.getTime() < Date.now()) { - throw new import_property_provider.TokenProviderError(`Token is expired. ${REFRESH_MESSAGE}`, false); +var SSOServiceException = class _SSOServiceException extends import_smithy_client.ServiceException { + static { + __name(this, "SSOServiceException"); } -}, "validateTokenExpiry"); - -// src/validateTokenKey.ts + /** + * @internal + */ + constructor(options) { + super(options); + Object.setPrototypeOf(this, _SSOServiceException.prototype); + } +}; -var validateTokenKey = /* @__PURE__ */ __name((key, value, forRefresh = false) => { - if (typeof value === "undefined") { - throw new import_property_provider.TokenProviderError( - `Value not present for '${key}' in SSO Token${forRefresh ? ". Cannot refresh" : ""}. ${REFRESH_MESSAGE}`, - false - ); +// src/models/models_0.ts +var InvalidRequestException = class _InvalidRequestException extends SSOServiceException { + static { + __name(this, "InvalidRequestException"); } -}, "validateTokenKey"); + name = "InvalidRequestException"; + $fault = "client"; + /** + * @internal + */ + constructor(opts) { + super({ + name: "InvalidRequestException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _InvalidRequestException.prototype); + } +}; +var ResourceNotFoundException = class _ResourceNotFoundException extends SSOServiceException { + static { + __name(this, "ResourceNotFoundException"); + } + name = "ResourceNotFoundException"; + $fault = "client"; + /** + * @internal + */ + constructor(opts) { + super({ + name: "ResourceNotFoundException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _ResourceNotFoundException.prototype); + } +}; +var TooManyRequestsException = class _TooManyRequestsException extends SSOServiceException { + static { + __name(this, "TooManyRequestsException"); + } + name = "TooManyRequestsException"; + $fault = "client"; + /** + * @internal + */ + constructor(opts) { + super({ + name: "TooManyRequestsException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _TooManyRequestsException.prototype); + } +}; +var UnauthorizedException = class _UnauthorizedException extends SSOServiceException { + static { + __name(this, "UnauthorizedException"); + } + name = "UnauthorizedException"; + $fault = "client"; + /** + * @internal + */ + constructor(opts) { + super({ + name: "UnauthorizedException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _UnauthorizedException.prototype); + } +}; +var GetRoleCredentialsRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.accessToken && { accessToken: import_smithy_client.SENSITIVE_STRING } +}), "GetRoleCredentialsRequestFilterSensitiveLog"); +var RoleCredentialsFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.secretAccessKey && { secretAccessKey: import_smithy_client.SENSITIVE_STRING }, + ...obj.sessionToken && { sessionToken: import_smithy_client.SENSITIVE_STRING } +}), "RoleCredentialsFilterSensitiveLog"); +var GetRoleCredentialsResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.roleCredentials && { roleCredentials: RoleCredentialsFilterSensitiveLog(obj.roleCredentials) } +}), "GetRoleCredentialsResponseFilterSensitiveLog"); +var ListAccountRolesRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.accessToken && { accessToken: import_smithy_client.SENSITIVE_STRING } +}), "ListAccountRolesRequestFilterSensitiveLog"); +var ListAccountsRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.accessToken && { accessToken: import_smithy_client.SENSITIVE_STRING } +}), "ListAccountsRequestFilterSensitiveLog"); +var LogoutRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.accessToken && { accessToken: import_smithy_client.SENSITIVE_STRING } +}), "LogoutRequestFilterSensitiveLog"); -// src/writeSSOTokenToFile.ts -var import_shared_ini_file_loader = __nccwpck_require__(3507); -var import_fs = __nccwpck_require__(7147); -var { writeFile } = import_fs.promises; -var writeSSOTokenToFile = /* @__PURE__ */ __name((id, ssoToken) => { - const tokenFilepath = (0, import_shared_ini_file_loader.getSSOTokenFilepath)(id); - const tokenString = JSON.stringify(ssoToken, null, 2); - return writeFile(tokenFilepath, tokenString); -}, "writeSSOTokenToFile"); +// src/protocols/Aws_restJson1.ts +var import_core2 = __nccwpck_require__(2143); -// src/fromSso.ts -var lastRefreshAttemptTime = /* @__PURE__ */ new Date(0); -var fromSso = /* @__PURE__ */ __name((_init = {}) => async ({ callerClientConfig } = {}) => { - const init = { - ..._init, - parentClientConfig: { - ...callerClientConfig, - ..._init.parentClientConfig - } - }; - init.logger?.debug("@aws-sdk/token-providers - fromSso"); - const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init); - const profileName = (0, import_shared_ini_file_loader.getProfileName)({ - profile: init.profile ?? callerClientConfig?.profile + +var se_GetRoleCredentialsCommand = /* @__PURE__ */ __name(async (input, context) => { + const b = (0, import_core.requestBuilder)(input, context); + const headers = (0, import_smithy_client.map)({}, import_smithy_client.isSerializableHeaderValue, { + [_xasbt]: input[_aT] }); - const profile = profiles[profileName]; - if (!profile) { - throw new import_property_provider.TokenProviderError(`Profile '${profileName}' could not be found in shared credentials file.`, false); - } else if (!profile["sso_session"]) { - throw new import_property_provider.TokenProviderError(`Profile '${profileName}' is missing required property 'sso_session'.`); + b.bp("/federation/credentials"); + const query = (0, import_smithy_client.map)({ + [_rn]: [, (0, import_smithy_client.expectNonNull)(input[_rN], `roleName`)], + [_ai]: [, (0, import_smithy_client.expectNonNull)(input[_aI], `accountId`)] + }); + let body; + b.m("GET").h(headers).q(query).b(body); + return b.build(); +}, "se_GetRoleCredentialsCommand"); +var se_ListAccountRolesCommand = /* @__PURE__ */ __name(async (input, context) => { + const b = (0, import_core.requestBuilder)(input, context); + const headers = (0, import_smithy_client.map)({}, import_smithy_client.isSerializableHeaderValue, { + [_xasbt]: input[_aT] + }); + b.bp("/assignment/roles"); + const query = (0, import_smithy_client.map)({ + [_nt]: [, input[_nT]], + [_mr]: [() => input.maxResults !== void 0, () => input[_mR].toString()], + [_ai]: [, (0, import_smithy_client.expectNonNull)(input[_aI], `accountId`)] + }); + let body; + b.m("GET").h(headers).q(query).b(body); + return b.build(); +}, "se_ListAccountRolesCommand"); +var se_ListAccountsCommand = /* @__PURE__ */ __name(async (input, context) => { + const b = (0, import_core.requestBuilder)(input, context); + const headers = (0, import_smithy_client.map)({}, import_smithy_client.isSerializableHeaderValue, { + [_xasbt]: input[_aT] + }); + b.bp("/assignment/accounts"); + const query = (0, import_smithy_client.map)({ + [_nt]: [, input[_nT]], + [_mr]: [() => input.maxResults !== void 0, () => input[_mR].toString()] + }); + let body; + b.m("GET").h(headers).q(query).b(body); + return b.build(); +}, "se_ListAccountsCommand"); +var se_LogoutCommand = /* @__PURE__ */ __name(async (input, context) => { + const b = (0, import_core.requestBuilder)(input, context); + const headers = (0, import_smithy_client.map)({}, import_smithy_client.isSerializableHeaderValue, { + [_xasbt]: input[_aT] + }); + b.bp("/logout"); + let body; + b.m("POST").h(headers).b(body); + return b.build(); +}, "se_LogoutCommand"); +var de_GetRoleCredentialsCommand = /* @__PURE__ */ __name(async (output, context) => { + if (output.statusCode !== 200 && output.statusCode >= 300) { + return de_CommandError(output, context); } - const ssoSessionName = profile["sso_session"]; - const ssoSessions = await (0, import_shared_ini_file_loader.loadSsoSessionData)(init); - const ssoSession = ssoSessions[ssoSessionName]; - if (!ssoSession) { - throw new import_property_provider.TokenProviderError( - `Sso session '${ssoSessionName}' could not be found in shared credentials file.`, - false - ); + const contents = (0, import_smithy_client.map)({ + $metadata: deserializeMetadata(output) + }); + const data = (0, import_smithy_client.expectNonNull)((0, import_smithy_client.expectObject)(await (0, import_core2.parseJsonBody)(output.body, context)), "body"); + const doc = (0, import_smithy_client.take)(data, { + roleCredentials: import_smithy_client._json + }); + Object.assign(contents, doc); + return contents; +}, "de_GetRoleCredentialsCommand"); +var de_ListAccountRolesCommand = /* @__PURE__ */ __name(async (output, context) => { + if (output.statusCode !== 200 && output.statusCode >= 300) { + return de_CommandError(output, context); } - for (const ssoSessionRequiredKey of ["sso_start_url", "sso_region"]) { - if (!ssoSession[ssoSessionRequiredKey]) { - throw new import_property_provider.TokenProviderError( - `Sso session '${ssoSessionName}' is missing required property '${ssoSessionRequiredKey}'.`, - false - ); - } + const contents = (0, import_smithy_client.map)({ + $metadata: deserializeMetadata(output) + }); + const data = (0, import_smithy_client.expectNonNull)((0, import_smithy_client.expectObject)(await (0, import_core2.parseJsonBody)(output.body, context)), "body"); + const doc = (0, import_smithy_client.take)(data, { + nextToken: import_smithy_client.expectString, + roleList: import_smithy_client._json + }); + Object.assign(contents, doc); + return contents; +}, "de_ListAccountRolesCommand"); +var de_ListAccountsCommand = /* @__PURE__ */ __name(async (output, context) => { + if (output.statusCode !== 200 && output.statusCode >= 300) { + return de_CommandError(output, context); } - const ssoStartUrl = ssoSession["sso_start_url"]; - const ssoRegion = ssoSession["sso_region"]; - let ssoToken; - try { - ssoToken = await (0, import_shared_ini_file_loader.getSSOTokenFromFile)(ssoSessionName); - } catch (e) { - throw new import_property_provider.TokenProviderError( - `The SSO session token associated with profile=${profileName} was not found or is invalid. ${REFRESH_MESSAGE}`, - false - ); + const contents = (0, import_smithy_client.map)({ + $metadata: deserializeMetadata(output) + }); + const data = (0, import_smithy_client.expectNonNull)((0, import_smithy_client.expectObject)(await (0, import_core2.parseJsonBody)(output.body, context)), "body"); + const doc = (0, import_smithy_client.take)(data, { + accountList: import_smithy_client._json, + nextToken: import_smithy_client.expectString + }); + Object.assign(contents, doc); + return contents; +}, "de_ListAccountsCommand"); +var de_LogoutCommand = /* @__PURE__ */ __name(async (output, context) => { + if (output.statusCode !== 200 && output.statusCode >= 300) { + return de_CommandError(output, context); } - validateTokenKey("accessToken", ssoToken.accessToken); - validateTokenKey("expiresAt", ssoToken.expiresAt); - const { accessToken, expiresAt } = ssoToken; - const existingToken = { token: accessToken, expiration: new Date(expiresAt) }; - if (existingToken.expiration.getTime() - Date.now() > EXPIRE_WINDOW_MS) { - return existingToken; + const contents = (0, import_smithy_client.map)({ + $metadata: deserializeMetadata(output) + }); + await (0, import_smithy_client.collectBody)(output.body, context); + return contents; +}, "de_LogoutCommand"); +var de_CommandError = /* @__PURE__ */ __name(async (output, context) => { + const parsedOutput = { + ...output, + body: await (0, import_core2.parseJsonErrorBody)(output.body, context) + }; + const errorCode = (0, import_core2.loadRestJsonErrorCode)(output, parsedOutput.body); + switch (errorCode) { + case "InvalidRequestException": + case "com.amazonaws.sso#InvalidRequestException": + throw await de_InvalidRequestExceptionRes(parsedOutput, context); + case "ResourceNotFoundException": + case "com.amazonaws.sso#ResourceNotFoundException": + throw await de_ResourceNotFoundExceptionRes(parsedOutput, context); + case "TooManyRequestsException": + case "com.amazonaws.sso#TooManyRequestsException": + throw await de_TooManyRequestsExceptionRes(parsedOutput, context); + case "UnauthorizedException": + case "com.amazonaws.sso#UnauthorizedException": + throw await de_UnauthorizedExceptionRes(parsedOutput, context); + default: + const parsedBody = parsedOutput.body; + return throwDefaultError({ + output, + parsedBody, + errorCode + }); } - if (Date.now() - lastRefreshAttemptTime.getTime() < 30 * 1e3) { - validateTokenExpiry(existingToken); - return existingToken; +}, "de_CommandError"); +var throwDefaultError = (0, import_smithy_client.withBaseException)(SSOServiceException); +var de_InvalidRequestExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client.take)(data, { + message: import_smithy_client.expectString + }); + Object.assign(contents, doc); + const exception = new InvalidRequestException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client.decorateServiceException)(exception, parsedOutput.body); +}, "de_InvalidRequestExceptionRes"); +var de_ResourceNotFoundExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client.take)(data, { + message: import_smithy_client.expectString + }); + Object.assign(contents, doc); + const exception = new ResourceNotFoundException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client.decorateServiceException)(exception, parsedOutput.body); +}, "de_ResourceNotFoundExceptionRes"); +var de_TooManyRequestsExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client.take)(data, { + message: import_smithy_client.expectString + }); + Object.assign(contents, doc); + const exception = new TooManyRequestsException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client.decorateServiceException)(exception, parsedOutput.body); +}, "de_TooManyRequestsExceptionRes"); +var de_UnauthorizedExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client.take)(data, { + message: import_smithy_client.expectString + }); + Object.assign(contents, doc); + const exception = new UnauthorizedException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client.decorateServiceException)(exception, parsedOutput.body); +}, "de_UnauthorizedExceptionRes"); +var deserializeMetadata = /* @__PURE__ */ __name((output) => ({ + httpStatusCode: output.statusCode, + requestId: output.headers["x-amzn-requestid"] ?? output.headers["x-amzn-request-id"] ?? output.headers["x-amz-request-id"], + extendedRequestId: output.headers["x-amz-id-2"], + cfId: output.headers["x-amz-cf-id"] +}), "deserializeMetadata"); +var _aI = "accountId"; +var _aT = "accessToken"; +var _ai = "account_id"; +var _mR = "maxResults"; +var _mr = "max_result"; +var _nT = "nextToken"; +var _nt = "next_token"; +var _rN = "roleName"; +var _rn = "role_name"; +var _xasbt = "x-amz-sso_bearer_token"; + +// src/commands/GetRoleCredentialsCommand.ts +var GetRoleCredentialsCommand = class extends import_smithy_client.Command.classBuilder().ep(commonParams).m(function(Command, cs, config, o) { + return [ + (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), + (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) + ]; +}).s("SWBPortalService", "GetRoleCredentials", {}).n("SSOClient", "GetRoleCredentialsCommand").f(GetRoleCredentialsRequestFilterSensitiveLog, GetRoleCredentialsResponseFilterSensitiveLog).ser(se_GetRoleCredentialsCommand).de(de_GetRoleCredentialsCommand).build() { + static { + __name(this, "GetRoleCredentialsCommand"); } - validateTokenKey("clientId", ssoToken.clientId, true); - validateTokenKey("clientSecret", ssoToken.clientSecret, true); - validateTokenKey("refreshToken", ssoToken.refreshToken, true); - try { - lastRefreshAttemptTime.setTime(Date.now()); - const newSsoOidcToken = await getNewSsoOidcToken(ssoToken, ssoRegion, init); - validateTokenKey("accessToken", newSsoOidcToken.accessToken); - validateTokenKey("expiresIn", newSsoOidcToken.expiresIn); - const newTokenExpiration = new Date(Date.now() + newSsoOidcToken.expiresIn * 1e3); - try { - await writeSSOTokenToFile(ssoSessionName, { - ...ssoToken, - accessToken: newSsoOidcToken.accessToken, - expiresAt: newTokenExpiration.toISOString(), - refreshToken: newSsoOidcToken.refreshToken - }); - } catch (error) { - } - return { - token: newSsoOidcToken.accessToken, - expiration: newTokenExpiration - }; - } catch (error) { - validateTokenExpiry(existingToken); - return existingToken; +}; + +// src/commands/ListAccountRolesCommand.ts + + + +var ListAccountRolesCommand = class extends import_smithy_client.Command.classBuilder().ep(commonParams).m(function(Command, cs, config, o) { + return [ + (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), + (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) + ]; +}).s("SWBPortalService", "ListAccountRoles", {}).n("SSOClient", "ListAccountRolesCommand").f(ListAccountRolesRequestFilterSensitiveLog, void 0).ser(se_ListAccountRolesCommand).de(de_ListAccountRolesCommand).build() { + static { + __name(this, "ListAccountRolesCommand"); + } +}; + +// src/commands/ListAccountsCommand.ts + + + +var ListAccountsCommand = class extends import_smithy_client.Command.classBuilder().ep(commonParams).m(function(Command, cs, config, o) { + return [ + (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), + (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) + ]; +}).s("SWBPortalService", "ListAccounts", {}).n("SSOClient", "ListAccountsCommand").f(ListAccountsRequestFilterSensitiveLog, void 0).ser(se_ListAccountsCommand).de(de_ListAccountsCommand).build() { + static { + __name(this, "ListAccountsCommand"); } -}, "fromSso"); +}; -// src/fromStatic.ts +// src/commands/LogoutCommand.ts -var fromStatic = /* @__PURE__ */ __name(({ token, logger }) => async () => { - logger?.debug("@aws-sdk/token-providers - fromStatic"); - if (!token || !token.token) { - throw new import_property_provider.TokenProviderError(`Please pass a valid token to fromStatic`, false); + + +var LogoutCommand = class extends import_smithy_client.Command.classBuilder().ep(commonParams).m(function(Command, cs, config, o) { + return [ + (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), + (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) + ]; +}).s("SWBPortalService", "Logout", {}).n("SSOClient", "LogoutCommand").f(LogoutRequestFilterSensitiveLog, void 0).ser(se_LogoutCommand).de(de_LogoutCommand).build() { + static { + __name(this, "LogoutCommand"); } - return token; -}, "fromStatic"); +}; -// src/nodeProvider.ts +// src/SSO.ts +var commands = { + GetRoleCredentialsCommand, + ListAccountRolesCommand, + ListAccountsCommand, + LogoutCommand +}; +var SSO = class extends SSOClient { + static { + __name(this, "SSO"); + } +}; +(0, import_smithy_client.createAggregatedClient)(commands, SSO); -var nodeProvider = /* @__PURE__ */ __name((init = {}) => (0, import_property_provider.memoize)( - (0, import_property_provider.chain)(fromSso(init), async () => { - throw new import_property_provider.TokenProviderError("Could not load token from any providers", false); - }), - (token) => token.expiration !== void 0 && token.expiration.getTime() - Date.now() < 3e5, - (token) => token.expiration !== void 0 -), "nodeProvider"); +// src/pagination/ListAccountRolesPaginator.ts + +var paginateListAccountRoles = (0, import_core.createPaginator)(SSOClient, ListAccountRolesCommand, "nextToken", "nextToken", "maxResults"); + +// src/pagination/ListAccountsPaginator.ts + +var paginateListAccounts = (0, import_core.createPaginator)(SSOClient, ListAccountsCommand, "nextToken", "nextToken", "maxResults"); // Annotate the CommonJS export names for ESM import in node: 0 && (0); @@ -27366,459 +35203,611 @@ var nodeProvider = /* @__PURE__ */ __name((init = {}) => (0, import_property_pro /***/ }), -/***/ 1256: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +/***/ 1012: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.getRuntimeConfig = void 0; +const tslib_1 = __nccwpck_require__(4351); +const package_json_1 = tslib_1.__importDefault(__nccwpck_require__(4665)); +const core_1 = __nccwpck_require__(2143); +const util_user_agent_node_1 = __nccwpck_require__(7330); +const config_resolver_1 = __nccwpck_require__(3098); +const hash_node_1 = __nccwpck_require__(3081); +const middleware_retry_1 = __nccwpck_require__(6039); +const node_config_provider_1 = __nccwpck_require__(3461); +const node_http_handler_1 = __nccwpck_require__(258); +const util_body_length_node_1 = __nccwpck_require__(8075); +const util_retry_1 = __nccwpck_require__(4902); +const runtimeConfig_shared_1 = __nccwpck_require__(7369); +const smithy_client_1 = __nccwpck_require__(3570); +const util_defaults_mode_node_1 = __nccwpck_require__(2429); +const smithy_client_2 = __nccwpck_require__(3570); +const getRuntimeConfig = (config) => { + (0, smithy_client_2.emitWarningIfUnsupportedVersion)(process.version); + const defaultsMode = (0, util_defaults_mode_node_1.resolveDefaultsModeConfig)(config); + const defaultConfigProvider = () => defaultsMode().then(smithy_client_1.loadConfigsForDefaultMode); + const clientSharedValues = (0, runtimeConfig_shared_1.getRuntimeConfig)(config); + (0, core_1.emitWarningIfUnsupportedVersion)(process.version); + const loaderConfig = { + profile: config?.profile, + logger: clientSharedValues.logger, + }; + return { + ...clientSharedValues, + ...config, + runtime: "node", + defaultsMode, + authSchemePreference: config?.authSchemePreference ?? (0, node_config_provider_1.loadConfig)(core_1.NODE_AUTH_SCHEME_PREFERENCE_OPTIONS, loaderConfig), + bodyLengthChecker: config?.bodyLengthChecker ?? util_body_length_node_1.calculateBodyLength, + defaultUserAgentProvider: config?.defaultUserAgentProvider ?? + (0, util_user_agent_node_1.createDefaultUserAgentProvider)({ serviceId: clientSharedValues.serviceId, clientVersion: package_json_1.default.version }), + maxAttempts: config?.maxAttempts ?? (0, node_config_provider_1.loadConfig)(middleware_retry_1.NODE_MAX_ATTEMPT_CONFIG_OPTIONS, config), + region: config?.region ?? + (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_REGION_CONFIG_OPTIONS, { ...config_resolver_1.NODE_REGION_CONFIG_FILE_OPTIONS, ...loaderConfig }), + requestHandler: node_http_handler_1.NodeHttpHandler.create(config?.requestHandler ?? defaultConfigProvider), + retryMode: config?.retryMode ?? + (0, node_config_provider_1.loadConfig)({ + ...middleware_retry_1.NODE_RETRY_MODE_CONFIG_OPTIONS, + default: async () => (await defaultConfigProvider()).retryMode || util_retry_1.DEFAULT_RETRY_MODE, + }, config), + sha256: config?.sha256 ?? hash_node_1.Hash.bind(null, "sha256"), + streamCollector: config?.streamCollector ?? node_http_handler_1.streamCollector, + useDualstackEndpoint: config?.useDualstackEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS, loaderConfig), + useFipsEndpoint: config?.useFipsEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS, loaderConfig), + userAgentAppId: config?.userAgentAppId ?? (0, node_config_provider_1.loadConfig)(util_user_agent_node_1.NODE_APP_ID_CONFIG_OPTIONS, loaderConfig), + }; }; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - ConditionObject: () => import_util_endpoints.ConditionObject, - DeprecatedObject: () => import_util_endpoints.DeprecatedObject, - EndpointError: () => import_util_endpoints.EndpointError, - EndpointObject: () => import_util_endpoints.EndpointObject, - EndpointObjectHeaders: () => import_util_endpoints.EndpointObjectHeaders, - EndpointObjectProperties: () => import_util_endpoints.EndpointObjectProperties, - EndpointParams: () => import_util_endpoints.EndpointParams, - EndpointResolverOptions: () => import_util_endpoints.EndpointResolverOptions, - EndpointRuleObject: () => import_util_endpoints.EndpointRuleObject, - ErrorRuleObject: () => import_util_endpoints.ErrorRuleObject, - EvaluateOptions: () => import_util_endpoints.EvaluateOptions, - Expression: () => import_util_endpoints.Expression, - FunctionArgv: () => import_util_endpoints.FunctionArgv, - FunctionObject: () => import_util_endpoints.FunctionObject, - FunctionReturn: () => import_util_endpoints.FunctionReturn, - ParameterObject: () => import_util_endpoints.ParameterObject, - ReferenceObject: () => import_util_endpoints.ReferenceObject, - ReferenceRecord: () => import_util_endpoints.ReferenceRecord, - RuleSetObject: () => import_util_endpoints.RuleSetObject, - RuleSetRules: () => import_util_endpoints.RuleSetRules, - TreeRuleObject: () => import_util_endpoints.TreeRuleObject, - awsEndpointFunctions: () => awsEndpointFunctions, - getUserAgentPrefix: () => getUserAgentPrefix, - isIpAddress: () => import_util_endpoints.isIpAddress, - partition: () => partition, - resolveEndpoint: () => import_util_endpoints.resolveEndpoint, - setPartitionInfo: () => setPartitionInfo, - useDefaultPartitionInfo: () => useDefaultPartitionInfo -}); -module.exports = __toCommonJS(index_exports); - -// src/aws.ts - +exports.getRuntimeConfig = getRuntimeConfig; -// src/lib/aws/isVirtualHostableS3Bucket.ts +/***/ }), -// src/lib/isIpAddress.ts -var import_util_endpoints = __nccwpck_require__(5473); +/***/ 7369: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { -// src/lib/aws/isVirtualHostableS3Bucket.ts -var isVirtualHostableS3Bucket = /* @__PURE__ */ __name((value, allowSubDomains = false) => { - if (allowSubDomains) { - for (const label of value.split(".")) { - if (!isVirtualHostableS3Bucket(label)) { - return false; - } - } - return true; - } - if (!(0, import_util_endpoints.isValidHostLabel)(value)) { - return false; - } - if (value.length < 3 || value.length > 63) { - return false; - } - if (value !== value.toLowerCase()) { - return false; - } - if ((0, import_util_endpoints.isIpAddress)(value)) { - return false; - } - return true; -}, "isVirtualHostableS3Bucket"); +"use strict"; -// src/lib/aws/parseArn.ts -var ARN_DELIMITER = ":"; -var RESOURCE_DELIMITER = "/"; -var parseArn = /* @__PURE__ */ __name((value) => { - const segments = value.split(ARN_DELIMITER); - if (segments.length < 6) return null; - const [arn, partition2, service, region, accountId, ...resourcePath] = segments; - if (arn !== "arn" || partition2 === "" || service === "" || resourcePath.join(ARN_DELIMITER) === "") return null; - const resourceId = resourcePath.map((resource) => resource.split(RESOURCE_DELIMITER)).flat(); - return { - partition: partition2, - service, - region, - accountId, - resourceId - }; -}, "parseArn"); +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.getRuntimeConfig = void 0; +const core_1 = __nccwpck_require__(2143); +const core_2 = __nccwpck_require__(5829); +const smithy_client_1 = __nccwpck_require__(3570); +const url_parser_1 = __nccwpck_require__(4681); +const util_base64_1 = __nccwpck_require__(5600); +const util_utf8_1 = __nccwpck_require__(1895); +const httpAuthSchemeProvider_1 = __nccwpck_require__(6555); +const endpointResolver_1 = __nccwpck_require__(3584); +const getRuntimeConfig = (config) => { + return { + apiVersion: "2019-06-10", + base64Decoder: config?.base64Decoder ?? util_base64_1.fromBase64, + base64Encoder: config?.base64Encoder ?? util_base64_1.toBase64, + disableHostPrefix: config?.disableHostPrefix ?? false, + endpointProvider: config?.endpointProvider ?? endpointResolver_1.defaultEndpointResolver, + extensions: config?.extensions ?? [], + httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? httpAuthSchemeProvider_1.defaultSSOHttpAuthSchemeProvider, + httpAuthSchemes: config?.httpAuthSchemes ?? [ + { + schemeId: "aws.auth#sigv4", + identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4"), + signer: new core_1.AwsSdkSigV4Signer(), + }, + { + schemeId: "smithy.api#noAuth", + identityProvider: (ipc) => ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})), + signer: new core_2.NoAuthSigner(), + }, + ], + logger: config?.logger ?? new smithy_client_1.NoOpLogger(), + serviceId: config?.serviceId ?? "SSO", + urlParser: config?.urlParser ?? url_parser_1.parseUrl, + utf8Decoder: config?.utf8Decoder ?? util_utf8_1.fromUtf8, + utf8Encoder: config?.utf8Encoder ?? util_utf8_1.toUtf8, + }; +}; +exports.getRuntimeConfig = getRuntimeConfig; -// src/lib/aws/partitions.json -var partitions_default = { - partitions: [{ - id: "aws", - outputs: { - dnsSuffix: "amazonaws.com", - dualStackDnsSuffix: "api.aws", - implicitGlobalRegion: "us-east-1", - name: "aws", - supportsDualStack: true, - supportsFIPS: true - }, - regionRegex: "^(us|eu|ap|sa|ca|me|af|il|mx)\\-\\w+\\-\\d+$", - regions: { - "af-south-1": { - description: "Africa (Cape Town)" - }, - "ap-east-1": { - description: "Asia Pacific (Hong Kong)" - }, - "ap-east-2": { - description: "Asia Pacific (Taipei)" - }, - "ap-northeast-1": { - description: "Asia Pacific (Tokyo)" - }, - "ap-northeast-2": { - description: "Asia Pacific (Seoul)" - }, - "ap-northeast-3": { - description: "Asia Pacific (Osaka)" - }, - "ap-south-1": { - description: "Asia Pacific (Mumbai)" - }, - "ap-south-2": { - description: "Asia Pacific (Hyderabad)" - }, - "ap-southeast-1": { - description: "Asia Pacific (Singapore)" - }, - "ap-southeast-2": { - description: "Asia Pacific (Sydney)" - }, - "ap-southeast-3": { - description: "Asia Pacific (Jakarta)" - }, - "ap-southeast-4": { - description: "Asia Pacific (Melbourne)" - }, - "ap-southeast-5": { - description: "Asia Pacific (Malaysia)" - }, - "ap-southeast-7": { - description: "Asia Pacific (Thailand)" - }, - "aws-global": { - description: "AWS Standard global region" - }, - "ca-central-1": { - description: "Canada (Central)" - }, - "ca-west-1": { - description: "Canada West (Calgary)" - }, - "eu-central-1": { - description: "Europe (Frankfurt)" - }, - "eu-central-2": { - description: "Europe (Zurich)" - }, - "eu-north-1": { - description: "Europe (Stockholm)" - }, - "eu-south-1": { - description: "Europe (Milan)" - }, - "eu-south-2": { - description: "Europe (Spain)" - }, - "eu-west-1": { - description: "Europe (Ireland)" - }, - "eu-west-2": { - description: "Europe (London)" - }, - "eu-west-3": { - description: "Europe (Paris)" - }, - "il-central-1": { - description: "Israel (Tel Aviv)" - }, - "me-central-1": { - description: "Middle East (UAE)" - }, - "me-south-1": { - description: "Middle East (Bahrain)" - }, - "mx-central-1": { - description: "Mexico (Central)" - }, - "sa-east-1": { - description: "South America (Sao Paulo)" - }, - "us-east-1": { - description: "US East (N. Virginia)" - }, - "us-east-2": { - description: "US East (Ohio)" - }, - "us-west-1": { - description: "US West (N. California)" - }, - "us-west-2": { - description: "US West (Oregon)" - } - } - }, { - id: "aws-cn", - outputs: { - dnsSuffix: "amazonaws.com.cn", - dualStackDnsSuffix: "api.amazonwebservices.com.cn", - implicitGlobalRegion: "cn-northwest-1", - name: "aws-cn", - supportsDualStack: true, - supportsFIPS: true - }, - regionRegex: "^cn\\-\\w+\\-\\d+$", - regions: { - "aws-cn-global": { - description: "AWS China global region" - }, - "cn-north-1": { - description: "China (Beijing)" - }, - "cn-northwest-1": { - description: "China (Ningxia)" - } - } - }, { - id: "aws-us-gov", - outputs: { - dnsSuffix: "amazonaws.com", - dualStackDnsSuffix: "api.aws", - implicitGlobalRegion: "us-gov-west-1", - name: "aws-us-gov", - supportsDualStack: true, - supportsFIPS: true - }, - regionRegex: "^us\\-gov\\-\\w+\\-\\d+$", - regions: { - "aws-us-gov-global": { - description: "AWS GovCloud (US) global region" - }, - "us-gov-east-1": { - description: "AWS GovCloud (US-East)" - }, - "us-gov-west-1": { - description: "AWS GovCloud (US-West)" - } - } - }, { - id: "aws-iso", - outputs: { - dnsSuffix: "c2s.ic.gov", - dualStackDnsSuffix: "c2s.ic.gov", - implicitGlobalRegion: "us-iso-east-1", - name: "aws-iso", - supportsDualStack: false, - supportsFIPS: true - }, - regionRegex: "^us\\-iso\\-\\w+\\-\\d+$", - regions: { - "aws-iso-global": { - description: "AWS ISO (US) global region" - }, - "us-iso-east-1": { - description: "US ISO East" - }, - "us-iso-west-1": { - description: "US ISO WEST" - } - } - }, { - id: "aws-iso-b", - outputs: { - dnsSuffix: "sc2s.sgov.gov", - dualStackDnsSuffix: "sc2s.sgov.gov", - implicitGlobalRegion: "us-isob-east-1", - name: "aws-iso-b", - supportsDualStack: false, - supportsFIPS: true - }, - regionRegex: "^us\\-isob\\-\\w+\\-\\d+$", - regions: { - "aws-iso-b-global": { - description: "AWS ISOB (US) global region" - }, - "us-isob-east-1": { - description: "US ISOB East (Ohio)" - } - } - }, { - id: "aws-iso-e", - outputs: { - dnsSuffix: "cloud.adc-e.uk", - dualStackDnsSuffix: "cloud.adc-e.uk", - implicitGlobalRegion: "eu-isoe-west-1", - name: "aws-iso-e", - supportsDualStack: false, - supportsFIPS: true - }, - regionRegex: "^eu\\-isoe\\-\\w+\\-\\d+$", - regions: { - "aws-iso-e-global": { - description: "AWS ISOE (Europe) global region" - }, - "eu-isoe-west-1": { - description: "EU ISOE West" - } - } - }, { - id: "aws-iso-f", - outputs: { - dnsSuffix: "csp.hci.ic.gov", - dualStackDnsSuffix: "csp.hci.ic.gov", - implicitGlobalRegion: "us-isof-south-1", - name: "aws-iso-f", - supportsDualStack: false, - supportsFIPS: true - }, - regionRegex: "^us\\-isof\\-\\w+\\-\\d+$", - regions: { - "aws-iso-f-global": { - description: "AWS ISOF global region" - }, - "us-isof-east-1": { - description: "US ISOF EAST" - }, - "us-isof-south-1": { - description: "US ISOF SOUTH" - } - } - }, { - id: "aws-eusc", - outputs: { - dnsSuffix: "amazonaws.eu", - dualStackDnsSuffix: "amazonaws.eu", - implicitGlobalRegion: "eusc-de-east-1", - name: "aws-eusc", - supportsDualStack: false, - supportsFIPS: true - }, - regionRegex: "^eusc\\-(de)\\-\\w+\\-\\d+$", - regions: { - "eusc-de-east-1": { - description: "EU (Germany)" - } - } - }], - version: "1.1" + +/***/ }), + +/***/ 2143: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +const tslib_1 = __nccwpck_require__(4351); +tslib_1.__exportStar(__nccwpck_require__(6510), exports); +tslib_1.__exportStar(__nccwpck_require__(3017), exports); +tslib_1.__exportStar(__nccwpck_require__(5743), exports); + + +/***/ }), + +/***/ 6510: +/***/ ((module) => { + +"use strict"; + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + } + return to; }; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -// src/lib/aws/partition.ts -var selectedPartitionsInfo = partitions_default; -var selectedUserAgentPrefix = ""; -var partition = /* @__PURE__ */ __name((value) => { - const { partitions } = selectedPartitionsInfo; - for (const partition2 of partitions) { - const { regions, outputs } = partition2; - for (const [region, regionData] of Object.entries(regions)) { - if (region === value) { - return { - ...outputs, - ...regionData - }; - } - } +// src/submodules/client/index.ts +var index_exports = {}; +__export(index_exports, { + emitWarningIfUnsupportedVersion: () => emitWarningIfUnsupportedVersion, + setCredentialFeature: () => setCredentialFeature, + setFeature: () => setFeature, + setTokenFeature: () => setTokenFeature, + state: () => state +}); +module.exports = __toCommonJS(index_exports); + +// src/submodules/client/emitWarningIfUnsupportedVersion.ts +var state = { + warningEmitted: false +}; +var emitWarningIfUnsupportedVersion = /* @__PURE__ */ __name((version) => { + if (version && !state.warningEmitted && parseInt(version.substring(1, version.indexOf("."))) < 18) { + state.warningEmitted = true; + process.emitWarning( + `NodeDeprecationWarning: The AWS SDK for JavaScript (v3) will +no longer support Node.js 16.x on January 6, 2025. + +To continue receiving updates to AWS services, bug fixes, and security +updates please upgrade to a supported Node.js LTS version. + +More information can be found at: https://a.co/74kJMmI` + ); } - for (const partition2 of partitions) { - const { regionRegex, outputs } = partition2; - if (new RegExp(regionRegex).test(value)) { - return { - ...outputs - }; - } +}, "emitWarningIfUnsupportedVersion"); + +// src/submodules/client/setCredentialFeature.ts +function setCredentialFeature(credentials, feature, value) { + if (!credentials.$source) { + credentials.$source = {}; } - const DEFAULT_PARTITION = partitions.find((partition2) => partition2.id === "aws"); - if (!DEFAULT_PARTITION) { - throw new Error( - "Provided region was not found in the partition array or regex, and default partition with id 'aws' doesn't exist." - ); + credentials.$source[feature] = value; + return credentials; +} +__name(setCredentialFeature, "setCredentialFeature"); + +// src/submodules/client/setFeature.ts +function setFeature(context, feature, value) { + if (!context.__aws_sdk_context) { + context.__aws_sdk_context = { + features: {} + }; + } else if (!context.__aws_sdk_context.features) { + context.__aws_sdk_context.features = {}; } - return { - ...DEFAULT_PARTITION.outputs - }; -}, "partition"); -var setPartitionInfo = /* @__PURE__ */ __name((partitionsInfo, userAgentPrefix = "") => { - selectedPartitionsInfo = partitionsInfo; - selectedUserAgentPrefix = userAgentPrefix; -}, "setPartitionInfo"); -var useDefaultPartitionInfo = /* @__PURE__ */ __name(() => { - setPartitionInfo(partitions_default, ""); -}, "useDefaultPartitionInfo"); -var getUserAgentPrefix = /* @__PURE__ */ __name(() => selectedUserAgentPrefix, "getUserAgentPrefix"); + context.__aws_sdk_context.features[feature] = value; +} +__name(setFeature, "setFeature"); -// src/aws.ts -var awsEndpointFunctions = { - isVirtualHostableS3Bucket, - parseArn, - partition -}; -import_util_endpoints.customEndpointFunctions.aws = awsEndpointFunctions; +// src/submodules/client/setTokenFeature.ts +function setTokenFeature(token, feature, value) { + if (!token.$source) { + token.$source = {}; + } + token.$source[feature] = value; + return token; +} +__name(setTokenFeature, "setTokenFeature"); +// Annotate the CommonJS export names for ESM import in node: +0 && (0); -// src/resolveEndpoint.ts +/***/ }), -// src/types/EndpointError.ts +/***/ 3017: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; -// src/types/EndpointRuleObject.ts +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + } + return to; +}; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); +// src/submodules/httpAuthSchemes/index.ts +var index_exports = {}; +__export(index_exports, { + AWSSDKSigV4Signer: () => AWSSDKSigV4Signer, + AwsSdkSigV4ASigner: () => AwsSdkSigV4ASigner, + AwsSdkSigV4Signer: () => AwsSdkSigV4Signer, + NODE_AUTH_SCHEME_PREFERENCE_OPTIONS: () => NODE_AUTH_SCHEME_PREFERENCE_OPTIONS, + NODE_SIGV4A_CONFIG_OPTIONS: () => NODE_SIGV4A_CONFIG_OPTIONS, + getBearerTokenEnvKey: () => getBearerTokenEnvKey, + resolveAWSSDKSigV4Config: () => resolveAWSSDKSigV4Config, + resolveAwsSdkSigV4AConfig: () => resolveAwsSdkSigV4AConfig, + resolveAwsSdkSigV4Config: () => resolveAwsSdkSigV4Config, + validateSigningProperties: () => validateSigningProperties +}); +module.exports = __toCommonJS(index_exports); -// src/types/ErrorRuleObject.ts +// src/submodules/httpAuthSchemes/aws_sdk/AwsSdkSigV4Signer.ts +var import_protocol_http2 = __nccwpck_require__(4418); +// src/submodules/httpAuthSchemes/utils/getDateHeader.ts +var import_protocol_http = __nccwpck_require__(4418); +var getDateHeader = /* @__PURE__ */ __name((response) => import_protocol_http.HttpResponse.isInstance(response) ? response.headers?.date ?? response.headers?.Date : void 0, "getDateHeader"); -// src/types/RuleSetObject.ts +// src/submodules/httpAuthSchemes/utils/getSkewCorrectedDate.ts +var getSkewCorrectedDate = /* @__PURE__ */ __name((systemClockOffset) => new Date(Date.now() + systemClockOffset), "getSkewCorrectedDate"); +// src/submodules/httpAuthSchemes/utils/isClockSkewed.ts +var isClockSkewed = /* @__PURE__ */ __name((clockTime, systemClockOffset) => Math.abs(getSkewCorrectedDate(systemClockOffset).getTime() - clockTime) >= 3e5, "isClockSkewed"); -// src/types/TreeRuleObject.ts +// src/submodules/httpAuthSchemes/utils/getUpdatedSystemClockOffset.ts +var getUpdatedSystemClockOffset = /* @__PURE__ */ __name((clockTime, currentSystemClockOffset) => { + const clockTimeInMs = Date.parse(clockTime); + if (isClockSkewed(clockTimeInMs, currentSystemClockOffset)) { + return clockTimeInMs - Date.now(); + } + return currentSystemClockOffset; +}, "getUpdatedSystemClockOffset"); + +// src/submodules/httpAuthSchemes/aws_sdk/AwsSdkSigV4Signer.ts +var throwSigningPropertyError = /* @__PURE__ */ __name((name, property) => { + if (!property) { + throw new Error(`Property \`${name}\` is not resolved for AWS SDK SigV4Auth`); + } + return property; +}, "throwSigningPropertyError"); +var validateSigningProperties = /* @__PURE__ */ __name(async (signingProperties) => { + const context = throwSigningPropertyError( + "context", + signingProperties.context + ); + const config = throwSigningPropertyError("config", signingProperties.config); + const authScheme = context.endpointV2?.properties?.authSchemes?.[0]; + const signerFunction = throwSigningPropertyError( + "signer", + config.signer + ); + const signer = await signerFunction(authScheme); + const signingRegion = signingProperties?.signingRegion; + const signingRegionSet = signingProperties?.signingRegionSet; + const signingName = signingProperties?.signingName; + return { + config, + signer, + signingRegion, + signingRegionSet, + signingName + }; +}, "validateSigningProperties"); +var AwsSdkSigV4Signer = class { + static { + __name(this, "AwsSdkSigV4Signer"); + } + async sign(httpRequest, identity, signingProperties) { + if (!import_protocol_http2.HttpRequest.isInstance(httpRequest)) { + throw new Error("The request is not an instance of `HttpRequest` and cannot be signed"); + } + const validatedProps = await validateSigningProperties(signingProperties); + const { config, signer } = validatedProps; + let { signingRegion, signingName } = validatedProps; + const handlerExecutionContext = signingProperties.context; + if (handlerExecutionContext?.authSchemes?.length ?? 0 > 1) { + const [first, second] = handlerExecutionContext.authSchemes; + if (first?.name === "sigv4a" && second?.name === "sigv4") { + signingRegion = second?.signingRegion ?? signingRegion; + signingName = second?.signingName ?? signingName; + } + } + const signedRequest = await signer.sign(httpRequest, { + signingDate: getSkewCorrectedDate(config.systemClockOffset), + signingRegion, + signingService: signingName + }); + return signedRequest; + } + errorHandler(signingProperties) { + return (error) => { + const serverTime = error.ServerTime ?? getDateHeader(error.$response); + if (serverTime) { + const config = throwSigningPropertyError("config", signingProperties.config); + const initialSystemClockOffset = config.systemClockOffset; + config.systemClockOffset = getUpdatedSystemClockOffset(serverTime, config.systemClockOffset); + const clockSkewCorrected = config.systemClockOffset !== initialSystemClockOffset; + if (clockSkewCorrected && error.$metadata) { + error.$metadata.clockSkewCorrected = true; + } + } + throw error; + }; + } + successHandler(httpResponse, signingProperties) { + const dateHeader = getDateHeader(httpResponse); + if (dateHeader) { + const config = throwSigningPropertyError("config", signingProperties.config); + config.systemClockOffset = getUpdatedSystemClockOffset(dateHeader, config.systemClockOffset); + } + } +}; +var AWSSDKSigV4Signer = AwsSdkSigV4Signer; + +// src/submodules/httpAuthSchemes/aws_sdk/AwsSdkSigV4ASigner.ts +var import_protocol_http3 = __nccwpck_require__(4418); +var AwsSdkSigV4ASigner = class extends AwsSdkSigV4Signer { + static { + __name(this, "AwsSdkSigV4ASigner"); + } + async sign(httpRequest, identity, signingProperties) { + if (!import_protocol_http3.HttpRequest.isInstance(httpRequest)) { + throw new Error("The request is not an instance of `HttpRequest` and cannot be signed"); + } + const { config, signer, signingRegion, signingRegionSet, signingName } = await validateSigningProperties( + signingProperties + ); + const configResolvedSigningRegionSet = await config.sigv4aSigningRegionSet?.(); + const multiRegionOverride = (configResolvedSigningRegionSet ?? signingRegionSet ?? [signingRegion]).join(","); + const signedRequest = await signer.sign(httpRequest, { + signingDate: getSkewCorrectedDate(config.systemClockOffset), + signingRegion: multiRegionOverride, + signingService: signingName + }); + return signedRequest; + } +}; + +// src/submodules/httpAuthSchemes/utils/getArrayForCommaSeparatedString.ts +var getArrayForCommaSeparatedString = /* @__PURE__ */ __name((str) => typeof str === "string" && str.length > 0 ? str.split(",").map((item) => item.trim()) : [], "getArrayForCommaSeparatedString"); +// src/submodules/httpAuthSchemes/utils/getBearerTokenEnvKey.ts +var getBearerTokenEnvKey = /* @__PURE__ */ __name((signingName) => `AWS_BEARER_TOKEN_${signingName.replace(/[\s-]/g, "_").toUpperCase()}`, "getBearerTokenEnvKey"); -// src/types/shared.ts +// src/submodules/httpAuthSchemes/aws_sdk/NODE_AUTH_SCHEME_PREFERENCE_OPTIONS.ts +var NODE_AUTH_SCHEME_PREFERENCE_ENV_KEY = "AWS_AUTH_SCHEME_PREFERENCE"; +var NODE_AUTH_SCHEME_PREFERENCE_CONFIG_KEY = "auth_scheme_preference"; +var NODE_AUTH_SCHEME_PREFERENCE_OPTIONS = { + /** + * Retrieves auth scheme preference from environment variables + * @param env - Node process environment object + * @returns Array of auth scheme strings if preference is set, undefined otherwise + */ + environmentVariableSelector: /* @__PURE__ */ __name((env, options) => { + if (options?.signingName) { + const bearerTokenKey = getBearerTokenEnvKey(options.signingName); + if (bearerTokenKey in env) return ["httpBearerAuth"]; + } + if (!(NODE_AUTH_SCHEME_PREFERENCE_ENV_KEY in env)) return void 0; + return getArrayForCommaSeparatedString(env[NODE_AUTH_SCHEME_PREFERENCE_ENV_KEY]); + }, "environmentVariableSelector"), + /** + * Retrieves auth scheme preference from config file + * @param profile - Config profile object + * @returns Array of auth scheme strings if preference is set, undefined otherwise + */ + configFileSelector: /* @__PURE__ */ __name((profile) => { + if (!(NODE_AUTH_SCHEME_PREFERENCE_CONFIG_KEY in profile)) return void 0; + return getArrayForCommaSeparatedString(profile[NODE_AUTH_SCHEME_PREFERENCE_CONFIG_KEY]); + }, "configFileSelector"), + /** + * Default auth scheme preference if not specified in environment or config + */ + default: [] +}; + +// src/submodules/httpAuthSchemes/aws_sdk/resolveAwsSdkSigV4AConfig.ts +var import_core = __nccwpck_require__(5829); +var import_property_provider = __nccwpck_require__(9721); +var resolveAwsSdkSigV4AConfig = /* @__PURE__ */ __name((config) => { + config.sigv4aSigningRegionSet = (0, import_core.normalizeProvider)(config.sigv4aSigningRegionSet); + return config; +}, "resolveAwsSdkSigV4AConfig"); +var NODE_SIGV4A_CONFIG_OPTIONS = { + environmentVariableSelector(env) { + if (env.AWS_SIGV4A_SIGNING_REGION_SET) { + return env.AWS_SIGV4A_SIGNING_REGION_SET.split(",").map((_) => _.trim()); + } + throw new import_property_provider.ProviderError("AWS_SIGV4A_SIGNING_REGION_SET not set in env.", { + tryNextLink: true + }); + }, + configFileSelector(profile) { + if (profile.sigv4a_signing_region_set) { + return (profile.sigv4a_signing_region_set ?? "").split(",").map((_) => _.trim()); + } + throw new import_property_provider.ProviderError("sigv4a_signing_region_set not set in profile.", { + tryNextLink: true + }); + }, + default: void 0 +}; +// src/submodules/httpAuthSchemes/aws_sdk/resolveAwsSdkSigV4Config.ts +var import_client = __nccwpck_require__(6510); +var import_core2 = __nccwpck_require__(5829); +var import_signature_v4 = __nccwpck_require__(1528); +var resolveAwsSdkSigV4Config = /* @__PURE__ */ __name((config) => { + let inputCredentials = config.credentials; + let isUserSupplied = !!config.credentials; + let resolvedCredentials = void 0; + Object.defineProperty(config, "credentials", { + set(credentials) { + if (credentials && credentials !== inputCredentials && credentials !== resolvedCredentials) { + isUserSupplied = true; + } + inputCredentials = credentials; + const memoizedProvider = normalizeCredentialProvider(config, { + credentials: inputCredentials, + credentialDefaultProvider: config.credentialDefaultProvider + }); + const boundProvider = bindCallerConfig(config, memoizedProvider); + if (isUserSupplied && !boundProvider.attributed) { + resolvedCredentials = /* @__PURE__ */ __name(async (options) => boundProvider(options).then( + (creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_CODE", "e") + ), "resolvedCredentials"); + resolvedCredentials.memoized = boundProvider.memoized; + resolvedCredentials.configBound = boundProvider.configBound; + resolvedCredentials.attributed = true; + } else { + resolvedCredentials = boundProvider; + } + }, + get() { + return resolvedCredentials; + }, + enumerable: true, + configurable: true + }); + config.credentials = inputCredentials; + const { + // Default for signingEscapePath + signingEscapePath = true, + // Default for systemClockOffset + systemClockOffset = config.systemClockOffset || 0, + // No default for sha256 since it is platform dependent + sha256 + } = config; + let signer; + if (config.signer) { + signer = (0, import_core2.normalizeProvider)(config.signer); + } else if (config.regionInfoProvider) { + signer = /* @__PURE__ */ __name(() => (0, import_core2.normalizeProvider)(config.region)().then( + async (region) => [ + await config.regionInfoProvider(region, { + useFipsEndpoint: await config.useFipsEndpoint(), + useDualstackEndpoint: await config.useDualstackEndpoint() + }) || {}, + region + ] + ).then(([regionInfo, region]) => { + const { signingRegion, signingService } = regionInfo; + config.signingRegion = config.signingRegion || signingRegion || region; + config.signingName = config.signingName || signingService || config.serviceId; + const params = { + ...config, + credentials: config.credentials, + region: config.signingRegion, + service: config.signingName, + sha256, + uriEscapePath: signingEscapePath + }; + const SignerCtor = config.signerConstructor || import_signature_v4.SignatureV4; + return new SignerCtor(params); + }), "signer"); + } else { + signer = /* @__PURE__ */ __name(async (authScheme) => { + authScheme = Object.assign( + {}, + { + name: "sigv4", + signingName: config.signingName || config.defaultSigningName, + signingRegion: await (0, import_core2.normalizeProvider)(config.region)(), + properties: {} + }, + authScheme + ); + const signingRegion = authScheme.signingRegion; + const signingService = authScheme.signingName; + config.signingRegion = config.signingRegion || signingRegion; + config.signingName = config.signingName || signingService || config.serviceId; + const params = { + ...config, + credentials: config.credentials, + region: config.signingRegion, + service: config.signingName, + sha256, + uriEscapePath: signingEscapePath + }; + const SignerCtor = config.signerConstructor || import_signature_v4.SignatureV4; + return new SignerCtor(params); + }, "signer"); + } + const resolvedConfig = Object.assign(config, { + systemClockOffset, + signingEscapePath, + signer + }); + return resolvedConfig; +}, "resolveAwsSdkSigV4Config"); +var resolveAWSSDKSigV4Config = resolveAwsSdkSigV4Config; +function normalizeCredentialProvider(config, { + credentials, + credentialDefaultProvider +}) { + let credentialsProvider; + if (credentials) { + if (!credentials?.memoized) { + credentialsProvider = (0, import_core2.memoizeIdentityProvider)(credentials, import_core2.isIdentityExpired, import_core2.doesIdentityRequireRefresh); + } else { + credentialsProvider = credentials; + } + } else { + if (credentialDefaultProvider) { + credentialsProvider = (0, import_core2.normalizeProvider)( + credentialDefaultProvider( + Object.assign({}, config, { + parentClientConfig: config + }) + ) + ); + } else { + credentialsProvider = /* @__PURE__ */ __name(async () => { + throw new Error( + "@aws-sdk/core::resolveAwsSdkSigV4Config - `credentials` not provided and no credentialDefaultProvider was configured." + ); + }, "credentialsProvider"); + } + } + credentialsProvider.memoized = true; + return credentialsProvider; +} +__name(normalizeCredentialProvider, "normalizeCredentialProvider"); +function bindCallerConfig(config, credentialsProvider) { + if (credentialsProvider.configBound) { + return credentialsProvider; + } + const fn = /* @__PURE__ */ __name(async (options) => credentialsProvider({ ...options, callerClientConfig: config }), "fn"); + fn.memoized = credentialsProvider.memoized; + fn.configBound = true; + return fn; +} +__name(bindCallerConfig, "bindCallerConfig"); // Annotate the CommonJS export names for ESM import in node: - 0 && (0); - /***/ }), -/***/ 5380: +/***/ 5743: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; @@ -27842,2688 +35831,3152 @@ var __copyProps = (to, from, except, desc) => { }; var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -// src/index.ts +// src/submodules/protocols/index.ts var index_exports = {}; __export(index_exports, { - NODE_APP_ID_CONFIG_OPTIONS: () => NODE_APP_ID_CONFIG_OPTIONS, - UA_APP_ID_ENV_NAME: () => UA_APP_ID_ENV_NAME, - UA_APP_ID_INI_NAME: () => UA_APP_ID_INI_NAME, - createDefaultUserAgentProvider: () => createDefaultUserAgentProvider, - crtAvailability: () => crtAvailability, - defaultUserAgent: () => defaultUserAgent + AwsEc2QueryProtocol: () => AwsEc2QueryProtocol, + AwsJson1_0Protocol: () => AwsJson1_0Protocol, + AwsJson1_1Protocol: () => AwsJson1_1Protocol, + AwsJsonRpcProtocol: () => AwsJsonRpcProtocol, + AwsQueryProtocol: () => AwsQueryProtocol, + AwsRestJsonProtocol: () => AwsRestJsonProtocol, + AwsRestXmlProtocol: () => AwsRestXmlProtocol, + JsonCodec: () => JsonCodec, + JsonShapeDeserializer: () => JsonShapeDeserializer, + JsonShapeSerializer: () => JsonShapeSerializer, + XmlCodec: () => XmlCodec, + XmlShapeDeserializer: () => XmlShapeDeserializer, + XmlShapeSerializer: () => XmlShapeSerializer, + _toBool: () => _toBool, + _toNum: () => _toNum, + _toStr: () => _toStr, + awsExpectUnion: () => awsExpectUnion, + loadRestJsonErrorCode: () => loadRestJsonErrorCode, + loadRestXmlErrorCode: () => loadRestXmlErrorCode, + parseJsonBody: () => parseJsonBody, + parseJsonErrorBody: () => parseJsonErrorBody, + parseXmlBody: () => parseXmlBody, + parseXmlErrorBody: () => parseXmlErrorBody }); module.exports = __toCommonJS(index_exports); -// src/defaultUserAgent.ts -var import_os = __nccwpck_require__(2037); -var import_process = __nccwpck_require__(7282); - -// src/crt-availability.ts -var crtAvailability = { - isCrtAvailable: false -}; - -// src/is-crt-available.ts -var isCrtAvailable = /* @__PURE__ */ __name(() => { - if (crtAvailability.isCrtAvailable) { - return ["md/crt-avail"]; +// src/submodules/protocols/coercing-serializers.ts +var _toStr = /* @__PURE__ */ __name((val) => { + if (val == null) { + return val; } - return null; -}, "isCrtAvailable"); - -// src/defaultUserAgent.ts -var createDefaultUserAgentProvider = /* @__PURE__ */ __name(({ serviceId, clientVersion }) => { - return async (config) => { - const sections = [ - // sdk-metadata - ["aws-sdk-js", clientVersion], - // ua-metadata - ["ua", "2.1"], - // os-metadata - [`os/${(0, import_os.platform)()}`, (0, import_os.release)()], - // language-metadata - // ECMAScript edition doesn't matter in JS, so no version needed. - ["lang/js"], - ["md/nodejs", `${import_process.versions.node}`] - ]; - const crtAvailable = isCrtAvailable(); - if (crtAvailable) { - sections.push(crtAvailable); - } - if (serviceId) { - sections.push([`api/${serviceId}`, clientVersion]); + if (typeof val === "number" || typeof val === "bigint") { + const warning = new Error(`Received number ${val} where a string was expected.`); + warning.name = "Warning"; + console.warn(warning); + return String(val); + } + if (typeof val === "boolean") { + const warning = new Error(`Received boolean ${val} where a string was expected.`); + warning.name = "Warning"; + console.warn(warning); + return String(val); + } + return val; +}, "_toStr"); +var _toBool = /* @__PURE__ */ __name((val) => { + if (val == null) { + return val; + } + if (typeof val === "number") { + } + if (typeof val === "string") { + const lowercase = val.toLowerCase(); + if (val !== "" && lowercase !== "false" && lowercase !== "true") { + const warning = new Error(`Received string "${val}" where a boolean was expected.`); + warning.name = "Warning"; + console.warn(warning); } - if (import_process.env.AWS_EXECUTION_ENV) { - sections.push([`exec-env/${import_process.env.AWS_EXECUTION_ENV}`]); + return val !== "" && lowercase !== "false"; + } + return val; +}, "_toBool"); +var _toNum = /* @__PURE__ */ __name((val) => { + if (val == null) { + return val; + } + if (typeof val === "boolean") { + } + if (typeof val === "string") { + const num = Number(val); + if (num.toString() !== val) { + const warning = new Error(`Received string "${val}" where a number was expected.`); + warning.name = "Warning"; + console.warn(warning); + return val; } - const appId = await config?.userAgentAppId?.(); - const resolvedUserAgent = appId ? [...sections, [`app/${appId}`]] : [...sections]; - return resolvedUserAgent; - }; -}, "createDefaultUserAgentProvider"); -var defaultUserAgent = createDefaultUserAgentProvider; - -// src/nodeAppIdConfigOptions.ts -var import_middleware_user_agent = __nccwpck_require__(3030); -var UA_APP_ID_ENV_NAME = "AWS_SDK_UA_APP_ID"; -var UA_APP_ID_INI_NAME = "sdk_ua_app_id"; -var UA_APP_ID_INI_NAME_DEPRECATED = "sdk-ua-app-id"; -var NODE_APP_ID_CONFIG_OPTIONS = { - environmentVariableSelector: /* @__PURE__ */ __name((env2) => env2[UA_APP_ID_ENV_NAME], "environmentVariableSelector"), - configFileSelector: /* @__PURE__ */ __name((profile) => profile[UA_APP_ID_INI_NAME] ?? profile[UA_APP_ID_INI_NAME_DEPRECATED], "configFileSelector"), - default: import_middleware_user_agent.DEFAULT_UA_APP_ID -}; -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - + return num; + } + return val; +}, "_toNum"); -/***/ }), +// src/submodules/protocols/json/AwsJsonRpcProtocol.ts +var import_protocols = __nccwpck_require__(2241); +var import_schema3 = __nccwpck_require__(9826); +var import_util_body_length_browser = __nccwpck_require__(713); -/***/ 9344: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { +// src/submodules/protocols/ConfigurableSerdeContext.ts +var SerdeContextConfig = class { + static { + __name(this, "SerdeContextConfig"); + } + serdeContext; + setSerdeContext(serdeContext) { + this.serdeContext = serdeContext; + } +}; -"use strict"; +// src/submodules/protocols/json/JsonShapeDeserializer.ts +var import_schema = __nccwpck_require__(9826); +var import_serde2 = __nccwpck_require__(7669); +var import_util_base64 = __nccwpck_require__(5600); -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.resolveHttpAuthSchemeConfig = exports.defaultSSOHttpAuthSchemeProvider = exports.defaultSSOHttpAuthSchemeParametersProvider = void 0; -const core_1 = __nccwpck_require__(9963); -const util_middleware_1 = __nccwpck_require__(2390); -const defaultSSOHttpAuthSchemeParametersProvider = async (config, context, input) => { - return { - operation: (0, util_middleware_1.getSmithyContext)(context).operation, - region: (await (0, util_middleware_1.normalizeProvider)(config.region)()) || - (() => { - throw new Error("expected `region` to be configured for `aws.auth#sigv4`"); - })(), - }; -}; -exports.defaultSSOHttpAuthSchemeParametersProvider = defaultSSOHttpAuthSchemeParametersProvider; -function createAwsAuthSigv4HttpAuthOption(authParameters) { - return { - schemeId: "aws.auth#sigv4", - signingProperties: { - name: "awsssoportal", - region: authParameters.region, - }, - propertiesExtractor: (config, context) => ({ - signingProperties: { - config, - context, - }, - }), - }; -} -function createSmithyApiNoAuthHttpAuthOption(authParameters) { - return { - schemeId: "smithy.api#noAuth", - }; -} -const defaultSSOHttpAuthSchemeProvider = (authParameters) => { - const options = []; - switch (authParameters.operation) { - case "GetRoleCredentials": { - options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); - break; - } - case "ListAccountRoles": { - options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); - break; - } - case "ListAccounts": { - options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); - break; - } - case "Logout": { - options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); - break; - } - default: { - options.push(createAwsAuthSigv4HttpAuthOption(authParameters)); +// src/submodules/protocols/json/jsonReviver.ts +var import_serde = __nccwpck_require__(7669); +function jsonReviver(key, value, context) { + if (context?.source) { + const numericString = context.source; + if (typeof value === "number") { + if (value > Number.MAX_SAFE_INTEGER || value < Number.MIN_SAFE_INTEGER || numericString !== String(value)) { + const isFractional = numericString.includes("."); + if (isFractional) { + return new import_serde.NumericValue(numericString, "bigDecimal"); + } else { + return BigInt(numericString); } + } } - return options; -}; -exports.defaultSSOHttpAuthSchemeProvider = defaultSSOHttpAuthSchemeProvider; -const resolveHttpAuthSchemeConfig = (config) => { - const config_0 = (0, core_1.resolveAwsSdkSigV4Config)(config); - return Object.assign(config_0, { - authSchemePreference: (0, util_middleware_1.normalizeProvider)(config.authSchemePreference ?? []), - }); -}; -exports.resolveHttpAuthSchemeConfig = resolveHttpAuthSchemeConfig; - - -/***/ }), - -/***/ 898: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.defaultEndpointResolver = void 0; -const util_endpoints_1 = __nccwpck_require__(3350); -const util_endpoints_2 = __nccwpck_require__(5473); -const ruleset_1 = __nccwpck_require__(3341); -const cache = new util_endpoints_2.EndpointCache({ - size: 50, - params: ["Endpoint", "Region", "UseDualStack", "UseFIPS"], -}); -const defaultEndpointResolver = (endpointParams, context = {}) => { - return cache.get(endpointParams, () => (0, util_endpoints_2.resolveEndpoint)(ruleset_1.ruleSet, { - endpointParams: endpointParams, - logger: context.logger, - })); -}; -exports.defaultEndpointResolver = defaultEndpointResolver; -util_endpoints_2.customEndpointFunctions.aws = util_endpoints_1.awsEndpointFunctions; - - -/***/ }), - -/***/ 3341: -/***/ ((__unused_webpack_module, exports) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.ruleSet = void 0; -const u = "required", v = "fn", w = "argv", x = "ref"; -const a = true, b = "isSet", c = "booleanEquals", d = "error", e = "endpoint", f = "tree", g = "PartitionResult", h = "getAttr", i = { [u]: false, "type": "String" }, j = { [u]: true, "default": false, "type": "Boolean" }, k = { [x]: "Endpoint" }, l = { [v]: c, [w]: [{ [x]: "UseFIPS" }, true] }, m = { [v]: c, [w]: [{ [x]: "UseDualStack" }, true] }, n = {}, o = { [v]: h, [w]: [{ [x]: g }, "supportsFIPS"] }, p = { [x]: g }, q = { [v]: c, [w]: [true, { [v]: h, [w]: [p, "supportsDualStack"] }] }, r = [l], s = [m], t = [{ [x]: "Region" }]; -const _data = { version: "1.0", parameters: { Region: i, UseDualStack: j, UseFIPS: j, Endpoint: i }, rules: [{ conditions: [{ [v]: b, [w]: [k] }], rules: [{ conditions: r, error: "Invalid Configuration: FIPS and custom endpoint are not supported", type: d }, { conditions: s, error: "Invalid Configuration: Dualstack and custom endpoint are not supported", type: d }, { endpoint: { url: k, properties: n, headers: n }, type: e }], type: f }, { conditions: [{ [v]: b, [w]: t }], rules: [{ conditions: [{ [v]: "aws.partition", [w]: t, assign: g }], rules: [{ conditions: [l, m], rules: [{ conditions: [{ [v]: c, [w]: [a, o] }, q], rules: [{ endpoint: { url: "https://portal.sso-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: n, headers: n }, type: e }], type: f }, { error: "FIPS and DualStack are enabled, but this partition does not support one or both", type: d }], type: f }, { conditions: r, rules: [{ conditions: [{ [v]: c, [w]: [o, a] }], rules: [{ conditions: [{ [v]: "stringEquals", [w]: [{ [v]: h, [w]: [p, "name"] }, "aws-us-gov"] }], endpoint: { url: "https://portal.sso.{Region}.amazonaws.com", properties: n, headers: n }, type: e }, { endpoint: { url: "https://portal.sso-fips.{Region}.{PartitionResult#dnsSuffix}", properties: n, headers: n }, type: e }], type: f }, { error: "FIPS is enabled but this partition does not support FIPS", type: d }], type: f }, { conditions: s, rules: [{ conditions: [q], rules: [{ endpoint: { url: "https://portal.sso.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: n, headers: n }, type: e }], type: f }, { error: "DualStack is enabled but this partition does not support DualStack", type: d }], type: f }, { endpoint: { url: "https://portal.sso.{Region}.{PartitionResult#dnsSuffix}", properties: n, headers: n }, type: e }], type: f }], type: f }, { error: "Invalid Configuration: Missing Region", type: d }] }; -exports.ruleSet = _data; - - -/***/ }), - -/***/ 2666: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - GetRoleCredentialsCommand: () => GetRoleCredentialsCommand, - GetRoleCredentialsRequestFilterSensitiveLog: () => GetRoleCredentialsRequestFilterSensitiveLog, - GetRoleCredentialsResponseFilterSensitiveLog: () => GetRoleCredentialsResponseFilterSensitiveLog, - InvalidRequestException: () => InvalidRequestException, - ListAccountRolesCommand: () => ListAccountRolesCommand, - ListAccountRolesRequestFilterSensitiveLog: () => ListAccountRolesRequestFilterSensitiveLog, - ListAccountsCommand: () => ListAccountsCommand, - ListAccountsRequestFilterSensitiveLog: () => ListAccountsRequestFilterSensitiveLog, - LogoutCommand: () => LogoutCommand, - LogoutRequestFilterSensitiveLog: () => LogoutRequestFilterSensitiveLog, - ResourceNotFoundException: () => ResourceNotFoundException, - RoleCredentialsFilterSensitiveLog: () => RoleCredentialsFilterSensitiveLog, - SSO: () => SSO, - SSOClient: () => SSOClient, - SSOServiceException: () => SSOServiceException, - TooManyRequestsException: () => TooManyRequestsException, - UnauthorizedException: () => UnauthorizedException, - __Client: () => import_smithy_client.Client, - paginateListAccountRoles: () => paginateListAccountRoles, - paginateListAccounts: () => paginateListAccounts -}); -module.exports = __toCommonJS(index_exports); - -// src/SSOClient.ts -var import_middleware_host_header = __nccwpck_require__(2545); -var import_middleware_logger = __nccwpck_require__(14); -var import_middleware_recursion_detection = __nccwpck_require__(5525); -var import_middleware_user_agent = __nccwpck_require__(4688); -var import_config_resolver = __nccwpck_require__(3098); -var import_core = __nccwpck_require__(5829); -var import_middleware_content_length = __nccwpck_require__(2800); -var import_middleware_endpoint = __nccwpck_require__(2918); -var import_middleware_retry = __nccwpck_require__(6039); - -var import_httpAuthSchemeProvider = __nccwpck_require__(9344); - -// src/endpoint/EndpointParameters.ts -var resolveClientEndpointParameters = /* @__PURE__ */ __name((options) => { - return Object.assign(options, { - useDualstackEndpoint: options.useDualstackEndpoint ?? false, - useFipsEndpoint: options.useFipsEndpoint ?? false, - defaultSigningName: "awsssoportal" - }); -}, "resolveClientEndpointParameters"); -var commonParams = { - UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, - Endpoint: { type: "builtInParams", name: "endpoint" }, - Region: { type: "builtInParams", name: "region" }, - UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" } -}; - -// src/SSOClient.ts -var import_runtimeConfig = __nccwpck_require__(9756); + return value; +} +__name(jsonReviver, "jsonReviver"); -// src/runtimeExtensions.ts -var import_region_config_resolver = __nccwpck_require__(8156); -var import_protocol_http = __nccwpck_require__(4418); +// src/submodules/protocols/common.ts var import_smithy_client = __nccwpck_require__(3570); +var collectBodyString = /* @__PURE__ */ __name((streamBody, context) => (0, import_smithy_client.collectBody)(streamBody, context).then((body) => context.utf8Encoder(body)), "collectBodyString"); -// src/auth/httpAuthExtensionConfiguration.ts -var getHttpAuthExtensionConfiguration = /* @__PURE__ */ __name((runtimeConfig) => { - const _httpAuthSchemes = runtimeConfig.httpAuthSchemes; - let _httpAuthSchemeProvider = runtimeConfig.httpAuthSchemeProvider; - let _credentials = runtimeConfig.credentials; - return { - setHttpAuthScheme(httpAuthScheme) { - const index = _httpAuthSchemes.findIndex((scheme) => scheme.schemeId === httpAuthScheme.schemeId); - if (index === -1) { - _httpAuthSchemes.push(httpAuthScheme); - } else { - _httpAuthSchemes.splice(index, 1, httpAuthScheme); +// src/submodules/protocols/json/parseJsonBody.ts +var parseJsonBody = /* @__PURE__ */ __name((streamBody, context) => collectBodyString(streamBody, context).then((encoded) => { + if (encoded.length) { + try { + return JSON.parse(encoded); + } catch (e) { + if (e?.name === "SyntaxError") { + Object.defineProperty(e, "$responseBodyText", { + value: encoded + }); } - }, - httpAuthSchemes() { - return _httpAuthSchemes; - }, - setHttpAuthSchemeProvider(httpAuthSchemeProvider) { - _httpAuthSchemeProvider = httpAuthSchemeProvider; - }, - httpAuthSchemeProvider() { - return _httpAuthSchemeProvider; - }, - setCredentials(credentials) { - _credentials = credentials; - }, - credentials() { - return _credentials; + throw e; } - }; -}, "getHttpAuthExtensionConfiguration"); -var resolveHttpAuthRuntimeConfig = /* @__PURE__ */ __name((config) => { - return { - httpAuthSchemes: config.httpAuthSchemes(), - httpAuthSchemeProvider: config.httpAuthSchemeProvider(), - credentials: config.credentials() - }; -}, "resolveHttpAuthRuntimeConfig"); - -// src/runtimeExtensions.ts -var resolveRuntimeExtensions = /* @__PURE__ */ __name((runtimeConfig, extensions) => { - const extensionConfiguration = Object.assign( - (0, import_region_config_resolver.getAwsRegionExtensionConfiguration)(runtimeConfig), - (0, import_smithy_client.getDefaultExtensionConfiguration)(runtimeConfig), - (0, import_protocol_http.getHttpHandlerExtensionConfiguration)(runtimeConfig), - getHttpAuthExtensionConfiguration(runtimeConfig) - ); - extensions.forEach((extension) => extension.configure(extensionConfiguration)); - return Object.assign( - runtimeConfig, - (0, import_region_config_resolver.resolveAwsRegionExtensionConfiguration)(extensionConfiguration), - (0, import_smithy_client.resolveDefaultRuntimeConfig)(extensionConfiguration), - (0, import_protocol_http.resolveHttpHandlerRuntimeConfig)(extensionConfiguration), - resolveHttpAuthRuntimeConfig(extensionConfiguration) - ); -}, "resolveRuntimeExtensions"); - -// src/SSOClient.ts -var SSOClient = class extends import_smithy_client.Client { - static { - __name(this, "SSOClient"); } - /** - * The resolved configuration of SSOClient class. This is resolved and normalized from the {@link SSOClientConfig | constructor configuration interface}. - */ - config; - constructor(...[configuration]) { - const _config_0 = (0, import_runtimeConfig.getRuntimeConfig)(configuration || {}); - super(_config_0); - this.initConfig = _config_0; - const _config_1 = resolveClientEndpointParameters(_config_0); - const _config_2 = (0, import_middleware_user_agent.resolveUserAgentConfig)(_config_1); - const _config_3 = (0, import_middleware_retry.resolveRetryConfig)(_config_2); - const _config_4 = (0, import_config_resolver.resolveRegionConfig)(_config_3); - const _config_5 = (0, import_middleware_host_header.resolveHostHeaderConfig)(_config_4); - const _config_6 = (0, import_middleware_endpoint.resolveEndpointConfig)(_config_5); - const _config_7 = (0, import_httpAuthSchemeProvider.resolveHttpAuthSchemeConfig)(_config_6); - const _config_8 = resolveRuntimeExtensions(_config_7, configuration?.extensions || []); - this.config = _config_8; - this.middlewareStack.use((0, import_middleware_user_agent.getUserAgentPlugin)(this.config)); - this.middlewareStack.use((0, import_middleware_retry.getRetryPlugin)(this.config)); - this.middlewareStack.use((0, import_middleware_content_length.getContentLengthPlugin)(this.config)); - this.middlewareStack.use((0, import_middleware_host_header.getHostHeaderPlugin)(this.config)); - this.middlewareStack.use((0, import_middleware_logger.getLoggerPlugin)(this.config)); - this.middlewareStack.use((0, import_middleware_recursion_detection.getRecursionDetectionPlugin)(this.config)); - this.middlewareStack.use( - (0, import_core.getHttpAuthSchemeEndpointRuleSetPlugin)(this.config, { - httpAuthSchemeParametersProvider: import_httpAuthSchemeProvider.defaultSSOHttpAuthSchemeParametersProvider, - identityProviderConfigProvider: /* @__PURE__ */ __name(async (config) => new import_core.DefaultIdentityProviderConfig({ - "aws.auth#sigv4": config.credentials - }), "identityProviderConfigProvider") - }) - ); - this.middlewareStack.use((0, import_core.getHttpSigningPlugin)(this.config)); + return {}; +}), "parseJsonBody"); +var parseJsonErrorBody = /* @__PURE__ */ __name(async (errorBody, context) => { + const value = await parseJsonBody(errorBody, context); + value.message = value.message ?? value.Message; + return value; +}, "parseJsonErrorBody"); +var loadRestJsonErrorCode = /* @__PURE__ */ __name((output, data) => { + const findKey = /* @__PURE__ */ __name((object, key) => Object.keys(object).find((k) => k.toLowerCase() === key.toLowerCase()), "findKey"); + const sanitizeErrorCode = /* @__PURE__ */ __name((rawValue) => { + let cleanValue = rawValue; + if (typeof cleanValue === "number") { + cleanValue = cleanValue.toString(); + } + if (cleanValue.indexOf(",") >= 0) { + cleanValue = cleanValue.split(",")[0]; + } + if (cleanValue.indexOf(":") >= 0) { + cleanValue = cleanValue.split(":")[0]; + } + if (cleanValue.indexOf("#") >= 0) { + cleanValue = cleanValue.split("#")[1]; + } + return cleanValue; + }, "sanitizeErrorCode"); + const headerKey = findKey(output.headers, "x-amzn-errortype"); + if (headerKey !== void 0) { + return sanitizeErrorCode(output.headers[headerKey]); } - /** - * Destroy underlying resources, like sockets. It's usually not necessary to do this. - * However in Node.js, it's best to explicitly shut down the client's agent when it is no longer needed. - * Otherwise, sockets might stay open for quite a long time before the server terminates them. - */ - destroy() { - super.destroy(); + if (data && typeof data === "object") { + const codeKey = findKey(data, "code"); + if (codeKey && data[codeKey] !== void 0) { + return sanitizeErrorCode(data[codeKey]); + } + if (data["__type"] !== void 0) { + return sanitizeErrorCode(data["__type"]); + } } -}; - -// src/SSO.ts - - -// src/commands/GetRoleCredentialsCommand.ts - -var import_middleware_serde = __nccwpck_require__(1238); - - -// src/models/models_0.ts - - -// src/models/SSOServiceException.ts +}, "loadRestJsonErrorCode"); -var SSOServiceException = class _SSOServiceException extends import_smithy_client.ServiceException { +// src/submodules/protocols/json/JsonShapeDeserializer.ts +var JsonShapeDeserializer = class extends SerdeContextConfig { + constructor(settings) { + super(); + this.settings = settings; + } static { - __name(this, "SSOServiceException"); + __name(this, "JsonShapeDeserializer"); } - /** - * @internal - */ - constructor(options) { - super(options); - Object.setPrototypeOf(this, _SSOServiceException.prototype); + async read(schema, data) { + return this._read( + schema, + typeof data === "string" ? JSON.parse(data, jsonReviver) : await parseJsonBody(data, this.serdeContext) + ); } -}; - -// src/models/models_0.ts -var InvalidRequestException = class _InvalidRequestException extends SSOServiceException { - static { - __name(this, "InvalidRequestException"); + readObject(schema, data) { + return this._read(schema, data); } - name = "InvalidRequestException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "InvalidRequestException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _InvalidRequestException.prototype); + _read(schema, value) { + const isObject = value !== null && typeof value === "object"; + const ns = import_schema.NormalizedSchema.of(schema); + if (ns.isListSchema() && Array.isArray(value)) { + const listMember = ns.getValueSchema(); + const out = []; + const sparse = !!ns.getMergedTraits().sparse; + for (const item of value) { + if (sparse || item != null) { + out.push(this._read(listMember, item)); + } + } + return out; + } else if (ns.isMapSchema() && isObject) { + const mapMember = ns.getValueSchema(); + const out = {}; + const sparse = !!ns.getMergedTraits().sparse; + for (const [_k, _v] of Object.entries(value)) { + if (sparse || _v != null) { + out[_k] = this._read(mapMember, _v); + } + } + return out; + } else if (ns.isStructSchema() && isObject) { + const out = {}; + for (const [memberName, memberSchema] of ns.structIterator()) { + const fromKey = this.settings.jsonName ? memberSchema.getMergedTraits().jsonName ?? memberName : memberName; + const deserializedValue = this._read(memberSchema, value[fromKey]); + if (deserializedValue != null) { + out[memberName] = deserializedValue; + } + } + return out; + } + if (ns.isBlobSchema() && typeof value === "string") { + return (0, import_util_base64.fromBase64)(value); + } + const mediaType = ns.getMergedTraits().mediaType; + if (ns.isStringSchema() && typeof value === "string" && mediaType) { + const isJson = mediaType === "application/json" || mediaType.endsWith("+json"); + if (isJson) { + return import_serde2.LazyJsonString.from(value); + } + } + if (ns.isTimestampSchema()) { + const options = this.settings.timestampFormat; + const format = options.useTrait ? ns.getSchema() === import_schema.SCHEMA.TIMESTAMP_DEFAULT ? options.default : ns.getSchema() ?? options.default : options.default; + switch (format) { + case import_schema.SCHEMA.TIMESTAMP_DATE_TIME: + return (0, import_serde2.parseRfc3339DateTimeWithOffset)(value); + case import_schema.SCHEMA.TIMESTAMP_HTTP_DATE: + return (0, import_serde2.parseRfc7231DateTime)(value); + case import_schema.SCHEMA.TIMESTAMP_EPOCH_SECONDS: + return (0, import_serde2.parseEpochTimestamp)(value); + default: + console.warn("Missing timestamp format, parsing value with Date constructor:", value); + return new Date(value); + } + } + if (ns.isBigIntegerSchema() && (typeof value === "number" || typeof value === "string")) { + return BigInt(value); + } + if (ns.isBigDecimalSchema() && value != void 0) { + if (value instanceof import_serde2.NumericValue) { + return value; + } + return new import_serde2.NumericValue(String(value), "bigDecimal"); + } + if (ns.isNumericSchema() && typeof value === "string") { + switch (value) { + case "Infinity": + return Infinity; + case "-Infinity": + return -Infinity; + case "NaN": + return NaN; + } + } + return value; } }; -var ResourceNotFoundException = class _ResourceNotFoundException extends SSOServiceException { + +// src/submodules/protocols/json/JsonShapeSerializer.ts +var import_schema2 = __nccwpck_require__(9826); +var import_serde4 = __nccwpck_require__(7669); +var import_serde5 = __nccwpck_require__(7669); + +// src/submodules/protocols/json/jsonReplacer.ts +var import_serde3 = __nccwpck_require__(7669); +var NUMERIC_CONTROL_CHAR = String.fromCharCode(925); +var JsonReplacer = class { static { - __name(this, "ResourceNotFoundException"); + __name(this, "JsonReplacer"); } - name = "ResourceNotFoundException"; - $fault = "client"; /** - * @internal + * Stores placeholder key to true serialized value lookup. */ - constructor(opts) { - super({ - name: "ResourceNotFoundException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _ResourceNotFoundException.prototype); - } -}; -var TooManyRequestsException = class _TooManyRequestsException extends SSOServiceException { - static { - __name(this, "TooManyRequestsException"); - } - name = "TooManyRequestsException"; - $fault = "client"; + values = /* @__PURE__ */ new Map(); + counter = 0; + stage = 0; /** - * @internal + * Creates a jsonReplacer function that reserves big integer and big decimal values + * for later replacement. */ - constructor(opts) { - super({ - name: "TooManyRequestsException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _TooManyRequestsException.prototype); - } -}; -var UnauthorizedException = class _UnauthorizedException extends SSOServiceException { - static { - __name(this, "UnauthorizedException"); + createReplacer() { + if (this.stage === 1) { + throw new Error("@aws-sdk/core/protocols - JsonReplacer already created."); + } + if (this.stage === 2) { + throw new Error("@aws-sdk/core/protocols - JsonReplacer exhausted."); + } + this.stage = 1; + return (key, value) => { + if (value instanceof import_serde3.NumericValue) { + const v = `${NUMERIC_CONTROL_CHAR + +"nv" + this.counter++}_` + value.string; + this.values.set(`"${v}"`, value.string); + return v; + } + if (typeof value === "bigint") { + const s = value.toString(); + const v = `${NUMERIC_CONTROL_CHAR + "b" + this.counter++}_` + s; + this.values.set(`"${v}"`, s); + return v; + } + return value; + }; } - name = "UnauthorizedException"; - $fault = "client"; /** - * @internal + * Replaces placeholder keys with their true values. */ - constructor(opts) { - super({ - name: "UnauthorizedException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _UnauthorizedException.prototype); + replaceInJson(json) { + if (this.stage === 0) { + throw new Error("@aws-sdk/core/protocols - JsonReplacer not created yet."); + } + if (this.stage === 2) { + throw new Error("@aws-sdk/core/protocols - JsonReplacer exhausted."); + } + this.stage = 2; + if (this.counter === 0) { + return json; + } + for (const [key, value] of this.values) { + json = json.replace(key, value); + } + return json; } }; -var GetRoleCredentialsRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.accessToken && { accessToken: import_smithy_client.SENSITIVE_STRING } -}), "GetRoleCredentialsRequestFilterSensitiveLog"); -var RoleCredentialsFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.secretAccessKey && { secretAccessKey: import_smithy_client.SENSITIVE_STRING }, - ...obj.sessionToken && { sessionToken: import_smithy_client.SENSITIVE_STRING } -}), "RoleCredentialsFilterSensitiveLog"); -var GetRoleCredentialsResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.roleCredentials && { roleCredentials: RoleCredentialsFilterSensitiveLog(obj.roleCredentials) } -}), "GetRoleCredentialsResponseFilterSensitiveLog"); -var ListAccountRolesRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.accessToken && { accessToken: import_smithy_client.SENSITIVE_STRING } -}), "ListAccountRolesRequestFilterSensitiveLog"); -var ListAccountsRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.accessToken && { accessToken: import_smithy_client.SENSITIVE_STRING } -}), "ListAccountsRequestFilterSensitiveLog"); -var LogoutRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.accessToken && { accessToken: import_smithy_client.SENSITIVE_STRING } -}), "LogoutRequestFilterSensitiveLog"); - -// src/protocols/Aws_restJson1.ts -var import_core2 = __nccwpck_require__(9963); - -var se_GetRoleCredentialsCommand = /* @__PURE__ */ __name(async (input, context) => { - const b = (0, import_core.requestBuilder)(input, context); - const headers = (0, import_smithy_client.map)({}, import_smithy_client.isSerializableHeaderValue, { - [_xasbt]: input[_aT] - }); - b.bp("/federation/credentials"); - const query = (0, import_smithy_client.map)({ - [_rn]: [, (0, import_smithy_client.expectNonNull)(input[_rN], `roleName`)], - [_ai]: [, (0, import_smithy_client.expectNonNull)(input[_aI], `accountId`)] - }); - let body; - b.m("GET").h(headers).q(query).b(body); - return b.build(); -}, "se_GetRoleCredentialsCommand"); -var se_ListAccountRolesCommand = /* @__PURE__ */ __name(async (input, context) => { - const b = (0, import_core.requestBuilder)(input, context); - const headers = (0, import_smithy_client.map)({}, import_smithy_client.isSerializableHeaderValue, { - [_xasbt]: input[_aT] - }); - b.bp("/assignment/roles"); - const query = (0, import_smithy_client.map)({ - [_nt]: [, input[_nT]], - [_mr]: [() => input.maxResults !== void 0, () => input[_mR].toString()], - [_ai]: [, (0, import_smithy_client.expectNonNull)(input[_aI], `accountId`)] - }); - let body; - b.m("GET").h(headers).q(query).b(body); - return b.build(); -}, "se_ListAccountRolesCommand"); -var se_ListAccountsCommand = /* @__PURE__ */ __name(async (input, context) => { - const b = (0, import_core.requestBuilder)(input, context); - const headers = (0, import_smithy_client.map)({}, import_smithy_client.isSerializableHeaderValue, { - [_xasbt]: input[_aT] - }); - b.bp("/assignment/accounts"); - const query = (0, import_smithy_client.map)({ - [_nt]: [, input[_nT]], - [_mr]: [() => input.maxResults !== void 0, () => input[_mR].toString()] - }); - let body; - b.m("GET").h(headers).q(query).b(body); - return b.build(); -}, "se_ListAccountsCommand"); -var se_LogoutCommand = /* @__PURE__ */ __name(async (input, context) => { - const b = (0, import_core.requestBuilder)(input, context); - const headers = (0, import_smithy_client.map)({}, import_smithy_client.isSerializableHeaderValue, { - [_xasbt]: input[_aT] - }); - b.bp("/logout"); - let body; - b.m("POST").h(headers).b(body); - return b.build(); -}, "se_LogoutCommand"); -var de_GetRoleCredentialsCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode !== 200 && output.statusCode >= 300) { - return de_CommandError(output, context); - } - const contents = (0, import_smithy_client.map)({ - $metadata: deserializeMetadata(output) - }); - const data = (0, import_smithy_client.expectNonNull)((0, import_smithy_client.expectObject)(await (0, import_core2.parseJsonBody)(output.body, context)), "body"); - const doc = (0, import_smithy_client.take)(data, { - roleCredentials: import_smithy_client._json - }); - Object.assign(contents, doc); - return contents; -}, "de_GetRoleCredentialsCommand"); -var de_ListAccountRolesCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode !== 200 && output.statusCode >= 300) { - return de_CommandError(output, context); - } - const contents = (0, import_smithy_client.map)({ - $metadata: deserializeMetadata(output) - }); - const data = (0, import_smithy_client.expectNonNull)((0, import_smithy_client.expectObject)(await (0, import_core2.parseJsonBody)(output.body, context)), "body"); - const doc = (0, import_smithy_client.take)(data, { - nextToken: import_smithy_client.expectString, - roleList: import_smithy_client._json - }); - Object.assign(contents, doc); - return contents; -}, "de_ListAccountRolesCommand"); -var de_ListAccountsCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode !== 200 && output.statusCode >= 300) { - return de_CommandError(output, context); +// src/submodules/protocols/json/JsonShapeSerializer.ts +var JsonShapeSerializer = class extends SerdeContextConfig { + constructor(settings) { + super(); + this.settings = settings; } - const contents = (0, import_smithy_client.map)({ - $metadata: deserializeMetadata(output) - }); - const data = (0, import_smithy_client.expectNonNull)((0, import_smithy_client.expectObject)(await (0, import_core2.parseJsonBody)(output.body, context)), "body"); - const doc = (0, import_smithy_client.take)(data, { - accountList: import_smithy_client._json, - nextToken: import_smithy_client.expectString - }); - Object.assign(contents, doc); - return contents; -}, "de_ListAccountsCommand"); -var de_LogoutCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode !== 200 && output.statusCode >= 300) { - return de_CommandError(output, context); + static { + __name(this, "JsonShapeSerializer"); } - const contents = (0, import_smithy_client.map)({ - $metadata: deserializeMetadata(output) - }); - await (0, import_smithy_client.collectBody)(output.body, context); - return contents; -}, "de_LogoutCommand"); -var de_CommandError = /* @__PURE__ */ __name(async (output, context) => { - const parsedOutput = { - ...output, - body: await (0, import_core2.parseJsonErrorBody)(output.body, context) - }; - const errorCode = (0, import_core2.loadRestJsonErrorCode)(output, parsedOutput.body); - switch (errorCode) { - case "InvalidRequestException": - case "com.amazonaws.sso#InvalidRequestException": - throw await de_InvalidRequestExceptionRes(parsedOutput, context); - case "ResourceNotFoundException": - case "com.amazonaws.sso#ResourceNotFoundException": - throw await de_ResourceNotFoundExceptionRes(parsedOutput, context); - case "TooManyRequestsException": - case "com.amazonaws.sso#TooManyRequestsException": - throw await de_TooManyRequestsExceptionRes(parsedOutput, context); - case "UnauthorizedException": - case "com.amazonaws.sso#UnauthorizedException": - throw await de_UnauthorizedExceptionRes(parsedOutput, context); - default: - const parsedBody = parsedOutput.body; - return throwDefaultError({ - output, - parsedBody, - errorCode - }); + buffer; + rootSchema; + write(schema, value) { + this.rootSchema = import_schema2.NormalizedSchema.of(schema); + this.buffer = this._write(this.rootSchema, value); } -}, "de_CommandError"); -var throwDefaultError = (0, import_smithy_client.withBaseException)(SSOServiceException); -var de_InvalidRequestExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client.take)(data, { - message: import_smithy_client.expectString - }); - Object.assign(contents, doc); - const exception = new InvalidRequestException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client.decorateServiceException)(exception, parsedOutput.body); -}, "de_InvalidRequestExceptionRes"); -var de_ResourceNotFoundExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client.take)(data, { - message: import_smithy_client.expectString - }); - Object.assign(contents, doc); - const exception = new ResourceNotFoundException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client.decorateServiceException)(exception, parsedOutput.body); -}, "de_ResourceNotFoundExceptionRes"); -var de_TooManyRequestsExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client.take)(data, { - message: import_smithy_client.expectString - }); - Object.assign(contents, doc); - const exception = new TooManyRequestsException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client.decorateServiceException)(exception, parsedOutput.body); -}, "de_TooManyRequestsExceptionRes"); -var de_UnauthorizedExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client.take)(data, { - message: import_smithy_client.expectString - }); - Object.assign(contents, doc); - const exception = new UnauthorizedException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client.decorateServiceException)(exception, parsedOutput.body); -}, "de_UnauthorizedExceptionRes"); -var deserializeMetadata = /* @__PURE__ */ __name((output) => ({ - httpStatusCode: output.statusCode, - requestId: output.headers["x-amzn-requestid"] ?? output.headers["x-amzn-request-id"] ?? output.headers["x-amz-request-id"], - extendedRequestId: output.headers["x-amz-id-2"], - cfId: output.headers["x-amz-cf-id"] -}), "deserializeMetadata"); -var _aI = "accountId"; -var _aT = "accessToken"; -var _ai = "account_id"; -var _mR = "maxResults"; -var _mr = "max_result"; -var _nT = "nextToken"; -var _nt = "next_token"; -var _rN = "roleName"; -var _rn = "role_name"; -var _xasbt = "x-amz-sso_bearer_token"; - -// src/commands/GetRoleCredentialsCommand.ts -var GetRoleCredentialsCommand = class extends import_smithy_client.Command.classBuilder().ep(commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("SWBPortalService", "GetRoleCredentials", {}).n("SSOClient", "GetRoleCredentialsCommand").f(GetRoleCredentialsRequestFilterSensitiveLog, GetRoleCredentialsResponseFilterSensitiveLog).ser(se_GetRoleCredentialsCommand).de(de_GetRoleCredentialsCommand).build() { - static { - __name(this, "GetRoleCredentialsCommand"); + flush() { + if (this.rootSchema?.isStructSchema() || this.rootSchema?.isDocumentSchema()) { + const replacer = new JsonReplacer(); + return replacer.replaceInJson(JSON.stringify(this.buffer, replacer.createReplacer(), 0)); + } + return this.buffer; + } + _write(schema, value, container) { + const isObject = value !== null && typeof value === "object"; + const ns = import_schema2.NormalizedSchema.of(schema); + if (ns.isListSchema() && Array.isArray(value)) { + const listMember = ns.getValueSchema(); + const out = []; + const sparse = !!ns.getMergedTraits().sparse; + for (const item of value) { + if (sparse || item != null) { + out.push(this._write(listMember, item)); + } + } + return out; + } else if (ns.isMapSchema() && isObject) { + const mapMember = ns.getValueSchema(); + const out = {}; + const sparse = !!ns.getMergedTraits().sparse; + for (const [_k, _v] of Object.entries(value)) { + if (sparse || _v != null) { + out[_k] = this._write(mapMember, _v); + } + } + return out; + } else if (ns.isStructSchema() && isObject) { + const out = {}; + for (const [memberName, memberSchema] of ns.structIterator()) { + const targetKey = this.settings.jsonName ? memberSchema.getMergedTraits().jsonName ?? memberName : memberName; + const serializableValue = this._write(memberSchema, value[memberName], ns); + if (serializableValue !== void 0) { + out[targetKey] = serializableValue; + } + } + return out; + } + if (value === null && container?.isStructSchema()) { + return void 0; + } + if (ns.isBlobSchema() && (value instanceof Uint8Array || typeof value === "string")) { + if (ns === this.rootSchema) { + return value; + } + if (!this.serdeContext?.base64Encoder) { + throw new Error("Missing base64Encoder in serdeContext"); + } + return this.serdeContext?.base64Encoder(value); + } + if (ns.isTimestampSchema() && value instanceof Date) { + const options = this.settings.timestampFormat; + const format = options.useTrait ? ns.getSchema() === import_schema2.SCHEMA.TIMESTAMP_DEFAULT ? options.default : ns.getSchema() ?? options.default : options.default; + switch (format) { + case import_schema2.SCHEMA.TIMESTAMP_DATE_TIME: + return value.toISOString().replace(".000Z", "Z"); + case import_schema2.SCHEMA.TIMESTAMP_HTTP_DATE: + return (0, import_serde4.dateToUtcString)(value); + case import_schema2.SCHEMA.TIMESTAMP_EPOCH_SECONDS: + return value.getTime() / 1e3; + default: + console.warn("Missing timestamp format, using epoch seconds", value); + return value.getTime() / 1e3; + } + } + if (ns.isNumericSchema() && typeof value === "number") { + if (Math.abs(value) === Infinity || isNaN(value)) { + return String(value); + } + } + const mediaType = ns.getMergedTraits().mediaType; + if (ns.isStringSchema() && typeof value === "string" && mediaType) { + const isJson = mediaType === "application/json" || mediaType.endsWith("+json"); + if (isJson) { + return import_serde5.LazyJsonString.from(value); + } + } + return value; } }; -// src/commands/ListAccountRolesCommand.ts - - - -var ListAccountRolesCommand = class extends import_smithy_client.Command.classBuilder().ep(commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("SWBPortalService", "ListAccountRoles", {}).n("SSOClient", "ListAccountRolesCommand").f(ListAccountRolesRequestFilterSensitiveLog, void 0).ser(se_ListAccountRolesCommand).de(de_ListAccountRolesCommand).build() { +// src/submodules/protocols/json/JsonCodec.ts +var JsonCodec = class extends SerdeContextConfig { + constructor(settings) { + super(); + this.settings = settings; + } static { - __name(this, "ListAccountRolesCommand"); + __name(this, "JsonCodec"); + } + createSerializer() { + const serializer = new JsonShapeSerializer(this.settings); + serializer.setSerdeContext(this.serdeContext); + return serializer; + } + createDeserializer() { + const deserializer = new JsonShapeDeserializer(this.settings); + deserializer.setSerdeContext(this.serdeContext); + return deserializer; } }; -// src/commands/ListAccountsCommand.ts - - - -var ListAccountsCommand = class extends import_smithy_client.Command.classBuilder().ep(commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("SWBPortalService", "ListAccounts", {}).n("SSOClient", "ListAccountsCommand").f(ListAccountsRequestFilterSensitiveLog, void 0).ser(se_ListAccountsCommand).de(de_ListAccountsCommand).build() { +// src/submodules/protocols/json/AwsJsonRpcProtocol.ts +var AwsJsonRpcProtocol = class extends import_protocols.RpcProtocol { static { - __name(this, "ListAccountsCommand"); + __name(this, "AwsJsonRpcProtocol"); + } + serializer; + deserializer; + codec; + constructor({ defaultNamespace }) { + super({ + defaultNamespace + }); + this.codec = new JsonCodec({ + timestampFormat: { + useTrait: true, + default: import_schema3.SCHEMA.TIMESTAMP_EPOCH_SECONDS + }, + jsonName: false + }); + this.serializer = this.codec.createSerializer(); + this.deserializer = this.codec.createDeserializer(); + } + async serializeRequest(operationSchema, input, context) { + const request = await super.serializeRequest(operationSchema, input, context); + if (!request.path.endsWith("/")) { + request.path += "/"; + } + Object.assign(request.headers, { + "content-type": `application/x-amz-json-${this.getJsonRpcVersion()}`, + "x-amz-target": (this.getJsonRpcVersion() === "1.0" ? `JsonRpc10.` : `JsonProtocol.`) + import_schema3.NormalizedSchema.of(operationSchema).getName() + }); + if ((0, import_schema3.deref)(operationSchema.input) === "unit" || !request.body) { + request.body = "{}"; + } + try { + request.headers["content-length"] = String((0, import_util_body_length_browser.calculateBodyLength)(request.body)); + } catch (e) { + } + return request; + } + getPayloadCodec() { + return this.codec; + } + async handleError(operationSchema, context, response, dataObject, metadata) { + const errorIdentifier = loadRestJsonErrorCode(response, dataObject) ?? "Unknown"; + let namespace = this.options.defaultNamespace; + let errorName = errorIdentifier; + if (errorIdentifier.includes("#")) { + [namespace, errorName] = errorIdentifier.split("#"); + } + const registry = import_schema3.TypeRegistry.for(namespace); + let errorSchema; + try { + errorSchema = registry.getSchema(errorIdentifier); + } catch (e) { + const baseExceptionSchema = import_schema3.TypeRegistry.for("smithy.ts.sdk.synthetic." + namespace).getBaseException(); + if (baseExceptionSchema) { + const ErrorCtor = baseExceptionSchema.ctor; + throw Object.assign(new ErrorCtor(errorName), dataObject); + } + throw new Error(errorName); + } + const ns = import_schema3.NormalizedSchema.of(errorSchema); + const message = dataObject.message ?? dataObject.Message ?? "Unknown"; + const exception = new errorSchema.ctor(message); + await this.deserializeHttpMessage(errorSchema, context, response, dataObject); + const output = {}; + for (const [name, member] of ns.structIterator()) { + const target = member.getMergedTraits().jsonName ?? name; + output[name] = this.codec.createDeserializer().readObject(member, dataObject[target]); + } + Object.assign(exception, { + $metadata: metadata, + $response: response, + $fault: ns.getMergedTraits().error, + message, + ...output + }); + throw exception; } }; -// src/commands/LogoutCommand.ts - - - -var LogoutCommand = class extends import_smithy_client.Command.classBuilder().ep(commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("SWBPortalService", "Logout", {}).n("SSOClient", "LogoutCommand").f(LogoutRequestFilterSensitiveLog, void 0).ser(se_LogoutCommand).de(de_LogoutCommand).build() { +// src/submodules/protocols/json/AwsJson1_0Protocol.ts +var AwsJson1_0Protocol = class extends AwsJsonRpcProtocol { static { - __name(this, "LogoutCommand"); + __name(this, "AwsJson1_0Protocol"); + } + constructor({ defaultNamespace }) { + super({ + defaultNamespace + }); + } + getShapeId() { + return "aws.protocols#awsJson1_0"; + } + getJsonRpcVersion() { + return "1.0"; } }; -// src/SSO.ts -var commands = { - GetRoleCredentialsCommand, - ListAccountRolesCommand, - ListAccountsCommand, - LogoutCommand -}; -var SSO = class extends SSOClient { +// src/submodules/protocols/json/AwsJson1_1Protocol.ts +var AwsJson1_1Protocol = class extends AwsJsonRpcProtocol { static { - __name(this, "SSO"); + __name(this, "AwsJson1_1Protocol"); } -}; -(0, import_smithy_client.createAggregatedClient)(commands, SSO); - -// src/pagination/ListAccountRolesPaginator.ts - -var paginateListAccountRoles = (0, import_core.createPaginator)(SSOClient, ListAccountRolesCommand, "nextToken", "nextToken", "maxResults"); - -// src/pagination/ListAccountsPaginator.ts - -var paginateListAccounts = (0, import_core.createPaginator)(SSOClient, ListAccountsCommand, "nextToken", "nextToken", "maxResults"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 9756: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.getRuntimeConfig = void 0; -const tslib_1 = __nccwpck_require__(4351); -const package_json_1 = tslib_1.__importDefault(__nccwpck_require__(1092)); -const core_1 = __nccwpck_require__(9963); -const util_user_agent_node_1 = __nccwpck_require__(8095); -const config_resolver_1 = __nccwpck_require__(3098); -const hash_node_1 = __nccwpck_require__(3081); -const middleware_retry_1 = __nccwpck_require__(6039); -const node_config_provider_1 = __nccwpck_require__(3461); -const node_http_handler_1 = __nccwpck_require__(258); -const util_body_length_node_1 = __nccwpck_require__(8075); -const util_retry_1 = __nccwpck_require__(4902); -const runtimeConfig_shared_1 = __nccwpck_require__(4809); -const smithy_client_1 = __nccwpck_require__(3570); -const util_defaults_mode_node_1 = __nccwpck_require__(2429); -const smithy_client_2 = __nccwpck_require__(3570); -const getRuntimeConfig = (config) => { - (0, smithy_client_2.emitWarningIfUnsupportedVersion)(process.version); - const defaultsMode = (0, util_defaults_mode_node_1.resolveDefaultsModeConfig)(config); - const defaultConfigProvider = () => defaultsMode().then(smithy_client_1.loadConfigsForDefaultMode); - const clientSharedValues = (0, runtimeConfig_shared_1.getRuntimeConfig)(config); - (0, core_1.emitWarningIfUnsupportedVersion)(process.version); - const loaderConfig = { - profile: config?.profile, - logger: clientSharedValues.logger, - }; - return { - ...clientSharedValues, - ...config, - runtime: "node", - defaultsMode, - authSchemePreference: config?.authSchemePreference ?? (0, node_config_provider_1.loadConfig)(core_1.NODE_AUTH_SCHEME_PREFERENCE_OPTIONS, loaderConfig), - bodyLengthChecker: config?.bodyLengthChecker ?? util_body_length_node_1.calculateBodyLength, - defaultUserAgentProvider: config?.defaultUserAgentProvider ?? - (0, util_user_agent_node_1.createDefaultUserAgentProvider)({ serviceId: clientSharedValues.serviceId, clientVersion: package_json_1.default.version }), - maxAttempts: config?.maxAttempts ?? (0, node_config_provider_1.loadConfig)(middleware_retry_1.NODE_MAX_ATTEMPT_CONFIG_OPTIONS, config), - region: config?.region ?? - (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_REGION_CONFIG_OPTIONS, { ...config_resolver_1.NODE_REGION_CONFIG_FILE_OPTIONS, ...loaderConfig }), - requestHandler: node_http_handler_1.NodeHttpHandler.create(config?.requestHandler ?? defaultConfigProvider), - retryMode: config?.retryMode ?? - (0, node_config_provider_1.loadConfig)({ - ...middleware_retry_1.NODE_RETRY_MODE_CONFIG_OPTIONS, - default: async () => (await defaultConfigProvider()).retryMode || util_retry_1.DEFAULT_RETRY_MODE, - }, config), - sha256: config?.sha256 ?? hash_node_1.Hash.bind(null, "sha256"), - streamCollector: config?.streamCollector ?? node_http_handler_1.streamCollector, - useDualstackEndpoint: config?.useDualstackEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS, loaderConfig), - useFipsEndpoint: config?.useFipsEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS, loaderConfig), - userAgentAppId: config?.userAgentAppId ?? (0, node_config_provider_1.loadConfig)(util_user_agent_node_1.NODE_APP_ID_CONFIG_OPTIONS, loaderConfig), - }; -}; -exports.getRuntimeConfig = getRuntimeConfig; - - -/***/ }), - -/***/ 4809: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.getRuntimeConfig = void 0; -const core_1 = __nccwpck_require__(9963); -const core_2 = __nccwpck_require__(5829); -const smithy_client_1 = __nccwpck_require__(3570); -const url_parser_1 = __nccwpck_require__(4681); -const util_base64_1 = __nccwpck_require__(5600); -const util_utf8_1 = __nccwpck_require__(1895); -const httpAuthSchemeProvider_1 = __nccwpck_require__(9344); -const endpointResolver_1 = __nccwpck_require__(898); -const getRuntimeConfig = (config) => { - return { - apiVersion: "2019-06-10", - base64Decoder: config?.base64Decoder ?? util_base64_1.fromBase64, - base64Encoder: config?.base64Encoder ?? util_base64_1.toBase64, - disableHostPrefix: config?.disableHostPrefix ?? false, - endpointProvider: config?.endpointProvider ?? endpointResolver_1.defaultEndpointResolver, - extensions: config?.extensions ?? [], - httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? httpAuthSchemeProvider_1.defaultSSOHttpAuthSchemeProvider, - httpAuthSchemes: config?.httpAuthSchemes ?? [ - { - schemeId: "aws.auth#sigv4", - identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4"), - signer: new core_1.AwsSdkSigV4Signer(), - }, - { - schemeId: "smithy.api#noAuth", - identityProvider: (ipc) => ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})), - signer: new core_2.NoAuthSigner(), - }, - ], - logger: config?.logger ?? new smithy_client_1.NoOpLogger(), - serviceId: config?.serviceId ?? "SSO", - urlParser: config?.urlParser ?? url_parser_1.parseUrl, - utf8Decoder: config?.utf8Decoder ?? util_utf8_1.fromUtf8, - utf8Encoder: config?.utf8Encoder ?? util_utf8_1.toUtf8, - }; -}; -exports.getRuntimeConfig = getRuntimeConfig; - - -/***/ }), - -/***/ 4195: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.STSClient = exports.__Client = void 0; -const middleware_host_header_1 = __nccwpck_require__(9514); -const middleware_logger_1 = __nccwpck_require__(5675); -const middleware_recursion_detection_1 = __nccwpck_require__(7977); -const middleware_user_agent_1 = __nccwpck_require__(6634); -const config_resolver_1 = __nccwpck_require__(3098); -const core_1 = __nccwpck_require__(5829); -const middleware_content_length_1 = __nccwpck_require__(2800); -const middleware_endpoint_1 = __nccwpck_require__(2918); -const middleware_retry_1 = __nccwpck_require__(6039); -const smithy_client_1 = __nccwpck_require__(3570); -Object.defineProperty(exports, "__Client", ({ enumerable: true, get: function () { return smithy_client_1.Client; } })); -const httpAuthSchemeProvider_1 = __nccwpck_require__(7145); -const EndpointParameters_1 = __nccwpck_require__(510); -const runtimeConfig_1 = __nccwpck_require__(3405); -const runtimeExtensions_1 = __nccwpck_require__(2053); -class STSClient extends smithy_client_1.Client { - config; - constructor(...[configuration]) { - const _config_0 = (0, runtimeConfig_1.getRuntimeConfig)(configuration || {}); - super(_config_0); - this.initConfig = _config_0; - const _config_1 = (0, EndpointParameters_1.resolveClientEndpointParameters)(_config_0); - const _config_2 = (0, middleware_user_agent_1.resolveUserAgentConfig)(_config_1); - const _config_3 = (0, middleware_retry_1.resolveRetryConfig)(_config_2); - const _config_4 = (0, config_resolver_1.resolveRegionConfig)(_config_3); - const _config_5 = (0, middleware_host_header_1.resolveHostHeaderConfig)(_config_4); - const _config_6 = (0, middleware_endpoint_1.resolveEndpointConfig)(_config_5); - const _config_7 = (0, httpAuthSchemeProvider_1.resolveHttpAuthSchemeConfig)(_config_6); - const _config_8 = (0, runtimeExtensions_1.resolveRuntimeExtensions)(_config_7, configuration?.extensions || []); - this.config = _config_8; - this.middlewareStack.use((0, middleware_user_agent_1.getUserAgentPlugin)(this.config)); - this.middlewareStack.use((0, middleware_retry_1.getRetryPlugin)(this.config)); - this.middlewareStack.use((0, middleware_content_length_1.getContentLengthPlugin)(this.config)); - this.middlewareStack.use((0, middleware_host_header_1.getHostHeaderPlugin)(this.config)); - this.middlewareStack.use((0, middleware_logger_1.getLoggerPlugin)(this.config)); - this.middlewareStack.use((0, middleware_recursion_detection_1.getRecursionDetectionPlugin)(this.config)); - this.middlewareStack.use((0, core_1.getHttpAuthSchemeEndpointRuleSetPlugin)(this.config, { - httpAuthSchemeParametersProvider: httpAuthSchemeProvider_1.defaultSTSHttpAuthSchemeParametersProvider, - identityProviderConfigProvider: async (config) => new core_1.DefaultIdentityProviderConfig({ - "aws.auth#sigv4": config.credentials, - }), - })); - this.middlewareStack.use((0, core_1.getHttpSigningPlugin)(this.config)); - } - destroy() { - super.destroy(); - } -} -exports.STSClient = STSClient; - - -/***/ }), - -/***/ 8527: -/***/ ((__unused_webpack_module, exports) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.resolveHttpAuthRuntimeConfig = exports.getHttpAuthExtensionConfiguration = void 0; -const getHttpAuthExtensionConfiguration = (runtimeConfig) => { - const _httpAuthSchemes = runtimeConfig.httpAuthSchemes; - let _httpAuthSchemeProvider = runtimeConfig.httpAuthSchemeProvider; - let _credentials = runtimeConfig.credentials; - return { - setHttpAuthScheme(httpAuthScheme) { - const index = _httpAuthSchemes.findIndex((scheme) => scheme.schemeId === httpAuthScheme.schemeId); - if (index === -1) { - _httpAuthSchemes.push(httpAuthScheme); - } - else { - _httpAuthSchemes.splice(index, 1, httpAuthScheme); - } - }, - httpAuthSchemes() { - return _httpAuthSchemes; - }, - setHttpAuthSchemeProvider(httpAuthSchemeProvider) { - _httpAuthSchemeProvider = httpAuthSchemeProvider; - }, - httpAuthSchemeProvider() { - return _httpAuthSchemeProvider; - }, - setCredentials(credentials) { - _credentials = credentials; - }, - credentials() { - return _credentials; - }, - }; -}; -exports.getHttpAuthExtensionConfiguration = getHttpAuthExtensionConfiguration; -const resolveHttpAuthRuntimeConfig = (config) => { - return { - httpAuthSchemes: config.httpAuthSchemes(), - httpAuthSchemeProvider: config.httpAuthSchemeProvider(), - credentials: config.credentials(), - }; -}; -exports.resolveHttpAuthRuntimeConfig = resolveHttpAuthRuntimeConfig; - - -/***/ }), - -/***/ 7145: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.resolveHttpAuthSchemeConfig = exports.resolveStsAuthConfig = exports.defaultSTSHttpAuthSchemeProvider = exports.defaultSTSHttpAuthSchemeParametersProvider = void 0; -const core_1 = __nccwpck_require__(2143); -const util_middleware_1 = __nccwpck_require__(2390); -const STSClient_1 = __nccwpck_require__(4195); -const defaultSTSHttpAuthSchemeParametersProvider = async (config, context, input) => { - return { - operation: (0, util_middleware_1.getSmithyContext)(context).operation, - region: (await (0, util_middleware_1.normalizeProvider)(config.region)()) || - (() => { - throw new Error("expected `region` to be configured for `aws.auth#sigv4`"); - })(), - }; -}; -exports.defaultSTSHttpAuthSchemeParametersProvider = defaultSTSHttpAuthSchemeParametersProvider; -function createAwsAuthSigv4HttpAuthOption(authParameters) { - return { - schemeId: "aws.auth#sigv4", - signingProperties: { - name: "sts", - region: authParameters.region, - }, - propertiesExtractor: (config, context) => ({ - signingProperties: { - config, - context, - }, - }), - }; -} -function createSmithyApiNoAuthHttpAuthOption(authParameters) { - return { - schemeId: "smithy.api#noAuth", + constructor({ defaultNamespace }) { + super({ + defaultNamespace + }); + } + getShapeId() { + return "aws.protocols#awsJson1_1"; + } + getJsonRpcVersion() { + return "1.1"; + } +}; + +// src/submodules/protocols/json/AwsRestJsonProtocol.ts +var import_protocols2 = __nccwpck_require__(2241); +var import_schema4 = __nccwpck_require__(9826); +var import_util_body_length_browser2 = __nccwpck_require__(713); +var AwsRestJsonProtocol = class extends import_protocols2.HttpBindingProtocol { + static { + __name(this, "AwsRestJsonProtocol"); + } + serializer; + deserializer; + codec; + constructor({ defaultNamespace }) { + super({ + defaultNamespace + }); + const settings = { + timestampFormat: { + useTrait: true, + default: import_schema4.SCHEMA.TIMESTAMP_EPOCH_SECONDS + }, + httpBindings: true, + jsonName: true }; -} -const defaultSTSHttpAuthSchemeProvider = (authParameters) => { - const options = []; - switch (authParameters.operation) { - case "AssumeRoleWithSAML": { - options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); - break; - } - case "AssumeRoleWithWebIdentity": { - options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); - break; + this.codec = new JsonCodec(settings); + this.serializer = new import_protocols2.HttpInterceptingShapeSerializer(this.codec.createSerializer(), settings); + this.deserializer = new import_protocols2.HttpInterceptingShapeDeserializer(this.codec.createDeserializer(), settings); + } + getShapeId() { + return "aws.protocols#restJson1"; + } + getPayloadCodec() { + return this.codec; + } + setSerdeContext(serdeContext) { + this.codec.setSerdeContext(serdeContext); + super.setSerdeContext(serdeContext); + } + async serializeRequest(operationSchema, input, context) { + const request = await super.serializeRequest(operationSchema, input, context); + const inputSchema = import_schema4.NormalizedSchema.of(operationSchema.input); + const members = inputSchema.getMemberSchemas(); + if (!request.headers["content-type"]) { + const httpPayloadMember = Object.values(members).find((m) => { + return !!m.getMergedTraits().httpPayload; + }); + if (httpPayloadMember) { + const mediaType = httpPayloadMember.getMergedTraits().mediaType; + if (mediaType) { + request.headers["content-type"] = mediaType; + } else if (httpPayloadMember.isStringSchema()) { + request.headers["content-type"] = "text/plain"; + } else if (httpPayloadMember.isBlobSchema()) { + request.headers["content-type"] = "application/octet-stream"; + } else { + request.headers["content-type"] = "application/json"; } - default: { - options.push(createAwsAuthSigv4HttpAuthOption(authParameters)); + } else if (!inputSchema.isUnitSchema()) { + const hasBody = Object.values(members).find((m) => { + const { httpQuery, httpQueryParams, httpHeader, httpLabel, httpPrefixHeaders } = m.getMergedTraits(); + return !httpQuery && !httpQueryParams && !httpHeader && !httpLabel && httpPrefixHeaders === void 0; + }); + if (hasBody) { + request.headers["content-type"] = "application/json"; } + } } - return options; -}; -exports.defaultSTSHttpAuthSchemeProvider = defaultSTSHttpAuthSchemeProvider; -const resolveStsAuthConfig = (input) => Object.assign(input, { - stsClientCtor: STSClient_1.STSClient, -}); -exports.resolveStsAuthConfig = resolveStsAuthConfig; -const resolveHttpAuthSchemeConfig = (config) => { - const config_0 = (0, exports.resolveStsAuthConfig)(config); - const config_1 = (0, core_1.resolveAwsSdkSigV4Config)(config_0); - return Object.assign(config_1, { - authSchemePreference: (0, util_middleware_1.normalizeProvider)(config.authSchemePreference ?? []), + if (request.headers["content-type"] && !request.body) { + request.body = "{}"; + } + if (request.body) { + try { + request.headers["content-length"] = String((0, import_util_body_length_browser2.calculateBodyLength)(request.body)); + } catch (e) { + } + } + return request; + } + async handleError(operationSchema, context, response, dataObject, metadata) { + const errorIdentifier = loadRestJsonErrorCode(response, dataObject) ?? "Unknown"; + let namespace = this.options.defaultNamespace; + let errorName = errorIdentifier; + if (errorIdentifier.includes("#")) { + [namespace, errorName] = errorIdentifier.split("#"); + } + const registry = import_schema4.TypeRegistry.for(namespace); + let errorSchema; + try { + errorSchema = registry.getSchema(errorIdentifier); + } catch (e) { + const baseExceptionSchema = import_schema4.TypeRegistry.for("smithy.ts.sdk.synthetic." + namespace).getBaseException(); + if (baseExceptionSchema) { + const ErrorCtor = baseExceptionSchema.ctor; + throw Object.assign(new ErrorCtor(errorName), dataObject); + } + throw new Error(errorName); + } + const ns = import_schema4.NormalizedSchema.of(errorSchema); + const message = dataObject.message ?? dataObject.Message ?? "Unknown"; + const exception = new errorSchema.ctor(message); + await this.deserializeHttpMessage(errorSchema, context, response, dataObject); + const output = {}; + for (const [name, member] of ns.structIterator()) { + const target = member.getMergedTraits().jsonName ?? name; + output[name] = this.codec.createDeserializer().readObject(member, dataObject[target]); + } + Object.assign(exception, { + $metadata: metadata, + $response: response, + $fault: ns.getMergedTraits().error, + message, + ...output }); + throw exception; + } }; -exports.resolveHttpAuthSchemeConfig = resolveHttpAuthSchemeConfig; +// src/submodules/protocols/json/awsExpectUnion.ts +var import_smithy_client2 = __nccwpck_require__(3570); +var awsExpectUnion = /* @__PURE__ */ __name((value) => { + if (value == null) { + return void 0; + } + if (typeof value === "object" && "__type" in value) { + delete value.__type; + } + return (0, import_smithy_client2.expectUnion)(value); +}, "awsExpectUnion"); -/***/ }), - -/***/ 510: -/***/ ((__unused_webpack_module, exports) => { - -"use strict"; +// src/submodules/protocols/query/AwsQueryProtocol.ts +var import_protocols5 = __nccwpck_require__(2241); +var import_schema7 = __nccwpck_require__(9826); +var import_util_body_length_browser3 = __nccwpck_require__(713); -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.commonParams = exports.resolveClientEndpointParameters = void 0; -const resolveClientEndpointParameters = (options) => { - return Object.assign(options, { - useDualstackEndpoint: options.useDualstackEndpoint ?? false, - useFipsEndpoint: options.useFipsEndpoint ?? false, - useGlobalEndpoint: options.useGlobalEndpoint ?? false, - defaultSigningName: "sts", +// src/submodules/protocols/xml/XmlShapeDeserializer.ts +var import_protocols3 = __nccwpck_require__(2241); +var import_schema5 = __nccwpck_require__(9826); +var import_smithy_client3 = __nccwpck_require__(3570); +var import_util_utf8 = __nccwpck_require__(1895); +var import_fast_xml_parser = __nccwpck_require__(7773); +var XmlShapeDeserializer = class extends SerdeContextConfig { + constructor(settings) { + super(); + this.settings = settings; + this.stringDeserializer = new import_protocols3.FromStringShapeDeserializer(settings); + } + static { + __name(this, "XmlShapeDeserializer"); + } + stringDeserializer; + setSerdeContext(serdeContext) { + this.serdeContext = serdeContext; + this.stringDeserializer.setSerdeContext(serdeContext); + } + /** + * @param schema - describing the data. + * @param bytes - serialized data. + * @param key - used by AwsQuery to step one additional depth into the object before reading it. + */ + read(schema, bytes, key) { + const ns = import_schema5.NormalizedSchema.of(schema); + const memberSchemas = ns.getMemberSchemas(); + const isEventPayload = ns.isStructSchema() && ns.isMemberSchema() && !!Object.values(memberSchemas).find((memberNs) => { + return !!memberNs.getMemberTraits().eventPayload; }); + if (isEventPayload) { + const output = {}; + const memberName = Object.keys(memberSchemas)[0]; + const eventMemberSchema = memberSchemas[memberName]; + if (eventMemberSchema.isBlobSchema()) { + output[memberName] = bytes; + } else { + output[memberName] = this.read(memberSchemas[memberName], bytes); + } + return output; + } + const xmlString = (this.serdeContext?.utf8Encoder ?? import_util_utf8.toUtf8)(bytes); + const parsedObject = this.parseXml(xmlString); + return this.readSchema(schema, key ? parsedObject[key] : parsedObject); + } + readSchema(_schema, value) { + const ns = import_schema5.NormalizedSchema.of(_schema); + const traits = ns.getMergedTraits(); + const schema = ns.getSchema(); + if (ns.isListSchema() && !Array.isArray(value)) { + return this.readSchema(schema, [value]); + } + if (value == null) { + return value; + } + if (typeof value === "object") { + const sparse = !!traits.sparse; + const flat = !!traits.xmlFlattened; + if (ns.isListSchema()) { + const listValue = ns.getValueSchema(); + const buffer2 = []; + const sourceKey = listValue.getMergedTraits().xmlName ?? "member"; + const source = flat ? value : (value[0] ?? value)[sourceKey]; + const sourceArray = Array.isArray(source) ? source : [source]; + for (const v of sourceArray) { + if (v != null || sparse) { + buffer2.push(this.readSchema(listValue, v)); + } + } + return buffer2; + } + const buffer = {}; + if (ns.isMapSchema()) { + const keyNs = ns.getKeySchema(); + const memberNs = ns.getValueSchema(); + let entries; + if (flat) { + entries = Array.isArray(value) ? value : [value]; + } else { + entries = Array.isArray(value.entry) ? value.entry : [value.entry]; + } + const keyProperty = keyNs.getMergedTraits().xmlName ?? "key"; + const valueProperty = memberNs.getMergedTraits().xmlName ?? "value"; + for (const entry of entries) { + const key = entry[keyProperty]; + const value2 = entry[valueProperty]; + if (value2 != null || sparse) { + buffer[key] = this.readSchema(memberNs, value2); + } + } + return buffer; + } + if (ns.isStructSchema()) { + for (const [memberName, memberSchema] of ns.structIterator()) { + const memberTraits = memberSchema.getMergedTraits(); + const xmlObjectKey = !memberTraits.httpPayload ? memberSchema.getMemberTraits().xmlName ?? memberName : memberTraits.xmlName ?? memberSchema.getName(); + if (value[xmlObjectKey] != null) { + buffer[memberName] = this.readSchema(memberSchema, value[xmlObjectKey]); + } + } + return buffer; + } + if (ns.isDocumentSchema()) { + return value; + } + throw new Error(`@aws-sdk/core/protocols - xml deserializer unhandled schema type for ${ns.getName(true)}`); + } else { + if (ns.isListSchema()) { + return []; + } else if (ns.isMapSchema() || ns.isStructSchema()) { + return {}; + } + return this.stringDeserializer.read(ns, value); + } + } + parseXml(xml) { + if (xml.length) { + const parser = new import_fast_xml_parser.XMLParser({ + attributeNamePrefix: "", + htmlEntities: true, + ignoreAttributes: false, + ignoreDeclaration: true, + parseTagValue: false, + trimValues: false, + tagValueProcessor: /* @__PURE__ */ __name((_, val) => val.trim() === "" && val.includes("\n") ? "" : void 0, "tagValueProcessor") + }); + parser.addEntity("#xD", "\r"); + parser.addEntity("#10", "\n"); + let parsedObj; + try { + parsedObj = parser.parse(xml, true); + } catch (e) { + if (e && typeof e === "object") { + Object.defineProperty(e, "$responseBodyText", { + value: xml + }); + } + throw e; + } + const textNodeName = "#text"; + const key = Object.keys(parsedObj)[0]; + const parsedObjToReturn = parsedObj[key]; + if (parsedObjToReturn[textNodeName]) { + parsedObjToReturn[key] = parsedObjToReturn[textNodeName]; + delete parsedObjToReturn[textNodeName]; + } + return (0, import_smithy_client3.getValueFromTextNode)(parsedObjToReturn); + } + return {}; + } }; -exports.resolveClientEndpointParameters = resolveClientEndpointParameters; -exports.commonParams = { - UseGlobalEndpoint: { type: "builtInParams", name: "useGlobalEndpoint" }, - UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, - Endpoint: { type: "builtInParams", name: "endpoint" }, - Region: { type: "builtInParams", name: "region" }, - UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" }, -}; - - -/***/ }), - -/***/ 1203: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.defaultEndpointResolver = void 0; -const util_endpoints_1 = __nccwpck_require__(4241); -const util_endpoints_2 = __nccwpck_require__(5473); -const ruleset_1 = __nccwpck_require__(6882); -const cache = new util_endpoints_2.EndpointCache({ - size: 50, - params: ["Endpoint", "Region", "UseDualStack", "UseFIPS", "UseGlobalEndpoint"], -}); -const defaultEndpointResolver = (endpointParams, context = {}) => { - return cache.get(endpointParams, () => (0, util_endpoints_2.resolveEndpoint)(ruleset_1.ruleSet, { - endpointParams: endpointParams, - logger: context.logger, - })); -}; -exports.defaultEndpointResolver = defaultEndpointResolver; -util_endpoints_2.customEndpointFunctions.aws = util_endpoints_1.awsEndpointFunctions; - - -/***/ }), - -/***/ 6882: -/***/ ((__unused_webpack_module, exports) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.ruleSet = void 0; -const F = "required", G = "type", H = "fn", I = "argv", J = "ref"; -const a = false, b = true, c = "booleanEquals", d = "stringEquals", e = "sigv4", f = "sts", g = "us-east-1", h = "endpoint", i = "https://sts.{Region}.{PartitionResult#dnsSuffix}", j = "tree", k = "error", l = "getAttr", m = { [F]: false, [G]: "String" }, n = { [F]: true, "default": false, [G]: "Boolean" }, o = { [J]: "Endpoint" }, p = { [H]: "isSet", [I]: [{ [J]: "Region" }] }, q = { [J]: "Region" }, r = { [H]: "aws.partition", [I]: [q], "assign": "PartitionResult" }, s = { [J]: "UseFIPS" }, t = { [J]: "UseDualStack" }, u = { "url": "https://sts.amazonaws.com", "properties": { "authSchemes": [{ "name": e, "signingName": f, "signingRegion": g }] }, "headers": {} }, v = {}, w = { "conditions": [{ [H]: d, [I]: [q, "aws-global"] }], [h]: u, [G]: h }, x = { [H]: c, [I]: [s, true] }, y = { [H]: c, [I]: [t, true] }, z = { [H]: l, [I]: [{ [J]: "PartitionResult" }, "supportsFIPS"] }, A = { [J]: "PartitionResult" }, B = { [H]: c, [I]: [true, { [H]: l, [I]: [A, "supportsDualStack"] }] }, C = [{ [H]: "isSet", [I]: [o] }], D = [x], E = [y]; -const _data = { version: "1.0", parameters: { Region: m, UseDualStack: n, UseFIPS: n, Endpoint: m, UseGlobalEndpoint: n }, rules: [{ conditions: [{ [H]: c, [I]: [{ [J]: "UseGlobalEndpoint" }, b] }, { [H]: "not", [I]: C }, p, r, { [H]: c, [I]: [s, a] }, { [H]: c, [I]: [t, a] }], rules: [{ conditions: [{ [H]: d, [I]: [q, "ap-northeast-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "ap-south-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "ap-southeast-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "ap-southeast-2"] }], endpoint: u, [G]: h }, w, { conditions: [{ [H]: d, [I]: [q, "ca-central-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-central-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-north-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-west-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-west-2"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-west-3"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "sa-east-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, g] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "us-east-2"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "us-west-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "us-west-2"] }], endpoint: u, [G]: h }, { endpoint: { url: i, properties: { authSchemes: [{ name: e, signingName: f, signingRegion: "{Region}" }] }, headers: v }, [G]: h }], [G]: j }, { conditions: C, rules: [{ conditions: D, error: "Invalid Configuration: FIPS and custom endpoint are not supported", [G]: k }, { conditions: E, error: "Invalid Configuration: Dualstack and custom endpoint are not supported", [G]: k }, { endpoint: { url: o, properties: v, headers: v }, [G]: h }], [G]: j }, { conditions: [p], rules: [{ conditions: [r], rules: [{ conditions: [x, y], rules: [{ conditions: [{ [H]: c, [I]: [b, z] }, B], rules: [{ endpoint: { url: "https://sts-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: v, headers: v }, [G]: h }], [G]: j }, { error: "FIPS and DualStack are enabled, but this partition does not support one or both", [G]: k }], [G]: j }, { conditions: D, rules: [{ conditions: [{ [H]: c, [I]: [z, b] }], rules: [{ conditions: [{ [H]: d, [I]: [{ [H]: l, [I]: [A, "name"] }, "aws-us-gov"] }], endpoint: { url: "https://sts.{Region}.amazonaws.com", properties: v, headers: v }, [G]: h }, { endpoint: { url: "https://sts-fips.{Region}.{PartitionResult#dnsSuffix}", properties: v, headers: v }, [G]: h }], [G]: j }, { error: "FIPS is enabled but this partition does not support FIPS", [G]: k }], [G]: j }, { conditions: E, rules: [{ conditions: [B], rules: [{ endpoint: { url: "https://sts.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: v, headers: v }, [G]: h }], [G]: j }, { error: "DualStack is enabled but this partition does not support DualStack", [G]: k }], [G]: j }, w, { endpoint: { url: i, properties: v, headers: v }, [G]: h }], [G]: j }], [G]: j }, { error: "Invalid Configuration: Missing Region", [G]: k }] }; -exports.ruleSet = _data; - - -/***/ }), - -/***/ 2209: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); +// src/submodules/protocols/query/QueryShapeSerializer.ts +var import_protocols4 = __nccwpck_require__(2241); +var import_schema6 = __nccwpck_require__(9826); +var import_serde6 = __nccwpck_require__(7669); +var import_smithy_client4 = __nccwpck_require__(3570); +var import_util_base642 = __nccwpck_require__(5600); +var QueryShapeSerializer = class extends SerdeContextConfig { + constructor(settings) { + super(); + this.settings = settings; + } + static { + __name(this, "QueryShapeSerializer"); + } + buffer; + write(schema, value, prefix = "") { + if (this.buffer === void 0) { + this.buffer = ""; + } + const ns = import_schema6.NormalizedSchema.of(schema); + if (prefix && !prefix.endsWith(".")) { + prefix += "."; + } + if (ns.isBlobSchema()) { + if (typeof value === "string" || value instanceof Uint8Array) { + this.writeKey(prefix); + this.writeValue((this.serdeContext?.base64Encoder ?? import_util_base642.toBase64)(value)); + } + } else if (ns.isBooleanSchema() || ns.isNumericSchema() || ns.isStringSchema()) { + if (value != null) { + this.writeKey(prefix); + this.writeValue(String(value)); + } + } else if (ns.isBigIntegerSchema()) { + if (value != null) { + this.writeKey(prefix); + this.writeValue(String(value)); + } + } else if (ns.isBigDecimalSchema()) { + if (value != null) { + this.writeKey(prefix); + this.writeValue(value instanceof import_serde6.NumericValue ? value.string : String(value)); + } + } else if (ns.isTimestampSchema()) { + if (value instanceof Date) { + this.writeKey(prefix); + const format = (0, import_protocols4.determineTimestampFormat)(ns, this.settings); + switch (format) { + case import_schema6.SCHEMA.TIMESTAMP_DATE_TIME: + this.writeValue(value.toISOString().replace(".000Z", "Z")); + break; + case import_schema6.SCHEMA.TIMESTAMP_HTTP_DATE: + this.writeValue((0, import_smithy_client4.dateToUtcString)(value)); + break; + case import_schema6.SCHEMA.TIMESTAMP_EPOCH_SECONDS: + this.writeValue(String(value.getTime() / 1e3)); + break; + } + } + } else if (ns.isDocumentSchema()) { + throw new Error(`@aws-sdk/core/protocols - QuerySerializer unsupported document type ${ns.getName(true)}`); + } else if (ns.isListSchema()) { + if (Array.isArray(value)) { + if (value.length === 0) { + if (this.settings.serializeEmptyLists) { + this.writeKey(prefix); + this.writeValue(""); + } + } else { + const member = ns.getValueSchema(); + const flat = this.settings.flattenLists || ns.getMergedTraits().xmlFlattened; + let i = 1; + for (const item of value) { + if (item == null) { + continue; + } + const suffix = this.getKey("member", member.getMergedTraits().xmlName); + const key = flat ? `${prefix}${i}` : `${prefix}${suffix}.${i}`; + this.write(member, item, key); + ++i; + } + } + } + } else if (ns.isMapSchema()) { + if (value && typeof value === "object") { + const keySchema = ns.getKeySchema(); + const memberSchema = ns.getValueSchema(); + const flat = ns.getMergedTraits().xmlFlattened; + let i = 1; + for (const [k, v] of Object.entries(value)) { + if (v == null) { + continue; + } + const keySuffix = this.getKey("key", keySchema.getMergedTraits().xmlName); + const key = flat ? `${prefix}${i}.${keySuffix}` : `${prefix}entry.${i}.${keySuffix}`; + const valueSuffix = this.getKey("value", memberSchema.getMergedTraits().xmlName); + const valueKey = flat ? `${prefix}${i}.${valueSuffix}` : `${prefix}entry.${i}.${valueSuffix}`; + this.write(keySchema, k, key); + this.write(memberSchema, v, valueKey); + ++i; + } + } + } else if (ns.isStructSchema()) { + if (value && typeof value === "object") { + for (const [memberName, member] of ns.structIterator()) { + if (value[memberName] == null) { + continue; + } + const suffix = this.getKey(memberName, member.getMergedTraits().xmlName); + const key = `${prefix}${suffix}`; + this.write(member, value[memberName], key); + } + } + } else if (ns.isUnitSchema()) { + } else { + throw new Error(`@aws-sdk/core/protocols - QuerySerializer unrecognized schema type ${ns.getName(true)}`); + } + } + flush() { + if (this.buffer === void 0) { + throw new Error("@aws-sdk/core/protocols - QuerySerializer cannot flush with nothing written to buffer."); + } + const str = this.buffer; + delete this.buffer; + return str; } - return to; -}; -var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default")); -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - AssumeRoleCommand: () => AssumeRoleCommand, - AssumeRoleResponseFilterSensitiveLog: () => AssumeRoleResponseFilterSensitiveLog, - AssumeRoleWithSAMLCommand: () => AssumeRoleWithSAMLCommand, - AssumeRoleWithSAMLRequestFilterSensitiveLog: () => AssumeRoleWithSAMLRequestFilterSensitiveLog, - AssumeRoleWithSAMLResponseFilterSensitiveLog: () => AssumeRoleWithSAMLResponseFilterSensitiveLog, - AssumeRoleWithWebIdentityCommand: () => AssumeRoleWithWebIdentityCommand, - AssumeRoleWithWebIdentityRequestFilterSensitiveLog: () => AssumeRoleWithWebIdentityRequestFilterSensitiveLog, - AssumeRoleWithWebIdentityResponseFilterSensitiveLog: () => AssumeRoleWithWebIdentityResponseFilterSensitiveLog, - AssumeRootCommand: () => AssumeRootCommand, - AssumeRootResponseFilterSensitiveLog: () => AssumeRootResponseFilterSensitiveLog, - ClientInputEndpointParameters: () => import_EndpointParameters10.ClientInputEndpointParameters, - CredentialsFilterSensitiveLog: () => CredentialsFilterSensitiveLog, - DecodeAuthorizationMessageCommand: () => DecodeAuthorizationMessageCommand, - ExpiredTokenException: () => ExpiredTokenException, - GetAccessKeyInfoCommand: () => GetAccessKeyInfoCommand, - GetCallerIdentityCommand: () => GetCallerIdentityCommand, - GetFederationTokenCommand: () => GetFederationTokenCommand, - GetFederationTokenResponseFilterSensitiveLog: () => GetFederationTokenResponseFilterSensitiveLog, - GetSessionTokenCommand: () => GetSessionTokenCommand, - GetSessionTokenResponseFilterSensitiveLog: () => GetSessionTokenResponseFilterSensitiveLog, - IDPCommunicationErrorException: () => IDPCommunicationErrorException, - IDPRejectedClaimException: () => IDPRejectedClaimException, - InvalidAuthorizationMessageException: () => InvalidAuthorizationMessageException, - InvalidIdentityTokenException: () => InvalidIdentityTokenException, - MalformedPolicyDocumentException: () => MalformedPolicyDocumentException, - PackedPolicyTooLargeException: () => PackedPolicyTooLargeException, - RegionDisabledException: () => RegionDisabledException, - STS: () => STS, - STSServiceException: () => STSServiceException, - decorateDefaultCredentialProvider: () => decorateDefaultCredentialProvider, - getDefaultRoleAssumer: () => getDefaultRoleAssumer2, - getDefaultRoleAssumerWithWebIdentity: () => getDefaultRoleAssumerWithWebIdentity2 -}); -module.exports = __toCommonJS(index_exports); -__reExport(index_exports, __nccwpck_require__(4195), module.exports); - -// src/STS.ts - - -// src/commands/AssumeRoleCommand.ts -var import_middleware_endpoint = __nccwpck_require__(2918); -var import_middleware_serde = __nccwpck_require__(1238); - -var import_EndpointParameters = __nccwpck_require__(510); - -// src/models/models_0.ts - - -// src/models/STSServiceException.ts -var import_smithy_client = __nccwpck_require__(3570); -var STSServiceException = class _STSServiceException extends import_smithy_client.ServiceException { - static { - __name(this, "STSServiceException"); + getKey(memberName, xmlName) { + const key = xmlName ?? memberName; + if (this.settings.capitalizeKeys) { + return key[0].toUpperCase() + key.slice(1); + } + return key; } - /** - * @internal - */ - constructor(options) { - super(options); - Object.setPrototypeOf(this, _STSServiceException.prototype); + writeKey(key) { + if (key.endsWith(".")) { + key = key.slice(0, key.length - 1); + } + this.buffer += `&${(0, import_protocols4.extendedEncodeURIComponent)(key)}=`; + } + writeValue(value) { + this.buffer += (0, import_protocols4.extendedEncodeURIComponent)(value); } }; -// src/models/models_0.ts -var ExpiredTokenException = class _ExpiredTokenException extends STSServiceException { - static { - __name(this, "ExpiredTokenException"); - } - name = "ExpiredTokenException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { +// src/submodules/protocols/query/AwsQueryProtocol.ts +var AwsQueryProtocol = class extends import_protocols5.RpcProtocol { + constructor(options) { super({ - name: "ExpiredTokenException", - $fault: "client", - ...opts + defaultNamespace: options.defaultNamespace }); - Object.setPrototypeOf(this, _ExpiredTokenException.prototype); + this.options = options; + const settings = { + timestampFormat: { + useTrait: true, + default: import_schema7.SCHEMA.TIMESTAMP_DATE_TIME + }, + httpBindings: false, + xmlNamespace: options.xmlNamespace, + serviceNamespace: options.defaultNamespace, + serializeEmptyLists: true + }; + this.serializer = new QueryShapeSerializer(settings); + this.deserializer = new XmlShapeDeserializer(settings); } -}; -var MalformedPolicyDocumentException = class _MalformedPolicyDocumentException extends STSServiceException { static { - __name(this, "MalformedPolicyDocumentException"); - } - name = "MalformedPolicyDocumentException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "MalformedPolicyDocumentException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _MalformedPolicyDocumentException.prototype); + __name(this, "AwsQueryProtocol"); } -}; -var PackedPolicyTooLargeException = class _PackedPolicyTooLargeException extends STSServiceException { - static { - __name(this, "PackedPolicyTooLargeException"); + serializer; + deserializer; + getShapeId() { + return "aws.protocols#awsQuery"; } - name = "PackedPolicyTooLargeException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "PackedPolicyTooLargeException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _PackedPolicyTooLargeException.prototype); + setSerdeContext(serdeContext) { + this.serializer.setSerdeContext(serdeContext); + this.deserializer.setSerdeContext(serdeContext); } -}; -var RegionDisabledException = class _RegionDisabledException extends STSServiceException { - static { - __name(this, "RegionDisabledException"); + getPayloadCodec() { + throw new Error("AWSQuery protocol has no payload codec."); } - name = "RegionDisabledException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "RegionDisabledException", - $fault: "client", - ...opts + async serializeRequest(operationSchema, input, context) { + const request = await super.serializeRequest(operationSchema, input, context); + if (!request.path.endsWith("/")) { + request.path += "/"; + } + Object.assign(request.headers, { + "content-type": `application/x-www-form-urlencoded` }); - Object.setPrototypeOf(this, _RegionDisabledException.prototype); + if ((0, import_schema7.deref)(operationSchema.input) === "unit" || !request.body) { + request.body = ""; + } + request.body = `Action=${operationSchema.name.split("#")[1]}&Version=${this.options.version}` + request.body; + if (request.body.endsWith("&")) { + request.body = request.body.slice(-1); + } + try { + request.headers["content-length"] = String((0, import_util_body_length_browser3.calculateBodyLength)(request.body)); + } catch (e) { + } + return request; } -}; -var IDPRejectedClaimException = class _IDPRejectedClaimException extends STSServiceException { - static { - __name(this, "IDPRejectedClaimException"); + async deserializeResponse(operationSchema, context, response) { + const deserializer = this.deserializer; + const ns = import_schema7.NormalizedSchema.of(operationSchema.output); + const dataObject = {}; + if (response.statusCode >= 300) { + const bytes2 = await (0, import_protocols5.collectBody)(response.body, context); + if (bytes2.byteLength > 0) { + Object.assign(dataObject, await deserializer.read(import_schema7.SCHEMA.DOCUMENT, bytes2)); + } + await this.handleError(operationSchema, context, response, dataObject, this.deserializeMetadata(response)); + } + for (const header in response.headers) { + const value = response.headers[header]; + delete response.headers[header]; + response.headers[header.toLowerCase()] = value; + } + const awsQueryResultKey = ns.isStructSchema() && this.useNestedResult() ? operationSchema.name.split("#")[1] + "Result" : void 0; + const bytes = await (0, import_protocols5.collectBody)(response.body, context); + if (bytes.byteLength > 0) { + Object.assign(dataObject, await deserializer.read(ns, bytes, awsQueryResultKey)); + } + const output = { + $metadata: this.deserializeMetadata(response), + ...dataObject + }; + return output; } - name = "IDPRejectedClaimException"; - $fault = "client"; /** - * @internal + * EC2 Query overrides this. */ - constructor(opts) { - super({ - name: "IDPRejectedClaimException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _IDPRejectedClaimException.prototype); - } -}; -var InvalidIdentityTokenException = class _InvalidIdentityTokenException extends STSServiceException { - static { - __name(this, "InvalidIdentityTokenException"); + useNestedResult() { + return true; } - name = "InvalidIdentityTokenException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "InvalidIdentityTokenException", - $fault: "client", - ...opts + async handleError(operationSchema, context, response, dataObject, metadata) { + const errorIdentifier = this.loadQueryErrorCode(response, dataObject) ?? "Unknown"; + let namespace = this.options.defaultNamespace; + let errorName = errorIdentifier; + if (errorIdentifier.includes("#")) { + [namespace, errorName] = errorIdentifier.split("#"); + } + const errorDataSource = this.loadQueryError(dataObject); + const registry = import_schema7.TypeRegistry.for(namespace); + let errorSchema; + try { + errorSchema = registry.find( + (schema) => import_schema7.NormalizedSchema.of(schema).getMergedTraits().awsQueryError?.[0] === errorName + ); + if (!errorSchema) { + errorSchema = registry.getSchema(errorIdentifier); + } + } catch (e) { + const baseExceptionSchema = import_schema7.TypeRegistry.for("smithy.ts.sdk.synthetic." + namespace).getBaseException(); + if (baseExceptionSchema) { + const ErrorCtor = baseExceptionSchema.ctor; + throw Object.assign(new ErrorCtor(errorName), errorDataSource); + } + throw new Error(errorName); + } + const ns = import_schema7.NormalizedSchema.of(errorSchema); + const message = this.loadQueryErrorMessage(dataObject); + const exception = new errorSchema.ctor(message); + const output = {}; + for (const [name, member] of ns.structIterator()) { + const target = member.getMergedTraits().xmlName ?? name; + const value = errorDataSource[target] ?? dataObject[target]; + output[name] = this.deserializer.readSchema(member, value); + } + Object.assign(exception, { + $metadata: metadata, + $response: response, + $fault: ns.getMergedTraits().error, + message, + ...output }); - Object.setPrototypeOf(this, _InvalidIdentityTokenException.prototype); - } -}; -var IDPCommunicationErrorException = class _IDPCommunicationErrorException extends STSServiceException { - static { - __name(this, "IDPCommunicationErrorException"); + throw exception; } - name = "IDPCommunicationErrorException"; - $fault = "client"; /** - * @internal + * The variations in the error and error message locations are attributed to + * divergence between AWS Query and EC2 Query behavior. */ - constructor(opts) { - super({ - name: "IDPCommunicationErrorException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _IDPCommunicationErrorException.prototype); + loadQueryErrorCode(output, data) { + const code = (data.Errors?.[0]?.Error ?? data.Errors?.Error ?? data.Error)?.Code; + if (code !== void 0) { + return code; + } + if (output.statusCode == 404) { + return "NotFound"; + } } -}; -var InvalidAuthorizationMessageException = class _InvalidAuthorizationMessageException extends STSServiceException { - static { - __name(this, "InvalidAuthorizationMessageException"); + loadQueryError(data) { + return data.Errors?.[0]?.Error ?? data.Errors?.Error ?? data.Error; } - name = "InvalidAuthorizationMessageException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "InvalidAuthorizationMessageException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _InvalidAuthorizationMessageException.prototype); + loadQueryErrorMessage(data) { + const errorData = this.loadQueryError(data); + return errorData?.message ?? errorData?.Message ?? data.message ?? data.Message ?? "Unknown"; } }; -var CredentialsFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.SecretAccessKey && { SecretAccessKey: import_smithy_client.SENSITIVE_STRING } -}), "CredentialsFilterSensitiveLog"); -var AssumeRoleResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) } -}), "AssumeRoleResponseFilterSensitiveLog"); -var AssumeRoleWithSAMLRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.SAMLAssertion && { SAMLAssertion: import_smithy_client.SENSITIVE_STRING } -}), "AssumeRoleWithSAMLRequestFilterSensitiveLog"); -var AssumeRoleWithSAMLResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) } -}), "AssumeRoleWithSAMLResponseFilterSensitiveLog"); -var AssumeRoleWithWebIdentityRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.WebIdentityToken && { WebIdentityToken: import_smithy_client.SENSITIVE_STRING } -}), "AssumeRoleWithWebIdentityRequestFilterSensitiveLog"); -var AssumeRoleWithWebIdentityResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) } -}), "AssumeRoleWithWebIdentityResponseFilterSensitiveLog"); -var AssumeRootResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) } -}), "AssumeRootResponseFilterSensitiveLog"); -var GetFederationTokenResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) } -}), "GetFederationTokenResponseFilterSensitiveLog"); -var GetSessionTokenResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) } -}), "GetSessionTokenResponseFilterSensitiveLog"); - -// src/protocols/Aws_query.ts -var import_core = __nccwpck_require__(2143); -var import_protocol_http = __nccwpck_require__(4418); -var se_AssumeRoleCommand = /* @__PURE__ */ __name(async (input, context) => { - const headers = SHARED_HEADERS; - let body; - body = buildFormUrlencodedString({ - ...se_AssumeRoleRequest(input, context), - [_A]: _AR, - [_V]: _ - }); - return buildHttpRpcRequest(context, headers, "/", void 0, body); -}, "se_AssumeRoleCommand"); -var se_AssumeRoleWithSAMLCommand = /* @__PURE__ */ __name(async (input, context) => { - const headers = SHARED_HEADERS; - let body; - body = buildFormUrlencodedString({ - ...se_AssumeRoleWithSAMLRequest(input, context), - [_A]: _ARWSAML, - [_V]: _ - }); - return buildHttpRpcRequest(context, headers, "/", void 0, body); -}, "se_AssumeRoleWithSAMLCommand"); -var se_AssumeRoleWithWebIdentityCommand = /* @__PURE__ */ __name(async (input, context) => { - const headers = SHARED_HEADERS; - let body; - body = buildFormUrlencodedString({ - ...se_AssumeRoleWithWebIdentityRequest(input, context), - [_A]: _ARWWI, - [_V]: _ - }); - return buildHttpRpcRequest(context, headers, "/", void 0, body); -}, "se_AssumeRoleWithWebIdentityCommand"); -var se_AssumeRootCommand = /* @__PURE__ */ __name(async (input, context) => { - const headers = SHARED_HEADERS; - let body; - body = buildFormUrlencodedString({ - ...se_AssumeRootRequest(input, context), - [_A]: _ARs, - [_V]: _ - }); - return buildHttpRpcRequest(context, headers, "/", void 0, body); -}, "se_AssumeRootCommand"); -var se_DecodeAuthorizationMessageCommand = /* @__PURE__ */ __name(async (input, context) => { - const headers = SHARED_HEADERS; - let body; - body = buildFormUrlencodedString({ - ...se_DecodeAuthorizationMessageRequest(input, context), - [_A]: _DAM, - [_V]: _ - }); - return buildHttpRpcRequest(context, headers, "/", void 0, body); -}, "se_DecodeAuthorizationMessageCommand"); -var se_GetAccessKeyInfoCommand = /* @__PURE__ */ __name(async (input, context) => { - const headers = SHARED_HEADERS; - let body; - body = buildFormUrlencodedString({ - ...se_GetAccessKeyInfoRequest(input, context), - [_A]: _GAKI, - [_V]: _ - }); - return buildHttpRpcRequest(context, headers, "/", void 0, body); -}, "se_GetAccessKeyInfoCommand"); -var se_GetCallerIdentityCommand = /* @__PURE__ */ __name(async (input, context) => { - const headers = SHARED_HEADERS; - let body; - body = buildFormUrlencodedString({ - ...se_GetCallerIdentityRequest(input, context), - [_A]: _GCI, - [_V]: _ - }); - return buildHttpRpcRequest(context, headers, "/", void 0, body); -}, "se_GetCallerIdentityCommand"); -var se_GetFederationTokenCommand = /* @__PURE__ */ __name(async (input, context) => { - const headers = SHARED_HEADERS; - let body; - body = buildFormUrlencodedString({ - ...se_GetFederationTokenRequest(input, context), - [_A]: _GFT, - [_V]: _ - }); - return buildHttpRpcRequest(context, headers, "/", void 0, body); -}, "se_GetFederationTokenCommand"); -var se_GetSessionTokenCommand = /* @__PURE__ */ __name(async (input, context) => { - const headers = SHARED_HEADERS; - let body; - body = buildFormUrlencodedString({ - ...se_GetSessionTokenRequest(input, context), - [_A]: _GST, - [_V]: _ - }); - return buildHttpRpcRequest(context, headers, "/", void 0, body); -}, "se_GetSessionTokenCommand"); -var de_AssumeRoleCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode >= 300) { - return de_CommandError(output, context); +// src/submodules/protocols/query/AwsEc2QueryProtocol.ts +var AwsEc2QueryProtocol = class extends AwsQueryProtocol { + constructor(options) { + super(options); + this.options = options; + const ec2Settings = { + capitalizeKeys: true, + flattenLists: true, + serializeEmptyLists: false + }; + Object.assign(this.serializer.settings, ec2Settings); } - const data = await (0, import_core.parseXmlBody)(output.body, context); - let contents = {}; - contents = de_AssumeRoleResponse(data.AssumeRoleResult, context); - const response = { - $metadata: deserializeMetadata(output), - ...contents - }; - return response; -}, "de_AssumeRoleCommand"); -var de_AssumeRoleWithSAMLCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode >= 300) { - return de_CommandError(output, context); + static { + __name(this, "AwsEc2QueryProtocol"); } - const data = await (0, import_core.parseXmlBody)(output.body, context); - let contents = {}; - contents = de_AssumeRoleWithSAMLResponse(data.AssumeRoleWithSAMLResult, context); - const response = { - $metadata: deserializeMetadata(output), - ...contents - }; - return response; -}, "de_AssumeRoleWithSAMLCommand"); -var de_AssumeRoleWithWebIdentityCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode >= 300) { - return de_CommandError(output, context); + /** + * EC2 Query reads XResponse.XResult instead of XResponse directly. + */ + useNestedResult() { + return false; } - const data = await (0, import_core.parseXmlBody)(output.body, context); - let contents = {}; - contents = de_AssumeRoleWithWebIdentityResponse(data.AssumeRoleWithWebIdentityResult, context); - const response = { - $metadata: deserializeMetadata(output), - ...contents - }; - return response; -}, "de_AssumeRoleWithWebIdentityCommand"); -var de_AssumeRootCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode >= 300) { - return de_CommandError(output, context); +}; + +// src/submodules/protocols/xml/AwsRestXmlProtocol.ts +var import_protocols6 = __nccwpck_require__(2241); +var import_schema9 = __nccwpck_require__(9826); +var import_util_body_length_browser4 = __nccwpck_require__(713); + +// src/submodules/protocols/xml/parseXmlBody.ts +var import_smithy_client5 = __nccwpck_require__(3570); +var import_fast_xml_parser2 = __nccwpck_require__(7773); +var parseXmlBody = /* @__PURE__ */ __name((streamBody, context) => collectBodyString(streamBody, context).then((encoded) => { + if (encoded.length) { + const parser = new import_fast_xml_parser2.XMLParser({ + attributeNamePrefix: "", + htmlEntities: true, + ignoreAttributes: false, + ignoreDeclaration: true, + parseTagValue: false, + trimValues: false, + tagValueProcessor: /* @__PURE__ */ __name((_, val) => val.trim() === "" && val.includes("\n") ? "" : void 0, "tagValueProcessor") + }); + parser.addEntity("#xD", "\r"); + parser.addEntity("#10", "\n"); + let parsedObj; + try { + parsedObj = parser.parse(encoded, true); + } catch (e) { + if (e && typeof e === "object") { + Object.defineProperty(e, "$responseBodyText", { + value: encoded + }); + } + throw e; + } + const textNodeName = "#text"; + const key = Object.keys(parsedObj)[0]; + const parsedObjToReturn = parsedObj[key]; + if (parsedObjToReturn[textNodeName]) { + parsedObjToReturn[key] = parsedObjToReturn[textNodeName]; + delete parsedObjToReturn[textNodeName]; + } + return (0, import_smithy_client5.getValueFromTextNode)(parsedObjToReturn); } - const data = await (0, import_core.parseXmlBody)(output.body, context); - let contents = {}; - contents = de_AssumeRootResponse(data.AssumeRootResult, context); - const response = { - $metadata: deserializeMetadata(output), - ...contents - }; - return response; -}, "de_AssumeRootCommand"); -var de_DecodeAuthorizationMessageCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode >= 300) { - return de_CommandError(output, context); + return {}; +}), "parseXmlBody"); +var parseXmlErrorBody = /* @__PURE__ */ __name(async (errorBody, context) => { + const value = await parseXmlBody(errorBody, context); + if (value.Error) { + value.Error.message = value.Error.message ?? value.Error.Message; } - const data = await (0, import_core.parseXmlBody)(output.body, context); - let contents = {}; - contents = de_DecodeAuthorizationMessageResponse(data.DecodeAuthorizationMessageResult, context); - const response = { - $metadata: deserializeMetadata(output), - ...contents - }; - return response; -}, "de_DecodeAuthorizationMessageCommand"); -var de_GetAccessKeyInfoCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode >= 300) { - return de_CommandError(output, context); + return value; +}, "parseXmlErrorBody"); +var loadRestXmlErrorCode = /* @__PURE__ */ __name((output, data) => { + if (data?.Error?.Code !== void 0) { + return data.Error.Code; } - const data = await (0, import_core.parseXmlBody)(output.body, context); - let contents = {}; - contents = de_GetAccessKeyInfoResponse(data.GetAccessKeyInfoResult, context); - const response = { - $metadata: deserializeMetadata(output), - ...contents - }; - return response; -}, "de_GetAccessKeyInfoCommand"); -var de_GetCallerIdentityCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode >= 300) { - return de_CommandError(output, context); + if (data?.Code !== void 0) { + return data.Code; } - const data = await (0, import_core.parseXmlBody)(output.body, context); - let contents = {}; - contents = de_GetCallerIdentityResponse(data.GetCallerIdentityResult, context); - const response = { - $metadata: deserializeMetadata(output), - ...contents - }; - return response; -}, "de_GetCallerIdentityCommand"); -var de_GetFederationTokenCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode >= 300) { - return de_CommandError(output, context); + if (output.statusCode == 404) { + return "NotFound"; } - const data = await (0, import_core.parseXmlBody)(output.body, context); - let contents = {}; - contents = de_GetFederationTokenResponse(data.GetFederationTokenResult, context); - const response = { - $metadata: deserializeMetadata(output), - ...contents - }; - return response; -}, "de_GetFederationTokenCommand"); -var de_GetSessionTokenCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode >= 300) { - return de_CommandError(output, context); +}, "loadRestXmlErrorCode"); + +// src/submodules/protocols/xml/XmlShapeSerializer.ts +var import_xml_builder = __nccwpck_require__(2329); +var import_schema8 = __nccwpck_require__(9826); +var import_serde7 = __nccwpck_require__(7669); +var import_smithy_client6 = __nccwpck_require__(3570); +var import_util_base643 = __nccwpck_require__(5600); +var XmlShapeSerializer = class extends SerdeContextConfig { + constructor(settings) { + super(); + this.settings = settings; } - const data = await (0, import_core.parseXmlBody)(output.body, context); - let contents = {}; - contents = de_GetSessionTokenResponse(data.GetSessionTokenResult, context); - const response = { - $metadata: deserializeMetadata(output), - ...contents - }; - return response; -}, "de_GetSessionTokenCommand"); -var de_CommandError = /* @__PURE__ */ __name(async (output, context) => { - const parsedOutput = { - ...output, - body: await (0, import_core.parseXmlErrorBody)(output.body, context) - }; - const errorCode = loadQueryErrorCode(output, parsedOutput.body); - switch (errorCode) { - case "ExpiredTokenException": - case "com.amazonaws.sts#ExpiredTokenException": - throw await de_ExpiredTokenExceptionRes(parsedOutput, context); - case "MalformedPolicyDocument": - case "com.amazonaws.sts#MalformedPolicyDocumentException": - throw await de_MalformedPolicyDocumentExceptionRes(parsedOutput, context); - case "PackedPolicyTooLarge": - case "com.amazonaws.sts#PackedPolicyTooLargeException": - throw await de_PackedPolicyTooLargeExceptionRes(parsedOutput, context); - case "RegionDisabledException": - case "com.amazonaws.sts#RegionDisabledException": - throw await de_RegionDisabledExceptionRes(parsedOutput, context); - case "IDPRejectedClaim": - case "com.amazonaws.sts#IDPRejectedClaimException": - throw await de_IDPRejectedClaimExceptionRes(parsedOutput, context); - case "InvalidIdentityToken": - case "com.amazonaws.sts#InvalidIdentityTokenException": - throw await de_InvalidIdentityTokenExceptionRes(parsedOutput, context); - case "IDPCommunicationError": - case "com.amazonaws.sts#IDPCommunicationErrorException": - throw await de_IDPCommunicationErrorExceptionRes(parsedOutput, context); - case "InvalidAuthorizationMessageException": - case "com.amazonaws.sts#InvalidAuthorizationMessageException": - throw await de_InvalidAuthorizationMessageExceptionRes(parsedOutput, context); - default: - const parsedBody = parsedOutput.body; - return throwDefaultError({ - output, - parsedBody: parsedBody.Error, - errorCode - }); + static { + __name(this, "XmlShapeSerializer"); } -}, "de_CommandError"); -var de_ExpiredTokenExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_ExpiredTokenException(body.Error, context); - const exception = new ExpiredTokenException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client.decorateServiceException)(exception, body); -}, "de_ExpiredTokenExceptionRes"); -var de_IDPCommunicationErrorExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_IDPCommunicationErrorException(body.Error, context); - const exception = new IDPCommunicationErrorException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client.decorateServiceException)(exception, body); -}, "de_IDPCommunicationErrorExceptionRes"); -var de_IDPRejectedClaimExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_IDPRejectedClaimException(body.Error, context); - const exception = new IDPRejectedClaimException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client.decorateServiceException)(exception, body); -}, "de_IDPRejectedClaimExceptionRes"); -var de_InvalidAuthorizationMessageExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_InvalidAuthorizationMessageException(body.Error, context); - const exception = new InvalidAuthorizationMessageException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client.decorateServiceException)(exception, body); -}, "de_InvalidAuthorizationMessageExceptionRes"); -var de_InvalidIdentityTokenExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_InvalidIdentityTokenException(body.Error, context); - const exception = new InvalidIdentityTokenException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client.decorateServiceException)(exception, body); -}, "de_InvalidIdentityTokenExceptionRes"); -var de_MalformedPolicyDocumentExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_MalformedPolicyDocumentException(body.Error, context); - const exception = new MalformedPolicyDocumentException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client.decorateServiceException)(exception, body); -}, "de_MalformedPolicyDocumentExceptionRes"); -var de_PackedPolicyTooLargeExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_PackedPolicyTooLargeException(body.Error, context); - const exception = new PackedPolicyTooLargeException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client.decorateServiceException)(exception, body); -}, "de_PackedPolicyTooLargeExceptionRes"); -var de_RegionDisabledExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_RegionDisabledException(body.Error, context); - const exception = new RegionDisabledException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client.decorateServiceException)(exception, body); -}, "de_RegionDisabledExceptionRes"); -var se_AssumeRoleRequest = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_RA] != null) { - entries[_RA] = input[_RA]; + stringBuffer; + byteBuffer; + buffer; + write(schema, value) { + const ns = import_schema8.NormalizedSchema.of(schema); + if (ns.isStringSchema() && typeof value === "string") { + this.stringBuffer = value; + } else if (ns.isBlobSchema()) { + this.byteBuffer = "byteLength" in value ? value : (this.serdeContext?.base64Decoder ?? import_util_base643.fromBase64)(value); + } else { + this.buffer = this.writeStruct(ns, value, void 0); + const traits = ns.getMergedTraits(); + if (traits.httpPayload && !traits.xmlName) { + this.buffer.withName(ns.getName()); + } + } } - if (input[_RSN] != null) { - entries[_RSN] = input[_RSN]; + flush() { + if (this.byteBuffer !== void 0) { + const bytes = this.byteBuffer; + delete this.byteBuffer; + return bytes; + } + if (this.stringBuffer !== void 0) { + const str = this.stringBuffer; + delete this.stringBuffer; + return str; + } + const buffer = this.buffer; + if (this.settings.xmlNamespace) { + if (!buffer?.attributes?.["xmlns"]) { + buffer.addAttribute("xmlns", this.settings.xmlNamespace); + } + } + delete this.buffer; + return buffer.toString(); } - if (input[_PA] != null) { - const memberEntries = se_policyDescriptorListType(input[_PA], context); - if (input[_PA]?.length === 0) { - entries.PolicyArns = []; + writeStruct(ns, value, parentXmlns) { + const traits = ns.getMergedTraits(); + const name = ns.isMemberSchema() && !traits.httpPayload ? ns.getMemberTraits().xmlName ?? ns.getMemberName() : traits.xmlName ?? ns.getName(); + if (!name || !ns.isStructSchema()) { + throw new Error( + `@aws-sdk/core/protocols - xml serializer, cannot write struct with empty name or non-struct, schema=${ns.getName( + true + )}.` + ); } - Object.entries(memberEntries).forEach(([key, value]) => { - const loc = `PolicyArns.${key}`; - entries[loc] = value; - }); + const structXmlNode = import_xml_builder.XmlNode.of(name); + const [xmlnsAttr, xmlns] = this.getXmlnsAttribute(ns, parentXmlns); + if (xmlns) { + structXmlNode.addAttribute(xmlnsAttr, xmlns); + } + for (const [memberName, memberSchema] of ns.structIterator()) { + const val = value[memberName]; + if (val != null) { + if (memberSchema.getMergedTraits().xmlAttribute) { + structXmlNode.addAttribute( + memberSchema.getMergedTraits().xmlName ?? memberName, + this.writeSimple(memberSchema, val) + ); + continue; + } + if (memberSchema.isListSchema()) { + this.writeList(memberSchema, val, structXmlNode, xmlns); + } else if (memberSchema.isMapSchema()) { + this.writeMap(memberSchema, val, structXmlNode, xmlns); + } else if (memberSchema.isStructSchema()) { + structXmlNode.addChildNode(this.writeStruct(memberSchema, val, xmlns)); + } else { + const memberNode = import_xml_builder.XmlNode.of(memberSchema.getMergedTraits().xmlName ?? memberSchema.getMemberName()); + this.writeSimpleInto(memberSchema, val, memberNode, xmlns); + structXmlNode.addChildNode(memberNode); + } + } + } + return structXmlNode; } - if (input[_P] != null) { - entries[_P] = input[_P]; + writeList(listMember, array, container, parentXmlns) { + if (!listMember.isMemberSchema()) { + throw new Error( + `@aws-sdk/core/protocols - xml serializer, cannot write non-member list: ${listMember.getName(true)}` + ); + } + const listTraits = listMember.getMergedTraits(); + const listValueSchema = listMember.getValueSchema(); + const listValueTraits = listValueSchema.getMergedTraits(); + const sparse = !!listValueTraits.sparse; + const flat = !!listTraits.xmlFlattened; + const [xmlnsAttr, xmlns] = this.getXmlnsAttribute(listMember, parentXmlns); + const writeItem = /* @__PURE__ */ __name((container2, value) => { + if (listValueSchema.isListSchema()) { + this.writeList(listValueSchema, Array.isArray(value) ? value : [value], container2, xmlns); + } else if (listValueSchema.isMapSchema()) { + this.writeMap(listValueSchema, value, container2, xmlns); + } else if (listValueSchema.isStructSchema()) { + const struct = this.writeStruct(listValueSchema, value, xmlns); + container2.addChildNode( + struct.withName(flat ? listTraits.xmlName ?? listMember.getMemberName() : listValueTraits.xmlName ?? "member") + ); + } else { + const listItemNode = import_xml_builder.XmlNode.of( + flat ? listTraits.xmlName ?? listMember.getMemberName() : listValueTraits.xmlName ?? "member" + ); + this.writeSimpleInto(listValueSchema, value, listItemNode, xmlns); + container2.addChildNode(listItemNode); + } + }, "writeItem"); + if (flat) { + for (const value of array) { + if (sparse || value != null) { + writeItem(container, value); + } + } + } else { + const listNode = import_xml_builder.XmlNode.of(listTraits.xmlName ?? listMember.getMemberName()); + if (xmlns) { + listNode.addAttribute(xmlnsAttr, xmlns); + } + for (const value of array) { + if (sparse || value != null) { + writeItem(listNode, value); + } + } + container.addChildNode(listNode); + } } - if (input[_DS] != null) { - entries[_DS] = input[_DS]; + writeMap(mapMember, map, container, parentXmlns, containerIsMap = false) { + if (!mapMember.isMemberSchema()) { + throw new Error( + `@aws-sdk/core/protocols - xml serializer, cannot write non-member map: ${mapMember.getName(true)}` + ); + } + const mapTraits = mapMember.getMergedTraits(); + const mapKeySchema = mapMember.getKeySchema(); + const mapKeyTraits = mapKeySchema.getMergedTraits(); + const keyTag = mapKeyTraits.xmlName ?? "key"; + const mapValueSchema = mapMember.getValueSchema(); + const mapValueTraits = mapValueSchema.getMergedTraits(); + const valueTag = mapValueTraits.xmlName ?? "value"; + const sparse = !!mapValueTraits.sparse; + const flat = !!mapTraits.xmlFlattened; + const [xmlnsAttr, xmlns] = this.getXmlnsAttribute(mapMember, parentXmlns); + const addKeyValue = /* @__PURE__ */ __name((entry, key, val) => { + const keyNode = import_xml_builder.XmlNode.of(keyTag, key); + const [keyXmlnsAttr, keyXmlns] = this.getXmlnsAttribute(mapKeySchema, xmlns); + if (keyXmlns) { + keyNode.addAttribute(keyXmlnsAttr, keyXmlns); + } + entry.addChildNode(keyNode); + let valueNode = import_xml_builder.XmlNode.of(valueTag); + if (mapValueSchema.isListSchema()) { + this.writeList(mapValueSchema, val, valueNode, xmlns); + } else if (mapValueSchema.isMapSchema()) { + this.writeMap(mapValueSchema, val, valueNode, xmlns, true); + } else if (mapValueSchema.isStructSchema()) { + valueNode = this.writeStruct(mapValueSchema, val, xmlns); + } else { + this.writeSimpleInto(mapValueSchema, val, valueNode, xmlns); + } + entry.addChildNode(valueNode); + }, "addKeyValue"); + if (flat) { + for (const [key, val] of Object.entries(map)) { + if (sparse || val != null) { + const entry = import_xml_builder.XmlNode.of(mapTraits.xmlName ?? mapMember.getMemberName()); + addKeyValue(entry, key, val); + container.addChildNode(entry); + } + } + } else { + let mapNode; + if (!containerIsMap) { + mapNode = import_xml_builder.XmlNode.of(mapTraits.xmlName ?? mapMember.getMemberName()); + if (xmlns) { + mapNode.addAttribute(xmlnsAttr, xmlns); + } + container.addChildNode(mapNode); + } + for (const [key, val] of Object.entries(map)) { + if (sparse || val != null) { + const entry = import_xml_builder.XmlNode.of("entry"); + addKeyValue(entry, key, val); + (containerIsMap ? container : mapNode).addChildNode(entry); + } + } + } } - if (input[_T] != null) { - const memberEntries = se_tagListType(input[_T], context); - if (input[_T]?.length === 0) { - entries.Tags = []; + writeSimple(_schema, value) { + if (null === value) { + throw new Error("@aws-sdk/core/protocols - (XML serializer) cannot write null value."); + } + const ns = import_schema8.NormalizedSchema.of(_schema); + let nodeContents = null; + if (value && typeof value === "object") { + if (ns.isBlobSchema()) { + nodeContents = (this.serdeContext?.base64Encoder ?? import_util_base643.toBase64)(value); + } else if (ns.isTimestampSchema() && value instanceof Date) { + const options = this.settings.timestampFormat; + const format = options.useTrait ? ns.getSchema() === import_schema8.SCHEMA.TIMESTAMP_DEFAULT ? options.default : ns.getSchema() ?? options.default : options.default; + switch (format) { + case import_schema8.SCHEMA.TIMESTAMP_DATE_TIME: + nodeContents = value.toISOString().replace(".000Z", "Z"); + break; + case import_schema8.SCHEMA.TIMESTAMP_HTTP_DATE: + nodeContents = (0, import_smithy_client6.dateToUtcString)(value); + break; + case import_schema8.SCHEMA.TIMESTAMP_EPOCH_SECONDS: + nodeContents = String(value.getTime() / 1e3); + break; + default: + console.warn("Missing timestamp format, using http date", value); + nodeContents = (0, import_smithy_client6.dateToUtcString)(value); + break; + } + } else if (ns.isBigDecimalSchema() && value) { + if (value instanceof import_serde7.NumericValue) { + return value.string; + } + return String(value); + } else if (ns.isMapSchema() || ns.isListSchema()) { + throw new Error( + "@aws-sdk/core/protocols - xml serializer, cannot call _write() on List/Map schema, call writeList or writeMap() instead." + ); + } else { + throw new Error( + `@aws-sdk/core/protocols - xml serializer, unhandled schema type for object value and schema: ${ns.getName( + true + )}` + ); + } } - Object.entries(memberEntries).forEach(([key, value]) => { - const loc = `Tags.${key}`; - entries[loc] = value; - }); - } - if (input[_TTK] != null) { - const memberEntries = se_tagKeyListType(input[_TTK], context); - if (input[_TTK]?.length === 0) { - entries.TransitiveTagKeys = []; + if (ns.isStringSchema() || ns.isBooleanSchema() || ns.isNumericSchema() || ns.isBigIntegerSchema() || ns.isBigDecimalSchema()) { + nodeContents = String(value); } - Object.entries(memberEntries).forEach(([key, value]) => { - const loc = `TransitiveTagKeys.${key}`; - entries[loc] = value; - }); - } - if (input[_EI] != null) { - entries[_EI] = input[_EI]; - } - if (input[_SN] != null) { - entries[_SN] = input[_SN]; - } - if (input[_TC] != null) { - entries[_TC] = input[_TC]; - } - if (input[_SI] != null) { - entries[_SI] = input[_SI]; - } - if (input[_PC] != null) { - const memberEntries = se_ProvidedContextsListType(input[_PC], context); - if (input[_PC]?.length === 0) { - entries.ProvidedContexts = []; + if (nodeContents === null) { + throw new Error(`Unhandled schema-value pair ${ns.getName(true)}=${value}`); } - Object.entries(memberEntries).forEach(([key, value]) => { - const loc = `ProvidedContexts.${key}`; - entries[loc] = value; - }); - } - return entries; -}, "se_AssumeRoleRequest"); -var se_AssumeRoleWithSAMLRequest = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_RA] != null) { - entries[_RA] = input[_RA]; - } - if (input[_PAr] != null) { - entries[_PAr] = input[_PAr]; - } - if (input[_SAMLA] != null) { - entries[_SAMLA] = input[_SAMLA]; + return nodeContents; } - if (input[_PA] != null) { - const memberEntries = se_policyDescriptorListType(input[_PA], context); - if (input[_PA]?.length === 0) { - entries.PolicyArns = []; + writeSimpleInto(_schema, value, into, parentXmlns) { + const nodeContents = this.writeSimple(_schema, value); + const ns = import_schema8.NormalizedSchema.of(_schema); + const content = new import_xml_builder.XmlText(nodeContents); + const [xmlnsAttr, xmlns] = this.getXmlnsAttribute(ns, parentXmlns); + if (xmlns) { + into.addAttribute(xmlnsAttr, xmlns); } - Object.entries(memberEntries).forEach(([key, value]) => { - const loc = `PolicyArns.${key}`; - entries[loc] = value; - }); - } - if (input[_P] != null) { - entries[_P] = input[_P]; - } - if (input[_DS] != null) { - entries[_DS] = input[_DS]; - } - return entries; -}, "se_AssumeRoleWithSAMLRequest"); -var se_AssumeRoleWithWebIdentityRequest = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_RA] != null) { - entries[_RA] = input[_RA]; - } - if (input[_RSN] != null) { - entries[_RSN] = input[_RSN]; - } - if (input[_WIT] != null) { - entries[_WIT] = input[_WIT]; - } - if (input[_PI] != null) { - entries[_PI] = input[_PI]; + into.addChildNode(content); } - if (input[_PA] != null) { - const memberEntries = se_policyDescriptorListType(input[_PA], context); - if (input[_PA]?.length === 0) { - entries.PolicyArns = []; + getXmlnsAttribute(ns, parentXmlns) { + const traits = ns.getMergedTraits(); + const [prefix, xmlns] = traits.xmlNamespace ?? []; + if (xmlns && xmlns !== parentXmlns) { + return [prefix ? `xmlns:${prefix}` : "xmlns", xmlns]; } - Object.entries(memberEntries).forEach(([key, value]) => { - const loc = `PolicyArns.${key}`; - entries[loc] = value; - }); - } - if (input[_P] != null) { - entries[_P] = input[_P]; + return [void 0, void 0]; } - if (input[_DS] != null) { - entries[_DS] = input[_DS]; +}; + +// src/submodules/protocols/xml/XmlCodec.ts +var XmlCodec = class extends SerdeContextConfig { + constructor(settings) { + super(); + this.settings = settings; } - return entries; -}, "se_AssumeRoleWithWebIdentityRequest"); -var se_AssumeRootRequest = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_TP] != null) { - entries[_TP] = input[_TP]; + static { + __name(this, "XmlCodec"); } - if (input[_TPA] != null) { - const memberEntries = se_PolicyDescriptorType(input[_TPA], context); - Object.entries(memberEntries).forEach(([key, value]) => { - const loc = `TaskPolicyArn.${key}`; - entries[loc] = value; - }); + createSerializer() { + const serializer = new XmlShapeSerializer(this.settings); + serializer.setSerdeContext(this.serdeContext); + return serializer; } - if (input[_DS] != null) { - entries[_DS] = input[_DS]; + createDeserializer() { + const deserializer = new XmlShapeDeserializer(this.settings); + deserializer.setSerdeContext(this.serdeContext); + return deserializer; } - return entries; -}, "se_AssumeRootRequest"); -var se_DecodeAuthorizationMessageRequest = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_EM] != null) { - entries[_EM] = input[_EM]; +}; + +// src/submodules/protocols/xml/AwsRestXmlProtocol.ts +var AwsRestXmlProtocol = class extends import_protocols6.HttpBindingProtocol { + static { + __name(this, "AwsRestXmlProtocol"); } - return entries; -}, "se_DecodeAuthorizationMessageRequest"); -var se_GetAccessKeyInfoRequest = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_AKI] != null) { - entries[_AKI] = input[_AKI]; + codec; + serializer; + deserializer; + constructor(options) { + super(options); + const settings = { + timestampFormat: { + useTrait: true, + default: import_schema9.SCHEMA.TIMESTAMP_DATE_TIME + }, + httpBindings: true, + xmlNamespace: options.xmlNamespace, + serviceNamespace: options.defaultNamespace + }; + this.codec = new XmlCodec(settings); + this.serializer = new import_protocols6.HttpInterceptingShapeSerializer(this.codec.createSerializer(), settings); + this.deserializer = new import_protocols6.HttpInterceptingShapeDeserializer(this.codec.createDeserializer(), settings); } - return entries; -}, "se_GetAccessKeyInfoRequest"); -var se_GetCallerIdentityRequest = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - return entries; -}, "se_GetCallerIdentityRequest"); -var se_GetFederationTokenRequest = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_N] != null) { - entries[_N] = input[_N]; + getPayloadCodec() { + return this.codec; } - if (input[_P] != null) { - entries[_P] = input[_P]; + getShapeId() { + return "aws.protocols#restXml"; } - if (input[_PA] != null) { - const memberEntries = se_policyDescriptorListType(input[_PA], context); - if (input[_PA]?.length === 0) { - entries.PolicyArns = []; + async serializeRequest(operationSchema, input, context) { + const request = await super.serializeRequest(operationSchema, input, context); + const ns = import_schema9.NormalizedSchema.of(operationSchema.input); + const members = ns.getMemberSchemas(); + request.path = String(request.path).split("/").filter((segment) => { + return segment !== "{Bucket}"; + }).join("/") || "/"; + if (!request.headers["content-type"]) { + const httpPayloadMember = Object.values(members).find((m) => { + return !!m.getMergedTraits().httpPayload; + }); + if (httpPayloadMember) { + const mediaType = httpPayloadMember.getMergedTraits().mediaType; + if (mediaType) { + request.headers["content-type"] = mediaType; + } else if (httpPayloadMember.isStringSchema()) { + request.headers["content-type"] = "text/plain"; + } else if (httpPayloadMember.isBlobSchema()) { + request.headers["content-type"] = "application/octet-stream"; + } else { + request.headers["content-type"] = "application/xml"; + } + } else if (!ns.isUnitSchema()) { + const hasBody = Object.values(members).find((m) => { + const { httpQuery, httpQueryParams, httpHeader, httpLabel, httpPrefixHeaders } = m.getMergedTraits(); + return !httpQuery && !httpQueryParams && !httpHeader && !httpLabel && httpPrefixHeaders === void 0; + }); + if (hasBody) { + request.headers["content-type"] = "application/xml"; + } + } } - Object.entries(memberEntries).forEach(([key, value]) => { - const loc = `PolicyArns.${key}`; - entries[loc] = value; - }); - } - if (input[_DS] != null) { - entries[_DS] = input[_DS]; - } - if (input[_T] != null) { - const memberEntries = se_tagListType(input[_T], context); - if (input[_T]?.length === 0) { - entries.Tags = []; + if (request.headers["content-type"] === "application/xml") { + if (typeof request.body === "string") { + request.body = '' + request.body; + } } - Object.entries(memberEntries).forEach(([key, value]) => { - const loc = `Tags.${key}`; - entries[loc] = value; - }); - } - return entries; -}, "se_GetFederationTokenRequest"); -var se_GetSessionTokenRequest = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_DS] != null) { - entries[_DS] = input[_DS]; - } - if (input[_SN] != null) { - entries[_SN] = input[_SN]; + if (request.body) { + try { + request.headers["content-length"] = String((0, import_util_body_length_browser4.calculateBodyLength)(request.body)); + } catch (e) { + } + } + return request; } - if (input[_TC] != null) { - entries[_TC] = input[_TC]; + async deserializeResponse(operationSchema, context, response) { + return super.deserializeResponse(operationSchema, context, response); } - return entries; -}, "se_GetSessionTokenRequest"); -var se_policyDescriptorListType = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - let counter = 1; - for (const entry of input) { - if (entry === null) { - continue; + async handleError(operationSchema, context, response, dataObject, metadata) { + const errorIdentifier = loadRestXmlErrorCode(response, dataObject) ?? "Unknown"; + let namespace = this.options.defaultNamespace; + let errorName = errorIdentifier; + if (errorIdentifier.includes("#")) { + [namespace, errorName] = errorIdentifier.split("#"); } - const memberEntries = se_PolicyDescriptorType(entry, context); - Object.entries(memberEntries).forEach(([key, value]) => { - entries[`member.${counter}.${key}`] = value; + const registry = import_schema9.TypeRegistry.for(namespace); + let errorSchema; + try { + errorSchema = registry.getSchema(errorIdentifier); + } catch (e) { + const baseExceptionSchema = import_schema9.TypeRegistry.for("smithy.ts.sdk.synthetic." + namespace).getBaseException(); + if (baseExceptionSchema) { + const ErrorCtor = baseExceptionSchema.ctor; + throw Object.assign(new ErrorCtor(errorName), dataObject); + } + throw new Error(errorName); + } + const ns = import_schema9.NormalizedSchema.of(errorSchema); + const message = dataObject.Error?.message ?? dataObject.Error?.Message ?? dataObject.message ?? dataObject.Message ?? "Unknown"; + const exception = new errorSchema.ctor(message); + await this.deserializeHttpMessage(errorSchema, context, response, dataObject); + const output = {}; + for (const [name, member] of ns.structIterator()) { + const target = member.getMergedTraits().xmlName ?? name; + const value = dataObject.Error?.[target] ?? dataObject[target]; + output[name] = this.codec.createDeserializer().readSchema(member, value); + } + Object.assign(exception, { + $metadata: metadata, + $response: response, + $fault: ns.getMergedTraits().error, + message, + ...output }); - counter++; - } - return entries; -}, "se_policyDescriptorListType"); -var se_PolicyDescriptorType = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_a] != null) { - entries[_a] = input[_a]; + throw exception; } - return entries; -}, "se_PolicyDescriptorType"); -var se_ProvidedContext = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_PAro] != null) { - entries[_PAro] = input[_PAro]; +}; +// Annotate the CommonJS export names for ESM import in node: +0 && (0); + + +/***/ }), + +/***/ 4407: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +"use strict"; + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } - if (input[_CA] != null) { - entries[_CA] = input[_CA]; + return to; +}; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/index.ts +var index_exports = {}; +__export(index_exports, { + ENV_ACCOUNT_ID: () => ENV_ACCOUNT_ID, + ENV_CREDENTIAL_SCOPE: () => ENV_CREDENTIAL_SCOPE, + ENV_EXPIRATION: () => ENV_EXPIRATION, + ENV_KEY: () => ENV_KEY, + ENV_SECRET: () => ENV_SECRET, + ENV_SESSION: () => ENV_SESSION, + fromEnv: () => fromEnv +}); +module.exports = __toCommonJS(index_exports); + +// src/fromEnv.ts +var import_client = __nccwpck_require__(6510); +var import_property_provider = __nccwpck_require__(9721); +var ENV_KEY = "AWS_ACCESS_KEY_ID"; +var ENV_SECRET = "AWS_SECRET_ACCESS_KEY"; +var ENV_SESSION = "AWS_SESSION_TOKEN"; +var ENV_EXPIRATION = "AWS_CREDENTIAL_EXPIRATION"; +var ENV_CREDENTIAL_SCOPE = "AWS_CREDENTIAL_SCOPE"; +var ENV_ACCOUNT_ID = "AWS_ACCOUNT_ID"; +var fromEnv = /* @__PURE__ */ __name((init) => async () => { + init?.logger?.debug("@aws-sdk/credential-provider-env - fromEnv"); + const accessKeyId = process.env[ENV_KEY]; + const secretAccessKey = process.env[ENV_SECRET]; + const sessionToken = process.env[ENV_SESSION]; + const expiry = process.env[ENV_EXPIRATION]; + const credentialScope = process.env[ENV_CREDENTIAL_SCOPE]; + const accountId = process.env[ENV_ACCOUNT_ID]; + if (accessKeyId && secretAccessKey) { + const credentials = { + accessKeyId, + secretAccessKey, + ...sessionToken && { sessionToken }, + ...expiry && { expiration: new Date(expiry) }, + ...credentialScope && { credentialScope }, + ...accountId && { accountId } + }; + (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_ENV_VARS", "g"); + return credentials; } - return entries; -}, "se_ProvidedContext"); -var se_ProvidedContextsListType = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - let counter = 1; - for (const entry of input) { - if (entry === null) { - continue; + throw new import_property_provider.CredentialsProviderError("Unable to find environment variable credentials.", { logger: init?.logger }); +}, "fromEnv"); +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); + + + +/***/ }), + +/***/ 7519: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.checkUrl = void 0; +const property_provider_1 = __nccwpck_require__(9721); +const LOOPBACK_CIDR_IPv4 = "127.0.0.0/8"; +const LOOPBACK_CIDR_IPv6 = "::1/128"; +const ECS_CONTAINER_HOST = "169.254.170.2"; +const EKS_CONTAINER_HOST_IPv4 = "169.254.170.23"; +const EKS_CONTAINER_HOST_IPv6 = "[fd00:ec2::23]"; +const checkUrl = (url, logger) => { + if (url.protocol === "https:") { + return; + } + if (url.hostname === ECS_CONTAINER_HOST || + url.hostname === EKS_CONTAINER_HOST_IPv4 || + url.hostname === EKS_CONTAINER_HOST_IPv6) { + return; + } + if (url.hostname.includes("[")) { + if (url.hostname === "[::1]" || url.hostname === "[0000:0000:0000:0000:0000:0000:0000:0001]") { + return; + } + } + else { + if (url.hostname === "localhost") { + return; + } + const ipComponents = url.hostname.split("."); + const inRange = (component) => { + const num = parseInt(component, 10); + return 0 <= num && num <= 255; + }; + if (ipComponents[0] === "127" && + inRange(ipComponents[1]) && + inRange(ipComponents[2]) && + inRange(ipComponents[3]) && + ipComponents.length === 4) { + return; + } + } + throw new property_provider_1.CredentialsProviderError(`URL not accepted. It must either be HTTPS or match one of the following: + - loopback CIDR 127.0.0.0/8 or [::1/128] + - ECS container host 169.254.170.2 + - EKS container host 169.254.170.23 or [fd00:ec2::23]`, { logger }); +}; +exports.checkUrl = checkUrl; + + +/***/ }), + +/***/ 9546: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.fromHttp = void 0; +const tslib_1 = __nccwpck_require__(4351); +const client_1 = __nccwpck_require__(6510); +const node_http_handler_1 = __nccwpck_require__(258); +const property_provider_1 = __nccwpck_require__(9721); +const promises_1 = tslib_1.__importDefault(__nccwpck_require__(3292)); +const checkUrl_1 = __nccwpck_require__(7519); +const requestHelpers_1 = __nccwpck_require__(2707); +const retry_wrapper_1 = __nccwpck_require__(9138); +const AWS_CONTAINER_CREDENTIALS_RELATIVE_URI = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"; +const DEFAULT_LINK_LOCAL_HOST = "http://169.254.170.2"; +const AWS_CONTAINER_CREDENTIALS_FULL_URI = "AWS_CONTAINER_CREDENTIALS_FULL_URI"; +const AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE = "AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE"; +const AWS_CONTAINER_AUTHORIZATION_TOKEN = "AWS_CONTAINER_AUTHORIZATION_TOKEN"; +const fromHttp = (options = {}) => { + options.logger?.debug("@aws-sdk/credential-provider-http - fromHttp"); + let host; + const relative = options.awsContainerCredentialsRelativeUri ?? process.env[AWS_CONTAINER_CREDENTIALS_RELATIVE_URI]; + const full = options.awsContainerCredentialsFullUri ?? process.env[AWS_CONTAINER_CREDENTIALS_FULL_URI]; + const token = options.awsContainerAuthorizationToken ?? process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN]; + const tokenFile = options.awsContainerAuthorizationTokenFile ?? process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE]; + const warn = options.logger?.constructor?.name === "NoOpLogger" || !options.logger ? console.warn : options.logger.warn; + if (relative && full) { + warn("@aws-sdk/credential-provider-http: " + + "you have set both awsContainerCredentialsRelativeUri and awsContainerCredentialsFullUri."); + warn("awsContainerCredentialsFullUri will take precedence."); + } + if (token && tokenFile) { + warn("@aws-sdk/credential-provider-http: " + + "you have set both awsContainerAuthorizationToken and awsContainerAuthorizationTokenFile."); + warn("awsContainerAuthorizationToken will take precedence."); + } + if (full) { + host = full; } - const memberEntries = se_ProvidedContext(entry, context); - Object.entries(memberEntries).forEach(([key, value]) => { - entries[`member.${counter}.${key}`] = value; - }); - counter++; - } - return entries; -}, "se_ProvidedContextsListType"); -var se_Tag = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_K] != null) { - entries[_K] = input[_K]; - } - if (input[_Va] != null) { - entries[_Va] = input[_Va]; - } - return entries; -}, "se_Tag"); -var se_tagKeyListType = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - let counter = 1; - for (const entry of input) { - if (entry === null) { - continue; + else if (relative) { + host = `${DEFAULT_LINK_LOCAL_HOST}${relative}`; } - entries[`member.${counter}`] = entry; - counter++; - } - return entries; -}, "se_tagKeyListType"); -var se_tagListType = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - let counter = 1; - for (const entry of input) { - if (entry === null) { - continue; + else { + throw new property_provider_1.CredentialsProviderError(`No HTTP credential provider host provided. +Set AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI.`, { logger: options.logger }); } - const memberEntries = se_Tag(entry, context); - Object.entries(memberEntries).forEach(([key, value]) => { - entries[`member.${counter}.${key}`] = value; + const url = new URL(host); + (0, checkUrl_1.checkUrl)(url, options.logger); + const requestHandler = new node_http_handler_1.NodeHttpHandler({ + requestTimeout: options.timeout ?? 1000, + connectionTimeout: options.timeout ?? 1000, }); - counter++; - } - return entries; -}, "se_tagListType"); -var de_AssumedRoleUser = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_ARI] != null) { - contents[_ARI] = (0, import_smithy_client.expectString)(output[_ARI]); - } - if (output[_Ar] != null) { - contents[_Ar] = (0, import_smithy_client.expectString)(output[_Ar]); - } - return contents; -}, "de_AssumedRoleUser"); -var de_AssumeRoleResponse = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_C] != null) { - contents[_C] = de_Credentials(output[_C], context); - } - if (output[_ARU] != null) { - contents[_ARU] = de_AssumedRoleUser(output[_ARU], context); - } - if (output[_PPS] != null) { - contents[_PPS] = (0, import_smithy_client.strictParseInt32)(output[_PPS]); - } - if (output[_SI] != null) { - contents[_SI] = (0, import_smithy_client.expectString)(output[_SI]); - } - return contents; -}, "de_AssumeRoleResponse"); -var de_AssumeRoleWithSAMLResponse = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_C] != null) { - contents[_C] = de_Credentials(output[_C], context); - } - if (output[_ARU] != null) { - contents[_ARU] = de_AssumedRoleUser(output[_ARU], context); - } - if (output[_PPS] != null) { - contents[_PPS] = (0, import_smithy_client.strictParseInt32)(output[_PPS]); - } - if (output[_S] != null) { - contents[_S] = (0, import_smithy_client.expectString)(output[_S]); - } - if (output[_ST] != null) { - contents[_ST] = (0, import_smithy_client.expectString)(output[_ST]); - } - if (output[_I] != null) { - contents[_I] = (0, import_smithy_client.expectString)(output[_I]); - } - if (output[_Au] != null) { - contents[_Au] = (0, import_smithy_client.expectString)(output[_Au]); - } - if (output[_NQ] != null) { - contents[_NQ] = (0, import_smithy_client.expectString)(output[_NQ]); - } - if (output[_SI] != null) { - contents[_SI] = (0, import_smithy_client.expectString)(output[_SI]); - } - return contents; -}, "de_AssumeRoleWithSAMLResponse"); -var de_AssumeRoleWithWebIdentityResponse = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_C] != null) { - contents[_C] = de_Credentials(output[_C], context); - } - if (output[_SFWIT] != null) { - contents[_SFWIT] = (0, import_smithy_client.expectString)(output[_SFWIT]); - } - if (output[_ARU] != null) { - contents[_ARU] = de_AssumedRoleUser(output[_ARU], context); - } - if (output[_PPS] != null) { - contents[_PPS] = (0, import_smithy_client.strictParseInt32)(output[_PPS]); - } - if (output[_Pr] != null) { - contents[_Pr] = (0, import_smithy_client.expectString)(output[_Pr]); - } - if (output[_Au] != null) { - contents[_Au] = (0, import_smithy_client.expectString)(output[_Au]); - } - if (output[_SI] != null) { - contents[_SI] = (0, import_smithy_client.expectString)(output[_SI]); + return (0, retry_wrapper_1.retryWrapper)(async () => { + const request = (0, requestHelpers_1.createGetRequest)(url); + if (token) { + request.headers.Authorization = token; + } + else if (tokenFile) { + request.headers.Authorization = (await promises_1.default.readFile(tokenFile)).toString(); + } + try { + const result = await requestHandler.handle(request); + return (0, requestHelpers_1.getCredentials)(result.response).then((creds) => (0, client_1.setCredentialFeature)(creds, "CREDENTIALS_HTTP", "z")); + } + catch (e) { + throw new property_provider_1.CredentialsProviderError(String(e), { logger: options.logger }); + } + }, options.maxRetries ?? 3, options.timeout ?? 1000); +}; +exports.fromHttp = fromHttp; + + +/***/ }), + +/***/ 2707: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.createGetRequest = createGetRequest; +exports.getCredentials = getCredentials; +const property_provider_1 = __nccwpck_require__(9721); +const protocol_http_1 = __nccwpck_require__(4418); +const smithy_client_1 = __nccwpck_require__(3570); +const util_stream_1 = __nccwpck_require__(6607); +function createGetRequest(url) { + return new protocol_http_1.HttpRequest({ + protocol: url.protocol, + hostname: url.hostname, + port: Number(url.port), + path: url.pathname, + query: Array.from(url.searchParams.entries()).reduce((acc, [k, v]) => { + acc[k] = v; + return acc; + }, {}), + fragment: url.hash, + }); +} +async function getCredentials(response, logger) { + const stream = (0, util_stream_1.sdkStreamMixin)(response.body); + const str = await stream.transformToString(); + if (response.statusCode === 200) { + const parsed = JSON.parse(str); + if (typeof parsed.AccessKeyId !== "string" || + typeof parsed.SecretAccessKey !== "string" || + typeof parsed.Token !== "string" || + typeof parsed.Expiration !== "string") { + throw new property_provider_1.CredentialsProviderError("HTTP credential provider response not of the required format, an object matching: " + + "{ AccessKeyId: string, SecretAccessKey: string, Token: string, Expiration: string(rfc3339) }", { logger }); + } + return { + accessKeyId: parsed.AccessKeyId, + secretAccessKey: parsed.SecretAccessKey, + sessionToken: parsed.Token, + expiration: (0, smithy_client_1.parseRfc3339DateTime)(parsed.Expiration), + }; + } + if (response.statusCode >= 400 && response.statusCode < 500) { + let parsedBody = {}; + try { + parsedBody = JSON.parse(str); + } + catch (e) { } + throw Object.assign(new property_provider_1.CredentialsProviderError(`Server responded with status: ${response.statusCode}`, { logger }), { + Code: parsedBody.Code, + Message: parsedBody.Message, + }); + } + throw new property_provider_1.CredentialsProviderError(`Server responded with status: ${response.statusCode}`, { logger }); +} + + +/***/ }), + +/***/ 9138: +/***/ ((__unused_webpack_module, exports) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.retryWrapper = void 0; +const retryWrapper = (toRetry, maxRetries, delayMs) => { + return async () => { + for (let i = 0; i < maxRetries; ++i) { + try { + return await toRetry(); + } + catch (e) { + await new Promise((resolve) => setTimeout(resolve, delayMs)); + } + } + return await toRetry(); + }; +}; +exports.retryWrapper = retryWrapper; + + +/***/ }), + +/***/ 5554: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.fromHttp = void 0; +var fromHttp_1 = __nccwpck_require__(9546); +Object.defineProperty(exports, "fromHttp", ({ enumerable: true, get: function () { return fromHttp_1.fromHttp; } })); + + +/***/ }), + +/***/ 5736: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +"use strict"; + +var __create = Object.create; +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __getProtoOf = Object.getPrototypeOf; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } - return contents; -}, "de_AssumeRoleWithWebIdentityResponse"); -var de_AssumeRootResponse = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_C] != null) { - contents[_C] = de_Credentials(output[_C], context); + return to; +}; +var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps( + // If the importer is in node compatibility mode or this is not an ESM + // file that has been converted to a CommonJS file using a Babel- + // compatible transform (i.e. "__esModule" has not been set), then set + // "default" to the CommonJS "module.exports" for node compatibility. + isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target, + mod +)); +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/index.ts +var index_exports = {}; +__export(index_exports, { + fromIni: () => fromIni +}); +module.exports = __toCommonJS(index_exports); + +// src/fromIni.ts + + +// src/resolveProfileData.ts + + +// src/resolveAssumeRoleCredentials.ts + + +var import_shared_ini_file_loader = __nccwpck_require__(3507); + +// src/resolveCredentialSource.ts +var import_client = __nccwpck_require__(6510); +var import_property_provider = __nccwpck_require__(9721); +var resolveCredentialSource = /* @__PURE__ */ __name((credentialSource, profileName, logger) => { + const sourceProvidersMap = { + EcsContainer: /* @__PURE__ */ __name(async (options) => { + const { fromHttp } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(5554))); + const { fromContainerMetadata } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(7477))); + logger?.debug("@aws-sdk/credential-provider-ini - credential_source is EcsContainer"); + return async () => (0, import_property_provider.chain)(fromHttp(options ?? {}), fromContainerMetadata(options))().then(setNamedProvider); + }, "EcsContainer"), + Ec2InstanceMetadata: /* @__PURE__ */ __name(async (options) => { + logger?.debug("@aws-sdk/credential-provider-ini - credential_source is Ec2InstanceMetadata"); + const { fromInstanceMetadata } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(7477))); + return async () => fromInstanceMetadata(options)().then(setNamedProvider); + }, "Ec2InstanceMetadata"), + Environment: /* @__PURE__ */ __name(async (options) => { + logger?.debug("@aws-sdk/credential-provider-ini - credential_source is Environment"); + const { fromEnv } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(4407))); + return async () => fromEnv(options)().then(setNamedProvider); + }, "Environment") + }; + if (credentialSource in sourceProvidersMap) { + return sourceProvidersMap[credentialSource]; + } else { + throw new import_property_provider.CredentialsProviderError( + `Unsupported credential source in profile ${profileName}. Got ${credentialSource}, expected EcsContainer or Ec2InstanceMetadata or Environment.`, + { logger } + ); } - if (output[_SI] != null) { - contents[_SI] = (0, import_smithy_client.expectString)(output[_SI]); +}, "resolveCredentialSource"); +var setNamedProvider = /* @__PURE__ */ __name((creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_NAMED_PROVIDER", "p"), "setNamedProvider"); + +// src/resolveAssumeRoleCredentials.ts +var isAssumeRoleProfile = /* @__PURE__ */ __name((arg, { profile = "default", logger } = {}) => { + return Boolean(arg) && typeof arg === "object" && typeof arg.role_arn === "string" && ["undefined", "string"].indexOf(typeof arg.role_session_name) > -1 && ["undefined", "string"].indexOf(typeof arg.external_id) > -1 && ["undefined", "string"].indexOf(typeof arg.mfa_serial) > -1 && (isAssumeRoleWithSourceProfile(arg, { profile, logger }) || isCredentialSourceProfile(arg, { profile, logger })); +}, "isAssumeRoleProfile"); +var isAssumeRoleWithSourceProfile = /* @__PURE__ */ __name((arg, { profile, logger }) => { + const withSourceProfile = typeof arg.source_profile === "string" && typeof arg.credential_source === "undefined"; + if (withSourceProfile) { + logger?.debug?.(` ${profile} isAssumeRoleWithSourceProfile source_profile=${arg.source_profile}`); } - return contents; -}, "de_AssumeRootResponse"); -var de_Credentials = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_AKI] != null) { - contents[_AKI] = (0, import_smithy_client.expectString)(output[_AKI]); + return withSourceProfile; +}, "isAssumeRoleWithSourceProfile"); +var isCredentialSourceProfile = /* @__PURE__ */ __name((arg, { profile, logger }) => { + const withProviderProfile = typeof arg.credential_source === "string" && typeof arg.source_profile === "undefined"; + if (withProviderProfile) { + logger?.debug?.(` ${profile} isCredentialSourceProfile credential_source=${arg.credential_source}`); } - if (output[_SAK] != null) { - contents[_SAK] = (0, import_smithy_client.expectString)(output[_SAK]); + return withProviderProfile; +}, "isCredentialSourceProfile"); +var resolveAssumeRoleCredentials = /* @__PURE__ */ __name(async (profileName, profiles, options, visitedProfiles = {}) => { + options.logger?.debug("@aws-sdk/credential-provider-ini - resolveAssumeRoleCredentials (STS)"); + const profileData = profiles[profileName]; + const { source_profile, region } = profileData; + if (!options.roleAssumer) { + const { getDefaultRoleAssumer } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(3764))); + options.roleAssumer = getDefaultRoleAssumer( + { + ...options.clientConfig, + credentialProviderLogger: options.logger, + parentClientConfig: { + ...options?.parentClientConfig, + region: region ?? options?.parentClientConfig?.region + } + }, + options.clientPlugins + ); } - if (output[_STe] != null) { - contents[_STe] = (0, import_smithy_client.expectString)(output[_STe]); + if (source_profile && source_profile in visitedProfiles) { + throw new import_property_provider.CredentialsProviderError( + `Detected a cycle attempting to resolve credentials for profile ${(0, import_shared_ini_file_loader.getProfileName)(options)}. Profiles visited: ` + Object.keys(visitedProfiles).join(", "), + { logger: options.logger } + ); } - if (output[_E] != null) { - contents[_E] = (0, import_smithy_client.expectNonNull)((0, import_smithy_client.parseRfc3339DateTimeWithOffset)(output[_E])); + options.logger?.debug( + `@aws-sdk/credential-provider-ini - finding credential resolver using ${source_profile ? `source_profile=[${source_profile}]` : `profile=[${profileName}]`}` + ); + const sourceCredsProvider = source_profile ? resolveProfileData( + source_profile, + profiles, + options, + { + ...visitedProfiles, + [source_profile]: true + }, + isCredentialSourceWithoutRoleArn(profiles[source_profile] ?? {}) + ) : (await resolveCredentialSource(profileData.credential_source, profileName, options.logger)(options))(); + if (isCredentialSourceWithoutRoleArn(profileData)) { + return sourceCredsProvider.then((creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_SOURCE_PROFILE", "o")); + } else { + const params = { + RoleArn: profileData.role_arn, + RoleSessionName: profileData.role_session_name || `aws-sdk-js-${Date.now()}`, + ExternalId: profileData.external_id, + DurationSeconds: parseInt(profileData.duration_seconds || "3600", 10) + }; + const { mfa_serial } = profileData; + if (mfa_serial) { + if (!options.mfaCodeProvider) { + throw new import_property_provider.CredentialsProviderError( + `Profile ${profileName} requires multi-factor authentication, but no MFA code callback was provided.`, + { logger: options.logger, tryNextLink: false } + ); + } + params.SerialNumber = mfa_serial; + params.TokenCode = await options.mfaCodeProvider(mfa_serial); + } + const sourceCreds = await sourceCredsProvider; + return options.roleAssumer(sourceCreds, params).then( + (creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_SOURCE_PROFILE", "o") + ); } - return contents; -}, "de_Credentials"); -var de_DecodeAuthorizationMessageResponse = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_DM] != null) { - contents[_DM] = (0, import_smithy_client.expectString)(output[_DM]); +}, "resolveAssumeRoleCredentials"); +var isCredentialSourceWithoutRoleArn = /* @__PURE__ */ __name((section) => { + return !section.role_arn && !!section.credential_source; +}, "isCredentialSourceWithoutRoleArn"); + +// src/resolveProcessCredentials.ts + +var isProcessProfile = /* @__PURE__ */ __name((arg) => Boolean(arg) && typeof arg === "object" && typeof arg.credential_process === "string", "isProcessProfile"); +var resolveProcessCredentials = /* @__PURE__ */ __name(async (options, profile) => Promise.resolve().then(() => __toESM(__nccwpck_require__(8638))).then( + ({ fromProcess }) => fromProcess({ + ...options, + profile + })().then((creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_PROCESS", "v")) +), "resolveProcessCredentials"); + +// src/resolveSsoCredentials.ts + +var resolveSsoCredentials = /* @__PURE__ */ __name(async (profile, profileData, options = {}) => { + const { fromSSO } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(5284))); + return fromSSO({ + profile, + logger: options.logger, + parentClientConfig: options.parentClientConfig, + clientConfig: options.clientConfig + })().then((creds) => { + if (profileData.sso_session) { + return (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_SSO", "r"); + } else { + return (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_SSO_LEGACY", "t"); + } + }); +}, "resolveSsoCredentials"); +var isSsoProfile = /* @__PURE__ */ __name((arg) => arg && (typeof arg.sso_start_url === "string" || typeof arg.sso_account_id === "string" || typeof arg.sso_session === "string" || typeof arg.sso_region === "string" || typeof arg.sso_role_name === "string"), "isSsoProfile"); + +// src/resolveStaticCredentials.ts + +var isStaticCredsProfile = /* @__PURE__ */ __name((arg) => Boolean(arg) && typeof arg === "object" && typeof arg.aws_access_key_id === "string" && typeof arg.aws_secret_access_key === "string" && ["undefined", "string"].indexOf(typeof arg.aws_session_token) > -1 && ["undefined", "string"].indexOf(typeof arg.aws_account_id) > -1, "isStaticCredsProfile"); +var resolveStaticCredentials = /* @__PURE__ */ __name(async (profile, options) => { + options?.logger?.debug("@aws-sdk/credential-provider-ini - resolveStaticCredentials"); + const credentials = { + accessKeyId: profile.aws_access_key_id, + secretAccessKey: profile.aws_secret_access_key, + sessionToken: profile.aws_session_token, + ...profile.aws_credential_scope && { credentialScope: profile.aws_credential_scope }, + ...profile.aws_account_id && { accountId: profile.aws_account_id } + }; + return (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_PROFILE", "n"); +}, "resolveStaticCredentials"); + +// src/resolveWebIdentityCredentials.ts + +var isWebIdentityProfile = /* @__PURE__ */ __name((arg) => Boolean(arg) && typeof arg === "object" && typeof arg.web_identity_token_file === "string" && typeof arg.role_arn === "string" && ["undefined", "string"].indexOf(typeof arg.role_session_name) > -1, "isWebIdentityProfile"); +var resolveWebIdentityCredentials = /* @__PURE__ */ __name(async (profile, options) => Promise.resolve().then(() => __toESM(__nccwpck_require__(5603))).then( + ({ fromTokenFile }) => fromTokenFile({ + webIdentityTokenFile: profile.web_identity_token_file, + roleArn: profile.role_arn, + roleSessionName: profile.role_session_name, + roleAssumerWithWebIdentity: options.roleAssumerWithWebIdentity, + logger: options.logger, + parentClientConfig: options.parentClientConfig + })().then((creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_STS_WEB_ID_TOKEN", "q")) +), "resolveWebIdentityCredentials"); + +// src/resolveProfileData.ts +var resolveProfileData = /* @__PURE__ */ __name(async (profileName, profiles, options, visitedProfiles = {}, isAssumeRoleRecursiveCall = false) => { + const data = profiles[profileName]; + if (Object.keys(visitedProfiles).length > 0 && isStaticCredsProfile(data)) { + return resolveStaticCredentials(data, options); } - return contents; -}, "de_DecodeAuthorizationMessageResponse"); -var de_ExpiredTokenException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client.expectString)(output[_m]); + if (isAssumeRoleRecursiveCall || isAssumeRoleProfile(data, { profile: profileName, logger: options.logger })) { + return resolveAssumeRoleCredentials(profileName, profiles, options, visitedProfiles); } - return contents; -}, "de_ExpiredTokenException"); -var de_FederatedUser = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_FUI] != null) { - contents[_FUI] = (0, import_smithy_client.expectString)(output[_FUI]); + if (isStaticCredsProfile(data)) { + return resolveStaticCredentials(data, options); } - if (output[_Ar] != null) { - contents[_Ar] = (0, import_smithy_client.expectString)(output[_Ar]); + if (isWebIdentityProfile(data)) { + return resolveWebIdentityCredentials(data, options); } - return contents; -}, "de_FederatedUser"); -var de_GetAccessKeyInfoResponse = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_Ac] != null) { - contents[_Ac] = (0, import_smithy_client.expectString)(output[_Ac]); + if (isProcessProfile(data)) { + return resolveProcessCredentials(options, profileName); } - return contents; -}, "de_GetAccessKeyInfoResponse"); -var de_GetCallerIdentityResponse = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_UI] != null) { - contents[_UI] = (0, import_smithy_client.expectString)(output[_UI]); + if (isSsoProfile(data)) { + return await resolveSsoCredentials(profileName, data, options); } - if (output[_Ac] != null) { - contents[_Ac] = (0, import_smithy_client.expectString)(output[_Ac]); + throw new import_property_provider.CredentialsProviderError( + `Could not resolve credentials using profile: [${profileName}] in configuration/credentials file(s).`, + { logger: options.logger } + ); +}, "resolveProfileData"); + +// src/fromIni.ts +var fromIni = /* @__PURE__ */ __name((_init = {}) => async ({ callerClientConfig } = {}) => { + const init = { + ..._init, + parentClientConfig: { + ...callerClientConfig, + ..._init.parentClientConfig + } + }; + init.logger?.debug("@aws-sdk/credential-provider-ini - fromIni"); + const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init); + return resolveProfileData( + (0, import_shared_ini_file_loader.getProfileName)({ + profile: _init.profile ?? callerClientConfig?.profile + }), + profiles, + init + ); +}, "fromIni"); +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); + + + +/***/ }), + +/***/ 3196: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +"use strict"; + +var __create = Object.create; +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __getProtoOf = Object.getPrototypeOf; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } - if (output[_Ar] != null) { - contents[_Ar] = (0, import_smithy_client.expectString)(output[_Ar]); + return to; +}; +var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps( + // If the importer is in node compatibility mode or this is not an ESM + // file that has been converted to a CommonJS file using a Babel- + // compatible transform (i.e. "__esModule" has not been set), then set + // "default" to the CommonJS "module.exports" for node compatibility. + isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target, + mod +)); +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/index.ts +var index_exports = {}; +__export(index_exports, { + credentialsTreatedAsExpired: () => credentialsTreatedAsExpired, + credentialsWillNeedRefresh: () => credentialsWillNeedRefresh, + defaultProvider: () => defaultProvider +}); +module.exports = __toCommonJS(index_exports); + +// src/defaultProvider.ts +var import_credential_provider_env = __nccwpck_require__(4407); + +var import_shared_ini_file_loader = __nccwpck_require__(3507); + +// src/remoteProvider.ts +var import_property_provider = __nccwpck_require__(9721); +var ENV_IMDS_DISABLED = "AWS_EC2_METADATA_DISABLED"; +var remoteProvider = /* @__PURE__ */ __name(async (init) => { + const { ENV_CMDS_FULL_URI, ENV_CMDS_RELATIVE_URI, fromContainerMetadata, fromInstanceMetadata } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(7477))); + if (process.env[ENV_CMDS_RELATIVE_URI] || process.env[ENV_CMDS_FULL_URI]) { + init.logger?.debug("@aws-sdk/credential-provider-node - remoteProvider::fromHttp/fromContainerMetadata"); + const { fromHttp } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(5554))); + return (0, import_property_provider.chain)(fromHttp(init), fromContainerMetadata(init)); } - return contents; -}, "de_GetCallerIdentityResponse"); -var de_GetFederationTokenResponse = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_C] != null) { - contents[_C] = de_Credentials(output[_C], context); + if (process.env[ENV_IMDS_DISABLED] && process.env[ENV_IMDS_DISABLED] !== "false") { + return async () => { + throw new import_property_provider.CredentialsProviderError("EC2 Instance Metadata Service access disabled", { logger: init.logger }); + }; } - if (output[_FU] != null) { - contents[_FU] = de_FederatedUser(output[_FU], context); + init.logger?.debug("@aws-sdk/credential-provider-node - remoteProvider::fromInstanceMetadata"); + return fromInstanceMetadata(init); +}, "remoteProvider"); + +// src/defaultProvider.ts +var multipleCredentialSourceWarningEmitted = false; +var defaultProvider = /* @__PURE__ */ __name((init = {}) => (0, import_property_provider.memoize)( + (0, import_property_provider.chain)( + async () => { + const profile = init.profile ?? process.env[import_shared_ini_file_loader.ENV_PROFILE]; + if (profile) { + const envStaticCredentialsAreSet = process.env[import_credential_provider_env.ENV_KEY] && process.env[import_credential_provider_env.ENV_SECRET]; + if (envStaticCredentialsAreSet) { + if (!multipleCredentialSourceWarningEmitted) { + const warnFn = init.logger?.warn && init.logger?.constructor?.name !== "NoOpLogger" ? init.logger.warn : console.warn; + warnFn( + `@aws-sdk/credential-provider-node - defaultProvider::fromEnv WARNING: + Multiple credential sources detected: + Both AWS_PROFILE and the pair AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY static credentials are set. + This SDK will proceed with the AWS_PROFILE value. + + However, a future version may change this behavior to prefer the ENV static credentials. + Please ensure that your environment only sets either the AWS_PROFILE or the + AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY pair. +` + ); + multipleCredentialSourceWarningEmitted = true; + } + } + throw new import_property_provider.CredentialsProviderError("AWS_PROFILE is set, skipping fromEnv provider.", { + logger: init.logger, + tryNextLink: true + }); + } + init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromEnv"); + return (0, import_credential_provider_env.fromEnv)(init)(); + }, + async () => { + init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromSSO"); + const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoSession } = init; + if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName && !ssoSession) { + throw new import_property_provider.CredentialsProviderError( + "Skipping SSO provider in default chain (inputs do not include SSO fields).", + { logger: init.logger } + ); + } + const { fromSSO } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(5284))); + return fromSSO(init)(); + }, + async () => { + init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromIni"); + const { fromIni } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(5736))); + return fromIni(init)(); + }, + async () => { + init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromProcess"); + const { fromProcess } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(8638))); + return fromProcess(init)(); + }, + async () => { + init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromTokenFile"); + const { fromTokenFile } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(5603))); + return fromTokenFile(init)(); + }, + async () => { + init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::remoteProvider"); + return (await remoteProvider(init))(); + }, + async () => { + throw new import_property_provider.CredentialsProviderError("Could not load credentials from any providers", { + tryNextLink: false, + logger: init.logger + }); + } + ), + credentialsTreatedAsExpired, + credentialsWillNeedRefresh +), "defaultProvider"); +var credentialsWillNeedRefresh = /* @__PURE__ */ __name((credentials) => credentials?.expiration !== void 0, "credentialsWillNeedRefresh"); +var credentialsTreatedAsExpired = /* @__PURE__ */ __name((credentials) => credentials?.expiration !== void 0 && credentials.expiration.getTime() - Date.now() < 3e5, "credentialsTreatedAsExpired"); +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); + + + +/***/ }), + +/***/ 8638: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +"use strict"; + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } - if (output[_PPS] != null) { - contents[_PPS] = (0, import_smithy_client.strictParseInt32)(output[_PPS]); + return to; +}; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/index.ts +var index_exports = {}; +__export(index_exports, { + fromProcess: () => fromProcess +}); +module.exports = __toCommonJS(index_exports); + +// src/fromProcess.ts +var import_shared_ini_file_loader = __nccwpck_require__(3507); + +// src/resolveProcessCredentials.ts +var import_property_provider = __nccwpck_require__(9721); +var import_child_process = __nccwpck_require__(2081); +var import_util = __nccwpck_require__(3837); + +// src/getValidatedProcessCredentials.ts +var import_client = __nccwpck_require__(6510); +var getValidatedProcessCredentials = /* @__PURE__ */ __name((profileName, data, profiles) => { + if (data.Version !== 1) { + throw Error(`Profile ${profileName} credential_process did not return Version 1.`); } - return contents; -}, "de_GetFederationTokenResponse"); -var de_GetSessionTokenResponse = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_C] != null) { - contents[_C] = de_Credentials(output[_C], context); + if (data.AccessKeyId === void 0 || data.SecretAccessKey === void 0) { + throw Error(`Profile ${profileName} credential_process returned invalid credentials.`); } - return contents; -}, "de_GetSessionTokenResponse"); -var de_IDPCommunicationErrorException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client.expectString)(output[_m]); + if (data.Expiration) { + const currentTime = /* @__PURE__ */ new Date(); + const expireTime = new Date(data.Expiration); + if (expireTime < currentTime) { + throw Error(`Profile ${profileName} credential_process returned expired credentials.`); + } } - return contents; -}, "de_IDPCommunicationErrorException"); -var de_IDPRejectedClaimException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client.expectString)(output[_m]); + let accountId = data.AccountId; + if (!accountId && profiles?.[profileName]?.aws_account_id) { + accountId = profiles[profileName].aws_account_id; } - return contents; -}, "de_IDPRejectedClaimException"); -var de_InvalidAuthorizationMessageException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client.expectString)(output[_m]); + const credentials = { + accessKeyId: data.AccessKeyId, + secretAccessKey: data.SecretAccessKey, + ...data.SessionToken && { sessionToken: data.SessionToken }, + ...data.Expiration && { expiration: new Date(data.Expiration) }, + ...data.CredentialScope && { credentialScope: data.CredentialScope }, + ...accountId && { accountId } + }; + (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_PROCESS", "w"); + return credentials; +}, "getValidatedProcessCredentials"); + +// src/resolveProcessCredentials.ts +var resolveProcessCredentials = /* @__PURE__ */ __name(async (profileName, profiles, logger) => { + const profile = profiles[profileName]; + if (profiles[profileName]) { + const credentialProcess = profile["credential_process"]; + if (credentialProcess !== void 0) { + const execPromise = (0, import_util.promisify)(import_child_process.exec); + try { + const { stdout } = await execPromise(credentialProcess); + let data; + try { + data = JSON.parse(stdout.trim()); + } catch { + throw Error(`Profile ${profileName} credential_process returned invalid JSON.`); + } + return getValidatedProcessCredentials(profileName, data, profiles); + } catch (error) { + throw new import_property_provider.CredentialsProviderError(error.message, { logger }); + } + } else { + throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} did not contain credential_process.`, { logger }); + } + } else { + throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} could not be found in shared credentials file.`, { + logger + }); } - return contents; -}, "de_InvalidAuthorizationMessageException"); -var de_InvalidIdentityTokenException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client.expectString)(output[_m]); +}, "resolveProcessCredentials"); + +// src/fromProcess.ts +var fromProcess = /* @__PURE__ */ __name((init = {}) => async ({ callerClientConfig } = {}) => { + init.logger?.debug("@aws-sdk/credential-provider-process - fromProcess"); + const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init); + return resolveProcessCredentials( + (0, import_shared_ini_file_loader.getProfileName)({ + profile: init.profile ?? callerClientConfig?.profile + }), + profiles, + init.logger + ); +}, "fromProcess"); +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); + + + +/***/ }), + +/***/ 5284: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +"use strict"; + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __esm = (fn, res) => function __init() { + return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res; +}; +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } - return contents; -}, "de_InvalidIdentityTokenException"); -var de_MalformedPolicyDocumentException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client.expectString)(output[_m]); + return to; +}; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/loadSso.ts +var loadSso_exports = {}; +__export(loadSso_exports, { + GetRoleCredentialsCommand: () => import_client_sso.GetRoleCredentialsCommand, + SSOClient: () => import_client_sso.SSOClient +}); +var import_client_sso; +var init_loadSso = __esm({ + "src/loadSso.ts"() { + "use strict"; + import_client_sso = __nccwpck_require__(1687); } - return contents; -}, "de_MalformedPolicyDocumentException"); -var de_PackedPolicyTooLargeException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client.expectString)(output[_m]); +}); + +// src/index.ts +var index_exports = {}; +__export(index_exports, { + fromSSO: () => fromSSO, + isSsoProfile: () => isSsoProfile, + validateSsoProfile: () => validateSsoProfile +}); +module.exports = __toCommonJS(index_exports); + +// src/fromSSO.ts + + + +// src/isSsoProfile.ts +var isSsoProfile = /* @__PURE__ */ __name((arg) => arg && (typeof arg.sso_start_url === "string" || typeof arg.sso_account_id === "string" || typeof arg.sso_session === "string" || typeof arg.sso_region === "string" || typeof arg.sso_role_name === "string"), "isSsoProfile"); + +// src/resolveSSOCredentials.ts +var import_client = __nccwpck_require__(6510); +var import_token_providers = __nccwpck_require__(7182); +var import_property_provider = __nccwpck_require__(9721); +var import_shared_ini_file_loader = __nccwpck_require__(3507); +var SHOULD_FAIL_CREDENTIAL_CHAIN = false; +var resolveSSOCredentials = /* @__PURE__ */ __name(async ({ + ssoStartUrl, + ssoSession, + ssoAccountId, + ssoRegion, + ssoRoleName, + ssoClient, + clientConfig, + parentClientConfig, + profile, + logger +}) => { + let token; + const refreshMessage = `To refresh this SSO session run aws sso login with the corresponding profile.`; + if (ssoSession) { + try { + const _token = await (0, import_token_providers.fromSso)({ profile })(); + token = { + accessToken: _token.token, + expiresAt: new Date(_token.expiration).toISOString() + }; + } catch (e) { + throw new import_property_provider.CredentialsProviderError(e.message, { + tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, + logger + }); + } + } else { + try { + token = await (0, import_shared_ini_file_loader.getSSOTokenFromFile)(ssoStartUrl); + } catch (e) { + throw new import_property_provider.CredentialsProviderError(`The SSO session associated with this profile is invalid. ${refreshMessage}`, { + tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, + logger + }); + } } - return contents; -}, "de_PackedPolicyTooLargeException"); -var de_RegionDisabledException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client.expectString)(output[_m]); + if (new Date(token.expiresAt).getTime() - Date.now() <= 0) { + throw new import_property_provider.CredentialsProviderError(`The SSO session associated with this profile has expired. ${refreshMessage}`, { + tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, + logger + }); } - return contents; -}, "de_RegionDisabledException"); -var deserializeMetadata = /* @__PURE__ */ __name((output) => ({ - httpStatusCode: output.statusCode, - requestId: output.headers["x-amzn-requestid"] ?? output.headers["x-amzn-request-id"] ?? output.headers["x-amz-request-id"], - extendedRequestId: output.headers["x-amz-id-2"], - cfId: output.headers["x-amz-cf-id"] -}), "deserializeMetadata"); -var throwDefaultError = (0, import_smithy_client.withBaseException)(STSServiceException); -var buildHttpRpcRequest = /* @__PURE__ */ __name(async (context, headers, path, resolvedHostname, body) => { - const { hostname, protocol = "https", port, path: basePath } = await context.endpoint(); - const contents = { - protocol, - hostname, - port, - method: "POST", - path: basePath.endsWith("/") ? basePath.slice(0, -1) + path : basePath + path, - headers - }; - if (resolvedHostname !== void 0) { - contents.hostname = resolvedHostname; + const { accessToken } = token; + const { SSOClient: SSOClient2, GetRoleCredentialsCommand: GetRoleCredentialsCommand2 } = await Promise.resolve().then(() => (init_loadSso(), loadSso_exports)); + const sso = ssoClient || new SSOClient2( + Object.assign({}, clientConfig ?? {}, { + logger: clientConfig?.logger ?? parentClientConfig?.logger, + region: clientConfig?.region ?? ssoRegion + }) + ); + let ssoResp; + try { + ssoResp = await sso.send( + new GetRoleCredentialsCommand2({ + accountId: ssoAccountId, + roleName: ssoRoleName, + accessToken + }) + ); + } catch (e) { + throw new import_property_provider.CredentialsProviderError(e, { + tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, + logger + }); } - if (body !== void 0) { - contents.body = body; + const { + roleCredentials: { accessKeyId, secretAccessKey, sessionToken, expiration, credentialScope, accountId } = {} + } = ssoResp; + if (!accessKeyId || !secretAccessKey || !sessionToken || !expiration) { + throw new import_property_provider.CredentialsProviderError("SSO returns an invalid temporary credential.", { + tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, + logger + }); } - return new import_protocol_http.HttpRequest(contents); -}, "buildHttpRpcRequest"); -var SHARED_HEADERS = { - "content-type": "application/x-www-form-urlencoded" -}; -var _ = "2011-06-15"; -var _A = "Action"; -var _AKI = "AccessKeyId"; -var _AR = "AssumeRole"; -var _ARI = "AssumedRoleId"; -var _ARU = "AssumedRoleUser"; -var _ARWSAML = "AssumeRoleWithSAML"; -var _ARWWI = "AssumeRoleWithWebIdentity"; -var _ARs = "AssumeRoot"; -var _Ac = "Account"; -var _Ar = "Arn"; -var _Au = "Audience"; -var _C = "Credentials"; -var _CA = "ContextAssertion"; -var _DAM = "DecodeAuthorizationMessage"; -var _DM = "DecodedMessage"; -var _DS = "DurationSeconds"; -var _E = "Expiration"; -var _EI = "ExternalId"; -var _EM = "EncodedMessage"; -var _FU = "FederatedUser"; -var _FUI = "FederatedUserId"; -var _GAKI = "GetAccessKeyInfo"; -var _GCI = "GetCallerIdentity"; -var _GFT = "GetFederationToken"; -var _GST = "GetSessionToken"; -var _I = "Issuer"; -var _K = "Key"; -var _N = "Name"; -var _NQ = "NameQualifier"; -var _P = "Policy"; -var _PA = "PolicyArns"; -var _PAr = "PrincipalArn"; -var _PAro = "ProviderArn"; -var _PC = "ProvidedContexts"; -var _PI = "ProviderId"; -var _PPS = "PackedPolicySize"; -var _Pr = "Provider"; -var _RA = "RoleArn"; -var _RSN = "RoleSessionName"; -var _S = "Subject"; -var _SAK = "SecretAccessKey"; -var _SAMLA = "SAMLAssertion"; -var _SFWIT = "SubjectFromWebIdentityToken"; -var _SI = "SourceIdentity"; -var _SN = "SerialNumber"; -var _ST = "SubjectType"; -var _STe = "SessionToken"; -var _T = "Tags"; -var _TC = "TokenCode"; -var _TP = "TargetPrincipal"; -var _TPA = "TaskPolicyArn"; -var _TTK = "TransitiveTagKeys"; -var _UI = "UserId"; -var _V = "Version"; -var _Va = "Value"; -var _WIT = "WebIdentityToken"; -var _a = "arn"; -var _m = "message"; -var buildFormUrlencodedString = /* @__PURE__ */ __name((formEntries) => Object.entries(formEntries).map(([key, value]) => (0, import_smithy_client.extendedEncodeURIComponent)(key) + "=" + (0, import_smithy_client.extendedEncodeURIComponent)(value)).join("&"), "buildFormUrlencodedString"); -var loadQueryErrorCode = /* @__PURE__ */ __name((output, data) => { - if (data.Error?.Code !== void 0) { - return data.Error.Code; + const credentials = { + accessKeyId, + secretAccessKey, + sessionToken, + expiration: new Date(expiration), + ...credentialScope && { credentialScope }, + ...accountId && { accountId } + }; + if (ssoSession) { + (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_SSO", "s"); + } else { + (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_SSO_LEGACY", "u"); } - if (output.statusCode == 404) { - return "NotFound"; + return credentials; +}, "resolveSSOCredentials"); + +// src/validateSsoProfile.ts + +var validateSsoProfile = /* @__PURE__ */ __name((profile, logger) => { + const { sso_start_url, sso_account_id, sso_region, sso_role_name } = profile; + if (!sso_start_url || !sso_account_id || !sso_region || !sso_role_name) { + throw new import_property_provider.CredentialsProviderError( + `Profile is configured with invalid SSO credentials. Required parameters "sso_account_id", "sso_region", "sso_role_name", "sso_start_url". Got ${Object.keys(profile).join( + ", " + )} +Reference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`, + { tryNextLink: false, logger } + ); } -}, "loadQueryErrorCode"); + return profile; +}, "validateSsoProfile"); -// src/commands/AssumeRoleCommand.ts -var AssumeRoleCommand = class extends import_smithy_client.Command.classBuilder().ep(import_EndpointParameters.commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("AWSSecurityTokenServiceV20110615", "AssumeRole", {}).n("STSClient", "AssumeRoleCommand").f(void 0, AssumeRoleResponseFilterSensitiveLog).ser(se_AssumeRoleCommand).de(de_AssumeRoleCommand).build() { - static { - __name(this, "AssumeRoleCommand"); +// src/fromSSO.ts +var fromSSO = /* @__PURE__ */ __name((init = {}) => async ({ callerClientConfig } = {}) => { + init.logger?.debug("@aws-sdk/credential-provider-sso - fromSSO"); + const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoSession } = init; + const { ssoClient } = init; + const profileName = (0, import_shared_ini_file_loader.getProfileName)({ + profile: init.profile ?? callerClientConfig?.profile + }); + if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName && !ssoSession) { + const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init); + const profile = profiles[profileName]; + if (!profile) { + throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} was not found.`, { logger: init.logger }); + } + if (!isSsoProfile(profile)) { + throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} is not configured with SSO credentials.`, { + logger: init.logger + }); + } + if (profile?.sso_session) { + const ssoSessions = await (0, import_shared_ini_file_loader.loadSsoSessionData)(init); + const session = ssoSessions[profile.sso_session]; + const conflictMsg = ` configurations in profile ${profileName} and sso-session ${profile.sso_session}`; + if (ssoRegion && ssoRegion !== session.sso_region) { + throw new import_property_provider.CredentialsProviderError(`Conflicting SSO region` + conflictMsg, { + tryNextLink: false, + logger: init.logger + }); + } + if (ssoStartUrl && ssoStartUrl !== session.sso_start_url) { + throw new import_property_provider.CredentialsProviderError(`Conflicting SSO start_url` + conflictMsg, { + tryNextLink: false, + logger: init.logger + }); + } + profile.sso_region = session.sso_region; + profile.sso_start_url = session.sso_start_url; + } + const { sso_start_url, sso_account_id, sso_region, sso_role_name, sso_session } = validateSsoProfile( + profile, + init.logger + ); + return resolveSSOCredentials({ + ssoStartUrl: sso_start_url, + ssoSession: sso_session, + ssoAccountId: sso_account_id, + ssoRegion: sso_region, + ssoRoleName: sso_role_name, + ssoClient, + clientConfig: init.clientConfig, + parentClientConfig: init.parentClientConfig, + profile: profileName + }); + } else if (!ssoStartUrl || !ssoAccountId || !ssoRegion || !ssoRoleName) { + throw new import_property_provider.CredentialsProviderError( + 'Incomplete configuration. The fromSSO() argument hash must include "ssoStartUrl", "ssoAccountId", "ssoRegion", "ssoRoleName"', + { tryNextLink: false, logger: init.logger } + ); + } else { + return resolveSSOCredentials({ + ssoStartUrl, + ssoSession, + ssoAccountId, + ssoRegion, + ssoRoleName, + ssoClient, + clientConfig: init.clientConfig, + parentClientConfig: init.parentClientConfig, + profile: profileName + }); } +}, "fromSSO"); +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); + + + +/***/ }), + +/***/ 279: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.fromTokenFile = void 0; +const client_1 = __nccwpck_require__(6510); +const property_provider_1 = __nccwpck_require__(9721); +const fs_1 = __nccwpck_require__(7147); +const fromWebToken_1 = __nccwpck_require__(9527); +const ENV_TOKEN_FILE = "AWS_WEB_IDENTITY_TOKEN_FILE"; +const ENV_ROLE_ARN = "AWS_ROLE_ARN"; +const ENV_ROLE_SESSION_NAME = "AWS_ROLE_SESSION_NAME"; +const fromTokenFile = (init = {}) => async () => { + init.logger?.debug("@aws-sdk/credential-provider-web-identity - fromTokenFile"); + const webIdentityTokenFile = init?.webIdentityTokenFile ?? process.env[ENV_TOKEN_FILE]; + const roleArn = init?.roleArn ?? process.env[ENV_ROLE_ARN]; + const roleSessionName = init?.roleSessionName ?? process.env[ENV_ROLE_SESSION_NAME]; + if (!webIdentityTokenFile || !roleArn) { + throw new property_provider_1.CredentialsProviderError("Web identity configuration not specified", { + logger: init.logger, + }); + } + const credentials = await (0, fromWebToken_1.fromWebToken)({ + ...init, + webIdentityToken: (0, fs_1.readFileSync)(webIdentityTokenFile, { encoding: "ascii" }), + roleArn, + roleSessionName, + })(); + if (webIdentityTokenFile === process.env[ENV_TOKEN_FILE]) { + (0, client_1.setCredentialFeature)(credentials, "CREDENTIALS_ENV_VARS_STS_WEB_ID_TOKEN", "h"); + } + return credentials; }; +exports.fromTokenFile = fromTokenFile; -// src/commands/AssumeRoleWithSAMLCommand.ts +/***/ }), + +/***/ 9527: +/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { +"use strict"; -var import_EndpointParameters2 = __nccwpck_require__(510); -var AssumeRoleWithSAMLCommand = class extends import_smithy_client.Command.classBuilder().ep(import_EndpointParameters2.commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("AWSSecurityTokenServiceV20110615", "AssumeRoleWithSAML", {}).n("STSClient", "AssumeRoleWithSAMLCommand").f(AssumeRoleWithSAMLRequestFilterSensitiveLog, AssumeRoleWithSAMLResponseFilterSensitiveLog).ser(se_AssumeRoleWithSAMLCommand).de(de_AssumeRoleWithSAMLCommand).build() { - static { - __name(this, "AssumeRoleWithSAMLCommand"); - } +var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { + if (k2 === undefined) k2 = k; + var desc = Object.getOwnPropertyDescriptor(m, k); + if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { + desc = { enumerable: true, get: function() { return m[k]; } }; + } + Object.defineProperty(o, k2, desc); +}) : (function(o, m, k, k2) { + if (k2 === undefined) k2 = k; + o[k2] = m[k]; +})); +var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { + Object.defineProperty(o, "default", { enumerable: true, value: v }); +}) : function(o, v) { + o["default"] = v; +}); +var __importStar = (this && this.__importStar) || (function () { + var ownKeys = function(o) { + ownKeys = Object.getOwnPropertyNames || function (o) { + var ar = []; + for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k; + return ar; + }; + return ownKeys(o); + }; + return function (mod) { + if (mod && mod.__esModule) return mod; + var result = {}; + if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]); + __setModuleDefault(result, mod); + return result; + }; +})(); +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.fromWebToken = void 0; +const fromWebToken = (init) => async (awsIdentityProperties) => { + init.logger?.debug("@aws-sdk/credential-provider-web-identity - fromWebToken"); + const { roleArn, roleSessionName, webIdentityToken, providerId, policyArns, policy, durationSeconds } = init; + let { roleAssumerWithWebIdentity } = init; + if (!roleAssumerWithWebIdentity) { + const { getDefaultRoleAssumerWithWebIdentity } = await Promise.resolve().then(() => __importStar(__nccwpck_require__(3764))); + roleAssumerWithWebIdentity = getDefaultRoleAssumerWithWebIdentity({ + ...init.clientConfig, + credentialProviderLogger: init.logger, + parentClientConfig: { + ...awsIdentityProperties?.callerClientConfig, + ...init.parentClientConfig, + }, + }, init.clientPlugins); + } + return roleAssumerWithWebIdentity({ + RoleArn: roleArn, + RoleSessionName: roleSessionName ?? `aws-sdk-js-session-${Date.now()}`, + WebIdentityToken: webIdentityToken, + ProviderId: providerId, + PolicyArns: policyArns, + Policy: policy, + DurationSeconds: durationSeconds, + }); }; +exports.fromWebToken = fromWebToken; -// src/commands/AssumeRoleWithWebIdentityCommand.ts +/***/ }), +/***/ 5603: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { -var import_EndpointParameters3 = __nccwpck_require__(510); -var AssumeRoleWithWebIdentityCommand = class extends import_smithy_client.Command.classBuilder().ep(import_EndpointParameters3.commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("AWSSecurityTokenServiceV20110615", "AssumeRoleWithWebIdentity", {}).n("STSClient", "AssumeRoleWithWebIdentityCommand").f(AssumeRoleWithWebIdentityRequestFilterSensitiveLog, AssumeRoleWithWebIdentityResponseFilterSensitiveLog).ser(se_AssumeRoleWithWebIdentityCommand).de(de_AssumeRoleWithWebIdentityCommand).build() { - static { - __name(this, "AssumeRoleWithWebIdentityCommand"); +"use strict"; + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } + return to; }; +var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default")); +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -// src/commands/AssumeRootCommand.ts +// src/index.ts +var index_exports = {}; +module.exports = __toCommonJS(index_exports); +__reExport(index_exports, __nccwpck_require__(279), module.exports); +__reExport(index_exports, __nccwpck_require__(9527), module.exports); +// Annotate the CommonJS export names for ESM import in node: +0 && (0); -var import_EndpointParameters4 = __nccwpck_require__(510); -var AssumeRootCommand = class extends import_smithy_client.Command.classBuilder().ep(import_EndpointParameters4.commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("AWSSecurityTokenServiceV20110615", "AssumeRoot", {}).n("STSClient", "AssumeRootCommand").f(void 0, AssumeRootResponseFilterSensitiveLog).ser(se_AssumeRootCommand).de(de_AssumeRootCommand).build() { - static { - __name(this, "AssumeRootCommand"); + +/***/ }), + +/***/ 9514: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +"use strict"; + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } + return to; }; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -// src/commands/DecodeAuthorizationMessageCommand.ts +// src/index.ts +var index_exports = {}; +__export(index_exports, { + getHostHeaderPlugin: () => getHostHeaderPlugin, + hostHeaderMiddleware: () => hostHeaderMiddleware, + hostHeaderMiddlewareOptions: () => hostHeaderMiddlewareOptions, + resolveHostHeaderConfig: () => resolveHostHeaderConfig +}); +module.exports = __toCommonJS(index_exports); +var import_protocol_http = __nccwpck_require__(4418); +function resolveHostHeaderConfig(input) { + return input; +} +__name(resolveHostHeaderConfig, "resolveHostHeaderConfig"); +var hostHeaderMiddleware = /* @__PURE__ */ __name((options) => (next) => async (args) => { + if (!import_protocol_http.HttpRequest.isInstance(args.request)) return next(args); + const { request } = args; + const { handlerProtocol = "" } = options.requestHandler.metadata || {}; + if (handlerProtocol.indexOf("h2") >= 0 && !request.headers[":authority"]) { + delete request.headers["host"]; + request.headers[":authority"] = request.hostname + (request.port ? ":" + request.port : ""); + } else if (!request.headers["host"]) { + let host = request.hostname; + if (request.port != null) host += `:${request.port}`; + request.headers["host"] = host; + } + return next(args); +}, "hostHeaderMiddleware"); +var hostHeaderMiddlewareOptions = { + name: "hostHeaderMiddleware", + step: "build", + priority: "low", + tags: ["HOST"], + override: true +}; +var getHostHeaderPlugin = /* @__PURE__ */ __name((options) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.add(hostHeaderMiddleware(options), hostHeaderMiddlewareOptions); + }, "applyToStack") +}), "getHostHeaderPlugin"); +// Annotate the CommonJS export names for ESM import in node: +0 && (0); -var import_EndpointParameters5 = __nccwpck_require__(510); -var DecodeAuthorizationMessageCommand = class extends import_smithy_client.Command.classBuilder().ep(import_EndpointParameters5.commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("AWSSecurityTokenServiceV20110615", "DecodeAuthorizationMessage", {}).n("STSClient", "DecodeAuthorizationMessageCommand").f(void 0, void 0).ser(se_DecodeAuthorizationMessageCommand).de(de_DecodeAuthorizationMessageCommand).build() { - static { - __name(this, "DecodeAuthorizationMessageCommand"); + +/***/ }), + +/***/ 5675: +/***/ ((module) => { + +"use strict"; + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + } + return to; +}; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/index.ts +var index_exports = {}; +__export(index_exports, { + getLoggerPlugin: () => getLoggerPlugin, + loggerMiddleware: () => loggerMiddleware, + loggerMiddlewareOptions: () => loggerMiddlewareOptions +}); +module.exports = __toCommonJS(index_exports); + +// src/loggerMiddleware.ts +var loggerMiddleware = /* @__PURE__ */ __name(() => (next, context) => async (args) => { + try { + const response = await next(args); + const { clientName, commandName, logger, dynamoDbDocumentClientOptions = {} } = context; + const { overrideInputFilterSensitiveLog, overrideOutputFilterSensitiveLog } = dynamoDbDocumentClientOptions; + const inputFilterSensitiveLog = overrideInputFilterSensitiveLog ?? context.inputFilterSensitiveLog; + const outputFilterSensitiveLog = overrideOutputFilterSensitiveLog ?? context.outputFilterSensitiveLog; + const { $metadata, ...outputWithoutMetadata } = response.output; + logger?.info?.({ + clientName, + commandName, + input: inputFilterSensitiveLog(args.input), + output: outputFilterSensitiveLog(outputWithoutMetadata), + metadata: $metadata + }); + return response; + } catch (error) { + const { clientName, commandName, logger, dynamoDbDocumentClientOptions = {} } = context; + const { overrideInputFilterSensitiveLog } = dynamoDbDocumentClientOptions; + const inputFilterSensitiveLog = overrideInputFilterSensitiveLog ?? context.inputFilterSensitiveLog; + logger?.error?.({ + clientName, + commandName, + input: inputFilterSensitiveLog(args.input), + error, + metadata: error.$metadata + }); + throw error; } +}, "loggerMiddleware"); +var loggerMiddlewareOptions = { + name: "loggerMiddleware", + tags: ["LOGGER"], + step: "initialize", + override: true }; +var getLoggerPlugin = /* @__PURE__ */ __name((options) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.add(loggerMiddleware(), loggerMiddlewareOptions); + }, "applyToStack") +}), "getLoggerPlugin"); +// Annotate the CommonJS export names for ESM import in node: -// src/commands/GetAccessKeyInfoCommand.ts - +0 && (0); -var import_EndpointParameters6 = __nccwpck_require__(510); -var GetAccessKeyInfoCommand = class extends import_smithy_client.Command.classBuilder().ep(import_EndpointParameters6.commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("AWSSecurityTokenServiceV20110615", "GetAccessKeyInfo", {}).n("STSClient", "GetAccessKeyInfoCommand").f(void 0, void 0).ser(se_GetAccessKeyInfoCommand).de(de_GetAccessKeyInfoCommand).build() { - static { - __name(this, "GetAccessKeyInfoCommand"); - } -}; -// src/commands/GetCallerIdentityCommand.ts +/***/ }), +/***/ 7977: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; -var import_EndpointParameters7 = __nccwpck_require__(510); -var GetCallerIdentityCommand = class extends import_smithy_client.Command.classBuilder().ep(import_EndpointParameters7.commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("AWSSecurityTokenServiceV20110615", "GetCallerIdentity", {}).n("STSClient", "GetCallerIdentityCommand").f(void 0, void 0).ser(se_GetCallerIdentityCommand).de(de_GetCallerIdentityCommand).build() { - static { - __name(this, "GetCallerIdentityCommand"); - } +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); }; - -// src/commands/GetFederationTokenCommand.ts - - - -var import_EndpointParameters8 = __nccwpck_require__(510); -var GetFederationTokenCommand = class extends import_smithy_client.Command.classBuilder().ep(import_EndpointParameters8.commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("AWSSecurityTokenServiceV20110615", "GetFederationToken", {}).n("STSClient", "GetFederationTokenCommand").f(void 0, GetFederationTokenResponseFilterSensitiveLog).ser(se_GetFederationTokenCommand).de(de_GetFederationTokenCommand).build() { - static { - __name(this, "GetFederationTokenCommand"); +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } + return to; }; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -// src/commands/GetSessionTokenCommand.ts - - - -var import_EndpointParameters9 = __nccwpck_require__(510); -var GetSessionTokenCommand = class extends import_smithy_client.Command.classBuilder().ep(import_EndpointParameters9.commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("AWSSecurityTokenServiceV20110615", "GetSessionToken", {}).n("STSClient", "GetSessionTokenCommand").f(void 0, GetSessionTokenResponseFilterSensitiveLog).ser(se_GetSessionTokenCommand).de(de_GetSessionTokenCommand).build() { - static { - __name(this, "GetSessionTokenCommand"); +// src/index.ts +var index_exports = {}; +__export(index_exports, { + addRecursionDetectionMiddlewareOptions: () => addRecursionDetectionMiddlewareOptions, + getRecursionDetectionPlugin: () => getRecursionDetectionPlugin, + recursionDetectionMiddleware: () => recursionDetectionMiddleware +}); +module.exports = __toCommonJS(index_exports); +var import_protocol_http = __nccwpck_require__(4418); +var TRACE_ID_HEADER_NAME = "X-Amzn-Trace-Id"; +var ENV_LAMBDA_FUNCTION_NAME = "AWS_LAMBDA_FUNCTION_NAME"; +var ENV_TRACE_ID = "_X_AMZN_TRACE_ID"; +var recursionDetectionMiddleware = /* @__PURE__ */ __name((options) => (next) => async (args) => { + const { request } = args; + if (!import_protocol_http.HttpRequest.isInstance(request) || options.runtime !== "node") { + return next(args); } -}; - -// src/STS.ts -var import_STSClient = __nccwpck_require__(4195); -var commands = { - AssumeRoleCommand, - AssumeRoleWithSAMLCommand, - AssumeRoleWithWebIdentityCommand, - AssumeRootCommand, - DecodeAuthorizationMessageCommand, - GetAccessKeyInfoCommand, - GetCallerIdentityCommand, - GetFederationTokenCommand, - GetSessionTokenCommand -}; -var STS = class extends import_STSClient.STSClient { - static { - __name(this, "STS"); + const traceIdHeader = Object.keys(request.headers ?? {}).find((h) => h.toLowerCase() === TRACE_ID_HEADER_NAME.toLowerCase()) ?? TRACE_ID_HEADER_NAME; + if (request.headers.hasOwnProperty(traceIdHeader)) { + return next(args); } -}; -(0, import_smithy_client.createAggregatedClient)(commands, STS); - -// src/index.ts -var import_EndpointParameters10 = __nccwpck_require__(510); - -// src/defaultStsRoleAssumers.ts -var import_client = __nccwpck_require__(6510); -var ASSUME_ROLE_DEFAULT_REGION = "us-east-1"; -var getAccountIdFromAssumedRoleUser = /* @__PURE__ */ __name((assumedRoleUser) => { - if (typeof assumedRoleUser?.Arn === "string") { - const arnComponents = assumedRoleUser.Arn.split(":"); - if (arnComponents.length > 4 && arnComponents[4] !== "") { - return arnComponents[4]; - } + const functionName = process.env[ENV_LAMBDA_FUNCTION_NAME]; + const traceId = process.env[ENV_TRACE_ID]; + const nonEmptyString = /* @__PURE__ */ __name((str) => typeof str === "string" && str.length > 0, "nonEmptyString"); + if (nonEmptyString(functionName) && nonEmptyString(traceId)) { + request.headers[TRACE_ID_HEADER_NAME] = traceId; } - return void 0; -}, "getAccountIdFromAssumedRoleUser"); -var resolveRegion = /* @__PURE__ */ __name(async (_region, _parentRegion, credentialProviderLogger) => { - const region = typeof _region === "function" ? await _region() : _region; - const parentRegion = typeof _parentRegion === "function" ? await _parentRegion() : _parentRegion; - credentialProviderLogger?.debug?.( - "@aws-sdk/client-sts::resolveRegion", - "accepting first of:", - `${region} (provider)`, - `${parentRegion} (parent client)`, - `${ASSUME_ROLE_DEFAULT_REGION} (STS default)` - ); - return region ?? parentRegion ?? ASSUME_ROLE_DEFAULT_REGION; -}, "resolveRegion"); -var getDefaultRoleAssumer = /* @__PURE__ */ __name((stsOptions, STSClient3) => { - let stsClient; - let closureSourceCreds; - return async (sourceCreds, params) => { - closureSourceCreds = sourceCreds; - if (!stsClient) { - const { - logger = stsOptions?.parentClientConfig?.logger, - region, - requestHandler = stsOptions?.parentClientConfig?.requestHandler, - credentialProviderLogger - } = stsOptions; - const resolvedRegion = await resolveRegion( - region, - stsOptions?.parentClientConfig?.region, - credentialProviderLogger - ); - const isCompatibleRequestHandler = !isH2(requestHandler); - stsClient = new STSClient3({ - profile: stsOptions?.parentClientConfig?.profile, - // A hack to make sts client uses the credential in current closure. - credentialDefaultProvider: /* @__PURE__ */ __name(() => async () => closureSourceCreds, "credentialDefaultProvider"), - region: resolvedRegion, - requestHandler: isCompatibleRequestHandler ? requestHandler : void 0, - logger - }); - } - const { Credentials: Credentials2, AssumedRoleUser: AssumedRoleUser2 } = await stsClient.send(new AssumeRoleCommand(params)); - if (!Credentials2 || !Credentials2.AccessKeyId || !Credentials2.SecretAccessKey) { - throw new Error(`Invalid response from STS.assumeRole call with role ${params.RoleArn}`); - } - const accountId = getAccountIdFromAssumedRoleUser(AssumedRoleUser2); - const credentials = { - accessKeyId: Credentials2.AccessKeyId, - secretAccessKey: Credentials2.SecretAccessKey, - sessionToken: Credentials2.SessionToken, - expiration: Credentials2.Expiration, - // TODO(credentialScope): access normally when shape is updated. - ...Credentials2.CredentialScope && { credentialScope: Credentials2.CredentialScope }, - ...accountId && { accountId } - }; - (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_STS_ASSUME_ROLE", "i"); - return credentials; - }; -}, "getDefaultRoleAssumer"); -var getDefaultRoleAssumerWithWebIdentity = /* @__PURE__ */ __name((stsOptions, STSClient3) => { - let stsClient; - return async (params) => { - if (!stsClient) { - const { - logger = stsOptions?.parentClientConfig?.logger, - region, - requestHandler = stsOptions?.parentClientConfig?.requestHandler, - credentialProviderLogger - } = stsOptions; - const resolvedRegion = await resolveRegion( - region, - stsOptions?.parentClientConfig?.region, - credentialProviderLogger - ); - const isCompatibleRequestHandler = !isH2(requestHandler); - stsClient = new STSClient3({ - profile: stsOptions?.parentClientConfig?.profile, - region: resolvedRegion, - requestHandler: isCompatibleRequestHandler ? requestHandler : void 0, - logger - }); - } - const { Credentials: Credentials2, AssumedRoleUser: AssumedRoleUser2 } = await stsClient.send(new AssumeRoleWithWebIdentityCommand(params)); - if (!Credentials2 || !Credentials2.AccessKeyId || !Credentials2.SecretAccessKey) { - throw new Error(`Invalid response from STS.assumeRoleWithWebIdentity call with role ${params.RoleArn}`); - } - const accountId = getAccountIdFromAssumedRoleUser(AssumedRoleUser2); - const credentials = { - accessKeyId: Credentials2.AccessKeyId, - secretAccessKey: Credentials2.SecretAccessKey, - sessionToken: Credentials2.SessionToken, - expiration: Credentials2.Expiration, - // TODO(credentialScope): access normally when shape is updated. - ...Credentials2.CredentialScope && { credentialScope: Credentials2.CredentialScope }, - ...accountId && { accountId } - }; - if (accountId) { - (0, import_client.setCredentialFeature)(credentials, "RESOLVED_ACCOUNT_ID", "T"); - } - (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_STS_ASSUME_ROLE_WEB_ID", "k"); - return credentials; - }; -}, "getDefaultRoleAssumerWithWebIdentity"); -var isH2 = /* @__PURE__ */ __name((requestHandler) => { - return requestHandler?.metadata?.handlerProtocol === "h2"; -}, "isH2"); - -// src/defaultRoleAssumers.ts -var import_STSClient2 = __nccwpck_require__(4195); -var getCustomizableStsClientCtor = /* @__PURE__ */ __name((baseCtor, customizations) => { - if (!customizations) return baseCtor; - else - return class CustomizableSTSClient extends baseCtor { - static { - __name(this, "CustomizableSTSClient"); - } - constructor(config) { - super(config); - for (const customization of customizations) { - this.middlewareStack.use(customization); - } - } - }; -}, "getCustomizableStsClientCtor"); -var getDefaultRoleAssumer2 = /* @__PURE__ */ __name((stsOptions = {}, stsPlugins) => getDefaultRoleAssumer(stsOptions, getCustomizableStsClientCtor(import_STSClient2.STSClient, stsPlugins)), "getDefaultRoleAssumer"); -var getDefaultRoleAssumerWithWebIdentity2 = /* @__PURE__ */ __name((stsOptions = {}, stsPlugins) => getDefaultRoleAssumerWithWebIdentity(stsOptions, getCustomizableStsClientCtor(import_STSClient2.STSClient, stsPlugins)), "getDefaultRoleAssumerWithWebIdentity"); -var decorateDefaultCredentialProvider = /* @__PURE__ */ __name((provider) => (input) => provider({ - roleAssumer: getDefaultRoleAssumer2(input), - roleAssumerWithWebIdentity: getDefaultRoleAssumerWithWebIdentity2(input), - ...input -}), "decorateDefaultCredentialProvider"); + return next({ + ...args, + request + }); +}, "recursionDetectionMiddleware"); +var addRecursionDetectionMiddlewareOptions = { + step: "build", + tags: ["RECURSION_DETECTION"], + name: "recursionDetectionMiddleware", + override: true, + priority: "low" +}; +var getRecursionDetectionPlugin = /* @__PURE__ */ __name((options) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.add(recursionDetectionMiddleware(options), addRecursionDetectionMiddlewareOptions); + }, "applyToStack") +}), "getRecursionDetectionPlugin"); // Annotate the CommonJS export names for ESM import in node: 0 && (0); @@ -30532,163 +38985,245 @@ var decorateDefaultCredentialProvider = /* @__PURE__ */ __name((provider) => (in /***/ }), -/***/ 3405: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { +/***/ 6634: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.getRuntimeConfig = void 0; -const tslib_1 = __nccwpck_require__(4351); -const package_json_1 = tslib_1.__importDefault(__nccwpck_require__(7947)); -const core_1 = __nccwpck_require__(2143); -const credential_provider_node_1 = __nccwpck_require__(3196); -const util_user_agent_node_1 = __nccwpck_require__(7330); -const config_resolver_1 = __nccwpck_require__(3098); -const core_2 = __nccwpck_require__(5829); -const hash_node_1 = __nccwpck_require__(3081); -const middleware_retry_1 = __nccwpck_require__(6039); -const node_config_provider_1 = __nccwpck_require__(3461); -const node_http_handler_1 = __nccwpck_require__(258); -const util_body_length_node_1 = __nccwpck_require__(8075); -const util_retry_1 = __nccwpck_require__(4902); -const runtimeConfig_shared_1 = __nccwpck_require__(2642); -const smithy_client_1 = __nccwpck_require__(3570); -const util_defaults_mode_node_1 = __nccwpck_require__(2429); -const smithy_client_2 = __nccwpck_require__(3570); -const getRuntimeConfig = (config) => { - (0, smithy_client_2.emitWarningIfUnsupportedVersion)(process.version); - const defaultsMode = (0, util_defaults_mode_node_1.resolveDefaultsModeConfig)(config); - const defaultConfigProvider = () => defaultsMode().then(smithy_client_1.loadConfigsForDefaultMode); - const clientSharedValues = (0, runtimeConfig_shared_1.getRuntimeConfig)(config); - (0, core_1.emitWarningIfUnsupportedVersion)(process.version); - const loaderConfig = { - profile: config?.profile, - logger: clientSharedValues.logger, - }; - return { - ...clientSharedValues, - ...config, - runtime: "node", - defaultsMode, - authSchemePreference: config?.authSchemePreference ?? (0, node_config_provider_1.loadConfig)(core_1.NODE_AUTH_SCHEME_PREFERENCE_OPTIONS, loaderConfig), - bodyLengthChecker: config?.bodyLengthChecker ?? util_body_length_node_1.calculateBodyLength, - credentialDefaultProvider: config?.credentialDefaultProvider ?? credential_provider_node_1.defaultProvider, - defaultUserAgentProvider: config?.defaultUserAgentProvider ?? - (0, util_user_agent_node_1.createDefaultUserAgentProvider)({ serviceId: clientSharedValues.serviceId, clientVersion: package_json_1.default.version }), - httpAuthSchemes: config?.httpAuthSchemes ?? [ - { - schemeId: "aws.auth#sigv4", - identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4") || - (async (idProps) => await (0, credential_provider_node_1.defaultProvider)(idProps?.__config || {})()), - signer: new core_1.AwsSdkSigV4Signer(), - }, - { - schemeId: "smithy.api#noAuth", - identityProvider: (ipc) => ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})), - signer: new core_2.NoAuthSigner(), - }, - ], - maxAttempts: config?.maxAttempts ?? (0, node_config_provider_1.loadConfig)(middleware_retry_1.NODE_MAX_ATTEMPT_CONFIG_OPTIONS, config), - region: config?.region ?? - (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_REGION_CONFIG_OPTIONS, { ...config_resolver_1.NODE_REGION_CONFIG_FILE_OPTIONS, ...loaderConfig }), - requestHandler: node_http_handler_1.NodeHttpHandler.create(config?.requestHandler ?? defaultConfigProvider), - retryMode: config?.retryMode ?? - (0, node_config_provider_1.loadConfig)({ - ...middleware_retry_1.NODE_RETRY_MODE_CONFIG_OPTIONS, - default: async () => (await defaultConfigProvider()).retryMode || util_retry_1.DEFAULT_RETRY_MODE, - }, config), - sha256: config?.sha256 ?? hash_node_1.Hash.bind(null, "sha256"), - streamCollector: config?.streamCollector ?? node_http_handler_1.streamCollector, - useDualstackEndpoint: config?.useDualstackEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS, loaderConfig), - useFipsEndpoint: config?.useFipsEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS, loaderConfig), - userAgentAppId: config?.userAgentAppId ?? (0, node_config_provider_1.loadConfig)(util_user_agent_node_1.NODE_APP_ID_CONFIG_OPTIONS, loaderConfig), - }; +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); }; -exports.getRuntimeConfig = getRuntimeConfig; - +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + } + return to; +}; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -/***/ }), +// src/index.ts +var index_exports = {}; +__export(index_exports, { + DEFAULT_UA_APP_ID: () => DEFAULT_UA_APP_ID, + getUserAgentMiddlewareOptions: () => getUserAgentMiddlewareOptions, + getUserAgentPlugin: () => getUserAgentPlugin, + resolveUserAgentConfig: () => resolveUserAgentConfig, + userAgentMiddleware: () => userAgentMiddleware +}); +module.exports = __toCommonJS(index_exports); -/***/ 2642: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { +// src/configurations.ts +var import_core = __nccwpck_require__(5829); +var DEFAULT_UA_APP_ID = void 0; +function isValidUserAgentAppId(appId) { + if (appId === void 0) { + return true; + } + return typeof appId === "string" && appId.length <= 50; +} +__name(isValidUserAgentAppId, "isValidUserAgentAppId"); +function resolveUserAgentConfig(input) { + const normalizedAppIdProvider = (0, import_core.normalizeProvider)(input.userAgentAppId ?? DEFAULT_UA_APP_ID); + const { customUserAgent } = input; + return Object.assign(input, { + customUserAgent: typeof customUserAgent === "string" ? [[customUserAgent]] : customUserAgent, + userAgentAppId: /* @__PURE__ */ __name(async () => { + const appId = await normalizedAppIdProvider(); + if (!isValidUserAgentAppId(appId)) { + const logger = input.logger?.constructor?.name === "NoOpLogger" || !input.logger ? console : input.logger; + if (typeof appId !== "string") { + logger?.warn("userAgentAppId must be a string or undefined."); + } else if (appId.length > 50) { + logger?.warn("The provided userAgentAppId exceeds the maximum length of 50 characters."); + } + } + return appId; + }, "userAgentAppId") + }); +} +__name(resolveUserAgentConfig, "resolveUserAgentConfig"); -"use strict"; +// src/user-agent-middleware.ts +var import_util_endpoints = __nccwpck_require__(4241); +var import_protocol_http = __nccwpck_require__(4418); -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.getRuntimeConfig = void 0; -const core_1 = __nccwpck_require__(2143); -const core_2 = __nccwpck_require__(5829); -const smithy_client_1 = __nccwpck_require__(3570); -const url_parser_1 = __nccwpck_require__(4681); -const util_base64_1 = __nccwpck_require__(5600); -const util_utf8_1 = __nccwpck_require__(1895); -const httpAuthSchemeProvider_1 = __nccwpck_require__(7145); -const endpointResolver_1 = __nccwpck_require__(1203); -const getRuntimeConfig = (config) => { - return { - apiVersion: "2011-06-15", - base64Decoder: config?.base64Decoder ?? util_base64_1.fromBase64, - base64Encoder: config?.base64Encoder ?? util_base64_1.toBase64, - disableHostPrefix: config?.disableHostPrefix ?? false, - endpointProvider: config?.endpointProvider ?? endpointResolver_1.defaultEndpointResolver, - extensions: config?.extensions ?? [], - httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? httpAuthSchemeProvider_1.defaultSTSHttpAuthSchemeProvider, - httpAuthSchemes: config?.httpAuthSchemes ?? [ - { - schemeId: "aws.auth#sigv4", - identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4"), - signer: new core_1.AwsSdkSigV4Signer(), - }, - { - schemeId: "smithy.api#noAuth", - identityProvider: (ipc) => ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})), - signer: new core_2.NoAuthSigner(), - }, - ], - logger: config?.logger ?? new smithy_client_1.NoOpLogger(), - serviceId: config?.serviceId ?? "STS", - urlParser: config?.urlParser ?? url_parser_1.parseUrl, - utf8Decoder: config?.utf8Decoder ?? util_utf8_1.fromUtf8, - utf8Encoder: config?.utf8Encoder ?? util_utf8_1.toUtf8, - }; -}; -exports.getRuntimeConfig = getRuntimeConfig; +// src/check-features.ts +var import_core2 = __nccwpck_require__(2143); +var ACCOUNT_ID_ENDPOINT_REGEX = /\d{12}\.ddb/; +async function checkFeatures(context, config, args) { + const request = args.request; + if (request?.headers?.["smithy-protocol"] === "rpc-v2-cbor") { + (0, import_core2.setFeature)(context, "PROTOCOL_RPC_V2_CBOR", "M"); + } + if (typeof config.retryStrategy === "function") { + const retryStrategy = await config.retryStrategy(); + if (typeof retryStrategy.acquireInitialRetryToken === "function") { + if (retryStrategy.constructor?.name?.includes("Adaptive")) { + (0, import_core2.setFeature)(context, "RETRY_MODE_ADAPTIVE", "F"); + } else { + (0, import_core2.setFeature)(context, "RETRY_MODE_STANDARD", "E"); + } + } else { + (0, import_core2.setFeature)(context, "RETRY_MODE_LEGACY", "D"); + } + } + if (typeof config.accountIdEndpointMode === "function") { + const endpointV2 = context.endpointV2; + if (String(endpointV2?.url?.hostname).match(ACCOUNT_ID_ENDPOINT_REGEX)) { + (0, import_core2.setFeature)(context, "ACCOUNT_ID_ENDPOINT", "O"); + } + switch (await config.accountIdEndpointMode?.()) { + case "disabled": + (0, import_core2.setFeature)(context, "ACCOUNT_ID_MODE_DISABLED", "Q"); + break; + case "preferred": + (0, import_core2.setFeature)(context, "ACCOUNT_ID_MODE_PREFERRED", "P"); + break; + case "required": + (0, import_core2.setFeature)(context, "ACCOUNT_ID_MODE_REQUIRED", "R"); + break; + } + } + const identity = context.__smithy_context?.selectedHttpAuthScheme?.identity; + if (identity?.$source) { + const credentials = identity; + if (credentials.accountId) { + (0, import_core2.setFeature)(context, "RESOLVED_ACCOUNT_ID", "T"); + } + for (const [key, value] of Object.entries(credentials.$source ?? {})) { + (0, import_core2.setFeature)(context, key, value); + } + } +} +__name(checkFeatures, "checkFeatures"); +// src/constants.ts +var USER_AGENT = "user-agent"; +var X_AMZ_USER_AGENT = "x-amz-user-agent"; +var SPACE = " "; +var UA_NAME_SEPARATOR = "/"; +var UA_NAME_ESCAPE_REGEX = /[^\!\$\%\&\'\*\+\-\.\^\_\`\|\~\d\w]/g; +var UA_VALUE_ESCAPE_REGEX = /[^\!\$\%\&\'\*\+\-\.\^\_\`\|\~\d\w\#]/g; +var UA_ESCAPE_CHAR = "-"; -/***/ }), +// src/encode-features.ts +var BYTE_LIMIT = 1024; +function encodeFeatures(features) { + let buffer = ""; + for (const key in features) { + const val = features[key]; + if (buffer.length + val.length + 1 <= BYTE_LIMIT) { + if (buffer.length) { + buffer += "," + val; + } else { + buffer += val; + } + continue; + } + break; + } + return buffer; +} +__name(encodeFeatures, "encodeFeatures"); -/***/ 2053: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { +// src/user-agent-middleware.ts +var userAgentMiddleware = /* @__PURE__ */ __name((options) => (next, context) => async (args) => { + const { request } = args; + if (!import_protocol_http.HttpRequest.isInstance(request)) { + return next(args); + } + const { headers } = request; + const userAgent = context?.userAgent?.map(escapeUserAgent) || []; + const defaultUserAgent = (await options.defaultUserAgentProvider()).map(escapeUserAgent); + await checkFeatures(context, options, args); + const awsContext = context; + defaultUserAgent.push( + `m/${encodeFeatures( + Object.assign({}, context.__smithy_context?.features, awsContext.__aws_sdk_context?.features) + )}` + ); + const customUserAgent = options?.customUserAgent?.map(escapeUserAgent) || []; + const appId = await options.userAgentAppId(); + if (appId) { + defaultUserAgent.push(escapeUserAgent([`app/${appId}`])); + } + const prefix = (0, import_util_endpoints.getUserAgentPrefix)(); + const sdkUserAgentValue = (prefix ? [prefix] : []).concat([...defaultUserAgent, ...userAgent, ...customUserAgent]).join(SPACE); + const normalUAValue = [ + ...defaultUserAgent.filter((section) => section.startsWith("aws-sdk-")), + ...customUserAgent + ].join(SPACE); + if (options.runtime !== "browser") { + if (normalUAValue) { + headers[X_AMZ_USER_AGENT] = headers[X_AMZ_USER_AGENT] ? `${headers[USER_AGENT]} ${normalUAValue}` : normalUAValue; + } + headers[USER_AGENT] = sdkUserAgentValue; + } else { + headers[X_AMZ_USER_AGENT] = sdkUserAgentValue; + } + return next({ + ...args, + request + }); +}, "userAgentMiddleware"); +var escapeUserAgent = /* @__PURE__ */ __name((userAgentPair) => { + const name = userAgentPair[0].split(UA_NAME_SEPARATOR).map((part) => part.replace(UA_NAME_ESCAPE_REGEX, UA_ESCAPE_CHAR)).join(UA_NAME_SEPARATOR); + const version = userAgentPair[1]?.replace(UA_VALUE_ESCAPE_REGEX, UA_ESCAPE_CHAR); + const prefixSeparatorIndex = name.indexOf(UA_NAME_SEPARATOR); + const prefix = name.substring(0, prefixSeparatorIndex); + let uaName = name.substring(prefixSeparatorIndex + 1); + if (prefix === "api") { + uaName = uaName.toLowerCase(); + } + return [prefix, uaName, version].filter((item) => item && item.length > 0).reduce((acc, item, index) => { + switch (index) { + case 0: + return item; + case 1: + return `${acc}/${item}`; + default: + return `${acc}#${item}`; + } + }, ""); +}, "escapeUserAgent"); +var getUserAgentMiddlewareOptions = { + name: "getUserAgentMiddleware", + step: "build", + priority: "low", + tags: ["SET_USER_AGENT", "USER_AGENT"], + override: true +}; +var getUserAgentPlugin = /* @__PURE__ */ __name((config) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.add(userAgentMiddleware(config), getUserAgentMiddlewareOptions); + }, "applyToStack") +}), "getUserAgentPlugin"); +// Annotate the CommonJS export names for ESM import in node: -"use strict"; +0 && (0); -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.resolveRuntimeExtensions = void 0; -const region_config_resolver_1 = __nccwpck_require__(6976); -const protocol_http_1 = __nccwpck_require__(4418); -const smithy_client_1 = __nccwpck_require__(3570); -const httpAuthExtensionConfiguration_1 = __nccwpck_require__(8527); -const resolveRuntimeExtensions = (runtimeConfig, extensions) => { - const extensionConfiguration = Object.assign((0, region_config_resolver_1.getAwsRegionExtensionConfiguration)(runtimeConfig), (0, smithy_client_1.getDefaultExtensionConfiguration)(runtimeConfig), (0, protocol_http_1.getHttpHandlerExtensionConfiguration)(runtimeConfig), (0, httpAuthExtensionConfiguration_1.getHttpAuthExtensionConfiguration)(runtimeConfig)); - extensions.forEach((extension) => extension.configure(extensionConfiguration)); - return Object.assign(runtimeConfig, (0, region_config_resolver_1.resolveAwsRegionExtensionConfiguration)(extensionConfiguration), (0, smithy_client_1.resolveDefaultRuntimeConfig)(extensionConfiguration), (0, protocol_http_1.resolveHttpHandlerRuntimeConfig)(extensionConfiguration), (0, httpAuthExtensionConfiguration_1.resolveHttpAuthRuntimeConfig)(extensionConfiguration)); -}; -exports.resolveRuntimeExtensions = resolveRuntimeExtensions; /***/ }), -/***/ 6555: +/***/ 9002: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.resolveHttpAuthSchemeConfig = exports.defaultSSOHttpAuthSchemeProvider = exports.defaultSSOHttpAuthSchemeParametersProvider = void 0; +exports.resolveHttpAuthSchemeConfig = exports.defaultSSOOIDCHttpAuthSchemeProvider = exports.defaultSSOOIDCHttpAuthSchemeParametersProvider = void 0; const core_1 = __nccwpck_require__(2143); const util_middleware_1 = __nccwpck_require__(2390); -const defaultSSOHttpAuthSchemeParametersProvider = async (config, context, input) => { +const defaultSSOOIDCHttpAuthSchemeParametersProvider = async (config, context, input) => { return { operation: (0, util_middleware_1.getSmithyContext)(context).operation, region: (await (0, util_middleware_1.normalizeProvider)(config.region)()) || @@ -30697,12 +39232,12 @@ const defaultSSOHttpAuthSchemeParametersProvider = async (config, context, input })(), }; }; -exports.defaultSSOHttpAuthSchemeParametersProvider = defaultSSOHttpAuthSchemeParametersProvider; +exports.defaultSSOOIDCHttpAuthSchemeParametersProvider = defaultSSOOIDCHttpAuthSchemeParametersProvider; function createAwsAuthSigv4HttpAuthOption(authParameters) { return { schemeId: "aws.auth#sigv4", signingProperties: { - name: "awsssoportal", + name: "sso-oauth", region: authParameters.region, }, propertiesExtractor: (config, context) => ({ @@ -30718,22 +39253,10 @@ function createSmithyApiNoAuthHttpAuthOption(authParameters) { schemeId: "smithy.api#noAuth", }; } -const defaultSSOHttpAuthSchemeProvider = (authParameters) => { +const defaultSSOOIDCHttpAuthSchemeProvider = (authParameters) => { const options = []; switch (authParameters.operation) { - case "GetRoleCredentials": { - options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); - break; - } - case "ListAccountRoles": { - options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); - break; - } - case "ListAccounts": { - options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); - break; - } - case "Logout": { + case "CreateToken": { options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); break; } @@ -30743,7 +39266,7 @@ const defaultSSOHttpAuthSchemeProvider = (authParameters) => { } return options; }; -exports.defaultSSOHttpAuthSchemeProvider = defaultSSOHttpAuthSchemeProvider; +exports.defaultSSOOIDCHttpAuthSchemeProvider = defaultSSOOIDCHttpAuthSchemeProvider; const resolveHttpAuthSchemeConfig = (config) => { const config_0 = (0, core_1.resolveAwsSdkSigV4Config)(config); return Object.assign(config_0, { @@ -30755,7 +39278,7 @@ exports.resolveHttpAuthSchemeConfig = resolveHttpAuthSchemeConfig; /***/ }), -/***/ 3584: +/***/ 8012: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; @@ -30764,7 +39287,7 @@ Object.defineProperty(exports, "__esModule", ({ value: true })); exports.defaultEndpointResolver = void 0; const util_endpoints_1 = __nccwpck_require__(4241); const util_endpoints_2 = __nccwpck_require__(5473); -const ruleset_1 = __nccwpck_require__(7957); +const ruleset_1 = __nccwpck_require__(2507); const cache = new util_endpoints_2.EndpointCache({ size: 50, params: ["Endpoint", "Region", "UseDualStack", "UseFIPS"], @@ -30781,7 +39304,7 @@ util_endpoints_2.customEndpointFunctions.aws = util_endpoints_1.awsEndpointFunct /***/ }), -/***/ 7957: +/***/ 2507: /***/ ((__unused_webpack_module, exports) => { "use strict"; @@ -30790,13 +39313,13 @@ Object.defineProperty(exports, "__esModule", ({ value: true })); exports.ruleSet = void 0; const u = "required", v = "fn", w = "argv", x = "ref"; const a = true, b = "isSet", c = "booleanEquals", d = "error", e = "endpoint", f = "tree", g = "PartitionResult", h = "getAttr", i = { [u]: false, "type": "String" }, j = { [u]: true, "default": false, "type": "Boolean" }, k = { [x]: "Endpoint" }, l = { [v]: c, [w]: [{ [x]: "UseFIPS" }, true] }, m = { [v]: c, [w]: [{ [x]: "UseDualStack" }, true] }, n = {}, o = { [v]: h, [w]: [{ [x]: g }, "supportsFIPS"] }, p = { [x]: g }, q = { [v]: c, [w]: [true, { [v]: h, [w]: [p, "supportsDualStack"] }] }, r = [l], s = [m], t = [{ [x]: "Region" }]; -const _data = { version: "1.0", parameters: { Region: i, UseDualStack: j, UseFIPS: j, Endpoint: i }, rules: [{ conditions: [{ [v]: b, [w]: [k] }], rules: [{ conditions: r, error: "Invalid Configuration: FIPS and custom endpoint are not supported", type: d }, { conditions: s, error: "Invalid Configuration: Dualstack and custom endpoint are not supported", type: d }, { endpoint: { url: k, properties: n, headers: n }, type: e }], type: f }, { conditions: [{ [v]: b, [w]: t }], rules: [{ conditions: [{ [v]: "aws.partition", [w]: t, assign: g }], rules: [{ conditions: [l, m], rules: [{ conditions: [{ [v]: c, [w]: [a, o] }, q], rules: [{ endpoint: { url: "https://portal.sso-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: n, headers: n }, type: e }], type: f }, { error: "FIPS and DualStack are enabled, but this partition does not support one or both", type: d }], type: f }, { conditions: r, rules: [{ conditions: [{ [v]: c, [w]: [o, a] }], rules: [{ conditions: [{ [v]: "stringEquals", [w]: [{ [v]: h, [w]: [p, "name"] }, "aws-us-gov"] }], endpoint: { url: "https://portal.sso.{Region}.amazonaws.com", properties: n, headers: n }, type: e }, { endpoint: { url: "https://portal.sso-fips.{Region}.{PartitionResult#dnsSuffix}", properties: n, headers: n }, type: e }], type: f }, { error: "FIPS is enabled but this partition does not support FIPS", type: d }], type: f }, { conditions: s, rules: [{ conditions: [q], rules: [{ endpoint: { url: "https://portal.sso.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: n, headers: n }, type: e }], type: f }, { error: "DualStack is enabled but this partition does not support DualStack", type: d }], type: f }, { endpoint: { url: "https://portal.sso.{Region}.{PartitionResult#dnsSuffix}", properties: n, headers: n }, type: e }], type: f }], type: f }, { error: "Invalid Configuration: Missing Region", type: d }] }; +const _data = { version: "1.0", parameters: { Region: i, UseDualStack: j, UseFIPS: j, Endpoint: i }, rules: [{ conditions: [{ [v]: b, [w]: [k] }], rules: [{ conditions: r, error: "Invalid Configuration: FIPS and custom endpoint are not supported", type: d }, { conditions: s, error: "Invalid Configuration: Dualstack and custom endpoint are not supported", type: d }, { endpoint: { url: k, properties: n, headers: n }, type: e }], type: f }, { conditions: [{ [v]: b, [w]: t }], rules: [{ conditions: [{ [v]: "aws.partition", [w]: t, assign: g }], rules: [{ conditions: [l, m], rules: [{ conditions: [{ [v]: c, [w]: [a, o] }, q], rules: [{ endpoint: { url: "https://oidc-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: n, headers: n }, type: e }], type: f }, { error: "FIPS and DualStack are enabled, but this partition does not support one or both", type: d }], type: f }, { conditions: r, rules: [{ conditions: [{ [v]: c, [w]: [o, a] }], rules: [{ conditions: [{ [v]: "stringEquals", [w]: [{ [v]: h, [w]: [p, "name"] }, "aws-us-gov"] }], endpoint: { url: "https://oidc.{Region}.amazonaws.com", properties: n, headers: n }, type: e }, { endpoint: { url: "https://oidc-fips.{Region}.{PartitionResult#dnsSuffix}", properties: n, headers: n }, type: e }], type: f }, { error: "FIPS is enabled but this partition does not support FIPS", type: d }], type: f }, { conditions: s, rules: [{ conditions: [q], rules: [{ endpoint: { url: "https://oidc.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: n, headers: n }, type: e }], type: f }, { error: "DualStack is enabled but this partition does not support DualStack", type: d }], type: f }, { endpoint: { url: "https://oidc.{Region}.{PartitionResult#dnsSuffix}", properties: n, headers: n }, type: e }], type: f }], type: f }, { error: "Invalid Configuration: Missing Region", type: d }] }; exports.ruleSet = _data; /***/ }), -/***/ 1687: +/***/ 8959: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; @@ -30820,33 +39343,32 @@ var __copyProps = (to, from, except, desc) => { }; var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -// src/index.ts +// src/submodules/sso-oidc/index.ts var index_exports = {}; __export(index_exports, { - GetRoleCredentialsCommand: () => GetRoleCredentialsCommand, - GetRoleCredentialsRequestFilterSensitiveLog: () => GetRoleCredentialsRequestFilterSensitiveLog, - GetRoleCredentialsResponseFilterSensitiveLog: () => GetRoleCredentialsResponseFilterSensitiveLog, + $Command: () => import_smithy_client6.Command, + AccessDeniedException: () => AccessDeniedException, + AuthorizationPendingException: () => AuthorizationPendingException, + CreateTokenCommand: () => CreateTokenCommand, + CreateTokenRequestFilterSensitiveLog: () => CreateTokenRequestFilterSensitiveLog, + CreateTokenResponseFilterSensitiveLog: () => CreateTokenResponseFilterSensitiveLog, + ExpiredTokenException: () => ExpiredTokenException, + InternalServerException: () => InternalServerException, + InvalidClientException: () => InvalidClientException, + InvalidGrantException: () => InvalidGrantException, InvalidRequestException: () => InvalidRequestException, - ListAccountRolesCommand: () => ListAccountRolesCommand, - ListAccountRolesRequestFilterSensitiveLog: () => ListAccountRolesRequestFilterSensitiveLog, - ListAccountsCommand: () => ListAccountsCommand, - ListAccountsRequestFilterSensitiveLog: () => ListAccountsRequestFilterSensitiveLog, - LogoutCommand: () => LogoutCommand, - LogoutRequestFilterSensitiveLog: () => LogoutRequestFilterSensitiveLog, - ResourceNotFoundException: () => ResourceNotFoundException, - RoleCredentialsFilterSensitiveLog: () => RoleCredentialsFilterSensitiveLog, - SSO: () => SSO, - SSOClient: () => SSOClient, - SSOServiceException: () => SSOServiceException, - TooManyRequestsException: () => TooManyRequestsException, - UnauthorizedException: () => UnauthorizedException, - __Client: () => import_smithy_client.Client, - paginateListAccountRoles: () => paginateListAccountRoles, - paginateListAccounts: () => paginateListAccounts + InvalidScopeException: () => InvalidScopeException, + SSOOIDC: () => SSOOIDC, + SSOOIDCClient: () => SSOOIDCClient, + SSOOIDCServiceException: () => SSOOIDCServiceException, + SlowDownException: () => SlowDownException, + UnauthorizedClientException: () => UnauthorizedClientException, + UnsupportedGrantTypeException: () => UnsupportedGrantTypeException, + __Client: () => import_smithy_client2.Client }); module.exports = __toCommonJS(index_exports); -// src/SSOClient.ts +// src/submodules/sso-oidc/SSOOIDCClient.ts var import_middleware_host_header = __nccwpck_require__(9514); var import_middleware_logger = __nccwpck_require__(5675); var import_middleware_recursion_detection = __nccwpck_require__(7977); @@ -30856,15 +39378,15 @@ var import_core = __nccwpck_require__(5829); var import_middleware_content_length = __nccwpck_require__(2800); var import_middleware_endpoint = __nccwpck_require__(2918); var import_middleware_retry = __nccwpck_require__(6039); +var import_smithy_client2 = __nccwpck_require__(3570); +var import_httpAuthSchemeProvider = __nccwpck_require__(9002); -var import_httpAuthSchemeProvider = __nccwpck_require__(6555); - -// src/endpoint/EndpointParameters.ts +// src/submodules/sso-oidc/endpoint/EndpointParameters.ts var resolveClientEndpointParameters = /* @__PURE__ */ __name((options) => { return Object.assign(options, { useDualstackEndpoint: options.useDualstackEndpoint ?? false, useFipsEndpoint: options.useFipsEndpoint ?? false, - defaultSigningName: "awsssoportal" + defaultSigningName: "sso-oauth" }); }, "resolveClientEndpointParameters"); var commonParams = { @@ -30874,15 +39396,15 @@ var commonParams = { UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" } }; -// src/SSOClient.ts -var import_runtimeConfig = __nccwpck_require__(1012); +// src/submodules/sso-oidc/SSOOIDCClient.ts +var import_runtimeConfig = __nccwpck_require__(5875); -// src/runtimeExtensions.ts +// src/submodules/sso-oidc/runtimeExtensions.ts var import_region_config_resolver = __nccwpck_require__(6976); var import_protocol_http = __nccwpck_require__(4418); var import_smithy_client = __nccwpck_require__(3570); -// src/auth/httpAuthExtensionConfiguration.ts +// src/submodules/sso-oidc/auth/httpAuthExtensionConfiguration.ts var getHttpAuthExtensionConfiguration = /* @__PURE__ */ __name((runtimeConfig) => { const _httpAuthSchemes = runtimeConfig.httpAuthSchemes; let _httpAuthSchemeProvider = runtimeConfig.httpAuthSchemeProvider; @@ -30921,7 +39443,7 @@ var resolveHttpAuthRuntimeConfig = /* @__PURE__ */ __name((config) => { }; }, "resolveHttpAuthRuntimeConfig"); -// src/runtimeExtensions.ts +// src/submodules/sso-oidc/runtimeExtensions.ts var resolveRuntimeExtensions = /* @__PURE__ */ __name((runtimeConfig, extensions) => { const extensionConfiguration = Object.assign( (0, import_region_config_resolver.getAwsRegionExtensionConfiguration)(runtimeConfig), @@ -30939,13 +39461,13 @@ var resolveRuntimeExtensions = /* @__PURE__ */ __name((runtimeConfig, extensions ); }, "resolveRuntimeExtensions"); -// src/SSOClient.ts -var SSOClient = class extends import_smithy_client.Client { +// src/submodules/sso-oidc/SSOOIDCClient.ts +var SSOOIDCClient = class extends import_smithy_client2.Client { static { - __name(this, "SSOClient"); + __name(this, "SSOOIDCClient"); } /** - * The resolved configuration of SSOClient class. This is resolved and normalized from the {@link SSOClientConfig | constructor configuration interface}. + * The resolved configuration of SSOOIDCClient class. This is resolved and normalized from the {@link SSOOIDCClientConfig | constructor configuration interface}. */ config; constructor(...[configuration]) { @@ -30969,7 +39491,7 @@ var SSOClient = class extends import_smithy_client.Client { this.middlewareStack.use((0, import_middleware_recursion_detection.getRecursionDetectionPlugin)(this.config)); this.middlewareStack.use( (0, import_core.getHttpAuthSchemeEndpointRuleSetPlugin)(this.config, { - httpAuthSchemeParametersProvider: import_httpAuthSchemeProvider.defaultSSOHttpAuthSchemeParametersProvider, + httpAuthSchemeParametersProvider: import_httpAuthSchemeProvider.defaultSSOOIDCHttpAuthSchemeParametersProvider, identityProviderConfigProvider: /* @__PURE__ */ __name(async (config) => new import_core.DefaultIdentityProviderConfig({ "aws.auth#sigv4": config.credentials }), "identityProviderConfigProvider") @@ -30987,39 +39509,251 @@ var SSOClient = class extends import_smithy_client.Client { } }; -// src/SSO.ts - - -// src/commands/GetRoleCredentialsCommand.ts +// src/submodules/sso-oidc/SSOOIDC.ts +var import_smithy_client7 = __nccwpck_require__(3570); +// src/submodules/sso-oidc/commands/CreateTokenCommand.ts +var import_middleware_endpoint2 = __nccwpck_require__(2918); var import_middleware_serde = __nccwpck_require__(1238); +var import_smithy_client6 = __nccwpck_require__(3570); +// src/submodules/sso-oidc/models/models_0.ts +var import_smithy_client4 = __nccwpck_require__(3570); -// src/models/models_0.ts - - -// src/models/SSOServiceException.ts - -var SSOServiceException = class _SSOServiceException extends import_smithy_client.ServiceException { +// src/submodules/sso-oidc/models/SSOOIDCServiceException.ts +var import_smithy_client3 = __nccwpck_require__(3570); +var SSOOIDCServiceException = class _SSOOIDCServiceException extends import_smithy_client3.ServiceException { static { - __name(this, "SSOServiceException"); + __name(this, "SSOOIDCServiceException"); } /** * @internal */ constructor(options) { super(options); - Object.setPrototypeOf(this, _SSOServiceException.prototype); + Object.setPrototypeOf(this, _SSOOIDCServiceException.prototype); } }; -// src/models/models_0.ts -var InvalidRequestException = class _InvalidRequestException extends SSOServiceException { +// src/submodules/sso-oidc/models/models_0.ts +var AccessDeniedException = class _AccessDeniedException extends SSOOIDCServiceException { + static { + __name(this, "AccessDeniedException"); + } + name = "AccessDeniedException"; + $fault = "client"; + /** + *Single error code. For this exception the value will be access_denied.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; + /** + * @internal + */ + constructor(opts) { + super({ + name: "AccessDeniedException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _AccessDeniedException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; + } +}; +var AuthorizationPendingException = class _AuthorizationPendingException extends SSOOIDCServiceException { + static { + __name(this, "AuthorizationPendingException"); + } + name = "AuthorizationPendingException"; + $fault = "client"; + /** + *Single error code. For this exception the value will be
+ * authorization_pending.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; + /** + * @internal + */ + constructor(opts) { + super({ + name: "AuthorizationPendingException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _AuthorizationPendingException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; + } +}; +var CreateTokenRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.clientSecret && { clientSecret: import_smithy_client4.SENSITIVE_STRING }, + ...obj.refreshToken && { refreshToken: import_smithy_client4.SENSITIVE_STRING }, + ...obj.codeVerifier && { codeVerifier: import_smithy_client4.SENSITIVE_STRING } +}), "CreateTokenRequestFilterSensitiveLog"); +var CreateTokenResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.accessToken && { accessToken: import_smithy_client4.SENSITIVE_STRING }, + ...obj.refreshToken && { refreshToken: import_smithy_client4.SENSITIVE_STRING }, + ...obj.idToken && { idToken: import_smithy_client4.SENSITIVE_STRING } +}), "CreateTokenResponseFilterSensitiveLog"); +var ExpiredTokenException = class _ExpiredTokenException extends SSOOIDCServiceException { + static { + __name(this, "ExpiredTokenException"); + } + name = "ExpiredTokenException"; + $fault = "client"; + /** + *Single error code. For this exception the value will be expired_token.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; + /** + * @internal + */ + constructor(opts) { + super({ + name: "ExpiredTokenException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _ExpiredTokenException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; + } +}; +var InternalServerException = class _InternalServerException extends SSOOIDCServiceException { + static { + __name(this, "InternalServerException"); + } + name = "InternalServerException"; + $fault = "server"; + /** + *Single error code. For this exception the value will be server_error.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; + /** + * @internal + */ + constructor(opts) { + super({ + name: "InternalServerException", + $fault: "server", + ...opts + }); + Object.setPrototypeOf(this, _InternalServerException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; + } +}; +var InvalidClientException = class _InvalidClientException extends SSOOIDCServiceException { + static { + __name(this, "InvalidClientException"); + } + name = "InvalidClientException"; + $fault = "client"; + /** + *Single error code. For this exception the value will be
+ * invalid_client.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; + /** + * @internal + */ + constructor(opts) { + super({ + name: "InvalidClientException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _InvalidClientException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; + } +}; +var InvalidGrantException = class _InvalidGrantException extends SSOOIDCServiceException { + static { + __name(this, "InvalidGrantException"); + } + name = "InvalidGrantException"; + $fault = "client"; + /** + *Single error code. For this exception the value will be invalid_grant.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; + /** + * @internal + */ + constructor(opts) { + super({ + name: "InvalidGrantException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _InvalidGrantException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; + } +}; +var InvalidRequestException = class _InvalidRequestException extends SSOOIDCServiceException { static { __name(this, "InvalidRequestException"); } name = "InvalidRequestException"; $fault = "client"; + /** + *Single error code. For this exception the value will be
+ * invalid_request.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; /** * @internal */ @@ -31030,199 +39764,182 @@ var InvalidRequestException = class _InvalidRequestException extends SSOServiceE ...opts }); Object.setPrototypeOf(this, _InvalidRequestException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; } }; -var ResourceNotFoundException = class _ResourceNotFoundException extends SSOServiceException { +var InvalidScopeException = class _InvalidScopeException extends SSOOIDCServiceException { static { - __name(this, "ResourceNotFoundException"); + __name(this, "InvalidScopeException"); } - name = "ResourceNotFoundException"; + name = "InvalidScopeException"; + $fault = "client"; + /** + *Single error code. For this exception the value will be invalid_scope.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; + /** + * @internal + */ + constructor(opts) { + super({ + name: "InvalidScopeException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _InvalidScopeException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; + } +}; +var SlowDownException = class _SlowDownException extends SSOOIDCServiceException { + static { + __name(this, "SlowDownException"); + } + name = "SlowDownException"; $fault = "client"; + /** + *Single error code. For this exception the value will be slow_down.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; /** * @internal */ constructor(opts) { super({ - name: "ResourceNotFoundException", + name: "SlowDownException", $fault: "client", ...opts }); - Object.setPrototypeOf(this, _ResourceNotFoundException.prototype); + Object.setPrototypeOf(this, _SlowDownException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; } }; -var TooManyRequestsException = class _TooManyRequestsException extends SSOServiceException { +var UnauthorizedClientException = class _UnauthorizedClientException extends SSOOIDCServiceException { static { - __name(this, "TooManyRequestsException"); + __name(this, "UnauthorizedClientException"); } - name = "TooManyRequestsException"; + name = "UnauthorizedClientException"; $fault = "client"; + /** + *Single error code. For this exception the value will be
+ * unauthorized_client.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; /** * @internal */ constructor(opts) { super({ - name: "TooManyRequestsException", + name: "UnauthorizedClientException", $fault: "client", ...opts }); - Object.setPrototypeOf(this, _TooManyRequestsException.prototype); + Object.setPrototypeOf(this, _UnauthorizedClientException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; } }; -var UnauthorizedException = class _UnauthorizedException extends SSOServiceException { +var UnsupportedGrantTypeException = class _UnsupportedGrantTypeException extends SSOOIDCServiceException { static { - __name(this, "UnauthorizedException"); + __name(this, "UnsupportedGrantTypeException"); } - name = "UnauthorizedException"; + name = "UnsupportedGrantTypeException"; $fault = "client"; + /** + *Single error code. For this exception the value will be
+ * unsupported_grant_type.
Human-readable text providing additional information, used to assist the client developer + * in understanding the error that occurred.
+ * @public + */ + error_description; /** * @internal */ constructor(opts) { super({ - name: "UnauthorizedException", + name: "UnsupportedGrantTypeException", $fault: "client", ...opts }); - Object.setPrototypeOf(this, _UnauthorizedException.prototype); + Object.setPrototypeOf(this, _UnsupportedGrantTypeException.prototype); + this.error = opts.error; + this.error_description = opts.error_description; } }; -var GetRoleCredentialsRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.accessToken && { accessToken: import_smithy_client.SENSITIVE_STRING } -}), "GetRoleCredentialsRequestFilterSensitiveLog"); -var RoleCredentialsFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.secretAccessKey && { secretAccessKey: import_smithy_client.SENSITIVE_STRING }, - ...obj.sessionToken && { sessionToken: import_smithy_client.SENSITIVE_STRING } -}), "RoleCredentialsFilterSensitiveLog"); -var GetRoleCredentialsResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.roleCredentials && { roleCredentials: RoleCredentialsFilterSensitiveLog(obj.roleCredentials) } -}), "GetRoleCredentialsResponseFilterSensitiveLog"); -var ListAccountRolesRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.accessToken && { accessToken: import_smithy_client.SENSITIVE_STRING } -}), "ListAccountRolesRequestFilterSensitiveLog"); -var ListAccountsRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.accessToken && { accessToken: import_smithy_client.SENSITIVE_STRING } -}), "ListAccountsRequestFilterSensitiveLog"); -var LogoutRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.accessToken && { accessToken: import_smithy_client.SENSITIVE_STRING } -}), "LogoutRequestFilterSensitiveLog"); -// src/protocols/Aws_restJson1.ts +// src/submodules/sso-oidc/protocols/Aws_restJson1.ts var import_core2 = __nccwpck_require__(2143); - - -var se_GetRoleCredentialsCommand = /* @__PURE__ */ __name(async (input, context) => { - const b = (0, import_core.requestBuilder)(input, context); - const headers = (0, import_smithy_client.map)({}, import_smithy_client.isSerializableHeaderValue, { - [_xasbt]: input[_aT] - }); - b.bp("/federation/credentials"); - const query = (0, import_smithy_client.map)({ - [_rn]: [, (0, import_smithy_client.expectNonNull)(input[_rN], `roleName`)], - [_ai]: [, (0, import_smithy_client.expectNonNull)(input[_aI], `accountId`)] - }); - let body; - b.m("GET").h(headers).q(query).b(body); - return b.build(); -}, "se_GetRoleCredentialsCommand"); -var se_ListAccountRolesCommand = /* @__PURE__ */ __name(async (input, context) => { - const b = (0, import_core.requestBuilder)(input, context); - const headers = (0, import_smithy_client.map)({}, import_smithy_client.isSerializableHeaderValue, { - [_xasbt]: input[_aT] - }); - b.bp("/assignment/roles"); - const query = (0, import_smithy_client.map)({ - [_nt]: [, input[_nT]], - [_mr]: [() => input.maxResults !== void 0, () => input[_mR].toString()], - [_ai]: [, (0, import_smithy_client.expectNonNull)(input[_aI], `accountId`)] - }); - let body; - b.m("GET").h(headers).q(query).b(body); - return b.build(); -}, "se_ListAccountRolesCommand"); -var se_ListAccountsCommand = /* @__PURE__ */ __name(async (input, context) => { - const b = (0, import_core.requestBuilder)(input, context); - const headers = (0, import_smithy_client.map)({}, import_smithy_client.isSerializableHeaderValue, { - [_xasbt]: input[_aT] - }); - b.bp("/assignment/accounts"); - const query = (0, import_smithy_client.map)({ - [_nt]: [, input[_nT]], - [_mr]: [() => input.maxResults !== void 0, () => input[_mR].toString()] - }); - let body; - b.m("GET").h(headers).q(query).b(body); - return b.build(); -}, "se_ListAccountsCommand"); -var se_LogoutCommand = /* @__PURE__ */ __name(async (input, context) => { - const b = (0, import_core.requestBuilder)(input, context); - const headers = (0, import_smithy_client.map)({}, import_smithy_client.isSerializableHeaderValue, { - [_xasbt]: input[_aT] - }); - b.bp("/logout"); +var import_core3 = __nccwpck_require__(5829); +var import_smithy_client5 = __nccwpck_require__(3570); +var se_CreateTokenCommand = /* @__PURE__ */ __name(async (input, context) => { + const b = (0, import_core3.requestBuilder)(input, context); + const headers = { + "content-type": "application/json" + }; + b.bp("/token"); let body; + body = JSON.stringify( + (0, import_smithy_client5.take)(input, { + clientId: [], + clientSecret: [], + code: [], + codeVerifier: [], + deviceCode: [], + grantType: [], + redirectUri: [], + refreshToken: [], + scope: /* @__PURE__ */ __name((_) => (0, import_smithy_client5._json)(_), "scope") + }) + ); b.m("POST").h(headers).b(body); return b.build(); -}, "se_LogoutCommand"); -var de_GetRoleCredentialsCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode !== 200 && output.statusCode >= 300) { - return de_CommandError(output, context); - } - const contents = (0, import_smithy_client.map)({ - $metadata: deserializeMetadata(output) - }); - const data = (0, import_smithy_client.expectNonNull)((0, import_smithy_client.expectObject)(await (0, import_core2.parseJsonBody)(output.body, context)), "body"); - const doc = (0, import_smithy_client.take)(data, { - roleCredentials: import_smithy_client._json - }); - Object.assign(contents, doc); - return contents; -}, "de_GetRoleCredentialsCommand"); -var de_ListAccountRolesCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode !== 200 && output.statusCode >= 300) { - return de_CommandError(output, context); - } - const contents = (0, import_smithy_client.map)({ - $metadata: deserializeMetadata(output) - }); - const data = (0, import_smithy_client.expectNonNull)((0, import_smithy_client.expectObject)(await (0, import_core2.parseJsonBody)(output.body, context)), "body"); - const doc = (0, import_smithy_client.take)(data, { - nextToken: import_smithy_client.expectString, - roleList: import_smithy_client._json - }); - Object.assign(contents, doc); - return contents; -}, "de_ListAccountRolesCommand"); -var de_ListAccountsCommand = /* @__PURE__ */ __name(async (output, context) => { +}, "se_CreateTokenCommand"); +var de_CreateTokenCommand = /* @__PURE__ */ __name(async (output, context) => { if (output.statusCode !== 200 && output.statusCode >= 300) { return de_CommandError(output, context); } - const contents = (0, import_smithy_client.map)({ + const contents = (0, import_smithy_client5.map)({ $metadata: deserializeMetadata(output) }); - const data = (0, import_smithy_client.expectNonNull)((0, import_smithy_client.expectObject)(await (0, import_core2.parseJsonBody)(output.body, context)), "body"); - const doc = (0, import_smithy_client.take)(data, { - accountList: import_smithy_client._json, - nextToken: import_smithy_client.expectString + const data = (0, import_smithy_client5.expectNonNull)((0, import_smithy_client5.expectObject)(await (0, import_core2.parseJsonBody)(output.body, context)), "body"); + const doc = (0, import_smithy_client5.take)(data, { + accessToken: import_smithy_client5.expectString, + expiresIn: import_smithy_client5.expectInt32, + idToken: import_smithy_client5.expectString, + refreshToken: import_smithy_client5.expectString, + tokenType: import_smithy_client5.expectString }); Object.assign(contents, doc); return contents; -}, "de_ListAccountsCommand"); -var de_LogoutCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode !== 200 && output.statusCode >= 300) { - return de_CommandError(output, context); - } - const contents = (0, import_smithy_client.map)({ - $metadata: deserializeMetadata(output) - }); - await (0, import_smithy_client.collectBody)(output.body, context); - return contents; -}, "de_LogoutCommand"); +}, "de_CreateTokenCommand"); var de_CommandError = /* @__PURE__ */ __name(async (output, context) => { const parsedOutput = { ...output, @@ -31230,18 +39947,39 @@ var de_CommandError = /* @__PURE__ */ __name(async (output, context) => { }; const errorCode = (0, import_core2.loadRestJsonErrorCode)(output, parsedOutput.body); switch (errorCode) { + case "AccessDeniedException": + case "com.amazonaws.ssooidc#AccessDeniedException": + throw await de_AccessDeniedExceptionRes(parsedOutput, context); + case "AuthorizationPendingException": + case "com.amazonaws.ssooidc#AuthorizationPendingException": + throw await de_AuthorizationPendingExceptionRes(parsedOutput, context); + case "ExpiredTokenException": + case "com.amazonaws.ssooidc#ExpiredTokenException": + throw await de_ExpiredTokenExceptionRes(parsedOutput, context); + case "InternalServerException": + case "com.amazonaws.ssooidc#InternalServerException": + throw await de_InternalServerExceptionRes(parsedOutput, context); + case "InvalidClientException": + case "com.amazonaws.ssooidc#InvalidClientException": + throw await de_InvalidClientExceptionRes(parsedOutput, context); + case "InvalidGrantException": + case "com.amazonaws.ssooidc#InvalidGrantException": + throw await de_InvalidGrantExceptionRes(parsedOutput, context); case "InvalidRequestException": - case "com.amazonaws.sso#InvalidRequestException": + case "com.amazonaws.ssooidc#InvalidRequestException": throw await de_InvalidRequestExceptionRes(parsedOutput, context); - case "ResourceNotFoundException": - case "com.amazonaws.sso#ResourceNotFoundException": - throw await de_ResourceNotFoundExceptionRes(parsedOutput, context); - case "TooManyRequestsException": - case "com.amazonaws.sso#TooManyRequestsException": - throw await de_TooManyRequestsExceptionRes(parsedOutput, context); - case "UnauthorizedException": - case "com.amazonaws.sso#UnauthorizedException": - throw await de_UnauthorizedExceptionRes(parsedOutput, context); + case "InvalidScopeException": + case "com.amazonaws.ssooidc#InvalidScopeException": + throw await de_InvalidScopeExceptionRes(parsedOutput, context); + case "SlowDownException": + case "com.amazonaws.ssooidc#SlowDownException": + throw await de_SlowDownExceptionRes(parsedOutput, context); + case "UnauthorizedClientException": + case "com.amazonaws.ssooidc#UnauthorizedClientException": + throw await de_UnauthorizedClientExceptionRes(parsedOutput, context); + case "UnsupportedGrantTypeException": + case "com.amazonaws.ssooidc#UnsupportedGrantTypeException": + throw await de_UnsupportedGrantTypeExceptionRes(parsedOutput, context); default: const parsedBody = parsedOutput.body; return throwDefaultError({ @@ -31251,163 +39989,197 @@ var de_CommandError = /* @__PURE__ */ __name(async (output, context) => { }); } }, "de_CommandError"); -var throwDefaultError = (0, import_smithy_client.withBaseException)(SSOServiceException); +var throwDefaultError = (0, import_smithy_client5.withBaseException)(SSOOIDCServiceException); +var de_AccessDeniedExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + const exception = new AccessDeniedException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_AccessDeniedExceptionRes"); +var de_AuthorizationPendingExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + const exception = new AuthorizationPendingException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_AuthorizationPendingExceptionRes"); +var de_ExpiredTokenExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + const exception = new ExpiredTokenException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_ExpiredTokenExceptionRes"); +var de_InternalServerExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + const exception = new InternalServerException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_InternalServerExceptionRes"); +var de_InvalidClientExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + const exception = new InvalidClientException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_InvalidClientExceptionRes"); +var de_InvalidGrantExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + const exception = new InvalidGrantException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_InvalidGrantExceptionRes"); var de_InvalidRequestExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client.map)({}); + const contents = (0, import_smithy_client5.map)({}); const data = parsedOutput.body; - const doc = (0, import_smithy_client.take)(data, { - message: import_smithy_client.expectString + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString }); Object.assign(contents, doc); const exception = new InvalidRequestException({ $metadata: deserializeMetadata(parsedOutput), ...contents }); - return (0, import_smithy_client.decorateServiceException)(exception, parsedOutput.body); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); }, "de_InvalidRequestExceptionRes"); -var de_ResourceNotFoundExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client.map)({}); +var de_InvalidScopeExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); const data = parsedOutput.body; - const doc = (0, import_smithy_client.take)(data, { - message: import_smithy_client.expectString + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString }); Object.assign(contents, doc); - const exception = new ResourceNotFoundException({ + const exception = new InvalidScopeException({ $metadata: deserializeMetadata(parsedOutput), ...contents }); - return (0, import_smithy_client.decorateServiceException)(exception, parsedOutput.body); -}, "de_ResourceNotFoundExceptionRes"); -var de_TooManyRequestsExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client.map)({}); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_InvalidScopeExceptionRes"); +var de_SlowDownExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); const data = parsedOutput.body; - const doc = (0, import_smithy_client.take)(data, { - message: import_smithy_client.expectString + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString }); Object.assign(contents, doc); - const exception = new TooManyRequestsException({ + const exception = new SlowDownException({ $metadata: deserializeMetadata(parsedOutput), ...contents }); - return (0, import_smithy_client.decorateServiceException)(exception, parsedOutput.body); -}, "de_TooManyRequestsExceptionRes"); -var de_UnauthorizedExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client.map)({}); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_SlowDownExceptionRes"); +var de_UnauthorizedClientExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); const data = parsedOutput.body; - const doc = (0, import_smithy_client.take)(data, { - message: import_smithy_client.expectString + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString }); Object.assign(contents, doc); - const exception = new UnauthorizedException({ + const exception = new UnauthorizedClientException({ $metadata: deserializeMetadata(parsedOutput), ...contents }); - return (0, import_smithy_client.decorateServiceException)(exception, parsedOutput.body); -}, "de_UnauthorizedExceptionRes"); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_UnauthorizedClientExceptionRes"); +var de_UnsupportedGrantTypeExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const contents = (0, import_smithy_client5.map)({}); + const data = parsedOutput.body; + const doc = (0, import_smithy_client5.take)(data, { + error: import_smithy_client5.expectString, + error_description: import_smithy_client5.expectString + }); + Object.assign(contents, doc); + const exception = new UnsupportedGrantTypeException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents + }); + return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); +}, "de_UnsupportedGrantTypeExceptionRes"); var deserializeMetadata = /* @__PURE__ */ __name((output) => ({ httpStatusCode: output.statusCode, requestId: output.headers["x-amzn-requestid"] ?? output.headers["x-amzn-request-id"] ?? output.headers["x-amz-request-id"], extendedRequestId: output.headers["x-amz-id-2"], cfId: output.headers["x-amz-cf-id"] }), "deserializeMetadata"); -var _aI = "accountId"; -var _aT = "accessToken"; -var _ai = "account_id"; -var _mR = "maxResults"; -var _mr = "max_result"; -var _nT = "nextToken"; -var _nt = "next_token"; -var _rN = "roleName"; -var _rn = "role_name"; -var _xasbt = "x-amz-sso_bearer_token"; - -// src/commands/GetRoleCredentialsCommand.ts -var GetRoleCredentialsCommand = class extends import_smithy_client.Command.classBuilder().ep(commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("SWBPortalService", "GetRoleCredentials", {}).n("SSOClient", "GetRoleCredentialsCommand").f(GetRoleCredentialsRequestFilterSensitiveLog, GetRoleCredentialsResponseFilterSensitiveLog).ser(se_GetRoleCredentialsCommand).de(de_GetRoleCredentialsCommand).build() { - static { - __name(this, "GetRoleCredentialsCommand"); - } -}; - -// src/commands/ListAccountRolesCommand.ts - - - -var ListAccountRolesCommand = class extends import_smithy_client.Command.classBuilder().ep(commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("SWBPortalService", "ListAccountRoles", {}).n("SSOClient", "ListAccountRolesCommand").f(ListAccountRolesRequestFilterSensitiveLog, void 0).ser(se_ListAccountRolesCommand).de(de_ListAccountRolesCommand).build() { - static { - __name(this, "ListAccountRolesCommand"); - } -}; -// src/commands/ListAccountsCommand.ts - - - -var ListAccountsCommand = class extends import_smithy_client.Command.classBuilder().ep(commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("SWBPortalService", "ListAccounts", {}).n("SSOClient", "ListAccountsCommand").f(ListAccountsRequestFilterSensitiveLog, void 0).ser(se_ListAccountsCommand).de(de_ListAccountsCommand).build() { - static { - __name(this, "ListAccountsCommand"); - } -}; - -// src/commands/LogoutCommand.ts - - - -var LogoutCommand = class extends import_smithy_client.Command.classBuilder().ep(commonParams).m(function(Command, cs, config, o) { +// src/submodules/sso-oidc/commands/CreateTokenCommand.ts +var CreateTokenCommand = class extends import_smithy_client6.Command.classBuilder().ep(commonParams).m(function(Command, cs, config, o) { return [ (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) + (0, import_middleware_endpoint2.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) ]; -}).s("SWBPortalService", "Logout", {}).n("SSOClient", "LogoutCommand").f(LogoutRequestFilterSensitiveLog, void 0).ser(se_LogoutCommand).de(de_LogoutCommand).build() { +}).s("AWSSSOOIDCService", "CreateToken", {}).n("SSOOIDCClient", "CreateTokenCommand").f(CreateTokenRequestFilterSensitiveLog, CreateTokenResponseFilterSensitiveLog).ser(se_CreateTokenCommand).de(de_CreateTokenCommand).build() { static { - __name(this, "LogoutCommand"); + __name(this, "CreateTokenCommand"); } }; -// src/SSO.ts +// src/submodules/sso-oidc/SSOOIDC.ts var commands = { - GetRoleCredentialsCommand, - ListAccountRolesCommand, - ListAccountsCommand, - LogoutCommand + CreateTokenCommand }; -var SSO = class extends SSOClient { +var SSOOIDC = class extends SSOOIDCClient { static { - __name(this, "SSO"); + __name(this, "SSOOIDC"); } }; -(0, import_smithy_client.createAggregatedClient)(commands, SSO); - -// src/pagination/ListAccountRolesPaginator.ts - -var paginateListAccountRoles = (0, import_core.createPaginator)(SSOClient, ListAccountRolesCommand, "nextToken", "nextToken", "maxResults"); - -// src/pagination/ListAccountsPaginator.ts - -var paginateListAccounts = (0, import_core.createPaginator)(SSOClient, ListAccountsCommand, "nextToken", "nextToken", "maxResults"); +(0, import_smithy_client7.createAggregatedClient)(commands, SSOOIDC); // Annotate the CommonJS export names for ESM import in node: - 0 && (0); - /***/ }), -/***/ 1012: +/***/ 5875: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; @@ -31415,7 +40187,7 @@ var paginateListAccounts = (0, import_core.createPaginator)(SSOClient, ListAccou Object.defineProperty(exports, "__esModule", ({ value: true })); exports.getRuntimeConfig = void 0; const tslib_1 = __nccwpck_require__(4351); -const package_json_1 = tslib_1.__importDefault(__nccwpck_require__(4665)); +const package_json_1 = tslib_1.__importDefault(__nccwpck_require__(4178)); const core_1 = __nccwpck_require__(2143); const util_user_agent_node_1 = __nccwpck_require__(7330); const config_resolver_1 = __nccwpck_require__(3098); @@ -31425,7 +40197,7 @@ const node_config_provider_1 = __nccwpck_require__(3461); const node_http_handler_1 = __nccwpck_require__(258); const util_body_length_node_1 = __nccwpck_require__(8075); const util_retry_1 = __nccwpck_require__(4902); -const runtimeConfig_shared_1 = __nccwpck_require__(7369); +const runtimeConfig_shared_1 = __nccwpck_require__(3695); const smithy_client_1 = __nccwpck_require__(3570); const util_defaults_mode_node_1 = __nccwpck_require__(2429); const smithy_client_2 = __nccwpck_require__(3570); @@ -31469,7 +40241,7 @@ exports.getRuntimeConfig = getRuntimeConfig; /***/ }), -/***/ 7369: +/***/ 3695: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; @@ -31482,8 +40254,8 @@ const smithy_client_1 = __nccwpck_require__(3570); const url_parser_1 = __nccwpck_require__(4681); const util_base64_1 = __nccwpck_require__(5600); const util_utf8_1 = __nccwpck_require__(1895); -const httpAuthSchemeProvider_1 = __nccwpck_require__(6555); -const endpointResolver_1 = __nccwpck_require__(3584); +const httpAuthSchemeProvider_1 = __nccwpck_require__(9002); +const endpointResolver_1 = __nccwpck_require__(8012); const getRuntimeConfig = (config) => { return { apiVersion: "2019-06-10", @@ -31492,7 +40264,7 @@ const getRuntimeConfig = (config) => { disableHostPrefix: config?.disableHostPrefix ?? false, endpointProvider: config?.endpointProvider ?? endpointResolver_1.defaultEndpointResolver, extensions: config?.extensions ?? [], - httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? httpAuthSchemeProvider_1.defaultSSOHttpAuthSchemeProvider, + httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? httpAuthSchemeProvider_1.defaultSSOOIDCHttpAuthSchemeProvider, httpAuthSchemes: config?.httpAuthSchemes ?? [ { schemeId: "aws.auth#sigv4", @@ -31506,7 +40278,7 @@ const getRuntimeConfig = (config) => { }, ], logger: config?.logger ?? new smithy_client_1.NoOpLogger(), - serviceId: config?.serviceId ?? "SSO", + serviceId: config?.serviceId ?? "SSO OIDC", urlParser: config?.urlParser ?? url_parser_1.parseUrl, utf8Decoder: config?.utf8Decoder ?? util_utf8_1.fromUtf8, utf8Encoder: config?.utf8Encoder ?? util_utf8_1.toUtf8, @@ -31517,501 +40289,256 @@ exports.getRuntimeConfig = getRuntimeConfig; /***/ }), -/***/ 2143: +/***/ 6878: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; Object.defineProperty(exports, "__esModule", ({ value: true })); -const tslib_1 = __nccwpck_require__(4351); -tslib_1.__exportStar(__nccwpck_require__(6510), exports); -tslib_1.__exportStar(__nccwpck_require__(3017), exports); -tslib_1.__exportStar(__nccwpck_require__(5743), exports); - - -/***/ }), - -/***/ 6510: -/***/ ((module) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/submodules/client/index.ts -var index_exports = {}; -__export(index_exports, { - emitWarningIfUnsupportedVersion: () => emitWarningIfUnsupportedVersion, - setCredentialFeature: () => setCredentialFeature, - setFeature: () => setFeature, - setTokenFeature: () => setTokenFeature, - state: () => state -}); -module.exports = __toCommonJS(index_exports); - -// src/submodules/client/emitWarningIfUnsupportedVersion.ts -var state = { - warningEmitted: false -}; -var emitWarningIfUnsupportedVersion = /* @__PURE__ */ __name((version) => { - if (version && !state.warningEmitted && parseInt(version.substring(1, version.indexOf("."))) < 18) { - state.warningEmitted = true; - process.emitWarning( - `NodeDeprecationWarning: The AWS SDK for JavaScript (v3) will -no longer support Node.js 16.x on January 6, 2025. - -To continue receiving updates to AWS services, bug fixes, and security -updates please upgrade to a supported Node.js LTS version. - -More information can be found at: https://a.co/74kJMmI` - ); - } -}, "emitWarningIfUnsupportedVersion"); - -// src/submodules/client/setCredentialFeature.ts -function setCredentialFeature(credentials, feature, value) { - if (!credentials.$source) { - credentials.$source = {}; - } - credentials.$source[feature] = value; - return credentials; -} -__name(setCredentialFeature, "setCredentialFeature"); - -// src/submodules/client/setFeature.ts -function setFeature(context, feature, value) { - if (!context.__aws_sdk_context) { - context.__aws_sdk_context = { - features: {} - }; - } else if (!context.__aws_sdk_context.features) { - context.__aws_sdk_context.features = {}; - } - context.__aws_sdk_context.features[feature] = value; -} -__name(setFeature, "setFeature"); - -// src/submodules/client/setTokenFeature.ts -function setTokenFeature(token, feature, value) { - if (!token.$source) { - token.$source = {}; - } - token.$source[feature] = value; - return token; -} -__name(setTokenFeature, "setTokenFeature"); -// Annotate the CommonJS export names for ESM import in node: -0 && (0); - - -/***/ }), - -/***/ 3017: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/submodules/httpAuthSchemes/index.ts -var index_exports = {}; -__export(index_exports, { - AWSSDKSigV4Signer: () => AWSSDKSigV4Signer, - AwsSdkSigV4ASigner: () => AwsSdkSigV4ASigner, - AwsSdkSigV4Signer: () => AwsSdkSigV4Signer, - NODE_AUTH_SCHEME_PREFERENCE_OPTIONS: () => NODE_AUTH_SCHEME_PREFERENCE_OPTIONS, - NODE_SIGV4A_CONFIG_OPTIONS: () => NODE_SIGV4A_CONFIG_OPTIONS, - getBearerTokenEnvKey: () => getBearerTokenEnvKey, - resolveAWSSDKSigV4Config: () => resolveAWSSDKSigV4Config, - resolveAwsSdkSigV4AConfig: () => resolveAwsSdkSigV4AConfig, - resolveAwsSdkSigV4Config: () => resolveAwsSdkSigV4Config, - validateSigningProperties: () => validateSigningProperties -}); -module.exports = __toCommonJS(index_exports); - -// src/submodules/httpAuthSchemes/aws_sdk/AwsSdkSigV4Signer.ts -var import_protocol_http2 = __nccwpck_require__(4418); - -// src/submodules/httpAuthSchemes/utils/getDateHeader.ts -var import_protocol_http = __nccwpck_require__(4418); -var getDateHeader = /* @__PURE__ */ __name((response) => import_protocol_http.HttpResponse.isInstance(response) ? response.headers?.date ?? response.headers?.Date : void 0, "getDateHeader"); - -// src/submodules/httpAuthSchemes/utils/getSkewCorrectedDate.ts -var getSkewCorrectedDate = /* @__PURE__ */ __name((systemClockOffset) => new Date(Date.now() + systemClockOffset), "getSkewCorrectedDate"); - -// src/submodules/httpAuthSchemes/utils/isClockSkewed.ts -var isClockSkewed = /* @__PURE__ */ __name((clockTime, systemClockOffset) => Math.abs(getSkewCorrectedDate(systemClockOffset).getTime() - clockTime) >= 3e5, "isClockSkewed"); - -// src/submodules/httpAuthSchemes/utils/getUpdatedSystemClockOffset.ts -var getUpdatedSystemClockOffset = /* @__PURE__ */ __name((clockTime, currentSystemClockOffset) => { - const clockTimeInMs = Date.parse(clockTime); - if (isClockSkewed(clockTimeInMs, currentSystemClockOffset)) { - return clockTimeInMs - Date.now(); - } - return currentSystemClockOffset; -}, "getUpdatedSystemClockOffset"); - -// src/submodules/httpAuthSchemes/aws_sdk/AwsSdkSigV4Signer.ts -var throwSigningPropertyError = /* @__PURE__ */ __name((name, property) => { - if (!property) { - throw new Error(`Property \`${name}\` is not resolved for AWS SDK SigV4Auth`); - } - return property; -}, "throwSigningPropertyError"); -var validateSigningProperties = /* @__PURE__ */ __name(async (signingProperties) => { - const context = throwSigningPropertyError( - "context", - signingProperties.context - ); - const config = throwSigningPropertyError("config", signingProperties.config); - const authScheme = context.endpointV2?.properties?.authSchemes?.[0]; - const signerFunction = throwSigningPropertyError( - "signer", - config.signer - ); - const signer = await signerFunction(authScheme); - const signingRegion = signingProperties?.signingRegion; - const signingRegionSet = signingProperties?.signingRegionSet; - const signingName = signingProperties?.signingName; - return { - config, - signer, - signingRegion, - signingRegionSet, - signingName - }; -}, "validateSigningProperties"); -var AwsSdkSigV4Signer = class { - static { - __name(this, "AwsSdkSigV4Signer"); - } - async sign(httpRequest, identity, signingProperties) { - if (!import_protocol_http2.HttpRequest.isInstance(httpRequest)) { - throw new Error("The request is not an instance of `HttpRequest` and cannot be signed"); - } - const validatedProps = await validateSigningProperties(signingProperties); - const { config, signer } = validatedProps; - let { signingRegion, signingName } = validatedProps; - const handlerExecutionContext = signingProperties.context; - if (handlerExecutionContext?.authSchemes?.length ?? 0 > 1) { - const [first, second] = handlerExecutionContext.authSchemes; - if (first?.name === "sigv4a" && second?.name === "sigv4") { - signingRegion = second?.signingRegion ?? signingRegion; - signingName = second?.signingName ?? signingName; - } - } - const signedRequest = await signer.sign(httpRequest, { - signingDate: getSkewCorrectedDate(config.systemClockOffset), - signingRegion, - signingService: signingName - }); - return signedRequest; - } - errorHandler(signingProperties) { - return (error) => { - const serverTime = error.ServerTime ?? getDateHeader(error.$response); - if (serverTime) { - const config = throwSigningPropertyError("config", signingProperties.config); - const initialSystemClockOffset = config.systemClockOffset; - config.systemClockOffset = getUpdatedSystemClockOffset(serverTime, config.systemClockOffset); - const clockSkewCorrected = config.systemClockOffset !== initialSystemClockOffset; - if (clockSkewCorrected && error.$metadata) { - error.$metadata.clockSkewCorrected = true; - } - } - throw error; - }; - } - successHandler(httpResponse, signingProperties) { - const dateHeader = getDateHeader(httpResponse); - if (dateHeader) { - const config = throwSigningPropertyError("config", signingProperties.config); - config.systemClockOffset = getUpdatedSystemClockOffset(dateHeader, config.systemClockOffset); - } - } -}; -var AWSSDKSigV4Signer = AwsSdkSigV4Signer; - -// src/submodules/httpAuthSchemes/aws_sdk/AwsSdkSigV4ASigner.ts -var import_protocol_http3 = __nccwpck_require__(4418); -var AwsSdkSigV4ASigner = class extends AwsSdkSigV4Signer { - static { - __name(this, "AwsSdkSigV4ASigner"); - } - async sign(httpRequest, identity, signingProperties) { - if (!import_protocol_http3.HttpRequest.isInstance(httpRequest)) { - throw new Error("The request is not an instance of `HttpRequest` and cannot be signed"); - } - const { config, signer, signingRegion, signingRegionSet, signingName } = await validateSigningProperties( - signingProperties - ); - const configResolvedSigningRegionSet = await config.sigv4aSigningRegionSet?.(); - const multiRegionOverride = (configResolvedSigningRegionSet ?? signingRegionSet ?? [signingRegion]).join(","); - const signedRequest = await signer.sign(httpRequest, { - signingDate: getSkewCorrectedDate(config.systemClockOffset), - signingRegion: multiRegionOverride, - signingService: signingName - }); - return signedRequest; - } -}; - -// src/submodules/httpAuthSchemes/utils/getArrayForCommaSeparatedString.ts -var getArrayForCommaSeparatedString = /* @__PURE__ */ __name((str) => typeof str === "string" && str.length > 0 ? str.split(",").map((item) => item.trim()) : [], "getArrayForCommaSeparatedString"); - -// src/submodules/httpAuthSchemes/utils/getBearerTokenEnvKey.ts -var getBearerTokenEnvKey = /* @__PURE__ */ __name((signingName) => `AWS_BEARER_TOKEN_${signingName.replace(/[\s-]/g, "_").toUpperCase()}`, "getBearerTokenEnvKey"); - -// src/submodules/httpAuthSchemes/aws_sdk/NODE_AUTH_SCHEME_PREFERENCE_OPTIONS.ts -var NODE_AUTH_SCHEME_PREFERENCE_ENV_KEY = "AWS_AUTH_SCHEME_PREFERENCE"; -var NODE_AUTH_SCHEME_PREFERENCE_CONFIG_KEY = "auth_scheme_preference"; -var NODE_AUTH_SCHEME_PREFERENCE_OPTIONS = { - /** - * Retrieves auth scheme preference from environment variables - * @param env - Node process environment object - * @returns Array of auth scheme strings if preference is set, undefined otherwise - */ - environmentVariableSelector: /* @__PURE__ */ __name((env, options) => { - if (options?.signingName) { - const bearerTokenKey = getBearerTokenEnvKey(options.signingName); - if (bearerTokenKey in env) return ["httpBearerAuth"]; - } - if (!(NODE_AUTH_SCHEME_PREFERENCE_ENV_KEY in env)) return void 0; - return getArrayForCommaSeparatedString(env[NODE_AUTH_SCHEME_PREFERENCE_ENV_KEY]); - }, "environmentVariableSelector"), - /** - * Retrieves auth scheme preference from config file - * @param profile - Config profile object - * @returns Array of auth scheme strings if preference is set, undefined otherwise - */ - configFileSelector: /* @__PURE__ */ __name((profile) => { - if (!(NODE_AUTH_SCHEME_PREFERENCE_CONFIG_KEY in profile)) return void 0; - return getArrayForCommaSeparatedString(profile[NODE_AUTH_SCHEME_PREFERENCE_CONFIG_KEY]); - }, "configFileSelector"), - /** - * Default auth scheme preference if not specified in environment or config - */ - default: [] -}; - -// src/submodules/httpAuthSchemes/aws_sdk/resolveAwsSdkSigV4AConfig.ts -var import_core = __nccwpck_require__(5829); -var import_property_provider = __nccwpck_require__(9721); -var resolveAwsSdkSigV4AConfig = /* @__PURE__ */ __name((config) => { - config.sigv4aSigningRegionSet = (0, import_core.normalizeProvider)(config.sigv4aSigningRegionSet); - return config; -}, "resolveAwsSdkSigV4AConfig"); -var NODE_SIGV4A_CONFIG_OPTIONS = { - environmentVariableSelector(env) { - if (env.AWS_SIGV4A_SIGNING_REGION_SET) { - return env.AWS_SIGV4A_SIGNING_REGION_SET.split(",").map((_) => _.trim()); - } - throw new import_property_provider.ProviderError("AWS_SIGV4A_SIGNING_REGION_SET not set in env.", { - tryNextLink: true - }); - }, - configFileSelector(profile) { - if (profile.sigv4a_signing_region_set) { - return (profile.sigv4a_signing_region_set ?? "").split(",").map((_) => _.trim()); - } - throw new import_property_provider.ProviderError("sigv4a_signing_region_set not set in profile.", { - tryNextLink: true - }); - }, - default: void 0 -}; - -// src/submodules/httpAuthSchemes/aws_sdk/resolveAwsSdkSigV4Config.ts -var import_client = __nccwpck_require__(6510); -var import_core2 = __nccwpck_require__(5829); -var import_signature_v4 = __nccwpck_require__(1528); -var resolveAwsSdkSigV4Config = /* @__PURE__ */ __name((config) => { - let inputCredentials = config.credentials; - let isUserSupplied = !!config.credentials; - let resolvedCredentials = void 0; - Object.defineProperty(config, "credentials", { - set(credentials) { - if (credentials && credentials !== inputCredentials && credentials !== resolvedCredentials) { - isUserSupplied = true; - } - inputCredentials = credentials; - const memoizedProvider = normalizeCredentialProvider(config, { - credentials: inputCredentials, - credentialDefaultProvider: config.credentialDefaultProvider - }); - const boundProvider = bindCallerConfig(config, memoizedProvider); - if (isUserSupplied && !boundProvider.attributed) { - resolvedCredentials = /* @__PURE__ */ __name(async (options) => boundProvider(options).then( - (creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_CODE", "e") - ), "resolvedCredentials"); - resolvedCredentials.memoized = boundProvider.memoized; - resolvedCredentials.configBound = boundProvider.configBound; - resolvedCredentials.attributed = true; - } else { - resolvedCredentials = boundProvider; - } - }, - get() { - return resolvedCredentials; - }, - enumerable: true, - configurable: true - }); - config.credentials = inputCredentials; - const { - // Default for signingEscapePath - signingEscapePath = true, - // Default for systemClockOffset - systemClockOffset = config.systemClockOffset || 0, - // No default for sha256 since it is platform dependent - sha256 - } = config; - let signer; - if (config.signer) { - signer = (0, import_core2.normalizeProvider)(config.signer); - } else if (config.regionInfoProvider) { - signer = /* @__PURE__ */ __name(() => (0, import_core2.normalizeProvider)(config.region)().then( - async (region) => [ - await config.regionInfoProvider(region, { - useFipsEndpoint: await config.useFipsEndpoint(), - useDualstackEndpoint: await config.useDualstackEndpoint() - }) || {}, - region - ] - ).then(([regionInfo, region]) => { - const { signingRegion, signingService } = regionInfo; - config.signingRegion = config.signingRegion || signingRegion || region; - config.signingName = config.signingName || signingService || config.serviceId; - const params = { - ...config, - credentials: config.credentials, - region: config.signingRegion, - service: config.signingName, - sha256, - uriEscapePath: signingEscapePath - }; - const SignerCtor = config.signerConstructor || import_signature_v4.SignatureV4; - return new SignerCtor(params); - }), "signer"); - } else { - signer = /* @__PURE__ */ __name(async (authScheme) => { - authScheme = Object.assign( - {}, - { - name: "sigv4", - signingName: config.signingName || config.defaultSigningName, - signingRegion: await (0, import_core2.normalizeProvider)(config.region)(), - properties: {} - }, - authScheme - ); - const signingRegion = authScheme.signingRegion; - const signingService = authScheme.signingName; - config.signingRegion = config.signingRegion || signingRegion; - config.signingName = config.signingName || signingService || config.serviceId; - const params = { - ...config, - credentials: config.credentials, - region: config.signingRegion, - service: config.signingName, - sha256, - uriEscapePath: signingEscapePath - }; - const SignerCtor = config.signerConstructor || import_signature_v4.SignatureV4; - return new SignerCtor(params); - }, "signer"); - } - const resolvedConfig = Object.assign(config, { - systemClockOffset, - signingEscapePath, - signer - }); - return resolvedConfig; -}, "resolveAwsSdkSigV4Config"); -var resolveAWSSDKSigV4Config = resolveAwsSdkSigV4Config; -function normalizeCredentialProvider(config, { - credentials, - credentialDefaultProvider -}) { - let credentialsProvider; - if (credentials) { - if (!credentials?.memoized) { - credentialsProvider = (0, import_core2.memoizeIdentityProvider)(credentials, import_core2.isIdentityExpired, import_core2.doesIdentityRequireRefresh); - } else { - credentialsProvider = credentials; - } - } else { - if (credentialDefaultProvider) { - credentialsProvider = (0, import_core2.normalizeProvider)( - credentialDefaultProvider( - Object.assign({}, config, { - parentClientConfig: config - }) - ) - ); - } else { - credentialsProvider = /* @__PURE__ */ __name(async () => { - throw new Error( - "@aws-sdk/core::resolveAwsSdkSigV4Config - `credentials` not provided and no credentialDefaultProvider was configured." - ); - }, "credentialsProvider"); +exports.STSClient = exports.__Client = void 0; +const middleware_host_header_1 = __nccwpck_require__(9514); +const middleware_logger_1 = __nccwpck_require__(5675); +const middleware_recursion_detection_1 = __nccwpck_require__(7977); +const middleware_user_agent_1 = __nccwpck_require__(6634); +const config_resolver_1 = __nccwpck_require__(3098); +const core_1 = __nccwpck_require__(5829); +const middleware_content_length_1 = __nccwpck_require__(2800); +const middleware_endpoint_1 = __nccwpck_require__(2918); +const middleware_retry_1 = __nccwpck_require__(6039); +const smithy_client_1 = __nccwpck_require__(3570); +Object.defineProperty(exports, "__Client", ({ enumerable: true, get: function () { return smithy_client_1.Client; } })); +const httpAuthSchemeProvider_1 = __nccwpck_require__(3061); +const EndpointParameters_1 = __nccwpck_require__(981); +const runtimeConfig_1 = __nccwpck_require__(302); +const runtimeExtensions_1 = __nccwpck_require__(9913); +class STSClient extends smithy_client_1.Client { + config; + constructor(...[configuration]) { + const _config_0 = (0, runtimeConfig_1.getRuntimeConfig)(configuration || {}); + super(_config_0); + this.initConfig = _config_0; + const _config_1 = (0, EndpointParameters_1.resolveClientEndpointParameters)(_config_0); + const _config_2 = (0, middleware_user_agent_1.resolveUserAgentConfig)(_config_1); + const _config_3 = (0, middleware_retry_1.resolveRetryConfig)(_config_2); + const _config_4 = (0, config_resolver_1.resolveRegionConfig)(_config_3); + const _config_5 = (0, middleware_host_header_1.resolveHostHeaderConfig)(_config_4); + const _config_6 = (0, middleware_endpoint_1.resolveEndpointConfig)(_config_5); + const _config_7 = (0, httpAuthSchemeProvider_1.resolveHttpAuthSchemeConfig)(_config_6); + const _config_8 = (0, runtimeExtensions_1.resolveRuntimeExtensions)(_config_7, configuration?.extensions || []); + this.config = _config_8; + this.middlewareStack.use((0, middleware_user_agent_1.getUserAgentPlugin)(this.config)); + this.middlewareStack.use((0, middleware_retry_1.getRetryPlugin)(this.config)); + this.middlewareStack.use((0, middleware_content_length_1.getContentLengthPlugin)(this.config)); + this.middlewareStack.use((0, middleware_host_header_1.getHostHeaderPlugin)(this.config)); + this.middlewareStack.use((0, middleware_logger_1.getLoggerPlugin)(this.config)); + this.middlewareStack.use((0, middleware_recursion_detection_1.getRecursionDetectionPlugin)(this.config)); + this.middlewareStack.use((0, core_1.getHttpAuthSchemeEndpointRuleSetPlugin)(this.config, { + httpAuthSchemeParametersProvider: httpAuthSchemeProvider_1.defaultSTSHttpAuthSchemeParametersProvider, + identityProviderConfigProvider: async (config) => new core_1.DefaultIdentityProviderConfig({ + "aws.auth#sigv4": config.credentials, + }), + })); + this.middlewareStack.use((0, core_1.getHttpSigningPlugin)(this.config)); + } + destroy() { + super.destroy(); } - } - credentialsProvider.memoized = true; - return credentialsProvider; } -__name(normalizeCredentialProvider, "normalizeCredentialProvider"); -function bindCallerConfig(config, credentialsProvider) { - if (credentialsProvider.configBound) { - return credentialsProvider; - } - const fn = /* @__PURE__ */ __name(async (options) => credentialsProvider({ ...options, callerClientConfig: config }), "fn"); - fn.memoized = credentialsProvider.memoized; - fn.configBound = true; - return fn; +exports.STSClient = STSClient; + + +/***/ }), + +/***/ 1746: +/***/ ((__unused_webpack_module, exports) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.resolveHttpAuthRuntimeConfig = exports.getHttpAuthExtensionConfiguration = void 0; +const getHttpAuthExtensionConfiguration = (runtimeConfig) => { + const _httpAuthSchemes = runtimeConfig.httpAuthSchemes; + let _httpAuthSchemeProvider = runtimeConfig.httpAuthSchemeProvider; + let _credentials = runtimeConfig.credentials; + return { + setHttpAuthScheme(httpAuthScheme) { + const index = _httpAuthSchemes.findIndex((scheme) => scheme.schemeId === httpAuthScheme.schemeId); + if (index === -1) { + _httpAuthSchemes.push(httpAuthScheme); + } + else { + _httpAuthSchemes.splice(index, 1, httpAuthScheme); + } + }, + httpAuthSchemes() { + return _httpAuthSchemes; + }, + setHttpAuthSchemeProvider(httpAuthSchemeProvider) { + _httpAuthSchemeProvider = httpAuthSchemeProvider; + }, + httpAuthSchemeProvider() { + return _httpAuthSchemeProvider; + }, + setCredentials(credentials) { + _credentials = credentials; + }, + credentials() { + return _credentials; + }, + }; +}; +exports.getHttpAuthExtensionConfiguration = getHttpAuthExtensionConfiguration; +const resolveHttpAuthRuntimeConfig = (config) => { + return { + httpAuthSchemes: config.httpAuthSchemes(), + httpAuthSchemeProvider: config.httpAuthSchemeProvider(), + credentials: config.credentials(), + }; +}; +exports.resolveHttpAuthRuntimeConfig = resolveHttpAuthRuntimeConfig; + + +/***/ }), + +/***/ 3061: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.resolveHttpAuthSchemeConfig = exports.resolveStsAuthConfig = exports.defaultSTSHttpAuthSchemeProvider = exports.defaultSTSHttpAuthSchemeParametersProvider = void 0; +const core_1 = __nccwpck_require__(2143); +const util_middleware_1 = __nccwpck_require__(2390); +const STSClient_1 = __nccwpck_require__(6878); +const defaultSTSHttpAuthSchemeParametersProvider = async (config, context, input) => { + return { + operation: (0, util_middleware_1.getSmithyContext)(context).operation, + region: (await (0, util_middleware_1.normalizeProvider)(config.region)()) || + (() => { + throw new Error("expected `region` to be configured for `aws.auth#sigv4`"); + })(), + }; +}; +exports.defaultSTSHttpAuthSchemeParametersProvider = defaultSTSHttpAuthSchemeParametersProvider; +function createAwsAuthSigv4HttpAuthOption(authParameters) { + return { + schemeId: "aws.auth#sigv4", + signingProperties: { + name: "sts", + region: authParameters.region, + }, + propertiesExtractor: (config, context) => ({ + signingProperties: { + config, + context, + }, + }), + }; } -__name(bindCallerConfig, "bindCallerConfig"); -// Annotate the CommonJS export names for ESM import in node: -0 && (0); +function createSmithyApiNoAuthHttpAuthOption(authParameters) { + return { + schemeId: "smithy.api#noAuth", + }; +} +const defaultSTSHttpAuthSchemeProvider = (authParameters) => { + const options = []; + switch (authParameters.operation) { + case "AssumeRoleWithWebIdentity": { + options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); + break; + } + default: { + options.push(createAwsAuthSigv4HttpAuthOption(authParameters)); + } + } + return options; +}; +exports.defaultSTSHttpAuthSchemeProvider = defaultSTSHttpAuthSchemeProvider; +const resolveStsAuthConfig = (input) => Object.assign(input, { + stsClientCtor: STSClient_1.STSClient, +}); +exports.resolveStsAuthConfig = resolveStsAuthConfig; +const resolveHttpAuthSchemeConfig = (config) => { + const config_0 = (0, exports.resolveStsAuthConfig)(config); + const config_1 = (0, core_1.resolveAwsSdkSigV4Config)(config_0); + return Object.assign(config_1, { + authSchemePreference: (0, util_middleware_1.normalizeProvider)(config.authSchemePreference ?? []), + }); +}; +exports.resolveHttpAuthSchemeConfig = resolveHttpAuthSchemeConfig; /***/ }), -/***/ 5743: +/***/ 981: +/***/ ((__unused_webpack_module, exports) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.commonParams = exports.resolveClientEndpointParameters = void 0; +const resolveClientEndpointParameters = (options) => { + return Object.assign(options, { + useDualstackEndpoint: options.useDualstackEndpoint ?? false, + useFipsEndpoint: options.useFipsEndpoint ?? false, + useGlobalEndpoint: options.useGlobalEndpoint ?? false, + defaultSigningName: "sts", + }); +}; +exports.resolveClientEndpointParameters = resolveClientEndpointParameters; +exports.commonParams = { + UseGlobalEndpoint: { type: "builtInParams", name: "useGlobalEndpoint" }, + UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, + Endpoint: { type: "builtInParams", name: "endpoint" }, + Region: { type: "builtInParams", name: "region" }, + UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" }, +}; + + +/***/ }), + +/***/ 8181: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.defaultEndpointResolver = void 0; +const util_endpoints_1 = __nccwpck_require__(4241); +const util_endpoints_2 = __nccwpck_require__(5473); +const ruleset_1 = __nccwpck_require__(5713); +const cache = new util_endpoints_2.EndpointCache({ + size: 50, + params: ["Endpoint", "Region", "UseDualStack", "UseFIPS", "UseGlobalEndpoint"], +}); +const defaultEndpointResolver = (endpointParams, context = {}) => { + return cache.get(endpointParams, () => (0, util_endpoints_2.resolveEndpoint)(ruleset_1.ruleSet, { + endpointParams: endpointParams, + logger: context.logger, + })); +}; +exports.defaultEndpointResolver = defaultEndpointResolver; +util_endpoints_2.customEndpointFunctions.aws = util_endpoints_1.awsEndpointFunctions; + + +/***/ }), + +/***/ 5713: +/***/ ((__unused_webpack_module, exports) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.ruleSet = void 0; +const F = "required", G = "type", H = "fn", I = "argv", J = "ref"; +const a = false, b = true, c = "booleanEquals", d = "stringEquals", e = "sigv4", f = "sts", g = "us-east-1", h = "endpoint", i = "https://sts.{Region}.{PartitionResult#dnsSuffix}", j = "tree", k = "error", l = "getAttr", m = { [F]: false, [G]: "String" }, n = { [F]: true, "default": false, [G]: "Boolean" }, o = { [J]: "Endpoint" }, p = { [H]: "isSet", [I]: [{ [J]: "Region" }] }, q = { [J]: "Region" }, r = { [H]: "aws.partition", [I]: [q], "assign": "PartitionResult" }, s = { [J]: "UseFIPS" }, t = { [J]: "UseDualStack" }, u = { "url": "https://sts.amazonaws.com", "properties": { "authSchemes": [{ "name": e, "signingName": f, "signingRegion": g }] }, "headers": {} }, v = {}, w = { "conditions": [{ [H]: d, [I]: [q, "aws-global"] }], [h]: u, [G]: h }, x = { [H]: c, [I]: [s, true] }, y = { [H]: c, [I]: [t, true] }, z = { [H]: l, [I]: [{ [J]: "PartitionResult" }, "supportsFIPS"] }, A = { [J]: "PartitionResult" }, B = { [H]: c, [I]: [true, { [H]: l, [I]: [A, "supportsDualStack"] }] }, C = [{ [H]: "isSet", [I]: [o] }], D = [x], E = [y]; +const _data = { version: "1.0", parameters: { Region: m, UseDualStack: n, UseFIPS: n, Endpoint: m, UseGlobalEndpoint: n }, rules: [{ conditions: [{ [H]: c, [I]: [{ [J]: "UseGlobalEndpoint" }, b] }, { [H]: "not", [I]: C }, p, r, { [H]: c, [I]: [s, a] }, { [H]: c, [I]: [t, a] }], rules: [{ conditions: [{ [H]: d, [I]: [q, "ap-northeast-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "ap-south-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "ap-southeast-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "ap-southeast-2"] }], endpoint: u, [G]: h }, w, { conditions: [{ [H]: d, [I]: [q, "ca-central-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-central-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-north-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-west-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-west-2"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-west-3"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "sa-east-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, g] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "us-east-2"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "us-west-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "us-west-2"] }], endpoint: u, [G]: h }, { endpoint: { url: i, properties: { authSchemes: [{ name: e, signingName: f, signingRegion: "{Region}" }] }, headers: v }, [G]: h }], [G]: j }, { conditions: C, rules: [{ conditions: D, error: "Invalid Configuration: FIPS and custom endpoint are not supported", [G]: k }, { conditions: E, error: "Invalid Configuration: Dualstack and custom endpoint are not supported", [G]: k }, { endpoint: { url: o, properties: v, headers: v }, [G]: h }], [G]: j }, { conditions: [p], rules: [{ conditions: [r], rules: [{ conditions: [x, y], rules: [{ conditions: [{ [H]: c, [I]: [b, z] }, B], rules: [{ endpoint: { url: "https://sts-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: v, headers: v }, [G]: h }], [G]: j }, { error: "FIPS and DualStack are enabled, but this partition does not support one or both", [G]: k }], [G]: j }, { conditions: D, rules: [{ conditions: [{ [H]: c, [I]: [z, b] }], rules: [{ conditions: [{ [H]: d, [I]: [{ [H]: l, [I]: [A, "name"] }, "aws-us-gov"] }], endpoint: { url: "https://sts.{Region}.amazonaws.com", properties: v, headers: v }, [G]: h }, { endpoint: { url: "https://sts-fips.{Region}.{PartitionResult#dnsSuffix}", properties: v, headers: v }, [G]: h }], [G]: j }, { error: "FIPS is enabled but this partition does not support FIPS", [G]: k }], [G]: j }, { conditions: E, rules: [{ conditions: [B], rules: [{ endpoint: { url: "https://sts.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: v, headers: v }, [G]: h }], [G]: j }, { error: "DualStack is enabled but this partition does not support DualStack", [G]: k }], [G]: j }, w, { endpoint: { url: i, properties: v, headers: v }, [G]: h }], [G]: j }], [G]: j }, { error: "Invalid Configuration: Missing Region", [G]: k }] }; +exports.ruleSet = _data; + + +/***/ }), + +/***/ 3764: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; @@ -32033,1682 +40560,1069 @@ var __copyProps = (to, from, except, desc) => { } return to; }; +var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default")); var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -// src/submodules/protocols/index.ts +// src/submodules/sts/index.ts var index_exports = {}; __export(index_exports, { - AwsEc2QueryProtocol: () => AwsEc2QueryProtocol, - AwsJson1_0Protocol: () => AwsJson1_0Protocol, - AwsJson1_1Protocol: () => AwsJson1_1Protocol, - AwsJsonRpcProtocol: () => AwsJsonRpcProtocol, - AwsQueryProtocol: () => AwsQueryProtocol, - AwsRestJsonProtocol: () => AwsRestJsonProtocol, - AwsRestXmlProtocol: () => AwsRestXmlProtocol, - JsonCodec: () => JsonCodec, - JsonShapeDeserializer: () => JsonShapeDeserializer, - JsonShapeSerializer: () => JsonShapeSerializer, - XmlCodec: () => XmlCodec, - XmlShapeDeserializer: () => XmlShapeDeserializer, - XmlShapeSerializer: () => XmlShapeSerializer, - _toBool: () => _toBool, - _toNum: () => _toNum, - _toStr: () => _toStr, - awsExpectUnion: () => awsExpectUnion, - loadRestJsonErrorCode: () => loadRestJsonErrorCode, - loadRestXmlErrorCode: () => loadRestXmlErrorCode, - parseJsonBody: () => parseJsonBody, - parseJsonErrorBody: () => parseJsonErrorBody, - parseXmlBody: () => parseXmlBody, - parseXmlErrorBody: () => parseXmlErrorBody + AssumeRoleCommand: () => AssumeRoleCommand, + AssumeRoleResponseFilterSensitiveLog: () => AssumeRoleResponseFilterSensitiveLog, + AssumeRoleWithWebIdentityCommand: () => AssumeRoleWithWebIdentityCommand, + AssumeRoleWithWebIdentityRequestFilterSensitiveLog: () => AssumeRoleWithWebIdentityRequestFilterSensitiveLog, + AssumeRoleWithWebIdentityResponseFilterSensitiveLog: () => AssumeRoleWithWebIdentityResponseFilterSensitiveLog, + ClientInputEndpointParameters: () => import_EndpointParameters3.ClientInputEndpointParameters, + CredentialsFilterSensitiveLog: () => CredentialsFilterSensitiveLog, + ExpiredTokenException: () => ExpiredTokenException, + IDPCommunicationErrorException: () => IDPCommunicationErrorException, + IDPRejectedClaimException: () => IDPRejectedClaimException, + InvalidIdentityTokenException: () => InvalidIdentityTokenException, + MalformedPolicyDocumentException: () => MalformedPolicyDocumentException, + PackedPolicyTooLargeException: () => PackedPolicyTooLargeException, + RegionDisabledException: () => RegionDisabledException, + STS: () => STS, + STSServiceException: () => STSServiceException, + decorateDefaultCredentialProvider: () => decorateDefaultCredentialProvider, + getDefaultRoleAssumer: () => getDefaultRoleAssumer2, + getDefaultRoleAssumerWithWebIdentity: () => getDefaultRoleAssumerWithWebIdentity2 }); module.exports = __toCommonJS(index_exports); +__reExport(index_exports, __nccwpck_require__(6878), module.exports); -// src/submodules/protocols/coercing-serializers.ts -var _toStr = /* @__PURE__ */ __name((val) => { - if (val == null) { - return val; - } - if (typeof val === "number" || typeof val === "bigint") { - const warning = new Error(`Received number ${val} where a string was expected.`); - warning.name = "Warning"; - console.warn(warning); - return String(val); - } - if (typeof val === "boolean") { - const warning = new Error(`Received boolean ${val} where a string was expected.`); - warning.name = "Warning"; - console.warn(warning); - return String(val); - } - return val; -}, "_toStr"); -var _toBool = /* @__PURE__ */ __name((val) => { - if (val == null) { - return val; - } - if (typeof val === "number") { - } - if (typeof val === "string") { - const lowercase = val.toLowerCase(); - if (val !== "" && lowercase !== "false" && lowercase !== "true") { - const warning = new Error(`Received string "${val}" where a boolean was expected.`); - warning.name = "Warning"; - console.warn(warning); - } - return val !== "" && lowercase !== "false"; - } - return val; -}, "_toBool"); -var _toNum = /* @__PURE__ */ __name((val) => { - if (val == null) { - return val; - } - if (typeof val === "boolean") { - } - if (typeof val === "string") { - const num = Number(val); - if (num.toString() !== val) { - const warning = new Error(`Received string "${val}" where a number was expected.`); - warning.name = "Warning"; - console.warn(warning); - return val; - } - return num; - } - return val; -}, "_toNum"); - -// src/submodules/protocols/json/AwsJsonRpcProtocol.ts -var import_protocols = __nccwpck_require__(2241); -var import_schema3 = __nccwpck_require__(9826); -var import_util_body_length_browser = __nccwpck_require__(713); - -// src/submodules/protocols/ConfigurableSerdeContext.ts -var SerdeContextConfig = class { - static { - __name(this, "SerdeContextConfig"); - } - serdeContext; - setSerdeContext(serdeContext) { - this.serdeContext = serdeContext; - } -}; - -// src/submodules/protocols/json/JsonShapeDeserializer.ts -var import_schema = __nccwpck_require__(9826); -var import_serde2 = __nccwpck_require__(7669); -var import_util_base64 = __nccwpck_require__(5600); - -// src/submodules/protocols/json/jsonReviver.ts -var import_serde = __nccwpck_require__(7669); -function jsonReviver(key, value, context) { - if (context?.source) { - const numericString = context.source; - if (typeof value === "number") { - if (value > Number.MAX_SAFE_INTEGER || value < Number.MIN_SAFE_INTEGER || numericString !== String(value)) { - const isFractional = numericString.includes("."); - if (isFractional) { - return new import_serde.NumericValue(numericString, "bigDecimal"); - } else { - return BigInt(numericString); - } - } - } - } - return value; -} -__name(jsonReviver, "jsonReviver"); - -// src/submodules/protocols/common.ts -var import_smithy_client = __nccwpck_require__(3570); -var collectBodyString = /* @__PURE__ */ __name((streamBody, context) => (0, import_smithy_client.collectBody)(streamBody, context).then((body) => context.utf8Encoder(body)), "collectBodyString"); - -// src/submodules/protocols/json/parseJsonBody.ts -var parseJsonBody = /* @__PURE__ */ __name((streamBody, context) => collectBodyString(streamBody, context).then((encoded) => { - if (encoded.length) { - try { - return JSON.parse(encoded); - } catch (e) { - if (e?.name === "SyntaxError") { - Object.defineProperty(e, "$responseBodyText", { - value: encoded - }); - } - throw e; - } - } - return {}; -}), "parseJsonBody"); -var parseJsonErrorBody = /* @__PURE__ */ __name(async (errorBody, context) => { - const value = await parseJsonBody(errorBody, context); - value.message = value.message ?? value.Message; - return value; -}, "parseJsonErrorBody"); -var loadRestJsonErrorCode = /* @__PURE__ */ __name((output, data) => { - const findKey = /* @__PURE__ */ __name((object, key) => Object.keys(object).find((k) => k.toLowerCase() === key.toLowerCase()), "findKey"); - const sanitizeErrorCode = /* @__PURE__ */ __name((rawValue) => { - let cleanValue = rawValue; - if (typeof cleanValue === "number") { - cleanValue = cleanValue.toString(); - } - if (cleanValue.indexOf(",") >= 0) { - cleanValue = cleanValue.split(",")[0]; - } - if (cleanValue.indexOf(":") >= 0) { - cleanValue = cleanValue.split(":")[0]; - } - if (cleanValue.indexOf("#") >= 0) { - cleanValue = cleanValue.split("#")[1]; - } - return cleanValue; - }, "sanitizeErrorCode"); - const headerKey = findKey(output.headers, "x-amzn-errortype"); - if (headerKey !== void 0) { - return sanitizeErrorCode(output.headers[headerKey]); - } - if (data && typeof data === "object") { - const codeKey = findKey(data, "code"); - if (codeKey && data[codeKey] !== void 0) { - return sanitizeErrorCode(data[codeKey]); - } - if (data["__type"] !== void 0) { - return sanitizeErrorCode(data["__type"]); - } - } -}, "loadRestJsonErrorCode"); +// src/submodules/sts/STS.ts +var import_smithy_client6 = __nccwpck_require__(3570); -// src/submodules/protocols/json/JsonShapeDeserializer.ts -var JsonShapeDeserializer = class extends SerdeContextConfig { - constructor(settings) { - super(); - this.settings = settings; - } - static { - __name(this, "JsonShapeDeserializer"); - } - async read(schema, data) { - return this._read( - schema, - typeof data === "string" ? JSON.parse(data, jsonReviver) : await parseJsonBody(data, this.serdeContext) - ); - } - readObject(schema, data) { - return this._read(schema, data); - } - _read(schema, value) { - const isObject = value !== null && typeof value === "object"; - const ns = import_schema.NormalizedSchema.of(schema); - if (ns.isListSchema() && Array.isArray(value)) { - const listMember = ns.getValueSchema(); - const out = []; - const sparse = !!ns.getMergedTraits().sparse; - for (const item of value) { - if (sparse || item != null) { - out.push(this._read(listMember, item)); - } - } - return out; - } else if (ns.isMapSchema() && isObject) { - const mapMember = ns.getValueSchema(); - const out = {}; - const sparse = !!ns.getMergedTraits().sparse; - for (const [_k, _v] of Object.entries(value)) { - if (sparse || _v != null) { - out[_k] = this._read(mapMember, _v); - } - } - return out; - } else if (ns.isStructSchema() && isObject) { - const out = {}; - for (const [memberName, memberSchema] of ns.structIterator()) { - const fromKey = this.settings.jsonName ? memberSchema.getMergedTraits().jsonName ?? memberName : memberName; - const deserializedValue = this._read(memberSchema, value[fromKey]); - if (deserializedValue != null) { - out[memberName] = deserializedValue; - } - } - return out; - } - if (ns.isBlobSchema() && typeof value === "string") { - return (0, import_util_base64.fromBase64)(value); - } - const mediaType = ns.getMergedTraits().mediaType; - if (ns.isStringSchema() && typeof value === "string" && mediaType) { - const isJson = mediaType === "application/json" || mediaType.endsWith("+json"); - if (isJson) { - return import_serde2.LazyJsonString.from(value); - } - } - if (ns.isTimestampSchema()) { - const options = this.settings.timestampFormat; - const format = options.useTrait ? ns.getSchema() === import_schema.SCHEMA.TIMESTAMP_DEFAULT ? options.default : ns.getSchema() ?? options.default : options.default; - switch (format) { - case import_schema.SCHEMA.TIMESTAMP_DATE_TIME: - return (0, import_serde2.parseRfc3339DateTimeWithOffset)(value); - case import_schema.SCHEMA.TIMESTAMP_HTTP_DATE: - return (0, import_serde2.parseRfc7231DateTime)(value); - case import_schema.SCHEMA.TIMESTAMP_EPOCH_SECONDS: - return (0, import_serde2.parseEpochTimestamp)(value); - default: - console.warn("Missing timestamp format, parsing value with Date constructor:", value); - return new Date(value); - } - } - if (ns.isBigIntegerSchema() && (typeof value === "number" || typeof value === "string")) { - return BigInt(value); - } - if (ns.isBigDecimalSchema() && value != void 0) { - if (value instanceof import_serde2.NumericValue) { - return value; - } - return new import_serde2.NumericValue(String(value), "bigDecimal"); - } - if (ns.isNumericSchema() && typeof value === "string") { - switch (value) { - case "Infinity": - return Infinity; - case "-Infinity": - return -Infinity; - case "NaN": - return NaN; - } - } - return value; - } -}; +// src/submodules/sts/commands/AssumeRoleCommand.ts +var import_middleware_endpoint = __nccwpck_require__(2918); +var import_middleware_serde = __nccwpck_require__(1238); +var import_smithy_client4 = __nccwpck_require__(3570); +var import_EndpointParameters = __nccwpck_require__(981); -// src/submodules/protocols/json/JsonShapeSerializer.ts -var import_schema2 = __nccwpck_require__(9826); -var import_serde4 = __nccwpck_require__(7669); -var import_serde5 = __nccwpck_require__(7669); +// src/submodules/sts/models/models_0.ts +var import_smithy_client2 = __nccwpck_require__(3570); -// src/submodules/protocols/json/jsonReplacer.ts -var import_serde3 = __nccwpck_require__(7669); -var NUMERIC_CONTROL_CHAR = String.fromCharCode(925); -var JsonReplacer = class { +// src/submodules/sts/models/STSServiceException.ts +var import_smithy_client = __nccwpck_require__(3570); +var STSServiceException = class _STSServiceException extends import_smithy_client.ServiceException { static { - __name(this, "JsonReplacer"); + __name(this, "STSServiceException"); } /** - * Stores placeholder key to true serialized value lookup. + * @internal */ - values = /* @__PURE__ */ new Map(); - counter = 0; - stage = 0; + constructor(options) { + super(options); + Object.setPrototypeOf(this, _STSServiceException.prototype); + } +}; + +// src/submodules/sts/models/models_0.ts +var CredentialsFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.SecretAccessKey && { SecretAccessKey: import_smithy_client2.SENSITIVE_STRING } +}), "CredentialsFilterSensitiveLog"); +var AssumeRoleResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) } +}), "AssumeRoleResponseFilterSensitiveLog"); +var ExpiredTokenException = class _ExpiredTokenException extends STSServiceException { + static { + __name(this, "ExpiredTokenException"); + } + name = "ExpiredTokenException"; + $fault = "client"; /** - * Creates a jsonReplacer function that reserves big integer and big decimal values - * for later replacement. + * @internal */ - createReplacer() { - if (this.stage === 1) { - throw new Error("@aws-sdk/core/protocols - JsonReplacer already created."); - } - if (this.stage === 2) { - throw new Error("@aws-sdk/core/protocols - JsonReplacer exhausted."); - } - this.stage = 1; - return (key, value) => { - if (value instanceof import_serde3.NumericValue) { - const v = `${NUMERIC_CONTROL_CHAR + +"nv" + this.counter++}_` + value.string; - this.values.set(`"${v}"`, value.string); - return v; - } - if (typeof value === "bigint") { - const s = value.toString(); - const v = `${NUMERIC_CONTROL_CHAR + "b" + this.counter++}_` + s; - this.values.set(`"${v}"`, s); - return v; - } - return value; - }; + constructor(opts) { + super({ + name: "ExpiredTokenException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _ExpiredTokenException.prototype); + } +}; +var MalformedPolicyDocumentException = class _MalformedPolicyDocumentException extends STSServiceException { + static { + __name(this, "MalformedPolicyDocumentException"); } + name = "MalformedPolicyDocumentException"; + $fault = "client"; /** - * Replaces placeholder keys with their true values. + * @internal */ - replaceInJson(json) { - if (this.stage === 0) { - throw new Error("@aws-sdk/core/protocols - JsonReplacer not created yet."); - } - if (this.stage === 2) { - throw new Error("@aws-sdk/core/protocols - JsonReplacer exhausted."); - } - this.stage = 2; - if (this.counter === 0) { - return json; - } - for (const [key, value] of this.values) { - json = json.replace(key, value); - } - return json; + constructor(opts) { + super({ + name: "MalformedPolicyDocumentException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _MalformedPolicyDocumentException.prototype); } }; - -// src/submodules/protocols/json/JsonShapeSerializer.ts -var JsonShapeSerializer = class extends SerdeContextConfig { - constructor(settings) { - super(); - this.settings = settings; - } +var PackedPolicyTooLargeException = class _PackedPolicyTooLargeException extends STSServiceException { static { - __name(this, "JsonShapeSerializer"); + __name(this, "PackedPolicyTooLargeException"); } - buffer; - rootSchema; - write(schema, value) { - this.rootSchema = import_schema2.NormalizedSchema.of(schema); - this.buffer = this._write(this.rootSchema, value); + name = "PackedPolicyTooLargeException"; + $fault = "client"; + /** + * @internal + */ + constructor(opts) { + super({ + name: "PackedPolicyTooLargeException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _PackedPolicyTooLargeException.prototype); } - flush() { - if (this.rootSchema?.isStructSchema() || this.rootSchema?.isDocumentSchema()) { - const replacer = new JsonReplacer(); - return replacer.replaceInJson(JSON.stringify(this.buffer, replacer.createReplacer(), 0)); - } - return this.buffer; +}; +var RegionDisabledException = class _RegionDisabledException extends STSServiceException { + static { + __name(this, "RegionDisabledException"); } - _write(schema, value, container) { - const isObject = value !== null && typeof value === "object"; - const ns = import_schema2.NormalizedSchema.of(schema); - if (ns.isListSchema() && Array.isArray(value)) { - const listMember = ns.getValueSchema(); - const out = []; - const sparse = !!ns.getMergedTraits().sparse; - for (const item of value) { - if (sparse || item != null) { - out.push(this._write(listMember, item)); - } - } - return out; - } else if (ns.isMapSchema() && isObject) { - const mapMember = ns.getValueSchema(); - const out = {}; - const sparse = !!ns.getMergedTraits().sparse; - for (const [_k, _v] of Object.entries(value)) { - if (sparse || _v != null) { - out[_k] = this._write(mapMember, _v); - } - } - return out; - } else if (ns.isStructSchema() && isObject) { - const out = {}; - for (const [memberName, memberSchema] of ns.structIterator()) { - const targetKey = this.settings.jsonName ? memberSchema.getMergedTraits().jsonName ?? memberName : memberName; - const serializableValue = this._write(memberSchema, value[memberName], ns); - if (serializableValue !== void 0) { - out[targetKey] = serializableValue; - } - } - return out; - } - if (value === null && container?.isStructSchema()) { - return void 0; - } - if (ns.isBlobSchema() && (value instanceof Uint8Array || typeof value === "string")) { - if (ns === this.rootSchema) { - return value; - } - if (!this.serdeContext?.base64Encoder) { - throw new Error("Missing base64Encoder in serdeContext"); - } - return this.serdeContext?.base64Encoder(value); - } - if (ns.isTimestampSchema() && value instanceof Date) { - const options = this.settings.timestampFormat; - const format = options.useTrait ? ns.getSchema() === import_schema2.SCHEMA.TIMESTAMP_DEFAULT ? options.default : ns.getSchema() ?? options.default : options.default; - switch (format) { - case import_schema2.SCHEMA.TIMESTAMP_DATE_TIME: - return value.toISOString().replace(".000Z", "Z"); - case import_schema2.SCHEMA.TIMESTAMP_HTTP_DATE: - return (0, import_serde4.dateToUtcString)(value); - case import_schema2.SCHEMA.TIMESTAMP_EPOCH_SECONDS: - return value.getTime() / 1e3; - default: - console.warn("Missing timestamp format, using epoch seconds", value); - return value.getTime() / 1e3; - } - } - if (ns.isNumericSchema() && typeof value === "number") { - if (Math.abs(value) === Infinity || isNaN(value)) { - return String(value); - } - } - const mediaType = ns.getMergedTraits().mediaType; - if (ns.isStringSchema() && typeof value === "string" && mediaType) { - const isJson = mediaType === "application/json" || mediaType.endsWith("+json"); - if (isJson) { - return import_serde5.LazyJsonString.from(value); - } - } - return value; + name = "RegionDisabledException"; + $fault = "client"; + /** + * @internal + */ + constructor(opts) { + super({ + name: "RegionDisabledException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _RegionDisabledException.prototype); } }; - -// src/submodules/protocols/json/JsonCodec.ts -var JsonCodec = class extends SerdeContextConfig { - constructor(settings) { - super(); - this.settings = settings; - } +var IDPRejectedClaimException = class _IDPRejectedClaimException extends STSServiceException { static { - __name(this, "JsonCodec"); - } - createSerializer() { - const serializer = new JsonShapeSerializer(this.settings); - serializer.setSerdeContext(this.serdeContext); - return serializer; + __name(this, "IDPRejectedClaimException"); } - createDeserializer() { - const deserializer = new JsonShapeDeserializer(this.settings); - deserializer.setSerdeContext(this.serdeContext); - return deserializer; + name = "IDPRejectedClaimException"; + $fault = "client"; + /** + * @internal + */ + constructor(opts) { + super({ + name: "IDPRejectedClaimException", + $fault: "client", + ...opts + }); + Object.setPrototypeOf(this, _IDPRejectedClaimException.prototype); } }; - -// src/submodules/protocols/json/AwsJsonRpcProtocol.ts -var AwsJsonRpcProtocol = class extends import_protocols.RpcProtocol { +var InvalidIdentityTokenException = class _InvalidIdentityTokenException extends STSServiceException { static { - __name(this, "AwsJsonRpcProtocol"); + __name(this, "InvalidIdentityTokenException"); } - serializer; - deserializer; - codec; - constructor({ defaultNamespace }) { + name = "InvalidIdentityTokenException"; + $fault = "client"; + /** + * @internal + */ + constructor(opts) { super({ - defaultNamespace - }); - this.codec = new JsonCodec({ - timestampFormat: { - useTrait: true, - default: import_schema3.SCHEMA.TIMESTAMP_EPOCH_SECONDS - }, - jsonName: false + name: "InvalidIdentityTokenException", + $fault: "client", + ...opts }); - this.serializer = this.codec.createSerializer(); - this.deserializer = this.codec.createDeserializer(); + Object.setPrototypeOf(this, _InvalidIdentityTokenException.prototype); } - async serializeRequest(operationSchema, input, context) { - const request = await super.serializeRequest(operationSchema, input, context); - if (!request.path.endsWith("/")) { - request.path += "/"; - } - Object.assign(request.headers, { - "content-type": `application/x-amz-json-${this.getJsonRpcVersion()}`, - "x-amz-target": (this.getJsonRpcVersion() === "1.0" ? `JsonRpc10.` : `JsonProtocol.`) + import_schema3.NormalizedSchema.of(operationSchema).getName() +}; +var AssumeRoleWithWebIdentityRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.WebIdentityToken && { WebIdentityToken: import_smithy_client2.SENSITIVE_STRING } +}), "AssumeRoleWithWebIdentityRequestFilterSensitiveLog"); +var AssumeRoleWithWebIdentityResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ + ...obj, + ...obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) } +}), "AssumeRoleWithWebIdentityResponseFilterSensitiveLog"); +var IDPCommunicationErrorException = class _IDPCommunicationErrorException extends STSServiceException { + static { + __name(this, "IDPCommunicationErrorException"); + } + name = "IDPCommunicationErrorException"; + $fault = "client"; + /** + * @internal + */ + constructor(opts) { + super({ + name: "IDPCommunicationErrorException", + $fault: "client", + ...opts }); - if ((0, import_schema3.deref)(operationSchema.input) === "unit" || !request.body) { - request.body = "{}"; - } - try { - request.headers["content-length"] = String((0, import_util_body_length_browser.calculateBodyLength)(request.body)); - } catch (e) { - } - return request; + Object.setPrototypeOf(this, _IDPCommunicationErrorException.prototype); } - getPayloadCodec() { - return this.codec; +}; + +// src/submodules/sts/protocols/Aws_query.ts +var import_core = __nccwpck_require__(2143); +var import_protocol_http = __nccwpck_require__(4418); +var import_smithy_client3 = __nccwpck_require__(3570); +var se_AssumeRoleCommand = /* @__PURE__ */ __name(async (input, context) => { + const headers = SHARED_HEADERS; + let body; + body = buildFormUrlencodedString({ + ...se_AssumeRoleRequest(input, context), + [_A]: _AR, + [_V]: _ + }); + return buildHttpRpcRequest(context, headers, "/", void 0, body); +}, "se_AssumeRoleCommand"); +var se_AssumeRoleWithWebIdentityCommand = /* @__PURE__ */ __name(async (input, context) => { + const headers = SHARED_HEADERS; + let body; + body = buildFormUrlencodedString({ + ...se_AssumeRoleWithWebIdentityRequest(input, context), + [_A]: _ARWWI, + [_V]: _ + }); + return buildHttpRpcRequest(context, headers, "/", void 0, body); +}, "se_AssumeRoleWithWebIdentityCommand"); +var de_AssumeRoleCommand = /* @__PURE__ */ __name(async (output, context) => { + if (output.statusCode >= 300) { + return de_CommandError(output, context); } - async handleError(operationSchema, context, response, dataObject, metadata) { - const errorIdentifier = loadRestJsonErrorCode(response, dataObject) ?? "Unknown"; - let namespace = this.options.defaultNamespace; - let errorName = errorIdentifier; - if (errorIdentifier.includes("#")) { - [namespace, errorName] = errorIdentifier.split("#"); - } - const registry = import_schema3.TypeRegistry.for(namespace); - let errorSchema; - try { - errorSchema = registry.getSchema(errorIdentifier); - } catch (e) { - const baseExceptionSchema = import_schema3.TypeRegistry.for("smithy.ts.sdk.synthetic." + namespace).getBaseException(); - if (baseExceptionSchema) { - const ErrorCtor = baseExceptionSchema.ctor; - throw Object.assign(new ErrorCtor(errorName), dataObject); - } - throw new Error(errorName); - } - const ns = import_schema3.NormalizedSchema.of(errorSchema); - const message = dataObject.message ?? dataObject.Message ?? "Unknown"; - const exception = new errorSchema.ctor(message); - await this.deserializeHttpMessage(errorSchema, context, response, dataObject); - const output = {}; - for (const [name, member] of ns.structIterator()) { - const target = member.getMergedTraits().jsonName ?? name; - output[name] = this.codec.createDeserializer().readObject(member, dataObject[target]); - } - Object.assign(exception, { - $metadata: metadata, - $response: response, - $fault: ns.getMergedTraits().error, - message, - ...output - }); - throw exception; + const data = await (0, import_core.parseXmlBody)(output.body, context); + let contents = {}; + contents = de_AssumeRoleResponse(data.AssumeRoleResult, context); + const response = { + $metadata: deserializeMetadata(output), + ...contents + }; + return response; +}, "de_AssumeRoleCommand"); +var de_AssumeRoleWithWebIdentityCommand = /* @__PURE__ */ __name(async (output, context) => { + if (output.statusCode >= 300) { + return de_CommandError(output, context); + } + const data = await (0, import_core.parseXmlBody)(output.body, context); + let contents = {}; + contents = de_AssumeRoleWithWebIdentityResponse(data.AssumeRoleWithWebIdentityResult, context); + const response = { + $metadata: deserializeMetadata(output), + ...contents + }; + return response; +}, "de_AssumeRoleWithWebIdentityCommand"); +var de_CommandError = /* @__PURE__ */ __name(async (output, context) => { + const parsedOutput = { + ...output, + body: await (0, import_core.parseXmlErrorBody)(output.body, context) + }; + const errorCode = loadQueryErrorCode(output, parsedOutput.body); + switch (errorCode) { + case "ExpiredTokenException": + case "com.amazonaws.sts#ExpiredTokenException": + throw await de_ExpiredTokenExceptionRes(parsedOutput, context); + case "MalformedPolicyDocument": + case "com.amazonaws.sts#MalformedPolicyDocumentException": + throw await de_MalformedPolicyDocumentExceptionRes(parsedOutput, context); + case "PackedPolicyTooLarge": + case "com.amazonaws.sts#PackedPolicyTooLargeException": + throw await de_PackedPolicyTooLargeExceptionRes(parsedOutput, context); + case "RegionDisabledException": + case "com.amazonaws.sts#RegionDisabledException": + throw await de_RegionDisabledExceptionRes(parsedOutput, context); + case "IDPCommunicationError": + case "com.amazonaws.sts#IDPCommunicationErrorException": + throw await de_IDPCommunicationErrorExceptionRes(parsedOutput, context); + case "IDPRejectedClaim": + case "com.amazonaws.sts#IDPRejectedClaimException": + throw await de_IDPRejectedClaimExceptionRes(parsedOutput, context); + case "InvalidIdentityToken": + case "com.amazonaws.sts#InvalidIdentityTokenException": + throw await de_InvalidIdentityTokenExceptionRes(parsedOutput, context); + default: + const parsedBody = parsedOutput.body; + return throwDefaultError({ + output, + parsedBody: parsedBody.Error, + errorCode + }); + } +}, "de_CommandError"); +var de_ExpiredTokenExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const body = parsedOutput.body; + const deserialized = de_ExpiredTokenException(body.Error, context); + const exception = new ExpiredTokenException({ + $metadata: deserializeMetadata(parsedOutput), + ...deserialized + }); + return (0, import_smithy_client3.decorateServiceException)(exception, body); +}, "de_ExpiredTokenExceptionRes"); +var de_IDPCommunicationErrorExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const body = parsedOutput.body; + const deserialized = de_IDPCommunicationErrorException(body.Error, context); + const exception = new IDPCommunicationErrorException({ + $metadata: deserializeMetadata(parsedOutput), + ...deserialized + }); + return (0, import_smithy_client3.decorateServiceException)(exception, body); +}, "de_IDPCommunicationErrorExceptionRes"); +var de_IDPRejectedClaimExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const body = parsedOutput.body; + const deserialized = de_IDPRejectedClaimException(body.Error, context); + const exception = new IDPRejectedClaimException({ + $metadata: deserializeMetadata(parsedOutput), + ...deserialized + }); + return (0, import_smithy_client3.decorateServiceException)(exception, body); +}, "de_IDPRejectedClaimExceptionRes"); +var de_InvalidIdentityTokenExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const body = parsedOutput.body; + const deserialized = de_InvalidIdentityTokenException(body.Error, context); + const exception = new InvalidIdentityTokenException({ + $metadata: deserializeMetadata(parsedOutput), + ...deserialized + }); + return (0, import_smithy_client3.decorateServiceException)(exception, body); +}, "de_InvalidIdentityTokenExceptionRes"); +var de_MalformedPolicyDocumentExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const body = parsedOutput.body; + const deserialized = de_MalformedPolicyDocumentException(body.Error, context); + const exception = new MalformedPolicyDocumentException({ + $metadata: deserializeMetadata(parsedOutput), + ...deserialized + }); + return (0, import_smithy_client3.decorateServiceException)(exception, body); +}, "de_MalformedPolicyDocumentExceptionRes"); +var de_PackedPolicyTooLargeExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const body = parsedOutput.body; + const deserialized = de_PackedPolicyTooLargeException(body.Error, context); + const exception = new PackedPolicyTooLargeException({ + $metadata: deserializeMetadata(parsedOutput), + ...deserialized + }); + return (0, import_smithy_client3.decorateServiceException)(exception, body); +}, "de_PackedPolicyTooLargeExceptionRes"); +var de_RegionDisabledExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { + const body = parsedOutput.body; + const deserialized = de_RegionDisabledException(body.Error, context); + const exception = new RegionDisabledException({ + $metadata: deserializeMetadata(parsedOutput), + ...deserialized + }); + return (0, import_smithy_client3.decorateServiceException)(exception, body); +}, "de_RegionDisabledExceptionRes"); +var se_AssumeRoleRequest = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + if (input[_RA] != null) { + entries[_RA] = input[_RA]; } -}; - -// src/submodules/protocols/json/AwsJson1_0Protocol.ts -var AwsJson1_0Protocol = class extends AwsJsonRpcProtocol { - static { - __name(this, "AwsJson1_0Protocol"); + if (input[_RSN] != null) { + entries[_RSN] = input[_RSN]; } - constructor({ defaultNamespace }) { - super({ - defaultNamespace + if (input[_PA] != null) { + const memberEntries = se_policyDescriptorListType(input[_PA], context); + if (input[_PA]?.length === 0) { + entries.PolicyArns = []; + } + Object.entries(memberEntries).forEach(([key, value]) => { + const loc = `PolicyArns.${key}`; + entries[loc] = value; }); } - getShapeId() { - return "aws.protocols#awsJson1_0"; - } - getJsonRpcVersion() { - return "1.0"; + if (input[_P] != null) { + entries[_P] = input[_P]; } -}; - -// src/submodules/protocols/json/AwsJson1_1Protocol.ts -var AwsJson1_1Protocol = class extends AwsJsonRpcProtocol { - static { - __name(this, "AwsJson1_1Protocol"); + if (input[_DS] != null) { + entries[_DS] = input[_DS]; } - constructor({ defaultNamespace }) { - super({ - defaultNamespace + if (input[_T] != null) { + const memberEntries = se_tagListType(input[_T], context); + if (input[_T]?.length === 0) { + entries.Tags = []; + } + Object.entries(memberEntries).forEach(([key, value]) => { + const loc = `Tags.${key}`; + entries[loc] = value; }); } - getShapeId() { - return "aws.protocols#awsJson1_1"; - } - getJsonRpcVersion() { - return "1.1"; - } -}; - -// src/submodules/protocols/json/AwsRestJsonProtocol.ts -var import_protocols2 = __nccwpck_require__(2241); -var import_schema4 = __nccwpck_require__(9826); -var import_util_body_length_browser2 = __nccwpck_require__(713); -var AwsRestJsonProtocol = class extends import_protocols2.HttpBindingProtocol { - static { - __name(this, "AwsRestJsonProtocol"); - } - serializer; - deserializer; - codec; - constructor({ defaultNamespace }) { - super({ - defaultNamespace + if (input[_TTK] != null) { + const memberEntries = se_tagKeyListType(input[_TTK], context); + if (input[_TTK]?.length === 0) { + entries.TransitiveTagKeys = []; + } + Object.entries(memberEntries).forEach(([key, value]) => { + const loc = `TransitiveTagKeys.${key}`; + entries[loc] = value; }); - const settings = { - timestampFormat: { - useTrait: true, - default: import_schema4.SCHEMA.TIMESTAMP_EPOCH_SECONDS - }, - httpBindings: true, - jsonName: true - }; - this.codec = new JsonCodec(settings); - this.serializer = new import_protocols2.HttpInterceptingShapeSerializer(this.codec.createSerializer(), settings); - this.deserializer = new import_protocols2.HttpInterceptingShapeDeserializer(this.codec.createDeserializer(), settings); } - getShapeId() { - return "aws.protocols#restJson1"; + if (input[_EI] != null) { + entries[_EI] = input[_EI]; } - getPayloadCodec() { - return this.codec; + if (input[_SN] != null) { + entries[_SN] = input[_SN]; } - setSerdeContext(serdeContext) { - this.codec.setSerdeContext(serdeContext); - super.setSerdeContext(serdeContext); + if (input[_TC] != null) { + entries[_TC] = input[_TC]; } - async serializeRequest(operationSchema, input, context) { - const request = await super.serializeRequest(operationSchema, input, context); - const inputSchema = import_schema4.NormalizedSchema.of(operationSchema.input); - const members = inputSchema.getMemberSchemas(); - if (!request.headers["content-type"]) { - const httpPayloadMember = Object.values(members).find((m) => { - return !!m.getMergedTraits().httpPayload; - }); - if (httpPayloadMember) { - const mediaType = httpPayloadMember.getMergedTraits().mediaType; - if (mediaType) { - request.headers["content-type"] = mediaType; - } else if (httpPayloadMember.isStringSchema()) { - request.headers["content-type"] = "text/plain"; - } else if (httpPayloadMember.isBlobSchema()) { - request.headers["content-type"] = "application/octet-stream"; - } else { - request.headers["content-type"] = "application/json"; - } - } else if (!inputSchema.isUnitSchema()) { - const hasBody = Object.values(members).find((m) => { - const { httpQuery, httpQueryParams, httpHeader, httpLabel, httpPrefixHeaders } = m.getMergedTraits(); - return !httpQuery && !httpQueryParams && !httpHeader && !httpLabel && httpPrefixHeaders === void 0; - }); - if (hasBody) { - request.headers["content-type"] = "application/json"; - } - } - } - if (request.headers["content-type"] && !request.body) { - request.body = "{}"; - } - if (request.body) { - try { - request.headers["content-length"] = String((0, import_util_body_length_browser2.calculateBodyLength)(request.body)); - } catch (e) { - } - } - return request; + if (input[_SI] != null) { + entries[_SI] = input[_SI]; } - async handleError(operationSchema, context, response, dataObject, metadata) { - const errorIdentifier = loadRestJsonErrorCode(response, dataObject) ?? "Unknown"; - let namespace = this.options.defaultNamespace; - let errorName = errorIdentifier; - if (errorIdentifier.includes("#")) { - [namespace, errorName] = errorIdentifier.split("#"); - } - const registry = import_schema4.TypeRegistry.for(namespace); - let errorSchema; - try { - errorSchema = registry.getSchema(errorIdentifier); - } catch (e) { - const baseExceptionSchema = import_schema4.TypeRegistry.for("smithy.ts.sdk.synthetic." + namespace).getBaseException(); - if (baseExceptionSchema) { - const ErrorCtor = baseExceptionSchema.ctor; - throw Object.assign(new ErrorCtor(errorName), dataObject); - } - throw new Error(errorName); - } - const ns = import_schema4.NormalizedSchema.of(errorSchema); - const message = dataObject.message ?? dataObject.Message ?? "Unknown"; - const exception = new errorSchema.ctor(message); - await this.deserializeHttpMessage(errorSchema, context, response, dataObject); - const output = {}; - for (const [name, member] of ns.structIterator()) { - const target = member.getMergedTraits().jsonName ?? name; - output[name] = this.codec.createDeserializer().readObject(member, dataObject[target]); + if (input[_PC] != null) { + const memberEntries = se_ProvidedContextsListType(input[_PC], context); + if (input[_PC]?.length === 0) { + entries.ProvidedContexts = []; } - Object.assign(exception, { - $metadata: metadata, - $response: response, - $fault: ns.getMergedTraits().error, - message, - ...output + Object.entries(memberEntries).forEach(([key, value]) => { + const loc = `ProvidedContexts.${key}`; + entries[loc] = value; }); - throw exception; - } -}; - -// src/submodules/protocols/json/awsExpectUnion.ts -var import_smithy_client2 = __nccwpck_require__(3570); -var awsExpectUnion = /* @__PURE__ */ __name((value) => { - if (value == null) { - return void 0; - } - if (typeof value === "object" && "__type" in value) { - delete value.__type; - } - return (0, import_smithy_client2.expectUnion)(value); -}, "awsExpectUnion"); - -// src/submodules/protocols/query/AwsQueryProtocol.ts -var import_protocols5 = __nccwpck_require__(2241); -var import_schema7 = __nccwpck_require__(9826); -var import_util_body_length_browser3 = __nccwpck_require__(713); - -// src/submodules/protocols/xml/XmlShapeDeserializer.ts -var import_protocols3 = __nccwpck_require__(2241); -var import_schema5 = __nccwpck_require__(9826); -var import_smithy_client3 = __nccwpck_require__(3570); -var import_util_utf8 = __nccwpck_require__(1895); -var import_fast_xml_parser = __nccwpck_require__(7773); -var XmlShapeDeserializer = class extends SerdeContextConfig { - constructor(settings) { - super(); - this.settings = settings; - this.stringDeserializer = new import_protocols3.FromStringShapeDeserializer(settings); } - static { - __name(this, "XmlShapeDeserializer"); + return entries; +}, "se_AssumeRoleRequest"); +var se_AssumeRoleWithWebIdentityRequest = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + if (input[_RA] != null) { + entries[_RA] = input[_RA]; } - stringDeserializer; - setSerdeContext(serdeContext) { - this.serdeContext = serdeContext; - this.stringDeserializer.setSerdeContext(serdeContext); + if (input[_RSN] != null) { + entries[_RSN] = input[_RSN]; } - /** - * @param schema - describing the data. - * @param bytes - serialized data. - * @param key - used by AwsQuery to step one additional depth into the object before reading it. - */ - read(schema, bytes, key) { - const ns = import_schema5.NormalizedSchema.of(schema); - const memberSchemas = ns.getMemberSchemas(); - const isEventPayload = ns.isStructSchema() && ns.isMemberSchema() && !!Object.values(memberSchemas).find((memberNs) => { - return !!memberNs.getMemberTraits().eventPayload; - }); - if (isEventPayload) { - const output = {}; - const memberName = Object.keys(memberSchemas)[0]; - const eventMemberSchema = memberSchemas[memberName]; - if (eventMemberSchema.isBlobSchema()) { - output[memberName] = bytes; - } else { - output[memberName] = this.read(memberSchemas[memberName], bytes); - } - return output; - } - const xmlString = (this.serdeContext?.utf8Encoder ?? import_util_utf8.toUtf8)(bytes); - const parsedObject = this.parseXml(xmlString); - return this.readSchema(schema, key ? parsedObject[key] : parsedObject); + if (input[_WIT] != null) { + entries[_WIT] = input[_WIT]; } - readSchema(_schema, value) { - const ns = import_schema5.NormalizedSchema.of(_schema); - const traits = ns.getMergedTraits(); - const schema = ns.getSchema(); - if (ns.isListSchema() && !Array.isArray(value)) { - return this.readSchema(schema, [value]); - } - if (value == null) { - return value; - } - if (typeof value === "object") { - const sparse = !!traits.sparse; - const flat = !!traits.xmlFlattened; - if (ns.isListSchema()) { - const listValue = ns.getValueSchema(); - const buffer2 = []; - const sourceKey = listValue.getMergedTraits().xmlName ?? "member"; - const source = flat ? value : (value[0] ?? value)[sourceKey]; - const sourceArray = Array.isArray(source) ? source : [source]; - for (const v of sourceArray) { - if (v != null || sparse) { - buffer2.push(this.readSchema(listValue, v)); - } - } - return buffer2; - } - const buffer = {}; - if (ns.isMapSchema()) { - const keyNs = ns.getKeySchema(); - const memberNs = ns.getValueSchema(); - let entries; - if (flat) { - entries = Array.isArray(value) ? value : [value]; - } else { - entries = Array.isArray(value.entry) ? value.entry : [value.entry]; - } - const keyProperty = keyNs.getMergedTraits().xmlName ?? "key"; - const valueProperty = memberNs.getMergedTraits().xmlName ?? "value"; - for (const entry of entries) { - const key = entry[keyProperty]; - const value2 = entry[valueProperty]; - if (value2 != null || sparse) { - buffer[key] = this.readSchema(memberNs, value2); - } - } - return buffer; - } - if (ns.isStructSchema()) { - for (const [memberName, memberSchema] of ns.structIterator()) { - const memberTraits = memberSchema.getMergedTraits(); - const xmlObjectKey = !memberTraits.httpPayload ? memberSchema.getMemberTraits().xmlName ?? memberName : memberTraits.xmlName ?? memberSchema.getName(); - if (value[xmlObjectKey] != null) { - buffer[memberName] = this.readSchema(memberSchema, value[xmlObjectKey]); - } - } - return buffer; - } - if (ns.isDocumentSchema()) { - return value; - } - throw new Error(`@aws-sdk/core/protocols - xml deserializer unhandled schema type for ${ns.getName(true)}`); - } else { - if (ns.isListSchema()) { - return []; - } else if (ns.isMapSchema() || ns.isStructSchema()) { - return {}; - } - return this.stringDeserializer.read(ns, value); - } + if (input[_PI] != null) { + entries[_PI] = input[_PI]; } - parseXml(xml) { - if (xml.length) { - const parser = new import_fast_xml_parser.XMLParser({ - attributeNamePrefix: "", - htmlEntities: true, - ignoreAttributes: false, - ignoreDeclaration: true, - parseTagValue: false, - trimValues: false, - tagValueProcessor: /* @__PURE__ */ __name((_, val) => val.trim() === "" && val.includes("\n") ? "" : void 0, "tagValueProcessor") - }); - parser.addEntity("#xD", "\r"); - parser.addEntity("#10", "\n"); - let parsedObj; - try { - parsedObj = parser.parse(xml, true); - } catch (e) { - if (e && typeof e === "object") { - Object.defineProperty(e, "$responseBodyText", { - value: xml - }); - } - throw e; - } - const textNodeName = "#text"; - const key = Object.keys(parsedObj)[0]; - const parsedObjToReturn = parsedObj[key]; - if (parsedObjToReturn[textNodeName]) { - parsedObjToReturn[key] = parsedObjToReturn[textNodeName]; - delete parsedObjToReturn[textNodeName]; - } - return (0, import_smithy_client3.getValueFromTextNode)(parsedObjToReturn); + if (input[_PA] != null) { + const memberEntries = se_policyDescriptorListType(input[_PA], context); + if (input[_PA]?.length === 0) { + entries.PolicyArns = []; } - return {}; + Object.entries(memberEntries).forEach(([key, value]) => { + const loc = `PolicyArns.${key}`; + entries[loc] = value; + }); } -}; - -// src/submodules/protocols/query/QueryShapeSerializer.ts -var import_protocols4 = __nccwpck_require__(2241); -var import_schema6 = __nccwpck_require__(9826); -var import_serde6 = __nccwpck_require__(7669); -var import_smithy_client4 = __nccwpck_require__(3570); -var import_util_base642 = __nccwpck_require__(5600); -var QueryShapeSerializer = class extends SerdeContextConfig { - constructor(settings) { - super(); - this.settings = settings; + if (input[_P] != null) { + entries[_P] = input[_P]; } - static { - __name(this, "QueryShapeSerializer"); + if (input[_DS] != null) { + entries[_DS] = input[_DS]; } - buffer; - write(schema, value, prefix = "") { - if (this.buffer === void 0) { - this.buffer = ""; - } - const ns = import_schema6.NormalizedSchema.of(schema); - if (prefix && !prefix.endsWith(".")) { - prefix += "."; - } - if (ns.isBlobSchema()) { - if (typeof value === "string" || value instanceof Uint8Array) { - this.writeKey(prefix); - this.writeValue((this.serdeContext?.base64Encoder ?? import_util_base642.toBase64)(value)); - } - } else if (ns.isBooleanSchema() || ns.isNumericSchema() || ns.isStringSchema()) { - if (value != null) { - this.writeKey(prefix); - this.writeValue(String(value)); - } - } else if (ns.isBigIntegerSchema()) { - if (value != null) { - this.writeKey(prefix); - this.writeValue(String(value)); - } - } else if (ns.isBigDecimalSchema()) { - if (value != null) { - this.writeKey(prefix); - this.writeValue(value instanceof import_serde6.NumericValue ? value.string : String(value)); - } - } else if (ns.isTimestampSchema()) { - if (value instanceof Date) { - this.writeKey(prefix); - const format = (0, import_protocols4.determineTimestampFormat)(ns, this.settings); - switch (format) { - case import_schema6.SCHEMA.TIMESTAMP_DATE_TIME: - this.writeValue(value.toISOString().replace(".000Z", "Z")); - break; - case import_schema6.SCHEMA.TIMESTAMP_HTTP_DATE: - this.writeValue((0, import_smithy_client4.dateToUtcString)(value)); - break; - case import_schema6.SCHEMA.TIMESTAMP_EPOCH_SECONDS: - this.writeValue(String(value.getTime() / 1e3)); - break; - } - } - } else if (ns.isDocumentSchema()) { - throw new Error(`@aws-sdk/core/protocols - QuerySerializer unsupported document type ${ns.getName(true)}`); - } else if (ns.isListSchema()) { - if (Array.isArray(value)) { - if (value.length === 0) { - if (this.settings.serializeEmptyLists) { - this.writeKey(prefix); - this.writeValue(""); - } - } else { - const member = ns.getValueSchema(); - const flat = this.settings.flattenLists || ns.getMergedTraits().xmlFlattened; - let i = 1; - for (const item of value) { - if (item == null) { - continue; - } - const suffix = this.getKey("member", member.getMergedTraits().xmlName); - const key = flat ? `${prefix}${i}` : `${prefix}${suffix}.${i}`; - this.write(member, item, key); - ++i; - } - } - } - } else if (ns.isMapSchema()) { - if (value && typeof value === "object") { - const keySchema = ns.getKeySchema(); - const memberSchema = ns.getValueSchema(); - const flat = ns.getMergedTraits().xmlFlattened; - let i = 1; - for (const [k, v] of Object.entries(value)) { - if (v == null) { - continue; - } - const keySuffix = this.getKey("key", keySchema.getMergedTraits().xmlName); - const key = flat ? `${prefix}${i}.${keySuffix}` : `${prefix}entry.${i}.${keySuffix}`; - const valueSuffix = this.getKey("value", memberSchema.getMergedTraits().xmlName); - const valueKey = flat ? `${prefix}${i}.${valueSuffix}` : `${prefix}entry.${i}.${valueSuffix}`; - this.write(keySchema, k, key); - this.write(memberSchema, v, valueKey); - ++i; - } - } - } else if (ns.isStructSchema()) { - if (value && typeof value === "object") { - for (const [memberName, member] of ns.structIterator()) { - if (value[memberName] == null) { - continue; - } - const suffix = this.getKey(memberName, member.getMergedTraits().xmlName); - const key = `${prefix}${suffix}`; - this.write(member, value[memberName], key); - } - } - } else if (ns.isUnitSchema()) { - } else { - throw new Error(`@aws-sdk/core/protocols - QuerySerializer unrecognized schema type ${ns.getName(true)}`); + return entries; +}, "se_AssumeRoleWithWebIdentityRequest"); +var se_policyDescriptorListType = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + let counter = 1; + for (const entry of input) { + if (entry === null) { + continue; } + const memberEntries = se_PolicyDescriptorType(entry, context); + Object.entries(memberEntries).forEach(([key, value]) => { + entries[`member.${counter}.${key}`] = value; + }); + counter++; } - flush() { - if (this.buffer === void 0) { - throw new Error("@aws-sdk/core/protocols - QuerySerializer cannot flush with nothing written to buffer."); + return entries; +}, "se_policyDescriptorListType"); +var se_PolicyDescriptorType = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + if (input[_a] != null) { + entries[_a] = input[_a]; + } + return entries; +}, "se_PolicyDescriptorType"); +var se_ProvidedContext = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + if (input[_PAr] != null) { + entries[_PAr] = input[_PAr]; + } + if (input[_CA] != null) { + entries[_CA] = input[_CA]; + } + return entries; +}, "se_ProvidedContext"); +var se_ProvidedContextsListType = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + let counter = 1; + for (const entry of input) { + if (entry === null) { + continue; } - const str = this.buffer; - delete this.buffer; - return str; + const memberEntries = se_ProvidedContext(entry, context); + Object.entries(memberEntries).forEach(([key, value]) => { + entries[`member.${counter}.${key}`] = value; + }); + counter++; } - getKey(memberName, xmlName) { - const key = xmlName ?? memberName; - if (this.settings.capitalizeKeys) { - return key[0].toUpperCase() + key.slice(1); + return entries; +}, "se_ProvidedContextsListType"); +var se_Tag = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + if (input[_K] != null) { + entries[_K] = input[_K]; + } + if (input[_Va] != null) { + entries[_Va] = input[_Va]; + } + return entries; +}, "se_Tag"); +var se_tagKeyListType = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + let counter = 1; + for (const entry of input) { + if (entry === null) { + continue; } - return key; + entries[`member.${counter}`] = entry; + counter++; } - writeKey(key) { - if (key.endsWith(".")) { - key = key.slice(0, key.length - 1); + return entries; +}, "se_tagKeyListType"); +var se_tagListType = /* @__PURE__ */ __name((input, context) => { + const entries = {}; + let counter = 1; + for (const entry of input) { + if (entry === null) { + continue; } - this.buffer += `&${(0, import_protocols4.extendedEncodeURIComponent)(key)}=`; + const memberEntries = se_Tag(entry, context); + Object.entries(memberEntries).forEach(([key, value]) => { + entries[`member.${counter}.${key}`] = value; + }); + counter++; } - writeValue(value) { - this.buffer += (0, import_protocols4.extendedEncodeURIComponent)(value); + return entries; +}, "se_tagListType"); +var de_AssumedRoleUser = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_ARI] != null) { + contents[_ARI] = (0, import_smithy_client3.expectString)(output[_ARI]); } -}; - -// src/submodules/protocols/query/AwsQueryProtocol.ts -var AwsQueryProtocol = class extends import_protocols5.RpcProtocol { - constructor(options) { - super({ - defaultNamespace: options.defaultNamespace - }); - this.options = options; - const settings = { - timestampFormat: { - useTrait: true, - default: import_schema7.SCHEMA.TIMESTAMP_DATE_TIME - }, - httpBindings: false, - xmlNamespace: options.xmlNamespace, - serviceNamespace: options.defaultNamespace, - serializeEmptyLists: true - }; - this.serializer = new QueryShapeSerializer(settings); - this.deserializer = new XmlShapeDeserializer(settings); + if (output[_Ar] != null) { + contents[_Ar] = (0, import_smithy_client3.expectString)(output[_Ar]); } - static { - __name(this, "AwsQueryProtocol"); + return contents; +}, "de_AssumedRoleUser"); +var de_AssumeRoleResponse = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_C] != null) { + contents[_C] = de_Credentials(output[_C], context); } - serializer; - deserializer; - getShapeId() { - return "aws.protocols#awsQuery"; + if (output[_ARU] != null) { + contents[_ARU] = de_AssumedRoleUser(output[_ARU], context); } - setSerdeContext(serdeContext) { - this.serializer.setSerdeContext(serdeContext); - this.deserializer.setSerdeContext(serdeContext); + if (output[_PPS] != null) { + contents[_PPS] = (0, import_smithy_client3.strictParseInt32)(output[_PPS]); } - getPayloadCodec() { - throw new Error("AWSQuery protocol has no payload codec."); + if (output[_SI] != null) { + contents[_SI] = (0, import_smithy_client3.expectString)(output[_SI]); } - async serializeRequest(operationSchema, input, context) { - const request = await super.serializeRequest(operationSchema, input, context); - if (!request.path.endsWith("/")) { - request.path += "/"; - } - Object.assign(request.headers, { - "content-type": `application/x-www-form-urlencoded` - }); - if ((0, import_schema7.deref)(operationSchema.input) === "unit" || !request.body) { - request.body = ""; - } - request.body = `Action=${operationSchema.name.split("#")[1]}&Version=${this.options.version}` + request.body; - if (request.body.endsWith("&")) { - request.body = request.body.slice(-1); - } - try { - request.headers["content-length"] = String((0, import_util_body_length_browser3.calculateBodyLength)(request.body)); - } catch (e) { - } - return request; + return contents; +}, "de_AssumeRoleResponse"); +var de_AssumeRoleWithWebIdentityResponse = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_C] != null) { + contents[_C] = de_Credentials(output[_C], context); } - async deserializeResponse(operationSchema, context, response) { - const deserializer = this.deserializer; - const ns = import_schema7.NormalizedSchema.of(operationSchema.output); - const dataObject = {}; - if (response.statusCode >= 300) { - const bytes2 = await (0, import_protocols5.collectBody)(response.body, context); - if (bytes2.byteLength > 0) { - Object.assign(dataObject, await deserializer.read(import_schema7.SCHEMA.DOCUMENT, bytes2)); - } - await this.handleError(operationSchema, context, response, dataObject, this.deserializeMetadata(response)); - } - for (const header in response.headers) { - const value = response.headers[header]; - delete response.headers[header]; - response.headers[header.toLowerCase()] = value; - } - const awsQueryResultKey = ns.isStructSchema() && this.useNestedResult() ? operationSchema.name.split("#")[1] + "Result" : void 0; - const bytes = await (0, import_protocols5.collectBody)(response.body, context); - if (bytes.byteLength > 0) { - Object.assign(dataObject, await deserializer.read(ns, bytes, awsQueryResultKey)); - } - const output = { - $metadata: this.deserializeMetadata(response), - ...dataObject - }; - return output; + if (output[_SFWIT] != null) { + contents[_SFWIT] = (0, import_smithy_client3.expectString)(output[_SFWIT]); } - /** - * EC2 Query overrides this. - */ - useNestedResult() { - return true; + if (output[_ARU] != null) { + contents[_ARU] = de_AssumedRoleUser(output[_ARU], context); } - async handleError(operationSchema, context, response, dataObject, metadata) { - const errorIdentifier = this.loadQueryErrorCode(response, dataObject) ?? "Unknown"; - let namespace = this.options.defaultNamespace; - let errorName = errorIdentifier; - if (errorIdentifier.includes("#")) { - [namespace, errorName] = errorIdentifier.split("#"); - } - const errorDataSource = this.loadQueryError(dataObject); - const registry = import_schema7.TypeRegistry.for(namespace); - let errorSchema; - try { - errorSchema = registry.find( - (schema) => import_schema7.NormalizedSchema.of(schema).getMergedTraits().awsQueryError?.[0] === errorName - ); - if (!errorSchema) { - errorSchema = registry.getSchema(errorIdentifier); - } - } catch (e) { - const baseExceptionSchema = import_schema7.TypeRegistry.for("smithy.ts.sdk.synthetic." + namespace).getBaseException(); - if (baseExceptionSchema) { - const ErrorCtor = baseExceptionSchema.ctor; - throw Object.assign(new ErrorCtor(errorName), errorDataSource); - } - throw new Error(errorName); - } - const ns = import_schema7.NormalizedSchema.of(errorSchema); - const message = this.loadQueryErrorMessage(dataObject); - const exception = new errorSchema.ctor(message); - const output = {}; - for (const [name, member] of ns.structIterator()) { - const target = member.getMergedTraits().xmlName ?? name; - const value = errorDataSource[target] ?? dataObject[target]; - output[name] = this.deserializer.readSchema(member, value); - } - Object.assign(exception, { - $metadata: metadata, - $response: response, - $fault: ns.getMergedTraits().error, - message, - ...output - }); - throw exception; + if (output[_PPS] != null) { + contents[_PPS] = (0, import_smithy_client3.strictParseInt32)(output[_PPS]); } - /** - * The variations in the error and error message locations are attributed to - * divergence between AWS Query and EC2 Query behavior. - */ - loadQueryErrorCode(output, data) { - const code = (data.Errors?.[0]?.Error ?? data.Errors?.Error ?? data.Error)?.Code; - if (code !== void 0) { - return code; - } - if (output.statusCode == 404) { - return "NotFound"; - } + if (output[_Pr] != null) { + contents[_Pr] = (0, import_smithy_client3.expectString)(output[_Pr]); } - loadQueryError(data) { - return data.Errors?.[0]?.Error ?? data.Errors?.Error ?? data.Error; + if (output[_Au] != null) { + contents[_Au] = (0, import_smithy_client3.expectString)(output[_Au]); } - loadQueryErrorMessage(data) { - const errorData = this.loadQueryError(data); - return errorData?.message ?? errorData?.Message ?? data.message ?? data.Message ?? "Unknown"; + if (output[_SI] != null) { + contents[_SI] = (0, import_smithy_client3.expectString)(output[_SI]); } -}; - -// src/submodules/protocols/query/AwsEc2QueryProtocol.ts -var AwsEc2QueryProtocol = class extends AwsQueryProtocol { - constructor(options) { - super(options); - this.options = options; - const ec2Settings = { - capitalizeKeys: true, - flattenLists: true, - serializeEmptyLists: false - }; - Object.assign(this.serializer.settings, ec2Settings); + return contents; +}, "de_AssumeRoleWithWebIdentityResponse"); +var de_Credentials = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_AKI] != null) { + contents[_AKI] = (0, import_smithy_client3.expectString)(output[_AKI]); } - static { - __name(this, "AwsEc2QueryProtocol"); + if (output[_SAK] != null) { + contents[_SAK] = (0, import_smithy_client3.expectString)(output[_SAK]); } - /** - * EC2 Query reads XResponse.XResult instead of XResponse directly. - */ - useNestedResult() { - return false; + if (output[_ST] != null) { + contents[_ST] = (0, import_smithy_client3.expectString)(output[_ST]); } -}; - -// src/submodules/protocols/xml/AwsRestXmlProtocol.ts -var import_protocols6 = __nccwpck_require__(2241); -var import_schema9 = __nccwpck_require__(9826); -var import_util_body_length_browser4 = __nccwpck_require__(713); - -// src/submodules/protocols/xml/parseXmlBody.ts -var import_smithy_client5 = __nccwpck_require__(3570); -var import_fast_xml_parser2 = __nccwpck_require__(7773); -var parseXmlBody = /* @__PURE__ */ __name((streamBody, context) => collectBodyString(streamBody, context).then((encoded) => { - if (encoded.length) { - const parser = new import_fast_xml_parser2.XMLParser({ - attributeNamePrefix: "", - htmlEntities: true, - ignoreAttributes: false, - ignoreDeclaration: true, - parseTagValue: false, - trimValues: false, - tagValueProcessor: /* @__PURE__ */ __name((_, val) => val.trim() === "" && val.includes("\n") ? "" : void 0, "tagValueProcessor") - }); - parser.addEntity("#xD", "\r"); - parser.addEntity("#10", "\n"); - let parsedObj; - try { - parsedObj = parser.parse(encoded, true); - } catch (e) { - if (e && typeof e === "object") { - Object.defineProperty(e, "$responseBodyText", { - value: encoded - }); - } - throw e; - } - const textNodeName = "#text"; - const key = Object.keys(parsedObj)[0]; - const parsedObjToReturn = parsedObj[key]; - if (parsedObjToReturn[textNodeName]) { - parsedObjToReturn[key] = parsedObjToReturn[textNodeName]; - delete parsedObjToReturn[textNodeName]; - } - return (0, import_smithy_client5.getValueFromTextNode)(parsedObjToReturn); + if (output[_E] != null) { + contents[_E] = (0, import_smithy_client3.expectNonNull)((0, import_smithy_client3.parseRfc3339DateTimeWithOffset)(output[_E])); } - return {}; -}), "parseXmlBody"); -var parseXmlErrorBody = /* @__PURE__ */ __name(async (errorBody, context) => { - const value = await parseXmlBody(errorBody, context); - if (value.Error) { - value.Error.message = value.Error.message ?? value.Error.Message; + return contents; +}, "de_Credentials"); +var de_ExpiredTokenException = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_m] != null) { + contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); } - return value; -}, "parseXmlErrorBody"); -var loadRestXmlErrorCode = /* @__PURE__ */ __name((output, data) => { - if (data?.Error?.Code !== void 0) { - return data.Error.Code; + return contents; +}, "de_ExpiredTokenException"); +var de_IDPCommunicationErrorException = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_m] != null) { + contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); } - if (data?.Code !== void 0) { - return data.Code; + return contents; +}, "de_IDPCommunicationErrorException"); +var de_IDPRejectedClaimException = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_m] != null) { + contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); + } + return contents; +}, "de_IDPRejectedClaimException"); +var de_InvalidIdentityTokenException = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_m] != null) { + contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); + } + return contents; +}, "de_InvalidIdentityTokenException"); +var de_MalformedPolicyDocumentException = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_m] != null) { + contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); + } + return contents; +}, "de_MalformedPolicyDocumentException"); +var de_PackedPolicyTooLargeException = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_m] != null) { + contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); + } + return contents; +}, "de_PackedPolicyTooLargeException"); +var de_RegionDisabledException = /* @__PURE__ */ __name((output, context) => { + const contents = {}; + if (output[_m] != null) { + contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); + } + return contents; +}, "de_RegionDisabledException"); +var deserializeMetadata = /* @__PURE__ */ __name((output) => ({ + httpStatusCode: output.statusCode, + requestId: output.headers["x-amzn-requestid"] ?? output.headers["x-amzn-request-id"] ?? output.headers["x-amz-request-id"], + extendedRequestId: output.headers["x-amz-id-2"], + cfId: output.headers["x-amz-cf-id"] +}), "deserializeMetadata"); +var throwDefaultError = (0, import_smithy_client3.withBaseException)(STSServiceException); +var buildHttpRpcRequest = /* @__PURE__ */ __name(async (context, headers, path, resolvedHostname, body) => { + const { hostname, protocol = "https", port, path: basePath } = await context.endpoint(); + const contents = { + protocol, + hostname, + port, + method: "POST", + path: basePath.endsWith("/") ? basePath.slice(0, -1) + path : basePath + path, + headers + }; + if (resolvedHostname !== void 0) { + contents.hostname = resolvedHostname; + } + if (body !== void 0) { + contents.body = body; + } + return new import_protocol_http.HttpRequest(contents); +}, "buildHttpRpcRequest"); +var SHARED_HEADERS = { + "content-type": "application/x-www-form-urlencoded" +}; +var _ = "2011-06-15"; +var _A = "Action"; +var _AKI = "AccessKeyId"; +var _AR = "AssumeRole"; +var _ARI = "AssumedRoleId"; +var _ARU = "AssumedRoleUser"; +var _ARWWI = "AssumeRoleWithWebIdentity"; +var _Ar = "Arn"; +var _Au = "Audience"; +var _C = "Credentials"; +var _CA = "ContextAssertion"; +var _DS = "DurationSeconds"; +var _E = "Expiration"; +var _EI = "ExternalId"; +var _K = "Key"; +var _P = "Policy"; +var _PA = "PolicyArns"; +var _PAr = "ProviderArn"; +var _PC = "ProvidedContexts"; +var _PI = "ProviderId"; +var _PPS = "PackedPolicySize"; +var _Pr = "Provider"; +var _RA = "RoleArn"; +var _RSN = "RoleSessionName"; +var _SAK = "SecretAccessKey"; +var _SFWIT = "SubjectFromWebIdentityToken"; +var _SI = "SourceIdentity"; +var _SN = "SerialNumber"; +var _ST = "SessionToken"; +var _T = "Tags"; +var _TC = "TokenCode"; +var _TTK = "TransitiveTagKeys"; +var _V = "Version"; +var _Va = "Value"; +var _WIT = "WebIdentityToken"; +var _a = "arn"; +var _m = "message"; +var buildFormUrlencodedString = /* @__PURE__ */ __name((formEntries) => Object.entries(formEntries).map(([key, value]) => (0, import_smithy_client3.extendedEncodeURIComponent)(key) + "=" + (0, import_smithy_client3.extendedEncodeURIComponent)(value)).join("&"), "buildFormUrlencodedString"); +var loadQueryErrorCode = /* @__PURE__ */ __name((output, data) => { + if (data.Error?.Code !== void 0) { + return data.Error.Code; } if (output.statusCode == 404) { return "NotFound"; } -}, "loadRestXmlErrorCode"); +}, "loadQueryErrorCode"); -// src/submodules/protocols/xml/XmlShapeSerializer.ts -var import_xml_builder = __nccwpck_require__(2329); -var import_schema8 = __nccwpck_require__(9826); -var import_serde7 = __nccwpck_require__(7669); -var import_smithy_client6 = __nccwpck_require__(3570); -var import_util_base643 = __nccwpck_require__(5600); -var XmlShapeSerializer = class extends SerdeContextConfig { - constructor(settings) { - super(); - this.settings = settings; - } +// src/submodules/sts/commands/AssumeRoleCommand.ts +var AssumeRoleCommand = class extends import_smithy_client4.Command.classBuilder().ep(import_EndpointParameters.commonParams).m(function(Command, cs, config, o) { + return [ + (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), + (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) + ]; +}).s("AWSSecurityTokenServiceV20110615", "AssumeRole", {}).n("STSClient", "AssumeRoleCommand").f(void 0, AssumeRoleResponseFilterSensitiveLog).ser(se_AssumeRoleCommand).de(de_AssumeRoleCommand).build() { static { - __name(this, "XmlShapeSerializer"); + __name(this, "AssumeRoleCommand"); } - stringBuffer; - byteBuffer; - buffer; - write(schema, value) { - const ns = import_schema8.NormalizedSchema.of(schema); - if (ns.isStringSchema() && typeof value === "string") { - this.stringBuffer = value; - } else if (ns.isBlobSchema()) { - this.byteBuffer = "byteLength" in value ? value : (this.serdeContext?.base64Decoder ?? import_util_base643.fromBase64)(value); - } else { - this.buffer = this.writeStruct(ns, value, void 0); - const traits = ns.getMergedTraits(); - if (traits.httpPayload && !traits.xmlName) { - this.buffer.withName(ns.getName()); - } - } +}; + +// src/submodules/sts/commands/AssumeRoleWithWebIdentityCommand.ts +var import_middleware_endpoint2 = __nccwpck_require__(2918); +var import_middleware_serde2 = __nccwpck_require__(1238); +var import_smithy_client5 = __nccwpck_require__(3570); +var import_EndpointParameters2 = __nccwpck_require__(981); +var AssumeRoleWithWebIdentityCommand = class extends import_smithy_client5.Command.classBuilder().ep(import_EndpointParameters2.commonParams).m(function(Command, cs, config, o) { + return [ + (0, import_middleware_serde2.getSerdePlugin)(config, this.serialize, this.deserialize), + (0, import_middleware_endpoint2.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) + ]; +}).s("AWSSecurityTokenServiceV20110615", "AssumeRoleWithWebIdentity", {}).n("STSClient", "AssumeRoleWithWebIdentityCommand").f(AssumeRoleWithWebIdentityRequestFilterSensitiveLog, AssumeRoleWithWebIdentityResponseFilterSensitiveLog).ser(se_AssumeRoleWithWebIdentityCommand).de(de_AssumeRoleWithWebIdentityCommand).build() { + static { + __name(this, "AssumeRoleWithWebIdentityCommand"); } - flush() { - if (this.byteBuffer !== void 0) { - const bytes = this.byteBuffer; - delete this.byteBuffer; - return bytes; - } - if (this.stringBuffer !== void 0) { - const str = this.stringBuffer; - delete this.stringBuffer; - return str; - } - const buffer = this.buffer; - if (this.settings.xmlNamespace) { - if (!buffer?.attributes?.["xmlns"]) { - buffer.addAttribute("xmlns", this.settings.xmlNamespace); - } - } - delete this.buffer; - return buffer.toString(); +}; + +// src/submodules/sts/STS.ts +var import_STSClient = __nccwpck_require__(6878); +var commands = { + AssumeRoleCommand, + AssumeRoleWithWebIdentityCommand +}; +var STS = class extends import_STSClient.STSClient { + static { + __name(this, "STS"); } - writeStruct(ns, value, parentXmlns) { - const traits = ns.getMergedTraits(); - const name = ns.isMemberSchema() && !traits.httpPayload ? ns.getMemberTraits().xmlName ?? ns.getMemberName() : traits.xmlName ?? ns.getName(); - if (!name || !ns.isStructSchema()) { - throw new Error( - `@aws-sdk/core/protocols - xml serializer, cannot write struct with empty name or non-struct, schema=${ns.getName( - true - )}.` - ); - } - const structXmlNode = import_xml_builder.XmlNode.of(name); - const [xmlnsAttr, xmlns] = this.getXmlnsAttribute(ns, parentXmlns); - if (xmlns) { - structXmlNode.addAttribute(xmlnsAttr, xmlns); - } - for (const [memberName, memberSchema] of ns.structIterator()) { - const val = value[memberName]; - if (val != null) { - if (memberSchema.getMergedTraits().xmlAttribute) { - structXmlNode.addAttribute( - memberSchema.getMergedTraits().xmlName ?? memberName, - this.writeSimple(memberSchema, val) - ); - continue; - } - if (memberSchema.isListSchema()) { - this.writeList(memberSchema, val, structXmlNode, xmlns); - } else if (memberSchema.isMapSchema()) { - this.writeMap(memberSchema, val, structXmlNode, xmlns); - } else if (memberSchema.isStructSchema()) { - structXmlNode.addChildNode(this.writeStruct(memberSchema, val, xmlns)); - } else { - const memberNode = import_xml_builder.XmlNode.of(memberSchema.getMergedTraits().xmlName ?? memberSchema.getMemberName()); - this.writeSimpleInto(memberSchema, val, memberNode, xmlns); - structXmlNode.addChildNode(memberNode); - } - } +}; +(0, import_smithy_client6.createAggregatedClient)(commands, STS); + +// src/submodules/sts/index.ts +var import_EndpointParameters3 = __nccwpck_require__(981); + +// src/submodules/sts/defaultStsRoleAssumers.ts +var import_client = __nccwpck_require__(6510); +var ASSUME_ROLE_DEFAULT_REGION = "us-east-1"; +var getAccountIdFromAssumedRoleUser = /* @__PURE__ */ __name((assumedRoleUser) => { + if (typeof assumedRoleUser?.Arn === "string") { + const arnComponents = assumedRoleUser.Arn.split(":"); + if (arnComponents.length > 4 && arnComponents[4] !== "") { + return arnComponents[4]; } - return structXmlNode; } - writeList(listMember, array, container, parentXmlns) { - if (!listMember.isMemberSchema()) { - throw new Error( - `@aws-sdk/core/protocols - xml serializer, cannot write non-member list: ${listMember.getName(true)}` + return void 0; +}, "getAccountIdFromAssumedRoleUser"); +var resolveRegion = /* @__PURE__ */ __name(async (_region, _parentRegion, credentialProviderLogger) => { + const region = typeof _region === "function" ? await _region() : _region; + const parentRegion = typeof _parentRegion === "function" ? await _parentRegion() : _parentRegion; + credentialProviderLogger?.debug?.( + "@aws-sdk/client-sts::resolveRegion", + "accepting first of:", + `${region} (provider)`, + `${parentRegion} (parent client)`, + `${ASSUME_ROLE_DEFAULT_REGION} (STS default)` + ); + return region ?? parentRegion ?? ASSUME_ROLE_DEFAULT_REGION; +}, "resolveRegion"); +var getDefaultRoleAssumer = /* @__PURE__ */ __name((stsOptions, STSClient3) => { + let stsClient; + let closureSourceCreds; + return async (sourceCreds, params) => { + closureSourceCreds = sourceCreds; + if (!stsClient) { + const { + logger = stsOptions?.parentClientConfig?.logger, + region, + requestHandler = stsOptions?.parentClientConfig?.requestHandler, + credentialProviderLogger + } = stsOptions; + const resolvedRegion = await resolveRegion( + region, + stsOptions?.parentClientConfig?.region, + credentialProviderLogger ); + const isCompatibleRequestHandler = !isH2(requestHandler); + stsClient = new STSClient3({ + profile: stsOptions?.parentClientConfig?.profile, + // A hack to make sts client uses the credential in current closure. + credentialDefaultProvider: /* @__PURE__ */ __name(() => async () => closureSourceCreds, "credentialDefaultProvider"), + region: resolvedRegion, + requestHandler: isCompatibleRequestHandler ? requestHandler : void 0, + logger + }); } - const listTraits = listMember.getMergedTraits(); - const listValueSchema = listMember.getValueSchema(); - const listValueTraits = listValueSchema.getMergedTraits(); - const sparse = !!listValueTraits.sparse; - const flat = !!listTraits.xmlFlattened; - const [xmlnsAttr, xmlns] = this.getXmlnsAttribute(listMember, parentXmlns); - const writeItem = /* @__PURE__ */ __name((container2, value) => { - if (listValueSchema.isListSchema()) { - this.writeList(listValueSchema, Array.isArray(value) ? value : [value], container2, xmlns); - } else if (listValueSchema.isMapSchema()) { - this.writeMap(listValueSchema, value, container2, xmlns); - } else if (listValueSchema.isStructSchema()) { - const struct = this.writeStruct(listValueSchema, value, xmlns); - container2.addChildNode( - struct.withName(flat ? listTraits.xmlName ?? listMember.getMemberName() : listValueTraits.xmlName ?? "member") - ); - } else { - const listItemNode = import_xml_builder.XmlNode.of( - flat ? listTraits.xmlName ?? listMember.getMemberName() : listValueTraits.xmlName ?? "member" - ); - this.writeSimpleInto(listValueSchema, value, listItemNode, xmlns); - container2.addChildNode(listItemNode); - } - }, "writeItem"); - if (flat) { - for (const value of array) { - if (sparse || value != null) { - writeItem(container, value); - } - } - } else { - const listNode = import_xml_builder.XmlNode.of(listTraits.xmlName ?? listMember.getMemberName()); - if (xmlns) { - listNode.addAttribute(xmlnsAttr, xmlns); - } - for (const value of array) { - if (sparse || value != null) { - writeItem(listNode, value); - } - } - container.addChildNode(listNode); + const { Credentials: Credentials2, AssumedRoleUser: AssumedRoleUser2 } = await stsClient.send(new AssumeRoleCommand(params)); + if (!Credentials2 || !Credentials2.AccessKeyId || !Credentials2.SecretAccessKey) { + throw new Error(`Invalid response from STS.assumeRole call with role ${params.RoleArn}`); } - } - writeMap(mapMember, map, container, parentXmlns, containerIsMap = false) { - if (!mapMember.isMemberSchema()) { - throw new Error( - `@aws-sdk/core/protocols - xml serializer, cannot write non-member map: ${mapMember.getName(true)}` + const accountId = getAccountIdFromAssumedRoleUser(AssumedRoleUser2); + const credentials = { + accessKeyId: Credentials2.AccessKeyId, + secretAccessKey: Credentials2.SecretAccessKey, + sessionToken: Credentials2.SessionToken, + expiration: Credentials2.Expiration, + // TODO(credentialScope): access normally when shape is updated. + ...Credentials2.CredentialScope && { credentialScope: Credentials2.CredentialScope }, + ...accountId && { accountId } + }; + (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_STS_ASSUME_ROLE", "i"); + return credentials; + }; +}, "getDefaultRoleAssumer"); +var getDefaultRoleAssumerWithWebIdentity = /* @__PURE__ */ __name((stsOptions, STSClient3) => { + let stsClient; + return async (params) => { + if (!stsClient) { + const { + logger = stsOptions?.parentClientConfig?.logger, + region, + requestHandler = stsOptions?.parentClientConfig?.requestHandler, + credentialProviderLogger + } = stsOptions; + const resolvedRegion = await resolveRegion( + region, + stsOptions?.parentClientConfig?.region, + credentialProviderLogger ); + const isCompatibleRequestHandler = !isH2(requestHandler); + stsClient = new STSClient3({ + profile: stsOptions?.parentClientConfig?.profile, + region: resolvedRegion, + requestHandler: isCompatibleRequestHandler ? requestHandler : void 0, + logger + }); } - const mapTraits = mapMember.getMergedTraits(); - const mapKeySchema = mapMember.getKeySchema(); - const mapKeyTraits = mapKeySchema.getMergedTraits(); - const keyTag = mapKeyTraits.xmlName ?? "key"; - const mapValueSchema = mapMember.getValueSchema(); - const mapValueTraits = mapValueSchema.getMergedTraits(); - const valueTag = mapValueTraits.xmlName ?? "value"; - const sparse = !!mapValueTraits.sparse; - const flat = !!mapTraits.xmlFlattened; - const [xmlnsAttr, xmlns] = this.getXmlnsAttribute(mapMember, parentXmlns); - const addKeyValue = /* @__PURE__ */ __name((entry, key, val) => { - const keyNode = import_xml_builder.XmlNode.of(keyTag, key); - const [keyXmlnsAttr, keyXmlns] = this.getXmlnsAttribute(mapKeySchema, xmlns); - if (keyXmlns) { - keyNode.addAttribute(keyXmlnsAttr, keyXmlns); - } - entry.addChildNode(keyNode); - let valueNode = import_xml_builder.XmlNode.of(valueTag); - if (mapValueSchema.isListSchema()) { - this.writeList(mapValueSchema, val, valueNode, xmlns); - } else if (mapValueSchema.isMapSchema()) { - this.writeMap(mapValueSchema, val, valueNode, xmlns, true); - } else if (mapValueSchema.isStructSchema()) { - valueNode = this.writeStruct(mapValueSchema, val, xmlns); - } else { - this.writeSimpleInto(mapValueSchema, val, valueNode, xmlns); - } - entry.addChildNode(valueNode); - }, "addKeyValue"); - if (flat) { - for (const [key, val] of Object.entries(map)) { - if (sparse || val != null) { - const entry = import_xml_builder.XmlNode.of(mapTraits.xmlName ?? mapMember.getMemberName()); - addKeyValue(entry, key, val); - container.addChildNode(entry); - } - } - } else { - let mapNode; - if (!containerIsMap) { - mapNode = import_xml_builder.XmlNode.of(mapTraits.xmlName ?? mapMember.getMemberName()); - if (xmlns) { - mapNode.addAttribute(xmlnsAttr, xmlns); - } - container.addChildNode(mapNode); - } - for (const [key, val] of Object.entries(map)) { - if (sparse || val != null) { - const entry = import_xml_builder.XmlNode.of("entry"); - addKeyValue(entry, key, val); - (containerIsMap ? container : mapNode).addChildNode(entry); - } - } + const { Credentials: Credentials2, AssumedRoleUser: AssumedRoleUser2 } = await stsClient.send(new AssumeRoleWithWebIdentityCommand(params)); + if (!Credentials2 || !Credentials2.AccessKeyId || !Credentials2.SecretAccessKey) { + throw new Error(`Invalid response from STS.assumeRoleWithWebIdentity call with role ${params.RoleArn}`); } - } - writeSimple(_schema, value) { - if (null === value) { - throw new Error("@aws-sdk/core/protocols - (XML serializer) cannot write null value."); + const accountId = getAccountIdFromAssumedRoleUser(AssumedRoleUser2); + const credentials = { + accessKeyId: Credentials2.AccessKeyId, + secretAccessKey: Credentials2.SecretAccessKey, + sessionToken: Credentials2.SessionToken, + expiration: Credentials2.Expiration, + // TODO(credentialScope): access normally when shape is updated. + ...Credentials2.CredentialScope && { credentialScope: Credentials2.CredentialScope }, + ...accountId && { accountId } + }; + if (accountId) { + (0, import_client.setCredentialFeature)(credentials, "RESOLVED_ACCOUNT_ID", "T"); } - const ns = import_schema8.NormalizedSchema.of(_schema); - let nodeContents = null; - if (value && typeof value === "object") { - if (ns.isBlobSchema()) { - nodeContents = (this.serdeContext?.base64Encoder ?? import_util_base643.toBase64)(value); - } else if (ns.isTimestampSchema() && value instanceof Date) { - const options = this.settings.timestampFormat; - const format = options.useTrait ? ns.getSchema() === import_schema8.SCHEMA.TIMESTAMP_DEFAULT ? options.default : ns.getSchema() ?? options.default : options.default; - switch (format) { - case import_schema8.SCHEMA.TIMESTAMP_DATE_TIME: - nodeContents = value.toISOString().replace(".000Z", "Z"); - break; - case import_schema8.SCHEMA.TIMESTAMP_HTTP_DATE: - nodeContents = (0, import_smithy_client6.dateToUtcString)(value); - break; - case import_schema8.SCHEMA.TIMESTAMP_EPOCH_SECONDS: - nodeContents = String(value.getTime() / 1e3); - break; - default: - console.warn("Missing timestamp format, using http date", value); - nodeContents = (0, import_smithy_client6.dateToUtcString)(value); - break; - } - } else if (ns.isBigDecimalSchema() && value) { - if (value instanceof import_serde7.NumericValue) { - return value.string; + (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_STS_ASSUME_ROLE_WEB_ID", "k"); + return credentials; + }; +}, "getDefaultRoleAssumerWithWebIdentity"); +var isH2 = /* @__PURE__ */ __name((requestHandler) => { + return requestHandler?.metadata?.handlerProtocol === "h2"; +}, "isH2"); + +// src/submodules/sts/defaultRoleAssumers.ts +var import_STSClient2 = __nccwpck_require__(6878); +var getCustomizableStsClientCtor = /* @__PURE__ */ __name((baseCtor, customizations) => { + if (!customizations) return baseCtor; + else + return class CustomizableSTSClient extends baseCtor { + static { + __name(this, "CustomizableSTSClient"); + } + constructor(config) { + super(config); + for (const customization of customizations) { + this.middlewareStack.use(customization); } - return String(value); - } else if (ns.isMapSchema() || ns.isListSchema()) { - throw new Error( - "@aws-sdk/core/protocols - xml serializer, cannot call _write() on List/Map schema, call writeList or writeMap() instead." - ); - } else { - throw new Error( - `@aws-sdk/core/protocols - xml serializer, unhandled schema type for object value and schema: ${ns.getName( - true - )}` - ); } - } - if (ns.isStringSchema() || ns.isBooleanSchema() || ns.isNumericSchema() || ns.isBigIntegerSchema() || ns.isBigDecimalSchema()) { - nodeContents = String(value); - } - if (nodeContents === null) { - throw new Error(`Unhandled schema-value pair ${ns.getName(true)}=${value}`); - } - return nodeContents; - } - writeSimpleInto(_schema, value, into, parentXmlns) { - const nodeContents = this.writeSimple(_schema, value); - const ns = import_schema8.NormalizedSchema.of(_schema); - const content = new import_xml_builder.XmlText(nodeContents); - const [xmlnsAttr, xmlns] = this.getXmlnsAttribute(ns, parentXmlns); - if (xmlns) { - into.addAttribute(xmlnsAttr, xmlns); - } - into.addChildNode(content); - } - getXmlnsAttribute(ns, parentXmlns) { - const traits = ns.getMergedTraits(); - const [prefix, xmlns] = traits.xmlNamespace ?? []; - if (xmlns && xmlns !== parentXmlns) { - return [prefix ? `xmlns:${prefix}` : "xmlns", xmlns]; - } - return [void 0, void 0]; - } + }; +}, "getCustomizableStsClientCtor"); +var getDefaultRoleAssumer2 = /* @__PURE__ */ __name((stsOptions = {}, stsPlugins) => getDefaultRoleAssumer(stsOptions, getCustomizableStsClientCtor(import_STSClient2.STSClient, stsPlugins)), "getDefaultRoleAssumer"); +var getDefaultRoleAssumerWithWebIdentity2 = /* @__PURE__ */ __name((stsOptions = {}, stsPlugins) => getDefaultRoleAssumerWithWebIdentity(stsOptions, getCustomizableStsClientCtor(import_STSClient2.STSClient, stsPlugins)), "getDefaultRoleAssumerWithWebIdentity"); +var decorateDefaultCredentialProvider = /* @__PURE__ */ __name((provider) => (input) => provider({ + roleAssumer: getDefaultRoleAssumer2(input), + roleAssumerWithWebIdentity: getDefaultRoleAssumerWithWebIdentity2(input), + ...input +}), "decorateDefaultCredentialProvider"); +// Annotate the CommonJS export names for ESM import in node: +0 && (0); + + +/***/ }), + +/***/ 302: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.getRuntimeConfig = void 0; +const tslib_1 = __nccwpck_require__(4351); +const package_json_1 = tslib_1.__importDefault(__nccwpck_require__(4178)); +const core_1 = __nccwpck_require__(2143); +const util_user_agent_node_1 = __nccwpck_require__(7330); +const config_resolver_1 = __nccwpck_require__(3098); +const core_2 = __nccwpck_require__(5829); +const hash_node_1 = __nccwpck_require__(3081); +const middleware_retry_1 = __nccwpck_require__(6039); +const node_config_provider_1 = __nccwpck_require__(3461); +const node_http_handler_1 = __nccwpck_require__(258); +const util_body_length_node_1 = __nccwpck_require__(8075); +const util_retry_1 = __nccwpck_require__(4902); +const runtimeConfig_shared_1 = __nccwpck_require__(9165); +const smithy_client_1 = __nccwpck_require__(3570); +const util_defaults_mode_node_1 = __nccwpck_require__(2429); +const smithy_client_2 = __nccwpck_require__(3570); +const getRuntimeConfig = (config) => { + (0, smithy_client_2.emitWarningIfUnsupportedVersion)(process.version); + const defaultsMode = (0, util_defaults_mode_node_1.resolveDefaultsModeConfig)(config); + const defaultConfigProvider = () => defaultsMode().then(smithy_client_1.loadConfigsForDefaultMode); + const clientSharedValues = (0, runtimeConfig_shared_1.getRuntimeConfig)(config); + (0, core_1.emitWarningIfUnsupportedVersion)(process.version); + const loaderConfig = { + profile: config?.profile, + logger: clientSharedValues.logger, + }; + return { + ...clientSharedValues, + ...config, + runtime: "node", + defaultsMode, + authSchemePreference: config?.authSchemePreference ?? (0, node_config_provider_1.loadConfig)(core_1.NODE_AUTH_SCHEME_PREFERENCE_OPTIONS, loaderConfig), + bodyLengthChecker: config?.bodyLengthChecker ?? util_body_length_node_1.calculateBodyLength, + defaultUserAgentProvider: config?.defaultUserAgentProvider ?? + (0, util_user_agent_node_1.createDefaultUserAgentProvider)({ serviceId: clientSharedValues.serviceId, clientVersion: package_json_1.default.version }), + httpAuthSchemes: config?.httpAuthSchemes ?? [ + { + schemeId: "aws.auth#sigv4", + identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4") || + (async (idProps) => await config.credentialDefaultProvider(idProps?.__config || {})()), + signer: new core_1.AwsSdkSigV4Signer(), + }, + { + schemeId: "smithy.api#noAuth", + identityProvider: (ipc) => ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})), + signer: new core_2.NoAuthSigner(), + }, + ], + maxAttempts: config?.maxAttempts ?? (0, node_config_provider_1.loadConfig)(middleware_retry_1.NODE_MAX_ATTEMPT_CONFIG_OPTIONS, config), + region: config?.region ?? + (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_REGION_CONFIG_OPTIONS, { ...config_resolver_1.NODE_REGION_CONFIG_FILE_OPTIONS, ...loaderConfig }), + requestHandler: node_http_handler_1.NodeHttpHandler.create(config?.requestHandler ?? defaultConfigProvider), + retryMode: config?.retryMode ?? + (0, node_config_provider_1.loadConfig)({ + ...middleware_retry_1.NODE_RETRY_MODE_CONFIG_OPTIONS, + default: async () => (await defaultConfigProvider()).retryMode || util_retry_1.DEFAULT_RETRY_MODE, + }, config), + sha256: config?.sha256 ?? hash_node_1.Hash.bind(null, "sha256"), + streamCollector: config?.streamCollector ?? node_http_handler_1.streamCollector, + useDualstackEndpoint: config?.useDualstackEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS, loaderConfig), + useFipsEndpoint: config?.useFipsEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS, loaderConfig), + userAgentAppId: config?.userAgentAppId ?? (0, node_config_provider_1.loadConfig)(util_user_agent_node_1.NODE_APP_ID_CONFIG_OPTIONS, loaderConfig), + }; }; +exports.getRuntimeConfig = getRuntimeConfig; -// src/submodules/protocols/xml/XmlCodec.ts -var XmlCodec = class extends SerdeContextConfig { - constructor(settings) { - super(); - this.settings = settings; - } - static { - __name(this, "XmlCodec"); - } - createSerializer() { - const serializer = new XmlShapeSerializer(this.settings); - serializer.setSerdeContext(this.serdeContext); - return serializer; - } - createDeserializer() { - const deserializer = new XmlShapeDeserializer(this.settings); - deserializer.setSerdeContext(this.serdeContext); - return deserializer; - } + +/***/ }), + +/***/ 9165: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.getRuntimeConfig = void 0; +const core_1 = __nccwpck_require__(2143); +const core_2 = __nccwpck_require__(5829); +const smithy_client_1 = __nccwpck_require__(3570); +const url_parser_1 = __nccwpck_require__(4681); +const util_base64_1 = __nccwpck_require__(5600); +const util_utf8_1 = __nccwpck_require__(1895); +const httpAuthSchemeProvider_1 = __nccwpck_require__(3061); +const endpointResolver_1 = __nccwpck_require__(8181); +const getRuntimeConfig = (config) => { + return { + apiVersion: "2011-06-15", + base64Decoder: config?.base64Decoder ?? util_base64_1.fromBase64, + base64Encoder: config?.base64Encoder ?? util_base64_1.toBase64, + disableHostPrefix: config?.disableHostPrefix ?? false, + endpointProvider: config?.endpointProvider ?? endpointResolver_1.defaultEndpointResolver, + extensions: config?.extensions ?? [], + httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? httpAuthSchemeProvider_1.defaultSTSHttpAuthSchemeProvider, + httpAuthSchemes: config?.httpAuthSchemes ?? [ + { + schemeId: "aws.auth#sigv4", + identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4"), + signer: new core_1.AwsSdkSigV4Signer(), + }, + { + schemeId: "smithy.api#noAuth", + identityProvider: (ipc) => ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})), + signer: new core_2.NoAuthSigner(), + }, + ], + logger: config?.logger ?? new smithy_client_1.NoOpLogger(), + serviceId: config?.serviceId ?? "STS", + urlParser: config?.urlParser ?? url_parser_1.parseUrl, + utf8Decoder: config?.utf8Decoder ?? util_utf8_1.fromUtf8, + utf8Encoder: config?.utf8Encoder ?? util_utf8_1.toUtf8, + }; }; +exports.getRuntimeConfig = getRuntimeConfig; -// src/submodules/protocols/xml/AwsRestXmlProtocol.ts -var AwsRestXmlProtocol = class extends import_protocols6.HttpBindingProtocol { - static { - __name(this, "AwsRestXmlProtocol"); - } - codec; - serializer; - deserializer; - constructor(options) { - super(options); - const settings = { - timestampFormat: { - useTrait: true, - default: import_schema9.SCHEMA.TIMESTAMP_DATE_TIME - }, - httpBindings: true, - xmlNamespace: options.xmlNamespace, - serviceNamespace: options.defaultNamespace - }; - this.codec = new XmlCodec(settings); - this.serializer = new import_protocols6.HttpInterceptingShapeSerializer(this.codec.createSerializer(), settings); - this.deserializer = new import_protocols6.HttpInterceptingShapeDeserializer(this.codec.createDeserializer(), settings); - } - getPayloadCodec() { - return this.codec; - } - getShapeId() { - return "aws.protocols#restXml"; - } - async serializeRequest(operationSchema, input, context) { - const request = await super.serializeRequest(operationSchema, input, context); - const ns = import_schema9.NormalizedSchema.of(operationSchema.input); - const members = ns.getMemberSchemas(); - request.path = String(request.path).split("/").filter((segment) => { - return segment !== "{Bucket}"; - }).join("/") || "/"; - if (!request.headers["content-type"]) { - const httpPayloadMember = Object.values(members).find((m) => { - return !!m.getMergedTraits().httpPayload; - }); - if (httpPayloadMember) { - const mediaType = httpPayloadMember.getMergedTraits().mediaType; - if (mediaType) { - request.headers["content-type"] = mediaType; - } else if (httpPayloadMember.isStringSchema()) { - request.headers["content-type"] = "text/plain"; - } else if (httpPayloadMember.isBlobSchema()) { - request.headers["content-type"] = "application/octet-stream"; - } else { - request.headers["content-type"] = "application/xml"; - } - } else if (!ns.isUnitSchema()) { - const hasBody = Object.values(members).find((m) => { - const { httpQuery, httpQueryParams, httpHeader, httpLabel, httpPrefixHeaders } = m.getMergedTraits(); - return !httpQuery && !httpQueryParams && !httpHeader && !httpLabel && httpPrefixHeaders === void 0; - }); - if (hasBody) { - request.headers["content-type"] = "application/xml"; - } - } - } - if (request.headers["content-type"] === "application/xml") { - if (typeof request.body === "string") { - request.body = '' + request.body; - } - } - if (request.body) { - try { - request.headers["content-length"] = String((0, import_util_body_length_browser4.calculateBodyLength)(request.body)); - } catch (e) { - } - } - return request; - } - async deserializeResponse(operationSchema, context, response) { - return super.deserializeResponse(operationSchema, context, response); - } - async handleError(operationSchema, context, response, dataObject, metadata) { - const errorIdentifier = loadRestXmlErrorCode(response, dataObject) ?? "Unknown"; - let namespace = this.options.defaultNamespace; - let errorName = errorIdentifier; - if (errorIdentifier.includes("#")) { - [namespace, errorName] = errorIdentifier.split("#"); - } - const registry = import_schema9.TypeRegistry.for(namespace); - let errorSchema; - try { - errorSchema = registry.getSchema(errorIdentifier); - } catch (e) { - const baseExceptionSchema = import_schema9.TypeRegistry.for("smithy.ts.sdk.synthetic." + namespace).getBaseException(); - if (baseExceptionSchema) { - const ErrorCtor = baseExceptionSchema.ctor; - throw Object.assign(new ErrorCtor(errorName), dataObject); - } - throw new Error(errorName); - } - const ns = import_schema9.NormalizedSchema.of(errorSchema); - const message = dataObject.Error?.message ?? dataObject.Error?.Message ?? dataObject.message ?? dataObject.Message ?? "Unknown"; - const exception = new errorSchema.ctor(message); - await this.deserializeHttpMessage(errorSchema, context, response, dataObject); - const output = {}; - for (const [name, member] of ns.structIterator()) { - const target = member.getMergedTraits().xmlName ?? name; - const value = dataObject.Error?.[target] ?? dataObject[target]; - output[name] = this.codec.createDeserializer().readSchema(member, value); - } - Object.assign(exception, { - $metadata: metadata, - $response: response, - $fault: ns.getMergedTraits().error, - message, - ...output - }); - throw exception; - } + +/***/ }), + +/***/ 9913: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.resolveRuntimeExtensions = void 0; +const region_config_resolver_1 = __nccwpck_require__(6976); +const protocol_http_1 = __nccwpck_require__(4418); +const smithy_client_1 = __nccwpck_require__(3570); +const httpAuthExtensionConfiguration_1 = __nccwpck_require__(1746); +const resolveRuntimeExtensions = (runtimeConfig, extensions) => { + const extensionConfiguration = Object.assign((0, region_config_resolver_1.getAwsRegionExtensionConfiguration)(runtimeConfig), (0, smithy_client_1.getDefaultExtensionConfiguration)(runtimeConfig), (0, protocol_http_1.getHttpHandlerExtensionConfiguration)(runtimeConfig), (0, httpAuthExtensionConfiguration_1.getHttpAuthExtensionConfiguration)(runtimeConfig)); + extensions.forEach((extension) => extension.configure(extensionConfiguration)); + return Object.assign(runtimeConfig, (0, region_config_resolver_1.resolveAwsRegionExtensionConfiguration)(extensionConfiguration), (0, smithy_client_1.resolveDefaultRuntimeConfig)(extensionConfiguration), (0, protocol_http_1.resolveHttpHandlerRuntimeConfig)(extensionConfiguration), (0, httpAuthExtensionConfiguration_1.resolveHttpAuthRuntimeConfig)(extensionConfiguration)); }; -// Annotate the CommonJS export names for ESM import in node: -0 && (0); +exports.resolveRuntimeExtensions = resolveRuntimeExtensions; /***/ }), -/***/ 4407: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +/***/ 6976: +/***/ ((module) => { "use strict"; @@ -33734,47 +41648,76 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru // src/index.ts var index_exports = {}; __export(index_exports, { - ENV_ACCOUNT_ID: () => ENV_ACCOUNT_ID, - ENV_CREDENTIAL_SCOPE: () => ENV_CREDENTIAL_SCOPE, - ENV_EXPIRATION: () => ENV_EXPIRATION, - ENV_KEY: () => ENV_KEY, - ENV_SECRET: () => ENV_SECRET, - ENV_SESSION: () => ENV_SESSION, - fromEnv: () => fromEnv + NODE_REGION_CONFIG_FILE_OPTIONS: () => NODE_REGION_CONFIG_FILE_OPTIONS, + NODE_REGION_CONFIG_OPTIONS: () => NODE_REGION_CONFIG_OPTIONS, + REGION_ENV_NAME: () => REGION_ENV_NAME, + REGION_INI_NAME: () => REGION_INI_NAME, + getAwsRegionExtensionConfiguration: () => getAwsRegionExtensionConfiguration, + resolveAwsRegionExtensionConfiguration: () => resolveAwsRegionExtensionConfiguration, + resolveRegionConfig: () => resolveRegionConfig }); module.exports = __toCommonJS(index_exports); -// src/fromEnv.ts -var import_client = __nccwpck_require__(6510); -var import_property_provider = __nccwpck_require__(9721); -var ENV_KEY = "AWS_ACCESS_KEY_ID"; -var ENV_SECRET = "AWS_SECRET_ACCESS_KEY"; -var ENV_SESSION = "AWS_SESSION_TOKEN"; -var ENV_EXPIRATION = "AWS_CREDENTIAL_EXPIRATION"; -var ENV_CREDENTIAL_SCOPE = "AWS_CREDENTIAL_SCOPE"; -var ENV_ACCOUNT_ID = "AWS_ACCOUNT_ID"; -var fromEnv = /* @__PURE__ */ __name((init) => async () => { - init?.logger?.debug("@aws-sdk/credential-provider-env - fromEnv"); - const accessKeyId = process.env[ENV_KEY]; - const secretAccessKey = process.env[ENV_SECRET]; - const sessionToken = process.env[ENV_SESSION]; - const expiry = process.env[ENV_EXPIRATION]; - const credentialScope = process.env[ENV_CREDENTIAL_SCOPE]; - const accountId = process.env[ENV_ACCOUNT_ID]; - if (accessKeyId && secretAccessKey) { - const credentials = { - accessKeyId, - secretAccessKey, - ...sessionToken && { sessionToken }, - ...expiry && { expiration: new Date(expiry) }, - ...credentialScope && { credentialScope }, - ...accountId && { accountId } - }; - (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_ENV_VARS", "g"); - return credentials; +// src/extensions/index.ts +var getAwsRegionExtensionConfiguration = /* @__PURE__ */ __name((runtimeConfig) => { + return { + setRegion(region) { + runtimeConfig.region = region; + }, + region() { + return runtimeConfig.region; + } + }; +}, "getAwsRegionExtensionConfiguration"); +var resolveAwsRegionExtensionConfiguration = /* @__PURE__ */ __name((awsRegionExtensionConfiguration) => { + return { + region: awsRegionExtensionConfiguration.region() + }; +}, "resolveAwsRegionExtensionConfiguration"); + +// src/regionConfig/config.ts +var REGION_ENV_NAME = "AWS_REGION"; +var REGION_INI_NAME = "region"; +var NODE_REGION_CONFIG_OPTIONS = { + environmentVariableSelector: /* @__PURE__ */ __name((env) => env[REGION_ENV_NAME], "environmentVariableSelector"), + configFileSelector: /* @__PURE__ */ __name((profile) => profile[REGION_INI_NAME], "configFileSelector"), + default: /* @__PURE__ */ __name(() => { + throw new Error("Region is missing"); + }, "default") +}; +var NODE_REGION_CONFIG_FILE_OPTIONS = { + preferredFile: "credentials" +}; + +// src/regionConfig/isFipsRegion.ts +var isFipsRegion = /* @__PURE__ */ __name((region) => typeof region === "string" && (region.startsWith("fips-") || region.endsWith("-fips")), "isFipsRegion"); + +// src/regionConfig/getRealRegion.ts +var getRealRegion = /* @__PURE__ */ __name((region) => isFipsRegion(region) ? ["fips-aws-global", "aws-fips"].includes(region) ? "us-east-1" : region.replace(/fips-(dkr-|prod-)?|-fips/, "") : region, "getRealRegion"); + +// src/regionConfig/resolveRegionConfig.ts +var resolveRegionConfig = /* @__PURE__ */ __name((input) => { + const { region, useFipsEndpoint } = input; + if (!region) { + throw new Error("Region is missing"); } - throw new import_property_provider.CredentialsProviderError("Unable to find environment variable credentials.", { logger: init?.logger }); -}, "fromEnv"); + return Object.assign(input, { + region: /* @__PURE__ */ __name(async () => { + if (typeof region === "string") { + return getRealRegion(region); + } + const providedRegion = await region(); + return getRealRegion(providedRegion); + }, "region"), + useFipsEndpoint: /* @__PURE__ */ __name(async () => { + const providedRegion = typeof region === "string" ? region : await region(); + if (isFipsRegion(providedRegion)) { + return true; + } + return typeof useFipsEndpoint !== "function" ? Promise.resolve(!!useFipsEndpoint) : useFipsEndpoint(); + }, "useFipsEndpoint") + }); +}, "resolveRegionConfig"); // Annotate the CommonJS export names for ESM import in node: 0 && (0); @@ -33783,245 +41726,254 @@ var fromEnv = /* @__PURE__ */ __name((init) => async () => { /***/ }), -/***/ 7519: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { +/***/ 7182: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.checkUrl = void 0; -const property_provider_1 = __nccwpck_require__(9721); -const LOOPBACK_CIDR_IPv4 = "127.0.0.0/8"; -const LOOPBACK_CIDR_IPv6 = "::1/128"; -const ECS_CONTAINER_HOST = "169.254.170.2"; -const EKS_CONTAINER_HOST_IPv4 = "169.254.170.23"; -const EKS_CONTAINER_HOST_IPv6 = "[fd00:ec2::23]"; -const checkUrl = (url, logger) => { - if (url.protocol === "https:") { - return; - } - if (url.hostname === ECS_CONTAINER_HOST || - url.hostname === EKS_CONTAINER_HOST_IPv4 || - url.hostname === EKS_CONTAINER_HOST_IPv6) { - return; - } - if (url.hostname.includes("[")) { - if (url.hostname === "[::1]" || url.hostname === "[0000:0000:0000:0000:0000:0000:0000:0001]") { - return; - } - } - else { - if (url.hostname === "localhost") { - return; - } - const ipComponents = url.hostname.split("."); - const inRange = (component) => { - const num = parseInt(component, 10); - return 0 <= num && num <= 255; - }; - if (ipComponents[0] === "127" && - inRange(ipComponents[1]) && - inRange(ipComponents[2]) && - inRange(ipComponents[3]) && - ipComponents.length === 4) { - return; - } - } - throw new property_provider_1.CredentialsProviderError(`URL not accepted. It must either be HTTPS or match one of the following: - - loopback CIDR 127.0.0.0/8 or [::1/128] - - ECS container host 169.254.170.2 - - EKS container host 169.254.170.23 or [fd00:ec2::23]`, { logger }); +var __create = Object.create; +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __getProtoOf = Object.getPrototypeOf; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); }; -exports.checkUrl = checkUrl; - - -/***/ }), +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + } + return to; +}; +var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps( + // If the importer is in node compatibility mode or this is not an ESM + // file that has been converted to a CommonJS file using a Babel- + // compatible transform (i.e. "__esModule" has not been set), then set + // "default" to the CommonJS "module.exports" for node compatibility. + isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target, + mod +)); +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -/***/ 9546: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { +// src/index.ts +var index_exports = {}; +__export(index_exports, { + fromEnvSigningName: () => fromEnvSigningName, + fromSso: () => fromSso, + fromStatic: () => fromStatic, + nodeProvider: () => nodeProvider +}); +module.exports = __toCommonJS(index_exports); -"use strict"; +// src/fromEnvSigningName.ts +var import_client = __nccwpck_require__(6510); +var import_httpAuthSchemes = __nccwpck_require__(3017); +var import_property_provider = __nccwpck_require__(9721); +var fromEnvSigningName = /* @__PURE__ */ __name(({ logger, signingName } = {}) => async () => { + logger?.debug?.("@aws-sdk/token-providers - fromEnvSigningName"); + if (!signingName) { + throw new import_property_provider.TokenProviderError("Please pass 'signingName' to compute environment variable key", { logger }); + } + const bearerTokenKey = (0, import_httpAuthSchemes.getBearerTokenEnvKey)(signingName); + if (!(bearerTokenKey in process.env)) { + throw new import_property_provider.TokenProviderError(`Token not present in '${bearerTokenKey}' environment variable`, { logger }); + } + const token = { token: process.env[bearerTokenKey] }; + (0, import_client.setTokenFeature)(token, "BEARER_SERVICE_ENV_VARS", "3"); + return token; +}, "fromEnvSigningName"); -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.fromHttp = void 0; -const tslib_1 = __nccwpck_require__(4351); -const client_1 = __nccwpck_require__(6510); -const node_http_handler_1 = __nccwpck_require__(258); -const property_provider_1 = __nccwpck_require__(9721); -const promises_1 = tslib_1.__importDefault(__nccwpck_require__(3292)); -const checkUrl_1 = __nccwpck_require__(7519); -const requestHelpers_1 = __nccwpck_require__(2707); -const retry_wrapper_1 = __nccwpck_require__(9138); -const AWS_CONTAINER_CREDENTIALS_RELATIVE_URI = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"; -const DEFAULT_LINK_LOCAL_HOST = "http://169.254.170.2"; -const AWS_CONTAINER_CREDENTIALS_FULL_URI = "AWS_CONTAINER_CREDENTIALS_FULL_URI"; -const AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE = "AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE"; -const AWS_CONTAINER_AUTHORIZATION_TOKEN = "AWS_CONTAINER_AUTHORIZATION_TOKEN"; -const fromHttp = (options = {}) => { - options.logger?.debug("@aws-sdk/credential-provider-http - fromHttp"); - let host; - const relative = options.awsContainerCredentialsRelativeUri ?? process.env[AWS_CONTAINER_CREDENTIALS_RELATIVE_URI]; - const full = options.awsContainerCredentialsFullUri ?? process.env[AWS_CONTAINER_CREDENTIALS_FULL_URI]; - const token = options.awsContainerAuthorizationToken ?? process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN]; - const tokenFile = options.awsContainerAuthorizationTokenFile ?? process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE]; - const warn = options.logger?.constructor?.name === "NoOpLogger" || !options.logger ? console.warn : options.logger.warn; - if (relative && full) { - warn("@aws-sdk/credential-provider-http: " + - "you have set both awsContainerCredentialsRelativeUri and awsContainerCredentialsFullUri."); - warn("awsContainerCredentialsFullUri will take precedence."); - } - if (token && tokenFile) { - warn("@aws-sdk/credential-provider-http: " + - "you have set both awsContainerAuthorizationToken and awsContainerAuthorizationTokenFile."); - warn("awsContainerAuthorizationToken will take precedence."); - } - if (full) { - host = full; - } - else if (relative) { - host = `${DEFAULT_LINK_LOCAL_HOST}${relative}`; - } - else { - throw new property_provider_1.CredentialsProviderError(`No HTTP credential provider host provided. -Set AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI.`, { logger: options.logger }); - } - const url = new URL(host); - (0, checkUrl_1.checkUrl)(url, options.logger); - const requestHandler = new node_http_handler_1.NodeHttpHandler({ - requestTimeout: options.timeout ?? 1000, - connectionTimeout: options.timeout ?? 1000, - }); - return (0, retry_wrapper_1.retryWrapper)(async () => { - const request = (0, requestHelpers_1.createGetRequest)(url); - if (token) { - request.headers.Authorization = token; - } - else if (tokenFile) { - request.headers.Authorization = (await promises_1.default.readFile(tokenFile)).toString(); - } - try { - const result = await requestHandler.handle(request); - return (0, requestHelpers_1.getCredentials)(result.response).then((creds) => (0, client_1.setCredentialFeature)(creds, "CREDENTIALS_HTTP", "z")); - } - catch (e) { - throw new property_provider_1.CredentialsProviderError(String(e), { logger: options.logger }); - } - }, options.maxRetries ?? 3, options.timeout ?? 1000); -}; -exports.fromHttp = fromHttp; +// src/fromSso.ts -/***/ }), -/***/ 2707: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { +// src/constants.ts +var EXPIRE_WINDOW_MS = 5 * 60 * 1e3; +var REFRESH_MESSAGE = `To refresh this SSO session run 'aws sso login' with the corresponding profile.`; -"use strict"; +// src/getSsoOidcClient.ts +var getSsoOidcClient = /* @__PURE__ */ __name(async (ssoRegion, init = {}) => { + const { SSOOIDCClient } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(8959))); + const ssoOidcClient = new SSOOIDCClient( + Object.assign({}, init.clientConfig ?? {}, { + region: ssoRegion ?? init.clientConfig?.region, + logger: init.clientConfig?.logger ?? init.parentClientConfig?.logger + }) + ); + return ssoOidcClient; +}, "getSsoOidcClient"); -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.createGetRequest = createGetRequest; -exports.getCredentials = getCredentials; -const property_provider_1 = __nccwpck_require__(9721); -const protocol_http_1 = __nccwpck_require__(4418); -const smithy_client_1 = __nccwpck_require__(3570); -const util_stream_1 = __nccwpck_require__(6607); -function createGetRequest(url) { - return new protocol_http_1.HttpRequest({ - protocol: url.protocol, - hostname: url.hostname, - port: Number(url.port), - path: url.pathname, - query: Array.from(url.searchParams.entries()).reduce((acc, [k, v]) => { - acc[k] = v; - return acc; - }, {}), - fragment: url.hash, - }); -} -async function getCredentials(response, logger) { - const stream = (0, util_stream_1.sdkStreamMixin)(response.body); - const str = await stream.transformToString(); - if (response.statusCode === 200) { - const parsed = JSON.parse(str); - if (typeof parsed.AccessKeyId !== "string" || - typeof parsed.SecretAccessKey !== "string" || - typeof parsed.Token !== "string" || - typeof parsed.Expiration !== "string") { - throw new property_provider_1.CredentialsProviderError("HTTP credential provider response not of the required format, an object matching: " + - "{ AccessKeyId: string, SecretAccessKey: string, Token: string, Expiration: string(rfc3339) }", { logger }); - } - return { - accessKeyId: parsed.AccessKeyId, - secretAccessKey: parsed.SecretAccessKey, - sessionToken: parsed.Token, - expiration: (0, smithy_client_1.parseRfc3339DateTime)(parsed.Expiration), - }; - } - if (response.statusCode >= 400 && response.statusCode < 500) { - let parsedBody = {}; - try { - parsedBody = JSON.parse(str); - } - catch (e) { } - throw Object.assign(new property_provider_1.CredentialsProviderError(`Server responded with status: ${response.statusCode}`, { logger }), { - Code: parsedBody.Code, - Message: parsedBody.Message, - }); - } - throw new property_provider_1.CredentialsProviderError(`Server responded with status: ${response.statusCode}`, { logger }); -} +// src/getNewSsoOidcToken.ts +var getNewSsoOidcToken = /* @__PURE__ */ __name(async (ssoToken, ssoRegion, init = {}) => { + const { CreateTokenCommand } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(8959))); + const ssoOidcClient = await getSsoOidcClient(ssoRegion, init); + return ssoOidcClient.send( + new CreateTokenCommand({ + clientId: ssoToken.clientId, + clientSecret: ssoToken.clientSecret, + refreshToken: ssoToken.refreshToken, + grantType: "refresh_token" + }) + ); +}, "getNewSsoOidcToken"); +// src/validateTokenExpiry.ts -/***/ }), +var validateTokenExpiry = /* @__PURE__ */ __name((token) => { + if (token.expiration && token.expiration.getTime() < Date.now()) { + throw new import_property_provider.TokenProviderError(`Token is expired. ${REFRESH_MESSAGE}`, false); + } +}, "validateTokenExpiry"); -/***/ 9138: -/***/ ((__unused_webpack_module, exports) => { +// src/validateTokenKey.ts -"use strict"; +var validateTokenKey = /* @__PURE__ */ __name((key, value, forRefresh = false) => { + if (typeof value === "undefined") { + throw new import_property_provider.TokenProviderError( + `Value not present for '${key}' in SSO Token${forRefresh ? ". Cannot refresh" : ""}. ${REFRESH_MESSAGE}`, + false + ); + } +}, "validateTokenKey"); -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.retryWrapper = void 0; -const retryWrapper = (toRetry, maxRetries, delayMs) => { - return async () => { - for (let i = 0; i < maxRetries; ++i) { - try { - return await toRetry(); - } - catch (e) { - await new Promise((resolve) => setTimeout(resolve, delayMs)); - } - } - return await toRetry(); +// src/writeSSOTokenToFile.ts +var import_shared_ini_file_loader = __nccwpck_require__(3507); +var import_fs = __nccwpck_require__(7147); +var { writeFile } = import_fs.promises; +var writeSSOTokenToFile = /* @__PURE__ */ __name((id, ssoToken) => { + const tokenFilepath = (0, import_shared_ini_file_loader.getSSOTokenFilepath)(id); + const tokenString = JSON.stringify(ssoToken, null, 2); + return writeFile(tokenFilepath, tokenString); +}, "writeSSOTokenToFile"); + +// src/fromSso.ts +var lastRefreshAttemptTime = /* @__PURE__ */ new Date(0); +var fromSso = /* @__PURE__ */ __name((_init = {}) => async ({ callerClientConfig } = {}) => { + const init = { + ..._init, + parentClientConfig: { + ...callerClientConfig, + ..._init.parentClientConfig + } + }; + init.logger?.debug("@aws-sdk/token-providers - fromSso"); + const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init); + const profileName = (0, import_shared_ini_file_loader.getProfileName)({ + profile: init.profile ?? callerClientConfig?.profile + }); + const profile = profiles[profileName]; + if (!profile) { + throw new import_property_provider.TokenProviderError(`Profile '${profileName}' could not be found in shared credentials file.`, false); + } else if (!profile["sso_session"]) { + throw new import_property_provider.TokenProviderError(`Profile '${profileName}' is missing required property 'sso_session'.`); + } + const ssoSessionName = profile["sso_session"]; + const ssoSessions = await (0, import_shared_ini_file_loader.loadSsoSessionData)(init); + const ssoSession = ssoSessions[ssoSessionName]; + if (!ssoSession) { + throw new import_property_provider.TokenProviderError( + `Sso session '${ssoSessionName}' could not be found in shared credentials file.`, + false + ); + } + for (const ssoSessionRequiredKey of ["sso_start_url", "sso_region"]) { + if (!ssoSession[ssoSessionRequiredKey]) { + throw new import_property_provider.TokenProviderError( + `Sso session '${ssoSessionName}' is missing required property '${ssoSessionRequiredKey}'.`, + false + ); + } + } + const ssoStartUrl = ssoSession["sso_start_url"]; + const ssoRegion = ssoSession["sso_region"]; + let ssoToken; + try { + ssoToken = await (0, import_shared_ini_file_loader.getSSOTokenFromFile)(ssoSessionName); + } catch (e) { + throw new import_property_provider.TokenProviderError( + `The SSO session token associated with profile=${profileName} was not found or is invalid. ${REFRESH_MESSAGE}`, + false + ); + } + validateTokenKey("accessToken", ssoToken.accessToken); + validateTokenKey("expiresAt", ssoToken.expiresAt); + const { accessToken, expiresAt } = ssoToken; + const existingToken = { token: accessToken, expiration: new Date(expiresAt) }; + if (existingToken.expiration.getTime() - Date.now() > EXPIRE_WINDOW_MS) { + return existingToken; + } + if (Date.now() - lastRefreshAttemptTime.getTime() < 30 * 1e3) { + validateTokenExpiry(existingToken); + return existingToken; + } + validateTokenKey("clientId", ssoToken.clientId, true); + validateTokenKey("clientSecret", ssoToken.clientSecret, true); + validateTokenKey("refreshToken", ssoToken.refreshToken, true); + try { + lastRefreshAttemptTime.setTime(Date.now()); + const newSsoOidcToken = await getNewSsoOidcToken(ssoToken, ssoRegion, init); + validateTokenKey("accessToken", newSsoOidcToken.accessToken); + validateTokenKey("expiresIn", newSsoOidcToken.expiresIn); + const newTokenExpiration = new Date(Date.now() + newSsoOidcToken.expiresIn * 1e3); + try { + await writeSSOTokenToFile(ssoSessionName, { + ...ssoToken, + accessToken: newSsoOidcToken.accessToken, + expiresAt: newTokenExpiration.toISOString(), + refreshToken: newSsoOidcToken.refreshToken + }); + } catch (error) { + } + return { + token: newSsoOidcToken.accessToken, + expiration: newTokenExpiration }; -}; -exports.retryWrapper = retryWrapper; + } catch (error) { + validateTokenExpiry(existingToken); + return existingToken; + } +}, "fromSso"); +// src/fromStatic.ts -/***/ }), +var fromStatic = /* @__PURE__ */ __name(({ token, logger }) => async () => { + logger?.debug("@aws-sdk/token-providers - fromStatic"); + if (!token || !token.token) { + throw new import_property_provider.TokenProviderError(`Please pass a valid token to fromStatic`, false); + } + return token; +}, "fromStatic"); -/***/ 5554: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { +// src/nodeProvider.ts -"use strict"; +var nodeProvider = /* @__PURE__ */ __name((init = {}) => (0, import_property_provider.memoize)( + (0, import_property_provider.chain)(fromSso(init), async () => { + throw new import_property_provider.TokenProviderError("Could not load token from any providers", false); + }), + (token) => token.expiration !== void 0 && token.expiration.getTime() - Date.now() < 3e5, + (token) => token.expiration !== void 0 +), "nodeProvider"); +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.fromHttp = void 0; -var fromHttp_1 = __nccwpck_require__(9546); -Object.defineProperty(exports, "fromHttp", ({ enumerable: true, get: function () { return fromHttp_1.fromHttp; } })); /***/ }), -/***/ 5736: +/***/ 4241: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; -var __create = Object.create; var __defProp = Object.defineProperty; var __getOwnPropDesc = Object.getOwnPropertyDescriptor; var __getOwnPropNames = Object.getOwnPropertyNames; -var __getProtoOf = Object.getPrototypeOf; var __hasOwnProp = Object.prototype.hasOwnProperty; var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); var __export = (target, all) => { @@ -34036,256 +41988,456 @@ var __copyProps = (to, from, except, desc) => { } return to; }; -var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps( - // If the importer is in node compatibility mode or this is not an ESM - // file that has been converted to a CommonJS file using a Babel- - // compatible transform (i.e. "__esModule" has not been set), then set - // "default" to the CommonJS "module.exports" for node compatibility. - isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target, - mod -)); var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); // src/index.ts var index_exports = {}; __export(index_exports, { - fromIni: () => fromIni + ConditionObject: () => import_util_endpoints.ConditionObject, + DeprecatedObject: () => import_util_endpoints.DeprecatedObject, + EndpointError: () => import_util_endpoints.EndpointError, + EndpointObject: () => import_util_endpoints.EndpointObject, + EndpointObjectHeaders: () => import_util_endpoints.EndpointObjectHeaders, + EndpointObjectProperties: () => import_util_endpoints.EndpointObjectProperties, + EndpointParams: () => import_util_endpoints.EndpointParams, + EndpointResolverOptions: () => import_util_endpoints.EndpointResolverOptions, + EndpointRuleObject: () => import_util_endpoints.EndpointRuleObject, + ErrorRuleObject: () => import_util_endpoints.ErrorRuleObject, + EvaluateOptions: () => import_util_endpoints.EvaluateOptions, + Expression: () => import_util_endpoints.Expression, + FunctionArgv: () => import_util_endpoints.FunctionArgv, + FunctionObject: () => import_util_endpoints.FunctionObject, + FunctionReturn: () => import_util_endpoints.FunctionReturn, + ParameterObject: () => import_util_endpoints.ParameterObject, + ReferenceObject: () => import_util_endpoints.ReferenceObject, + ReferenceRecord: () => import_util_endpoints.ReferenceRecord, + RuleSetObject: () => import_util_endpoints.RuleSetObject, + RuleSetRules: () => import_util_endpoints.RuleSetRules, + TreeRuleObject: () => import_util_endpoints.TreeRuleObject, + awsEndpointFunctions: () => awsEndpointFunctions, + getUserAgentPrefix: () => getUserAgentPrefix, + isIpAddress: () => import_util_endpoints.isIpAddress, + partition: () => partition, + resolveDefaultAwsRegionalEndpointsConfig: () => resolveDefaultAwsRegionalEndpointsConfig, + resolveEndpoint: () => import_util_endpoints.resolveEndpoint, + setPartitionInfo: () => setPartitionInfo, + toEndpointV1: () => toEndpointV1, + useDefaultPartitionInfo: () => useDefaultPartitionInfo }); module.exports = __toCommonJS(index_exports); -// src/fromIni.ts - +// src/aws.ts -// src/resolveProfileData.ts +// src/lib/aws/isVirtualHostableS3Bucket.ts -// src/resolveAssumeRoleCredentials.ts +// src/lib/isIpAddress.ts +var import_util_endpoints = __nccwpck_require__(5473); -var import_shared_ini_file_loader = __nccwpck_require__(3507); +// src/lib/aws/isVirtualHostableS3Bucket.ts +var isVirtualHostableS3Bucket = /* @__PURE__ */ __name((value, allowSubDomains = false) => { + if (allowSubDomains) { + for (const label of value.split(".")) { + if (!isVirtualHostableS3Bucket(label)) { + return false; + } + } + return true; + } + if (!(0, import_util_endpoints.isValidHostLabel)(value)) { + return false; + } + if (value.length < 3 || value.length > 63) { + return false; + } + if (value !== value.toLowerCase()) { + return false; + } + if ((0, import_util_endpoints.isIpAddress)(value)) { + return false; + } + return true; +}, "isVirtualHostableS3Bucket"); -// src/resolveCredentialSource.ts -var import_client = __nccwpck_require__(6510); -var import_property_provider = __nccwpck_require__(9721); -var resolveCredentialSource = /* @__PURE__ */ __name((credentialSource, profileName, logger) => { - const sourceProvidersMap = { - EcsContainer: /* @__PURE__ */ __name(async (options) => { - const { fromHttp } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(5554))); - const { fromContainerMetadata } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(7477))); - logger?.debug("@aws-sdk/credential-provider-ini - credential_source is EcsContainer"); - return async () => (0, import_property_provider.chain)(fromHttp(options ?? {}), fromContainerMetadata(options))().then(setNamedProvider); - }, "EcsContainer"), - Ec2InstanceMetadata: /* @__PURE__ */ __name(async (options) => { - logger?.debug("@aws-sdk/credential-provider-ini - credential_source is Ec2InstanceMetadata"); - const { fromInstanceMetadata } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(7477))); - return async () => fromInstanceMetadata(options)().then(setNamedProvider); - }, "Ec2InstanceMetadata"), - Environment: /* @__PURE__ */ __name(async (options) => { - logger?.debug("@aws-sdk/credential-provider-ini - credential_source is Environment"); - const { fromEnv } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(4407))); - return async () => fromEnv(options)().then(setNamedProvider); - }, "Environment") +// src/lib/aws/parseArn.ts +var ARN_DELIMITER = ":"; +var RESOURCE_DELIMITER = "/"; +var parseArn = /* @__PURE__ */ __name((value) => { + const segments = value.split(ARN_DELIMITER); + if (segments.length < 6) return null; + const [arn, partition2, service, region, accountId, ...resourcePath] = segments; + if (arn !== "arn" || partition2 === "" || service === "" || resourcePath.join(ARN_DELIMITER) === "") return null; + const resourceId = resourcePath.map((resource) => resource.split(RESOURCE_DELIMITER)).flat(); + return { + partition: partition2, + service, + region, + accountId, + resourceId }; - if (credentialSource in sourceProvidersMap) { - return sourceProvidersMap[credentialSource]; - } else { - throw new import_property_provider.CredentialsProviderError( - `Unsupported credential source in profile ${profileName}. Got ${credentialSource}, expected EcsContainer or Ec2InstanceMetadata or Environment.`, - { logger } - ); - } -}, "resolveCredentialSource"); -var setNamedProvider = /* @__PURE__ */ __name((creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_NAMED_PROVIDER", "p"), "setNamedProvider"); +}, "parseArn"); + +// src/lib/aws/partitions.json +var partitions_default = { + partitions: [{ + id: "aws", + outputs: { + dnsSuffix: "amazonaws.com", + dualStackDnsSuffix: "api.aws", + implicitGlobalRegion: "us-east-1", + name: "aws", + supportsDualStack: true, + supportsFIPS: true + }, + regionRegex: "^(us|eu|ap|sa|ca|me|af|il|mx)\\-\\w+\\-\\d+$", + regions: { + "af-south-1": { + description: "Africa (Cape Town)" + }, + "ap-east-1": { + description: "Asia Pacific (Hong Kong)" + }, + "ap-east-2": { + description: "Asia Pacific (Taipei)" + }, + "ap-northeast-1": { + description: "Asia Pacific (Tokyo)" + }, + "ap-northeast-2": { + description: "Asia Pacific (Seoul)" + }, + "ap-northeast-3": { + description: "Asia Pacific (Osaka)" + }, + "ap-south-1": { + description: "Asia Pacific (Mumbai)" + }, + "ap-south-2": { + description: "Asia Pacific (Hyderabad)" + }, + "ap-southeast-1": { + description: "Asia Pacific (Singapore)" + }, + "ap-southeast-2": { + description: "Asia Pacific (Sydney)" + }, + "ap-southeast-3": { + description: "Asia Pacific (Jakarta)" + }, + "ap-southeast-4": { + description: "Asia Pacific (Melbourne)" + }, + "ap-southeast-5": { + description: "Asia Pacific (Malaysia)" + }, + "ap-southeast-7": { + description: "Asia Pacific (Thailand)" + }, + "aws-global": { + description: "AWS Standard global region" + }, + "ca-central-1": { + description: "Canada (Central)" + }, + "ca-west-1": { + description: "Canada West (Calgary)" + }, + "eu-central-1": { + description: "Europe (Frankfurt)" + }, + "eu-central-2": { + description: "Europe (Zurich)" + }, + "eu-north-1": { + description: "Europe (Stockholm)" + }, + "eu-south-1": { + description: "Europe (Milan)" + }, + "eu-south-2": { + description: "Europe (Spain)" + }, + "eu-west-1": { + description: "Europe (Ireland)" + }, + "eu-west-2": { + description: "Europe (London)" + }, + "eu-west-3": { + description: "Europe (Paris)" + }, + "il-central-1": { + description: "Israel (Tel Aviv)" + }, + "me-central-1": { + description: "Middle East (UAE)" + }, + "me-south-1": { + description: "Middle East (Bahrain)" + }, + "mx-central-1": { + description: "Mexico (Central)" + }, + "sa-east-1": { + description: "South America (Sao Paulo)" + }, + "us-east-1": { + description: "US East (N. Virginia)" + }, + "us-east-2": { + description: "US East (Ohio)" + }, + "us-west-1": { + description: "US West (N. California)" + }, + "us-west-2": { + description: "US West (Oregon)" + } + } + }, { + id: "aws-cn", + outputs: { + dnsSuffix: "amazonaws.com.cn", + dualStackDnsSuffix: "api.amazonwebservices.com.cn", + implicitGlobalRegion: "cn-northwest-1", + name: "aws-cn", + supportsDualStack: true, + supportsFIPS: true + }, + regionRegex: "^cn\\-\\w+\\-\\d+$", + regions: { + "aws-cn-global": { + description: "AWS China global region" + }, + "cn-north-1": { + description: "China (Beijing)" + }, + "cn-northwest-1": { + description: "China (Ningxia)" + } + } + }, { + id: "aws-us-gov", + outputs: { + dnsSuffix: "amazonaws.com", + dualStackDnsSuffix: "api.aws", + implicitGlobalRegion: "us-gov-west-1", + name: "aws-us-gov", + supportsDualStack: true, + supportsFIPS: true + }, + regionRegex: "^us\\-gov\\-\\w+\\-\\d+$", + regions: { + "aws-us-gov-global": { + description: "AWS GovCloud (US) global region" + }, + "us-gov-east-1": { + description: "AWS GovCloud (US-East)" + }, + "us-gov-west-1": { + description: "AWS GovCloud (US-West)" + } + } + }, { + id: "aws-iso", + outputs: { + dnsSuffix: "c2s.ic.gov", + dualStackDnsSuffix: "c2s.ic.gov", + implicitGlobalRegion: "us-iso-east-1", + name: "aws-iso", + supportsDualStack: false, + supportsFIPS: true + }, + regionRegex: "^us\\-iso\\-\\w+\\-\\d+$", + regions: { + "aws-iso-global": { + description: "AWS ISO (US) global region" + }, + "us-iso-east-1": { + description: "US ISO East" + }, + "us-iso-west-1": { + description: "US ISO WEST" + } + } + }, { + id: "aws-iso-b", + outputs: { + dnsSuffix: "sc2s.sgov.gov", + dualStackDnsSuffix: "sc2s.sgov.gov", + implicitGlobalRegion: "us-isob-east-1", + name: "aws-iso-b", + supportsDualStack: false, + supportsFIPS: true + }, + regionRegex: "^us\\-isob\\-\\w+\\-\\d+$", + regions: { + "aws-iso-b-global": { + description: "AWS ISOB (US) global region" + }, + "us-isob-east-1": { + description: "US ISOB East (Ohio)" + } + } + }, { + id: "aws-iso-e", + outputs: { + dnsSuffix: "cloud.adc-e.uk", + dualStackDnsSuffix: "cloud.adc-e.uk", + implicitGlobalRegion: "eu-isoe-west-1", + name: "aws-iso-e", + supportsDualStack: false, + supportsFIPS: true + }, + regionRegex: "^eu\\-isoe\\-\\w+\\-\\d+$", + regions: { + "aws-iso-e-global": { + description: "AWS ISOE (Europe) global region" + }, + "eu-isoe-west-1": { + description: "EU ISOE West" + } + } + }, { + id: "aws-iso-f", + outputs: { + dnsSuffix: "csp.hci.ic.gov", + dualStackDnsSuffix: "csp.hci.ic.gov", + implicitGlobalRegion: "us-isof-south-1", + name: "aws-iso-f", + supportsDualStack: false, + supportsFIPS: true + }, + regionRegex: "^us\\-isof\\-\\w+\\-\\d+$", + regions: { + "aws-iso-f-global": { + description: "AWS ISOF global region" + }, + "us-isof-east-1": { + description: "US ISOF EAST" + }, + "us-isof-south-1": { + description: "US ISOF SOUTH" + } + } + }, { + id: "aws-eusc", + outputs: { + dnsSuffix: "amazonaws.eu", + dualStackDnsSuffix: "amazonaws.eu", + implicitGlobalRegion: "eusc-de-east-1", + name: "aws-eusc", + supportsDualStack: false, + supportsFIPS: true + }, + regionRegex: "^eusc\\-(de)\\-\\w+\\-\\d+$", + regions: { + "eusc-de-east-1": { + description: "EU (Germany)" + } + } + }], + version: "1.1" +}; -// src/resolveAssumeRoleCredentials.ts -var isAssumeRoleProfile = /* @__PURE__ */ __name((arg, { profile = "default", logger } = {}) => { - return Boolean(arg) && typeof arg === "object" && typeof arg.role_arn === "string" && ["undefined", "string"].indexOf(typeof arg.role_session_name) > -1 && ["undefined", "string"].indexOf(typeof arg.external_id) > -1 && ["undefined", "string"].indexOf(typeof arg.mfa_serial) > -1 && (isAssumeRoleWithSourceProfile(arg, { profile, logger }) || isCredentialSourceProfile(arg, { profile, logger })); -}, "isAssumeRoleProfile"); -var isAssumeRoleWithSourceProfile = /* @__PURE__ */ __name((arg, { profile, logger }) => { - const withSourceProfile = typeof arg.source_profile === "string" && typeof arg.credential_source === "undefined"; - if (withSourceProfile) { - logger?.debug?.(` ${profile} isAssumeRoleWithSourceProfile source_profile=${arg.source_profile}`); +// src/lib/aws/partition.ts +var selectedPartitionsInfo = partitions_default; +var selectedUserAgentPrefix = ""; +var partition = /* @__PURE__ */ __name((value) => { + const { partitions } = selectedPartitionsInfo; + for (const partition2 of partitions) { + const { regions, outputs } = partition2; + for (const [region, regionData] of Object.entries(regions)) { + if (region === value) { + return { + ...outputs, + ...regionData + }; + } + } } - return withSourceProfile; -}, "isAssumeRoleWithSourceProfile"); -var isCredentialSourceProfile = /* @__PURE__ */ __name((arg, { profile, logger }) => { - const withProviderProfile = typeof arg.credential_source === "string" && typeof arg.source_profile === "undefined"; - if (withProviderProfile) { - logger?.debug?.(` ${profile} isCredentialSourceProfile credential_source=${arg.credential_source}`); + for (const partition2 of partitions) { + const { regionRegex, outputs } = partition2; + if (new RegExp(regionRegex).test(value)) { + return { + ...outputs + }; + } } - return withProviderProfile; -}, "isCredentialSourceProfile"); -var resolveAssumeRoleCredentials = /* @__PURE__ */ __name(async (profileName, profiles, options, visitedProfiles = {}) => { - options.logger?.debug("@aws-sdk/credential-provider-ini - resolveAssumeRoleCredentials (STS)"); - const profileData = profiles[profileName]; - const { source_profile, region } = profileData; - if (!options.roleAssumer) { - const { getDefaultRoleAssumer } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(3764))); - options.roleAssumer = getDefaultRoleAssumer( - { - ...options.clientConfig, - credentialProviderLogger: options.logger, - parentClientConfig: { - ...options?.parentClientConfig, - region: region ?? options?.parentClientConfig?.region - } - }, - options.clientPlugins + const DEFAULT_PARTITION = partitions.find((partition2) => partition2.id === "aws"); + if (!DEFAULT_PARTITION) { + throw new Error( + "Provided region was not found in the partition array or regex, and default partition with id 'aws' doesn't exist." ); } - if (source_profile && source_profile in visitedProfiles) { - throw new import_property_provider.CredentialsProviderError( - `Detected a cycle attempting to resolve credentials for profile ${(0, import_shared_ini_file_loader.getProfileName)(options)}. Profiles visited: ` + Object.keys(visitedProfiles).join(", "), - { logger: options.logger } - ); + return { + ...DEFAULT_PARTITION.outputs + }; +}, "partition"); +var setPartitionInfo = /* @__PURE__ */ __name((partitionsInfo, userAgentPrefix = "") => { + selectedPartitionsInfo = partitionsInfo; + selectedUserAgentPrefix = userAgentPrefix; +}, "setPartitionInfo"); +var useDefaultPartitionInfo = /* @__PURE__ */ __name(() => { + setPartitionInfo(partitions_default, ""); +}, "useDefaultPartitionInfo"); +var getUserAgentPrefix = /* @__PURE__ */ __name(() => selectedUserAgentPrefix, "getUserAgentPrefix"); + +// src/aws.ts +var awsEndpointFunctions = { + isVirtualHostableS3Bucket, + parseArn, + partition +}; +import_util_endpoints.customEndpointFunctions.aws = awsEndpointFunctions; + +// src/resolveDefaultAwsRegionalEndpointsConfig.ts +var import_url_parser = __nccwpck_require__(4681); +var resolveDefaultAwsRegionalEndpointsConfig = /* @__PURE__ */ __name((input) => { + if (typeof input.endpointProvider !== "function") { + throw new Error("@aws-sdk/util-endpoint - endpointProvider and endpoint missing in config for this client."); } - options.logger?.debug( - `@aws-sdk/credential-provider-ini - finding credential resolver using ${source_profile ? `source_profile=[${source_profile}]` : `profile=[${profileName}]`}` - ); - const sourceCredsProvider = source_profile ? resolveProfileData( - source_profile, - profiles, - options, - { - ...visitedProfiles, - [source_profile]: true - }, - isCredentialSourceWithoutRoleArn(profiles[source_profile] ?? {}) - ) : (await resolveCredentialSource(profileData.credential_source, profileName, options.logger)(options))(); - if (isCredentialSourceWithoutRoleArn(profileData)) { - return sourceCredsProvider.then((creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_SOURCE_PROFILE", "o")); - } else { - const params = { - RoleArn: profileData.role_arn, - RoleSessionName: profileData.role_session_name || `aws-sdk-js-${Date.now()}`, - ExternalId: profileData.external_id, - DurationSeconds: parseInt(profileData.duration_seconds || "3600", 10) + const { endpoint } = input; + if (endpoint === void 0) { + input.endpoint = async () => { + return toEndpointV1( + input.endpointProvider( + { + Region: typeof input.region === "function" ? await input.region() : input.region, + UseDualStack: typeof input.useDualstackEndpoint === "function" ? await input.useDualstackEndpoint() : input.useDualstackEndpoint, + UseFIPS: typeof input.useFipsEndpoint === "function" ? await input.useFipsEndpoint() : input.useFipsEndpoint, + Endpoint: void 0 + }, + { logger: input.logger } + ) + ); }; - const { mfa_serial } = profileData; - if (mfa_serial) { - if (!options.mfaCodeProvider) { - throw new import_property_provider.CredentialsProviderError( - `Profile ${profileName} requires multi-factor authentication, but no MFA code callback was provided.`, - { logger: options.logger, tryNextLink: false } - ); - } - params.SerialNumber = mfa_serial; - params.TokenCode = await options.mfaCodeProvider(mfa_serial); - } - const sourceCreds = await sourceCredsProvider; - return options.roleAssumer(sourceCreds, params).then( - (creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_SOURCE_PROFILE", "o") - ); } -}, "resolveAssumeRoleCredentials"); -var isCredentialSourceWithoutRoleArn = /* @__PURE__ */ __name((section) => { - return !section.role_arn && !!section.credential_source; -}, "isCredentialSourceWithoutRoleArn"); + return input; +}, "resolveDefaultAwsRegionalEndpointsConfig"); +var toEndpointV1 = /* @__PURE__ */ __name((endpoint) => (0, import_url_parser.parseUrl)(endpoint.url), "toEndpointV1"); -// src/resolveProcessCredentials.ts +// src/resolveEndpoint.ts -var isProcessProfile = /* @__PURE__ */ __name((arg) => Boolean(arg) && typeof arg === "object" && typeof arg.credential_process === "string", "isProcessProfile"); -var resolveProcessCredentials = /* @__PURE__ */ __name(async (options, profile) => Promise.resolve().then(() => __toESM(__nccwpck_require__(8638))).then( - ({ fromProcess }) => fromProcess({ - ...options, - profile - })().then((creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_PROCESS", "v")) -), "resolveProcessCredentials"); -// src/resolveSsoCredentials.ts +// src/types/EndpointError.ts -var resolveSsoCredentials = /* @__PURE__ */ __name(async (profile, profileData, options = {}) => { - const { fromSSO } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(5284))); - return fromSSO({ - profile, - logger: options.logger, - parentClientConfig: options.parentClientConfig, - clientConfig: options.clientConfig - })().then((creds) => { - if (profileData.sso_session) { - return (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_SSO", "r"); - } else { - return (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_SSO_LEGACY", "t"); - } - }); -}, "resolveSsoCredentials"); -var isSsoProfile = /* @__PURE__ */ __name((arg) => arg && (typeof arg.sso_start_url === "string" || typeof arg.sso_account_id === "string" || typeof arg.sso_session === "string" || typeof arg.sso_region === "string" || typeof arg.sso_role_name === "string"), "isSsoProfile"); -// src/resolveStaticCredentials.ts +// src/types/EndpointRuleObject.ts -var isStaticCredsProfile = /* @__PURE__ */ __name((arg) => Boolean(arg) && typeof arg === "object" && typeof arg.aws_access_key_id === "string" && typeof arg.aws_secret_access_key === "string" && ["undefined", "string"].indexOf(typeof arg.aws_session_token) > -1 && ["undefined", "string"].indexOf(typeof arg.aws_account_id) > -1, "isStaticCredsProfile"); -var resolveStaticCredentials = /* @__PURE__ */ __name(async (profile, options) => { - options?.logger?.debug("@aws-sdk/credential-provider-ini - resolveStaticCredentials"); - const credentials = { - accessKeyId: profile.aws_access_key_id, - secretAccessKey: profile.aws_secret_access_key, - sessionToken: profile.aws_session_token, - ...profile.aws_credential_scope && { credentialScope: profile.aws_credential_scope }, - ...profile.aws_account_id && { accountId: profile.aws_account_id } - }; - return (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_PROFILE", "n"); -}, "resolveStaticCredentials"); -// src/resolveWebIdentityCredentials.ts +// src/types/ErrorRuleObject.ts -var isWebIdentityProfile = /* @__PURE__ */ __name((arg) => Boolean(arg) && typeof arg === "object" && typeof arg.web_identity_token_file === "string" && typeof arg.role_arn === "string" && ["undefined", "string"].indexOf(typeof arg.role_session_name) > -1, "isWebIdentityProfile"); -var resolveWebIdentityCredentials = /* @__PURE__ */ __name(async (profile, options) => Promise.resolve().then(() => __toESM(__nccwpck_require__(5603))).then( - ({ fromTokenFile }) => fromTokenFile({ - webIdentityTokenFile: profile.web_identity_token_file, - roleArn: profile.role_arn, - roleSessionName: profile.role_session_name, - roleAssumerWithWebIdentity: options.roleAssumerWithWebIdentity, - logger: options.logger, - parentClientConfig: options.parentClientConfig - })().then((creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_STS_WEB_ID_TOKEN", "q")) -), "resolveWebIdentityCredentials"); -// src/resolveProfileData.ts -var resolveProfileData = /* @__PURE__ */ __name(async (profileName, profiles, options, visitedProfiles = {}, isAssumeRoleRecursiveCall = false) => { - const data = profiles[profileName]; - if (Object.keys(visitedProfiles).length > 0 && isStaticCredsProfile(data)) { - return resolveStaticCredentials(data, options); - } - if (isAssumeRoleRecursiveCall || isAssumeRoleProfile(data, { profile: profileName, logger: options.logger })) { - return resolveAssumeRoleCredentials(profileName, profiles, options, visitedProfiles); - } - if (isStaticCredsProfile(data)) { - return resolveStaticCredentials(data, options); - } - if (isWebIdentityProfile(data)) { - return resolveWebIdentityCredentials(data, options); - } - if (isProcessProfile(data)) { - return resolveProcessCredentials(options, profileName); - } - if (isSsoProfile(data)) { - return await resolveSsoCredentials(profileName, data, options); - } - throw new import_property_provider.CredentialsProviderError( - `Could not resolve credentials using profile: [${profileName}] in configuration/credentials file(s).`, - { logger: options.logger } - ); -}, "resolveProfileData"); +// src/types/RuleSetObject.ts + + +// src/types/TreeRuleObject.ts + + +// src/types/shared.ts -// src/fromIni.ts -var fromIni = /* @__PURE__ */ __name((_init = {}) => async ({ callerClientConfig } = {}) => { - const init = { - ..._init, - parentClientConfig: { - ...callerClientConfig, - ..._init.parentClientConfig - } - }; - init.logger?.debug("@aws-sdk/credential-provider-ini - fromIni"); - const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init); - return resolveProfileData( - (0, import_shared_ini_file_loader.getProfileName)({ - profile: _init.profile ?? callerClientConfig?.profile - }), - profiles, - init - ); -}, "fromIni"); // Annotate the CommonJS export names for ESM import in node: 0 && (0); @@ -34294,16 +42446,14 @@ var fromIni = /* @__PURE__ */ __name((_init = {}) => async ({ callerClientConfig /***/ }), -/***/ 3196: +/***/ 7330: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; -var __create = Object.create; var __defProp = Object.defineProperty; var __getOwnPropDesc = Object.getOwnPropertyDescriptor; var __getOwnPropNames = Object.getOwnPropertyNames; -var __getProtoOf = Object.getPrototypeOf; var __hasOwnProp = Object.prototype.hasOwnProperty; var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); var __export = (target, all) => { @@ -34318,125 +42468,79 @@ var __copyProps = (to, from, except, desc) => { } return to; }; -var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps( - // If the importer is in node compatibility mode or this is not an ESM - // file that has been converted to a CommonJS file using a Babel- - // compatible transform (i.e. "__esModule" has not been set), then set - // "default" to the CommonJS "module.exports" for node compatibility. - isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target, - mod -)); var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); // src/index.ts var index_exports = {}; __export(index_exports, { - credentialsTreatedAsExpired: () => credentialsTreatedAsExpired, - credentialsWillNeedRefresh: () => credentialsWillNeedRefresh, - defaultProvider: () => defaultProvider + NODE_APP_ID_CONFIG_OPTIONS: () => NODE_APP_ID_CONFIG_OPTIONS, + UA_APP_ID_ENV_NAME: () => UA_APP_ID_ENV_NAME, + UA_APP_ID_INI_NAME: () => UA_APP_ID_INI_NAME, + createDefaultUserAgentProvider: () => createDefaultUserAgentProvider, + crtAvailability: () => crtAvailability, + defaultUserAgent: () => defaultUserAgent }); module.exports = __toCommonJS(index_exports); -// src/defaultProvider.ts -var import_credential_provider_env = __nccwpck_require__(4407); +// src/defaultUserAgent.ts +var import_os = __nccwpck_require__(2037); +var import_process = __nccwpck_require__(7282); -var import_shared_ini_file_loader = __nccwpck_require__(3507); +// src/crt-availability.ts +var crtAvailability = { + isCrtAvailable: false +}; -// src/remoteProvider.ts -var import_property_provider = __nccwpck_require__(9721); -var ENV_IMDS_DISABLED = "AWS_EC2_METADATA_DISABLED"; -var remoteProvider = /* @__PURE__ */ __name(async (init) => { - const { ENV_CMDS_FULL_URI, ENV_CMDS_RELATIVE_URI, fromContainerMetadata, fromInstanceMetadata } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(7477))); - if (process.env[ENV_CMDS_RELATIVE_URI] || process.env[ENV_CMDS_FULL_URI]) { - init.logger?.debug("@aws-sdk/credential-provider-node - remoteProvider::fromHttp/fromContainerMetadata"); - const { fromHttp } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(5554))); - return (0, import_property_provider.chain)(fromHttp(init), fromContainerMetadata(init)); - } - if (process.env[ENV_IMDS_DISABLED] && process.env[ENV_IMDS_DISABLED] !== "false") { - return async () => { - throw new import_property_provider.CredentialsProviderError("EC2 Instance Metadata Service access disabled", { logger: init.logger }); - }; +// src/is-crt-available.ts +var isCrtAvailable = /* @__PURE__ */ __name(() => { + if (crtAvailability.isCrtAvailable) { + return ["md/crt-avail"]; } - init.logger?.debug("@aws-sdk/credential-provider-node - remoteProvider::fromInstanceMetadata"); - return fromInstanceMetadata(init); -}, "remoteProvider"); + return null; +}, "isCrtAvailable"); -// src/defaultProvider.ts -var multipleCredentialSourceWarningEmitted = false; -var defaultProvider = /* @__PURE__ */ __name((init = {}) => (0, import_property_provider.memoize)( - (0, import_property_provider.chain)( - async () => { - const profile = init.profile ?? process.env[import_shared_ini_file_loader.ENV_PROFILE]; - if (profile) { - const envStaticCredentialsAreSet = process.env[import_credential_provider_env.ENV_KEY] && process.env[import_credential_provider_env.ENV_SECRET]; - if (envStaticCredentialsAreSet) { - if (!multipleCredentialSourceWarningEmitted) { - const warnFn = init.logger?.warn && init.logger?.constructor?.name !== "NoOpLogger" ? init.logger.warn : console.warn; - warnFn( - `@aws-sdk/credential-provider-node - defaultProvider::fromEnv WARNING: - Multiple credential sources detected: - Both AWS_PROFILE and the pair AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY static credentials are set. - This SDK will proceed with the AWS_PROFILE value. - - However, a future version may change this behavior to prefer the ENV static credentials. - Please ensure that your environment only sets either the AWS_PROFILE or the - AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY pair. -` - ); - multipleCredentialSourceWarningEmitted = true; - } - } - throw new import_property_provider.CredentialsProviderError("AWS_PROFILE is set, skipping fromEnv provider.", { - logger: init.logger, - tryNextLink: true - }); - } - init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromEnv"); - return (0, import_credential_provider_env.fromEnv)(init)(); - }, - async () => { - init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromSSO"); - const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoSession } = init; - if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName && !ssoSession) { - throw new import_property_provider.CredentialsProviderError( - "Skipping SSO provider in default chain (inputs do not include SSO fields).", - { logger: init.logger } - ); - } - const { fromSSO } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(5284))); - return fromSSO(init)(); - }, - async () => { - init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromIni"); - const { fromIni } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(5736))); - return fromIni(init)(); - }, - async () => { - init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromProcess"); - const { fromProcess } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(8638))); - return fromProcess(init)(); - }, - async () => { - init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromTokenFile"); - const { fromTokenFile } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(5603))); - return fromTokenFile(init)(); - }, - async () => { - init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::remoteProvider"); - return (await remoteProvider(init))(); - }, - async () => { - throw new import_property_provider.CredentialsProviderError("Could not load credentials from any providers", { - tryNextLink: false, - logger: init.logger - }); +// src/defaultUserAgent.ts +var createDefaultUserAgentProvider = /* @__PURE__ */ __name(({ serviceId, clientVersion }) => { + return async (config) => { + const sections = [ + // sdk-metadata + ["aws-sdk-js", clientVersion], + // ua-metadata + ["ua", "2.1"], + // os-metadata + [`os/${(0, import_os.platform)()}`, (0, import_os.release)()], + // language-metadata + // ECMAScript edition doesn't matter in JS, so no version needed. + ["lang/js"], + ["md/nodejs", `${import_process.versions.node}`] + ]; + const crtAvailable = isCrtAvailable(); + if (crtAvailable) { + sections.push(crtAvailable); } - ), - credentialsTreatedAsExpired, - credentialsWillNeedRefresh -), "defaultProvider"); -var credentialsWillNeedRefresh = /* @__PURE__ */ __name((credentials) => credentials?.expiration !== void 0, "credentialsWillNeedRefresh"); -var credentialsTreatedAsExpired = /* @__PURE__ */ __name((credentials) => credentials?.expiration !== void 0 && credentials.expiration.getTime() - Date.now() < 3e5, "credentialsTreatedAsExpired"); + if (serviceId) { + sections.push([`api/${serviceId}`, clientVersion]); + } + if (import_process.env.AWS_EXECUTION_ENV) { + sections.push([`exec-env/${import_process.env.AWS_EXECUTION_ENV}`]); + } + const appId = await config?.userAgentAppId?.(); + const resolvedUserAgent = appId ? [...sections, [`app/${appId}`]] : [...sections]; + return resolvedUserAgent; + }; +}, "createDefaultUserAgentProvider"); +var defaultUserAgent = createDefaultUserAgentProvider; + +// src/nodeAppIdConfigOptions.ts +var import_middleware_user_agent = __nccwpck_require__(6634); +var UA_APP_ID_ENV_NAME = "AWS_SDK_UA_APP_ID"; +var UA_APP_ID_INI_NAME = "sdk_ua_app_id"; +var UA_APP_ID_INI_NAME_DEPRECATED = "sdk-ua-app-id"; +var NODE_APP_ID_CONFIG_OPTIONS = { + environmentVariableSelector: /* @__PURE__ */ __name((env2) => env2[UA_APP_ID_ENV_NAME], "environmentVariableSelector"), + configFileSelector: /* @__PURE__ */ __name((profile) => profile[UA_APP_ID_INI_NAME] ?? profile[UA_APP_ID_INI_NAME_DEPRECATED], "configFileSelector"), + default: import_middleware_user_agent.DEFAULT_UA_APP_ID +}; // Annotate the CommonJS export names for ESM import in node: 0 && (0); @@ -34445,8 +42549,22 @@ var credentialsTreatedAsExpired = /* @__PURE__ */ __name((credentials) => creden /***/ }), -/***/ 8638: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +/***/ 9963: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +const tslib_1 = __nccwpck_require__(4351); +tslib_1.__exportStar(__nccwpck_require__(2825), exports); +tslib_1.__exportStar(__nccwpck_require__(7862), exports); +tslib_1.__exportStar(__nccwpck_require__(785), exports); + + +/***/ }), + +/***/ 2825: +/***/ ((module) => { "use strict"; @@ -34469,103 +42587,64 @@ var __copyProps = (to, from, except, desc) => { }; var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -// src/index.ts +// src/submodules/client/index.ts var index_exports = {}; __export(index_exports, { - fromProcess: () => fromProcess + emitWarningIfUnsupportedVersion: () => emitWarningIfUnsupportedVersion, + setCredentialFeature: () => setCredentialFeature, + setFeature: () => setFeature, + state: () => state }); module.exports = __toCommonJS(index_exports); -// src/fromProcess.ts -var import_shared_ini_file_loader = __nccwpck_require__(3507); +// src/submodules/client/emitWarningIfUnsupportedVersion.ts +var state = { + warningEmitted: false +}; +var emitWarningIfUnsupportedVersion = /* @__PURE__ */ __name((version) => { + if (version && !state.warningEmitted && parseInt(version.substring(1, version.indexOf("."))) < 18) { + state.warningEmitted = true; + process.emitWarning( + `NodeDeprecationWarning: The AWS SDK for JavaScript (v3) will +no longer support Node.js 16.x on January 6, 2025. -// src/resolveProcessCredentials.ts -var import_property_provider = __nccwpck_require__(9721); -var import_child_process = __nccwpck_require__(2081); -var import_util = __nccwpck_require__(3837); +To continue receiving updates to AWS services, bug fixes, and security +updates please upgrade to a supported Node.js LTS version. -// src/getValidatedProcessCredentials.ts -var import_client = __nccwpck_require__(6510); -var getValidatedProcessCredentials = /* @__PURE__ */ __name((profileName, data, profiles) => { - if (data.Version !== 1) { - throw Error(`Profile ${profileName} credential_process did not return Version 1.`); - } - if (data.AccessKeyId === void 0 || data.SecretAccessKey === void 0) { - throw Error(`Profile ${profileName} credential_process returned invalid credentials.`); - } - if (data.Expiration) { - const currentTime = /* @__PURE__ */ new Date(); - const expireTime = new Date(data.Expiration); - if (expireTime < currentTime) { - throw Error(`Profile ${profileName} credential_process returned expired credentials.`); - } +More information can be found at: https://a.co/74kJMmI` + ); } - let accountId = data.AccountId; - if (!accountId && profiles?.[profileName]?.aws_account_id) { - accountId = profiles[profileName].aws_account_id; +}, "emitWarningIfUnsupportedVersion"); + +// src/submodules/client/setCredentialFeature.ts +function setCredentialFeature(credentials, feature, value) { + if (!credentials.$source) { + credentials.$source = {}; } - const credentials = { - accessKeyId: data.AccessKeyId, - secretAccessKey: data.SecretAccessKey, - ...data.SessionToken && { sessionToken: data.SessionToken }, - ...data.Expiration && { expiration: new Date(data.Expiration) }, - ...data.CredentialScope && { credentialScope: data.CredentialScope }, - ...accountId && { accountId } - }; - (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_PROCESS", "w"); + credentials.$source[feature] = value; return credentials; -}, "getValidatedProcessCredentials"); +} +__name(setCredentialFeature, "setCredentialFeature"); -// src/resolveProcessCredentials.ts -var resolveProcessCredentials = /* @__PURE__ */ __name(async (profileName, profiles, logger) => { - const profile = profiles[profileName]; - if (profiles[profileName]) { - const credentialProcess = profile["credential_process"]; - if (credentialProcess !== void 0) { - const execPromise = (0, import_util.promisify)(import_child_process.exec); - try { - const { stdout } = await execPromise(credentialProcess); - let data; - try { - data = JSON.parse(stdout.trim()); - } catch { - throw Error(`Profile ${profileName} credential_process returned invalid JSON.`); - } - return getValidatedProcessCredentials(profileName, data, profiles); - } catch (error) { - throw new import_property_provider.CredentialsProviderError(error.message, { logger }); - } - } else { - throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} did not contain credential_process.`, { logger }); - } - } else { - throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} could not be found in shared credentials file.`, { - logger - }); +// src/submodules/client/setFeature.ts +function setFeature(context, feature, value) { + if (!context.__aws_sdk_context) { + context.__aws_sdk_context = { + features: {} + }; + } else if (!context.__aws_sdk_context.features) { + context.__aws_sdk_context.features = {}; } -}, "resolveProcessCredentials"); - -// src/fromProcess.ts -var fromProcess = /* @__PURE__ */ __name((init = {}) => async ({ callerClientConfig } = {}) => { - init.logger?.debug("@aws-sdk/credential-provider-process - fromProcess"); - const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init); - return resolveProcessCredentials( - (0, import_shared_ini_file_loader.getProfileName)({ - profile: init.profile ?? callerClientConfig?.profile - }), - profiles, - init.logger - ); -}, "fromProcess"); + context.__aws_sdk_context.features[feature] = value; +} +__name(setFeature, "setFeature"); // Annotate the CommonJS export names for ESM import in node: - 0 && (0); - /***/ }), -/***/ 5284: +/***/ 7862: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; @@ -34575,9 +42654,6 @@ var __getOwnPropDesc = Object.getOwnPropertyDescriptor; var __getOwnPropNames = Object.getOwnPropertyNames; var __hasOwnProp = Object.prototype.hasOwnProperty; var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __esm = (fn, res) => function __init() { - return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res; -}; var __export = (target, all) => { for (var name in all) __defProp(target, name, { get: all[name], enumerable: true }); @@ -34592,373 +42668,371 @@ var __copyProps = (to, from, except, desc) => { }; var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -// src/loadSso.ts -var loadSso_exports = {}; -__export(loadSso_exports, { - GetRoleCredentialsCommand: () => import_client_sso.GetRoleCredentialsCommand, - SSOClient: () => import_client_sso.SSOClient -}); -var import_client_sso; -var init_loadSso = __esm({ - "src/loadSso.ts"() { - "use strict"; - import_client_sso = __nccwpck_require__(1687); - } -}); - -// src/index.ts +// src/submodules/httpAuthSchemes/index.ts var index_exports = {}; __export(index_exports, { - fromSSO: () => fromSSO, - isSsoProfile: () => isSsoProfile, - validateSsoProfile: () => validateSsoProfile + AWSSDKSigV4Signer: () => AWSSDKSigV4Signer, + AwsSdkSigV4ASigner: () => AwsSdkSigV4ASigner, + AwsSdkSigV4Signer: () => AwsSdkSigV4Signer, + NODE_AUTH_SCHEME_PREFERENCE_OPTIONS: () => NODE_AUTH_SCHEME_PREFERENCE_OPTIONS, + NODE_SIGV4A_CONFIG_OPTIONS: () => NODE_SIGV4A_CONFIG_OPTIONS, + getBearerTokenEnvKey: () => getBearerTokenEnvKey, + resolveAWSSDKSigV4Config: () => resolveAWSSDKSigV4Config, + resolveAwsSdkSigV4AConfig: () => resolveAwsSdkSigV4AConfig, + resolveAwsSdkSigV4Config: () => resolveAwsSdkSigV4Config, + validateSigningProperties: () => validateSigningProperties }); module.exports = __toCommonJS(index_exports); -// src/fromSSO.ts +// src/submodules/httpAuthSchemes/aws_sdk/AwsSdkSigV4Signer.ts +var import_protocol_http2 = __nccwpck_require__(4418); +// src/submodules/httpAuthSchemes/utils/getDateHeader.ts +var import_protocol_http = __nccwpck_require__(4418); +var getDateHeader = /* @__PURE__ */ __name((response) => import_protocol_http.HttpResponse.isInstance(response) ? response.headers?.date ?? response.headers?.Date : void 0, "getDateHeader"); +// src/submodules/httpAuthSchemes/utils/getSkewCorrectedDate.ts +var getSkewCorrectedDate = /* @__PURE__ */ __name((systemClockOffset) => new Date(Date.now() + systemClockOffset), "getSkewCorrectedDate"); -// src/isSsoProfile.ts -var isSsoProfile = /* @__PURE__ */ __name((arg) => arg && (typeof arg.sso_start_url === "string" || typeof arg.sso_account_id === "string" || typeof arg.sso_session === "string" || typeof arg.sso_region === "string" || typeof arg.sso_role_name === "string"), "isSsoProfile"); +// src/submodules/httpAuthSchemes/utils/isClockSkewed.ts +var isClockSkewed = /* @__PURE__ */ __name((clockTime, systemClockOffset) => Math.abs(getSkewCorrectedDate(systemClockOffset).getTime() - clockTime) >= 3e5, "isClockSkewed"); -// src/resolveSSOCredentials.ts -var import_client = __nccwpck_require__(6510); -var import_token_providers = __nccwpck_require__(7182); -var import_property_provider = __nccwpck_require__(9721); -var import_shared_ini_file_loader = __nccwpck_require__(3507); -var SHOULD_FAIL_CREDENTIAL_CHAIN = false; -var resolveSSOCredentials = /* @__PURE__ */ __name(async ({ - ssoStartUrl, - ssoSession, - ssoAccountId, - ssoRegion, - ssoRoleName, - ssoClient, - clientConfig, - parentClientConfig, - profile, - logger -}) => { - let token; - const refreshMessage = `To refresh this SSO session run aws sso login with the corresponding profile.`; - if (ssoSession) { - try { - const _token = await (0, import_token_providers.fromSso)({ profile })(); - token = { - accessToken: _token.token, - expiresAt: new Date(_token.expiration).toISOString() - }; - } catch (e) { - throw new import_property_provider.CredentialsProviderError(e.message, { - tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, - logger - }); - } - } else { - try { - token = await (0, import_shared_ini_file_loader.getSSOTokenFromFile)(ssoStartUrl); - } catch (e) { - throw new import_property_provider.CredentialsProviderError(`The SSO session associated with this profile is invalid. ${refreshMessage}`, { - tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, - logger - }); - } +// src/submodules/httpAuthSchemes/utils/getUpdatedSystemClockOffset.ts +var getUpdatedSystemClockOffset = /* @__PURE__ */ __name((clockTime, currentSystemClockOffset) => { + const clockTimeInMs = Date.parse(clockTime); + if (isClockSkewed(clockTimeInMs, currentSystemClockOffset)) { + return clockTimeInMs - Date.now(); } - if (new Date(token.expiresAt).getTime() - Date.now() <= 0) { - throw new import_property_provider.CredentialsProviderError(`The SSO session associated with this profile has expired. ${refreshMessage}`, { - tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, - logger - }); + return currentSystemClockOffset; +}, "getUpdatedSystemClockOffset"); + +// src/submodules/httpAuthSchemes/aws_sdk/AwsSdkSigV4Signer.ts +var throwSigningPropertyError = /* @__PURE__ */ __name((name, property) => { + if (!property) { + throw new Error(`Property \`${name}\` is not resolved for AWS SDK SigV4Auth`); } - const { accessToken } = token; - const { SSOClient: SSOClient2, GetRoleCredentialsCommand: GetRoleCredentialsCommand2 } = await Promise.resolve().then(() => (init_loadSso(), loadSso_exports)); - const sso = ssoClient || new SSOClient2( - Object.assign({}, clientConfig ?? {}, { - logger: clientConfig?.logger ?? parentClientConfig?.logger, - region: clientConfig?.region ?? ssoRegion - }) + return property; +}, "throwSigningPropertyError"); +var validateSigningProperties = /* @__PURE__ */ __name(async (signingProperties) => { + const context = throwSigningPropertyError( + "context", + signingProperties.context ); - let ssoResp; - try { - ssoResp = await sso.send( - new GetRoleCredentialsCommand2({ - accountId: ssoAccountId, - roleName: ssoRoleName, - accessToken - }) - ); - } catch (e) { - throw new import_property_provider.CredentialsProviderError(e, { - tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, - logger - }); + const config = throwSigningPropertyError("config", signingProperties.config); + const authScheme = context.endpointV2?.properties?.authSchemes?.[0]; + const signerFunction = throwSigningPropertyError( + "signer", + config.signer + ); + const signer = await signerFunction(authScheme); + const signingRegion = signingProperties?.signingRegion; + const signingRegionSet = signingProperties?.signingRegionSet; + const signingName = signingProperties?.signingName; + return { + config, + signer, + signingRegion, + signingRegionSet, + signingName + }; +}, "validateSigningProperties"); +var AwsSdkSigV4Signer = class { + static { + __name(this, "AwsSdkSigV4Signer"); } - const { - roleCredentials: { accessKeyId, secretAccessKey, sessionToken, expiration, credentialScope, accountId } = {} - } = ssoResp; - if (!accessKeyId || !secretAccessKey || !sessionToken || !expiration) { - throw new import_property_provider.CredentialsProviderError("SSO returns an invalid temporary credential.", { - tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, - logger + async sign(httpRequest, identity, signingProperties) { + if (!import_protocol_http2.HttpRequest.isInstance(httpRequest)) { + throw new Error("The request is not an instance of `HttpRequest` and cannot be signed"); + } + const validatedProps = await validateSigningProperties(signingProperties); + const { config, signer } = validatedProps; + let { signingRegion, signingName } = validatedProps; + const handlerExecutionContext = signingProperties.context; + if (handlerExecutionContext?.authSchemes?.length ?? 0 > 1) { + const [first, second] = handlerExecutionContext.authSchemes; + if (first?.name === "sigv4a" && second?.name === "sigv4") { + signingRegion = second?.signingRegion ?? signingRegion; + signingName = second?.signingName ?? signingName; + } + } + const signedRequest = await signer.sign(httpRequest, { + signingDate: getSkewCorrectedDate(config.systemClockOffset), + signingRegion, + signingService: signingName }); + return signedRequest; } - const credentials = { - accessKeyId, - secretAccessKey, - sessionToken, - expiration: new Date(expiration), - ...credentialScope && { credentialScope }, - ...accountId && { accountId } - }; - if (ssoSession) { - (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_SSO", "s"); - } else { - (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_SSO_LEGACY", "u"); + errorHandler(signingProperties) { + return (error) => { + const serverTime = error.ServerTime ?? getDateHeader(error.$response); + if (serverTime) { + const config = throwSigningPropertyError("config", signingProperties.config); + const initialSystemClockOffset = config.systemClockOffset; + config.systemClockOffset = getUpdatedSystemClockOffset(serverTime, config.systemClockOffset); + const clockSkewCorrected = config.systemClockOffset !== initialSystemClockOffset; + if (clockSkewCorrected && error.$metadata) { + error.$metadata.clockSkewCorrected = true; + } + } + throw error; + }; } - return credentials; -}, "resolveSSOCredentials"); - -// src/validateSsoProfile.ts - -var validateSsoProfile = /* @__PURE__ */ __name((profile, logger) => { - const { sso_start_url, sso_account_id, sso_region, sso_role_name } = profile; - if (!sso_start_url || !sso_account_id || !sso_region || !sso_role_name) { - throw new import_property_provider.CredentialsProviderError( - `Profile is configured with invalid SSO credentials. Required parameters "sso_account_id", "sso_region", "sso_role_name", "sso_start_url". Got ${Object.keys(profile).join( - ", " - )} -Reference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`, - { tryNextLink: false, logger } - ); + successHandler(httpResponse, signingProperties) { + const dateHeader = getDateHeader(httpResponse); + if (dateHeader) { + const config = throwSigningPropertyError("config", signingProperties.config); + config.systemClockOffset = getUpdatedSystemClockOffset(dateHeader, config.systemClockOffset); + } } - return profile; -}, "validateSsoProfile"); +}; +var AWSSDKSigV4Signer = AwsSdkSigV4Signer; -// src/fromSSO.ts -var fromSSO = /* @__PURE__ */ __name((init = {}) => async ({ callerClientConfig } = {}) => { - init.logger?.debug("@aws-sdk/credential-provider-sso - fromSSO"); - const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoSession } = init; - const { ssoClient } = init; - const profileName = (0, import_shared_ini_file_loader.getProfileName)({ - profile: init.profile ?? callerClientConfig?.profile - }); - if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName && !ssoSession) { - const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init); - const profile = profiles[profileName]; - if (!profile) { - throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} was not found.`, { logger: init.logger }); - } - if (!isSsoProfile(profile)) { - throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} is not configured with SSO credentials.`, { - logger: init.logger - }); - } - if (profile?.sso_session) { - const ssoSessions = await (0, import_shared_ini_file_loader.loadSsoSessionData)(init); - const session = ssoSessions[profile.sso_session]; - const conflictMsg = ` configurations in profile ${profileName} and sso-session ${profile.sso_session}`; - if (ssoRegion && ssoRegion !== session.sso_region) { - throw new import_property_provider.CredentialsProviderError(`Conflicting SSO region` + conflictMsg, { - tryNextLink: false, - logger: init.logger - }); - } - if (ssoStartUrl && ssoStartUrl !== session.sso_start_url) { - throw new import_property_provider.CredentialsProviderError(`Conflicting SSO start_url` + conflictMsg, { - tryNextLink: false, - logger: init.logger - }); - } - profile.sso_region = session.sso_region; - profile.sso_start_url = session.sso_start_url; +// src/submodules/httpAuthSchemes/aws_sdk/AwsSdkSigV4ASigner.ts +var import_protocol_http3 = __nccwpck_require__(4418); +var AwsSdkSigV4ASigner = class extends AwsSdkSigV4Signer { + static { + __name(this, "AwsSdkSigV4ASigner"); + } + async sign(httpRequest, identity, signingProperties) { + if (!import_protocol_http3.HttpRequest.isInstance(httpRequest)) { + throw new Error("The request is not an instance of `HttpRequest` and cannot be signed"); } - const { sso_start_url, sso_account_id, sso_region, sso_role_name, sso_session } = validateSsoProfile( - profile, - init.logger - ); - return resolveSSOCredentials({ - ssoStartUrl: sso_start_url, - ssoSession: sso_session, - ssoAccountId: sso_account_id, - ssoRegion: sso_region, - ssoRoleName: sso_role_name, - ssoClient, - clientConfig: init.clientConfig, - parentClientConfig: init.parentClientConfig, - profile: profileName - }); - } else if (!ssoStartUrl || !ssoAccountId || !ssoRegion || !ssoRoleName) { - throw new import_property_provider.CredentialsProviderError( - 'Incomplete configuration. The fromSSO() argument hash must include "ssoStartUrl", "ssoAccountId", "ssoRegion", "ssoRoleName"', - { tryNextLink: false, logger: init.logger } + const { config, signer, signingRegion, signingRegionSet, signingName } = await validateSigningProperties( + signingProperties ); - } else { - return resolveSSOCredentials({ - ssoStartUrl, - ssoSession, - ssoAccountId, - ssoRegion, - ssoRoleName, - ssoClient, - clientConfig: init.clientConfig, - parentClientConfig: init.parentClientConfig, - profile: profileName + const configResolvedSigningRegionSet = await config.sigv4aSigningRegionSet?.(); + const multiRegionOverride = (configResolvedSigningRegionSet ?? signingRegionSet ?? [signingRegion]).join(","); + const signedRequest = await signer.sign(httpRequest, { + signingDate: getSkewCorrectedDate(config.systemClockOffset), + signingRegion: multiRegionOverride, + signingService: signingName }); + return signedRequest; } -}, "fromSSO"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 279: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.fromTokenFile = void 0; -const client_1 = __nccwpck_require__(6510); -const property_provider_1 = __nccwpck_require__(9721); -const fs_1 = __nccwpck_require__(7147); -const fromWebToken_1 = __nccwpck_require__(9527); -const ENV_TOKEN_FILE = "AWS_WEB_IDENTITY_TOKEN_FILE"; -const ENV_ROLE_ARN = "AWS_ROLE_ARN"; -const ENV_ROLE_SESSION_NAME = "AWS_ROLE_SESSION_NAME"; -const fromTokenFile = (init = {}) => async () => { - init.logger?.debug("@aws-sdk/credential-provider-web-identity - fromTokenFile"); - const webIdentityTokenFile = init?.webIdentityTokenFile ?? process.env[ENV_TOKEN_FILE]; - const roleArn = init?.roleArn ?? process.env[ENV_ROLE_ARN]; - const roleSessionName = init?.roleSessionName ?? process.env[ENV_ROLE_SESSION_NAME]; - if (!webIdentityTokenFile || !roleArn) { - throw new property_provider_1.CredentialsProviderError("Web identity configuration not specified", { - logger: init.logger, - }); - } - const credentials = await (0, fromWebToken_1.fromWebToken)({ - ...init, - webIdentityToken: (0, fs_1.readFileSync)(webIdentityTokenFile, { encoding: "ascii" }), - roleArn, - roleSessionName, - })(); - if (webIdentityTokenFile === process.env[ENV_TOKEN_FILE]) { - (0, client_1.setCredentialFeature)(credentials, "CREDENTIALS_ENV_VARS_STS_WEB_ID_TOKEN", "h"); - } - return credentials; }; -exports.fromTokenFile = fromTokenFile; +// src/submodules/httpAuthSchemes/utils/getArrayForCommaSeparatedString.ts +var getArrayForCommaSeparatedString = /* @__PURE__ */ __name((str) => typeof str === "string" && str.length > 0 ? str.split(",").map((item) => item.trim()) : [], "getArrayForCommaSeparatedString"); -/***/ }), - -/***/ 9527: -/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { - -"use strict"; +// src/submodules/httpAuthSchemes/utils/getBearerTokenEnvKey.ts +var getBearerTokenEnvKey = /* @__PURE__ */ __name((signingName) => `AWS_BEARER_TOKEN_${signingName.replace(/[\s-]/g, "_").toUpperCase()}`, "getBearerTokenEnvKey"); -var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { - if (k2 === undefined) k2 = k; - var desc = Object.getOwnPropertyDescriptor(m, k); - if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { - desc = { enumerable: true, get: function() { return m[k]; } }; +// src/submodules/httpAuthSchemes/aws_sdk/NODE_AUTH_SCHEME_PREFERENCE_OPTIONS.ts +var NODE_AUTH_SCHEME_PREFERENCE_ENV_KEY = "AWS_AUTH_SCHEME_PREFERENCE"; +var NODE_AUTH_SCHEME_PREFERENCE_CONFIG_KEY = "auth_scheme_preference"; +var NODE_AUTH_SCHEME_PREFERENCE_OPTIONS = { + /** + * Retrieves auth scheme preference from environment variables + * @param env - Node process environment object + * @returns Array of auth scheme strings if preference is set, undefined otherwise + */ + environmentVariableSelector: /* @__PURE__ */ __name((env, options) => { + if (options?.signingName) { + const bearerTokenKey = getBearerTokenEnvKey(options.signingName); + if (bearerTokenKey in env) return ["httpBearerAuth"]; } - Object.defineProperty(o, k2, desc); -}) : (function(o, m, k, k2) { - if (k2 === undefined) k2 = k; - o[k2] = m[k]; -})); -var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { - Object.defineProperty(o, "default", { enumerable: true, value: v }); -}) : function(o, v) { - o["default"] = v; -}); -var __importStar = (this && this.__importStar) || (function () { - var ownKeys = function(o) { - ownKeys = Object.getOwnPropertyNames || function (o) { - var ar = []; - for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k; - return ar; - }; - return ownKeys(o); - }; - return function (mod) { - if (mod && mod.__esModule) return mod; - var result = {}; - if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]); - __setModuleDefault(result, mod); - return result; - }; -})(); -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.fromWebToken = void 0; -const fromWebToken = (init) => async (awsIdentityProperties) => { - init.logger?.debug("@aws-sdk/credential-provider-web-identity - fromWebToken"); - const { roleArn, roleSessionName, webIdentityToken, providerId, policyArns, policy, durationSeconds } = init; - let { roleAssumerWithWebIdentity } = init; - if (!roleAssumerWithWebIdentity) { - const { getDefaultRoleAssumerWithWebIdentity } = await Promise.resolve().then(() => __importStar(__nccwpck_require__(3764))); - roleAssumerWithWebIdentity = getDefaultRoleAssumerWithWebIdentity({ - ...init.clientConfig, - credentialProviderLogger: init.logger, - parentClientConfig: { - ...awsIdentityProperties?.callerClientConfig, - ...init.parentClientConfig, - }, - }, init.clientPlugins); + if (!(NODE_AUTH_SCHEME_PREFERENCE_ENV_KEY in env)) return void 0; + return getArrayForCommaSeparatedString(env[NODE_AUTH_SCHEME_PREFERENCE_ENV_KEY]); + }, "environmentVariableSelector"), + /** + * Retrieves auth scheme preference from config file + * @param profile - Config profile object + * @returns Array of auth scheme strings if preference is set, undefined otherwise + */ + configFileSelector: /* @__PURE__ */ __name((profile) => { + if (!(NODE_AUTH_SCHEME_PREFERENCE_CONFIG_KEY in profile)) return void 0; + return getArrayForCommaSeparatedString(profile[NODE_AUTH_SCHEME_PREFERENCE_CONFIG_KEY]); + }, "configFileSelector"), + /** + * Default auth scheme preference if not specified in environment or config + */ + default: [] +}; + +// src/submodules/httpAuthSchemes/aws_sdk/resolveAwsSdkSigV4AConfig.ts +var import_core = __nccwpck_require__(5829); +var import_property_provider = __nccwpck_require__(9721); +var resolveAwsSdkSigV4AConfig = /* @__PURE__ */ __name((config) => { + config.sigv4aSigningRegionSet = (0, import_core.normalizeProvider)(config.sigv4aSigningRegionSet); + return config; +}, "resolveAwsSdkSigV4AConfig"); +var NODE_SIGV4A_CONFIG_OPTIONS = { + environmentVariableSelector(env) { + if (env.AWS_SIGV4A_SIGNING_REGION_SET) { + return env.AWS_SIGV4A_SIGNING_REGION_SET.split(",").map((_) => _.trim()); } - return roleAssumerWithWebIdentity({ - RoleArn: roleArn, - RoleSessionName: roleSessionName ?? `aws-sdk-js-session-${Date.now()}`, - WebIdentityToken: webIdentityToken, - ProviderId: providerId, - PolicyArns: policyArns, - Policy: policy, - DurationSeconds: durationSeconds, + throw new import_property_provider.ProviderError("AWS_SIGV4A_SIGNING_REGION_SET not set in env.", { + tryNextLink: true + }); + }, + configFileSelector(profile) { + if (profile.sigv4a_signing_region_set) { + return (profile.sigv4a_signing_region_set ?? "").split(",").map((_) => _.trim()); + } + throw new import_property_provider.ProviderError("sigv4a_signing_region_set not set in profile.", { + tryNextLink: true }); + }, + default: void 0 }; -exports.fromWebToken = fromWebToken; - - -/***/ }), -/***/ 5603: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); +// src/submodules/httpAuthSchemes/aws_sdk/resolveAwsSdkSigV4Config.ts +var import_client = __nccwpck_require__(2825); +var import_core2 = __nccwpck_require__(5829); +var import_signature_v4 = __nccwpck_require__(1528); +var resolveAwsSdkSigV4Config = /* @__PURE__ */ __name((config) => { + let inputCredentials = config.credentials; + let isUserSupplied = !!config.credentials; + let resolvedCredentials = void 0; + Object.defineProperty(config, "credentials", { + set(credentials) { + if (credentials && credentials !== inputCredentials && credentials !== resolvedCredentials) { + isUserSupplied = true; + } + inputCredentials = credentials; + const memoizedProvider = normalizeCredentialProvider(config, { + credentials: inputCredentials, + credentialDefaultProvider: config.credentialDefaultProvider + }); + const boundProvider = bindCallerConfig(config, memoizedProvider); + if (isUserSupplied && !boundProvider.attributed) { + resolvedCredentials = /* @__PURE__ */ __name(async (options) => boundProvider(options).then( + (creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_CODE", "e") + ), "resolvedCredentials"); + resolvedCredentials.memoized = boundProvider.memoized; + resolvedCredentials.configBound = boundProvider.configBound; + resolvedCredentials.attributed = true; + } else { + resolvedCredentials = boundProvider; + } + }, + get() { + return resolvedCredentials; + }, + enumerable: true, + configurable: true + }); + config.credentials = inputCredentials; + const { + // Default for signingEscapePath + signingEscapePath = true, + // Default for systemClockOffset + systemClockOffset = config.systemClockOffset || 0, + // No default for sha256 since it is platform dependent + sha256 + } = config; + let signer; + if (config.signer) { + signer = (0, import_core2.normalizeProvider)(config.signer); + } else if (config.regionInfoProvider) { + signer = /* @__PURE__ */ __name(() => (0, import_core2.normalizeProvider)(config.region)().then( + async (region) => [ + await config.regionInfoProvider(region, { + useFipsEndpoint: await config.useFipsEndpoint(), + useDualstackEndpoint: await config.useDualstackEndpoint() + }) || {}, + region + ] + ).then(([regionInfo, region]) => { + const { signingRegion, signingService } = regionInfo; + config.signingRegion = config.signingRegion || signingRegion || region; + config.signingName = config.signingName || signingService || config.serviceId; + const params = { + ...config, + credentials: config.credentials, + region: config.signingRegion, + service: config.signingName, + sha256, + uriEscapePath: signingEscapePath + }; + const SignerCtor = config.signerConstructor || import_signature_v4.SignatureV4; + return new SignerCtor(params); + }), "signer"); + } else { + signer = /* @__PURE__ */ __name(async (authScheme) => { + authScheme = Object.assign( + {}, + { + name: "sigv4", + signingName: config.signingName || config.defaultSigningName, + signingRegion: await (0, import_core2.normalizeProvider)(config.region)(), + properties: {} + }, + authScheme + ); + const signingRegion = authScheme.signingRegion; + const signingService = authScheme.signingName; + config.signingRegion = config.signingRegion || signingRegion; + config.signingName = config.signingName || signingService || config.serviceId; + const params = { + ...config, + credentials: config.credentials, + region: config.signingRegion, + service: config.signingName, + sha256, + uriEscapePath: signingEscapePath + }; + const SignerCtor = config.signerConstructor || import_signature_v4.SignatureV4; + return new SignerCtor(params); + }, "signer"); } - return to; -}; -var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default")); -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -module.exports = __toCommonJS(index_exports); -__reExport(index_exports, __nccwpck_require__(279), module.exports); -__reExport(index_exports, __nccwpck_require__(9527), module.exports); + const resolvedConfig = Object.assign(config, { + systemClockOffset, + signingEscapePath, + signer + }); + return resolvedConfig; +}, "resolveAwsSdkSigV4Config"); +var resolveAWSSDKSigV4Config = resolveAwsSdkSigV4Config; +function normalizeCredentialProvider(config, { + credentials, + credentialDefaultProvider +}) { + let credentialsProvider; + if (credentials) { + if (!credentials?.memoized) { + credentialsProvider = (0, import_core2.memoizeIdentityProvider)(credentials, import_core2.isIdentityExpired, import_core2.doesIdentityRequireRefresh); + } else { + credentialsProvider = credentials; + } + } else { + if (credentialDefaultProvider) { + credentialsProvider = (0, import_core2.normalizeProvider)( + credentialDefaultProvider( + Object.assign({}, config, { + parentClientConfig: config + }) + ) + ); + } else { + credentialsProvider = /* @__PURE__ */ __name(async () => { + throw new Error( + "@aws-sdk/core::resolveAwsSdkSigV4Config - `credentials` not provided and no credentialDefaultProvider was configured." + ); + }, "credentialsProvider"); + } + } + credentialsProvider.memoized = true; + return credentialsProvider; +} +__name(normalizeCredentialProvider, "normalizeCredentialProvider"); +function bindCallerConfig(config, credentialsProvider) { + if (credentialsProvider.configBound) { + return credentialsProvider; + } + const fn = /* @__PURE__ */ __name(async (options) => credentialsProvider({ ...options, callerClientConfig: config }), "fn"); + fn.memoized = credentialsProvider.memoized; + fn.configBound = true; + return fn; +} +__name(bindCallerConfig, "bindCallerConfig"); // Annotate the CommonJS export names for ESM import in node: - 0 && (0); - /***/ }), -/***/ 9514: +/***/ 785: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; @@ -34982,1774 +43056,1993 @@ var __copyProps = (to, from, except, desc) => { }; var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -// src/index.ts +// src/submodules/protocols/index.ts var index_exports = {}; __export(index_exports, { - getHostHeaderPlugin: () => getHostHeaderPlugin, - hostHeaderMiddleware: () => hostHeaderMiddleware, - hostHeaderMiddlewareOptions: () => hostHeaderMiddlewareOptions, - resolveHostHeaderConfig: () => resolveHostHeaderConfig + AwsEc2QueryProtocol: () => AwsEc2QueryProtocol, + AwsJson1_0Protocol: () => AwsJson1_0Protocol, + AwsJson1_1Protocol: () => AwsJson1_1Protocol, + AwsJsonRpcProtocol: () => AwsJsonRpcProtocol, + AwsQueryProtocol: () => AwsQueryProtocol, + AwsRestJsonProtocol: () => AwsRestJsonProtocol, + AwsRestXmlProtocol: () => AwsRestXmlProtocol, + JsonCodec: () => JsonCodec, + JsonShapeDeserializer: () => JsonShapeDeserializer, + JsonShapeSerializer: () => JsonShapeSerializer, + XmlCodec: () => XmlCodec, + XmlShapeDeserializer: () => XmlShapeDeserializer, + XmlShapeSerializer: () => XmlShapeSerializer, + _toBool: () => _toBool, + _toNum: () => _toNum, + _toStr: () => _toStr, + awsExpectUnion: () => awsExpectUnion, + loadRestJsonErrorCode: () => loadRestJsonErrorCode, + loadRestXmlErrorCode: () => loadRestXmlErrorCode, + parseJsonBody: () => parseJsonBody, + parseJsonErrorBody: () => parseJsonErrorBody, + parseXmlBody: () => parseXmlBody, + parseXmlErrorBody: () => parseXmlErrorBody }); module.exports = __toCommonJS(index_exports); -var import_protocol_http = __nccwpck_require__(4418); -function resolveHostHeaderConfig(input) { - return input; + +// src/submodules/protocols/coercing-serializers.ts +var _toStr = /* @__PURE__ */ __name((val) => { + if (val == null) { + return val; + } + if (typeof val === "number" || typeof val === "bigint") { + const warning = new Error(`Received number ${val} where a string was expected.`); + warning.name = "Warning"; + console.warn(warning); + return String(val); + } + if (typeof val === "boolean") { + const warning = new Error(`Received boolean ${val} where a string was expected.`); + warning.name = "Warning"; + console.warn(warning); + return String(val); + } + return val; +}, "_toStr"); +var _toBool = /* @__PURE__ */ __name((val) => { + if (val == null) { + return val; + } + if (typeof val === "number") { + } + if (typeof val === "string") { + const lowercase = val.toLowerCase(); + if (val !== "" && lowercase !== "false" && lowercase !== "true") { + const warning = new Error(`Received string "${val}" where a boolean was expected.`); + warning.name = "Warning"; + console.warn(warning); + } + return val !== "" && lowercase !== "false"; + } + return val; +}, "_toBool"); +var _toNum = /* @__PURE__ */ __name((val) => { + if (val == null) { + return val; + } + if (typeof val === "boolean") { + } + if (typeof val === "string") { + const num = Number(val); + if (num.toString() !== val) { + const warning = new Error(`Received string "${val}" where a number was expected.`); + warning.name = "Warning"; + console.warn(warning); + return val; + } + return num; + } + return val; +}, "_toNum"); + +// src/submodules/protocols/json/AwsJsonRpcProtocol.ts +var import_protocols = __nccwpck_require__(2241); +var import_schema3 = __nccwpck_require__(9826); +var import_util_body_length_browser = __nccwpck_require__(713); + +// src/submodules/protocols/ConfigurableSerdeContext.ts +var SerdeContextConfig = class { + static { + __name(this, "SerdeContextConfig"); + } + serdeContext; + setSerdeContext(serdeContext) { + this.serdeContext = serdeContext; + } +}; + +// src/submodules/protocols/json/JsonShapeDeserializer.ts +var import_schema = __nccwpck_require__(9826); +var import_serde2 = __nccwpck_require__(7669); +var import_util_base64 = __nccwpck_require__(5600); + +// src/submodules/protocols/json/jsonReviver.ts +var import_serde = __nccwpck_require__(7669); +function jsonReviver(key, value, context) { + if (context?.source) { + const numericString = context.source; + if (typeof value === "number") { + if (value > Number.MAX_SAFE_INTEGER || value < Number.MIN_SAFE_INTEGER || numericString !== String(value)) { + const isFractional = numericString.includes("."); + if (isFractional) { + return new import_serde.NumericValue(numericString, "bigDecimal"); + } else { + return BigInt(numericString); + } + } + } + } + return value; } -__name(resolveHostHeaderConfig, "resolveHostHeaderConfig"); -var hostHeaderMiddleware = /* @__PURE__ */ __name((options) => (next) => async (args) => { - if (!import_protocol_http.HttpRequest.isInstance(args.request)) return next(args); - const { request } = args; - const { handlerProtocol = "" } = options.requestHandler.metadata || {}; - if (handlerProtocol.indexOf("h2") >= 0 && !request.headers[":authority"]) { - delete request.headers["host"]; - request.headers[":authority"] = request.hostname + (request.port ? ":" + request.port : ""); - } else if (!request.headers["host"]) { - let host = request.hostname; - if (request.port != null) host += `:${request.port}`; - request.headers["host"] = host; +__name(jsonReviver, "jsonReviver"); + +// src/submodules/protocols/common.ts +var import_smithy_client = __nccwpck_require__(3570); +var collectBodyString = /* @__PURE__ */ __name((streamBody, context) => (0, import_smithy_client.collectBody)(streamBody, context).then((body) => context.utf8Encoder(body)), "collectBodyString"); + +// src/submodules/protocols/json/parseJsonBody.ts +var parseJsonBody = /* @__PURE__ */ __name((streamBody, context) => collectBodyString(streamBody, context).then((encoded) => { + if (encoded.length) { + try { + return JSON.parse(encoded); + } catch (e) { + if (e?.name === "SyntaxError") { + Object.defineProperty(e, "$responseBodyText", { + value: encoded + }); + } + throw e; + } + } + return {}; +}), "parseJsonBody"); +var parseJsonErrorBody = /* @__PURE__ */ __name(async (errorBody, context) => { + const value = await parseJsonBody(errorBody, context); + value.message = value.message ?? value.Message; + return value; +}, "parseJsonErrorBody"); +var loadRestJsonErrorCode = /* @__PURE__ */ __name((output, data) => { + const findKey = /* @__PURE__ */ __name((object, key) => Object.keys(object).find((k) => k.toLowerCase() === key.toLowerCase()), "findKey"); + const sanitizeErrorCode = /* @__PURE__ */ __name((rawValue) => { + let cleanValue = rawValue; + if (typeof cleanValue === "number") { + cleanValue = cleanValue.toString(); + } + if (cleanValue.indexOf(",") >= 0) { + cleanValue = cleanValue.split(",")[0]; + } + if (cleanValue.indexOf(":") >= 0) { + cleanValue = cleanValue.split(":")[0]; + } + if (cleanValue.indexOf("#") >= 0) { + cleanValue = cleanValue.split("#")[1]; + } + return cleanValue; + }, "sanitizeErrorCode"); + const headerKey = findKey(output.headers, "x-amzn-errortype"); + if (headerKey !== void 0) { + return sanitizeErrorCode(output.headers[headerKey]); + } + if (data && typeof data === "object") { + const codeKey = findKey(data, "code"); + if (codeKey && data[codeKey] !== void 0) { + return sanitizeErrorCode(data[codeKey]); + } + if (data["__type"] !== void 0) { + return sanitizeErrorCode(data["__type"]); + } + } +}, "loadRestJsonErrorCode"); + +// src/submodules/protocols/json/JsonShapeDeserializer.ts +var JsonShapeDeserializer = class extends SerdeContextConfig { + constructor(settings) { + super(); + this.settings = settings; + } + static { + __name(this, "JsonShapeDeserializer"); + } + async read(schema, data) { + return this._read( + schema, + typeof data === "string" ? JSON.parse(data, jsonReviver) : await parseJsonBody(data, this.serdeContext) + ); + } + readObject(schema, data) { + return this._read(schema, data); + } + _read(schema, value) { + const isObject = value !== null && typeof value === "object"; + const ns = import_schema.NormalizedSchema.of(schema); + if (ns.isListSchema() && Array.isArray(value)) { + const listMember = ns.getValueSchema(); + const out = []; + const sparse = !!ns.getMergedTraits().sparse; + for (const item of value) { + if (sparse || item != null) { + out.push(this._read(listMember, item)); + } + } + return out; + } else if (ns.isMapSchema() && isObject) { + const mapMember = ns.getValueSchema(); + const out = {}; + const sparse = !!ns.getMergedTraits().sparse; + for (const [_k, _v] of Object.entries(value)) { + if (sparse || _v != null) { + out[_k] = this._read(mapMember, _v); + } + } + return out; + } else if (ns.isStructSchema() && isObject) { + const out = {}; + for (const [memberName, memberSchema] of ns.structIterator()) { + const fromKey = this.settings.jsonName ? memberSchema.getMergedTraits().jsonName ?? memberName : memberName; + const deserializedValue = this._read(memberSchema, value[fromKey]); + if (deserializedValue != null) { + out[memberName] = deserializedValue; + } + } + return out; + } + if (ns.isBlobSchema() && typeof value === "string") { + return (0, import_util_base64.fromBase64)(value); + } + const mediaType = ns.getMergedTraits().mediaType; + if (ns.isStringSchema() && typeof value === "string" && mediaType) { + const isJson = mediaType === "application/json" || mediaType.endsWith("+json"); + if (isJson) { + return import_serde2.LazyJsonString.from(value); + } + } + if (ns.isTimestampSchema()) { + const options = this.settings.timestampFormat; + const format = options.useTrait ? ns.getSchema() === import_schema.SCHEMA.TIMESTAMP_DEFAULT ? options.default : ns.getSchema() ?? options.default : options.default; + switch (format) { + case import_schema.SCHEMA.TIMESTAMP_DATE_TIME: + return (0, import_serde2.parseRfc3339DateTimeWithOffset)(value); + case import_schema.SCHEMA.TIMESTAMP_HTTP_DATE: + return (0, import_serde2.parseRfc7231DateTime)(value); + case import_schema.SCHEMA.TIMESTAMP_EPOCH_SECONDS: + return (0, import_serde2.parseEpochTimestamp)(value); + default: + console.warn("Missing timestamp format, parsing value with Date constructor:", value); + return new Date(value); + } + } + if (ns.isBigIntegerSchema() && (typeof value === "number" || typeof value === "string")) { + return BigInt(value); + } + if (ns.isBigDecimalSchema() && value != void 0) { + if (value instanceof import_serde2.NumericValue) { + return value; + } + return new import_serde2.NumericValue(String(value), "bigDecimal"); + } + if (ns.isNumericSchema() && typeof value === "string") { + switch (value) { + case "Infinity": + return Infinity; + case "-Infinity": + return -Infinity; + case "NaN": + return NaN; + } + } + return value; } - return next(args); -}, "hostHeaderMiddleware"); -var hostHeaderMiddlewareOptions = { - name: "hostHeaderMiddleware", - step: "build", - priority: "low", - tags: ["HOST"], - override: true }; -var getHostHeaderPlugin = /* @__PURE__ */ __name((options) => ({ - applyToStack: /* @__PURE__ */ __name((clientStack) => { - clientStack.add(hostHeaderMiddleware(options), hostHeaderMiddlewareOptions); - }, "applyToStack") -}), "getHostHeaderPlugin"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); +// src/submodules/protocols/json/JsonShapeSerializer.ts +var import_schema2 = __nccwpck_require__(9826); +var import_serde4 = __nccwpck_require__(7669); +var import_serde5 = __nccwpck_require__(7669); - -/***/ }), - -/***/ 5675: -/***/ ((module) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); +// src/submodules/protocols/json/jsonReplacer.ts +var import_serde3 = __nccwpck_require__(7669); +var NUMERIC_CONTROL_CHAR = String.fromCharCode(925); +var JsonReplacer = class { + static { + __name(this, "JsonReplacer"); } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - getLoggerPlugin: () => getLoggerPlugin, - loggerMiddleware: () => loggerMiddleware, - loggerMiddlewareOptions: () => loggerMiddlewareOptions -}); -module.exports = __toCommonJS(index_exports); - -// src/loggerMiddleware.ts -var loggerMiddleware = /* @__PURE__ */ __name(() => (next, context) => async (args) => { - try { - const response = await next(args); - const { clientName, commandName, logger, dynamoDbDocumentClientOptions = {} } = context; - const { overrideInputFilterSensitiveLog, overrideOutputFilterSensitiveLog } = dynamoDbDocumentClientOptions; - const inputFilterSensitiveLog = overrideInputFilterSensitiveLog ?? context.inputFilterSensitiveLog; - const outputFilterSensitiveLog = overrideOutputFilterSensitiveLog ?? context.outputFilterSensitiveLog; - const { $metadata, ...outputWithoutMetadata } = response.output; - logger?.info?.({ - clientName, - commandName, - input: inputFilterSensitiveLog(args.input), - output: outputFilterSensitiveLog(outputWithoutMetadata), - metadata: $metadata - }); - return response; - } catch (error) { - const { clientName, commandName, logger, dynamoDbDocumentClientOptions = {} } = context; - const { overrideInputFilterSensitiveLog } = dynamoDbDocumentClientOptions; - const inputFilterSensitiveLog = overrideInputFilterSensitiveLog ?? context.inputFilterSensitiveLog; - logger?.error?.({ - clientName, - commandName, - input: inputFilterSensitiveLog(args.input), - error, - metadata: error.$metadata - }); - throw error; + /** + * Stores placeholder key to true serialized value lookup. + */ + values = /* @__PURE__ */ new Map(); + counter = 0; + stage = 0; + /** + * Creates a jsonReplacer function that reserves big integer and big decimal values + * for later replacement. + */ + createReplacer() { + if (this.stage === 1) { + throw new Error("@aws-sdk/core/protocols - JsonReplacer already created."); + } + if (this.stage === 2) { + throw new Error("@aws-sdk/core/protocols - JsonReplacer exhausted."); + } + this.stage = 1; + return (key, value) => { + if (value instanceof import_serde3.NumericValue) { + const v = `${NUMERIC_CONTROL_CHAR + +"nv" + this.counter++}_` + value.string; + this.values.set(`"${v}"`, value.string); + return v; + } + if (typeof value === "bigint") { + const s = value.toString(); + const v = `${NUMERIC_CONTROL_CHAR + "b" + this.counter++}_` + s; + this.values.set(`"${v}"`, s); + return v; + } + return value; + }; } -}, "loggerMiddleware"); -var loggerMiddlewareOptions = { - name: "loggerMiddleware", - tags: ["LOGGER"], - step: "initialize", - override: true -}; -var getLoggerPlugin = /* @__PURE__ */ __name((options) => ({ - applyToStack: /* @__PURE__ */ __name((clientStack) => { - clientStack.add(loggerMiddleware(), loggerMiddlewareOptions); - }, "applyToStack") -}), "getLoggerPlugin"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 7977: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + /** + * Replaces placeholder keys with their true values. + */ + replaceInJson(json) { + if (this.stage === 0) { + throw new Error("@aws-sdk/core/protocols - JsonReplacer not created yet."); + } + if (this.stage === 2) { + throw new Error("@aws-sdk/core/protocols - JsonReplacer exhausted."); + } + this.stage = 2; + if (this.counter === 0) { + return json; + } + for (const [key, value] of this.values) { + json = json.replace(key, value); + } + return json; } - return to; }; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -// src/index.ts -var index_exports = {}; -__export(index_exports, { - addRecursionDetectionMiddlewareOptions: () => addRecursionDetectionMiddlewareOptions, - getRecursionDetectionPlugin: () => getRecursionDetectionPlugin, - recursionDetectionMiddleware: () => recursionDetectionMiddleware -}); -module.exports = __toCommonJS(index_exports); -var import_protocol_http = __nccwpck_require__(4418); -var TRACE_ID_HEADER_NAME = "X-Amzn-Trace-Id"; -var ENV_LAMBDA_FUNCTION_NAME = "AWS_LAMBDA_FUNCTION_NAME"; -var ENV_TRACE_ID = "_X_AMZN_TRACE_ID"; -var recursionDetectionMiddleware = /* @__PURE__ */ __name((options) => (next) => async (args) => { - const { request } = args; - if (!import_protocol_http.HttpRequest.isInstance(request) || options.runtime !== "node") { - return next(args); - } - const traceIdHeader = Object.keys(request.headers ?? {}).find((h) => h.toLowerCase() === TRACE_ID_HEADER_NAME.toLowerCase()) ?? TRACE_ID_HEADER_NAME; - if (request.headers.hasOwnProperty(traceIdHeader)) { - return next(args); +// src/submodules/protocols/json/JsonShapeSerializer.ts +var JsonShapeSerializer = class extends SerdeContextConfig { + constructor(settings) { + super(); + this.settings = settings; } - const functionName = process.env[ENV_LAMBDA_FUNCTION_NAME]; - const traceId = process.env[ENV_TRACE_ID]; - const nonEmptyString = /* @__PURE__ */ __name((str) => typeof str === "string" && str.length > 0, "nonEmptyString"); - if (nonEmptyString(functionName) && nonEmptyString(traceId)) { - request.headers[TRACE_ID_HEADER_NAME] = traceId; + static { + __name(this, "JsonShapeSerializer"); } - return next({ - ...args, - request - }); -}, "recursionDetectionMiddleware"); -var addRecursionDetectionMiddlewareOptions = { - step: "build", - tags: ["RECURSION_DETECTION"], - name: "recursionDetectionMiddleware", - override: true, - priority: "low" -}; -var getRecursionDetectionPlugin = /* @__PURE__ */ __name((options) => ({ - applyToStack: /* @__PURE__ */ __name((clientStack) => { - clientStack.add(recursionDetectionMiddleware(options), addRecursionDetectionMiddlewareOptions); - }, "applyToStack") -}), "getRecursionDetectionPlugin"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 6634: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + buffer; + rootSchema; + write(schema, value) { + this.rootSchema = import_schema2.NormalizedSchema.of(schema); + this.buffer = this._write(this.rootSchema, value); } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - DEFAULT_UA_APP_ID: () => DEFAULT_UA_APP_ID, - getUserAgentMiddlewareOptions: () => getUserAgentMiddlewareOptions, - getUserAgentPlugin: () => getUserAgentPlugin, - resolveUserAgentConfig: () => resolveUserAgentConfig, - userAgentMiddleware: () => userAgentMiddleware -}); -module.exports = __toCommonJS(index_exports); - -// src/configurations.ts -var import_core = __nccwpck_require__(5829); -var DEFAULT_UA_APP_ID = void 0; -function isValidUserAgentAppId(appId) { - if (appId === void 0) { - return true; + flush() { + if (this.rootSchema?.isStructSchema() || this.rootSchema?.isDocumentSchema()) { + const replacer = new JsonReplacer(); + return replacer.replaceInJson(JSON.stringify(this.buffer, replacer.createReplacer(), 0)); + } + return this.buffer; } - return typeof appId === "string" && appId.length <= 50; -} -__name(isValidUserAgentAppId, "isValidUserAgentAppId"); -function resolveUserAgentConfig(input) { - const normalizedAppIdProvider = (0, import_core.normalizeProvider)(input.userAgentAppId ?? DEFAULT_UA_APP_ID); - const { customUserAgent } = input; - return Object.assign(input, { - customUserAgent: typeof customUserAgent === "string" ? [[customUserAgent]] : customUserAgent, - userAgentAppId: /* @__PURE__ */ __name(async () => { - const appId = await normalizedAppIdProvider(); - if (!isValidUserAgentAppId(appId)) { - const logger = input.logger?.constructor?.name === "NoOpLogger" || !input.logger ? console : input.logger; - if (typeof appId !== "string") { - logger?.warn("userAgentAppId must be a string or undefined."); - } else if (appId.length > 50) { - logger?.warn("The provided userAgentAppId exceeds the maximum length of 50 characters."); + _write(schema, value, container) { + const isObject = value !== null && typeof value === "object"; + const ns = import_schema2.NormalizedSchema.of(schema); + if (ns.isListSchema() && Array.isArray(value)) { + const listMember = ns.getValueSchema(); + const out = []; + const sparse = !!ns.getMergedTraits().sparse; + for (const item of value) { + if (sparse || item != null) { + out.push(this._write(listMember, item)); } } - return appId; - }, "userAgentAppId") - }); -} -__name(resolveUserAgentConfig, "resolveUserAgentConfig"); - -// src/user-agent-middleware.ts -var import_util_endpoints = __nccwpck_require__(4241); -var import_protocol_http = __nccwpck_require__(4418); - -// src/check-features.ts -var import_core2 = __nccwpck_require__(2143); -var ACCOUNT_ID_ENDPOINT_REGEX = /\d{12}\.ddb/; -async function checkFeatures(context, config, args) { - const request = args.request; - if (request?.headers?.["smithy-protocol"] === "rpc-v2-cbor") { - (0, import_core2.setFeature)(context, "PROTOCOL_RPC_V2_CBOR", "M"); - } - if (typeof config.retryStrategy === "function") { - const retryStrategy = await config.retryStrategy(); - if (typeof retryStrategy.acquireInitialRetryToken === "function") { - if (retryStrategy.constructor?.name?.includes("Adaptive")) { - (0, import_core2.setFeature)(context, "RETRY_MODE_ADAPTIVE", "F"); - } else { - (0, import_core2.setFeature)(context, "RETRY_MODE_STANDARD", "E"); + return out; + } else if (ns.isMapSchema() && isObject) { + const mapMember = ns.getValueSchema(); + const out = {}; + const sparse = !!ns.getMergedTraits().sparse; + for (const [_k, _v] of Object.entries(value)) { + if (sparse || _v != null) { + out[_k] = this._write(mapMember, _v); + } } - } else { - (0, import_core2.setFeature)(context, "RETRY_MODE_LEGACY", "D"); + return out; + } else if (ns.isStructSchema() && isObject) { + const out = {}; + for (const [memberName, memberSchema] of ns.structIterator()) { + const targetKey = this.settings.jsonName ? memberSchema.getMergedTraits().jsonName ?? memberName : memberName; + const serializableValue = this._write(memberSchema, value[memberName], ns); + if (serializableValue !== void 0) { + out[targetKey] = serializableValue; + } + } + return out; } - } - if (typeof config.accountIdEndpointMode === "function") { - const endpointV2 = context.endpointV2; - if (String(endpointV2?.url?.hostname).match(ACCOUNT_ID_ENDPOINT_REGEX)) { - (0, import_core2.setFeature)(context, "ACCOUNT_ID_ENDPOINT", "O"); + if (value === null && container?.isStructSchema()) { + return void 0; } - switch (await config.accountIdEndpointMode?.()) { - case "disabled": - (0, import_core2.setFeature)(context, "ACCOUNT_ID_MODE_DISABLED", "Q"); - break; - case "preferred": - (0, import_core2.setFeature)(context, "ACCOUNT_ID_MODE_PREFERRED", "P"); - break; - case "required": - (0, import_core2.setFeature)(context, "ACCOUNT_ID_MODE_REQUIRED", "R"); - break; + if (ns.isBlobSchema() && (value instanceof Uint8Array || typeof value === "string")) { + if (ns === this.rootSchema) { + return value; + } + if (!this.serdeContext?.base64Encoder) { + throw new Error("Missing base64Encoder in serdeContext"); + } + return this.serdeContext?.base64Encoder(value); } - } - const identity = context.__smithy_context?.selectedHttpAuthScheme?.identity; - if (identity?.$source) { - const credentials = identity; - if (credentials.accountId) { - (0, import_core2.setFeature)(context, "RESOLVED_ACCOUNT_ID", "T"); + if (ns.isTimestampSchema() && value instanceof Date) { + const options = this.settings.timestampFormat; + const format = options.useTrait ? ns.getSchema() === import_schema2.SCHEMA.TIMESTAMP_DEFAULT ? options.default : ns.getSchema() ?? options.default : options.default; + switch (format) { + case import_schema2.SCHEMA.TIMESTAMP_DATE_TIME: + return value.toISOString().replace(".000Z", "Z"); + case import_schema2.SCHEMA.TIMESTAMP_HTTP_DATE: + return (0, import_serde4.dateToUtcString)(value); + case import_schema2.SCHEMA.TIMESTAMP_EPOCH_SECONDS: + return value.getTime() / 1e3; + default: + console.warn("Missing timestamp format, using epoch seconds", value); + return value.getTime() / 1e3; + } } - for (const [key, value] of Object.entries(credentials.$source ?? {})) { - (0, import_core2.setFeature)(context, key, value); + if (ns.isNumericSchema() && typeof value === "number") { + if (Math.abs(value) === Infinity || isNaN(value)) { + return String(value); + } + } + const mediaType = ns.getMergedTraits().mediaType; + if (ns.isStringSchema() && typeof value === "string" && mediaType) { + const isJson = mediaType === "application/json" || mediaType.endsWith("+json"); + if (isJson) { + return import_serde5.LazyJsonString.from(value); + } } + return value; } -} -__name(checkFeatures, "checkFeatures"); +}; -// src/constants.ts -var USER_AGENT = "user-agent"; -var X_AMZ_USER_AGENT = "x-amz-user-agent"; -var SPACE = " "; -var UA_NAME_SEPARATOR = "/"; -var UA_NAME_ESCAPE_REGEX = /[^\!\$\%\&\'\*\+\-\.\^\_\`\|\~\d\w]/g; -var UA_VALUE_ESCAPE_REGEX = /[^\!\$\%\&\'\*\+\-\.\^\_\`\|\~\d\w\#]/g; -var UA_ESCAPE_CHAR = "-"; +// src/submodules/protocols/json/JsonCodec.ts +var JsonCodec = class extends SerdeContextConfig { + constructor(settings) { + super(); + this.settings = settings; + } + static { + __name(this, "JsonCodec"); + } + createSerializer() { + const serializer = new JsonShapeSerializer(this.settings); + serializer.setSerdeContext(this.serdeContext); + return serializer; + } + createDeserializer() { + const deserializer = new JsonShapeDeserializer(this.settings); + deserializer.setSerdeContext(this.serdeContext); + return deserializer; + } +}; -// src/encode-features.ts -var BYTE_LIMIT = 1024; -function encodeFeatures(features) { - let buffer = ""; - for (const key in features) { - const val = features[key]; - if (buffer.length + val.length + 1 <= BYTE_LIMIT) { - if (buffer.length) { - buffer += "," + val; - } else { - buffer += val; +// src/submodules/protocols/json/AwsJsonRpcProtocol.ts +var AwsJsonRpcProtocol = class extends import_protocols.RpcProtocol { + static { + __name(this, "AwsJsonRpcProtocol"); + } + serializer; + deserializer; + codec; + constructor({ defaultNamespace }) { + super({ + defaultNamespace + }); + this.codec = new JsonCodec({ + timestampFormat: { + useTrait: true, + default: import_schema3.SCHEMA.TIMESTAMP_EPOCH_SECONDS + }, + jsonName: false + }); + this.serializer = this.codec.createSerializer(); + this.deserializer = this.codec.createDeserializer(); + } + async serializeRequest(operationSchema, input, context) { + const request = await super.serializeRequest(operationSchema, input, context); + if (!request.path.endsWith("/")) { + request.path += "/"; + } + Object.assign(request.headers, { + "content-type": `application/x-amz-json-${this.getJsonRpcVersion()}`, + "x-amz-target": (this.getJsonRpcVersion() === "1.0" ? `JsonRpc10.` : `JsonProtocol.`) + import_schema3.NormalizedSchema.of(operationSchema).getName() + }); + if ((0, import_schema3.deref)(operationSchema.input) === "unit" || !request.body) { + request.body = "{}"; + } + try { + request.headers["content-length"] = String((0, import_util_body_length_browser.calculateBodyLength)(request.body)); + } catch (e) { + } + return request; + } + getPayloadCodec() { + return this.codec; + } + async handleError(operationSchema, context, response, dataObject, metadata) { + const errorIdentifier = loadRestJsonErrorCode(response, dataObject) ?? "Unknown"; + let namespace = this.options.defaultNamespace; + let errorName = errorIdentifier; + if (errorIdentifier.includes("#")) { + [namespace, errorName] = errorIdentifier.split("#"); + } + const registry = import_schema3.TypeRegistry.for(namespace); + let errorSchema; + try { + errorSchema = registry.getSchema(errorIdentifier); + } catch (e) { + const baseExceptionSchema = import_schema3.TypeRegistry.for("smithy.ts.sdk.synthetic." + namespace).getBaseException(); + if (baseExceptionSchema) { + const ErrorCtor = baseExceptionSchema.ctor; + throw Object.assign(new ErrorCtor(errorName), dataObject); } - continue; + throw new Error(errorName); } - break; + const ns = import_schema3.NormalizedSchema.of(errorSchema); + const message = dataObject.message ?? dataObject.Message ?? "Unknown"; + const exception = new errorSchema.ctor(message); + await this.deserializeHttpMessage(errorSchema, context, response, dataObject); + const output = {}; + for (const [name, member] of ns.structIterator()) { + const target = member.getMergedTraits().jsonName ?? name; + output[name] = this.codec.createDeserializer().readObject(member, dataObject[target]); + } + Object.assign(exception, { + $metadata: metadata, + $response: response, + $fault: ns.getMergedTraits().error, + message, + ...output + }); + throw exception; } - return buffer; -} -__name(encodeFeatures, "encodeFeatures"); +}; -// src/user-agent-middleware.ts -var userAgentMiddleware = /* @__PURE__ */ __name((options) => (next, context) => async (args) => { - const { request } = args; - if (!import_protocol_http.HttpRequest.isInstance(request)) { - return next(args); +// src/submodules/protocols/json/AwsJson1_0Protocol.ts +var AwsJson1_0Protocol = class extends AwsJsonRpcProtocol { + static { + __name(this, "AwsJson1_0Protocol"); } - const { headers } = request; - const userAgent = context?.userAgent?.map(escapeUserAgent) || []; - const defaultUserAgent = (await options.defaultUserAgentProvider()).map(escapeUserAgent); - await checkFeatures(context, options, args); - const awsContext = context; - defaultUserAgent.push( - `m/${encodeFeatures( - Object.assign({}, context.__smithy_context?.features, awsContext.__aws_sdk_context?.features) - )}` - ); - const customUserAgent = options?.customUserAgent?.map(escapeUserAgent) || []; - const appId = await options.userAgentAppId(); - if (appId) { - defaultUserAgent.push(escapeUserAgent([`app/${appId}`])); + constructor({ defaultNamespace }) { + super({ + defaultNamespace + }); } - const prefix = (0, import_util_endpoints.getUserAgentPrefix)(); - const sdkUserAgentValue = (prefix ? [prefix] : []).concat([...defaultUserAgent, ...userAgent, ...customUserAgent]).join(SPACE); - const normalUAValue = [ - ...defaultUserAgent.filter((section) => section.startsWith("aws-sdk-")), - ...customUserAgent - ].join(SPACE); - if (options.runtime !== "browser") { - if (normalUAValue) { - headers[X_AMZ_USER_AGENT] = headers[X_AMZ_USER_AGENT] ? `${headers[USER_AGENT]} ${normalUAValue}` : normalUAValue; - } - headers[USER_AGENT] = sdkUserAgentValue; - } else { - headers[X_AMZ_USER_AGENT] = sdkUserAgentValue; + getShapeId() { + return "aws.protocols#awsJson1_0"; } - return next({ - ...args, - request - }); -}, "userAgentMiddleware"); -var escapeUserAgent = /* @__PURE__ */ __name((userAgentPair) => { - const name = userAgentPair[0].split(UA_NAME_SEPARATOR).map((part) => part.replace(UA_NAME_ESCAPE_REGEX, UA_ESCAPE_CHAR)).join(UA_NAME_SEPARATOR); - const version = userAgentPair[1]?.replace(UA_VALUE_ESCAPE_REGEX, UA_ESCAPE_CHAR); - const prefixSeparatorIndex = name.indexOf(UA_NAME_SEPARATOR); - const prefix = name.substring(0, prefixSeparatorIndex); - let uaName = name.substring(prefixSeparatorIndex + 1); - if (prefix === "api") { - uaName = uaName.toLowerCase(); + getJsonRpcVersion() { + return "1.0"; } - return [prefix, uaName, version].filter((item) => item && item.length > 0).reduce((acc, item, index) => { - switch (index) { - case 0: - return item; - case 1: - return `${acc}/${item}`; - default: - return `${acc}#${item}`; - } - }, ""); -}, "escapeUserAgent"); -var getUserAgentMiddlewareOptions = { - name: "getUserAgentMiddleware", - step: "build", - priority: "low", - tags: ["SET_USER_AGENT", "USER_AGENT"], - override: true }; -var getUserAgentPlugin = /* @__PURE__ */ __name((config) => ({ - applyToStack: /* @__PURE__ */ __name((clientStack) => { - clientStack.add(userAgentMiddleware(config), getUserAgentMiddlewareOptions); - }, "applyToStack") -}), "getUserAgentPlugin"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), -/***/ 9002: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.resolveHttpAuthSchemeConfig = exports.defaultSSOOIDCHttpAuthSchemeProvider = exports.defaultSSOOIDCHttpAuthSchemeParametersProvider = void 0; -const core_1 = __nccwpck_require__(2143); -const util_middleware_1 = __nccwpck_require__(2390); -const defaultSSOOIDCHttpAuthSchemeParametersProvider = async (config, context, input) => { - return { - operation: (0, util_middleware_1.getSmithyContext)(context).operation, - region: (await (0, util_middleware_1.normalizeProvider)(config.region)()) || - (() => { - throw new Error("expected `region` to be configured for `aws.auth#sigv4`"); - })(), - }; +// src/submodules/protocols/json/AwsJson1_1Protocol.ts +var AwsJson1_1Protocol = class extends AwsJsonRpcProtocol { + static { + __name(this, "AwsJson1_1Protocol"); + } + constructor({ defaultNamespace }) { + super({ + defaultNamespace + }); + } + getShapeId() { + return "aws.protocols#awsJson1_1"; + } + getJsonRpcVersion() { + return "1.1"; + } }; -exports.defaultSSOOIDCHttpAuthSchemeParametersProvider = defaultSSOOIDCHttpAuthSchemeParametersProvider; -function createAwsAuthSigv4HttpAuthOption(authParameters) { - return { - schemeId: "aws.auth#sigv4", - signingProperties: { - name: "sso-oauth", - region: authParameters.region, - }, - propertiesExtractor: (config, context) => ({ - signingProperties: { - config, - context, - }, - }), - }; -} -function createSmithyApiNoAuthHttpAuthOption(authParameters) { - return { - schemeId: "smithy.api#noAuth", + +// src/submodules/protocols/json/AwsRestJsonProtocol.ts +var import_protocols2 = __nccwpck_require__(2241); +var import_schema4 = __nccwpck_require__(9826); +var import_util_body_length_browser2 = __nccwpck_require__(713); +var AwsRestJsonProtocol = class extends import_protocols2.HttpBindingProtocol { + static { + __name(this, "AwsRestJsonProtocol"); + } + serializer; + deserializer; + codec; + constructor({ defaultNamespace }) { + super({ + defaultNamespace + }); + const settings = { + timestampFormat: { + useTrait: true, + default: import_schema4.SCHEMA.TIMESTAMP_EPOCH_SECONDS + }, + httpBindings: true, + jsonName: true }; -} -const defaultSSOOIDCHttpAuthSchemeProvider = (authParameters) => { - const options = []; - switch (authParameters.operation) { - case "CreateToken": { - options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); - break; + this.codec = new JsonCodec(settings); + this.serializer = new import_protocols2.HttpInterceptingShapeSerializer(this.codec.createSerializer(), settings); + this.deserializer = new import_protocols2.HttpInterceptingShapeDeserializer(this.codec.createDeserializer(), settings); + } + getShapeId() { + return "aws.protocols#restJson1"; + } + getPayloadCodec() { + return this.codec; + } + setSerdeContext(serdeContext) { + this.codec.setSerdeContext(serdeContext); + super.setSerdeContext(serdeContext); + } + async serializeRequest(operationSchema, input, context) { + const request = await super.serializeRequest(operationSchema, input, context); + const inputSchema = import_schema4.NormalizedSchema.of(operationSchema.input); + const members = inputSchema.getMemberSchemas(); + if (!request.headers["content-type"]) { + const httpPayloadMember = Object.values(members).find((m) => { + return !!m.getMergedTraits().httpPayload; + }); + if (httpPayloadMember) { + const mediaType = httpPayloadMember.getMergedTraits().mediaType; + if (mediaType) { + request.headers["content-type"] = mediaType; + } else if (httpPayloadMember.isStringSchema()) { + request.headers["content-type"] = "text/plain"; + } else if (httpPayloadMember.isBlobSchema()) { + request.headers["content-type"] = "application/octet-stream"; + } else { + request.headers["content-type"] = "application/json"; } - default: { - options.push(createAwsAuthSigv4HttpAuthOption(authParameters)); + } else if (!inputSchema.isUnitSchema()) { + const hasBody = Object.values(members).find((m) => { + const { httpQuery, httpQueryParams, httpHeader, httpLabel, httpPrefixHeaders } = m.getMergedTraits(); + return !httpQuery && !httpQueryParams && !httpHeader && !httpLabel && httpPrefixHeaders === void 0; + }); + if (hasBody) { + request.headers["content-type"] = "application/json"; } + } } - return options; -}; -exports.defaultSSOOIDCHttpAuthSchemeProvider = defaultSSOOIDCHttpAuthSchemeProvider; -const resolveHttpAuthSchemeConfig = (config) => { - const config_0 = (0, core_1.resolveAwsSdkSigV4Config)(config); - return Object.assign(config_0, { - authSchemePreference: (0, util_middleware_1.normalizeProvider)(config.authSchemePreference ?? []), - }); -}; -exports.resolveHttpAuthSchemeConfig = resolveHttpAuthSchemeConfig; - - -/***/ }), - -/***/ 8012: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.defaultEndpointResolver = void 0; -const util_endpoints_1 = __nccwpck_require__(4241); -const util_endpoints_2 = __nccwpck_require__(5473); -const ruleset_1 = __nccwpck_require__(2507); -const cache = new util_endpoints_2.EndpointCache({ - size: 50, - params: ["Endpoint", "Region", "UseDualStack", "UseFIPS"], -}); -const defaultEndpointResolver = (endpointParams, context = {}) => { - return cache.get(endpointParams, () => (0, util_endpoints_2.resolveEndpoint)(ruleset_1.ruleSet, { - endpointParams: endpointParams, - logger: context.logger, - })); -}; -exports.defaultEndpointResolver = defaultEndpointResolver; -util_endpoints_2.customEndpointFunctions.aws = util_endpoints_1.awsEndpointFunctions; - - -/***/ }), - -/***/ 2507: -/***/ ((__unused_webpack_module, exports) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.ruleSet = void 0; -const u = "required", v = "fn", w = "argv", x = "ref"; -const a = true, b = "isSet", c = "booleanEquals", d = "error", e = "endpoint", f = "tree", g = "PartitionResult", h = "getAttr", i = { [u]: false, "type": "String" }, j = { [u]: true, "default": false, "type": "Boolean" }, k = { [x]: "Endpoint" }, l = { [v]: c, [w]: [{ [x]: "UseFIPS" }, true] }, m = { [v]: c, [w]: [{ [x]: "UseDualStack" }, true] }, n = {}, o = { [v]: h, [w]: [{ [x]: g }, "supportsFIPS"] }, p = { [x]: g }, q = { [v]: c, [w]: [true, { [v]: h, [w]: [p, "supportsDualStack"] }] }, r = [l], s = [m], t = [{ [x]: "Region" }]; -const _data = { version: "1.0", parameters: { Region: i, UseDualStack: j, UseFIPS: j, Endpoint: i }, rules: [{ conditions: [{ [v]: b, [w]: [k] }], rules: [{ conditions: r, error: "Invalid Configuration: FIPS and custom endpoint are not supported", type: d }, { conditions: s, error: "Invalid Configuration: Dualstack and custom endpoint are not supported", type: d }, { endpoint: { url: k, properties: n, headers: n }, type: e }], type: f }, { conditions: [{ [v]: b, [w]: t }], rules: [{ conditions: [{ [v]: "aws.partition", [w]: t, assign: g }], rules: [{ conditions: [l, m], rules: [{ conditions: [{ [v]: c, [w]: [a, o] }, q], rules: [{ endpoint: { url: "https://oidc-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: n, headers: n }, type: e }], type: f }, { error: "FIPS and DualStack are enabled, but this partition does not support one or both", type: d }], type: f }, { conditions: r, rules: [{ conditions: [{ [v]: c, [w]: [o, a] }], rules: [{ conditions: [{ [v]: "stringEquals", [w]: [{ [v]: h, [w]: [p, "name"] }, "aws-us-gov"] }], endpoint: { url: "https://oidc.{Region}.amazonaws.com", properties: n, headers: n }, type: e }, { endpoint: { url: "https://oidc-fips.{Region}.{PartitionResult#dnsSuffix}", properties: n, headers: n }, type: e }], type: f }, { error: "FIPS is enabled but this partition does not support FIPS", type: d }], type: f }, { conditions: s, rules: [{ conditions: [q], rules: [{ endpoint: { url: "https://oidc.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: n, headers: n }, type: e }], type: f }, { error: "DualStack is enabled but this partition does not support DualStack", type: d }], type: f }, { endpoint: { url: "https://oidc.{Region}.{PartitionResult#dnsSuffix}", properties: n, headers: n }, type: e }], type: f }], type: f }, { error: "Invalid Configuration: Missing Region", type: d }] }; -exports.ruleSet = _data; - - -/***/ }), - -/***/ 8959: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); - } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/submodules/sso-oidc/index.ts -var index_exports = {}; -__export(index_exports, { - $Command: () => import_smithy_client6.Command, - AccessDeniedException: () => AccessDeniedException, - AuthorizationPendingException: () => AuthorizationPendingException, - CreateTokenCommand: () => CreateTokenCommand, - CreateTokenRequestFilterSensitiveLog: () => CreateTokenRequestFilterSensitiveLog, - CreateTokenResponseFilterSensitiveLog: () => CreateTokenResponseFilterSensitiveLog, - ExpiredTokenException: () => ExpiredTokenException, - InternalServerException: () => InternalServerException, - InvalidClientException: () => InvalidClientException, - InvalidGrantException: () => InvalidGrantException, - InvalidRequestException: () => InvalidRequestException, - InvalidScopeException: () => InvalidScopeException, - SSOOIDC: () => SSOOIDC, - SSOOIDCClient: () => SSOOIDCClient, - SSOOIDCServiceException: () => SSOOIDCServiceException, - SlowDownException: () => SlowDownException, - UnauthorizedClientException: () => UnauthorizedClientException, - UnsupportedGrantTypeException: () => UnsupportedGrantTypeException, - __Client: () => import_smithy_client2.Client -}); -module.exports = __toCommonJS(index_exports); - -// src/submodules/sso-oidc/SSOOIDCClient.ts -var import_middleware_host_header = __nccwpck_require__(9514); -var import_middleware_logger = __nccwpck_require__(5675); -var import_middleware_recursion_detection = __nccwpck_require__(7977); -var import_middleware_user_agent = __nccwpck_require__(6634); -var import_config_resolver = __nccwpck_require__(3098); -var import_core = __nccwpck_require__(5829); -var import_middleware_content_length = __nccwpck_require__(2800); -var import_middleware_endpoint = __nccwpck_require__(2918); -var import_middleware_retry = __nccwpck_require__(6039); -var import_smithy_client2 = __nccwpck_require__(3570); -var import_httpAuthSchemeProvider = __nccwpck_require__(9002); - -// src/submodules/sso-oidc/endpoint/EndpointParameters.ts -var resolveClientEndpointParameters = /* @__PURE__ */ __name((options) => { - return Object.assign(options, { - useDualstackEndpoint: options.useDualstackEndpoint ?? false, - useFipsEndpoint: options.useFipsEndpoint ?? false, - defaultSigningName: "sso-oauth" - }); -}, "resolveClientEndpointParameters"); -var commonParams = { - UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, - Endpoint: { type: "builtInParams", name: "endpoint" }, - Region: { type: "builtInParams", name: "region" }, - UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" } -}; - -// src/submodules/sso-oidc/SSOOIDCClient.ts -var import_runtimeConfig = __nccwpck_require__(5875); - -// src/submodules/sso-oidc/runtimeExtensions.ts -var import_region_config_resolver = __nccwpck_require__(6976); -var import_protocol_http = __nccwpck_require__(4418); -var import_smithy_client = __nccwpck_require__(3570); - -// src/submodules/sso-oidc/auth/httpAuthExtensionConfiguration.ts -var getHttpAuthExtensionConfiguration = /* @__PURE__ */ __name((runtimeConfig) => { - const _httpAuthSchemes = runtimeConfig.httpAuthSchemes; - let _httpAuthSchemeProvider = runtimeConfig.httpAuthSchemeProvider; - let _credentials = runtimeConfig.credentials; - return { - setHttpAuthScheme(httpAuthScheme) { - const index = _httpAuthSchemes.findIndex((scheme) => scheme.schemeId === httpAuthScheme.schemeId); - if (index === -1) { - _httpAuthSchemes.push(httpAuthScheme); - } else { - _httpAuthSchemes.splice(index, 1, httpAuthScheme); + if (request.headers["content-type"] && !request.body) { + request.body = "{}"; + } + if (request.body) { + try { + request.headers["content-length"] = String((0, import_util_body_length_browser2.calculateBodyLength)(request.body)); + } catch (e) { } - }, - httpAuthSchemes() { - return _httpAuthSchemes; - }, - setHttpAuthSchemeProvider(httpAuthSchemeProvider) { - _httpAuthSchemeProvider = httpAuthSchemeProvider; - }, - httpAuthSchemeProvider() { - return _httpAuthSchemeProvider; - }, - setCredentials(credentials) { - _credentials = credentials; - }, - credentials() { - return _credentials; } - }; -}, "getHttpAuthExtensionConfiguration"); -var resolveHttpAuthRuntimeConfig = /* @__PURE__ */ __name((config) => { - return { - httpAuthSchemes: config.httpAuthSchemes(), - httpAuthSchemeProvider: config.httpAuthSchemeProvider(), - credentials: config.credentials() - }; -}, "resolveHttpAuthRuntimeConfig"); - -// src/submodules/sso-oidc/runtimeExtensions.ts -var resolveRuntimeExtensions = /* @__PURE__ */ __name((runtimeConfig, extensions) => { - const extensionConfiguration = Object.assign( - (0, import_region_config_resolver.getAwsRegionExtensionConfiguration)(runtimeConfig), - (0, import_smithy_client.getDefaultExtensionConfiguration)(runtimeConfig), - (0, import_protocol_http.getHttpHandlerExtensionConfiguration)(runtimeConfig), - getHttpAuthExtensionConfiguration(runtimeConfig) - ); - extensions.forEach((extension) => extension.configure(extensionConfiguration)); - return Object.assign( - runtimeConfig, - (0, import_region_config_resolver.resolveAwsRegionExtensionConfiguration)(extensionConfiguration), - (0, import_smithy_client.resolveDefaultRuntimeConfig)(extensionConfiguration), - (0, import_protocol_http.resolveHttpHandlerRuntimeConfig)(extensionConfiguration), - resolveHttpAuthRuntimeConfig(extensionConfiguration) - ); -}, "resolveRuntimeExtensions"); - -// src/submodules/sso-oidc/SSOOIDCClient.ts -var SSOOIDCClient = class extends import_smithy_client2.Client { - static { - __name(this, "SSOOIDCClient"); - } - /** - * The resolved configuration of SSOOIDCClient class. This is resolved and normalized from the {@link SSOOIDCClientConfig | constructor configuration interface}. - */ - config; - constructor(...[configuration]) { - const _config_0 = (0, import_runtimeConfig.getRuntimeConfig)(configuration || {}); - super(_config_0); - this.initConfig = _config_0; - const _config_1 = resolveClientEndpointParameters(_config_0); - const _config_2 = (0, import_middleware_user_agent.resolveUserAgentConfig)(_config_1); - const _config_3 = (0, import_middleware_retry.resolveRetryConfig)(_config_2); - const _config_4 = (0, import_config_resolver.resolveRegionConfig)(_config_3); - const _config_5 = (0, import_middleware_host_header.resolveHostHeaderConfig)(_config_4); - const _config_6 = (0, import_middleware_endpoint.resolveEndpointConfig)(_config_5); - const _config_7 = (0, import_httpAuthSchemeProvider.resolveHttpAuthSchemeConfig)(_config_6); - const _config_8 = resolveRuntimeExtensions(_config_7, configuration?.extensions || []); - this.config = _config_8; - this.middlewareStack.use((0, import_middleware_user_agent.getUserAgentPlugin)(this.config)); - this.middlewareStack.use((0, import_middleware_retry.getRetryPlugin)(this.config)); - this.middlewareStack.use((0, import_middleware_content_length.getContentLengthPlugin)(this.config)); - this.middlewareStack.use((0, import_middleware_host_header.getHostHeaderPlugin)(this.config)); - this.middlewareStack.use((0, import_middleware_logger.getLoggerPlugin)(this.config)); - this.middlewareStack.use((0, import_middleware_recursion_detection.getRecursionDetectionPlugin)(this.config)); - this.middlewareStack.use( - (0, import_core.getHttpAuthSchemeEndpointRuleSetPlugin)(this.config, { - httpAuthSchemeParametersProvider: import_httpAuthSchemeProvider.defaultSSOOIDCHttpAuthSchemeParametersProvider, - identityProviderConfigProvider: /* @__PURE__ */ __name(async (config) => new import_core.DefaultIdentityProviderConfig({ - "aws.auth#sigv4": config.credentials - }), "identityProviderConfigProvider") - }) - ); - this.middlewareStack.use((0, import_core.getHttpSigningPlugin)(this.config)); + return request; } - /** - * Destroy underlying resources, like sockets. It's usually not necessary to do this. - * However in Node.js, it's best to explicitly shut down the client's agent when it is no longer needed. - * Otherwise, sockets might stay open for quite a long time before the server terminates them. - */ - destroy() { - super.destroy(); + async handleError(operationSchema, context, response, dataObject, metadata) { + const errorIdentifier = loadRestJsonErrorCode(response, dataObject) ?? "Unknown"; + let namespace = this.options.defaultNamespace; + let errorName = errorIdentifier; + if (errorIdentifier.includes("#")) { + [namespace, errorName] = errorIdentifier.split("#"); + } + const registry = import_schema4.TypeRegistry.for(namespace); + let errorSchema; + try { + errorSchema = registry.getSchema(errorIdentifier); + } catch (e) { + const baseExceptionSchema = import_schema4.TypeRegistry.for("smithy.ts.sdk.synthetic." + namespace).getBaseException(); + if (baseExceptionSchema) { + const ErrorCtor = baseExceptionSchema.ctor; + throw Object.assign(new ErrorCtor(errorName), dataObject); + } + throw new Error(errorName); + } + const ns = import_schema4.NormalizedSchema.of(errorSchema); + const message = dataObject.message ?? dataObject.Message ?? "Unknown"; + const exception = new errorSchema.ctor(message); + await this.deserializeHttpMessage(errorSchema, context, response, dataObject); + const output = {}; + for (const [name, member] of ns.structIterator()) { + const target = member.getMergedTraits().jsonName ?? name; + output[name] = this.codec.createDeserializer().readObject(member, dataObject[target]); + } + Object.assign(exception, { + $metadata: metadata, + $response: response, + $fault: ns.getMergedTraits().error, + message, + ...output + }); + throw exception; } }; -// src/submodules/sso-oidc/SSOOIDC.ts -var import_smithy_client7 = __nccwpck_require__(3570); - -// src/submodules/sso-oidc/commands/CreateTokenCommand.ts -var import_middleware_endpoint2 = __nccwpck_require__(2918); -var import_middleware_serde = __nccwpck_require__(1238); -var import_smithy_client6 = __nccwpck_require__(3570); +// src/submodules/protocols/json/awsExpectUnion.ts +var import_smithy_client2 = __nccwpck_require__(3570); +var awsExpectUnion = /* @__PURE__ */ __name((value) => { + if (value == null) { + return void 0; + } + if (typeof value === "object" && "__type" in value) { + delete value.__type; + } + return (0, import_smithy_client2.expectUnion)(value); +}, "awsExpectUnion"); -// src/submodules/sso-oidc/models/models_0.ts -var import_smithy_client4 = __nccwpck_require__(3570); +// src/submodules/protocols/query/AwsQueryProtocol.ts +var import_protocols5 = __nccwpck_require__(2241); +var import_schema7 = __nccwpck_require__(9826); +var import_util_body_length_browser3 = __nccwpck_require__(713); -// src/submodules/sso-oidc/models/SSOOIDCServiceException.ts +// src/submodules/protocols/xml/XmlShapeDeserializer.ts +var import_protocols3 = __nccwpck_require__(2241); +var import_schema5 = __nccwpck_require__(9826); var import_smithy_client3 = __nccwpck_require__(3570); -var SSOOIDCServiceException = class _SSOOIDCServiceException extends import_smithy_client3.ServiceException { +var import_util_utf8 = __nccwpck_require__(1895); +var import_fast_xml_parser = __nccwpck_require__(2603); +var XmlShapeDeserializer = class extends SerdeContextConfig { + constructor(settings) { + super(); + this.settings = settings; + this.stringDeserializer = new import_protocols3.FromStringShapeDeserializer(settings); + } static { - __name(this, "SSOOIDCServiceException"); + __name(this, "XmlShapeDeserializer"); + } + stringDeserializer; + setSerdeContext(serdeContext) { + this.serdeContext = serdeContext; + this.stringDeserializer.setSerdeContext(serdeContext); } /** - * @internal + * @param schema - describing the data. + * @param bytes - serialized data. + * @param key - used by AwsQuery to step one additional depth into the object before reading it. */ - constructor(options) { - super(options); - Object.setPrototypeOf(this, _SSOOIDCServiceException.prototype); + read(schema, bytes, key) { + const ns = import_schema5.NormalizedSchema.of(schema); + const memberSchemas = ns.getMemberSchemas(); + const isEventPayload = ns.isStructSchema() && ns.isMemberSchema() && !!Object.values(memberSchemas).find((memberNs) => { + return !!memberNs.getMemberTraits().eventPayload; + }); + if (isEventPayload) { + const output = {}; + const memberName = Object.keys(memberSchemas)[0]; + const eventMemberSchema = memberSchemas[memberName]; + if (eventMemberSchema.isBlobSchema()) { + output[memberName] = bytes; + } else { + output[memberName] = this.read(memberSchemas[memberName], bytes); + } + return output; + } + const xmlString = (this.serdeContext?.utf8Encoder ?? import_util_utf8.toUtf8)(bytes); + const parsedObject = this.parseXml(xmlString); + return this.readSchema(schema, key ? parsedObject[key] : parsedObject); + } + readSchema(_schema, value) { + const ns = import_schema5.NormalizedSchema.of(_schema); + const traits = ns.getMergedTraits(); + const schema = ns.getSchema(); + if (ns.isListSchema() && !Array.isArray(value)) { + return this.readSchema(schema, [value]); + } + if (value == null) { + return value; + } + if (typeof value === "object") { + const sparse = !!traits.sparse; + const flat = !!traits.xmlFlattened; + if (ns.isListSchema()) { + const listValue = ns.getValueSchema(); + const buffer2 = []; + const sourceKey = listValue.getMergedTraits().xmlName ?? "member"; + const source = flat ? value : (value[0] ?? value)[sourceKey]; + const sourceArray = Array.isArray(source) ? source : [source]; + for (const v of sourceArray) { + if (v != null || sparse) { + buffer2.push(this.readSchema(listValue, v)); + } + } + return buffer2; + } + const buffer = {}; + if (ns.isMapSchema()) { + const keyNs = ns.getKeySchema(); + const memberNs = ns.getValueSchema(); + let entries; + if (flat) { + entries = Array.isArray(value) ? value : [value]; + } else { + entries = Array.isArray(value.entry) ? value.entry : [value.entry]; + } + const keyProperty = keyNs.getMergedTraits().xmlName ?? "key"; + const valueProperty = memberNs.getMergedTraits().xmlName ?? "value"; + for (const entry of entries) { + const key = entry[keyProperty]; + const value2 = entry[valueProperty]; + if (value2 != null || sparse) { + buffer[key] = this.readSchema(memberNs, value2); + } + } + return buffer; + } + if (ns.isStructSchema()) { + for (const [memberName, memberSchema] of ns.structIterator()) { + const memberTraits = memberSchema.getMergedTraits(); + const xmlObjectKey = !memberTraits.httpPayload ? memberSchema.getMemberTraits().xmlName ?? memberName : memberTraits.xmlName ?? memberSchema.getName(); + if (value[xmlObjectKey] != null) { + buffer[memberName] = this.readSchema(memberSchema, value[xmlObjectKey]); + } + } + return buffer; + } + if (ns.isDocumentSchema()) { + return value; + } + throw new Error(`@aws-sdk/core/protocols - xml deserializer unhandled schema type for ${ns.getName(true)}`); + } else { + if (ns.isListSchema()) { + return []; + } else if (ns.isMapSchema() || ns.isStructSchema()) { + return {}; + } + return this.stringDeserializer.read(ns, value); + } + } + parseXml(xml) { + if (xml.length) { + const parser = new import_fast_xml_parser.XMLParser({ + attributeNamePrefix: "", + htmlEntities: true, + ignoreAttributes: false, + ignoreDeclaration: true, + parseTagValue: false, + trimValues: false, + tagValueProcessor: /* @__PURE__ */ __name((_, val) => val.trim() === "" && val.includes("\n") ? "" : void 0, "tagValueProcessor") + }); + parser.addEntity("#xD", "\r"); + parser.addEntity("#10", "\n"); + let parsedObj; + try { + parsedObj = parser.parse(xml, true); + } catch (e) { + if (e && typeof e === "object") { + Object.defineProperty(e, "$responseBodyText", { + value: xml + }); + } + throw e; + } + const textNodeName = "#text"; + const key = Object.keys(parsedObj)[0]; + const parsedObjToReturn = parsedObj[key]; + if (parsedObjToReturn[textNodeName]) { + parsedObjToReturn[key] = parsedObjToReturn[textNodeName]; + delete parsedObjToReturn[textNodeName]; + } + return (0, import_smithy_client3.getValueFromTextNode)(parsedObjToReturn); + } + return {}; } }; -// src/submodules/sso-oidc/models/models_0.ts -var AccessDeniedException = class _AccessDeniedException extends SSOOIDCServiceException { +// src/submodules/protocols/query/QueryShapeSerializer.ts +var import_protocols4 = __nccwpck_require__(2241); +var import_schema6 = __nccwpck_require__(9826); +var import_serde6 = __nccwpck_require__(7669); +var import_smithy_client4 = __nccwpck_require__(3570); +var import_util_base642 = __nccwpck_require__(5600); +var QueryShapeSerializer = class extends SerdeContextConfig { + constructor(settings) { + super(); + this.settings = settings; + } static { - __name(this, "AccessDeniedException"); + __name(this, "QueryShapeSerializer"); } - name = "AccessDeniedException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be access_denied.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { - super({ - name: "AccessDeniedException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _AccessDeniedException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; + buffer; + write(schema, value, prefix = "") { + if (this.buffer === void 0) { + this.buffer = ""; + } + const ns = import_schema6.NormalizedSchema.of(schema); + if (prefix && !prefix.endsWith(".")) { + prefix += "."; + } + if (ns.isBlobSchema()) { + if (typeof value === "string" || value instanceof Uint8Array) { + this.writeKey(prefix); + this.writeValue((this.serdeContext?.base64Encoder ?? import_util_base642.toBase64)(value)); + } + } else if (ns.isBooleanSchema() || ns.isNumericSchema() || ns.isStringSchema()) { + if (value != null) { + this.writeKey(prefix); + this.writeValue(String(value)); + } + } else if (ns.isBigIntegerSchema()) { + if (value != null) { + this.writeKey(prefix); + this.writeValue(String(value)); + } + } else if (ns.isBigDecimalSchema()) { + if (value != null) { + this.writeKey(prefix); + this.writeValue(value instanceof import_serde6.NumericValue ? value.string : String(value)); + } + } else if (ns.isTimestampSchema()) { + if (value instanceof Date) { + this.writeKey(prefix); + const format = (0, import_protocols4.determineTimestampFormat)(ns, this.settings); + switch (format) { + case import_schema6.SCHEMA.TIMESTAMP_DATE_TIME: + this.writeValue(value.toISOString().replace(".000Z", "Z")); + break; + case import_schema6.SCHEMA.TIMESTAMP_HTTP_DATE: + this.writeValue((0, import_smithy_client4.dateToUtcString)(value)); + break; + case import_schema6.SCHEMA.TIMESTAMP_EPOCH_SECONDS: + this.writeValue(String(value.getTime() / 1e3)); + break; + } + } + } else if (ns.isDocumentSchema()) { + throw new Error(`@aws-sdk/core/protocols - QuerySerializer unsupported document type ${ns.getName(true)}`); + } else if (ns.isListSchema()) { + if (Array.isArray(value)) { + if (value.length === 0) { + if (this.settings.serializeEmptyLists) { + this.writeKey(prefix); + this.writeValue(""); + } + } else { + const member = ns.getValueSchema(); + const flat = this.settings.flattenLists || ns.getMergedTraits().xmlFlattened; + let i = 1; + for (const item of value) { + if (item == null) { + continue; + } + const suffix = this.getKey("member", member.getMergedTraits().xmlName); + const key = flat ? `${prefix}${i}` : `${prefix}${suffix}.${i}`; + this.write(member, item, key); + ++i; + } + } + } + } else if (ns.isMapSchema()) { + if (value && typeof value === "object") { + const keySchema = ns.getKeySchema(); + const memberSchema = ns.getValueSchema(); + const flat = ns.getMergedTraits().xmlFlattened; + let i = 1; + for (const [k, v] of Object.entries(value)) { + if (v == null) { + continue; + } + const keySuffix = this.getKey("key", keySchema.getMergedTraits().xmlName); + const key = flat ? `${prefix}${i}.${keySuffix}` : `${prefix}entry.${i}.${keySuffix}`; + const valueSuffix = this.getKey("value", memberSchema.getMergedTraits().xmlName); + const valueKey = flat ? `${prefix}${i}.${valueSuffix}` : `${prefix}entry.${i}.${valueSuffix}`; + this.write(keySchema, k, key); + this.write(memberSchema, v, valueKey); + ++i; + } + } + } else if (ns.isStructSchema()) { + if (value && typeof value === "object") { + for (const [memberName, member] of ns.structIterator()) { + if (value[memberName] == null) { + continue; + } + const suffix = this.getKey(memberName, member.getMergedTraits().xmlName); + const key = `${prefix}${suffix}`; + this.write(member, value[memberName], key); + } + } + } else if (ns.isUnitSchema()) { + } else { + throw new Error(`@aws-sdk/core/protocols - QuerySerializer unrecognized schema type ${ns.getName(true)}`); + } } -}; -var AuthorizationPendingException = class _AuthorizationPendingException extends SSOOIDCServiceException { - static { - __name(this, "AuthorizationPendingException"); + flush() { + if (this.buffer === void 0) { + throw new Error("@aws-sdk/core/protocols - QuerySerializer cannot flush with nothing written to buffer."); + } + const str = this.buffer; + delete this.buffer; + return str; } - name = "AuthorizationPendingException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be
- * authorization_pending.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { + getKey(memberName, xmlName) { + const key = xmlName ?? memberName; + if (this.settings.capitalizeKeys) { + return key[0].toUpperCase() + key.slice(1); + } + return key; + } + writeKey(key) { + if (key.endsWith(".")) { + key = key.slice(0, key.length - 1); + } + this.buffer += `&${(0, import_protocols4.extendedEncodeURIComponent)(key)}=`; + } + writeValue(value) { + this.buffer += (0, import_protocols4.extendedEncodeURIComponent)(value); + } +}; + +// src/submodules/protocols/query/AwsQueryProtocol.ts +var AwsQueryProtocol = class extends import_protocols5.RpcProtocol { + constructor(options) { super({ - name: "AuthorizationPendingException", - $fault: "client", - ...opts + defaultNamespace: options.defaultNamespace }); - Object.setPrototypeOf(this, _AuthorizationPendingException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; + this.options = options; + const settings = { + timestampFormat: { + useTrait: true, + default: import_schema7.SCHEMA.TIMESTAMP_DATE_TIME + }, + httpBindings: false, + xmlNamespace: options.xmlNamespace, + serviceNamespace: options.defaultNamespace, + serializeEmptyLists: true + }; + this.serializer = new QueryShapeSerializer(settings); + this.deserializer = new XmlShapeDeserializer(settings); } -}; -var CreateTokenRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.clientSecret && { clientSecret: import_smithy_client4.SENSITIVE_STRING }, - ...obj.refreshToken && { refreshToken: import_smithy_client4.SENSITIVE_STRING }, - ...obj.codeVerifier && { codeVerifier: import_smithy_client4.SENSITIVE_STRING } -}), "CreateTokenRequestFilterSensitiveLog"); -var CreateTokenResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.accessToken && { accessToken: import_smithy_client4.SENSITIVE_STRING }, - ...obj.refreshToken && { refreshToken: import_smithy_client4.SENSITIVE_STRING }, - ...obj.idToken && { idToken: import_smithy_client4.SENSITIVE_STRING } -}), "CreateTokenResponseFilterSensitiveLog"); -var ExpiredTokenException = class _ExpiredTokenException extends SSOOIDCServiceException { static { - __name(this, "ExpiredTokenException"); + __name(this, "AwsQueryProtocol"); } - name = "ExpiredTokenException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be expired_token.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { - super({ - name: "ExpiredTokenException", - $fault: "client", - ...opts + serializer; + deserializer; + getShapeId() { + return "aws.protocols#awsQuery"; + } + setSerdeContext(serdeContext) { + this.serializer.setSerdeContext(serdeContext); + this.deserializer.setSerdeContext(serdeContext); + } + getPayloadCodec() { + throw new Error("AWSQuery protocol has no payload codec."); + } + async serializeRequest(operationSchema, input, context) { + const request = await super.serializeRequest(operationSchema, input, context); + if (!request.path.endsWith("/")) { + request.path += "/"; + } + Object.assign(request.headers, { + "content-type": `application/x-www-form-urlencoded` }); - Object.setPrototypeOf(this, _ExpiredTokenException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; + if ((0, import_schema7.deref)(operationSchema.input) === "unit" || !request.body) { + request.body = ""; + } + request.body = `Action=${operationSchema.name.split("#")[1]}&Version=${this.options.version}` + request.body; + if (request.body.endsWith("&")) { + request.body = request.body.slice(-1); + } + try { + request.headers["content-length"] = String((0, import_util_body_length_browser3.calculateBodyLength)(request.body)); + } catch (e) { + } + return request; } -}; -var InternalServerException = class _InternalServerException extends SSOOIDCServiceException { - static { - __name(this, "InternalServerException"); + async deserializeResponse(operationSchema, context, response) { + const deserializer = this.deserializer; + const ns = import_schema7.NormalizedSchema.of(operationSchema.output); + const dataObject = {}; + if (response.statusCode >= 300) { + const bytes2 = await (0, import_protocols5.collectBody)(response.body, context); + if (bytes2.byteLength > 0) { + Object.assign(dataObject, await deserializer.read(import_schema7.SCHEMA.DOCUMENT, bytes2)); + } + await this.handleError(operationSchema, context, response, dataObject, this.deserializeMetadata(response)); + } + for (const header in response.headers) { + const value = response.headers[header]; + delete response.headers[header]; + response.headers[header.toLowerCase()] = value; + } + const awsQueryResultKey = ns.isStructSchema() && this.useNestedResult() ? operationSchema.name.split("#")[1] + "Result" : void 0; + const bytes = await (0, import_protocols5.collectBody)(response.body, context); + if (bytes.byteLength > 0) { + Object.assign(dataObject, await deserializer.read(ns, bytes, awsQueryResultKey)); + } + const output = { + $metadata: this.deserializeMetadata(response), + ...dataObject + }; + return output; } - name = "InternalServerException"; - $fault = "server"; - /** - *Single error code. For this exception the value will be server_error.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal + * EC2 Query overrides this. */ - constructor(opts) { - super({ - name: "InternalServerException", - $fault: "server", - ...opts - }); - Object.setPrototypeOf(this, _InternalServerException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; + useNestedResult() { + return true; } -}; -var InvalidClientException = class _InvalidClientException extends SSOOIDCServiceException { - static { - __name(this, "InvalidClientException"); + async handleError(operationSchema, context, response, dataObject, metadata) { + const errorIdentifier = this.loadQueryErrorCode(response, dataObject) ?? "Unknown"; + let namespace = this.options.defaultNamespace; + let errorName = errorIdentifier; + if (errorIdentifier.includes("#")) { + [namespace, errorName] = errorIdentifier.split("#"); + } + const errorDataSource = this.loadQueryError(dataObject); + const registry = import_schema7.TypeRegistry.for(namespace); + let errorSchema; + try { + errorSchema = registry.find( + (schema) => import_schema7.NormalizedSchema.of(schema).getMergedTraits().awsQueryError?.[0] === errorName + ); + if (!errorSchema) { + errorSchema = registry.getSchema(errorIdentifier); + } + } catch (e) { + const baseExceptionSchema = import_schema7.TypeRegistry.for("smithy.ts.sdk.synthetic." + namespace).getBaseException(); + if (baseExceptionSchema) { + const ErrorCtor = baseExceptionSchema.ctor; + throw Object.assign(new ErrorCtor(errorName), errorDataSource); + } + throw new Error(errorName); + } + const ns = import_schema7.NormalizedSchema.of(errorSchema); + const message = this.loadQueryErrorMessage(dataObject); + const exception = new errorSchema.ctor(message); + const output = {}; + for (const [name, member] of ns.structIterator()) { + const target = member.getMergedTraits().xmlName ?? name; + const value = errorDataSource[target] ?? dataObject[target]; + output[name] = this.deserializer.readSchema(member, value); + } + Object.assign(exception, { + $metadata: metadata, + $response: response, + $fault: ns.getMergedTraits().error, + message, + ...output + }); + throw exception; } - name = "InvalidClientException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be
- * invalid_client.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; /** - * @internal + * The variations in the error and error message locations are attributed to + * divergence between AWS Query and EC2 Query behavior. */ - constructor(opts) { - super({ - name: "InvalidClientException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _InvalidClientException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; + loadQueryErrorCode(output, data) { + const code = (data.Errors?.[0]?.Error ?? data.Errors?.Error ?? data.Error)?.Code; + if (code !== void 0) { + return code; + } + if (output.statusCode == 404) { + return "NotFound"; + } } -}; -var InvalidGrantException = class _InvalidGrantException extends SSOOIDCServiceException { - static { - __name(this, "InvalidGrantException"); + loadQueryError(data) { + return data.Errors?.[0]?.Error ?? data.Errors?.Error ?? data.Error; } - name = "InvalidGrantException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be invalid_grant.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { - super({ - name: "InvalidGrantException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _InvalidGrantException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; + loadQueryErrorMessage(data) { + const errorData = this.loadQueryError(data); + return errorData?.message ?? errorData?.Message ?? data.message ?? data.Message ?? "Unknown"; } }; -var InvalidRequestException = class _InvalidRequestException extends SSOOIDCServiceException { + +// src/submodules/protocols/query/AwsEc2QueryProtocol.ts +var AwsEc2QueryProtocol = class extends AwsQueryProtocol { + constructor(options) { + super(options); + this.options = options; + const ec2Settings = { + capitalizeKeys: true, + flattenLists: true, + serializeEmptyLists: false + }; + Object.assign(this.serializer.settings, ec2Settings); + } static { - __name(this, "InvalidRequestException"); + __name(this, "AwsEc2QueryProtocol"); } - name = "InvalidRequestException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be
- * invalid_request.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; /** - * @internal + * EC2 Query reads XResponse.XResult instead of XResponse directly. */ - constructor(opts) { - super({ - name: "InvalidRequestException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _InvalidRequestException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; + useNestedResult() { + return false; } }; -var InvalidScopeException = class _InvalidScopeException extends SSOOIDCServiceException { + +// src/submodules/protocols/xml/AwsRestXmlProtocol.ts +var import_protocols6 = __nccwpck_require__(2241); +var import_schema9 = __nccwpck_require__(9826); +var import_util_body_length_browser4 = __nccwpck_require__(713); + +// src/submodules/protocols/xml/parseXmlBody.ts +var import_smithy_client5 = __nccwpck_require__(3570); +var import_fast_xml_parser2 = __nccwpck_require__(2603); +var parseXmlBody = /* @__PURE__ */ __name((streamBody, context) => collectBodyString(streamBody, context).then((encoded) => { + if (encoded.length) { + const parser = new import_fast_xml_parser2.XMLParser({ + attributeNamePrefix: "", + htmlEntities: true, + ignoreAttributes: false, + ignoreDeclaration: true, + parseTagValue: false, + trimValues: false, + tagValueProcessor: /* @__PURE__ */ __name((_, val) => val.trim() === "" && val.includes("\n") ? "" : void 0, "tagValueProcessor") + }); + parser.addEntity("#xD", "\r"); + parser.addEntity("#10", "\n"); + let parsedObj; + try { + parsedObj = parser.parse(encoded, true); + } catch (e) { + if (e && typeof e === "object") { + Object.defineProperty(e, "$responseBodyText", { + value: encoded + }); + } + throw e; + } + const textNodeName = "#text"; + const key = Object.keys(parsedObj)[0]; + const parsedObjToReturn = parsedObj[key]; + if (parsedObjToReturn[textNodeName]) { + parsedObjToReturn[key] = parsedObjToReturn[textNodeName]; + delete parsedObjToReturn[textNodeName]; + } + return (0, import_smithy_client5.getValueFromTextNode)(parsedObjToReturn); + } + return {}; +}), "parseXmlBody"); +var parseXmlErrorBody = /* @__PURE__ */ __name(async (errorBody, context) => { + const value = await parseXmlBody(errorBody, context); + if (value.Error) { + value.Error.message = value.Error.message ?? value.Error.Message; + } + return value; +}, "parseXmlErrorBody"); +var loadRestXmlErrorCode = /* @__PURE__ */ __name((output, data) => { + if (data?.Error?.Code !== void 0) { + return data.Error.Code; + } + if (data?.Code !== void 0) { + return data.Code; + } + if (output.statusCode == 404) { + return "NotFound"; + } +}, "loadRestXmlErrorCode"); + +// src/submodules/protocols/xml/XmlShapeSerializer.ts +var import_xml_builder = __nccwpck_require__(2329); +var import_schema8 = __nccwpck_require__(9826); +var import_serde7 = __nccwpck_require__(7669); +var import_smithy_client6 = __nccwpck_require__(3570); +var import_util_base643 = __nccwpck_require__(5600); +var XmlShapeSerializer = class extends SerdeContextConfig { + constructor(settings) { + super(); + this.settings = settings; + } static { - __name(this, "InvalidScopeException"); + __name(this, "XmlShapeSerializer"); } - name = "InvalidScopeException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be invalid_scope.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { - super({ - name: "InvalidScopeException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _InvalidScopeException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; + stringBuffer; + byteBuffer; + buffer; + write(schema, value) { + const ns = import_schema8.NormalizedSchema.of(schema); + if (ns.isStringSchema() && typeof value === "string") { + this.stringBuffer = value; + } else if (ns.isBlobSchema()) { + this.byteBuffer = "byteLength" in value ? value : (this.serdeContext?.base64Decoder ?? import_util_base643.fromBase64)(value); + } else { + this.buffer = this.writeStruct(ns, value, void 0); + const traits = ns.getMergedTraits(); + if (traits.httpPayload && !traits.xmlName) { + this.buffer.withName(ns.getName()); + } + } + } + flush() { + if (this.byteBuffer !== void 0) { + const bytes = this.byteBuffer; + delete this.byteBuffer; + return bytes; + } + if (this.stringBuffer !== void 0) { + const str = this.stringBuffer; + delete this.stringBuffer; + return str; + } + const buffer = this.buffer; + if (this.settings.xmlNamespace) { + if (!buffer?.attributes?.["xmlns"]) { + buffer.addAttribute("xmlns", this.settings.xmlNamespace); + } + } + delete this.buffer; + return buffer.toString(); + } + writeStruct(ns, value, parentXmlns) { + const traits = ns.getMergedTraits(); + const name = ns.isMemberSchema() && !traits.httpPayload ? ns.getMemberTraits().xmlName ?? ns.getMemberName() : traits.xmlName ?? ns.getName(); + if (!name || !ns.isStructSchema()) { + throw new Error( + `@aws-sdk/core/protocols - xml serializer, cannot write struct with empty name or non-struct, schema=${ns.getName( + true + )}.` + ); + } + const structXmlNode = import_xml_builder.XmlNode.of(name); + const [xmlnsAttr, xmlns] = this.getXmlnsAttribute(ns, parentXmlns); + if (xmlns) { + structXmlNode.addAttribute(xmlnsAttr, xmlns); + } + for (const [memberName, memberSchema] of ns.structIterator()) { + const val = value[memberName]; + if (val != null) { + if (memberSchema.getMergedTraits().xmlAttribute) { + structXmlNode.addAttribute( + memberSchema.getMergedTraits().xmlName ?? memberName, + this.writeSimple(memberSchema, val) + ); + continue; + } + if (memberSchema.isListSchema()) { + this.writeList(memberSchema, val, structXmlNode, xmlns); + } else if (memberSchema.isMapSchema()) { + this.writeMap(memberSchema, val, structXmlNode, xmlns); + } else if (memberSchema.isStructSchema()) { + structXmlNode.addChildNode(this.writeStruct(memberSchema, val, xmlns)); + } else { + const memberNode = import_xml_builder.XmlNode.of(memberSchema.getMergedTraits().xmlName ?? memberSchema.getMemberName()); + this.writeSimpleInto(memberSchema, val, memberNode, xmlns); + structXmlNode.addChildNode(memberNode); + } + } + } + return structXmlNode; + } + writeList(listMember, array, container, parentXmlns) { + if (!listMember.isMemberSchema()) { + throw new Error( + `@aws-sdk/core/protocols - xml serializer, cannot write non-member list: ${listMember.getName(true)}` + ); + } + const listTraits = listMember.getMergedTraits(); + const listValueSchema = listMember.getValueSchema(); + const listValueTraits = listValueSchema.getMergedTraits(); + const sparse = !!listValueTraits.sparse; + const flat = !!listTraits.xmlFlattened; + const [xmlnsAttr, xmlns] = this.getXmlnsAttribute(listMember, parentXmlns); + const writeItem = /* @__PURE__ */ __name((container2, value) => { + if (listValueSchema.isListSchema()) { + this.writeList(listValueSchema, Array.isArray(value) ? value : [value], container2, xmlns); + } else if (listValueSchema.isMapSchema()) { + this.writeMap(listValueSchema, value, container2, xmlns); + } else if (listValueSchema.isStructSchema()) { + const struct = this.writeStruct(listValueSchema, value, xmlns); + container2.addChildNode( + struct.withName(flat ? listTraits.xmlName ?? listMember.getMemberName() : listValueTraits.xmlName ?? "member") + ); + } else { + const listItemNode = import_xml_builder.XmlNode.of( + flat ? listTraits.xmlName ?? listMember.getMemberName() : listValueTraits.xmlName ?? "member" + ); + this.writeSimpleInto(listValueSchema, value, listItemNode, xmlns); + container2.addChildNode(listItemNode); + } + }, "writeItem"); + if (flat) { + for (const value of array) { + if (sparse || value != null) { + writeItem(container, value); + } + } + } else { + const listNode = import_xml_builder.XmlNode.of(listTraits.xmlName ?? listMember.getMemberName()); + if (xmlns) { + listNode.addAttribute(xmlnsAttr, xmlns); + } + for (const value of array) { + if (sparse || value != null) { + writeItem(listNode, value); + } + } + container.addChildNode(listNode); + } + } + writeMap(mapMember, map, container, parentXmlns, containerIsMap = false) { + if (!mapMember.isMemberSchema()) { + throw new Error( + `@aws-sdk/core/protocols - xml serializer, cannot write non-member map: ${mapMember.getName(true)}` + ); + } + const mapTraits = mapMember.getMergedTraits(); + const mapKeySchema = mapMember.getKeySchema(); + const mapKeyTraits = mapKeySchema.getMergedTraits(); + const keyTag = mapKeyTraits.xmlName ?? "key"; + const mapValueSchema = mapMember.getValueSchema(); + const mapValueTraits = mapValueSchema.getMergedTraits(); + const valueTag = mapValueTraits.xmlName ?? "value"; + const sparse = !!mapValueTraits.sparse; + const flat = !!mapTraits.xmlFlattened; + const [xmlnsAttr, xmlns] = this.getXmlnsAttribute(mapMember, parentXmlns); + const addKeyValue = /* @__PURE__ */ __name((entry, key, val) => { + const keyNode = import_xml_builder.XmlNode.of(keyTag, key); + const [keyXmlnsAttr, keyXmlns] = this.getXmlnsAttribute(mapKeySchema, xmlns); + if (keyXmlns) { + keyNode.addAttribute(keyXmlnsAttr, keyXmlns); + } + entry.addChildNode(keyNode); + let valueNode = import_xml_builder.XmlNode.of(valueTag); + if (mapValueSchema.isListSchema()) { + this.writeList(mapValueSchema, val, valueNode, xmlns); + } else if (mapValueSchema.isMapSchema()) { + this.writeMap(mapValueSchema, val, valueNode, xmlns, true); + } else if (mapValueSchema.isStructSchema()) { + valueNode = this.writeStruct(mapValueSchema, val, xmlns); + } else { + this.writeSimpleInto(mapValueSchema, val, valueNode, xmlns); + } + entry.addChildNode(valueNode); + }, "addKeyValue"); + if (flat) { + for (const [key, val] of Object.entries(map)) { + if (sparse || val != null) { + const entry = import_xml_builder.XmlNode.of(mapTraits.xmlName ?? mapMember.getMemberName()); + addKeyValue(entry, key, val); + container.addChildNode(entry); + } + } + } else { + let mapNode; + if (!containerIsMap) { + mapNode = import_xml_builder.XmlNode.of(mapTraits.xmlName ?? mapMember.getMemberName()); + if (xmlns) { + mapNode.addAttribute(xmlnsAttr, xmlns); + } + container.addChildNode(mapNode); + } + for (const [key, val] of Object.entries(map)) { + if (sparse || val != null) { + const entry = import_xml_builder.XmlNode.of("entry"); + addKeyValue(entry, key, val); + (containerIsMap ? container : mapNode).addChildNode(entry); + } + } + } + } + writeSimple(_schema, value) { + if (null === value) { + throw new Error("@aws-sdk/core/protocols - (XML serializer) cannot write null value."); + } + const ns = import_schema8.NormalizedSchema.of(_schema); + let nodeContents = null; + if (value && typeof value === "object") { + if (ns.isBlobSchema()) { + nodeContents = (this.serdeContext?.base64Encoder ?? import_util_base643.toBase64)(value); + } else if (ns.isTimestampSchema() && value instanceof Date) { + const options = this.settings.timestampFormat; + const format = options.useTrait ? ns.getSchema() === import_schema8.SCHEMA.TIMESTAMP_DEFAULT ? options.default : ns.getSchema() ?? options.default : options.default; + switch (format) { + case import_schema8.SCHEMA.TIMESTAMP_DATE_TIME: + nodeContents = value.toISOString().replace(".000Z", "Z"); + break; + case import_schema8.SCHEMA.TIMESTAMP_HTTP_DATE: + nodeContents = (0, import_smithy_client6.dateToUtcString)(value); + break; + case import_schema8.SCHEMA.TIMESTAMP_EPOCH_SECONDS: + nodeContents = String(value.getTime() / 1e3); + break; + default: + console.warn("Missing timestamp format, using http date", value); + nodeContents = (0, import_smithy_client6.dateToUtcString)(value); + break; + } + } else if (ns.isBigDecimalSchema() && value) { + if (value instanceof import_serde7.NumericValue) { + return value.string; + } + return String(value); + } else if (ns.isMapSchema() || ns.isListSchema()) { + throw new Error( + "@aws-sdk/core/protocols - xml serializer, cannot call _write() on List/Map schema, call writeList or writeMap() instead." + ); + } else { + throw new Error( + `@aws-sdk/core/protocols - xml serializer, unhandled schema type for object value and schema: ${ns.getName( + true + )}` + ); + } + } + if (ns.isStringSchema() || ns.isBooleanSchema() || ns.isNumericSchema() || ns.isBigIntegerSchema() || ns.isBigDecimalSchema()) { + nodeContents = String(value); + } + if (nodeContents === null) { + throw new Error(`Unhandled schema-value pair ${ns.getName(true)}=${value}`); + } + return nodeContents; } -}; -var SlowDownException = class _SlowDownException extends SSOOIDCServiceException { - static { - __name(this, "SlowDownException"); + writeSimpleInto(_schema, value, into, parentXmlns) { + const nodeContents = this.writeSimple(_schema, value); + const ns = import_schema8.NormalizedSchema.of(_schema); + const content = new import_xml_builder.XmlText(nodeContents); + const [xmlnsAttr, xmlns] = this.getXmlnsAttribute(ns, parentXmlns); + if (xmlns) { + into.addAttribute(xmlnsAttr, xmlns); + } + into.addChildNode(content); } - name = "SlowDownException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be slow_down.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { - super({ - name: "SlowDownException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _SlowDownException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; + getXmlnsAttribute(ns, parentXmlns) { + const traits = ns.getMergedTraits(); + const [prefix, xmlns] = traits.xmlNamespace ?? []; + if (xmlns && xmlns !== parentXmlns) { + return [prefix ? `xmlns:${prefix}` : "xmlns", xmlns]; + } + return [void 0, void 0]; } }; -var UnauthorizedClientException = class _UnauthorizedClientException extends SSOOIDCServiceException { + +// src/submodules/protocols/xml/XmlCodec.ts +var XmlCodec = class extends SerdeContextConfig { + constructor(settings) { + super(); + this.settings = settings; + } static { - __name(this, "UnauthorizedClientException"); + __name(this, "XmlCodec"); } - name = "UnauthorizedClientException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be
- * unauthorized_client.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { - super({ - name: "UnauthorizedClientException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _UnauthorizedClientException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; + createSerializer() { + const serializer = new XmlShapeSerializer(this.settings); + serializer.setSerdeContext(this.serdeContext); + return serializer; + } + createDeserializer() { + const deserializer = new XmlShapeDeserializer(this.settings); + deserializer.setSerdeContext(this.serdeContext); + return deserializer; } }; -var UnsupportedGrantTypeException = class _UnsupportedGrantTypeException extends SSOOIDCServiceException { + +// src/submodules/protocols/xml/AwsRestXmlProtocol.ts +var AwsRestXmlProtocol = class extends import_protocols6.HttpBindingProtocol { static { - __name(this, "UnsupportedGrantTypeException"); + __name(this, "AwsRestXmlProtocol"); } - name = "UnsupportedGrantTypeException"; - $fault = "client"; - /** - *Single error code. For this exception the value will be
- * unsupported_grant_type.
Human-readable text providing additional information, used to assist the client developer - * in understanding the error that occurred.
- * @public - */ - error_description; - /** - * @internal - */ - constructor(opts) { - super({ - name: "UnsupportedGrantTypeException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _UnsupportedGrantTypeException.prototype); - this.error = opts.error; - this.error_description = opts.error_description; + codec; + serializer; + deserializer; + constructor(options) { + super(options); + const settings = { + timestampFormat: { + useTrait: true, + default: import_schema9.SCHEMA.TIMESTAMP_DATE_TIME + }, + httpBindings: true, + xmlNamespace: options.xmlNamespace, + serviceNamespace: options.defaultNamespace + }; + this.codec = new XmlCodec(settings); + this.serializer = new import_protocols6.HttpInterceptingShapeSerializer(this.codec.createSerializer(), settings); + this.deserializer = new import_protocols6.HttpInterceptingShapeDeserializer(this.codec.createDeserializer(), settings); } -}; - -// src/submodules/sso-oidc/protocols/Aws_restJson1.ts -var import_core2 = __nccwpck_require__(2143); -var import_core3 = __nccwpck_require__(5829); -var import_smithy_client5 = __nccwpck_require__(3570); -var se_CreateTokenCommand = /* @__PURE__ */ __name(async (input, context) => { - const b = (0, import_core3.requestBuilder)(input, context); - const headers = { - "content-type": "application/json" - }; - b.bp("/token"); - let body; - body = JSON.stringify( - (0, import_smithy_client5.take)(input, { - clientId: [], - clientSecret: [], - code: [], - codeVerifier: [], - deviceCode: [], - grantType: [], - redirectUri: [], - refreshToken: [], - scope: /* @__PURE__ */ __name((_) => (0, import_smithy_client5._json)(_), "scope") - }) - ); - b.m("POST").h(headers).b(body); - return b.build(); -}, "se_CreateTokenCommand"); -var de_CreateTokenCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode !== 200 && output.statusCode >= 300) { - return de_CommandError(output, context); + getPayloadCodec() { + return this.codec; } - const contents = (0, import_smithy_client5.map)({ - $metadata: deserializeMetadata(output) - }); - const data = (0, import_smithy_client5.expectNonNull)((0, import_smithy_client5.expectObject)(await (0, import_core2.parseJsonBody)(output.body, context)), "body"); - const doc = (0, import_smithy_client5.take)(data, { - accessToken: import_smithy_client5.expectString, - expiresIn: import_smithy_client5.expectInt32, - idToken: import_smithy_client5.expectString, - refreshToken: import_smithy_client5.expectString, - tokenType: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - return contents; -}, "de_CreateTokenCommand"); -var de_CommandError = /* @__PURE__ */ __name(async (output, context) => { - const parsedOutput = { - ...output, - body: await (0, import_core2.parseJsonErrorBody)(output.body, context) - }; - const errorCode = (0, import_core2.loadRestJsonErrorCode)(output, parsedOutput.body); - switch (errorCode) { - case "AccessDeniedException": - case "com.amazonaws.ssooidc#AccessDeniedException": - throw await de_AccessDeniedExceptionRes(parsedOutput, context); - case "AuthorizationPendingException": - case "com.amazonaws.ssooidc#AuthorizationPendingException": - throw await de_AuthorizationPendingExceptionRes(parsedOutput, context); - case "ExpiredTokenException": - case "com.amazonaws.ssooidc#ExpiredTokenException": - throw await de_ExpiredTokenExceptionRes(parsedOutput, context); - case "InternalServerException": - case "com.amazonaws.ssooidc#InternalServerException": - throw await de_InternalServerExceptionRes(parsedOutput, context); - case "InvalidClientException": - case "com.amazonaws.ssooidc#InvalidClientException": - throw await de_InvalidClientExceptionRes(parsedOutput, context); - case "InvalidGrantException": - case "com.amazonaws.ssooidc#InvalidGrantException": - throw await de_InvalidGrantExceptionRes(parsedOutput, context); - case "InvalidRequestException": - case "com.amazonaws.ssooidc#InvalidRequestException": - throw await de_InvalidRequestExceptionRes(parsedOutput, context); - case "InvalidScopeException": - case "com.amazonaws.ssooidc#InvalidScopeException": - throw await de_InvalidScopeExceptionRes(parsedOutput, context); - case "SlowDownException": - case "com.amazonaws.ssooidc#SlowDownException": - throw await de_SlowDownExceptionRes(parsedOutput, context); - case "UnauthorizedClientException": - case "com.amazonaws.ssooidc#UnauthorizedClientException": - throw await de_UnauthorizedClientExceptionRes(parsedOutput, context); - case "UnsupportedGrantTypeException": - case "com.amazonaws.ssooidc#UnsupportedGrantTypeException": - throw await de_UnsupportedGrantTypeExceptionRes(parsedOutput, context); - default: - const parsedBody = parsedOutput.body; - return throwDefaultError({ - output, - parsedBody, - errorCode + getShapeId() { + return "aws.protocols#restXml"; + } + async serializeRequest(operationSchema, input, context) { + const request = await super.serializeRequest(operationSchema, input, context); + const ns = import_schema9.NormalizedSchema.of(operationSchema.input); + const members = ns.getMemberSchemas(); + request.path = String(request.path).split("/").filter((segment) => { + return segment !== "{Bucket}"; + }).join("/") || "/"; + if (!request.headers["content-type"]) { + const httpPayloadMember = Object.values(members).find((m) => { + return !!m.getMergedTraits().httpPayload; }); + if (httpPayloadMember) { + const mediaType = httpPayloadMember.getMergedTraits().mediaType; + if (mediaType) { + request.headers["content-type"] = mediaType; + } else if (httpPayloadMember.isStringSchema()) { + request.headers["content-type"] = "text/plain"; + } else if (httpPayloadMember.isBlobSchema()) { + request.headers["content-type"] = "application/octet-stream"; + } else { + request.headers["content-type"] = "application/xml"; + } + } else if (!ns.isUnitSchema()) { + const hasBody = Object.values(members).find((m) => { + const { httpQuery, httpQueryParams, httpHeader, httpLabel, httpPrefixHeaders } = m.getMergedTraits(); + return !httpQuery && !httpQueryParams && !httpHeader && !httpLabel && httpPrefixHeaders === void 0; + }); + if (hasBody) { + request.headers["content-type"] = "application/xml"; + } + } + } + if (request.headers["content-type"] === "application/xml") { + if (typeof request.body === "string") { + request.body = '' + request.body; + } + } + if (request.body) { + try { + request.headers["content-length"] = String((0, import_util_body_length_browser4.calculateBodyLength)(request.body)); + } catch (e) { + } + } + return request; } -}, "de_CommandError"); -var throwDefaultError = (0, import_smithy_client5.withBaseException)(SSOOIDCServiceException); -var de_AccessDeniedExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new AccessDeniedException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_AccessDeniedExceptionRes"); -var de_AuthorizationPendingExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new AuthorizationPendingException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_AuthorizationPendingExceptionRes"); -var de_ExpiredTokenExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new ExpiredTokenException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_ExpiredTokenExceptionRes"); -var de_InternalServerExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new InternalServerException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_InternalServerExceptionRes"); -var de_InvalidClientExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new InvalidClientException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_InvalidClientExceptionRes"); -var de_InvalidGrantExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new InvalidGrantException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_InvalidGrantExceptionRes"); -var de_InvalidRequestExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new InvalidRequestException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_InvalidRequestExceptionRes"); -var de_InvalidScopeExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new InvalidScopeException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_InvalidScopeExceptionRes"); -var de_SlowDownExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new SlowDownException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_SlowDownExceptionRes"); -var de_UnauthorizedClientExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new UnauthorizedClientException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_UnauthorizedClientExceptionRes"); -var de_UnsupportedGrantTypeExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const contents = (0, import_smithy_client5.map)({}); - const data = parsedOutput.body; - const doc = (0, import_smithy_client5.take)(data, { - error: import_smithy_client5.expectString, - error_description: import_smithy_client5.expectString - }); - Object.assign(contents, doc); - const exception = new UnsupportedGrantTypeException({ - $metadata: deserializeMetadata(parsedOutput), - ...contents - }); - return (0, import_smithy_client5.decorateServiceException)(exception, parsedOutput.body); -}, "de_UnsupportedGrantTypeExceptionRes"); -var deserializeMetadata = /* @__PURE__ */ __name((output) => ({ - httpStatusCode: output.statusCode, - requestId: output.headers["x-amzn-requestid"] ?? output.headers["x-amzn-request-id"] ?? output.headers["x-amz-request-id"], - extendedRequestId: output.headers["x-amz-id-2"], - cfId: output.headers["x-amz-cf-id"] -}), "deserializeMetadata"); - -// src/submodules/sso-oidc/commands/CreateTokenCommand.ts -var CreateTokenCommand = class extends import_smithy_client6.Command.classBuilder().ep(commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint2.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("AWSSSOOIDCService", "CreateToken", {}).n("SSOOIDCClient", "CreateTokenCommand").f(CreateTokenRequestFilterSensitiveLog, CreateTokenResponseFilterSensitiveLog).ser(se_CreateTokenCommand).de(de_CreateTokenCommand).build() { - static { - __name(this, "CreateTokenCommand"); + async deserializeResponse(operationSchema, context, response) { + return super.deserializeResponse(operationSchema, context, response); } -}; - -// src/submodules/sso-oidc/SSOOIDC.ts -var commands = { - CreateTokenCommand -}; -var SSOOIDC = class extends SSOOIDCClient { - static { - __name(this, "SSOOIDC"); + async handleError(operationSchema, context, response, dataObject, metadata) { + const errorIdentifier = loadRestXmlErrorCode(response, dataObject) ?? "Unknown"; + let namespace = this.options.defaultNamespace; + let errorName = errorIdentifier; + if (errorIdentifier.includes("#")) { + [namespace, errorName] = errorIdentifier.split("#"); + } + const registry = import_schema9.TypeRegistry.for(namespace); + let errorSchema; + try { + errorSchema = registry.getSchema(errorIdentifier); + } catch (e) { + const baseExceptionSchema = import_schema9.TypeRegistry.for("smithy.ts.sdk.synthetic." + namespace).getBaseException(); + if (baseExceptionSchema) { + const ErrorCtor = baseExceptionSchema.ctor; + throw Object.assign(new ErrorCtor(errorName), dataObject); + } + throw new Error(errorName); + } + const ns = import_schema9.NormalizedSchema.of(errorSchema); + const message = dataObject.Error?.message ?? dataObject.Error?.Message ?? dataObject.message ?? dataObject.Message ?? "Unknown"; + const exception = new errorSchema.ctor(message); + await this.deserializeHttpMessage(errorSchema, context, response, dataObject); + const output = {}; + for (const [name, member] of ns.structIterator()) { + const target = member.getMergedTraits().xmlName ?? name; + const value = dataObject.Error?.[target] ?? dataObject[target]; + output[name] = this.codec.createDeserializer().readSchema(member, value); + } + Object.assign(exception, { + $metadata: metadata, + $response: response, + $fault: ns.getMergedTraits().error, + message, + ...output + }); + throw exception; } }; -(0, import_smithy_client7.createAggregatedClient)(commands, SSOOIDC); // Annotate the CommonJS export names for ESM import in node: 0 && (0); /***/ }), -/***/ 5875: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { +/***/ 5972: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.getRuntimeConfig = void 0; -const tslib_1 = __nccwpck_require__(4351); -const package_json_1 = tslib_1.__importDefault(__nccwpck_require__(4178)); -const core_1 = __nccwpck_require__(2143); -const util_user_agent_node_1 = __nccwpck_require__(7330); -const config_resolver_1 = __nccwpck_require__(3098); -const hash_node_1 = __nccwpck_require__(3081); -const middleware_retry_1 = __nccwpck_require__(6039); -const node_config_provider_1 = __nccwpck_require__(3461); -const node_http_handler_1 = __nccwpck_require__(258); -const util_body_length_node_1 = __nccwpck_require__(8075); -const util_retry_1 = __nccwpck_require__(4902); -const runtimeConfig_shared_1 = __nccwpck_require__(3695); -const smithy_client_1 = __nccwpck_require__(3570); -const util_defaults_mode_node_1 = __nccwpck_require__(2429); -const smithy_client_2 = __nccwpck_require__(3570); -const getRuntimeConfig = (config) => { - (0, smithy_client_2.emitWarningIfUnsupportedVersion)(process.version); - const defaultsMode = (0, util_defaults_mode_node_1.resolveDefaultsModeConfig)(config); - const defaultConfigProvider = () => defaultsMode().then(smithy_client_1.loadConfigsForDefaultMode); - const clientSharedValues = (0, runtimeConfig_shared_1.getRuntimeConfig)(config); - (0, core_1.emitWarningIfUnsupportedVersion)(process.version); - const loaderConfig = { - profile: config?.profile, - logger: clientSharedValues.logger, - }; - return { - ...clientSharedValues, - ...config, - runtime: "node", - defaultsMode, - authSchemePreference: config?.authSchemePreference ?? (0, node_config_provider_1.loadConfig)(core_1.NODE_AUTH_SCHEME_PREFERENCE_OPTIONS, loaderConfig), - bodyLengthChecker: config?.bodyLengthChecker ?? util_body_length_node_1.calculateBodyLength, - defaultUserAgentProvider: config?.defaultUserAgentProvider ?? - (0, util_user_agent_node_1.createDefaultUserAgentProvider)({ serviceId: clientSharedValues.serviceId, clientVersion: package_json_1.default.version }), - maxAttempts: config?.maxAttempts ?? (0, node_config_provider_1.loadConfig)(middleware_retry_1.NODE_MAX_ATTEMPT_CONFIG_OPTIONS, config), - region: config?.region ?? - (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_REGION_CONFIG_OPTIONS, { ...config_resolver_1.NODE_REGION_CONFIG_FILE_OPTIONS, ...loaderConfig }), - requestHandler: node_http_handler_1.NodeHttpHandler.create(config?.requestHandler ?? defaultConfigProvider), - retryMode: config?.retryMode ?? - (0, node_config_provider_1.loadConfig)({ - ...middleware_retry_1.NODE_RETRY_MODE_CONFIG_OPTIONS, - default: async () => (await defaultConfigProvider()).retryMode || util_retry_1.DEFAULT_RETRY_MODE, - }, config), - sha256: config?.sha256 ?? hash_node_1.Hash.bind(null, "sha256"), - streamCollector: config?.streamCollector ?? node_http_handler_1.streamCollector, - useDualstackEndpoint: config?.useDualstackEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS, loaderConfig), - useFipsEndpoint: config?.useFipsEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS, loaderConfig), - userAgentAppId: config?.userAgentAppId ?? (0, node_config_provider_1.loadConfig)(util_user_agent_node_1.NODE_APP_ID_CONFIG_OPTIONS, loaderConfig), - }; +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); }; -exports.getRuntimeConfig = getRuntimeConfig; - +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + } + return to; +}; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -/***/ }), +// src/index.ts +var index_exports = {}; +__export(index_exports, { + ENV_ACCOUNT_ID: () => ENV_ACCOUNT_ID, + ENV_CREDENTIAL_SCOPE: () => ENV_CREDENTIAL_SCOPE, + ENV_EXPIRATION: () => ENV_EXPIRATION, + ENV_KEY: () => ENV_KEY, + ENV_SECRET: () => ENV_SECRET, + ENV_SESSION: () => ENV_SESSION, + fromEnv: () => fromEnv +}); +module.exports = __toCommonJS(index_exports); -/***/ 3695: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { +// src/fromEnv.ts +var import_client = __nccwpck_require__(2825); +var import_property_provider = __nccwpck_require__(9721); +var ENV_KEY = "AWS_ACCESS_KEY_ID"; +var ENV_SECRET = "AWS_SECRET_ACCESS_KEY"; +var ENV_SESSION = "AWS_SESSION_TOKEN"; +var ENV_EXPIRATION = "AWS_CREDENTIAL_EXPIRATION"; +var ENV_CREDENTIAL_SCOPE = "AWS_CREDENTIAL_SCOPE"; +var ENV_ACCOUNT_ID = "AWS_ACCOUNT_ID"; +var fromEnv = /* @__PURE__ */ __name((init) => async () => { + init?.logger?.debug("@aws-sdk/credential-provider-env - fromEnv"); + const accessKeyId = process.env[ENV_KEY]; + const secretAccessKey = process.env[ENV_SECRET]; + const sessionToken = process.env[ENV_SESSION]; + const expiry = process.env[ENV_EXPIRATION]; + const credentialScope = process.env[ENV_CREDENTIAL_SCOPE]; + const accountId = process.env[ENV_ACCOUNT_ID]; + if (accessKeyId && secretAccessKey) { + const credentials = { + accessKeyId, + secretAccessKey, + ...sessionToken && { sessionToken }, + ...expiry && { expiration: new Date(expiry) }, + ...credentialScope && { credentialScope }, + ...accountId && { accountId } + }; + (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_ENV_VARS", "g"); + return credentials; + } + throw new import_property_provider.CredentialsProviderError("Unable to find environment variable credentials.", { logger: init?.logger }); +}, "fromEnv"); +// Annotate the CommonJS export names for ESM import in node: -"use strict"; +0 && (0); -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.getRuntimeConfig = void 0; -const core_1 = __nccwpck_require__(2143); -const core_2 = __nccwpck_require__(5829); -const smithy_client_1 = __nccwpck_require__(3570); -const url_parser_1 = __nccwpck_require__(4681); -const util_base64_1 = __nccwpck_require__(5600); -const util_utf8_1 = __nccwpck_require__(1895); -const httpAuthSchemeProvider_1 = __nccwpck_require__(9002); -const endpointResolver_1 = __nccwpck_require__(8012); -const getRuntimeConfig = (config) => { - return { - apiVersion: "2019-06-10", - base64Decoder: config?.base64Decoder ?? util_base64_1.fromBase64, - base64Encoder: config?.base64Encoder ?? util_base64_1.toBase64, - disableHostPrefix: config?.disableHostPrefix ?? false, - endpointProvider: config?.endpointProvider ?? endpointResolver_1.defaultEndpointResolver, - extensions: config?.extensions ?? [], - httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? httpAuthSchemeProvider_1.defaultSSOOIDCHttpAuthSchemeProvider, - httpAuthSchemes: config?.httpAuthSchemes ?? [ - { - schemeId: "aws.auth#sigv4", - identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4"), - signer: new core_1.AwsSdkSigV4Signer(), - }, - { - schemeId: "smithy.api#noAuth", - identityProvider: (ipc) => ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})), - signer: new core_2.NoAuthSigner(), - }, - ], - logger: config?.logger ?? new smithy_client_1.NoOpLogger(), - serviceId: config?.serviceId ?? "SSO OIDC", - urlParser: config?.urlParser ?? url_parser_1.parseUrl, - utf8Decoder: config?.utf8Decoder ?? util_utf8_1.fromUtf8, - utf8Encoder: config?.utf8Encoder ?? util_utf8_1.toUtf8, - }; -}; -exports.getRuntimeConfig = getRuntimeConfig; /***/ }), -/***/ 6878: +/***/ 3757: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.STSClient = exports.__Client = void 0; -const middleware_host_header_1 = __nccwpck_require__(9514); -const middleware_logger_1 = __nccwpck_require__(5675); -const middleware_recursion_detection_1 = __nccwpck_require__(7977); -const middleware_user_agent_1 = __nccwpck_require__(6634); -const config_resolver_1 = __nccwpck_require__(3098); -const core_1 = __nccwpck_require__(5829); -const middleware_content_length_1 = __nccwpck_require__(2800); -const middleware_endpoint_1 = __nccwpck_require__(2918); -const middleware_retry_1 = __nccwpck_require__(6039); -const smithy_client_1 = __nccwpck_require__(3570); -Object.defineProperty(exports, "__Client", ({ enumerable: true, get: function () { return smithy_client_1.Client; } })); -const httpAuthSchemeProvider_1 = __nccwpck_require__(3061); -const EndpointParameters_1 = __nccwpck_require__(981); -const runtimeConfig_1 = __nccwpck_require__(302); -const runtimeExtensions_1 = __nccwpck_require__(9913); -class STSClient extends smithy_client_1.Client { - config; - constructor(...[configuration]) { - const _config_0 = (0, runtimeConfig_1.getRuntimeConfig)(configuration || {}); - super(_config_0); - this.initConfig = _config_0; - const _config_1 = (0, EndpointParameters_1.resolveClientEndpointParameters)(_config_0); - const _config_2 = (0, middleware_user_agent_1.resolveUserAgentConfig)(_config_1); - const _config_3 = (0, middleware_retry_1.resolveRetryConfig)(_config_2); - const _config_4 = (0, config_resolver_1.resolveRegionConfig)(_config_3); - const _config_5 = (0, middleware_host_header_1.resolveHostHeaderConfig)(_config_4); - const _config_6 = (0, middleware_endpoint_1.resolveEndpointConfig)(_config_5); - const _config_7 = (0, httpAuthSchemeProvider_1.resolveHttpAuthSchemeConfig)(_config_6); - const _config_8 = (0, runtimeExtensions_1.resolveRuntimeExtensions)(_config_7, configuration?.extensions || []); - this.config = _config_8; - this.middlewareStack.use((0, middleware_user_agent_1.getUserAgentPlugin)(this.config)); - this.middlewareStack.use((0, middleware_retry_1.getRetryPlugin)(this.config)); - this.middlewareStack.use((0, middleware_content_length_1.getContentLengthPlugin)(this.config)); - this.middlewareStack.use((0, middleware_host_header_1.getHostHeaderPlugin)(this.config)); - this.middlewareStack.use((0, middleware_logger_1.getLoggerPlugin)(this.config)); - this.middlewareStack.use((0, middleware_recursion_detection_1.getRecursionDetectionPlugin)(this.config)); - this.middlewareStack.use((0, core_1.getHttpAuthSchemeEndpointRuleSetPlugin)(this.config, { - httpAuthSchemeParametersProvider: httpAuthSchemeProvider_1.defaultSTSHttpAuthSchemeParametersProvider, - identityProviderConfigProvider: async (config) => new core_1.DefaultIdentityProviderConfig({ - "aws.auth#sigv4": config.credentials, - }), - })); - this.middlewareStack.use((0, core_1.getHttpSigningPlugin)(this.config)); +exports.checkUrl = void 0; +const property_provider_1 = __nccwpck_require__(9721); +const LOOPBACK_CIDR_IPv4 = "127.0.0.0/8"; +const LOOPBACK_CIDR_IPv6 = "::1/128"; +const ECS_CONTAINER_HOST = "169.254.170.2"; +const EKS_CONTAINER_HOST_IPv4 = "169.254.170.23"; +const EKS_CONTAINER_HOST_IPv6 = "[fd00:ec2::23]"; +const checkUrl = (url, logger) => { + if (url.protocol === "https:") { + return; } - destroy() { - super.destroy(); + if (url.hostname === ECS_CONTAINER_HOST || + url.hostname === EKS_CONTAINER_HOST_IPv4 || + url.hostname === EKS_CONTAINER_HOST_IPv6) { + return; } -} -exports.STSClient = STSClient; + if (url.hostname.includes("[")) { + if (url.hostname === "[::1]" || url.hostname === "[0000:0000:0000:0000:0000:0000:0000:0001]") { + return; + } + } + else { + if (url.hostname === "localhost") { + return; + } + const ipComponents = url.hostname.split("."); + const inRange = (component) => { + const num = parseInt(component, 10); + return 0 <= num && num <= 255; + }; + if (ipComponents[0] === "127" && + inRange(ipComponents[1]) && + inRange(ipComponents[2]) && + inRange(ipComponents[3]) && + ipComponents.length === 4) { + return; + } + } + throw new property_provider_1.CredentialsProviderError(`URL not accepted. It must either be HTTPS or match one of the following: + - loopback CIDR 127.0.0.0/8 or [::1/128] + - ECS container host 169.254.170.2 + - EKS container host 169.254.170.23 or [fd00:ec2::23]`, { logger }); +}; +exports.checkUrl = checkUrl; /***/ }), -/***/ 1746: -/***/ ((__unused_webpack_module, exports) => { +/***/ 6070: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.resolveHttpAuthRuntimeConfig = exports.getHttpAuthExtensionConfiguration = void 0; -const getHttpAuthExtensionConfiguration = (runtimeConfig) => { - const _httpAuthSchemes = runtimeConfig.httpAuthSchemes; - let _httpAuthSchemeProvider = runtimeConfig.httpAuthSchemeProvider; - let _credentials = runtimeConfig.credentials; - return { - setHttpAuthScheme(httpAuthScheme) { - const index = _httpAuthSchemes.findIndex((scheme) => scheme.schemeId === httpAuthScheme.schemeId); - if (index === -1) { - _httpAuthSchemes.push(httpAuthScheme); - } - else { - _httpAuthSchemes.splice(index, 1, httpAuthScheme); - } - }, - httpAuthSchemes() { - return _httpAuthSchemes; - }, - setHttpAuthSchemeProvider(httpAuthSchemeProvider) { - _httpAuthSchemeProvider = httpAuthSchemeProvider; - }, - httpAuthSchemeProvider() { - return _httpAuthSchemeProvider; - }, - setCredentials(credentials) { - _credentials = credentials; - }, - credentials() { - return _credentials; - }, - }; -}; -exports.getHttpAuthExtensionConfiguration = getHttpAuthExtensionConfiguration; -const resolveHttpAuthRuntimeConfig = (config) => { - return { - httpAuthSchemes: config.httpAuthSchemes(), - httpAuthSchemeProvider: config.httpAuthSchemeProvider(), - credentials: config.credentials(), - }; +exports.fromHttp = void 0; +const tslib_1 = __nccwpck_require__(4351); +const client_1 = __nccwpck_require__(2825); +const node_http_handler_1 = __nccwpck_require__(258); +const property_provider_1 = __nccwpck_require__(9721); +const promises_1 = tslib_1.__importDefault(__nccwpck_require__(3292)); +const checkUrl_1 = __nccwpck_require__(3757); +const requestHelpers_1 = __nccwpck_require__(9287); +const retry_wrapper_1 = __nccwpck_require__(9921); +const AWS_CONTAINER_CREDENTIALS_RELATIVE_URI = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"; +const DEFAULT_LINK_LOCAL_HOST = "http://169.254.170.2"; +const AWS_CONTAINER_CREDENTIALS_FULL_URI = "AWS_CONTAINER_CREDENTIALS_FULL_URI"; +const AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE = "AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE"; +const AWS_CONTAINER_AUTHORIZATION_TOKEN = "AWS_CONTAINER_AUTHORIZATION_TOKEN"; +const fromHttp = (options = {}) => { + options.logger?.debug("@aws-sdk/credential-provider-http - fromHttp"); + let host; + const relative = options.awsContainerCredentialsRelativeUri ?? process.env[AWS_CONTAINER_CREDENTIALS_RELATIVE_URI]; + const full = options.awsContainerCredentialsFullUri ?? process.env[AWS_CONTAINER_CREDENTIALS_FULL_URI]; + const token = options.awsContainerAuthorizationToken ?? process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN]; + const tokenFile = options.awsContainerAuthorizationTokenFile ?? process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE]; + const warn = options.logger?.constructor?.name === "NoOpLogger" || !options.logger ? console.warn : options.logger.warn; + if (relative && full) { + warn("@aws-sdk/credential-provider-http: " + + "you have set both awsContainerCredentialsRelativeUri and awsContainerCredentialsFullUri."); + warn("awsContainerCredentialsFullUri will take precedence."); + } + if (token && tokenFile) { + warn("@aws-sdk/credential-provider-http: " + + "you have set both awsContainerAuthorizationToken and awsContainerAuthorizationTokenFile."); + warn("awsContainerAuthorizationToken will take precedence."); + } + if (full) { + host = full; + } + else if (relative) { + host = `${DEFAULT_LINK_LOCAL_HOST}${relative}`; + } + else { + throw new property_provider_1.CredentialsProviderError(`No HTTP credential provider host provided. +Set AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI.`, { logger: options.logger }); + } + const url = new URL(host); + (0, checkUrl_1.checkUrl)(url, options.logger); + const requestHandler = new node_http_handler_1.NodeHttpHandler({ + requestTimeout: options.timeout ?? 1000, + connectionTimeout: options.timeout ?? 1000, + }); + return (0, retry_wrapper_1.retryWrapper)(async () => { + const request = (0, requestHelpers_1.createGetRequest)(url); + if (token) { + request.headers.Authorization = token; + } + else if (tokenFile) { + request.headers.Authorization = (await promises_1.default.readFile(tokenFile)).toString(); + } + try { + const result = await requestHandler.handle(request); + return (0, requestHelpers_1.getCredentials)(result.response).then((creds) => (0, client_1.setCredentialFeature)(creds, "CREDENTIALS_HTTP", "z")); + } + catch (e) { + throw new property_provider_1.CredentialsProviderError(String(e), { logger: options.logger }); + } + }, options.maxRetries ?? 3, options.timeout ?? 1000); }; -exports.resolveHttpAuthRuntimeConfig = resolveHttpAuthRuntimeConfig; +exports.fromHttp = fromHttp; /***/ }), -/***/ 3061: +/***/ 9287: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.resolveHttpAuthSchemeConfig = exports.resolveStsAuthConfig = exports.defaultSTSHttpAuthSchemeProvider = exports.defaultSTSHttpAuthSchemeParametersProvider = void 0; -const core_1 = __nccwpck_require__(2143); -const util_middleware_1 = __nccwpck_require__(2390); -const STSClient_1 = __nccwpck_require__(6878); -const defaultSTSHttpAuthSchemeParametersProvider = async (config, context, input) => { - return { - operation: (0, util_middleware_1.getSmithyContext)(context).operation, - region: (await (0, util_middleware_1.normalizeProvider)(config.region)()) || - (() => { - throw new Error("expected `region` to be configured for `aws.auth#sigv4`"); - })(), - }; -}; -exports.defaultSTSHttpAuthSchemeParametersProvider = defaultSTSHttpAuthSchemeParametersProvider; -function createAwsAuthSigv4HttpAuthOption(authParameters) { - return { - schemeId: "aws.auth#sigv4", - signingProperties: { - name: "sts", - region: authParameters.region, - }, - propertiesExtractor: (config, context) => ({ - signingProperties: { - config, - context, - }, - }), - }; -} -function createSmithyApiNoAuthHttpAuthOption(authParameters) { - return { - schemeId: "smithy.api#noAuth", - }; +exports.createGetRequest = createGetRequest; +exports.getCredentials = getCredentials; +const property_provider_1 = __nccwpck_require__(9721); +const protocol_http_1 = __nccwpck_require__(4418); +const smithy_client_1 = __nccwpck_require__(3570); +const util_stream_1 = __nccwpck_require__(6607); +function createGetRequest(url) { + return new protocol_http_1.HttpRequest({ + protocol: url.protocol, + hostname: url.hostname, + port: Number(url.port), + path: url.pathname, + query: Array.from(url.searchParams.entries()).reduce((acc, [k, v]) => { + acc[k] = v; + return acc; + }, {}), + fragment: url.hash, + }); } -const defaultSTSHttpAuthSchemeProvider = (authParameters) => { - const options = []; - switch (authParameters.operation) { - case "AssumeRoleWithWebIdentity": { - options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); - break; +async function getCredentials(response, logger) { + const stream = (0, util_stream_1.sdkStreamMixin)(response.body); + const str = await stream.transformToString(); + if (response.statusCode === 200) { + const parsed = JSON.parse(str); + if (typeof parsed.AccessKeyId !== "string" || + typeof parsed.SecretAccessKey !== "string" || + typeof parsed.Token !== "string" || + typeof parsed.Expiration !== "string") { + throw new property_provider_1.CredentialsProviderError("HTTP credential provider response not of the required format, an object matching: " + + "{ AccessKeyId: string, SecretAccessKey: string, Token: string, Expiration: string(rfc3339) }", { logger }); } - default: { - options.push(createAwsAuthSigv4HttpAuthOption(authParameters)); + return { + accessKeyId: parsed.AccessKeyId, + secretAccessKey: parsed.SecretAccessKey, + sessionToken: parsed.Token, + expiration: (0, smithy_client_1.parseRfc3339DateTime)(parsed.Expiration), + }; + } + if (response.statusCode >= 400 && response.statusCode < 500) { + let parsedBody = {}; + try { + parsedBody = JSON.parse(str); } + catch (e) { } + throw Object.assign(new property_provider_1.CredentialsProviderError(`Server responded with status: ${response.statusCode}`, { logger }), { + Code: parsedBody.Code, + Message: parsedBody.Message, + }); } - return options; -}; -exports.defaultSTSHttpAuthSchemeProvider = defaultSTSHttpAuthSchemeProvider; -const resolveStsAuthConfig = (input) => Object.assign(input, { - stsClientCtor: STSClient_1.STSClient, -}); -exports.resolveStsAuthConfig = resolveStsAuthConfig; -const resolveHttpAuthSchemeConfig = (config) => { - const config_0 = (0, exports.resolveStsAuthConfig)(config); - const config_1 = (0, core_1.resolveAwsSdkSigV4Config)(config_0); - return Object.assign(config_1, { - authSchemePreference: (0, util_middleware_1.normalizeProvider)(config.authSchemePreference ?? []), - }); -}; -exports.resolveHttpAuthSchemeConfig = resolveHttpAuthSchemeConfig; + throw new property_provider_1.CredentialsProviderError(`Server responded with status: ${response.statusCode}`, { logger }); +} /***/ }), -/***/ 981: +/***/ 9921: /***/ ((__unused_webpack_module, exports) => { "use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.commonParams = exports.resolveClientEndpointParameters = void 0; -const resolveClientEndpointParameters = (options) => { - return Object.assign(options, { - useDualstackEndpoint: options.useDualstackEndpoint ?? false, - useFipsEndpoint: options.useFipsEndpoint ?? false, - useGlobalEndpoint: options.useGlobalEndpoint ?? false, - defaultSigningName: "sts", - }); -}; -exports.resolveClientEndpointParameters = resolveClientEndpointParameters; -exports.commonParams = { - UseGlobalEndpoint: { type: "builtInParams", name: "useGlobalEndpoint" }, - UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, - Endpoint: { type: "builtInParams", name: "endpoint" }, - Region: { type: "builtInParams", name: "region" }, - UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" }, -}; - - -/***/ }), - -/***/ 8181: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.defaultEndpointResolver = void 0; -const util_endpoints_1 = __nccwpck_require__(4241); -const util_endpoints_2 = __nccwpck_require__(5473); -const ruleset_1 = __nccwpck_require__(5713); -const cache = new util_endpoints_2.EndpointCache({ - size: 50, - params: ["Endpoint", "Region", "UseDualStack", "UseFIPS", "UseGlobalEndpoint"], -}); -const defaultEndpointResolver = (endpointParams, context = {}) => { - return cache.get(endpointParams, () => (0, util_endpoints_2.resolveEndpoint)(ruleset_1.ruleSet, { - endpointParams: endpointParams, - logger: context.logger, - })); + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.retryWrapper = void 0; +const retryWrapper = (toRetry, maxRetries, delayMs) => { + return async () => { + for (let i = 0; i < maxRetries; ++i) { + try { + return await toRetry(); + } + catch (e) { + await new Promise((resolve) => setTimeout(resolve, delayMs)); + } + } + return await toRetry(); + }; }; -exports.defaultEndpointResolver = defaultEndpointResolver; -util_endpoints_2.customEndpointFunctions.aws = util_endpoints_1.awsEndpointFunctions; +exports.retryWrapper = retryWrapper; /***/ }), -/***/ 5713: -/***/ ((__unused_webpack_module, exports) => { +/***/ 7290: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.ruleSet = void 0; -const F = "required", G = "type", H = "fn", I = "argv", J = "ref"; -const a = false, b = true, c = "booleanEquals", d = "stringEquals", e = "sigv4", f = "sts", g = "us-east-1", h = "endpoint", i = "https://sts.{Region}.{PartitionResult#dnsSuffix}", j = "tree", k = "error", l = "getAttr", m = { [F]: false, [G]: "String" }, n = { [F]: true, "default": false, [G]: "Boolean" }, o = { [J]: "Endpoint" }, p = { [H]: "isSet", [I]: [{ [J]: "Region" }] }, q = { [J]: "Region" }, r = { [H]: "aws.partition", [I]: [q], "assign": "PartitionResult" }, s = { [J]: "UseFIPS" }, t = { [J]: "UseDualStack" }, u = { "url": "https://sts.amazonaws.com", "properties": { "authSchemes": [{ "name": e, "signingName": f, "signingRegion": g }] }, "headers": {} }, v = {}, w = { "conditions": [{ [H]: d, [I]: [q, "aws-global"] }], [h]: u, [G]: h }, x = { [H]: c, [I]: [s, true] }, y = { [H]: c, [I]: [t, true] }, z = { [H]: l, [I]: [{ [J]: "PartitionResult" }, "supportsFIPS"] }, A = { [J]: "PartitionResult" }, B = { [H]: c, [I]: [true, { [H]: l, [I]: [A, "supportsDualStack"] }] }, C = [{ [H]: "isSet", [I]: [o] }], D = [x], E = [y]; -const _data = { version: "1.0", parameters: { Region: m, UseDualStack: n, UseFIPS: n, Endpoint: m, UseGlobalEndpoint: n }, rules: [{ conditions: [{ [H]: c, [I]: [{ [J]: "UseGlobalEndpoint" }, b] }, { [H]: "not", [I]: C }, p, r, { [H]: c, [I]: [s, a] }, { [H]: c, [I]: [t, a] }], rules: [{ conditions: [{ [H]: d, [I]: [q, "ap-northeast-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "ap-south-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "ap-southeast-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "ap-southeast-2"] }], endpoint: u, [G]: h }, w, { conditions: [{ [H]: d, [I]: [q, "ca-central-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-central-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-north-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-west-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-west-2"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-west-3"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "sa-east-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, g] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "us-east-2"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "us-west-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "us-west-2"] }], endpoint: u, [G]: h }, { endpoint: { url: i, properties: { authSchemes: [{ name: e, signingName: f, signingRegion: "{Region}" }] }, headers: v }, [G]: h }], [G]: j }, { conditions: C, rules: [{ conditions: D, error: "Invalid Configuration: FIPS and custom endpoint are not supported", [G]: k }, { conditions: E, error: "Invalid Configuration: Dualstack and custom endpoint are not supported", [G]: k }, { endpoint: { url: o, properties: v, headers: v }, [G]: h }], [G]: j }, { conditions: [p], rules: [{ conditions: [r], rules: [{ conditions: [x, y], rules: [{ conditions: [{ [H]: c, [I]: [b, z] }, B], rules: [{ endpoint: { url: "https://sts-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: v, headers: v }, [G]: h }], [G]: j }, { error: "FIPS and DualStack are enabled, but this partition does not support one or both", [G]: k }], [G]: j }, { conditions: D, rules: [{ conditions: [{ [H]: c, [I]: [z, b] }], rules: [{ conditions: [{ [H]: d, [I]: [{ [H]: l, [I]: [A, "name"] }, "aws-us-gov"] }], endpoint: { url: "https://sts.{Region}.amazonaws.com", properties: v, headers: v }, [G]: h }, { endpoint: { url: "https://sts-fips.{Region}.{PartitionResult#dnsSuffix}", properties: v, headers: v }, [G]: h }], [G]: j }, { error: "FIPS is enabled but this partition does not support FIPS", [G]: k }], [G]: j }, { conditions: E, rules: [{ conditions: [B], rules: [{ endpoint: { url: "https://sts.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: v, headers: v }, [G]: h }], [G]: j }, { error: "DualStack is enabled but this partition does not support DualStack", [G]: k }], [G]: j }, w, { endpoint: { url: i, properties: v, headers: v }, [G]: h }], [G]: j }], [G]: j }, { error: "Invalid Configuration: Missing Region", [G]: k }] }; -exports.ruleSet = _data; +exports.fromHttp = void 0; +var fromHttp_1 = __nccwpck_require__(6070); +Object.defineProperty(exports, "fromHttp", ({ enumerable: true, get: function () { return fromHttp_1.fromHttp; } })); /***/ }), -/***/ 3764: +/***/ 4203: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; +var __create = Object.create; var __defProp = Object.defineProperty; var __getOwnPropDesc = Object.getOwnPropertyDescriptor; var __getOwnPropNames = Object.getOwnPropertyNames; +var __getProtoOf = Object.getPrototypeOf; var __hasOwnProp = Object.prototype.hasOwnProperty; var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); var __export = (target, all) => { @@ -36764,1069 +45057,930 @@ var __copyProps = (to, from, except, desc) => { } return to; }; -var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default")); +var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps( + // If the importer is in node compatibility mode or this is not an ESM + // file that has been converted to a CommonJS file using a Babel- + // compatible transform (i.e. "__esModule" has not been set), then set + // "default" to the CommonJS "module.exports" for node compatibility. + isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target, + mod +)); var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -// src/submodules/sts/index.ts +// src/index.ts var index_exports = {}; __export(index_exports, { - AssumeRoleCommand: () => AssumeRoleCommand, - AssumeRoleResponseFilterSensitiveLog: () => AssumeRoleResponseFilterSensitiveLog, - AssumeRoleWithWebIdentityCommand: () => AssumeRoleWithWebIdentityCommand, - AssumeRoleWithWebIdentityRequestFilterSensitiveLog: () => AssumeRoleWithWebIdentityRequestFilterSensitiveLog, - AssumeRoleWithWebIdentityResponseFilterSensitiveLog: () => AssumeRoleWithWebIdentityResponseFilterSensitiveLog, - ClientInputEndpointParameters: () => import_EndpointParameters3.ClientInputEndpointParameters, - CredentialsFilterSensitiveLog: () => CredentialsFilterSensitiveLog, - ExpiredTokenException: () => ExpiredTokenException, - IDPCommunicationErrorException: () => IDPCommunicationErrorException, - IDPRejectedClaimException: () => IDPRejectedClaimException, - InvalidIdentityTokenException: () => InvalidIdentityTokenException, - MalformedPolicyDocumentException: () => MalformedPolicyDocumentException, - PackedPolicyTooLargeException: () => PackedPolicyTooLargeException, - RegionDisabledException: () => RegionDisabledException, - STS: () => STS, - STSServiceException: () => STSServiceException, - decorateDefaultCredentialProvider: () => decorateDefaultCredentialProvider, - getDefaultRoleAssumer: () => getDefaultRoleAssumer2, - getDefaultRoleAssumerWithWebIdentity: () => getDefaultRoleAssumerWithWebIdentity2 + fromIni: () => fromIni }); module.exports = __toCommonJS(index_exports); -__reExport(index_exports, __nccwpck_require__(6878), module.exports); - -// src/submodules/sts/STS.ts -var import_smithy_client6 = __nccwpck_require__(3570); -// src/submodules/sts/commands/AssumeRoleCommand.ts -var import_middleware_endpoint = __nccwpck_require__(2918); -var import_middleware_serde = __nccwpck_require__(1238); -var import_smithy_client4 = __nccwpck_require__(3570); -var import_EndpointParameters = __nccwpck_require__(981); +// src/fromIni.ts -// src/submodules/sts/models/models_0.ts -var import_smithy_client2 = __nccwpck_require__(3570); -// src/submodules/sts/models/STSServiceException.ts -var import_smithy_client = __nccwpck_require__(3570); -var STSServiceException = class _STSServiceException extends import_smithy_client.ServiceException { - static { - __name(this, "STSServiceException"); - } - /** - * @internal - */ - constructor(options) { - super(options); - Object.setPrototypeOf(this, _STSServiceException.prototype); - } -}; +// src/resolveProfileData.ts -// src/submodules/sts/models/models_0.ts -var CredentialsFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.SecretAccessKey && { SecretAccessKey: import_smithy_client2.SENSITIVE_STRING } -}), "CredentialsFilterSensitiveLog"); -var AssumeRoleResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) } -}), "AssumeRoleResponseFilterSensitiveLog"); -var ExpiredTokenException = class _ExpiredTokenException extends STSServiceException { - static { - __name(this, "ExpiredTokenException"); - } - name = "ExpiredTokenException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "ExpiredTokenException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _ExpiredTokenException.prototype); - } -}; -var MalformedPolicyDocumentException = class _MalformedPolicyDocumentException extends STSServiceException { - static { - __name(this, "MalformedPolicyDocumentException"); - } - name = "MalformedPolicyDocumentException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "MalformedPolicyDocumentException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _MalformedPolicyDocumentException.prototype); - } -}; -var PackedPolicyTooLargeException = class _PackedPolicyTooLargeException extends STSServiceException { - static { - __name(this, "PackedPolicyTooLargeException"); - } - name = "PackedPolicyTooLargeException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "PackedPolicyTooLargeException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _PackedPolicyTooLargeException.prototype); - } -}; -var RegionDisabledException = class _RegionDisabledException extends STSServiceException { - static { - __name(this, "RegionDisabledException"); - } - name = "RegionDisabledException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "RegionDisabledException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _RegionDisabledException.prototype); - } -}; -var IDPRejectedClaimException = class _IDPRejectedClaimException extends STSServiceException { - static { - __name(this, "IDPRejectedClaimException"); - } - name = "IDPRejectedClaimException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "IDPRejectedClaimException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _IDPRejectedClaimException.prototype); - } -}; -var InvalidIdentityTokenException = class _InvalidIdentityTokenException extends STSServiceException { - static { - __name(this, "InvalidIdentityTokenException"); - } - name = "InvalidIdentityTokenException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "InvalidIdentityTokenException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _InvalidIdentityTokenException.prototype); - } -}; -var AssumeRoleWithWebIdentityRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.WebIdentityToken && { WebIdentityToken: import_smithy_client2.SENSITIVE_STRING } -}), "AssumeRoleWithWebIdentityRequestFilterSensitiveLog"); -var AssumeRoleWithWebIdentityResponseFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({ - ...obj, - ...obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) } -}), "AssumeRoleWithWebIdentityResponseFilterSensitiveLog"); -var IDPCommunicationErrorException = class _IDPCommunicationErrorException extends STSServiceException { - static { - __name(this, "IDPCommunicationErrorException"); - } - name = "IDPCommunicationErrorException"; - $fault = "client"; - /** - * @internal - */ - constructor(opts) { - super({ - name: "IDPCommunicationErrorException", - $fault: "client", - ...opts - }); - Object.setPrototypeOf(this, _IDPCommunicationErrorException.prototype); - } -}; -// src/submodules/sts/protocols/Aws_query.ts -var import_core = __nccwpck_require__(2143); -var import_protocol_http = __nccwpck_require__(4418); -var import_smithy_client3 = __nccwpck_require__(3570); -var se_AssumeRoleCommand = /* @__PURE__ */ __name(async (input, context) => { - const headers = SHARED_HEADERS; - let body; - body = buildFormUrlencodedString({ - ...se_AssumeRoleRequest(input, context), - [_A]: _AR, - [_V]: _ - }); - return buildHttpRpcRequest(context, headers, "/", void 0, body); -}, "se_AssumeRoleCommand"); -var se_AssumeRoleWithWebIdentityCommand = /* @__PURE__ */ __name(async (input, context) => { - const headers = SHARED_HEADERS; - let body; - body = buildFormUrlencodedString({ - ...se_AssumeRoleWithWebIdentityRequest(input, context), - [_A]: _ARWWI, - [_V]: _ - }); - return buildHttpRpcRequest(context, headers, "/", void 0, body); -}, "se_AssumeRoleWithWebIdentityCommand"); -var de_AssumeRoleCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode >= 300) { - return de_CommandError(output, context); - } - const data = await (0, import_core.parseXmlBody)(output.body, context); - let contents = {}; - contents = de_AssumeRoleResponse(data.AssumeRoleResult, context); - const response = { - $metadata: deserializeMetadata(output), - ...contents - }; - return response; -}, "de_AssumeRoleCommand"); -var de_AssumeRoleWithWebIdentityCommand = /* @__PURE__ */ __name(async (output, context) => { - if (output.statusCode >= 300) { - return de_CommandError(output, context); - } - const data = await (0, import_core.parseXmlBody)(output.body, context); - let contents = {}; - contents = de_AssumeRoleWithWebIdentityResponse(data.AssumeRoleWithWebIdentityResult, context); - const response = { - $metadata: deserializeMetadata(output), - ...contents - }; - return response; -}, "de_AssumeRoleWithWebIdentityCommand"); -var de_CommandError = /* @__PURE__ */ __name(async (output, context) => { - const parsedOutput = { - ...output, - body: await (0, import_core.parseXmlErrorBody)(output.body, context) - }; - const errorCode = loadQueryErrorCode(output, parsedOutput.body); - switch (errorCode) { - case "ExpiredTokenException": - case "com.amazonaws.sts#ExpiredTokenException": - throw await de_ExpiredTokenExceptionRes(parsedOutput, context); - case "MalformedPolicyDocument": - case "com.amazonaws.sts#MalformedPolicyDocumentException": - throw await de_MalformedPolicyDocumentExceptionRes(parsedOutput, context); - case "PackedPolicyTooLarge": - case "com.amazonaws.sts#PackedPolicyTooLargeException": - throw await de_PackedPolicyTooLargeExceptionRes(parsedOutput, context); - case "RegionDisabledException": - case "com.amazonaws.sts#RegionDisabledException": - throw await de_RegionDisabledExceptionRes(parsedOutput, context); - case "IDPCommunicationError": - case "com.amazonaws.sts#IDPCommunicationErrorException": - throw await de_IDPCommunicationErrorExceptionRes(parsedOutput, context); - case "IDPRejectedClaim": - case "com.amazonaws.sts#IDPRejectedClaimException": - throw await de_IDPRejectedClaimExceptionRes(parsedOutput, context); - case "InvalidIdentityToken": - case "com.amazonaws.sts#InvalidIdentityTokenException": - throw await de_InvalidIdentityTokenExceptionRes(parsedOutput, context); - default: - const parsedBody = parsedOutput.body; - return throwDefaultError({ - output, - parsedBody: parsedBody.Error, - errorCode - }); - } -}, "de_CommandError"); -var de_ExpiredTokenExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_ExpiredTokenException(body.Error, context); - const exception = new ExpiredTokenException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client3.decorateServiceException)(exception, body); -}, "de_ExpiredTokenExceptionRes"); -var de_IDPCommunicationErrorExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_IDPCommunicationErrorException(body.Error, context); - const exception = new IDPCommunicationErrorException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client3.decorateServiceException)(exception, body); -}, "de_IDPCommunicationErrorExceptionRes"); -var de_IDPRejectedClaimExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_IDPRejectedClaimException(body.Error, context); - const exception = new IDPRejectedClaimException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client3.decorateServiceException)(exception, body); -}, "de_IDPRejectedClaimExceptionRes"); -var de_InvalidIdentityTokenExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_InvalidIdentityTokenException(body.Error, context); - const exception = new InvalidIdentityTokenException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client3.decorateServiceException)(exception, body); -}, "de_InvalidIdentityTokenExceptionRes"); -var de_MalformedPolicyDocumentExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_MalformedPolicyDocumentException(body.Error, context); - const exception = new MalformedPolicyDocumentException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client3.decorateServiceException)(exception, body); -}, "de_MalformedPolicyDocumentExceptionRes"); -var de_PackedPolicyTooLargeExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_PackedPolicyTooLargeException(body.Error, context); - const exception = new PackedPolicyTooLargeException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client3.decorateServiceException)(exception, body); -}, "de_PackedPolicyTooLargeExceptionRes"); -var de_RegionDisabledExceptionRes = /* @__PURE__ */ __name(async (parsedOutput, context) => { - const body = parsedOutput.body; - const deserialized = de_RegionDisabledException(body.Error, context); - const exception = new RegionDisabledException({ - $metadata: deserializeMetadata(parsedOutput), - ...deserialized - }); - return (0, import_smithy_client3.decorateServiceException)(exception, body); -}, "de_RegionDisabledExceptionRes"); -var se_AssumeRoleRequest = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_RA] != null) { - entries[_RA] = input[_RA]; - } - if (input[_RSN] != null) { - entries[_RSN] = input[_RSN]; - } - if (input[_PA] != null) { - const memberEntries = se_policyDescriptorListType(input[_PA], context); - if (input[_PA]?.length === 0) { - entries.PolicyArns = []; - } - Object.entries(memberEntries).forEach(([key, value]) => { - const loc = `PolicyArns.${key}`; - entries[loc] = value; - }); - } - if (input[_P] != null) { - entries[_P] = input[_P]; - } - if (input[_DS] != null) { - entries[_DS] = input[_DS]; - } - if (input[_T] != null) { - const memberEntries = se_tagListType(input[_T], context); - if (input[_T]?.length === 0) { - entries.Tags = []; - } - Object.entries(memberEntries).forEach(([key, value]) => { - const loc = `Tags.${key}`; - entries[loc] = value; - }); - } - if (input[_TTK] != null) { - const memberEntries = se_tagKeyListType(input[_TTK], context); - if (input[_TTK]?.length === 0) { - entries.TransitiveTagKeys = []; - } - Object.entries(memberEntries).forEach(([key, value]) => { - const loc = `TransitiveTagKeys.${key}`; - entries[loc] = value; - }); - } - if (input[_EI] != null) { - entries[_EI] = input[_EI]; - } - if (input[_SN] != null) { - entries[_SN] = input[_SN]; - } - if (input[_TC] != null) { - entries[_TC] = input[_TC]; - } - if (input[_SI] != null) { - entries[_SI] = input[_SI]; - } - if (input[_PC] != null) { - const memberEntries = se_ProvidedContextsListType(input[_PC], context); - if (input[_PC]?.length === 0) { - entries.ProvidedContexts = []; - } - Object.entries(memberEntries).forEach(([key, value]) => { - const loc = `ProvidedContexts.${key}`; - entries[loc] = value; - }); - } - return entries; -}, "se_AssumeRoleRequest"); -var se_AssumeRoleWithWebIdentityRequest = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_RA] != null) { - entries[_RA] = input[_RA]; - } - if (input[_RSN] != null) { - entries[_RSN] = input[_RSN]; - } - if (input[_WIT] != null) { - entries[_WIT] = input[_WIT]; - } - if (input[_PI] != null) { - entries[_PI] = input[_PI]; - } - if (input[_PA] != null) { - const memberEntries = se_policyDescriptorListType(input[_PA], context); - if (input[_PA]?.length === 0) { - entries.PolicyArns = []; - } - Object.entries(memberEntries).forEach(([key, value]) => { - const loc = `PolicyArns.${key}`; - entries[loc] = value; - }); - } - if (input[_P] != null) { - entries[_P] = input[_P]; - } - if (input[_DS] != null) { - entries[_DS] = input[_DS]; - } - return entries; -}, "se_AssumeRoleWithWebIdentityRequest"); -var se_policyDescriptorListType = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - let counter = 1; - for (const entry of input) { - if (entry === null) { - continue; - } - const memberEntries = se_PolicyDescriptorType(entry, context); - Object.entries(memberEntries).forEach(([key, value]) => { - entries[`member.${counter}.${key}`] = value; - }); - counter++; - } - return entries; -}, "se_policyDescriptorListType"); -var se_PolicyDescriptorType = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_a] != null) { - entries[_a] = input[_a]; - } - return entries; -}, "se_PolicyDescriptorType"); -var se_ProvidedContext = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_PAr] != null) { - entries[_PAr] = input[_PAr]; +// src/resolveAssumeRoleCredentials.ts + + +var import_shared_ini_file_loader = __nccwpck_require__(3507); + +// src/resolveCredentialSource.ts +var import_client = __nccwpck_require__(2825); +var import_property_provider = __nccwpck_require__(9721); +var resolveCredentialSource = /* @__PURE__ */ __name((credentialSource, profileName, logger) => { + const sourceProvidersMap = { + EcsContainer: /* @__PURE__ */ __name(async (options) => { + const { fromHttp } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(7290))); + const { fromContainerMetadata } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(7477))); + logger?.debug("@aws-sdk/credential-provider-ini - credential_source is EcsContainer"); + return async () => (0, import_property_provider.chain)(fromHttp(options ?? {}), fromContainerMetadata(options))().then(setNamedProvider); + }, "EcsContainer"), + Ec2InstanceMetadata: /* @__PURE__ */ __name(async (options) => { + logger?.debug("@aws-sdk/credential-provider-ini - credential_source is Ec2InstanceMetadata"); + const { fromInstanceMetadata } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(7477))); + return async () => fromInstanceMetadata(options)().then(setNamedProvider); + }, "Ec2InstanceMetadata"), + Environment: /* @__PURE__ */ __name(async (options) => { + logger?.debug("@aws-sdk/credential-provider-ini - credential_source is Environment"); + const { fromEnv } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(5972))); + return async () => fromEnv(options)().then(setNamedProvider); + }, "Environment") + }; + if (credentialSource in sourceProvidersMap) { + return sourceProvidersMap[credentialSource]; + } else { + throw new import_property_provider.CredentialsProviderError( + `Unsupported credential source in profile ${profileName}. Got ${credentialSource}, expected EcsContainer or Ec2InstanceMetadata or Environment.`, + { logger } + ); } - if (input[_CA] != null) { - entries[_CA] = input[_CA]; +}, "resolveCredentialSource"); +var setNamedProvider = /* @__PURE__ */ __name((creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_NAMED_PROVIDER", "p"), "setNamedProvider"); + +// src/resolveAssumeRoleCredentials.ts +var isAssumeRoleProfile = /* @__PURE__ */ __name((arg, { profile = "default", logger } = {}) => { + return Boolean(arg) && typeof arg === "object" && typeof arg.role_arn === "string" && ["undefined", "string"].indexOf(typeof arg.role_session_name) > -1 && ["undefined", "string"].indexOf(typeof arg.external_id) > -1 && ["undefined", "string"].indexOf(typeof arg.mfa_serial) > -1 && (isAssumeRoleWithSourceProfile(arg, { profile, logger }) || isCredentialSourceProfile(arg, { profile, logger })); +}, "isAssumeRoleProfile"); +var isAssumeRoleWithSourceProfile = /* @__PURE__ */ __name((arg, { profile, logger }) => { + const withSourceProfile = typeof arg.source_profile === "string" && typeof arg.credential_source === "undefined"; + if (withSourceProfile) { + logger?.debug?.(` ${profile} isAssumeRoleWithSourceProfile source_profile=${arg.source_profile}`); } - return entries; -}, "se_ProvidedContext"); -var se_ProvidedContextsListType = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - let counter = 1; - for (const entry of input) { - if (entry === null) { - continue; - } - const memberEntries = se_ProvidedContext(entry, context); - Object.entries(memberEntries).forEach(([key, value]) => { - entries[`member.${counter}.${key}`] = value; - }); - counter++; + return withSourceProfile; +}, "isAssumeRoleWithSourceProfile"); +var isCredentialSourceProfile = /* @__PURE__ */ __name((arg, { profile, logger }) => { + const withProviderProfile = typeof arg.credential_source === "string" && typeof arg.source_profile === "undefined"; + if (withProviderProfile) { + logger?.debug?.(` ${profile} isCredentialSourceProfile credential_source=${arg.credential_source}`); } - return entries; -}, "se_ProvidedContextsListType"); -var se_Tag = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - if (input[_K] != null) { - entries[_K] = input[_K]; + return withProviderProfile; +}, "isCredentialSourceProfile"); +var resolveAssumeRoleCredentials = /* @__PURE__ */ __name(async (profileName, profiles, options, visitedProfiles = {}) => { + options.logger?.debug("@aws-sdk/credential-provider-ini - resolveAssumeRoleCredentials (STS)"); + const profileData = profiles[profileName]; + const { source_profile, region } = profileData; + if (!options.roleAssumer) { + const { getDefaultRoleAssumer } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(2273))); + options.roleAssumer = getDefaultRoleAssumer( + { + ...options.clientConfig, + credentialProviderLogger: options.logger, + parentClientConfig: { + ...options?.parentClientConfig, + region: region ?? options?.parentClientConfig?.region + } + }, + options.clientPlugins + ); } - if (input[_Va] != null) { - entries[_Va] = input[_Va]; + if (source_profile && source_profile in visitedProfiles) { + throw new import_property_provider.CredentialsProviderError( + `Detected a cycle attempting to resolve credentials for profile ${(0, import_shared_ini_file_loader.getProfileName)(options)}. Profiles visited: ` + Object.keys(visitedProfiles).join(", "), + { logger: options.logger } + ); } - return entries; -}, "se_Tag"); -var se_tagKeyListType = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - let counter = 1; - for (const entry of input) { - if (entry === null) { - continue; + options.logger?.debug( + `@aws-sdk/credential-provider-ini - finding credential resolver using ${source_profile ? `source_profile=[${source_profile}]` : `profile=[${profileName}]`}` + ); + const sourceCredsProvider = source_profile ? resolveProfileData( + source_profile, + profiles, + options, + { + ...visitedProfiles, + [source_profile]: true + }, + isCredentialSourceWithoutRoleArn(profiles[source_profile] ?? {}) + ) : (await resolveCredentialSource(profileData.credential_source, profileName, options.logger)(options))(); + if (isCredentialSourceWithoutRoleArn(profileData)) { + return sourceCredsProvider.then((creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_SOURCE_PROFILE", "o")); + } else { + const params = { + RoleArn: profileData.role_arn, + RoleSessionName: profileData.role_session_name || `aws-sdk-js-${Date.now()}`, + ExternalId: profileData.external_id, + DurationSeconds: parseInt(profileData.duration_seconds || "3600", 10) + }; + const { mfa_serial } = profileData; + if (mfa_serial) { + if (!options.mfaCodeProvider) { + throw new import_property_provider.CredentialsProviderError( + `Profile ${profileName} requires multi-factor authentication, but no MFA code callback was provided.`, + { logger: options.logger, tryNextLink: false } + ); + } + params.SerialNumber = mfa_serial; + params.TokenCode = await options.mfaCodeProvider(mfa_serial); } - entries[`member.${counter}`] = entry; - counter++; + const sourceCreds = await sourceCredsProvider; + return options.roleAssumer(sourceCreds, params).then( + (creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_SOURCE_PROFILE", "o") + ); } - return entries; -}, "se_tagKeyListType"); -var se_tagListType = /* @__PURE__ */ __name((input, context) => { - const entries = {}; - let counter = 1; - for (const entry of input) { - if (entry === null) { - continue; +}, "resolveAssumeRoleCredentials"); +var isCredentialSourceWithoutRoleArn = /* @__PURE__ */ __name((section) => { + return !section.role_arn && !!section.credential_source; +}, "isCredentialSourceWithoutRoleArn"); + +// src/resolveProcessCredentials.ts + +var isProcessProfile = /* @__PURE__ */ __name((arg) => Boolean(arg) && typeof arg === "object" && typeof arg.credential_process === "string", "isProcessProfile"); +var resolveProcessCredentials = /* @__PURE__ */ __name(async (options, profile) => Promise.resolve().then(() => __toESM(__nccwpck_require__(9969))).then( + ({ fromProcess }) => fromProcess({ + ...options, + profile + })().then((creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_PROCESS", "v")) +), "resolveProcessCredentials"); + +// src/resolveSsoCredentials.ts + +var resolveSsoCredentials = /* @__PURE__ */ __name(async (profile, profileData, options = {}) => { + const { fromSSO } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(6414))); + return fromSSO({ + profile, + logger: options.logger, + parentClientConfig: options.parentClientConfig, + clientConfig: options.clientConfig + })().then((creds) => { + if (profileData.sso_session) { + return (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_SSO", "r"); + } else { + return (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_SSO_LEGACY", "t"); } - const memberEntries = se_Tag(entry, context); - Object.entries(memberEntries).forEach(([key, value]) => { - entries[`member.${counter}.${key}`] = value; - }); - counter++; - } - return entries; -}, "se_tagListType"); -var de_AssumedRoleUser = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_ARI] != null) { - contents[_ARI] = (0, import_smithy_client3.expectString)(output[_ARI]); - } - if (output[_Ar] != null) { - contents[_Ar] = (0, import_smithy_client3.expectString)(output[_Ar]); - } - return contents; -}, "de_AssumedRoleUser"); -var de_AssumeRoleResponse = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_C] != null) { - contents[_C] = de_Credentials(output[_C], context); - } - if (output[_ARU] != null) { - contents[_ARU] = de_AssumedRoleUser(output[_ARU], context); - } - if (output[_PPS] != null) { - contents[_PPS] = (0, import_smithy_client3.strictParseInt32)(output[_PPS]); - } - if (output[_SI] != null) { - contents[_SI] = (0, import_smithy_client3.expectString)(output[_SI]); - } - return contents; -}, "de_AssumeRoleResponse"); -var de_AssumeRoleWithWebIdentityResponse = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_C] != null) { - contents[_C] = de_Credentials(output[_C], context); - } - if (output[_SFWIT] != null) { - contents[_SFWIT] = (0, import_smithy_client3.expectString)(output[_SFWIT]); - } - if (output[_ARU] != null) { - contents[_ARU] = de_AssumedRoleUser(output[_ARU], context); - } - if (output[_PPS] != null) { - contents[_PPS] = (0, import_smithy_client3.strictParseInt32)(output[_PPS]); - } - if (output[_Pr] != null) { - contents[_Pr] = (0, import_smithy_client3.expectString)(output[_Pr]); + }); +}, "resolveSsoCredentials"); +var isSsoProfile = /* @__PURE__ */ __name((arg) => arg && (typeof arg.sso_start_url === "string" || typeof arg.sso_account_id === "string" || typeof arg.sso_session === "string" || typeof arg.sso_region === "string" || typeof arg.sso_role_name === "string"), "isSsoProfile"); + +// src/resolveStaticCredentials.ts + +var isStaticCredsProfile = /* @__PURE__ */ __name((arg) => Boolean(arg) && typeof arg === "object" && typeof arg.aws_access_key_id === "string" && typeof arg.aws_secret_access_key === "string" && ["undefined", "string"].indexOf(typeof arg.aws_session_token) > -1 && ["undefined", "string"].indexOf(typeof arg.aws_account_id) > -1, "isStaticCredsProfile"); +var resolveStaticCredentials = /* @__PURE__ */ __name(async (profile, options) => { + options?.logger?.debug("@aws-sdk/credential-provider-ini - resolveStaticCredentials"); + const credentials = { + accessKeyId: profile.aws_access_key_id, + secretAccessKey: profile.aws_secret_access_key, + sessionToken: profile.aws_session_token, + ...profile.aws_credential_scope && { credentialScope: profile.aws_credential_scope }, + ...profile.aws_account_id && { accountId: profile.aws_account_id } + }; + return (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_PROFILE", "n"); +}, "resolveStaticCredentials"); + +// src/resolveWebIdentityCredentials.ts + +var isWebIdentityProfile = /* @__PURE__ */ __name((arg) => Boolean(arg) && typeof arg === "object" && typeof arg.web_identity_token_file === "string" && typeof arg.role_arn === "string" && ["undefined", "string"].indexOf(typeof arg.role_session_name) > -1, "isWebIdentityProfile"); +var resolveWebIdentityCredentials = /* @__PURE__ */ __name(async (profile, options) => Promise.resolve().then(() => __toESM(__nccwpck_require__(5646))).then( + ({ fromTokenFile }) => fromTokenFile({ + webIdentityTokenFile: profile.web_identity_token_file, + roleArn: profile.role_arn, + roleSessionName: profile.role_session_name, + roleAssumerWithWebIdentity: options.roleAssumerWithWebIdentity, + logger: options.logger, + parentClientConfig: options.parentClientConfig + })().then((creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_STS_WEB_ID_TOKEN", "q")) +), "resolveWebIdentityCredentials"); + +// src/resolveProfileData.ts +var resolveProfileData = /* @__PURE__ */ __name(async (profileName, profiles, options, visitedProfiles = {}, isAssumeRoleRecursiveCall = false) => { + const data = profiles[profileName]; + if (Object.keys(visitedProfiles).length > 0 && isStaticCredsProfile(data)) { + return resolveStaticCredentials(data, options); } - if (output[_Au] != null) { - contents[_Au] = (0, import_smithy_client3.expectString)(output[_Au]); + if (isAssumeRoleRecursiveCall || isAssumeRoleProfile(data, { profile: profileName, logger: options.logger })) { + return resolveAssumeRoleCredentials(profileName, profiles, options, visitedProfiles); } - if (output[_SI] != null) { - contents[_SI] = (0, import_smithy_client3.expectString)(output[_SI]); + if (isStaticCredsProfile(data)) { + return resolveStaticCredentials(data, options); } - return contents; -}, "de_AssumeRoleWithWebIdentityResponse"); -var de_Credentials = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_AKI] != null) { - contents[_AKI] = (0, import_smithy_client3.expectString)(output[_AKI]); + if (isWebIdentityProfile(data)) { + return resolveWebIdentityCredentials(data, options); } - if (output[_SAK] != null) { - contents[_SAK] = (0, import_smithy_client3.expectString)(output[_SAK]); + if (isProcessProfile(data)) { + return resolveProcessCredentials(options, profileName); } - if (output[_ST] != null) { - contents[_ST] = (0, import_smithy_client3.expectString)(output[_ST]); + if (isSsoProfile(data)) { + return await resolveSsoCredentials(profileName, data, options); } - if (output[_E] != null) { - contents[_E] = (0, import_smithy_client3.expectNonNull)((0, import_smithy_client3.parseRfc3339DateTimeWithOffset)(output[_E])); + throw new import_property_provider.CredentialsProviderError( + `Could not resolve credentials using profile: [${profileName}] in configuration/credentials file(s).`, + { logger: options.logger } + ); +}, "resolveProfileData"); + +// src/fromIni.ts +var fromIni = /* @__PURE__ */ __name((_init = {}) => async ({ callerClientConfig } = {}) => { + const init = { + ..._init, + parentClientConfig: { + ...callerClientConfig, + ..._init.parentClientConfig + } + }; + init.logger?.debug("@aws-sdk/credential-provider-ini - fromIni"); + const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init); + return resolveProfileData( + (0, import_shared_ini_file_loader.getProfileName)({ + profile: _init.profile ?? callerClientConfig?.profile + }), + profiles, + init + ); +}, "fromIni"); +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); + + + +/***/ }), + +/***/ 5531: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +"use strict"; + +var __create = Object.create; +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __getProtoOf = Object.getPrototypeOf; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } - return contents; -}, "de_Credentials"); -var de_ExpiredTokenException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); + return to; +}; +var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps( + // If the importer is in node compatibility mode or this is not an ESM + // file that has been converted to a CommonJS file using a Babel- + // compatible transform (i.e. "__esModule" has not been set), then set + // "default" to the CommonJS "module.exports" for node compatibility. + isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target, + mod +)); +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/index.ts +var index_exports = {}; +__export(index_exports, { + credentialsTreatedAsExpired: () => credentialsTreatedAsExpired, + credentialsWillNeedRefresh: () => credentialsWillNeedRefresh, + defaultProvider: () => defaultProvider +}); +module.exports = __toCommonJS(index_exports); + +// src/defaultProvider.ts +var import_credential_provider_env = __nccwpck_require__(5972); + +var import_shared_ini_file_loader = __nccwpck_require__(3507); + +// src/remoteProvider.ts +var import_property_provider = __nccwpck_require__(9721); +var ENV_IMDS_DISABLED = "AWS_EC2_METADATA_DISABLED"; +var remoteProvider = /* @__PURE__ */ __name(async (init) => { + const { ENV_CMDS_FULL_URI, ENV_CMDS_RELATIVE_URI, fromContainerMetadata, fromInstanceMetadata } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(7477))); + if (process.env[ENV_CMDS_RELATIVE_URI] || process.env[ENV_CMDS_FULL_URI]) { + init.logger?.debug("@aws-sdk/credential-provider-node - remoteProvider::fromHttp/fromContainerMetadata"); + const { fromHttp } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(7290))); + return (0, import_property_provider.chain)(fromHttp(init), fromContainerMetadata(init)); } - return contents; -}, "de_ExpiredTokenException"); -var de_IDPCommunicationErrorException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); + if (process.env[ENV_IMDS_DISABLED] && process.env[ENV_IMDS_DISABLED] !== "false") { + return async () => { + throw new import_property_provider.CredentialsProviderError("EC2 Instance Metadata Service access disabled", { logger: init.logger }); + }; } - return contents; -}, "de_IDPCommunicationErrorException"); -var de_IDPRejectedClaimException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); + init.logger?.debug("@aws-sdk/credential-provider-node - remoteProvider::fromInstanceMetadata"); + return fromInstanceMetadata(init); +}, "remoteProvider"); + +// src/defaultProvider.ts +var multipleCredentialSourceWarningEmitted = false; +var defaultProvider = /* @__PURE__ */ __name((init = {}) => (0, import_property_provider.memoize)( + (0, import_property_provider.chain)( + async () => { + const profile = init.profile ?? process.env[import_shared_ini_file_loader.ENV_PROFILE]; + if (profile) { + const envStaticCredentialsAreSet = process.env[import_credential_provider_env.ENV_KEY] && process.env[import_credential_provider_env.ENV_SECRET]; + if (envStaticCredentialsAreSet) { + if (!multipleCredentialSourceWarningEmitted) { + const warnFn = init.logger?.warn && init.logger?.constructor?.name !== "NoOpLogger" ? init.logger.warn : console.warn; + warnFn( + `@aws-sdk/credential-provider-node - defaultProvider::fromEnv WARNING: + Multiple credential sources detected: + Both AWS_PROFILE and the pair AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY static credentials are set. + This SDK will proceed with the AWS_PROFILE value. + + However, a future version may change this behavior to prefer the ENV static credentials. + Please ensure that your environment only sets either the AWS_PROFILE or the + AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY pair. +` + ); + multipleCredentialSourceWarningEmitted = true; + } + } + throw new import_property_provider.CredentialsProviderError("AWS_PROFILE is set, skipping fromEnv provider.", { + logger: init.logger, + tryNextLink: true + }); + } + init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromEnv"); + return (0, import_credential_provider_env.fromEnv)(init)(); + }, + async () => { + init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromSSO"); + const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoSession } = init; + if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName && !ssoSession) { + throw new import_property_provider.CredentialsProviderError( + "Skipping SSO provider in default chain (inputs do not include SSO fields).", + { logger: init.logger } + ); + } + const { fromSSO } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(6414))); + return fromSSO(init)(); + }, + async () => { + init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromIni"); + const { fromIni } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(4203))); + return fromIni(init)(); + }, + async () => { + init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromProcess"); + const { fromProcess } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(9969))); + return fromProcess(init)(); + }, + async () => { + init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromTokenFile"); + const { fromTokenFile } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(5646))); + return fromTokenFile(init)(); + }, + async () => { + init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::remoteProvider"); + return (await remoteProvider(init))(); + }, + async () => { + throw new import_property_provider.CredentialsProviderError("Could not load credentials from any providers", { + tryNextLink: false, + logger: init.logger + }); + } + ), + credentialsTreatedAsExpired, + credentialsWillNeedRefresh +), "defaultProvider"); +var credentialsWillNeedRefresh = /* @__PURE__ */ __name((credentials) => credentials?.expiration !== void 0, "credentialsWillNeedRefresh"); +var credentialsTreatedAsExpired = /* @__PURE__ */ __name((credentials) => credentials?.expiration !== void 0 && credentials.expiration.getTime() - Date.now() < 3e5, "credentialsTreatedAsExpired"); +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); + + + +/***/ }), + +/***/ 9969: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +"use strict"; + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } - return contents; -}, "de_IDPRejectedClaimException"); -var de_InvalidIdentityTokenException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); + return to; +}; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/index.ts +var index_exports = {}; +__export(index_exports, { + fromProcess: () => fromProcess +}); +module.exports = __toCommonJS(index_exports); + +// src/fromProcess.ts +var import_shared_ini_file_loader = __nccwpck_require__(3507); + +// src/resolveProcessCredentials.ts +var import_property_provider = __nccwpck_require__(9721); +var import_child_process = __nccwpck_require__(2081); +var import_util = __nccwpck_require__(3837); + +// src/getValidatedProcessCredentials.ts +var import_client = __nccwpck_require__(2825); +var getValidatedProcessCredentials = /* @__PURE__ */ __name((profileName, data, profiles) => { + if (data.Version !== 1) { + throw Error(`Profile ${profileName} credential_process did not return Version 1.`); } - return contents; -}, "de_InvalidIdentityTokenException"); -var de_MalformedPolicyDocumentException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); + if (data.AccessKeyId === void 0 || data.SecretAccessKey === void 0) { + throw Error(`Profile ${profileName} credential_process returned invalid credentials.`); } - return contents; -}, "de_MalformedPolicyDocumentException"); -var de_PackedPolicyTooLargeException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); + if (data.Expiration) { + const currentTime = /* @__PURE__ */ new Date(); + const expireTime = new Date(data.Expiration); + if (expireTime < currentTime) { + throw Error(`Profile ${profileName} credential_process returned expired credentials.`); + } } - return contents; -}, "de_PackedPolicyTooLargeException"); -var de_RegionDisabledException = /* @__PURE__ */ __name((output, context) => { - const contents = {}; - if (output[_m] != null) { - contents[_m] = (0, import_smithy_client3.expectString)(output[_m]); + let accountId = data.AccountId; + if (!accountId && profiles?.[profileName]?.aws_account_id) { + accountId = profiles[profileName].aws_account_id; } - return contents; -}, "de_RegionDisabledException"); -var deserializeMetadata = /* @__PURE__ */ __name((output) => ({ - httpStatusCode: output.statusCode, - requestId: output.headers["x-amzn-requestid"] ?? output.headers["x-amzn-request-id"] ?? output.headers["x-amz-request-id"], - extendedRequestId: output.headers["x-amz-id-2"], - cfId: output.headers["x-amz-cf-id"] -}), "deserializeMetadata"); -var throwDefaultError = (0, import_smithy_client3.withBaseException)(STSServiceException); -var buildHttpRpcRequest = /* @__PURE__ */ __name(async (context, headers, path, resolvedHostname, body) => { - const { hostname, protocol = "https", port, path: basePath } = await context.endpoint(); - const contents = { - protocol, - hostname, - port, - method: "POST", - path: basePath.endsWith("/") ? basePath.slice(0, -1) + path : basePath + path, - headers + const credentials = { + accessKeyId: data.AccessKeyId, + secretAccessKey: data.SecretAccessKey, + ...data.SessionToken && { sessionToken: data.SessionToken }, + ...data.Expiration && { expiration: new Date(data.Expiration) }, + ...data.CredentialScope && { credentialScope: data.CredentialScope }, + ...accountId && { accountId } }; - if (resolvedHostname !== void 0) { - contents.hostname = resolvedHostname; - } - if (body !== void 0) { - contents.body = body; - } - return new import_protocol_http.HttpRequest(contents); -}, "buildHttpRpcRequest"); -var SHARED_HEADERS = { - "content-type": "application/x-www-form-urlencoded" -}; -var _ = "2011-06-15"; -var _A = "Action"; -var _AKI = "AccessKeyId"; -var _AR = "AssumeRole"; -var _ARI = "AssumedRoleId"; -var _ARU = "AssumedRoleUser"; -var _ARWWI = "AssumeRoleWithWebIdentity"; -var _Ar = "Arn"; -var _Au = "Audience"; -var _C = "Credentials"; -var _CA = "ContextAssertion"; -var _DS = "DurationSeconds"; -var _E = "Expiration"; -var _EI = "ExternalId"; -var _K = "Key"; -var _P = "Policy"; -var _PA = "PolicyArns"; -var _PAr = "ProviderArn"; -var _PC = "ProvidedContexts"; -var _PI = "ProviderId"; -var _PPS = "PackedPolicySize"; -var _Pr = "Provider"; -var _RA = "RoleArn"; -var _RSN = "RoleSessionName"; -var _SAK = "SecretAccessKey"; -var _SFWIT = "SubjectFromWebIdentityToken"; -var _SI = "SourceIdentity"; -var _SN = "SerialNumber"; -var _ST = "SessionToken"; -var _T = "Tags"; -var _TC = "TokenCode"; -var _TTK = "TransitiveTagKeys"; -var _V = "Version"; -var _Va = "Value"; -var _WIT = "WebIdentityToken"; -var _a = "arn"; -var _m = "message"; -var buildFormUrlencodedString = /* @__PURE__ */ __name((formEntries) => Object.entries(formEntries).map(([key, value]) => (0, import_smithy_client3.extendedEncodeURIComponent)(key) + "=" + (0, import_smithy_client3.extendedEncodeURIComponent)(value)).join("&"), "buildFormUrlencodedString"); -var loadQueryErrorCode = /* @__PURE__ */ __name((output, data) => { - if (data.Error?.Code !== void 0) { - return data.Error.Code; - } - if (output.statusCode == 404) { - return "NotFound"; - } -}, "loadQueryErrorCode"); + (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_PROCESS", "w"); + return credentials; +}, "getValidatedProcessCredentials"); -// src/submodules/sts/commands/AssumeRoleCommand.ts -var AssumeRoleCommand = class extends import_smithy_client4.Command.classBuilder().ep(import_EndpointParameters.commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("AWSSecurityTokenServiceV20110615", "AssumeRole", {}).n("STSClient", "AssumeRoleCommand").f(void 0, AssumeRoleResponseFilterSensitiveLog).ser(se_AssumeRoleCommand).de(de_AssumeRoleCommand).build() { - static { - __name(this, "AssumeRoleCommand"); +// src/resolveProcessCredentials.ts +var resolveProcessCredentials = /* @__PURE__ */ __name(async (profileName, profiles, logger) => { + const profile = profiles[profileName]; + if (profiles[profileName]) { + const credentialProcess = profile["credential_process"]; + if (credentialProcess !== void 0) { + const execPromise = (0, import_util.promisify)(import_child_process.exec); + try { + const { stdout } = await execPromise(credentialProcess); + let data; + try { + data = JSON.parse(stdout.trim()); + } catch { + throw Error(`Profile ${profileName} credential_process returned invalid JSON.`); + } + return getValidatedProcessCredentials(profileName, data, profiles); + } catch (error) { + throw new import_property_provider.CredentialsProviderError(error.message, { logger }); + } + } else { + throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} did not contain credential_process.`, { logger }); + } + } else { + throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} could not be found in shared credentials file.`, { + logger + }); } -}; +}, "resolveProcessCredentials"); -// src/submodules/sts/commands/AssumeRoleWithWebIdentityCommand.ts -var import_middleware_endpoint2 = __nccwpck_require__(2918); -var import_middleware_serde2 = __nccwpck_require__(1238); -var import_smithy_client5 = __nccwpck_require__(3570); -var import_EndpointParameters2 = __nccwpck_require__(981); -var AssumeRoleWithWebIdentityCommand = class extends import_smithy_client5.Command.classBuilder().ep(import_EndpointParameters2.commonParams).m(function(Command, cs, config, o) { - return [ - (0, import_middleware_serde2.getSerdePlugin)(config, this.serialize, this.deserialize), - (0, import_middleware_endpoint2.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()) - ]; -}).s("AWSSecurityTokenServiceV20110615", "AssumeRoleWithWebIdentity", {}).n("STSClient", "AssumeRoleWithWebIdentityCommand").f(AssumeRoleWithWebIdentityRequestFilterSensitiveLog, AssumeRoleWithWebIdentityResponseFilterSensitiveLog).ser(se_AssumeRoleWithWebIdentityCommand).de(de_AssumeRoleWithWebIdentityCommand).build() { - static { - __name(this, "AssumeRoleWithWebIdentityCommand"); - } -}; +// src/fromProcess.ts +var fromProcess = /* @__PURE__ */ __name((init = {}) => async ({ callerClientConfig } = {}) => { + init.logger?.debug("@aws-sdk/credential-provider-process - fromProcess"); + const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init); + return resolveProcessCredentials( + (0, import_shared_ini_file_loader.getProfileName)({ + profile: init.profile ?? callerClientConfig?.profile + }), + profiles, + init.logger + ); +}, "fromProcess"); +// Annotate the CommonJS export names for ESM import in node: -// src/submodules/sts/STS.ts -var import_STSClient = __nccwpck_require__(6878); -var commands = { - AssumeRoleCommand, - AssumeRoleWithWebIdentityCommand +0 && (0); + + + +/***/ }), + +/***/ 6414: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +"use strict"; + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __esm = (fn, res) => function __init() { + return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res; }; -var STS = class extends import_STSClient.STSClient { - static { - __name(this, "STS"); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } + return to; }; -(0, import_smithy_client6.createAggregatedClient)(commands, STS); - -// src/submodules/sts/index.ts -var import_EndpointParameters3 = __nccwpck_require__(981); +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -// src/submodules/sts/defaultStsRoleAssumers.ts -var import_client = __nccwpck_require__(6510); -var ASSUME_ROLE_DEFAULT_REGION = "us-east-1"; -var getAccountIdFromAssumedRoleUser = /* @__PURE__ */ __name((assumedRoleUser) => { - if (typeof assumedRoleUser?.Arn === "string") { - const arnComponents = assumedRoleUser.Arn.split(":"); - if (arnComponents.length > 4 && arnComponents[4] !== "") { - return arnComponents[4]; - } +// src/loadSso.ts +var loadSso_exports = {}; +__export(loadSso_exports, { + GetRoleCredentialsCommand: () => import_client_sso.GetRoleCredentialsCommand, + SSOClient: () => import_client_sso.SSOClient +}); +var import_client_sso; +var init_loadSso = __esm({ + "src/loadSso.ts"() { + "use strict"; + import_client_sso = __nccwpck_require__(2666); } - return void 0; -}, "getAccountIdFromAssumedRoleUser"); -var resolveRegion = /* @__PURE__ */ __name(async (_region, _parentRegion, credentialProviderLogger) => { - const region = typeof _region === "function" ? await _region() : _region; - const parentRegion = typeof _parentRegion === "function" ? await _parentRegion() : _parentRegion; - credentialProviderLogger?.debug?.( - "@aws-sdk/client-sts::resolveRegion", - "accepting first of:", - `${region} (provider)`, - `${parentRegion} (parent client)`, - `${ASSUME_ROLE_DEFAULT_REGION} (STS default)` - ); - return region ?? parentRegion ?? ASSUME_ROLE_DEFAULT_REGION; -}, "resolveRegion"); -var getDefaultRoleAssumer = /* @__PURE__ */ __name((stsOptions, STSClient3) => { - let stsClient; - let closureSourceCreds; - return async (sourceCreds, params) => { - closureSourceCreds = sourceCreds; - if (!stsClient) { - const { - logger = stsOptions?.parentClientConfig?.logger, - region, - requestHandler = stsOptions?.parentClientConfig?.requestHandler, - credentialProviderLogger - } = stsOptions; - const resolvedRegion = await resolveRegion( - region, - stsOptions?.parentClientConfig?.region, - credentialProviderLogger - ); - const isCompatibleRequestHandler = !isH2(requestHandler); - stsClient = new STSClient3({ - profile: stsOptions?.parentClientConfig?.profile, - // A hack to make sts client uses the credential in current closure. - credentialDefaultProvider: /* @__PURE__ */ __name(() => async () => closureSourceCreds, "credentialDefaultProvider"), - region: resolvedRegion, - requestHandler: isCompatibleRequestHandler ? requestHandler : void 0, +}); + +// src/index.ts +var index_exports = {}; +__export(index_exports, { + fromSSO: () => fromSSO, + isSsoProfile: () => isSsoProfile, + validateSsoProfile: () => validateSsoProfile +}); +module.exports = __toCommonJS(index_exports); + +// src/fromSSO.ts + + + +// src/isSsoProfile.ts +var isSsoProfile = /* @__PURE__ */ __name((arg) => arg && (typeof arg.sso_start_url === "string" || typeof arg.sso_account_id === "string" || typeof arg.sso_session === "string" || typeof arg.sso_region === "string" || typeof arg.sso_role_name === "string"), "isSsoProfile"); + +// src/resolveSSOCredentials.ts +var import_client = __nccwpck_require__(2825); +var import_token_providers = __nccwpck_require__(2843); +var import_property_provider = __nccwpck_require__(9721); +var import_shared_ini_file_loader = __nccwpck_require__(3507); +var SHOULD_FAIL_CREDENTIAL_CHAIN = false; +var resolveSSOCredentials = /* @__PURE__ */ __name(async ({ + ssoStartUrl, + ssoSession, + ssoAccountId, + ssoRegion, + ssoRoleName, + ssoClient, + clientConfig, + parentClientConfig, + profile, + logger +}) => { + let token; + const refreshMessage = `To refresh this SSO session run aws sso login with the corresponding profile.`; + if (ssoSession) { + try { + const _token = await (0, import_token_providers.fromSso)({ profile })(); + token = { + accessToken: _token.token, + expiresAt: new Date(_token.expiration).toISOString() + }; + } catch (e) { + throw new import_property_provider.CredentialsProviderError(e.message, { + tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, logger }); } - const { Credentials: Credentials2, AssumedRoleUser: AssumedRoleUser2 } = await stsClient.send(new AssumeRoleCommand(params)); - if (!Credentials2 || !Credentials2.AccessKeyId || !Credentials2.SecretAccessKey) { - throw new Error(`Invalid response from STS.assumeRole call with role ${params.RoleArn}`); - } - const accountId = getAccountIdFromAssumedRoleUser(AssumedRoleUser2); - const credentials = { - accessKeyId: Credentials2.AccessKeyId, - secretAccessKey: Credentials2.SecretAccessKey, - sessionToken: Credentials2.SessionToken, - expiration: Credentials2.Expiration, - // TODO(credentialScope): access normally when shape is updated. - ...Credentials2.CredentialScope && { credentialScope: Credentials2.CredentialScope }, - ...accountId && { accountId } - }; - (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_STS_ASSUME_ROLE", "i"); - return credentials; - }; -}, "getDefaultRoleAssumer"); -var getDefaultRoleAssumerWithWebIdentity = /* @__PURE__ */ __name((stsOptions, STSClient3) => { - let stsClient; - return async (params) => { - if (!stsClient) { - const { - logger = stsOptions?.parentClientConfig?.logger, - region, - requestHandler = stsOptions?.parentClientConfig?.requestHandler, - credentialProviderLogger - } = stsOptions; - const resolvedRegion = await resolveRegion( - region, - stsOptions?.parentClientConfig?.region, - credentialProviderLogger - ); - const isCompatibleRequestHandler = !isH2(requestHandler); - stsClient = new STSClient3({ - profile: stsOptions?.parentClientConfig?.profile, - region: resolvedRegion, - requestHandler: isCompatibleRequestHandler ? requestHandler : void 0, + } else { + try { + token = await (0, import_shared_ini_file_loader.getSSOTokenFromFile)(ssoStartUrl); + } catch (e) { + throw new import_property_provider.CredentialsProviderError(`The SSO session associated with this profile is invalid. ${refreshMessage}`, { + tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, logger }); } - const { Credentials: Credentials2, AssumedRoleUser: AssumedRoleUser2 } = await stsClient.send(new AssumeRoleWithWebIdentityCommand(params)); - if (!Credentials2 || !Credentials2.AccessKeyId || !Credentials2.SecretAccessKey) { - throw new Error(`Invalid response from STS.assumeRoleWithWebIdentity call with role ${params.RoleArn}`); - } - const accountId = getAccountIdFromAssumedRoleUser(AssumedRoleUser2); - const credentials = { - accessKeyId: Credentials2.AccessKeyId, - secretAccessKey: Credentials2.SecretAccessKey, - sessionToken: Credentials2.SessionToken, - expiration: Credentials2.Expiration, - // TODO(credentialScope): access normally when shape is updated. - ...Credentials2.CredentialScope && { credentialScope: Credentials2.CredentialScope }, - ...accountId && { accountId } - }; - if (accountId) { - (0, import_client.setCredentialFeature)(credentials, "RESOLVED_ACCOUNT_ID", "T"); - } - (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_STS_ASSUME_ROLE_WEB_ID", "k"); - return credentials; + } + if (new Date(token.expiresAt).getTime() - Date.now() <= 0) { + throw new import_property_provider.CredentialsProviderError(`The SSO session associated with this profile has expired. ${refreshMessage}`, { + tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, + logger + }); + } + const { accessToken } = token; + const { SSOClient: SSOClient2, GetRoleCredentialsCommand: GetRoleCredentialsCommand2 } = await Promise.resolve().then(() => (init_loadSso(), loadSso_exports)); + const sso = ssoClient || new SSOClient2( + Object.assign({}, clientConfig ?? {}, { + logger: clientConfig?.logger ?? parentClientConfig?.logger, + region: clientConfig?.region ?? ssoRegion + }) + ); + let ssoResp; + try { + ssoResp = await sso.send( + new GetRoleCredentialsCommand2({ + accountId: ssoAccountId, + roleName: ssoRoleName, + accessToken + }) + ); + } catch (e) { + throw new import_property_provider.CredentialsProviderError(e, { + tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, + logger + }); + } + const { + roleCredentials: { accessKeyId, secretAccessKey, sessionToken, expiration, credentialScope, accountId } = {} + } = ssoResp; + if (!accessKeyId || !secretAccessKey || !sessionToken || !expiration) { + throw new import_property_provider.CredentialsProviderError("SSO returns an invalid temporary credential.", { + tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, + logger + }); + } + const credentials = { + accessKeyId, + secretAccessKey, + sessionToken, + expiration: new Date(expiration), + ...credentialScope && { credentialScope }, + ...accountId && { accountId } }; -}, "getDefaultRoleAssumerWithWebIdentity"); -var isH2 = /* @__PURE__ */ __name((requestHandler) => { - return requestHandler?.metadata?.handlerProtocol === "h2"; -}, "isH2"); + if (ssoSession) { + (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_SSO", "s"); + } else { + (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_SSO_LEGACY", "u"); + } + return credentials; +}, "resolveSSOCredentials"); -// src/submodules/sts/defaultRoleAssumers.ts -var import_STSClient2 = __nccwpck_require__(6878); -var getCustomizableStsClientCtor = /* @__PURE__ */ __name((baseCtor, customizations) => { - if (!customizations) return baseCtor; - else - return class CustomizableSTSClient extends baseCtor { - static { - __name(this, "CustomizableSTSClient"); +// src/validateSsoProfile.ts + +var validateSsoProfile = /* @__PURE__ */ __name((profile, logger) => { + const { sso_start_url, sso_account_id, sso_region, sso_role_name } = profile; + if (!sso_start_url || !sso_account_id || !sso_region || !sso_role_name) { + throw new import_property_provider.CredentialsProviderError( + `Profile is configured with invalid SSO credentials. Required parameters "sso_account_id", "sso_region", "sso_role_name", "sso_start_url". Got ${Object.keys(profile).join( + ", " + )} +Reference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`, + { tryNextLink: false, logger } + ); + } + return profile; +}, "validateSsoProfile"); + +// src/fromSSO.ts +var fromSSO = /* @__PURE__ */ __name((init = {}) => async ({ callerClientConfig } = {}) => { + init.logger?.debug("@aws-sdk/credential-provider-sso - fromSSO"); + const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoSession } = init; + const { ssoClient } = init; + const profileName = (0, import_shared_ini_file_loader.getProfileName)({ + profile: init.profile ?? callerClientConfig?.profile + }); + if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName && !ssoSession) { + const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init); + const profile = profiles[profileName]; + if (!profile) { + throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} was not found.`, { logger: init.logger }); + } + if (!isSsoProfile(profile)) { + throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} is not configured with SSO credentials.`, { + logger: init.logger + }); + } + if (profile?.sso_session) { + const ssoSessions = await (0, import_shared_ini_file_loader.loadSsoSessionData)(init); + const session = ssoSessions[profile.sso_session]; + const conflictMsg = ` configurations in profile ${profileName} and sso-session ${profile.sso_session}`; + if (ssoRegion && ssoRegion !== session.sso_region) { + throw new import_property_provider.CredentialsProviderError(`Conflicting SSO region` + conflictMsg, { + tryNextLink: false, + logger: init.logger + }); } - constructor(config) { - super(config); - for (const customization of customizations) { - this.middlewareStack.use(customization); - } + if (ssoStartUrl && ssoStartUrl !== session.sso_start_url) { + throw new import_property_provider.CredentialsProviderError(`Conflicting SSO start_url` + conflictMsg, { + tryNextLink: false, + logger: init.logger + }); } - }; -}, "getCustomizableStsClientCtor"); -var getDefaultRoleAssumer2 = /* @__PURE__ */ __name((stsOptions = {}, stsPlugins) => getDefaultRoleAssumer(stsOptions, getCustomizableStsClientCtor(import_STSClient2.STSClient, stsPlugins)), "getDefaultRoleAssumer"); -var getDefaultRoleAssumerWithWebIdentity2 = /* @__PURE__ */ __name((stsOptions = {}, stsPlugins) => getDefaultRoleAssumerWithWebIdentity(stsOptions, getCustomizableStsClientCtor(import_STSClient2.STSClient, stsPlugins)), "getDefaultRoleAssumerWithWebIdentity"); -var decorateDefaultCredentialProvider = /* @__PURE__ */ __name((provider) => (input) => provider({ - roleAssumer: getDefaultRoleAssumer2(input), - roleAssumerWithWebIdentity: getDefaultRoleAssumerWithWebIdentity2(input), - ...input -}), "decorateDefaultCredentialProvider"); + profile.sso_region = session.sso_region; + profile.sso_start_url = session.sso_start_url; + } + const { sso_start_url, sso_account_id, sso_region, sso_role_name, sso_session } = validateSsoProfile( + profile, + init.logger + ); + return resolveSSOCredentials({ + ssoStartUrl: sso_start_url, + ssoSession: sso_session, + ssoAccountId: sso_account_id, + ssoRegion: sso_region, + ssoRoleName: sso_role_name, + ssoClient, + clientConfig: init.clientConfig, + parentClientConfig: init.parentClientConfig, + profile: profileName + }); + } else if (!ssoStartUrl || !ssoAccountId || !ssoRegion || !ssoRoleName) { + throw new import_property_provider.CredentialsProviderError( + 'Incomplete configuration. The fromSSO() argument hash must include "ssoStartUrl", "ssoAccountId", "ssoRegion", "ssoRoleName"', + { tryNextLink: false, logger: init.logger } + ); + } else { + return resolveSSOCredentials({ + ssoStartUrl, + ssoSession, + ssoAccountId, + ssoRegion, + ssoRoleName, + ssoClient, + clientConfig: init.clientConfig, + parentClientConfig: init.parentClientConfig, + profile: profileName + }); + } +}, "fromSSO"); // Annotate the CommonJS export names for ESM import in node: + 0 && (0); + /***/ }), -/***/ 302: +/***/ 5614: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.getRuntimeConfig = void 0; -const tslib_1 = __nccwpck_require__(4351); -const package_json_1 = tslib_1.__importDefault(__nccwpck_require__(4178)); -const core_1 = __nccwpck_require__(2143); -const util_user_agent_node_1 = __nccwpck_require__(7330); -const config_resolver_1 = __nccwpck_require__(3098); -const core_2 = __nccwpck_require__(5829); -const hash_node_1 = __nccwpck_require__(3081); -const middleware_retry_1 = __nccwpck_require__(6039); -const node_config_provider_1 = __nccwpck_require__(3461); -const node_http_handler_1 = __nccwpck_require__(258); -const util_body_length_node_1 = __nccwpck_require__(8075); -const util_retry_1 = __nccwpck_require__(4902); -const runtimeConfig_shared_1 = __nccwpck_require__(9165); -const smithy_client_1 = __nccwpck_require__(3570); -const util_defaults_mode_node_1 = __nccwpck_require__(2429); -const smithy_client_2 = __nccwpck_require__(3570); -const getRuntimeConfig = (config) => { - (0, smithy_client_2.emitWarningIfUnsupportedVersion)(process.version); - const defaultsMode = (0, util_defaults_mode_node_1.resolveDefaultsModeConfig)(config); - const defaultConfigProvider = () => defaultsMode().then(smithy_client_1.loadConfigsForDefaultMode); - const clientSharedValues = (0, runtimeConfig_shared_1.getRuntimeConfig)(config); - (0, core_1.emitWarningIfUnsupportedVersion)(process.version); - const loaderConfig = { - profile: config?.profile, - logger: clientSharedValues.logger, - }; - return { - ...clientSharedValues, - ...config, - runtime: "node", - defaultsMode, - authSchemePreference: config?.authSchemePreference ?? (0, node_config_provider_1.loadConfig)(core_1.NODE_AUTH_SCHEME_PREFERENCE_OPTIONS, loaderConfig), - bodyLengthChecker: config?.bodyLengthChecker ?? util_body_length_node_1.calculateBodyLength, - defaultUserAgentProvider: config?.defaultUserAgentProvider ?? - (0, util_user_agent_node_1.createDefaultUserAgentProvider)({ serviceId: clientSharedValues.serviceId, clientVersion: package_json_1.default.version }), - httpAuthSchemes: config?.httpAuthSchemes ?? [ - { - schemeId: "aws.auth#sigv4", - identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4") || - (async (idProps) => await config.credentialDefaultProvider(idProps?.__config || {})()), - signer: new core_1.AwsSdkSigV4Signer(), - }, - { - schemeId: "smithy.api#noAuth", - identityProvider: (ipc) => ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})), - signer: new core_2.NoAuthSigner(), - }, - ], - maxAttempts: config?.maxAttempts ?? (0, node_config_provider_1.loadConfig)(middleware_retry_1.NODE_MAX_ATTEMPT_CONFIG_OPTIONS, config), - region: config?.region ?? - (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_REGION_CONFIG_OPTIONS, { ...config_resolver_1.NODE_REGION_CONFIG_FILE_OPTIONS, ...loaderConfig }), - requestHandler: node_http_handler_1.NodeHttpHandler.create(config?.requestHandler ?? defaultConfigProvider), - retryMode: config?.retryMode ?? - (0, node_config_provider_1.loadConfig)({ - ...middleware_retry_1.NODE_RETRY_MODE_CONFIG_OPTIONS, - default: async () => (await defaultConfigProvider()).retryMode || util_retry_1.DEFAULT_RETRY_MODE, - }, config), - sha256: config?.sha256 ?? hash_node_1.Hash.bind(null, "sha256"), - streamCollector: config?.streamCollector ?? node_http_handler_1.streamCollector, - useDualstackEndpoint: config?.useDualstackEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS, loaderConfig), - useFipsEndpoint: config?.useFipsEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS, loaderConfig), - userAgentAppId: config?.userAgentAppId ?? (0, node_config_provider_1.loadConfig)(util_user_agent_node_1.NODE_APP_ID_CONFIG_OPTIONS, loaderConfig), - }; +exports.fromTokenFile = void 0; +const client_1 = __nccwpck_require__(2825); +const property_provider_1 = __nccwpck_require__(9721); +const fs_1 = __nccwpck_require__(7147); +const fromWebToken_1 = __nccwpck_require__(7905); +const ENV_TOKEN_FILE = "AWS_WEB_IDENTITY_TOKEN_FILE"; +const ENV_ROLE_ARN = "AWS_ROLE_ARN"; +const ENV_ROLE_SESSION_NAME = "AWS_ROLE_SESSION_NAME"; +const fromTokenFile = (init = {}) => async () => { + init.logger?.debug("@aws-sdk/credential-provider-web-identity - fromTokenFile"); + const webIdentityTokenFile = init?.webIdentityTokenFile ?? process.env[ENV_TOKEN_FILE]; + const roleArn = init?.roleArn ?? process.env[ENV_ROLE_ARN]; + const roleSessionName = init?.roleSessionName ?? process.env[ENV_ROLE_SESSION_NAME]; + if (!webIdentityTokenFile || !roleArn) { + throw new property_provider_1.CredentialsProviderError("Web identity configuration not specified", { + logger: init.logger, + }); + } + const credentials = await (0, fromWebToken_1.fromWebToken)({ + ...init, + webIdentityToken: (0, fs_1.readFileSync)(webIdentityTokenFile, { encoding: "ascii" }), + roleArn, + roleSessionName, + })(); + if (webIdentityTokenFile === process.env[ENV_TOKEN_FILE]) { + (0, client_1.setCredentialFeature)(credentials, "CREDENTIALS_ENV_VARS_STS_WEB_ID_TOKEN", "h"); + } + return credentials; }; -exports.getRuntimeConfig = getRuntimeConfig; +exports.fromTokenFile = fromTokenFile; /***/ }), -/***/ 9165: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { +/***/ 7905: +/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { "use strict"; +var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { + if (k2 === undefined) k2 = k; + var desc = Object.getOwnPropertyDescriptor(m, k); + if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { + desc = { enumerable: true, get: function() { return m[k]; } }; + } + Object.defineProperty(o, k2, desc); +}) : (function(o, m, k, k2) { + if (k2 === undefined) k2 = k; + o[k2] = m[k]; +})); +var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { + Object.defineProperty(o, "default", { enumerable: true, value: v }); +}) : function(o, v) { + o["default"] = v; +}); +var __importStar = (this && this.__importStar) || (function () { + var ownKeys = function(o) { + ownKeys = Object.getOwnPropertyNames || function (o) { + var ar = []; + for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k; + return ar; + }; + return ownKeys(o); + }; + return function (mod) { + if (mod && mod.__esModule) return mod; + var result = {}; + if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]); + __setModuleDefault(result, mod); + return result; + }; +})(); Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.getRuntimeConfig = void 0; -const core_1 = __nccwpck_require__(2143); -const core_2 = __nccwpck_require__(5829); -const smithy_client_1 = __nccwpck_require__(3570); -const url_parser_1 = __nccwpck_require__(4681); -const util_base64_1 = __nccwpck_require__(5600); -const util_utf8_1 = __nccwpck_require__(1895); -const httpAuthSchemeProvider_1 = __nccwpck_require__(3061); -const endpointResolver_1 = __nccwpck_require__(8181); -const getRuntimeConfig = (config) => { - return { - apiVersion: "2011-06-15", - base64Decoder: config?.base64Decoder ?? util_base64_1.fromBase64, - base64Encoder: config?.base64Encoder ?? util_base64_1.toBase64, - disableHostPrefix: config?.disableHostPrefix ?? false, - endpointProvider: config?.endpointProvider ?? endpointResolver_1.defaultEndpointResolver, - extensions: config?.extensions ?? [], - httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? httpAuthSchemeProvider_1.defaultSTSHttpAuthSchemeProvider, - httpAuthSchemes: config?.httpAuthSchemes ?? [ - { - schemeId: "aws.auth#sigv4", - identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4"), - signer: new core_1.AwsSdkSigV4Signer(), - }, - { - schemeId: "smithy.api#noAuth", - identityProvider: (ipc) => ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})), - signer: new core_2.NoAuthSigner(), +exports.fromWebToken = void 0; +const fromWebToken = (init) => async (awsIdentityProperties) => { + init.logger?.debug("@aws-sdk/credential-provider-web-identity - fromWebToken"); + const { roleArn, roleSessionName, webIdentityToken, providerId, policyArns, policy, durationSeconds } = init; + let { roleAssumerWithWebIdentity } = init; + if (!roleAssumerWithWebIdentity) { + const { getDefaultRoleAssumerWithWebIdentity } = await Promise.resolve().then(() => __importStar(__nccwpck_require__(2273))); + roleAssumerWithWebIdentity = getDefaultRoleAssumerWithWebIdentity({ + ...init.clientConfig, + credentialProviderLogger: init.logger, + parentClientConfig: { + ...awsIdentityProperties?.callerClientConfig, + ...init.parentClientConfig, }, - ], - logger: config?.logger ?? new smithy_client_1.NoOpLogger(), - serviceId: config?.serviceId ?? "STS", - urlParser: config?.urlParser ?? url_parser_1.parseUrl, - utf8Decoder: config?.utf8Decoder ?? util_utf8_1.fromUtf8, - utf8Encoder: config?.utf8Encoder ?? util_utf8_1.toUtf8, - }; + }, init.clientPlugins); + } + return roleAssumerWithWebIdentity({ + RoleArn: roleArn, + RoleSessionName: roleSessionName ?? `aws-sdk-js-session-${Date.now()}`, + WebIdentityToken: webIdentityToken, + ProviderId: providerId, + PolicyArns: policyArns, + Policy: policy, + DurationSeconds: durationSeconds, + }); }; -exports.getRuntimeConfig = getRuntimeConfig; +exports.fromWebToken = fromWebToken; /***/ }), -/***/ 9913: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { +/***/ 5646: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.resolveRuntimeExtensions = void 0; -const region_config_resolver_1 = __nccwpck_require__(6976); -const protocol_http_1 = __nccwpck_require__(4418); -const smithy_client_1 = __nccwpck_require__(3570); -const httpAuthExtensionConfiguration_1 = __nccwpck_require__(1746); -const resolveRuntimeExtensions = (runtimeConfig, extensions) => { - const extensionConfiguration = Object.assign((0, region_config_resolver_1.getAwsRegionExtensionConfiguration)(runtimeConfig), (0, smithy_client_1.getDefaultExtensionConfiguration)(runtimeConfig), (0, protocol_http_1.getHttpHandlerExtensionConfiguration)(runtimeConfig), (0, httpAuthExtensionConfiguration_1.getHttpAuthExtensionConfiguration)(runtimeConfig)); - extensions.forEach((extension) => extension.configure(extensionConfiguration)); - return Object.assign(runtimeConfig, (0, region_config_resolver_1.resolveAwsRegionExtensionConfiguration)(extensionConfiguration), (0, smithy_client_1.resolveDefaultRuntimeConfig)(extensionConfiguration), (0, protocol_http_1.resolveHttpHandlerRuntimeConfig)(extensionConfiguration), (0, httpAuthExtensionConfiguration_1.resolveHttpAuthRuntimeConfig)(extensionConfiguration)); +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + } + return to; }; -exports.resolveRuntimeExtensions = resolveRuntimeExtensions; +var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default")); +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/index.ts +var index_exports = {}; +module.exports = __toCommonJS(index_exports); +__reExport(index_exports, __nccwpck_require__(5614), module.exports); +__reExport(index_exports, __nccwpck_require__(7905), module.exports); +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); + /***/ }), -/***/ 6976: -/***/ ((module) => { +/***/ 6689: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; @@ -37845,83 +45999,433 @@ var __copyProps = (to, from, except, desc) => { if (!__hasOwnProp.call(to, key) && key !== except) __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - NODE_REGION_CONFIG_FILE_OPTIONS: () => NODE_REGION_CONFIG_FILE_OPTIONS, - NODE_REGION_CONFIG_OPTIONS: () => NODE_REGION_CONFIG_OPTIONS, - REGION_ENV_NAME: () => REGION_ENV_NAME, - REGION_INI_NAME: () => REGION_INI_NAME, - getAwsRegionExtensionConfiguration: () => getAwsRegionExtensionConfiguration, - resolveAwsRegionExtensionConfiguration: () => resolveAwsRegionExtensionConfiguration, - resolveRegionConfig: () => resolveRegionConfig -}); -module.exports = __toCommonJS(index_exports); - -// src/extensions/index.ts -var getAwsRegionExtensionConfiguration = /* @__PURE__ */ __name((runtimeConfig) => { + return to; +}; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/index.ts +var index_exports = {}; +__export(index_exports, { + NODE_DISABLE_MULTIREGION_ACCESS_POINT_CONFIG_OPTIONS: () => NODE_DISABLE_MULTIREGION_ACCESS_POINT_CONFIG_OPTIONS, + NODE_DISABLE_MULTIREGION_ACCESS_POINT_ENV_NAME: () => NODE_DISABLE_MULTIREGION_ACCESS_POINT_ENV_NAME, + NODE_DISABLE_MULTIREGION_ACCESS_POINT_INI_NAME: () => NODE_DISABLE_MULTIREGION_ACCESS_POINT_INI_NAME, + NODE_USE_ARN_REGION_CONFIG_OPTIONS: () => NODE_USE_ARN_REGION_CONFIG_OPTIONS, + NODE_USE_ARN_REGION_ENV_NAME: () => NODE_USE_ARN_REGION_ENV_NAME, + NODE_USE_ARN_REGION_INI_NAME: () => NODE_USE_ARN_REGION_INI_NAME, + bucketEndpointMiddleware: () => bucketEndpointMiddleware, + bucketEndpointMiddlewareOptions: () => bucketEndpointMiddlewareOptions, + bucketHostname: () => bucketHostname, + getArnResources: () => getArnResources, + getBucketEndpointPlugin: () => getBucketEndpointPlugin, + getSuffixForArnEndpoint: () => getSuffixForArnEndpoint, + resolveBucketEndpointConfig: () => resolveBucketEndpointConfig, + validateAccountId: () => validateAccountId, + validateDNSHostLabel: () => validateDNSHostLabel, + validateNoDualstack: () => validateNoDualstack, + validateNoFIPS: () => validateNoFIPS, + validateOutpostService: () => validateOutpostService, + validatePartition: () => validatePartition, + validateRegion: () => validateRegion +}); +module.exports = __toCommonJS(index_exports); + +// src/NodeDisableMultiregionAccessPointConfigOptions.ts +var import_util_config_provider = __nccwpck_require__(3375); +var NODE_DISABLE_MULTIREGION_ACCESS_POINT_ENV_NAME = "AWS_S3_DISABLE_MULTIREGION_ACCESS_POINTS"; +var NODE_DISABLE_MULTIREGION_ACCESS_POINT_INI_NAME = "s3_disable_multiregion_access_points"; +var NODE_DISABLE_MULTIREGION_ACCESS_POINT_CONFIG_OPTIONS = { + environmentVariableSelector: /* @__PURE__ */ __name((env) => (0, import_util_config_provider.booleanSelector)(env, NODE_DISABLE_MULTIREGION_ACCESS_POINT_ENV_NAME, import_util_config_provider.SelectorType.ENV), "environmentVariableSelector"), + configFileSelector: /* @__PURE__ */ __name((profile) => (0, import_util_config_provider.booleanSelector)(profile, NODE_DISABLE_MULTIREGION_ACCESS_POINT_INI_NAME, import_util_config_provider.SelectorType.CONFIG), "configFileSelector"), + default: false +}; + +// src/NodeUseArnRegionConfigOptions.ts + +var NODE_USE_ARN_REGION_ENV_NAME = "AWS_S3_USE_ARN_REGION"; +var NODE_USE_ARN_REGION_INI_NAME = "s3_use_arn_region"; +var NODE_USE_ARN_REGION_CONFIG_OPTIONS = { + environmentVariableSelector: /* @__PURE__ */ __name((env) => (0, import_util_config_provider.booleanSelector)(env, NODE_USE_ARN_REGION_ENV_NAME, import_util_config_provider.SelectorType.ENV), "environmentVariableSelector"), + configFileSelector: /* @__PURE__ */ __name((profile) => (0, import_util_config_provider.booleanSelector)(profile, NODE_USE_ARN_REGION_INI_NAME, import_util_config_provider.SelectorType.CONFIG), "configFileSelector"), + /** + * useArnRegion has specific behavior when undefined instead of false. + * We therefore use undefined as the default value instead of false. + */ + default: void 0 +}; + +// src/bucketEndpointMiddleware.ts +var import_util_arn_parser = __nccwpck_require__(5487); +var import_protocol_http = __nccwpck_require__(4418); + +// src/bucketHostnameUtils.ts +var DOMAIN_PATTERN = /^[a-z0-9][a-z0-9\.\-]{1,61}[a-z0-9]$/; +var IP_ADDRESS_PATTERN = /(\d+\.){3}\d+/; +var DOTS_PATTERN = /\.\./; +var DOT_PATTERN = /\./; +var S3_HOSTNAME_PATTERN = /^(.+\.)?s3(-fips)?(\.dualstack)?[.-]([a-z0-9-]+)\./; +var S3_US_EAST_1_ALTNAME_PATTERN = /^s3(-external-1)?\.amazonaws\.com$/; +var AWS_PARTITION_SUFFIX = "amazonaws.com"; +var isBucketNameOptions = /* @__PURE__ */ __name((options) => typeof options.bucketName === "string", "isBucketNameOptions"); +var isDnsCompatibleBucketName = /* @__PURE__ */ __name((bucketName) => DOMAIN_PATTERN.test(bucketName) && !IP_ADDRESS_PATTERN.test(bucketName) && !DOTS_PATTERN.test(bucketName), "isDnsCompatibleBucketName"); +var getRegionalSuffix = /* @__PURE__ */ __name((hostname) => { + const parts = hostname.match(S3_HOSTNAME_PATTERN); + return [parts[4], hostname.replace(new RegExp(`^${parts[0]}`), "")]; +}, "getRegionalSuffix"); +var getSuffix = /* @__PURE__ */ __name((hostname) => S3_US_EAST_1_ALTNAME_PATTERN.test(hostname) ? ["us-east-1", AWS_PARTITION_SUFFIX] : getRegionalSuffix(hostname), "getSuffix"); +var getSuffixForArnEndpoint = /* @__PURE__ */ __name((hostname) => S3_US_EAST_1_ALTNAME_PATTERN.test(hostname) ? [hostname.replace(`.${AWS_PARTITION_SUFFIX}`, ""), AWS_PARTITION_SUFFIX] : getRegionalSuffix(hostname), "getSuffixForArnEndpoint"); +var validateArnEndpointOptions = /* @__PURE__ */ __name((options) => { + if (options.pathStyleEndpoint) { + throw new Error("Path-style S3 endpoint is not supported when bucket is an ARN"); + } + if (options.accelerateEndpoint) { + throw new Error("Accelerate endpoint is not supported when bucket is an ARN"); + } + if (!options.tlsCompatible) { + throw new Error("HTTPS is required when bucket is an ARN"); + } +}, "validateArnEndpointOptions"); +var validateService = /* @__PURE__ */ __name((service) => { + if (service !== "s3" && service !== "s3-outposts" && service !== "s3-object-lambda") { + throw new Error("Expect 's3' or 's3-outposts' or 's3-object-lambda' in ARN service component"); + } +}, "validateService"); +var validateS3Service = /* @__PURE__ */ __name((service) => { + if (service !== "s3") { + throw new Error("Expect 's3' in Accesspoint ARN service component"); + } +}, "validateS3Service"); +var validateOutpostService = /* @__PURE__ */ __name((service) => { + if (service !== "s3-outposts") { + throw new Error("Expect 's3-posts' in Outpost ARN service component"); + } +}, "validateOutpostService"); +var validatePartition = /* @__PURE__ */ __name((partition, options) => { + if (partition !== options.clientPartition) { + throw new Error(`Partition in ARN is incompatible, got "${partition}" but expected "${options.clientPartition}"`); + } +}, "validatePartition"); +var validateRegion = /* @__PURE__ */ __name((region, options) => { +}, "validateRegion"); +var validateRegionalClient = /* @__PURE__ */ __name((region) => { + if (["s3-external-1", "aws-global"].includes(region)) { + throw new Error(`Client region ${region} is not regional`); + } +}, "validateRegionalClient"); +var validateAccountId = /* @__PURE__ */ __name((accountId) => { + if (!/[0-9]{12}/.exec(accountId)) { + throw new Error("Access point ARN accountID does not match regex '[0-9]{12}'"); + } +}, "validateAccountId"); +var validateDNSHostLabel = /* @__PURE__ */ __name((label, options = { tlsCompatible: true }) => { + if (label.length >= 64 || !/^[a-z0-9][a-z0-9.-]*[a-z0-9]$/.test(label) || /(\d+\.){3}\d+/.test(label) || /[.-]{2}/.test(label) || options?.tlsCompatible && DOT_PATTERN.test(label)) { + throw new Error(`Invalid DNS label ${label}`); + } +}, "validateDNSHostLabel"); +var validateCustomEndpoint = /* @__PURE__ */ __name((options) => { + if (options.isCustomEndpoint) { + if (options.dualstackEndpoint) throw new Error("Dualstack endpoint is not supported with custom endpoint"); + if (options.accelerateEndpoint) throw new Error("Accelerate endpoint is not supported with custom endpoint"); + } +}, "validateCustomEndpoint"); +var getArnResources = /* @__PURE__ */ __name((resource) => { + const delimiter = resource.includes(":") ? ":" : "/"; + const [resourceType, ...rest] = resource.split(delimiter); + if (resourceType === "accesspoint") { + if (rest.length !== 1 || rest[0] === "") { + throw new Error(`Access Point ARN should have one resource accesspoint${delimiter}{accesspointname}`); + } + return { accesspointName: rest[0] }; + } else if (resourceType === "outpost") { + if (!rest[0] || rest[1] !== "accesspoint" || !rest[2] || rest.length !== 3) { + throw new Error( + `Outpost ARN should have resource outpost${delimiter}{outpostId}${delimiter}accesspoint${delimiter}{accesspointName}` + ); + } + const [outpostId, _, accesspointName] = rest; + return { outpostId, accesspointName }; + } else { + throw new Error(`ARN resource should begin with 'accesspoint${delimiter}' or 'outpost${delimiter}'`); + } +}, "getArnResources"); +var validateNoDualstack = /* @__PURE__ */ __name((dualstackEndpoint) => { +}, "validateNoDualstack"); +var validateNoFIPS = /* @__PURE__ */ __name((useFipsEndpoint) => { + if (useFipsEndpoint) throw new Error(`FIPS region is not supported with Outpost.`); +}, "validateNoFIPS"); +var validateMrapAlias = /* @__PURE__ */ __name((name) => { + try { + name.split(".").forEach((label) => { + validateDNSHostLabel(label); + }); + } catch (e) { + throw new Error(`"${name}" is not a DNS compatible name.`); + } +}, "validateMrapAlias"); + +// src/bucketHostname.ts +var bucketHostname = /* @__PURE__ */ __name((options) => { + validateCustomEndpoint(options); + return isBucketNameOptions(options) ? ( + // Construct endpoint when bucketName is a string referring to a bucket name + getEndpointFromBucketName(options) + ) : ( + // Construct endpoint when bucketName is an ARN referring to an S3 resource like Access Point + getEndpointFromArn(options) + ); +}, "bucketHostname"); +var getEndpointFromBucketName = /* @__PURE__ */ __name(({ + accelerateEndpoint = false, + clientRegion: region, + baseHostname, + bucketName, + dualstackEndpoint = false, + fipsEndpoint = false, + pathStyleEndpoint = false, + tlsCompatible = true, + isCustomEndpoint = false +}) => { + const [clientRegion, hostnameSuffix] = isCustomEndpoint ? [region, baseHostname] : getSuffix(baseHostname); + if (pathStyleEndpoint || !isDnsCompatibleBucketName(bucketName) || tlsCompatible && DOT_PATTERN.test(bucketName)) { + return { + bucketEndpoint: false, + hostname: dualstackEndpoint ? `s3.dualstack.${clientRegion}.${hostnameSuffix}` : baseHostname + }; + } + if (accelerateEndpoint) { + baseHostname = `s3-accelerate${dualstackEndpoint ? ".dualstack" : ""}.${hostnameSuffix}`; + } else if (dualstackEndpoint) { + baseHostname = `s3.dualstack.${clientRegion}.${hostnameSuffix}`; + } + return { + bucketEndpoint: true, + hostname: `${bucketName}.${baseHostname}` + }; +}, "getEndpointFromBucketName"); +var getEndpointFromArn = /* @__PURE__ */ __name((options) => { + const { isCustomEndpoint, baseHostname, clientRegion } = options; + const hostnameSuffix = isCustomEndpoint ? baseHostname : getSuffixForArnEndpoint(baseHostname)[1]; + const { + pathStyleEndpoint, + accelerateEndpoint = false, + fipsEndpoint = false, + tlsCompatible = true, + bucketName, + clientPartition = "aws" + } = options; + validateArnEndpointOptions({ pathStyleEndpoint, accelerateEndpoint, tlsCompatible }); + const { service, partition, accountId, region, resource } = bucketName; + validateService(service); + validatePartition(partition, { clientPartition }); + validateAccountId(accountId); + const { accesspointName, outpostId } = getArnResources(resource); + if (service === "s3-object-lambda") { + return getEndpointFromObjectLambdaArn({ ...options, tlsCompatible, bucketName, accesspointName, hostnameSuffix }); + } + if (region === "") { + return getEndpointFromMRAPArn({ ...options, clientRegion, mrapAlias: accesspointName, hostnameSuffix }); + } + if (outpostId) { + return getEndpointFromOutpostArn({ ...options, clientRegion, outpostId, accesspointName, hostnameSuffix }); + } + return getEndpointFromAccessPointArn({ ...options, clientRegion, accesspointName, hostnameSuffix }); +}, "getEndpointFromArn"); +var getEndpointFromObjectLambdaArn = /* @__PURE__ */ __name(({ + dualstackEndpoint = false, + fipsEndpoint = false, + tlsCompatible = true, + useArnRegion, + clientRegion, + clientSigningRegion = clientRegion, + accesspointName, + bucketName, + hostnameSuffix +}) => { + const { accountId, region, service } = bucketName; + validateRegionalClient(clientRegion); + const DNSHostLabel = `${accesspointName}-${accountId}`; + validateDNSHostLabel(DNSHostLabel, { tlsCompatible }); + const endpointRegion = useArnRegion ? region : clientRegion; + const signingRegion = useArnRegion ? region : clientSigningRegion; return { - setRegion(region) { - runtimeConfig.region = region; - }, - region() { - return runtimeConfig.region; - } + bucketEndpoint: true, + hostname: `${DNSHostLabel}.${service}${fipsEndpoint ? "-fips" : ""}.${endpointRegion}.${hostnameSuffix}`, + signingRegion, + signingService: service }; -}, "getAwsRegionExtensionConfiguration"); -var resolveAwsRegionExtensionConfiguration = /* @__PURE__ */ __name((awsRegionExtensionConfiguration) => { +}, "getEndpointFromObjectLambdaArn"); +var getEndpointFromMRAPArn = /* @__PURE__ */ __name(({ + disableMultiregionAccessPoints, + dualstackEndpoint = false, + isCustomEndpoint, + mrapAlias, + hostnameSuffix +}) => { + if (disableMultiregionAccessPoints === true) { + throw new Error("SDK is attempting to use a MRAP ARN. Please enable to feature."); + } + validateMrapAlias(mrapAlias); return { - region: awsRegionExtensionConfiguration.region() + bucketEndpoint: true, + hostname: `${mrapAlias}${isCustomEndpoint ? "" : `.accesspoint.s3-global`}.${hostnameSuffix}`, + signingRegion: "*" }; -}, "resolveAwsRegionExtensionConfiguration"); +}, "getEndpointFromMRAPArn"); +var getEndpointFromOutpostArn = /* @__PURE__ */ __name(({ + useArnRegion, + clientRegion, + clientSigningRegion = clientRegion, + bucketName, + outpostId, + dualstackEndpoint = false, + fipsEndpoint = false, + tlsCompatible = true, + accesspointName, + isCustomEndpoint, + hostnameSuffix +}) => { + validateRegionalClient(clientRegion); + const DNSHostLabel = `${accesspointName}-${bucketName.accountId}`; + validateDNSHostLabel(DNSHostLabel, { tlsCompatible }); + const endpointRegion = useArnRegion ? bucketName.region : clientRegion; + const signingRegion = useArnRegion ? bucketName.region : clientSigningRegion; + validateOutpostService(bucketName.service); + validateDNSHostLabel(outpostId, { tlsCompatible }); + validateNoFIPS(fipsEndpoint); + const hostnamePrefix = `${DNSHostLabel}.${outpostId}`; + return { + bucketEndpoint: true, + hostname: `${hostnamePrefix}${isCustomEndpoint ? "" : `.s3-outposts.${endpointRegion}`}.${hostnameSuffix}`, + signingRegion, + signingService: "s3-outposts" + }; +}, "getEndpointFromOutpostArn"); +var getEndpointFromAccessPointArn = /* @__PURE__ */ __name(({ + useArnRegion, + clientRegion, + clientSigningRegion = clientRegion, + bucketName, + dualstackEndpoint = false, + fipsEndpoint = false, + tlsCompatible = true, + accesspointName, + isCustomEndpoint, + hostnameSuffix +}) => { + validateRegionalClient(clientRegion); + const hostnamePrefix = `${accesspointName}-${bucketName.accountId}`; + validateDNSHostLabel(hostnamePrefix, { tlsCompatible }); + const endpointRegion = useArnRegion ? bucketName.region : clientRegion; + const signingRegion = useArnRegion ? bucketName.region : clientSigningRegion; + validateS3Service(bucketName.service); + return { + bucketEndpoint: true, + hostname: `${hostnamePrefix}${isCustomEndpoint ? "" : `.s3-accesspoint${fipsEndpoint ? "-fips" : ""}${dualstackEndpoint ? ".dualstack" : ""}.${endpointRegion}`}.${hostnameSuffix}`, + signingRegion + }; +}, "getEndpointFromAccessPointArn"); -// src/regionConfig/config.ts -var REGION_ENV_NAME = "AWS_REGION"; -var REGION_INI_NAME = "region"; -var NODE_REGION_CONFIG_OPTIONS = { - environmentVariableSelector: /* @__PURE__ */ __name((env) => env[REGION_ENV_NAME], "environmentVariableSelector"), - configFileSelector: /* @__PURE__ */ __name((profile) => profile[REGION_INI_NAME], "configFileSelector"), - default: /* @__PURE__ */ __name(() => { - throw new Error("Region is missing"); - }, "default") -}; -var NODE_REGION_CONFIG_FILE_OPTIONS = { - preferredFile: "credentials" +// src/bucketEndpointMiddleware.ts +var bucketEndpointMiddleware = /* @__PURE__ */ __name((options) => (next, context) => async (args) => { + const { Bucket: bucketName } = args.input; + let replaceBucketInPath = options.bucketEndpoint; + const request = args.request; + if (import_protocol_http.HttpRequest.isInstance(request)) { + if (options.bucketEndpoint) { + request.hostname = bucketName; + } else if ((0, import_util_arn_parser.validate)(bucketName)) { + const bucketArn = (0, import_util_arn_parser.parse)(bucketName); + const clientRegion = await options.region(); + const useDualstackEndpoint = await options.useDualstackEndpoint(); + const useFipsEndpoint = await options.useFipsEndpoint(); + const { partition, signingRegion = clientRegion } = await options.regionInfoProvider(clientRegion, { useDualstackEndpoint, useFipsEndpoint }) || {}; + const useArnRegion = await options.useArnRegion(); + const { + hostname, + bucketEndpoint, + signingRegion: modifiedSigningRegion, + signingService + } = bucketHostname({ + bucketName: bucketArn, + baseHostname: request.hostname, + accelerateEndpoint: options.useAccelerateEndpoint, + dualstackEndpoint: useDualstackEndpoint, + fipsEndpoint: useFipsEndpoint, + pathStyleEndpoint: options.forcePathStyle, + tlsCompatible: request.protocol === "https:", + useArnRegion, + clientPartition: partition, + clientSigningRegion: signingRegion, + clientRegion, + isCustomEndpoint: options.isCustomEndpoint, + disableMultiregionAccessPoints: await options.disableMultiregionAccessPoints() + }); + if (modifiedSigningRegion && modifiedSigningRegion !== signingRegion) { + context["signing_region"] = modifiedSigningRegion; + } + if (signingService && signingService !== "s3") { + context["signing_service"] = signingService; + } + request.hostname = hostname; + replaceBucketInPath = bucketEndpoint; + } else { + const clientRegion = await options.region(); + const dualstackEndpoint = await options.useDualstackEndpoint(); + const fipsEndpoint = await options.useFipsEndpoint(); + const { hostname, bucketEndpoint } = bucketHostname({ + bucketName, + clientRegion, + baseHostname: request.hostname, + accelerateEndpoint: options.useAccelerateEndpoint, + dualstackEndpoint, + fipsEndpoint, + pathStyleEndpoint: options.forcePathStyle, + tlsCompatible: request.protocol === "https:", + isCustomEndpoint: options.isCustomEndpoint + }); + request.hostname = hostname; + replaceBucketInPath = bucketEndpoint; + } + if (replaceBucketInPath) { + request.path = request.path.replace(/^(\/)?[^\/]+/, ""); + if (request.path === "") { + request.path = "/"; + } + } + } + return next({ ...args, request }); +}, "bucketEndpointMiddleware"); +var bucketEndpointMiddlewareOptions = { + tags: ["BUCKET_ENDPOINT"], + name: "bucketEndpointMiddleware", + relation: "before", + toMiddleware: "hostHeaderMiddleware", + override: true }; +var getBucketEndpointPlugin = /* @__PURE__ */ __name((options) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.addRelativeTo(bucketEndpointMiddleware(options), bucketEndpointMiddlewareOptions); + }, "applyToStack") +}), "getBucketEndpointPlugin"); -// src/regionConfig/isFipsRegion.ts -var isFipsRegion = /* @__PURE__ */ __name((region) => typeof region === "string" && (region.startsWith("fips-") || region.endsWith("-fips")), "isFipsRegion"); - -// src/regionConfig/getRealRegion.ts -var getRealRegion = /* @__PURE__ */ __name((region) => isFipsRegion(region) ? ["fips-aws-global", "aws-fips"].includes(region) ? "us-east-1" : region.replace(/fips-(dkr-|prod-)?|-fips/, "") : region, "getRealRegion"); - -// src/regionConfig/resolveRegionConfig.ts -var resolveRegionConfig = /* @__PURE__ */ __name((input) => { - const { region, useFipsEndpoint } = input; - if (!region) { - throw new Error("Region is missing"); - } +// src/configurations.ts +function resolveBucketEndpointConfig(input) { + const { + bucketEndpoint = false, + forcePathStyle = false, + useAccelerateEndpoint = false, + // useArnRegion has specific behavior when undefined instead of false. + useArnRegion, + disableMultiregionAccessPoints = false + } = input; return Object.assign(input, { - region: /* @__PURE__ */ __name(async () => { - if (typeof region === "string") { - return getRealRegion(region); - } - const providedRegion = await region(); - return getRealRegion(providedRegion); - }, "region"), - useFipsEndpoint: /* @__PURE__ */ __name(async () => { - const providedRegion = typeof region === "string" ? region : await region(); - if (isFipsRegion(providedRegion)) { - return true; - } - return typeof useFipsEndpoint !== "function" ? Promise.resolve(!!useFipsEndpoint) : useFipsEndpoint(); - }, "useFipsEndpoint") + bucketEndpoint, + forcePathStyle, + useAccelerateEndpoint, + useArnRegion: typeof useArnRegion === "function" ? useArnRegion : () => Promise.resolve(useArnRegion), + disableMultiregionAccessPoints: typeof disableMultiregionAccessPoints === "function" ? disableMultiregionAccessPoints : () => Promise.resolve(disableMultiregionAccessPoints) }); -}, "resolveRegionConfig"); +} +__name(resolveBucketEndpointConfig, "resolveBucketEndpointConfig"); // Annotate the CommonJS export names for ESM import in node: 0 && (0); @@ -37930,16 +46434,14 @@ var resolveRegionConfig = /* @__PURE__ */ __name((input) => { /***/ }), -/***/ 7182: +/***/ 1990: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; -var __create = Object.create; var __defProp = Object.defineProperty; var __getOwnPropDesc = Object.getOwnPropertyDescriptor; var __getOwnPropNames = Object.getOwnPropertyNames; -var __getProtoOf = Object.getPrototypeOf; var __hasOwnProp = Object.prototype.hasOwnProperty; var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); var __export = (target, all) => { @@ -37954,214 +46456,46 @@ var __copyProps = (to, from, except, desc) => { } return to; }; -var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps( - // If the importer is in node compatibility mode or this is not an ESM - // file that has been converted to a CommonJS file using a Babel- - // compatible transform (i.e. "__esModule" has not been set), then set - // "default" to the CommonJS "module.exports" for node compatibility. - isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target, - mod -)); var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); // src/index.ts var index_exports = {}; __export(index_exports, { - fromEnvSigningName: () => fromEnvSigningName, - fromSso: () => fromSso, - fromStatic: () => fromStatic, - nodeProvider: () => nodeProvider + addExpectContinueMiddleware: () => addExpectContinueMiddleware, + addExpectContinueMiddlewareOptions: () => addExpectContinueMiddlewareOptions, + getAddExpectContinuePlugin: () => getAddExpectContinuePlugin }); module.exports = __toCommonJS(index_exports); - -// src/fromEnvSigningName.ts -var import_client = __nccwpck_require__(6510); -var import_httpAuthSchemes = __nccwpck_require__(3017); -var import_property_provider = __nccwpck_require__(9721); -var fromEnvSigningName = /* @__PURE__ */ __name(({ logger, signingName } = {}) => async () => { - logger?.debug?.("@aws-sdk/token-providers - fromEnvSigningName"); - if (!signingName) { - throw new import_property_provider.TokenProviderError("Please pass 'signingName' to compute environment variable key", { logger }); - } - const bearerTokenKey = (0, import_httpAuthSchemes.getBearerTokenEnvKey)(signingName); - if (!(bearerTokenKey in process.env)) { - throw new import_property_provider.TokenProviderError(`Token not present in '${bearerTokenKey}' environment variable`, { logger }); - } - const token = { token: process.env[bearerTokenKey] }; - (0, import_client.setTokenFeature)(token, "BEARER_SERVICE_ENV_VARS", "3"); - return token; -}, "fromEnvSigningName"); - -// src/fromSso.ts - - - -// src/constants.ts -var EXPIRE_WINDOW_MS = 5 * 60 * 1e3; -var REFRESH_MESSAGE = `To refresh this SSO session run 'aws sso login' with the corresponding profile.`; - -// src/getSsoOidcClient.ts -var getSsoOidcClient = /* @__PURE__ */ __name(async (ssoRegion, init = {}) => { - const { SSOOIDCClient } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(8959))); - const ssoOidcClient = new SSOOIDCClient( - Object.assign({}, init.clientConfig ?? {}, { - region: ssoRegion ?? init.clientConfig?.region, - logger: init.clientConfig?.logger ?? init.parentClientConfig?.logger - }) - ); - return ssoOidcClient; -}, "getSsoOidcClient"); - -// src/getNewSsoOidcToken.ts -var getNewSsoOidcToken = /* @__PURE__ */ __name(async (ssoToken, ssoRegion, init = {}) => { - const { CreateTokenCommand } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(8959))); - const ssoOidcClient = await getSsoOidcClient(ssoRegion, init); - return ssoOidcClient.send( - new CreateTokenCommand({ - clientId: ssoToken.clientId, - clientSecret: ssoToken.clientSecret, - refreshToken: ssoToken.refreshToken, - grantType: "refresh_token" - }) - ); -}, "getNewSsoOidcToken"); - -// src/validateTokenExpiry.ts - -var validateTokenExpiry = /* @__PURE__ */ __name((token) => { - if (token.expiration && token.expiration.getTime() < Date.now()) { - throw new import_property_provider.TokenProviderError(`Token is expired. ${REFRESH_MESSAGE}`, false); - } -}, "validateTokenExpiry"); - -// src/validateTokenKey.ts - -var validateTokenKey = /* @__PURE__ */ __name((key, value, forRefresh = false) => { - if (typeof value === "undefined") { - throw new import_property_provider.TokenProviderError( - `Value not present for '${key}' in SSO Token${forRefresh ? ". Cannot refresh" : ""}. ${REFRESH_MESSAGE}`, - false - ); - } -}, "validateTokenKey"); - -// src/writeSSOTokenToFile.ts -var import_shared_ini_file_loader = __nccwpck_require__(3507); -var import_fs = __nccwpck_require__(7147); -var { writeFile } = import_fs.promises; -var writeSSOTokenToFile = /* @__PURE__ */ __name((id, ssoToken) => { - const tokenFilepath = (0, import_shared_ini_file_loader.getSSOTokenFilepath)(id); - const tokenString = JSON.stringify(ssoToken, null, 2); - return writeFile(tokenFilepath, tokenString); -}, "writeSSOTokenToFile"); - -// src/fromSso.ts -var lastRefreshAttemptTime = /* @__PURE__ */ new Date(0); -var fromSso = /* @__PURE__ */ __name((_init = {}) => async ({ callerClientConfig } = {}) => { - const init = { - ..._init, - parentClientConfig: { - ...callerClientConfig, - ..._init.parentClientConfig +var import_protocol_http = __nccwpck_require__(4418); +function addExpectContinueMiddleware(options) { + return (next) => async (args) => { + const { request } = args; + if (import_protocol_http.HttpRequest.isInstance(request) && request.body && options.runtime === "node") { + if (options.requestHandler?.constructor?.name !== "FetchHttpHandler") { + request.headers = { + ...request.headers, + Expect: "100-continue" + }; + } } + return next({ + ...args, + request + }); }; - init.logger?.debug("@aws-sdk/token-providers - fromSso"); - const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init); - const profileName = (0, import_shared_ini_file_loader.getProfileName)({ - profile: init.profile ?? callerClientConfig?.profile - }); - const profile = profiles[profileName]; - if (!profile) { - throw new import_property_provider.TokenProviderError(`Profile '${profileName}' could not be found in shared credentials file.`, false); - } else if (!profile["sso_session"]) { - throw new import_property_provider.TokenProviderError(`Profile '${profileName}' is missing required property 'sso_session'.`); - } - const ssoSessionName = profile["sso_session"]; - const ssoSessions = await (0, import_shared_ini_file_loader.loadSsoSessionData)(init); - const ssoSession = ssoSessions[ssoSessionName]; - if (!ssoSession) { - throw new import_property_provider.TokenProviderError( - `Sso session '${ssoSessionName}' could not be found in shared credentials file.`, - false - ); - } - for (const ssoSessionRequiredKey of ["sso_start_url", "sso_region"]) { - if (!ssoSession[ssoSessionRequiredKey]) { - throw new import_property_provider.TokenProviderError( - `Sso session '${ssoSessionName}' is missing required property '${ssoSessionRequiredKey}'.`, - false - ); - } - } - const ssoStartUrl = ssoSession["sso_start_url"]; - const ssoRegion = ssoSession["sso_region"]; - let ssoToken; - try { - ssoToken = await (0, import_shared_ini_file_loader.getSSOTokenFromFile)(ssoSessionName); - } catch (e) { - throw new import_property_provider.TokenProviderError( - `The SSO session token associated with profile=${profileName} was not found or is invalid. ${REFRESH_MESSAGE}`, - false - ); - } - validateTokenKey("accessToken", ssoToken.accessToken); - validateTokenKey("expiresAt", ssoToken.expiresAt); - const { accessToken, expiresAt } = ssoToken; - const existingToken = { token: accessToken, expiration: new Date(expiresAt) }; - if (existingToken.expiration.getTime() - Date.now() > EXPIRE_WINDOW_MS) { - return existingToken; - } - if (Date.now() - lastRefreshAttemptTime.getTime() < 30 * 1e3) { - validateTokenExpiry(existingToken); - return existingToken; - } - validateTokenKey("clientId", ssoToken.clientId, true); - validateTokenKey("clientSecret", ssoToken.clientSecret, true); - validateTokenKey("refreshToken", ssoToken.refreshToken, true); - try { - lastRefreshAttemptTime.setTime(Date.now()); - const newSsoOidcToken = await getNewSsoOidcToken(ssoToken, ssoRegion, init); - validateTokenKey("accessToken", newSsoOidcToken.accessToken); - validateTokenKey("expiresIn", newSsoOidcToken.expiresIn); - const newTokenExpiration = new Date(Date.now() + newSsoOidcToken.expiresIn * 1e3); - try { - await writeSSOTokenToFile(ssoSessionName, { - ...ssoToken, - accessToken: newSsoOidcToken.accessToken, - expiresAt: newTokenExpiration.toISOString(), - refreshToken: newSsoOidcToken.refreshToken - }); - } catch (error) { - } - return { - token: newSsoOidcToken.accessToken, - expiration: newTokenExpiration - }; - } catch (error) { - validateTokenExpiry(existingToken); - return existingToken; - } -}, "fromSso"); - -// src/fromStatic.ts - -var fromStatic = /* @__PURE__ */ __name(({ token, logger }) => async () => { - logger?.debug("@aws-sdk/token-providers - fromStatic"); - if (!token || !token.token) { - throw new import_property_provider.TokenProviderError(`Please pass a valid token to fromStatic`, false); - } - return token; -}, "fromStatic"); - -// src/nodeProvider.ts - -var nodeProvider = /* @__PURE__ */ __name((init = {}) => (0, import_property_provider.memoize)( - (0, import_property_provider.chain)(fromSso(init), async () => { - throw new import_property_provider.TokenProviderError("Could not load token from any providers", false); - }), - (token) => token.expiration !== void 0 && token.expiration.getTime() - Date.now() < 3e5, - (token) => token.expiration !== void 0 -), "nodeProvider"); +} +__name(addExpectContinueMiddleware, "addExpectContinueMiddleware"); +var addExpectContinueMiddlewareOptions = { + step: "build", + tags: ["SET_EXPECT_HEADER", "EXPECT_HEADER"], + name: "addExpectContinueMiddleware", + override: true +}; +var getAddExpectContinuePlugin = /* @__PURE__ */ __name((options) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.add(addExpectContinueMiddleware(options), addExpectContinueMiddlewareOptions); + }, "applyToStack") +}), "getAddExpectContinuePlugin"); // Annotate the CommonJS export names for ESM import in node: 0 && (0); @@ -38170,7 +46504,41 @@ var nodeProvider = /* @__PURE__ */ __name((init = {}) => (0, import_property_pro /***/ }), -/***/ 4241: +/***/ 1436: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.getCrc32ChecksumAlgorithmFunction = void 0; +const tslib_1 = __nccwpck_require__(4351); +const crc32_1 = __nccwpck_require__(8408); +const util_1 = __nccwpck_require__(4871); +const zlib = tslib_1.__importStar(__nccwpck_require__(9796)); +class NodeCrc32 { + checksum = 0; + update(data) { + this.checksum = zlib.crc32(data, this.checksum); + } + async digest() { + return (0, util_1.numToUint8)(this.checksum); + } + reset() { + this.checksum = 0; + } +} +const getCrc32ChecksumAlgorithmFunction = () => { + if (typeof zlib.crc32 === "undefined") { + return crc32_1.AwsCrc32; + } + return NodeCrc32; +}; +exports.getCrc32ChecksumAlgorithmFunction = getCrc32ChecksumAlgorithmFunction; + + +/***/ }), + +/***/ 3799: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; @@ -38197,554 +46565,485 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru // src/index.ts var index_exports = {}; __export(index_exports, { - ConditionObject: () => import_util_endpoints.ConditionObject, - DeprecatedObject: () => import_util_endpoints.DeprecatedObject, - EndpointError: () => import_util_endpoints.EndpointError, - EndpointObject: () => import_util_endpoints.EndpointObject, - EndpointObjectHeaders: () => import_util_endpoints.EndpointObjectHeaders, - EndpointObjectProperties: () => import_util_endpoints.EndpointObjectProperties, - EndpointParams: () => import_util_endpoints.EndpointParams, - EndpointResolverOptions: () => import_util_endpoints.EndpointResolverOptions, - EndpointRuleObject: () => import_util_endpoints.EndpointRuleObject, - ErrorRuleObject: () => import_util_endpoints.ErrorRuleObject, - EvaluateOptions: () => import_util_endpoints.EvaluateOptions, - Expression: () => import_util_endpoints.Expression, - FunctionArgv: () => import_util_endpoints.FunctionArgv, - FunctionObject: () => import_util_endpoints.FunctionObject, - FunctionReturn: () => import_util_endpoints.FunctionReturn, - ParameterObject: () => import_util_endpoints.ParameterObject, - ReferenceObject: () => import_util_endpoints.ReferenceObject, - ReferenceRecord: () => import_util_endpoints.ReferenceRecord, - RuleSetObject: () => import_util_endpoints.RuleSetObject, - RuleSetRules: () => import_util_endpoints.RuleSetRules, - TreeRuleObject: () => import_util_endpoints.TreeRuleObject, - awsEndpointFunctions: () => awsEndpointFunctions, - getUserAgentPrefix: () => getUserAgentPrefix, - isIpAddress: () => import_util_endpoints.isIpAddress, - partition: () => partition, - resolveDefaultAwsRegionalEndpointsConfig: () => resolveDefaultAwsRegionalEndpointsConfig, - resolveEndpoint: () => import_util_endpoints.resolveEndpoint, - setPartitionInfo: () => setPartitionInfo, - toEndpointV1: () => toEndpointV1, - useDefaultPartitionInfo: () => useDefaultPartitionInfo + CONFIG_REQUEST_CHECKSUM_CALCULATION: () => CONFIG_REQUEST_CHECKSUM_CALCULATION, + CONFIG_RESPONSE_CHECKSUM_VALIDATION: () => CONFIG_RESPONSE_CHECKSUM_VALIDATION, + ChecksumAlgorithm: () => ChecksumAlgorithm, + ChecksumLocation: () => ChecksumLocation, + DEFAULT_CHECKSUM_ALGORITHM: () => DEFAULT_CHECKSUM_ALGORITHM, + DEFAULT_REQUEST_CHECKSUM_CALCULATION: () => DEFAULT_REQUEST_CHECKSUM_CALCULATION, + DEFAULT_RESPONSE_CHECKSUM_VALIDATION: () => DEFAULT_RESPONSE_CHECKSUM_VALIDATION, + ENV_REQUEST_CHECKSUM_CALCULATION: () => ENV_REQUEST_CHECKSUM_CALCULATION, + ENV_RESPONSE_CHECKSUM_VALIDATION: () => ENV_RESPONSE_CHECKSUM_VALIDATION, + NODE_REQUEST_CHECKSUM_CALCULATION_CONFIG_OPTIONS: () => NODE_REQUEST_CHECKSUM_CALCULATION_CONFIG_OPTIONS, + NODE_RESPONSE_CHECKSUM_VALIDATION_CONFIG_OPTIONS: () => NODE_RESPONSE_CHECKSUM_VALIDATION_CONFIG_OPTIONS, + RequestChecksumCalculation: () => RequestChecksumCalculation, + ResponseChecksumValidation: () => ResponseChecksumValidation, + crc64NvmeCrtContainer: () => crc64NvmeCrtContainer, + flexibleChecksumsMiddleware: () => flexibleChecksumsMiddleware, + flexibleChecksumsMiddlewareOptions: () => flexibleChecksumsMiddlewareOptions, + getFlexibleChecksumsPlugin: () => getFlexibleChecksumsPlugin, + resolveFlexibleChecksumsConfig: () => resolveFlexibleChecksumsConfig }); module.exports = __toCommonJS(index_exports); -// src/aws.ts - - -// src/lib/aws/isVirtualHostableS3Bucket.ts - - -// src/lib/isIpAddress.ts -var import_util_endpoints = __nccwpck_require__(5473); - -// src/lib/aws/isVirtualHostableS3Bucket.ts -var isVirtualHostableS3Bucket = /* @__PURE__ */ __name((value, allowSubDomains = false) => { - if (allowSubDomains) { - for (const label of value.split(".")) { - if (!isVirtualHostableS3Bucket(label)) { - return false; - } - } - return true; - } - if (!(0, import_util_endpoints.isValidHostLabel)(value)) { - return false; - } - if (value.length < 3 || value.length > 63) { - return false; - } - if (value !== value.toLowerCase()) { - return false; - } - if ((0, import_util_endpoints.isIpAddress)(value)) { - return false; - } - return true; -}, "isVirtualHostableS3Bucket"); - -// src/lib/aws/parseArn.ts -var ARN_DELIMITER = ":"; -var RESOURCE_DELIMITER = "/"; -var parseArn = /* @__PURE__ */ __name((value) => { - const segments = value.split(ARN_DELIMITER); - if (segments.length < 6) return null; - const [arn, partition2, service, region, accountId, ...resourcePath] = segments; - if (arn !== "arn" || partition2 === "" || service === "" || resourcePath.join(ARN_DELIMITER) === "") return null; - const resourceId = resourcePath.map((resource) => resource.split(RESOURCE_DELIMITER)).flat(); - return { - partition: partition2, - service, - region, - accountId, - resourceId - }; -}, "parseArn"); - -// src/lib/aws/partitions.json -var partitions_default = { - partitions: [{ - id: "aws", - outputs: { - dnsSuffix: "amazonaws.com", - dualStackDnsSuffix: "api.aws", - implicitGlobalRegion: "us-east-1", - name: "aws", - supportsDualStack: true, - supportsFIPS: true - }, - regionRegex: "^(us|eu|ap|sa|ca|me|af|il|mx)\\-\\w+\\-\\d+$", - regions: { - "af-south-1": { - description: "Africa (Cape Town)" - }, - "ap-east-1": { - description: "Asia Pacific (Hong Kong)" - }, - "ap-east-2": { - description: "Asia Pacific (Taipei)" - }, - "ap-northeast-1": { - description: "Asia Pacific (Tokyo)" - }, - "ap-northeast-2": { - description: "Asia Pacific (Seoul)" - }, - "ap-northeast-3": { - description: "Asia Pacific (Osaka)" - }, - "ap-south-1": { - description: "Asia Pacific (Mumbai)" - }, - "ap-south-2": { - description: "Asia Pacific (Hyderabad)" - }, - "ap-southeast-1": { - description: "Asia Pacific (Singapore)" - }, - "ap-southeast-2": { - description: "Asia Pacific (Sydney)" - }, - "ap-southeast-3": { - description: "Asia Pacific (Jakarta)" - }, - "ap-southeast-4": { - description: "Asia Pacific (Melbourne)" - }, - "ap-southeast-5": { - description: "Asia Pacific (Malaysia)" - }, - "ap-southeast-7": { - description: "Asia Pacific (Thailand)" - }, - "aws-global": { - description: "AWS Standard global region" - }, - "ca-central-1": { - description: "Canada (Central)" - }, - "ca-west-1": { - description: "Canada West (Calgary)" - }, - "eu-central-1": { - description: "Europe (Frankfurt)" - }, - "eu-central-2": { - description: "Europe (Zurich)" - }, - "eu-north-1": { - description: "Europe (Stockholm)" - }, - "eu-south-1": { - description: "Europe (Milan)" - }, - "eu-south-2": { - description: "Europe (Spain)" - }, - "eu-west-1": { - description: "Europe (Ireland)" - }, - "eu-west-2": { - description: "Europe (London)" - }, - "eu-west-3": { - description: "Europe (Paris)" - }, - "il-central-1": { - description: "Israel (Tel Aviv)" - }, - "me-central-1": { - description: "Middle East (UAE)" - }, - "me-south-1": { - description: "Middle East (Bahrain)" - }, - "mx-central-1": { - description: "Mexico (Central)" - }, - "sa-east-1": { - description: "South America (Sao Paulo)" - }, - "us-east-1": { - description: "US East (N. Virginia)" - }, - "us-east-2": { - description: "US East (Ohio)" - }, - "us-west-1": { - description: "US West (N. California)" - }, - "us-west-2": { - description: "US West (Oregon)" - } - } - }, { - id: "aws-cn", - outputs: { - dnsSuffix: "amazonaws.com.cn", - dualStackDnsSuffix: "api.amazonwebservices.com.cn", - implicitGlobalRegion: "cn-northwest-1", - name: "aws-cn", - supportsDualStack: true, - supportsFIPS: true - }, - regionRegex: "^cn\\-\\w+\\-\\d+$", - regions: { - "aws-cn-global": { - description: "AWS China global region" - }, - "cn-north-1": { - description: "China (Beijing)" - }, - "cn-northwest-1": { - description: "China (Ningxia)" - } - } - }, { - id: "aws-us-gov", - outputs: { - dnsSuffix: "amazonaws.com", - dualStackDnsSuffix: "api.aws", - implicitGlobalRegion: "us-gov-west-1", - name: "aws-us-gov", - supportsDualStack: true, - supportsFIPS: true - }, - regionRegex: "^us\\-gov\\-\\w+\\-\\d+$", - regions: { - "aws-us-gov-global": { - description: "AWS GovCloud (US) global region" - }, - "us-gov-east-1": { - description: "AWS GovCloud (US-East)" - }, - "us-gov-west-1": { - description: "AWS GovCloud (US-West)" - } - } - }, { - id: "aws-iso", - outputs: { - dnsSuffix: "c2s.ic.gov", - dualStackDnsSuffix: "c2s.ic.gov", - implicitGlobalRegion: "us-iso-east-1", - name: "aws-iso", - supportsDualStack: false, - supportsFIPS: true - }, - regionRegex: "^us\\-iso\\-\\w+\\-\\d+$", - regions: { - "aws-iso-global": { - description: "AWS ISO (US) global region" - }, - "us-iso-east-1": { - description: "US ISO East" - }, - "us-iso-west-1": { - description: "US ISO WEST" - } - } - }, { - id: "aws-iso-b", - outputs: { - dnsSuffix: "sc2s.sgov.gov", - dualStackDnsSuffix: "sc2s.sgov.gov", - implicitGlobalRegion: "us-isob-east-1", - name: "aws-iso-b", - supportsDualStack: false, - supportsFIPS: true - }, - regionRegex: "^us\\-isob\\-\\w+\\-\\d+$", - regions: { - "aws-iso-b-global": { - description: "AWS ISOB (US) global region" - }, - "us-isob-east-1": { - description: "US ISOB East (Ohio)" - } - } - }, { - id: "aws-iso-e", - outputs: { - dnsSuffix: "cloud.adc-e.uk", - dualStackDnsSuffix: "cloud.adc-e.uk", - implicitGlobalRegion: "eu-isoe-west-1", - name: "aws-iso-e", - supportsDualStack: false, - supportsFIPS: true - }, - regionRegex: "^eu\\-isoe\\-\\w+\\-\\d+$", - regions: { - "aws-iso-e-global": { - description: "AWS ISOE (Europe) global region" - }, - "eu-isoe-west-1": { - description: "EU ISOE West" - } - } - }, { - id: "aws-iso-f", - outputs: { - dnsSuffix: "csp.hci.ic.gov", - dualStackDnsSuffix: "csp.hci.ic.gov", - implicitGlobalRegion: "us-isof-south-1", - name: "aws-iso-f", - supportsDualStack: false, - supportsFIPS: true - }, - regionRegex: "^us\\-isof\\-\\w+\\-\\d+$", - regions: { - "aws-iso-f-global": { - description: "AWS ISOF global region" - }, - "us-isof-east-1": { - description: "US ISOF EAST" - }, - "us-isof-south-1": { - description: "US ISOF SOUTH" - } - } - }, { - id: "aws-eusc", - outputs: { - dnsSuffix: "amazonaws.eu", - dualStackDnsSuffix: "amazonaws.eu", - implicitGlobalRegion: "eusc-de-east-1", - name: "aws-eusc", - supportsDualStack: false, - supportsFIPS: true - }, - regionRegex: "^eusc\\-(de)\\-\\w+\\-\\d+$", - regions: { - "eusc-de-east-1": { - description: "EU (Germany)" - } - } - }], - version: "1.1" -}; - -// src/lib/aws/partition.ts -var selectedPartitionsInfo = partitions_default; -var selectedUserAgentPrefix = ""; -var partition = /* @__PURE__ */ __name((value) => { - const { partitions } = selectedPartitionsInfo; - for (const partition2 of partitions) { - const { regions, outputs } = partition2; - for (const [region, regionData] of Object.entries(regions)) { - if (region === value) { - return { - ...outputs, - ...regionData - }; - } - } - } - for (const partition2 of partitions) { - const { regionRegex, outputs } = partition2; - if (new RegExp(regionRegex).test(value)) { - return { - ...outputs - }; - } - } - const DEFAULT_PARTITION = partitions.find((partition2) => partition2.id === "aws"); - if (!DEFAULT_PARTITION) { - throw new Error( - "Provided region was not found in the partition array or regex, and default partition with id 'aws' doesn't exist." - ); - } - return { - ...DEFAULT_PARTITION.outputs - }; -}, "partition"); -var setPartitionInfo = /* @__PURE__ */ __name((partitionsInfo, userAgentPrefix = "") => { - selectedPartitionsInfo = partitionsInfo; - selectedUserAgentPrefix = userAgentPrefix; -}, "setPartitionInfo"); -var useDefaultPartitionInfo = /* @__PURE__ */ __name(() => { - setPartitionInfo(partitions_default, ""); -}, "useDefaultPartitionInfo"); -var getUserAgentPrefix = /* @__PURE__ */ __name(() => selectedUserAgentPrefix, "getUserAgentPrefix"); - -// src/aws.ts -var awsEndpointFunctions = { - isVirtualHostableS3Bucket, - parseArn, - partition +// src/constants.ts +var RequestChecksumCalculation = { + /** + * When set, a checksum will be calculated for all request payloads of operations + * modeled with the {@link httpChecksum} trait where `requestChecksumRequired` is `true` + * AND/OR a `requestAlgorithmMember` is modeled. + * {@link https://smithy.io/2.0/aws/aws-core.html#aws-protocols-httpchecksum-trait httpChecksum} + */ + WHEN_SUPPORTED: "WHEN_SUPPORTED", + /** + * When set, a checksum will only be calculated for request payloads of operations + * modeled with the {@link httpChecksum} trait where `requestChecksumRequired` is `true` + * OR where a `requestAlgorithmMember` is modeled and the user sets it. + * {@link https://smithy.io/2.0/aws/aws-core.html#aws-protocols-httpchecksum-trait httpChecksum} + */ + WHEN_REQUIRED: "WHEN_REQUIRED" }; -import_util_endpoints.customEndpointFunctions.aws = awsEndpointFunctions; - -// src/resolveDefaultAwsRegionalEndpointsConfig.ts -var import_url_parser = __nccwpck_require__(4681); -var resolveDefaultAwsRegionalEndpointsConfig = /* @__PURE__ */ __name((input) => { - if (typeof input.endpointProvider !== "function") { - throw new Error("@aws-sdk/util-endpoint - endpointProvider and endpoint missing in config for this client."); - } - const { endpoint } = input; - if (endpoint === void 0) { - input.endpoint = async () => { - return toEndpointV1( - input.endpointProvider( - { - Region: typeof input.region === "function" ? await input.region() : input.region, - UseDualStack: typeof input.useDualstackEndpoint === "function" ? await input.useDualstackEndpoint() : input.useDualstackEndpoint, - UseFIPS: typeof input.useFipsEndpoint === "function" ? await input.useFipsEndpoint() : input.useFipsEndpoint, - Endpoint: void 0 - }, - { logger: input.logger } - ) - ); - }; - } - return input; -}, "resolveDefaultAwsRegionalEndpointsConfig"); -var toEndpointV1 = /* @__PURE__ */ __name((endpoint) => (0, import_url_parser.parseUrl)(endpoint.url), "toEndpointV1"); - -// src/resolveEndpoint.ts +var DEFAULT_REQUEST_CHECKSUM_CALCULATION = RequestChecksumCalculation.WHEN_SUPPORTED; +var ResponseChecksumValidation = { + /** + * When set, checksum validation MUST be performed on all response payloads of operations + * modeled with the {@link httpChecksum} trait where `responseAlgorithms` is modeled, + * except when no modeled checksum algorithms are supported by an SDK. + * {@link https://smithy.io/2.0/aws/aws-core.html#aws-protocols-httpchecksum-trait httpChecksum} + */ + WHEN_SUPPORTED: "WHEN_SUPPORTED", + /** + * When set, checksum validation MUST NOT be performed on response payloads of operations UNLESS + * the SDK supports the modeled checksum algorithms AND the user has set the `requestValidationModeMember` to `ENABLED`. + * It is currently impossible to model an operation as requiring a response checksum, + * but this setting leaves the door open for future updates. + */ + WHEN_REQUIRED: "WHEN_REQUIRED" +}; +var DEFAULT_RESPONSE_CHECKSUM_VALIDATION = RequestChecksumCalculation.WHEN_SUPPORTED; +var ChecksumAlgorithm = /* @__PURE__ */ ((ChecksumAlgorithm3) => { + ChecksumAlgorithm3["MD5"] = "MD5"; + ChecksumAlgorithm3["CRC32"] = "CRC32"; + ChecksumAlgorithm3["CRC32C"] = "CRC32C"; + ChecksumAlgorithm3["CRC64NVME"] = "CRC64NVME"; + ChecksumAlgorithm3["SHA1"] = "SHA1"; + ChecksumAlgorithm3["SHA256"] = "SHA256"; + return ChecksumAlgorithm3; +})(ChecksumAlgorithm || {}); +var ChecksumLocation = /* @__PURE__ */ ((ChecksumLocation2) => { + ChecksumLocation2["HEADER"] = "header"; + ChecksumLocation2["TRAILER"] = "trailer"; + return ChecksumLocation2; +})(ChecksumLocation || {}); +var DEFAULT_CHECKSUM_ALGORITHM = "CRC32" /* CRC32 */; +// src/stringUnionSelector.ts +var stringUnionSelector = /* @__PURE__ */ __name((obj, key, union, type) => { + if (!(key in obj)) return void 0; + const value = obj[key].toUpperCase(); + if (!Object.values(union).includes(value)) { + throw new TypeError(`Cannot load ${type} '${key}'. Expected one of ${Object.values(union)}, got '${obj[key]}'.`); + } + return value; +}, "stringUnionSelector"); -// src/types/EndpointError.ts +// src/NODE_REQUEST_CHECKSUM_CALCULATION_CONFIG_OPTIONS.ts +var ENV_REQUEST_CHECKSUM_CALCULATION = "AWS_REQUEST_CHECKSUM_CALCULATION"; +var CONFIG_REQUEST_CHECKSUM_CALCULATION = "request_checksum_calculation"; +var NODE_REQUEST_CHECKSUM_CALCULATION_CONFIG_OPTIONS = { + environmentVariableSelector: /* @__PURE__ */ __name((env) => stringUnionSelector(env, ENV_REQUEST_CHECKSUM_CALCULATION, RequestChecksumCalculation, "env" /* ENV */), "environmentVariableSelector"), + configFileSelector: /* @__PURE__ */ __name((profile) => stringUnionSelector(profile, CONFIG_REQUEST_CHECKSUM_CALCULATION, RequestChecksumCalculation, "shared config entry" /* CONFIG */), "configFileSelector"), + default: DEFAULT_REQUEST_CHECKSUM_CALCULATION +}; +// src/NODE_RESPONSE_CHECKSUM_VALIDATION_CONFIG_OPTIONS.ts +var ENV_RESPONSE_CHECKSUM_VALIDATION = "AWS_RESPONSE_CHECKSUM_VALIDATION"; +var CONFIG_RESPONSE_CHECKSUM_VALIDATION = "response_checksum_validation"; +var NODE_RESPONSE_CHECKSUM_VALIDATION_CONFIG_OPTIONS = { + environmentVariableSelector: /* @__PURE__ */ __name((env) => stringUnionSelector(env, ENV_RESPONSE_CHECKSUM_VALIDATION, ResponseChecksumValidation, "env" /* ENV */), "environmentVariableSelector"), + configFileSelector: /* @__PURE__ */ __name((profile) => stringUnionSelector(profile, CONFIG_RESPONSE_CHECKSUM_VALIDATION, ResponseChecksumValidation, "shared config entry" /* CONFIG */), "configFileSelector"), + default: DEFAULT_RESPONSE_CHECKSUM_VALIDATION +}; -// src/types/EndpointRuleObject.ts +// src/crc64-nvme-crt-container.ts +var crc64NvmeCrtContainer = { + CrtCrc64Nvme: null +}; +// src/flexibleChecksumsMiddleware.ts +var import_core = __nccwpck_require__(8171); +var import_protocol_http = __nccwpck_require__(4418); +var import_util_stream = __nccwpck_require__(6607); -// src/types/ErrorRuleObject.ts +// src/types.ts +var CLIENT_SUPPORTED_ALGORITHMS = [ + "CRC32" /* CRC32 */, + "CRC32C" /* CRC32C */, + "CRC64NVME" /* CRC64NVME */, + "SHA1" /* SHA1 */, + "SHA256" /* SHA256 */ +]; +var PRIORITY_ORDER_ALGORITHMS = [ + "SHA256" /* SHA256 */, + "SHA1" /* SHA1 */, + "CRC32" /* CRC32 */, + "CRC32C" /* CRC32C */, + "CRC64NVME" /* CRC64NVME */ +]; +// src/getChecksumAlgorithmForRequest.ts +var getChecksumAlgorithmForRequest = /* @__PURE__ */ __name((input, { requestChecksumRequired, requestAlgorithmMember, requestChecksumCalculation }) => { + if (!requestAlgorithmMember) { + return requestChecksumCalculation === RequestChecksumCalculation.WHEN_SUPPORTED || requestChecksumRequired ? DEFAULT_CHECKSUM_ALGORITHM : void 0; + } + if (!input[requestAlgorithmMember]) { + return void 0; + } + const checksumAlgorithm = input[requestAlgorithmMember]; + if (!CLIENT_SUPPORTED_ALGORITHMS.includes(checksumAlgorithm)) { + throw new Error( + `The checksum algorithm "${checksumAlgorithm}" is not supported by the client. Select one of ${CLIENT_SUPPORTED_ALGORITHMS}.` + ); + } + return checksumAlgorithm; +}, "getChecksumAlgorithmForRequest"); -// src/types/RuleSetObject.ts +// src/getChecksumLocationName.ts +var getChecksumLocationName = /* @__PURE__ */ __name((algorithm) => algorithm === "MD5" /* MD5 */ ? "content-md5" : `x-amz-checksum-${algorithm.toLowerCase()}`, "getChecksumLocationName"); +// src/hasHeader.ts +var hasHeader = /* @__PURE__ */ __name((header, headers) => { + const soughtHeader = header.toLowerCase(); + for (const headerName of Object.keys(headers)) { + if (soughtHeader === headerName.toLowerCase()) { + return true; + } + } + return false; +}, "hasHeader"); -// src/types/TreeRuleObject.ts +// src/hasHeaderWithPrefix.ts +var hasHeaderWithPrefix = /* @__PURE__ */ __name((headerPrefix, headers) => { + const soughtHeaderPrefix = headerPrefix.toLowerCase(); + for (const headerName of Object.keys(headers)) { + if (headerName.toLowerCase().startsWith(soughtHeaderPrefix)) { + return true; + } + } + return false; +}, "hasHeaderWithPrefix"); +// src/isStreaming.ts +var import_is_array_buffer = __nccwpck_require__(780); +var isStreaming = /* @__PURE__ */ __name((body) => body !== void 0 && typeof body !== "string" && !ArrayBuffer.isView(body) && !(0, import_is_array_buffer.isArrayBuffer)(body), "isStreaming"); -// src/types/shared.ts +// src/selectChecksumAlgorithmFunction.ts +var import_crc32c = __nccwpck_require__(7035); +var import_getCrc32ChecksumAlgorithmFunction = __nccwpck_require__(1436); +var selectChecksumAlgorithmFunction = /* @__PURE__ */ __name((checksumAlgorithm, config) => { + switch (checksumAlgorithm) { + case "MD5" /* MD5 */: + return config.md5; + case "CRC32" /* CRC32 */: + return (0, import_getCrc32ChecksumAlgorithmFunction.getCrc32ChecksumAlgorithmFunction)(); + case "CRC32C" /* CRC32C */: + return import_crc32c.AwsCrc32c; + case "CRC64NVME" /* CRC64NVME */: + if (typeof crc64NvmeCrtContainer.CrtCrc64Nvme !== "function") { + throw new Error( + `Please check whether you have installed the "@aws-sdk/crc64-nvme-crt" package explicitly. +You must also register the package by calling [require("@aws-sdk/crc64-nvme-crt");] or an ESM equivalent such as [import "@aws-sdk/crc64-nvme-crt";]. +For more information please go to https://github.com/aws/aws-sdk-js-v3#functionality-requiring-aws-common-runtime-crt` + ); + } + return crc64NvmeCrtContainer.CrtCrc64Nvme; + case "SHA1" /* SHA1 */: + return config.sha1; + case "SHA256" /* SHA256 */: + return config.sha256; + default: + throw new Error(`Unsupported checksum algorithm: ${checksumAlgorithm}`); + } +}, "selectChecksumAlgorithmFunction"); -// Annotate the CommonJS export names for ESM import in node: +// src/stringHasher.ts +var import_util_utf8 = __nccwpck_require__(1895); +var stringHasher = /* @__PURE__ */ __name((checksumAlgorithmFn, body) => { + const hash = new checksumAlgorithmFn(); + hash.update((0, import_util_utf8.toUint8Array)(body || "")); + return hash.digest(); +}, "stringHasher"); -0 && (0); +// src/flexibleChecksumsMiddleware.ts +var flexibleChecksumsMiddlewareOptions = { + name: "flexibleChecksumsMiddleware", + step: "build", + tags: ["BODY_CHECKSUM"], + override: true +}; +var flexibleChecksumsMiddleware = /* @__PURE__ */ __name((config, middlewareConfig) => (next, context) => async (args) => { + if (!import_protocol_http.HttpRequest.isInstance(args.request)) { + return next(args); + } + if (hasHeaderWithPrefix("x-amz-checksum-", args.request.headers)) { + return next(args); + } + const { request, input } = args; + const { body: requestBody, headers } = request; + const { base64Encoder, streamHasher } = config; + const { requestChecksumRequired, requestAlgorithmMember } = middlewareConfig; + const requestChecksumCalculation = await config.requestChecksumCalculation(); + const requestAlgorithmMemberName = requestAlgorithmMember?.name; + const requestAlgorithmMemberHttpHeader = requestAlgorithmMember?.httpHeader; + if (requestAlgorithmMemberName && !input[requestAlgorithmMemberName]) { + if (requestChecksumCalculation === RequestChecksumCalculation.WHEN_SUPPORTED || requestChecksumRequired) { + input[requestAlgorithmMemberName] = DEFAULT_CHECKSUM_ALGORITHM; + if (requestAlgorithmMemberHttpHeader) { + headers[requestAlgorithmMemberHttpHeader] = DEFAULT_CHECKSUM_ALGORITHM; + } + } + } + const checksumAlgorithm = getChecksumAlgorithmForRequest(input, { + requestChecksumRequired, + requestAlgorithmMember: requestAlgorithmMember?.name, + requestChecksumCalculation + }); + let updatedBody = requestBody; + let updatedHeaders = headers; + if (checksumAlgorithm) { + switch (checksumAlgorithm) { + case "CRC32" /* CRC32 */: + (0, import_core.setFeature)(context, "FLEXIBLE_CHECKSUMS_REQ_CRC32", "U"); + break; + case "CRC32C" /* CRC32C */: + (0, import_core.setFeature)(context, "FLEXIBLE_CHECKSUMS_REQ_CRC32C", "V"); + break; + case "CRC64NVME" /* CRC64NVME */: + (0, import_core.setFeature)(context, "FLEXIBLE_CHECKSUMS_REQ_CRC64", "W"); + break; + case "SHA1" /* SHA1 */: + (0, import_core.setFeature)(context, "FLEXIBLE_CHECKSUMS_REQ_SHA1", "X"); + break; + case "SHA256" /* SHA256 */: + (0, import_core.setFeature)(context, "FLEXIBLE_CHECKSUMS_REQ_SHA256", "Y"); + break; + } + const checksumLocationName = getChecksumLocationName(checksumAlgorithm); + const checksumAlgorithmFn = selectChecksumAlgorithmFunction(checksumAlgorithm, config); + if (isStreaming(requestBody)) { + const { getAwsChunkedEncodingStream, bodyLengthChecker } = config; + updatedBody = getAwsChunkedEncodingStream( + typeof config.requestStreamBufferSize === "number" && config.requestStreamBufferSize >= 8 * 1024 ? (0, import_util_stream.createBufferedReadable)(requestBody, config.requestStreamBufferSize, context.logger) : requestBody, + { + base64Encoder, + bodyLengthChecker, + checksumLocationName, + checksumAlgorithmFn, + streamHasher + } + ); + updatedHeaders = { + ...headers, + "content-encoding": headers["content-encoding"] ? `${headers["content-encoding"]},aws-chunked` : "aws-chunked", + "transfer-encoding": "chunked", + "x-amz-decoded-content-length": headers["content-length"], + "x-amz-content-sha256": "STREAMING-UNSIGNED-PAYLOAD-TRAILER", + "x-amz-trailer": checksumLocationName + }; + delete updatedHeaders["content-length"]; + } else if (!hasHeader(checksumLocationName, headers)) { + const rawChecksum = await stringHasher(checksumAlgorithmFn, requestBody); + updatedHeaders = { + ...headers, + [checksumLocationName]: base64Encoder(rawChecksum) + }; + } + } + const result = await next({ + ...args, + request: { + ...request, + headers: updatedHeaders, + body: updatedBody + } + }); + return result; +}, "flexibleChecksumsMiddleware"); +// src/flexibleChecksumsInputMiddleware.ts +var flexibleChecksumsInputMiddlewareOptions = { + name: "flexibleChecksumsInputMiddleware", + toMiddleware: "serializerMiddleware", + relation: "before", + tags: ["BODY_CHECKSUM"], + override: true +}; +var flexibleChecksumsInputMiddleware = /* @__PURE__ */ __name((config, middlewareConfig) => (next, context) => async (args) => { + const input = args.input; + const { requestValidationModeMember } = middlewareConfig; + const requestChecksumCalculation = await config.requestChecksumCalculation(); + const responseChecksumValidation = await config.responseChecksumValidation(); + switch (requestChecksumCalculation) { + case RequestChecksumCalculation.WHEN_REQUIRED: + (0, import_core.setFeature)(context, "FLEXIBLE_CHECKSUMS_REQ_WHEN_REQUIRED", "a"); + break; + case RequestChecksumCalculation.WHEN_SUPPORTED: + (0, import_core.setFeature)(context, "FLEXIBLE_CHECKSUMS_REQ_WHEN_SUPPORTED", "Z"); + break; + } + switch (responseChecksumValidation) { + case ResponseChecksumValidation.WHEN_REQUIRED: + (0, import_core.setFeature)(context, "FLEXIBLE_CHECKSUMS_RES_WHEN_REQUIRED", "c"); + break; + case ResponseChecksumValidation.WHEN_SUPPORTED: + (0, import_core.setFeature)(context, "FLEXIBLE_CHECKSUMS_RES_WHEN_SUPPORTED", "b"); + break; + } + if (requestValidationModeMember && !input[requestValidationModeMember]) { + if (responseChecksumValidation === ResponseChecksumValidation.WHEN_SUPPORTED) { + input[requestValidationModeMember] = "ENABLED"; + } + } + return next(args); +}, "flexibleChecksumsInputMiddleware"); -/***/ }), +// src/flexibleChecksumsResponseMiddleware.ts -/***/ 7330: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { -"use strict"; +// src/getChecksumAlgorithmListForResponse.ts +var getChecksumAlgorithmListForResponse = /* @__PURE__ */ __name((responseAlgorithms = []) => { + const validChecksumAlgorithms = []; + for (const algorithm of PRIORITY_ORDER_ALGORITHMS) { + if (!responseAlgorithms.includes(algorithm) || !CLIENT_SUPPORTED_ALGORITHMS.includes(algorithm)) { + continue; + } + validChecksumAlgorithms.push(algorithm); + } + return validChecksumAlgorithms; +}, "getChecksumAlgorithmListForResponse"); -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); +// src/isChecksumWithPartNumber.ts +var isChecksumWithPartNumber = /* @__PURE__ */ __name((checksum) => { + const lastHyphenIndex = checksum.lastIndexOf("-"); + if (lastHyphenIndex !== -1) { + const numberPart = checksum.slice(lastHyphenIndex + 1); + if (!numberPart.startsWith("0")) { + const number = parseInt(numberPart, 10); + if (!isNaN(number) && number >= 1 && number <= 1e4) { + return true; + } + } } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + return false; +}, "isChecksumWithPartNumber"); -// src/index.ts -var index_exports = {}; -__export(index_exports, { - NODE_APP_ID_CONFIG_OPTIONS: () => NODE_APP_ID_CONFIG_OPTIONS, - UA_APP_ID_ENV_NAME: () => UA_APP_ID_ENV_NAME, - UA_APP_ID_INI_NAME: () => UA_APP_ID_INI_NAME, - createDefaultUserAgentProvider: () => createDefaultUserAgentProvider, - crtAvailability: () => crtAvailability, - defaultUserAgent: () => defaultUserAgent -}); -module.exports = __toCommonJS(index_exports); +// src/validateChecksumFromResponse.ts -// src/defaultUserAgent.ts -var import_os = __nccwpck_require__(2037); -var import_process = __nccwpck_require__(7282); -// src/crt-availability.ts -var crtAvailability = { - isCrtAvailable: false -}; +// src/getChecksum.ts +var getChecksum = /* @__PURE__ */ __name(async (body, { checksumAlgorithmFn, base64Encoder }) => base64Encoder(await stringHasher(checksumAlgorithmFn, body)), "getChecksum"); -// src/is-crt-available.ts -var isCrtAvailable = /* @__PURE__ */ __name(() => { - if (crtAvailability.isCrtAvailable) { - return ["md/crt-avail"]; +// src/validateChecksumFromResponse.ts +var validateChecksumFromResponse = /* @__PURE__ */ __name(async (response, { config, responseAlgorithms, logger }) => { + const checksumAlgorithms = getChecksumAlgorithmListForResponse(responseAlgorithms); + const { body: responseBody, headers: responseHeaders } = response; + for (const algorithm of checksumAlgorithms) { + const responseHeader = getChecksumLocationName(algorithm); + const checksumFromResponse = responseHeaders[responseHeader]; + if (checksumFromResponse) { + let checksumAlgorithmFn; + try { + checksumAlgorithmFn = selectChecksumAlgorithmFunction(algorithm, config); + } catch (error) { + if (algorithm === "CRC64NVME" /* CRC64NVME */) { + logger?.warn(`Skipping ${"CRC64NVME" /* CRC64NVME */} checksum validation: ${error.message}`); + continue; + } + throw error; + } + const { base64Encoder } = config; + if (isStreaming(responseBody)) { + response.body = (0, import_util_stream.createChecksumStream)({ + expectedChecksum: checksumFromResponse, + checksumSourceLocation: responseHeader, + checksum: new checksumAlgorithmFn(), + source: responseBody, + base64Encoder + }); + return; + } + const checksum = await getChecksum(responseBody, { checksumAlgorithmFn, base64Encoder }); + if (checksum === checksumFromResponse) { + break; + } + throw new Error( + `Checksum mismatch: expected "${checksum}" but received "${checksumFromResponse}" in response header "${responseHeader}".` + ); + } } - return null; -}, "isCrtAvailable"); +}, "validateChecksumFromResponse"); -// src/defaultUserAgent.ts -var createDefaultUserAgentProvider = /* @__PURE__ */ __name(({ serviceId, clientVersion }) => { - return async (config) => { - const sections = [ - // sdk-metadata - ["aws-sdk-js", clientVersion], - // ua-metadata - ["ua", "2.1"], - // os-metadata - [`os/${(0, import_os.platform)()}`, (0, import_os.release)()], - // language-metadata - // ECMAScript edition doesn't matter in JS, so no version needed. - ["lang/js"], - ["md/nodejs", `${import_process.versions.node}`] - ]; - const crtAvailable = isCrtAvailable(); - if (crtAvailable) { - sections.push(crtAvailable); - } - if (serviceId) { - sections.push([`api/${serviceId}`, clientVersion]); - } - if (import_process.env.AWS_EXECUTION_ENV) { - sections.push([`exec-env/${import_process.env.AWS_EXECUTION_ENV}`]); +// src/flexibleChecksumsResponseMiddleware.ts +var flexibleChecksumsResponseMiddlewareOptions = { + name: "flexibleChecksumsResponseMiddleware", + toMiddleware: "deserializerMiddleware", + relation: "after", + tags: ["BODY_CHECKSUM"], + override: true +}; +var flexibleChecksumsResponseMiddleware = /* @__PURE__ */ __name((config, middlewareConfig) => (next, context) => async (args) => { + if (!import_protocol_http.HttpRequest.isInstance(args.request)) { + return next(args); + } + const input = args.input; + const result = await next(args); + const response = result.response; + const { requestValidationModeMember, responseAlgorithms } = middlewareConfig; + if (requestValidationModeMember && input[requestValidationModeMember] === "ENABLED") { + const { clientName, commandName } = context; + const isS3WholeObjectMultipartGetResponseChecksum = clientName === "S3Client" && commandName === "GetObjectCommand" && getChecksumAlgorithmListForResponse(responseAlgorithms).every((algorithm) => { + const responseHeader = getChecksumLocationName(algorithm); + const checksumFromResponse = response.headers[responseHeader]; + return !checksumFromResponse || isChecksumWithPartNumber(checksumFromResponse); + }); + if (isS3WholeObjectMultipartGetResponseChecksum) { + return result; } - const appId = await config?.userAgentAppId?.(); - const resolvedUserAgent = appId ? [...sections, [`app/${appId}`]] : [...sections]; - return resolvedUserAgent; - }; -}, "createDefaultUserAgentProvider"); -var defaultUserAgent = createDefaultUserAgentProvider; + await validateChecksumFromResponse(response, { + config, + responseAlgorithms, + logger: context.logger + }); + } + return result; +}, "flexibleChecksumsResponseMiddleware"); -// src/nodeAppIdConfigOptions.ts -var import_middleware_user_agent = __nccwpck_require__(6634); -var UA_APP_ID_ENV_NAME = "AWS_SDK_UA_APP_ID"; -var UA_APP_ID_INI_NAME = "sdk_ua_app_id"; -var UA_APP_ID_INI_NAME_DEPRECATED = "sdk-ua-app-id"; -var NODE_APP_ID_CONFIG_OPTIONS = { - environmentVariableSelector: /* @__PURE__ */ __name((env2) => env2[UA_APP_ID_ENV_NAME], "environmentVariableSelector"), - configFileSelector: /* @__PURE__ */ __name((profile) => profile[UA_APP_ID_INI_NAME] ?? profile[UA_APP_ID_INI_NAME_DEPRECATED], "configFileSelector"), - default: import_middleware_user_agent.DEFAULT_UA_APP_ID -}; +// src/getFlexibleChecksumsPlugin.ts +var getFlexibleChecksumsPlugin = /* @__PURE__ */ __name((config, middlewareConfig) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.add(flexibleChecksumsMiddleware(config, middlewareConfig), flexibleChecksumsMiddlewareOptions); + clientStack.addRelativeTo( + flexibleChecksumsInputMiddleware(config, middlewareConfig), + flexibleChecksumsInputMiddlewareOptions + ); + clientStack.addRelativeTo( + flexibleChecksumsResponseMiddleware(config, middlewareConfig), + flexibleChecksumsResponseMiddlewareOptions + ); + }, "applyToStack") +}), "getFlexibleChecksumsPlugin"); + +// src/resolveFlexibleChecksumsConfig.ts +var import_util_middleware = __nccwpck_require__(2390); +var resolveFlexibleChecksumsConfig = /* @__PURE__ */ __name((input) => { + const { requestChecksumCalculation, responseChecksumValidation, requestStreamBufferSize } = input; + return Object.assign(input, { + requestChecksumCalculation: (0, import_util_middleware.normalizeProvider)(requestChecksumCalculation ?? DEFAULT_REQUEST_CHECKSUM_CALCULATION), + responseChecksumValidation: (0, import_util_middleware.normalizeProvider)(responseChecksumValidation ?? DEFAULT_RESPONSE_CHECKSUM_VALIDATION), + requestStreamBufferSize: Number(requestStreamBufferSize ?? 0) + }); +}, "resolveFlexibleChecksumsConfig"); // Annotate the CommonJS export names for ESM import in node: 0 && (0); @@ -38753,21 +47052,21 @@ var NODE_APP_ID_CONFIG_OPTIONS = { /***/ }), -/***/ 9963: +/***/ 8171: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; Object.defineProperty(exports, "__esModule", ({ value: true })); const tslib_1 = __nccwpck_require__(4351); -tslib_1.__exportStar(__nccwpck_require__(2825), exports); -tslib_1.__exportStar(__nccwpck_require__(7862), exports); -tslib_1.__exportStar(__nccwpck_require__(785), exports); +tslib_1.__exportStar(__nccwpck_require__(8574), exports); +tslib_1.__exportStar(__nccwpck_require__(1523), exports); +tslib_1.__exportStar(__nccwpck_require__(5986), exports); /***/ }), -/***/ 2825: +/***/ 8574: /***/ ((module) => { "use strict"; @@ -38797,6 +47096,7 @@ __export(index_exports, { emitWarningIfUnsupportedVersion: () => emitWarningIfUnsupportedVersion, setCredentialFeature: () => setCredentialFeature, setFeature: () => setFeature, + setTokenFeature: () => setTokenFeature, state: () => state }); module.exports = __toCommonJS(index_exports); @@ -38842,13 +47142,23 @@ function setFeature(context, feature, value) { context.__aws_sdk_context.features[feature] = value; } __name(setFeature, "setFeature"); + +// src/submodules/client/setTokenFeature.ts +function setTokenFeature(token, feature, value) { + if (!token.$source) { + token.$source = {}; + } + token.$source[feature] = value; + return token; +} +__name(setTokenFeature, "setTokenFeature"); // Annotate the CommonJS export names for ESM import in node: 0 && (0); /***/ }), -/***/ 7862: +/***/ 1523: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; @@ -39081,7 +47391,7 @@ var NODE_SIGV4A_CONFIG_OPTIONS = { }; // src/submodules/httpAuthSchemes/aws_sdk/resolveAwsSdkSigV4Config.ts -var import_client = __nccwpck_require__(2825); +var import_client = __nccwpck_require__(8574); var import_core2 = __nccwpck_require__(5829); var import_signature_v4 = __nccwpck_require__(1528); var resolveAwsSdkSigV4Config = /* @__PURE__ */ __name((config) => { @@ -39236,7 +47546,7 @@ __name(bindCallerConfig, "bindCallerConfig"); /***/ }), -/***/ 785: +/***/ 5986: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; @@ -39546,7 +47856,6 @@ var JsonShapeDeserializer = class extends SerdeContextConfig { // src/submodules/protocols/json/JsonShapeSerializer.ts var import_schema2 = __nccwpck_require__(9826); var import_serde4 = __nccwpck_require__(7669); -var import_serde5 = __nccwpck_require__(7669); // src/submodules/protocols/json/jsonReplacer.ts var import_serde3 = __nccwpck_require__(7669); @@ -39575,7 +47884,7 @@ var JsonReplacer = class { this.stage = 1; return (key, value) => { if (value instanceof import_serde3.NumericValue) { - const v = `${NUMERIC_CONTROL_CHAR + +"nv" + this.counter++}_` + value.string; + const v = `${NUMERIC_CONTROL_CHAR + "nv" + this.counter++}_` + value.string; this.values.set(`"${v}"`, value.string); return v; } @@ -39697,11 +48006,16 @@ var JsonShapeSerializer = class extends SerdeContextConfig { return String(value); } } - const mediaType = ns.getMergedTraits().mediaType; - if (ns.isStringSchema() && typeof value === "string" && mediaType) { - const isJson = mediaType === "application/json" || mediaType.endsWith("+json"); - if (isJson) { - return import_serde5.LazyJsonString.from(value); + if (ns.isStringSchema()) { + if (typeof value === "undefined" && ns.isIdempotencyToken()) { + return (0, import_serde4.generateIdempotencyToken)(); + } + const mediaType = ns.getMergedTraits().mediaType; + if (typeof value === "string" && mediaType) { + const isJson = mediaType === "application/json" || mediaType.endsWith("+json"); + if (isJson) { + return import_serde4.LazyJsonString.from(value); + } } } return value; @@ -39736,11 +48050,13 @@ var AwsJsonRpcProtocol = class extends import_protocols.RpcProtocol { } serializer; deserializer; + serviceTarget; codec; - constructor({ defaultNamespace }) { + constructor({ defaultNamespace, serviceTarget }) { super({ defaultNamespace }); + this.serviceTarget = serviceTarget; this.codec = new JsonCodec({ timestampFormat: { useTrait: true, @@ -39758,7 +48074,7 @@ var AwsJsonRpcProtocol = class extends import_protocols.RpcProtocol { } Object.assign(request.headers, { "content-type": `application/x-amz-json-${this.getJsonRpcVersion()}`, - "x-amz-target": (this.getJsonRpcVersion() === "1.0" ? `JsonRpc10.` : `JsonProtocol.`) + import_schema3.NormalizedSchema.of(operationSchema).getName() + "x-amz-target": `${this.serviceTarget}.${import_schema3.NormalizedSchema.of(operationSchema).getName()}` }); if ((0, import_schema3.deref)(operationSchema.input) === "unit" || !request.body) { request.body = "{}"; @@ -39816,9 +48132,10 @@ var AwsJson1_0Protocol = class extends AwsJsonRpcProtocol { static { __name(this, "AwsJson1_0Protocol"); } - constructor({ defaultNamespace }) { + constructor({ defaultNamespace, serviceTarget }) { super({ - defaultNamespace + defaultNamespace, + serviceTarget }); } getShapeId() { @@ -39827,6 +48144,12 @@ var AwsJson1_0Protocol = class extends AwsJsonRpcProtocol { getJsonRpcVersion() { return "1.0"; } + /** + * @override + */ + getDefaultContentType() { + return "application/x-amz-json-1.0"; + } }; // src/submodules/protocols/json/AwsJson1_1Protocol.ts @@ -39834,9 +48157,10 @@ var AwsJson1_1Protocol = class extends AwsJsonRpcProtocol { static { __name(this, "AwsJson1_1Protocol"); } - constructor({ defaultNamespace }) { + constructor({ defaultNamespace, serviceTarget }) { super({ - defaultNamespace + defaultNamespace, + serviceTarget }); } getShapeId() { @@ -39845,6 +48169,12 @@ var AwsJson1_1Protocol = class extends AwsJsonRpcProtocol { getJsonRpcVersion() { return "1.1"; } + /** + * @override + */ + getDefaultContentType() { + return "application/x-amz-json-1.1"; + } }; // src/submodules/protocols/json/AwsRestJsonProtocol.ts @@ -39901,7 +48231,7 @@ var AwsRestJsonProtocol = class extends import_protocols2.HttpBindingProtocol { } else if (httpPayloadMember.isBlobSchema()) { request.headers["content-type"] = "application/octet-stream"; } else { - request.headers["content-type"] = "application/json"; + request.headers["content-type"] = this.getDefaultContentType(); } } else if (!inputSchema.isUnitSchema()) { const hasBody = Object.values(members).find((m) => { @@ -39909,7 +48239,7 @@ var AwsRestJsonProtocol = class extends import_protocols2.HttpBindingProtocol { return !httpQuery && !httpQueryParams && !httpHeader && !httpLabel && httpPrefixHeaders === void 0; }); if (hasBody) { - request.headers["content-type"] = "application/json"; + request.headers["content-type"] = this.getDefaultContentType(); } } } @@ -39961,6 +48291,12 @@ var AwsRestJsonProtocol = class extends import_protocols2.HttpBindingProtocol { }); throw exception; } + /** + * @override + */ + getDefaultContentType() { + return "application/json"; + } }; // src/submodules/protocols/json/awsExpectUnion.ts @@ -39985,7 +48321,7 @@ var import_protocols3 = __nccwpck_require__(2241); var import_schema5 = __nccwpck_require__(9826); var import_smithy_client3 = __nccwpck_require__(3570); var import_util_utf8 = __nccwpck_require__(1895); -var import_fast_xml_parser = __nccwpck_require__(2603); +var import_fast_xml_parser = __nccwpck_require__(4678); var XmlShapeDeserializer = class extends SerdeContextConfig { constructor(settings) { super(); @@ -40029,9 +48365,8 @@ var XmlShapeDeserializer = class extends SerdeContextConfig { readSchema(_schema, value) { const ns = import_schema5.NormalizedSchema.of(_schema); const traits = ns.getMergedTraits(); - const schema = ns.getSchema(); if (ns.isListSchema() && !Array.isArray(value)) { - return this.readSchema(schema, [value]); + return this.readSchema(ns, [value]); } if (value == null) { return value; @@ -40087,14 +48422,14 @@ var XmlShapeDeserializer = class extends SerdeContextConfig { return value; } throw new Error(`@aws-sdk/core/protocols - xml deserializer unhandled schema type for ${ns.getName(true)}`); - } else { - if (ns.isListSchema()) { - return []; - } else if (ns.isMapSchema() || ns.isStructSchema()) { - return {}; - } - return this.stringDeserializer.read(ns, value); } + if (ns.isListSchema()) { + return []; + } + if (ns.isMapSchema() || ns.isStructSchema()) { + return {}; + } + return this.stringDeserializer.read(ns, value); } parseXml(xml) { if (xml.length) { @@ -40136,7 +48471,7 @@ var XmlShapeDeserializer = class extends SerdeContextConfig { // src/submodules/protocols/query/QueryShapeSerializer.ts var import_protocols4 = __nccwpck_require__(2241); var import_schema6 = __nccwpck_require__(9826); -var import_serde6 = __nccwpck_require__(7669); +var import_serde5 = __nccwpck_require__(7669); var import_smithy_client4 = __nccwpck_require__(3570); var import_util_base642 = __nccwpck_require__(5600); var QueryShapeSerializer = class extends SerdeContextConfig { @@ -40165,6 +48500,9 @@ var QueryShapeSerializer = class extends SerdeContextConfig { if (value != null) { this.writeKey(prefix); this.writeValue(String(value)); + } else if (ns.isIdempotencyToken()) { + this.writeKey(prefix); + this.writeValue((0, import_serde5.generateIdempotencyToken)()); } } else if (ns.isBigIntegerSchema()) { if (value != null) { @@ -40174,7 +48512,7 @@ var QueryShapeSerializer = class extends SerdeContextConfig { } else if (ns.isBigDecimalSchema()) { if (value != null) { this.writeKey(prefix); - this.writeValue(value instanceof import_serde6.NumericValue ? value.string : String(value)); + this.writeValue(value instanceof import_serde5.NumericValue ? value.string : String(value)); } } else if (ns.isTimestampSchema()) { if (value instanceof Date) { @@ -40238,7 +48576,7 @@ var QueryShapeSerializer = class extends SerdeContextConfig { } else if (ns.isStructSchema()) { if (value && typeof value === "object") { for (const [memberName, member] of ns.structIterator()) { - if (value[memberName] == null) { + if (value[memberName] == null && !member.isIdempotencyToken()) { continue; } const suffix = this.getKey(memberName, member.getMergedTraits().xmlName); @@ -40429,6 +48767,12 @@ var AwsQueryProtocol = class extends import_protocols5.RpcProtocol { const errorData = this.loadQueryError(data); return errorData?.message ?? errorData?.Message ?? data.message ?? data.Message ?? "Unknown"; } + /** + * @override + */ + getDefaultContentType() { + return "application/x-www-form-urlencoded"; + } }; // src/submodules/protocols/query/AwsEc2QueryProtocol.ts @@ -40461,7 +48805,7 @@ var import_util_body_length_browser4 = __nccwpck_require__(713); // src/submodules/protocols/xml/parseXmlBody.ts var import_smithy_client5 = __nccwpck_require__(3570); -var import_fast_xml_parser2 = __nccwpck_require__(2603); +var import_fast_xml_parser2 = __nccwpck_require__(4678); var parseXmlBody = /* @__PURE__ */ __name((streamBody, context) => collectBodyString(streamBody, context).then((encoded) => { if (encoded.length) { const parser = new import_fast_xml_parser2.XMLParser({ @@ -40517,9 +48861,9 @@ var loadRestXmlErrorCode = /* @__PURE__ */ __name((output, data) => { }, "loadRestXmlErrorCode"); // src/submodules/protocols/xml/XmlShapeSerializer.ts -var import_xml_builder = __nccwpck_require__(2329); +var import_xml_builder = __nccwpck_require__(1003); var import_schema8 = __nccwpck_require__(9826); -var import_serde7 = __nccwpck_require__(7669); +var import_serde6 = __nccwpck_require__(7669); var import_smithy_client6 = __nccwpck_require__(3570); var import_util_base643 = __nccwpck_require__(5600); var XmlShapeSerializer = class extends SerdeContextConfig { @@ -40584,7 +48928,7 @@ var XmlShapeSerializer = class extends SerdeContextConfig { } for (const [memberName, memberSchema] of ns.structIterator()) { const val = value[memberName]; - if (val != null) { + if (val != null || memberSchema.isIdempotencyToken()) { if (memberSchema.getMergedTraits().xmlAttribute) { structXmlNode.addAttribute( memberSchema.getMergedTraits().xmlName ?? memberName, @@ -40745,7 +49089,7 @@ var XmlShapeSerializer = class extends SerdeContextConfig { break; } } else if (ns.isBigDecimalSchema() && value) { - if (value instanceof import_serde7.NumericValue) { + if (value instanceof import_serde6.NumericValue) { return value.string; } return String(value); @@ -40761,9 +49105,16 @@ var XmlShapeSerializer = class extends SerdeContextConfig { ); } } - if (ns.isStringSchema() || ns.isBooleanSchema() || ns.isNumericSchema() || ns.isBigIntegerSchema() || ns.isBigDecimalSchema()) { + if (ns.isBooleanSchema() || ns.isNumericSchema() || ns.isBigIntegerSchema() || ns.isBigDecimalSchema()) { nodeContents = String(value); } + if (ns.isStringSchema()) { + if (value === void 0 && ns.isIdempotencyToken()) { + nodeContents = (0, import_serde6.generateIdempotencyToken)(); + } else { + nodeContents = String(value); + } + } if (nodeContents === null) { throw new Error(`Unhandled schema-value pair ${ns.getName(true)}=${value}`); } @@ -40833,106 +49184,290 @@ var AwsRestXmlProtocol = class extends import_protocols6.HttpBindingProtocol { this.serializer = new import_protocols6.HttpInterceptingShapeSerializer(this.codec.createSerializer(), settings); this.deserializer = new import_protocols6.HttpInterceptingShapeDeserializer(this.codec.createDeserializer(), settings); } - getPayloadCodec() { - return this.codec; + getPayloadCodec() { + return this.codec; + } + getShapeId() { + return "aws.protocols#restXml"; + } + async serializeRequest(operationSchema, input, context) { + const request = await super.serializeRequest(operationSchema, input, context); + const ns = import_schema9.NormalizedSchema.of(operationSchema.input); + const members = ns.getMemberSchemas(); + request.path = String(request.path).split("/").filter((segment) => { + return segment !== "{Bucket}"; + }).join("/") || "/"; + if (!request.headers["content-type"]) { + const httpPayloadMember = Object.values(members).find((m) => { + return !!m.getMergedTraits().httpPayload; + }); + if (httpPayloadMember) { + const mediaType = httpPayloadMember.getMergedTraits().mediaType; + if (mediaType) { + request.headers["content-type"] = mediaType; + } else if (httpPayloadMember.isStringSchema()) { + request.headers["content-type"] = "text/plain"; + } else if (httpPayloadMember.isBlobSchema()) { + request.headers["content-type"] = "application/octet-stream"; + } else { + request.headers["content-type"] = this.getDefaultContentType(); + } + } else if (!ns.isUnitSchema()) { + const hasBody = Object.values(members).find((m) => { + const { httpQuery, httpQueryParams, httpHeader, httpLabel, httpPrefixHeaders } = m.getMergedTraits(); + return !httpQuery && !httpQueryParams && !httpHeader && !httpLabel && httpPrefixHeaders === void 0; + }); + if (hasBody) { + request.headers["content-type"] = this.getDefaultContentType(); + } + } + } + if (request.headers["content-type"] === this.getDefaultContentType()) { + if (typeof request.body === "string") { + request.body = '' + request.body; + } + } + if (request.body) { + try { + request.headers["content-length"] = String((0, import_util_body_length_browser4.calculateBodyLength)(request.body)); + } catch (e) { + } + } + return request; + } + async deserializeResponse(operationSchema, context, response) { + return super.deserializeResponse(operationSchema, context, response); + } + async handleError(operationSchema, context, response, dataObject, metadata) { + const errorIdentifier = loadRestXmlErrorCode(response, dataObject) ?? "Unknown"; + let namespace = this.options.defaultNamespace; + let errorName = errorIdentifier; + if (errorIdentifier.includes("#")) { + [namespace, errorName] = errorIdentifier.split("#"); + } + const registry = import_schema9.TypeRegistry.for(namespace); + let errorSchema; + try { + errorSchema = registry.getSchema(errorIdentifier); + } catch (e) { + const baseExceptionSchema = import_schema9.TypeRegistry.for("smithy.ts.sdk.synthetic." + namespace).getBaseException(); + if (baseExceptionSchema) { + const ErrorCtor = baseExceptionSchema.ctor; + throw Object.assign(new ErrorCtor(errorName), dataObject); + } + throw new Error(errorName); + } + const ns = import_schema9.NormalizedSchema.of(errorSchema); + const message = dataObject.Error?.message ?? dataObject.Error?.Message ?? dataObject.message ?? dataObject.Message ?? "Unknown"; + const exception = new errorSchema.ctor(message); + await this.deserializeHttpMessage(errorSchema, context, response, dataObject); + const output = {}; + for (const [name, member] of ns.structIterator()) { + const target = member.getMergedTraits().xmlName ?? name; + const value = dataObject.Error?.[target] ?? dataObject[target]; + output[name] = this.codec.createDeserializer().readSchema(member, value); + } + Object.assign(exception, { + $metadata: metadata, + $response: response, + $fault: ns.getMergedTraits().error, + message, + ...output + }); + throw exception; + } + /** + * @override + */ + getDefaultContentType() { + return "application/xml"; + } +}; +// Annotate the CommonJS export names for ESM import in node: +0 && (0); + + +/***/ }), + +/***/ 1003: +/***/ ((module) => { + +"use strict"; + +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + } + return to; +}; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/index.ts +var index_exports = {}; +__export(index_exports, { + XmlNode: () => XmlNode, + XmlText: () => XmlText +}); +module.exports = __toCommonJS(index_exports); + +// src/escape-attribute.ts +function escapeAttribute(value) { + return value.replace(/&/g, "&").replace(//g, ">").replace(/"/g, """); +} +__name(escapeAttribute, "escapeAttribute"); + +// src/escape-element.ts +function escapeElement(value) { + return value.replace(/&/g, "&").replace(/"/g, """).replace(/'/g, "'").replace(//g, ">").replace(/\r/g, " ").replace(/\n/g, " ").replace(/\u0085/g, "…").replace(/\u2028/, " "); +} +__name(escapeElement, "escapeElement"); + +// src/XmlText.ts +var XmlText = class { + constructor(value) { + this.value = value; + } + static { + __name(this, "XmlText"); + } + toString() { + return escapeElement("" + this.value); + } +}; + +// src/XmlNode.ts +var XmlNode = class _XmlNode { + constructor(name, children = []) { + this.name = name; + this.children = children; + } + static { + __name(this, "XmlNode"); + } + attributes = {}; + static of(name, childText, withName) { + const node = new _XmlNode(name); + if (childText !== void 0) { + node.addChildNode(new XmlText(childText)); + } + if (withName !== void 0) { + node.withName(withName); + } + return node; + } + withName(name) { + this.name = name; + return this; + } + addAttribute(name, value) { + this.attributes[name] = value; + return this; + } + addChildNode(child) { + this.children.push(child); + return this; + } + removeAttribute(name) { + delete this.attributes[name]; + return this; + } + /** + * @internal + * Alias of {@link XmlNode#withName(string)} for codegen brevity. + */ + n(name) { + this.name = name; + return this; } - getShapeId() { - return "aws.protocols#restXml"; + /** + * @internal + * Alias of {@link XmlNode#addChildNode(string)} for codegen brevity. + */ + c(child) { + this.children.push(child); + return this; } - async serializeRequest(operationSchema, input, context) { - const request = await super.serializeRequest(operationSchema, input, context); - const ns = import_schema9.NormalizedSchema.of(operationSchema.input); - const members = ns.getMemberSchemas(); - request.path = String(request.path).split("/").filter((segment) => { - return segment !== "{Bucket}"; - }).join("/") || "/"; - if (!request.headers["content-type"]) { - const httpPayloadMember = Object.values(members).find((m) => { - return !!m.getMergedTraits().httpPayload; - }); - if (httpPayloadMember) { - const mediaType = httpPayloadMember.getMergedTraits().mediaType; - if (mediaType) { - request.headers["content-type"] = mediaType; - } else if (httpPayloadMember.isStringSchema()) { - request.headers["content-type"] = "text/plain"; - } else if (httpPayloadMember.isBlobSchema()) { - request.headers["content-type"] = "application/octet-stream"; - } else { - request.headers["content-type"] = "application/xml"; - } - } else if (!ns.isUnitSchema()) { - const hasBody = Object.values(members).find((m) => { - const { httpQuery, httpQueryParams, httpHeader, httpLabel, httpPrefixHeaders } = m.getMergedTraits(); - return !httpQuery && !httpQueryParams && !httpHeader && !httpLabel && httpPrefixHeaders === void 0; - }); - if (hasBody) { - request.headers["content-type"] = "application/xml"; - } - } - } - if (request.headers["content-type"] === "application/xml") { - if (typeof request.body === "string") { - request.body = '' + request.body; - } + /** + * @internal + * Checked version of {@link XmlNode#addAttribute(string)} for codegen brevity. + */ + a(name, value) { + if (value != null) { + this.attributes[name] = value; } - if (request.body) { - try { - request.headers["content-length"] = String((0, import_util_body_length_browser4.calculateBodyLength)(request.body)); - } catch (e) { - } + return this; + } + /** + * Create a child node. + * Used in serialization of string fields. + * @internal + */ + cc(input, field, withName = field) { + if (input[field] != null) { + const node = _XmlNode.of(field, input[field]).withName(withName); + this.c(node); } - return request; } - async deserializeResponse(operationSchema, context, response) { - return super.deserializeResponse(operationSchema, context, response); + /** + * Creates list child nodes. + * @internal + */ + l(input, listName, memberName, valueProvider) { + if (input[listName] != null) { + const nodes = valueProvider(); + nodes.map((node) => { + node.withName(memberName); + this.c(node); + }); + } } - async handleError(operationSchema, context, response, dataObject, metadata) { - const errorIdentifier = loadRestXmlErrorCode(response, dataObject) ?? "Unknown"; - let namespace = this.options.defaultNamespace; - let errorName = errorIdentifier; - if (errorIdentifier.includes("#")) { - [namespace, errorName] = errorIdentifier.split("#"); + /** + * Creates list child nodes with container. + * @internal + */ + lc(input, listName, memberName, valueProvider) { + if (input[listName] != null) { + const nodes = valueProvider(); + const containerNode = new _XmlNode(memberName); + nodes.map((node) => { + containerNode.c(node); + }); + this.c(containerNode); } - const registry = import_schema9.TypeRegistry.for(namespace); - let errorSchema; - try { - errorSchema = registry.getSchema(errorIdentifier); - } catch (e) { - const baseExceptionSchema = import_schema9.TypeRegistry.for("smithy.ts.sdk.synthetic." + namespace).getBaseException(); - if (baseExceptionSchema) { - const ErrorCtor = baseExceptionSchema.ctor; - throw Object.assign(new ErrorCtor(errorName), dataObject); + } + toString() { + const hasChildren = Boolean(this.children.length); + let xmlText = `<${this.name}`; + const attributes = this.attributes; + for (const attributeName of Object.keys(attributes)) { + const attribute = attributes[attributeName]; + if (attribute != null) { + xmlText += ` ${attributeName}="${escapeAttribute("" + attribute)}"`; } - throw new Error(errorName); - } - const ns = import_schema9.NormalizedSchema.of(errorSchema); - const message = dataObject.Error?.message ?? dataObject.Error?.Message ?? dataObject.message ?? dataObject.Message ?? "Unknown"; - const exception = new errorSchema.ctor(message); - await this.deserializeHttpMessage(errorSchema, context, response, dataObject); - const output = {}; - for (const [name, member] of ns.structIterator()) { - const target = member.getMergedTraits().xmlName ?? name; - const value = dataObject.Error?.[target] ?? dataObject[target]; - output[name] = this.codec.createDeserializer().readSchema(member, value); } - Object.assign(exception, { - $metadata: metadata, - $response: response, - $fault: ns.getMergedTraits().error, - message, - ...output - }); - throw exception; + return xmlText += !hasChildren ? "/>" : `>${this.children.map((c) => c.toString()).join("")}`; } }; // Annotate the CommonJS export names for ESM import in node: + 0 && (0); + /***/ }), -/***/ 5972: +/***/ 2545: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; @@ -40959,47 +49494,43 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru // src/index.ts var index_exports = {}; __export(index_exports, { - ENV_ACCOUNT_ID: () => ENV_ACCOUNT_ID, - ENV_CREDENTIAL_SCOPE: () => ENV_CREDENTIAL_SCOPE, - ENV_EXPIRATION: () => ENV_EXPIRATION, - ENV_KEY: () => ENV_KEY, - ENV_SECRET: () => ENV_SECRET, - ENV_SESSION: () => ENV_SESSION, - fromEnv: () => fromEnv + getHostHeaderPlugin: () => getHostHeaderPlugin, + hostHeaderMiddleware: () => hostHeaderMiddleware, + hostHeaderMiddlewareOptions: () => hostHeaderMiddlewareOptions, + resolveHostHeaderConfig: () => resolveHostHeaderConfig }); module.exports = __toCommonJS(index_exports); - -// src/fromEnv.ts -var import_client = __nccwpck_require__(2825); -var import_property_provider = __nccwpck_require__(9721); -var ENV_KEY = "AWS_ACCESS_KEY_ID"; -var ENV_SECRET = "AWS_SECRET_ACCESS_KEY"; -var ENV_SESSION = "AWS_SESSION_TOKEN"; -var ENV_EXPIRATION = "AWS_CREDENTIAL_EXPIRATION"; -var ENV_CREDENTIAL_SCOPE = "AWS_CREDENTIAL_SCOPE"; -var ENV_ACCOUNT_ID = "AWS_ACCOUNT_ID"; -var fromEnv = /* @__PURE__ */ __name((init) => async () => { - init?.logger?.debug("@aws-sdk/credential-provider-env - fromEnv"); - const accessKeyId = process.env[ENV_KEY]; - const secretAccessKey = process.env[ENV_SECRET]; - const sessionToken = process.env[ENV_SESSION]; - const expiry = process.env[ENV_EXPIRATION]; - const credentialScope = process.env[ENV_CREDENTIAL_SCOPE]; - const accountId = process.env[ENV_ACCOUNT_ID]; - if (accessKeyId && secretAccessKey) { - const credentials = { - accessKeyId, - secretAccessKey, - ...sessionToken && { sessionToken }, - ...expiry && { expiration: new Date(expiry) }, - ...credentialScope && { credentialScope }, - ...accountId && { accountId } - }; - (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_ENV_VARS", "g"); - return credentials; +var import_protocol_http = __nccwpck_require__(4418); +function resolveHostHeaderConfig(input) { + return input; +} +__name(resolveHostHeaderConfig, "resolveHostHeaderConfig"); +var hostHeaderMiddleware = /* @__PURE__ */ __name((options) => (next) => async (args) => { + if (!import_protocol_http.HttpRequest.isInstance(args.request)) return next(args); + const { request } = args; + const { handlerProtocol = "" } = options.requestHandler.metadata || {}; + if (handlerProtocol.indexOf("h2") >= 0 && !request.headers[":authority"]) { + delete request.headers["host"]; + request.headers[":authority"] = request.hostname + (request.port ? ":" + request.port : ""); + } else if (!request.headers["host"]) { + let host = request.hostname; + if (request.port != null) host += `:${request.port}`; + request.headers["host"] = host; } - throw new import_property_provider.CredentialsProviderError("Unable to find environment variable credentials.", { logger: init?.logger }); -}, "fromEnv"); + return next(args); +}, "hostHeaderMiddleware"); +var hostHeaderMiddlewareOptions = { + name: "hostHeaderMiddleware", + step: "build", + priority: "low", + tags: ["HOST"], + override: true +}; +var getHostHeaderPlugin = /* @__PURE__ */ __name((options) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.add(hostHeaderMiddleware(options), hostHeaderMiddlewareOptions); + }, "applyToStack") +}), "getHostHeaderPlugin"); // Annotate the CommonJS export names for ESM import in node: 0 && (0); @@ -41008,245 +49539,241 @@ var fromEnv = /* @__PURE__ */ __name((init) => async () => { /***/ }), -/***/ 3757: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { +/***/ 2098: +/***/ ((module) => { "use strict"; -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.checkUrl = void 0; -const property_provider_1 = __nccwpck_require__(9721); -const LOOPBACK_CIDR_IPv4 = "127.0.0.0/8"; -const LOOPBACK_CIDR_IPv6 = "::1/128"; -const ECS_CONTAINER_HOST = "169.254.170.2"; -const EKS_CONTAINER_HOST_IPv4 = "169.254.170.23"; -const EKS_CONTAINER_HOST_IPv6 = "[fd00:ec2::23]"; -const checkUrl = (url, logger) => { - if (url.protocol === "https:") { - return; - } - if (url.hostname === ECS_CONTAINER_HOST || - url.hostname === EKS_CONTAINER_HOST_IPv4 || - url.hostname === EKS_CONTAINER_HOST_IPv6) { - return; - } - if (url.hostname.includes("[")) { - if (url.hostname === "[::1]" || url.hostname === "[0000:0000:0000:0000:0000:0000:0000:0001]") { - return; - } - } - else { - if (url.hostname === "localhost") { - return; - } - const ipComponents = url.hostname.split("."); - const inRange = (component) => { - const num = parseInt(component, 10); - return 0 <= num && num <= 255; - }; - if (ipComponents[0] === "127" && - inRange(ipComponents[1]) && - inRange(ipComponents[2]) && - inRange(ipComponents[3]) && - ipComponents.length === 4) { - return; +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + } + return to; +}; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/index.ts +var index_exports = {}; +__export(index_exports, { + getLocationConstraintPlugin: () => getLocationConstraintPlugin, + locationConstraintMiddleware: () => locationConstraintMiddleware, + locationConstraintMiddlewareOptions: () => locationConstraintMiddlewareOptions +}); +module.exports = __toCommonJS(index_exports); +function locationConstraintMiddleware(options) { + return (next) => async (args) => { + const { CreateBucketConfiguration } = args.input; + const region = await options.region(); + if (!CreateBucketConfiguration?.LocationConstraint && !CreateBucketConfiguration?.Location) { + args = { + ...args, + input: { + ...args.input, + CreateBucketConfiguration: region === "us-east-1" ? void 0 : { LocationConstraint: region } } + }; } - throw new property_provider_1.CredentialsProviderError(`URL not accepted. It must either be HTTPS or match one of the following: - - loopback CIDR 127.0.0.0/8 or [::1/128] - - ECS container host 169.254.170.2 - - EKS container host 169.254.170.23 or [fd00:ec2::23]`, { logger }); + return next(args); + }; +} +__name(locationConstraintMiddleware, "locationConstraintMiddleware"); +var locationConstraintMiddlewareOptions = { + step: "initialize", + tags: ["LOCATION_CONSTRAINT", "CREATE_BUCKET_CONFIGURATION"], + name: "locationConstraintMiddleware", + override: true }; -exports.checkUrl = checkUrl; +var getLocationConstraintPlugin = /* @__PURE__ */ __name((config) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.add(locationConstraintMiddleware(config), locationConstraintMiddlewareOptions); + }, "applyToStack") +}), "getLocationConstraintPlugin"); +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); + /***/ }), -/***/ 6070: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { +/***/ 14: +/***/ ((module) => { "use strict"; -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.fromHttp = void 0; -const tslib_1 = __nccwpck_require__(4351); -const client_1 = __nccwpck_require__(2825); -const node_http_handler_1 = __nccwpck_require__(258); -const property_provider_1 = __nccwpck_require__(9721); -const promises_1 = tslib_1.__importDefault(__nccwpck_require__(3292)); -const checkUrl_1 = __nccwpck_require__(3757); -const requestHelpers_1 = __nccwpck_require__(9287); -const retry_wrapper_1 = __nccwpck_require__(9921); -const AWS_CONTAINER_CREDENTIALS_RELATIVE_URI = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"; -const DEFAULT_LINK_LOCAL_HOST = "http://169.254.170.2"; -const AWS_CONTAINER_CREDENTIALS_FULL_URI = "AWS_CONTAINER_CREDENTIALS_FULL_URI"; -const AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE = "AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE"; -const AWS_CONTAINER_AUTHORIZATION_TOKEN = "AWS_CONTAINER_AUTHORIZATION_TOKEN"; -const fromHttp = (options = {}) => { - options.logger?.debug("@aws-sdk/credential-provider-http - fromHttp"); - let host; - const relative = options.awsContainerCredentialsRelativeUri ?? process.env[AWS_CONTAINER_CREDENTIALS_RELATIVE_URI]; - const full = options.awsContainerCredentialsFullUri ?? process.env[AWS_CONTAINER_CREDENTIALS_FULL_URI]; - const token = options.awsContainerAuthorizationToken ?? process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN]; - const tokenFile = options.awsContainerAuthorizationTokenFile ?? process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE]; - const warn = options.logger?.constructor?.name === "NoOpLogger" || !options.logger ? console.warn : options.logger.warn; - if (relative && full) { - warn("@aws-sdk/credential-provider-http: " + - "you have set both awsContainerCredentialsRelativeUri and awsContainerCredentialsFullUri."); - warn("awsContainerCredentialsFullUri will take precedence."); - } - if (token && tokenFile) { - warn("@aws-sdk/credential-provider-http: " + - "you have set both awsContainerAuthorizationToken and awsContainerAuthorizationTokenFile."); - warn("awsContainerAuthorizationToken will take precedence."); - } - if (full) { - host = full; - } - else if (relative) { - host = `${DEFAULT_LINK_LOCAL_HOST}${relative}`; - } - else { - throw new property_provider_1.CredentialsProviderError(`No HTTP credential provider host provided. -Set AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI.`, { logger: options.logger }); - } - const url = new URL(host); - (0, checkUrl_1.checkUrl)(url, options.logger); - const requestHandler = new node_http_handler_1.NodeHttpHandler({ - requestTimeout: options.timeout ?? 1000, - connectionTimeout: options.timeout ?? 1000, - }); - return (0, retry_wrapper_1.retryWrapper)(async () => { - const request = (0, requestHelpers_1.createGetRequest)(url); - if (token) { - request.headers.Authorization = token; - } - else if (tokenFile) { - request.headers.Authorization = (await promises_1.default.readFile(tokenFile)).toString(); - } - try { - const result = await requestHandler.handle(request); - return (0, requestHelpers_1.getCredentials)(result.response).then((creds) => (0, client_1.setCredentialFeature)(creds, "CREDENTIALS_HTTP", "z")); - } - catch (e) { - throw new property_provider_1.CredentialsProviderError(String(e), { logger: options.logger }); - } - }, options.maxRetries ?? 3, options.timeout ?? 1000); +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); }; -exports.fromHttp = fromHttp; - - -/***/ }), - -/***/ 9287: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + } + return to; +}; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -"use strict"; +// src/index.ts +var index_exports = {}; +__export(index_exports, { + getLoggerPlugin: () => getLoggerPlugin, + loggerMiddleware: () => loggerMiddleware, + loggerMiddlewareOptions: () => loggerMiddlewareOptions +}); +module.exports = __toCommonJS(index_exports); -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.createGetRequest = createGetRequest; -exports.getCredentials = getCredentials; -const property_provider_1 = __nccwpck_require__(9721); -const protocol_http_1 = __nccwpck_require__(4418); -const smithy_client_1 = __nccwpck_require__(3570); -const util_stream_1 = __nccwpck_require__(6607); -function createGetRequest(url) { - return new protocol_http_1.HttpRequest({ - protocol: url.protocol, - hostname: url.hostname, - port: Number(url.port), - path: url.pathname, - query: Array.from(url.searchParams.entries()).reduce((acc, [k, v]) => { - acc[k] = v; - return acc; - }, {}), - fragment: url.hash, +// src/loggerMiddleware.ts +var loggerMiddleware = /* @__PURE__ */ __name(() => (next, context) => async (args) => { + try { + const response = await next(args); + const { clientName, commandName, logger, dynamoDbDocumentClientOptions = {} } = context; + const { overrideInputFilterSensitiveLog, overrideOutputFilterSensitiveLog } = dynamoDbDocumentClientOptions; + const inputFilterSensitiveLog = overrideInputFilterSensitiveLog ?? context.inputFilterSensitiveLog; + const outputFilterSensitiveLog = overrideOutputFilterSensitiveLog ?? context.outputFilterSensitiveLog; + const { $metadata, ...outputWithoutMetadata } = response.output; + logger?.info?.({ + clientName, + commandName, + input: inputFilterSensitiveLog(args.input), + output: outputFilterSensitiveLog(outputWithoutMetadata), + metadata: $metadata }); -} -async function getCredentials(response, logger) { - const stream = (0, util_stream_1.sdkStreamMixin)(response.body); - const str = await stream.transformToString(); - if (response.statusCode === 200) { - const parsed = JSON.parse(str); - if (typeof parsed.AccessKeyId !== "string" || - typeof parsed.SecretAccessKey !== "string" || - typeof parsed.Token !== "string" || - typeof parsed.Expiration !== "string") { - throw new property_provider_1.CredentialsProviderError("HTTP credential provider response not of the required format, an object matching: " + - "{ AccessKeyId: string, SecretAccessKey: string, Token: string, Expiration: string(rfc3339) }", { logger }); - } - return { - accessKeyId: parsed.AccessKeyId, - secretAccessKey: parsed.SecretAccessKey, - sessionToken: parsed.Token, - expiration: (0, smithy_client_1.parseRfc3339DateTime)(parsed.Expiration), - }; - } - if (response.statusCode >= 400 && response.statusCode < 500) { - let parsedBody = {}; - try { - parsedBody = JSON.parse(str); - } - catch (e) { } - throw Object.assign(new property_provider_1.CredentialsProviderError(`Server responded with status: ${response.statusCode}`, { logger }), { - Code: parsedBody.Code, - Message: parsedBody.Message, - }); - } - throw new property_provider_1.CredentialsProviderError(`Server responded with status: ${response.statusCode}`, { logger }); -} + return response; + } catch (error) { + const { clientName, commandName, logger, dynamoDbDocumentClientOptions = {} } = context; + const { overrideInputFilterSensitiveLog } = dynamoDbDocumentClientOptions; + const inputFilterSensitiveLog = overrideInputFilterSensitiveLog ?? context.inputFilterSensitiveLog; + logger?.error?.({ + clientName, + commandName, + input: inputFilterSensitiveLog(args.input), + error, + metadata: error.$metadata + }); + throw error; + } +}, "loggerMiddleware"); +var loggerMiddlewareOptions = { + name: "loggerMiddleware", + tags: ["LOGGER"], + step: "initialize", + override: true +}; +var getLoggerPlugin = /* @__PURE__ */ __name((options) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.add(loggerMiddleware(), loggerMiddlewareOptions); + }, "applyToStack") +}), "getLoggerPlugin"); +// Annotate the CommonJS export names for ESM import in node: + +0 && (0); + /***/ }), -/***/ 9921: -/***/ ((__unused_webpack_module, exports) => { +/***/ 5525: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.retryWrapper = void 0; -const retryWrapper = (toRetry, maxRetries, delayMs) => { - return async () => { - for (let i = 0; i < maxRetries; ++i) { - try { - return await toRetry(); - } - catch (e) { - await new Promise((resolve) => setTimeout(resolve, delayMs)); - } - } - return await toRetry(); - }; +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); }; -exports.retryWrapper = retryWrapper; - - -/***/ }), +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + } + return to; +}; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -/***/ 7290: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { +// src/index.ts +var index_exports = {}; +__export(index_exports, { + addRecursionDetectionMiddlewareOptions: () => addRecursionDetectionMiddlewareOptions, + getRecursionDetectionPlugin: () => getRecursionDetectionPlugin, + recursionDetectionMiddleware: () => recursionDetectionMiddleware +}); +module.exports = __toCommonJS(index_exports); +var import_protocol_http = __nccwpck_require__(4418); +var TRACE_ID_HEADER_NAME = "X-Amzn-Trace-Id"; +var ENV_LAMBDA_FUNCTION_NAME = "AWS_LAMBDA_FUNCTION_NAME"; +var ENV_TRACE_ID = "_X_AMZN_TRACE_ID"; +var recursionDetectionMiddleware = /* @__PURE__ */ __name((options) => (next) => async (args) => { + const { request } = args; + if (!import_protocol_http.HttpRequest.isInstance(request) || options.runtime !== "node") { + return next(args); + } + const traceIdHeader = Object.keys(request.headers ?? {}).find((h) => h.toLowerCase() === TRACE_ID_HEADER_NAME.toLowerCase()) ?? TRACE_ID_HEADER_NAME; + if (request.headers.hasOwnProperty(traceIdHeader)) { + return next(args); + } + const functionName = process.env[ENV_LAMBDA_FUNCTION_NAME]; + const traceId = process.env[ENV_TRACE_ID]; + const nonEmptyString = /* @__PURE__ */ __name((str) => typeof str === "string" && str.length > 0, "nonEmptyString"); + if (nonEmptyString(functionName) && nonEmptyString(traceId)) { + request.headers[TRACE_ID_HEADER_NAME] = traceId; + } + return next({ + ...args, + request + }); +}, "recursionDetectionMiddleware"); +var addRecursionDetectionMiddlewareOptions = { + step: "build", + tags: ["RECURSION_DETECTION"], + name: "recursionDetectionMiddleware", + override: true, + priority: "low" +}; +var getRecursionDetectionPlugin = /* @__PURE__ */ __name((options) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.add(recursionDetectionMiddleware(options), addRecursionDetectionMiddlewareOptions); + }, "applyToStack") +}), "getRecursionDetectionPlugin"); +// Annotate the CommonJS export names for ESM import in node: -"use strict"; +0 && (0); -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.fromHttp = void 0; -var fromHttp_1 = __nccwpck_require__(6070); -Object.defineProperty(exports, "fromHttp", ({ enumerable: true, get: function () { return fromHttp_1.fromHttp; } })); /***/ }), -/***/ 4203: +/***/ 1139: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; -var __create = Object.create; var __defProp = Object.defineProperty; var __getOwnPropDesc = Object.getOwnPropertyDescriptor; var __getOwnPropNames = Object.getOwnPropertyNames; -var __getProtoOf = Object.getPrototypeOf; var __hasOwnProp = Object.prototype.hasOwnProperty; var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); var __export = (target, all) => { @@ -41261,407 +49788,650 @@ var __copyProps = (to, from, except, desc) => { } return to; }; -var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps( - // If the importer is in node compatibility mode or this is not an ESM - // file that has been converted to a CommonJS file using a Babel- - // compatible transform (i.e. "__esModule" has not been set), then set - // "default" to the CommonJS "module.exports" for node compatibility. - isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target, - mod -)); -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - fromIni: () => fromIni -}); -module.exports = __toCommonJS(index_exports); - -// src/fromIni.ts - - -// src/resolveProfileData.ts - - -// src/resolveAssumeRoleCredentials.ts +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); + +// src/index.ts +var index_exports = {}; +__export(index_exports, { + NODE_DISABLE_S3_EXPRESS_SESSION_AUTH_OPTIONS: () => NODE_DISABLE_S3_EXPRESS_SESSION_AUTH_OPTIONS, + S3ExpressIdentityCache: () => S3ExpressIdentityCache, + S3ExpressIdentityCacheEntry: () => S3ExpressIdentityCacheEntry, + S3ExpressIdentityProviderImpl: () => S3ExpressIdentityProviderImpl, + SignatureV4S3Express: () => SignatureV4S3Express, + checkContentLengthHeader: () => checkContentLengthHeader, + checkContentLengthHeaderMiddlewareOptions: () => checkContentLengthHeaderMiddlewareOptions, + getCheckContentLengthHeaderPlugin: () => getCheckContentLengthHeaderPlugin, + getRegionRedirectMiddlewarePlugin: () => getRegionRedirectMiddlewarePlugin, + getS3ExpiresMiddlewarePlugin: () => getS3ExpiresMiddlewarePlugin, + getS3ExpressHttpSigningPlugin: () => getS3ExpressHttpSigningPlugin, + getS3ExpressPlugin: () => getS3ExpressPlugin, + getThrow200ExceptionsPlugin: () => getThrow200ExceptionsPlugin, + getValidateBucketNamePlugin: () => getValidateBucketNamePlugin, + regionRedirectEndpointMiddleware: () => regionRedirectEndpointMiddleware, + regionRedirectEndpointMiddlewareOptions: () => regionRedirectEndpointMiddlewareOptions, + regionRedirectMiddleware: () => regionRedirectMiddleware, + regionRedirectMiddlewareOptions: () => regionRedirectMiddlewareOptions, + resolveS3Config: () => resolveS3Config, + s3ExpiresMiddleware: () => s3ExpiresMiddleware, + s3ExpiresMiddlewareOptions: () => s3ExpiresMiddlewareOptions, + s3ExpressHttpSigningMiddleware: () => s3ExpressHttpSigningMiddleware, + s3ExpressHttpSigningMiddlewareOptions: () => s3ExpressHttpSigningMiddlewareOptions, + s3ExpressMiddleware: () => s3ExpressMiddleware, + s3ExpressMiddlewareOptions: () => s3ExpressMiddlewareOptions, + throw200ExceptionsMiddleware: () => throw200ExceptionsMiddleware, + throw200ExceptionsMiddlewareOptions: () => throw200ExceptionsMiddlewareOptions, + validateBucketNameMiddleware: () => validateBucketNameMiddleware, + validateBucketNameMiddlewareOptions: () => validateBucketNameMiddlewareOptions +}); +module.exports = __toCommonJS(index_exports); + +// src/check-content-length-header.ts +var import_protocol_http = __nccwpck_require__(4418); +var import_smithy_client = __nccwpck_require__(3570); +var CONTENT_LENGTH_HEADER = "content-length"; +var DECODED_CONTENT_LENGTH_HEADER = "x-amz-decoded-content-length"; +function checkContentLengthHeader() { + return (next, context) => async (args) => { + const { request } = args; + if (import_protocol_http.HttpRequest.isInstance(request)) { + if (!(CONTENT_LENGTH_HEADER in request.headers) && !(DECODED_CONTENT_LENGTH_HEADER in request.headers)) { + const message = `Are you using a Stream of unknown length as the Body of a PutObject request? Consider using Upload instead from @aws-sdk/lib-storage.`; + if (typeof context?.logger?.warn === "function" && !(context.logger instanceof import_smithy_client.NoOpLogger)) { + context.logger.warn(message); + } else { + console.warn(message); + } + } + } + return next({ ...args }); + }; +} +__name(checkContentLengthHeader, "checkContentLengthHeader"); +var checkContentLengthHeaderMiddlewareOptions = { + step: "finalizeRequest", + tags: ["CHECK_CONTENT_LENGTH_HEADER"], + name: "getCheckContentLengthHeaderPlugin", + override: true +}; +var getCheckContentLengthHeaderPlugin = /* @__PURE__ */ __name((unused) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.add(checkContentLengthHeader(), checkContentLengthHeaderMiddlewareOptions); + }, "applyToStack") +}), "getCheckContentLengthHeaderPlugin"); + +// src/region-redirect-endpoint-middleware.ts +var regionRedirectEndpointMiddleware = /* @__PURE__ */ __name((config) => { + return (next, context) => async (args) => { + const originalRegion = await config.region(); + const regionProviderRef = config.region; + let unlock = /* @__PURE__ */ __name(() => { + }, "unlock"); + if (context.__s3RegionRedirect) { + Object.defineProperty(config, "region", { + writable: false, + value: /* @__PURE__ */ __name(async () => { + return context.__s3RegionRedirect; + }, "value") + }); + unlock = /* @__PURE__ */ __name(() => Object.defineProperty(config, "region", { + writable: true, + value: regionProviderRef + }), "unlock"); + } + try { + const result = await next(args); + if (context.__s3RegionRedirect) { + unlock(); + const region = await config.region(); + if (originalRegion !== region) { + throw new Error("Region was not restored following S3 region redirect."); + } + } + return result; + } catch (e) { + unlock(); + throw e; + } + }; +}, "regionRedirectEndpointMiddleware"); +var regionRedirectEndpointMiddlewareOptions = { + tags: ["REGION_REDIRECT", "S3"], + name: "regionRedirectEndpointMiddleware", + override: true, + relation: "before", + toMiddleware: "endpointV2Middleware" +}; + +// src/region-redirect-middleware.ts +function regionRedirectMiddleware(clientConfig) { + return (next, context) => async (args) => { + try { + return await next(args); + } catch (err) { + if (clientConfig.followRegionRedirects) { + if (err?.$metadata?.httpStatusCode === 301 || // err.name === "PermanentRedirect" && --> removing the error name check, as that allows for HEAD operations (which have the 301 status code, but not the same error name) to be covered for region redirection as well + err?.$metadata?.httpStatusCode === 400 && err?.name === "IllegalLocationConstraintException") { + try { + const actualRegion = err.$response.headers["x-amz-bucket-region"]; + context.logger?.debug(`Redirecting from ${await clientConfig.region()} to ${actualRegion}`); + context.__s3RegionRedirect = actualRegion; + } catch (e) { + throw new Error("Region redirect failed: " + e); + } + return next(args); + } + } + throw err; + } + }; +} +__name(regionRedirectMiddleware, "regionRedirectMiddleware"); +var regionRedirectMiddlewareOptions = { + step: "initialize", + tags: ["REGION_REDIRECT", "S3"], + name: "regionRedirectMiddleware", + override: true +}; +var getRegionRedirectMiddlewarePlugin = /* @__PURE__ */ __name((clientConfig) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.add(regionRedirectMiddleware(clientConfig), regionRedirectMiddlewareOptions); + clientStack.addRelativeTo(regionRedirectEndpointMiddleware(clientConfig), regionRedirectEndpointMiddlewareOptions); + }, "applyToStack") +}), "getRegionRedirectMiddlewarePlugin"); + +// src/s3-expires-middleware.ts + + +var s3ExpiresMiddleware = /* @__PURE__ */ __name((config) => { + return (next, context) => async (args) => { + const result = await next(args); + const { response } = result; + if (import_protocol_http.HttpResponse.isInstance(response)) { + if (response.headers.expires) { + response.headers.expiresstring = response.headers.expires; + try { + (0, import_smithy_client.parseRfc7231DateTime)(response.headers.expires); + } catch (e) { + context.logger?.warn( + `AWS SDK Warning for ${context.clientName}::${context.commandName} response parsing (${response.headers.expires}): ${e}` + ); + delete response.headers.expires; + } + } + } + return result; + }; +}, "s3ExpiresMiddleware"); +var s3ExpiresMiddlewareOptions = { + tags: ["S3"], + name: "s3ExpiresMiddleware", + override: true, + relation: "after", + toMiddleware: "deserializerMiddleware" +}; +var getS3ExpiresMiddlewarePlugin = /* @__PURE__ */ __name((clientConfig) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.addRelativeTo(s3ExpiresMiddleware(clientConfig), s3ExpiresMiddlewareOptions); + }, "applyToStack") +}), "getS3ExpiresMiddlewarePlugin"); + +// src/s3-express/classes/S3ExpressIdentityCache.ts +var S3ExpressIdentityCache = class _S3ExpressIdentityCache { + constructor(data = {}) { + this.data = data; + } + static { + __name(this, "S3ExpressIdentityCache"); + } + lastPurgeTime = Date.now(); + static EXPIRED_CREDENTIAL_PURGE_INTERVAL_MS = 3e4; + get(key) { + const entry = this.data[key]; + if (!entry) { + return; + } + return entry; + } + set(key, entry) { + this.data[key] = entry; + return entry; + } + delete(key) { + delete this.data[key]; + } + async purgeExpired() { + const now = Date.now(); + if (this.lastPurgeTime + _S3ExpressIdentityCache.EXPIRED_CREDENTIAL_PURGE_INTERVAL_MS > now) { + return; + } + for (const key in this.data) { + const entry = this.data[key]; + if (!entry.isRefreshing) { + const credential = await entry.identity; + if (credential.expiration) { + if (credential.expiration.getTime() < now) { + delete this.data[key]; + } + } + } + } + } +}; + +// src/s3-express/classes/S3ExpressIdentityCacheEntry.ts +var S3ExpressIdentityCacheEntry = class { + /** + * @param identity - stored identity. + * @param accessed - timestamp of last access in epoch ms. + * @param isRefreshing - this key is currently in the process of being refreshed (background). + */ + constructor(_identity, isRefreshing = false, accessed = Date.now()) { + this._identity = _identity; + this.isRefreshing = isRefreshing; + this.accessed = accessed; + } + static { + __name(this, "S3ExpressIdentityCacheEntry"); + } + get identity() { + this.accessed = Date.now(); + return this._identity; + } +}; + +// src/s3-express/classes/S3ExpressIdentityProviderImpl.ts +var S3ExpressIdentityProviderImpl = class _S3ExpressIdentityProviderImpl { + constructor(createSessionFn, cache = new S3ExpressIdentityCache()) { + this.createSessionFn = createSessionFn; + this.cache = cache; + } + static { + __name(this, "S3ExpressIdentityProviderImpl"); + } + static REFRESH_WINDOW_MS = 6e4; + async getS3ExpressIdentity(awsIdentity, identityProperties) { + const key = identityProperties.Bucket; + const { cache } = this; + const entry = cache.get(key); + if (entry) { + return entry.identity.then((identity) => { + const isExpired = (identity.expiration?.getTime() ?? 0) < Date.now(); + if (isExpired) { + return cache.set(key, new S3ExpressIdentityCacheEntry(this.getIdentity(key))).identity; + } + const isExpiringSoon = (identity.expiration?.getTime() ?? 0) < Date.now() + _S3ExpressIdentityProviderImpl.REFRESH_WINDOW_MS; + if (isExpiringSoon && !entry.isRefreshing) { + entry.isRefreshing = true; + this.getIdentity(key).then((id) => { + cache.set(key, new S3ExpressIdentityCacheEntry(Promise.resolve(id))); + }); + } + return identity; + }); + } + return cache.set(key, new S3ExpressIdentityCacheEntry(this.getIdentity(key))).identity; + } + async getIdentity(key) { + await this.cache.purgeExpired().catch((error) => { + console.warn("Error while clearing expired entries in S3ExpressIdentityCache: \n" + error); + }); + const session = await this.createSessionFn(key); + if (!session.Credentials?.AccessKeyId || !session.Credentials?.SecretAccessKey) { + throw new Error("s3#createSession response credential missing AccessKeyId or SecretAccessKey."); + } + const identity = { + accessKeyId: session.Credentials.AccessKeyId, + secretAccessKey: session.Credentials.SecretAccessKey, + sessionToken: session.Credentials.SessionToken, + expiration: session.Credentials.Expiration ? new Date(session.Credentials.Expiration) : void 0 + }; + return identity; + } +}; + +// src/s3-express/classes/SignatureV4S3Express.ts +var import_signature_v4 = __nccwpck_require__(1528); + +// src/s3-express/constants.ts +var import_util_config_provider = __nccwpck_require__(3375); +var S3_EXPRESS_BUCKET_TYPE = "Directory"; +var S3_EXPRESS_BACKEND = "S3Express"; +var S3_EXPRESS_AUTH_SCHEME = "sigv4-s3express"; +var SESSION_TOKEN_QUERY_PARAM = "X-Amz-S3session-Token"; +var SESSION_TOKEN_HEADER = SESSION_TOKEN_QUERY_PARAM.toLowerCase(); +var NODE_DISABLE_S3_EXPRESS_SESSION_AUTH_ENV_NAME = "AWS_S3_DISABLE_EXPRESS_SESSION_AUTH"; +var NODE_DISABLE_S3_EXPRESS_SESSION_AUTH_INI_NAME = "s3_disable_express_session_auth"; +var NODE_DISABLE_S3_EXPRESS_SESSION_AUTH_OPTIONS = { + environmentVariableSelector: /* @__PURE__ */ __name((env) => (0, import_util_config_provider.booleanSelector)(env, NODE_DISABLE_S3_EXPRESS_SESSION_AUTH_ENV_NAME, import_util_config_provider.SelectorType.ENV), "environmentVariableSelector"), + configFileSelector: /* @__PURE__ */ __name((profile) => (0, import_util_config_provider.booleanSelector)(profile, NODE_DISABLE_S3_EXPRESS_SESSION_AUTH_INI_NAME, import_util_config_provider.SelectorType.CONFIG), "configFileSelector"), + default: false +}; + +// src/s3-express/classes/SignatureV4S3Express.ts +var SignatureV4S3Express = class extends import_signature_v4.SignatureV4 { + static { + __name(this, "SignatureV4S3Express"); + } + /** + * Signs with alternate provided credentials instead of those provided in the + * constructor. + * + * Additionally omits the credential sessionToken and assigns it to the + * alternate header field for S3 Express. + */ + async signWithCredentials(requestToSign, credentials, options) { + const credentialsWithoutSessionToken = getCredentialsWithoutSessionToken(credentials); + requestToSign.headers[SESSION_TOKEN_HEADER] = credentials.sessionToken; + const privateAccess = this; + setSingleOverride(privateAccess, credentialsWithoutSessionToken); + return privateAccess.signRequest(requestToSign, options ?? {}); + } + /** + * Similar to {@link SignatureV4S3Express#signWithCredentials} but for presigning. + */ + async presignWithCredentials(requestToSign, credentials, options) { + const credentialsWithoutSessionToken = getCredentialsWithoutSessionToken(credentials); + delete requestToSign.headers[SESSION_TOKEN_HEADER]; + requestToSign.headers[SESSION_TOKEN_QUERY_PARAM] = credentials.sessionToken; + requestToSign.query = requestToSign.query ?? {}; + requestToSign.query[SESSION_TOKEN_QUERY_PARAM] = credentials.sessionToken; + const privateAccess = this; + setSingleOverride(privateAccess, credentialsWithoutSessionToken); + return this.presign(requestToSign, options); + } +}; +function getCredentialsWithoutSessionToken(credentials) { + const credentialsWithoutSessionToken = { + accessKeyId: credentials.accessKeyId, + secretAccessKey: credentials.secretAccessKey, + expiration: credentials.expiration + }; + return credentialsWithoutSessionToken; +} +__name(getCredentialsWithoutSessionToken, "getCredentialsWithoutSessionToken"); +function setSingleOverride(privateAccess, credentialsWithoutSessionToken) { + const id = setTimeout(() => { + throw new Error("SignatureV4S3Express credential override was created but not called."); + }, 10); + const currentCredentialProvider = privateAccess.credentialProvider; + const overrideCredentialsProviderOnce = /* @__PURE__ */ __name(() => { + clearTimeout(id); + privateAccess.credentialProvider = currentCredentialProvider; + return Promise.resolve(credentialsWithoutSessionToken); + }, "overrideCredentialsProviderOnce"); + privateAccess.credentialProvider = overrideCredentialsProviderOnce; +} +__name(setSingleOverride, "setSingleOverride"); + +// src/s3-express/functions/s3ExpressMiddleware.ts +var import_core = __nccwpck_require__(9559); + +var s3ExpressMiddleware = /* @__PURE__ */ __name((options) => { + return (next, context) => async (args) => { + if (context.endpointV2) { + const endpoint = context.endpointV2; + const isS3ExpressAuth = endpoint.properties?.authSchemes?.[0]?.name === S3_EXPRESS_AUTH_SCHEME; + const isS3ExpressBucket = endpoint.properties?.backend === S3_EXPRESS_BACKEND || endpoint.properties?.bucketType === S3_EXPRESS_BUCKET_TYPE; + if (isS3ExpressBucket) { + (0, import_core.setFeature)(context, "S3_EXPRESS_BUCKET", "J"); + context.isS3ExpressBucket = true; + } + if (isS3ExpressAuth) { + const requestBucket = args.input.Bucket; + if (requestBucket) { + const s3ExpressIdentity = await options.s3ExpressIdentityProvider.getS3ExpressIdentity( + await options.credentials(), + { + Bucket: requestBucket + } + ); + context.s3ExpressIdentity = s3ExpressIdentity; + if (import_protocol_http.HttpRequest.isInstance(args.request) && s3ExpressIdentity.sessionToken) { + args.request.headers[SESSION_TOKEN_HEADER] = s3ExpressIdentity.sessionToken; + } + } + } + } + return next(args); + }; +}, "s3ExpressMiddleware"); +var s3ExpressMiddlewareOptions = { + name: "s3ExpressMiddleware", + step: "build", + tags: ["S3", "S3_EXPRESS"], + override: true +}; +var getS3ExpressPlugin = /* @__PURE__ */ __name((options) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.add(s3ExpressMiddleware(options), s3ExpressMiddlewareOptions); + }, "applyToStack") +}), "getS3ExpressPlugin"); +// src/s3-express/functions/s3ExpressHttpSigningMiddleware.ts +var import_core2 = __nccwpck_require__(5829); -var import_shared_ini_file_loader = __nccwpck_require__(3507); +var import_util_middleware = __nccwpck_require__(2390); -// src/resolveCredentialSource.ts -var import_client = __nccwpck_require__(2825); -var import_property_provider = __nccwpck_require__(9721); -var resolveCredentialSource = /* @__PURE__ */ __name((credentialSource, profileName, logger) => { - const sourceProvidersMap = { - EcsContainer: /* @__PURE__ */ __name(async (options) => { - const { fromHttp } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(7290))); - const { fromContainerMetadata } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(7477))); - logger?.debug("@aws-sdk/credential-provider-ini - credential_source is EcsContainer"); - return async () => (0, import_property_provider.chain)(fromHttp(options ?? {}), fromContainerMetadata(options))().then(setNamedProvider); - }, "EcsContainer"), - Ec2InstanceMetadata: /* @__PURE__ */ __name(async (options) => { - logger?.debug("@aws-sdk/credential-provider-ini - credential_source is Ec2InstanceMetadata"); - const { fromInstanceMetadata } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(7477))); - return async () => fromInstanceMetadata(options)().then(setNamedProvider); - }, "Ec2InstanceMetadata"), - Environment: /* @__PURE__ */ __name(async (options) => { - logger?.debug("@aws-sdk/credential-provider-ini - credential_source is Environment"); - const { fromEnv } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(5972))); - return async () => fromEnv(options)().then(setNamedProvider); - }, "Environment") - }; - if (credentialSource in sourceProvidersMap) { - return sourceProvidersMap[credentialSource]; - } else { - throw new import_property_provider.CredentialsProviderError( - `Unsupported credential source in profile ${profileName}. Got ${credentialSource}, expected EcsContainer or Ec2InstanceMetadata or Environment.`, - { logger } - ); +// src/s3-express/functions/signS3Express.ts +var signS3Express = /* @__PURE__ */ __name(async (s3ExpressIdentity, signingOptions, request, sigV4MultiRegionSigner) => { + const signedRequest = await sigV4MultiRegionSigner.signWithCredentials(request, s3ExpressIdentity, {}); + if (signedRequest.headers["X-Amz-Security-Token"] || signedRequest.headers["x-amz-security-token"]) { + throw new Error("X-Amz-Security-Token must not be set for s3-express requests."); } -}, "resolveCredentialSource"); -var setNamedProvider = /* @__PURE__ */ __name((creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_NAMED_PROVIDER", "p"), "setNamedProvider"); + return signedRequest; +}, "signS3Express"); -// src/resolveAssumeRoleCredentials.ts -var isAssumeRoleProfile = /* @__PURE__ */ __name((arg, { profile = "default", logger } = {}) => { - return Boolean(arg) && typeof arg === "object" && typeof arg.role_arn === "string" && ["undefined", "string"].indexOf(typeof arg.role_session_name) > -1 && ["undefined", "string"].indexOf(typeof arg.external_id) > -1 && ["undefined", "string"].indexOf(typeof arg.mfa_serial) > -1 && (isAssumeRoleWithSourceProfile(arg, { profile, logger }) || isCredentialSourceProfile(arg, { profile, logger })); -}, "isAssumeRoleProfile"); -var isAssumeRoleWithSourceProfile = /* @__PURE__ */ __name((arg, { profile, logger }) => { - const withSourceProfile = typeof arg.source_profile === "string" && typeof arg.credential_source === "undefined"; - if (withSourceProfile) { - logger?.debug?.(` ${profile} isAssumeRoleWithSourceProfile source_profile=${arg.source_profile}`); - } - return withSourceProfile; -}, "isAssumeRoleWithSourceProfile"); -var isCredentialSourceProfile = /* @__PURE__ */ __name((arg, { profile, logger }) => { - const withProviderProfile = typeof arg.credential_source === "string" && typeof arg.source_profile === "undefined"; - if (withProviderProfile) { - logger?.debug?.(` ${profile} isCredentialSourceProfile credential_source=${arg.credential_source}`); +// src/s3-express/functions/s3ExpressHttpSigningMiddleware.ts +var defaultErrorHandler = /* @__PURE__ */ __name((signingProperties) => (error) => { + throw error; +}, "defaultErrorHandler"); +var defaultSuccessHandler = /* @__PURE__ */ __name((httpResponse, signingProperties) => { +}, "defaultSuccessHandler"); +var s3ExpressHttpSigningMiddlewareOptions = import_core2.httpSigningMiddlewareOptions; +var s3ExpressHttpSigningMiddleware = /* @__PURE__ */ __name((config) => (next, context) => async (args) => { + if (!import_protocol_http.HttpRequest.isInstance(args.request)) { + return next(args); } - return withProviderProfile; -}, "isCredentialSourceProfile"); -var resolveAssumeRoleCredentials = /* @__PURE__ */ __name(async (profileName, profiles, options, visitedProfiles = {}) => { - options.logger?.debug("@aws-sdk/credential-provider-ini - resolveAssumeRoleCredentials (STS)"); - const profileData = profiles[profileName]; - const { source_profile, region } = profileData; - if (!options.roleAssumer) { - const { getDefaultRoleAssumer } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(2273))); - options.roleAssumer = getDefaultRoleAssumer( - { - ...options.clientConfig, - credentialProviderLogger: options.logger, - parentClientConfig: { - ...options?.parentClientConfig, - region: region ?? options?.parentClientConfig?.region - } - }, - options.clientPlugins - ); + const smithyContext = (0, import_util_middleware.getSmithyContext)(context); + const scheme = smithyContext.selectedHttpAuthScheme; + if (!scheme) { + throw new Error(`No HttpAuthScheme was selected: unable to sign request`); } - if (source_profile && source_profile in visitedProfiles) { - throw new import_property_provider.CredentialsProviderError( - `Detected a cycle attempting to resolve credentials for profile ${(0, import_shared_ini_file_loader.getProfileName)(options)}. Profiles visited: ` + Object.keys(visitedProfiles).join(", "), - { logger: options.logger } + const { + httpAuthOption: { signingProperties = {} }, + identity, + signer + } = scheme; + let request; + if (context.s3ExpressIdentity) { + request = await signS3Express( + context.s3ExpressIdentity, + signingProperties, + args.request, + await config.signer() ); - } - options.logger?.debug( - `@aws-sdk/credential-provider-ini - finding credential resolver using ${source_profile ? `source_profile=[${source_profile}]` : `profile=[${profileName}]`}` - ); - const sourceCredsProvider = source_profile ? resolveProfileData( - source_profile, - profiles, - options, - { - ...visitedProfiles, - [source_profile]: true - }, - isCredentialSourceWithoutRoleArn(profiles[source_profile] ?? {}) - ) : (await resolveCredentialSource(profileData.credential_source, profileName, options.logger)(options))(); - if (isCredentialSourceWithoutRoleArn(profileData)) { - return sourceCredsProvider.then((creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_SOURCE_PROFILE", "o")); } else { - const params = { - RoleArn: profileData.role_arn, - RoleSessionName: profileData.role_session_name || `aws-sdk-js-${Date.now()}`, - ExternalId: profileData.external_id, - DurationSeconds: parseInt(profileData.duration_seconds || "3600", 10) - }; - const { mfa_serial } = profileData; - if (mfa_serial) { - if (!options.mfaCodeProvider) { - throw new import_property_provider.CredentialsProviderError( - `Profile ${profileName} requires multi-factor authentication, but no MFA code callback was provided.`, - { logger: options.logger, tryNextLink: false } - ); - } - params.SerialNumber = mfa_serial; - params.TokenCode = await options.mfaCodeProvider(mfa_serial); - } - const sourceCreds = await sourceCredsProvider; - return options.roleAssumer(sourceCreds, params).then( - (creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_SOURCE_PROFILE", "o") - ); + request = await signer.sign(args.request, identity, signingProperties); } -}, "resolveAssumeRoleCredentials"); -var isCredentialSourceWithoutRoleArn = /* @__PURE__ */ __name((section) => { - return !section.role_arn && !!section.credential_source; -}, "isCredentialSourceWithoutRoleArn"); - -// src/resolveProcessCredentials.ts - -var isProcessProfile = /* @__PURE__ */ __name((arg) => Boolean(arg) && typeof arg === "object" && typeof arg.credential_process === "string", "isProcessProfile"); -var resolveProcessCredentials = /* @__PURE__ */ __name(async (options, profile) => Promise.resolve().then(() => __toESM(__nccwpck_require__(9969))).then( - ({ fromProcess }) => fromProcess({ - ...options, - profile - })().then((creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_PROCESS", "v")) -), "resolveProcessCredentials"); - -// src/resolveSsoCredentials.ts + const output = await next({ + ...args, + request + }).catch((signer.errorHandler || defaultErrorHandler)(signingProperties)); + (signer.successHandler || defaultSuccessHandler)(output.response, signingProperties); + return output; +}, "s3ExpressHttpSigningMiddleware"); +var getS3ExpressHttpSigningPlugin = /* @__PURE__ */ __name((config) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.addRelativeTo( + s3ExpressHttpSigningMiddleware(config), + import_core2.httpSigningMiddlewareOptions + ); + }, "applyToStack") +}), "getS3ExpressHttpSigningPlugin"); -var resolveSsoCredentials = /* @__PURE__ */ __name(async (profile, profileData, options = {}) => { - const { fromSSO } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(6414))); - return fromSSO({ - profile, - logger: options.logger, - parentClientConfig: options.parentClientConfig, - clientConfig: options.clientConfig - })().then((creds) => { - if (profileData.sso_session) { - return (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_SSO", "r"); - } else { - return (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_SSO_LEGACY", "t"); - } +// src/s3Configuration.ts +var resolveS3Config = /* @__PURE__ */ __name((input, { + session +}) => { + const [s3ClientProvider, CreateSessionCommandCtor] = session; + const { + forcePathStyle, + useAccelerateEndpoint, + disableMultiregionAccessPoints, + followRegionRedirects, + s3ExpressIdentityProvider, + bucketEndpoint + } = input; + return Object.assign(input, { + forcePathStyle: forcePathStyle ?? false, + useAccelerateEndpoint: useAccelerateEndpoint ?? false, + disableMultiregionAccessPoints: disableMultiregionAccessPoints ?? false, + followRegionRedirects: followRegionRedirects ?? false, + s3ExpressIdentityProvider: s3ExpressIdentityProvider ?? new S3ExpressIdentityProviderImpl( + async (key) => s3ClientProvider().send( + new CreateSessionCommandCtor({ + Bucket: key + }) + ) + ), + bucketEndpoint: bucketEndpoint ?? false }); -}, "resolveSsoCredentials"); -var isSsoProfile = /* @__PURE__ */ __name((arg) => arg && (typeof arg.sso_start_url === "string" || typeof arg.sso_account_id === "string" || typeof arg.sso_session === "string" || typeof arg.sso_region === "string" || typeof arg.sso_role_name === "string"), "isSsoProfile"); - -// src/resolveStaticCredentials.ts - -var isStaticCredsProfile = /* @__PURE__ */ __name((arg) => Boolean(arg) && typeof arg === "object" && typeof arg.aws_access_key_id === "string" && typeof arg.aws_secret_access_key === "string" && ["undefined", "string"].indexOf(typeof arg.aws_session_token) > -1 && ["undefined", "string"].indexOf(typeof arg.aws_account_id) > -1, "isStaticCredsProfile"); -var resolveStaticCredentials = /* @__PURE__ */ __name(async (profile, options) => { - options?.logger?.debug("@aws-sdk/credential-provider-ini - resolveStaticCredentials"); - const credentials = { - accessKeyId: profile.aws_access_key_id, - secretAccessKey: profile.aws_secret_access_key, - sessionToken: profile.aws_session_token, - ...profile.aws_credential_scope && { credentialScope: profile.aws_credential_scope }, - ...profile.aws_account_id && { accountId: profile.aws_account_id } - }; - return (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_PROFILE", "n"); -}, "resolveStaticCredentials"); - -// src/resolveWebIdentityCredentials.ts +}, "resolveS3Config"); -var isWebIdentityProfile = /* @__PURE__ */ __name((arg) => Boolean(arg) && typeof arg === "object" && typeof arg.web_identity_token_file === "string" && typeof arg.role_arn === "string" && ["undefined", "string"].indexOf(typeof arg.role_session_name) > -1, "isWebIdentityProfile"); -var resolveWebIdentityCredentials = /* @__PURE__ */ __name(async (profile, options) => Promise.resolve().then(() => __toESM(__nccwpck_require__(5646))).then( - ({ fromTokenFile }) => fromTokenFile({ - webIdentityTokenFile: profile.web_identity_token_file, - roleArn: profile.role_arn, - roleSessionName: profile.role_session_name, - roleAssumerWithWebIdentity: options.roleAssumerWithWebIdentity, - logger: options.logger, - parentClientConfig: options.parentClientConfig - })().then((creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_STS_WEB_ID_TOKEN", "q")) -), "resolveWebIdentityCredentials"); +// src/throw-200-exceptions.ts -// src/resolveProfileData.ts -var resolveProfileData = /* @__PURE__ */ __name(async (profileName, profiles, options, visitedProfiles = {}, isAssumeRoleRecursiveCall = false) => { - const data = profiles[profileName]; - if (Object.keys(visitedProfiles).length > 0 && isStaticCredsProfile(data)) { - return resolveStaticCredentials(data, options); +var import_util_stream = __nccwpck_require__(6607); +var THROW_IF_EMPTY_BODY = { + CopyObjectCommand: true, + UploadPartCopyCommand: true, + CompleteMultipartUploadCommand: true +}; +var MAX_BYTES_TO_INSPECT = 3e3; +var throw200ExceptionsMiddleware = /* @__PURE__ */ __name((config) => (next, context) => async (args) => { + const result = await next(args); + const { response } = result; + if (!import_protocol_http.HttpResponse.isInstance(response)) { + return result; } - if (isAssumeRoleRecursiveCall || isAssumeRoleProfile(data, { profile: profileName, logger: options.logger })) { - return resolveAssumeRoleCredentials(profileName, profiles, options, visitedProfiles); + const { statusCode, body: sourceBody } = response; + if (statusCode < 200 || statusCode >= 300) { + return result; } - if (isStaticCredsProfile(data)) { - return resolveStaticCredentials(data, options); + const isSplittableStream = typeof sourceBody?.stream === "function" || typeof sourceBody?.pipe === "function" || typeof sourceBody?.tee === "function"; + if (!isSplittableStream) { + return result; } - if (isWebIdentityProfile(data)) { - return resolveWebIdentityCredentials(data, options); + let bodyCopy = sourceBody; + let body = sourceBody; + if (sourceBody && typeof sourceBody === "object" && !(sourceBody instanceof Uint8Array)) { + [bodyCopy, body] = await (0, import_util_stream.splitStream)(sourceBody); } - if (isProcessProfile(data)) { - return resolveProcessCredentials(options, profileName); + response.body = body; + const bodyBytes = await collectBody(bodyCopy, { + streamCollector: /* @__PURE__ */ __name(async (stream) => { + return (0, import_util_stream.headStream)(stream, MAX_BYTES_TO_INSPECT); + }, "streamCollector") + }); + if (typeof bodyCopy?.destroy === "function") { + bodyCopy.destroy(); } - if (isSsoProfile(data)) { - return await resolveSsoCredentials(profileName, data, options); + const bodyStringTail = config.utf8Encoder(bodyBytes.subarray(bodyBytes.length - 16)); + if (bodyBytes.length === 0 && THROW_IF_EMPTY_BODY[context.commandName]) { + const err = new Error("S3 aborted request"); + err.name = "InternalError"; + throw err; } - throw new import_property_provider.CredentialsProviderError( - `Could not resolve credentials using profile: [${profileName}] in configuration/credentials file(s).`, - { logger: options.logger } - ); -}, "resolveProfileData"); - -// src/fromIni.ts -var fromIni = /* @__PURE__ */ __name((_init = {}) => async ({ callerClientConfig } = {}) => { - const init = { - ..._init, - parentClientConfig: { - ...callerClientConfig, - ..._init.parentClientConfig - } - }; - init.logger?.debug("@aws-sdk/credential-provider-ini - fromIni"); - const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init); - return resolveProfileData( - (0, import_shared_ini_file_loader.getProfileName)({ - profile: _init.profile ?? callerClientConfig?.profile - }), - profiles, - init - ); -}, "fromIni"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 5531: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; - -var __create = Object.create; -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __getProtoOf = Object.getPrototypeOf; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + if (bodyStringTail && bodyStringTail.endsWith("")) { + response.statusCode = 400; } - return to; + return result; +}, "throw200ExceptionsMiddleware"); +var collectBody = /* @__PURE__ */ __name((streamBody = new Uint8Array(), context) => { + if (streamBody instanceof Uint8Array) { + return Promise.resolve(streamBody); + } + return context.streamCollector(streamBody) || Promise.resolve(new Uint8Array()); +}, "collectBody"); +var throw200ExceptionsMiddlewareOptions = { + relation: "after", + toMiddleware: "deserializerMiddleware", + tags: ["THROW_200_EXCEPTIONS", "S3"], + name: "throw200ExceptionsMiddleware", + override: true }; -var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps( - // If the importer is in node compatibility mode or this is not an ESM - // file that has been converted to a CommonJS file using a Babel- - // compatible transform (i.e. "__esModule" has not been set), then set - // "default" to the CommonJS "module.exports" for node compatibility. - isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target, - mod -)); -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - credentialsTreatedAsExpired: () => credentialsTreatedAsExpired, - credentialsWillNeedRefresh: () => credentialsWillNeedRefresh, - defaultProvider: () => defaultProvider -}); -module.exports = __toCommonJS(index_exports); - -// src/defaultProvider.ts -var import_credential_provider_env = __nccwpck_require__(5972); - -var import_shared_ini_file_loader = __nccwpck_require__(3507); +var getThrow200ExceptionsPlugin = /* @__PURE__ */ __name((config) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.addRelativeTo(throw200ExceptionsMiddleware(config), throw200ExceptionsMiddlewareOptions); + }, "applyToStack") +}), "getThrow200ExceptionsPlugin"); -// src/remoteProvider.ts -var import_property_provider = __nccwpck_require__(9721); -var ENV_IMDS_DISABLED = "AWS_EC2_METADATA_DISABLED"; -var remoteProvider = /* @__PURE__ */ __name(async (init) => { - const { ENV_CMDS_FULL_URI, ENV_CMDS_RELATIVE_URI, fromContainerMetadata, fromInstanceMetadata } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(7477))); - if (process.env[ENV_CMDS_RELATIVE_URI] || process.env[ENV_CMDS_FULL_URI]) { - init.logger?.debug("@aws-sdk/credential-provider-node - remoteProvider::fromHttp/fromContainerMetadata"); - const { fromHttp } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(7290))); - return (0, import_property_provider.chain)(fromHttp(init), fromContainerMetadata(init)); - } - if (process.env[ENV_IMDS_DISABLED] && process.env[ENV_IMDS_DISABLED] !== "false") { - return async () => { - throw new import_property_provider.CredentialsProviderError("EC2 Instance Metadata Service access disabled", { logger: init.logger }); - }; - } - init.logger?.debug("@aws-sdk/credential-provider-node - remoteProvider::fromInstanceMetadata"); - return fromInstanceMetadata(init); -}, "remoteProvider"); +// src/validate-bucket-name.ts +var import_util_arn_parser = __nccwpck_require__(5487); -// src/defaultProvider.ts -var multipleCredentialSourceWarningEmitted = false; -var defaultProvider = /* @__PURE__ */ __name((init = {}) => (0, import_property_provider.memoize)( - (0, import_property_provider.chain)( - async () => { - const profile = init.profile ?? process.env[import_shared_ini_file_loader.ENV_PROFILE]; - if (profile) { - const envStaticCredentialsAreSet = process.env[import_credential_provider_env.ENV_KEY] && process.env[import_credential_provider_env.ENV_SECRET]; - if (envStaticCredentialsAreSet) { - if (!multipleCredentialSourceWarningEmitted) { - const warnFn = init.logger?.warn && init.logger?.constructor?.name !== "NoOpLogger" ? init.logger.warn : console.warn; - warnFn( - `@aws-sdk/credential-provider-node - defaultProvider::fromEnv WARNING: - Multiple credential sources detected: - Both AWS_PROFILE and the pair AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY static credentials are set. - This SDK will proceed with the AWS_PROFILE value. - - However, a future version may change this behavior to prefer the ENV static credentials. - Please ensure that your environment only sets either the AWS_PROFILE or the - AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY pair. -` - ); - multipleCredentialSourceWarningEmitted = true; - } - } - throw new import_property_provider.CredentialsProviderError("AWS_PROFILE is set, skipping fromEnv provider.", { - logger: init.logger, - tryNextLink: true - }); - } - init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromEnv"); - return (0, import_credential_provider_env.fromEnv)(init)(); - }, - async () => { - init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromSSO"); - const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoSession } = init; - if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName && !ssoSession) { - throw new import_property_provider.CredentialsProviderError( - "Skipping SSO provider in default chain (inputs do not include SSO fields).", - { logger: init.logger } - ); +// src/bucket-endpoint-middleware.ts +function bucketEndpointMiddleware(options) { + return (next, context) => async (args) => { + if (options.bucketEndpoint) { + const endpoint = context.endpointV2; + if (endpoint) { + const bucket = args.input.Bucket; + if (typeof bucket === "string") { + try { + const bucketEndpointUrl = new URL(bucket); + context.endpointV2 = { + ...endpoint, + url: bucketEndpointUrl + }; + } catch (e) { + const warning = `@aws-sdk/middleware-sdk-s3: bucketEndpoint=true was set but Bucket=${bucket} could not be parsed as URL.`; + if (context.logger?.constructor?.name === "NoOpLogger") { + console.warn(warning); + } else { + context.logger?.warn?.(warning); + } + throw e; + } + } } - const { fromSSO } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(6414))); - return fromSSO(init)(); - }, - async () => { - init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromIni"); - const { fromIni } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(4203))); - return fromIni(init)(); - }, - async () => { - init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromProcess"); - const { fromProcess } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(9969))); - return fromProcess(init)(); - }, - async () => { - init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromTokenFile"); - const { fromTokenFile } = await Promise.resolve().then(() => __toESM(__nccwpck_require__(5646))); - return fromTokenFile(init)(); - }, - async () => { - init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::remoteProvider"); - return (await remoteProvider(init))(); - }, - async () => { - throw new import_property_provider.CredentialsProviderError("Could not load credentials from any providers", { - tryNextLink: false, - logger: init.logger - }); } - ), - credentialsTreatedAsExpired, - credentialsWillNeedRefresh -), "defaultProvider"); -var credentialsWillNeedRefresh = /* @__PURE__ */ __name((credentials) => credentials?.expiration !== void 0, "credentialsWillNeedRefresh"); -var credentialsTreatedAsExpired = /* @__PURE__ */ __name((credentials) => credentials?.expiration !== void 0 && credentials.expiration.getTime() - Date.now() < 3e5, "credentialsTreatedAsExpired"); + return next(args); + }; +} +__name(bucketEndpointMiddleware, "bucketEndpointMiddleware"); +var bucketEndpointMiddlewareOptions = { + name: "bucketEndpointMiddleware", + override: true, + relation: "after", + toMiddleware: "endpointV2Middleware" +}; + +// src/validate-bucket-name.ts +function validateBucketNameMiddleware({ bucketEndpoint }) { + return (next) => async (args) => { + const { + input: { Bucket } + } = args; + if (!bucketEndpoint && typeof Bucket === "string" && !(0, import_util_arn_parser.validate)(Bucket) && Bucket.indexOf("/") >= 0) { + const err = new Error(`Bucket name shouldn't contain '/', received '${Bucket}'`); + err.name = "InvalidBucketName"; + throw err; + } + return next({ ...args }); + }; +} +__name(validateBucketNameMiddleware, "validateBucketNameMiddleware"); +var validateBucketNameMiddlewareOptions = { + step: "initialize", + tags: ["VALIDATE_BUCKET_NAME"], + name: "validateBucketNameMiddleware", + override: true +}; +var getValidateBucketNamePlugin = /* @__PURE__ */ __name((options) => ({ + applyToStack: /* @__PURE__ */ __name((clientStack) => { + clientStack.add(validateBucketNameMiddleware(options), validateBucketNameMiddlewareOptions); + clientStack.addRelativeTo(bucketEndpointMiddleware(options), bucketEndpointMiddlewareOptions); + }, "applyToStack") +}), "getValidateBucketNamePlugin"); // Annotate the CommonJS export names for ESM import in node: 0 && (0); @@ -41670,8 +50440,22 @@ var credentialsTreatedAsExpired = /* @__PURE__ */ __name((credentials) => creden /***/ }), -/***/ 9969: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +/***/ 9559: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +const tslib_1 = __nccwpck_require__(4351); +tslib_1.__exportStar(__nccwpck_require__(9263), exports); +tslib_1.__exportStar(__nccwpck_require__(7379), exports); +tslib_1.__exportStar(__nccwpck_require__(6764), exports); + + +/***/ }), + +/***/ 9263: +/***/ ((module) => { "use strict"; @@ -41694,103 +50478,75 @@ var __copyProps = (to, from, except, desc) => { }; var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -// src/index.ts +// src/submodules/client/index.ts var index_exports = {}; __export(index_exports, { - fromProcess: () => fromProcess + emitWarningIfUnsupportedVersion: () => emitWarningIfUnsupportedVersion, + setCredentialFeature: () => setCredentialFeature, + setFeature: () => setFeature, + setTokenFeature: () => setTokenFeature, + state: () => state }); module.exports = __toCommonJS(index_exports); -// src/fromProcess.ts -var import_shared_ini_file_loader = __nccwpck_require__(3507); +// src/submodules/client/emitWarningIfUnsupportedVersion.ts +var state = { + warningEmitted: false +}; +var emitWarningIfUnsupportedVersion = /* @__PURE__ */ __name((version) => { + if (version && !state.warningEmitted && parseInt(version.substring(1, version.indexOf("."))) < 18) { + state.warningEmitted = true; + process.emitWarning( + `NodeDeprecationWarning: The AWS SDK for JavaScript (v3) will +no longer support Node.js 16.x on January 6, 2025. -// src/resolveProcessCredentials.ts -var import_property_provider = __nccwpck_require__(9721); -var import_child_process = __nccwpck_require__(2081); -var import_util = __nccwpck_require__(3837); +To continue receiving updates to AWS services, bug fixes, and security +updates please upgrade to a supported Node.js LTS version. -// src/getValidatedProcessCredentials.ts -var import_client = __nccwpck_require__(2825); -var getValidatedProcessCredentials = /* @__PURE__ */ __name((profileName, data, profiles) => { - if (data.Version !== 1) { - throw Error(`Profile ${profileName} credential_process did not return Version 1.`); - } - if (data.AccessKeyId === void 0 || data.SecretAccessKey === void 0) { - throw Error(`Profile ${profileName} credential_process returned invalid credentials.`); - } - if (data.Expiration) { - const currentTime = /* @__PURE__ */ new Date(); - const expireTime = new Date(data.Expiration); - if (expireTime < currentTime) { - throw Error(`Profile ${profileName} credential_process returned expired credentials.`); - } +More information can be found at: https://a.co/74kJMmI` + ); } - let accountId = data.AccountId; - if (!accountId && profiles?.[profileName]?.aws_account_id) { - accountId = profiles[profileName].aws_account_id; +}, "emitWarningIfUnsupportedVersion"); + +// src/submodules/client/setCredentialFeature.ts +function setCredentialFeature(credentials, feature, value) { + if (!credentials.$source) { + credentials.$source = {}; } - const credentials = { - accessKeyId: data.AccessKeyId, - secretAccessKey: data.SecretAccessKey, - ...data.SessionToken && { sessionToken: data.SessionToken }, - ...data.Expiration && { expiration: new Date(data.Expiration) }, - ...data.CredentialScope && { credentialScope: data.CredentialScope }, - ...accountId && { accountId } - }; - (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_PROCESS", "w"); + credentials.$source[feature] = value; return credentials; -}, "getValidatedProcessCredentials"); +} +__name(setCredentialFeature, "setCredentialFeature"); -// src/resolveProcessCredentials.ts -var resolveProcessCredentials = /* @__PURE__ */ __name(async (profileName, profiles, logger) => { - const profile = profiles[profileName]; - if (profiles[profileName]) { - const credentialProcess = profile["credential_process"]; - if (credentialProcess !== void 0) { - const execPromise = (0, import_util.promisify)(import_child_process.exec); - try { - const { stdout } = await execPromise(credentialProcess); - let data; - try { - data = JSON.parse(stdout.trim()); - } catch { - throw Error(`Profile ${profileName} credential_process returned invalid JSON.`); - } - return getValidatedProcessCredentials(profileName, data, profiles); - } catch (error) { - throw new import_property_provider.CredentialsProviderError(error.message, { logger }); - } - } else { - throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} did not contain credential_process.`, { logger }); - } - } else { - throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} could not be found in shared credentials file.`, { - logger - }); +// src/submodules/client/setFeature.ts +function setFeature(context, feature, value) { + if (!context.__aws_sdk_context) { + context.__aws_sdk_context = { + features: {} + }; + } else if (!context.__aws_sdk_context.features) { + context.__aws_sdk_context.features = {}; } -}, "resolveProcessCredentials"); + context.__aws_sdk_context.features[feature] = value; +} +__name(setFeature, "setFeature"); -// src/fromProcess.ts -var fromProcess = /* @__PURE__ */ __name((init = {}) => async ({ callerClientConfig } = {}) => { - init.logger?.debug("@aws-sdk/credential-provider-process - fromProcess"); - const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init); - return resolveProcessCredentials( - (0, import_shared_ini_file_loader.getProfileName)({ - profile: init.profile ?? callerClientConfig?.profile - }), - profiles, - init.logger - ); -}, "fromProcess"); +// src/submodules/client/setTokenFeature.ts +function setTokenFeature(token, feature, value) { + if (!token.$source) { + token.$source = {}; + } + token.$source[feature] = value; + return token; +} +__name(setTokenFeature, "setTokenFeature"); // Annotate the CommonJS export names for ESM import in node: - 0 && (0); - /***/ }), -/***/ 6414: +/***/ 7379: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; @@ -41800,9 +50556,6 @@ var __getOwnPropDesc = Object.getOwnPropertyDescriptor; var __getOwnPropNames = Object.getOwnPropertyNames; var __hasOwnProp = Object.prototype.hasOwnProperty; var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __esm = (fn, res) => function __init() { - return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res; -}; var __export = (target, all) => { for (var name in all) __defProp(target, name, { get: all[name], enumerable: true }); @@ -41817,373 +50570,371 @@ var __copyProps = (to, from, except, desc) => { }; var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -// src/loadSso.ts -var loadSso_exports = {}; -__export(loadSso_exports, { - GetRoleCredentialsCommand: () => import_client_sso.GetRoleCredentialsCommand, - SSOClient: () => import_client_sso.SSOClient -}); -var import_client_sso; -var init_loadSso = __esm({ - "src/loadSso.ts"() { - "use strict"; - import_client_sso = __nccwpck_require__(2666); - } -}); - -// src/index.ts +// src/submodules/httpAuthSchemes/index.ts var index_exports = {}; __export(index_exports, { - fromSSO: () => fromSSO, - isSsoProfile: () => isSsoProfile, - validateSsoProfile: () => validateSsoProfile + AWSSDKSigV4Signer: () => AWSSDKSigV4Signer, + AwsSdkSigV4ASigner: () => AwsSdkSigV4ASigner, + AwsSdkSigV4Signer: () => AwsSdkSigV4Signer, + NODE_AUTH_SCHEME_PREFERENCE_OPTIONS: () => NODE_AUTH_SCHEME_PREFERENCE_OPTIONS, + NODE_SIGV4A_CONFIG_OPTIONS: () => NODE_SIGV4A_CONFIG_OPTIONS, + getBearerTokenEnvKey: () => getBearerTokenEnvKey, + resolveAWSSDKSigV4Config: () => resolveAWSSDKSigV4Config, + resolveAwsSdkSigV4AConfig: () => resolveAwsSdkSigV4AConfig, + resolveAwsSdkSigV4Config: () => resolveAwsSdkSigV4Config, + validateSigningProperties: () => validateSigningProperties }); module.exports = __toCommonJS(index_exports); -// src/fromSSO.ts +// src/submodules/httpAuthSchemes/aws_sdk/AwsSdkSigV4Signer.ts +var import_protocol_http2 = __nccwpck_require__(4418); +// src/submodules/httpAuthSchemes/utils/getDateHeader.ts +var import_protocol_http = __nccwpck_require__(4418); +var getDateHeader = /* @__PURE__ */ __name((response) => import_protocol_http.HttpResponse.isInstance(response) ? response.headers?.date ?? response.headers?.Date : void 0, "getDateHeader"); +// src/submodules/httpAuthSchemes/utils/getSkewCorrectedDate.ts +var getSkewCorrectedDate = /* @__PURE__ */ __name((systemClockOffset) => new Date(Date.now() + systemClockOffset), "getSkewCorrectedDate"); -// src/isSsoProfile.ts -var isSsoProfile = /* @__PURE__ */ __name((arg) => arg && (typeof arg.sso_start_url === "string" || typeof arg.sso_account_id === "string" || typeof arg.sso_session === "string" || typeof arg.sso_region === "string" || typeof arg.sso_role_name === "string"), "isSsoProfile"); +// src/submodules/httpAuthSchemes/utils/isClockSkewed.ts +var isClockSkewed = /* @__PURE__ */ __name((clockTime, systemClockOffset) => Math.abs(getSkewCorrectedDate(systemClockOffset).getTime() - clockTime) >= 3e5, "isClockSkewed"); -// src/resolveSSOCredentials.ts -var import_client = __nccwpck_require__(2825); -var import_token_providers = __nccwpck_require__(2843); -var import_property_provider = __nccwpck_require__(9721); -var import_shared_ini_file_loader = __nccwpck_require__(3507); -var SHOULD_FAIL_CREDENTIAL_CHAIN = false; -var resolveSSOCredentials = /* @__PURE__ */ __name(async ({ - ssoStartUrl, - ssoSession, - ssoAccountId, - ssoRegion, - ssoRoleName, - ssoClient, - clientConfig, - parentClientConfig, - profile, - logger -}) => { - let token; - const refreshMessage = `To refresh this SSO session run aws sso login with the corresponding profile.`; - if (ssoSession) { - try { - const _token = await (0, import_token_providers.fromSso)({ profile })(); - token = { - accessToken: _token.token, - expiresAt: new Date(_token.expiration).toISOString() - }; - } catch (e) { - throw new import_property_provider.CredentialsProviderError(e.message, { - tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, - logger - }); - } - } else { - try { - token = await (0, import_shared_ini_file_loader.getSSOTokenFromFile)(ssoStartUrl); - } catch (e) { - throw new import_property_provider.CredentialsProviderError(`The SSO session associated with this profile is invalid. ${refreshMessage}`, { - tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, - logger - }); - } +// src/submodules/httpAuthSchemes/utils/getUpdatedSystemClockOffset.ts +var getUpdatedSystemClockOffset = /* @__PURE__ */ __name((clockTime, currentSystemClockOffset) => { + const clockTimeInMs = Date.parse(clockTime); + if (isClockSkewed(clockTimeInMs, currentSystemClockOffset)) { + return clockTimeInMs - Date.now(); } - if (new Date(token.expiresAt).getTime() - Date.now() <= 0) { - throw new import_property_provider.CredentialsProviderError(`The SSO session associated with this profile has expired. ${refreshMessage}`, { - tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, - logger - }); + return currentSystemClockOffset; +}, "getUpdatedSystemClockOffset"); + +// src/submodules/httpAuthSchemes/aws_sdk/AwsSdkSigV4Signer.ts +var throwSigningPropertyError = /* @__PURE__ */ __name((name, property) => { + if (!property) { + throw new Error(`Property \`${name}\` is not resolved for AWS SDK SigV4Auth`); } - const { accessToken } = token; - const { SSOClient: SSOClient2, GetRoleCredentialsCommand: GetRoleCredentialsCommand2 } = await Promise.resolve().then(() => (init_loadSso(), loadSso_exports)); - const sso = ssoClient || new SSOClient2( - Object.assign({}, clientConfig ?? {}, { - logger: clientConfig?.logger ?? parentClientConfig?.logger, - region: clientConfig?.region ?? ssoRegion - }) + return property; +}, "throwSigningPropertyError"); +var validateSigningProperties = /* @__PURE__ */ __name(async (signingProperties) => { + const context = throwSigningPropertyError( + "context", + signingProperties.context ); - let ssoResp; - try { - ssoResp = await sso.send( - new GetRoleCredentialsCommand2({ - accountId: ssoAccountId, - roleName: ssoRoleName, - accessToken - }) - ); - } catch (e) { - throw new import_property_provider.CredentialsProviderError(e, { - tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, - logger - }); + const config = throwSigningPropertyError("config", signingProperties.config); + const authScheme = context.endpointV2?.properties?.authSchemes?.[0]; + const signerFunction = throwSigningPropertyError( + "signer", + config.signer + ); + const signer = await signerFunction(authScheme); + const signingRegion = signingProperties?.signingRegion; + const signingRegionSet = signingProperties?.signingRegionSet; + const signingName = signingProperties?.signingName; + return { + config, + signer, + signingRegion, + signingRegionSet, + signingName + }; +}, "validateSigningProperties"); +var AwsSdkSigV4Signer = class { + static { + __name(this, "AwsSdkSigV4Signer"); } - const { - roleCredentials: { accessKeyId, secretAccessKey, sessionToken, expiration, credentialScope, accountId } = {} - } = ssoResp; - if (!accessKeyId || !secretAccessKey || !sessionToken || !expiration) { - throw new import_property_provider.CredentialsProviderError("SSO returns an invalid temporary credential.", { - tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN, - logger + async sign(httpRequest, identity, signingProperties) { + if (!import_protocol_http2.HttpRequest.isInstance(httpRequest)) { + throw new Error("The request is not an instance of `HttpRequest` and cannot be signed"); + } + const validatedProps = await validateSigningProperties(signingProperties); + const { config, signer } = validatedProps; + let { signingRegion, signingName } = validatedProps; + const handlerExecutionContext = signingProperties.context; + if (handlerExecutionContext?.authSchemes?.length ?? 0 > 1) { + const [first, second] = handlerExecutionContext.authSchemes; + if (first?.name === "sigv4a" && second?.name === "sigv4") { + signingRegion = second?.signingRegion ?? signingRegion; + signingName = second?.signingName ?? signingName; + } + } + const signedRequest = await signer.sign(httpRequest, { + signingDate: getSkewCorrectedDate(config.systemClockOffset), + signingRegion, + signingService: signingName }); + return signedRequest; } - const credentials = { - accessKeyId, - secretAccessKey, - sessionToken, - expiration: new Date(expiration), - ...credentialScope && { credentialScope }, - ...accountId && { accountId } - }; - if (ssoSession) { - (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_SSO", "s"); - } else { - (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_SSO_LEGACY", "u"); + errorHandler(signingProperties) { + return (error) => { + const serverTime = error.ServerTime ?? getDateHeader(error.$response); + if (serverTime) { + const config = throwSigningPropertyError("config", signingProperties.config); + const initialSystemClockOffset = config.systemClockOffset; + config.systemClockOffset = getUpdatedSystemClockOffset(serverTime, config.systemClockOffset); + const clockSkewCorrected = config.systemClockOffset !== initialSystemClockOffset; + if (clockSkewCorrected && error.$metadata) { + error.$metadata.clockSkewCorrected = true; + } + } + throw error; + }; } - return credentials; -}, "resolveSSOCredentials"); - -// src/validateSsoProfile.ts - -var validateSsoProfile = /* @__PURE__ */ __name((profile, logger) => { - const { sso_start_url, sso_account_id, sso_region, sso_role_name } = profile; - if (!sso_start_url || !sso_account_id || !sso_region || !sso_role_name) { - throw new import_property_provider.CredentialsProviderError( - `Profile is configured with invalid SSO credentials. Required parameters "sso_account_id", "sso_region", "sso_role_name", "sso_start_url". Got ${Object.keys(profile).join( - ", " - )} -Reference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`, - { tryNextLink: false, logger } - ); + successHandler(httpResponse, signingProperties) { + const dateHeader = getDateHeader(httpResponse); + if (dateHeader) { + const config = throwSigningPropertyError("config", signingProperties.config); + config.systemClockOffset = getUpdatedSystemClockOffset(dateHeader, config.systemClockOffset); + } } - return profile; -}, "validateSsoProfile"); +}; +var AWSSDKSigV4Signer = AwsSdkSigV4Signer; -// src/fromSSO.ts -var fromSSO = /* @__PURE__ */ __name((init = {}) => async ({ callerClientConfig } = {}) => { - init.logger?.debug("@aws-sdk/credential-provider-sso - fromSSO"); - const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoSession } = init; - const { ssoClient } = init; - const profileName = (0, import_shared_ini_file_loader.getProfileName)({ - profile: init.profile ?? callerClientConfig?.profile - }); - if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName && !ssoSession) { - const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init); - const profile = profiles[profileName]; - if (!profile) { - throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} was not found.`, { logger: init.logger }); - } - if (!isSsoProfile(profile)) { - throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} is not configured with SSO credentials.`, { - logger: init.logger - }); - } - if (profile?.sso_session) { - const ssoSessions = await (0, import_shared_ini_file_loader.loadSsoSessionData)(init); - const session = ssoSessions[profile.sso_session]; - const conflictMsg = ` configurations in profile ${profileName} and sso-session ${profile.sso_session}`; - if (ssoRegion && ssoRegion !== session.sso_region) { - throw new import_property_provider.CredentialsProviderError(`Conflicting SSO region` + conflictMsg, { - tryNextLink: false, - logger: init.logger - }); - } - if (ssoStartUrl && ssoStartUrl !== session.sso_start_url) { - throw new import_property_provider.CredentialsProviderError(`Conflicting SSO start_url` + conflictMsg, { - tryNextLink: false, - logger: init.logger - }); - } - profile.sso_region = session.sso_region; - profile.sso_start_url = session.sso_start_url; +// src/submodules/httpAuthSchemes/aws_sdk/AwsSdkSigV4ASigner.ts +var import_protocol_http3 = __nccwpck_require__(4418); +var AwsSdkSigV4ASigner = class extends AwsSdkSigV4Signer { + static { + __name(this, "AwsSdkSigV4ASigner"); + } + async sign(httpRequest, identity, signingProperties) { + if (!import_protocol_http3.HttpRequest.isInstance(httpRequest)) { + throw new Error("The request is not an instance of `HttpRequest` and cannot be signed"); } - const { sso_start_url, sso_account_id, sso_region, sso_role_name, sso_session } = validateSsoProfile( - profile, - init.logger - ); - return resolveSSOCredentials({ - ssoStartUrl: sso_start_url, - ssoSession: sso_session, - ssoAccountId: sso_account_id, - ssoRegion: sso_region, - ssoRoleName: sso_role_name, - ssoClient, - clientConfig: init.clientConfig, - parentClientConfig: init.parentClientConfig, - profile: profileName - }); - } else if (!ssoStartUrl || !ssoAccountId || !ssoRegion || !ssoRoleName) { - throw new import_property_provider.CredentialsProviderError( - 'Incomplete configuration. The fromSSO() argument hash must include "ssoStartUrl", "ssoAccountId", "ssoRegion", "ssoRoleName"', - { tryNextLink: false, logger: init.logger } + const { config, signer, signingRegion, signingRegionSet, signingName } = await validateSigningProperties( + signingProperties ); - } else { - return resolveSSOCredentials({ - ssoStartUrl, - ssoSession, - ssoAccountId, - ssoRegion, - ssoRoleName, - ssoClient, - clientConfig: init.clientConfig, - parentClientConfig: init.parentClientConfig, - profile: profileName + const configResolvedSigningRegionSet = await config.sigv4aSigningRegionSet?.(); + const multiRegionOverride = (configResolvedSigningRegionSet ?? signingRegionSet ?? [signingRegion]).join(","); + const signedRequest = await signer.sign(httpRequest, { + signingDate: getSkewCorrectedDate(config.systemClockOffset), + signingRegion: multiRegionOverride, + signingService: signingName }); + return signedRequest; } -}, "fromSSO"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), +}; -/***/ 5614: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { +// src/submodules/httpAuthSchemes/utils/getArrayForCommaSeparatedString.ts +var getArrayForCommaSeparatedString = /* @__PURE__ */ __name((str) => typeof str === "string" && str.length > 0 ? str.split(",").map((item) => item.trim()) : [], "getArrayForCommaSeparatedString"); -"use strict"; +// src/submodules/httpAuthSchemes/utils/getBearerTokenEnvKey.ts +var getBearerTokenEnvKey = /* @__PURE__ */ __name((signingName) => `AWS_BEARER_TOKEN_${signingName.replace(/[\s-]/g, "_").toUpperCase()}`, "getBearerTokenEnvKey"); -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.fromTokenFile = void 0; -const client_1 = __nccwpck_require__(2825); -const property_provider_1 = __nccwpck_require__(9721); -const fs_1 = __nccwpck_require__(7147); -const fromWebToken_1 = __nccwpck_require__(7905); -const ENV_TOKEN_FILE = "AWS_WEB_IDENTITY_TOKEN_FILE"; -const ENV_ROLE_ARN = "AWS_ROLE_ARN"; -const ENV_ROLE_SESSION_NAME = "AWS_ROLE_SESSION_NAME"; -const fromTokenFile = (init = {}) => async () => { - init.logger?.debug("@aws-sdk/credential-provider-web-identity - fromTokenFile"); - const webIdentityTokenFile = init?.webIdentityTokenFile ?? process.env[ENV_TOKEN_FILE]; - const roleArn = init?.roleArn ?? process.env[ENV_ROLE_ARN]; - const roleSessionName = init?.roleSessionName ?? process.env[ENV_ROLE_SESSION_NAME]; - if (!webIdentityTokenFile || !roleArn) { - throw new property_provider_1.CredentialsProviderError("Web identity configuration not specified", { - logger: init.logger, - }); - } - const credentials = await (0, fromWebToken_1.fromWebToken)({ - ...init, - webIdentityToken: (0, fs_1.readFileSync)(webIdentityTokenFile, { encoding: "ascii" }), - roleArn, - roleSessionName, - })(); - if (webIdentityTokenFile === process.env[ENV_TOKEN_FILE]) { - (0, client_1.setCredentialFeature)(credentials, "CREDENTIALS_ENV_VARS_STS_WEB_ID_TOKEN", "h"); +// src/submodules/httpAuthSchemes/aws_sdk/NODE_AUTH_SCHEME_PREFERENCE_OPTIONS.ts +var NODE_AUTH_SCHEME_PREFERENCE_ENV_KEY = "AWS_AUTH_SCHEME_PREFERENCE"; +var NODE_AUTH_SCHEME_PREFERENCE_CONFIG_KEY = "auth_scheme_preference"; +var NODE_AUTH_SCHEME_PREFERENCE_OPTIONS = { + /** + * Retrieves auth scheme preference from environment variables + * @param env - Node process environment object + * @returns Array of auth scheme strings if preference is set, undefined otherwise + */ + environmentVariableSelector: /* @__PURE__ */ __name((env, options) => { + if (options?.signingName) { + const bearerTokenKey = getBearerTokenEnvKey(options.signingName); + if (bearerTokenKey in env) return ["httpBearerAuth"]; } - return credentials; + if (!(NODE_AUTH_SCHEME_PREFERENCE_ENV_KEY in env)) return void 0; + return getArrayForCommaSeparatedString(env[NODE_AUTH_SCHEME_PREFERENCE_ENV_KEY]); + }, "environmentVariableSelector"), + /** + * Retrieves auth scheme preference from config file + * @param profile - Config profile object + * @returns Array of auth scheme strings if preference is set, undefined otherwise + */ + configFileSelector: /* @__PURE__ */ __name((profile) => { + if (!(NODE_AUTH_SCHEME_PREFERENCE_CONFIG_KEY in profile)) return void 0; + return getArrayForCommaSeparatedString(profile[NODE_AUTH_SCHEME_PREFERENCE_CONFIG_KEY]); + }, "configFileSelector"), + /** + * Default auth scheme preference if not specified in environment or config + */ + default: [] }; -exports.fromTokenFile = fromTokenFile; - - -/***/ }), - -/***/ 7905: -/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { - -"use strict"; -var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { - if (k2 === undefined) k2 = k; - var desc = Object.getOwnPropertyDescriptor(m, k); - if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { - desc = { enumerable: true, get: function() { return m[k]; } }; +// src/submodules/httpAuthSchemes/aws_sdk/resolveAwsSdkSigV4AConfig.ts +var import_core = __nccwpck_require__(5829); +var import_property_provider = __nccwpck_require__(9721); +var resolveAwsSdkSigV4AConfig = /* @__PURE__ */ __name((config) => { + config.sigv4aSigningRegionSet = (0, import_core.normalizeProvider)(config.sigv4aSigningRegionSet); + return config; +}, "resolveAwsSdkSigV4AConfig"); +var NODE_SIGV4A_CONFIG_OPTIONS = { + environmentVariableSelector(env) { + if (env.AWS_SIGV4A_SIGNING_REGION_SET) { + return env.AWS_SIGV4A_SIGNING_REGION_SET.split(",").map((_) => _.trim()); } - Object.defineProperty(o, k2, desc); -}) : (function(o, m, k, k2) { - if (k2 === undefined) k2 = k; - o[k2] = m[k]; -})); -var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { - Object.defineProperty(o, "default", { enumerable: true, value: v }); -}) : function(o, v) { - o["default"] = v; -}); -var __importStar = (this && this.__importStar) || (function () { - var ownKeys = function(o) { - ownKeys = Object.getOwnPropertyNames || function (o) { - var ar = []; - for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k; - return ar; - }; - return ownKeys(o); - }; - return function (mod) { - if (mod && mod.__esModule) return mod; - var result = {}; - if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]); - __setModuleDefault(result, mod); - return result; - }; -})(); -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.fromWebToken = void 0; -const fromWebToken = (init) => async (awsIdentityProperties) => { - init.logger?.debug("@aws-sdk/credential-provider-web-identity - fromWebToken"); - const { roleArn, roleSessionName, webIdentityToken, providerId, policyArns, policy, durationSeconds } = init; - let { roleAssumerWithWebIdentity } = init; - if (!roleAssumerWithWebIdentity) { - const { getDefaultRoleAssumerWithWebIdentity } = await Promise.resolve().then(() => __importStar(__nccwpck_require__(2273))); - roleAssumerWithWebIdentity = getDefaultRoleAssumerWithWebIdentity({ - ...init.clientConfig, - credentialProviderLogger: init.logger, - parentClientConfig: { - ...awsIdentityProperties?.callerClientConfig, - ...init.parentClientConfig, - }, - }, init.clientPlugins); + throw new import_property_provider.ProviderError("AWS_SIGV4A_SIGNING_REGION_SET not set in env.", { + tryNextLink: true + }); + }, + configFileSelector(profile) { + if (profile.sigv4a_signing_region_set) { + return (profile.sigv4a_signing_region_set ?? "").split(",").map((_) => _.trim()); } - return roleAssumerWithWebIdentity({ - RoleArn: roleArn, - RoleSessionName: roleSessionName ?? `aws-sdk-js-session-${Date.now()}`, - WebIdentityToken: webIdentityToken, - ProviderId: providerId, - PolicyArns: policyArns, - Policy: policy, - DurationSeconds: durationSeconds, + throw new import_property_provider.ProviderError("sigv4a_signing_region_set not set in profile.", { + tryNextLink: true }); + }, + default: void 0 }; -exports.fromWebToken = fromWebToken; - - -/***/ }), - -/***/ 5646: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); +// src/submodules/httpAuthSchemes/aws_sdk/resolveAwsSdkSigV4Config.ts +var import_client = __nccwpck_require__(9263); +var import_core2 = __nccwpck_require__(5829); +var import_signature_v4 = __nccwpck_require__(1528); +var resolveAwsSdkSigV4Config = /* @__PURE__ */ __name((config) => { + let inputCredentials = config.credentials; + let isUserSupplied = !!config.credentials; + let resolvedCredentials = void 0; + Object.defineProperty(config, "credentials", { + set(credentials) { + if (credentials && credentials !== inputCredentials && credentials !== resolvedCredentials) { + isUserSupplied = true; + } + inputCredentials = credentials; + const memoizedProvider = normalizeCredentialProvider(config, { + credentials: inputCredentials, + credentialDefaultProvider: config.credentialDefaultProvider + }); + const boundProvider = bindCallerConfig(config, memoizedProvider); + if (isUserSupplied && !boundProvider.attributed) { + resolvedCredentials = /* @__PURE__ */ __name(async (options) => boundProvider(options).then( + (creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_CODE", "e") + ), "resolvedCredentials"); + resolvedCredentials.memoized = boundProvider.memoized; + resolvedCredentials.configBound = boundProvider.configBound; + resolvedCredentials.attributed = true; + } else { + resolvedCredentials = boundProvider; + } + }, + get() { + return resolvedCredentials; + }, + enumerable: true, + configurable: true + }); + config.credentials = inputCredentials; + const { + // Default for signingEscapePath + signingEscapePath = true, + // Default for systemClockOffset + systemClockOffset = config.systemClockOffset || 0, + // No default for sha256 since it is platform dependent + sha256 + } = config; + let signer; + if (config.signer) { + signer = (0, import_core2.normalizeProvider)(config.signer); + } else if (config.regionInfoProvider) { + signer = /* @__PURE__ */ __name(() => (0, import_core2.normalizeProvider)(config.region)().then( + async (region) => [ + await config.regionInfoProvider(region, { + useFipsEndpoint: await config.useFipsEndpoint(), + useDualstackEndpoint: await config.useDualstackEndpoint() + }) || {}, + region + ] + ).then(([regionInfo, region]) => { + const { signingRegion, signingService } = regionInfo; + config.signingRegion = config.signingRegion || signingRegion || region; + config.signingName = config.signingName || signingService || config.serviceId; + const params = { + ...config, + credentials: config.credentials, + region: config.signingRegion, + service: config.signingName, + sha256, + uriEscapePath: signingEscapePath + }; + const SignerCtor = config.signerConstructor || import_signature_v4.SignatureV4; + return new SignerCtor(params); + }), "signer"); + } else { + signer = /* @__PURE__ */ __name(async (authScheme) => { + authScheme = Object.assign( + {}, + { + name: "sigv4", + signingName: config.signingName || config.defaultSigningName, + signingRegion: await (0, import_core2.normalizeProvider)(config.region)(), + properties: {} + }, + authScheme + ); + const signingRegion = authScheme.signingRegion; + const signingService = authScheme.signingName; + config.signingRegion = config.signingRegion || signingRegion; + config.signingName = config.signingName || signingService || config.serviceId; + const params = { + ...config, + credentials: config.credentials, + region: config.signingRegion, + service: config.signingName, + sha256, + uriEscapePath: signingEscapePath + }; + const SignerCtor = config.signerConstructor || import_signature_v4.SignatureV4; + return new SignerCtor(params); + }, "signer"); } - return to; -}; -var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default")); -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -module.exports = __toCommonJS(index_exports); -__reExport(index_exports, __nccwpck_require__(5614), module.exports); -__reExport(index_exports, __nccwpck_require__(7905), module.exports); + const resolvedConfig = Object.assign(config, { + systemClockOffset, + signingEscapePath, + signer + }); + return resolvedConfig; +}, "resolveAwsSdkSigV4Config"); +var resolveAWSSDKSigV4Config = resolveAwsSdkSigV4Config; +function normalizeCredentialProvider(config, { + credentials, + credentialDefaultProvider +}) { + let credentialsProvider; + if (credentials) { + if (!credentials?.memoized) { + credentialsProvider = (0, import_core2.memoizeIdentityProvider)(credentials, import_core2.isIdentityExpired, import_core2.doesIdentityRequireRefresh); + } else { + credentialsProvider = credentials; + } + } else { + if (credentialDefaultProvider) { + credentialsProvider = (0, import_core2.normalizeProvider)( + credentialDefaultProvider( + Object.assign({}, config, { + parentClientConfig: config + }) + ) + ); + } else { + credentialsProvider = /* @__PURE__ */ __name(async () => { + throw new Error( + "@aws-sdk/core::resolveAwsSdkSigV4Config - `credentials` not provided and no credentialDefaultProvider was configured." + ); + }, "credentialsProvider"); + } + } + credentialsProvider.memoized = true; + return credentialsProvider; +} +__name(normalizeCredentialProvider, "normalizeCredentialProvider"); +function bindCallerConfig(config, credentialsProvider) { + if (credentialsProvider.configBound) { + return credentialsProvider; + } + const fn = /* @__PURE__ */ __name(async (options) => credentialsProvider({ ...options, callerClientConfig: config }), "fn"); + fn.memoized = credentialsProvider.memoized; + fn.configBound = true; + return fn; +} +__name(bindCallerConfig, "bindCallerConfig"); // Annotate the CommonJS export names for ESM import in node: - 0 && (0); - /***/ }), -/***/ 6689: +/***/ 6764: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; @@ -42207,2020 +50958,1895 @@ var __copyProps = (to, from, except, desc) => { }; var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -// src/index.ts +// src/submodules/protocols/index.ts var index_exports = {}; __export(index_exports, { - NODE_DISABLE_MULTIREGION_ACCESS_POINT_CONFIG_OPTIONS: () => NODE_DISABLE_MULTIREGION_ACCESS_POINT_CONFIG_OPTIONS, - NODE_DISABLE_MULTIREGION_ACCESS_POINT_ENV_NAME: () => NODE_DISABLE_MULTIREGION_ACCESS_POINT_ENV_NAME, - NODE_DISABLE_MULTIREGION_ACCESS_POINT_INI_NAME: () => NODE_DISABLE_MULTIREGION_ACCESS_POINT_INI_NAME, - NODE_USE_ARN_REGION_CONFIG_OPTIONS: () => NODE_USE_ARN_REGION_CONFIG_OPTIONS, - NODE_USE_ARN_REGION_ENV_NAME: () => NODE_USE_ARN_REGION_ENV_NAME, - NODE_USE_ARN_REGION_INI_NAME: () => NODE_USE_ARN_REGION_INI_NAME, - bucketEndpointMiddleware: () => bucketEndpointMiddleware, - bucketEndpointMiddlewareOptions: () => bucketEndpointMiddlewareOptions, - bucketHostname: () => bucketHostname, - getArnResources: () => getArnResources, - getBucketEndpointPlugin: () => getBucketEndpointPlugin, - getSuffixForArnEndpoint: () => getSuffixForArnEndpoint, - resolveBucketEndpointConfig: () => resolveBucketEndpointConfig, - validateAccountId: () => validateAccountId, - validateDNSHostLabel: () => validateDNSHostLabel, - validateNoDualstack: () => validateNoDualstack, - validateNoFIPS: () => validateNoFIPS, - validateOutpostService: () => validateOutpostService, - validatePartition: () => validatePartition, - validateRegion: () => validateRegion + AwsEc2QueryProtocol: () => AwsEc2QueryProtocol, + AwsJson1_0Protocol: () => AwsJson1_0Protocol, + AwsJson1_1Protocol: () => AwsJson1_1Protocol, + AwsJsonRpcProtocol: () => AwsJsonRpcProtocol, + AwsQueryProtocol: () => AwsQueryProtocol, + AwsRestJsonProtocol: () => AwsRestJsonProtocol, + AwsRestXmlProtocol: () => AwsRestXmlProtocol, + JsonCodec: () => JsonCodec, + JsonShapeDeserializer: () => JsonShapeDeserializer, + JsonShapeSerializer: () => JsonShapeSerializer, + XmlCodec: () => XmlCodec, + XmlShapeDeserializer: () => XmlShapeDeserializer, + XmlShapeSerializer: () => XmlShapeSerializer, + _toBool: () => _toBool, + _toNum: () => _toNum, + _toStr: () => _toStr, + awsExpectUnion: () => awsExpectUnion, + loadRestJsonErrorCode: () => loadRestJsonErrorCode, + loadRestXmlErrorCode: () => loadRestXmlErrorCode, + parseJsonBody: () => parseJsonBody, + parseJsonErrorBody: () => parseJsonErrorBody, + parseXmlBody: () => parseXmlBody, + parseXmlErrorBody: () => parseXmlErrorBody }); module.exports = __toCommonJS(index_exports); -// src/NodeDisableMultiregionAccessPointConfigOptions.ts -var import_util_config_provider = __nccwpck_require__(3375); -var NODE_DISABLE_MULTIREGION_ACCESS_POINT_ENV_NAME = "AWS_S3_DISABLE_MULTIREGION_ACCESS_POINTS"; -var NODE_DISABLE_MULTIREGION_ACCESS_POINT_INI_NAME = "s3_disable_multiregion_access_points"; -var NODE_DISABLE_MULTIREGION_ACCESS_POINT_CONFIG_OPTIONS = { - environmentVariableSelector: /* @__PURE__ */ __name((env) => (0, import_util_config_provider.booleanSelector)(env, NODE_DISABLE_MULTIREGION_ACCESS_POINT_ENV_NAME, import_util_config_provider.SelectorType.ENV), "environmentVariableSelector"), - configFileSelector: /* @__PURE__ */ __name((profile) => (0, import_util_config_provider.booleanSelector)(profile, NODE_DISABLE_MULTIREGION_ACCESS_POINT_INI_NAME, import_util_config_provider.SelectorType.CONFIG), "configFileSelector"), - default: false -}; - -// src/NodeUseArnRegionConfigOptions.ts - -var NODE_USE_ARN_REGION_ENV_NAME = "AWS_S3_USE_ARN_REGION"; -var NODE_USE_ARN_REGION_INI_NAME = "s3_use_arn_region"; -var NODE_USE_ARN_REGION_CONFIG_OPTIONS = { - environmentVariableSelector: /* @__PURE__ */ __name((env) => (0, import_util_config_provider.booleanSelector)(env, NODE_USE_ARN_REGION_ENV_NAME, import_util_config_provider.SelectorType.ENV), "environmentVariableSelector"), - configFileSelector: /* @__PURE__ */ __name((profile) => (0, import_util_config_provider.booleanSelector)(profile, NODE_USE_ARN_REGION_INI_NAME, import_util_config_provider.SelectorType.CONFIG), "configFileSelector"), - /** - * useArnRegion has specific behavior when undefined instead of false. - * We therefore use undefined as the default value instead of false. - */ - default: void 0 -}; +// src/submodules/protocols/coercing-serializers.ts +var _toStr = /* @__PURE__ */ __name((val) => { + if (val == null) { + return val; + } + if (typeof val === "number" || typeof val === "bigint") { + const warning = new Error(`Received number ${val} where a string was expected.`); + warning.name = "Warning"; + console.warn(warning); + return String(val); + } + if (typeof val === "boolean") { + const warning = new Error(`Received boolean ${val} where a string was expected.`); + warning.name = "Warning"; + console.warn(warning); + return String(val); + } + return val; +}, "_toStr"); +var _toBool = /* @__PURE__ */ __name((val) => { + if (val == null) { + return val; + } + if (typeof val === "number") { + } + if (typeof val === "string") { + const lowercase = val.toLowerCase(); + if (val !== "" && lowercase !== "false" && lowercase !== "true") { + const warning = new Error(`Received string "${val}" where a boolean was expected.`); + warning.name = "Warning"; + console.warn(warning); + } + return val !== "" && lowercase !== "false"; + } + return val; +}, "_toBool"); +var _toNum = /* @__PURE__ */ __name((val) => { + if (val == null) { + return val; + } + if (typeof val === "boolean") { + } + if (typeof val === "string") { + const num = Number(val); + if (num.toString() !== val) { + const warning = new Error(`Received string "${val}" where a number was expected.`); + warning.name = "Warning"; + console.warn(warning); + return val; + } + return num; + } + return val; +}, "_toNum"); -// src/bucketEndpointMiddleware.ts -var import_util_arn_parser = __nccwpck_require__(5487); -var import_protocol_http = __nccwpck_require__(4418); +// src/submodules/protocols/json/AwsJsonRpcProtocol.ts +var import_protocols = __nccwpck_require__(2241); +var import_schema3 = __nccwpck_require__(9826); +var import_util_body_length_browser = __nccwpck_require__(713); -// src/bucketHostnameUtils.ts -var DOMAIN_PATTERN = /^[a-z0-9][a-z0-9\.\-]{1,61}[a-z0-9]$/; -var IP_ADDRESS_PATTERN = /(\d+\.){3}\d+/; -var DOTS_PATTERN = /\.\./; -var DOT_PATTERN = /\./; -var S3_HOSTNAME_PATTERN = /^(.+\.)?s3(-fips)?(\.dualstack)?[.-]([a-z0-9-]+)\./; -var S3_US_EAST_1_ALTNAME_PATTERN = /^s3(-external-1)?\.amazonaws\.com$/; -var AWS_PARTITION_SUFFIX = "amazonaws.com"; -var isBucketNameOptions = /* @__PURE__ */ __name((options) => typeof options.bucketName === "string", "isBucketNameOptions"); -var isDnsCompatibleBucketName = /* @__PURE__ */ __name((bucketName) => DOMAIN_PATTERN.test(bucketName) && !IP_ADDRESS_PATTERN.test(bucketName) && !DOTS_PATTERN.test(bucketName), "isDnsCompatibleBucketName"); -var getRegionalSuffix = /* @__PURE__ */ __name((hostname) => { - const parts = hostname.match(S3_HOSTNAME_PATTERN); - return [parts[4], hostname.replace(new RegExp(`^${parts[0]}`), "")]; -}, "getRegionalSuffix"); -var getSuffix = /* @__PURE__ */ __name((hostname) => S3_US_EAST_1_ALTNAME_PATTERN.test(hostname) ? ["us-east-1", AWS_PARTITION_SUFFIX] : getRegionalSuffix(hostname), "getSuffix"); -var getSuffixForArnEndpoint = /* @__PURE__ */ __name((hostname) => S3_US_EAST_1_ALTNAME_PATTERN.test(hostname) ? [hostname.replace(`.${AWS_PARTITION_SUFFIX}`, ""), AWS_PARTITION_SUFFIX] : getRegionalSuffix(hostname), "getSuffixForArnEndpoint"); -var validateArnEndpointOptions = /* @__PURE__ */ __name((options) => { - if (options.pathStyleEndpoint) { - throw new Error("Path-style S3 endpoint is not supported when bucket is an ARN"); - } - if (options.accelerateEndpoint) { - throw new Error("Accelerate endpoint is not supported when bucket is an ARN"); +// src/submodules/protocols/ConfigurableSerdeContext.ts +var SerdeContextConfig = class { + static { + __name(this, "SerdeContextConfig"); } - if (!options.tlsCompatible) { - throw new Error("HTTPS is required when bucket is an ARN"); + serdeContext; + setSerdeContext(serdeContext) { + this.serdeContext = serdeContext; } -}, "validateArnEndpointOptions"); -var validateService = /* @__PURE__ */ __name((service) => { - if (service !== "s3" && service !== "s3-outposts" && service !== "s3-object-lambda") { - throw new Error("Expect 's3' or 's3-outposts' or 's3-object-lambda' in ARN service component"); +}; + +// src/submodules/protocols/json/JsonShapeDeserializer.ts +var import_schema = __nccwpck_require__(9826); +var import_serde2 = __nccwpck_require__(7669); +var import_util_base64 = __nccwpck_require__(5600); + +// src/submodules/protocols/json/jsonReviver.ts +var import_serde = __nccwpck_require__(7669); +function jsonReviver(key, value, context) { + if (context?.source) { + const numericString = context.source; + if (typeof value === "number") { + if (value > Number.MAX_SAFE_INTEGER || value < Number.MIN_SAFE_INTEGER || numericString !== String(value)) { + const isFractional = numericString.includes("."); + if (isFractional) { + return new import_serde.NumericValue(numericString, "bigDecimal"); + } else { + return BigInt(numericString); + } + } + } } -}, "validateService"); -var validateS3Service = /* @__PURE__ */ __name((service) => { - if (service !== "s3") { - throw new Error("Expect 's3' in Accesspoint ARN service component"); + return value; +} +__name(jsonReviver, "jsonReviver"); + +// src/submodules/protocols/common.ts +var import_smithy_client = __nccwpck_require__(3570); +var collectBodyString = /* @__PURE__ */ __name((streamBody, context) => (0, import_smithy_client.collectBody)(streamBody, context).then((body) => context.utf8Encoder(body)), "collectBodyString"); + +// src/submodules/protocols/json/parseJsonBody.ts +var parseJsonBody = /* @__PURE__ */ __name((streamBody, context) => collectBodyString(streamBody, context).then((encoded) => { + if (encoded.length) { + try { + return JSON.parse(encoded); + } catch (e) { + if (e?.name === "SyntaxError") { + Object.defineProperty(e, "$responseBodyText", { + value: encoded + }); + } + throw e; + } } -}, "validateS3Service"); -var validateOutpostService = /* @__PURE__ */ __name((service) => { - if (service !== "s3-outposts") { - throw new Error("Expect 's3-posts' in Outpost ARN service component"); + return {}; +}), "parseJsonBody"); +var parseJsonErrorBody = /* @__PURE__ */ __name(async (errorBody, context) => { + const value = await parseJsonBody(errorBody, context); + value.message = value.message ?? value.Message; + return value; +}, "parseJsonErrorBody"); +var loadRestJsonErrorCode = /* @__PURE__ */ __name((output, data) => { + const findKey = /* @__PURE__ */ __name((object, key) => Object.keys(object).find((k) => k.toLowerCase() === key.toLowerCase()), "findKey"); + const sanitizeErrorCode = /* @__PURE__ */ __name((rawValue) => { + let cleanValue = rawValue; + if (typeof cleanValue === "number") { + cleanValue = cleanValue.toString(); + } + if (cleanValue.indexOf(",") >= 0) { + cleanValue = cleanValue.split(",")[0]; + } + if (cleanValue.indexOf(":") >= 0) { + cleanValue = cleanValue.split(":")[0]; + } + if (cleanValue.indexOf("#") >= 0) { + cleanValue = cleanValue.split("#")[1]; + } + return cleanValue; + }, "sanitizeErrorCode"); + const headerKey = findKey(output.headers, "x-amzn-errortype"); + if (headerKey !== void 0) { + return sanitizeErrorCode(output.headers[headerKey]); } -}, "validateOutpostService"); -var validatePartition = /* @__PURE__ */ __name((partition, options) => { - if (partition !== options.clientPartition) { - throw new Error(`Partition in ARN is incompatible, got "${partition}" but expected "${options.clientPartition}"`); + if (data && typeof data === "object") { + const codeKey = findKey(data, "code"); + if (codeKey && data[codeKey] !== void 0) { + return sanitizeErrorCode(data[codeKey]); + } + if (data["__type"] !== void 0) { + return sanitizeErrorCode(data["__type"]); + } } -}, "validatePartition"); -var validateRegion = /* @__PURE__ */ __name((region, options) => { -}, "validateRegion"); -var validateRegionalClient = /* @__PURE__ */ __name((region) => { - if (["s3-external-1", "aws-global"].includes(region)) { - throw new Error(`Client region ${region} is not regional`); +}, "loadRestJsonErrorCode"); + +// src/submodules/protocols/json/JsonShapeDeserializer.ts +var JsonShapeDeserializer = class extends SerdeContextConfig { + constructor(settings) { + super(); + this.settings = settings; } -}, "validateRegionalClient"); -var validateAccountId = /* @__PURE__ */ __name((accountId) => { - if (!/[0-9]{12}/.exec(accountId)) { - throw new Error("Access point ARN accountID does not match regex '[0-9]{12}'"); + static { + __name(this, "JsonShapeDeserializer"); } -}, "validateAccountId"); -var validateDNSHostLabel = /* @__PURE__ */ __name((label, options = { tlsCompatible: true }) => { - if (label.length >= 64 || !/^[a-z0-9][a-z0-9.-]*[a-z0-9]$/.test(label) || /(\d+\.){3}\d+/.test(label) || /[.-]{2}/.test(label) || options?.tlsCompatible && DOT_PATTERN.test(label)) { - throw new Error(`Invalid DNS label ${label}`); + async read(schema, data) { + return this._read( + schema, + typeof data === "string" ? JSON.parse(data, jsonReviver) : await parseJsonBody(data, this.serdeContext) + ); } -}, "validateDNSHostLabel"); -var validateCustomEndpoint = /* @__PURE__ */ __name((options) => { - if (options.isCustomEndpoint) { - if (options.dualstackEndpoint) throw new Error("Dualstack endpoint is not supported with custom endpoint"); - if (options.accelerateEndpoint) throw new Error("Accelerate endpoint is not supported with custom endpoint"); + readObject(schema, data) { + return this._read(schema, data); } -}, "validateCustomEndpoint"); -var getArnResources = /* @__PURE__ */ __name((resource) => { - const delimiter = resource.includes(":") ? ":" : "/"; - const [resourceType, ...rest] = resource.split(delimiter); - if (resourceType === "accesspoint") { - if (rest.length !== 1 || rest[0] === "") { - throw new Error(`Access Point ARN should have one resource accesspoint${delimiter}{accesspointname}`); + _read(schema, value) { + const isObject = value !== null && typeof value === "object"; + const ns = import_schema.NormalizedSchema.of(schema); + if (ns.isListSchema() && Array.isArray(value)) { + const listMember = ns.getValueSchema(); + const out = []; + const sparse = !!ns.getMergedTraits().sparse; + for (const item of value) { + if (sparse || item != null) { + out.push(this._read(listMember, item)); + } + } + return out; + } else if (ns.isMapSchema() && isObject) { + const mapMember = ns.getValueSchema(); + const out = {}; + const sparse = !!ns.getMergedTraits().sparse; + for (const [_k, _v] of Object.entries(value)) { + if (sparse || _v != null) { + out[_k] = this._read(mapMember, _v); + } + } + return out; + } else if (ns.isStructSchema() && isObject) { + const out = {}; + for (const [memberName, memberSchema] of ns.structIterator()) { + const fromKey = this.settings.jsonName ? memberSchema.getMergedTraits().jsonName ?? memberName : memberName; + const deserializedValue = this._read(memberSchema, value[fromKey]); + if (deserializedValue != null) { + out[memberName] = deserializedValue; + } + } + return out; } - return { accesspointName: rest[0] }; - } else if (resourceType === "outpost") { - if (!rest[0] || rest[1] !== "accesspoint" || !rest[2] || rest.length !== 3) { - throw new Error( - `Outpost ARN should have resource outpost${delimiter}{outpostId}${delimiter}accesspoint${delimiter}{accesspointName}` - ); + if (ns.isBlobSchema() && typeof value === "string") { + return (0, import_util_base64.fromBase64)(value); } - const [outpostId, _, accesspointName] = rest; - return { outpostId, accesspointName }; - } else { - throw new Error(`ARN resource should begin with 'accesspoint${delimiter}' or 'outpost${delimiter}'`); - } -}, "getArnResources"); -var validateNoDualstack = /* @__PURE__ */ __name((dualstackEndpoint) => { -}, "validateNoDualstack"); -var validateNoFIPS = /* @__PURE__ */ __name((useFipsEndpoint) => { - if (useFipsEndpoint) throw new Error(`FIPS region is not supported with Outpost.`); -}, "validateNoFIPS"); -var validateMrapAlias = /* @__PURE__ */ __name((name) => { - try { - name.split(".").forEach((label) => { - validateDNSHostLabel(label); - }); - } catch (e) { - throw new Error(`"${name}" is not a DNS compatible name.`); + const mediaType = ns.getMergedTraits().mediaType; + if (ns.isStringSchema() && typeof value === "string" && mediaType) { + const isJson = mediaType === "application/json" || mediaType.endsWith("+json"); + if (isJson) { + return import_serde2.LazyJsonString.from(value); + } + } + if (ns.isTimestampSchema()) { + const options = this.settings.timestampFormat; + const format = options.useTrait ? ns.getSchema() === import_schema.SCHEMA.TIMESTAMP_DEFAULT ? options.default : ns.getSchema() ?? options.default : options.default; + switch (format) { + case import_schema.SCHEMA.TIMESTAMP_DATE_TIME: + return (0, import_serde2.parseRfc3339DateTimeWithOffset)(value); + case import_schema.SCHEMA.TIMESTAMP_HTTP_DATE: + return (0, import_serde2.parseRfc7231DateTime)(value); + case import_schema.SCHEMA.TIMESTAMP_EPOCH_SECONDS: + return (0, import_serde2.parseEpochTimestamp)(value); + default: + console.warn("Missing timestamp format, parsing value with Date constructor:", value); + return new Date(value); + } + } + if (ns.isBigIntegerSchema() && (typeof value === "number" || typeof value === "string")) { + return BigInt(value); + } + if (ns.isBigDecimalSchema() && value != void 0) { + if (value instanceof import_serde2.NumericValue) { + return value; + } + return new import_serde2.NumericValue(String(value), "bigDecimal"); + } + if (ns.isNumericSchema() && typeof value === "string") { + switch (value) { + case "Infinity": + return Infinity; + case "-Infinity": + return -Infinity; + case "NaN": + return NaN; + } + } + return value; } -}, "validateMrapAlias"); +}; -// src/bucketHostname.ts -var bucketHostname = /* @__PURE__ */ __name((options) => { - validateCustomEndpoint(options); - return isBucketNameOptions(options) ? ( - // Construct endpoint when bucketName is a string referring to a bucket name - getEndpointFromBucketName(options) - ) : ( - // Construct endpoint when bucketName is an ARN referring to an S3 resource like Access Point - getEndpointFromArn(options) - ); -}, "bucketHostname"); -var getEndpointFromBucketName = /* @__PURE__ */ __name(({ - accelerateEndpoint = false, - clientRegion: region, - baseHostname, - bucketName, - dualstackEndpoint = false, - fipsEndpoint = false, - pathStyleEndpoint = false, - tlsCompatible = true, - isCustomEndpoint = false -}) => { - const [clientRegion, hostnameSuffix] = isCustomEndpoint ? [region, baseHostname] : getSuffix(baseHostname); - if (pathStyleEndpoint || !isDnsCompatibleBucketName(bucketName) || tlsCompatible && DOT_PATTERN.test(bucketName)) { - return { - bucketEndpoint: false, - hostname: dualstackEndpoint ? `s3.dualstack.${clientRegion}.${hostnameSuffix}` : baseHostname - }; - } - if (accelerateEndpoint) { - baseHostname = `s3-accelerate${dualstackEndpoint ? ".dualstack" : ""}.${hostnameSuffix}`; - } else if (dualstackEndpoint) { - baseHostname = `s3.dualstack.${clientRegion}.${hostnameSuffix}`; +// src/submodules/protocols/json/JsonShapeSerializer.ts +var import_schema2 = __nccwpck_require__(9826); +var import_serde4 = __nccwpck_require__(7669); + +// src/submodules/protocols/json/jsonReplacer.ts +var import_serde3 = __nccwpck_require__(7669); +var NUMERIC_CONTROL_CHAR = String.fromCharCode(925); +var JsonReplacer = class { + static { + __name(this, "JsonReplacer"); } - return { - bucketEndpoint: true, - hostname: `${bucketName}.${baseHostname}` - }; -}, "getEndpointFromBucketName"); -var getEndpointFromArn = /* @__PURE__ */ __name((options) => { - const { isCustomEndpoint, baseHostname, clientRegion } = options; - const hostnameSuffix = isCustomEndpoint ? baseHostname : getSuffixForArnEndpoint(baseHostname)[1]; - const { - pathStyleEndpoint, - accelerateEndpoint = false, - fipsEndpoint = false, - tlsCompatible = true, - bucketName, - clientPartition = "aws" - } = options; - validateArnEndpointOptions({ pathStyleEndpoint, accelerateEndpoint, tlsCompatible }); - const { service, partition, accountId, region, resource } = bucketName; - validateService(service); - validatePartition(partition, { clientPartition }); - validateAccountId(accountId); - const { accesspointName, outpostId } = getArnResources(resource); - if (service === "s3-object-lambda") { - return getEndpointFromObjectLambdaArn({ ...options, tlsCompatible, bucketName, accesspointName, hostnameSuffix }); + /** + * Stores placeholder key to true serialized value lookup. + */ + values = /* @__PURE__ */ new Map(); + counter = 0; + stage = 0; + /** + * Creates a jsonReplacer function that reserves big integer and big decimal values + * for later replacement. + */ + createReplacer() { + if (this.stage === 1) { + throw new Error("@aws-sdk/core/protocols - JsonReplacer already created."); + } + if (this.stage === 2) { + throw new Error("@aws-sdk/core/protocols - JsonReplacer exhausted."); + } + this.stage = 1; + return (key, value) => { + if (value instanceof import_serde3.NumericValue) { + const v = `${NUMERIC_CONTROL_CHAR + "nv" + this.counter++}_` + value.string; + this.values.set(`"${v}"`, value.string); + return v; + } + if (typeof value === "bigint") { + const s = value.toString(); + const v = `${NUMERIC_CONTROL_CHAR + "b" + this.counter++}_` + s; + this.values.set(`"${v}"`, s); + return v; + } + return value; + }; } - if (region === "") { - return getEndpointFromMRAPArn({ ...options, clientRegion, mrapAlias: accesspointName, hostnameSuffix }); + /** + * Replaces placeholder keys with their true values. + */ + replaceInJson(json) { + if (this.stage === 0) { + throw new Error("@aws-sdk/core/protocols - JsonReplacer not created yet."); + } + if (this.stage === 2) { + throw new Error("@aws-sdk/core/protocols - JsonReplacer exhausted."); + } + this.stage = 2; + if (this.counter === 0) { + return json; + } + for (const [key, value] of this.values) { + json = json.replace(key, value); + } + return json; } - if (outpostId) { - return getEndpointFromOutpostArn({ ...options, clientRegion, outpostId, accesspointName, hostnameSuffix }); +}; + +// src/submodules/protocols/json/JsonShapeSerializer.ts +var JsonShapeSerializer = class extends SerdeContextConfig { + constructor(settings) { + super(); + this.settings = settings; } - return getEndpointFromAccessPointArn({ ...options, clientRegion, accesspointName, hostnameSuffix }); -}, "getEndpointFromArn"); -var getEndpointFromObjectLambdaArn = /* @__PURE__ */ __name(({ - dualstackEndpoint = false, - fipsEndpoint = false, - tlsCompatible = true, - useArnRegion, - clientRegion, - clientSigningRegion = clientRegion, - accesspointName, - bucketName, - hostnameSuffix -}) => { - const { accountId, region, service } = bucketName; - validateRegionalClient(clientRegion); - const DNSHostLabel = `${accesspointName}-${accountId}`; - validateDNSHostLabel(DNSHostLabel, { tlsCompatible }); - const endpointRegion = useArnRegion ? region : clientRegion; - const signingRegion = useArnRegion ? region : clientSigningRegion; - return { - bucketEndpoint: true, - hostname: `${DNSHostLabel}.${service}${fipsEndpoint ? "-fips" : ""}.${endpointRegion}.${hostnameSuffix}`, - signingRegion, - signingService: service - }; -}, "getEndpointFromObjectLambdaArn"); -var getEndpointFromMRAPArn = /* @__PURE__ */ __name(({ - disableMultiregionAccessPoints, - dualstackEndpoint = false, - isCustomEndpoint, - mrapAlias, - hostnameSuffix -}) => { - if (disableMultiregionAccessPoints === true) { - throw new Error("SDK is attempting to use a MRAP ARN. Please enable to feature."); + static { + __name(this, "JsonShapeSerializer"); } - validateMrapAlias(mrapAlias); - return { - bucketEndpoint: true, - hostname: `${mrapAlias}${isCustomEndpoint ? "" : `.accesspoint.s3-global`}.${hostnameSuffix}`, - signingRegion: "*" - }; -}, "getEndpointFromMRAPArn"); -var getEndpointFromOutpostArn = /* @__PURE__ */ __name(({ - useArnRegion, - clientRegion, - clientSigningRegion = clientRegion, - bucketName, - outpostId, - dualstackEndpoint = false, - fipsEndpoint = false, - tlsCompatible = true, - accesspointName, - isCustomEndpoint, - hostnameSuffix -}) => { - validateRegionalClient(clientRegion); - const DNSHostLabel = `${accesspointName}-${bucketName.accountId}`; - validateDNSHostLabel(DNSHostLabel, { tlsCompatible }); - const endpointRegion = useArnRegion ? bucketName.region : clientRegion; - const signingRegion = useArnRegion ? bucketName.region : clientSigningRegion; - validateOutpostService(bucketName.service); - validateDNSHostLabel(outpostId, { tlsCompatible }); - validateNoFIPS(fipsEndpoint); - const hostnamePrefix = `${DNSHostLabel}.${outpostId}`; - return { - bucketEndpoint: true, - hostname: `${hostnamePrefix}${isCustomEndpoint ? "" : `.s3-outposts.${endpointRegion}`}.${hostnameSuffix}`, - signingRegion, - signingService: "s3-outposts" - }; -}, "getEndpointFromOutpostArn"); -var getEndpointFromAccessPointArn = /* @__PURE__ */ __name(({ - useArnRegion, - clientRegion, - clientSigningRegion = clientRegion, - bucketName, - dualstackEndpoint = false, - fipsEndpoint = false, - tlsCompatible = true, - accesspointName, - isCustomEndpoint, - hostnameSuffix -}) => { - validateRegionalClient(clientRegion); - const hostnamePrefix = `${accesspointName}-${bucketName.accountId}`; - validateDNSHostLabel(hostnamePrefix, { tlsCompatible }); - const endpointRegion = useArnRegion ? bucketName.region : clientRegion; - const signingRegion = useArnRegion ? bucketName.region : clientSigningRegion; - validateS3Service(bucketName.service); - return { - bucketEndpoint: true, - hostname: `${hostnamePrefix}${isCustomEndpoint ? "" : `.s3-accesspoint${fipsEndpoint ? "-fips" : ""}${dualstackEndpoint ? ".dualstack" : ""}.${endpointRegion}`}.${hostnameSuffix}`, - signingRegion - }; -}, "getEndpointFromAccessPointArn"); - -// src/bucketEndpointMiddleware.ts -var bucketEndpointMiddleware = /* @__PURE__ */ __name((options) => (next, context) => async (args) => { - const { Bucket: bucketName } = args.input; - let replaceBucketInPath = options.bucketEndpoint; - const request = args.request; - if (import_protocol_http.HttpRequest.isInstance(request)) { - if (options.bucketEndpoint) { - request.hostname = bucketName; - } else if ((0, import_util_arn_parser.validate)(bucketName)) { - const bucketArn = (0, import_util_arn_parser.parse)(bucketName); - const clientRegion = await options.region(); - const useDualstackEndpoint = await options.useDualstackEndpoint(); - const useFipsEndpoint = await options.useFipsEndpoint(); - const { partition, signingRegion = clientRegion } = await options.regionInfoProvider(clientRegion, { useDualstackEndpoint, useFipsEndpoint }) || {}; - const useArnRegion = await options.useArnRegion(); - const { - hostname, - bucketEndpoint, - signingRegion: modifiedSigningRegion, - signingService - } = bucketHostname({ - bucketName: bucketArn, - baseHostname: request.hostname, - accelerateEndpoint: options.useAccelerateEndpoint, - dualstackEndpoint: useDualstackEndpoint, - fipsEndpoint: useFipsEndpoint, - pathStyleEndpoint: options.forcePathStyle, - tlsCompatible: request.protocol === "https:", - useArnRegion, - clientPartition: partition, - clientSigningRegion: signingRegion, - clientRegion, - isCustomEndpoint: options.isCustomEndpoint, - disableMultiregionAccessPoints: await options.disableMultiregionAccessPoints() - }); - if (modifiedSigningRegion && modifiedSigningRegion !== signingRegion) { - context["signing_region"] = modifiedSigningRegion; + buffer; + rootSchema; + write(schema, value) { + this.rootSchema = import_schema2.NormalizedSchema.of(schema); + this.buffer = this._write(this.rootSchema, value); + } + flush() { + if (this.rootSchema?.isStructSchema() || this.rootSchema?.isDocumentSchema()) { + const replacer = new JsonReplacer(); + return replacer.replaceInJson(JSON.stringify(this.buffer, replacer.createReplacer(), 0)); + } + return this.buffer; + } + _write(schema, value, container) { + const isObject = value !== null && typeof value === "object"; + const ns = import_schema2.NormalizedSchema.of(schema); + if (ns.isListSchema() && Array.isArray(value)) { + const listMember = ns.getValueSchema(); + const out = []; + const sparse = !!ns.getMergedTraits().sparse; + for (const item of value) { + if (sparse || item != null) { + out.push(this._write(listMember, item)); + } } - if (signingService && signingService !== "s3") { - context["signing_service"] = signingService; + return out; + } else if (ns.isMapSchema() && isObject) { + const mapMember = ns.getValueSchema(); + const out = {}; + const sparse = !!ns.getMergedTraits().sparse; + for (const [_k, _v] of Object.entries(value)) { + if (sparse || _v != null) { + out[_k] = this._write(mapMember, _v); + } } - request.hostname = hostname; - replaceBucketInPath = bucketEndpoint; - } else { - const clientRegion = await options.region(); - const dualstackEndpoint = await options.useDualstackEndpoint(); - const fipsEndpoint = await options.useFipsEndpoint(); - const { hostname, bucketEndpoint } = bucketHostname({ - bucketName, - clientRegion, - baseHostname: request.hostname, - accelerateEndpoint: options.useAccelerateEndpoint, - dualstackEndpoint, - fipsEndpoint, - pathStyleEndpoint: options.forcePathStyle, - tlsCompatible: request.protocol === "https:", - isCustomEndpoint: options.isCustomEndpoint - }); - request.hostname = hostname; - replaceBucketInPath = bucketEndpoint; + return out; + } else if (ns.isStructSchema() && isObject) { + const out = {}; + for (const [memberName, memberSchema] of ns.structIterator()) { + const targetKey = this.settings.jsonName ? memberSchema.getMergedTraits().jsonName ?? memberName : memberName; + const serializableValue = this._write(memberSchema, value[memberName], ns); + if (serializableValue !== void 0) { + out[targetKey] = serializableValue; + } + } + return out; } - if (replaceBucketInPath) { - request.path = request.path.replace(/^(\/)?[^\/]+/, ""); - if (request.path === "") { - request.path = "/"; + if (value === null && container?.isStructSchema()) { + return void 0; + } + if (ns.isBlobSchema() && (value instanceof Uint8Array || typeof value === "string")) { + if (ns === this.rootSchema) { + return value; + } + if (!this.serdeContext?.base64Encoder) { + throw new Error("Missing base64Encoder in serdeContext"); + } + return this.serdeContext?.base64Encoder(value); + } + if (ns.isTimestampSchema() && value instanceof Date) { + const options = this.settings.timestampFormat; + const format = options.useTrait ? ns.getSchema() === import_schema2.SCHEMA.TIMESTAMP_DEFAULT ? options.default : ns.getSchema() ?? options.default : options.default; + switch (format) { + case import_schema2.SCHEMA.TIMESTAMP_DATE_TIME: + return value.toISOString().replace(".000Z", "Z"); + case import_schema2.SCHEMA.TIMESTAMP_HTTP_DATE: + return (0, import_serde4.dateToUtcString)(value); + case import_schema2.SCHEMA.TIMESTAMP_EPOCH_SECONDS: + return value.getTime() / 1e3; + default: + console.warn("Missing timestamp format, using epoch seconds", value); + return value.getTime() / 1e3; + } + } + if (ns.isNumericSchema() && typeof value === "number") { + if (Math.abs(value) === Infinity || isNaN(value)) { + return String(value); + } + } + if (ns.isStringSchema()) { + if (typeof value === "undefined" && ns.isIdempotencyToken()) { + return (0, import_serde4.generateIdempotencyToken)(); + } + const mediaType = ns.getMergedTraits().mediaType; + if (typeof value === "string" && mediaType) { + const isJson = mediaType === "application/json" || mediaType.endsWith("+json"); + if (isJson) { + return import_serde4.LazyJsonString.from(value); + } } } + return value; } - return next({ ...args, request }); -}, "bucketEndpointMiddleware"); -var bucketEndpointMiddlewareOptions = { - tags: ["BUCKET_ENDPOINT"], - name: "bucketEndpointMiddleware", - relation: "before", - toMiddleware: "hostHeaderMiddleware", - override: true }; -var getBucketEndpointPlugin = /* @__PURE__ */ __name((options) => ({ - applyToStack: /* @__PURE__ */ __name((clientStack) => { - clientStack.addRelativeTo(bucketEndpointMiddleware(options), bucketEndpointMiddlewareOptions); - }, "applyToStack") -}), "getBucketEndpointPlugin"); - -// src/configurations.ts -function resolveBucketEndpointConfig(input) { - const { - bucketEndpoint = false, - forcePathStyle = false, - useAccelerateEndpoint = false, - // useArnRegion has specific behavior when undefined instead of false. - useArnRegion, - disableMultiregionAccessPoints = false - } = input; - return Object.assign(input, { - bucketEndpoint, - forcePathStyle, - useAccelerateEndpoint, - useArnRegion: typeof useArnRegion === "function" ? useArnRegion : () => Promise.resolve(useArnRegion), - disableMultiregionAccessPoints: typeof disableMultiregionAccessPoints === "function" ? disableMultiregionAccessPoints : () => Promise.resolve(disableMultiregionAccessPoints) - }); -} -__name(resolveBucketEndpointConfig, "resolveBucketEndpointConfig"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 1990: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); +// src/submodules/protocols/json/JsonCodec.ts +var JsonCodec = class extends SerdeContextConfig { + constructor(settings) { + super(); + this.settings = settings; + } + static { + __name(this, "JsonCodec"); + } + createSerializer() { + const serializer = new JsonShapeSerializer(this.settings); + serializer.setSerdeContext(this.serdeContext); + return serializer; + } + createDeserializer() { + const deserializer = new JsonShapeDeserializer(this.settings); + deserializer.setSerdeContext(this.serdeContext); + return deserializer; } - return to; }; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -// src/index.ts -var index_exports = {}; -__export(index_exports, { - addExpectContinueMiddleware: () => addExpectContinueMiddleware, - addExpectContinueMiddlewareOptions: () => addExpectContinueMiddlewareOptions, - getAddExpectContinuePlugin: () => getAddExpectContinuePlugin -}); -module.exports = __toCommonJS(index_exports); -var import_protocol_http = __nccwpck_require__(4418); -function addExpectContinueMiddleware(options) { - return (next) => async (args) => { - const { request } = args; - if (import_protocol_http.HttpRequest.isInstance(request) && request.body && options.runtime === "node") { - if (options.requestHandler?.constructor?.name !== "FetchHttpHandler") { - request.headers = { - ...request.headers, - Expect: "100-continue" - }; - } +// src/submodules/protocols/json/AwsJsonRpcProtocol.ts +var AwsJsonRpcProtocol = class extends import_protocols.RpcProtocol { + static { + __name(this, "AwsJsonRpcProtocol"); + } + serializer; + deserializer; + serviceTarget; + codec; + constructor({ defaultNamespace, serviceTarget }) { + super({ + defaultNamespace + }); + this.serviceTarget = serviceTarget; + this.codec = new JsonCodec({ + timestampFormat: { + useTrait: true, + default: import_schema3.SCHEMA.TIMESTAMP_EPOCH_SECONDS + }, + jsonName: false + }); + this.serializer = this.codec.createSerializer(); + this.deserializer = this.codec.createDeserializer(); + } + async serializeRequest(operationSchema, input, context) { + const request = await super.serializeRequest(operationSchema, input, context); + if (!request.path.endsWith("/")) { + request.path += "/"; } - return next({ - ...args, - request + Object.assign(request.headers, { + "content-type": `application/x-amz-json-${this.getJsonRpcVersion()}`, + "x-amz-target": `${this.serviceTarget}.${import_schema3.NormalizedSchema.of(operationSchema).getName()}` }); - }; -} -__name(addExpectContinueMiddleware, "addExpectContinueMiddleware"); -var addExpectContinueMiddlewareOptions = { - step: "build", - tags: ["SET_EXPECT_HEADER", "EXPECT_HEADER"], - name: "addExpectContinueMiddleware", - override: true -}; -var getAddExpectContinuePlugin = /* @__PURE__ */ __name((options) => ({ - applyToStack: /* @__PURE__ */ __name((clientStack) => { - clientStack.add(addExpectContinueMiddleware(options), addExpectContinueMiddlewareOptions); - }, "applyToStack") -}), "getAddExpectContinuePlugin"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 1436: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.getCrc32ChecksumAlgorithmFunction = void 0; -const tslib_1 = __nccwpck_require__(4351); -const crc32_1 = __nccwpck_require__(8408); -const util_1 = __nccwpck_require__(4871); -const zlib = tslib_1.__importStar(__nccwpck_require__(9796)); -class NodeCrc32 { - checksum = 0; - update(data) { - this.checksum = zlib.crc32(data, this.checksum); + if ((0, import_schema3.deref)(operationSchema.input) === "unit" || !request.body) { + request.body = "{}"; } - async digest() { - return (0, util_1.numToUint8)(this.checksum); + try { + request.headers["content-length"] = String((0, import_util_body_length_browser.calculateBodyLength)(request.body)); + } catch (e) { } - reset() { - this.checksum = 0; + return request; + } + getPayloadCodec() { + return this.codec; + } + async handleError(operationSchema, context, response, dataObject, metadata) { + const errorIdentifier = loadRestJsonErrorCode(response, dataObject) ?? "Unknown"; + let namespace = this.options.defaultNamespace; + let errorName = errorIdentifier; + if (errorIdentifier.includes("#")) { + [namespace, errorName] = errorIdentifier.split("#"); } -} -const getCrc32ChecksumAlgorithmFunction = () => { - if (typeof zlib.crc32 === "undefined") { - return crc32_1.AwsCrc32; + const registry = import_schema3.TypeRegistry.for(namespace); + let errorSchema; + try { + errorSchema = registry.getSchema(errorIdentifier); + } catch (e) { + const baseExceptionSchema = import_schema3.TypeRegistry.for("smithy.ts.sdk.synthetic." + namespace).getBaseException(); + if (baseExceptionSchema) { + const ErrorCtor = baseExceptionSchema.ctor; + throw Object.assign(new ErrorCtor(errorName), dataObject); + } + throw new Error(errorName); } - return NodeCrc32; -}; -exports.getCrc32ChecksumAlgorithmFunction = getCrc32ChecksumAlgorithmFunction; - - -/***/ }), - -/***/ 3799: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + const ns = import_schema3.NormalizedSchema.of(errorSchema); + const message = dataObject.message ?? dataObject.Message ?? "Unknown"; + const exception = new errorSchema.ctor(message); + await this.deserializeHttpMessage(errorSchema, context, response, dataObject); + const output = {}; + for (const [name, member] of ns.structIterator()) { + const target = member.getMergedTraits().jsonName ?? name; + output[name] = this.codec.createDeserializer().readObject(member, dataObject[target]); + } + Object.assign(exception, { + $metadata: metadata, + $response: response, + $fault: ns.getMergedTraits().error, + message, + ...output + }); + throw exception; } - return to; }; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - CONFIG_REQUEST_CHECKSUM_CALCULATION: () => CONFIG_REQUEST_CHECKSUM_CALCULATION, - CONFIG_RESPONSE_CHECKSUM_VALIDATION: () => CONFIG_RESPONSE_CHECKSUM_VALIDATION, - ChecksumAlgorithm: () => ChecksumAlgorithm, - ChecksumLocation: () => ChecksumLocation, - DEFAULT_CHECKSUM_ALGORITHM: () => DEFAULT_CHECKSUM_ALGORITHM, - DEFAULT_REQUEST_CHECKSUM_CALCULATION: () => DEFAULT_REQUEST_CHECKSUM_CALCULATION, - DEFAULT_RESPONSE_CHECKSUM_VALIDATION: () => DEFAULT_RESPONSE_CHECKSUM_VALIDATION, - ENV_REQUEST_CHECKSUM_CALCULATION: () => ENV_REQUEST_CHECKSUM_CALCULATION, - ENV_RESPONSE_CHECKSUM_VALIDATION: () => ENV_RESPONSE_CHECKSUM_VALIDATION, - NODE_REQUEST_CHECKSUM_CALCULATION_CONFIG_OPTIONS: () => NODE_REQUEST_CHECKSUM_CALCULATION_CONFIG_OPTIONS, - NODE_RESPONSE_CHECKSUM_VALIDATION_CONFIG_OPTIONS: () => NODE_RESPONSE_CHECKSUM_VALIDATION_CONFIG_OPTIONS, - RequestChecksumCalculation: () => RequestChecksumCalculation, - ResponseChecksumValidation: () => ResponseChecksumValidation, - crc64NvmeCrtContainer: () => crc64NvmeCrtContainer, - flexibleChecksumsMiddleware: () => flexibleChecksumsMiddleware, - flexibleChecksumsMiddlewareOptions: () => flexibleChecksumsMiddlewareOptions, - getFlexibleChecksumsPlugin: () => getFlexibleChecksumsPlugin, - resolveFlexibleChecksumsConfig: () => resolveFlexibleChecksumsConfig -}); -module.exports = __toCommonJS(index_exports); -// src/constants.ts -var RequestChecksumCalculation = { - /** - * When set, a checksum will be calculated for all request payloads of operations - * modeled with the {@link httpChecksum} trait where `requestChecksumRequired` is `true` - * AND/OR a `requestAlgorithmMember` is modeled. - * {@link https://smithy.io/2.0/aws/aws-core.html#aws-protocols-httpchecksum-trait httpChecksum} - */ - WHEN_SUPPORTED: "WHEN_SUPPORTED", +// src/submodules/protocols/json/AwsJson1_0Protocol.ts +var AwsJson1_0Protocol = class extends AwsJsonRpcProtocol { + static { + __name(this, "AwsJson1_0Protocol"); + } + constructor({ defaultNamespace, serviceTarget }) { + super({ + defaultNamespace, + serviceTarget + }); + } + getShapeId() { + return "aws.protocols#awsJson1_0"; + } + getJsonRpcVersion() { + return "1.0"; + } /** - * When set, a checksum will only be calculated for request payloads of operations - * modeled with the {@link httpChecksum} trait where `requestChecksumRequired` is `true` - * OR where a `requestAlgorithmMember` is modeled and the user sets it. - * {@link https://smithy.io/2.0/aws/aws-core.html#aws-protocols-httpchecksum-trait httpChecksum} + * @override */ - WHEN_REQUIRED: "WHEN_REQUIRED" + getDefaultContentType() { + return "application/x-amz-json-1.0"; + } }; -var DEFAULT_REQUEST_CHECKSUM_CALCULATION = RequestChecksumCalculation.WHEN_SUPPORTED; -var ResponseChecksumValidation = { - /** - * When set, checksum validation MUST be performed on all response payloads of operations - * modeled with the {@link httpChecksum} trait where `responseAlgorithms` is modeled, - * except when no modeled checksum algorithms are supported by an SDK. - * {@link https://smithy.io/2.0/aws/aws-core.html#aws-protocols-httpchecksum-trait httpChecksum} - */ - WHEN_SUPPORTED: "WHEN_SUPPORTED", + +// src/submodules/protocols/json/AwsJson1_1Protocol.ts +var AwsJson1_1Protocol = class extends AwsJsonRpcProtocol { + static { + __name(this, "AwsJson1_1Protocol"); + } + constructor({ defaultNamespace, serviceTarget }) { + super({ + defaultNamespace, + serviceTarget + }); + } + getShapeId() { + return "aws.protocols#awsJson1_1"; + } + getJsonRpcVersion() { + return "1.1"; + } /** - * When set, checksum validation MUST NOT be performed on response payloads of operations UNLESS - * the SDK supports the modeled checksum algorithms AND the user has set the `requestValidationModeMember` to `ENABLED`. - * It is currently impossible to model an operation as requiring a response checksum, - * but this setting leaves the door open for future updates. + * @override */ - WHEN_REQUIRED: "WHEN_REQUIRED" -}; -var DEFAULT_RESPONSE_CHECKSUM_VALIDATION = RequestChecksumCalculation.WHEN_SUPPORTED; -var ChecksumAlgorithm = /* @__PURE__ */ ((ChecksumAlgorithm3) => { - ChecksumAlgorithm3["MD5"] = "MD5"; - ChecksumAlgorithm3["CRC32"] = "CRC32"; - ChecksumAlgorithm3["CRC32C"] = "CRC32C"; - ChecksumAlgorithm3["CRC64NVME"] = "CRC64NVME"; - ChecksumAlgorithm3["SHA1"] = "SHA1"; - ChecksumAlgorithm3["SHA256"] = "SHA256"; - return ChecksumAlgorithm3; -})(ChecksumAlgorithm || {}); -var ChecksumLocation = /* @__PURE__ */ ((ChecksumLocation2) => { - ChecksumLocation2["HEADER"] = "header"; - ChecksumLocation2["TRAILER"] = "trailer"; - return ChecksumLocation2; -})(ChecksumLocation || {}); -var DEFAULT_CHECKSUM_ALGORITHM = "CRC32" /* CRC32 */; - -// src/stringUnionSelector.ts -var stringUnionSelector = /* @__PURE__ */ __name((obj, key, union, type) => { - if (!(key in obj)) return void 0; - const value = obj[key].toUpperCase(); - if (!Object.values(union).includes(value)) { - throw new TypeError(`Cannot load ${type} '${key}'. Expected one of ${Object.values(union)}, got '${obj[key]}'.`); + getDefaultContentType() { + return "application/x-amz-json-1.1"; } - return value; -}, "stringUnionSelector"); - -// src/NODE_REQUEST_CHECKSUM_CALCULATION_CONFIG_OPTIONS.ts -var ENV_REQUEST_CHECKSUM_CALCULATION = "AWS_REQUEST_CHECKSUM_CALCULATION"; -var CONFIG_REQUEST_CHECKSUM_CALCULATION = "request_checksum_calculation"; -var NODE_REQUEST_CHECKSUM_CALCULATION_CONFIG_OPTIONS = { - environmentVariableSelector: /* @__PURE__ */ __name((env) => stringUnionSelector(env, ENV_REQUEST_CHECKSUM_CALCULATION, RequestChecksumCalculation, "env" /* ENV */), "environmentVariableSelector"), - configFileSelector: /* @__PURE__ */ __name((profile) => stringUnionSelector(profile, CONFIG_REQUEST_CHECKSUM_CALCULATION, RequestChecksumCalculation, "shared config entry" /* CONFIG */), "configFileSelector"), - default: DEFAULT_REQUEST_CHECKSUM_CALCULATION -}; - -// src/NODE_RESPONSE_CHECKSUM_VALIDATION_CONFIG_OPTIONS.ts -var ENV_RESPONSE_CHECKSUM_VALIDATION = "AWS_RESPONSE_CHECKSUM_VALIDATION"; -var CONFIG_RESPONSE_CHECKSUM_VALIDATION = "response_checksum_validation"; -var NODE_RESPONSE_CHECKSUM_VALIDATION_CONFIG_OPTIONS = { - environmentVariableSelector: /* @__PURE__ */ __name((env) => stringUnionSelector(env, ENV_RESPONSE_CHECKSUM_VALIDATION, ResponseChecksumValidation, "env" /* ENV */), "environmentVariableSelector"), - configFileSelector: /* @__PURE__ */ __name((profile) => stringUnionSelector(profile, CONFIG_RESPONSE_CHECKSUM_VALIDATION, ResponseChecksumValidation, "shared config entry" /* CONFIG */), "configFileSelector"), - default: DEFAULT_RESPONSE_CHECKSUM_VALIDATION -}; - -// src/crc64-nvme-crt-container.ts -var crc64NvmeCrtContainer = { - CrtCrc64Nvme: null }; -// src/flexibleChecksumsMiddleware.ts -var import_core = __nccwpck_require__(9963); -var import_protocol_http = __nccwpck_require__(4418); -var import_util_stream = __nccwpck_require__(6607); - -// src/types.ts -var CLIENT_SUPPORTED_ALGORITHMS = [ - "CRC32" /* CRC32 */, - "CRC32C" /* CRC32C */, - "CRC64NVME" /* CRC64NVME */, - "SHA1" /* SHA1 */, - "SHA256" /* SHA256 */ -]; -var PRIORITY_ORDER_ALGORITHMS = [ - "SHA256" /* SHA256 */, - "SHA1" /* SHA1 */, - "CRC32" /* CRC32 */, - "CRC32C" /* CRC32C */, - "CRC64NVME" /* CRC64NVME */ -]; - -// src/getChecksumAlgorithmForRequest.ts -var getChecksumAlgorithmForRequest = /* @__PURE__ */ __name((input, { requestChecksumRequired, requestAlgorithmMember, requestChecksumCalculation }) => { - if (!requestAlgorithmMember) { - return requestChecksumCalculation === RequestChecksumCalculation.WHEN_SUPPORTED || requestChecksumRequired ? DEFAULT_CHECKSUM_ALGORITHM : void 0; +// src/submodules/protocols/json/AwsRestJsonProtocol.ts +var import_protocols2 = __nccwpck_require__(2241); +var import_schema4 = __nccwpck_require__(9826); +var import_util_body_length_browser2 = __nccwpck_require__(713); +var AwsRestJsonProtocol = class extends import_protocols2.HttpBindingProtocol { + static { + __name(this, "AwsRestJsonProtocol"); } - if (!input[requestAlgorithmMember]) { - return void 0; + serializer; + deserializer; + codec; + constructor({ defaultNamespace }) { + super({ + defaultNamespace + }); + const settings = { + timestampFormat: { + useTrait: true, + default: import_schema4.SCHEMA.TIMESTAMP_EPOCH_SECONDS + }, + httpBindings: true, + jsonName: true + }; + this.codec = new JsonCodec(settings); + this.serializer = new import_protocols2.HttpInterceptingShapeSerializer(this.codec.createSerializer(), settings); + this.deserializer = new import_protocols2.HttpInterceptingShapeDeserializer(this.codec.createDeserializer(), settings); } - const checksumAlgorithm = input[requestAlgorithmMember]; - if (!CLIENT_SUPPORTED_ALGORITHMS.includes(checksumAlgorithm)) { - throw new Error( - `The checksum algorithm "${checksumAlgorithm}" is not supported by the client. Select one of ${CLIENT_SUPPORTED_ALGORITHMS}.` - ); + getShapeId() { + return "aws.protocols#restJson1"; } - return checksumAlgorithm; -}, "getChecksumAlgorithmForRequest"); - -// src/getChecksumLocationName.ts -var getChecksumLocationName = /* @__PURE__ */ __name((algorithm) => algorithm === "MD5" /* MD5 */ ? "content-md5" : `x-amz-checksum-${algorithm.toLowerCase()}`, "getChecksumLocationName"); - -// src/hasHeader.ts -var hasHeader = /* @__PURE__ */ __name((header, headers) => { - const soughtHeader = header.toLowerCase(); - for (const headerName of Object.keys(headers)) { - if (soughtHeader === headerName.toLowerCase()) { - return true; + getPayloadCodec() { + return this.codec; + } + setSerdeContext(serdeContext) { + this.codec.setSerdeContext(serdeContext); + super.setSerdeContext(serdeContext); + } + async serializeRequest(operationSchema, input, context) { + const request = await super.serializeRequest(operationSchema, input, context); + const inputSchema = import_schema4.NormalizedSchema.of(operationSchema.input); + const members = inputSchema.getMemberSchemas(); + if (!request.headers["content-type"]) { + const httpPayloadMember = Object.values(members).find((m) => { + return !!m.getMergedTraits().httpPayload; + }); + if (httpPayloadMember) { + const mediaType = httpPayloadMember.getMergedTraits().mediaType; + if (mediaType) { + request.headers["content-type"] = mediaType; + } else if (httpPayloadMember.isStringSchema()) { + request.headers["content-type"] = "text/plain"; + } else if (httpPayloadMember.isBlobSchema()) { + request.headers["content-type"] = "application/octet-stream"; + } else { + request.headers["content-type"] = this.getDefaultContentType(); + } + } else if (!inputSchema.isUnitSchema()) { + const hasBody = Object.values(members).find((m) => { + const { httpQuery, httpQueryParams, httpHeader, httpLabel, httpPrefixHeaders } = m.getMergedTraits(); + return !httpQuery && !httpQueryParams && !httpHeader && !httpLabel && httpPrefixHeaders === void 0; + }); + if (hasBody) { + request.headers["content-type"] = this.getDefaultContentType(); + } + } + } + if (request.headers["content-type"] && !request.body) { + request.body = "{}"; + } + if (request.body) { + try { + request.headers["content-length"] = String((0, import_util_body_length_browser2.calculateBodyLength)(request.body)); + } catch (e) { + } } + return request; } - return false; -}, "hasHeader"); - -// src/hasHeaderWithPrefix.ts -var hasHeaderWithPrefix = /* @__PURE__ */ __name((headerPrefix, headers) => { - const soughtHeaderPrefix = headerPrefix.toLowerCase(); - for (const headerName of Object.keys(headers)) { - if (headerName.toLowerCase().startsWith(soughtHeaderPrefix)) { - return true; + async handleError(operationSchema, context, response, dataObject, metadata) { + const errorIdentifier = loadRestJsonErrorCode(response, dataObject) ?? "Unknown"; + let namespace = this.options.defaultNamespace; + let errorName = errorIdentifier; + if (errorIdentifier.includes("#")) { + [namespace, errorName] = errorIdentifier.split("#"); + } + const registry = import_schema4.TypeRegistry.for(namespace); + let errorSchema; + try { + errorSchema = registry.getSchema(errorIdentifier); + } catch (e) { + const baseExceptionSchema = import_schema4.TypeRegistry.for("smithy.ts.sdk.synthetic." + namespace).getBaseException(); + if (baseExceptionSchema) { + const ErrorCtor = baseExceptionSchema.ctor; + throw Object.assign(new ErrorCtor(errorName), dataObject); + } + throw new Error(errorName); + } + const ns = import_schema4.NormalizedSchema.of(errorSchema); + const message = dataObject.message ?? dataObject.Message ?? "Unknown"; + const exception = new errorSchema.ctor(message); + await this.deserializeHttpMessage(errorSchema, context, response, dataObject); + const output = {}; + for (const [name, member] of ns.structIterator()) { + const target = member.getMergedTraits().jsonName ?? name; + output[name] = this.codec.createDeserializer().readObject(member, dataObject[target]); } + Object.assign(exception, { + $metadata: metadata, + $response: response, + $fault: ns.getMergedTraits().error, + message, + ...output + }); + throw exception; } - return false; -}, "hasHeaderWithPrefix"); - -// src/isStreaming.ts -var import_is_array_buffer = __nccwpck_require__(780); -var isStreaming = /* @__PURE__ */ __name((body) => body !== void 0 && typeof body !== "string" && !ArrayBuffer.isView(body) && !(0, import_is_array_buffer.isArrayBuffer)(body), "isStreaming"); + /** + * @override + */ + getDefaultContentType() { + return "application/json"; + } +}; -// src/selectChecksumAlgorithmFunction.ts -var import_crc32c = __nccwpck_require__(7035); -var import_getCrc32ChecksumAlgorithmFunction = __nccwpck_require__(1436); -var selectChecksumAlgorithmFunction = /* @__PURE__ */ __name((checksumAlgorithm, config) => { - switch (checksumAlgorithm) { - case "MD5" /* MD5 */: - return config.md5; - case "CRC32" /* CRC32 */: - return (0, import_getCrc32ChecksumAlgorithmFunction.getCrc32ChecksumAlgorithmFunction)(); - case "CRC32C" /* CRC32C */: - return import_crc32c.AwsCrc32c; - case "CRC64NVME" /* CRC64NVME */: - if (typeof crc64NvmeCrtContainer.CrtCrc64Nvme !== "function") { - throw new Error( - `Please check whether you have installed the "@aws-sdk/crc64-nvme-crt" package explicitly. -You must also register the package by calling [require("@aws-sdk/crc64-nvme-crt");] or an ESM equivalent such as [import "@aws-sdk/crc64-nvme-crt";]. -For more information please go to https://github.com/aws/aws-sdk-js-v3#functionality-requiring-aws-common-runtime-crt` - ); - } - return crc64NvmeCrtContainer.CrtCrc64Nvme; - case "SHA1" /* SHA1 */: - return config.sha1; - case "SHA256" /* SHA256 */: - return config.sha256; - default: - throw new Error(`Unsupported checksum algorithm: ${checksumAlgorithm}`); +// src/submodules/protocols/json/awsExpectUnion.ts +var import_smithy_client2 = __nccwpck_require__(3570); +var awsExpectUnion = /* @__PURE__ */ __name((value) => { + if (value == null) { + return void 0; } -}, "selectChecksumAlgorithmFunction"); + if (typeof value === "object" && "__type" in value) { + delete value.__type; + } + return (0, import_smithy_client2.expectUnion)(value); +}, "awsExpectUnion"); -// src/stringHasher.ts -var import_util_utf8 = __nccwpck_require__(1895); -var stringHasher = /* @__PURE__ */ __name((checksumAlgorithmFn, body) => { - const hash = new checksumAlgorithmFn(); - hash.update((0, import_util_utf8.toUint8Array)(body || "")); - return hash.digest(); -}, "stringHasher"); +// src/submodules/protocols/query/AwsQueryProtocol.ts +var import_protocols5 = __nccwpck_require__(2241); +var import_schema7 = __nccwpck_require__(9826); +var import_util_body_length_browser3 = __nccwpck_require__(713); -// src/flexibleChecksumsMiddleware.ts -var flexibleChecksumsMiddlewareOptions = { - name: "flexibleChecksumsMiddleware", - step: "build", - tags: ["BODY_CHECKSUM"], - override: true -}; -var flexibleChecksumsMiddleware = /* @__PURE__ */ __name((config, middlewareConfig) => (next, context) => async (args) => { - if (!import_protocol_http.HttpRequest.isInstance(args.request)) { - return next(args); +// src/submodules/protocols/xml/XmlShapeDeserializer.ts +var import_protocols3 = __nccwpck_require__(2241); +var import_schema5 = __nccwpck_require__(9826); +var import_smithy_client3 = __nccwpck_require__(3570); +var import_util_utf8 = __nccwpck_require__(1895); +var import_fast_xml_parser = __nccwpck_require__(6388); +var XmlShapeDeserializer = class extends SerdeContextConfig { + constructor(settings) { + super(); + this.settings = settings; + this.stringDeserializer = new import_protocols3.FromStringShapeDeserializer(settings); } - if (hasHeaderWithPrefix("x-amz-checksum-", args.request.headers)) { - return next(args); + static { + __name(this, "XmlShapeDeserializer"); } - const { request, input } = args; - const { body: requestBody, headers } = request; - const { base64Encoder, streamHasher } = config; - const { requestChecksumRequired, requestAlgorithmMember } = middlewareConfig; - const requestChecksumCalculation = await config.requestChecksumCalculation(); - const requestAlgorithmMemberName = requestAlgorithmMember?.name; - const requestAlgorithmMemberHttpHeader = requestAlgorithmMember?.httpHeader; - if (requestAlgorithmMemberName && !input[requestAlgorithmMemberName]) { - if (requestChecksumCalculation === RequestChecksumCalculation.WHEN_SUPPORTED || requestChecksumRequired) { - input[requestAlgorithmMemberName] = DEFAULT_CHECKSUM_ALGORITHM; - if (requestAlgorithmMemberHttpHeader) { - headers[requestAlgorithmMemberHttpHeader] = DEFAULT_CHECKSUM_ALGORITHM; + stringDeserializer; + setSerdeContext(serdeContext) { + this.serdeContext = serdeContext; + this.stringDeserializer.setSerdeContext(serdeContext); + } + /** + * @param schema - describing the data. + * @param bytes - serialized data. + * @param key - used by AwsQuery to step one additional depth into the object before reading it. + */ + read(schema, bytes, key) { + const ns = import_schema5.NormalizedSchema.of(schema); + const memberSchemas = ns.getMemberSchemas(); + const isEventPayload = ns.isStructSchema() && ns.isMemberSchema() && !!Object.values(memberSchemas).find((memberNs) => { + return !!memberNs.getMemberTraits().eventPayload; + }); + if (isEventPayload) { + const output = {}; + const memberName = Object.keys(memberSchemas)[0]; + const eventMemberSchema = memberSchemas[memberName]; + if (eventMemberSchema.isBlobSchema()) { + output[memberName] = bytes; + } else { + output[memberName] = this.read(memberSchemas[memberName], bytes); } + return output; } + const xmlString = (this.serdeContext?.utf8Encoder ?? import_util_utf8.toUtf8)(bytes); + const parsedObject = this.parseXml(xmlString); + return this.readSchema(schema, key ? parsedObject[key] : parsedObject); } - const checksumAlgorithm = getChecksumAlgorithmForRequest(input, { - requestChecksumRequired, - requestAlgorithmMember: requestAlgorithmMember?.name, - requestChecksumCalculation - }); - let updatedBody = requestBody; - let updatedHeaders = headers; - if (checksumAlgorithm) { - switch (checksumAlgorithm) { - case "CRC32" /* CRC32 */: - (0, import_core.setFeature)(context, "FLEXIBLE_CHECKSUMS_REQ_CRC32", "U"); - break; - case "CRC32C" /* CRC32C */: - (0, import_core.setFeature)(context, "FLEXIBLE_CHECKSUMS_REQ_CRC32C", "V"); - break; - case "CRC64NVME" /* CRC64NVME */: - (0, import_core.setFeature)(context, "FLEXIBLE_CHECKSUMS_REQ_CRC64", "W"); - break; - case "SHA1" /* SHA1 */: - (0, import_core.setFeature)(context, "FLEXIBLE_CHECKSUMS_REQ_SHA1", "X"); - break; - case "SHA256" /* SHA256 */: - (0, import_core.setFeature)(context, "FLEXIBLE_CHECKSUMS_REQ_SHA256", "Y"); - break; + readSchema(_schema, value) { + const ns = import_schema5.NormalizedSchema.of(_schema); + const traits = ns.getMergedTraits(); + if (ns.isListSchema() && !Array.isArray(value)) { + return this.readSchema(ns, [value]); } - const checksumLocationName = getChecksumLocationName(checksumAlgorithm); - const checksumAlgorithmFn = selectChecksumAlgorithmFunction(checksumAlgorithm, config); - if (isStreaming(requestBody)) { - const { getAwsChunkedEncodingStream, bodyLengthChecker } = config; - updatedBody = getAwsChunkedEncodingStream( - typeof config.requestStreamBufferSize === "number" && config.requestStreamBufferSize >= 8 * 1024 ? (0, import_util_stream.createBufferedReadable)(requestBody, config.requestStreamBufferSize, context.logger) : requestBody, - { - base64Encoder, - bodyLengthChecker, - checksumLocationName, - checksumAlgorithmFn, - streamHasher + if (value == null) { + return value; + } + if (typeof value === "object") { + const sparse = !!traits.sparse; + const flat = !!traits.xmlFlattened; + if (ns.isListSchema()) { + const listValue = ns.getValueSchema(); + const buffer2 = []; + const sourceKey = listValue.getMergedTraits().xmlName ?? "member"; + const source = flat ? value : (value[0] ?? value)[sourceKey]; + const sourceArray = Array.isArray(source) ? source : [source]; + for (const v of sourceArray) { + if (v != null || sparse) { + buffer2.push(this.readSchema(listValue, v)); + } } - ); - updatedHeaders = { - ...headers, - "content-encoding": headers["content-encoding"] ? `${headers["content-encoding"]},aws-chunked` : "aws-chunked", - "transfer-encoding": "chunked", - "x-amz-decoded-content-length": headers["content-length"], - "x-amz-content-sha256": "STREAMING-UNSIGNED-PAYLOAD-TRAILER", - "x-amz-trailer": checksumLocationName - }; - delete updatedHeaders["content-length"]; - } else if (!hasHeader(checksumLocationName, headers)) { - const rawChecksum = await stringHasher(checksumAlgorithmFn, requestBody); - updatedHeaders = { - ...headers, - [checksumLocationName]: base64Encoder(rawChecksum) - }; + return buffer2; + } + const buffer = {}; + if (ns.isMapSchema()) { + const keyNs = ns.getKeySchema(); + const memberNs = ns.getValueSchema(); + let entries; + if (flat) { + entries = Array.isArray(value) ? value : [value]; + } else { + entries = Array.isArray(value.entry) ? value.entry : [value.entry]; + } + const keyProperty = keyNs.getMergedTraits().xmlName ?? "key"; + const valueProperty = memberNs.getMergedTraits().xmlName ?? "value"; + for (const entry of entries) { + const key = entry[keyProperty]; + const value2 = entry[valueProperty]; + if (value2 != null || sparse) { + buffer[key] = this.readSchema(memberNs, value2); + } + } + return buffer; + } + if (ns.isStructSchema()) { + for (const [memberName, memberSchema] of ns.structIterator()) { + const memberTraits = memberSchema.getMergedTraits(); + const xmlObjectKey = !memberTraits.httpPayload ? memberSchema.getMemberTraits().xmlName ?? memberName : memberTraits.xmlName ?? memberSchema.getName(); + if (value[xmlObjectKey] != null) { + buffer[memberName] = this.readSchema(memberSchema, value[xmlObjectKey]); + } + } + return buffer; + } + if (ns.isDocumentSchema()) { + return value; + } + throw new Error(`@aws-sdk/core/protocols - xml deserializer unhandled schema type for ${ns.getName(true)}`); + } + if (ns.isListSchema()) { + return []; } + if (ns.isMapSchema() || ns.isStructSchema()) { + return {}; + } + return this.stringDeserializer.read(ns, value); } - const result = await next({ - ...args, - request: { - ...request, - headers: updatedHeaders, - body: updatedBody + parseXml(xml) { + if (xml.length) { + const parser = new import_fast_xml_parser.XMLParser({ + attributeNamePrefix: "", + htmlEntities: true, + ignoreAttributes: false, + ignoreDeclaration: true, + parseTagValue: false, + trimValues: false, + tagValueProcessor: /* @__PURE__ */ __name((_, val) => val.trim() === "" && val.includes("\n") ? "" : void 0, "tagValueProcessor") + }); + parser.addEntity("#xD", "\r"); + parser.addEntity("#10", "\n"); + let parsedObj; + try { + parsedObj = parser.parse(xml, true); + } catch (e) { + if (e && typeof e === "object") { + Object.defineProperty(e, "$responseBodyText", { + value: xml + }); + } + throw e; + } + const textNodeName = "#text"; + const key = Object.keys(parsedObj)[0]; + const parsedObjToReturn = parsedObj[key]; + if (parsedObjToReturn[textNodeName]) { + parsedObjToReturn[key] = parsedObjToReturn[textNodeName]; + delete parsedObjToReturn[textNodeName]; + } + return (0, import_smithy_client3.getValueFromTextNode)(parsedObjToReturn); } - }); - return result; -}, "flexibleChecksumsMiddleware"); - -// src/flexibleChecksumsInputMiddleware.ts - -var flexibleChecksumsInputMiddlewareOptions = { - name: "flexibleChecksumsInputMiddleware", - toMiddleware: "serializerMiddleware", - relation: "before", - tags: ["BODY_CHECKSUM"], - override: true + return {}; + } }; -var flexibleChecksumsInputMiddleware = /* @__PURE__ */ __name((config, middlewareConfig) => (next, context) => async (args) => { - const input = args.input; - const { requestValidationModeMember } = middlewareConfig; - const requestChecksumCalculation = await config.requestChecksumCalculation(); - const responseChecksumValidation = await config.responseChecksumValidation(); - switch (requestChecksumCalculation) { - case RequestChecksumCalculation.WHEN_REQUIRED: - (0, import_core.setFeature)(context, "FLEXIBLE_CHECKSUMS_REQ_WHEN_REQUIRED", "a"); - break; - case RequestChecksumCalculation.WHEN_SUPPORTED: - (0, import_core.setFeature)(context, "FLEXIBLE_CHECKSUMS_REQ_WHEN_SUPPORTED", "Z"); - break; + +// src/submodules/protocols/query/QueryShapeSerializer.ts +var import_protocols4 = __nccwpck_require__(2241); +var import_schema6 = __nccwpck_require__(9826); +var import_serde5 = __nccwpck_require__(7669); +var import_smithy_client4 = __nccwpck_require__(3570); +var import_util_base642 = __nccwpck_require__(5600); +var QueryShapeSerializer = class extends SerdeContextConfig { + constructor(settings) { + super(); + this.settings = settings; } - switch (responseChecksumValidation) { - case ResponseChecksumValidation.WHEN_REQUIRED: - (0, import_core.setFeature)(context, "FLEXIBLE_CHECKSUMS_RES_WHEN_REQUIRED", "c"); - break; - case ResponseChecksumValidation.WHEN_SUPPORTED: - (0, import_core.setFeature)(context, "FLEXIBLE_CHECKSUMS_RES_WHEN_SUPPORTED", "b"); - break; + static { + __name(this, "QueryShapeSerializer"); } - if (requestValidationModeMember && !input[requestValidationModeMember]) { - if (responseChecksumValidation === ResponseChecksumValidation.WHEN_SUPPORTED) { - input[requestValidationModeMember] = "ENABLED"; + buffer; + write(schema, value, prefix = "") { + if (this.buffer === void 0) { + this.buffer = ""; } - } - return next(args); -}, "flexibleChecksumsInputMiddleware"); - -// src/flexibleChecksumsResponseMiddleware.ts - - -// src/getChecksumAlgorithmListForResponse.ts -var getChecksumAlgorithmListForResponse = /* @__PURE__ */ __name((responseAlgorithms = []) => { - const validChecksumAlgorithms = []; - for (const algorithm of PRIORITY_ORDER_ALGORITHMS) { - if (!responseAlgorithms.includes(algorithm) || !CLIENT_SUPPORTED_ALGORITHMS.includes(algorithm)) { - continue; + const ns = import_schema6.NormalizedSchema.of(schema); + if (prefix && !prefix.endsWith(".")) { + prefix += "."; } - validChecksumAlgorithms.push(algorithm); - } - return validChecksumAlgorithms; -}, "getChecksumAlgorithmListForResponse"); - -// src/isChecksumWithPartNumber.ts -var isChecksumWithPartNumber = /* @__PURE__ */ __name((checksum) => { - const lastHyphenIndex = checksum.lastIndexOf("-"); - if (lastHyphenIndex !== -1) { - const numberPart = checksum.slice(lastHyphenIndex + 1); - if (!numberPart.startsWith("0")) { - const number = parseInt(numberPart, 10); - if (!isNaN(number) && number >= 1 && number <= 1e4) { - return true; + if (ns.isBlobSchema()) { + if (typeof value === "string" || value instanceof Uint8Array) { + this.writeKey(prefix); + this.writeValue((this.serdeContext?.base64Encoder ?? import_util_base642.toBase64)(value)); + } + } else if (ns.isBooleanSchema() || ns.isNumericSchema() || ns.isStringSchema()) { + if (value != null) { + this.writeKey(prefix); + this.writeValue(String(value)); + } else if (ns.isIdempotencyToken()) { + this.writeKey(prefix); + this.writeValue((0, import_serde5.generateIdempotencyToken)()); + } + } else if (ns.isBigIntegerSchema()) { + if (value != null) { + this.writeKey(prefix); + this.writeValue(String(value)); + } + } else if (ns.isBigDecimalSchema()) { + if (value != null) { + this.writeKey(prefix); + this.writeValue(value instanceof import_serde5.NumericValue ? value.string : String(value)); + } + } else if (ns.isTimestampSchema()) { + if (value instanceof Date) { + this.writeKey(prefix); + const format = (0, import_protocols4.determineTimestampFormat)(ns, this.settings); + switch (format) { + case import_schema6.SCHEMA.TIMESTAMP_DATE_TIME: + this.writeValue(value.toISOString().replace(".000Z", "Z")); + break; + case import_schema6.SCHEMA.TIMESTAMP_HTTP_DATE: + this.writeValue((0, import_smithy_client4.dateToUtcString)(value)); + break; + case import_schema6.SCHEMA.TIMESTAMP_EPOCH_SECONDS: + this.writeValue(String(value.getTime() / 1e3)); + break; + } } - } - } - return false; -}, "isChecksumWithPartNumber"); - -// src/validateChecksumFromResponse.ts - - -// src/getChecksum.ts -var getChecksum = /* @__PURE__ */ __name(async (body, { checksumAlgorithmFn, base64Encoder }) => base64Encoder(await stringHasher(checksumAlgorithmFn, body)), "getChecksum"); - -// src/validateChecksumFromResponse.ts -var validateChecksumFromResponse = /* @__PURE__ */ __name(async (response, { config, responseAlgorithms, logger }) => { - const checksumAlgorithms = getChecksumAlgorithmListForResponse(responseAlgorithms); - const { body: responseBody, headers: responseHeaders } = response; - for (const algorithm of checksumAlgorithms) { - const responseHeader = getChecksumLocationName(algorithm); - const checksumFromResponse = responseHeaders[responseHeader]; - if (checksumFromResponse) { - let checksumAlgorithmFn; - try { - checksumAlgorithmFn = selectChecksumAlgorithmFunction(algorithm, config); - } catch (error) { - if (algorithm === "CRC64NVME" /* CRC64NVME */) { - logger?.warn(`Skipping ${"CRC64NVME" /* CRC64NVME */} checksum validation: ${error.message}`); - continue; + } else if (ns.isDocumentSchema()) { + throw new Error(`@aws-sdk/core/protocols - QuerySerializer unsupported document type ${ns.getName(true)}`); + } else if (ns.isListSchema()) { + if (Array.isArray(value)) { + if (value.length === 0) { + if (this.settings.serializeEmptyLists) { + this.writeKey(prefix); + this.writeValue(""); + } + } else { + const member = ns.getValueSchema(); + const flat = this.settings.flattenLists || ns.getMergedTraits().xmlFlattened; + let i = 1; + for (const item of value) { + if (item == null) { + continue; + } + const suffix = this.getKey("member", member.getMergedTraits().xmlName); + const key = flat ? `${prefix}${i}` : `${prefix}${suffix}.${i}`; + this.write(member, item, key); + ++i; + } } - throw error; } - const { base64Encoder } = config; - if (isStreaming(responseBody)) { - response.body = (0, import_util_stream.createChecksumStream)({ - expectedChecksum: checksumFromResponse, - checksumSourceLocation: responseHeader, - checksum: new checksumAlgorithmFn(), - source: responseBody, - base64Encoder - }); - return; + } else if (ns.isMapSchema()) { + if (value && typeof value === "object") { + const keySchema = ns.getKeySchema(); + const memberSchema = ns.getValueSchema(); + const flat = ns.getMergedTraits().xmlFlattened; + let i = 1; + for (const [k, v] of Object.entries(value)) { + if (v == null) { + continue; + } + const keySuffix = this.getKey("key", keySchema.getMergedTraits().xmlName); + const key = flat ? `${prefix}${i}.${keySuffix}` : `${prefix}entry.${i}.${keySuffix}`; + const valueSuffix = this.getKey("value", memberSchema.getMergedTraits().xmlName); + const valueKey = flat ? `${prefix}${i}.${valueSuffix}` : `${prefix}entry.${i}.${valueSuffix}`; + this.write(keySchema, k, key); + this.write(memberSchema, v, valueKey); + ++i; + } } - const checksum = await getChecksum(responseBody, { checksumAlgorithmFn, base64Encoder }); - if (checksum === checksumFromResponse) { - break; + } else if (ns.isStructSchema()) { + if (value && typeof value === "object") { + for (const [memberName, member] of ns.structIterator()) { + if (value[memberName] == null && !member.isIdempotencyToken()) { + continue; + } + const suffix = this.getKey(memberName, member.getMergedTraits().xmlName); + const key = `${prefix}${suffix}`; + this.write(member, value[memberName], key); + } } - throw new Error( - `Checksum mismatch: expected "${checksum}" but received "${checksumFromResponse}" in response header "${responseHeader}".` - ); + } else if (ns.isUnitSchema()) { + } else { + throw new Error(`@aws-sdk/core/protocols - QuerySerializer unrecognized schema type ${ns.getName(true)}`); } } -}, "validateChecksumFromResponse"); - -// src/flexibleChecksumsResponseMiddleware.ts -var flexibleChecksumsResponseMiddlewareOptions = { - name: "flexibleChecksumsResponseMiddleware", - toMiddleware: "deserializerMiddleware", - relation: "after", - tags: ["BODY_CHECKSUM"], - override: true -}; -var flexibleChecksumsResponseMiddleware = /* @__PURE__ */ __name((config, middlewareConfig) => (next, context) => async (args) => { - if (!import_protocol_http.HttpRequest.isInstance(args.request)) { - return next(args); + flush() { + if (this.buffer === void 0) { + throw new Error("@aws-sdk/core/protocols - QuerySerializer cannot flush with nothing written to buffer."); + } + const str = this.buffer; + delete this.buffer; + return str; } - const input = args.input; - const result = await next(args); - const response = result.response; - const { requestValidationModeMember, responseAlgorithms } = middlewareConfig; - if (requestValidationModeMember && input[requestValidationModeMember] === "ENABLED") { - const { clientName, commandName } = context; - const isS3WholeObjectMultipartGetResponseChecksum = clientName === "S3Client" && commandName === "GetObjectCommand" && getChecksumAlgorithmListForResponse(responseAlgorithms).every((algorithm) => { - const responseHeader = getChecksumLocationName(algorithm); - const checksumFromResponse = response.headers[responseHeader]; - return !checksumFromResponse || isChecksumWithPartNumber(checksumFromResponse); - }); - if (isS3WholeObjectMultipartGetResponseChecksum) { - return result; + getKey(memberName, xmlName) { + const key = xmlName ?? memberName; + if (this.settings.capitalizeKeys) { + return key[0].toUpperCase() + key.slice(1); } - await validateChecksumFromResponse(response, { - config, - responseAlgorithms, - logger: context.logger - }); + return key; } - return result; -}, "flexibleChecksumsResponseMiddleware"); - -// src/getFlexibleChecksumsPlugin.ts -var getFlexibleChecksumsPlugin = /* @__PURE__ */ __name((config, middlewareConfig) => ({ - applyToStack: /* @__PURE__ */ __name((clientStack) => { - clientStack.add(flexibleChecksumsMiddleware(config, middlewareConfig), flexibleChecksumsMiddlewareOptions); - clientStack.addRelativeTo( - flexibleChecksumsInputMiddleware(config, middlewareConfig), - flexibleChecksumsInputMiddlewareOptions - ); - clientStack.addRelativeTo( - flexibleChecksumsResponseMiddleware(config, middlewareConfig), - flexibleChecksumsResponseMiddlewareOptions - ); - }, "applyToStack") -}), "getFlexibleChecksumsPlugin"); - -// src/resolveFlexibleChecksumsConfig.ts -var import_util_middleware = __nccwpck_require__(2390); -var resolveFlexibleChecksumsConfig = /* @__PURE__ */ __name((input) => { - const { requestChecksumCalculation, responseChecksumValidation, requestStreamBufferSize } = input; - return Object.assign(input, { - requestChecksumCalculation: (0, import_util_middleware.normalizeProvider)(requestChecksumCalculation ?? DEFAULT_REQUEST_CHECKSUM_CALCULATION), - responseChecksumValidation: (0, import_util_middleware.normalizeProvider)(responseChecksumValidation ?? DEFAULT_RESPONSE_CHECKSUM_VALIDATION), - requestStreamBufferSize: Number(requestStreamBufferSize ?? 0) - }); -}, "resolveFlexibleChecksumsConfig"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 2545: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + writeKey(key) { + if (key.endsWith(".")) { + key = key.slice(0, key.length - 1); + } + this.buffer += `&${(0, import_protocols4.extendedEncodeURIComponent)(key)}=`; } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - getHostHeaderPlugin: () => getHostHeaderPlugin, - hostHeaderMiddleware: () => hostHeaderMiddleware, - hostHeaderMiddlewareOptions: () => hostHeaderMiddlewareOptions, - resolveHostHeaderConfig: () => resolveHostHeaderConfig -}); -module.exports = __toCommonJS(index_exports); -var import_protocol_http = __nccwpck_require__(4418); -function resolveHostHeaderConfig(input) { - return input; -} -__name(resolveHostHeaderConfig, "resolveHostHeaderConfig"); -var hostHeaderMiddleware = /* @__PURE__ */ __name((options) => (next) => async (args) => { - if (!import_protocol_http.HttpRequest.isInstance(args.request)) return next(args); - const { request } = args; - const { handlerProtocol = "" } = options.requestHandler.metadata || {}; - if (handlerProtocol.indexOf("h2") >= 0 && !request.headers[":authority"]) { - delete request.headers["host"]; - request.headers[":authority"] = request.hostname + (request.port ? ":" + request.port : ""); - } else if (!request.headers["host"]) { - let host = request.hostname; - if (request.port != null) host += `:${request.port}`; - request.headers["host"] = host; + writeValue(value) { + this.buffer += (0, import_protocols4.extendedEncodeURIComponent)(value); } - return next(args); -}, "hostHeaderMiddleware"); -var hostHeaderMiddlewareOptions = { - name: "hostHeaderMiddleware", - step: "build", - priority: "low", - tags: ["HOST"], - override: true }; -var getHostHeaderPlugin = /* @__PURE__ */ __name((options) => ({ - applyToStack: /* @__PURE__ */ __name((clientStack) => { - clientStack.add(hostHeaderMiddleware(options), hostHeaderMiddlewareOptions); - }, "applyToStack") -}), "getHostHeaderPlugin"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 2098: -/***/ ((module) => { - -"use strict"; -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); +// src/submodules/protocols/query/AwsQueryProtocol.ts +var AwsQueryProtocol = class extends import_protocols5.RpcProtocol { + constructor(options) { + super({ + defaultNamespace: options.defaultNamespace + }); + this.options = options; + const settings = { + timestampFormat: { + useTrait: true, + default: import_schema7.SCHEMA.TIMESTAMP_DATE_TIME + }, + httpBindings: false, + xmlNamespace: options.xmlNamespace, + serviceNamespace: options.defaultNamespace, + serializeEmptyLists: true + }; + this.serializer = new QueryShapeSerializer(settings); + this.deserializer = new XmlShapeDeserializer(settings); } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - getLocationConstraintPlugin: () => getLocationConstraintPlugin, - locationConstraintMiddleware: () => locationConstraintMiddleware, - locationConstraintMiddlewareOptions: () => locationConstraintMiddlewareOptions -}); -module.exports = __toCommonJS(index_exports); -function locationConstraintMiddleware(options) { - return (next) => async (args) => { - const { CreateBucketConfiguration } = args.input; - const region = await options.region(); - if (!CreateBucketConfiguration?.LocationConstraint && !CreateBucketConfiguration?.Location) { - args = { - ...args, - input: { - ...args.input, - CreateBucketConfiguration: region === "us-east-1" ? void 0 : { LocationConstraint: region } - } - }; - } - return next(args); - }; -} -__name(locationConstraintMiddleware, "locationConstraintMiddleware"); -var locationConstraintMiddlewareOptions = { - step: "initialize", - tags: ["LOCATION_CONSTRAINT", "CREATE_BUCKET_CONFIGURATION"], - name: "locationConstraintMiddleware", - override: true -}; -var getLocationConstraintPlugin = /* @__PURE__ */ __name((config) => ({ - applyToStack: /* @__PURE__ */ __name((clientStack) => { - clientStack.add(locationConstraintMiddleware(config), locationConstraintMiddlewareOptions); - }, "applyToStack") -}), "getLocationConstraintPlugin"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 14: -/***/ ((module) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + static { + __name(this, "AwsQueryProtocol"); } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - getLoggerPlugin: () => getLoggerPlugin, - loggerMiddleware: () => loggerMiddleware, - loggerMiddlewareOptions: () => loggerMiddlewareOptions -}); -module.exports = __toCommonJS(index_exports); - -// src/loggerMiddleware.ts -var loggerMiddleware = /* @__PURE__ */ __name(() => (next, context) => async (args) => { - try { - const response = await next(args); - const { clientName, commandName, logger, dynamoDbDocumentClientOptions = {} } = context; - const { overrideInputFilterSensitiveLog, overrideOutputFilterSensitiveLog } = dynamoDbDocumentClientOptions; - const inputFilterSensitiveLog = overrideInputFilterSensitiveLog ?? context.inputFilterSensitiveLog; - const outputFilterSensitiveLog = overrideOutputFilterSensitiveLog ?? context.outputFilterSensitiveLog; - const { $metadata, ...outputWithoutMetadata } = response.output; - logger?.info?.({ - clientName, - commandName, - input: inputFilterSensitiveLog(args.input), - output: outputFilterSensitiveLog(outputWithoutMetadata), - metadata: $metadata + serializer; + deserializer; + getShapeId() { + return "aws.protocols#awsQuery"; + } + setSerdeContext(serdeContext) { + this.serializer.setSerdeContext(serdeContext); + this.deserializer.setSerdeContext(serdeContext); + } + getPayloadCodec() { + throw new Error("AWSQuery protocol has no payload codec."); + } + async serializeRequest(operationSchema, input, context) { + const request = await super.serializeRequest(operationSchema, input, context); + if (!request.path.endsWith("/")) { + request.path += "/"; + } + Object.assign(request.headers, { + "content-type": `application/x-www-form-urlencoded` }); - return response; - } catch (error) { - const { clientName, commandName, logger, dynamoDbDocumentClientOptions = {} } = context; - const { overrideInputFilterSensitiveLog } = dynamoDbDocumentClientOptions; - const inputFilterSensitiveLog = overrideInputFilterSensitiveLog ?? context.inputFilterSensitiveLog; - logger?.error?.({ - clientName, - commandName, - input: inputFilterSensitiveLog(args.input), - error, - metadata: error.$metadata + if ((0, import_schema7.deref)(operationSchema.input) === "unit" || !request.body) { + request.body = ""; + } + request.body = `Action=${operationSchema.name.split("#")[1]}&Version=${this.options.version}` + request.body; + if (request.body.endsWith("&")) { + request.body = request.body.slice(-1); + } + try { + request.headers["content-length"] = String((0, import_util_body_length_browser3.calculateBodyLength)(request.body)); + } catch (e) { + } + return request; + } + async deserializeResponse(operationSchema, context, response) { + const deserializer = this.deserializer; + const ns = import_schema7.NormalizedSchema.of(operationSchema.output); + const dataObject = {}; + if (response.statusCode >= 300) { + const bytes2 = await (0, import_protocols5.collectBody)(response.body, context); + if (bytes2.byteLength > 0) { + Object.assign(dataObject, await deserializer.read(import_schema7.SCHEMA.DOCUMENT, bytes2)); + } + await this.handleError(operationSchema, context, response, dataObject, this.deserializeMetadata(response)); + } + for (const header in response.headers) { + const value = response.headers[header]; + delete response.headers[header]; + response.headers[header.toLowerCase()] = value; + } + const awsQueryResultKey = ns.isStructSchema() && this.useNestedResult() ? operationSchema.name.split("#")[1] + "Result" : void 0; + const bytes = await (0, import_protocols5.collectBody)(response.body, context); + if (bytes.byteLength > 0) { + Object.assign(dataObject, await deserializer.read(ns, bytes, awsQueryResultKey)); + } + const output = { + $metadata: this.deserializeMetadata(response), + ...dataObject + }; + return output; + } + /** + * EC2 Query overrides this. + */ + useNestedResult() { + return true; + } + async handleError(operationSchema, context, response, dataObject, metadata) { + const errorIdentifier = this.loadQueryErrorCode(response, dataObject) ?? "Unknown"; + let namespace = this.options.defaultNamespace; + let errorName = errorIdentifier; + if (errorIdentifier.includes("#")) { + [namespace, errorName] = errorIdentifier.split("#"); + } + const errorDataSource = this.loadQueryError(dataObject); + const registry = import_schema7.TypeRegistry.for(namespace); + let errorSchema; + try { + errorSchema = registry.find( + (schema) => import_schema7.NormalizedSchema.of(schema).getMergedTraits().awsQueryError?.[0] === errorName + ); + if (!errorSchema) { + errorSchema = registry.getSchema(errorIdentifier); + } + } catch (e) { + const baseExceptionSchema = import_schema7.TypeRegistry.for("smithy.ts.sdk.synthetic." + namespace).getBaseException(); + if (baseExceptionSchema) { + const ErrorCtor = baseExceptionSchema.ctor; + throw Object.assign(new ErrorCtor(errorName), errorDataSource); + } + throw new Error(errorName); + } + const ns = import_schema7.NormalizedSchema.of(errorSchema); + const message = this.loadQueryErrorMessage(dataObject); + const exception = new errorSchema.ctor(message); + const output = {}; + for (const [name, member] of ns.structIterator()) { + const target = member.getMergedTraits().xmlName ?? name; + const value = errorDataSource[target] ?? dataObject[target]; + output[name] = this.deserializer.readSchema(member, value); + } + Object.assign(exception, { + $metadata: metadata, + $response: response, + $fault: ns.getMergedTraits().error, + message, + ...output }); - throw error; + throw exception; + } + /** + * The variations in the error and error message locations are attributed to + * divergence between AWS Query and EC2 Query behavior. + */ + loadQueryErrorCode(output, data) { + const code = (data.Errors?.[0]?.Error ?? data.Errors?.Error ?? data.Error)?.Code; + if (code !== void 0) { + return code; + } + if (output.statusCode == 404) { + return "NotFound"; + } } -}, "loggerMiddleware"); -var loggerMiddlewareOptions = { - name: "loggerMiddleware", - tags: ["LOGGER"], - step: "initialize", - override: true -}; -var getLoggerPlugin = /* @__PURE__ */ __name((options) => ({ - applyToStack: /* @__PURE__ */ __name((clientStack) => { - clientStack.add(loggerMiddleware(), loggerMiddlewareOptions); - }, "applyToStack") -}), "getLoggerPlugin"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 5525: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; - -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + loadQueryError(data) { + return data.Errors?.[0]?.Error ?? data.Errors?.Error ?? data.Error; + } + loadQueryErrorMessage(data) { + const errorData = this.loadQueryError(data); + return errorData?.message ?? errorData?.Message ?? data.message ?? data.Message ?? "Unknown"; + } + /** + * @override + */ + getDefaultContentType() { + return "application/x-www-form-urlencoded"; } - return to; }; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -// src/index.ts -var index_exports = {}; -__export(index_exports, { - addRecursionDetectionMiddlewareOptions: () => addRecursionDetectionMiddlewareOptions, - getRecursionDetectionPlugin: () => getRecursionDetectionPlugin, - recursionDetectionMiddleware: () => recursionDetectionMiddleware -}); -module.exports = __toCommonJS(index_exports); -var import_protocol_http = __nccwpck_require__(4418); -var TRACE_ID_HEADER_NAME = "X-Amzn-Trace-Id"; -var ENV_LAMBDA_FUNCTION_NAME = "AWS_LAMBDA_FUNCTION_NAME"; -var ENV_TRACE_ID = "_X_AMZN_TRACE_ID"; -var recursionDetectionMiddleware = /* @__PURE__ */ __name((options) => (next) => async (args) => { - const { request } = args; - if (!import_protocol_http.HttpRequest.isInstance(request) || options.runtime !== "node") { - return next(args); +// src/submodules/protocols/query/AwsEc2QueryProtocol.ts +var AwsEc2QueryProtocol = class extends AwsQueryProtocol { + constructor(options) { + super(options); + this.options = options; + const ec2Settings = { + capitalizeKeys: true, + flattenLists: true, + serializeEmptyLists: false + }; + Object.assign(this.serializer.settings, ec2Settings); } - const traceIdHeader = Object.keys(request.headers ?? {}).find((h) => h.toLowerCase() === TRACE_ID_HEADER_NAME.toLowerCase()) ?? TRACE_ID_HEADER_NAME; - if (request.headers.hasOwnProperty(traceIdHeader)) { - return next(args); + static { + __name(this, "AwsEc2QueryProtocol"); } - const functionName = process.env[ENV_LAMBDA_FUNCTION_NAME]; - const traceId = process.env[ENV_TRACE_ID]; - const nonEmptyString = /* @__PURE__ */ __name((str) => typeof str === "string" && str.length > 0, "nonEmptyString"); - if (nonEmptyString(functionName) && nonEmptyString(traceId)) { - request.headers[TRACE_ID_HEADER_NAME] = traceId; + /** + * EC2 Query reads XResponse.XResult instead of XResponse directly. + */ + useNestedResult() { + return false; } - return next({ - ...args, - request - }); -}, "recursionDetectionMiddleware"); -var addRecursionDetectionMiddlewareOptions = { - step: "build", - tags: ["RECURSION_DETECTION"], - name: "recursionDetectionMiddleware", - override: true, - priority: "low" }; -var getRecursionDetectionPlugin = /* @__PURE__ */ __name((options) => ({ - applyToStack: /* @__PURE__ */ __name((clientStack) => { - clientStack.add(recursionDetectionMiddleware(options), addRecursionDetectionMiddlewareOptions); - }, "applyToStack") -}), "getRecursionDetectionPlugin"); -// Annotate the CommonJS export names for ESM import in node: - -0 && (0); - - - -/***/ }), - -/***/ 1139: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { -"use strict"; +// src/submodules/protocols/xml/AwsRestXmlProtocol.ts +var import_protocols6 = __nccwpck_require__(2241); +var import_schema9 = __nccwpck_require__(9826); +var import_util_body_length_browser4 = __nccwpck_require__(713); -var __defProp = Object.defineProperty; -var __getOwnPropDesc = Object.getOwnPropertyDescriptor; -var __getOwnPropNames = Object.getOwnPropertyNames; -var __hasOwnProp = Object.prototype.hasOwnProperty; -var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); -var __export = (target, all) => { - for (var name in all) - __defProp(target, name, { get: all[name], enumerable: true }); -}; -var __copyProps = (to, from, except, desc) => { - if (from && typeof from === "object" || typeof from === "function") { - for (let key of __getOwnPropNames(from)) - if (!__hasOwnProp.call(to, key) && key !== except) - __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); +// src/submodules/protocols/xml/parseXmlBody.ts +var import_smithy_client5 = __nccwpck_require__(3570); +var import_fast_xml_parser2 = __nccwpck_require__(6388); +var parseXmlBody = /* @__PURE__ */ __name((streamBody, context) => collectBodyString(streamBody, context).then((encoded) => { + if (encoded.length) { + const parser = new import_fast_xml_parser2.XMLParser({ + attributeNamePrefix: "", + htmlEntities: true, + ignoreAttributes: false, + ignoreDeclaration: true, + parseTagValue: false, + trimValues: false, + tagValueProcessor: /* @__PURE__ */ __name((_, val) => val.trim() === "" && val.includes("\n") ? "" : void 0, "tagValueProcessor") + }); + parser.addEntity("#xD", "\r"); + parser.addEntity("#10", "\n"); + let parsedObj; + try { + parsedObj = parser.parse(encoded, true); + } catch (e) { + if (e && typeof e === "object") { + Object.defineProperty(e, "$responseBodyText", { + value: encoded + }); + } + throw e; + } + const textNodeName = "#text"; + const key = Object.keys(parsedObj)[0]; + const parsedObjToReturn = parsedObj[key]; + if (parsedObjToReturn[textNodeName]) { + parsedObjToReturn[key] = parsedObjToReturn[textNodeName]; + delete parsedObjToReturn[textNodeName]; + } + return (0, import_smithy_client5.getValueFromTextNode)(parsedObjToReturn); } - return to; -}; -var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); - -// src/index.ts -var index_exports = {}; -__export(index_exports, { - NODE_DISABLE_S3_EXPRESS_SESSION_AUTH_OPTIONS: () => NODE_DISABLE_S3_EXPRESS_SESSION_AUTH_OPTIONS, - S3ExpressIdentityCache: () => S3ExpressIdentityCache, - S3ExpressIdentityCacheEntry: () => S3ExpressIdentityCacheEntry, - S3ExpressIdentityProviderImpl: () => S3ExpressIdentityProviderImpl, - SignatureV4S3Express: () => SignatureV4S3Express, - checkContentLengthHeader: () => checkContentLengthHeader, - checkContentLengthHeaderMiddlewareOptions: () => checkContentLengthHeaderMiddlewareOptions, - getCheckContentLengthHeaderPlugin: () => getCheckContentLengthHeaderPlugin, - getRegionRedirectMiddlewarePlugin: () => getRegionRedirectMiddlewarePlugin, - getS3ExpiresMiddlewarePlugin: () => getS3ExpiresMiddlewarePlugin, - getS3ExpressHttpSigningPlugin: () => getS3ExpressHttpSigningPlugin, - getS3ExpressPlugin: () => getS3ExpressPlugin, - getThrow200ExceptionsPlugin: () => getThrow200ExceptionsPlugin, - getValidateBucketNamePlugin: () => getValidateBucketNamePlugin, - regionRedirectEndpointMiddleware: () => regionRedirectEndpointMiddleware, - regionRedirectEndpointMiddlewareOptions: () => regionRedirectEndpointMiddlewareOptions, - regionRedirectMiddleware: () => regionRedirectMiddleware, - regionRedirectMiddlewareOptions: () => regionRedirectMiddlewareOptions, - resolveS3Config: () => resolveS3Config, - s3ExpiresMiddleware: () => s3ExpiresMiddleware, - s3ExpiresMiddlewareOptions: () => s3ExpiresMiddlewareOptions, - s3ExpressHttpSigningMiddleware: () => s3ExpressHttpSigningMiddleware, - s3ExpressHttpSigningMiddlewareOptions: () => s3ExpressHttpSigningMiddlewareOptions, - s3ExpressMiddleware: () => s3ExpressMiddleware, - s3ExpressMiddlewareOptions: () => s3ExpressMiddlewareOptions, - throw200ExceptionsMiddleware: () => throw200ExceptionsMiddleware, - throw200ExceptionsMiddlewareOptions: () => throw200ExceptionsMiddlewareOptions, - validateBucketNameMiddleware: () => validateBucketNameMiddleware, - validateBucketNameMiddlewareOptions: () => validateBucketNameMiddlewareOptions -}); -module.exports = __toCommonJS(index_exports); + return {}; +}), "parseXmlBody"); +var parseXmlErrorBody = /* @__PURE__ */ __name(async (errorBody, context) => { + const value = await parseXmlBody(errorBody, context); + if (value.Error) { + value.Error.message = value.Error.message ?? value.Error.Message; + } + return value; +}, "parseXmlErrorBody"); +var loadRestXmlErrorCode = /* @__PURE__ */ __name((output, data) => { + if (data?.Error?.Code !== void 0) { + return data.Error.Code; + } + if (data?.Code !== void 0) { + return data.Code; + } + if (output.statusCode == 404) { + return "NotFound"; + } +}, "loadRestXmlErrorCode"); -// src/check-content-length-header.ts -var import_protocol_http = __nccwpck_require__(4418); -var import_smithy_client = __nccwpck_require__(3570); -var CONTENT_LENGTH_HEADER = "content-length"; -var DECODED_CONTENT_LENGTH_HEADER = "x-amz-decoded-content-length"; -function checkContentLengthHeader() { - return (next, context) => async (args) => { - const { request } = args; - if (import_protocol_http.HttpRequest.isInstance(request)) { - if (!(CONTENT_LENGTH_HEADER in request.headers) && !(DECODED_CONTENT_LENGTH_HEADER in request.headers)) { - const message = `Are you using a Stream of unknown length as the Body of a PutObject request? Consider using Upload instead from @aws-sdk/lib-storage.`; - if (typeof context?.logger?.warn === "function" && !(context.logger instanceof import_smithy_client.NoOpLogger)) { - context.logger.warn(message); +// src/submodules/protocols/xml/XmlShapeSerializer.ts +var import_xml_builder = __nccwpck_require__(5721); +var import_schema8 = __nccwpck_require__(9826); +var import_serde6 = __nccwpck_require__(7669); +var import_smithy_client6 = __nccwpck_require__(3570); +var import_util_base643 = __nccwpck_require__(5600); +var XmlShapeSerializer = class extends SerdeContextConfig { + constructor(settings) { + super(); + this.settings = settings; + } + static { + __name(this, "XmlShapeSerializer"); + } + stringBuffer; + byteBuffer; + buffer; + write(schema, value) { + const ns = import_schema8.NormalizedSchema.of(schema); + if (ns.isStringSchema() && typeof value === "string") { + this.stringBuffer = value; + } else if (ns.isBlobSchema()) { + this.byteBuffer = "byteLength" in value ? value : (this.serdeContext?.base64Decoder ?? import_util_base643.fromBase64)(value); + } else { + this.buffer = this.writeStruct(ns, value, void 0); + const traits = ns.getMergedTraits(); + if (traits.httpPayload && !traits.xmlName) { + this.buffer.withName(ns.getName()); + } + } + } + flush() { + if (this.byteBuffer !== void 0) { + const bytes = this.byteBuffer; + delete this.byteBuffer; + return bytes; + } + if (this.stringBuffer !== void 0) { + const str = this.stringBuffer; + delete this.stringBuffer; + return str; + } + const buffer = this.buffer; + if (this.settings.xmlNamespace) { + if (!buffer?.attributes?.["xmlns"]) { + buffer.addAttribute("xmlns", this.settings.xmlNamespace); + } + } + delete this.buffer; + return buffer.toString(); + } + writeStruct(ns, value, parentXmlns) { + const traits = ns.getMergedTraits(); + const name = ns.isMemberSchema() && !traits.httpPayload ? ns.getMemberTraits().xmlName ?? ns.getMemberName() : traits.xmlName ?? ns.getName(); + if (!name || !ns.isStructSchema()) { + throw new Error( + `@aws-sdk/core/protocols - xml serializer, cannot write struct with empty name or non-struct, schema=${ns.getName( + true + )}.` + ); + } + const structXmlNode = import_xml_builder.XmlNode.of(name); + const [xmlnsAttr, xmlns] = this.getXmlnsAttribute(ns, parentXmlns); + if (xmlns) { + structXmlNode.addAttribute(xmlnsAttr, xmlns); + } + for (const [memberName, memberSchema] of ns.structIterator()) { + const val = value[memberName]; + if (val != null || memberSchema.isIdempotencyToken()) { + if (memberSchema.getMergedTraits().xmlAttribute) { + structXmlNode.addAttribute( + memberSchema.getMergedTraits().xmlName ?? memberName, + this.writeSimple(memberSchema, val) + ); + continue; + } + if (memberSchema.isListSchema()) { + this.writeList(memberSchema, val, structXmlNode, xmlns); + } else if (memberSchema.isMapSchema()) { + this.writeMap(memberSchema, val, structXmlNode, xmlns); + } else if (memberSchema.isStructSchema()) { + structXmlNode.addChildNode(this.writeStruct(memberSchema, val, xmlns)); } else { - console.warn(message); + const memberNode = import_xml_builder.XmlNode.of(memberSchema.getMergedTraits().xmlName ?? memberSchema.getMemberName()); + this.writeSimpleInto(memberSchema, val, memberNode, xmlns); + structXmlNode.addChildNode(memberNode); } } } - return next({ ...args }); - }; -} -__name(checkContentLengthHeader, "checkContentLengthHeader"); -var checkContentLengthHeaderMiddlewareOptions = { - step: "finalizeRequest", - tags: ["CHECK_CONTENT_LENGTH_HEADER"], - name: "getCheckContentLengthHeaderPlugin", - override: true -}; -var getCheckContentLengthHeaderPlugin = /* @__PURE__ */ __name((unused) => ({ - applyToStack: /* @__PURE__ */ __name((clientStack) => { - clientStack.add(checkContentLengthHeader(), checkContentLengthHeaderMiddlewareOptions); - }, "applyToStack") -}), "getCheckContentLengthHeaderPlugin"); - -// src/region-redirect-endpoint-middleware.ts -var regionRedirectEndpointMiddleware = /* @__PURE__ */ __name((config) => { - return (next, context) => async (args) => { - const originalRegion = await config.region(); - const regionProviderRef = config.region; - let unlock = /* @__PURE__ */ __name(() => { - }, "unlock"); - if (context.__s3RegionRedirect) { - Object.defineProperty(config, "region", { - writable: false, - value: /* @__PURE__ */ __name(async () => { - return context.__s3RegionRedirect; - }, "value") - }); - unlock = /* @__PURE__ */ __name(() => Object.defineProperty(config, "region", { - writable: true, - value: regionProviderRef - }), "unlock"); + return structXmlNode; + } + writeList(listMember, array, container, parentXmlns) { + if (!listMember.isMemberSchema()) { + throw new Error( + `@aws-sdk/core/protocols - xml serializer, cannot write non-member list: ${listMember.getName(true)}` + ); } - try { - const result = await next(args); - if (context.__s3RegionRedirect) { - unlock(); - const region = await config.region(); - if (originalRegion !== region) { - throw new Error("Region was not restored following S3 region redirect."); + const listTraits = listMember.getMergedTraits(); + const listValueSchema = listMember.getValueSchema(); + const listValueTraits = listValueSchema.getMergedTraits(); + const sparse = !!listValueTraits.sparse; + const flat = !!listTraits.xmlFlattened; + const [xmlnsAttr, xmlns] = this.getXmlnsAttribute(listMember, parentXmlns); + const writeItem = /* @__PURE__ */ __name((container2, value) => { + if (listValueSchema.isListSchema()) { + this.writeList(listValueSchema, Array.isArray(value) ? value : [value], container2, xmlns); + } else if (listValueSchema.isMapSchema()) { + this.writeMap(listValueSchema, value, container2, xmlns); + } else if (listValueSchema.isStructSchema()) { + const struct = this.writeStruct(listValueSchema, value, xmlns); + container2.addChildNode( + struct.withName(flat ? listTraits.xmlName ?? listMember.getMemberName() : listValueTraits.xmlName ?? "member") + ); + } else { + const listItemNode = import_xml_builder.XmlNode.of( + flat ? listTraits.xmlName ?? listMember.getMemberName() : listValueTraits.xmlName ?? "member" + ); + this.writeSimpleInto(listValueSchema, value, listItemNode, xmlns); + container2.addChildNode(listItemNode); + } + }, "writeItem"); + if (flat) { + for (const value of array) { + if (sparse || value != null) { + writeItem(container, value); } } - return result; - } catch (e) { - unlock(); - throw e; + } else { + const listNode = import_xml_builder.XmlNode.of(listTraits.xmlName ?? listMember.getMemberName()); + if (xmlns) { + listNode.addAttribute(xmlnsAttr, xmlns); + } + for (const value of array) { + if (sparse || value != null) { + writeItem(listNode, value); + } + } + container.addChildNode(listNode); } - }; -}, "regionRedirectEndpointMiddleware"); -var regionRedirectEndpointMiddlewareOptions = { - tags: ["REGION_REDIRECT", "S3"], - name: "regionRedirectEndpointMiddleware", - override: true, - relation: "before", - toMiddleware: "endpointV2Middleware" -}; - -// src/region-redirect-middleware.ts -function regionRedirectMiddleware(clientConfig) { - return (next, context) => async (args) => { - try { - return await next(args); - } catch (err) { - if (clientConfig.followRegionRedirects) { - if (err?.$metadata?.httpStatusCode === 301 || // err.name === "PermanentRedirect" && --> removing the error name check, as that allows for HEAD operations (which have the 301 status code, but not the same error name) to be covered for region redirection as well - err?.$metadata?.httpStatusCode === 400 && err?.name === "IllegalLocationConstraintException") { - try { - const actualRegion = err.$response.headers["x-amz-bucket-region"]; - context.logger?.debug(`Redirecting from ${await clientConfig.region()} to ${actualRegion}`); - context.__s3RegionRedirect = actualRegion; - } catch (e) { - throw new Error("Region redirect failed: " + e); - } - return next(args); + } + writeMap(mapMember, map, container, parentXmlns, containerIsMap = false) { + if (!mapMember.isMemberSchema()) { + throw new Error( + `@aws-sdk/core/protocols - xml serializer, cannot write non-member map: ${mapMember.getName(true)}` + ); + } + const mapTraits = mapMember.getMergedTraits(); + const mapKeySchema = mapMember.getKeySchema(); + const mapKeyTraits = mapKeySchema.getMergedTraits(); + const keyTag = mapKeyTraits.xmlName ?? "key"; + const mapValueSchema = mapMember.getValueSchema(); + const mapValueTraits = mapValueSchema.getMergedTraits(); + const valueTag = mapValueTraits.xmlName ?? "value"; + const sparse = !!mapValueTraits.sparse; + const flat = !!mapTraits.xmlFlattened; + const [xmlnsAttr, xmlns] = this.getXmlnsAttribute(mapMember, parentXmlns); + const addKeyValue = /* @__PURE__ */ __name((entry, key, val) => { + const keyNode = import_xml_builder.XmlNode.of(keyTag, key); + const [keyXmlnsAttr, keyXmlns] = this.getXmlnsAttribute(mapKeySchema, xmlns); + if (keyXmlns) { + keyNode.addAttribute(keyXmlnsAttr, keyXmlns); + } + entry.addChildNode(keyNode); + let valueNode = import_xml_builder.XmlNode.of(valueTag); + if (mapValueSchema.isListSchema()) { + this.writeList(mapValueSchema, val, valueNode, xmlns); + } else if (mapValueSchema.isMapSchema()) { + this.writeMap(mapValueSchema, val, valueNode, xmlns, true); + } else if (mapValueSchema.isStructSchema()) { + valueNode = this.writeStruct(mapValueSchema, val, xmlns); + } else { + this.writeSimpleInto(mapValueSchema, val, valueNode, xmlns); + } + entry.addChildNode(valueNode); + }, "addKeyValue"); + if (flat) { + for (const [key, val] of Object.entries(map)) { + if (sparse || val != null) { + const entry = import_xml_builder.XmlNode.of(mapTraits.xmlName ?? mapMember.getMemberName()); + addKeyValue(entry, key, val); + container.addChildNode(entry); + } + } + } else { + let mapNode; + if (!containerIsMap) { + mapNode = import_xml_builder.XmlNode.of(mapTraits.xmlName ?? mapMember.getMemberName()); + if (xmlns) { + mapNode.addAttribute(xmlnsAttr, xmlns); + } + container.addChildNode(mapNode); + } + for (const [key, val] of Object.entries(map)) { + if (sparse || val != null) { + const entry = import_xml_builder.XmlNode.of("entry"); + addKeyValue(entry, key, val); + (containerIsMap ? container : mapNode).addChildNode(entry); } } - throw err; } - }; -} -__name(regionRedirectMiddleware, "regionRedirectMiddleware"); -var regionRedirectMiddlewareOptions = { - step: "initialize", - tags: ["REGION_REDIRECT", "S3"], - name: "regionRedirectMiddleware", - override: true -}; -var getRegionRedirectMiddlewarePlugin = /* @__PURE__ */ __name((clientConfig) => ({ - applyToStack: /* @__PURE__ */ __name((clientStack) => { - clientStack.add(regionRedirectMiddleware(clientConfig), regionRedirectMiddlewareOptions); - clientStack.addRelativeTo(regionRedirectEndpointMiddleware(clientConfig), regionRedirectEndpointMiddlewareOptions); - }, "applyToStack") -}), "getRegionRedirectMiddlewarePlugin"); - -// src/s3-expires-middleware.ts - - -var s3ExpiresMiddleware = /* @__PURE__ */ __name((config) => { - return (next, context) => async (args) => { - const result = await next(args); - const { response } = result; - if (import_protocol_http.HttpResponse.isInstance(response)) { - if (response.headers.expires) { - response.headers.expiresstring = response.headers.expires; - try { - (0, import_smithy_client.parseRfc7231DateTime)(response.headers.expires); - } catch (e) { - context.logger?.warn( - `AWS SDK Warning for ${context.clientName}::${context.commandName} response parsing (${response.headers.expires}): ${e}` - ); - delete response.headers.expires; + } + writeSimple(_schema, value) { + if (null === value) { + throw new Error("@aws-sdk/core/protocols - (XML serializer) cannot write null value."); + } + const ns = import_schema8.NormalizedSchema.of(_schema); + let nodeContents = null; + if (value && typeof value === "object") { + if (ns.isBlobSchema()) { + nodeContents = (this.serdeContext?.base64Encoder ?? import_util_base643.toBase64)(value); + } else if (ns.isTimestampSchema() && value instanceof Date) { + const options = this.settings.timestampFormat; + const format = options.useTrait ? ns.getSchema() === import_schema8.SCHEMA.TIMESTAMP_DEFAULT ? options.default : ns.getSchema() ?? options.default : options.default; + switch (format) { + case import_schema8.SCHEMA.TIMESTAMP_DATE_TIME: + nodeContents = value.toISOString().replace(".000Z", "Z"); + break; + case import_schema8.SCHEMA.TIMESTAMP_HTTP_DATE: + nodeContents = (0, import_smithy_client6.dateToUtcString)(value); + break; + case import_schema8.SCHEMA.TIMESTAMP_EPOCH_SECONDS: + nodeContents = String(value.getTime() / 1e3); + break; + default: + console.warn("Missing timestamp format, using http date", value); + nodeContents = (0, import_smithy_client6.dateToUtcString)(value); + break; + } + } else if (ns.isBigDecimalSchema() && value) { + if (value instanceof import_serde6.NumericValue) { + return value.string; } + return String(value); + } else if (ns.isMapSchema() || ns.isListSchema()) { + throw new Error( + "@aws-sdk/core/protocols - xml serializer, cannot call _write() on List/Map schema, call writeList or writeMap() instead." + ); + } else { + throw new Error( + `@aws-sdk/core/protocols - xml serializer, unhandled schema type for object value and schema: ${ns.getName( + true + )}` + ); } } - return result; - }; -}, "s3ExpiresMiddleware"); -var s3ExpiresMiddlewareOptions = { - tags: ["S3"], - name: "s3ExpiresMiddleware", - override: true, - relation: "after", - toMiddleware: "deserializerMiddleware" -}; -var getS3ExpiresMiddlewarePlugin = /* @__PURE__ */ __name((clientConfig) => ({ - applyToStack: /* @__PURE__ */ __name((clientStack) => { - clientStack.addRelativeTo(s3ExpiresMiddleware(clientConfig), s3ExpiresMiddlewareOptions); - }, "applyToStack") -}), "getS3ExpiresMiddlewarePlugin"); - -// src/s3-express/classes/S3ExpressIdentityCache.ts -var S3ExpressIdentityCache = class _S3ExpressIdentityCache { - constructor(data = {}) { - this.data = data; - } - static { - __name(this, "S3ExpressIdentityCache"); - } - lastPurgeTime = Date.now(); - static EXPIRED_CREDENTIAL_PURGE_INTERVAL_MS = 3e4; - get(key) { - const entry = this.data[key]; - if (!entry) { - return; + if (ns.isBooleanSchema() || ns.isNumericSchema() || ns.isBigIntegerSchema() || ns.isBigDecimalSchema()) { + nodeContents = String(value); } - return entry; - } - set(key, entry) { - this.data[key] = entry; - return entry; - } - delete(key) { - delete this.data[key]; + if (ns.isStringSchema()) { + if (value === void 0 && ns.isIdempotencyToken()) { + nodeContents = (0, import_serde6.generateIdempotencyToken)(); + } else { + nodeContents = String(value); + } + } + if (nodeContents === null) { + throw new Error(`Unhandled schema-value pair ${ns.getName(true)}=${value}`); + } + return nodeContents; } - async purgeExpired() { - const now = Date.now(); - if (this.lastPurgeTime + _S3ExpressIdentityCache.EXPIRED_CREDENTIAL_PURGE_INTERVAL_MS > now) { - return; + writeSimpleInto(_schema, value, into, parentXmlns) { + const nodeContents = this.writeSimple(_schema, value); + const ns = import_schema8.NormalizedSchema.of(_schema); + const content = new import_xml_builder.XmlText(nodeContents); + const [xmlnsAttr, xmlns] = this.getXmlnsAttribute(ns, parentXmlns); + if (xmlns) { + into.addAttribute(xmlnsAttr, xmlns); } - for (const key in this.data) { - const entry = this.data[key]; - if (!entry.isRefreshing) { - const credential = await entry.identity; - if (credential.expiration) { - if (credential.expiration.getTime() < now) { - delete this.data[key]; - } - } - } + into.addChildNode(content); + } + getXmlnsAttribute(ns, parentXmlns) { + const traits = ns.getMergedTraits(); + const [prefix, xmlns] = traits.xmlNamespace ?? []; + if (xmlns && xmlns !== parentXmlns) { + return [prefix ? `xmlns:${prefix}` : "xmlns", xmlns]; } + return [void 0, void 0]; } }; -// src/s3-express/classes/S3ExpressIdentityCacheEntry.ts -var S3ExpressIdentityCacheEntry = class { - /** - * @param identity - stored identity. - * @param accessed - timestamp of last access in epoch ms. - * @param isRefreshing - this key is currently in the process of being refreshed (background). - */ - constructor(_identity, isRefreshing = false, accessed = Date.now()) { - this._identity = _identity; - this.isRefreshing = isRefreshing; - this.accessed = accessed; +// src/submodules/protocols/xml/XmlCodec.ts +var XmlCodec = class extends SerdeContextConfig { + constructor(settings) { + super(); + this.settings = settings; } static { - __name(this, "S3ExpressIdentityCacheEntry"); + __name(this, "XmlCodec"); } - get identity() { - this.accessed = Date.now(); - return this._identity; + createSerializer() { + const serializer = new XmlShapeSerializer(this.settings); + serializer.setSerdeContext(this.serdeContext); + return serializer; + } + createDeserializer() { + const deserializer = new XmlShapeDeserializer(this.settings); + deserializer.setSerdeContext(this.serdeContext); + return deserializer; } }; -// src/s3-express/classes/S3ExpressIdentityProviderImpl.ts -var S3ExpressIdentityProviderImpl = class _S3ExpressIdentityProviderImpl { - constructor(createSessionFn, cache = new S3ExpressIdentityCache()) { - this.createSessionFn = createSessionFn; - this.cache = cache; - } +// src/submodules/protocols/xml/AwsRestXmlProtocol.ts +var AwsRestXmlProtocol = class extends import_protocols6.HttpBindingProtocol { static { - __name(this, "S3ExpressIdentityProviderImpl"); + __name(this, "AwsRestXmlProtocol"); } - static REFRESH_WINDOW_MS = 6e4; - async getS3ExpressIdentity(awsIdentity, identityProperties) { - const key = identityProperties.Bucket; - const { cache } = this; - const entry = cache.get(key); - if (entry) { - return entry.identity.then((identity) => { - const isExpired = (identity.expiration?.getTime() ?? 0) < Date.now(); - if (isExpired) { - return cache.set(key, new S3ExpressIdentityCacheEntry(this.getIdentity(key))).identity; + codec; + serializer; + deserializer; + constructor(options) { + super(options); + const settings = { + timestampFormat: { + useTrait: true, + default: import_schema9.SCHEMA.TIMESTAMP_DATE_TIME + }, + httpBindings: true, + xmlNamespace: options.xmlNamespace, + serviceNamespace: options.defaultNamespace + }; + this.codec = new XmlCodec(settings); + this.serializer = new import_protocols6.HttpInterceptingShapeSerializer(this.codec.createSerializer(), settings); + this.deserializer = new import_protocols6.HttpInterceptingShapeDeserializer(this.codec.createDeserializer(), settings); + } + getPayloadCodec() { + return this.codec; + } + getShapeId() { + return "aws.protocols#restXml"; + } + async serializeRequest(operationSchema, input, context) { + const request = await super.serializeRequest(operationSchema, input, context); + const ns = import_schema9.NormalizedSchema.of(operationSchema.input); + const members = ns.getMemberSchemas(); + request.path = String(request.path).split("/").filter((segment) => { + return segment !== "{Bucket}"; + }).join("/") || "/"; + if (!request.headers["content-type"]) { + const httpPayloadMember = Object.values(members).find((m) => { + return !!m.getMergedTraits().httpPayload; + }); + if (httpPayloadMember) { + const mediaType = httpPayloadMember.getMergedTraits().mediaType; + if (mediaType) { + request.headers["content-type"] = mediaType; + } else if (httpPayloadMember.isStringSchema()) { + request.headers["content-type"] = "text/plain"; + } else if (httpPayloadMember.isBlobSchema()) { + request.headers["content-type"] = "application/octet-stream"; + } else { + request.headers["content-type"] = this.getDefaultContentType(); } - const isExpiringSoon = (identity.expiration?.getTime() ?? 0) < Date.now() + _S3ExpressIdentityProviderImpl.REFRESH_WINDOW_MS; - if (isExpiringSoon && !entry.isRefreshing) { - entry.isRefreshing = true; - this.getIdentity(key).then((id) => { - cache.set(key, new S3ExpressIdentityCacheEntry(Promise.resolve(id))); - }); + } else if (!ns.isUnitSchema()) { + const hasBody = Object.values(members).find((m) => { + const { httpQuery, httpQueryParams, httpHeader, httpLabel, httpPrefixHeaders } = m.getMergedTraits(); + return !httpQuery && !httpQueryParams && !httpHeader && !httpLabel && httpPrefixHeaders === void 0; + }); + if (hasBody) { + request.headers["content-type"] = this.getDefaultContentType(); } - return identity; - }); + } } - return cache.set(key, new S3ExpressIdentityCacheEntry(this.getIdentity(key))).identity; - } - async getIdentity(key) { - await this.cache.purgeExpired().catch((error) => { - console.warn("Error while clearing expired entries in S3ExpressIdentityCache: \n" + error); - }); - const session = await this.createSessionFn(key); - if (!session.Credentials?.AccessKeyId || !session.Credentials?.SecretAccessKey) { - throw new Error("s3#createSession response credential missing AccessKeyId or SecretAccessKey."); + if (request.headers["content-type"] === this.getDefaultContentType()) { + if (typeof request.body === "string") { + request.body = '' + request.body; + } } - const identity = { - accessKeyId: session.Credentials.AccessKeyId, - secretAccessKey: session.Credentials.SecretAccessKey, - sessionToken: session.Credentials.SessionToken, - expiration: session.Credentials.Expiration ? new Date(session.Credentials.Expiration) : void 0 - }; - return identity; + if (request.body) { + try { + request.headers["content-length"] = String((0, import_util_body_length_browser4.calculateBodyLength)(request.body)); + } catch (e) { + } + } + return request; } -}; - -// src/s3-express/classes/SignatureV4S3Express.ts -var import_signature_v4 = __nccwpck_require__(1528); - -// src/s3-express/constants.ts -var import_util_config_provider = __nccwpck_require__(3375); -var S3_EXPRESS_BUCKET_TYPE = "Directory"; -var S3_EXPRESS_BACKEND = "S3Express"; -var S3_EXPRESS_AUTH_SCHEME = "sigv4-s3express"; -var SESSION_TOKEN_QUERY_PARAM = "X-Amz-S3session-Token"; -var SESSION_TOKEN_HEADER = SESSION_TOKEN_QUERY_PARAM.toLowerCase(); -var NODE_DISABLE_S3_EXPRESS_SESSION_AUTH_ENV_NAME = "AWS_S3_DISABLE_EXPRESS_SESSION_AUTH"; -var NODE_DISABLE_S3_EXPRESS_SESSION_AUTH_INI_NAME = "s3_disable_express_session_auth"; -var NODE_DISABLE_S3_EXPRESS_SESSION_AUTH_OPTIONS = { - environmentVariableSelector: /* @__PURE__ */ __name((env) => (0, import_util_config_provider.booleanSelector)(env, NODE_DISABLE_S3_EXPRESS_SESSION_AUTH_ENV_NAME, import_util_config_provider.SelectorType.ENV), "environmentVariableSelector"), - configFileSelector: /* @__PURE__ */ __name((profile) => (0, import_util_config_provider.booleanSelector)(profile, NODE_DISABLE_S3_EXPRESS_SESSION_AUTH_INI_NAME, import_util_config_provider.SelectorType.CONFIG), "configFileSelector"), - default: false -}; - -// src/s3-express/classes/SignatureV4S3Express.ts -var SignatureV4S3Express = class extends import_signature_v4.SignatureV4 { - static { - __name(this, "SignatureV4S3Express"); + async deserializeResponse(operationSchema, context, response) { + return super.deserializeResponse(operationSchema, context, response); } - /** - * Signs with alternate provided credentials instead of those provided in the - * constructor. - * - * Additionally omits the credential sessionToken and assigns it to the - * alternate header field for S3 Express. - */ - async signWithCredentials(requestToSign, credentials, options) { - const credentialsWithoutSessionToken = getCredentialsWithoutSessionToken(credentials); - requestToSign.headers[SESSION_TOKEN_HEADER] = credentials.sessionToken; - const privateAccess = this; - setSingleOverride(privateAccess, credentialsWithoutSessionToken); - return privateAccess.signRequest(requestToSign, options ?? {}); + async handleError(operationSchema, context, response, dataObject, metadata) { + const errorIdentifier = loadRestXmlErrorCode(response, dataObject) ?? "Unknown"; + let namespace = this.options.defaultNamespace; + let errorName = errorIdentifier; + if (errorIdentifier.includes("#")) { + [namespace, errorName] = errorIdentifier.split("#"); + } + const registry = import_schema9.TypeRegistry.for(namespace); + let errorSchema; + try { + errorSchema = registry.getSchema(errorIdentifier); + } catch (e) { + const baseExceptionSchema = import_schema9.TypeRegistry.for("smithy.ts.sdk.synthetic." + namespace).getBaseException(); + if (baseExceptionSchema) { + const ErrorCtor = baseExceptionSchema.ctor; + throw Object.assign(new ErrorCtor(errorName), dataObject); + } + throw new Error(errorName); + } + const ns = import_schema9.NormalizedSchema.of(errorSchema); + const message = dataObject.Error?.message ?? dataObject.Error?.Message ?? dataObject.message ?? dataObject.Message ?? "Unknown"; + const exception = new errorSchema.ctor(message); + await this.deserializeHttpMessage(errorSchema, context, response, dataObject); + const output = {}; + for (const [name, member] of ns.structIterator()) { + const target = member.getMergedTraits().xmlName ?? name; + const value = dataObject.Error?.[target] ?? dataObject[target]; + output[name] = this.codec.createDeserializer().readSchema(member, value); + } + Object.assign(exception, { + $metadata: metadata, + $response: response, + $fault: ns.getMergedTraits().error, + message, + ...output + }); + throw exception; } /** - * Similar to {@link SignatureV4S3Express#signWithCredentials} but for presigning. + * @override */ - async presignWithCredentials(requestToSign, credentials, options) { - const credentialsWithoutSessionToken = getCredentialsWithoutSessionToken(credentials); - delete requestToSign.headers[SESSION_TOKEN_HEADER]; - requestToSign.headers[SESSION_TOKEN_QUERY_PARAM] = credentials.sessionToken; - requestToSign.query = requestToSign.query ?? {}; - requestToSign.query[SESSION_TOKEN_QUERY_PARAM] = credentials.sessionToken; - const privateAccess = this; - setSingleOverride(privateAccess, credentialsWithoutSessionToken); - return this.presign(requestToSign, options); + getDefaultContentType() { + return "application/xml"; } }; -function getCredentialsWithoutSessionToken(credentials) { - const credentialsWithoutSessionToken = { - accessKeyId: credentials.accessKeyId, - secretAccessKey: credentials.secretAccessKey, - expiration: credentials.expiration - }; - return credentialsWithoutSessionToken; -} -__name(getCredentialsWithoutSessionToken, "getCredentialsWithoutSessionToken"); -function setSingleOverride(privateAccess, credentialsWithoutSessionToken) { - const id = setTimeout(() => { - throw new Error("SignatureV4S3Express credential override was created but not called."); - }, 10); - const currentCredentialProvider = privateAccess.credentialProvider; - const overrideCredentialsProviderOnce = /* @__PURE__ */ __name(() => { - clearTimeout(id); - privateAccess.credentialProvider = currentCredentialProvider; - return Promise.resolve(credentialsWithoutSessionToken); - }, "overrideCredentialsProviderOnce"); - privateAccess.credentialProvider = overrideCredentialsProviderOnce; -} -__name(setSingleOverride, "setSingleOverride"); - -// src/s3-express/functions/s3ExpressMiddleware.ts -var import_core = __nccwpck_require__(9963); +// Annotate the CommonJS export names for ESM import in node: +0 && (0); -var s3ExpressMiddleware = /* @__PURE__ */ __name((options) => { - return (next, context) => async (args) => { - if (context.endpointV2) { - const endpoint = context.endpointV2; - const isS3ExpressAuth = endpoint.properties?.authSchemes?.[0]?.name === S3_EXPRESS_AUTH_SCHEME; - const isS3ExpressBucket = endpoint.properties?.backend === S3_EXPRESS_BACKEND || endpoint.properties?.bucketType === S3_EXPRESS_BUCKET_TYPE; - if (isS3ExpressBucket) { - (0, import_core.setFeature)(context, "S3_EXPRESS_BUCKET", "J"); - context.isS3ExpressBucket = true; - } - if (isS3ExpressAuth) { - const requestBucket = args.input.Bucket; - if (requestBucket) { - const s3ExpressIdentity = await options.s3ExpressIdentityProvider.getS3ExpressIdentity( - await options.credentials(), - { - Bucket: requestBucket - } - ); - context.s3ExpressIdentity = s3ExpressIdentity; - if (import_protocol_http.HttpRequest.isInstance(args.request) && s3ExpressIdentity.sessionToken) { - args.request.headers[SESSION_TOKEN_HEADER] = s3ExpressIdentity.sessionToken; - } - } - } - } - return next(args); - }; -}, "s3ExpressMiddleware"); -var s3ExpressMiddlewareOptions = { - name: "s3ExpressMiddleware", - step: "build", - tags: ["S3", "S3_EXPRESS"], - override: true -}; -var getS3ExpressPlugin = /* @__PURE__ */ __name((options) => ({ - applyToStack: /* @__PURE__ */ __name((clientStack) => { - clientStack.add(s3ExpressMiddleware(options), s3ExpressMiddlewareOptions); - }, "applyToStack") -}), "getS3ExpressPlugin"); -// src/s3-express/functions/s3ExpressHttpSigningMiddleware.ts -var import_core2 = __nccwpck_require__(5829); +/***/ }), -var import_util_middleware = __nccwpck_require__(2390); +/***/ 5721: +/***/ ((module) => { -// src/s3-express/functions/signS3Express.ts -var signS3Express = /* @__PURE__ */ __name(async (s3ExpressIdentity, signingOptions, request, sigV4MultiRegionSigner) => { - const signedRequest = await sigV4MultiRegionSigner.signWithCredentials(request, s3ExpressIdentity, {}); - if (signedRequest.headers["X-Amz-Security-Token"] || signedRequest.headers["x-amz-security-token"]) { - throw new Error("X-Amz-Security-Token must not be set for s3-express requests."); - } - return signedRequest; -}, "signS3Express"); +"use strict"; -// src/s3-express/functions/s3ExpressHttpSigningMiddleware.ts -var defaultErrorHandler = /* @__PURE__ */ __name((signingProperties) => (error) => { - throw error; -}, "defaultErrorHandler"); -var defaultSuccessHandler = /* @__PURE__ */ __name((httpResponse, signingProperties) => { -}, "defaultSuccessHandler"); -var s3ExpressHttpSigningMiddlewareOptions = import_core2.httpSigningMiddlewareOptions; -var s3ExpressHttpSigningMiddleware = /* @__PURE__ */ __name((config) => (next, context) => async (args) => { - if (!import_protocol_http.HttpRequest.isInstance(args.request)) { - return next(args); - } - const smithyContext = (0, import_util_middleware.getSmithyContext)(context); - const scheme = smithyContext.selectedHttpAuthScheme; - if (!scheme) { - throw new Error(`No HttpAuthScheme was selected: unable to sign request`); - } - const { - httpAuthOption: { signingProperties = {} }, - identity, - signer - } = scheme; - let request; - if (context.s3ExpressIdentity) { - request = await signS3Express( - context.s3ExpressIdentity, - signingProperties, - args.request, - await config.signer() - ); - } else { - request = await signer.sign(args.request, identity, signingProperties); - } - const output = await next({ - ...args, - request - }).catch((signer.errorHandler || defaultErrorHandler)(signingProperties)); - (signer.successHandler || defaultSuccessHandler)(output.response, signingProperties); - return output; -}, "s3ExpressHttpSigningMiddleware"); -var getS3ExpressHttpSigningPlugin = /* @__PURE__ */ __name((config) => ({ - applyToStack: /* @__PURE__ */ __name((clientStack) => { - clientStack.addRelativeTo( - s3ExpressHttpSigningMiddleware(config), - import_core2.httpSigningMiddlewareOptions - ); - }, "applyToStack") -}), "getS3ExpressHttpSigningPlugin"); +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); +var __export = (target, all) => { + for (var name in all) + __defProp(target, name, { get: all[name], enumerable: true }); +}; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + } + return to; +}; +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); -// src/s3Configuration.ts -var resolveS3Config = /* @__PURE__ */ __name((input, { - session -}) => { - const [s3ClientProvider, CreateSessionCommandCtor] = session; - const { - forcePathStyle, - useAccelerateEndpoint, - disableMultiregionAccessPoints, - followRegionRedirects, - s3ExpressIdentityProvider, - bucketEndpoint - } = input; - return Object.assign(input, { - forcePathStyle: forcePathStyle ?? false, - useAccelerateEndpoint: useAccelerateEndpoint ?? false, - disableMultiregionAccessPoints: disableMultiregionAccessPoints ?? false, - followRegionRedirects: followRegionRedirects ?? false, - s3ExpressIdentityProvider: s3ExpressIdentityProvider ?? new S3ExpressIdentityProviderImpl( - async (key) => s3ClientProvider().send( - new CreateSessionCommandCtor({ - Bucket: key - }) - ) - ), - bucketEndpoint: bucketEndpoint ?? false - }); -}, "resolveS3Config"); +// src/index.ts +var index_exports = {}; +__export(index_exports, { + XmlNode: () => XmlNode, + XmlText: () => XmlText +}); +module.exports = __toCommonJS(index_exports); -// src/throw-200-exceptions.ts +// src/escape-attribute.ts +function escapeAttribute(value) { + return value.replace(/&/g, "&").replace(//g, ">").replace(/"/g, """); +} +__name(escapeAttribute, "escapeAttribute"); -var import_util_stream = __nccwpck_require__(6607); -var THROW_IF_EMPTY_BODY = { - CopyObjectCommand: true, - UploadPartCopyCommand: true, - CompleteMultipartUploadCommand: true +// src/escape-element.ts +function escapeElement(value) { + return value.replace(/&/g, "&").replace(/"/g, """).replace(/'/g, "'").replace(//g, ">").replace(/\r/g, " ").replace(/\n/g, " ").replace(/\u0085/g, "…").replace(/\u2028/, " "); +} +__name(escapeElement, "escapeElement"); + +// src/XmlText.ts +var XmlText = class { + constructor(value) { + this.value = value; + } + static { + __name(this, "XmlText"); + } + toString() { + return escapeElement("" + this.value); + } }; -var MAX_BYTES_TO_INSPECT = 3e3; -var throw200ExceptionsMiddleware = /* @__PURE__ */ __name((config) => (next, context) => async (args) => { - const result = await next(args); - const { response } = result; - if (!import_protocol_http.HttpResponse.isInstance(response)) { - return result; + +// src/XmlNode.ts +var XmlNode = class _XmlNode { + constructor(name, children = []) { + this.name = name; + this.children = children; } - const { statusCode, body: sourceBody } = response; - if (statusCode < 200 || statusCode >= 300) { - return result; + static { + __name(this, "XmlNode"); } - const isSplittableStream = typeof sourceBody?.stream === "function" || typeof sourceBody?.pipe === "function" || typeof sourceBody?.tee === "function"; - if (!isSplittableStream) { - return result; + attributes = {}; + static of(name, childText, withName) { + const node = new _XmlNode(name); + if (childText !== void 0) { + node.addChildNode(new XmlText(childText)); + } + if (withName !== void 0) { + node.withName(withName); + } + return node; } - let bodyCopy = sourceBody; - let body = sourceBody; - if (sourceBody && typeof sourceBody === "object" && !(sourceBody instanceof Uint8Array)) { - [bodyCopy, body] = await (0, import_util_stream.splitStream)(sourceBody); + withName(name) { + this.name = name; + return this; } - response.body = body; - const bodyBytes = await collectBody(bodyCopy, { - streamCollector: /* @__PURE__ */ __name(async (stream) => { - return (0, import_util_stream.headStream)(stream, MAX_BYTES_TO_INSPECT); - }, "streamCollector") - }); - if (typeof bodyCopy?.destroy === "function") { - bodyCopy.destroy(); + addAttribute(name, value) { + this.attributes[name] = value; + return this; } - const bodyStringTail = config.utf8Encoder(bodyBytes.subarray(bodyBytes.length - 16)); - if (bodyBytes.length === 0 && THROW_IF_EMPTY_BODY[context.commandName]) { - const err = new Error("S3 aborted request"); - err.name = "InternalError"; - throw err; + addChildNode(child) { + this.children.push(child); + return this; } - if (bodyStringTail && bodyStringTail.endsWith("")) { - response.statusCode = 400; + removeAttribute(name) { + delete this.attributes[name]; + return this; } - return result; -}, "throw200ExceptionsMiddleware"); -var collectBody = /* @__PURE__ */ __name((streamBody = new Uint8Array(), context) => { - if (streamBody instanceof Uint8Array) { - return Promise.resolve(streamBody); + /** + * @internal + * Alias of {@link XmlNode#withName(string)} for codegen brevity. + */ + n(name) { + this.name = name; + return this; } - return context.streamCollector(streamBody) || Promise.resolve(new Uint8Array()); -}, "collectBody"); -var throw200ExceptionsMiddlewareOptions = { - relation: "after", - toMiddleware: "deserializerMiddleware", - tags: ["THROW_200_EXCEPTIONS", "S3"], - name: "throw200ExceptionsMiddleware", - override: true -}; -var getThrow200ExceptionsPlugin = /* @__PURE__ */ __name((config) => ({ - applyToStack: /* @__PURE__ */ __name((clientStack) => { - clientStack.addRelativeTo(throw200ExceptionsMiddleware(config), throw200ExceptionsMiddlewareOptions); - }, "applyToStack") -}), "getThrow200ExceptionsPlugin"); - -// src/validate-bucket-name.ts -var import_util_arn_parser = __nccwpck_require__(5487); - -// src/bucket-endpoint-middleware.ts -function bucketEndpointMiddleware(options) { - return (next, context) => async (args) => { - if (options.bucketEndpoint) { - const endpoint = context.endpointV2; - if (endpoint) { - const bucket = args.input.Bucket; - if (typeof bucket === "string") { - try { - const bucketEndpointUrl = new URL(bucket); - context.endpointV2 = { - ...endpoint, - url: bucketEndpointUrl - }; - } catch (e) { - const warning = `@aws-sdk/middleware-sdk-s3: bucketEndpoint=true was set but Bucket=${bucket} could not be parsed as URL.`; - if (context.logger?.constructor?.name === "NoOpLogger") { - console.warn(warning); - } else { - context.logger?.warn?.(warning); - } - throw e; - } - } - } + /** + * @internal + * Alias of {@link XmlNode#addChildNode(string)} for codegen brevity. + */ + c(child) { + this.children.push(child); + return this; + } + /** + * @internal + * Checked version of {@link XmlNode#addAttribute(string)} for codegen brevity. + */ + a(name, value) { + if (value != null) { + this.attributes[name] = value; } - return next(args); - }; -} -__name(bucketEndpointMiddleware, "bucketEndpointMiddleware"); -var bucketEndpointMiddlewareOptions = { - name: "bucketEndpointMiddleware", - override: true, - relation: "after", - toMiddleware: "endpointV2Middleware" -}; - -// src/validate-bucket-name.ts -function validateBucketNameMiddleware({ bucketEndpoint }) { - return (next) => async (args) => { - const { - input: { Bucket } - } = args; - if (!bucketEndpoint && typeof Bucket === "string" && !(0, import_util_arn_parser.validate)(Bucket) && Bucket.indexOf("/") >= 0) { - const err = new Error(`Bucket name shouldn't contain '/', received '${Bucket}'`); - err.name = "InvalidBucketName"; - throw err; + return this; + } + /** + * Create a child node. + * Used in serialization of string fields. + * @internal + */ + cc(input, field, withName = field) { + if (input[field] != null) { + const node = _XmlNode.of(field, input[field]).withName(withName); + this.c(node); } - return next({ ...args }); - }; -} -__name(validateBucketNameMiddleware, "validateBucketNameMiddleware"); -var validateBucketNameMiddlewareOptions = { - step: "initialize", - tags: ["VALIDATE_BUCKET_NAME"], - name: "validateBucketNameMiddleware", - override: true + } + /** + * Creates list child nodes. + * @internal + */ + l(input, listName, memberName, valueProvider) { + if (input[listName] != null) { + const nodes = valueProvider(); + nodes.map((node) => { + node.withName(memberName); + this.c(node); + }); + } + } + /** + * Creates list child nodes with container. + * @internal + */ + lc(input, listName, memberName, valueProvider) { + if (input[listName] != null) { + const nodes = valueProvider(); + const containerNode = new _XmlNode(memberName); + nodes.map((node) => { + containerNode.c(node); + }); + this.c(containerNode); + } + } + toString() { + const hasChildren = Boolean(this.children.length); + let xmlText = `<${this.name}`; + const attributes = this.attributes; + for (const attributeName of Object.keys(attributes)) { + const attribute = attributes[attributeName]; + if (attribute != null) { + xmlText += ` ${attributeName}="${escapeAttribute("" + attribute)}"`; + } + } + return xmlText += !hasChildren ? "/>" : `>${this.children.map((c) => c.toString()).join("")}`; + } }; -var getValidateBucketNamePlugin = /* @__PURE__ */ __name((options) => ({ - applyToStack: /* @__PURE__ */ __name((clientStack) => { - clientStack.add(validateBucketNameMiddleware(options), validateBucketNameMiddlewareOptions); - clientStack.addRelativeTo(bucketEndpointMiddleware(options), bucketEndpointMiddlewareOptions); - }, "applyToStack") -}), "getValidateBucketNamePlugin"); // Annotate the CommonJS export names for ESM import in node: 0 && (0); @@ -48980,13 +57606,13 @@ function extendedEncodeURIComponent(str) { // src/submodules/protocols/HttpBindingProtocol.ts var import_schema2 = __nccwpck_require__(9826); +var import_serde = __nccwpck_require__(7669); var import_protocol_http2 = __nccwpck_require__(4418); +var import_util_stream2 = __nccwpck_require__(6607); // src/submodules/protocols/HttpProtocol.ts var import_schema = __nccwpck_require__(9826); -var import_serde = __nccwpck_require__(7669); var import_protocol_http = __nccwpck_require__(4418); -var import_util_stream2 = __nccwpck_require__(6607); var HttpProtocol = class { constructor(options) { this.options = options; @@ -49061,89 +57687,7 @@ var HttpProtocol = class { }; } async deserializeHttpMessage(schema, context, response, arg4, arg5) { - let dataObject; - if (arg4 instanceof Set) { - dataObject = arg5; - } else { - dataObject = arg4; - } - const deserializer = this.deserializer; - const ns = import_schema.NormalizedSchema.of(schema); - const nonHttpBindingMembers = []; - for (const [memberName, memberSchema] of ns.structIterator()) { - const memberTraits = memberSchema.getMemberTraits(); - if (memberTraits.httpPayload) { - const isStreaming = memberSchema.isStreaming(); - if (isStreaming) { - const isEventStream = memberSchema.isStructSchema(); - if (isEventStream) { - const context2 = this.serdeContext; - if (!context2.eventStreamMarshaller) { - throw new Error("@smithy/core - HttpProtocol: eventStreamMarshaller missing in serdeContext."); - } - const memberSchemas = memberSchema.getMemberSchemas(); - dataObject[memberName] = context2.eventStreamMarshaller.deserialize(response.body, async (event) => { - const unionMember = Object.keys(event).find((key) => { - return key !== "__type"; - }) ?? ""; - if (unionMember in memberSchemas) { - const eventStreamSchema = memberSchemas[unionMember]; - return { - [unionMember]: await deserializer.read(eventStreamSchema, event[unionMember].body) - }; - } else { - return { - $unknown: event - }; - } - }); - } else { - dataObject[memberName] = (0, import_util_stream2.sdkStreamMixin)(response.body); - } - } else if (response.body) { - const bytes = await collectBody(response.body, context); - if (bytes.byteLength > 0) { - dataObject[memberName] = await deserializer.read(memberSchema, bytes); - } - } - } else if (memberTraits.httpHeader) { - const key = String(memberTraits.httpHeader).toLowerCase(); - const value = response.headers[key]; - if (null != value) { - if (memberSchema.isListSchema()) { - const headerListValueSchema = memberSchema.getValueSchema(); - let sections; - if (headerListValueSchema.isTimestampSchema() && headerListValueSchema.getSchema() === import_schema.SCHEMA.TIMESTAMP_DEFAULT) { - sections = (0, import_serde.splitEvery)(value, ",", 2); - } else { - sections = (0, import_serde.splitHeader)(value); - } - const list = []; - for (const section of sections) { - list.push(await deserializer.read([headerListValueSchema, { httpHeader: key }], section.trim())); - } - dataObject[memberName] = list; - } else { - dataObject[memberName] = await deserializer.read(memberSchema, value); - } - } - } else if (memberTraits.httpPrefixHeaders !== void 0) { - dataObject[memberName] = {}; - for (const [header, value] of Object.entries(response.headers)) { - if (header.startsWith(memberTraits.httpPrefixHeaders)) { - dataObject[memberName][header.slice(memberTraits.httpPrefixHeaders.length)] = await deserializer.read( - [memberSchema.getValueSchema(), { httpHeader: header }], - value - ); - } - } - } else if (memberTraits.httpResponseCode) { - dataObject[memberName] = response.statusCode; - } else { - nonHttpBindingMembers.push(memberName); - } - } - return nonHttpBindingMembers; + return []; } }; @@ -49319,6 +57863,91 @@ var HttpBindingProtocol = class extends HttpProtocol { }; return output; } + async deserializeHttpMessage(schema, context, response, arg4, arg5) { + let dataObject; + if (arg4 instanceof Set) { + dataObject = arg5; + } else { + dataObject = arg4; + } + const deserializer = this.deserializer; + const ns = import_schema2.NormalizedSchema.of(schema); + const nonHttpBindingMembers = []; + for (const [memberName, memberSchema] of ns.structIterator()) { + const memberTraits = memberSchema.getMemberTraits(); + if (memberTraits.httpPayload) { + const isStreaming = memberSchema.isStreaming(); + if (isStreaming) { + const isEventStream = memberSchema.isStructSchema(); + if (isEventStream) { + const context2 = this.serdeContext; + if (!context2.eventStreamMarshaller) { + throw new Error("@smithy/core - HttpProtocol: eventStreamMarshaller missing in serdeContext."); + } + const memberSchemas = memberSchema.getMemberSchemas(); + dataObject[memberName] = context2.eventStreamMarshaller.deserialize(response.body, async (event) => { + const unionMember = Object.keys(event).find((key) => { + return key !== "__type"; + }) ?? ""; + if (unionMember in memberSchemas) { + const eventStreamSchema = memberSchemas[unionMember]; + return { + [unionMember]: await deserializer.read(eventStreamSchema, event[unionMember].body) + }; + } else { + return { + $unknown: event + }; + } + }); + } else { + dataObject[memberName] = (0, import_util_stream2.sdkStreamMixin)(response.body); + } + } else if (response.body) { + const bytes = await collectBody(response.body, context); + if (bytes.byteLength > 0) { + dataObject[memberName] = await deserializer.read(memberSchema, bytes); + } + } + } else if (memberTraits.httpHeader) { + const key = String(memberTraits.httpHeader).toLowerCase(); + const value = response.headers[key]; + if (null != value) { + if (memberSchema.isListSchema()) { + const headerListValueSchema = memberSchema.getValueSchema(); + let sections; + if (headerListValueSchema.isTimestampSchema() && headerListValueSchema.getSchema() === import_schema2.SCHEMA.TIMESTAMP_DEFAULT) { + sections = (0, import_serde.splitEvery)(value, ",", 2); + } else { + sections = (0, import_serde.splitHeader)(value); + } + const list = []; + for (const section of sections) { + list.push(await deserializer.read([headerListValueSchema, { httpHeader: key }], section.trim())); + } + dataObject[memberName] = list; + } else { + dataObject[memberName] = await deserializer.read(memberSchema, value); + } + } + } else if (memberTraits.httpPrefixHeaders !== void 0) { + dataObject[memberName] = {}; + for (const [header, value] of Object.entries(response.headers)) { + if (header.startsWith(memberTraits.httpPrefixHeaders)) { + dataObject[memberName][header.slice(memberTraits.httpPrefixHeaders.length)] = await deserializer.read( + [memberSchema.getValueSchema(), { httpHeader: header }], + value + ); + } + } + } else if (memberTraits.httpResponseCode) { + dataObject[memberName] = response.statusCode; + } else { + nonHttpBindingMembers.push(memberName); + } + } + return nonHttpBindingMembers; + } }; // src/submodules/protocols/RpcProtocol.ts @@ -50406,6 +59035,18 @@ var NormalizedSchema = class _NormalizedSchema { } return this.getSchema() === SCHEMA.STREAMING_BLOB; } + /** + * This is a shortcut to avoid calling `getMergedTraits().idempotencyToken` on every string. + * @returns whether the schema has the idempotencyToken trait. + */ + isIdempotencyToken() { + if (typeof this.traits === "number") { + return (this.traits & 4) === 4; + } else if (typeof this.traits === "object") { + return !!this.traits.idempotencyToken; + } + return false; + } /** * @returns own traits merged with member traits, where member traits of the same trait key take priority. * This method is cached. @@ -50617,6 +59258,7 @@ __export(serde_exports, { expectShort: () => expectShort, expectString: () => expectString, expectUnion: () => expectUnion, + generateIdempotencyToken: () => import_uuid.v4, handleFloat: () => handleFloat, limitedParseDouble: () => limitedParseDouble, limitedParseFloat: () => limitedParseFloat, @@ -50643,57 +59285,7 @@ __export(serde_exports, { module.exports = __toCommonJS(serde_exports); // src/submodules/serde/copyDocumentWithTransform.ts -var import_schema = __nccwpck_require__(9826); -var copyDocumentWithTransform = (source, schemaRef, transform = (_) => _) => { - const ns = import_schema.NormalizedSchema.of(schemaRef); - switch (typeof source) { - case "undefined": - case "boolean": - case "number": - case "string": - case "bigint": - case "symbol": - return transform(source, ns); - case "function": - case "object": - if (source === null) { - return transform(null, ns); - } - if (Array.isArray(source)) { - const newArray = new Array(source.length); - let i = 0; - for (const item of source) { - newArray[i++] = copyDocumentWithTransform(item, ns.getValueSchema(), transform); - } - return transform(newArray, ns); - } - if ("byteLength" in source) { - const newBytes = new Uint8Array(source.byteLength); - newBytes.set(source, 0); - return transform(newBytes, ns); - } - if (source instanceof Date) { - return transform(source, ns); - } - const newObject = {}; - if (ns.isMapSchema()) { - for (const key of Object.keys(source)) { - newObject[key] = copyDocumentWithTransform(source[key], ns.getValueSchema(), transform); - } - } else if (ns.isStructSchema()) { - for (const [key, memberSchema] of ns.structIterator()) { - newObject[key] = copyDocumentWithTransform(source[key], memberSchema, transform); - } - } else if (ns.isDocumentSchema()) { - for (const key of Object.keys(source)) { - newObject[key] = copyDocumentWithTransform(source[key], ns.getValueSchema(), transform); - } - } - return transform(newObject, ns); - default: - return transform(source, ns); - } -}; +var copyDocumentWithTransform = (source, schemaRef, transform = (_) => _) => source; // src/submodules/serde/parse-utils.ts var parseBoolean = (value) => { @@ -51148,6 +59740,9 @@ var stripLeadingZeroes = (value) => { return value.slice(idx); }; +// src/submodules/serde/generateIdempotencyToken.ts +var import_uuid = __nccwpck_require__(5840); + // src/submodules/serde/lazy-json.ts var LazyJsonString = function LazyJsonString2(val) { const str = Object.assign(new String(val), { @@ -51249,7 +59844,7 @@ var splitHeader = (value) => { }; // src/submodules/serde/value/NumericValue.ts -var NumericValue = class { +var NumericValue = class _NumericValue { constructor(string, type) { this.string = string; this.type = type; @@ -51276,15 +59871,19 @@ var NumericValue = class { toString() { return this.string; } - [Symbol.hasInstance](object) { + static [Symbol.hasInstance](object) { if (!object || typeof object !== "object") { return false; } const _nv = object; + const prototypeMatch = _NumericValue.prototype.isPrototypeOf(object.constructor?.prototype); + if (prototypeMatch) { + return prototypeMatch; + } if (typeof _nv.string === "string" && typeof _nv.type === "string" && _nv.constructor?.name === "NumericValue") { return true; } - return false; + return prototypeMatch; } }; function nv(input) { @@ -53283,6 +61882,7 @@ var getEndpointFromInstructions = /* @__PURE__ */ __name(async (commandInput, in } if (endpointFromConfig) { clientConfig.endpoint = () => Promise.resolve(toEndpointV1(endpointFromConfig)); + clientConfig.isCustomEndpoint = true; } } const endpointParams = await resolveParams(commandInput, instructionsSupplier, clientConfig); @@ -60248,15 +68848,24 @@ var validateWaiterOptions = /* @__PURE__ */ __name((options) => { }, "validateWaiterOptions"); // src/createWaiter.ts -var abortTimeout = /* @__PURE__ */ __name(async (abortSignal) => { - return new Promise((resolve) => { - const onAbort = /* @__PURE__ */ __name(() => resolve({ state: "ABORTED" /* ABORTED */ }), "onAbort"); +var abortTimeout = /* @__PURE__ */ __name((abortSignal) => { + let onAbort; + const promise = new Promise((resolve) => { + onAbort = /* @__PURE__ */ __name(() => resolve({ state: "ABORTED" /* ABORTED */ }), "onAbort"); if (typeof abortSignal.addEventListener === "function") { abortSignal.addEventListener("abort", onAbort); } else { abortSignal.onabort = onAbort; } }); + return { + clearListener() { + if (typeof abortSignal.removeEventListener === "function") { + abortSignal.removeEventListener("abort", onAbort); + } + }, + aborted: promise + }; }, "abortTimeout"); var createWaiter = /* @__PURE__ */ __name(async (options, input, acceptorChecks) => { const params = { @@ -60265,13 +68874,23 @@ var createWaiter = /* @__PURE__ */ __name(async (options, input, acceptorChecks) }; validateWaiterOptions(params); const exitConditions = [runPolling(params, input, acceptorChecks)]; - if (options.abortController) { - exitConditions.push(abortTimeout(options.abortController.signal)); - } + const finalize = []; if (options.abortSignal) { - exitConditions.push(abortTimeout(options.abortSignal)); + const { aborted, clearListener } = abortTimeout(options.abortSignal); + finalize.push(clearListener); + exitConditions.push(aborted); } - return Promise.race(exitConditions); + if (options.abortController?.signal) { + const { aborted, clearListener } = abortTimeout(options.abortController.signal); + finalize.push(clearListener); + exitConditions.push(aborted); + } + return Promise.race(exitConditions).then((result) => { + for (const fn of finalize) { + fn(); + } + return result; + }); }, "createWaiter"); // Annotate the CommonJS export names for ESM import in node: @@ -91504,6 +100123,13 @@ function parseParams (str) { module.exports = parseParams +/***/ }), + +/***/ 2689: +/***/ ((module) => { + +(()=>{"use strict";var t={d:(e,n)=>{for(var i in n)t.o(n,i)&&!t.o(e,i)&&Object.defineProperty(e,i,{enumerable:!0,get:n[i]})},o:(t,e)=>Object.prototype.hasOwnProperty.call(t,e),r:t=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})}},e={};t.r(e),t.d(e,{XMLBuilder:()=>ft,XMLParser:()=>st,XMLValidator:()=>mt});const n=":A-Za-z_\\u00C0-\\u00D6\\u00D8-\\u00F6\\u00F8-\\u02FF\\u0370-\\u037D\\u037F-\\u1FFF\\u200C-\\u200D\\u2070-\\u218F\\u2C00-\\u2FEF\\u3001-\\uD7FF\\uF900-\\uFDCF\\uFDF0-\\uFFFD",i=new RegExp("^["+n+"]["+n+"\\-.\\d\\u00B7\\u0300-\\u036F\\u203F-\\u2040]*$");function s(t,e){const n=[];let i=e.exec(t);for(;i;){const s=[];s.startIndex=e.lastIndex-i[0].length;const r=i.length;for(let t=0;t