reconstruct and build @anthropic-ai/claude-code source from source map

- Extract 4756 source files from cli.js.map (57MB)
- Set up Bun build system with bun:bundle feature flag shim
- Configure 90+ compile-time feature flags matching production defaults
- Inject MACRO constants (VERSION, BUILD_TIME, etc.)
- Create stubs for private packages (color-diff-napi, modifiers-napi, etc.)
- Install all public dependencies via pnpm
- Patch commander v14 to allow multi-char short flags (-d2e)
- Build output: dist/cli.js (22MB), verified working
This commit is contained in:
janlaywss
2026-03-31 19:19:50 +08:00
commit 6187147b74
37865 changed files with 5438634 additions and 0 deletions

View File

@@ -0,0 +1 @@
../../../@aws-crypto+sha256-browser@5.2.0/node_modules/@aws-crypto/sha256-browser

View File

@@ -0,0 +1 @@
../../../@aws-crypto+sha256-js@5.2.0/node_modules/@aws-crypto/sha256-js

View File

@@ -0,0 +1,201 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright 2018-2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

View File

@@ -0,0 +1,261 @@
<!-- generated file, do not edit directly -->
# @aws-sdk/client-sts
## Description
AWS SDK for JavaScript STS Client for Node.js, Browser and React Native.
<fullname>Security Token Service</fullname>
<p>Security Token Service (STS) enables you to request temporary, limited-privilege
credentials for users. This guide provides descriptions of the STS API. For
more information about using this service, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html">Temporary Security Credentials</a>.</p>
## Installing
To install this package, use the CLI of your favorite package manager:
- `npm install @aws-sdk/client-sts`
- `yarn add @aws-sdk/client-sts`
- `pnpm add @aws-sdk/client-sts`
## Getting Started
### Import
The AWS SDK is modulized by clients and commands.
To send a request, you only need to import the `STSClient` and
the commands you need, for example `GetCallerIdentityCommand`:
```js
// ES5 example
const { STSClient, GetCallerIdentityCommand } = require("@aws-sdk/client-sts");
```
```ts
// ES6+ example
import { STSClient, GetCallerIdentityCommand } from "@aws-sdk/client-sts";
```
### Usage
To send a request:
- Instantiate a client with configuration (e.g. credentials, region).
- See [docs/CLIENTS](https://github.com/aws/aws-sdk-js-v3/blob/main/supplemental-docs/CLIENTS.md) for configuration details.
- See [@aws-sdk/config](https://github.com/aws/aws-sdk-js-v3/blob/main/packages/config/README.md) for additional options.
- Instantiate a command with input parameters.
- Call the `send` operation on the client, providing the command object as input.
```js
const client = new STSClient({ region: "REGION" });
const params = { /** input parameters */ };
const command = new GetCallerIdentityCommand(params);
```
#### Async/await
We recommend using the [await](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/await)
operator to wait for the promise returned by send operation as follows:
```js
// async/await.
try {
const data = await client.send(command);
// process data.
} catch (error) {
// error handling.
} finally {
// finally.
}
```
#### Promises
You can also use [Promise chaining](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Using_promises#chaining).
```js
client
.send(command)
.then((data) => {
// process data.
})
.catch((error) => {
// error handling.
})
.finally(() => {
// finally.
});
```
#### Aggregated client
The aggregated client class is exported from the same package, but without the "Client" suffix.
`STS` extends `STSClient` and additionally supports all operations, waiters, and paginators as methods.
This style may be familiar to you from the AWS SDK for JavaScript v2.
If you are bundling the AWS SDK, we recommend using only the bare-bones client (`STSClient`).
More details are in the blog post on
[modular packages in AWS SDK for JavaScript](https://aws.amazon.com/blogs/developer/modular-packages-in-aws-sdk-for-javascript/).
```ts
import { STS } from "@aws-sdk/client-sts";
const client = new STS({ region: "REGION" });
// async/await.
try {
const data = await client.getCallerIdentity(params);
// process data.
} catch (error) {
// error handling.
}
// Promises.
client
.getCallerIdentity(params)
.then((data) => {
// process data.
})
.catch((error) => {
// error handling.
});
// callbacks (not recommended).
client.getCallerIdentity(params, (err, data) => {
// process err and data.
});
```
### Troubleshooting
When the service returns an exception, the error will include the exception information,
as well as response metadata (e.g. request id).
```js
try {
const data = await client.send(command);
// process data.
} catch (error) {
const { requestId, cfId, extendedRequestId } = error.$metadata;
console.log({ requestId, cfId, extendedRequestId });
/**
* The keys within exceptions are also parsed.
* You can access them by specifying exception names:
* if (error.name === 'SomeServiceException') {
* const value = error.specialKeyInException;
* }
*/
}
```
See also [docs/ERROR_HANDLING](https://github.com/aws/aws-sdk-js-v3/blob/main/supplemental-docs/ERROR_HANDLING.md).
## Getting Help
Please use these community resources for getting help.
We use GitHub issues for tracking bugs and feature requests, but have limited bandwidth to address them.
- Visit the [Developer Guide](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/welcome.html)
or [API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/index.html).
- Check out the blog posts tagged with [`aws-sdk-js`](https://aws.amazon.com/blogs/developer/tag/aws-sdk-js/)
on AWS Developer Blog.
- Ask a question on [StackOverflow](https://stackoverflow.com/questions/tagged/aws-sdk-js) and tag it with `aws-sdk-js`.
- Join the AWS JavaScript community on [gitter](https://gitter.im/aws/aws-sdk-js-v3).
- If it turns out that you may have found a bug, please [open an issue](https://github.com/aws/aws-sdk-js-v3/issues/new/choose).
To test your universal JavaScript code in Node.js, browser and react-native environments,
visit our [code samples repo](https://github.com/aws-samples/aws-sdk-js-tests).
## Contributing
This client code is generated automatically. Any modifications will be overwritten the next time the `@aws-sdk/client-sts` package is updated.
To contribute to client you can check our [generate clients scripts](https://github.com/aws/aws-sdk-js-v3/tree/main/scripts/generate-clients).
## License
This SDK is distributed under the
[Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0),
see LICENSE for more information.
## Client Commands (Operations List)
<details>
<summary>
AssumeRole
</summary>
[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/sts/command/AssumeRoleCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-sts/Interface/AssumeRoleCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-sts/Interface/AssumeRoleCommandOutput/)
</details>
<details>
<summary>
AssumeRoleWithSAML
</summary>
[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/sts/command/AssumeRoleWithSAMLCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-sts/Interface/AssumeRoleWithSAMLCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-sts/Interface/AssumeRoleWithSAMLCommandOutput/)
</details>
<details>
<summary>
AssumeRoleWithWebIdentity
</summary>
[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/sts/command/AssumeRoleWithWebIdentityCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-sts/Interface/AssumeRoleWithWebIdentityCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-sts/Interface/AssumeRoleWithWebIdentityCommandOutput/)
</details>
<details>
<summary>
AssumeRoot
</summary>
[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/sts/command/AssumeRootCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-sts/Interface/AssumeRootCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-sts/Interface/AssumeRootCommandOutput/)
</details>
<details>
<summary>
DecodeAuthorizationMessage
</summary>
[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/sts/command/DecodeAuthorizationMessageCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-sts/Interface/DecodeAuthorizationMessageCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-sts/Interface/DecodeAuthorizationMessageCommandOutput/)
</details>
<details>
<summary>
GetAccessKeyInfo
</summary>
[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/sts/command/GetAccessKeyInfoCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-sts/Interface/GetAccessKeyInfoCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-sts/Interface/GetAccessKeyInfoCommandOutput/)
</details>
<details>
<summary>
GetCallerIdentity
</summary>
[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/sts/command/GetCallerIdentityCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-sts/Interface/GetCallerIdentityCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-sts/Interface/GetCallerIdentityCommandOutput/)
</details>
<details>
<summary>
GetDelegatedAccessToken
</summary>
[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/sts/command/GetDelegatedAccessTokenCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-sts/Interface/GetDelegatedAccessTokenCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-sts/Interface/GetDelegatedAccessTokenCommandOutput/)
</details>
<details>
<summary>
GetFederationToken
</summary>
[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/sts/command/GetFederationTokenCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-sts/Interface/GetFederationTokenCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-sts/Interface/GetFederationTokenCommandOutput/)
</details>
<details>
<summary>
GetSessionToken
</summary>
[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/sts/command/GetSessionTokenCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-sts/Interface/GetSessionTokenCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-sts/Interface/GetSessionTokenCommandOutput/)
</details>
<details>
<summary>
GetWebIdentityToken
</summary>
[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/sts/command/GetWebIdentityTokenCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-sts/Interface/GetWebIdentityTokenCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-sts/Interface/GetWebIdentityTokenCommandOutput/)
</details>

View File

@@ -0,0 +1,54 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.STSClient = exports.__Client = void 0;
const middleware_host_header_1 = require("@aws-sdk/middleware-host-header");
const middleware_logger_1 = require("@aws-sdk/middleware-logger");
const middleware_recursion_detection_1 = require("@aws-sdk/middleware-recursion-detection");
const middleware_user_agent_1 = require("@aws-sdk/middleware-user-agent");
const config_resolver_1 = require("@smithy/config-resolver");
const core_1 = require("@smithy/core");
const schema_1 = require("@smithy/core/schema");
const middleware_content_length_1 = require("@smithy/middleware-content-length");
const middleware_endpoint_1 = require("@smithy/middleware-endpoint");
const middleware_retry_1 = require("@smithy/middleware-retry");
const smithy_client_1 = require("@smithy/smithy-client");
Object.defineProperty(exports, "__Client", { enumerable: true, get: function () { return smithy_client_1.Client; } });
const httpAuthSchemeProvider_1 = require("./auth/httpAuthSchemeProvider");
const EndpointParameters_1 = require("./endpoint/EndpointParameters");
const runtimeConfig_1 = require("./runtimeConfig");
const runtimeExtensions_1 = require("./runtimeExtensions");
class STSClient extends smithy_client_1.Client {
config;
constructor(...[configuration]) {
const _config_0 = (0, runtimeConfig_1.getRuntimeConfig)(configuration || {});
super(_config_0);
this.initConfig = _config_0;
const _config_1 = (0, EndpointParameters_1.resolveClientEndpointParameters)(_config_0);
const _config_2 = (0, middleware_user_agent_1.resolveUserAgentConfig)(_config_1);
const _config_3 = (0, middleware_retry_1.resolveRetryConfig)(_config_2);
const _config_4 = (0, config_resolver_1.resolveRegionConfig)(_config_3);
const _config_5 = (0, middleware_host_header_1.resolveHostHeaderConfig)(_config_4);
const _config_6 = (0, middleware_endpoint_1.resolveEndpointConfig)(_config_5);
const _config_7 = (0, httpAuthSchemeProvider_1.resolveHttpAuthSchemeConfig)(_config_6);
const _config_8 = (0, runtimeExtensions_1.resolveRuntimeExtensions)(_config_7, configuration?.extensions || []);
this.config = _config_8;
this.middlewareStack.use((0, schema_1.getSchemaSerdePlugin)(this.config));
this.middlewareStack.use((0, middleware_user_agent_1.getUserAgentPlugin)(this.config));
this.middlewareStack.use((0, middleware_retry_1.getRetryPlugin)(this.config));
this.middlewareStack.use((0, middleware_content_length_1.getContentLengthPlugin)(this.config));
this.middlewareStack.use((0, middleware_host_header_1.getHostHeaderPlugin)(this.config));
this.middlewareStack.use((0, middleware_logger_1.getLoggerPlugin)(this.config));
this.middlewareStack.use((0, middleware_recursion_detection_1.getRecursionDetectionPlugin)(this.config));
this.middlewareStack.use((0, core_1.getHttpAuthSchemeEndpointRuleSetPlugin)(this.config, {
httpAuthSchemeParametersProvider: httpAuthSchemeProvider_1.defaultSTSHttpAuthSchemeParametersProvider,
identityProviderConfigProvider: async (config) => new core_1.DefaultIdentityProviderConfig({
"aws.auth#sigv4": config.credentials,
}),
}));
this.middlewareStack.use((0, core_1.getHttpSigningPlugin)(this.config));
}
destroy() {
super.destroy();
}
}
exports.STSClient = STSClient;

View File

@@ -0,0 +1,43 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.resolveHttpAuthRuntimeConfig = exports.getHttpAuthExtensionConfiguration = void 0;
const getHttpAuthExtensionConfiguration = (runtimeConfig) => {
const _httpAuthSchemes = runtimeConfig.httpAuthSchemes;
let _httpAuthSchemeProvider = runtimeConfig.httpAuthSchemeProvider;
let _credentials = runtimeConfig.credentials;
return {
setHttpAuthScheme(httpAuthScheme) {
const index = _httpAuthSchemes.findIndex((scheme) => scheme.schemeId === httpAuthScheme.schemeId);
if (index === -1) {
_httpAuthSchemes.push(httpAuthScheme);
}
else {
_httpAuthSchemes.splice(index, 1, httpAuthScheme);
}
},
httpAuthSchemes() {
return _httpAuthSchemes;
},
setHttpAuthSchemeProvider(httpAuthSchemeProvider) {
_httpAuthSchemeProvider = httpAuthSchemeProvider;
},
httpAuthSchemeProvider() {
return _httpAuthSchemeProvider;
},
setCredentials(credentials) {
_credentials = credentials;
},
credentials() {
return _credentials;
},
};
};
exports.getHttpAuthExtensionConfiguration = getHttpAuthExtensionConfiguration;
const resolveHttpAuthRuntimeConfig = (config) => {
return {
httpAuthSchemes: config.httpAuthSchemes(),
httpAuthSchemeProvider: config.httpAuthSchemeProvider(),
credentials: config.credentials(),
};
};
exports.resolveHttpAuthRuntimeConfig = resolveHttpAuthRuntimeConfig;

View File

@@ -0,0 +1,69 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.resolveHttpAuthSchemeConfig = exports.resolveStsAuthConfig = exports.defaultSTSHttpAuthSchemeProvider = exports.defaultSTSHttpAuthSchemeParametersProvider = void 0;
const httpAuthSchemes_1 = require("@aws-sdk/core/httpAuthSchemes");
const util_middleware_1 = require("@smithy/util-middleware");
const STSClient_1 = require("../STSClient");
const defaultSTSHttpAuthSchemeParametersProvider = async (config, context, input) => {
return {
operation: (0, util_middleware_1.getSmithyContext)(context).operation,
region: await (0, util_middleware_1.normalizeProvider)(config.region)() || (() => {
throw new Error("expected `region` to be configured for `aws.auth#sigv4`");
})(),
};
};
exports.defaultSTSHttpAuthSchemeParametersProvider = defaultSTSHttpAuthSchemeParametersProvider;
function createAwsAuthSigv4HttpAuthOption(authParameters) {
return {
schemeId: "aws.auth#sigv4",
signingProperties: {
name: "sts",
region: authParameters.region,
},
propertiesExtractor: (config, context) => ({
signingProperties: {
config,
context,
},
}),
};
}
function createSmithyApiNoAuthHttpAuthOption(authParameters) {
return {
schemeId: "smithy.api#noAuth",
};
}
const defaultSTSHttpAuthSchemeProvider = (authParameters) => {
const options = [];
switch (authParameters.operation) {
case "AssumeRoleWithSAML":
{
options.push(createSmithyApiNoAuthHttpAuthOption(authParameters));
break;
}
;
case "AssumeRoleWithWebIdentity":
{
options.push(createSmithyApiNoAuthHttpAuthOption(authParameters));
break;
}
;
default: {
options.push(createAwsAuthSigv4HttpAuthOption(authParameters));
}
}
return options;
};
exports.defaultSTSHttpAuthSchemeProvider = defaultSTSHttpAuthSchemeProvider;
const resolveStsAuthConfig = (input) => Object.assign(input, {
stsClientCtor: STSClient_1.STSClient,
});
exports.resolveStsAuthConfig = resolveStsAuthConfig;
const resolveHttpAuthSchemeConfig = (config) => {
const config_0 = (0, exports.resolveStsAuthConfig)(config);
const config_1 = (0, httpAuthSchemes_1.resolveAwsSdkSigV4Config)(config_0);
return Object.assign(config_1, {
authSchemePreference: (0, util_middleware_1.normalizeProvider)(config.authSchemePreference ?? []),
});
};
exports.resolveHttpAuthSchemeConfig = resolveHttpAuthSchemeConfig;

View File

@@ -0,0 +1,19 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.commonParams = exports.resolveClientEndpointParameters = void 0;
const resolveClientEndpointParameters = (options) => {
return Object.assign(options, {
useDualstackEndpoint: options.useDualstackEndpoint ?? false,
useFipsEndpoint: options.useFipsEndpoint ?? false,
useGlobalEndpoint: options.useGlobalEndpoint ?? false,
defaultSigningName: "sts",
});
};
exports.resolveClientEndpointParameters = resolveClientEndpointParameters;
exports.commonParams = {
UseGlobalEndpoint: { type: "builtInParams", name: "useGlobalEndpoint" },
UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" },
Endpoint: { type: "builtInParams", name: "endpoint" },
Region: { type: "builtInParams", name: "region" },
UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" },
};

View File

@@ -0,0 +1,18 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.defaultEndpointResolver = void 0;
const util_endpoints_1 = require("@aws-sdk/util-endpoints");
const util_endpoints_2 = require("@smithy/util-endpoints");
const ruleset_1 = require("./ruleset");
const cache = new util_endpoints_2.EndpointCache({
size: 50,
params: ["Endpoint", "Region", "UseDualStack", "UseFIPS", "UseGlobalEndpoint"],
});
const defaultEndpointResolver = (endpointParams, context = {}) => {
return cache.get(endpointParams, () => (0, util_endpoints_2.resolveEndpoint)(ruleset_1.ruleSet, {
endpointParams: endpointParams,
logger: context.logger,
}));
};
exports.defaultEndpointResolver = defaultEndpointResolver;
util_endpoints_2.customEndpointFunctions.aws = util_endpoints_1.awsEndpointFunctions;

View File

@@ -0,0 +1,7 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.ruleSet = void 0;
const F = "required", G = "type", H = "fn", I = "argv", J = "ref";
const a = false, b = true, c = "booleanEquals", d = "stringEquals", e = "sigv4", f = "sts", g = "us-east-1", h = "endpoint", i = "https://sts.{Region}.{PartitionResult#dnsSuffix}", j = "tree", k = "error", l = "getAttr", m = { [F]: false, [G]: "string" }, n = { [F]: true, "default": false, [G]: "boolean" }, o = { [J]: "Endpoint" }, p = { [H]: "isSet", [I]: [{ [J]: "Region" }] }, q = { [J]: "Region" }, r = { [H]: "aws.partition", [I]: [q], "assign": "PartitionResult" }, s = { [J]: "UseFIPS" }, t = { [J]: "UseDualStack" }, u = { "url": "https://sts.amazonaws.com", "properties": { "authSchemes": [{ "name": e, "signingName": f, "signingRegion": g }] }, "headers": {} }, v = {}, w = { "conditions": [{ [H]: d, [I]: [q, "aws-global"] }], [h]: u, [G]: h }, x = { [H]: c, [I]: [s, true] }, y = { [H]: c, [I]: [t, true] }, z = { [H]: l, [I]: [{ [J]: "PartitionResult" }, "supportsFIPS"] }, A = { [J]: "PartitionResult" }, B = { [H]: c, [I]: [true, { [H]: l, [I]: [A, "supportsDualStack"] }] }, C = [{ [H]: "isSet", [I]: [o] }], D = [x], E = [y];
const _data = { version: "1.0", parameters: { Region: m, UseDualStack: n, UseFIPS: n, Endpoint: m, UseGlobalEndpoint: n }, rules: [{ conditions: [{ [H]: c, [I]: [{ [J]: "UseGlobalEndpoint" }, b] }, { [H]: "not", [I]: C }, p, r, { [H]: c, [I]: [s, a] }, { [H]: c, [I]: [t, a] }], rules: [{ conditions: [{ [H]: d, [I]: [q, "ap-northeast-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "ap-south-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "ap-southeast-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "ap-southeast-2"] }], endpoint: u, [G]: h }, w, { conditions: [{ [H]: d, [I]: [q, "ca-central-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-central-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-north-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-west-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-west-2"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-west-3"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "sa-east-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, g] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "us-east-2"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "us-west-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "us-west-2"] }], endpoint: u, [G]: h }, { endpoint: { url: i, properties: { authSchemes: [{ name: e, signingName: f, signingRegion: "{Region}" }] }, headers: v }, [G]: h }], [G]: j }, { conditions: C, rules: [{ conditions: D, error: "Invalid Configuration: FIPS and custom endpoint are not supported", [G]: k }, { conditions: E, error: "Invalid Configuration: Dualstack and custom endpoint are not supported", [G]: k }, { endpoint: { url: o, properties: v, headers: v }, [G]: h }], [G]: j }, { conditions: [p], rules: [{ conditions: [r], rules: [{ conditions: [x, y], rules: [{ conditions: [{ [H]: c, [I]: [b, z] }, B], rules: [{ endpoint: { url: "https://sts-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: v, headers: v }, [G]: h }], [G]: j }, { error: "FIPS and DualStack are enabled, but this partition does not support one or both", [G]: k }], [G]: j }, { conditions: D, rules: [{ conditions: [{ [H]: c, [I]: [z, b] }], rules: [{ conditions: [{ [H]: d, [I]: [{ [H]: l, [I]: [A, "name"] }, "aws-us-gov"] }], endpoint: { url: "https://sts.{Region}.amazonaws.com", properties: v, headers: v }, [G]: h }, { endpoint: { url: "https://sts-fips.{Region}.{PartitionResult#dnsSuffix}", properties: v, headers: v }, [G]: h }], [G]: j }, { error: "FIPS is enabled but this partition does not support FIPS", [G]: k }], [G]: j }, { conditions: E, rules: [{ conditions: [B], rules: [{ endpoint: { url: "https://sts.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: v, headers: v }, [G]: h }], [G]: j }, { error: "DualStack is enabled but this partition does not support DualStack", [G]: k }], [G]: j }, w, { endpoint: { url: i, properties: v, headers: v }, [G]: h }], [G]: j }], [G]: j }, { error: "Invalid Configuration: Missing Region", [G]: k }] };
exports.ruleSet = _data;

View File

@@ -0,0 +1,328 @@
'use strict';
var STSClient = require('./STSClient');
var smithyClient = require('@smithy/smithy-client');
var middlewareEndpoint = require('@smithy/middleware-endpoint');
var EndpointParameters = require('./endpoint/EndpointParameters');
var schemas_0 = require('./schemas/schemas_0');
var errors = require('./models/errors');
var client = require('@aws-sdk/core/client');
var regionConfigResolver = require('@aws-sdk/region-config-resolver');
var STSServiceException = require('./models/STSServiceException');
class AssumeRoleCommand extends smithyClient.Command
.classBuilder()
.ep(EndpointParameters.commonParams)
.m(function (Command, cs, config, o) {
return [middlewareEndpoint.getEndpointPlugin(config, Command.getEndpointParameterInstructions())];
})
.s("AWSSecurityTokenServiceV20110615", "AssumeRole", {})
.n("STSClient", "AssumeRoleCommand")
.sc(schemas_0.AssumeRole$)
.build() {
}
class AssumeRoleWithSAMLCommand extends smithyClient.Command
.classBuilder()
.ep(EndpointParameters.commonParams)
.m(function (Command, cs, config, o) {
return [middlewareEndpoint.getEndpointPlugin(config, Command.getEndpointParameterInstructions())];
})
.s("AWSSecurityTokenServiceV20110615", "AssumeRoleWithSAML", {})
.n("STSClient", "AssumeRoleWithSAMLCommand")
.sc(schemas_0.AssumeRoleWithSAML$)
.build() {
}
class AssumeRoleWithWebIdentityCommand extends smithyClient.Command
.classBuilder()
.ep(EndpointParameters.commonParams)
.m(function (Command, cs, config, o) {
return [middlewareEndpoint.getEndpointPlugin(config, Command.getEndpointParameterInstructions())];
})
.s("AWSSecurityTokenServiceV20110615", "AssumeRoleWithWebIdentity", {})
.n("STSClient", "AssumeRoleWithWebIdentityCommand")
.sc(schemas_0.AssumeRoleWithWebIdentity$)
.build() {
}
class AssumeRootCommand extends smithyClient.Command
.classBuilder()
.ep(EndpointParameters.commonParams)
.m(function (Command, cs, config, o) {
return [middlewareEndpoint.getEndpointPlugin(config, Command.getEndpointParameterInstructions())];
})
.s("AWSSecurityTokenServiceV20110615", "AssumeRoot", {})
.n("STSClient", "AssumeRootCommand")
.sc(schemas_0.AssumeRoot$)
.build() {
}
class DecodeAuthorizationMessageCommand extends smithyClient.Command
.classBuilder()
.ep(EndpointParameters.commonParams)
.m(function (Command, cs, config, o) {
return [middlewareEndpoint.getEndpointPlugin(config, Command.getEndpointParameterInstructions())];
})
.s("AWSSecurityTokenServiceV20110615", "DecodeAuthorizationMessage", {})
.n("STSClient", "DecodeAuthorizationMessageCommand")
.sc(schemas_0.DecodeAuthorizationMessage$)
.build() {
}
class GetAccessKeyInfoCommand extends smithyClient.Command
.classBuilder()
.ep(EndpointParameters.commonParams)
.m(function (Command, cs, config, o) {
return [middlewareEndpoint.getEndpointPlugin(config, Command.getEndpointParameterInstructions())];
})
.s("AWSSecurityTokenServiceV20110615", "GetAccessKeyInfo", {})
.n("STSClient", "GetAccessKeyInfoCommand")
.sc(schemas_0.GetAccessKeyInfo$)
.build() {
}
class GetCallerIdentityCommand extends smithyClient.Command
.classBuilder()
.ep(EndpointParameters.commonParams)
.m(function (Command, cs, config, o) {
return [middlewareEndpoint.getEndpointPlugin(config, Command.getEndpointParameterInstructions())];
})
.s("AWSSecurityTokenServiceV20110615", "GetCallerIdentity", {})
.n("STSClient", "GetCallerIdentityCommand")
.sc(schemas_0.GetCallerIdentity$)
.build() {
}
class GetDelegatedAccessTokenCommand extends smithyClient.Command
.classBuilder()
.ep(EndpointParameters.commonParams)
.m(function (Command, cs, config, o) {
return [middlewareEndpoint.getEndpointPlugin(config, Command.getEndpointParameterInstructions())];
})
.s("AWSSecurityTokenServiceV20110615", "GetDelegatedAccessToken", {})
.n("STSClient", "GetDelegatedAccessTokenCommand")
.sc(schemas_0.GetDelegatedAccessToken$)
.build() {
}
class GetFederationTokenCommand extends smithyClient.Command
.classBuilder()
.ep(EndpointParameters.commonParams)
.m(function (Command, cs, config, o) {
return [middlewareEndpoint.getEndpointPlugin(config, Command.getEndpointParameterInstructions())];
})
.s("AWSSecurityTokenServiceV20110615", "GetFederationToken", {})
.n("STSClient", "GetFederationTokenCommand")
.sc(schemas_0.GetFederationToken$)
.build() {
}
class GetSessionTokenCommand extends smithyClient.Command
.classBuilder()
.ep(EndpointParameters.commonParams)
.m(function (Command, cs, config, o) {
return [middlewareEndpoint.getEndpointPlugin(config, Command.getEndpointParameterInstructions())];
})
.s("AWSSecurityTokenServiceV20110615", "GetSessionToken", {})
.n("STSClient", "GetSessionTokenCommand")
.sc(schemas_0.GetSessionToken$)
.build() {
}
class GetWebIdentityTokenCommand extends smithyClient.Command
.classBuilder()
.ep(EndpointParameters.commonParams)
.m(function (Command, cs, config, o) {
return [middlewareEndpoint.getEndpointPlugin(config, Command.getEndpointParameterInstructions())];
})
.s("AWSSecurityTokenServiceV20110615", "GetWebIdentityToken", {})
.n("STSClient", "GetWebIdentityTokenCommand")
.sc(schemas_0.GetWebIdentityToken$)
.build() {
}
const commands = {
AssumeRoleCommand,
AssumeRoleWithSAMLCommand,
AssumeRoleWithWebIdentityCommand,
AssumeRootCommand,
DecodeAuthorizationMessageCommand,
GetAccessKeyInfoCommand,
GetCallerIdentityCommand,
GetDelegatedAccessTokenCommand,
GetFederationTokenCommand,
GetSessionTokenCommand,
GetWebIdentityTokenCommand,
};
class STS extends STSClient.STSClient {
}
smithyClient.createAggregatedClient(commands, STS);
const getAccountIdFromAssumedRoleUser = (assumedRoleUser) => {
if (typeof assumedRoleUser?.Arn === "string") {
const arnComponents = assumedRoleUser.Arn.split(":");
if (arnComponents.length > 4 && arnComponents[4] !== "") {
return arnComponents[4];
}
}
return undefined;
};
const resolveRegion = async (_region, _parentRegion, credentialProviderLogger, loaderConfig = {}) => {
const region = typeof _region === "function" ? await _region() : _region;
const parentRegion = typeof _parentRegion === "function" ? await _parentRegion() : _parentRegion;
let stsDefaultRegion = "";
const resolvedRegion = region ?? parentRegion ?? (stsDefaultRegion = await regionConfigResolver.stsRegionDefaultResolver(loaderConfig)());
credentialProviderLogger?.debug?.("@aws-sdk/client-sts::resolveRegion", "accepting first of:", `${region} (credential provider clientConfig)`, `${parentRegion} (contextual client)`, `${stsDefaultRegion} (STS default: AWS_REGION, profile region, or us-east-1)`);
return resolvedRegion;
};
const getDefaultRoleAssumer$1 = (stsOptions, STSClient) => {
let stsClient;
let closureSourceCreds;
return async (sourceCreds, params) => {
closureSourceCreds = sourceCreds;
if (!stsClient) {
const { logger = stsOptions?.parentClientConfig?.logger, profile = stsOptions?.parentClientConfig?.profile, region, requestHandler = stsOptions?.parentClientConfig?.requestHandler, credentialProviderLogger, userAgentAppId = stsOptions?.parentClientConfig?.userAgentAppId, } = stsOptions;
const resolvedRegion = await resolveRegion(region, stsOptions?.parentClientConfig?.region, credentialProviderLogger, {
logger,
profile,
});
const isCompatibleRequestHandler = !isH2(requestHandler);
stsClient = new STSClient({
...stsOptions,
userAgentAppId,
profile,
credentialDefaultProvider: () => async () => closureSourceCreds,
region: resolvedRegion,
requestHandler: isCompatibleRequestHandler ? requestHandler : undefined,
logger: logger,
});
}
const { Credentials, AssumedRoleUser } = await stsClient.send(new AssumeRoleCommand(params));
if (!Credentials || !Credentials.AccessKeyId || !Credentials.SecretAccessKey) {
throw new Error(`Invalid response from STS.assumeRole call with role ${params.RoleArn}`);
}
const accountId = getAccountIdFromAssumedRoleUser(AssumedRoleUser);
const credentials = {
accessKeyId: Credentials.AccessKeyId,
secretAccessKey: Credentials.SecretAccessKey,
sessionToken: Credentials.SessionToken,
expiration: Credentials.Expiration,
...(Credentials.CredentialScope && { credentialScope: Credentials.CredentialScope }),
...(accountId && { accountId }),
};
client.setCredentialFeature(credentials, "CREDENTIALS_STS_ASSUME_ROLE", "i");
return credentials;
};
};
const getDefaultRoleAssumerWithWebIdentity$1 = (stsOptions, STSClient) => {
let stsClient;
return async (params) => {
if (!stsClient) {
const { logger = stsOptions?.parentClientConfig?.logger, profile = stsOptions?.parentClientConfig?.profile, region, requestHandler = stsOptions?.parentClientConfig?.requestHandler, credentialProviderLogger, userAgentAppId = stsOptions?.parentClientConfig?.userAgentAppId, } = stsOptions;
const resolvedRegion = await resolveRegion(region, stsOptions?.parentClientConfig?.region, credentialProviderLogger, {
logger,
profile,
});
const isCompatibleRequestHandler = !isH2(requestHandler);
stsClient = new STSClient({
...stsOptions,
userAgentAppId,
profile,
region: resolvedRegion,
requestHandler: isCompatibleRequestHandler ? requestHandler : undefined,
logger: logger,
});
}
const { Credentials, AssumedRoleUser } = await stsClient.send(new AssumeRoleWithWebIdentityCommand(params));
if (!Credentials || !Credentials.AccessKeyId || !Credentials.SecretAccessKey) {
throw new Error(`Invalid response from STS.assumeRoleWithWebIdentity call with role ${params.RoleArn}`);
}
const accountId = getAccountIdFromAssumedRoleUser(AssumedRoleUser);
const credentials = {
accessKeyId: Credentials.AccessKeyId,
secretAccessKey: Credentials.SecretAccessKey,
sessionToken: Credentials.SessionToken,
expiration: Credentials.Expiration,
...(Credentials.CredentialScope && { credentialScope: Credentials.CredentialScope }),
...(accountId && { accountId }),
};
if (accountId) {
client.setCredentialFeature(credentials, "RESOLVED_ACCOUNT_ID", "T");
}
client.setCredentialFeature(credentials, "CREDENTIALS_STS_ASSUME_ROLE_WEB_ID", "k");
return credentials;
};
};
const isH2 = (requestHandler) => {
return requestHandler?.metadata?.handlerProtocol === "h2";
};
const getCustomizableStsClientCtor = (baseCtor, customizations) => {
if (!customizations)
return baseCtor;
else
return class CustomizableSTSClient extends baseCtor {
constructor(config) {
super(config);
for (const customization of customizations) {
this.middlewareStack.use(customization);
}
}
};
};
const getDefaultRoleAssumer = (stsOptions = {}, stsPlugins) => getDefaultRoleAssumer$1(stsOptions, getCustomizableStsClientCtor(STSClient.STSClient, stsPlugins));
const getDefaultRoleAssumerWithWebIdentity = (stsOptions = {}, stsPlugins) => getDefaultRoleAssumerWithWebIdentity$1(stsOptions, getCustomizableStsClientCtor(STSClient.STSClient, stsPlugins));
const decorateDefaultCredentialProvider = (provider) => (input) => provider({
roleAssumer: getDefaultRoleAssumer(input),
roleAssumerWithWebIdentity: getDefaultRoleAssumerWithWebIdentity(input),
...input,
});
exports.$Command = smithyClient.Command;
exports.STSServiceException = STSServiceException.STSServiceException;
exports.AssumeRoleCommand = AssumeRoleCommand;
exports.AssumeRoleWithSAMLCommand = AssumeRoleWithSAMLCommand;
exports.AssumeRoleWithWebIdentityCommand = AssumeRoleWithWebIdentityCommand;
exports.AssumeRootCommand = AssumeRootCommand;
exports.DecodeAuthorizationMessageCommand = DecodeAuthorizationMessageCommand;
exports.GetAccessKeyInfoCommand = GetAccessKeyInfoCommand;
exports.GetCallerIdentityCommand = GetCallerIdentityCommand;
exports.GetDelegatedAccessTokenCommand = GetDelegatedAccessTokenCommand;
exports.GetFederationTokenCommand = GetFederationTokenCommand;
exports.GetSessionTokenCommand = GetSessionTokenCommand;
exports.GetWebIdentityTokenCommand = GetWebIdentityTokenCommand;
exports.STS = STS;
exports.decorateDefaultCredentialProvider = decorateDefaultCredentialProvider;
exports.getDefaultRoleAssumer = getDefaultRoleAssumer;
exports.getDefaultRoleAssumerWithWebIdentity = getDefaultRoleAssumerWithWebIdentity;
Object.prototype.hasOwnProperty.call(STSClient, '__proto__') &&
!Object.prototype.hasOwnProperty.call(exports, '__proto__') &&
Object.defineProperty(exports, '__proto__', {
enumerable: true,
value: STSClient['__proto__']
});
Object.keys(STSClient).forEach(function (k) {
if (k !== 'default' && !Object.prototype.hasOwnProperty.call(exports, k)) exports[k] = STSClient[k];
});
Object.prototype.hasOwnProperty.call(schemas_0, '__proto__') &&
!Object.prototype.hasOwnProperty.call(exports, '__proto__') &&
Object.defineProperty(exports, '__proto__', {
enumerable: true,
value: schemas_0['__proto__']
});
Object.keys(schemas_0).forEach(function (k) {
if (k !== 'default' && !Object.prototype.hasOwnProperty.call(exports, k)) exports[k] = schemas_0[k];
});
Object.prototype.hasOwnProperty.call(errors, '__proto__') &&
!Object.prototype.hasOwnProperty.call(exports, '__proto__') &&
Object.defineProperty(exports, '__proto__', {
enumerable: true,
value: errors['__proto__']
});
Object.keys(errors).forEach(function (k) {
if (k !== 'default' && !Object.prototype.hasOwnProperty.call(exports, k)) exports[k] = errors[k];
});

View File

@@ -0,0 +1,12 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.STSServiceException = exports.__ServiceException = void 0;
const smithy_client_1 = require("@smithy/smithy-client");
Object.defineProperty(exports, "__ServiceException", { enumerable: true, get: function () { return smithy_client_1.ServiceException; } });
class STSServiceException extends smithy_client_1.ServiceException {
constructor(options) {
super(options);
Object.setPrototypeOf(this, STSServiceException.prototype);
}
}
exports.STSServiceException = STSServiceException;

View File

@@ -0,0 +1,160 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.SessionDurationEscalationException = exports.OutboundWebIdentityFederationDisabledException = exports.JWTPayloadSizeExceededException = exports.ExpiredTradeInTokenException = exports.InvalidAuthorizationMessageException = exports.IDPCommunicationErrorException = exports.InvalidIdentityTokenException = exports.IDPRejectedClaimException = exports.RegionDisabledException = exports.PackedPolicyTooLargeException = exports.MalformedPolicyDocumentException = exports.ExpiredTokenException = void 0;
const STSServiceException_1 = require("./STSServiceException");
class ExpiredTokenException extends STSServiceException_1.STSServiceException {
name = "ExpiredTokenException";
$fault = "client";
constructor(opts) {
super({
name: "ExpiredTokenException",
$fault: "client",
...opts,
});
Object.setPrototypeOf(this, ExpiredTokenException.prototype);
}
}
exports.ExpiredTokenException = ExpiredTokenException;
class MalformedPolicyDocumentException extends STSServiceException_1.STSServiceException {
name = "MalformedPolicyDocumentException";
$fault = "client";
constructor(opts) {
super({
name: "MalformedPolicyDocumentException",
$fault: "client",
...opts,
});
Object.setPrototypeOf(this, MalformedPolicyDocumentException.prototype);
}
}
exports.MalformedPolicyDocumentException = MalformedPolicyDocumentException;
class PackedPolicyTooLargeException extends STSServiceException_1.STSServiceException {
name = "PackedPolicyTooLargeException";
$fault = "client";
constructor(opts) {
super({
name: "PackedPolicyTooLargeException",
$fault: "client",
...opts,
});
Object.setPrototypeOf(this, PackedPolicyTooLargeException.prototype);
}
}
exports.PackedPolicyTooLargeException = PackedPolicyTooLargeException;
class RegionDisabledException extends STSServiceException_1.STSServiceException {
name = "RegionDisabledException";
$fault = "client";
constructor(opts) {
super({
name: "RegionDisabledException",
$fault: "client",
...opts,
});
Object.setPrototypeOf(this, RegionDisabledException.prototype);
}
}
exports.RegionDisabledException = RegionDisabledException;
class IDPRejectedClaimException extends STSServiceException_1.STSServiceException {
name = "IDPRejectedClaimException";
$fault = "client";
constructor(opts) {
super({
name: "IDPRejectedClaimException",
$fault: "client",
...opts,
});
Object.setPrototypeOf(this, IDPRejectedClaimException.prototype);
}
}
exports.IDPRejectedClaimException = IDPRejectedClaimException;
class InvalidIdentityTokenException extends STSServiceException_1.STSServiceException {
name = "InvalidIdentityTokenException";
$fault = "client";
constructor(opts) {
super({
name: "InvalidIdentityTokenException",
$fault: "client",
...opts,
});
Object.setPrototypeOf(this, InvalidIdentityTokenException.prototype);
}
}
exports.InvalidIdentityTokenException = InvalidIdentityTokenException;
class IDPCommunicationErrorException extends STSServiceException_1.STSServiceException {
name = "IDPCommunicationErrorException";
$fault = "client";
constructor(opts) {
super({
name: "IDPCommunicationErrorException",
$fault: "client",
...opts,
});
Object.setPrototypeOf(this, IDPCommunicationErrorException.prototype);
}
}
exports.IDPCommunicationErrorException = IDPCommunicationErrorException;
class InvalidAuthorizationMessageException extends STSServiceException_1.STSServiceException {
name = "InvalidAuthorizationMessageException";
$fault = "client";
constructor(opts) {
super({
name: "InvalidAuthorizationMessageException",
$fault: "client",
...opts,
});
Object.setPrototypeOf(this, InvalidAuthorizationMessageException.prototype);
}
}
exports.InvalidAuthorizationMessageException = InvalidAuthorizationMessageException;
class ExpiredTradeInTokenException extends STSServiceException_1.STSServiceException {
name = "ExpiredTradeInTokenException";
$fault = "client";
constructor(opts) {
super({
name: "ExpiredTradeInTokenException",
$fault: "client",
...opts,
});
Object.setPrototypeOf(this, ExpiredTradeInTokenException.prototype);
}
}
exports.ExpiredTradeInTokenException = ExpiredTradeInTokenException;
class JWTPayloadSizeExceededException extends STSServiceException_1.STSServiceException {
name = "JWTPayloadSizeExceededException";
$fault = "client";
constructor(opts) {
super({
name: "JWTPayloadSizeExceededException",
$fault: "client",
...opts,
});
Object.setPrototypeOf(this, JWTPayloadSizeExceededException.prototype);
}
}
exports.JWTPayloadSizeExceededException = JWTPayloadSizeExceededException;
class OutboundWebIdentityFederationDisabledException extends STSServiceException_1.STSServiceException {
name = "OutboundWebIdentityFederationDisabledException";
$fault = "client";
constructor(opts) {
super({
name: "OutboundWebIdentityFederationDisabledException",
$fault: "client",
...opts,
});
Object.setPrototypeOf(this, OutboundWebIdentityFederationDisabledException.prototype);
}
}
exports.OutboundWebIdentityFederationDisabledException = OutboundWebIdentityFederationDisabledException;
class SessionDurationEscalationException extends STSServiceException_1.STSServiceException {
name = "SessionDurationEscalationException";
$fault = "client";
constructor(opts) {
super({
name: "SessionDurationEscalationException",
$fault: "client",
...opts,
});
Object.setPrototypeOf(this, SessionDurationEscalationException.prototype);
}
}
exports.SessionDurationEscalationException = SessionDurationEscalationException;

View File

@@ -0,0 +1,38 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.getRuntimeConfig = void 0;
const tslib_1 = require("tslib");
const package_json_1 = tslib_1.__importDefault(require("../package.json"));
const sha256_browser_1 = require("@aws-crypto/sha256-browser");
const util_user_agent_browser_1 = require("@aws-sdk/util-user-agent-browser");
const config_resolver_1 = require("@smithy/config-resolver");
const fetch_http_handler_1 = require("@smithy/fetch-http-handler");
const invalid_dependency_1 = require("@smithy/invalid-dependency");
const smithy_client_1 = require("@smithy/smithy-client");
const util_body_length_browser_1 = require("@smithy/util-body-length-browser");
const util_defaults_mode_browser_1 = require("@smithy/util-defaults-mode-browser");
const util_retry_1 = require("@smithy/util-retry");
const runtimeConfig_shared_1 = require("./runtimeConfig.shared");
const getRuntimeConfig = (config) => {
const defaultsMode = (0, util_defaults_mode_browser_1.resolveDefaultsModeConfig)(config);
const defaultConfigProvider = () => defaultsMode().then(smithy_client_1.loadConfigsForDefaultMode);
const clientSharedValues = (0, runtimeConfig_shared_1.getRuntimeConfig)(config);
return {
...clientSharedValues,
...config,
runtime: "browser",
defaultsMode,
bodyLengthChecker: config?.bodyLengthChecker ?? util_body_length_browser_1.calculateBodyLength,
credentialDefaultProvider: config?.credentialDefaultProvider ?? ((_) => () => Promise.reject(new Error("Credential is missing"))),
defaultUserAgentProvider: config?.defaultUserAgentProvider ?? (0, util_user_agent_browser_1.createDefaultUserAgentProvider)({ serviceId: clientSharedValues.serviceId, clientVersion: package_json_1.default.version }),
maxAttempts: config?.maxAttempts ?? util_retry_1.DEFAULT_MAX_ATTEMPTS,
region: config?.region ?? (0, invalid_dependency_1.invalidProvider)("Region is missing"),
requestHandler: fetch_http_handler_1.FetchHttpHandler.create(config?.requestHandler ?? defaultConfigProvider),
retryMode: config?.retryMode ?? (async () => (await defaultConfigProvider()).retryMode || util_retry_1.DEFAULT_RETRY_MODE),
sha256: config?.sha256 ?? sha256_browser_1.Sha256,
streamCollector: config?.streamCollector ?? fetch_http_handler_1.streamCollector,
useDualstackEndpoint: config?.useDualstackEndpoint ?? (() => Promise.resolve(config_resolver_1.DEFAULT_USE_DUALSTACK_ENDPOINT)),
useFipsEndpoint: config?.useFipsEndpoint ?? (() => Promise.resolve(config_resolver_1.DEFAULT_USE_FIPS_ENDPOINT)),
};
};
exports.getRuntimeConfig = getRuntimeConfig;

View File

@@ -0,0 +1,67 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.getRuntimeConfig = void 0;
const tslib_1 = require("tslib");
const package_json_1 = tslib_1.__importDefault(require("../package.json"));
const client_1 = require("@aws-sdk/core/client");
const httpAuthSchemes_1 = require("@aws-sdk/core/httpAuthSchemes");
const credential_provider_node_1 = require("@aws-sdk/credential-provider-node");
const util_user_agent_node_1 = require("@aws-sdk/util-user-agent-node");
const config_resolver_1 = require("@smithy/config-resolver");
const core_1 = require("@smithy/core");
const hash_node_1 = require("@smithy/hash-node");
const middleware_retry_1 = require("@smithy/middleware-retry");
const node_config_provider_1 = require("@smithy/node-config-provider");
const node_http_handler_1 = require("@smithy/node-http-handler");
const smithy_client_1 = require("@smithy/smithy-client");
const util_body_length_node_1 = require("@smithy/util-body-length-node");
const util_defaults_mode_node_1 = require("@smithy/util-defaults-mode-node");
const util_retry_1 = require("@smithy/util-retry");
const runtimeConfig_shared_1 = require("./runtimeConfig.shared");
const getRuntimeConfig = (config) => {
(0, smithy_client_1.emitWarningIfUnsupportedVersion)(process.version);
const defaultsMode = (0, util_defaults_mode_node_1.resolveDefaultsModeConfig)(config);
const defaultConfigProvider = () => defaultsMode().then(smithy_client_1.loadConfigsForDefaultMode);
const clientSharedValues = (0, runtimeConfig_shared_1.getRuntimeConfig)(config);
(0, client_1.emitWarningIfUnsupportedVersion)(process.version);
const loaderConfig = {
profile: config?.profile,
logger: clientSharedValues.logger,
};
return {
...clientSharedValues,
...config,
runtime: "node",
defaultsMode,
authSchemePreference: config?.authSchemePreference ?? (0, node_config_provider_1.loadConfig)(httpAuthSchemes_1.NODE_AUTH_SCHEME_PREFERENCE_OPTIONS, loaderConfig),
bodyLengthChecker: config?.bodyLengthChecker ?? util_body_length_node_1.calculateBodyLength,
credentialDefaultProvider: config?.credentialDefaultProvider ?? credential_provider_node_1.defaultProvider,
defaultUserAgentProvider: config?.defaultUserAgentProvider ?? (0, util_user_agent_node_1.createDefaultUserAgentProvider)({ serviceId: clientSharedValues.serviceId, clientVersion: package_json_1.default.version }),
httpAuthSchemes: config?.httpAuthSchemes ?? [
{
schemeId: "aws.auth#sigv4",
identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4") || (async (idProps) => await (0, credential_provider_node_1.defaultProvider)(idProps?.__config || {})()),
signer: new httpAuthSchemes_1.AwsSdkSigV4Signer(),
},
{
schemeId: "smithy.api#noAuth",
identityProvider: (ipc) => ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})),
signer: new core_1.NoAuthSigner(),
},
],
maxAttempts: config?.maxAttempts ?? (0, node_config_provider_1.loadConfig)(middleware_retry_1.NODE_MAX_ATTEMPT_CONFIG_OPTIONS, config),
region: config?.region ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_REGION_CONFIG_OPTIONS, { ...config_resolver_1.NODE_REGION_CONFIG_FILE_OPTIONS, ...loaderConfig }),
requestHandler: node_http_handler_1.NodeHttpHandler.create(config?.requestHandler ?? defaultConfigProvider),
retryMode: config?.retryMode ??
(0, node_config_provider_1.loadConfig)({
...middleware_retry_1.NODE_RETRY_MODE_CONFIG_OPTIONS,
default: async () => (await defaultConfigProvider()).retryMode || util_retry_1.DEFAULT_RETRY_MODE,
}, config),
sha256: config?.sha256 ?? hash_node_1.Hash.bind(null, "sha256"),
streamCollector: config?.streamCollector ?? node_http_handler_1.streamCollector,
useDualstackEndpoint: config?.useDualstackEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS, loaderConfig),
useFipsEndpoint: config?.useFipsEndpoint ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS, loaderConfig),
userAgentAppId: config?.userAgentAppId ?? (0, node_config_provider_1.loadConfig)(util_user_agent_node_1.NODE_APP_ID_CONFIG_OPTIONS, loaderConfig),
};
};
exports.getRuntimeConfig = getRuntimeConfig;

View File

@@ -0,0 +1,15 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.getRuntimeConfig = void 0;
const sha256_js_1 = require("@aws-crypto/sha256-js");
const runtimeConfig_browser_1 = require("./runtimeConfig.browser");
const getRuntimeConfig = (config) => {
const browserDefaults = (0, runtimeConfig_browser_1.getRuntimeConfig)(config);
return {
...browserDefaults,
...config,
runtime: "react-native",
sha256: config?.sha256 ?? sha256_js_1.Sha256,
};
};
exports.getRuntimeConfig = getRuntimeConfig;

View File

@@ -0,0 +1,50 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.getRuntimeConfig = void 0;
const httpAuthSchemes_1 = require("@aws-sdk/core/httpAuthSchemes");
const protocols_1 = require("@aws-sdk/core/protocols");
const core_1 = require("@smithy/core");
const smithy_client_1 = require("@smithy/smithy-client");
const url_parser_1 = require("@smithy/url-parser");
const util_base64_1 = require("@smithy/util-base64");
const util_utf8_1 = require("@smithy/util-utf8");
const httpAuthSchemeProvider_1 = require("./auth/httpAuthSchemeProvider");
const endpointResolver_1 = require("./endpoint/endpointResolver");
const schemas_0_1 = require("./schemas/schemas_0");
const getRuntimeConfig = (config) => {
return {
apiVersion: "2011-06-15",
base64Decoder: config?.base64Decoder ?? util_base64_1.fromBase64,
base64Encoder: config?.base64Encoder ?? util_base64_1.toBase64,
disableHostPrefix: config?.disableHostPrefix ?? false,
endpointProvider: config?.endpointProvider ?? endpointResolver_1.defaultEndpointResolver,
extensions: config?.extensions ?? [],
httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? httpAuthSchemeProvider_1.defaultSTSHttpAuthSchemeProvider,
httpAuthSchemes: config?.httpAuthSchemes ?? [
{
schemeId: "aws.auth#sigv4",
identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4"),
signer: new httpAuthSchemes_1.AwsSdkSigV4Signer(),
},
{
schemeId: "smithy.api#noAuth",
identityProvider: (ipc) => ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})),
signer: new core_1.NoAuthSigner(),
},
],
logger: config?.logger ?? new smithy_client_1.NoOpLogger(),
protocol: config?.protocol ?? protocols_1.AwsQueryProtocol,
protocolSettings: config?.protocolSettings ?? {
defaultNamespace: "com.amazonaws.sts",
errorTypeRegistries: schemas_0_1.errorTypeRegistries,
xmlNamespace: "https://sts.amazonaws.com/doc/2011-06-15/",
version: "2011-06-15",
serviceTarget: "AWSSecurityTokenServiceV20110615",
},
serviceId: config?.serviceId ?? "STS",
urlParser: config?.urlParser ?? url_parser_1.parseUrl,
utf8Decoder: config?.utf8Decoder ?? util_utf8_1.fromUtf8,
utf8Encoder: config?.utf8Encoder ?? util_utf8_1.toUtf8,
};
};
exports.getRuntimeConfig = getRuntimeConfig;

View File

@@ -0,0 +1,13 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.resolveRuntimeExtensions = void 0;
const region_config_resolver_1 = require("@aws-sdk/region-config-resolver");
const protocol_http_1 = require("@smithy/protocol-http");
const smithy_client_1 = require("@smithy/smithy-client");
const httpAuthExtensionConfiguration_1 = require("./auth/httpAuthExtensionConfiguration");
const resolveRuntimeExtensions = (runtimeConfig, extensions) => {
const extensionConfiguration = Object.assign((0, region_config_resolver_1.getAwsRegionExtensionConfiguration)(runtimeConfig), (0, smithy_client_1.getDefaultExtensionConfiguration)(runtimeConfig), (0, protocol_http_1.getHttpHandlerExtensionConfiguration)(runtimeConfig), (0, httpAuthExtensionConfiguration_1.getHttpAuthExtensionConfiguration)(runtimeConfig));
extensions.forEach((extension) => extension.configure(extensionConfiguration));
return Object.assign(runtimeConfig, (0, region_config_resolver_1.resolveAwsRegionExtensionConfiguration)(extensionConfiguration), (0, smithy_client_1.resolveDefaultRuntimeConfig)(extensionConfiguration), (0, protocol_http_1.resolveHttpHandlerRuntimeConfig)(extensionConfiguration), (0, httpAuthExtensionConfiguration_1.resolveHttpAuthRuntimeConfig)(extensionConfiguration));
};
exports.resolveRuntimeExtensions = resolveRuntimeExtensions;

View File

@@ -0,0 +1,388 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.GetDelegatedAccessToken$ = exports.GetCallerIdentity$ = exports.GetAccessKeyInfo$ = exports.DecodeAuthorizationMessage$ = exports.AssumeRoot$ = exports.AssumeRoleWithWebIdentity$ = exports.AssumeRoleWithSAML$ = exports.AssumeRole$ = exports.Tag$ = exports.ProvidedContext$ = exports.PolicyDescriptorType$ = exports.GetWebIdentityTokenResponse$ = exports.GetWebIdentityTokenRequest$ = exports.GetSessionTokenResponse$ = exports.GetSessionTokenRequest$ = exports.GetFederationTokenResponse$ = exports.GetFederationTokenRequest$ = exports.GetDelegatedAccessTokenResponse$ = exports.GetDelegatedAccessTokenRequest$ = exports.GetCallerIdentityResponse$ = exports.GetCallerIdentityRequest$ = exports.GetAccessKeyInfoResponse$ = exports.GetAccessKeyInfoRequest$ = exports.FederatedUser$ = exports.DecodeAuthorizationMessageResponse$ = exports.DecodeAuthorizationMessageRequest$ = exports.Credentials$ = exports.AssumeRootResponse$ = exports.AssumeRootRequest$ = exports.AssumeRoleWithWebIdentityResponse$ = exports.AssumeRoleWithWebIdentityRequest$ = exports.AssumeRoleWithSAMLResponse$ = exports.AssumeRoleWithSAMLRequest$ = exports.AssumeRoleResponse$ = exports.AssumeRoleRequest$ = exports.AssumedRoleUser$ = exports.errorTypeRegistries = exports.SessionDurationEscalationException$ = exports.RegionDisabledException$ = exports.PackedPolicyTooLargeException$ = exports.OutboundWebIdentityFederationDisabledException$ = exports.MalformedPolicyDocumentException$ = exports.JWTPayloadSizeExceededException$ = exports.InvalidIdentityTokenException$ = exports.InvalidAuthorizationMessageException$ = exports.IDPRejectedClaimException$ = exports.IDPCommunicationErrorException$ = exports.ExpiredTradeInTokenException$ = exports.ExpiredTokenException$ = exports.STSServiceException$ = void 0;
exports.GetWebIdentityToken$ = exports.GetSessionToken$ = exports.GetFederationToken$ = void 0;
const _A = "Arn";
const _AKI = "AccessKeyId";
const _AP = "AssumedPrincipal";
const _AR = "AssumeRole";
const _ARI = "AssumedRoleId";
const _ARR = "AssumeRoleRequest";
const _ARRs = "AssumeRoleResponse";
const _ARRss = "AssumeRootRequest";
const _ARRssu = "AssumeRootResponse";
const _ARU = "AssumedRoleUser";
const _ARWSAML = "AssumeRoleWithSAML";
const _ARWSAMLR = "AssumeRoleWithSAMLRequest";
const _ARWSAMLRs = "AssumeRoleWithSAMLResponse";
const _ARWWI = "AssumeRoleWithWebIdentity";
const _ARWWIR = "AssumeRoleWithWebIdentityRequest";
const _ARWWIRs = "AssumeRoleWithWebIdentityResponse";
const _ARs = "AssumeRoot";
const _Ac = "Account";
const _Au = "Audience";
const _C = "Credentials";
const _CA = "ContextAssertion";
const _DAM = "DecodeAuthorizationMessage";
const _DAMR = "DecodeAuthorizationMessageRequest";
const _DAMRe = "DecodeAuthorizationMessageResponse";
const _DM = "DecodedMessage";
const _DS = "DurationSeconds";
const _E = "Expiration";
const _EI = "ExternalId";
const _EM = "EncodedMessage";
const _ETE = "ExpiredTokenException";
const _ETITE = "ExpiredTradeInTokenException";
const _FU = "FederatedUser";
const _FUI = "FederatedUserId";
const _GAKI = "GetAccessKeyInfo";
const _GAKIR = "GetAccessKeyInfoRequest";
const _GAKIRe = "GetAccessKeyInfoResponse";
const _GCI = "GetCallerIdentity";
const _GCIR = "GetCallerIdentityRequest";
const _GCIRe = "GetCallerIdentityResponse";
const _GDAT = "GetDelegatedAccessToken";
const _GDATR = "GetDelegatedAccessTokenRequest";
const _GDATRe = "GetDelegatedAccessTokenResponse";
const _GFT = "GetFederationToken";
const _GFTR = "GetFederationTokenRequest";
const _GFTRe = "GetFederationTokenResponse";
const _GST = "GetSessionToken";
const _GSTR = "GetSessionTokenRequest";
const _GSTRe = "GetSessionTokenResponse";
const _GWIT = "GetWebIdentityToken";
const _GWITR = "GetWebIdentityTokenRequest";
const _GWITRe = "GetWebIdentityTokenResponse";
const _I = "Issuer";
const _IAME = "InvalidAuthorizationMessageException";
const _IDPCEE = "IDPCommunicationErrorException";
const _IDPRCE = "IDPRejectedClaimException";
const _IITE = "InvalidIdentityTokenException";
const _JWTPSEE = "JWTPayloadSizeExceededException";
const _K = "Key";
const _MPDE = "MalformedPolicyDocumentException";
const _N = "Name";
const _NQ = "NameQualifier";
const _OWIFDE = "OutboundWebIdentityFederationDisabledException";
const _P = "Policy";
const _PA = "PolicyArns";
const _PAr = "PrincipalArn";
const _PAro = "ProviderArn";
const _PC = "ProvidedContexts";
const _PCLT = "ProvidedContextsListType";
const _PCr = "ProvidedContext";
const _PDT = "PolicyDescriptorType";
const _PI = "ProviderId";
const _PPS = "PackedPolicySize";
const _PPTLE = "PackedPolicyTooLargeException";
const _Pr = "Provider";
const _RA = "RoleArn";
const _RDE = "RegionDisabledException";
const _RSN = "RoleSessionName";
const _S = "Subject";
const _SA = "SigningAlgorithm";
const _SAK = "SecretAccessKey";
const _SAMLA = "SAMLAssertion";
const _SAMLAT = "SAMLAssertionType";
const _SDEE = "SessionDurationEscalationException";
const _SFWIT = "SubjectFromWebIdentityToken";
const _SI = "SourceIdentity";
const _SN = "SerialNumber";
const _ST = "SubjectType";
const _STe = "SessionToken";
const _T = "Tags";
const _TC = "TokenCode";
const _TIT = "TradeInToken";
const _TP = "TargetPrincipal";
const _TPA = "TaskPolicyArn";
const _TTK = "TransitiveTagKeys";
const _Ta = "Tag";
const _UI = "UserId";
const _V = "Value";
const _WIT = "WebIdentityToken";
const _a = "arn";
const _aKST = "accessKeySecretType";
const _aQE = "awsQueryError";
const _c = "client";
const _cTT = "clientTokenType";
const _e = "error";
const _hE = "httpError";
const _m = "message";
const _pDLT = "policyDescriptorListType";
const _s = "smithy.ts.sdk.synthetic.com.amazonaws.sts";
const _tITT = "tradeInTokenType";
const _tLT = "tagListType";
const _wITT = "webIdentityTokenType";
const n0 = "com.amazonaws.sts";
const schema_1 = require("@smithy/core/schema");
const errors_1 = require("../models/errors");
const STSServiceException_1 = require("../models/STSServiceException");
const _s_registry = schema_1.TypeRegistry.for(_s);
exports.STSServiceException$ = [-3, _s, "STSServiceException", 0, [], []];
_s_registry.registerError(exports.STSServiceException$, STSServiceException_1.STSServiceException);
const n0_registry = schema_1.TypeRegistry.for(n0);
exports.ExpiredTokenException$ = [-3, n0, _ETE,
{ [_aQE]: [`ExpiredTokenException`, 400], [_e]: _c, [_hE]: 400 },
[_m],
[0]
];
n0_registry.registerError(exports.ExpiredTokenException$, errors_1.ExpiredTokenException);
exports.ExpiredTradeInTokenException$ = [-3, n0, _ETITE,
{ [_aQE]: [`ExpiredTradeInTokenException`, 400], [_e]: _c, [_hE]: 400 },
[_m],
[0]
];
n0_registry.registerError(exports.ExpiredTradeInTokenException$, errors_1.ExpiredTradeInTokenException);
exports.IDPCommunicationErrorException$ = [-3, n0, _IDPCEE,
{ [_aQE]: [`IDPCommunicationError`, 400], [_e]: _c, [_hE]: 400 },
[_m],
[0]
];
n0_registry.registerError(exports.IDPCommunicationErrorException$, errors_1.IDPCommunicationErrorException);
exports.IDPRejectedClaimException$ = [-3, n0, _IDPRCE,
{ [_aQE]: [`IDPRejectedClaim`, 403], [_e]: _c, [_hE]: 403 },
[_m],
[0]
];
n0_registry.registerError(exports.IDPRejectedClaimException$, errors_1.IDPRejectedClaimException);
exports.InvalidAuthorizationMessageException$ = [-3, n0, _IAME,
{ [_aQE]: [`InvalidAuthorizationMessageException`, 400], [_e]: _c, [_hE]: 400 },
[_m],
[0]
];
n0_registry.registerError(exports.InvalidAuthorizationMessageException$, errors_1.InvalidAuthorizationMessageException);
exports.InvalidIdentityTokenException$ = [-3, n0, _IITE,
{ [_aQE]: [`InvalidIdentityToken`, 400], [_e]: _c, [_hE]: 400 },
[_m],
[0]
];
n0_registry.registerError(exports.InvalidIdentityTokenException$, errors_1.InvalidIdentityTokenException);
exports.JWTPayloadSizeExceededException$ = [-3, n0, _JWTPSEE,
{ [_aQE]: [`JWTPayloadSizeExceededException`, 400], [_e]: _c, [_hE]: 400 },
[_m],
[0]
];
n0_registry.registerError(exports.JWTPayloadSizeExceededException$, errors_1.JWTPayloadSizeExceededException);
exports.MalformedPolicyDocumentException$ = [-3, n0, _MPDE,
{ [_aQE]: [`MalformedPolicyDocument`, 400], [_e]: _c, [_hE]: 400 },
[_m],
[0]
];
n0_registry.registerError(exports.MalformedPolicyDocumentException$, errors_1.MalformedPolicyDocumentException);
exports.OutboundWebIdentityFederationDisabledException$ = [-3, n0, _OWIFDE,
{ [_aQE]: [`OutboundWebIdentityFederationDisabledException`, 403], [_e]: _c, [_hE]: 403 },
[_m],
[0]
];
n0_registry.registerError(exports.OutboundWebIdentityFederationDisabledException$, errors_1.OutboundWebIdentityFederationDisabledException);
exports.PackedPolicyTooLargeException$ = [-3, n0, _PPTLE,
{ [_aQE]: [`PackedPolicyTooLarge`, 400], [_e]: _c, [_hE]: 400 },
[_m],
[0]
];
n0_registry.registerError(exports.PackedPolicyTooLargeException$, errors_1.PackedPolicyTooLargeException);
exports.RegionDisabledException$ = [-3, n0, _RDE,
{ [_aQE]: [`RegionDisabledException`, 403], [_e]: _c, [_hE]: 403 },
[_m],
[0]
];
n0_registry.registerError(exports.RegionDisabledException$, errors_1.RegionDisabledException);
exports.SessionDurationEscalationException$ = [-3, n0, _SDEE,
{ [_aQE]: [`SessionDurationEscalationException`, 403], [_e]: _c, [_hE]: 403 },
[_m],
[0]
];
n0_registry.registerError(exports.SessionDurationEscalationException$, errors_1.SessionDurationEscalationException);
exports.errorTypeRegistries = [
_s_registry,
n0_registry,
];
var accessKeySecretType = [0, n0, _aKST, 8, 0];
var clientTokenType = [0, n0, _cTT, 8, 0];
var SAMLAssertionType = [0, n0, _SAMLAT, 8, 0];
var tradeInTokenType = [0, n0, _tITT, 8, 0];
var webIdentityTokenType = [0, n0, _wITT, 8, 0];
exports.AssumedRoleUser$ = [3, n0, _ARU,
0,
[_ARI, _A],
[0, 0], 2
];
exports.AssumeRoleRequest$ = [3, n0, _ARR,
0,
[_RA, _RSN, _PA, _P, _DS, _T, _TTK, _EI, _SN, _TC, _SI, _PC],
[0, 0, () => policyDescriptorListType, 0, 1, () => tagListType, 64 | 0, 0, 0, 0, 0, () => ProvidedContextsListType], 2
];
exports.AssumeRoleResponse$ = [3, n0, _ARRs,
0,
[_C, _ARU, _PPS, _SI],
[[() => exports.Credentials$, 0], () => exports.AssumedRoleUser$, 1, 0]
];
exports.AssumeRoleWithSAMLRequest$ = [3, n0, _ARWSAMLR,
0,
[_RA, _PAr, _SAMLA, _PA, _P, _DS],
[0, 0, [() => SAMLAssertionType, 0], () => policyDescriptorListType, 0, 1], 3
];
exports.AssumeRoleWithSAMLResponse$ = [3, n0, _ARWSAMLRs,
0,
[_C, _ARU, _PPS, _S, _ST, _I, _Au, _NQ, _SI],
[[() => exports.Credentials$, 0], () => exports.AssumedRoleUser$, 1, 0, 0, 0, 0, 0, 0]
];
exports.AssumeRoleWithWebIdentityRequest$ = [3, n0, _ARWWIR,
0,
[_RA, _RSN, _WIT, _PI, _PA, _P, _DS],
[0, 0, [() => clientTokenType, 0], 0, () => policyDescriptorListType, 0, 1], 3
];
exports.AssumeRoleWithWebIdentityResponse$ = [3, n0, _ARWWIRs,
0,
[_C, _SFWIT, _ARU, _PPS, _Pr, _Au, _SI],
[[() => exports.Credentials$, 0], 0, () => exports.AssumedRoleUser$, 1, 0, 0, 0]
];
exports.AssumeRootRequest$ = [3, n0, _ARRss,
0,
[_TP, _TPA, _DS],
[0, () => exports.PolicyDescriptorType$, 1], 2
];
exports.AssumeRootResponse$ = [3, n0, _ARRssu,
0,
[_C, _SI],
[[() => exports.Credentials$, 0], 0]
];
exports.Credentials$ = [3, n0, _C,
0,
[_AKI, _SAK, _STe, _E],
[0, [() => accessKeySecretType, 0], 0, 4], 4
];
exports.DecodeAuthorizationMessageRequest$ = [3, n0, _DAMR,
0,
[_EM],
[0], 1
];
exports.DecodeAuthorizationMessageResponse$ = [3, n0, _DAMRe,
0,
[_DM],
[0]
];
exports.FederatedUser$ = [3, n0, _FU,
0,
[_FUI, _A],
[0, 0], 2
];
exports.GetAccessKeyInfoRequest$ = [3, n0, _GAKIR,
0,
[_AKI],
[0], 1
];
exports.GetAccessKeyInfoResponse$ = [3, n0, _GAKIRe,
0,
[_Ac],
[0]
];
exports.GetCallerIdentityRequest$ = [3, n0, _GCIR,
0,
[],
[]
];
exports.GetCallerIdentityResponse$ = [3, n0, _GCIRe,
0,
[_UI, _Ac, _A],
[0, 0, 0]
];
exports.GetDelegatedAccessTokenRequest$ = [3, n0, _GDATR,
0,
[_TIT],
[[() => tradeInTokenType, 0]], 1
];
exports.GetDelegatedAccessTokenResponse$ = [3, n0, _GDATRe,
0,
[_C, _PPS, _AP],
[[() => exports.Credentials$, 0], 1, 0]
];
exports.GetFederationTokenRequest$ = [3, n0, _GFTR,
0,
[_N, _P, _PA, _DS, _T],
[0, 0, () => policyDescriptorListType, 1, () => tagListType], 1
];
exports.GetFederationTokenResponse$ = [3, n0, _GFTRe,
0,
[_C, _FU, _PPS],
[[() => exports.Credentials$, 0], () => exports.FederatedUser$, 1]
];
exports.GetSessionTokenRequest$ = [3, n0, _GSTR,
0,
[_DS, _SN, _TC],
[1, 0, 0]
];
exports.GetSessionTokenResponse$ = [3, n0, _GSTRe,
0,
[_C],
[[() => exports.Credentials$, 0]]
];
exports.GetWebIdentityTokenRequest$ = [3, n0, _GWITR,
0,
[_Au, _SA, _DS, _T],
[64 | 0, 0, 1, () => tagListType], 2
];
exports.GetWebIdentityTokenResponse$ = [3, n0, _GWITRe,
0,
[_WIT, _E],
[[() => webIdentityTokenType, 0], 4]
];
exports.PolicyDescriptorType$ = [3, n0, _PDT,
0,
[_a],
[0]
];
exports.ProvidedContext$ = [3, n0, _PCr,
0,
[_PAro, _CA],
[0, 0]
];
exports.Tag$ = [3, n0, _Ta,
0,
[_K, _V],
[0, 0], 2
];
var policyDescriptorListType = [1, n0, _pDLT,
0, () => exports.PolicyDescriptorType$
];
var ProvidedContextsListType = [1, n0, _PCLT,
0, () => exports.ProvidedContext$
];
var tagKeyListType = 64 | 0;
var tagListType = [1, n0, _tLT,
0, () => exports.Tag$
];
var webIdentityTokenAudienceListType = 64 | 0;
exports.AssumeRole$ = [9, n0, _AR,
0, () => exports.AssumeRoleRequest$, () => exports.AssumeRoleResponse$
];
exports.AssumeRoleWithSAML$ = [9, n0, _ARWSAML,
0, () => exports.AssumeRoleWithSAMLRequest$, () => exports.AssumeRoleWithSAMLResponse$
];
exports.AssumeRoleWithWebIdentity$ = [9, n0, _ARWWI,
0, () => exports.AssumeRoleWithWebIdentityRequest$, () => exports.AssumeRoleWithWebIdentityResponse$
];
exports.AssumeRoot$ = [9, n0, _ARs,
0, () => exports.AssumeRootRequest$, () => exports.AssumeRootResponse$
];
exports.DecodeAuthorizationMessage$ = [9, n0, _DAM,
0, () => exports.DecodeAuthorizationMessageRequest$, () => exports.DecodeAuthorizationMessageResponse$
];
exports.GetAccessKeyInfo$ = [9, n0, _GAKI,
0, () => exports.GetAccessKeyInfoRequest$, () => exports.GetAccessKeyInfoResponse$
];
exports.GetCallerIdentity$ = [9, n0, _GCI,
0, () => exports.GetCallerIdentityRequest$, () => exports.GetCallerIdentityResponse$
];
exports.GetDelegatedAccessToken$ = [9, n0, _GDAT,
0, () => exports.GetDelegatedAccessTokenRequest$, () => exports.GetDelegatedAccessTokenResponse$
];
exports.GetFederationToken$ = [9, n0, _GFT,
0, () => exports.GetFederationTokenRequest$, () => exports.GetFederationTokenResponse$
];
exports.GetSessionToken$ = [9, n0, _GST,
0, () => exports.GetSessionTokenRequest$, () => exports.GetSessionTokenResponse$
];
exports.GetWebIdentityToken$ = [9, n0, _GWIT,
0, () => exports.GetWebIdentityTokenRequest$, () => exports.GetWebIdentityTokenResponse$
];

View File

@@ -0,0 +1,29 @@
import { createAggregatedClient } from "@smithy/smithy-client";
import { AssumeRoleCommand, } from "./commands/AssumeRoleCommand";
import { AssumeRoleWithSAMLCommand, } from "./commands/AssumeRoleWithSAMLCommand";
import { AssumeRoleWithWebIdentityCommand, } from "./commands/AssumeRoleWithWebIdentityCommand";
import { AssumeRootCommand, } from "./commands/AssumeRootCommand";
import { DecodeAuthorizationMessageCommand, } from "./commands/DecodeAuthorizationMessageCommand";
import { GetAccessKeyInfoCommand, } from "./commands/GetAccessKeyInfoCommand";
import { GetCallerIdentityCommand, } from "./commands/GetCallerIdentityCommand";
import { GetDelegatedAccessTokenCommand, } from "./commands/GetDelegatedAccessTokenCommand";
import { GetFederationTokenCommand, } from "./commands/GetFederationTokenCommand";
import { GetSessionTokenCommand, } from "./commands/GetSessionTokenCommand";
import { GetWebIdentityTokenCommand, } from "./commands/GetWebIdentityTokenCommand";
import { STSClient } from "./STSClient";
const commands = {
AssumeRoleCommand,
AssumeRoleWithSAMLCommand,
AssumeRoleWithWebIdentityCommand,
AssumeRootCommand,
DecodeAuthorizationMessageCommand,
GetAccessKeyInfoCommand,
GetCallerIdentityCommand,
GetDelegatedAccessTokenCommand,
GetFederationTokenCommand,
GetSessionTokenCommand,
GetWebIdentityTokenCommand,
};
export class STS extends STSClient {
}
createAggregatedClient(commands, STS);

View File

@@ -0,0 +1,50 @@
import { getHostHeaderPlugin, resolveHostHeaderConfig, } from "@aws-sdk/middleware-host-header";
import { getLoggerPlugin } from "@aws-sdk/middleware-logger";
import { getRecursionDetectionPlugin } from "@aws-sdk/middleware-recursion-detection";
import { getUserAgentPlugin, resolveUserAgentConfig, } from "@aws-sdk/middleware-user-agent";
import { resolveRegionConfig } from "@smithy/config-resolver";
import { DefaultIdentityProviderConfig, getHttpAuthSchemeEndpointRuleSetPlugin, getHttpSigningPlugin, } from "@smithy/core";
import { getSchemaSerdePlugin } from "@smithy/core/schema";
import { getContentLengthPlugin } from "@smithy/middleware-content-length";
import { resolveEndpointConfig, } from "@smithy/middleware-endpoint";
import { getRetryPlugin, resolveRetryConfig, } from "@smithy/middleware-retry";
import { Client as __Client, } from "@smithy/smithy-client";
import { defaultSTSHttpAuthSchemeParametersProvider, resolveHttpAuthSchemeConfig, } from "./auth/httpAuthSchemeProvider";
import { resolveClientEndpointParameters, } from "./endpoint/EndpointParameters";
import { getRuntimeConfig as __getRuntimeConfig } from "./runtimeConfig";
import { resolveRuntimeExtensions } from "./runtimeExtensions";
export { __Client };
export class STSClient extends __Client {
config;
constructor(...[configuration]) {
const _config_0 = __getRuntimeConfig(configuration || {});
super(_config_0);
this.initConfig = _config_0;
const _config_1 = resolveClientEndpointParameters(_config_0);
const _config_2 = resolveUserAgentConfig(_config_1);
const _config_3 = resolveRetryConfig(_config_2);
const _config_4 = resolveRegionConfig(_config_3);
const _config_5 = resolveHostHeaderConfig(_config_4);
const _config_6 = resolveEndpointConfig(_config_5);
const _config_7 = resolveHttpAuthSchemeConfig(_config_6);
const _config_8 = resolveRuntimeExtensions(_config_7, configuration?.extensions || []);
this.config = _config_8;
this.middlewareStack.use(getSchemaSerdePlugin(this.config));
this.middlewareStack.use(getUserAgentPlugin(this.config));
this.middlewareStack.use(getRetryPlugin(this.config));
this.middlewareStack.use(getContentLengthPlugin(this.config));
this.middlewareStack.use(getHostHeaderPlugin(this.config));
this.middlewareStack.use(getLoggerPlugin(this.config));
this.middlewareStack.use(getRecursionDetectionPlugin(this.config));
this.middlewareStack.use(getHttpAuthSchemeEndpointRuleSetPlugin(this.config, {
httpAuthSchemeParametersProvider: defaultSTSHttpAuthSchemeParametersProvider,
identityProviderConfigProvider: async (config) => new DefaultIdentityProviderConfig({
"aws.auth#sigv4": config.credentials,
}),
}));
this.middlewareStack.use(getHttpSigningPlugin(this.config));
}
destroy() {
super.destroy();
}
}

View File

@@ -0,0 +1,38 @@
export const getHttpAuthExtensionConfiguration = (runtimeConfig) => {
const _httpAuthSchemes = runtimeConfig.httpAuthSchemes;
let _httpAuthSchemeProvider = runtimeConfig.httpAuthSchemeProvider;
let _credentials = runtimeConfig.credentials;
return {
setHttpAuthScheme(httpAuthScheme) {
const index = _httpAuthSchemes.findIndex((scheme) => scheme.schemeId === httpAuthScheme.schemeId);
if (index === -1) {
_httpAuthSchemes.push(httpAuthScheme);
}
else {
_httpAuthSchemes.splice(index, 1, httpAuthScheme);
}
},
httpAuthSchemes() {
return _httpAuthSchemes;
},
setHttpAuthSchemeProvider(httpAuthSchemeProvider) {
_httpAuthSchemeProvider = httpAuthSchemeProvider;
},
httpAuthSchemeProvider() {
return _httpAuthSchemeProvider;
},
setCredentials(credentials) {
_credentials = credentials;
},
credentials() {
return _credentials;
},
};
};
export const resolveHttpAuthRuntimeConfig = (config) => {
return {
httpAuthSchemes: config.httpAuthSchemes(),
httpAuthSchemeProvider: config.httpAuthSchemeProvider(),
credentials: config.credentials(),
};
};

View File

@@ -0,0 +1,62 @@
import { resolveAwsSdkSigV4Config, } from "@aws-sdk/core/httpAuthSchemes";
import { getSmithyContext, normalizeProvider } from "@smithy/util-middleware";
import { STSClient } from "../STSClient";
export const defaultSTSHttpAuthSchemeParametersProvider = async (config, context, input) => {
return {
operation: getSmithyContext(context).operation,
region: await normalizeProvider(config.region)() || (() => {
throw new Error("expected `region` to be configured for `aws.auth#sigv4`");
})(),
};
};
function createAwsAuthSigv4HttpAuthOption(authParameters) {
return {
schemeId: "aws.auth#sigv4",
signingProperties: {
name: "sts",
region: authParameters.region,
},
propertiesExtractor: (config, context) => ({
signingProperties: {
config,
context,
},
}),
};
}
function createSmithyApiNoAuthHttpAuthOption(authParameters) {
return {
schemeId: "smithy.api#noAuth",
};
}
export const defaultSTSHttpAuthSchemeProvider = (authParameters) => {
const options = [];
switch (authParameters.operation) {
case "AssumeRoleWithSAML":
{
options.push(createSmithyApiNoAuthHttpAuthOption(authParameters));
break;
}
;
case "AssumeRoleWithWebIdentity":
{
options.push(createSmithyApiNoAuthHttpAuthOption(authParameters));
break;
}
;
default: {
options.push(createAwsAuthSigv4HttpAuthOption(authParameters));
}
}
return options;
};
export const resolveStsAuthConfig = (input) => Object.assign(input, {
stsClientCtor: STSClient,
});
export const resolveHttpAuthSchemeConfig = (config) => {
const config_0 = resolveStsAuthConfig(config);
const config_1 = resolveAwsSdkSigV4Config(config_0);
return Object.assign(config_1, {
authSchemePreference: normalizeProvider(config.authSchemePreference ?? []),
});
};

View File

@@ -0,0 +1,16 @@
import { getEndpointPlugin } from "@smithy/middleware-endpoint";
import { Command as $Command } from "@smithy/smithy-client";
import { commonParams } from "../endpoint/EndpointParameters";
import { AssumeRole$ } from "../schemas/schemas_0";
export { $Command };
export class AssumeRoleCommand extends $Command
.classBuilder()
.ep(commonParams)
.m(function (Command, cs, config, o) {
return [getEndpointPlugin(config, Command.getEndpointParameterInstructions())];
})
.s("AWSSecurityTokenServiceV20110615", "AssumeRole", {})
.n("STSClient", "AssumeRoleCommand")
.sc(AssumeRole$)
.build() {
}

View File

@@ -0,0 +1,16 @@
import { getEndpointPlugin } from "@smithy/middleware-endpoint";
import { Command as $Command } from "@smithy/smithy-client";
import { commonParams } from "../endpoint/EndpointParameters";
import { AssumeRoleWithSAML$ } from "../schemas/schemas_0";
export { $Command };
export class AssumeRoleWithSAMLCommand extends $Command
.classBuilder()
.ep(commonParams)
.m(function (Command, cs, config, o) {
return [getEndpointPlugin(config, Command.getEndpointParameterInstructions())];
})
.s("AWSSecurityTokenServiceV20110615", "AssumeRoleWithSAML", {})
.n("STSClient", "AssumeRoleWithSAMLCommand")
.sc(AssumeRoleWithSAML$)
.build() {
}

View File

@@ -0,0 +1,16 @@
import { getEndpointPlugin } from "@smithy/middleware-endpoint";
import { Command as $Command } from "@smithy/smithy-client";
import { commonParams } from "../endpoint/EndpointParameters";
import { AssumeRoleWithWebIdentity$ } from "../schemas/schemas_0";
export { $Command };
export class AssumeRoleWithWebIdentityCommand extends $Command
.classBuilder()
.ep(commonParams)
.m(function (Command, cs, config, o) {
return [getEndpointPlugin(config, Command.getEndpointParameterInstructions())];
})
.s("AWSSecurityTokenServiceV20110615", "AssumeRoleWithWebIdentity", {})
.n("STSClient", "AssumeRoleWithWebIdentityCommand")
.sc(AssumeRoleWithWebIdentity$)
.build() {
}

View File

@@ -0,0 +1,16 @@
import { getEndpointPlugin } from "@smithy/middleware-endpoint";
import { Command as $Command } from "@smithy/smithy-client";
import { commonParams } from "../endpoint/EndpointParameters";
import { AssumeRoot$ } from "../schemas/schemas_0";
export { $Command };
export class AssumeRootCommand extends $Command
.classBuilder()
.ep(commonParams)
.m(function (Command, cs, config, o) {
return [getEndpointPlugin(config, Command.getEndpointParameterInstructions())];
})
.s("AWSSecurityTokenServiceV20110615", "AssumeRoot", {})
.n("STSClient", "AssumeRootCommand")
.sc(AssumeRoot$)
.build() {
}

View File

@@ -0,0 +1,16 @@
import { getEndpointPlugin } from "@smithy/middleware-endpoint";
import { Command as $Command } from "@smithy/smithy-client";
import { commonParams } from "../endpoint/EndpointParameters";
import { DecodeAuthorizationMessage$ } from "../schemas/schemas_0";
export { $Command };
export class DecodeAuthorizationMessageCommand extends $Command
.classBuilder()
.ep(commonParams)
.m(function (Command, cs, config, o) {
return [getEndpointPlugin(config, Command.getEndpointParameterInstructions())];
})
.s("AWSSecurityTokenServiceV20110615", "DecodeAuthorizationMessage", {})
.n("STSClient", "DecodeAuthorizationMessageCommand")
.sc(DecodeAuthorizationMessage$)
.build() {
}

View File

@@ -0,0 +1,16 @@
import { getEndpointPlugin } from "@smithy/middleware-endpoint";
import { Command as $Command } from "@smithy/smithy-client";
import { commonParams } from "../endpoint/EndpointParameters";
import { GetAccessKeyInfo$ } from "../schemas/schemas_0";
export { $Command };
export class GetAccessKeyInfoCommand extends $Command
.classBuilder()
.ep(commonParams)
.m(function (Command, cs, config, o) {
return [getEndpointPlugin(config, Command.getEndpointParameterInstructions())];
})
.s("AWSSecurityTokenServiceV20110615", "GetAccessKeyInfo", {})
.n("STSClient", "GetAccessKeyInfoCommand")
.sc(GetAccessKeyInfo$)
.build() {
}

View File

@@ -0,0 +1,16 @@
import { getEndpointPlugin } from "@smithy/middleware-endpoint";
import { Command as $Command } from "@smithy/smithy-client";
import { commonParams } from "../endpoint/EndpointParameters";
import { GetCallerIdentity$ } from "../schemas/schemas_0";
export { $Command };
export class GetCallerIdentityCommand extends $Command
.classBuilder()
.ep(commonParams)
.m(function (Command, cs, config, o) {
return [getEndpointPlugin(config, Command.getEndpointParameterInstructions())];
})
.s("AWSSecurityTokenServiceV20110615", "GetCallerIdentity", {})
.n("STSClient", "GetCallerIdentityCommand")
.sc(GetCallerIdentity$)
.build() {
}

View File

@@ -0,0 +1,16 @@
import { getEndpointPlugin } from "@smithy/middleware-endpoint";
import { Command as $Command } from "@smithy/smithy-client";
import { commonParams } from "../endpoint/EndpointParameters";
import { GetDelegatedAccessToken$ } from "../schemas/schemas_0";
export { $Command };
export class GetDelegatedAccessTokenCommand extends $Command
.classBuilder()
.ep(commonParams)
.m(function (Command, cs, config, o) {
return [getEndpointPlugin(config, Command.getEndpointParameterInstructions())];
})
.s("AWSSecurityTokenServiceV20110615", "GetDelegatedAccessToken", {})
.n("STSClient", "GetDelegatedAccessTokenCommand")
.sc(GetDelegatedAccessToken$)
.build() {
}

View File

@@ -0,0 +1,16 @@
import { getEndpointPlugin } from "@smithy/middleware-endpoint";
import { Command as $Command } from "@smithy/smithy-client";
import { commonParams } from "../endpoint/EndpointParameters";
import { GetFederationToken$ } from "../schemas/schemas_0";
export { $Command };
export class GetFederationTokenCommand extends $Command
.classBuilder()
.ep(commonParams)
.m(function (Command, cs, config, o) {
return [getEndpointPlugin(config, Command.getEndpointParameterInstructions())];
})
.s("AWSSecurityTokenServiceV20110615", "GetFederationToken", {})
.n("STSClient", "GetFederationTokenCommand")
.sc(GetFederationToken$)
.build() {
}

View File

@@ -0,0 +1,16 @@
import { getEndpointPlugin } from "@smithy/middleware-endpoint";
import { Command as $Command } from "@smithy/smithy-client";
import { commonParams } from "../endpoint/EndpointParameters";
import { GetSessionToken$ } from "../schemas/schemas_0";
export { $Command };
export class GetSessionTokenCommand extends $Command
.classBuilder()
.ep(commonParams)
.m(function (Command, cs, config, o) {
return [getEndpointPlugin(config, Command.getEndpointParameterInstructions())];
})
.s("AWSSecurityTokenServiceV20110615", "GetSessionToken", {})
.n("STSClient", "GetSessionTokenCommand")
.sc(GetSessionToken$)
.build() {
}

View File

@@ -0,0 +1,16 @@
import { getEndpointPlugin } from "@smithy/middleware-endpoint";
import { Command as $Command } from "@smithy/smithy-client";
import { commonParams } from "../endpoint/EndpointParameters";
import { GetWebIdentityToken$ } from "../schemas/schemas_0";
export { $Command };
export class GetWebIdentityTokenCommand extends $Command
.classBuilder()
.ep(commonParams)
.m(function (Command, cs, config, o) {
return [getEndpointPlugin(config, Command.getEndpointParameterInstructions())];
})
.s("AWSSecurityTokenServiceV20110615", "GetWebIdentityToken", {})
.n("STSClient", "GetWebIdentityTokenCommand")
.sc(GetWebIdentityToken$)
.build() {
}

View File

@@ -0,0 +1,11 @@
export * from "./AssumeRoleCommand";
export * from "./AssumeRoleWithSAMLCommand";
export * from "./AssumeRoleWithWebIdentityCommand";
export * from "./AssumeRootCommand";
export * from "./DecodeAuthorizationMessageCommand";
export * from "./GetAccessKeyInfoCommand";
export * from "./GetCallerIdentityCommand";
export * from "./GetDelegatedAccessTokenCommand";
export * from "./GetFederationTokenCommand";
export * from "./GetSessionTokenCommand";
export * from "./GetWebIdentityTokenCommand";

View File

@@ -0,0 +1,22 @@
import { getDefaultRoleAssumer as StsGetDefaultRoleAssumer, getDefaultRoleAssumerWithWebIdentity as StsGetDefaultRoleAssumerWithWebIdentity, } from "./defaultStsRoleAssumers";
import { STSClient } from "./STSClient";
const getCustomizableStsClientCtor = (baseCtor, customizations) => {
if (!customizations)
return baseCtor;
else
return class CustomizableSTSClient extends baseCtor {
constructor(config) {
super(config);
for (const customization of customizations) {
this.middlewareStack.use(customization);
}
}
};
};
export const getDefaultRoleAssumer = (stsOptions = {}, stsPlugins) => StsGetDefaultRoleAssumer(stsOptions, getCustomizableStsClientCtor(STSClient, stsPlugins));
export const getDefaultRoleAssumerWithWebIdentity = (stsOptions = {}, stsPlugins) => StsGetDefaultRoleAssumerWithWebIdentity(stsOptions, getCustomizableStsClientCtor(STSClient, stsPlugins));
export const decorateDefaultCredentialProvider = (provider) => (input) => provider({
roleAssumer: getDefaultRoleAssumer(input),
roleAssumerWithWebIdentity: getDefaultRoleAssumerWithWebIdentity(input),
...input,
});

View File

@@ -0,0 +1,107 @@
import { setCredentialFeature } from "@aws-sdk/core/client";
import { stsRegionDefaultResolver } from "@aws-sdk/region-config-resolver";
import { AssumeRoleCommand } from "./commands/AssumeRoleCommand";
import { AssumeRoleWithWebIdentityCommand, } from "./commands/AssumeRoleWithWebIdentityCommand";
const getAccountIdFromAssumedRoleUser = (assumedRoleUser) => {
if (typeof assumedRoleUser?.Arn === "string") {
const arnComponents = assumedRoleUser.Arn.split(":");
if (arnComponents.length > 4 && arnComponents[4] !== "") {
return arnComponents[4];
}
}
return undefined;
};
const resolveRegion = async (_region, _parentRegion, credentialProviderLogger, loaderConfig = {}) => {
const region = typeof _region === "function" ? await _region() : _region;
const parentRegion = typeof _parentRegion === "function" ? await _parentRegion() : _parentRegion;
let stsDefaultRegion = "";
const resolvedRegion = region ?? parentRegion ?? (stsDefaultRegion = await stsRegionDefaultResolver(loaderConfig)());
credentialProviderLogger?.debug?.("@aws-sdk/client-sts::resolveRegion", "accepting first of:", `${region} (credential provider clientConfig)`, `${parentRegion} (contextual client)`, `${stsDefaultRegion} (STS default: AWS_REGION, profile region, or us-east-1)`);
return resolvedRegion;
};
export const getDefaultRoleAssumer = (stsOptions, STSClient) => {
let stsClient;
let closureSourceCreds;
return async (sourceCreds, params) => {
closureSourceCreds = sourceCreds;
if (!stsClient) {
const { logger = stsOptions?.parentClientConfig?.logger, profile = stsOptions?.parentClientConfig?.profile, region, requestHandler = stsOptions?.parentClientConfig?.requestHandler, credentialProviderLogger, userAgentAppId = stsOptions?.parentClientConfig?.userAgentAppId, } = stsOptions;
const resolvedRegion = await resolveRegion(region, stsOptions?.parentClientConfig?.region, credentialProviderLogger, {
logger,
profile,
});
const isCompatibleRequestHandler = !isH2(requestHandler);
stsClient = new STSClient({
...stsOptions,
userAgentAppId,
profile,
credentialDefaultProvider: () => async () => closureSourceCreds,
region: resolvedRegion,
requestHandler: isCompatibleRequestHandler ? requestHandler : undefined,
logger: logger,
});
}
const { Credentials, AssumedRoleUser } = await stsClient.send(new AssumeRoleCommand(params));
if (!Credentials || !Credentials.AccessKeyId || !Credentials.SecretAccessKey) {
throw new Error(`Invalid response from STS.assumeRole call with role ${params.RoleArn}`);
}
const accountId = getAccountIdFromAssumedRoleUser(AssumedRoleUser);
const credentials = {
accessKeyId: Credentials.AccessKeyId,
secretAccessKey: Credentials.SecretAccessKey,
sessionToken: Credentials.SessionToken,
expiration: Credentials.Expiration,
...(Credentials.CredentialScope && { credentialScope: Credentials.CredentialScope }),
...(accountId && { accountId }),
};
setCredentialFeature(credentials, "CREDENTIALS_STS_ASSUME_ROLE", "i");
return credentials;
};
};
export const getDefaultRoleAssumerWithWebIdentity = (stsOptions, STSClient) => {
let stsClient;
return async (params) => {
if (!stsClient) {
const { logger = stsOptions?.parentClientConfig?.logger, profile = stsOptions?.parentClientConfig?.profile, region, requestHandler = stsOptions?.parentClientConfig?.requestHandler, credentialProviderLogger, userAgentAppId = stsOptions?.parentClientConfig?.userAgentAppId, } = stsOptions;
const resolvedRegion = await resolveRegion(region, stsOptions?.parentClientConfig?.region, credentialProviderLogger, {
logger,
profile,
});
const isCompatibleRequestHandler = !isH2(requestHandler);
stsClient = new STSClient({
...stsOptions,
userAgentAppId,
profile,
region: resolvedRegion,
requestHandler: isCompatibleRequestHandler ? requestHandler : undefined,
logger: logger,
});
}
const { Credentials, AssumedRoleUser } = await stsClient.send(new AssumeRoleWithWebIdentityCommand(params));
if (!Credentials || !Credentials.AccessKeyId || !Credentials.SecretAccessKey) {
throw new Error(`Invalid response from STS.assumeRoleWithWebIdentity call with role ${params.RoleArn}`);
}
const accountId = getAccountIdFromAssumedRoleUser(AssumedRoleUser);
const credentials = {
accessKeyId: Credentials.AccessKeyId,
secretAccessKey: Credentials.SecretAccessKey,
sessionToken: Credentials.SessionToken,
expiration: Credentials.Expiration,
...(Credentials.CredentialScope && { credentialScope: Credentials.CredentialScope }),
...(accountId && { accountId }),
};
if (accountId) {
setCredentialFeature(credentials, "RESOLVED_ACCOUNT_ID", "T");
}
setCredentialFeature(credentials, "CREDENTIALS_STS_ASSUME_ROLE_WEB_ID", "k");
return credentials;
};
};
export const decorateDefaultCredentialProvider = (provider) => (input) => provider({
roleAssumer: getDefaultRoleAssumer(input, input.stsClientCtor),
roleAssumerWithWebIdentity: getDefaultRoleAssumerWithWebIdentity(input, input.stsClientCtor),
...input,
});
const isH2 = (requestHandler) => {
return requestHandler?.metadata?.handlerProtocol === "h2";
};

View File

@@ -0,0 +1,15 @@
export const resolveClientEndpointParameters = (options) => {
return Object.assign(options, {
useDualstackEndpoint: options.useDualstackEndpoint ?? false,
useFipsEndpoint: options.useFipsEndpoint ?? false,
useGlobalEndpoint: options.useGlobalEndpoint ?? false,
defaultSigningName: "sts",
});
};
export const commonParams = {
UseGlobalEndpoint: { type: "builtInParams", name: "useGlobalEndpoint" },
UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" },
Endpoint: { type: "builtInParams", name: "endpoint" },
Region: { type: "builtInParams", name: "region" },
UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" },
};

View File

@@ -0,0 +1,14 @@
import { awsEndpointFunctions } from "@aws-sdk/util-endpoints";
import { customEndpointFunctions, EndpointCache, resolveEndpoint } from "@smithy/util-endpoints";
import { ruleSet } from "./ruleset";
const cache = new EndpointCache({
size: 50,
params: ["Endpoint", "Region", "UseDualStack", "UseFIPS", "UseGlobalEndpoint"],
});
export const defaultEndpointResolver = (endpointParams, context = {}) => {
return cache.get(endpointParams, () => resolveEndpoint(ruleSet, {
endpointParams: endpointParams,
logger: context.logger,
}));
};
customEndpointFunctions.aws = awsEndpointFunctions;

View File

@@ -0,0 +1,4 @@
const F = "required", G = "type", H = "fn", I = "argv", J = "ref";
const a = false, b = true, c = "booleanEquals", d = "stringEquals", e = "sigv4", f = "sts", g = "us-east-1", h = "endpoint", i = "https://sts.{Region}.{PartitionResult#dnsSuffix}", j = "tree", k = "error", l = "getAttr", m = { [F]: false, [G]: "string" }, n = { [F]: true, "default": false, [G]: "boolean" }, o = { [J]: "Endpoint" }, p = { [H]: "isSet", [I]: [{ [J]: "Region" }] }, q = { [J]: "Region" }, r = { [H]: "aws.partition", [I]: [q], "assign": "PartitionResult" }, s = { [J]: "UseFIPS" }, t = { [J]: "UseDualStack" }, u = { "url": "https://sts.amazonaws.com", "properties": { "authSchemes": [{ "name": e, "signingName": f, "signingRegion": g }] }, "headers": {} }, v = {}, w = { "conditions": [{ [H]: d, [I]: [q, "aws-global"] }], [h]: u, [G]: h }, x = { [H]: c, [I]: [s, true] }, y = { [H]: c, [I]: [t, true] }, z = { [H]: l, [I]: [{ [J]: "PartitionResult" }, "supportsFIPS"] }, A = { [J]: "PartitionResult" }, B = { [H]: c, [I]: [true, { [H]: l, [I]: [A, "supportsDualStack"] }] }, C = [{ [H]: "isSet", [I]: [o] }], D = [x], E = [y];
const _data = { version: "1.0", parameters: { Region: m, UseDualStack: n, UseFIPS: n, Endpoint: m, UseGlobalEndpoint: n }, rules: [{ conditions: [{ [H]: c, [I]: [{ [J]: "UseGlobalEndpoint" }, b] }, { [H]: "not", [I]: C }, p, r, { [H]: c, [I]: [s, a] }, { [H]: c, [I]: [t, a] }], rules: [{ conditions: [{ [H]: d, [I]: [q, "ap-northeast-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "ap-south-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "ap-southeast-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "ap-southeast-2"] }], endpoint: u, [G]: h }, w, { conditions: [{ [H]: d, [I]: [q, "ca-central-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-central-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-north-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-west-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-west-2"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "eu-west-3"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "sa-east-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, g] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "us-east-2"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "us-west-1"] }], endpoint: u, [G]: h }, { conditions: [{ [H]: d, [I]: [q, "us-west-2"] }], endpoint: u, [G]: h }, { endpoint: { url: i, properties: { authSchemes: [{ name: e, signingName: f, signingRegion: "{Region}" }] }, headers: v }, [G]: h }], [G]: j }, { conditions: C, rules: [{ conditions: D, error: "Invalid Configuration: FIPS and custom endpoint are not supported", [G]: k }, { conditions: E, error: "Invalid Configuration: Dualstack and custom endpoint are not supported", [G]: k }, { endpoint: { url: o, properties: v, headers: v }, [G]: h }], [G]: j }, { conditions: [p], rules: [{ conditions: [r], rules: [{ conditions: [x, y], rules: [{ conditions: [{ [H]: c, [I]: [b, z] }, B], rules: [{ endpoint: { url: "https://sts-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: v, headers: v }, [G]: h }], [G]: j }, { error: "FIPS and DualStack are enabled, but this partition does not support one or both", [G]: k }], [G]: j }, { conditions: D, rules: [{ conditions: [{ [H]: c, [I]: [z, b] }], rules: [{ conditions: [{ [H]: d, [I]: [{ [H]: l, [I]: [A, "name"] }, "aws-us-gov"] }], endpoint: { url: "https://sts.{Region}.amazonaws.com", properties: v, headers: v }, [G]: h }, { endpoint: { url: "https://sts-fips.{Region}.{PartitionResult#dnsSuffix}", properties: v, headers: v }, [G]: h }], [G]: j }, { error: "FIPS is enabled but this partition does not support FIPS", [G]: k }], [G]: j }, { conditions: E, rules: [{ conditions: [B], rules: [{ endpoint: { url: "https://sts.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: v, headers: v }, [G]: h }], [G]: j }, { error: "DualStack is enabled but this partition does not support DualStack", [G]: k }], [G]: j }, w, { endpoint: { url: i, properties: v, headers: v }, [G]: h }], [G]: j }], [G]: j }, { error: "Invalid Configuration: Missing Region", [G]: k }] };
export const ruleSet = _data;

View File

@@ -0,0 +1,8 @@
export * from "./STSClient";
export * from "./STS";
export * from "./commands";
export * from "./schemas/schemas_0";
export * from "./models/errors";
export * from "./models/models_0";
export * from "./defaultRoleAssumers";
export { STSServiceException } from "./models/STSServiceException";

View File

@@ -0,0 +1,8 @@
import { ServiceException as __ServiceException, } from "@smithy/smithy-client";
export { __ServiceException };
export class STSServiceException extends __ServiceException {
constructor(options) {
super(options);
Object.setPrototypeOf(this, STSServiceException.prototype);
}
}

View File

@@ -0,0 +1,145 @@
import { STSServiceException as __BaseException } from "./STSServiceException";
export class ExpiredTokenException extends __BaseException {
name = "ExpiredTokenException";
$fault = "client";
constructor(opts) {
super({
name: "ExpiredTokenException",
$fault: "client",
...opts,
});
Object.setPrototypeOf(this, ExpiredTokenException.prototype);
}
}
export class MalformedPolicyDocumentException extends __BaseException {
name = "MalformedPolicyDocumentException";
$fault = "client";
constructor(opts) {
super({
name: "MalformedPolicyDocumentException",
$fault: "client",
...opts,
});
Object.setPrototypeOf(this, MalformedPolicyDocumentException.prototype);
}
}
export class PackedPolicyTooLargeException extends __BaseException {
name = "PackedPolicyTooLargeException";
$fault = "client";
constructor(opts) {
super({
name: "PackedPolicyTooLargeException",
$fault: "client",
...opts,
});
Object.setPrototypeOf(this, PackedPolicyTooLargeException.prototype);
}
}
export class RegionDisabledException extends __BaseException {
name = "RegionDisabledException";
$fault = "client";
constructor(opts) {
super({
name: "RegionDisabledException",
$fault: "client",
...opts,
});
Object.setPrototypeOf(this, RegionDisabledException.prototype);
}
}
export class IDPRejectedClaimException extends __BaseException {
name = "IDPRejectedClaimException";
$fault = "client";
constructor(opts) {
super({
name: "IDPRejectedClaimException",
$fault: "client",
...opts,
});
Object.setPrototypeOf(this, IDPRejectedClaimException.prototype);
}
}
export class InvalidIdentityTokenException extends __BaseException {
name = "InvalidIdentityTokenException";
$fault = "client";
constructor(opts) {
super({
name: "InvalidIdentityTokenException",
$fault: "client",
...opts,
});
Object.setPrototypeOf(this, InvalidIdentityTokenException.prototype);
}
}
export class IDPCommunicationErrorException extends __BaseException {
name = "IDPCommunicationErrorException";
$fault = "client";
constructor(opts) {
super({
name: "IDPCommunicationErrorException",
$fault: "client",
...opts,
});
Object.setPrototypeOf(this, IDPCommunicationErrorException.prototype);
}
}
export class InvalidAuthorizationMessageException extends __BaseException {
name = "InvalidAuthorizationMessageException";
$fault = "client";
constructor(opts) {
super({
name: "InvalidAuthorizationMessageException",
$fault: "client",
...opts,
});
Object.setPrototypeOf(this, InvalidAuthorizationMessageException.prototype);
}
}
export class ExpiredTradeInTokenException extends __BaseException {
name = "ExpiredTradeInTokenException";
$fault = "client";
constructor(opts) {
super({
name: "ExpiredTradeInTokenException",
$fault: "client",
...opts,
});
Object.setPrototypeOf(this, ExpiredTradeInTokenException.prototype);
}
}
export class JWTPayloadSizeExceededException extends __BaseException {
name = "JWTPayloadSizeExceededException";
$fault = "client";
constructor(opts) {
super({
name: "JWTPayloadSizeExceededException",
$fault: "client",
...opts,
});
Object.setPrototypeOf(this, JWTPayloadSizeExceededException.prototype);
}
}
export class OutboundWebIdentityFederationDisabledException extends __BaseException {
name = "OutboundWebIdentityFederationDisabledException";
$fault = "client";
constructor(opts) {
super({
name: "OutboundWebIdentityFederationDisabledException",
$fault: "client",
...opts,
});
Object.setPrototypeOf(this, OutboundWebIdentityFederationDisabledException.prototype);
}
}
export class SessionDurationEscalationException extends __BaseException {
name = "SessionDurationEscalationException";
$fault = "client";
constructor(opts) {
super({
name: "SessionDurationEscalationException",
$fault: "client",
...opts,
});
Object.setPrototypeOf(this, SessionDurationEscalationException.prototype);
}
}

View File

@@ -0,0 +1,33 @@
import packageInfo from "../package.json";
import { Sha256 } from "@aws-crypto/sha256-browser";
import { createDefaultUserAgentProvider } from "@aws-sdk/util-user-agent-browser";
import { DEFAULT_USE_DUALSTACK_ENDPOINT, DEFAULT_USE_FIPS_ENDPOINT } from "@smithy/config-resolver";
import { FetchHttpHandler as RequestHandler, streamCollector } from "@smithy/fetch-http-handler";
import { invalidProvider } from "@smithy/invalid-dependency";
import { loadConfigsForDefaultMode } from "@smithy/smithy-client";
import { calculateBodyLength } from "@smithy/util-body-length-browser";
import { resolveDefaultsModeConfig } from "@smithy/util-defaults-mode-browser";
import { DEFAULT_MAX_ATTEMPTS, DEFAULT_RETRY_MODE } from "@smithy/util-retry";
import { getRuntimeConfig as getSharedRuntimeConfig } from "./runtimeConfig.shared";
export const getRuntimeConfig = (config) => {
const defaultsMode = resolveDefaultsModeConfig(config);
const defaultConfigProvider = () => defaultsMode().then(loadConfigsForDefaultMode);
const clientSharedValues = getSharedRuntimeConfig(config);
return {
...clientSharedValues,
...config,
runtime: "browser",
defaultsMode,
bodyLengthChecker: config?.bodyLengthChecker ?? calculateBodyLength,
credentialDefaultProvider: config?.credentialDefaultProvider ?? ((_) => () => Promise.reject(new Error("Credential is missing"))),
defaultUserAgentProvider: config?.defaultUserAgentProvider ?? createDefaultUserAgentProvider({ serviceId: clientSharedValues.serviceId, clientVersion: packageInfo.version }),
maxAttempts: config?.maxAttempts ?? DEFAULT_MAX_ATTEMPTS,
region: config?.region ?? invalidProvider("Region is missing"),
requestHandler: RequestHandler.create(config?.requestHandler ?? defaultConfigProvider),
retryMode: config?.retryMode ?? (async () => (await defaultConfigProvider()).retryMode || DEFAULT_RETRY_MODE),
sha256: config?.sha256 ?? Sha256,
streamCollector: config?.streamCollector ?? streamCollector,
useDualstackEndpoint: config?.useDualstackEndpoint ?? (() => Promise.resolve(DEFAULT_USE_DUALSTACK_ENDPOINT)),
useFipsEndpoint: config?.useFipsEndpoint ?? (() => Promise.resolve(DEFAULT_USE_FIPS_ENDPOINT)),
};
};

View File

@@ -0,0 +1,62 @@
import packageInfo from "../package.json";
import { emitWarningIfUnsupportedVersion as awsCheckVersion } from "@aws-sdk/core/client";
import { AwsSdkSigV4Signer, NODE_AUTH_SCHEME_PREFERENCE_OPTIONS } from "@aws-sdk/core/httpAuthSchemes";
import { defaultProvider as credentialDefaultProvider } from "@aws-sdk/credential-provider-node";
import { createDefaultUserAgentProvider, NODE_APP_ID_CONFIG_OPTIONS } from "@aws-sdk/util-user-agent-node";
import { NODE_REGION_CONFIG_FILE_OPTIONS, NODE_REGION_CONFIG_OPTIONS, NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS, NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS, } from "@smithy/config-resolver";
import { NoAuthSigner } from "@smithy/core";
import { Hash } from "@smithy/hash-node";
import { NODE_MAX_ATTEMPT_CONFIG_OPTIONS, NODE_RETRY_MODE_CONFIG_OPTIONS } from "@smithy/middleware-retry";
import { loadConfig as loadNodeConfig } from "@smithy/node-config-provider";
import { NodeHttpHandler as RequestHandler, streamCollector } from "@smithy/node-http-handler";
import { emitWarningIfUnsupportedVersion, loadConfigsForDefaultMode } from "@smithy/smithy-client";
import { calculateBodyLength } from "@smithy/util-body-length-node";
import { resolveDefaultsModeConfig } from "@smithy/util-defaults-mode-node";
import { DEFAULT_RETRY_MODE } from "@smithy/util-retry";
import { getRuntimeConfig as getSharedRuntimeConfig } from "./runtimeConfig.shared";
export const getRuntimeConfig = (config) => {
emitWarningIfUnsupportedVersion(process.version);
const defaultsMode = resolveDefaultsModeConfig(config);
const defaultConfigProvider = () => defaultsMode().then(loadConfigsForDefaultMode);
const clientSharedValues = getSharedRuntimeConfig(config);
awsCheckVersion(process.version);
const loaderConfig = {
profile: config?.profile,
logger: clientSharedValues.logger,
};
return {
...clientSharedValues,
...config,
runtime: "node",
defaultsMode,
authSchemePreference: config?.authSchemePreference ?? loadNodeConfig(NODE_AUTH_SCHEME_PREFERENCE_OPTIONS, loaderConfig),
bodyLengthChecker: config?.bodyLengthChecker ?? calculateBodyLength,
credentialDefaultProvider: config?.credentialDefaultProvider ?? credentialDefaultProvider,
defaultUserAgentProvider: config?.defaultUserAgentProvider ?? createDefaultUserAgentProvider({ serviceId: clientSharedValues.serviceId, clientVersion: packageInfo.version }),
httpAuthSchemes: config?.httpAuthSchemes ?? [
{
schemeId: "aws.auth#sigv4",
identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4") || (async (idProps) => await credentialDefaultProvider(idProps?.__config || {})()),
signer: new AwsSdkSigV4Signer(),
},
{
schemeId: "smithy.api#noAuth",
identityProvider: (ipc) => ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})),
signer: new NoAuthSigner(),
},
],
maxAttempts: config?.maxAttempts ?? loadNodeConfig(NODE_MAX_ATTEMPT_CONFIG_OPTIONS, config),
region: config?.region ?? loadNodeConfig(NODE_REGION_CONFIG_OPTIONS, { ...NODE_REGION_CONFIG_FILE_OPTIONS, ...loaderConfig }),
requestHandler: RequestHandler.create(config?.requestHandler ?? defaultConfigProvider),
retryMode: config?.retryMode ??
loadNodeConfig({
...NODE_RETRY_MODE_CONFIG_OPTIONS,
default: async () => (await defaultConfigProvider()).retryMode || DEFAULT_RETRY_MODE,
}, config),
sha256: config?.sha256 ?? Hash.bind(null, "sha256"),
streamCollector: config?.streamCollector ?? streamCollector,
useDualstackEndpoint: config?.useDualstackEndpoint ?? loadNodeConfig(NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS, loaderConfig),
useFipsEndpoint: config?.useFipsEndpoint ?? loadNodeConfig(NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS, loaderConfig),
userAgentAppId: config?.userAgentAppId ?? loadNodeConfig(NODE_APP_ID_CONFIG_OPTIONS, loaderConfig),
};
};

View File

@@ -0,0 +1,11 @@
import { Sha256 } from "@aws-crypto/sha256-js";
import { getRuntimeConfig as getBrowserRuntimeConfig } from "./runtimeConfig.browser";
export const getRuntimeConfig = (config) => {
const browserDefaults = getBrowserRuntimeConfig(config);
return {
...browserDefaults,
...config,
runtime: "react-native",
sha256: config?.sha256 ?? Sha256,
};
};

View File

@@ -0,0 +1,46 @@
import { AwsSdkSigV4Signer } from "@aws-sdk/core/httpAuthSchemes";
import { AwsQueryProtocol } from "@aws-sdk/core/protocols";
import { NoAuthSigner } from "@smithy/core";
import { NoOpLogger } from "@smithy/smithy-client";
import { parseUrl } from "@smithy/url-parser";
import { fromBase64, toBase64 } from "@smithy/util-base64";
import { fromUtf8, toUtf8 } from "@smithy/util-utf8";
import { defaultSTSHttpAuthSchemeProvider } from "./auth/httpAuthSchemeProvider";
import { defaultEndpointResolver } from "./endpoint/endpointResolver";
import { errorTypeRegistries } from "./schemas/schemas_0";
export const getRuntimeConfig = (config) => {
return {
apiVersion: "2011-06-15",
base64Decoder: config?.base64Decoder ?? fromBase64,
base64Encoder: config?.base64Encoder ?? toBase64,
disableHostPrefix: config?.disableHostPrefix ?? false,
endpointProvider: config?.endpointProvider ?? defaultEndpointResolver,
extensions: config?.extensions ?? [],
httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? defaultSTSHttpAuthSchemeProvider,
httpAuthSchemes: config?.httpAuthSchemes ?? [
{
schemeId: "aws.auth#sigv4",
identityProvider: (ipc) => ipc.getIdentityProvider("aws.auth#sigv4"),
signer: new AwsSdkSigV4Signer(),
},
{
schemeId: "smithy.api#noAuth",
identityProvider: (ipc) => ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})),
signer: new NoAuthSigner(),
},
],
logger: config?.logger ?? new NoOpLogger(),
protocol: config?.protocol ?? AwsQueryProtocol,
protocolSettings: config?.protocolSettings ?? {
defaultNamespace: "com.amazonaws.sts",
errorTypeRegistries,
xmlNamespace: "https://sts.amazonaws.com/doc/2011-06-15/",
version: "2011-06-15",
serviceTarget: "AWSSecurityTokenServiceV20110615",
},
serviceId: config?.serviceId ?? "STS",
urlParser: config?.urlParser ?? parseUrl,
utf8Decoder: config?.utf8Decoder ?? fromUtf8,
utf8Encoder: config?.utf8Encoder ?? toUtf8,
};
};

View File

@@ -0,0 +1,9 @@
import { getAwsRegionExtensionConfiguration, resolveAwsRegionExtensionConfiguration, } from "@aws-sdk/region-config-resolver";
import { getHttpHandlerExtensionConfiguration, resolveHttpHandlerRuntimeConfig } from "@smithy/protocol-http";
import { getDefaultExtensionConfiguration, resolveDefaultRuntimeConfig } from "@smithy/smithy-client";
import { getHttpAuthExtensionConfiguration, resolveHttpAuthRuntimeConfig } from "./auth/httpAuthExtensionConfiguration";
export const resolveRuntimeExtensions = (runtimeConfig, extensions) => {
const extensionConfiguration = Object.assign(getAwsRegionExtensionConfiguration(runtimeConfig), getDefaultExtensionConfiguration(runtimeConfig), getHttpHandlerExtensionConfiguration(runtimeConfig), getHttpAuthExtensionConfiguration(runtimeConfig));
extensions.forEach((extension) => extension.configure(extensionConfiguration));
return Object.assign(runtimeConfig, resolveAwsRegionExtensionConfiguration(extensionConfiguration), resolveDefaultRuntimeConfig(extensionConfiguration), resolveHttpHandlerRuntimeConfig(extensionConfiguration), resolveHttpAuthRuntimeConfig(extensionConfiguration));
};

View File

@@ -0,0 +1,384 @@
const _A = "Arn";
const _AKI = "AccessKeyId";
const _AP = "AssumedPrincipal";
const _AR = "AssumeRole";
const _ARI = "AssumedRoleId";
const _ARR = "AssumeRoleRequest";
const _ARRs = "AssumeRoleResponse";
const _ARRss = "AssumeRootRequest";
const _ARRssu = "AssumeRootResponse";
const _ARU = "AssumedRoleUser";
const _ARWSAML = "AssumeRoleWithSAML";
const _ARWSAMLR = "AssumeRoleWithSAMLRequest";
const _ARWSAMLRs = "AssumeRoleWithSAMLResponse";
const _ARWWI = "AssumeRoleWithWebIdentity";
const _ARWWIR = "AssumeRoleWithWebIdentityRequest";
const _ARWWIRs = "AssumeRoleWithWebIdentityResponse";
const _ARs = "AssumeRoot";
const _Ac = "Account";
const _Au = "Audience";
const _C = "Credentials";
const _CA = "ContextAssertion";
const _DAM = "DecodeAuthorizationMessage";
const _DAMR = "DecodeAuthorizationMessageRequest";
const _DAMRe = "DecodeAuthorizationMessageResponse";
const _DM = "DecodedMessage";
const _DS = "DurationSeconds";
const _E = "Expiration";
const _EI = "ExternalId";
const _EM = "EncodedMessage";
const _ETE = "ExpiredTokenException";
const _ETITE = "ExpiredTradeInTokenException";
const _FU = "FederatedUser";
const _FUI = "FederatedUserId";
const _GAKI = "GetAccessKeyInfo";
const _GAKIR = "GetAccessKeyInfoRequest";
const _GAKIRe = "GetAccessKeyInfoResponse";
const _GCI = "GetCallerIdentity";
const _GCIR = "GetCallerIdentityRequest";
const _GCIRe = "GetCallerIdentityResponse";
const _GDAT = "GetDelegatedAccessToken";
const _GDATR = "GetDelegatedAccessTokenRequest";
const _GDATRe = "GetDelegatedAccessTokenResponse";
const _GFT = "GetFederationToken";
const _GFTR = "GetFederationTokenRequest";
const _GFTRe = "GetFederationTokenResponse";
const _GST = "GetSessionToken";
const _GSTR = "GetSessionTokenRequest";
const _GSTRe = "GetSessionTokenResponse";
const _GWIT = "GetWebIdentityToken";
const _GWITR = "GetWebIdentityTokenRequest";
const _GWITRe = "GetWebIdentityTokenResponse";
const _I = "Issuer";
const _IAME = "InvalidAuthorizationMessageException";
const _IDPCEE = "IDPCommunicationErrorException";
const _IDPRCE = "IDPRejectedClaimException";
const _IITE = "InvalidIdentityTokenException";
const _JWTPSEE = "JWTPayloadSizeExceededException";
const _K = "Key";
const _MPDE = "MalformedPolicyDocumentException";
const _N = "Name";
const _NQ = "NameQualifier";
const _OWIFDE = "OutboundWebIdentityFederationDisabledException";
const _P = "Policy";
const _PA = "PolicyArns";
const _PAr = "PrincipalArn";
const _PAro = "ProviderArn";
const _PC = "ProvidedContexts";
const _PCLT = "ProvidedContextsListType";
const _PCr = "ProvidedContext";
const _PDT = "PolicyDescriptorType";
const _PI = "ProviderId";
const _PPS = "PackedPolicySize";
const _PPTLE = "PackedPolicyTooLargeException";
const _Pr = "Provider";
const _RA = "RoleArn";
const _RDE = "RegionDisabledException";
const _RSN = "RoleSessionName";
const _S = "Subject";
const _SA = "SigningAlgorithm";
const _SAK = "SecretAccessKey";
const _SAMLA = "SAMLAssertion";
const _SAMLAT = "SAMLAssertionType";
const _SDEE = "SessionDurationEscalationException";
const _SFWIT = "SubjectFromWebIdentityToken";
const _SI = "SourceIdentity";
const _SN = "SerialNumber";
const _ST = "SubjectType";
const _STe = "SessionToken";
const _T = "Tags";
const _TC = "TokenCode";
const _TIT = "TradeInToken";
const _TP = "TargetPrincipal";
const _TPA = "TaskPolicyArn";
const _TTK = "TransitiveTagKeys";
const _Ta = "Tag";
const _UI = "UserId";
const _V = "Value";
const _WIT = "WebIdentityToken";
const _a = "arn";
const _aKST = "accessKeySecretType";
const _aQE = "awsQueryError";
const _c = "client";
const _cTT = "clientTokenType";
const _e = "error";
const _hE = "httpError";
const _m = "message";
const _pDLT = "policyDescriptorListType";
const _s = "smithy.ts.sdk.synthetic.com.amazonaws.sts";
const _tITT = "tradeInTokenType";
const _tLT = "tagListType";
const _wITT = "webIdentityTokenType";
const n0 = "com.amazonaws.sts";
import { TypeRegistry } from "@smithy/core/schema";
import { ExpiredTokenException, ExpiredTradeInTokenException, IDPCommunicationErrorException, IDPRejectedClaimException, InvalidAuthorizationMessageException, InvalidIdentityTokenException, JWTPayloadSizeExceededException, MalformedPolicyDocumentException, OutboundWebIdentityFederationDisabledException, PackedPolicyTooLargeException, RegionDisabledException, SessionDurationEscalationException, } from "../models/errors";
import { STSServiceException } from "../models/STSServiceException";
const _s_registry = TypeRegistry.for(_s);
export var STSServiceException$ = [-3, _s, "STSServiceException", 0, [], []];
_s_registry.registerError(STSServiceException$, STSServiceException);
const n0_registry = TypeRegistry.for(n0);
export var ExpiredTokenException$ = [-3, n0, _ETE,
{ [_aQE]: [`ExpiredTokenException`, 400], [_e]: _c, [_hE]: 400 },
[_m],
[0]
];
n0_registry.registerError(ExpiredTokenException$, ExpiredTokenException);
export var ExpiredTradeInTokenException$ = [-3, n0, _ETITE,
{ [_aQE]: [`ExpiredTradeInTokenException`, 400], [_e]: _c, [_hE]: 400 },
[_m],
[0]
];
n0_registry.registerError(ExpiredTradeInTokenException$, ExpiredTradeInTokenException);
export var IDPCommunicationErrorException$ = [-3, n0, _IDPCEE,
{ [_aQE]: [`IDPCommunicationError`, 400], [_e]: _c, [_hE]: 400 },
[_m],
[0]
];
n0_registry.registerError(IDPCommunicationErrorException$, IDPCommunicationErrorException);
export var IDPRejectedClaimException$ = [-3, n0, _IDPRCE,
{ [_aQE]: [`IDPRejectedClaim`, 403], [_e]: _c, [_hE]: 403 },
[_m],
[0]
];
n0_registry.registerError(IDPRejectedClaimException$, IDPRejectedClaimException);
export var InvalidAuthorizationMessageException$ = [-3, n0, _IAME,
{ [_aQE]: [`InvalidAuthorizationMessageException`, 400], [_e]: _c, [_hE]: 400 },
[_m],
[0]
];
n0_registry.registerError(InvalidAuthorizationMessageException$, InvalidAuthorizationMessageException);
export var InvalidIdentityTokenException$ = [-3, n0, _IITE,
{ [_aQE]: [`InvalidIdentityToken`, 400], [_e]: _c, [_hE]: 400 },
[_m],
[0]
];
n0_registry.registerError(InvalidIdentityTokenException$, InvalidIdentityTokenException);
export var JWTPayloadSizeExceededException$ = [-3, n0, _JWTPSEE,
{ [_aQE]: [`JWTPayloadSizeExceededException`, 400], [_e]: _c, [_hE]: 400 },
[_m],
[0]
];
n0_registry.registerError(JWTPayloadSizeExceededException$, JWTPayloadSizeExceededException);
export var MalformedPolicyDocumentException$ = [-3, n0, _MPDE,
{ [_aQE]: [`MalformedPolicyDocument`, 400], [_e]: _c, [_hE]: 400 },
[_m],
[0]
];
n0_registry.registerError(MalformedPolicyDocumentException$, MalformedPolicyDocumentException);
export var OutboundWebIdentityFederationDisabledException$ = [-3, n0, _OWIFDE,
{ [_aQE]: [`OutboundWebIdentityFederationDisabledException`, 403], [_e]: _c, [_hE]: 403 },
[_m],
[0]
];
n0_registry.registerError(OutboundWebIdentityFederationDisabledException$, OutboundWebIdentityFederationDisabledException);
export var PackedPolicyTooLargeException$ = [-3, n0, _PPTLE,
{ [_aQE]: [`PackedPolicyTooLarge`, 400], [_e]: _c, [_hE]: 400 },
[_m],
[0]
];
n0_registry.registerError(PackedPolicyTooLargeException$, PackedPolicyTooLargeException);
export var RegionDisabledException$ = [-3, n0, _RDE,
{ [_aQE]: [`RegionDisabledException`, 403], [_e]: _c, [_hE]: 403 },
[_m],
[0]
];
n0_registry.registerError(RegionDisabledException$, RegionDisabledException);
export var SessionDurationEscalationException$ = [-3, n0, _SDEE,
{ [_aQE]: [`SessionDurationEscalationException`, 403], [_e]: _c, [_hE]: 403 },
[_m],
[0]
];
n0_registry.registerError(SessionDurationEscalationException$, SessionDurationEscalationException);
export const errorTypeRegistries = [
_s_registry,
n0_registry,
];
var accessKeySecretType = [0, n0, _aKST, 8, 0];
var clientTokenType = [0, n0, _cTT, 8, 0];
var SAMLAssertionType = [0, n0, _SAMLAT, 8, 0];
var tradeInTokenType = [0, n0, _tITT, 8, 0];
var webIdentityTokenType = [0, n0, _wITT, 8, 0];
export var AssumedRoleUser$ = [3, n0, _ARU,
0,
[_ARI, _A],
[0, 0], 2
];
export var AssumeRoleRequest$ = [3, n0, _ARR,
0,
[_RA, _RSN, _PA, _P, _DS, _T, _TTK, _EI, _SN, _TC, _SI, _PC],
[0, 0, () => policyDescriptorListType, 0, 1, () => tagListType, 64 | 0, 0, 0, 0, 0, () => ProvidedContextsListType], 2
];
export var AssumeRoleResponse$ = [3, n0, _ARRs,
0,
[_C, _ARU, _PPS, _SI],
[[() => Credentials$, 0], () => AssumedRoleUser$, 1, 0]
];
export var AssumeRoleWithSAMLRequest$ = [3, n0, _ARWSAMLR,
0,
[_RA, _PAr, _SAMLA, _PA, _P, _DS],
[0, 0, [() => SAMLAssertionType, 0], () => policyDescriptorListType, 0, 1], 3
];
export var AssumeRoleWithSAMLResponse$ = [3, n0, _ARWSAMLRs,
0,
[_C, _ARU, _PPS, _S, _ST, _I, _Au, _NQ, _SI],
[[() => Credentials$, 0], () => AssumedRoleUser$, 1, 0, 0, 0, 0, 0, 0]
];
export var AssumeRoleWithWebIdentityRequest$ = [3, n0, _ARWWIR,
0,
[_RA, _RSN, _WIT, _PI, _PA, _P, _DS],
[0, 0, [() => clientTokenType, 0], 0, () => policyDescriptorListType, 0, 1], 3
];
export var AssumeRoleWithWebIdentityResponse$ = [3, n0, _ARWWIRs,
0,
[_C, _SFWIT, _ARU, _PPS, _Pr, _Au, _SI],
[[() => Credentials$, 0], 0, () => AssumedRoleUser$, 1, 0, 0, 0]
];
export var AssumeRootRequest$ = [3, n0, _ARRss,
0,
[_TP, _TPA, _DS],
[0, () => PolicyDescriptorType$, 1], 2
];
export var AssumeRootResponse$ = [3, n0, _ARRssu,
0,
[_C, _SI],
[[() => Credentials$, 0], 0]
];
export var Credentials$ = [3, n0, _C,
0,
[_AKI, _SAK, _STe, _E],
[0, [() => accessKeySecretType, 0], 0, 4], 4
];
export var DecodeAuthorizationMessageRequest$ = [3, n0, _DAMR,
0,
[_EM],
[0], 1
];
export var DecodeAuthorizationMessageResponse$ = [3, n0, _DAMRe,
0,
[_DM],
[0]
];
export var FederatedUser$ = [3, n0, _FU,
0,
[_FUI, _A],
[0, 0], 2
];
export var GetAccessKeyInfoRequest$ = [3, n0, _GAKIR,
0,
[_AKI],
[0], 1
];
export var GetAccessKeyInfoResponse$ = [3, n0, _GAKIRe,
0,
[_Ac],
[0]
];
export var GetCallerIdentityRequest$ = [3, n0, _GCIR,
0,
[],
[]
];
export var GetCallerIdentityResponse$ = [3, n0, _GCIRe,
0,
[_UI, _Ac, _A],
[0, 0, 0]
];
export var GetDelegatedAccessTokenRequest$ = [3, n0, _GDATR,
0,
[_TIT],
[[() => tradeInTokenType, 0]], 1
];
export var GetDelegatedAccessTokenResponse$ = [3, n0, _GDATRe,
0,
[_C, _PPS, _AP],
[[() => Credentials$, 0], 1, 0]
];
export var GetFederationTokenRequest$ = [3, n0, _GFTR,
0,
[_N, _P, _PA, _DS, _T],
[0, 0, () => policyDescriptorListType, 1, () => tagListType], 1
];
export var GetFederationTokenResponse$ = [3, n0, _GFTRe,
0,
[_C, _FU, _PPS],
[[() => Credentials$, 0], () => FederatedUser$, 1]
];
export var GetSessionTokenRequest$ = [3, n0, _GSTR,
0,
[_DS, _SN, _TC],
[1, 0, 0]
];
export var GetSessionTokenResponse$ = [3, n0, _GSTRe,
0,
[_C],
[[() => Credentials$, 0]]
];
export var GetWebIdentityTokenRequest$ = [3, n0, _GWITR,
0,
[_Au, _SA, _DS, _T],
[64 | 0, 0, 1, () => tagListType], 2
];
export var GetWebIdentityTokenResponse$ = [3, n0, _GWITRe,
0,
[_WIT, _E],
[[() => webIdentityTokenType, 0], 4]
];
export var PolicyDescriptorType$ = [3, n0, _PDT,
0,
[_a],
[0]
];
export var ProvidedContext$ = [3, n0, _PCr,
0,
[_PAro, _CA],
[0, 0]
];
export var Tag$ = [3, n0, _Ta,
0,
[_K, _V],
[0, 0], 2
];
var policyDescriptorListType = [1, n0, _pDLT,
0, () => PolicyDescriptorType$
];
var ProvidedContextsListType = [1, n0, _PCLT,
0, () => ProvidedContext$
];
var tagKeyListType = 64 | 0;
var tagListType = [1, n0, _tLT,
0, () => Tag$
];
var webIdentityTokenAudienceListType = 64 | 0;
export var AssumeRole$ = [9, n0, _AR,
0, () => AssumeRoleRequest$, () => AssumeRoleResponse$
];
export var AssumeRoleWithSAML$ = [9, n0, _ARWSAML,
0, () => AssumeRoleWithSAMLRequest$, () => AssumeRoleWithSAMLResponse$
];
export var AssumeRoleWithWebIdentity$ = [9, n0, _ARWWI,
0, () => AssumeRoleWithWebIdentityRequest$, () => AssumeRoleWithWebIdentityResponse$
];
export var AssumeRoot$ = [9, n0, _ARs,
0, () => AssumeRootRequest$, () => AssumeRootResponse$
];
export var DecodeAuthorizationMessage$ = [9, n0, _DAM,
0, () => DecodeAuthorizationMessageRequest$, () => DecodeAuthorizationMessageResponse$
];
export var GetAccessKeyInfo$ = [9, n0, _GAKI,
0, () => GetAccessKeyInfoRequest$, () => GetAccessKeyInfoResponse$
];
export var GetCallerIdentity$ = [9, n0, _GCI,
0, () => GetCallerIdentityRequest$, () => GetCallerIdentityResponse$
];
export var GetDelegatedAccessToken$ = [9, n0, _GDAT,
0, () => GetDelegatedAccessTokenRequest$, () => GetDelegatedAccessTokenResponse$
];
export var GetFederationToken$ = [9, n0, _GFT,
0, () => GetFederationTokenRequest$, () => GetFederationTokenResponse$
];
export var GetSessionToken$ = [9, n0, _GST,
0, () => GetSessionTokenRequest$, () => GetSessionTokenResponse$
];
export var GetWebIdentityToken$ = [9, n0, _GWIT,
0, () => GetWebIdentityTokenRequest$, () => GetWebIdentityTokenResponse$
];

View File

@@ -0,0 +1,92 @@
import type { HttpHandlerOptions as __HttpHandlerOptions } from "@smithy/types";
import { type AssumeRoleCommandInput, type AssumeRoleCommandOutput } from "./commands/AssumeRoleCommand";
import { type AssumeRoleWithSAMLCommandInput, type AssumeRoleWithSAMLCommandOutput } from "./commands/AssumeRoleWithSAMLCommand";
import { type AssumeRoleWithWebIdentityCommandInput, type AssumeRoleWithWebIdentityCommandOutput } from "./commands/AssumeRoleWithWebIdentityCommand";
import { type AssumeRootCommandInput, type AssumeRootCommandOutput } from "./commands/AssumeRootCommand";
import { type DecodeAuthorizationMessageCommandInput, type DecodeAuthorizationMessageCommandOutput } from "./commands/DecodeAuthorizationMessageCommand";
import { type GetAccessKeyInfoCommandInput, type GetAccessKeyInfoCommandOutput } from "./commands/GetAccessKeyInfoCommand";
import { type GetCallerIdentityCommandInput, type GetCallerIdentityCommandOutput } from "./commands/GetCallerIdentityCommand";
import { type GetDelegatedAccessTokenCommandInput, type GetDelegatedAccessTokenCommandOutput } from "./commands/GetDelegatedAccessTokenCommand";
import { type GetFederationTokenCommandInput, type GetFederationTokenCommandOutput } from "./commands/GetFederationTokenCommand";
import { type GetSessionTokenCommandInput, type GetSessionTokenCommandOutput } from "./commands/GetSessionTokenCommand";
import { type GetWebIdentityTokenCommandInput, type GetWebIdentityTokenCommandOutput } from "./commands/GetWebIdentityTokenCommand";
import { STSClient } from "./STSClient";
export interface STS {
/**
* @see {@link AssumeRoleCommand}
*/
assumeRole(args: AssumeRoleCommandInput, options?: __HttpHandlerOptions): Promise<AssumeRoleCommandOutput>;
assumeRole(args: AssumeRoleCommandInput, cb: (err: any, data?: AssumeRoleCommandOutput) => void): void;
assumeRole(args: AssumeRoleCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: AssumeRoleCommandOutput) => void): void;
/**
* @see {@link AssumeRoleWithSAMLCommand}
*/
assumeRoleWithSAML(args: AssumeRoleWithSAMLCommandInput, options?: __HttpHandlerOptions): Promise<AssumeRoleWithSAMLCommandOutput>;
assumeRoleWithSAML(args: AssumeRoleWithSAMLCommandInput, cb: (err: any, data?: AssumeRoleWithSAMLCommandOutput) => void): void;
assumeRoleWithSAML(args: AssumeRoleWithSAMLCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: AssumeRoleWithSAMLCommandOutput) => void): void;
/**
* @see {@link AssumeRoleWithWebIdentityCommand}
*/
assumeRoleWithWebIdentity(args: AssumeRoleWithWebIdentityCommandInput, options?: __HttpHandlerOptions): Promise<AssumeRoleWithWebIdentityCommandOutput>;
assumeRoleWithWebIdentity(args: AssumeRoleWithWebIdentityCommandInput, cb: (err: any, data?: AssumeRoleWithWebIdentityCommandOutput) => void): void;
assumeRoleWithWebIdentity(args: AssumeRoleWithWebIdentityCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: AssumeRoleWithWebIdentityCommandOutput) => void): void;
/**
* @see {@link AssumeRootCommand}
*/
assumeRoot(args: AssumeRootCommandInput, options?: __HttpHandlerOptions): Promise<AssumeRootCommandOutput>;
assumeRoot(args: AssumeRootCommandInput, cb: (err: any, data?: AssumeRootCommandOutput) => void): void;
assumeRoot(args: AssumeRootCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: AssumeRootCommandOutput) => void): void;
/**
* @see {@link DecodeAuthorizationMessageCommand}
*/
decodeAuthorizationMessage(args: DecodeAuthorizationMessageCommandInput, options?: __HttpHandlerOptions): Promise<DecodeAuthorizationMessageCommandOutput>;
decodeAuthorizationMessage(args: DecodeAuthorizationMessageCommandInput, cb: (err: any, data?: DecodeAuthorizationMessageCommandOutput) => void): void;
decodeAuthorizationMessage(args: DecodeAuthorizationMessageCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: DecodeAuthorizationMessageCommandOutput) => void): void;
/**
* @see {@link GetAccessKeyInfoCommand}
*/
getAccessKeyInfo(args: GetAccessKeyInfoCommandInput, options?: __HttpHandlerOptions): Promise<GetAccessKeyInfoCommandOutput>;
getAccessKeyInfo(args: GetAccessKeyInfoCommandInput, cb: (err: any, data?: GetAccessKeyInfoCommandOutput) => void): void;
getAccessKeyInfo(args: GetAccessKeyInfoCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GetAccessKeyInfoCommandOutput) => void): void;
/**
* @see {@link GetCallerIdentityCommand}
*/
getCallerIdentity(): Promise<GetCallerIdentityCommandOutput>;
getCallerIdentity(args: GetCallerIdentityCommandInput, options?: __HttpHandlerOptions): Promise<GetCallerIdentityCommandOutput>;
getCallerIdentity(args: GetCallerIdentityCommandInput, cb: (err: any, data?: GetCallerIdentityCommandOutput) => void): void;
getCallerIdentity(args: GetCallerIdentityCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GetCallerIdentityCommandOutput) => void): void;
/**
* @see {@link GetDelegatedAccessTokenCommand}
*/
getDelegatedAccessToken(args: GetDelegatedAccessTokenCommandInput, options?: __HttpHandlerOptions): Promise<GetDelegatedAccessTokenCommandOutput>;
getDelegatedAccessToken(args: GetDelegatedAccessTokenCommandInput, cb: (err: any, data?: GetDelegatedAccessTokenCommandOutput) => void): void;
getDelegatedAccessToken(args: GetDelegatedAccessTokenCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GetDelegatedAccessTokenCommandOutput) => void): void;
/**
* @see {@link GetFederationTokenCommand}
*/
getFederationToken(args: GetFederationTokenCommandInput, options?: __HttpHandlerOptions): Promise<GetFederationTokenCommandOutput>;
getFederationToken(args: GetFederationTokenCommandInput, cb: (err: any, data?: GetFederationTokenCommandOutput) => void): void;
getFederationToken(args: GetFederationTokenCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GetFederationTokenCommandOutput) => void): void;
/**
* @see {@link GetSessionTokenCommand}
*/
getSessionToken(): Promise<GetSessionTokenCommandOutput>;
getSessionToken(args: GetSessionTokenCommandInput, options?: __HttpHandlerOptions): Promise<GetSessionTokenCommandOutput>;
getSessionToken(args: GetSessionTokenCommandInput, cb: (err: any, data?: GetSessionTokenCommandOutput) => void): void;
getSessionToken(args: GetSessionTokenCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GetSessionTokenCommandOutput) => void): void;
/**
* @see {@link GetWebIdentityTokenCommand}
*/
getWebIdentityToken(args: GetWebIdentityTokenCommandInput, options?: __HttpHandlerOptions): Promise<GetWebIdentityTokenCommandOutput>;
getWebIdentityToken(args: GetWebIdentityTokenCommandInput, cb: (err: any, data?: GetWebIdentityTokenCommandOutput) => void): void;
getWebIdentityToken(args: GetWebIdentityTokenCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GetWebIdentityTokenCommandOutput) => void): void;
}
/**
* <fullname>Security Token Service</fullname>
* <p>Security Token Service (STS) enables you to request temporary, limited-privilege
* credentials for users. This guide provides descriptions of the STS API. For
* more information about using this service, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html">Temporary Security Credentials</a>.</p>
* @public
*/
export declare class STS extends STSClient implements STS {
}

View File

@@ -0,0 +1,201 @@
import { type HostHeaderInputConfig, type HostHeaderResolvedConfig } from "@aws-sdk/middleware-host-header";
import { type UserAgentInputConfig, type UserAgentResolvedConfig } from "@aws-sdk/middleware-user-agent";
import { type RegionInputConfig, type RegionResolvedConfig } from "@smithy/config-resolver";
import { type EndpointInputConfig, type EndpointResolvedConfig } from "@smithy/middleware-endpoint";
import { type RetryInputConfig, type RetryResolvedConfig } from "@smithy/middleware-retry";
import type { HttpHandlerUserInput as __HttpHandlerUserInput } from "@smithy/protocol-http";
import { type DefaultsMode as __DefaultsMode, type SmithyConfiguration as __SmithyConfiguration, type SmithyResolvedConfiguration as __SmithyResolvedConfiguration, Client as __Client } from "@smithy/smithy-client";
import type { AwsCredentialIdentityProvider, BodyLengthCalculator as __BodyLengthCalculator, CheckOptionalClientConfig as __CheckOptionalClientConfig, ChecksumConstructor as __ChecksumConstructor, Decoder as __Decoder, Encoder as __Encoder, HashConstructor as __HashConstructor, HttpHandlerOptions as __HttpHandlerOptions, Logger as __Logger, Provider as __Provider, StreamCollector as __StreamCollector, UrlParser as __UrlParser, UserAgent as __UserAgent } from "@smithy/types";
import { type HttpAuthSchemeInputConfig, type HttpAuthSchemeResolvedConfig } from "./auth/httpAuthSchemeProvider";
import type { AssumeRoleCommandInput, AssumeRoleCommandOutput } from "./commands/AssumeRoleCommand";
import type { AssumeRoleWithSAMLCommandInput, AssumeRoleWithSAMLCommandOutput } from "./commands/AssumeRoleWithSAMLCommand";
import type { AssumeRoleWithWebIdentityCommandInput, AssumeRoleWithWebIdentityCommandOutput } from "./commands/AssumeRoleWithWebIdentityCommand";
import type { AssumeRootCommandInput, AssumeRootCommandOutput } from "./commands/AssumeRootCommand";
import type { DecodeAuthorizationMessageCommandInput, DecodeAuthorizationMessageCommandOutput } from "./commands/DecodeAuthorizationMessageCommand";
import type { GetAccessKeyInfoCommandInput, GetAccessKeyInfoCommandOutput } from "./commands/GetAccessKeyInfoCommand";
import type { GetCallerIdentityCommandInput, GetCallerIdentityCommandOutput } from "./commands/GetCallerIdentityCommand";
import type { GetDelegatedAccessTokenCommandInput, GetDelegatedAccessTokenCommandOutput } from "./commands/GetDelegatedAccessTokenCommand";
import type { GetFederationTokenCommandInput, GetFederationTokenCommandOutput } from "./commands/GetFederationTokenCommand";
import type { GetSessionTokenCommandInput, GetSessionTokenCommandOutput } from "./commands/GetSessionTokenCommand";
import type { GetWebIdentityTokenCommandInput, GetWebIdentityTokenCommandOutput } from "./commands/GetWebIdentityTokenCommand";
import { type ClientInputEndpointParameters, type ClientResolvedEndpointParameters, type EndpointParameters } from "./endpoint/EndpointParameters";
import { type RuntimeExtension, type RuntimeExtensionsConfig } from "./runtimeExtensions";
export { __Client };
/**
* @public
*/
export type ServiceInputTypes = AssumeRoleCommandInput | AssumeRoleWithSAMLCommandInput | AssumeRoleWithWebIdentityCommandInput | AssumeRootCommandInput | DecodeAuthorizationMessageCommandInput | GetAccessKeyInfoCommandInput | GetCallerIdentityCommandInput | GetDelegatedAccessTokenCommandInput | GetFederationTokenCommandInput | GetSessionTokenCommandInput | GetWebIdentityTokenCommandInput;
/**
* @public
*/
export type ServiceOutputTypes = AssumeRoleCommandOutput | AssumeRoleWithSAMLCommandOutput | AssumeRoleWithWebIdentityCommandOutput | AssumeRootCommandOutput | DecodeAuthorizationMessageCommandOutput | GetAccessKeyInfoCommandOutput | GetCallerIdentityCommandOutput | GetDelegatedAccessTokenCommandOutput | GetFederationTokenCommandOutput | GetSessionTokenCommandOutput | GetWebIdentityTokenCommandOutput;
/**
* @public
*/
export interface ClientDefaults extends Partial<__SmithyConfiguration<__HttpHandlerOptions>> {
/**
* The HTTP handler to use or its constructor options. Fetch in browser and Https in Nodejs.
*/
requestHandler?: __HttpHandlerUserInput;
/**
* A constructor for a class implementing the {@link @smithy/types#ChecksumConstructor} interface
* that computes the SHA-256 HMAC or checksum of a string or binary buffer.
* @internal
*/
sha256?: __ChecksumConstructor | __HashConstructor;
/**
* The function that will be used to convert strings into HTTP endpoints.
* @internal
*/
urlParser?: __UrlParser;
/**
* A function that can calculate the length of a request body.
* @internal
*/
bodyLengthChecker?: __BodyLengthCalculator;
/**
* A function that converts a stream into an array of bytes.
* @internal
*/
streamCollector?: __StreamCollector;
/**
* The function that will be used to convert a base64-encoded string to a byte array.
* @internal
*/
base64Decoder?: __Decoder;
/**
* The function that will be used to convert binary data to a base64-encoded string.
* @internal
*/
base64Encoder?: __Encoder;
/**
* The function that will be used to convert a UTF8-encoded string to a byte array.
* @internal
*/
utf8Decoder?: __Decoder;
/**
* The function that will be used to convert binary data to a UTF-8 encoded string.
* @internal
*/
utf8Encoder?: __Encoder;
/**
* The runtime environment.
* @internal
*/
runtime?: string;
/**
* Disable dynamically changing the endpoint of the client based on the hostPrefix
* trait of an operation.
*/
disableHostPrefix?: boolean;
/**
* Unique service identifier.
* @internal
*/
serviceId?: string;
/**
* Enables IPv6/IPv4 dualstack endpoint.
*/
useDualstackEndpoint?: boolean | __Provider<boolean>;
/**
* Enables FIPS compatible endpoints.
*/
useFipsEndpoint?: boolean | __Provider<boolean>;
/**
* The AWS region to which this client will send requests
*/
region?: string | __Provider<string>;
/**
* Setting a client profile is similar to setting a value for the
* AWS_PROFILE environment variable. Setting a profile on a client
* in code only affects the single client instance, unlike AWS_PROFILE.
*
* When set, and only for environments where an AWS configuration
* file exists, fields configurable by this file will be retrieved
* from the specified profile within that file.
* Conflicting code configuration and environment variables will
* still have higher priority.
*
* For client credential resolution that involves checking the AWS
* configuration file, the client's profile (this value) will be
* used unless a different profile is set in the credential
* provider options.
*
*/
profile?: string;
/**
* The provider populating default tracking information to be sent with `user-agent`, `x-amz-user-agent` header
* @internal
*/
defaultUserAgentProvider?: __Provider<__UserAgent>;
/**
* Default credentials provider; Not available in browser runtime.
* @deprecated
* @internal
*/
credentialDefaultProvider?: (input: any) => AwsCredentialIdentityProvider;
/**
* Value for how many times a request will be made at most in case of retry.
*/
maxAttempts?: number | __Provider<number>;
/**
* Specifies which retry algorithm to use.
* @see https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-smithy-util-retry/Enum/RETRY_MODES/
*
*/
retryMode?: string | __Provider<string>;
/**
* Optional logger for logging debug/info/warn/error.
*/
logger?: __Logger;
/**
* Optional extensions
*/
extensions?: RuntimeExtension[];
/**
* The {@link @smithy/smithy-client#DefaultsMode} that will be used to determine how certain default configuration options are resolved in the SDK.
*/
defaultsMode?: __DefaultsMode | __Provider<__DefaultsMode>;
}
/**
* @public
*/
export type STSClientConfigType = Partial<__SmithyConfiguration<__HttpHandlerOptions>> & ClientDefaults & UserAgentInputConfig & RetryInputConfig & RegionInputConfig & HostHeaderInputConfig & EndpointInputConfig<EndpointParameters> & HttpAuthSchemeInputConfig & ClientInputEndpointParameters;
/**
* @public
*
* The configuration interface of STSClient class constructor that set the region, credentials and other options.
*/
export interface STSClientConfig extends STSClientConfigType {
}
/**
* @public
*/
export type STSClientResolvedConfigType = __SmithyResolvedConfiguration<__HttpHandlerOptions> & Required<ClientDefaults> & RuntimeExtensionsConfig & UserAgentResolvedConfig & RetryResolvedConfig & RegionResolvedConfig & HostHeaderResolvedConfig & EndpointResolvedConfig<EndpointParameters> & HttpAuthSchemeResolvedConfig & ClientResolvedEndpointParameters;
/**
* @public
*
* The resolved configuration interface of STSClient class. This is resolved and normalized from the {@link STSClientConfig | constructor configuration interface}.
*/
export interface STSClientResolvedConfig extends STSClientResolvedConfigType {
}
/**
* <fullname>Security Token Service</fullname>
* <p>Security Token Service (STS) enables you to request temporary, limited-privilege
* credentials for users. This guide provides descriptions of the STS API. For
* more information about using this service, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html">Temporary Security Credentials</a>.</p>
* @public
*/
export declare class STSClient extends __Client<__HttpHandlerOptions, ServiceInputTypes, ServiceOutputTypes, STSClientResolvedConfig> {
/**
* The resolved configuration of STSClient class. This is resolved and normalized from the {@link STSClientConfig | constructor configuration interface}.
*/
readonly config: STSClientResolvedConfig;
constructor(...[configuration]: __CheckOptionalClientConfig<STSClientConfig>);
/**
* Destroy underlying resources, like sockets. It's usually not necessary to do this.
* However in Node.js, it's best to explicitly shut down the client's agent when it is no longer needed.
* Otherwise, sockets might stay open for quite a long time before the server terminates them.
*/
destroy(): void;
}

View File

@@ -0,0 +1,29 @@
import type { AwsCredentialIdentity, AwsCredentialIdentityProvider, HttpAuthScheme } from "@smithy/types";
import type { STSHttpAuthSchemeProvider } from "./httpAuthSchemeProvider";
/**
* @internal
*/
export interface HttpAuthExtensionConfiguration {
setHttpAuthScheme(httpAuthScheme: HttpAuthScheme): void;
httpAuthSchemes(): HttpAuthScheme[];
setHttpAuthSchemeProvider(httpAuthSchemeProvider: STSHttpAuthSchemeProvider): void;
httpAuthSchemeProvider(): STSHttpAuthSchemeProvider;
setCredentials(credentials: AwsCredentialIdentity | AwsCredentialIdentityProvider): void;
credentials(): AwsCredentialIdentity | AwsCredentialIdentityProvider | undefined;
}
/**
* @internal
*/
export type HttpAuthRuntimeConfig = Partial<{
httpAuthSchemes: HttpAuthScheme[];
httpAuthSchemeProvider: STSHttpAuthSchemeProvider;
credentials: AwsCredentialIdentity | AwsCredentialIdentityProvider;
}>;
/**
* @internal
*/
export declare const getHttpAuthExtensionConfiguration: (runtimeConfig: HttpAuthRuntimeConfig) => HttpAuthExtensionConfiguration;
/**
* @internal
*/
export declare const resolveHttpAuthRuntimeConfig: (config: HttpAuthExtensionConfiguration) => HttpAuthRuntimeConfig;

View File

@@ -0,0 +1,85 @@
import { AwsSdkSigV4AuthInputConfig, AwsSdkSigV4AuthResolvedConfig, AwsSdkSigV4PreviouslyResolved } from "@aws-sdk/core/httpAuthSchemes";
import type { Client, HandlerExecutionContext, HttpAuthScheme, HttpAuthSchemeParameters, HttpAuthSchemeParametersProvider, HttpAuthSchemeProvider, Provider } from "@smithy/types";
import { type STSClientResolvedConfig } from "../STSClient";
/**
* @internal
*/
export interface STSHttpAuthSchemeParameters extends HttpAuthSchemeParameters {
region?: string;
}
/**
* @internal
*/
export interface STSHttpAuthSchemeParametersProvider extends HttpAuthSchemeParametersProvider<STSClientResolvedConfig, HandlerExecutionContext, STSHttpAuthSchemeParameters, object> {
}
/**
* @internal
*/
export declare const defaultSTSHttpAuthSchemeParametersProvider: (config: STSClientResolvedConfig, context: HandlerExecutionContext, input: object) => Promise<STSHttpAuthSchemeParameters>;
/**
* @internal
*/
export interface STSHttpAuthSchemeProvider extends HttpAuthSchemeProvider<STSHttpAuthSchemeParameters> {
}
/**
* @internal
*/
export declare const defaultSTSHttpAuthSchemeProvider: STSHttpAuthSchemeProvider;
export interface StsAuthInputConfig {
}
export interface StsAuthResolvedConfig {
/**
* Reference to STSClient class constructor.
* @internal
*/
stsClientCtor: new (clientConfig: any) => Client<any, any, any>;
}
export declare const resolveStsAuthConfig: <T>(input: T & StsAuthInputConfig) => T & StsAuthResolvedConfig;
/**
* @public
*/
export interface HttpAuthSchemeInputConfig extends StsAuthInputConfig, AwsSdkSigV4AuthInputConfig {
/**
* A comma-separated list of case-sensitive auth scheme names.
* An auth scheme name is a fully qualified auth scheme ID with the namespace prefix trimmed.
* For example, the auth scheme with ID aws.auth#sigv4 is named sigv4.
* @public
*/
authSchemePreference?: string[] | Provider<string[]>;
/**
* Configuration of HttpAuthSchemes for a client which provides default identity providers and signers per auth scheme.
* @internal
*/
httpAuthSchemes?: HttpAuthScheme[];
/**
* Configuration of an HttpAuthSchemeProvider for a client which resolves which HttpAuthScheme to use.
* @internal
*/
httpAuthSchemeProvider?: STSHttpAuthSchemeProvider;
}
/**
* @internal
*/
export interface HttpAuthSchemeResolvedConfig extends StsAuthResolvedConfig, AwsSdkSigV4AuthResolvedConfig {
/**
* A comma-separated list of case-sensitive auth scheme names.
* An auth scheme name is a fully qualified auth scheme ID with the namespace prefix trimmed.
* For example, the auth scheme with ID aws.auth#sigv4 is named sigv4.
* @public
*/
readonly authSchemePreference: Provider<string[]>;
/**
* Configuration of HttpAuthSchemes for a client which provides default identity providers and signers per auth scheme.
* @internal
*/
readonly httpAuthSchemes: HttpAuthScheme[];
/**
* Configuration of an HttpAuthSchemeProvider for a client which resolves which HttpAuthScheme to use.
* @internal
*/
readonly httpAuthSchemeProvider: STSHttpAuthSchemeProvider;
}
/**
* @internal
*/
export declare const resolveHttpAuthSchemeConfig: <T>(config: T & HttpAuthSchemeInputConfig & AwsSdkSigV4PreviouslyResolved) => T & HttpAuthSchemeResolvedConfig;

View File

@@ -0,0 +1,270 @@
import { Command as $Command } from "@smithy/smithy-client";
import type { MetadataBearer as __MetadataBearer } from "@smithy/types";
import type { AssumeRoleRequest, AssumeRoleResponse } from "../models/models_0";
import type { ServiceInputTypes, ServiceOutputTypes, STSClientResolvedConfig } from "../STSClient";
/**
* @public
*/
export type { __MetadataBearer };
export { $Command };
/**
* @public
*
* The input for {@link AssumeRoleCommand}.
*/
export interface AssumeRoleCommandInput extends AssumeRoleRequest {
}
/**
* @public
*
* The output of {@link AssumeRoleCommand}.
*/
export interface AssumeRoleCommandOutput extends AssumeRoleResponse, __MetadataBearer {
}
declare const AssumeRoleCommand_base: {
new (input: AssumeRoleCommandInput): import("@smithy/smithy-client").CommandImpl<AssumeRoleCommandInput, AssumeRoleCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
new (input: AssumeRoleCommandInput): import("@smithy/smithy-client").CommandImpl<AssumeRoleCommandInput, AssumeRoleCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
};
/**
* <p>Returns a set of temporary security credentials that you can use to access Amazon Web Services
* resources. These temporary credentials consist of an access key ID, a secret access key,
* and a security token. Typically, you use <code>AssumeRole</code> within your account or for
* cross-account access. For a comparison of <code>AssumeRole</code> with other API operations
* that produce temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting Temporary Security
* Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_sts-comparison.html">Compare STS
* credentials</a> in the <i>IAM User Guide</i>.</p>
* <p>
* <b>Permissions</b>
* </p>
* <p>The temporary security credentials created by <code>AssumeRole</code> can be used to
* make API calls to any Amazon Web Services service with the following exception: You cannot call the
* Amazon Web Services STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API
* operations.</p>
* <p>(Optional) You can pass inline or managed session policies to this operation. You can
* pass a single JSON policy document to use as an inline session policy. You can also specify
* up to 10 managed policy Amazon Resource Names (ARNs) to use as managed session policies.
* The plaintext that you use for both inline and managed session policies can't exceed 2,048
* characters. Passing policies to this operation returns new
* temporary credentials. The resulting session's permissions are the intersection of the
* role's identity-based policy and the session policies. You can use the role's temporary
* credentials in subsequent Amazon Web Services API calls to access resources in the account that owns
* the role. You cannot use session policies to grant more permissions than those allowed
* by the identity-based policy of the role that is being assumed. For more information, see
* <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">Session
* Policies</a> in the <i>IAM User Guide</i>.</p>
* <p>When you create a role, you create two policies: a role trust policy that specifies
* <i>who</i> can assume the role, and a permissions policy that specifies
* <i>what</i> can be done with the role. You specify the trusted principal
* that is allowed to assume the role in the role trust policy.</p>
* <p>To assume a role from a different account, your Amazon Web Services account must be trusted by the
* role. The trust relationship is defined in the role's trust policy when the role is
* created. That trust policy states which accounts are allowed to delegate that access to
* users in the account. </p>
* <p>A user who wants to access a role in a different account must also have permissions that
* are delegated from the account administrator. The administrator must attach a policy that
* allows the user to call <code>AssumeRole</code> for the ARN of the role in the other
* account.</p>
* <p>To allow a user to assume a role in the same account, you can do either of the
* following:</p>
* <ul>
* <li>
* <p>Attach a policy to the user that allows the user to call <code>AssumeRole</code>
* (as long as the role's trust policy trusts the account).</p>
* </li>
* <li>
* <p>Add the user as a principal directly in the role's trust policy.</p>
* </li>
* </ul>
* <p>You can do either because the roles trust policy acts as an IAM resource-based
* policy. When a resource-based policy grants access to a principal in the same account, no
* additional identity-based policy is required. For more information about trust policies and
* resource-based policies, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html">IAM Policies</a> in the
* <i>IAM User Guide</i>.</p>
* <p>
* <b>Tags</b>
* </p>
* <p>(Optional) You can pass tag key-value pairs to your session. These tags are called
* session tags. For more information about session tags, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in the
* <i>IAM User Guide</i>.</p>
* <p>An administrator must grant you the permissions necessary to pass session tags. The
* administrator can also create granular permissions to allow you to pass only specific
* session tags. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html">Tutorial: Using Tags
* for Attribute-Based Access Control</a> in the
* <i>IAM User Guide</i>.</p>
* <p>You can set the session tags as transitive. Transitive tags persist during role
* chaining. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining">Chaining Roles
* with Session Tags</a> in the <i>IAM User Guide</i>.</p>
* <p>
* <b>Using MFA with AssumeRole</b>
* </p>
* <p>(Optional) You can include multi-factor authentication (MFA) information when you call
* <code>AssumeRole</code>. This is useful for cross-account scenarios to ensure that the
* user that assumes the role has been authenticated with an Amazon Web Services MFA device. In that
* scenario, the trust policy of the role being assumed includes a condition that tests for
* MFA authentication. If the caller does not include valid MFA information, the request to
* assume the role is denied. The condition in a trust policy that tests for MFA
* authentication might look like the following example.</p>
* <p>
* <code>"Condition": \{"Bool": \{"aws:MultiFactorAuthPresent": true\}\}</code>
* </p>
* <p>For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/MFAProtectedAPI.html">Configuring MFA-Protected API Access</a>
* in the <i>IAM User Guide</i> guide.</p>
* <p>To use MFA with <code>AssumeRole</code>, you pass values for the
* <code>SerialNumber</code> and <code>TokenCode</code> parameters. The
* <code>SerialNumber</code> value identifies the user's hardware or virtual MFA device.
* The <code>TokenCode</code> is the time-based one-time password (TOTP) that the MFA device
* produces. </p>
* @example
* Use a bare-bones client and the command you need to make an API call.
* ```javascript
* import { STSClient, AssumeRoleCommand } from "@aws-sdk/client-sts"; // ES Modules import
* // const { STSClient, AssumeRoleCommand } = require("@aws-sdk/client-sts"); // CommonJS import
* // import type { STSClientConfig } from "@aws-sdk/client-sts";
* const config = {}; // type is STSClientConfig
* const client = new STSClient(config);
* const input = { // AssumeRoleRequest
* RoleArn: "STRING_VALUE", // required
* RoleSessionName: "STRING_VALUE", // required
* PolicyArns: [ // policyDescriptorListType
* { // PolicyDescriptorType
* arn: "STRING_VALUE",
* },
* ],
* Policy: "STRING_VALUE",
* DurationSeconds: Number("int"),
* Tags: [ // tagListType
* { // Tag
* Key: "STRING_VALUE", // required
* Value: "STRING_VALUE", // required
* },
* ],
* TransitiveTagKeys: [ // tagKeyListType
* "STRING_VALUE",
* ],
* ExternalId: "STRING_VALUE",
* SerialNumber: "STRING_VALUE",
* TokenCode: "STRING_VALUE",
* SourceIdentity: "STRING_VALUE",
* ProvidedContexts: [ // ProvidedContextsListType
* { // ProvidedContext
* ProviderArn: "STRING_VALUE",
* ContextAssertion: "STRING_VALUE",
* },
* ],
* };
* const command = new AssumeRoleCommand(input);
* const response = await client.send(command);
* // { // AssumeRoleResponse
* // Credentials: { // Credentials
* // AccessKeyId: "STRING_VALUE", // required
* // SecretAccessKey: "STRING_VALUE", // required
* // SessionToken: "STRING_VALUE", // required
* // Expiration: new Date("TIMESTAMP"), // required
* // },
* // AssumedRoleUser: { // AssumedRoleUser
* // AssumedRoleId: "STRING_VALUE", // required
* // Arn: "STRING_VALUE", // required
* // },
* // PackedPolicySize: Number("int"),
* // SourceIdentity: "STRING_VALUE",
* // };
*
* ```
*
* @param AssumeRoleCommandInput - {@link AssumeRoleCommandInput}
* @returns {@link AssumeRoleCommandOutput}
* @see {@link AssumeRoleCommandInput} for command's `input` shape.
* @see {@link AssumeRoleCommandOutput} for command's `response` shape.
* @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
*
* @throws {@link ExpiredTokenException} (client fault)
* <p>The web identity token that was passed is expired or is not valid. Get a new identity
* token from the identity provider and then retry the request.</p>
*
* @throws {@link MalformedPolicyDocumentException} (client fault)
* <p>The request was rejected because the policy document was malformed. The error message
* describes the specific error.</p>
*
* @throws {@link PackedPolicyTooLargeException} (client fault)
* <p>The request was rejected because the total packed size of the session policies and
* session tags combined was too large. An Amazon Web Services conversion compresses the session policy
* document, session policy ARNs, and session tags into a packed binary format that has a
* separate limit. The error message indicates by percentage how close the policies and
* tags are to the upper size limit. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in
* the <i>IAM User Guide</i>.</p>
* <p>You could receive this error even though you meet other defined session policy and
* session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity Character Limits</a> in the <i>IAM User
* Guide</i>.</p>
*
* @throws {@link RegionDisabledException} (client fault)
* <p>STS is not activated in the requested region for the account that is being asked to
* generate credentials. The account administrator must use the IAM console to activate
* STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM
* User Guide</i>.</p>
*
* @throws {@link STSServiceException}
* <p>Base exception class for all service exceptions from STS service.</p>
*
*
* @example To assume a role
* ```javascript
* //
* const input = {
* ExternalId: "123ABC",
* Policy: "escaped-JSON-IAM-POLICY",
* RoleArn: "arn:aws:iam::123456789012:role/demo",
* RoleSessionName: "testAssumeRoleSession",
* Tags: [
* {
* Key: "Project",
* Value: "Unicorn"
* },
* {
* Key: "Team",
* Value: "Automation"
* },
* {
* Key: "Cost-Center",
* Value: "12345"
* }
* ],
* TransitiveTagKeys: [
* "Project",
* "Cost-Center"
* ]
* };
* const command = new AssumeRoleCommand(input);
* const response = await client.send(command);
* /* response is
* {
* AssumedRoleUser: {
* Arn: "arn:aws:sts::123456789012:assumed-role/demo/Bob",
* AssumedRoleId: "ARO123EXAMPLE123:Bob"
* },
* Credentials: {
* AccessKeyId: "AKIAIOSFODNN7EXAMPLE",
* Expiration: "2011-07-15T23:28:33.359Z",
* SecretAccessKey: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY",
* SessionToken: "AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQWLWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGdQrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz+scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA=="
* },
* PackedPolicySize: 8
* }
* *\/
* ```
*
* @public
*/
export declare class AssumeRoleCommand extends AssumeRoleCommand_base {
/** @internal type navigation helper, not in runtime. */
protected static __types: {
api: {
input: AssumeRoleRequest;
output: AssumeRoleResponse;
};
sdk: {
input: AssumeRoleCommandInput;
output: AssumeRoleCommandOutput;
};
};
}

View File

@@ -0,0 +1,299 @@
import { Command as $Command } from "@smithy/smithy-client";
import type { MetadataBearer as __MetadataBearer } from "@smithy/types";
import type { AssumeRoleWithSAMLRequest, AssumeRoleWithSAMLResponse } from "../models/models_0";
import type { ServiceInputTypes, ServiceOutputTypes, STSClientResolvedConfig } from "../STSClient";
/**
* @public
*/
export type { __MetadataBearer };
export { $Command };
/**
* @public
*
* The input for {@link AssumeRoleWithSAMLCommand}.
*/
export interface AssumeRoleWithSAMLCommandInput extends AssumeRoleWithSAMLRequest {
}
/**
* @public
*
* The output of {@link AssumeRoleWithSAMLCommand}.
*/
export interface AssumeRoleWithSAMLCommandOutput extends AssumeRoleWithSAMLResponse, __MetadataBearer {
}
declare const AssumeRoleWithSAMLCommand_base: {
new (input: AssumeRoleWithSAMLCommandInput): import("@smithy/smithy-client").CommandImpl<AssumeRoleWithSAMLCommandInput, AssumeRoleWithSAMLCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
new (input: AssumeRoleWithSAMLCommandInput): import("@smithy/smithy-client").CommandImpl<AssumeRoleWithSAMLCommandInput, AssumeRoleWithSAMLCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
};
/**
* <p>Returns a set of temporary security credentials for users who have been authenticated
* via a SAML authentication response. This operation provides a mechanism for tying an
* enterprise identity store or directory to role-based Amazon Web Services access without user-specific
* credentials or configuration. For a comparison of <code>AssumeRoleWithSAML</code> with the
* other API operations that produce temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting Temporary Security
* Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_sts-comparison.html">Compare STS
* credentials</a> in the <i>IAM User Guide</i>.</p>
* <p>The temporary security credentials returned by this operation consist of an access key
* ID, a secret access key, and a security token. Applications can use these temporary
* security credentials to sign calls to Amazon Web Services services.</p>
* <note>
* <p>AssumeRoleWithSAML will not work on IAM Identity Center managed roles. These roles' names start
* with <code>AWSReservedSSO_</code>.</p>
* </note>
* <p>
* <b>Session Duration</b>
* </p>
* <p>By default, the temporary security credentials created by
* <code>AssumeRoleWithSAML</code> last for one hour. However, you can use the optional
* <code>DurationSeconds</code> parameter to specify the duration of your session. Your
* role session lasts for the duration that you specify, or until the time specified in the
* SAML authentication response's <code>SessionNotOnOrAfter</code> value, whichever is
* shorter. You can provide a <code>DurationSeconds</code> value from 900 seconds (15 minutes)
* up to the maximum session duration setting for the role. This setting can have a value from
* 1 hour to 12 hours. To learn how to view the maximum value for your role, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session">View the
* Maximum Session Duration Setting for a Role</a> in the
* <i>IAM User Guide</i>. The maximum session duration limit applies when
* you use the <code>AssumeRole*</code> API operations or the <code>assume-role*</code> CLI
* commands. However the limit does not apply when you use those operations to create a
* console URL. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html">Using IAM Roles</a> in the
* <i>IAM User Guide</i>.</p>
* <note>
* <p>
* <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining">Role chaining</a> limits your CLI or Amazon Web Services API role
* session to a maximum of one hour. When you use the <code>AssumeRole</code> API operation
* to assume a role, you can specify the duration of your role session with the
* <code>DurationSeconds</code> parameter. You can specify a parameter value of up to
* 43200 seconds (12 hours), depending on the maximum session duration setting for your
* role. However, if you assume a role using role chaining and provide a
* <code>DurationSeconds</code> parameter value greater than one hour, the operation
* fails.</p>
* </note>
* <p>
* <b>Permissions</b>
* </p>
* <p>The temporary security credentials created by <code>AssumeRoleWithSAML</code> can be
* used to make API calls to any Amazon Web Services service with the following exception: you cannot call
* the STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API
* operations.</p>
* <p>(Optional) You can pass inline or managed <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">session policies</a> to
* this operation. You can pass a single JSON policy document to use as an inline session
* policy. You can also specify up to 10 managed policy Amazon Resource Names (ARNs) to use as
* managed session policies. The plaintext that you use for both inline and managed session
* policies can't exceed 2,048 characters. Passing policies to this operation returns new
* temporary credentials. The resulting session's permissions are the intersection of the
* role's identity-based policy and the session policies. You can use the role's temporary
* credentials in subsequent Amazon Web Services API calls to access resources in the account that owns
* the role. You cannot use session policies to grant more permissions than those allowed
* by the identity-based policy of the role that is being assumed. For more information, see
* <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">Session
* Policies</a> in the <i>IAM User Guide</i>.</p>
* <p>Calling <code>AssumeRoleWithSAML</code> does not require the use of Amazon Web Services security
* credentials. The identity of the caller is validated by using keys in the metadata document
* that is uploaded for the SAML provider entity for your identity provider. </p>
* <important>
* <p>Calling <code>AssumeRoleWithSAML</code> can result in an entry in your CloudTrail logs.
* The entry includes the value in the <code>NameID</code> element of the SAML assertion.
* We recommend that you use a <code>NameIDType</code> that is not associated with any
* personally identifiable information (PII). For example, you could instead use the
* persistent identifier
* (<code>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</code>).</p>
* </important>
* <p>
* <b>Tags</b>
* </p>
* <p>(Optional) You can configure your IdP to pass attributes into your SAML assertion as
* session tags. Each session tag consists of a key name and an associated value. For more
* information about session tags, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in the
* <i>IAM User Guide</i>.</p>
* <p>You can pass up to 50 session tags. The plaintext session tag keys cant exceed 128
* characters and the values cant exceed 256 characters. For these and additional limits, see
* <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length">IAM
* and STS Character Limits</a> in the <i>IAM User Guide</i>.</p>
* <note>
* <p>An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs,
* and session tags into a packed binary format that has a separate limit. Your request can
* fail for this limit even if your plaintext meets the other requirements. The
* <code>PackedPolicySize</code> response element indicates by percentage how close the
* policies and tags for your request are to the upper size limit.</p>
* </note>
* <p>You can pass a session tag with the same key as a tag that is attached to the role. When
* you do, session tags override the role's tags with the same key.</p>
* <p>An administrator must grant you the permissions necessary to pass session tags. The
* administrator can also create granular permissions to allow you to pass only specific
* session tags. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html">Tutorial: Using Tags
* for Attribute-Based Access Control</a> in the
* <i>IAM User Guide</i>.</p>
* <p>You can set the session tags as transitive. Transitive tags persist during role
* chaining. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining">Chaining Roles
* with Session Tags</a> in the <i>IAM User Guide</i>.</p>
* <p>
* <b>SAML Configuration</b>
* </p>
* <p>Before your application can call <code>AssumeRoleWithSAML</code>, you must configure
* your SAML identity provider (IdP) to issue the claims required by Amazon Web Services. Additionally, you
* must use Identity and Access Management (IAM) to create a SAML provider entity in your Amazon Web Services account that
* represents your identity provider. You must also create an IAM role that specifies this
* SAML provider in its trust policy. </p>
* <p>For more information, see the following resources:</p>
* <ul>
* <li>
* <p>
* <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html">About
* SAML 2.0-based Federation</a> in the <i>IAM User Guide</i>.
* </p>
* </li>
* <li>
* <p>
* <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html">Creating SAML Identity Providers</a> in the
* <i>IAM User Guide</i>. </p>
* </li>
* <li>
* <p>
* <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html">Configuring
* a Relying Party and Claims</a> in the <i>IAM User Guide</i>.
* </p>
* </li>
* <li>
* <p>
* <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html">Creating a Role for SAML 2.0 Federation</a> in the
* <i>IAM User Guide</i>. </p>
* </li>
* </ul>
* @example
* Use a bare-bones client and the command you need to make an API call.
* ```javascript
* import { STSClient, AssumeRoleWithSAMLCommand } from "@aws-sdk/client-sts"; // ES Modules import
* // const { STSClient, AssumeRoleWithSAMLCommand } = require("@aws-sdk/client-sts"); // CommonJS import
* // import type { STSClientConfig } from "@aws-sdk/client-sts";
* const config = {}; // type is STSClientConfig
* const client = new STSClient(config);
* const input = { // AssumeRoleWithSAMLRequest
* RoleArn: "STRING_VALUE", // required
* PrincipalArn: "STRING_VALUE", // required
* SAMLAssertion: "STRING_VALUE", // required
* PolicyArns: [ // policyDescriptorListType
* { // PolicyDescriptorType
* arn: "STRING_VALUE",
* },
* ],
* Policy: "STRING_VALUE",
* DurationSeconds: Number("int"),
* };
* const command = new AssumeRoleWithSAMLCommand(input);
* const response = await client.send(command);
* // { // AssumeRoleWithSAMLResponse
* // Credentials: { // Credentials
* // AccessKeyId: "STRING_VALUE", // required
* // SecretAccessKey: "STRING_VALUE", // required
* // SessionToken: "STRING_VALUE", // required
* // Expiration: new Date("TIMESTAMP"), // required
* // },
* // AssumedRoleUser: { // AssumedRoleUser
* // AssumedRoleId: "STRING_VALUE", // required
* // Arn: "STRING_VALUE", // required
* // },
* // PackedPolicySize: Number("int"),
* // Subject: "STRING_VALUE",
* // SubjectType: "STRING_VALUE",
* // Issuer: "STRING_VALUE",
* // Audience: "STRING_VALUE",
* // NameQualifier: "STRING_VALUE",
* // SourceIdentity: "STRING_VALUE",
* // };
*
* ```
*
* @param AssumeRoleWithSAMLCommandInput - {@link AssumeRoleWithSAMLCommandInput}
* @returns {@link AssumeRoleWithSAMLCommandOutput}
* @see {@link AssumeRoleWithSAMLCommandInput} for command's `input` shape.
* @see {@link AssumeRoleWithSAMLCommandOutput} for command's `response` shape.
* @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
*
* @throws {@link ExpiredTokenException} (client fault)
* <p>The web identity token that was passed is expired or is not valid. Get a new identity
* token from the identity provider and then retry the request.</p>
*
* @throws {@link IDPRejectedClaimException} (client fault)
* <p>The identity provider (IdP) reported that authentication failed. This might be because
* the claim is invalid.</p>
* <p>If this error is returned for the <code>AssumeRoleWithWebIdentity</code> operation, it
* can also mean that the claim has expired or has been explicitly revoked. </p>
*
* @throws {@link InvalidIdentityTokenException} (client fault)
* <p>The web identity token that was passed could not be validated by Amazon Web Services. Get a new
* identity token from the identity provider and then retry the request.</p>
*
* @throws {@link MalformedPolicyDocumentException} (client fault)
* <p>The request was rejected because the policy document was malformed. The error message
* describes the specific error.</p>
*
* @throws {@link PackedPolicyTooLargeException} (client fault)
* <p>The request was rejected because the total packed size of the session policies and
* session tags combined was too large. An Amazon Web Services conversion compresses the session policy
* document, session policy ARNs, and session tags into a packed binary format that has a
* separate limit. The error message indicates by percentage how close the policies and
* tags are to the upper size limit. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in
* the <i>IAM User Guide</i>.</p>
* <p>You could receive this error even though you meet other defined session policy and
* session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity Character Limits</a> in the <i>IAM User
* Guide</i>.</p>
*
* @throws {@link RegionDisabledException} (client fault)
* <p>STS is not activated in the requested region for the account that is being asked to
* generate credentials. The account administrator must use the IAM console to activate
* STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM
* User Guide</i>.</p>
*
* @throws {@link STSServiceException}
* <p>Base exception class for all service exceptions from STS service.</p>
*
*
* @example To assume a role using a SAML assertion
* ```javascript
* //
* const input = {
* DurationSeconds: 3600,
* PrincipalArn: "arn:aws:iam::123456789012:saml-provider/SAML-test",
* RoleArn: "arn:aws:iam::123456789012:role/TestSaml",
* SAMLAssertion: "VERYLONGENCODEDASSERTIONEXAMPLExzYW1sOkF1ZGllbmNlPmJsYW5rPC9zYW1sOkF1ZGllbmNlPjwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjwvc2FtbDpDb25kaXRpb25zPjxzYW1sOlN1YmplY3Q+PHNhbWw6TmFtZUlEIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6dHJhbnNpZW50Ij5TYW1sRXhhbXBsZTwvc2FtbDpOYW1lSUQ+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAxOS0xMS0wMVQyMDoyNTowNS4xNDVaIiBSZWNpcGllbnQ9Imh0dHBzOi8vc2lnbmluLmF3cy5hbWF6b24uY29tL3NhbWwiLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj48L3NhbWw6U3ViamVjdD48c2FtbDpBdXRoblN0YXRlbWVudCBBdXRoPD94bWwgdmpSZXNwb25zZT4="
* };
* const command = new AssumeRoleWithSAMLCommand(input);
* const response = await client.send(command);
* /* response is
* {
* AssumedRoleUser: {
* Arn: "arn:aws:sts::123456789012:assumed-role/TestSaml",
* AssumedRoleId: "ARO456EXAMPLE789:TestSaml"
* },
* Audience: "https://signin.aws.amazon.com/saml",
* Credentials: {
* AccessKeyId: "ASIAV3ZUEFP6EXAMPLE",
* Expiration: "2019-11-01T20:26:47Z",
* SecretAccessKey: "8P+SQvWIuLnKhh8d++jpw0nNmQRBZvNEXAMPLEKEY",
* SessionToken: "IQoJb3JpZ2luX2VjEOz////////////////////wEXAMPLEtMSJHMEUCIDoKK3JH9uGQE1z0sINr5M4jk+Na8KHDcCYRVjJCZEvOAiEA3OvJGtw1EcViOleS2vhs8VdCKFJQWPQrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz+scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA=="
* },
* Issuer: "https://integ.example.com/idp/shibboleth",
* NameQualifier: "SbdGOnUkh1i4+EXAMPLExL/jEvs=",
* PackedPolicySize: 6,
* Subject: "SamlExample",
* SubjectType: "transient"
* }
* *\/
* ```
*
* @public
*/
export declare class AssumeRoleWithSAMLCommand extends AssumeRoleWithSAMLCommand_base {
/** @internal type navigation helper, not in runtime. */
protected static __types: {
api: {
input: AssumeRoleWithSAMLRequest;
output: AssumeRoleWithSAMLResponse;
};
sdk: {
input: AssumeRoleWithSAMLCommandInput;
output: AssumeRoleWithSAMLCommandOutput;
};
};
}

View File

@@ -0,0 +1,290 @@
import { Command as $Command } from "@smithy/smithy-client";
import type { MetadataBearer as __MetadataBearer } from "@smithy/types";
import type { AssumeRoleWithWebIdentityRequest, AssumeRoleWithWebIdentityResponse } from "../models/models_0";
import type { ServiceInputTypes, ServiceOutputTypes, STSClientResolvedConfig } from "../STSClient";
/**
* @public
*/
export type { __MetadataBearer };
export { $Command };
/**
* @public
*
* The input for {@link AssumeRoleWithWebIdentityCommand}.
*/
export interface AssumeRoleWithWebIdentityCommandInput extends AssumeRoleWithWebIdentityRequest {
}
/**
* @public
*
* The output of {@link AssumeRoleWithWebIdentityCommand}.
*/
export interface AssumeRoleWithWebIdentityCommandOutput extends AssumeRoleWithWebIdentityResponse, __MetadataBearer {
}
declare const AssumeRoleWithWebIdentityCommand_base: {
new (input: AssumeRoleWithWebIdentityCommandInput): import("@smithy/smithy-client").CommandImpl<AssumeRoleWithWebIdentityCommandInput, AssumeRoleWithWebIdentityCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
new (input: AssumeRoleWithWebIdentityCommandInput): import("@smithy/smithy-client").CommandImpl<AssumeRoleWithWebIdentityCommandInput, AssumeRoleWithWebIdentityCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
};
/**
* <p>Returns a set of temporary security credentials for users who have been authenticated in
* a mobile or web application with a web identity provider. Example providers include the
* OAuth 2.0 providers Login with Amazon and Facebook, or any OpenID Connect-compatible
* identity provider such as Google or <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html">Amazon Cognito federated identities</a>.</p>
* <note>
* <p>For mobile applications, we recommend that you use Amazon Cognito. You can use Amazon Cognito with the
* <a href="http://aws.amazon.com/sdkforios/">Amazon Web Services SDK for iOS Developer Guide</a> and the <a href="http://aws.amazon.com/sdkforandroid/">Amazon Web Services SDK for Android Developer Guide</a> to uniquely
* identify a user. You can also supply the user with a consistent identity throughout the
* lifetime of an application.</p>
* <p>To learn more about Amazon Cognito, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html">Amazon Cognito identity
* pools</a> in <i>Amazon Cognito Developer Guide</i>.</p>
* </note>
* <p>Calling <code>AssumeRoleWithWebIdentity</code> does not require the use of Amazon Web Services
* security credentials. Therefore, you can distribute an application (for example, on mobile
* devices) that requests temporary security credentials without including long-term Amazon Web Services
* credentials in the application. You also don't need to deploy server-based proxy services
* that use long-term Amazon Web Services credentials. Instead, the identity of the caller is validated by
* using a token from the web identity provider. For a comparison of
* <code>AssumeRoleWithWebIdentity</code> with the other API operations that produce
* temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting Temporary Security
* Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_sts-comparison.html">Compare STS
* credentials</a> in the <i>IAM User Guide</i>.</p>
* <p>The temporary security credentials returned by this API consist of an access key ID, a
* secret access key, and a security token. Applications can use these temporary security
* credentials to sign calls to Amazon Web Services service API operations.</p>
* <p>
* <b>Session Duration</b>
* </p>
* <p>By default, the temporary security credentials created by
* <code>AssumeRoleWithWebIdentity</code> last for one hour. However, you can use the
* optional <code>DurationSeconds</code> parameter to specify the duration of your session.
* You can provide a value from 900 seconds (15 minutes) up to the maximum session duration
* setting for the role. This setting can have a value from 1 hour to 12 hours. To learn how
* to view the maximum value for your role, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_update-role-settings.html#id_roles_update-session-duration">Update the maximum session duration for a role </a> in the
* <i>IAM User Guide</i>. The maximum session duration limit applies when
* you use the <code>AssumeRole*</code> API operations or the <code>assume-role*</code> CLI
* commands. However the limit does not apply when you use those operations to create a
* console URL. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html">Using IAM Roles</a> in the
* <i>IAM User Guide</i>. </p>
* <p>
* <b>Permissions</b>
* </p>
* <p>The temporary security credentials created by <code>AssumeRoleWithWebIdentity</code> can
* be used to make API calls to any Amazon Web Services service with the following exception: you cannot
* call the STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API
* operations.</p>
* <p>(Optional) You can pass inline or managed <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">session policies</a> to
* this operation. You can pass a single JSON policy document to use as an inline session
* policy. You can also specify up to 10 managed policy Amazon Resource Names (ARNs) to use as
* managed session policies. The plaintext that you use for both inline and managed session
* policies can't exceed 2,048 characters. Passing policies to this operation returns new
* temporary credentials. The resulting session's permissions are the intersection of the
* role's identity-based policy and the session policies. You can use the role's temporary
* credentials in subsequent Amazon Web Services API calls to access resources in the account that owns
* the role. You cannot use session policies to grant more permissions than those allowed
* by the identity-based policy of the role that is being assumed. For more information, see
* <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">Session
* Policies</a> in the <i>IAM User Guide</i>.</p>
* <p>
* <b>Tags</b>
* </p>
* <p>(Optional) You can configure your IdP to pass attributes into your web identity token as
* session tags. Each session tag consists of a key name and an associated value. For more
* information about session tags, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_adding-assume-role-idp">Passing
* session tags using AssumeRoleWithWebIdentity</a> in the
* <i>IAM User Guide</i>.</p>
* <p>You can pass up to 50 session tags. The plaintext session tag keys cant exceed 128
* characters and the values cant exceed 256 characters. For these and additional limits, see
* <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length">IAM
* and STS Character Limits</a> in the <i>IAM User Guide</i>.</p>
* <note>
* <p>An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs,
* and session tags into a packed binary format that has a separate limit. Your request can
* fail for this limit even if your plaintext meets the other requirements. The
* <code>PackedPolicySize</code> response element indicates by percentage how close the
* policies and tags for your request are to the upper size limit.</p>
* </note>
* <p>You can pass a session tag with the same key as a tag that is attached to the role. When
* you do, the session tag overrides the role tag with the same key.</p>
* <p>An administrator must grant you the permissions necessary to pass session tags. The
* administrator can also create granular permissions to allow you to pass only specific
* session tags. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html">Tutorial: Using Tags
* for Attribute-Based Access Control</a> in the
* <i>IAM User Guide</i>.</p>
* <p>You can set the session tags as transitive. Transitive tags persist during role
* chaining. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining">Chaining Roles
* with Session Tags</a> in the <i>IAM User Guide</i>.</p>
* <p>
* <b>Identities</b>
* </p>
* <p>Before your application can call <code>AssumeRoleWithWebIdentity</code>, you must have
* an identity token from a supported identity provider and create a role that the application
* can assume. The role that your application assumes must trust the identity provider that is
* associated with the identity token. In other words, the identity provider must be specified
* in the role's trust policy. </p>
* <important>
* <p>Calling <code>AssumeRoleWithWebIdentity</code> can result in an entry in your
* CloudTrail logs. The entry includes the <a href="http://openid.net/specs/openid-connect-core-1_0.html#Claims">Subject</a> of
* the provided web identity token. We recommend that you avoid using any personally
* identifiable information (PII) in this field. For example, you could instead use a GUID
* or a pairwise identifier, as <a href="http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes">suggested
* in the OIDC specification</a>.</p>
* </important>
* <p>For more information about how to use OIDC federation and the
* <code>AssumeRoleWithWebIdentity</code> API, see the following resources: </p>
* <ul>
* <li>
* <p>
* <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html">Using Web Identity Federation API Operations for Mobile Apps</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity">Federation Through a Web-based Identity Provider</a>. </p>
* </li>
* <li>
* <p>
* <a href="http://aws.amazon.com/sdkforios/">Amazon Web Services SDK for iOS Developer Guide</a> and <a href="http://aws.amazon.com/sdkforandroid/">Amazon Web Services SDK for Android Developer Guide</a>. These toolkits
* contain sample apps that show how to invoke the identity providers. The toolkits then
* show how to use the information from these providers to get and use temporary
* security credentials. </p>
* </li>
* </ul>
* @example
* Use a bare-bones client and the command you need to make an API call.
* ```javascript
* import { STSClient, AssumeRoleWithWebIdentityCommand } from "@aws-sdk/client-sts"; // ES Modules import
* // const { STSClient, AssumeRoleWithWebIdentityCommand } = require("@aws-sdk/client-sts"); // CommonJS import
* // import type { STSClientConfig } from "@aws-sdk/client-sts";
* const config = {}; // type is STSClientConfig
* const client = new STSClient(config);
* const input = { // AssumeRoleWithWebIdentityRequest
* RoleArn: "STRING_VALUE", // required
* RoleSessionName: "STRING_VALUE", // required
* WebIdentityToken: "STRING_VALUE", // required
* ProviderId: "STRING_VALUE",
* PolicyArns: [ // policyDescriptorListType
* { // PolicyDescriptorType
* arn: "STRING_VALUE",
* },
* ],
* Policy: "STRING_VALUE",
* DurationSeconds: Number("int"),
* };
* const command = new AssumeRoleWithWebIdentityCommand(input);
* const response = await client.send(command);
* // { // AssumeRoleWithWebIdentityResponse
* // Credentials: { // Credentials
* // AccessKeyId: "STRING_VALUE", // required
* // SecretAccessKey: "STRING_VALUE", // required
* // SessionToken: "STRING_VALUE", // required
* // Expiration: new Date("TIMESTAMP"), // required
* // },
* // SubjectFromWebIdentityToken: "STRING_VALUE",
* // AssumedRoleUser: { // AssumedRoleUser
* // AssumedRoleId: "STRING_VALUE", // required
* // Arn: "STRING_VALUE", // required
* // },
* // PackedPolicySize: Number("int"),
* // Provider: "STRING_VALUE",
* // Audience: "STRING_VALUE",
* // SourceIdentity: "STRING_VALUE",
* // };
*
* ```
*
* @param AssumeRoleWithWebIdentityCommandInput - {@link AssumeRoleWithWebIdentityCommandInput}
* @returns {@link AssumeRoleWithWebIdentityCommandOutput}
* @see {@link AssumeRoleWithWebIdentityCommandInput} for command's `input` shape.
* @see {@link AssumeRoleWithWebIdentityCommandOutput} for command's `response` shape.
* @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
*
* @throws {@link ExpiredTokenException} (client fault)
* <p>The web identity token that was passed is expired or is not valid. Get a new identity
* token from the identity provider and then retry the request.</p>
*
* @throws {@link IDPCommunicationErrorException} (client fault)
* <p>The request could not be fulfilled because the identity provider (IDP) that was asked
* to verify the incoming identity token could not be reached. This is often a transient
* error caused by network conditions. Retry the request a limited number of times so that
* you don't exceed the request rate. If the error persists, the identity provider might be
* down or not responding.</p>
*
* @throws {@link IDPRejectedClaimException} (client fault)
* <p>The identity provider (IdP) reported that authentication failed. This might be because
* the claim is invalid.</p>
* <p>If this error is returned for the <code>AssumeRoleWithWebIdentity</code> operation, it
* can also mean that the claim has expired or has been explicitly revoked. </p>
*
* @throws {@link InvalidIdentityTokenException} (client fault)
* <p>The web identity token that was passed could not be validated by Amazon Web Services. Get a new
* identity token from the identity provider and then retry the request.</p>
*
* @throws {@link MalformedPolicyDocumentException} (client fault)
* <p>The request was rejected because the policy document was malformed. The error message
* describes the specific error.</p>
*
* @throws {@link PackedPolicyTooLargeException} (client fault)
* <p>The request was rejected because the total packed size of the session policies and
* session tags combined was too large. An Amazon Web Services conversion compresses the session policy
* document, session policy ARNs, and session tags into a packed binary format that has a
* separate limit. The error message indicates by percentage how close the policies and
* tags are to the upper size limit. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in
* the <i>IAM User Guide</i>.</p>
* <p>You could receive this error even though you meet other defined session policy and
* session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity Character Limits</a> in the <i>IAM User
* Guide</i>.</p>
*
* @throws {@link RegionDisabledException} (client fault)
* <p>STS is not activated in the requested region for the account that is being asked to
* generate credentials. The account administrator must use the IAM console to activate
* STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM
* User Guide</i>.</p>
*
* @throws {@link STSServiceException}
* <p>Base exception class for all service exceptions from STS service.</p>
*
*
* @example To assume a role as an OpenID Connect-federated user
* ```javascript
* //
* const input = {
* DurationSeconds: 3600,
* Policy: "escaped-JSON-IAM-POLICY",
* ProviderId: "www.amazon.com",
* RoleArn: "arn:aws:iam::123456789012:role/FederatedWebIdentityRole",
* RoleSessionName: "app1",
* WebIdentityToken: "Atza%7CIQEBLjAsAhRFiXuWpUXuRvQ9PZL3GMFcYevydwIUFAHZwXZXXXXXXXXJnrulxKDHwy87oGKPznh0D6bEQZTSCzyoCtL_8S07pLpr0zMbn6w1lfVZKNTBdDansFBmtGnIsIapjI6xKR02Yc_2bQ8LZbUXSGm6Ry6_BG7PrtLZtj_dfCTj92xNGed-CrKqjG7nPBjNIL016GGvuS5gSvPRUxWES3VYfm1wl7WTI7jn-Pcb6M-buCgHhFOzTQxod27L9CqnOLio7N3gZAGpsp6n1-AJBOCJckcyXe2c6uD0srOJeZlKUm2eTDVMf8IehDVI0r1QOnTV6KzzAI3OY87Vd_cVMQ"
* };
* const command = new AssumeRoleWithWebIdentityCommand(input);
* const response = await client.send(command);
* /* response is
* {
* AssumedRoleUser: {
* Arn: "arn:aws:sts::123456789012:assumed-role/FederatedWebIdentityRole/app1",
* AssumedRoleId: "AROACLKWSDQRAOEXAMPLE:app1"
* },
* Audience: "client.5498841531868486423.1548@apps.example.com",
* Credentials: {
* AccessKeyId: "AKIAIOSFODNN7EXAMPLE",
* Expiration: "2014-10-24T23:00:23Z",
* SecretAccessKey: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY",
* SessionToken: "AQoDYXdzEE0a8ANXXXXXXXXNO1ewxE5TijQyp+IEXAMPLE"
* },
* PackedPolicySize: 123,
* Provider: "www.amazon.com",
* SubjectFromWebIdentityToken: "amzn1.account.AF6RHO7KZU5XRVQJGXK6HEXAMPLE"
* }
* *\/
* ```
*
* @public
*/
export declare class AssumeRoleWithWebIdentityCommand extends AssumeRoleWithWebIdentityCommand_base {
/** @internal type navigation helper, not in runtime. */
protected static __types: {
api: {
input: AssumeRoleWithWebIdentityRequest;
output: AssumeRoleWithWebIdentityResponse;
};
sdk: {
input: AssumeRoleWithWebIdentityCommandInput;
output: AssumeRoleWithWebIdentityCommandOutput;
};
};
}

View File

@@ -0,0 +1,137 @@
import { Command as $Command } from "@smithy/smithy-client";
import type { MetadataBearer as __MetadataBearer } from "@smithy/types";
import type { AssumeRootRequest, AssumeRootResponse } from "../models/models_0";
import type { ServiceInputTypes, ServiceOutputTypes, STSClientResolvedConfig } from "../STSClient";
/**
* @public
*/
export type { __MetadataBearer };
export { $Command };
/**
* @public
*
* The input for {@link AssumeRootCommand}.
*/
export interface AssumeRootCommandInput extends AssumeRootRequest {
}
/**
* @public
*
* The output of {@link AssumeRootCommand}.
*/
export interface AssumeRootCommandOutput extends AssumeRootResponse, __MetadataBearer {
}
declare const AssumeRootCommand_base: {
new (input: AssumeRootCommandInput): import("@smithy/smithy-client").CommandImpl<AssumeRootCommandInput, AssumeRootCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
new (input: AssumeRootCommandInput): import("@smithy/smithy-client").CommandImpl<AssumeRootCommandInput, AssumeRootCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
};
/**
* <p>Returns a set of short term credentials you can use to perform privileged tasks on a
* member account in your organization. You must use credentials from an Organizations management
* account or a delegated administrator account for IAM to call <code>AssumeRoot</code>. You
* cannot use root user credentials to make this call.</p>
* <p>Before you can launch a privileged session, you must have centralized root access in
* your organization. For steps to enable this feature, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-enable-root-access.html">Centralize root access for
* member accounts</a> in the <i>IAM User Guide</i>.</p>
* <note>
* <p>The STS global endpoint is not supported for AssumeRoot. You must send this request
* to a Regional STS endpoint. For more information, see <a href="https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html#sts-endpoints">Endpoints</a>.</p>
* </note>
* <p>You can track AssumeRoot in CloudTrail logs to determine what actions were performed in a
* session. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-track-privileged-tasks.html">Track privileged tasks
* in CloudTrail</a> in the <i>IAM User Guide</i>.</p>
* <p>When granting access to privileged tasks you should only grant the necessary permissions
* required to perform that task. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html">Security best practices in
* IAM</a>. In addition, you can use <a href="https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html">service control
* policies</a> (SCPs) to manage and limit permissions in your organization. See <a href="https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples_general.html">General examples</a> in the <i>Organizations User
* Guide</i> for more information on SCPs.</p>
* @example
* Use a bare-bones client and the command you need to make an API call.
* ```javascript
* import { STSClient, AssumeRootCommand } from "@aws-sdk/client-sts"; // ES Modules import
* // const { STSClient, AssumeRootCommand } = require("@aws-sdk/client-sts"); // CommonJS import
* // import type { STSClientConfig } from "@aws-sdk/client-sts";
* const config = {}; // type is STSClientConfig
* const client = new STSClient(config);
* const input = { // AssumeRootRequest
* TargetPrincipal: "STRING_VALUE", // required
* TaskPolicyArn: { // PolicyDescriptorType
* arn: "STRING_VALUE",
* },
* DurationSeconds: Number("int"),
* };
* const command = new AssumeRootCommand(input);
* const response = await client.send(command);
* // { // AssumeRootResponse
* // Credentials: { // Credentials
* // AccessKeyId: "STRING_VALUE", // required
* // SecretAccessKey: "STRING_VALUE", // required
* // SessionToken: "STRING_VALUE", // required
* // Expiration: new Date("TIMESTAMP"), // required
* // },
* // SourceIdentity: "STRING_VALUE",
* // };
*
* ```
*
* @param AssumeRootCommandInput - {@link AssumeRootCommandInput}
* @returns {@link AssumeRootCommandOutput}
* @see {@link AssumeRootCommandInput} for command's `input` shape.
* @see {@link AssumeRootCommandOutput} for command's `response` shape.
* @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
*
* @throws {@link ExpiredTokenException} (client fault)
* <p>The web identity token that was passed is expired or is not valid. Get a new identity
* token from the identity provider and then retry the request.</p>
*
* @throws {@link RegionDisabledException} (client fault)
* <p>STS is not activated in the requested region for the account that is being asked to
* generate credentials. The account administrator must use the IAM console to activate
* STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM
* User Guide</i>.</p>
*
* @throws {@link STSServiceException}
* <p>Base exception class for all service exceptions from STS service.</p>
*
*
* @example To launch a privileged session
* ```javascript
* // The following command retrieves a set of short-term credentials you can use to unlock an S3 bucket for a member account by removing the bucket policy.
* const input = {
* DurationSeconds: 900,
* TargetPrincipal: "111122223333",
* TaskPolicyArn: {
* arn: "arn:aws:iam::aws:policy/root-task/S3UnlockBucketPolicy"
* }
* };
* const command = new AssumeRootCommand(input);
* const response = await client.send(command);
* /* response is
* {
* Credentials: {
* AccessKeyId: "ASIAJEXAMPLEXEG2JICEA",
* Expiration: "2024-11-15T00:05:07Z",
* SecretAccessKey: "9drTJvcXLB89EXAMPLELB8923FB892xMFI",
* SessionToken: "AQoXdzELDDY//////////wEaoAK1wvxJY12r2IrDFT2IvAzTCn3zHoZ7YNtpiQLF0MqZye/qwjzP2iEXAMPLEbw/m3hsj8VBTkPORGvr9jM5sgP+w9IZWZnU+LWhmg+a5fDi2oTGUYcdg9uexQ4mtCHIHfi4citgqZTgco40Yqr4lIlo4V2b2Dyauk0eYFNebHtYlFVgAUj+7Indz3LU0aTWk1WKIjHmmMCIoTkyYp/k7kUG7moeEYKSitwQIi6Gjn+nyzM+PtoA3685ixzv0R7i5rjQi0YE0lf1oeie3bDiNHncmzosRM6SFiPzSvp6h/32xQuZsjcypmwsPSDtTPYcs0+YN/8BRi2/IcrxSpnWEXAMPLEXSDFTAQAM6Dl9zR0tXoybnlrZIwMLlMi1Kcgo5OytwU="
* },
* SourceIdentity: "Alice"
* }
* *\/
* ```
*
* @public
*/
export declare class AssumeRootCommand extends AssumeRootCommand_base {
/** @internal type navigation helper, not in runtime. */
protected static __types: {
api: {
input: AssumeRootRequest;
output: AssumeRootResponse;
};
sdk: {
input: AssumeRootCommandInput;
output: AssumeRootCommandOutput;
};
};
}

View File

@@ -0,0 +1,129 @@
import { Command as $Command } from "@smithy/smithy-client";
import type { MetadataBearer as __MetadataBearer } from "@smithy/types";
import type { DecodeAuthorizationMessageRequest, DecodeAuthorizationMessageResponse } from "../models/models_0";
import type { ServiceInputTypes, ServiceOutputTypes, STSClientResolvedConfig } from "../STSClient";
/**
* @public
*/
export type { __MetadataBearer };
export { $Command };
/**
* @public
*
* The input for {@link DecodeAuthorizationMessageCommand}.
*/
export interface DecodeAuthorizationMessageCommandInput extends DecodeAuthorizationMessageRequest {
}
/**
* @public
*
* The output of {@link DecodeAuthorizationMessageCommand}.
*/
export interface DecodeAuthorizationMessageCommandOutput extends DecodeAuthorizationMessageResponse, __MetadataBearer {
}
declare const DecodeAuthorizationMessageCommand_base: {
new (input: DecodeAuthorizationMessageCommandInput): import("@smithy/smithy-client").CommandImpl<DecodeAuthorizationMessageCommandInput, DecodeAuthorizationMessageCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
new (input: DecodeAuthorizationMessageCommandInput): import("@smithy/smithy-client").CommandImpl<DecodeAuthorizationMessageCommandInput, DecodeAuthorizationMessageCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
};
/**
* <p>Decodes additional information about the authorization status of a request from an
* encoded message returned in response to an Amazon Web Services request.</p>
* <p>For example, if a user is not authorized to perform an operation that he or she has
* requested, the request returns a <code>Client.UnauthorizedOperation</code> response (an
* HTTP 403 response). Some Amazon Web Services operations additionally return an encoded message that can
* provide details about this authorization failure. </p>
* <note>
* <p>Only certain Amazon Web Services operations return an encoded authorization message. The
* documentation for an individual operation indicates whether that operation returns an
* encoded message in addition to returning an HTTP code.</p>
* </note>
* <p>The message is encoded because the details of the authorization status can contain
* privileged information that the user who requested the operation should not see. To decode
* an authorization status message, a user must be granted permissions through an IAM <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html">policy</a> to
* request the <code>DecodeAuthorizationMessage</code>
* (<code>sts:DecodeAuthorizationMessage</code>) action. </p>
* <p>The decoded message includes the following type of information:</p>
* <ul>
* <li>
* <p>Whether the request was denied due to an explicit deny or due to the absence of an
* explicit allow. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow">Determining Whether a Request is Allowed or Denied</a> in the
* <i>IAM User Guide</i>. </p>
* </li>
* <li>
* <p>The principal who made the request.</p>
* </li>
* <li>
* <p>The requested action.</p>
* </li>
* <li>
* <p>The requested resource.</p>
* </li>
* <li>
* <p>The values of condition keys in the context of the user's request.</p>
* </li>
* </ul>
* @example
* Use a bare-bones client and the command you need to make an API call.
* ```javascript
* import { STSClient, DecodeAuthorizationMessageCommand } from "@aws-sdk/client-sts"; // ES Modules import
* // const { STSClient, DecodeAuthorizationMessageCommand } = require("@aws-sdk/client-sts"); // CommonJS import
* // import type { STSClientConfig } from "@aws-sdk/client-sts";
* const config = {}; // type is STSClientConfig
* const client = new STSClient(config);
* const input = { // DecodeAuthorizationMessageRequest
* EncodedMessage: "STRING_VALUE", // required
* };
* const command = new DecodeAuthorizationMessageCommand(input);
* const response = await client.send(command);
* // { // DecodeAuthorizationMessageResponse
* // DecodedMessage: "STRING_VALUE",
* // };
*
* ```
*
* @param DecodeAuthorizationMessageCommandInput - {@link DecodeAuthorizationMessageCommandInput}
* @returns {@link DecodeAuthorizationMessageCommandOutput}
* @see {@link DecodeAuthorizationMessageCommandInput} for command's `input` shape.
* @see {@link DecodeAuthorizationMessageCommandOutput} for command's `response` shape.
* @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
*
* @throws {@link InvalidAuthorizationMessageException} (client fault)
* <p>The error returned if the message passed to <code>DecodeAuthorizationMessage</code>
* was invalid. This can happen if the token contains invalid characters, such as line
* breaks, or if the message has expired.</p>
*
* @throws {@link STSServiceException}
* <p>Base exception class for all service exceptions from STS service.</p>
*
*
* @example To decode information about an authorization status of a request
* ```javascript
* //
* const input = {
* EncodedMessage: "<encoded-message>"
* };
* const command = new DecodeAuthorizationMessageCommand(input);
* const response = await client.send(command);
* /* response is
* {
* DecodedMessage: `{"allowed": "false","explicitDeny": "false","matchedStatements": "","failures": "","context": {"principal": {"id": "AIDACKCEVSQ6C2EXAMPLE","name": "Bob","arn": "arn:aws:iam::123456789012:user/Bob"},"action": "ec2:StopInstances","resource": "arn:aws:ec2:us-east-1:123456789012:instance/i-dd01c9bd","conditions": [{"item": {"key": "ec2:Tenancy","values": ["default"]},{"item": {"key": "ec2:ResourceTag/elasticbeanstalk:environment-name","values": ["Default-Environment"]}},(Additional items ...)]}}`
* }
* *\/
* ```
*
* @public
*/
export declare class DecodeAuthorizationMessageCommand extends DecodeAuthorizationMessageCommand_base {
/** @internal type navigation helper, not in runtime. */
protected static __types: {
api: {
input: DecodeAuthorizationMessageRequest;
output: DecodeAuthorizationMessageResponse;
};
sdk: {
input: DecodeAuthorizationMessageCommandInput;
output: DecodeAuthorizationMessageCommandOutput;
};
};
}

View File

@@ -0,0 +1,90 @@
import { Command as $Command } from "@smithy/smithy-client";
import type { MetadataBearer as __MetadataBearer } from "@smithy/types";
import type { GetAccessKeyInfoRequest, GetAccessKeyInfoResponse } from "../models/models_0";
import type { ServiceInputTypes, ServiceOutputTypes, STSClientResolvedConfig } from "../STSClient";
/**
* @public
*/
export type { __MetadataBearer };
export { $Command };
/**
* @public
*
* The input for {@link GetAccessKeyInfoCommand}.
*/
export interface GetAccessKeyInfoCommandInput extends GetAccessKeyInfoRequest {
}
/**
* @public
*
* The output of {@link GetAccessKeyInfoCommand}.
*/
export interface GetAccessKeyInfoCommandOutput extends GetAccessKeyInfoResponse, __MetadataBearer {
}
declare const GetAccessKeyInfoCommand_base: {
new (input: GetAccessKeyInfoCommandInput): import("@smithy/smithy-client").CommandImpl<GetAccessKeyInfoCommandInput, GetAccessKeyInfoCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
new (input: GetAccessKeyInfoCommandInput): import("@smithy/smithy-client").CommandImpl<GetAccessKeyInfoCommandInput, GetAccessKeyInfoCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
};
/**
* <p>Returns the account identifier for the specified access key ID.</p>
* <p>Access keys consist of two parts: an access key ID (for example,
* <code>AKIAIOSFODNN7EXAMPLE</code>) and a secret access key (for example,
* <code>wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY</code>). For more information about
* access keys, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html">Managing Access Keys for IAM
* Users</a> in the <i>IAM User Guide</i>.</p>
* <p>When you pass an access key ID to this operation, it returns the ID of the Amazon Web Services account
* to which the keys belong. Access key IDs beginning with <code>AKIA</code> are long-term
* credentials for an IAM user or the Amazon Web Services account root user. Access key IDs
* beginning with <code>ASIA</code> are temporary credentials that are created using STS
* operations. If the account in the response belongs to you, you can sign in as the root user and review your root user access keys. Then, you can pull a <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html">credentials
* report</a> to learn which IAM user owns the keys. To learn who
* requested the temporary credentials for an <code>ASIA</code> access key, view the STS
* events in your <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html">CloudTrail logs</a> in the <i>IAM User Guide</i>.</p>
* <p>This operation does not indicate the state of the access key. The key might be active,
* inactive, or deleted. Active keys might not have permissions to perform an operation.
* Providing a deleted access key might return an error that the key doesn't exist.</p>
* @example
* Use a bare-bones client and the command you need to make an API call.
* ```javascript
* import { STSClient, GetAccessKeyInfoCommand } from "@aws-sdk/client-sts"; // ES Modules import
* // const { STSClient, GetAccessKeyInfoCommand } = require("@aws-sdk/client-sts"); // CommonJS import
* // import type { STSClientConfig } from "@aws-sdk/client-sts";
* const config = {}; // type is STSClientConfig
* const client = new STSClient(config);
* const input = { // GetAccessKeyInfoRequest
* AccessKeyId: "STRING_VALUE", // required
* };
* const command = new GetAccessKeyInfoCommand(input);
* const response = await client.send(command);
* // { // GetAccessKeyInfoResponse
* // Account: "STRING_VALUE",
* // };
*
* ```
*
* @param GetAccessKeyInfoCommandInput - {@link GetAccessKeyInfoCommandInput}
* @returns {@link GetAccessKeyInfoCommandOutput}
* @see {@link GetAccessKeyInfoCommandInput} for command's `input` shape.
* @see {@link GetAccessKeyInfoCommandOutput} for command's `response` shape.
* @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
*
* @throws {@link STSServiceException}
* <p>Base exception class for all service exceptions from STS service.</p>
*
*
* @public
*/
export declare class GetAccessKeyInfoCommand extends GetAccessKeyInfoCommand_base {
/** @internal type navigation helper, not in runtime. */
protected static __types: {
api: {
input: GetAccessKeyInfoRequest;
output: GetAccessKeyInfoResponse;
};
sdk: {
input: GetAccessKeyInfoCommandInput;
output: GetAccessKeyInfoCommandOutput;
};
};
}

View File

@@ -0,0 +1,128 @@
import { Command as $Command } from "@smithy/smithy-client";
import type { MetadataBearer as __MetadataBearer } from "@smithy/types";
import type { GetCallerIdentityRequest, GetCallerIdentityResponse } from "../models/models_0";
import type { ServiceInputTypes, ServiceOutputTypes, STSClientResolvedConfig } from "../STSClient";
/**
* @public
*/
export type { __MetadataBearer };
export { $Command };
/**
* @public
*
* The input for {@link GetCallerIdentityCommand}.
*/
export interface GetCallerIdentityCommandInput extends GetCallerIdentityRequest {
}
/**
* @public
*
* The output of {@link GetCallerIdentityCommand}.
*/
export interface GetCallerIdentityCommandOutput extends GetCallerIdentityResponse, __MetadataBearer {
}
declare const GetCallerIdentityCommand_base: {
new (input: GetCallerIdentityCommandInput): import("@smithy/smithy-client").CommandImpl<GetCallerIdentityCommandInput, GetCallerIdentityCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
new (...[input]: [] | [GetCallerIdentityCommandInput]): import("@smithy/smithy-client").CommandImpl<GetCallerIdentityCommandInput, GetCallerIdentityCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
};
/**
* <p>Returns details about the IAM user or role whose credentials are used to
* call the operation.</p>
* <note>
* <p>No permissions are required to perform this operation. If an administrator attaches a
* policy to your identity that explicitly denies access to the
* <code>sts:GetCallerIdentity</code> action, you can still perform this operation.
* Permissions are not required because the same information is returned when access is
* denied. To view an example response, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa">I Am Not Authorized to Perform: iam:DeleteVirtualMFADevice</a> in the
* <i>IAM User Guide</i>.</p>
* </note>
* @example
* Use a bare-bones client and the command you need to make an API call.
* ```javascript
* import { STSClient, GetCallerIdentityCommand } from "@aws-sdk/client-sts"; // ES Modules import
* // const { STSClient, GetCallerIdentityCommand } = require("@aws-sdk/client-sts"); // CommonJS import
* // import type { STSClientConfig } from "@aws-sdk/client-sts";
* const config = {}; // type is STSClientConfig
* const client = new STSClient(config);
* const input = {};
* const command = new GetCallerIdentityCommand(input);
* const response = await client.send(command);
* // { // GetCallerIdentityResponse
* // UserId: "STRING_VALUE",
* // Account: "STRING_VALUE",
* // Arn: "STRING_VALUE",
* // };
*
* ```
*
* @param GetCallerIdentityCommandInput - {@link GetCallerIdentityCommandInput}
* @returns {@link GetCallerIdentityCommandOutput}
* @see {@link GetCallerIdentityCommandInput} for command's `input` shape.
* @see {@link GetCallerIdentityCommandOutput} for command's `response` shape.
* @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
*
* @throws {@link STSServiceException}
* <p>Base exception class for all service exceptions from STS service.</p>
*
*
* @example To get details about a calling IAM user
* ```javascript
* // This example shows a request and response made with the credentials for a user named Alice in the AWS account 123456789012.
* const input = { /* empty *\/ };
* const command = new GetCallerIdentityCommand(input);
* const response = await client.send(command);
* /* response is
* {
* Account: "123456789012",
* Arn: "arn:aws:iam::123456789012:user/Alice",
* UserId: "AKIAI44QH8DHBEXAMPLE"
* }
* *\/
* ```
*
* @example To get details about a calling user federated with AssumeRole
* ```javascript
* // This example shows a request and response made with temporary credentials created by AssumeRole. The name of the assumed role is my-role-name, and the RoleSessionName is set to my-role-session-name.
* const input = { /* empty *\/ };
* const command = new GetCallerIdentityCommand(input);
* const response = await client.send(command);
* /* response is
* {
* Account: "123456789012",
* Arn: "arn:aws:sts::123456789012:assumed-role/my-role-name/my-role-session-name",
* UserId: "AKIAI44QH8DHBEXAMPLE:my-role-session-name"
* }
* *\/
* ```
*
* @example To get details about a calling user federated with GetFederationToken
* ```javascript
* // This example shows a request and response made with temporary credentials created by using GetFederationToken. The Name parameter is set to my-federated-user-name.
* const input = { /* empty *\/ };
* const command = new GetCallerIdentityCommand(input);
* const response = await client.send(command);
* /* response is
* {
* Account: "123456789012",
* Arn: "arn:aws:sts::123456789012:federated-user/my-federated-user-name",
* UserId: "123456789012:my-federated-user-name"
* }
* *\/
* ```
*
* @public
*/
export declare class GetCallerIdentityCommand extends GetCallerIdentityCommand_base {
/** @internal type navigation helper, not in runtime. */
protected static __types: {
api: {
input: {};
output: GetCallerIdentityResponse;
};
sdk: {
input: GetCallerIdentityCommandInput;
output: GetCallerIdentityCommandOutput;
};
};
}

View File

@@ -0,0 +1,105 @@
import { Command as $Command } from "@smithy/smithy-client";
import type { MetadataBearer as __MetadataBearer } from "@smithy/types";
import type { GetDelegatedAccessTokenRequest, GetDelegatedAccessTokenResponse } from "../models/models_0";
import type { ServiceInputTypes, ServiceOutputTypes, STSClientResolvedConfig } from "../STSClient";
/**
* @public
*/
export type { __MetadataBearer };
export { $Command };
/**
* @public
*
* The input for {@link GetDelegatedAccessTokenCommand}.
*/
export interface GetDelegatedAccessTokenCommandInput extends GetDelegatedAccessTokenRequest {
}
/**
* @public
*
* The output of {@link GetDelegatedAccessTokenCommand}.
*/
export interface GetDelegatedAccessTokenCommandOutput extends GetDelegatedAccessTokenResponse, __MetadataBearer {
}
declare const GetDelegatedAccessTokenCommand_base: {
new (input: GetDelegatedAccessTokenCommandInput): import("@smithy/smithy-client").CommandImpl<GetDelegatedAccessTokenCommandInput, GetDelegatedAccessTokenCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
new (input: GetDelegatedAccessTokenCommandInput): import("@smithy/smithy-client").CommandImpl<GetDelegatedAccessTokenCommandInput, GetDelegatedAccessTokenCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
};
/**
* <p>Exchanges a trade-in token for temporary Amazon Web Services credentials with the permissions
* associated with the assumed principal. This operation allows you to obtain credentials for
* a specific principal based on a trade-in token, enabling delegation of access to Amazon Web Services
* resources.</p>
* @example
* Use a bare-bones client and the command you need to make an API call.
* ```javascript
* import { STSClient, GetDelegatedAccessTokenCommand } from "@aws-sdk/client-sts"; // ES Modules import
* // const { STSClient, GetDelegatedAccessTokenCommand } = require("@aws-sdk/client-sts"); // CommonJS import
* // import type { STSClientConfig } from "@aws-sdk/client-sts";
* const config = {}; // type is STSClientConfig
* const client = new STSClient(config);
* const input = { // GetDelegatedAccessTokenRequest
* TradeInToken: "STRING_VALUE", // required
* };
* const command = new GetDelegatedAccessTokenCommand(input);
* const response = await client.send(command);
* // { // GetDelegatedAccessTokenResponse
* // Credentials: { // Credentials
* // AccessKeyId: "STRING_VALUE", // required
* // SecretAccessKey: "STRING_VALUE", // required
* // SessionToken: "STRING_VALUE", // required
* // Expiration: new Date("TIMESTAMP"), // required
* // },
* // PackedPolicySize: Number("int"),
* // AssumedPrincipal: "STRING_VALUE",
* // };
*
* ```
*
* @param GetDelegatedAccessTokenCommandInput - {@link GetDelegatedAccessTokenCommandInput}
* @returns {@link GetDelegatedAccessTokenCommandOutput}
* @see {@link GetDelegatedAccessTokenCommandInput} for command's `input` shape.
* @see {@link GetDelegatedAccessTokenCommandOutput} for command's `response` shape.
* @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
*
* @throws {@link ExpiredTradeInTokenException} (client fault)
* <p>The trade-in token provided in the request has expired and can no longer be exchanged
* for credentials. Request a new token and retry the operation.</p>
*
* @throws {@link PackedPolicyTooLargeException} (client fault)
* <p>The request was rejected because the total packed size of the session policies and
* session tags combined was too large. An Amazon Web Services conversion compresses the session policy
* document, session policy ARNs, and session tags into a packed binary format that has a
* separate limit. The error message indicates by percentage how close the policies and
* tags are to the upper size limit. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in
* the <i>IAM User Guide</i>.</p>
* <p>You could receive this error even though you meet other defined session policy and
* session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity Character Limits</a> in the <i>IAM User
* Guide</i>.</p>
*
* @throws {@link RegionDisabledException} (client fault)
* <p>STS is not activated in the requested region for the account that is being asked to
* generate credentials. The account administrator must use the IAM console to activate
* STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM
* User Guide</i>.</p>
*
* @throws {@link STSServiceException}
* <p>Base exception class for all service exceptions from STS service.</p>
*
*
* @public
*/
export declare class GetDelegatedAccessTokenCommand extends GetDelegatedAccessTokenCommand_base {
/** @internal type navigation helper, not in runtime. */
protected static __types: {
api: {
input: GetDelegatedAccessTokenRequest;
output: GetDelegatedAccessTokenResponse;
};
sdk: {
input: GetDelegatedAccessTokenCommandInput;
output: GetDelegatedAccessTokenCommandOutput;
};
};
}

View File

@@ -0,0 +1,243 @@
import { Command as $Command } from "@smithy/smithy-client";
import type { MetadataBearer as __MetadataBearer } from "@smithy/types";
import type { GetFederationTokenRequest, GetFederationTokenResponse } from "../models/models_0";
import type { ServiceInputTypes, ServiceOutputTypes, STSClientResolvedConfig } from "../STSClient";
/**
* @public
*/
export type { __MetadataBearer };
export { $Command };
/**
* @public
*
* The input for {@link GetFederationTokenCommand}.
*/
export interface GetFederationTokenCommandInput extends GetFederationTokenRequest {
}
/**
* @public
*
* The output of {@link GetFederationTokenCommand}.
*/
export interface GetFederationTokenCommandOutput extends GetFederationTokenResponse, __MetadataBearer {
}
declare const GetFederationTokenCommand_base: {
new (input: GetFederationTokenCommandInput): import("@smithy/smithy-client").CommandImpl<GetFederationTokenCommandInput, GetFederationTokenCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
new (input: GetFederationTokenCommandInput): import("@smithy/smithy-client").CommandImpl<GetFederationTokenCommandInput, GetFederationTokenCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
};
/**
* <p>Returns a set of temporary security credentials (consisting of an access key ID, a
* secret access key, and a security token) for a user. A typical use is in a proxy
* application that gets temporary security credentials on behalf of distributed applications
* inside a corporate network.</p>
* <p>You must call the <code>GetFederationToken</code> operation using the long-term security
* credentials of an IAM user. As a result, this call is appropriate in
* contexts where those credentials can be safeguarded, usually in a server-based application.
* For a comparison of <code>GetFederationToken</code> with the other API operations that
* produce temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting Temporary Security
* Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_sts-comparison.html">Compare STS
* credentials</a> in the <i>IAM User Guide</i>.</p>
* <p>Although it is possible to call <code>GetFederationToken</code> using the security
* credentials of an Amazon Web Services account root user rather than an IAM user that you
* create for the purpose of a proxy application, we do not recommend it. For more
* information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials">Safeguard your root user credentials and don't use them for everyday tasks</a> in the
* <i>IAM User Guide</i>. </p>
* <note>
* <p>You can create a mobile-based or browser-based app that can authenticate users using
* a web identity provider like Login with Amazon, Facebook, Google, or an OpenID
* Connect-compatible identity provider. In this case, we recommend that you use <a href="http://aws.amazon.com/cognito/">Amazon Cognito</a> or
* <code>AssumeRoleWithWebIdentity</code>. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity">Federation Through a Web-based Identity Provider</a> in the
* <i>IAM User Guide</i>.</p>
* </note>
* <p>
* <b>Session duration</b>
* </p>
* <p>The temporary credentials are valid for the specified duration, from 900 seconds (15
* minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is
* 43,200 seconds (12 hours). Temporary credentials obtained by using the root user
* credentials have a maximum duration of 3,600 seconds (1 hour).</p>
* <p>
* <b>Permissions</b>
* </p>
* <p>You can use the temporary credentials created by <code>GetFederationToken</code> in any
* Amazon Web Services service with the following exceptions:</p>
* <ul>
* <li>
* <p>You cannot call any IAM operations using the CLI or the Amazon Web Services API. This
* limitation does not apply to console sessions.</p>
* </li>
* <li>
* <p>You cannot call any STS operations except <code>GetCallerIdentity</code>.</p>
* </li>
* </ul>
* <p>You can use temporary credentials for single sign-on (SSO) to the console.</p>
* <p>You must pass an inline or managed <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">session policy</a> to
* this operation. You can pass a single JSON policy document to use as an inline session
* policy. You can also specify up to 10 managed policy Amazon Resource Names (ARNs) to use as
* managed session policies. The plaintext that you use for both inline and managed session
* policies can't exceed 2,048 characters.</p>
* <p>Though the session policy parameters are optional, if you do not pass a policy, then the
* resulting federated user session has no permissions. When you pass session policies, the
* session permissions are the intersection of the IAM user policies and the
* session policies that you pass. This gives you a way to further restrict the permissions
* for a federated user. You cannot use session policies to grant more permissions than those
* that are defined in the permissions policy of the IAM user. For more
* information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">Session Policies</a> in
* the <i>IAM User Guide</i>. For information about using
* <code>GetFederationToken</code> to create temporary security credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken">GetFederationToken—Federation Through a Custom Identity Broker</a>. </p>
* <p>You can use the credentials to access a resource that has a resource-based policy. If
* that policy specifically references the federated user session in the
* <code>Principal</code> element of the policy, the session has the permissions allowed by
* the policy. These permissions are granted in addition to the permissions granted by the
* session policies.</p>
* <p>
* <b>Tags</b>
* </p>
* <p>(Optional) You can pass tag key-value pairs to your session. These are called session
* tags. For more information about session tags, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in the
* <i>IAM User Guide</i>.</p>
* <note>
* <p>You can create a mobile-based or browser-based app that can authenticate users using
* a web identity provider like Login with Amazon, Facebook, Google, or an OpenID
* Connect-compatible identity provider. In this case, we recommend that you use <a href="http://aws.amazon.com/cognito/">Amazon Cognito</a> or
* <code>AssumeRoleWithWebIdentity</code>. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity">Federation Through a Web-based Identity Provider</a> in the
* <i>IAM User Guide</i>.</p>
* </note>
* <p>An administrator must grant you the permissions necessary to pass session tags. The
* administrator can also create granular permissions to allow you to pass only specific
* session tags. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html">Tutorial: Using Tags
* for Attribute-Based Access Control</a> in the
* <i>IAM User Guide</i>.</p>
* <p>Tag keyvalue pairs are not case sensitive, but case is preserved. This means that you
* cannot have separate <code>Department</code> and <code>department</code> tag keys. Assume
* that the user that you are federating has the
* <code>Department</code>=<code>Marketing</code> tag and you pass the
* <code>department</code>=<code>engineering</code> session tag. <code>Department</code>
* and <code>department</code> are not saved as separate tags, and the session tag passed in
* the request takes precedence over the user tag.</p>
* @example
* Use a bare-bones client and the command you need to make an API call.
* ```javascript
* import { STSClient, GetFederationTokenCommand } from "@aws-sdk/client-sts"; // ES Modules import
* // const { STSClient, GetFederationTokenCommand } = require("@aws-sdk/client-sts"); // CommonJS import
* // import type { STSClientConfig } from "@aws-sdk/client-sts";
* const config = {}; // type is STSClientConfig
* const client = new STSClient(config);
* const input = { // GetFederationTokenRequest
* Name: "STRING_VALUE", // required
* Policy: "STRING_VALUE",
* PolicyArns: [ // policyDescriptorListType
* { // PolicyDescriptorType
* arn: "STRING_VALUE",
* },
* ],
* DurationSeconds: Number("int"),
* Tags: [ // tagListType
* { // Tag
* Key: "STRING_VALUE", // required
* Value: "STRING_VALUE", // required
* },
* ],
* };
* const command = new GetFederationTokenCommand(input);
* const response = await client.send(command);
* // { // GetFederationTokenResponse
* // Credentials: { // Credentials
* // AccessKeyId: "STRING_VALUE", // required
* // SecretAccessKey: "STRING_VALUE", // required
* // SessionToken: "STRING_VALUE", // required
* // Expiration: new Date("TIMESTAMP"), // required
* // },
* // FederatedUser: { // FederatedUser
* // FederatedUserId: "STRING_VALUE", // required
* // Arn: "STRING_VALUE", // required
* // },
* // PackedPolicySize: Number("int"),
* // };
*
* ```
*
* @param GetFederationTokenCommandInput - {@link GetFederationTokenCommandInput}
* @returns {@link GetFederationTokenCommandOutput}
* @see {@link GetFederationTokenCommandInput} for command's `input` shape.
* @see {@link GetFederationTokenCommandOutput} for command's `response` shape.
* @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
*
* @throws {@link MalformedPolicyDocumentException} (client fault)
* <p>The request was rejected because the policy document was malformed. The error message
* describes the specific error.</p>
*
* @throws {@link PackedPolicyTooLargeException} (client fault)
* <p>The request was rejected because the total packed size of the session policies and
* session tags combined was too large. An Amazon Web Services conversion compresses the session policy
* document, session policy ARNs, and session tags into a packed binary format that has a
* separate limit. The error message indicates by percentage how close the policies and
* tags are to the upper size limit. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in
* the <i>IAM User Guide</i>.</p>
* <p>You could receive this error even though you meet other defined session policy and
* session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity Character Limits</a> in the <i>IAM User
* Guide</i>.</p>
*
* @throws {@link RegionDisabledException} (client fault)
* <p>STS is not activated in the requested region for the account that is being asked to
* generate credentials. The account administrator must use the IAM console to activate
* STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM
* User Guide</i>.</p>
*
* @throws {@link STSServiceException}
* <p>Base exception class for all service exceptions from STS service.</p>
*
*
* @example To get temporary credentials for a role by using GetFederationToken
* ```javascript
* //
* const input = {
* DurationSeconds: 3600,
* Name: "testFedUserSession",
* Policy: "escaped-JSON-IAM-POLICY",
* Tags: [
* {
* Key: "Project",
* Value: "Pegasus"
* },
* {
* Key: "Cost-Center",
* Value: "98765"
* }
* ]
* };
* const command = new GetFederationTokenCommand(input);
* const response = await client.send(command);
* /* response is
* {
* Credentials: {
* AccessKeyId: "AKIAIOSFODNN7EXAMPLE",
* Expiration: "2011-07-15T23:28:33.359Z",
* SecretAccessKey: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY",
* SessionToken: "AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQWLWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGdQrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz+scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA=="
* },
* FederatedUser: {
* Arn: "arn:aws:sts::123456789012:federated-user/Bob",
* FederatedUserId: "123456789012:Bob"
* },
* PackedPolicySize: 8
* }
* *\/
* ```
*
* @public
*/
export declare class GetFederationTokenCommand extends GetFederationTokenCommand_base {
/** @internal type navigation helper, not in runtime. */
protected static __types: {
api: {
input: GetFederationTokenRequest;
output: GetFederationTokenResponse;
};
sdk: {
input: GetFederationTokenCommandInput;
output: GetFederationTokenCommandOutput;
};
};
}

View File

@@ -0,0 +1,167 @@
import { Command as $Command } from "@smithy/smithy-client";
import type { MetadataBearer as __MetadataBearer } from "@smithy/types";
import type { GetSessionTokenRequest, GetSessionTokenResponse } from "../models/models_0";
import type { ServiceInputTypes, ServiceOutputTypes, STSClientResolvedConfig } from "../STSClient";
/**
* @public
*/
export type { __MetadataBearer };
export { $Command };
/**
* @public
*
* The input for {@link GetSessionTokenCommand}.
*/
export interface GetSessionTokenCommandInput extends GetSessionTokenRequest {
}
/**
* @public
*
* The output of {@link GetSessionTokenCommand}.
*/
export interface GetSessionTokenCommandOutput extends GetSessionTokenResponse, __MetadataBearer {
}
declare const GetSessionTokenCommand_base: {
new (input: GetSessionTokenCommandInput): import("@smithy/smithy-client").CommandImpl<GetSessionTokenCommandInput, GetSessionTokenCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
new (...[input]: [] | [GetSessionTokenCommandInput]): import("@smithy/smithy-client").CommandImpl<GetSessionTokenCommandInput, GetSessionTokenCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
};
/**
* <p>Returns a set of temporary credentials for an Amazon Web Services account or IAM user.
* The credentials consist of an access key ID, a secret access key, and a security token.
* Typically, you use <code>GetSessionToken</code> if you want to use MFA to protect
* programmatic calls to specific Amazon Web Services API operations like Amazon EC2
* <code>StopInstances</code>.</p>
* <p>MFA-enabled IAM users must call <code>GetSessionToken</code> and submit
* an MFA code that is associated with their MFA device. Using the temporary security
* credentials that the call returns, IAM users can then make programmatic
* calls to API operations that require MFA authentication. An incorrect MFA code causes the
* API to return an access denied error. For a comparison of <code>GetSessionToken</code> with
* the other API operations that produce temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting
* Temporary Security Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_sts-comparison.html">Compare STS
* credentials</a> in the <i>IAM User Guide</i>.</p>
* <note>
* <p>No permissions are required for users to perform this operation. The purpose of the
* <code>sts:GetSessionToken</code> operation is to authenticate the user using MFA. You
* cannot use policies to control authentication operations. For more information, see
* <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html">Permissions for GetSessionToken</a> in the
* <i>IAM User Guide</i>.</p>
* </note>
* <p>
* <b>Session Duration</b>
* </p>
* <p>The <code>GetSessionToken</code> operation must be called by using the long-term Amazon Web Services
* security credentials of an IAM user. Credentials that are created by IAM users are valid for the duration that you specify. This duration can range
* from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours), with a default
* of 43,200 seconds (12 hours). Credentials based on account credentials can range from 900
* seconds (15 minutes) up to 3,600 seconds (1 hour), with a default of 1 hour. </p>
* <p>
* <b>Permissions</b>
* </p>
* <p>The temporary security credentials created by <code>GetSessionToken</code> can be used
* to make API calls to any Amazon Web Services service with the following exceptions:</p>
* <ul>
* <li>
* <p>You cannot call any IAM API operations unless MFA authentication information is
* included in the request.</p>
* </li>
* <li>
* <p>You cannot call any STS API <i>except</i>
* <code>AssumeRole</code> or <code>GetCallerIdentity</code>.</p>
* </li>
* </ul>
* <p>The credentials that <code>GetSessionToken</code> returns are based on permissions
* associated with the IAM user whose credentials were used to call the
* operation. The temporary credentials have the same permissions as the IAM user.</p>
* <note>
* <p>Although it is possible to call <code>GetSessionToken</code> using the security
* credentials of an Amazon Web Services account root user rather than an IAM user, we do
* not recommend it. If <code>GetSessionToken</code> is called using root user
* credentials, the temporary credentials have root user permissions. For more
* information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials">Safeguard your root user credentials and don't use them for everyday tasks</a> in the
* <i>IAM User Guide</i>
* </p>
* </note>
* <p>For more information about using <code>GetSessionToken</code> to create temporary
* credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken">Temporary
* Credentials for Users in Untrusted Environments</a> in the
* <i>IAM User Guide</i>. </p>
* @example
* Use a bare-bones client and the command you need to make an API call.
* ```javascript
* import { STSClient, GetSessionTokenCommand } from "@aws-sdk/client-sts"; // ES Modules import
* // const { STSClient, GetSessionTokenCommand } = require("@aws-sdk/client-sts"); // CommonJS import
* // import type { STSClientConfig } from "@aws-sdk/client-sts";
* const config = {}; // type is STSClientConfig
* const client = new STSClient(config);
* const input = { // GetSessionTokenRequest
* DurationSeconds: Number("int"),
* SerialNumber: "STRING_VALUE",
* TokenCode: "STRING_VALUE",
* };
* const command = new GetSessionTokenCommand(input);
* const response = await client.send(command);
* // { // GetSessionTokenResponse
* // Credentials: { // Credentials
* // AccessKeyId: "STRING_VALUE", // required
* // SecretAccessKey: "STRING_VALUE", // required
* // SessionToken: "STRING_VALUE", // required
* // Expiration: new Date("TIMESTAMP"), // required
* // },
* // };
*
* ```
*
* @param GetSessionTokenCommandInput - {@link GetSessionTokenCommandInput}
* @returns {@link GetSessionTokenCommandOutput}
* @see {@link GetSessionTokenCommandInput} for command's `input` shape.
* @see {@link GetSessionTokenCommandOutput} for command's `response` shape.
* @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
*
* @throws {@link RegionDisabledException} (client fault)
* <p>STS is not activated in the requested region for the account that is being asked to
* generate credentials. The account administrator must use the IAM console to activate
* STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM
* User Guide</i>.</p>
*
* @throws {@link STSServiceException}
* <p>Base exception class for all service exceptions from STS service.</p>
*
*
* @example To get temporary credentials for an IAM user or an AWS account
* ```javascript
* //
* const input = {
* DurationSeconds: 3600,
* SerialNumber: "YourMFASerialNumber",
* TokenCode: "123456"
* };
* const command = new GetSessionTokenCommand(input);
* const response = await client.send(command);
* /* response is
* {
* Credentials: {
* AccessKeyId: "AKIAIOSFODNN7EXAMPLE",
* Expiration: "2011-07-11T19:55:29.611Z",
* SecretAccessKey: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY",
* SessionToken: "AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT+FvwqnKwRcOIfrRh3c/LTo6UDdyJwOOvEVPvLXCrrrUtdnniCEXAMPLE/IvU1dYUg2RVAJBanLiHb4IgRmpRV3zrkuWJOgQs8IZZaIv2BXIa2R4OlgkBN9bkUDNCJiBeb/AXlzBBko7b15fjrBs2+cTQtpZ3CYWFXG8C5zqx37wnOE49mRl/+OtkIKGO7fAE"
* }
* }
* *\/
* ```
*
* @public
*/
export declare class GetSessionTokenCommand extends GetSessionTokenCommand_base {
/** @internal type navigation helper, not in runtime. */
protected static __types: {
api: {
input: GetSessionTokenRequest;
output: GetSessionTokenResponse;
};
sdk: {
input: GetSessionTokenCommandInput;
output: GetSessionTokenCommandOutput;
};
};
}

View File

@@ -0,0 +1,98 @@
import { Command as $Command } from "@smithy/smithy-client";
import type { MetadataBearer as __MetadataBearer } from "@smithy/types";
import type { GetWebIdentityTokenRequest, GetWebIdentityTokenResponse } from "../models/models_0";
import type { ServiceInputTypes, ServiceOutputTypes, STSClientResolvedConfig } from "../STSClient";
/**
* @public
*/
export type { __MetadataBearer };
export { $Command };
/**
* @public
*
* The input for {@link GetWebIdentityTokenCommand}.
*/
export interface GetWebIdentityTokenCommandInput extends GetWebIdentityTokenRequest {
}
/**
* @public
*
* The output of {@link GetWebIdentityTokenCommand}.
*/
export interface GetWebIdentityTokenCommandOutput extends GetWebIdentityTokenResponse, __MetadataBearer {
}
declare const GetWebIdentityTokenCommand_base: {
new (input: GetWebIdentityTokenCommandInput): import("@smithy/smithy-client").CommandImpl<GetWebIdentityTokenCommandInput, GetWebIdentityTokenCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
new (input: GetWebIdentityTokenCommandInput): import("@smithy/smithy-client").CommandImpl<GetWebIdentityTokenCommandInput, GetWebIdentityTokenCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
};
/**
* <p>Returns a signed JSON Web Token (JWT) that represents the calling Amazon Web Services identity.
* The returned JWT can be used to authenticate with external services that support OIDC discovery.
* The token is signed by Amazon Web Services STS and can be publicly verified using the verification keys published at the issuer's JWKS endpoint.</p>
* @example
* Use a bare-bones client and the command you need to make an API call.
* ```javascript
* import { STSClient, GetWebIdentityTokenCommand } from "@aws-sdk/client-sts"; // ES Modules import
* // const { STSClient, GetWebIdentityTokenCommand } = require("@aws-sdk/client-sts"); // CommonJS import
* // import type { STSClientConfig } from "@aws-sdk/client-sts";
* const config = {}; // type is STSClientConfig
* const client = new STSClient(config);
* const input = { // GetWebIdentityTokenRequest
* Audience: [ // webIdentityTokenAudienceListType // required
* "STRING_VALUE",
* ],
* DurationSeconds: Number("int"),
* SigningAlgorithm: "STRING_VALUE", // required
* Tags: [ // tagListType
* { // Tag
* Key: "STRING_VALUE", // required
* Value: "STRING_VALUE", // required
* },
* ],
* };
* const command = new GetWebIdentityTokenCommand(input);
* const response = await client.send(command);
* // { // GetWebIdentityTokenResponse
* // WebIdentityToken: "STRING_VALUE",
* // Expiration: new Date("TIMESTAMP"),
* // };
*
* ```
*
* @param GetWebIdentityTokenCommandInput - {@link GetWebIdentityTokenCommandInput}
* @returns {@link GetWebIdentityTokenCommandOutput}
* @see {@link GetWebIdentityTokenCommandInput} for command's `input` shape.
* @see {@link GetWebIdentityTokenCommandOutput} for command's `response` shape.
* @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
*
* @throws {@link JWTPayloadSizeExceededException} (client fault)
* <p>The requested token payload size exceeds the maximum allowed size. Reduce the number of request tags included in the <code>GetWebIdentityToken</code> API call to reduce the token payload size.</p>
*
* @throws {@link OutboundWebIdentityFederationDisabledException} (client fault)
* <p>The outbound web identity federation feature is not enabled for this account. To use
* this feature, you must first enable it through the Amazon Web Services Management Console or API.</p>
*
* @throws {@link SessionDurationEscalationException} (client fault)
* <p>The requested token duration would extend the session beyond its original expiration time.
* You cannot use this operation to extend the lifetime of a session beyond what was granted when the session was originally created.</p>
*
* @throws {@link STSServiceException}
* <p>Base exception class for all service exceptions from STS service.</p>
*
*
* @public
*/
export declare class GetWebIdentityTokenCommand extends GetWebIdentityTokenCommand_base {
/** @internal type navigation helper, not in runtime. */
protected static __types: {
api: {
input: GetWebIdentityTokenRequest;
output: GetWebIdentityTokenResponse;
};
sdk: {
input: GetWebIdentityTokenCommandInput;
output: GetWebIdentityTokenCommandOutput;
};
};
}

View File

@@ -0,0 +1,11 @@
export * from "./AssumeRoleCommand";
export * from "./AssumeRoleWithSAMLCommand";
export * from "./AssumeRoleWithWebIdentityCommand";
export * from "./AssumeRootCommand";
export * from "./DecodeAuthorizationMessageCommand";
export * from "./GetAccessKeyInfoCommand";
export * from "./GetCallerIdentityCommand";
export * from "./GetDelegatedAccessTokenCommand";
export * from "./GetFederationTokenCommand";
export * from "./GetSessionTokenCommand";
export * from "./GetWebIdentityTokenCommand";

View File

@@ -0,0 +1,23 @@
import { Pluggable } from "@smithy/types";
import { DefaultCredentialProvider, RoleAssumer, RoleAssumerWithWebIdentity, STSRoleAssumerOptions } from "./defaultStsRoleAssumers";
import { ServiceInputTypes, ServiceOutputTypes } from "./STSClient";
/**
* The default role assumer that used by credential providers when sts:AssumeRole API is needed.
*/
export declare const getDefaultRoleAssumer: (stsOptions?: STSRoleAssumerOptions, stsPlugins?: Pluggable<ServiceInputTypes, ServiceOutputTypes>[]) => RoleAssumer;
/**
* The default role assumer that used by credential providers when sts:AssumeRoleWithWebIdentity API is needed.
*/
export declare const getDefaultRoleAssumerWithWebIdentity: (stsOptions?: STSRoleAssumerOptions, stsPlugins?: Pluggable<ServiceInputTypes, ServiceOutputTypes>[]) => RoleAssumerWithWebIdentity;
/**
* The default credential providers depend STS client to assume role with desired API: sts:assumeRole,
* sts:assumeRoleWithWebIdentity, etc. This function decorates the default credential provider with role assumers which
* encapsulates the process of calling STS commands. This can only be imported by AWS client packages to avoid circular
* dependencies.
*
* @internal
*
* @deprecated this is no longer needed. Use the defaultProvider directly,
* which will load STS if needed.
*/
export declare const decorateDefaultCredentialProvider: (provider: DefaultCredentialProvider) => DefaultCredentialProvider;

View File

@@ -0,0 +1,43 @@
import type { CredentialProviderOptions } from "@aws-sdk/types";
import { AwsCredentialIdentity, Logger, Provider } from "@smithy/types";
import { AssumeRoleCommandInput } from "./commands/AssumeRoleCommand";
import { AssumeRoleWithWebIdentityCommandInput } from "./commands/AssumeRoleWithWebIdentityCommand";
import type { STSClient, STSClientConfig } from "./STSClient";
/**
* @public
*/
export type STSRoleAssumerOptions = Pick<STSClientConfig, "logger" | "region" | "requestHandler" | "profile" | "userAgentAppId"> & {
credentialProviderLogger?: Logger;
parentClientConfig?: CredentialProviderOptions["parentClientConfig"];
};
/**
* @internal
*/
export type RoleAssumer = (sourceCreds: AwsCredentialIdentity, params: AssumeRoleCommandInput) => Promise<AwsCredentialIdentity>;
/**
* The default role assumer that used by credential providers when sts:AssumeRole API is needed.
* @internal
*/
export declare const getDefaultRoleAssumer: (stsOptions: STSRoleAssumerOptions, STSClient: new (options: STSClientConfig) => STSClient) => RoleAssumer;
/**
* @internal
*/
export type RoleAssumerWithWebIdentity = (params: AssumeRoleWithWebIdentityCommandInput) => Promise<AwsCredentialIdentity>;
/**
* The default role assumer that used by credential providers when sts:AssumeRoleWithWebIdentity API is needed.
* @internal
*/
export declare const getDefaultRoleAssumerWithWebIdentity: (stsOptions: STSRoleAssumerOptions, STSClient: new (options: STSClientConfig) => STSClient) => RoleAssumerWithWebIdentity;
/**
* @internal
*/
export type DefaultCredentialProvider = (input: any) => Provider<AwsCredentialIdentity>;
/**
* The default credential providers depend STS client to assume role with desired API: sts:assumeRole,
* sts:assumeRoleWithWebIdentity, etc. This function decorates the default credential provider with role assumers which
* encapsulates the process of calling STS commands. This can only be imported by AWS client packages to avoid circular
* dependencies.
*
* @internal
*/
export declare const decorateDefaultCredentialProvider: (provider: DefaultCredentialProvider) => DefaultCredentialProvider;

View File

@@ -0,0 +1,56 @@
import type { Endpoint, EndpointParameters as __EndpointParameters, EndpointV2, Provider } from "@smithy/types";
/**
* @public
*/
export interface ClientInputEndpointParameters {
region?: string | undefined | Provider<string | undefined>;
useDualstackEndpoint?: boolean | undefined | Provider<boolean | undefined>;
useFipsEndpoint?: boolean | undefined | Provider<boolean | undefined>;
endpoint?: string | Provider<string> | Endpoint | Provider<Endpoint> | EndpointV2 | Provider<EndpointV2>;
useGlobalEndpoint?: boolean | undefined | Provider<boolean | undefined>;
}
/**
* @public
*/
export type ClientResolvedEndpointParameters = Omit<ClientInputEndpointParameters, "endpoint"> & {
defaultSigningName: string;
};
/**
* @internal
*/
export declare const resolveClientEndpointParameters: <T>(options: T & ClientInputEndpointParameters) => T & ClientResolvedEndpointParameters;
/**
* @internal
*/
export declare const commonParams: {
readonly UseGlobalEndpoint: {
readonly type: "builtInParams";
readonly name: "useGlobalEndpoint";
};
readonly UseFIPS: {
readonly type: "builtInParams";
readonly name: "useFipsEndpoint";
};
readonly Endpoint: {
readonly type: "builtInParams";
readonly name: "endpoint";
};
readonly Region: {
readonly type: "builtInParams";
readonly name: "region";
};
readonly UseDualStack: {
readonly type: "builtInParams";
readonly name: "useDualstackEndpoint";
};
};
/**
* @internal
*/
export interface EndpointParameters extends __EndpointParameters {
Region?: string | undefined;
UseDualStack?: boolean | undefined;
UseFIPS?: boolean | undefined;
Endpoint?: string | undefined;
UseGlobalEndpoint?: boolean | undefined;
}

View File

@@ -0,0 +1,8 @@
import type { EndpointV2, Logger } from "@smithy/types";
import type { EndpointParameters } from "./EndpointParameters";
/**
* @internal
*/
export declare const defaultEndpointResolver: (endpointParams: EndpointParameters, context?: {
logger?: Logger;
}) => EndpointV2;

View File

@@ -0,0 +1,2 @@
import { RuleSetObject } from "@smithy/types";
export declare const ruleSet: RuleSetObject;

View File

@@ -0,0 +1,9 @@
import type { AwsRegionExtensionConfiguration } from "@aws-sdk/types";
import type { HttpHandlerExtensionConfiguration } from "@smithy/protocol-http";
import type { DefaultExtensionConfiguration } from "@smithy/types";
import type { HttpAuthExtensionConfiguration } from "./auth/httpAuthExtensionConfiguration";
/**
* @internal
*/
export interface STSExtensionConfiguration extends HttpHandlerExtensionConfiguration, DefaultExtensionConfiguration, AwsRegionExtensionConfiguration, HttpAuthExtensionConfiguration {
}

View File

@@ -0,0 +1,19 @@
/**
* <fullname>Security Token Service</fullname>
* <p>Security Token Service (STS) enables you to request temporary, limited-privilege
* credentials for users. This guide provides descriptions of the STS API. For
* more information about using this service, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html">Temporary Security Credentials</a>.</p>
*
* @packageDocumentation
*/
export * from "./STSClient";
export * from "./STS";
export type { ClientInputEndpointParameters } from "./endpoint/EndpointParameters";
export type { RuntimeExtension } from "./runtimeExtensions";
export type { STSExtensionConfiguration } from "./extensionConfiguration";
export * from "./commands";
export * from "./schemas/schemas_0";
export * from "./models/errors";
export * from "./models/models_0";
export * from "./defaultRoleAssumers";
export { STSServiceException } from "./models/STSServiceException";

View File

@@ -0,0 +1,14 @@
import { type ServiceExceptionOptions as __ServiceExceptionOptions, ServiceException as __ServiceException } from "@smithy/smithy-client";
export type { __ServiceExceptionOptions };
export { __ServiceException };
/**
* @public
*
* Base exception class for all service exceptions from STS service.
*/
export declare class STSServiceException extends __ServiceException {
/**
* @internal
*/
constructor(options: __ServiceExceptionOptions);
}

View File

@@ -0,0 +1,172 @@
import type { ExceptionOptionType as __ExceptionOptionType } from "@smithy/smithy-client";
import { STSServiceException as __BaseException } from "./STSServiceException";
/**
* <p>The web identity token that was passed is expired or is not valid. Get a new identity
* token from the identity provider and then retry the request.</p>
* @public
*/
export declare class ExpiredTokenException extends __BaseException {
readonly name: "ExpiredTokenException";
readonly $fault: "client";
/**
* @internal
*/
constructor(opts: __ExceptionOptionType<ExpiredTokenException, __BaseException>);
}
/**
* <p>The request was rejected because the policy document was malformed. The error message
* describes the specific error.</p>
* @public
*/
export declare class MalformedPolicyDocumentException extends __BaseException {
readonly name: "MalformedPolicyDocumentException";
readonly $fault: "client";
/**
* @internal
*/
constructor(opts: __ExceptionOptionType<MalformedPolicyDocumentException, __BaseException>);
}
/**
* <p>The request was rejected because the total packed size of the session policies and
* session tags combined was too large. An Amazon Web Services conversion compresses the session policy
* document, session policy ARNs, and session tags into a packed binary format that has a
* separate limit. The error message indicates by percentage how close the policies and
* tags are to the upper size limit. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in
* the <i>IAM User Guide</i>.</p>
* <p>You could receive this error even though you meet other defined session policy and
* session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity Character Limits</a> in the <i>IAM User
* Guide</i>.</p>
* @public
*/
export declare class PackedPolicyTooLargeException extends __BaseException {
readonly name: "PackedPolicyTooLargeException";
readonly $fault: "client";
/**
* @internal
*/
constructor(opts: __ExceptionOptionType<PackedPolicyTooLargeException, __BaseException>);
}
/**
* <p>STS is not activated in the requested region for the account that is being asked to
* generate credentials. The account administrator must use the IAM console to activate
* STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM
* User Guide</i>.</p>
* @public
*/
export declare class RegionDisabledException extends __BaseException {
readonly name: "RegionDisabledException";
readonly $fault: "client";
/**
* @internal
*/
constructor(opts: __ExceptionOptionType<RegionDisabledException, __BaseException>);
}
/**
* <p>The identity provider (IdP) reported that authentication failed. This might be because
* the claim is invalid.</p>
* <p>If this error is returned for the <code>AssumeRoleWithWebIdentity</code> operation, it
* can also mean that the claim has expired or has been explicitly revoked. </p>
* @public
*/
export declare class IDPRejectedClaimException extends __BaseException {
readonly name: "IDPRejectedClaimException";
readonly $fault: "client";
/**
* @internal
*/
constructor(opts: __ExceptionOptionType<IDPRejectedClaimException, __BaseException>);
}
/**
* <p>The web identity token that was passed could not be validated by Amazon Web Services. Get a new
* identity token from the identity provider and then retry the request.</p>
* @public
*/
export declare class InvalidIdentityTokenException extends __BaseException {
readonly name: "InvalidIdentityTokenException";
readonly $fault: "client";
/**
* @internal
*/
constructor(opts: __ExceptionOptionType<InvalidIdentityTokenException, __BaseException>);
}
/**
* <p>The request could not be fulfilled because the identity provider (IDP) that was asked
* to verify the incoming identity token could not be reached. This is often a transient
* error caused by network conditions. Retry the request a limited number of times so that
* you don't exceed the request rate. If the error persists, the identity provider might be
* down or not responding.</p>
* @public
*/
export declare class IDPCommunicationErrorException extends __BaseException {
readonly name: "IDPCommunicationErrorException";
readonly $fault: "client";
/**
* @internal
*/
constructor(opts: __ExceptionOptionType<IDPCommunicationErrorException, __BaseException>);
}
/**
* <p>The error returned if the message passed to <code>DecodeAuthorizationMessage</code>
* was invalid. This can happen if the token contains invalid characters, such as line
* breaks, or if the message has expired.</p>
* @public
*/
export declare class InvalidAuthorizationMessageException extends __BaseException {
readonly name: "InvalidAuthorizationMessageException";
readonly $fault: "client";
/**
* @internal
*/
constructor(opts: __ExceptionOptionType<InvalidAuthorizationMessageException, __BaseException>);
}
/**
* <p>The trade-in token provided in the request has expired and can no longer be exchanged
* for credentials. Request a new token and retry the operation.</p>
* @public
*/
export declare class ExpiredTradeInTokenException extends __BaseException {
readonly name: "ExpiredTradeInTokenException";
readonly $fault: "client";
/**
* @internal
*/
constructor(opts: __ExceptionOptionType<ExpiredTradeInTokenException, __BaseException>);
}
/**
* <p>The requested token payload size exceeds the maximum allowed size. Reduce the number of request tags included in the <code>GetWebIdentityToken</code> API call to reduce the token payload size.</p>
* @public
*/
export declare class JWTPayloadSizeExceededException extends __BaseException {
readonly name: "JWTPayloadSizeExceededException";
readonly $fault: "client";
/**
* @internal
*/
constructor(opts: __ExceptionOptionType<JWTPayloadSizeExceededException, __BaseException>);
}
/**
* <p>The outbound web identity federation feature is not enabled for this account. To use
* this feature, you must first enable it through the Amazon Web Services Management Console or API.</p>
* @public
*/
export declare class OutboundWebIdentityFederationDisabledException extends __BaseException {
readonly name: "OutboundWebIdentityFederationDisabledException";
readonly $fault: "client";
/**
* @internal
*/
constructor(opts: __ExceptionOptionType<OutboundWebIdentityFederationDisabledException, __BaseException>);
}
/**
* <p>The requested token duration would extend the session beyond its original expiration time.
* You cannot use this operation to extend the lifetime of a session beyond what was granted when the session was originally created.</p>
* @public
*/
export declare class SessionDurationEscalationException extends __BaseException {
readonly name: "SessionDurationEscalationException";
readonly $fault: "client";
/**
* @internal
*/
constructor(opts: __ExceptionOptionType<SessionDurationEscalationException, __BaseException>);
}

View File

@@ -0,0 +1,64 @@
import { FetchHttpHandler as RequestHandler } from "@smithy/fetch-http-handler";
import type { STSClientConfig } from "./STSClient";
/**
* @internal
*/
export declare const getRuntimeConfig: (config: STSClientConfig) => {
runtime: string;
defaultsMode: import("@smithy/types").Provider<import("@smithy/smithy-client").ResolvedDefaultsMode>;
bodyLengthChecker: import("@smithy/types").BodyLengthCalculator;
credentialDefaultProvider: ((input: any) => import("@smithy/types").AwsCredentialIdentityProvider) | ((_: unknown) => () => Promise<import("@smithy/types").AwsCredentialIdentity>);
defaultUserAgentProvider: (config?: import("@aws-sdk/util-user-agent-browser").PreviouslyResolved) => Promise<import("@smithy/types").UserAgent>;
maxAttempts: number | import("@smithy/types").Provider<number>;
region: string | import("@smithy/types").Provider<any>;
requestHandler: import("@smithy/protocol-http").HttpHandler<any> | RequestHandler;
retryMode: string | import("@smithy/types").Provider<string>;
sha256: import("@smithy/types").HashConstructor;
streamCollector: import("@smithy/types").StreamCollector;
useDualstackEndpoint: (boolean | import("@smithy/types").Provider<boolean>) & (boolean | import("@smithy/types").Provider<boolean | undefined>);
useFipsEndpoint: (boolean | import("@smithy/types").Provider<boolean>) & (boolean | import("@smithy/types").Provider<boolean | undefined>);
cacheMiddleware?: boolean | undefined;
protocol: import("@smithy/types").ClientProtocol<any, any> | import("@smithy/types").ClientProtocolCtor<any, any> | typeof import("@aws-sdk/core/protocols").AwsQueryProtocol;
protocolSettings: {
defaultNamespace?: string;
[setting: string]: unknown;
};
apiVersion: string;
urlParser: import("@smithy/types").UrlParser;
base64Decoder: import("@smithy/types").Decoder;
base64Encoder: (_input: Uint8Array | string) => string;
utf8Decoder: import("@smithy/types").Decoder;
utf8Encoder: (input: Uint8Array | string) => string;
disableHostPrefix: boolean;
serviceId: string;
profile?: string;
logger: import("@smithy/types").Logger;
extensions: import("./runtimeExtensions").RuntimeExtension[];
customUserAgent?: string | import("@smithy/types").UserAgent;
userAgentAppId?: string | undefined | import("@smithy/types").Provider<string | undefined>;
retryStrategy?: import("@smithy/types").RetryStrategy | import("@smithy/types").RetryStrategyV2;
endpoint?: ((string | import("@smithy/types").Endpoint | import("@smithy/types").Provider<import("@smithy/types").Endpoint> | import("@smithy/types").EndpointV2 | import("@smithy/types").Provider<import("@smithy/types").EndpointV2>) & (string | import("@smithy/types").Provider<string> | import("@smithy/types").Endpoint | import("@smithy/types").Provider<import("@smithy/types").Endpoint> | import("@smithy/types").EndpointV2 | import("@smithy/types").Provider<import("@smithy/types").EndpointV2>)) | undefined;
endpointProvider: (params: import("./endpoint/EndpointParameters").EndpointParameters, context?: {
logger?: import("@smithy/types").Logger;
}) => import("@smithy/types").EndpointV2;
tls?: boolean;
serviceConfiguredEndpoint?: never;
authSchemePreference?: string[] | import("@smithy/types").Provider<string[]>;
httpAuthSchemes: import("@smithy/types").HttpAuthScheme[] | ({
schemeId: string;
identityProvider: (ipc: import("@smithy/types").IdentityProviderConfig) => import("@smithy/types").IdentityProvider<import("@smithy/types").Identity> | undefined;
signer: import("@aws-sdk/core/httpAuthSchemes").AwsSdkSigV4Signer;
} | {
schemeId: string;
identityProvider: (ipc: import("@smithy/types").IdentityProviderConfig) => import("@smithy/types").IdentityProvider<import("@smithy/types").Identity> | (() => Promise<{}>);
signer: import("@smithy/core").NoAuthSigner;
})[];
httpAuthSchemeProvider: import("./auth/httpAuthSchemeProvider").STSHttpAuthSchemeProvider;
credentials?: import("@smithy/types").AwsCredentialIdentity | import("@smithy/types").AwsCredentialIdentityProvider;
signer?: import("@smithy/types").RequestSigner | ((authScheme?: import("@smithy/types").AuthScheme) => Promise<import("@smithy/types").RequestSigner>);
signingEscapePath?: boolean;
systemClockOffset?: number;
signingRegion?: string;
signerConstructor?: new (options: import("@smithy/signature-v4").SignatureV4Init & import("@smithy/signature-v4").SignatureV4CryptoInit) => import("@smithy/types").RequestSigner;
useGlobalEndpoint?: boolean | undefined | import("@smithy/types").Provider<boolean | undefined>;
};

View File

@@ -0,0 +1,62 @@
import { NoAuthSigner } from "@smithy/core";
import { NodeHttpHandler as RequestHandler } from "@smithy/node-http-handler";
import type { IdentityProviderConfig } from "@smithy/types";
import type { STSClientConfig } from "./STSClient";
/**
* @internal
*/
export declare const getRuntimeConfig: (config: STSClientConfig) => {
runtime: string;
defaultsMode: import("@smithy/types").Provider<import("@smithy/smithy-client").ResolvedDefaultsMode>;
authSchemePreference: string[] | import("@smithy/types").Provider<string[]>;
bodyLengthChecker: import("@smithy/types").BodyLengthCalculator;
credentialDefaultProvider: ((input: any) => import("@smithy/types").AwsCredentialIdentityProvider) | ((init?: import("@aws-sdk/credential-provider-node").DefaultProviderInit) => import("@aws-sdk/credential-provider-node/dist-types/runtime/memoize-chain").MemoizedRuntimeConfigAwsCredentialIdentityProvider);
defaultUserAgentProvider: (config?: import("@aws-sdk/util-user-agent-node").PreviouslyResolved) => Promise<import("@smithy/types").UserAgent>;
httpAuthSchemes: import("@smithy/types").HttpAuthScheme[] | {
schemeId: string;
identityProvider: (ipc: IdentityProviderConfig) => import("@smithy/types").IdentityProvider<import("@smithy/types").Identity> | (() => Promise<{}>);
signer: NoAuthSigner;
}[];
maxAttempts: number | import("@smithy/types").Provider<number>;
region: string | import("@smithy/types").Provider<string>;
requestHandler: RequestHandler | import("@smithy/protocol-http").HttpHandler<any>;
retryMode: string | import("@smithy/types").Provider<string>;
sha256: import("@smithy/types").HashConstructor;
streamCollector: import("@smithy/types").StreamCollector;
useDualstackEndpoint: boolean | import("@smithy/types").Provider<boolean>;
useFipsEndpoint: boolean | import("@smithy/types").Provider<boolean>;
userAgentAppId: string | import("@smithy/types").Provider<string | undefined>;
cacheMiddleware?: boolean | undefined;
protocol: import("@smithy/types").ClientProtocol<any, any> | import("@smithy/types").ClientProtocolCtor<any, any> | typeof import("@aws-sdk/core/protocols").AwsQueryProtocol;
protocolSettings: {
defaultNamespace?: string;
[setting: string]: unknown;
};
apiVersion: string;
urlParser: import("@smithy/types").UrlParser;
base64Decoder: import("@smithy/types").Decoder;
base64Encoder: (_input: Uint8Array | string) => string;
utf8Decoder: import("@smithy/types").Decoder;
utf8Encoder: (input: Uint8Array | string) => string;
disableHostPrefix: boolean;
serviceId: string;
profile?: string;
logger: import("@smithy/types").Logger;
extensions: import("./runtimeExtensions").RuntimeExtension[];
customUserAgent?: string | import("@smithy/types").UserAgent;
retryStrategy?: import("@smithy/types").RetryStrategy | import("@smithy/types").RetryStrategyV2;
endpoint?: ((string | import("@smithy/types").Endpoint | import("@smithy/types").Provider<import("@smithy/types").Endpoint> | import("@smithy/types").EndpointV2 | import("@smithy/types").Provider<import("@smithy/types").EndpointV2>) & (string | import("@smithy/types").Provider<string> | import("@smithy/types").Endpoint | import("@smithy/types").Provider<import("@smithy/types").Endpoint> | import("@smithy/types").EndpointV2 | import("@smithy/types").Provider<import("@smithy/types").EndpointV2>)) | undefined;
endpointProvider: (params: import("./endpoint/EndpointParameters").EndpointParameters, context?: {
logger?: import("@smithy/types").Logger;
}) => import("@smithy/types").EndpointV2;
tls?: boolean;
serviceConfiguredEndpoint?: never;
httpAuthSchemeProvider: import("./auth/httpAuthSchemeProvider").STSHttpAuthSchemeProvider;
credentials?: import("@smithy/types").AwsCredentialIdentity | import("@smithy/types").AwsCredentialIdentityProvider;
signer?: import("@smithy/types").RequestSigner | ((authScheme?: import("@smithy/types").AuthScheme) => Promise<import("@smithy/types").RequestSigner>);
signingEscapePath?: boolean;
systemClockOffset?: number;
signingRegion?: string;
signerConstructor?: new (options: import("@smithy/signature-v4").SignatureV4Init & import("@smithy/signature-v4").SignatureV4CryptoInit) => import("@smithy/types").RequestSigner;
useGlobalEndpoint?: boolean | undefined | import("@smithy/types").Provider<boolean | undefined>;
};

View File

@@ -0,0 +1,63 @@
import type { STSClientConfig } from "./STSClient";
/**
* @internal
*/
export declare const getRuntimeConfig: (config: STSClientConfig) => {
runtime: string;
sha256: import("@smithy/types").HashConstructor;
requestHandler: import("@smithy/types").NodeHttpHandlerOptions | import("@smithy/types").FetchHttpHandlerOptions | Record<string, unknown> | import("@smithy/protocol-http").HttpHandler<any> | import("@smithy/fetch-http-handler").FetchHttpHandler;
cacheMiddleware?: boolean;
protocol: import("@smithy/types").ClientProtocol<any, any> | import("@smithy/types").ClientProtocolCtor<any, any> | typeof import("@aws-sdk/core/protocols").AwsQueryProtocol;
protocolSettings: {
defaultNamespace?: string;
[setting: string]: unknown;
};
apiVersion: string;
urlParser: import("@smithy/types").UrlParser;
bodyLengthChecker: import("@smithy/types").BodyLengthCalculator;
streamCollector: import("@smithy/types").StreamCollector;
base64Decoder: import("@smithy/types").Decoder;
base64Encoder: (_input: Uint8Array | string) => string;
utf8Decoder: import("@smithy/types").Decoder;
utf8Encoder: (input: Uint8Array | string) => string;
disableHostPrefix: boolean;
serviceId: string;
useDualstackEndpoint: (boolean | import("@smithy/types").Provider<boolean>) & (boolean | import("@smithy/types").Provider<boolean | undefined>);
useFipsEndpoint: (boolean | import("@smithy/types").Provider<boolean>) & (boolean | import("@smithy/types").Provider<boolean | undefined>);
region: string | import("@smithy/types").Provider<any>;
profile?: string;
defaultUserAgentProvider: (config?: import("@aws-sdk/util-user-agent-browser").PreviouslyResolved) => Promise<import("@smithy/types").UserAgent>;
credentialDefaultProvider: ((input: any) => import("@smithy/types").AwsCredentialIdentityProvider) | ((_: unknown) => () => Promise<import("@smithy/types").AwsCredentialIdentity>);
maxAttempts: number | import("@smithy/types").Provider<number>;
retryMode: string | import("@smithy/types").Provider<string>;
logger: import("@smithy/types").Logger;
extensions: import("./runtimeExtensions").RuntimeExtension[];
defaultsMode: import("@smithy/smithy-client").DefaultsMode | import("@smithy/types").Provider<import("@smithy/smithy-client").DefaultsMode>;
customUserAgent?: string | import("@smithy/types").UserAgent;
userAgentAppId?: string | undefined | import("@smithy/types").Provider<string | undefined>;
retryStrategy?: import("@smithy/types").RetryStrategy | import("@smithy/types").RetryStrategyV2;
endpoint?: ((string | import("@smithy/types").Endpoint | import("@smithy/types").Provider<import("@smithy/types").Endpoint> | import("@smithy/types").EndpointV2 | import("@smithy/types").Provider<import("@smithy/types").EndpointV2>) & (string | import("@smithy/types").Provider<string> | import("@smithy/types").Endpoint | import("@smithy/types").Provider<import("@smithy/types").Endpoint> | import("@smithy/types").EndpointV2 | import("@smithy/types").Provider<import("@smithy/types").EndpointV2>)) | undefined;
endpointProvider: (params: import("./endpoint/EndpointParameters").EndpointParameters, context?: {
logger?: import("@smithy/types").Logger;
}) => import("@smithy/types").EndpointV2;
tls?: boolean;
serviceConfiguredEndpoint?: never;
authSchemePreference?: string[] | import("@smithy/types").Provider<string[]>;
httpAuthSchemes: import("@smithy/types").HttpAuthScheme[] | ({
schemeId: string;
identityProvider: (ipc: import("@smithy/types").IdentityProviderConfig) => import("@smithy/types").IdentityProvider<import("@smithy/types").Identity> | undefined;
signer: import("@aws-sdk/core/httpAuthSchemes").AwsSdkSigV4Signer;
} | {
schemeId: string;
identityProvider: (ipc: import("@smithy/types").IdentityProviderConfig) => import("@smithy/types").IdentityProvider<import("@smithy/types").Identity> | (() => Promise<{}>);
signer: import("@smithy/core").NoAuthSigner;
})[];
httpAuthSchemeProvider: import("./auth/httpAuthSchemeProvider").STSHttpAuthSchemeProvider;
credentials?: import("@smithy/types").AwsCredentialIdentity | import("@smithy/types").AwsCredentialIdentityProvider;
signer?: import("@smithy/types").RequestSigner | ((authScheme?: import("@smithy/types").AuthScheme) => Promise<import("@smithy/types").RequestSigner>);
signingEscapePath?: boolean;
systemClockOffset?: number;
signingRegion?: string;
signerConstructor?: new (options: import("@smithy/signature-v4").SignatureV4Init & import("@smithy/signature-v4").SignatureV4CryptoInit) => import("@smithy/types").RequestSigner;
useGlobalEndpoint?: boolean | undefined | import("@smithy/types").Provider<boolean | undefined>;
};

View File

@@ -0,0 +1,38 @@
import { AwsSdkSigV4Signer } from "@aws-sdk/core/httpAuthSchemes";
import { AwsQueryProtocol } from "@aws-sdk/core/protocols";
import { NoAuthSigner } from "@smithy/core";
import type { IdentityProviderConfig } from "@smithy/types";
import type { STSClientConfig } from "./STSClient";
/**
* @internal
*/
export declare const getRuntimeConfig: (config: STSClientConfig) => {
apiVersion: string;
base64Decoder: import("@smithy/types").Decoder;
base64Encoder: (_input: Uint8Array | string) => string;
disableHostPrefix: boolean;
endpointProvider: (params: import("./endpoint/EndpointParameters").EndpointParameters, context?: {
logger?: import("@smithy/types").Logger;
}) => import("@smithy/types").EndpointV2;
extensions: import("./runtimeExtensions").RuntimeExtension[];
httpAuthSchemeProvider: import("./auth/httpAuthSchemeProvider").STSHttpAuthSchemeProvider;
httpAuthSchemes: import("@smithy/types").HttpAuthScheme[] | ({
schemeId: string;
identityProvider: (ipc: IdentityProviderConfig) => import("@smithy/types").IdentityProvider<import("@smithy/types").Identity> | undefined;
signer: AwsSdkSigV4Signer;
} | {
schemeId: string;
identityProvider: (ipc: IdentityProviderConfig) => import("@smithy/types").IdentityProvider<import("@smithy/types").Identity> | (() => Promise<{}>);
signer: NoAuthSigner;
})[];
logger: import("@smithy/types").Logger;
protocol: import("@smithy/types").ClientProtocol<any, any> | import("@smithy/types").ClientProtocolCtor<any, any> | typeof AwsQueryProtocol;
protocolSettings: {
[setting: string]: unknown;
defaultNamespace?: string;
};
serviceId: string;
urlParser: import("@smithy/types").UrlParser;
utf8Decoder: import("@smithy/types").Decoder;
utf8Encoder: (input: Uint8Array | string) => string;
};

View File

@@ -0,0 +1,17 @@
import type { STSExtensionConfiguration } from "./extensionConfiguration";
/**
* @public
*/
export interface RuntimeExtension {
configure(extensionConfiguration: STSExtensionConfiguration): void;
}
/**
* @public
*/
export interface RuntimeExtensionsConfig {
extensions: RuntimeExtension[];
}
/**
* @internal
*/
export declare const resolveRuntimeExtensions: (runtimeConfig: any, extensions: RuntimeExtension[]) => any;

View File

@@ -0,0 +1,60 @@
import { TypeRegistry } from "@smithy/core/schema";
import type { StaticErrorSchema, StaticOperationSchema, StaticStructureSchema } from "@smithy/types";
export declare var STSServiceException$: StaticErrorSchema;
export declare var ExpiredTokenException$: StaticErrorSchema;
export declare var ExpiredTradeInTokenException$: StaticErrorSchema;
export declare var IDPCommunicationErrorException$: StaticErrorSchema;
export declare var IDPRejectedClaimException$: StaticErrorSchema;
export declare var InvalidAuthorizationMessageException$: StaticErrorSchema;
export declare var InvalidIdentityTokenException$: StaticErrorSchema;
export declare var JWTPayloadSizeExceededException$: StaticErrorSchema;
export declare var MalformedPolicyDocumentException$: StaticErrorSchema;
export declare var OutboundWebIdentityFederationDisabledException$: StaticErrorSchema;
export declare var PackedPolicyTooLargeException$: StaticErrorSchema;
export declare var RegionDisabledException$: StaticErrorSchema;
export declare var SessionDurationEscalationException$: StaticErrorSchema;
/**
* TypeRegistry instances containing modeled errors.
* @internal
*
*/
export declare const errorTypeRegistries: TypeRegistry[];
export declare var AssumedRoleUser$: StaticStructureSchema;
export declare var AssumeRoleRequest$: StaticStructureSchema;
export declare var AssumeRoleResponse$: StaticStructureSchema;
export declare var AssumeRoleWithSAMLRequest$: StaticStructureSchema;
export declare var AssumeRoleWithSAMLResponse$: StaticStructureSchema;
export declare var AssumeRoleWithWebIdentityRequest$: StaticStructureSchema;
export declare var AssumeRoleWithWebIdentityResponse$: StaticStructureSchema;
export declare var AssumeRootRequest$: StaticStructureSchema;
export declare var AssumeRootResponse$: StaticStructureSchema;
export declare var Credentials$: StaticStructureSchema;
export declare var DecodeAuthorizationMessageRequest$: StaticStructureSchema;
export declare var DecodeAuthorizationMessageResponse$: StaticStructureSchema;
export declare var FederatedUser$: StaticStructureSchema;
export declare var GetAccessKeyInfoRequest$: StaticStructureSchema;
export declare var GetAccessKeyInfoResponse$: StaticStructureSchema;
export declare var GetCallerIdentityRequest$: StaticStructureSchema;
export declare var GetCallerIdentityResponse$: StaticStructureSchema;
export declare var GetDelegatedAccessTokenRequest$: StaticStructureSchema;
export declare var GetDelegatedAccessTokenResponse$: StaticStructureSchema;
export declare var GetFederationTokenRequest$: StaticStructureSchema;
export declare var GetFederationTokenResponse$: StaticStructureSchema;
export declare var GetSessionTokenRequest$: StaticStructureSchema;
export declare var GetSessionTokenResponse$: StaticStructureSchema;
export declare var GetWebIdentityTokenRequest$: StaticStructureSchema;
export declare var GetWebIdentityTokenResponse$: StaticStructureSchema;
export declare var PolicyDescriptorType$: StaticStructureSchema;
export declare var ProvidedContext$: StaticStructureSchema;
export declare var Tag$: StaticStructureSchema;
export declare var AssumeRole$: StaticOperationSchema;
export declare var AssumeRoleWithSAML$: StaticOperationSchema;
export declare var AssumeRoleWithWebIdentity$: StaticOperationSchema;
export declare var AssumeRoot$: StaticOperationSchema;
export declare var DecodeAuthorizationMessage$: StaticOperationSchema;
export declare var GetAccessKeyInfo$: StaticOperationSchema;
export declare var GetCallerIdentity$: StaticOperationSchema;
export declare var GetDelegatedAccessToken$: StaticOperationSchema;
export declare var GetFederationToken$: StaticOperationSchema;
export declare var GetSessionToken$: StaticOperationSchema;
export declare var GetWebIdentityToken$: StaticOperationSchema;

View File

@@ -0,0 +1,194 @@
import { HttpHandlerOptions as __HttpHandlerOptions } from "@smithy/types";
import {
AssumeRoleCommandInput,
AssumeRoleCommandOutput,
} from "./commands/AssumeRoleCommand";
import {
AssumeRoleWithSAMLCommandInput,
AssumeRoleWithSAMLCommandOutput,
} from "./commands/AssumeRoleWithSAMLCommand";
import {
AssumeRoleWithWebIdentityCommandInput,
AssumeRoleWithWebIdentityCommandOutput,
} from "./commands/AssumeRoleWithWebIdentityCommand";
import {
AssumeRootCommandInput,
AssumeRootCommandOutput,
} from "./commands/AssumeRootCommand";
import {
DecodeAuthorizationMessageCommandInput,
DecodeAuthorizationMessageCommandOutput,
} from "./commands/DecodeAuthorizationMessageCommand";
import {
GetAccessKeyInfoCommandInput,
GetAccessKeyInfoCommandOutput,
} from "./commands/GetAccessKeyInfoCommand";
import {
GetCallerIdentityCommandInput,
GetCallerIdentityCommandOutput,
} from "./commands/GetCallerIdentityCommand";
import {
GetDelegatedAccessTokenCommandInput,
GetDelegatedAccessTokenCommandOutput,
} from "./commands/GetDelegatedAccessTokenCommand";
import {
GetFederationTokenCommandInput,
GetFederationTokenCommandOutput,
} from "./commands/GetFederationTokenCommand";
import {
GetSessionTokenCommandInput,
GetSessionTokenCommandOutput,
} from "./commands/GetSessionTokenCommand";
import {
GetWebIdentityTokenCommandInput,
GetWebIdentityTokenCommandOutput,
} from "./commands/GetWebIdentityTokenCommand";
import { STSClient } from "./STSClient";
export interface STS {
assumeRole(
args: AssumeRoleCommandInput,
options?: __HttpHandlerOptions
): Promise<AssumeRoleCommandOutput>;
assumeRole(
args: AssumeRoleCommandInput,
cb: (err: any, data?: AssumeRoleCommandOutput) => void
): void;
assumeRole(
args: AssumeRoleCommandInput,
options: __HttpHandlerOptions,
cb: (err: any, data?: AssumeRoleCommandOutput) => void
): void;
assumeRoleWithSAML(
args: AssumeRoleWithSAMLCommandInput,
options?: __HttpHandlerOptions
): Promise<AssumeRoleWithSAMLCommandOutput>;
assumeRoleWithSAML(
args: AssumeRoleWithSAMLCommandInput,
cb: (err: any, data?: AssumeRoleWithSAMLCommandOutput) => void
): void;
assumeRoleWithSAML(
args: AssumeRoleWithSAMLCommandInput,
options: __HttpHandlerOptions,
cb: (err: any, data?: AssumeRoleWithSAMLCommandOutput) => void
): void;
assumeRoleWithWebIdentity(
args: AssumeRoleWithWebIdentityCommandInput,
options?: __HttpHandlerOptions
): Promise<AssumeRoleWithWebIdentityCommandOutput>;
assumeRoleWithWebIdentity(
args: AssumeRoleWithWebIdentityCommandInput,
cb: (err: any, data?: AssumeRoleWithWebIdentityCommandOutput) => void
): void;
assumeRoleWithWebIdentity(
args: AssumeRoleWithWebIdentityCommandInput,
options: __HttpHandlerOptions,
cb: (err: any, data?: AssumeRoleWithWebIdentityCommandOutput) => void
): void;
assumeRoot(
args: AssumeRootCommandInput,
options?: __HttpHandlerOptions
): Promise<AssumeRootCommandOutput>;
assumeRoot(
args: AssumeRootCommandInput,
cb: (err: any, data?: AssumeRootCommandOutput) => void
): void;
assumeRoot(
args: AssumeRootCommandInput,
options: __HttpHandlerOptions,
cb: (err: any, data?: AssumeRootCommandOutput) => void
): void;
decodeAuthorizationMessage(
args: DecodeAuthorizationMessageCommandInput,
options?: __HttpHandlerOptions
): Promise<DecodeAuthorizationMessageCommandOutput>;
decodeAuthorizationMessage(
args: DecodeAuthorizationMessageCommandInput,
cb: (err: any, data?: DecodeAuthorizationMessageCommandOutput) => void
): void;
decodeAuthorizationMessage(
args: DecodeAuthorizationMessageCommandInput,
options: __HttpHandlerOptions,
cb: (err: any, data?: DecodeAuthorizationMessageCommandOutput) => void
): void;
getAccessKeyInfo(
args: GetAccessKeyInfoCommandInput,
options?: __HttpHandlerOptions
): Promise<GetAccessKeyInfoCommandOutput>;
getAccessKeyInfo(
args: GetAccessKeyInfoCommandInput,
cb: (err: any, data?: GetAccessKeyInfoCommandOutput) => void
): void;
getAccessKeyInfo(
args: GetAccessKeyInfoCommandInput,
options: __HttpHandlerOptions,
cb: (err: any, data?: GetAccessKeyInfoCommandOutput) => void
): void;
getCallerIdentity(): Promise<GetCallerIdentityCommandOutput>;
getCallerIdentity(
args: GetCallerIdentityCommandInput,
options?: __HttpHandlerOptions
): Promise<GetCallerIdentityCommandOutput>;
getCallerIdentity(
args: GetCallerIdentityCommandInput,
cb: (err: any, data?: GetCallerIdentityCommandOutput) => void
): void;
getCallerIdentity(
args: GetCallerIdentityCommandInput,
options: __HttpHandlerOptions,
cb: (err: any, data?: GetCallerIdentityCommandOutput) => void
): void;
getDelegatedAccessToken(
args: GetDelegatedAccessTokenCommandInput,
options?: __HttpHandlerOptions
): Promise<GetDelegatedAccessTokenCommandOutput>;
getDelegatedAccessToken(
args: GetDelegatedAccessTokenCommandInput,
cb: (err: any, data?: GetDelegatedAccessTokenCommandOutput) => void
): void;
getDelegatedAccessToken(
args: GetDelegatedAccessTokenCommandInput,
options: __HttpHandlerOptions,
cb: (err: any, data?: GetDelegatedAccessTokenCommandOutput) => void
): void;
getFederationToken(
args: GetFederationTokenCommandInput,
options?: __HttpHandlerOptions
): Promise<GetFederationTokenCommandOutput>;
getFederationToken(
args: GetFederationTokenCommandInput,
cb: (err: any, data?: GetFederationTokenCommandOutput) => void
): void;
getFederationToken(
args: GetFederationTokenCommandInput,
options: __HttpHandlerOptions,
cb: (err: any, data?: GetFederationTokenCommandOutput) => void
): void;
getSessionToken(): Promise<GetSessionTokenCommandOutput>;
getSessionToken(
args: GetSessionTokenCommandInput,
options?: __HttpHandlerOptions
): Promise<GetSessionTokenCommandOutput>;
getSessionToken(
args: GetSessionTokenCommandInput,
cb: (err: any, data?: GetSessionTokenCommandOutput) => void
): void;
getSessionToken(
args: GetSessionTokenCommandInput,
options: __HttpHandlerOptions,
cb: (err: any, data?: GetSessionTokenCommandOutput) => void
): void;
getWebIdentityToken(
args: GetWebIdentityTokenCommandInput,
options?: __HttpHandlerOptions
): Promise<GetWebIdentityTokenCommandOutput>;
getWebIdentityToken(
args: GetWebIdentityTokenCommandInput,
cb: (err: any, data?: GetWebIdentityTokenCommandOutput) => void
): void;
getWebIdentityToken(
args: GetWebIdentityTokenCommandInput,
options: __HttpHandlerOptions,
cb: (err: any, data?: GetWebIdentityTokenCommandOutput) => void
): void;
}
export declare class STS extends STSClient implements STS {}

View File

@@ -0,0 +1,181 @@
import {
HostHeaderInputConfig,
HostHeaderResolvedConfig,
} from "@aws-sdk/middleware-host-header";
import {
UserAgentInputConfig,
UserAgentResolvedConfig,
} from "@aws-sdk/middleware-user-agent";
import {
RegionInputConfig,
RegionResolvedConfig,
} from "@smithy/config-resolver";
import {
EndpointInputConfig,
EndpointResolvedConfig,
} from "@smithy/middleware-endpoint";
import {
RetryInputConfig,
RetryResolvedConfig,
} from "@smithy/middleware-retry";
import { HttpHandlerUserInput as __HttpHandlerUserInput } from "@smithy/protocol-http";
import {
DefaultsMode as __DefaultsMode,
SmithyConfiguration as __SmithyConfiguration,
SmithyResolvedConfiguration as __SmithyResolvedConfiguration,
Client as __Client,
} from "@smithy/smithy-client";
import {
AwsCredentialIdentityProvider,
BodyLengthCalculator as __BodyLengthCalculator,
CheckOptionalClientConfig as __CheckOptionalClientConfig,
ChecksumConstructor as __ChecksumConstructor,
Decoder as __Decoder,
Encoder as __Encoder,
HashConstructor as __HashConstructor,
HttpHandlerOptions as __HttpHandlerOptions,
Logger as __Logger,
Provider as __Provider,
StreamCollector as __StreamCollector,
UrlParser as __UrlParser,
UserAgent as __UserAgent,
} from "@smithy/types";
import {
HttpAuthSchemeInputConfig,
HttpAuthSchemeResolvedConfig,
} from "./auth/httpAuthSchemeProvider";
import {
AssumeRoleCommandInput,
AssumeRoleCommandOutput,
} from "./commands/AssumeRoleCommand";
import {
AssumeRoleWithSAMLCommandInput,
AssumeRoleWithSAMLCommandOutput,
} from "./commands/AssumeRoleWithSAMLCommand";
import {
AssumeRoleWithWebIdentityCommandInput,
AssumeRoleWithWebIdentityCommandOutput,
} from "./commands/AssumeRoleWithWebIdentityCommand";
import {
AssumeRootCommandInput,
AssumeRootCommandOutput,
} from "./commands/AssumeRootCommand";
import {
DecodeAuthorizationMessageCommandInput,
DecodeAuthorizationMessageCommandOutput,
} from "./commands/DecodeAuthorizationMessageCommand";
import {
GetAccessKeyInfoCommandInput,
GetAccessKeyInfoCommandOutput,
} from "./commands/GetAccessKeyInfoCommand";
import {
GetCallerIdentityCommandInput,
GetCallerIdentityCommandOutput,
} from "./commands/GetCallerIdentityCommand";
import {
GetDelegatedAccessTokenCommandInput,
GetDelegatedAccessTokenCommandOutput,
} from "./commands/GetDelegatedAccessTokenCommand";
import {
GetFederationTokenCommandInput,
GetFederationTokenCommandOutput,
} from "./commands/GetFederationTokenCommand";
import {
GetSessionTokenCommandInput,
GetSessionTokenCommandOutput,
} from "./commands/GetSessionTokenCommand";
import {
GetWebIdentityTokenCommandInput,
GetWebIdentityTokenCommandOutput,
} from "./commands/GetWebIdentityTokenCommand";
import {
ClientInputEndpointParameters,
ClientResolvedEndpointParameters,
EndpointParameters,
} from "./endpoint/EndpointParameters";
import { RuntimeExtension, RuntimeExtensionsConfig } from "./runtimeExtensions";
export { __Client };
export type ServiceInputTypes =
| AssumeRoleCommandInput
| AssumeRoleWithSAMLCommandInput
| AssumeRoleWithWebIdentityCommandInput
| AssumeRootCommandInput
| DecodeAuthorizationMessageCommandInput
| GetAccessKeyInfoCommandInput
| GetCallerIdentityCommandInput
| GetDelegatedAccessTokenCommandInput
| GetFederationTokenCommandInput
| GetSessionTokenCommandInput
| GetWebIdentityTokenCommandInput;
export type ServiceOutputTypes =
| AssumeRoleCommandOutput
| AssumeRoleWithSAMLCommandOutput
| AssumeRoleWithWebIdentityCommandOutput
| AssumeRootCommandOutput
| DecodeAuthorizationMessageCommandOutput
| GetAccessKeyInfoCommandOutput
| GetCallerIdentityCommandOutput
| GetDelegatedAccessTokenCommandOutput
| GetFederationTokenCommandOutput
| GetSessionTokenCommandOutput
| GetWebIdentityTokenCommandOutput;
export interface ClientDefaults
extends Partial<__SmithyConfiguration<__HttpHandlerOptions>> {
requestHandler?: __HttpHandlerUserInput;
sha256?: __ChecksumConstructor | __HashConstructor;
urlParser?: __UrlParser;
bodyLengthChecker?: __BodyLengthCalculator;
streamCollector?: __StreamCollector;
base64Decoder?: __Decoder;
base64Encoder?: __Encoder;
utf8Decoder?: __Decoder;
utf8Encoder?: __Encoder;
runtime?: string;
disableHostPrefix?: boolean;
serviceId?: string;
useDualstackEndpoint?: boolean | __Provider<boolean>;
useFipsEndpoint?: boolean | __Provider<boolean>;
region?: string | __Provider<string>;
profile?: string;
defaultUserAgentProvider?: __Provider<__UserAgent>;
credentialDefaultProvider?: (input: any) => AwsCredentialIdentityProvider;
maxAttempts?: number | __Provider<number>;
retryMode?: string | __Provider<string>;
logger?: __Logger;
extensions?: RuntimeExtension[];
defaultsMode?: __DefaultsMode | __Provider<__DefaultsMode>;
}
export type STSClientConfigType = Partial<
__SmithyConfiguration<__HttpHandlerOptions>
> &
ClientDefaults &
UserAgentInputConfig &
RetryInputConfig &
RegionInputConfig &
HostHeaderInputConfig &
EndpointInputConfig<EndpointParameters> &
HttpAuthSchemeInputConfig &
ClientInputEndpointParameters;
export interface STSClientConfig extends STSClientConfigType {}
export type STSClientResolvedConfigType =
__SmithyResolvedConfiguration<__HttpHandlerOptions> &
Required<ClientDefaults> &
RuntimeExtensionsConfig &
UserAgentResolvedConfig &
RetryResolvedConfig &
RegionResolvedConfig &
HostHeaderResolvedConfig &
EndpointResolvedConfig<EndpointParameters> &
HttpAuthSchemeResolvedConfig &
ClientResolvedEndpointParameters;
export interface STSClientResolvedConfig extends STSClientResolvedConfigType {}
export declare class STSClient extends __Client<
__HttpHandlerOptions,
ServiceInputTypes,
ServiceOutputTypes,
STSClientResolvedConfig
> {
readonly config: STSClientResolvedConfig;
constructor(...[configuration]: __CheckOptionalClientConfig<STSClientConfig>);
destroy(): void;
}

View File

@@ -0,0 +1,32 @@
import {
AwsCredentialIdentity,
AwsCredentialIdentityProvider,
HttpAuthScheme,
} from "@smithy/types";
import { STSHttpAuthSchemeProvider } from "./httpAuthSchemeProvider";
export interface HttpAuthExtensionConfiguration {
setHttpAuthScheme(httpAuthScheme: HttpAuthScheme): void;
httpAuthSchemes(): HttpAuthScheme[];
setHttpAuthSchemeProvider(
httpAuthSchemeProvider: STSHttpAuthSchemeProvider
): void;
httpAuthSchemeProvider(): STSHttpAuthSchemeProvider;
setCredentials(
credentials: AwsCredentialIdentity | AwsCredentialIdentityProvider
): void;
credentials():
| AwsCredentialIdentity
| AwsCredentialIdentityProvider
| undefined;
}
export type HttpAuthRuntimeConfig = Partial<{
httpAuthSchemes: HttpAuthScheme[];
httpAuthSchemeProvider: STSHttpAuthSchemeProvider;
credentials: AwsCredentialIdentity | AwsCredentialIdentityProvider;
}>;
export declare const getHttpAuthExtensionConfiguration: (
runtimeConfig: HttpAuthRuntimeConfig
) => HttpAuthExtensionConfiguration;
export declare const resolveHttpAuthRuntimeConfig: (
config: HttpAuthExtensionConfiguration
) => HttpAuthRuntimeConfig;

View File

@@ -0,0 +1,57 @@
import {
AwsSdkSigV4AuthInputConfig,
AwsSdkSigV4AuthResolvedConfig,
AwsSdkSigV4PreviouslyResolved,
} from "@aws-sdk/core/httpAuthSchemes";
import {
Client,
HandlerExecutionContext,
HttpAuthScheme,
HttpAuthSchemeParameters,
HttpAuthSchemeParametersProvider,
HttpAuthSchemeProvider,
Provider,
} from "@smithy/types";
import { STSClientResolvedConfig } from "../STSClient";
export interface STSHttpAuthSchemeParameters extends HttpAuthSchemeParameters {
region?: string;
}
export interface STSHttpAuthSchemeParametersProvider
extends HttpAuthSchemeParametersProvider<
STSClientResolvedConfig,
HandlerExecutionContext,
STSHttpAuthSchemeParameters,
object
> {}
export declare const defaultSTSHttpAuthSchemeParametersProvider: (
config: STSClientResolvedConfig,
context: HandlerExecutionContext,
input: object
) => Promise<STSHttpAuthSchemeParameters>;
export interface STSHttpAuthSchemeProvider
extends HttpAuthSchemeProvider<STSHttpAuthSchemeParameters> {}
export declare const defaultSTSHttpAuthSchemeProvider: STSHttpAuthSchemeProvider;
export interface StsAuthInputConfig {}
export interface StsAuthResolvedConfig {
stsClientCtor: new (clientConfig: any) => Client<any, any, any>;
}
export declare const resolveStsAuthConfig: <T>(
input: T & StsAuthInputConfig
) => T & StsAuthResolvedConfig;
export interface HttpAuthSchemeInputConfig
extends StsAuthInputConfig,
AwsSdkSigV4AuthInputConfig {
authSchemePreference?: string[] | Provider<string[]>;
httpAuthSchemes?: HttpAuthScheme[];
httpAuthSchemeProvider?: STSHttpAuthSchemeProvider;
}
export interface HttpAuthSchemeResolvedConfig
extends StsAuthResolvedConfig,
AwsSdkSigV4AuthResolvedConfig {
readonly authSchemePreference: Provider<string[]>;
readonly httpAuthSchemes: HttpAuthScheme[];
readonly httpAuthSchemeProvider: STSHttpAuthSchemeProvider;
}
export declare const resolveHttpAuthSchemeConfig: <T>(
config: T & HttpAuthSchemeInputConfig & AwsSdkSigV4PreviouslyResolved
) => T & HttpAuthSchemeResolvedConfig;

View File

@@ -0,0 +1,47 @@
import { Command as $Command } from "@smithy/smithy-client";
import { MetadataBearer as __MetadataBearer } from "@smithy/types";
import { AssumeRoleRequest, AssumeRoleResponse } from "../models/models_0";
import {
ServiceInputTypes,
ServiceOutputTypes,
STSClientResolvedConfig,
} from "../STSClient";
export { __MetadataBearer };
export { $Command };
export interface AssumeRoleCommandInput extends AssumeRoleRequest {}
export interface AssumeRoleCommandOutput
extends AssumeRoleResponse,
__MetadataBearer {}
declare const AssumeRoleCommand_base: {
new (
input: AssumeRoleCommandInput
): import("@smithy/smithy-client").CommandImpl<
AssumeRoleCommandInput,
AssumeRoleCommandOutput,
STSClientResolvedConfig,
ServiceInputTypes,
ServiceOutputTypes
>;
new (
input: AssumeRoleCommandInput
): import("@smithy/smithy-client").CommandImpl<
AssumeRoleCommandInput,
AssumeRoleCommandOutput,
STSClientResolvedConfig,
ServiceInputTypes,
ServiceOutputTypes
>;
getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
};
export declare class AssumeRoleCommand extends AssumeRoleCommand_base {
protected static __types: {
api: {
input: AssumeRoleRequest;
output: AssumeRoleResponse;
};
sdk: {
input: AssumeRoleCommandInput;
output: AssumeRoleCommandOutput;
};
};
}

View File

@@ -0,0 +1,51 @@
import { Command as $Command } from "@smithy/smithy-client";
import { MetadataBearer as __MetadataBearer } from "@smithy/types";
import {
AssumeRoleWithSAMLRequest,
AssumeRoleWithSAMLResponse,
} from "../models/models_0";
import {
ServiceInputTypes,
ServiceOutputTypes,
STSClientResolvedConfig,
} from "../STSClient";
export { __MetadataBearer };
export { $Command };
export interface AssumeRoleWithSAMLCommandInput
extends AssumeRoleWithSAMLRequest {}
export interface AssumeRoleWithSAMLCommandOutput
extends AssumeRoleWithSAMLResponse,
__MetadataBearer {}
declare const AssumeRoleWithSAMLCommand_base: {
new (
input: AssumeRoleWithSAMLCommandInput
): import("@smithy/smithy-client").CommandImpl<
AssumeRoleWithSAMLCommandInput,
AssumeRoleWithSAMLCommandOutput,
STSClientResolvedConfig,
ServiceInputTypes,
ServiceOutputTypes
>;
new (
input: AssumeRoleWithSAMLCommandInput
): import("@smithy/smithy-client").CommandImpl<
AssumeRoleWithSAMLCommandInput,
AssumeRoleWithSAMLCommandOutput,
STSClientResolvedConfig,
ServiceInputTypes,
ServiceOutputTypes
>;
getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
};
export declare class AssumeRoleWithSAMLCommand extends AssumeRoleWithSAMLCommand_base {
protected static __types: {
api: {
input: AssumeRoleWithSAMLRequest;
output: AssumeRoleWithSAMLResponse;
};
sdk: {
input: AssumeRoleWithSAMLCommandInput;
output: AssumeRoleWithSAMLCommandOutput;
};
};
}

View File

@@ -0,0 +1,51 @@
import { Command as $Command } from "@smithy/smithy-client";
import { MetadataBearer as __MetadataBearer } from "@smithy/types";
import {
AssumeRoleWithWebIdentityRequest,
AssumeRoleWithWebIdentityResponse,
} from "../models/models_0";
import {
ServiceInputTypes,
ServiceOutputTypes,
STSClientResolvedConfig,
} from "../STSClient";
export { __MetadataBearer };
export { $Command };
export interface AssumeRoleWithWebIdentityCommandInput
extends AssumeRoleWithWebIdentityRequest {}
export interface AssumeRoleWithWebIdentityCommandOutput
extends AssumeRoleWithWebIdentityResponse,
__MetadataBearer {}
declare const AssumeRoleWithWebIdentityCommand_base: {
new (
input: AssumeRoleWithWebIdentityCommandInput
): import("@smithy/smithy-client").CommandImpl<
AssumeRoleWithWebIdentityCommandInput,
AssumeRoleWithWebIdentityCommandOutput,
STSClientResolvedConfig,
ServiceInputTypes,
ServiceOutputTypes
>;
new (
input: AssumeRoleWithWebIdentityCommandInput
): import("@smithy/smithy-client").CommandImpl<
AssumeRoleWithWebIdentityCommandInput,
AssumeRoleWithWebIdentityCommandOutput,
STSClientResolvedConfig,
ServiceInputTypes,
ServiceOutputTypes
>;
getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
};
export declare class AssumeRoleWithWebIdentityCommand extends AssumeRoleWithWebIdentityCommand_base {
protected static __types: {
api: {
input: AssumeRoleWithWebIdentityRequest;
output: AssumeRoleWithWebIdentityResponse;
};
sdk: {
input: AssumeRoleWithWebIdentityCommandInput;
output: AssumeRoleWithWebIdentityCommandOutput;
};
};
}

View File

@@ -0,0 +1,47 @@
import { Command as $Command } from "@smithy/smithy-client";
import { MetadataBearer as __MetadataBearer } from "@smithy/types";
import { AssumeRootRequest, AssumeRootResponse } from "../models/models_0";
import {
ServiceInputTypes,
ServiceOutputTypes,
STSClientResolvedConfig,
} from "../STSClient";
export { __MetadataBearer };
export { $Command };
export interface AssumeRootCommandInput extends AssumeRootRequest {}
export interface AssumeRootCommandOutput
extends AssumeRootResponse,
__MetadataBearer {}
declare const AssumeRootCommand_base: {
new (
input: AssumeRootCommandInput
): import("@smithy/smithy-client").CommandImpl<
AssumeRootCommandInput,
AssumeRootCommandOutput,
STSClientResolvedConfig,
ServiceInputTypes,
ServiceOutputTypes
>;
new (
input: AssumeRootCommandInput
): import("@smithy/smithy-client").CommandImpl<
AssumeRootCommandInput,
AssumeRootCommandOutput,
STSClientResolvedConfig,
ServiceInputTypes,
ServiceOutputTypes
>;
getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
};
export declare class AssumeRootCommand extends AssumeRootCommand_base {
protected static __types: {
api: {
input: AssumeRootRequest;
output: AssumeRootResponse;
};
sdk: {
input: AssumeRootCommandInput;
output: AssumeRootCommandOutput;
};
};
}

View File

@@ -0,0 +1,51 @@
import { Command as $Command } from "@smithy/smithy-client";
import { MetadataBearer as __MetadataBearer } from "@smithy/types";
import {
DecodeAuthorizationMessageRequest,
DecodeAuthorizationMessageResponse,
} from "../models/models_0";
import {
ServiceInputTypes,
ServiceOutputTypes,
STSClientResolvedConfig,
} from "../STSClient";
export { __MetadataBearer };
export { $Command };
export interface DecodeAuthorizationMessageCommandInput
extends DecodeAuthorizationMessageRequest {}
export interface DecodeAuthorizationMessageCommandOutput
extends DecodeAuthorizationMessageResponse,
__MetadataBearer {}
declare const DecodeAuthorizationMessageCommand_base: {
new (
input: DecodeAuthorizationMessageCommandInput
): import("@smithy/smithy-client").CommandImpl<
DecodeAuthorizationMessageCommandInput,
DecodeAuthorizationMessageCommandOutput,
STSClientResolvedConfig,
ServiceInputTypes,
ServiceOutputTypes
>;
new (
input: DecodeAuthorizationMessageCommandInput
): import("@smithy/smithy-client").CommandImpl<
DecodeAuthorizationMessageCommandInput,
DecodeAuthorizationMessageCommandOutput,
STSClientResolvedConfig,
ServiceInputTypes,
ServiceOutputTypes
>;
getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
};
export declare class DecodeAuthorizationMessageCommand extends DecodeAuthorizationMessageCommand_base {
protected static __types: {
api: {
input: DecodeAuthorizationMessageRequest;
output: DecodeAuthorizationMessageResponse;
};
sdk: {
input: DecodeAuthorizationMessageCommandInput;
output: DecodeAuthorizationMessageCommandOutput;
};
};
}

View File

@@ -0,0 +1,50 @@
import { Command as $Command } from "@smithy/smithy-client";
import { MetadataBearer as __MetadataBearer } from "@smithy/types";
import {
GetAccessKeyInfoRequest,
GetAccessKeyInfoResponse,
} from "../models/models_0";
import {
ServiceInputTypes,
ServiceOutputTypes,
STSClientResolvedConfig,
} from "../STSClient";
export { __MetadataBearer };
export { $Command };
export interface GetAccessKeyInfoCommandInput extends GetAccessKeyInfoRequest {}
export interface GetAccessKeyInfoCommandOutput
extends GetAccessKeyInfoResponse,
__MetadataBearer {}
declare const GetAccessKeyInfoCommand_base: {
new (
input: GetAccessKeyInfoCommandInput
): import("@smithy/smithy-client").CommandImpl<
GetAccessKeyInfoCommandInput,
GetAccessKeyInfoCommandOutput,
STSClientResolvedConfig,
ServiceInputTypes,
ServiceOutputTypes
>;
new (
input: GetAccessKeyInfoCommandInput
): import("@smithy/smithy-client").CommandImpl<
GetAccessKeyInfoCommandInput,
GetAccessKeyInfoCommandOutput,
STSClientResolvedConfig,
ServiceInputTypes,
ServiceOutputTypes
>;
getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
};
export declare class GetAccessKeyInfoCommand extends GetAccessKeyInfoCommand_base {
protected static __types: {
api: {
input: GetAccessKeyInfoRequest;
output: GetAccessKeyInfoResponse;
};
sdk: {
input: GetAccessKeyInfoCommandInput;
output: GetAccessKeyInfoCommandOutput;
};
};
}

View File

@@ -0,0 +1,51 @@
import { Command as $Command } from "@smithy/smithy-client";
import { MetadataBearer as __MetadataBearer } from "@smithy/types";
import {
GetCallerIdentityRequest,
GetCallerIdentityResponse,
} from "../models/models_0";
import {
ServiceInputTypes,
ServiceOutputTypes,
STSClientResolvedConfig,
} from "../STSClient";
export { __MetadataBearer };
export { $Command };
export interface GetCallerIdentityCommandInput
extends GetCallerIdentityRequest {}
export interface GetCallerIdentityCommandOutput
extends GetCallerIdentityResponse,
__MetadataBearer {}
declare const GetCallerIdentityCommand_base: {
new (
input: GetCallerIdentityCommandInput
): import("@smithy/smithy-client").CommandImpl<
GetCallerIdentityCommandInput,
GetCallerIdentityCommandOutput,
STSClientResolvedConfig,
ServiceInputTypes,
ServiceOutputTypes
>;
new (
...[input]: [] | [GetCallerIdentityCommandInput]
): import("@smithy/smithy-client").CommandImpl<
GetCallerIdentityCommandInput,
GetCallerIdentityCommandOutput,
STSClientResolvedConfig,
ServiceInputTypes,
ServiceOutputTypes
>;
getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
};
export declare class GetCallerIdentityCommand extends GetCallerIdentityCommand_base {
protected static __types: {
api: {
input: {};
output: GetCallerIdentityResponse;
};
sdk: {
input: GetCallerIdentityCommandInput;
output: GetCallerIdentityCommandOutput;
};
};
}

View File

@@ -0,0 +1,51 @@
import { Command as $Command } from "@smithy/smithy-client";
import { MetadataBearer as __MetadataBearer } from "@smithy/types";
import {
GetDelegatedAccessTokenRequest,
GetDelegatedAccessTokenResponse,
} from "../models/models_0";
import {
ServiceInputTypes,
ServiceOutputTypes,
STSClientResolvedConfig,
} from "../STSClient";
export { __MetadataBearer };
export { $Command };
export interface GetDelegatedAccessTokenCommandInput
extends GetDelegatedAccessTokenRequest {}
export interface GetDelegatedAccessTokenCommandOutput
extends GetDelegatedAccessTokenResponse,
__MetadataBearer {}
declare const GetDelegatedAccessTokenCommand_base: {
new (
input: GetDelegatedAccessTokenCommandInput
): import("@smithy/smithy-client").CommandImpl<
GetDelegatedAccessTokenCommandInput,
GetDelegatedAccessTokenCommandOutput,
STSClientResolvedConfig,
ServiceInputTypes,
ServiceOutputTypes
>;
new (
input: GetDelegatedAccessTokenCommandInput
): import("@smithy/smithy-client").CommandImpl<
GetDelegatedAccessTokenCommandInput,
GetDelegatedAccessTokenCommandOutput,
STSClientResolvedConfig,
ServiceInputTypes,
ServiceOutputTypes
>;
getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
};
export declare class GetDelegatedAccessTokenCommand extends GetDelegatedAccessTokenCommand_base {
protected static __types: {
api: {
input: GetDelegatedAccessTokenRequest;
output: GetDelegatedAccessTokenResponse;
};
sdk: {
input: GetDelegatedAccessTokenCommandInput;
output: GetDelegatedAccessTokenCommandOutput;
};
};
}

View File

@@ -0,0 +1,51 @@
import { Command as $Command } from "@smithy/smithy-client";
import { MetadataBearer as __MetadataBearer } from "@smithy/types";
import {
GetFederationTokenRequest,
GetFederationTokenResponse,
} from "../models/models_0";
import {
ServiceInputTypes,
ServiceOutputTypes,
STSClientResolvedConfig,
} from "../STSClient";
export { __MetadataBearer };
export { $Command };
export interface GetFederationTokenCommandInput
extends GetFederationTokenRequest {}
export interface GetFederationTokenCommandOutput
extends GetFederationTokenResponse,
__MetadataBearer {}
declare const GetFederationTokenCommand_base: {
new (
input: GetFederationTokenCommandInput
): import("@smithy/smithy-client").CommandImpl<
GetFederationTokenCommandInput,
GetFederationTokenCommandOutput,
STSClientResolvedConfig,
ServiceInputTypes,
ServiceOutputTypes
>;
new (
input: GetFederationTokenCommandInput
): import("@smithy/smithy-client").CommandImpl<
GetFederationTokenCommandInput,
GetFederationTokenCommandOutput,
STSClientResolvedConfig,
ServiceInputTypes,
ServiceOutputTypes
>;
getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
};
export declare class GetFederationTokenCommand extends GetFederationTokenCommand_base {
protected static __types: {
api: {
input: GetFederationTokenRequest;
output: GetFederationTokenResponse;
};
sdk: {
input: GetFederationTokenCommandInput;
output: GetFederationTokenCommandOutput;
};
};
}

View File

@@ -0,0 +1,50 @@
import { Command as $Command } from "@smithy/smithy-client";
import { MetadataBearer as __MetadataBearer } from "@smithy/types";
import {
GetSessionTokenRequest,
GetSessionTokenResponse,
} from "../models/models_0";
import {
ServiceInputTypes,
ServiceOutputTypes,
STSClientResolvedConfig,
} from "../STSClient";
export { __MetadataBearer };
export { $Command };
export interface GetSessionTokenCommandInput extends GetSessionTokenRequest {}
export interface GetSessionTokenCommandOutput
extends GetSessionTokenResponse,
__MetadataBearer {}
declare const GetSessionTokenCommand_base: {
new (
input: GetSessionTokenCommandInput
): import("@smithy/smithy-client").CommandImpl<
GetSessionTokenCommandInput,
GetSessionTokenCommandOutput,
STSClientResolvedConfig,
ServiceInputTypes,
ServiceOutputTypes
>;
new (
...[input]: [] | [GetSessionTokenCommandInput]
): import("@smithy/smithy-client").CommandImpl<
GetSessionTokenCommandInput,
GetSessionTokenCommandOutput,
STSClientResolvedConfig,
ServiceInputTypes,
ServiceOutputTypes
>;
getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
};
export declare class GetSessionTokenCommand extends GetSessionTokenCommand_base {
protected static __types: {
api: {
input: GetSessionTokenRequest;
output: GetSessionTokenResponse;
};
sdk: {
input: GetSessionTokenCommandInput;
output: GetSessionTokenCommandOutput;
};
};
}

View File

@@ -0,0 +1,51 @@
import { Command as $Command } from "@smithy/smithy-client";
import { MetadataBearer as __MetadataBearer } from "@smithy/types";
import {
GetWebIdentityTokenRequest,
GetWebIdentityTokenResponse,
} from "../models/models_0";
import {
ServiceInputTypes,
ServiceOutputTypes,
STSClientResolvedConfig,
} from "../STSClient";
export { __MetadataBearer };
export { $Command };
export interface GetWebIdentityTokenCommandInput
extends GetWebIdentityTokenRequest {}
export interface GetWebIdentityTokenCommandOutput
extends GetWebIdentityTokenResponse,
__MetadataBearer {}
declare const GetWebIdentityTokenCommand_base: {
new (
input: GetWebIdentityTokenCommandInput
): import("@smithy/smithy-client").CommandImpl<
GetWebIdentityTokenCommandInput,
GetWebIdentityTokenCommandOutput,
STSClientResolvedConfig,
ServiceInputTypes,
ServiceOutputTypes
>;
new (
input: GetWebIdentityTokenCommandInput
): import("@smithy/smithy-client").CommandImpl<
GetWebIdentityTokenCommandInput,
GetWebIdentityTokenCommandOutput,
STSClientResolvedConfig,
ServiceInputTypes,
ServiceOutputTypes
>;
getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
};
export declare class GetWebIdentityTokenCommand extends GetWebIdentityTokenCommand_base {
protected static __types: {
api: {
input: GetWebIdentityTokenRequest;
output: GetWebIdentityTokenResponse;
};
sdk: {
input: GetWebIdentityTokenCommandInput;
output: GetWebIdentityTokenCommandOutput;
};
};
}

View File

@@ -0,0 +1,11 @@
export * from "./AssumeRoleCommand";
export * from "./AssumeRoleWithSAMLCommand";
export * from "./AssumeRoleWithWebIdentityCommand";
export * from "./AssumeRootCommand";
export * from "./DecodeAuthorizationMessageCommand";
export * from "./GetAccessKeyInfoCommand";
export * from "./GetCallerIdentityCommand";
export * from "./GetDelegatedAccessTokenCommand";
export * from "./GetFederationTokenCommand";
export * from "./GetSessionTokenCommand";
export * from "./GetWebIdentityTokenCommand";

View File

@@ -0,0 +1,19 @@
import { Pluggable } from "@smithy/types";
import {
DefaultCredentialProvider,
RoleAssumer,
RoleAssumerWithWebIdentity,
STSRoleAssumerOptions,
} from "./defaultStsRoleAssumers";
import { ServiceInputTypes, ServiceOutputTypes } from "./STSClient";
export declare const getDefaultRoleAssumer: (
stsOptions?: STSRoleAssumerOptions,
stsPlugins?: Pluggable<ServiceInputTypes, ServiceOutputTypes>[]
) => RoleAssumer;
export declare const getDefaultRoleAssumerWithWebIdentity: (
stsOptions?: STSRoleAssumerOptions,
stsPlugins?: Pluggable<ServiceInputTypes, ServiceOutputTypes>[]
) => RoleAssumerWithWebIdentity;
export declare const decorateDefaultCredentialProvider: (
provider: DefaultCredentialProvider
) => DefaultCredentialProvider;

Some files were not shown because too many files have changed in this diff Show More