()
| 446 | ${$} |
| 447 | ${P} |
| 448 | `+await q.crypto.sha256DigestHex(X),D=await aa9(q.crypto,q.securityCredentials.secretAccessKey,A,q.region,z),f=await Id6(q.crypto,D,W),G=`${mhq} Credential=${q.securityCredentials.accessKeyId}/${P}, SignedHeaders=${J}, Signature=${(0,phq.fromArrayBufferToHex)(f)}`;return{amzDate:O.date?void 0:$,authorizationHeader:G,canonicalQuerystring:q.canonicalQuerystring}}});var chq=m((OG6)=>{var an=OG6&&OG6.__classPrivateFieldGet||function(q,K,_,z){if(_==="a"&&!z)throw TypeError("Private accessor was defined without a getter");if(typeof K==="function"?q!==K||!z:!K.has(q))throw TypeError("Cannot read private member from an object whose class did not declare it");return _==="m"?z:_==="a"?z.call(q):z?z.value:K.get(q)},Yu,vT1,Uhq,Qhq,aW8,kT1;Object.defineProperty(OG6,"__esModule",{value:!0});OG6.DefaultAwsSecurityCredentialsSupplier=void 0;class dhq{constructor(q){Yu.add(this),this.regionUrl=q.regionUrl,this.securityCredentialsUrl=q.securityCredentialsUrl,this.imdsV2SessionTokenUrl=q.imdsV2SessionTokenUrl,this.additionalGaxiosOptions=q.additionalGaxiosOptions}async getAwsRegion(q){if(an(this,Yu,"a",aW8))return an(this,Yu,"a",aW8);let K={};if(!an(this,Yu,"a",aW8)&&this.imdsV2SessionTokenUrl)K["x-aws-ec2-metadata-token"]=await an(this,Yu,"m",vT1).call(this,q.transporter);if(!this.regionUrl)throw Error('Unable to determine AWS region due to missing "options.credential_source.region_url"');let _={...this.additionalGaxiosOptions,url:this.regionUrl,method:"GET",responseType:"text",headers:K},z=await q.transporter.request(_);return z.data.substr(0,z.data.length-1)}async getAwsSecurityCredentials(q){if(an(this,Yu,"a",kT1))return an(this,Yu,"a",kT1);let K={};if(this.imdsV2SessionTokenUrl)K["x-aws-ec2-metadata-token"]=await an(this,Yu,"m",vT1).call(this,q.transporter);let _=await an(this,Yu,"m",Uhq).call(this,K,q.transporter),z=await an(this,Yu,"m",Qhq).call(this,_,K,q.transporter);return{accessKeyId:z.AccessKeyId,secretAccessKey:z.SecretAccessKey,token:z.Token}}}OG6.DefaultAwsSecurityCredentialsSupplier=dhq;Yu=new WeakSet,vT1=async function(K){let _={...this.additionalGaxiosOptions,url:this.imdsV2SessionTokenUrl,method:"PUT",responseType:"text",headers:{"x-aws-ec2-metadata-token-ttl-seconds":"300"}};return(await K.request(_)).data},Uhq=async function(K,_){if(!this.securityCredentialsUrl)throw Error('Unable to determine AWS role name due to missing "options.credential_source.url"');let z={...this.additionalGaxiosOptions,url:this.securityCredentialsUrl,method:"GET",responseType:"text",headers:K};return(await _.request(z)).data},Qhq=async function(K,_,z){return(await z.request({...this.additionalGaxiosOptions,url:`${this.securityCredentialsUrl}/${K}`,responseType:"json",headers:_})).data},aW8=function(){return process.env.AWS_REGION||process.env.AWS_DEFAULT_REGION||null},kT1=function(){if(process.env.AWS_ACCESS_KEY_ID&&process.env.AWS_SECRET_ACCESS_KEY)return{accessKeyId:process.env.AWS_ACCESS_KEY_ID,secretAccessKey:process.env.AWS_SECRET_ACCESS_KEY,token:process.env.AWS_SESSION_TOKEN};return null}});var VT1=m((wG6)=>{var ta9=wG6&&wG6.__classPrivateFieldGet||function(q,K,_,z){if(_==="a"&&!z)throw TypeError("Private accessor was defined without a getter");if(typeof K==="function"?q!==K||!z:!K.has(q))throw TypeError("Cannot read private member from an object whose class did not declare it");return _==="m"?z:_==="a"?z.call(q):z?z.value:K.get(q)},sW8,nhq;Object.defineProperty(wG6,"__esModule",{value:!0});wG6.AwsClient=void 0;var ea9=TT1(),qs9=o86(),Ks9=chq(),lhq=i86();class ud6 extends qs9.BaseExternalAccountClient{constructor(q,K){super(q,K);let _=(0,lhq.originalOrCamelOptions)(q),z=_.get("credential_source"),Y=_.get("aws_security_credentials_supplier");if(!z&&!Y)throw Error("A credential source or AWS security credentials supplier must be specified.");if(z&&Y)throw Error("Only one of credential source or AWS security credentials supplier can be specified.");if(Y)this.awsSecurityCredentialsSupplier=Y,this.regionalCredVerificationUrl=ta9(sW8,sW8,"f",nhq),this.credentialSourceType="programmatic";else{let $=(0,lhq.originalOrCamelOptions)(z);this.environmentId=$.get("environment_id");let A=$.get("region_url"),O=$.get("url"),w=$.get("imdsv2_session_token_url");this.awsSecurityCredentialsSupplier=new Ks9.DefaultAwsSecurityCredentialsSupplier({regionUrl:A,securityCredentialsUrl:O,imdsV2SessionTokenUrl:w}),this.regionalCredVerificationUrl=$.get("regional_cred_verification_url"),this.credentialSourceType="aws",this.validateEnvironmentId()}this.awsRequestSigner=null,this.region=""}validateEnvironmentId(){var q;let K=(q=this.environmentId)===null||q===void 0?void 0:q.match(/^(aws)(\d+)$/);if(!K||!this.regionalCredVerificationUrl)throw Error('No valid AWS "credential_source" provided');else if(parseInt(K[2],10)!==1)throw Error(`aws version "${K[2]}" is not supported in the current build.`)}async retrieveSubjectToken(){if(!this.awsRequestSigner)this.region=await this.awsSecurityCredentialsSupplier.getAwsRegion(this.supplierContext),this.awsRequestSigner=new ea9.AwsRequestSigner(async()=>{return this.awsSecurityCredentialsSupplier.getAwsSecurityCredentials(this.supplierContext)},this.region);let q=await this.awsRequestSigner.getRequestOptions({...sW8.RETRY_CONFIG,url:this.regionalCredVerificationUrl.replace("{region}",this.region),method:"POST"}),K=[],_=Object.assign({"x-goog-cloud-target-resource":this.audience},q.headers);for(let z in _)K.push({key:z,value:_[z]});return encodeURIComponent(JSON.stringify({url:q.url,method:q.method,headers:K}))}}wG6.AwsClient=ud6;sW8=ud6;nhq={value:"https://sts.{region}.amazonaws.com?Action=GetCallerIdentity&Version=2011-06-15"};ud6.AWS_EC2_METADATA_IPV4_ADDRESS="169.254.169.254";ud6.AWS_EC2_METADATA_IPV6_ADDRESS="fd00:ec2::254"});var CT1=m((ohq)=>{Object.defineProperty(ohq,"__esModule",{value:!0});ohq.InvalidSubjectTokenError=ohq.InvalidMessageFieldError=ohq.InvalidCodeFieldError=ohq.InvalidTokenTypeFieldError=ohq.InvalidExpirationTimeFieldError=ohq.InvalidSuccessFieldError=ohq.InvalidVersionFieldError=ohq.ExecutableResponseError=ohq.ExecutableResponse=void 0;var tW8="urn:ietf:params:oauth:token-type:saml2",NT1="urn:ietf:params:oauth:token-type:id_token",yT1="urn:ietf:params:oauth:token-type:jwt";class ihq{constructor(q){if(!q.version)throw new ET1("Executable response must contain a 'version' field.");if(q.success===void 0)throw new LT1("Executable response must contain a 'success' field.");if(this.version=q.version,this.success=q.success,this.success){if(this.expirationTime=q.expiration_time,this.tokenType=q.token_type,this.tokenType!==tW8&&this.tokenType!==NT1&&this.tokenType!==yT1)throw new RT1(`Executable response must contain a 'token_type' field when successful and it must be one of ${NT1}, ${yT1}, or ${tW8}.`);if(this.tokenType===tW8){if(!q.saml_response)throw new eW8(`Executable response must contain a 'saml_response' field when token_type=${tW8}.`);this.subjectToken=q.saml_response}else{if(!q.id_token)throw new eW8(`Executable response must contain a 'id_token' field when token_type=${NT1} or ${yT1}.`);this.subjectToken=q.id_token}}else{if(!q.code)throw new hT1("Executable response must contain a 'code' field when unsuccessful.");if(!q.message)throw new ST1("Executable response must contain a 'message' field when unsuccessful.");this.errorCode=q.code,this.errorMessage=q.message}}isValid(){return!this.isExpired()&&this.success}isExpired(){return this.expirationTime!==void 0&&this.expirationTime<Math.round(Date.now()/1000)}}ohq.ExecutableResponse=ihq;class sn extends Error{constructor(q){super(q);Object.setPrototypeOf(this,new.target.prototype)}}ohq.ExecutableResponseError=sn;class ET1 extends sn{}ohq.InvalidVersionFieldError=ET1;class LT1 extends sn{}ohq.InvalidSuccessFieldError=LT1;class rhq extends sn{}ohq.InvalidExpirationTimeFieldError=rhq;class RT1 extends sn{}ohq.InvalidTokenTypeFieldError=RT1;class hT1 extends sn{}ohq.InvalidCodeFieldError=hT1;class ST1 extends sn{}ohq.InvalidMessageFieldError=ST1;class eW8 extends sn{}ohq.InvalidSubjectTokenError=eW8});var ehq=m((shq)=>{Object.defineProperty(shq,"__esModule",{value:!0});shq.PluggableAuthHandler=void 0;var Hs9=qD8(),w$6=CT1(),Js9=U6("child_process"),bT1=U6("fs");class xT1{constructor(q){if(!q.command)throw Error("No command provided.");if(this.commandComponents=xT1.parseCommand(q.command),this.timeoutMillis=q.timeoutMillis,!this.timeoutMillis)throw Error("No timeoutMillis provided.");this.outputFile=q.outputFile}retrieveResponseFromExecutable(q){return new Promise((K,_)=>{let z=Js9.spawn(this.commandComponents[0],this.commandComponents.slice(1),{env:{...process.env,...Object.fromEntries(q)}}),Y="";z.stdout.on("data",(A)=>{Y+=A}),z.stderr.on("data",(A)=>{Y+=A});let $=setTimeout(()=>{return z.removeAllListeners(),z.kill(),_(Error("The executable failed to finish within the timeout specified."))},this.timeoutMillis);z.on("close",(A)=>{if(clearTimeout($),A===0)try{let O=JSON.parse(Y),w=new w$6.ExecutableResponse(O);return K(w)}catch(O){if(O instanceof w$6.ExecutableResponseError)return _(O);return _(new w$6.ExecutableResponseError(`The executable returned an invalid response: ${Y}`))}else return _(new Hs9.ExecutableError(Y,A.toString()))})})}async retrieveCachedResponse(){if(!this.outputFile||this.outputFile.length===0)return;let q;try{q=await bT1.promises.realpath(this.outputFile)}catch(_){return}if(!(await bT1.promises.lstat(q)).isFile())return;let K=await bT1.promises.readFile(q,{encoding:"utf8"});if(K==="")return;try{let _=JSON.parse(K);if(new w$6.ExecutableResponse(_).isValid())return new w$6.ExecutableResponse(_);return}catch(_){if(_ instanceof w$6.ExecutableResponseError)throw _;throw new w$6.ExecutableResponseError(`The output file contained an invalid response: ${K}`)}}static parseCommand(q){let K=q.match(/(?:[^\s"]+|"[^"]*")+/g);if(!K)throw Error(`Provided command: "${q}" could not be parsed.`);for(let _=0;_<K.length;_++)if(K[_][0]==='"'&&K[_].slice(-1)==='"')K[_]=K[_].slice(1,-1);return K}}shq.PluggableAuthHandler=xT1});var qD8=m((YSq)=>{Object.defineProperty(YSq,"__esModule",{value:!0});YSq.PluggableAuthClient=YSq.ExecutableError=void 0;var Ms9=o86(),Xs9=CT1(),Ps9=ehq();class IT1 extends Error{constructor(q,K){super(`The executable failed with exit code: ${K} and error message: ${q}.`);this.code=K,Object.setPrototypeOf(this,new.target.prototype)}}YSq.ExecutableError=IT1;var Ws9=30000,qSq=5000,KSq=120000,Ds9="GOOGLE_EXTERNAL_ACCOUNT_ALLOW_EXECUTABLES",_Sq=1;class zSq extends Ms9.BaseExternalAccountClient{constructor(q,K){super(q,K);if(!q.credential_source.executable)throw Error('No valid Pluggable Auth "credential_source" provided.');if(this.command=q.credential_source.executable.command,!this.command)throw Error('No valid Pluggable Auth "credential_source" provided.');if(q.credential_source.executable.timeout_millis===void 0)this.timeoutMillis=Ws9;else if(this.timeoutMillis=q.credential_source.executable.timeout_millis,this.timeoutMillis<qSq||this.timeoutMillis>KSq)throw Error(`Timeout must be between ${qSq} and ${KSq} milliseconds.`);this.outputFile=q.credential_source.executable.output_file,this.handler=new Ps9.PluggableAuthHandler({command:this.command,timeoutMillis:this.timeoutMillis,outputFile:this.outputFile}),this.credentialSourceType="executable"}async retrieveSubjectToken(){if(process.env[Ds9]!=="1")throw Error("Pluggable Auth executables need to be explicitly allowed to run by setting the GOOGLE_EXTERNAL_ACCOUNT_ALLOW_EXECUTABLES environment Variable to 1.");let q=void 0;if(this.outputFile)q=await this.handler.retrieveCachedResponse();if(!q){let K=new Map;if(K.set("GOOGLE_EXTERNAL_ACCOUNT_AUDIENCE",this.audience),K.set("GOOGLE_EXTERNAL_ACCOUNT_TOKEN_TYPE",this.subjectTokenType),K.set("GOOGLE_EXTERNAL_ACCOUNT_INTERACTIVE","0"),this.outputFile)K.set("GOOGLE_EXTERNAL_ACCOUNT_OUTPUT_FILE",this.outputFile);let _=this.getServiceAccountEmail();if(_)K.set("GOOGLE_EXTERNAL_ACCOUNT_IMPERSONATED_EMAIL",_);q=await this.handler.retrieveResponseFromExecutable(K)}if(q.version>_Sq)throw Error(`Version of executable is not currently supported, maximum supported version is ${_Sq}.`);if(!q.success)throw new IT1(q.errorMessage,q.errorCode);if(this.outputFile){if(!q.expirationTime)throw new Xs9.InvalidExpirationTimeFieldError("The executable response must contain the `expiration_time` field for successful responses when an output_file has been specified in the configuration.")}if(q.isExpired())throw Error("Executable response is expired.");return q.subjectToken}}YSq.PluggableAuthClient=zSq});var uT1=m((OSq)=>{Object.defineProperty(OSq,"__esModule",{value:!0});OSq.ExternalAccountClient=void 0;var Zs9=o86(),Gs9=GT1(),Ts9=VT1(),vs9=qD8();class ASq{constructor(){throw Error("ExternalAccountClients should be initialized via: ExternalAccountClient.fromJSON(), directly via explicit constructors, eg. new AwsClient(options), new IdentityPoolClient(options), newPluggableAuthClientOptions, or via new GoogleAuth(options).getClient()")}static fromJSON(q,K){var _,z;if(q&&q.type===Zs9.EXTERNAL_ACCOUNT_TYPE)if((_=q.credential_source)===null||_===void 0?void 0:_.environment_id)return new Ts9.AwsClient(q,K);else if((z=q.credential_source)===null||z===void 0?void 0:z.executable)return new vs9.PluggableAuthClient(q,K);else return new Gs9.IdentityPoolClient(q,K);else return null}}OSq.ExternalAccountClient=ASq});var XSq=m((JSq)=>{Object.defineProperty(JSq,"__esModule",{value:!0});JSq.ExternalAccountAuthorizedUserClient=JSq.EXTERNAL_ACCOUNT_AUTHORIZED_USER_TYPE=void 0;var ks9=tg(),jSq=AT1(),Vs9=eI(),Ns9=U6("stream"),ys9=o86();JSq.EXTERNAL_ACCOUNT_AUTHORIZED_USER_TYPE="external_account_authorized_user";var Es9="https://sts.{universeDomain}/v1/oauthtoken";class mT1 extends jSq.OAuthClientAuthHandler{constructor(q,K,_){super(_);this.url=q,this.transporter=K}async refreshToken(q,K){let _=new URLSearchParams({grant_type:"refresh_token",refresh_token:q}),z={"Content-Type":"application/x-www-form-urlencoded",...K},Y={...mT1.RETRY_CONFIG,url:this.url,method:"POST",headers:z,data:_.toString(),responseType:"json"};this.applyClientAuthenticationOptions(Y);try{let $=await this.transporter.request(Y),A=$.data;return A.res=$,A}catch($){if($ instanceof Vs9.GaxiosError&&$.response)throw(0,jSq.getErrorFromOAuthErrorResponse)($.response.data,$);throw $}}}class HSq extends ks9.AuthClient{constructor(q,K){var _;super({...q,...K});if(q.universe_domain)this.universeDomain=q.universe_domain;this.refreshToken=q.refresh_token;let z={confidentialClientType:"basic",clientId:q.client_id,clientSecret:q.client_secret};if(this.externalAccountAuthorizedUserHandler=new mT1((_=q.token_url)!==null&&_!==void 0?_:Es9.replace("{universeDomain}",this.universeDomain),this.transporter,z),this.cachedAccessToken=null,this.quotaProjectId=q.quota_project_id,typeof(K===null||K===void 0?void 0:K.eagerRefreshThresholdMillis)!=="number")this.eagerRefreshThresholdMillis=ys9.EXPIRATION_TIME_OFFSET;else this.eagerRefreshThresholdMillis=K.eagerRefreshThresholdMillis;this.forceRefreshOnFailure=!!(K===null||K===void 0?void 0:K.forceRefreshOnFailure)}async getAccessToken(){if(!this.cachedAccessToken||this.isExpired(this.cachedAccessToken))await this.refreshAccessTokenAsync();return{token:this.cachedAccessToken.access_token,res:this.cachedAccessToken.res}}async getRequestHeaders(){let K={Authorization:`Bearer ${(await this.getAccessToken()).token}`};return this.addSharedMetadataHeaders(K)}request(q,K){if(K)this.requestAsync(q).then((_)=>K(null,_),(_)=>{return K(_,_.response)});else return this.requestAsync(q)}async requestAsync(q,K=!1){let _;try{let z=await this.getRequestHeaders();if(q.headers=q.headers||{},z&&z["x-goog-user-project"])q.headers["x-goog-user-project"]=z["x-goog-user-project"];if(z&&z.Authorization)q.headers.Authorization=z.Authorization;_=await this.transporter.request(q)}catch(z){let Y=z.response;if(Y){let $=Y.status,A=Y.config.data instanceof Ns9.Readable;if(!K&&($===401||$===403)&&!A&&this.forceRefreshOnFailure)return await this.refreshAccessTokenAsync(),await this.requestAsync(q,!0)}throw z}return _}async refreshAccessTokenAsync(){let q=await this.externalAccountAuthorizedUserHandler.refreshToken(this.refreshToken);if(this.cachedAccessToken={access_token:q.access_token,expiry_date:new Date().getTime()+q.expires_in*1000,res:q.res},q.refresh_token!==void 0)this.refreshToken=q.refresh_token;return this.cachedAccessToken}isExpired(q){let K=new Date().getTime();return q.expiry_date?K>=q.expiry_date-this.eagerRefreshThresholdMillis:!1}}JSq.ExternalAccountAuthorizedUserClient=HSq});var GSq=m((cf)=>{var a86=cf&&cf.__classPrivateFieldGet||function(q,K,_,z){if(_==="a"&&!z)throw TypeError("Private accessor was defined without a getter");if(typeof K==="function"?q!==K||!z:!K.has(q))throw TypeError("Cannot read private member from an object whose class did not declare it");return _==="m"?z:_==="a"?z.call(q):z?z.value:K.get(q)},PSq=cf&&cf.__classPrivateFieldSet||function(q,K,_,z,Y){if(z==="m")throw TypeError("Private method is not writable");if(z==="a"&&!Y)throw TypeError("Private accessor was defined without a setter");if(typeof K==="function"?q!==K||!Y:!K.has(q))throw TypeError("Cannot write private member to an object whose class did not declare it");return z==="a"?Y.call(q,_):Y?Y.value=_:K.set(q,_),_},s86,JG6,MG6,ZSq;Object.defineProperty(cf,"__esModule",{value:!0});cf.GoogleAuth=cf.GoogleAuthExceptionMessages=cf.CLOUD_SDK_CLIENT_ID=void 0;var Rs9=U6("child_process"),Bd6=U6("fs"),md6=Rd6(),hs9=U6("os"),BT1=U6("path"),Ss9=KG6(),Cs9=Sd6(),bs9=rG1(),xs9=oG1(),Is9=aG1(),jG6=zT1(),WSq=YT1(),HG6=$T1(),us9=uT1(),pd6=o86(),pT1=tg(),DSq=XSq(),fSq=i86();cf.CLOUD_SDK_CLIENT_ID="764086051850-6qr4p6gpi6hn506pt8ejuq83di341hur.apps.googleusercontent.com";cf.GoogleAuthExceptionMessages={API_KEY_WITH_CREDENTIALS:"API Keys and Credentials are mutually exclusive authentication methods and cannot be used together.",NO_PROJECT_ID_FOUND:`Unable to detect a Project Id in the current environment. |
| 449 | To learn more about authentication and Google APIs, visit: |
| 450 | https://cloud.google.com/docs/authentication/getting-started`,NO_CREDENTIALS_FOUND:`Unable to find credentials in current environment. |
| 451 | To learn more about authentication and Google APIs, visit: |
no test coverage detected