in src/providers/oidc_role_arn.ts [184:237]
async getCredentialsInternal(): Promise<Session> {
const oidcToken = await readFileAsync(this.oidcTokenFilePath, 'utf8');
const builder = Request.builder().withMethod('POST').withProtocol('https').withHost(this.stsEndpoint).withReadTimeout(this.readTimeout || 10000).withConnectTimeout(this.connectTimeout || 5000);
const queries = Object.create(null);
queries['Version'] = '2015-04-01';
queries['Action'] = 'AssumeRoleWithOIDC';
queries['Format'] = 'JSON';
queries['Timestamp'] = utils.timestamp();
builder.withQueries(queries);
const bodyForm = Object.create(null);
bodyForm['OIDCProviderArn'] = this.oidcProviderArn;
bodyForm['OIDCToken'] = oidcToken;
bodyForm['RoleArn'] = this.roleArn;
if (this.policy) {
bodyForm['Policy'] = this.policy;
}
bodyForm['RoleSessionName'] = this.roleSessionName
bodyForm['DurationSeconds'] = `${this.durationSeconds}`;
builder.withBodyForm(bodyForm);
const headers = Object.create(null);
// set headers
headers['Content-Type'] = 'application/x-www-form-urlencoded';
builder.withHeaders(headers);
const request = builder.build();
const response = await this.doRequest(request);
if (response.statusCode !== 200) {
throw new Error(`get sts token failed with OIDC: ${response.body.toString('utf8')}`)
}
let data;
try {
data = JSON.parse(response.body.toString('utf8'));
} catch (ex) {
throw new Error(`get sts token failed with OIDC, unmarshal fail: ${response.body.toString('utf8')}`);
}
if (!data || !data.Credentials) {
throw new Error(`get sts token failed with OIDC`);
}
const { AccessKeyId, AccessKeySecret, SecurityToken, Expiration } = data.Credentials;
if (!AccessKeyId || !AccessKeySecret || !SecurityToken) {
throw new Error('get sts token failed with OIDC')
}
return new Session(AccessKeyId, AccessKeySecret, SecurityToken, Expiration);
}