UNPKG

@gtrevorrow/oci-token-exchange

Version:

OCI Usder Principal Token Exchange for GitHub Actions, GitLab CI, and Bitbucket Pipelines

github.com/gtrevorrow/oci-token-exchange-action/blob/README.md

gtrevorrow/oci-token-exchange-action

110 lines (109 loc) 2.58 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
/** * Copyright (c) 2021, 2025 Oracle and/or its affiliates. * Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. */ import crypto from "crypto"; /** * Configuration for token exchange operation */ export interface TokenExchangeConfig { /** * URL of the token exchange endpoint */ tokenExchangeURL: string; /** * Base64-encoded client credentials */ clientCred: string; /** * Base64-encoded DER format of the OCI public key */ ociPublicKey: string; /** * JWT token to be exchanged */ subjectToken: string; /** * Number of retry attempts for token exchange */ retryCount: number; /** * Current attempt number (used internally for retries) */ currentAttempt?: number; } /** * Configuration for the OCI CLI setup */ export interface OciConfig { /** * Custom home directory for OCI config. Defaults to $HOME if not set. */ ociHome?: string; /** * Profile name header for OCI config. Defaults to 'DEFAULT'. */ ociProfile?: string; /** * Private key used for OCI authentication */ privateKey: crypto.KeyObject; /** * Public key used for OCI authentication */ publicKey: crypto.KeyObject; /** * User principal security token obtained from token exchange */ upstToken: string; /** * Fingerprint of the public key */ ociFingerprint: string; /** * OCI tenancy OCID */ ociTenancy: string; /** * OCI region identifier */ ociRegion: string; } /** * Input configuration for the CLI/Action */ export interface ConfigInputs { oidc_client_identifier: string; domain_base_url: string; oci_tenancy: string; oci_region: string; /** * Base folder for OCI config (.oci) directory. Defaults to $HOME. */ oci_home?: string; /** * Name of the OCI CLI profile to create. Defaults to 'DEFAULT'. */ oci_profile?: string; } /** * Response from token exchange operation */ export interface UpstTokenResponse { /** * The exchanged UPST token */ token: string; } /** * Custom error class for token exchange errors */ export declare class TokenExchangeError extends Error { readonly cause?: unknown | undefined; /** * Creates a new TokenExchangeError * @param message Error message * @param cause Underlying cause of the error */ constructor(message: string, cause?: unknown | undefined); }