@rushstack/rush-azure-storage-build-cache-plugin/lib/AzureStorageAuthentication.js

Rush plugin for Azure storage cloud build cache

"use strict";
// Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT license.
// See LICENSE in the project root for license information.
Object.defineProperty(exports, "__esModule", { value: true });
exports.AzureStorageAuthentication = void 0;
const storage_blob_1 = require("@azure/storage-blob");
const AzureAuthenticationBase_1 = require("./AzureAuthenticationBase");
const SAS_TTL_MILLISECONDS = 7 * 24 * 60 * 60 * 1000; // Seven days
/**
 * @public
 */
class AzureStorageAuthentication extends AzureAuthenticationBase_1.AzureAuthenticationBase {
    constructor(options) {
        super(options);
        this._credentialNameForCache = 'azure-blob-storage';
        this._credentialKindForLogging = 'Storage';
        this._storageAccountName = options.storageAccountName;
        this._storageContainerName = options.storageContainerName;
        this._isCacheWriteAllowedByConfiguration = options.isCacheWriteAllowed;
        this._storageAccountUrl = `https://${this._storageAccountName}.blob.core.windows.net/`;
    }
    _getCacheIdParts() {
        const cacheIdParts = [this._storageAccountName, this._storageContainerName];
        if (this._isCacheWriteAllowedByConfiguration) {
            cacheIdParts.push('cacheWriteAllowed');
        }
        return cacheIdParts;
    }
    async _getCredentialFromTokenAsync(terminal, tokenCredential) {
        const blobServiceClient = new storage_blob_1.BlobServiceClient(this._storageAccountUrl, tokenCredential);
        const startsOn = new Date();
        const expires = new Date(Date.now() + SAS_TTL_MILLISECONDS);
        const key = await blobServiceClient.getUserDelegationKey(startsOn, expires);
        const containerSasPermissions = new storage_blob_1.ContainerSASPermissions();
        containerSasPermissions.read = true;
        containerSasPermissions.write = this._isCacheWriteAllowedByConfiguration;
        const queryParameters = (0, storage_blob_1.generateBlobSASQueryParameters)({
            startsOn: startsOn,
            expiresOn: expires,
            permissions: containerSasPermissions,
            containerName: this._storageContainerName
        }, key, this._storageAccountName);
        return {
            credentialString: queryParameters.toString(),
            expiresOn: queryParameters.expiresOn
        };
    }
}
exports.AzureStorageAuthentication = AzureStorageAuthentication;
//# sourceMappingURL=AzureStorageAuthentication.js.map