UNPKG

ibm-cloud-sdk-core

Version:

Core functionality to support SDKs generated with IBM's OpenAPI SDK Generator.

github.com/IBM/node-sdk-core

IBM/node-sdk-core

174 lines (173 loc) 8.25 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
"use strict"; /** * (C) Copyright IBM Corp. 2021, 2025. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ var __extends = (this && this.__extends) || (function () { var extendStatics = function (d, b) { extendStatics = Object.setPrototypeOf || ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) || function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; }; return extendStatics(d, b); }; return function (d, b) { if (typeof b !== "function" && b !== null) throw new TypeError("Class extends value " + String(b) + " is not a constructor or null"); extendStatics(d, b); function __() { this.constructor = d; } d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __()); }; })(); Object.defineProperty(exports, "__esModule", { value: true }); exports.ContainerTokenManager = void 0; var helpers_1 = require("../utils/helpers"); var file_reading_helpers_1 = require("../utils/file-reading-helpers"); var build_user_agent_1 = require("../../lib/build-user-agent"); var iam_request_based_token_manager_1 = require("./iam-request-based-token-manager"); var DEFAULT_CR_TOKEN_FILEPATH1 = '/var/run/secrets/tokens/vault-token'; var DEFAULT_CR_TOKEN_FILEPATH2 = '/var/run/secrets/tokens/sa-token'; var DEFAULT_CR_TOKEN_FILEPATH3 = '/var/run/secrets/codeengine.cloud.ibm.com/compute-resource-token/token'; /** * The ContainerTokenManager retrieves a compute resource token from a file on the container. This token * is used to perform the necessary interactions with the IAM token service to obtain and store a suitable * bearer (access) token. */ var ContainerTokenManager = /** @class */ (function (_super) { __extends(ContainerTokenManager, _super); /** * * Create a new ContainerTokenManager instance. * * @param options - Configuration options. * This should be an object containing these fields: * - url: (optional) the endpoint URL for the token service (default: "https://iam.cloud.ibm.com") * - crTokenFilename: (optional) the file containing the compute resource token (default: "/var/run/secrets/tokens/vault-token") * - iamProfileName: (optional) the name of the IAM trusted profile associated with the compute resource token (required if iamProfileId is not specified) * - iamProfileId]: (optional) the ID of the IAM trusted profile associated with the compute resource token (required if iamProfileName is not specified) * - headers: (optional) a set of HTTP headers to be sent with each request to the token service * - disableSslVerification: (optional) a flag that indicates whether verification of the token server's SSL certificate * should be disabled or not * - clientId: (optional) the "clientId" and "clientSecret" fields are used to form a Basic * Authorization header to be included in each request to the token service * - clientSecret: (optional) the "clientId" and "clientSecret" fields are used to form a Basic * Authorization header to be included in each request to the token service * * @throws Error: the configuration options were invalid */ function ContainerTokenManager(options) { var _this = this; // all parameters are optional options = options || {}; _this = _super.call(this, options) || this; if (!(0, helpers_1.atLeastOne)(options.iamProfileId, options.iamProfileName)) { throw new Error('At least one of `iamProfileName` or `iamProfileId` must be specified.'); } if (options.crTokenFilename) { _this.crTokenFilename = options.crTokenFilename; } if (options.iamProfileName) { _this.iamProfileName = options.iamProfileName; } if (options.iamProfileId) { _this.iamProfileId = options.iamProfileId; } // construct form data for the cr token use case of iam token management _this.formData.grant_type = 'urn:ibm:params:oauth:grant-type:cr-token'; _this.userAgent = (0, build_user_agent_1.buildUserAgent)('container-authenticator'); return _this; } /** * Sets the "crTokenFilename" field * @param crTokenFilename - the name of the file containing the CR token */ ContainerTokenManager.prototype.setCrTokenFilename = function (crTokenFilename) { this.crTokenFilename = crTokenFilename; }; /** * Sets the name of the IAM trusted profile to use when obtaining an access token from the IAM token server. * @param iamProfileName - the name of the IAM trusted profile */ ContainerTokenManager.prototype.setIamProfileName = function (iamProfileName) { this.iamProfileName = iamProfileName; }; /** * Sets the ID of the IAM trusted profile to use when obtaining an access token from the IAM token server. * @param iamProfileId - the ID of the IAM trusted profile */ ContainerTokenManager.prototype.setIamProfileId = function (iamProfileId) { this.iamProfileId = iamProfileId; }; /** * Returns the most recently stored refresh token. * * @returns the refresh token */ ContainerTokenManager.prototype.getRefreshToken = function () { return this.refreshToken; }; /** * Request an IAM token using a compute resource token. */ ContainerTokenManager.prototype.requestToken = function () { this.formData.cr_token = this.getCrToken(); // these member variables can be reset, set them in the form data right // before making the request to ensure they're up to date if (this.iamProfileName) { this.formData.profile_name = this.iamProfileName; } if (this.iamProfileId) { this.formData.profile_id = this.iamProfileId; } return _super.prototype.requestToken.call(this); }; /** * Retrieves the CR token from a file using this search order: * 1. User-specified filename (if specified) * 2. Default file #1 (/var/run/secrets/tokens/vault-token) * 3. Default file #2 (/var/run/secrets/tokens/sa-token) * 4. Default file #3 (/var/run/secrets/codeengine.cloud.ibm.com/compute-resource-token/token) * First one found wins. * * @returns the CR token value as a string */ ContainerTokenManager.prototype.getCrToken = function () { try { var crToken = null; if (this.crTokenFilename) { // If the user specified a filename, then try to read from that. crToken = (0, file_reading_helpers_1.readCrTokenFile)(this.crTokenFilename); } else { // If no filename was specified, then try our two default filenames. try { crToken = (0, file_reading_helpers_1.readCrTokenFile)(DEFAULT_CR_TOKEN_FILEPATH1); } catch (err) { try { crToken = (0, file_reading_helpers_1.readCrTokenFile)(DEFAULT_CR_TOKEN_FILEPATH2); } catch (err1) { crToken = (0, file_reading_helpers_1.readCrTokenFile)(DEFAULT_CR_TOKEN_FILEPATH3); } } } return crToken; } catch (err) { throw new Error("Error reading CR token file: ".concat(err.toString())); } }; return ContainerTokenManager; }(iam_request_based_token_manager_1.IamRequestBasedTokenManager)); exports.ContainerTokenManager = ContainerTokenManager;