ibm-cloud-sdk-core
Version:
Core functionality to support SDKs generated with IBM's OpenAPI SDK Generator.
174 lines (173 loc) • 8.25 kB
JavaScript
/**
* (C) Copyright IBM Corp. 2021, 2025.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
var __extends = (this && this.__extends) || (function () {
var extendStatics = function (d, b) {
extendStatics = Object.setPrototypeOf ||
({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; };
return extendStatics(d, b);
};
return function (d, b) {
if (typeof b !== "function" && b !== null)
throw new TypeError("Class extends value " + String(b) + " is not a constructor or null");
extendStatics(d, b);
function __() { this.constructor = d; }
d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
};
})();
Object.defineProperty(exports, "__esModule", { value: true });
exports.ContainerTokenManager = void 0;
var helpers_1 = require("../utils/helpers");
var file_reading_helpers_1 = require("../utils/file-reading-helpers");
var build_user_agent_1 = require("../../lib/build-user-agent");
var iam_request_based_token_manager_1 = require("./iam-request-based-token-manager");
var DEFAULT_CR_TOKEN_FILEPATH1 = '/var/run/secrets/tokens/vault-token';
var DEFAULT_CR_TOKEN_FILEPATH2 = '/var/run/secrets/tokens/sa-token';
var DEFAULT_CR_TOKEN_FILEPATH3 = '/var/run/secrets/codeengine.cloud.ibm.com/compute-resource-token/token';
/**
* The ContainerTokenManager retrieves a compute resource token from a file on the container. This token
* is used to perform the necessary interactions with the IAM token service to obtain and store a suitable
* bearer (access) token.
*/
var ContainerTokenManager = /** @class */ (function (_super) {
__extends(ContainerTokenManager, _super);
/**
*
* Create a new ContainerTokenManager instance.
*
* @param options - Configuration options.
* This should be an object containing these fields:
* - url: (optional) the endpoint URL for the token service (default: "https://iam.cloud.ibm.com")
* - crTokenFilename: (optional) the file containing the compute resource token (default: "/var/run/secrets/tokens/vault-token")
* - iamProfileName: (optional) the name of the IAM trusted profile associated with the compute resource token (required if iamProfileId is not specified)
* - iamProfileId]: (optional) the ID of the IAM trusted profile associated with the compute resource token (required if iamProfileName is not specified)
* - headers: (optional) a set of HTTP headers to be sent with each request to the token service
* - disableSslVerification: (optional) a flag that indicates whether verification of the token server's SSL certificate
* should be disabled or not
* - clientId: (optional) the "clientId" and "clientSecret" fields are used to form a Basic
* Authorization header to be included in each request to the token service
* - clientSecret: (optional) the "clientId" and "clientSecret" fields are used to form a Basic
* Authorization header to be included in each request to the token service
*
* @throws Error: the configuration options were invalid
*/
function ContainerTokenManager(options) {
var _this = this;
// all parameters are optional
options = options || {};
_this = _super.call(this, options) || this;
if (!(0, helpers_1.atLeastOne)(options.iamProfileId, options.iamProfileName)) {
throw new Error('At least one of `iamProfileName` or `iamProfileId` must be specified.');
}
if (options.crTokenFilename) {
_this.crTokenFilename = options.crTokenFilename;
}
if (options.iamProfileName) {
_this.iamProfileName = options.iamProfileName;
}
if (options.iamProfileId) {
_this.iamProfileId = options.iamProfileId;
}
// construct form data for the cr token use case of iam token management
_this.formData.grant_type = 'urn:ibm:params:oauth:grant-type:cr-token';
_this.userAgent = (0, build_user_agent_1.buildUserAgent)('container-authenticator');
return _this;
}
/**
* Sets the "crTokenFilename" field
* @param crTokenFilename - the name of the file containing the CR token
*/
ContainerTokenManager.prototype.setCrTokenFilename = function (crTokenFilename) {
this.crTokenFilename = crTokenFilename;
};
/**
* Sets the name of the IAM trusted profile to use when obtaining an access token from the IAM token server.
* @param iamProfileName - the name of the IAM trusted profile
*/
ContainerTokenManager.prototype.setIamProfileName = function (iamProfileName) {
this.iamProfileName = iamProfileName;
};
/**
* Sets the ID of the IAM trusted profile to use when obtaining an access token from the IAM token server.
* @param iamProfileId - the ID of the IAM trusted profile
*/
ContainerTokenManager.prototype.setIamProfileId = function (iamProfileId) {
this.iamProfileId = iamProfileId;
};
/**
* Returns the most recently stored refresh token.
*
* @returns the refresh token
*/
ContainerTokenManager.prototype.getRefreshToken = function () {
return this.refreshToken;
};
/**
* Request an IAM token using a compute resource token.
*/
ContainerTokenManager.prototype.requestToken = function () {
this.formData.cr_token = this.getCrToken();
// these member variables can be reset, set them in the form data right
// before making the request to ensure they're up to date
if (this.iamProfileName) {
this.formData.profile_name = this.iamProfileName;
}
if (this.iamProfileId) {
this.formData.profile_id = this.iamProfileId;
}
return _super.prototype.requestToken.call(this);
};
/**
* Retrieves the CR token from a file using this search order:
* 1. User-specified filename (if specified)
* 2. Default file #1 (/var/run/secrets/tokens/vault-token)
* 3. Default file #2 (/var/run/secrets/tokens/sa-token)
* 4. Default file #3 (/var/run/secrets/codeengine.cloud.ibm.com/compute-resource-token/token)
* First one found wins.
*
* @returns the CR token value as a string
*/
ContainerTokenManager.prototype.getCrToken = function () {
try {
var crToken = null;
if (this.crTokenFilename) {
// If the user specified a filename, then try to read from that.
crToken = (0, file_reading_helpers_1.readCrTokenFile)(this.crTokenFilename);
}
else {
// If no filename was specified, then try our two default filenames.
try {
crToken = (0, file_reading_helpers_1.readCrTokenFile)(DEFAULT_CR_TOKEN_FILEPATH1);
}
catch (err) {
try {
crToken = (0, file_reading_helpers_1.readCrTokenFile)(DEFAULT_CR_TOKEN_FILEPATH2);
}
catch (err1) {
crToken = (0, file_reading_helpers_1.readCrTokenFile)(DEFAULT_CR_TOKEN_FILEPATH3);
}
}
}
return crToken;
}
catch (err) {
throw new Error("Error reading CR token file: ".concat(err.toString()));
}
};
return ContainerTokenManager;
}(iam_request_based_token_manager_1.IamRequestBasedTokenManager));
exports.ContainerTokenManager = ContainerTokenManager;
;