UNPKG

snowflake-sdk

Version:

Node.js driver for Snowflake

github.com/snowflakedb/snowflake-connector-nodejs

snowflakedb/snowflake-connector-nodejs

84 lines 3.84 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
"use strict"; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); const attestation_aws_1 = require("./attestation_aws"); const types_1 = require("./types"); const errors_1 = require("../../errors"); const logger_1 = __importDefault(require("../../logger")); const attestation_azure_1 = require("./attestation_azure"); const attestation_gcp_1 = require("./attestation_gcp"); const authentication_types_1 = __importDefault(require("../authentication_types")); class AuthWorkloadIdentity { connectionConfig; tokenProvider; token; constructor(connectionConfig) { this.connectionConfig = connectionConfig; if (process.env.SF_ENABLE_EXPERIMENTAL_AUTHENTICATION !== 'true') { throw new Error('Experimental Workload identity authentication is not enabled. Please set env var SF_ENABLE_EXPERIMENTAL_AUTHENTICATION=true to use this authenticator.'); } } async autodetectToken() { const oidcToken = this.connectionConfig.token; if (oidcToken) { return { provider: types_1.WorkloadIdentityProvider.OIDC, token: oidcToken }; } const awsCredentials = await (0, attestation_aws_1.getAwsAttestationToken)(); if (awsCredentials) { return { provider: types_1.WorkloadIdentityProvider.AWS, token: awsCredentials }; } const azureToken = await (0, attestation_azure_1.getAzureAttestationToken)(this.connectionConfig.workloadIdentityAzureEntraIdResource); if (azureToken) { return { provider: types_1.WorkloadIdentityProvider.AZURE, token: azureToken }; } const gcpToken = await (0, attestation_gcp_1.getGcpAttestationToken)(); if (gcpToken) { return { provider: types_1.WorkloadIdentityProvider.GCP, token: gcpToken }; } return null; } updateBody(body) { body.data['AUTHENTICATOR'] = authentication_types_1.default.WORKLOAD_IDENTITY; body.data['PROVIDER'] = this.tokenProvider; body.data['TOKEN'] = this.token; } async authenticate() { let provider = this.connectionConfig.workloadIdentityProvider; let token = null; if (provider === types_1.WorkloadIdentityProvider.AWS) { token = await (0, attestation_aws_1.getAwsAttestationToken)(); } else if (provider === types_1.WorkloadIdentityProvider.AZURE) { token = await (0, attestation_azure_1.getAzureAttestationToken)(this.connectionConfig.workloadIdentityAzureEntraIdResource); } else if (provider === types_1.WorkloadIdentityProvider.GCP) { token = await (0, attestation_gcp_1.getGcpAttestationToken)(); } else if (provider === types_1.WorkloadIdentityProvider.OIDC) { token = this.connectionConfig.token ?? null; } else { const detectedCredentials = await this.autodetectToken(); if (detectedCredentials) { provider = detectedCredentials.provider; token = detectedCredentials.token; } } if (!token || !provider) { throw (0, errors_1.createInvalidParameterError)(errors_1.ErrorCode.ERR_CONN_CREATE_MISSING_WORKLOAD_IDENTITY_CREDENTIALS, provider ?? 'auto-detect'); } else { (0, logger_1.default)().debug(`AuthWorkloadIdentity using provider=${provider}`); this.tokenProvider = provider; this.token = token; } } async reauthenticate(body) { await this.authenticate(); this.updateBody(body); } } exports.default = AuthWorkloadIdentity; //# sourceMappingURL=auth_workload_identity.js.map