@id-wispera/core 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +268 -0
- package/dist/audit.d.ts +68 -0
- package/dist/audit.d.ts.map +1 -0
- package/dist/audit.js +252 -0
- package/dist/audit.js.map +1 -0
- package/dist/auth/index.d.ts +8 -0
- package/dist/auth/index.d.ts.map +1 -0
- package/dist/auth/index.js +8 -0
- package/dist/auth/index.js.map +1 -0
- package/dist/auth/keychainProvider.d.ts +40 -0
- package/dist/auth/keychainProvider.d.ts.map +1 -0
- package/dist/auth/keychainProvider.js +98 -0
- package/dist/auth/keychainProvider.js.map +1 -0
- package/dist/auth/passphraseProvider.d.ts +80 -0
- package/dist/auth/passphraseProvider.d.ts.map +1 -0
- package/dist/auth/passphraseProvider.js +188 -0
- package/dist/auth/passphraseProvider.js.map +1 -0
- package/dist/auth/sessionTokenManager.d.ts +106 -0
- package/dist/auth/sessionTokenManager.d.ts.map +1 -0
- package/dist/auth/sessionTokenManager.js +263 -0
- package/dist/auth/sessionTokenManager.js.map +1 -0
- package/dist/delegation.d.ts +81 -0
- package/dist/delegation.d.ts.map +1 -0
- package/dist/delegation.js +299 -0
- package/dist/delegation.js.map +1 -0
- package/dist/detection.d.ts +35 -0
- package/dist/detection.d.ts.map +1 -0
- package/dist/detection.js +474 -0
- package/dist/detection.js.map +1 -0
- package/dist/exec/execManager.d.ts +60 -0
- package/dist/exec/execManager.d.ts.map +1 -0
- package/dist/exec/execManager.js +226 -0
- package/dist/exec/execManager.js.map +1 -0
- package/dist/exec/index.d.ts +6 -0
- package/dist/exec/index.d.ts.map +1 -0
- package/dist/exec/index.js +5 -0
- package/dist/exec/index.js.map +1 -0
- package/dist/index.d.ts +35 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +98 -0
- package/dist/index.js.map +1 -0
- package/dist/integrations/base.d.ts +64 -0
- package/dist/integrations/base.d.ts.map +1 -0
- package/dist/integrations/base.js +173 -0
- package/dist/integrations/base.js.map +1 -0
- package/dist/integrations/envMapping.d.ts +47 -0
- package/dist/integrations/envMapping.d.ts.map +1 -0
- package/dist/integrations/envMapping.js +174 -0
- package/dist/integrations/envMapping.js.map +1 -0
- package/dist/integrations/google-a2a.d.ts +48 -0
- package/dist/integrations/google-a2a.d.ts.map +1 -0
- package/dist/integrations/google-a2a.js +108 -0
- package/dist/integrations/google-a2a.js.map +1 -0
- package/dist/integrations/index.d.ts +14 -0
- package/dist/integrations/index.d.ts.map +1 -0
- package/dist/integrations/index.js +14 -0
- package/dist/integrations/index.js.map +1 -0
- package/dist/integrations/langchain.d.ts +38 -0
- package/dist/integrations/langchain.d.ts.map +1 -0
- package/dist/integrations/langchain.js +45 -0
- package/dist/integrations/langchain.js.map +1 -0
- package/dist/integrations/openai-agents.d.ts +76 -0
- package/dist/integrations/openai-agents.d.ts.map +1 -0
- package/dist/integrations/openai-agents.js +95 -0
- package/dist/integrations/openai-agents.js.map +1 -0
- package/dist/integrations/slack.d.ts +59 -0
- package/dist/integrations/slack.d.ts.map +1 -0
- package/dist/integrations/slack.js +113 -0
- package/dist/integrations/slack.js.map +1 -0
- package/dist/integrations/types.d.ts +107 -0
- package/dist/integrations/types.d.ts.map +1 -0
- package/dist/integrations/types.js +6 -0
- package/dist/integrations/types.js.map +1 -0
- package/dist/locations.d.ts +157 -0
- package/dist/locations.d.ts.map +1 -0
- package/dist/locations.js +733 -0
- package/dist/locations.js.map +1 -0
- package/dist/passport.d.ts +70 -0
- package/dist/passport.d.ts.map +1 -0
- package/dist/passport.js +429 -0
- package/dist/passport.js.map +1 -0
- package/dist/policy.d.ts +80 -0
- package/dist/policy.d.ts.map +1 -0
- package/dist/policy.js +392 -0
- package/dist/policy.js.map +1 -0
- package/dist/providers/openclaw.d.ts +80 -0
- package/dist/providers/openclaw.d.ts.map +1 -0
- package/dist/providers/openclaw.js +712 -0
- package/dist/providers/openclaw.js.map +1 -0
- package/dist/provisioning/adminPassport.d.ts +51 -0
- package/dist/provisioning/adminPassport.d.ts.map +1 -0
- package/dist/provisioning/adminPassport.js +101 -0
- package/dist/provisioning/adminPassport.js.map +1 -0
- package/dist/provisioning/index.d.ts +81 -0
- package/dist/provisioning/index.d.ts.map +1 -0
- package/dist/provisioning/index.js +141 -0
- package/dist/provisioning/index.js.map +1 -0
- package/dist/provisioning/provider.d.ts +59 -0
- package/dist/provisioning/provider.d.ts.map +1 -0
- package/dist/provisioning/provider.js +52 -0
- package/dist/provisioning/provider.js.map +1 -0
- package/dist/provisioning/providers/anthropic.d.ts +32 -0
- package/dist/provisioning/providers/anthropic.d.ts.map +1 -0
- package/dist/provisioning/providers/anthropic.js +116 -0
- package/dist/provisioning/providers/anthropic.js.map +1 -0
- package/dist/provisioning/providers/aws.d.ts +29 -0
- package/dist/provisioning/providers/aws.d.ts.map +1 -0
- package/dist/provisioning/providers/aws.js +455 -0
- package/dist/provisioning/providers/aws.js.map +1 -0
- package/dist/provisioning/providers/azure-entra.d.ts +32 -0
- package/dist/provisioning/providers/azure-entra.d.ts.map +1 -0
- package/dist/provisioning/providers/azure-entra.js +312 -0
- package/dist/provisioning/providers/azure-entra.js.map +1 -0
- package/dist/provisioning/providers/github.d.ts +24 -0
- package/dist/provisioning/providers/github.d.ts.map +1 -0
- package/dist/provisioning/providers/github.js +219 -0
- package/dist/provisioning/providers/github.js.map +1 -0
- package/dist/provisioning/providers/google-cloud.d.ts +34 -0
- package/dist/provisioning/providers/google-cloud.d.ts.map +1 -0
- package/dist/provisioning/providers/google-cloud.js +366 -0
- package/dist/provisioning/providers/google-cloud.js.map +1 -0
- package/dist/provisioning/providers/openai.d.ts +29 -0
- package/dist/provisioning/providers/openai.d.ts.map +1 -0
- package/dist/provisioning/providers/openai.js +263 -0
- package/dist/provisioning/providers/openai.js.map +1 -0
- package/dist/provisioning/providers/sendgrid.d.ts +27 -0
- package/dist/provisioning/providers/sendgrid.d.ts.map +1 -0
- package/dist/provisioning/providers/sendgrid.js +186 -0
- package/dist/provisioning/providers/sendgrid.js.map +1 -0
- package/dist/provisioning/providers/twilio.d.ts +27 -0
- package/dist/provisioning/providers/twilio.d.ts.map +1 -0
- package/dist/provisioning/providers/twilio.js +194 -0
- package/dist/provisioning/providers/twilio.js.map +1 -0
- package/dist/provisioning/types.d.ts +274 -0
- package/dist/provisioning/types.d.ts.map +1 -0
- package/dist/provisioning/types.js +6 -0
- package/dist/provisioning/types.js.map +1 -0
- package/dist/sharing.d.ts +60 -0
- package/dist/sharing.d.ts.map +1 -0
- package/dist/sharing.js +305 -0
- package/dist/sharing.js.map +1 -0
- package/dist/types.d.ts +396 -0
- package/dist/types.d.ts.map +1 -0
- package/dist/types.js +88 -0
- package/dist/types.js.map +1 -0
- package/dist/utils.d.ts +45 -0
- package/dist/utils.d.ts.map +1 -0
- package/dist/utils.js +110 -0
- package/dist/utils.js.map +1 -0
- package/dist/vault.d.ts +151 -0
- package/dist/vault.d.ts.map +1 -0
- package/dist/vault.js +499 -0
- package/dist/vault.js.map +1 -0
- package/package.json +117 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"azure-entra.d.ts","sourceRoot":"","sources":["../../../src/provisioning/providers/azure-entra.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC;AAC1D,OAAO,EACL,oBAAoB,EACpB,oBAAoB,EACpB,mBAAmB,EACnB,kBAAkB,EAClB,cAAc,EAGf,MAAM,aAAa,CAAC;AAsCrB,qBAAa,kBAAmB,SAAQ,wBAAwB;IAC9D,QAAQ,CAAC,QAAQ,EAAE,oBAAoB,CAAiB;IAExD,QAAQ,CAAC,YAAY,EAAE,oBAAoB,CAQzC;IAEF,OAAO,CAAC,WAAW,CAAC,CAAS;IAEvB,SAAS,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IA4CpE,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,IAAI,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAkCrF,MAAM,CAAC,aAAa,EAAE,MAAM,EAAE,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,cAAc,CAAC;IAUpF,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IA4CpE,YAAY,IAAI,OAAO,CAAC;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;YAqBnD,iBAAiB;YA0BjB,kBAAkB;YA4ClB,cAAc;YAqCd,wBAAwB;CAmFvC"}
|
|
@@ -0,0 +1,312 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Azure Entra (formerly Azure AD) Provisioning Provider
|
|
3
|
+
* Creates app registrations and client secrets via Microsoft Graph API.
|
|
4
|
+
*/
|
|
5
|
+
import { BaseProvisioningProvider } from '../provider.js';
|
|
6
|
+
const GRAPH_URL = 'https://graph.microsoft.com/v1.0';
|
|
7
|
+
export class AzureEntraProvider extends BaseProvisioningProvider {
|
|
8
|
+
provider = 'azure-entra';
|
|
9
|
+
capabilities = {
|
|
10
|
+
canCreate: true,
|
|
11
|
+
canConfigurePermissions: true,
|
|
12
|
+
canRotate: true,
|
|
13
|
+
canRevoke: true,
|
|
14
|
+
canList: true,
|
|
15
|
+
supportsExpiry: true,
|
|
16
|
+
supportsScopedKeys: true,
|
|
17
|
+
};
|
|
18
|
+
accessToken;
|
|
19
|
+
async provision(request) {
|
|
20
|
+
this.ensureInitialized();
|
|
21
|
+
const config = request.config;
|
|
22
|
+
if (config.provider !== 'azure-entra') {
|
|
23
|
+
return {
|
|
24
|
+
success: false,
|
|
25
|
+
error: {
|
|
26
|
+
code: 'INVALID_CONFIG',
|
|
27
|
+
message: `Expected azure-entra config, got ${config.provider}`,
|
|
28
|
+
},
|
|
29
|
+
};
|
|
30
|
+
}
|
|
31
|
+
if (this.auth?.type !== 'oauth2') {
|
|
32
|
+
return {
|
|
33
|
+
success: false,
|
|
34
|
+
error: {
|
|
35
|
+
code: 'INVALID_AUTH',
|
|
36
|
+
message: 'Azure Entra provider requires oauth2 authentication (clientId + clientSecret + tenantId)',
|
|
37
|
+
},
|
|
38
|
+
};
|
|
39
|
+
}
|
|
40
|
+
try {
|
|
41
|
+
await this.ensureAccessToken(config.tenantId);
|
|
42
|
+
if (config.mode === 'create-app') {
|
|
43
|
+
return await this.createAppAndSecret(request, config);
|
|
44
|
+
}
|
|
45
|
+
else {
|
|
46
|
+
return await this.addSecretToApp(request, config);
|
|
47
|
+
}
|
|
48
|
+
}
|
|
49
|
+
catch (err) {
|
|
50
|
+
const message = err instanceof Error ? err.message : String(err);
|
|
51
|
+
return {
|
|
52
|
+
success: false,
|
|
53
|
+
error: {
|
|
54
|
+
code: 'PROVISIONING_FAILED',
|
|
55
|
+
message: `Azure Entra provisioning failed: ${message}`,
|
|
56
|
+
},
|
|
57
|
+
};
|
|
58
|
+
}
|
|
59
|
+
}
|
|
60
|
+
async list() {
|
|
61
|
+
this.ensureInitialized();
|
|
62
|
+
if (this.auth?.type !== 'oauth2') {
|
|
63
|
+
throw new Error('Azure Entra provider requires oauth2 authentication');
|
|
64
|
+
}
|
|
65
|
+
const tenantId = this.auth.tenantId;
|
|
66
|
+
if (!tenantId) {
|
|
67
|
+
throw new Error('tenantId is required for Azure Entra operations');
|
|
68
|
+
}
|
|
69
|
+
await this.ensureAccessToken(tenantId);
|
|
70
|
+
const response = await fetch(`${GRAPH_URL}/applications?$select=id,displayName,createdDateTime`, {
|
|
71
|
+
headers: {
|
|
72
|
+
'Authorization': `Bearer ${this.accessToken}`,
|
|
73
|
+
},
|
|
74
|
+
});
|
|
75
|
+
if (!response.ok) {
|
|
76
|
+
const errorBody = await response.text();
|
|
77
|
+
throw new Error(`Failed to list Azure Entra apps: ${response.status} ${errorBody}`);
|
|
78
|
+
}
|
|
79
|
+
const data = await response.json();
|
|
80
|
+
return (data.value ?? []).map((app) => ({
|
|
81
|
+
id: app.id,
|
|
82
|
+
name: app.displayName,
|
|
83
|
+
createdAt: new Date(app.createdDateTime),
|
|
84
|
+
status: 'active',
|
|
85
|
+
}));
|
|
86
|
+
}
|
|
87
|
+
async rotate(existingKeyId, request) {
|
|
88
|
+
const newCredential = await this.provision(request);
|
|
89
|
+
return {
|
|
90
|
+
newCredential,
|
|
91
|
+
oldKeyId: existingKeyId,
|
|
92
|
+
recommendedRevocationDelay: 120, // 2 minutes for Azure AD propagation
|
|
93
|
+
};
|
|
94
|
+
}
|
|
95
|
+
async revoke(keyId) {
|
|
96
|
+
this.ensureInitialized();
|
|
97
|
+
if (this.auth?.type !== 'oauth2') {
|
|
98
|
+
return { success: false, error: 'Azure Entra provider requires oauth2 authentication' };
|
|
99
|
+
}
|
|
100
|
+
const tenantId = this.auth.tenantId;
|
|
101
|
+
if (!tenantId) {
|
|
102
|
+
return { success: false, error: 'tenantId is required for Azure Entra operations' };
|
|
103
|
+
}
|
|
104
|
+
try {
|
|
105
|
+
await this.ensureAccessToken(tenantId);
|
|
106
|
+
// keyId format: "applicationId:keyId"
|
|
107
|
+
const parts = keyId.split(':');
|
|
108
|
+
if (parts.length !== 2) {
|
|
109
|
+
return { success: false, error: 'keyId must be in format "applicationId:keyId"' };
|
|
110
|
+
}
|
|
111
|
+
const [applicationId, passwordKeyId] = parts;
|
|
112
|
+
const response = await fetch(`${GRAPH_URL}/applications/${applicationId}/removePassword`, {
|
|
113
|
+
method: 'POST',
|
|
114
|
+
headers: {
|
|
115
|
+
'Authorization': `Bearer ${this.accessToken}`,
|
|
116
|
+
'Content-Type': 'application/json',
|
|
117
|
+
},
|
|
118
|
+
body: JSON.stringify({ keyId: passwordKeyId }),
|
|
119
|
+
});
|
|
120
|
+
if (!response.ok) {
|
|
121
|
+
const errorBody = await response.text();
|
|
122
|
+
return { success: false, error: `Failed to revoke: ${response.status} ${errorBody}` };
|
|
123
|
+
}
|
|
124
|
+
return { success: true };
|
|
125
|
+
}
|
|
126
|
+
catch (err) {
|
|
127
|
+
const message = err instanceof Error ? err.message : String(err);
|
|
128
|
+
return { success: false, error: message };
|
|
129
|
+
}
|
|
130
|
+
}
|
|
131
|
+
async validateAuth() {
|
|
132
|
+
this.ensureInitialized();
|
|
133
|
+
if (this.auth?.type !== 'oauth2') {
|
|
134
|
+
return { valid: false, error: 'Azure Entra provider requires oauth2 authentication' };
|
|
135
|
+
}
|
|
136
|
+
try {
|
|
137
|
+
const tenantId = this.auth.tenantId;
|
|
138
|
+
if (!tenantId) {
|
|
139
|
+
return { valid: false, error: 'tenantId is required for Azure Entra operations' };
|
|
140
|
+
}
|
|
141
|
+
await this.ensureAccessToken(tenantId);
|
|
142
|
+
return { valid: true };
|
|
143
|
+
}
|
|
144
|
+
catch (err) {
|
|
145
|
+
const message = err instanceof Error ? err.message : String(err);
|
|
146
|
+
return { valid: false, error: message };
|
|
147
|
+
}
|
|
148
|
+
}
|
|
149
|
+
async ensureAccessToken(tenantId) {
|
|
150
|
+
if (this.accessToken)
|
|
151
|
+
return;
|
|
152
|
+
const auth = this.auth;
|
|
153
|
+
const tokenUrl = `https://login.microsoftonline.com/${tenantId}/oauth2/v2.0/token`;
|
|
154
|
+
const response = await fetch(tokenUrl, {
|
|
155
|
+
method: 'POST',
|
|
156
|
+
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
|
|
157
|
+
body: new URLSearchParams({
|
|
158
|
+
grant_type: 'client_credentials',
|
|
159
|
+
client_id: auth.clientId,
|
|
160
|
+
client_secret: auth.clientSecret,
|
|
161
|
+
scope: 'https://graph.microsoft.com/.default',
|
|
162
|
+
}).toString(),
|
|
163
|
+
});
|
|
164
|
+
if (!response.ok) {
|
|
165
|
+
const error = await response.text();
|
|
166
|
+
throw new Error(`Failed to obtain Azure Entra access token: ${response.status} ${error}`);
|
|
167
|
+
}
|
|
168
|
+
const data = await response.json();
|
|
169
|
+
this.accessToken = data.access_token;
|
|
170
|
+
}
|
|
171
|
+
async createAppAndSecret(request, config) {
|
|
172
|
+
if (!config.displayName) {
|
|
173
|
+
return {
|
|
174
|
+
success: false,
|
|
175
|
+
error: {
|
|
176
|
+
code: 'MISSING_DISPLAY_NAME',
|
|
177
|
+
message: 'displayName is required for create-app mode',
|
|
178
|
+
},
|
|
179
|
+
};
|
|
180
|
+
}
|
|
181
|
+
// Step 1: Create the application registration
|
|
182
|
+
const appResponse = await fetch(`${GRAPH_URL}/applications`, {
|
|
183
|
+
method: 'POST',
|
|
184
|
+
headers: {
|
|
185
|
+
'Authorization': `Bearer ${this.accessToken}`,
|
|
186
|
+
'Content-Type': 'application/json',
|
|
187
|
+
},
|
|
188
|
+
body: JSON.stringify({
|
|
189
|
+
displayName: config.displayName,
|
|
190
|
+
}),
|
|
191
|
+
});
|
|
192
|
+
if (!appResponse.ok) {
|
|
193
|
+
const errorBody = await appResponse.json().catch(() => ({}));
|
|
194
|
+
return {
|
|
195
|
+
success: false,
|
|
196
|
+
error: {
|
|
197
|
+
code: `AZURE_${errorBody.error?.code ?? appResponse.status}`,
|
|
198
|
+
message: errorBody.error?.message ?? `HTTP ${appResponse.status}`,
|
|
199
|
+
details: errorBody,
|
|
200
|
+
},
|
|
201
|
+
};
|
|
202
|
+
}
|
|
203
|
+
const app = await appResponse.json();
|
|
204
|
+
// Step 2: Add a client secret to the new application
|
|
205
|
+
return this.addPasswordToApplication(request, config, app.id, app.appId);
|
|
206
|
+
}
|
|
207
|
+
async addSecretToApp(request, config) {
|
|
208
|
+
if (!config.applicationId) {
|
|
209
|
+
return {
|
|
210
|
+
success: false,
|
|
211
|
+
error: {
|
|
212
|
+
code: 'MISSING_APPLICATION_ID',
|
|
213
|
+
message: 'applicationId is required for add-secret mode',
|
|
214
|
+
},
|
|
215
|
+
};
|
|
216
|
+
}
|
|
217
|
+
// Get the app's client ID
|
|
218
|
+
const appResponse = await fetch(`${GRAPH_URL}/applications/${config.applicationId}?$select=appId`, {
|
|
219
|
+
headers: {
|
|
220
|
+
'Authorization': `Bearer ${this.accessToken}`,
|
|
221
|
+
},
|
|
222
|
+
});
|
|
223
|
+
if (!appResponse.ok) {
|
|
224
|
+
const errorBody = await appResponse.json().catch(() => ({}));
|
|
225
|
+
return {
|
|
226
|
+
success: false,
|
|
227
|
+
error: {
|
|
228
|
+
code: `AZURE_${errorBody.error?.code ?? appResponse.status}`,
|
|
229
|
+
message: errorBody.error?.message ?? `HTTP ${appResponse.status}`,
|
|
230
|
+
details: errorBody,
|
|
231
|
+
},
|
|
232
|
+
};
|
|
233
|
+
}
|
|
234
|
+
const app = await appResponse.json();
|
|
235
|
+
return this.addPasswordToApplication(request, config, config.applicationId, app.appId);
|
|
236
|
+
}
|
|
237
|
+
async addPasswordToApplication(request, config, applicationObjectId, applicationClientId) {
|
|
238
|
+
const expiryDays = config.secretExpiryDays ?? 365;
|
|
239
|
+
const endDateTime = new Date();
|
|
240
|
+
endDateTime.setDate(endDateTime.getDate() + expiryDays);
|
|
241
|
+
const response = await fetch(`${GRAPH_URL}/applications/${applicationObjectId}/addPassword`, {
|
|
242
|
+
method: 'POST',
|
|
243
|
+
headers: {
|
|
244
|
+
'Authorization': `Bearer ${this.accessToken}`,
|
|
245
|
+
'Content-Type': 'application/json',
|
|
246
|
+
},
|
|
247
|
+
body: JSON.stringify({
|
|
248
|
+
passwordCredential: {
|
|
249
|
+
displayName: request.name,
|
|
250
|
+
endDateTime: endDateTime.toISOString(),
|
|
251
|
+
},
|
|
252
|
+
}),
|
|
253
|
+
});
|
|
254
|
+
if (!response.ok) {
|
|
255
|
+
const errorBody = await response.json().catch(() => ({}));
|
|
256
|
+
return {
|
|
257
|
+
success: false,
|
|
258
|
+
error: {
|
|
259
|
+
code: `AZURE_${errorBody.error?.code ?? response.status}`,
|
|
260
|
+
message: errorBody.error?.message ?? `HTTP ${response.status}`,
|
|
261
|
+
details: errorBody,
|
|
262
|
+
},
|
|
263
|
+
};
|
|
264
|
+
}
|
|
265
|
+
const secret = await response.json();
|
|
266
|
+
const now = new Date().toISOString();
|
|
267
|
+
const permissions = request.permissions;
|
|
268
|
+
const hasElevated = (permissions?.graphPermissions?.length ?? 0) > 5 ||
|
|
269
|
+
(permissions?.rbacRoles?.length ?? 0) > 0;
|
|
270
|
+
return {
|
|
271
|
+
success: true,
|
|
272
|
+
credentialValue: secret.secretText,
|
|
273
|
+
providerKeyId: `${applicationObjectId}:${secret.keyId}`,
|
|
274
|
+
metadata: {
|
|
275
|
+
applicationObjectId,
|
|
276
|
+
applicationClientId,
|
|
277
|
+
tenantId: config.tenantId,
|
|
278
|
+
keyId: secret.keyId,
|
|
279
|
+
displayName: secret.displayName,
|
|
280
|
+
hint: secret.hint,
|
|
281
|
+
mode: config.mode,
|
|
282
|
+
},
|
|
283
|
+
expiresAt: new Date(secret.endDateTime),
|
|
284
|
+
passportInput: {
|
|
285
|
+
name: request.name,
|
|
286
|
+
credentialType: 'secret',
|
|
287
|
+
credentialValue: secret.secretText,
|
|
288
|
+
visaType: this.mapToVisaType('azure-entra', hasElevated),
|
|
289
|
+
issuingAuthority: 'Azure Entra',
|
|
290
|
+
platforms: [this.mapToPlatform('azure-entra')],
|
|
291
|
+
scope: permissions?.graphPermissions ?? ['User.Read'],
|
|
292
|
+
validFrom: secret.startDateTime ?? now,
|
|
293
|
+
validUntil: secret.endDateTime,
|
|
294
|
+
humanOwner: request.humanOwner,
|
|
295
|
+
agentId: request.agentId,
|
|
296
|
+
delegationChain: request.delegationChain ?? [
|
|
297
|
+
{
|
|
298
|
+
from: request.humanOwner,
|
|
299
|
+
to: request.agentId ?? request.name,
|
|
300
|
+
grantedAt: now,
|
|
301
|
+
scope: permissions?.graphPermissions ?? ['User.Read'],
|
|
302
|
+
expiresAt: secret.endDateTime,
|
|
303
|
+
notes: `Provisioned via Azure Entra (tenant: ${config.tenantId}, app: ${applicationClientId})`,
|
|
304
|
+
},
|
|
305
|
+
],
|
|
306
|
+
tags: [...(request.tags ?? []), 'provisioned', 'azure-entra', config.mode],
|
|
307
|
+
notes: request.notes ?? `Azure Entra client secret for app ${applicationClientId} (tenant: ${config.tenantId})`,
|
|
308
|
+
},
|
|
309
|
+
};
|
|
310
|
+
}
|
|
311
|
+
}
|
|
312
|
+
//# sourceMappingURL=azure-entra.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"azure-entra.js","sourceRoot":"","sources":["../../../src/provisioning/providers/azure-entra.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC;AA6C1D,MAAM,SAAS,GAAG,kCAAkC,CAAC;AAErD,MAAM,OAAO,kBAAmB,SAAQ,wBAAwB;IACrD,QAAQ,GAAyB,aAAa,CAAC;IAE/C,YAAY,GAAyB;QAC5C,SAAS,EAAE,IAAI;QACf,uBAAuB,EAAE,IAAI;QAC7B,SAAS,EAAE,IAAI;QACf,SAAS,EAAE,IAAI;QACf,OAAO,EAAE,IAAI;QACb,cAAc,EAAE,IAAI;QACpB,kBAAkB,EAAE,IAAI;KACzB,CAAC;IAEM,WAAW,CAAU;IAE7B,KAAK,CAAC,SAAS,CAAC,OAA4B;QAC1C,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAEzB,MAAM,MAAM,GAAG,OAAO,CAAC,MAA0B,CAAC;QAClD,IAAI,MAAM,CAAC,QAAQ,KAAK,aAAa,EAAE,CAAC;YACtC,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACL,IAAI,EAAE,gBAAgB;oBACtB,OAAO,EAAE,oCAAoC,MAAM,CAAC,QAAQ,EAAE;iBAC/D;aACF,CAAC;QACJ,CAAC;QAED,IAAI,IAAI,CAAC,IAAI,EAAE,IAAI,KAAK,QAAQ,EAAE,CAAC;YACjC,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACL,IAAI,EAAE,cAAc;oBACpB,OAAO,EAAE,0FAA0F;iBACpG;aACF,CAAC;QACJ,CAAC;QAED,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAE9C,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBACjC,OAAO,MAAM,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YACxD,CAAC;iBAAM,CAAC;gBACN,OAAO,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YACpD,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACL,IAAI,EAAE,qBAAqB;oBAC3B,OAAO,EAAE,oCAAoC,OAAO,EAAE;iBACvD;aACF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,IAAI;QACR,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAEzB,IAAI,IAAI,CAAC,IAAI,EAAE,IAAI,KAAK,QAAQ,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;QACzE,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC;QACpC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;QACrE,CAAC;QAED,MAAM,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;QAEvC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,SAAS,sDAAsD,EAAE;YAC/F,OAAO,EAAE;gBACP,eAAe,EAAE,UAAU,IAAI,CAAC,WAAW,EAAE;aAC9C;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CAAC,oCAAoC,QAAQ,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC,CAAC;QACtF,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAA2C,CAAC;QAC5E,OAAO,CAAC,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YACtC,EAAE,EAAE,GAAG,CAAC,EAAE;YACV,IAAI,EAAE,GAAG,CAAC,WAAW;YACrB,SAAS,EAAE,IAAI,IAAI,CAAC,GAAG,CAAC,eAAe,CAAC;YACxC,MAAM,EAAE,QAAQ;SACjB,CAAC,CAAC,CAAC;IACN,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,aAAqB,EAAE,OAA4B;QAC9D,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QAEpD,OAAO;YACL,aAAa;YACb,QAAQ,EAAE,aAAa;YACvB,0BAA0B,EAAE,GAAG,EAAE,qCAAqC;SACvE,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAAa;QACxB,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAEzB,IAAI,IAAI,CAAC,IAAI,EAAE,IAAI,KAAK,QAAQ,EAAE,CAAC;YACjC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,qDAAqD,EAAE,CAAC;QAC1F,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC;QACpC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,iDAAiD,EAAE,CAAC;QACtF,CAAC;QAED,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;YAEvC,sCAAsC;YACtC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACvB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,+CAA+C,EAAE,CAAC;YACpF,CAAC;YAED,MAAM,CAAC,aAAa,EAAE,aAAa,CAAC,GAAG,KAAK,CAAC;YAE7C,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,SAAS,iBAAiB,aAAa,iBAAiB,EAAE;gBACxF,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,eAAe,EAAE,UAAU,IAAI,CAAC,WAAW,EAAE;oBAC7C,cAAc,EAAE,kBAAkB;iBACnC;gBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,aAAa,EAAE,CAAC;aAC/C,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;gBACxC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,qBAAqB,QAAQ,CAAC,MAAM,IAAI,SAAS,EAAE,EAAE,CAAC;YACxF,CAAC;YAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC3B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;QAC5C,CAAC;IACH,CAAC;IAED,KAAK,CAAC,YAAY;QAChB,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAEzB,IAAI,IAAI,CAAC,IAAI,EAAE,IAAI,KAAK,QAAQ,EAAE,CAAC;YACjC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,qDAAqD,EAAE,CAAC;QACxF,CAAC;QAED,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC;YACpC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,iDAAiD,EAAE,CAAC;YACpF,CAAC;YAED,MAAM,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;YACvC,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QACzB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;QAC1C,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,iBAAiB,CAAC,QAAgB;QAC9C,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO;QAE7B,MAAM,IAAI,GAAG,IAAI,CAAC,IAAqF,CAAC;QACxG,MAAM,QAAQ,GAAG,qCAAqC,QAAQ,oBAAoB,CAAC;QAEnF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;YACrC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;YAChE,IAAI,EAAE,IAAI,eAAe,CAAC;gBACxB,UAAU,EAAE,oBAAoB;gBAChC,SAAS,EAAE,IAAI,CAAC,QAAQ;gBACxB,aAAa,EAAE,IAAI,CAAC,YAAY;gBAChC,KAAK,EAAE,sCAAsC;aAC9C,CAAC,CAAC,QAAQ,EAAE;SACd,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,8CAA8C,QAAQ,CAAC,MAAM,IAAI,KAAK,EAAE,CAAC,CAAC;QAC5F,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAA8B,CAAC;QAC/D,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,YAAY,CAAC;IACvC,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAC9B,OAA4B,EAC5B,MAAwB;QAExB,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YACxB,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACL,IAAI,EAAE,sBAAsB;oBAC5B,OAAO,EAAE,6CAA6C;iBACvD;aACF,CAAC;QACJ,CAAC;QAED,8CAA8C;QAC9C,MAAM,WAAW,GAAG,MAAM,KAAK,CAAC,GAAG,SAAS,eAAe,EAAE;YAC3D,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,eAAe,EAAE,UAAU,IAAI,CAAC,WAAW,EAAE;gBAC7C,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,WAAW,EAAE,MAAM,CAAC,WAAW;aAChC,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,CAAC;YACpB,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAuB,CAAC;YACnF,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACL,IAAI,EAAE,SAAS,SAAS,CAAC,KAAK,EAAE,IAAI,IAAI,WAAW,CAAC,MAAM,EAAE;oBAC5D,OAAO,EAAE,SAAS,CAAC,KAAK,EAAE,OAAO,IAAI,QAAQ,WAAW,CAAC,MAAM,EAAE;oBACjE,OAAO,EAAE,SAAS;iBACnB;aACF,CAAC;QACJ,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,IAAI,EAA8B,CAAC;QAEjE,qDAAqD;QACrD,OAAO,IAAI,CAAC,wBAAwB,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC;IAC3E,CAAC;IAEO,KAAK,CAAC,cAAc,CAC1B,OAA4B,EAC5B,MAAwB;QAExB,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;YAC1B,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACL,IAAI,EAAE,wBAAwB;oBAC9B,OAAO,EAAE,+CAA+C;iBACzD;aACF,CAAC;QACJ,CAAC;QAED,0BAA0B;QAC1B,MAAM,WAAW,GAAG,MAAM,KAAK,CAAC,GAAG,SAAS,iBAAiB,MAAM,CAAC,aAAa,gBAAgB,EAAE;YACjG,OAAO,EAAE;gBACP,eAAe,EAAE,UAAU,IAAI,CAAC,WAAW,EAAE;aAC9C;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,CAAC;YACpB,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAuB,CAAC;YACnF,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACL,IAAI,EAAE,SAAS,SAAS,CAAC,KAAK,EAAE,IAAI,IAAI,WAAW,CAAC,MAAM,EAAE;oBAC5D,OAAO,EAAE,SAAS,CAAC,KAAK,EAAE,OAAO,IAAI,QAAQ,WAAW,CAAC,MAAM,EAAE;oBACjE,OAAO,EAAE,SAAS;iBACnB;aACF,CAAC;QACJ,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,IAAI,EAAuB,CAAC;QAC1D,OAAO,IAAI,CAAC,wBAAwB,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,aAAa,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC;IACzF,CAAC;IAEO,KAAK,CAAC,wBAAwB,CACpC,OAA4B,EAC5B,MAAwB,EACxB,mBAA2B,EAC3B,mBAA2B;QAE3B,MAAM,UAAU,GAAG,MAAM,CAAC,gBAAgB,IAAI,GAAG,CAAC;QAClD,MAAM,WAAW,GAAG,IAAI,IAAI,EAAE,CAAC;QAC/B,WAAW,CAAC,OAAO,CAAC,WAAW,CAAC,OAAO,EAAE,GAAG,UAAU,CAAC,CAAC;QAExD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,SAAS,iBAAiB,mBAAmB,cAAc,EAAE;YAC3F,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,eAAe,EAAE,UAAU,IAAI,CAAC,WAAW,EAAE;gBAC7C,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,kBAAkB,EAAE;oBAClB,WAAW,EAAE,OAAO,CAAC,IAAI;oBACzB,WAAW,EAAE,WAAW,CAAC,WAAW,EAAE;iBACvC;aACF,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAuB,CAAC;YAChF,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACL,IAAI,EAAE,SAAS,SAAS,CAAC,KAAK,EAAE,IAAI,IAAI,QAAQ,CAAC,MAAM,EAAE;oBACzD,OAAO,EAAE,SAAS,CAAC,KAAK,EAAE,OAAO,IAAI,QAAQ,QAAQ,CAAC,MAAM,EAAE;oBAC9D,OAAO,EAAE,SAAS;iBACnB;aACF,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAA6B,CAAC;QAChE,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACrC,MAAM,WAAW,GAAG,OAAO,CAAC,WAAgD,CAAC;QAC7E,MAAM,WAAW,GAAG,CAAC,WAAW,EAAE,gBAAgB,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,CAAC;YAClE,CAAC,WAAW,EAAE,SAAS,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QAE5C,OAAO;YACL,OAAO,EAAE,IAAI;YACb,eAAe,EAAE,MAAM,CAAC,UAAU;YAClC,aAAa,EAAE,GAAG,mBAAmB,IAAI,MAAM,CAAC,KAAK,EAAE;YACvD,QAAQ,EAAE;gBACR,mBAAmB;gBACnB,mBAAmB;gBACnB,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,KAAK,EAAE,MAAM,CAAC,KAAK;gBACnB,WAAW,EAAE,MAAM,CAAC,WAAW;gBAC/B,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,IAAI,EAAE,MAAM,CAAC,IAAI;aAClB;YACD,SAAS,EAAE,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC;YACvC,aAAa,EAAE;gBACb,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,cAAc,EAAE,QAAQ;gBACxB,eAAe,EAAE,MAAM,CAAC,UAAU;gBAClC,QAAQ,EAAE,IAAI,CAAC,aAAa,CAAC,aAAa,EAAE,WAAW,CAAC;gBACxD,gBAAgB,EAAE,aAAa;gBAC/B,SAAS,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC;gBAC9C,KAAK,EAAE,WAAW,EAAE,gBAAgB,IAAI,CAAC,WAAW,CAAC;gBACrD,SAAS,EAAE,MAAM,CAAC,aAAa,IAAI,GAAG;gBACtC,UAAU,EAAE,MAAM,CAAC,WAAW;gBAC9B,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,eAAe,EAAE,OAAO,CAAC,eAAe,IAAI;oBAC1C;wBACE,IAAI,EAAE,OAAO,CAAC,UAAU;wBACxB,EAAE,EAAE,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,IAAI;wBACnC,SAAS,EAAE,GAAG;wBACd,KAAK,EAAE,WAAW,EAAE,gBAAgB,IAAI,CAAC,WAAW,CAAC;wBACrD,SAAS,EAAE,MAAM,CAAC,WAAW;wBAC7B,KAAK,EAAE,wCAAwC,MAAM,CAAC,QAAQ,UAAU,mBAAmB,GAAG;qBAC/F;iBACF;gBACD,IAAI,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,EAAE,CAAC,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,CAAC,IAAI,CAAC;gBAC1E,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,qCAAqC,mBAAmB,aAAa,MAAM,CAAC,QAAQ,GAAG;aAChH;SACF,CAAC;IACJ,CAAC;CACF"}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* GitHub Provisioning Provider
|
|
3
|
+
* Creates installation access tokens via the GitHub App API.
|
|
4
|
+
* Requires a GitHub App private key for JWT-based authentication.
|
|
5
|
+
*/
|
|
6
|
+
import { BaseProvisioningProvider } from '../provider.js';
|
|
7
|
+
import { ProvisioningProvider, ProviderCapabilities, ProvisioningRequest, ProvisioningResult, RotationResult } from '../types.js';
|
|
8
|
+
export declare class GitHubProvider extends BaseProvisioningProvider {
|
|
9
|
+
readonly provider: ProvisioningProvider;
|
|
10
|
+
readonly capabilities: ProviderCapabilities;
|
|
11
|
+
provision(request: ProvisioningRequest): Promise<ProvisioningResult>;
|
|
12
|
+
rotate(existingKeyId: string, request: ProvisioningRequest): Promise<RotationResult>;
|
|
13
|
+
validateAuth(): Promise<{
|
|
14
|
+
valid: boolean;
|
|
15
|
+
error?: string;
|
|
16
|
+
}>;
|
|
17
|
+
/**
|
|
18
|
+
* Create a JWT for GitHub App authentication.
|
|
19
|
+
* The JWT is signed with the App's private key and is valid for 10 minutes.
|
|
20
|
+
*/
|
|
21
|
+
private createAppJWT;
|
|
22
|
+
private createInstallationToken;
|
|
23
|
+
}
|
|
24
|
+
//# sourceMappingURL=github.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"github.d.ts","sourceRoot":"","sources":["../../../src/provisioning/providers/github.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC;AAC1D,OAAO,EACL,oBAAoB,EACpB,oBAAoB,EACpB,mBAAmB,EACnB,kBAAkB,EAClB,cAAc,EAGf,MAAM,aAAa,CAAC;AAuBrB,qBAAa,cAAe,SAAQ,wBAAwB;IAC1D,QAAQ,CAAC,QAAQ,EAAE,oBAAoB,CAAY;IAEnD,QAAQ,CAAC,YAAY,EAAE,oBAAoB,CAQzC;IAEI,SAAS,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAuCpE,MAAM,CAAC,aAAa,EAAE,MAAM,EAAE,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,cAAc,CAAC;IAWpF,YAAY,IAAI,OAAO,CAAC;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IA6BjE;;;OAGG;YACW,YAAY;YAkCZ,uBAAuB;CAyFtC"}
|
|
@@ -0,0 +1,219 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* GitHub Provisioning Provider
|
|
3
|
+
* Creates installation access tokens via the GitHub App API.
|
|
4
|
+
* Requires a GitHub App private key for JWT-based authentication.
|
|
5
|
+
*/
|
|
6
|
+
import { BaseProvisioningProvider } from '../provider.js';
|
|
7
|
+
const GITHUB_API_URL = 'https://api.github.com';
|
|
8
|
+
export class GitHubProvider extends BaseProvisioningProvider {
|
|
9
|
+
provider = 'github';
|
|
10
|
+
capabilities = {
|
|
11
|
+
canCreate: true,
|
|
12
|
+
canConfigurePermissions: true,
|
|
13
|
+
canRotate: true,
|
|
14
|
+
canRevoke: false, // Installation tokens expire naturally, no revocation API
|
|
15
|
+
canList: false, // No API to list installation tokens
|
|
16
|
+
supportsExpiry: true, // Tokens expire in 1 hour
|
|
17
|
+
supportsScopedKeys: true, // Fine-grained permissions
|
|
18
|
+
};
|
|
19
|
+
async provision(request) {
|
|
20
|
+
this.ensureInitialized();
|
|
21
|
+
const config = request.config;
|
|
22
|
+
if (config.provider !== 'github') {
|
|
23
|
+
return {
|
|
24
|
+
success: false,
|
|
25
|
+
error: {
|
|
26
|
+
code: 'INVALID_CONFIG',
|
|
27
|
+
message: `Expected github config, got ${config.provider}`,
|
|
28
|
+
},
|
|
29
|
+
};
|
|
30
|
+
}
|
|
31
|
+
if (this.auth?.type !== 'jwt') {
|
|
32
|
+
return {
|
|
33
|
+
success: false,
|
|
34
|
+
error: {
|
|
35
|
+
code: 'INVALID_AUTH',
|
|
36
|
+
message: 'GitHub provider requires jwt authentication (App private key + App ID)',
|
|
37
|
+
},
|
|
38
|
+
};
|
|
39
|
+
}
|
|
40
|
+
try {
|
|
41
|
+
const jwt = await this.createAppJWT();
|
|
42
|
+
return await this.createInstallationToken(request, config, jwt);
|
|
43
|
+
}
|
|
44
|
+
catch (err) {
|
|
45
|
+
const message = err instanceof Error ? err.message : String(err);
|
|
46
|
+
return {
|
|
47
|
+
success: false,
|
|
48
|
+
error: {
|
|
49
|
+
code: 'PROVISIONING_FAILED',
|
|
50
|
+
message: `GitHub provisioning failed: ${message}`,
|
|
51
|
+
},
|
|
52
|
+
};
|
|
53
|
+
}
|
|
54
|
+
}
|
|
55
|
+
async rotate(existingKeyId, request) {
|
|
56
|
+
// GitHub installation tokens can't be revoked, just create a new one
|
|
57
|
+
const newCredential = await this.provision(request);
|
|
58
|
+
return {
|
|
59
|
+
newCredential,
|
|
60
|
+
oldKeyId: existingKeyId,
|
|
61
|
+
recommendedRevocationDelay: 0, // Old token will expire naturally within 1 hour
|
|
62
|
+
};
|
|
63
|
+
}
|
|
64
|
+
async validateAuth() {
|
|
65
|
+
this.ensureInitialized();
|
|
66
|
+
if (this.auth?.type !== 'jwt') {
|
|
67
|
+
return { valid: false, error: 'GitHub provider requires jwt authentication' };
|
|
68
|
+
}
|
|
69
|
+
try {
|
|
70
|
+
const jwt = await this.createAppJWT();
|
|
71
|
+
const response = await fetch(`${GITHUB_API_URL}/app`, {
|
|
72
|
+
headers: {
|
|
73
|
+
'Authorization': `Bearer ${jwt}`,
|
|
74
|
+
'Accept': 'application/vnd.github+json',
|
|
75
|
+
'X-GitHub-Api-Version': '2022-11-28',
|
|
76
|
+
},
|
|
77
|
+
});
|
|
78
|
+
if (response.ok) {
|
|
79
|
+
return { valid: true };
|
|
80
|
+
}
|
|
81
|
+
return { valid: false, error: `Auth validation failed: ${response.status}` };
|
|
82
|
+
}
|
|
83
|
+
catch (err) {
|
|
84
|
+
const message = err instanceof Error ? err.message : String(err);
|
|
85
|
+
return { valid: false, error: message };
|
|
86
|
+
}
|
|
87
|
+
}
|
|
88
|
+
/**
|
|
89
|
+
* Create a JWT for GitHub App authentication.
|
|
90
|
+
* The JWT is signed with the App's private key and is valid for 10 minutes.
|
|
91
|
+
*/
|
|
92
|
+
async createAppJWT() {
|
|
93
|
+
const auth = this.auth;
|
|
94
|
+
const now = Math.floor(Date.now() / 1000);
|
|
95
|
+
const header = base64UrlEncode(JSON.stringify({ alg: 'RS256', typ: 'JWT' }));
|
|
96
|
+
const payload = base64UrlEncode(JSON.stringify({
|
|
97
|
+
iat: now - 60, // Issued 60 seconds in the past for clock drift
|
|
98
|
+
exp: now + 600, // Expires in 10 minutes (GitHub max)
|
|
99
|
+
iss: auth.appId,
|
|
100
|
+
}));
|
|
101
|
+
const signInput = `${header}.${payload}`;
|
|
102
|
+
// Import the PEM private key and sign
|
|
103
|
+
const pemKey = auth.privateKey;
|
|
104
|
+
const binaryDer = pemToArrayBuffer(pemKey);
|
|
105
|
+
const cryptoKey = await crypto.subtle.importKey('pkcs8', binaryDer, { name: 'RSASSA-PKCS1-v1_5', hash: 'SHA-256' }, false, ['sign']);
|
|
106
|
+
const signature = await crypto.subtle.sign('RSASSA-PKCS1-v1_5', cryptoKey, new TextEncoder().encode(signInput));
|
|
107
|
+
const sig = arrayBufferToBase64Url(signature);
|
|
108
|
+
return `${signInput}.${sig}`;
|
|
109
|
+
}
|
|
110
|
+
async createInstallationToken(request, config, jwt) {
|
|
111
|
+
const permissions = request.permissions;
|
|
112
|
+
const body = {};
|
|
113
|
+
// Scope to specific repositories if specified
|
|
114
|
+
if (config.repositoryIds?.length) {
|
|
115
|
+
body.repository_ids = config.repositoryIds;
|
|
116
|
+
}
|
|
117
|
+
else if (config.repositories?.length) {
|
|
118
|
+
body.repositories = config.repositories;
|
|
119
|
+
}
|
|
120
|
+
// Set fine-grained permissions
|
|
121
|
+
if (permissions?.permissions) {
|
|
122
|
+
body.permissions = permissions.permissions;
|
|
123
|
+
}
|
|
124
|
+
const url = `${GITHUB_API_URL}/app/installations/${config.installationId}/access_tokens`;
|
|
125
|
+
const response = await fetch(url, {
|
|
126
|
+
method: 'POST',
|
|
127
|
+
headers: {
|
|
128
|
+
'Authorization': `Bearer ${jwt}`,
|
|
129
|
+
'Accept': 'application/vnd.github+json',
|
|
130
|
+
'X-GitHub-Api-Version': '2022-11-28',
|
|
131
|
+
'Content-Type': 'application/json',
|
|
132
|
+
},
|
|
133
|
+
body: JSON.stringify(body),
|
|
134
|
+
});
|
|
135
|
+
if (!response.ok) {
|
|
136
|
+
const errorBody = await response.json().catch(() => ({}));
|
|
137
|
+
return {
|
|
138
|
+
success: false,
|
|
139
|
+
error: {
|
|
140
|
+
code: `GITHUB_${response.status}`,
|
|
141
|
+
message: errorBody.message ?? `HTTP ${response.status}`,
|
|
142
|
+
details: errorBody,
|
|
143
|
+
},
|
|
144
|
+
};
|
|
145
|
+
}
|
|
146
|
+
const data = await response.json();
|
|
147
|
+
const now = new Date().toISOString();
|
|
148
|
+
const expiresAt = new Date(data.expires_at);
|
|
149
|
+
const grantedPermissions = Object.keys(data.permissions ?? {});
|
|
150
|
+
return {
|
|
151
|
+
success: true,
|
|
152
|
+
credentialValue: data.token,
|
|
153
|
+
providerKeyId: `ghs_${config.installationId}_${Date.now()}`,
|
|
154
|
+
metadata: {
|
|
155
|
+
installationId: config.installationId,
|
|
156
|
+
permissions: data.permissions,
|
|
157
|
+
repositorySelection: data.repository_selection,
|
|
158
|
+
repositories: data.repositories?.map((r) => r.full_name),
|
|
159
|
+
},
|
|
160
|
+
expiresAt,
|
|
161
|
+
passportInput: {
|
|
162
|
+
name: request.name,
|
|
163
|
+
credentialType: 'jwt',
|
|
164
|
+
credentialValue: data.token,
|
|
165
|
+
visaType: this.mapToVisaType('github', false),
|
|
166
|
+
issuingAuthority: 'GitHub',
|
|
167
|
+
platforms: [this.mapToPlatform('github')],
|
|
168
|
+
scope: grantedPermissions.length > 0 ? grantedPermissions : ['metadata:read'],
|
|
169
|
+
validFrom: now,
|
|
170
|
+
validUntil: expiresAt.toISOString(),
|
|
171
|
+
humanOwner: request.humanOwner,
|
|
172
|
+
agentId: request.agentId,
|
|
173
|
+
delegationChain: request.delegationChain ?? [
|
|
174
|
+
{
|
|
175
|
+
from: request.humanOwner,
|
|
176
|
+
to: request.agentId ?? request.name,
|
|
177
|
+
grantedAt: now,
|
|
178
|
+
scope: grantedPermissions.length > 0 ? grantedPermissions : ['metadata:read'],
|
|
179
|
+
expiresAt: expiresAt.toISOString(),
|
|
180
|
+
notes: `Provisioned via GitHub App (installation: ${config.installationId})`,
|
|
181
|
+
},
|
|
182
|
+
],
|
|
183
|
+
tags: [...(request.tags ?? []), 'provisioned', 'github', 'installation-token'],
|
|
184
|
+
notes: request.notes ?? `GitHub installation access token (expires: ${expiresAt.toISOString()})`,
|
|
185
|
+
},
|
|
186
|
+
};
|
|
187
|
+
}
|
|
188
|
+
}
|
|
189
|
+
/**
|
|
190
|
+
* Convert a PEM-encoded key to an ArrayBuffer
|
|
191
|
+
*/
|
|
192
|
+
function pemToArrayBuffer(pem) {
|
|
193
|
+
const lines = pem.split('\n').filter((line) => !line.startsWith('-----'));
|
|
194
|
+
const base64 = lines.join('');
|
|
195
|
+
const binary = atob(base64);
|
|
196
|
+
const bytes = new Uint8Array(binary.length);
|
|
197
|
+
for (let i = 0; i < binary.length; i++) {
|
|
198
|
+
bytes[i] = binary.charCodeAt(i);
|
|
199
|
+
}
|
|
200
|
+
return bytes.buffer;
|
|
201
|
+
}
|
|
202
|
+
/**
|
|
203
|
+
* Base64url encode a string
|
|
204
|
+
*/
|
|
205
|
+
function base64UrlEncode(str) {
|
|
206
|
+
return btoa(str).replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
|
|
207
|
+
}
|
|
208
|
+
/**
|
|
209
|
+
* Convert an ArrayBuffer to base64url encoding
|
|
210
|
+
*/
|
|
211
|
+
function arrayBufferToBase64Url(buffer) {
|
|
212
|
+
const bytes = new Uint8Array(buffer);
|
|
213
|
+
let binary = '';
|
|
214
|
+
for (let i = 0; i < bytes.length; i++) {
|
|
215
|
+
binary += String.fromCharCode(bytes[i]);
|
|
216
|
+
}
|
|
217
|
+
return btoa(binary).replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
|
|
218
|
+
}
|
|
219
|
+
//# sourceMappingURL=github.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"github.js","sourceRoot":"","sources":["../../../src/provisioning/providers/github.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC;AA8B1D,MAAM,cAAc,GAAG,wBAAwB,CAAC;AAEhD,MAAM,OAAO,cAAe,SAAQ,wBAAwB;IACjD,QAAQ,GAAyB,QAAQ,CAAC;IAE1C,YAAY,GAAyB;QAC5C,SAAS,EAAE,IAAI;QACf,uBAAuB,EAAE,IAAI;QAC7B,SAAS,EAAE,IAAI;QACf,SAAS,EAAE,KAAK,EAAE,0DAA0D;QAC5E,OAAO,EAAE,KAAK,EAAI,qCAAqC;QACvD,cAAc,EAAE,IAAI,EAAG,0BAA0B;QACjD,kBAAkB,EAAE,IAAI,EAAE,2BAA2B;KACtD,CAAC;IAEF,KAAK,CAAC,SAAS,CAAC,OAA4B;QAC1C,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAEzB,MAAM,MAAM,GAAG,OAAO,CAAC,MAAsB,CAAC;QAC9C,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YACjC,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACL,IAAI,EAAE,gBAAgB;oBACtB,OAAO,EAAE,+BAA+B,MAAM,CAAC,QAAQ,EAAE;iBAC1D;aACF,CAAC;QACJ,CAAC;QAED,IAAI,IAAI,CAAC,IAAI,EAAE,IAAI,KAAK,KAAK,EAAE,CAAC;YAC9B,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACL,IAAI,EAAE,cAAc;oBACpB,OAAO,EAAE,wEAAwE;iBAClF;aACF,CAAC;QACJ,CAAC;QAED,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;YACtC,OAAO,MAAM,IAAI,CAAC,uBAAuB,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC;QAClE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACL,IAAI,EAAE,qBAAqB;oBAC3B,OAAO,EAAE,+BAA+B,OAAO,EAAE;iBAClD;aACF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,aAAqB,EAAE,OAA4B;QAC9D,qEAAqE;QACrE,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QAEpD,OAAO;YACL,aAAa;YACb,QAAQ,EAAE,aAAa;YACvB,0BAA0B,EAAE,CAAC,EAAE,gDAAgD;SAChF,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,YAAY;QAChB,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAEzB,IAAI,IAAI,CAAC,IAAI,EAAE,IAAI,KAAK,KAAK,EAAE,CAAC;YAC9B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,6CAA6C,EAAE,CAAC;QAChF,CAAC;QAED,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;YAEtC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,cAAc,MAAM,EAAE;gBACpD,OAAO,EAAE;oBACP,eAAe,EAAE,UAAU,GAAG,EAAE;oBAChC,QAAQ,EAAE,6BAA6B;oBACvC,sBAAsB,EAAE,YAAY;iBACrC;aACF,CAAC,CAAC;YAEH,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAChB,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;YACzB,CAAC;YAED,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,2BAA2B,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC;QAC/E,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;QAC1C,CAAC;IACH,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,YAAY;QACxB,MAAM,IAAI,GAAG,IAAI,CAAC,IAA0D,CAAC;QAC7E,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAE1C,MAAM,MAAM,GAAG,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;QAC7E,MAAM,OAAO,GAAG,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC;YAC7C,GAAG,EAAE,GAAG,GAAG,EAAE,EAAE,gDAAgD;YAC/D,GAAG,EAAE,GAAG,GAAG,GAAG,EAAE,qCAAqC;YACrD,GAAG,EAAE,IAAI,CAAC,KAAK;SAChB,CAAC,CAAC,CAAC;QAEJ,MAAM,SAAS,GAAG,GAAG,MAAM,IAAI,OAAO,EAAE,CAAC;QAEzC,sCAAsC;QACtC,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC;QAC/B,MAAM,SAAS,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAC;QAC3C,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC7C,OAAO,EACP,SAAS,EACT,EAAE,IAAI,EAAE,mBAAmB,EAAE,IAAI,EAAE,SAAS,EAAE,EAC9C,KAAK,EACL,CAAC,MAAM,CAAC,CACT,CAAC;QAEF,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CACxC,mBAAmB,EACnB,SAAS,EACT,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CACpC,CAAC;QAEF,MAAM,GAAG,GAAG,sBAAsB,CAAC,SAAS,CAAC,CAAC;QAC9C,OAAO,GAAG,SAAS,IAAI,GAAG,EAAE,CAAC;IAC/B,CAAC;IAEO,KAAK,CAAC,uBAAuB,CACnC,OAA4B,EAC5B,MAAoB,EACpB,GAAW;QAEX,MAAM,WAAW,GAAG,OAAO,CAAC,WAA4C,CAAC;QAEzE,MAAM,IAAI,GAA4B,EAAE,CAAC;QAEzC,8CAA8C;QAC9C,IAAI,MAAM,CAAC,aAAa,EAAE,MAAM,EAAE,CAAC;YACjC,IAAI,CAAC,cAAc,GAAG,MAAM,CAAC,aAAa,CAAC;QAC7C,CAAC;aAAM,IAAI,MAAM,CAAC,YAAY,EAAE,MAAM,EAAE,CAAC;YACvC,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,YAAY,CAAC;QAC1C,CAAC;QAED,+BAA+B;QAC/B,IAAI,WAAW,EAAE,WAAW,EAAE,CAAC;YAC7B,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC,WAAW,CAAC;QAC7C,CAAC;QAED,MAAM,GAAG,GAAG,GAAG,cAAc,sBAAsB,MAAM,CAAC,cAAc,gBAAgB,CAAC;QAEzF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,eAAe,EAAE,UAAU,GAAG,EAAE;gBAChC,QAAQ,EAAE,6BAA6B;gBACvC,sBAAsB,EAAE,YAAY;gBACpC,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;SAC3B,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAwB,CAAC;YACjF,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACL,IAAI,EAAE,UAAU,QAAQ,CAAC,MAAM,EAAE;oBACjC,OAAO,EAAE,SAAS,CAAC,OAAO,IAAI,QAAQ,QAAQ,CAAC,MAAM,EAAE;oBACvD,OAAO,EAAE,SAAS;iBACnB;aACF,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAyB,CAAC;QAC1D,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACrC,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC5C,MAAM,kBAAkB,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;QAE/D,OAAO;YACL,OAAO,EAAE,IAAI;YACb,eAAe,EAAE,IAAI,CAAC,KAAK;YAC3B,aAAa,EAAE,OAAO,MAAM,CAAC,cAAc,IAAI,IAAI,CAAC,GAAG,EAAE,EAAE;YAC3D,QAAQ,EAAE;gBACR,cAAc,EAAE,MAAM,CAAC,cAAc;gBACrC,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,mBAAmB,EAAE,IAAI,CAAC,oBAAoB;gBAC9C,YAAY,EAAE,IAAI,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;aACzD;YACD,SAAS;YACT,aAAa,EAAE;gBACb,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,cAAc,EAAE,KAAK;gBACrB,eAAe,EAAE,IAAI,CAAC,KAAK;gBAC3B,QAAQ,EAAE,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE,KAAK,CAAC;gBAC7C,gBAAgB,EAAE,QAAQ;gBAC1B,SAAS,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;gBACzC,KAAK,EAAE,kBAAkB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC;gBAC7E,SAAS,EAAE,GAAG;gBACd,UAAU,EAAE,SAAS,CAAC,WAAW,EAAE;gBACnC,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,eAAe,EAAE,OAAO,CAAC,eAAe,IAAI;oBAC1C;wBACE,IAAI,EAAE,OAAO,CAAC,UAAU;wBACxB,EAAE,EAAE,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,IAAI;wBACnC,SAAS,EAAE,GAAG;wBACd,KAAK,EAAE,kBAAkB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC;wBAC7E,SAAS,EAAE,SAAS,CAAC,WAAW,EAAE;wBAClC,KAAK,EAAE,6CAA6C,MAAM,CAAC,cAAc,GAAG;qBAC7E;iBACF;gBACD,IAAI,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,EAAE,CAAC,EAAE,aAAa,EAAE,QAAQ,EAAE,oBAAoB,CAAC;gBAC9E,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,8CAA8C,SAAS,CAAC,WAAW,EAAE,GAAG;aACjG;SACF,CAAC;IACJ,CAAC;CACF;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,GAAW;IACnC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC;IAC1E,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC9B,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5B,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,KAAK,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAClC,CAAC;IACD,OAAO,KAAK,CAAC,MAAqB,CAAC;AACrC,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,GAAW;IAClC,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AAC9E,CAAC;AAED;;GAEG;AACH,SAAS,sBAAsB,CAAC,MAAmB;IACjD,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;IACrC,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC;IAC3C,CAAC;IACD,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACjF,CAAC"}
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Google Cloud Provisioning Provider
|
|
3
|
+
* Creates API keys and service account keys via Google Cloud APIs.
|
|
4
|
+
* Supports OAuth2 client credentials and service account authentication.
|
|
5
|
+
*/
|
|
6
|
+
import { BaseProvisioningProvider } from '../provider.js';
|
|
7
|
+
import { ProvisioningProvider, ProviderCapabilities, ProvisioningRequest, ProvisioningResult, RotationResult } from '../types.js';
|
|
8
|
+
export declare class GoogleCloudProvider extends BaseProvisioningProvider {
|
|
9
|
+
readonly provider: ProvisioningProvider;
|
|
10
|
+
readonly capabilities: ProviderCapabilities;
|
|
11
|
+
private accessToken?;
|
|
12
|
+
provision(request: ProvisioningRequest): Promise<ProvisioningResult>;
|
|
13
|
+
list(): Promise<Array<{
|
|
14
|
+
id: string;
|
|
15
|
+
name: string;
|
|
16
|
+
createdAt: Date;
|
|
17
|
+
status: string;
|
|
18
|
+
}>>;
|
|
19
|
+
rotate(existingKeyId: string, request: ProvisioningRequest): Promise<RotationResult>;
|
|
20
|
+
revoke(keyId: string): Promise<{
|
|
21
|
+
success: boolean;
|
|
22
|
+
error?: string;
|
|
23
|
+
}>;
|
|
24
|
+
validateAuth(): Promise<{
|
|
25
|
+
valid: boolean;
|
|
26
|
+
error?: string;
|
|
27
|
+
}>;
|
|
28
|
+
private ensureAccessToken;
|
|
29
|
+
private getOAuth2Token;
|
|
30
|
+
private getServiceAccountToken;
|
|
31
|
+
private createApiKey;
|
|
32
|
+
private createServiceAccountKey;
|
|
33
|
+
}
|
|
34
|
+
//# sourceMappingURL=google-cloud.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"google-cloud.d.ts","sourceRoot":"","sources":["../../../src/provisioning/providers/google-cloud.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC;AAC1D,OAAO,EACL,oBAAoB,EACpB,oBAAoB,EACpB,mBAAmB,EACnB,kBAAkB,EAClB,cAAc,EAGf,MAAM,aAAa,CAAC;AAwCrB,qBAAa,mBAAoB,SAAQ,wBAAwB;IAC/D,QAAQ,CAAC,QAAQ,EAAE,oBAAoB,CAAkB;IAEzD,QAAQ,CAAC,YAAY,EAAE,oBAAoB,CAQzC;IAEF,OAAO,CAAC,WAAW,CAAC,CAAS;IAEvB,SAAS,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAkCpE,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,IAAI,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IA0BrF,MAAM,CAAC,aAAa,EAAE,MAAM,EAAE,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,cAAc,CAAC;IAUpF,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IA0BpE,YAAY,IAAI,OAAO,CAAC;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;YAYnD,iBAAiB;YAYjB,cAAc;YAuBd,sBAAsB;YAkDtB,YAAY;YAsFZ,uBAAuB;CAyFtC"}
|