@sebspark/gcp-iam 0.4.1 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.mts +13 -2
- package/dist/index.d.ts +13 -2
- package/dist/index.js +30 -4
- package/dist/index.mjs +27 -3
- package/package.json +1 -1
package/dist/index.d.mts
CHANGED
|
@@ -8,11 +8,22 @@ import { Logger } from 'winston';
|
|
|
8
8
|
* @param logger An optional logger to use for logging.
|
|
9
9
|
* @returns A JWT.
|
|
10
10
|
*/
|
|
11
|
-
declare const
|
|
11
|
+
declare const getApiGatewayTokenByUrl: ({ apiURL, key, ttl, logger, }: {
|
|
12
12
|
apiURL: string;
|
|
13
13
|
key?: string;
|
|
14
14
|
ttl?: number;
|
|
15
15
|
logger?: Logger;
|
|
16
16
|
}) => Promise<string>;
|
|
17
|
+
/**
|
|
18
|
+
*
|
|
19
|
+
* @param key Clears a cached JWT by key.
|
|
20
|
+
*/
|
|
21
|
+
declare const clearCache: (key: string) => Promise<void>;
|
|
22
|
+
/**
|
|
23
|
+
* Generates a JWT for the API Gateway, using Client ID as audience.
|
|
24
|
+
* @param clientId OAUTH Client ID.
|
|
25
|
+
* @returns ID Token.
|
|
26
|
+
*/
|
|
27
|
+
declare const getApiGatewayTokenByClientId: (clientId: string, logger?: Logger) => Promise<string>;
|
|
17
28
|
|
|
18
|
-
export {
|
|
29
|
+
export { clearCache, getApiGatewayTokenByClientId, getApiGatewayTokenByUrl };
|
package/dist/index.d.ts
CHANGED
|
@@ -8,11 +8,22 @@ import { Logger } from 'winston';
|
|
|
8
8
|
* @param logger An optional logger to use for logging.
|
|
9
9
|
* @returns A JWT.
|
|
10
10
|
*/
|
|
11
|
-
declare const
|
|
11
|
+
declare const getApiGatewayTokenByUrl: ({ apiURL, key, ttl, logger, }: {
|
|
12
12
|
apiURL: string;
|
|
13
13
|
key?: string;
|
|
14
14
|
ttl?: number;
|
|
15
15
|
logger?: Logger;
|
|
16
16
|
}) => Promise<string>;
|
|
17
|
+
/**
|
|
18
|
+
*
|
|
19
|
+
* @param key Clears a cached JWT by key.
|
|
20
|
+
*/
|
|
21
|
+
declare const clearCache: (key: string) => Promise<void>;
|
|
22
|
+
/**
|
|
23
|
+
* Generates a JWT for the API Gateway, using Client ID as audience.
|
|
24
|
+
* @param clientId OAUTH Client ID.
|
|
25
|
+
* @returns ID Token.
|
|
26
|
+
*/
|
|
27
|
+
declare const getApiGatewayTokenByClientId: (clientId: string, logger?: Logger) => Promise<string>;
|
|
17
28
|
|
|
18
|
-
export {
|
|
29
|
+
export { clearCache, getApiGatewayTokenByClientId, getApiGatewayTokenByUrl };
|
package/dist/index.js
CHANGED
|
@@ -20,7 +20,9 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
|
|
|
20
20
|
// src/index.ts
|
|
21
21
|
var index_exports = {};
|
|
22
22
|
__export(index_exports, {
|
|
23
|
-
|
|
23
|
+
clearCache: () => clearCache,
|
|
24
|
+
getApiGatewayTokenByClientId: () => getApiGatewayTokenByClientId,
|
|
25
|
+
getApiGatewayTokenByUrl: () => getApiGatewayTokenByUrl
|
|
24
26
|
});
|
|
25
27
|
module.exports = __toCommonJS(index_exports);
|
|
26
28
|
|
|
@@ -62,12 +64,15 @@ var LruCache = class {
|
|
|
62
64
|
ttl: ttl || this.defaultTTL
|
|
63
65
|
});
|
|
64
66
|
}
|
|
67
|
+
clear(key) {
|
|
68
|
+
this.values.delete(key);
|
|
69
|
+
}
|
|
65
70
|
};
|
|
66
71
|
|
|
67
72
|
// src/apiGatewayToken.ts
|
|
68
73
|
var expInSeconds = 60 * 60;
|
|
69
74
|
var apiGatewayJwtCache = new LruCache();
|
|
70
|
-
var
|
|
75
|
+
var getApiGatewayTokenByUrl = async ({
|
|
71
76
|
apiURL,
|
|
72
77
|
key,
|
|
73
78
|
ttl,
|
|
@@ -120,7 +125,26 @@ var getApiGatewayToken = async ({
|
|
|
120
125
|
return signedJWT;
|
|
121
126
|
} catch (error) {
|
|
122
127
|
if (process.env.GCP_IAM_SOFT_FAIL === "true") {
|
|
123
|
-
logger?.
|
|
128
|
+
logger?.info("Soft fail enabled, returning empty JWT");
|
|
129
|
+
return "";
|
|
130
|
+
}
|
|
131
|
+
logger?.error("Error generating system JWT", error);
|
|
132
|
+
throw new Error(`Error generating system JWT: ${JSON.stringify(error)}`);
|
|
133
|
+
}
|
|
134
|
+
};
|
|
135
|
+
var clearCache = async (key) => {
|
|
136
|
+
apiGatewayJwtCache.clear(key);
|
|
137
|
+
};
|
|
138
|
+
var getApiGatewayTokenByClientId = async (clientId, logger) => {
|
|
139
|
+
try {
|
|
140
|
+
const auth = new import_google_auth_library.GoogleAuth({
|
|
141
|
+
scopes: "https://www.googleapis.com/auth/cloud-platform"
|
|
142
|
+
});
|
|
143
|
+
const client = await auth.getIdTokenClient(clientId);
|
|
144
|
+
return await client.idTokenProvider.fetchIdToken(clientId);
|
|
145
|
+
} catch (error) {
|
|
146
|
+
if (process.env.GCP_IAM_SOFT_FAIL === "true") {
|
|
147
|
+
logger?.info("Soft fail enabled, returning empty JWT");
|
|
124
148
|
return "";
|
|
125
149
|
}
|
|
126
150
|
logger?.error("Error generating system JWT", error);
|
|
@@ -129,5 +153,7 @@ var getApiGatewayToken = async ({
|
|
|
129
153
|
};
|
|
130
154
|
// Annotate the CommonJS export names for ESM import in node:
|
|
131
155
|
0 && (module.exports = {
|
|
132
|
-
|
|
156
|
+
clearCache,
|
|
157
|
+
getApiGatewayTokenByClientId,
|
|
158
|
+
getApiGatewayTokenByUrl
|
|
133
159
|
});
|
package/dist/index.mjs
CHANGED
|
@@ -36,12 +36,15 @@ var LruCache = class {
|
|
|
36
36
|
ttl: ttl || this.defaultTTL
|
|
37
37
|
});
|
|
38
38
|
}
|
|
39
|
+
clear(key) {
|
|
40
|
+
this.values.delete(key);
|
|
41
|
+
}
|
|
39
42
|
};
|
|
40
43
|
|
|
41
44
|
// src/apiGatewayToken.ts
|
|
42
45
|
var expInSeconds = 60 * 60;
|
|
43
46
|
var apiGatewayJwtCache = new LruCache();
|
|
44
|
-
var
|
|
47
|
+
var getApiGatewayTokenByUrl = async ({
|
|
45
48
|
apiURL,
|
|
46
49
|
key,
|
|
47
50
|
ttl,
|
|
@@ -94,7 +97,26 @@ var getApiGatewayToken = async ({
|
|
|
94
97
|
return signedJWT;
|
|
95
98
|
} catch (error) {
|
|
96
99
|
if (process.env.GCP_IAM_SOFT_FAIL === "true") {
|
|
97
|
-
logger?.
|
|
100
|
+
logger?.info("Soft fail enabled, returning empty JWT");
|
|
101
|
+
return "";
|
|
102
|
+
}
|
|
103
|
+
logger?.error("Error generating system JWT", error);
|
|
104
|
+
throw new Error(`Error generating system JWT: ${JSON.stringify(error)}`);
|
|
105
|
+
}
|
|
106
|
+
};
|
|
107
|
+
var clearCache = async (key) => {
|
|
108
|
+
apiGatewayJwtCache.clear(key);
|
|
109
|
+
};
|
|
110
|
+
var getApiGatewayTokenByClientId = async (clientId, logger) => {
|
|
111
|
+
try {
|
|
112
|
+
const auth = new GoogleAuth({
|
|
113
|
+
scopes: "https://www.googleapis.com/auth/cloud-platform"
|
|
114
|
+
});
|
|
115
|
+
const client = await auth.getIdTokenClient(clientId);
|
|
116
|
+
return await client.idTokenProvider.fetchIdToken(clientId);
|
|
117
|
+
} catch (error) {
|
|
118
|
+
if (process.env.GCP_IAM_SOFT_FAIL === "true") {
|
|
119
|
+
logger?.info("Soft fail enabled, returning empty JWT");
|
|
98
120
|
return "";
|
|
99
121
|
}
|
|
100
122
|
logger?.error("Error generating system JWT", error);
|
|
@@ -102,5 +124,7 @@ var getApiGatewayToken = async ({
|
|
|
102
124
|
}
|
|
103
125
|
};
|
|
104
126
|
export {
|
|
105
|
-
|
|
127
|
+
clearCache,
|
|
128
|
+
getApiGatewayTokenByClientId,
|
|
129
|
+
getApiGatewayTokenByUrl
|
|
106
130
|
};
|