@sebspark/gcp-iam 1.2.1 → 2.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/index.d.mts +2 -5
  2. package/dist/index.d.ts +2 -5
  3. package/dist/index.js +16 -20
  4. package/dist/index.mjs +16 -20
  5. package/package.json +8 -4
package/dist/index.d.mts CHANGED
@@ -1,5 +1,3 @@
1
- import { Logger } from 'winston';
2
-
3
1
  /**
4
2
  * Generate a system token for the API Gateway.
5
3
  * This is intended to be run under the context of the service account signing the JWT.
@@ -8,10 +6,9 @@ import { Logger } from 'winston';
8
6
  * @param logger An optional logger to use for logging.
9
7
  * @returns A JWT.
10
8
  */
11
- declare const getApiGatewayTokenByUrl: ({ apiURL, key, logger, }: {
9
+ declare const getApiGatewayTokenByUrl: ({ apiURL, key, }: {
12
10
  apiURL: string;
13
11
  key?: string;
14
- logger?: Logger;
15
12
  }) => Promise<string>;
16
13
  /**
17
14
  *
@@ -23,6 +20,6 @@ declare const clearCache: (key: string) => Promise<void>;
23
20
  * @param clientId OAUTH Client ID.
24
21
  * @returns ID Token.
25
22
  */
26
- declare const getApiGatewayTokenByClientId: (clientId: string, logger?: Logger) => Promise<string>;
23
+ declare const getApiGatewayTokenByClientId: (clientId: string) => Promise<string>;
27
24
 
28
25
  export { clearCache, getApiGatewayTokenByClientId, getApiGatewayTokenByUrl };
package/dist/index.d.ts CHANGED
@@ -1,5 +1,3 @@
1
- import { Logger } from 'winston';
2
-
3
1
  /**
4
2
  * Generate a system token for the API Gateway.
5
3
  * This is intended to be run under the context of the service account signing the JWT.
@@ -8,10 +6,9 @@ import { Logger } from 'winston';
8
6
  * @param logger An optional logger to use for logging.
9
7
  * @returns A JWT.
10
8
  */
11
- declare const getApiGatewayTokenByUrl: ({ apiURL, key, logger, }: {
9
+ declare const getApiGatewayTokenByUrl: ({ apiURL, key, }: {
12
10
  apiURL: string;
13
11
  key?: string;
14
- logger?: Logger;
15
12
  }) => Promise<string>;
16
13
  /**
17
14
  *
@@ -23,6 +20,6 @@ declare const clearCache: (key: string) => Promise<void>;
23
20
  * @param clientId OAUTH Client ID.
24
21
  * @returns ID Token.
25
22
  */
26
- declare const getApiGatewayTokenByClientId: (clientId: string, logger?: Logger) => Promise<string>;
23
+ declare const getApiGatewayTokenByClientId: (clientId: string) => Promise<string>;
27
24
 
28
25
  export { clearCache, getApiGatewayTokenByClientId, getApiGatewayTokenByUrl };
package/dist/index.js CHANGED
@@ -28,6 +28,7 @@ module.exports = __toCommonJS(index_exports);
28
28
 
29
29
  // src/apiGatewayToken.ts
30
30
  var import_iam_credentials = require("@google-cloud/iam-credentials");
31
+ var import_otel = require("@sebspark/otel");
31
32
  var import_google_auth_library = require("google-auth-library");
32
33
 
33
34
  // src/lruCache.ts
@@ -72,10 +73,10 @@ var LruCache = class {
72
73
  // src/apiGatewayToken.ts
73
74
  var expInSeconds = 60 * 60;
74
75
  var apiGatewayJwtCache = new LruCache();
76
+ var logger = (0, import_otel.getLogger)("gcp-iam");
75
77
  var generateTokenByUrl = async ({
76
78
  apiURL,
77
- key,
78
- logger
79
+ key
79
80
  }) => {
80
81
  try {
81
82
  const iamClient = new import_iam_credentials.IAMCredentialsClient();
@@ -85,7 +86,7 @@ var generateTokenByUrl = async ({
85
86
  if (!serviceAccountEmail) {
86
87
  throw new Error("No service account e-mail could be found.");
87
88
  }
88
- logger?.info(`Service account e-mail being used: ${serviceAccountEmail}`);
89
+ logger.info(`Service account e-mail being used: ${serviceAccountEmail}`);
89
90
  const header = {
90
91
  alg: "RS256",
91
92
  typ: "JWT"
@@ -113,7 +114,7 @@ var generateTokenByUrl = async ({
113
114
  "signBlob(...) returned an empty response. Cannot sign JWT."
114
115
  );
115
116
  }
116
- logger?.debug(
117
+ logger.debug(
117
118
  `New JWT for ${key || apiURL} created. Signed with ${response.keyId}.`
118
119
  );
119
120
  const signature = Buffer.from(response.signedBlob).toString("base64");
@@ -121,22 +122,20 @@ var generateTokenByUrl = async ({
121
122
  return signedJWT;
122
123
  } catch (error) {
123
124
  if (process.env.GCP_IAM_SOFT_FAIL === "true") {
124
- logger?.info("Soft fail enabled, returning empty JWT");
125
+ logger.info("Soft fail enabled, returning empty JWT");
125
126
  return "";
126
127
  }
127
- logger?.error("Error generating system JWT", error);
128
+ logger.error("Error generating system JWT", error);
128
129
  throw new Error(`Error generating system JWT: ${JSON.stringify(error)}`);
129
130
  }
130
131
  };
131
132
  var getApiGatewayTokenByUrl = async ({
132
133
  apiURL,
133
- key,
134
- logger
134
+ key
135
135
  }) => {
136
136
  return checkCache({
137
137
  cacheKey: key || apiURL,
138
- generate: () => generateTokenByUrl({ apiURL, key, logger }),
139
- logger
138
+ generate: () => generateTokenByUrl({ apiURL, key })
140
139
  });
141
140
  };
142
141
  var clearCache = async (key) => {
@@ -144,19 +143,18 @@ var clearCache = async (key) => {
144
143
  };
145
144
  var checkCache = ({
146
145
  cacheKey,
147
- generate,
148
- logger
146
+ generate
149
147
  }) => {
150
148
  const cachedJwt = apiGatewayJwtCache.get(cacheKey);
151
149
  if (cachedJwt) {
152
- logger?.debug(`JWT for ${cacheKey} found in cache.`);
150
+ logger.debug(`JWT for ${cacheKey} found in cache.`);
153
151
  return cachedJwt;
154
152
  }
155
153
  const jwtPromise = generate();
156
154
  apiGatewayJwtCache.put(cacheKey, jwtPromise, expInSeconds / 2 * 1e3);
157
155
  return jwtPromise;
158
156
  };
159
- var generateTokenByClientId = async (clientId, logger) => {
157
+ var generateTokenByClientId = async (clientId) => {
160
158
  try {
161
159
  const auth = new import_google_auth_library.GoogleAuth({
162
160
  scopes: "https://www.googleapis.com/auth/cloud-platform"
@@ -165,19 +163,17 @@ var generateTokenByClientId = async (clientId, logger) => {
165
163
  return await client.idTokenProvider.fetchIdToken(clientId);
166
164
  } catch (error) {
167
165
  if (process.env.GCP_IAM_SOFT_FAIL === "true") {
168
- logger?.info("Soft fail enabled, returning empty JWT.");
166
+ logger.info("Soft fail enabled, returning empty JWT.");
169
167
  return "";
170
168
  }
171
- logger?.error("Error generating system JWT", error);
172
- logger?.error(JSON.stringify(error, null, 2));
169
+ logger.error("Error generating system JWT", error);
173
170
  throw new Error(`Error generating system JWT: ${JSON.stringify(error)}`);
174
171
  }
175
172
  };
176
- var getApiGatewayTokenByClientId = async (clientId, logger) => {
173
+ var getApiGatewayTokenByClientId = async (clientId) => {
177
174
  return checkCache({
178
175
  cacheKey: clientId,
179
- generate: () => generateTokenByClientId(clientId),
180
- logger
176
+ generate: () => generateTokenByClientId(clientId)
181
177
  });
182
178
  };
183
179
  // Annotate the CommonJS export names for ESM import in node:
package/dist/index.mjs CHANGED
@@ -1,5 +1,6 @@
1
1
  // src/apiGatewayToken.ts
2
2
  import { IAMCredentialsClient } from "@google-cloud/iam-credentials";
3
+ import { getLogger } from "@sebspark/otel";
3
4
  import { GoogleAuth } from "google-auth-library";
4
5
 
5
6
  // src/lruCache.ts
@@ -44,10 +45,10 @@ var LruCache = class {
44
45
  // src/apiGatewayToken.ts
45
46
  var expInSeconds = 60 * 60;
46
47
  var apiGatewayJwtCache = new LruCache();
48
+ var logger = getLogger("gcp-iam");
47
49
  var generateTokenByUrl = async ({
48
50
  apiURL,
49
- key,
50
- logger
51
+ key
51
52
  }) => {
52
53
  try {
53
54
  const iamClient = new IAMCredentialsClient();
@@ -57,7 +58,7 @@ var generateTokenByUrl = async ({
57
58
  if (!serviceAccountEmail) {
58
59
  throw new Error("No service account e-mail could be found.");
59
60
  }
60
- logger?.info(`Service account e-mail being used: ${serviceAccountEmail}`);
61
+ logger.info(`Service account e-mail being used: ${serviceAccountEmail}`);
61
62
  const header = {
62
63
  alg: "RS256",
63
64
  typ: "JWT"
@@ -85,7 +86,7 @@ var generateTokenByUrl = async ({
85
86
  "signBlob(...) returned an empty response. Cannot sign JWT."
86
87
  );
87
88
  }
88
- logger?.debug(
89
+ logger.debug(
89
90
  `New JWT for ${key || apiURL} created. Signed with ${response.keyId}.`
90
91
  );
91
92
  const signature = Buffer.from(response.signedBlob).toString("base64");
@@ -93,22 +94,20 @@ var generateTokenByUrl = async ({
93
94
  return signedJWT;
94
95
  } catch (error) {
95
96
  if (process.env.GCP_IAM_SOFT_FAIL === "true") {
96
- logger?.info("Soft fail enabled, returning empty JWT");
97
+ logger.info("Soft fail enabled, returning empty JWT");
97
98
  return "";
98
99
  }
99
- logger?.error("Error generating system JWT", error);
100
+ logger.error("Error generating system JWT", error);
100
101
  throw new Error(`Error generating system JWT: ${JSON.stringify(error)}`);
101
102
  }
102
103
  };
103
104
  var getApiGatewayTokenByUrl = async ({
104
105
  apiURL,
105
- key,
106
- logger
106
+ key
107
107
  }) => {
108
108
  return checkCache({
109
109
  cacheKey: key || apiURL,
110
- generate: () => generateTokenByUrl({ apiURL, key, logger }),
111
- logger
110
+ generate: () => generateTokenByUrl({ apiURL, key })
112
111
  });
113
112
  };
114
113
  var clearCache = async (key) => {
@@ -116,19 +115,18 @@ var clearCache = async (key) => {
116
115
  };
117
116
  var checkCache = ({
118
117
  cacheKey,
119
- generate,
120
- logger
118
+ generate
121
119
  }) => {
122
120
  const cachedJwt = apiGatewayJwtCache.get(cacheKey);
123
121
  if (cachedJwt) {
124
- logger?.debug(`JWT for ${cacheKey} found in cache.`);
122
+ logger.debug(`JWT for ${cacheKey} found in cache.`);
125
123
  return cachedJwt;
126
124
  }
127
125
  const jwtPromise = generate();
128
126
  apiGatewayJwtCache.put(cacheKey, jwtPromise, expInSeconds / 2 * 1e3);
129
127
  return jwtPromise;
130
128
  };
131
- var generateTokenByClientId = async (clientId, logger) => {
129
+ var generateTokenByClientId = async (clientId) => {
132
130
  try {
133
131
  const auth = new GoogleAuth({
134
132
  scopes: "https://www.googleapis.com/auth/cloud-platform"
@@ -137,19 +135,17 @@ var generateTokenByClientId = async (clientId, logger) => {
137
135
  return await client.idTokenProvider.fetchIdToken(clientId);
138
136
  } catch (error) {
139
137
  if (process.env.GCP_IAM_SOFT_FAIL === "true") {
140
- logger?.info("Soft fail enabled, returning empty JWT.");
138
+ logger.info("Soft fail enabled, returning empty JWT.");
141
139
  return "";
142
140
  }
143
- logger?.error("Error generating system JWT", error);
144
- logger?.error(JSON.stringify(error, null, 2));
141
+ logger.error("Error generating system JWT", error);
145
142
  throw new Error(`Error generating system JWT: ${JSON.stringify(error)}`);
146
143
  }
147
144
  };
148
- var getApiGatewayTokenByClientId = async (clientId, logger) => {
145
+ var getApiGatewayTokenByClientId = async (clientId) => {
149
146
  return checkCache({
150
147
  cacheKey: clientId,
151
- generate: () => generateTokenByClientId(clientId),
152
- logger
148
+ generate: () => generateTokenByClientId(clientId)
153
149
  });
154
150
  };
155
151
  export {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sebspark/gcp-iam",
3
- "version": "1.2.1",
3
+ "version": "2.0.1",
4
4
  "license": "Apache-2.0",
5
5
  "main": "dist/index.js",
6
6
  "module": "dist/index.mjs",
@@ -16,10 +16,14 @@
16
16
  "typecheck": "vitest --typecheck.only --passWithNoTests"
17
17
  },
18
18
  "devDependencies": {
19
- "tsconfig": "*"
19
+ "@sebspark/otel": "*",
20
+ "@sebspark/tsconfig": "*"
20
21
  },
21
22
  "dependencies": {
22
- "@google-cloud/iam-credentials": "3.3.0",
23
- "google-auth-library": "9.15.1"
23
+ "@google-cloud/iam-credentials": "4.2.1",
24
+ "google-auth-library": "10.4.2"
25
+ },
26
+ "peerDependencies": {
27
+ "@sebspark/otel": ">=1.1.4"
24
28
  }
25
29
  }