ibm-cloud-sdk-core 2.11.2 → 2.12.2

package/.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "package-lock.json|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2021-03-12T14:27:43Z",
+  "generated_at": "2021-08-05T20:39:19Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -25,6 +25,7 @@
       "name": "CloudantDetector"
     },
     {
+      "ghe_instance": "github.ibm.com",
       "name": "GheDetector"
     },
     {
@@ -69,7 +70,7 @@
         "hashed_secret": "91dfd9ddb4198affc5c194cd8ce6d338fde470e2",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 56,
+        "line_number": 57,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -77,7 +78,23 @@
         "hashed_secret": "47fcf185ee7e15fe05cae31fbe9e4ebe4a06a40d",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 121,
+        "line_number": 122,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "24c3d19b8d127fe8f7274108156a718ec56fc6e6",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 136,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "32e8612d8ca77c7ea8374aa7918db8e5df9252ed",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 171,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -97,7 +114,7 @@
         "hashed_secret": "32e8612d8ca77c7ea8374aa7918db8e5df9252ed",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 58,
+        "line_number": 59,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -107,7 +124,7 @@
         "hashed_secret": "d5ff02fa48e492fac0a245ad63d1ae608e705c05",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 68,
+        "line_number": 70,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -115,7 +132,7 @@
         "hashed_secret": "8f4bfc22c4fd7cb884f94ec175ff4a3284a174a1",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 69,
+        "line_number": 71,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -125,15 +142,17 @@
         "hashed_secret": "8f4bfc22c4fd7cb884f94ec175ff4a3284a174a1",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 86,
+        "line_number": 69,
         "type": "Secret Keyword",
         "verified_result": null
-      },
+      }
+    ],
+    "auth/authenticators/iam-request-based-authenticator.ts": [
       {
         "hashed_secret": "f84f793e0af9ade37c8b927bc5091e98f35bf821",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 88,
+        "line_number": 78,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -141,7 +160,7 @@
         "hashed_secret": "45c43fe97e3a06ab078b0eeff6fbe622cc417a25",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 103,
+        "line_number": 91,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -149,7 +168,17 @@
         "hashed_secret": "99833a8b234b57b886a9aef1dba187fdd7ceece8",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 105,
+        "line_number": 93,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "auth/token-managers/container-token-manager.ts": [
+      {
+        "hashed_secret": "184ee1f04a018aa3b897e085516a9b657fea0f6b",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 82,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -159,7 +188,7 @@
         "hashed_secret": "d5ff02fa48e492fac0a245ad63d1ae608e705c05",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 94,
+        "line_number": 97,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -167,7 +196,7 @@
         "hashed_secret": "8f4bfc22c4fd7cb884f94ec175ff4a3284a174a1",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 95,
+        "line_number": 98,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -175,7 +204,7 @@
         "hashed_secret": "45a15668db917c293f16e8add0f5d801889e5923",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 109,
+        "line_number": 112,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -183,57 +212,59 @@
         "hashed_secret": "65e622227634e8876cfa733000233fb80c6f0473",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 110,
+        "line_number": 113,
         "type": "Secret Keyword",
         "verified_result": null
       }
     ],
-    "auth/token-managers/iam-token-manager.ts": [
+    "auth/token-managers/iam-request-based-token-manager.ts": [
       {
-        "hashed_secret": "8f4bfc22c4fd7cb884f94ec175ff4a3284a174a1",
+        "hashed_secret": "f84f793e0af9ade37c8b927bc5091e98f35bf821",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 101,
+        "line_number": 81,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
-        "hashed_secret": "f84f793e0af9ade37c8b927bc5091e98f35bf821",
+        "hashed_secret": "45c43fe97e3a06ab078b0eeff6fbe622cc417a25",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 110,
+        "line_number": 118,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
-        "hashed_secret": "45c43fe97e3a06ab078b0eeff6fbe622cc417a25",
+        "hashed_secret": "99833a8b234b57b886a9aef1dba187fdd7ceece8",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 144,
+        "line_number": 120,
         "type": "Secret Keyword",
         "verified_result": null
-      },
+      }
+    ],
+    "auth/token-managers/iam-token-manager.ts": [
       {
-        "hashed_secret": "99833a8b234b57b886a9aef1dba187fdd7ceece8",
+        "hashed_secret": "8f4bfc22c4fd7cb884f94ec175ff4a3284a174a1",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 146,
+        "line_number": 60,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
-        "hashed_secret": "c563e15142a4d1ab66222756647ec74606793569",
+        "hashed_secret": "0358c67856fb6a21c4767daf02fcb8fe4dc0a318",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 202,
+        "line_number": 63,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
-        "hashed_secret": "65e622227634e8876cfa733000233fb80c6f0473",
+        "hashed_secret": "dbb19b8ae3b78f908e1467721fe4c9f0b0529d9b",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 203,
+        "line_number": 64,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -243,7 +274,7 @@
         "hashed_secret": "6947818ac409551f11fbaa78f0ea6391960aa5b8",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 49,
+        "line_number": 48,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -325,7 +356,17 @@
         "hashed_secret": "09f798553f7c035c2915bf8c59b46b6c285d2d84",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 6,
+        "line_number": 4,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "test/unit/container-authenticator.test.js": [
+      {
+        "hashed_secret": "5c5a15a8b0b3e154d77746945e563ba40100681b",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 19,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -335,7 +376,7 @@
         "hashed_secret": "85dd3fb12cb0dcae03f1bba6fb61f4edd90d986d",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 7,
+        "line_number": 5,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -343,7 +384,7 @@
         "hashed_secret": "0c910ad3070d996b37a1c65f542b17adc3f962bc",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 8,
+        "line_number": 6,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -353,7 +394,7 @@
         "hashed_secret": "1572bd30ac06678a82df42b5913e5e52e27f9a12",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 17,
+        "line_number": 15,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -361,7 +402,7 @@
         "hashed_secret": "16856d955c788df03735a24feb2e3ffefd91f3dc",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 18,
+        "line_number": 16,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -371,7 +412,7 @@
         "hashed_secret": "257368587362aab7f1180b4a5fe550ec26053e05",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 16,
+        "line_number": 14,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -379,7 +420,7 @@
         "hashed_secret": "5c5a15a8b0b3e154d77746945e563ba40100681b",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 19,
+        "line_number": 17,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -387,7 +428,7 @@
         "hashed_secret": "a3bf8418470bbb21ecdb24c28e38b446a3ab9b75",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 50,
+        "line_number": 48,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -395,7 +436,7 @@
         "hashed_secret": "2c208e466e476d4d8cbe055832f40f04e4d5dd23",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 55,
+        "line_number": 53,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -403,25 +444,37 @@
         "hashed_secret": "945db841c03e42eef2f3d0a4ff310e2f3b3e59ec",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 80,
+        "line_number": 77,
         "type": "Secret Keyword",
         "verified_result": null
       }
     ],
-    "test/unit/iam-token-manager.test.js": [
+    "test/unit/iam-request-based-authenticator.test.js": [
       {
-        "hashed_secret": "62cdb7020ff920e5aa642c3d4066950dd1f01f4d",
+        "hashed_secret": "43ed4c2d8375dfc89e3dc8c917f404b9481d355b",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 204,
+        "line_number": 5,
         "type": "Secret Keyword",
         "verified_result": null
-      },
+      }
+    ],
+    "test/unit/iam-request-based-token-manager.test.js": [
+      {
+        "hashed_secret": "43ed4c2d8375dfc89e3dc8c917f404b9481d355b",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 13,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "test/unit/iam-token-manager.test.js": [
       {
         "hashed_secret": "a7ef1be18bb8d37af79f3d87761a203378bf26a2",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 403,
+        "line_number": 129,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -431,7 +484,7 @@
         "hashed_secret": "4c65cd3f160d60f7ca28ca04fa60b9035132781c",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 9,
+        "line_number": 7,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -439,7 +492,7 @@
         "hashed_secret": "407bb564bd0e4d31368cb53004c9c42adf8f7be8",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 165,
+        "line_number": 163,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -447,7 +500,7 @@
         "hashed_secret": "2863fa4b5510c46afc2bd2998dfbc0cf3d6df032",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 191,
+        "line_number": 189,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -455,13 +508,13 @@
         "hashed_secret": "ed8c99e906cf3fdbae90a71e06142ebc72b4c056",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 209,
+        "line_number": 207,
         "type": "Secret Keyword",
         "verified_result": null
       }
     ]
   },
-  "version": "0.13.1+ibm.31.dss",
+  "version": "0.13.1+ibm.40.dss",
   "word_list": {
     "file": null,
     "hash": null

package/Authentication.md

@@ -1,9 +1,10 @@
 # Authentication
 The node-sdk-core project supports the following types of authentication:
 - Basic Authentication
-- Bearer Token 
+- Bearer Token
 - Identity and Access Management (IAM)
 - Cloud Pak for Data
+- Container
 - No Authentication
 
 The SDK user configures the appropriate type of authentication for use with service instances.
@@ -131,12 +132,13 @@ The `CloudPakForDataAuthenticator` will accept user-supplied username and passwo
 
 ### Properties
 - username: (required) the username used to obtain a bearer token.
-- password: (required) the password used to obtain a bearer token.
+- password: (password or apikey required) the password used to obtain a bearer token.
+- apikey: (password or apikey required) the API key used to obtain a bearer token.
 - url: (required) The URL representing the Cloud Pak for Data token service endpoint.
 - disableSslVerification: (optional) A flag that indicates whether verificaton of the server's SSL certificate should be disabled or not. The default value is `false`.
 - headers: (optional) A set of key/value pairs that will be sent as HTTP headers in requests made to the IAM token service.
 
-### Programming example
+### Programming examples
 ```js
 import { CloudPakForDataAuthenticator } from 'ibm-cloud-sdk-core';
 
@@ -147,6 +149,16 @@ const authenticator = new CloudPakForDataAuthenticator({
 });
 ```
 
+```js
+import { CloudPakForDataAuthenticator } from 'ibm-cloud-sdk-core';
+
+const authenticator = new CloudPakForDataAuthenticator({
+  username: '{username}',
+  apikey: '{apikey}',
+  url: '{url}',
+});
+```
+
 ### External configuration example
 ```js
 import { getAuthenticatorFromEnvironment } from 'ibm-cloud-sdk-core';
@@ -156,9 +168,60 @@ import { getAuthenticatorFromEnvironment } from 'ibm-cloud-sdk-core';
 // MY_SERVICE_AUTH_URL=<url>
 // MY_SERVICE_USERNAME=<username>
 // MY_SERVICE_PASSWORD=<password>
+// MY_SERVICE_APIKEY=<apikey>
 const cp4dAuthenticator = getAuthenticatorFromEnvironment('my-service');
 ```
 
+## Container
+The `ContainerAuthenticator` is intended to be used by application code
+running inside a compute resource managed by the IBM Kubernetes Service (IKS)
+in which a secure compute resource token (CR token) has been stored in a file
+within the compute resource's local file system.
+The CR token is similar to an IAM apikey except that it is managed automatically by
+the compute resource provider (IKS).
+This allows the application developer to:
+- avoid storing credentials in application code, configuraton files or a password vault
+- avoid managing or rotating credentials
+
+The `ContainerAuthenticator` will retrieve the CR token from
+the compute resource in which the application is running, and will then perform
+the necessary interactions with the IAM token service to obtain an IAM access token
+using the IAM "get token" operation with grant-type `cr-token`.
+The authenticator will repeat these steps to obtain a new IAM access token when the
+current access token expires.
+The IAM access token is added to each outbound request in the `Authorization` header in the form:
+```
+   Authorization: Bearer <IAM-access-token>
+```
+
+### Properties
+- crTokenFilename: (optional) The name of the file containing the injected CR token value. If not specified, then `/var/run/secrets/tokens/vault-token` is used as the default value. The application must have `read` permissions on the file containing the CR token value.
+- iamProfileName: (optional) The name of the linked trusted IAM profile to be used when obtaining the IAM access token (a CR token might map to multiple IAM profiles). One of `iamProfileName` or `iamProfileId` must be specified.
+- iamProfileId: (optional) The ID of the linked trusted IAM profile to be used when obtaining the IAM access token (a CR token might map to multiple IAM profiles). One of `iamProfileName` or `iamProfileId` must be specified.
+- url: (optional) The URL representing the IAM token service endpoint.  If not specified, a suitable default value is used.
+- clientId/clientSecret: (optional) The `clientId` and `clientSecret` fields are used to form a "basic auth" Authorization header for interactions with the IAM token server. If neither field is specified, then no Authorization header will be sent with token server requests.  These fields are optional, but must be specified together.
+- disableSslVerification: (optional) A flag that indicates whether verificaton of the server's SSL certificate should be disabled or not. The default value is `false`.
+- headers: (optional) A set of key/value pairs that will be sent as HTTP headers in requests made to the IAM token service.
+
+### Programming example
+```js
+import { ContainerAuthenticator } from 'ibm-cloud-sdk-core';
+
+const authenticator = new ContainerAuthenticator({
+  iamProfileName: '{profile-name}',
+});
+```
+
+### External configuration example
+```js
+import { getAuthenticatorFromEnvironment } from 'ibm-cloud-sdk-core';
+
+// env vars
+// MY_SERVICE_AUTH_TYPE=container
+// MY_SERVICE_IAM_PROFILE_ID=my_profile_name
+const containerAuthenticator = getAuthenticatorFromEnvironment('my-service');
+```
+
 ## No Auth Authentication
 The `NoAuthAuthenticator` is a placeholder authenticator which performs no actual authentication function.   It can be used in situations where authentication needs to be bypassed, perhaps while developing or debugging an application or service.
 

package/CHANGELOG.md

@@ -1,3 +1,31 @@
+## [2.12.2](https://github.com/IBM/node-sdk-core/compare/v2.12.1...v2.12.2) (2021-08-13)
+
+
+### Bug Fixes
+
+* support 'AUTHTYPE' as alias for 'AUTH_TYPE' config property ([#153](https://github.com/IBM/node-sdk-core/issues/153)) ([fccf209](https://github.com/IBM/node-sdk-core/commit/fccf2093874835d9c77c08843809b79e57fb0e78))
+
+## [2.12.1](https://github.com/IBM/node-sdk-core/compare/v2.12.0...v2.12.1) (2021-08-11)
+
+
+### Bug Fixes
+
+* use typescript 3.8.x to build the published code ([#152](https://github.com/IBM/node-sdk-core/issues/152)) ([4362a37](https://github.com/IBM/node-sdk-core/commit/4362a376b3419baa5e7e428b03490bf021d0a295))
+
+# [2.12.0](https://github.com/IBM/node-sdk-core/compare/v2.11.3...v2.12.0) (2021-08-10)
+
+
+### Features
+
+* add support for new ContainerAuthenticator ([#151](https://github.com/IBM/node-sdk-core/issues/151)) ([b01c011](https://github.com/IBM/node-sdk-core/commit/b01c011021671ebeb3c49de84fb17315eae3629f))
+
+## [2.11.3](https://github.com/IBM/node-sdk-core/compare/v2.11.2...v2.11.3) (2021-06-14)
+
+
+### Bug Fixes
+
+* **build:** revert inadvertently-committed directories ([#147](https://github.com/IBM/node-sdk-core/issues/147)) ([1fb6295](https://github.com/IBM/node-sdk-core/commit/1fb62955e74e73c805b6221ca85e22517335f273))
+
 ## [2.11.2](https://github.com/IBM/node-sdk-core/compare/v2.11.1...v2.11.2) (2021-06-10)
 
 

package/README.md

@@ -31,6 +31,7 @@ This library provides a set of Authenticators used to authenticate requests from
 - Bearer Token
 - IAM
 - CP4D
+- Container
 
 There are two ways to create an authenticator:
 1. Creating an instance and providing credentials programmatically

package/auth/authenticators/container-authenticator.d.ts

@@ -0,0 +1,78 @@
+/**
+ * Copyright 2021 IBM Corp. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import { ContainerTokenManager } from '../token-managers';
+import { IamRequestOptions, IamRequestBasedAuthenticator } from './iam-request-based-authenticator';
+/** Configuration options for IAM authentication. */
+export interface Options extends IamRequestOptions {
+    /** The file containing the compute resource token. */
+    crTokenFilename?: string;
+    /** The IAM profile name associated with the compute resource token. */
+    iamProfileName?: string;
+    /** The IAM profile ID associated with the compute resource token. */
+    iamProfileId?: string;
+}
+/**
+ * The [[ContainerAuthenticator]] will read a compute resource token from the file system
+ * and use this value to obtain a bearer token from the IAM token server.  When the bearer
+ * token expires, a new token is obtained from the token server.
+ *
+ * The bearer token will be sent as an Authorization header in the form:
+ *
+ *      Authorization: Bearer <bearer-token>
+ */
+export declare class ContainerAuthenticator extends IamRequestBasedAuthenticator {
+    protected tokenManager: ContainerTokenManager;
+    private crTokenFilename;
+    private iamProfileName;
+    private iamProfileId;
+    /**
+     *
+     * Create a new [[ContainerAuthenticator]] instance.
+     *
+     * @param {object} options Configuration options for IAM authentication.
+     * @param {string} [options.crTokenFilename] The file containing the compute resource token.
+     * @param {string} [options.iamProfileName] The IAM profile name associated with the compute resource token.
+     * @param {string} [options.iamProfileId] The IAM profile ID associated with the compute resource token.
+     * @param {boolean} [options.disableSslVerification] A flag that indicates
+     *   whether verification of the token server's SSL certificate should be
+     *   disabled or not
+     * @param {string} [options.url] for HTTP token requests.
+     * @param {object<string, string>} options.headers to be sent with every
+     * @param {string} [options.clientId] The `clientId` and `clientSecret` fields are used to form a "basic"
+     *   authorization header for IAM token requests.
+     * @param {string} [options.clientSecret] The `clientId` and `clientSecret` fields are used to form a "basic"
+     *   authorization header for IAM token requests.
+     * @param {string} [options.scope] The "scope" parameter to use when fetching the bearer token from the
+     *   IAM token server.
+     * @throws {Error} When the configuration options are not valid.
+     */
+    constructor(options: Options);
+    /**
+     * Setter for the filename of the compute resource token.
+     * @param {string} scope A string containing a path to the CR token file
+     */
+    setCrTokenFilename(crTokenFilename: string): void;
+    /**
+     * Setter for the "profile_name" parameter to use when fetching the bearer token from the IAM token server.
+     * @param {string} scope A string that makes up the iamProfileName parameter
+     */
+    setIamProfileName(iamProfileName: string): void;
+    /**
+     * Setter for the "profile_id" parameter to use when fetching the bearer token from the IAM token server.
+     * @param {string} scope A string that makes up the iamProfileId parameter
+     */
+    setIamProfileId(iamProfileId: string): void;
+}