ibm-cloud-sdk-core 4.0.6 → 4.0.7

package/Authentication.md

@@ -252,7 +252,8 @@ The IAM access token is added to each outbound request in the `Authorization` he
 ### Properties
 
 - crTokenFilename: (optional) the name of the file containing the injected CR token value.
-If not specified, then `/var/run/secrets/tokens/vault-token` is used as the default value.
+If not specified, then the authenticator will first try `/var/run/secrets/tokens/vault-token`
+and then `/var/run/secrets/tokens/sa-token` as the default value (first file found is used).
 The application must have `read` permissions on the file containing the CR token value.
 
 - iamProfileName: (optional) the name of the linked trusted IAM profile to be used when obtaining the

package/CHANGELOG.md

@@ -1,3 +1,10 @@
+## [4.0.7](https://github.com/IBM/node-sdk-core/compare/v4.0.6...v4.0.7) (2023-05-22)
+
+
+### Bug Fixes
+
+* **ContainerAuthenticator:** add sa-token as default CR token filename ([#241](https://github.com/IBM/node-sdk-core/issues/241)) ([91f9932](https://github.com/IBM/node-sdk-core/commit/91f9932ab0a74c11e1de5aecb46481dee3058018))
+
 ## [4.0.6](https://github.com/IBM/node-sdk-core/compare/v4.0.5...v4.0.6) (2023-05-18)
 
 

package/auth/token-managers/container-token-manager.d.ts

@@ -1,5 +1,5 @@
 /**
- * Copyright 2021, 2022 IBM Corp. All Rights Reserved.
+ * Copyright 2021, 2023 IBM Corp. All Rights Reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -69,5 +69,15 @@ export declare class ContainerTokenManager extends IamRequestBasedTokenManager {
      * Request an IAM token using a compute resource token.
      */
     protected requestToken(): Promise<any>;
+    /**
+     * Retrieves the CR token from a file using this search order:
+     * 1. User-specified filename (if specified)
+     * 2. Default file #1 (/var/run/secrets/tokens/vault-token)
+     * 3. Default file #2 (/var/run/secrets/tokens/sa-token)
+     * First one found wins.
+     *
+     * @returns the CR token value as a string
+     */
+    protected getCrToken(): string;
 }
 export {};

package/auth/token-managers/container-token-manager.js

@@ -1,6 +1,6 @@
 "use strict";
 /**
- * Copyright 2021, 2022 IBM Corp. All Rights Reserved.
+ * Copyright 2021, 2023 IBM Corp. All Rights Reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -65,15 +65,12 @@ var __generator = (this && this.__generator) || function (thisArg, body) {
         if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
     }
 };
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.ContainerTokenManager = void 0;
-var logger_1 = __importDefault(require("../../lib/logger"));
 var utils_1 = require("../utils");
 var iam_request_based_token_manager_1 = require("./iam-request-based-token-manager");
-var DEFAULT_CR_TOKEN_FILEPATH = '/var/run/secrets/tokens/vault-token';
+var DEFAULT_CR_TOKEN_FILEPATH1 = '/var/run/secrets/tokens/vault-token';
+var DEFAULT_CR_TOKEN_FILEPATH2 = '/var/run/secrets/tokens/sa-token';
 /**
  * The ContainerTokenManager retrieves a compute resource token from a file on the container. This token
  * is used to perform the necessary interactions with the IAM token service to obtain and store a suitable
@@ -109,7 +106,9 @@ var ContainerTokenManager = /** @class */ (function (_super) {
         if (!(0, utils_1.atLeastOne)(options.iamProfileId, options.iamProfileName)) {
             throw new Error('At least one of `iamProfileName` or `iamProfileId` must be specified.');
         }
-        _this.crTokenFilename = options.crTokenFilename || DEFAULT_CR_TOKEN_FILEPATH;
+        if (options.crTokenFilename) {
+            _this.crTokenFilename = options.crTokenFilename;
+        }
         if (options.iamProfileName) {
             _this.iamProfileName = options.iamProfileName;
         }
@@ -146,10 +145,8 @@ var ContainerTokenManager = /** @class */ (function (_super) {
      */
     ContainerTokenManager.prototype.requestToken = function () {
         return __awaiter(this, void 0, void 0, function () {
-            var crToken;
             return __generator(this, function (_a) {
-                crToken = getCrToken(this.crTokenFilename);
-                this.formData.cr_token = crToken;
+                this.formData.cr_token = this.getCrToken();
                 // these member variables can be reset, set them in the form data right
                 // before making the request to ensure they're up to date
                 if (this.iamProfileName) {
@@ -162,11 +159,37 @@ var ContainerTokenManager = /** @class */ (function (_super) {
             });
         });
     };
+    /**
+     * Retrieves the CR token from a file using this search order:
+     * 1. User-specified filename (if specified)
+     * 2. Default file #1 (/var/run/secrets/tokens/vault-token)
+     * 3. Default file #2 (/var/run/secrets/tokens/sa-token)
+     * First one found wins.
+     *
+     * @returns the CR token value as a string
+     */
+    ContainerTokenManager.prototype.getCrToken = function () {
+        try {
+            var crToken = null;
+            if (this.crTokenFilename) {
+                // If the user specified a filename, then try to read from that.
+                crToken = (0, utils_1.readCrTokenFile)(this.crTokenFilename);
+            }
+            else {
+                // If no filename was specified, then try our two default filenames.
+                try {
+                    crToken = (0, utils_1.readCrTokenFile)(DEFAULT_CR_TOKEN_FILEPATH1);
+                }
+                catch (err) {
+                    crToken = (0, utils_1.readCrTokenFile)(DEFAULT_CR_TOKEN_FILEPATH2);
+                }
+            }
+            return crToken;
+        }
+        catch (err) {
+            throw new Error("Error reading CR token file: ".concat(err.toString()));
+        }
+    };
     return ContainerTokenManager;
 }(iam_request_based_token_manager_1.IamRequestBasedTokenManager));
 exports.ContainerTokenManager = ContainerTokenManager;
-function getCrToken(filename) {
-    logger_1.default.debug("Attempting to read CR token from file: ".concat(filename));
-    // moving the actual read to another file to isolate usage of node-only packages like `fs`
-    return (0, utils_1.readCrTokenFile)(filename);
-}

package/auth/utils/file-reading-helpers.d.ts

@@ -1,5 +1,5 @@
 /**
- * Copyright 2021 IBM Corp. All Rights Reserved.
+ * Copyright 2021, 2023 IBM Corp. All Rights Reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

package/auth/utils/file-reading-helpers.js

@@ -1,6 +1,6 @@
 "use strict";
 /**
- * Copyright 2021 IBM Corp. All Rights Reserved.
+ * Copyright 2021, 2023 IBM Corp. All Rights Reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -88,21 +88,17 @@ function readCrTokenFile(filepath) {
     if (!fs_1.existsSync) {
         return '';
     }
-    var token = '';
-    var fileExists = fileExistsAtPath(filepath);
-    if (fileExists) {
+    try {
+        var token = '';
+        logger_1.default.debug("Attempting to read CR token from file: ".concat(filepath));
         token = (0, fs_1.readFileSync)(filepath, 'utf8');
         logger_1.default.debug("Successfully read CR token from file: ".concat(filepath));
+        return token;
     }
-    if (token === '') {
-        if (fileExists) {
-            logger_1.default.error("Expected to read CR token from file but the file is empty: ".concat(filepath));
-        }
-        else {
-            logger_1.default.error("Expected to find CR token file but the file does not exist: ".concat(filepath));
-        }
-        throw new Error("Unable to retrieve the CR token value from file: ".concat(filepath));
+    catch (err) {
+        var msg = "Error reading CR token: ".concat(err.toString());
+        logger_1.default.debug(msg);
+        throw new Error(msg);
     }
-    return token;
 }
 exports.readCrTokenFile = readCrTokenFile;

package/build/docs/ibm-cloud-sdk-core.containertokenmanager.getcrtoken.md

@@ -0,0 +1,19 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [ibm-cloud-sdk-core](./ibm-cloud-sdk-core.md) &gt; [ContainerTokenManager](./ibm-cloud-sdk-core.containertokenmanager.md) &gt; [getCrToken](./ibm-cloud-sdk-core.containertokenmanager.getcrtoken.md)
+
+## ContainerTokenManager.getCrToken() method
+
+Retrieves the CR token from a file using this search order: 1. User-specified filename (if specified) 2. Default file \#1 (/var/run/secrets/tokens/vault-token) 3. Default file \#2 (/var/run/secrets/tokens/sa-token) First one found wins.
+
+<b>Signature:</b>
+
+```typescript
+protected getCrToken(): string;
+```
+<b>Returns:</b>
+
+string
+
+the CR token value as a string
+

package/build/docs/ibm-cloud-sdk-core.containertokenmanager.md

@@ -23,6 +23,7 @@ export declare class ContainerTokenManager extends IamRequestBasedTokenManager
 
 |  Method | Modifiers | Description |
 |  --- | --- | --- |
+|  [getCrToken()](./ibm-cloud-sdk-core.containertokenmanager.getcrtoken.md) | <code>protected</code> | Retrieves the CR token from a file using this search order: 1. User-specified filename (if specified) 2. Default file \#1 (/var/run/secrets/tokens/vault-token) 3. Default file \#2 (/var/run/secrets/tokens/sa-token) First one found wins. |
 |  [requestToken()](./ibm-cloud-sdk-core.containertokenmanager.requesttoken.md) | <code>protected</code> | Request an IAM token using a compute resource token. |
 |  [setCrTokenFilename(crTokenFilename)](./ibm-cloud-sdk-core.containertokenmanager.setcrtokenfilename.md) |  | Sets the "crTokenFilename" field |
 |  [setIamProfileId(iamProfileId)](./ibm-cloud-sdk-core.containertokenmanager.setiamprofileid.md) |  | Sets the ID of the IAM trusted profile to use when obtaining an access token from the IAM token server. |

package/docs/ibm-cloud-sdk-core.api.json

@@ -2498,6 +2498,36 @@
                 }
               ]
             },
+            {
+              "kind": "Method",
+              "canonicalReference": "ibm-cloud-sdk-core!ContainerTokenManager#getCrToken:member(1)",
+              "docComment": "/**\n * Retrieves the CR token from a file using this search order: 1. User-specified filename (if specified) 2. Default file #1 (/var/run/secrets/tokens/vault-token) 3. Default file #2 (/var/run/secrets/tokens/sa-token) First one found wins.\n *\n * @returns the CR token value as a string\n */\n",
+              "excerptTokens": [
+                {
+                  "kind": "Content",
+                  "text": "protected getCrToken(): "
+                },
+                {
+                  "kind": "Content",
+                  "text": "string"
+                },
+                {
+                  "kind": "Content",
+                  "text": ";"
+                }
+              ],
+              "isStatic": false,
+              "returnTypeTokenRange": {
+                "startIndex": 1,
+                "endIndex": 2
+              },
+              "releaseTag": "Public",
+              "isProtected": true,
+              "overloadIndex": 1,
+              "parameters": [],
+              "isOptional": false,
+              "name": "getCrToken"
+            },
             {
               "kind": "Method",
               "canonicalReference": "ibm-cloud-sdk-core!ContainerTokenManager#requestToken:member(1)",

package/es/auth/token-managers/container-token-manager.d.ts

@@ -1,5 +1,5 @@
 /**
- * Copyright 2021, 2022 IBM Corp. All Rights Reserved.
+ * Copyright 2021, 2023 IBM Corp. All Rights Reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -69,5 +69,15 @@ export declare class ContainerTokenManager extends IamRequestBasedTokenManager {
      * Request an IAM token using a compute resource token.
      */
     protected requestToken(): Promise<any>;
+    /**
+     * Retrieves the CR token from a file using this search order:
+     * 1. User-specified filename (if specified)
+     * 2. Default file #1 (/var/run/secrets/tokens/vault-token)
+     * 3. Default file #2 (/var/run/secrets/tokens/sa-token)
+     * First one found wins.
+     *
+     * @returns the CR token value as a string
+     */
+    protected getCrToken(): string;
 }
 export {};

package/es/auth/token-managers/container-token-manager.js

@@ -1,5 +1,5 @@
 /**
- * Copyright 2021, 2022 IBM Corp. All Rights Reserved.
+ * Copyright 2021, 2023 IBM Corp. All Rights Reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -22,10 +22,10 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
         step((generator = generator.apply(thisArg, _arguments || [])).next());
     });
 };
-import logger from '../../lib/logger';
 import { atLeastOne, readCrTokenFile } from '../utils';
 import { IamRequestBasedTokenManager } from './iam-request-based-token-manager';
-const DEFAULT_CR_TOKEN_FILEPATH = '/var/run/secrets/tokens/vault-token';
+const DEFAULT_CR_TOKEN_FILEPATH1 = '/var/run/secrets/tokens/vault-token';
+const DEFAULT_CR_TOKEN_FILEPATH2 = '/var/run/secrets/tokens/sa-token';
 /**
  * The ContainerTokenManager retrieves a compute resource token from a file on the container. This token
  * is used to perform the necessary interactions with the IAM token service to obtain and store a suitable
@@ -59,7 +59,9 @@ export class ContainerTokenManager extends IamRequestBasedTokenManager {
         if (!atLeastOne(options.iamProfileId, options.iamProfileName)) {
             throw new Error('At least one of `iamProfileName` or `iamProfileId` must be specified.');
         }
-        this.crTokenFilename = options.crTokenFilename || DEFAULT_CR_TOKEN_FILEPATH;
+        if (options.crTokenFilename) {
+            this.crTokenFilename = options.crTokenFilename;
+        }
         if (options.iamProfileName) {
             this.iamProfileName = options.iamProfileName;
         }
@@ -98,8 +100,7 @@ export class ContainerTokenManager extends IamRequestBasedTokenManager {
             requestToken: { get: () => super.requestToken }
         });
         return __awaiter(this, void 0, void 0, function* () {
-            const crToken = getCrToken(this.crTokenFilename);
-            this.formData.cr_token = crToken;
+            this.formData.cr_token = this.getCrToken();
             // these member variables can be reset, set them in the form data right
             // before making the request to ensure they're up to date
             if (this.iamProfileName) {
@@ -111,9 +112,35 @@ export class ContainerTokenManager extends IamRequestBasedTokenManager {
             return _super.requestToken.call(this);
         });
     }
-}
-function getCrToken(filename) {
-    logger.debug(`Attempting to read CR token from file: ${filename}`);
-    // moving the actual read to another file to isolate usage of node-only packages like `fs`
-    return readCrTokenFile(filename);
+    /**
+     * Retrieves the CR token from a file using this search order:
+     * 1. User-specified filename (if specified)
+     * 2. Default file #1 (/var/run/secrets/tokens/vault-token)
+     * 3. Default file #2 (/var/run/secrets/tokens/sa-token)
+     * First one found wins.
+     *
+     * @returns the CR token value as a string
+     */
+    getCrToken() {
+        try {
+            let crToken = null;
+            if (this.crTokenFilename) {
+                // If the user specified a filename, then try to read from that.
+                crToken = readCrTokenFile(this.crTokenFilename);
+            }
+            else {
+                // If no filename was specified, then try our two default filenames.
+                try {
+                    crToken = readCrTokenFile(DEFAULT_CR_TOKEN_FILEPATH1);
+                }
+                catch (err) {
+                    crToken = readCrTokenFile(DEFAULT_CR_TOKEN_FILEPATH2);
+                }
+            }
+            return crToken;
+        }
+        catch (err) {
+            throw new Error(`Error reading CR token file: ${err.toString()}`);
+        }
+    }
 }

package/es/auth/utils/file-reading-helpers.d.ts

@@ -1,5 +1,5 @@
 /**
- * Copyright 2021 IBM Corp. All Rights Reserved.
+ * Copyright 2021, 2023 IBM Corp. All Rights Reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

package/es/auth/utils/file-reading-helpers.js

@@ -1,5 +1,5 @@
 /**
- * Copyright 2021 IBM Corp. All Rights Reserved.
+ * Copyright 2021, 2023 IBM Corp. All Rights Reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -79,20 +79,16 @@ export function readCrTokenFile(filepath) {
     if (!existsSync) {
         return '';
     }
-    let token = '';
-    const fileExists = fileExistsAtPath(filepath);
-    if (fileExists) {
+    try {
+        let token = '';
+        logger.debug(`Attempting to read CR token from file: ${filepath}`);
         token = readFileSync(filepath, 'utf8');
         logger.debug(`Successfully read CR token from file: ${filepath}`);
+        return token;
     }
-    if (token === '') {
-        if (fileExists) {
-            logger.error(`Expected to read CR token from file but the file is empty: ${filepath}`);
-        }
-        else {
-            logger.error(`Expected to find CR token file but the file does not exist: ${filepath}`);
-        }
-        throw new Error(`Unable to retrieve the CR token value from file: ${filepath}`);
+    catch (err) {
+        const msg = `Error reading CR token: ${err.toString()}`;
+        logger.debug(msg);
+        throw new Error(msg);
     }
-    return token;
 }

package/etc/ibm-cloud-sdk-core.api.md

@@ -149,6 +149,7 @@ export class ContainerAuthenticator extends IamRequestBasedAuthenticator {
 export class ContainerTokenManager extends IamRequestBasedTokenManager {
     // Warning: (ae-forgotten-export) The symbol "Options_7" needs to be exported by the entry point index.d.ts
     constructor(options: Options_7);
+    protected getCrToken(): string;
     protected requestToken(): Promise<any>;
     setCrTokenFilename(crTokenFilename: string): void;
     setIamProfileId(iamProfileId: string): void;

package/ibm-cloud-sdk-core.d.ts

@@ -567,6 +567,16 @@ export declare class ContainerTokenManager extends IamRequestBasedTokenManager {
      * Request an IAM token using a compute resource token.
      */
     protected requestToken(): Promise<any>;
+    /**
+     * Retrieves the CR token from a file using this search order:
+     * 1. User-specified filename (if specified)
+     * 2. Default file #1 (/var/run/secrets/tokens/vault-token)
+     * 3. Default file #2 (/var/run/secrets/tokens/sa-token)
+     * First one found wins.
+     *
+     * @returns the CR token value as a string
+     */
+    protected getCrToken(): string;
 }
 
 export declare const contentType: {
@@ -1138,7 +1148,7 @@ export declare const qs: {
 };
 
 /**
- * Copyright 2021 IBM Corp. All Rights Reserved.
+ * Copyright 2021, 2023 IBM Corp. All Rights Reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ibm-cloud-sdk-core",
-  "version": "4.0.6",
+  "version": "4.0.7",
   "description": "Core functionality to support SDKs generated with IBM's OpenAPI SDK Generator.",
   "main": "index.js",
   "typings": "./es/index.d.ts",

package/temp/ibm-cloud-sdk-core.api.json

@@ -2498,6 +2498,36 @@
                 }
               ]
             },
+            {
+              "kind": "Method",
+              "canonicalReference": "ibm-cloud-sdk-core!ContainerTokenManager#getCrToken:member(1)",
+              "docComment": "/**\n * Retrieves the CR token from a file using this search order: 1. User-specified filename (if specified) 2. Default file #1 (/var/run/secrets/tokens/vault-token) 3. Default file #2 (/var/run/secrets/tokens/sa-token) First one found wins.\n *\n * @returns the CR token value as a string\n */\n",
+              "excerptTokens": [
+                {
+                  "kind": "Content",
+                  "text": "protected getCrToken(): "
+                },
+                {
+                  "kind": "Content",
+                  "text": "string"
+                },
+                {
+                  "kind": "Content",
+                  "text": ";"
+                }
+              ],
+              "isStatic": false,
+              "returnTypeTokenRange": {
+                "startIndex": 1,
+                "endIndex": 2
+              },
+              "releaseTag": "Public",
+              "isProtected": true,
+              "overloadIndex": 1,
+              "parameters": [],
+              "isOptional": false,
+              "name": "getCrToken"
+            },
             {
               "kind": "Method",
               "canonicalReference": "ibm-cloud-sdk-core!ContainerTokenManager#requestToken:member(1)",

package/temp/ibm-cloud-sdk-core.api.md

@@ -149,6 +149,7 @@ export class ContainerAuthenticator extends IamRequestBasedAuthenticator {
 export class ContainerTokenManager extends IamRequestBasedTokenManager {
     // Warning: (ae-forgotten-export) The symbol "Options_7" needs to be exported by the entry point index.d.ts
     constructor(options: Options_7);
+    protected getCrToken(): string;
     protected requestToken(): Promise<any>;
     setCrTokenFilename(crTokenFilename: string): void;
     setIamProfileId(iamProfileId: string): void;