ibm-cloud-sdk-core 5.0.2 → 5.1.0

package/auth/authenticators/iam-assume-authenticator.d.ts

@@ -0,0 +1,82 @@
+/**
+ * (C) Copyright IBM Corp. 2024.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import { IamAssumeTokenManager } from '../token-managers';
+import { IamRequestOptions, IamRequestBasedAuthenticatorImmutable } from './iam-request-based-authenticator-immutable';
+/** Configuration options for IAM Assume authentication. */
+export interface Options extends IamRequestOptions {
+    /** The IAM api key */
+    apikey: string;
+    /**
+     * Specify exactly one of [iamProfileId, iamProfileCrn, or iamProfileName] to
+     * identify the trusted profile whose identity should be used. If iamProfileId
+     * or iamProfileCrn is used, the trusted profile must exist in the same account.
+     * If and only if iamProfileName is used, then iamAccountId must also be
+     * specified to indicate the account that contains the trusted profile.
+     */
+    iamProfileId?: string;
+    iamProfileCrn?: string;
+    iamProfileName?: string;
+    /**
+     * If and only if iamProfileName is used to specify the trusted profile, then
+     * iamAccountId must also be specified to indicate the account that contains
+     * the trusted profile.
+     */
+    iamAccountId?: string;
+}
+/**
+ * The IamAssumeAuthenticator obtains an IAM access token using the IAM "get-token"
+ * operation's "assume" grant type. The authenticator obtains an initial IAM access
+ * token from a user-supplied apikey, then exchanges this initial IAM access token
+ * for another IAM access token that has "assumed the identity" of the specified
+ * trusted profile.
+ *
+ * The bearer token will be sent as an Authorization header in the form:
+ *
+ *      Authorization: Bearer \<bearer-token\>
+ */
+export declare class IamAssumeAuthenticator extends IamRequestBasedAuthenticatorImmutable {
+    protected tokenManager: IamAssumeTokenManager;
+    /**
+     *
+     * Create a new IamAssumeAuthenticator instance.
+     *
+     * @param options - Configuration options for IAM authentication.
+     * This should be an object containing these fields:
+     * - apikey: (required) the IAM api key for initial token request
+     * - iamProfileId: (optional) the ID of the trusted profile to use
+     * - iamProfileCrn: (optional) the CRN of the trusted profile to use
+     * - iamProfileName: (optional) the name of the trusted profile to use (must be specified with iamAccountId)
+     * - iamAccountId: (optional) the ID of the account the trusted profile is in (must be specified with iamProfileName)
+     * - url: (optional) the endpoint URL for the token service
+     * - disableSslVerification: (optional) a flag that indicates whether verification of the token server's SSL certificate
+     * should be disabled or not
+     * - headers: (optional) a set of HTTP headers to be sent with each request to the token service
+     * - clientId: (optional) the "clientId" and "clientSecret" fields are used to form a Basic
+     * Authorization header to be included in each request to the token service
+     * - clientSecret: (optional) the "clientId" and "clientSecret" fields are used to form a Basic
+     * Authorization header to be included in each request to the token service
+     * - scope: (optional) the "scope" parameter to use when fetching the bearer token from the token service
+     *
+     * @throws Error: the configuration options are not valid.
+     */
+    constructor(options: Options);
+    /**
+     * Returns the authenticator's type ('iamAssume').
+     *
+     * @returns a string that indicates the authenticator's type
+     */
+    authenticationType(): string;
+}

package/auth/authenticators/iam-assume-authenticator.js

@@ -0,0 +1,92 @@
+"use strict";
+/**
+ * (C) Copyright IBM Corp. 2024.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+var __extends = (this && this.__extends) || (function () {
+    var extendStatics = function (d, b) {
+        extendStatics = Object.setPrototypeOf ||
+            ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
+            function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; };
+        return extendStatics(d, b);
+    };
+    return function (d, b) {
+        if (typeof b !== "function" && b !== null)
+            throw new TypeError("Class extends value " + String(b) + " is not a constructor or null");
+        extendStatics(d, b);
+        function __() { this.constructor = d; }
+        d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.IamAssumeAuthenticator = void 0;
+var authenticator_1 = require("./authenticator");
+var token_managers_1 = require("../token-managers");
+var iam_request_based_authenticator_immutable_1 = require("./iam-request-based-authenticator-immutable");
+/**
+ * The IamAssumeAuthenticator obtains an IAM access token using the IAM "get-token"
+ * operation's "assume" grant type. The authenticator obtains an initial IAM access
+ * token from a user-supplied apikey, then exchanges this initial IAM access token
+ * for another IAM access token that has "assumed the identity" of the specified
+ * trusted profile.
+ *
+ * The bearer token will be sent as an Authorization header in the form:
+ *
+ *      Authorization: Bearer \<bearer-token\>
+ */
+var IamAssumeAuthenticator = /** @class */ (function (_super) {
+    __extends(IamAssumeAuthenticator, _super);
+    /**
+     *
+     * Create a new IamAssumeAuthenticator instance.
+     *
+     * @param options - Configuration options for IAM authentication.
+     * This should be an object containing these fields:
+     * - apikey: (required) the IAM api key for initial token request
+     * - iamProfileId: (optional) the ID of the trusted profile to use
+     * - iamProfileCrn: (optional) the CRN of the trusted profile to use
+     * - iamProfileName: (optional) the name of the trusted profile to use (must be specified with iamAccountId)
+     * - iamAccountId: (optional) the ID of the account the trusted profile is in (must be specified with iamProfileName)
+     * - url: (optional) the endpoint URL for the token service
+     * - disableSslVerification: (optional) a flag that indicates whether verification of the token server's SSL certificate
+     * should be disabled or not
+     * - headers: (optional) a set of HTTP headers to be sent with each request to the token service
+     * - clientId: (optional) the "clientId" and "clientSecret" fields are used to form a Basic
+     * Authorization header to be included in each request to the token service
+     * - clientSecret: (optional) the "clientId" and "clientSecret" fields are used to form a Basic
+     * Authorization header to be included in each request to the token service
+     * - scope: (optional) the "scope" parameter to use when fetching the bearer token from the token service
+     *
+     * @throws Error: the configuration options are not valid.
+     */
+    function IamAssumeAuthenticator(options) {
+        var _this = _super.call(this, options) || this;
+        // The param names are shared between the authenticator and the token
+        // manager so we can just pass along the options object. This will
+        // also perform input validation on the options.
+        _this.tokenManager = new token_managers_1.IamAssumeTokenManager(options);
+        return _this;
+    }
+    /**
+     * Returns the authenticator's type ('iamAssume').
+     *
+     * @returns a string that indicates the authenticator's type
+     */
+    // eslint-disable-next-line class-methods-use-this
+    IamAssumeAuthenticator.prototype.authenticationType = function () {
+        return authenticator_1.Authenticator.AUTHTYPE_IAM_ASSUME;
+    };
+    return IamAssumeAuthenticator;
+}(iam_request_based_authenticator_immutable_1.IamRequestBasedAuthenticatorImmutable));
+exports.IamAssumeAuthenticator = IamAssumeAuthenticator;

package/auth/authenticators/iam-authenticator.d.ts

@@ -61,4 +61,10 @@ export declare class IamAuthenticator extends IamRequestBasedAuthenticator {
      * @returns a string that indicates the authenticator's type
      */
     authenticationType(): string;
+    /**
+     * Return the most recently stored refresh token.
+     *
+     * @returns the refresh token string
+     */
+    getRefreshToken(): string;
 }

package/auth/authenticators/iam-authenticator.js

@@ -86,6 +86,14 @@ var IamAuthenticator = /** @class */ (function (_super) {
     IamAuthenticator.prototype.authenticationType = function () {
         return authenticator_1.Authenticator.AUTHTYPE_IAM;
     };
+    /**
+     * Return the most recently stored refresh token.
+     *
+     * @returns the refresh token string
+     */
+    IamAuthenticator.prototype.getRefreshToken = function () {
+        return this.tokenManager.getRefreshToken();
+    };
     return IamAuthenticator;
 }(iam_request_based_authenticator_1.IamRequestBasedAuthenticator));
 exports.IamAuthenticator = IamAuthenticator;

package/auth/authenticators/iam-request-based-authenticator-immutable.d.ts

@@ -0,0 +1,64 @@
+/**
+ * (C) Copyright IBM Corp. 2024.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import { IamRequestBasedTokenManager } from '../token-managers/iam-request-based-token-manager';
+import { BaseOptions, TokenRequestBasedAuthenticatorImmutable } from './token-request-based-authenticator-immutable';
+/** Configuration options for IAM Request based authentication. */
+export interface IamRequestOptions extends BaseOptions {
+    /**
+     * The `clientId` and `clientSecret` fields are used to form a "basic"
+     * authorization header for IAM token requests.
+     */
+    clientId?: string;
+    /**
+     * The `clientId` and `clientSecret` fields are used to form a "basic"
+     * authorization header for IAM token requests.
+     */
+    clientSecret?: string;
+    /**
+     * The "scope" parameter to use when fetching the bearer token from the IAM token server.
+     */
+    scope?: string;
+}
+/**
+ * The IamRequestBasedAuthenticatorImmutable provides shared configuration and functionality
+ * for authenticators that interact with the IAM token service. This authenticator
+ * is not meant for use on its own.
+ */
+export declare class IamRequestBasedAuthenticatorImmutable extends TokenRequestBasedAuthenticatorImmutable {
+    protected tokenManager: IamRequestBasedTokenManager;
+    protected clientId: string;
+    protected clientSecret: string;
+    protected scope: string;
+    /**
+     *
+     * Create a new IamRequestBasedAuthenticatorImmutable instance.
+     *
+     * @param options - Configuration options for IAM authentication.
+     * This should be an object containing these fields:
+     * - url: (optional) the endpoint URL for the token service
+     * - disableSslVerification: (optional) a flag that indicates whether verification of the token server's SSL certificate
+     * should be disabled or not
+     * - headers: (optional) a set of HTTP headers to be sent with each request to the token service
+     * - clientId: (optional) the "clientId" and "clientSecret" fields are used to form a Basic
+     * Authorization header to be included in each request to the token service
+     * - clientSecret: (optional) the "clientId" and "clientSecret" fields are used to form a Basic
+     * Authorization header to be included in each request to the token service
+     * - scope: (optional) the "scope" parameter to use when fetching the bearer token from the token service
+     *
+     * @throws Error: the configuration options are not valid.
+     */
+    constructor(options: IamRequestOptions);
+}

package/auth/authenticators/iam-request-based-authenticator-immutable.js

@@ -0,0 +1,74 @@
+"use strict";
+/**
+ * (C) Copyright IBM Corp. 2024.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+var __extends = (this && this.__extends) || (function () {
+    var extendStatics = function (d, b) {
+        extendStatics = Object.setPrototypeOf ||
+            ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
+            function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; };
+        return extendStatics(d, b);
+    };
+    return function (d, b) {
+        if (typeof b !== "function" && b !== null)
+            throw new TypeError("Class extends value " + String(b) + " is not a constructor or null");
+        extendStatics(d, b);
+        function __() { this.constructor = d; }
+        d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.IamRequestBasedAuthenticatorImmutable = void 0;
+var iam_request_based_token_manager_1 = require("../token-managers/iam-request-based-token-manager");
+var token_request_based_authenticator_immutable_1 = require("./token-request-based-authenticator-immutable");
+/**
+ * The IamRequestBasedAuthenticatorImmutable provides shared configuration and functionality
+ * for authenticators that interact with the IAM token service. This authenticator
+ * is not meant for use on its own.
+ */
+var IamRequestBasedAuthenticatorImmutable = /** @class */ (function (_super) {
+    __extends(IamRequestBasedAuthenticatorImmutable, _super);
+    /**
+     *
+     * Create a new IamRequestBasedAuthenticatorImmutable instance.
+     *
+     * @param options - Configuration options for IAM authentication.
+     * This should be an object containing these fields:
+     * - url: (optional) the endpoint URL for the token service
+     * - disableSslVerification: (optional) a flag that indicates whether verification of the token server's SSL certificate
+     * should be disabled or not
+     * - headers: (optional) a set of HTTP headers to be sent with each request to the token service
+     * - clientId: (optional) the "clientId" and "clientSecret" fields are used to form a Basic
+     * Authorization header to be included in each request to the token service
+     * - clientSecret: (optional) the "clientId" and "clientSecret" fields are used to form a Basic
+     * Authorization header to be included in each request to the token service
+     * - scope: (optional) the "scope" parameter to use when fetching the bearer token from the token service
+     *
+     * @throws Error: the configuration options are not valid.
+     */
+    function IamRequestBasedAuthenticatorImmutable(options) {
+        var _this = this;
+        // all parameters are optional
+        options = options || {};
+        _this = _super.call(this, options) || this;
+        _this.clientId = options.clientId;
+        _this.clientSecret = options.clientSecret;
+        _this.scope = options.scope;
+        _this.tokenManager = new iam_request_based_token_manager_1.IamRequestBasedTokenManager(options);
+        return _this;
+    }
+    return IamRequestBasedAuthenticatorImmutable;
+}(token_request_based_authenticator_immutable_1.TokenRequestBasedAuthenticatorImmutable));
+exports.IamRequestBasedAuthenticatorImmutable = IamRequestBasedAuthenticatorImmutable;

package/auth/authenticators/iam-request-based-authenticator.d.ts

@@ -1,5 +1,5 @@
 /**
- * (C) Copyright IBM Corp. 2019, 202e.
+ * (C) Copyright IBM Corp. 2019, 2024.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -13,54 +13,17 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-import { IamRequestBasedTokenManager } from '../token-managers/iam-request-based-token-manager';
-import { BaseOptions, TokenRequestBasedAuthenticator } from './token-request-based-authenticator';
-/** Configuration options for IAM Request based authentication. */
-export interface IamRequestOptions extends BaseOptions {
-    /**
-     * The `clientId` and `clientSecret` fields are used to form a "basic"
-     * authorization header for IAM token requests.
-     */
-    clientId?: string;
-    /**
-     * The `clientId` and `clientSecret` fields are used to form a "basic"
-     * authorization header for IAM token requests.
-     */
-    clientSecret?: string;
-    /**
-     * The "scope" parameter to use when fetching the bearer token from the IAM token server.
-     */
-    scope?: string;
-}
+/// <reference types="node" />
+import { OutgoingHttpHeaders } from 'http';
+import { IamRequestBasedAuthenticatorImmutable } from './iam-request-based-authenticator-immutable';
+/** Shared configuration options for IAM Request based authentication. */
+export { IamRequestOptions } from './iam-request-based-authenticator-immutable';
 /**
  * The IamRequestBasedAuthenticator provides shared configuration and functionality
  * for authenticators that interact with the IAM token service. This authenticator
  * is not meant for use on its own.
  */
-export declare class IamRequestBasedAuthenticator extends TokenRequestBasedAuthenticator {
-    protected tokenManager: IamRequestBasedTokenManager;
-    protected clientId: string;
-    protected clientSecret: string;
-    protected scope: string;
-    /**
-     *
-     * Create a new IamRequestBasedAuthenticator instance.
-     *
-     * @param options - Configuration options for IAM authentication.
-     * This should be an object containing these fields:
-     * - url: (optional) the endpoint URL for the token service
-     * - disableSslVerification: (optional) a flag that indicates whether verification of the token server's SSL certificate
-     * should be disabled or not
-     * - headers: (optional) a set of HTTP headers to be sent with each request to the token service
-     * - clientId: (optional) the "clientId" and "clientSecret" fields are used to form a Basic
-     * Authorization header to be included in each request to the token service
-     * - clientSecret: (optional) the "clientId" and "clientSecret" fields are used to form a Basic
-     * Authorization header to be included in each request to the token service
-     * - scope: (optional) the "scope" parameter to use when fetching the bearer token from the token service
-     *
-     * @throws Error: the configuration options are not valid.
-     */
-    constructor(options: IamRequestOptions);
+export declare class IamRequestBasedAuthenticator extends IamRequestBasedAuthenticatorImmutable {
     /**
      * Setter for the mutually inclusive "clientId" and the "clientSecret" fields.
      * @param clientId - the "clientId" value used to form a Basic Authorization header for IAM token requests
@@ -74,9 +37,18 @@ export declare class IamRequestBasedAuthenticator extends TokenRequestBasedAuthe
      */
     setScope(scope: string): void;
     /**
-     * Return the most recently stored refresh token.
+     * Set the flag that indicates whether verification of the server's SSL
+     * certificate should be disabled or not.
+     *
+     * @param value - a flag that indicates whether verification of the
+     *   token server's SSL certificate should be disabled or not.
+     */
+    setDisableSslVerification(value: boolean): void;
+    /**
+     * Set headers.
      *
-     * @returns the refresh token string
+     * @param headers - a set of HTTP headers to be sent with each outbound token server request.
+     * Overwrites previous default headers.
      */
-    getRefreshToken(): string;
+    setHeaders(headers: OutgoingHttpHeaders): void;
 }

package/auth/authenticators/iam-request-based-authenticator.js

@@ -1,6 +1,6 @@
 "use strict";
 /**
- * (C) Copyright IBM Corp. 2019, 202e.
+ * (C) Copyright IBM Corp. 2019, 2024.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -31,8 +31,7 @@ var __extends = (this && this.__extends) || (function () {
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.IamRequestBasedAuthenticator = void 0;
-var iam_request_based_token_manager_1 = require("../token-managers/iam-request-based-token-manager");
-var token_request_based_authenticator_1 = require("./token-request-based-authenticator");
+var iam_request_based_authenticator_immutable_1 = require("./iam-request-based-authenticator-immutable");
 /**
  * The IamRequestBasedAuthenticator provides shared configuration and functionality
  * for authenticators that interact with the IAM token service. This authenticator
@@ -40,34 +39,8 @@ var token_request_based_authenticator_1 = require("./token-request-based-authent
  */
 var IamRequestBasedAuthenticator = /** @class */ (function (_super) {
     __extends(IamRequestBasedAuthenticator, _super);
-    /**
-     *
-     * Create a new IamRequestBasedAuthenticator instance.
-     *
-     * @param options - Configuration options for IAM authentication.
-     * This should be an object containing these fields:
-     * - url: (optional) the endpoint URL for the token service
-     * - disableSslVerification: (optional) a flag that indicates whether verification of the token server's SSL certificate
-     * should be disabled or not
-     * - headers: (optional) a set of HTTP headers to be sent with each request to the token service
-     * - clientId: (optional) the "clientId" and "clientSecret" fields are used to form a Basic
-     * Authorization header to be included in each request to the token service
-     * - clientSecret: (optional) the "clientId" and "clientSecret" fields are used to form a Basic
-     * Authorization header to be included in each request to the token service
-     * - scope: (optional) the "scope" parameter to use when fetching the bearer token from the token service
-     *
-     * @throws Error: the configuration options are not valid.
-     */
-    function IamRequestBasedAuthenticator(options) {
-        var _this = this;
-        // all parameters are optional
-        options = options || {};
-        _this = _super.call(this, options) || this;
-        _this.clientId = options.clientId;
-        _this.clientSecret = options.clientSecret;
-        _this.scope = options.scope;
-        _this.tokenManager = new iam_request_based_token_manager_1.IamRequestBasedTokenManager(options);
-        return _this;
+    function IamRequestBasedAuthenticator() {
+        return _super !== null && _super.apply(this, arguments) || this;
     }
     /**
      * Setter for the mutually inclusive "clientId" and the "clientSecret" fields.
@@ -91,13 +64,32 @@ var IamRequestBasedAuthenticator = /** @class */ (function (_super) {
         this.tokenManager.setScope(scope);
     };
     /**
-     * Return the most recently stored refresh token.
+     * Set the flag that indicates whether verification of the server's SSL
+     * certificate should be disabled or not.
+     *
+     * @param value - a flag that indicates whether verification of the
+     *   token server's SSL certificate should be disabled or not.
+     */
+    IamRequestBasedAuthenticator.prototype.setDisableSslVerification = function (value) {
+        // if they try to pass in a non-boolean value,
+        // use the "truthy-ness" of the value
+        this.disableSslVerification = Boolean(value);
+        this.tokenManager.setDisableSslVerification(this.disableSslVerification);
+    };
+    /**
+     * Set headers.
      *
-     * @returns the refresh token string
+     * @param headers - a set of HTTP headers to be sent with each outbound token server request.
+     * Overwrites previous default headers.
      */
-    IamRequestBasedAuthenticator.prototype.getRefreshToken = function () {
-        return this.tokenManager.getRefreshToken();
+    IamRequestBasedAuthenticator.prototype.setHeaders = function (headers) {
+        if (typeof headers !== 'object') {
+            // do nothing, for now
+            return;
+        }
+        this.headers = headers;
+        this.tokenManager.setHeaders(this.headers);
     };
     return IamRequestBasedAuthenticator;
-}(token_request_based_authenticator_1.TokenRequestBasedAuthenticator));
+}(iam_request_based_authenticator_immutable_1.IamRequestBasedAuthenticatorImmutable));
 exports.IamRequestBasedAuthenticator = IamRequestBasedAuthenticator;

package/auth/authenticators/index.d.ts

@@ -19,7 +19,8 @@
  *
  * Basic Authentication
  * Bearer Token
- * Identity and Access Management (IAM)
+ * Identity and Access Management (IAM, grant type: apikey)
+ * Identity and Access Management (IAM, grant type: assume)
  * Container (IKS, etc)
  * VPC Instance
  * Cloud Pak for Data
@@ -35,6 +36,7 @@
  *   BearerTokenAuthenticator: Authenticator for passing supplied bearer token to service endpoint.
  *   CloudPakForDataAuthenticator: Authenticator for passing CP4D authentication information to service endpoint.
  *   IAMAuthenticator: Authenticator for passing IAM authentication information to service endpoint.
+ *   IAMAssumeAuthenticator: Authenticator for passing IAM authentication information to service endpoint, assuming a trusted profile.
  *   ContainerAuthenticator: Authenticator for passing IAM authentication to a service, based on a token living on the container.
  *   VpcInstanceAuthenticator: Authenticator that uses the VPC Instance Metadata Service API to retrieve an IAM token.
  *   McspAuthenticator: Authenticator for passing MCSP authentication to a service endpoint.
@@ -52,3 +54,4 @@ export { IamRequestBasedAuthenticator } from './iam-request-based-authenticator'
 export { TokenRequestBasedAuthenticator } from './token-request-based-authenticator';
 export { VpcInstanceAuthenticator } from './vpc-instance-authenticator';
 export { McspAuthenticator } from './mcsp-authenticator';
+export { IamAssumeAuthenticator } from './iam-assume-authenticator';

package/auth/authenticators/index.js

@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.McspAuthenticator = exports.VpcInstanceAuthenticator = exports.TokenRequestBasedAuthenticator = exports.IamRequestBasedAuthenticator = exports.NoAuthAuthenticator = exports.ContainerAuthenticator = exports.IamAuthenticator = exports.CloudPakForDataAuthenticator = exports.BearerTokenAuthenticator = exports.BasicAuthenticator = exports.Authenticator = void 0;
+exports.IamAssumeAuthenticator = exports.McspAuthenticator = exports.VpcInstanceAuthenticator = exports.TokenRequestBasedAuthenticator = exports.IamRequestBasedAuthenticator = exports.NoAuthAuthenticator = exports.ContainerAuthenticator = exports.IamAuthenticator = exports.CloudPakForDataAuthenticator = exports.BearerTokenAuthenticator = exports.BasicAuthenticator = exports.Authenticator = void 0;
 var authenticator_1 = require("./authenticator");
 Object.defineProperty(exports, "Authenticator", { enumerable: true, get: function () { return authenticator_1.Authenticator; } });
 var basic_authenticator_1 = require("./basic-authenticator");
@@ -38,3 +38,5 @@ var vpc_instance_authenticator_1 = require("./vpc-instance-authenticator");
 Object.defineProperty(exports, "VpcInstanceAuthenticator", { enumerable: true, get: function () { return vpc_instance_authenticator_1.VpcInstanceAuthenticator; } });
 var mcsp_authenticator_1 = require("./mcsp-authenticator");
 Object.defineProperty(exports, "McspAuthenticator", { enumerable: true, get: function () { return mcsp_authenticator_1.McspAuthenticator; } });
+var iam_assume_authenticator_1 = require("./iam-assume-authenticator");
+Object.defineProperty(exports, "IamAssumeAuthenticator", { enumerable: true, get: function () { return iam_assume_authenticator_1.IamAssumeAuthenticator; } });

package/auth/authenticators/token-request-based-authenticator-immutable.d.ts

@@ -0,0 +1,71 @@
+/**
+ * (C) Copyright IBM Corp. 2024.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/// <reference types="node" />
+import { OutgoingHttpHeaders } from 'http';
+import { JwtTokenManager } from '../token-managers/jwt-token-manager';
+import { Authenticator } from './authenticator';
+import { AuthenticateOptions } from './authenticator-interface';
+/** Configuration options for token-based authentication. */
+export type BaseOptions = {
+    /** Headers to be sent with every outbound HTTP requests to token services. */
+    headers?: OutgoingHttpHeaders;
+    /**
+     * A flag that indicates whether verification of the token server's SSL
+     * certificate should be disabled or not.
+     */
+    disableSslVerification?: boolean;
+    /** Endpoint for HTTP token requests. */
+    url?: string;
+    /** Allow additional request config parameters */
+    [propName: string]: any;
+};
+/**
+ * Class for common functionality shared by token-request authenticators.
+ * Token-request authenticators use token managers to retrieve, store,
+ * and refresh tokens. Not intended to be used as stand-alone authenticator,
+ * but as base class to authenticators that have their own token manager
+ * implementations.
+ *
+ * The token will be added as an Authorization header in the form:
+ *
+ *      Authorization: Bearer \<bearer-token\>
+ */
+export declare class TokenRequestBasedAuthenticatorImmutable extends Authenticator {
+    protected tokenManager: JwtTokenManager;
+    protected url: string;
+    protected headers: OutgoingHttpHeaders;
+    protected disableSslVerification: boolean;
+    /**
+     * Create a new TokenRequestBasedAuthenticatorImmutable instance with an internal JwtTokenManager.
+     *
+     * @param options - Configuration options.
+     * This should be an object containing these fields:
+     * - url: (optional) the endpoint URL for the token service
+     * - disableSslVerification: (optional) a flag that indicates whether verification of the token server's SSL certificate
+     * should be disabled or not
+     * - headers: (optional) a set of HTTP headers to be sent with each request to the token service
+     */
+    constructor(options: BaseOptions);
+    /**
+     * Adds bearer token information to "requestOptions". The bearer token information
+     * will be set in the Authorization property of "requestOptions.headers" in the form:
+     *
+     *     Authorization: Bearer \<bearer-token\>
+     *
+     * @param requestOptions - The request to augment with authentication information.
+     */
+    authenticate(requestOptions: AuthenticateOptions): Promise<void>;
+}