UNPKG

4.28 kBJavaScriptView Raw
1"use strict";
2// Copyright 2013 Google LLC
3//
4// Licensed under the Apache License, Version 2.0 (the "License");
5// you may not use this file except in compliance with the License.
6// You may obtain a copy of the License at
7//
8// http://www.apache.org/licenses/LICENSE-2.0
9//
10// Unless required by applicable law or agreed to in writing, software
11// distributed under the License is distributed on an "AS IS" BASIS,
12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13// See the License for the specific language governing permissions and
14// limitations under the License.
15Object.defineProperty(exports, "__esModule", { value: true });
16exports.Compute = void 0;
17const arrify = require("arrify");
18const gcpMetadata = require("gcp-metadata");
19const oauth2client_1 = require("./oauth2client");
20class Compute extends oauth2client_1.OAuth2Client {
21 /**
22 * Google Compute Engine service account credentials.
23 *
24 * Retrieve access token from the metadata server.
25 * See: https://developers.google.com/compute/docs/authentication
26 */
27 constructor(options = {}) {
28 super(options);
29 // Start with an expired refresh token, which will automatically be
30 // refreshed before the first API call is made.
31 this.credentials = { expiry_date: 1, refresh_token: 'compute-placeholder' };
32 this.serviceAccountEmail = options.serviceAccountEmail || 'default';
33 this.scopes = arrify(options.scopes);
34 }
35 /**
36 * Refreshes the access token.
37 * @param refreshToken Unused parameter
38 */
39 async refreshTokenNoCache(
40 // eslint-disable-next-line @typescript-eslint/no-unused-vars
41 refreshToken) {
42 const tokenPath = `service-accounts/${this.serviceAccountEmail}/token`;
43 let data;
44 try {
45 const instanceOptions = {
46 property: tokenPath,
47 };
48 if (this.scopes.length > 0) {
49 instanceOptions.params = {
50 scopes: this.scopes.join(','),
51 };
52 }
53 data = await gcpMetadata.instance(instanceOptions);
54 }
55 catch (e) {
56 e.message = `Could not refresh access token: ${e.message}`;
57 this.wrapError(e);
58 throw e;
59 }
60 const tokens = data;
61 if (data && data.expires_in) {
62 tokens.expiry_date = new Date().getTime() + data.expires_in * 1000;
63 delete tokens.expires_in;
64 }
65 this.emit('tokens', tokens);
66 return { tokens, res: null };
67 }
68 /**
69 * Fetches an ID token.
70 * @param targetAudience the audience for the fetched ID token.
71 */
72 async fetchIdToken(targetAudience) {
73 const idTokenPath = `service-accounts/${this.serviceAccountEmail}/identity` +
74 `?format=full&audience=${targetAudience}`;
75 let idToken;
76 try {
77 const instanceOptions = {
78 property: idTokenPath,
79 };
80 idToken = await gcpMetadata.instance(instanceOptions);
81 }
82 catch (e) {
83 e.message = `Could not fetch ID token: ${e.message}`;
84 throw e;
85 }
86 return idToken;
87 }
88 wrapError(e) {
89 const res = e.response;
90 if (res && res.status) {
91 e.code = res.status.toString();
92 if (res.status === 403) {
93 e.message =
94 'A Forbidden error was returned while attempting to retrieve an access ' +
95 'token for the Compute Engine built-in service account. This may be because the Compute ' +
96 'Engine instance does not have the correct permission scopes specified: ' +
97 e.message;
98 }
99 else if (res.status === 404) {
100 e.message =
101 'A Not Found error was returned while attempting to retrieve an access' +
102 'token for the Compute Engine built-in service account. This may be because the Compute ' +
103 'Engine instance does not have any permission scopes specified: ' +
104 e.message;
105 }
106 }
107 }
108}
109exports.Compute = Compute;
110//# sourceMappingURL=computeclient.js.map
\No newline at end of file