1 | "use strict";
|
2 |
|
3 |
|
4 |
|
5 |
|
6 |
|
7 |
|
8 |
|
9 |
|
10 |
|
11 |
|
12 |
|
13 |
|
14 |
|
15 | Object.defineProperty(exports, "__esModule", { value: true });
|
16 | exports.Compute = void 0;
|
17 | const arrify = require("arrify");
|
18 | const gcpMetadata = require("gcp-metadata");
|
19 | const oauth2client_1 = require("./oauth2client");
|
20 | class Compute extends oauth2client_1.OAuth2Client {
|
21 | |
22 |
|
23 |
|
24 |
|
25 |
|
26 |
|
27 | constructor(options = {}) {
|
28 | super(options);
|
29 |
|
30 |
|
31 | this.credentials = { expiry_date: 1, refresh_token: 'compute-placeholder' };
|
32 | this.serviceAccountEmail = options.serviceAccountEmail || 'default';
|
33 | this.scopes = arrify(options.scopes);
|
34 | }
|
35 | |
36 |
|
37 |
|
38 |
|
39 | async refreshTokenNoCache(
|
40 |
|
41 | refreshToken) {
|
42 | const tokenPath = `service-accounts/${this.serviceAccountEmail}/token`;
|
43 | let data;
|
44 | try {
|
45 | const instanceOptions = {
|
46 | property: tokenPath,
|
47 | };
|
48 | if (this.scopes.length > 0) {
|
49 | instanceOptions.params = {
|
50 | scopes: this.scopes.join(','),
|
51 | };
|
52 | }
|
53 | data = await gcpMetadata.instance(instanceOptions);
|
54 | }
|
55 | catch (e) {
|
56 | e.message = `Could not refresh access token: ${e.message}`;
|
57 | this.wrapError(e);
|
58 | throw e;
|
59 | }
|
60 | const tokens = data;
|
61 | if (data && data.expires_in) {
|
62 | tokens.expiry_date = new Date().getTime() + data.expires_in * 1000;
|
63 | delete tokens.expires_in;
|
64 | }
|
65 | this.emit('tokens', tokens);
|
66 | return { tokens, res: null };
|
67 | }
|
68 | |
69 |
|
70 |
|
71 |
|
72 | async fetchIdToken(targetAudience) {
|
73 | const idTokenPath = `service-accounts/${this.serviceAccountEmail}/identity` +
|
74 | `?format=full&audience=${targetAudience}`;
|
75 | let idToken;
|
76 | try {
|
77 | const instanceOptions = {
|
78 | property: idTokenPath,
|
79 | };
|
80 | idToken = await gcpMetadata.instance(instanceOptions);
|
81 | }
|
82 | catch (e) {
|
83 | e.message = `Could not fetch ID token: ${e.message}`;
|
84 | throw e;
|
85 | }
|
86 | return idToken;
|
87 | }
|
88 | wrapError(e) {
|
89 | const res = e.response;
|
90 | if (res && res.status) {
|
91 | e.code = res.status.toString();
|
92 | if (res.status === 403) {
|
93 | e.message =
|
94 | 'A Forbidden error was returned while attempting to retrieve an access ' +
|
95 | 'token for the Compute Engine built-in service account. This may be because the Compute ' +
|
96 | 'Engine instance does not have the correct permission scopes specified: ' +
|
97 | e.message;
|
98 | }
|
99 | else if (res.status === 404) {
|
100 | e.message =
|
101 | 'A Not Found error was returned while attempting to retrieve an access' +
|
102 | 'token for the Compute Engine built-in service account. This may be because the Compute ' +
|
103 | 'Engine instance does not have any permission scopes specified: ' +
|
104 | e.message;
|
105 | }
|
106 | }
|
107 | }
|
108 | }
|
109 | exports.Compute = Compute;
|
110 |
|
\ | No newline at end of file |