1 |
|
2 | import { GaxiosOptions, GaxiosResponse } from 'gaxios';
|
3 | import * as stream from 'stream';
|
4 | import { DefaultTransporter, Transporter } from '../transporters';
|
5 | import { Compute } from './computeclient';
|
6 | import { CredentialBody, JWTInput } from './credentials';
|
7 | import { IdTokenClient } from './idtokenclient';
|
8 | import { GCPEnv } from './envDetect';
|
9 | import { JWT, JWTOptions } from './jwtclient';
|
10 | import { Headers, OAuth2ClientOptions, RefreshOptions } from './oauth2client';
|
11 | import { UserRefreshClient, UserRefreshClientOptions } from './refreshclient';
|
12 | import { Impersonated, ImpersonatedOptions } from './impersonated';
|
13 | import { ExternalAccountClientOptions } from './externalclient';
|
14 | import { BaseExternalAccountClient } from './baseexternalclient';
|
15 | import { AuthClient } from './authclient';
|
16 |
|
17 |
|
18 |
|
19 |
|
20 | export declare type JSONClient = JWT | UserRefreshClient | BaseExternalAccountClient | Impersonated;
|
21 | export interface ProjectIdCallback {
|
22 | (err?: Error | null, projectId?: string | null): void;
|
23 | }
|
24 | export interface CredentialCallback {
|
25 | (err: Error | null, result?: JSONClient): void;
|
26 | }
|
27 | interface DeprecatedGetClientOptions {
|
28 | }
|
29 | export interface ADCCallback {
|
30 | (err: Error | null, credential?: AuthClient, projectId?: string | null): void;
|
31 | }
|
32 | export interface ADCResponse {
|
33 | credential: AuthClient;
|
34 | projectId: string | null;
|
35 | }
|
36 | export interface GoogleAuthOptions {
|
37 | |
38 |
|
39 |
|
40 | keyFilename?: string;
|
41 | |
42 |
|
43 |
|
44 | keyFile?: string;
|
45 | |
46 |
|
47 |
|
48 |
|
49 | credentials?: CredentialBody | ExternalAccountClientOptions;
|
50 | |
51 |
|
52 |
|
53 | clientOptions?: JWTOptions | OAuth2ClientOptions | UserRefreshClientOptions | ImpersonatedOptions;
|
54 | |
55 |
|
56 |
|
57 | scopes?: string | string[];
|
58 | |
59 |
|
60 |
|
61 | projectId?: string;
|
62 | }
|
63 | export declare const CLOUD_SDK_CLIENT_ID = "764086051850-6qr4p6gpi6hn506pt8ejuq83di341hur.apps.googleusercontent.com";
|
64 | export declare class GoogleAuth {
|
65 | transporter?: Transporter;
|
66 | |
67 |
|
68 |
|
69 |
|
70 |
|
71 | private checkIsGCE?;
|
72 | useJWTAccessWithScope?: boolean;
|
73 | defaultServicePath?: string;
|
74 | get isGCE(): boolean | undefined;
|
75 | private _getDefaultProjectIdPromise?;
|
76 | private _cachedProjectId?;
|
77 | jsonContent: JWTInput | ExternalAccountClientOptions | null;
|
78 | cachedCredential: JSONClient | Impersonated | Compute | null;
|
79 | |
80 |
|
81 |
|
82 |
|
83 | defaultScopes?: string | string[];
|
84 | private keyFilename?;
|
85 | private scopes?;
|
86 | private clientOptions?;
|
87 | |
88 |
|
89 |
|
90 | static DefaultTransporter: typeof DefaultTransporter;
|
91 | constructor(opts?: GoogleAuthOptions);
|
92 | setGapicJWTValues(client: JWT): void;
|
93 | /**
|
94 | * Obtains the default project ID for the application.
|
95 | * @param callback Optional callback
|
96 | * @returns Promise that resolves with project Id (if used without callback)
|
97 | */
|
98 | getProjectId(): Promise<string>;
|
99 | getProjectId(callback: ProjectIdCallback): void;
|
100 | private getProjectIdAsync;
|
101 | /**
|
102 | * @returns Any scopes (user-specified or default scopes specified by the
|
103 | * client library) that need to be set on the current Auth client.
|
104 | */
|
105 | private getAnyScopes;
|
106 | /**
|
107 | * Obtains the default service-level credentials for the application.
|
108 | * @param callback Optional callback.
|
109 | * @returns Promise that resolves with the ADCResponse (if no callback was
|
110 | * passed).
|
111 | */
|
112 | getApplicationDefault(): Promise<ADCResponse>;
|
113 | getApplicationDefault(callback: ADCCallback): void;
|
114 | getApplicationDefault(options: RefreshOptions): Promise<ADCResponse>;
|
115 | getApplicationDefault(options: RefreshOptions, callback: ADCCallback): void;
|
116 | private getApplicationDefaultAsync;
|
117 | /**
|
118 | * Determines whether the auth layer is running on Google Compute Engine.
|
119 | * @returns A promise that resolves with the boolean.
|
120 | * @api private
|
121 | */
|
122 | _checkIsGCE(): Promise<boolean>;
|
123 | /**
|
124 | * Attempts to load default credentials from the environment variable path..
|
125 | * @returns Promise that resolves with the OAuth2Client or null.
|
126 | * @api private
|
127 | */
|
128 | _tryGetApplicationCredentialsFromEnvironmentVariable(options?: RefreshOptions): Promise<JSONClient | null>;
|
129 | /**
|
130 | * Attempts to load default credentials from a well-known file location
|
131 | * @return Promise that resolves with the OAuth2Client or null.
|
132 | * @api private
|
133 | */
|
134 | _tryGetApplicationCredentialsFromWellKnownFile(options?: RefreshOptions): Promise<JSONClient | null>;
|
135 | /**
|
136 | * Attempts to load default credentials from a file at the given path..
|
137 | * @param filePath The path to the file to read.
|
138 | * @returns Promise that resolves with the OAuth2Client
|
139 | * @api private
|
140 | */
|
141 | _getApplicationCredentialsFromFilePath(filePath: string, options?: RefreshOptions): Promise<JSONClient>;
|
142 | /**
|
143 | * Create a credentials instance using the given input options.
|
144 | * @param json The input object.
|
145 | * @param options The JWT or UserRefresh options for the client
|
146 | * @returns JWT or UserRefresh Client with data
|
147 | */
|
148 | fromJSON(json: JWTInput, options?: RefreshOptions): JSONClient;
|
149 | /**
|
150 | * Return a JWT or UserRefreshClient from JavaScript object, caching both the
|
151 | * object used to instantiate and the client.
|
152 | * @param json The input object.
|
153 | * @param options The JWT or UserRefresh options for the client
|
154 | * @returns JWT or UserRefresh Client with data
|
155 | */
|
156 | private _cacheClientFromJSON;
|
157 | /**
|
158 | * Create a credentials instance using the given input stream.
|
159 | * @param inputStream The input stream.
|
160 | * @param callback Optional callback.
|
161 | */
|
162 | fromStream(inputStream: stream.Readable): Promise<JSONClient>;
|
163 | fromStream(inputStream: stream.Readable, callback: CredentialCallback): void;
|
164 | fromStream(inputStream: stream.Readable, options: RefreshOptions): Promise<JSONClient>;
|
165 | fromStream(inputStream: stream.Readable, options: RefreshOptions, callback: CredentialCallback): void;
|
166 | private fromStreamAsync;
|
167 | /**
|
168 | * Create a credentials instance using the given API key string.
|
169 | * @param apiKey The API key string
|
170 | * @param options An optional options object.
|
171 | * @returns A JWT loaded from the key
|
172 | */
|
173 | fromAPIKey(apiKey: string, options?: RefreshOptions): JWT;
|
174 | /**
|
175 | * Determines whether the current operating system is Windows.
|
176 | * @api private
|
177 | */
|
178 | private _isWindows;
|
179 | /**
|
180 | * Run the Google Cloud SDK command that prints the default project ID
|
181 | */
|
182 | private getDefaultServiceProjectId;
|
183 | /**
|
184 | * Loads the project id from environment variables.
|
185 | * @api private
|
186 | */
|
187 | private getProductionProjectId;
|
188 | /**
|
189 | * Loads the project id from the GOOGLE_APPLICATION_CREDENTIALS json file.
|
190 | * @api private
|
191 | */
|
192 | private getFileProjectId;
|
193 | /**
|
194 | * Gets the project ID from external account client if available.
|
195 | */
|
196 | private getExternalAccountClientProjectId;
|
197 | /**
|
198 | * Gets the Compute Engine project ID if it can be inferred.
|
199 | */
|
200 | private getGCEProjectId;
|
201 | /**
|
202 | * The callback function handles a credential object that contains the
|
203 | * client_email and private_key (if exists).
|
204 | * getCredentials checks for these values from the user JSON at first.
|
205 | * If it doesn't exist, and the environment is on GCE, it gets the
|
206 | * client_email from the cloud metadata server.
|
207 | * @param callback Callback that handles the credential object that contains
|
208 | * a client_email and optional private key, or the error.
|
209 | * returned
|
210 | */
|
211 | getCredentials(): Promise<CredentialBody>;
|
212 | getCredentials(callback: (err: Error | null, credentials?: CredentialBody) => void): void;
|
213 | private getCredentialsAsync;
|
214 | /**
|
215 | * Automatically obtain a client based on the provided configuration. If no
|
216 | * options were passed, use Application Default Credentials.
|
217 | */
|
218 | getClient(options?: DeprecatedGetClientOptions): Promise<Compute | JWT | UserRefreshClient | Impersonated | BaseExternalAccountClient>;
|
219 | /**
|
220 | * Creates a client which will fetch an ID token for authorization.
|
221 | * @param targetAudience the audience for the fetched ID token.
|
222 | * @returns IdTokenClient for making HTTP calls authenticated with ID tokens.
|
223 | */
|
224 | getIdTokenClient(targetAudience: string): Promise<IdTokenClient>;
|
225 | /**
|
226 | * Automatically obtain application default credentials, and return
|
227 | * an access token for making requests.
|
228 | */
|
229 | getAccessToken(): Promise<string | null | undefined>;
|
230 | /**
|
231 | * Obtain the HTTP headers that will provide authorization for a given
|
232 | * request.
|
233 | */
|
234 | getRequestHeaders(url?: string): Promise<Headers>;
|
235 | /**
|
236 | * Obtain credentials for a request, then attach the appropriate headers to
|
237 | * the request options.
|
238 | * @param opts Axios or Request options on which to attach the headers
|
239 | */
|
240 | authorizeRequest(opts: {
|
241 | url?: string;
|
242 | uri?: string;
|
243 | headers?: Headers;
|
244 | }): Promise<{
|
245 | url?: string | undefined;
|
246 | uri?: string | undefined;
|
247 | headers?: Headers | undefined;
|
248 | }>;
|
249 | |
250 |
|
251 |
|
252 |
|
253 |
|
254 | request<T = any>(opts: GaxiosOptions): Promise<GaxiosResponse<T>>;
|
255 | |
256 |
|
257 |
|
258 | getEnv(): Promise<GCPEnv>;
|
259 | |
260 |
|
261 |
|
262 |
|
263 |
|
264 | sign(data: string): Promise<string>;
|
265 | private signBlob;
|
266 | }
|
267 | export interface SignBlobResponse {
|
268 | keyId: string;
|
269 | signedBlob: string;
|
270 | }
|
271 | export {};
|