UNPKG

google-auth-library/build/src/auth/identitypoolclient.d.ts

Version:

4.49 kBTypeScriptView Raw

1import { BaseExternalAccountClient, BaseExternalAccountClientOptions, ExternalAccountSupplierContext } from './baseexternalclient';
2import { AuthClientOptions } from './authclient';
3import { SnakeToCamelObject } from '../util';
4export type SubjectTokenFormatType = 'json' | 'text';
5export interface SubjectTokenJsonResponse {
  [key: string]: string;
7}
8/**
* Supplier interface for subject tokens. This can be implemented to
* return a subject token which can then be exchanged for a GCP token by an
* {@link IdentityPoolClient}.
*/
13export interface SubjectTokenSupplier {
  /**
   * Gets a valid subject token for the requested external account identity.
   * Note that these are not cached by the calling {@link IdentityPoolClient},
   * so caching should be including in the implementation.
   * @param context {@link ExternalAccountSupplierContext} from the calling
   *   {@link IdentityPoolClient}, contains the requested audience and subject token type
   *   for the external account identity as well as the transport from the
   *   calling client to use for requests.
   * @return A promise that resolves with the requested subject token string.
   */
  getSubjectToken: (context: ExternalAccountSupplierContext) => Promise<string>;
25}
26/**
* Url-sourced/file-sourced credentials json interface.
* This is used for K8s and Azure workloads.
*/
30export interface IdentityPoolClientOptions extends BaseExternalAccountClientOptions {
  /**
   * Object containing options to retrieve identity pool credentials. A valid credential
   * source or a subject token supplier must be specified.
   */
  credential_source?: {
      /**
       * The file location to read the subject token from. Either this or a URL
       * should be specified.
       */
      file?: string;
      /**
       * The URL to call to retrieve the subject token. Either this or a file
       * location should be specified.
       */
      url?: string;
      /**
       * Optional headers to send on the request to the specified URL.
       */
      headers?: {
          [key: string]: string;
      };
      /**
       * The format that the subject token is in the file or the URL response.
       * If not provided, will default to reading the text string directly.
       */
      format?: {
          /**
           * The format type. Can either be 'text' or 'json'.
           */
          type: SubjectTokenFormatType;
          /**
           * The field name containing the subject token value if the type is 'json'.
           */
          subject_token_field_name?: string;
      };
  };
  /**
   * The subject token supplier to call to retrieve the subject token to exchange
   * for a GCP access token. Either this or a valid credential source should
   * be specified.
   */
  subject_token_supplier?: SubjectTokenSupplier;
73}
74/**
* Defines the Url-sourced and file-sourced external account clients mainly
* used for K8s and Azure workloads.
*/
78export declare class IdentityPoolClient extends BaseExternalAccountClient {
  private readonly subjectTokenSupplier;
  /**
   * Instantiate an IdentityPoolClient instance using the provided JSON
   * object loaded from an external account credentials file.
   * An error is thrown if the credential is not a valid file-sourced or
   * url-sourced credential or a workforce pool user project is provided
   * with a non workforce audience.
   * @param options The external account options object typically loaded
   *   from the external account JSON credential file. The camelCased options
   *   are aliases for the snake_cased options.
   * @param additionalOptions **DEPRECATED, all options are available in the
   *   `options` parameter.** Optional additional behavior customization options.
   *   These currently customize expiration threshold time and whether to retry
   *   on 401/403 API request errors.
   */
  constructor(options: IdentityPoolClientOptions | SnakeToCamelObject<IdentityPoolClientOptions>, additionalOptions?: AuthClientOptions);
  /**
   * Triggered when a external subject token is needed to be exchanged for a GCP
   * access token via GCP STS endpoint. Gets a subject token by calling
   * the configured {@link SubjectTokenSupplier}
   * @return A promise that resolves with the external subject token.
   */
  retrieveSubjectToken(): Promise<string>;
102}

1	`import { BaseExternalAccountClient, BaseExternalAccountClientOptions, ExternalAccountSupplierContext } from './baseexternalclient';`
2	`import { AuthClientOptions } from './authclient';`
3	`import { SnakeToCamelObject } from '../util';`
4	`export type SubjectTokenFormatType = 'json' \| 'text';`
5	`export interface SubjectTokenJsonResponse {`
6	`[key: string]: string;`
7	`}`
8	`/**`
9	`* Supplier interface for subject tokens. This can be implemented to`
10	`* return a subject token which can then be exchanged for a GCP token by an`
11	`* {@link IdentityPoolClient}.`
12	`*/`
13	`export interface SubjectTokenSupplier {`
14	`/**`
15	`* Gets a valid subject token for the requested external account identity.`
16	`* Note that these are not cached by the calling {@link IdentityPoolClient},`
17	`* so caching should be including in the implementation.`
18	`* @param context {@link ExternalAccountSupplierContext} from the calling`
19	`* {@link IdentityPoolClient}, contains the requested audience and subject token type`
20	`* for the external account identity as well as the transport from the`
21	`* calling client to use for requests.`
22	`* @return A promise that resolves with the requested subject token string.`
23	`*/`
24	`getSubjectToken: (context: ExternalAccountSupplierContext) => Promise<string>;`
25	`}`
26	`/**`
27	`* Url-sourced/file-sourced credentials json interface.`
28	`* This is used for K8s and Azure workloads.`
29	`*/`
30	`export interface IdentityPoolClientOptions extends BaseExternalAccountClientOptions {`
31	`/**`
32	`* Object containing options to retrieve identity pool credentials. A valid credential`
33	`* source or a subject token supplier must be specified.`
34	`*/`
35	`credential_source?: {`
36	`/**`
37	`* The file location to read the subject token from. Either this or a URL`
38	`* should be specified.`
39	`*/`
40	`file?: string;`
41	`/**`
42	`* The URL to call to retrieve the subject token. Either this or a file`
43	`* location should be specified.`
44	`*/`
45	`url?: string;`
46	`/**`
47	`* Optional headers to send on the request to the specified URL.`
48	`*/`
49	`headers?: {`
50	`[key: string]: string;`
51	`};`
52	`/**`
53	`* The format that the subject token is in the file or the URL response.`
54	`* If not provided, will default to reading the text string directly.`
55	`*/`
56	`format?: {`
57	`/**`
58	`* The format type. Can either be 'text' or 'json'.`
59	`*/`
60	`type: SubjectTokenFormatType;`
61	`/**`
62	`* The field name containing the subject token value if the type is 'json'.`
63	`*/`
64	`subject_token_field_name?: string;`
65	`};`
66	`};`
67	`/**`
68	`* The subject token supplier to call to retrieve the subject token to exchange`
69	`* for a GCP access token. Either this or a valid credential source should`
70	`* be specified.`
71	`*/`
72	`subject_token_supplier?: SubjectTokenSupplier;`
73	`}`
74	`/**`
75	`* Defines the Url-sourced and file-sourced external account clients mainly`
76	`* used for K8s and Azure workloads.`
77	`*/`
78	`export declare class IdentityPoolClient extends BaseExternalAccountClient {`
79	`private readonly subjectTokenSupplier;`
80	`/**`
81	`* Instantiate an IdentityPoolClient instance using the provided JSON`
82	`* object loaded from an external account credentials file.`
83	`* An error is thrown if the credential is not a valid file-sourced or`
84	`* url-sourced credential or a workforce pool user project is provided`
85	`* with a non workforce audience.`
86	`* @param options The external account options object typically loaded`
87	`* from the external account JSON credential file. The camelCased options`
88	`* are aliases for the snake_cased options.`
89	`* @param additionalOptions **DEPRECATED, all options are available in the`
90	* `options` parameter.** Optional additional behavior customization options.
91	`* These currently customize expiration threshold time and whether to retry`
92	`* on 401/403 API request errors.`
93	`*/`
94	`constructor(options: IdentityPoolClientOptions \| SnakeToCamelObject<IdentityPoolClientOptions>, additionalOptions?: AuthClientOptions);`
95	`/**`
96	`* Triggered when a external subject token is needed to be exchanged for a GCP`
97	`* access token via GCP STS endpoint. Gets a subject token by calling`
98	`* the configured {@link SubjectTokenSupplier}`
99	`* @return A promise that resolves with the external subject token.`
100	`*/`
101	`retrieveSubjectToken(): Promise<string>;`
102	`}`