-
Notifications
You must be signed in to change notification settings - Fork 24
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(McspAuthenticator): add new authenticator for Multi-Cloud Saas P…
…latform (#258) This commit introduces the new McspAuthenticator that can be used to exchange an apikey for an MCSP access token using the Multi-Cloud Saas Platform authentication token server's 'POST /siusermgr/api/1.0/apikeys/token' operation. Signed-off-by: Phil Adams <phil_adams@us.ibm.com>
- Loading branch information
Showing
14 changed files
with
631 additions
and
14 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
/** | ||
* (C) Copyright IBM Corp. 2023. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
import { Authenticator } from './authenticator'; | ||
import { McspTokenManager } from '../token-managers/mcsp-token-manager'; | ||
import { BaseOptions, TokenRequestBasedAuthenticator } from './token-request-based-authenticator'; | ||
|
||
/** Configuration options for Multi-Cloud Saas Platform (MCSP) authentication. */ | ||
export interface Options extends BaseOptions { | ||
/** The API key used to obtain an MCSP access token. */ | ||
apikey: string; | ||
/** The URL representing the MCSP token service endpoint. */ | ||
url: string; | ||
} | ||
|
||
/** | ||
* The McspAuthenticator uses an apikey to obtain an access token from the MCSP token server. | ||
* When the access token expires, a new access token is obtained from the token server. | ||
* The access token will be added to outbound requests via the Authorization header | ||
* of the form: "Authorization: Bearer <access-token>" | ||
*/ | ||
export class McspAuthenticator extends TokenRequestBasedAuthenticator { | ||
protected requiredOptions = ['apikey', 'url']; | ||
|
||
protected tokenManager: McspTokenManager; | ||
|
||
private apikey: string; | ||
|
||
/** | ||
* Create a new McspAuthenticator instance. | ||
* | ||
* @param options - Configuration options for CloudPakForData authentication. | ||
* This should be an object containing these fields: | ||
* - url: (required) the endpoint URL for the CloudPakForData token service | ||
* - username: (required) the username used to obtain a bearer token | ||
* - password: (optional) the password used to obtain a bearer token (required if apikey is not specified) | ||
* - apikey: (optional) the API key used to obtain a bearer token (required if password is not specified) | ||
* - disableSslVerification: (optional) a flag that indicates whether verification of the token server's SSL certificate | ||
* should be disabled or not | ||
* - headers: (optional) a set of HTTP headers to be sent with each request to the token service | ||
* | ||
* @throws Error: the username, password, and/or url are not valid, or unspecified, for Cloud Pak For Data token requests. | ||
*/ | ||
constructor(options: Options) { | ||
super(options); | ||
|
||
this.apikey = options.apikey; | ||
this.url = options.url; | ||
|
||
// the param names are shared between the authenticator and the token | ||
// manager so we can just pass along the options object. | ||
// also, the token manager will handle input validation | ||
this.tokenManager = new McspTokenManager(options); | ||
} | ||
|
||
/** | ||
* Returns the authenticator's type ('cp4d'). | ||
* | ||
* @returns a string that indicates the authenticator's type | ||
*/ | ||
// eslint-disable-next-line class-methods-use-this | ||
public authenticationType(): string { | ||
return Authenticator.AUTHTYPE_MCSP; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.