Class OkeWorkloadIdentityAuthenticationDetailsProvider

Hierarchy

AbstractRequestingAuthenticationDetailsProvider
- OkeWorkloadIdentityAuthenticationDetailsProvider

Implements

Constructors

constructor

Properties

Methods

Constructors

constructor

new OkeWorkloadIdentityAuthenticationDetailsProvider(federationClient: FederationClient, sessionKeySupplier: SessionKeySupplier): OkeWorkloadIdentityAuthenticationDetailsProvider

Overrides AbstractRequestingAuthenticationDetailsProvider.constructor
- Defined in lib/common/lib/auth/oke-workload-identity-authentication-details-provider.ts:47
Parameters
- federationClient: FederationClient
- sessionKeySupplier: SessionKeySupplier
Returns OkeWorkloadIdentityAuthenticationDetailsProvider

Properties

Protected _federationClient

_federationClient: FederationClient

Protected _sessionKeySupplier

_sessionKeySupplier: SessionKeySupplier

Protected federationClient

federationClient: FederationClient

Protected sessionKeySupplier

sessionKeySupplier: SessionKeySupplier

Static ClaimKeys

ClaimKeys: ClaimsKey = class ClaimsKey {/*** COMPARTMENT_ID is the claim name that the RPST holds for the resource compartment.* This can be passed to {@link #getStringClaim} to retrieve the resource's compartment OCID.*/public static COMPARTMENT_ID_CLAIM_KEY = "res_compartment";/*** TENANT_ID_CLAIM_KEY is the claim name that the RPST holds for the resource tenancy.* This can be passed to {@link #getStringClaim} to retrieve the resource's tenancy OCID.*/public static TENANT_ID_CLAIM_KEY = "res_tenant";}

Static DEFAULT_DEFAULT_KUBERNETES_SERVICE_ACCOUNT_CERT_PATH

DEFAULT_DEFAULT_KUBERNETES_SERVICE_ACCOUNT_CERT_PATH: string = "/var/run/secrets/kubernetes.io/serviceaccount/token"

Static DEFAULT_KUBERNETES_SERVICE_ACCOUNT_CERT_PATH

DEFAULT_KUBERNETES_SERVICE_ACCOUNT_CERT_PATH: string = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"

Static KUBERNETES_SERVICE_HOST_ENV_VAR_NAME

KUBERNETES_SERVICE_HOST_ENV_VAR_NAME: string = "KUBERNETES_SERVICE_HOST"

Static KUBERNETES_SERVICE_PORT_PROXYMUX_ENV_VAR_NAME

KUBERNETES_SERVICE_PORT_PROXYMUX_ENV_VAR_NAME: string = "KUBERNETES_SERVICE_PORT_PROXYMUX"

Static OkeWorkloadIdentityAuthenticationDetailsProviderBuilder

OkeWorkloadIdentityAuthenticationDetailsProviderBuilder: OkeWorkloadIdentityAuthenticationDetailsProviderBuilder = class OkeWorkloadIdentityAuthenticationDetailsProviderBuilder {kubernetesServiceAccountCertPath: string;kubernetesServiceAccountTokenPath: string;constructor(customKubernetesServiceAccountCertPath?: string,customKubernetesServiceAccountTokenPath?: string) {this.kubernetesServiceAccountCertPath =customKubernetesServiceAccountCertPath ||OkeWorkloadIdentityAuthenticationDetailsProvider.DEFAULT_KUBERNETES_SERVICE_ACCOUNT_CERT_PATH;this.kubernetesServiceAccountTokenPath =customKubernetesServiceAccountTokenPath ||OkeWorkloadIdentityAuthenticationDetailsProvider.DEFAULT_DEFAULT_KUBERNETES_SERVICE_ACCOUNT_CERT_PATH;}public build(): OkeWorkloadIdentityAuthenticationDetailsProvider {let federationClient: FederationClient;let sessionKeySupplier: SessionKeySupplier;const kubernetesServiceHost =process.env[OkeWorkloadIdentityAuthenticationDetailsProvider.KUBERNETES_SERVICE_HOST_ENV_VAR_NAME];if (!kubernetesServiceHost) {throw Error(`${OkeWorkloadIdentityAuthenticationDetailsProvider.KUBERNETES_SERVICE_HOST_ENV_VAR_NAME} environment variable is missing. ` +OKE_WORKLOAD_IDENTITY_DEBUG_INFORMATION_LOG);}const kubernetesServiceProxymuxPort =process.env[OkeWorkloadIdentityAuthenticationDetailsProvider.KUBERNETES_SERVICE_PORT_PROXYMUX_ENV_VAR_NAME];if (!kubernetesServiceProxymuxPort) {throw Error(`${OkeWorkloadIdentityAuthenticationDetailsProvider.KUBERNETES_SERVICE_PORT_PROXYMUX_ENV_VAR_NAME} environment variable is missing. ` +OKE_WORKLOAD_IDENTITY_DEBUG_INFORMATION_LOG);}let kubernetesServiceAccountCert;try {kubernetesServiceAccountCert = loadFromFile(this.kubernetesServiceAccountCertPath);} catch (e) {throw Error(`Failed to read ${this.kubernetesServiceAccountCertPath}. ` +OKE_WORKLOAD_IDENTITY_DEBUG_INFORMATION_LOG);}let kubernetesServiceAccountToken;try {kubernetesServiceAccountToken = loadFromFile(this.kubernetesServiceAccountTokenPath);} catch (e) {throw Error(`Failed to read ${this.kubernetesServiceAccountTokenPath}. ` +OKE_WORKLOAD_IDENTITY_DEBUG_INFORMATION_LOG);}// Initialize everythingsessionKeySupplier = new SessionKeySupplierImpl();federationClient = new X509FederationClientForOkeWorkloadIdentity(`https://${kubernetesServiceHost}:${kubernetesServiceProxymuxPort}/resourcePrincipalSessionTokens`,kubernetesServiceAccountToken,kubernetesServiceAccountCert,sessionKeySupplier);return new OkeWorkloadIdentityAuthenticationDetailsProvider(federationClient,sessionKeySupplier);}}

Builder for OkeWorkloadIdentityAuthenticationDetailsProvider

Methods

getKeyId

getKeyId(): Promise<string>

Implementation of AuthenticationDetailsProvider.getKeyId

Inherited from AbstractRequestingAuthenticationDetailsProvider.getKeyId
- Defined in lib/common/lib/auth/abstract-requesting-authentication-detail-provider.ts:20
Returns Promise<string>

getPassphrase

getPassphrase(): null

Implementation of AuthenticationDetailsProvider.getPassphrase

Inherited from AbstractRequestingAuthenticationDetailsProvider.getPassphrase
- Defined in lib/common/lib/auth/abstract-requesting-authentication-detail-provider.ts:28
Returns null

getPrivateKey

getPrivateKey(): string

Implementation of AuthenticationDetailsProvider.getPrivateKey

Inherited from AbstractRequestingAuthenticationDetailsProvider.getPrivateKey
- Defined in lib/common/lib/auth/abstract-requesting-authentication-detail-provider.ts:24
Returns string

getStringClaim

getStringClaim(key: string): Promise<string | null>

- Defined in lib/common/lib/auth/oke-workload-identity-authentication-details-provider.ts:89
Session tokens carry JWT-like claims. Permit the retrieval of the value of those claims from the token. At the least, the token should carry claims for {@link ClaimKeys#COMPARTMENT_ID_CLAIM_KEY} and {@link ClaimKeys#TENANT_ID_CLAIM_KEY}

Parameters
- key: string
  
  the name of a claim in the session token
Returns Promise<string | null>

the claim value.

refresh

refresh(): Promise<string>

Implementation of RefreshableOnNotAuthenticatedProvider.refresh
- Defined in lib/common/lib/auth/oke-workload-identity-authentication-details-provider.ts:97
Refreshes the authentication data used by the provider

Returns Promise<string>

the refreshed authentication data

Static builder

builder(customKubernetesServiceAccountCertPath: string, customKubernetesServiceAccountTokenPath: string): OkeWorkloadIdentityAuthenticationDetailsProvider

- Defined in lib/common/lib/auth/oke-workload-identity-authentication-details-provider.ts:72
Parameters
- customKubernetesServiceAccountCertPath: string
- customKubernetesServiceAccountTokenPath: string
Returns OkeWorkloadIdentityAuthenticationDetailsProvider

Class OkeWorkloadIdentityAuthenticationDetailsProvider

Hierarchy

Implements

Constructors

Properties

Methods

Constructors

constructor

Parameters

federationClient: FederationClient

sessionKeySupplier: SessionKeySupplier

Returns OkeWorkloadIdentityAuthenticationDetailsProvider

Properties

Protected _federationClient

Protected _sessionKeySupplier

Protected federationClient

Protected sessionKeySupplier

Static ClaimKeys

Static DEFAULT_DEFAULT_KUBERNETES_SERVICE_ACCOUNT_CERT_PATH

Static DEFAULT_KUBERNETES_SERVICE_ACCOUNT_CERT_PATH

Static KUBERNETES_SERVICE_HOST_ENV_VAR_NAME

Static KUBERNETES_SERVICE_PORT_PROXYMUX_ENV_VAR_NAME

Static OkeWorkloadIdentityAuthenticationDetailsProviderBuilder

Methods

getKeyId

Returns Promise<string>

getPassphrase

Returns null

getPrivateKey

Returns string

getStringClaim

Parameters

key: string

Returns Promise<string | null>

refresh

Returns Promise<string>

Static builder

Parameters

customKubernetesServiceAccountCertPath: string

customKubernetesServiceAccountTokenPath: string

Returns OkeWorkloadIdentityAuthenticationDetailsProvider