mirror of https://github.com/actions/toolkit
addressed comments
Sourav Chanduka
parent
cca2b1808b
commit
33891d9aef
|
|
@ -210,7 +210,7 @@ process.kill(pid);
|
||||||
|
|
||||||
#### OIDC Token
|
#### OIDC Token
|
||||||
|
|
||||||
You can use this library to interact with the GitHub OIDC provider and get a JWT ID token which would help to get access token from third party cloud providers.
|
You can use these methods to interact with the GitHub OIDC provider and get a JWT ID token which would help to get access token from third party cloud providers.
|
||||||
|
|
||||||
**Method Name**: getIDToken()
|
**Method Name**: getIDToken()
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -419,24 +419,9 @@ describe('oidc-client-tests', () => {
|
||||||
expect(res.message.statusCode).toBe(200)
|
expect(res.message.statusCode).toBe(200)
|
||||||
})
|
})
|
||||||
|
|
||||||
it('check if success status return true, if succeeded', () => {
|
|
||||||
expect(oidcClient.isSuccessStatusCode(200)).toBeTruthy()
|
|
||||||
})
|
|
||||||
|
|
||||||
it('check if success status return false, if failed', () => {
|
|
||||||
expect(oidcClient.isSuccessStatusCode(400)).toBeFalsy()
|
|
||||||
})
|
|
||||||
|
|
||||||
it('check if we get correct ID Token Request url with right api version', () => {
|
it('check if we get correct ID Token Request url with right api version', () => {
|
||||||
process.env.ACTIONS_ID_TOKEN_REQUEST_URL = "https://www.example.com/"
|
process.env.ACTIONS_ID_TOKEN_REQUEST_URL = "https://www.example.com/"
|
||||||
expect(oidcClient.getIDTokenUrl()).toBe("https://www.example.com/?api-version=" + oidcClient.getApiVersion())
|
expect(oidcClient.getIDTokenUrl()).toBe("https://www.example.com/?api-version=" + oidcClient.getApiVersion())
|
||||||
})
|
})
|
||||||
|
|
||||||
it('check if invalid json throws error', () => {
|
|
||||||
expect(() => oidcClient.parseJson("{}")).toThrow()
|
|
||||||
})
|
|
||||||
|
|
||||||
it('check if valid json returns parsed id token', () => {
|
|
||||||
expect(oidcClient.parseJson('{"value" : "abc" }')).toBe("abc")
|
|
||||||
})
|
|
||||||
})
|
})
|
||||||
|
|
@ -8,8 +8,10 @@
|
||||||
"name": "@actions/core",
|
"name": "@actions/core",
|
||||||
"version": "1.5.0",
|
"version": "1.5.0",
|
||||||
"license": "MIT",
|
"license": "MIT",
|
||||||
|
"dependencies": {
|
||||||
|
"@actions/http-client": "^1.0.11"
|
||||||
|
},
|
||||||
"devDependencies": {
|
"devDependencies": {
|
||||||
"@actions/http-client": "^1.0.11",
|
|
||||||
"@types/node": "^12.0.2"
|
"@types/node": "^12.0.2"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
@ -17,7 +19,6 @@
|
||||||
"version": "1.0.11",
|
"version": "1.0.11",
|
||||||
"resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-1.0.11.tgz",
|
"resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-1.0.11.tgz",
|
||||||
"integrity": "sha512-VRYHGQV1rqnROJqdMvGUbY/Kn8vriQe/F9HR2AlYHzmKuM/p3kjNuXhmdBfcVgsvRWTz5C5XW5xvndZrVBuAYg==",
|
"integrity": "sha512-VRYHGQV1rqnROJqdMvGUbY/Kn8vriQe/F9HR2AlYHzmKuM/p3kjNuXhmdBfcVgsvRWTz5C5XW5xvndZrVBuAYg==",
|
||||||
"dev": true,
|
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"tunnel": "0.0.6"
|
"tunnel": "0.0.6"
|
||||||
}
|
}
|
||||||
|
|
@ -32,7 +33,6 @@
|
||||||
"version": "0.0.6",
|
"version": "0.0.6",
|
||||||
"resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
|
"resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
|
||||||
"integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg==",
|
"integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg==",
|
||||||
"dev": true,
|
|
||||||
"engines": {
|
"engines": {
|
||||||
"node": ">=0.6.11 <=0.7.0 || >=0.7.3"
|
"node": ">=0.6.11 <=0.7.0 || >=0.7.3"
|
||||||
}
|
}
|
||||||
|
|
@ -43,7 +43,6 @@
|
||||||
"version": "1.0.11",
|
"version": "1.0.11",
|
||||||
"resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-1.0.11.tgz",
|
"resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-1.0.11.tgz",
|
||||||
"integrity": "sha512-VRYHGQV1rqnROJqdMvGUbY/Kn8vriQe/F9HR2AlYHzmKuM/p3kjNuXhmdBfcVgsvRWTz5C5XW5xvndZrVBuAYg==",
|
"integrity": "sha512-VRYHGQV1rqnROJqdMvGUbY/Kn8vriQe/F9HR2AlYHzmKuM/p3kjNuXhmdBfcVgsvRWTz5C5XW5xvndZrVBuAYg==",
|
||||||
"dev": true,
|
|
||||||
"requires": {
|
"requires": {
|
||||||
"tunnel": "0.0.6"
|
"tunnel": "0.0.6"
|
||||||
}
|
}
|
||||||
|
|
@ -57,8 +56,7 @@
|
||||||
"tunnel": {
|
"tunnel": {
|
||||||
"version": "0.0.6",
|
"version": "0.0.6",
|
||||||
"resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
|
"resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
|
||||||
"integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg==",
|
"integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg=="
|
||||||
"dev": true
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -35,8 +35,10 @@
|
||||||
"bugs": {
|
"bugs": {
|
||||||
"url": "https://github.com/actions/toolkit/issues"
|
"url": "https://github.com/actions/toolkit/issues"
|
||||||
},
|
},
|
||||||
|
"dependencies": {
|
||||||
|
"@actions/http-client": "^1.0.11"
|
||||||
|
},
|
||||||
"devDependencies": {
|
"devDependencies": {
|
||||||
"@actions/http-client": "^1.0.11",
|
|
||||||
"@types/node": "^12.0.2"
|
"@types/node": "^12.0.2"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -14,11 +14,7 @@ interface IOidcClient {
|
||||||
|
|
||||||
getIDTokenUrl(): string
|
getIDTokenUrl(): string
|
||||||
|
|
||||||
isSuccessStatusCode(statusCode?: number): boolean
|
postCall(httpclient: actions_http_client.HttpClient, id_token_url: string, audience: string): Promise<string>
|
||||||
|
|
||||||
postCall(id_token_url: string, audience: string): Promise<string>
|
|
||||||
|
|
||||||
parseJson(body: string): string
|
|
||||||
|
|
||||||
getIDToken(audience: string): Promise<string>
|
getIDToken(audience: string): Promise<string>
|
||||||
}
|
}
|
||||||
|
|
@ -54,67 +50,45 @@ export class OidcClient implements IOidcClient {
|
||||||
return runtimeUrl + '?api-version=' + this.getApiVersion()
|
return runtimeUrl + '?api-version=' + this.getApiVersion()
|
||||||
}
|
}
|
||||||
|
|
||||||
isSuccessStatusCode(statusCode?: number): boolean {
|
async postCall(httpclient: actions_http_client.HttpClient, id_token_url: string, audience: string): Promise<string> {
|
||||||
if (!statusCode) {
|
const data = audience !== null ? {aud: audience} : ''
|
||||||
return false
|
|
||||||
}
|
|
||||||
return statusCode >= 200 && statusCode < 300
|
|
||||||
}
|
|
||||||
|
|
||||||
async postCall(id_token_url: string, audience: string): Promise<string> {
|
|
||||||
|
|
||||||
const httpclient = this.createHttpClient()
|
|
||||||
if (httpclient === undefined) {
|
|
||||||
throw new Error(`Failed to get Httpclient `)
|
|
||||||
}
|
|
||||||
|
|
||||||
let additionalHeaders: IHeaders = {}
|
|
||||||
additionalHeaders[actions_http_client.Headers.ContentType] = actions_http_client.MediaTypes.ApplicationJson
|
|
||||||
additionalHeaders[actions_http_client.Headers.Accept] = actions_http_client.MediaTypes.ApplicationJson
|
|
||||||
|
|
||||||
debug(`audience is ${audience !== null ? audience : 'null'}`)
|
debug(`audience is ${audience !== null ? audience : 'null'}`)
|
||||||
|
|
||||||
const data: string = audience !== null ? JSON.stringify({aud: audience}) : ''
|
const res = await httpclient.postJson(id_token_url,data).catch((error) => {
|
||||||
const response = await httpclient.post(id_token_url, data, additionalHeaders)
|
|
||||||
const body: string = await response.readBody()
|
|
||||||
|
|
||||||
if (!this.isSuccessStatusCode(response.message.statusCode)) {
|
|
||||||
throw new Error(
|
throw new Error(
|
||||||
`Failed to get ID Token. \n
|
`Failed to get ID Token. \n
|
||||||
Error Code : ${response.message.statusCode} Error message : ${response.message.statusMessage} \n
|
Error Code : ${error.statusCode}\n
|
||||||
Response body: ${body}`
|
Response body: ${error.result}`
|
||||||
)
|
)
|
||||||
}
|
})
|
||||||
|
|
||||||
return body
|
let val :any = res.result
|
||||||
}
|
let id_token = val['value']
|
||||||
|
if (id_token === undefined) {
|
||||||
parseJson(body: string): string {
|
|
||||||
const val = JSON.parse(body)
|
|
||||||
let id_token = ''
|
|
||||||
if ('value' in val) {
|
|
||||||
id_token = val['value']
|
|
||||||
} else {
|
|
||||||
throw new Error('Response json body do not have ID Token field')
|
throw new Error('Response json body do not have ID Token field')
|
||||||
}
|
}
|
||||||
setSecret(id_token)
|
|
||||||
return id_token
|
return id_token
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
async getIDToken(audience: string): Promise<string> {
|
async getIDToken(audience: string): Promise<string> {
|
||||||
try {
|
try {
|
||||||
|
const httpclient = this.createHttpClient()
|
||||||
|
if (httpclient === undefined) {
|
||||||
|
throw new Error(`Failed to get Httpclient `)
|
||||||
|
}
|
||||||
|
|
||||||
// New ID Token is requested from action service
|
// New ID Token is requested from action service
|
||||||
let id_token_url: string = this.getIDTokenUrl()
|
let id_token_url: string = this.getIDTokenUrl()
|
||||||
|
|
||||||
debug(`ID token url is ${id_token_url}`)
|
debug(`ID token url is ${id_token_url}`)
|
||||||
|
|
||||||
let body: string = await this.postCall(id_token_url, audience)
|
let id_token = await this.postCall(httpclient ,id_token_url, audience)
|
||||||
let id_token = this.parseJson(body)
|
setSecret(id_token)
|
||||||
return id_token
|
return id_token
|
||||||
|
|
||||||
} catch (error) {
|
} catch (error) {
|
||||||
throw new Error(`Error message: ${error.message}`)
|
throw new Error(`Error message: ${error.message}`)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
Loading…
Reference in New Issue