Inital draft of OIDC Client

2021-07-01 08:11:28 +05:30 · 2021-07-01 08:11:28 +05:30 · bdacfc4c65
parent 4564768940
commit bdacfc4c65
9 changed files with 6773 additions and 0 deletions
--- a/packages/oidc-client/LICENSE.md
+++ b/packages/oidc-client/LICENSE.md
@ -0,0 +1,9 @@
+The MIT License (MIT)
+
+Copyright 2019 GitHub
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
--- a/packages/oidc-client/README.md
+++ b/packages/oidc-client/README.md
@ -0,0 +1,38 @@
+<h2>@actions/oidc-client</h2>
+
+<h3>Usage</h3>
+
+You can use this package to interact with the github oidc provider.
+
+<h3>Get the ID token</h3>
+
+Method Name: getIDToken
+
+<h3>Inputs</h3>
+
+Client id
+The client id registered with oidc provider
+Required
+Client secret
+The client secret
+Required
+
+These inputs are temporary. They will be modified once the complete package is available.
+
+
+<h3>Example:</h3>
+
+```
+const core = require('@actions/core');
+const id = require('@actions/oidc-client')
+
+
+async function getID(){
+   const id_token = await id.getIDToken('client-id', 'client-secret')
+   const val = `ID token is ${id_token}`
+   core.setOutput('id_token', id_token);
+      
+}
+
+getID()
+```
--- a/packages/oidc-client/tests/main.test.ts
+++ b/packages/oidc-client/tests/main.test.ts
@ -0,0 +1,20 @@
+import * as get from '../src/main'
+import {HttpClient} from '@actions/http-client'
+
+test('Get httpclient', () => {
+  let http: HttpClient = new HttpClient('actions/oidc-client')
+  expect(http).toBeDefined()
+})
+
+test('HTTP get request to get token endpoint', async () => {
+  let http: HttpClient = new HttpClient('actions/oidc-client')
+  let res = await http.get(
+    'https://ghactionsoidc.azurewebsites.net/.well-known/openid-configuration'
+  )
+  expect(res.message.statusCode).toBe(200)
+})
+
+test('Get token endpoint', async () => {
+  let url: string = await get.getTokenEndPoint()
+  expect(url).toBeDefined()
+})
--- a/packages/oidc-client/package-lock.json
+++ b/packages/oidc-client/package-lock.json
--- a/packages/oidc-client/package.json
+++ b/packages/oidc-client/package.json
@ -0,0 +1,46 @@
+{
+  "name": "@dwivedine/oidc-client",
+  "version": "1.0.9",
+  "description": "To get id token from oidc provider",
+  "main": "lib/main.js",
+  "types": "lib/main.d.ts",
+  "scripts": {
+    "build": "tsc",
+    "format": "prettier --write **/*.ts",
+    "format-check": "prettier --check **/*.ts",
+    "package": "ncc build --source-map --license licenses.txt",
+    "test": "jest",
+    "all": "npm run build && npm run format && npm run package && npm test"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/dwivedine/toolkit.git"
+  },
+  "keywords": [
+    "actions",
+    "node",
+    "setup"
+  ],
+  "author": "Neha Dwivedi",
+  "license": "MIT",
+  "dependencies": {
+    "@actions/core": "^1.2.6",
+    "@actions/http-client": "^1.0.11",
+    "@octokit/core": "^3.4.0"
+  },
+  "devDependencies": {
+    "@types/jest": "^26.0.15",
+    "@types/node": "^14.14.9",
+    "@typescript-eslint/parser": "^4.8.1",
+    "@vercel/ncc": "^0.25.1",
+    "eslint": "^7.17.0",
+    "eslint-plugin-github": "^4.1.3",
+    "eslint-plugin-jest": "^24.1.3",
+    "jest": "^26.6.3",
+    "jest-circus": "^26.6.3",
+    "js-yaml": "^3.14.0",
+    "prettier": "2.2.1",
+    "ts-jest": "^26.4.4",
+    "typescript": "^4.1.3"
+  }
+}
--- a/packages/oidc-client/src/internal/config-variables.ts
+++ b/packages/oidc-client/src/internal/config-variables.ts
@ -0,0 +1,31 @@
+export function getRuntimeToken(): string {
+  const token = process.env['ACTIONS_RUNTIME_TOKEN']
+  if (!token) {
+    throw new Error('Unable to get ACTIONS_RUNTIME_TOKEN env variable')
+  }
+  return token
+}
+
+export function getIDTokenUrl(): string {
+  const runtimeUrl = process.env['ACTIONS_ID_TOKEN_REQUEST_URL']
+  if (!runtimeUrl) {
+    throw new Error('Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable')
+  }
+  return runtimeUrl
+}
+
+export function getWorkFlowRunId(): string {
+  const workFlowRunId = process.env['GITHUB_RUN_ID']
+  if (!workFlowRunId) {
+    throw new Error('Unable to get GITHUB_RUN_ID env variable')
+  }
+  return workFlowRunId
+}
+
+export function getIDTokenFromEnv(): string {
+  const tokenId = process.env['OIDC_TOKEN_ID']   //Need to check the exact env var name
+  if(!tokenId) {
+    throw new Error('Unable to get OIDC_TOKEN_ID env variable')
+  }
+  return tokenId
+}
--- a/packages/oidc-client/src/internal/utils.ts
+++ b/packages/oidc-client/src/internal/utils.ts
@ -0,0 +1,30 @@
+
+import {debug, info, warning} from '@actions/core'
+import {HttpClient} from '@actions/http-client'
+import {BearerCredentialHandler} from '@actions/http-client/auth'
+import {IHeaders, IHttpClientResponse} from '@actions/http-client/interfaces'
+
+import {
+    getRuntimeToken,
+    getWorkFlowRunId
+  } from './config-variables'
+
+  export function isSuccessStatusCode(statusCode?: number): boolean {
+    if (!statusCode) {
+      return false
+    }
+    return statusCode >= 200 && statusCode < 300
+  }
+
+
+  export function createHttpClient(): HttpClient {
+    return new HttpClient('actions/oidc-client', [
+      new BearerCredentialHandler(getRuntimeToken())
+    ])
+  }
+
+
+  export function getApiVersion(): string {
+    return '1.0'
+  }
+
--- a/packages/oidc-client/src/main.ts
+++ b/packages/oidc-client/src/main.ts
@ -0,0 +1,73 @@
+import * as core from '@actions/core'
+import {IHeaders} from '@actions/http-client/interfaces'
+import {
+  createHttpClient,
+  isSuccessStatusCode
+} from './internal/utils'
+
+import {
+  getIDTokenFromEnv,
+  getIDTokenUrl
+} from './internal/config-variables'
+
+
+export async function getIDToken(audience: string): Promise<string> {
+  try {
+
+    //Check if id token is stored in environment variable
+
+    var id_token: string = getIDTokenFromEnv()
+    if(id_token != undefined) {
+      const secondsSinceEpoch = Math.round(Date.now() / 1000)
+      const id_token_json = JSON.parse(id_token)
+      if(parseInt(id_token_json['exp']) - secondsSinceEpoch > 120)    // Expiry time is more than 2 mins
+        return id_token
+    }
+
+
+    // New ID Token is requested from action service
+    
+    const id_tokne_url: string =  getIDTokenUrl()
+
+    if (id_tokne_url == undefined) {
+      throw new Error(`ID Token URL not found`)
+    }
+
+    core.debug(`ID token url is ${id_tokne_url}`)
+
+    const httpclient = createHttpClient()
+    if (httpclient == undefined) {
+      throw new Error(`Failed to get Httpclient `)
+    }
+    core.debug(`Httpclient created ${httpclient} `) // debug is only output if you set the secret `ACTIONS_RUNNER_DEBUG` to true
+
+
+    const response = await httpclient.post(id_tokne_url, audience)
+
+    
+    if (!isSuccessStatusCode(response.message.statusCode)){
+      throw new Error(
+        `Failed to get ID Token. Error message  :${response.message.statusMessage} `
+      )
+    }
+
+    const body: string = await response.readBody()
+    const val = JSON.parse(body)
+    id_token = val['id_token']
+
+    if (id_token == undefined) {
+      throw new Error(`Not able to fetch the ID token`)
+    }
+
+    // Save ID Token in Env Variable
+    core.exportVariable('OIDC_TOKEN_ID', id_token)
+
+    return id_token
+    
+  } catch (error) {
+    core.setFailed(error.message)
+    return error.message
+  }
+}
+
+module.exports.getIDToken = getIDToken
--- a/packages/oidc-client/tsconfig.json
+++ b/packages/oidc-client/tsconfig.json
@ -0,0 +1,14 @@
+{
+  "extends": "../../tsconfig.json",
+  "compilerOptions": {
+    "baseUrl": "./",
+    "outDir": "./lib",                        /* Redirect output structure to the directory. */
+    "rootDir": "./src",                       /* Specify the root directory of input files. Use to control the output directory structure with --outDir. */
+    "noImplicitAny": true,                    /* Raise error on expressions and declarations with an implied 'any' type. */
+    "esModuleInterop": true,                   /* Enables emit interoperability between CommonJS and ES Modules via creation of namespace objects for all imports. Implies 'allowSyntheticDefaultImports'. */
+    "moduleResolution": "node",
+    }, 
+    "include": [
+      "./src"
+    ]
+}