actions/toolkit
1
0
Fork 0
mirror of https://git.mirrors.martin98.com/https://github.com/actions/toolkit synced 2026-04-03 01:43:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

oidc client changes

Browse Source
This commit is contained in:
Sourav Chanduka
2021-07-20 08:58:34 +05:30
parent 1322acbcca
commit f7330892f1
13 changed files with 15328 additions and 1298 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
packages/oidc-client/src/internal/config-variables.js Normal file
View File

@@ -0,0 +1,27 @@
"use strict";
exports.__esModule = true;
exports.getIDTokenFromEnv = exports.getIDTokenUrl = exports.getRuntimeToken = void 0;
function getRuntimeToken() {
var token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Imlmb2lQTVA1ZlVaUFBkUnV4WXVPbklNUHVEcyJ9.eyJuYW1laWQiOiJkZGRkZGRkZC1kZGRkLWRkZGQtZGRkZC1kZGRkZGRkZGRkZGQiLCJzY3AiOiJBY3Rpb25zLkdlbmVyaWNSZWFkOjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCBBY3Rpb25zLlVwbG9hZEFydGlmYWN0czowMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAvMTpCdWlsZC9CdWlsZC8yIERpc3RyaWJ1dGVkVGFzay5HZW5lcmF0ZUlkVG9rZW46YzU3NjQ3Y2QtZGEyMy00YzkwLWEzNWEtY2QzMjhhZTc1ZTBlOmNhMzk1MDg1LTA0MGEtNTI2Yi0yY2U4LWJkYzg1ZjY5Mjc3NCBMb2NhdGlvblNlcnZpY2UuQ29ubmVjdCBSZWFkQW5kVXBkYXRlQnVpbGRCeVVyaTowMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAvMTpCdWlsZC9CdWlsZC8yIiwiSWRlbnRpdHlUeXBlQ2xhaW0iOiJTeXN0ZW06U2VydmljZUlkZW50aXR5IiwiaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNS9pZGVudGl0eS9jbGFpbXMvc2lkIjoiREREREREREQtRERERC1ERERELUREREQtREREREREREREREREIiwiaHR0cDovL3NjaGVtYXMubWljcm9zb2Z0LmNvbS93cy8yMDA4LzA2L2lkZW50aXR5L2NsYWltcy9wcmltYXJ5c2lkIjoiZGRkZGRkZGQtZGRkZC1kZGRkLWRkZGQtZGRkZGRkZGRkZGRkIiwiYXVpIjoiNjIyZTlkODgtY2Y4NS00NzdkLWE5ZGYtNzM5MWFiMjBhYjI4Iiwic2lkIjoiZmVjNzUzYzktNjAzZS00OGYzLWEwYmUtMzhhY2UyNGVlYTY5IiwiYWMiOiJbe1wiU2NvcGVcIjpcInJlZnMvaGVhZHMvbWFpblwiLFwiUGVybWlzc2lvblwiOjN9XSIsIm9pZGNfc3ViIjoiUmVwbzpnaXRodWIvc2RmZzpSZWY6cmVmcy9oZWFkcy9tYWluIiwib3JjaGlkIjoiYzU3NjQ3Y2QtZGEyMy00YzkwLWEzNWEtY2QzMjhhZTc1ZTBlLmJ1aWxkLl9fZGVmYXVsdCIsImlzcyI6InZzdG9rZW4uY29kZWRldi5tcyIsImF1ZCI6InZzdG9rZW4uY29kZWRldi5tc3x2c286MWFjZjY2YjQtZjhkOS00MmUwLWFmNWQtMThmNDE0ODhjNzFkIiwibmJmIjoxNjI2NjU1MDIxLCJleHAiOjE2MjY2Nzc4MjF9.Xwlp7EGXS-MhHwI93NCntEv7RBfMLNYInfbnjHTL5XdFPkSSLftlTbEIlrWz0PHguXRhw7W1WjzXVCOHMuRybeOce6p9U5Ap_JzxYE7NllEsT5KgeuUHAEnIVzgT474BoUEsI1NwFMzxx56f-68jgf088fJfbF9BRv609o0pnrYpHGs8g1lJoy1D0VRfOluxGhpbhrfFnNqbVJPTE4l1KyBvYjAfh5T9qBu1VFv7tR23siq0a1F4nPIVLh9Jd1g1YBIcFd7ejj_vEEyo2UGjXlNlc9pO9xrmjy_1wPggnX5OmndSPozK-oho1YCIuhL8TZomHeaX6qXeXcCakR_Lmw"; //process.env['ACTIONS_RUNTIME_TOKEN']
if (!token) {
throw new Error('Unable to get ACTIONS_RUNTIME_TOKEN env variable');
}
return token;
}
exports.getRuntimeToken = getRuntimeToken;
function getIDTokenUrl() {
var runtimeUrl = "https://neha.ngrok.io/5BIeW5yLeO4xcIjKhPUlNw8vNEKgp3rNJJO0ZaEk4usJseJjZ3/00000000-0000-0000-0000-000000000000/_apis/distributedtask/hubs/Actions/plans/c57647cd-da23-4c90-a35a-cd328ae75e0e/jobs/ca395085-040a-526b-2ce8-bdc85f692774/idtoken"; //process.env['ACTIONS_ID_TOKEN_REQUEST_URL']
if (!runtimeUrl) {
throw new Error('Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable');
}
return runtimeUrl;
}
exports.getIDTokenUrl = getIDTokenUrl;
function getIDTokenFromEnv() {
var tokenId = process.env['OIDC_TOKEN_ID']; //Need to check the exact env var name
if (!tokenId) {
return '';
}
return tokenId;
}
exports.getIDTokenFromEnv = getIDTokenFromEnv;

10
packages/oidc-client/src/internal/config-variables.ts
View File

@@ -1,5 +1,5 @@
export function getRuntimeToken(): string {
const token = process.env['ACTIONS_RUNTIME_TOKEN']
const token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Imlmb2lQTVA1ZlVaUFBkUnV4WXVPbklNUHVEcyJ9.eyJuYW1laWQiOiJkZGRkZGRkZC1kZGRkLWRkZGQtZGRkZC1kZGRkZGRkZGRkZGQiLCJzY3AiOiJBY3Rpb25zLkdlbmVyaWNSZWFkOjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCBBY3Rpb25zLlVwbG9hZEFydGlmYWN0czowMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAvMTpCdWlsZC9CdWlsZC8yIERpc3RyaWJ1dGVkVGFzay5HZW5lcmF0ZUlkVG9rZW46YzU3NjQ3Y2QtZGEyMy00YzkwLWEzNWEtY2QzMjhhZTc1ZTBlOmNhMzk1MDg1LTA0MGEtNTI2Yi0yY2U4LWJkYzg1ZjY5Mjc3NCBMb2NhdGlvblNlcnZpY2UuQ29ubmVjdCBSZWFkQW5kVXBkYXRlQnVpbGRCeVVyaTowMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAvMTpCdWlsZC9CdWlsZC8yIiwiSWRlbnRpdHlUeXBlQ2xhaW0iOiJTeXN0ZW06U2VydmljZUlkZW50aXR5IiwiaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNS9pZGVudGl0eS9jbGFpbXMvc2lkIjoiREREREREREQtRERERC1ERERELUREREQtREREREREREREREREIiwiaHR0cDovL3NjaGVtYXMubWljcm9zb2Z0LmNvbS93cy8yMDA4LzA2L2lkZW50aXR5L2NsYWltcy9wcmltYXJ5c2lkIjoiZGRkZGRkZGQtZGRkZC1kZGRkLWRkZGQtZGRkZGRkZGRkZGRkIiwiYXVpIjoiNjIyZTlkODgtY2Y4NS00NzdkLWE5ZGYtNzM5MWFiMjBhYjI4Iiwic2lkIjoiZmVjNzUzYzktNjAzZS00OGYzLWEwYmUtMzhhY2UyNGVlYTY5IiwiYWMiOiJbe1wiU2NvcGVcIjpcInJlZnMvaGVhZHMvbWFpblwiLFwiUGVybWlzc2lvblwiOjN9XSIsIm9pZGNfc3ViIjoiUmVwbzpnaXRodWIvc2RmZzpSZWY6cmVmcy9oZWFkcy9tYWluIiwib3JjaGlkIjoiYzU3NjQ3Y2QtZGEyMy00YzkwLWEzNWEtY2QzMjhhZTc1ZTBlLmJ1aWxkLl9fZGVmYXVsdCIsImlzcyI6InZzdG9rZW4uY29kZWRldi5tcyIsImF1ZCI6InZzdG9rZW4uY29kZWRldi5tc3x2c286MWFjZjY2YjQtZjhkOS00MmUwLWFmNWQtMThmNDE0ODhjNzFkIiwibmJmIjoxNjI2NjU1MDIxLCJleHAiOjE2MjY2Nzc4MjF9.Xwlp7EGXS-MhHwI93NCntEv7RBfMLNYInfbnjHTL5XdFPkSSLftlTbEIlrWz0PHguXRhw7W1WjzXVCOHMuRybeOce6p9U5Ap_JzxYE7NllEsT5KgeuUHAEnIVzgT474BoUEsI1NwFMzxx56f-68jgf088fJfbF9BRv609o0pnrYpHGs8g1lJoy1D0VRfOluxGhpbhrfFnNqbVJPTE4l1KyBvYjAfh5T9qBu1VFv7tR23siq0a1F4nPIVLh9Jd1g1YBIcFd7ejj_vEEyo2UGjXlNlc9pO9xrmjy_1wPggnX5OmndSPozK-oho1YCIuhL8TZomHeaX6qXeXcCakR_Lmw"//process.env['ACTIONS_RUNTIME_TOKEN']
if (!token) {
throw new Error('Unable to get ACTIONS_RUNTIME_TOKEN env variable')
}
@@ -7,7 +7,7 @@ export function getRuntimeToken(): string {
}
export function getIDTokenUrl(): string {
const runtimeUrl = process.env['ACTIONS_ID_TOKEN_REQUEST_URL']
const runtimeUrl = "https://neha.ngrok.io/5BIeW5yLeO4xcIjKhPUlNw8vNEKgp3rNJJO0ZaEk4usJseJjZ3/00000000-0000-0000-0000-000000000000/_apis/distributedtask/hubs/Actions/plans/c57647cd-da23-4c90-a35a-cd328ae75e0e/jobs/ca395085-040a-526b-2ce8-bdc85f692774/idtoken"//process.env['ACTIONS_ID_TOKEN_REQUEST_URL']
if (!runtimeUrl) {
throw new Error('Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable')
}
@@ -15,7 +15,9 @@ export function getIDTokenUrl(): string {
}
export function getIDTokenFromEnv(): string {
const tokenId = process.env['OIDC_TOKEN_ID'] //Need to check the exact env var name
const tokenId = process.env['OIDC_TOKEN_ID'] //Need to check the exact env var name
if (!tokenId) {
return ''
}
return tokenId
}

23
packages/oidc-client/src/internal/utils.js Normal file
View File

@@ -0,0 +1,23 @@
"use strict";
exports.__esModule = true;
exports.getApiVersion = exports.createHttpClient = exports.isSuccessStatusCode = void 0;
var http_client_1 = require("@actions/http-client");
var auth_1 = require("@actions/http-client/auth");
var config_variables_1 = require("./config-variables");
function isSuccessStatusCode(statusCode) {
if (!statusCode) {
return false;
}
return statusCode >= 200 && statusCode < 300;
}
exports.isSuccessStatusCode = isSuccessStatusCode;
function createHttpClient() {
return new http_client_1.HttpClient('actions/oidc-client', [
new auth_1.BearerCredentialHandler(config_variables_1.getRuntimeToken())
]);
}
exports.createHttpClient = createHttpClient;
function getApiVersion() {
return '2.0';
}
exports.getApiVersion = getApiVersion;

37
packages/oidc-client/src/internal/utils.ts
View File

@@ -1,29 +1,20 @@
import {debug, info, warning} from '@actions/core'
import {HttpClient} from '@actions/http-client'
import {BearerCredentialHandler} from '@actions/http-client/auth'
import {IHeaders, IHttpClientResponse} from '@actions/http-client/interfaces'
import {getRuntimeToken} from './config-variables'
import {
getRuntimeToken,
getWorkFlowRunId
} from './config-variables'
export function isSuccessStatusCode(statusCode?: number): boolean {
if (!statusCode) {
return false
}
return statusCode >= 200 && statusCode < 300
export function isSuccessStatusCode(statusCode?: number): boolean {
if (!statusCode) {
return false
}
return statusCode >= 200 && statusCode < 300
}
export function createHttpClient(): HttpClient {
return new HttpClient('actions/oidc-client', [
new BearerCredentialHandler(getRuntimeToken())
])
}
export function createHttpClient(): HttpClient {
return new HttpClient('actions/oidc-client', [
new BearerCredentialHandler(getRuntimeToken())
])
}
export function getApiVersion(): string {
return '2.0'
}
export function getApiVersion(): string {
return '2.0'
}

103
packages/oidc-client/src/main.js Normal file
View File

@@ -0,0 +1,103 @@
"use strict";
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
var __generator = (this && this.__generator) || function (thisArg, body) {
var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
function verb(n) { return function (v) { return step([n, v]); }; }
function step(op) {
if (f) throw new TypeError("Generator is already executing.");
while (_) try {
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
if (y = 0, t) op = [op[0] & 2, t.value];
switch (op[0]) {
case 0: case 1: t = op; break;
case 4: _.label++; return { value: op[1], done: false };
case 5: _.label++; y = op[1]; op = [0]; continue;
case 7: op = _.ops.pop(); _.trys.pop(); continue;
default:
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
if (t[2]) _.ops.pop();
_.trys.pop(); continue;
}
op = body.call(thisArg, _);
} catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
}
};
exports.__esModule = true;
exports.getIDToken = void 0;
var core = require("@actions/core");
var actions_http_client = require("@actions/http-client");
var utils_1 = require("./internal/utils");
var config_variables_1 = require("./internal/config-variables");
function getIDToken(audience) {
return __awaiter(this, void 0, void 0, function () {
var id_token, secondsSinceEpoch, id_token_json, id_token_url, httpclient, additionalHeaders, data, response, body, val, error_1;
var _a;
return __generator(this, function (_b) {
switch (_b.label) {
case 0:
_b.trys.push([0, 3, , 4]);
id_token = config_variables_1.getIDTokenFromEnv();
if (id_token !== undefined) {
secondsSinceEpoch = Math.round(Date.now() / 1000);
id_token_json = JSON.parse(id_token);
if (parseInt(id_token_json['exp']) - secondsSinceEpoch > 120)
// Expiry time is more than 2 mins
return [2 /*return*/, id_token];
}
id_token_url = config_variables_1.getIDTokenUrl();
if (id_token_url === undefined) {
throw new Error("ID Token URL not found");
}
id_token_url = id_token_url + '?api-version=' + utils_1.getApiVersion();
core.debug("ID token url is " + id_token_url);
httpclient = utils_1.createHttpClient();
if (httpclient === undefined) {
throw new Error("Failed to get Httpclient ");
}
core.debug("Httpclient created " + httpclient + " "); // debug is only output if you set the secret `ACTIONS_RUNNER_DEBUG` to true
additionalHeaders = (_a = {},
_a[actions_http_client.Headers.ContentType] = actions_http_client.MediaTypes.ApplicationJson,
_a);
data = JSON.stringify({ aud: audience });
return [4 /*yield*/, httpclient.post(id_token_url, data, additionalHeaders)];
case 1:
response = _b.sent();
if (!utils_1.isSuccessStatusCode(response.message.statusCode)) {
throw new Error("Failed to get ID Token. Error message :" + response.message.statusMessage + " ");
}
return [4 /*yield*/, response.readBody()];
case 2:
body = _b.sent();
val = JSON.parse(body);
id_token = val['value'];
if (id_token === undefined) {
throw new Error("Not able to fetch the ID token");
}
// Save ID Token in Env Variable
core.exportVariable('OIDC_TOKEN_ID', id_token);
return [2 /*return*/, id_token];
case 3:
error_1 = _b.sent();
core.setFailed(error_1.message);
return [2 /*return*/, error_1.message];
case 4: return [2 /*return*/];
}
});
});
}
exports.getIDToken = getIDToken;
//module.exports.getIDToken = getIDToken
getIDToken('helloworld');

56
packages/oidc-client/src/main.ts
View File

@@ -1,54 +1,55 @@
import * as core from '@actions/core'
import {IHeaders} from '@actions/http-client/interfaces'
import * as actions_http_client from '@actions/http-client'
import {
createHttpClient,
isSuccessStatusCode
isSuccessStatusCode,
getApiVersion
} from './internal/utils'
import {
getIDTokenFromEnv,
getIDTokenUrl
} from './internal/config-variables'
import {getIDTokenFromEnv, getIDTokenUrl} from './internal/config-variables'
export async function getIDToken(audience: string): Promise<string> {
try {
//Check if id token is stored in environment variable
var id_token: string = getIDTokenFromEnv()
if(id_token != undefined) {
let id_token: string = getIDTokenFromEnv()
if (id_token !== undefined) {
const secondsSinceEpoch = Math.round(Date.now() / 1000)
const id_token_json = JSON.parse(id_token)
if(parseInt(id_token_json['exp']) - secondsSinceEpoch > 120) // Expiry time is more than 2 mins
if (parseInt(id_token_json['exp']) - secondsSinceEpoch > 120)
// Expiry time is more than 2 mins
return id_token
}
// New ID Token is requested from action service
const id_tokne_url: string = getIDTokenUrl()
if (id_tokne_url == undefined) {
let id_token_url: string = getIDTokenUrl()
if (id_token_url === undefined) {
throw new Error(`ID Token URL not found`)
}
core.debug(`ID token url is ${id_tokne_url}`)
id_token_url = id_token_url + '?api-version=' + getApiVersion()
core.debug(`ID token url is ${id_token_url}`)
const httpclient = createHttpClient()
if (httpclient == undefined) {
if (httpclient === undefined) {
throw new Error(`Failed to get Httpclient `)
}
core.debug(`Httpclient created ${httpclient} `) // debug is only output if you set the secret `ACTIONS_RUNNER_DEBUG` to true
var additionalHeaders = {[httpclient.Headers.ContentType]: httpclient.MediaTypes.ApplicationJson}
const additionalHeaders = {
[actions_http_client.Headers.ContentType]:
actions_http_client.MediaTypes.ApplicationJson
}
var data : String = new String('id_token_aud:')
data = data.concat(audience)
const response = await httpclient.post(id_tokne_url, data, additionalHeaders)
const data: string = JSON.stringify({aud: audience})
const response = await httpclient.post(
id_token_url,
data,
additionalHeaders
)
if (!isSuccessStatusCode(response.message.statusCode)){
if (!isSuccessStatusCode(response.message.statusCode)) {
throw new Error(
`Failed to get ID Token. Error message :${response.message.statusMessage} `
)
@@ -58,7 +59,7 @@ export async function getIDToken(audience: string): Promise<string> {
const val = JSON.parse(body)
id_token = val['value']
if (id_token == undefined) {
if (id_token === undefined) {
throw new Error(`Not able to fetch the ID token`)
}
@@ -66,11 +67,12 @@ export async function getIDToken(audience: string): Promise<string> {
core.exportVariable('OIDC_TOKEN_ID', id_token)
return id_token
} catch (error) {
core.setFailed(error.message)
return error.message
}
}
module.exports.getIDToken = getIDToken
//module.exports.getIDToken = getIDToken
getIDToken('helloworld')