FilesExpand file tree

 main

/

types.ts

Copy path

Blame

More file actions

Blame

More file actions

Latest commit

 

History

History

History

319 lines (273 loc) · 10 KB

 main

/

types.ts

Copy path

Top

File metadata and controls

• Code
• Blame

319 lines (273 loc) · 10 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

import type { UnvalidatedObject } from "../json";

import * as json from "../json";

import { isDefined } from "../util";

/**

* After parsing configurations from JSON, we don't know whether all the keys we expect are

* present or not. This type is used to represent such values, which we expect to be

* `Credential` values, but haven't validated yet.

*/

export type RawCredential = UnvalidatedObject<Credential>;

/** A schema for credential objects with a username. */

export const usernameSchema = {

/** The username needed to authenticate to the package registry, if any. */

username: json.optional(json.string),

} as const satisfies json.Schema;

/** Usernames may be present for both authentication with tokens or passwords. */

export type Username = json.FromSchema<typeof usernameSchema>;

/**

* Narrows `config` to `Username` if `config` has a `username` property.

* Not used for validation. Assumes that `config` is already a validated `AuthConfig`.

*/

export function hasUsername(config: AuthConfig): config is Username {

return "username" in config;

}

/** A schema for credential objects with a username and password. */

export const usernamePasswordSchema = {

/** The password needed to authenticate to the package registry, if any. */

password: json.optional(json.string),

...usernameSchema,

} as const satisfies json.Schema;

/**

* Fields expected for authentication based on a username and password.

* Both username and password are optional.

*/

export type UsernamePassword = json.FromSchema<typeof usernamePasswordSchema>;

/**

* Narrows `config` to `UsernamePassword` if it has a `username` and `password` property.

* Not used for validation. Assumes that `config` is already a validated `AuthConfig`.

*/

export function hasUsernameAndPassword(

config: AuthConfig,

): config is UsernamePassword {

return hasUsername(config) && "password" in config;

}

/** A schema for credential objects for token-based authentication. */

export const tokenSchema = {

/** The token needed to authenticate to the package registry, if any. */

token: json.optional(json.string),

...usernameSchema,

} as const satisfies json.Schema;

/**

* Fields expected for token-based authentication.

* Both username and token are optional.

*/

export type Token = json.FromSchema<typeof tokenSchema>;

/**

* Narrows `config` to `Token` if it has a `token` property.

* Not used for validation. Assumes that `config` is already a validated `AuthConfig`.

*/

export function hasToken(config: AuthConfig): config is Token {

return "token" in config;

}

/** Decides whether `config` is token-based. */

export function isToken(

config: UnvalidatedObject<AuthConfig>,

): config is Token {

return "token" in config && json.validateSchema(tokenSchema, config);

}

/** A schema for Azure OIDC configurations. */

export const azureConfigSchema = {

"tenant-id": json.string,

"client-id": json.string,

} as const satisfies json.Schema;

/** Configuration for Azure OIDC. */

export type AzureConfig = json.FromSchema<typeof azureConfigSchema>;

/** Decides whether `config` is an Azure OIDC configuration. */

export function isAzureConfig(

config: UnvalidatedObject<AuthConfig>,

): config is AzureConfig {

return json.validateSchema(azureConfigSchema, config);

}

/** A schema for AWS OIDC configurations. */

export const awsConfigSchema = {

"aws-region": json.string,

"account-id": json.string,

"role-name": json.string,

domain: json.string,

"domain-owner": json.string,

audience: json.optional(json.string),

} as const satisfies json.Schema;

/** Configuration for AWS OIDC. */

export type AWSConfig = json.FromSchema<typeof awsConfigSchema>;

/** Decides whether `config` is an AWS OIDC configuration. */

export function isAWSConfig(

config: UnvalidatedObject<AuthConfig>,

): config is AWSConfig {

return json.validateSchema(awsConfigSchema, config);

}

/** A schema for JFrog OIDC configurations. */

export const jfrogConfigSchema = {

"jfrog-oidc-provider-name": json.string,

audience: json.optional(json.string),

"identity-mapping-name": json.optional(json.string),

} as const satisfies json.Schema;

/** Configuration for JFrog OIDC. */

export type JFrogConfig = json.FromSchema<typeof jfrogConfigSchema>;

/** Decides whether `config` is a JFrog OIDC configuration. */

export function isJFrogConfig(

config: UnvalidatedObject<AuthConfig>,

): config is JFrogConfig {

return json.validateSchema(jfrogConfigSchema, config);

}

/** A schema for Cloudsmith OIDC configurations. */

export const cloudsmithConfigSchema = {

namespace: json.string,

"service-slug": json.string,

"api-host": json.string,

} as const satisfies json.Schema;

/** Configuration for Cloudsmith OIDC. */

export type CloudsmithConfig = json.FromSchema<typeof cloudsmithConfigSchema>;

/** Decides whether `config` is a Cloudsmith OIDC configuration. */

export function isCloudsmithConfig(

config: UnvalidatedObject<AuthConfig>,

): config is CloudsmithConfig {

return json.validateSchema(cloudsmithConfigSchema, config);

}

/** A schema for GCP OIDC configurations. */

export const gcpConfigSchema = {

"workload-identity-provider": json.string,

"service-account": json.optional(json.string),

audience: json.optional(json.string),

} as const satisfies json.Schema;

/** Configuration for GCP OIDC. */

export type GCPConfig = json.FromSchema<typeof gcpConfigSchema>;

/** Decides whether `config` is a GCP OIDC configuration. */

export function isGCPConfig(

config: UnvalidatedObject<AuthConfig>,

): config is GCPConfig {

return json.validateSchema(gcpConfigSchema, config);

}

/** An array of all OIDC configuration schemas along with output-friendly names. */

export const oidcSchemas = [

{ schema: azureConfigSchema, name: "Azure" },

{ schema: awsConfigSchema, name: "AWS" },

{ schema: jfrogConfigSchema, name: "JFrog" },

{ schema: cloudsmithConfigSchema, name: "Cloudsmith" },

{ schema: gcpConfigSchema, name: "GCP" },

];

/** Represents all supported OIDC configurations. */

export type OIDC =

| AzureConfig

| AWSConfig

| JFrogConfig

| CloudsmithConfig

| GCPConfig;

/** All authentication-related fields. */

export type AuthConfig = UsernamePassword | Token | OIDC;

/**

* A package registry configuration includes identifying information as well as

* authentication credentials.

*/

export type Credential = AuthConfig & Registry;

/**

* Pretty-prints a `Credential` value to a string, but hides the actual password or token values.

*

* @param credential The credential to convert to a string.

*/

export function credentialToStr(credential: Credential): string {

let result: string = `Type: ${credential.type};`;

const appendIfDefined = (name: string, val: string | undefined | null) => {

if (isDefined(val)) {

result += ` ${name}: ${val};`;

}

};

appendIfDefined("Url", credential.url);

appendIfDefined("Host", credential.host);

if (hasUsername(credential)) {

appendIfDefined("Username", credential.username);

}

if ("password" in credential) {

appendIfDefined(

"Password",

isDefined(credential.password) ? "***" : undefined,

);

}

if (hasToken(credential)) {

appendIfDefined("Token", isDefined(credential.token) ? "***" : undefined);

}

if (isAzureConfig(credential)) {

appendIfDefined("Tenant", credential["tenant-id"]);

appendIfDefined("Client", credential["client-id"]);

} else if (isAWSConfig(credential)) {

appendIfDefined("AWS Region", credential["aws-region"]);

appendIfDefined("AWS Account", credential["account-id"]);

appendIfDefined("AWS Role", credential["role-name"]);

appendIfDefined("AWS Domain", credential.domain);

appendIfDefined("AWS Domain Owner", credential["domain-owner"]);

appendIfDefined("AWS Audience", credential.audience);

} else if (isJFrogConfig(credential)) {

appendIfDefined("JFrog Provider", credential["jfrog-oidc-provider-name"]);

appendIfDefined(

"JFrog Identity Mapping",

credential["identity-mapping-name"],

);

appendIfDefined("JFrog Audience", credential.audience);

} else if (isCloudsmithConfig(credential)) {

appendIfDefined("Cloudsmith Namespace", credential.namespace);

appendIfDefined("Cloudsmith Service Slug", credential["service-slug"]);

appendIfDefined("Cloudsmith API Host", credential["api-host"]);

} else if (isGCPConfig(credential)) {

appendIfDefined(

"GCP Workload Identity Provider",

credential["workload-identity-provider"],

);

appendIfDefined("GCP Service Account", credential["service-account"]);

appendIfDefined("GCP Audience", credential.audience);

}

return result;

}

/** A package registry is identified by its type and address. */

export type Registry = {

/** The type of the package registry. */

type: string;

/** Whether the registry replaces the base registry for the ecosystem. */

"replaces-base"?: boolean;

} & Address;

// If a registry has an `url`, then that takes precedence over the `host` which may or may

// not be defined.

interface HasUrl {

url: string;

host?: string;

}

// If a registry does not have an `url`, then it must have a `host`.

interface WithoutUrl {

url: undefined;

host: string;

}

/**

* A valid `Registry` value must either have a `url` or a `host` value. If it has a `url` value,

* then that takes precedence over the `host` value. If there is no `url` value, then it must

* have a `host` value.

*/

export type Address = HasUrl | WithoutUrl;

/** Gets the address as a string. This will either be the `url` if present, or the `host` if not. */

export function getAddressString(address: Address): string {

if (address.url === undefined) {

return address.host;

} else {

return address.url;

}

}

export interface ProxyInfo {

host: string;

port: number;

cert: string;

registries: Registry[];

}

export type CertificateAuthority = {

cert: string;

key: string;

};

export type BasicAuthCredentials = {

username: string;

password: string;

};

/**

* Represents configurations for the authentication proxy.

*/

export type ProxyConfig = {

/** The validated configurations for the proxy. */

all_credentials: Credential[];

ca: CertificateAuthority;

proxy_auth?: BasicAuthCredentials;

};