Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Unify Base AuthClient Options #1663

Merged
merged 31 commits into from
Oct 26, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
31 commits
Select commit Hold shift + click to select a range
17a0bb2
feat: Expose `Gaxios` instance and default
d-goog Oct 5, 2023
e46e52d
feat: Unify Base `AuthClient` Options
d-goog Oct 5, 2023
5a76083
docs: clean up documentation
d-goog Oct 5, 2023
4537900
chore: Discourage external use via `@internal`
d-goog Oct 5, 2023
2990ab4
refactor: minor
d-goog Oct 5, 2023
efb563e
refactor: clean up `transporter` interface, options, and docs
d-goog Oct 5, 2023
5d54c94
Merge branch 'main' into authclient-enhancements
d-goog Oct 6, 2023
33898c5
Merge branch 'main' of github.com:googleapis/google-auth-library-node…
d-goog Oct 9, 2023
0c9df61
Merge branch 'main' of github.com:googleapis/google-auth-library-node…
d-goog Oct 10, 2023
690b6c7
Merge branch 'main' of github.com:googleapis/google-auth-library-node…
d-goog Oct 10, 2023
9803cfe
test: Init tests for `AuthClient`
d-goog Oct 10, 2023
e126bf3
fix: Use entire `JWT` to create accurate `createScoped`
d-goog Oct 11, 2023
d8e817b
chore: update `typescript` in fixtures
d-goog Oct 11, 2023
fad54d5
test: Use Sinon Fake Timer to Avoid Flaky Time Issue (#1667)
d-goog Oct 11, 2023
c1e28fb
Merge branch 'main' into authclient-enhancements
d-goog Oct 12, 2023
ef6aa2e
Merge branch 'main' into authclient-enhancements
d-goog Oct 12, 2023
f950465
docs(sample): Improve `keepAlive` sample with `transporterOptions`
d-goog Oct 16, 2023
2cbc9c4
docs: Docs-deprecate `additionalOptions`
d-goog Oct 20, 2023
d09348f
refactor: un-alias `getOriginalOrCamel`
d-goog Oct 20, 2023
88edee3
chore: remove confusing duplicate interface
d-goog Oct 20, 2023
aca07c6
docs: nit
d-goog Oct 20, 2023
52ba511
Merge branch 'main' into authclient-enhancements
d-goog Oct 23, 2023
26d5300
Merge branch 'main' of github.com:googleapis/google-auth-library-node…
d-goog Oct 25, 2023
aaf3545
docs: Improve camelCased option documentation
d-goog Oct 25, 2023
cac4b73
refactor: Unify `OriginalAndCamel` & `SnakeToCamelObject`
d-goog Oct 25, 2023
9af953f
docs: Add issue tracking link
d-goog Oct 25, 2023
f4c1cc8
refactor: Replace `getOriginalOrCamel` with a cleaner API
d-goog Oct 26, 2023
6a54219
feat: Allow optional `obj`
d-goog Oct 26, 2023
364af4d
refactor: re-add `SnakeToCamelObject`
d-goog Oct 26, 2023
8ea14f0
refactor: dedupe interface for now
d-goog Oct 26, 2023
99e1204
feat: Add camelCase options for `IdentityPoolClient`
d-goog Oct 26, 2023
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 11 additions & 6 deletions samples/keepalive.js
Original file line number Diff line number Diff line change
Expand Up @@ -30,21 +30,26 @@ const https = require('https');
* Acquire a client, and make a request to an API that's enabled by default.
*/
async function main() {
// create a new agent with keepAlive enabled.
const agent = new https.Agent({keepAlive: true});

const auth = new GoogleAuth({
scopes: 'https://www.googleapis.com/auth/cloud-platform',
clientOptions: {
transporterOptions: {
agent,
},
},
});
const client = await auth.getClient();
const projectId = await auth.getProjectId();
const url = `https://dns.googleapis.com/dns/v1/projects/${projectId}`;

// create a new agent with keepAlive enabled
const agent = new https.Agent({keepAlive: true});

// use the agent as an Axios config param to make the request
const res = await client.request({url, agent});
// the agent uses the provided agent.
const res = await client.request({url});
console.log(res.data);

// Re-use the same agent to make the next request over the same connection
// Can also use another agent per-request.
const res2 = await client.request({url, agent});
console.log(res2.data);
}
Expand Down
137 changes: 124 additions & 13 deletions src/auth/authclient.ts
Original file line number Diff line number Diff line change
Expand Up @@ -13,31 +13,116 @@
// limitations under the License.

import {EventEmitter} from 'events';
import {GaxiosOptions, GaxiosPromise, GaxiosResponse} from 'gaxios';
import {Gaxios, GaxiosOptions, GaxiosPromise, GaxiosResponse} from 'gaxios';

import {DefaultTransporter, Transporter} from '../transporters';
import {Credentials} from './credentials';
import {Headers} from './oauth2client';
import {OriginalAndCamel, originalOrCamelOptions} from '../util';

/**
* Defines the root interface for all clients that generate credentials
* for calling Google APIs. All clients should implement this interface.
* Base auth configurations (e.g. from JWT or `.json` files) with conventional
* camelCased options.
*
* @privateRemarks
*
* This interface is purposely not exported so that it can be removed once
* {@link https://github.com/microsoft/TypeScript/issues/50715} has been
* resolved. Then, we can use {@link OriginalAndCamel} to shrink this interface.
*
* Tracking: {@link https://github.com/googleapis/google-auth-library-nodejs/issues/1686}
*/
export interface CredentialsClient {
interface AuthJSONOptions {
/**
* The project ID corresponding to the current credentials if available.
*/
projectId?: string | null;
project_id: string | null;
/**
* An alias for {@link AuthJSONOptions.project_id `project_id`}.
*/
projectId: AuthJSONOptions['project_id'];

/**
* The quota project ID. The quota project can be used by client libraries for the billing purpose.
* See {@link https://cloud.google.com/docs/quota Working with quotas}
*/
quota_project_id: string;

/**
* An alias for {@link AuthJSONOptions.quota_project_id `quota_project_id`}.
*/
quotaProjectId: AuthJSONOptions['quota_project_id'];

/**
* The default service domain for a given Cloud universe.
*/
universe_domain: string;

/**
* An alias for {@link AuthJSONOptions.universe_domain `universe_domain`}.
*/
universeDomain: AuthJSONOptions['universe_domain'];
}

/**
* Base `AuthClient` configuration.
*
* The camelCased options are aliases of the snake_cased options, supporting both
* JSON API and JS conventions.
*/
export interface AuthClientOptions
extends Partial<OriginalAndCamel<AuthJSONOptions>> {
credentials?: Credentials;

/**
* A `Gaxios` or `Transporter` instance to use for `AuthClient` requests.
*/
transporter?: Gaxios | Transporter;

/**
* Provides default options to the transporter, such as {@link GaxiosOptions.agent `agent`} or
* {@link GaxiosOptions.retryConfig `retryConfig`}.
*/
transporterOptions?: GaxiosOptions;

/**
* The expiration threshold in milliseconds before forcing token refresh.
* The expiration threshold in milliseconds before forcing token refresh of
* unexpired tokens.
*/
eagerRefreshThresholdMillis: number;
eagerRefreshThresholdMillis?: number;

/**
* Whether to force refresh on failure when making an authorization request.
* Whether to attempt to refresh tokens on status 401/403 responses
* even if an attempt is made to refresh the token preemptively based
* on the expiry_date.
*/
forceRefreshOnFailure: boolean;
forceRefreshOnFailure?: boolean;
}

/**
* The default cloud universe
*
* @see {@link AuthJSONOptions.universe_domain}
*/
export const DEFAULT_UNIVERSE = 'googleapis.com';

/**
* The default {@link AuthClientOptions.eagerRefreshThresholdMillis}
*/
export const DEFAULT_EAGER_REFRESH_THRESHOLD_MILLIS = 5 * 60 * 1000;

/**
* Defines the root interface for all clients that generate credentials
* for calling Google APIs. All clients should implement this interface.
*/
export interface CredentialsClient {
projectId?: AuthClientOptions['projectId'];
eagerRefreshThresholdMillis: NonNullable<
AuthClientOptions['eagerRefreshThresholdMillis']
>;
forceRefreshOnFailure: NonNullable<
AuthClientOptions['forceRefreshOnFailure']
>;

/**
* @return A promise that resolves with the current GCP access token
Expand Down Expand Up @@ -88,16 +173,42 @@ export abstract class AuthClient
extends EventEmitter
implements CredentialsClient
{
projectId?: string | null;
/**
* The quota project ID. The quota project can be used by client libraries for the billing purpose.
* See {@link https://cloud.google.com/docs/quota| Working with quotas}
* See {@link https://cloud.google.com/docs/quota Working with quotas}
*/
quotaProjectId?: string;
transporter: Transporter = new DefaultTransporter();
transporter: Transporter;
credentials: Credentials = {};
projectId?: string | null;
eagerRefreshThresholdMillis = 5 * 60 * 1000;
eagerRefreshThresholdMillis = DEFAULT_EAGER_REFRESH_THRESHOLD_MILLIS;
forceRefreshOnFailure = false;
universeDomain = DEFAULT_UNIVERSE;

constructor(opts: AuthClientOptions = {}) {
super();

const options = originalOrCamelOptions(opts);

// Shared auth options
this.projectId = options.get('project_id') ?? null;
this.quotaProjectId = options.get('quota_project_id');
this.credentials = options.get('credentials') ?? {};
this.universeDomain = options.get('universe_domain') ?? DEFAULT_UNIVERSE;

// Shared client options
this.transporter = opts.transporter ?? new DefaultTransporter();
aeitzman marked this conversation as resolved.
Show resolved Hide resolved

if (opts.transporterOptions) {
this.transporter.defaults = opts.transporterOptions;
}

if (opts.eagerRefreshThresholdMillis) {
this.eagerRefreshThresholdMillis = opts.eagerRefreshThresholdMillis;
}

this.forceRefreshOnFailure = opts.forceRefreshOnFailure ?? false;
}

/**
* Provides an alternative Gaxios request implementation with auth credentials
Expand Down
15 changes: 10 additions & 5 deletions src/auth/awsclient.ts
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,8 @@ import {
BaseExternalAccountClient,
BaseExternalAccountClientOptions,
} from './baseexternalclient';
import {RefreshOptions, Headers} from './oauth2client';
import {Headers} from './oauth2client';
import {AuthClientOptions} from './authclient';

/**
* AWS credentials JSON interface. This is used for AWS workloads.
Expand Down Expand Up @@ -81,11 +82,15 @@ export class AwsClient extends BaseExternalAccountClient {
* An error is thrown if the credential is not a valid AWS credential.
* @param options The external account options object typically loaded
* from the external account JSON credential file.
* @param additionalOptions Optional additional behavior customization
* options. These currently customize expiration threshold time and
* whether to retry on 401/403 API request errors.
* @param additionalOptions **DEPRECATED, all options are available in the
* `options` parameter.** Optional additional behavior customization options.
* These currently customize expiration threshold time and whether to retry
* on 401/403 API request errors.
*/
constructor(options: AwsClientOptions, additionalOptions?: RefreshOptions) {
constructor(
options: AwsClientOptions,
additionalOptions?: AuthClientOptions
) {
super(options, additionalOptions);
this.environmentId = options.credential_source.environment_id;
// This is only required if the AWS region is not available in the
Expand Down
Loading
Loading