Merge remote-tracking branch 'origin/main' into davidkna-sap_pnpm

* origin/main:
  feat: Add `getIasToken()` and `getIasDestination()` convenience functions (#6431)

Author: davidkna-sap

.changeset/empty-dryers-boil.md

@@ -0,0 +1,6 @@
+---
+'@sap-cloud-sdk/connectivity': minor
+---
+
+[New Functionality] Add `getIasDestination()` convenience function to build IAS-backed destinations.
+This function aims to offer more convenience for obtaining IAS-backed destinations outside SAP BTP-environments.

.changeset/stupid-files-create.md

@@ -0,0 +1,6 @@
+---
+'@sap-cloud-sdk/connectivity': minor
+---
+
+[New Functionality] Add `getIasToken()` convenience function to fetch IAS token.
+This function aims to offer more convenience for obtaining IAS tokens outside SAP BTP-environments.

.changeset/wild-kids-poke.md

@@ -0,0 +1,6 @@
+---
+'@sap-cloud-sdk/connectivity': minor
+---
+
+[Compatibility Note] IAS tokens are now cached via `@sap/xssec`.
+`@sap/xssec` uses an LRU cache limited to 100 items, previously this cache was unbound.

eslint.config.js

@@ -95,5 +95,25 @@ module.exports = defineConfig([
     rules: {
       'jsdoc/require-description-complete-sentence': 'off'
     }
+  },
+  {
+    // avoid circular imports via destination barrel
+    files: [
+      'packages/connectivity/src/scp-cf/token-accessor.ts'
+    ],
+    rules: {
+      'import/no-internal-modules': [
+        'error',
+        {
+          allow: [
+            '@sap-cloud-sdk/**/internal',
+            '@sap-cloud-sdk/**/internal.js',
+            '**/destination/build-ias-destination',
+            '**/destination/ias-types',
+            '**/destination/destination-service-types'
+          ]
+        }
+      ]
+    }
   }
 ]);

packages/connectivity/src/index.ts

@@ -17,6 +17,8 @@ export {
   retrieveJwt,
   jwtBearerToken,
   serviceToken,
+  getIasToken,
+  getIasDestination,
   isHttpDestination,
   assertHttpDestination,
   DestinationSelectionStrategies,
@@ -63,7 +65,9 @@ export type {
   IasOptionsBase,
   IasOptionsBusinessUser,
   IasOptionsTechnicalUser,
-  IasResource
+  IasResource,
+  IasTokenOptions,
+  IasTokenResult
 } from './scp-cf';
 
 export type {

packages/connectivity/src/scp-cf/client-credentials-token-cache.spec.ts

@@ -1,8 +1,5 @@
 import { createLogger } from '@sap-cloud-sdk/util';
-import {
-  clientCredentialsTokenCache,
-  getIasCacheKey
-} from './client-credentials-token-cache';
+import { clientCredentialsTokenCache } from './client-credentials-token-cache';
 
 const oneHourInSeconds = 60 * 60;
 
@@ -90,217 +87,4 @@ describe('ClientCredentialsTokenCache', () => {
       'Cannot create cache key for client credentials token cache. The given client ID is undefined.'
     );
   });
-
-  describe('IAS resource parameter support', () => {
-    const validToken = {
-      access_token: '1234567890',
-      token_type: 'Bearer',
-      expires_in: oneHourInSeconds * 3,
-      jti: '',
-      scope: ''
-    };
-    const iasTokenCacheData = {
-      iasInstance: 'subscriber-tenant',
-      clientId: 'clientid',
-      resource: { name: 'my-app' }
-    };
-
-    beforeEach(() => {
-      clientCredentialsTokenCache.clear();
-    });
-
-    it('should cache and retrieve token with resource name', () => {
-      clientCredentialsTokenCache.cacheIasToken(iasTokenCacheData, validToken);
-
-      const cached = clientCredentialsTokenCache.getTokenIas(iasTokenCacheData);
-
-      expect(cached).toEqual(validToken);
-    });
-
-    it('should cache and retrieve token with resource clientId', () => {
-      const resource = { providerClientId: 'resource-client-123' };
-
-      clientCredentialsTokenCache.cacheIasToken(
-        {
-          ...iasTokenCacheData,
-          resource
-        },
-        validToken
-      );
-
-      const cached = clientCredentialsTokenCache.getTokenIas({
-        ...iasTokenCacheData,
-        resource
-      });
-
-      expect(cached).toEqual(validToken);
-    });
-
-    it('should cache and retrieve token with resource clientId and tenantId', () => {
-      const resource = {
-        providerClientId: 'resource-client-123',
-        providerTenantId: 'tenant-456'
-      };
-
-      clientCredentialsTokenCache.cacheIasToken(
-        {
-          ...iasTokenCacheData,
-          resource
-        },
-        validToken
-      );
-
-      const cached = clientCredentialsTokenCache.getTokenIas({
-        ...iasTokenCacheData,
-        resource
-      });
-
-      expect(cached).toEqual(validToken);
-    });
-
-    it('should isolate cache by resource name', () => {
-      const resource1 = { name: 'app-1' };
-      const resource2 = { name: 'app-2' };
-
-      clientCredentialsTokenCache.cacheIasToken(
-        {
-          ...iasTokenCacheData,
-          resource: resource1
-        },
-        validToken
-      );
-
-      const cached1 = clientCredentialsTokenCache.getTokenIas({
-        ...iasTokenCacheData,
-        resource: resource1
-      });
-      const cached2 = clientCredentialsTokenCache.getTokenIas({
-        ...iasTokenCacheData,
-        resource: resource2
-      });
-
-      expect(cached1).toEqual(validToken);
-      expect(cached2).toBeUndefined();
-    });
-
-    it('should isolate cache by resource providerClientId', () => {
-      const resource1 = { providerClientId: 'client-1' };
-      const resource2 = { providerClientId: 'client-2' };
-
-      clientCredentialsTokenCache.cacheIasToken(
-        {
-          ...iasTokenCacheData,
-          resource: resource1
-        },
-        validToken
-      );
-
-      const cached1 = clientCredentialsTokenCache.getTokenIas({
-        ...iasTokenCacheData,
-        resource: resource1
-      });
-      const cached2 = clientCredentialsTokenCache.getTokenIas({
-        ...iasTokenCacheData,
-        resource: resource2
-      });
-
-      expect(cached1).toEqual(validToken);
-      expect(cached2).toBeUndefined();
-    });
-
-    it('should generate correct cache key with resource name', () => {
-      const key = getIasCacheKey({
-        iasInstance: 'tenant-123',
-        clientId: 'client-id',
-        resource: { name: 'my-app' }
-      });
-      expect(key).toBe('tenant-123::client-id:name=my-app');
-    });
-
-    it('should generate correct cache key with resource clientId only', () => {
-      const key = getIasCacheKey({
-        iasInstance: 'tenant-123',
-        clientId: 'client-id',
-        resource: {
-          providerClientId: 'resource-client-123'
-        }
-      });
-      expect(key).toBe(
-        'tenant-123::client-id:provider-clientId=resource-client-123'
-      );
-    });
-
-    it('should generate correct cache key with resource clientId and tenantId', () => {
-      const key = getIasCacheKey({
-        iasInstance: 'tenant-123',
-        clientId: 'client-id',
-        resource: {
-          providerClientId: 'resource-client-123',
-          providerTenantId: 'tenant-456'
-        }
-      });
-      expect(key).toBe(
-        'tenant-123::client-id:provider-clientId=resource-client-123:provider-tenantId=tenant-456'
-      );
-    });
-
-    it('should generate cache key without resource when not provided', () => {
-      const key = getIasCacheKey({
-        iasInstance: 'tenant-123',
-        clientId: 'client-id'
-      });
-      expect(key).toBe('tenant-123::client-id');
-    });
-
-    it('should isolate cache by appTid', () => {
-      clientCredentialsTokenCache.cacheIasToken(
-        {
-          ...iasTokenCacheData,
-          appTid: 'tenant-123'
-        },
-        validToken
-      );
-
-      const cached1 = clientCredentialsTokenCache.getTokenIas({
-        ...iasTokenCacheData,
-        appTid: 'tenant-123'
-      });
-      const cached2 = clientCredentialsTokenCache.getTokenIas({
-        ...iasTokenCacheData,
-        appTid: 'tenant-456'
-      });
-      const cached3 = clientCredentialsTokenCache.getTokenIas({
-        ...iasTokenCacheData
-        // No appTid
-      });
-
-      expect(cached1).toEqual(validToken);
-      expect(cached2).toBeUndefined();
-      expect(cached3).toBeUndefined();
-    });
-
-    it('should generate correct cache key with appTid', () => {
-      const key = getIasCacheKey({
-        iasInstance: 'tenant-123',
-        clientId: 'client-id',
-        appTid: 'app-tenant-456'
-      });
-      expect(key).toBe('tenant-123:app-tenant-456:client-id');
-    });
-
-    it('should generate cache key with double colon when appTid is undefined', () => {
-      const key1 = getIasCacheKey({
-        iasInstance: 'tenant-123',
-        clientId: 'client-id',
-        appTid: undefined
-      });
-      const key2 = getIasCacheKey({
-        iasInstance: 'tenant-123',
-        clientId: 'client-id'
-      });
-      // Both should produce the same key with double colon
-      expect(key1).toBe('tenant-123::client-id');
-      expect(key2).toBe('tenant-123::client-id');
-    });
-  });
 });