-
Notifications
You must be signed in to change notification settings - Fork 1.8k
Expand file tree
/
Copy pathgcp_machine_workflow.ts
More file actions
46 lines (41 loc) · 1.54 KB
/
gcp_machine_workflow.ts
File metadata and controls
46 lines (41 loc) · 1.54 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
import { MongoGCPError } from '../../../error';
import { get } from '../../../utils';
import type { OIDCCallbackFunction, OIDCCallbackParams, OIDCResponse } from '../mongodb_oidc';
/** GCP base URL. */
const GCP_BASE_URL =
'http://metadata/computeMetadata/v1/instance/service-accounts/default/identity';
/** GCP request headers. */
const GCP_HEADERS = Object.freeze({ 'Metadata-Flavor': 'Google' });
/** Error for when the token audience is missing in the environment. */
const TOKEN_RESOURCE_MISSING_ERROR =
'TOKEN_RESOURCE must be set in the auth mechanism properties when ENVIRONMENT is gcp.';
/**
* The callback function to be used in the automated callback workflow.
* @param params - The OIDC callback parameters.
* @returns The OIDC response.
*/
export const gcpCallback: OIDCCallbackFunction = async (
params: OIDCCallbackParams
): Promise<OIDCResponse> => {
const tokenAudience = params.tokenAudience;
if (!tokenAudience) {
throw new MongoGCPError(TOKEN_RESOURCE_MISSING_ERROR);
}
return await getGcpTokenData(tokenAudience);
};
/**
* Hit the GCP endpoint to get the token data.
*/
async function getGcpTokenData(tokenAudience: string): Promise<OIDCResponse> {
const url = new URL(GCP_BASE_URL);
url.searchParams.append('audience', tokenAudience);
const response = await get(url, {
headers: GCP_HEADERS
});
if (response.status !== 200) {
throw new MongoGCPError(
`Status code ${response.status} returned from the GCP endpoint. Response body: ${response.body}`
);
}
return { accessToken: response.body };
}