Skip to content

Latest commit

 

History

History
299 lines (223 loc) · 12.2 KB

api.md

File metadata and controls

299 lines (223 loc) · 12.2 KB
Raw

Classes

TvmClient

Client SDK for Token Vending Machine (TVM)

Functions

getDefaultAPIHost()string

Get Default APIHost based on ENV

Typedefs

OpenWhiskCredentials : object

An object holding the OpenWhisk credentials

RetryOptions : object

An object holding the Retry Options. For eg:- with a maxRetries of 5 and initialDelayInMillis of 100(ms), the 5 retries will have delays of 100, 200, 400, 800 and 1600 respectively.

TvmResponseAzureBlob : object

Tvm response with SAS Azure Blob credentials. Contains SAS credentials for a private and a publicly accessible (with access=blob) azure blob container. These two signed URLs can then be passed to the azure blob storage sdk.

TvmResponseAzurePresign : object

Tvm response with SAS Azure Presign credentials.

TvmResponseAzureRevoke : object

Tvm response for Azure Presign revoke.

TvmResponseAzureCosmos : object

Tvm response with Azure Cosmos resource credentials. Gives access to an isolated partition within a CosmosDB container.

TvmResponseAwsS3 : object

Tvm response with Aws S3 temporary credentials. These credentials give access to files in a restricted prefix: <params.Bucket>/<your-namespace>/. Other locations in the bucket cannot be accessed. The response can be passed directly to the aws sdk to instantiate the s3 object.

TvmLibErrors : object

Tvm lib custom errors

TvmClient

Client SDK for Token Vending Machine (TVM)

Kind: global class

tvmClient.getAzureBlobCredentials() ⇒ Promise.<TvmResponseAzureBlob>

Request temporary credentials for Azure blob storage. The credentials might come from a local cache.

const tvmResponse = await tvm.getAzureBlobCredentials()

const azure = require('@azure/storage-blob')
const azureCreds = new azure.AnonymousCredential()
const pipeline = azure.newPipeline(azureCreds)
const containerClientPrivate = new azure.ContainerClient(tvmResponse.sasURLPrivate, pipeline)
const containerClientPublic = new azure.ContainerClient(tvmResponse.sasURLPublic, pipeline)

Kind: instance method of TvmClient
Returns: Promise.<TvmResponseAzureBlob> - SAS credentials for Azure
Throws:

  • codes.ERROR_RESPONSE

tvmClient.getAwsS3Credentials() ⇒ Promise.<TvmResponseAwsS3>

Request temporary credentials for AWS S3. The credentials might come from a local cache.

const tvmResponse = await tvm.getAwsS3Credentials()

const aws = require('aws-sdk')
const s3 = new aws.S3(tvmResponse)

Kind: instance method of TvmClient
Returns: Promise.<TvmResponseAwsS3> - Temporary credentials for AWS S3
Throws:

  • codes.ERROR_RESPONSE

tvmClient.getAzureCosmosCredentials() ⇒ Promise.<TvmResponseAzureCosmos>

Request temporary credentials for Azure CosmosDB. The credentials might come from a local cache.

const azureCosmosCredentials = await tvm.getAzureCosmosCredentials()
const cosmos = require('@azure/cosmos')
const container = new cosmos.CosmosClient({ endpoint: azureCosmosCredentials.endpoint, tokenProvider: async () => azureCosmosCredentials.resourceToken })
                            .database(azureCosmosCredentials.databaseId)
                            .container(azureCosmosCredentials.containerId)
const data = await container.item('<itemKey>', azureCosmosCredentials.partitionKey).read()

Kind: instance method of TvmClient
Returns: Promise.<TvmResponseAzureCosmos> - Temporary credentials for Azure Cosmos
Throws:

  • codes.ERROR_RESPONSE

tvmClient.getAzureBlobPresignCredentials(options) ⇒ Promise.<TvmResponseAzurePresign>

Request presign signatures for Azure blobs.

Kind: instance method of TvmClient
Returns: Promise.<TvmResponseAzurePresign> - Temporary signature for Azure Blob
Throws:

  • codes.ERROR_RESPONSE
Param Type Description
options object presign options
options.blobName string file path
options.expiryInSeconds number presign URL expiry duration
options.permissions string premissions for presigned URL

tvmClient.revokePresignURLs() ⇒ Promise.<TvmResponseAzureRevoke>

Revoke all presigned URLs for Azure blob storage.

Kind: instance method of TvmClient
Returns: Promise.<TvmResponseAzureRevoke> - success response
Throws:

  • codes.ERROR_RESPONSE

TvmClient.init(config) ⇒ Promise.<TvmClient>

Creates a TvmClient instance

const TvmClient = require('@adobe/aio-lib-core-tvm')
const tvm = await TvmClient.init({ ow: { namespace, auth } })

Kind: static method of TvmClient
Returns: Promise.<TvmClient> - new instance
Throws:

  • codes.ERROR_BAD_ARGUMENT
Param Type Description
config object TvmClientParams
[config.apiUrl] string url to tvm api - defaults to 'https://firefly-tvm.adobe.io'
[config.ow] OpenWhiskCredentials Openwhisk credentials. As an alternative you can pass those through environment variables: __OW_NAMESPACE and __OW_API_KEY
[config.retryOptions] RetryOptions RetryOptions. Defaults to { maxRetries: 3, initialDelayInMillis: 100}
[config.cacheFile] string if omitted defaults to tmpdir/.tvmCache, use false or null to not cache

getDefaultAPIHost() ⇒ string

Get Default APIHost based on ENV

Kind: global function
Returns: string - default api host

OpenWhiskCredentials : object

An object holding the OpenWhisk credentials

Kind: global typedef
Properties

Name Type Description
namespace string user namespace
auth string auth key

RetryOptions : object

An object holding the Retry Options. For eg:- with a maxRetries of 5 and initialDelayInMillis of 100(ms), the 5 retries will have delays of 100, 200, 400, 800 and 1600 respectively.

Kind: global typedef
Properties

Name Type Description
maxRetries number max number of retries
initialDelayInMillis number initial delay in milliseconds (increases exponentially for every retry)

TvmResponseAzureBlob : object

Tvm response with SAS Azure Blob credentials. Contains SAS credentials for a private and a publicly accessible (with access=blob) azure blob container. These two signed URLs can then be passed to the azure blob storage sdk.

Kind: global typedef
Properties

Name Type Description
sasURLPrivate string sas url to existing private azure blob container
sasURLPublic string sas url to existing public (with access=blob) azure blob container
expiration string expiration date ISO/UTC

TvmResponseAzurePresign : object

Tvm response with SAS Azure Presign credentials.

Kind: global typedef
Properties

Name Type Description
signature string sas signature for the blob

TvmResponseAzureRevoke : object

Tvm response for Azure Presign revoke.

Kind: global typedef

TvmResponseAzureCosmos : object

Tvm response with Azure Cosmos resource credentials. Gives access to an isolated partition within a CosmosDB container.

Kind: global typedef
Properties

Name Type Description
endpoint string cosmosdb resource endpoint
resourceToken string cosmosdb resource token restricted to access the items in the partitionKey
databaseId string id for cosmosdb database
containerId string id for cosmosdb container within database
partitionKey string key for cosmosdb partition within container authorized by resource token
expiration string expiration date ISO/UTC

TvmResponseAwsS3 : object

Tvm response with Aws S3 temporary credentials. These credentials give access to files in a restricted prefix: <params.Bucket>/<your-namespace>/. Other locations in the bucket cannot be accessed. The response can be passed directly to the aws sdk to instantiate the s3 object.

Kind: global typedef
Properties

Name Type Description
accessKeyId string key id
secretAccessKey string secret for key
sessionToken string token
expiration string date ISO/UTC
params object properties of storage object
params.Bucket string bucket name

TvmLibErrors : object

Tvm lib custom errors

Kind: global typedef
Properties

Name Type Description
ERROR_BAD_ARGUMENT TvmLibError this error is thrown when an argument is missing or has invalid type
ERROR_RESPONSE TvmLibError this error is thrown when the TVM server returns an error response (e.g 401 unauthorized for missing Authorization header or 403 for bad credentials). The status can be retrieved from the e.sdkDetails.status field and the body from e.sdkDetails.body