Commit 3bb4cf25 authored by Diego Molteni's avatar Diego Molteni
Browse files

fixed credential abstraction

parent 739b43b0
Pipeline #27541 passed with stages
in 18 minutes and 53 seconds
......@@ -23,7 +23,9 @@ export interface IAccessTokenModel {
}
export interface ICredentials {
getStorageCredentials(bucket: string, readonly: boolean, partitionID: string): Promise<IAccessTokenModel>;
getStorageCredentials(
tenant: string, subproject: string,
bucket: string, readonly: boolean, partitionID: string): Promise<IAccessTokenModel>;
getServiceAccountAccessToken(): Promise<IAccessTokenModel>;
getIAMResourceUrl(serviceSigner: string): string;
getAudienceForImpCredentials(): string;
......@@ -32,6 +34,7 @@ export interface ICredentials {
export abstract class AbstractCredentials implements ICredentials {
public abstract getStorageCredentials(
tenant: string, subproject: string,
bucket: string, readonly: boolean, partitionID: string): Promise<IAccessTokenModel>;
public abstract getServiceAccountAccessToken(): Promise<IAccessTokenModel>;
public abstract getIAMResourceUrl(serviceSigner: string): string;
......
......@@ -108,7 +108,9 @@ export class AzureCredentials extends AbstractCredentials {
}
}
public async getStorageCredentials(bucket: string,readonly: boolean,partition: string): Promise<IAccessTokenModel> {
public async getStorageCredentials(
tenant: string, subproject: string,
bucket: string,readonly: boolean,partition: string): Promise<IAccessTokenModel> {
const accountName = await AzureDataEcosystemServices.getStorageAccountName(partition);
const now = new Date();
const expiration = this.addMinutes(now, SasExpirationInMinutes);
......
......@@ -38,6 +38,7 @@ const KExpiresMargin = 300; // 5 minutes
export class Credentials extends AbstractCredentials {
public async getStorageCredentials(
tenant: string, subproject: string,
bucket: string, readonly: boolean, _partition: string): Promise<IAccessTokenModel> {
return {
access_token: (
......
......@@ -16,6 +16,7 @@ export class Credentials extends AbstractCredentials {
private serviceAccountAccessTokenExpiresIn = 0;
public async getStorageCredentials(
tenant: string, subproject: string,
bucket: string, readonly: boolean, partitionID: string): Promise<IAccessTokenModel> {
logger.info('In Credentials.getStorageCredentials.');
const adminClient = new KcAdminClient();
......
......@@ -79,6 +79,7 @@ export class UtilityHandler {
}
return await CredentialsFactory.build(Config.CLOUDPROVIDER).getStorageCredentials(
subproject.tenant, subproject.name,
subproject.gcs_bucket, readOnly, DESUtils.getDataPartitionID(tenant.esd));
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment