Merge pull request #15 from oracle/release_2020-07-28

Releasing version 1.3.0

Author: waruwaruwaru

CHANGELOG.md

@@ -3,6 +3,19 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/).
 
+## 1.3.0 - 2020-07-28
+### Added
+- Support for calling Oracle Cloud Infrastructure services in the us-sanjose-1 region
+- Support for updating the fault domain and launch options of VM instances in the Compute service
+- Support for image capability schemas and schema versions in the Compute service
+- Support for 'Patch Now' maintenance runs for autonomous Exadata infrastructure and autonomous container database resources in the Database service
+- Support for automatic performance and cost tuning on volumes in the Block Storage service
+- Support for Ephemeral Resource Principal
+
+
+### Breaking
+- Removed the accessToken field from the GitlabAccessTokenConfigurationSourceProvider model in the Resource Manager service
+
 ## 1.2.4 - 2020-07-21
 ### Added
 - Support for license types on instances in the Content and Experience service

examples/javascript/resource-principal.js

@@ -0,0 +1,20 @@
+/**
+ * Copyright (c) 2020, Oracle and/or its affiliates.  All rights reserved.
+ * This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
+ */
+
+const identity = require("oci-identity");
+const common = require("oci-common");
+
+(async () => {
+  const authenticationProvider = await common.ResourcePrincipalAuthenticationDetailsProvider.builder();
+  try {
+    const identityClient = await new identity.IdentityClient({
+      authenticationDetailsProvider: authenticationProvider
+    });
+    const regions = await identityClient.listRegions({});
+    console.log("Regions: ", JSON.stringify(regions));
+  } catch (e) {
+    throw Error(`Failed with error: ${e}`);
+  }
+})();

examples/typescript/resource-principal.ts

@@ -0,0 +1,20 @@
+/**
+ * Copyright (c) 2020, Oracle and/or its affiliates.  All rights reserved.
+ * This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
+ */
+
+import * as identity from "oci-identity";
+import common = require("oci-common");
+
+(async () => {
+  const authenticationProvider = await common.ResourcePrincipalAuthenticationDetailsProvider.builder();
+  try {
+    const identityClient = await new identity.IdentityClient({
+      authenticationDetailsProvider: authenticationProvider
+    });
+    const regions = await identityClient.listRegions({});
+    console.log("Regions: ", JSON.stringify(regions));
+  } catch (e) {
+    throw Error(`Failed with error: ${e}`);
+  }
+})();

lib/analytics/package.json

@@ -1,6 +1,6 @@
 {
   "name": "oci-analytics",
-  "version": "1.2.4",
+  "version": "1.3.0",
   "description": "OCI NodeJS client for Analytics Service",
   "repository": {
     "type": "git",

lib/announcementsservice/package.json

@@ -1,6 +1,6 @@
 {
   "name": "oci-announcementsservice",
-  "version": "1.2.4",
+  "version": "1.3.0",
   "description": "OCI NodeJS client for Announcement Service",
   "repository": {
     "type": "git",

lib/apigateway/package.json

@@ -1,6 +1,6 @@
 {
   "name": "oci-apigateway",
-  "version": "1.2.4",
+  "version": "1.3.0",
   "description": "OCI NodeJS client for API gateway service",
   "repository": {
     "type": "git",

lib/applicationmigration/package.json

@@ -1,6 +1,6 @@
 {
   "name": "oci-applicationmigration",
-  "version": "1.2.4",
+  "version": "1.3.0",
   "description": "OCI NodeJS client for Application Migration service",
   "repository": {
     "type": "git",

lib/audit/package.json

@@ -1,6 +1,6 @@
 {
   "name": "oci-audit",
-  "version": "1.2.4",
+  "version": "1.3.0",
   "description": "OCI NodeJS client for Audit Service",
   "repository": {
     "type": "git",

lib/autoscaling/package.json

@@ -1,6 +1,6 @@
 {
   "name": "oci-autoscaling",
-  "version": "1.2.4",
+  "version": "1.3.0",
   "description": "OCI NodeJS client for Autoscaling Service",
   "repository": {
     "type": "git",

lib/bds/package.json

@@ -1,6 +1,6 @@
 {
   "name": "oci-bds",
-  "version": "1.2.4",
+  "version": "1.3.0",
   "description": "OCI NodeJS client for BDS Service",
   "repository": {
     "type": "git",

lib/blockchain/package.json

@@ -1,6 +1,6 @@
 {
   "name": "oci-blockchain",
-  "version": "1.2.4",
+  "version": "1.3.0",
   "description": "OCI NodeJS client for Blockchain Service",
   "repository": {
     "type": "git",

lib/budget/package.json

@@ -1,6 +1,6 @@
 {
   "name": "oci-budget",
-  "version": "1.2.4",
+  "version": "1.3.0",
   "description": "OCI NodeJS client for Budget Service",
   "repository": {
     "type": "git",

lib/cims/package.json

@@ -1,6 +1,6 @@
 {
   "name": "oci-cims",
-  "version": "1.2.4",
+  "version": "1.3.0",
   "description": "OCI NodeJS client for Cims ",
   "repository": {
     "type": "git",

lib/common/index.ts

@@ -26,6 +26,7 @@ import {
 import { RequireOnlyOne, AuthParams } from "./lib/types";
 import { HttpRequest } from "./lib/http-request";
 import InstancePrincipalsAuthenticationDetailsProviderBuilder from "./lib/auth/instance-principals-authentication-detail-provider";
+import ResourcePrincipalAuthenticationDetailsProvider from "./lib/auth/resource-principal-authentication-details-provider";
 import {
   paginateRecords,
   genericPaginateRecords,
@@ -85,5 +86,6 @@ export {
   ConfigFileAuthenticationDetailsProvider,
   ConfigFileReader,
   InstancePrincipalsAuthenticationDetailsProviderBuilder,
+  ResourcePrincipalAuthenticationDetailsProvider,
   LOG
 };

lib/common/lib/auth/file-based-key-supplier.ts

@@ -0,0 +1,48 @@
+/**
+ * Copyright (c) 2020, Oracle and/or its affiliates.  All rights reserved.
+ * This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
+ */
+
+import SessionKeySupplier from "./models/session-key-supplier";
+import KeyPair from "./key-pair";
+import { loadPrivateKeyFromFile } from "./helpers/load-private-key-from-file";
+
+export default class FileBasedKeySupplier implements SessionKeySupplier {
+  private keyPair!: KeyPair;
+
+  constructor(private privateKeyPath: string, private passphrasePath?: string) {
+    this.refreshKeys();
+  }
+
+  // Getter: KeyPair
+  public getKeyPair(): KeyPair {
+    return this.keyPair;
+  }
+
+  // Getter: Public Key
+  public get publicKey(): string {
+    return this.getKeyPair().getPublic();
+  }
+
+  // Getter Private Key
+  public get privateKey(): string {
+    return this.getKeyPair().getPrivate();
+  }
+
+  public refreshKeys(): void {
+    if (!this.privateKeyPath) {
+      throw Error("privateKeyPath not set");
+    }
+
+    // Try to create a privateKey & publicKey from the given privateKeyPath & passphrasePath
+    try {
+      const { publicKey, privateKey } = loadPrivateKeyFromFile(
+        this.privateKeyPath,
+        this.passphrasePath
+      );
+      this.keyPair = new KeyPair(publicKey, privateKey);
+    } catch (e) {
+      throw Error(`Problem occured trying to create KeyPairs from given paths with error: ${e}`);
+    }
+  }
+}

lib/common/lib/auth/file-based-resource-principal-federation-client.ts

@@ -0,0 +1,82 @@
+/**
+ * Copyright (c) 2020, Oracle and/or its affiliates.  All rights reserved.
+ * This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
+ */
+import { readFileSync } from "fs";
+import FederationClient from "./models/federation-client";
+import SessionKeySupplier from "./models/session-key-supplier";
+import SecurityTokenAdapter from "./security-token-adapter";
+
+/**
+ * This class gets a security token from file.
+ */
+export default class FileBasedResourcePrincipalFederationClient implements FederationClient {
+  private securityTokenAdapter: SecurityTokenAdapter;
+  constructor(
+    private sessionKeySupplier: SessionKeySupplier,
+    private resourcePrincipalSessionTokenPath: string
+  ) {
+    this.sessionKeySupplier = sessionKeySupplier;
+    this.securityTokenAdapter = new SecurityTokenAdapter("", sessionKeySupplier);
+    this.resourcePrincipalSessionTokenPath = resourcePrincipalSessionTokenPath;
+  }
+
+  /**
+   * Gets a security token. If there is already a valid token cached, it will be returned. Else this will make a call
+   * to the auth service to get a new token, using the provided suppliers.
+   *
+   * This method is thread-safe.
+   * @return the security token
+   * @throws OciError If there is any issue with getting a token from the auth server
+   */
+  async getSecurityToken(): Promise<string> {
+    if (this.securityTokenAdapter.isValid()) {
+      return this.securityTokenAdapter.getSecurityToken();
+    }
+    return await this.refreshAndGetSecurityTokenInner(true);
+  }
+
+  /**
+   * Return a claim embedded in the security token
+   * @param key the name of the claim
+   * @return the value of the claim or null if unable to find
+   */
+  async getStringClaim(key: string): Promise<string | null> {
+    await this.refreshAndGetSecurityToken();
+    return this.securityTokenAdapter.getStringClaim(key);
+  }
+
+  async refreshAndGetSecurityToken(): Promise<string> {
+    return await this.refreshAndGetSecurityTokenInner(false);
+  }
+
+  private async refreshAndGetSecurityTokenInner(
+    doFinalTokenValidityCheck: boolean
+  ): Promise<string> {
+    // Check again to see if the JWT is still invalid, unless we want to skip that check
+    if (!doFinalTokenValidityCheck || !this.securityTokenAdapter.isValid()) {
+      this.sessionKeySupplier.refreshKeys();
+      this.securityTokenAdapter = this.getSecurityTokenFromFile();
+      return this.securityTokenAdapter.getSecurityToken();
+    }
+    return this.securityTokenAdapter.getSecurityToken();
+  }
+
+  /**
+   * Gets a security token from file
+   * @return the security token, which is basically a JWT token string
+   */
+  protected getSecurityTokenFromFile(): SecurityTokenAdapter {
+    const keyPair = this.sessionKeySupplier.getKeyPair();
+    if (!keyPair) {
+      throw Error("Keypair for session was not provided");
+    }
+    let securityToken = "";
+    try {
+      securityToken = readFileSync(this.resourcePrincipalSessionTokenPath, "utf8");
+    } catch (e) {
+      throw Error(`Failed to read token due to error: ${e}`);
+    }
+    return new SecurityTokenAdapter(securityToken, this.sessionKeySupplier);
+  }
+}

lib/common/lib/auth/fixed-content-key-supplier.ts

@@ -0,0 +1,51 @@
+/**
+ * Copyright (c) 2020, Oracle and/or its affiliates.  All rights reserved.
+ * This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
+ */
+
+import SessionKeySupplier from "./models/session-key-supplier";
+import KeyPair from "./key-pair";
+import { parsePrivateKey } from "sshpk";
+
+/**
+ * This is a SessionKeySupplier which fakes the ability to refresh its contained key.
+ * It is initialised once with fixed values of private key and (optional) passphrase; that key is always returned.
+ */
+
+export default class FixedContentKeySupplier implements SessionKeySupplier {
+  private keyPair: KeyPair;
+  constructor(private privateKeyContent: string, private passphrase?: string) {
+    try {
+      let options = {};
+      // parse privateKeyContent with passphrase (if it exist) into a PrivateKey
+      if (passphrase) {
+        Object.assign(options, { passphrase: passphrase });
+      }
+      const privateKey = parsePrivateKey(privateKeyContent, "auto", options);
+      const publicKey = privateKey.toPublic();
+      this.keyPair = new KeyPair(
+        publicKey.toString("pem"),
+        privateKey.toBuffer("pem", {}).toString()
+      );
+    } catch (e) {
+      throw Error(`Failed to read file contents, error: ${e}`);
+    }
+  }
+
+  // Getter: KeyPair
+  public getKeyPair(): KeyPair {
+    return this.keyPair;
+  }
+
+  // Getter: Public Key
+  public get publicKey(): string {
+    return this.getKeyPair().getPublic();
+  }
+
+  // Getter Private Key
+  public get privateKey(): string {
+    return this.getKeyPair().getPrivate();
+  }
+
+  public refreshKeys(): void {}
+}

lib/common/lib/auth/fixed-content-resource-principal-federation-client.ts

@@ -0,0 +1,40 @@
+/**
+ * Copyright (c) 2020, Oracle and/or its affiliates.  All rights reserved.
+ * This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
+ */
+
+import SessionKeySupplier from "./models/session-key-supplier";
+import SecurityTokenAdapter from "./security-token-adapter";
+import FederationClient from "./models/federation-client";
+
+/**
+ * This class returns a security token, supplied as a fixed value.
+ */
+export default class FixedContentResourcePrincipalFederationClient implements FederationClient {
+  private securityTokenAdapter: SecurityTokenAdapter;
+
+  /**
+   * Constructor of FixedContentResourcePrincipalFederationClient.
+   *
+   * @param resourcePrincipalSessionToken the constant value for the RPST
+   * @param sessionKeySupplier the associated SessionKeySupplier
+   */
+  constructor(resourcePrincipalSessionToken: string, sessionKeySupplier: SessionKeySupplier) {
+    this.securityTokenAdapter = new SecurityTokenAdapter(
+      resourcePrincipalSessionToken,
+      sessionKeySupplier
+    );
+  }
+
+  async getSecurityToken(): Promise<string> {
+    return this.securityTokenAdapter.getSecurityToken();
+  }
+
+  async refreshAndGetSecurityToken(): Promise<string> {
+    return this.securityTokenAdapter.getSecurityToken();
+  }
+
+  async getStringClaim(key: string): Promise<string | null> {
+    return this.securityTokenAdapter.getStringClaim(key);
+  }
+}