Skip to content

feat(confidentialhttp): align AuthConfig SDK with new proto shape #248

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wentzeld wants to merge 4 commits into
base: main
Choose a base branch
from
Draft

feat(confidentialhttp): align AuthConfig SDK with new proto shape #248

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
077c8f9
feat(confidentialhttp): TS SDK helpers for AuthConfig
wentzeld Apr 18, 2026
303671e
feat(confidentialhttp): align AuthConfig SDK with new proto shape. Bu…
wentzeld Apr 29, 2026
50d7576
fix(build): tighten fix-imports regex to exclude newlines in @cre/ ma…
wentzeld May 12, 2026
0ef26eb
feat(confidentialhttp): add MtlsInput, buildMtlsConfig and regenerate…
wentzeld May 12, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion packages/cre-sdk/scripts/src/fix-imports.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ const fixImports = async () => {
const content = await readFile(file, 'utf-8')

// Replace @cre/* imports with relative paths
const fixedContent = content.replace(/@cre\/([^'"]*)/g, (_, path) => {
const fixedContent = content.replace(/@cre\/([A-Za-z0-9/_.\-]+)/g, (_, path) => {
// Convert @cre/sdk/utils to relative path from current file
const currentDir = dirname(file)
const targetPath = join(process.cwd(), 'dist', path)
Expand Down
1,744 changes: 1,455 additions & 289 deletions packages/cre-sdk/src/generated/capabilities/networking/confidentialhttp/v1alpha/client_pb.ts
View file
Open in desktop

Large diffs are not rendered by default.

16 changes: 15 additions & 1 deletion packages/cre-sdk/src/generated/tools/generator/v1alpha/cre_metadata_pb.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ import { file_sdk_v1alpha_sdk } from '../../../sdk/v1alpha/sdk_pb'
export const file_tools_generator_v1alpha_cre_metadata: GenFile =
/*@__PURE__*/
fileDesc(
'Cip0b29scy9nZW5lcmF0b3IvdjFhbHBoYS9jcmVfbWV0YWRhdGEucHJvdG8SF3Rvb2xzLmdlbmVyYXRvci52MWFscGhhIoQBCgtTdHJpbmdMYWJlbBJECghkZWZhdWx0cxgBIAMoCzIyLnRvb2xzLmdlbmVyYXRvci52MWFscGhhLlN0cmluZ0xhYmVsLkRlZmF1bHRzRW50cnkaLwoNRGVmYXVsdHNFbnRyeRILCgNrZXkYASABKAkSDQoFdmFsdWUYAiABKAk6AjgBIogBCgtVaW50NjRMYWJlbBJECghkZWZhdWx0cxgBIAMoCzIyLnRvb2xzLmdlbmVyYXRvci52MWFscGhhLlVpbnQ2NExhYmVsLkRlZmF1bHRzRW50cnkaMwoNRGVmYXVsdHNFbnRyeRILCgNrZXkYASABKAkSEQoFdmFsdWUYAiABKARCAjAAOgI4ASKEAQoLVWludDMyTGFiZWwSRAoIZGVmYXVsdHMYASADKAsyMi50b29scy5nZW5lcmF0b3IudjFhbHBoYS5VaW50MzJMYWJlbC5EZWZhdWx0c0VudHJ5Gi8KDURlZmF1bHRzRW50cnkSCwoDa2V5GAEgASgJEg0KBXZhbHVlGAIgASgNOgI4ASKGAQoKSW50NjRMYWJlbBJDCghkZWZhdWx0cxgBIAMoCzIxLnRvb2xzLmdlbmVyYXRvci52MWFscGhhLkludDY0TGFiZWwuRGVmYXVsdHNFbnRyeRozCg1EZWZhdWx0c0VudHJ5EgsKA2tleRgBIAEoCRIRCgV2YWx1ZRgCIAEoA0ICMAA6AjgBIoIBCgpJbnQzMkxhYmVsEkMKCGRlZmF1bHRzGAEgAygLMjEudG9vbHMuZ2VuZXJhdG9yLnYxYWxwaGEuSW50MzJMYWJlbC5EZWZhdWx0c0VudHJ5Gi8KDURlZmF1bHRzRW50cnkSCwoDa2V5GAEgASgJEg0KBXZhbHVlGAIgASgFOgI4ASLBAgoFTGFiZWwSPAoMc3RyaW5nX2xhYmVsGAEgASgLMiQudG9vbHMuZ2VuZXJhdG9yLnYxYWxwaGEuU3RyaW5nTGFiZWxIABI8Cgx1aW50NjRfbGFiZWwYAiABKAsyJC50b29scy5nZW5lcmF0b3IudjFhbHBoYS5VaW50NjRMYWJlbEgAEjoKC2ludDY0X2xhYmVsGAMgASgLMiMudG9vbHMuZ2VuZXJhdG9yLnYxYWxwaGEuSW50NjRMYWJlbEgAEjwKDHVpbnQzMl9sYWJlbBgEIAEoCzIkLnRvb2xzLmdlbmVyYXRvci52MWFscGhhLlVpbnQzMkxhYmVsSAASOgoLaW50MzJfbGFiZWwYBSABKAsyIy50b29scy5nZW5lcmF0b3IudjFhbHBoYS5JbnQzMkxhYmVsSABCBgoEa2luZCLkAQoSQ2FwYWJpbGl0eU1ldGFkYXRhEh8KBG1vZGUYASABKA4yES5zZGsudjFhbHBoYS5Nb2RlEhUKDWNhcGFiaWxpdHlfaWQYAiABKAkSRwoGbGFiZWxzGAMgAygLMjcudG9vbHMuZ2VuZXJhdG9yLnYxYWxwaGEuQ2FwYWJpbGl0eU1ldGFkYXRhLkxhYmVsc0VudHJ5Gk0KC0xhYmVsc0VudHJ5EgsKA2tleRgBIAEoCRItCgV2YWx1ZRgCIAEoCzIeLnRvb2xzLmdlbmVyYXRvci52MWFscGhhLkxhYmVsOgI4ASI2ChhDYXBhYmlsaXR5TWV0aG9kTWV0YWRhdGESGgoSbWFwX3RvX3VudHlwZWRfYXBpGAEgASgIOm4KCmNhcGFiaWxpdHkSHy5nb29nbGUucHJvdG9idWYuU2VydmljZU9wdGlvbnMY0IYDIAEoCzIrLnRvb2xzLmdlbmVyYXRvci52MWFscGhhLkNhcGFiaWxpdHlNZXRhZGF0YVIKY2FwYWJpbGl0eTprCgZtZXRob2QSHi5nb29nbGUucHJvdG9idWYuTWV0aG9kT3B0aW9ucxjRhgMgASgLMjEudG9vbHMuZ2VuZXJhdG9yLnYxYWxwaGEuQ2FwYWJpbGl0eU1ldGhvZE1ldGFkYXRhUgZtZXRob2RCrwEKG2NvbS50b29scy5nZW5lcmF0b3IudjFhbHBoYUIQQ3JlTWV0YWRhdGFQcm90b1ABogIDVEdYqgIXVG9vbHMuR2VuZXJhdG9yLlYxYWxwaGHKAhhUb29sc1xHZW5lcmF0b3JfXFYxYWxwaGHiAiRUb29sc1xHZW5lcmF0b3JfXFYxYWxwaGFcR1BCTWV0YWRhdGHqAhlUb29sczo6R2VuZXJhdG9yOjpWMWFscGhhYgZwcm90bzM',
'Cip0b29scy9nZW5lcmF0b3IvdjFhbHBoYS9jcmVfbWV0YWRhdGEucHJvdG8SF3Rvb2xzLmdlbmVyYXRvci52MWFscGhhIoQBCgtTdHJpbmdMYWJlbBJECghkZWZhdWx0cxgBIAMoCzIyLnRvb2xzLmdlbmVyYXRvci52MWFscGhhLlN0cmluZ0xhYmVsLkRlZmF1bHRzRW50cnkaLwoNRGVmYXVsdHNFbnRyeRILCgNrZXkYASABKAkSDQoFdmFsdWUYAiABKAk6AjgBIogBCgtVaW50NjRMYWJlbBJECghkZWZhdWx0cxgBIAMoCzIyLnRvb2xzLmdlbmVyYXRvci52MWFscGhhLlVpbnQ2NExhYmVsLkRlZmF1bHRzRW50cnkaMwoNRGVmYXVsdHNFbnRyeRILCgNrZXkYASABKAkSEQoFdmFsdWUYAiABKARCAjAAOgI4ASKEAQoLVWludDMyTGFiZWwSRAoIZGVmYXVsdHMYASADKAsyMi50b29scy5nZW5lcmF0b3IudjFhbHBoYS5VaW50MzJMYWJlbC5EZWZhdWx0c0VudHJ5Gi8KDURlZmF1bHRzRW50cnkSCwoDa2V5GAEgASgJEg0KBXZhbHVlGAIgASgNOgI4ASKGAQoKSW50NjRMYWJlbBJDCghkZWZhdWx0cxgBIAMoCzIxLnRvb2xzLmdlbmVyYXRvci52MWFscGhhLkludDY0TGFiZWwuRGVmYXVsdHNFbnRyeRozCg1EZWZhdWx0c0VudHJ5EgsKA2tleRgBIAEoCRIRCgV2YWx1ZRgCIAEoA0ICMAA6AjgBIoIBCgpJbnQzMkxhYmVsEkMKCGRlZmF1bHRzGAEgAygLMjEudG9vbHMuZ2VuZXJhdG9yLnYxYWxwaGEuSW50MzJMYWJlbC5EZWZhdWx0c0VudHJ5Gi8KDURlZmF1bHRzRW50cnkSCwoDa2V5GAEgASgJEg0KBXZhbHVlGAIgASgFOgI4ASLTAgoFTGFiZWwSEAoIb3B0aW9uYWwYBiABKAgSPAoMc3RyaW5nX2xhYmVsGAEgASgLMiQudG9vbHMuZ2VuZXJhdG9yLnYxYWxwaGEuU3RyaW5nTGFiZWxIABI8Cgx1aW50NjRfbGFiZWwYAiABKAsyJC50b29scy5nZW5lcmF0b3IudjFhbHBoYS5VaW50NjRMYWJlbEgAEjoKC2ludDY0X2xhYmVsGAMgASgLMiMudG9vbHMuZ2VuZXJhdG9yLnYxYWxwaGEuSW50NjRMYWJlbEgAEjwKDHVpbnQzMl9sYWJlbBgEIAEoCzIkLnRvb2xzLmdlbmVyYXRvci52MWFscGhhLlVpbnQzMkxhYmVsSAASOgoLaW50MzJfbGFiZWwYBSABKAsyIy50b29scy5nZW5lcmF0b3IudjFhbHBoYS5JbnQzMkxhYmVsSABCBgoEa2luZCLkAQoSQ2FwYWJpbGl0eU1ldGFkYXRhEh8KBG1vZGUYASABKA4yES5zZGsudjFhbHBoYS5Nb2RlEhUKDWNhcGFiaWxpdHlfaWQYAiABKAkSRwoGbGFiZWxzGAMgAygLMjcudG9vbHMuZ2VuZXJhdG9yLnYxYWxwaGEuQ2FwYWJpbGl0eU1ldGFkYXRhLkxhYmVsc0VudHJ5Gk0KC0xhYmVsc0VudHJ5EgsKA2tleRgBIAEoCRItCgV2YWx1ZRgCIAEoCzIeLnRvb2xzLmdlbmVyYXRvci52MWFscGhhLkxhYmVsOgI4ASI2ChhDYXBhYmlsaXR5TWV0aG9kTWV0YWRhdGESGgoSbWFwX3RvX3VudHlwZWRfYXBpGAEgASgIOm4KCmNhcGFiaWxpdHkSHy5nb29nbGUucHJvdG9idWYuU2VydmljZU9wdGlvbnMY0IYDIAEoCzIrLnRvb2xzLmdlbmVyYXRvci52MWFscGhhLkNhcGFiaWxpdHlNZXRhZGF0YVIKY2FwYWJpbGl0eTprCgZtZXRob2QSHi5nb29nbGUucHJvdG9idWYuTWV0aG9kT3B0aW9ucxjRhgMgASgLMjEudG9vbHMuZ2VuZXJhdG9yLnYxYWxwaGEuQ2FwYWJpbGl0eU1ldGhvZE1ldGFkYXRhUgZtZXRob2RCrwEKG2NvbS50b29scy5nZW5lcmF0b3IudjFhbHBoYUIQQ3JlTWV0YWRhdGFQcm90b1ABogIDVEdYqgIXVG9vbHMuR2VuZXJhdG9yLlYxYWxwaGHKAhhUb29sc1xHZW5lcmF0b3JfXFYxYWxwaGHiAiRUb29sc1xHZW5lcmF0b3JfXFYxYWxwaGFcR1BCTWV0YWRhdGHqAhlUb29sczo6R2VuZXJhdG9yOjpWMWFscGhhYgZwcm90bzM',
[file_google_protobuf_descriptor, file_sdk_v1alpha_sdk],
)

Expand Down Expand Up @@ -164,6 +164,13 @@ export const Int32LabelSchema: GenMessage<Int32Label, { jsonType: Int32LabelJson
* @generated from message tools.generator.v1alpha.Label
*/
export type Label = Message<'tools.generator.v1alpha.Label'> & {
/**
* When true, the label is not required and will only be included in the capability ID when set.
*
* @generated from field: bool optional = 6;
*/
optional: boolean

/**
* @generated from oneof tools.generator.v1alpha.Label.kind
*/
Expand Down Expand Up @@ -210,6 +217,13 @@ export type Label = Message<'tools.generator.v1alpha.Label'> & {
* @generated from message tools.generator.v1alpha.Label
*/
export type LabelJson = {
/**
* When true, the label is not required and will only be included in the capability ID when set.
*
* @generated from field: bool optional = 6;
*/
optional?: boolean

/**
* @generated from field: tools.generator.v1alpha.StringLabel string_label = 1;
*/
Expand Down
135 changes: 135 additions & 0 deletions packages/cre-sdk/src/sdk/cre/__tests__/confidentialhttp.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,135 @@
import { describe, expect, test } from 'bun:test'
import { buildAuthConfig } from '@cre/sdk/cre/confidentialhttp'

describe('buildAuthConfig', () => {
test('apiKey variant', () => {
const a = buildAuthConfig({
kind: 'apiKey',
headerName: 'x-api-key',
secret: { key: 'cg' },
})
expect(a.apiKey?.headerName).toBe('x-api-key')
expect(a.apiKey?.secret?.key).toBe('cg')
expect(a.apiKey?.valuePrefix).toBe('')
})

test('apiKey with valuePrefix', () => {
const a = buildAuthConfig({
kind: 'apiKey',
headerName: 'Authorization',
secret: { key: 'tok' },
valuePrefix: 'ApiKey ',
})
expect(a.apiKey?.valuePrefix).toBe('ApiKey ')
})

test('basic variant', () => {
const a = buildAuthConfig({
kind: 'basic',
username: { key: 'u' },
password: { key: 'p' },
})
expect(a.basic?.username?.secret?.key).toBe('u')
expect(a.basic?.password?.key).toBe('p')
})

test('basic with plain username', () => {
const a = buildAuthConfig({
kind: 'basic',
username: 'public-user',
password: { key: 'p' },
})
expect(a.basic?.username?.plain).toBe('public-user')
expect(a.basic?.password?.key).toBe('p')
})

test('bearer with overrides', () => {
const a = buildAuthConfig({
kind: 'bearer',
token: { key: 'pat' },
headerName: 'Authorization',
valuePrefix: 'token ',
})
expect(a.bearer?.token?.key).toBe('pat')
expect(a.bearer?.headerName).toBe('Authorization')
expect(a.bearer?.valuePrefix).toBe('token ')
})

test('hmacSha256', () => {
const a = buildAuthConfig({
kind: 'hmacSha256',
secret: { key: 'k' },
signatureHeader: 'X-Sig',
encoding: 'base64',
includeQuery: true,
})
expect(a.hmac?.sha256?.signatureHeader).toBe('X-Sig')
expect(a.hmac?.sha256?.includeQuery).toBe(true)
expect(a.hmac?.sha256?.encoding).toBe('base64')
})

test('awsSigV4 with all options', () => {
const a = buildAuthConfig({
kind: 'awsSigV4',
accessKeyId: { key: 'ak' },
secretAccessKey: { key: 'sk' },
sessionToken: { key: 'st' },
region: 'us-east-1',
service: 's3',
signedHeaders: ['host', 'x-amz-date'],
unsignedPayload: true,
})
const v = a.hmac?.awsSigV4
expect(v?.accessKeyId?.secret?.key).toBe('ak')
expect(v?.secretAccessKey?.key).toBe('sk')
expect(v?.sessionToken?.key).toBe('st')
expect(v?.signedHeaders?.length).toBe(2)
expect(v?.unsignedPayload).toBe(true)
})

test('hmacCustom sha512', () => {
const a = buildAuthConfig({
kind: 'hmacCustom',
secret: { key: 'k' },
canonicalTemplate: '{{.method}}',
hash: 'sha512',
signatureHeader: 'X-Sig',
signaturePrefix: 'HMAC-SHA512 ',
})
expect(a.hmac?.custom?.hash).toBe('HASH_SHA512')
expect(a.hmac?.custom?.signaturePrefix).toBe('HMAC-SHA512 ')
})

test('oauth2 clientCredentials', () => {
const a = buildAuthConfig({
kind: 'oauth2ClientCredentials',
tokenUrl: 'https://idp/token',
clientId: { key: 'cid' },
clientSecret: { key: 'csec' },
scopes: ['read', 'write'],
audience: 'aud',
clientAuthMethod: 'requestBody',
extraParams: { foo: 'bar' },
})
const v = a.oauth2?.clientCredentials
expect(v?.tokenUrl).toBe('https://idp/token')
expect(v?.scopes).toEqual(['read', 'write'])
expect(v?.clientAuthMethod).toBe('request_body')
expect(v?.extraParams?.foo).toBe('bar')
})

test('oauth2 refreshToken', () => {
const a = buildAuthConfig({
kind: 'oauth2RefreshToken',
tokenUrl: 'https://idp/token',
refreshToken: { key: 'rt' },
clientId: { key: 'cid' },
clientSecret: { key: 'csec' },
scopes: ['read'],
})
const v = a.oauth2?.refreshToken
expect(v?.refreshToken?.key).toBe('rt')
expect(v?.clientId?.secret?.key).toBe('cid')
expect(v?.clientSecret?.key).toBe('csec')
})
})
Loading
Loading