How to use the taskcluster-client.createTemporaryCredentials function in taskcluster-client
To help you get started, weβve selected a few taskcluster-client examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
taskcluster / taskcluster / services / web-server / src / login / User.js View on Github 
assert(options);
if (!this.identity) {
return {credentials: null, expires: null};
}
const scopes = this.scopes();
// take the soonest expiry
let expires = taskcluster.fromNow(options.expiry);
if (this.expires && this.expires < expires) {
expires = this.expires;
}
return {
expires,
credentials: taskcluster.createTemporaryCredentials({
clientId: this.identity,
start: taskcluster.fromNow(options.startOffset),
expiry: expires,
scopes,
credentials: options.credentials,
}),
};
}
};var renderIndex = async function(authFailed, req, res) {
let credentials = {
clientId: '',
accessToken: '',
certificate: 'Internal server error'
};
try {
// Load client so we can sign
let client = await req.app.globals.Client.load({
clientId: req.app.globals.clientIdForTempCreds
});
credentials = taskcluster.createTemporaryCredentials({
start: new Date(),
// good for three days
expiry: new Date(new Date().getTime() + 3 * 24 * 60 * 60 * 1000),
// use the client's role without expanding them, so that the temporary
// credentials track changes to roles
scopes: ['assume:client-id:' + client.clientId],
credentials: {
clientId: client.clientId,
accessToken: client.accessToken
}
});
} catch (err) {
debug("Error loading client: %s, as JSON: %j", err, err, err.stack);
}
if (typeof(credentials.certificate) !== 'string') {createCredentials(options) {
assert(options);
if (!this.identity) {
return {credentials: null, expires: null};
}
let scopes = this.scopes();
// take the soonest expiry
let expires = taskcluster.fromNow(options.expiry);
if (this.expires && this.expires < expires) {
expires = this.expires;
}
return {
expires,
credentials: taskcluster.createTemporaryCredentials({
clientId: this.identity,
start: taskcluster.fromNow(options.startOffset),
expiry: expires,
scopes,
credentials: options.credentials,
}),
};
}// Find the run that we (may) have modified
run = task.runs[runId];
// If run isn't running we had a conflict
if (task.runs.length - 1 !== runId || run.state !== 'running') {
return res.reportError(
'RequestConflict',
'Run {{runId}} on task {{taskId}} is resolved or not running.', {
taskId,
runId,
}
);
}
// Create temporary credentials for the task
let credentials = taskcluster.createTemporaryCredentials({
start: new Date(Date.now() - 15 * 60 * 1000),
expiry: new Date(takenUntil.getTime() + 15 * 60 * 1000),
scopes: [
'queue:reclaim-task:' + taskId + '/' + runId,
'queue:resolve-task:' + taskId + '/' + runId,
'queue:create-artifact:' + taskId + '/' + runId,
].concat(task.scopes),
credentials: this.credentials,
});
// Reply to caller
return res.reply({
status: task.status(),
runId: runId,
workerGroup: run.workerGroup,
workerId: run.workerId,const reg = await provider.registerWorker({worker, workerPool, workerIdentityProof});
expires = reg.expires;
} catch (err) {
if (!(err instanceof ApiError)) {
throw err;
}
return res.reportError('InputError', err.message, {});
}
assert(expires, 'registerWorker did not return expires');
// We use these fields from inside the worker rather than
// what was passed in because that is the thing we have verified
// to be passing in the token. This helps avoid slipups later
// like if we had a scope based on workerGroup alone which we do
// not verify here
const credentials = taskcluster.createTemporaryCredentials({
clientId: `worker/${worker.providerId}/${worker.workerPoolId}/${worker.workerGroup}/${worker.workerId}`,
scopes: [
`assume:worker-type:${worker.workerPoolId}`, // deprecated role
`assume:worker-pool:${worker.workerPoolId}`,
`assume:worker-id:${worker.workerGroup}/${worker.workerId}`,
`queue:worker-id:${worker.workerGroup}/${worker.workerId}`,
`secrets:get:worker-type:${worker.workerPoolId}`, // deprecated secret name
`secrets:get:worker-pool:${worker.workerPoolId}`,
`queue:claim-work:${worker.workerPoolId}`,
],
start: taskcluster.fromNow('-15 minutes'),
expiry: expires,
credentials: this.cfg.taskcluster.credentials,
});
return res.reply({expires: expires.toJSON(), credentials});const toSpawn = await this.estimator.simple({
workerPoolId,
...config,
running,
});
const hostnames = [];
for (let i = 0; i < toSpawn; ++i) {
hostnames.push(`${workerPoolId}-${slugid.nice().replace(/_/g, '-').toLowerCase()}`);
}
const workerId = slugid.nice().replace(/_/g, '-').toLowerCase();
const workerGroup = this.providerId;
const credentials = taskcluster.createTemporaryCredentials({
clientId: `worker/packet/${this.projectId}/${workerGroup}/${workerId}`,
scopes: [
`assume:worker-type:${workerPoolId}`,
`assume:worker-id:${workerGroup}/${workerId}`,
`queue:worker-id:${workerGroup}/${workerId}`,
`secrets:get:worker-type:${workerPoolId}`,
`queue:claim-work:${workerPoolId}`,
],
start: taskcluster.fromNow('-15 minutes'),
expiry: taskcluster.fromNow('96 hours'),
credentials: this.taskclusterCredentials,
});
const resp = await this.packet.createSpotRequestAsync(this.projectId, {
instance_parameters: {
billing_cycle: config.billingCyle,taskcluster-client
Client for interfacing taskcluster components
Package Health Score
66 / 100Popular taskcluster-client functions
- taskcluster-client.Auth
- taskcluster-client.AwsProvisioner
- taskcluster-client.createClient
- taskcluster-client.createTemporaryCredentials
- taskcluster-client.fromEnvVars
- taskcluster-client.fromNow
- taskcluster-client.fromNowJSON
- taskcluster-client.Github
- taskcluster-client.Hooks
- taskcluster-client.Index
- taskcluster-client.Notify
- taskcluster-client.PulseConnection
- taskcluster-client.PulseListener
- taskcluster-client.PurgeCache
- taskcluster-client.Queue
- taskcluster-client.QueueEvents
- taskcluster-client.Scheduler
- taskcluster-client.Secrets
- taskcluster-client.slugid
- taskcluster-client.WebListener