## Classes

TvmClient: Client SDK for Token Vending Machine (TVM)
TvmError ⇐ Error: Token Vending Machine Client Errors

## Typedefs

OpenWhiskCredentials : object: An object holding the OpenWhisk credentials
TvmResponseAzureBlob : object: Tvm response with SAS Azure Blob credentials. Contains SAS credentials for a private and a publicly accessible (with access=blob) azure blob container. These two signed URLs can then be passed to the azure blob storage sdk, see the example below:
TvmResponseAzureCosmos : object: Tvm response with Azure Cosmos resource credentials. Gives access to an isolated partition within a CosmosDB container.
TvmResponseAwsS3 : object: Tvm response with Aws S3 temporary credentials. These credentials give access to files in a restricted prefix: <your-namespace>/. Other locations in the bucket cannot be accessed. The response can be passed directly to the aws sdk to instantiate the s3 object, see the example below:

## TvmClient Client SDK for Token Vending Machine (TVM) **Kind**: global class * [TvmClient](#TvmClient) * _instance_ * [.getAzureBlobCredentials()](#TvmClient+getAzureBlobCredentials) ⇒ [Promise.<TvmResponseAzureBlob>](#TvmResponseAzureBlob) * [.getAwsS3Credentials()](#TvmClient+getAwsS3Credentials) ⇒ [Promise.<TvmResponseAwsS3>](#TvmResponseAwsS3) * [.getAzureCosmosCredentials()](#TvmClient+getAzureCosmosCredentials) ⇒ [Promise.<TvmResponseAzureCosmos>](#TvmResponseAzureCosmos) * _static_ * [.init(config)](#TvmClient.init) ⇒ [Promise.<TvmClient>](#TvmClient) ### tvmClient.getAzureBlobCredentials() ⇒ [Promise.<TvmResponseAzureBlob>](#TvmResponseAzureBlob) Request temporary credentials for Azure blob storage. ```javascript const tvmResponse = await tvm.getAzureBlobCredentials() const azure = require('@azure/storage-blob') const azureCreds = new azure.AnonymousCredential() const pipeline = azure.StorageURL.newPipeline(azureCreds) const containerURLPrivate = new azure.ContainerURL(tvmResponse.sasURLPrivate, pipeline) const containerURLPublic = new azure.ContainerURL(tvmResponse.sasURLPublic, pipeline) ``` **Kind**: instance method of [TvmClient](#TvmClient) **Returns**: [Promise.<TvmResponseAzureBlob>](#TvmResponseAzureBlob) - SAS credentials for Azure **Throws**: - [TvmError](#TvmError) ### tvmClient.getAwsS3Credentials() ⇒ [Promise.<TvmResponseAwsS3>](#TvmResponseAwsS3) Request temporary credentials for AWS S3. ```javascript const tvmResponse = await tvm.getAwsS3Credentials() const aws = require('aws-sdk') const s3 = new aws.S3(tvmResponse) ``` **Kind**: instance method of [TvmClient](#TvmClient) **Returns**: [Promise.<TvmResponseAwsS3>](#TvmResponseAwsS3) - Temporary credentials for AWS S3 **Throws**: - [TvmError](#TvmError) ### tvmClient.getAzureCosmosCredentials() ⇒ [Promise.<TvmResponseAzureCosmos>](#TvmResponseAzureCosmos) Request temporary credentials for Azure CosmosDB. ```javascript const azureCosmosCredentials = await tvm.getAzureCosmosCredentials() const cosmos = require('@azure/cosmos') const container = new cosmos.CosmosClient({ endpoint: azureCosmosCredentials.endpoint, tokenProvider: async () => azureCosmosCredentials.resourceToken }) .database(azureCosmosCredentials.databaseId) .container(azureCosmosCredentials.containerId) const data = await container.item('', azureCosmosCredentials.partitionKey).read() ``` **Kind**: instance method of [TvmClient](#TvmClient) **Returns**: [Promise.<TvmResponseAzureCosmos>](#TvmResponseAzureCosmos) - Temporary credentials for Azure Cosmos **Throws**: - [TvmError](#TvmError) ### TvmClient.init(config) ⇒ [Promise.<TvmClient>](#TvmClient) Creates a TvmClient instance ```javascript const TvmClient = require('@adobe/adobeio-cna-tvm-client') const tvm = await TvmClient.init({ ow: { namespace, auth } }) ``` **Kind**: static method of [TvmClient](#TvmClient) **Returns**: [Promise.<TvmClient>](#TvmClient) - new instance **Throws**: - [TvmError](#TvmError) | Param | Type | Description | | --- | --- | --- | | config | object | TvmClientParams | | config.apiUrl | string | url to tvm api | | [config.ow] | [OpenWhiskCredentials](#OpenWhiskCredentials) | Openwhisk credentials. As an alternative you can pass those through environment variables: `__OW_NAMESPACE` and `__OW_AUTH` | | [config.cacheFile] | string | if omitted defaults to tmpdir/.tvmCache, use false or null to not cache | ## TvmError ⇐ Error Token Vending Machine Client Errors **Kind**: global class **Extends**: Error * [TvmError](#TvmError) ⇐ Error * [.TvmError](#TvmError.TvmError) * [new TvmError(message, code, [status])](#new_TvmError.TvmError_new) * [.codes](#TvmError.codes) : enum ### TvmError.TvmError **Kind**: static class of [TvmError](#TvmError) #### new TvmError(message, code, [status]) Creates an instance of TvmError. | Param | Type | Description | | --- | --- | --- | | message | string | error message | | code | [codes](#TvmError.codes) | Storage Error code | | [status] | number | status code in case of request error | ### TvmError.codes : enum TvmError codes **Kind**: static enum of [TvmError](#TvmError) **Properties** | Name | Type | Default | | --- | --- | --- | | BadArgument | string | "BadArgument" | | StatusError | string | "StatusError" | ## OpenWhiskCredentials : object An object holding the OpenWhisk credentials **Kind**: global typedef **Properties** | Name | Type | Description | | --- | --- | --- | | namespace | string | user namespace | | auth | string | auth key | ## TvmResponseAzureBlob : object Tvm response with SAS Azure Blob credentials. Contains SAS credentials for a private and a publicly accessible (with access=`blob`) azure blob container. These two signed URLs can then be passed to the azure blob storage sdk, see the example below: **Kind**: global typedef **Properties** | Name | Type | Description | | --- | --- | --- | | sasURLPrivate | string | sas url to existing private azure blob container | | sasURLPublic | string | sas url to existing public (with access=`blob`) azure blob container | | expiration | string | expiration date ISO/UTC | ## TvmResponseAzureCosmos : object Tvm response with Azure Cosmos resource credentials. Gives access to an isolated partition within a CosmosDB container. **Kind**: global typedef **Properties** | Name | Type | Description | | --- | --- | --- | | endpoint | string | cosmosdb resource endpoint | | resourceToken | string | cosmosdb resource token restricted to access the items in the partitionKey | | databaseId | string | id for cosmosdb database | | containerId | string | id for cosmosdb container within database | | partitionKey | string | key for cosmosdb partition within container authorized by resource token | | expiration | string | expiration date ISO/UTC | ## TvmResponseAwsS3 : object Tvm response with Aws S3 temporary credentials. These credentials give access to files in a restricted prefix: `/`. Other locations in the bucket cannot be accessed. The response can be passed directly to the aws sdk to instantiate the s3 object, see the example below: **Kind**: global typedef **Properties** | Name | Type | Description | | --- | --- | --- | | accessKeyId | string | key id | | secretAccessKey | string | secret for key | | sessionToken | string | token | | expiration | string | date ISO/UTC | | params | object | | | params.Bucket | string | bucket name |