-
Notifications
You must be signed in to change notification settings - Fork 49
Expand file tree
/
Copy pathIDBSQLClient.ts
More file actions
110 lines (103 loc) · 3.75 KB
/
IDBSQLClient.ts
File metadata and controls
110 lines (103 loc) · 3.75 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
import IDBSQLLogger from './IDBSQLLogger';
import IDBSQLSession from './IDBSQLSession';
import IAuthentication from '../connection/contracts/IAuthentication';
import { ProxyOptions } from '../connection/contracts/IConnectionOptions';
import OAuthPersistence from '../connection/auth/DatabricksOAuth/OAuthPersistence';
import ITokenProvider from '../connection/auth/tokenProvider/ITokenProvider';
import { TokenCallback } from '../connection/auth/tokenProvider/ExternalTokenProvider';
export interface ClientOptions {
logger?: IDBSQLLogger;
}
type AuthOptions =
| {
authType?: 'access-token';
token: string;
}
| {
authType: 'databricks-oauth';
persistence?: OAuthPersistence;
azureTenantId?: string;
oauthClientId?: string;
oauthClientSecret?: string;
useDatabricksOAuthInAzure?: boolean;
}
| {
authType: 'custom';
provider: IAuthentication;
}
| {
authType: 'token-provider';
tokenProvider: ITokenProvider;
enableTokenFederation?: boolean;
federationClientId?: string;
}
| {
authType: 'external-token';
getToken: TokenCallback;
enableTokenFederation?: boolean;
federationClientId?: string;
}
| {
authType: 'static-token';
staticToken: string;
enableTokenFederation?: boolean;
federationClientId?: string;
};
export type ConnectionOptions = {
host: string;
port?: number;
path: string;
userAgentEntry?: string;
socketTimeout?: number;
proxy?: ProxyOptions;
enableMetricViewMetadata?: boolean;
/**
* Opt-in flag to dispatch through the Statement Execution API (SEA) backend
* instead of the default Thrift backend. Defaults to `false`.
* @internal Not stable; M0 stub only.
*/
useSEA?: boolean;
/**
* Whether to verify the server's TLS certificate (SEA backend only).
*
* Defaults to `true` — **secure by default**: strict validation against
* the system trust store (full chain + expiry + hostname), matching the
* JDBC/ODBC drivers and every modern HTTPS client.
*
* Set to `false` to disable verification: self-signed, untrusted, and
* expired certificates are accepted and the hostname-vs-certificate check
* is skipped. This is **insecure** — it provides no protection against
* active man-in-the-middle attacks — and exists only as an opt-out for
* parity with the legacy NodeJS Thrift driver, which hard-codes
* `rejectUnauthorized: false`.
*
* For corporate TLS-inspecting proxies or on-prem deployments with an
* internal CA, prefer the default `checkServerCertificate: true` together
* with `customCaCert` over disabling verification entirely.
*/
checkServerCertificate?: boolean;
/**
* PEM-encoded CA certificate to add to the trust store on top of the
* system roots (SEA backend only). Accepts a PEM string or its raw
* `Buffer` bytes. Use this for a corporate proxy that re-signs TLS or an
* on-prem Databricks deployment that uses an internal CA. Honoured
* regardless of `checkServerCertificate`.
*/
customCaCert?: Buffer | string;
} & AuthOptions;
export interface OpenSessionRequest {
initialCatalog?: string;
initialSchema?: string;
configuration?: { [key: string]: string };
/**
* Session-level query tags as key-value pairs. Serialized and passed via session configuration
* as "QUERY_TAGS". Values may be null/undefined to include a key without a value.
* If both queryTags and configuration.QUERY_TAGS are specified, queryTags takes precedence.
*/
queryTags?: Record<string, string | null | undefined>;
}
export default interface IDBSQLClient {
connect(options: ConnectionOptions): Promise<IDBSQLClient>;
openSession(request?: OpenSessionRequest): Promise<IDBSQLSession>;
close(): Promise<void>;
}