@adobe/aio-cli-plugin-api-mesh 3.4.0 → 3.5.0-beta.1

package/src/commands/api-mesh/__tests__/run.test.js

@@ -18,6 +18,7 @@ const {
 	promptConfirm,
 	setUpTenantFiles,
 	initSdk,
+	writeSecretsFile,
 } = require('../../../helpers');
 const { getMeshId, getMeshArtifact } = require('../../../lib/devConsole');
 require('@adobe-apimesh/mesh-builder');
@@ -35,12 +36,16 @@ jest.mock('../../../helpers', () => ({
 	importFiles: jest.fn().mockResolvedValue(),
 	promptConfirm: jest.fn().mockResolvedValue(true),
 	setUpTenantFiles: jest.fn().mockResolvedValue(),
+	writeSecretsFile: jest.fn().mockResolvedValue(),
 }));
 
 jest.mock('../../../lib/devConsole', () => ({
 	getMeshId: jest.fn().mockResolvedValue('mockMeshId'),
 	getMeshArtifact: jest.fn().mockResolvedValue(),
 }));
+jest.mock('chalk', () => ({
+	red: jest.fn(text => text), // Return the input text without any color formatting
+}));
 
 jest.mock('@adobe-apimesh/mesh-builder', () => {
 	return {
@@ -55,12 +60,15 @@ jest.mock('@adobe-apimesh/mesh-builder', () => {
 let logSpy = null;
 let errorLogSpy = null;
 let parseSpy = null;
+let platformSpy = null;
 
 const originalEnv = {
 	API_MESH_TIER: 'NON-TI',
 };
 
 const defaultPort = 5000;
+const os = require('os');
+
 describe('run command tests', () => {
 	beforeEach(() => {
 		global.requestId = 'dummy_request_id';
@@ -68,10 +76,14 @@ describe('run command tests', () => {
 		logSpy = jest.spyOn(RunCommand.prototype, 'log');
 		errorLogSpy = jest.spyOn(RunCommand.prototype, 'error');
 		parseSpy = jest.spyOn(RunCommand.prototype, 'parse');
+		platformSpy = jest.spyOn(os, 'platform');
 		process.env = {
 			...originalEnv,
 		};
 	});
+	afterEach(() => {
+		platformSpy.mockRestore();
+	});
 
 	test('snapshot run command description', () => {
 		expect(RunCommand.description).toMatchInlineSnapshot(
@@ -121,6 +133,15 @@ describe('run command tests', () => {
 		    "parse": [Function],
 		    "type": "option",
 		  },
+		  "secrets": {
+		    "char": "s",
+		    "default": false,
+		    "description": "Path to secrets file",
+		    "input": [],
+		    "multiple": false,
+		    "parse": [Function],
+		    "type": "option",
+		  },
 		  "select": {
 		    "allowNo": false,
 		    "default": false,
@@ -251,17 +272,20 @@ describe('run command tests', () => {
 
 		await expect(runResult).rejects.toEqual(
 			new Error(
-				"Issue in src/commands/__fixtures__/env_invalid file - Duplicate key << key1 >> on line 3,Invalid format for key/value << key2=='value3' >> on line 5,Invalid format << key3 >> on line 6,Invalid format for key/value << key4='value4 >> on line 7",
+				'Issue in src/commands/__fixtures__/env_invalid file - Interpolated mesh is not a valid JSON. Please check the generated json file.',
 			),
 		);
 
 		expect(errorLogSpy.mock.calls).toMatchInlineSnapshot(`
 		[
 		  [
-		    "Issue in src/commands/__fixtures__/env_invalid file - Duplicate key << key1 >> on line 3,Invalid format for key/value << key2=='value3' >> on line 5,Invalid format << key3 >> on line 6,Invalid format for key/value << key4='value4 >> on line 7",
+		    "Interpolated mesh is not a valid JSON. Please check the generated json file.",
+		  ],
+		  [
+		    "Issue in src/commands/__fixtures__/env_invalid file - Interpolated mesh is not a valid JSON. Please check the generated json file.",
 		  ],
 		  [
-		    "Issue in src/commands/__fixtures__/env_invalid file - Duplicate key << key1 >> on line 3,Invalid format for key/value << key2=='value3' >> on line 5,Invalid format << key3 >> on line 6,Invalid format for key/value << key4='value4 >> on line 7",
+		    "Issue in src/commands/__fixtures__/env_invalid file - Interpolated mesh is not a valid JSON. Please check the generated json file.",
 		  ],
 		]
 	`);
@@ -283,7 +307,9 @@ describe('run command tests', () => {
 
 		const runResult = RunCommand.run();
 		await expect(runResult).rejects.toEqual(
-			new Error('The mesh file cannot be interpolated due to missing keys : newKey1 , newKey2'),
+			new Error(
+				'Issue in src/commands/__fixtures__/env_valid file - The mesh file cannot be interpolated due to missing keys : newKey1 , newKey2',
+			),
 		);
 
 		await expect(errorLogSpy.mock.calls).toMatchInlineSnapshot(`
@@ -292,7 +318,10 @@ describe('run command tests', () => {
 		    "The mesh file cannot be interpolated due to missing keys : newKey1 , newKey2",
 		  ],
 		  [
-		    "The mesh file cannot be interpolated due to missing keys : newKey1 , newKey2",
+		    "Issue in src/commands/__fixtures__/env_valid file - The mesh file cannot be interpolated due to missing keys : newKey1 , newKey2",
+		  ],
+		  [
+		    "Issue in src/commands/__fixtures__/env_valid file - The mesh file cannot be interpolated due to missing keys : newKey1 , newKey2",
 		  ],
 		]
 	`);
@@ -318,7 +347,9 @@ describe('run command tests', () => {
 
 		const runResult = RunCommand.run();
 		await expect(runResult).rejects.toEqual(
-			new Error('Interpolated mesh is not a valid JSON. Please check the generated json file.'),
+			new Error(
+				'Issue in src/commands/__fixtures__/env_valid file - Interpolated mesh is not a valid JSON. Please check the generated json file.',
+			),
 		);
 
 		await expect(errorLogSpy.mock.calls).toMatchInlineSnapshot(`
@@ -327,7 +358,10 @@ describe('run command tests', () => {
 		    "Interpolated mesh is not a valid JSON. Please check the generated json file.",
 		  ],
 		  [
-		    "Interpolated mesh is not a valid JSON. Please check the generated json file.",
+		    "Issue in src/commands/__fixtures__/env_valid file - Interpolated mesh is not a valid JSON. Please check the generated json file.",
+		  ],
+		  [
+		    "Issue in src/commands/__fixtures__/env_valid file - Interpolated mesh is not a valid JSON. Please check the generated json file.",
 		  ],
 		]
 	`);
@@ -836,4 +870,109 @@ describe('run command tests', () => {
 		);
 		expect(setUpTenantFiles).toHaveBeenCalled();
 	});
+
+	test('should return error for run command if mesh has placeholders and the provided secrets file is invalid', async () => {
+		parseSpy.mockResolvedValueOnce({
+			args: { file: 'src/commands/__fixtures__/sample_secrets_mesh.json' },
+			flags: {
+				secrets: 'src/commands/__fixtures__/secrets_invalid.yaml',
+			},
+		});
+
+		const runResult = RunCommand.run();
+
+		await expect(runResult).rejects.toEqual(
+			new Error('Unable to import secrets. Please check the file and try again.'),
+		);
+	});
+
+	test('should return error for run command if mesh has placeholders and the provided secrets file is not yaml or yml', async () => {
+		parseSpy.mockResolvedValueOnce({
+			args: { file: 'src/commands/__fixtures__/sample_secrets_mesh.json' },
+			flags: {
+				secrets: 'src/commands/__fixtures__/.secrets_file.env',
+			},
+		});
+
+		const runResult = RunCommand.run();
+
+		await expect(runResult).rejects.toEqual(
+			new Error('Unable to import secrets. Please check the file and try again.'),
+		);
+
+		expect(logSpy.mock.calls).toMatchInlineSnapshot(`
+		[
+		  [
+		    "Invalid file format. Please provide a YAML file (.yaml or .yml).",
+		  ],
+		]
+	`);
+	});
+
+	test('should successfully run the mesh if provided secrets file is valid', async () => {
+		parseSpy.mockResolvedValueOnce({
+			args: { file: 'src/commands/__fixtures__/sample_secrets_mesh.json' },
+			flags: {
+				secrets: 'src/commands/__fixtures__/secrets_valid.yaml',
+				debug: false,
+			},
+		});
+
+		await RunCommand.run();
+		expect(writeSecretsFile).toHaveBeenCalled();
+		expect(startGraphqlServer).toHaveBeenCalledWith(expect.anything(), defaultPort, false);
+	});
+
+	test('should return error if ran with secrets against windows platform with batch variables', async () => {
+		platformSpy.mockReturnValue('win32');
+		parseSpy.mockResolvedValueOnce({
+			args: { file: 'src/commands/__fixtures__/sample_secrets_mesh.json' },
+			flags: {
+				secrets: 'src/commands/__fixtures__/secrets_with_batch_variables.yaml',
+			},
+		});
+
+		const runResult = RunCommand.run();
+		await expect(runResult).rejects.toEqual(
+			new Error('Unable to import secrets. Please check the file and try again.'),
+		);
+
+		expect(logSpy.mock.calls).toMatchInlineSnapshot(`
+		[
+		  [
+		    "Batch variables are not supported in YAML files on Windows.",
+		  ],
+		]
+	`);
+	});
+
+	test('should pass if ran with secrets against linux platform with batch variables', async () => {
+		platformSpy.mockReturnValue('linux');
+		parseSpy.mockResolvedValueOnce({
+			args: { file: 'src/commands/__fixtures__/sample_secrets_mesh.json' },
+			flags: {
+				secrets: 'src/commands/__fixtures__/secrets_with_batch_variables.yaml',
+				debug: false,
+			},
+		});
+
+		await RunCommand.run();
+		expect(writeSecretsFile).toHaveBeenCalled();
+		expect(startGraphqlServer).toHaveBeenCalledWith(expect.anything(), defaultPort, false);
+	});
+
+	test('should pass if ran with secrets against darwin(macOS) platform with batch variables', async () => {
+		platformSpy.mockReturnValue('darwin');
+		parseSpy.mockResolvedValueOnce({
+			args: { file: 'src/commands/__fixtures__/sample_secrets_mesh.json' },
+			flags: {
+				secrets: 'src/commands/__fixtures__/secrets_with_batch_variables.yaml',
+				debug: false,
+			},
+		});
+
+		await RunCommand.run();
+		expect(writeSecretsFile).toHaveBeenCalled();
+		expect(startGraphqlServer).toHaveBeenCalledWith(expect.anything(), defaultPort, false);
+	});
 });

package/src/commands/api-mesh/create.js

@@ -19,11 +19,15 @@ const {
 	jsonFlag,
 	getFilesInMeshConfig,
 	envFileFlag,
+	secretsFlag,
 	checkPlaceholders,
 	readFileContents,
 	validateAndInterpolateMesh,
+	interpolateSecrets,
+	validateSecretsFile,
+	encryptSecrets,
 } = require('../../utils');
-const { createMesh, getTenantFeatures } = require('../../lib/devConsole');
+const { createMesh, getTenantFeatures, getPublicEncryptionKey } = require('../../lib/devConsole');
 const { buildEdgeMeshUrl, buildMeshUrl } = require('../../urlBuilder');
 
 class CreateCommand extends Command {
@@ -33,6 +37,7 @@ class CreateCommand extends Command {
 		autoConfirmAction: autoConfirmActionFlag,
 		json: jsonFlag,
 		env: envFileFlag,
+		secrets: secretsFlag,
 	};
 
 	static enableJsonFlag = true;
@@ -53,6 +58,7 @@ class CreateCommand extends Command {
 		const ignoreCache = await flags.ignoreCache;
 		const autoConfirmAction = await flags.autoConfirmAction;
 		const envFilePath = await flags.env;
+		const secretsFilePath = await flags.secrets;
 		const {
 			imsOrgId,
 			imsOrgCode,
@@ -103,6 +109,20 @@ class CreateCommand extends Command {
 			}
 		}
 
+		// if secrets is present, include that in data.secrets
+		if (secretsFilePath) {
+			try {
+				await validateSecretsFile(secretsFilePath);
+				const secretsData = await interpolateSecrets(secretsFilePath, this);
+				const publicKey = await getPublicEncryptionKey(imsOrgCode);
+				const encryptedSecrets = await encryptSecrets(publicKey, secretsData);
+				data.secrets = encryptedSecrets;
+			} catch (err) {
+				this.log(err.message);
+				this.error('Unable to import secrets. Please check the file and try again.');
+			}
+		}
+
 		let shouldContinue = true;
 
 		if (!autoConfirmAction) {

package/src/commands/api-mesh/run.js

@@ -15,11 +15,14 @@ const {
 	debugFlag,
 	selectFlag,
 	envFileFlag,
+	secretsFlag,
 	autoConfirmActionFlag,
 	readFileContents,
 	validateAndInterpolateMesh,
 	checkPlaceholders,
 	getFilesInMeshConfig,
+	validateSecretsFile,
+	interpolateSecrets,
 } = require('../../utils');
 const meshBuilder = require('@adobe-apimesh/mesh-builder');
 const fs = require('fs');
@@ -31,6 +34,7 @@ const {
 	startGraphqlServer,
 	importFiles,
 	setUpTenantFiles,
+	writeSecretsFile,
 } = require('../../helpers');
 const logger = require('../../classes/logger');
 const { getMeshId, getMeshArtifact } = require('../../lib/devConsole');
@@ -55,6 +59,7 @@ class RunCommand extends Command {
 		env: envFileFlag,
 		autoConfirmAction: autoConfirmActionFlag,
 		select: selectFlag,
+		secrets: secretsFlag,
 	};
 
 	static enableJsonFlag = true;
@@ -67,6 +72,7 @@ class RunCommand extends Command {
 		logger.info(`RequestId: ${global.requestId}`);
 
 		const { args, flags } = await this.parse(RunCommand);
+		const secretsFilePath = await flags.secrets;
 
 		//Initialize the meshId based on
 		let meshId = null;
@@ -165,6 +171,17 @@ class RunCommand extends Command {
 				}
 
 				let portNo;
+				//secrets management
+				if (secretsFilePath) {
+					try {
+						await validateSecretsFile(secretsFilePath);
+						const stringifiedSecrets = await interpolateSecrets(secretsFilePath, this);
+						await writeSecretsFile(stringifiedSecrets, meshId);
+					} catch (error) {
+						this.log(error.message);
+						this.error('Unable to import secrets. Please check the file and try again.');
+					}
+				}
 
 				//To set the port number using the environment file
 				if (process.env.PORT !== undefined) {

package/src/commands/api-mesh/update.js

@@ -17,12 +17,16 @@ const {
 	ignoreCacheFlag,
 	autoConfirmActionFlag,
 	envFileFlag,
+	secretsFlag,
 	checkPlaceholders,
 	readFileContents,
 	validateAndInterpolateMesh,
 	getFilesInMeshConfig,
+	interpolateSecrets,
+	validateSecretsFile,
+	encryptSecrets,
 } = require('../../utils');
-const { getMeshId, updateMesh } = require('../../lib/devConsole');
+const { getMeshId, updateMesh, getPublicEncryptionKey } = require('../../lib/devConsole');
 
 class UpdateCommand extends Command {
 	static args = [{ name: 'file' }];
@@ -30,6 +34,7 @@ class UpdateCommand extends Command {
 		ignoreCache: ignoreCacheFlag,
 		autoConfirmAction: autoConfirmActionFlag,
 		env: envFileFlag,
+		secrets: secretsFlag,
 	};
 
 	async run() {
@@ -48,12 +53,19 @@ class UpdateCommand extends Command {
 		const ignoreCache = await flags.ignoreCache;
 		const autoConfirmAction = await flags.autoConfirmAction;
 		const envFilePath = await flags.env;
-
-		const { imsOrgId, projectId, workspaceId, orgName, projectName, workspaceName } = await initSdk(
-			{
-				ignoreCache,
-			},
-		);
+		const secretsFilePath = await flags.secrets;
+
+		const {
+			imsOrgId,
+			imsOrgCode,
+			projectId,
+			workspaceId,
+			orgName,
+			projectName,
+			workspaceName,
+		} = await initSdk({
+			ignoreCache,
+		});
 
 		//Input the mesh data from the input file
 		let inputMeshData = await readFileContents(args.file, this, 'mesh');
@@ -103,6 +115,20 @@ class UpdateCommand extends Command {
 			}
 		}
 
+		// if secrets is present, include that in data.secrets
+		if (secretsFilePath) {
+			try {
+				await validateSecretsFile(secretsFilePath);
+				const secretsData = await interpolateSecrets(secretsFilePath, this);
+				const publicKey = await getPublicEncryptionKey(imsOrgCode);
+				const encryptedSecrets = await encryptSecrets(publicKey, secretsData);
+				data.secrets = encryptedSecrets;
+			} catch (err) {
+				this.log(err.message);
+				this.error('Unable to import secrets. Please check the file and try again.');
+			}
+		}
+
 		if (meshId) {
 			let shouldContinue = true;
 

package/src/helpers.js

@@ -860,6 +860,26 @@ async function setUpTenantFiles(meshId) {
 	}
 }
 
+/**
+ * This function is to create secrets.yaml in mesh-artifacts for respective meshId. Used for local development run command
+ *
+ * @secretsData secretsData
+ * @meshId meshId
+ */
+async function writeSecretsFile(secretsData, meshId) {
+	if (!fs.existsSync(path.resolve(process.cwd(), 'mesh-artifact', meshId))) {
+		throw new Error(`Unexpected Error: issue creating secrets file.`);
+	}
+	try {
+		const secretsFileName = 'secrets.yaml';
+		const folderPath = path.join(process.cwd(), 'mesh-artifact', meshId);
+		const filePath = path.join(folderPath, secretsFileName);
+		fs.writeFileSync(filePath, secretsData);
+	} catch (error) {
+		throw new Error(error.message);
+	}
+}
+
 module.exports = {
 	objToString,
 	promptInput,
@@ -876,4 +896,5 @@ module.exports = {
 	updateFilesArray,
 	startGraphqlServer,
 	setUpTenantFiles,
+	writeSecretsFile,
 };

package/src/lib/devConsole.js

@@ -10,6 +10,7 @@ const fs = require('fs');
 const util = require('util');
 const exec = util.promisify(require('child_process').exec);
 const contentDisposition = require('content-disposition');
+const chalk = require('chalk');
 
 const { DEV_CONSOLE_TRANSPORTER_API_KEY, SMS_BASE_URL } = CONSTANTS;
 
@@ -968,6 +969,52 @@ const getMeshDeployments = async (organizationCode, projectId, workspaceId, mesh
 	}
 };
 
+/**
+ * Gets the public key to encrypt secrets.
+ *
+ * This request bypasses the Dev Console and is sent directly to the Schema Management Service.
+ * As a result, we provide the publicKey used for secrets encryption.
+ * The near-term goal is to stop using Dev Console as a proxy for all routes.
+ * @param organizationCode
+ * @returns string
+ */
+const getPublicEncryptionKey = async organizationCode => {
+	const { accessToken, apiKey } = await getDevConsoleConfig();
+	const config = {
+		method: 'get',
+		url: `${SMS_BASE_URL}/organizations/${organizationCode}/getPublicKey?API_KEY=${apiKey}`,
+		headers: {
+			'Authorization': `Bearer ${accessToken}`,
+			'x-request-id': global.requestId,
+		},
+	};
+	logger.info(
+		'Initiating GET %s',
+		`${SMS_BASE_URL}/organizations/${organizationCode}/getPublicKey?API_KEY=${apiKey}`,
+	);
+	try {
+		const response = await axios(config);
+
+		logger.info('Response from GET %s', response.status);
+		if (response.status == 200) {
+			let publicKey = '';
+			logger.info(`Public key for encryption: ${objToString(response, ['data'])}`);
+			if (response.data.publicKey) {
+				publicKey = response.data.publicKey.replace(/\\n/g, '\n'); //correcting public key format
+			}
+			return publicKey;
+		} else {
+			let errorMessage = `Failed to load encryption keys. Please contact support.`;
+			logger.error(`${errorMessage}. Received ${response.status}, expected 200`);
+			throw new Error(chalk.red(errorMessage));
+		}
+	} catch (error) {
+		let errorMessage = `Something went wrong while encrypting secrets. Please try again.`;
+		logger.error(errorMessage);
+		throw new Error(chalk.red(errorMessage));
+	}
+};
+
 module.exports = {
 	getApiKeyCredential,
 	describeMesh,
@@ -984,4 +1031,5 @@ module.exports = {
 	getMeshArtifact,
 	getTenantFeatures,
 	getMeshDeployments,
+	getPublicEncryptionKey,
 };

package/src/server.js

@@ -13,6 +13,7 @@ const {
 	removeRequestHeaders,
 	prepSourceResponseHeaders,
 	processResponseHeaders,
+	readSecretsFile,
 } = require('./serverUtils');
 
 let yogaServer = null;
@@ -64,6 +65,8 @@ const getYogaServer = async () => {
 		const tenantMesh = await getBuiltMesh();
 		const corsOptions = getCORSOptions();
 
+		const secrets = readSecretsFile(meshId);
+
 		logger.info('Creating graphQL server');
 
 		meshConfig = readMeshConfig(meshId);
@@ -73,6 +76,10 @@ const getYogaServer = async () => {
 			graphqlEndpoint: `/graphql`,
 			graphiql: true,
 			cors: corsOptions,
+			context: initialContext => ({
+				...initialContext,
+				secrets,
+			}),
 		});
 
 		return yogaServer;

package/src/serverUtils.js

@@ -2,6 +2,7 @@ const fs = require('fs');
 const path = require('path');
 const LRUCache = require('lru-cache');
 const logger = require('./classes/logger');
+const YAML = require('yaml');
 
 const headersCache = new LRUCache({
 	max: parseInt(process.env.CACHE_OPT_MAX || '500', 10),
@@ -315,9 +316,29 @@ function ccDirectivesToString(directives) {
 	return chStr.toString();
 }
 
+/**
+ * Returns secrets content from artifacts
+ * @param meshId
+ * @returns
+ */
+function readSecretsFile(meshId) {
+	let secrets = {};
+	try {
+		const filePath = path.resolve(process.cwd(), 'mesh-artifact', `${meshId}`, 'secrets.yaml');
+		if (fs.existsSync(filePath)) {
+			secrets = YAML.parse(fs.readFileSync(filePath, 'utf8'));
+		}
+	} catch (error) {
+		logger.error('Unexpected error: unable to locate secrets file in mesh artifacts.');
+		throw new Error(error.message);
+	}
+	return secrets;
+}
+
 module.exports = {
 	readMeshConfig,
 	removeRequestHeaders,
 	prepSourceResponseHeaders,
 	processResponseHeaders,
+	readSecretsFile,
 };