@agent-vm/secret-management 0.0.77 → 0.0.79
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +1 -36
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -332,31 +332,7 @@ function assertOpInjectTemplateSafeReference(entry) {
|
|
|
332
332
|
throw new OpInjectOutputError(`op inject template rejected unsafe 1Password reference for secret '${entry.secretName}'.`);
|
|
333
333
|
}
|
|
334
334
|
async function resolveAllSecretsWithOpCli(serviceAccountToken, refs, exec) {
|
|
335
|
-
|
|
336
|
-
return await resolveAllSecretsWithOpInject(serviceAccountToken, refs, exec);
|
|
337
|
-
} catch (error) {
|
|
338
|
-
const sanitizedInjectError = sanitizeOpInjectError(error);
|
|
339
|
-
try {
|
|
340
|
-
return await resolveAllSecretsWithSerialOpReads(serviceAccountToken, refs, exec);
|
|
341
|
-
} catch (readError) {
|
|
342
|
-
if (readError instanceof AggregateError) throw createAggregateErrorWithCause({
|
|
343
|
-
cause: readError,
|
|
344
|
-
errors: [sanitizedInjectError, ...readAggregateErrorChildren(readError)],
|
|
345
|
-
message: readError.message
|
|
346
|
-
});
|
|
347
|
-
throw createAggregateErrorWithCause({
|
|
348
|
-
cause: readError,
|
|
349
|
-
errors: [sanitizedInjectError, readError],
|
|
350
|
-
message: "op inject and serial op read both failed."
|
|
351
|
-
});
|
|
352
|
-
}
|
|
353
|
-
}
|
|
354
|
-
}
|
|
355
|
-
function sanitizeOpInjectError(error) {
|
|
356
|
-
if (error instanceof RedactedExecFileError) return /* @__PURE__ */ new Error(`op inject failed before serial op read: ${error.safeDetail}`);
|
|
357
|
-
if (error instanceof OpInjectOutputError) return /* @__PURE__ */ new Error(`op inject failed before serial op read: ${error.message}`);
|
|
358
|
-
const errorType = error instanceof Error ? error.name : typeof error;
|
|
359
|
-
return /* @__PURE__ */ new Error(`op inject failed before serial op read: ${errorType}`);
|
|
335
|
+
return await resolveAllSecretsWithOpInject(serviceAccountToken, refs, exec);
|
|
360
336
|
}
|
|
361
337
|
function readAggregateErrorChildren(error) {
|
|
362
338
|
const errorChildren = error.errors;
|
|
@@ -449,17 +425,6 @@ async function resolveAllSecretsWithOpInject(serviceAccountToken, refs, exec) {
|
|
|
449
425
|
redactErrorOutput: true
|
|
450
426
|
})).stdout);
|
|
451
427
|
}
|
|
452
|
-
async function resolveAllSecretsWithSerialOpReads(serviceAccountToken, refs, exec) {
|
|
453
|
-
const resolvedSecrets = {};
|
|
454
|
-
const failures = [];
|
|
455
|
-
for (const [secretName, secretRef] of Object.entries(refs)) try {
|
|
456
|
-
resolvedSecrets[secretName] = await resolveSecretWithOpCli(serviceAccountToken, secretRef.ref, exec);
|
|
457
|
-
} catch (error) {
|
|
458
|
-
failures.push(new Error(`Failed to resolve secret '${secretName}' from '${secretRef.ref}' via op read: ${formatUnknownError(error)}`, { cause: error }));
|
|
459
|
-
}
|
|
460
|
-
if (failures.length > 0) throw new AggregateError(failures, `Failed to resolve ${String(failures.length)} secret(s) via op read.`);
|
|
461
|
-
return resolvedSecrets;
|
|
462
|
-
}
|
|
463
428
|
function formatResolveReferenceError(error) {
|
|
464
429
|
return "message" in error && typeof error.message === "string" ? `${error.type}: ${error.message}` : error.type;
|
|
465
430
|
}
|
package/package.json
CHANGED