@apolitical/server 4.1.0-pla-305.0 → 4.1.0-pla-305.1

package/package.json

@@ -1,14 +1,10 @@
 {
   "name": "@apolitical/server",
-  "version": "4.1.0-pla-305.0",
+  "version": "4.1.0-pla-305.1",
   "description": "Node.js module to encapsulate Apolitical's express server setup",
   "author": "Apolitical Group Limited <engineering@apolitical.co>",
   "license": "MIT",
   "main": "src/index.js",
-  "exports": {
-    ".": "./src/index.js",
-    "./secrets": "./src/secrets.js"
-  },
   "files": [
     "src"
   ],
@@ -29,7 +25,7 @@
   "dependencies": {
     "@apolitical/logger": "2.1.0",
     "@cloudnative/health-connect": "2.1.0",
-    "@google-cloud/secret-manager": "^6.1.1",
+    "@google-cloud/secret-manager": "6.1.1",
     "@opentelemetry/api": "1.9.0",
     "@opentelemetry/auto-instrumentations-node": "0.57.1",
     "@opentelemetry/exporter-trace-otlp-grpc": "0.200.0",

package/src/services/secrets.service.js

@@ -1,17 +1,9 @@
 'use strict';
 
 module.exports = ({ secretManager, config, logger }) => {
-  const DEV_DEFAULTS = {
-    impersonateAccount: 'development-platform@hazel-tea-194609.iam.gserviceaccount.com',
-  };
-
-  const cache = {};
   let client = null;
 
-  // Resolved once at first client creation; stored in closure so subsequent
-  // calls to isImpersonationEnabled() reflect the dev default without
-  // re-reading process.env.
-  let resolvedImpersonationTarget = config.GOOGLE_IMPERSONATE_SERVICE_ACCOUNT?.trim() || null;
+  const resolvedImpersonationTarget = config.GOOGLE_IMPERSONATE_SERVICE_ACCOUNT?.trim() || null;
 
   function isImpersonationEnabled() {
     return resolvedImpersonationTarget !== null;
@@ -23,15 +15,6 @@ module.exports = ({ secretManager, config, logger }) => {
 
   function getClient() {
     if (!client) {
-      if (config.NODE_ENV !== 'production' && !isImpersonationEnabled()) {
-        resolvedImpersonationTarget = DEV_DEFAULTS.impersonateAccount;
-        // Set on process.env so the Google Cloud SDK picks it up via ADC
-        process.env['GOOGLE_IMPERSONATE_SERVICE_ACCOUNT'] = resolvedImpersonationTarget;
-        logger.info('[secrets] set default impersonation for development', {
-          targetServiceAccount: resolvedImpersonationTarget,
-        });
-      }
-
       if (isImpersonationEnabled()) {
         logger.info('[secrets] using impersonation', impersonationLogContext());
       }
@@ -66,18 +49,12 @@ module.exports = ({ secretManager, config, logger }) => {
           throw new Error(`Empty payload for secret ${spec.name}`);
         }
 
-        cache[spec.envVar] = payload;
-
-        if (spec.exportToEnv) {
-          process.env[spec.envVar] = payload;
-        }
+        process.env[spec.envVar] = payload;
 
         logger.info('[secrets] loaded', {
           name: spec.name,
           envVar: spec.envVar,
           version,
-          cached: true,
-          exportedToEnv: !!spec.exportToEnv,
         });
       } catch (err) {
         throw new Error(`Failed to load secret "${spec.name}": ${err.message}`);
@@ -86,7 +63,7 @@ module.exports = ({ secretManager, config, logger }) => {
   }
 
   function getSecret(envVar) {
-    const val = cache[envVar] ?? process.env[envVar];
+    const val = process.env[envVar];
     if (!val) {
       throw new Error(`Secret "${envVar}" not loaded`);
     }

package/src/secrets.js

@@ -1,10 +0,0 @@
-'use strict';
-
-const secretManager = require('@google-cloud/secret-manager');
-const secretsServiceFactory = require('./services/secrets.service');
-
-module.exports = secretsServiceFactory({
-  secretManager,
-  config: process.env,
-  logger: console,
-});