@codemowers/oidc-key-manager 1.1.2 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +5 -5
- package/dist/commands/rotate.js +1 -1
- package/dist/helpers/kube-api-service.js +43 -15
- package/dist/helpers/secret.js +1 -1
- package/dist/index.js +0 -1
- package/oclif.manifest.json +1 -1
- package/package.json +18 -17
package/README.md
CHANGED
|
@@ -14,7 +14,7 @@ $ npm install -g @codemowers/oidc-key-manager
|
|
|
14
14
|
$ key-manager COMMAND
|
|
15
15
|
running command...
|
|
16
16
|
$ key-manager (--version)
|
|
17
|
-
@codemowers/oidc-key-manager/1.
|
|
17
|
+
@codemowers/oidc-key-manager/1.2.0 linux-x64 node-v22.20.0
|
|
18
18
|
$ key-manager --help [COMMAND]
|
|
19
19
|
USAGE
|
|
20
20
|
$ key-manager COMMAND
|
|
@@ -32,7 +32,7 @@ Initialize the secret with initial keys
|
|
|
32
32
|
|
|
33
33
|
```
|
|
34
34
|
USAGE
|
|
35
|
-
$ key-manager initialize -c local|cluster [--json] [-n <value>] [-s <value>] [-l <value
|
|
35
|
+
$ key-manager initialize -c local|cluster [--json] [-n <value>] [-s <value>] [-l <value>...] [--recreate]
|
|
36
36
|
|
|
37
37
|
FLAGS
|
|
38
38
|
-c, --config=<option> (required) use local or in-cluster Kubernetes config
|
|
@@ -60,7 +60,7 @@ EXAMPLES
|
|
|
60
60
|
$ key-manager initialize --additional-label "app.kubernetes.io/instance: passmower"
|
|
61
61
|
```
|
|
62
62
|
|
|
63
|
-
_See code: [src/commands/initialize.ts](https://github.com/codemowers/oidc-key-manager/blob/v1.
|
|
63
|
+
_See code: [src/commands/initialize.ts](https://github.com/codemowers/oidc-key-manager/blob/v1.2.0/src/commands/initialize.ts)_
|
|
64
64
|
|
|
65
65
|
## `key-manager rotate`
|
|
66
66
|
|
|
@@ -68,7 +68,7 @@ Append new JWK|cookie key|both and rotate the array, optionally restarting the d
|
|
|
68
68
|
|
|
69
69
|
```
|
|
70
70
|
USAGE
|
|
71
|
-
$ key-manager rotate -c local|cluster [-n <value>] [-s <value>] [-l <value
|
|
71
|
+
$ key-manager rotate -c local|cluster [-n <value>] [-s <value>] [-l <value>...] [--both] [--jwks]
|
|
72
72
|
[--cookie-keys] [--max-number-of-jwks <value>] [--max-number-of-cookie-keys <value>] [--restart-deployment-backoff
|
|
73
73
|
<value> --restart-deployment <value>]
|
|
74
74
|
|
|
@@ -93,5 +93,5 @@ EXAMPLES
|
|
|
93
93
|
$ key-manager rotate
|
|
94
94
|
```
|
|
95
95
|
|
|
96
|
-
_See code: [src/commands/rotate.ts](https://github.com/codemowers/oidc-key-manager/blob/v1.
|
|
96
|
+
_See code: [src/commands/rotate.ts](https://github.com/codemowers/oidc-key-manager/blob/v1.2.0/src/commands/rotate.ts)_
|
|
97
97
|
<!-- commandsstop -->
|
package/dist/commands/rotate.js
CHANGED
|
@@ -37,7 +37,7 @@ class Rotate extends core_1.Command {
|
|
|
37
37
|
if (flags.both || flags.jwks) {
|
|
38
38
|
secret.rotateJWKs();
|
|
39
39
|
}
|
|
40
|
-
if (flags.both || flags
|
|
40
|
+
if (flags.both || flags['cookie-keys']) {
|
|
41
41
|
secret.rotateCookieKeys();
|
|
42
42
|
}
|
|
43
43
|
await kubeApiService.replaceSecret(secret, flags.additionalLabel);
|
|
@@ -4,6 +4,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
4
4
|
exports.KubeApiService = void 0;
|
|
5
5
|
const tslib_1 = require("tslib");
|
|
6
6
|
const client_node_1 = require("@kubernetes/client-node");
|
|
7
|
+
const rx = tslib_1.__importStar(require("@kubernetes/client-node/dist/gen/rxjsStub.js"));
|
|
7
8
|
const common_flags_1 = require("./common-flags");
|
|
8
9
|
const Undefined = 'undefined';
|
|
9
10
|
class KubeApiService {
|
|
@@ -29,24 +30,38 @@ class KubeApiService {
|
|
|
29
30
|
}
|
|
30
31
|
async restartDeployment(deploymentName, timeoutInSeconds) {
|
|
31
32
|
this.command.log(`Restarting deployment ${deploymentName}`);
|
|
32
|
-
await this.appsV1Api.patchNamespacedDeployment(
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
33
|
+
await this.appsV1Api.patchNamespacedDeployment({
|
|
34
|
+
name: deploymentName,
|
|
35
|
+
namespace: this.namespace,
|
|
36
|
+
body: {
|
|
37
|
+
spec: {
|
|
38
|
+
template: {
|
|
39
|
+
metadata: {
|
|
40
|
+
annotations: {
|
|
41
|
+
'kubectl.kubernetes.io/restartedAt': String(Date.now()),
|
|
42
|
+
},
|
|
38
43
|
},
|
|
39
44
|
},
|
|
40
45
|
},
|
|
41
46
|
},
|
|
42
|
-
},
|
|
47
|
+
}, {
|
|
48
|
+
middleware: [{
|
|
49
|
+
pre(context) {
|
|
50
|
+
context.setHeaderParam('Content-Type', 'application/strategic-merge-patch+json');
|
|
51
|
+
return rx.of(context);
|
|
52
|
+
},
|
|
53
|
+
post(context) {
|
|
54
|
+
return rx.of(context);
|
|
55
|
+
},
|
|
56
|
+
}],
|
|
57
|
+
});
|
|
43
58
|
return new Promise((resolve, reject) => {
|
|
44
59
|
const timeout = setTimeout(() => {
|
|
45
60
|
informer.stop();
|
|
46
61
|
reject(new Error(`Failed to observe new ReplicaSet before ${timeoutInSeconds} seconds`));
|
|
47
62
|
}, timeoutInSeconds * 1000);
|
|
48
63
|
// eslint-disable-next-line unicorn/consistent-function-scoping
|
|
49
|
-
const listFn = () => this.appsV1Api.listNamespacedDeployment(this.namespace);
|
|
64
|
+
const listFn = () => this.appsV1Api.listNamespacedDeployment({ namespace: this.namespace });
|
|
50
65
|
const informer = (0, client_node_1.makeInformer)(this.kc, `/apis/apps/v1/namespaces/${this.namespace}/deployments/`, listFn);
|
|
51
66
|
informer.on('update', (obj) => {
|
|
52
67
|
var _a, _b;
|
|
@@ -67,10 +82,13 @@ class KubeApiService {
|
|
|
67
82
|
}
|
|
68
83
|
async getSecret() {
|
|
69
84
|
this.command.log(`Checking if secret ${this.secretName} exists`);
|
|
70
|
-
const secret = await this.coreV1Api.readNamespacedSecret(
|
|
71
|
-
|
|
72
|
-
.
|
|
73
|
-
|
|
85
|
+
const secret = await this.coreV1Api.readNamespacedSecret({
|
|
86
|
+
name: this.secretName,
|
|
87
|
+
namespace: this.namespace,
|
|
88
|
+
})
|
|
89
|
+
.catch((error) => {
|
|
90
|
+
var _a;
|
|
91
|
+
if (error.statusCode !== 404 && error.code !== 404 && ((_a = error.response) === null || _a === void 0 ? void 0 : _a.statusCode) !== 404) {
|
|
74
92
|
this.command.error(error);
|
|
75
93
|
}
|
|
76
94
|
return null;
|
|
@@ -80,13 +98,19 @@ class KubeApiService {
|
|
|
80
98
|
}
|
|
81
99
|
async deleteSecret() {
|
|
82
100
|
this.command.log(`Deleting existing secret ${this.secretName}`);
|
|
83
|
-
await this.coreV1Api.deleteNamespacedSecret(
|
|
101
|
+
await this.coreV1Api.deleteNamespacedSecret({
|
|
102
|
+
name: this.secretName,
|
|
103
|
+
namespace: this.namespace,
|
|
104
|
+
}).then(() => true);
|
|
84
105
|
this.command.log(`Existing secret ${this.secretName} deleted`);
|
|
85
106
|
}
|
|
86
107
|
async createSecret(secret, labels) {
|
|
87
108
|
this.command.log(`Creating secret ${this.secretName}`);
|
|
88
109
|
try {
|
|
89
|
-
await this.coreV1Api.createNamespacedSecret(
|
|
110
|
+
await this.coreV1Api.createNamespacedSecret({
|
|
111
|
+
namespace: this.namespace,
|
|
112
|
+
body: secret.toKubeSecret(this.secretName, labels),
|
|
113
|
+
});
|
|
90
114
|
}
|
|
91
115
|
catch (error) {
|
|
92
116
|
console.error(error);
|
|
@@ -95,7 +119,11 @@ class KubeApiService {
|
|
|
95
119
|
}
|
|
96
120
|
async replaceSecret(secret, labels) {
|
|
97
121
|
this.command.log(`Replacing secret ${this.secretName}`);
|
|
98
|
-
await this.coreV1Api.replaceNamespacedSecret(
|
|
122
|
+
await this.coreV1Api.replaceNamespacedSecret({
|
|
123
|
+
name: this.secretName,
|
|
124
|
+
namespace: this.namespace,
|
|
125
|
+
body: secret.toKubeSecret(this.secretName, labels),
|
|
126
|
+
});
|
|
99
127
|
}
|
|
100
128
|
}
|
|
101
129
|
exports.KubeApiService = KubeApiService;
|
package/dist/helpers/secret.js
CHANGED
|
@@ -50,7 +50,7 @@ exports.Secret = Secret;
|
|
|
50
50
|
_Secret_instances = new WeakSet(), _Secret_append = function _Secret_append(property, maxNumber, generatorFn) {
|
|
51
51
|
if (this[property].length + 1 > maxNumber) {
|
|
52
52
|
this.command.log(`Removing extra ${this[property].length + 1 - maxNumber} ${property}`);
|
|
53
|
-
this.
|
|
53
|
+
this[property].splice(maxNumber - 1);
|
|
54
54
|
}
|
|
55
55
|
this.command.log(`Appending new value to end of ${property}`);
|
|
56
56
|
this[property] = [...this[property], generatorFn()];
|
package/dist/index.js
CHANGED
package/oclif.manifest.json
CHANGED
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@codemowers/oidc-key-manager",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.2.0",
|
|
4
4
|
"description": "CLI to manage secret keys required by oidc-gateway",
|
|
5
5
|
"author": "Erki Aas",
|
|
6
6
|
"bin": {
|
|
@@ -17,28 +17,29 @@
|
|
|
17
17
|
"/oclif.manifest.json"
|
|
18
18
|
],
|
|
19
19
|
"dependencies": {
|
|
20
|
-
"@kubernetes/client-node": "^
|
|
21
|
-
"@oclif/core": "^
|
|
22
|
-
"@oclif/plugin-help": "^6.
|
|
20
|
+
"@kubernetes/client-node": "^1.4.0",
|
|
21
|
+
"@oclif/core": "^4.8.0",
|
|
22
|
+
"@oclif/plugin-help": "^6.2.37",
|
|
23
23
|
"@oclif/plugin-plugins": "^2.4.7",
|
|
24
|
-
"@types/jsrsasign": "^10.5.
|
|
24
|
+
"@types/jsrsasign": "^10.5.15",
|
|
25
25
|
"jsrsasign": "^11.1.0"
|
|
26
26
|
},
|
|
27
27
|
"devDependencies": {
|
|
28
|
-
"@oclif/test": "^
|
|
29
|
-
"@types/chai": "^
|
|
30
|
-
"@types/mocha": "^10.0.
|
|
31
|
-
"@types/node": "^
|
|
28
|
+
"@oclif/test": "^4.1.16",
|
|
29
|
+
"@types/chai": "^5.2.3",
|
|
30
|
+
"@types/mocha": "^10.0.10",
|
|
31
|
+
"@types/node": "^25.2.0",
|
|
32
|
+
"@types/ws": "^8.18.1",
|
|
32
33
|
"chai": "^5.1.0",
|
|
33
|
-
"eslint": "^
|
|
34
|
-
"eslint-config-oclif": "^
|
|
35
|
-
"eslint-config-oclif-typescript": "^
|
|
36
|
-
"mocha": "^
|
|
37
|
-
"oclif": "^4.
|
|
38
|
-
"shx": "^0.
|
|
34
|
+
"eslint": "^9.19.0",
|
|
35
|
+
"eslint-config-oclif": "^6.0.137",
|
|
36
|
+
"eslint-config-oclif-typescript": "^3.1.14",
|
|
37
|
+
"mocha": "^11.3.0",
|
|
38
|
+
"oclif": "^4.22.73",
|
|
39
|
+
"shx": "^0.4.0",
|
|
39
40
|
"ts-node": "^10.9.2",
|
|
40
|
-
"tslib": "^2.
|
|
41
|
-
"typescript": "^5.
|
|
41
|
+
"tslib": "^2.8.1",
|
|
42
|
+
"typescript": "^5.9.3"
|
|
42
43
|
},
|
|
43
44
|
"oclif": {
|
|
44
45
|
"bin": "key-manager",
|