@contractspec/lib.contracts-integrations 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -0
- package/dist/index.d.ts +11 -0
- package/dist/index.js +3676 -0
- package/dist/integrations/binding.d.ts +14 -0
- package/dist/integrations/binding.js +1 -0
- package/dist/integrations/connection.d.ts +47 -0
- package/dist/integrations/connection.js +1 -0
- package/dist/integrations/docs/integrations.docblock.d.ts +2 -0
- package/dist/integrations/docs/integrations.docblock.js +110 -0
- package/dist/integrations/health.d.ts +17 -0
- package/dist/integrations/health.js +73 -0
- package/dist/integrations/health.test.d.ts +1 -0
- package/dist/integrations/index.d.ts +11 -0
- package/dist/integrations/index.js +3264 -0
- package/dist/integrations/integrations.capability.d.ts +1 -0
- package/dist/integrations/integrations.capability.js +18 -0
- package/dist/integrations/integrations.feature.d.ts +5 -0
- package/dist/integrations/integrations.feature.js +33 -0
- package/dist/integrations/meeting-recorder/contracts/index.d.ts +7 -0
- package/dist/integrations/meeting-recorder/contracts/index.js +474 -0
- package/dist/integrations/meeting-recorder/contracts/meetings.d.ts +451 -0
- package/dist/integrations/meeting-recorder/contracts/meetings.js +219 -0
- package/dist/integrations/meeting-recorder/contracts/transcripts.d.ts +166 -0
- package/dist/integrations/meeting-recorder/contracts/transcripts.js +287 -0
- package/dist/integrations/meeting-recorder/contracts/webhooks.d.ts +85 -0
- package/dist/integrations/meeting-recorder/contracts/webhooks.js +172 -0
- package/dist/integrations/meeting-recorder/meeting-recorder.capability.d.ts +1 -0
- package/dist/integrations/meeting-recorder/meeting-recorder.capability.js +18 -0
- package/dist/integrations/meeting-recorder/meeting-recorder.feature.d.ts +5 -0
- package/dist/integrations/meeting-recorder/meeting-recorder.feature.js +33 -0
- package/dist/integrations/meeting-recorder/models.d.ts +402 -0
- package/dist/integrations/meeting-recorder/models.js +122 -0
- package/dist/integrations/meeting-recorder/telemetry.d.ts +13 -0
- package/dist/integrations/meeting-recorder/telemetry.js +54 -0
- package/dist/integrations/openbanking/contracts/accounts.d.ts +282 -0
- package/dist/integrations/openbanking/contracts/accounts.js +328 -0
- package/dist/integrations/openbanking/contracts/balances.d.ts +158 -0
- package/dist/integrations/openbanking/contracts/balances.js +292 -0
- package/dist/integrations/openbanking/contracts/index.d.ts +7 -0
- package/dist/integrations/openbanking/contracts/index.js +644 -0
- package/dist/integrations/openbanking/contracts/transactions.d.ts +206 -0
- package/dist/integrations/openbanking/contracts/transactions.js +298 -0
- package/dist/integrations/openbanking/guards.d.ts +8 -0
- package/dist/integrations/openbanking/guards.js +42 -0
- package/dist/integrations/openbanking/guards.test.d.ts +1 -0
- package/dist/integrations/openbanking/models.d.ts +223 -0
- package/dist/integrations/openbanking/models.js +110 -0
- package/dist/integrations/openbanking/openbanking.capability.d.ts +1 -0
- package/dist/integrations/openbanking/openbanking.capability.js +18 -0
- package/dist/integrations/openbanking/openbanking.feature.d.ts +5 -0
- package/dist/integrations/openbanking/openbanking.feature.js +35 -0
- package/dist/integrations/openbanking/telemetry.d.ts +12 -0
- package/dist/integrations/openbanking/telemetry.js +51 -0
- package/dist/integrations/operations.d.ts +430 -0
- package/dist/integrations/operations.js +297 -0
- package/dist/integrations/operations.test.d.ts +1 -0
- package/dist/integrations/providers/analytics-reader.d.ts +103 -0
- package/dist/integrations/providers/analytics-reader.js +1 -0
- package/dist/integrations/providers/analytics-writer.d.ts +6 -0
- package/dist/integrations/providers/analytics-writer.js +1 -0
- package/dist/integrations/providers/analytics.d.ts +47 -0
- package/dist/integrations/providers/analytics.js +1 -0
- package/dist/integrations/providers/calendar.d.ts +75 -0
- package/dist/integrations/providers/calendar.js +1 -0
- package/dist/integrations/providers/database.d.ts +12 -0
- package/dist/integrations/providers/database.js +1 -0
- package/dist/integrations/providers/elevenlabs.d.ts +3 -0
- package/dist/integrations/providers/elevenlabs.js +86 -0
- package/dist/integrations/providers/email.d.ts +83 -0
- package/dist/integrations/providers/email.js +1 -0
- package/dist/integrations/providers/embedding.d.ts +21 -0
- package/dist/integrations/providers/embedding.js +1 -0
- package/dist/integrations/providers/fal.d.ts +3 -0
- package/dist/integrations/providers/fal.js +112 -0
- package/dist/integrations/providers/fathom.d.ts +3 -0
- package/dist/integrations/providers/fathom.js +126 -0
- package/dist/integrations/providers/fireflies.d.ts +3 -0
- package/dist/integrations/providers/fireflies.js +106 -0
- package/dist/integrations/providers/gcs-storage.d.ts +3 -0
- package/dist/integrations/providers/gcs-storage.js +97 -0
- package/dist/integrations/providers/gmail.d.ts +3 -0
- package/dist/integrations/providers/gmail.js +109 -0
- package/dist/integrations/providers/google-calendar.d.ts +3 -0
- package/dist/integrations/providers/google-calendar.js +92 -0
- package/dist/integrations/providers/gradium.d.ts +3 -0
- package/dist/integrations/providers/gradium.js +110 -0
- package/dist/integrations/providers/granola.d.ts +3 -0
- package/dist/integrations/providers/granola.js +107 -0
- package/dist/integrations/providers/index.d.ts +38 -0
- package/dist/integrations/providers/index.js +2094 -0
- package/dist/integrations/providers/jira.d.ts +3 -0
- package/dist/integrations/providers/jira.js +108 -0
- package/dist/integrations/providers/linear.d.ts +3 -0
- package/dist/integrations/providers/linear.js +107 -0
- package/dist/integrations/providers/llm.d.ts +79 -0
- package/dist/integrations/providers/llm.js +1 -0
- package/dist/integrations/providers/meeting-recorder.d.ts +129 -0
- package/dist/integrations/providers/meeting-recorder.js +1 -0
- package/dist/integrations/providers/mistral.d.ts +3 -0
- package/dist/integrations/providers/mistral.js +94 -0
- package/dist/integrations/providers/notion.d.ts +3 -0
- package/dist/integrations/providers/notion.js +113 -0
- package/dist/integrations/providers/openbanking.d.ts +125 -0
- package/dist/integrations/providers/openbanking.js +1 -0
- package/dist/integrations/providers/payments.d.ts +106 -0
- package/dist/integrations/providers/payments.js +1 -0
- package/dist/integrations/providers/posthog-llm-telemetry.d.ts +51 -0
- package/dist/integrations/providers/posthog-llm-telemetry.js +176 -0
- package/dist/integrations/providers/posthog.d.ts +3 -0
- package/dist/integrations/providers/posthog.js +106 -0
- package/dist/integrations/providers/postmark.d.ts +3 -0
- package/dist/integrations/providers/postmark.js +98 -0
- package/dist/integrations/providers/powens.d.ts +3 -0
- package/dist/integrations/providers/powens.js +124 -0
- package/dist/integrations/providers/project-management.d.ts +32 -0
- package/dist/integrations/providers/project-management.js +1 -0
- package/dist/integrations/providers/providers.test.d.ts +1 -0
- package/dist/integrations/providers/qdrant.d.ts +3 -0
- package/dist/integrations/providers/qdrant.js +101 -0
- package/dist/integrations/providers/registry.d.ts +6 -0
- package/dist/integrations/providers/registry.js +1878 -0
- package/dist/integrations/providers/sms.d.ts +31 -0
- package/dist/integrations/providers/sms.js +1 -0
- package/dist/integrations/providers/storage.d.ts +57 -0
- package/dist/integrations/providers/storage.js +1 -0
- package/dist/integrations/providers/stripe.d.ts +3 -0
- package/dist/integrations/providers/stripe.js +105 -0
- package/dist/integrations/providers/supabase-postgres.d.ts +3 -0
- package/dist/integrations/providers/supabase-postgres.js +87 -0
- package/dist/integrations/providers/supabase-vector.d.ts +3 -0
- package/dist/integrations/providers/supabase-vector.js +107 -0
- package/dist/integrations/providers/tldv.d.ts +3 -0
- package/dist/integrations/providers/tldv.js +106 -0
- package/dist/integrations/providers/twilio-sms.d.ts +3 -0
- package/dist/integrations/providers/twilio-sms.js +91 -0
- package/dist/integrations/providers/vector-store.d.ts +39 -0
- package/dist/integrations/providers/vector-store.js +1 -0
- package/dist/integrations/providers/voice.d.ts +31 -0
- package/dist/integrations/providers/voice.js +1 -0
- package/dist/integrations/runtime.d.ts +95 -0
- package/dist/integrations/runtime.js +209 -0
- package/dist/integrations/runtime.test.d.ts +1 -0
- package/dist/integrations/secrets/aws-secret-manager.d.ts +28 -0
- package/dist/integrations/secrets/aws-secret-manager.js +346 -0
- package/dist/integrations/secrets/env-secret-provider.d.ts +28 -0
- package/dist/integrations/secrets/env-secret-provider.js +159 -0
- package/dist/integrations/secrets/gcp-secret-manager.d.ts +29 -0
- package/dist/integrations/secrets/gcp-secret-manager.js +347 -0
- package/dist/integrations/secrets/index.d.ts +6 -0
- package/dist/integrations/secrets/index.js +1129 -0
- package/dist/integrations/secrets/manager.d.ts +44 -0
- package/dist/integrations/secrets/manager.js +183 -0
- package/dist/integrations/secrets/provider.d.ts +49 -0
- package/dist/integrations/secrets/provider.js +74 -0
- package/dist/integrations/secrets/provider.test.d.ts +1 -0
- package/dist/integrations/secrets/scaleway-secret-manager.d.ts +35 -0
- package/dist/integrations/secrets/scaleway-secret-manager.js +375 -0
- package/dist/integrations/secrets-types.d.ts +14 -0
- package/dist/integrations/secrets-types.js +1 -0
- package/dist/integrations/spec.d.ts +72 -0
- package/dist/integrations/spec.js +22 -0
- package/dist/integrations/spec.test.d.ts +1 -0
- package/dist/node/index.js +3675 -0
- package/dist/node/integrations/binding.js +0 -0
- package/dist/node/integrations/connection.js +0 -0
- package/dist/node/integrations/docs/integrations.docblock.js +109 -0
- package/dist/node/integrations/health.js +72 -0
- package/dist/node/integrations/index.js +3263 -0
- package/dist/node/integrations/integrations.capability.js +17 -0
- package/dist/node/integrations/integrations.feature.js +32 -0
- package/dist/node/integrations/meeting-recorder/contracts/index.js +473 -0
- package/dist/node/integrations/meeting-recorder/contracts/meetings.js +218 -0
- package/dist/node/integrations/meeting-recorder/contracts/transcripts.js +286 -0
- package/dist/node/integrations/meeting-recorder/contracts/webhooks.js +171 -0
- package/dist/node/integrations/meeting-recorder/meeting-recorder.capability.js +17 -0
- package/dist/node/integrations/meeting-recorder/meeting-recorder.feature.js +32 -0
- package/dist/node/integrations/meeting-recorder/models.js +121 -0
- package/dist/node/integrations/meeting-recorder/telemetry.js +53 -0
- package/dist/node/integrations/openbanking/contracts/accounts.js +327 -0
- package/dist/node/integrations/openbanking/contracts/balances.js +291 -0
- package/dist/node/integrations/openbanking/contracts/index.js +643 -0
- package/dist/node/integrations/openbanking/contracts/transactions.js +297 -0
- package/dist/node/integrations/openbanking/guards.js +41 -0
- package/dist/node/integrations/openbanking/models.js +109 -0
- package/dist/node/integrations/openbanking/openbanking.capability.js +17 -0
- package/dist/node/integrations/openbanking/openbanking.feature.js +34 -0
- package/dist/node/integrations/openbanking/telemetry.js +50 -0
- package/dist/node/integrations/operations.js +296 -0
- package/dist/node/integrations/providers/analytics-reader.js +0 -0
- package/dist/node/integrations/providers/analytics-writer.js +0 -0
- package/dist/node/integrations/providers/analytics.js +0 -0
- package/dist/node/integrations/providers/calendar.js +0 -0
- package/dist/node/integrations/providers/database.js +0 -0
- package/dist/node/integrations/providers/elevenlabs.js +85 -0
- package/dist/node/integrations/providers/email.js +0 -0
- package/dist/node/integrations/providers/embedding.js +0 -0
- package/dist/node/integrations/providers/fal.js +111 -0
- package/dist/node/integrations/providers/fathom.js +125 -0
- package/dist/node/integrations/providers/fireflies.js +105 -0
- package/dist/node/integrations/providers/gcs-storage.js +96 -0
- package/dist/node/integrations/providers/gmail.js +108 -0
- package/dist/node/integrations/providers/google-calendar.js +91 -0
- package/dist/node/integrations/providers/gradium.js +109 -0
- package/dist/node/integrations/providers/granola.js +106 -0
- package/dist/node/integrations/providers/index.js +2093 -0
- package/dist/node/integrations/providers/jira.js +107 -0
- package/dist/node/integrations/providers/linear.js +106 -0
- package/dist/node/integrations/providers/llm.js +0 -0
- package/dist/node/integrations/providers/meeting-recorder.js +0 -0
- package/dist/node/integrations/providers/mistral.js +93 -0
- package/dist/node/integrations/providers/notion.js +112 -0
- package/dist/node/integrations/providers/openbanking.js +0 -0
- package/dist/node/integrations/providers/payments.js +0 -0
- package/dist/node/integrations/providers/posthog-llm-telemetry.js +175 -0
- package/dist/node/integrations/providers/posthog.js +105 -0
- package/dist/node/integrations/providers/postmark.js +97 -0
- package/dist/node/integrations/providers/powens.js +123 -0
- package/dist/node/integrations/providers/project-management.js +0 -0
- package/dist/node/integrations/providers/qdrant.js +100 -0
- package/dist/node/integrations/providers/registry.js +1877 -0
- package/dist/node/integrations/providers/sms.js +0 -0
- package/dist/node/integrations/providers/storage.js +0 -0
- package/dist/node/integrations/providers/stripe.js +104 -0
- package/dist/node/integrations/providers/supabase-postgres.js +86 -0
- package/dist/node/integrations/providers/supabase-vector.js +106 -0
- package/dist/node/integrations/providers/tldv.js +105 -0
- package/dist/node/integrations/providers/twilio-sms.js +90 -0
- package/dist/node/integrations/providers/vector-store.js +0 -0
- package/dist/node/integrations/providers/voice.js +0 -0
- package/dist/node/integrations/runtime.js +208 -0
- package/dist/node/integrations/secrets/aws-secret-manager.js +345 -0
- package/dist/node/integrations/secrets/env-secret-provider.js +158 -0
- package/dist/node/integrations/secrets/gcp-secret-manager.js +346 -0
- package/dist/node/integrations/secrets/index.js +1128 -0
- package/dist/node/integrations/secrets/manager.js +182 -0
- package/dist/node/integrations/secrets/provider.js +73 -0
- package/dist/node/integrations/secrets/scaleway-secret-manager.js +374 -0
- package/dist/node/integrations/secrets-types.js +0 -0
- package/dist/node/integrations/spec.js +21 -0
- package/package.json +1029 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
// @bun
|
|
@@ -0,0 +1,95 @@
|
|
|
1
|
+
import type { ResolvedAppConfig, ResolvedIntegration } from '@contractspec/lib.contracts-spec/app-config/runtime';
|
|
2
|
+
import type { ConnectionStatus, IntegrationConnection } from './connection';
|
|
3
|
+
import type { IntegrationSpec } from './spec';
|
|
4
|
+
import type { SecretProvider } from './secrets/provider';
|
|
5
|
+
export interface IntegrationTraceMetadata {
|
|
6
|
+
blueprintName: string;
|
|
7
|
+
blueprintVersion: string;
|
|
8
|
+
configVersion: string;
|
|
9
|
+
}
|
|
10
|
+
export interface IntegrationTelemetryEvent {
|
|
11
|
+
tenantId: string;
|
|
12
|
+
appId: string;
|
|
13
|
+
environment?: string;
|
|
14
|
+
slotId?: string;
|
|
15
|
+
integrationKey: string;
|
|
16
|
+
integrationVersion: string;
|
|
17
|
+
connectionId: string;
|
|
18
|
+
status: 'success' | 'error';
|
|
19
|
+
durationMs?: number;
|
|
20
|
+
errorCode?: string;
|
|
21
|
+
errorMessage?: string;
|
|
22
|
+
occurredAt: Date;
|
|
23
|
+
metadata?: Record<string, string | number | boolean>;
|
|
24
|
+
}
|
|
25
|
+
export interface IntegrationTelemetryEmitter {
|
|
26
|
+
record(event: IntegrationTelemetryEvent): Promise<void> | void;
|
|
27
|
+
}
|
|
28
|
+
export type IntegrationInvocationStatus = 'success' | 'error';
|
|
29
|
+
export interface IntegrationContext {
|
|
30
|
+
tenantId: string;
|
|
31
|
+
appId: string;
|
|
32
|
+
environment?: string;
|
|
33
|
+
slotId?: string;
|
|
34
|
+
spec: IntegrationSpec;
|
|
35
|
+
connection: IntegrationConnection;
|
|
36
|
+
secretProvider: SecretProvider;
|
|
37
|
+
secretReference: string;
|
|
38
|
+
trace: IntegrationTraceMetadata;
|
|
39
|
+
config?: Record<string, unknown>;
|
|
40
|
+
}
|
|
41
|
+
export interface IntegrationCallContext {
|
|
42
|
+
tenantId: string;
|
|
43
|
+
appId: string;
|
|
44
|
+
environment?: string;
|
|
45
|
+
blueprintName: string;
|
|
46
|
+
blueprintVersion: string;
|
|
47
|
+
configVersion: string;
|
|
48
|
+
slotId: string;
|
|
49
|
+
operation: string;
|
|
50
|
+
}
|
|
51
|
+
export interface IntegrationCallError {
|
|
52
|
+
code: string;
|
|
53
|
+
message: string;
|
|
54
|
+
retryable: boolean;
|
|
55
|
+
cause?: unknown;
|
|
56
|
+
}
|
|
57
|
+
export interface IntegrationCallResult<T> {
|
|
58
|
+
success: boolean;
|
|
59
|
+
data?: T;
|
|
60
|
+
error?: IntegrationCallError;
|
|
61
|
+
metadata: {
|
|
62
|
+
latencyMs: number;
|
|
63
|
+
connectionId: string;
|
|
64
|
+
ownershipMode: IntegrationConnection['ownershipMode'];
|
|
65
|
+
attempts: number;
|
|
66
|
+
};
|
|
67
|
+
}
|
|
68
|
+
export interface IntegrationCallGuardOptions {
|
|
69
|
+
telemetry?: IntegrationTelemetryEmitter;
|
|
70
|
+
maxAttempts?: number;
|
|
71
|
+
backoffMs?: number;
|
|
72
|
+
shouldRetry?: (error: unknown, attempt: number) => boolean;
|
|
73
|
+
sleep?: (ms: number) => Promise<void>;
|
|
74
|
+
now?: () => Date;
|
|
75
|
+
}
|
|
76
|
+
export declare class IntegrationCallGuard {
|
|
77
|
+
private readonly secretProvider;
|
|
78
|
+
private readonly telemetry?;
|
|
79
|
+
private readonly maxAttempts;
|
|
80
|
+
private readonly backoffMs;
|
|
81
|
+
private readonly shouldRetry;
|
|
82
|
+
private readonly sleep;
|
|
83
|
+
private readonly now;
|
|
84
|
+
constructor(secretProvider: SecretProvider, options?: IntegrationCallGuardOptions);
|
|
85
|
+
executeWithGuards<T>(slotId: string, operation: string, _input: unknown, resolvedConfig: ResolvedAppConfig, executor: (connection: IntegrationConnection, secrets: Record<string, string>) => Promise<T>): Promise<IntegrationCallResult<T>>;
|
|
86
|
+
private findIntegration;
|
|
87
|
+
private fetchSecrets;
|
|
88
|
+
private parseSecret;
|
|
89
|
+
private emitTelemetry;
|
|
90
|
+
private failure;
|
|
91
|
+
private makeContext;
|
|
92
|
+
private errorCodeFor;
|
|
93
|
+
}
|
|
94
|
+
export declare function ensureConnectionReady(integration: ResolvedIntegration): void;
|
|
95
|
+
export declare function connectionStatusLabel(status: ConnectionStatus): string;
|
|
@@ -0,0 +1,209 @@
|
|
|
1
|
+
// @bun
|
|
2
|
+
// src/integrations/runtime.ts
|
|
3
|
+
import { performance } from "perf_hooks";
|
|
4
|
+
var DEFAULT_MAX_ATTEMPTS = 3;
|
|
5
|
+
var DEFAULT_BACKOFF_MS = 250;
|
|
6
|
+
|
|
7
|
+
class IntegrationCallGuard {
|
|
8
|
+
secretProvider;
|
|
9
|
+
telemetry;
|
|
10
|
+
maxAttempts;
|
|
11
|
+
backoffMs;
|
|
12
|
+
shouldRetry;
|
|
13
|
+
sleep;
|
|
14
|
+
now;
|
|
15
|
+
constructor(secretProvider, options = {}) {
|
|
16
|
+
this.secretProvider = secretProvider;
|
|
17
|
+
this.telemetry = options.telemetry;
|
|
18
|
+
this.maxAttempts = Math.max(1, options.maxAttempts ?? DEFAULT_MAX_ATTEMPTS);
|
|
19
|
+
this.backoffMs = options.backoffMs ?? DEFAULT_BACKOFF_MS;
|
|
20
|
+
this.shouldRetry = options.shouldRetry ?? ((error) => typeof error === "object" && error !== null && ("retryable" in error) && Boolean(error.retryable));
|
|
21
|
+
this.sleep = options.sleep ?? ((ms) => ms <= 0 ? Promise.resolve() : new Promise((resolve) => setTimeout(resolve, ms)));
|
|
22
|
+
this.now = options.now ?? (() => new Date);
|
|
23
|
+
}
|
|
24
|
+
async executeWithGuards(slotId, operation, _input, resolvedConfig, executor) {
|
|
25
|
+
const integration = this.findIntegration(slotId, resolvedConfig);
|
|
26
|
+
if (!integration) {
|
|
27
|
+
return this.failure({
|
|
28
|
+
tenantId: resolvedConfig.tenantId,
|
|
29
|
+
appId: resolvedConfig.appId,
|
|
30
|
+
environment: resolvedConfig.environment,
|
|
31
|
+
blueprintName: resolvedConfig.blueprintName,
|
|
32
|
+
blueprintVersion: resolvedConfig.blueprintVersion,
|
|
33
|
+
configVersion: resolvedConfig.configVersion,
|
|
34
|
+
slotId,
|
|
35
|
+
operation
|
|
36
|
+
}, undefined, {
|
|
37
|
+
code: "SLOT_NOT_BOUND",
|
|
38
|
+
message: `Integration slot "${slotId}" is not bound for tenant "${resolvedConfig.tenantId}".`,
|
|
39
|
+
retryable: false
|
|
40
|
+
}, 0);
|
|
41
|
+
}
|
|
42
|
+
const status = integration.connection.status;
|
|
43
|
+
if (status === "disconnected" || status === "error") {
|
|
44
|
+
return this.failure(this.makeContext(slotId, operation, resolvedConfig), integration, {
|
|
45
|
+
code: "CONNECTION_NOT_READY",
|
|
46
|
+
message: `Integration connection "${integration.connection.meta.label}" is in status "${status}".`,
|
|
47
|
+
retryable: false
|
|
48
|
+
}, 0);
|
|
49
|
+
}
|
|
50
|
+
const secrets = await this.fetchSecrets(integration.connection);
|
|
51
|
+
let attempt = 0;
|
|
52
|
+
const started = performance.now();
|
|
53
|
+
while (attempt < this.maxAttempts) {
|
|
54
|
+
attempt += 1;
|
|
55
|
+
try {
|
|
56
|
+
const data = await executor(integration.connection, secrets);
|
|
57
|
+
const duration = performance.now() - started;
|
|
58
|
+
this.emitTelemetry(this.makeContext(slotId, operation, resolvedConfig), integration, "success", duration);
|
|
59
|
+
return {
|
|
60
|
+
success: true,
|
|
61
|
+
data,
|
|
62
|
+
metadata: {
|
|
63
|
+
latencyMs: duration,
|
|
64
|
+
connectionId: integration.connection.meta.id,
|
|
65
|
+
ownershipMode: integration.connection.ownershipMode,
|
|
66
|
+
attempts: attempt
|
|
67
|
+
}
|
|
68
|
+
};
|
|
69
|
+
} catch (error) {
|
|
70
|
+
const duration = performance.now() - started;
|
|
71
|
+
this.emitTelemetry(this.makeContext(slotId, operation, resolvedConfig), integration, "error", duration, this.errorCodeFor(error), error instanceof Error ? error.message : String(error));
|
|
72
|
+
const retryable = this.shouldRetry(error, attempt);
|
|
73
|
+
if (!retryable || attempt >= this.maxAttempts) {
|
|
74
|
+
return {
|
|
75
|
+
success: false,
|
|
76
|
+
error: {
|
|
77
|
+
code: this.errorCodeFor(error),
|
|
78
|
+
message: error instanceof Error ? error.message : String(error),
|
|
79
|
+
retryable,
|
|
80
|
+
cause: error
|
|
81
|
+
},
|
|
82
|
+
metadata: {
|
|
83
|
+
latencyMs: duration,
|
|
84
|
+
connectionId: integration.connection.meta.id,
|
|
85
|
+
ownershipMode: integration.connection.ownershipMode,
|
|
86
|
+
attempts: attempt
|
|
87
|
+
}
|
|
88
|
+
};
|
|
89
|
+
}
|
|
90
|
+
await this.sleep(this.backoffMs);
|
|
91
|
+
}
|
|
92
|
+
}
|
|
93
|
+
return {
|
|
94
|
+
success: false,
|
|
95
|
+
error: {
|
|
96
|
+
code: "UNKNOWN_ERROR",
|
|
97
|
+
message: "Integration call failed after retries.",
|
|
98
|
+
retryable: false
|
|
99
|
+
},
|
|
100
|
+
metadata: {
|
|
101
|
+
latencyMs: performance.now() - started,
|
|
102
|
+
connectionId: integration.connection.meta.id,
|
|
103
|
+
ownershipMode: integration.connection.ownershipMode,
|
|
104
|
+
attempts: this.maxAttempts
|
|
105
|
+
}
|
|
106
|
+
};
|
|
107
|
+
}
|
|
108
|
+
findIntegration(slotId, config) {
|
|
109
|
+
return config.integrations.find((integration) => integration.slot.slotId === slotId);
|
|
110
|
+
}
|
|
111
|
+
async fetchSecrets(connection) {
|
|
112
|
+
if (!this.secretProvider.canHandle(connection.secretRef)) {
|
|
113
|
+
throw new Error(`Secret provider "${this.secretProvider.id}" cannot handle reference "${connection.secretRef}".`);
|
|
114
|
+
}
|
|
115
|
+
const secret = await this.secretProvider.getSecret(connection.secretRef);
|
|
116
|
+
return this.parseSecret(secret);
|
|
117
|
+
}
|
|
118
|
+
parseSecret(secret) {
|
|
119
|
+
const text = new TextDecoder().decode(secret.data);
|
|
120
|
+
try {
|
|
121
|
+
const parsed = JSON.parse(text);
|
|
122
|
+
if (parsed && typeof parsed === "object" && !Array.isArray(parsed)) {
|
|
123
|
+
const entries = Object.entries(parsed).filter(([, value]) => typeof value === "string" || typeof value === "number" || typeof value === "boolean");
|
|
124
|
+
return Object.fromEntries(entries.map(([key, value]) => [key, String(value)]));
|
|
125
|
+
}
|
|
126
|
+
} catch {}
|
|
127
|
+
return { secret: text };
|
|
128
|
+
}
|
|
129
|
+
emitTelemetry(context, integration, status, durationMs, errorCode, errorMessage) {
|
|
130
|
+
if (!this.telemetry || !integration)
|
|
131
|
+
return;
|
|
132
|
+
this.telemetry.record({
|
|
133
|
+
tenantId: context.tenantId,
|
|
134
|
+
appId: context.appId,
|
|
135
|
+
environment: context.environment,
|
|
136
|
+
slotId: context.slotId,
|
|
137
|
+
integrationKey: integration.connection.meta.integrationKey,
|
|
138
|
+
integrationVersion: integration.connection.meta.integrationVersion,
|
|
139
|
+
connectionId: integration.connection.meta.id,
|
|
140
|
+
status,
|
|
141
|
+
durationMs,
|
|
142
|
+
errorCode,
|
|
143
|
+
errorMessage,
|
|
144
|
+
occurredAt: this.now(),
|
|
145
|
+
metadata: {
|
|
146
|
+
blueprint: `${context.blueprintName}.v${context.blueprintVersion}`,
|
|
147
|
+
configVersion: context.configVersion,
|
|
148
|
+
operation: context.operation
|
|
149
|
+
}
|
|
150
|
+
});
|
|
151
|
+
}
|
|
152
|
+
failure(context, integration, error, attempts) {
|
|
153
|
+
if (integration) {
|
|
154
|
+
this.emitTelemetry(context, integration, "error", 0, error.code, error.message);
|
|
155
|
+
}
|
|
156
|
+
return {
|
|
157
|
+
success: false,
|
|
158
|
+
error,
|
|
159
|
+
metadata: {
|
|
160
|
+
latencyMs: 0,
|
|
161
|
+
connectionId: integration?.connection.meta.id ?? "unknown",
|
|
162
|
+
ownershipMode: integration?.connection.ownershipMode ?? "managed",
|
|
163
|
+
attempts
|
|
164
|
+
}
|
|
165
|
+
};
|
|
166
|
+
}
|
|
167
|
+
makeContext(slotId, operation, config) {
|
|
168
|
+
return {
|
|
169
|
+
tenantId: config.tenantId,
|
|
170
|
+
appId: config.appId,
|
|
171
|
+
environment: config.environment,
|
|
172
|
+
blueprintName: config.blueprintName,
|
|
173
|
+
blueprintVersion: config.blueprintVersion,
|
|
174
|
+
configVersion: config.configVersion,
|
|
175
|
+
slotId,
|
|
176
|
+
operation
|
|
177
|
+
};
|
|
178
|
+
}
|
|
179
|
+
errorCodeFor(error) {
|
|
180
|
+
if (typeof error === "object" && error !== null && "code" in error && typeof error.code === "string") {
|
|
181
|
+
return error.code;
|
|
182
|
+
}
|
|
183
|
+
return "PROVIDER_ERROR";
|
|
184
|
+
}
|
|
185
|
+
}
|
|
186
|
+
function ensureConnectionReady(integration) {
|
|
187
|
+
const status = integration.connection.status;
|
|
188
|
+
if (status === "disconnected" || status === "error") {
|
|
189
|
+
throw new Error(`Integration connection "${integration.connection.meta.label}" is in status "${status}".`);
|
|
190
|
+
}
|
|
191
|
+
}
|
|
192
|
+
function connectionStatusLabel(status) {
|
|
193
|
+
switch (status) {
|
|
194
|
+
case "connected":
|
|
195
|
+
return "connected";
|
|
196
|
+
case "disconnected":
|
|
197
|
+
return "disconnected";
|
|
198
|
+
case "error":
|
|
199
|
+
return "error";
|
|
200
|
+
case "unknown":
|
|
201
|
+
default:
|
|
202
|
+
return "unknown";
|
|
203
|
+
}
|
|
204
|
+
}
|
|
205
|
+
export {
|
|
206
|
+
ensureConnectionReady,
|
|
207
|
+
connectionStatusLabel,
|
|
208
|
+
IntegrationCallGuard
|
|
209
|
+
};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
import { SecretsManagerClient } from '@aws-sdk/client-secrets-manager';
|
|
2
|
+
import type { SecretFetchOptions, SecretProvider, SecretReference, SecretRotationResult, SecretValue, SecretWritePayload } from './provider';
|
|
3
|
+
type AwsSecretsManagerClient = Pick<SecretsManagerClient, 'send'>;
|
|
4
|
+
type AwsSecretsManagerClientConfig = ConstructorParameters<typeof SecretsManagerClient>[0];
|
|
5
|
+
interface AwsSecretsManagerProviderOptions {
|
|
6
|
+
region?: string;
|
|
7
|
+
client?: AwsSecretsManagerClient;
|
|
8
|
+
clientConfig?: AwsSecretsManagerClientConfig;
|
|
9
|
+
}
|
|
10
|
+
export declare class AwsSecretsManagerProvider implements SecretProvider {
|
|
11
|
+
readonly id = "aws-secrets-manager";
|
|
12
|
+
private readonly explicitRegion?;
|
|
13
|
+
private readonly injectedClient?;
|
|
14
|
+
private readonly clientConfig?;
|
|
15
|
+
private readonly clientsByRegion;
|
|
16
|
+
constructor(options?: AwsSecretsManagerProviderOptions);
|
|
17
|
+
canHandle(reference: SecretReference): boolean;
|
|
18
|
+
getSecret(reference: SecretReference, options?: SecretFetchOptions): Promise<SecretValue>;
|
|
19
|
+
setSecret(reference: SecretReference, payload: SecretWritePayload): Promise<SecretRotationResult>;
|
|
20
|
+
rotateSecret(reference: SecretReference, payload: SecretWritePayload): Promise<SecretRotationResult>;
|
|
21
|
+
deleteSecret(reference: SecretReference): Promise<void>;
|
|
22
|
+
private getClient;
|
|
23
|
+
private parseReference;
|
|
24
|
+
private resolveRegion;
|
|
25
|
+
private buildVersionSelector;
|
|
26
|
+
private buildReference;
|
|
27
|
+
}
|
|
28
|
+
export {};
|
|
@@ -0,0 +1,346 @@
|
|
|
1
|
+
// @bun
|
|
2
|
+
// src/integrations/secrets/provider.ts
|
|
3
|
+
import { Buffer } from "buffer";
|
|
4
|
+
|
|
5
|
+
class SecretProviderError extends Error {
|
|
6
|
+
provider;
|
|
7
|
+
reference;
|
|
8
|
+
code;
|
|
9
|
+
cause;
|
|
10
|
+
constructor(params) {
|
|
11
|
+
super(params.message);
|
|
12
|
+
this.name = "SecretProviderError";
|
|
13
|
+
this.provider = params.provider;
|
|
14
|
+
this.reference = params.reference;
|
|
15
|
+
this.code = params.code ?? "UNKNOWN";
|
|
16
|
+
this.cause = params.cause;
|
|
17
|
+
}
|
|
18
|
+
}
|
|
19
|
+
function parseSecretUri(reference) {
|
|
20
|
+
if (!reference) {
|
|
21
|
+
throw new SecretProviderError({
|
|
22
|
+
message: "Secret reference cannot be empty",
|
|
23
|
+
provider: "unknown",
|
|
24
|
+
reference,
|
|
25
|
+
code: "INVALID"
|
|
26
|
+
});
|
|
27
|
+
}
|
|
28
|
+
const [scheme, rest] = reference.split("://");
|
|
29
|
+
if (!scheme || !rest) {
|
|
30
|
+
throw new SecretProviderError({
|
|
31
|
+
message: `Invalid secret reference: ${reference}`,
|
|
32
|
+
provider: "unknown",
|
|
33
|
+
reference,
|
|
34
|
+
code: "INVALID"
|
|
35
|
+
});
|
|
36
|
+
}
|
|
37
|
+
const queryIndex = rest.indexOf("?");
|
|
38
|
+
if (queryIndex === -1) {
|
|
39
|
+
return {
|
|
40
|
+
provider: scheme,
|
|
41
|
+
path: rest
|
|
42
|
+
};
|
|
43
|
+
}
|
|
44
|
+
const path = rest.slice(0, queryIndex);
|
|
45
|
+
const query = rest.slice(queryIndex + 1);
|
|
46
|
+
const extras = Object.fromEntries(query.split("&").filter(Boolean).map((pair) => {
|
|
47
|
+
const [keyRaw, valueRaw] = pair.split("=");
|
|
48
|
+
const key = keyRaw ?? "";
|
|
49
|
+
const value = valueRaw ?? "";
|
|
50
|
+
return [decodeURIComponent(key), decodeURIComponent(value)];
|
|
51
|
+
}));
|
|
52
|
+
return {
|
|
53
|
+
provider: scheme,
|
|
54
|
+
path,
|
|
55
|
+
extras
|
|
56
|
+
};
|
|
57
|
+
}
|
|
58
|
+
function normalizeSecretPayload(payload) {
|
|
59
|
+
if (payload.data instanceof Uint8Array) {
|
|
60
|
+
return payload.data;
|
|
61
|
+
}
|
|
62
|
+
if (payload.encoding === "base64") {
|
|
63
|
+
return Buffer.from(payload.data, "base64");
|
|
64
|
+
}
|
|
65
|
+
if (payload.encoding === "binary") {
|
|
66
|
+
return Buffer.from(payload.data, "binary");
|
|
67
|
+
}
|
|
68
|
+
return Buffer.from(payload.data, "utf-8");
|
|
69
|
+
}
|
|
70
|
+
|
|
71
|
+
// src/integrations/secrets/aws-secret-manager.ts
|
|
72
|
+
import { Buffer as Buffer2 } from "buffer";
|
|
73
|
+
import {
|
|
74
|
+
CreateSecretCommand,
|
|
75
|
+
DeleteSecretCommand,
|
|
76
|
+
GetSecretValueCommand,
|
|
77
|
+
PutSecretValueCommand,
|
|
78
|
+
SecretsManagerClient
|
|
79
|
+
} from "@aws-sdk/client-secrets-manager";
|
|
80
|
+
var DEFAULT_DELETE_RECOVERY_DAYS = 7;
|
|
81
|
+
|
|
82
|
+
class AwsSecretsManagerProvider {
|
|
83
|
+
id = "aws-secrets-manager";
|
|
84
|
+
explicitRegion;
|
|
85
|
+
injectedClient;
|
|
86
|
+
clientConfig;
|
|
87
|
+
clientsByRegion = new Map;
|
|
88
|
+
constructor(options = {}) {
|
|
89
|
+
this.explicitRegion = options.region;
|
|
90
|
+
this.injectedClient = options.client;
|
|
91
|
+
this.clientConfig = options.clientConfig;
|
|
92
|
+
}
|
|
93
|
+
canHandle(reference) {
|
|
94
|
+
try {
|
|
95
|
+
const parsed = parseSecretUri(reference);
|
|
96
|
+
return parsed.provider === "aws" && (parsed.path === "secretsmanager" || parsed.path.startsWith("secretsmanager/"));
|
|
97
|
+
} catch {
|
|
98
|
+
return false;
|
|
99
|
+
}
|
|
100
|
+
}
|
|
101
|
+
async getSecret(reference, options) {
|
|
102
|
+
const location = this.parseReference(reference);
|
|
103
|
+
const client = this.getClient(location.region);
|
|
104
|
+
const requestedVersion = options?.version ?? location.stage ?? location.version;
|
|
105
|
+
const input = {
|
|
106
|
+
SecretId: location.secretId,
|
|
107
|
+
...this.buildVersionSelector(requestedVersion)
|
|
108
|
+
};
|
|
109
|
+
try {
|
|
110
|
+
const result = await client.send(new GetSecretValueCommand(input));
|
|
111
|
+
const data = extractAwsSecretBytes(result, reference, this.id);
|
|
112
|
+
return {
|
|
113
|
+
data,
|
|
114
|
+
version: typeof result.VersionId === "string" && result.VersionId ? result.VersionId : requestedVersion,
|
|
115
|
+
metadata: {
|
|
116
|
+
region: location.region,
|
|
117
|
+
secretId: location.secretId,
|
|
118
|
+
...requestedVersion ? { requestedVersion } : {}
|
|
119
|
+
},
|
|
120
|
+
retrievedAt: new Date
|
|
121
|
+
};
|
|
122
|
+
} catch (error) {
|
|
123
|
+
throw toAwsSecretProviderError({
|
|
124
|
+
error,
|
|
125
|
+
provider: this.id,
|
|
126
|
+
reference,
|
|
127
|
+
operation: "getSecret"
|
|
128
|
+
});
|
|
129
|
+
}
|
|
130
|
+
}
|
|
131
|
+
async setSecret(reference, payload) {
|
|
132
|
+
const location = this.parseReference(reference);
|
|
133
|
+
const client = this.getClient(location.region);
|
|
134
|
+
const bytes = normalizeSecretPayload(payload);
|
|
135
|
+
try {
|
|
136
|
+
const result = await client.send(new PutSecretValueCommand({
|
|
137
|
+
SecretId: location.secretId,
|
|
138
|
+
SecretBinary: bytes
|
|
139
|
+
}));
|
|
140
|
+
const versionId = typeof result.VersionId === "string" && result.VersionId ? result.VersionId : "latest";
|
|
141
|
+
return {
|
|
142
|
+
reference: this.buildReference(location.region, location.secretId, {
|
|
143
|
+
version: versionId
|
|
144
|
+
}),
|
|
145
|
+
version: versionId
|
|
146
|
+
};
|
|
147
|
+
} catch (error) {
|
|
148
|
+
if (!isAwsNotFound(error)) {
|
|
149
|
+
throw toAwsSecretProviderError({
|
|
150
|
+
error,
|
|
151
|
+
provider: this.id,
|
|
152
|
+
reference,
|
|
153
|
+
operation: "putSecretValue"
|
|
154
|
+
});
|
|
155
|
+
}
|
|
156
|
+
if (looksLikeAwsArn(location.secretId)) {
|
|
157
|
+
throw new SecretProviderError({
|
|
158
|
+
message: `Secret not found: ${location.secretId}`,
|
|
159
|
+
provider: this.id,
|
|
160
|
+
reference,
|
|
161
|
+
code: "NOT_FOUND",
|
|
162
|
+
cause: error
|
|
163
|
+
});
|
|
164
|
+
}
|
|
165
|
+
try {
|
|
166
|
+
const created = await client.send(new CreateSecretCommand({
|
|
167
|
+
Name: location.secretId,
|
|
168
|
+
SecretBinary: bytes
|
|
169
|
+
}));
|
|
170
|
+
const versionId = typeof created.VersionId === "string" && created.VersionId ? created.VersionId : "latest";
|
|
171
|
+
return {
|
|
172
|
+
reference: this.buildReference(location.region, location.secretId, {
|
|
173
|
+
version: versionId
|
|
174
|
+
}),
|
|
175
|
+
version: versionId
|
|
176
|
+
};
|
|
177
|
+
} catch (creationError) {
|
|
178
|
+
throw toAwsSecretProviderError({
|
|
179
|
+
error: creationError,
|
|
180
|
+
provider: this.id,
|
|
181
|
+
reference,
|
|
182
|
+
operation: "createSecret"
|
|
183
|
+
});
|
|
184
|
+
}
|
|
185
|
+
}
|
|
186
|
+
}
|
|
187
|
+
async rotateSecret(reference, payload) {
|
|
188
|
+
return this.setSecret(reference, payload);
|
|
189
|
+
}
|
|
190
|
+
async deleteSecret(reference) {
|
|
191
|
+
const location = this.parseReference(reference);
|
|
192
|
+
const client = this.getClient(location.region);
|
|
193
|
+
try {
|
|
194
|
+
await client.send(new DeleteSecretCommand({
|
|
195
|
+
SecretId: location.secretId,
|
|
196
|
+
RecoveryWindowInDays: DEFAULT_DELETE_RECOVERY_DAYS
|
|
197
|
+
}));
|
|
198
|
+
} catch (error) {
|
|
199
|
+
throw toAwsSecretProviderError({
|
|
200
|
+
error,
|
|
201
|
+
provider: this.id,
|
|
202
|
+
reference,
|
|
203
|
+
operation: "deleteSecret"
|
|
204
|
+
});
|
|
205
|
+
}
|
|
206
|
+
}
|
|
207
|
+
getClient(region) {
|
|
208
|
+
if (this.injectedClient) {
|
|
209
|
+
return this.injectedClient;
|
|
210
|
+
}
|
|
211
|
+
const cached = this.clientsByRegion.get(region);
|
|
212
|
+
if (cached) {
|
|
213
|
+
return cached;
|
|
214
|
+
}
|
|
215
|
+
const client = new SecretsManagerClient({
|
|
216
|
+
...this.clientConfig ?? {},
|
|
217
|
+
region
|
|
218
|
+
});
|
|
219
|
+
this.clientsByRegion.set(region, client);
|
|
220
|
+
return client;
|
|
221
|
+
}
|
|
222
|
+
parseReference(reference) {
|
|
223
|
+
const parsed = parseSecretUri(reference);
|
|
224
|
+
if (parsed.provider !== "aws") {
|
|
225
|
+
throw new SecretProviderError({
|
|
226
|
+
message: `Unsupported secret provider: ${parsed.provider}`,
|
|
227
|
+
provider: this.id,
|
|
228
|
+
reference,
|
|
229
|
+
code: "INVALID"
|
|
230
|
+
});
|
|
231
|
+
}
|
|
232
|
+
const segments = parsed.path.split("/").filter(Boolean);
|
|
233
|
+
if (segments.length < 3 || segments[0] !== "secretsmanager") {
|
|
234
|
+
throw new SecretProviderError({
|
|
235
|
+
message: "Expected secret reference format aws://secretsmanager/{region}/{secretIdOrArn}[?version=...]",
|
|
236
|
+
provider: this.id,
|
|
237
|
+
reference,
|
|
238
|
+
code: "INVALID"
|
|
239
|
+
});
|
|
240
|
+
}
|
|
241
|
+
const regionCandidate = segments[1];
|
|
242
|
+
const region = this.resolveRegion(regionCandidate);
|
|
243
|
+
const secretId = segments.slice(2).join("/");
|
|
244
|
+
if (!secretId) {
|
|
245
|
+
throw new SecretProviderError({
|
|
246
|
+
message: `Unable to resolve secret id from reference "${parsed.path}"`,
|
|
247
|
+
provider: this.id,
|
|
248
|
+
reference,
|
|
249
|
+
code: "INVALID"
|
|
250
|
+
});
|
|
251
|
+
}
|
|
252
|
+
return {
|
|
253
|
+
region,
|
|
254
|
+
secretId,
|
|
255
|
+
version: parsed.extras?.version,
|
|
256
|
+
stage: parsed.extras?.stage
|
|
257
|
+
};
|
|
258
|
+
}
|
|
259
|
+
resolveRegion(regionCandidate) {
|
|
260
|
+
const region = regionCandidate ?? this.explicitRegion ?? process.env.AWS_REGION ?? process.env.AWS_DEFAULT_REGION;
|
|
261
|
+
if (!region) {
|
|
262
|
+
throw new SecretProviderError({
|
|
263
|
+
message: "AWS region must be provided either in reference (aws://secretsmanager/{region}/...) or via AWS_REGION/AWS_DEFAULT_REGION.",
|
|
264
|
+
provider: this.id,
|
|
265
|
+
reference: "aws://secretsmanager//",
|
|
266
|
+
code: "INVALID"
|
|
267
|
+
});
|
|
268
|
+
}
|
|
269
|
+
return region;
|
|
270
|
+
}
|
|
271
|
+
buildVersionSelector(version) {
|
|
272
|
+
if (!version)
|
|
273
|
+
return {};
|
|
274
|
+
if (version === "latest" || version === "current") {
|
|
275
|
+
return { VersionStage: "AWSCURRENT" };
|
|
276
|
+
}
|
|
277
|
+
if (version.startsWith("AWS")) {
|
|
278
|
+
return { VersionStage: version };
|
|
279
|
+
}
|
|
280
|
+
return { VersionId: version };
|
|
281
|
+
}
|
|
282
|
+
buildReference(region, secretId, extras) {
|
|
283
|
+
const base = `aws://secretsmanager/${region}/${secretId}`;
|
|
284
|
+
const query = extras ? Object.entries(extras).filter(([, value]) => Boolean(value)).map(([key, value]) => `${encodeURIComponent(key)}=${encodeURIComponent(value)}`).join("&") : "";
|
|
285
|
+
return query ? `${base}?${query}` : base;
|
|
286
|
+
}
|
|
287
|
+
}
|
|
288
|
+
function extractAwsSecretBytes(result, reference, provider) {
|
|
289
|
+
if (!result || typeof result !== "object") {
|
|
290
|
+
throw new SecretProviderError({
|
|
291
|
+
message: "Invalid AWS Secrets Manager response",
|
|
292
|
+
provider,
|
|
293
|
+
reference,
|
|
294
|
+
code: "UNKNOWN",
|
|
295
|
+
cause: result
|
|
296
|
+
});
|
|
297
|
+
}
|
|
298
|
+
const record = result;
|
|
299
|
+
if (record.SecretBinary instanceof Uint8Array) {
|
|
300
|
+
return record.SecretBinary;
|
|
301
|
+
}
|
|
302
|
+
if (typeof record.SecretBinary === "string") {
|
|
303
|
+
return Buffer2.from(record.SecretBinary, "base64");
|
|
304
|
+
}
|
|
305
|
+
if (typeof record.SecretString === "string") {
|
|
306
|
+
return Buffer2.from(record.SecretString, "utf-8");
|
|
307
|
+
}
|
|
308
|
+
throw new SecretProviderError({
|
|
309
|
+
message: "AWS secret value is empty",
|
|
310
|
+
provider,
|
|
311
|
+
reference,
|
|
312
|
+
code: "NOT_FOUND",
|
|
313
|
+
cause: result
|
|
314
|
+
});
|
|
315
|
+
}
|
|
316
|
+
function looksLikeAwsArn(secretId) {
|
|
317
|
+
return secretId.startsWith("arn:aws:secretsmanager:");
|
|
318
|
+
}
|
|
319
|
+
function isAwsNotFound(error) {
|
|
320
|
+
if (!error || typeof error !== "object")
|
|
321
|
+
return false;
|
|
322
|
+
const err = error;
|
|
323
|
+
if (typeof err.$metadata?.httpStatusCode === "number") {
|
|
324
|
+
return err.$metadata.httpStatusCode === 404;
|
|
325
|
+
}
|
|
326
|
+
return err.name === "ResourceNotFoundException";
|
|
327
|
+
}
|
|
328
|
+
function toAwsSecretProviderError(params) {
|
|
329
|
+
const { error, provider, reference, operation } = params;
|
|
330
|
+
if (error instanceof SecretProviderError) {
|
|
331
|
+
return error;
|
|
332
|
+
}
|
|
333
|
+
const httpStatusCode = typeof error === "object" && error !== null && "$metadata" in error && typeof error.$metadata === "object" && error.$metadata?.httpStatusCode;
|
|
334
|
+
const code = httpStatusCode === 404 ? "NOT_FOUND" : httpStatusCode === 401 || httpStatusCode === 403 ? "FORBIDDEN" : httpStatusCode === 400 ? "INVALID" : "UNKNOWN";
|
|
335
|
+
const message = error instanceof Error ? error.message : `Unknown error during ${operation}`;
|
|
336
|
+
return new SecretProviderError({
|
|
337
|
+
message,
|
|
338
|
+
provider,
|
|
339
|
+
reference,
|
|
340
|
+
code,
|
|
341
|
+
cause: error
|
|
342
|
+
});
|
|
343
|
+
}
|
|
344
|
+
export {
|
|
345
|
+
AwsSecretsManagerProvider
|
|
346
|
+
};
|