@cumulus/common 10.1.2 → 11.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/key-pair-provider.d.ts +5 -0
- package/key-pair-provider.js +35 -17
- package/package.json +8 -5
- package/util.d.ts +1 -1
package/key-pair-provider.d.ts
CHANGED
|
@@ -2,7 +2,12 @@
|
|
|
2
2
|
* Provides encryption and decryption methods with a consistent API but
|
|
3
3
|
* differing mechanisms for dealing with encryption keys.
|
|
4
4
|
*/
|
|
5
|
+
import { Readable } from 'stream';
|
|
6
|
+
import { S3 } from '@aws-sdk/client-s3';
|
|
5
7
|
export { KMS } from './kms';
|
|
8
|
+
export declare const buildS3Client: () => S3;
|
|
9
|
+
export declare const getObjectStreamContents: (objectReadStream: Readable) => Promise<string>;
|
|
10
|
+
export declare const retrieveKey: (keyId: string, bucket?: string | undefined, stack?: string | undefined) => Promise<string | undefined>;
|
|
6
11
|
/**
|
|
7
12
|
* Provides encryption and decryption methods using a keypair stored in S3
|
|
8
13
|
*/
|
package/key-pair-provider.js
CHANGED
|
@@ -7,10 +7,10 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
7
7
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
8
8
|
};
|
|
9
9
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
10
|
-
exports.DefaultProvider = exports.S3KeyPairProvider = exports.KMS = void 0;
|
|
11
|
-
const noop_1 = __importDefault(require("lodash/noop"));
|
|
12
|
-
const aws_sdk_1 = __importDefault(require("aws-sdk"));
|
|
10
|
+
exports.DefaultProvider = exports.S3KeyPairProvider = exports.retrieveKey = exports.getObjectStreamContents = exports.buildS3Client = exports.KMS = void 0;
|
|
13
11
|
const node_forge_1 = __importDefault(require("node-forge"));
|
|
12
|
+
const stream_1 = require("stream");
|
|
13
|
+
const client_s3_1 = require("@aws-sdk/client-s3");
|
|
14
14
|
const util_1 = require("./util");
|
|
15
15
|
const test_utils_1 = require("./test-utils");
|
|
16
16
|
var kms_1 = require("./kms");
|
|
@@ -27,30 +27,47 @@ const getLocalStackHost = () => {
|
|
|
27
27
|
const buildS3Client = () => {
|
|
28
28
|
var _a;
|
|
29
29
|
const region = (_a = process.env.AWS_DEFAULT_REGION) !== null && _a !== void 0 ? _a : 'us-east-1';
|
|
30
|
-
aws_sdk_1.default.config.update({ region });
|
|
31
|
-
// Workaround upload hangs. See: https://github.com/andrewrk/node-s3-client/issues/74'
|
|
32
|
-
// @ts-expect-error
|
|
33
|
-
aws_sdk_1.default.util.update(aws_sdk_1.default.S3.prototype, { addExpect100Continue: noop_1.default });
|
|
34
|
-
aws_sdk_1.default.config.setPromisesDependency(Promise);
|
|
35
30
|
const options = {
|
|
36
31
|
apiVersion: '2006-03-01',
|
|
32
|
+
region,
|
|
37
33
|
};
|
|
38
34
|
if ((0, test_utils_1.inTestMode)()) {
|
|
39
|
-
options.accessKeyId = 'my-access-key-id';
|
|
40
35
|
options.endpoint = `http://${getLocalStackHost()}:4566`;
|
|
41
36
|
options.region = 'us-east-1';
|
|
42
|
-
options.
|
|
43
|
-
options.
|
|
37
|
+
options.forcePathStyle = true;
|
|
38
|
+
options.credentials = {
|
|
39
|
+
accessKeyId: 'my-access-key-id',
|
|
40
|
+
secretAccessKey: 'my-secret-access-key',
|
|
41
|
+
};
|
|
44
42
|
}
|
|
45
|
-
return new
|
|
43
|
+
return new client_s3_1.S3(options);
|
|
46
44
|
};
|
|
45
|
+
exports.buildS3Client = buildS3Client;
|
|
46
|
+
const getObjectStreamContents = (objectReadStream) => new Promise((resolve, reject) => {
|
|
47
|
+
try {
|
|
48
|
+
const responseDataChunks = [];
|
|
49
|
+
objectReadStream.once('error', (error) => reject(error));
|
|
50
|
+
objectReadStream.on('data', (chunk) => responseDataChunks.push(chunk));
|
|
51
|
+
// Once the stream has no more data, join the chunks into a string and
|
|
52
|
+
// return the string
|
|
53
|
+
objectReadStream.once('end', () => resolve(responseDataChunks.join('')));
|
|
54
|
+
}
|
|
55
|
+
catch (error) {
|
|
56
|
+
reject(error);
|
|
57
|
+
}
|
|
58
|
+
});
|
|
59
|
+
exports.getObjectStreamContents = getObjectStreamContents;
|
|
47
60
|
const getTextObject = async (bucket, key) => {
|
|
48
|
-
const s3 = buildS3Client();
|
|
61
|
+
const s3 = (0, exports.buildS3Client)();
|
|
49
62
|
const { Body } = await s3.getObject({
|
|
50
63
|
Bucket: bucket,
|
|
51
64
|
Key: key,
|
|
52
|
-
})
|
|
53
|
-
|
|
65
|
+
});
|
|
66
|
+
let data;
|
|
67
|
+
if (Body && Body instanceof stream_1.Readable) {
|
|
68
|
+
data = await (0, exports.getObjectStreamContents)(Body);
|
|
69
|
+
}
|
|
70
|
+
return data;
|
|
54
71
|
};
|
|
55
72
|
const retrieveKey = async (keyId, bucket = process.env.system_bucket, stack = process.env.stackName) => {
|
|
56
73
|
if (!bucket) {
|
|
@@ -67,6 +84,7 @@ const retrieveKey = async (keyId, bucket = process.env.system_bucket, stack = pr
|
|
|
67
84
|
throw new Error(`Failed to retrieve S3KeyPair key from s3://${bucket}/${key}: ${error.message}`);
|
|
68
85
|
}
|
|
69
86
|
};
|
|
87
|
+
exports.retrieveKey = retrieveKey;
|
|
70
88
|
/**
|
|
71
89
|
* Provides encryption and decryption methods using a keypair stored in S3
|
|
72
90
|
*/
|
|
@@ -86,7 +104,7 @@ class S3KeyPairProvider {
|
|
|
86
104
|
(0, util_1.deprecate)('@cumulus/common/key-pair-provider', '1.17.0', '@cumulus/aws-client/KMS.encrypt');
|
|
87
105
|
// Download the publickey
|
|
88
106
|
const pki = node_forge_1.default.pki;
|
|
89
|
-
const pub = await retrieveKey(keyId, bucket, stack);
|
|
107
|
+
const pub = await (0, exports.retrieveKey)(keyId, bucket, stack);
|
|
90
108
|
if (!pub) {
|
|
91
109
|
throw new Error('Unable to retrieve public key');
|
|
92
110
|
}
|
|
@@ -107,7 +125,7 @@ class S3KeyPairProvider {
|
|
|
107
125
|
static async decrypt(str, keyId = 'private.pem', bucket, stack) {
|
|
108
126
|
(0, util_1.deprecate)('@cumulus/common/key-pair-provider', '1.17.0', '@cumulus/aws-client/KMS.decryptBase64String');
|
|
109
127
|
const pki = node_forge_1.default.pki;
|
|
110
|
-
const priv = await retrieveKey(keyId, bucket, stack);
|
|
128
|
+
const priv = await (0, exports.retrieveKey)(keyId, bucket, stack);
|
|
111
129
|
if (!priv) {
|
|
112
130
|
throw new Error('Unable to retrieve private key');
|
|
113
131
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@cumulus/common",
|
|
3
|
-
"version": "
|
|
3
|
+
"version": "11.1.1",
|
|
4
4
|
"description": "Common utilities used across tasks",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"GIBS",
|
|
@@ -41,8 +41,11 @@
|
|
|
41
41
|
"author": "Cumulus Authors",
|
|
42
42
|
"license": "Apache-2.0",
|
|
43
43
|
"dependencies": {
|
|
44
|
-
"@
|
|
45
|
-
"@
|
|
44
|
+
"@aws-sdk/client-s3": "^3.53.0",
|
|
45
|
+
"@aws-sdk/signature-v4-crt": "^3.53.0",
|
|
46
|
+
"@cumulus/aws-client": "11.1.1",
|
|
47
|
+
"@cumulus/errors": "11.1.1",
|
|
48
|
+
"@cumulus/logger": "11.1.1",
|
|
46
49
|
"ajv": "^6.12.3",
|
|
47
50
|
"aws-sdk": "^2.585.0",
|
|
48
51
|
"follow-redirects": "^1.2.4",
|
|
@@ -50,7 +53,7 @@
|
|
|
50
53
|
"is-ip": "^3.1.0",
|
|
51
54
|
"jsonpath-plus": "^3.0.0",
|
|
52
55
|
"lodash": "^4.17.21",
|
|
53
|
-
"node-forge": "^1.
|
|
56
|
+
"node-forge": "^1.3.0",
|
|
54
57
|
"p-limit": "^2.0.0",
|
|
55
58
|
"p-map": "^1.2.0",
|
|
56
59
|
"p-retry": "^4.2.0",
|
|
@@ -64,5 +67,5 @@
|
|
|
64
67
|
"@types/node-forge": "^0.9.5",
|
|
65
68
|
"@types/url-join": "^4.0.0"
|
|
66
69
|
},
|
|
67
|
-
"gitHead": "
|
|
70
|
+
"gitHead": "07fe682da23821434372759fb1948b081da429b5"
|
|
68
71
|
}
|
package/util.d.ts
CHANGED
|
@@ -27,7 +27,7 @@ export declare const deprecate: (name: string, version: string, alternative?: st
|
|
|
27
27
|
*
|
|
28
28
|
* @alias module:util
|
|
29
29
|
*/
|
|
30
|
-
export declare const removeNilProperties: <T extends object>(obj: T) =>
|
|
30
|
+
export declare const removeNilProperties: <T extends object>(obj: T) => T;
|
|
31
31
|
/**
|
|
32
32
|
* Test if a value is included in a list of items
|
|
33
33
|
*
|