@itentialopensource/adapter-utils 5.10.18 → 5.10.20
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/authenticationHandler.js +24 -1
- package/lib/propertyUtil.js +37 -15
- package/package.json +1 -1
- package/schemas/propertiesSchema.json +10 -5
|
@@ -282,7 +282,30 @@ class AuthenticationHandler {
|
|
|
282
282
|
}
|
|
283
283
|
|
|
284
284
|
// set up data for first assume role call
|
|
285
|
-
|
|
285
|
+
let stsConfigObj;
|
|
286
|
+
|
|
287
|
+
// Add optional config items (ssl, endpoint, proxy)
|
|
288
|
+
if (this.allProps.authentication.aws_sts && this.allProps.authentication.aws_sts.use_proxy_for_initial_auth === true) {
|
|
289
|
+
stsConfigObj = {};
|
|
290
|
+
// Use AWS STS-specific region if available, otherwise fall back to global region
|
|
291
|
+
stsConfigObj.region = this.allProps.authentication.aws_sts.region || this.allProps.region;
|
|
292
|
+
if (this.allProps.authentication.aws_sts.sslEnable === false) {
|
|
293
|
+
stsConfigObj.sslEnabled = false;
|
|
294
|
+
}
|
|
295
|
+
if (this.allProps.authentication.aws_sts.endpoint) {
|
|
296
|
+
stsConfigObj.endpoint = this.allProps.authentication.aws_sts.endpoint;
|
|
297
|
+
}
|
|
298
|
+
if (this.allProps.authentication.aws_sts.proxy) {
|
|
299
|
+
stsConfigObj.httpOptions = {
|
|
300
|
+
proxy: this.allProps.authentication.aws_sts.proxy
|
|
301
|
+
};
|
|
302
|
+
if (this.allProps.authentication.aws_sts.proxyagent) {
|
|
303
|
+
stsConfigObj.httpOptions.agent = this.allProps.authentication.aws_sts.proxyagent;
|
|
304
|
+
}
|
|
305
|
+
}
|
|
306
|
+
}
|
|
307
|
+
|
|
308
|
+
const stsrole = stsConfigObj ? new AWS.STS(stsConfigObj) : new AWS.STS();
|
|
286
309
|
const stsData = {
|
|
287
310
|
RoleArn: myRole,
|
|
288
311
|
RoleSessionName: mySess,
|
package/lib/propertyUtil.js
CHANGED
|
@@ -1149,6 +1149,11 @@ class AdapterPropertyUtil {
|
|
|
1149
1149
|
const origin = `${this.myid}-propertyUtil-scrubSensitiveInfo`;
|
|
1150
1150
|
log.trace(origin);
|
|
1151
1151
|
|
|
1152
|
+
// If too much to check, performance becomes an issue
|
|
1153
|
+
const maxStringSize = 50000;
|
|
1154
|
+
const maxArraySize = 1000;
|
|
1155
|
+
const maxObjectSize = 500;
|
|
1156
|
+
|
|
1152
1157
|
// no reason to scan numbers, booleans or functions
|
|
1153
1158
|
if (!inData || typeof inData === 'number' || typeof inData === 'boolean' || typeof inData === 'function') {
|
|
1154
1159
|
return inData;
|
|
@@ -1167,6 +1172,12 @@ class AdapterPropertyUtil {
|
|
|
1167
1172
|
|
|
1168
1173
|
// if we are scrubbbing a string (e.g. URL)
|
|
1169
1174
|
if (typeof actualData === 'string') {
|
|
1175
|
+
// if the string of data is too large we can not do a deep dive due to time it might take
|
|
1176
|
+
if (actualData.length > maxStringSize) {
|
|
1177
|
+
log.debug(`${origin}: Masking entire string, too large (${actualData.length}) to search effectively`);
|
|
1178
|
+
return '** masked **';
|
|
1179
|
+
}
|
|
1180
|
+
|
|
1170
1181
|
// if it is a Stringified JSON
|
|
1171
1182
|
try {
|
|
1172
1183
|
// need to see if it is stringified JSON
|
|
@@ -1231,16 +1242,14 @@ class AdapterPropertyUtil {
|
|
|
1231
1242
|
|
|
1232
1243
|
// want to make a copy and not alter the original object or array
|
|
1233
1244
|
const retData = JSON.parse(JSON.stringify(actualData));
|
|
1234
|
-
if (retData && typeof retData.response === 'string') {
|
|
1235
|
-
try {
|
|
1236
|
-
const parsed = JSON.parse(retData.response);
|
|
1237
|
-
retData.response = parsed;
|
|
1238
|
-
} catch (e) {
|
|
1239
|
-
// ignore parse error
|
|
1240
|
-
}
|
|
1241
|
-
}
|
|
1242
1245
|
// if we are scrubbing an array
|
|
1243
1246
|
if (Array.isArray(retData)) {
|
|
1247
|
+
// if the array of data is too large we can not do a deep dive due to time it might take
|
|
1248
|
+
if (retData.length > maxArraySize) {
|
|
1249
|
+
log.debug(`${origin}: Masking entire array, too large (${retData.length}) to search effectively`);
|
|
1250
|
+
return '** masked **';
|
|
1251
|
+
}
|
|
1252
|
+
|
|
1244
1253
|
// need to go through each item in the array
|
|
1245
1254
|
for (let i = 0; i < retData.length; i += 1) {
|
|
1246
1255
|
retData[i] = this.scrubSensitiveInfo(retData[i], addItems);
|
|
@@ -1252,17 +1261,30 @@ class AdapterPropertyUtil {
|
|
|
1252
1261
|
|
|
1253
1262
|
// if we are scrubbing an object (or string that has been parsed)
|
|
1254
1263
|
if (typeof retData === 'object') {
|
|
1264
|
+
const objectKeys = Object.keys(retData);
|
|
1265
|
+
// if the object of data is too large we can not do a deep dive due to time it might take
|
|
1266
|
+
if (objectKeys.length > maxObjectSize) {
|
|
1267
|
+
log.debug(`${origin}: Masking entire object, too large (${objectKeys.length}) to search effectively`);
|
|
1268
|
+
return '** masked **';
|
|
1269
|
+
}
|
|
1270
|
+
|
|
1255
1271
|
// go through each item in the object
|
|
1256
|
-
|
|
1272
|
+
objectKeys.forEach((key) => {
|
|
1257
1273
|
// go deep through an object with recursive call
|
|
1258
1274
|
if (typeof retData[key] === 'object') {
|
|
1259
1275
|
if (Array.isArray(retData[key])) {
|
|
1260
|
-
//
|
|
1261
|
-
|
|
1262
|
-
|
|
1263
|
-
|
|
1264
|
-
|
|
1265
|
-
|
|
1276
|
+
// if the array of data is too large we can not do a deep dive due to time it might take
|
|
1277
|
+
if (retData[key].length > maxArraySize) {
|
|
1278
|
+
log.debug(`${origin}: Masking entire array, too large (${retData[key].length}) to search effectively`);
|
|
1279
|
+
retData[key] = '** masked **';
|
|
1280
|
+
} else {
|
|
1281
|
+
// Handle arrays that may contain sensitive info
|
|
1282
|
+
for (let k = 0; k < retData[key].length; k += 1) {
|
|
1283
|
+
if (sensList.includes(key.toLowerCase())) {
|
|
1284
|
+
retData[key][k] = '** masked **';
|
|
1285
|
+
} else {
|
|
1286
|
+
retData[key][k] = this.scrubSensitiveInfo(retData[key][k], addItems);
|
|
1287
|
+
}
|
|
1266
1288
|
}
|
|
1267
1289
|
}
|
|
1268
1290
|
} else {
|
package/package.json
CHANGED
|
@@ -96,10 +96,10 @@
|
|
|
96
96
|
"https"
|
|
97
97
|
]
|
|
98
98
|
},
|
|
99
|
-
"service"
|
|
100
|
-
"type"
|
|
99
|
+
"service": {
|
|
100
|
+
"type": "string",
|
|
101
101
|
"description": "Service we are integrating with -- used with AWS Authentication",
|
|
102
|
-
"examples"
|
|
102
|
+
"examples": [
|
|
103
103
|
"ec2",
|
|
104
104
|
"route53"
|
|
105
105
|
]
|
|
@@ -344,7 +344,7 @@
|
|
|
344
344
|
"responseFields": {
|
|
345
345
|
"type": "object",
|
|
346
346
|
"description": "The fields from the step result"
|
|
347
|
-
|
|
347
|
+
},
|
|
348
348
|
"successfullResponseCode": {
|
|
349
349
|
"type": "integer",
|
|
350
350
|
"description": "Expected response code for given step, if not set any successfull http response is accepted",
|
|
@@ -429,6 +429,11 @@
|
|
|
429
429
|
"https",
|
|
430
430
|
"http"
|
|
431
431
|
]
|
|
432
|
+
},
|
|
433
|
+
"use_proxy_for_initial_auth": {
|
|
434
|
+
"type": "boolean",
|
|
435
|
+
"description": "When true, use proxy for initial authentication requests",
|
|
436
|
+
"default": false
|
|
432
437
|
}
|
|
433
438
|
}
|
|
434
439
|
}
|
|
@@ -1753,4 +1758,4 @@
|
|
|
1753
1758
|
}
|
|
1754
1759
|
}
|
|
1755
1760
|
}
|
|
1756
|
-
}
|
|
1761
|
+
}
|