@middy/secrets-manager 3.0.0-alpha.3 → 3.0.0-alpha.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +26 -16
- package/index.js +2 -78
- package/package.json +4 -4
package/README.md
CHANGED
|
@@ -1,26 +1,36 @@
|
|
|
1
|
-
# Middy secrets-manager middleware
|
|
2
|
-
|
|
3
|
-
<div align="center">
|
|
4
|
-
<img alt="Middy logo" src="https://raw.githubusercontent.com/middyjs/middy/main/docs/img/middy-logo.png"/>
|
|
5
|
-
</div>
|
|
6
|
-
|
|
7
1
|
<div align="center">
|
|
2
|
+
<h1>Middy secrets-manager middleware</h1>
|
|
3
|
+
<img alt="Middy logo" src="https://raw.githubusercontent.com/middyjs/middy/main/docs/img/middy-logo.svg"/>
|
|
8
4
|
<p><strong>Secrets Manager middleware for the middy framework, the stylish Node.js middleware engine for AWS Lambda</strong></p>
|
|
9
|
-
</div>
|
|
10
|
-
|
|
11
|
-
<div align="center">
|
|
12
5
|
<p>
|
|
13
|
-
<a href="
|
|
6
|
+
<a href="https://www.npmjs.com/package/@middy/secrets-manager?activeTab=versions">
|
|
14
7
|
<img src="https://badge.fury.io/js/%40middy%2Fsecrets-manager.svg" alt="npm version" style="max-width:100%;">
|
|
15
8
|
</a>
|
|
9
|
+
<a href="https://packagephobia.com/result?p=@middy/secrets-manager">
|
|
10
|
+
<img src="https://packagephobia.com/badge?p=@middy/secrets-manager" alt="npm install size" style="max-width:100%;">
|
|
11
|
+
</a>
|
|
12
|
+
<a href="https://github.com/middyjs/middy/actions">
|
|
13
|
+
<img src="https://github.com/middyjs/middy/workflows/Tests/badge.svg" alt="GitHub Actions test status badge" style="max-width:100%;">
|
|
14
|
+
</a>
|
|
15
|
+
<br/>
|
|
16
|
+
<a href="https://standardjs.com/">
|
|
17
|
+
<img src="https://img.shields.io/badge/code_style-standard-brightgreen.svg" alt="Standard Code Style" style="max-width:100%;">
|
|
18
|
+
</a>
|
|
16
19
|
<a href="https://snyk.io/test/github/middyjs/middy">
|
|
17
20
|
<img src="https://snyk.io/test/github/middyjs/middy/badge.svg" alt="Known Vulnerabilities" data-canonical-src="https://snyk.io/test/github/middyjs/middy" style="max-width:100%;">
|
|
18
21
|
</a>
|
|
19
|
-
<a href="https://
|
|
20
|
-
<img src="https://img.shields.io/
|
|
22
|
+
<a href="https://lgtm.com/projects/g/middyjs/middy/context:javascript">
|
|
23
|
+
<img src="https://img.shields.io/lgtm/grade/javascript/g/middyjs/middy.svg?logo=lgtm&logoWidth=18" alt="Language grade: JavaScript" style="max-width:100%;">
|
|
24
|
+
</a>
|
|
25
|
+
<a href="https://bestpractices.coreinfrastructure.org/projects/5280">
|
|
26
|
+
<img src="https://bestpractices.coreinfrastructure.org/projects/5280/badge" alt="Core Infrastructure Initiative (CII) Best Practices" style="max-width:100%;">
|
|
21
27
|
</a>
|
|
28
|
+
<br/>
|
|
22
29
|
<a href="https://gitter.im/middyjs/Lobby">
|
|
23
|
-
<img src="https://badges.gitter.im/gitterHQ/gitter.svg" alt="Chat on Gitter"
|
|
30
|
+
<img src="https://badges.gitter.im/gitterHQ/gitter.svg" alt="Chat on Gitter" style="max-width:100%;">
|
|
31
|
+
</a>
|
|
32
|
+
<a href="https://stackoverflow.com/questions/tagged/middy?sort=Newest&uqlId=35052">
|
|
33
|
+
<img src="https://img.shields.io/badge/StackOverflow-[middy]-yellow" alt="Ask questions on StackOverflow" style="max-width:100%;">
|
|
24
34
|
</a>
|
|
25
35
|
</p>
|
|
26
36
|
</div>
|
|
@@ -46,9 +56,9 @@ npm install --save @middy/secrets-manager
|
|
|
46
56
|
## Options
|
|
47
57
|
|
|
48
58
|
- `AwsClient` (object) (default `AWS.SecretsManager`): AWS.SecretsManager class constructor (e.g. that has been instrumented with AWS XRay). Must be from `aws-sdk` v2.
|
|
49
|
-
- `awsClientOptions` (object) (
|
|
50
|
-
- `awsClientAssumeRole` (string) (
|
|
51
|
-
- `awsClientCapture` (function) (
|
|
59
|
+
- `awsClientOptions` (object) (default `undefined`): Options to pass to AWS.SecretsManager class constructor.
|
|
60
|
+
- `awsClientAssumeRole` (string) (default `undefined`): Internal key where secrets are stored. See [@middy/sts](/packages/sts/README.md) on to set this.
|
|
61
|
+
- `awsClientCapture` (function) (default `undefined`): Enable XRay by passing `captureAWSClient` from `aws-xray-sdk` in.
|
|
52
62
|
- `fetchData` (object) (required): Mapping of internal key name to API request parameter `SecretId`.
|
|
53
63
|
- `disablePrefetch` (boolean) (default `false`): On cold start requests will trigger early if they can. Setting `awsClientAssumeRole` disables prefetch.
|
|
54
64
|
- `cacheKey` (string) (default `secrets-manager`): Cache key for the fetched data responses. Must be unique across all middleware.
|
package/index.js
CHANGED
|
@@ -1,79 +1,3 @@
|
|
|
1
|
-
import {
|
|
2
|
-
canPrefetch,
|
|
3
|
-
createPrefetchClient,
|
|
4
|
-
createClient,
|
|
5
|
-
getCache,
|
|
6
|
-
getInternal,
|
|
7
|
-
processCache,
|
|
8
|
-
modifyCache,
|
|
9
|
-
jsonSafeParse
|
|
10
|
-
} from '@middy/util'
|
|
11
|
-
import SecretsManager from 'aws-sdk/clients/secretsmanager.js' // v2
|
|
12
|
-
// import { SecretsManager } from '@aws-sdk/client-secrets-manager' // v3
|
|
1
|
+
import{canPrefetch,createPrefetchClient,createClient,getCache,getInternal,processCache,modifyCache,jsonSafeParse}from'@middy/util';import SecretsManager from'aws-sdk/clients/secretsmanager.js';const defaults={AwsClient:SecretsManager,awsClientOptions:{},awsClientAssumeRole:undefined,awsClientCapture:undefined,fetchData:{},disablePrefetch:false,cacheKey:'secrets-manager',cacheExpiry:-1,setToContext:false};const secretsManagerMiddleware=(opts={})=>{const options={...defaults,...opts};const fetch=(request,cachedValues={})=>{const values={};for(const internalKey of Object.keys(options.fetchData)){if(cachedValues[internalKey])continue;values[internalKey]=client.getSecretValue({SecretId:options.fetchData[internalKey]}).promise().then(resp=>jsonSafeParse(resp.SecretString)).catch(e=>{const value=getCache(options.cacheKey).value??{};value[internalKey]=undefined;modifyCache(options.cacheKey,value);throw e})}return values};let prefetch,client;if(canPrefetch(options)){client=createPrefetchClient(options);prefetch=processCache(options,fetch)}const secretsManagerMiddlewareBefore=async request=>{if(!client){client=await createClient(options,request)}const{value}=prefetch??processCache(options,fetch,request);Object.assign(request.internal,value);if(options.setToContext){const data=await getInternal(Object.keys(options.fetchData),request);Object.assign(request.context,data)}prefetch=null};return{before:secretsManagerMiddlewareBefore}};export default secretsManagerMiddleware
|
|
13
2
|
|
|
14
|
-
|
|
15
|
-
AwsClient: SecretsManager,
|
|
16
|
-
awsClientOptions: {},
|
|
17
|
-
awsClientAssumeRole: undefined,
|
|
18
|
-
awsClientCapture: undefined,
|
|
19
|
-
fetchData: {}, // If more than 2, consider writing own using ListSecrets
|
|
20
|
-
disablePrefetch: false,
|
|
21
|
-
cacheKey: 'secrets-manager',
|
|
22
|
-
cacheExpiry: -1,
|
|
23
|
-
setToContext: false
|
|
24
|
-
}
|
|
25
|
-
|
|
26
|
-
const secretsManagerMiddleware = (opts = {}) => {
|
|
27
|
-
const options = { ...defaults, ...opts }
|
|
28
|
-
|
|
29
|
-
const fetch = (request, cachedValues = {}) => {
|
|
30
|
-
const values = {}
|
|
31
|
-
|
|
32
|
-
// Multiple secrets can be requested in a single requests,
|
|
33
|
-
// however this is likely uncommon IRL, increases complexity to handle,
|
|
34
|
-
// and will require recursive promise resolution impacting performance.
|
|
35
|
-
// See https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/SecretsManager.html#listSecrets-property
|
|
36
|
-
for (const internalKey of Object.keys(options.fetchData)) {
|
|
37
|
-
if (cachedValues[internalKey]) continue
|
|
38
|
-
values[internalKey] = client
|
|
39
|
-
.getSecretValue({ SecretId: options.fetchData[internalKey] })
|
|
40
|
-
.promise() // Required for aws-sdk v2
|
|
41
|
-
.then((resp) => jsonSafeParse(resp.SecretString))
|
|
42
|
-
.catch((e) => {
|
|
43
|
-
const value = getCache(options.cacheKey).value ?? {}
|
|
44
|
-
value[internalKey] = undefined
|
|
45
|
-
modifyCache(options.cacheKey, value)
|
|
46
|
-
throw e
|
|
47
|
-
})
|
|
48
|
-
}
|
|
49
|
-
return values
|
|
50
|
-
}
|
|
51
|
-
|
|
52
|
-
let prefetch, client
|
|
53
|
-
if (canPrefetch(options)) {
|
|
54
|
-
client = createPrefetchClient(options)
|
|
55
|
-
prefetch = processCache(options, fetch)
|
|
56
|
-
}
|
|
57
|
-
|
|
58
|
-
const secretsManagerMiddlewareBefore = async (request) => {
|
|
59
|
-
if (!client) {
|
|
60
|
-
client = await createClient(options, request)
|
|
61
|
-
}
|
|
62
|
-
|
|
63
|
-
const { value } = prefetch ?? processCache(options, fetch, request)
|
|
64
|
-
|
|
65
|
-
Object.assign(request.internal, value)
|
|
66
|
-
|
|
67
|
-
if (options.setToContext) {
|
|
68
|
-
const data = await getInternal(Object.keys(options.fetchData), request)
|
|
69
|
-
Object.assign(request.context, data)
|
|
70
|
-
}
|
|
71
|
-
|
|
72
|
-
prefetch = null
|
|
73
|
-
}
|
|
74
|
-
|
|
75
|
-
return {
|
|
76
|
-
before: secretsManagerMiddlewareBefore
|
|
77
|
-
}
|
|
78
|
-
}
|
|
79
|
-
export default secretsManagerMiddleware
|
|
3
|
+
//# sourceMappingURL=index.js.map
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@middy/secrets-manager",
|
|
3
|
-
"version": "3.0.0-alpha.
|
|
3
|
+
"version": "3.0.0-alpha.7",
|
|
4
4
|
"description": "Secrets Manager middleware for the middy framework",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"engines": {
|
|
@@ -46,12 +46,12 @@
|
|
|
46
46
|
},
|
|
47
47
|
"homepage": "https://github.com/middyjs/middy#readme",
|
|
48
48
|
"dependencies": {
|
|
49
|
-
"@middy/util": "^3.0.0-alpha.
|
|
49
|
+
"@middy/util": "^3.0.0-alpha.7"
|
|
50
50
|
},
|
|
51
51
|
"devDependencies": {
|
|
52
|
-
"@middy/core": "^3.0.0-alpha.
|
|
52
|
+
"@middy/core": "^3.0.0-alpha.7",
|
|
53
53
|
"aws-sdk": "^2.939.0",
|
|
54
54
|
"aws-xray-sdk": "^3.3.3"
|
|
55
55
|
},
|
|
56
|
-
"gitHead": "
|
|
56
|
+
"gitHead": "5cef39ebe49c201f97d71bb0680004de4b82cb91"
|
|
57
57
|
}
|