npm - @middy/secrets-manager - Versions diffs - 5.0.0-alpha.0 → 5.0.0-alpha.1 - Mend

@middy/secrets-manager 5.0.0-alpha.0 → 5.0.0-alpha.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md CHANGED Viewed

@@ -19,8 +19,9 @@
   <a href="https://snyk.io/test/github/middyjs/middy">
     <img src="https://snyk.io/test/github/middyjs/middy/badge.svg" alt="Known Vulnerabilities" data-canonical-src="https://snyk.io/test/github/middyjs/middy" style="max-width:100%;">
   </a>
-  <a href="https://lgtm.com/projects/g/middyjs/middy/context:javascript">
-    <img src="https://img.shields.io/lgtm/grade/javascript/g/middyjs/middy.svg?logo=lgtm&logoWidth=18" alt="Language grade: JavaScript" style="max-width:100%;">
+  <a href="https://github.com/middyjs/middy/actions/workflows/sast.yml">
+    <img src="https://github.com/middyjs/middy/actions/workflows/sast.yml/badge.svg
+?branch=main&event=push" alt="CodeQL" style="max-width:100%;">
   </a>
   <a href="https://bestpractices.coreinfrastructure.org/projects/5280">
     <img src="https://bestpractices.coreinfrastructure.org/projects/5280/badge" alt="Core Infrastructure Initiative (CII) Best Practices"  style="max-width:100%;">

package/index.d.ts CHANGED Viewed

@@ -3,20 +3,41 @@ import { Options as MiddyOptions } from '@middy/util'
 import { Context as LambdaContext } from 'aws-lambda'
 import { SecretsManagerClient, SecretsManagerClientConfig } from '@aws-sdk/client-secrets-manager'
-interface Options<AwsSecretsManagerClient = SecretsManagerClient>
-  extends MiddyOptions<
+export type SecretType<T> = string & { __returnType?: T }
+export declare function secret<T> (path: string): SecretType<T>
+interface SecretsManagerOptions<AwsSecretsManagerClient = SecretsManagerClient>
+  extends Omit<MiddyOptions<
   AwsSecretsManagerClient,
   SecretsManagerClientConfig
-  > {}
-export type Context<TOptions extends Options | undefined> = TOptions extends {
-  setToContext: true
+  >, 'fetchData'> {
+  fetchData?: { [key: string]: string | SecretType<unknown> }
 }
-  ? LambdaContext & Record<keyof TOptions['fetchData'], any>
-  : LambdaContext
-declare function secretsManager<TOptions extends Options | undefined> (
+export type Context<TOptions extends SecretsManagerOptions | undefined> =
+  TOptions extends { setToContext: true }
+    ? TOptions extends { fetchData: infer TFetchData }
+      ? LambdaContext & {
+        [Key in keyof TFetchData]: TFetchData[Key] extends SecretType<infer T>
+          ? T
+          : unknown
+      }
+      : never
+    : LambdaContext
+export type Internal<TOptions extends SecretsManagerOptions | undefined> =
+    TOptions extends SecretsManagerOptions
+      ? TOptions extends { fetchData: infer TFetchData }
+        ? {
+            [Key in keyof TFetchData]: TFetchData[Key] extends SecretType<infer T>
+              ? T
+              : unknown
+          }
+        : {}
+      : {}
+declare function secretsManager<TOptions extends SecretsManagerOptions | undefined> (
   options?: TOptions
-): middy.MiddlewareObj<unknown, any, Error, Context<TOptions>>
+): middy.MiddlewareObj<unknown, any, Error, Context<TOptions>, Internal<TOptions>>
 export default secretsManager

package/index.js CHANGED Viewed

@@ -1,56 +1,115 @@
-import { canPrefetch, createPrefetchClient, createClient, getCache, getInternal, processCache, modifyCache, jsonSafeParse } from '@middy/util';
-import { SecretsManagerClient, GetSecretValueCommand } from '@aws-sdk/client-secrets-manager';
+import {
+  canPrefetch,
+  createPrefetchClient,
+  createClient,
+  getCache,
+  getInternal,
+  processCache,
+  modifyCache,
+  jsonSafeParse
+} from '@middy/util'
+import {
+  SecretsManagerClient,
+  DescribeSecretCommand,
+  GetSecretValueCommand
+} from '@aws-sdk/client-secrets-manager'
 const defaults = {
-    AwsClient: SecretsManagerClient,
-    awsClientOptions: {},
-    awsClientAssumeRole: undefined,
-    awsClientCapture: undefined,
-    fetchData: {},
-    disablePrefetch: false,
-    cacheKey: 'secrets-manager',
-    cacheExpiry: -1,
-    setToContext: false
-};
-const secretsManagerMiddleware = (opts = {})=>{
-    const options = {
-        ...defaults,
-        ...opts
-    };
-    const fetch = (request, cachedValues = {})=>{
-        const values = {};
-        for (const internalKey of Object.keys(options.fetchData)){
-            if (cachedValues[internalKey]) continue;
-            values[internalKey] = client.send(new GetSecretValueCommand({
-                SecretId: options.fetchData[internalKey]
-            })).then((resp)=>jsonSafeParse(resp.SecretString)).catch((e)=>{
-                const value = getCache(options.cacheKey).value ?? {};
-                value[internalKey] = undefined;
-                modifyCache(options.cacheKey, value);
-                throw e;
-            });
-        }
-        return values;
-    };
-    let prefetch, client;
-    if (canPrefetch(options)) {
-        client = createPrefetchClient(options);
-        prefetch = processCache(options, fetch);
+  AwsClient: SecretsManagerClient,
+  awsClientOptions: {},
+  awsClientAssumeRole: undefined,
+  awsClientCapture: undefined,
+  fetchData: {},
+  fetchRotationDate: false, // true: apply to all or {key: true} for individual
+  disablePrefetch: false,
+  cacheKey: 'secrets-manager',
+  cacheKeyExpiry: {},
+  cacheExpiry: -1, // ignored when fetchRotationRules is true/object
+  setToContext: false
+}
+const secretsManagerMiddleware = (opts = {}) => {
+  const options = { ...defaults, ...opts }
+  const fetch = (request, cachedValues = {}) => {
+    const values = {}
+    for (const internalKey of Object.keys(options.fetchData)) {
+      if (cachedValues[internalKey]) continue
+      values[internalKey] = Promise.resolve()
+        .then(() => {
+          if (
+            options.fetchRotationDate === true ||
+            options.fetchRotationDate?.[internalKey]
+          ) {
+            return client
+              .send(
+                new DescribeSecretCommand({
+                  SecretId: options.fetchData[internalKey]
+                })
+              )
+              .then((resp) => {
+                if (options.cacheExpiry < 0) {
+                  options.cacheKeyExpiry[internalKey] =
+                    resp.NextRotationDate * 1000
+                } else {
+                  options.cacheKeyExpiry[internalKey] = Math.min(
+                    Math.max(resp.LastRotationDate, resp.LastChangedDate) *
+                      1000 +
+                      options.cacheExpiry,
+                    resp.NextRotationDate * 1000
+                  )
+                }
+              })
+          }
+        })
+        .then(() =>
+          client.send(
+            new GetSecretValueCommand({
+              SecretId: options.fetchData[internalKey]
+            })
+          )
+        )
+        .then((resp) => jsonSafeParse(resp.SecretString))
+        .catch((e) => {
+          const value = getCache(options.cacheKey).value ?? {}
+          value[internalKey] = undefined
+          modifyCache(options.cacheKey, value)
+          throw e
+        })
     }
-    const secretsManagerMiddlewareBefore = async (request)=>{
-        if (!client) {
-            client = await createClient(options, request);
-        }
-        const { value  } = prefetch ?? processCache(options, fetch, request);
-        Object.assign(request.internal, value);
-        if (options.setToContext) {
-            const data = await getInternal(Object.keys(options.fetchData), request);
-            Object.assign(request.context, data);
-        }
-        prefetch = null;
-    };
-    return {
-        before: secretsManagerMiddlewareBefore
-    };
-};
-export default secretsManagerMiddleware;
+    return values
+  }
+  let client
+  if (canPrefetch(options)) {
+    client = createPrefetchClient(options)
+    processCache(options, fetch)
+  }
+  const secretsManagerMiddlewareBefore = async (request) => {
+    if (!client) {
+      client = await createClient(options, request)
+    }
+    const { value } = processCache(options, fetch, request)
+    Object.assign(request.internal, value)
+    if (options.setToContext) {
+      const data = await getInternal(Object.keys(options.fetchData), request)
+      Object.assign(request.context, data)
+    }
+  }
+  return {
+    before: secretsManagerMiddlewareBefore
+  }
+}
+export default secretsManagerMiddleware
+// used for TS type inference (see index.d.ts)
+export function secret (name) {
+  return name
+}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@middy/secrets-manager",
-  "version": "5.0.0-alpha.0",
+  "version": "5.0.0-alpha.1",
   "description": "Secrets Manager middleware for the middy framework",
   "type": "module",
   "engines": {
@@ -10,24 +10,18 @@
   "publishConfig": {
     "access": "public"
   },
-  "main": "./index.cjs",
   "module": "./index.js",
   "exports": {
     ".": {
       "import": {
         "types": "./index.d.ts",
         "default": "./index.js"
-      },
-      "require": {
-        "types": "./index.d.ts",
-        "default": "./index.cjs"
       }
     }
   },
   "types": "index.d.ts",
   "files": [
     "index.js",
-    "index.cjs",
     "index.d.ts"
   ],
   "scripts": {
@@ -64,13 +58,13 @@
     "url": "https://github.com/sponsors/willfarrell"
   },
   "dependencies": {
-    "@middy/util": "5.0.0-alpha.0"
+    "@middy/util": "5.0.0-alpha.1"
   },
   "devDependencies": {
     "@aws-sdk/client-secrets-manager": "^3.0.0",
-    "@middy/core": "5.0.0-alpha.0",
+    "@middy/core": "5.0.0-alpha.1",
     "@types/aws-lambda": "^8.10.101",
     "aws-xray-sdk": "^3.3.3"
   },
-  "gitHead": "08c35e3dba9efdad0b86666ce206ce302cc65d07"
+  "gitHead": "ebce8d5df8783077fa49ba62ee9be20e8486a7f1"
 }

package/index.cjs DELETED Viewed

@@ -1,64 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", {
-    value: true
-});
-Object.defineProperty(module, "exports", {
-    enumerable: true,
-    get: ()=>_default
-});
-const _util = require("@middy/util");
-const _clientSecretsManager = require("@aws-sdk/client-secrets-manager");
-const defaults = {
-    AwsClient: _clientSecretsManager.SecretsManagerClient,
-    awsClientOptions: {},
-    awsClientAssumeRole: undefined,
-    awsClientCapture: undefined,
-    fetchData: {},
-    disablePrefetch: false,
-    cacheKey: 'secrets-manager',
-    cacheExpiry: -1,
-    setToContext: false
-};
-const secretsManagerMiddleware = (opts = {})=>{
-    const options = {
-        ...defaults,
-        ...opts
-    };
-    const fetch = (request, cachedValues = {})=>{
-        const values = {};
-        for (const internalKey of Object.keys(options.fetchData)){
-            if (cachedValues[internalKey]) continue;
-            values[internalKey] = client.send(new _clientSecretsManager.GetSecretValueCommand({
-                SecretId: options.fetchData[internalKey]
-            })).then((resp)=>(0, _util.jsonSafeParse)(resp.SecretString)).catch((e)=>{
-                const value = (0, _util.getCache)(options.cacheKey).value ?? {};
-                value[internalKey] = undefined;
-                (0, _util.modifyCache)(options.cacheKey, value);
-                throw e;
-            });
-        }
-        return values;
-    };
-    let prefetch, client;
-    if ((0, _util.canPrefetch)(options)) {
-        client = (0, _util.createPrefetchClient)(options);
-        prefetch = (0, _util.processCache)(options, fetch);
-    }
-    const secretsManagerMiddlewareBefore = async (request)=>{
-        if (!client) {
-            client = await (0, _util.createClient)(options, request);
-        }
-        const { value  } = prefetch ?? (0, _util.processCache)(options, fetch, request);
-        Object.assign(request.internal, value);
-        if (options.setToContext) {
-            const data = await (0, _util.getInternal)(Object.keys(options.fetchData), request);
-            Object.assign(request.context, data);
-        }
-        prefetch = null;
-    };
-    return {
-        before: secretsManagerMiddlewareBefore
-    };
-};
-const _default = secretsManagerMiddleware;