@middy/secrets-manager 5.0.0-alpha.0 → 5.0.0-alpha.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -19,8 +19,9 @@
19
19
  <a href="https://snyk.io/test/github/middyjs/middy">
20
20
  <img src="https://snyk.io/test/github/middyjs/middy/badge.svg" alt="Known Vulnerabilities" data-canonical-src="https://snyk.io/test/github/middyjs/middy" style="max-width:100%;">
21
21
  </a>
22
- <a href="https://lgtm.com/projects/g/middyjs/middy/context:javascript">
23
- <img src="https://img.shields.io/lgtm/grade/javascript/g/middyjs/middy.svg?logo=lgtm&logoWidth=18" alt="Language grade: JavaScript" style="max-width:100%;">
22
+ <a href="https://github.com/middyjs/middy/actions/workflows/sast.yml">
23
+ <img src="https://github.com/middyjs/middy/actions/workflows/sast.yml/badge.svg
24
+ ?branch=main&event=push" alt="CodeQL" style="max-width:100%;">
24
25
  </a>
25
26
  <a href="https://bestpractices.coreinfrastructure.org/projects/5280">
26
27
  <img src="https://bestpractices.coreinfrastructure.org/projects/5280/badge" alt="Core Infrastructure Initiative (CII) Best Practices" style="max-width:100%;">
package/index.d.ts CHANGED
@@ -3,20 +3,41 @@ import { Options as MiddyOptions } from '@middy/util'
3
3
  import { Context as LambdaContext } from 'aws-lambda'
4
4
  import { SecretsManagerClient, SecretsManagerClientConfig } from '@aws-sdk/client-secrets-manager'
5
5
 
6
- interface Options<AwsSecretsManagerClient = SecretsManagerClient>
7
- extends MiddyOptions<
6
+ export type SecretType<T> = string & { __returnType?: T }
7
+ export declare function secret<T> (path: string): SecretType<T>
8
+
9
+ interface SecretsManagerOptions<AwsSecretsManagerClient = SecretsManagerClient>
10
+ extends Omit<MiddyOptions<
8
11
  AwsSecretsManagerClient,
9
12
  SecretsManagerClientConfig
10
- > {}
11
-
12
- export type Context<TOptions extends Options | undefined> = TOptions extends {
13
- setToContext: true
13
+ >, 'fetchData'> {
14
+ fetchData?: { [key: string]: string | SecretType<unknown> }
14
15
  }
15
- ? LambdaContext & Record<keyof TOptions['fetchData'], any>
16
- : LambdaContext
17
16
 
18
- declare function secretsManager<TOptions extends Options | undefined> (
17
+ export type Context<TOptions extends SecretsManagerOptions | undefined> =
18
+ TOptions extends { setToContext: true }
19
+ ? TOptions extends { fetchData: infer TFetchData }
20
+ ? LambdaContext & {
21
+ [Key in keyof TFetchData]: TFetchData[Key] extends SecretType<infer T>
22
+ ? T
23
+ : unknown
24
+ }
25
+ : never
26
+ : LambdaContext
27
+
28
+ export type Internal<TOptions extends SecretsManagerOptions | undefined> =
29
+ TOptions extends SecretsManagerOptions
30
+ ? TOptions extends { fetchData: infer TFetchData }
31
+ ? {
32
+ [Key in keyof TFetchData]: TFetchData[Key] extends SecretType<infer T>
33
+ ? T
34
+ : unknown
35
+ }
36
+ : {}
37
+ : {}
38
+
39
+ declare function secretsManager<TOptions extends SecretsManagerOptions | undefined> (
19
40
  options?: TOptions
20
- ): middy.MiddlewareObj<unknown, any, Error, Context<TOptions>>
41
+ ): middy.MiddlewareObj<unknown, any, Error, Context<TOptions>, Internal<TOptions>>
21
42
 
22
43
  export default secretsManager
package/index.js CHANGED
@@ -1,13 +1,15 @@
1
1
  import { canPrefetch, createPrefetchClient, createClient, getCache, getInternal, processCache, modifyCache, jsonSafeParse } from '@middy/util';
2
- import { SecretsManagerClient, GetSecretValueCommand } from '@aws-sdk/client-secrets-manager';
2
+ import { SecretsManagerClient, DescribeSecretCommand, GetSecretValueCommand } from '@aws-sdk/client-secrets-manager';
3
3
  const defaults = {
4
4
  AwsClient: SecretsManagerClient,
5
5
  awsClientOptions: {},
6
6
  awsClientAssumeRole: undefined,
7
7
  awsClientCapture: undefined,
8
8
  fetchData: {},
9
+ fetchRotationDate: false,
9
10
  disablePrefetch: false,
10
11
  cacheKey: 'secrets-manager',
12
+ cacheKeyExpiry: {},
11
13
  cacheExpiry: -1,
12
14
  setToContext: false
13
15
  };
@@ -20,9 +22,21 @@ const secretsManagerMiddleware = (opts = {})=>{
20
22
  const values = {};
21
23
  for (const internalKey of Object.keys(options.fetchData)){
22
24
  if (cachedValues[internalKey]) continue;
23
- values[internalKey] = client.send(new GetSecretValueCommand({
24
- SecretId: options.fetchData[internalKey]
25
- })).then((resp)=>jsonSafeParse(resp.SecretString)).catch((e)=>{
25
+ values[internalKey] = Promise.resolve().then(()=>{
26
+ if (options.fetchRotationDate === true || options.fetchRotationDate?.[internalKey]) {
27
+ return client.send(new DescribeSecretCommand({
28
+ SecretId: options.fetchData[internalKey]
29
+ })).then((resp)=>{
30
+ if (options.cacheExpiry < 0) {
31
+ options.cacheKeyExpiry[internalKey] = resp.NextRotationDate * 1000;
32
+ } else {
33
+ options.cacheKeyExpiry[internalKey] = Math.min(Math.max(resp.LastRotationDate, resp.LastChangedDate) * 1000 + options.cacheExpiry, resp.NextRotationDate * 1000);
34
+ }
35
+ });
36
+ }
37
+ }).then(()=>client.send(new GetSecretValueCommand({
38
+ SecretId: options.fetchData[internalKey]
39
+ }))).then((resp)=>jsonSafeParse(resp.SecretString)).catch((e)=>{
26
40
  const value = getCache(options.cacheKey).value ?? {};
27
41
  value[internalKey] = undefined;
28
42
  modifyCache(options.cacheKey, value);
@@ -31,26 +45,29 @@ const secretsManagerMiddleware = (opts = {})=>{
31
45
  }
32
46
  return values;
33
47
  };
34
- let prefetch, client;
48
+ let client;
35
49
  if (canPrefetch(options)) {
36
50
  client = createPrefetchClient(options);
37
- prefetch = processCache(options, fetch);
51
+ processCache(options, fetch);
38
52
  }
39
53
  const secretsManagerMiddlewareBefore = async (request)=>{
40
54
  if (!client) {
41
55
  client = await createClient(options, request);
42
56
  }
43
- const { value } = prefetch ?? processCache(options, fetch, request);
57
+ const { value } = processCache(options, fetch, request);
44
58
  Object.assign(request.internal, value);
45
59
  if (options.setToContext) {
46
60
  const data = await getInternal(Object.keys(options.fetchData), request);
47
61
  Object.assign(request.context, data);
48
62
  }
49
- prefetch = null;
50
63
  };
51
64
  return {
52
65
  before: secretsManagerMiddlewareBefore
53
66
  };
54
67
  };
55
68
  export default secretsManagerMiddleware;
69
+ // used for TS type inference (see index.d.ts)
70
+ export function secret(name) {
71
+ return name;
72
+ }
56
73
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@middy/secrets-manager",
3
- "version": "5.0.0-alpha.0",
3
+ "version": "5.0.0-alpha.2",
4
4
  "description": "Secrets Manager middleware for the middy framework",
5
5
  "type": "module",
6
6
  "engines": {
@@ -10,24 +10,18 @@
10
10
  "publishConfig": {
11
11
  "access": "public"
12
12
  },
13
- "main": "./index.cjs",
14
13
  "module": "./index.js",
15
14
  "exports": {
16
15
  ".": {
17
16
  "import": {
18
17
  "types": "./index.d.ts",
19
18
  "default": "./index.js"
20
- },
21
- "require": {
22
- "types": "./index.d.ts",
23
- "default": "./index.cjs"
24
19
  }
25
20
  }
26
21
  },
27
22
  "types": "index.d.ts",
28
23
  "files": [
29
24
  "index.js",
30
- "index.cjs",
31
25
  "index.d.ts"
32
26
  ],
33
27
  "scripts": {
@@ -64,13 +58,13 @@
64
58
  "url": "https://github.com/sponsors/willfarrell"
65
59
  },
66
60
  "dependencies": {
67
- "@middy/util": "5.0.0-alpha.0"
61
+ "@middy/util": "5.0.0-alpha.2"
68
62
  },
69
63
  "devDependencies": {
70
64
  "@aws-sdk/client-secrets-manager": "^3.0.0",
71
- "@middy/core": "5.0.0-alpha.0",
65
+ "@middy/core": "5.0.0-alpha.2",
72
66
  "@types/aws-lambda": "^8.10.101",
73
67
  "aws-xray-sdk": "^3.3.3"
74
68
  },
75
- "gitHead": "08c35e3dba9efdad0b86666ce206ce302cc65d07"
69
+ "gitHead": "ebce8d5df8783077fa49ba62ee9be20e8486a7f1"
76
70
  }
package/index.cjs DELETED
@@ -1,64 +0,0 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", {
3
- value: true
4
- });
5
- Object.defineProperty(module, "exports", {
6
- enumerable: true,
7
- get: ()=>_default
8
- });
9
- const _util = require("@middy/util");
10
- const _clientSecretsManager = require("@aws-sdk/client-secrets-manager");
11
- const defaults = {
12
- AwsClient: _clientSecretsManager.SecretsManagerClient,
13
- awsClientOptions: {},
14
- awsClientAssumeRole: undefined,
15
- awsClientCapture: undefined,
16
- fetchData: {},
17
- disablePrefetch: false,
18
- cacheKey: 'secrets-manager',
19
- cacheExpiry: -1,
20
- setToContext: false
21
- };
22
- const secretsManagerMiddleware = (opts = {})=>{
23
- const options = {
24
- ...defaults,
25
- ...opts
26
- };
27
- const fetch = (request, cachedValues = {})=>{
28
- const values = {};
29
- for (const internalKey of Object.keys(options.fetchData)){
30
- if (cachedValues[internalKey]) continue;
31
- values[internalKey] = client.send(new _clientSecretsManager.GetSecretValueCommand({
32
- SecretId: options.fetchData[internalKey]
33
- })).then((resp)=>(0, _util.jsonSafeParse)(resp.SecretString)).catch((e)=>{
34
- const value = (0, _util.getCache)(options.cacheKey).value ?? {};
35
- value[internalKey] = undefined;
36
- (0, _util.modifyCache)(options.cacheKey, value);
37
- throw e;
38
- });
39
- }
40
- return values;
41
- };
42
- let prefetch, client;
43
- if ((0, _util.canPrefetch)(options)) {
44
- client = (0, _util.createPrefetchClient)(options);
45
- prefetch = (0, _util.processCache)(options, fetch);
46
- }
47
- const secretsManagerMiddlewareBefore = async (request)=>{
48
- if (!client) {
49
- client = await (0, _util.createClient)(options, request);
50
- }
51
- const { value } = prefetch ?? (0, _util.processCache)(options, fetch, request);
52
- Object.assign(request.internal, value);
53
- if (options.setToContext) {
54
- const data = await (0, _util.getInternal)(Object.keys(options.fetchData), request);
55
- Object.assign(request.context, data);
56
- }
57
- prefetch = null;
58
- };
59
- return {
60
- before: secretsManagerMiddlewareBefore
61
- };
62
- };
63
- const _default = secretsManagerMiddleware;
64
-