@middy/secrets-manager 5.0.0-alpha.0 → 5.0.0-alpha.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -2
- package/index.d.ts +31 -10
- package/index.js +25 -8
- package/package.json +4 -10
- package/index.cjs +0 -64
package/README.md
CHANGED
|
@@ -19,8 +19,9 @@
|
|
|
19
19
|
<a href="https://snyk.io/test/github/middyjs/middy">
|
|
20
20
|
<img src="https://snyk.io/test/github/middyjs/middy/badge.svg" alt="Known Vulnerabilities" data-canonical-src="https://snyk.io/test/github/middyjs/middy" style="max-width:100%;">
|
|
21
21
|
</a>
|
|
22
|
-
<a href="https://
|
|
23
|
-
<img src="https://
|
|
22
|
+
<a href="https://github.com/middyjs/middy/actions/workflows/sast.yml">
|
|
23
|
+
<img src="https://github.com/middyjs/middy/actions/workflows/sast.yml/badge.svg
|
|
24
|
+
?branch=main&event=push" alt="CodeQL" style="max-width:100%;">
|
|
24
25
|
</a>
|
|
25
26
|
<a href="https://bestpractices.coreinfrastructure.org/projects/5280">
|
|
26
27
|
<img src="https://bestpractices.coreinfrastructure.org/projects/5280/badge" alt="Core Infrastructure Initiative (CII) Best Practices" style="max-width:100%;">
|
package/index.d.ts
CHANGED
|
@@ -3,20 +3,41 @@ import { Options as MiddyOptions } from '@middy/util'
|
|
|
3
3
|
import { Context as LambdaContext } from 'aws-lambda'
|
|
4
4
|
import { SecretsManagerClient, SecretsManagerClientConfig } from '@aws-sdk/client-secrets-manager'
|
|
5
5
|
|
|
6
|
-
|
|
7
|
-
|
|
6
|
+
export type SecretType<T> = string & { __returnType?: T }
|
|
7
|
+
export declare function secret<T> (path: string): SecretType<T>
|
|
8
|
+
|
|
9
|
+
interface SecretsManagerOptions<AwsSecretsManagerClient = SecretsManagerClient>
|
|
10
|
+
extends Omit<MiddyOptions<
|
|
8
11
|
AwsSecretsManagerClient,
|
|
9
12
|
SecretsManagerClientConfig
|
|
10
|
-
> {
|
|
11
|
-
|
|
12
|
-
export type Context<TOptions extends Options | undefined> = TOptions extends {
|
|
13
|
-
setToContext: true
|
|
13
|
+
>, 'fetchData'> {
|
|
14
|
+
fetchData?: { [key: string]: string | SecretType<unknown> }
|
|
14
15
|
}
|
|
15
|
-
? LambdaContext & Record<keyof TOptions['fetchData'], any>
|
|
16
|
-
: LambdaContext
|
|
17
16
|
|
|
18
|
-
|
|
17
|
+
export type Context<TOptions extends SecretsManagerOptions | undefined> =
|
|
18
|
+
TOptions extends { setToContext: true }
|
|
19
|
+
? TOptions extends { fetchData: infer TFetchData }
|
|
20
|
+
? LambdaContext & {
|
|
21
|
+
[Key in keyof TFetchData]: TFetchData[Key] extends SecretType<infer T>
|
|
22
|
+
? T
|
|
23
|
+
: unknown
|
|
24
|
+
}
|
|
25
|
+
: never
|
|
26
|
+
: LambdaContext
|
|
27
|
+
|
|
28
|
+
export type Internal<TOptions extends SecretsManagerOptions | undefined> =
|
|
29
|
+
TOptions extends SecretsManagerOptions
|
|
30
|
+
? TOptions extends { fetchData: infer TFetchData }
|
|
31
|
+
? {
|
|
32
|
+
[Key in keyof TFetchData]: TFetchData[Key] extends SecretType<infer T>
|
|
33
|
+
? T
|
|
34
|
+
: unknown
|
|
35
|
+
}
|
|
36
|
+
: {}
|
|
37
|
+
: {}
|
|
38
|
+
|
|
39
|
+
declare function secretsManager<TOptions extends SecretsManagerOptions | undefined> (
|
|
19
40
|
options?: TOptions
|
|
20
|
-
): middy.MiddlewareObj<unknown, any, Error, Context<TOptions>>
|
|
41
|
+
): middy.MiddlewareObj<unknown, any, Error, Context<TOptions>, Internal<TOptions>>
|
|
21
42
|
|
|
22
43
|
export default secretsManager
|
package/index.js
CHANGED
|
@@ -1,13 +1,15 @@
|
|
|
1
1
|
import { canPrefetch, createPrefetchClient, createClient, getCache, getInternal, processCache, modifyCache, jsonSafeParse } from '@middy/util';
|
|
2
|
-
import { SecretsManagerClient, GetSecretValueCommand } from '@aws-sdk/client-secrets-manager';
|
|
2
|
+
import { SecretsManagerClient, DescribeSecretCommand, GetSecretValueCommand } from '@aws-sdk/client-secrets-manager';
|
|
3
3
|
const defaults = {
|
|
4
4
|
AwsClient: SecretsManagerClient,
|
|
5
5
|
awsClientOptions: {},
|
|
6
6
|
awsClientAssumeRole: undefined,
|
|
7
7
|
awsClientCapture: undefined,
|
|
8
8
|
fetchData: {},
|
|
9
|
+
fetchRotationDate: false,
|
|
9
10
|
disablePrefetch: false,
|
|
10
11
|
cacheKey: 'secrets-manager',
|
|
12
|
+
cacheKeyExpiry: {},
|
|
11
13
|
cacheExpiry: -1,
|
|
12
14
|
setToContext: false
|
|
13
15
|
};
|
|
@@ -20,9 +22,21 @@ const secretsManagerMiddleware = (opts = {})=>{
|
|
|
20
22
|
const values = {};
|
|
21
23
|
for (const internalKey of Object.keys(options.fetchData)){
|
|
22
24
|
if (cachedValues[internalKey]) continue;
|
|
23
|
-
values[internalKey] =
|
|
24
|
-
|
|
25
|
-
|
|
25
|
+
values[internalKey] = Promise.resolve().then(()=>{
|
|
26
|
+
if (options.fetchRotationDate === true || options.fetchRotationDate?.[internalKey]) {
|
|
27
|
+
return client.send(new DescribeSecretCommand({
|
|
28
|
+
SecretId: options.fetchData[internalKey]
|
|
29
|
+
})).then((resp)=>{
|
|
30
|
+
if (options.cacheExpiry < 0) {
|
|
31
|
+
options.cacheKeyExpiry[internalKey] = resp.NextRotationDate * 1000;
|
|
32
|
+
} else {
|
|
33
|
+
options.cacheKeyExpiry[internalKey] = Math.min(Math.max(resp.LastRotationDate, resp.LastChangedDate) * 1000 + options.cacheExpiry, resp.NextRotationDate * 1000);
|
|
34
|
+
}
|
|
35
|
+
});
|
|
36
|
+
}
|
|
37
|
+
}).then(()=>client.send(new GetSecretValueCommand({
|
|
38
|
+
SecretId: options.fetchData[internalKey]
|
|
39
|
+
}))).then((resp)=>jsonSafeParse(resp.SecretString)).catch((e)=>{
|
|
26
40
|
const value = getCache(options.cacheKey).value ?? {};
|
|
27
41
|
value[internalKey] = undefined;
|
|
28
42
|
modifyCache(options.cacheKey, value);
|
|
@@ -31,26 +45,29 @@ const secretsManagerMiddleware = (opts = {})=>{
|
|
|
31
45
|
}
|
|
32
46
|
return values;
|
|
33
47
|
};
|
|
34
|
-
let
|
|
48
|
+
let client;
|
|
35
49
|
if (canPrefetch(options)) {
|
|
36
50
|
client = createPrefetchClient(options);
|
|
37
|
-
|
|
51
|
+
processCache(options, fetch);
|
|
38
52
|
}
|
|
39
53
|
const secretsManagerMiddlewareBefore = async (request)=>{
|
|
40
54
|
if (!client) {
|
|
41
55
|
client = await createClient(options, request);
|
|
42
56
|
}
|
|
43
|
-
const { value
|
|
57
|
+
const { value } = processCache(options, fetch, request);
|
|
44
58
|
Object.assign(request.internal, value);
|
|
45
59
|
if (options.setToContext) {
|
|
46
60
|
const data = await getInternal(Object.keys(options.fetchData), request);
|
|
47
61
|
Object.assign(request.context, data);
|
|
48
62
|
}
|
|
49
|
-
prefetch = null;
|
|
50
63
|
};
|
|
51
64
|
return {
|
|
52
65
|
before: secretsManagerMiddlewareBefore
|
|
53
66
|
};
|
|
54
67
|
};
|
|
55
68
|
export default secretsManagerMiddleware;
|
|
69
|
+
// used for TS type inference (see index.d.ts)
|
|
70
|
+
export function secret(name) {
|
|
71
|
+
return name;
|
|
72
|
+
}
|
|
56
73
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@middy/secrets-manager",
|
|
3
|
-
"version": "5.0.0-alpha.
|
|
3
|
+
"version": "5.0.0-alpha.2",
|
|
4
4
|
"description": "Secrets Manager middleware for the middy framework",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"engines": {
|
|
@@ -10,24 +10,18 @@
|
|
|
10
10
|
"publishConfig": {
|
|
11
11
|
"access": "public"
|
|
12
12
|
},
|
|
13
|
-
"main": "./index.cjs",
|
|
14
13
|
"module": "./index.js",
|
|
15
14
|
"exports": {
|
|
16
15
|
".": {
|
|
17
16
|
"import": {
|
|
18
17
|
"types": "./index.d.ts",
|
|
19
18
|
"default": "./index.js"
|
|
20
|
-
},
|
|
21
|
-
"require": {
|
|
22
|
-
"types": "./index.d.ts",
|
|
23
|
-
"default": "./index.cjs"
|
|
24
19
|
}
|
|
25
20
|
}
|
|
26
21
|
},
|
|
27
22
|
"types": "index.d.ts",
|
|
28
23
|
"files": [
|
|
29
24
|
"index.js",
|
|
30
|
-
"index.cjs",
|
|
31
25
|
"index.d.ts"
|
|
32
26
|
],
|
|
33
27
|
"scripts": {
|
|
@@ -64,13 +58,13 @@
|
|
|
64
58
|
"url": "https://github.com/sponsors/willfarrell"
|
|
65
59
|
},
|
|
66
60
|
"dependencies": {
|
|
67
|
-
"@middy/util": "5.0.0-alpha.
|
|
61
|
+
"@middy/util": "5.0.0-alpha.2"
|
|
68
62
|
},
|
|
69
63
|
"devDependencies": {
|
|
70
64
|
"@aws-sdk/client-secrets-manager": "^3.0.0",
|
|
71
|
-
"@middy/core": "5.0.0-alpha.
|
|
65
|
+
"@middy/core": "5.0.0-alpha.2",
|
|
72
66
|
"@types/aws-lambda": "^8.10.101",
|
|
73
67
|
"aws-xray-sdk": "^3.3.3"
|
|
74
68
|
},
|
|
75
|
-
"gitHead": "
|
|
69
|
+
"gitHead": "ebce8d5df8783077fa49ba62ee9be20e8486a7f1"
|
|
76
70
|
}
|
package/index.cjs
DELETED
|
@@ -1,64 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", {
|
|
3
|
-
value: true
|
|
4
|
-
});
|
|
5
|
-
Object.defineProperty(module, "exports", {
|
|
6
|
-
enumerable: true,
|
|
7
|
-
get: ()=>_default
|
|
8
|
-
});
|
|
9
|
-
const _util = require("@middy/util");
|
|
10
|
-
const _clientSecretsManager = require("@aws-sdk/client-secrets-manager");
|
|
11
|
-
const defaults = {
|
|
12
|
-
AwsClient: _clientSecretsManager.SecretsManagerClient,
|
|
13
|
-
awsClientOptions: {},
|
|
14
|
-
awsClientAssumeRole: undefined,
|
|
15
|
-
awsClientCapture: undefined,
|
|
16
|
-
fetchData: {},
|
|
17
|
-
disablePrefetch: false,
|
|
18
|
-
cacheKey: 'secrets-manager',
|
|
19
|
-
cacheExpiry: -1,
|
|
20
|
-
setToContext: false
|
|
21
|
-
};
|
|
22
|
-
const secretsManagerMiddleware = (opts = {})=>{
|
|
23
|
-
const options = {
|
|
24
|
-
...defaults,
|
|
25
|
-
...opts
|
|
26
|
-
};
|
|
27
|
-
const fetch = (request, cachedValues = {})=>{
|
|
28
|
-
const values = {};
|
|
29
|
-
for (const internalKey of Object.keys(options.fetchData)){
|
|
30
|
-
if (cachedValues[internalKey]) continue;
|
|
31
|
-
values[internalKey] = client.send(new _clientSecretsManager.GetSecretValueCommand({
|
|
32
|
-
SecretId: options.fetchData[internalKey]
|
|
33
|
-
})).then((resp)=>(0, _util.jsonSafeParse)(resp.SecretString)).catch((e)=>{
|
|
34
|
-
const value = (0, _util.getCache)(options.cacheKey).value ?? {};
|
|
35
|
-
value[internalKey] = undefined;
|
|
36
|
-
(0, _util.modifyCache)(options.cacheKey, value);
|
|
37
|
-
throw e;
|
|
38
|
-
});
|
|
39
|
-
}
|
|
40
|
-
return values;
|
|
41
|
-
};
|
|
42
|
-
let prefetch, client;
|
|
43
|
-
if ((0, _util.canPrefetch)(options)) {
|
|
44
|
-
client = (0, _util.createPrefetchClient)(options);
|
|
45
|
-
prefetch = (0, _util.processCache)(options, fetch);
|
|
46
|
-
}
|
|
47
|
-
const secretsManagerMiddlewareBefore = async (request)=>{
|
|
48
|
-
if (!client) {
|
|
49
|
-
client = await (0, _util.createClient)(options, request);
|
|
50
|
-
}
|
|
51
|
-
const { value } = prefetch ?? (0, _util.processCache)(options, fetch, request);
|
|
52
|
-
Object.assign(request.internal, value);
|
|
53
|
-
if (options.setToContext) {
|
|
54
|
-
const data = await (0, _util.getInternal)(Object.keys(options.fetchData), request);
|
|
55
|
-
Object.assign(request.context, data);
|
|
56
|
-
}
|
|
57
|
-
prefetch = null;
|
|
58
|
-
};
|
|
59
|
-
return {
|
|
60
|
-
before: secretsManagerMiddlewareBefore
|
|
61
|
-
};
|
|
62
|
-
};
|
|
63
|
-
const _default = secretsManagerMiddleware;
|
|
64
|
-
|