@middy/ssm 2.5.1 → 3.0.0-alpha.0

package/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2017-2021 Luciano Mammino, will Farrell and the [Middy team](https://github.com/middyjs/middy/graphs/contributors)
+Copyright (c) 2017-2022 Luciano Mammino, will Farrell and the [Middy team](https://github.com/middyjs/middy/graphs/contributors)
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

package/README.md

@@ -29,11 +29,11 @@ This middleware fetches parameters from [AWS Systems Manager Parameter Store](ht
 
 Parameters to fetch can be defined by path and by name (not mutually exclusive). See AWS docs [here](https://aws.amazon.com/blogs/mt/organize-parameters-by-hierarchy-tags-or-amazon-cloudwatch-events-with-amazon-ec2-systems-manager-parameter-store/).
 
-Parameters can be assigned to the Node.js `process.env` object by setting the `setToEnv` flag to `true`. They can also be assigned to the function handler's `context` object by setting the `setToContext` flag to `true`. By default all parameters are added with uppercase names.
+Parameters can be assigned to the function handler's `context` object by setting the `setToContext` flag to `true`. By default all parameters are added with uppercase names.
 
 The Middleware makes a single API request to fetch all the parameters defined by name, but must make an additional request per specified path. This is because the AWS SDK currently doesn't expose a method to retrieve parameters from multiple paths.
 
-For each parameter defined by name, you also provide the name under which its value should be added to `process.env` or `context`. For each path, you instead provide a prefix, and by default the value import each parameter returned from that path will be added to `process.env` or `context` with a name equal to what's left of the parameter's full name _after_ the defined path, with the prefix prepended. If the prefix is an empty string, nothing is prepended. You can override this behaviour by providing your own mapping function with the `getParamNameFromPath` config option.
+For each parameter defined by name, you also provide the name under which its value should be added to `context`. For each path, you instead provide a prefix, and by default the value import each parameter returned from that path will be added to `context` with a name equal to what's left of the parameter's full name _after_ the defined path, with the prefix prepended. If the prefix is an empty string, nothing is prepended. You can override this behaviour by providing your own mapping function with the `getParamNameFromPath` config option.
 
 
 ## Install
@@ -47,22 +47,19 @@ npm install --save @middy/ssm
 
 ## Options
 
-- `AwsClient` (object) (default `AWS.SSM`): AWS.SSM class constructor (e.g. that has been instrumented with AWS XRay). Must be from `aws-sdk` v2.
+- `AwsClient` (object) (default `AWS.SSM`): AWS.SSM class constructor (e.g. that has been instrumented with AWS X-Ray). Must be from `aws-sdk` v2.
 - `awsClientOptions` (object) (optional): Options to pass to AWS.SSM class constructor.
 - `awsClientAssumeRole` (string) (optional): Internal key where role tokens are stored. See [@middy/sts](/packages/sts/README.md) on to set this.
-- `awsClientCapture` (function) (optional): Enable XRay by passing `captureAWSClient` from `aws-xray-sdk` in.
+- `awsClientCapture` (function) (optional): Enable AWS X-Ray by passing `captureAWSClient` from `aws-xray-sdk` in.
 - `fetchData` (object) (required): Mapping of internal key name to API request parameter `Names`/`Path`. `SecureString` are automatically decrypted.
 - `disablePrefetch` (boolean) (default `false`): On cold start requests will trigger early if they can. Setting `awsClientAssumeRole` disables prefetch.
 - `cacheKey` (string) (default `ssm`): Cache key for the fetched data responses. Must be unique across all middleware.
 - `cacheExpiry` (number) (default `-1`): How long fetch data responses should be cached for. `-1`: cache forever, `0`: never cache, `n`: cache for n ms.
-- `setToEnv` (boolean) (default `false`): Store role tokens to `process.env`. **Storing secrets in `process.env` is considered security bad practice**
-- `setToContext` (boolean) (default `false`): Store role tokes to `request.context`.
+- `setToContext` (boolean) (default `false`): Store role tokens to `request.context`.
 
 NOTES:
 - Lambda is required to have IAM permission for `ssm:GetParameters` and/or `ssm:GetParametersByPath` depending on what you're requesting.
 - `SSM` has [throughput limitations](https://docs.aws.amazon.com/general/latest/gr/ssm.html). Switching to Advanced Parameter type or increasing `maxRetries` and `retryDelayOptions.base` in `awsClientOptions` may be required.
-- `setToEnv` and `setToContext` are included for legacy support and should be avoided for performance and security reasons. See main documentation for best practices.
-- `setToEnv` can only assign secrets of type string
 
 ## Sample usage
 
@@ -79,7 +76,7 @@ handler
   .use(ssm({
     fetchData: {
       accessToken: '/dev/service_name/access_token',  // single value
-      dbParams: '/dev/service_name/database/',         // object of values, key for each path
+      dbParams: '/dev/service_name/database/',        // object of values, key for each path
       defaults: '/dev/defaults'
     },
     setToContext: true
@@ -109,7 +106,7 @@ handler
   .use(ssm({
     fetchData: {
       accessToken: '/dev/service_name/access_token',  // single value
-      dbParams: '/dev/service_name/database/',         // object of values, key for each path
+      dbParams: '/dev/service_name/database/',        // object of values, key for each path
     },
     cacheExpiry: 15*60*1000,
     cacheKey: 'ssm-secrets'
@@ -134,7 +131,7 @@ Everyone is very welcome to contribute to this repository. Feel free to [raise i
 
 ## License
 
-Licensed under [MIT License](LICENSE). Copyright (c) 2017-2021 Luciano Mammino, will Farrell, and the [Middy team](https://github.com/middyjs/middy/graphs/contributors).
+Licensed under [MIT License](LICENSE). Copyright (c) 2017-2022 Luciano Mammino, will Farrell, and the [Middy team](https://github.com/middyjs/middy/graphs/contributors).
 
 <a href="https://app.fossa.io/projects/git%2Bgithub.com%2Fmiddyjs%2Fmiddy?ref=badge_large">
   <img src="https://app.fossa.io/api/projects/git%2Bgithub.com%2Fmiddyjs%2Fmiddy.svg?type=large" alt="FOSSA Status"  style="max-width:100%;">

package/index.d.ts

@@ -1,19 +1,8 @@
 import { SSM } from 'aws-sdk'
-import { captureAWSClient } from 'aws-xray-sdk'
+import { Options as MiddyOptions } from '@middy/util'
 import middy from '@middy/core'
 
-interface Options<S = SSM> {
-  AwsClient?: new() => S
-  awsClientOptions?: Partial<SSM.Types.ClientConfiguration>
-  awsClientAssumeRole?: string
-  awsClientCapture?: typeof captureAWSClient
-  fetchData?: { [key: string]: string }
-  disablePrefetch?: boolean
-  cacheKey?: string
-  cacheExpiry?: number
-  setToEnv?: boolean
-  setToContext?: boolean
-}
+interface Options<S = SSM> extends MiddyOptions<S, SSM.Types.ClientConfiguration> {}
 
 declare function ssm (options?: Options): middy.MiddlewareObj
 

package/package.json

@@ -1,16 +1,16 @@
 {
   "name": "@middy/ssm",
-  "version": "2.5.1",
+  "version": "3.0.0-alpha.0",
   "description": "SSM (EC2 Systems Manager) parameters middleware for the middy framework",
-  "type": "commonjs",
+  "type": "module",
   "engines": {
-    "node": ">=12"
+    "node": ">=14"
   },
   "engineStrict": true,
   "publishConfig": {
     "access": "public"
   },
-  "main": "index.js",
+  "exports": "./index.js",
   "types": "index.d.ts",
   "files": [
     "index.d.ts"
@@ -46,12 +46,12 @@
   },
   "homepage": "https://github.com/middyjs/middy#readme",
   "dependencies": {
-    "@middy/util": "^2.5.1"
+    "@middy/util": "^3.0.0-alpha.0"
   },
   "devDependencies": {
-    "@middy/core": "^2.5.1",
+    "@middy/core": "^3.0.0-alpha.0",
     "aws-sdk": "^2.939.0",
     "aws-xray-sdk": "^3.3.3"
   },
-  "gitHead": "df18e5eff7d73492a96a2ca4780a2eae45d1cedb"
+  "gitHead": "c533f62841c8a39d061d7b94f30ba178f002c8db"
 }

package/index.js

@@ -1,187 +0,0 @@
-"use strict";
-
-const {
-  canPrefetch,
-  createPrefetchClient,
-  createClient,
-  processCache,
-  getCache,
-  modifyCache,
-  jsonSafeParse,
-  getInternal,
-  sanitizeKey
-} = require('@middy/util');
-
-const SSM = require('aws-sdk/clients/ssm'); // v2
-// const { SSM } = require('@aws-sdk/client-ssm') // v3
-
-
-const awsRequestLimit = 10;
-const defaults = {
-  AwsClient: SSM,
-  // Allow for XRay
-  awsClientOptions: {},
-  awsClientAssumeRole: undefined,
-  awsClientCapture: undefined,
-  fetchData: {},
-  // { contextKey: fetchKey, contextPrefix: fetchPath/ }
-  disablePrefetch: false,
-  cacheKey: 'ssm',
-  cacheExpiry: -1,
-  setToEnv: false,
-  setToContext: false
-};
-
-const ssmMiddleware = (opts = {}) => {
-  const options = { ...defaults,
-    ...opts
-  };
-
-  const fetch = (request, cachedValues) => {
-    return { ...fetchSingle(request, cachedValues),
-      ...fetchByPath(request, cachedValues)
-    };
-  };
-
-  const fetchSingle = (request, cachedValues = {}) => {
-    const values = {};
-    let batchReq = null;
-    let batchInternalKeys = [];
-    let batchFetchKeys = [];
-    const internalKeys = Object.keys(options.fetchData);
-    const fetchKeys = Object.values(options.fetchData);
-
-    for (const [idx, internalKey] of internalKeys.entries()) {
-      if (cachedValues[internalKey]) continue;
-      const fetchKey = options.fetchData[internalKey];
-      if (fetchKey.substr(-1) === '/') continue; // Skip path passed in
-
-      batchInternalKeys.push(internalKey);
-      batchFetchKeys.push(fetchKey); // from the first to the batch size skip, unless it's the last entry
-
-      if ((!idx || (idx + 1) % awsRequestLimit !== 0) && !(idx + 1 === internalKeys.length)) {
-        continue;
-      }
-
-      batchReq = client.getParameters({
-        Names: batchFetchKeys,
-        WithDecryption: true
-      }).promise() // Required for aws-sdk v2
-      .then(resp => {
-        var _resp$InvalidParamete, _resp$Parameters;
-
-        // Don't sanitize key, mapped to set value in options
-        return Object.assign(...((_resp$InvalidParamete = resp.InvalidParameters) !== null && _resp$InvalidParamete !== void 0 ? _resp$InvalidParamete : []).map(fetchKey => {
-          return {
-            [fetchKey]: new Promise(() => {
-              var _getCache$value, _getCache;
-
-              const internalKey = internalKeys[fetchKeys.indexOf(fetchKey)];
-              const value = (_getCache$value = (_getCache = getCache(options.cacheKey)) === null || _getCache === void 0 ? void 0 : _getCache.value) !== null && _getCache$value !== void 0 ? _getCache$value : {};
-              value[internalKey] = undefined;
-              modifyCache(options.cacheKey, value);
-              throw new Error('ssm.InvalidParameter ' + fetchKey);
-            })
-          };
-        }), ...((_resp$Parameters = resp.Parameters) !== null && _resp$Parameters !== void 0 ? _resp$Parameters : []).map(param => {
-          return {
-            [param.Name]: parseValue(param)
-          };
-        }));
-      });
-
-      for (const internalKey of batchInternalKeys) {
-        values[internalKey] = batchReq.then(params => {
-          return params[options.fetchData[internalKey]];
-        });
-      }
-
-      batchInternalKeys = [];
-      batchFetchKeys = [];
-      batchReq = null;
-    }
-
-    return values;
-  };
-
-  const fetchByPath = (request, cachedValues = {}) => {
-    const values = {};
-
-    for (const internalKey in options.fetchData) {
-      if (cachedValues[internalKey]) continue;
-      const fetchKey = options.fetchData[internalKey];
-      if (fetchKey.substr(-1) !== '/') continue; // Skip not path passed in
-
-      values[internalKey] = fetchPath(fetchKey).catch(e => {
-        var _getCache$value2, _getCache2;
-
-        const value = (_getCache$value2 = (_getCache2 = getCache(options.cacheKey)) === null || _getCache2 === void 0 ? void 0 : _getCache2.value) !== null && _getCache$value2 !== void 0 ? _getCache$value2 : {};
-        value[internalKey] = undefined;
-        modifyCache(options.cacheKey, value);
-        throw e;
-      });
-    }
-
-    return values;
-  };
-
-  const fetchPath = (path, nextToken, values = {}) => {
-    return client.getParametersByPath({
-      Path: path,
-      NextToken: nextToken,
-      Recursive: true,
-      WithDecryption: true
-    }).promise() // Required for aws-sdk v2
-    .then(resp => {
-      Object.assign(values, ...resp.Parameters.map(param => {
-        return {
-          [sanitizeKey(param.Name.replace(path, ''))]: parseValue(param)
-        };
-      }));
-      if (resp.NextToken) return fetchPath(path, resp.NextToken, values);
-      return values;
-    });
-  };
-
-  const parseValue = param => {
-    if (param.Type === 'StringList') {
-      return param.Value.split(',');
-    }
-
-    return jsonSafeParse(param.Value);
-  };
-
-  let prefetch, client;
-
-  if (canPrefetch(options)) {
-    client = createPrefetchClient(options);
-    prefetch = processCache(options, fetch);
-  }
-
-  const ssmMiddlewareBefore = async request => {
-    var _prefetch;
-
-    if (!client) {
-      client = await createClient(options, request);
-    }
-
-    const {
-      value
-    } = (_prefetch = prefetch) !== null && _prefetch !== void 0 ? _prefetch : processCache(options, fetch, request);
-    Object.assign(request.internal, value);
-
-    if (options.setToContext || options.setToEnv) {
-      const data = await getInternal(Object.keys(options.fetchData), request);
-      if (options.setToEnv) Object.assign(process.env, data);
-      if (options.setToContext) Object.assign(request.context, data);
-    }
-
-    prefetch = null;
-  };
-
-  return {
-    before: ssmMiddlewareBefore
-  };
-};
-
-module.exports = ssmMiddleware;