@sap/cds 5.9.8 → 6.0.1

package/libx/_runtime/messaging/enterprise-messaging-utils/options-management.js

@@ -1,11 +1,18 @@
-const _oa2 = management => ({
-  ...management,
-  oa2: {
-    client: management.oa2.clientid,
-    secret: management.oa2.clientsecret,
-    endpoint: management.oa2.tokenendpoint
+const _oa2 = (management, uaa) => {
+  const oa2 = {
+    ...management,
+    oa2: {
+      client: management.oa2.clientid,
+      secret: management.oa2.clientsecret,
+      endpoint: management.oa2.tokenendpoint
+    }
   }
-})
+  if (uaa && uaa.certificate) {
+    oa2.oa2.mTLS = { cert: uaa.certificate, key: uaa.key }
+    oa2.oa2.endpoint = uaa.certurl
+  }
+  return oa2
+}
 
 module.exports = options => {
   if (!options || !options.credentials || !options.credentials.management) {
@@ -13,5 +20,5 @@ module.exports = options => {
       'No management credentials found. Hint: You need to bind your app to an Enterprise-Messaging service or provide the necessary credentials through environment variables.'
     )
   }
-  return _oa2(options.credentials.management[0])
+  return _oa2(options.credentials.management[0], options.credentials.uaa)
 }

package/libx/_runtime/messaging/enterprise-messaging-utils/options-messaging.js

@@ -1,15 +1,25 @@
-const _getOAuth2 = opts => ({
-  ...opts,
-  oa2: {
-    client: opts.oa2.client || opts.oa2.clientid,
-    secret: opts.oa2.secret || opts.oa2.clientsecret,
-    endpoint: opts.oa2.endpoint || opts.oa2.tokenendpoint,
-    granttype: opts.oa2.granttype
+const _getOAuth2 = (opts, uaa) => {
+  const res = {
+    ...opts,
+    oa2: {
+      client: opts.oa2.client || opts.oa2.clientid,
+      secret: opts.oa2.secret || opts.oa2.clientsecret,
+      endpoint: opts.oa2.endpoint || opts.oa2.tokenendpoint,
+      granttype: opts.oa2.granttype
+    }
   }
-})
+  if (uaa && uaa.certificate) {
+    res.oa2.endpoint = uaa.certurl + '/oauth/token'
+    res.oa2.mTLS = {
+      key: uaa.key,
+      cert: uaa.certificate
+    }
+  }
+  return res
+}
 
 // protocols are: httprest or amqp10ws
-const _optionsMessaging = (options, protocol) => {
+const _getOpts = (options, protocol) => {
   const opts =
     options &&
     options.credentials &&
@@ -19,12 +29,45 @@ const _optionsMessaging = (options, protocol) => {
     throw new Error(
       `No ${protocol} credentials found. Hint: You need to bind your app to an Enterprise-Messaging service or provide the necessary credentials through environment variables.`
     )
-  const res = _getOAuth2(opts)
-  if (options.amqp) {
-    if (!res.amqp) res.amqp = options.amqp
-    else Object.assign(res.amqp, options.amqp)
+  return opts
+}
+
+const optionsMessagingREST = options => {
+  const opts = _getOpts(options, 'httprest')
+  const res = _getOAuth2(opts, options.credentials.uaa)
+  return res
+}
+
+const optionsMessagingAMQP = options => {
+  const res = _optionsMessagingAMQP(options)
+  if (options.amqp) res.amqp = options.amqp
+  return res
+}
+
+const _optionsMessagingAMQP = options => {
+  const opts = _getOpts(options, 'amqp10ws')
+  if (options.credentials.uaa && options.credentials.uaa.certificate) {
+    // mTLS
+    const amqp = {
+      uri: opts.uri,
+      wss: {
+        key: Buffer.from(options.credentials.uaa.key),
+        cert: Buffer.from(options.credentials.uaa.certificate)
+      },
+      oa2: {
+        endpoint: options.credentials.uaa.certurl + '/oauth/token',
+        client: opts.oa2.client || opts.oa2.clientid,
+        secret: '',
+        request: {
+          key: Buffer.from(options.credentials.uaa.key),
+          cert: Buffer.from(options.credentials.uaa.certificate)
+        }
+      }
+    }
+    return amqp
   }
+  const res = _getOAuth2(opts, options.credentials.uaa)
   return res
 }
 
-module.exports = _optionsMessaging
+module.exports = { optionsMessagingREST, optionsMessagingAMQP }

package/libx/_runtime/messaging/enterprise-messaging.js

@@ -1,6 +1,6 @@
 const cds = require('../cds.js')
 const AMQPWebhookMessaging = require('./AMQPWebhookMessaging.js')
-const optionsMessaging = require('./enterprise-messaging-utils/options-messaging.js')
+const { optionsMessagingREST } = require('./enterprise-messaging-utils/options-messaging.js')
 const optionsManagement = require('./enterprise-messaging-utils/options-management.js')
 const EMManagement = require('./enterprise-messaging-utils/EMManagement.js')
 const optionsForSubdomain = require('./common-utils/optionsForSubdomain.js')
@@ -17,12 +17,12 @@ const BASE_PATH = '/messaging/enterprise-messaging'
 const _checkAppURL = appURL => {
   if (!appURL)
     throw new Error(
-      'Enterprise Messaging: You need to provide an HTTPS endpoint to your application.\n\nHint: You can set the application URI in environment variable `VCAP_APPLICATION.application_uris[0]`. This is needed because incoming messages are delivered through HTTP via webhooks.\nExample: `{ ..., "VCAP_APPLICATION": { "application_uris": ["my-app.com"] } }`\nIn case you want to use Enterprise Messaging in shared (that means single-tenant) mode, you can use kind `enterprise-messaging-amqp`.'
+      'Enterprise Messaging: You need to provide an HTTPS endpoint to your application.\n\nHint: You can set the application URI in environment variable `VCAP_APPLICATION.application_uris[0]`. This is needed because incoming messages are delivered through HTTP via webhooks.\nExample: `{ ..., "VCAP_APPLICATION": { "application_uris": ["my-app.com"] } }`\nIn case you want to use Enterprise Messaging in shared (that means single-tenant) mode, you can use kind `enterprise-messaging-shared`.'
     )
 
   if (appURL.startsWith('https://localhost'))
     throw new Error(
-      'The endpoint of your application is local and cannot be reached from Enterprise Messaging.\n\nHint: For local development you can set up a tunnel to your local endpoint and enter its public https endpoint in `VCAP_APPLICATION.application_uris[0]`.\nIn case you want to use Enterprise Messaging in shared (that means single-tenant) mode, you can use kind `enterprise-messaging-amqp`.'
+      'The endpoint of your application is local and cannot be reached from Enterprise Messaging.\n\nHint: For local development you can set up a tunnel to your local endpoint and enter its public https endpoint in `VCAP_APPLICATION.application_uris[0]`.\nIn case you want to use Enterprise Messaging in shared (that means single-tenant) mode, you can use kind `enterprise-messaging-shared`.'
     )
 }
 
@@ -78,7 +78,7 @@ class EnterpriseMessaging extends AMQPWebhookMessaging {
   }
 
   startListening() {
-    const doNotDeploy = cds._mtxEnabled && !this.options.deployForProvider
+    const doNotDeploy = cds.mtx && !this.options.deployForProvider
     if (doNotDeploy) this.LOG._info && this.LOG.info('Skipping deployment of messaging artifacts for provider account')
     super.startListening({ doNotDeploy })
     if (!doNotDeploy && this.subscribedTopics.size) {
@@ -97,7 +97,7 @@ class EnterpriseMessaging extends AMQPWebhookMessaging {
   async listenToClient(cb) {
     _checkAppURL(this.optionsApp.appURL)
     registerWebhookEndpoints(BASE_PATH, this.queueName, this.LOG, cb)
-    if (cds._mtxEnabled) {
+    if (cds.mtx) {
       await this.addMTXHandlers()
       registerDeployEndpoints(BASE_PATH, this.queueName, async (tenantInfo, options) => {
         const result = { queue: this.queueName, succeeded: [], failed: [] }
@@ -127,10 +127,10 @@ class EnterpriseMessaging extends AMQPWebhookMessaging {
     const optsManagementSwitched = _subdomain
       ? optionsForSubdomain.oa2ForSubdomain(optsManagement, _subdomain)
       : optsManagement
-    const optionsMessagingREST = optionsMessaging(this.options, 'httprest')
-    const optionsMessagingRESTSwitched = _subdomain
-      ? optionsForSubdomain.oa2ForSubdomain(optionsMessagingREST, _subdomain)
-      : optionsMessagingREST
+    const _optionsMessagingREST = optionsMessagingREST(this.options)
+    const _optionsMessagingRESTSwitched = _subdomain
+      ? optionsForSubdomain.oa2ForSubdomain(_optionsMessagingREST, _subdomain)
+      : _optionsMessagingREST
     const optionsWebhook = { ...this.options.webhook }
     delete optionsWebhook.waitingPeriod
 
@@ -138,7 +138,7 @@ class EnterpriseMessaging extends AMQPWebhookMessaging {
       optionsManagement: optsManagementSwitched,
       queueConfig,
       queueName,
-      optionsMessagingREST: optionsMessagingRESTSwitched,
+      optionsMessagingREST: _optionsMessagingRESTSwitched,
       optionsWebhook,
       optionsApp: this.optionsApp,
       maxRetries: this.options.maxRetries,
@@ -153,35 +153,30 @@ class EnterpriseMessaging extends AMQPWebhookMessaging {
 
   async emit(event, ...etc) {
     const msg = this.message4(event, ...etc)
-    const optionsMessagingREST = optionsMessaging(this.options, 'httprest')
+    const _optionsMessagingREST = optionsMessagingREST(this.options)
     const context = this.context || cds.context
     const tenant = context && context.tenant
     const topic = msg.event
     const message = { ...(msg.headers || {}), data: msg.data }
-    let errMsg = `Message with topic "${topic}" could not be sent`
-    if (tenant) errMsg += ' (tenant: ' + tenant + ')'
 
     await this.queued(() => {})()
 
     try {
       await authorizedRequest({
         method: 'POST',
-        uri: optionsMessagingREST.uri,
+        uri: _optionsMessagingREST.uri,
         path: `/messagingrest/v1/topics/${encodeURIComponent(topic)}/messages`,
-        oa2: optionsMessagingREST.oa2,
+        oa2: _optionsMessagingREST.oa2,
         tenant,
         dataObj: message,
         headers: {
           'x-qos': 1
         },
-        attemptInfo: () => this.LOG._info && this.LOG.info('Emit', { topic }),
-        errMsg,
-        target: { kind: 'MESSAGE', topic },
         tokenStore: {}
       })
     } catch (e) {
       // Note: If the topic rules don't allow the topic, we get a 403 (which is a strange choice by Event Mesh)
-      if (e.response && (e.response.statusCode === 400 || e.response.statusCode === 403)) e.unrecoverable = true
+      if (e && (e.statusCode === 400 || e.statusCode === 403)) e.unrecoverable = true
       throw e
     }
   }

package/libx/_runtime/messaging/file-based.js

@@ -7,7 +7,7 @@ const MessagingService = require('./service.js')
 
 class FileBasedMessaging extends MessagingService {
   async init() {
-    this.file = resolve((this.options.credentials && this.options.credentials.file) || '~/.cds-msg-box')
+    this.file = resolve(this.options.file || (this.options.credentials && this.options.credentials.file))
     try {
       await fs.lstat(this.file)
     } catch (e) {
@@ -71,6 +71,7 @@ class FileBasedMessaging extends MessagingService {
       }
     }
     this.watching = setInterval(watcher, this.options.interval || 500)
+    cds.on('shutdown', () => this.disconnect())
   }
 
   disconnect() {

package/libx/_runtime/messaging/http-utils/token.js

@@ -7,18 +7,27 @@ const _errorObj = result => {
   return errorObj
 }
 
-const requestToken = ({ client, secret, endpoint }, tenant, tokenStore) =>
+const requestToken = ({ client, secret, endpoint, mTLS }, tenant, tokenStore) =>
   new Promise((resolve, reject) => {
     const options = {
       host: endpoint.replace('/oauth/token', '').replace('https://', ''),
-      path: '/oauth/token?grant_type=client_credentials&response_type=token',
-      headers: {
-        Authorization: 'Basic ' + Buffer.from(client + ':' + secret).toString('base64')
-      }
+      headers: {}
     }
+    if (mTLS) {
+      options.method = 'POST'
+      options.path = '/oauth/token'
+      options.headers['content-type'] = 'application/x-www-form-urlencoded'
+      options.cert = mTLS.cert
+      options.key = mTLS.key
+    } else {
+      options.method = 'GET'
+      options.path = '/oauth/token?grant_type=client_credentials&response_type=token'
+      options.headers.Authorization = 'Basic ' + Buffer.from(client + ':' + secret).toString('base64')
+    }
+
     if (tenant) options.headers['x-zid'] = tenant
 
-    https.get(options, res => {
+    const req = https.request(options, res => {
       res.setEncoding('utf8')
       let chunks = ''
       res.on('data', chunk => {
@@ -33,6 +42,7 @@ const requestToken = ({ client, secret, endpoint }, tenant, tokenStore) =>
           const json = JSON.parse(result.body)
           if (!json.access_token) {
             reject(_errorObj(result))
+            return
           }
           // store token on tokenStore
           tokenStore.token = json.access_token
@@ -42,6 +52,8 @@ const requestToken = ({ client, secret, endpoint }, tenant, tokenStore) =>
         }
       })
     })
+    if (options.method === 'POST') req.write(`client_id=${client}&grant_type=client_credentials&response_type=token`)
+    req.end()
   })
 
 module.exports = requestToken

package/libx/_runtime/messaging/message-queuing-utils/options-management.js

@@ -1,24 +1,34 @@
 const _checkRequiredCredentials = options => {
-  if (!options || !options.credentials || !options.credentials.management || !options.credentials.amqp10) {
+  if (!options || !options.credentials || !options.credentials.management) {
     throw new Error(
-      'No messaging credentials found. Hint: You need to bind your app to a Message-Queuing service or provide the necessary credentials through environment variables.'
+      'No management credentials found. Hint: You need to bind your app to a Message-Queuing service or provide the necessary credentials through environment variables.'
     )
   }
 }
 
-const _oa2 = management => ({
-  ...management,
-  auth: {
-    ...management.auth,
-    oauth2: {
-      client: management.auth.oauth2.clientId,
-      secret: management.auth.oauth2.clientSecret,
-      endpoint: management.auth.oauth2.tokenUrl
+const _oa2 = credentials => {
+  const management = credentials.management
+  const oa2 = {
+    ...management,
+    auth: {
+      ...management.auth,
+      oauth2: {
+        client: management.auth.oauth2.clientId,
+        secret: management.auth.oauth2.clientSecret,
+        endpoint: management.auth.oauth2.tokenUrl
+      }
     }
   }
-})
+  if (credentials.uaa && credentials.uaa.certificate) {
+    // mTLS
+    oa2.auth.oauth2.mTLS = { cert: credentials.uaa.certificate, key: credentials.uaa.key }
+    oa2.auth.oauth2.endpoint = credentials.uaa.certurl
+  }
+  return oa2
+}
 
 module.exports = options => {
   _checkRequiredCredentials(options)
-  return _oa2(options.credentials.management)
+  const oa2 = _oa2(options.credentials)
+  return oa2
 }

package/libx/_runtime/messaging/message-queuing-utils/options-messaging.js

@@ -1,7 +1,7 @@
 const _checkRequiredCredentials = options => {
-  if (!options || !options.credentials || !options.credentials.management || !options.credentials.amqp10) {
+  if (!options || !options.credentials || !options.credentials.amqp10) {
     throw new Error(
-      'No amqp10ws credentials found. Hint: You need to bind your app to a Message Queuing service or provide the necessary credentials through environment variables.'
+      'No amqp10 credentials found. Hint: You need to bind your app to a Message Queuing service or provide the necessary credentials through environment variables.'
     )
   }
 }
@@ -10,18 +10,31 @@ module.exports = options => {
   _checkRequiredCredentials(options)
   const [host, port] = options.credentials.amqp10.url.replace(/^amqps:\/\//, '').split(':')
 
-  const amqp = {
-    tls: {
-      servername: host,
-      host,
-      port: Number(port)
-    },
-    sasl: {
-      mechanism: 'PLAIN',
-      user: options.credentials.amqp10.auth.basic.userName,
-      password: options.credentials.amqp10.auth.basic.password
-    }
-  }
+  const amqp =
+    options.credentials.uaa && options.credentials.uaa.certificate
+      ? {
+          uri: options.credentials.amqp10.url,
+          tls: {
+            key: Buffer.from(options.credentials.uaa.key),
+            cert: Buffer.from(options.credentials.uaa.certificate),
+            servername: host
+          },
+          sasl: {
+            mechanism: 'EXTERNAL'
+          }
+        }
+      : {
+          tls: {
+            servername: host,
+            host,
+            port: Number(port)
+          },
+          sasl: {
+            mechanism: 'PLAIN',
+            user: options.credentials.amqp10.auth.basic.userName,
+            password: options.credentials.amqp10.auth.basic.password
+          }
+        }
   if (options.amqp) amqp.amqp = options.amqp
   return amqp
 }

package/libx/_runtime/messaging/message-queuing.js

@@ -15,110 +15,163 @@ class MQManagement {
   }
 
   async getQueue(queueName = this.queueName) {
-    const res = await authorizedRequest({
-      method: 'GET',
-      uri: this.options.url,
-      path: `/v1/management/queues/${encodeURIComponent(queueName)}`,
-      oa2: this.options.auth.oauth2,
-      attemptInfo: () => this.LOG._info && this.LOG.info('Get queue', { queue: queueName }),
-      errMsg: `Queue "${queueName}" could not be retrieved`,
-      target: { kind: 'QUEUE', queue: queueName },
-      tokenStore: this
-    })
-    return res.body
+    this.LOG._info && this.LOG.info('Get queue', { queue: queueName })
+    try {
+      const res = await authorizedRequest({
+        method: 'GET',
+        uri: this.options.url,
+        path: `/v1/management/queues/${encodeURIComponent(queueName)}`,
+        oa2: this.options.auth.oauth2,
+        target: { kind: 'QUEUE', queue: queueName },
+        tokenStore: this
+      })
+      return res.body
+    } catch (e) {
+      const error = new Error(`Queue "${queueName}" could not be retrieved`)
+      error.code = 'GET_QUEUE_FAILED'
+      error.target = { kind: 'QUEUE', queue: queueName }
+      error.reason = e
+      this.LOG.error(error)
+      throw error
+    }
   }
 
   async getQueues() {
-    const res = await authorizedRequest({
-      method: 'GET',
-      uri: this.options.url,
-      path: `/v1/management/queues`,
-      oa2: this.options.auth.oauth2,
-      attemptInfo: () => this.LOG._info && this.LOG.info('Get queues'),
-      errMsg: `Queues could not be retrieved`,
-      target: { kind: 'QUEUE' },
-      tokenStore: this
-    })
-    return res.body && res.body.results
+    this.LOG._info && this.LOG.info('Get queues')
+    try {
+      const res = await authorizedRequest({
+        method: 'GET',
+        uri: this.options.url,
+        path: `/v1/management/queues`,
+        oa2: this.options.auth.oauth2,
+        target: { kind: 'QUEUE' },
+        tokenStore: this
+      })
+      return res.body && res.body.results
+    } catch (e) {
+      const error = new Error(`Queues could not be retrieved`)
+      error.code = 'GET_QUEUES_FAILED'
+      error.target = { kind: 'QUEUE' }
+      error.reason = e
+      this.LOG.error(error)
+      throw error
+    }
   }
 
-  createQueue(queueName = this.queueName) {
-    return authorizedRequest({
-      method: 'PUT',
-      uri: this.options.url,
-      path: `/v1/management/queues/${encodeURIComponent(queueName)}`,
-      oa2: this.options.auth.oauth2,
-      dataObj: this.queueConfig,
-      attemptInfo: () => this.LOG._info && this.LOG.info('Create queue', { queue: queueName }),
-      errMsg: `Queue "${queueName}" could not be created`,
-      target: { kind: 'QUEUE', queue: queueName },
-      tokenStore: this
-    })
+  async createQueue(queueName = this.queueName) {
+    this.LOG._info && this.LOG.info('Create queue', { queue: queueName })
+    try {
+      const res = await authorizedRequest({
+        method: 'PUT',
+        uri: this.options.url,
+        path: `/v1/management/queues/${encodeURIComponent(queueName)}`,
+        oa2: this.options.auth.oauth2,
+        dataObj: this.queueConfig,
+        tokenStore: this
+      })
+      if (res.statusCode === 201) return true
+    } catch (e) {
+      const error = new Error(`Queue "${queueName}" could not be created`)
+      error.code = 'CREATE_QUEUE_FAILED'
+      error.target = { kind: 'QUEUE', queue: queueName }
+      error.reason = e
+      this.LOG.error(error)
+      throw error
+    }
   }
 
-  deleteQueue(queueName = this.queueName) {
-    return authorizedRequest({
-      method: 'DELETE',
-      uri: this.options.url,
-      path: `/v1/management/queues/${encodeURIComponent(queueName)}`,
-      oa2: this.options.auth.oauth2,
-      attemptInfo: () => this.LOG._info && this.LOG.info('Delete queue', { queue: queueName }),
-      errMsg: `Queue "${queueName}" could not be deleted`,
-      target: { kind: 'QUEUE', queue: queueName },
-      tokenStore: this
-    })
+  async deleteQueue(queueName = this.queueName) {
+    this.LOG._info && this.LOG.info('Delete queue', { queue: queueName })
+    try {
+      await authorizedRequest({
+        method: 'DELETE',
+        uri: this.options.url,
+        path: `/v1/management/queues/${encodeURIComponent(queueName)}`,
+        oa2: this.options.auth.oauth2,
+        tokenStore: this
+      })
+    } catch (e) {
+      const error = new Error(`Queue "${queueName}" could not be deleted`)
+      error.code = 'DELETE_QUEUE_FAILED'
+      error.target = { kind: 'QUEUE', queue: queueName }
+      error.reason = e
+      this.LOG.error(error)
+      throw error
+    }
   }
 
   async getSubscriptions(queueName = this.queueName) {
-    const res = await authorizedRequest({
-      method: 'GET',
-      uri: this.options.url,
-      path: `/v1/management/queues/${encodeURIComponent(queueName)}/subscriptions/topics`,
-      oa2: this.options.auth.oauth2,
-      attemptInfo: () => this.LOG._info && this.LOG.info('Get subscriptions', { queue: queueName }),
-      errMsg: `Subscriptions for "${queueName}" could not be retrieved`,
-      target: { kind: 'SUBSCRIPTION', queue: queueName },
-      tokenStore: this
-    })
-    return res.body
+    this.LOG._info && this.LOG.info('Get subscriptions', { queue: queueName })
+    try {
+      const res = await authorizedRequest({
+        method: 'GET',
+        uri: this.options.url,
+        path: `/v1/management/queues/${encodeURIComponent(queueName)}/subscriptions/topics`,
+        oa2: this.options.auth.oauth2,
+        tokenStore: this
+      })
+      return res.body
+    } catch (e) {
+      const error = new Error(`Subscriptions for "${queueName}" could not be retrieved`)
+      error.code = 'GET_SUBSCRIPTIONS_FAILED'
+      error.target = { kind: 'SUBSCRIPTION', queue: queueName }
+      error.reason = e
+      this.LOG.error(error)
+      throw error
+    }
   }
 
-  createSubscription(topicPattern, queueName = this.queueName) {
-    return authorizedRequest({
-      method: 'PUT',
-      uri: this.options.url,
-      path: `/v1/management/queues/${encodeURIComponent(queueName)}/subscriptions/topics/${encodeURIComponent(
-        topicPattern
-      )}`,
-      oa2: this.options.auth.oauth2,
-      attemptInfo: () =>
-        this.LOG._info && this.LOG.info('Create subscription', { topic: topicPattern, queue: queueName }),
-      errMsg: `Subscription "${topicPattern}" could not be added to queue "${queueName}"`,
-      target: { kind: 'SUBSCRIPTION', queue: queueName, topic: topicPattern },
-      tokenStore: this
-    })
+  async createSubscription(topicPattern, queueName = this.queueName) {
+    this.LOG._info && this.LOG.info('Create subscription', { topic: topicPattern, queue: queueName })
+    try {
+      const res = await authorizedRequest({
+        method: 'PUT',
+        uri: this.options.url,
+        path: `/v1/management/queues/${encodeURIComponent(queueName)}/subscriptions/topics/${encodeURIComponent(
+          topicPattern
+        )}`,
+        oa2: this.options.auth.oauth2,
+        tokenStore: this
+      })
+      if (res.statusCode === 201) return true
+    } catch (e) {
+      const error = new Error(`Subscription "${topicPattern}" could not be added to queue "${queueName}"`)
+      error.code = 'CREATE_SUBSCRIPTION_FAILED'
+      error.target = { kind: 'SUBSCRIPTION', queue: queueName, topic: topicPattern }
+      error.reason = e
+      this.LOG.error(error)
+      throw error
+    }
   }
 
-  deleteSubscription(topicPattern, queueName = this.queueName) {
-    return authorizedRequest({
-      method: 'DELETE',
-      uri: this.options.url,
-      path: `/v1/management/queues/${encodeURIComponent(queueName)}/subscriptions/topics/${encodeURIComponent(
-        topicPattern
-      )}`,
-      oa2: this.options.auth.oauth2,
-      attemptInfo: () =>
-        this.LOG._info && this.LOG.info('Delete subscription', { topic: topicPattern, queue: queueName }),
-      errMsg: `Subscription "${topicPattern}" could not be deleted from queue "${queueName}"`,
-      target: { kind: 'SUBSCRIPTION', queue: queueName, topic: topicPattern },
-      tokenStore: this
-    })
+  async deleteSubscription(topicPattern, queueName = this.queueName) {
+    this.LOG._info && this.LOG.info('Delete subscription', { topic: topicPattern, queue: queueName })
+    try {
+      await authorizedRequest({
+        method: 'DELETE',
+        uri: this.options.url,
+        path: `/v1/management/queues/${encodeURIComponent(queueName)}/subscriptions/topics/${encodeURIComponent(
+          topicPattern
+        )}`,
+        oa2: this.options.auth.oauth2,
+
+        target: { kind: 'SUBSCRIPTION', queue: queueName, topic: topicPattern },
+        tokenStore: this
+      })
+    } catch (e) {
+      const error = new Error(`Subscription "${topicPattern}" could not be deleted from queue "${queueName}"`)
+      error.code = 'DELETE_SUBSCRIPTION_FAILED'
+      error.target = { kind: 'SUBSCRIPTION', queue: queueName, topic: topicPattern }
+      error.reason = e
+      this.LOG.error(error)
+      throw error
+    }
   }
 
   async createQueueAndSubscriptions() {
     this.LOG._info && this.LOG.info(`Create messaging artifacts`)
     const created = await this.createQueue()
-    if (created && created.statusCode === 200) {
+    if (!created) {
       // We need to make sure to only keep our own subscriptions
       const resGet = await this.getSubscriptions()
       if (resGet && resGet.results && Array.isArray(resGet.results)) {