@smythos/sre 1.6.8 → 1.6.10

package/src/subsystems/Security/ManagedVault.service/ManagedVaultConnector.ts

@@ -1,38 +1,38 @@
-import { ACL } from '@sre/Security/AccessControl/ACL.class';
-import { AccessCandidate } from '@sre/Security/AccessControl/AccessCandidate.class';
-import { AccessRequest } from '@sre/Security/AccessControl/AccessRequest.class';
-import { SecureConnector } from '@sre/Security/SecureConnector.class';
-import { IAccessCandidate, IACL } from '@sre/types/ACL.types';
-
-/**
- * The managed vault is a vault that is managed by the SRE, its keys are not visible to the user.
- * it's used to store generated tokens at runtime, like OAuth tokens
- */
-
-export interface IManagedVaultRequest {
-    get(keyId: string): Promise<string>;
-    set(keyId: string, value: string): Promise<void>;
-    delete(keyId: string): Promise<void>;
-    exists(keyId: string): Promise<boolean>;
-}
-
-export abstract class ManagedVaultConnector extends SecureConnector {
-    constructor(protected _settings?: any) {
-        super(_settings);
-    }
-
-    requester(candidate: AccessCandidate): IManagedVaultRequest {
-        return {
-            get: async (keyId: string) => this.get(candidate.readRequest, keyId),
-            set: async (keyId: string, value: string) => this.set(candidate.writeRequest, keyId, value),
-            delete: async (keyId: string) => this.delete(candidate.writeRequest, keyId),
-            exists: async (keyId: string) => this.exists(candidate.readRequest, keyId),
-        };
-    }
-
-    public abstract getResourceACL(resourceId: string, candidate: IAccessCandidate): Promise<ACL>;
-    protected abstract get(acRequest: AccessRequest, keyId: string): Promise<string>;
-    protected abstract set(acRequest: AccessRequest, keyId: string, value: string): Promise<void>;
-    protected abstract delete(acRequest: AccessRequest, keyId: string): Promise<void>;
-    protected abstract exists(acRequest: AccessRequest, keyId: string): Promise<boolean>;
-}
+import { ACL } from '@sre/Security/AccessControl/ACL.class';
+import { AccessCandidate } from '@sre/Security/AccessControl/AccessCandidate.class';
+import { AccessRequest } from '@sre/Security/AccessControl/AccessRequest.class';
+import { SecureConnector } from '@sre/Security/SecureConnector.class';
+import { IAccessCandidate, IACL } from '@sre/types/ACL.types';
+
+/**
+ * The managed vault is a vault that is managed by the SRE, its keys are not visible to the user.
+ * it's used to store generated tokens at runtime, like OAuth tokens
+ */
+
+export interface IManagedVaultRequest {
+    get(keyId: string): Promise<string>;
+    set(keyId: string, value: string): Promise<void>;
+    delete(keyId: string): Promise<void>;
+    exists(keyId: string): Promise<boolean>;
+}
+
+export abstract class ManagedVaultConnector extends SecureConnector {
+    constructor(protected _settings?: any) {
+        super(_settings);
+    }
+
+    requester(candidate: AccessCandidate): IManagedVaultRequest {
+        return {
+            get: async (keyId: string) => this.get(candidate.readRequest, keyId),
+            set: async (keyId: string, value: string) => this.set(candidate.writeRequest, keyId, value),
+            delete: async (keyId: string) => this.delete(candidate.writeRequest, keyId),
+            exists: async (keyId: string) => this.exists(candidate.readRequest, keyId),
+        };
+    }
+
+    public abstract getResourceACL(resourceId: string, candidate: IAccessCandidate): Promise<ACL>;
+    protected abstract get(acRequest: AccessRequest, keyId: string): Promise<string>;
+    protected abstract set(acRequest: AccessRequest, keyId: string, value: string): Promise<void>;
+    protected abstract delete(acRequest: AccessRequest, keyId: string): Promise<void>;
+    protected abstract exists(acRequest: AccessRequest, keyId: string): Promise<boolean>;
+}

package/src/subsystems/Security/ManagedVault.service/connectors/NullManagedVault.class.ts

@@ -1,53 +1,53 @@
-import { ConnectorService } from '@sre/Core/ConnectorsService';
-import { Logger } from '@sre/helpers/Log.helper';
-//import { SmythRuntime } from '@sre/Core/SmythRuntime.class';
-import { AccessRequest } from '@sre/Security/AccessControl/AccessRequest.class';
-import { ACL } from '@sre/Security/AccessControl/ACL.class';
-import { SecureConnector } from '@sre/Security/SecureConnector.class';
-import { IAccessCandidate, TAccessLevel } from '@sre/types/ACL.types';
-
-import { ManagedVaultConnector } from '../ManagedVaultConnector';
-
-const console = Logger('NullManagedVault');
-export class NullManagedVault extends ManagedVaultConnector {
-    public name: string = 'NullManagedVault';
-
-    constructor(protected _settings: any) {
-        super(_settings);
-    }
-
-    @SecureConnector.AccessControl
-    protected async get(acRequest: AccessRequest, keyId: string) {
-        console.debug(`Ignored operation:NullManagedVault.get: ${keyId}`);
-        return undefined;
-    }
-
-    @SecureConnector.AccessControl
-    protected async set(acRequest: AccessRequest, keyId: string, value: string) {
-        console.debug(`Ignored operation:NullManagedVault.set: ${keyId} = ${value}`);
-    }
-
-    @SecureConnector.AccessControl
-    protected async delete(acRequest: AccessRequest, keyId: string) {
-        console.debug(`Ignored operation:NullManagedVault.delete: ${keyId}`);
-    }
-
-    @SecureConnector.AccessControl
-    protected async exists(acRequest: AccessRequest, keyId: string) {
-        console.debug(`Ignored operation:NullManagedVault.exists: ${keyId}`);
-        return false;
-    }
-
-    public async getResourceACL(resourceId: string, candidate: IAccessCandidate) {
-        const accountConnector = ConnectorService.getAccountConnector();
-        const teamId = await accountConnector.getCandidateTeam(candidate);
-
-        const acl = new ACL();
-
-        //give just read access by default
-        //Cannot write to null vault
-        acl.addAccess(candidate.role, candidate.id, TAccessLevel.Read);
-
-        return acl;
-    }
-}
+import { ConnectorService } from '@sre/Core/ConnectorsService';
+import { Logger } from '@sre/helpers/Log.helper';
+//import { SmythRuntime } from '@sre/Core/SmythRuntime.class';
+import { AccessRequest } from '@sre/Security/AccessControl/AccessRequest.class';
+import { ACL } from '@sre/Security/AccessControl/ACL.class';
+import { SecureConnector } from '@sre/Security/SecureConnector.class';
+import { IAccessCandidate, TAccessLevel } from '@sre/types/ACL.types';
+
+import { ManagedVaultConnector } from '../ManagedVaultConnector';
+
+const console = Logger('NullManagedVault');
+export class NullManagedVault extends ManagedVaultConnector {
+    public name: string = 'NullManagedVault';
+
+    constructor(protected _settings: any) {
+        super(_settings);
+    }
+
+    @SecureConnector.AccessControl
+    protected async get(acRequest: AccessRequest, keyId: string) {
+        console.debug(`Ignored operation:NullManagedVault.get: ${keyId}`);
+        return undefined;
+    }
+
+    @SecureConnector.AccessControl
+    protected async set(acRequest: AccessRequest, keyId: string, value: string) {
+        console.debug(`Ignored operation:NullManagedVault.set: ${keyId} = ${value}`);
+    }
+
+    @SecureConnector.AccessControl
+    protected async delete(acRequest: AccessRequest, keyId: string) {
+        console.debug(`Ignored operation:NullManagedVault.delete: ${keyId}`);
+    }
+
+    @SecureConnector.AccessControl
+    protected async exists(acRequest: AccessRequest, keyId: string) {
+        console.debug(`Ignored operation:NullManagedVault.exists: ${keyId}`);
+        return false;
+    }
+
+    public async getResourceACL(resourceId: string, candidate: IAccessCandidate) {
+        const accountConnector = ConnectorService.getAccountConnector();
+        const teamId = await accountConnector.getCandidateTeam(candidate);
+
+        const acl = new ACL();
+
+        //give just read access by default
+        //Cannot write to null vault
+        acl.addAccess(candidate.role, candidate.id, TAccessLevel.Read);
+
+        return acl;
+    }
+}

package/src/subsystems/Security/ManagedVault.service/connectors/SecretManagerManagedVault.ts

@@ -1,154 +1,154 @@
-import { ConnectorService } from '@sre/Core/ConnectorsService';
-import { Logger } from '@sre/helpers/Log.helper';
-//import { SmythRuntime } from '@sre/Core/SmythRuntime.class';
-import { AccessRequest } from '@sre/Security/AccessControl/AccessRequest.class';
-import { ACL } from '@sre/Security/AccessControl/ACL.class';
-import { SecureConnector } from '@sre/Security/SecureConnector.class';
-import { IAccessCandidate, TAccessLevel, TAccessRole } from '@sre/types/ACL.types';
-
-import {
-    CreateSecretCommand,
-    DeleteSecretCommand,
-    GetSecretValueCommand,
-    GetSecretValueCommandOutput,
-    ListSecretsCommand,
-    ListSecretsCommandOutput,
-    PutSecretValueCommand,
-    SecretsManagerClient,
-} from '@aws-sdk/client-secrets-manager';
-import { randomUUID } from 'crypto';
-import { ManagedVaultConnector } from '../ManagedVaultConnector';
-import { SecretsManagerConfig } from '../../Vault.service/connectors/SecretsManager.class';
-
-const console = Logger('SecretManagerManagedVault');
-
-export class SecretManagerManagedVault extends ManagedVaultConnector {
-    public name: string = 'SecretManagerManagedVault';
-    public scope: string = 'smyth-managed-vault';
-    private secretsManager: SecretsManagerClient;
-
-    constructor(protected _settings: SecretsManagerConfig & { vaultName: string }) {
-        super(_settings);
-        //if (!SmythRuntime.Instance) throw new Error('SRE not initialized');
-
-        this.secretsManager = new SecretsManagerClient({
-            region: _settings.region,
-            ...(_settings.awsAccessKeyId && _settings.awsSecretAccessKey
-                ? {
-                      accessKeyId: _settings.awsAccessKeyId,
-                      secretAccessKey: _settings.awsSecretAccessKey,
-                  }
-                : {}),
-        });
-    }
-
-    @SecureConnector.AccessControl
-    protected async get(acRequest: AccessRequest, secretName: string) {
-        const secret = await this.getSecretByName(secretName);
-        return secret?.SecretString;
-    }
-
-    @SecureConnector.AccessControl
-    protected async set(acRequest: AccessRequest, secretName: string, value: string) {
-        const secret = await this.getSecretByName(secretName);
-        if (secret) {
-            await this.secretsManager.send(new PutSecretValueCommand({ SecretId: secret.ARN, SecretString: value }));
-        } else {
-            await this.secretsManager.send(
-                new CreateSecretCommand({
-                    Name: `smyth/${randomUUID()}`,
-                    SecretString: JSON.stringify({ [secretName]: value }),
-                    Tags: [{ Key: this.scope, Value: 'true' }],
-                })
-            );
-        }
-    }
-
-    @SecureConnector.AccessControl
-    protected async delete(acRequest: AccessRequest, secretName: string) {
-        const secret = await this.getSecretByName(secretName);
-        if (secret) {
-            await this.secretsManager.send(new DeleteSecretCommand({ SecretId: secret.ARN }));
-        }
-    }
-
-    @SecureConnector.AccessControl
-    protected async exists(acRequest: AccessRequest, secretName: string) {
-        const secret = await this.get(acRequest, secretName);
-        return !!secret;
-    }
-
-    public async getResourceACL(resourceId: string, candidate: IAccessCandidate) {
-        const accountConnector = ConnectorService.getAccountConnector();
-        const teamId = await accountConnector.getCandidateTeam(candidate);
-
-        const acl = new ACL();
-
-        acl.addAccess(TAccessRole.Team, teamId, TAccessLevel.Owner)
-            .addAccess(TAccessRole.Team, teamId, TAccessLevel.Read)
-            .addAccess(TAccessRole.Team, teamId, TAccessLevel.Write);
-
-        return acl;
-    }
-
-    private async getSecretByName(secretName: string) {
-        try {
-            const secrets = [];
-            let nextToken: string | undefined;
-            do {
-                const listResponse: ListSecretsCommandOutput = await this.secretsManager.send(
-                    new ListSecretsCommand({ NextToken: nextToken, Filters: [{ Key: 'tag-key', Values: [this.scope] }] })
-                );
-                if (listResponse.SecretList) {
-                    for (const secret of listResponse.SecretList) {
-                        if (secret.Name) {
-                            secrets.push({
-                                ARN: secret.ARN,
-                                Name: secret.Name,
-                                CreatedDate: secret.CreatedDate,
-                            });
-                        }
-                    }
-                }
-                nextToken = listResponse.NextToken;
-            } while (nextToken);
-
-            const formattedSecrets = [];
-            const $promises = [];
-            for (const secret of secrets) {
-                $promises.push(getSpecificSecret(secret, this.secretsManager));
-            }
-            const results = await Promise.all($promises);
-            for (const result of results) {
-                formattedSecrets.push(result);
-            }
-            const secret = formattedSecrets.find((s) => s.Name === secretName);
-            return secret;
-        } catch (error) {
-            console.error(error);
-        }
-
-        async function getSpecificSecret(secret, secretsManager: SecretsManagerClient) {
-            const data: GetSecretValueCommandOutput = await secretsManager.send(new GetSecretValueCommand({ SecretId: secret.ARN }));
-            let secretString = data.SecretString;
-            let secretName = secret.Name;
-
-            if (secretString) {
-                try {
-                    let parsedSecret = JSON.parse(secretString);
-                    if (Object.keys(parsedSecret).length === 1) {
-                        secretName = Object.keys(parsedSecret)[0];
-                        secretString = parsedSecret[secretName];
-                    }
-                } catch (error) {}
-            }
-            return {
-                Name: secretName,
-                ARN: secret.ARN,
-                CreatedDate: secret.CreatedDate,
-                SecretId: secret.Name,
-                SecretString: secretString,
-            };
-        }
-    }
-}
+import { ConnectorService } from '@sre/Core/ConnectorsService';
+import { Logger } from '@sre/helpers/Log.helper';
+//import { SmythRuntime } from '@sre/Core/SmythRuntime.class';
+import { AccessRequest } from '@sre/Security/AccessControl/AccessRequest.class';
+import { ACL } from '@sre/Security/AccessControl/ACL.class';
+import { SecureConnector } from '@sre/Security/SecureConnector.class';
+import { IAccessCandidate, TAccessLevel, TAccessRole } from '@sre/types/ACL.types';
+
+import {
+    CreateSecretCommand,
+    DeleteSecretCommand,
+    GetSecretValueCommand,
+    GetSecretValueCommandOutput,
+    ListSecretsCommand,
+    ListSecretsCommandOutput,
+    PutSecretValueCommand,
+    SecretsManagerClient,
+} from '@aws-sdk/client-secrets-manager';
+import { randomUUID } from 'crypto';
+import { ManagedVaultConnector } from '../ManagedVaultConnector';
+import { SecretsManagerConfig } from '../../Vault.service/connectors/SecretsManager.class';
+
+const console = Logger('SecretManagerManagedVault');
+
+export class SecretManagerManagedVault extends ManagedVaultConnector {
+    public name: string = 'SecretManagerManagedVault';
+    public scope: string = 'smyth-managed-vault';
+    private secretsManager: SecretsManagerClient;
+
+    constructor(protected _settings: SecretsManagerConfig & { vaultName: string }) {
+        super(_settings);
+        //if (!SmythRuntime.Instance) throw new Error('SRE not initialized');
+
+        this.secretsManager = new SecretsManagerClient({
+            region: _settings.region,
+            ...(_settings.awsAccessKeyId && _settings.awsSecretAccessKey
+                ? {
+                      accessKeyId: _settings.awsAccessKeyId,
+                      secretAccessKey: _settings.awsSecretAccessKey,
+                  }
+                : {}),
+        });
+    }
+
+    @SecureConnector.AccessControl
+    protected async get(acRequest: AccessRequest, secretName: string) {
+        const secret = await this.getSecretByName(secretName);
+        return secret?.SecretString;
+    }
+
+    @SecureConnector.AccessControl
+    protected async set(acRequest: AccessRequest, secretName: string, value: string) {
+        const secret = await this.getSecretByName(secretName);
+        if (secret) {
+            await this.secretsManager.send(new PutSecretValueCommand({ SecretId: secret.ARN, SecretString: value }));
+        } else {
+            await this.secretsManager.send(
+                new CreateSecretCommand({
+                    Name: `smyth/${randomUUID()}`,
+                    SecretString: JSON.stringify({ [secretName]: value }),
+                    Tags: [{ Key: this.scope, Value: 'true' }],
+                })
+            );
+        }
+    }
+
+    @SecureConnector.AccessControl
+    protected async delete(acRequest: AccessRequest, secretName: string) {
+        const secret = await this.getSecretByName(secretName);
+        if (secret) {
+            await this.secretsManager.send(new DeleteSecretCommand({ SecretId: secret.ARN }));
+        }
+    }
+
+    @SecureConnector.AccessControl
+    protected async exists(acRequest: AccessRequest, secretName: string) {
+        const secret = await this.get(acRequest, secretName);
+        return !!secret;
+    }
+
+    public async getResourceACL(resourceId: string, candidate: IAccessCandidate) {
+        const accountConnector = ConnectorService.getAccountConnector();
+        const teamId = await accountConnector.getCandidateTeam(candidate);
+
+        const acl = new ACL();
+
+        acl.addAccess(TAccessRole.Team, teamId, TAccessLevel.Owner)
+            .addAccess(TAccessRole.Team, teamId, TAccessLevel.Read)
+            .addAccess(TAccessRole.Team, teamId, TAccessLevel.Write);
+
+        return acl;
+    }
+
+    private async getSecretByName(secretName: string) {
+        try {
+            const secrets = [];
+            let nextToken: string | undefined;
+            do {
+                const listResponse: ListSecretsCommandOutput = await this.secretsManager.send(
+                    new ListSecretsCommand({ NextToken: nextToken, Filters: [{ Key: 'tag-key', Values: [this.scope] }] })
+                );
+                if (listResponse.SecretList) {
+                    for (const secret of listResponse.SecretList) {
+                        if (secret.Name) {
+                            secrets.push({
+                                ARN: secret.ARN,
+                                Name: secret.Name,
+                                CreatedDate: secret.CreatedDate,
+                            });
+                        }
+                    }
+                }
+                nextToken = listResponse.NextToken;
+            } while (nextToken);
+
+            const formattedSecrets = [];
+            const $promises = [];
+            for (const secret of secrets) {
+                $promises.push(getSpecificSecret(secret, this.secretsManager));
+            }
+            const results = await Promise.all($promises);
+            for (const result of results) {
+                formattedSecrets.push(result);
+            }
+            const secret = formattedSecrets.find((s) => s.Name === secretName);
+            return secret;
+        } catch (error) {
+            console.error(error);
+        }
+
+        async function getSpecificSecret(secret, secretsManager: SecretsManagerClient) {
+            const data: GetSecretValueCommandOutput = await secretsManager.send(new GetSecretValueCommand({ SecretId: secret.ARN }));
+            let secretString = data.SecretString;
+            let secretName = secret.Name;
+
+            if (secretString) {
+                try {
+                    let parsedSecret = JSON.parse(secretString);
+                    if (Object.keys(parsedSecret).length === 1) {
+                        secretName = Object.keys(parsedSecret)[0];
+                        secretString = parsedSecret[secretName];
+                    }
+                } catch (error) {}
+            }
+            return {
+                Name: secretName,
+                ARN: secret.ARN,
+                CreatedDate: secret.CreatedDate,
+                SecretId: secret.Name,
+                SecretString: secretString,
+            };
+        }
+    }
+}

package/src/subsystems/Security/ManagedVault.service/index.ts

@@ -1,12 +1,12 @@
-import { ConnectorService, ConnectorServiceProvider } from '@sre/Core/ConnectorsService';
-import { TConnectorService } from '@sre/types/SRE.types';
-
-import { SecretManagerManagedVault } from './connectors/SecretManagerManagedVault';
-import { NullManagedVault } from './connectors/NullManagedVault.class';
-
-export class ManagedVaultService extends ConnectorServiceProvider {
-    public register() {
-        ConnectorService.register(TConnectorService.ManagedVault, 'SecretManagerManagedVault', SecretManagerManagedVault);
-        ConnectorService.register(TConnectorService.ManagedVault, 'NullManagedVault', NullManagedVault);
-    }
-}
+import { ConnectorService, ConnectorServiceProvider } from '@sre/Core/ConnectorsService';
+import { TConnectorService } from '@sre/types/SRE.types';
+
+import { SecretManagerManagedVault } from './connectors/SecretManagerManagedVault';
+import { NullManagedVault } from './connectors/NullManagedVault.class';
+
+export class ManagedVaultService extends ConnectorServiceProvider {
+    public register() {
+        ConnectorService.register(TConnectorService.ManagedVault, 'SecretManagerManagedVault', SecretManagerManagedVault);
+        ConnectorService.register(TConnectorService.ManagedVault, 'NullManagedVault', NullManagedVault);
+    }
+}