@toa.io/extensions.configuration 1.0.1 → 1.1.0-dev.1

package/package.json

@@ -1,10 +1,10 @@
 {
   "name": "@toa.io/extensions.configuration",
-  "version": "1.0.1",
+  "version": "1.1.0-dev.1",
   "description": "Toa Configuration",
   "author": "temich <tema.gurtovoy@gmail.com>",
   "homepage": "https://github.com/toa-io/toa#readme",
-  "main": "src/index.js",
+  "main": "source/index.js",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/toa-io/toa.git"
@@ -16,11 +16,11 @@
     "access": "public"
   },
   "dependencies": {
-    "@toa.io/core": "1.0.1",
-    "@toa.io/generic": "0.10.0",
-    "@toa.io/schema": "0.7.5",
-    "@toa.io/yaml": "0.7.5",
+    "@toa.io/core": "1.1.0-dev.1",
+    "@toa.io/generic": "0.11.0-dev.1",
+    "@toa.io/schema": "0.7.6-dev.1",
+    "@toa.io/yaml": "0.7.6-dev.1",
     "clone-deep": "4.0.1"
   },
-  "gitHead": "25fdf15b413338d49b16ddefe17807e4e746f37e"
+  "gitHead": "ef65d2f42f13aac397c14f8c47eb026a191cda66"
 }

package/readme.md

@@ -30,15 +30,15 @@ function transition (input, entity, context) {
 # context.toa.yaml
 configuration:
   dummies.dummy:
-    foo: qux
-    foo@staging: quux # use deployment environment discriminator
-    baz: $BAZ_VALUE   # use secrets
+    foo: qux          # override default value defined by dummies.dummy
+    foo@staging: quux # deployment environment discriminator
+    baz: $BAZ_VALUE   # secret
 ```
 
 ### Deploy secrets
 
 ```shell
-$ toa conceal
+$ toa conceal configuration BAZ_VALUE '$ecr3t'
 ```
 
 ---
@@ -107,7 +107,7 @@ extensions:
         default: 'baz'
       bar:
         type: number
-    required: [ foo ]
+    required: [foo]
 ```
 
 ### Concise Declaration
@@ -140,7 +140,7 @@ extensions:
         type: number
         default: 1
     additionalProperties: false
-    required: [ foo, bar ]
+    required: [foo, bar]
 ```
 
 ## Context Configuration
@@ -170,11 +170,7 @@ by [`toa configure`](../../runtime/cli/readme.md#configure) command.
 
 ## Configuration Secrets
 
-> ![Important](https://img.shields.io/badge/Important-red)<br/>
-> Not implemented. [#132](https://github.com/toa-io/toa/issues/132)
-
-Context Configuration values which are uppercase strings prefixed with `$`
-considered as Secrets.
+Context Configuration values which are uppercase strings prefixed with `$` considered as Secrets.
 
 ### Example
 
@@ -185,6 +181,8 @@ configuration:
     api-key: $STRIPE_API_KEY
 ```
 
+Configuration values that are assigned with a reference to the Secret must be of type `string`.
+
 ### Secrets Deployment
 
 Secrets are not being deployed with context
@@ -192,6 +190,12 @@ deployment ([`toa deploy`](../../runtime/cli/readme.md#deploy)),
 thus must be deployed separately at least once for each deployment environment
 manually ([`toa conceal`](../../runtime/cli/readme.md#conceal)).
 
+Deployed kubernetes secret's name is predefined as `configuration`.
+
+```shell
+$ toa conceal configuration STRIPE_API_KEY xxxxxxxx
+```
+
 ## Operation Context
 
 Configuration Value is available as a well-known operation context extension `configuration`.

package/source/.deployment/index.js

@@ -0,0 +1,7 @@
+'use strict'
+
+const { variables } = require('./variables')
+const { secrets } = require('./secrets')
+
+exports.variables = variables
+exports.secrets = secrets

package/source/.deployment/secrets.js

@@ -0,0 +1,33 @@
+'use strict'
+
+const find = require('../secrets')
+
+/**
+ * @param {toa.norm.context.dependencies.Instance[]} components
+ * @param {object} annotations
+ * @return {toa.deployment.dependency.Variables}
+ */
+function secrets (components, annotations) {
+  /** @type {toa.deployment.dependency.Variables} */
+  const variables = {}
+
+  for (const [id, annotation] of Object.entries(annotations)) {
+    const component = components.find((component) => component.locator.id === id)
+    const label = component.locator.label
+
+    find.secrets(annotation, (variable, key) => {
+      if (variables[label] === undefined) variables[label] = []
+
+      variables[label].push({
+        name: variable,
+        secret: { name: SECRET_NAME, key }
+      })
+    })
+  }
+
+  return variables
+}
+
+const SECRET_NAME = 'toa-configuration'
+
+exports.secrets = secrets

package/{src/deployment.js → source/.deployment/variables.js}

@@ -3,9 +3,12 @@
 const { encode } = require('@toa.io/generic')
 
 /**
- * @type {toa.deployment.dependency.Constructor}
+ * @param {toa.norm.context.dependencies.Instance[]} components
+ * @param {object} annotations
+ * @return {toa.deployment.dependency.Variables}
  */
-const deployment = (components, annotations) => {
+function variables (components, annotations) {
+  /** @type {toa.deployment.dependency.Variables} */
   const variables = {}
 
   for (const [id, annotation] of Object.entries(annotations)) {
@@ -17,7 +20,7 @@ const deployment = (components, annotations) => {
     }]
   }
 
-  return { variables }
+  return variables
 }
 
-exports.deployment = deployment
+exports.variables = variables

package/{src → source}/.manifest/.normalize/verbose.js

@@ -21,7 +21,8 @@ const convert = (node) => {
 }
 
 function property (node) {
-  if (node === null) throw new Error('Configuration: cannot resolve type of null, use JSONSchema declaration.')
+  // if (node === null) throw new Error('Configuration: cannot resolve type of null, use JSONSchema declaration.')
+  if (node === null) return { type: 'null', default: null }
 
   const type = Array.isArray(node) ? 'array' : typeof node
 
@@ -36,11 +37,14 @@ const array = (array) => {
 
   const type = typeof array[0]
 
-  return {
+  const schema = {
     type: 'array',
-    items: { type },
     default: array
   }
+
+  if (array.length === 1) schema.items = array[0]
+
+  return schema
 }
 
 const SYM = Symbol()

package/{test/annotations.test.js → source/annotation.test.js}

@@ -4,7 +4,7 @@ const clone = require('clone-deep')
 const { generate } = require('randomstring')
 const { sample } = require('@toa.io/generic')
 
-const fixtures = require('./annotations.fixtures')
+const fixtures = require('./annotation.fixtures')
 const { annotation } = require('../')
 
 let input

package/source/deployment.js

@@ -0,0 +1,20 @@
+'use strict'
+
+const { merge } = require('@toa.io/generic')
+const get = require('./.deployment')
+
+/**
+ * @param {toa.norm.context.dependencies.Instance[]} components
+ * @param {object} annotations
+ * @return {toa.deployment.dependency.Declaration}
+ */
+const deployment = (components, annotations) => {
+  const variables = get.variables(components, annotations)
+  const secrets = get.secrets(components, annotations)
+
+  merge(variables, secrets)
+
+  return { variables }
+}
+
+exports.deployment = deployment

package/{test → source}/deployment.test.js

@@ -1,9 +1,11 @@
 'use strict'
 
-const { encode } = require('@toa.io/generic')
+const clone = require('clone-deep')
+const { encode, sample } = require('@toa.io/generic')
 
 const fixtures = require('./deployment.fixtures')
 const { deployment } = require('../')
+const { generate } = require('randomstring')
 
 /** @type {toa.deployment.dependency.Declaration} */
 let declaration
@@ -43,3 +45,26 @@ it('should map configurations', () => {
     expect(env.value).toStrictEqual(encoded)
   }
 })
+
+it('should declare secrets', async () => {
+  const annotations = clone(fixtures.annotations)
+  const component = sample(fixtures.components)
+  const id = component.locator.id
+  const key = generate()
+  const name = generate().substring(0, 16).toUpperCase()
+  const value = '$' + name
+
+  if (annotations[id] === undefined) annotations[id] = {}
+
+  annotations[id][key] = value
+
+  declaration = deployment(fixtures.components, annotations)
+
+  const variables = declaration.variables[component.locator.label]
+
+  expect(variables).toBeDefined()
+
+  const secret = variables.find((variable) => variable.name === 'TOA_CONFIGURATION__' + name)
+
+  expect(secret).toBeDefined()
+})

package/{test → source}/manifest.test.js

@@ -109,9 +109,6 @@ describe('normalization', () => {
       properties: {
         foo: {
           type: 'array',
-          items: {
-            type: 'number'
-          },
           default: [1, 2, 3]
         }
       }

package/{src → source}/provider.js

@@ -4,6 +4,8 @@ const clone = require('clone-deep')
 const { decode, encode, empty, overwrite } = require('@toa.io/generic')
 
 const { Connector } = require('@toa.io/core')
+
+const { secrets } = require('./secrets')
 const { form } = require('./.provider/form')
 
 /**
@@ -39,11 +41,7 @@ class Provider extends Connector {
   }
 
   async open () {
-    await this.#retrieve()
-  }
-
-  async #source () {
-    return this.#value
+    this.#retrieve()
   }
 
   set (key, value) {
@@ -77,7 +75,11 @@ class Provider extends Connector {
     return this.object === undefined ? undefined : encode(this.object)
   }
 
-  async #retrieve () {
+  #source () {
+    return this.#value
+  }
+
+  #retrieve () {
     const string = process.env[this.key]
     const object = string === undefined ? {} : decode(string)
 
@@ -85,18 +87,12 @@ class Provider extends Connector {
   }
 
   #set (object) {
-    this.#validate(object)
+    object = this.#reveal(object)
     this.#merge(object)
 
     this.object = empty(object) ? undefined : object
   }
 
-  #validate (object) {
-    const error = this.#schema.match(object)
-
-    if (error !== null) throw new TypeError(error.message)
-  }
-
   #merge (object) {
     object = clone(object)
 
@@ -104,9 +100,18 @@ class Provider extends Connector {
     const value = overwrite(form, object)
 
     this.#schema.validate(value)
-
     this.#value = value
   }
+
+  #reveal (object) {
+    return secrets(object, (variable) => {
+      if (!(variable in process.env)) throw new Error(`Configuration secret value ${variable} is not set`)
+
+      const base64 = process.env[variable]
+
+      return decode(base64)
+    })
+  }
 }
 
 const PREFIX = 'TOA_CONFIGURATION_'

package/source/provider.test.js

@@ -0,0 +1,89 @@
+'use strict'
+
+const { generate } = require('randomstring')
+const { encode } = require('@toa.io/generic')
+
+const { Provider } = require('./provider')
+
+it('should be', async () => {
+  expect(Provider).toBeInstanceOf(Function)
+})
+
+const locator = /** @type {toa.core.Locator} */ { uppercase: generate().toUpperCase() }
+const schema = /** @type {toa.schema.Schema} */ { validate: () => undefined }
+
+/** @type {Provider} */
+let provider
+
+beforeEach(() => {
+  cleanEnv()
+  provider = new Provider(locator, schema)
+})
+
+it('should replace secret values', async () => {
+  const configuration = { foo: '$FOO_SECRET' }
+  const secrets = { FOO_SECRET: generate() }
+
+  setEnv(configuration, secrets)
+
+  await provider.open()
+  const value = provider.source()
+
+  expect(value).toStrictEqual({ foo: secrets.FOO_SECRET })
+})
+
+it('should throw if secret value is not set', async () => {
+  const configuration = { foo: '$FOO_SECRET' }
+
+  setEnv(configuration)
+
+  await expect(provider.open()).rejects.toThrow('FOO_SECRET is not set')
+})
+
+it('should replace nested secrets', async () => {
+  const configuration = { foo: { bar: '$BAR' } }
+  const secrets = { BAR: generate() }
+
+  setEnv(configuration, secrets)
+
+  await provider.open()
+  const value = provider.source()
+
+  expect(value).toStrictEqual({ foo: { bar: secrets.BAR } })
+})
+
+const usedVariables = []
+
+/**
+ * @param {object} configuration
+ * @param {Record<string, string>} [secrets]
+ */
+function setEnv (configuration, secrets) {
+  const variable = PREFIX + locator.uppercase
+
+  setVal(variable, configuration)
+
+  if (secrets !== undefined) {
+    for (const [key, value] of Object.entries(secrets)) {
+      const variable = PREFIX + '_' + key
+
+      process.env[variable] = encode(value)
+      usedVariables.push(variable)
+    }
+  }
+}
+
+function setVal (variable, value) {
+  process.env[variable] = encode(value)
+  usedVariables.push(variable)
+}
+
+function cleanEnv () {
+  for (const variable of usedVariables) {
+    delete process.env[variable]
+  }
+
+  usedVariables.length = 0
+}
+
+const PREFIX = 'TOA_CONFIGURATION_'

package/source/secrets.js

@@ -0,0 +1,28 @@
+'use strict'
+
+const { map } = require('@toa.io/generic')
+
+/**
+ * @param {object} configuration
+ * @param {(variable: string, name?: string) => void} callback
+ * @returns {object}
+ */
+function secrets (configuration, callback) {
+  return map(configuration, (value) => {
+    if (typeof value !== 'string') return
+
+    const match = value.match(SECRET_RX)
+
+    if (match === null) return
+
+    const name = match.groups.variable
+    const variable = PREFIX + name
+
+    return callback(variable, name)
+  })
+}
+
+const PREFIX = 'TOA_CONFIGURATION__'
+const SECRET_RX = /^\$(?<variable>[A-Z0-9_]{1,32})$/
+
+exports.secrets = secrets

package/source/secrets.test.js

@@ -0,0 +1,47 @@
+'use strict'
+
+const { secrets } = require('./secrets')
+
+it('should be', async () => {
+  expect(secrets).toBeInstanceOf(Function)
+})
+
+it('should find secrets', async () => {
+  const configuration = {
+    foo: {
+      bar: '$BAR_VALUE'
+    },
+    baz: '$BAZ_VALUE'
+  }
+
+  const variables = new Set()
+  const names = new Set()
+
+  secrets(configuration, (variable, name) => {
+    variables.add(variable)
+    names.add(name)
+  })
+
+  expect(variables.has('TOA_CONFIGURATION__BAR_VALUE')).toStrictEqual(true)
+  expect(variables.has('TOA_CONFIGURATION__BAZ_VALUE')).toStrictEqual(true)
+
+  expect(names.has('BAR_VALUE')).toStrictEqual(true)
+  expect(names.has('BAZ_VALUE')).toStrictEqual(true)
+})
+
+it('should replace values', async () => {
+  const configuration = { foo: '$FOO' }
+
+  const output = secrets(configuration, (variable) => 'hello')
+
+  expect(output).toStrictEqual({ foo: 'hello' })
+})
+
+it('should allow numbers in secret names', async () => {
+  const configuration = { foo: '$HOST_0' }
+  const found = new Set()
+
+  secrets(configuration, (variable) => found.add(variable))
+
+  expect(found.has('TOA_CONFIGURATION__HOST_0')).toStrictEqual(true)
+})