@wavo-cloud/aws-secrets-manager-helper 0.1.7 → 0.1.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -7,6 +7,13 @@ const client = new AWS.SecretsManager({
|
|
|
7
7
|
region: secretsManagerRegion,
|
|
8
8
|
})
|
|
9
9
|
|
|
10
|
+
/**
|
|
11
|
+
* Right now, we have client lists that tell our systems where a clients secrets are
|
|
12
|
+
* We should be using tags (ie all production client lists have a tag saying its a production client
|
|
13
|
+
* or test client etc)
|
|
14
|
+
* These tags will also hold the organization name so that client secrets can still be found by name
|
|
15
|
+
*/
|
|
16
|
+
|
|
10
17
|
/**
|
|
11
18
|
* Attempts to parse secret
|
|
12
19
|
* @param {String} secretString - The stringified secret
|
|
@@ -70,6 +77,28 @@ async function getSecretValue(secretId) {
|
|
|
70
77
|
}
|
|
71
78
|
}
|
|
72
79
|
|
|
80
|
+
/**
|
|
81
|
+
* Gets secret tags from aws secrets manager
|
|
82
|
+
* Returns Array of tags
|
|
83
|
+
* @param {String} secretId - The ID of an existing secret
|
|
84
|
+
*/
|
|
85
|
+
async function getSecretTags(secretId) {
|
|
86
|
+
let promiseError
|
|
87
|
+
const data = await client
|
|
88
|
+
.describeSecret({ SecretId: secretId })
|
|
89
|
+
.promise()
|
|
90
|
+
.catch(error => {
|
|
91
|
+
promiseError = error
|
|
92
|
+
})
|
|
93
|
+
|
|
94
|
+
if (promiseError) {
|
|
95
|
+
handleAWSPromiseError(promiseError)
|
|
96
|
+
} else if ('Tags' in data) {
|
|
97
|
+
return data.Tags
|
|
98
|
+
}
|
|
99
|
+
return []
|
|
100
|
+
}
|
|
101
|
+
|
|
73
102
|
/**
|
|
74
103
|
* Gets the secret keying where client secrets are stored
|
|
75
104
|
* Returns JSON where JSON is the secret
|
|
@@ -92,20 +121,35 @@ async function getClientSecret(clientId, clientIdsSecretIdOverride = null) {
|
|
|
92
121
|
* Gets all client secrets holding their API keys
|
|
93
122
|
* Returns [{ clientId: String, secretId: String, ...secret }]
|
|
94
123
|
* Skips all that are missing a region or organization
|
|
124
|
+
* If activeOnly flag, it only returns active client secrets
|
|
125
|
+
* This is true by default
|
|
95
126
|
*/
|
|
96
|
-
async function getAllClientSecrets(
|
|
97
|
-
|
|
127
|
+
async function getAllClientSecrets(
|
|
128
|
+
clientIdsSecretIdOverride = null,
|
|
129
|
+
activeOnly = true
|
|
130
|
+
) {
|
|
131
|
+
const clientSecretIds = await getClientSecretIds(clientIdsSecretIdOverride)
|
|
98
132
|
if (!clientSecretIds) return []
|
|
99
133
|
const parsedClientSecrets = await Promise.all(
|
|
100
134
|
Object.keys(clientSecretIds).map(async clientId => {
|
|
101
135
|
const result = await getSecretValue(clientSecretIds[clientId])
|
|
102
136
|
result.id = clientId
|
|
103
137
|
result.secretId = clientSecretIds[clientId]
|
|
138
|
+
const tags = await getSecretTags(clientSecretIds[clientId])
|
|
139
|
+
const isActiveOrganizationTag = tags.find(
|
|
140
|
+
tag => tag.Key === 'is_active_organization'
|
|
141
|
+
) || { Value: 'false' }
|
|
142
|
+
result.isActiveOrganization = isActiveOrganizationTag.Value
|
|
104
143
|
return result
|
|
105
144
|
})
|
|
106
145
|
)
|
|
107
146
|
return parsedClientSecrets.filter(clientSecret => {
|
|
108
|
-
if (
|
|
147
|
+
if (
|
|
148
|
+
clientSecret.organization &&
|
|
149
|
+
clientSecret.region &&
|
|
150
|
+
!clientSecret.error &&
|
|
151
|
+
(!activeOnly || clientSecret.isActiveOrganization)
|
|
152
|
+
)
|
|
109
153
|
return true
|
|
110
154
|
return false
|
|
111
155
|
})
|
|
@@ -318,6 +362,7 @@ module.exports = {
|
|
|
318
362
|
getClientSecret,
|
|
319
363
|
getAllClientSecrets,
|
|
320
364
|
getSecretValue,
|
|
365
|
+
getSecretTags,
|
|
321
366
|
createClient,
|
|
322
367
|
setClient,
|
|
323
368
|
editClient,
|