@wavo-cloud/aws-secrets-manager-helper 0.1.9 → 0.1.12

package/.circleci/config.yml

@@ -1,7 +1,7 @@
-confiversion: 2
+version: 2.1
+orbs:
+  codecov: codecov/codecov@1.1.3
 jobs:
-
-
   test:
     docker:
       - image: circleci/node:12.13
@@ -10,12 +10,22 @@ jobs:
       - checkout
       - setup_remote_docker
 
+      - run:
+          name: Adding NPM credentials
+          command: |
+            if [ ! -z "${WAVO_CLOUD_READ_NPM_TOKEN}" ]; then
+              echo "//registry.npmjs.org/:_authToken=$WAVO_CLOUD_READ_NPM_TOKEN" > ~/.npmrc
+            else
+              echo "Error: WAVO_CLOUD_READ_NPM_TOKEN not found."
+              false
+            fi
+
       # Download and cache dependencies
       - restore_cache: &restore_cache
           keys:
-          - v1-dependencies-{{ checksum "package.json" }}
-          # fallback to using the latest cache if no exact match is found
-          - v1-dependencies-
+            - v1-dependencies-{{ checksum "package.json" }}
+            # fallback to using the latest cache if no exact match is found
+            - v1-dependencies-
 
       - run: yarn install
 
@@ -23,7 +33,7 @@ jobs:
           paths:
             - node_modules
           key: v1-dependencies-{{ checksum "package.json" }}
-        
+
       # run tests!
       - run:
           name: Run tests (if possible)
@@ -31,6 +41,9 @@ jobs:
             if ./node_modules/@wavo-cloud/generator-microservice/shared/util/test-checks.sh; then
               yarn ci-test
             fi
+      - codecov/upload:
+          file: '/home/circleci/project/coverage/coverage-final.json'
+          token: 91eab9ce-01c7-4429-b973-470e75b73de7
 
   module-push:
     docker:
@@ -38,7 +51,7 @@ jobs:
 
     steps:
       - checkout
-      
+
       - restore_cache: *restore_cache
 
       - run:
@@ -52,18 +65,17 @@ jobs:
               echo "WAVO_CLOUD_WRITE_NPM_TOKEN not found. Skipping generator module push."
             fi
 
-
 workflows:
   version: 2
   test-and-deploy:
     jobs:
-    - test:
+      - test:
           context: org-global
-    - module-push:
+      - module-push:
           context: org-global
           requires:
             - test
-          
+
           filters:
             branches:
               only: master

package/CODEOWNERS

@@ -0,0 +1 @@
+* @Wavo/wavo-cloud-core 

package/Dockerfile

@@ -5,7 +5,8 @@ RUN mkdir -p /usr/local/src/cloud-app
 WORKDIR /usr/local/src/cloud-app
 
 # Add .npmrc, package.json & yarn.lock
-COPY .npmrc /usr/local/src/cloud-app/.npmrc
+ARG WAVO_CLOUD_READ_NPM_TOKEN
+RUN echo "//registry.npmjs.org/:_authToken=$WAVO_CLOUD_READ_NPM_TOKEN" > ~/.npmrc
 COPY package.json yarn.lock /usr/local/src/cloud-app/
 
 # Install modules with yarn

package/README.md

@@ -1,3 +1,6 @@
+[![CircleCI](https://circleci.com/gh/Wavo/wavo-cloud.aws-secrets-manager-helper.svg?style=svg&circle-token=96efda30ada01190ff50d3461793d0500ea88dab)](https://circleci.com/gh/Wavo/wavo-cloud.aws-secrets-manager-helper)
+[![codecov](https://codecov.io/gh/Wavo/wavo-cloud.aws-secrets-manager-helper/branch/master/graph/badge.svg?token=JXYSD5035D)](https://codecov.io/gh/Wavo/wavo-cloud.aws-secrets-manager-helper)
+
 # wavo-cloud.aws-secrets-manager-helper
 
 > Wavo Cloud Infallible AWS Secrets Manager Helper
@@ -24,14 +27,15 @@ To get all client secrets call `getAllClientSecrets()`
 ## Important Commands
 
 ### Building the Dockerfile image
-    $ yarn image-build
 
+    $ yarn image-build
 
 ### Prettify the Source
-    $ yarn prettify
 
+    $ yarn prettify
 
 ### Start the Microservice
+
 When using this option, node is passed the `--inspect` flag so you can inspect your code with the debugger of your choice. If your microservice is a worker or if you need it to block and wait for the debugger to connect use the "debug mode" instead.
 
     $ yarn start
@@ -40,10 +44,9 @@ Dockerized version (using `docker-compose`):
 
     $ yarn docker-start
 
-
 ### Start the Microservice in Debug Mode
 
-Important: when you run the microservice in debug mode, it is going to be started with node's `--inspect-brk` flag. 
+Important: when you run the microservice in debug mode, it is going to be started with node's `--inspect-brk` flag.
 **This implies that the microservice will block and wait for a debugger to connect to port 5858 and resume code execution.**
 
     $ yarn debug
@@ -52,14 +55,13 @@ Dockerized version (using `docker-compose`):
 
     $ yarn docker-debug
 
-    
 ### Running the Tests
 
-Important: when you run the microservice in debug mode, it is going to be started with node's `--inspect-brk` flag. 
+Important: when you run the microservice in debug mode, it is going to be started with node's `--inspect-brk` flag.
 **This implies that the microservice will block and wait for a debugger to connect to port 5858 and resume code execution.**
 
     $ yarn test
-    
+
 Dockerized version (using `docker-compose`):
 
     $ yarn docker-test

package/app/utils/awsSecretsManager.js

@@ -161,7 +161,7 @@ async function getAllClientSecrets(
  * @param {String} secretDescription - The description of the secret
  * @param {String} secretValue - The JSON string secret value
  */
-async function createSecret(secretName, secretDescription, secretValue) {
+async function createSecret(secretName, secretDescription, secretValue, tags) {
   let promiseError
   if (typeof secretValue !== 'string')
     throw new Error('Secret value must be a JSON string.')
@@ -175,6 +175,7 @@ async function createSecret(secretName, secretDescription, secretValue) {
       Name: secretName,
       Description: secretDescription,
       SecretString: secretValue,
+      Tags: tags,
     })
     .promise()
     .catch(error => {
@@ -208,6 +209,50 @@ async function editSecret(secretName, secretValue) {
   else return data
 }
 
+/**
+ * Removes a set of tags from a secret
+ * @param {String} secretName - The friendly name of the secret
+ * @param {Object} tagNames - An array of strings representing tags to remove
+ */
+async function removeTags(secretName, tagNames) {
+  let promiseError
+  const data = await client
+    .untagResource({
+      SecretId: secretName,
+      TagKeys: tagNames,
+    })
+    .promise()
+    .catch(error => {
+      promiseError = error
+    })
+
+  if (promiseError) handleAWSPromiseError(promiseError)
+  else return data
+}
+
+/**
+ * Appends a set of tags to a secret
+ * @param {String} secretName - The friendly name of the secret
+ * @param {Object} tags - An array of objects representing tags to add
+ * Object structure:
+ * { Key: 'key', Value: 'value' }
+ */
+async function appendTags(secretName, tags) {
+  let promiseError
+  const data = await client
+    .tagResource({
+      SecretId: secretName,
+      Tags: tags,
+    })
+    .promise()
+    .catch(error => {
+      promiseError = error
+    })
+
+  if (promiseError) handleAWSPromiseError(promiseError)
+  else return data
+}
+
 /**
  * Adds a client to the client list and does data validation
  * @param {String} clientId - The ID of the client
@@ -216,14 +261,16 @@ async function editSecret(secretName, secretValue) {
  * @param {String} region - The sub location of the organization's data in S3
  * @param {Object} keyValuePairs - The secret to store for the client
  */
-async function createClient(
+async function createClient({
   clientId,
   clientName,
   organization,
   region,
   keyValuePairs,
-  clientIdsSecretIdOverride = null
-) {
+  clientIdsSecretIdOverride = null,
+  isSelfServe = false,
+  isActiveOrganization = false,
+}) {
   if (!clientId || !clientName || !organization || !region)
     throw new Error('Client ID, name, organization, and region are required.')
   const regex = new RegExp('^[a-z0-9-_]*$')
@@ -247,7 +294,17 @@ async function createClient(
       organization,
       region,
       ...keyValuePairs,
-    })
+    }),
+    [
+      {
+        Key: 'self_serve',
+        Value: isSelfServe.toString(),
+      },
+      {
+        Key: 'is_active_organization',
+        Value: isActiveOrganization.toString(),
+      },
+    ]
   )
   // add to client list
   const editClientListResults = await editSecret(
@@ -269,14 +326,14 @@ async function createClient(
  * @param {String} region - The sub location of the organization's data in S3
  * @param {Object} keyValuePairs - The secret to store for the client
  */
-async function setClient(
+async function setClient({
   clientId,
   clientName,
   organization,
   region,
   keyValuePairs,
-  clientIdsSecretIdOverride = null
-) {
+  clientIdsSecretIdOverride = null,
+}) {
   if (!clientId || !clientName || !organization || !region)
     throw new Error('Client ID, name, organization, and region are required.')
   const regex = new RegExp('^[a-z0-9-_]*$')
@@ -315,12 +372,12 @@ async function setClient(
  * @param {Object} keyValuePairsToAdd
  * @param {Array} keysToDelete
  */
-async function editClient(
+async function editClient({
   clientId,
   keyValuePairsToAdd,
   keysToDelete,
-  clientIdsSecretIdOverride
-) {
+  clientIdsSecretIdOverride,
+}) {
   if (!clientId) throw new Error('Client ID is required.')
   if (
     keysToDelete.some(key =>
@@ -357,6 +414,28 @@ async function editClient(
   return { editClientResults }
 }
 
+async function setClientActiveStatus({
+  clientId,
+  newActiveStatus,
+  clientIdsSecretIdOverride,
+}) {
+  if (!clientId) throw new Error('Client ID is required.')
+  if (newActiveStatus === null || newActiveStatus === undefined)
+    throw new Error('New active status is required.')
+  if (typeof newActiveStatus !== 'boolean')
+    throw new Error('New active status must be a boolean')
+  // get client secret location
+  const currentClientList = await getClientSecretIds(clientIdsSecretIdOverride)
+  const clientSecretId = currentClientList[clientId]
+  await removeTags(clientSecretId, ['is_active_organization'])
+  await appendTags(clientSecretId, [
+    {
+      Key: 'is_active_organization',
+      Value: newActiveStatus.toString(),
+    },
+  ])
+}
+
 module.exports = {
   getClientSecretIds,
   getClientSecret,
@@ -366,4 +445,5 @@ module.exports = {
   createClient,
   setClient,
   editClient,
+  setClientActiveStatus,
 }

package/codecov.yml

@@ -0,0 +1,6 @@
+comment:
+  layout: "reach, diff"
+  behavior: default
+  require_changes: true  # if true: only post the comment if coverage changes
+github_checks:
+  annotations: false

package/docker-compose.test.yml

@@ -2,7 +2,10 @@ version: "3.3"
 
 services:
   app:
-    build: .
+    build:
+      context: .
+      args:
+        WAVO_CLOUD_READ_NPM_TOKEN: ${WAVO_CLOUD_READ_NPM_TOKEN}
     ports:
       - "3000:3000"
     entrypoint: yarn test

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wavo-cloud/aws-secrets-manager-helper",
-  "version": "0.1.9",
+  "version": "0.1.12",
   "description": "Wavo Cloud Infallible AWS Secrets Manager Helper",
   "license": "UNLICENSED",
   "repository": {
@@ -17,15 +17,15 @@
     "image-push": "./node_modules/@wavo-cloud/generator-microservice/shared/util/image-push.sh",
     "k8s-deploy": "./node_modules/@wavo-cloud/generator-microservice/shared/util/k8s-deploy.sh",
     "prettier": "node ./node_modules/prettier/bin-prettier.js --write --single-quote --print-width 120 --no-semi '**/*.js'",
-    "test": "NODE_ENV=${NODE_ENV-test} node ./node_modules/mocha/bin/mocha --recursive --require mock-local-storage",
+    "test": "NODE_ENV=${NODE_ENV-test} node ./node_modules/nyc/bin/nyc --reporter=json ./node_modules/mocha/bin/mocha --recursive --require mock-local-storage",
     "docker-dev-up": "docker-compose -f ./docker-compose.dev.yml up",
     "docker-dev-down": "docker-compose -f ./docker-compose.dev.yml down",
     "docker-test": "docker-compose -f ./docker-compose.test.yml down; docker-compose -f ./docker-compose.test.yml build && docker-compose -f ./docker-compose.test.yml run --rm app; R=$?; docker-compose -f ./docker-compose.test.yml down; [ $R -eq 0 ]",
-    "ci-test": "yarn docker-test"
+    "ci-test": "yarn test"
   },
   "devDependencies": {
     "@wavo-cloud/eslint-config": "^0.0.9",
-    "@wavo-cloud/generator-microservice": "^2.5.0",
+    "@wavo-cloud/generator-microservice": "^6.0.0",
     "chai": "^4.2.0",
     "eslint": "^7.6.0",
     "eslint-config-prettier": "^3.1.0",
@@ -35,7 +35,8 @@
   },
   "dependencies": {
     "aws-sdk": "^2.713.0",
-    "lodash": "^4.17.19"
+    "lodash": "^4.17.19",
+    "nyc": "^15.1.0"
   },
   "bugs": {
     "url": "https://github.com/Wavo/wavo-cloud.aws-secrets-manager-helper/issues"

package/pull_request_template.md

@@ -0,0 +1,11 @@
+## JIRA Ticket
+
+## Description of change / fix
+
+_Did you update the wiki/\*.md files for your change?_
+
+## How to test (optional)
+
+## Screenshots (optional)
+
+## Migration Guide (optional)

package/test/aws.test.js

@@ -3,16 +3,39 @@ const {
   getAllClientSecrets,
   getClientSecretIds,
   getSecretValue,
+  getSecretTags,
   createClient,
   setClient,
   editClient,
+  setClientActiveStatus,
 } = require('../app/utils/awsSecretsManager')
 const { deleteClient } = require('../app/utils/awsSecretsManagerDeleteHelper')
 const expect = require('chai').expect
 
 const clientIdsSecretId = 'wavo/self_serve/client_list_test'
 
+/**
+ * In this test file, we sleep between calls
+ * This is because I presume that AWS is returning early optimistic API responses,
+ * and doing additional work behind our backs.
+ * 
+ * Reasoning: if you run `yarn test; yarn test;` back to back tests, you will see
+ * an error from AWS complaining that we're running calls against a deleted resource.
+ * This implies that even after we get the "delete successful" response from AWS, they're
+ * still in the process of deleting the resource.
+ * 
+ * Since we sleep for 2 seconds, I set the test timeouts to be 4s.
+ */
+function sleep(ms) {
+  return new Promise(resolve => setTimeout(resolve, ms));
+}
+
 describe('Test Secrets Manager Helper', async () => {
+  const randomString = Math.random().toString(36).substring(7);
+  const clientId = 'test_client_id_' + randomString
+  const organization = 'test_organization_' + randomString
+  const newOrganization = organization + '_new'
+
   /**
    * This function call tests all of the helper functions
    */
@@ -22,76 +45,104 @@ describe('Test Secrets Manager Helper', async () => {
     expect(clientSecrets.length).to.be.above(0)
     expect(clientSecrets[0].clientId).to.not.be.null
     expect(clientSecrets[0].secretId).to.not.be.null
-  })
+    await sleep(2000)
+  }).timeout(4000)
 
   it('should create a new client', async () => {
-    const createClientResult = await createClient(
-      'test_client_id',
-      'test_client_name',
-      'test_organization',
-      'test_region',
-      { test_secret_key: 'test_secret_value' },
-      clientIdsSecretId
-    )
+    const createClientResult = await createClient({
+      clientId,
+      clientName: 'test_client_name',
+      organization,
+      region: 'test_region',
+      keyValuePairs: { test_secret_key: 'test_secret_value' },
+      clientIdsSecretIdOverride: clientIdsSecretId,
+      isSelfServe: true,
+      isActiveOrganization: true,
+    })
     expect(createClientResult.createSecretResults.Name).to.equal(
-      'test_organization/ad_platforms/api'
+      `${organization}/ad_platforms/api`
     )
 
+    const newClientTags = await getSecretTags(`${organization}/ad_platforms/api`)
+    const isActiveOrganizationTag = newClientTags.find(
+      tag => tag.Key === 'is_active_organization'
+    )
+    expect(isActiveOrganizationTag.Value === 'true')
+
     const clientList = await getClientSecretIds(clientIdsSecretId)
-    expect(clientList['test_client_id']).to.equal(
-      'test_organization/ad_platforms/api'
+    expect(clientList[clientId]).to.equal(
+      `${organization}/ad_platforms/api`
     )
-  })
+    await sleep(2000)
+  }).timeout(4000)
 
-  it('should set a client', async () => {
-    await setClient(
-      'test_client_id',
-      'test_client_name_2',
-      'test_organization',
-      'test_region_new',
-      { test_secret_key_new: 'test_secret_value_new', to_delete: 'to_delete' },
-      clientIdsSecretId
+  it('should change the clients active status to false', async () => {
+    await setClientActiveStatus({
+      clientId,
+      newActiveStatus: false,
+      clientIdsSecretIdOverride: clientIdsSecretId,
+    })
+
+    const clientTags = await getSecretTags(`${organization}/ad_platforms/api`)
+    const isActiveOrganizationTag = clientTags.find(
+      tag => tag.Key === 'is_active_organization'
     )
+    expect(isActiveOrganizationTag.Value === 'falsey')
+
+    await sleep(2000)
+  }).timeout(4000)
+
+  it('should set a client', async () => {
+    await setClient({
+      clientId,
+      clientName: 'test_client_name_2',
+      organization,
+      region: 'test_region_new',
+      keyValuePairs: { test_secret_key_new: 'test_secret_value_new', to_delete: 'to_delete' },
+      clientIdsSecretIdOverride: clientIdsSecretId
+    })
 
     const testSecret = await getSecretValue(
-      'test_organization/ad_platforms/api'
+      `${organization}/ad_platforms/api`
     )
     expect(testSecret.client_name).to.equal('test_client_name_2')
-    expect(testSecret.organization).to.equal('test_organization')
+    expect(testSecret.organization).to.equal(organization)
     expect(testSecret.region).to.equal('test_region_new')
     expect(testSecret.test_secret_key).to.equal(undefined)
     expect(testSecret.test_secret_key_new).to.equal('test_secret_value_new')
     expect(testSecret.to_delete).to.equal('to_delete')
-  })
+    await sleep(2000)
+  }).timeout(4000)
 
   it('should edit, add, and delete a client key/value secret', async () => {
-    await editClient(
-      'test_client_id',
-      {
+    await editClient({
+      clientId,
+      keyValuePairsToAdd: {
         test_secret_key_new: 'edit',
         new_key: 'add',
-        organization: 'test_organization_new'
+        organization: newOrganization
       },
-      ['to_delete'],
-      clientIdsSecretId
-    )
+      keysToDelete: ['to_delete'],
+      clientIdsSecretIdOverride: clientIdsSecretId
+    })
 
     const testSecret = await getSecretValue(
-      'test_organization/ad_platforms/api'
+      `${organization}/ad_platforms/api`
     )
 
     expect(testSecret.client_name).to.equal('test_client_name_2')
-    expect(testSecret.organization).to.equal('test_organization_new')
+    expect(testSecret.organization).to.equal(newOrganization)
     expect(testSecret.region).to.equal('test_region_new')
     expect(testSecret.test_secret_key_new).to.equal('edit')
     expect(testSecret.new_key).to.equal('add')
     expect(testSecret.to_delete).to.equal(undefined)
-  })
+    await sleep(2000)
+  }).timeout(4000)
 
   it('should delete a client', async () => {
     //let clientList
     await deleteClient(
-      'test_client_id',
+      clientId,
       true,
       30,
       clientIdsSecretId,
@@ -101,11 +152,12 @@ describe('Test Secrets Manager Helper', async () => {
 
     try {
       await getSecretValue(
-        'test_organization/ad_platforms/api'
+        `${organization}/ad_platforms/api`
       )
-      expect.fail("'test_organization/ad_platforms/api' should not be a valid secret value")
+      expect.fail(`'${organization}/ad_platforms/api' should not be a valid secret value`)
     } catch (error) {
-      expect(clientList['test_client_id']).to.equal(undefined)
+      expect(clientList[clientId]).to.equal(undefined)
     }
-  })
+    await sleep(2000)
+  }).timeout(4000)
 })