ac-awssecrets 1.1.3

package/.acsemver.js

@@ -0,0 +1,9 @@
+module.exports = {
+  repository: {
+    url: 'https://github.com/mmpro/ac-awssecrets'
+  },
+  changelogFile: __dirname + '/CHANGELOG.md',
+  sections: [
+    {name: 'App' }
+  ],
+}

package/.eslintrc.js

@@ -0,0 +1,26 @@
+const config = {
+  'env': {
+    'commonjs': true,
+    'es6': true,
+    'node': true
+  },
+  'extends': 'eslint:recommended',
+  "rules": {
+    "space-before-function-paren": 0,
+    "no-extra-semi": 0,
+    "object-curly-spacing": ["error", "always"],
+    "brace-style": ["error", "stroustrup", { "allowSingleLine": true }],
+    "no-useless-escape": 0,
+    "standard/no-callback-literal": 0,
+    "new-cap": 0
+  },
+  globals: {
+    describe: true,
+    it: true
+  },
+  'parserOptions': {
+    'ecmaVersion': 2018
+},
+}
+
+module.exports = config

package/CHANGELOG.md

@@ -0,0 +1,68 @@
+<a name="1.1.3"></a>
+
+## [1.1.3](https://github.com/mmpro/ac-awssecrets/compare/v1.1.2..v1.1.3) (2021-09-22 11:13:39)
+
+
+### Bug Fix
+
+* **App:** Package updates | MP | [82f4a90c24c4c94279bf23621dd92805e01ca4d7](https://github.com/mmpro/ac-awssecrets/commit/82f4a90c24c4c94279bf23621dd92805e01ca4d7)    
+Package updates
+<a name="1.1.2"></a>
+
+## [1.1.2](https://github.com/mmpro/ac-awssecrets/compare/v1.1.1..v1.1.2) (2021-05-31 06:17:24)
+
+
+### Bug Fix
+
+* **App:** Package updates | MP | [466bc49d1d270b784cc35c0ab3e476b3fd6e3587](https://github.com/mmpro/ac-awssecrets/commit/466bc49d1d270b784cc35c0ab3e476b3fd6e3587)    
+Package updates
+<a name="1.1.1"></a>
+
+## [1.1.1](https://github.com/mmpro/ac-awssecrets/compare/v1.1.0..v1.1.1) (2020-03-29 14:10:49)
+
+
+### Bug Fix
+
+* **App:** Prepare repository for AC semantic release | MP | [f8f652bc09e1581e2ec35b3be6d51045bb905576](https://github.com/mmpro/ac-awssecrets/commit/f8f652bc09e1581e2ec35b3be6d51045bb905576)    
+Cleaned up repository and use ac-semantic-release
+### Chores
+
+* **Misc:** Updated packages | MP | [83244d834fd80f34fbaf450fdefcdfa5b78f91f2](https://github.com/mmpro/ac-awssecrets/commit/83244d834fd80f34fbaf450fdefcdfa5b78f91f2)    
+Updated packages
+<a name="1.1.0"></a>
+# [1.1.0](https://github.com/mmpro/ac-awssecrets/compare/v1.0.1...v1.1.0) (2020-02-16 18:42)
+
+
+### Features
+
+* **Misc:** The servers parameter now support more flexibility | mp ([01f0a798f543108ecef72771de5705764f7db82f](https://github.com/mmpro/ac-awssecrets/commit/01f0a798f543108ecef72771de5705764f7db82f))    
+  You can set custom identifiers for array of objects - see README
+
+
+
+<a name="1.0.1"></a>
+## [1.0.1](https://github.com/mmpro/ac-awssecrets/compare/v1.0.0...v1.0.1) (2019-07-24 19:43)
+
+
+### Bug Fixes
+
+* **Misc:** Force version bump | MP ([fbfb1ae](https://github.com/mmpro/ac-awssecrets/commit/fbfb1ae))    
+  Force version bump
+
+
+
+<a name="1.0.0"></a>
+# 1.0.0 (2019-07-24 19:42)
+
+
+### Bug Fixes
+
+* **Misc:** Package update | MP ([dbb4c23](https://github.com/mmpro/ac-awssecrets/commit/dbb4c23))    
+  Package update and some minor adjustments for corp-release/semver
+* **Misc:** Package update | MP ([8224bf7](https://github.com/mmpro/ac-awssecrets/commit/8224bf7))    
+  Package update and some minor adjustments for corp-release/semver
+* **Misc:** Package update | MP ([14e79bc](https://github.com/mmpro/ac-awssecrets/commit/14e79bc))    
+  Package update and some minor adjustments for corp-release/semver
+
+
+

package/Makefile

@@ -0,0 +1,16 @@
+MOCHA_OPTS= --slow 0 -A
+REPORTER = spec
+
+lint-fix:
+	./node_modules/.bin/eslint --fix index.js test/test.js
+
+lint-check:
+	./node_modules/.bin/eslint index.js test/test.js
+
+commit:
+	@node ./node_modules/ac-semantic-release/lib/commit.js
+
+release:
+	@node ./node_modules/ac-semantic-release/lib/release.js
+
+.PHONY: check

package/README.md

@@ -0,0 +1,104 @@
+# AC AWS Secrets
+Reads secrets from AWS secrets manager and adds them to the configuration of the embedding app.
+
+## Usage
+
+### Simple example
+Lets assume we have the following configuration and secret
+
+```
+let existingConfig = {
+  redis: {
+    host: 'localhost'
+  }
+}
+
+// Stored under name "redis.cacheServer" in AWS
+let secret = {
+  host: 'my-secret-server'
+}
+```
+
+The following setup will replace the existing configuration and redis.host will be "my-secret-server"
+```
+const secretParams = {
+  aws: {
+    accessKeyId: 'accessKeyId',
+    secretAccessKey: 'secretAccessKey',
+    region: 'eu-central-1'
+  },
+  secrets: [
+    { key: 'redis', name: 'redis.cacheServer', ignoreInTestMode: true }
+  ],
+  config: existingConfig,
+  environment: 'development'
+}
+
+awsSecrets.loadSecrets(secretParams, (err, result) => {
+  if (err) return cb(err)
+  _.forEach(result, (item) => {
+    console.log('Setting secret for', _.padEnd(_.get(item, 'key'), 25), '->', _.get(item, 'name'))
+  })
+  return cb()
+})
+```
+
+### Example with array of objects
+
+```
+let existingConfig = {
+  redis: {
+    databases: [
+      { db: 0, name: 'cache' },
+      { db: 1, name: 'auth' }
+    ]
+  }
+}
+
+// secret stored under "redis.cacheServer"
+let secret = {
+  host: 'my-secret-server'
+
+// secert storend under "redis.authServer"
+let secret = {
+  host: 'my-auth-server
+}
+
+// now use the function
+const secretParams = {
+  aws: {
+    accessKeyId: 'accessKeyId',
+    secretAccessKey: 'secretAccessKey',
+    region: 'eu-central-1'
+  },
+  secrets: [
+    { key: 'redis.databases', name: 'redis.cacheServer', servers: { identifier: 'name', value: 'cache' } }
+    { key: 'redis.databases', name: 'redis.authServer', servers: { identifier: 'name', value: 'auth' } }
+  ],
+  config: existingConfig,
+  environment: 'development'
+}
+
+awsSecrets.loadSecrets(secretParams, (err, result) => {
+  // now 
+  redis.databases: [
+    { db: 0, name: 'cache', host: 'my-secret-server' },
+    { db: 1, name: 'auth', host: 'my-auth-server' }
+  ]
+})
+
+```
+
+## Parameters
++ aws - object with accessKeyId, secretAccessKey and region (IAM user must have permission to read the secrets)
++ secrets - array of secrets to fetch
++ config - the current config (secrets will be merged into it)
++ environment - the current node environment (e.g. test, production, ... defaults to development)
+
+## Links
+- [Website](https://www.admiralcloud.com/)
+- [Twitter (@admiralcloud)](https://twitter.com/admiralcloud)
+- [Facebook](https://www.facebook.com/MediaAssetManagement/)
+
+## License
+[MIT License](https://opensource.org/licenses/MIT) Copyright © 2009-present, AdmiralCloud, Mark Poepping

package/index.js

@@ -0,0 +1,185 @@
+const _ = require('lodash')
+const async = require('async')
+const AWS = require('aws-sdk')
+
+/**
+ * @param aws OBJ object with aws configuration data
+ */
+
+const awsSecrets = () => {
+  const loadSecrets = (params, cb) => {
+    const multiSecrets = _.get(params, 'multisecrets', [])
+    const secrets = _.get(params, 'secrets', [])
+    let config = _.get(params, 'config', {}) // the config object -> will be changed by reference
+    const environment = _.get(config, 'environment', 'development')
+
+    const region = _.get(params, 'aws.region', 'eu-central-1')
+    const endpoint = _.find(awsEndpoints, { region })
+    const client = new AWS.SecretsManager({
+      accessKeyId: _.get(params, 'aws.accessKeyId'),
+      secretAccessKey: _.get(params, 'aws.secretAccessKey'),
+      region: region,
+      endpoint: _.get(endpoint, 'endpoint')
+    })
+
+    let result = []
+    async.series({
+      fetchPlacholders: (done) => {
+        if (!_.size(multiSecrets)) return done()
+        // some keys can have multiple entries (e.g. cloudfrontCOnfigs can have 1 - n entries)
+        // we have to fetch them first from a secret and add them to the secrets to fetch
+
+        async.each(multiSecrets, (secret, itDone) => {
+          let secretName = (config.environment === 'test' ? 'test.' : '') + _.get(secret, 'name')
+
+          client.getSecretValue({ SecretId: secretName }, function(err, data) {
+            if (err) {
+              if (_.get(secret, 'ignoreInTestMode')) return itDone()
+              if (_.get(secret, 'ignoreIfMissing')) return itDone() // this is an optional key
+
+              console.error('Fetching secret %s failed', secretName, err)
+              return itDone({ message: err, additionalInfo: { key: secretName } })
+            }
+            if (!_.get(data, 'SecretString')) {
+              console.warn('Secret %s NOT avaialble', secretName, _.get(data, 'SecretString'))
+              return itDone()
+            }
+
+            let value
+            try {
+              value = JSON.parse(_.get(data, 'SecretString'))
+            }
+            catch (e) {
+              value = _.get(data, 'SecretString.values')
+            }
+
+            try {
+              value = JSON.parse(_.get(value, 'values'))
+            }
+            catch (e) {
+              return done({ message: 'placeHolderSecrets_valuesInvalid', additionalInfo: { key: secret.key } })
+            }
+
+            // value should be an array of keys
+            _.forEach(value, (item) => {
+              secrets.push({
+                key: secret.key,
+                name: item,
+                type: 'arrayObject'
+              })
+            })
+            return itDone()
+          })
+        }, done)
+      },
+      fetchSecrets: (done) => {
+        if (!_.size(secrets)) return done()
+        async.each(secrets, (secret, itDone) => {
+          if (environment === 'test' && _.get(secret, 'ignoreInTestMode')) return itDone()
+          // key is the local configuration path
+          let key = _.get(secret, 'key')
+          // secret name is the name used to fetch the secret
+          let secretName = (config.environment === 'test' ? 'test.' : '') + _.get(secret, 'name') + (_.get(secret, 'suffix') ? '.' + _.get(secret, 'suffix') : '')
+
+          client.getSecretValue({ SecretId: secretName }, function(err, data) {
+            if (err) {
+              if (_.get(secret, 'ignoreIfMissing')) return itDone() // this is an optional key
+
+              console.error('Fetching secret %s failed', secretName, _.get(err, 'message', err))
+              return itDone({ message: _.get(err, 'message', err), additionalInfo: { key: secretName } })
+            }
+            if (!_.get(data, 'SecretString')) {
+              console.warn('Secret %s NOT avaialble', secretName, _.get(data, 'SecretString'))
+              return itDone()
+            }
+
+            let value
+            try {
+              value = JSON.parse(_.get(data, 'SecretString'))
+
+              // if value is prefixed with JSON -> parse the value
+              if (_.get(value, 'valueHasJSON')) {
+                _.forEach(value, (val, key) => {
+                  if (_.startsWith(val, 'JSON:')) {
+                    try {
+                      _.set(value, key, JSON.parse(val.substr(5)))
+                    }
+                    catch (e) {
+                      throw e
+                    }
+                  }
+                })
+                // remove that entry
+                _.unset(value, 'valueHasJSON')
+              }
+            }
+            catch (e) {
+              value = _.get(data, 'SecretString')
+            }
+
+            // make sure boolean values are converted (from string)
+            value = _.mapValues(value, (val) => {
+              if (val === 'true') return true
+              else if (val === 'false') return false
+              else return val
+            })
+            let existingValue = _.get(config, key, {})
+
+            if (secret.servers) {
+              if (_.isBoolean(secret.servers)) {
+                // LEGACY SUPPORT FOR OLD NOTATION - DEPRECATED - DO NOT USE ANY LONGER
+                existingValue = _.find(_.get(config, key + '.servers', []), { server: secret.serverName })
+              }
+              else {
+                // NEW NOTATION AS OBJECT
+                let match = {}
+                _.set(match, _.get(secret.servers, 'identifier'), _.get(secret.servers, 'value'))
+                existingValue = _.find(_.get(config, key, []), match)      
+              }
+            }
+            if (_.get(secret, 'type') === 'array') {
+              let array = []
+              _.forEach(value, (val) => {
+                array.push(val)
+              })
+              value = _.concat(existingValue, array)
+            }
+
+            if (_.get(secret, 'type') === 'arrayObject') {
+              existingValue.push(value)
+            }
+            else {
+              let setFresh
+              if (_.isEmpty(existingValue)) setFresh = true
+              _.merge(existingValue, value)
+              // setFresh -> this property/path has never existed
+              if (setFresh) _.set(config, key, existingValue)
+            }
+
+            if (_.get(secret, 'log')) {
+              console.log(_.repeat('.', 90))
+              console.warn(key, existingValue)
+              console.warn(_.get(config, key))
+              console.warn(_.repeat('.', 90))
+            }
+
+            result.push({ key, name: _.get(secret, 'name', '-') })
+            return itDone()
+          })
+        }, done)
+      }
+    }, (err) => {
+      return cb(err, _.orderBy(result, 'key'))
+    })
+  }
+
+  const awsEndpoints = [
+    { region: 'eu-central-1', endpoint: 'https://secretsmanager.eu-central-1.amazonaws.com' }
+  ]
+
+  return {
+    loadSecrets
+  }
+}
+
+module.exports = awsSecrets()

package/package.json

@@ -0,0 +1,23 @@
+{
+  "name": "ac-awssecrets",
+  "author": "Mark Poepping (https://www.mmpro.de)",
+  "license": "MIT",
+  "repository": "mmpro/ac-awssecrets",
+  "version": "1.1.3",
+  "dependencies": {
+    "async": "^3.2.1",
+    "aws-sdk": "^2.992.0",
+    "lodash": "^4.17.21"
+  },
+  "devDependencies": {
+    "ac-semantic-release": "^0.2.6",
+    "eslint": "7.x",
+    "mocha": "^9.1.1"
+  },
+  "scripts": {
+    "test": "mocha --reporter spec"
+  },
+  "engines": {
+    "node": ">=8.0.0"
+  }
+}

package/test/test.js

@@ -0,0 +1,7 @@
+//const awsSecrets = require('../index')
+
+describe('Tests', () => {
+  it('Should work', done => {
+    return done()
+  })
+})