npm - create-svc - Versions diffs - 0.1.70 → 0.1.71 - Mend

create-svc 0.1.70 → 0.1.71

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/package.json +1 -1
package/src/service-runtime/cloudrun/temporal-config.test.ts +22 -0
package/src/service-runtime/cloudrun/temporal-config.ts +11 -4

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "create-svc",
-  "version": "0.1.70",
+  "version": "0.1.71",
   "description": "Local microservice bootstrap CLI for Cloud Run and Workers services with Neon-backed data.",
   "module": "index.ts",
   "type": "module",

package/src/service-runtime/cloudrun/temporal-config.test.ts CHANGED Viewed

@@ -62,6 +62,28 @@ test("resolveTemporalRuntimeConfigValues reads self-hosted mTLS config from Vaul
   });
 });
+test("resolveTemporalRuntimeConfigValues renders configured mTLS secret names without raw credentials", () => {
+  const resolved = resolveTemporalRuntimeConfigValues(
+    { ...baseConfig, address: "temporal-grpc.anmho.com:7233" },
+    {},
+    () => ({
+      namespace: "default",
+    })
+  );
+  expect(resolved).toMatchObject({
+    enabled: true,
+    address: "temporal-grpc.anmho.com:7233",
+    namespace: "default",
+    tlsCaCertSecretName: "orders-temporal-ca-cert",
+    tlsCertSecretName: "orders-temporal-client-cert",
+    tlsKeySecretName: "orders-temporal-client-key",
+    tlsCaCert: "",
+    tlsCert: "",
+    tlsKey: "",
+  });
+});
 test("resolveTemporalRuntimeConfigValues prefers explicit environment overrides", () => {
   const resolved = resolveTemporalRuntimeConfigValues(
     baseConfig,

package/src/service-runtime/cloudrun/temporal-config.ts CHANGED Viewed

@@ -75,6 +75,13 @@ export function resolveTemporalRuntimeConfigValues(
     env.TEMPORAL_TLS_CERT_SECRET?.trim() || (tlsCert ? config.tlsCertSecretName || `${config.taskQueue}-temporal-client-cert` : "");
   const tlsKeySecretName =
     env.TEMPORAL_TLS_KEY_SECRET?.trim() || (tlsKey ? config.tlsKeySecretName || `${config.taskQueue}-temporal-client-key` : "");
+  const configuredTLSSecretNames = Boolean(config.tlsCaCertSecretName && config.tlsCertSecretName && config.tlsKeySecretName);
+  const shouldRenderTLSSecretNames = Boolean(tlsCaCert || (!apiKey && configuredTLSSecretNames));
+  const resolvedTLSSecretNames = {
+    ca: shouldRenderTLSSecretNames ? tlsCaCertSecretName || config.tlsCaCertSecretName || "" : "",
+    cert: shouldRenderTLSSecretNames ? tlsCertSecretName || config.tlsCertSecretName || "" : "",
+    key: shouldRenderTLSSecretNames ? tlsKeySecretName || config.tlsKeySecretName || "" : "",
+  };
   if (isLocalTemporalAddress(address)) {
     throw new Error(
@@ -95,7 +102,7 @@ export function resolveTemporalRuntimeConfigValues(
       `Temporal mTLS is partially configured; set TEMPORAL_TLS_CA_CERT, TEMPORAL_TLS_CERT, and TEMPORAL_TLS_KEY together in env or Vault at ${config.vaultMount}/${config.vaultPath}`
     );
   }
-  if (!apiKey && !tlsCaCert) {
+  if (!apiKey && !apiKeySecretName && !tlsCaCert && !configuredTLSSecretNames) {
     throw new Error(
       `Temporal is enabled but no credentials were found; set TEMPORAL_API_KEY or TEMPORAL_TLS_CA_CERT/TEMPORAL_TLS_CERT/TEMPORAL_TLS_KEY in env or Vault at ${config.vaultMount}/${config.vaultPath}`
     );
@@ -108,9 +115,9 @@ export function resolveTemporalRuntimeConfigValues(
     taskQueue,
     apiKeySecretName,
     apiKey,
-    tlsCaCertSecretName,
-    tlsCertSecretName,
-    tlsKeySecretName,
+    tlsCaCertSecretName: resolvedTLSSecretNames.ca,
+    tlsCertSecretName: resolvedTLSSecretNames.cert,
+    tlsKeySecretName: resolvedTLSSecretNames.key,
     tlsCaCert,
     tlsCert,
     tlsKey,