env-secrets 0.1.9 → 0.2.0

package/__tests__/index.test.ts

@@ -1,37 +1,322 @@
-import * as path from 'path';
-import { exec } from 'child_process';
-
-type Cli = {
-  code: number;
-  error: Error;
-  stdout: any;
-  stderr: any;
-};
-
-describe('CLI tests', () => {
-  test('general help', async () => {
-    const result = await cli(['-h'], '.');
-    expect(result.code).toBe(0);
+import { Command, Argument } from 'commander';
+import { spawn } from 'node:child_process';
+import Debug from 'debug';
+
+// Mock external dependencies
+jest.mock('commander');
+jest.mock('node:child_process');
+jest.mock('debug', () => jest.fn());
+jest.mock('../src/vaults/secretsmanager', () => ({
+  secretsmanager: jest.fn()
+}));
+
+// Mock the version import
+jest.mock('../src/version', () => ({
+  LIB_VERSION: '1.0.0'
+}));
+
+// Import after mocking
+import { secretsmanager } from '../src/vaults/secretsmanager';
+
+// Mock the actual module under test
+const mockSpawn = spawn as jest.MockedFunction<typeof spawn>;
+const mockDebug = Debug as jest.MockedFunction<typeof Debug>;
+const mockSecretsmanager = secretsmanager as jest.MockedFunction<
+  typeof secretsmanager
+>;
+const mockCommand = Command as jest.MockedClass<typeof Command>;
+
+describe('index.ts CLI functionality', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+
+    // Reset process.env
+    process.env = { ...process.env };
+
+    // Setup mock debug
+    const mockDebugInstance = jest.fn() as any;
+    mockDebug.mockReturnValue(mockDebugInstance);
   });
-  test('aws help', async () => {
-    const result = await cli(['aws -h'], '.');
-    expect(result.code).toBe(0);
+
+  describe('AWS command action logic', () => {
+    it('should call secretsmanager with correct options', async () => {
+      const mockEnv = { SECRET_KEY: 'secret_value' };
+      mockSecretsmanager.mockResolvedValue(mockEnv);
+
+      const options = {
+        secret: 'my-secret',
+        profile: 'my-profile',
+        region: 'us-east-1'
+      };
+
+      // Simulate the action logic
+      let env = await mockSecretsmanager(options);
+      env = Object.assign({}, process.env, env);
+
+      expect(mockSecretsmanager).toHaveBeenCalledWith(options);
+      expect(env).toEqual(
+        expect.objectContaining({
+          SECRET_KEY: 'secret_value'
+        })
+      );
+    });
+
+    it('should merge secrets with process.env', async () => {
+      const mockSecrets = { SECRET_KEY: 'secret_value' };
+      const originalEnv = { ORIGINAL_KEY: 'original_value' };
+      process.env = { ...originalEnv };
+
+      mockSecretsmanager.mockResolvedValue(mockSecrets);
+
+      // Simulate the action logic
+      let env = await mockSecretsmanager({ secret: 'my-secret' });
+      env = Object.assign({}, process.env, env);
+
+      expect(env).toEqual(
+        expect.objectContaining({
+          ORIGINAL_KEY: 'original_value',
+          SECRET_KEY: 'secret_value'
+        })
+      );
+    });
+
+    it('should spawn a program when provided', async () => {
+      const mockEnv = { SECRET_KEY: 'secret_value' };
+      mockSecretsmanager.mockResolvedValue(mockEnv);
+
+      const mockChildProcess = {
+        stdio: 'inherit'
+      };
+      mockSpawn.mockReturnValue(mockChildProcess as any);
+
+      const program = ['node', 'script.js', 'arg1', 'arg2'];
+      const options = { secret: 'my-secret' };
+
+      // Simulate the action logic
+      let env = await mockSecretsmanager(options);
+      env = Object.assign({}, process.env, env);
+
+      if (program && program.length > 0) {
+        mockSpawn(program[0], program.slice(1), {
+          stdio: 'inherit',
+          shell: true,
+          env
+        });
+      }
+
+      expect(mockSpawn).toHaveBeenCalledWith(
+        'node',
+        ['script.js', 'arg1', 'arg2'],
+        {
+          stdio: 'inherit',
+          shell: true,
+          env: expect.objectContaining({
+            SECRET_KEY: 'secret_value'
+          })
+        }
+      );
+    });
+
+    it('should not spawn a program when no program is provided', async () => {
+      const mockEnv = { SECRET_KEY: 'secret_value' };
+      mockSecretsmanager.mockResolvedValue(mockEnv);
+
+      // Simulate the action logic
+      let env = await mockSecretsmanager({ secret: 'my-secret' });
+      env = Object.assign({}, process.env, env);
+
+      const program: string[] = [];
+      if (program && program.length > 0) {
+        mockSpawn(program[0], program.slice(1), {
+          stdio: 'inherit',
+          shell: true,
+          env
+        });
+      }
+
+      expect(mockSpawn).not.toHaveBeenCalled();
+    });
+
+    it('should handle empty program array', async () => {
+      const mockEnv = { SECRET_KEY: 'secret_value' };
+      mockSecretsmanager.mockResolvedValue(mockEnv);
+
+      // Simulate the action logic
+      let env = await mockSecretsmanager({ secret: 'my-secret' });
+      env = Object.assign({}, process.env, env);
+
+      const program: string[] = [];
+      if (program && program.length > 0) {
+        mockSpawn(program[0], program.slice(1), {
+          stdio: 'inherit',
+          shell: true,
+          env
+        });
+      }
+
+      expect(mockSpawn).not.toHaveBeenCalled();
+    });
+
+    it('should handle single program argument', async () => {
+      const mockEnv = { SECRET_KEY: 'secret_value' };
+      mockSecretsmanager.mockResolvedValue(mockEnv);
+
+      const mockChildProcess = {
+        stdio: 'inherit'
+      };
+      mockSpawn.mockReturnValue(mockChildProcess as any);
+
+      const program = ['echo'];
+      const options = { secret: 'my-secret' };
+
+      // Simulate the action logic
+      let env = await mockSecretsmanager(options);
+      env = Object.assign({}, process.env, env);
+
+      if (program && program.length > 0) {
+        mockSpawn(program[0], program.slice(1), {
+          stdio: 'inherit',
+          shell: true,
+          env
+        });
+      }
+
+      expect(mockSpawn).toHaveBeenCalledWith('echo', [], {
+        stdio: 'inherit',
+        shell: true,
+        env: expect.objectContaining({
+          SECRET_KEY: 'secret_value'
+        })
+      });
+    });
+
+    it('should preserve existing environment variables', async () => {
+      const mockSecrets = { SECRET_KEY: 'secret_value' };
+      const originalEnv = {
+        PATH: '/usr/bin',
+        HOME: '/home/user',
+        NODE_ENV: 'test'
+      };
+      process.env = { ...originalEnv };
+
+      mockSecretsmanager.mockResolvedValue(mockSecrets);
+
+      // Simulate the action logic
+      let env = await mockSecretsmanager({ secret: 'my-secret' });
+      env = Object.assign({}, process.env, env);
+
+      const program = ['echo'];
+      if (program && program.length > 0) {
+        mockSpawn(program[0], program.slice(1), {
+          stdio: 'inherit',
+          shell: true,
+          env
+        });
+      }
+
+      expect(mockSpawn).toHaveBeenCalledWith('echo', [], {
+        stdio: 'inherit',
+        shell: true,
+        env: expect.objectContaining({
+          PATH: '/usr/bin',
+          HOME: '/home/user',
+          NODE_ENV: 'test',
+          SECRET_KEY: 'secret_value'
+        })
+      });
+    });
+
+    it('should handle secretsmanager returning empty object', async () => {
+      mockSecretsmanager.mockResolvedValue({});
+
+      // Simulate the action logic
+      let env = await mockSecretsmanager({ secret: 'my-secret' });
+      env = Object.assign({}, process.env, env);
+
+      const program = ['echo'];
+      if (program && program.length > 0) {
+        mockSpawn(program[0], program.slice(1), {
+          stdio: 'inherit',
+          shell: true,
+          env
+        });
+      }
+
+      expect(mockSpawn).toHaveBeenCalledWith('echo', [], {
+        stdio: 'inherit',
+        shell: true,
+        env: expect.objectContaining({})
+      });
+    });
+
+    it('should handle secretsmanager throwing an error', async () => {
+      const error = new Error('AWS connection failed');
+      mockSecretsmanager.mockRejectedValue(error);
+
+      // Should throw - the error should propagate
+      await expect(mockSecretsmanager({ secret: 'my-secret' })).rejects.toThrow(
+        'AWS connection failed'
+      );
+    });
   });
-});
 
-function cli(args, cwd): Promise<Cli> {
-  return new Promise((resolve) => {
-    exec(
-      `node ${path.resolve('./dist/index')} ${args.join(' ')}`,
-      { cwd },
-      (error, stdout, stderr) => {
-        resolve({
-          code: error && error.code ? error.code : 0,
-          error,
-          stdout,
-          stderr
+  describe('Debug logging', () => {
+    it('should create debug instance with correct namespace', () => {
+      const debugInstance = mockDebug('env-secrets');
+      expect(mockDebug).toHaveBeenCalledWith('env-secrets');
+    });
+
+    it('should log environment variables when debug is enabled', async () => {
+      const mockDebugInstance = jest.fn() as any;
+      mockDebug.mockReturnValue(mockDebugInstance);
+
+      const mockEnv = { SECRET_KEY: 'secret_value' };
+      mockSecretsmanager.mockResolvedValue(mockEnv);
+
+      // Simulate the action logic
+      let env = await mockSecretsmanager({ secret: 'my-secret' });
+      env = Object.assign({}, process.env, env);
+
+      // Simulate debug logging
+      mockDebugInstance(env);
+
+      expect(mockDebugInstance).toHaveBeenCalledWith(
+        expect.objectContaining({
+          SECRET_KEY: 'secret_value'
+        })
+      );
+    });
+
+    it('should log program execution when program is provided', async () => {
+      const mockDebugInstance = jest.fn() as any;
+      mockDebug.mockReturnValue(mockDebugInstance);
+
+      const mockEnv = { SECRET_KEY: 'secret_value' };
+      mockSecretsmanager.mockResolvedValue(mockEnv);
+
+      const mockChildProcess = {
+        stdio: 'inherit'
+      };
+      mockSpawn.mockReturnValue(mockChildProcess as any);
+
+      const program = ['node', 'script.js', 'arg1'];
+
+      // Simulate the action logic
+      let env = await mockSecretsmanager({ secret: 'my-secret' });
+      env = Object.assign({}, process.env, env);
+
+      if (program && program.length > 0) {
+        // Simulate debug logging
+        mockDebugInstance(`${program[0]} ${program.slice(1).join(' ')}`);
+
+        mockSpawn(program[0], program.slice(1), {
+          stdio: 'inherit',
+          shell: true,
+          env
         });
       }
-    );
+
+      expect(mockDebugInstance).toHaveBeenCalledWith('node script.js arg1');
+    });
   });
-}
+});

package/__tests__/vaults/utils.test.ts

@@ -0,0 +1,183 @@
+import * as os from 'os';
+import {
+  replaceWithAstrisk,
+  objectToExport,
+  objectToEnv
+} from '../../src/vaults/utils';
+
+describe('vaults utils', () => {
+  describe('replaceWithAstrisk', () => {
+    test('should return undefined for undefined input', () => {
+      expect(replaceWithAstrisk(undefined)).toBeUndefined();
+    });
+
+    test('should return undefined for empty string', () => {
+      expect(replaceWithAstrisk('')).toBeUndefined();
+    });
+
+    test('should mask middle characters for strings longer than 4 characters', () => {
+      expect(replaceWithAstrisk('password123')).toBe('p******d123');
+      expect(replaceWithAstrisk('secretkey')).toBe('s****tkey');
+      expect(replaceWithAstrisk('verylongpassword')).toBe('v***********word');
+    });
+
+    test('should not mask characters for strings 4 characters or shorter', () => {
+      expect(replaceWithAstrisk('1234')).toBe('1234');
+      expect(replaceWithAstrisk('abc')).toBe('abc');
+      expect(replaceWithAstrisk('a')).toBe('a');
+    });
+
+    test('should preserve first and last 4 characters for longer strings', () => {
+      expect(replaceWithAstrisk('abcdefghijklmnop')).toBe('a***********mnop');
+      expect(replaceWithAstrisk('1234567890123456')).toBe('1***********3456');
+    });
+
+    test('should handle special characters and unicode', () => {
+      expect(replaceWithAstrisk('p@ssw0rd!')).toBe('p****0rd!');
+      expect(replaceWithAstrisk('🔑secret🔒')).toBe('🔑*****t🔒');
+    });
+  });
+
+  describe('objectToExport', () => {
+    test('should convert object to export statements', () => {
+      const obj = {
+        API_KEY: 'abc123',
+        DATABASE_URL: 'postgres://localhost:5432/db',
+        DEBUG: 'true'
+      };
+
+      const result = objectToExport(obj);
+      const expected = `export API_KEY=abc123${os.EOL}export DATABASE_URL=postgres://localhost:5432/db${os.EOL}export DEBUG=true${os.EOL}`;
+
+      expect(result).toBe(expected);
+    });
+
+    test('should handle empty object', () => {
+      const obj = {};
+      const result = objectToExport(obj);
+      expect(result).toBe('');
+    });
+
+    test('should handle object with various value types', () => {
+      const obj = {
+        STRING: 'hello',
+        NUMBER: 42,
+        BOOLEAN: true,
+        NULL: null,
+        UNDEFINED: undefined
+      };
+
+      const result = objectToExport(obj);
+      const expected = `export STRING=hello${os.EOL}export NUMBER=42${os.EOL}export BOOLEAN=true${os.EOL}export NULL=null${os.EOL}export UNDEFINED=undefined${os.EOL}`;
+
+      expect(result).toBe(expected);
+    });
+
+    test('should handle object with special characters in keys and values', () => {
+      const obj = {
+        'API-KEY': 'abc-123',
+        DATABASE_URL: 'postgres://user:pass@localhost:5432/db',
+        DEBUG_MODE: 'true'
+      };
+
+      const result = objectToExport(obj);
+      const expected = `export API-KEY=abc-123${os.EOL}export DATABASE_URL=postgres://user:pass@localhost:5432/db${os.EOL}export DEBUG_MODE=true${os.EOL}`;
+
+      expect(result).toBe(expected);
+    });
+  });
+
+  describe('objectToEnv', () => {
+    let originalEnv: NodeJS.ProcessEnv;
+
+    beforeEach(() => {
+      originalEnv = { ...process.env };
+    });
+
+    afterEach(() => {
+      process.env = originalEnv;
+    });
+
+    test('should set environment variables from object', () => {
+      const obj = {
+        API_KEY: 'abc123',
+        DATABASE_URL: 'postgres://localhost:5432/db',
+        DEBUG: 'true'
+      };
+
+      const result = objectToEnv(obj);
+
+      expect(process.env.API_KEY).toBe('abc123');
+      expect(process.env.DATABASE_URL).toBe('postgres://localhost:5432/db');
+      expect(process.env.DEBUG).toBe('true');
+      expect(result).toEqual([
+        'abc123',
+        'postgres://localhost:5432/db',
+        'true'
+      ]);
+    });
+
+    test('should handle empty object', () => {
+      const obj = {};
+      const result = objectToEnv(obj);
+
+      expect(result).toEqual([]);
+    });
+
+    test('should handle object with various value types', () => {
+      const obj = {
+        STRING: 'hello',
+        NUMBER: 42,
+        BOOLEAN: true,
+        NULL: null,
+        UNDEFINED: undefined
+      };
+
+      const result = objectToEnv(obj);
+
+      expect(process.env.STRING).toBe('hello');
+      expect(process.env.NUMBER).toBe(42);
+      expect(process.env.BOOLEAN).toBe(true);
+      expect(process.env.NULL).toBe(null);
+      expect(process.env.UNDEFINED).toBe(undefined);
+      expect(result).toEqual(['hello', 42, true, null, undefined]);
+    });
+
+    test('should overwrite existing environment variables', () => {
+      // Set initial environment variable
+      process.env.EXISTING_VAR = 'old_value';
+
+      const obj = {
+        EXISTING_VAR: 'new_value',
+        NEW_VAR: 'new_var_value'
+      };
+
+      const result = objectToEnv(obj);
+
+      expect(process.env.EXISTING_VAR).toBe('new_value');
+      expect(process.env.NEW_VAR).toBe('new_var_value');
+      expect(result).toEqual(['new_value', 'new_var_value']);
+    });
+
+    test('should handle object with special characters in keys and values', () => {
+      const obj = {
+        'API-KEY': 'abc-123',
+        DATABASE_URL: 'postgres://user:pass@localhost:5432/db',
+        DEBUG_MODE: 'true'
+      };
+
+      const result = objectToEnv(obj);
+
+      expect(process.env['API-KEY']).toBe('abc-123');
+      expect(process.env['DATABASE_URL']).toBe(
+        'postgres://user:pass@localhost:5432/db'
+      );
+      expect(process.env['DEBUG_MODE']).toBe('true');
+      expect(result).toEqual([
+        'abc-123',
+        'postgres://user:pass@localhost:5432/db',
+        'true'
+      ]);
+    });
+  });
+});

package/__tests__/version.test.ts

@@ -0,0 +1,8 @@
+import { LIB_VERSION } from '../src/version';
+import packageJson from '../package.json';
+
+describe('LIB_VERSION', () => {
+  it('should match the version in package.json', () => {
+    expect(LIB_VERSION).toBe(packageJson.version);
+  });
+});

package/dist/vaults/secretsmanager.js

@@ -13,67 +13,55 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.secretsmanager = void 0;
-const aws_sdk_1 = __importDefault(require("aws-sdk"));
+const client_secrets_manager_1 = require("@aws-sdk/client-secrets-manager");
+const client_sts_1 = require("@aws-sdk/client-sts");
+const credential_providers_1 = require("@aws-sdk/credential-providers");
 const debug_1 = __importDefault(require("debug"));
 const debug = (0, debug_1.default)('env-secrets:secretsmanager');
-const checkConnection = () => __awaiter(void 0, void 0, void 0, function* () {
-    const sts = new aws_sdk_1.default.STS();
-    const getCallerPromise = new Promise((resolve, reject) => {
-        sts.getCallerIdentity({}, (err, data) => {
-            if (err)
-                reject(err);
-            else {
-                resolve(data);
-            }
-        });
-    });
-    let value;
-    let err;
-    yield getCallerPromise
-        .then((v) => {
-        value = v;
-    })
-        .catch((e) => {
-        err = e;
-    });
-    if (err) {
+const checkConnection = (region) => __awaiter(void 0, void 0, void 0, function* () {
+    const stsClient = new client_sts_1.STSClient({ region });
+    const command = new client_sts_1.GetCallerIdentityCommand({});
+    try {
+        const data = yield stsClient.send(command);
+        debug(data);
+        return true;
+    }
+    catch (err) {
         console.error(err);
         return false;
     }
-    debug(value);
-    return !!value;
 });
 const secretsmanager = (options) => __awaiter(void 0, void 0, void 0, function* () {
     const { secret, profile, region } = options;
     const { AWS_ACCESS_KEY_ID: awsAccessKeyId, AWS_SECRET_ACCESS_KEY: awsSecretAccessKey } = process.env;
+    let credentials;
     if (profile) {
         debug(`Using profile: ${profile}`);
-        const credentials = new aws_sdk_1.default.SharedIniFileCredentials({
-            profile
-        });
-        aws_sdk_1.default.config.credentials = credentials;
+        credentials = (0, credential_providers_1.fromIni)({ profile });
     }
     else if (awsAccessKeyId && awsSecretAccessKey) {
         debug('Using environment variables');
+        credentials = undefined; // Will use environment variables automatically
     }
     else {
         debug('Using profile: default');
+        credentials = (0, credential_providers_1.fromIni)({ profile: 'default' });
     }
-    if (region) {
-        aws_sdk_1.default.config.update({ region });
-    }
-    if (!aws_sdk_1.default.config.region) {
+    const config = {
+        region,
+        credentials
+    };
+    if (!config.region) {
         debug('no region set');
     }
-    const connected = yield checkConnection();
+    const connected = yield checkConnection(region);
     if (connected) {
-        const sm = new aws_sdk_1.default.SecretsManager();
+        const client = new client_secrets_manager_1.SecretsManagerClient(config);
         try {
-            const response = yield sm
-                .getSecretValue({
+            const command = new client_secrets_manager_1.GetSecretValueCommand({
                 SecretId: secret
-            })
-                .promise();
+            });
+            const response = yield client.send(command);
             const secretvalue = response.SecretString;
             try {
                 if (secretvalue) {
@@ -85,10 +73,10 @@ const secretsmanager = (options) => __awaiter(void 0, void 0, void 0, function*
             }
         }
         catch (err) {
-            if (err && err.code === 'ResourceNotFoundException') {
+            if (err && err.name === 'ResourceNotFoundException') {
                 console.error(`${secret} not found`);
             }
-            else if (err && err.code === 'ConfigError') {
+            else if (err && err.name === 'ConfigError') {
                 console.error(err.message);
             }
             else {
@@ -99,6 +87,7 @@ const secretsmanager = (options) => __awaiter(void 0, void 0, void 0, function*
     }
     else {
         console.error('Unable to connect to AWS');
+        return {};
     }
 });
 exports.secretsmanager = secretsmanager;

package/jest.config.js

@@ -2,5 +2,6 @@
 // eslint-disable-next-line no-undef
 module.exports = {
   preset: 'ts-jest',
-  testEnvironment: 'node'
+  testEnvironment: 'node',
+  collectCoverageFrom: ['src/**/*.ts']
 };