opticedge-cloud-utils 1.0.1 → 1.0.3

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+export * from './auth/verify';
+export * from './utils/secrets';

package/dist/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./auth/verify"), exports);
+__exportStar(require("./utils/secrets"), exports);

package/dist/utils/secrets.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Returns the latest value of a Secret Manager secret.
+ *
+ * @param projectId   – GCP project that owns the secret.
+ * @param secretName  – Secret name (without version).
+ * @returns           – UTF-8 string value.
+ */
+export declare function getSecret(projectId: string, secretName: string): Promise<string>;

package/dist/utils/secrets.js

@@ -0,0 +1,22 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getSecret = getSecret;
+const secret_manager_1 = require("@google-cloud/secret-manager");
+/**
+ * Returns the latest value of a Secret Manager secret.
+ *
+ * @param projectId   – GCP project that owns the secret.
+ * @param secretName  – Secret name (without version).
+ * @returns           – UTF-8 string value.
+ */
+async function getSecret(projectId, secretName) {
+    if (!projectId)
+        throw new Error('projectId is required');
+    if (!secretName)
+        throw new Error('secretName is required');
+    const secretClient = new secret_manager_1.SecretManagerServiceClient();
+    const [version] = await secretClient.accessSecretVersion({
+        name: `projects/${projectId}/secrets/${secretName}/versions/latest`,
+    });
+    return version.payload?.data?.toString('utf-8') ?? '';
+}

package/dist/utils/secrets.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/utils/secrets.test.js

@@ -0,0 +1,38 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const secrets_1 = require("./secrets");
+const secret_manager_1 = require("@google-cloud/secret-manager");
+jest.mock('@google-cloud/secret-manager');
+// Mock implementation
+const mockAccessSecretVersion = jest.fn();
+secret_manager_1.SecretManagerServiceClient.mockImplementation(() => ({
+    accessSecretVersion: mockAccessSecretVersion,
+}));
+describe('getSecret', () => {
+    beforeEach(() => {
+        jest.clearAllMocks();
+    });
+    it('returns secret value as string', async () => {
+        mockAccessSecretVersion.mockResolvedValue([
+            {
+                payload: { data: Buffer.from('super-secret-value') },
+            },
+        ]);
+        const result = await (0, secrets_1.getSecret)('test-project', 'test-secret');
+        expect(result).toBe('super-secret-value');
+        expect(mockAccessSecretVersion).toHaveBeenCalledWith({
+            name: 'projects/test-project/secrets/test-secret/versions/latest',
+        });
+    });
+    it('throws if projectId is missing', async () => {
+        await expect((0, secrets_1.getSecret)('', 'secret')).rejects.toThrow('projectId is required');
+    });
+    it('throws if secretName is missing', async () => {
+        await expect((0, secrets_1.getSecret)('project', '')).rejects.toThrow('secretName is required');
+    });
+    it('returns empty string if payload or data is missing', async () => {
+        mockAccessSecretVersion.mockResolvedValue([{}]); // no payload
+        const result = await (0, secrets_1.getSecret)('project', 'secret');
+        expect(result).toBe('');
+    });
+});

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "opticedge-cloud-utils",
-  "version": "1.0.1",
+  "version": "1.0.3",
   "description": "Common utilities for cloud functions",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -13,6 +13,7 @@
   "author": "Evans Musonda",
   "license": "MIT",
   "dependencies": {
+    "@google-cloud/secret-manager": "^6.0.1",
     "google-auth-library": "^9.15.1"
   },
   "devDependencies": {

package/src/index.ts

@@ -0,0 +1,2 @@
+export * from './auth/verify';
+export * from './utils/secrets';

package/src/utils/secrets.test.ts

@@ -0,0 +1,44 @@
+import { getSecret } from './secrets';
+import { SecretManagerServiceClient } from '@google-cloud/secret-manager';
+
+jest.mock('@google-cloud/secret-manager');
+
+// Mock implementation
+const mockAccessSecretVersion = jest.fn();
+(SecretManagerServiceClient as unknown as jest.Mock).mockImplementation(() => ({
+  accessSecretVersion: mockAccessSecretVersion,
+}));
+
+describe('getSecret', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('returns secret value as string', async () => {
+    mockAccessSecretVersion.mockResolvedValue([
+      {
+        payload: { data: Buffer.from('super-secret-value') },
+      },
+    ]);
+
+    const result = await getSecret('test-project', 'test-secret');
+    expect(result).toBe('super-secret-value');
+    expect(mockAccessSecretVersion).toHaveBeenCalledWith({
+      name: 'projects/test-project/secrets/test-secret/versions/latest',
+    });
+  });
+
+  it('throws if projectId is missing', async () => {
+    await expect(getSecret('', 'secret')).rejects.toThrow('projectId is required');
+  });
+
+  it('throws if secretName is missing', async () => {
+    await expect(getSecret('project', '')).rejects.toThrow('secretName is required');
+  });
+
+  it('returns empty string if payload or data is missing', async () => {
+    mockAccessSecretVersion.mockResolvedValue([{}]); // no payload
+    const result = await getSecret('project', 'secret');
+    expect(result).toBe('');
+  });
+});

package/src/utils/secrets.ts

@@ -0,0 +1,24 @@
+import { SecretManagerServiceClient } from '@google-cloud/secret-manager';
+
+/**
+ * Returns the latest value of a Secret Manager secret.
+ *
+ * @param projectId   – GCP project that owns the secret.
+ * @param secretName  – Secret name (without version).
+ * @returns           – UTF-8 string value.
+ */
+export async function getSecret(
+  projectId: string,
+  secretName: string
+): Promise<string> {
+  if (!projectId) throw new Error('projectId is required');
+  if (!secretName) throw new Error('secretName is required');
+
+  const secretClient = new SecretManagerServiceClient();
+
+  const [version] = await secretClient.accessSecretVersion({
+    name: `projects/${projectId}/secrets/${secretName}/versions/latest`,
+  });
+
+  return (version.payload?.data as Buffer)?.toString('utf-8') ?? '';
+}

package/.github/workflows/publish.yml

@@ -1,41 +0,0 @@
-name: Publish Package
-
-on:
-  push:
-    branches:
-      - main
-
-jobs:
-  publish:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v3
-
-      - name: Setup Git identity
-        run: |
-          git config --global user.name "github-actions[bot]"
-          git config --global user.email "github-actions[bot]@users.noreply.github.com"
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v3
-        with:
-          node-version: '18'
-          registry-url: 'https://registry.npmjs.org/'
-
-      - name: Install dependencies
-        run: npm install
-
-      - name: Run tests
-        run: npm test
-
-      - name: Build package
-        run: npm run build
-
-      - name: Bump patch version and publish to npm
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-        run: |
-          npm version patch -m "ci: bump version to %s [skip ci]"
-          npm publish