opticedge-cloud-utils 1.0.4 → 1.0.6

package/.eslintignore

@@ -0,0 +1,2 @@
+# Ignore compiled output
+dist/

package/.eslintrc.js

@@ -2,28 +2,29 @@ module.exports = {
   root: true,
   parser: '@typescript-eslint/parser',
   parserOptions: {
-    ecmaVersion: 2020,  // modern JS features
-    sourceType: 'module',
+    ecmaVersion: 2020, // modern JS features
+    sourceType: 'module'
   },
   env: {
     node: true,
     jest: true,
-    es2020: true,
+    es2020: true
   },
   plugins: ['@typescript-eslint', 'jest'],
   extends: [
     'eslint:recommended',
     'plugin:@typescript-eslint/recommended',
     'plugin:jest/recommended',
+    'plugin:prettier/recommended'
   ],
   rules: {
     // Your custom rules here, for example:
     'no-console': 'warn',
-    '@typescript-eslint/no-unused-vars': ['error', { argsIgnorePattern: '^_' }],
+    '@typescript-eslint/no-unused-vars': ['error', { argsIgnorePattern: '^_' }]
   },
   settings: {
     jest: {
-      version: 29,  // or your jest version
-    },
-  },
-};
+      version: 29 // or your jest version
+    }
+  }
+}

package/.prettierignore

@@ -0,0 +1,4 @@
+node_modules
+dist
+build
+coverage

package/.prettierrc

@@ -0,0 +1,8 @@
+{
+  "singleQuote": true,
+  "semi": false,
+  "trailingComma": "none",
+  "printWidth": 100,
+  "tabWidth": 2,
+  "arrowParens": "avoid"
+}

package/dist/auth/verify.js

@@ -12,7 +12,7 @@ async function verifyRequest(req, options) {
     try {
         const ticket = await client.verifyIdToken({
             idToken: token,
-            audience: options.allowedAudience,
+            audience: options.allowedAudience
         });
         const payload = ticket.getPayload();
         return payload?.email === options.allowedServiceAccount;

package/dist/auth/verify.test.js

@@ -9,70 +9,70 @@ jest.mock('google-auth-library', () => {
                 if (idToken === 'valid-token' && audience === 'audience') {
                     return {
                         getPayload: () => ({
-                            email: 'allowed@example.com',
-                        }),
+                            email: 'allowed@example.com'
+                        })
                     };
                 }
                 else if (idToken === 'wrong-email-token' && audience === 'audience') {
                     return {
                         getPayload: () => ({
-                            email: 'unauthorized@example.com',
-                        }),
+                            email: 'unauthorized@example.com'
+                        })
                     };
                 }
                 throw new Error('Invalid token');
-            }),
-        })),
+            })
+        }))
     };
 });
 describe('verifyRequest', () => {
     it('returns true for valid token and matching email', async () => {
         const mockReq = {
             headers: {
-                authorization: 'Bearer valid-token',
-            },
+                authorization: 'Bearer valid-token'
+            }
         };
         // eslint-disable-next-line @typescript-eslint/no-explicit-any
         const result = await (0, verify_1.verifyRequest)(mockReq, {
             allowedAudience: 'audience',
-            allowedServiceAccount: 'allowed@example.com',
+            allowedServiceAccount: 'allowed@example.com'
         });
         expect(result).toBe(true);
     });
     it('returns false for invalid token', async () => {
         const mockReq = {
             headers: {
-                authorization: 'Bearer invalid-token',
-            },
+                authorization: 'Bearer invalid-token'
+            }
         };
         // eslint-disable-next-line @typescript-eslint/no-explicit-any
         const result = await (0, verify_1.verifyRequest)(mockReq, {
             allowedAudience: 'audience',
-            allowedServiceAccount: 'allowed@example.com',
+            allowedServiceAccount: 'allowed@example.com'
         });
         expect(result).toBe(false);
     });
     it('returns false for missing authorization header', async () => {
         const mockReq = {
-            headers: {},
+            headers: {}
         };
         // eslint-disable-next-line @typescript-eslint/no-explicit-any
         const result = await (0, verify_1.verifyRequest)(mockReq, {
             allowedAudience: 'audience',
-            allowedServiceAccount: 'allowed@example.com',
+            allowedServiceAccount: 'allowed@example.com'
         });
         expect(result).toBe(false);
     });
     it('returns false for incorrect email', async () => {
         const mockReq = {
             headers: {
-                authorization: 'Bearer wrong-email-token',
-            },
+                authorization: 'Bearer wrong-email-token'
+            }
         };
         // eslint-disable-next-line @typescript-eslint/no-explicit-any
         const result = await (0, verify_1.verifyRequest)(mockReq, {
             allowedAudience: 'audience',
-            allowedServiceAccount: 'allowed@example.com',
+            allowedServiceAccount: 'allowed@example.com'
         });
         expect(result).toBe(false);
     });

package/dist/db/mongo.test.js

@@ -39,12 +39,12 @@ const secretsModule = __importStar(require("../utils/secrets"));
 jest.mock('mongodb');
 jest.mock('../utils/secrets');
 const mockDb = {
-    collection: jest.fn(),
+    collection: jest.fn()
 };
 const mockConnect = jest.fn();
 const mockClient = {
     connect: mockConnect,
-    db: jest.fn().mockReturnValue(mockDb),
+    db: jest.fn().mockReturnValue(mockDb)
 };
 beforeEach(() => {
     jest.clearAllMocks();
@@ -65,6 +65,7 @@ describe('Mongo Utils', () => {
     });
     it('should throw error if db is not initialized', () => {
         jest.isolateModules(() => {
+            // eslint-disable-next-line @typescript-eslint/no-require-imports
             const { getCollection } = require('./mongo');
             expect(() => getCollection('users')).toThrow('Mongo not initialized');
         });

package/dist/index.d.ts

@@ -1,3 +1,4 @@
 export * from './auth/verify';
-export * from './utils/secrets';
 export * from './db/mongo';
+export * from './utils/secrets';
+export * from './utils/task';

package/dist/index.js

@@ -15,5 +15,6 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./auth/verify"), exports);
-__exportStar(require("./utils/secrets"), exports);
 __exportStar(require("./db/mongo"), exports);
+__exportStar(require("./utils/secrets"), exports);
+__exportStar(require("./utils/task"), exports);

package/dist/utils/secrets.js

@@ -16,7 +16,7 @@ async function getSecret(projectId, secretName) {
         throw new Error('secretName is required');
     const secretClient = new secret_manager_1.SecretManagerServiceClient();
     const [version] = await secretClient.accessSecretVersion({
-        name: `projects/${projectId}/secrets/${secretName}/versions/latest`,
+        name: `projects/${projectId}/secrets/${secretName}/versions/latest`
     });
     return version.payload?.data?.toString('utf-8') ?? '';
 }

package/dist/utils/secrets.test.js

@@ -6,7 +6,7 @@ jest.mock('@google-cloud/secret-manager');
 // Mock implementation
 const mockAccessSecretVersion = jest.fn();
 secret_manager_1.SecretManagerServiceClient.mockImplementation(() => ({
-    accessSecretVersion: mockAccessSecretVersion,
+    accessSecretVersion: mockAccessSecretVersion
 }));
 describe('getSecret', () => {
     beforeEach(() => {
@@ -15,13 +15,13 @@ describe('getSecret', () => {
     it('returns secret value as string', async () => {
         mockAccessSecretVersion.mockResolvedValue([
             {
-                payload: { data: Buffer.from('super-secret-value') },
-            },
+                payload: { data: Buffer.from('super-secret-value') }
+            }
         ]);
         const result = await (0, secrets_1.getSecret)('test-project', 'test-secret');
         expect(result).toBe('super-secret-value');
         expect(mockAccessSecretVersion).toHaveBeenCalledWith({
-            name: 'projects/test-project/secrets/test-secret/versions/latest',
+            name: 'projects/test-project/secrets/test-secret/versions/latest'
         });
     });
     it('throws if projectId is missing', async () => {

package/dist/utils/task.d.ts

@@ -0,0 +1 @@
+export declare function createTask(projectId: string, region: string, queueId: string, data: unknown, serviceAccount: string, audience: string): Promise<string>;

package/dist/utils/task.js

@@ -0,0 +1,30 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createTask = createTask;
+const tasks_1 = require("@google-cloud/tasks");
+const tasksClient = new tasks_1.CloudTasksClient();
+async function createTask(projectId, region, queueId, data, serviceAccount, audience) {
+    if (!projectId || !region || !queueId || !serviceAccount || !audience) {
+        throw new Error('Missing required parameters for Cloud Tasks setup');
+    }
+    const parent = tasksClient.queuePath(projectId, region, queueId);
+    const task = {
+        httpRequest: {
+            httpMethod: tasks_1.protos.google.cloud.tasks.v2.HttpMethod.POST,
+            url: audience,
+            headers: {
+                'Content-Type': 'application/json'
+            },
+            body: Buffer.from(JSON.stringify(data)).toString('base64'),
+            oidcToken: {
+                serviceAccountEmail: serviceAccount,
+                audience
+            }
+        }
+    };
+    const [response] = await tasksClient.createTask({ parent, task });
+    if (!response.name) {
+        throw new Error('Failed to create task: no name returned');
+    }
+    return response.name;
+}

package/dist/utils/task.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/utils/task.test.js

@@ -0,0 +1,54 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const mockCreateTask = jest.fn();
+const mockQueuePath = jest.fn((projectId, region, queueId) => `projects/${projectId}/locations/${region}/queues/${queueId}`);
+jest.mock('@google-cloud/tasks', () => {
+    return {
+        CloudTasksClient: jest.fn(() => ({
+            createTask: mockCreateTask,
+            queuePath: mockQueuePath
+        })),
+        protos: {
+            google: {
+                cloud: {
+                    tasks: {
+                        v2: {
+                            HttpMethod: {
+                                POST: 'POST'
+                            }
+                        }
+                    }
+                }
+            }
+        }
+    };
+});
+const task_1 = require("./task");
+describe('createTask', () => {
+    beforeEach(() => {
+        mockCreateTask.mockReset();
+    });
+    it('throws error if any required parameter is missing', async () => {
+        // Missing projectId
+        await expect((0, task_1.createTask)('', 'region', 'queue', {}, 'serviceAccount', 'audience')).rejects.toThrow('Missing required parameters for Cloud Tasks setup');
+        // Missing region
+        await expect((0, task_1.createTask)('project', '', 'queue', {}, 'serviceAccount', 'audience')).rejects.toThrow('Missing required parameters for Cloud Tasks setup');
+        // Missing queueId
+        await expect((0, task_1.createTask)('project', 'region', '', {}, 'serviceAccount', 'audience')).rejects.toThrow('Missing required parameters for Cloud Tasks setup');
+        // Missing serviceAccount
+        await expect((0, task_1.createTask)('project', 'region', 'queue', {}, '', 'audience')).rejects.toThrow('Missing required parameters for Cloud Tasks setup');
+        // Missing audience
+        await expect((0, task_1.createTask)('project', 'region', 'queue', {}, 'serviceAccount', '')).rejects.toThrow('Missing required parameters for Cloud Tasks setup');
+    });
+    it('should create a task and return task name', async () => {
+        const mockTaskName = 'projects/test-project/locations/us-central1/queues/test-queue/tasks/task-123';
+        mockCreateTask.mockResolvedValue([{ name: mockTaskName }]);
+        const result = await (0, task_1.createTask)('test-project', 'us-central1', 'test-queue', { test: 'data' }, 'test-sa@test.iam.gserviceaccount.com', 'https://run-url');
+        expect(result).toBe(mockTaskName);
+        expect(mockCreateTask).toHaveBeenCalledTimes(1);
+    });
+    it('should throw error if task name is missing', async () => {
+        mockCreateTask.mockResolvedValue([{}]); // Simulate missing name
+        await expect((0, task_1.createTask)('test-project', 'us-central1', 'test-queue', { foo: 'bar' }, 'test@project.iam.gserviceaccount.com', 'https://example.com')).rejects.toThrow('Failed to create task: no name returned');
+    });
+});

package/jest.config.js

@@ -1,12 +1,12 @@
-const { createDefaultPreset } = require("ts-jest");
+const { createDefaultPreset } = require('ts-jest')
 
-const tsJestTransformCfg = createDefaultPreset().transform;
+const tsJestTransformCfg = createDefaultPreset().transform
 
 /** @type {import("jest").Config} **/
 module.exports = {
-  testEnvironment: "node",
+  testEnvironment: 'node',
   transform: {
-    ...tsJestTransformCfg,
+    ...tsJestTransformCfg
   },
-  testPathIgnorePatterns: ['/node_modules/', '/dist/'],
-};
+  testPathIgnorePatterns: ['/node_modules/', '/dist/']
+}

package/package.json

@@ -1,19 +1,22 @@
 {
   "name": "opticedge-cloud-utils",
-  "version": "1.0.4",
+  "version": "1.0.6",
   "description": "Common utilities for cloud functions",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "scripts": {
     "build": "tsc",
     "test": "jest --coverage",
-    "lint": "eslint . --ext .ts",
+    "lint": "eslint . --ext .ts --fix",
+    "format": "prettier --write .",
+    "fix": "npm run lint && npm run format",
     "prepare": "npm run build"
   },
   "author": "Evans Musonda",
   "license": "MIT",
   "dependencies": {
     "@google-cloud/secret-manager": "^6.0.1",
+    "@google-cloud/tasks": "^6.1.0",
     "google-auth-library": "^9.15.1",
     "mongodb": "^6.16.0"
   },
@@ -24,8 +27,11 @@
     "@typescript-eslint/eslint-plugin": "^8.33.0",
     "@typescript-eslint/parser": "^8.33.0",
     "eslint": "^8.57.1",
+    "eslint-config-prettier": "^10.1.5",
     "eslint-plugin-jest": "^28.11.1",
+    "eslint-plugin-prettier": "^5.4.0",
     "jest": "^29.7.0",
+    "prettier": "^3.5.3",
     "ts-jest": "^29.3.4",
     "typescript": "^5.8.3"
   }

package/src/auth/verify.test.ts

@@ -1,4 +1,4 @@
-import { verifyRequest } from './verify';
+import { verifyRequest } from './verify'
 
 // Mock the google-auth-library
 jest.mock('google-auth-library', () => {
@@ -8,82 +8,82 @@ jest.mock('google-auth-library', () => {
         if (idToken === 'valid-token' && audience === 'audience') {
           return {
             getPayload: () => ({
-              email: 'allowed@example.com',
-            }),
-          };
+              email: 'allowed@example.com'
+            })
+          }
         } else if (idToken === 'wrong-email-token' && audience === 'audience') {
           return {
             getPayload: () => ({
-              email: 'unauthorized@example.com',
-            }),
-          };
+              email: 'unauthorized@example.com'
+            })
+          }
         }
-        throw new Error('Invalid token');
-      }),
-    })),
-  };
-});
+        throw new Error('Invalid token')
+      })
+    }))
+  }
+})
 
 describe('verifyRequest', () => {
   it('returns true for valid token and matching email', async () => {
     const mockReq = {
       headers: {
-        authorization: 'Bearer valid-token',
-      },
-    };
+        authorization: 'Bearer valid-token'
+      }
+    }
 
     // eslint-disable-next-line @typescript-eslint/no-explicit-any
     const result = await verifyRequest(mockReq as any, {
       allowedAudience: 'audience',
-      allowedServiceAccount: 'allowed@example.com',
-    });
+      allowedServiceAccount: 'allowed@example.com'
+    })
 
-    expect(result).toBe(true);
-  });
+    expect(result).toBe(true)
+  })
 
   it('returns false for invalid token', async () => {
     const mockReq = {
       headers: {
-        authorization: 'Bearer invalid-token',
-      },
-    };
+        authorization: 'Bearer invalid-token'
+      }
+    }
 
     // eslint-disable-next-line @typescript-eslint/no-explicit-any
     const result = await verifyRequest(mockReq as any, {
       allowedAudience: 'audience',
-      allowedServiceAccount: 'allowed@example.com',
-    });
+      allowedServiceAccount: 'allowed@example.com'
+    })
 
-    expect(result).toBe(false);
-  });
+    expect(result).toBe(false)
+  })
 
   it('returns false for missing authorization header', async () => {
     const mockReq = {
-      headers: {},
-    };
+      headers: {}
+    }
 
     // eslint-disable-next-line @typescript-eslint/no-explicit-any
     const result = await verifyRequest(mockReq as any, {
       allowedAudience: 'audience',
-      allowedServiceAccount: 'allowed@example.com',
-    });
+      allowedServiceAccount: 'allowed@example.com'
+    })
 
-    expect(result).toBe(false);
-  });
+    expect(result).toBe(false)
+  })
 
   it('returns false for incorrect email', async () => {
     const mockReq = {
       headers: {
-        authorization: 'Bearer wrong-email-token',
-      },
-    };
+        authorization: 'Bearer wrong-email-token'
+      }
+    }
 
     // eslint-disable-next-line @typescript-eslint/no-explicit-any
     const result = await verifyRequest(mockReq as any, {
       allowedAudience: 'audience',
-      allowedServiceAccount: 'allowed@example.com',
-    });
+      allowedServiceAccount: 'allowed@example.com'
+    })
 
-    expect(result).toBe(false);
-  });
-});
+    expect(result).toBe(false)
+  })
+})

package/src/auth/verify.ts

@@ -1,32 +1,29 @@
-import { OAuth2Client } from 'google-auth-library';
-import { Request } from '@google-cloud/functions-framework';
+import { OAuth2Client } from 'google-auth-library'
+import { Request } from '@google-cloud/functions-framework'
 
 interface VerifyOptions {
-  allowedAudience: string;
-  allowedServiceAccount: string;
+  allowedAudience: string
+  allowedServiceAccount: string
 }
 
-export async function verifyRequest(
-  req: Request,
-  options: VerifyOptions
-): Promise<boolean> {
-  const authHeader = req.headers['authorization'];
+export async function verifyRequest(req: Request, options: VerifyOptions): Promise<boolean> {
+  const authHeader = req.headers['authorization']
   if (!authHeader || !authHeader.startsWith('Bearer ')) {
-    return false;
+    return false
   }
 
-  const token = authHeader.split(' ')[1];
-  const client = new OAuth2Client();
+  const token = authHeader.split(' ')[1]
+  const client = new OAuth2Client()
 
   try {
     const ticket = await client.verifyIdToken({
       idToken: token,
-      audience: options.allowedAudience,
-    });
+      audience: options.allowedAudience
+    })
 
-    const payload = ticket.getPayload();
-    return payload?.email === options.allowedServiceAccount;
+    const payload = ticket.getPayload()
+    return payload?.email === options.allowedServiceAccount
   } catch {
-    return false;
+    return false
   }
 }

package/src/db/mongo.test.ts

@@ -1,46 +1,47 @@
-import { connectToMongo, getCollection } from './mongo';
-import { MongoClient, Db, Collection } from 'mongodb';
-import * as secretsModule from '../utils/secrets';
+import { connectToMongo, getCollection } from './mongo'
+import { MongoClient, Db } from 'mongodb'
+import * as secretsModule from '../utils/secrets'
 
-jest.mock('mongodb');
-jest.mock('../utils/secrets');
+jest.mock('mongodb')
+jest.mock('../utils/secrets')
 
 const mockDb = {
-  collection: jest.fn(),
-} as unknown as Db;
+  collection: jest.fn()
+} as unknown as Db
 
-const mockConnect = jest.fn();
+const mockConnect = jest.fn()
 const mockClient = {
   connect: mockConnect,
-  db: jest.fn().mockReturnValue(mockDb),
-} as unknown as MongoClient;
+  db: jest.fn().mockReturnValue(mockDb)
+} as unknown as MongoClient
 
 beforeEach(() => {
-  jest.clearAllMocks();
-  (secretsModule.getSecret as jest.Mock).mockResolvedValue('mongodb://mock-uri');
-  (MongoClient as unknown as jest.Mock).mockImplementation(() => mockClient);
-});
+  jest.clearAllMocks()
+  ;(secretsModule.getSecret as jest.Mock).mockResolvedValue('mongodb://mock-uri')
+  ;(MongoClient as unknown as jest.Mock).mockImplementation(() => mockClient)
+})
 
 describe('Mongo Utils', () => {
   it('should connect to MongoDB and store client/db', async () => {
-    await connectToMongo('test-project', 'mongo-uri-secret', 'test-db');
+    await connectToMongo('test-project', 'mongo-uri-secret', 'test-db')
 
-    expect(secretsModule.getSecret).toHaveBeenCalledWith('test-project', 'mongo-uri-secret');
-    expect(mockConnect).toHaveBeenCalled();
-    expect(mockClient.db).toHaveBeenCalledWith('test-db');
-  });
+    expect(secretsModule.getSecret).toHaveBeenCalledWith('test-project', 'mongo-uri-secret')
+    expect(mockConnect).toHaveBeenCalled()
+    expect(mockClient.db).toHaveBeenCalledWith('test-db')
+  })
 
   it('should return a collection when db is initialized', async () => {
-    await connectToMongo('test-project', 'mongo-uri-secret', 'test-db');
-    getCollection('users');
+    await connectToMongo('test-project', 'mongo-uri-secret', 'test-db')
+    getCollection('users')
 
-    expect(mockDb.collection).toHaveBeenCalledWith('users');
-  });
+    expect(mockDb.collection).toHaveBeenCalledWith('users')
+  })
 
   it('should throw error if db is not initialized', () => {
     jest.isolateModules(() => {
-    const { getCollection } = require('./mongo');
-    expect(() => getCollection('users')).toThrow('Mongo not initialized');
-  });
-  });
-});
+      // eslint-disable-next-line @typescript-eslint/no-require-imports
+      const { getCollection } = require('./mongo')
+      expect(() => getCollection('users')).toThrow('Mongo not initialized')
+    })
+  })
+})

package/src/db/mongo.ts

@@ -1,19 +1,19 @@
-import { MongoClient, Db, Collection, Document } from 'mongodb';
-import { getSecret } from '../utils/secrets'; // reuse your secret manager util
+import { MongoClient, Db, Collection, Document } from 'mongodb'
+import { getSecret } from '../utils/secrets' // reuse your secret manager util
 
-let client: MongoClient;
-let db: Db;
+let client: MongoClient
+let db: Db
 
 export async function connectToMongo(projectId: string, uriSecret: string, dbName: string) {
-  if (client) return;
+  if (client) return
 
-  const uri = await getSecret(projectId, uriSecret);
-  client = new MongoClient(uri);
-  await client.connect();
-  db = client.db(dbName); // or pass DB name if needed
+  const uri = await getSecret(projectId, uriSecret)
+  client = new MongoClient(uri)
+  await client.connect()
+  db = client.db(dbName) // or pass DB name if needed
 }
 
 export function getCollection<T extends Document = Document>(name: string): Collection<T> {
-  if (!db) throw new Error('Mongo not initialized');
-  return db.collection<T>(name);
+  if (!db) throw new Error('Mongo not initialized')
+  return db.collection<T>(name)
 }

package/src/index.ts

@@ -1,3 +1,4 @@
-export * from './auth/verify';
-export * from './utils/secrets';
-export * from './db/mongo';
+export * from './auth/verify'
+export * from './db/mongo'
+export * from './utils/secrets'
+export * from './utils/task'

package/src/utils/secrets.test.ts

@@ -1,44 +1,44 @@
-import { getSecret } from './secrets';
-import { SecretManagerServiceClient } from '@google-cloud/secret-manager';
+import { getSecret } from './secrets'
+import { SecretManagerServiceClient } from '@google-cloud/secret-manager'
 
-jest.mock('@google-cloud/secret-manager');
+jest.mock('@google-cloud/secret-manager')
 
 // Mock implementation
-const mockAccessSecretVersion = jest.fn();
-(SecretManagerServiceClient as unknown as jest.Mock).mockImplementation(() => ({
-  accessSecretVersion: mockAccessSecretVersion,
-}));
+const mockAccessSecretVersion = jest.fn()
+;(SecretManagerServiceClient as unknown as jest.Mock).mockImplementation(() => ({
+  accessSecretVersion: mockAccessSecretVersion
+}))
 
 describe('getSecret', () => {
   beforeEach(() => {
-    jest.clearAllMocks();
-  });
+    jest.clearAllMocks()
+  })
 
   it('returns secret value as string', async () => {
     mockAccessSecretVersion.mockResolvedValue([
       {
-        payload: { data: Buffer.from('super-secret-value') },
-      },
-    ]);
+        payload: { data: Buffer.from('super-secret-value') }
+      }
+    ])
 
-    const result = await getSecret('test-project', 'test-secret');
-    expect(result).toBe('super-secret-value');
+    const result = await getSecret('test-project', 'test-secret')
+    expect(result).toBe('super-secret-value')
     expect(mockAccessSecretVersion).toHaveBeenCalledWith({
-      name: 'projects/test-project/secrets/test-secret/versions/latest',
-    });
-  });
+      name: 'projects/test-project/secrets/test-secret/versions/latest'
+    })
+  })
 
   it('throws if projectId is missing', async () => {
-    await expect(getSecret('', 'secret')).rejects.toThrow('projectId is required');
-  });
+    await expect(getSecret('', 'secret')).rejects.toThrow('projectId is required')
+  })
 
   it('throws if secretName is missing', async () => {
-    await expect(getSecret('project', '')).rejects.toThrow('secretName is required');
-  });
+    await expect(getSecret('project', '')).rejects.toThrow('secretName is required')
+  })
 
   it('returns empty string if payload or data is missing', async () => {
-    mockAccessSecretVersion.mockResolvedValue([{}]); // no payload
-    const result = await getSecret('project', 'secret');
-    expect(result).toBe('');
-  });
-});
+    mockAccessSecretVersion.mockResolvedValue([{}]) // no payload
+    const result = await getSecret('project', 'secret')
+    expect(result).toBe('')
+  })
+})

package/src/utils/secrets.ts

@@ -1,4 +1,4 @@
-import { SecretManagerServiceClient } from '@google-cloud/secret-manager';
+import { SecretManagerServiceClient } from '@google-cloud/secret-manager'
 
 /**
  * Returns the latest value of a Secret Manager secret.
@@ -7,18 +7,15 @@ import { SecretManagerServiceClient } from '@google-cloud/secret-manager';
  * @param secretName  – Secret name (without version).
  * @returns           – UTF-8 string value.
  */
-export async function getSecret(
-  projectId: string,
-  secretName: string
-): Promise<string> {
-  if (!projectId) throw new Error('projectId is required');
-  if (!secretName) throw new Error('secretName is required');
+export async function getSecret(projectId: string, secretName: string): Promise<string> {
+  if (!projectId) throw new Error('projectId is required')
+  if (!secretName) throw new Error('secretName is required')
 
-  const secretClient = new SecretManagerServiceClient();
+  const secretClient = new SecretManagerServiceClient()
 
   const [version] = await secretClient.accessSecretVersion({
-    name: `projects/${projectId}/secrets/${secretName}/versions/latest`,
-  });
+    name: `projects/${projectId}/secrets/${secretName}/versions/latest`
+  })
 
-  return (version.payload?.data as Buffer)?.toString('utf-8') ?? '';
+  return (version.payload?.data as Buffer)?.toString('utf-8') ?? ''
 }

package/src/utils/task.test.ts

@@ -0,0 +1,94 @@
+const mockCreateTask = jest.fn()
+const mockQueuePath = jest.fn(
+  (projectId, region, queueId) => `projects/${projectId}/locations/${region}/queues/${queueId}`
+)
+
+jest.mock('@google-cloud/tasks', () => {
+  return {
+    CloudTasksClient: jest.fn(() => ({
+      createTask: mockCreateTask,
+      queuePath: mockQueuePath
+    })),
+    protos: {
+      google: {
+        cloud: {
+          tasks: {
+            v2: {
+              HttpMethod: {
+                POST: 'POST'
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+})
+
+import { createTask } from './task'
+
+describe('createTask', () => {
+  beforeEach(() => {
+    mockCreateTask.mockReset()
+  })
+
+  it('throws error if any required parameter is missing', async () => {
+    // Missing projectId
+    await expect(
+      createTask('', 'region', 'queue', {}, 'serviceAccount', 'audience')
+    ).rejects.toThrow('Missing required parameters for Cloud Tasks setup')
+
+    // Missing region
+    await expect(
+      createTask('project', '', 'queue', {}, 'serviceAccount', 'audience')
+    ).rejects.toThrow('Missing required parameters for Cloud Tasks setup')
+
+    // Missing queueId
+    await expect(
+      createTask('project', 'region', '', {}, 'serviceAccount', 'audience')
+    ).rejects.toThrow('Missing required parameters for Cloud Tasks setup')
+
+    // Missing serviceAccount
+    await expect(createTask('project', 'region', 'queue', {}, '', 'audience')).rejects.toThrow(
+      'Missing required parameters for Cloud Tasks setup'
+    )
+
+    // Missing audience
+    await expect(
+      createTask('project', 'region', 'queue', {}, 'serviceAccount', '')
+    ).rejects.toThrow('Missing required parameters for Cloud Tasks setup')
+  })
+
+  it('should create a task and return task name', async () => {
+    const mockTaskName =
+      'projects/test-project/locations/us-central1/queues/test-queue/tasks/task-123'
+    mockCreateTask.mockResolvedValue([{ name: mockTaskName }])
+
+    const result = await createTask(
+      'test-project',
+      'us-central1',
+      'test-queue',
+      { test: 'data' },
+      'test-sa@test.iam.gserviceaccount.com',
+      'https://run-url'
+    )
+
+    expect(result).toBe(mockTaskName)
+    expect(mockCreateTask).toHaveBeenCalledTimes(1)
+  })
+
+  it('should throw error if task name is missing', async () => {
+    mockCreateTask.mockResolvedValue([{}]) // Simulate missing name
+
+    await expect(
+      createTask(
+        'test-project',
+        'us-central1',
+        'test-queue',
+        { foo: 'bar' },
+        'test@project.iam.gserviceaccount.com',
+        'https://example.com'
+      )
+    ).rejects.toThrow('Failed to create task: no name returned')
+  })
+})

package/src/utils/task.ts

@@ -0,0 +1,39 @@
+import { CloudTasksClient, protos } from '@google-cloud/tasks'
+
+const tasksClient = new CloudTasksClient()
+
+export async function createTask(
+  projectId: string,
+  region: string,
+  queueId: string,
+  data: unknown,
+  serviceAccount: string,
+  audience: string
+): Promise<string> {
+  if (!projectId || !region || !queueId || !serviceAccount || !audience) {
+    throw new Error('Missing required parameters for Cloud Tasks setup')
+  }
+
+  const parent = tasksClient.queuePath(projectId, region, queueId)
+
+  const task: protos.google.cloud.tasks.v2.ITask = {
+    httpRequest: {
+      httpMethod: protos.google.cloud.tasks.v2.HttpMethod.POST,
+      url: audience,
+      headers: {
+        'Content-Type': 'application/json'
+      },
+      body: Buffer.from(JSON.stringify(data)).toString('base64'),
+      oidcToken: {
+        serviceAccountEmail: serviceAccount,
+        audience
+      }
+    }
+  }
+
+  const [response] = await tasksClient.createTask({ parent, task })
+  if (!response.name) {
+    throw new Error('Failed to create task: no name returned')
+  }
+  return response.name
+}