updating-secrets 1.2.0 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -63,7 +63,9 @@ export class SecretsJsonFileAdapter extends BaseSecretsAdapter {
|
|
|
63
63
|
const secretValue = existingSecrets[key];
|
|
64
64
|
const shapeDefinition = secrets[key]?.shapeDefinition;
|
|
65
65
|
return shapeDefinition
|
|
66
|
-
? !checkValidShape(secretValue, shapeDefinition
|
|
66
|
+
? !checkValidShape(secretValue, shapeDefinition, {
|
|
67
|
+
allowExtraKeys: true,
|
|
68
|
+
})
|
|
67
69
|
: !check.isString(secretValue);
|
|
68
70
|
});
|
|
69
71
|
if (invalidSecretKeys.length > 0) {
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { type PartialWithUndefined, type RequiredAndNotNull, type Values } from '@augment-vir/common';
|
|
2
|
-
import { type AnyDuration
|
|
2
|
+
import { type AnyDuration } from 'date-vir';
|
|
3
3
|
import { type Shape } from 'object-shape-tester';
|
|
4
4
|
import { type BaseSecretsAdapter } from './adapters/base.adapter.js';
|
|
5
5
|
import { type ProcessedSecretDefinitions, type RotatableSecretValue, type SecretDefinitions, type SecretValues } from './secrets-definition/define-secrets.js';
|
|
@@ -96,12 +96,6 @@ export declare class UpdatingSecrets<const Secrets extends Readonly<SecretDefini
|
|
|
96
96
|
*/
|
|
97
97
|
protected loadingSecretsPromise: Promise<SecretValues<Secrets>> | undefined;
|
|
98
98
|
protected consecutiveFailureCount: number;
|
|
99
|
-
protected dynamicCache: {
|
|
100
|
-
[SecretName in string]: {
|
|
101
|
-
value: any;
|
|
102
|
-
cachedAt: FullDate;
|
|
103
|
-
};
|
|
104
|
-
};
|
|
105
99
|
constructor(secrets: Readonly<Secrets>,
|
|
106
100
|
/**
|
|
107
101
|
* A list of adapters to load secrets from. Order here matters: all values loaded from the
|
package/dist/updating-secrets.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { assert } from '@augment-vir/assert';
|
|
2
2
|
import { combineErrors, DeferredPromise, ensureError, ensureErrorAndPrependMessage, extractErrorMessage, getObjectTypedEntries, log, makeWritable, mapObject, mapObjectValues, mergeDefinedProperties, } from '@augment-vir/common';
|
|
3
|
-
import {
|
|
3
|
+
import { convertDuration } from 'date-vir';
|
|
4
4
|
import { assertValidShape, checkValidShape, defineShape } from 'object-shape-tester';
|
|
5
5
|
import { SecretLoadError } from './secret-load.error.js';
|
|
6
6
|
const defaultOptions = {
|
|
@@ -59,7 +59,6 @@ export class UpdatingSecrets {
|
|
|
59
59
|
*/
|
|
60
60
|
loadingSecretsPromise;
|
|
61
61
|
consecutiveFailureCount = 0;
|
|
62
|
-
dynamicCache = {};
|
|
63
62
|
constructor(secrets,
|
|
64
63
|
/**
|
|
65
64
|
* A list of adapters to load secrets from. Order here matters: all values loaded from the
|
|
@@ -148,9 +147,7 @@ export class UpdatingSecrets {
|
|
|
148
147
|
throw value;
|
|
149
148
|
}
|
|
150
149
|
else if (shapeDefinition) {
|
|
151
|
-
assertValidShape(value, shapeDefinition,
|
|
152
|
-
/** Allow extra keys for forwards compatibility. */
|
|
153
|
-
{
|
|
150
|
+
assertValidShape(value, shapeDefinition, {
|
|
154
151
|
allowExtraKeys: true,
|
|
155
152
|
});
|
|
156
153
|
}
|
|
@@ -158,7 +155,9 @@ export class UpdatingSecrets {
|
|
|
158
155
|
}
|
|
159
156
|
catch (caught) {
|
|
160
157
|
if (shapeDefinition &&
|
|
161
|
-
checkValidShape(undefined, shapeDefinition
|
|
158
|
+
checkValidShape(undefined, shapeDefinition, {
|
|
159
|
+
allowExtraKeys: true,
|
|
160
|
+
})) {
|
|
162
161
|
return undefined;
|
|
163
162
|
}
|
|
164
163
|
const error = new SecretLoadError(ensureError(caught), {
|
|
@@ -302,21 +301,7 @@ export class UpdatingSecrets {
|
|
|
302
301
|
* based on the adapters in use.
|
|
303
302
|
*/
|
|
304
303
|
async loadDynamicSecret(secretKey, shapeRequirement) {
|
|
305
|
-
|
|
306
|
-
if (cached &&
|
|
307
|
-
checkValidShape(cached.value, shapeRequirement) &&
|
|
308
|
-
!isDateAfter({
|
|
309
|
-
fullDate: getNowInUtcTimezone(),
|
|
310
|
-
relativeTo: calculateRelativeDate(cached.cachedAt, this.options.updateInterval),
|
|
311
|
-
})) {
|
|
312
|
-
return cached.value;
|
|
313
|
-
}
|
|
314
|
-
const newValue = await this.loadSecretFromAdapters(secretKey, shapeRequirement);
|
|
315
|
-
this.dynamicCache[secretKey] = {
|
|
316
|
-
value: newValue,
|
|
317
|
-
cachedAt: getNowInUtcTimezone(),
|
|
318
|
-
};
|
|
319
|
-
return newValue;
|
|
304
|
+
return await this.loadSecretFromAdapters(secretKey, shapeRequirement);
|
|
320
305
|
}
|
|
321
306
|
/** Try to load a single secret from any of the provided adapters. */
|
|
322
307
|
async loadSecretFromAdapters(secretKey, shapeRequirement) {
|
|
@@ -327,14 +312,18 @@ export class UpdatingSecrets {
|
|
|
327
312
|
if (!value) {
|
|
328
313
|
throw new Error('Secret is empty');
|
|
329
314
|
}
|
|
330
|
-
assertValidShape(value, shapeRequirement
|
|
315
|
+
assertValidShape(value, shapeRequirement, {
|
|
316
|
+
allowExtraKeys: true,
|
|
317
|
+
});
|
|
331
318
|
return value;
|
|
332
319
|
}
|
|
333
320
|
catch (error) {
|
|
334
321
|
errors.push(ensureErrorAndPrependMessage(error, `Failed to load secret '${secretKey}' from adapter '${adapter.adapterName}'`));
|
|
335
322
|
}
|
|
336
323
|
}
|
|
337
|
-
if (checkValidShape(undefined, shapeRequirement
|
|
324
|
+
if (checkValidShape(undefined, shapeRequirement, {
|
|
325
|
+
allowExtraKeys: true,
|
|
326
|
+
})) {
|
|
338
327
|
return undefined;
|
|
339
328
|
}
|
|
340
329
|
throw combineErrors(errors);
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "updating-secrets",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.3.0",
|
|
4
4
|
"description": "Automatically update secrets on an interval with support for seamless secret rotation.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"secrets",
|
|
@@ -44,15 +44,15 @@
|
|
|
44
44
|
"test:update": "npm run test update"
|
|
45
45
|
},
|
|
46
46
|
"dependencies": {
|
|
47
|
-
"@augment-vir/assert": "^31.
|
|
48
|
-
"@augment-vir/common": "^31.
|
|
47
|
+
"@augment-vir/assert": "^31.70.0",
|
|
48
|
+
"@augment-vir/common": "^31.70.0",
|
|
49
49
|
"date-vir": "^8.3.2",
|
|
50
50
|
"object-shape-tester": "^6.12.1",
|
|
51
51
|
"type-fest": "^5.6.0"
|
|
52
52
|
},
|
|
53
53
|
"devDependencies": {
|
|
54
|
-
"@augment-vir/test": "^31.
|
|
55
|
-
"@types/node": "^25.6.
|
|
54
|
+
"@augment-vir/test": "^31.70.0",
|
|
55
|
+
"@types/node": "^25.6.2",
|
|
56
56
|
"c8": "^11.0.0",
|
|
57
57
|
"istanbul-smart-text-reporter": "^1.1.5",
|
|
58
58
|
"markdown-code-example-inserter": "^3.0.5",
|