From efdc07057912f7f3475a410478cd9089efdadbc9 Mon Sep 17 00:00:00 2001 From: Daniel Hougaard Date: Mon, 23 Sep 2024 18:57:40 +0400 Subject: [PATCH 01/28] feat: aws auth --- package-lock.json | 450 +++++++++++++++++++++++++++++++++++++++- package.json | 3 + src/custom/auth.ts | 34 ++- src/custom/constants.ts | 3 + src/custom/secrets.ts | 3 +- src/custom/util.ts | 56 +++++ src/index.ts | 4 +- test/index.ts | 18 -- 8 files changed, 544 insertions(+), 27 deletions(-) create mode 100644 src/custom/constants.ts create mode 100644 src/custom/util.ts diff --git a/package-lock.json b/package-lock.json index e046146..20a79f2 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,20 +1,23 @@ { - "name": "@infisical/sdk-v2", + "name": "@infisical/sdk", "version": "0.0.0", "lockfileVersion": 3, "requires": true, "packages": { "": { - "name": "@infisical/sdk-v2", + "name": "@infisical/sdk", "version": "0.0.0", "license": "ISC", "dependencies": { + "aws-sdk": "^2.1691.0", + "aws4": "^1.13.2", "axios": "^1.7.5", "typescript": "^5.5.4", "zod": "^3.23.8" }, "devDependencies": { "@openapitools/openapi-generator-cli": "^2.13.5", + "@types/aws4": "^1.11.6", "@types/node": "^22.5.1", "tsc": "^2.0.4", "tsup": "^8.2.4" @@ -1030,6 +1033,16 @@ "win32" ] }, + "node_modules/@types/aws4": { + "version": "1.11.6", + "resolved": "https://registry.npmjs.org/@types/aws4/-/aws4-1.11.6.tgz", + "integrity": "sha512-5CnVUkHNyLGpD9AnOcK66YyP0qvIh6nhJJoeK8zSl5YKikUcUbdB7SlHevUYVqicgeh6j5AJa1qa/h08dSZHoA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/node": "*" + } + }, "node_modules/@types/estree": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.5.tgz", @@ -1139,6 +1152,66 @@ "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==", "license": "MIT" }, + "node_modules/available-typed-arrays": { + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/available-typed-arrays/-/available-typed-arrays-1.0.7.tgz", + "integrity": "sha512-wvUjBtSGN7+7SjNpq/9M2Tg350UZD3q62IFZLbRAR1bSMlCo1ZaeW+BJ+D090e4hIIZLBcTDWe4Mh4jvUDajzQ==", + "license": "MIT", + "dependencies": { + "possible-typed-array-names": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/aws-sdk": { + "version": "2.1691.0", + "resolved": "https://registry.npmjs.org/aws-sdk/-/aws-sdk-2.1691.0.tgz", + "integrity": "sha512-/F2YC+DlsY3UBM2Bdnh5RLHOPNibS/+IcjUuhP8XuctyrN+MlL+fWDAiela32LTDk7hMy4rx8MTgvbJ+0blO5g==", + "hasInstallScript": true, + "license": "Apache-2.0", + "dependencies": { + "buffer": "4.9.2", + "events": "1.1.1", + "ieee754": "1.1.13", + "jmespath": "0.16.0", + "querystring": "0.2.0", + "sax": "1.2.1", + "url": "0.10.3", + "util": "^0.12.4", + "uuid": "8.0.0", + "xml2js": "0.6.2" + }, + "engines": { + "node": ">= 10.0.0" + } + }, + "node_modules/aws-sdk/node_modules/buffer": { + "version": "4.9.2", + "resolved": "https://registry.npmjs.org/buffer/-/buffer-4.9.2.tgz", + "integrity": "sha512-xq+q3SRMOxGivLhBNaUdC64hDTQwejJ+H0T/NB1XMtTVEwNTrfFF3gAxiyW0Bu/xWEGhjVKgUcMhCrUy2+uCWg==", + "license": "MIT", + "dependencies": { + "base64-js": "^1.0.2", + "ieee754": "^1.1.4", + "isarray": "^1.0.0" + } + }, + "node_modules/aws-sdk/node_modules/ieee754": { + "version": "1.1.13", + "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.1.13.tgz", + "integrity": "sha512-4vf7I2LYV/HaWerSo3XmlMkp5eZ83i+/CDluXi/IGTs/O1sejBNhTtnxzmRZfvOUqj7lZjqHkeTvpgSFDlWZTg==", + "license": "BSD-3-Clause" + }, + "node_modules/aws4": { + "version": "1.13.2", + "resolved": "https://registry.npmjs.org/aws4/-/aws4-1.13.2.tgz", + "integrity": "sha512-lHe62zvbTB5eEABUVi/AwVh0ZKY9rMMDhmm+eeyuuUQbQ3+J+fONVQOZyj+DdrvD4BY33uYniyRJ4UJIaSKAfw==", + "license": "MIT" + }, "node_modules/axios": { "version": "1.7.5", "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.5.tgz", @@ -1161,7 +1234,6 @@ "version": "1.5.1", "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz", "integrity": "sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==", - "dev": true, "funding": [ { "type": "github", @@ -1278,6 +1350,25 @@ "node": ">=8" } }, + "node_modules/call-bind": { + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.7.tgz", + "integrity": "sha512-GHTSNSYICQ7scH7sZ+M2rFopRoLh8t2bLSW6BbgrtLsahOIB5iyAVJf9GjWK3cYTDaMj4XdBpM1cA6pIS0Kv2w==", + "license": "MIT", + "dependencies": { + "es-define-property": "^1.0.0", + "es-errors": "^1.3.0", + "function-bind": "^1.1.2", + "get-intrinsic": "^1.2.4", + "set-function-length": "^1.2.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, "node_modules/chalk": { "version": "4.1.2", "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", @@ -1601,6 +1692,23 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/define-data-property": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.4.tgz", + "integrity": "sha512-rBMvIzlpA8v6E+SJZoo++HAYqsLrkg7MSfIinMPFhmkorw7X+dOXVJQs+QT69zGkzMyfDnIMN2Wid1+NbL3T+A==", + "license": "MIT", + "dependencies": { + "es-define-property": "^1.0.0", + "es-errors": "^1.3.0", + "gopd": "^1.0.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, "node_modules/delayed-stream": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", @@ -1647,6 +1755,27 @@ "dev": true, "license": "MIT" }, + "node_modules/es-define-property": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.0.tgz", + "integrity": "sha512-jxayLKShrEqqzJ0eumQbVhTYQM27CfT1T35+gCgDFoL82JLsXqTJ76zv6A0YLOgEnLUMvLzsDsGIrl8NFpT2gQ==", + "license": "MIT", + "dependencies": { + "get-intrinsic": "^1.2.4" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-errors": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz", + "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + } + }, "node_modules/esbuild": { "version": "0.23.1", "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.23.1.tgz", @@ -1707,6 +1836,15 @@ "node": ">=0.8.0" } }, + "node_modules/events": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/events/-/events-1.1.1.tgz", + "integrity": "sha512-kEcvvCBByWXGnZy6JUlgAp2gBIUjfCAV6P6TgT1/aaQKcmuAEC4OZTV1I4EWQLz2gxZw76atuVyvHhTxvi0Flw==", + "license": "MIT", + "engines": { + "node": ">=0.4.x" + } + }, "node_modules/execa": { "version": "5.1.1", "resolved": "https://registry.npmjs.org/execa/-/execa-5.1.1.tgz", @@ -1829,6 +1967,15 @@ } } }, + "node_modules/for-each": { + "version": "0.3.3", + "resolved": "https://registry.npmjs.org/for-each/-/for-each-0.3.3.tgz", + "integrity": "sha512-jqYfLp7mo9vIyQf8ykW2v7A+2N4QjeCeI5+Dz9XraiO1ign81wjiH7Fb9vSOWvQfNtmSa4H2RoQTrrXivdUZmw==", + "license": "MIT", + "dependencies": { + "is-callable": "^1.1.3" + } + }, "node_modules/foreground-child": { "version": "3.3.0", "resolved": "https://registry.npmjs.org/foreground-child/-/foreground-child-3.3.0.tgz", @@ -1910,6 +2057,15 @@ "node": "^8.16.0 || ^10.6.0 || >=11.0.0" } }, + "node_modules/function-bind": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", + "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==", + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, "node_modules/get-caller-file": { "version": "2.0.5", "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", @@ -1920,6 +2076,25 @@ "node": "6.* || 8.* || >= 10.*" } }, + "node_modules/get-intrinsic": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.4.tgz", + "integrity": "sha512-5uYhsJH8VJBTv7oslg4BznJYhDoRI6waYCxMmCdnTrcCrHA/fCFKoTFz2JKKE0HdDFUF7/oQuhzumXJK7paBRQ==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0", + "function-bind": "^1.1.2", + "has-proto": "^1.0.1", + "has-symbols": "^1.0.3", + "hasown": "^2.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, "node_modules/get-stream": { "version": "6.0.1", "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-6.0.1.tgz", @@ -1989,6 +2164,18 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/gopd": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.0.1.tgz", + "integrity": "sha512-d65bNlIadxvpb/A2abVdlqKqV563juRnZ1Wtk6s1sIR8uNsXR70xqIzVqxVf1eTqDunwT2MkczEeaezCKTZhwA==", + "license": "MIT", + "dependencies": { + "get-intrinsic": "^1.1.3" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, "node_modules/graceful-fs": { "version": "4.2.11", "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz", @@ -2006,6 +2193,69 @@ "node": ">=8" } }, + "node_modules/has-property-descriptors": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.2.tgz", + "integrity": "sha512-55JNKuIW+vq4Ke1BjOTjM2YctQIvCT7GFzHwmfZPGo5wnrgkid0YQtnAleFSqumZm4az3n2BS+erby5ipJdgrg==", + "license": "MIT", + "dependencies": { + "es-define-property": "^1.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/has-proto": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/has-proto/-/has-proto-1.0.3.tgz", + "integrity": "sha512-SJ1amZAJUiZS+PhsVLf5tGydlaVB8EdFpaSO4gmiUKUOxk8qzn5AIy4ZeJUmh22znIdk/uMAUT2pl3FxzVUH+Q==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/has-symbols": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz", + "integrity": "sha512-l3LCuF6MgDNwTDKkdYGEihYjt5pRPbEg46rtlmnSPlUbgmB8LOIrKJbYYFBSbnPaJexMKtiPO8hmeRjRz2Td+A==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/has-tostringtag": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.2.tgz", + "integrity": "sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==", + "license": "MIT", + "dependencies": { + "has-symbols": "^1.0.3" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/hasown": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz", + "integrity": "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==", + "license": "MIT", + "dependencies": { + "function-bind": "^1.1.2" + }, + "engines": { + "node": ">= 0.4" + } + }, "node_modules/https-proxy-agent": { "version": "7.0.4", "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.4.tgz", @@ -2090,7 +2340,6 @@ "version": "2.0.4", "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", - "dev": true, "license": "ISC" }, "node_modules/inquirer": { @@ -2120,6 +2369,22 @@ "node": ">=12.0.0" } }, + "node_modules/is-arguments": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/is-arguments/-/is-arguments-1.1.1.tgz", + "integrity": "sha512-8Q7EARjzEnKpt/PCD7e1cgUS0a6X8u5tdSiMqXhojOdoV9TsMsiO+9VLC5vAmO8N7/GmXn7yjR8qnA6bVAEzfA==", + "license": "MIT", + "dependencies": { + "call-bind": "^1.0.2", + "has-tostringtag": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, "node_modules/is-binary-path": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", @@ -2133,6 +2398,18 @@ "node": ">=8" } }, + "node_modules/is-callable": { + "version": "1.2.7", + "resolved": "https://registry.npmjs.org/is-callable/-/is-callable-1.2.7.tgz", + "integrity": "sha512-1BC0BVFhS/p0qtw6enp8e+8OD0UrK0oFLztSjNzhcKA3WDuJxxAPXzPuPtKkjEY9UUoEWlX/8fgKeu2S8i9JTA==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, "node_modules/is-extglob": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", @@ -2153,6 +2430,21 @@ "node": ">=8" } }, + "node_modules/is-generator-function": { + "version": "1.0.10", + "resolved": "https://registry.npmjs.org/is-generator-function/-/is-generator-function-1.0.10.tgz", + "integrity": "sha512-jsEjy9l3yiXEQ+PsXdmBwEPcOxaXWLspKdplFUVI9vq1iZgIekeC0L167qeu86czQaxed3q/Uzuw0swL0irL8A==", + "license": "MIT", + "dependencies": { + "has-tostringtag": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, "node_modules/is-glob": { "version": "4.0.3", "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", @@ -2199,6 +2491,21 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/is-typed-array": { + "version": "1.1.13", + "resolved": "https://registry.npmjs.org/is-typed-array/-/is-typed-array-1.1.13.tgz", + "integrity": "sha512-uZ25/bUAlUY5fR4OKT4rZQEBrzQWYV9ZJYGGsUmEJ6thodVJ1HX64ePQ6Z0qPWP+m+Uq6e9UugrE38jeYsDSMw==", + "license": "MIT", + "dependencies": { + "which-typed-array": "^1.1.14" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, "node_modules/is-unicode-supported": { "version": "0.1.0", "resolved": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-0.1.0.tgz", @@ -2212,6 +2519,12 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/isarray": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", + "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==", + "license": "MIT" + }, "node_modules/isexe": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", @@ -2245,6 +2558,15 @@ "@pkgjs/parseargs": "^0.11.0" } }, + "node_modules/jmespath": { + "version": "0.16.0", + "resolved": "https://registry.npmjs.org/jmespath/-/jmespath-0.16.0.tgz", + "integrity": "sha512-9FzQjJ7MATs1tSpnco1K6ayiYE3figslrXA72G2HQ/n76RzvYlofyi5QM+iX4YRs/pu3yzxlVQSST23+dMDknw==", + "license": "Apache-2.0", + "engines": { + "node": ">= 0.6.0" + } + }, "node_modules/joycon": { "version": "3.1.1", "resolved": "https://registry.npmjs.org/joycon/-/joycon-3.1.1.tgz", @@ -2652,6 +2974,15 @@ "node": ">= 6" } }, + "node_modules/possible-typed-array-names": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/possible-typed-array-names/-/possible-typed-array-names-1.0.0.tgz", + "integrity": "sha512-d7Uw+eZoloe0EHDIYoe+bQ5WXnGMOpmiZFTuMWCwpjzzkL2nTjcKiAk4hh8TjnGye2TwWOk3UXucZ+3rbmBa8Q==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + } + }, "node_modules/postcss-load-config": { "version": "6.0.1", "resolved": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-6.0.1.tgz", @@ -2711,6 +3042,15 @@ "node": ">=6" } }, + "node_modules/querystring": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/querystring/-/querystring-0.2.0.tgz", + "integrity": "sha512-X/xY82scca2tau62i9mDyU9K+I+djTMUsvwf7xnUX5GLvVzgJybOJf4Y6o9Zx3oJK/LSXg5tTZBjwzqVPaPO2g==", + "deprecated": "The querystring API is considered Legacy. new code should use the URLSearchParams API instead.", + "engines": { + "node": ">=0.4.x" + } + }, "node_modules/queue-microtask": { "version": "1.2.3", "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", @@ -2927,6 +3267,29 @@ "dev": true, "license": "MIT" }, + "node_modules/sax": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/sax/-/sax-1.2.1.tgz", + "integrity": "sha512-8I2a3LovHTOpm7NV5yOyO8IHqgVsfK4+UuySrXU8YXkSRX7k6hCV9b3HrkKCr3nMpgj+0bmocaJJWpvp1oc7ZA==", + "license": "ISC" + }, + "node_modules/set-function-length": { + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.2.2.tgz", + "integrity": "sha512-pgRc4hJ4/sNjWCSS9AmnS40x3bNMDTknHgL5UaMBTMyJnU90EgWh1Rz+MC9eFu4BuN/UwZjKQuY/1v3rM7HMfg==", + "license": "MIT", + "dependencies": { + "define-data-property": "^1.1.4", + "es-errors": "^1.3.0", + "function-bind": "^1.1.2", + "get-intrinsic": "^1.2.4", + "gopd": "^1.0.1", + "has-property-descriptors": "^1.0.2" + }, + "engines": { + "node": ">= 0.4" + } + }, "node_modules/shebang-command": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", @@ -3401,6 +3764,35 @@ "node": ">= 10.0.0" } }, + "node_modules/url": { + "version": "0.10.3", + "resolved": "https://registry.npmjs.org/url/-/url-0.10.3.tgz", + "integrity": "sha512-hzSUW2q06EqL1gKM/a+obYHLIO6ct2hwPuviqTTOcfFVc61UbfJ2Q32+uGL/HCPxKqrdGB5QUwIe7UqlDgwsOQ==", + "license": "MIT", + "dependencies": { + "punycode": "1.3.2", + "querystring": "0.2.0" + } + }, + "node_modules/url/node_modules/punycode": { + "version": "1.3.2", + "resolved": "https://registry.npmjs.org/punycode/-/punycode-1.3.2.tgz", + "integrity": "sha512-RofWgt/7fL5wP1Y7fxE7/EmTLzQVnB0ycyibJ0OOHIlJqTNzglYFxVwETOcIoJqJmpDXJ9xImDv+Fq34F/d4Dw==", + "license": "MIT" + }, + "node_modules/util": { + "version": "0.12.5", + "resolved": "https://registry.npmjs.org/util/-/util-0.12.5.tgz", + "integrity": "sha512-kZf/K6hEIrWHI6XqOFUiiMa+79wE/D8Q+NCNAWclkyg3b4d2k7s0QGepNjiABc+aR3N1PAyHL7p6UcLY6LmrnA==", + "license": "MIT", + "dependencies": { + "inherits": "^2.0.3", + "is-arguments": "^1.0.4", + "is-generator-function": "^1.0.7", + "is-typed-array": "^1.1.3", + "which-typed-array": "^1.1.2" + } + }, "node_modules/util-deprecate": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz", @@ -3408,6 +3800,15 @@ "dev": true, "license": "MIT" }, + "node_modules/uuid": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.0.0.tgz", + "integrity": "sha512-jOXGuXZAWdsTH7eZLtyXMqUb9EcWMGZNbL9YcGBJl4MH4nrxHmZJhEHvyLFrkxo+28uLb/NYRcStH48fnD0Vzw==", + "license": "MIT", + "bin": { + "uuid": "dist/bin/uuid" + } + }, "node_modules/wcwidth": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/wcwidth/-/wcwidth-1.0.1.tgz", @@ -3452,6 +3853,25 @@ "node": ">= 8" } }, + "node_modules/which-typed-array": { + "version": "1.1.15", + "resolved": "https://registry.npmjs.org/which-typed-array/-/which-typed-array-1.1.15.tgz", + "integrity": "sha512-oV0jmFtUky6CXfkqehVvBP/LSWJ2sy4vWMioiENyJLePrBO/yKyV9OyJySfAKosh+RYkIl5zJCNZ8/4JncrpdA==", + "license": "MIT", + "dependencies": { + "available-typed-arrays": "^1.0.7", + "call-bind": "^1.0.7", + "for-each": "^0.3.3", + "gopd": "^1.0.1", + "has-tostringtag": "^1.0.2" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, "node_modules/wrap-ansi": { "version": "6.2.0", "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz", @@ -3493,6 +3913,28 @@ "dev": true, "license": "ISC" }, + "node_modules/xml2js": { + "version": "0.6.2", + "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.6.2.tgz", + "integrity": "sha512-T4rieHaC1EXcES0Kxxj4JWgaUQHDk+qwHcYOCFHfiwKz7tOVPLq7Hjq9dM1WCMhylqMEfP7hMcOIChvotiZegA==", + "license": "MIT", + "dependencies": { + "sax": ">=0.6.0", + "xmlbuilder": "~11.0.0" + }, + "engines": { + "node": ">=4.0.0" + } + }, + "node_modules/xmlbuilder": { + "version": "11.0.1", + "resolved": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-11.0.1.tgz", + "integrity": "sha512-fDlsI/kFEx7gLvbecc0/ohLG50fugQp8ryHzMTuW9vSa1GJ0XYWKnhsUx7oie3G98+r56aTQIUB4kht42R3JvA==", + "license": "MIT", + "engines": { + "node": ">=4.0" + } + }, "node_modules/y18n": { "version": "5.0.8", "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz", diff --git a/package.json b/package.json index 824cb20..64614ab 100644 --- a/package.json +++ b/package.json @@ -27,11 +27,14 @@ "description": "", "devDependencies": { "@openapitools/openapi-generator-cli": "^2.13.5", + "@types/aws4": "^1.11.6", "@types/node": "^22.5.1", "tsc": "^2.0.4", "tsup": "^8.2.4" }, "dependencies": { + "aws-sdk": "^2.1691.0", + "aws4": "^1.13.2", "axios": "^1.7.5", "typescript": "^5.5.4", "zod": "^3.23.8" diff --git a/src/custom/auth.ts b/src/custom/auth.ts index 02ca4a9..409f9b3 100644 --- a/src/custom/auth.ts +++ b/src/custom/auth.ts @@ -1,18 +1,50 @@ import { InfisicalSDK } from ".."; import { ApiV1AuthUniversalAuthLoginPostRequest } from "../infisicalapi_client"; import { DefaultApi as InfisicalApi } from "../infisicalapi_client"; +import { MACHINE_IDENTITY_ID_ENV_NAME } from "./constants"; +import { getAwsRegion, performAwsIamLogin } from "./util"; +import AWS from "aws-sdk"; type AuthenticatorFunction = (accessToken: string) => InfisicalSDK; +type AwsAuthLoginOptions = { + identityId?: string; +}; + export default class AuthClient { sdkAuthenticator: AuthenticatorFunction; apiClient: InfisicalApi; + baseUrl: string; - constructor(authenticator: AuthenticatorFunction, apiInstance: InfisicalApi) { + constructor(authenticator: AuthenticatorFunction, apiInstance: InfisicalApi, baseUrl: string) { this.sdkAuthenticator = authenticator; this.apiClient = apiInstance; + this.baseUrl = baseUrl; } + awsIamAuth = { + login: async (options: AwsAuthLoginOptions) => { + const identityId = options.identityId || process.env[MACHINE_IDENTITY_ID_ENV_NAME]; + + if (!identityId) { + throw new Error("Identity ID is required for AWS IAM authentication"); + } + + const iamRequest = await performAwsIamLogin(this.baseUrl, identityId, await getAwsRegion()); + + const res = await this.apiClient.apiV1AuthAwsAuthLoginPost({ + apiV1AuthAwsAuthLoginPostRequest: { + iamHttpRequestMethod: iamRequest.iamHttpRequestMethod, + iamRequestBody: Buffer.from(iamRequest.iamRequestBody).toString("base64"), + iamRequestHeaders: Buffer.from(JSON.stringify(iamRequest.iamRequestHeaders)).toString("base64"), + identityId + } + }); + + return this.sdkAuthenticator(res.data.accessToken); + } + }; + universalAuth = { login: async (options: ApiV1AuthUniversalAuthLoginPostRequest) => { const res = await this.apiClient.apiV1AuthUniversalAuthLoginPost({ diff --git a/src/custom/constants.ts b/src/custom/constants.ts new file mode 100644 index 0000000..ea0225d --- /dev/null +++ b/src/custom/constants.ts @@ -0,0 +1,3 @@ +export const MACHINE_IDENTITY_ID_ENV_NAME = "INFISICAL_MACHINE_IDENTITY_ID"; +export const AWS_TOKEN_METADATA_URI = "http://169.254.169.254/latest/api/token"; +export const AWS_IDENTITY_DOCUMENT_URI = "http://169.254.169.254/latest/dynamic/instance-identity/document"; diff --git a/src/custom/secrets.ts b/src/custom/secrets.ts index f09ee0d..1b4b8a8 100644 --- a/src/custom/secrets.ts +++ b/src/custom/secrets.ts @@ -1,8 +1,7 @@ import { RawAxiosRequestConfig } from "axios"; -import { Configuration, DefaultApi as InfisicalApi } from "../infisicalapi_client"; +import { DefaultApi as InfisicalApi } from "../infisicalapi_client"; import type { DefaultApiApiV3SecretsRawSecretNameDeleteRequest, - DefaultApiApiV3SecretsRawSecretNameGetRequest, DefaultApiApiV3SecretsRawSecretNamePatchRequest, DefaultApiApiV3SecretsRawSecretNamePostRequest } from "../infisicalapi_client"; diff --git a/src/custom/util.ts b/src/custom/util.ts new file mode 100644 index 0000000..b2de975 --- /dev/null +++ b/src/custom/util.ts @@ -0,0 +1,56 @@ +import axios from "axios"; +import { AWS_IDENTITY_DOCUMENT_URI, AWS_TOKEN_METADATA_URI } from "./constants"; +import AWS from "aws-sdk"; +import aws4 from "aws4"; +export const getAwsRegion = async () => { + const region = process.env.AWS_REGION; // Typically found in lambda runtime environment + if (region) { + return region; + } + + try { + const timeout = 1000; + + const tokenRes = await axios.get(AWS_TOKEN_METADATA_URI, { + headers: { + "X-aws-ec2-metadata-token-ttl-seconds": "21600" + }, + timeout: 5_000 // 5 seconds + }); + + const identityResponse = await axios.get<{ region: string }>(AWS_IDENTITY_DOCUMENT_URI, { + headers: { + "X-aws-ec2-metadata-token": tokenRes.data, + Accept: "application/json" + }, + timeout: timeout + }); + + return identityResponse.data.region; + } catch (e) { + throw new Error("Failed to retrieve AWS region"); + } +}; + +export const performAwsIamLogin = async (baseUrl: string, identityId: string, region: string) => { + const body = "Action=GetCallerIdentity&Version=2011-06-15"; + + const signOpts = aws4.sign( + { + service: "sts", + path: `/?${body}`, + region + }, + { + accessKeyId: AWS.config.credentials?.accessKeyId, + secretAccessKey: AWS.config.credentials?.secretAccessKey + } + ); + + return { + iamHttpRequestMethod: "POST", + iamRequestUrl: signOpts.host, + iamRequestBody: body, + iamRequestHeaders: signOpts.headers + } as const; +}; diff --git a/src/index.ts b/src/index.ts index 381c775..32d8711 100644 --- a/src/index.ts +++ b/src/index.ts @@ -38,7 +38,7 @@ class InfisicalSDK { }) ); - this.#authClient = new AuthClient(this.authenticate.bind(this), this.#apiInstance); + this.#authClient = new AuthClient(this.authenticate.bind(this), this.#apiInstance, this.#basePath); this.#dynamicSecretsClient = new DynamicSecretsClient(this.#apiInstance, this.#requestOptions); this.#secretsClient = new SecretsClient(this.#apiInstance, this.#requestOptions); this.rest = () => buildRestClient(this.#apiInstance, this.#requestOptions); @@ -61,7 +61,7 @@ class InfisicalSDK { this.rest = () => buildRestClient(this.#apiInstance, this.#requestOptions); this.#secretsClient = new SecretsClient(this.#apiInstance, this.#requestOptions); this.#dynamicSecretsClient = new DynamicSecretsClient(this.#apiInstance, this.#requestOptions); - this.#authClient = new AuthClient(this.authenticate.bind(this), this.#apiInstance); + this.#authClient = new AuthClient(this.authenticate.bind(this), this.#apiInstance, this.#basePath); return this; } diff --git a/test/index.ts b/test/index.ts index eafc5a6..bc883b6 100644 --- a/test/index.ts +++ b/test/index.ts @@ -14,24 +14,6 @@ const PROJECT_ID = "PROJECT_ID"; clientSecret: "CLIENT_SECRET" }); - const dynamicSecret = await client - .dynamicSecrets() - .leases.create({ - dynamicSecretName: "test-redis", - projectSlug: "11-w-hfo", - environmentSlug: "dev" - }) - .catch(err => { - if (err instanceof AxiosError) { - console.log(err.response?.data); - } - throw new Error("oops"); - }); - - console.log(dynamicSecret); - - // // process.exit(0); - const allSecrets = await client.secrets().listSecrets({ environment: "dev", projectId: PROJECT_ID, From 6e1fb3d500cc9ca2638b9647a68771854e283f9d Mon Sep 17 00:00:00 2001 From: Daniel Hougaard Date: Mon, 23 Sep 2024 19:14:37 +0400 Subject: [PATCH 02/28] fixes --- src/custom/auth.ts | 4 ++-- test/index.ts | 9 +++------ 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/src/custom/auth.ts b/src/custom/auth.ts index 409f9b3..91a82f8 100644 --- a/src/custom/auth.ts +++ b/src/custom/auth.ts @@ -23,8 +23,8 @@ export default class AuthClient { } awsIamAuth = { - login: async (options: AwsAuthLoginOptions) => { - const identityId = options.identityId || process.env[MACHINE_IDENTITY_ID_ENV_NAME]; + login: async (options?: AwsAuthLoginOptions) => { + const identityId = options?.identityId || process.env[MACHINE_IDENTITY_ID_ENV_NAME]; if (!identityId) { throw new Error("Identity ID is required for AWS IAM authentication"); diff --git a/test/index.ts b/test/index.ts index bc883b6..b44059f 100644 --- a/test/index.ts +++ b/test/index.ts @@ -1,17 +1,14 @@ -import { AxiosError } from "axios"; import { InfisicalSDK } from "../src"; -const PROJECT_ID = "PROJECT_ID"; +const PROJECT_ID = "65a02bdfa77d9b8197956da1"; (async () => { const client = new InfisicalSDK({ siteUrl: "http://localhost:8080" // Optional, defaults to https://app.infisical.com }); - await client.auth().universalAuth.login({ - // For localhost - clientId: "CLIENT_ID", - clientSecret: "CLIENT_SECRET" + await client.auth().awsIamAuth.login({ + identityId: "84b548bf-6556-40f6-9ef9-838708fae049" }); const allSecrets = await client.secrets().listSecrets({ From f0e1ce0d9562e476152e117def9cd1b7eaba0980 Mon Sep 17 00:00:00 2001 From: Daniel Hougaard Date: Mon, 23 Sep 2024 19:21:03 +0400 Subject: [PATCH 03/28] Update dynamic-secrets.ts --- src/custom/dynamic-secrets.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/src/custom/dynamic-secrets.ts b/src/custom/dynamic-secrets.ts index 69da766..4ee0d84 100644 --- a/src/custom/dynamic-secrets.ts +++ b/src/custom/dynamic-secrets.ts @@ -25,6 +25,7 @@ export default class DynamicSecretsClient { async create(options: CreateDynamicSecretOptions) { const res = await this.#apiInstance.apiV1DynamicSecretsPost( { + // @ts-ignore apiV1DynamicSecretsPostRequest: options as DefaultApiApiV1DynamicSecretsPostRequest["apiV1DynamicSecretsPostRequest"] }, this.#requestOptions From 33986fffab0f9b5131b12ee34041b41999fb3dab Mon Sep 17 00:00:00 2001 From: Daniel Hougaard Date: Mon, 23 Sep 2024 19:22:17 +0400 Subject: [PATCH 04/28] Update util.ts --- src/custom/util.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/custom/util.ts b/src/custom/util.ts index b2de975..5849a40 100644 --- a/src/custom/util.ts +++ b/src/custom/util.ts @@ -28,7 +28,8 @@ export const getAwsRegion = async () => { return identityResponse.data.region; } catch (e) { - throw new Error("Failed to retrieve AWS region"); + console.error("Failed to retrieve AWS region"); + throw e; } }; From 39d38a7382a604626705d1fb15aed7ecf9ea7220 Mon Sep 17 00:00:00 2001 From: Daniel Hougaard Date: Mon, 23 Sep 2024 19:27:22 +0400 Subject: [PATCH 05/28] Update util.ts --- src/custom/util.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/custom/util.ts b/src/custom/util.ts index 5849a40..c7be35b 100644 --- a/src/custom/util.ts +++ b/src/custom/util.ts @@ -11,7 +11,7 @@ export const getAwsRegion = async () => { try { const timeout = 1000; - const tokenRes = await axios.get(AWS_TOKEN_METADATA_URI, { + const tokenRes = await axios.put(AWS_TOKEN_METADATA_URI, { headers: { "X-aws-ec2-metadata-token-ttl-seconds": "21600" }, From 07a6aede9281024ac58d737afb6560fd45112d8f Mon Sep 17 00:00:00 2001 From: Daniel Hougaard Date: Mon, 23 Sep 2024 22:49:32 +0400 Subject: [PATCH 06/28] Update util.ts --- src/custom/util.ts | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/custom/util.ts b/src/custom/util.ts index c7be35b..d3e5b86 100644 --- a/src/custom/util.ts +++ b/src/custom/util.ts @@ -9,9 +9,7 @@ export const getAwsRegion = async () => { } try { - const timeout = 1000; - - const tokenRes = await axios.put(AWS_TOKEN_METADATA_URI, { + const tokenRes = await axios.put(AWS_TOKEN_METADATA_URI, undefined, { headers: { "X-aws-ec2-metadata-token-ttl-seconds": "21600" }, @@ -23,7 +21,7 @@ export const getAwsRegion = async () => { "X-aws-ec2-metadata-token": tokenRes.data, Accept: "application/json" }, - timeout: timeout + timeout: 5_000 }); return identityResponse.data.region; From 614f7d0afd02487febf3146d522cb6c13a41e8fb Mon Sep 17 00:00:00 2001 From: Daniel Hougaard Date: Mon, 23 Sep 2024 23:01:57 +0400 Subject: [PATCH 07/28] Update util.ts --- src/custom/util.ts | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/custom/util.ts b/src/custom/util.ts index d3e5b86..77bd8c5 100644 --- a/src/custom/util.ts +++ b/src/custom/util.ts @@ -34,6 +34,12 @@ export const getAwsRegion = async () => { export const performAwsIamLogin = async (baseUrl: string, identityId: string, region: string) => { const body = "Action=GetCallerIdentity&Version=2011-06-15"; + AWS.config.update({ + region: region + }); + + console.log("creds", AWS.config.credentials); + const signOpts = aws4.sign( { service: "sts", From bf9f20f692ea5c90af2cc94b722ac6e0cdc0d5af Mon Sep 17 00:00:00 2001 From: Daniel Hougaard Date: Mon, 23 Sep 2024 23:14:26 +0400 Subject: [PATCH 08/28] Update util.ts --- src/custom/util.ts | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/src/custom/util.ts b/src/custom/util.ts index 77bd8c5..967e316 100644 --- a/src/custom/util.ts +++ b/src/custom/util.ts @@ -34,11 +34,20 @@ export const getAwsRegion = async () => { export const performAwsIamLogin = async (baseUrl: string, identityId: string, region: string) => { const body = "Action=GetCallerIdentity&Version=2011-06-15"; - AWS.config.update({ - region: region + const creds = await new Promise<{ sessionToken?: string; accessKeyId: string; secretAccessKey: string }>((resolve, reject) => { + AWS.config.getCredentials((err, res) => { + if (err) { + throw err; + } else { + if (!res) { + throw new Error("Credentials not found"); + } + return resolve(res); + } + }); }); - console.log("creds", AWS.config.credentials); + console.log("creds", creds); const signOpts = aws4.sign( { @@ -47,8 +56,8 @@ export const performAwsIamLogin = async (baseUrl: string, identityId: string, re region }, { - accessKeyId: AWS.config.credentials?.accessKeyId, - secretAccessKey: AWS.config.credentials?.secretAccessKey + accessKeyId: creds.accessKeyId, + secretAccessKey: creds.secretAccessKey } ); From 59585446bce1f8a3a35834d9e9da0ac4b794a085 Mon Sep 17 00:00:00 2001 From: Daniel Hougaard Date: Mon, 23 Sep 2024 23:35:05 +0400 Subject: [PATCH 09/28] Update util.ts --- src/custom/util.ts | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/custom/util.ts b/src/custom/util.ts index 967e316..8dd2a14 100644 --- a/src/custom/util.ts +++ b/src/custom/util.ts @@ -47,6 +47,10 @@ export const performAwsIamLogin = async (baseUrl: string, identityId: string, re }); }); + AWS.config.update({ + region + }); + console.log("creds", creds); const signOpts = aws4.sign( From d503d2877574f1ef8f707f995208d82b8362f9f1 Mon Sep 17 00:00:00 2001 From: Daniel Hougaard Date: Mon, 23 Sep 2024 23:37:20 +0400 Subject: [PATCH 10/28] Update util.ts --- src/custom/util.ts | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/src/custom/util.ts b/src/custom/util.ts index 8dd2a14..0c2dd7a 100644 --- a/src/custom/util.ts +++ b/src/custom/util.ts @@ -34,6 +34,10 @@ export const getAwsRegion = async () => { export const performAwsIamLogin = async (baseUrl: string, identityId: string, region: string) => { const body = "Action=GetCallerIdentity&Version=2011-06-15"; + AWS.config.update({ + region + }); + const creds = await new Promise<{ sessionToken?: string; accessKeyId: string; secretAccessKey: string }>((resolve, reject) => { AWS.config.getCredentials((err, res) => { if (err) { @@ -47,10 +51,6 @@ export const performAwsIamLogin = async (baseUrl: string, identityId: string, re }); }); - AWS.config.update({ - region - }); - console.log("creds", creds); const signOpts = aws4.sign( @@ -61,7 +61,8 @@ export const performAwsIamLogin = async (baseUrl: string, identityId: string, re }, { accessKeyId: creds.accessKeyId, - secretAccessKey: creds.secretAccessKey + secretAccessKey: creds.secretAccessKey, + sessionToken: creds.sessionToken } ); From 26764bfd80efed077c99bb860f5a086023c91420 Mon Sep 17 00:00:00 2001 From: Daniel Hougaard Date: Mon, 23 Sep 2024 23:39:59 +0400 Subject: [PATCH 11/28] Update util.ts --- src/custom/util.ts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/custom/util.ts b/src/custom/util.ts index 0c2dd7a..71fb687 100644 --- a/src/custom/util.ts +++ b/src/custom/util.ts @@ -66,6 +66,8 @@ export const performAwsIamLogin = async (baseUrl: string, identityId: string, re } ); + console.log(signOpts); + return { iamHttpRequestMethod: "POST", iamRequestUrl: signOpts.host, From 86a941249e4091d3c45a9149150a0a7c1f780fa5 Mon Sep 17 00:00:00 2001 From: Daniel Hougaard Date: Mon, 23 Sep 2024 23:45:23 +0400 Subject: [PATCH 12/28] Update util.ts --- src/custom/util.ts | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/custom/util.ts b/src/custom/util.ts index 71fb687..efb4308 100644 --- a/src/custom/util.ts +++ b/src/custom/util.ts @@ -66,8 +66,17 @@ export const performAwsIamLogin = async (baseUrl: string, identityId: string, re } ); - console.log(signOpts); + let host = signOpts.host; + if (signOpts.host) { + host = `${signOpts.host.replace(".sts", `.sts.${region}.`)}`; + } + console.log(signOpts); + console.log("host", host); + const headers = { + ...signOpts.headers, + host + }; return { iamHttpRequestMethod: "POST", iamRequestUrl: signOpts.host, From 853c1c21cef4192cb1db32be2a014f6698b1a8c0 Mon Sep 17 00:00:00 2001 From: Daniel Hougaard Date: Mon, 23 Sep 2024 23:48:07 +0400 Subject: [PATCH 13/28] Update util.ts --- src/custom/util.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/custom/util.ts b/src/custom/util.ts index efb4308..22aeab7 100644 --- a/src/custom/util.ts +++ b/src/custom/util.ts @@ -66,9 +66,9 @@ export const performAwsIamLogin = async (baseUrl: string, identityId: string, re } ); - let host = signOpts.host; - if (signOpts.host) { - host = `${signOpts.host.replace(".sts", `.sts.${region}.`)}`; + let host = (signOpts as any)["Host"]; + if (signOpts as any["Host"]) { + host = `${(signOpts as any)["Host"].replace(".sts", `.sts.${region}.`)}`; } console.log(signOpts); From b49796ad9ed2946fb95f46cfd7190362e8975d08 Mon Sep 17 00:00:00 2001 From: Daniel Hougaard Date: Mon, 23 Sep 2024 23:50:54 +0400 Subject: [PATCH 14/28] Update util.ts --- src/custom/util.ts | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/src/custom/util.ts b/src/custom/util.ts index 22aeab7..af32993 100644 --- a/src/custom/util.ts +++ b/src/custom/util.ts @@ -66,21 +66,15 @@ export const performAwsIamLogin = async (baseUrl: string, identityId: string, re } ); - let host = (signOpts as any)["Host"]; - if (signOpts as any["Host"]) { - host = `${(signOpts as any)["Host"].replace(".sts", `.sts.${region}.`)}`; - } + delete signOpts.headers?.host; - console.log(signOpts); - console.log("host", host); const headers = { - ...signOpts.headers, - host + ...signOpts.headers }; return { iamHttpRequestMethod: "POST", iamRequestUrl: signOpts.host, iamRequestBody: body, - iamRequestHeaders: signOpts.headers + iamRequestHeaders: headers } as const; }; From 217c63c4e919ac603d43a6a7bed1027836d6bff6 Mon Sep 17 00:00:00 2001 From: Daniel Hougaard Date: Mon, 23 Sep 2024 23:53:16 +0400 Subject: [PATCH 15/28] Update util.ts --- src/custom/util.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/custom/util.ts b/src/custom/util.ts index af32993..b194de0 100644 --- a/src/custom/util.ts +++ b/src/custom/util.ts @@ -67,7 +67,7 @@ export const performAwsIamLogin = async (baseUrl: string, identityId: string, re ); delete signOpts.headers?.host; - + delete signOpts.headers?.Host; const headers = { ...signOpts.headers }; From 5c96ad399ead16c5a84f7e274fcc6e1b1488e776 Mon Sep 17 00:00:00 2001 From: Daniel Hougaard Date: Mon, 23 Sep 2024 23:55:42 +0400 Subject: [PATCH 16/28] Update util.ts --- src/custom/util.ts | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/custom/util.ts b/src/custom/util.ts index b194de0..e6a1725 100644 --- a/src/custom/util.ts +++ b/src/custom/util.ts @@ -57,7 +57,8 @@ export const performAwsIamLogin = async (baseUrl: string, identityId: string, re { service: "sts", path: `/?${body}`, - region + region, + host: `sts.${region}.amazonaws.com` }, { accessKeyId: creds.accessKeyId, @@ -66,8 +67,6 @@ export const performAwsIamLogin = async (baseUrl: string, identityId: string, re } ); - delete signOpts.headers?.host; - delete signOpts.headers?.Host; const headers = { ...signOpts.headers }; From 16de3e38e8f5efa57aa4a27d9a9e621087830e1d Mon Sep 17 00:00:00 2001 From: Daniel Hougaard Date: Tue, 24 Sep 2024 00:00:45 +0400 Subject: [PATCH 17/28] old --- package-lock.json | 28 ++++++++++++---------------- package.json | 2 +- src/custom/util.ts | 45 +++++++++++++++++++++++---------------------- 3 files changed, 36 insertions(+), 39 deletions(-) diff --git a/package-lock.json b/package-lock.json index 20a79f2..e033cc8 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9,7 +9,7 @@ "version": "0.0.0", "license": "ISC", "dependencies": { - "aws-sdk": "^2.1691.0", + "aws-sdk": "^2.1311.0", "aws4": "^1.13.2", "axios": "^1.7.5", "typescript": "^5.5.4", @@ -1168,10 +1168,9 @@ } }, "node_modules/aws-sdk": { - "version": "2.1691.0", - "resolved": "https://registry.npmjs.org/aws-sdk/-/aws-sdk-2.1691.0.tgz", - "integrity": "sha512-/F2YC+DlsY3UBM2Bdnh5RLHOPNibS/+IcjUuhP8XuctyrN+MlL+fWDAiela32LTDk7hMy4rx8MTgvbJ+0blO5g==", - "hasInstallScript": true, + "version": "2.1311.0", + "resolved": "https://registry.npmjs.org/aws-sdk/-/aws-sdk-2.1311.0.tgz", + "integrity": "sha512-X3cFNsfs3HUfz6LKiLqvDTO4EsqO5DnNssh9SOoxhwmoMyJ2et3dEmigO6TaA44BjVNdLW98+sXJVPTGvINY1Q==", "license": "Apache-2.0", "dependencies": { "buffer": "4.9.2", @@ -1183,7 +1182,7 @@ "url": "0.10.3", "util": "^0.12.4", "uuid": "8.0.0", - "xml2js": "0.6.2" + "xml2js": "0.4.19" }, "engines": { "node": ">= 10.0.0" @@ -3914,22 +3913,19 @@ "license": "ISC" }, "node_modules/xml2js": { - "version": "0.6.2", - "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.6.2.tgz", - "integrity": "sha512-T4rieHaC1EXcES0Kxxj4JWgaUQHDk+qwHcYOCFHfiwKz7tOVPLq7Hjq9dM1WCMhylqMEfP7hMcOIChvotiZegA==", + "version": "0.4.19", + "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.4.19.tgz", + "integrity": "sha512-esZnJZJOiJR9wWKMyuvSE1y6Dq5LCuJanqhxslH2bxM6duahNZ+HMpCLhBQGZkbX6xRf8x1Y2eJlgt2q3qo49Q==", "license": "MIT", "dependencies": { "sax": ">=0.6.0", - "xmlbuilder": "~11.0.0" - }, - "engines": { - "node": ">=4.0.0" + "xmlbuilder": "~9.0.1" } }, "node_modules/xmlbuilder": { - "version": "11.0.1", - "resolved": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-11.0.1.tgz", - "integrity": "sha512-fDlsI/kFEx7gLvbecc0/ohLG50fugQp8ryHzMTuW9vSa1GJ0XYWKnhsUx7oie3G98+r56aTQIUB4kht42R3JvA==", + "version": "9.0.7", + "resolved": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-9.0.7.tgz", + "integrity": "sha512-7YXTQc3P2l9+0rjaUbLwMKRhtmwg1M1eDf6nag7urC7pIPYLD9W/jmzQ4ptRSUbodw5S0jfoGTflLemQibSpeQ==", "license": "MIT", "engines": { "node": ">=4.0" diff --git a/package.json b/package.json index 64614ab..6c487e7 100644 --- a/package.json +++ b/package.json @@ -33,7 +33,7 @@ "tsup": "^8.2.4" }, "dependencies": { - "aws-sdk": "^2.1691.0", + "aws-sdk": "^2.1311.0", "aws4": "^1.13.2", "axios": "^1.7.5", "typescript": "^5.5.4", diff --git a/src/custom/util.ts b/src/custom/util.ts index e6a1725..808445a 100644 --- a/src/custom/util.ts +++ b/src/custom/util.ts @@ -1,7 +1,7 @@ import axios from "axios"; import { AWS_IDENTITY_DOCUMENT_URI, AWS_TOKEN_METADATA_URI } from "./constants"; import AWS from "aws-sdk"; -import aws4 from "aws4"; + export const getAwsRegion = async () => { const region = process.env.AWS_REGION; // Typically found in lambda runtime environment if (region) { @@ -51,29 +51,30 @@ export const performAwsIamLogin = async (baseUrl: string, identityId: string, re }); }); - console.log("creds", creds); - - const signOpts = aws4.sign( - { - service: "sts", - path: `/?${body}`, - region, - host: `sts.${region}.amazonaws.com` - }, - { - accessKeyId: creds.accessKeyId, - secretAccessKey: creds.secretAccessKey, - sessionToken: creds.sessionToken - } - ); - - const headers = { - ...signOpts.headers + const iamRequestURL = `https://sts.${region}.amazonaws.com/`; + const iamRequestBody = "Action=GetCallerIdentity&Version=2011-06-15"; + const iamRequestHeaders = { + "Content-Type": "application/x-www-form-urlencoded; charset=utf-8", + Host: `sts.${region}.amazonaws.com` }; + + const request = new AWS.HttpRequest(new AWS.Endpoint(iamRequestURL), region); + request.method = "POST"; + request.headers = iamRequestHeaders; + + // @ts-expect-error -- .util is not typed + request.headers["X-Amz-Date"] = AWS.util.date.iso8601(new Date()).replace(/[:-]|\.\d{3}/g, ""); + request.body = iamRequestBody; + request.headers["Content-Length"] = String(Buffer.byteLength(iamRequestBody)); + + // @ts-expect-error -- .Signers is not typed + const signer = new AWS.Signers.V4(request, "sts"); + signer.addAuthorization(AWS.config.credentials, new Date()); + return { iamHttpRequestMethod: "POST", - iamRequestUrl: signOpts.host, - iamRequestBody: body, - iamRequestHeaders: headers + iamRequestUrl: Buffer.from(iamRequestURL).toString("base64"), + iamRequestBody: Buffer.from(iamRequestBody).toString("base64"), + iamRequestHeaders: Buffer.from(JSON.stringify(iamRequestHeaders)).toString("base64") } as const; }; From cb07d82a1802fc3cbfd6fe3cc324808dfff63103 Mon Sep 17 00:00:00 2001 From: Daniel Hougaard Date: Tue, 24 Sep 2024 00:01:44 +0400 Subject: [PATCH 18/28] fix --- src/custom/auth.ts | 2 +- src/custom/util.ts | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/src/custom/auth.ts b/src/custom/auth.ts index 91a82f8..db3ec3b 100644 --- a/src/custom/auth.ts +++ b/src/custom/auth.ts @@ -30,7 +30,7 @@ export default class AuthClient { throw new Error("Identity ID is required for AWS IAM authentication"); } - const iamRequest = await performAwsIamLogin(this.baseUrl, identityId, await getAwsRegion()); + const iamRequest = await performAwsIamLogin(await getAwsRegion()); const res = await this.apiClient.apiV1AuthAwsAuthLoginPost({ apiV1AuthAwsAuthLoginPostRequest: { diff --git a/src/custom/util.ts b/src/custom/util.ts index 808445a..84f3b3c 100644 --- a/src/custom/util.ts +++ b/src/custom/util.ts @@ -31,9 +31,7 @@ export const getAwsRegion = async () => { } }; -export const performAwsIamLogin = async (baseUrl: string, identityId: string, region: string) => { - const body = "Action=GetCallerIdentity&Version=2011-06-15"; - +export const performAwsIamLogin = async (region: string) => { AWS.config.update({ region }); From e7626699ff25ea04a73017d66adfba6c50bb435d Mon Sep 17 00:00:00 2001 From: Daniel Hougaard Date: Tue, 24 Sep 2024 00:11:45 +0400 Subject: [PATCH 19/28] Update util.ts --- src/custom/util.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/custom/util.ts b/src/custom/util.ts index 84f3b3c..bb6cd67 100644 --- a/src/custom/util.ts +++ b/src/custom/util.ts @@ -71,8 +71,8 @@ export const performAwsIamLogin = async (region: string) => { return { iamHttpRequestMethod: "POST", - iamRequestUrl: Buffer.from(iamRequestURL).toString("base64"), - iamRequestBody: Buffer.from(iamRequestBody).toString("base64"), - iamRequestHeaders: Buffer.from(JSON.stringify(iamRequestHeaders)).toString("base64") + iamRequestUrl: iamRequestURL, + iamRequestBody: iamRequestBody, + iamRequestHeaders: iamRequestHeaders } as const; }; From 3ba2345565416fbace959186d72933614284cceb Mon Sep 17 00:00:00 2001 From: Daniel Hougaard Date: Tue, 24 Sep 2024 00:14:37 +0400 Subject: [PATCH 20/28] fixes --- package-lock.json | 2 +- package.json | 2 +- src/custom/auth.ts | 1 - 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index e033cc8..5b84cb8 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9,7 +9,7 @@ "version": "0.0.0", "license": "ISC", "dependencies": { - "aws-sdk": "^2.1311.0", + "aws-sdk": "2.1311.0", "aws4": "^1.13.2", "axios": "^1.7.5", "typescript": "^5.5.4", diff --git a/package.json b/package.json index 6c487e7..e0c0687 100644 --- a/package.json +++ b/package.json @@ -33,7 +33,7 @@ "tsup": "^8.2.4" }, "dependencies": { - "aws-sdk": "^2.1311.0", + "aws-sdk": "2.1311.0", "aws4": "^1.13.2", "axios": "^1.7.5", "typescript": "^5.5.4", diff --git a/src/custom/auth.ts b/src/custom/auth.ts index db3ec3b..ae9b699 100644 --- a/src/custom/auth.ts +++ b/src/custom/auth.ts @@ -3,7 +3,6 @@ import { ApiV1AuthUniversalAuthLoginPostRequest } from "../infisicalapi_client"; import { DefaultApi as InfisicalApi } from "../infisicalapi_client"; import { MACHINE_IDENTITY_ID_ENV_NAME } from "./constants"; import { getAwsRegion, performAwsIamLogin } from "./util"; -import AWS from "aws-sdk"; type AuthenticatorFunction = (accessToken: string) => InfisicalSDK; From 760d1d7e70cb77bbba46326b8388bae58f6e2a1c Mon Sep 17 00:00:00 2001 From: Daniel Hougaard Date: Tue, 24 Sep 2024 00:17:25 +0400 Subject: [PATCH 21/28] feat: aws auth --- package-lock.json | 18 ------------------ package.json | 2 -- 2 files changed, 20 deletions(-) diff --git a/package-lock.json b/package-lock.json index 5b84cb8..fd52726 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10,14 +10,12 @@ "license": "ISC", "dependencies": { "aws-sdk": "2.1311.0", - "aws4": "^1.13.2", "axios": "^1.7.5", "typescript": "^5.5.4", "zod": "^3.23.8" }, "devDependencies": { "@openapitools/openapi-generator-cli": "^2.13.5", - "@types/aws4": "^1.11.6", "@types/node": "^22.5.1", "tsc": "^2.0.4", "tsup": "^8.2.4" @@ -1033,16 +1031,6 @@ "win32" ] }, - "node_modules/@types/aws4": { - "version": "1.11.6", - "resolved": "https://registry.npmjs.org/@types/aws4/-/aws4-1.11.6.tgz", - "integrity": "sha512-5CnVUkHNyLGpD9AnOcK66YyP0qvIh6nhJJoeK8zSl5YKikUcUbdB7SlHevUYVqicgeh6j5AJa1qa/h08dSZHoA==", - "dev": true, - "license": "MIT", - "dependencies": { - "@types/node": "*" - } - }, "node_modules/@types/estree": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.5.tgz", @@ -1205,12 +1193,6 @@ "integrity": "sha512-4vf7I2LYV/HaWerSo3XmlMkp5eZ83i+/CDluXi/IGTs/O1sejBNhTtnxzmRZfvOUqj7lZjqHkeTvpgSFDlWZTg==", "license": "BSD-3-Clause" }, - "node_modules/aws4": { - "version": "1.13.2", - "resolved": "https://registry.npmjs.org/aws4/-/aws4-1.13.2.tgz", - "integrity": "sha512-lHe62zvbTB5eEABUVi/AwVh0ZKY9rMMDhmm+eeyuuUQbQ3+J+fONVQOZyj+DdrvD4BY33uYniyRJ4UJIaSKAfw==", - "license": "MIT" - }, "node_modules/axios": { "version": "1.7.5", "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.5.tgz", diff --git a/package.json b/package.json index e0c0687..c50552a 100644 --- a/package.json +++ b/package.json @@ -27,14 +27,12 @@ "description": "", "devDependencies": { "@openapitools/openapi-generator-cli": "^2.13.5", - "@types/aws4": "^1.11.6", "@types/node": "^22.5.1", "tsc": "^2.0.4", "tsup": "^8.2.4" }, "dependencies": { "aws-sdk": "2.1311.0", - "aws4": "^1.13.2", "axios": "^1.7.5", "typescript": "^5.5.4", "zod": "^3.23.8" From c02fe3566befa795e5a2a539543fa45c5bd7a0b0 Mon Sep 17 00:00:00 2001 From: Daniel Hougaard Date: Tue, 24 Sep 2024 00:18:40 +0400 Subject: [PATCH 22/28] fix: don't expose private fields --- src/custom/auth.ts | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/src/custom/auth.ts b/src/custom/auth.ts index ae9b699..81c17c3 100644 --- a/src/custom/auth.ts +++ b/src/custom/auth.ts @@ -11,14 +11,14 @@ type AwsAuthLoginOptions = { }; export default class AuthClient { - sdkAuthenticator: AuthenticatorFunction; - apiClient: InfisicalApi; - baseUrl: string; + #sdkAuthenticator: AuthenticatorFunction; + #apiClient: InfisicalApi; + #baseUrl: string; constructor(authenticator: AuthenticatorFunction, apiInstance: InfisicalApi, baseUrl: string) { - this.sdkAuthenticator = authenticator; - this.apiClient = apiInstance; - this.baseUrl = baseUrl; + this.#sdkAuthenticator = authenticator; + this.#apiClient = apiInstance; + this.#baseUrl = baseUrl; } awsIamAuth = { @@ -31,7 +31,7 @@ export default class AuthClient { const iamRequest = await performAwsIamLogin(await getAwsRegion()); - const res = await this.apiClient.apiV1AuthAwsAuthLoginPost({ + const res = await this.#apiClient.apiV1AuthAwsAuthLoginPost({ apiV1AuthAwsAuthLoginPostRequest: { iamHttpRequestMethod: iamRequest.iamHttpRequestMethod, iamRequestBody: Buffer.from(iamRequest.iamRequestBody).toString("base64"), @@ -40,21 +40,21 @@ export default class AuthClient { } }); - return this.sdkAuthenticator(res.data.accessToken); + return this.#sdkAuthenticator(res.data.accessToken); } }; universalAuth = { login: async (options: ApiV1AuthUniversalAuthLoginPostRequest) => { - const res = await this.apiClient.apiV1AuthUniversalAuthLoginPost({ + const res = await this.#apiClient.apiV1AuthUniversalAuthLoginPost({ apiV1AuthUniversalAuthLoginPostRequest: options }); - return this.sdkAuthenticator(res.data.accessToken); + return this.#sdkAuthenticator(res.data.accessToken); } }; accessToken = (token: string) => { - return this.sdkAuthenticator(token); + return this.#sdkAuthenticator(token); }; } From f56685aeae24edda825e940405cdab9996aa788c Mon Sep 17 00:00:00 2001 From: Daniel Hougaard Date: Tue, 24 Sep 2024 00:21:52 +0400 Subject: [PATCH 23/28] Update index.ts --- test/index.ts | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/test/index.ts b/test/index.ts index b44059f..725a7b0 100644 --- a/test/index.ts +++ b/test/index.ts @@ -1,14 +1,15 @@ import { InfisicalSDK } from "../src"; -const PROJECT_ID = "65a02bdfa77d9b8197956da1"; +const PROJECT_ID = "PROJECT_ID"; (async () => { const client = new InfisicalSDK({ siteUrl: "http://localhost:8080" // Optional, defaults to https://app.infisical.com }); - await client.auth().awsIamAuth.login({ - identityId: "84b548bf-6556-40f6-9ef9-838708fae049" + await client.auth().universalAuth.login({ + clientId: "CLIENT_ID", + clientSecret: "CLIENT_SECRET" }); const allSecrets = await client.secrets().listSecrets({ From bdc08a0fbae255615e7b7052bf1cdb7a1732bf62 Mon Sep 17 00:00:00 2001 From: Daniel Hougaard Date: Tue, 24 Sep 2024 00:28:32 +0400 Subject: [PATCH 24/28] Update README.md --- README.md | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/README.md b/README.md index 48b29ae..05d63d6 100644 --- a/README.md +++ b/README.md @@ -51,6 +51,37 @@ await client.auth().universalAuth.login({ }); ``` +**Parameters:** +- `options` (object): + - `clientId` (string): The client ID of your Machine Identity. + - `clientSecret` (string): The client secret of your Machine Identity. + + +#### Plain Access Token +```typescript +client.auth().accessToken("") +``` + +**Parameters:** +- `accessToken` (string): The access token to be used for authentication. _This should not include "Bearer"._ + + +#### AWS IAM +```typescript +await client.auth().awsIamAuth.login({ + identityId: "" +}) +``` + +**Parameters:** +- `options` (object): + - `identityId` (string): The ID of your identity + - `clientSecret` (string): The client secret of your Machine Identity. + + +> [!NOTE] +> AWS IAM auth only works when the SDK is being used from within an AWS service, such as Lambda, EC2, etc. + ### `secrets` From 37c5556aee80c7310a103fb2d6d869e7a98d8a70 Mon Sep 17 00:00:00 2001 From: Daniel Hougaard Date: Tue, 24 Sep 2024 00:29:15 +0400 Subject: [PATCH 25/28] Update README.md --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 05d63d6..68f2ca3 100644 --- a/README.md +++ b/README.md @@ -67,6 +67,10 @@ client.auth().accessToken("") #### AWS IAM + +> [!NOTE] +> AWS IAM auth only works when the SDK is being used from within an AWS service, such as Lambda, EC2, etc. + ```typescript await client.auth().awsIamAuth.login({ identityId: "" @@ -79,10 +83,6 @@ await client.auth().awsIamAuth.login({ - `clientSecret` (string): The client secret of your Machine Identity. -> [!NOTE] -> AWS IAM auth only works when the SDK is being used from within an AWS service, such as Lambda, EC2, etc. - - ### `secrets` This sub-class handles operations related to secrets: From 6d1947d6545f52273e85f12a14333e482a635bdf Mon Sep 17 00:00:00 2001 From: Daniel Hougaard Date: Tue, 24 Sep 2024 00:35:14 +0400 Subject: [PATCH 26/28] fix: dynamic secret provider --- src/custom/dynamic-secrets.ts | 1 - src/custom/schemas/dynamic-secrets.ts | 14 ++++++++++++-- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/src/custom/dynamic-secrets.ts b/src/custom/dynamic-secrets.ts index 4ee0d84..69da766 100644 --- a/src/custom/dynamic-secrets.ts +++ b/src/custom/dynamic-secrets.ts @@ -25,7 +25,6 @@ export default class DynamicSecretsClient { async create(options: CreateDynamicSecretOptions) { const res = await this.#apiInstance.apiV1DynamicSecretsPost( { - // @ts-ignore apiV1DynamicSecretsPostRequest: options as DefaultApiApiV1DynamicSecretsPostRequest["apiV1DynamicSecretsPostRequest"] }, this.#requestOptions diff --git a/src/custom/schemas/dynamic-secrets.ts b/src/custom/schemas/dynamic-secrets.ts index e179e55..5822caf 100644 --- a/src/custom/schemas/dynamic-secrets.ts +++ b/src/custom/schemas/dynamic-secrets.ts @@ -157,6 +157,14 @@ export const DynamicSecretMongoDBSchema = z.object({ ) }); +export const AzureEntraIDSchema = z.object({ + tenantId: z.string().trim().min(1), + userId: z.string().trim().min(1), + email: z.string().trim().min(1), + applicationId: z.string().trim().min(1), + clientSecret: z.string().trim().min(1) +}); + export enum DynamicSecretProviders { SqlDatabase = "sql-database", Cassandra = "cassandra", @@ -166,7 +174,8 @@ export enum DynamicSecretProviders { MongoAtlas = "mongo-db-atlas", ElasticSearch = "elastic-search", MongoDB = "mongo-db", - RabbitMq = "rabbit-mq" + RabbitMq = "rabbit-mq", + AzureEntraID = "azure-entra-id" } export const DynamicSecretProviderSchema = z.discriminatedUnion("type", [ @@ -178,7 +187,8 @@ export const DynamicSecretProviderSchema = z.discriminatedUnion("type", [ z.object({ type: z.literal(DynamicSecretProviders.MongoAtlas), inputs: DynamicSecretMongoAtlasSchema }), z.object({ type: z.literal(DynamicSecretProviders.ElasticSearch), inputs: DynamicSecretElasticSearchSchema }), z.object({ type: z.literal(DynamicSecretProviders.MongoDB), inputs: DynamicSecretMongoDBSchema }), - z.object({ type: z.literal(DynamicSecretProviders.RabbitMq), inputs: DynamicSecretRabbitMqSchema }) + z.object({ type: z.literal(DynamicSecretProviders.RabbitMq), inputs: DynamicSecretRabbitMqSchema }), + z.object({ type: z.literal(DynamicSecretProviders.AzureEntraID), inputs: AzureEntraIDSchema }) ]); export type TDynamicSecretProvider = z.infer; From 0edda4402212caedfa276c2b5ebf52108afbcf67 Mon Sep 17 00:00:00 2001 From: Maidul Islam Date: Mon, 23 Sep 2024 21:03:12 +0000 Subject: [PATCH 27/28] update set token method docs --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 68f2ca3..126ff84 100644 --- a/README.md +++ b/README.md @@ -57,7 +57,9 @@ await client.auth().universalAuth.login({ - `clientSecret` (string): The client secret of your Machine Identity. -#### Plain Access Token +#### Manually set access token +By default, when you run a successful `.login()` method call, the access token returned will be auto set for the client instance. However, if you wish to set the access token manually, you may use this method. + ```typescript client.auth().accessToken("") ``` From 24aaedd14f0b66b6d003692e68d26b95d3644fa0 Mon Sep 17 00:00:00 2001 From: Daniel Hougaard Date: Tue, 24 Sep 2024 01:06:58 +0400 Subject: [PATCH 28/28] Update README.md --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 68f2ca3..1af319b 100644 --- a/README.md +++ b/README.md @@ -80,7 +80,6 @@ await client.auth().awsIamAuth.login({ **Parameters:** - `options` (object): - `identityId` (string): The ID of your identity - - `clientSecret` (string): The client secret of your Machine Identity. ### `secrets`