From 4c7babd1678199de9ffbde6eea6d8af4f2221be8 Mon Sep 17 00:00:00 2001 From: Daniel Hougaard Date: Fri, 20 Sep 2024 19:31:32 +0400 Subject: [PATCH] Update dynamic-secrets.ts --- src/custom/schemas/dynamic-secrets.ts | 104 +++++++++++++++++++++++++- 1 file changed, 101 insertions(+), 3 deletions(-) diff --git a/src/custom/schemas/dynamic-secrets.ts b/src/custom/schemas/dynamic-secrets.ts index edf9d05..e179e55 100644 --- a/src/custom/schemas/dynamic-secrets.ts +++ b/src/custom/schemas/dynamic-secrets.ts @@ -7,12 +7,16 @@ export enum SqlProviders { MsSQL = "mssql" } +export enum ElasticSearchAuthTypes { + User = "user", + ApiKey = "api-key" +} + export const DynamicSecretRedisDBSchema = z.object({ host: z.string().trim().toLowerCase(), port: z.number(), username: z.string().trim(), // this is often "default". password: z.string().trim().optional(), - creationStatement: z.string().trim(), revocationStatement: z.string().trim(), renewStatement: z.string().trim().optional(), @@ -30,6 +34,48 @@ export const DynamicSecretAwsElastiCacheSchema = z.object({ ca: z.string().optional() }); +export const DynamicSecretElasticSearchSchema = z.object({ + host: z.string().trim().min(1), + port: z.number(), + roles: z.array(z.string().trim().min(1)).min(1), + + // two auth types "user, apikey" + auth: z.discriminatedUnion("type", [ + z.object({ + type: z.literal(ElasticSearchAuthTypes.User), + username: z.string().trim(), + password: z.string().trim() + }), + z.object({ + type: z.literal(ElasticSearchAuthTypes.ApiKey), + apiKey: z.string().trim(), + apiKeyId: z.string().trim() + }) + ]), + + ca: z.string().optional() +}); + +export const DynamicSecretRabbitMqSchema = z.object({ + host: z.string().trim().min(1), + port: z.number(), + tags: z.array(z.string().trim()).default([]), + + username: z.string().trim().min(1), + password: z.string().trim().min(1), + + ca: z.string().optional(), + + virtualHost: z.object({ + name: z.string().trim().min(1), + permissions: z.object({ + read: z.string().trim().min(1), + write: z.string().trim().min(1), + configure: z.string().trim().min(1) + }) + }) +}); + export const DynamicSecretSqlDBSchema = z.object({ client: z.nativeEnum(SqlProviders), host: z.string().trim().toLowerCase(), @@ -67,12 +113,60 @@ export const DynamicSecretAwsIamSchema = z.object({ policyArns: z.string().trim().optional() }); +export const DynamicSecretMongoAtlasSchema = z.object({ + adminPublicKey: z.string().trim().min(1).describe("Admin user public api key"), + adminPrivateKey: z.string().trim().min(1).describe("Admin user private api key"), + groupId: z.string().trim().min(1).describe("Unique 24-hexadecimal digit string that identifies your project. This is same as project id"), + roles: z + .object({ + collectionName: z.string().optional().describe("Collection on which this role applies."), + databaseName: z.string().min(1).describe("Database to which the user is granted access privileges."), + roleName: z + .string() + .min(1) + .describe( + ' Enum: "atlasAdmin" "backup" "clusterMonitor" "dbAdmin" "dbAdminAnyDatabase" "enableSharding" "read" "readAnyDatabase" "readWrite" "readWriteAnyDatabase" "".Human-readable label that identifies a group of privileges assigned to a database user. This value can either be a built-in role or a custom role.' + ) + }) + .array() + .min(1), + scopes: z + .object({ + name: z + .string() + .min(1) + .describe("Human-readable label that identifies the cluster or MongoDB Atlas Data Lake that this database user can access."), + type: z.string().min(1).describe("Category of resource that this database user can access. Enum: CLUSTER, DATA_LAKE, STREAM") + }) + .array() +}); + +export const DynamicSecretMongoDBSchema = z.object({ + host: z.string().min(1).trim().toLowerCase(), + port: z.number().optional(), + username: z.string().min(1).trim(), + password: z.string().min(1).trim(), + database: z.string().min(1).trim(), + ca: z.string().min(1).optional(), + roles: z + .string() + .array() + .min(1) + .describe( + 'Enum: "atlasAdmin" "backup" "clusterMonitor" "dbAdmin" "dbAdminAnyDatabase" "enableSharding" "read" "readAnyDatabase" "readWrite" "readWriteAnyDatabase" "".Human-readable label that identifies a group of privileges assigned to a database user. This value can either be a built-in role or a custom role.' + ) +}); + export enum DynamicSecretProviders { SqlDatabase = "sql-database", Cassandra = "cassandra", AwsIam = "aws-iam", Redis = "redis", - AwsElastiCache = "aws-elasticache" + AwsElastiCache = "aws-elasticache", + MongoAtlas = "mongo-db-atlas", + ElasticSearch = "elastic-search", + MongoDB = "mongo-db", + RabbitMq = "rabbit-mq" } export const DynamicSecretProviderSchema = z.discriminatedUnion("type", [ @@ -80,7 +174,11 @@ export const DynamicSecretProviderSchema = z.discriminatedUnion("type", [ z.object({ type: z.literal(DynamicSecretProviders.Cassandra), inputs: DynamicSecretCassandraSchema }), z.object({ type: z.literal(DynamicSecretProviders.AwsIam), inputs: DynamicSecretAwsIamSchema }), z.object({ type: z.literal(DynamicSecretProviders.Redis), inputs: DynamicSecretRedisDBSchema }), - z.object({ type: z.literal(DynamicSecretProviders.AwsElastiCache), inputs: DynamicSecretAwsElastiCacheSchema }) + z.object({ type: z.literal(DynamicSecretProviders.AwsElastiCache), inputs: DynamicSecretAwsElastiCacheSchema }), + z.object({ type: z.literal(DynamicSecretProviders.MongoAtlas), inputs: DynamicSecretMongoAtlasSchema }), + z.object({ type: z.literal(DynamicSecretProviders.ElasticSearch), inputs: DynamicSecretElasticSearchSchema }), + z.object({ type: z.literal(DynamicSecretProviders.MongoDB), inputs: DynamicSecretMongoDBSchema }), + z.object({ type: z.literal(DynamicSecretProviders.RabbitMq), inputs: DynamicSecretRabbitMqSchema }) ]); export type TDynamicSecretProvider = z.infer;