Update dynamic-secrets.ts

2024-09-20 19:31:32 +04:00
parent 5329406e28
commit 4c7babd167
1 changed files with 101 additions and 3 deletions
--- a/src/custom/schemas/dynamic-secrets.ts
+++ b/src/custom/schemas/dynamic-secrets.ts
@@ -7,12 +7,16 @@ export enum SqlProviders {
 	MsSQL = "mssql"
 }

+export enum ElasticSearchAuthTypes {
+	User = "user",
+	ApiKey = "api-key"
+}
+
 export const DynamicSecretRedisDBSchema = z.object({
 	host: z.string().trim().toLowerCase(),
 	port: z.number(),
 	username: z.string().trim(), // this is often "default".
 	password: z.string().trim().optional(),
-
 	creationStatement: z.string().trim(),
 	revocationStatement: z.string().trim(),
 	renewStatement: z.string().trim().optional(),
@@ -30,6 +34,48 @@ export const DynamicSecretAwsElastiCacheSchema = z.object({
 	ca: z.string().optional()
 });

+export const DynamicSecretElasticSearchSchema = z.object({
+	host: z.string().trim().min(1),
+	port: z.number(),
+	roles: z.array(z.string().trim().min(1)).min(1),
+
+	// two auth types "user, apikey"
+	auth: z.discriminatedUnion("type", [
+		z.object({
+			type: z.literal(ElasticSearchAuthTypes.User),
+			username: z.string().trim(),
+			password: z.string().trim()
+		}),
+		z.object({
+			type: z.literal(ElasticSearchAuthTypes.ApiKey),
+			apiKey: z.string().trim(),
+			apiKeyId: z.string().trim()
+		})
+	]),
+
+	ca: z.string().optional()
+});
+
+export const DynamicSecretRabbitMqSchema = z.object({
+	host: z.string().trim().min(1),
+	port: z.number(),
+	tags: z.array(z.string().trim()).default([]),
+
+	username: z.string().trim().min(1),
+	password: z.string().trim().min(1),
+
+	ca: z.string().optional(),
+
+	virtualHost: z.object({
+		name: z.string().trim().min(1),
+		permissions: z.object({
+			read: z.string().trim().min(1),
+			write: z.string().trim().min(1),
+			configure: z.string().trim().min(1)
+		})
+	})
+});
+
 export const DynamicSecretSqlDBSchema = z.object({
 	client: z.nativeEnum(SqlProviders),
 	host: z.string().trim().toLowerCase(),
@@ -67,12 +113,60 @@ export const DynamicSecretAwsIamSchema = z.object({
 	policyArns: z.string().trim().optional()
 });

+export const DynamicSecretMongoAtlasSchema = z.object({
+	adminPublicKey: z.string().trim().min(1).describe("Admin user public api key"),
+	adminPrivateKey: z.string().trim().min(1).describe("Admin user private api key"),
+	groupId: z.string().trim().min(1).describe("Unique 24-hexadecimal digit string that identifies your project. This is same as project id"),
+	roles: z
+		.object({
+			collectionName: z.string().optional().describe("Collection on which this role applies."),
+			databaseName: z.string().min(1).describe("Database to which the user is granted access privileges."),
+			roleName: z
+				.string()
+				.min(1)
+				.describe(
+					' Enum: "atlasAdmin" "backup" "clusterMonitor" "dbAdmin" "dbAdminAnyDatabase" "enableSharding" "read" "readAnyDatabase" "readWrite" "readWriteAnyDatabase" "<a custom role name>".Human-readable label that identifies a group of privileges assigned to a database user. This value can either be a built-in role or a custom role.'
+				)
+		})
+		.array()
+		.min(1),
+	scopes: z
+		.object({
+			name: z
+				.string()
+				.min(1)
+				.describe("Human-readable label that identifies the cluster or MongoDB Atlas Data Lake that this database user can access."),
+			type: z.string().min(1).describe("Category of resource that this database user can access. Enum: CLUSTER, DATA_LAKE, STREAM")
+		})
+		.array()
+});
+
+export const DynamicSecretMongoDBSchema = z.object({
+	host: z.string().min(1).trim().toLowerCase(),
+	port: z.number().optional(),
+	username: z.string().min(1).trim(),
+	password: z.string().min(1).trim(),
+	database: z.string().min(1).trim(),
+	ca: z.string().min(1).optional(),
+	roles: z
+		.string()
+		.array()
+		.min(1)
+		.describe(
+			'Enum: "atlasAdmin" "backup" "clusterMonitor" "dbAdmin" "dbAdminAnyDatabase" "enableSharding" "read" "readAnyDatabase" "readWrite" "readWriteAnyDatabase" "<a custom role name>".Human-readable label that identifies a group of privileges assigned to a database user. This value can either be a built-in role or a custom role.'
+		)
+});
+
 export enum DynamicSecretProviders {
 	SqlDatabase = "sql-database",
 	Cassandra = "cassandra",
 	AwsIam = "aws-iam",
 	Redis = "redis",
-	AwsElastiCache = "aws-elasticache"
+	AwsElastiCache = "aws-elasticache",
+	MongoAtlas = "mongo-db-atlas",
+	ElasticSearch = "elastic-search",
+	MongoDB = "mongo-db",
+	RabbitMq = "rabbit-mq"
 }

 export const DynamicSecretProviderSchema = z.discriminatedUnion("type", [
@@ -80,7 +174,11 @@ export const DynamicSecretProviderSchema = z.discriminatedUnion("type", [
 	z.object({ type: z.literal(DynamicSecretProviders.Cassandra), inputs: DynamicSecretCassandraSchema }),
 	z.object({ type: z.literal(DynamicSecretProviders.AwsIam), inputs: DynamicSecretAwsIamSchema }),
 	z.object({ type: z.literal(DynamicSecretProviders.Redis), inputs: DynamicSecretRedisDBSchema }),
-	z.object({ type: z.literal(DynamicSecretProviders.AwsElastiCache), inputs: DynamicSecretAwsElastiCacheSchema })
+	z.object({ type: z.literal(DynamicSecretProviders.AwsElastiCache), inputs: DynamicSecretAwsElastiCacheSchema }),
+	z.object({ type: z.literal(DynamicSecretProviders.MongoAtlas), inputs: DynamicSecretMongoAtlasSchema }),
+	z.object({ type: z.literal(DynamicSecretProviders.ElasticSearch), inputs: DynamicSecretElasticSearchSchema }),
+	z.object({ type: z.literal(DynamicSecretProviders.MongoDB), inputs: DynamicSecretMongoDBSchema }),
+	z.object({ type: z.literal(DynamicSecretProviders.RabbitMq), inputs: DynamicSecretRabbitMqSchema })
 ]);

 export type TDynamicSecretProvider = z.infer<typeof DynamicSecretProviderSchema>;