nix/infisical-node-sdk
1
0
Fork 0
Code Issues Pull Requests Activity

Update dynamic-secrets.ts

Browse Source
This commit is contained in:
Daniel Hougaard
2025-01-27 16:18:28 +01:00
parent 3d0bf80ec0
commit 737a3a4125
1 changed files with 81 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

81
src/custom/schemas/dynamic-secrets.ts
View File

@@ -4,7 +4,8 @@ export enum SqlProviders {
Postgres = "postgres", Postgres = "postgres",
MySQL = "mysql2", MySQL = "mysql2",
Oracle = "oracledb", Oracle = "oracledb",
MsSQL = "mssql" MsSQL = "mssql",
SapAse = "sap-ase"
} }
export enum ElasticSearchAuthTypes { export enum ElasticSearchAuthTypes {
@@ -12,6 +13,22 @@ export enum ElasticSearchAuthTypes {
ApiKey = "api-key" ApiKey = "api-key"
} }
export enum LdapCredentialType {
Dynamic = "dynamic",
Static = "static"
}
export enum TotpConfigType {
URL = "url",
MANUAL = "manual"
}
export enum TotpAlgorithm {
SHA1 = "sha1",
SHA256 = "sha256",
SHA512 = "sha512"
}
const DynamicSecretRedisDBSchema = z.object({ const DynamicSecretRedisDBSchema = z.object({
host: z.string().trim().toLowerCase(), host: z.string().trim().toLowerCase(),
port: z.number(), port: z.number(),
@@ -102,6 +119,16 @@ const DynamicSecretCassandraSchema = z.object({
ca: z.string().optional() ca: z.string().optional()
}); });
const DynamicSecretSapAseSchema = z.object({
host: z.string().trim().toLowerCase(),
port: z.number(),
database: z.string().trim(),
username: z.string().trim(),
password: z.string().trim(),
creationStatement: z.string().trim(),
revocationStatement: z.string().trim()
});
const DynamicSecretAwsIamSchema = z.object({ const DynamicSecretAwsIamSchema = z.object({
accessKey: z.string().trim().min(1), accessKey: z.string().trim().min(1),
secretAccessKey: z.string().trim().min(1), secretAccessKey: z.string().trim().min(1),
@@ -186,16 +213,54 @@ const AzureEntraIDSchema = z.object({
clientSecret: z.string().trim().min(1) clientSecret: z.string().trim().min(1)
}); });
const LdapSchema = z.object({ const LdapSchema = z.union([
z.object({
url: z.string().trim().min(1), url: z.string().trim().min(1),
binddn: z.string().trim().min(1), binddn: z.string().trim().min(1),
bindpass: z.string().trim().min(1), bindpass: z.string().trim().min(1),
ca: z.string().optional(), ca: z.string().optional(),
credentialType: z.literal(LdapCredentialType.Dynamic).optional().default(LdapCredentialType.Dynamic),
creationLdif: z.string().min(1), creationLdif: z.string().min(1),
revocationLdif: z.string().min(1), revocationLdif: z.string().min(1),
rollbackLdif: z.string().optional() rollbackLdif: z.string().optional()
}); }),
z.object({
url: z.string().trim().min(1),
binddn: z.string().trim().min(1),
bindpass: z.string().trim().min(1),
ca: z.string().optional(),
credentialType: z.literal(LdapCredentialType.Static),
rotationLdif: z.string().min(1)
})
]);
const DynamicSecretTotpSchema = z.discriminatedUnion("configType", [
z.object({
configType: z.literal(TotpConfigType.URL),
url: z
.string()
.url()
.trim()
.min(1)
.refine(val => {
const urlObj = new URL(val);
const secret = urlObj.searchParams.get("secret");
return Boolean(secret);
}, "OTP URL must contain secret field")
}),
z.object({
configType: z.literal(TotpConfigType.MANUAL),
secret: z
.string()
.trim()
.min(1)
.transform(val => val.replace(/\s+/g, "")),
period: z.number().optional(),
algorithm: z.nativeEnum(TotpAlgorithm).optional(),
digits: z.number().optional()
})
]);
export enum DynamicSecretProviders { export enum DynamicSecretProviders {
SqlDatabase = "sql-database", SqlDatabase = "sql-database",
@@ -210,12 +275,15 @@ export enum DynamicSecretProviders {
AzureEntraID = "azure-entra-id", AzureEntraID = "azure-entra-id",
Ldap = "ldap", Ldap = "ldap",
SapHana = "sap-hana", SapHana = "sap-hana",
Snowflake = "snowflake" Snowflake = "snowflake",
Totp = "totp",
SapAse = "sap-ase"
} }
const DynamicSecretProviderSchema = z.discriminatedUnion("type", [ const DynamicSecretProviderSchema = z.discriminatedUnion("type", [
z.object({ type: z.literal(DynamicSecretProviders.SqlDatabase), inputs: DynamicSecretSqlDBSchema }), z.object({ type: z.literal(DynamicSecretProviders.SqlDatabase), inputs: DynamicSecretSqlDBSchema }),
z.object({ type: z.literal(DynamicSecretProviders.Cassandra), inputs: DynamicSecretCassandraSchema }), z.object({ type: z.literal(DynamicSecretProviders.Cassandra), inputs: DynamicSecretCassandraSchema }),
z.object({ type: z.literal(DynamicSecretProviders.SapAse), inputs: DynamicSecretSapAseSchema }),
z.object({ type: z.literal(DynamicSecretProviders.AwsIam), inputs: DynamicSecretAwsIamSchema }), z.object({ type: z.literal(DynamicSecretProviders.AwsIam), inputs: DynamicSecretAwsIamSchema }),
z.object({ type: z.literal(DynamicSecretProviders.Redis), inputs: DynamicSecretRedisDBSchema }), z.object({ type: z.literal(DynamicSecretProviders.Redis), inputs: DynamicSecretRedisDBSchema }),
z.object({ type: z.literal(DynamicSecretProviders.SapHana), inputs: DynamicSecretSapHanaSchema }), z.object({ type: z.literal(DynamicSecretProviders.SapHana), inputs: DynamicSecretSapHanaSchema }),
@@ -226,7 +294,8 @@ const DynamicSecretProviderSchema = z.discriminatedUnion("type", [
z.object({ type: z.literal(DynamicSecretProviders.RabbitMq), inputs: DynamicSecretRabbitMqSchema }), z.object({ type: z.literal(DynamicSecretProviders.RabbitMq), inputs: DynamicSecretRabbitMqSchema }),
z.object({ type: z.literal(DynamicSecretProviders.AzureEntraID), inputs: AzureEntraIDSchema }), z.object({ type: z.literal(DynamicSecretProviders.AzureEntraID), inputs: AzureEntraIDSchema }),
z.object({ type: z.literal(DynamicSecretProviders.Ldap), inputs: LdapSchema }), z.object({ type: z.literal(DynamicSecretProviders.Ldap), inputs: LdapSchema }),
z.object({ type: z.literal(DynamicSecretProviders.Snowflake), inputs: DynamicSecretSnowflakeSchema }) z.object({ type: z.literal(DynamicSecretProviders.Snowflake), inputs: DynamicSecretSnowflakeSchema }),
z.object({ type: z.literal(DynamicSecretProviders.Totp), inputs: DynamicSecretTotpSchema })
]); ]);
export type TDynamicSecretProvider = z.infer<typeof DynamicSecretProviderSchema>; export type TDynamicSecretProvider = z.infer<typeof DynamicSecretProviderSchema>;