diff --git a/src/custom/dynamic-secrets.ts b/src/custom/dynamic-secrets.ts index 69da766..466f04e 100644 --- a/src/custom/dynamic-secrets.ts +++ b/src/custom/dynamic-secrets.ts @@ -9,6 +9,7 @@ import type { } from "../infisicalapi_client"; import type { TDynamicSecretProvider } from "./schemas/dynamic-secrets"; +import { newInfisicalError } from "./errors"; type CreateDynamicSecretOptions = Omit & { provider: TDynamicSecretProvider; @@ -23,67 +24,87 @@ export default class DynamicSecretsClient { } async create(options: CreateDynamicSecretOptions) { - const res = await this.#apiInstance.apiV1DynamicSecretsPost( - { - apiV1DynamicSecretsPostRequest: options as DefaultApiApiV1DynamicSecretsPostRequest["apiV1DynamicSecretsPostRequest"] - }, - this.#requestOptions - ); - - return res.data.dynamicSecret; - } - - async delete(dynamicSecretName: string, options: DefaultApiApiV1DynamicSecretsNameDeleteRequest["apiV1DynamicSecretsNameDeleteRequest"]) { - const res = await this.#apiInstance.apiV1DynamicSecretsNameDelete( - { - name: dynamicSecretName, - apiV1DynamicSecretsNameDeleteRequest: options - }, - this.#requestOptions - ); - - return res.data.dynamicSecret; - } - - leases = { - create: async (options: DefaultApiApiV1DynamicSecretsLeasesPostRequest["apiV1DynamicSecretsLeasesPostRequest"]) => { - const res = await this.#apiInstance.apiV1DynamicSecretsLeasesPost( + try { + const res = await this.#apiInstance.apiV1DynamicSecretsPost( { - apiV1DynamicSecretsLeasesPostRequest: options + apiV1DynamicSecretsPostRequest: options as DefaultApiApiV1DynamicSecretsPostRequest["apiV1DynamicSecretsPostRequest"] }, this.#requestOptions ); - return res.data; + return res.data.dynamicSecret; + } catch (err) { + throw newInfisicalError(err); + } + } + + async delete(dynamicSecretName: string, options: DefaultApiApiV1DynamicSecretsNameDeleteRequest["apiV1DynamicSecretsNameDeleteRequest"]) { + try { + const res = await this.#apiInstance.apiV1DynamicSecretsNameDelete( + { + name: dynamicSecretName, + apiV1DynamicSecretsNameDeleteRequest: options + }, + this.#requestOptions + ); + + return res.data.dynamicSecret; + } catch (err) { + throw newInfisicalError(err); + } + } + + leases = { + create: async (options: DefaultApiApiV1DynamicSecretsLeasesPostRequest["apiV1DynamicSecretsLeasesPostRequest"]) => { + try { + const res = await this.#apiInstance.apiV1DynamicSecretsLeasesPost( + { + apiV1DynamicSecretsLeasesPostRequest: options + }, + this.#requestOptions + ); + + return res.data; + } catch (err) { + throw newInfisicalError(err); + } }, delete: async ( leaseId: string, options: DefaultApiApiV1DynamicSecretsLeasesLeaseIdDeleteRequest["apiV1DynamicSecretsLeasesLeaseIdDeleteRequest"] ) => { - const res = await this.#apiInstance.apiV1DynamicSecretsLeasesLeaseIdDelete( - { - leaseId: leaseId, - apiV1DynamicSecretsLeasesLeaseIdDeleteRequest: options - }, - this.#requestOptions - ); + try { + const res = await this.#apiInstance.apiV1DynamicSecretsLeasesLeaseIdDelete( + { + leaseId: leaseId, + apiV1DynamicSecretsLeasesLeaseIdDeleteRequest: options + }, + this.#requestOptions + ); - return res.data; + return res.data; + } catch (err) { + throw newInfisicalError(err); + } }, renew: async ( leaseId: string, options: DefaultApiApiV1DynamicSecretsLeasesLeaseIdRenewPostRequest["apiV1DynamicSecretsLeasesLeaseIdRenewPostRequest"] ) => { - const res = await this.#apiInstance.apiV1DynamicSecretsLeasesLeaseIdRenewPost( - { - leaseId: leaseId, - apiV1DynamicSecretsLeasesLeaseIdRenewPostRequest: options - }, - this.#requestOptions - ); + try { + const res = await this.#apiInstance.apiV1DynamicSecretsLeasesLeaseIdRenewPost( + { + leaseId: leaseId, + apiV1DynamicSecretsLeasesLeaseIdRenewPostRequest: options + }, + this.#requestOptions + ); - return res.data; + return res.data; + } catch (err) { + throw newInfisicalError(err); + } } }; } diff --git a/src/custom/schemas/dynamic-secrets.ts b/src/custom/schemas/dynamic-secrets.ts index 5822caf..31ac3f6 100644 --- a/src/custom/schemas/dynamic-secrets.ts +++ b/src/custom/schemas/dynamic-secrets.ts @@ -165,6 +165,17 @@ export const AzureEntraIDSchema = z.object({ clientSecret: z.string().trim().min(1) }); +export const LdapSchema = z.object({ + url: z.string().trim().min(1), + binddn: z.string().trim().min(1), + bindpass: z.string().trim().min(1), + ca: z.string().optional(), + + creationLdif: z.string().min(1), + revocationLdif: z.string().min(1), + rollbackLdif: z.string().optional() +}); + export enum DynamicSecretProviders { SqlDatabase = "sql-database", Cassandra = "cassandra", @@ -175,7 +186,8 @@ export enum DynamicSecretProviders { ElasticSearch = "elastic-search", MongoDB = "mongo-db", RabbitMq = "rabbit-mq", - AzureEntraID = "azure-entra-id" + AzureEntraID = "azure-entra-id", + Ldap = "ldap" } export const DynamicSecretProviderSchema = z.discriminatedUnion("type", [ @@ -188,7 +200,8 @@ export const DynamicSecretProviderSchema = z.discriminatedUnion("type", [ z.object({ type: z.literal(DynamicSecretProviders.ElasticSearch), inputs: DynamicSecretElasticSearchSchema }), z.object({ type: z.literal(DynamicSecretProviders.MongoDB), inputs: DynamicSecretMongoDBSchema }), z.object({ type: z.literal(DynamicSecretProviders.RabbitMq), inputs: DynamicSecretRabbitMqSchema }), - z.object({ type: z.literal(DynamicSecretProviders.AzureEntraID), inputs: AzureEntraIDSchema }) + z.object({ type: z.literal(DynamicSecretProviders.AzureEntraID), inputs: AzureEntraIDSchema }), + z.object({ type: z.literal(DynamicSecretProviders.Ldap), inputs: LdapSchema }) ]); export type TDynamicSecretProvider = z.infer; diff --git a/src/custom/util.ts b/src/custom/util.ts index bb6cd67..6a6ccc8 100644 --- a/src/custom/util.ts +++ b/src/custom/util.ts @@ -1,6 +1,7 @@ import axios from "axios"; import { AWS_IDENTITY_DOCUMENT_URI, AWS_TOKEN_METADATA_URI } from "./constants"; import AWS from "aws-sdk"; +import { InfisicalSDKError } from "./errors"; export const getAwsRegion = async () => { const region = process.env.AWS_REGION; // Typically found in lambda runtime environment @@ -36,13 +37,13 @@ export const performAwsIamLogin = async (region: string) => { region }); - const creds = await new Promise<{ sessionToken?: string; accessKeyId: string; secretAccessKey: string }>((resolve, reject) => { + await new Promise<{ sessionToken?: string; accessKeyId: string; secretAccessKey: string }>((resolve, reject) => { AWS.config.getCredentials((err, res) => { if (err) { throw err; } else { if (!res) { - throw new Error("Credentials not found"); + throw new InfisicalSDKError("Credentials not found"); } return resolve(res); } diff --git a/src/index.ts b/src/index.ts index 32d8711..5359b8a 100644 --- a/src/index.ts +++ b/src/index.ts @@ -38,7 +38,7 @@ class InfisicalSDK { }) ); - this.#authClient = new AuthClient(this.authenticate.bind(this), this.#apiInstance, this.#basePath); + this.#authClient = new AuthClient(this.authenticate.bind(this), this.#apiInstance); this.#dynamicSecretsClient = new DynamicSecretsClient(this.#apiInstance, this.#requestOptions); this.#secretsClient = new SecretsClient(this.#apiInstance, this.#requestOptions); this.rest = () => buildRestClient(this.#apiInstance, this.#requestOptions); @@ -61,7 +61,7 @@ class InfisicalSDK { this.rest = () => buildRestClient(this.#apiInstance, this.#requestOptions); this.#secretsClient = new SecretsClient(this.#apiInstance, this.#requestOptions); this.#dynamicSecretsClient = new DynamicSecretsClient(this.#apiInstance, this.#requestOptions); - this.#authClient = new AuthClient(this.authenticate.bind(this), this.#apiInstance, this.#basePath); + this.#authClient = new AuthClient(this.authenticate.bind(this), this.#apiInstance, accessToken); return this; }