node-vault-client
Advanced tools
node-vault-client - npm Package Compare versions
Comparing version 0.2.0 to 0.3.0
| { | ||
| "name": "node-vault-client", | ||
| "version": "0.2.0", | ||
| "version": "0.3.0", | ||
| "description": "", | ||
@@ -26,2 +26,3 @@ "engines": { | ||
| "long-timeout": "^0.1.1", | ||
| "pretty-ms": "^2.1.0", | ||
| "request": "^2.81.0", | ||
@@ -37,10 +38,10 @@ "request-promise": "^4.2.0", | ||
| "autochecker": "^0.9.2", | ||
| "aws-sdk": "^2.67.0", | ||
| "chai": "^3.5.0", | ||
| "co-mocha": "^1.2.0", | ||
| "deep-freeze": "^0.0.1", | ||
| "mocha": "^3.2.0", | ||
| "sinon": "^2.3.4", | ||
| "sinon-chai": "^2.11.0", | ||
| "mocha": "^3.2.0", | ||
| "aws-sdk": "^2.67.0" | ||
| "sinon-chai": "^2.11.0" | ||
| } | ||
| } |
@@ -8,3 +8,2 @@ 'use strict'; | ||
| /** | ||
| * | ||
| * @param {VaultApiClient} apiClient - see {@link VaultBaseAuth#constructor} | ||
@@ -24,2 +23,6 @@ * @param {Object} config | ||
| _authenticate() { | ||
| this._log.info( | ||
| 'making authentication request: role_id=%s', | ||
| this.__roleId | ||
| ); | ||
| return this.__apiClient.makeRequest('POST', `/auth/${this._mount}/login`, { | ||
@@ -29,2 +32,6 @@ role_id: this.__roleId, | ||
| }).then(res => { | ||
| this._log.debug( | ||
| 'receive token: %s', | ||
| res.auth.client_token | ||
| ); | ||
| return this._getTokenEntity(res.auth.client_token); | ||
@@ -31,0 +38,0 @@ }); |
| 'use strict'; | ||
| const lt = require('long-timeout'); | ||
| const prettyMs = require('pretty-ms'); | ||
| const AuthToken = require('./AuthToken'); | ||
@@ -35,2 +35,3 @@ const errors = require('../errors'); | ||
| getAuthToken() { | ||
| this._log.info('getting auth token (mount=%s)', this._mount); | ||
| if (this.__authToken === null || (this.__authToken instanceof AuthToken && this.__authToken.isExpired() && this._reauthenticationAllowed())) { | ||
@@ -44,3 +45,9 @@ if (this.__authToken !== null && this.__authToken.isExpired() && !this._reauthenticationAllowed()) { | ||
| this.__setupTokenRefreshTimer(this.__authToken); | ||
| if (this.__authToken.isRenewable()) { | ||
| this._log.debug( | ||
| 'setting refresh timer for token %s', | ||
| authToken.getId() | ||
| ); | ||
| this.__setupTokenRefreshTimer(this.__authToken); | ||
| } | ||
@@ -57,2 +64,3 @@ return this.__authToken; | ||
| this._log.debug('token already exist'); | ||
| return Promise.resolve(this.__authToken); | ||
@@ -66,5 +74,6 @@ } | ||
| _getTokenEntity(tokenId) { | ||
| return this.__apiClient.makeRequest('GET', '/auth/token/lookup-self', null, {'X-Vault-Token': tokenId}).then(res => { | ||
| return AuthToken.fromResponse(res); | ||
| }); | ||
| return this.__apiClient.makeRequest('GET', '/auth/token/lookup-self', null, {'X-Vault-Token': tokenId}) | ||
| .then(res => { | ||
| return AuthToken.fromResponse(res); | ||
| }); | ||
| } | ||
@@ -94,2 +103,3 @@ | ||
| const timer = Math.max((authToken.getExpiresAt() - Math.floor(Date.now() / 1000)) / 2, 1) * 1000; | ||
@@ -106,3 +116,8 @@ this.__refreshTimeout = lt.setTimeout(() => { | ||
| }); | ||
| }, Math.max((authToken.getExpiresAt() - Math.floor(Date.now() / 1000)) / 2, 1) * 1000); | ||
| }, timer); | ||
| this._log.debug( | ||
| 'sleeping for %s', | ||
| prettyMs(timer) | ||
| ); | ||
| } | ||
@@ -116,9 +131,16 @@ | ||
| __renewToken(authToken) { | ||
| return this.__apiClient.makeRequest('POST', '/auth/token/renew-self', null, {'X-Vault-Token': authToken.getId()}).then(() => { | ||
| return this._getTokenEntity(authToken.getId()); | ||
| }); | ||
| this._log.debug('renewing vault token'); | ||
| return this.__apiClient.makeRequest('POST', '/auth/token/renew-self', null, {'X-Vault-Token': authToken.getId()}) | ||
| .then(() => { | ||
| this._log.info('successfully renewed token'); | ||
| return this._getTokenEntity(authToken.getId()); | ||
| }) | ||
| .catch((reason) => { | ||
| this._log.error('token renew failed: %s', reason.message); | ||
| throw reason; | ||
| }); | ||
| } | ||
| } | ||
| module.exports = VaultBaseAuth; |
@@ -76,2 +76,7 @@ 'use strict'; | ||
| _authenticate() { | ||
| this._log.info( | ||
| 'making authentication request: role=%s', | ||
| this.__role | ||
| ); | ||
| return Promise.resolve() | ||
@@ -86,3 +91,9 @@ .then(() => this.__getCredentials()) | ||
| }) | ||
| .then((response) => this._getTokenEntity(response.auth.client_token)) | ||
| .then((response) => { | ||
| this._log.debug( | ||
| 'receive token: %s', | ||
| response.auth.client_token | ||
| ); | ||
| return this._getTokenEntity(response.auth.client_token) | ||
| }) | ||
| } | ||
@@ -89,0 +100,0 @@ |
@@ -13,7 +13,10 @@ 'use strict'; | ||
| * @param {String} [config.apiVersion='v1'] | ||
| * @param {Object} logger | ||
| */ | ||
| constructor(config) { | ||
| constructor(config, logger) { | ||
| this.__config = _.defaultsDeep(_.cloneDeep(config), { | ||
| apiVersion: 'v1', | ||
| }); | ||
| this._logger = logger; | ||
| } | ||
@@ -35,3 +38,17 @@ | ||
| return rp(requestOptions); | ||
| this._logger.debug( | ||
| 'making request: %s %s', | ||
| requestOptions.method, | ||
| requestOptions.uri | ||
| ); | ||
| return rp(requestOptions) | ||
| .then((response) => { | ||
| this._logger.debug('%s %s response body:\n%s', | ||
| requestOptions.method, | ||
| requestOptions.uri, | ||
| JSON.stringify(response, null, ' ') | ||
| ); | ||
| return response; | ||
| }); | ||
| } | ||
@@ -38,0 +55,0 @@ } |
| 'use strict'; | ||
| const _ = require('lodash'); | ||
| const Lease = require('./Lease'); | ||
| const errors = require('./errors'); | ||
| const VaultApiClient = require('./VaultApiClient'); | ||
| const VaultAppRoleAuth = require('./auth/VaultAppRoleAuth'); | ||
| const VaultTokenAuth = require('./auth/VaultTokenAuth'); | ||
| const VaultIAMAuth = require('./auth/VaultIAMAuth'); | ||
| const VaultNodeConfig = require('./VaultNodeConfig'); | ||
| const vaultInstances = {}; | ||
@@ -32,10 +27,13 @@ | ||
| constructor(options) { | ||
| this.__api = new VaultApiClient(options.api); | ||
| this.__log = this.__setupLogger(options.logger); | ||
| this.__api = new VaultApiClient( | ||
| options.api, | ||
| this.__log | ||
| ); | ||
| /** @type {VaultBaseAuth} */ | ||
| this.__auth = this.getAuthProvider( | ||
| options.auth, | ||
| this.__api, | ||
| this.__log | ||
| this.__api | ||
| ); | ||
@@ -99,4 +97,4 @@ } | ||
| } else { | ||
| for (let k in vaultInstances){ | ||
| if (vaultInstances.hasOwnProperty(k)){ | ||
| for (let k in vaultInstances) { | ||
| if (vaultInstances.hasOwnProperty(k)) { | ||
| delete vaultInstances[k]; | ||
@@ -109,2 +107,4 @@ } | ||
| /** | ||
| * @protected | ||
| * | ||
| * @param {Object} authConfig | ||
@@ -115,7 +115,7 @@ * @param {string} authConfig.type | ||
| * @param {VaultApiClient} api | ||
| * @param {Object|false} logger | ||
| * @return {VaultBaseAuth} | ||
| */ | ||
| getAuthProvider(authConfig, api, logger) { | ||
| getAuthProvider(authConfig, api) { | ||
| this.__log.debug('creating vault auth method: "%s"', authConfig.type); | ||
| switch (authConfig.type) { | ||
@@ -125,3 +125,3 @@ case 'iam': | ||
| api, | ||
| logger, | ||
| this.__log, | ||
| authConfig.config, | ||
@@ -133,3 +133,3 @@ authConfig.mount | ||
| api, | ||
| logger, | ||
| this.__log, | ||
| authConfig.config, | ||
@@ -141,3 +141,3 @@ authConfig.mount | ||
| api, | ||
| logger, | ||
| this.__log, | ||
| authConfig.config, | ||
@@ -161,13 +161,26 @@ authConfig.mount | ||
| read(path) { | ||
| return this.__auth.getAuthToken().then(token => { | ||
| return this.__api.makeRequest('GET', path, null, {'X-Vault-Token': token.getId()}); | ||
| }).then(res => { | ||
| return Lease.fromResponse(res); | ||
| }); | ||
| this.__log.debug('read secret %s', path); | ||
| return this.__auth.getAuthToken() | ||
| .then(token => this.__api.makeRequest('GET', path, null, {'X-Vault-Token': token.getId()})) | ||
| .then(res => { | ||
| this.__log.debug('receive secret %s', path); | ||
| return Lease.fromResponse(res); | ||
| }) | ||
| .catch((reason) => { | ||
| this.__log.error('read secret failed: %s', reason.message); | ||
| throw reason; | ||
| }); | ||
| } | ||
| write(path, data) { | ||
| return this.__auth.getAuthToken().then(token => { | ||
| return this.__api.makeRequest('POST', path, data, {'X-Vault-Token': token.getId()}); | ||
| }).then(() => {}); | ||
| this.__log.debug('write secret %s', path); | ||
| return this.__auth.getAuthToken() | ||
| .then((token) => this.__api.makeRequest('POST', path, data, {'X-Vault-Token': token.getId()})) | ||
| .then(() => { | ||
| this.__log.debug('secret %s was written', path); | ||
| }) | ||
| .catch((reason) => { | ||
| this.__log.error('write secret failed: %s', reason.message); | ||
| throw reason; | ||
| }); | ||
| } | ||
@@ -178,7 +191,7 @@ | ||
| return { | ||
| error: () => {}, | ||
| warn: () => {}, | ||
| info: () => {}, | ||
| debug: () => {}, | ||
| trace: () => {}, | ||
| error: _.noop, | ||
| warn: _.noop, | ||
| info: _.noop, | ||
| debug: _.noop, | ||
| trace: _.noop, | ||
| } | ||
@@ -188,3 +201,10 @@ } else if (_.intersection(_.functionsIn(logger), ['error', 'warn', 'info', 'debug', 'trace']).length >= 5) { | ||
| } else { | ||
| return console; | ||
| return { | ||
| error: console.error, | ||
| warn: console.warn, | ||
| info: console.info, | ||
| trace: console.trace, | ||
| // avoid output sensitive information | ||
| debug: _.noop | ||
| }; | ||
| } | ||
@@ -191,0 +211,0 @@ } |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by10.91%
28081
- Lines of code
- increased by11%
787
Worsened metrics
- Dependency count
- increased by10%
11
Dependency changes
+ Addedpretty-ms@^2.1.0
+ Addedis-finite@1.1.0(transitive)
+ Addedparse-ms@1.0.1(transitive)
+ Addedplur@1.0.0(transitive)
+ Addedpretty-ms@2.1.0(transitive)