UNPKG

@confluentinc/schemaregistry

Version:

Node.js client for Confluent Schema Registry

github.com/confluentinc/confluent-kafka-javascript

confluentinc/confluent-kafka-javascript

71 lines (70 loc) 2.98 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.AwsKmsDriver = void 0; const kms_registry_1 = require("../kms-registry"); const aws_client_1 = require("./aws-client"); const credential_providers_1 = require("@aws-sdk/credential-providers"); class AwsKmsDriver { /** * Register the AWS KMS driver with the KMS registry. */ static register() { (0, kms_registry_1.registerKmsDriver)(new AwsKmsDriver()); } getKeyUrlPrefix() { return AwsKmsDriver.PREFIX; } newKmsClient(config, keyUrl) { const uriPrefix = keyUrl != null ? keyUrl : AwsKmsDriver.PREFIX; const key = config.get(AwsKmsDriver.ACCESS_KEY_ID); const secret = config.get(AwsKmsDriver.SECRET_ACCESS_KEY); const profile = config.get(AwsKmsDriver.PROFILE); let roleArn = config.get(AwsKmsDriver.ROLE_ARN); if (roleArn == null) { roleArn = process.env['AWS_ROLE_ARN']; } let roleSessionName = config.get(AwsKmsDriver.ROLE_SESSION_NAME); if (roleSessionName == null) { roleSessionName = process.env['AWS_ROLE_SESSION_NAME']; } let roleExternalId = config.get(AwsKmsDriver.ROLE_EXTERNAL_ID); if (roleExternalId == null) { roleExternalId = process.env['AWS_ROLE_EXTERNAL_ID']; } let roleWebIdentityTokenFile = process.env['AWS_WEB_IDENTITY_TOKEN_FILE']; let creds; if (key != null && secret != null) { creds = { accessKeyId: key, secretAccessKey: secret }; } else if (profile != null) { creds = (0, credential_providers_1.fromIni)({ profile }); } // If roleWebIdentityTokenFile is set, use the DefaultCredentialsProvider if (roleArn != null && roleWebIdentityTokenFile == null) { let keyId = uriPrefix.substring(AwsKmsDriver.PREFIX.length); const tokens = keyId.split(':'); if (tokens.length < 4) { throw new Error(`invalid key uri ${keyId}`); } const regionName = tokens[3]; creds = (0, credential_providers_1.fromTemporaryCredentials)({ ...creds && { masterCredentials: creds }, params: { RoleArn: roleArn, RoleSessionName: roleSessionName ?? "confluent-encrypt", ...roleExternalId && { ExternalId: roleExternalId }, }, clientConfig: { region: regionName }, }); } return new aws_client_1.AwsKmsClient(uriPrefix, creds); } } exports.AwsKmsDriver = AwsKmsDriver; AwsKmsDriver.PREFIX = 'aws-kms://'; AwsKmsDriver.ACCESS_KEY_ID = 'access.key.id'; AwsKmsDriver.SECRET_ACCESS_KEY = 'secret.access.key'; AwsKmsDriver.PROFILE = 'profile'; AwsKmsDriver.ROLE_ARN = 'role.arn'; AwsKmsDriver.ROLE_SESSION_NAME = 'role.session.name'; AwsKmsDriver.ROLE_EXTERNAL_ID = 'role.external.id';