js-node-hashicorp-vault
Version:
NodeJS Vault Provider
179 lines • 7.27 kB
JavaScript
"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || (function () {
var ownKeys = function(o) {
ownKeys = Object.getOwnPropertyNames || function (o) {
var ar = [];
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
return ar;
};
return ownKeys(o);
};
return function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
__setModuleDefault(result, mod);
return result;
};
})();
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.VaultProvider = exports.VaultAccessError = exports.RequiredVaultOptionsMissing = void 0;
const js_node_errors_1 = __importStar(require("js-node-errors"));
const js_node_logger_1 = require("js-node-logger");
const http_status_1 = __importDefault(require("http-status"));
const node_vault_1 = __importDefault(require("node-vault"));
class RequiredVaultOptionsMissing extends js_node_errors_1.default {
constructor() {
super(`Vault Provider Required Options are missing`, {
status: http_status_1.default.INTERNAL_SERVER_ERROR,
isPublic: true,
});
}
}
exports.RequiredVaultOptionsMissing = RequiredVaultOptionsMissing;
class VaultAccessError extends js_node_errors_1.default {
constructor(error) {
super('Vault access failed. We are working on fixing this issue.', {
status: http_status_1.default.SERVICE_UNAVAILABLE,
isPublic: true,
code: 'error.vault.not-accessible',
}, error);
}
}
exports.VaultAccessError = VaultAccessError;
class VaultProvider {
constructor(options, loggerConfig) {
this.options = options;
this.logger = loggerConfig ? (0, js_node_logger_1.getLogger)(loggerConfig) : undefined;
}
initialize() {
return __awaiter(this, void 0, void 0, function* () {
var _a;
this.client = (0, node_vault_1.default)({
endpoint: this.options.vaultAddr,
});
if (this.options.vaultAuthType !== 'token') {
yield this.vaultAuth();
}
(_a = this.logger) === null || _a === void 0 ? void 0 : _a.info(`Vault is successfully configured with address: ${this.options.vaultAddr} and auth type: ${this.options.vaultAuthType}`);
});
}
write(entityId, value) {
return __awaiter(this, void 0, void 0, function* () {
try {
return this.client.write(`${this.options.vaultSecretPath}/${entityId}`, { data: { value } });
}
catch (err) {
let shouldRedoOperation = this.handleError(err, entityId);
if (shouldRedoOperation) {
return yield this.write(entityId, value);
}
}
});
}
read(entityId) {
return __awaiter(this, void 0, void 0, function* () {
try {
const response = yield this.client.read(`${this.options.vaultSecretPath}/${entityId}`);
return response.data.data.value;
}
catch (err) {
let shouldRedoOperation = this.handleError(err, entityId);
if (shouldRedoOperation) {
return yield this.read(entityId);
}
}
});
}
delete(entityId) {
return __awaiter(this, void 0, void 0, function* () {
try {
return this.client.delete(`${this.options.vaultSecretPath}/${entityId}`);
}
catch (err) {
let shouldRedoOperation = this.handleError(err, entityId);
if (shouldRedoOperation) {
return yield this.delete(entityId);
}
}
});
}
handleError(err, entityId) {
if (err.message === 'Status 404') {
throw new js_node_errors_1.ResourceNotFoundError(entityId, err);
}
if (err.name === 'RequestError') {
throw new VaultAccessError(err);
}
console.log(err.name);
if (err.name == 'permission denied') {
this.initialize();
return true;
}
else {
throw err;
}
}
vaultAuth() {
return __awaiter(this, void 0, void 0, function* () {
var _a, _b;
if (this.options.vaultAuthType === 'ldap') {
try {
const login = yield this.client.ldapLogin({
username: this.options.vaultUser,
password: this.options.vaultPassword,
});
return login;
}
catch (err) {
(_a = this.logger) === null || _a === void 0 ? void 0 : _a.error(`Vault authentication error ${err}`);
throw err;
}
}
else {
try {
const login = yield this.client.userpassLogin({
username: this.options.vaultUser,
password: this.options.vaultPassword,
});
return login;
}
catch (err) {
(_b = this.logger) === null || _b === void 0 ? void 0 : _b.error(`Vault authentication error ${err}`);
throw err;
}
}
});
}
}
exports.VaultProvider = VaultProvider;
exports.default = VaultProvider;
//# sourceMappingURL=index.js.map