UNPKG

js-node-hashicorp-vault

Version:

NodeJS Vault Provider

github.com/pkg-wizard/js-node-hashicorp-vault

pkg-wizard/js-node-hashicorp-vault

141 lines (124 loc) 3.98 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
import ApiError, { ResourceNotFoundError } from 'js-node-errors'; import { Config as LoggerConfig, getLogger, Logger } from 'js-node-logger'; import httpStatus from 'http-status'; import vaultClient, { client } from 'node-vault'; export interface VaultOptions { vaultAddr: string; vaultSecretPath: string; vaultAuthType: string; vaultUser: string; vaultPassword: string; } export class RequiredVaultOptionsMissing extends ApiError { constructor() { super(`Vault Provider Required Options are missing`, { status: httpStatus.INTERNAL_SERVER_ERROR, isPublic: true, }); } } export class VaultAccessError extends ApiError { constructor(error?: Error) { super( 'Vault access failed. We are working on fixing this issue.', { status: httpStatus.SERVICE_UNAVAILABLE, isPublic: true, code: 'error.vault.not-accessible', }, error, ); } } export class VaultProvider { private client!: client; private options: VaultOptions; private logger?: Logger; constructor(options: VaultOptions, loggerConfig?: LoggerConfig) { this.options = options; this.logger = loggerConfig ? getLogger(loggerConfig) : undefined; } public async initialize(): Promise<void> { this.client = vaultClient({ endpoint: this.options.vaultAddr, }); if (this.options.vaultAuthType !== 'token') { await this.vaultAuth(); } this.logger?.info( `Vault is successfully configured with address: ${this.options.vaultAddr} and auth type: ${this.options.vaultAuthType}`, ); } public async write(entityId: string, value: any): Promise<any> { try { return this.client.write(`${this.options.vaultSecretPath}/${entityId}`, { data: { value } }); } catch (err) { let shouldRedoOperation = this.handleError(err as Error, entityId); if (shouldRedoOperation) { return await this.write(entityId, value); } } } public async read(entityId: string): Promise<any> { try { const response = await this.client.read(`${this.options.vaultSecretPath}/${entityId}`); return response.data.data.value; } catch (err) { let shouldRedoOperation = this.handleError(err as Error, entityId); if (shouldRedoOperation) { return await this.read(entityId); } } } public async delete(entityId: string): Promise<any> { try { return this.client.delete(`${this.options.vaultSecretPath}/${entityId}`); } catch (err) { let shouldRedoOperation = this.handleError(err as Error, entityId); if (shouldRedoOperation) { return await this.delete(entityId); } } } private handleError(err: Error, entityId: string) { if (err.message === 'Status 404') { throw new ResourceNotFoundError(entityId, err); } if (err.name === 'RequestError') { throw new VaultAccessError(err); } console.log(err.name); if (err.name == 'permission denied') { this.initialize(); return true; } else { throw err; } } private async vaultAuth(): Promise<any> { if (this.options.vaultAuthType === 'ldap') { try { const login = await this.client.ldapLogin({ username: this.options.vaultUser, password: this.options.vaultPassword, }); return login; } catch (err) { this.logger?.error(`Vault authentication error ${err}`); throw err; } } else { try { const login = await this.client.userpassLogin({ username: this.options.vaultUser, password: this.options.vaultPassword, }); return login; } catch (err) { this.logger?.error(`Vault authentication error ${err}`); throw err; } } } } export default VaultProvider;