Merge pull request #59 from Cimpress-MCP/upgradeAwsSDKToV3

upgraded aws sdk to v3
Cimpress-MCP · May 9, 2024 · d35fbf4 · d35fbf4
2 parents b97e3d0 + 1d36e85
commit d35fbf4
Show file tree

Hide file tree

Showing 9 changed files with 952 additions and 203 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -13,7 +13,7 @@ jobs:
       - name: Set up Node.js
         uses: actions/[email protected]
         with:
-          node-version: '14.x'
+          node-version: '20.x'
 
       - name: Install dependencies
         run: yarn

diff --git a/.github/workflows/npm-publish.yml b/.github/workflows/npm-publish.yml
@@ -16,7 +16,7 @@ jobs:
       - name: Set up Node.js
         uses: actions/[email protected]
         with:
-          node-version: 14
+          node-version: 20
 
       - name: Install dependencies
         run: yarn

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,13 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 
+## [6.0.0] - 2022-02-22
+
+### Changed
+
+- **[Breaking change]** Upgraded aws-sdk to v3 which has `SecretsManager` and `KMS` replaced by `SecretsManagerClient` and `KMSClient` class.
+  The functionality and interface remains the same, the imports need to be changed.
+
 ## [5.4.0] - 2024-02-08
 
 ### Added

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "lambda-essentials-ts",
-  "version": "5.4.0",
+  "version": "6.0.0",
   "description": "A selection of the finest modules supporting authorization, API routing, error handling, logging and sending HTTP requests.",
   "main": "lib/index.js",
   "private": false,
@@ -26,7 +26,8 @@
   },
   "homepage": "https://github.com/Cimpress-MCP/lambda-essentials-ts#readme",
   "dependencies": {
-    "aws-sdk": "^2.1287.0",
+    "@aws-sdk/client-kms": "^3.569.0",
+    "@aws-sdk/client-secrets-manager": "^3.569.0",
     "axios": "~0.21.3",
     "axios-cache-adapter": "~2.7.3",
     "fast-safe-stringify": "~2.0.7",

diff --git a/src/tokenProvider/kmsTokenProvider.ts b/src/tokenProvider/kmsTokenProvider.ts
@@ -1,12 +1,12 @@
-import { KMS } from 'aws-sdk';
 import TokenProvider, {
   Auth0Secret,
   TokenConfiguration,
   TokenProviderOptions,
 } from './tokenProvider';
+import { DecryptCommand, KMSClient } from '@aws-sdk/client-kms';
 
 export default class KmsTokenProvider extends TokenProvider {
-  private kmsClient: KMS;
+  private kmsClient: KMSClient;
 
   private kmsConfiguration: KmsTokenConfiguration;
 
@@ -17,13 +17,12 @@ export default class KmsTokenProvider extends TokenProvider {
   }
 
   public async getClientSecret(): Promise<Auth0Secret | undefined> {
-    const secret = await this.kmsClient
-      .decrypt({
+    const data = await this.kmsClient.send(
+      new DecryptCommand({
         CiphertextBlob: Buffer.from(this.kmsConfiguration.encryptedClientSecret, 'base64'),
-      })
-      .promise()
-      .then((data) => data.Plaintext?.toString());
-
+      }),
+    );
+    const secret = data.Plaintext?.toString();
     if (!secret) {
       throw new Error('Request error: failed to decrypt secret using KMS');
     }
@@ -36,7 +35,7 @@ export interface KmsTokenProviderOptions extends TokenProviderOptions {
   /**
    * AWS KMS Client
    */
-  kmsClient: KMS;
+  kmsClient: KMSClient;
   /**
    * Configuration needed for the token
    */

diff --git a/src/tokenProvider/secretsManagerTokenProvider.ts b/src/tokenProvider/secretsManagerTokenProvider.ts
@@ -1,12 +1,12 @@
-import { SecretsManager } from 'aws-sdk';
 import TokenProvider, {
   Auth0Secret,
   TokenConfiguration,
   TokenProviderOptions,
 } from './tokenProvider';
+import { GetSecretValueCommand, SecretsManagerClient } from '@aws-sdk/client-secrets-manager';
 
 export default class SecretsManagerTokenProvider extends TokenProvider {
-  private secretsManagerClient: SecretsManager;
+  private secretsManagerClient: SecretsManagerClient;
 
   private secretsManagerConfiguration: SecretsManagerTokenConfiguration;
 
@@ -17,9 +17,11 @@ export default class SecretsManagerTokenProvider extends TokenProvider {
   }
 
   public async getClientSecret(): Promise<Auth0Secret | undefined> {
-    const secret = await this.secretsManagerClient
-      .getSecretValue({ SecretId: this.secretsManagerConfiguration.clientSecretId })
-      .promise();
+    const secret = await this.secretsManagerClient.send(
+      new GetSecretValueCommand({
+        SecretId: this.secretsManagerConfiguration.clientSecretId,
+      }),
+    );
 
     if (!secret?.SecretString) {
       throw new Error('Request error: failed to retrieve secret from Secrets Manager');
@@ -33,7 +35,7 @@ export interface SecretsManagerTokenProviderOptions extends TokenProviderOptions
   /**
    * AWS Secrets Manager Client
    */
-  secretsManagerClient: SecretsManager;
+  secretsManagerClient: SecretsManagerClient;
   /**
    * Configuration needed for the token
    */

diff --git a/tests/tokenProvider/kmsTokenProvider.test.ts b/tests/tokenProvider/kmsTokenProvider.test.ts
@@ -1,6 +1,6 @@
-import { KMS } from 'aws-sdk';
 import { KmsTokenConfiguration, KmsTokenProvider } from '../../src';
 import { Auth0Secret } from '../../src/tokenProvider/tokenProvider';
+import { KMSClient } from '@aws-sdk/client-kms';
 
 describe('KMS Token Provider', () => {
   const tokenConfiguration: KmsTokenConfiguration = {
@@ -12,10 +12,10 @@ describe('KMS Token Provider', () => {
 
   describe('getClientSecret', () => {
     test('throws when secret was not decrypted', async () => {
-      const promisedDecryptedText = Promise.resolve({ data: { Plaintext: undefined } });
+      const promisedDecryptedText = { data: { Plaintext: undefined } };
       const KMSMock = jest.fn().mockImplementation(
-        (): Partial<KMS> => ({
-          decrypt: jest.fn().mockReturnValue({ promise: () => promisedDecryptedText }),
+        (): Partial<KMSClient> => ({
+          send: jest.fn().mockResolvedValue(promisedDecryptedText),
         }),
       );
 
@@ -34,12 +34,12 @@ describe('KMS Token Provider', () => {
         Auth0ClientID: 'test-client-id',
         Auth0ClientSecret: 'test-secret',
       };
-      const promisedDecryptedText = Promise.resolve({
+      const promisedDecryptedText = {
         Plaintext: expectedSecret.Auth0ClientSecret,
-      });
+      };
       const KMSMock = jest.fn().mockImplementation(
-        (): Partial<KMS> => ({
-          decrypt: jest.fn().mockReturnValue({ promise: () => promisedDecryptedText }),
+        (): Partial<KMSClient> => ({
+          send: jest.fn().mockResolvedValue(promisedDecryptedText),
         }),
       );
 
@@ -51,9 +51,13 @@ describe('KMS Token Provider', () => {
 
       const actualSecret = await tokenProvider.getClientSecret();
       expect(actualSecret).toEqual(expectedSecret);
-      expect(kms.decrypt).toHaveBeenCalledWith({
-        CiphertextBlob: Buffer.from(tokenConfiguration.encryptedClientSecret, 'base64'),
-      });
+      expect(kms.send).toHaveBeenCalledWith(
+        expect.objectContaining({
+          input: {
+            CiphertextBlob: Buffer.from(tokenConfiguration.encryptedClientSecret, 'base64'),
+          },
+        }),
+      );
     });
   });
 });
diff --git a/tests/tokenProvider/secretsManagerTokenProvider.test.ts b/tests/tokenProvider/secretsManagerTokenProvider.test.ts
@@ -1,6 +1,6 @@
-import { SecretsManager } from 'aws-sdk';
 import { SecretsManagerTokenConfiguration, SecretsManagerTokenProvider } from '../../src';
 import { Auth0Secret } from '../../src/tokenProvider/tokenProvider';
+import { SecretsManagerClient } from '@aws-sdk/client-secrets-manager';
 
 describe('Secrets Manager Token Provider', () => {
   const tokenConfiguration: SecretsManagerTokenConfiguration = {
@@ -11,10 +11,10 @@ describe('Secrets Manager Token Provider', () => {
 
   describe('getClientSecret', () => {
     test('throws when secret was not retrieved', async () => {
-      const promisedSecret = Promise.resolve({ SecretString: undefined });
+      const promisedSecret = { SecretString: undefined };
       const SecretsManagerMock = jest.fn().mockImplementation(
-        (): Partial<SecretsManager> => ({
-          getSecretValue: jest.fn().mockReturnValue({ promise: () => promisedSecret }),
+        (): Partial<SecretsManagerClient> => ({
+          send: jest.fn().mockResolvedValueOnce(promisedSecret),
         }),
       );
 
@@ -33,10 +33,10 @@ describe('Secrets Manager Token Provider', () => {
         Auth0ClientID: 'test-client-id',
         Auth0ClientSecret: 'test-secret',
       };
-      const promisedSecret = Promise.resolve({ SecretString: JSON.stringify(expectedSecret) });
+      const promisedSecret = { SecretString: JSON.stringify(expectedSecret) };
       const SecretsManagerMock = jest.fn().mockImplementation(
-        (): Partial<SecretsManager> => ({
-          getSecretValue: jest.fn().mockReturnValue({ promise: () => promisedSecret }),
+        (): Partial<SecretsManagerClient> => ({
+          send: jest.fn().mockResolvedValueOnce(promisedSecret),
         }),
       );
 
@@ -48,9 +48,11 @@ describe('Secrets Manager Token Provider', () => {
 
       const actualSecret = await tokenProvider.getClientSecret();
       expect(actualSecret).toEqual(expectedSecret);
-      expect(secretsManager.getSecretValue).toHaveBeenCalledWith({
-        SecretId: tokenConfiguration.clientSecretId,
-      });
+      expect(secretsManager.send).toHaveBeenCalledWith(
+        expect.objectContaining({
+          input: { SecretId: tokenConfiguration.clientSecretId },
+        }),
+      );
     });
   });
 });