From b1f6e17ba347447c987ae25866347a3631653c80 Mon Sep 17 00:00:00 2001 From: Ryan Blunden Date: Wed, 25 May 2022 10:50:04 +1000 Subject: [PATCH] Enable Doppler Service Token to be passed as a parameter (#28) --- CHANGELOG.md | 8 ++++++++ package.json | 2 +- src/providers/doppler.js | 9 +++++---- tests/providers.doppler.test.js | 15 ++++++++++++--- tests/secrets.test.js | 2 +- 5 files changed, 27 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2d60c84..e94e6f2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,3 +7,11 @@ ## 0.0.3 (April 27, 2022) - Added `user-agent` header to Doppler provider + +## 0.0.4 (May 25, 2022) + +- Improved README + +## 0.0.5 (May 25, 2022) + +- Enable Doppler Service Token to be passed as a parameter to the Doppler provider diff --git a/package.json b/package.json index 1a228f1..028f0f5 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "gitops-secrets", - "version": "0.0.4", + "version": "0.0.5", "author": "Ryan Blunden ", "description": "SecretOps workflow for bundling encrypted secrets into your deployments to safely decrypt at runtime.", "repository": { diff --git a/src/providers/doppler.js b/src/providers/doppler.js index 4c4af26..87d1d01 100644 --- a/src/providers/doppler.js +++ b/src/providers/doppler.js @@ -1,17 +1,18 @@ const https = require("https"); const { VERSION } = require("../meta"); + /** * Fetch secrets from Doppler the API. - * Requires the `DOPPLER_TOKEN` environment variable to be set. See https://docs.doppler.com/docs/enclave-service-tokens + * @param {{dopplerToken: string}} [{dopplerToken: process.env.DOPPLER_TOKEN}] Requires a Doppler Service Token for API authentication. See https://docs.doppler.com/docs/enclave-service-tokens * @returns {() => Promise>} */ -async function fetch() { - if (!process.env.DOPPLER_TOKEN) { +async function fetch({ dopplerToken = process.env.DOPPLER_TOKEN } = {}) { + if (!dopplerToken) { throw new Error("Doppler API Error: The 'DOPPLER_TOKEN' environment variable is required"); } return new Promise(function (resolve, reject) { - const encodedAuthData = Buffer.from(`${process.env.DOPPLER_TOKEN}:`).toString("base64"); + const encodedAuthData = Buffer.from(`${dopplerToken}:`).toString("base64"); const authHeader = `Basic ${encodedAuthData}`; const userAgent = `gitops-secrets-nodejs/${VERSION}`; https diff --git a/tests/providers.doppler.test.js b/tests/providers.doppler.test.js index 275e104..07fa28e 100644 --- a/tests/providers.doppler.test.js +++ b/tests/providers.doppler.test.js @@ -9,16 +9,25 @@ if (!process.env.DOPPLER_TOKEN) { const DOPPLER_TOKEN = process.env.DOPPLER_TOKEN; beforeEach(() => (process.env.DOPPLER_TOKEN = DOPPLER_TOKEN)); -test("fetch fails without DOPPLER_TOKEN", async () => { +test("fetch fails if DOPPLER_TOKEN environment variable and dopplerToken param are null", async () => { delete process.env.DOPPLER_TOKEN; await expect(doppler.fetch()).rejects.toThrowError("Doppler API Error"); }); -test("fetch fails with invalid DOPPLER_TOKEN", async () => { +test("fetch fails with invalid DOPPLER_TOKEN environment variable", async () => { process.env.DOPPLER_TOKEN = "XXXX"; await expect(doppler.fetch()).rejects.toThrowError(); }); -test("fetch succeeds with DOPPLER_TOKEN", async () => { +test("fetch fails with invalid dopplerToken param", async () => { + await expect(doppler.fetch({ dopplerToken: "XXXX" })).rejects.toThrowError(); +}); + +test("fetch succeeds with DOPPLER_TOKEN environment variable", async () => { await expect(doppler.fetch()).resolves.toHaveProperty("DOPPLER_PROJECT"); }); + +test("fetch succeeds with valid dopplerToken param", async () => { + delete process.env.DOPPLER_TOKEN; + await expect(doppler.fetch({ dopplerToken: DOPPLER_TOKEN })).resolves.toHaveProperty("DOPPLER_PROJECT"); +}); diff --git a/tests/secrets.test.js b/tests/secrets.test.js index 2fa787f..7cef401 100644 --- a/tests/secrets.test.js +++ b/tests/secrets.test.js @@ -8,7 +8,7 @@ const read = (file) => fs.readFileSync(path.resolve(file), { encoding: "utf8" }) // eslint-disable-next-line security/detect-non-literal-fs-filename const rm = (...files) => files.forEach((file) => fs.unlinkSync(path.resolve(file))); -const PROCESS_ENV = process.env; +const PROCESS_ENV = { ...process.env }; const NPM_PACKAGE_TYPE = process.env.npm_package_type; const GITOPS_SECRETS_MASTER_KEY = "1e18cc54-1d77-45a1-ae46-fecebce35ae2";