Update deps, allow aws-sdk configuration for multi-region support (#3)

* updated deps * inject AWS SDK into libs
pizzahutuk · May 8, 2019 · f8d5458 · f8d5458
1 parent ddd7702
commit f8d5458
Show file tree

Hide file tree

Showing 6 changed files with 896 additions and 169 deletions.
diff --git a/index.js b/index.js
@@ -1,4 +1,5 @@
 const async = require('async');
+const getAWS = require('./lib/aws').getAWS;
 const decrypter = require('./lib/decrypter');
 const encoder = require('./lib/encoder');
 const hmac = require('./lib/hmac');
@@ -7,24 +8,27 @@ const secrets = require('./lib/secrets');
 const xtend = require('xtend');
 
 const defaults = {
-  limit: 1
+  limit: 1,
+  region: process.env.AWS_DEFAULT_REGION || 'eu-west-1',
+  table: 'credential-store'
 };
 
 function Credstash(config) {
-  this.table = config ? config.table : undefined;
+  this.config = xtend(defaults, config);
 }
 
 Credstash.prototype.list = function(options, done) {
   if (typeof options === 'function') {
     done = options;
-    options = defaults;
+    options = this.config;
   } else {
-    options = xtend(defaults, options);
+    options = xtend(this.config, options);
   }
 
+  const AWS = getAWS(options);
   return async.waterfall([
-    async.apply(secrets.list, this.table, options),
-    async.apply(keys.decrypt),
+    async.apply(secrets.list, AWS, options),
+    async.apply(keys.decrypt, AWS),
     async.apply(hmac.check),
     async.apply(decrypter.decryptedObject)
   ], function (err, secrets) {
@@ -39,14 +43,15 @@ Credstash.prototype.list = function(options, done) {
 Credstash.prototype.get = function(name, options, done) {
   if (typeof options === 'function') {
     done = options;
-    options = defaults;
+    options = this.config;
   } else {
-    options = xtend(defaults, options);
+    options = xtend(this.config, options);
   }
 
+  const AWS = getAWS(options);
   return async.waterfall([
-    async.apply(secrets.get, this.table, name, options),
-    async.apply(keys.decrypt),
+    async.apply(secrets.get, AWS, name, options),
+    async.apply(keys.decrypt, AWS),
     async.apply(hmac.check),
     async.apply(decrypter.decryptedList)
   ], function (err, secrets) {

diff --git a/lib/aws.js b/lib/aws.js
@@ -0,0 +1,10 @@
+const AWS = require('aws-sdk');
+
+function getAWS(options) {
+  AWS.config.update({region: options.region});
+  return AWS;
+}
+
+module.exports = {
+  getAWS,
+};
diff --git a/lib/keys.js b/lib/keys.js
@@ -1,17 +1,14 @@
-const AWS = require('aws-sdk');
 const async = require('async');
 const encoder = require('./encoder');
 
-if (typeof process.env.AWS_DEFAULT_REGION !== 'undefined') {
-  AWS.config.update({region: process.env.AWS_DEFAULT_REGION});
-}
-
-function decrypt(key, done) {
-  var params = {
-    CiphertextBlob: encoder.decode(key)
-  };
+function decrypt(AWS) {
+  return function(key, done) {
+    var params = {
+      CiphertextBlob: encoder.decode(key)
+    };
 
-  return new AWS.KMS().decrypt(params, done);
+    return new AWS.KMS().decrypt(params, done);
+  }
 }
 
 function split(stashes, decryptedKeys, done) {
@@ -26,9 +23,9 @@ function split(stashes, decryptedKeys, done) {
 }
 
 module.exports = {
-  decrypt: (stashes, done) => {
+  decrypt: (AWS, stashes, done) => {
     return async.waterfall([
-      async.apply(async.map, stashes.map(s => s.key), decrypt),
+      async.apply(async.map, stashes.map(s => s.key), decrypt(AWS)),
       async.apply(split, stashes)
     ], done);
   }

diff --git a/lib/secrets.js b/lib/secrets.js
@@ -1,10 +1,5 @@
-const AWS = require('aws-sdk');
 const async = require('async');
 
-if (typeof process.env.AWS_DEFAULT_REGION !== 'undefined') {
-  AWS.config.update({region: process.env.AWS_DEFAULT_REGION});
-}
-
 // Blatantly borrowed from https://www.electrictoolbox.com/pad-number-zeroes-javascript/
 function pad(number, length) {
   var str = '' + number;
@@ -23,9 +18,9 @@ function makeVersion(version) {
   };
 }
 
-function scan(table, options, done) {
+function scan(AWS, options, done) {
   var params = {
-    TableName: table || 'credential-store',
+    TableName: options.table || 'credential-store',
     ConsistentRead: true,
     ScanFilter: {}
   };
@@ -37,9 +32,9 @@ function scan(table, options, done) {
   return new AWS.DynamoDB().scan(params, done);
 }
 
-function find(table, name, options, done) {
+function find(AWS, name, options, done) {
   var params = {
-    TableName: table || 'credential-store',
+    TableName: options.table || 'credential-store',
     ConsistentRead: true,
     Limit: options.limit,
     ScanIndexForward: false,
@@ -76,15 +71,15 @@ function map(name, data, done) {
 }
 
 module.exports = {
-  get: (table, name, options, done) => {
+  get: (AWS, name, options, done) => {
     return async.waterfall([
-      async.apply(find, table, name, options),
+      async.apply(find, AWS, name, options),
       async.apply(map, name),
     ], done);
   },
-  list: (table, options, done) => {
+  list: (AWS, options, done) => {
     return async.waterfall([
-      async.apply(scan, table, options),
+      async.apply(scan, AWS, options),
       async.apply(map, 'all secrets'),
     ], done);
   }