feat: add GenericSecretProvider

electron · Jan 17, 2023 · e490c37 · e490c37
1 parent 16d30ea
commit e490c37
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -43,13 +43,36 @@ OIDC token must be issued for an allowed project **and** an allowed context.  No
 
 We have a few built-in secret providers documented below, you can build your own provider by importing and implementing the base `SecretProvider` class.
 
+### Generic Secret Provider
+
+This provider allows you to load secrets from _anywhere_ and hand them back in key<>value form.
+
+```typescript
+import { GenericSecretProvider } from '@electron/circleci-oidc-secret-exchange';
+
+export const config = [
+  {
+    organizationId: 'foo',
+    secrets: [
+      provider: () => new GenericSecretProvider(
+        async () => ({
+          MY_COOL_SECRET: process.env.MY_COOL_SECRET,
+          OTHER_SECRET: await getFromSomewhere(),
+        })
+      ),
+      filters: { ... },
+    ]
+  }
+]
+```
+
 ### File Secret Provider
 
 This provider loads a JSON file from disk and let's you read and provide secrets from it.  The file is read fresh on every request
 so if you change the file on disk even without restarting the service the updated secrets will be read
 
 ```typescript
-import { GitHubAppTokenProvider } from '@electron/circleci-oidc-secret-exchange';
+import { FileSecretProvider } from '@electron/circleci-oidc-secret-exchange';
 
 export const config = [
   {

diff --git a/src/index.ts b/src/index.ts
@@ -2,6 +2,7 @@ import Fastify from 'fastify';
 import { OIDCSecretExchangeConfig, OIDCSecretExchangeConfiguration } from './config';
 import { getValidatedToken } from './oidc/validate-token';
 import { FileSecretProvider } from './providers/FileProvider';
+import { GenericSecretProvider } from './providers/GenericProvider';
 import { GitHubAppTokenProvider } from './providers/GitHubAppProvider';
 import { SecretProvider } from './SecretProvider';
 import { CircleCIOIDCClaims } from './type';
@@ -138,4 +139,4 @@ export const configureAndListen = async (
   });
 };
 
-export { FileSecretProvider, GitHubAppTokenProvider, SecretProvider };
+export { FileSecretProvider, GenericSecretProvider, GitHubAppTokenProvider, SecretProvider };
diff --git a/src/providers/GenericProvider.ts b/src/providers/GenericProvider.ts
@@ -0,0 +1,19 @@
+import { SecretProvider } from '../SecretProvider';
+
+export class GenericSecretProvider extends SecretProvider<null> {
+  constructor(private getSecrets: () => Promise<Record<string, string>>) {
+    super();
+  }
+
+  loadableContentKey(): string {
+    return `generic-secret-no-content`;
+  }
+
+  async loadContent(): Promise<null> {
+    return null;
+  }
+
+  async provideSecrets(): Promise<Record<string, string>> {
+    return await Promise.resolve(this.getSecrets());
+  }
+}