Merge branch 'improvement/BB-622' into q/8.7

extensions/lifecycle/LifecycleQueuePopulator.js

@@ -39,14 +39,14 @@ class LifecycleQueuePopulator extends QueuePopulatorExtension {
         super(params);
         this._authConfig = params.authConfig;
 
-        this.vaultClientWrapper = new VaultClientWrapper(
-            LIFEYCLE_POPULATOR_CLIENT_ID,
-            params.vaultAdmin,
-            this._authConfig,
-            this.log,
-        );
-
-        if (this._authConfig.type === authTypeAssumeRole) {
+        if (this._authConfig?.type === authTypeAssumeRole) {
+            this.vaultClientWrapper = new VaultClientWrapper(
+                LIFEYCLE_POPULATOR_CLIENT_ID,
+                params.vaultAdmin,
+                this._authConfig,
+                this.log,
+            );
+
             this.vaultClientWrapper.init();
         }
 
@@ -238,6 +238,10 @@ class LifecycleQueuePopulator extends QueuePopulatorExtension {
     }
 
     _handleRestoreOp(entry) {
+        if (!this.vaultClientWrapper) {
+            return;
+        }
+
         if (entry.type !== 'put' ||
             entry.key.startsWith(mpuBucketPrefix)) {
             return;
@@ -391,6 +395,10 @@ class LifecycleQueuePopulator extends QueuePopulatorExtension {
     }
 
     _handleDeleteOp(entry) {
+        if (!this.vaultClientWrapper) {
+            return;
+        }
+
         const value = JSON.parse(entry.value);
 
         // if object is not archived there is nothing to do here

extensions/utils/VaultClientWrapper.js

@@ -1,7 +1,7 @@
 const { ChainableTemporaryCredentials } = require('aws-sdk');
 const { errorUtils } = require('arsenal');
 
-const { authTypeAssumeRole } = require('../../lib/constants');
+const { authTypeAssumeRole, authTypeNone } = require('../../lib/constants');
 const VaultClientCache = require('../../lib/clients/VaultClientCache');
 const CredentialsManager = require('../../lib/credentials/CredentialsManager');
 const { http: HttpAgent, https: HttpsAgent } = require('httpagent');
@@ -11,7 +11,7 @@ class VaultClientWrapper {
         this._authConfig = authConfig;
         this._transport = this._authConfig.transport;
         this._clientId = id;
-        this._vaultConf = vaultConf;
+        this._vaultConf = vaultConf || this._authConfig.vault;
         this.logger = logger;
 
         const Agent = this._transport === 'https' ? HttpsAgent.Agent : HttpAgent.Agent;
@@ -21,7 +21,7 @@ class VaultClientWrapper {
     }
 
     init() {
-        if (this._authConfig.type !== authTypeAssumeRole) {
+        if (![authTypeAssumeRole, authTypeNone].includes(this._authConfig.type)) {
             return;
         }
 
@@ -108,10 +108,20 @@ class VaultClientWrapper {
     }
 
     getAccountIds(canonicalIds, cb) {
-        if (this._authConfig.type !== authTypeAssumeRole) {
+        if (![authTypeAssumeRole, authTypeNone].includes(this._authConfig.type)) {
             return process.nextTick(cb, null, {});
         }
 
+        if (this._authConfig.type === authTypeAssumeRole) {
+            return this.getAccountIdsWithTempCredentials(canonicalIds, cb);
+        }
+
+        const client = this._vaultClientCache.getClient(this._clientId);
+        const opts = {};
+        return client.getAccountIds(canonicalIds, opts, (err, res) => cb(err, res?.message?.body));
+    }
+
+    getAccountIdsWithTempCredentials(canonicalIds, cb) {
         return this._tempCredsPromise
             .then(creds => this._vaultClientCache.getClientWithAWSCreds(this._clientId, creds))
             .then(client => client.enableIAMOnAdminRoutes())

lib/config/configItems.joi.js

@@ -6,6 +6,7 @@ const {
     authTypeAccount,
     authTypeService,
     authTypeAssumeRole,
+    authTypeNone,
 } = require('../constants');
 
 const hostPortJoi = joi.object().keys({
@@ -69,7 +70,8 @@ const authJoi = joi.object({
     type: joi.alternatives().try(
         authTypeService,
         authTypeAccount,
-        authTypeAssumeRole
+        authTypeAssumeRole,
+        authTypeNone,
     ).required(),
     account: joi.string()
         .when('type', { is: authTypeAccount, then: joi.required() })
@@ -79,7 +81,8 @@ const authJoi = joi.object({
     sts: stsConfigJoi
         .when('type', { is: authTypeAssumeRole, then: joi.required() }),
     vault: hostPortJoi
-        .when('type', { is: authTypeAssumeRole, then: joi.required() }),
+        .when('type', { is: authTypeAssumeRole, then: joi.required() })
+        .when('type', { is: authTypeNone, then: joi.required() }),
 });
 
 const inheritedAuthJoi = authJoi

lib/constants.js

@@ -18,6 +18,7 @@ const constants = {
     authTypeAssumeRole: 'assumeRole',
     authTypeAccount: 'account',
     authTypeService: 'service',
+    authTypeNone: 'none',
     services: {
         queuePopulator: 'QueuePopulator',
         replicationQueueProcessor: 'ReplicationQueueProcessor',

tests/unit/lifecycle/LifecycleQueuePopulator.spec.js

@@ -106,6 +106,14 @@ describe('LifecycleQueuePopulator', () => {
         }, 100);
     }
 
+    describe('constructor', () => {
+        it('should not create vaultClientWrapper when no auth config passed', () => {
+            const params = {};
+            const lcqp = new LifecycleQueuePopulator(params);
+            assert.strictEqual(lcqp.vaultClientWrapper, undefined);
+        });
+    });
+
     describe('Producer', () => {
         let lcqp;
         beforeEach(() => {
@@ -387,7 +395,6 @@ describe('LifecycleQueuePopulator', () => {
         });
     });
 
-
     describe(':_handleDeleteOp', () => {
         const kafkaSendStub = sinon.stub().yields();
         const objMd = {
@@ -545,7 +552,9 @@ describe('LifecycleQueuePopulator', () => {
             },
         ].forEach(params => {
             it(params.it, () => {
-                lcqp.vaultClientWrapper.getAccountId = sinon.stub().yields(...params.getAccountIdResponse);
+                lcqp.vaultClientWrapper = {
+                    getAccountId: sinon.stub().yields(...params.getAccountIdResponse),
+                };
                 const timestamp = new Date();
                 const entry = {
                     type: params.type,