Add utils/aws for fetching the keyset from S3

package.json

@@ -4,7 +4,8 @@
   "workspaces": [
     "agent-core",
     "rotators/*",
-    "apps/*"
+    "apps/*",
+    "utils/*"
   ],
   "engines": {
     "node": "16.x"

tsconfig.build.json

@@ -1,4 +1,9 @@
 {
   "files": [],
-  "references": [{ "path": "agent-core" }, { "path": "rotators/postgres" }, { "path": "apps/http-postgres-rotator" }]
+  "references": [
+    { "path": "agent-core" },
+    { "path": "rotators/postgres" },
+    { "path": "apps/http-postgres-rotator" },
+    { "path": "utils/aws" }
+  ]
 }

utils/aws/.npmignore

@@ -0,0 +1 @@
+lib/

utils/aws/lib/index.ts

@@ -0,0 +1,18 @@
+import type { Readable } from "stream";
+import { S3 } from "@aws-sdk/client-s3";
+
+async function streamToBuffer(stream: Readable) {
+  return new Promise<Buffer>((resolve, reject) => {
+    const chunks: Buffer[] = [];
+    stream.on("data", (chunk) => chunks.push(chunk));
+    stream.once("end", () => resolve(Buffer.concat(chunks)));
+    stream.once("error", reject);
+  });
+}
+
+export async function fetchS3KeySet(bucket = "doppler-keys") {
+  const s3Client = new S3({ forcePathStyle: true });
+  const keyFile = await s3Client.getObject({ Bucket: bucket, Key: "secret-agents-jwks.json" });
+  const bodyBuffer = await streamToBuffer(keyFile.Body as Readable);
+  return JSON.parse(new TextDecoder().decode(bodyBuffer)) as Record<string, unknown>;
+}

utils/aws/package.json

@@ -0,0 +1,20 @@
+{
+  "name": "aws-utils",
+  "version": "1.0.0",
+  "type": "module",
+  "description": "",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "engines": {
+    "node": "16.x"
+  },
+  "scripts": {
+    "build": "tsc",
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "author": "",
+  "license": "Apache-2.0",
+  "dependencies": {
+    "@aws-sdk/client-s3": "^3.128.0"
+  }
+}

utils/aws/tsconfig.json

@@ -0,0 +1,7 @@
+{
+  "extends": "../../tsconfig.json",
+  "compilerOptions": {
+    "rootDir": "lib",
+    "outDir": "dist"
+  }
+}