From c5b2aeb689f61ba2c5fabafd6aa3f8b466587fdb Mon Sep 17 00:00:00 2001 From: Daniel Sousa Date: Fri, 4 Oct 2019 19:50:09 -0300 Subject: [PATCH] fix: limit concurrency to avoid Azure AD rate limiting (#29) --- package.json | 1 + src/dotenv-azure.ts | 36 ++++++++++++++++++++---------------- yarn.lock | 2 +- 3 files changed, 22 insertions(+), 17 deletions(-) diff --git a/package.json b/package.json index 37d13541..0da837f2 100644 --- a/package.json +++ b/package.json @@ -114,6 +114,7 @@ "@azure/identity": "^1.0.0-preview.3", "@azure/keyvault-secrets": "^4.0.0-preview.5", "dotenv": "^8.1.0", + "p-limit": "^2.2.1", "sync-rpc": "^1.3.6" } } diff --git a/src/dotenv-azure.ts b/src/dotenv-azure.ts index d9f6cb1d..22d522d8 100644 --- a/src/dotenv-azure.ts +++ b/src/dotenv-azure.ts @@ -1,4 +1,5 @@ import * as fs from 'fs' +import pLimit from 'p-limit' import dotenv, { DotenvParseOptions } from 'dotenv' import { ManagedIdentityCredential, ClientSecretCredential } from '@azure/identity' import { SecretsClient } from '@azure/keyvault-secrets' @@ -107,7 +108,7 @@ export default class DotenvAzure { {} as VariablesObject ) } - + console.log('appconfig', vars) return vars } @@ -116,22 +117,25 @@ export default class DotenvAzure { vars: VariablesObject ): Promise { const secrets: VariablesObject = {} + // limit requests to avoid Azure AD rate limiting + const limit = pLimit(2) + + const getSecret = async (key: string, value: string): Promise => { + const keyVaultUrl = testIfValueIsVaultSecret(value) + if (!keyVaultUrl) return + + const [, , secretName, secretVersion] = keyVaultUrl.pathname.split('/') + if (!secretName || !secretVersion) { + throw new InvalidKeyVaultUrlError(key.replace('kv:', '')) + } + + const keyVaultClient = this.getKeyVaultClient(credentials, keyVaultUrl.origin) + const response = await keyVaultClient.getSecret(secretName, { version: secretVersion }) + secrets[key] = response.value || '' + console.log('kv', secretName, response.value) + } - await Promise.all( - Object.entries(vars).map(async ([key, value]) => { - const keyVaultUrl = testIfValueIsVaultSecret(value) - if (!keyVaultUrl) return - - const [, , secretName, secretVersion] = keyVaultUrl.pathname.split('/') - if (!secretName || !secretVersion) { - throw new InvalidKeyVaultUrlError(key.replace('kv:', '')) - } - - const keyVaultClient = this.getKeyVaultClient(credentials, keyVaultUrl.origin) - const response = await keyVaultClient.getSecret(secretName, { version: secretVersion }) - secrets[key] = response.value || '' - }) - ) + await Promise.all(Object.entries(vars).map(([key, val]) => limit(() => getSecret(key, val)))) return secrets } diff --git a/yarn.lock b/yarn.lock index 2e0cdfe9..dbad0dd0 100644 --- a/yarn.lock +++ b/yarn.lock @@ -6089,7 +6089,7 @@ p-limit@^1.1.0: dependencies: p-try "^1.0.0" -p-limit@^2.0.0, p-limit@^2.2.0: +p-limit@^2.0.0, p-limit@^2.2.0, p-limit@^2.2.1: version "2.2.1" resolved "https://registry.yarnpkg.com/p-limit/-/p-limit-2.2.1.tgz#aa07a788cc3151c939b5131f63570f0dd2009537" integrity sha512-85Tk+90UCVWvbDavCLKPOLC9vvY8OwEX/RtKF+/1OADJMVlFfEHOiMTPVyxg7mk/dKa+ipdHm0OUkTvCpMTuwg==