Fail lambda if shouldFail flag provided

README.md

@@ -515,6 +515,7 @@ Currently available middlewares:
  - [`jsonBodyParser`](/docs/middlewares.md#jsonbodyparser): Automatically parses HTTP requests with JSON body and converts the body into an object. Also handles gracefully broken JSON if used in combination of
  `httpErrorHandler`.
  - [`s3KeyNormalizer`](/docs/middlewares.md#s3keynormalizer): Normalizes key names in s3 events.
+ - [`Secrets Manager`](/docs/middlewares.md#secretsmanager): Fetches parameters from AWS Secrets Manager.
  - [`ssm`](/docs/middlewares.md#ssm): Fetches parameters from [AWS Systems Manager Parameter Store](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-paramstore.html).
  - [`validator`](/docs/middlewares.md#validator): Automatically validates incoming events and outgoing responses against custom schemas
  - [`urlEncodeBodyParser`](/docs/middlewares.md#urlencodebodyparser): Automatically parses HTTP requests with URL encoded body (typically the result of a form submit).

README.md.hb

@@ -515,6 +515,7 @@ Currently available middlewares:
  - [`jsonBodyParser`](/docs/middlewares.md#jsonbodyparser): Automatically parses HTTP requests with JSON body and converts the body into an object. Also handles gracefully broken JSON if used in combination of
  `httpErrorHandler`.
  - [`s3KeyNormalizer`](/docs/middlewares.md#s3keynormalizer): Normalizes key names in s3 events.
+ - [`Secrets Manager`](/docs/middlewares.md#secretsmanager): Fetches parameters from AWS Secrets Manager.
  - [`ssm`](/docs/middlewares.md#ssm): Fetches parameters from [AWS Systems Manager Parameter Store](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-paramstore.html).
  - [`validator`](/docs/middlewares.md#validator): Automatically validates incoming events and outgoing responses against custom schemas
  - [`urlEncodeBodyParser`](/docs/middlewares.md#urlencodebodyparser): Automatically parses HTTP requests with URL encoded body (typically the result of a form submit).

docs/middlewares.md

@@ -487,6 +487,7 @@ For each secret, you also provide the name under which its value should be added
 - `secrets` (object) : Map of secrets to fetch from Secrets Manager, where the key is the destination, and value is secret name in Secrets Manager.
   Example: `{secrets: {RDS_LOGIN: 'dev/rds_login'}}`
 - `awsSdkOptions` (object) (optional): Options to pass to AWS.SecretsManager class constructor.
+- `shouldFail` (boolean) (optional): Defaults to `false`. Set it to `true` if you want your lambda to fail in case call to AWS Secrets Manager fails (secrets don't exist or internal error)
 
 NOTES:
 * Lambda is required to have IAM permission for `secretsmanager:GetSecretValue` action

src/middlewares/__tests__/secretsManager.js

@@ -52,6 +52,7 @@ describe('🔒 SecretsManager Middleware', () => {
       promise = promise.then(() => {
         return new Promise((resolve, reject) => {
           handler(event, context, (error, response) => {
+            if (error) reject(error)
             try {
               cb(error, {event, context, response})
               resolve()
@@ -68,7 +69,7 @@ describe('🔒 SecretsManager Middleware', () => {
         }
       })
     })
-    promise.then(done).catch(err => done(err))
+    promise.then(done).catch(done)
   }
 
   test(`It should set secrets to context`, (done) => {
@@ -217,6 +218,56 @@ describe('🔒 SecretsManager Middleware', () => {
     })
   })
 
+  test(`It should fail if "shouldFail" flag provided and call failed`, (done) => {
+    const errorMessage = 'Internal Error / Secret doesn\'t exist'
+    getSecretValueMock.mockReturnValueOnce({
+      promise: () => Promise.reject(new Error(errorMessage))
+    })
+
+    const errHandler = err => {
+      getSecretValueMock.mockClear()
+      expect(err.message).toEqual(errorMessage)
+      done()
+    }
+    return testScenario({
+      mockResponse: {},
+      middlewareOptions: {
+        secrets: {
+          KEY_NAME: 'failed_call'
+        },
+        shouldFail: true
+      },
+      callbacks: [
+        (_, {context}) => {
+          throw new Error('Not supposed to be called')
+        }
+      ],
+      done: errHandler
+    })
+  })
+
+  test(`It should resolve if "shouldFail" flag not provided and call failed`, (done) => {
+    const errorMessage = 'Internal Error / Secret doesn\'t exist'
+    getSecretValueMock.mockReturnValueOnce({
+      promise: () => Promise.reject(new Error(errorMessage))
+    })
+    return testScenario({
+      mockResponse: {},
+      middlewareOptions: {
+        secrets: {
+          KEY_NAME: 'failed_call'
+        }
+      },
+      callbacks: [
+        (_, {context}) => {
+          expect(getSecretValueMock).toBeCalled()
+          getSecretValueMock.mockClear()
+        }
+      ],
+      done
+    })
+  })
+
   test(`It should only refresh once per cache expiry window`, (done) => {
     // with cache expiry of 50ms, test what happens when one refresh fails, and
     // that the middleware doesn't retry for another 50ms

src/middlewares/secretsManager.js

@@ -4,6 +4,7 @@ module.exports = opts => {
   const defaults = {
     awsSdkOptions: {},
     secrets: {}, // e.g. { RDS_SECRET: 'dev/rds_login', API_SECRET: '...' }
+    shouldFail: false,
     cache: false,
     cacheExpiryInMillis: undefined,
     secretsLoaded: false,
@@ -57,6 +58,9 @@ module.exports = opts => {
           // if we already have a cached secrets, then reset the timestamp so we don't
           // keep retrying on every invocation which can cause performance problems
           // when there's temporary problems with Secrets Manager
+          if (options.shouldFail) {
+            throw err
+          }
           if (options.secretsCache) {
             options.secretsLoadedAt = new Date()
           }