feat: Add disableLogging option to getManagementToken

Author: lewisjcs

src/keys/get-management-token.spec.ts

@@ -14,6 +14,12 @@ import { Logger } from '../utils'
 import { sign } from 'jsonwebtoken'
 import { LRUCache } from 'lru-cache'
 
+// Mock the debug logger to spy on it
+const mockDebugInstance = {
+  extend: sinon.stub().returns(sinon.spy()),
+}
+sinon.stub(require('debug'), 'default').returns(mockDebugInstance)
+
 const PRIVATE_KEY = fs.readFileSync(path.join(__dirname, '..', '..', 'keys', 'key.pem'), 'utf-8')
 const APP_ID = 'app_id'
 const SPACE_ID = 'space_id'
@@ -29,6 +35,64 @@ const noop = () => {}
 const defaultCache: LRUCache<string, string> = new LRUCache({ max: 10 })
 
 describe('getManagementToken', () => {
+  let loggerSpy: sinon.SinonSpy
+
+  beforeEach(() => {
+    // Reset the spy before each test
+    loggerSpy = mockDebugInstance.extend() as sinon.SinonSpy
+    loggerSpy.resetHistory()
+    // Reset cache as well
+    defaultCache.clear()
+  })
+
+  it('fetches a token and logs by default', async () => {
+    const mockToken = 'token'
+    // Use the real logger creator, but we spy on the debug instance it creates
+    const { createLogger } = await import('../utils/logger')
+    const logger = createLogger({ filename: __filename })
+    const post = sinon.stub()
+    post.resolves({ statusCode: 201, body: JSON.stringify({ token: mockToken }) })
+    const httpClient = { post } as unknown as HttpClient
+    const getManagementTokenFn = createGetManagementToken(logger, httpClient, defaultCache)
+
+    const result = await getManagementTokenFn(PRIVATE_KEY, DEFAULT_OPTIONS) // disableLogging is default false
+
+    assert.deepStrictEqual(result, mockToken)
+    assert(
+      post.calledWith(
+        `spaces/${SPACE_ID}/environments/${ENVIRONMENT_ID}/app_installations/${APP_ID}/access_tokens`,
+        sinon.match({ headers: { Authorization: sinon.match.string } }),
+      ),
+    )
+    // Assert that the logger spy was called
+    assert(loggerSpy.called, 'Logger should have been called by default')
+  })
+
+  it('does not log when disableLogging is true', async () => {
+    const mockToken = 'token-no-log'
+    const { createLogger } = await import('../utils/logger')
+    const logger = createLogger({ filename: __filename })
+    const post = sinon.stub()
+    post.resolves({ statusCode: 201, body: JSON.stringify({ token: mockToken }) })
+    const httpClient = { post } as unknown as HttpClient
+    const getManagementTokenFn = createGetManagementToken(logger, httpClient, defaultCache)
+
+    const result = await getManagementTokenFn(PRIVATE_KEY, {
+      ...DEFAULT_OPTIONS,
+      disableLogging: true,
+    })
+
+    assert.deepStrictEqual(result, mockToken)
+    assert(
+      post.calledWith(
+        `spaces/${SPACE_ID}/environments/${ENVIRONMENT_ID}/app_installations/${APP_ID}/access_tokens`,
+        sinon.match({ headers: { Authorization: sinon.match.string } }),
+      ),
+    )
+    // Assert that the logger spy was NOT called
+    assert(!loggerSpy.called, 'Logger should not have been called when disableLogging is true')
+  })
+
   it('fetches a token', async () => {
     const mockToken = 'token'
     const logger = noop as unknown as Logger

src/keys/get-management-token.ts

@@ -18,6 +18,7 @@ export interface GetManagementTokenOptions {
   keyId?: string
   reuseToken?: boolean
   host?: string
+  disableLogging?: boolean
 }
 
 let defaultCache: LRUCache<string, string> | undefined
@@ -29,15 +30,15 @@ let defaultCache: LRUCache<string, string> | undefined
 const generateOneTimeToken = (
   privateKey: string,
   { appId, keyId }: { appId: string; keyId?: string },
-  { log }: { log: Logger },
+  { log, disableLogging }: { log: Logger; disableLogging: boolean },
 ): string => {
-  log('Signing a JWT token with private key')
+  if (!disableLogging) log('Signing a JWT token with private key')
   try {
     const baseSignOptions: SignOptions = { algorithm: 'RS256', issuer: appId, expiresIn: '10m' }
     const signOptions: SignOptions = keyId ? { ...baseSignOptions, keyid: keyId } : baseSignOptions
 
     const token = sign({}, privateKey, signOptions)
-    log('Successfully signed token')
+    if (!disableLogging) log('Successfully signed token')
     return token
   } catch (e) {
     log('Unable to sign token')
@@ -52,11 +53,11 @@ const getTokenFromOneTimeToken = async (
     spaceId,
     environmentId,
   }: { appInstallationId: string; spaceId: string; environmentId: string },
-  { log, http }: { log: Logger; http: HttpClient },
+  { log, http, disableLogging }: { log: Logger; http: HttpClient; disableLogging: boolean },
 ): Promise<string> => {
   const validateStatusCode = createValidateStatusCode([201])
 
-  log(`Requesting CMA Token with given App Token`)
+  if (!disableLogging) log(`Requesting CMA Token with given App Token`)
 
   const response = await http.post(
     `spaces/${spaceId}/environments/${environmentId}/app_installations/${appInstallationId}/access_tokens`,
@@ -70,9 +71,10 @@ const getTokenFromOneTimeToken = async (
     },
   )
 
-  log(
-    `Successfully retrieved CMA Token for app ${appInstallationId} in space ${spaceId} and environment ${environmentId}`,
-  )
+  if (!disableLogging)
+    log(
+      `Successfully retrieved CMA Token for app ${appInstallationId} in space ${spaceId} and environment ${environmentId}`,
+    )
 
   return JSON.parse(response.body).token
 }
@@ -91,13 +93,12 @@ export const createGetManagementToken = (
       throw new ReferenceError('Invalid privateKey: expected a string representing a private key')
     }
 
-    if (opts.reuseToken === undefined) {
-      opts.reuseToken = true
-    }
+    const reuseToken = opts.reuseToken ?? true
+    const disableLogging = opts.disableLogging ?? false
 
     const cacheKey =
       opts.appInstallationId + opts.spaceId + opts.environmentId + privateKey.slice(32, 132)
-    if (opts.reuseToken) {
+    if (reuseToken) {
       const existing = cache.get(cacheKey) as string
       if (existing) {
         return existing as string
@@ -107,10 +108,10 @@ export const createGetManagementToken = (
     const appToken = generateOneTimeToken(
       privateKey,
       { appId: opts.appInstallationId, keyId: opts.keyId },
-      { log },
+      { log, disableLogging },
     )
-    const ott = await getTokenFromOneTimeToken(appToken, opts, { log, http })
-    if (opts.reuseToken) {
+    const ott = await getTokenFromOneTimeToken(appToken, opts, { log, http, disableLogging })
+    if (reuseToken) {
       const decoded = decode(ott)
       if (decoded && typeof decoded === 'object' && decoded.exp) {
         // Internally expire cached tokens a bit earlier to make sure token isn't expired on arrival