| | | 1 | | /** |
| | | 2 | | * Thrown when resolved secrets contain missing or empty values. |
| | | 3 | | */ |
| | | 4 | | export class SecretValidationError extends Error { |
| | | 5 | | /** |
| | | 6 | | * Keys whose values were empty or whitespace-only. |
| | | 7 | | * Empty array when no secrets were resolved at all. |
| | | 8 | | */ |
| | | 9 | | readonly missingKeys: string[]; |
| | | 10 | | |
| | | 11 | | constructor(missingKeys: string[]) { |
| | 6 | 12 | | super( |
| | | 13 | | missingKeys.length === 0 |
| | | 14 | | ? 'No secrets were resolved' |
| | | 15 | | : `The following secrets have empty or missing values: ${missingKeys.join(', ')}`, |
| | | 16 | | ); |
| | 6 | 17 | | this.missingKeys = missingKeys; |
| | 6 | 18 | | this.name = 'SecretValidationError'; |
| | | 19 | | } |
| | | 20 | | } |
| | | 21 | | |
| | | 22 | | /** |
| | | 23 | | * Validates that all resolved secrets have non-empty values. |
| | | 24 | | * |
| | | 25 | | * @throws {SecretValidationError} When the map is empty or any value is empty/whitespace. |
| | | 26 | | */ |
| | | 27 | | export function validateSecrets(secrets: ReadonlyMap<string, string>): void { |
| | 7 | 28 | | if (secrets.size === 0) { |
| | 2 | 29 | | throw new SecretValidationError([]); |
| | | 30 | | } |
| | | 31 | | |
| | 5 | 32 | | const missingKeys: string[] = []; |
| | 5 | 33 | | for (const [key, value] of secrets) { |
| | 12 | 34 | | if (!value?.trim()) { |
| | 6 | 35 | | missingKeys.push(key); |
| | | 36 | | } |
| | | 37 | | } |
| | | 38 | | |
| | 5 | 39 | | if (missingKeys.length > 0) { |
| | 4 | 40 | | throw new SecretValidationError(missingKeys); |
| | | 41 | | } |
| | | 42 | | } |