jets 4.0.3 → 4.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/lib/jets/application/defaults.rb +41 -18
- data/lib/jets/internal/app/jobs/jets/preheat_job.rb +1 -18
- data/lib/jets/resource/iam/base_role_definition.rb +14 -0
- data/lib/jets/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a04cac354e7cc219602bd9a156eb26be7517025997ebfd4965e2d0678ddaee56
|
|
4
|
+
data.tar.gz: 1e4d52b85a38f8058dc38538f32f6e0c551aacde7cd2ee444368f787486c7779
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9e8216af98538a02cfd1baed256f0b452daa5d626c6e7bde0093bbe37007e207dccd736122903351eba55615af1750ea1272134c6e8fc32c504f53d252e58fdc
|
|
7
|
+
data.tar.gz: 7968a375e5a80deafc70b1c8261095b9ff9237471c73fb616c63531ed6080483d83745243d08f5ca33a9b92871ea9b1280c6f0e5beb64b26ee57fa9f2621bd75
|
data/CHANGELOG.md
CHANGED
|
@@ -3,6 +3,9 @@
|
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
|
4
4
|
This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/).
|
|
5
5
|
|
|
6
|
+
## [4.0.4] - 2023-09-07
|
|
7
|
+
- [#662](https://github.com/boltops-tools/jets/pull/662) fix vpc iam permissions
|
|
8
|
+
|
|
6
9
|
## [4.0.3] - 2023-08-03
|
|
7
10
|
- [#657](https://github.com/boltops-tools/jets/pull/657) [Fix] ApiGateway for local Middleware: fix query_string_parameters
|
|
8
11
|
|
|
@@ -2,8 +2,8 @@ class Jets::Application
|
|
|
2
2
|
module Defaults
|
|
3
3
|
extend ActiveSupport::Concern
|
|
4
4
|
|
|
5
|
-
|
|
6
|
-
def
|
|
5
|
+
class_methods do
|
|
6
|
+
def default_iam_policy
|
|
7
7
|
project_namespace = Jets.project_namespace
|
|
8
8
|
logs = {
|
|
9
9
|
action: ["logs:*"],
|
|
@@ -24,24 +24,23 @@ class Jets::Application
|
|
|
24
24
|
}
|
|
25
25
|
policies << cloudformation
|
|
26
26
|
|
|
27
|
-
if Jets.config.function.vpc_config
|
|
28
|
-
vpc = {
|
|
29
|
-
action: %w[
|
|
30
|
-
ec2:CreateNetworkInterface
|
|
31
|
-
ec2:DeleteNetworkInterface
|
|
32
|
-
ec2:DescribeNetworkInterfaces
|
|
33
|
-
ec2:DescribeVpcs
|
|
34
|
-
ec2:DescribeSubnets
|
|
35
|
-
ec2:DescribeSecurityGroups
|
|
36
|
-
],
|
|
37
|
-
effect: "Allow",
|
|
38
|
-
resource: "*",
|
|
39
|
-
}
|
|
40
|
-
policies << vpc
|
|
41
|
-
end
|
|
42
|
-
|
|
43
27
|
policies
|
|
44
28
|
end
|
|
29
|
+
|
|
30
|
+
def vpc_iam_policy_statement
|
|
31
|
+
{
|
|
32
|
+
Action: %w[
|
|
33
|
+
ec2:CreateNetworkInterface
|
|
34
|
+
ec2:DeleteNetworkInterface
|
|
35
|
+
ec2:DescribeNetworkInterfaces
|
|
36
|
+
ec2:DescribeVpcs
|
|
37
|
+
ec2:DescribeSubnets
|
|
38
|
+
ec2:DescribeSecurityGroups
|
|
39
|
+
],
|
|
40
|
+
Effect: "Allow",
|
|
41
|
+
Resource: "*",
|
|
42
|
+
}
|
|
43
|
+
end
|
|
45
44
|
end
|
|
46
45
|
|
|
47
46
|
def default_config
|
|
@@ -201,5 +200,29 @@ class Jets::Application
|
|
|
201
200
|
app/shared/functions
|
|
202
201
|
]
|
|
203
202
|
end
|
|
203
|
+
|
|
204
|
+
# Used by app/jobs/jets/preheat_job.rb
|
|
205
|
+
def preheat_job_iam_policy
|
|
206
|
+
policy = [
|
|
207
|
+
{
|
|
208
|
+
Sid: "Statement1",
|
|
209
|
+
Action: ["logs:*"],
|
|
210
|
+
Effect: "Allow",
|
|
211
|
+
Resource: [{
|
|
212
|
+
"Fn::Sub": "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/${JetsPreheatJobWarmLambdaFunction}"
|
|
213
|
+
}]
|
|
214
|
+
},
|
|
215
|
+
{
|
|
216
|
+
Sid: "Statement2",
|
|
217
|
+
Action: ["lambda:InvokeFunction", "lambda:InvokeAsync"],
|
|
218
|
+
Effect: "Allow",
|
|
219
|
+
Resource: [{
|
|
220
|
+
"Fn::Sub": "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:#{Jets.project_namespace}-*"
|
|
221
|
+
}]
|
|
222
|
+
}
|
|
223
|
+
]
|
|
224
|
+
policy << Jets::Application.vpc_iam_policy_statement if Jets.config.function.vpc_config
|
|
225
|
+
policy
|
|
226
|
+
end
|
|
204
227
|
end
|
|
205
228
|
end
|
|
@@ -7,24 +7,7 @@ class Jets::PreheatJob < ApplicationJob
|
|
|
7
7
|
|
|
8
8
|
class_timeout 30
|
|
9
9
|
class_memory 1024
|
|
10
|
-
class_iam_policy(
|
|
11
|
-
{
|
|
12
|
-
sid: "Statement1",
|
|
13
|
-
action: ["logs:*"],
|
|
14
|
-
effect: "Allow",
|
|
15
|
-
resource: [
|
|
16
|
-
sub("arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/${WarmLambdaFunction}"),
|
|
17
|
-
]
|
|
18
|
-
},
|
|
19
|
-
{
|
|
20
|
-
Sid: "Statement2",
|
|
21
|
-
Action: ["lambda:InvokeFunction", "lambda:InvokeAsync"],
|
|
22
|
-
Effect: "Allow",
|
|
23
|
-
Resource: [
|
|
24
|
-
sub("arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:#{Jets.project_namespace}-*")
|
|
25
|
-
]
|
|
26
|
-
}
|
|
27
|
-
)
|
|
10
|
+
class_iam_policy(Jets.config.preheat_job_iam_policy)
|
|
28
11
|
|
|
29
12
|
rate(PREWARM_RATE) if torching
|
|
30
13
|
def torch
|
|
@@ -24,6 +24,12 @@ module Jets::Resource::Iam
|
|
|
24
24
|
}
|
|
25
25
|
}
|
|
26
26
|
|
|
27
|
+
# Add vpc permissions to all policies
|
|
28
|
+
definition[logical_id][:properties][:policies] = [
|
|
29
|
+
policy_name: "vpc", # required, limited to 128-chars
|
|
30
|
+
policy_document: vpc_policy_document,
|
|
31
|
+
] if vpc_policy_document
|
|
32
|
+
|
|
27
33
|
unless managed_policy_arns.empty?
|
|
28
34
|
definition[logical_id][:properties][:managed_policy_arns] = managed_policy_arns
|
|
29
35
|
end
|
|
@@ -31,6 +37,14 @@ module Jets::Resource::Iam
|
|
|
31
37
|
definition
|
|
32
38
|
end
|
|
33
39
|
|
|
40
|
+
def vpc_policy_document
|
|
41
|
+
if Jets.config.function.vpc_config
|
|
42
|
+
{
|
|
43
|
+
Statement: [Jets::Application.vpc_iam_policy_statement]
|
|
44
|
+
}
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
|
|
34
48
|
def policy_document
|
|
35
49
|
PolicyDocument.new(@policy_definitions.flatten.uniq).policy_document
|
|
36
50
|
end
|
data/lib/jets/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: jets
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.0.
|
|
4
|
+
version: 4.0.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tung Nguyen
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-
|
|
11
|
+
date: 2023-09-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: actionmailer
|