@adobe/helix-deploy 4.12.2 → 4.15.0

package/src/deploy/GoogleDeployer.js

@@ -14,6 +14,7 @@ const { SecretManagerServiceClient } = require('@google-cloud/secret-manager');
 const path = require('path');
 const fs = require('fs');
 const semver = require('semver');
+const chalk = require('chalk');
 const BaseDeployer = require('./BaseDeployer');
 const GoogleConfig = require('./GoogleConfig.js');
 const { filterActions } = require('../utils.js');
@@ -59,7 +60,7 @@ class GoogleDeployer extends BaseDeployer {
         projectId: this._cfg.projectID,
       });
     } catch (e) {
-      this.log.error(`Unable to authenticate with Google: ${e.message}`);
+      this.log.error(chalk`{red error:} Unable to authenticate with Google: ${e.message}`);
       throw e;
     }
   }
@@ -82,9 +83,9 @@ class GoogleDeployer extends BaseDeployer {
         },
         secretId,
       });
-      this.log.info(`Created secret ${secret.name}`);
+      this.log.info(`--: Created secret ${secret.name}`);
     } catch {
-      this.log.info('Using existing secret');
+      this.log.info('--: Using existing secret');
       [secret] = await this._secretclient.getSecret({
         name: `${parent}/secrets/${secretId}`,
       });
@@ -98,7 +99,7 @@ class GoogleDeployer extends BaseDeployer {
       },
     });
 
-    this.log.info(`Added secret version ${version.name}`);
+    this.log.info(chalk`{green ok}: Added secret version ${version.name}`);
 
     /*
     const [retversion] = await this._secretclient.accessSecretVersion({
@@ -191,23 +192,23 @@ class GoogleDeployer extends BaseDeployer {
           function: func,
         });
 
-        this.log.info('updating existing function');
+        this.log.info('--: updating existing function');
         const [res] = await op.promise();
         this._function = res;
-        this.log.info('function deployed');
+        this.log.info(chalk`{green ok:} function deployed`);
       } else {
         const [op] = await this._client.createFunction({
           location: `projects/${this._cfg.projectID}/locations/${this._cfg.region}`,
           function: func,
         });
 
-        this.log.info('creating function, please wait (Google deployments are slow).');
+        this.log.info('--: creating function, please wait (Google deployments are slow).');
         const [res] = await op.promise();
         this._function = res;
-        this.log.info('function deployed');
+        this.log.info(chalk`{green ok:} function deployed`);
       }
 
-      this.log.info('enabling unauthenticated requests');
+      this.log.info('--: enabling unauthenticated requests');
       await this._client.setIamPolicy({
         resource: name,
         policy: {
@@ -222,11 +223,8 @@ class GoogleDeployer extends BaseDeployer {
         },
       });
     } catch (err) {
-      this.log.error(err);
-      // eslint-disable-next-line max-len
-      this.log.error('bad request:', err.metadata.internalRepr.get('google.rpc.badrequest-bin').toString());
-      // eslint-disable-next-line max-len
-      this.log.error('details:', err.metadata.internalRepr.get('grpc-status-details-bin').toString());
+      this.log.error(chalk`{red error:} bad request: ${err.metadata.internalRepr.get('google.rpc.badrequest-bin').toString()}`);
+      this.log.error(chalk`{red error:} details: ${err.metadata.internalRepr.get('grpc-status-details-bin').toString()}`);
       throw err;
     }
 
@@ -239,8 +237,7 @@ class GoogleDeployer extends BaseDeployer {
       await this.createFunction();
     } catch (err) {
       const message = err.metadata ? err.metadata.get('grpc-status-details-bin')[0].toString() : err.message;
-      this.log.error(`Unable to deploy Google Cloud function: ${message}`, err.metadata);
-
+      this.log.error(chalk`{red error:} Unable to deploy Google Cloud function: ${message}`, err.metadata);
       throw err;
     }
   }
@@ -299,15 +296,14 @@ class GoogleDeployer extends BaseDeployer {
         },
         versionspec,
       ).map((fn) => {
-        this.log.info(`Cleaning up outdated function '${fn.fqName}`);
+        this.log.info(`--: Cleaning up outdated function '${fn.fqName}`);
 
         return this._client.deleteFunction({
           name: fn.fqName,
         });
       }));
     } catch (e) {
-      this.log.error('Cleanup failed, proceeding anyway.');
-      this.log.error(e);
+      this.log.error(chalk`{red error:} Cleanup failed, proceeding anyway.`, e);
     }
   }
 

package/src/gateway/FastlyGateway.js

@@ -10,6 +10,7 @@
  * governing permissions and limitations under the License.
  */
 const Fastly = require('@adobe/fastly-native-promises');
+const chalk = require('chalk');
 const {
   toString, vcl, time, req, res, str, concat,
 } = require('@adobe/fastly-native-promises').loghelpers;
@@ -29,20 +30,15 @@ class FastlyGateway {
   }
 
   ready() {
-    return !!this._cfg.service && !!this._cfg.auth && !!this._cfg.checkpath;
+    return !!this._cfg.service && !!this._cfg.auth;
   }
 
-  /**
-   * A weaker version of `ready` that works without a check path
-   * and checks whether links can be updated.
-   * @returns boolean true if links can be updated
-   */
-  updateable() {
-    return !!this._cfg.service && !!this._cfg.auth;
+  canDeploy() {
+    return this.ready() && this._deployers.length > 0;
   }
 
   async updateLinks(links, version) {
-    this.log.info(`Updating links on the Gateway for version ${version}`);
+    this.log.info(`--: updating links on the Gateway for version ${version}...`);
     const fakeDeployer = new BaseDeployer({
       links, version, log: this.log,
     });
@@ -58,6 +54,7 @@ class FastlyGateway {
 
     await this._fastly.bulkUpdateDictItems(undefined, 'aliases', ...versionstrings);
     this._fastly.discard();
+    this.log.info(chalk`{green ok:} updated links on the Gateway for version ${version}.`);
   }
 
   init() {
@@ -75,6 +72,25 @@ class FastlyGateway {
     return this.cfg.log;
   }
 
+  async updatePackage() {
+    this.log.info('--: updating app (package) parameters on Fastly gateway ...');
+
+    const packageparams = Object
+      .entries(this.cfg.packageParams)
+      .map(([key, value]) => ({
+        item_key: `${this.cfg.packageName}.${key}`,
+        item_value: value,
+        op: 'update',
+      }));
+
+    if (packageparams.length !== 0) {
+      await this._fastly.bulkUpdateDictItems(undefined, 'packageparams', ...packageparams);
+    }
+    await this._fastly.updateDictItem(undefined, 'tokens', this.cfg.packageToken, `${Math.floor(Date.now() / 1000) + (365 * 24 * 3600)}`);
+    this._fastly.discard();
+    this.log.info(chalk`{green ok:} updating app (package) parameters on Fastly gateway.`);
+  }
+
   selectBackendVCL() {
     // declare a local variable for each backend
     const init = this._deployers.map((deployer) => `declare local var.${deployer.name.toLowerCase()} INTEGER;`);
@@ -109,6 +125,28 @@ class FastlyGateway {
     return [...init, ...set, ...increment].join('\n') + [backendvcl, ...middle, fallback].join(' else ');
   }
 
+  /**
+   * Generates a VCL snippet (for each package deployed) that lists all package parameter
+   * names and looks up their values from the secret edge dictionary.
+   * @returns {string} VCL snippet to look up package parameters from edge dict
+   */
+  listPackageParamsVCL() {
+    const pre = `
+    if (obj.status == 600 && req.url.path ~ "^/${this.cfg.packageName}/") {
+      set obj.status = 200;
+      set obj.response = "OK";
+      set obj.http.content-type = "application/json";
+      synthetic "{" + `;
+    const post = `+ "}";
+    return(deliver);
+}`;
+    const middle = Object
+      .keys(this.cfg.packageParams)
+      .map((paramname, index) => `"%22${paramname}%22:%22" json.escape(table.lookup(packageparams, "${this.cfg.packageName}.${paramname}")) "%22${(index + 1) < Object.keys(this.cfg.packageParams).length ? ',' : ''}"`).join(' + ');
+
+    return pre + middle + post;
+  }
+
   setURLVCL() {
     const pre = `
 declare local var.package STRING;
@@ -150,7 +188,7 @@ if (req.url ~ "^/([^/]+)/([^/@_]+)([@_]([^/@_?]+)+)?(.*$)") {
 
   async enableLogging(version) {
     if (this._cfg.coralogixToken) {
-      this.log.info('Set up Gateway logging to Coralogix');
+      this.log.info(chalk`--: Set up Gateway logging to {yellow Coralogix}`);
       await this._fastly.writeHttps(version, 'helix-coralogix', {
         name: 'helix-coralogix',
         format: toString({
@@ -263,165 +301,206 @@ if (req.url ~ "^/([^/]+)/([^/@_]+)([@_]([^/@_?]+)+)?(.*$)") {
   }
 
   async deploy() {
-    this.log.info('Set up Fastly Gateway');
-
-    await this._fastly.transact(async (newversion) => {
-      await this.enableLogging(newversion);
-
-      this.log.info('create condition');
-      await this._fastly.writeCondition(newversion, 'false', {
-        name: 'false',
-        statement: 'false',
-        type: 'request',
-      });
-
-      await this._fastly.writeDictionary(newversion, 'priorities', {
-        name: 'priorities',
-        write_only: 'false',
-      });
-
-      await this._fastly.writeDictionary(newversion, 'aliases', {
-        name: 'aliases',
-        write_only: 'false',
-      });
-
-      if (this._cfg.checkinterval > 0) {
-      // set up health checks
+    this.log.info(chalk`--: Set up {yellow Fastly} Gateway`);
+    try {
+      await this._fastly.transact(async (newversion) => {
+        await this.enableLogging(newversion);
+
+        this.log.info('--: create condition');
+        await this._fastly.writeCondition(newversion, 'false', {
+          name: 'false',
+          statement: 'false',
+          type: 'request',
+        });
+
+        this.log.info('--: create dictionaries');
+        await this._fastly.writeDictionary(newversion, 'priorities', {
+          name: 'priorities',
+          write_only: 'false',
+        });
+
+        await this._fastly.writeDictionary(newversion, 'aliases', {
+          name: 'aliases',
+          write_only: 'false',
+        });
+
+        await this._fastly.writeDictionary(newversion, 'tokens', {
+          name: 'tokens',
+          write_only: 'false',
+        });
+
+        await this._fastly.writeDictionary(newversion, 'packageparams', {
+          name: 'packageparams',
+          write_only: 'true',
+        });
+
+        if (this._cfg.checkinterval > 0 && this._cfg.checkpath) {
+          this.log.info('--: setup health-check');
+          // set up health checks
+          await Promise.all(this._deployers
+            .map((deployer) => ({
+              check_interval: this._cfg.checkinterval,
+              expected_response: 200,
+              host: deployer.host,
+              http_version: '1.1',
+              method: 'GET',
+              initial: 1,
+              name: `${deployer.name}Check`,
+              path: `${deployer.basePath}${this._cfg.checkpath}`,
+              threshold: 2,
+              timeout: 5000,
+              window: 3,
+            }))
+            .map((healthcheck) => this._fastly
+              .writeHealthcheck(newversion, healthcheck.name, healthcheck)));
+        }
+
+        // set up backends
         await Promise.all(this._deployers
           .map((deployer) => ({
-            check_interval: this._cfg.checkinterval,
-            expected_response: 200,
-            host: deployer.host,
-            http_version: '1.1',
-            method: 'GET',
-            initial: 1,
-            name: `${deployer.name}Check`,
-            path: deployer.basePath + this._cfg.checkpath,
-            threshold: 2,
-            timeout: 5000,
-            window: 3,
+            hostname: deployer.host,
+            ssl_cert_hostname: deployer.host,
+            ssl_sni_hostname: deployer.host,
+            address: deployer.host,
+            override_host: deployer.host,
+            name: deployer.name,
+            error_threshold: 0,
+            first_byte_timeout: 60000,
+            weight: 100,
+            connect_timeout: 5000,
+            port: 443,
+            between_bytes_timeout: 10000,
+            shield: '', // 'bwi-va-us',
+            max_conn: 200,
+            use_ssl: true,
+            request_condition: 'false',
           }))
-          .map((healthcheck) => this._fastly
-            .writeHealthcheck(newversion, healthcheck.name, healthcheck)));
-      }
-
-      // set up backends
-      await Promise.all(this._deployers
-        .map((deployer) => ({
-          hostname: deployer.host,
-          ssl_cert_hostname: deployer.host,
-          ssl_sni_hostname: deployer.host,
-          address: deployer.host,
-          override_host: deployer.host,
-          name: deployer.name,
-          error_threshold: 0,
-          first_byte_timeout: 60000,
-          weight: 100,
-          connect_timeout: 5000,
-          port: 443,
-          between_bytes_timeout: 10000,
-          shield: '', // 'bwi-va-us',
-          max_conn: 200,
-          use_ssl: true,
-          request_condition: 'false',
-        }))
-        .map((backend) => {
-          const retval = backend;
-          if (this._cfg.checkinterval > 0) {
-            retval.healthcheck = `${backend.name}Check`;
-          }
-          return retval;
-        })
-        .map(async (backend) => {
-          try {
-            return await this._fastly.createBackend(newversion, backend);
-          } catch (e) {
-            return this._fastly.updateBackend(newversion, backend.name, backend);
-          }
-        }));
-
-      await this._fastly.writeSnippet(newversion, 'backend', {
-        name: 'backend',
-        priority: 10,
-        dynamic: 0,
-        type: 'recv',
-        content: this.selectBackendVCL(),
-      });
-
-      await this._fastly.writeSnippet(newversion, 'missurl', {
-        name: 'missurl',
-        priority: 10,
-        dynamic: 0,
-        type: 'miss',
-        content: this.setURLVCL(),
-      });
-
-      await this._fastly.writeSnippet(newversion, 'passurl', {
-        name: 'passurl',
-        priority: 10,
-        dynamic: 0,
-        type: 'pass',
-        content: this.setURLVCL(),
-      });
-
-      await this._fastly.writeSnippet(newversion, 'logurl', {
-        name: 'logurl',
-        priority: 10,
-        dynamic: 0,
-        type: 'fetch',
-        content: `set beresp.http.X-Backend-URL = bereq.url;
-set beresp.http.X-Backend-Name = req.backend;
-set beresp.http.X-Backend-Health = req.http.X-Backend-Health;
-set beresp.cacheable = false;`,
-      });
-
-      await this._fastly.writeSnippet(newversion, 'stashsurrogates', {
-        name: 'stashsurrogates',
-        priority: 10,
-        dynamic: 0,
-        type: 'fetch',
-        content: `
-set beresp.http.X-Surrogate-Key = beresp.http.Surrogate-Key;
-set beresp.http.X-Surrogate-Control = beresp.http.Surrogate-Control;`,
-      });
-
-      let restartcontent = `
-# restart the request in case of flakiness
-if (req.restarts < 2 && (resp.status == 503 || resp.status == 504) && (req.request == "GET" || req.request == "HEAD" || req.request == "PUT" || req.request == "DELETE")) {
-  restart;
-}
-set resp.http.x-gateway-restarts = req.restarts;
-unset resp.http.Fastly-Restarts;`;
-
-      if (this._deployers.find((deployer) => deployer.name === 'Google')) {
-        restartcontent += `
-# If Google can't find a function, it sends a redirect to the login page instead
-# of a 404. This fixes it.
-if (resp.status == 302 && req.backend == F_Google && resp.http.Location ~ "^https://accounts.google.com/ServiceLogin") {
-  set resp.status = 404;
-}
-`;
-      }
-      await this._fastly.writeSnippet(newversion, 'restart', {
-        name: 'restart',
-        priority: 10,
-        dynamic: 0,
-        type: 'deliver',
-        content: restartcontent,
-      });
-
-      await this._fastly.writeSnippet(newversion, 'restoresurrogates', {
-        name: 'restoresurrogates',
-        priority: 10,
-        dynamic: 0,
-        type: 'deliver',
-        content: `
-set resp.http.Surrogate-Key = resp.http.X-Surrogate-Key;
-set resp.http.Surrogate-Control = resp.http.X-Surrogate-Control;`,
-      });
-    }, true);
-
-    this._fastly.discard();
+          .map((backend) => {
+            const retval = backend;
+            if (this._cfg.checkinterval > 0 && this._cfg.checkpath) {
+              retval.healthcheck = `${backend.name}Check`;
+            }
+            return retval;
+          })
+          .map(async (backend) => {
+            this.log.info(`--: create backend ${backend.name} -> ${backend.hostname}`);
+            try {
+              return await this._fastly.createBackend(newversion, backend);
+            } catch (e) {
+              return this._fastly.updateBackend(newversion, backend.name, backend);
+            }
+          }));
+
+        this.log.info('--: write VLC snippets');
+        await this._fastly.writeSnippet(newversion, 'packageparams.auth', {
+          name: 'packageparams.auth',
+          priority: 9,
+          dynamic: 0,
+          type: 'recv',
+          content: `
+  if (req.http.Authorization) {
+    if(time.is_after(std.time(table.lookup(tokens, regsub(req.http.Authorization, "^Bearer ", ""), "expired"), std.integer2time(0)), time.start)) {
+      error 600 "Get Package Params";
+    }
+  }`,
+        });
+
+        await this._fastly.writeSnippet(newversion, `${this.cfg.packageName}.params`, {
+          name: `${this.cfg.packageName}.params`,
+          priority: 10,
+          dynamic: 0,
+          type: 'error',
+          content: this.listPackageParamsVCL(),
+        });
+
+        await this._fastly.writeSnippet(newversion, 'backend', {
+          name: 'backend',
+          priority: 10,
+          dynamic: 0,
+          type: 'recv',
+          content: this.selectBackendVCL(),
+        });
+
+        await this._fastly.writeSnippet(newversion, 'missurl', {
+          name: 'missurl',
+          priority: 10,
+          dynamic: 0,
+          type: 'miss',
+          content: this.setURLVCL(),
+        });
+
+        await this._fastly.writeSnippet(newversion, 'passurl', {
+          name: 'passurl',
+          priority: 10,
+          dynamic: 0,
+          type: 'pass',
+          content: this.setURLVCL(),
+        });
+
+        await this._fastly.writeSnippet(newversion, 'logurl', {
+          name: 'logurl',
+          priority: 10,
+          dynamic: 0,
+          type: 'fetch',
+          content: `set beresp.http.X-Backend-URL = bereq.url;
+  set beresp.http.X-Backend-Name = req.backend;
+  set beresp.http.X-Backend-Health = req.http.X-Backend-Health;
+  set beresp.cacheable = false;`,
+        });
+
+        await this._fastly.writeSnippet(newversion, 'stashsurrogates', {
+          name: 'stashsurrogates',
+          priority: 10,
+          dynamic: 0,
+          type: 'fetch',
+          content: `
+  set beresp.http.X-Surrogate-Key = beresp.http.Surrogate-Key;
+  set beresp.http.X-Surrogate-Control = beresp.http.Surrogate-Control;`,
+        });
+
+        let restartcontent = `
+  # restart the request in case of flakiness
+  if (req.restarts < 2 && (resp.status == 503 || resp.status == 504) && (req.request == "GET" || req.request == "HEAD" || req.request == "PUT" || req.request == "DELETE")) {
+    restart;
+  }
+  set resp.http.x-gateway-restarts = req.restarts;
+  unset resp.http.Fastly-Restarts;`;
+
+        if (this._deployers.find((deployer) => deployer.name === 'Google')) {
+          restartcontent += `
+  # If Google can't find a function, it sends a redirect to the login page instead
+  # of a 404. This fixes it.
+  if (resp.status == 302 && req.backend == F_Google && resp.http.Location ~ "^https://accounts.google.com/ServiceLogin") {
+    set resp.status = 404;
+  }
+  `;
+        }
+        await this._fastly.writeSnippet(newversion, 'restart', {
+          name: 'restart',
+          priority: 10,
+          dynamic: 0,
+          type: 'deliver',
+          content: restartcontent,
+        });
+
+        await this._fastly.writeSnippet(newversion, 'restoresurrogates', {
+          name: 'restoresurrogates',
+          priority: 10,
+          dynamic: 0,
+          type: 'deliver',
+          content: `
+  set resp.http.Surrogate-Key = resp.http.X-Surrogate-Key;
+  set resp.http.Surrogate-Control = resp.http.X-Surrogate-Control;`,
+        });
+      }, true);
+
+      this.log.info(chalk`{green ok}: Set up {yellow Fastly} Gateway done.`);
+    } catch (e) {
+      this.log.error(chalk`{red error}: failed to setup gateway: ${e.message}`);
+      throw e;
+    } finally {
+      this._fastly.discard();
+    }
   }
 }
 

package/src/template/aws-esm-adapter.js

@@ -0,0 +1,20 @@
+/*
+ * Copyright 2021 Adobe. All rights reserved.
+ * This file is licensed to you under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License. You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under
+ * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
+ * OF ANY KIND, either express or implied. See the License for the specific language
+ * governing permissions and limitations under the License.
+ */
+
+'use strict';
+
+const index = import('../index.js');
+
+exports.handler = async (...args) => {
+  const { default: { lambda } } = await index;
+  return lambda(...args);
+};

package/src/template/cloudflare-adapter.js

@@ -0,0 +1,62 @@
+/*
+ * Copyright 2021 Adobe. All rights reserved.
+ * This file is licensed to you under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License. You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under
+ * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
+ * OF ANY KIND, either express or implied. See the License for the specific language
+ * governing permissions and limitations under the License.
+ */
+/* eslint-env serviceworker */
+
+async function handler(event) {
+  // console.log(event);
+  const { request } = event;
+  // eslint-disable-next-line import/no-unresolved,global-require
+  const { main } = require('./main.js');
+  const context = {
+    resolver: null,
+    pathInfo: {
+      suffix: request.url.replace(/\?.*/, ''),
+    },
+    runtime: {
+      name: 'cloudflare-workers',
+      region: request.cf.colo,
+    },
+    func: {
+      name: null,
+      package: null,
+      version: null,
+      fqn: null,
+      app: null,
+    },
+    invocation: {
+      id: null,
+      deadline: null,
+      transactionId: null,
+      requestId: null,
+    },
+    env: new Proxy(globalThis, {
+      get: (target, prop) => target[prop] || target.PACKAGE.get(prop),
+    }),
+    storage: null,
+  };
+  const response = await main(request, context);
+  return response;
+}
+
+function cloudflare() {
+  console.log('checking for cloudflare environment');
+  try {
+    if (caches && caches.default) {
+      return handler;
+    }
+  } catch {
+    return false;
+  }
+  return false;
+}
+
+module.exports = cloudflare;