@adobe/helix-deploy 6.2.24 → 6.2.25

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/CHANGELOG.md +7 -0
  2. package/package.json +1 -1
  3. package/src/deploy/AWSDeployer.js +76 -51
package/CHANGELOG.md CHANGED
@@ -1,3 +1,10 @@
1
+ ## [6.2.25](https://github.com/adobe/helix-deploy/compare/v6.2.24...v6.2.25) (2022-04-22)
2
+
3
+
4
+ ### Bug Fixes
5
+
6
+ * **aws:** link integration to v alias of function ([#401](https://github.com/adobe/helix-deploy/issues/401)) ([1a46a0e](https://github.com/adobe/helix-deploy/commit/1a46a0e3543d460c5fc3378b8bcf2e3ff837c5d4))
7
+
1
8
  ## [6.2.24](https://github.com/adobe/helix-deploy/compare/v6.2.23...v6.2.24) (2022-04-19)
2
9
 
3
10
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@adobe/helix-deploy",
3
- "version": "6.2.24",
3
+ "version": "6.2.25",
4
4
  "description": "Library and Commandline Tools to build and deploy OpenWhisk Actions",
5
5
  "license": "Apache-2.0",
6
6
  "homepage": "https://github.com/adobe/helix-deploy#readme",
package/src/deploy/AWSDeployer.js CHANGED
@@ -228,7 +228,8 @@ export default class AWSDeployer extends BaseDeployer {
228
228
  if (e.name === 'ResourceNotFoundException') {
229
229
  this.log.info(chalk`{green ok}: does not exist yet.`);
230
230
  this.log.info(chalk`--: creating new Lambda function {yellow ${functionName}}`);
231
- await this._lambda.send(new CreateFunctionCommand(functionConfig));
231
+ const res = await this._lambda.send(new CreateFunctionCommand(functionConfig));
232
+ baseARN = res.FunctionArn;
232
233
  } else {
233
234
  this.log.error(chalk`Unable to verify existence of Lambda function {yellow ${functionName}}`);
234
235
  throw e;
@@ -627,21 +628,23 @@ export default class AWSDeployer extends BaseDeployer {
627
628
  Name: name,
628
629
  }));
629
630
  this.log.info(chalk`--: updating alias {blue ${name}}...`);
630
- await this._lambda.send(new UpdateAliasCommand({
631
+ const res = await this._lambda.send(new UpdateAliasCommand({
631
632
  FunctionName: functionName,
632
633
  Name: name,
633
634
  FunctionVersion: functionVersion,
634
635
  }));
635
636
  this.log.info(chalk`{green ok:} updated alias {blue ${name}} to version {yellow ${functionVersion}}.`);
637
+ return res.AliasArn;
636
638
  } catch (e) {
637
639
  if (e.name === 'ResourceNotFoundException') {
638
640
  this.log.info(chalk`--: creating alias {blue ${name}}...`);
639
- await this._lambda.send(new CreateAliasCommand({
641
+ const res = await this._lambda.send(new CreateAliasCommand({
640
642
  FunctionName: functionName,
641
643
  Name: name,
642
644
  FunctionVersion: functionVersion,
643
645
  }));
644
646
  this.log.info(chalk`{green ok:} created alias {blue ${name}} for version {yellow ${functionVersion}}.`);
647
+ return res.AliasArn;
645
648
  } else {
646
649
  this.log.error(`Unable to verify existence of Lambda alias ${name}`);
647
650
  throw e;
@@ -654,9 +657,7 @@ export default class AWSDeployer extends BaseDeployer {
654
657
  const { ApiId } = await this.initApiId();
655
658
  const functionVersion = cfg.version.replace(/\./g, '_');
656
659
 
657
- // get function alias
658
660
  let res;
659
- let aliasArn;
660
661
  let incrementalVersion;
661
662
  try {
662
663
  this.log.info(chalk`--: fetching alias ...`);
@@ -664,71 +665,95 @@ export default class AWSDeployer extends BaseDeployer {
664
665
  FunctionName: functionName,
665
666
  Name: functionVersion,
666
667
  }));
667
- aliasArn = res.AliasArn;
668
668
  incrementalVersion = res.FunctionVersion;
669
- this.log.info(chalk`{green ok}: ${aliasArn}`);
669
+ this.log.info(chalk`{green ok}: ${functionName}@${functionVersion} => ${incrementalVersion}`);
670
670
  } catch (e) {
671
671
  this.log.error(chalk`{red error}: Unable to create link to function ${functionName}`);
672
672
  throw e;
673
673
  }
674
674
 
675
- // find integration
676
- let integration = await this.findIntegration(ApiId, aliasArn);
677
- let cleanup = false;
678
- if (integration) {
679
- this.log.info(`--: using existing integration "${integration.IntegrationId}" for "${aliasArn}"`);
680
- } else {
681
- integration = await this._api.send(new CreateIntegrationCommand({
682
- ApiId,
683
- IntegrationMethod: 'POST',
684
- IntegrationType: 'AWS_PROXY',
685
- IntegrationUri: aliasArn,
686
- PayloadFormatVersion: '2.0',
687
- TimeoutInMillis: Math.min(cfg.timeout, 30000),
688
- }));
689
- this.log.info(chalk`{green ok:} created new integration "${integration.IntegrationId}" for "${aliasArn}"`);
690
- cleanup = true;
691
- }
692
- const { IntegrationId } = integration;
693
-
694
675
  // get all the routes
695
676
  this.log.info(chalk`--: fetching routes ...`);
696
677
  const routes = await this.fetchRoutes(ApiId);
697
- const routeParams = {
698
- ApiId,
699
- Target: `integrations/${IntegrationId}`,
700
- AuthorizerId: undefined,
701
- AuthorizationType: 'NONE',
702
- };
703
- if (this._cfg.attachAuthorizer) {
704
- this.log.info(chalk`--: fetching authorizers...`);
705
- const authorizers = await this.fetchAuthorizers(ApiId);
706
- const authorizer = authorizers.find((info) => info.Name === this._cfg.attachAuthorizer);
707
- if (!authorizer) {
708
- throw Error(`Specified authorizer ${this._cfg.attachAuthorizer} does not exist in api ${ApiId}.`);
709
- }
710
- routeParams.AuthorizerId = authorizer.AuthorizerId;
711
- routeParams.AuthorizationType = 'CUSTOM';
712
- this.log.info(chalk`{green ok:} configuring routes with authorizer {blue ${this._cfg.attachAuthorizer}} {yellow ${authorizer.AuthorizerId}}`);
713
- }
714
678
 
715
679
  // create routes for each symlink
716
680
  const sfx = this.getLinkVersions();
717
681
 
718
682
  for (const suffix of sfx) {
719
- // check if route already exists
683
+ // create or update alias
684
+ const aliasArn = await this.createOrUpdateAlias(suffix.replace('.', '_'), functionName, incrementalVersion);
685
+
686
+ // find or create integration
687
+ let integration = await this.findIntegration(ApiId, aliasArn);
688
+ if (integration) {
689
+ this.log.info(`--: using existing integration "${integration.IntegrationId}" for "${aliasArn}"`);
690
+ } else {
691
+ integration = await this._api.send(new CreateIntegrationCommand({
692
+ ApiId,
693
+ IntegrationMethod: 'POST',
694
+ IntegrationType: 'AWS_PROXY',
695
+ IntegrationUri: aliasArn,
696
+ PayloadFormatVersion: '2.0',
697
+ TimeoutInMillis: Math.min(cfg.timeout, 30000),
698
+ }));
699
+ this.log.info(chalk`{green ok:} created new integration "${integration.IntegrationId}" for "${aliasArn}"`);
700
+ }
701
+ const { IntegrationId } = integration;
702
+
703
+ const routeParams = {
704
+ ApiId,
705
+ Target: `integrations/${IntegrationId}`,
706
+ AuthorizerId: undefined,
707
+ AuthorizationType: 'NONE',
708
+ };
709
+ if (this._cfg.attachAuthorizer) {
710
+ this.log.info(chalk`--: fetching authorizers...`);
711
+ const authorizers = await this.fetchAuthorizers(ApiId);
712
+ const authorizer = authorizers.find((info) => info.Name === this._cfg.attachAuthorizer);
713
+ if (!authorizer) {
714
+ throw Error(`Specified authorizer ${this._cfg.attachAuthorizer} does not exist in api ${ApiId}.`);
715
+ }
716
+ routeParams.AuthorizerId = authorizer.AuthorizerId;
717
+ routeParams.AuthorizationType = 'CUSTOM';
718
+ this.log.info(chalk`{green ok:} configuring routes with authorizer {blue ${this._cfg.attachAuthorizer}} {yellow ${authorizer.AuthorizerId}}`);
719
+ }
720
+
721
+ // create or update routes
720
722
  await this.createOrUpdateRoute(routes, routeParams, `ANY /${cfg.packageName}/${cfg.baseName}/${suffix}`);
721
723
  await this.createOrUpdateRoute(routes, routeParams, `ANY /${cfg.packageName}/${cfg.baseName}/${suffix}/{path+}`);
722
724
 
723
- // create or update alias
724
- await this.createOrUpdateAlias(suffix.replace('.', '_'), functionName, incrementalVersion);
725
- }
725
+ await this.updateAuthorizers(ApiId, functionName, aliasArn);
726
726
 
727
- if (cleanup) {
728
- await this.cleanUpIntegrations(functionName);
727
+ // add permissions to invoke function (with and without path)
728
+ let sourceArn = `arn:aws:execute-api:${this._cfg.region}:${this._accountId}:${ApiId}/*/*/${cfg.packageName}/${cfg.baseName}/${suffix}`;
729
+ try {
730
+ // eslint-disable-next-line no-await-in-loop
731
+ await this._lambda.send(new AddPermissionCommand({
732
+ FunctionName: aliasArn,
733
+ Action: 'lambda:InvokeFunction',
734
+ SourceArn: sourceArn,
735
+ Principal: 'apigateway.amazonaws.com',
736
+ StatementId: crypto.createHash('md5').update(aliasArn + sourceArn).digest('hex'),
737
+ }));
738
+ this.log.info(chalk`{green ok:} added invoke permissions for ${sourceArn}`);
739
+ } catch (e) {
740
+ // ignore, most likely the permission already exists
741
+ }
742
+ sourceArn = `arn:aws:execute-api:${this._cfg.region}:${this._accountId}:${ApiId}/*/*/${cfg.packageName}/${cfg.baseName}/${suffix}/{path+}`;
743
+ try {
744
+ // eslint-disable-next-line no-await-in-loop
745
+ await this._lambda.send(new AddPermissionCommand({
746
+ FunctionName: aliasArn,
747
+ Action: 'lambda:InvokeFunction',
748
+ SourceArn: sourceArn,
749
+ Principal: 'apigateway.amazonaws.com',
750
+ StatementId: crypto.createHash('md5').update(aliasArn + sourceArn).digest('hex'),
751
+ }));
752
+ this.log.info(chalk`{green ok:} added invoke permissions for ${sourceArn}`);
753
+ } catch (e) {
754
+ // ignore, most likely the permission already exists
755
+ }
729
756
  }
730
-
731
- await this.updateAuthorizers(ApiId, functionName, aliasArn);
732
757
  }
733
758
 
734
759
  async updateAuthorizers(ApiId, functionName, aliasArn) {