@adobe/helix-deploy 6.2.28 → 6.2.29
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +7 -0
- package/package.json +1 -1
- package/src/deploy/AWSConfig.js +14 -2
- package/src/deploy/AWSDeployer.js +40 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,10 @@
|
|
|
1
|
+
## [6.2.29](https://github.com/adobe/helix-deploy/compare/v6.2.28...v6.2.29) (2022-04-27)
|
|
2
|
+
|
|
3
|
+
|
|
4
|
+
### Bug Fixes
|
|
5
|
+
|
|
6
|
+
* add tags to newly created polyfunc bucket ([#405](https://github.com/adobe/helix-deploy/issues/405)) ([db4286e](https://github.com/adobe/helix-deploy/commit/db4286ea579d91ee2ad8963b87f7fa6562f8947c))
|
|
7
|
+
|
|
1
8
|
## [6.2.28](https://github.com/adobe/helix-deploy/compare/v6.2.27...v6.2.28) (2022-04-25)
|
|
2
9
|
|
|
3
10
|
|
package/package.json
CHANGED
package/src/deploy/AWSConfig.js
CHANGED
|
@@ -27,6 +27,7 @@ export default class AWSConfig {
|
|
|
27
27
|
createAuthorizer: '',
|
|
28
28
|
attachAuthorizer: '',
|
|
29
29
|
identitySources: ['$request.header.Authorization'],
|
|
30
|
+
deployTemplate: 'helix-deploy-template',
|
|
30
31
|
});
|
|
31
32
|
}
|
|
32
33
|
|
|
@@ -42,7 +43,8 @@ export default class AWSConfig {
|
|
|
42
43
|
.withAWSCleanUpBuckets(argv.awsCleanupBuckets)
|
|
43
44
|
.withAWSCleanUpIntegrations(argv.awsCleanupIntegrations)
|
|
44
45
|
.withAWSCreateRoutes(argv.awsCreateRoutes)
|
|
45
|
-
.withAWSParamsManager(argv.awsParameterManager)
|
|
46
|
+
.withAWSParamsManager(argv.awsParameterManager)
|
|
47
|
+
.withAWSDeployTemplate(argv.awsDeployTemplate);
|
|
46
48
|
}
|
|
47
49
|
|
|
48
50
|
withAWSRegion(value) {
|
|
@@ -100,11 +102,16 @@ export default class AWSConfig {
|
|
|
100
102
|
return this;
|
|
101
103
|
}
|
|
102
104
|
|
|
105
|
+
withAWSDeployTemplate(value) {
|
|
106
|
+
this.deployTemplate = value;
|
|
107
|
+
return this;
|
|
108
|
+
}
|
|
109
|
+
|
|
103
110
|
static yarg(yargs) {
|
|
104
111
|
return yargs
|
|
105
112
|
.group(['aws-region', 'aws-api', 'aws-role', 'aws-cleanup-buckets', 'aws-cleanup-integrations',
|
|
106
113
|
'aws-create-routes', 'aws-create-authorizer', 'aws-attach-authorizer', 'aws-lambda-format',
|
|
107
|
-
'aws-parameter-manager'], 'AWS Deployment Options')
|
|
114
|
+
'aws-parameter-manager', 'aws-deploy-template'], 'AWS Deployment Options')
|
|
108
115
|
.option('aws-region', {
|
|
109
116
|
description: 'the AWS region to deploy lambda functions to',
|
|
110
117
|
type: 'string',
|
|
@@ -162,6 +169,11 @@ export default class AWSConfig {
|
|
|
162
169
|
description: 'Cleans up unused integrations',
|
|
163
170
|
type: 'boolean',
|
|
164
171
|
default: false,
|
|
172
|
+
})
|
|
173
|
+
.option('aws-deploy-template', {
|
|
174
|
+
description: 'Name of the deploy S3 bucket template to use',
|
|
175
|
+
type: 'string',
|
|
176
|
+
default: 'helix-deploy-template',
|
|
165
177
|
});
|
|
166
178
|
}
|
|
167
179
|
}
|
|
@@ -13,8 +13,9 @@
|
|
|
13
13
|
import chalk from 'chalk-template';
|
|
14
14
|
import {
|
|
15
15
|
CreateBucketCommand, DeleteBucketCommand, DeleteObjectCommand, DeleteObjectsCommand,
|
|
16
|
-
ListBucketsCommand,
|
|
16
|
+
GetBucketTaggingCommand, ListBucketsCommand,
|
|
17
17
|
ListObjectsV2Command, PutObjectCommand,
|
|
18
|
+
PutPublicAccessBlockCommand, PutBucketTaggingCommand,
|
|
18
19
|
S3Client,
|
|
19
20
|
} from '@aws-sdk/client-s3';
|
|
20
21
|
|
|
@@ -151,6 +152,44 @@ export default class AWSDeployer extends BaseDeployer {
|
|
|
151
152
|
Bucket: this._bucket,
|
|
152
153
|
}));
|
|
153
154
|
this.log.info(chalk`{green ok:} bucket ${data.Location} created`);
|
|
155
|
+
|
|
156
|
+
const { deployTemplate } = this._cfg;
|
|
157
|
+
if (!deployTemplate) {
|
|
158
|
+
return;
|
|
159
|
+
}
|
|
160
|
+
|
|
161
|
+
let tags;
|
|
162
|
+
try {
|
|
163
|
+
// Obtain tags from template bucket
|
|
164
|
+
const result = await this._s3.send(new GetBucketTaggingCommand({
|
|
165
|
+
Bucket: deployTemplate,
|
|
166
|
+
}));
|
|
167
|
+
tags = result.TagSet;
|
|
168
|
+
} catch (e) {
|
|
169
|
+
this.log.warn(`Unable to obtain default tags from template bucket: ${this.bucket}`, e);
|
|
170
|
+
return;
|
|
171
|
+
}
|
|
172
|
+
|
|
173
|
+
// Block public access
|
|
174
|
+
await this._s3.send(new PutPublicAccessBlockCommand({
|
|
175
|
+
Bucket: this._bucket,
|
|
176
|
+
PublicAccessBlockConfiguration: {
|
|
177
|
+
BlockPublicAcls: true,
|
|
178
|
+
IgnorePublicAcls: true,
|
|
179
|
+
BlockPublicPolicy: true,
|
|
180
|
+
RestrictPublicBuckets: true,
|
|
181
|
+
},
|
|
182
|
+
}));
|
|
183
|
+
this.log.info(chalk`{green ok:} bucket ${data.Location} hidden from public`);
|
|
184
|
+
|
|
185
|
+
// Put required tags
|
|
186
|
+
await this._s3.send(new PutBucketTaggingCommand({
|
|
187
|
+
Bucket: this._bucket,
|
|
188
|
+
Tagging: {
|
|
189
|
+
TagSet: tags,
|
|
190
|
+
},
|
|
191
|
+
}));
|
|
192
|
+
this.log.info(chalk`{green ok:} added tags to bucket ${data.Location}`);
|
|
154
193
|
}
|
|
155
194
|
|
|
156
195
|
async uploadZIP() {
|