@adobe/helix-deploy 9.3.21 → 9.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +7 -0
- package/README.md +4 -0
- package/package.json +1 -1
- package/src/deploy/AWSConfig.js +49 -2
- package/src/deploy/AWSDeployer.js +26 -0
package/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,10 @@
|
|
|
1
|
+
# [9.4.0](https://github.com/adobe/helix-deploy/compare/v9.3.21...v9.4.0) (2023-12-07)
|
|
2
|
+
|
|
3
|
+
|
|
4
|
+
### Features
|
|
5
|
+
|
|
6
|
+
* **aws:** add layer, log format, tracing mode and extra permission AWS options ([141a995](https://github.com/adobe/helix-deploy/commit/141a995a0fa8834dd4e4df0281f1a1276961c3ef))
|
|
7
|
+
|
|
1
8
|
## [9.3.21](https://github.com/adobe/helix-deploy/compare/v9.3.20...v9.3.21) (2023-12-02)
|
|
2
9
|
|
|
3
10
|
|
package/README.md
CHANGED
|
@@ -130,6 +130,10 @@ AWS Deployment Options
|
|
|
130
130
|
--aws-update-secrets Uploads the function specific secrets with the params. defaults to /helix-deploy/{pkg}/{name} [string]
|
|
131
131
|
--aws-deploy-bucket Name of the deploy S3 bucket to use (default is helix-deploy-bucket-{accountId}) [string] [default: ""]
|
|
132
132
|
--aws-identity-source Identity source to used when creating the authorizer [array] [default: ["$request.header.Authorization"]]
|
|
133
|
+
--aws-log-format The lambda log format. Can be either "JSON" or "Text". [string]
|
|
134
|
+
--aws-layers List of layers ARNs to attach to the lambda function. [array]
|
|
135
|
+
--aws-tracing-mode The lambda tracing mode. Can be either "Active" or "PassThrough". [string]
|
|
136
|
+
--aws-extra-permissions A list fo additional invoke permissions to add to the lambda function in the form <SourceARN>@<Principal>. [array]
|
|
133
137
|
|
|
134
138
|
Google Deployment Options
|
|
135
139
|
--google-project-id the Google Cloud project to deploy to. Optional when the key file is a JSON file [string] [default: ""]
|
package/package.json
CHANGED
package/src/deploy/AWSConfig.js
CHANGED
|
@@ -29,6 +29,10 @@ export default class AWSConfig {
|
|
|
29
29
|
identitySources: ['$request.header.Authorization'],
|
|
30
30
|
deployBucket: '',
|
|
31
31
|
updateSecrets: undefined,
|
|
32
|
+
logFormat: undefined,
|
|
33
|
+
layers: undefined,
|
|
34
|
+
tracingMode: undefined,
|
|
35
|
+
extraPermissions: undefined,
|
|
32
36
|
});
|
|
33
37
|
}
|
|
34
38
|
|
|
@@ -46,7 +50,11 @@ export default class AWSConfig {
|
|
|
46
50
|
.withAWSCreateRoutes(argv.awsCreateRoutes)
|
|
47
51
|
.withAWSParamsManager(argv.awsParameterManager)
|
|
48
52
|
.withAWSDeployBucket(argv.awsDeployBucket)
|
|
49
|
-
.withAWSUpdateSecrets(argv.awsUpdateSecrets)
|
|
53
|
+
.withAWSUpdateSecrets(argv.awsUpdateSecrets)
|
|
54
|
+
.withAWSLogFormat(argv.awsLogFormat)
|
|
55
|
+
.withAWSLayers(argv.awsLayers)
|
|
56
|
+
.withAWSTracingMode(argv.awsTracingMode)
|
|
57
|
+
.withAWSExtraPermissions(argv.awsExtraPermissions);
|
|
50
58
|
}
|
|
51
59
|
|
|
52
60
|
withAWSRegion(value) {
|
|
@@ -117,12 +125,33 @@ export default class AWSConfig {
|
|
|
117
125
|
return this;
|
|
118
126
|
}
|
|
119
127
|
|
|
128
|
+
withAWSLogFormat(value) {
|
|
129
|
+
this.logFormat = value;
|
|
130
|
+
return this;
|
|
131
|
+
}
|
|
132
|
+
|
|
133
|
+
withAWSLayers(value) {
|
|
134
|
+
this.layers = value;
|
|
135
|
+
return this;
|
|
136
|
+
}
|
|
137
|
+
|
|
138
|
+
withAWSTracingMode(value) {
|
|
139
|
+
this.tracingMode = value;
|
|
140
|
+
return this;
|
|
141
|
+
}
|
|
142
|
+
|
|
143
|
+
withAWSExtraPermissions(value) {
|
|
144
|
+
this.extraPermissions = value;
|
|
145
|
+
return this;
|
|
146
|
+
}
|
|
147
|
+
|
|
120
148
|
static yarg(yargs) {
|
|
121
149
|
return yargs
|
|
122
150
|
.group(['aws-region', 'aws-api', 'aws-role', 'aws-cleanup-buckets', 'aws-cleanup-integrations',
|
|
123
151
|
'aws-create-routes', 'aws-create-authorizer', 'aws-attach-authorizer', 'aws-lambda-format',
|
|
124
152
|
'aws-parameter-manager', 'aws-deploy-template', 'aws-arch', 'aws-update-secrets',
|
|
125
|
-
'aws-deploy-bucket', 'aws-identity-source'
|
|
153
|
+
'aws-deploy-bucket', 'aws-identity-source', 'aws-log-format', 'aws-layers',
|
|
154
|
+
'aws-tracing-mode', 'aws-extra-permissions'], 'AWS Deployment Options')
|
|
126
155
|
.option('aws-region', {
|
|
127
156
|
description: 'the AWS region to deploy lambda functions to',
|
|
128
157
|
type: 'string',
|
|
@@ -189,6 +218,24 @@ export default class AWSConfig {
|
|
|
189
218
|
description: 'Name of the deploy S3 bucket to use (default is helix-deploy-bucket-{accountId})',
|
|
190
219
|
type: 'string',
|
|
191
220
|
default: '',
|
|
221
|
+
})
|
|
222
|
+
.option('aws-log-format', {
|
|
223
|
+
description: 'The lambda log format. Can be either "JSON" or "Text".',
|
|
224
|
+
type: 'string',
|
|
225
|
+
})
|
|
226
|
+
.option('aws-layers', {
|
|
227
|
+
description: 'List of layers ARNs to attach to the lambda function.',
|
|
228
|
+
type: 'string',
|
|
229
|
+
array: true,
|
|
230
|
+
})
|
|
231
|
+
.option('aws-tracing-mode', {
|
|
232
|
+
description: 'The lambda tracing mode. Can be either "Active" or "PassThrough".',
|
|
233
|
+
type: 'string',
|
|
234
|
+
})
|
|
235
|
+
.option('aws-extra-permissions', {
|
|
236
|
+
description: 'A list fo additional invoke permissions to add to the lambda function in the form <SourceARN>@<Principal>.',
|
|
237
|
+
type: 'string',
|
|
238
|
+
array: true,
|
|
192
239
|
});
|
|
193
240
|
}
|
|
194
241
|
}
|
|
@@ -235,6 +235,9 @@ export default class AWSDeployer extends BaseDeployer {
|
|
|
235
235
|
Architectures: [
|
|
236
236
|
this._cfg.arch,
|
|
237
237
|
],
|
|
238
|
+
LoggingConfig: this._cfg.logFormat ? { Format: this._cfg.logFormat } : undefined,
|
|
239
|
+
Layers: this._cfg.layers,
|
|
240
|
+
TracingConfig: this._cfg.tracingMode ? { Mode: this._cfg.tracingMode } : undefined,
|
|
238
241
|
};
|
|
239
242
|
|
|
240
243
|
this.log.info(`--: using lambda role "${this._cfg.role}"`);
|
|
@@ -873,6 +876,28 @@ export default class AWSDeployer extends BaseDeployer {
|
|
|
873
876
|
}
|
|
874
877
|
}
|
|
875
878
|
|
|
879
|
+
async createExtraPermissions() {
|
|
880
|
+
const { functionName } = this;
|
|
881
|
+
|
|
882
|
+
if (this._cfg.extraPermissions) {
|
|
883
|
+
await Promise.allSettled(this._cfg.extraPermissions.map(async (extraPermission) => {
|
|
884
|
+
const [sourceArn, principal] = extraPermission.split('@', 2);
|
|
885
|
+
try {
|
|
886
|
+
await this._lambda.send(new AddPermissionCommand({
|
|
887
|
+
FunctionName: functionName,
|
|
888
|
+
Action: 'lambda:InvokeFunction',
|
|
889
|
+
SourceArn: sourceArn,
|
|
890
|
+
Principal: principal,
|
|
891
|
+
StatementId: crypto.createHash('sha256').update(functionName + sourceArn).digest('hex'),
|
|
892
|
+
}));
|
|
893
|
+
this.log.info(chalk`{green ok:} added invoke permissions for ${sourceArn}`);
|
|
894
|
+
} catch (e) {
|
|
895
|
+
// ignore, most likely the permission already exists
|
|
896
|
+
}
|
|
897
|
+
}));
|
|
898
|
+
}
|
|
899
|
+
}
|
|
900
|
+
|
|
876
901
|
async deploy() {
|
|
877
902
|
try {
|
|
878
903
|
this.log.info(`--: using aws region "${this._cfg.region}"`);
|
|
@@ -881,6 +906,7 @@ export default class AWSDeployer extends BaseDeployer {
|
|
|
881
906
|
await this.createLambda();
|
|
882
907
|
await this.deleteZIP();
|
|
883
908
|
await this.createAPI();
|
|
909
|
+
await this.createExtraPermissions();
|
|
884
910
|
await this.checkFunctionReady();
|
|
885
911
|
} catch (err) {
|
|
886
912
|
this.log.error(`Unable to deploy Lambda function: ${err.message}`, err);
|