@aws/nx-plugin 0.1.6 → 0.2.1

package/src/cloudscape-website/app/files/common/constructs/src/__websiteNameKebabCase__/webacl_event_handler/index.ts.template

@@ -1,301 +0,0 @@
-/* eslint-disable @typescript-eslint/no-non-null-asserted-optional-chain */
-/* eslint-disable @typescript-eslint/no-non-null-assertion */
-/*! Copyright [Amazon.com](http://amazon.com/), Inc. or its affiliates. All Rights Reserved.
-SPDX-License-Identifier: Apache-2.0 */
-import { CreateIPSetCommandOutput, Rule, WAFUnavailableEntityException, WAFV2 } from "@aws-sdk/client-wafv2"; // eslint-disable-line
-
-const DELIMITER = ":";
-const SCOPE = "CLOUDFRONT";
-const client = new WAFV2({
-  region: "us-east-1",
-  customUserAgent: "aws-pdk/static-website/waf",
-});
-
-const MAX_CREATE_RETRY = 10;
-const RETRY_INTERVAL = 2000;
-
-/**
- * Handler for creating a WAF V2 ACL in US-EAST-1.
- */
-export const onEvent = async (event: any) => {
-  const { ID, MANAGED_RULES, CIDR_ALLOW_LIST } = event.ResourceProperties;
-  const [WEB_ACL_ID, IP_SET_ID] = event.PhysicalResourceId
-    ? event.PhysicalResourceId.split(DELIMITER)
-    : [];
-  let response = {};
-
-  switch (event.RequestType) {
-    case "Create":
-      response = await createWaf(ID, MANAGED_RULES, CIDR_ALLOW_LIST);
-      break;
-    case "Update":
-      response = await updateWaf(
-        WEB_ACL_ID,
-        IP_SET_ID,
-        ID,
-        getIpSetName(ID),
-        MANAGED_RULES,
-        CIDR_ALLOW_LIST
-      );
-      break;
-    case "Delete":
-      response = await deleteWaf(WEB_ACL_ID, IP_SET_ID, ID, getIpSetName(ID));
-      break;
-    default:
-      throw new Error(`Invalid RequestType: ${event.RequestType}`);
-  }
-
-  return response;
-};
-
-/**
- * Generates the name of the IP Set.
- *
- * @param id param passed in.
- * @returns name of IP Set.
- */
-const getIpSetName = (id: string) => `${id}-IPSet`;
-
-/**
- * Returns a set of rules to apply.
- *
- * @param ipSetArn ip set arn
- * @param ipSetName  ip set name
- * @param managedRules  managed rules
- * @param cidrAllowList cidr allow list
- * @returns set of rules to apply.
- */
-const getWafRules = (
-  ipSetArn: string,
-  ipSetName: string,
-  managedRules?: any,
-  cidrAllowList?: any
-): Array<Rule> => {
-  const rules: Array<Rule> = [];
-
-  if (cidrAllowList) {
-    rules.push({
-      Name: ipSetName,
-      Priority: 1,
-      VisibilityConfig: {
-        MetricName: ipSetName,
-        CloudWatchMetricsEnabled: true,
-        SampledRequestsEnabled: true,
-      },
-      Action: {
-        Block: {},
-      },
-      Statement: {
-        NotStatement: {
-          Statement: {
-            IPSetReferenceStatement: {
-              ARN: ipSetArn,
-            },
-          },
-        },
-      },
-    });
-  }
-
-  if (managedRules) {
-    rules.push(
-      ...managedRules
-        .map((r: any) => ({ VendorName: r.vendor, Name: r.name }))
-        .map((rule: any, Priority: any) => ({
-          Name: `${rule.VendorName}-${rule.Name}`,
-          Priority,
-          Statement: { ManagedRuleGroupStatement: rule },
-          OverrideAction: { None: {} },
-          VisibilityConfig: {
-            MetricName: `${rule.VendorName}-${rule.Name}`,
-            CloudWatchMetricsEnabled: true,
-            SampledRequestsEnabled: true,
-          },
-        }))
-    );
-  }
-
-  return rules;
-};
-
-const createWaf = async (
-  id: string,
-  managedRules?: any,
-  cidrAllowList?: any
-) => {
-  const ipSetName = getIpSetName(id);
-  const createIpSetResponse = await client.createIPSet({
-    Name: ipSetName,
-    Scope: SCOPE,
-    Addresses: cidrAllowList?.cidrRanges ?? [],
-    IPAddressVersion: cidrAllowList?.cidrType ?? "IPV4",
-  });
-
-  const createWebAclResponse = await createWafAcl(
-    id,
-    ipSetName,
-    createIpSetResponse,
-    managedRules,
-    cidrAllowList
-  );
-
-  return {
-    PhysicalResourceId: `${createWebAclResponse.Summary?.Id}${DELIMITER}${createIpSetResponse.Summary?.Id}`,
-    Data: {
-      WebAclArn: createWebAclResponse.Summary?.ARN,
-      WebAclId: createWebAclResponse.Summary?.Id,
-      IPSetArn: createIpSetResponse.Summary?.ARN,
-      IPSetId: createIpSetResponse.Summary?.Id,
-    },
-  };
-};
-
-const createWafAcl = async (
-  id: string,
-  ipSetName: string,
-  createIpSetResponse: CreateIPSetCommandOutput,
-  managedRules?: any,
-  cidrAllowList?: any
-) => {
-  let counter = 0;
-
-  while (true) {
-    try {
-      const createWebAclResponse = await client.createWebACL({
-        Name: id,
-        DefaultAction: { Allow: {} },
-        Scope: SCOPE,
-        VisibilityConfig: {
-          CloudWatchMetricsEnabled: true,
-          MetricName: id,
-          SampledRequestsEnabled: true,
-        },
-        Rules: getWafRules(
-          createIpSetResponse.Summary!.ARN!,
-          ipSetName,
-          managedRules,
-          cidrAllowList
-        ),
-      });
-
-      return createWebAclResponse;
-    } catch (e) {
-      if (
-        e instanceof WAFUnavailableEntityException &&
-        counter < MAX_CREATE_RETRY
-      ) {
-        counter++;
-        console.log(
-          `Received error: ${e.message}; Waiting for retrying ${counter}`
-        );
-        await sleep(RETRY_INTERVAL);
-        continue;
-      }
-
-      throw e;
-    }
-  }
-};
-
-const updateWaf = async (
-  webAclId: string,
-  ipSetId: string,
-  id: string,
-  ipSetName: string,
-  managedRules?: any,
-  cidrAllowList?: any
-) => {
-  const getIpSetResponse = await client.getIPSet({
-    Id: ipSetId,
-    Name: ipSetName,
-    Scope: SCOPE,
-  });
-
-  await client.updateIPSet({
-    Id: ipSetId,
-    Name: ipSetName,
-    Addresses: cidrAllowList?.cidrRanges ?? [],
-    Scope: SCOPE,
-    LockToken: getIpSetResponse.LockToken!,
-  });
-
-  const getWebAclResponse = await client.getWebACL({
-    Id: webAclId,
-    Name: id,
-    Scope: SCOPE,
-  });
-
-  await client.updateWebACL({
-    Name: id,
-    DefaultAction: { Allow: {} },
-    Scope: SCOPE,
-    VisibilityConfig: {
-      CloudWatchMetricsEnabled: true,
-      MetricName: id,
-      SampledRequestsEnabled: true,
-    },
-    Rules: getWafRules(
-      getIpSetResponse.IPSet?.ARN!,
-      ipSetName,
-      managedRules,
-      cidrAllowList
-    ),
-    Id: getWebAclResponse.WebACL?.Id!,
-    LockToken: getWebAclResponse.LockToken!,
-  });
-
-  return {
-    Data: {
-      WebAclArn: getWebAclResponse.WebACL?.ARN,
-      WebAclId: getWebAclResponse.WebACL?.Id,
-      IPSetArn: getIpSetResponse.IPSet?.ARN,
-      IPSetId: getIpSetResponse.IPSet?.Id,
-    },
-  };
-};
-
-const deleteWaf = async (
-  webAclId: string,
-  ipSetId: string,
-  id: string,
-  ipSetName: string
-) => {
-  const getWebAclResponse = await client.getWebACL({
-    Id: webAclId,
-    Name: id,
-    Scope: SCOPE,
-  });
-
-  await client.deleteWebACL({
-    Id: webAclId,
-    Name: id,
-    Scope: SCOPE,
-    LockToken: getWebAclResponse.LockToken!,
-  });
-
-  const getIpSetResponse = await client.getIPSet({
-    Id: ipSetId,
-    Name: ipSetName,
-    Scope: SCOPE,
-  });
-
-  await client.deleteIPSet({
-    Id: ipSetId,
-    Name: ipSetName,
-    Scope: SCOPE,
-    LockToken: getIpSetResponse.LockToken!,
-  });
-
-  return {
-    Data: {
-      WebAclArn: getWebAclResponse.WebACL?.ARN,
-      WebAclId: getWebAclResponse.WebACL?.Id,
-      IPSetArn: getIpSetResponse.IPSet?.ARN,
-      IPSetId: getIpSetResponse.IPSet?.Id,
-    },
-  };
-};
-
-const sleep = async (duration: number) => {
-  return new Promise((resolve) => setTimeout(resolve, duration));
-};

package/src/cloudscape-website/cognito-auth/files/common/constructs/src/identity/index.ts.template

@@ -1,4 +0,0 @@
-/*! Copyright [Amazon.com](http://amazon.com/), Inc. or its affiliates. All Rights Reserved.
-SPDX-License-Identifier: Apache-2.0 */
-export * from './user-identity.js';
-export * from './userpool-with-mfa.js';

package/src/cloudscape-website/cognito-auth/files/common/constructs/src/identity/user-identity.ts.template

@@ -1,66 +0,0 @@
-/*! Copyright [Amazon.com](http://amazon.com/), Inc. or its affiliates. All Rights Reserved.
-SPDX-License-Identifier: Apache-2.0 */
-import {
-  IdentityPool,
-  UserPoolAuthenticationProvider,
-} from '@aws-cdk/aws-cognito-identitypool-alpha';
-import { CfnOutput, Stack } from 'aws-cdk-lib';
-import { UserPool, UserPoolClient } from 'aws-cdk-lib/aws-cognito';
-import { Construct } from 'constructs';
-import { UserPoolWithMfa } from './userpool-with-mfa.js';
-import { RuntimeConfig } from '../runtime-config/index.js';
-
-const WEB_CLIENT_ID = 'WebClient';
-
-/**
- * Creates a UserPool and Identity Pool with sane defaults configured intended for usage from a web client.
- */
-export class UserIdentity extends Construct {
-  public readonly identityPool: IdentityPool;
-  public readonly userPool: UserPool;
-  public readonly userPoolClient: UserPoolClient;
-
-  constructor(scope: Construct, id: string) {
-    super(scope, id);
-
-    // Unless explicitly stated, created a default Cognito User Pool and Web Client.
-    this.userPool = new UserPoolWithMfa(this, 'UserPool');
-
-    this.identityPool = new IdentityPool(this, 'IdentityPool');
-
-    const existingClient = this.userPool.node.children.find(
-      (e) => e.node.id === WEB_CLIENT_ID && e instanceof UserPoolClient
-    ) as UserPoolClient | undefined;
-
-    this.userPoolClient =
-      existingClient ??
-      this.userPool.addClient(WEB_CLIENT_ID, {
-        authFlows: {
-          userPassword: true,
-          userSrp: true,
-        },
-      });
-
-    this.identityPool.addUserPoolAuthentication(
-      new UserPoolAuthenticationProvider({
-        userPool: this.userPool,
-        userPoolClient: this.userPoolClient,
-      })
-    );
-
-    new CfnOutput(this, `${id}-UserPoolId`, {
-      value: this.userPool.userPoolId,
-    });
-
-    new CfnOutput(this, `${id}-IdentityPoolId`, {
-      value: this.identityPool.identityPoolId,
-    });
-
-    RuntimeConfig.ensure(this).config.cognitoProps = {
-      region: Stack.of(this).region,
-      identityPoolId: this.identityPool.identityPoolId,
-      userPoolId: this.userPool?.userPoolId,
-      userPoolWebClientId: this.userPoolClient?.userPoolClientId,
-    };
-  }
-}

package/src/cloudscape-website/cognito-auth/files/common/constructs/src/identity/userpool-with-mfa.ts.template

@@ -1,70 +0,0 @@
-/*! Copyright [Amazon.com](http://amazon.com/), Inc. or its affiliates. All Rights Reserved.
-SPDX-License-Identifier: Apache-2.0 */
-import { PDKNag } from '@aws/pdk/pdk-nag';
-import { Duration, Stack } from 'aws-cdk-lib';
-import {
-  AccountRecovery,
-  AdvancedSecurityMode,
-  Mfa,
-  UserPool,
-} from 'aws-cdk-lib/aws-cognito';
-import { Construct } from 'constructs';
-
-/**
- * Configures a UserPool with MFA across SMS/TOTP using sane defaults.
- */
-export class UserPoolWithMfa extends UserPool {
-  constructor(scope: Construct, id: string) {
-    super(scope, id, {
-      deletionProtection: true,
-      passwordPolicy: {
-        minLength: 8,
-        requireLowercase: true,
-        requireUppercase: true,
-        requireDigits: true,
-        requireSymbols: true,
-        tempPasswordValidity: Duration.days(3),
-      },
-      mfa: Mfa.REQUIRED,
-      mfaSecondFactor: { sms: true, otp: true },
-      signInCaseSensitive: false,
-      advancedSecurityMode: AdvancedSecurityMode.ENFORCED,
-      signInAliases: { username: true, email: true },
-      accountRecovery: AccountRecovery.EMAIL_ONLY,
-      selfSignUpEnabled: <%= allowSignup %>,
-      standardAttributes: {
-        phoneNumber: { required: false },
-        email: { required: true },
-        givenName: { required: true },
-        familyName: { required: true },
-      },
-      autoVerify: {
-        email: true,
-        phone: true,
-      },
-      keepOriginal: {
-        email: true,
-        phone: true,
-      },
-    });
-
-    const stack = Stack.of(this);
-
-    ['AwsSolutions-IAM5', 'AwsPrototyping-IAMNoWildcardPermissions'].forEach(
-      (RuleId) => {
-        PDKNag.addResourceSuppressionsByPathNoThrow(
-          stack,
-          `${PDKNag.getStackPrefix(stack)}${id}/UserPool/smsRole/Resource`,
-          [
-            {
-              id: RuleId,
-              reason:
-                'MFA requires sending a text to a users phone number which cannot be known at deployment time.',
-              appliesTo: ['Resource::*'],
-            },
-          ]
-        );
-      }
-    );
-  }
-}

package/src/gitlab/generator.d.ts

@@ -1,8 +0,0 @@
-/**
- * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0
- */
-import { Tree } from '@nx/devkit';
-import { GitlabGeneratorSchema } from './schema';
-export declare function gitlabGenerator(tree: Tree, options: GitlabGeneratorSchema): Promise<void>;
-export default gitlabGenerator;

package/src/gitlab/generator.js

@@ -1,16 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.gitlabGenerator = gitlabGenerator;
-const tslib_1 = require("tslib");
-/**
- * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0
- */
-const devkit_1 = require("@nx/devkit");
-function gitlabGenerator(tree, options) {
-    return tslib_1.__awaiter(this, void 0, void 0, function* () {
-        (0, devkit_1.generateFiles)(tree, (0, devkit_1.joinPathFragments)(__dirname, 'files'), '.', options);
-    });
-}
-exports.default = gitlabGenerator;
-//# sourceMappingURL=generator.js.map

package/src/gitlab/generator.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"generator.js","sourceRoot":"","sources":["../../../../../packages/nx-plugin/src/gitlab/generator.ts"],"names":[],"mappings":";;AAOA,0CAKC;;AAZD;;;GAGG;AACH,uCAAoE;AAGpE,SAAsB,eAAe,CACnC,IAAU,EACV,OAA8B;;QAE9B,IAAA,sBAAa,EAAC,IAAI,EAAE,IAAA,0BAAiB,EAAC,SAAS,EAAE,OAAO,CAAC,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;IAC3E,CAAC;CAAA;AAED,kBAAe,eAAe,CAAC"}

package/src/gitlab/schema.d.ts

@@ -1,9 +0,0 @@
-/**
- * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0
- */
-export interface GitlabGeneratorSchema {
-  infraProject: string;
-  roleArn: string;
-  region: string;
-}

package/src/gitlab/schema.json

@@ -1,52 +0,0 @@
-{
-  "$schema": "https://json-schema.org/schema",
-  "$id": "Gitlab",
-  "title": "",
-  "type": "object",
-  "properties": {
-    "infraProject": {
-      "description": "The infrastructure project.",
-      "type": "string",
-      "alias": "dir",
-      "x-priority": "important",
-      "x-prompt": "the infrastructure project",
-      "x-dropdown": "projects"
-    },
-    "roleArn": {
-      "description": "The role ARN to assume.",
-      "type": "string",
-      "x-priority": "important",
-      "x-prompt": "the role ARN to assume"
-    },
-    "region": {
-      "description": "The region to deploy into.",
-      "type": "string",
-      "x-priority": "important",
-      "x-prompt": {
-        "message": "Which region would you like to deploy into?",
-        "type": "list",
-        "items": [
-          { "value": "us-east-1", "label": "us-east-1" },
-          { "value": "us-east-2", "label": "us-east-2" },
-          { "value": "us-west-1", "label": "us-west-1" },
-          { "value": "us-west-2", "label": "us-west-2" },
-          { "value": "ca-central-1", "label": "ca-central-1" },
-          { "value": "eu-west-1", "label": "eu-west-1" },
-          { "value": "eu-central-1", "label": "eu-central-1" },
-          { "value": "eu-west-2", "label": "eu-west-2" },
-          { "value": "eu-west-3", "label": "eu-west-3" },
-          { "value": "eu-north-1", "label": "eu-north-1" },
-          { "value": "ap-northeast-1", "label": "ap-northeast-1" },
-          { "value": "ap-northeast-2", "label": "ap-northeast-2" },
-          { "value": "ap-southeast-1", "label": "ap-southeast-1" },
-          { "value": "ap-southeast-2", "label": "ap-southeast-2" },
-          { "value": "ap-south-1", "label": "ap-south-1" },
-          { "value": "sa-east-1", "label": "sa-east-1" },
-          { "value": "us-gov-west-1", "label": "us-gov-west-1" },
-          { "value": "us-gov-east-1", "label": "us-gov-east-1" }
-        ]
-      }
-    }
-  },
-  "required": ["infraProject", "roleArn", "region"]
-}

package/src/infra/app/files/src/main.ts.template

@@ -1,37 +0,0 @@
-import { CdkGraph, FilterPreset, Filters } from '@aws/pdk/cdk-graph';
-import { CdkGraphDiagramPlugin } from '@aws/pdk/cdk-graph-plugin-diagram';
-import { CdkGraphThreatComposerPlugin } from '@aws/pdk/cdk-graph-plugin-threat-composer';
-import { AwsPrototypingChecks, PDKNag } from '@aws/pdk/pdk-nag';
-import { ApplicationStack } from './stacks/application-stack.js';
-
-/* eslint-disable @typescript-eslint/no-floating-promises */
-(async () => {
-  const app = PDKNag.app({
-    nagPacks: [new AwsPrototypingChecks()],
-  });
-
-  // Use this to deploy your own sandbox environment (assumes your CLI credentials)
-  new ApplicationStack(app, '<%= name %>-sandbox', {
-    env: {
-      account: process.env.CDK_DEFAULT_ACCOUNT,
-      region: process.env.CDK_DEFAULT_REGION,
-    },
-  });
-
-  const graph = new CdkGraph(app, {
-    plugins: [
-      new CdkGraphDiagramPlugin({
-        defaults: {
-          filterPlan: {
-            preset: FilterPreset.COMPACT,
-            filters: [{ store: Filters.pruneCustomResources() }],
-          },
-        },
-      }),
-      new CdkGraphThreatComposerPlugin(),
-    ],
-  });
-
-  app.synth();
-  await graph.report();
-})();

package/src/trpc/react/files/src/components/TRPCClientProvider/index.tsx.template

@@ -1,34 +0,0 @@
-import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
-import { httpBatchLink } from '@trpc/react-query';
-import { useContext, useState, FC } from 'react';
-import { useTrpc } from '../../hooks/useTrpc';
-import { RuntimeConfigContext } from '../RuntimeConfig';
-<% if(auth === 'IAM') { %> import useSigV4Client from "@aws-northstar/ui/components/CognitoAuth/hooks/useSigv4Client"; <% } %>
-
-const TRPCClientProvider: FC<any> = ({ children }) => {
-  const trpc = useTrpc();
-  const runtimeContext = useContext(RuntimeConfigContext);
-  const [queryClient] = useState(() => new QueryClient());
-  <% if(auth === 'IAM') { %> const sigv4Client = useSigV4Client(); <% } %>
-
-  const [trpcClient] = useState(() =>
-    trpc.createClient({
-      links: [
-        httpBatchLink({
-          url: runtimeContext?.trpcApis?.['<%= apiName %>']!,
-            <% if(auth === 'IAM') { %> fetch: sigv4Client <% } %>
-        })
-      ],
-    }),
-  );
-
-  return (
-    <trpc.Provider client={trpcClient} queryClient={queryClient}>
-      <QueryClientProvider client={queryClient}>
-        {children}
-      </QueryClientProvider>
-    </trpc.Provider>
-  );
-};
-
-export default TRPCClientProvider;

package/src/trpc/react/files/src/hooks/useTrpc.tsx.template

@@ -1,5 +0,0 @@
-import type { AppRouter } from '<%= backendProjectAlias %>';
-import { createTRPCReact } from '@trpc/react-query';
-
-const trpc = createTRPCReact<AppRouter>();
-export const useTrpc = () => trpc;

package/src/ts/cjs-to-esm/generator.d.ts

@@ -1,12 +0,0 @@
-/**
- * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0
- */
-import { Tree } from '@nx/devkit';
-import { CjsToEsmGeneratorSchema } from './schema';
-export declare function cjsToEsm(tree: Tree, relativePathInTree: string, options?: {
-    include?: string[];
-    exclude?: string[];
-}): void;
-export declare function cjsToEsmGenerator(tree: Tree, options: CjsToEsmGeneratorSchema): Promise<void>;
-export default cjsToEsmGenerator;