@aws/nx-plugin 0.49.1 → 0.51.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/generators.json +22 -1
- package/package.json +1 -1
- package/sdk/ts.d.ts +2 -0
- package/sdk/ts.js +6 -3
- package/sdk/ts.js.map +1 -1
- package/src/api-connection/generator.d.ts +2 -2
- package/src/api-connection/generator.js +20 -0
- package/src/api-connection/generator.js.map +1 -1
- package/src/infra/app/__snapshots__/generator.spec.ts.snap +128 -18
- package/src/infra/app/files/app/README.md.template +5 -5
- package/src/infra/app/files/app/checkov.yml.template +12 -0
- package/src/infra/app/files/app/src/main.ts.template +2 -4
- package/src/infra/app/generator.js +13 -8
- package/src/infra/app/generator.js.map +1 -1
- package/src/infra/app/schema.d.ts +0 -8
- package/src/infra/app/schema.json +0 -16
- package/src/license/config.js +3 -3
- package/src/license/config.js.map +1 -1
- package/src/open-api/ts-hooks/__snapshots__/generator.spec.tsx.snap +114 -0
- package/src/open-api/ts-hooks/generator.spec.tsx +176 -0
- package/src/open-api/utils/codegen-data.js +42 -5
- package/src/open-api/utils/codegen-data.js.map +1 -1
- package/src/preset/__snapshots__/generator.spec.ts.snap +2 -0
- package/src/py/fast-api/__snapshots__/generator.spec.ts.snap +55 -2
- package/src/py/fast-api/generator.js +8 -55
- package/src/py/fast-api/generator.js.map +1 -1
- package/src/py/fast-api/react/generator.js +9 -111
- package/src/py/fast-api/react/generator.js.map +1 -1
- package/src/py/lambda-function/generator.js +1 -1
- package/src/py/lambda-function/generator.js.map +1 -1
- package/src/py/mcp-server/__snapshots__/generator.spec.ts.snap +18 -74
- package/src/py/mcp-server/generator.js +1 -1
- package/src/py/mcp-server/generator.js.map +1 -1
- package/src/py/strands-agent/__snapshots__/generator.spec.ts.snap +18 -74
- package/src/py/strands-agent/generator.js +1 -1
- package/src/py/strands-agent/generator.js.map +1 -1
- package/src/smithy/project/__snapshots__/generator.spec.ts.snap +576 -0
- package/src/smithy/project/files/build.Dockerfile.template +97 -0
- package/src/smithy/project/files/smithy-build.json.template +25 -0
- package/src/smithy/project/files/src/main.smithy.template +19 -0
- package/src/smithy/project/files/src/operations/echo.smithy.template +18 -0
- package/src/smithy/project/generator.d.ts +10 -0
- package/src/smithy/project/generator.js +70 -0
- package/src/smithy/project/generator.js.map +1 -0
- package/src/smithy/project/schema.d.ts +11 -0
- package/src/smithy/project/schema.json +42 -0
- package/src/smithy/react-connection/__snapshots__/generator.spec.ts.snap +270 -0
- package/src/smithy/react-connection/files/model/extensions.smithy.template +33 -0
- package/src/smithy/react-connection/generator.d.ts +10 -0
- package/src/smithy/react-connection/generator.js +100 -0
- package/src/smithy/react-connection/generator.js.map +1 -0
- package/src/smithy/react-connection/schema.d.ts +8 -0
- package/src/smithy/react-connection/schema.json +26 -0
- package/src/smithy/ts/api/__snapshots__/generator.spec.ts.snap +3023 -0
- package/src/smithy/ts/api/files/context.ts.template +12 -0
- package/src/smithy/ts/api/files/handler.ts.template +50 -0
- package/src/smithy/ts/api/files/index.ts.template +0 -0
- package/src/smithy/ts/api/files/local-server.ts.template +41 -0
- package/src/smithy/ts/api/files/operations/echo.ts.template +7 -0
- package/src/smithy/ts/api/files/service.ts.template +8 -0
- package/src/smithy/ts/api/generator.d.ts +10 -0
- package/src/smithy/ts/api/generator.js +154 -0
- package/src/smithy/ts/api/generator.js.map +1 -0
- package/src/smithy/ts/api/schema.d.ts +14 -0
- package/src/smithy/ts/api/schema.json +56 -0
- package/src/trpc/backend/__snapshots__/generator.spec.ts.snap +61 -2
- package/src/trpc/backend/generator.js +6 -20
- package/src/trpc/backend/generator.js.map +1 -1
- package/src/trpc/backend/schema.d.ts +2 -1
- package/src/ts/lambda-function/__snapshots__/generator.spec.ts.snap +3 -3
- package/src/ts/lambda-function/generator.js +10 -10
- package/src/ts/lambda-function/generator.js.map +1 -1
- package/src/ts/lib/eslint.d.ts +7 -0
- package/src/ts/lib/eslint.js +37 -29
- package/src/ts/lib/eslint.js.map +1 -1
- package/src/ts/mcp-server/__snapshots__/generator.spec.ts.snap +18 -74
- package/src/ts/mcp-server/files/Dockerfile.template +1 -1
- package/src/ts/mcp-server/generator.js +20 -14
- package/src/ts/mcp-server/generator.js.map +1 -1
- package/src/ts/nx-generator/__snapshots__/generator.spec.ts.snap +6 -6
- package/src/ts/nx-generator/generator.js +3 -2
- package/src/ts/nx-generator/generator.js.map +1 -1
- package/src/ts/react-website/app/__snapshots__/generator.spec.ts.snap +267 -6
- package/src/ts/react-website/cognito-auth/__snapshots__/generator.spec.ts.snap +10 -0
- package/src/utils/__snapshots__/shared-constructs.spec.ts.snap +49 -0
- package/src/utils/agent-core-constructs/agent-core-constructs.js +0 -3
- package/src/utils/agent-core-constructs/agent-core-constructs.js.map +1 -1
- package/src/utils/agent-core-constructs/files/cdk/app/agent-core/__nameKebabCase__/__nameKebabCase__.ts.template +1 -1
- package/src/utils/agent-core-constructs/files/cdk/core/agent-core/runtime.ts.template +15 -72
- package/src/utils/agent-core-constructs/files/terraform/core/agent-core/runtime.tf.template +1 -1
- package/src/utils/api-connection/open-api/react.d.ts +43 -0
- package/src/utils/api-connection/open-api/react.js +132 -0
- package/src/utils/api-connection/open-api/react.js.map +1 -0
- package/src/utils/api-constructs/api-constructs.d.ts +6 -2
- package/src/utils/api-constructs/api-constructs.js.map +1 -1
- package/src/utils/api-constructs/files/cdk/app/apis/http/__apiNameKebabCase__.ts.template +4 -4
- package/src/utils/api-constructs/files/cdk/app/apis/rest/__apiNameKebabCase__.ts.template +7 -4
- package/src/utils/api-constructs/files/cdk/core/api/http/http-api.ts.template +37 -2
- package/src/utils/api-constructs/files/cdk/core/api/rest/rest-api.ts.template +15 -0
- package/src/utils/api-constructs/files/terraform/app/apis/http/__apiNameKebabCase__/__apiNameKebabCase__.tf.template +1 -1
- package/src/utils/api-constructs/files/terraform/app/apis/rest/__apiNameKebabCase__/__apiNameKebabCase__.tf.template +1 -1
- package/src/utils/api-constructs/open-api-metadata.d.ts +17 -0
- package/src/utils/api-constructs/open-api-metadata.js +68 -0
- package/src/utils/api-constructs/open-api-metadata.js.map +1 -0
- package/src/utils/bundle/bundle.d.ts +35 -0
- package/src/utils/bundle/bundle.js +107 -0
- package/src/utils/bundle/bundle.js.map +1 -0
- package/src/utils/bundle/files/ts/rolldown.config.ts.template +3 -0
- package/src/utils/files/common/constructs/src/core/checkov.ts.template +44 -0
- package/src/utils/files/common/constructs/src/core/index.ts.template +1 -0
- package/src/utils/fs.d.ts +16 -0
- package/src/utils/fs.js +32 -0
- package/src/utils/fs.js.map +1 -0
- package/src/utils/identity-constructs/files/cdk/core/user-identity.ts.template +8 -0
- package/src/utils/nx.d.ts +10 -3
- package/src/utils/nx.js +18 -3
- package/src/utils/nx.js.map +1 -1
- package/src/utils/versions.d.ts +8 -5
- package/src/utils/versions.js +7 -4
- package/src/utils/versions.js.map +1 -1
- package/src/utils/website-constructs/files/cdk/core/static-website.ts.template +56 -2
- package/src/infra/app/files/common/constructs/src/core/cfn-guard-rules/aws-prototyping.guard +0 -1282
- package/src/infra/app/files/common/constructs/src/core/cfn-guard-rules/cfn-nag.guard +0 -6839
- package/src/infra/app/files/common/constructs/src/core/cfn-guard-rules/hipaa-security.guard +0 -2807
- package/src/infra/app/files/common/constructs/src/core/cfn-guard-rules/nist-csf.guard +0 -2585
- package/src/infra/app/files/common/constructs/src/core/cfn-guard-rules/pci-dss-3-2-1.guard +0 -2236
- package/src/infra/app/files/common/constructs/src/core/cfn-guard-rules/wa-reliability-pillar.guard +0 -885
- package/src/infra/app/files/common/constructs/src/core/cfn-guard-rules/wa-security-pillar.guard +0 -2205
- package/src/infra/app/files/common/constructs/src/core/cfn-guard.ts.template +0 -67
- package/src/utils/bundle.d.ts +0 -16
- package/src/utils/bundle.js +0 -48
- package/src/utils/bundle.js.map +0 -1
- package/src/utils/esbuild.d.ts +0 -15
- package/src/utils/esbuild.js +0 -46
- package/src/utils/esbuild.js.map +0 -1
- /package/src/{py/fast-api/react/files/website → utils/api-connection/open-api/files}/components/__apiNameClassName__Provider.tsx.template +0 -0
- /package/src/{py/fast-api/react/files/website → utils/api-connection/open-api/files}/hooks/use__apiNameClassName__.tsx.template +0 -0
- /package/src/{py/fast-api/react/files/website → utils/api-connection/open-api/files}/hooks/use__apiNameClassName__Client.tsx.template +0 -0
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
|
3
|
+
* SPDX-License-Identifier: Apache-2.0
|
|
4
|
+
*/
|
|
5
|
+
import { ProjectConfiguration, Tree } from '@nx/devkit';
|
|
6
|
+
export interface AddPythonBundleTargetOptions {
|
|
7
|
+
/**
|
|
8
|
+
* Python platform
|
|
9
|
+
* @default x86_64-manylinux2014
|
|
10
|
+
*/
|
|
11
|
+
pythonPlatform?: 'x86_64-manylinux2014' | 'aarch64-manylinux2014';
|
|
12
|
+
}
|
|
13
|
+
/**
|
|
14
|
+
* Adds a bundle target to the given project if it does not exist, and updates the build target to depend on it
|
|
15
|
+
*/
|
|
16
|
+
export declare const addPythonBundleTarget: (project: ProjectConfiguration, opts?: AddPythonBundleTargetOptions) => void;
|
|
17
|
+
export interface AddTypeScriptBundleTargetOptions {
|
|
18
|
+
/**
|
|
19
|
+
* Path to the target file relative to the project dir
|
|
20
|
+
*/
|
|
21
|
+
targetFilePath: string;
|
|
22
|
+
/**
|
|
23
|
+
* Sub directory to write bundled index.js file to (if any)
|
|
24
|
+
* Outputs to dist/{projectRoot}/bundle/{bundleOutputDir}/index.js
|
|
25
|
+
*/
|
|
26
|
+
bundleOutputDir?: string;
|
|
27
|
+
/**
|
|
28
|
+
* Modules to omit from the bundle and treat as external
|
|
29
|
+
*/
|
|
30
|
+
external?: (string | RegExp)[];
|
|
31
|
+
}
|
|
32
|
+
/**
|
|
33
|
+
* Add a TypeScript bundle target using rolldown
|
|
34
|
+
*/
|
|
35
|
+
export declare const addTypeScriptBundleTarget: (tree: Tree, project: ProjectConfiguration, opts: AddTypeScriptBundleTargetOptions) => void;
|
|
@@ -0,0 +1,107 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
|
4
|
+
* SPDX-License-Identifier: Apache-2.0
|
|
5
|
+
*/
|
|
6
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
7
|
+
exports.addTypeScriptBundleTarget = exports.addPythonBundleTarget = void 0;
|
|
8
|
+
const devkit_1 = require("@nx/devkit");
|
|
9
|
+
const versions_1 = require("../versions");
|
|
10
|
+
const ast_1 = require("../ast");
|
|
11
|
+
const typescript_1 = require("typescript");
|
|
12
|
+
const paths_1 = require("../paths");
|
|
13
|
+
const nx_1 = require("../nx");
|
|
14
|
+
/**
|
|
15
|
+
* Create a target for bundling a python project
|
|
16
|
+
*/
|
|
17
|
+
const createPythonBundleTarget = ({ projectDir, packageName, pythonPlatform, }) => {
|
|
18
|
+
return {
|
|
19
|
+
cache: true,
|
|
20
|
+
executor: 'nx:run-commands',
|
|
21
|
+
outputs: [`{workspaceRoot}/dist/${projectDir}/bundle`],
|
|
22
|
+
options: {
|
|
23
|
+
commands: [
|
|
24
|
+
`uv export --frozen --no-dev --no-editable --project ${projectDir} --package ${packageName} -o dist/${projectDir}/bundle/requirements.txt`,
|
|
25
|
+
`uv pip install -n --no-deps --no-installer-metadata --no-compile-bytecode --python-platform ${pythonPlatform} --target dist/${projectDir}/bundle -r dist/${projectDir}/bundle/requirements.txt`,
|
|
26
|
+
],
|
|
27
|
+
parallel: false,
|
|
28
|
+
},
|
|
29
|
+
};
|
|
30
|
+
};
|
|
31
|
+
/**
|
|
32
|
+
* Adds a bundle target to the given project if it does not exist, and updates the build target to depend on it
|
|
33
|
+
*/
|
|
34
|
+
const addPythonBundleTarget = (project, opts) => {
|
|
35
|
+
var _a, _b, _c, _d;
|
|
36
|
+
if (!project.targets) {
|
|
37
|
+
project.targets = {};
|
|
38
|
+
}
|
|
39
|
+
if (!((_a = project.targets) === null || _a === void 0 ? void 0 : _a.bundle)) {
|
|
40
|
+
project.targets.bundle = Object.assign(Object.assign({}, createPythonBundleTarget({
|
|
41
|
+
projectDir: project.root,
|
|
42
|
+
packageName: project.name,
|
|
43
|
+
pythonPlatform: (_b = opts === null || opts === void 0 ? void 0 : opts.pythonPlatform) !== null && _b !== void 0 ? _b : 'x86_64-manylinux2014',
|
|
44
|
+
})), { dependsOn: ['compile'] });
|
|
45
|
+
}
|
|
46
|
+
if ((_c = project.targets) === null || _c === void 0 ? void 0 : _c.build) {
|
|
47
|
+
project.targets.build.dependsOn = [
|
|
48
|
+
...((_d = project.targets.build.dependsOn) !== null && _d !== void 0 ? _d : []).filter((t) => t !== 'bundle'),
|
|
49
|
+
'bundle',
|
|
50
|
+
];
|
|
51
|
+
}
|
|
52
|
+
};
|
|
53
|
+
exports.addPythonBundleTarget = addPythonBundleTarget;
|
|
54
|
+
/**
|
|
55
|
+
* Add a TypeScript bundle target using rolldown
|
|
56
|
+
*/
|
|
57
|
+
const addTypeScriptBundleTarget = (tree, project, opts) => {
|
|
58
|
+
var _a;
|
|
59
|
+
(_a = project.targets) !== null && _a !== void 0 ? _a : (project.targets = {});
|
|
60
|
+
// Generate empty rolldown config if it doesn't exist
|
|
61
|
+
(0, devkit_1.generateFiles)(tree, (0, devkit_1.joinPathFragments)(__dirname, 'files', 'ts'), project.root, {}, { overwriteStrategy: devkit_1.OverwriteStrategy.KeepExisting });
|
|
62
|
+
// Add the bundle target
|
|
63
|
+
if (!project.targets.bundle) {
|
|
64
|
+
project.targets.bundle = {
|
|
65
|
+
cache: true,
|
|
66
|
+
outputs: [`{workspaceRoot}/dist/{projectRoot}/bundle`],
|
|
67
|
+
executor: 'nx:run-commands',
|
|
68
|
+
options: {
|
|
69
|
+
command: 'rolldown -c rolldown.config.ts',
|
|
70
|
+
cwd: '{projectRoot}',
|
|
71
|
+
},
|
|
72
|
+
dependsOn: ['compile'],
|
|
73
|
+
};
|
|
74
|
+
}
|
|
75
|
+
// Add bundle to the build target
|
|
76
|
+
(0, nx_1.addDependencyToTargetIfNotPresent)(project, 'build', 'bundle');
|
|
77
|
+
const rolldownConfigPath = (0, devkit_1.joinPathFragments)(project.root, 'rolldown.config.ts');
|
|
78
|
+
const rolldownConfigArraySelector = 'CallExpression:has(Identifier[name="defineConfig"]) > ArrayLiteralExpression';
|
|
79
|
+
// Check whether we already have a config entry with input set to targetFilePath
|
|
80
|
+
if ((0, ast_1.query)(tree, rolldownConfigPath, `${rolldownConfigArraySelector} PropertyAssignment:has(Identifier[name="input"]):has(StringLiteral[value="${opts.targetFilePath}"])`).length === 0) {
|
|
81
|
+
// We don't have one, so append it
|
|
82
|
+
(0, ast_1.replace)(tree, rolldownConfigPath, rolldownConfigArraySelector, (node) => {
|
|
83
|
+
var _a;
|
|
84
|
+
return typescript_1.factory.createArrayLiteralExpression([
|
|
85
|
+
...node.elements,
|
|
86
|
+
typescript_1.factory.createObjectLiteralExpression([
|
|
87
|
+
typescript_1.factory.createPropertyAssignment(typescript_1.factory.createIdentifier('input'), typescript_1.factory.createStringLiteral(opts.targetFilePath, true)),
|
|
88
|
+
typescript_1.factory.createPropertyAssignment(typescript_1.factory.createIdentifier('output'), typescript_1.factory.createObjectLiteralExpression([
|
|
89
|
+
typescript_1.factory.createPropertyAssignment(typescript_1.factory.createIdentifier('file'), typescript_1.factory.createStringLiteral((0, devkit_1.joinPathFragments)((0, paths_1.getRelativePathToRoot)(tree, project.name), 'dist', project.root, 'bundle', (_a = opts.bundleOutputDir) !== null && _a !== void 0 ? _a : '.', 'index.js'), true)),
|
|
90
|
+
typescript_1.factory.createPropertyAssignment(typescript_1.factory.createIdentifier('format'), typescript_1.factory.createStringLiteral('cjs', true)),
|
|
91
|
+
typescript_1.factory.createPropertyAssignment(typescript_1.factory.createIdentifier('inlineDynamicImports'), typescript_1.factory.createTrue()),
|
|
92
|
+
], true)),
|
|
93
|
+
...(opts.external
|
|
94
|
+
? [
|
|
95
|
+
typescript_1.factory.createPropertyAssignment(typescript_1.factory.createIdentifier('external'), typescript_1.factory.createArrayLiteralExpression(opts.external.map((ext) => typeof ext === 'string'
|
|
96
|
+
? typescript_1.factory.createStringLiteral(ext, true)
|
|
97
|
+
: typescript_1.factory.createRegularExpressionLiteral(`/${ext.source}/`)))),
|
|
98
|
+
]
|
|
99
|
+
: []),
|
|
100
|
+
], true),
|
|
101
|
+
]);
|
|
102
|
+
});
|
|
103
|
+
}
|
|
104
|
+
(0, devkit_1.addDependenciesToPackageJson)(tree, {}, (0, versions_1.withVersions)(['rolldown']));
|
|
105
|
+
};
|
|
106
|
+
exports.addTypeScriptBundleTarget = addTypeScriptBundleTarget;
|
|
107
|
+
//# sourceMappingURL=bundle.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"bundle.js","sourceRoot":"","sources":["../../../../../../packages/nx-plugin/src/utils/bundle/bundle.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAEH,uCAQoB;AACpB,0CAA2C;AAC3C,gCAAwC;AACxC,2CAMoB;AAEpB,oCAAiD;AACjD,8BAA0D;AAuB1D;;GAEG;AACH,MAAM,wBAAwB,GAAG,CAAC,EAChC,UAAU,EACV,WAAW,EACX,cAAc,GACkB,EAAuB,EAAE;IACzD,OAAO;QACL,KAAK,EAAE,IAAI;QACX,QAAQ,EAAE,iBAAiB;QAC3B,OAAO,EAAE,CAAC,wBAAwB,UAAU,SAAS,CAAC;QACtD,OAAO,EAAE;YACP,QAAQ,EAAE;gBACR,uDAAuD,UAAU,cAAc,WAAW,YAAY,UAAU,0BAA0B;gBAC1I,+FAA+F,cAAc,kBAAkB,UAAU,mBAAmB,UAAU,0BAA0B;aACjM;YACD,QAAQ,EAAE,KAAK;SAChB;KACF,CAAC;AACJ,CAAC,CAAC;AAEF;;GAEG;AACI,MAAM,qBAAqB,GAAG,CACnC,OAA6B,EAC7B,IAAmC,EACnC,EAAE;;IACF,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;QACrB,OAAO,CAAC,OAAO,GAAG,EAAE,CAAC;IACvB,CAAC;IAED,IAAI,CAAC,CAAA,MAAA,OAAO,CAAC,OAAO,0CAAE,MAAM,CAAA,EAAE,CAAC;QAC7B,OAAO,CAAC,OAAO,CAAC,MAAM,mCACjB,wBAAwB,CAAC;YAC1B,UAAU,EAAE,OAAO,CAAC,IAAI;YACxB,WAAW,EAAE,OAAO,CAAC,IAAI;YACzB,cAAc,EAAE,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,cAAc,mCAAI,sBAAsB;SAC/D,CAAC,KACF,SAAS,EAAE,CAAC,SAAS,CAAC,GACvB,CAAC;IACJ,CAAC;IAED,IAAI,MAAA,OAAO,CAAC,OAAO,0CAAE,KAAK,EAAE,CAAC;QAC3B,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,GAAG;YAChC,GAAG,CAAC,MAAA,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,mCAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,QAAQ,CAAC;YACxE,QAAQ;SACT,CAAC;IACJ,CAAC;AACH,CAAC,CAAC;AAzBW,QAAA,qBAAqB,yBAyBhC;AAoBF;;GAEG;AACI,MAAM,yBAAyB,GAAG,CACvC,IAAU,EACV,OAA6B,EAC7B,IAAsC,EACtC,EAAE;;IACF,MAAA,OAAO,CAAC,OAAO,oCAAf,OAAO,CAAC,OAAO,GAAK,EAAE,EAAC;IAEvB,qDAAqD;IACrD,IAAA,sBAAa,EACX,IAAI,EACJ,IAAA,0BAAiB,EAAC,SAAS,EAAE,OAAO,EAAE,IAAI,CAAC,EAC3C,OAAO,CAAC,IAAI,EACZ,EAAE,EACF,EAAE,iBAAiB,EAAE,0BAAiB,CAAC,YAAY,EAAE,CACtD,CAAC;IAEF,wBAAwB;IACxB,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;QAC5B,OAAO,CAAC,OAAO,CAAC,MAAM,GAAG;YACvB,KAAK,EAAE,IAAI;YACX,OAAO,EAAE,CAAC,2CAA2C,CAAC;YACtD,QAAQ,EAAE,iBAAiB;YAC3B,OAAO,EAAE;gBACP,OAAO,EAAE,gCAAgC;gBACzC,GAAG,EAAE,eAAe;aACrB;YACD,SAAS,EAAE,CAAC,SAAS,CAAC;SACvB,CAAC;IACJ,CAAC;IAED,iCAAiC;IACjC,IAAA,sCAAiC,EAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IAE9D,MAAM,kBAAkB,GAAG,IAAA,0BAAiB,EAC1C,OAAO,CAAC,IAAI,EACZ,oBAAoB,CACrB,CAAC;IAEF,MAAM,2BAA2B,GAC/B,8EAA8E,CAAC;IAEjF,gFAAgF;IAChF,IACE,IAAA,WAAK,EACH,IAAI,EACJ,kBAAkB,EAClB,GAAG,2BAA2B,8EAA8E,IAAI,CAAC,cAAc,KAAK,CACrI,CAAC,MAAM,KAAK,CAAC,EACd,CAAC;QACD,kCAAkC;QAClC,IAAA,aAAO,EACL,IAAI,EACJ,kBAAkB,EAClB,2BAA2B,EAC3B,CAAC,IAA4B,EAAE,EAAE;;YAC/B,OAAO,oBAAO,CAAC,4BAA4B,CAAC;gBAC1C,GAAG,IAAI,CAAC,QAAQ;gBAChB,oBAAO,CAAC,6BAA6B,CACnC;oBACE,oBAAO,CAAC,wBAAwB,CAC9B,oBAAO,CAAC,gBAAgB,CAAC,OAAO,CAAC,EACjC,oBAAO,CAAC,mBAAmB,CAAC,IAAI,CAAC,cAAc,EAAE,IAAI,CAAC,CACvD;oBACD,oBAAO,CAAC,wBAAwB,CAC9B,oBAAO,CAAC,gBAAgB,CAAC,QAAQ,CAAC,EAClC,oBAAO,CAAC,6BAA6B,CACnC;wBACE,oBAAO,CAAC,wBAAwB,CAC9B,oBAAO,CAAC,gBAAgB,CAAC,MAAM,CAAC,EAChC,oBAAO,CAAC,mBAAmB,CACzB,IAAA,0BAAiB,EACf,IAAA,6BAAqB,EAAC,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,EACzC,MAAM,EACN,OAAO,CAAC,IAAI,EACZ,QAAQ,EACR,MAAA,IAAI,CAAC,eAAe,mCAAI,GAAG,EAC3B,UAAU,CACX,EACD,IAAI,CACL,CACF;wBACD,oBAAO,CAAC,wBAAwB,CAC9B,oBAAO,CAAC,gBAAgB,CAAC,QAAQ,CAAC,EAClC,oBAAO,CAAC,mBAAmB,CAAC,KAAK,EAAE,IAAI,CAAC,CACzC;wBACD,oBAAO,CAAC,wBAAwB,CAC9B,oBAAO,CAAC,gBAAgB,CAAC,sBAAsB,CAAC,EAChD,oBAAO,CAAC,UAAU,EAAE,CACrB;qBACF,EACD,IAAI,CACL,CACF;oBACD,GAAG,CAAC,IAAI,CAAC,QAAQ;wBACf,CAAC,CAAC;4BACE,oBAAO,CAAC,wBAAwB,CAC9B,oBAAO,CAAC,gBAAgB,CAAC,UAAU,CAAC,EACpC,oBAAO,CAAC,4BAA4B,CAClC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CACxB,OAAO,GAAG,KAAK,QAAQ;gCACrB,CAAC,CAAC,oBAAO,CAAC,mBAAmB,CAAC,GAAG,EAAE,IAAI,CAAC;gCACxC,CAAC,CAAC,oBAAO,CAAC,8BAA8B,CACpC,IAAI,GAAG,CAAC,MAAM,GAAG,CAClB,CACN,CACF,CACF;yBACF;wBACH,CAAC,CAAC,EAAE,CAAC;iBACR,EACD,IAAI,CACL;aACF,CAAC,CAAC;QACL,CAAC,CACF,CAAC;IACJ,CAAC;IAED,IAAA,qCAA4B,EAAC,IAAI,EAAE,EAAE,EAAE,IAAA,uBAAY,EAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;AACrE,CAAC,CAAC;AAtHW,QAAA,yBAAyB,6BAsHpC"}
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
import { IConstruct } from 'constructs';
|
|
2
|
+
import { CfnResource } from 'aws-cdk-lib';
|
|
3
|
+
|
|
4
|
+
/**
|
|
5
|
+
* Suppresses a set of rules for a construct tree.
|
|
6
|
+
*
|
|
7
|
+
* @param construct The root construct to suppress the rule for.
|
|
8
|
+
* @param ids The ids of the rules to suppress.
|
|
9
|
+
* @param comment The reason for suppressing the rule
|
|
10
|
+
* @param predicate A predicate function that determines whether the rule should be suppressed for the given construct or any of its descendants.
|
|
11
|
+
*
|
|
12
|
+
* @example
|
|
13
|
+
* The following example suppresses the CKV_AWS_XXX rule for the given construct.
|
|
14
|
+
* suppressRules(construct, ['CKV_AWS_XXX'], 'Not required for this use case')
|
|
15
|
+
*
|
|
16
|
+
* @example
|
|
17
|
+
* The following example suppresses the CKV_AWS_XXX rule for the construct or any of its descendants if it is an instance of Bucket:
|
|
18
|
+
* suppressRules(construct, ['CKV_AWS_XXX'], 'Not required for this use case', (construct) => construct instanceof Bucket)
|
|
19
|
+
*/
|
|
20
|
+
export const suppressRules = (
|
|
21
|
+
construct: IConstruct,
|
|
22
|
+
ids: string[],
|
|
23
|
+
comment: string,
|
|
24
|
+
predicate?: (construct: IConstruct) => boolean,
|
|
25
|
+
) => {
|
|
26
|
+
const resources = (
|
|
27
|
+
predicate ? construct.node.findAll().filter(predicate) : [construct]
|
|
28
|
+
)
|
|
29
|
+
.map((resource) => {
|
|
30
|
+
if (CfnResource.isCfnResource(resource)) {
|
|
31
|
+
return resource;
|
|
32
|
+
} else return resource.node.defaultChild;
|
|
33
|
+
})
|
|
34
|
+
.filter((resource) => CfnResource.isCfnResource(resource));
|
|
35
|
+
|
|
36
|
+
resources.forEach((resource) => {
|
|
37
|
+
const metadata = resource.getMetadata('checkov') || {};
|
|
38
|
+
metadata['skip'] = [
|
|
39
|
+
...(metadata['skip'] ?? []),
|
|
40
|
+
...ids.map((id) => ({ id, comment })),
|
|
41
|
+
];
|
|
42
|
+
resource.addMetadata('checkov', metadata);
|
|
43
|
+
});
|
|
44
|
+
};
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
|
3
|
+
* SPDX-License-Identifier: Apache-2.0
|
|
4
|
+
*/
|
|
5
|
+
import { Tree } from '@nx/devkit';
|
|
6
|
+
/**
|
|
7
|
+
* Utility class for creating platform agnostic commands for filesystem operations.
|
|
8
|
+
* Adds the required dependencies to the root package json
|
|
9
|
+
*/
|
|
10
|
+
export declare class FsCommands {
|
|
11
|
+
private tree;
|
|
12
|
+
constructor(tree: Tree);
|
|
13
|
+
cp(src: string, dst: string): string;
|
|
14
|
+
rm(dir: string): string;
|
|
15
|
+
mkdir(dir: string): string;
|
|
16
|
+
}
|
package/src/utils/fs.js
ADDED
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.FsCommands = void 0;
|
|
4
|
+
/**
|
|
5
|
+
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
|
6
|
+
* SPDX-License-Identifier: Apache-2.0
|
|
7
|
+
*/
|
|
8
|
+
const devkit_1 = require("@nx/devkit");
|
|
9
|
+
const versions_1 = require("./versions");
|
|
10
|
+
/**
|
|
11
|
+
* Utility class for creating platform agnostic commands for filesystem operations.
|
|
12
|
+
* Adds the required dependencies to the root package json
|
|
13
|
+
*/
|
|
14
|
+
class FsCommands {
|
|
15
|
+
constructor(tree) {
|
|
16
|
+
this.tree = tree;
|
|
17
|
+
}
|
|
18
|
+
cp(src, dst) {
|
|
19
|
+
(0, devkit_1.addDependenciesToPackageJson)(this.tree, {}, (0, versions_1.withVersions)(['ncp']));
|
|
20
|
+
return `ncp ${src} ${dst}`;
|
|
21
|
+
}
|
|
22
|
+
rm(dir) {
|
|
23
|
+
(0, devkit_1.addDependenciesToPackageJson)(this.tree, {}, (0, versions_1.withVersions)(['rimraf']));
|
|
24
|
+
return `rimraf ${dir}`;
|
|
25
|
+
}
|
|
26
|
+
mkdir(dir) {
|
|
27
|
+
(0, devkit_1.addDependenciesToPackageJson)(this.tree, {}, (0, versions_1.withVersions)(['make-dir-cli']));
|
|
28
|
+
return `make-dir ${dir}`;
|
|
29
|
+
}
|
|
30
|
+
}
|
|
31
|
+
exports.FsCommands = FsCommands;
|
|
32
|
+
//# sourceMappingURL=fs.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"fs.js","sourceRoot":"","sources":["../../../../../packages/nx-plugin/src/utils/fs.ts"],"names":[],"mappings":";;;AAAA;;;GAGG;AACH,uCAAgE;AAChE,yCAA0C;AAE1C;;;GAGG;AACH,MAAa,UAAU;IAGrB,YAAY,IAAU;QACpB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;IAEM,EAAE,CAAC,GAAW,EAAE,GAAW;QAChC,IAAA,qCAA4B,EAAC,IAAI,CAAC,IAAI,EAAE,EAAE,EAAE,IAAA,uBAAY,EAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACnE,OAAO,OAAO,GAAG,IAAI,GAAG,EAAE,CAAC;IAC7B,CAAC;IAEM,EAAE,CAAC,GAAW;QACnB,IAAA,qCAA4B,EAAC,IAAI,CAAC,IAAI,EAAE,EAAE,EAAE,IAAA,uBAAY,EAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QACtE,OAAO,UAAU,GAAG,EAAE,CAAC;IACzB,CAAC;IAEM,KAAK,CAAC,GAAW;QACtB,IAAA,qCAA4B,EAAC,IAAI,CAAC,IAAI,EAAE,EAAE,EAAE,IAAA,uBAAY,EAAC,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC;QAC5E,OAAO,YAAY,GAAG,EAAE,CAAC;IAC3B,CAAC;CACF;AArBD,gCAqBC"}
|
|
@@ -16,6 +16,7 @@ import {
|
|
|
16
16
|
import { Construct } from 'constructs';
|
|
17
17
|
import { RuntimeConfig } from './runtime-config.js';
|
|
18
18
|
import { Distribution } from 'aws-cdk-lib/aws-cloudfront';
|
|
19
|
+
import { suppressRules } from './checkov.js';
|
|
19
20
|
|
|
20
21
|
const WEB_CLIENT_ID = 'WebClient';
|
|
21
22
|
/**
|
|
@@ -52,6 +53,13 @@ export class UserIdentity extends Construct {
|
|
|
52
53
|
userPoolWebClientId: this.userPoolClient.userPoolClientId,
|
|
53
54
|
};
|
|
54
55
|
|
|
56
|
+
suppressRules(
|
|
57
|
+
this.userPool,
|
|
58
|
+
['CKV_AWS_111'],
|
|
59
|
+
'SMS Role requires wildcard resource',
|
|
60
|
+
(c) => c.node.path.includes('/smsRole/'),
|
|
61
|
+
);
|
|
62
|
+
|
|
55
63
|
new CfnOutput(this, `${id}-UserPoolId`, {
|
|
56
64
|
value: this.userPool.userPoolId,
|
|
57
65
|
});
|
package/src/utils/nx.d.ts
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
|
3
3
|
* SPDX-License-Identifier: Apache-2.0
|
|
4
4
|
*/
|
|
5
|
-
import { Tree } from '@nx/devkit';
|
|
5
|
+
import { ProjectConfiguration, Tree } from '@nx/devkit';
|
|
6
6
|
export interface NxGeneratorInfo {
|
|
7
7
|
readonly id: string;
|
|
8
8
|
readonly metric: string;
|
|
@@ -25,8 +25,15 @@ export declare const getPackageVersion: () => string;
|
|
|
25
25
|
/**
|
|
26
26
|
* Read a project configuration where the project name may not be fully qualified (ie may omit the scope prefix)
|
|
27
27
|
*/
|
|
28
|
-
export declare const readProjectConfigurationUnqualified: (tree: Tree, projectName: string) =>
|
|
28
|
+
export declare const readProjectConfigurationUnqualified: (tree: Tree, projectName: string) => ProjectConfiguration;
|
|
29
29
|
/**
|
|
30
30
|
* Add metadata about the generator to the project.json
|
|
31
31
|
*/
|
|
32
|
-
export declare const addGeneratorMetadata: (tree: Tree, projectName: string, info: NxGeneratorInfo
|
|
32
|
+
export declare const addGeneratorMetadata: (tree: Tree, projectName: string, info: NxGeneratorInfo, additionalMetadata?: {
|
|
33
|
+
[key: string]: any;
|
|
34
|
+
}) => void;
|
|
35
|
+
/**
|
|
36
|
+
* Mutate the project to add the dependency to the target if not already present
|
|
37
|
+
* Adds the target if not present.
|
|
38
|
+
*/
|
|
39
|
+
export declare const addDependencyToTargetIfNotPresent: (project: ProjectConfiguration, target: string, dependency: string) => void;
|
package/src/utils/nx.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.addGeneratorMetadata = exports.readProjectConfigurationUnqualified = exports.getPackageVersion = exports.getGeneratorInfo = exports.listGenerators = void 0;
|
|
3
|
+
exports.addDependencyToTargetIfNotPresent = exports.addGeneratorMetadata = exports.readProjectConfigurationUnqualified = exports.getPackageVersion = exports.getGeneratorInfo = exports.listGenerators = void 0;
|
|
4
4
|
const tslib_1 = require("tslib");
|
|
5
5
|
/**
|
|
6
6
|
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
|
@@ -62,9 +62,24 @@ exports.readProjectConfigurationUnqualified = readProjectConfigurationUnqualifie
|
|
|
62
62
|
/**
|
|
63
63
|
* Add metadata about the generator to the project.json
|
|
64
64
|
*/
|
|
65
|
-
const addGeneratorMetadata = (tree, projectName, info) => {
|
|
65
|
+
const addGeneratorMetadata = (tree, projectName, info, additionalMetadata) => {
|
|
66
66
|
const config = (0, exports.readProjectConfigurationUnqualified)(tree, projectName);
|
|
67
|
-
(0, devkit_1.updateProjectConfiguration)(tree, config.name, Object.assign(Object.assign({}, config), { metadata: Object.assign(Object.assign({}, config === null || config === void 0 ? void 0 : config.metadata), { generator: info.id }) }));
|
|
67
|
+
(0, devkit_1.updateProjectConfiguration)(tree, config.name, Object.assign(Object.assign({}, config), { metadata: Object.assign(Object.assign(Object.assign({}, config === null || config === void 0 ? void 0 : config.metadata), { generator: info.id }), additionalMetadata) }));
|
|
68
68
|
};
|
|
69
69
|
exports.addGeneratorMetadata = addGeneratorMetadata;
|
|
70
|
+
/**
|
|
71
|
+
* Mutate the project to add the dependency to the target if not already present
|
|
72
|
+
* Adds the target if not present.
|
|
73
|
+
*/
|
|
74
|
+
const addDependencyToTargetIfNotPresent = (project, target, dependency) => {
|
|
75
|
+
var _a, _b, _c;
|
|
76
|
+
var _d;
|
|
77
|
+
(_a = project.targets) !== null && _a !== void 0 ? _a : (project.targets = {});
|
|
78
|
+
(_b = (_d = project.targets)[target]) !== null && _b !== void 0 ? _b : (_d[target] = {});
|
|
79
|
+
project.targets[target].dependsOn = [
|
|
80
|
+
...((_c = project.targets[target].dependsOn) !== null && _c !== void 0 ? _c : []).filter((d) => d !== dependency),
|
|
81
|
+
dependency,
|
|
82
|
+
];
|
|
83
|
+
};
|
|
84
|
+
exports.addDependencyToTargetIfNotPresent = addDependencyToTargetIfNotPresent;
|
|
70
85
|
//# sourceMappingURL=nx.js.map
|
package/src/utils/nx.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"nx.js","sourceRoot":"","sources":["../../../../../packages/nx-plugin/src/utils/nx.ts"],"names":[],"mappings":";;;;AAAA;;;GAGG;AACH,
|
|
1
|
+
{"version":3,"file":"nx.js","sourceRoot":"","sources":["../../../../../packages/nx-plugin/src/utils/nx.ts"],"names":[],"mappings":";;;;AAAA;;;GAGG;AACH,uCAMoB;AACpB,oFAAmD;AACnD,8EAA6C;AAC7C,mDAA6B;AAC7B,2CAA6D;AAC7D,mCAAsC;AAYtC,MAAM,UAAU,GAAsB,MAAM,CAAC,OAAO,CAClD,yBAAc,CAAC,UAAU,CAC1B,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,+BACpB,EAAE,EACF,MAAM,EAAE,IAAI,CAAC,MAAM,EACnB,mBAAmB,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,EACtE,kBAAkB,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,EACpE,WAAW,EAAE,IAAI,CAAC,WAAW,IAC1B,CAAC,QAAQ,IAAI,IAAI,IAAI,IAAI,CAAC,MAAM;IACjC,CAAC,CAAC;QACE,MAAM,EAAE,IAAI,CAAC,MAAM;KACpB;IACH,CAAC,CAAC,EAAE,CAAC,GACJ,CAAC,YAAY,IAAI,IAAI,IAAI,IAAI,CAAC,UAAU;IACzC,CAAC,CAAC;QACE,UAAU,EAAE,IAAI,CAAC,UAAU;KAC5B;IACH,CAAC,CAAC,EAAE,CAAC,EACP,CAAC,CAAC;AAEJ;;;GAGG;AACI,MAAM,cAAc,GAAG,CAAC,aAAa,GAAG,KAAK,EAAqB,EAAE,CACzE,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;AAD1C,QAAA,cAAc,kBAC4B;AAEvD;;GAEG;AACI,MAAM,gBAAgB,GAAG,CAC9B,iBAAyB,EACR,EAAE;IACnB,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC,CAAC;IAClE,MAAM,mBAAmB,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IACjD,OAAO,UAAU,CAAC,IAAI,CACpB,CAAC,aAAa,EAAE,EAAE,CAChB,aAAa,CAAC,mBAAmB,KAAK,mBAAmB,CAC5D,CAAC;AACJ,CAAC,CAAC;AATW,QAAA,gBAAgB,oBAS3B;AAEK,MAAM,iBAAiB,GAAG,GAAG,EAAE;IACpC,OAAO,sBAAW,CAAC,OAAO,CAAC;AAC7B,CAAC,CAAC;AAFW,QAAA,iBAAiB,qBAE5B;AAEF;;GAEG;AACI,MAAM,mCAAmC,GAAG,CACjD,IAAU,EACV,WAAmB,EACnB,EAAE;IACF,IAAI,CAAC;QACH,OAAO,IAAA,iCAAwB,EAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IACrD,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,gDAAgD;QAChD,MAAM,OAAO,GAAG,CAAC,GAAG,IAAA,oBAAW,EAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAClD,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,IAAI;YACN,CAAC,CAAC,CAAC,IAAI,KAAK,GAAG,IAAA,6BAAiB,EAAC,IAAI,CAAC,GAAG,WAAW,EAAE,IAAI,kCAAkC;gBAC1F,CAAC,CAAC,IAAI,KAAK,GAAG,IAAA,mBAAW,EAAC,IAAA,uBAAW,EAAC,IAAI,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC,CACnE,CAAC;QACF,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,MAAM,CAAC,CAAC;IACV,CAAC;AACH,CAAC,CAAC;AAnBW,QAAA,mCAAmC,uCAmB9C;AAEF;;GAEG;AACI,MAAM,oBAAoB,GAAG,CAClC,IAAU,EACV,WAAmB,EACnB,IAAqB,EACrB,kBAA2C,EAC3C,EAAE;IACF,MAAM,MAAM,GAAG,IAAA,2CAAmC,EAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IACtE,IAAA,mCAA0B,EAAC,IAAI,EAAE,MAAM,CAAC,IAAI,kCACvC,MAAM,KACT,QAAQ,EAAE,8CACL,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,QAAQ,KACnB,SAAS,EAAE,IAAI,CAAC,EAAE,KACf,kBAAkB,CACf,IACR,CAAC;AACL,CAAC,CAAC;AAfW,QAAA,oBAAoB,wBAe/B;AAEF;;;GAGG;AACI,MAAM,iCAAiC,GAAG,CAC/C,OAA6B,EAC7B,MAAc,EACd,UAAkB,EAClB,EAAE;;;IACF,MAAA,OAAO,CAAC,OAAO,oCAAf,OAAO,CAAC,OAAO,GAAK,EAAE,EAAC;IACvB,YAAA,OAAO,CAAC,OAAO,EAAC,MAAM,wCAAN,MAAM,IAAM,EAAE,EAAC;IAC/B,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,SAAS,GAAG;QAClC,GAAG,CAAC,MAAA,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,SAAS,mCAAI,EAAE,CAAC,CAAC,MAAM,CACjD,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,UAAU,CACxB;QACD,UAAU;KACX,CAAC;AACJ,CAAC,CAAC;AAbW,QAAA,iCAAiC,qCAa5C"}
|
package/src/utils/versions.d.ts
CHANGED
|
@@ -6,11 +6,11 @@
|
|
|
6
6
|
* Versons for TypeScript dependencies added by generators
|
|
7
7
|
*/
|
|
8
8
|
export declare const TS_VERSIONS: {
|
|
9
|
-
readonly '@cdklabs/cdk-validator-cfnguard': "0.0.60";
|
|
10
9
|
readonly '@aws-sdk/client-cognito-identity': "3.876.0";
|
|
11
10
|
readonly '@aws-sdk/credential-providers': "3.876.0";
|
|
12
11
|
readonly '@aws-sdk/credential-provider-cognito-identity': "3.876.0";
|
|
13
|
-
readonly '@aws-
|
|
12
|
+
readonly '@aws-smithy/server-apigateway': "1.0.0-alpha.10";
|
|
13
|
+
readonly '@aws-smithy/server-node': "1.0.0-alpha.10";
|
|
14
14
|
readonly '@aws-lambda-powertools/logger': "2.25.2";
|
|
15
15
|
readonly '@aws-lambda-powertools/metrics': "2.25.2";
|
|
16
16
|
readonly '@aws-lambda-powertools/tracer': "2.25.2";
|
|
@@ -40,8 +40,8 @@ export declare const TS_VERSIONS: {
|
|
|
40
40
|
readonly '@types/express': "5.0.3";
|
|
41
41
|
readonly '@smithy/types': "4.3.2";
|
|
42
42
|
readonly aws4fetch: "1.0.20";
|
|
43
|
-
readonly 'aws-cdk': "2.
|
|
44
|
-
readonly 'aws-cdk-lib': "2.
|
|
43
|
+
readonly 'aws-cdk': "2.1029.3";
|
|
44
|
+
readonly 'aws-cdk-lib': "2.217.0";
|
|
45
45
|
readonly 'aws-xray-sdk-core': "3.10.3";
|
|
46
46
|
readonly constructs: "10.4.2";
|
|
47
47
|
readonly cors: "2.8.5";
|
|
@@ -50,9 +50,12 @@ export declare const TS_VERSIONS: {
|
|
|
50
50
|
readonly express: "5.1.0";
|
|
51
51
|
readonly 'jsonc-eslint-parser': "2.4.0";
|
|
52
52
|
readonly 'make-dir-cli': "4.0.0";
|
|
53
|
+
readonly ncp: "2.0.0";
|
|
53
54
|
readonly 'oidc-client-ts': "3.3.0";
|
|
54
55
|
readonly prettier: "3.6.2";
|
|
55
56
|
readonly 'react-oidc-context': "3.3.0";
|
|
57
|
+
readonly rimraf: "6.0.1";
|
|
58
|
+
readonly rolldown: "1.0.0-beta.38";
|
|
56
59
|
readonly 'source-map-support': "0.5.21";
|
|
57
60
|
readonly tailwindcss: "4.1.12";
|
|
58
61
|
readonly '@tailwindcss/vite': "4.1.12";
|
|
@@ -66,7 +69,7 @@ export type ITsDepVersion = keyof typeof TS_VERSIONS;
|
|
|
66
69
|
* Add versions to the given dependencies
|
|
67
70
|
*/
|
|
68
71
|
export declare const withVersions: (deps: ITsDepVersion[]) => {
|
|
69
|
-
[k: string]: "
|
|
72
|
+
[k: string]: "3.876.0" | "1.0.0-alpha.10" | "2.25.2" | "6.4.4" | "21.2.0" | "9.0.0" | "21.4.1" | "1.17.4" | "0.16.5" | "1.131.28" | "1.131.2" | "3.0.117" | "3.0.1075" | "1.0.45" | "5.87.4" | "11.0.0" | "22.18.0" | "8.10.152" | "2.8.19" | "5.0.3" | "4.3.2" | "1.0.20" | "2.1029.3" | "2.217.0" | "3.10.3" | "10.4.2" | "2.8.5" | "0.25.9" | "5.5.4" | "5.1.0" | "2.4.0" | "4.0.0" | "2.0.0" | "3.3.0" | "3.6.2" | "6.0.1" | "1.0.0-beta.38" | "0.5.21" | "4.1.12" | "4.20.1" | "5.1.4" | "4.1.5" | "npm:zod@^3";
|
|
70
73
|
};
|
|
71
74
|
/**
|
|
72
75
|
* Versions for Python dependencies added by generators
|
package/src/utils/versions.js
CHANGED
|
@@ -9,11 +9,11 @@ exports.withPyVersions = exports.PY_VERSIONS = exports.withVersions = exports.TS
|
|
|
9
9
|
* Versons for TypeScript dependencies added by generators
|
|
10
10
|
*/
|
|
11
11
|
exports.TS_VERSIONS = {
|
|
12
|
-
'@cdklabs/cdk-validator-cfnguard': '0.0.60',
|
|
13
12
|
'@aws-sdk/client-cognito-identity': '3.876.0',
|
|
14
13
|
'@aws-sdk/credential-providers': '3.876.0',
|
|
15
14
|
'@aws-sdk/credential-provider-cognito-identity': '3.876.0',
|
|
16
|
-
'@aws-
|
|
15
|
+
'@aws-smithy/server-apigateway': '1.0.0-alpha.10',
|
|
16
|
+
'@aws-smithy/server-node': '1.0.0-alpha.10',
|
|
17
17
|
'@aws-lambda-powertools/logger': '2.25.2',
|
|
18
18
|
'@aws-lambda-powertools/metrics': '2.25.2',
|
|
19
19
|
'@aws-lambda-powertools/tracer': '2.25.2',
|
|
@@ -43,8 +43,8 @@ exports.TS_VERSIONS = {
|
|
|
43
43
|
'@types/express': '5.0.3',
|
|
44
44
|
'@smithy/types': '4.3.2',
|
|
45
45
|
aws4fetch: '1.0.20',
|
|
46
|
-
'aws-cdk': '2.
|
|
47
|
-
'aws-cdk-lib': '2.
|
|
46
|
+
'aws-cdk': '2.1029.3',
|
|
47
|
+
'aws-cdk-lib': '2.217.0',
|
|
48
48
|
'aws-xray-sdk-core': '3.10.3',
|
|
49
49
|
constructs: '10.4.2',
|
|
50
50
|
cors: '2.8.5',
|
|
@@ -53,9 +53,12 @@ exports.TS_VERSIONS = {
|
|
|
53
53
|
express: '5.1.0',
|
|
54
54
|
'jsonc-eslint-parser': '2.4.0',
|
|
55
55
|
'make-dir-cli': '4.0.0',
|
|
56
|
+
ncp: '2.0.0',
|
|
56
57
|
'oidc-client-ts': '3.3.0',
|
|
57
58
|
prettier: '3.6.2',
|
|
58
59
|
'react-oidc-context': '3.3.0',
|
|
60
|
+
rimraf: '6.0.1',
|
|
61
|
+
rolldown: '1.0.0-beta.38',
|
|
59
62
|
'source-map-support': '0.5.21',
|
|
60
63
|
tailwindcss: '4.1.12',
|
|
61
64
|
'@tailwindcss/vite': '4.1.12',
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"versions.js","sourceRoot":"","sources":["../../../../../packages/nx-plugin/src/utils/versions.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAEH;;GAEG;AACU,QAAA,WAAW,GAAG;IACzB,
|
|
1
|
+
{"version":3,"file":"versions.js","sourceRoot":"","sources":["../../../../../packages/nx-plugin/src/utils/versions.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAEH;;GAEG;AACU,QAAA,WAAW,GAAG;IACzB,kCAAkC,EAAE,SAAS;IAC7C,+BAA+B,EAAE,SAAS;IAC1C,+CAA+C,EAAE,SAAS;IAC1D,+BAA+B,EAAE,gBAAgB;IACjD,yBAAyB,EAAE,gBAAgB;IAC3C,+BAA+B,EAAE,QAAQ;IACzC,gCAAgC,EAAE,QAAQ;IAC1C,+BAA+B,EAAE,QAAQ;IACzC,+BAA+B,EAAE,QAAQ;IACzC,aAAa,EAAE,OAAO;IACtB,cAAc,EAAE,QAAQ;IACxB,sBAAsB,EAAE,OAAO;IAC/B,YAAY,EAAE,QAAQ;IACtB,2BAA2B,EAAE,QAAQ;IACrC,iCAAiC,EAAE,QAAQ;IAC3C,wBAAwB,EAAE,UAAU;IACpC,yBAAyB,EAAE,UAAU;IACrC,4BAA4B,EAAE,UAAU;IACxC,+BAA+B,EAAE,SAAS;IAC1C,wBAAwB,EAAE,SAAS;IACnC,qCAAqC,EAAE,SAAS;IAChD,+BAA+B,EAAE,UAAU;IAC3C,kCAAkC,EAAE,QAAQ;IAC5C,uBAAuB,EAAE,QAAQ;IACjC,gCAAgC,EAAE,QAAQ;IAC1C,4BAA4B,EAAE,QAAQ;IACtC,cAAc,EAAE,QAAQ;IACxB,cAAc,EAAE,QAAQ;IACxB,aAAa,EAAE,SAAS;IACxB,mBAAmB,EAAE,UAAU;IAC/B,aAAa,EAAE,QAAQ;IACvB,gBAAgB,EAAE,OAAO;IACzB,eAAe,EAAE,OAAO;IACxB,SAAS,EAAE,QAAQ;IACnB,SAAS,EAAE,UAAU;IACrB,aAAa,EAAE,SAAS;IACxB,mBAAmB,EAAE,QAAQ;IAC7B,UAAU,EAAE,QAAQ;IACpB,IAAI,EAAE,OAAO;IACb,OAAO,EAAE,QAAQ;IACjB,wBAAwB,EAAE,OAAO;IACjC,OAAO,EAAE,OAAO;IAChB,qBAAqB,EAAE,OAAO;IAC9B,cAAc,EAAE,OAAO;IACvB,GAAG,EAAE,OAAO;IACZ,gBAAgB,EAAE,OAAO;IACzB,QAAQ,EAAE,OAAO;IACjB,oBAAoB,EAAE,OAAO;IAC7B,MAAM,EAAE,OAAO;IACf,QAAQ,EAAE,eAAe;IACzB,oBAAoB,EAAE,QAAQ;IAC9B,WAAW,EAAE,QAAQ;IACrB,mBAAmB,EAAE,QAAQ;IAC7B,GAAG,EAAE,QAAQ,EAAE,kDAAkD;IACjE,qBAAqB,EAAE,OAAO;IAC9B,GAAG,EAAE,OAAO;IACZ,2FAA2F;IAC3F,oEAAoE;IACpE,QAAQ,EAAE,YAAY;CACd,CAAC;AAGX;;GAEG;AACI,MAAM,YAAY,GAAG,CAAC,IAAqB,EAAE,EAAE,CACpD,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,EAAE,mBAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;AADpD,QAAA,YAAY,gBACwC;AAEjE;;GAEG;AACU,QAAA,WAAW,GAAG;IACzB,uBAAuB,EAAE,UAAU;IACnC,+BAA+B,EAAE,UAAU;IAC3C,+BAA+B,EAAE,UAAU;IAC3C,0BAA0B,EAAE,UAAU;IACtC,mBAAmB,EAAE,SAAS;IAC9B,KAAK,EAAE,WAAW;IAClB,OAAO,EAAE,WAAW;IACpB,OAAO,EAAE,WAAW;IACpB,mBAAmB,EAAE,WAAW;IAChC,MAAM,EAAE,UAAU;IAClB,GAAG,EAAE,UAAU;IACf,gBAAgB,EAAE,SAAS;IAC3B,sBAAsB,EAAE,SAAS;CACzB,CAAC;AAGX;;GAEG;AACI,MAAM,cAAc,GAAG,CAAC,IAAqB,EAAE,EAAE,CACtD,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,GAAG,GAAG,mBAAW,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;AADpC,QAAA,cAAc,kBACsB"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { CfnOutput, RemovalPolicy, Stack } from 'aws-cdk-lib';
|
|
1
|
+
import { CfnOutput, CfnResource, RemovalPolicy, Stack } from 'aws-cdk-lib';
|
|
2
2
|
import { Distribution, ViewerProtocolPolicy } from 'aws-cdk-lib/aws-cloudfront';
|
|
3
3
|
import { S3BucketOrigin } from 'aws-cdk-lib/aws-cloudfront-origins';
|
|
4
4
|
import {
|
|
@@ -13,6 +13,8 @@ import { Construct } from 'constructs';
|
|
|
13
13
|
import { RuntimeConfig } from './runtime-config.js';
|
|
14
14
|
import { Key } from 'aws-cdk-lib/aws-kms';
|
|
15
15
|
import { CfnWebACL } from 'aws-cdk-lib/aws-wafv2';
|
|
16
|
+
import { suppressRules } from './checkov.js';
|
|
17
|
+
|
|
16
18
|
const DEFAULT_RUNTIME_CONFIG_FILENAME = 'runtime-config.json';
|
|
17
19
|
|
|
18
20
|
export interface StaticWebsiteProps {
|
|
@@ -59,6 +61,17 @@ export class StaticWebsite extends Construct {
|
|
|
59
61
|
publicReadAccess: false,
|
|
60
62
|
blockPublicAccess: BlockPublicAccess.BLOCK_ALL,
|
|
61
63
|
});
|
|
64
|
+
suppressRules(
|
|
65
|
+
accessLogsBucket,
|
|
66
|
+
['CKV_AWS_21'],
|
|
67
|
+
'Access log bucket does not need versioning enabled',
|
|
68
|
+
);
|
|
69
|
+
suppressRules(
|
|
70
|
+
accessLogsBucket,
|
|
71
|
+
['CKV_AWS_18'],
|
|
72
|
+
'Access log bucket does not need an access log bucket',
|
|
73
|
+
);
|
|
74
|
+
|
|
62
75
|
// S3 Bucket to hold website files
|
|
63
76
|
this.websiteBucket = new Bucket(this, 'WebsiteBucket', {
|
|
64
77
|
versioned: true,
|
|
@@ -89,6 +102,12 @@ export class StaticWebsite extends Construct {
|
|
|
89
102
|
serverAccessLogsPrefix: 'distribution-access-logs',
|
|
90
103
|
serverAccessLogsBucket: accessLogsBucket,
|
|
91
104
|
});
|
|
105
|
+
suppressRules(
|
|
106
|
+
logBucket,
|
|
107
|
+
['CKV_AWS_21'],
|
|
108
|
+
'Distribution log bucket does not need versioning enabled',
|
|
109
|
+
);
|
|
110
|
+
|
|
92
111
|
const defaultRootObject = 'index.html';
|
|
93
112
|
this.cloudFrontDistribution = new Distribution(
|
|
94
113
|
this,
|
|
@@ -114,8 +133,14 @@ export class StaticWebsite extends Construct {
|
|
|
114
133
|
responsePagePath: `/${defaultRootObject}`,
|
|
115
134
|
},
|
|
116
135
|
],
|
|
117
|
-
}
|
|
136
|
+
},
|
|
118
137
|
);
|
|
138
|
+
suppressRules(
|
|
139
|
+
this.cloudFrontDistribution,
|
|
140
|
+
['CKV_AWS_174'],
|
|
141
|
+
'Cloudfront default certificate does not use TLS 1.2',
|
|
142
|
+
);
|
|
143
|
+
|
|
119
144
|
// Deploy Website
|
|
120
145
|
this.bucketDeployment = new BucketDeployment(this, 'WebsiteDeployment', {
|
|
121
146
|
sources: [
|
|
@@ -130,6 +155,17 @@ export class StaticWebsite extends Construct {
|
|
|
130
155
|
distribution: this.cloudFrontDistribution,
|
|
131
156
|
memoryLimit: 1024,
|
|
132
157
|
});
|
|
158
|
+
|
|
159
|
+
suppressRules(
|
|
160
|
+
Stack.of(this),
|
|
161
|
+
['CKV_AWS_111'],
|
|
162
|
+
'CDK Bucket Deployment uses wildcard to deploy arbitrary assets',
|
|
163
|
+
(c) =>
|
|
164
|
+
CfnResource.isCfnResource(c) &&
|
|
165
|
+
c.cfnResourceType === 'AWS::IAM::Policy' &&
|
|
166
|
+
c.node.path.includes(`/Custom::CDKBucketDeployment`),
|
|
167
|
+
);
|
|
168
|
+
|
|
133
169
|
new CfnOutput(this, 'DistributionDomainName', {
|
|
134
170
|
value: this.cloudFrontDistribution.domainName,
|
|
135
171
|
});
|
|
@@ -177,6 +213,24 @@ export class CloudfrontWebAcl extends Stack {
|
|
|
177
213
|
none: {},
|
|
178
214
|
},
|
|
179
215
|
},
|
|
216
|
+
{
|
|
217
|
+
name: 'KnownBadInputsRule',
|
|
218
|
+
priority: 1,
|
|
219
|
+
statement: {
|
|
220
|
+
managedRuleGroupStatement: {
|
|
221
|
+
name: 'AWSManagedRulesKnownBadInputsRuleSet',
|
|
222
|
+
vendorName: 'AWS',
|
|
223
|
+
},
|
|
224
|
+
},
|
|
225
|
+
visibilityConfig: {
|
|
226
|
+
cloudWatchMetricsEnabled: true,
|
|
227
|
+
metricName: 'MetricForWebACLCDK-CRS',
|
|
228
|
+
sampledRequestsEnabled: true,
|
|
229
|
+
},
|
|
230
|
+
overrideAction: {
|
|
231
|
+
none: {},
|
|
232
|
+
},
|
|
233
|
+
},
|
|
180
234
|
],
|
|
181
235
|
}).attrArn;
|
|
182
236
|
}
|