@axway/axway-central-cli 3.10.0 → 3.11.0

package/.security-profile-latest.json

@@ -0,0 +1,18 @@
+{
+	"version": "1.0",
+	"project": "Amplify - APIC CLI",
+	"repo_url": "https://git.ecd.axway.org/apigov/apicentral-cli",
+	"security_guide": "https://docs.axway.com/bundle/axway_resources/page/amplify_api_management_platform_security_white_paper.html",
+	"requirements": {
+		"fortify": false,
+		"irius-risk": false,
+		"pentest": false,
+		"twistlock": false,
+		"blackduck": true,
+		"third-party-policy-violation": false,
+		"appspider": false,
+		"insightvm": false
+	},
+	"suppressions": [
+	]
+}

package/dist/commands/install/awsAgents.js

@@ -20,6 +20,7 @@ const {
 } = (0, _snooplogg.default)('central: install: agents: aws');
 const daImage = `${_types.PublicDockerRepoBaseUrl}${_types.BasePaths.DockerAgentPublicRepo}/${_types.AgentNames.AWS_DA}`;
 const taImage = `${_types.PublicDockerRepoBaseUrl}${_types.BasePaths.DockerAgentPublicRepo}/${_types.AgentNames.AWS_TA}`;
+const STAGE_TAG_NAME_LENGTH = 127;
 
 // DeploymentTypes - ways the agents may be deployed with an AWS APIGW setup
 let DeploymentTypes = exports.DeploymentTypes = /*#__PURE__*/function (DeploymentTypes) {
@@ -66,6 +67,7 @@ const AWSPrompts = exports.AWSPrompts = {
   CONFIG_BUCKET_EXISTS: 'Does this bucket already exist on AWS, or will you create beforehand?',
   CONFIG_SERVICE: 'Do you want to setup config service?',
   DA_LOG_GROUP: 'Enter the log group name the discovery agent will log to',
+  STAGE_TAG_NAME: 'Enter the name of the tag on AWS API Gateway Stage that holds mapped stage on Amplify Central',
   DA_QUEUE: 'Enter the discovery queue name',
   DEPLOYMENT: 'Select the type of deployment you wish to configure',
   EC2_TYPE: 'Select the EC2 instance type',
@@ -276,6 +278,13 @@ const gatewayConnectivity = async installConfig => {
   awsAgentValues.logGroup = apiGWTrafficLogGroupName;
   awsAgentValues.cloudFormationConfig.APIGWTrafficLogGroupName = apiGWTrafficLogGroupName;
 
+  // StageTagName
+  const stageTagName = await (0, _basicPrompts.askInput)({
+    msg: AWSPrompts.STAGE_TAG_NAME,
+    validate: (0, _basicPrompts.validateInputLength)(STAGE_TAG_NAME_LENGTH, "Maximum length of 'stage tag name' is 127")
+  });
+  awsAgentValues.stageTagName = stageTagName;
+
   // FullTransactionLogging
   const fullTransactionLogging = (await (0, _basicPrompts.askList)({
     msg: AWSPrompts.FULL_TRANSACTION_LOGGING,

package/dist/commands/install/awsSaasAgents.js

@@ -21,6 +21,7 @@ function _toPrimitive(t, r) { if ("object" != typeof t || !t) return t; var e =
 const {
   log
 } = (0, _snooplogg.default)('central: install: agents: saas');
+const STAGE_TAG_NAME_LENGTH = 127;
 class DataplaneConfig {
   constructor(type) {
     _defineProperty(this, "type", void 0);
@@ -28,12 +29,14 @@ class DataplaneConfig {
   }
 }
 class AWSDataplaneConfig extends DataplaneConfig {
-  constructor(arn, enableFullTransactionLogging) {
+  constructor(arn, enableFullTransactionLogging, stageTagName) {
     super('AWS');
     _defineProperty(this, "accessLogARN", void 0);
     _defineProperty(this, "fullTransactionLogging", void 0);
+    _defineProperty(this, "stageTagName", void 0);
     this.accessLogARN = arn;
     this.fullTransactionLogging = enableFullTransactionLogging;
+    this.stageTagName = stageTagName;
   }
 }
 class Sampling {
@@ -108,6 +111,7 @@ class SaasAWSAgentValues extends SaasAgentValues {
     _defineProperty(this, "externalID", void 0);
     _defineProperty(this, "accessLogARN", void 0);
     _defineProperty(this, "fullTransactionLogging", void 0);
+    _defineProperty(this, "stageTagName", void 0);
     this.authType = AWSAuthType.ASSUME;
     this.accessKey = '';
     this.secretKey = '';
@@ -116,6 +120,7 @@ class SaasAWSAgentValues extends SaasAgentValues {
     this.externalID = '';
     this.accessLogARN = '';
     this.fullTransactionLogging = false;
+    this.stageTagName = '';
   }
   getAccessData() {
     let data = JSON.stringify({
@@ -150,6 +155,7 @@ const SaasPrompts = {
   ASSUME_ROLE: 'Enter the Role ARN that the agent will Assume',
   EXTERNAL_ID: 'Enter the External ID the Assume Role expects',
   ACCESS_LOG_ARN: 'Enter the ARN for the Access Log that the Discovery will add and the Traceability will use',
+  STAGE_TAG_NAME: 'Enter the name of the tag on AWS API Gateway Stage that holds mapped stage on Amplify Central',
   FULL_TRANSACTION_LOGGING: 'Do you want to enable Full Transaction Logging? Please note that CloudWatch costs would increase when Full Transaction Logging is enabled',
   DA_FREQUENCY: 'How often should the discovery run, leave blank for integrating in CI/CD process',
   DA_FILTER: 'Please enter the filter conditions for discovery of API Services based on tags',
@@ -335,6 +341,10 @@ const gatewayConnectivity = async installConfig => {
     // AWS connection details
     hostedAgentValues = new SaasAWSAgentValues();
     hostedAgentValues = await askForAWSCredentials(hostedAgentValues);
+    hostedAgentValues.stageTagName = await (0, _basicPrompts.askInput)({
+      msg: SaasPrompts.STAGE_TAG_NAME,
+      validate: (0, _basicPrompts.validateInputLength)(STAGE_TAG_NAME_LENGTH, "Maximum length of 'stage tag name' is 127")
+    });
     if (installConfig.switches.isTaEnabled) {
       console.log(_chalk.default.gray('\nThe access log ARN is a cloud watch log group amazon resource name'));
       hostedAgentValues.accessLogARN = await (0, _basicPrompts.askInput)({
@@ -403,33 +413,87 @@ const completeInstall = async (installConfig, apiServerClient, defsManager) => {
    */
   console.log('\n');
   let awsAgentValues = installConfig.gatewayConfig;
-
+  let resourceFuncsForCleanup = [];
+  let referencedIDPs = [];
+  let providedIDPs = installConfig.idpConfig[0];
+  let providedIDPAuths = installConfig.idpConfig[1];
+  // create Identity Provider resource
+  try {
+    for (let i = 0; i < providedIDPs.length; i++) {
+      let idpResource = await helpers.createNewIDPResource(apiServerClient, defsManager, providedIDPs[i]);
+      let cleanupFunc = async () => await helpers.deleteByResourceType(apiServerClient, defsManager, idpResource === null || idpResource === void 0 ? void 0 : idpResource.name, 'IdentityProvider', 'idp');
+      resourceFuncsForCleanup.push(cleanupFunc);
+      referencedIDPs.push({
+        name: idpResource === null || idpResource === void 0 ? void 0 : idpResource.name
+      });
+      log(idpResource);
+      let encryptedAccessData = await createEncryptedAccessData(providedIDPAuths[i], idpResource);
+      providedIDPAuths[i].setAccessData(encryptedAccessData);
+      let idpSecResource = await helpers.createNewIDPSecretResource(apiServerClient, defsManager, providedIDPAuths[i], idpResource);
+      let anotherCleanupFunc = async () => await helpers.deleteByResourceType(apiServerClient, defsManager, idpSecResource === null || idpSecResource === void 0 ? void 0 : idpSecResource.name, 'IdentityProviderSecret', 'idpsec', idpResource === null || idpResource === void 0 ? void 0 : idpResource.name);
+      resourceFuncsForCleanup.push(anotherCleanupFunc);
+    }
+  } catch (error) {
+    log(error);
+    console.log(_chalk.default.redBright('rolling back installation. Could not create the Identity Provider resources'));
+    await cleanResources(resourceFuncsForCleanup);
+    return;
+  }
+  let refIDPsSubResources = {
+    references: {
+      identityProviders: referencedIDPs
+    }
+  };
   // create the environment, if necessary
-  installConfig.centralConfig.environment = installConfig.centralConfig.ampcEnvInfo.isNew ? await helpers.createByResourceType(apiServerClient, defsManager, installConfig.centralConfig.ampcEnvInfo.name, 'Environment', 'env', {
-    axwayManaged: installConfig.centralConfig.axwayManaged,
-    production: installConfig.centralConfig.production
-  }) : installConfig.centralConfig.ampcEnvInfo.name;
+  if (installConfig.centralConfig.ampcEnvInfo.isNew) {
+    installConfig.centralConfig.environment = await helpers.createByResourceType(apiServerClient, defsManager, installConfig.centralConfig.ampcEnvInfo.name, 'Environment', 'env', {
+      axwayManaged: installConfig.centralConfig.axwayManaged,
+      production: installConfig.centralConfig.production
+    }, '', refIDPsSubResources);
+    let cleanupFunc = async () => await helpers.deleteByResourceType(apiServerClient, defsManager, installConfig.centralConfig.ampcEnvInfo.name, 'Environment', 'env');
+    resourceFuncsForCleanup.push(cleanupFunc);
+  } else {
+    // if the env exists, we simply update the references with the newly created IDPs, while preserving the existing IDP references
+    // In the case of any failure during the whole process, we return everything back to how it was before.
+    installConfig.centralConfig.environment = installConfig.centralConfig.ampcEnvInfo.name;
+    refIDPsSubResources.references.identityProviders.push(...installConfig.centralConfig.ampcEnvInfo.referencedIdentityProviders);
+    await helpers.updateSubResourceType(apiServerClient, defsManager, installConfig.centralConfig.ampcEnvInfo.name, 'Environment', 'env', '', refIDPsSubResources);
+    let oldIDPRef = {
+      references: {
+        identityProviders: installConfig.centralConfig.ampcEnvInfo.referencedIdentityProviders
+      }
+    };
+    let cleanupFunc = async () => await helpers.updateSubResourceType(apiServerClient, defsManager, installConfig.centralConfig.ampcEnvInfo.name, 'Environment', 'env', '', oldIDPRef);
+    resourceFuncsForCleanup.push(cleanupFunc);
+  }
   if (installConfig.gatewayType === _types.GatewayTypes.AWS_GATEWAY) {
     if (installConfig.switches.isTaEnabled) {
-      awsAgentValues.dataplaneConfig = new AWSDataplaneConfig(awsAgentValues.accessLogARN, awsAgentValues.fullTransactionLogging);
+      awsAgentValues.dataplaneConfig = new AWSDataplaneConfig(awsAgentValues.accessLogARN, awsAgentValues.fullTransactionLogging, awsAgentValues.stageTagName);
     } else {
       awsAgentValues.dataplaneConfig = new DataplaneConfig('AWS');
     }
   }
 
   // create the data plane resource
-  let dataplaneRes = await helpers.createNewDataPlaneResource(apiServerClient, defsManager, installConfig.centralConfig.environment, _types.GatewayTypeToDataPlane[installConfig.gatewayType], awsAgentValues.dataplaneConfig);
+  let dataplaneRes;
+  try {
+    dataplaneRes = await helpers.createNewDataPlaneResource(apiServerClient, defsManager, installConfig.centralConfig.environment, _types.GatewayTypeToDataPlane[installConfig.gatewayType], awsAgentValues.dataplaneConfig);
+    let cleanupFunc = async () => await helpers.deleteByResourceType(apiServerClient, defsManager, dataplaneRes.name, 'Dataplane', 'dp', installConfig.centralConfig.environment);
+    resourceFuncsForCleanup.push(cleanupFunc);
+  } catch (error) {
+    console.log(_chalk.default.redBright('rolling back installation. Please check the configuration data before re-running install'));
+    await cleanResources(resourceFuncsForCleanup);
+    return;
+  }
 
   // create data plane secret resource
   try {
-    await helpers.createNewDataPlaneSecretResource(apiServerClient, defsManager, installConfig.centralConfig.environment, _types.GatewayTypeToDataPlane[installConfig.gatewayType], dataplaneRes.name, await createEncryptedAccessData(awsAgentValues, dataplaneRes));
+    let dataplaneSecretRes = await helpers.createNewDataPlaneSecretResource(apiServerClient, defsManager, installConfig.centralConfig.environment, _types.GatewayTypeToDataPlane[installConfig.gatewayType], dataplaneRes.name, await createEncryptedAccessData(awsAgentValues, dataplaneRes));
+    let cleanupFunc = async () => await helpers.deleteByResourceType(apiServerClient, defsManager, dataplaneSecretRes === null || dataplaneSecretRes === void 0 ? void 0 : dataplaneSecretRes.name, 'DataplaneSecret', 'dps', installConfig.centralConfig.environment);
+    resourceFuncsForCleanup.push(cleanupFunc);
   } catch (error) {
     console.log(_chalk.default.redBright('rolling back installation. Please check the credential data before re-running install'));
-    if (installConfig.centralConfig.ampcEnvInfo.isNew) {
-      await helpers.deleteByResourceType(apiServerClient, defsManager, installConfig.centralConfig.ampcEnvInfo.name, 'Environment', 'env');
-    } else {
-      await helpers.deleteByResourceType(apiServerClient, defsManager, dataplaneRes.name, 'Dataplane', 'dp', installConfig.centralConfig.environment);
-    }
+    await cleanResources(resourceFuncsForCleanup);
     return;
   }
 
@@ -450,6 +514,7 @@ const AWSSaaSInstallMethods = exports.AWSSaaSInstallMethods = {
   GetBundleType: askBundleType,
   GetDeploymentType: askConfigType,
   AskGatewayQuestions: gatewayConnectivity,
+  AddIDP: true,
   FinalizeGatewayInstall: completeInstall,
   ConfigFiles: [],
   AgentNameMap: {
@@ -466,4 +531,12 @@ const testables = exports.testables = {
   AWSAuthType,
   SaasPrompts,
   ConfigFiles
+};
+// These are useful because there are multiple resources created in a specific order and in case of failure, this goes through
+// everything that was created and deletes it one by one. It deletes the resources in opposite order because resources added
+// at the beginning might be referred by resources added afterwards
+const cleanResources = async cleanupFuncs => {
+  for (let i = cleanupFuncs.length - 1; i >= 0; i--) {
+    await cleanupFuncs[i]();
+  }
 };

package/dist/commands/install/helpers/templates/awsTemplates.js

@@ -17,6 +17,7 @@ class AWSAgentValues {
     _defineProperty(this, "accessKey", void 0);
     _defineProperty(this, "secretKey", void 0);
     _defineProperty(this, "logGroup", void 0);
+    _defineProperty(this, "stageTagName", void 0);
     _defineProperty(this, "fullTransactionLogging", void 0);
     _defineProperty(this, "region", void 0);
     _defineProperty(this, "apigwAgentConfigZipFile", void 0);
@@ -36,6 +37,7 @@ class AWSAgentValues {
     this.accessKey = awsDeployment === 'Other' ? '**Insert Access Key**' : '';
     this.secretKey = awsDeployment === 'Other' ? '**Insert Secret Key**' : '';
     this.logGroup = '';
+    this.stageTagName = '';
     this.fullTransactionLogging = false;
     this.region = '';
     this.apigwAgentConfigZipFile = '';
@@ -107,6 +109,7 @@ AWS_AUTH_ACCESSKEY={{accessKey}}
 AWS_AUTH_SECRETKEY={{secretKey}}
 {{/if}}
 AWS_LOGGROUP={{logGroup}}
+AWS_STAGETAGNAME={{stageTagName}}
 
 # Amplify Central configs
 CENTRAL_AGENTNAME={{centralConfig.daAgentName}}

package/dist/common/basicPrompts.js

@@ -3,7 +3,7 @@
 Object.defineProperty(exports, "__esModule", {
   value: true
 });
-exports.verifyApigeeXCredentialFile = exports.validateValueRange = exports.validateValidRegex = exports.validateRegex = exports.validateNonEmptyInput = exports.validateInputIsNew = exports.runValidations = exports.filterEmptyNumberInput = exports.askUsernameAndPassword = exports.askList = exports.askInputValidation = exports.askInput = exports.MAX_FILE_SIZE = void 0;
+exports.verifyApigeeXCredentialFile = exports.validateValueRange = exports.validateValidRegex = exports.validateRegex = exports.validateNonEmptyInput = exports.validateInputLength = exports.validateInputIsNew = exports.runValidations = exports.filterEmptyNumberInput = exports.askUsernameAndPassword = exports.askList = exports.askInputValidation = exports.askInput = exports.MAX_FILE_SIZE = void 0;
 var _inquirer = _interopRequireDefault(require("inquirer"));
 var _fsExtra = require("fs-extra");
 var _path = require("path");
@@ -30,6 +30,10 @@ const validateRegex = (regexp, message) => input => {
   return input.toString().match(regexp) ? true : message;
 };
 exports.validateRegex = validateRegex;
+const validateInputLength = (length, message) => input => {
+  return input.toString().length <= length ? true : message;
+};
+exports.validateInputLength = validateInputLength;
 const MAX_FILE_SIZE = exports.MAX_FILE_SIZE = process.env.NODE_ENV === 'test' ? 1e5 : 20 * 1024 * 1024;
 const verifyApigeeXCredentialFile = () => input => {
   let stats;

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@axway/axway-central-cli",
-	"version": "3.10.0",
+	"version": "3.11.0",
 	"description": "Manage APIs, services and publish to the Amplify Marketplace",
 	"homepage": "https://platform.axway.com",
 	"author": {