@brunwig/mup-aws-beanstalk 0.8.1

package/lib/assets/nginx-server.conf

@@ -0,0 +1,59 @@
+# This nginx config is used with platforms based on Amazon Linux AMI
+# (the version before Amazon Linux 2)
+<% if(forceSSL) { %>
+if ($http_x_forwarded_proto = "http") {
+  return 301 https://$host$request_uri;
+}
+<% } %>
+
+location / {
+  proxy_pass          http://127.0.0.1:8081;
+  proxy_http_version  1.1;
+
+  proxy_set_header    Connection          $connection_upgrade;
+  proxy_set_header    Upgrade             $http_upgrade;
+  proxy_set_header    Host                $host;
+  proxy_set_header    X-Real-IP           $remote_addr;
+  proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
+
+  <% if(forceSSL) { %>
+  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;";
+  <% } %>
+}
+
+
+location ~* /packages/.+\.(eot|ttf|woff)$ {
+  root /var/app/current/programs/web.browser;
+  access_log off;
+  add_header Access-Control-Allow-Origin *;
+  add_header Vary Origin;
+  add_header Pragma public;
+  add_header Cache-Control "public";
+  expires max;
+}
+
+location ~* \.(eot|ttf|woff)$ {
+  root /var/app/current/programs/web.browser/app;
+  access_log off;
+  add_header Access-Control-Allow-Origin *;
+  add_header Vary Origin;
+  add_header Pragma public;
+  add_header Cache-Control "public";
+  expires max;
+}
+
+
+location /aws-health-check-3984729847289743128904723 {
+  proxy_pass http://127.0.0.1:8039;
+  proxy_set_header Connection "";
+  proxy_http_version 1.1;
+  proxy_set_header Host $host;
+  proxy_set_header X-Real-IP $remote_addr;
+  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  proxy_set_header Upgrade $http_upgrade;
+  proxy_set_header Connection "upgrade";
+}
+
+# gzip on;
+# gzip_comp_level 4;
+# gzip_types text/html text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

package/lib/assets/nginx.conf

@@ -0,0 +1,85 @@
+# This nginx config is used with platforms based on Amazon Linux AMI
+# (the version before Amazon Linux 2)
+proxy_buffer_size 128k;
+proxy_buffers 4 256k;
+proxy_busy_buffers_size 256k;
+
+upstream nodejs {
+  server 127.0.0.1:8081;
+  keepalive 256;
+}
+
+upstream healthcheck {
+  server 127.0.0.1:8039;
+  keepalive 256;
+}
+
+server {
+  listen 8080;
+
+  if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2})") {
+    set $year $1;
+    set $month $2;
+    set $day $3;
+    set $hour $4;
+  }
+
+  access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour healthd;
+  access_log /var/log/nginx/access.log main;
+
+  <% if(forceSSL) { %>
+  if ($http_x_forwarded_proto = "http") {
+    return 301 https://$host$request_uri;
+  }
+  <% } %>
+
+  location ~* /packages/.+\.(eot|ttf|woff)$ {
+    root /var/app/current/programs/web.browser;
+    access_log off;
+    add_header Access-Control-Allow-Origin *;
+    add_header Vary Origin;
+    add_header Pragma public;
+    add_header Cache-Control "public";
+    expires max;
+  }
+
+  location ~* \.(eot|ttf|woff)$ {
+    root /var/app/current/programs/web.browser/app;
+    access_log off;
+    add_header Access-Control-Allow-Origin *;
+    add_header Vary Origin;
+    add_header Pragma public;
+    add_header Cache-Control "public";
+    expires max;
+  }
+
+  location / {
+    proxy_pass http://nodejs;
+    proxy_set_header Connection "";
+    proxy_http_version 1.1;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+
+    <% if(forceSSL) { %>
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;";
+    <% } %>
+  }
+
+  location /aws-health-check-3984729847289743128904723 {
+    proxy_pass http://healthcheck;
+    proxy_set_header Connection "";
+    proxy_http_version 1.1;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+  }
+
+  gzip on;
+  gzip_comp_level 4;
+  gzip_types text/html text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+}

package/lib/assets/nginx.yaml

@@ -0,0 +1,13 @@
+files:
+    "/etc/nginx/conf.d/proxy.conf" :
+        mode: "000644"
+        owner: root
+        group: users
+        content: |
+<%- padScript(include('./nginx.conf'), 10) %>
+
+container_commands:
+  create_healthd_folder:
+    command: "mkdir -p /var/log/nginx/healthd/"
+  removeconfig:
+    command: "rm -f /tmp/deployment/config/#etc#nginx#conf.d#00_elastic_beanstalk_proxy.conf /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf"

package/lib/assets/node.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+NODE_VERSION=<%= nodeVersion %>
+NPM_VERSION=<%= npmVersion %>
+
+
+export NVM_DIR="/.nvm"
+# Install nvm
+curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.33.6/install.sh | bash
+[ -s "$NVM_DIR/nvm.sh" ] && . "$NVM_DIR/nvm.sh"
+
+nvm install $NODE_VERSION
+nvm use $NODE_VERSION
+nvm alias default $NODE_VERSION
+npm i -g npm@$NPM_VERSION
+
+APP_PATH="$(/opt/elasticbeanstalk/bin/get-config container -k app_staging_dir)"
+echo "APP_PATH: $APP_PATH"
+
+# AWS Linux 2
+[[ -z "$APP_PATH" ]] && APP_PATH="$(/opt/elasticbeanstalk/bin/get-config platformconfig -k AppStagingDir)"
+echo "APP_PATH: $APP_PATH"
+
+cd "$APP_PATH"
+ls
+cd programs/server && npm install --unsafe-perm

package/lib/assets/node.yaml

@@ -0,0 +1,8 @@
+files:
+    # Runs before `npm install` in '50npm.sh'
+    "/opt/elasticbeanstalk/hooks/appdeploy/pre/45node.sh" :
+        mode: "000775"
+        owner: root
+        group: users
+        content: |
+<%- padScript(include('./node.sh'), 12) %>

package/lib/assets/npmrc

@@ -0,0 +1 @@
+unsafe-perm=true

package/lib/assets/package.json

@@ -0,0 +1,7 @@
+{
+  "name": "<%= name %>",
+  "version": "<%= version %>.0.0",
+  "scripts": {
+    "start": "bash ./start.sh"
+  }
+}

package/lib/assets/packages.yaml

@@ -0,0 +1,5 @@
+packages:
+    "yum":
+      <% for(var key in packages) { %>
+      <%- key %>: "<%- packages[key] %>"
+      <% } %>

package/lib/assets/start.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+export NVM_DIR="/.nvm"
+[ -s "$NVM_DIR/nvm.sh" ] && . "$NVM_DIR/nvm.sh"
+
+nvm use default --delete-prefix --silent
+
+[[ ! -z "$MUP_ENV_FILE_VERSION" ]] && { echo "Long Env is enabled."; source /etc/app/env.txt; }
+
+echo "Node version"
+echo $(node --version)
+echo "Npm version"
+echo $(npm --version)
+
+export METEOR_SETTINGS=$(node -e 'console.log(decodeURIComponent(process.env.METEOR_SETTINGS_ENCODED))')
+
+echo "=> Starting health check server"
+node health-check.js &
+
+echo "=> Starting App"
+node main.js

package/lib/aws.js

@@ -0,0 +1,98 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.default = configure;
+exports.ec2InstanceConnect = exports.ec2 = exports.ssm = exports.sts = exports.cloudWatchEvents = exports.cloudTrail = exports.acm = exports.autoScaling = exports.iam = exports.beanstalk = exports.s3 = void 0;
+
+var _awsSdk = _interopRequireDefault(require("aws-sdk"));
+
+function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
+
+/* eslint-disable import/no-mutable-exports */
+let s3 = {};
+exports.s3 = s3;
+let beanstalk = {};
+exports.beanstalk = beanstalk;
+let iam = {};
+exports.iam = iam;
+let autoScaling = {};
+exports.autoScaling = autoScaling;
+let acm = {};
+exports.acm = acm;
+let cloudTrail = {};
+exports.cloudTrail = cloudTrail;
+let cloudWatchEvents = {};
+exports.cloudWatchEvents = cloudWatchEvents;
+let sts = {};
+exports.sts = sts;
+let ssm = {};
+exports.ssm = ssm;
+let ec2 = {};
+exports.ec2 = ec2;
+let ec2InstanceConnect = {};
+/* eslint-enable import/no-mutable-exports */
+
+exports.ec2InstanceConnect = ec2InstanceConnect;
+const MAX_RETRY_DELAY = 1000 * 60 * 2;
+const AWS_UPLOAD_TIMEOUT = 1000 * 60 * 60;
+
+function configure({
+  auth,
+  name,
+  region
+}) {
+  const options = {
+    accessKeyId: auth.id,
+    secretAccessKey: auth.secret,
+    region: region || 'us-east-1',
+    maxRetries: 25,
+    retryDelayOptions: {
+      customBackoff: retryCount => Math.min(2 ** retryCount * 1000, MAX_RETRY_DELAY)
+    }
+  };
+
+  _awsSdk.default.config.update(options);
+
+  exports.s3 = s3 = new _awsSdk.default.S3({
+    params: {
+      Bucket: `mup-${name}`
+    },
+    httpOptions: {
+      timeout: AWS_UPLOAD_TIMEOUT
+    },
+    apiVersion: '2006-03-01'
+  });
+  exports.beanstalk = beanstalk = new _awsSdk.default.ElasticBeanstalk({
+    apiVersion: '2010-12-01'
+  });
+  exports.iam = iam = new _awsSdk.default.IAM({
+    apiVersion: '2010-05-08'
+  });
+  exports.autoScaling = autoScaling = new _awsSdk.default.AutoScaling({
+    apiVersion: '2011-01-01'
+  });
+  exports.acm = acm = new _awsSdk.default.ACM({
+    apiVersion: '2015-12-08'
+  });
+  exports.cloudTrail = cloudTrail = new _awsSdk.default.CloudTrail({
+    apiVersion: '2013-11-01'
+  });
+  exports.sts = sts = new _awsSdk.default.STS({
+    apiVersion: '2011-06-15'
+  });
+  exports.cloudWatchEvents = cloudWatchEvents = new _awsSdk.default.CloudWatchEvents({
+    apiVersion: '2015-10-07'
+  });
+  exports.ssm = ssm = new _awsSdk.default.SSM({
+    apiVersion: '2014-11-06'
+  });
+  exports.ec2 = ec2 = new _awsSdk.default.EC2({
+    apiVersion: '2016-11-15'
+  });
+  exports.ec2InstanceConnect = ec2InstanceConnect = new _awsSdk.default.EC2InstanceConnect({
+    apiVersion: '2018-04-02'
+  });
+}
+//# sourceMappingURL=aws.js.map

package/lib/aws.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/aws.js"],"names":["s3","beanstalk","iam","autoScaling","acm","cloudTrail","cloudWatchEvents","sts","ssm","ec2","ec2InstanceConnect","MAX_RETRY_DELAY","AWS_UPLOAD_TIMEOUT","configure","auth","name","region","options","accessKeyId","id","secretAccessKey","secret","maxRetries","retryDelayOptions","customBackoff","retryCount","Math","min","AWS","config","update","S3","params","Bucket","httpOptions","timeout","apiVersion","ElasticBeanstalk","IAM","AutoScaling","ACM","CloudTrail","STS","CloudWatchEvents","SSM","EC2","EC2InstanceConnect"],"mappings":";;;;;;;;AAAA;;;;AAEA;AACO,IAAIA,EAAE,GAAG,EAAT;;AACA,IAAIC,SAAS,GAAG,EAAhB;;AACA,IAAIC,GAAG,GAAG,EAAV;;AACA,IAAIC,WAAW,GAAG,EAAlB;;AACA,IAAIC,GAAG,GAAG,EAAV;;AACA,IAAIC,UAAU,GAAG,EAAjB;;AACA,IAAIC,gBAAgB,GAAG,EAAvB;;AACA,IAAIC,GAAG,GAAG,EAAV;;AACA,IAAIC,GAAG,GAAG,EAAV;;AACA,IAAIC,GAAG,GAAG,EAAV;;AACA,IAAIC,kBAAkB,GAAG,EAAzB;AAEP;;;AAEA,MAAMC,eAAe,GAAG,OAAO,EAAP,GAAY,CAApC;AACA,MAAMC,kBAAkB,GAAG,OAAO,EAAP,GAAY,EAAvC;;AAEe,SAASC,SAAT,CAAmB;AAAEC,EAAAA,IAAF;AAAQC,EAAAA,IAAR;AAAcC,EAAAA;AAAd,CAAnB,EAA2C;AACxD,QAAMC,OAAO,GAAG;AACdC,IAAAA,WAAW,EAAEJ,IAAI,CAACK,EADJ;AAEdC,IAAAA,eAAe,EAAEN,IAAI,CAACO,MAFR;AAGdL,IAAAA,MAAM,EAAEA,MAAM,IAAI,WAHJ;AAIdM,IAAAA,UAAU,EAAE,EAJE;AAKdC,IAAAA,iBAAiB,EAAE;AACjBC,MAAAA,aAAa,EAAEC,UAAU,IAAIC,IAAI,CAACC,GAAL,CAAU,KAAKF,UAAL,GAAkB,IAA5B,EAAmCd,eAAnC;AADZ;AALL,GAAhB;;AAUAiB,kBAAIC,MAAJ,CAAWC,MAAX,CAAkBb,OAAlB;;AAEA,eAAAjB,EAAE,GAAG,IAAI4B,gBAAIG,EAAR,CAAW;AACdC,IAAAA,MAAM,EAAE;AAAEC,MAAAA,MAAM,EAAG,OAAMlB,IAAK;AAAtB,KADM;AAEdmB,IAAAA,WAAW,EAAE;AAAEC,MAAAA,OAAO,EAAEvB;AAAX,KAFC;AAGdwB,IAAAA,UAAU,EAAE;AAHE,GAAX,CAAL;AAKA,sBAAAnC,SAAS,GAAG,IAAI2B,gBAAIS,gBAAR,CAAyB;AAAED,IAAAA,UAAU,EAAE;AAAd,GAAzB,CAAZ;AACA,gBAAAlC,GAAG,GAAG,IAAI0B,gBAAIU,GAAR,CAAY;AAAEF,IAAAA,UAAU,EAAE;AAAd,GAAZ,CAAN;AACA,wBAAAjC,WAAW,GAAG,IAAIyB,gBAAIW,WAAR,CAAoB;AAAEH,IAAAA,UAAU,EAAE;AAAd,GAApB,CAAd;AACA,gBAAAhC,GAAG,GAAG,IAAIwB,gBAAIY,GAAR,CAAY;AAAEJ,IAAAA,UAAU,EAAE;AAAd,GAAZ,CAAN;AACA,uBAAA/B,UAAU,GAAG,IAAIuB,gBAAIa,UAAR,CAAmB;AAAEL,IAAAA,UAAU,EAAE;AAAd,GAAnB,CAAb;AACA,gBAAA7B,GAAG,GAAG,IAAIqB,gBAAIc,GAAR,CAAY;AAAEN,IAAAA,UAAU,EAAE;AAAd,GAAZ,CAAN;AACA,6BAAA9B,gBAAgB,GAAG,IAAIsB,gBAAIe,gBAAR,CAAyB;AAAEP,IAAAA,UAAU,EAAE;AAAd,GAAzB,CAAnB;AACA,gBAAA5B,GAAG,GAAG,IAAIoB,gBAAIgB,GAAR,CAAY;AAAER,IAAAA,UAAU,EAAE;AAAd,GAAZ,CAAN;AACA,gBAAA3B,GAAG,GAAG,IAAImB,gBAAIiB,GAAR,CAAY;AAAET,IAAAA,UAAU,EAAE;AAAd,GAAZ,CAAN;AACA,+BAAA1B,kBAAkB,GAAG,IAAIkB,gBAAIkB,kBAAR,CAA2B;AAAEV,IAAAA,UAAU,EAAE;AAAd,GAA3B,CAArB;AACD","sourcesContent":["import AWS from 'aws-sdk';\n\n/* eslint-disable import/no-mutable-exports */\nexport let s3 = {};\nexport let beanstalk = {};\nexport let iam = {};\nexport let autoScaling = {};\nexport let acm = {};\nexport let cloudTrail = {};\nexport let cloudWatchEvents = {};\nexport let sts = {};\nexport let ssm = {};\nexport let ec2 = {};\nexport let ec2InstanceConnect = {};\n\n/* eslint-enable import/no-mutable-exports */\n\nconst MAX_RETRY_DELAY = 1000 * 60 * 2;\nconst AWS_UPLOAD_TIMEOUT = 1000 * 60 * 60;\n\nexport default function configure({ auth, name, region }) {\n  const options = {\n    accessKeyId: auth.id,\n    secretAccessKey: auth.secret,\n    region: region || 'us-east-1',\n    maxRetries: 25,\n    retryDelayOptions: {\n      customBackoff: retryCount => Math.min((2 ** retryCount * 1000), MAX_RETRY_DELAY)\n    }\n  };\n\n  AWS.config.update(options);\n\n  s3 = new AWS.S3({\n    params: { Bucket: `mup-${name}` },\n    httpOptions: { timeout: AWS_UPLOAD_TIMEOUT },\n    apiVersion: '2006-03-01'\n  });\n  beanstalk = new AWS.ElasticBeanstalk({ apiVersion: '2010-12-01' });\n  iam = new AWS.IAM({ apiVersion: '2010-05-08' });\n  autoScaling = new AWS.AutoScaling({ apiVersion: '2011-01-01' });\n  acm = new AWS.ACM({ apiVersion: '2015-12-08' });\n  cloudTrail = new AWS.CloudTrail({ apiVersion: '2013-11-01' });\n  sts = new AWS.STS({ apiVersion: '2011-06-15' });\n  cloudWatchEvents = new AWS.CloudWatchEvents({ apiVersion: '2015-10-07' });\n  ssm = new AWS.SSM({ apiVersion: '2014-11-06' });\n  ec2 = new AWS.EC2({ apiVersion: '2016-11-15' });\n  ec2InstanceConnect = new AWS.EC2InstanceConnect({ apiVersion: '2018-04-02' });\n}\n"],"file":"aws.js"}

package/lib/certificates.js

@@ -0,0 +1,64 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.default = ensureSSLConfigured;
+
+var _aws = require("./aws");
+
+var _utils = require("./utils");
+
+var _ebConfig = require("./eb-config");
+
+var _envReady = require("./env-ready");
+
+async function ensureSSLConfigured(config, certificateArn) {
+  const {
+    app,
+    environment
+  } = (0, _utils.names)(config);
+  const ebConfig = [{
+    Namespace: 'aws:elbv2:listener:443',
+    OptionName: 'SSLCertificateArns',
+    Value: certificateArn
+  }, {
+    Namespace: 'aws:elbv2:listener:443',
+    OptionName: 'DefaultProcess',
+    Value: 'default'
+  }, {
+    Namespace: 'aws:elbv2:listener:443',
+    OptionName: 'ListenerEnabled',
+    Value: 'true'
+  }, {
+    Namespace: 'aws:elbv2:listener:443',
+    OptionName: 'Protocol',
+    Value: 'HTTPS'
+  }];
+  const domains = config.app.sslDomains; // we use domains to decide if we need to do something about SSL
+
+  if (!domains || domains.length === 0) {
+    return;
+  }
+
+  const {
+    ConfigurationSettings
+  } = await _aws.beanstalk.describeConfigurationSettings({
+    EnvironmentName: environment,
+    ApplicationName: app
+  }).promise();
+  const current = ConfigurationSettings[0].OptionSettings.reduce(_ebConfig.convertToObject, {});
+  const desired = ebConfig.reduce(_ebConfig.convertToObject, {});
+  const needToUpdate = Object.keys(desired).find(key => !current[key] || current[key].Value !== desired[key].Value);
+
+  if (!needToUpdate) {
+    return;
+  }
+
+  await _aws.beanstalk.updateEnvironment({
+    EnvironmentName: environment,
+    OptionSettings: ebConfig
+  }).promise();
+  await (0, _envReady.waitForEnvReady)(config, true);
+}
+//# sourceMappingURL=certificates.js.map

package/lib/certificates.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/certificates.js"],"names":["ensureSSLConfigured","config","certificateArn","app","environment","ebConfig","Namespace","OptionName","Value","domains","sslDomains","length","ConfigurationSettings","beanstalk","describeConfigurationSettings","EnvironmentName","ApplicationName","promise","current","OptionSettings","reduce","convertToObject","desired","needToUpdate","Object","keys","find","key","updateEnvironment"],"mappings":";;;;;;;AAAA;;AACA;;AACA;;AACA;;AAEe,eAAeA,mBAAf,CAAmCC,MAAnC,EAA2CC,cAA3C,EAA2D;AACxE,QAAM;AACJC,IAAAA,GADI;AAEJC,IAAAA;AAFI,MAGF,kBAAMH,MAAN,CAHJ;AAKA,QAAMI,QAAQ,GAAG,CAAC;AAChBC,IAAAA,SAAS,EAAE,wBADK;AAEhBC,IAAAA,UAAU,EAAE,oBAFI;AAGhBC,IAAAA,KAAK,EAAEN;AAHS,GAAD,EAId;AACDI,IAAAA,SAAS,EAAE,wBADV;AAEDC,IAAAA,UAAU,EAAE,gBAFX;AAGDC,IAAAA,KAAK,EAAE;AAHN,GAJc,EAQd;AACDF,IAAAA,SAAS,EAAE,wBADV;AAEDC,IAAAA,UAAU,EAAE,iBAFX;AAGDC,IAAAA,KAAK,EAAE;AAHN,GARc,EAYd;AACDF,IAAAA,SAAS,EAAE,wBADV;AAEDC,IAAAA,UAAU,EAAE,UAFX;AAGDC,IAAAA,KAAK,EAAE;AAHN,GAZc,CAAjB;AAkBA,QAAMC,OAAO,GAAGR,MAAM,CAACE,GAAP,CAAWO,UAA3B,CAxBwE,CA0BxE;;AACA,MAAI,CAACD,OAAD,IAAYA,OAAO,CAACE,MAAR,KAAmB,CAAnC,EAAsC;AACpC;AACD;;AAED,QAAM;AAAEC,IAAAA;AAAF,MAA4B,MAAMC,eACrCC,6BADqC,CACP;AAC7BC,IAAAA,eAAe,EAAEX,WADY;AAE7BY,IAAAA,eAAe,EAAEb;AAFY,GADO,EAKrCc,OALqC,EAAxC;AAOA,QAAMC,OAAO,GAAGN,qBAAqB,CAAC,CAAD,CAArB,CAAyBO,cAAzB,CAAwCC,MAAxC,CACdC,yBADc,EAEd,EAFc,CAAhB;AAIA,QAAMC,OAAO,GAAGjB,QAAQ,CAACe,MAAT,CAAgBC,yBAAhB,EAAiC,EAAjC,CAAhB;AAEA,QAAME,YAAY,GAAGC,MAAM,CAACC,IAAP,CAAYH,OAAZ,EAAqBI,IAArB,CAClBC,GAAD,IAAS,CAACT,OAAO,CAACS,GAAD,CAAR,IAAiBT,OAAO,CAACS,GAAD,CAAP,CAAanB,KAAb,KAAuBc,OAAO,CAACK,GAAD,CAAP,CAAanB,KAD3C,CAArB;;AAIA,MAAI,CAACe,YAAL,EAAmB;AACjB;AACD;;AAED,QAAMV,eACHe,iBADG,CACe;AACjBb,IAAAA,eAAe,EAAEX,WADA;AAEjBe,IAAAA,cAAc,EAAEd;AAFC,GADf,EAKHY,OALG,EAAN;AAMA,QAAM,+BAAgBhB,MAAhB,EAAwB,IAAxB,CAAN;AACD","sourcesContent":["import { beanstalk } from './aws';\nimport { names } from './utils';\nimport { convertToObject } from './eb-config';\nimport { waitForEnvReady } from './env-ready';\n\nexport default async function ensureSSLConfigured(config, certificateArn) {\n  const {\n    app,\n    environment\n  } = names(config);\n\n  const ebConfig = [{\n    Namespace: 'aws:elbv2:listener:443',\n    OptionName: 'SSLCertificateArns',\n    Value: certificateArn\n  }, {\n    Namespace: 'aws:elbv2:listener:443',\n    OptionName: 'DefaultProcess',\n    Value: 'default'\n  }, {\n    Namespace: 'aws:elbv2:listener:443',\n    OptionName: 'ListenerEnabled',\n    Value: 'true'\n  }, {\n    Namespace: 'aws:elbv2:listener:443',\n    OptionName: 'Protocol',\n    Value: 'HTTPS'\n  }];\n\n  const domains = config.app.sslDomains;\n\n  // we use domains to decide if we need to do something about SSL\n  if (!domains || domains.length === 0) {\n    return;\n  }\n\n  const { ConfigurationSettings } = await beanstalk\n    .describeConfigurationSettings({\n      EnvironmentName: environment,\n      ApplicationName: app,\n    })\n    .promise();\n\n  const current = ConfigurationSettings[0].OptionSettings.reduce(\n    convertToObject,\n    {}\n  );\n  const desired = ebConfig.reduce(convertToObject, {});\n\n  const needToUpdate = Object.keys(desired).find(\n    (key) => !current[key] || current[key].Value !== desired[key].Value\n  );\n\n  if (!needToUpdate) {\n    return;\n  }\n\n  await beanstalk\n    .updateEnvironment({\n      EnvironmentName: environment,\n      OptionSettings: ebConfig,\n    })\n    .promise();\n  await waitForEnvReady(config, true);\n}\n"],"file":"certificates.js"}