@digitraffic/common 2023.1.18-2 → 2023.1.23-1

package/src/aws/infra/stacks/network-stack.ts

@@ -1,7 +1,8 @@
 import { Stack } from "aws-cdk-lib";
 import { Construct } from "constructs";
-import { SubnetType, Vpc } from "aws-cdk-lib/aws-ec2";
+import { IVpc, SubnetType, Vpc } from "aws-cdk-lib/aws-ec2";
 import { InfraStackConfiguration } from "./intra-stack-configuration";
+import { exportValue } from "../import-util";
 
 export interface NetworkConfiguration {
     readonly vpcName: string;
@@ -9,6 +10,8 @@ export interface NetworkConfiguration {
 }
 
 export class NetworkStack extends Stack {
+    readonly vpc: IVpc;
+
     constructor(
         scope: Construct,
         id: string,
@@ -19,7 +22,8 @@ export class NetworkStack extends Stack {
             env: isc.env,
         });
 
-        this.createVpc(configuration);
+        this.vpc = this.createVpc(configuration);
+        exportValue(this, isc.environmentName, "VPCID", this.vpc.vpcId);
     }
 
     createVpc(configuration: NetworkConfiguration): Vpc {
@@ -38,7 +42,7 @@ export class NetworkStack extends Stack {
                 {
                     name: "private",
                     cidrMask: 24,
-                    subnetType: SubnetType.PRIVATE_WITH_NAT,
+                    subnetType: SubnetType.PRIVATE_WITH_EGRESS,
                 },
             ],
         });

package/src/aws/runtime/secrets/dbsecret.ts

@@ -1,11 +1,4 @@
-import { GenericSecret, withSecret, withSecretAndPrefix } from "./secret";
-
-export interface DbSecret {
-    readonly username: string;
-    readonly password: string;
-    readonly host: string;
-    readonly ro_host: string;
-}
+import { GenericSecret } from "./secret";
 
 export enum RdsProxySecretKey {
     username = "username",
@@ -24,115 +17,6 @@ export enum RdsSecretKey {
 export type RdsProxySecret = Record<RdsProxySecretKey, string>;
 export type RdsSecret = Record<RdsSecretKey, string>;
 
-export enum DatabaseEnvironmentKeys {
-    DB_USER = "DB_USER",
-    DB_PASS = "DB_PASS",
-    DB_URI = "DB_URI",
-    DB_RO_URI = "DB_RO_URI",
-    DB_APPLICATION = "DB_APPLICATION",
-}
-
-function setDbSecret(secret: DbSecret) {
-    process.env[DatabaseEnvironmentKeys.DB_USER] = secret.username;
-    process.env[DatabaseEnvironmentKeys.DB_PASS] = secret.password;
-    process.env[DatabaseEnvironmentKeys.DB_URI] = secret.host;
-    process.env[DatabaseEnvironmentKeys.DB_RO_URI] = secret.ro_host;
-}
-
-// cached at Lambda container level
-// eslint-disable-next-line @typescript-eslint/no-explicit-any
-let cachedSecret: any;
-
-const missingSecretErrorText = "Missing or empty secretId";
-
-/**
- * You can give the following options for retrieving a secret:
- *
- * expectedKeys: the list of keys the secret must include.  If not, an error will be thrown.
- * prefix: a prefix that's included in retrieved secret's keys.  Only keys begining with the prefix will be included.
- * The secret that is passed to the given function will not include the prefix in it's keys.
-
- */
-export interface SecretOptions {
-    readonly expectedKeys?: string[];
-    readonly prefix?: string;
-}
-
-export type SecretToPromiseFunction<Secret, Response = void> = (
-    secret: Secret
-) => Promise<Response> | void;
-export type SecretFunction<Secret, Response = void> = (
-    secretId: string,
-    fn: SecretToPromiseFunction<Secret, Response>,
-    options?: SecretOptions
-) => Promise<Response | void>;
-export type EmptySecretFunction<Response = void> = SecretFunction<
-    DbSecret,
-    Response
->;
-
-/**
- * Run the given function with secret retrieved from Secrets Manager.  Also injects database-credentials into environment.
- *
- * @deprecated use SecretHolder & ProxyHolder
- * @see SecretOptions
- *
- * @param {string} secretId
- * @param {function} fn
- * @param {SecretOptions} options
- */
-export async function withDbSecret<Secret, Response>(
-    secretId: string,
-    fn: SecretToPromiseFunction<Secret, Response>,
-    options?: SecretOptions
-): Promise<Response | void> {
-    if (!secretId) {
-        console.error(missingSecretErrorText);
-        return Promise.reject(missingSecretErrorText);
-    }
-
-    if (!cachedSecret) {
-        // if prefix is given, first set db values and then fetch secret
-        if (options?.prefix) {
-            // first set db values
-            await withSecret(secretId, (fetchedSecret: DbSecret) => {
-                setDbSecret(fetchedSecret);
-            });
-
-            // then actual secret
-            await withSecretAndPrefix(
-                secretId,
-                options.prefix,
-                (fetchedSecret: Secret) => {
-                    cachedSecret = fetchedSecret;
-                }
-            );
-        } else {
-            await withSecret(secretId, (fetchedSecret: DbSecret) => {
-                setDbSecret(fetchedSecret);
-                cachedSecret = fetchedSecret;
-            });
-        }
-    }
-    try {
-        if (options?.expectedKeys?.length) {
-            checkExpectedSecretKeys(options.expectedKeys, cachedSecret);
-        }
-        return fn(cachedSecret);
-    } catch (error) {
-        console.error(
-            "method=withDbSecret Caught an error, refreshing secret",
-            error
-        );
-        // try to refetch secret in case it has changed
-        await withSecret(secretId, (fetchedSecret: DbSecret) => {
-            setDbSecret(fetchedSecret);
-            cachedSecret = fetchedSecret;
-        });
-        return fn(cachedSecret);
-    }
-}
-
 export function checkExpectedSecretKeys<Secret extends GenericSecret>(
     keys: string[],
     secret: Secret

package/src/aws/runtime/secrets/proxy-holder.ts

@@ -1,10 +1,7 @@
 import { SecretHolder } from "./secret-holder";
-import {
-    DatabaseEnvironmentKeys,
-    RdsProxySecretKey,
-    RdsProxySecret,
-} from "./dbsecret";
+import { RdsProxySecretKey, RdsProxySecret } from "./dbsecret";
 import { getEnvVariable } from "../../../utils/utils";
+import { DatabaseEnvironmentKeys } from "../../../database/database";
 
 const RDS_PROXY_SECRET_KEYS = Object.values(RdsProxySecretKey);
 

package/src/aws/runtime/secrets/rds-holder.ts

@@ -1,6 +1,7 @@
 import { SecretHolder } from "./secret-holder";
-import { DatabaseEnvironmentKeys, RdsSecret, RdsSecretKey } from "./dbsecret";
+import { RdsSecret, RdsSecretKey } from "./dbsecret";
 import { getEnvVariable } from "../../../utils/utils";
+import { DatabaseEnvironmentKeys } from "../../../database/database";
 
 const RDS_SECRET_KEYS = Object.values(RdsSecretKey);
 

package/src/aws/runtime/secrets/secret-holder.ts

@@ -1,12 +1,8 @@
 import { GenericSecret, getSecret } from "./secret";
-import {
-    checkExpectedSecretKeys,
-    DatabaseEnvironmentKeys,
-    DbSecret,
-} from "./dbsecret";
+import { checkExpectedSecretKeys } from "./dbsecret";
 import { getEnvVariable } from "../../../utils/utils";
 
-// eslint-disable-next-line @typescript-eslint/no-var-requires
+// eslint-disable-next-line @typescript-eslint/no-var-requires, @typescript-eslint/no-unsafe-assignment
 const NodeTtl = require("node-ttl");
 
 const DEFAULT_PREFIX = "";
@@ -40,6 +36,7 @@ export class SecretHolder<Secret extends GenericSecret> {
         this.prefix = prefix;
         this.expectedKeys = expectedKeys;
 
+        // eslint-disable-next-line @typescript-eslint/no-var-requires, @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-call
         this.secretCache = new NodeTtl(configuration);
     }
 
@@ -48,6 +45,7 @@ export class SecretHolder<Secret extends GenericSecret> {
 
         console.info("refreshing secret " + this.secretId);
 
+        // eslint-disable-next-line @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-member-access
         this.secretCache.push(DEFAULT_SECRET_KEY, secretValue);
     }
 
@@ -90,24 +88,14 @@ export class SecretHolder<Secret extends GenericSecret> {
     }
 
     private async getSecret<S>(): Promise<S> {
-        const secret = this.secretCache.get(DEFAULT_SECRET_KEY);
+        // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-unsafe-call
+        const secret: S | undefined = this.secretCache.get(DEFAULT_SECRET_KEY);
 
         if (!secret) {
             await this.initSecret();
         }
 
-        return secret || this.secretCache.get(DEFAULT_SECRET_KEY);
-    }
-
-    /**
-     * @deprecated Use ProxyHolder
-     */
-    public async setDatabaseCredentials() {
-        const secret = await this.getSecret<DbSecret>();
-
-        process.env[DatabaseEnvironmentKeys.DB_USER] = secret.username;
-        process.env[DatabaseEnvironmentKeys.DB_PASS] = secret.password;
-        process.env[DatabaseEnvironmentKeys.DB_URI] = secret.host;
-        process.env[DatabaseEnvironmentKeys.DB_RO_URI] = secret.ro_host;
+        // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-unsafe-call
+        return secret ?? (this.secretCache.get(DEFAULT_SECRET_KEY) as S);
     }
 }

package/src/aws/runtime/secrets/secret.ts

@@ -1,5 +1,4 @@
-import {SecretsManager} from 'aws-sdk';
-import {SecretToPromiseFunction} from "./dbsecret";
+import { SecretsManager } from "aws-sdk";
 
 const smClient = new SecretsManager({
     region: process.env.AWS_REGION,
@@ -7,29 +6,29 @@ const smClient = new SecretsManager({
 
 export type GenericSecret = Record<string, string>;
 
-/**
- @deprecated use SecretHolder & ProxyHolder
- */
-export async function withSecret<Secret, Response>(secretId: string, fn: SecretToPromiseFunction<Secret, Response>): Promise<Response | void> {
-    return fn(await getSecret(secretId));
-}
-
-export async function getSecret<Secret>(secretId: string, prefix = ''): Promise<Secret> {
-    const secretObj = await smClient.getSecretValue({
-        SecretId: secretId,
-    }).promise();
+export async function getSecret<Secret>(
+    secretId: string,
+    prefix = ""
+): Promise<Secret> {
+    const secretObj = await smClient
+        .getSecretValue({
+            SecretId: secretId,
+        })
+        .promise();
 
     if (!secretObj.SecretString) {
-        throw new Error('No secret found!');
+        throw new Error("No secret found!");
     }
 
-    const secret = JSON.parse(secretObj.SecretString);
+    const secret: GenericSecret | Secret = JSON.parse(
+        secretObj.SecretString
+    ) as unknown as GenericSecret | Secret;
 
-    if (prefix === '') {
-        return secret;
+    if (!prefix) {
+        return secret as Secret;
     }
 
-    return parseSecret(secret, `${prefix}.`);
+    return parseSecret(secret as GenericSecret, `${prefix}.`);
 }
 
 function parseSecret<Secret>(secret: GenericSecret, prefix: string): Secret {
@@ -44,7 +43,3 @@ function parseSecret<Secret>(secret: GenericSecret, prefix: string): Secret {
 
     return parsed as unknown as Secret;
 }
-
-export async function withSecretAndPrefix<Secret, Response>(secretId: string, prefix: string, fn: SecretToPromiseFunction<Secret, Response>): Promise<Response | void> {
-    return fn(await getSecret(secretId, prefix));
-}

package/src/database/database.ts

@@ -1,20 +1,30 @@
 import { IDatabase, ITask } from "pg-promise";
-import { DatabaseEnvironmentKeys } from "../aws/runtime/secrets/dbsecret";
 import { getEnvVariable } from "../utils/utils";
 import { envValue } from "../aws/runtime/environment";
 
-// eslint-disable-next-line @typescript-eslint/no-var-requires
+export enum DatabaseEnvironmentKeys {
+    DB_USER = "DB_USER",
+    DB_PASS = "DB_PASS",
+    DB_URI = "DB_URI",
+    DB_RO_URI = "DB_RO_URI",
+    DB_APPLICATION = "DB_APPLICATION",
+}
+
+// eslint-disable-next-line @typescript-eslint/no-var-requires, @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-call
 const pgp = require("pg-promise")();
 
 // convert numeric types to number instead of string
+// eslint-disable-next-line @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-unsafe-call
 pgp.pg.types.setTypeParser(pgp.pg.types.builtins.INT8, (value: string) => {
     return parseInt(value);
 });
 
+// eslint-disable-next-line @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-unsafe-call
 pgp.pg.types.setTypeParser(pgp.pg.types.builtins.FLOAT8, (value: string) => {
     return parseFloat(value);
 });
 
+// eslint-disable-next-line @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-unsafe-call
 pgp.pg.types.setTypeParser(pgp.pg.types.builtins.NUMERIC, (value: string) => {
     return parseFloat(value);
 });
@@ -44,6 +54,7 @@ export function initDbConnection(
 ): DTDatabase {
     const finalUrl = `postgresql://${username}:${password}@${url}?application_name=${applicationName}`;
 
+    // eslint-disable-next-line @typescript-eslint/no-unsafe-return, @typescript-eslint/no-unsafe-call
     return pgp(finalUrl, options);
 }
 
@@ -90,6 +101,6 @@ async function doInDatabase<T>(
         console.error("Error in db:", e);
         throw e;
     } finally {
-        db.$pool.end();
+        await db.$pool.end();
     }
 }

package/src/test/db-testutils.ts

@@ -1,5 +1,8 @@
-import { DTDatabase, initDbConnection } from "../database/database";
-import { DatabaseEnvironmentKeys } from "../aws/runtime/secrets/dbsecret";
+import {
+    DatabaseEnvironmentKeys,
+    DTDatabase,
+    initDbConnection,
+} from "../database/database";
 import { Countable } from "../database/models";
 
 export async function assertCount(db: DTDatabase, sql: string, count: number) {

package/dist/test/secret.d.ts

@@ -1,3 +0,0 @@
-import { EmptySecretFunction, SecretFunction } from "../aws/runtime/secrets/dbsecret";
-export declare function createSecretFunction<Secret, Response>(secret: Secret): SecretFunction<Secret, Response>;
-export declare function createEmptySecretFunction<Response>(): EmptySecretFunction<Response>;

package/dist/test/secret.js

@@ -1,25 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.createEmptySecretFunction = exports.createSecretFunction = void 0;
-const EMPTY_DB_SECRET = {
-    username: '',
-    password: '',
-    host: '',
-    // eslint-disable-next-line camelcase
-    ro_host: '',
-};
-function createSecretFunction(secret) {
-    // eslint-disable-next-line require-await
-    return async (secretId, fn) => {
-        return fn(secret);
-    };
-}
-exports.createSecretFunction = createSecretFunction;
-function createEmptySecretFunction() {
-    // eslint-disable-next-line require-await
-    return async (secretId, fn) => {
-        return fn(EMPTY_DB_SECRET);
-    };
-}
-exports.createEmptySecretFunction = createEmptySecretFunction;
-//# sourceMappingURL=secret.js.map

package/src/test/secret.ts

@@ -1,23 +0,0 @@
-import {DbSecret, EmptySecretFunction, SecretFunction, SecretToPromiseFunction} from "../aws/runtime/secrets/dbsecret";
-
-const EMPTY_DB_SECRET: DbSecret = {
-    username: '',
-    password: '',
-    host: '',
-    // eslint-disable-next-line camelcase
-    ro_host: '',
-};
-
-export function createSecretFunction<Secret, Response>(secret: Secret): SecretFunction<Secret, Response> {
-    // eslint-disable-next-line require-await
-    return async (secretId: string, fn: SecretToPromiseFunction<Secret, Response>) => {
-        return fn(secret);
-    };
-}
-
-export function createEmptySecretFunction<Response>(): EmptySecretFunction<Response> {
-    // eslint-disable-next-line require-await
-    return async (secretId: string, fn: SecretToPromiseFunction<DbSecret, Response>) => {
-        return fn(EMPTY_DB_SECRET);
-    };
-}