@digitraffic/common 2023.6.19-1 → 2023.8.10-1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/aws/infra/canaries/canary-role.d.ts +8 -0
- package/dist/aws/infra/canaries/canary-role.js +11 -0
- package/dist/aws/infra/canaries/canary.js +1 -1
- package/dist/aws/infra/canaries/url-canary.d.ts +7 -7
- package/dist/aws/infra/canaries/url-canary.js +20 -8
- package/package.json +18 -18
- package/src/aws/infra/canaries/canary-role.ts +16 -0
- package/src/aws/infra/canaries/canary.ts +1 -1
- package/src/aws/infra/canaries/url-canary.ts +35 -12
|
@@ -2,5 +2,13 @@ import { Role } from "aws-cdk-lib/aws-iam";
|
|
|
2
2
|
import { Construct } from "constructs";
|
|
3
3
|
export declare class DigitrafficCanaryRole extends Role {
|
|
4
4
|
constructor(stack: Construct, canaryName: string);
|
|
5
|
+
/**
|
|
6
|
+
* Provides permissions to access resources within a VPC.
|
|
7
|
+
*/
|
|
5
8
|
withDatabaseAccess(): this;
|
|
9
|
+
/**
|
|
10
|
+
* Same as withDatabaseAccess() - renamed to avoid confusion if used with UrlCanary.
|
|
11
|
+
* A UrlCanary needs these permissions to e.g. access a private API Gateway endpoint in a VPC.
|
|
12
|
+
*/
|
|
13
|
+
withVpcAccess(): this;
|
|
6
14
|
}
|
|
@@ -32,6 +32,9 @@ class DigitrafficCanaryRole extends aws_iam_1.Role {
|
|
|
32
32
|
this.addToPolicy(new aws_iam_1.PolicyStatement(BASE_POLICY_STATEMENT_PROPS));
|
|
33
33
|
this.addToPolicy(new aws_iam_1.PolicyStatement(CLOUDWATCH_STATEMENT_PROPS));
|
|
34
34
|
}
|
|
35
|
+
/**
|
|
36
|
+
* Provides permissions to access resources within a VPC.
|
|
37
|
+
*/
|
|
35
38
|
withDatabaseAccess() {
|
|
36
39
|
// Won't work :(
|
|
37
40
|
// this.addToPolicy(new PolicyStatement(DB_STATEMENT_PROPS));
|
|
@@ -39,6 +42,14 @@ class DigitrafficCanaryRole extends aws_iam_1.Role {
|
|
|
39
42
|
this.addManagedPolicy(aws_iam_1.ManagedPolicy.fromAwsManagedPolicyName("service-role/AWSLambdaVPCAccessExecutionRole"));
|
|
40
43
|
return this;
|
|
41
44
|
}
|
|
45
|
+
/**
|
|
46
|
+
* Same as withDatabaseAccess() - renamed to avoid confusion if used with UrlCanary.
|
|
47
|
+
* A UrlCanary needs these permissions to e.g. access a private API Gateway endpoint in a VPC.
|
|
48
|
+
*/
|
|
49
|
+
withVpcAccess() {
|
|
50
|
+
this.addManagedPolicy(aws_iam_1.ManagedPolicy.fromAwsManagedPolicyName("service-role/AWSLambdaVPCAccessExecutionRole"));
|
|
51
|
+
return this;
|
|
52
|
+
}
|
|
42
53
|
}
|
|
43
54
|
exports.DigitrafficCanaryRole = DigitrafficCanaryRole;
|
|
44
55
|
//# sourceMappingURL=canary-role.js.map
|
|
@@ -7,7 +7,7 @@ const canary_alarm_1 = require("./canary-alarm");
|
|
|
7
7
|
class DigitrafficCanary extends aws_synthetics_alpha_1.Canary {
|
|
8
8
|
constructor(scope, canaryName, role, params, environmentVariables) {
|
|
9
9
|
super(scope, canaryName, {
|
|
10
|
-
runtime: aws_synthetics_alpha_1.Runtime.
|
|
10
|
+
runtime: aws_synthetics_alpha_1.Runtime.SYNTHETICS_NODEJS_PUPPETEER_4_0,
|
|
11
11
|
role,
|
|
12
12
|
test: aws_synthetics_alpha_1.Test.custom({
|
|
13
13
|
code: new aws_synthetics_alpha_1.AssetCode("dist", {
|
|
@@ -1,16 +1,16 @@
|
|
|
1
|
-
import { Construct } from "constructs";
|
|
2
|
-
import { CanaryParameters } from "./canary-parameters";
|
|
3
1
|
import { Role } from "aws-cdk-lib/aws-iam";
|
|
4
|
-
import { DigitrafficCanary } from "./canary";
|
|
5
2
|
import { ISecret } from "aws-cdk-lib/aws-secretsmanager";
|
|
6
|
-
import { DigitrafficStack } from "../stack/stack";
|
|
7
3
|
import { DigitrafficRestApi } from "../stack/rest_apis";
|
|
4
|
+
import { DigitrafficStack } from "../stack/stack";
|
|
5
|
+
import { DigitrafficCanary } from "./canary";
|
|
6
|
+
import { CanaryParameters } from "./canary-parameters";
|
|
8
7
|
export interface UrlCanaryParameters extends CanaryParameters {
|
|
9
8
|
readonly hostname: string;
|
|
10
|
-
readonly apiKeyId
|
|
9
|
+
readonly apiKeyId: string;
|
|
10
|
+
readonly inVpc?: boolean;
|
|
11
11
|
}
|
|
12
12
|
export declare class UrlCanary extends DigitrafficCanary {
|
|
13
|
-
constructor(stack:
|
|
14
|
-
static create(stack: DigitrafficStack, role: Role, publicApi: DigitrafficRestApi, params: Partial<UrlCanaryParameters
|
|
13
|
+
constructor(stack: DigitrafficStack, role: Role, params: UrlCanaryParameters, secret?: ISecret);
|
|
14
|
+
static create(stack: DigitrafficStack, role: Role, publicApi: DigitrafficRestApi, params: Partial<UrlCanaryParameters>, secret?: ISecret): UrlCanary;
|
|
15
15
|
static getApiKey(publicApi: DigitrafficRestApi): string | undefined;
|
|
16
16
|
}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.UrlCanary = void 0;
|
|
4
|
+
const aws_synthetics_1 = require("aws-cdk-lib/aws-synthetics");
|
|
4
5
|
const canary_1 = require("./canary");
|
|
5
6
|
const canary_keys_1 = require("./canary-keys");
|
|
6
7
|
class UrlCanary extends canary_1.DigitrafficCanary {
|
|
@@ -19,17 +20,28 @@ class UrlCanary extends canary_1.DigitrafficCanary {
|
|
|
19
20
|
}
|
|
20
21
|
// the handler code is defined at the actual project using this
|
|
21
22
|
super(stack, canaryName, role, params, environmentVariables);
|
|
23
|
+
if (params.inVpc && this.node.defaultChild instanceof aws_synthetics_1.CfnCanary) {
|
|
24
|
+
const subnetIds = stack.vpc === undefined
|
|
25
|
+
? []
|
|
26
|
+
: stack.vpc.privateSubnets.map((subnet) => subnet.subnetId);
|
|
27
|
+
const securityGroupIds = stack.lambdaDbSg === undefined
|
|
28
|
+
? []
|
|
29
|
+
: [stack.lambdaDbSg.securityGroupId];
|
|
30
|
+
this.node.defaultChild.vpcConfig = {
|
|
31
|
+
vpcId: stack.vpc?.vpcId,
|
|
32
|
+
securityGroupIds,
|
|
33
|
+
subnetIds,
|
|
34
|
+
};
|
|
35
|
+
}
|
|
22
36
|
}
|
|
23
|
-
static create(stack, role, publicApi, params) {
|
|
37
|
+
static create(stack, role, publicApi, params, secret) {
|
|
24
38
|
return new UrlCanary(stack, role, {
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
apiKeyId: this.getApiKey(publicApi),
|
|
30
|
-
},
|
|
39
|
+
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
|
|
40
|
+
handler: `${params.name}.handler`,
|
|
41
|
+
hostname: publicApi.hostname(),
|
|
42
|
+
apiKeyId: this.getApiKey(publicApi),
|
|
31
43
|
...params,
|
|
32
|
-
});
|
|
44
|
+
}, secret);
|
|
33
45
|
}
|
|
34
46
|
static getApiKey(publicApi) {
|
|
35
47
|
const apiKeys = publicApi.apiKeyIds;
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@digitraffic/common",
|
|
3
|
-
"version": "2023.
|
|
3
|
+
"version": "2023.8.10-1",
|
|
4
4
|
"description": "",
|
|
5
5
|
"repository": {
|
|
6
6
|
"type": "git",
|
|
@@ -17,41 +17,41 @@
|
|
|
17
17
|
"src/**/*.ts"
|
|
18
18
|
],
|
|
19
19
|
"peerDependencies": {
|
|
20
|
-
"@aws-cdk/aws-synthetics-alpha": "^2.
|
|
20
|
+
"@aws-cdk/aws-synthetics-alpha": "^2.85.0-alpha.0",
|
|
21
21
|
"@types/geojson": "^7946.0.10",
|
|
22
|
-
"aws-cdk-lib": "^2.
|
|
23
|
-
"aws-sdk": "^2.
|
|
22
|
+
"aws-cdk-lib": "^2.85.0",
|
|
23
|
+
"aws-sdk": "^2.1405.0",
|
|
24
24
|
"axios": "^1.2.6",
|
|
25
25
|
"change-case": "^4.1.2",
|
|
26
26
|
"constructs": "^10.2.17",
|
|
27
27
|
"date-fns-tz": "~2.0.0",
|
|
28
|
-
"date-fns": "~2.
|
|
28
|
+
"date-fns": "~2.30.0",
|
|
29
29
|
"etag": "^1.8.1",
|
|
30
30
|
"geojson-validation": "^1.0.2",
|
|
31
31
|
"node-ttl": "^0.2.0",
|
|
32
32
|
"pg-native": "^3.0.1",
|
|
33
|
-
"pg-promise": "^11.
|
|
33
|
+
"pg-promise": "^11.5.0"
|
|
34
34
|
},
|
|
35
35
|
"devDependencies": {
|
|
36
|
-
"@aws-cdk/aws-synthetics-alpha": "2.
|
|
37
|
-
"@types/aws-lambda": "~8.10.
|
|
36
|
+
"@aws-cdk/aws-synthetics-alpha": "2.85.0-alpha.0",
|
|
37
|
+
"@types/aws-lambda": "~8.10.119",
|
|
38
38
|
"@types/geojson": "^7946.0.10",
|
|
39
39
|
"@types/etag": "^1.8.1",
|
|
40
|
-
"@types/jest": "^29.5.
|
|
40
|
+
"@types/jest": "^29.5.2",
|
|
41
41
|
"@types/lodash": "^4.14.195",
|
|
42
42
|
"@types/node": "18.15.13",
|
|
43
43
|
"@types/ramda": "~0.29.1",
|
|
44
44
|
"@types/sinon": "10.0.15",
|
|
45
|
-
"@typescript-eslint/eslint-plugin": "~5.
|
|
46
|
-
"@typescript-eslint/parser": "^5.
|
|
47
|
-
"aws-cdk-lib": "~2.
|
|
48
|
-
"aws-sdk": "~2.
|
|
45
|
+
"@typescript-eslint/eslint-plugin": "~5.60.1",
|
|
46
|
+
"@typescript-eslint/parser": "^5.60.1",
|
|
47
|
+
"aws-cdk-lib": "~2.85.0",
|
|
48
|
+
"aws-sdk": "~2.1405.0",
|
|
49
49
|
"axios": "^1.3.6",
|
|
50
50
|
"change-case": "^4.1.2",
|
|
51
|
-
"constructs": "10.2.
|
|
51
|
+
"constructs": "10.2.61",
|
|
52
52
|
"date-fns-tz": "~2.0.0",
|
|
53
|
-
"date-fns": "~2.
|
|
54
|
-
"eslint": "~8.
|
|
53
|
+
"date-fns": "~2.30.0",
|
|
54
|
+
"eslint": "~8.43.0",
|
|
55
55
|
"eslint-config-prettier": "^8.8.0",
|
|
56
56
|
"eslint-plugin-deprecation": "~1.4.1",
|
|
57
57
|
"etag": "^1.8.1",
|
|
@@ -63,11 +63,11 @@
|
|
|
63
63
|
"lodash": "^4.17.21",
|
|
64
64
|
"node-ttl": "^0.2.0",
|
|
65
65
|
"pg-native": "^3.0.1",
|
|
66
|
-
"pg-promise": "^11.
|
|
66
|
+
"pg-promise": "^11.5.0",
|
|
67
67
|
"prettier": "^2.8.8",
|
|
68
68
|
"ramda": "~0.29.0",
|
|
69
69
|
"rimraf": "^5.0.1",
|
|
70
|
-
"sinon": "15.
|
|
70
|
+
"sinon": "15.2.0",
|
|
71
71
|
"ts-jest": "^29.1.0",
|
|
72
72
|
"typescript": "~4.9.5",
|
|
73
73
|
"velocityjs": "2.0.6"
|
|
@@ -43,6 +43,9 @@ export class DigitrafficCanaryRole extends Role {
|
|
|
43
43
|
this.addToPolicy(new PolicyStatement(CLOUDWATCH_STATEMENT_PROPS));
|
|
44
44
|
}
|
|
45
45
|
|
|
46
|
+
/**
|
|
47
|
+
* Provides permissions to access resources within a VPC.
|
|
48
|
+
*/
|
|
46
49
|
withDatabaseAccess(): this {
|
|
47
50
|
// Won't work :(
|
|
48
51
|
// this.addToPolicy(new PolicyStatement(DB_STATEMENT_PROPS));
|
|
@@ -54,4 +57,17 @@ export class DigitrafficCanaryRole extends Role {
|
|
|
54
57
|
);
|
|
55
58
|
return this;
|
|
56
59
|
}
|
|
60
|
+
|
|
61
|
+
/**
|
|
62
|
+
* Same as withDatabaseAccess() - renamed to avoid confusion if used with UrlCanary.
|
|
63
|
+
* A UrlCanary needs these permissions to e.g. access a private API Gateway endpoint in a VPC.
|
|
64
|
+
*/
|
|
65
|
+
withVpcAccess(): this {
|
|
66
|
+
this.addManagedPolicy(
|
|
67
|
+
ManagedPolicy.fromAwsManagedPolicyName(
|
|
68
|
+
"service-role/AWSLambdaVPCAccessExecutionRole"
|
|
69
|
+
)
|
|
70
|
+
);
|
|
71
|
+
return this;
|
|
72
|
+
}
|
|
57
73
|
}
|
|
@@ -21,7 +21,7 @@ export class DigitrafficCanary extends Canary {
|
|
|
21
21
|
environmentVariables: LambdaEnvironment
|
|
22
22
|
) {
|
|
23
23
|
super(scope, canaryName, {
|
|
24
|
-
runtime: Runtime.
|
|
24
|
+
runtime: Runtime.SYNTHETICS_NODEJS_PUPPETEER_4_0,
|
|
25
25
|
role,
|
|
26
26
|
test: Test.custom({
|
|
27
27
|
code: new AssetCode("dist", {
|
|
@@ -1,21 +1,22 @@
|
|
|
1
|
-
import { Construct } from "constructs";
|
|
2
|
-
import { CanaryParameters } from "./canary-parameters";
|
|
3
1
|
import { Role } from "aws-cdk-lib/aws-iam";
|
|
4
|
-
import { DigitrafficCanary } from "./canary";
|
|
5
2
|
import { ISecret } from "aws-cdk-lib/aws-secretsmanager";
|
|
6
|
-
import {
|
|
3
|
+
import { CfnCanary } from "aws-cdk-lib/aws-synthetics";
|
|
7
4
|
import { LambdaEnvironment } from "../stack/lambda-configs";
|
|
8
5
|
import { DigitrafficRestApi } from "../stack/rest_apis";
|
|
6
|
+
import { DigitrafficStack } from "../stack/stack";
|
|
7
|
+
import { DigitrafficCanary } from "./canary";
|
|
9
8
|
import { ENV_API_KEY, ENV_HOSTNAME, ENV_SECRET } from "./canary-keys";
|
|
9
|
+
import { CanaryParameters } from "./canary-parameters";
|
|
10
10
|
|
|
11
11
|
export interface UrlCanaryParameters extends CanaryParameters {
|
|
12
12
|
readonly hostname: string;
|
|
13
|
-
readonly apiKeyId
|
|
13
|
+
readonly apiKeyId: string;
|
|
14
|
+
readonly inVpc?: boolean;
|
|
14
15
|
}
|
|
15
16
|
|
|
16
17
|
export class UrlCanary extends DigitrafficCanary {
|
|
17
18
|
constructor(
|
|
18
|
-
stack:
|
|
19
|
+
stack: DigitrafficStack,
|
|
19
20
|
role: Role,
|
|
20
21
|
params: UrlCanaryParameters,
|
|
21
22
|
secret?: ISecret
|
|
@@ -38,23 +39,45 @@ export class UrlCanary extends DigitrafficCanary {
|
|
|
38
39
|
|
|
39
40
|
// the handler code is defined at the actual project using this
|
|
40
41
|
super(stack, canaryName, role, params, environmentVariables);
|
|
42
|
+
|
|
43
|
+
if (params.inVpc && this.node.defaultChild instanceof CfnCanary) {
|
|
44
|
+
const subnetIds =
|
|
45
|
+
stack.vpc === undefined
|
|
46
|
+
? []
|
|
47
|
+
: stack.vpc.privateSubnets.map((subnet) => subnet.subnetId);
|
|
48
|
+
|
|
49
|
+
const securityGroupIds =
|
|
50
|
+
stack.lambdaDbSg === undefined
|
|
51
|
+
? []
|
|
52
|
+
: [stack.lambdaDbSg.securityGroupId];
|
|
53
|
+
|
|
54
|
+
this.node.defaultChild.vpcConfig = {
|
|
55
|
+
vpcId: stack.vpc?.vpcId,
|
|
56
|
+
securityGroupIds,
|
|
57
|
+
subnetIds,
|
|
58
|
+
};
|
|
59
|
+
}
|
|
41
60
|
}
|
|
42
61
|
|
|
43
62
|
static create(
|
|
44
63
|
stack: DigitrafficStack,
|
|
45
64
|
role: Role,
|
|
46
65
|
publicApi: DigitrafficRestApi,
|
|
47
|
-
params: Partial<UrlCanaryParameters
|
|
66
|
+
params: Partial<UrlCanaryParameters>,
|
|
67
|
+
secret?: ISecret
|
|
48
68
|
): UrlCanary {
|
|
49
|
-
return new UrlCanary(
|
|
50
|
-
|
|
69
|
+
return new UrlCanary(
|
|
70
|
+
stack,
|
|
71
|
+
role,
|
|
72
|
+
{
|
|
51
73
|
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
|
|
52
74
|
handler: `${params.name!}.handler`,
|
|
53
75
|
hostname: publicApi.hostname(),
|
|
54
76
|
apiKeyId: this.getApiKey(publicApi),
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
77
|
+
...params,
|
|
78
|
+
} as UrlCanaryParameters,
|
|
79
|
+
secret
|
|
80
|
+
);
|
|
58
81
|
}
|
|
59
82
|
|
|
60
83
|
static getApiKey(publicApi: DigitrafficRestApi): string | undefined {
|