@factiii/stack 0.1.2 → 0.1.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bin/factiii +13 -0
- package/dist/cli/pr-check.d.ts +24 -0
- package/dist/cli/pr-check.d.ts.map +1 -0
- package/dist/cli/pr-check.js +153 -0
- package/dist/cli/pr-check.js.map +1 -0
- package/dist/plugins/addons/server-mode/index.d.ts.map +1 -1
- package/dist/plugins/addons/server-mode/index.js +3 -0
- package/dist/plugins/addons/server-mode/index.js.map +1 -1
- package/dist/plugins/addons/server-mode/scanfix/mac.d.ts +20 -3
- package/dist/plugins/addons/server-mode/scanfix/mac.d.ts.map +1 -1
- package/dist/plugins/addons/server-mode/scanfix/mac.js +304 -177
- package/dist/plugins/addons/server-mode/scanfix/mac.js.map +1 -1
- package/dist/plugins/addons/server-mode/scanfix/tart.d.ts +19 -0
- package/dist/plugins/addons/server-mode/scanfix/tart.d.ts.map +1 -0
- package/dist/plugins/addons/server-mode/scanfix/tart.js +350 -0
- package/dist/plugins/addons/server-mode/scanfix/tart.js.map +1 -0
- package/dist/plugins/pipelines/aws/configs/free-tier.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/configs/free-tier.js +3 -38
- package/dist/plugins/pipelines/aws/configs/free-tier.js.map +1 -1
- package/dist/plugins/pipelines/aws/index.d.ts +4 -1
- package/dist/plugins/pipelines/aws/index.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/index.js +101 -29
- package/dist/plugins/pipelines/aws/index.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/credentials.d.ts +9 -0
- package/dist/plugins/pipelines/aws/scanfix/credentials.d.ts.map +1 -0
- package/dist/plugins/pipelines/aws/scanfix/credentials.js +196 -0
- package/dist/plugins/pipelines/aws/scanfix/credentials.js.map +1 -0
- package/dist/plugins/pipelines/aws/scanfix/db-replication.d.ts +13 -0
- package/dist/plugins/pipelines/aws/scanfix/db-replication.d.ts.map +1 -0
- package/dist/plugins/pipelines/aws/scanfix/db-replication.js +136 -0
- package/dist/plugins/pipelines/aws/scanfix/db-replication.js.map +1 -0
- package/dist/plugins/pipelines/aws/scanfix/ec2.d.ts +10 -0
- package/dist/plugins/pipelines/aws/scanfix/ec2.d.ts.map +1 -0
- package/dist/plugins/pipelines/aws/scanfix/ec2.js +279 -0
- package/dist/plugins/pipelines/aws/scanfix/ec2.js.map +1 -0
- package/dist/plugins/pipelines/aws/scanfix/ecr.d.ts +9 -0
- package/dist/plugins/pipelines/aws/scanfix/ecr.d.ts.map +1 -0
- package/dist/plugins/pipelines/aws/scanfix/ecr.js +100 -0
- package/dist/plugins/pipelines/aws/scanfix/ecr.js.map +1 -0
- package/dist/plugins/pipelines/aws/scanfix/iam.d.ts +10 -0
- package/dist/plugins/pipelines/aws/scanfix/iam.d.ts.map +1 -0
- package/dist/plugins/pipelines/aws/scanfix/iam.js +255 -0
- package/dist/plugins/pipelines/aws/scanfix/iam.js.map +1 -0
- package/dist/plugins/pipelines/aws/scanfix/rds.d.ts +10 -0
- package/dist/plugins/pipelines/aws/scanfix/rds.d.ts.map +1 -0
- package/dist/plugins/pipelines/aws/scanfix/rds.js +261 -0
- package/dist/plugins/pipelines/aws/scanfix/rds.js.map +1 -0
- package/dist/plugins/pipelines/aws/scanfix/s3.d.ts +9 -0
- package/dist/plugins/pipelines/aws/scanfix/s3.d.ts.map +1 -0
- package/dist/plugins/pipelines/aws/scanfix/s3.js +134 -0
- package/dist/plugins/pipelines/aws/scanfix/s3.js.map +1 -0
- package/dist/plugins/pipelines/aws/scanfix/security-groups.d.ts +10 -0
- package/dist/plugins/pipelines/aws/scanfix/security-groups.d.ts.map +1 -0
- package/dist/plugins/pipelines/aws/scanfix/security-groups.js +225 -0
- package/dist/plugins/pipelines/aws/scanfix/security-groups.js.map +1 -0
- package/dist/plugins/pipelines/aws/scanfix/ses.d.ts +9 -0
- package/dist/plugins/pipelines/aws/scanfix/ses.d.ts.map +1 -0
- package/dist/plugins/pipelines/aws/scanfix/ses.js +174 -0
- package/dist/plugins/pipelines/aws/scanfix/ses.js.map +1 -0
- package/dist/plugins/pipelines/aws/scanfix/vpc.d.ts +9 -0
- package/dist/plugins/pipelines/aws/scanfix/vpc.d.ts.map +1 -0
- package/dist/plugins/pipelines/aws/scanfix/vpc.js +237 -0
- package/dist/plugins/pipelines/aws/scanfix/vpc.js.map +1 -0
- package/dist/plugins/pipelines/aws/utils/aws-helpers.d.ts +50 -0
- package/dist/plugins/pipelines/aws/utils/aws-helpers.d.ts.map +1 -0
- package/dist/plugins/pipelines/aws/utils/aws-helpers.js +137 -0
- package/dist/plugins/pipelines/aws/utils/aws-helpers.js.map +1 -0
- package/dist/plugins/pipelines/factiii/index.d.ts.map +1 -1
- package/dist/plugins/pipelines/factiii/index.js +11 -0
- package/dist/plugins/pipelines/factiii/index.js.map +1 -1
- package/dist/plugins/pipelines/factiii/pr-check.d.ts +35 -0
- package/dist/plugins/pipelines/factiii/pr-check.d.ts.map +1 -0
- package/dist/plugins/pipelines/factiii/pr-check.js +202 -0
- package/dist/plugins/pipelines/factiii/pr-check.js.map +1 -0
- package/dist/plugins/pipelines/factiii/utils/workflows.d.ts.map +1 -1
- package/dist/plugins/pipelines/factiii/utils/workflows.js +1 -0
- package/dist/plugins/pipelines/factiii/utils/workflows.js.map +1 -1
- package/dist/plugins/pipelines/factiii/workflows/factiii-cicd-staging.yml +8 -3
- package/dist/plugins/pipelines/factiii/workflows/factiii-pr-check.yml +103 -0
- package/dist/plugins/servers/mac/staging.d.ts.map +1 -1
- package/dist/plugins/servers/mac/staging.js +304 -52
- package/dist/plugins/servers/mac/staging.js.map +1 -1
- package/dist/types/config.d.ts +11 -0
- package/dist/types/config.d.ts.map +1 -1
- package/dist/utils/github-status.d.ts +39 -0
- package/dist/utils/github-status.d.ts.map +1 -0
- package/dist/utils/github-status.js +172 -0
- package/dist/utils/github-status.js.map +1 -0
- package/package.json +3 -3
|
@@ -85,13 +85,23 @@ const index_js_1 = require("../../../scanfix/index.js");
|
|
|
85
85
|
// Import plugin-specific scanfix arrays
|
|
86
86
|
const aws_cli_js_1 = require("./scanfix/aws-cli.js");
|
|
87
87
|
const config_js_1 = require("./scanfix/config.js");
|
|
88
|
+
const credentials_js_1 = require("./scanfix/credentials.js");
|
|
89
|
+
const vpc_js_1 = require("./scanfix/vpc.js");
|
|
90
|
+
const security_groups_js_1 = require("./scanfix/security-groups.js");
|
|
91
|
+
const ec2_js_1 = require("./scanfix/ec2.js");
|
|
92
|
+
const rds_js_1 = require("./scanfix/rds.js");
|
|
93
|
+
const s3_js_1 = require("./scanfix/s3.js");
|
|
94
|
+
const ecr_js_1 = require("./scanfix/ecr.js");
|
|
95
|
+
const ses_js_1 = require("./scanfix/ses.js");
|
|
96
|
+
const iam_js_1 = require("./scanfix/iam.js");
|
|
97
|
+
const db_replication_js_1 = require("./scanfix/db-replication.js");
|
|
88
98
|
// Import environment-specific operations
|
|
89
99
|
const dev_js_1 = require("./dev.js");
|
|
90
100
|
const prod_js_1 = require("./prod.js");
|
|
91
101
|
// Import configs
|
|
92
|
-
const
|
|
102
|
+
const ec2_js_2 = __importDefault(require("./configs/ec2.js"));
|
|
93
103
|
const free_tier_js_1 = __importDefault(require("./configs/free-tier.js"));
|
|
94
|
-
// Import SSH
|
|
104
|
+
// Import SSH helpers
|
|
95
105
|
const ssh_helper_js_1 = require("../../../utils/ssh-helper.js");
|
|
96
106
|
class AWSPipeline {
|
|
97
107
|
// ============================================================
|
|
@@ -120,13 +130,24 @@ class AWSPipeline {
|
|
|
120
130
|
region: 'us-east-1',
|
|
121
131
|
},
|
|
122
132
|
};
|
|
123
|
-
// Schema for factiiiAuto.yml (auto-detected)
|
|
133
|
+
// Schema for factiiiAuto.yml (auto-detected + provisioned resource IDs)
|
|
124
134
|
static autoConfigSchema = {
|
|
125
135
|
aws_cli_installed: 'boolean',
|
|
136
|
+
aws_vpc_id: 'string',
|
|
137
|
+
aws_subnet_public_id: 'string',
|
|
138
|
+
aws_subnet_private_ids: 'string[]',
|
|
139
|
+
aws_sg_ec2_id: 'string',
|
|
140
|
+
aws_sg_rds_id: 'string',
|
|
141
|
+
aws_ec2_instance_id: 'string',
|
|
142
|
+
aws_ec2_public_ip: 'string',
|
|
143
|
+
aws_rds_endpoint: 'string',
|
|
144
|
+
aws_rds_db_name: 'string',
|
|
145
|
+
aws_s3_bucket: 'string',
|
|
146
|
+
aws_ecr_registry: 'string',
|
|
126
147
|
};
|
|
127
148
|
/**
|
|
128
149
|
* Determine if this plugin should be loaded for this project
|
|
129
|
-
* Loads if
|
|
150
|
+
* Loads if any environment has pipeline: 'aws' or aws config
|
|
130
151
|
*/
|
|
131
152
|
static async shouldLoad(_rootDir, config) {
|
|
132
153
|
// Dynamic import to avoid circular dependencies
|
|
@@ -135,27 +156,26 @@ class AWSPipeline {
|
|
|
135
156
|
for (const env of Object.values(environments)) {
|
|
136
157
|
// Load if environment explicitly uses 'aws' pipeline
|
|
137
158
|
if (env.pipeline === 'aws') {
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
159
|
+
return true;
|
|
160
|
+
}
|
|
161
|
+
// Load if environment has AWS-specific config
|
|
162
|
+
if (env.config && ['ec2', 'free-tier', 'standard', 'enterprise'].includes(env.config)) {
|
|
163
|
+
return true;
|
|
142
164
|
}
|
|
143
|
-
//
|
|
144
|
-
if (env.
|
|
145
|
-
|
|
146
|
-
env.domain.includes('.compute.amazonaws.com') ||
|
|
147
|
-
env.domain.includes('.amazonaws.com') ||
|
|
148
|
-
env.domain.includes('.aws');
|
|
149
|
-
if (isAwsDomain)
|
|
150
|
-
return true;
|
|
165
|
+
// Load if environment has access_key_id
|
|
166
|
+
if (env.access_key_id) {
|
|
167
|
+
return true;
|
|
151
168
|
}
|
|
152
169
|
}
|
|
153
|
-
//
|
|
154
|
-
|
|
170
|
+
// Also load if top-level aws config exists
|
|
171
|
+
if (config.aws?.config || config.aws?.access_key_id) {
|
|
172
|
+
return true;
|
|
173
|
+
}
|
|
174
|
+
return false;
|
|
155
175
|
}
|
|
156
176
|
// Available configurations
|
|
157
177
|
static configs = {
|
|
158
|
-
ec2:
|
|
178
|
+
ec2: ec2_js_2.default,
|
|
159
179
|
'free-tier': free_tier_js_1.default,
|
|
160
180
|
};
|
|
161
181
|
static helpText = {
|
|
@@ -178,28 +198,70 @@ class AWSPipeline {
|
|
|
178
198
|
/**
|
|
179
199
|
* Check how this pipeline can reach a given stage
|
|
180
200
|
* This is the core routing logic for the pipeline
|
|
201
|
+
*
|
|
202
|
+
* Only claims environments where pipeline: 'aws' or aws config exists.
|
|
203
|
+
* For staging/prod: checks SSH key first, falls back to workflow.
|
|
181
204
|
*/
|
|
182
205
|
static canReach(stage, config) {
|
|
206
|
+
// Check if this stage has environments owned by this pipeline
|
|
207
|
+
// eslint-disable-next-line @typescript-eslint/no-require-imports
|
|
208
|
+
const { getEnvironmentsForStage } = require('../../../utils/config-helpers.js');
|
|
209
|
+
const envs = getEnvironmentsForStage(config, stage);
|
|
210
|
+
const envValues = Object.values(envs);
|
|
183
211
|
switch (stage) {
|
|
184
212
|
case 'dev':
|
|
185
|
-
// Dev is always reachable locally
|
|
213
|
+
// Dev is always reachable locally (for AWS CLI checks)
|
|
186
214
|
return { reachable: true, via: 'local' };
|
|
187
215
|
case 'secrets':
|
|
188
|
-
// Secrets
|
|
189
|
-
|
|
190
|
-
|
|
216
|
+
// Secrets stage: check if AWS credentials are available
|
|
217
|
+
// Check Ansible Vault first (same pattern as factiii pipeline)
|
|
218
|
+
if (config.ansible?.vault_path) {
|
|
219
|
+
// eslint-disable-next-line @typescript-eslint/no-require-imports
|
|
220
|
+
const os = require('os');
|
|
221
|
+
const vaultPasswordFile = config.ansible.vault_password_file?.replace(/^~/, os.homedir());
|
|
222
|
+
// eslint-disable-next-line @typescript-eslint/no-require-imports
|
|
223
|
+
const fsCheck = require('fs');
|
|
224
|
+
const hasPasswordFile = vaultPasswordFile && fsCheck.existsSync(vaultPasswordFile);
|
|
225
|
+
const hasPasswordEnv = !!process.env.ANSIBLE_VAULT_PASSWORD || !!process.env.ANSIBLE_VAULT_PASSWORD_FILE;
|
|
226
|
+
if (hasPasswordFile || hasPasswordEnv) {
|
|
227
|
+
return { reachable: true, via: 'local' };
|
|
228
|
+
}
|
|
191
229
|
}
|
|
192
|
-
|
|
230
|
+
// Fallback: check env vars directly
|
|
231
|
+
if (process.env.AWS_ACCESS_KEY_ID && process.env.AWS_SECRET_ACCESS_KEY) {
|
|
232
|
+
return { reachable: true, via: 'api' };
|
|
233
|
+
}
|
|
234
|
+
return { reachable: false, reason: 'Missing AWS credentials. Configure Ansible Vault or set AWS_ACCESS_KEY_ID + AWS_SECRET_ACCESS_KEY env vars.' };
|
|
193
235
|
case 'staging':
|
|
194
236
|
case 'prod':
|
|
195
|
-
//
|
|
196
|
-
if (
|
|
237
|
+
// Only handle environments that belong to this pipeline
|
|
238
|
+
if (envValues.length === 0) {
|
|
239
|
+
return { reachable: false, reason: 'No ' + stage + ' environment configured' };
|
|
240
|
+
}
|
|
241
|
+
const hasAwsEnv = envValues.some(e => e.pipeline === 'aws' || e.config || e.access_key_id);
|
|
242
|
+
if (!hasAwsEnv) {
|
|
243
|
+
return { reachable: false, reason: 'No AWS environment for ' + stage };
|
|
244
|
+
}
|
|
245
|
+
// On server: run locally
|
|
246
|
+
if (process.env.GITHUB_ACTIONS === 'true' || process.env.FACTIII_ON_SERVER === 'true') {
|
|
197
247
|
return { reachable: true, via: 'local' };
|
|
198
248
|
}
|
|
199
|
-
//
|
|
200
|
-
|
|
249
|
+
// Check for SSH key (direct SSH from dev machine)
|
|
250
|
+
{
|
|
251
|
+
const sshKey = (0, ssh_helper_js_1.findSshKeyForStage)(stage);
|
|
252
|
+
if (sshKey) {
|
|
253
|
+
return { reachable: true, via: 'ssh' };
|
|
254
|
+
}
|
|
255
|
+
}
|
|
256
|
+
// Fallback: use GitHub workflow
|
|
257
|
+
if (process.env.GITHUB_TOKEN) {
|
|
258
|
+
return { reachable: true, via: 'workflow' };
|
|
259
|
+
}
|
|
260
|
+
// AWS provisioning fixes run locally on dev machine (AWS CLI)
|
|
261
|
+
// Even without SSH key, we can reach 'prod' for provisioning
|
|
262
|
+
return { reachable: true, via: 'local' };
|
|
201
263
|
default:
|
|
202
|
-
return { reachable: false, reason:
|
|
264
|
+
return { reachable: false, reason: 'Unknown stage: ' + stage };
|
|
203
265
|
}
|
|
204
266
|
}
|
|
205
267
|
/**
|
|
@@ -227,6 +289,16 @@ class AWSPipeline {
|
|
|
227
289
|
// Plugin-specific fixes
|
|
228
290
|
...aws_cli_js_1.awsCliFixes,
|
|
229
291
|
...config_js_1.configFixes,
|
|
292
|
+
...credentials_js_1.credentialsFixes,
|
|
293
|
+
...vpc_js_1.vpcFixes,
|
|
294
|
+
...security_groups_js_1.securityGroupFixes,
|
|
295
|
+
...ec2_js_1.ec2Fixes,
|
|
296
|
+
...rds_js_1.rdsFixes,
|
|
297
|
+
...s3_js_1.s3Fixes,
|
|
298
|
+
...ecr_js_1.ecrFixes,
|
|
299
|
+
...ses_js_1.sesFixes,
|
|
300
|
+
...iam_js_1.iamFixes,
|
|
301
|
+
...db_replication_js_1.dbReplicationFixes,
|
|
230
302
|
];
|
|
231
303
|
// ============================================================
|
|
232
304
|
// STATIC HELPER METHODS
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/plugins/pipelines/aws/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0CG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,iDAAyC;AAWzC,kCAAkC;AAClC,wDAKmC;AAEnC,wCAAwC;AACxC,qDAAmD;AACnD,mDAAkD;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/plugins/pipelines/aws/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0CG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,iDAAyC;AAWzC,kCAAkC;AAClC,wDAKmC;AAEnC,wCAAwC;AACxC,qDAAmD;AACnD,mDAAkD;AAClD,6DAA4D;AAC5D,6CAA4C;AAC5C,qEAAkE;AAClE,6CAA4C;AAC5C,6CAA4C;AAC5C,2CAA0C;AAC1C,6CAA4C;AAC5C,6CAA4C;AAC5C,6CAA4C;AAC5C,mEAAiE;AAEjE,yCAAyC;AACzC,qCAAqC;AACrC,uCAAmF;AAEnF,iBAAiB;AACjB,8DAAyC;AACzC,0EAAoD;AAGpD,qBAAqB;AACrB,gEAA2E;AAI3E,MAAM,WAAW;IACf,+DAA+D;IAC/D,kBAAkB;IAClB,+DAA+D;IAE/D,MAAM,CAAU,EAAE,GAAG,KAAK,CAAC;IAC3B,MAAM,CAAU,IAAI,GAAG,cAAc,CAAC;IACtC,MAAM,CAAU,QAAQ,GAAe,UAAU,CAAC;IAClD,MAAM,CAAU,OAAO,GAAG,OAAO,CAAC;IAElC;;;OAGG;IACH,MAAM,CAAU,iBAAiB,GAAe,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IAE3E;;OAEG;IACH,MAAM,CAAU,aAAa,GAAa,QAAQ,CAAC;IAEnD,gCAAgC;IAChC,MAAM,CAAU,eAAe,GAAa,EAAE,CAAC;IAE/C,yCAAyC;IACzC,MAAM,CAAU,YAAY,GAA4B;QACtD,GAAG,EAAE;YACH,MAAM,EAAE,KAAK,EAAE,gDAAgD;YAC/D,aAAa,EAAE,sBAAsB;YACrC,MAAM,EAAE,WAAW;SACpB;KACF,CAAC;IAEF,wEAAwE;IACxE,MAAM,CAAU,gBAAgB,GAA2B;QACzD,iBAAiB,EAAE,SAAS;QAC5B,UAAU,EAAE,QAAQ;QACpB,oBAAoB,EAAE,QAAQ;QAC9B,sBAAsB,EAAE,UAAU;QAClC,aAAa,EAAE,QAAQ;QACvB,aAAa,EAAE,QAAQ;QACvB,mBAAmB,EAAE,QAAQ;QAC7B,iBAAiB,EAAE,QAAQ;QAC3B,gBAAgB,EAAE,QAAQ;QAC1B,eAAe,EAAE,QAAQ;QACzB,aAAa,EAAE,QAAQ;QACvB,gBAAgB,EAAE,QAAQ;KAC3B,CAAC;IAEF;;;OAGG;IACH,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,QAAgB,EAAE,MAAqB;QAC7D,gDAAgD;QAChD,MAAM,EAAE,mBAAmB,EAAE,GAAG,wDAAa,kCAAkC,GAAC,CAAC;QAEjF,MAAM,YAAY,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;QAEjD,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC;YAC9C,qDAAqD;YACrD,IAAI,GAAG,CAAC,QAAQ,KAAK,KAAK,EAAE,CAAC;gBAC3B,OAAO,IAAI,CAAC;YACd,CAAC;YAED,8CAA8C;YAC9C,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,KAAK,EAAE,WAAW,EAAE,UAAU,EAAE,YAAY,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gBACtF,OAAO,IAAI,CAAC;YACd,CAAC;YAED,wCAAwC;YACxC,IAAI,GAAG,CAAC,aAAa,EAAE,CAAC;gBACtB,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,2CAA2C;QAC3C,IAAI,MAAM,CAAC,GAAG,EAAE,MAAM,IAAI,MAAM,CAAC,GAAG,EAAE,aAAa,EAAE,CAAC;YACpD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED,2BAA2B;IAC3B,MAAM,CAAC,OAAO,GAAiC;QAC7C,GAAG,EAAE,gBAAS;QACd,WAAW,EAAE,sBAAc;KAC5B,CAAC;IAEF,MAAM,CAAC,QAAQ,GAA2B;QACxC,GAAG,EAAE;;;;;;;8DAOqD;QAE1D,qBAAqB,EAAE;;;8DAGmC;KAC3D,CAAC;IAEF,+DAA+D;IAC/D,4BAA4B;IAC5B,+DAA+D;IAE/D;;;;;;OAMG;IACH,MAAM,CAAC,QAAQ,CAAC,KAAY,EAAE,MAAqB;QACjD,8DAA8D;QAC9D,iEAAiE;QACjE,MAAM,EAAE,uBAAuB,EAAE,GAAG,OAAO,CAAC,kCAAkC,CAAC,CAAC;QAChF,MAAM,IAAI,GAAG,uBAAuB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QACpD,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAwB,CAAC;QAE7D,QAAQ,KAAK,EAAE,CAAC;YACd,KAAK,KAAK;gBACR,uDAAuD;gBACvD,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;YAE3C,KAAK,SAAS;gBACZ,wDAAwD;gBACxD,+DAA+D;gBAC/D,IAAI,MAAM,CAAC,OAAO,EAAE,UAAU,EAAE,CAAC;oBAC/B,iEAAiE;oBACjE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;oBACzB,MAAM,iBAAiB,GAAG,MAAM,CAAC,OAAO,CAAC,mBAAmB,EAAE,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC;oBAC1F,iEAAiE;oBACjE,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;oBAC9B,MAAM,eAAe,GAAG,iBAAiB,IAAI,OAAO,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC;oBACnF,MAAM,cAAc,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,IAAI,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC;oBACzG,IAAI,eAAe,IAAI,cAAc,EAAE,CAAC;wBACtC,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;oBAC3C,CAAC;gBACH,CAAC;gBACD,oCAAoC;gBACpC,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,CAAC;oBACvE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;gBACzC,CAAC;gBACD,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,6GAA6G,EAAE,CAAC;YAErJ,KAAK,SAAS,CAAC;YACf,KAAK,MAAM;gBACT,wDAAwD;gBACxD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBAC3B,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,GAAG,KAAK,GAAG,yBAAyB,EAAE,CAAC;gBACjF,CAAC;gBACD,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,aAAa,CAAC,CAAC;gBAC3F,IAAI,CAAC,SAAS,EAAE,CAAC;oBACf,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,yBAAyB,GAAG,KAAK,EAAE,CAAC;gBACzE,CAAC;gBAED,yBAAyB;gBACzB,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,MAAM,EAAE,CAAC;oBACtF,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;gBAC3C,CAAC;gBAED,kDAAkD;gBAClD,CAAC;oBACC,MAAM,MAAM,GAAG,IAAA,kCAAkB,EAAC,KAAK,CAAC,CAAC;oBACzC,IAAI,MAAM,EAAE,CAAC;wBACX,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;oBACzC,CAAC;gBACH,CAAC;gBAED,gCAAgC;gBAChC,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC;oBAC7B,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC;gBAC9C,CAAC;gBAED,8DAA8D;gBAC9D,6DAA6D;gBAC7D,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;YAE3C;gBACE,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,iBAAiB,GAAG,KAAK,EAAE,CAAC;QACnE,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,gBAAgB,CAAC,WAAmB;QACzC,OAAO,WAAW,KAAK,SAAS,IAAI,WAAW,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACxE,CAAC;IAED,+DAA+D;IAC/D,wDAAwD;IACxD,+DAA+D;IAC/D,sCAAsC;IACtC,8CAA8C;IAC9C,+DAA+D;IAE/D,MAAM,CAAU,KAAK,GAAG;QACtB,2BAA2B;QAC3B,GAAG,IAAA,yBAAc,EAAC,KAAK,EAAE,KAAK,CAAC;QAE/B,8DAA8D;QAC9D,GAAG,IAAA,yBAAc,EAAC,MAAM,CAAC;QACzB,GAAG,IAAA,uBAAY,EAAC,MAAM,CAAC;QACvB,GAAG,IAAA,sBAAW,EAAC,MAAM,CAAC;QACtB,IAAA,2BAAgB,EAAC,MAAM,EAAE,MAAM,CAAC;QAEhC,wBAAwB;QACxB,GAAG,wBAAW;QACd,GAAG,uBAAW;QACd,GAAG,iCAAgB;QACnB,GAAG,iBAAQ;QACX,GAAG,uCAAkB;QACrB,GAAG,iBAAQ;QACX,GAAG,iBAAQ;QACX,GAAG,eAAO;QACV,GAAG,iBAAQ;QACX,GAAG,iBAAQ;QACX,GAAG,iBAAQ;QACX,GAAG,sCAAkB;KACtB,CAAC;IAEF,+DAA+D;IAC/D,wBAAwB;IACxB,+DAA+D;IAE/D;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,YAAY,CACvB,QAAgB;QAEhB,IAAI,CAAC;YACH,IAAA,wBAAQ,EAAC,WAAW,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;YACzC,OAAO,EAAE,iBAAiB,EAAE,IAAI,EAAE,CAAC;QACrC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,iBAAiB,EAAE,KAAK,EAAE,CAAC;QACtC,CAAC;IACH,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,SAA4B,EAAE,OAAe;QAChE,OAAO,MAAM,IAAA,uBAAO,EAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAC3C,CAAC;IAED,+DAA+D;IAC/D,mBAAmB;IACnB,+DAA+D;IAEvD,OAAO,CAAgB;IACvB,UAAU,CAA2B;IAE7C,YAAY,MAAqB;QAC/B,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;QAEtB,uDAAuD;QACvD,MAAM,UAAU,GAAI,MAAM,EAAE,GAAG,EAAE,MAAwB,IAAI,KAAK,CAAC;QACnE,IAAI,CAAC,UAAU,GAAG,WAAW,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IACpD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CAAC,KAAY,EAAE,UAAgD,EAAE;QAChF,MAAM,KAAK,GAAG,WAAW,CAAC,QAAQ,CAAC,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QAExD,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC;YACrB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC;QACjD,CAAC;QAED,IAAI,KAAK,CAAC,GAAG,KAAK,UAAU,EAAE,CAAC;YAC7B,wCAAwC;YACxC,oDAAoD;YACpD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,iCAAiC,KAAK,EAAE,EAAE,CAAC;QAC9E,CAAC;QAED,kCAAkC;QAClC,IAAI,KAAK,KAAK,KAAK,EAAE,CAAC;YACpB,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAC1C,CAAC;aAAM,IAAI,KAAK,KAAK,MAAM,EAAE,CAAC;YAC5B,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC3C,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,sBAAsB,KAAK,EAAE,EAAE,CAAC;IAClE,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,iBAAiB,CACrB,MAAqB,EACrB,WAAmB,EACnB,UAAoC,EAAE;QAEtC,OAAO,IAAA,2BAAqB,EAAC,MAAM,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;IAC7D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CAAC,MAAqB,EAAE,WAAmB;QACrD,IAAI,WAAW,KAAK,KAAK,EAAE,CAAC;YAC1B,OAAO,IAAA,kBAAS,GAAE,CAAC;QACrB,CAAC;aAAM,IAAI,WAAW,KAAK,MAAM,IAAI,WAAW,KAAK,YAAY,EAAE,CAAC;YAClE,OAAO,IAAA,oBAAU,EAAC,MAAM,CAAC,CAAC;QAC5B,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,4BAA4B,WAAW,EAAE,EAAE,CAAC;IAC9E,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAqB,EAAE,WAAmB;QACvD,IAAI,WAAW,KAAK,KAAK,EAAE,CAAC;YAC1B,IAAI,CAAC;gBACH,IAAA,wBAAQ,EAAC,qBAAqB,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;gBACtD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,0BAA0B,EAAE,CAAC;YAChE,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;iBAC9D,CAAC;YACJ,CAAC;QACH,CAAC;aAAM,IAAI,WAAW,KAAK,MAAM,IAAI,WAAW,KAAK,YAAY,EAAE,CAAC;YAClE,MAAM,EAAE,mBAAmB,EAAE,GAAG,wDAAa,kCAAkC,GAAC,CAAC;YACjF,MAAM,YAAY,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;YACjD,MAAM,SAAS,GAAG,YAAY,CAAC,IAAI,IAAI,YAAY,CAAC,UAAU,CAAC;YAE/D,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,CAAC;gBACvB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,kCAAkC,EAAE,CAAC;YACvE,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,IAAI,KAAK,CAAC;gBACtC,MAAM,WAAW,CAAC,OAAO,CACvB,SAAS,EACT;iDACuC,QAAQ;SAChD,CACA,CAAC;gBACF,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,+BAA+B,EAAE,CAAC;YACrE,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;iBAC9D,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,4BAA4B,WAAW,EAAE,EAAE,CAAC;IAC9E,CAAC;;AAGH,kBAAe,WAAW,CAAC"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* AWS Credential Fixes
|
|
3
|
+
*
|
|
4
|
+
* Handles AWS account setup guidance, credential validation,
|
|
5
|
+
* and region configuration checks.
|
|
6
|
+
*/
|
|
7
|
+
import type { Fix } from '../../../../types/index.js';
|
|
8
|
+
export declare const credentialsFixes: Fix[];
|
|
9
|
+
//# sourceMappingURL=credentials.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"credentials.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/credentials.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAiB,GAAG,EAAE,MAAM,4BAA4B,CAAC;AAGrE,eAAO,MAAM,gBAAgB,EAAE,GAAG,EA4JjC,CAAC"}
|
|
@@ -0,0 +1,196 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* AWS Credential Fixes
|
|
4
|
+
*
|
|
5
|
+
* Handles AWS account setup guidance, credential validation,
|
|
6
|
+
* and region configuration checks.
|
|
7
|
+
*/
|
|
8
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
9
|
+
if (k2 === undefined) k2 = k;
|
|
10
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
11
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
12
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
13
|
+
}
|
|
14
|
+
Object.defineProperty(o, k2, desc);
|
|
15
|
+
}) : (function(o, m, k, k2) {
|
|
16
|
+
if (k2 === undefined) k2 = k;
|
|
17
|
+
o[k2] = m[k];
|
|
18
|
+
}));
|
|
19
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
20
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
21
|
+
}) : function(o, v) {
|
|
22
|
+
o["default"] = v;
|
|
23
|
+
});
|
|
24
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
25
|
+
var ownKeys = function(o) {
|
|
26
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
27
|
+
var ar = [];
|
|
28
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
29
|
+
return ar;
|
|
30
|
+
};
|
|
31
|
+
return ownKeys(o);
|
|
32
|
+
};
|
|
33
|
+
return function (mod) {
|
|
34
|
+
if (mod && mod.__esModule) return mod;
|
|
35
|
+
var result = {};
|
|
36
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
37
|
+
__setModuleDefault(result, mod);
|
|
38
|
+
return result;
|
|
39
|
+
};
|
|
40
|
+
})();
|
|
41
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
42
|
+
exports.credentialsFixes = void 0;
|
|
43
|
+
const aws_helpers_js_1 = require("../utils/aws-helpers.js");
|
|
44
|
+
exports.credentialsFixes = [
|
|
45
|
+
// ============================================================
|
|
46
|
+
// DEV STAGE - AWS CLI and account setup
|
|
47
|
+
// ============================================================
|
|
48
|
+
{
|
|
49
|
+
id: 'aws-account-not-setup',
|
|
50
|
+
stage: 'dev',
|
|
51
|
+
severity: 'critical',
|
|
52
|
+
description: 'AWS CLI not installed or not configured',
|
|
53
|
+
scan: async (config, _rootDir) => {
|
|
54
|
+
// Only check if AWS pipeline is configured
|
|
55
|
+
const awsConfig = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
56
|
+
if (!awsConfig.accessKeyId && !config.aws)
|
|
57
|
+
return false;
|
|
58
|
+
// Check if AWS CLI is installed
|
|
59
|
+
if (!(0, aws_helpers_js_1.isAwsCliInstalled)())
|
|
60
|
+
return true;
|
|
61
|
+
// Check if credentials are configured (can call STS)
|
|
62
|
+
const accountId = (0, aws_helpers_js_1.getAwsAccountId)(awsConfig.region);
|
|
63
|
+
return !accountId;
|
|
64
|
+
},
|
|
65
|
+
fix: null,
|
|
66
|
+
manualFix: [
|
|
67
|
+
'Setup AWS CLI:',
|
|
68
|
+
'',
|
|
69
|
+
'1. Create an AWS account at https://aws.amazon.com (free tier available)',
|
|
70
|
+
'',
|
|
71
|
+
'2. Install AWS CLI:',
|
|
72
|
+
' Windows: winget install Amazon.AWSCLI',
|
|
73
|
+
' macOS: brew install awscli',
|
|
74
|
+
' Linux: curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" && unzip awscliv2.zip && sudo ./aws/install',
|
|
75
|
+
'',
|
|
76
|
+
'3. Create an IAM user in AWS Console:',
|
|
77
|
+
' IAM → Users → Create user → Attach AdministratorAccess policy',
|
|
78
|
+
' → Security credentials → Create access key',
|
|
79
|
+
'',
|
|
80
|
+
'4. Configure AWS CLI:',
|
|
81
|
+
' aws configure',
|
|
82
|
+
' (Enter Access Key ID, Secret Access Key, region)',
|
|
83
|
+
].join('\n'),
|
|
84
|
+
},
|
|
85
|
+
{
|
|
86
|
+
id: 'aws-region-configured',
|
|
87
|
+
stage: 'dev',
|
|
88
|
+
severity: 'warning',
|
|
89
|
+
description: 'AWS region not configured in factiii.yml',
|
|
90
|
+
scan: async (config, _rootDir) => {
|
|
91
|
+
// Only check if AWS pipeline is configured
|
|
92
|
+
const { extractEnvironments } = await Promise.resolve().then(() => __importStar(require('../../../../utils/config-helpers.js')));
|
|
93
|
+
const environments = extractEnvironments(config);
|
|
94
|
+
const hasAwsEnv = Object.values(environments).some((e) => e.pipeline === 'aws');
|
|
95
|
+
if (!hasAwsEnv && !config.aws)
|
|
96
|
+
return false;
|
|
97
|
+
const awsConfig = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
98
|
+
// Check if region is explicitly set (not just default)
|
|
99
|
+
return !awsConfig.region || awsConfig.region === 'us-east-1' && !config.aws?.region;
|
|
100
|
+
},
|
|
101
|
+
fix: null,
|
|
102
|
+
manualFix: 'Set aws.region in factiii.yml under the prod environment or top-level aws block',
|
|
103
|
+
},
|
|
104
|
+
// ============================================================
|
|
105
|
+
// SECRETS STAGE - Credential validation
|
|
106
|
+
// ============================================================
|
|
107
|
+
{
|
|
108
|
+
id: 'aws-credentials-missing',
|
|
109
|
+
stage: 'secrets',
|
|
110
|
+
severity: 'critical',
|
|
111
|
+
description: 'AWS credentials not available (env vars or Ansible Vault)',
|
|
112
|
+
scan: async (config, _rootDir) => {
|
|
113
|
+
// Only check if AWS pipeline is configured
|
|
114
|
+
const { extractEnvironments } = await Promise.resolve().then(() => __importStar(require('../../../../utils/config-helpers.js')));
|
|
115
|
+
const environments = extractEnvironments(config);
|
|
116
|
+
const hasAwsEnv = Object.values(environments).some((e) => e.pipeline === 'aws');
|
|
117
|
+
if (!hasAwsEnv && !config.aws)
|
|
118
|
+
return false;
|
|
119
|
+
// Check env vars
|
|
120
|
+
if (process.env.AWS_ACCESS_KEY_ID && process.env.AWS_SECRET_ACCESS_KEY) {
|
|
121
|
+
return false;
|
|
122
|
+
}
|
|
123
|
+
// Check if Ansible Vault has AWS credentials
|
|
124
|
+
if (config.ansible?.vault_path) {
|
|
125
|
+
try {
|
|
126
|
+
const { AnsibleVaultSecrets } = await Promise.resolve().then(() => __importStar(require('../../../../utils/ansible-vault-secrets.js')));
|
|
127
|
+
const vault = new AnsibleVaultSecrets({
|
|
128
|
+
vault_path: config.ansible.vault_path,
|
|
129
|
+
vault_password_file: config.ansible.vault_password_file,
|
|
130
|
+
});
|
|
131
|
+
const result = await vault.checkSecrets(['aws_access_key_id', 'aws_secret_access_key']);
|
|
132
|
+
if (result.status?.aws_access_key_id && result.status?.aws_secret_access_key) {
|
|
133
|
+
return false;
|
|
134
|
+
}
|
|
135
|
+
}
|
|
136
|
+
catch {
|
|
137
|
+
// Vault not accessible
|
|
138
|
+
}
|
|
139
|
+
}
|
|
140
|
+
return true;
|
|
141
|
+
},
|
|
142
|
+
fix: null,
|
|
143
|
+
manualFix: [
|
|
144
|
+
'Configure AWS credentials via one of:',
|
|
145
|
+
'',
|
|
146
|
+
' Option A: Environment variables',
|
|
147
|
+
' export AWS_ACCESS_KEY_ID=AKIA...',
|
|
148
|
+
' export AWS_SECRET_ACCESS_KEY=...',
|
|
149
|
+
'',
|
|
150
|
+
' Option B: AWS CLI configuration',
|
|
151
|
+
' aws configure',
|
|
152
|
+
'',
|
|
153
|
+
' Option C: Ansible Vault (recommended)',
|
|
154
|
+
' Add aws_access_key_id and aws_secret_access_key to your vault file',
|
|
155
|
+
' npx factiii secrets edit',
|
|
156
|
+
].join('\n'),
|
|
157
|
+
},
|
|
158
|
+
{
|
|
159
|
+
id: 'aws-credentials-invalid',
|
|
160
|
+
stage: 'secrets',
|
|
161
|
+
severity: 'warning',
|
|
162
|
+
description: 'AWS credentials are invalid or expired',
|
|
163
|
+
scan: async (config, _rootDir) => {
|
|
164
|
+
// Only check if AWS CLI is installed and credentials exist
|
|
165
|
+
if (!(0, aws_helpers_js_1.isAwsCliInstalled)())
|
|
166
|
+
return false;
|
|
167
|
+
if (!process.env.AWS_ACCESS_KEY_ID && !process.env.AWS_SECRET_ACCESS_KEY) {
|
|
168
|
+
// No env vars - might be using aws configure or vault
|
|
169
|
+
// Try to validate anyway
|
|
170
|
+
}
|
|
171
|
+
const awsConfig = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
172
|
+
const accountId = (0, aws_helpers_js_1.getAwsAccountId)(awsConfig.region);
|
|
173
|
+
// If we can't get account ID, credentials are invalid
|
|
174
|
+
// But only flag if we actually have credentials configured
|
|
175
|
+
if (!accountId) {
|
|
176
|
+
// Check if aws configure has credentials
|
|
177
|
+
try {
|
|
178
|
+
const { execSync } = await Promise.resolve().then(() => __importStar(require('child_process')));
|
|
179
|
+
const result = execSync('aws configure get aws_access_key_id 2>/dev/null || echo ""', {
|
|
180
|
+
encoding: 'utf8',
|
|
181
|
+
stdio: ['pipe', 'pipe', 'pipe'],
|
|
182
|
+
}).trim();
|
|
183
|
+
// Only flag as invalid if credentials exist but don't work
|
|
184
|
+
return result.length > 0;
|
|
185
|
+
}
|
|
186
|
+
catch {
|
|
187
|
+
return false;
|
|
188
|
+
}
|
|
189
|
+
}
|
|
190
|
+
return false;
|
|
191
|
+
},
|
|
192
|
+
fix: null,
|
|
193
|
+
manualFix: 'Check AWS credentials: aws sts get-caller-identity\nIf expired, regenerate in AWS Console: IAM → Users → Security credentials',
|
|
194
|
+
},
|
|
195
|
+
];
|
|
196
|
+
//# sourceMappingURL=credentials.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"credentials.js","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/credentials.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAGH,4DAA2F;AAE9E,QAAA,gBAAgB,GAAU;IACrC,+DAA+D;IAC/D,wCAAwC;IACxC,+DAA+D;IAC/D;QACE,EAAE,EAAE,uBAAuB;QAC3B,KAAK,EAAE,KAAK;QACZ,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,yCAAyC;QACtD,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAE,QAAgB,EAAoB,EAAE;YACxE,2CAA2C;YAC3C,MAAM,SAAS,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACvC,IAAI,CAAC,SAAS,CAAC,WAAW,IAAI,CAAC,MAAM,CAAC,GAAG;gBAAE,OAAO,KAAK,CAAC;YAExD,gCAAgC;YAChC,IAAI,CAAC,IAAA,kCAAiB,GAAE;gBAAE,OAAO,IAAI,CAAC;YAEtC,qDAAqD;YACrD,MAAM,SAAS,GAAG,IAAA,gCAAe,EAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YACpD,OAAO,CAAC,SAAS,CAAC;QACpB,CAAC;QACD,GAAG,EAAE,IAAI;QACT,SAAS,EAAE;YACT,gBAAgB;YAChB,EAAE;YACF,0EAA0E;YAC1E,EAAE;YACF,qBAAqB;YACrB,0CAA0C;YAC1C,iCAAiC;YACjC,2IAA2I;YAC3I,EAAE;YACF,uCAAuC;YACvC,kEAAkE;YAClE,+CAA+C;YAC/C,EAAE;YACF,uBAAuB;YACvB,kBAAkB;YAClB,qDAAqD;SACtD,CAAC,IAAI,CAAC,IAAI,CAAC;KACb;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,KAAK,EAAE,KAAK;QACZ,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,0CAA0C;QACvD,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAE,QAAgB,EAAoB,EAAE;YACxE,2CAA2C;YAC3C,MAAM,EAAE,mBAAmB,EAAE,GAAG,wDAAa,qCAAqC,GAAC,CAAC;YACpF,MAAM,YAAY,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;YACjD,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,IAAI,CAChD,CAAC,CAAwB,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CACnD,CAAC;YACF,IAAI,CAAC,SAAS,IAAI,CAAC,MAAM,CAAC,GAAG;gBAAE,OAAO,KAAK,CAAC;YAE5C,MAAM,SAAS,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACvC,uDAAuD;YACvD,OAAO,CAAC,SAAS,CAAC,MAAM,IAAI,SAAS,CAAC,MAAM,KAAK,WAAW,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC;QACtF,CAAC;QACD,GAAG,EAAE,IAAI;QACT,SAAS,EAAE,iFAAiF;KAC7F;IAED,+DAA+D;IAC/D,wCAAwC;IACxC,+DAA+D;IAC/D;QACE,EAAE,EAAE,yBAAyB;QAC7B,KAAK,EAAE,SAAS;QAChB,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,2DAA2D;QACxE,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAE,QAAgB,EAAoB,EAAE;YACxE,2CAA2C;YAC3C,MAAM,EAAE,mBAAmB,EAAE,GAAG,wDAAa,qCAAqC,GAAC,CAAC;YACpF,MAAM,YAAY,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;YACjD,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,IAAI,CAChD,CAAC,CAAwB,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CACnD,CAAC;YACF,IAAI,CAAC,SAAS,IAAI,CAAC,MAAM,CAAC,GAAG;gBAAE,OAAO,KAAK,CAAC;YAE5C,iBAAiB;YACjB,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,CAAC;gBACvE,OAAO,KAAK,CAAC;YACf,CAAC;YAED,6CAA6C;YAC7C,IAAI,MAAM,CAAC,OAAO,EAAE,UAAU,EAAE,CAAC;gBAC/B,IAAI,CAAC;oBACH,MAAM,EAAE,mBAAmB,EAAE,GAAG,wDAAa,4CAA4C,GAAC,CAAC;oBAC3F,MAAM,KAAK,GAAG,IAAI,mBAAmB,CAAC;wBACpC,UAAU,EAAE,MAAM,CAAC,OAAO,CAAC,UAAU;wBACrC,mBAAmB,EAAE,MAAM,CAAC,OAAO,CAAC,mBAAmB;qBACxD,CAAC,CAAC;oBACH,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,CAAC,mBAAmB,EAAE,uBAAuB,CAAC,CAAC,CAAC;oBACxF,IAAI,MAAM,CAAC,MAAM,EAAE,iBAAiB,IAAI,MAAM,CAAC,MAAM,EAAE,qBAAqB,EAAE,CAAC;wBAC7E,OAAO,KAAK,CAAC;oBACf,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,uBAAuB;gBACzB,CAAC;YACH,CAAC;YAED,OAAO,IAAI,CAAC;QACd,CAAC;QACD,GAAG,EAAE,IAAI;QACT,SAAS,EAAE;YACT,uCAAuC;YACvC,EAAE;YACF,mCAAmC;YACnC,sCAAsC;YACtC,sCAAsC;YACtC,EAAE;YACF,mCAAmC;YACnC,mBAAmB;YACnB,EAAE;YACF,yCAAyC;YACzC,wEAAwE;YACxE,8BAA8B;SAC/B,CAAC,IAAI,CAAC,IAAI,CAAC;KACb;IACD;QACE,EAAE,EAAE,yBAAyB;QAC7B,KAAK,EAAE,SAAS;QAChB,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,wCAAwC;QACrD,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAE,QAAgB,EAAoB,EAAE;YACxE,2DAA2D;YAC3D,IAAI,CAAC,IAAA,kCAAiB,GAAE;gBAAE,OAAO,KAAK,CAAC;YACvC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,CAAC;gBACzE,sDAAsD;gBACtD,yBAAyB;YAC3B,CAAC;YAED,MAAM,SAAS,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACvC,MAAM,SAAS,GAAG,IAAA,gCAAe,EAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YACpD,sDAAsD;YACtD,2DAA2D;YAC3D,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,yCAAyC;gBACzC,IAAI,CAAC;oBACH,MAAM,EAAE,QAAQ,EAAE,GAAG,wDAAa,eAAe,GAAC,CAAC;oBACnD,MAAM,MAAM,GAAG,QAAQ,CAAC,4DAA4D,EAAE;wBACpF,QAAQ,EAAE,MAAM;wBAChB,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;qBAChC,CAAC,CAAC,IAAI,EAAE,CAAC;oBACV,2DAA2D;oBAC3D,OAAO,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC;gBAC3B,CAAC;gBAAC,MAAM,CAAC;oBACP,OAAO,KAAK,CAAC;gBACf,CAAC;YACH,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QACD,GAAG,EAAE,IAAI;QACT,SAAS,EAAE,+HAA+H;KAC3I;CACF,CAAC"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* AWS DB Replication Fixes
|
|
3
|
+
*
|
|
4
|
+
* Prereq checks for DB replication between staging (Mac Mini) and prod (RDS).
|
|
5
|
+
* Ensures PostgreSQL client is available on EC2 and RDS is reachable.
|
|
6
|
+
*
|
|
7
|
+
* Actual sync commands are in the AWS pipeline index.ts as plugin commands:
|
|
8
|
+
* - `db sync-to-prod`: pg_dump Mac Mini → SCP to EC2 → pg_restore into RDS
|
|
9
|
+
* - `db sync-to-staging`: pg_dump RDS via EC2 → SCP to Mac Mini → pg_restore
|
|
10
|
+
*/
|
|
11
|
+
import type { Fix } from '../../../../types/index.js';
|
|
12
|
+
export declare const dbReplicationFixes: Fix[];
|
|
13
|
+
//# sourceMappingURL=db-replication.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"db-replication.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/db-replication.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAiB,GAAG,EAAE,MAAM,4BAA4B,CAAC;AAwCrE,eAAO,MAAM,kBAAkB,EAAE,GAAG,EAuFnC,CAAC"}
|
|
@@ -0,0 +1,136 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* AWS DB Replication Fixes
|
|
4
|
+
*
|
|
5
|
+
* Prereq checks for DB replication between staging (Mac Mini) and prod (RDS).
|
|
6
|
+
* Ensures PostgreSQL client is available on EC2 and RDS is reachable.
|
|
7
|
+
*
|
|
8
|
+
* Actual sync commands are in the AWS pipeline index.ts as plugin commands:
|
|
9
|
+
* - `db sync-to-prod`: pg_dump Mac Mini → SCP to EC2 → pg_restore into RDS
|
|
10
|
+
* - `db sync-to-staging`: pg_dump RDS via EC2 → SCP to Mac Mini → pg_restore
|
|
11
|
+
*/
|
|
12
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
13
|
+
exports.dbReplicationFixes = void 0;
|
|
14
|
+
const aws_helpers_js_1 = require("../utils/aws-helpers.js");
|
|
15
|
+
/**
|
|
16
|
+
* Find RDS instance endpoint
|
|
17
|
+
*/
|
|
18
|
+
function findRdsEndpoint(projectName, region) {
|
|
19
|
+
const dbId = 'factiii-' + projectName + '-db';
|
|
20
|
+
const result = (0, aws_helpers_js_1.awsExecSafe)('aws rds describe-db-instances --db-instance-identifier ' + dbId +
|
|
21
|
+
' --query "DBInstances[0].Endpoint.Address" --output text', region);
|
|
22
|
+
if (!result || result === 'None' || result === 'null')
|
|
23
|
+
return null;
|
|
24
|
+
return result.replace(/"/g, '');
|
|
25
|
+
}
|
|
26
|
+
/**
|
|
27
|
+
* Check if AWS is configured for this project
|
|
28
|
+
*/
|
|
29
|
+
function isAwsConfigured(config) {
|
|
30
|
+
if (config.aws)
|
|
31
|
+
return true;
|
|
32
|
+
// eslint-disable-next-line @typescript-eslint/no-require-imports
|
|
33
|
+
const { extractEnvironments } = require('../../../../utils/config-helpers.js');
|
|
34
|
+
const environments = extractEnvironments(config);
|
|
35
|
+
return Object.values(environments).some((e) => e.pipeline === 'aws');
|
|
36
|
+
}
|
|
37
|
+
/**
|
|
38
|
+
* Get prod environment config
|
|
39
|
+
*/
|
|
40
|
+
function getProdEnv(config) {
|
|
41
|
+
// eslint-disable-next-line @typescript-eslint/no-require-imports
|
|
42
|
+
const { extractEnvironments } = require('../../../../utils/config-helpers.js');
|
|
43
|
+
const environments = extractEnvironments(config);
|
|
44
|
+
return environments.prod ?? environments.production ?? null;
|
|
45
|
+
}
|
|
46
|
+
exports.dbReplicationFixes = [
|
|
47
|
+
{
|
|
48
|
+
id: 'aws-rds-ec2-pg-client-missing',
|
|
49
|
+
stage: 'prod',
|
|
50
|
+
severity: 'warning',
|
|
51
|
+
description: 'PostgreSQL client not installed on EC2 (needed for DB sync)',
|
|
52
|
+
scan: async (config) => {
|
|
53
|
+
if (!isAwsConfigured(config))
|
|
54
|
+
return false;
|
|
55
|
+
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
56
|
+
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
57
|
+
// Only check if RDS exists
|
|
58
|
+
const endpoint = findRdsEndpoint(projectName, region);
|
|
59
|
+
if (!endpoint)
|
|
60
|
+
return false;
|
|
61
|
+
// Check if pg_dump is available on EC2 via SSH
|
|
62
|
+
const prodEnv = getProdEnv(config);
|
|
63
|
+
if (!prodEnv?.domain || prodEnv.domain.startsWith('EXAMPLE-'))
|
|
64
|
+
return false;
|
|
65
|
+
try {
|
|
66
|
+
// eslint-disable-next-line @typescript-eslint/no-require-imports
|
|
67
|
+
const { sshExec } = require('../../../../utils/ssh-helper.js');
|
|
68
|
+
const result = await sshExec(prodEnv, 'which pg_dump 2>/dev/null || echo "not_found"');
|
|
69
|
+
return result.trim() === 'not_found';
|
|
70
|
+
}
|
|
71
|
+
catch {
|
|
72
|
+
return false; // Can't SSH — skip
|
|
73
|
+
}
|
|
74
|
+
},
|
|
75
|
+
fix: async (config) => {
|
|
76
|
+
const prodEnv = getProdEnv(config);
|
|
77
|
+
if (!prodEnv?.domain) {
|
|
78
|
+
console.log(' Production domain not configured');
|
|
79
|
+
return false;
|
|
80
|
+
}
|
|
81
|
+
try {
|
|
82
|
+
// eslint-disable-next-line @typescript-eslint/no-require-imports
|
|
83
|
+
const { sshExec } = require('../../../../utils/ssh-helper.js');
|
|
84
|
+
console.log(' Installing PostgreSQL 15 client on EC2...');
|
|
85
|
+
await sshExec(prodEnv, 'sudo apt-get update -qq && sudo apt-get install -y postgresql-client-15');
|
|
86
|
+
console.log(' PostgreSQL client installed');
|
|
87
|
+
return true;
|
|
88
|
+
}
|
|
89
|
+
catch (e) {
|
|
90
|
+
console.log(' Failed to install pg client: ' + (e instanceof Error ? e.message : String(e)));
|
|
91
|
+
return false;
|
|
92
|
+
}
|
|
93
|
+
},
|
|
94
|
+
manualFix: 'SSH to EC2 and run: sudo apt-get install -y postgresql-client-15',
|
|
95
|
+
},
|
|
96
|
+
{
|
|
97
|
+
id: 'aws-rds-connectivity',
|
|
98
|
+
stage: 'prod',
|
|
99
|
+
severity: 'critical',
|
|
100
|
+
description: 'EC2 cannot connect to RDS (check security groups)',
|
|
101
|
+
scan: async (config) => {
|
|
102
|
+
if (!isAwsConfigured(config))
|
|
103
|
+
return false;
|
|
104
|
+
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
105
|
+
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
106
|
+
const endpoint = findRdsEndpoint(projectName, region);
|
|
107
|
+
if (!endpoint)
|
|
108
|
+
return false;
|
|
109
|
+
const prodEnv = getProdEnv(config);
|
|
110
|
+
if (!prodEnv?.domain || prodEnv.domain.startsWith('EXAMPLE-'))
|
|
111
|
+
return false;
|
|
112
|
+
try {
|
|
113
|
+
// eslint-disable-next-line @typescript-eslint/no-require-imports
|
|
114
|
+
const { sshExec } = require('../../../../utils/ssh-helper.js');
|
|
115
|
+
// Check if pg_isready is available first
|
|
116
|
+
const hasPg = await sshExec(prodEnv, 'which pg_isready 2>/dev/null || echo "not_found"');
|
|
117
|
+
if (hasPg.trim() === 'not_found')
|
|
118
|
+
return false; // Can't test without pg client
|
|
119
|
+
const result = await sshExec(prodEnv, 'pg_isready -h ' + endpoint + ' -p 5432 2>&1');
|
|
120
|
+
return !result.includes('accepting connections');
|
|
121
|
+
}
|
|
122
|
+
catch {
|
|
123
|
+
return false;
|
|
124
|
+
}
|
|
125
|
+
},
|
|
126
|
+
fix: null,
|
|
127
|
+
manualFix: [
|
|
128
|
+
'EC2 cannot reach RDS. Check:',
|
|
129
|
+
'1. RDS security group allows port 5432 from EC2 security group',
|
|
130
|
+
'2. RDS is in the same VPC as EC2',
|
|
131
|
+
'3. RDS instance status is "available"',
|
|
132
|
+
'4. Test: ssh to EC2, run: pg_isready -h <rds-endpoint> -p 5432',
|
|
133
|
+
].join('\n'),
|
|
134
|
+
},
|
|
135
|
+
];
|
|
136
|
+
//# sourceMappingURL=db-replication.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"db-replication.js","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/db-replication.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;;AAGH,4DAAoF;AAEpF;;GAEG;AACH,SAAS,eAAe,CAAC,WAAmB,EAAE,MAAc;IAC1D,MAAM,IAAI,GAAG,UAAU,GAAG,WAAW,GAAG,KAAK,CAAC;IAC9C,MAAM,MAAM,GAAG,IAAA,4BAAW,EACxB,yDAAyD,GAAG,IAAI;QAChE,0DAA0D,EAC1D,MAAM,CACP,CAAC;IACF,IAAI,CAAC,MAAM,IAAI,MAAM,KAAK,MAAM,IAAI,MAAM,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC;IACnE,OAAO,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;AAClC,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,MAAqB;IAC5C,IAAI,MAAM,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IAC5B,iEAAiE;IACjE,MAAM,EAAE,mBAAmB,EAAE,GAAG,OAAO,CAAC,qCAAqC,CAAC,CAAC;IAC/E,MAAM,YAAY,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IACjD,OAAO,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,IAAI,CACrC,CAAC,CAAU,EAAE,EAAE,CAAE,CAA2B,CAAC,QAAQ,KAAK,KAAK,CAChE,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,UAAU,CAAC,MAAqB;IACvC,iEAAiE;IACjE,MAAM,EAAE,mBAAmB,EAAE,GAAG,OAAO,CAAC,qCAAqC,CAAC,CAAC;IAC/E,MAAM,YAAY,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IACjD,OAAO,YAAY,CAAC,IAAI,IAAI,YAAY,CAAC,UAAU,IAAI,IAAI,CAAC;AAC9D,CAAC;AAEY,QAAA,kBAAkB,GAAU;IACvC;QACE,EAAE,EAAE,+BAA+B;QACnC,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,6DAA6D;QAC1E,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACtD,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAE3C,2BAA2B;YAC3B,MAAM,QAAQ,GAAG,eAAe,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;YACtD,IAAI,CAAC,QAAQ;gBAAE,OAAO,KAAK,CAAC;YAE5B,+CAA+C;YAC/C,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;YACnC,IAAI,CAAC,OAAO,EAAE,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC;gBAAE,OAAO,KAAK,CAAC;YAE5E,IAAI,CAAC;gBACH,iEAAiE;gBACjE,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,iCAAiC,CAAC,CAAC;gBAC/D,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,OAAO,EAAE,+CAA+C,CAAC,CAAC;gBACvF,OAAO,MAAM,CAAC,IAAI,EAAE,KAAK,WAAW,CAAC;YACvC,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,KAAK,CAAC,CAAC,mBAAmB;YACnC,CAAC;QACH,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACrD,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;YACnC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,CAAC;gBACrB,OAAO,CAAC,GAAG,CAAC,qCAAqC,CAAC,CAAC;gBACnD,OAAO,KAAK,CAAC;YACf,CAAC;YAED,IAAI,CAAC;gBACH,iEAAiE;gBACjE,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,iCAAiC,CAAC,CAAC;gBAC/D,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;gBAC5D,MAAM,OAAO,CAAC,OAAO,EAAE,yEAAyE,CAAC,CAAC;gBAClG,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;gBAC9C,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,kCAAkC,GAAG,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC/F,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,SAAS,EAAE,kEAAkE;KAC9E;IACD;QACE,EAAE,EAAE,sBAAsB;QAC1B,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,mDAAmD;QAChE,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACtD,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAE3C,MAAM,QAAQ,GAAG,eAAe,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;YACtD,IAAI,CAAC,QAAQ;gBAAE,OAAO,KAAK,CAAC;YAE5B,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;YACnC,IAAI,CAAC,OAAO,EAAE,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC;gBAAE,OAAO,KAAK,CAAC;YAE5E,IAAI,CAAC;gBACH,iEAAiE;gBACjE,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,iCAAiC,CAAC,CAAC;gBAC/D,yCAAyC;gBACzC,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,OAAO,EAAE,kDAAkD,CAAC,CAAC;gBACzF,IAAI,KAAK,CAAC,IAAI,EAAE,KAAK,WAAW;oBAAE,OAAO,KAAK,CAAC,CAAC,+BAA+B;gBAE/E,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,OAAO,EAAE,gBAAgB,GAAG,QAAQ,GAAG,eAAe,CAAC,CAAC;gBACrF,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,uBAAuB,CAAC,CAAC;YACnD,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,GAAG,EAAE,IAAI;QACT,SAAS,EAAE;YACT,8BAA8B;YAC9B,gEAAgE;YAChE,kCAAkC;YAClC,uCAAuC;YACvC,gEAAgE;SACjE,CAAC,IAAI,CAAC,IAAI,CAAC;KACb;CACF,CAAC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* AWS EC2 Fixes
|
|
3
|
+
*
|
|
4
|
+
* Provisions EC2 key pair, instance, and Elastic IP.
|
|
5
|
+
* Uses Ubuntu 22.04 AMI, t2.micro (free tier), public subnet.
|
|
6
|
+
* Key pair private key is stored in Ansible Vault.
|
|
7
|
+
*/
|
|
8
|
+
import type { Fix } from '../../../../types/index.js';
|
|
9
|
+
export declare const ec2Fixes: Fix[];
|
|
10
|
+
//# sourceMappingURL=ec2.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ec2.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/ec2.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAiB,GAAG,EAAE,MAAM,4BAA4B,CAAC;AAmGrE,eAAO,MAAM,QAAQ,EAAE,GAAG,EA2LzB,CAAC"}
|