@factiii/stack 0.1.33 → 0.1.35
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +441 -441
- package/bin/stack +46 -0
- package/dist/cli/fix.d.ts.map +1 -1
- package/dist/cli/fix.js +17 -11
- package/dist/cli/fix.js.map +1 -1
- package/dist/cli/init.d.ts.map +1 -1
- package/dist/cli/init.js +20 -7
- package/dist/cli/init.js.map +1 -1
- package/dist/cli/scan.d.ts.map +1 -1
- package/dist/cli/scan.js +14 -22
- package/dist/cli/scan.js.map +1 -1
- package/dist/generators/generate-stack-yml.d.ts +1 -1
- package/dist/generators/generate-stack-yml.d.ts.map +1 -1
- package/dist/generators/generate-stack-yml.js +96 -69
- package/dist/generators/generate-stack-yml.js.map +1 -1
- package/dist/plugins/addons/openclaw/index.d.ts +45 -0
- package/dist/plugins/addons/openclaw/index.d.ts.map +1 -0
- package/dist/plugins/addons/openclaw/index.js +107 -0
- package/dist/plugins/addons/openclaw/index.js.map +1 -0
- package/dist/plugins/addons/openclaw/scanfix/setup.d.ts +19 -0
- package/dist/plugins/addons/openclaw/scanfix/setup.d.ts.map +1 -0
- package/dist/plugins/addons/openclaw/scanfix/setup.js +441 -0
- package/dist/plugins/addons/openclaw/scanfix/setup.js.map +1 -0
- package/dist/plugins/frameworks/expo/index.d.ts +45 -0
- package/dist/plugins/frameworks/expo/index.d.ts.map +1 -0
- package/dist/plugins/frameworks/expo/index.js +549 -0
- package/dist/plugins/frameworks/expo/index.js.map +1 -0
- package/dist/plugins/frameworks/prisma-trpc/index.js +8 -8
- package/dist/plugins/frameworks/prisma-trpc/index.js.map +1 -1
- package/dist/plugins/index.d.ts.map +1 -1
- package/dist/plugins/index.js +16 -0
- package/dist/plugins/index.js.map +1 -1
- package/dist/plugins/pipelines/aws/index.js +15 -15
- package/dist/plugins/pipelines/aws/prod.js +7 -7
- package/dist/plugins/pipelines/aws/scanfix/aws-cli.d.ts +3 -1
- package/dist/plugins/pipelines/aws/scanfix/aws-cli.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/aws-cli.js +17 -7
- package/dist/plugins/pipelines/aws/scanfix/aws-cli.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/config.js +4 -4
- package/dist/plugins/pipelines/aws/scanfix/config.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/credentials.d.ts +1 -1
- package/dist/plugins/pipelines/aws/scanfix/credentials.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/credentials.js +30 -76
- package/dist/plugins/pipelines/aws/scanfix/credentials.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/db-replication.d.ts +1 -4
- package/dist/plugins/pipelines/aws/scanfix/db-replication.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/db-replication.js +11 -41
- package/dist/plugins/pipelines/aws/scanfix/db-replication.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/ec2.d.ts +1 -0
- package/dist/plugins/pipelines/aws/scanfix/ec2.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/ec2.js +64 -113
- package/dist/plugins/pipelines/aws/scanfix/ec2.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/ecr.d.ts +1 -0
- package/dist/plugins/pipelines/aws/scanfix/ecr.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/ecr.js +27 -36
- package/dist/plugins/pipelines/aws/scanfix/ecr.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/iam.d.ts +1 -0
- package/dist/plugins/pipelines/aws/scanfix/iam.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/iam.js +37 -46
- package/dist/plugins/pipelines/aws/scanfix/iam.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/rds.d.ts +1 -0
- package/dist/plugins/pipelines/aws/scanfix/rds.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/rds.js +43 -108
- package/dist/plugins/pipelines/aws/scanfix/rds.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/s3.d.ts +1 -0
- package/dist/plugins/pipelines/aws/scanfix/s3.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/s3.js +46 -55
- package/dist/plugins/pipelines/aws/scanfix/s3.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/security-groups.d.ts +1 -0
- package/dist/plugins/pipelines/aws/scanfix/security-groups.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/security-groups.js +83 -82
- package/dist/plugins/pipelines/aws/scanfix/security-groups.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/ses.d.ts +1 -0
- package/dist/plugins/pipelines/aws/scanfix/ses.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/ses.js +31 -53
- package/dist/plugins/pipelines/aws/scanfix/ses.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/ssh-bridge.d.ts +17 -0
- package/dist/plugins/pipelines/aws/scanfix/ssh-bridge.d.ts.map +1 -0
- package/dist/plugins/pipelines/aws/scanfix/ssh-bridge.js +180 -0
- package/dist/plugins/pipelines/aws/scanfix/ssh-bridge.js.map +1 -0
- package/dist/plugins/pipelines/aws/scanfix/vpc.d.ts +1 -0
- package/dist/plugins/pipelines/aws/scanfix/vpc.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/vpc.js +97 -98
- package/dist/plugins/pipelines/aws/scanfix/vpc.js.map +1 -1
- package/dist/plugins/pipelines/aws/utils/aws-helpers.d.ts +101 -28
- package/dist/plugins/pipelines/aws/utils/aws-helpers.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/utils/aws-helpers.js +428 -76
- package/dist/plugins/pipelines/aws/utils/aws-helpers.js.map +1 -1
- package/dist/plugins/pipelines/factiii/index.d.ts +11 -1
- package/dist/plugins/pipelines/factiii/index.d.ts.map +1 -1
- package/dist/plugins/pipelines/factiii/index.js +183 -33
- package/dist/plugins/pipelines/factiii/index.js.map +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/ansible.js +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/ansible.js.map +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/bootstrap.js +6 -6
- package/dist/plugins/pipelines/factiii/scanfix/bootstrap.js.map +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/config.d.ts +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/config.js +4 -4
- package/dist/plugins/pipelines/factiii/scanfix/config.js.map +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/env-files.js +7 -7
- package/dist/plugins/pipelines/factiii/scanfix/env-files.js.map +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/github-cli.js +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/github-cli.js.map +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/secrets.d.ts.map +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/secrets.js +73 -13
- package/dist/plugins/pipelines/factiii/scanfix/secrets.js.map +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/workflows.d.ts.map +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/workflows.js +52 -4
- package/dist/plugins/pipelines/factiii/scanfix/workflows.js.map +1 -1
- package/dist/plugins/servers/mac/index.js +13 -13
- package/dist/plugins/servers/mac/scanfix/config.js +5 -5
- package/dist/plugins/servers/mac/scanfix/config.js.map +1 -1
- package/dist/plugins/servers/mac/scanfix/containers.js +1 -1
- package/dist/plugins/servers/mac/scanfix/containers.js.map +1 -1
- package/dist/plugins/servers/mac/scanfix/system.js +6 -6
- package/dist/plugins/servers/mac/scanfix/system.js.map +1 -1
- package/dist/plugins/servers/mac/staging.js +4 -4
- package/dist/plugins/servers/windows/index.js +2 -2
- package/dist/plugins/servers/windows/index.js.map +1 -1
- package/dist/scanfix/fixes/certbot.js +1 -1
- package/dist/scripts/validate-example-values.d.ts +1 -1
- package/dist/scripts/validate-example-values.js +6 -6
- package/dist/utils/config-helpers.d.ts +3 -0
- package/dist/utils/config-helpers.d.ts.map +1 -1
- package/dist/utils/config-helpers.js.map +1 -1
- package/dist/utils/secret-prompts.d.ts +5 -2
- package/dist/utils/secret-prompts.d.ts.map +1 -1
- package/dist/utils/secret-prompts.js +55 -32
- package/dist/utils/secret-prompts.js.map +1 -1
- package/dist/utils/template-generator.js +71 -71
- package/package.json +8 -1
|
@@ -4,6 +4,7 @@
|
|
|
4
4
|
*
|
|
5
5
|
* Configures Simple Email Service for transactional email.
|
|
6
6
|
* Handles domain verification, DKIM setup, and sandbox status.
|
|
7
|
+
* Uses AWS SDK v3.
|
|
7
8
|
*/
|
|
8
9
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
9
10
|
exports.sesFixes = void 0;
|
|
@@ -17,53 +18,24 @@ function getProdDomain(config) {
|
|
|
17
18
|
const environments = extractEnvironments(config);
|
|
18
19
|
const prodEnv = environments.prod ?? environments.production;
|
|
19
20
|
const domain = prodEnv?.domain;
|
|
20
|
-
if (!domain || domain.startsWith('
|
|
21
|
+
if (!domain || domain.startsWith('EXAMPLE_'))
|
|
21
22
|
return null;
|
|
22
23
|
return domain;
|
|
23
24
|
}
|
|
24
|
-
/**
|
|
25
|
-
* Check if domain is verified in SES
|
|
26
|
-
*/
|
|
27
|
-
function isDomainVerified(domain, region) {
|
|
28
|
-
const result = (0, aws_helpers_js_1.awsExecSafe)('aws ses get-identity-verification-attributes --identities ' + domain +
|
|
29
|
-
' --query "VerificationAttributes.' + domain + '.VerificationStatus" --output text', region);
|
|
30
|
-
return result === 'Success';
|
|
31
|
-
}
|
|
32
|
-
/**
|
|
33
|
-
* Check if DKIM is configured for domain
|
|
34
|
-
*/
|
|
35
|
-
function hasDkim(domain, region) {
|
|
36
|
-
const result = (0, aws_helpers_js_1.awsExecSafe)('aws ses get-identity-dkim-attributes --identities ' + domain +
|
|
37
|
-
' --query "DkimAttributes.' + domain + '.DkimEnabled" --output text', region);
|
|
38
|
-
return result === 'true' || result === 'True';
|
|
39
|
-
}
|
|
40
|
-
/**
|
|
41
|
-
* Check if AWS is configured for this project
|
|
42
|
-
*/
|
|
43
|
-
function isAwsConfigured(config) {
|
|
44
|
-
if ((0, aws_helpers_js_1.isOnServer)())
|
|
45
|
-
return false;
|
|
46
|
-
if (config.aws)
|
|
47
|
-
return true;
|
|
48
|
-
// eslint-disable-next-line @typescript-eslint/no-require-imports
|
|
49
|
-
const { extractEnvironments } = require('../../../../utils/config-helpers.js');
|
|
50
|
-
const environments = extractEnvironments(config);
|
|
51
|
-
return Object.values(environments).some((e) => e.pipeline === 'aws');
|
|
52
|
-
}
|
|
53
25
|
exports.sesFixes = [
|
|
54
26
|
{
|
|
55
27
|
id: 'aws-ses-domain-missing',
|
|
56
28
|
stage: 'prod',
|
|
57
29
|
severity: 'warning',
|
|
58
|
-
description: 'SES domain identity not verified for email',
|
|
30
|
+
description: '📧 SES domain identity not verified for email',
|
|
59
31
|
scan: async (config) => {
|
|
60
|
-
if (!isAwsConfigured(config))
|
|
32
|
+
if (!(0, aws_helpers_js_1.isAwsConfigured)(config))
|
|
61
33
|
return false;
|
|
62
34
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
63
35
|
const domain = getProdDomain(config);
|
|
64
36
|
if (!domain)
|
|
65
37
|
return false;
|
|
66
|
-
return !isDomainVerified(domain, region);
|
|
38
|
+
return !(await (0, aws_helpers_js_1.isDomainVerified)(domain, region));
|
|
67
39
|
},
|
|
68
40
|
fix: async (config) => {
|
|
69
41
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
@@ -73,12 +45,14 @@ exports.sesFixes = [
|
|
|
73
45
|
return false;
|
|
74
46
|
}
|
|
75
47
|
try {
|
|
48
|
+
const ses = (0, aws_helpers_js_1.getSESClient)(region);
|
|
76
49
|
// Start domain verification
|
|
77
|
-
(
|
|
50
|
+
await ses.send(new aws_helpers_js_1.VerifyDomainIdentityCommand({ Domain: domain }));
|
|
78
51
|
// Get the verification token
|
|
79
|
-
const tokenResult = (
|
|
80
|
-
|
|
81
|
-
|
|
52
|
+
const tokenResult = await ses.send(new aws_helpers_js_1.GetIdentityVerificationAttributesCommand({
|
|
53
|
+
Identities: [domain],
|
|
54
|
+
}));
|
|
55
|
+
const token = tokenResult.VerificationAttributes?.[domain]?.VerificationToken ?? '';
|
|
82
56
|
console.log(' Started domain verification for: ' + domain);
|
|
83
57
|
console.log('');
|
|
84
58
|
console.log(' Add this TXT record to your DNS:');
|
|
@@ -100,17 +74,17 @@ exports.sesFixes = [
|
|
|
100
74
|
id: 'aws-ses-dkim-missing',
|
|
101
75
|
stage: 'prod',
|
|
102
76
|
severity: 'info',
|
|
103
|
-
description: 'SES DKIM not configured (improves email deliverability)',
|
|
77
|
+
description: '📧 SES DKIM not configured (improves email deliverability)',
|
|
104
78
|
scan: async (config) => {
|
|
105
|
-
if (!isAwsConfigured(config))
|
|
79
|
+
if (!(0, aws_helpers_js_1.isAwsConfigured)(config))
|
|
106
80
|
return false;
|
|
107
81
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
108
82
|
const domain = getProdDomain(config);
|
|
109
83
|
if (!domain)
|
|
110
84
|
return false;
|
|
111
|
-
if (!isDomainVerified(domain, region))
|
|
112
|
-
return false;
|
|
113
|
-
return !hasDkim(domain, region);
|
|
85
|
+
if (!(await (0, aws_helpers_js_1.isDomainVerified)(domain, region)))
|
|
86
|
+
return false;
|
|
87
|
+
return !(await (0, aws_helpers_js_1.hasDkim)(domain, region));
|
|
114
88
|
},
|
|
115
89
|
fix: async (config) => {
|
|
116
90
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
@@ -118,10 +92,10 @@ exports.sesFixes = [
|
|
|
118
92
|
if (!domain)
|
|
119
93
|
return false;
|
|
120
94
|
try {
|
|
95
|
+
const ses = (0, aws_helpers_js_1.getSESClient)(region);
|
|
121
96
|
// Generate DKIM tokens
|
|
122
|
-
const result = (
|
|
123
|
-
const
|
|
124
|
-
const tokens = parsed.DkimTokens ?? [];
|
|
97
|
+
const result = await ses.send(new aws_helpers_js_1.VerifyDomainDkimCommand({ Domain: domain }));
|
|
98
|
+
const tokens = result.DkimTokens ?? [];
|
|
125
99
|
console.log(' Generated DKIM tokens for: ' + domain);
|
|
126
100
|
console.log('');
|
|
127
101
|
console.log(' Add these CNAME records to your DNS:');
|
|
@@ -145,28 +119,32 @@ exports.sesFixes = [
|
|
|
145
119
|
id: 'aws-ses-sandbox',
|
|
146
120
|
stage: 'prod',
|
|
147
121
|
severity: 'info',
|
|
148
|
-
description: 'SES is in sandbox mode (can only send to verified emails)',
|
|
122
|
+
description: '📧 SES is in sandbox mode (can only send to verified emails)',
|
|
149
123
|
scan: async (config) => {
|
|
150
|
-
if (!isAwsConfigured(config))
|
|
124
|
+
if (!(0, aws_helpers_js_1.isAwsConfigured)(config))
|
|
151
125
|
return false;
|
|
152
126
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
153
127
|
const domain = getProdDomain(config);
|
|
154
128
|
if (!domain)
|
|
155
129
|
return false;
|
|
156
|
-
if (!isDomainVerified(domain, region))
|
|
130
|
+
if (!(await (0, aws_helpers_js_1.isDomainVerified)(domain, region)))
|
|
157
131
|
return false;
|
|
158
132
|
// Check sending quota — sandbox has max 200/day
|
|
159
|
-
|
|
160
|
-
|
|
133
|
+
try {
|
|
134
|
+
const ses = (0, aws_helpers_js_1.getSESClient)(region);
|
|
135
|
+
const result = await ses.send(new aws_helpers_js_1.GetSendQuotaCommand({}));
|
|
136
|
+
const maxSend = result.Max24HourSend ?? 0;
|
|
137
|
+
return maxSend <= 200;
|
|
138
|
+
}
|
|
139
|
+
catch {
|
|
161
140
|
return false;
|
|
162
|
-
|
|
163
|
-
return maxSend <= 200; // Sandbox limit
|
|
141
|
+
}
|
|
164
142
|
},
|
|
165
143
|
fix: null,
|
|
166
144
|
manualFix: [
|
|
167
145
|
'SES is in sandbox mode. To send to unverified emails:',
|
|
168
146
|
'',
|
|
169
|
-
'1. Go to AWS Console
|
|
147
|
+
'1. Go to AWS Console > SES > Account dashboard',
|
|
170
148
|
'2. Click "Request production access"',
|
|
171
149
|
'3. Fill in the form with your use case',
|
|
172
150
|
'4. AWS typically approves within 24 hours',
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ses.js","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/ses.ts"],"names":[],"mappings":";AAAA
|
|
1
|
+
{"version":3,"file":"ses.js","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/ses.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;AAGH,4DAUiC;AAEjC;;GAEG;AACH,SAAS,aAAa,CAAC,MAAqB;IAC1C,iEAAiE;IACjE,MAAM,EAAE,mBAAmB,EAAE,GAAG,OAAO,CAAC,qCAAqC,CAAC,CAAC;IAC/E,MAAM,YAAY,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IACjD,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,IAAI,YAAY,CAAC,UAAU,CAAC;IAC7D,MAAM,MAAM,GAAG,OAAO,EAAE,MAAM,CAAC;IAC/B,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC;QAAE,OAAO,IAAI,CAAC;IAC1D,OAAO,MAAM,CAAC;AAChB,CAAC;AAEY,QAAA,QAAQ,GAAU;IAC7B;QACE,EAAE,EAAE,wBAAwB;QAC5B,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,+CAA+C;QAC5D,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACtD,IAAI,CAAC,IAAA,gCAAe,EAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;YACrC,IAAI,CAAC,MAAM;gBAAE,OAAO,KAAK,CAAC;YAC1B,OAAO,CAAC,CAAC,MAAM,IAAA,iCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;QACnD,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACrD,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;YACrC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAC;gBAC3D,OAAO,KAAK,CAAC;YACf,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;gBAEjC,4BAA4B;gBAC5B,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,4CAA2B,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;gBAEpE,6BAA6B;gBAC7B,MAAM,WAAW,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,yDAAwC,CAAC;oBAC9E,UAAU,EAAE,CAAC,MAAM,CAAC;iBACrB,CAAC,CAAC,CAAC;gBACJ,MAAM,KAAK,GAAG,WAAW,CAAC,sBAAsB,EAAE,CAAC,MAAM,CAAC,EAAE,iBAAiB,IAAI,EAAE,CAAC;gBAEpF,OAAO,CAAC,GAAG,CAAC,sCAAsC,GAAG,MAAM,CAAC,CAAC;gBAC7D,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAChB,OAAO,CAAC,GAAG,CAAC,qCAAqC,CAAC,CAAC;gBACnD,OAAO,CAAC,GAAG,CAAC,uBAAuB,GAAG,MAAM,CAAC,CAAC;gBAC9C,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;gBAC7B,OAAO,CAAC,GAAG,CAAC,YAAY,GAAG,KAAK,CAAC,CAAC;gBAClC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAChB,OAAO,CAAC,GAAG,CAAC,+DAA+D,CAAC,CAAC;gBAE7E,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,0CAA0C,GAAG,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBACvG,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,SAAS,EAAE,wGAAwG;KACpH;IACD;QACE,EAAE,EAAE,sBAAsB;QAC1B,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,4DAA4D;QACzE,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACtD,IAAI,CAAC,IAAA,gCAAe,EAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;YACrC,IAAI,CAAC,MAAM;gBAAE,OAAO,KAAK,CAAC;YAC1B,IAAI,CAAC,CAAC,MAAM,IAAA,iCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC5D,OAAO,CAAC,CAAC,MAAM,IAAA,wBAAO,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;QAC1C,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACrD,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;YACrC,IAAI,CAAC,MAAM;gBAAE,OAAO,KAAK,CAAC;YAE1B,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;gBAEjC,uBAAuB;gBACvB,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,wCAAuB,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;gBAC/E,MAAM,MAAM,GAAa,MAAM,CAAC,UAAU,IAAI,EAAE,CAAC;gBAEjD,OAAO,CAAC,GAAG,CAAC,gCAAgC,GAAG,MAAM,CAAC,CAAC;gBACvD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAChB,OAAO,CAAC,GAAG,CAAC,yCAAyC,CAAC,CAAC;gBACvD,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;oBAC3B,OAAO,CAAC,GAAG,CAAC,YAAY,GAAG,KAAK,GAAG,cAAc,GAAG,MAAM,CAAC,CAAC;oBAC5D,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;oBAC/B,OAAO,CAAC,GAAG,CAAC,YAAY,GAAG,KAAK,GAAG,qBAAqB,CAAC,CAAC;oBAC1D,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAClB,CAAC;gBACD,OAAO,CAAC,GAAG,CAAC,oEAAoE,CAAC,CAAC;gBAElF,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,+BAA+B,GAAG,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC5F,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,SAAS,EAAE,6FAA6F;KACzG;IACD;QACE,EAAE,EAAE,iBAAiB;QACrB,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,8DAA8D;QAC3E,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACtD,IAAI,CAAC,IAAA,gCAAe,EAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;YACrC,IAAI,CAAC,MAAM;gBAAE,OAAO,KAAK,CAAC;YAC1B,IAAI,CAAC,CAAC,MAAM,IAAA,iCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;gBAAE,OAAO,KAAK,CAAC;YAE5D,gDAAgD;YAChD,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;gBACjC,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,oCAAmB,CAAC,EAAE,CAAC,CAAC,CAAC;gBAC3D,MAAM,OAAO,GAAG,MAAM,CAAC,aAAa,IAAI,CAAC,CAAC;gBAC1C,OAAO,OAAO,IAAI,GAAG,CAAC;YACxB,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,GAAG,EAAE,IAAI;QACT,SAAS,EAAE;YACT,uDAAuD;YACvD,EAAE;YACF,gDAAgD;YAChD,sCAAsC;YACtC,wCAAwC;YACxC,2CAA2C;SAC5C,CAAC,IAAI,CAAC,IAAI,CAAC;KACb;CACF,CAAC"}
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* AWS SSH Bridge Fixes
|
|
3
|
+
*
|
|
4
|
+
* Bridges the gap between AWS EC2 key pair creation and the factiii
|
|
5
|
+
* SSH key convention (Ansible Vault PROD_SSH + ~/.ssh/prod_deploy_key).
|
|
6
|
+
*
|
|
7
|
+
* After EC2 provisions a key pair and saves it to ~/.ssh/prod_deploy_key,
|
|
8
|
+
* this fix automatically stores it in Ansible Vault as PROD_SSH so that:
|
|
9
|
+
* - Other dev machines can pull the key via `npx stack secrets write-ssh-keys`
|
|
10
|
+
* - The `missing-prod-ssh` secrets check passes
|
|
11
|
+
* - canReach('prod') returns via: 'ssh' on subsequent runs
|
|
12
|
+
*
|
|
13
|
+
* Uses AWS SDK v3 for Elastic IP lookup.
|
|
14
|
+
*/
|
|
15
|
+
import type { Fix } from '../../../../types/index.js';
|
|
16
|
+
export declare const sshBridgeFixes: Fix[];
|
|
17
|
+
//# sourceMappingURL=ssh-bridge.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ssh-bridge.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/ssh-bridge.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAKH,OAAO,KAAK,EAAiB,GAAG,EAAE,MAAM,4BAA4B,CAAC;AAuBrE,eAAO,MAAM,cAAc,EAAE,GAAG,EA8G/B,CAAC"}
|
|
@@ -0,0 +1,180 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* AWS SSH Bridge Fixes
|
|
4
|
+
*
|
|
5
|
+
* Bridges the gap between AWS EC2 key pair creation and the factiii
|
|
6
|
+
* SSH key convention (Ansible Vault PROD_SSH + ~/.ssh/prod_deploy_key).
|
|
7
|
+
*
|
|
8
|
+
* After EC2 provisions a key pair and saves it to ~/.ssh/prod_deploy_key,
|
|
9
|
+
* this fix automatically stores it in Ansible Vault as PROD_SSH so that:
|
|
10
|
+
* - Other dev machines can pull the key via `npx stack secrets write-ssh-keys`
|
|
11
|
+
* - The `missing-prod-ssh` secrets check passes
|
|
12
|
+
* - canReach('prod') returns via: 'ssh' on subsequent runs
|
|
13
|
+
*
|
|
14
|
+
* Uses AWS SDK v3 for Elastic IP lookup.
|
|
15
|
+
*/
|
|
16
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
17
|
+
if (k2 === undefined) k2 = k;
|
|
18
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
19
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
20
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
21
|
+
}
|
|
22
|
+
Object.defineProperty(o, k2, desc);
|
|
23
|
+
}) : (function(o, m, k, k2) {
|
|
24
|
+
if (k2 === undefined) k2 = k;
|
|
25
|
+
o[k2] = m[k];
|
|
26
|
+
}));
|
|
27
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
28
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
29
|
+
}) : function(o, v) {
|
|
30
|
+
o["default"] = v;
|
|
31
|
+
});
|
|
32
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
33
|
+
var ownKeys = function(o) {
|
|
34
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
35
|
+
var ar = [];
|
|
36
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
37
|
+
return ar;
|
|
38
|
+
};
|
|
39
|
+
return ownKeys(o);
|
|
40
|
+
};
|
|
41
|
+
return function (mod) {
|
|
42
|
+
if (mod && mod.__esModule) return mod;
|
|
43
|
+
var result = {};
|
|
44
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
45
|
+
__setModuleDefault(result, mod);
|
|
46
|
+
return result;
|
|
47
|
+
};
|
|
48
|
+
})();
|
|
49
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
50
|
+
exports.sshBridgeFixes = void 0;
|
|
51
|
+
const fs = __importStar(require("fs"));
|
|
52
|
+
const os = __importStar(require("os"));
|
|
53
|
+
const path = __importStar(require("path"));
|
|
54
|
+
const aws_helpers_js_1 = require("../utils/aws-helpers.js");
|
|
55
|
+
/**
|
|
56
|
+
* Get the Ansible Vault store for this project (if configured)
|
|
57
|
+
*/
|
|
58
|
+
function getAnsibleStore(config, rootDir) {
|
|
59
|
+
if (!config.ansible?.vault_path)
|
|
60
|
+
return null;
|
|
61
|
+
// eslint-disable-next-line @typescript-eslint/no-require-imports
|
|
62
|
+
const { AnsibleVaultSecrets } = require('../../../../utils/ansible-vault-secrets.js');
|
|
63
|
+
return new AnsibleVaultSecrets({
|
|
64
|
+
vault_path: config.ansible.vault_path,
|
|
65
|
+
vault_password_file: config.ansible.vault_password_file,
|
|
66
|
+
rootDir,
|
|
67
|
+
});
|
|
68
|
+
}
|
|
69
|
+
exports.sshBridgeFixes = [
|
|
70
|
+
{
|
|
71
|
+
id: 'aws-ssh-bridge-vault',
|
|
72
|
+
stage: 'prod',
|
|
73
|
+
severity: 'warning',
|
|
74
|
+
description: '🔑 EC2 key pair exists on disk but PROD_SSH not stored in Ansible Vault',
|
|
75
|
+
scan: async (config, rootDir) => {
|
|
76
|
+
if (!(0, aws_helpers_js_1.isAwsConfigured)(config))
|
|
77
|
+
return false;
|
|
78
|
+
if (!config.ansible?.vault_path)
|
|
79
|
+
return false;
|
|
80
|
+
// Check if key file exists on disk (created by aws-keypair-missing fix)
|
|
81
|
+
const keyPath = path.join(os.homedir(), '.ssh', 'prod_deploy_key');
|
|
82
|
+
if (!fs.existsSync(keyPath))
|
|
83
|
+
return false;
|
|
84
|
+
// Check if PROD_SSH is already in vault
|
|
85
|
+
const store = getAnsibleStore(config, rootDir);
|
|
86
|
+
if (!store)
|
|
87
|
+
return false;
|
|
88
|
+
try {
|
|
89
|
+
const result = await store.checkSecrets(['PROD_SSH']);
|
|
90
|
+
return result.missing?.includes('PROD_SSH') ?? false;
|
|
91
|
+
}
|
|
92
|
+
catch {
|
|
93
|
+
return false;
|
|
94
|
+
}
|
|
95
|
+
},
|
|
96
|
+
fix: async (config, rootDir) => {
|
|
97
|
+
const keyPath = path.join(os.homedir(), '.ssh', 'prod_deploy_key');
|
|
98
|
+
if (!fs.existsSync(keyPath)) {
|
|
99
|
+
console.log(' Key file not found at ' + keyPath);
|
|
100
|
+
return false;
|
|
101
|
+
}
|
|
102
|
+
const store = getAnsibleStore(config, rootDir);
|
|
103
|
+
if (!store) {
|
|
104
|
+
console.log(' Ansible Vault not configured');
|
|
105
|
+
return false;
|
|
106
|
+
}
|
|
107
|
+
try {
|
|
108
|
+
const keyContent = fs.readFileSync(keyPath, 'utf8');
|
|
109
|
+
const result = await store.setSecret('PROD_SSH', keyContent.trim());
|
|
110
|
+
if (result.success) {
|
|
111
|
+
console.log(' Stored EC2 key pair as PROD_SSH in Ansible Vault');
|
|
112
|
+
console.log(' Other dev machines can pull it with: npx stack secrets write-ssh-keys');
|
|
113
|
+
return true;
|
|
114
|
+
}
|
|
115
|
+
console.log(' Failed to store in vault: ' + (result.error ?? 'unknown error'));
|
|
116
|
+
return false;
|
|
117
|
+
}
|
|
118
|
+
catch (e) {
|
|
119
|
+
console.log(' Failed to store key in vault: ' + (e instanceof Error ? e.message : String(e)));
|
|
120
|
+
return false;
|
|
121
|
+
}
|
|
122
|
+
},
|
|
123
|
+
manualFix: 'Store the EC2 key pair in vault: npx stack secrets set PROD_SSH\n' +
|
|
124
|
+
' Then paste the contents of ~/.ssh/prod_deploy_key',
|
|
125
|
+
},
|
|
126
|
+
{
|
|
127
|
+
id: 'aws-ssh-bridge-domain',
|
|
128
|
+
stage: 'prod',
|
|
129
|
+
severity: 'warning',
|
|
130
|
+
description: '🔑 EC2 has Elastic IP but prod.domain still has EXAMPLE- placeholder',
|
|
131
|
+
scan: async (config) => {
|
|
132
|
+
if (!(0, aws_helpers_js_1.isAwsConfigured)(config))
|
|
133
|
+
return false;
|
|
134
|
+
// Check if prod domain is still a placeholder
|
|
135
|
+
// eslint-disable-next-line @typescript-eslint/no-require-imports
|
|
136
|
+
const { extractEnvironments } = require('../../../../utils/config-helpers.js');
|
|
137
|
+
const environments = extractEnvironments(config);
|
|
138
|
+
const prodEnv = environments.prod ?? environments.production;
|
|
139
|
+
if (!prodEnv?.domain || !prodEnv.domain.startsWith('EXAMPLE-'))
|
|
140
|
+
return false;
|
|
141
|
+
// Check if EC2 instance has an Elastic IP
|
|
142
|
+
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
143
|
+
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
144
|
+
const instanceId = await (0, aws_helpers_js_1.findInstance)(projectName, region);
|
|
145
|
+
if (!instanceId)
|
|
146
|
+
return false;
|
|
147
|
+
const eip = await (0, aws_helpers_js_1.findElasticIp)(instanceId, region);
|
|
148
|
+
return !!eip;
|
|
149
|
+
},
|
|
150
|
+
fix: async (config, rootDir) => {
|
|
151
|
+
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
152
|
+
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
153
|
+
const instanceId = await (0, aws_helpers_js_1.findInstance)(projectName, region);
|
|
154
|
+
if (!instanceId) {
|
|
155
|
+
console.log(' EC2 instance not found');
|
|
156
|
+
return false;
|
|
157
|
+
}
|
|
158
|
+
const eip = await (0, aws_helpers_js_1.findElasticIp)(instanceId, region);
|
|
159
|
+
if (!eip) {
|
|
160
|
+
console.log(' No Elastic IP assigned to EC2 instance');
|
|
161
|
+
return false;
|
|
162
|
+
}
|
|
163
|
+
try {
|
|
164
|
+
const { updateConfigValue } = await Promise.resolve().then(() => __importStar(require('../../../../utils/config-writer.js')));
|
|
165
|
+
const dir = rootDir || process.cwd();
|
|
166
|
+
updateConfigValue(dir, 'prod.domain', eip);
|
|
167
|
+
updateConfigValue(dir, 'prod.ssh_user', 'ubuntu');
|
|
168
|
+
console.log(' Updated prod.domain to ' + eip + ' in stack.yml');
|
|
169
|
+
console.log(' Updated prod.ssh_user to ubuntu');
|
|
170
|
+
return true;
|
|
171
|
+
}
|
|
172
|
+
catch (e) {
|
|
173
|
+
console.log(' Failed to update stack.yml: ' + (e instanceof Error ? e.message : String(e)));
|
|
174
|
+
return false;
|
|
175
|
+
}
|
|
176
|
+
},
|
|
177
|
+
manualFix: 'Update prod.domain in stack.yml with the EC2 Elastic IP address',
|
|
178
|
+
},
|
|
179
|
+
];
|
|
180
|
+
//# sourceMappingURL=ssh-bridge.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ssh-bridge.js","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/ssh-bridge.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,uCAAyB;AACzB,uCAAyB;AACzB,2CAA6B;AAE7B,4DAMiC;AAEjC;;GAEG;AACH,SAAS,eAAe,CAAC,MAAqB,EAAE,OAAe;IAC7D,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,UAAU;QAAE,OAAO,IAAI,CAAC;IAC7C,iEAAiE;IACjE,MAAM,EAAE,mBAAmB,EAAE,GAAG,OAAO,CAAC,4CAA4C,CAAC,CAAC;IACtF,OAAO,IAAI,mBAAmB,CAAC;QAC7B,UAAU,EAAE,MAAM,CAAC,OAAO,CAAC,UAAU;QACrC,mBAAmB,EAAE,MAAM,CAAC,OAAO,CAAC,mBAAmB;QACvD,OAAO;KACR,CAAC,CAAC;AACL,CAAC;AAEY,QAAA,cAAc,GAAU;IACnC;QACE,EAAE,EAAE,sBAAsB;QAC1B,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,yEAAyE;QACtF,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAE,OAAe,EAAoB,EAAE;YACvE,IAAI,CAAC,IAAA,gCAAe,EAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,UAAU;gBAAE,OAAO,KAAK,CAAC;YAE9C,wEAAwE;YACxE,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,iBAAiB,CAAC,CAAC;YACnE,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC;gBAAE,OAAO,KAAK,CAAC;YAE1C,wCAAwC;YACxC,MAAM,KAAK,GAAG,eAAe,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YAC/C,IAAI,CAAC,KAAK;gBAAE,OAAO,KAAK,CAAC;YAEzB,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;gBACtD,OAAO,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,IAAI,KAAK,CAAC;YACvD,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,MAAqB,EAAE,OAAe,EAAoB,EAAE;YACtE,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,iBAAiB,CAAC,CAAC;YACnE,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC5B,OAAO,CAAC,GAAG,CAAC,2BAA2B,GAAG,OAAO,CAAC,CAAC;gBACnD,OAAO,KAAK,CAAC;YACf,CAAC;YAED,MAAM,KAAK,GAAG,eAAe,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YAC/C,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,iCAAiC,CAAC,CAAC;gBAC/C,OAAO,KAAK,CAAC;YACf,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,UAAU,GAAG,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;gBACpD,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,SAAS,CAAC,UAAU,EAAE,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC;gBACpE,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;oBACnB,OAAO,CAAC,GAAG,CAAC,qDAAqD,CAAC,CAAC;oBACnE,OAAO,CAAC,GAAG,CAAC,0EAA0E,CAAC,CAAC;oBACxF,OAAO,IAAI,CAAC;gBACd,CAAC;gBACD,OAAO,CAAC,GAAG,CAAC,+BAA+B,GAAG,CAAC,MAAM,CAAC,KAAK,IAAI,eAAe,CAAC,CAAC,CAAC;gBACjF,OAAO,KAAK,CAAC;YACf,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,mCAAmC,GAAG,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAChG,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,SAAS,EAAE,mEAAmE;YAC5E,yDAAyD;KAC5D;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,sEAAsE;QACnF,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACtD,IAAI,CAAC,IAAA,gCAAe,EAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAE3C,8CAA8C;YAC9C,iEAAiE;YACjE,MAAM,EAAE,mBAAmB,EAAE,GAAG,OAAO,CAAC,qCAAqC,CAAC,CAAC;YAC/E,MAAM,YAAY,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;YACjD,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,IAAI,YAAY,CAAC,UAAU,CAAC;YAC7D,IAAI,CAAC,OAAO,EAAE,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC;gBAAE,OAAO,KAAK,CAAC;YAE7E,0CAA0C;YAC1C,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,UAAU,GAAG,MAAM,IAAA,6BAAY,EAAC,WAAW,EAAE,MAAM,CAAC,CAAC;YAC3D,IAAI,CAAC,UAAU;gBAAE,OAAO,KAAK,CAAC;YAE9B,MAAM,GAAG,GAAG,MAAM,IAAA,8BAAa,EAAC,UAAU,EAAE,MAAM,CAAC,CAAC;YACpD,OAAO,CAAC,CAAC,GAAG,CAAC;QACf,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,MAAqB,EAAE,OAAe,EAAoB,EAAE;YACtE,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,UAAU,GAAG,MAAM,IAAA,6BAAY,EAAC,WAAW,EAAE,MAAM,CAAC,CAAC;YAC3D,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;gBACzC,OAAO,KAAK,CAAC;YACf,CAAC;YAED,MAAM,GAAG,GAAG,MAAM,IAAA,8BAAa,EAAC,UAAU,EAAE,MAAM,CAAC,CAAC;YACpD,IAAI,CAAC,GAAG,EAAE,CAAC;gBACT,OAAO,CAAC,GAAG,CAAC,2CAA2C,CAAC,CAAC;gBACzD,OAAO,KAAK,CAAC;YACf,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,EAAE,iBAAiB,EAAE,GAAG,wDAAa,oCAAoC,GAAC,CAAC;gBACjF,MAAM,GAAG,GAAG,OAAO,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;gBACrC,iBAAiB,CAAC,GAAG,EAAE,aAAa,EAAE,GAAG,CAAC,CAAC;gBAC3C,iBAAiB,CAAC,GAAG,EAAE,eAAe,EAAE,QAAQ,CAAC,CAAC;gBAClD,OAAO,CAAC,GAAG,CAAC,4BAA4B,GAAG,GAAG,GAAG,eAAe,CAAC,CAAC;gBAClE,OAAO,CAAC,GAAG,CAAC,oCAAoC,CAAC,CAAC;gBAClD,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,iCAAiC,GAAG,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC9F,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,SAAS,EAAE,iEAAiE;KAC7E;CACF,CAAC"}
|
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
*
|
|
4
4
|
* Provisions VPC, subnets, and internet gateway for AWS infrastructure.
|
|
5
5
|
* All resources are tagged with factiii:project={name} for identification.
|
|
6
|
+
* Uses AWS SDK v3 instead of CLI.
|
|
6
7
|
*/
|
|
7
8
|
import type { Fix } from '../../../../types/index.js';
|
|
8
9
|
export declare const vpcFixes: Fix[];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"vpc.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/vpc.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"vpc.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/vpc.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAiB,GAAG,EAAE,MAAM,4BAA4B,CAAC;AAuBrE,eAAO,MAAM,QAAQ,EAAE,GAAG,EA4OzB,CAAC"}
|