@factiii/stack 0.1.33 → 0.1.35
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +441 -441
- package/bin/stack +46 -0
- package/dist/cli/fix.d.ts.map +1 -1
- package/dist/cli/fix.js +17 -11
- package/dist/cli/fix.js.map +1 -1
- package/dist/cli/init.d.ts.map +1 -1
- package/dist/cli/init.js +20 -7
- package/dist/cli/init.js.map +1 -1
- package/dist/cli/scan.d.ts.map +1 -1
- package/dist/cli/scan.js +14 -22
- package/dist/cli/scan.js.map +1 -1
- package/dist/generators/generate-stack-yml.d.ts +1 -1
- package/dist/generators/generate-stack-yml.d.ts.map +1 -1
- package/dist/generators/generate-stack-yml.js +96 -69
- package/dist/generators/generate-stack-yml.js.map +1 -1
- package/dist/plugins/addons/openclaw/index.d.ts +45 -0
- package/dist/plugins/addons/openclaw/index.d.ts.map +1 -0
- package/dist/plugins/addons/openclaw/index.js +107 -0
- package/dist/plugins/addons/openclaw/index.js.map +1 -0
- package/dist/plugins/addons/openclaw/scanfix/setup.d.ts +19 -0
- package/dist/plugins/addons/openclaw/scanfix/setup.d.ts.map +1 -0
- package/dist/plugins/addons/openclaw/scanfix/setup.js +441 -0
- package/dist/plugins/addons/openclaw/scanfix/setup.js.map +1 -0
- package/dist/plugins/frameworks/expo/index.d.ts +45 -0
- package/dist/plugins/frameworks/expo/index.d.ts.map +1 -0
- package/dist/plugins/frameworks/expo/index.js +549 -0
- package/dist/plugins/frameworks/expo/index.js.map +1 -0
- package/dist/plugins/frameworks/prisma-trpc/index.js +8 -8
- package/dist/plugins/frameworks/prisma-trpc/index.js.map +1 -1
- package/dist/plugins/index.d.ts.map +1 -1
- package/dist/plugins/index.js +16 -0
- package/dist/plugins/index.js.map +1 -1
- package/dist/plugins/pipelines/aws/index.js +15 -15
- package/dist/plugins/pipelines/aws/prod.js +7 -7
- package/dist/plugins/pipelines/aws/scanfix/aws-cli.d.ts +3 -1
- package/dist/plugins/pipelines/aws/scanfix/aws-cli.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/aws-cli.js +17 -7
- package/dist/plugins/pipelines/aws/scanfix/aws-cli.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/config.js +4 -4
- package/dist/plugins/pipelines/aws/scanfix/config.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/credentials.d.ts +1 -1
- package/dist/plugins/pipelines/aws/scanfix/credentials.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/credentials.js +30 -76
- package/dist/plugins/pipelines/aws/scanfix/credentials.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/db-replication.d.ts +1 -4
- package/dist/plugins/pipelines/aws/scanfix/db-replication.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/db-replication.js +11 -41
- package/dist/plugins/pipelines/aws/scanfix/db-replication.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/ec2.d.ts +1 -0
- package/dist/plugins/pipelines/aws/scanfix/ec2.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/ec2.js +64 -113
- package/dist/plugins/pipelines/aws/scanfix/ec2.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/ecr.d.ts +1 -0
- package/dist/plugins/pipelines/aws/scanfix/ecr.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/ecr.js +27 -36
- package/dist/plugins/pipelines/aws/scanfix/ecr.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/iam.d.ts +1 -0
- package/dist/plugins/pipelines/aws/scanfix/iam.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/iam.js +37 -46
- package/dist/plugins/pipelines/aws/scanfix/iam.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/rds.d.ts +1 -0
- package/dist/plugins/pipelines/aws/scanfix/rds.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/rds.js +43 -108
- package/dist/plugins/pipelines/aws/scanfix/rds.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/s3.d.ts +1 -0
- package/dist/plugins/pipelines/aws/scanfix/s3.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/s3.js +46 -55
- package/dist/plugins/pipelines/aws/scanfix/s3.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/security-groups.d.ts +1 -0
- package/dist/plugins/pipelines/aws/scanfix/security-groups.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/security-groups.js +83 -82
- package/dist/plugins/pipelines/aws/scanfix/security-groups.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/ses.d.ts +1 -0
- package/dist/plugins/pipelines/aws/scanfix/ses.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/ses.js +31 -53
- package/dist/plugins/pipelines/aws/scanfix/ses.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/ssh-bridge.d.ts +17 -0
- package/dist/plugins/pipelines/aws/scanfix/ssh-bridge.d.ts.map +1 -0
- package/dist/plugins/pipelines/aws/scanfix/ssh-bridge.js +180 -0
- package/dist/plugins/pipelines/aws/scanfix/ssh-bridge.js.map +1 -0
- package/dist/plugins/pipelines/aws/scanfix/vpc.d.ts +1 -0
- package/dist/plugins/pipelines/aws/scanfix/vpc.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/vpc.js +97 -98
- package/dist/plugins/pipelines/aws/scanfix/vpc.js.map +1 -1
- package/dist/plugins/pipelines/aws/utils/aws-helpers.d.ts +101 -28
- package/dist/plugins/pipelines/aws/utils/aws-helpers.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/utils/aws-helpers.js +428 -76
- package/dist/plugins/pipelines/aws/utils/aws-helpers.js.map +1 -1
- package/dist/plugins/pipelines/factiii/index.d.ts +11 -1
- package/dist/plugins/pipelines/factiii/index.d.ts.map +1 -1
- package/dist/plugins/pipelines/factiii/index.js +183 -33
- package/dist/plugins/pipelines/factiii/index.js.map +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/ansible.js +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/ansible.js.map +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/bootstrap.js +6 -6
- package/dist/plugins/pipelines/factiii/scanfix/bootstrap.js.map +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/config.d.ts +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/config.js +4 -4
- package/dist/plugins/pipelines/factiii/scanfix/config.js.map +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/env-files.js +7 -7
- package/dist/plugins/pipelines/factiii/scanfix/env-files.js.map +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/github-cli.js +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/github-cli.js.map +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/secrets.d.ts.map +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/secrets.js +73 -13
- package/dist/plugins/pipelines/factiii/scanfix/secrets.js.map +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/workflows.d.ts.map +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/workflows.js +52 -4
- package/dist/plugins/pipelines/factiii/scanfix/workflows.js.map +1 -1
- package/dist/plugins/servers/mac/index.js +13 -13
- package/dist/plugins/servers/mac/scanfix/config.js +5 -5
- package/dist/plugins/servers/mac/scanfix/config.js.map +1 -1
- package/dist/plugins/servers/mac/scanfix/containers.js +1 -1
- package/dist/plugins/servers/mac/scanfix/containers.js.map +1 -1
- package/dist/plugins/servers/mac/scanfix/system.js +6 -6
- package/dist/plugins/servers/mac/scanfix/system.js.map +1 -1
- package/dist/plugins/servers/mac/staging.js +4 -4
- package/dist/plugins/servers/windows/index.js +2 -2
- package/dist/plugins/servers/windows/index.js.map +1 -1
- package/dist/scanfix/fixes/certbot.js +1 -1
- package/dist/scripts/validate-example-values.d.ts +1 -1
- package/dist/scripts/validate-example-values.js +6 -6
- package/dist/utils/config-helpers.d.ts +3 -0
- package/dist/utils/config-helpers.d.ts.map +1 -1
- package/dist/utils/config-helpers.js.map +1 -1
- package/dist/utils/secret-prompts.d.ts +5 -2
- package/dist/utils/secret-prompts.d.ts.map +1 -1
- package/dist/utils/secret-prompts.js +55 -32
- package/dist/utils/secret-prompts.js.map +1 -1
- package/dist/utils/template-generator.js +71 -71
- package/package.json +8 -1
|
@@ -5,30 +5,11 @@
|
|
|
5
5
|
* Creates IAM users with scoped policies:
|
|
6
6
|
* - Dev user: read-only access for development
|
|
7
7
|
* - Prod user: full access for deployment
|
|
8
|
+
* Uses AWS SDK v3.
|
|
8
9
|
*/
|
|
9
10
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
10
11
|
exports.iamFixes = void 0;
|
|
11
12
|
const aws_helpers_js_1 = require("../utils/aws-helpers.js");
|
|
12
|
-
/**
|
|
13
|
-
* Check if IAM user exists
|
|
14
|
-
*/
|
|
15
|
-
function findIamUser(userName, region) {
|
|
16
|
-
const result = (0, aws_helpers_js_1.awsExecSafe)('aws iam get-user --user-name ' + userName, region);
|
|
17
|
-
return !!result && !result.includes('NoSuchEntity');
|
|
18
|
-
}
|
|
19
|
-
/**
|
|
20
|
-
* Check if AWS is configured for this project
|
|
21
|
-
*/
|
|
22
|
-
function isAwsConfigured(config) {
|
|
23
|
-
if ((0, aws_helpers_js_1.isOnServer)())
|
|
24
|
-
return false;
|
|
25
|
-
if (config.aws)
|
|
26
|
-
return true;
|
|
27
|
-
// eslint-disable-next-line @typescript-eslint/no-require-imports
|
|
28
|
-
const { extractEnvironments } = require('../../../../utils/config-helpers.js');
|
|
29
|
-
const environments = extractEnvironments(config);
|
|
30
|
-
return Object.values(environments).some((e) => e.pipeline === 'aws');
|
|
31
|
-
}
|
|
32
13
|
/**
|
|
33
14
|
* Generate dev IAM policy (read-only)
|
|
34
15
|
*/
|
|
@@ -159,36 +140,41 @@ exports.iamFixes = [
|
|
|
159
140
|
id: 'aws-iam-dev-user-missing',
|
|
160
141
|
stage: 'secrets',
|
|
161
142
|
severity: 'warning',
|
|
162
|
-
description: 'IAM dev user not created (read-only access)',
|
|
143
|
+
description: '👤 IAM dev user not created (read-only access)',
|
|
163
144
|
scan: async (config) => {
|
|
164
|
-
if (!isAwsConfigured(config))
|
|
145
|
+
if (!(0, aws_helpers_js_1.isAwsConfigured)(config))
|
|
165
146
|
return false;
|
|
166
147
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
167
148
|
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
168
|
-
return !findIamUser('factiii-' + projectName + '-dev', region);
|
|
149
|
+
return !(await (0, aws_helpers_js_1.findIamUser)('factiii-' + projectName + '-dev', region));
|
|
169
150
|
},
|
|
170
151
|
fix: async (config) => {
|
|
171
152
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
172
153
|
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
173
154
|
const userName = 'factiii-' + projectName + '-dev';
|
|
174
155
|
try {
|
|
156
|
+
const iam = (0, aws_helpers_js_1.getIAMClient)(region);
|
|
175
157
|
// Get account ID for ARNs
|
|
176
|
-
const
|
|
177
|
-
|
|
158
|
+
const accountId = await (0, aws_helpers_js_1.getAwsAccountId)(region);
|
|
159
|
+
if (!accountId) {
|
|
160
|
+
console.log(' Could not get AWS account ID');
|
|
161
|
+
return false;
|
|
162
|
+
}
|
|
178
163
|
// Create IAM user
|
|
179
|
-
(
|
|
164
|
+
await iam.send(new aws_helpers_js_1.CreateUserCommand({ UserName: userName }));
|
|
180
165
|
console.log(' Created IAM user: ' + userName);
|
|
181
166
|
// Create and attach inline policy
|
|
182
167
|
const policy = getDevPolicy(projectName, region, accountId);
|
|
183
|
-
(
|
|
184
|
-
|
|
185
|
-
|
|
168
|
+
await iam.send(new aws_helpers_js_1.PutUserPolicyCommand({
|
|
169
|
+
UserName: userName,
|
|
170
|
+
PolicyName: 'factiii-' + projectName + '-dev-policy',
|
|
171
|
+
PolicyDocument: policy,
|
|
172
|
+
}));
|
|
186
173
|
console.log(' Attached dev policy (read-only ECR, S3, EC2, RDS)');
|
|
187
174
|
// Create access key
|
|
188
|
-
const keyResult = (
|
|
189
|
-
const
|
|
190
|
-
const
|
|
191
|
-
const secretKey = parsed.AccessKey?.SecretAccessKey;
|
|
175
|
+
const keyResult = await iam.send(new aws_helpers_js_1.CreateAccessKeyCommand({ UserName: userName }));
|
|
176
|
+
const accessKeyId = keyResult.AccessKey?.AccessKeyId;
|
|
177
|
+
const secretKey = keyResult.AccessKey?.SecretAccessKey;
|
|
192
178
|
console.log('');
|
|
193
179
|
console.log(' Dev credentials (save these!):');
|
|
194
180
|
console.log(' Access Key ID: ' + accessKeyId);
|
|
@@ -208,36 +194,41 @@ exports.iamFixes = [
|
|
|
208
194
|
id: 'aws-iam-prod-user-missing',
|
|
209
195
|
stage: 'secrets',
|
|
210
196
|
severity: 'warning',
|
|
211
|
-
description: 'IAM prod user not created (deployment access)',
|
|
197
|
+
description: '👤 IAM prod user not created (deployment access)',
|
|
212
198
|
scan: async (config) => {
|
|
213
|
-
if (!isAwsConfigured(config))
|
|
199
|
+
if (!(0, aws_helpers_js_1.isAwsConfigured)(config))
|
|
214
200
|
return false;
|
|
215
201
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
216
202
|
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
217
|
-
return !findIamUser('factiii-' + projectName + '-prod', region);
|
|
203
|
+
return !(await (0, aws_helpers_js_1.findIamUser)('factiii-' + projectName + '-prod', region));
|
|
218
204
|
},
|
|
219
205
|
fix: async (config) => {
|
|
220
206
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
221
207
|
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
222
208
|
const userName = 'factiii-' + projectName + '-prod';
|
|
223
209
|
try {
|
|
210
|
+
const iam = (0, aws_helpers_js_1.getIAMClient)(region);
|
|
224
211
|
// Get account ID for ARNs
|
|
225
|
-
const
|
|
226
|
-
|
|
212
|
+
const accountId = await (0, aws_helpers_js_1.getAwsAccountId)(region);
|
|
213
|
+
if (!accountId) {
|
|
214
|
+
console.log(' Could not get AWS account ID');
|
|
215
|
+
return false;
|
|
216
|
+
}
|
|
227
217
|
// Create IAM user
|
|
228
|
-
(
|
|
218
|
+
await iam.send(new aws_helpers_js_1.CreateUserCommand({ UserName: userName }));
|
|
229
219
|
console.log(' Created IAM user: ' + userName);
|
|
230
220
|
// Create and attach inline policy
|
|
231
221
|
const policy = getProdPolicy(projectName, region, accountId);
|
|
232
|
-
(
|
|
233
|
-
|
|
234
|
-
|
|
222
|
+
await iam.send(new aws_helpers_js_1.PutUserPolicyCommand({
|
|
223
|
+
UserName: userName,
|
|
224
|
+
PolicyName: 'factiii-' + projectName + '-prod-policy',
|
|
225
|
+
PolicyDocument: policy,
|
|
226
|
+
}));
|
|
235
227
|
console.log(' Attached prod policy (full ECR, S3, EC2, RDS, SES)');
|
|
236
228
|
// Create access key
|
|
237
|
-
const keyResult = (
|
|
238
|
-
const
|
|
239
|
-
const
|
|
240
|
-
const secretKey = parsed.AccessKey?.SecretAccessKey;
|
|
229
|
+
const keyResult = await iam.send(new aws_helpers_js_1.CreateAccessKeyCommand({ UserName: userName }));
|
|
230
|
+
const accessKeyId = keyResult.AccessKey?.AccessKeyId;
|
|
231
|
+
const secretKey = keyResult.AccessKey?.SecretAccessKey;
|
|
241
232
|
console.log('');
|
|
242
233
|
console.log(' Prod credentials (save these!):');
|
|
243
234
|
console.log(' Access Key ID: ' + accessKeyId);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"iam.js","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/iam.ts"],"names":[],"mappings":";AAAA
|
|
1
|
+
{"version":3,"file":"iam.js","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/iam.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAGH,4DAUiC;AAEjC;;GAEG;AACH,SAAS,YAAY,CAAC,WAAmB,EAAE,MAAc,EAAE,SAAiB;IAC1E,OAAO,IAAI,CAAC,SAAS,CAAC;QACpB,OAAO,EAAE,YAAY;QACrB,SAAS,EAAE;YACT;gBACE,GAAG,EAAE,aAAa;gBAClB,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE;oBACN,2BAA2B;oBAC3B,mBAAmB;oBACnB,4BAA4B;oBAC5B,0BAA0B;oBAC1B,gBAAgB;iBACjB;gBACD,QAAQ,EAAE,cAAc,GAAG,MAAM,GAAG,GAAG,GAAG,SAAS,GAAG,cAAc,GAAG,WAAW;aACnF;YACD;gBACE,GAAG,EAAE,SAAS;gBACd,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE,2BAA2B;gBACnC,QAAQ,EAAE,GAAG;aACd;YACD;gBACE,GAAG,EAAE,YAAY;gBACjB,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE;oBACN,cAAc;oBACd,eAAe;iBAChB;gBACD,QAAQ,EAAE;oBACR,uBAAuB,GAAG,WAAW;oBACrC,uBAAuB,GAAG,WAAW,GAAG,IAAI;iBAC7C;aACF;YACD;gBACE,GAAG,EAAE,aAAa;gBAClB,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE;oBACN,uBAAuB;oBACvB,kBAAkB;oBAClB,qBAAqB;oBACrB,4BAA4B;iBAC7B;gBACD,QAAQ,EAAE,GAAG;aACd;YACD;gBACE,GAAG,EAAE,aAAa;gBAClB,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE;oBACN,yBAAyB;oBACzB,4BAA4B;iBAC7B;gBACD,QAAQ,EAAE,GAAG;aACd;SACF;KACF,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,WAAmB,EAAE,MAAc,EAAE,SAAiB;IAC3E,OAAO,IAAI,CAAC,SAAS,CAAC;QACpB,OAAO,EAAE,YAAY;QACrB,SAAS,EAAE;YACT;gBACE,GAAG,EAAE,eAAe;gBACpB,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE,OAAO;gBACf,QAAQ,EAAE,cAAc,GAAG,MAAM,GAAG,GAAG,GAAG,SAAS,GAAG,cAAc,GAAG,WAAW;aACnF;YACD;gBACE,GAAG,EAAE,SAAS;gBACd,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE,2BAA2B;gBACnC,QAAQ,EAAE,GAAG;aACd;YACD;gBACE,GAAG,EAAE,cAAc;gBACnB,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE,MAAM;gBACd,QAAQ,EAAE;oBACR,uBAAuB,GAAG,WAAW;oBACrC,uBAAuB,GAAG,WAAW,GAAG,IAAI;iBAC7C;aACF;YACD;gBACE,GAAG,EAAE,eAAe;gBACpB,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE;oBACN,uBAAuB;oBACvB,oBAAoB;oBACpB,mBAAmB;oBACnB,qBAAqB;oBACrB,kBAAkB;oBAClB,qBAAqB;oBACrB,4BAA4B;oBAC5B,uBAAuB;iBACxB;gBACD,QAAQ,EAAE,GAAG;aACd;YACD;gBACE,GAAG,EAAE,eAAe;gBACpB,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE;oBACN,yBAAyB;oBACzB,qBAAqB;oBACrB,oBAAoB;oBACpB,sBAAsB;oBACtB,sBAAsB;oBACtB,yBAAyB;iBAC1B;gBACD,QAAQ,EAAE,GAAG;aACd;YACD;gBACE,GAAG,EAAE,eAAe;gBACpB,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE,OAAO;gBACf,QAAQ,EAAE,GAAG;aACd;SACF;KACF,CAAC,CAAC;AACL,CAAC;AAEY,QAAA,QAAQ,GAAU;IAC7B;QACE,EAAE,EAAE,0BAA0B;QAC9B,KAAK,EAAE,SAAS;QAChB,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,gDAAgD;QAC7D,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACtD,IAAI,CAAC,IAAA,gCAAe,EAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,OAAO,CAAC,CAAC,MAAM,IAAA,4BAAW,EAAC,UAAU,GAAG,WAAW,GAAG,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;QACzE,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACrD,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,QAAQ,GAAG,UAAU,GAAG,WAAW,GAAG,MAAM,CAAC;YAEnD,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;gBAEjC,0BAA0B;gBAC1B,MAAM,SAAS,GAAG,MAAM,IAAA,gCAAe,EAAC,MAAM,CAAC,CAAC;gBAChD,IAAI,CAAC,SAAS,EAAE,CAAC;oBACf,OAAO,CAAC,GAAG,CAAC,iCAAiC,CAAC,CAAC;oBAC/C,OAAO,KAAK,CAAC;gBACf,CAAC;gBAED,kBAAkB;gBAClB,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,kCAAiB,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC;gBAC9D,OAAO,CAAC,GAAG,CAAC,uBAAuB,GAAG,QAAQ,CAAC,CAAC;gBAEhD,kCAAkC;gBAClC,MAAM,MAAM,GAAG,YAAY,CAAC,WAAW,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;gBAC5D,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,qCAAoB,CAAC;oBACtC,QAAQ,EAAE,QAAQ;oBAClB,UAAU,EAAE,UAAU,GAAG,WAAW,GAAG,aAAa;oBACpD,cAAc,EAAE,MAAM;iBACvB,CAAC,CAAC,CAAC;gBACJ,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC;gBAEpE,oBAAoB;gBACpB,MAAM,SAAS,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,uCAAsB,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC;gBACrF,MAAM,WAAW,GAAG,SAAS,CAAC,SAAS,EAAE,WAAW,CAAC;gBACrD,MAAM,SAAS,GAAG,SAAS,CAAC,SAAS,EAAE,eAAe,CAAC;gBAEvD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAChB,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;gBACjD,OAAO,CAAC,GAAG,CAAC,oBAAoB,GAAG,WAAW,CAAC,CAAC;gBAChD,OAAO,CAAC,GAAG,CAAC,wBAAwB,GAAG,SAAS,CAAC,CAAC;gBAClD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAChB,OAAO,CAAC,GAAG,CAAC,wDAAwD,CAAC,CAAC;gBAEtE,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,oCAAoC,GAAG,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBACjG,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,SAAS,EAAE,iEAAiE;KAC7E;IACD;QACE,EAAE,EAAE,2BAA2B;QAC/B,KAAK,EAAE,SAAS;QAChB,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,kDAAkD;QAC/D,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACtD,IAAI,CAAC,IAAA,gCAAe,EAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,OAAO,CAAC,CAAC,MAAM,IAAA,4BAAW,EAAC,UAAU,GAAG,WAAW,GAAG,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;QAC1E,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACrD,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,QAAQ,GAAG,UAAU,GAAG,WAAW,GAAG,OAAO,CAAC;YAEpD,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;gBAEjC,0BAA0B;gBAC1B,MAAM,SAAS,GAAG,MAAM,IAAA,gCAAe,EAAC,MAAM,CAAC,CAAC;gBAChD,IAAI,CAAC,SAAS,EAAE,CAAC;oBACf,OAAO,CAAC,GAAG,CAAC,iCAAiC,CAAC,CAAC;oBAC/C,OAAO,KAAK,CAAC;gBACf,CAAC;gBAED,kBAAkB;gBAClB,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,kCAAiB,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC;gBAC9D,OAAO,CAAC,GAAG,CAAC,uBAAuB,GAAG,QAAQ,CAAC,CAAC;gBAEhD,kCAAkC;gBAClC,MAAM,MAAM,GAAG,aAAa,CAAC,WAAW,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;gBAC7D,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,qCAAoB,CAAC;oBACtC,QAAQ,EAAE,QAAQ;oBAClB,UAAU,EAAE,UAAU,GAAG,WAAW,GAAG,cAAc;oBACrD,cAAc,EAAE,MAAM;iBACvB,CAAC,CAAC,CAAC;gBACJ,OAAO,CAAC,GAAG,CAAC,uDAAuD,CAAC,CAAC;gBAErE,oBAAoB;gBACpB,MAAM,SAAS,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,uCAAsB,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC;gBACrF,MAAM,WAAW,GAAG,SAAS,CAAC,SAAS,EAAE,WAAW,CAAC;gBACrD,MAAM,SAAS,GAAG,SAAS,CAAC,SAAS,EAAE,eAAe,CAAC;gBAEvD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAChB,OAAO,CAAC,GAAG,CAAC,oCAAoC,CAAC,CAAC;gBAClD,OAAO,CAAC,GAAG,CAAC,oBAAoB,GAAG,WAAW,CAAC,CAAC;gBAChD,OAAO,CAAC,GAAG,CAAC,wBAAwB,GAAG,SAAS,CAAC,CAAC;gBAClD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAChB,OAAO,CAAC,GAAG,CAAC,wDAAwD,CAAC,CAAC;gBAEtE,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,qCAAqC,GAAG,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAClG,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,SAAS,EAAE,wEAAwE;KACpF;CACF,CAAC"}
|
|
@@ -4,6 +4,7 @@
|
|
|
4
4
|
* Provisions RDS PostgreSQL 15 instance (db.t3.micro free tier).
|
|
5
5
|
* Creates DB subnet group from private subnets, launches instance with RDS SG.
|
|
6
6
|
* Stores DATABASE_URL in Ansible Vault.
|
|
7
|
+
* Uses AWS SDK v3.
|
|
7
8
|
*/
|
|
8
9
|
import type { Fix } from '../../../../types/index.js';
|
|
9
10
|
export declare const rdsFixes: Fix[];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rds.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/rds.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"rds.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/rds.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAiB,GAAG,EAAE,MAAM,4BAA4B,CAAC;AA6BrE,eAAO,MAAM,QAAQ,EAAE,GAAG,EA0KzB,CAAC"}
|
|
@@ -5,78 +5,11 @@
|
|
|
5
5
|
* Provisions RDS PostgreSQL 15 instance (db.t3.micro free tier).
|
|
6
6
|
* Creates DB subnet group from private subnets, launches instance with RDS SG.
|
|
7
7
|
* Stores DATABASE_URL in Ansible Vault.
|
|
8
|
+
* Uses AWS SDK v3.
|
|
8
9
|
*/
|
|
9
10
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
10
11
|
exports.rdsFixes = void 0;
|
|
11
12
|
const aws_helpers_js_1 = require("../utils/aws-helpers.js");
|
|
12
|
-
/**
|
|
13
|
-
* Find VPC by factiii:project tag
|
|
14
|
-
*/
|
|
15
|
-
function findVpc(projectName, region) {
|
|
16
|
-
const result = (0, aws_helpers_js_1.awsExecSafe)('aws ec2 describe-vpcs --filters "Name=tag:factiii:project,Values=' + projectName + '" --query "Vpcs[0].VpcId" --output text', region);
|
|
17
|
-
if (!result || result === 'None' || result === 'null')
|
|
18
|
-
return null;
|
|
19
|
-
return result.replace(/"/g, '');
|
|
20
|
-
}
|
|
21
|
-
/**
|
|
22
|
-
* Find all private subnets
|
|
23
|
-
*/
|
|
24
|
-
function findPrivateSubnets(projectName, region) {
|
|
25
|
-
const result = (0, aws_helpers_js_1.awsExecSafe)('aws ec2 describe-subnets --filters "Name=tag:factiii:project,Values=' + projectName + '" "Name=tag:factiii:subnet-type,Values=private" --query "Subnets[*].SubnetId" --output text', region);
|
|
26
|
-
if (!result || result === 'None' || result === 'null')
|
|
27
|
-
return [];
|
|
28
|
-
return result.split(/\s+/).filter(Boolean);
|
|
29
|
-
}
|
|
30
|
-
/**
|
|
31
|
-
* Find security group by name and VPC
|
|
32
|
-
*/
|
|
33
|
-
function findSecurityGroup(groupName, vpcId, region) {
|
|
34
|
-
const result = (0, aws_helpers_js_1.awsExecSafe)('aws ec2 describe-security-groups --filters "Name=group-name,Values=' + groupName + '" "Name=vpc-id,Values=' + vpcId + '" --query "SecurityGroups[0].GroupId" --output text', region);
|
|
35
|
-
if (!result || result === 'None' || result === 'null')
|
|
36
|
-
return null;
|
|
37
|
-
return result.replace(/"/g, '');
|
|
38
|
-
}
|
|
39
|
-
/**
|
|
40
|
-
* Check if DB subnet group exists
|
|
41
|
-
*/
|
|
42
|
-
function findDbSubnetGroup(groupName, region) {
|
|
43
|
-
const result = (0, aws_helpers_js_1.awsExecSafe)('aws rds describe-db-subnet-groups --db-subnet-group-name ' + groupName + ' --query "DBSubnetGroups[0].DBSubnetGroupName" --output text', region);
|
|
44
|
-
return !!result && result !== 'None' && result !== 'null';
|
|
45
|
-
}
|
|
46
|
-
/**
|
|
47
|
-
* Find RDS instance by identifier
|
|
48
|
-
*/
|
|
49
|
-
function findRdsInstance(dbInstanceId, region) {
|
|
50
|
-
const result = (0, aws_helpers_js_1.awsExecSafe)('aws rds describe-db-instances --db-instance-identifier ' + dbInstanceId, region);
|
|
51
|
-
if (!result)
|
|
52
|
-
return null;
|
|
53
|
-
try {
|
|
54
|
-
const parsed = JSON.parse(result);
|
|
55
|
-
const instance = parsed.DBInstances?.[0];
|
|
56
|
-
if (!instance)
|
|
57
|
-
return null;
|
|
58
|
-
return {
|
|
59
|
-
status: instance.DBInstanceStatus,
|
|
60
|
-
endpoint: instance.Endpoint?.Address ?? null,
|
|
61
|
-
};
|
|
62
|
-
}
|
|
63
|
-
catch {
|
|
64
|
-
return null;
|
|
65
|
-
}
|
|
66
|
-
}
|
|
67
|
-
/**
|
|
68
|
-
* Check if AWS is configured for this project
|
|
69
|
-
*/
|
|
70
|
-
function isAwsConfigured(config) {
|
|
71
|
-
if ((0, aws_helpers_js_1.isOnServer)())
|
|
72
|
-
return false;
|
|
73
|
-
if (config.aws)
|
|
74
|
-
return true;
|
|
75
|
-
// eslint-disable-next-line @typescript-eslint/no-require-imports
|
|
76
|
-
const { extractEnvironments } = require('../../../../utils/config-helpers.js');
|
|
77
|
-
const environments = extractEnvironments(config);
|
|
78
|
-
return Object.values(environments).some((e) => e.pipeline === 'aws');
|
|
79
|
-
}
|
|
80
13
|
/**
|
|
81
14
|
* Generate a random password for RDS
|
|
82
15
|
*/
|
|
@@ -95,31 +28,33 @@ exports.rdsFixes = [
|
|
|
95
28
|
id: 'aws-rds-subnet-group-missing',
|
|
96
29
|
stage: 'prod',
|
|
97
30
|
severity: 'critical',
|
|
98
|
-
description: 'RDS DB subnet group not created (needs 2 AZs)',
|
|
31
|
+
description: '🗃️ RDS DB subnet group not created (needs 2 AZs)',
|
|
99
32
|
scan: async (config) => {
|
|
100
|
-
if (!isAwsConfigured(config))
|
|
33
|
+
if (!(0, aws_helpers_js_1.isAwsConfigured)(config))
|
|
101
34
|
return false;
|
|
102
35
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
103
36
|
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
104
|
-
const privateSubnets = findPrivateSubnets(projectName, region);
|
|
37
|
+
const privateSubnets = await (0, aws_helpers_js_1.findPrivateSubnets)(projectName, region);
|
|
105
38
|
if (privateSubnets.length < 2)
|
|
106
|
-
return false;
|
|
107
|
-
return !findDbSubnetGroup('factiii-' + projectName, region);
|
|
39
|
+
return false;
|
|
40
|
+
return !(await (0, aws_helpers_js_1.findDbSubnetGroup)('factiii-' + projectName, region));
|
|
108
41
|
},
|
|
109
42
|
fix: async (config) => {
|
|
110
43
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
111
44
|
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
112
|
-
const privateSubnets = findPrivateSubnets(projectName, region);
|
|
45
|
+
const privateSubnets = await (0, aws_helpers_js_1.findPrivateSubnets)(projectName, region);
|
|
113
46
|
if (privateSubnets.length < 2) {
|
|
114
47
|
console.log(' Need at least 2 private subnets first');
|
|
115
48
|
return false;
|
|
116
49
|
}
|
|
117
50
|
try {
|
|
51
|
+
const rds = (0, aws_helpers_js_1.getRDSClient)(region);
|
|
118
52
|
const groupName = 'factiii-' + projectName;
|
|
119
|
-
(
|
|
120
|
-
|
|
121
|
-
'
|
|
122
|
-
|
|
53
|
+
await rds.send(new aws_helpers_js_1.CreateDBSubnetGroupCommand({
|
|
54
|
+
DBSubnetGroupName: groupName,
|
|
55
|
+
DBSubnetGroupDescription: 'Factiii DB subnet group for ' + projectName,
|
|
56
|
+
SubnetIds: privateSubnets,
|
|
57
|
+
}));
|
|
123
58
|
console.log(' Created DB subnet group: ' + groupName);
|
|
124
59
|
console.log(' Using subnets: ' + privateSubnets.join(', '));
|
|
125
60
|
return true;
|
|
@@ -135,52 +70,54 @@ exports.rdsFixes = [
|
|
|
135
70
|
id: 'aws-rds-instance-missing',
|
|
136
71
|
stage: 'prod',
|
|
137
72
|
severity: 'critical',
|
|
138
|
-
description: 'RDS PostgreSQL 15 instance not created (db.t3.micro)',
|
|
73
|
+
description: '🗃️ RDS PostgreSQL 15 instance not created (db.t3.micro)',
|
|
139
74
|
scan: async (config) => {
|
|
140
|
-
if (!isAwsConfigured(config))
|
|
75
|
+
if (!(0, aws_helpers_js_1.isAwsConfigured)(config))
|
|
141
76
|
return false;
|
|
142
77
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
143
78
|
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
144
79
|
const dbId = 'factiii-' + projectName + '-db';
|
|
145
|
-
return !findRdsInstance(dbId, region);
|
|
80
|
+
return !(await (0, aws_helpers_js_1.findRdsInstance)(dbId, region));
|
|
146
81
|
},
|
|
147
82
|
fix: async (config) => {
|
|
148
83
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
149
84
|
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
150
|
-
const vpcId = findVpc(projectName, region);
|
|
85
|
+
const vpcId = await (0, aws_helpers_js_1.findVpc)(projectName, region);
|
|
151
86
|
if (!vpcId) {
|
|
152
87
|
console.log(' VPC must be created first');
|
|
153
88
|
return false;
|
|
154
89
|
}
|
|
155
90
|
const subnetGroupName = 'factiii-' + projectName;
|
|
156
|
-
if (!findDbSubnetGroup(subnetGroupName, region)) {
|
|
91
|
+
if (!(await (0, aws_helpers_js_1.findDbSubnetGroup)(subnetGroupName, region))) {
|
|
157
92
|
console.log(' DB subnet group must be created first');
|
|
158
93
|
return false;
|
|
159
94
|
}
|
|
160
|
-
const rdsSgId = findSecurityGroup('factiii-' + projectName + '-rds', vpcId, region);
|
|
95
|
+
const rdsSgId = await (0, aws_helpers_js_1.findSecurityGroup)('factiii-' + projectName + '-rds', vpcId, region);
|
|
161
96
|
if (!rdsSgId) {
|
|
162
97
|
console.log(' RDS security group must be created first');
|
|
163
98
|
return false;
|
|
164
99
|
}
|
|
165
100
|
try {
|
|
101
|
+
const rds = (0, aws_helpers_js_1.getRDSClient)(region);
|
|
166
102
|
const dbId = 'factiii-' + projectName + '-db';
|
|
167
103
|
const dbName = projectName.replace(/[^a-zA-Z0-9]/g, '');
|
|
168
104
|
const masterUser = 'factiii';
|
|
169
105
|
const masterPassword = generateRdsPassword();
|
|
170
|
-
(
|
|
171
|
-
|
|
172
|
-
'
|
|
173
|
-
'
|
|
174
|
-
'
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
'
|
|
183
|
-
|
|
106
|
+
await rds.send(new aws_helpers_js_1.CreateDBInstanceCommand({
|
|
107
|
+
DBInstanceIdentifier: dbId,
|
|
108
|
+
DBInstanceClass: 'db.t3.micro',
|
|
109
|
+
Engine: 'postgres',
|
|
110
|
+
EngineVersion: '15',
|
|
111
|
+
AllocatedStorage: 20,
|
|
112
|
+
MasterUsername: masterUser,
|
|
113
|
+
MasterUserPassword: masterPassword,
|
|
114
|
+
DBName: dbName,
|
|
115
|
+
DBSubnetGroupName: subnetGroupName,
|
|
116
|
+
VpcSecurityGroupIds: [rdsSgId],
|
|
117
|
+
PubliclyAccessible: false,
|
|
118
|
+
StorageType: 'gp2',
|
|
119
|
+
BackupRetentionPeriod: 1,
|
|
120
|
+
}));
|
|
184
121
|
console.log(' Creating RDS instance: ' + dbId);
|
|
185
122
|
console.log(' Engine: PostgreSQL 15');
|
|
186
123
|
console.log(' Instance class: db.t3.micro (free tier eligible)');
|
|
@@ -209,16 +146,16 @@ exports.rdsFixes = [
|
|
|
209
146
|
id: 'aws-rds-not-available',
|
|
210
147
|
stage: 'prod',
|
|
211
148
|
severity: 'warning',
|
|
212
|
-
description: 'RDS instance is not yet available (takes ~5-10 min)',
|
|
149
|
+
description: '⏳ RDS instance is not yet available (takes ~5-10 min)',
|
|
213
150
|
scan: async (config) => {
|
|
214
|
-
if (!isAwsConfigured(config))
|
|
151
|
+
if (!(0, aws_helpers_js_1.isAwsConfigured)(config))
|
|
215
152
|
return false;
|
|
216
153
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
217
154
|
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
218
155
|
const dbId = 'factiii-' + projectName + '-db';
|
|
219
|
-
const instance = findRdsInstance(dbId, region);
|
|
156
|
+
const instance = await (0, aws_helpers_js_1.findRdsInstance)(dbId, region);
|
|
220
157
|
if (!instance)
|
|
221
|
-
return false;
|
|
158
|
+
return false;
|
|
222
159
|
return instance.status !== 'available';
|
|
223
160
|
},
|
|
224
161
|
fix: null,
|
|
@@ -228,18 +165,16 @@ exports.rdsFixes = [
|
|
|
228
165
|
id: 'aws-rds-connection-test',
|
|
229
166
|
stage: 'prod',
|
|
230
167
|
severity: 'info',
|
|
231
|
-
description: 'Cannot verify RDS connectivity from EC2 (pg_isready not found)',
|
|
168
|
+
description: '🗃️ Cannot verify RDS connectivity from EC2 (pg_isready not found)',
|
|
232
169
|
scan: async (config) => {
|
|
233
|
-
if (!isAwsConfigured(config))
|
|
170
|
+
if (!(0, aws_helpers_js_1.isAwsConfigured)(config))
|
|
234
171
|
return false;
|
|
235
172
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
236
173
|
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
237
174
|
const dbId = 'factiii-' + projectName + '-db';
|
|
238
|
-
const instance = findRdsInstance(dbId, region);
|
|
175
|
+
const instance = await (0, aws_helpers_js_1.findRdsInstance)(dbId, region);
|
|
239
176
|
if (!instance || instance.status !== 'available' || !instance.endpoint)
|
|
240
177
|
return false;
|
|
241
|
-
// Check if pg_isready is available on EC2 via SSH
|
|
242
|
-
// This scan runs on the dev machine, so we check via SSH
|
|
243
178
|
// eslint-disable-next-line @typescript-eslint/no-require-imports
|
|
244
179
|
const { extractEnvironments } = require('../../../../utils/config-helpers.js');
|
|
245
180
|
const environments = extractEnvironments(config);
|
|
@@ -253,7 +188,7 @@ exports.rdsFixes = [
|
|
|
253
188
|
return result.includes('pg_isready not found') || result.includes('no response');
|
|
254
189
|
}
|
|
255
190
|
catch {
|
|
256
|
-
return false;
|
|
191
|
+
return false;
|
|
257
192
|
}
|
|
258
193
|
},
|
|
259
194
|
fix: null,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rds.js","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/rds.ts"],"names":[],"mappings":";AAAA
|
|
1
|
+
{"version":3,"file":"rds.js","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/rds.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAGH,4DAYiC;AAEjC;;GAEG;AACH,SAAS,mBAAmB;IAC1B,MAAM,KAAK,GAAG,gEAAgE,CAAC;IAC/E,IAAI,QAAQ,GAAG,EAAE,CAAC;IAClB,MAAM,MAAM,GAAG,OAAO,CAAC,QAAQ,CAA4B,CAAC;IAC5D,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;IACrC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5B,QAAQ,IAAI,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC;IACpD,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAEY,QAAA,QAAQ,GAAU;IAC7B;QACE,EAAE,EAAE,8BAA8B;QAClC,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,mDAAmD;QAChE,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACtD,IAAI,CAAC,IAAA,gCAAe,EAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,cAAc,GAAG,MAAM,IAAA,mCAAkB,EAAC,WAAW,EAAE,MAAM,CAAC,CAAC;YACrE,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC5C,OAAO,CAAC,CAAC,MAAM,IAAA,kCAAiB,EAAC,UAAU,GAAG,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC;QACtE,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACrD,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,cAAc,GAAG,MAAM,IAAA,mCAAkB,EAAC,WAAW,EAAE,MAAM,CAAC,CAAC;YACrE,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC9B,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;gBACxD,OAAO,KAAK,CAAC;YACf,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;gBACjC,MAAM,SAAS,GAAG,UAAU,GAAG,WAAW,CAAC;gBAE3C,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,2CAA0B,CAAC;oBAC5C,iBAAiB,EAAE,SAAS;oBAC5B,wBAAwB,EAAE,8BAA8B,GAAG,WAAW;oBACtE,SAAS,EAAE,cAAc;iBAC1B,CAAC,CAAC,CAAC;gBACJ,OAAO,CAAC,GAAG,CAAC,8BAA8B,GAAG,SAAS,CAAC,CAAC;gBACxD,OAAO,CAAC,GAAG,CAAC,oBAAoB,GAAG,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;gBAC9D,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,uCAAuC,GAAG,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBACpG,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,SAAS,EAAE,iEAAiE;KAC7E;IACD;QACE,EAAE,EAAE,0BAA0B;QAC9B,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,0DAA0D;QACvE,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACtD,IAAI,CAAC,IAAA,gCAAe,EAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,IAAI,GAAG,UAAU,GAAG,WAAW,GAAG,KAAK,CAAC;YAC9C,OAAO,CAAC,CAAC,MAAM,IAAA,gCAAe,EAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;QAChD,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACrD,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,KAAK,GAAG,MAAM,IAAA,wBAAO,EAAC,WAAW,EAAE,MAAM,CAAC,CAAC;YACjD,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;gBAC5C,OAAO,KAAK,CAAC;YACf,CAAC;YAED,MAAM,eAAe,GAAG,UAAU,GAAG,WAAW,CAAC;YACjD,IAAI,CAAC,CAAC,MAAM,IAAA,kCAAiB,EAAC,eAAe,EAAE,MAAM,CAAC,CAAC,EAAE,CAAC;gBACxD,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;gBACxD,OAAO,KAAK,CAAC;YACf,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,IAAA,kCAAiB,EAAC,UAAU,GAAG,WAAW,GAAG,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;YAC1F,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAC;gBAC3D,OAAO,KAAK,CAAC;YACf,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;gBACjC,MAAM,IAAI,GAAG,UAAU,GAAG,WAAW,GAAG,KAAK,CAAC;gBAC9C,MAAM,MAAM,GAAG,WAAW,CAAC,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC;gBACxD,MAAM,UAAU,GAAG,SAAS,CAAC;gBAC7B,MAAM,cAAc,GAAG,mBAAmB,EAAE,CAAC;gBAE7C,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,wCAAuB,CAAC;oBACzC,oBAAoB,EAAE,IAAI;oBAC1B,eAAe,EAAE,aAAa;oBAC9B,MAAM,EAAE,UAAU;oBAClB,aAAa,EAAE,IAAI;oBACnB,gBAAgB,EAAE,EAAE;oBACpB,cAAc,EAAE,UAAU;oBAC1B,kBAAkB,EAAE,cAAc;oBAClC,MAAM,EAAE,MAAM;oBACd,iBAAiB,EAAE,eAAe;oBAClC,mBAAmB,EAAE,CAAC,OAAO,CAAC;oBAC9B,kBAAkB,EAAE,KAAK;oBACzB,WAAW,EAAE,KAAK;oBAClB,qBAAqB,EAAE,CAAC;iBACzB,CAAC,CAAC,CAAC;gBAEJ,OAAO,CAAC,GAAG,CAAC,4BAA4B,GAAG,IAAI,CAAC,CAAC;gBACjD,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;gBACxC,OAAO,CAAC,GAAG,CAAC,qDAAqD,CAAC,CAAC;gBACnE,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;gBACrC,OAAO,CAAC,GAAG,CAAC,oBAAoB,GAAG,MAAM,CAAC,CAAC;gBAC3C,OAAO,CAAC,GAAG,CAAC,kBAAkB,GAAG,UAAU,CAAC,CAAC;gBAC7C,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAChB,OAAO,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC;gBACrD,OAAO,CAAC,GAAG,CAAC,sBAAsB,GAAG,cAAc,CAAC,CAAC;gBACrD,OAAO,CAAC,GAAG,CAAC,gCAAgC,GAAG,UAAU,GAAG,GAAG,GAAG,cAAc,GAAG,mBAAmB,GAAG,MAAM,CAAC,CAAC;gBACjH,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAChB,OAAO,CAAC,GAAG,CAAC,0DAA0D,CAAC,CAAC;gBACxE,OAAO,CAAC,GAAG,CAAC,iDAAiD,CAAC,CAAC;gBAC/D,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAChB,OAAO,CAAC,GAAG,CAAC,oEAAoE,CAAC,CAAC;gBAElF,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,oCAAoC,GAAG,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBACjG,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,SAAS,EAAE,uHAAuH;KACnI;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,uDAAuD;QACpE,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACtD,IAAI,CAAC,IAAA,gCAAe,EAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,IAAI,GAAG,UAAU,GAAG,WAAW,GAAG,KAAK,CAAC;YAC9C,MAAM,QAAQ,GAAG,MAAM,IAAA,gCAAe,EAAC,IAAI,EAAE,MAAM,CAAC,CAAC;YACrD,IAAI,CAAC,QAAQ;gBAAE,OAAO,KAAK,CAAC;YAC5B,OAAO,QAAQ,CAAC,MAAM,KAAK,WAAW,CAAC;QACzC,CAAC;QACD,GAAG,EAAE,IAAI;QACT,SAAS,EAAE,wMAAwM;KACpN;IACD;QACE,EAAE,EAAE,yBAAyB;QAC7B,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,oEAAoE;QACjF,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACtD,IAAI,CAAC,IAAA,gCAAe,EAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,IAAI,GAAG,UAAU,GAAG,WAAW,GAAG,KAAK,CAAC;YAC9C,MAAM,QAAQ,GAAG,MAAM,IAAA,gCAAe,EAAC,IAAI,EAAE,MAAM,CAAC,CAAC;YACrD,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,WAAW,IAAI,CAAC,QAAQ,CAAC,QAAQ;gBAAE,OAAO,KAAK,CAAC;YAErF,iEAAiE;YACjE,MAAM,EAAE,mBAAmB,EAAE,GAAG,OAAO,CAAC,qCAAqC,CAAC,CAAC;YAC/E,MAAM,YAAY,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;YACjD,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,IAAI,YAAY,CAAC,UAAU,CAAC;YAC7D,IAAI,CAAC,OAAO,EAAE,MAAM;gBAAE,OAAO,KAAK,CAAC;YAEnC,IAAI,CAAC;gBACH,iEAAiE;gBACjE,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,iCAAiC,CAAC,CAAC;gBAC/D,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,OAAO,EAAE,gDAAgD,GAAG,QAAQ,CAAC,QAAQ,GAAG,8CAA8C,CAAC,CAAC;gBAC7J,OAAO,MAAM,CAAC,QAAQ,CAAC,sBAAsB,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;YACnF,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,GAAG,EAAE,IAAI;QACT,SAAS,EAAE,uIAAuI;KACnJ;CACF,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"s3.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/s3.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"s3.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/s3.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAiB,GAAG,EAAE,MAAM,4BAA4B,CAAC;AAcrE,eAAO,MAAM,OAAO,EAAE,GAAG,EAqHxB,CAAC"}
|