@factiii/stack 0.1.34 → 0.1.35
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +441 -441
- package/bin/stack +46 -0
- package/dist/cli/fix.js +10 -10
- package/dist/cli/fix.js.map +1 -1
- package/dist/cli/init.d.ts.map +1 -1
- package/dist/cli/init.js +20 -7
- package/dist/cli/init.js.map +1 -1
- package/dist/cli/scan.d.ts.map +1 -1
- package/dist/cli/scan.js +14 -22
- package/dist/cli/scan.js.map +1 -1
- package/dist/generators/generate-stack-yml.d.ts +1 -1
- package/dist/generators/generate-stack-yml.d.ts.map +1 -1
- package/dist/generators/generate-stack-yml.js +96 -69
- package/dist/generators/generate-stack-yml.js.map +1 -1
- package/dist/plugins/addons/openclaw/index.d.ts +45 -0
- package/dist/plugins/addons/openclaw/index.d.ts.map +1 -0
- package/dist/plugins/addons/openclaw/index.js +107 -0
- package/dist/plugins/addons/openclaw/index.js.map +1 -0
- package/dist/plugins/addons/openclaw/scanfix/setup.d.ts +19 -0
- package/dist/plugins/addons/openclaw/scanfix/setup.d.ts.map +1 -0
- package/dist/plugins/addons/openclaw/scanfix/setup.js +441 -0
- package/dist/plugins/addons/openclaw/scanfix/setup.js.map +1 -0
- package/dist/plugins/index.d.ts.map +1 -1
- package/dist/plugins/index.js +8 -0
- package/dist/plugins/index.js.map +1 -1
- package/dist/plugins/pipelines/aws/index.js +15 -15
- package/dist/plugins/pipelines/aws/prod.js +7 -7
- package/dist/plugins/pipelines/aws/scanfix/aws-cli.d.ts +3 -1
- package/dist/plugins/pipelines/aws/scanfix/aws-cli.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/aws-cli.js +17 -7
- package/dist/plugins/pipelines/aws/scanfix/aws-cli.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/credentials.d.ts +1 -1
- package/dist/plugins/pipelines/aws/scanfix/credentials.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/credentials.js +27 -73
- package/dist/plugins/pipelines/aws/scanfix/credentials.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/db-replication.d.ts +1 -4
- package/dist/plugins/pipelines/aws/scanfix/db-replication.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/db-replication.js +9 -39
- package/dist/plugins/pipelines/aws/scanfix/db-replication.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/ec2.d.ts +1 -0
- package/dist/plugins/pipelines/aws/scanfix/ec2.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/ec2.js +61 -110
- package/dist/plugins/pipelines/aws/scanfix/ec2.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/ecr.d.ts +1 -0
- package/dist/plugins/pipelines/aws/scanfix/ecr.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/ecr.js +25 -34
- package/dist/plugins/pipelines/aws/scanfix/ecr.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/iam.d.ts +1 -0
- package/dist/plugins/pipelines/aws/scanfix/iam.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/iam.js +35 -44
- package/dist/plugins/pipelines/aws/scanfix/iam.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/rds.d.ts +1 -0
- package/dist/plugins/pipelines/aws/scanfix/rds.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/rds.js +39 -104
- package/dist/plugins/pipelines/aws/scanfix/rds.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/s3.d.ts +1 -0
- package/dist/plugins/pipelines/aws/scanfix/s3.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/s3.js +44 -53
- package/dist/plugins/pipelines/aws/scanfix/s3.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/security-groups.d.ts +1 -0
- package/dist/plugins/pipelines/aws/scanfix/security-groups.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/security-groups.js +80 -79
- package/dist/plugins/pipelines/aws/scanfix/security-groups.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/ses.d.ts +1 -0
- package/dist/plugins/pipelines/aws/scanfix/ses.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/ses.js +28 -50
- package/dist/plugins/pipelines/aws/scanfix/ses.js.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/ssh-bridge.d.ts +17 -0
- package/dist/plugins/pipelines/aws/scanfix/ssh-bridge.d.ts.map +1 -0
- package/dist/plugins/pipelines/aws/scanfix/ssh-bridge.js +180 -0
- package/dist/plugins/pipelines/aws/scanfix/ssh-bridge.js.map +1 -0
- package/dist/plugins/pipelines/aws/scanfix/vpc.d.ts +1 -0
- package/dist/plugins/pipelines/aws/scanfix/vpc.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/scanfix/vpc.js +93 -94
- package/dist/plugins/pipelines/aws/scanfix/vpc.js.map +1 -1
- package/dist/plugins/pipelines/aws/utils/aws-helpers.d.ts +101 -28
- package/dist/plugins/pipelines/aws/utils/aws-helpers.d.ts.map +1 -1
- package/dist/plugins/pipelines/aws/utils/aws-helpers.js +428 -76
- package/dist/plugins/pipelines/aws/utils/aws-helpers.js.map +1 -1
- package/dist/plugins/pipelines/factiii/index.d.ts +11 -1
- package/dist/plugins/pipelines/factiii/index.d.ts.map +1 -1
- package/dist/plugins/pipelines/factiii/index.js +183 -33
- package/dist/plugins/pipelines/factiii/index.js.map +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/config.d.ts +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/config.js +4 -4
- package/dist/plugins/pipelines/factiii/scanfix/secrets.d.ts.map +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/secrets.js +68 -8
- package/dist/plugins/pipelines/factiii/scanfix/secrets.js.map +1 -1
- package/dist/plugins/servers/mac/index.js +13 -13
- package/dist/plugins/servers/mac/staging.js +4 -4
- package/dist/scanfix/fixes/certbot.js +1 -1
- package/dist/scripts/validate-example-values.d.ts +1 -1
- package/dist/scripts/validate-example-values.js +6 -6
- package/dist/utils/config-helpers.d.ts +3 -0
- package/dist/utils/config-helpers.d.ts.map +1 -1
- package/dist/utils/config-helpers.js.map +1 -1
- package/dist/utils/secret-prompts.d.ts +5 -2
- package/dist/utils/secret-prompts.d.ts.map +1 -1
- package/dist/utils/secret-prompts.js +55 -32
- package/dist/utils/secret-prompts.js.map +1 -1
- package/dist/utils/template-generator.js +71 -71
- package/package.json +8 -1
|
@@ -0,0 +1,180 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* AWS SSH Bridge Fixes
|
|
4
|
+
*
|
|
5
|
+
* Bridges the gap between AWS EC2 key pair creation and the factiii
|
|
6
|
+
* SSH key convention (Ansible Vault PROD_SSH + ~/.ssh/prod_deploy_key).
|
|
7
|
+
*
|
|
8
|
+
* After EC2 provisions a key pair and saves it to ~/.ssh/prod_deploy_key,
|
|
9
|
+
* this fix automatically stores it in Ansible Vault as PROD_SSH so that:
|
|
10
|
+
* - Other dev machines can pull the key via `npx stack secrets write-ssh-keys`
|
|
11
|
+
* - The `missing-prod-ssh` secrets check passes
|
|
12
|
+
* - canReach('prod') returns via: 'ssh' on subsequent runs
|
|
13
|
+
*
|
|
14
|
+
* Uses AWS SDK v3 for Elastic IP lookup.
|
|
15
|
+
*/
|
|
16
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
17
|
+
if (k2 === undefined) k2 = k;
|
|
18
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
19
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
20
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
21
|
+
}
|
|
22
|
+
Object.defineProperty(o, k2, desc);
|
|
23
|
+
}) : (function(o, m, k, k2) {
|
|
24
|
+
if (k2 === undefined) k2 = k;
|
|
25
|
+
o[k2] = m[k];
|
|
26
|
+
}));
|
|
27
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
28
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
29
|
+
}) : function(o, v) {
|
|
30
|
+
o["default"] = v;
|
|
31
|
+
});
|
|
32
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
33
|
+
var ownKeys = function(o) {
|
|
34
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
35
|
+
var ar = [];
|
|
36
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
37
|
+
return ar;
|
|
38
|
+
};
|
|
39
|
+
return ownKeys(o);
|
|
40
|
+
};
|
|
41
|
+
return function (mod) {
|
|
42
|
+
if (mod && mod.__esModule) return mod;
|
|
43
|
+
var result = {};
|
|
44
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
45
|
+
__setModuleDefault(result, mod);
|
|
46
|
+
return result;
|
|
47
|
+
};
|
|
48
|
+
})();
|
|
49
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
50
|
+
exports.sshBridgeFixes = void 0;
|
|
51
|
+
const fs = __importStar(require("fs"));
|
|
52
|
+
const os = __importStar(require("os"));
|
|
53
|
+
const path = __importStar(require("path"));
|
|
54
|
+
const aws_helpers_js_1 = require("../utils/aws-helpers.js");
|
|
55
|
+
/**
|
|
56
|
+
* Get the Ansible Vault store for this project (if configured)
|
|
57
|
+
*/
|
|
58
|
+
function getAnsibleStore(config, rootDir) {
|
|
59
|
+
if (!config.ansible?.vault_path)
|
|
60
|
+
return null;
|
|
61
|
+
// eslint-disable-next-line @typescript-eslint/no-require-imports
|
|
62
|
+
const { AnsibleVaultSecrets } = require('../../../../utils/ansible-vault-secrets.js');
|
|
63
|
+
return new AnsibleVaultSecrets({
|
|
64
|
+
vault_path: config.ansible.vault_path,
|
|
65
|
+
vault_password_file: config.ansible.vault_password_file,
|
|
66
|
+
rootDir,
|
|
67
|
+
});
|
|
68
|
+
}
|
|
69
|
+
exports.sshBridgeFixes = [
|
|
70
|
+
{
|
|
71
|
+
id: 'aws-ssh-bridge-vault',
|
|
72
|
+
stage: 'prod',
|
|
73
|
+
severity: 'warning',
|
|
74
|
+
description: '🔑 EC2 key pair exists on disk but PROD_SSH not stored in Ansible Vault',
|
|
75
|
+
scan: async (config, rootDir) => {
|
|
76
|
+
if (!(0, aws_helpers_js_1.isAwsConfigured)(config))
|
|
77
|
+
return false;
|
|
78
|
+
if (!config.ansible?.vault_path)
|
|
79
|
+
return false;
|
|
80
|
+
// Check if key file exists on disk (created by aws-keypair-missing fix)
|
|
81
|
+
const keyPath = path.join(os.homedir(), '.ssh', 'prod_deploy_key');
|
|
82
|
+
if (!fs.existsSync(keyPath))
|
|
83
|
+
return false;
|
|
84
|
+
// Check if PROD_SSH is already in vault
|
|
85
|
+
const store = getAnsibleStore(config, rootDir);
|
|
86
|
+
if (!store)
|
|
87
|
+
return false;
|
|
88
|
+
try {
|
|
89
|
+
const result = await store.checkSecrets(['PROD_SSH']);
|
|
90
|
+
return result.missing?.includes('PROD_SSH') ?? false;
|
|
91
|
+
}
|
|
92
|
+
catch {
|
|
93
|
+
return false;
|
|
94
|
+
}
|
|
95
|
+
},
|
|
96
|
+
fix: async (config, rootDir) => {
|
|
97
|
+
const keyPath = path.join(os.homedir(), '.ssh', 'prod_deploy_key');
|
|
98
|
+
if (!fs.existsSync(keyPath)) {
|
|
99
|
+
console.log(' Key file not found at ' + keyPath);
|
|
100
|
+
return false;
|
|
101
|
+
}
|
|
102
|
+
const store = getAnsibleStore(config, rootDir);
|
|
103
|
+
if (!store) {
|
|
104
|
+
console.log(' Ansible Vault not configured');
|
|
105
|
+
return false;
|
|
106
|
+
}
|
|
107
|
+
try {
|
|
108
|
+
const keyContent = fs.readFileSync(keyPath, 'utf8');
|
|
109
|
+
const result = await store.setSecret('PROD_SSH', keyContent.trim());
|
|
110
|
+
if (result.success) {
|
|
111
|
+
console.log(' Stored EC2 key pair as PROD_SSH in Ansible Vault');
|
|
112
|
+
console.log(' Other dev machines can pull it with: npx stack secrets write-ssh-keys');
|
|
113
|
+
return true;
|
|
114
|
+
}
|
|
115
|
+
console.log(' Failed to store in vault: ' + (result.error ?? 'unknown error'));
|
|
116
|
+
return false;
|
|
117
|
+
}
|
|
118
|
+
catch (e) {
|
|
119
|
+
console.log(' Failed to store key in vault: ' + (e instanceof Error ? e.message : String(e)));
|
|
120
|
+
return false;
|
|
121
|
+
}
|
|
122
|
+
},
|
|
123
|
+
manualFix: 'Store the EC2 key pair in vault: npx stack secrets set PROD_SSH\n' +
|
|
124
|
+
' Then paste the contents of ~/.ssh/prod_deploy_key',
|
|
125
|
+
},
|
|
126
|
+
{
|
|
127
|
+
id: 'aws-ssh-bridge-domain',
|
|
128
|
+
stage: 'prod',
|
|
129
|
+
severity: 'warning',
|
|
130
|
+
description: '🔑 EC2 has Elastic IP but prod.domain still has EXAMPLE- placeholder',
|
|
131
|
+
scan: async (config) => {
|
|
132
|
+
if (!(0, aws_helpers_js_1.isAwsConfigured)(config))
|
|
133
|
+
return false;
|
|
134
|
+
// Check if prod domain is still a placeholder
|
|
135
|
+
// eslint-disable-next-line @typescript-eslint/no-require-imports
|
|
136
|
+
const { extractEnvironments } = require('../../../../utils/config-helpers.js');
|
|
137
|
+
const environments = extractEnvironments(config);
|
|
138
|
+
const prodEnv = environments.prod ?? environments.production;
|
|
139
|
+
if (!prodEnv?.domain || !prodEnv.domain.startsWith('EXAMPLE-'))
|
|
140
|
+
return false;
|
|
141
|
+
// Check if EC2 instance has an Elastic IP
|
|
142
|
+
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
143
|
+
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
144
|
+
const instanceId = await (0, aws_helpers_js_1.findInstance)(projectName, region);
|
|
145
|
+
if (!instanceId)
|
|
146
|
+
return false;
|
|
147
|
+
const eip = await (0, aws_helpers_js_1.findElasticIp)(instanceId, region);
|
|
148
|
+
return !!eip;
|
|
149
|
+
},
|
|
150
|
+
fix: async (config, rootDir) => {
|
|
151
|
+
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
152
|
+
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
153
|
+
const instanceId = await (0, aws_helpers_js_1.findInstance)(projectName, region);
|
|
154
|
+
if (!instanceId) {
|
|
155
|
+
console.log(' EC2 instance not found');
|
|
156
|
+
return false;
|
|
157
|
+
}
|
|
158
|
+
const eip = await (0, aws_helpers_js_1.findElasticIp)(instanceId, region);
|
|
159
|
+
if (!eip) {
|
|
160
|
+
console.log(' No Elastic IP assigned to EC2 instance');
|
|
161
|
+
return false;
|
|
162
|
+
}
|
|
163
|
+
try {
|
|
164
|
+
const { updateConfigValue } = await Promise.resolve().then(() => __importStar(require('../../../../utils/config-writer.js')));
|
|
165
|
+
const dir = rootDir || process.cwd();
|
|
166
|
+
updateConfigValue(dir, 'prod.domain', eip);
|
|
167
|
+
updateConfigValue(dir, 'prod.ssh_user', 'ubuntu');
|
|
168
|
+
console.log(' Updated prod.domain to ' + eip + ' in stack.yml');
|
|
169
|
+
console.log(' Updated prod.ssh_user to ubuntu');
|
|
170
|
+
return true;
|
|
171
|
+
}
|
|
172
|
+
catch (e) {
|
|
173
|
+
console.log(' Failed to update stack.yml: ' + (e instanceof Error ? e.message : String(e)));
|
|
174
|
+
return false;
|
|
175
|
+
}
|
|
176
|
+
},
|
|
177
|
+
manualFix: 'Update prod.domain in stack.yml with the EC2 Elastic IP address',
|
|
178
|
+
},
|
|
179
|
+
];
|
|
180
|
+
//# sourceMappingURL=ssh-bridge.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ssh-bridge.js","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/ssh-bridge.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,uCAAyB;AACzB,uCAAyB;AACzB,2CAA6B;AAE7B,4DAMiC;AAEjC;;GAEG;AACH,SAAS,eAAe,CAAC,MAAqB,EAAE,OAAe;IAC7D,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,UAAU;QAAE,OAAO,IAAI,CAAC;IAC7C,iEAAiE;IACjE,MAAM,EAAE,mBAAmB,EAAE,GAAG,OAAO,CAAC,4CAA4C,CAAC,CAAC;IACtF,OAAO,IAAI,mBAAmB,CAAC;QAC7B,UAAU,EAAE,MAAM,CAAC,OAAO,CAAC,UAAU;QACrC,mBAAmB,EAAE,MAAM,CAAC,OAAO,CAAC,mBAAmB;QACvD,OAAO;KACR,CAAC,CAAC;AACL,CAAC;AAEY,QAAA,cAAc,GAAU;IACnC;QACE,EAAE,EAAE,sBAAsB;QAC1B,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,yEAAyE;QACtF,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAE,OAAe,EAAoB,EAAE;YACvE,IAAI,CAAC,IAAA,gCAAe,EAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,UAAU;gBAAE,OAAO,KAAK,CAAC;YAE9C,wEAAwE;YACxE,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,iBAAiB,CAAC,CAAC;YACnE,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC;gBAAE,OAAO,KAAK,CAAC;YAE1C,wCAAwC;YACxC,MAAM,KAAK,GAAG,eAAe,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YAC/C,IAAI,CAAC,KAAK;gBAAE,OAAO,KAAK,CAAC;YAEzB,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;gBACtD,OAAO,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,IAAI,KAAK,CAAC;YACvD,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,MAAqB,EAAE,OAAe,EAAoB,EAAE;YACtE,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,iBAAiB,CAAC,CAAC;YACnE,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC5B,OAAO,CAAC,GAAG,CAAC,2BAA2B,GAAG,OAAO,CAAC,CAAC;gBACnD,OAAO,KAAK,CAAC;YACf,CAAC;YAED,MAAM,KAAK,GAAG,eAAe,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YAC/C,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,iCAAiC,CAAC,CAAC;gBAC/C,OAAO,KAAK,CAAC;YACf,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,UAAU,GAAG,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;gBACpD,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,SAAS,CAAC,UAAU,EAAE,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC;gBACpE,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;oBACnB,OAAO,CAAC,GAAG,CAAC,qDAAqD,CAAC,CAAC;oBACnE,OAAO,CAAC,GAAG,CAAC,0EAA0E,CAAC,CAAC;oBACxF,OAAO,IAAI,CAAC;gBACd,CAAC;gBACD,OAAO,CAAC,GAAG,CAAC,+BAA+B,GAAG,CAAC,MAAM,CAAC,KAAK,IAAI,eAAe,CAAC,CAAC,CAAC;gBACjF,OAAO,KAAK,CAAC;YACf,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,mCAAmC,GAAG,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAChG,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,SAAS,EAAE,mEAAmE;YAC5E,yDAAyD;KAC5D;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,sEAAsE;QACnF,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACtD,IAAI,CAAC,IAAA,gCAAe,EAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAE3C,8CAA8C;YAC9C,iEAAiE;YACjE,MAAM,EAAE,mBAAmB,EAAE,GAAG,OAAO,CAAC,qCAAqC,CAAC,CAAC;YAC/E,MAAM,YAAY,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;YACjD,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,IAAI,YAAY,CAAC,UAAU,CAAC;YAC7D,IAAI,CAAC,OAAO,EAAE,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC;gBAAE,OAAO,KAAK,CAAC;YAE7E,0CAA0C;YAC1C,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,UAAU,GAAG,MAAM,IAAA,6BAAY,EAAC,WAAW,EAAE,MAAM,CAAC,CAAC;YAC3D,IAAI,CAAC,UAAU;gBAAE,OAAO,KAAK,CAAC;YAE9B,MAAM,GAAG,GAAG,MAAM,IAAA,8BAAa,EAAC,UAAU,EAAE,MAAM,CAAC,CAAC;YACpD,OAAO,CAAC,CAAC,GAAG,CAAC;QACf,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,MAAqB,EAAE,OAAe,EAAoB,EAAE;YACtE,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,UAAU,GAAG,MAAM,IAAA,6BAAY,EAAC,WAAW,EAAE,MAAM,CAAC,CAAC;YAC3D,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;gBACzC,OAAO,KAAK,CAAC;YACf,CAAC;YAED,MAAM,GAAG,GAAG,MAAM,IAAA,8BAAa,EAAC,UAAU,EAAE,MAAM,CAAC,CAAC;YACpD,IAAI,CAAC,GAAG,EAAE,CAAC;gBACT,OAAO,CAAC,GAAG,CAAC,2CAA2C,CAAC,CAAC;gBACzD,OAAO,KAAK,CAAC;YACf,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,EAAE,iBAAiB,EAAE,GAAG,wDAAa,oCAAoC,GAAC,CAAC;gBACjF,MAAM,GAAG,GAAG,OAAO,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;gBACrC,iBAAiB,CAAC,GAAG,EAAE,aAAa,EAAE,GAAG,CAAC,CAAC;gBAC3C,iBAAiB,CAAC,GAAG,EAAE,eAAe,EAAE,QAAQ,CAAC,CAAC;gBAClD,OAAO,CAAC,GAAG,CAAC,4BAA4B,GAAG,GAAG,GAAG,eAAe,CAAC,CAAC;gBAClE,OAAO,CAAC,GAAG,CAAC,oCAAoC,CAAC,CAAC;gBAClD,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,iCAAiC,GAAG,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC9F,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,SAAS,EAAE,iEAAiE;KAC7E;CACF,CAAC"}
|
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
*
|
|
4
4
|
* Provisions VPC, subnets, and internet gateway for AWS infrastructure.
|
|
5
5
|
* All resources are tagged with factiii:project={name} for identification.
|
|
6
|
+
* Uses AWS SDK v3 instead of CLI.
|
|
6
7
|
*/
|
|
7
8
|
import type { Fix } from '../../../../types/index.js';
|
|
8
9
|
export declare const vpcFixes: Fix[];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"vpc.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/vpc.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"vpc.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/vpc.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAiB,GAAG,EAAE,MAAM,4BAA4B,CAAC;AAuBrE,eAAO,MAAM,QAAQ,EAAE,GAAG,EA4OzB,CAAC"}
|
|
@@ -4,59 +4,11 @@
|
|
|
4
4
|
*
|
|
5
5
|
* Provisions VPC, subnets, and internet gateway for AWS infrastructure.
|
|
6
6
|
* All resources are tagged with factiii:project={name} for identification.
|
|
7
|
+
* Uses AWS SDK v3 instead of CLI.
|
|
7
8
|
*/
|
|
8
9
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
9
10
|
exports.vpcFixes = void 0;
|
|
10
11
|
const aws_helpers_js_1 = require("../utils/aws-helpers.js");
|
|
11
|
-
/**
|
|
12
|
-
* Find VPC by factiii:project tag
|
|
13
|
-
*/
|
|
14
|
-
function findVpc(projectName, region) {
|
|
15
|
-
const result = (0, aws_helpers_js_1.awsExecSafe)('aws ec2 describe-vpcs --filters "Name=tag:factiii:project,Values=' + projectName + '" --query "Vpcs[0].VpcId" --output text', region);
|
|
16
|
-
if (!result || result === 'None' || result === 'null')
|
|
17
|
-
return null;
|
|
18
|
-
return result.replace(/"/g, '');
|
|
19
|
-
}
|
|
20
|
-
/**
|
|
21
|
-
* Find subnet by tag and type
|
|
22
|
-
*/
|
|
23
|
-
function findSubnet(projectName, region, type) {
|
|
24
|
-
const result = (0, aws_helpers_js_1.awsExecSafe)('aws ec2 describe-subnets --filters "Name=tag:factiii:project,Values=' + projectName + '" "Name=tag:factiii:subnet-type,Values=' + type + '" --query "Subnets[0].SubnetId" --output text', region);
|
|
25
|
-
if (!result || result === 'None' || result === 'null')
|
|
26
|
-
return null;
|
|
27
|
-
return result.replace(/"/g, '');
|
|
28
|
-
}
|
|
29
|
-
/**
|
|
30
|
-
* Find all private subnets
|
|
31
|
-
*/
|
|
32
|
-
function findPrivateSubnets(projectName, region) {
|
|
33
|
-
const result = (0, aws_helpers_js_1.awsExecSafe)('aws ec2 describe-subnets --filters "Name=tag:factiii:project,Values=' + projectName + '" "Name=tag:factiii:subnet-type,Values=private" --query "Subnets[*].SubnetId" --output text', region);
|
|
34
|
-
if (!result || result === 'None' || result === 'null')
|
|
35
|
-
return [];
|
|
36
|
-
return result.split(/\s+/).filter(Boolean);
|
|
37
|
-
}
|
|
38
|
-
/**
|
|
39
|
-
* Find internet gateway attached to VPC
|
|
40
|
-
*/
|
|
41
|
-
function findIgw(vpcId, region) {
|
|
42
|
-
const result = (0, aws_helpers_js_1.awsExecSafe)('aws ec2 describe-internet-gateways --filters "Name=attachment.vpc-id,Values=' + vpcId + '" --query "InternetGateways[0].InternetGatewayId" --output text', region);
|
|
43
|
-
if (!result || result === 'None' || result === 'null')
|
|
44
|
-
return null;
|
|
45
|
-
return result.replace(/"/g, '');
|
|
46
|
-
}
|
|
47
|
-
/**
|
|
48
|
-
* Check if AWS is configured for this project (skip fixes if not)
|
|
49
|
-
*/
|
|
50
|
-
function isAwsConfigured(config) {
|
|
51
|
-
if ((0, aws_helpers_js_1.isOnServer)())
|
|
52
|
-
return false;
|
|
53
|
-
if (config.aws)
|
|
54
|
-
return true;
|
|
55
|
-
// eslint-disable-next-line @typescript-eslint/no-require-imports
|
|
56
|
-
const { extractEnvironments } = require('../../../../utils/config-helpers.js');
|
|
57
|
-
const environments = extractEnvironments(config);
|
|
58
|
-
return Object.values(environments).some((e) => e.pipeline === 'aws');
|
|
59
|
-
}
|
|
60
12
|
exports.vpcFixes = [
|
|
61
13
|
{
|
|
62
14
|
id: 'aws-vpc-missing',
|
|
@@ -64,24 +16,34 @@ exports.vpcFixes = [
|
|
|
64
16
|
severity: 'critical',
|
|
65
17
|
description: '🌐 AWS VPC not created for this project',
|
|
66
18
|
scan: async (config) => {
|
|
67
|
-
if (!isAwsConfigured(config))
|
|
19
|
+
if (!(0, aws_helpers_js_1.isAwsConfigured)(config))
|
|
68
20
|
return false;
|
|
69
21
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
70
22
|
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
71
|
-
return !findVpc(projectName, region);
|
|
23
|
+
return !(await (0, aws_helpers_js_1.findVpc)(projectName, region));
|
|
72
24
|
},
|
|
73
25
|
fix: async (config) => {
|
|
74
26
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
75
27
|
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
76
28
|
try {
|
|
29
|
+
const ec2 = (0, aws_helpers_js_1.getEC2Client)(region);
|
|
77
30
|
// Create VPC
|
|
78
|
-
const vpcResult =
|
|
79
|
-
|
|
31
|
+
const vpcResult = await ec2.send(new aws_helpers_js_1.CreateVpcCommand({
|
|
32
|
+
CidrBlock: '10.0.0.0/16',
|
|
33
|
+
TagSpecifications: [(0, aws_helpers_js_1.tagSpec)('vpc', projectName)],
|
|
34
|
+
}));
|
|
35
|
+
const vpcId = vpcResult.Vpc?.VpcId;
|
|
80
36
|
console.log(' Created VPC: ' + vpcId);
|
|
81
37
|
// Enable DNS hostnames
|
|
82
|
-
(
|
|
38
|
+
await ec2.send(new aws_helpers_js_1.ModifyVpcAttributeCommand({
|
|
39
|
+
VpcId: vpcId,
|
|
40
|
+
EnableDnsHostnames: { Value: true },
|
|
41
|
+
}));
|
|
83
42
|
// Enable DNS support
|
|
84
|
-
(
|
|
43
|
+
await ec2.send(new aws_helpers_js_1.ModifyVpcAttributeCommand({
|
|
44
|
+
VpcId: vpcId,
|
|
45
|
+
EnableDnsSupport: { Value: true },
|
|
46
|
+
}));
|
|
85
47
|
console.log(' Enabled DNS hostnames and support');
|
|
86
48
|
return true;
|
|
87
49
|
}
|
|
@@ -98,32 +60,44 @@ exports.vpcFixes = [
|
|
|
98
60
|
severity: 'critical',
|
|
99
61
|
description: '🌐 Public subnet not created (for EC2)',
|
|
100
62
|
scan: async (config) => {
|
|
101
|
-
if (!isAwsConfigured(config))
|
|
63
|
+
if (!(0, aws_helpers_js_1.isAwsConfigured)(config))
|
|
102
64
|
return false;
|
|
103
65
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
104
66
|
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
105
|
-
if (!findVpc(projectName, region))
|
|
106
|
-
return false;
|
|
107
|
-
return !findSubnet(projectName, region, 'public');
|
|
67
|
+
if (!(await (0, aws_helpers_js_1.findVpc)(projectName, region)))
|
|
68
|
+
return false;
|
|
69
|
+
return !(await (0, aws_helpers_js_1.findSubnet)(projectName, region, 'public'));
|
|
108
70
|
},
|
|
109
71
|
fix: async (config) => {
|
|
110
72
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
111
73
|
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
112
|
-
const vpcId = findVpc(projectName, region);
|
|
74
|
+
const vpcId = await (0, aws_helpers_js_1.findVpc)(projectName, region);
|
|
113
75
|
if (!vpcId) {
|
|
114
76
|
console.log(' VPC must be created first');
|
|
115
77
|
return false;
|
|
116
78
|
}
|
|
117
79
|
try {
|
|
80
|
+
const ec2 = (0, aws_helpers_js_1.getEC2Client)(region);
|
|
118
81
|
// Get first AZ
|
|
119
|
-
const azResult = (
|
|
120
|
-
const az = azResult.
|
|
82
|
+
const azResult = await ec2.send(new aws_helpers_js_1.DescribeAvailabilityZonesCommand({}));
|
|
83
|
+
const az = azResult.AvailabilityZones?.[0]?.ZoneName;
|
|
84
|
+
if (!az) {
|
|
85
|
+
console.log(' No availability zones found');
|
|
86
|
+
return false;
|
|
87
|
+
}
|
|
121
88
|
// Create public subnet
|
|
122
|
-
const subnetResult = (
|
|
123
|
-
|
|
124
|
-
|
|
89
|
+
const subnetResult = await ec2.send(new aws_helpers_js_1.CreateSubnetCommand({
|
|
90
|
+
VpcId: vpcId,
|
|
91
|
+
CidrBlock: '10.0.1.0/24',
|
|
92
|
+
AvailabilityZone: az,
|
|
93
|
+
TagSpecifications: [(0, aws_helpers_js_1.tagSpec)('subnet', projectName, { 'factiii:subnet-type': 'public' })],
|
|
94
|
+
}));
|
|
95
|
+
const subnetId = subnetResult.Subnet?.SubnetId;
|
|
125
96
|
// Enable auto-assign public IP
|
|
126
|
-
(
|
|
97
|
+
await ec2.send(new aws_helpers_js_1.ModifySubnetAttributeCommand({
|
|
98
|
+
SubnetId: subnetId,
|
|
99
|
+
MapPublicIpOnLaunch: { Value: true },
|
|
100
|
+
}));
|
|
127
101
|
console.log(' Created public subnet: ' + subnetId + ' in ' + az);
|
|
128
102
|
return true;
|
|
129
103
|
}
|
|
@@ -140,40 +114,49 @@ exports.vpcFixes = [
|
|
|
140
114
|
severity: 'critical',
|
|
141
115
|
description: '🌐 Private subnets not created (for RDS)',
|
|
142
116
|
scan: async (config) => {
|
|
143
|
-
if (!isAwsConfigured(config))
|
|
117
|
+
if (!(0, aws_helpers_js_1.isAwsConfigured)(config))
|
|
144
118
|
return false;
|
|
145
119
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
146
120
|
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
147
|
-
if (!findVpc(projectName, region))
|
|
121
|
+
if (!(await (0, aws_helpers_js_1.findVpc)(projectName, region)))
|
|
148
122
|
return false;
|
|
149
|
-
const privateSubnets = findPrivateSubnets(projectName, region);
|
|
150
|
-
return privateSubnets.length < 2;
|
|
123
|
+
const privateSubnets = await (0, aws_helpers_js_1.findPrivateSubnets)(projectName, region);
|
|
124
|
+
return privateSubnets.length < 2;
|
|
151
125
|
},
|
|
152
126
|
fix: async (config) => {
|
|
153
127
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
154
128
|
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
155
|
-
const vpcId = findVpc(projectName, region);
|
|
129
|
+
const vpcId = await (0, aws_helpers_js_1.findVpc)(projectName, region);
|
|
156
130
|
if (!vpcId) {
|
|
157
131
|
console.log(' VPC must be created first');
|
|
158
132
|
return false;
|
|
159
133
|
}
|
|
160
134
|
try {
|
|
135
|
+
const ec2 = (0, aws_helpers_js_1.getEC2Client)(region);
|
|
161
136
|
// Get first two AZs
|
|
162
|
-
const azResult = (
|
|
163
|
-
const azs = azResult.
|
|
137
|
+
const azResult = await ec2.send(new aws_helpers_js_1.DescribeAvailabilityZonesCommand({}));
|
|
138
|
+
const azs = (azResult.AvailabilityZones ?? []).map(az => az.ZoneName).filter(Boolean);
|
|
164
139
|
if (azs.length < 2) {
|
|
165
140
|
console.log(' Need at least 2 availability zones');
|
|
166
141
|
return false;
|
|
167
142
|
}
|
|
168
|
-
// Create private subnet 1
|
|
169
|
-
const sub1Result = (
|
|
170
|
-
|
|
171
|
-
|
|
143
|
+
// Create private subnet 1
|
|
144
|
+
const sub1Result = await ec2.send(new aws_helpers_js_1.CreateSubnetCommand({
|
|
145
|
+
VpcId: vpcId,
|
|
146
|
+
CidrBlock: '10.0.2.0/24',
|
|
147
|
+
AvailabilityZone: azs[0],
|
|
148
|
+
TagSpecifications: [(0, aws_helpers_js_1.tagSpec)('subnet', projectName, { 'factiii:subnet-type': 'private' })],
|
|
149
|
+
}));
|
|
150
|
+
const sub1Id = sub1Result.Subnet?.SubnetId;
|
|
172
151
|
console.log(' Created private subnet 1: ' + sub1Id + ' in ' + azs[0]);
|
|
173
|
-
// Create private subnet 2
|
|
174
|
-
const sub2Result = (
|
|
175
|
-
|
|
176
|
-
|
|
152
|
+
// Create private subnet 2
|
|
153
|
+
const sub2Result = await ec2.send(new aws_helpers_js_1.CreateSubnetCommand({
|
|
154
|
+
VpcId: vpcId,
|
|
155
|
+
CidrBlock: '10.0.3.0/24',
|
|
156
|
+
AvailabilityZone: azs[1],
|
|
157
|
+
TagSpecifications: [(0, aws_helpers_js_1.tagSpec)('subnet', projectName, { 'factiii:subnet-type': 'private' })],
|
|
158
|
+
}));
|
|
159
|
+
const sub2Id = sub2Result.Subnet?.SubnetId;
|
|
177
160
|
console.log(' Created private subnet 2: ' + sub2Id + ' in ' + azs[1]);
|
|
178
161
|
return true;
|
|
179
162
|
}
|
|
@@ -190,40 +173,56 @@ exports.vpcFixes = [
|
|
|
190
173
|
severity: 'critical',
|
|
191
174
|
description: '🌐 Internet Gateway not attached to VPC',
|
|
192
175
|
scan: async (config) => {
|
|
193
|
-
if (!isAwsConfigured(config))
|
|
176
|
+
if (!(0, aws_helpers_js_1.isAwsConfigured)(config))
|
|
194
177
|
return false;
|
|
195
178
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
196
179
|
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
197
|
-
const vpcId = findVpc(projectName, region);
|
|
180
|
+
const vpcId = await (0, aws_helpers_js_1.findVpc)(projectName, region);
|
|
198
181
|
if (!vpcId)
|
|
199
182
|
return false;
|
|
200
|
-
return !findIgw(vpcId, region);
|
|
183
|
+
return !(await (0, aws_helpers_js_1.findIgw)(vpcId, region));
|
|
201
184
|
},
|
|
202
185
|
fix: async (config) => {
|
|
203
186
|
const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
|
|
204
187
|
const projectName = (0, aws_helpers_js_1.getProjectName)(config);
|
|
205
|
-
const vpcId = findVpc(projectName, region);
|
|
188
|
+
const vpcId = await (0, aws_helpers_js_1.findVpc)(projectName, region);
|
|
206
189
|
if (!vpcId) {
|
|
207
190
|
console.log(' VPC must be created first');
|
|
208
191
|
return false;
|
|
209
192
|
}
|
|
210
193
|
try {
|
|
194
|
+
const ec2 = (0, aws_helpers_js_1.getEC2Client)(region);
|
|
211
195
|
// Create IGW
|
|
212
|
-
const igwResult =
|
|
213
|
-
|
|
196
|
+
const igwResult = await ec2.send(new aws_helpers_js_1.CreateInternetGatewayCommand({
|
|
197
|
+
TagSpecifications: [(0, aws_helpers_js_1.tagSpec)('internet-gateway', projectName)],
|
|
198
|
+
}));
|
|
199
|
+
const igwId = igwResult.InternetGateway?.InternetGatewayId;
|
|
214
200
|
console.log(' Created Internet Gateway: ' + igwId);
|
|
215
201
|
// Attach to VPC
|
|
216
|
-
(
|
|
202
|
+
await ec2.send(new aws_helpers_js_1.AttachInternetGatewayCommand({
|
|
203
|
+
InternetGatewayId: igwId,
|
|
204
|
+
VpcId: vpcId,
|
|
205
|
+
}));
|
|
217
206
|
console.log(' Attached to VPC');
|
|
218
|
-
// Create route table
|
|
219
|
-
const rtResult =
|
|
220
|
-
|
|
207
|
+
// Create route table
|
|
208
|
+
const rtResult = await ec2.send(new aws_helpers_js_1.CreateRouteTableCommand({
|
|
209
|
+
VpcId: vpcId,
|
|
210
|
+
TagSpecifications: [(0, aws_helpers_js_1.tagSpec)('route-table', projectName)],
|
|
211
|
+
}));
|
|
212
|
+
const rtId = rtResult.RouteTable?.RouteTableId;
|
|
221
213
|
// Add route: 0.0.0.0/0 -> IGW
|
|
222
|
-
(
|
|
214
|
+
await ec2.send(new aws_helpers_js_1.CreateRouteCommand({
|
|
215
|
+
RouteTableId: rtId,
|
|
216
|
+
DestinationCidrBlock: '0.0.0.0/0',
|
|
217
|
+
GatewayId: igwId,
|
|
218
|
+
}));
|
|
223
219
|
// Associate route table with public subnet
|
|
224
|
-
const publicSubnetId = findSubnet(projectName, region, 'public');
|
|
220
|
+
const publicSubnetId = await (0, aws_helpers_js_1.findSubnet)(projectName, region, 'public');
|
|
225
221
|
if (publicSubnetId) {
|
|
226
|
-
(
|
|
222
|
+
await ec2.send(new aws_helpers_js_1.AssociateRouteTableCommand({
|
|
223
|
+
RouteTableId: rtId,
|
|
224
|
+
SubnetId: publicSubnetId,
|
|
225
|
+
}));
|
|
227
226
|
console.log(' Associated route table with public subnet');
|
|
228
227
|
}
|
|
229
228
|
return true;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"vpc.js","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/vpc.ts"],"names":[],"mappings":";AAAA
|
|
1
|
+
{"version":3,"file":"vpc.js","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/vpc.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;AAGH,4DAoBiC;AAEpB,QAAA,QAAQ,GAAU;IAC7B;QACE,EAAE,EAAE,iBAAiB;QACrB,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,yCAAyC;QACtD,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACtD,IAAI,CAAC,IAAA,gCAAe,EAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,OAAO,CAAC,CAAC,MAAM,IAAA,wBAAO,EAAC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC;QAC/C,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACrD,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAE3C,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;gBAEjC,aAAa;gBACb,MAAM,SAAS,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,iCAAgB,CAAC;oBACpD,SAAS,EAAE,aAAa;oBACxB,iBAAiB,EAAE,CAAC,IAAA,wBAAO,EAAC,KAAK,EAAE,WAAW,CAAC,CAAC;iBACjD,CAAC,CAAC,CAAC;gBACJ,MAAM,KAAK,GAAG,SAAS,CAAC,GAAG,EAAE,KAAK,CAAC;gBACnC,OAAO,CAAC,GAAG,CAAC,kBAAkB,GAAG,KAAK,CAAC,CAAC;gBAExC,uBAAuB;gBACvB,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,0CAAyB,CAAC;oBAC3C,KAAK,EAAE,KAAK;oBACZ,kBAAkB,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE;iBACpC,CAAC,CAAC,CAAC;gBAEJ,qBAAqB;gBACrB,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,0CAAyB,CAAC;oBAC3C,KAAK,EAAE,KAAK;oBACZ,gBAAgB,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE;iBAClC,CAAC,CAAC,CAAC;gBAEJ,OAAO,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC;gBACpD,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,2BAA2B,GAAG,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBACxF,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,SAAS,EAAE,yDAAyD;KACrE;IACD;QACE,EAAE,EAAE,2BAA2B;QAC/B,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,wCAAwC;QACrD,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACtD,IAAI,CAAC,IAAA,gCAAe,EAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,IAAI,CAAC,CAAC,MAAM,IAAA,wBAAO,EAAC,WAAW,EAAE,MAAM,CAAC,CAAC;gBAAE,OAAO,KAAK,CAAC;YACxD,OAAO,CAAC,CAAC,MAAM,IAAA,2BAAU,EAAC,WAAW,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;QAC5D,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACrD,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,KAAK,GAAG,MAAM,IAAA,wBAAO,EAAC,WAAW,EAAE,MAAM,CAAC,CAAC;YACjD,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;gBAC5C,OAAO,KAAK,CAAC;YACf,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;gBAEjC,eAAe;gBACf,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,iDAAgC,CAAC,EAAE,CAAC,CAAC,CAAC;gBAC1E,MAAM,EAAE,GAAG,QAAQ,CAAC,iBAAiB,EAAE,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC;gBACrD,IAAI,CAAC,EAAE,EAAE,CAAC;oBACR,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;oBAC9C,OAAO,KAAK,CAAC;gBACf,CAAC;gBAED,uBAAuB;gBACvB,MAAM,YAAY,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,oCAAmB,CAAC;oBAC1D,KAAK,EAAE,KAAK;oBACZ,SAAS,EAAE,aAAa;oBACxB,gBAAgB,EAAE,EAAE;oBACpB,iBAAiB,EAAE,CAAC,IAAA,wBAAO,EAAC,QAAQ,EAAE,WAAW,EAAE,EAAE,qBAAqB,EAAE,QAAQ,EAAE,CAAC,CAAC;iBACzF,CAAC,CAAC,CAAC;gBACJ,MAAM,QAAQ,GAAG,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC;gBAE/C,+BAA+B;gBAC/B,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,6CAA4B,CAAC;oBAC9C,QAAQ,EAAE,QAAQ;oBAClB,mBAAmB,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE;iBACrC,CAAC,CAAC,CAAC;gBAEJ,OAAO,CAAC,GAAG,CAAC,4BAA4B,GAAG,QAAQ,GAAG,MAAM,GAAG,EAAE,CAAC,CAAC;gBACnE,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,qCAAqC,GAAG,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAClG,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,SAAS,EAAE,wDAAwD;KACpE;IACD;QACE,EAAE,EAAE,4BAA4B;QAChC,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,0CAA0C;QACvD,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACtD,IAAI,CAAC,IAAA,gCAAe,EAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,IAAI,CAAC,CAAC,MAAM,IAAA,wBAAO,EAAC,WAAW,EAAE,MAAM,CAAC,CAAC;gBAAE,OAAO,KAAK,CAAC;YACxD,MAAM,cAAc,GAAG,MAAM,IAAA,mCAAkB,EAAC,WAAW,EAAE,MAAM,CAAC,CAAC;YACrE,OAAO,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC;QACnC,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACrD,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,KAAK,GAAG,MAAM,IAAA,wBAAO,EAAC,WAAW,EAAE,MAAM,CAAC,CAAC;YACjD,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;gBAC5C,OAAO,KAAK,CAAC;YACf,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;gBAEjC,oBAAoB;gBACpB,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,iDAAgC,CAAC,EAAE,CAAC,CAAC,CAAC;gBAC1E,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAC,iBAAiB,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,QAAS,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBACvF,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACnB,OAAO,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC;oBACrD,OAAO,KAAK,CAAC;gBACf,CAAC;gBAED,0BAA0B;gBAC1B,MAAM,UAAU,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,oCAAmB,CAAC;oBACxD,KAAK,EAAE,KAAK;oBACZ,SAAS,EAAE,aAAa;oBACxB,gBAAgB,EAAE,GAAG,CAAC,CAAC,CAAC;oBACxB,iBAAiB,EAAE,CAAC,IAAA,wBAAO,EAAC,QAAQ,EAAE,WAAW,EAAE,EAAE,qBAAqB,EAAE,SAAS,EAAE,CAAC,CAAC;iBAC1F,CAAC,CAAC,CAAC;gBACJ,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,EAAE,QAAQ,CAAC;gBAC3C,OAAO,CAAC,GAAG,CAAC,+BAA+B,GAAG,MAAM,GAAG,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;gBAExE,0BAA0B;gBAC1B,MAAM,UAAU,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,oCAAmB,CAAC;oBACxD,KAAK,EAAE,KAAK;oBACZ,SAAS,EAAE,aAAa;oBACxB,gBAAgB,EAAE,GAAG,CAAC,CAAC,CAAC;oBACxB,iBAAiB,EAAE,CAAC,IAAA,wBAAO,EAAC,QAAQ,EAAE,WAAW,EAAE,EAAE,qBAAqB,EAAE,SAAS,EAAE,CAAC,CAAC;iBAC1F,CAAC,CAAC,CAAC;gBACJ,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,EAAE,QAAQ,CAAC;gBAC3C,OAAO,CAAC,GAAG,CAAC,+BAA+B,GAAG,MAAM,GAAG,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;gBAExE,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,uCAAuC,GAAG,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBACpG,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,SAAS,EAAE,gEAAgE;KAC5E;IACD;QACE,EAAE,EAAE,iBAAiB;QACrB,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,yCAAyC;QACtD,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACtD,IAAI,CAAC,IAAA,gCAAe,EAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,KAAK,GAAG,MAAM,IAAA,wBAAO,EAAC,WAAW,EAAE,MAAM,CAAC,CAAC;YACjD,IAAI,CAAC,KAAK;gBAAE,OAAO,KAAK,CAAC;YACzB,OAAO,CAAC,CAAC,MAAM,IAAA,wBAAO,EAAC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC;QACzC,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACrD,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,KAAK,GAAG,MAAM,IAAA,wBAAO,EAAC,WAAW,EAAE,MAAM,CAAC,CAAC;YACjD,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;gBAC5C,OAAO,KAAK,CAAC;YACf,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;gBAEjC,aAAa;gBACb,MAAM,SAAS,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,6CAA4B,CAAC;oBAChE,iBAAiB,EAAE,CAAC,IAAA,wBAAO,EAAC,kBAAkB,EAAE,WAAW,CAAC,CAAC;iBAC9D,CAAC,CAAC,CAAC;gBACJ,MAAM,KAAK,GAAG,SAAS,CAAC,eAAe,EAAE,iBAAiB,CAAC;gBAC3D,OAAO,CAAC,GAAG,CAAC,+BAA+B,GAAG,KAAK,CAAC,CAAC;gBAErD,gBAAgB;gBAChB,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,6CAA4B,CAAC;oBAC9C,iBAAiB,EAAE,KAAK;oBACxB,KAAK,EAAE,KAAK;iBACb,CAAC,CAAC,CAAC;gBACJ,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;gBAElC,qBAAqB;gBACrB,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,wCAAuB,CAAC;oBAC1D,KAAK,EAAE,KAAK;oBACZ,iBAAiB,EAAE,CAAC,IAAA,wBAAO,EAAC,aAAa,EAAE,WAAW,CAAC,CAAC;iBACzD,CAAC,CAAC,CAAC;gBACJ,MAAM,IAAI,GAAG,QAAQ,CAAC,UAAU,EAAE,YAAY,CAAC;gBAE/C,8BAA8B;gBAC9B,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,mCAAkB,CAAC;oBACpC,YAAY,EAAE,IAAI;oBAClB,oBAAoB,EAAE,WAAW;oBACjC,SAAS,EAAE,KAAK;iBACjB,CAAC,CAAC,CAAC;gBAEJ,2CAA2C;gBAC3C,MAAM,cAAc,GAAG,MAAM,IAAA,2BAAU,EAAC,WAAW,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;gBACvE,IAAI,cAAc,EAAE,CAAC;oBACnB,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,2CAA0B,CAAC;wBAC5C,YAAY,EAAE,IAAI;wBAClB,QAAQ,EAAE,cAAc;qBACzB,CAAC,CAAC,CAAC;oBACJ,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;gBAC9D,CAAC;gBAED,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,2BAA2B,GAAG,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBACxF,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,SAAS,EAAE,4EAA4E;KACxF;CACF,CAAC"}
|