@fishawack/lab-env 5.7.0-beta.1 → 5.7.0-beta.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +58 -0
- package/_Test/provision.js +4 -9
- package/_Test/prune.js +8 -5
- package/bitbucket-pipelines.yml +2 -2
- package/cli.js +1 -0
- package/commands/create/cmds/dekey.js +13 -9
- package/commands/create/cmds/deprovision.js +36 -0
- package/commands/create/cmds/key.js +60 -41
- package/commands/create/cmds/provision.js +573 -69
- package/commands/create/cmds/rekey.js +218 -0
- package/commands/create/cmds/sync-secrets.js +2 -1
- package/commands/create/libs/output-credentials.js +59 -0
- package/commands/create/libs/parallel-runner.js +204 -0
- package/commands/create/libs/resolve-operator.js +59 -0
- package/commands/create/libs/utilities.js +73 -8
- package/commands/create/libs/vars.js +120 -136
- package/commands/create/services/aws/acm.js +61 -0
- package/commands/create/services/aws/cloudfront.js +51 -45
- package/commands/create/services/aws/ec2.js +675 -48
- package/commands/create/services/aws/elasticache.js +159 -0
- package/commands/create/services/aws/elasticbeanstalk.js +154 -57
- package/commands/create/services/aws/iam.js +402 -82
- package/commands/create/services/aws/index.js +1398 -260
- package/commands/create/services/aws/opensearch.js +155 -0
- package/commands/create/services/aws/rds.js +57 -31
- package/commands/create/services/aws/s3.js +52 -31
- package/commands/create/services/aws/secretsmanager.js +21 -12
- package/commands/create/services/aws/ses.js +195 -0
- package/commands/create/templates/elasticbeanstalk/.ebextensions/laravel/cron.config +45 -0
- package/commands/create/templates/elasticbeanstalk/.ebextensions/laravel/queue-worker.config +29 -0
- package/commands/create/templates/elasticbeanstalk/.ebextensions/laravel/software.config +12 -0
- package/commands/create/templates/elasticbeanstalk/.ebextensions/misc/setvars.config +2 -16
- package/commands/create/templates/elasticbeanstalk/.platform/confighooks/postdeploy/rewrite-flush.sh +1 -1
- package/commands/create/templates/elasticbeanstalk/.platform/confighooks/postdeploy/setvars.sh +19 -0
- package/commands/create/templates/elasticbeanstalk/.platform/hooks/postdeploy/restart_queue.sh +4 -0
- package/commands/create/templates/elasticbeanstalk/.platform/hooks/prebuild/setvars.sh +19 -0
- package/package.json +7 -2
|
@@ -0,0 +1,155 @@
|
|
|
1
|
+
const {
|
|
2
|
+
OpenSearchClient,
|
|
3
|
+
CreateDomainCommand,
|
|
4
|
+
DeleteDomainCommand,
|
|
5
|
+
DescribeDomainCommand,
|
|
6
|
+
} = require("@aws-sdk/client-opensearch");
|
|
7
|
+
const { Spinner, poll } = require("../../libs/utilities");
|
|
8
|
+
const { awsClientConfig } = require("../../libs/vars");
|
|
9
|
+
|
|
10
|
+
const getClient = () => new OpenSearchClient(awsClientConfig);
|
|
11
|
+
|
|
12
|
+
module.exports.createOpenSearchDomain = async (
|
|
13
|
+
name,
|
|
14
|
+
securityGroupId,
|
|
15
|
+
privateSubnetIds,
|
|
16
|
+
instanceProfileRole,
|
|
17
|
+
tags = [],
|
|
18
|
+
) => {
|
|
19
|
+
const accountId = instanceProfileRole.split(":")[4] || "*";
|
|
20
|
+
const region = process.env.AWS_REGION;
|
|
21
|
+
|
|
22
|
+
const res = await Spinner.prototype.simple(
|
|
23
|
+
`Creating OpenSearch domain ${name}`,
|
|
24
|
+
() => {
|
|
25
|
+
return getClient().send(
|
|
26
|
+
new CreateDomainCommand({
|
|
27
|
+
DomainName: name,
|
|
28
|
+
EngineVersion: "OpenSearch_2.19",
|
|
29
|
+
ClusterConfig: {
|
|
30
|
+
InstanceType: "t3.small.search",
|
|
31
|
+
InstanceCount: 2,
|
|
32
|
+
ZoneAwarenessEnabled: true,
|
|
33
|
+
ZoneAwarenessConfig: {
|
|
34
|
+
AvailabilityZoneCount: 2,
|
|
35
|
+
},
|
|
36
|
+
},
|
|
37
|
+
EBSOptions: {
|
|
38
|
+
EBSEnabled: true,
|
|
39
|
+
VolumeType: "gp3",
|
|
40
|
+
VolumeSize: 20,
|
|
41
|
+
},
|
|
42
|
+
VPCOptions: {
|
|
43
|
+
SubnetIds: privateSubnetIds,
|
|
44
|
+
SecurityGroupIds: [securityGroupId],
|
|
45
|
+
},
|
|
46
|
+
EncryptionAtRestOptions: {
|
|
47
|
+
Enabled: true,
|
|
48
|
+
},
|
|
49
|
+
NodeToNodeEncryptionOptions: {
|
|
50
|
+
Enabled: true,
|
|
51
|
+
},
|
|
52
|
+
DomainEndpointOptions: {
|
|
53
|
+
EnforceHTTPS: true,
|
|
54
|
+
TLSSecurityPolicy: "Policy-Min-TLS-1-2-2019-07",
|
|
55
|
+
},
|
|
56
|
+
AdvancedSecurityOptions: {
|
|
57
|
+
Enabled: false,
|
|
58
|
+
InternalUserDatabaseEnabled: false,
|
|
59
|
+
},
|
|
60
|
+
AccessPolicies: JSON.stringify({
|
|
61
|
+
Version: "2012-10-17",
|
|
62
|
+
Statement: [
|
|
63
|
+
{
|
|
64
|
+
Effect: "Allow",
|
|
65
|
+
Principal: {
|
|
66
|
+
AWS: instanceProfileRole,
|
|
67
|
+
},
|
|
68
|
+
Action: "es:ESHttp*",
|
|
69
|
+
Resource: `arn:aws:es:${region}:${accountId}:domain/${name}/*`,
|
|
70
|
+
},
|
|
71
|
+
],
|
|
72
|
+
}),
|
|
73
|
+
TagList: [
|
|
74
|
+
{ Key: "client", Value: process.env.AWS_PROFILE },
|
|
75
|
+
].concat(
|
|
76
|
+
tags.map((t) => ({
|
|
77
|
+
Key: t.Key,
|
|
78
|
+
Value: String(t.Value),
|
|
79
|
+
})),
|
|
80
|
+
),
|
|
81
|
+
}),
|
|
82
|
+
);
|
|
83
|
+
},
|
|
84
|
+
);
|
|
85
|
+
|
|
86
|
+
return res;
|
|
87
|
+
};
|
|
88
|
+
|
|
89
|
+
module.exports.waitForOpenSearchDomain = async (name) => {
|
|
90
|
+
const res = await Spinner.prototype.simple(
|
|
91
|
+
`Waiting for OpenSearch domain to become available (this may take 15-20 minutes)`,
|
|
92
|
+
(spinner) => {
|
|
93
|
+
return poll(
|
|
94
|
+
async () => {
|
|
95
|
+
const { DomainStatus } = await getClient().send(
|
|
96
|
+
new DescribeDomainCommand({ DomainName: name }),
|
|
97
|
+
);
|
|
98
|
+
return DomainStatus;
|
|
99
|
+
},
|
|
100
|
+
(status) =>
|
|
101
|
+
status.Processing ||
|
|
102
|
+
(!status.Endpoint && !status.Endpoints),
|
|
103
|
+
undefined,
|
|
104
|
+
spinner,
|
|
105
|
+
);
|
|
106
|
+
},
|
|
107
|
+
);
|
|
108
|
+
|
|
109
|
+
return res;
|
|
110
|
+
};
|
|
111
|
+
|
|
112
|
+
module.exports.describeOpenSearchDomain = async (name) => {
|
|
113
|
+
const res = await Spinner.prototype.simple(
|
|
114
|
+
`Describing OpenSearch domain ${name}`,
|
|
115
|
+
() => {
|
|
116
|
+
return getClient().send(
|
|
117
|
+
new DescribeDomainCommand({ DomainName: name }),
|
|
118
|
+
);
|
|
119
|
+
},
|
|
120
|
+
);
|
|
121
|
+
|
|
122
|
+
return res.DomainStatus;
|
|
123
|
+
};
|
|
124
|
+
|
|
125
|
+
module.exports.deleteOpenSearchDomain = async (name) => {
|
|
126
|
+
await Spinner.prototype.simple(`Deleting OpenSearch domain ${name}`, () => {
|
|
127
|
+
return getClient().send(new DeleteDomainCommand({ DomainName: name }));
|
|
128
|
+
});
|
|
129
|
+
};
|
|
130
|
+
|
|
131
|
+
module.exports.waitForOpenSearchDeletion = async (name) => {
|
|
132
|
+
await Spinner.prototype.simple(
|
|
133
|
+
`Waiting for OpenSearch domain to be deleted`,
|
|
134
|
+
(spinner) => {
|
|
135
|
+
return poll(
|
|
136
|
+
async () => {
|
|
137
|
+
try {
|
|
138
|
+
const { DomainStatus } = await getClient().send(
|
|
139
|
+
new DescribeDomainCommand({ DomainName: name }),
|
|
140
|
+
);
|
|
141
|
+
return DomainStatus;
|
|
142
|
+
} catch (e) {
|
|
143
|
+
if (e.name === "ResourceNotFoundException") {
|
|
144
|
+
return { deleted: true };
|
|
145
|
+
}
|
|
146
|
+
throw e;
|
|
147
|
+
}
|
|
148
|
+
},
|
|
149
|
+
(status) => !status.deleted,
|
|
150
|
+
undefined,
|
|
151
|
+
spinner,
|
|
152
|
+
);
|
|
153
|
+
},
|
|
154
|
+
);
|
|
155
|
+
};
|
|
@@ -1,9 +1,11 @@
|
|
|
1
1
|
const {
|
|
2
2
|
RDSClient,
|
|
3
3
|
CreateDBInstanceCommand,
|
|
4
|
+
CreateDBSubnetGroupCommand,
|
|
4
5
|
DeleteDBInstanceCommand,
|
|
5
6
|
DescribeDBInstancesCommand,
|
|
6
7
|
DescribeDBSnapshotsCommand,
|
|
8
|
+
DescribeDBSubnetGroupsCommand,
|
|
7
9
|
RestoreDBInstanceFromDBSnapshotCommand,
|
|
8
10
|
ModifyDBInstanceCommand,
|
|
9
11
|
DescribeDBParameterGroupsCommand,
|
|
@@ -11,19 +13,52 @@ const {
|
|
|
11
13
|
ModifyDBParameterGroupCommand,
|
|
12
14
|
} = require("@aws-sdk/client-rds");
|
|
13
15
|
const { Spinner, poll } = require("../../libs/utilities");
|
|
16
|
+
const { awsClientConfig } = require("../../libs/vars");
|
|
17
|
+
|
|
18
|
+
const getClient = () => new RDSClient(awsClientConfig);
|
|
19
|
+
|
|
20
|
+
module.exports.ensureDBSubnetGroup = async (privateSubnetIds) => {
|
|
21
|
+
const name = "fw-auto-private-db-subnet-group";
|
|
22
|
+
|
|
23
|
+
try {
|
|
24
|
+
await getClient().send(
|
|
25
|
+
new DescribeDBSubnetGroupsCommand({
|
|
26
|
+
DBSubnetGroupName: name,
|
|
27
|
+
}),
|
|
28
|
+
);
|
|
29
|
+
|
|
30
|
+
return name;
|
|
31
|
+
} catch (e) {
|
|
32
|
+
if (e.name !== "DBSubnetGroupNotFoundFault") {
|
|
33
|
+
throw e;
|
|
34
|
+
}
|
|
35
|
+
}
|
|
36
|
+
|
|
37
|
+
await Spinner.prototype.simple(`Creating DB subnet group ${name}`, () => {
|
|
38
|
+
return getClient().send(
|
|
39
|
+
new CreateDBSubnetGroupCommand({
|
|
40
|
+
DBSubnetGroupName: name,
|
|
41
|
+
DBSubnetGroupDescription:
|
|
42
|
+
"Private subnets for lab-env RDS instances",
|
|
43
|
+
SubnetIds: privateSubnetIds,
|
|
44
|
+
}),
|
|
45
|
+
);
|
|
46
|
+
});
|
|
47
|
+
|
|
48
|
+
return name;
|
|
49
|
+
};
|
|
14
50
|
|
|
15
51
|
module.exports.createRDSInstance = async (
|
|
16
52
|
name,
|
|
17
53
|
tags = [],
|
|
18
54
|
password,
|
|
19
55
|
securityGroupId,
|
|
56
|
+
subnetGroupName,
|
|
20
57
|
) => {
|
|
21
|
-
const client = new RDSClient({});
|
|
22
|
-
|
|
23
58
|
let res = await Spinner.prototype.simple(
|
|
24
59
|
`Creating RDS instance ${name}`,
|
|
25
60
|
() => {
|
|
26
|
-
return
|
|
61
|
+
return getClient().send(
|
|
27
62
|
new CreateDBInstanceCommand({
|
|
28
63
|
DBInstanceIdentifier: name,
|
|
29
64
|
DBInstanceClass: "db.t3.small",
|
|
@@ -37,6 +72,7 @@ module.exports.createRDSInstance = async (
|
|
|
37
72
|
BackupRetentionPeriod: 7,
|
|
38
73
|
DBName: "ebdb",
|
|
39
74
|
DBParameterGroupName: "lab-env-mysql80-ssl-required",
|
|
75
|
+
DBSubnetGroupName: subnetGroupName,
|
|
40
76
|
VpcSecurityGroupIds: [securityGroupId],
|
|
41
77
|
Tags: [
|
|
42
78
|
{ Key: "client", Value: process.env.AWS_PROFILE },
|
|
@@ -50,21 +86,21 @@ module.exports.createRDSInstance = async (
|
|
|
50
86
|
};
|
|
51
87
|
|
|
52
88
|
module.exports.waitForRDSInstance = async (name) => {
|
|
53
|
-
const client = new RDSClient({});
|
|
54
|
-
|
|
55
89
|
const res = await Spinner.prototype.simple(
|
|
56
90
|
`Waiting for RDS instance to become available`,
|
|
57
|
-
() => {
|
|
91
|
+
(spinner) => {
|
|
58
92
|
return poll(
|
|
59
93
|
async () =>
|
|
60
94
|
(
|
|
61
|
-
await
|
|
95
|
+
await getClient().send(
|
|
62
96
|
new DescribeDBInstancesCommand({
|
|
63
97
|
DBInstanceIdentifier: name,
|
|
64
98
|
}),
|
|
65
99
|
)
|
|
66
100
|
).DBInstances[0],
|
|
67
101
|
({ DBInstanceStatus }) => DBInstanceStatus !== "available",
|
|
102
|
+
undefined,
|
|
103
|
+
spinner,
|
|
68
104
|
);
|
|
69
105
|
},
|
|
70
106
|
);
|
|
@@ -73,12 +109,10 @@ module.exports.waitForRDSInstance = async (name) => {
|
|
|
73
109
|
};
|
|
74
110
|
|
|
75
111
|
module.exports.describeRDSInstance = async (name) => {
|
|
76
|
-
const client = new RDSClient({});
|
|
77
|
-
|
|
78
112
|
let res = await Spinner.prototype.simple(
|
|
79
113
|
`Describing RDS instance ${name}`,
|
|
80
114
|
() => {
|
|
81
|
-
return
|
|
115
|
+
return getClient().send(
|
|
82
116
|
new DescribeDBInstancesCommand({
|
|
83
117
|
DBInstanceIdentifier: name,
|
|
84
118
|
}),
|
|
@@ -90,10 +124,8 @@ module.exports.describeRDSInstance = async (name) => {
|
|
|
90
124
|
};
|
|
91
125
|
|
|
92
126
|
module.exports.deleteRDSInstance = async (name) => {
|
|
93
|
-
const client = new RDSClient({});
|
|
94
|
-
|
|
95
127
|
await Spinner.prototype.simple(`Deleting RDS instance ${name}`, () => {
|
|
96
|
-
return
|
|
128
|
+
return getClient().send(
|
|
97
129
|
new DeleteDBInstanceCommand({
|
|
98
130
|
DBInstanceIdentifier: name,
|
|
99
131
|
SkipFinalSnapshot: true,
|
|
@@ -103,15 +135,13 @@ module.exports.deleteRDSInstance = async (name) => {
|
|
|
103
135
|
};
|
|
104
136
|
|
|
105
137
|
module.exports.waitForRDSDeletion = async (name) => {
|
|
106
|
-
const client = new RDSClient({});
|
|
107
|
-
|
|
108
138
|
await Spinner.prototype.simple(
|
|
109
139
|
`Waiting for RDS instance to be deleted`,
|
|
110
|
-
() => {
|
|
140
|
+
(spinner) => {
|
|
111
141
|
return poll(
|
|
112
142
|
async () => {
|
|
113
143
|
try {
|
|
114
|
-
const res = await
|
|
144
|
+
const res = await getClient().send(
|
|
115
145
|
new DescribeDBInstancesCommand({
|
|
116
146
|
DBInstanceIdentifier: name,
|
|
117
147
|
}),
|
|
@@ -125,18 +155,18 @@ module.exports.waitForRDSDeletion = async (name) => {
|
|
|
125
155
|
}
|
|
126
156
|
},
|
|
127
157
|
({ DBInstanceStatus }) => DBInstanceStatus !== "deleted",
|
|
158
|
+
undefined,
|
|
159
|
+
spinner,
|
|
128
160
|
);
|
|
129
161
|
},
|
|
130
162
|
);
|
|
131
163
|
};
|
|
132
164
|
|
|
133
165
|
module.exports.listManualSnapshots = async () => {
|
|
134
|
-
const client = new RDSClient({});
|
|
135
|
-
|
|
136
166
|
const res = await Spinner.prototype.simple(
|
|
137
167
|
`Fetching manual RDS snapshots`,
|
|
138
168
|
() => {
|
|
139
|
-
return
|
|
169
|
+
return getClient().send(
|
|
140
170
|
new DescribeDBSnapshotsCommand({
|
|
141
171
|
SnapshotType: "manual",
|
|
142
172
|
}),
|
|
@@ -157,19 +187,19 @@ module.exports.restoreRDSInstanceFromSnapshot = async (
|
|
|
157
187
|
snapshotId,
|
|
158
188
|
securityGroupId,
|
|
159
189
|
tags = [],
|
|
190
|
+
subnetGroupName,
|
|
160
191
|
) => {
|
|
161
|
-
const client = new RDSClient({});
|
|
162
|
-
|
|
163
192
|
let res = await Spinner.prototype.simple(
|
|
164
193
|
`Restoring RDS instance ${name} from snapshot ${snapshotId}`,
|
|
165
194
|
() => {
|
|
166
|
-
return
|
|
195
|
+
return getClient().send(
|
|
167
196
|
new RestoreDBInstanceFromDBSnapshotCommand({
|
|
168
197
|
DBInstanceIdentifier: name,
|
|
169
198
|
DBSnapshotIdentifier: snapshotId,
|
|
170
199
|
DBInstanceClass: "db.t3.small",
|
|
171
200
|
PubliclyAccessible: false,
|
|
172
201
|
DBParameterGroupName: "lab-env-mysql80-ssl-required",
|
|
202
|
+
DBSubnetGroupName: subnetGroupName,
|
|
173
203
|
VpcSecurityGroupIds: [securityGroupId],
|
|
174
204
|
Tags: [
|
|
175
205
|
{ Key: "client", Value: process.env.AWS_PROFILE },
|
|
@@ -183,12 +213,10 @@ module.exports.restoreRDSInstanceFromSnapshot = async (
|
|
|
183
213
|
};
|
|
184
214
|
|
|
185
215
|
module.exports.modifyRDSPassword = async (name, password) => {
|
|
186
|
-
const client = new RDSClient({});
|
|
187
|
-
|
|
188
216
|
await Spinner.prototype.simple(
|
|
189
217
|
`Updating master password for RDS instance ${name}`,
|
|
190
218
|
() => {
|
|
191
|
-
return
|
|
219
|
+
return getClient().send(
|
|
192
220
|
new ModifyDBInstanceCommand({
|
|
193
221
|
DBInstanceIdentifier: name,
|
|
194
222
|
MasterUserPassword: password,
|
|
@@ -202,10 +230,8 @@ module.exports.modifyRDSPassword = async (name, password) => {
|
|
|
202
230
|
const SSL_PARAMETER_GROUP = "lab-env-mysql80-ssl-required";
|
|
203
231
|
|
|
204
232
|
module.exports.ensureSSLParameterGroup = async () => {
|
|
205
|
-
const client = new RDSClient({});
|
|
206
|
-
|
|
207
233
|
try {
|
|
208
|
-
await
|
|
234
|
+
await getClient().send(
|
|
209
235
|
new DescribeDBParameterGroupsCommand({
|
|
210
236
|
DBParameterGroupName: SSL_PARAMETER_GROUP,
|
|
211
237
|
}),
|
|
@@ -214,7 +240,7 @@ module.exports.ensureSSLParameterGroup = async () => {
|
|
|
214
240
|
await Spinner.prototype.simple(
|
|
215
241
|
`Creating parameter group ${SSL_PARAMETER_GROUP}`,
|
|
216
242
|
() => {
|
|
217
|
-
return
|
|
243
|
+
return getClient().send(
|
|
218
244
|
new CreateDBParameterGroupCommand({
|
|
219
245
|
DBParameterGroupName: SSL_PARAMETER_GROUP,
|
|
220
246
|
DBParameterGroupFamily: "mysql8.0",
|
|
@@ -228,7 +254,7 @@ module.exports.ensureSSLParameterGroup = async () => {
|
|
|
228
254
|
await Spinner.prototype.simple(
|
|
229
255
|
`Enabling require_secure_transport on ${SSL_PARAMETER_GROUP}`,
|
|
230
256
|
() => {
|
|
231
|
-
return
|
|
257
|
+
return getClient().send(
|
|
232
258
|
new ModifyDBParameterGroupCommand({
|
|
233
259
|
DBParameterGroupName: SSL_PARAMETER_GROUP,
|
|
234
260
|
Parameters: [
|
|
@@ -12,6 +12,9 @@ const {
|
|
|
12
12
|
DeleteObjectsCommand,
|
|
13
13
|
} = require("@aws-sdk/client-s3");
|
|
14
14
|
const { Spinner } = require("../../libs/utilities");
|
|
15
|
+
const { awsClientConfig } = require("../../libs/vars");
|
|
16
|
+
|
|
17
|
+
const getClient = () => new S3Client(awsClientConfig);
|
|
15
18
|
|
|
16
19
|
module.exports.createS3Bucket = async (
|
|
17
20
|
bucket,
|
|
@@ -19,36 +22,39 @@ module.exports.createS3Bucket = async (
|
|
|
19
22
|
blockAccess = true,
|
|
20
23
|
ObjectOwnership = "BucketOwnerEnforced",
|
|
21
24
|
) => {
|
|
22
|
-
const client = new S3Client({});
|
|
23
|
-
|
|
24
25
|
let res = await Spinner.prototype.simple(
|
|
25
26
|
`Creating s3 bucket ${bucket}`,
|
|
26
27
|
() => {
|
|
27
|
-
return
|
|
28
|
+
return getClient().send(
|
|
28
29
|
new CreateBucketCommand({ Bucket: bucket, ObjectOwnership }),
|
|
29
30
|
);
|
|
30
31
|
},
|
|
31
32
|
);
|
|
32
33
|
|
|
34
|
+
const publicAccessConfig =
|
|
35
|
+
typeof blockAccess === "object"
|
|
36
|
+
? blockAccess
|
|
37
|
+
: {
|
|
38
|
+
BlockPublicAcls: blockAccess,
|
|
39
|
+
BlockPublicPolicy: blockAccess,
|
|
40
|
+
IgnorePublicAcls: blockAccess,
|
|
41
|
+
RestrictPublicBuckets: blockAccess,
|
|
42
|
+
};
|
|
43
|
+
|
|
33
44
|
await Spinner.prototype.simple(
|
|
34
|
-
|
|
45
|
+
`Configuring public access settings for s3 bucket`,
|
|
35
46
|
() => {
|
|
36
|
-
return
|
|
47
|
+
return getClient().send(
|
|
37
48
|
new PutPublicAccessBlockCommand({
|
|
38
49
|
Bucket: bucket,
|
|
39
|
-
PublicAccessBlockConfiguration:
|
|
40
|
-
BlockPublicAcls: blockAccess,
|
|
41
|
-
BlockPublicPolicy: blockAccess,
|
|
42
|
-
IgnorePublicAcls: blockAccess,
|
|
43
|
-
RestrictPublicBuckets: blockAccess,
|
|
44
|
-
},
|
|
50
|
+
PublicAccessBlockConfiguration: publicAccessConfig,
|
|
45
51
|
}),
|
|
46
52
|
);
|
|
47
53
|
},
|
|
48
54
|
);
|
|
49
55
|
|
|
50
56
|
await Spinner.prototype.simple(`Adding tags to s3 bucket`, () => {
|
|
51
|
-
return
|
|
57
|
+
return getClient().send(
|
|
52
58
|
new PutBucketTaggingCommand({
|
|
53
59
|
Bucket: bucket,
|
|
54
60
|
Tagging: {
|
|
@@ -64,30 +70,24 @@ module.exports.createS3Bucket = async (
|
|
|
64
70
|
};
|
|
65
71
|
|
|
66
72
|
module.exports.listS3Buckets = async () => {
|
|
67
|
-
const client = new S3Client({});
|
|
68
|
-
|
|
69
73
|
let res = await Spinner.prototype.simple(`Listing s3 buckets`, () => {
|
|
70
|
-
return
|
|
74
|
+
return getClient().send(new ListBucketsCommand({}));
|
|
71
75
|
});
|
|
72
76
|
|
|
73
77
|
return res;
|
|
74
78
|
};
|
|
75
79
|
|
|
76
80
|
module.exports.removeS3Bucket = async (bucket) => {
|
|
77
|
-
const client = new S3Client({});
|
|
78
|
-
|
|
79
81
|
await Spinner.prototype.simple(`Removing s3 bucket ${bucket}`, () => {
|
|
80
|
-
return
|
|
82
|
+
return getClient().send(new DeleteBucketCommand({ Bucket: bucket }));
|
|
81
83
|
});
|
|
82
84
|
};
|
|
83
85
|
|
|
84
86
|
module.exports.setS3BucketPolicy = async (bucket, OAI) => {
|
|
85
|
-
const client = new S3Client({});
|
|
86
|
-
|
|
87
87
|
let res = await Spinner.prototype.simple(
|
|
88
88
|
`Updating s3 bucket policy`,
|
|
89
89
|
() => {
|
|
90
|
-
return
|
|
90
|
+
return getClient().send(
|
|
91
91
|
new PutBucketPolicyCommand({
|
|
92
92
|
Bucket: bucket,
|
|
93
93
|
Policy: JSON.stringify({
|
|
@@ -116,11 +116,36 @@ module.exports.setS3BucketPolicy = async (bucket, OAI) => {
|
|
|
116
116
|
return res;
|
|
117
117
|
};
|
|
118
118
|
|
|
119
|
-
module.exports.
|
|
120
|
-
|
|
119
|
+
module.exports.setPublicReadPolicy = async (bucket, prefix) => {
|
|
120
|
+
let res = await Spinner.prototype.simple(
|
|
121
|
+
`Setting public read policy for ${prefix}`,
|
|
122
|
+
() => {
|
|
123
|
+
return getClient().send(
|
|
124
|
+
new PutBucketPolicyCommand({
|
|
125
|
+
Bucket: bucket,
|
|
126
|
+
Policy: JSON.stringify({
|
|
127
|
+
Version: "2012-10-17",
|
|
128
|
+
Statement: [
|
|
129
|
+
{
|
|
130
|
+
Sid: "PublicReadPrefix",
|
|
131
|
+
Effect: "Allow",
|
|
132
|
+
Principal: "*",
|
|
133
|
+
Action: "s3:GetObject",
|
|
134
|
+
Resource: `arn:aws:s3:::${bucket}/${prefix}`,
|
|
135
|
+
},
|
|
136
|
+
],
|
|
137
|
+
}),
|
|
138
|
+
}),
|
|
139
|
+
);
|
|
140
|
+
},
|
|
141
|
+
);
|
|
142
|
+
|
|
143
|
+
return res;
|
|
144
|
+
};
|
|
121
145
|
|
|
146
|
+
module.exports.addFileToS3Bucket = async (bucket, filepath, file) => {
|
|
122
147
|
let res = await Spinner.prototype.simple(`Adding file to s3 bucket`, () => {
|
|
123
|
-
return
|
|
148
|
+
return getClient().send(
|
|
124
149
|
new PutObjectCommand({
|
|
125
150
|
Bucket: bucket,
|
|
126
151
|
Body: file,
|
|
@@ -133,12 +158,10 @@ module.exports.addFileToS3Bucket = async (bucket, filepath, file) => {
|
|
|
133
158
|
};
|
|
134
159
|
|
|
135
160
|
module.exports.removeFileToS3Bucket = async (bucket, filepath) => {
|
|
136
|
-
const client = new S3Client({});
|
|
137
|
-
|
|
138
161
|
let res = await Spinner.prototype.simple(
|
|
139
162
|
`Removing file from s3 bucket`,
|
|
140
163
|
() => {
|
|
141
|
-
return
|
|
164
|
+
return getClient().send(
|
|
142
165
|
new DeleteObjectCommand({
|
|
143
166
|
Bucket: bucket,
|
|
144
167
|
Key: filepath,
|
|
@@ -151,8 +174,6 @@ module.exports.removeFileToS3Bucket = async (bucket, filepath) => {
|
|
|
151
174
|
};
|
|
152
175
|
|
|
153
176
|
module.exports.emptyS3Bucket = async (bucket) => {
|
|
154
|
-
const client = new S3Client({});
|
|
155
|
-
|
|
156
177
|
await Spinner.prototype.simple(`Emptying s3 bucket`, () => {
|
|
157
178
|
// eslint-disable-next-line no-async-promise-executor
|
|
158
179
|
return new Promise(async (resolve, reject) => {
|
|
@@ -160,7 +181,7 @@ module.exports.emptyS3Bucket = async (bucket) => {
|
|
|
160
181
|
let ContinuationToken = null;
|
|
161
182
|
|
|
162
183
|
do {
|
|
163
|
-
let list = await
|
|
184
|
+
let list = await getClient().send(
|
|
164
185
|
new ListObjectsV2Command({
|
|
165
186
|
Bucket: bucket,
|
|
166
187
|
ContinuationToken,
|
|
@@ -168,7 +189,7 @@ module.exports.emptyS3Bucket = async (bucket) => {
|
|
|
168
189
|
);
|
|
169
190
|
|
|
170
191
|
if (list.KeyCount) {
|
|
171
|
-
let deleted = await
|
|
192
|
+
let deleted = await getClient().send(
|
|
172
193
|
new DeleteObjectsCommand({
|
|
173
194
|
Bucket: bucket,
|
|
174
195
|
Delete: {
|
|
@@ -3,15 +3,17 @@ const {
|
|
|
3
3
|
CreateSecretCommand,
|
|
4
4
|
DescribeSecretCommand,
|
|
5
5
|
GetSecretValueCommand,
|
|
6
|
+
PutSecretValueCommand,
|
|
6
7
|
DeleteSecretCommand,
|
|
7
8
|
} = require("@aws-sdk/client-secrets-manager");
|
|
8
9
|
const { Spinner } = require("../../libs/utilities");
|
|
10
|
+
const { awsClientConfig } = require("../../libs/vars");
|
|
9
11
|
|
|
10
|
-
|
|
11
|
-
const client = new SecretsManagerClient({});
|
|
12
|
+
const getClient = () => new SecretsManagerClient(awsClientConfig);
|
|
12
13
|
|
|
14
|
+
module.exports.createSecret = async (name, secretObject, tags = []) => {
|
|
13
15
|
let res = await Spinner.prototype.simple(`Creating secret ${name}`, () => {
|
|
14
|
-
return
|
|
16
|
+
return getClient().send(
|
|
15
17
|
new CreateSecretCommand({
|
|
16
18
|
Name: name,
|
|
17
19
|
SecretString: JSON.stringify(secretObject),
|
|
@@ -24,12 +26,10 @@ module.exports.createSecret = async (name, secretObject, tags = []) => {
|
|
|
24
26
|
};
|
|
25
27
|
|
|
26
28
|
module.exports.describeSecret = async (name) => {
|
|
27
|
-
const client = new SecretsManagerClient({});
|
|
28
|
-
|
|
29
29
|
let res = await Spinner.prototype.simple(
|
|
30
30
|
`Checking for existing secret ${name}`,
|
|
31
31
|
() => {
|
|
32
|
-
return
|
|
32
|
+
return getClient().send(
|
|
33
33
|
new DescribeSecretCommand({
|
|
34
34
|
SecretId: name,
|
|
35
35
|
}),
|
|
@@ -41,12 +41,10 @@ module.exports.describeSecret = async (name) => {
|
|
|
41
41
|
};
|
|
42
42
|
|
|
43
43
|
module.exports.getSecretValue = async (name) => {
|
|
44
|
-
const client = new SecretsManagerClient({});
|
|
45
|
-
|
|
46
44
|
let res = await Spinner.prototype.simple(
|
|
47
45
|
`Retrieving secret ${name}`,
|
|
48
46
|
() => {
|
|
49
|
-
return
|
|
47
|
+
return getClient().send(
|
|
50
48
|
new GetSecretValueCommand({
|
|
51
49
|
SecretId: name,
|
|
52
50
|
}),
|
|
@@ -57,11 +55,22 @@ module.exports.getSecretValue = async (name) => {
|
|
|
57
55
|
return JSON.parse(res.SecretString);
|
|
58
56
|
};
|
|
59
57
|
|
|
60
|
-
module.exports.
|
|
61
|
-
|
|
58
|
+
module.exports.updateSecretValue = async (name, secretObject) => {
|
|
59
|
+
let res = await Spinner.prototype.simple(`Updating secret ${name}`, () => {
|
|
60
|
+
return getClient().send(
|
|
61
|
+
new PutSecretValueCommand({
|
|
62
|
+
SecretId: name,
|
|
63
|
+
SecretString: JSON.stringify(secretObject),
|
|
64
|
+
}),
|
|
65
|
+
);
|
|
66
|
+
});
|
|
62
67
|
|
|
68
|
+
return res;
|
|
69
|
+
};
|
|
70
|
+
|
|
71
|
+
module.exports.deleteSecret = async (name) => {
|
|
63
72
|
let res = await Spinner.prototype.simple(`Deleting secret ${name}`, () => {
|
|
64
|
-
return
|
|
73
|
+
return getClient().send(
|
|
65
74
|
new DeleteSecretCommand({
|
|
66
75
|
SecretId: name,
|
|
67
76
|
ForceDeleteWithoutRecovery: true,
|