@fy-stack/database-construct 0.0.125 → 0.0.127

package/README.md

@@ -1,7 +1,19 @@
-# database-construct
+# Database Construct Documentation
 
-This library was generated with [Nx](https://nx.dev).
+## `DatabaseConstruct`
 
-## Building
+Represents a database construct that provisions an RDS database instance along with associated secrets. This class implements both `Attachable` and `Grantable` interfaces.
 
-Run `nx build database-construct` to build the library.
+- **Properties**
+    - `dbSecrets: ISecret`
+        - Stores the secrets related to the database instance.
+    - `db: DatabaseInstance`
+        - The provisioned RDS database instance.
+    - `dbName: string`
+        - The name assigned to the database instance.
+
+- **Constructor**
+    - `constructor(scope: Construct, id: string, props: DatabaseConstructProps)`
+        - Initializes the database construct with a unique identifier and configuration options defined by `DatabaseConstructProps`.
+
+[//]: # (    - For further details, see the project’s documentation [here](https://github.com/festusyuma/fy-stack/blob/main/packages/types/README.md).)

package/dist/index.d.ts

@@ -1,2 +1,4 @@
 export { DatabaseConstruct } from './lib/database-construct';
+export { DatabaseUserConstruct } from './lib/database-user-construct';
+export type { DatabaseConstructProps } from './lib/types';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,qBAAqB,EAAE,MAAM,+BAA+B,CAAC;AACtE,YAAY,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC"}

package/dist/index.js

@@ -1,5 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.DatabaseConstruct = void 0;
+exports.DatabaseUserConstruct = exports.DatabaseConstruct = void 0;
 var database_construct_1 = require("./lib/database-construct");
 Object.defineProperty(exports, "DatabaseConstruct", { enumerable: true, get: function () { return database_construct_1.DatabaseConstruct; } });
+var database_user_construct_1 = require("./lib/database-user-construct");
+Object.defineProperty(exports, "DatabaseUserConstruct", { enumerable: true, get: function () { return database_user_construct_1.DatabaseUserConstruct; } });

package/dist/lib/database-construct.d.ts

@@ -1,19 +1,24 @@
-import { Attachable, Grantable } from '@fy-stack/types';
+import type { Attachable, Grantable } from '@fy-stack/types';
 import { IGrantable } from 'aws-cdk-lib/aws-iam';
 import * as rds from 'aws-cdk-lib/aws-rds';
 import * as secretsManager from 'aws-cdk-lib/aws-secretsmanager';
 import { Construct } from 'constructs';
+import { DatabaseUserConstruct } from './database-user-construct';
+import { DatabaseConstructProps } from './types';
+/**
+ * Represents a database construct that provisions an RDS database instance along with associated secrets.
+ * It implements both {@link Attachable `Attachable`} and {@link Grantable `Grantable`} interfaces.
+ */
 export declare class DatabaseConstruct extends Construct implements Attachable, Grantable {
-    dbSecrets: secretsManager.ISecret;
-    db: rds.IDatabaseCluster;
-    dbName: string;
-    constructor(scope: Construct, id: string);
+    secrets: secretsManager.ISecret;
+    db: rds.DatabaseInstance;
+    constructor(scope: Construct, id: string, props: DatabaseConstructProps);
     grantable(grant: IGrantable): void;
     attachable(): {
         arn: string;
-        name: string;
         secretsArn: string;
         secretsName: string;
     };
+    createDatabase(username: string, dbName: string): DatabaseUserConstruct;
 }
 //# sourceMappingURL=database-construct.d.ts.map

package/dist/lib/database-construct.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"database-construct.d.ts","sourceRoot":"","sources":["../../src/lib/database-construct.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAExD,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACjD,OAAO,KAAK,GAAG,MAAM,qBAAqB,CAAC;AAC3C,OAAO,KAAK,cAAc,MAAM,gCAAgC,CAAC;AACjE,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAEvC,qBAAa,iBACX,SAAQ,SACR,YAAW,UAAU,EAAE,SAAS;IAEzB,SAAS,EAAE,cAAc,CAAC,OAAO,CAAC;IAClC,EAAE,EAAE,GAAG,CAAC,gBAAgB,CAAC;IACzB,MAAM,EAAE,MAAM,CAAC;gBAEV,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM;IAsBxC,SAAS,CAAC,KAAK,EAAE,UAAU;IAkB3B,UAAU;;;;;;CAQX"}
+{"version":3,"file":"database-construct.d.ts","sourceRoot":"","sources":["../../src/lib/database-construct.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAG7D,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACjD,OAAO,KAAK,GAAG,MAAM,qBAAqB,CAAC;AAE3C,OAAO,KAAK,cAAc,MAAM,gCAAgC,CAAC;AACjE,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAEvC,OAAO,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAClE,OAAO,EAAE,sBAAsB,EAAE,MAAM,SAAS,CAAC;AAEjD;;;GAGG;AACH,qBAAa,iBACX,SAAQ,SACR,YAAW,UAAU,EAAE,SAAS;IAEzB,OAAO,EAAE,cAAc,CAAC,OAAO,CAAC;IAChC,EAAE,EAAE,GAAG,CAAC,gBAAgB,CAAC;gBAEpB,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,sBAAsB;IAgCvE,SAAS,CAAC,KAAK,EAAE,UAAU;IAY3B,UAAU;;;;;IAQV,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;CAQhD"}

package/dist/lib/database-construct.js

@@ -2,44 +2,60 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.DatabaseConstruct = void 0;
 const tslib_1 = require("tslib");
+const ec2 = tslib_1.__importStar(require("aws-cdk-lib/aws-ec2"));
 const iam = tslib_1.__importStar(require("aws-cdk-lib/aws-iam"));
 const rds = tslib_1.__importStar(require("aws-cdk-lib/aws-rds"));
+const aws_rds_1 = require("aws-cdk-lib/aws-rds");
 const constructs_1 = require("constructs");
+const database_user_construct_1 = require("./database-user-construct");
+/**
+ * Represents a database construct that provisions an RDS database instance along with associated secrets.
+ * It implements both {@link Attachable `Attachable`} and {@link Grantable `Grantable`} interfaces.
+ */
 class DatabaseConstruct extends constructs_1.Construct {
-    dbSecrets;
+    secrets;
     db;
-    dbName;
-    constructor(scope, id) {
+    constructor(scope, id, props) {
         super(scope, id);
-        const db = rds.DatabaseCluster.fromDatabaseClusterAttributes(this, 'DatabaseCluster', { clusterIdentifier: 'dev-db-instance' });
-        this.dbName = `${this.node.id}-db`;
-        const dbSecret = new rds.DatabaseSecret(this, 'DatabaseSecret', {
-            username: this.node.id,
-            dbname: this.dbName,
+        const vpc = ec2.Vpc.fromLookup(this, 'VPC', props?.vpcId ? { vpcId: props.vpcId } : { isDefault: true });
+        this.db = new rds.DatabaseInstance(this, 'DB', {
+            vpc,
+            engine: props?.engine ?? aws_rds_1.DatabaseInstanceEngine.POSTGRES,
+            instanceType: ec2.InstanceType.of(props?.instance?.class ?? ec2.InstanceClass.T4G, props?.instance?.size ?? ec2.InstanceSize.MICRO),
+            publiclyAccessible: props?.public,
+            vpcSubnets: {
+                subnetType: props?.public
+                    ? ec2.SubnetType.PUBLIC
+                    : ec2.SubnetType.PRIVATE_ISOLATED,
+            },
         });
-        dbSecret.attach(db);
-        this.db = db;
-        this.dbSecrets = dbSecret;
+        this.db.addRotationSingleUser();
+        if (!this.db.secret)
+            throw new Error('Could not create database credentials secret');
+        this.secrets = this.db.secret;
     }
     grantable(grant) {
-        grant.grantPrincipal.addToPrincipalPolicy(new iam.PolicyStatement({
-            effect: iam.Effect.ALLOW,
-            actions: ['rds-data:*'],
-            resources: [this.db.clusterArn],
-        }));
+        this.db.grantConnect(grant);
         grant.grantPrincipal.addToPrincipalPolicy(new iam.PolicyStatement({
             effect: iam.Effect.ALLOW,
             actions: ['secretsmanager:GetSecretValue'],
-            resources: [this.dbSecrets.secretArn],
+            resources: [this.secrets.secretArn],
         }));
     }
     attachable() {
         return {
-            arn: this.db.clusterArn,
-            name: this.dbName,
-            secretsArn: this.dbSecrets.secretArn,
-            secretsName: this.dbSecrets.secretName,
+            arn: this.db.instanceArn,
+            secretsArn: this.secrets.secretArn,
+            secretsName: this.secrets.secretName,
         };
     }
+    createDatabase(username, dbName) {
+        return new database_user_construct_1.DatabaseUserConstruct(this, username + 'DatabaseUserStack', {
+            username,
+            dbName,
+            db: this.db,
+            masterSecret: this.secrets,
+        });
+    }
 }
 exports.DatabaseConstruct = DatabaseConstruct;

package/dist/lib/database-user-construct.d.ts

@@ -0,0 +1,18 @@
+import { Attachable } from '@fy-stack/types';
+import { DatabaseInstance } from 'aws-cdk-lib/aws-rds';
+import { ISecret } from 'aws-cdk-lib/aws-secretsmanager';
+import { Construct } from 'constructs';
+type Props = {
+    db: DatabaseInstance;
+    masterSecret: ISecret;
+    username: string;
+    dbName: string;
+};
+export declare class DatabaseUserConstruct extends Construct implements Attachable {
+    secrets: ISecret;
+    dbName: string;
+    constructor(scope: Construct, id: string, props: Props);
+    attachable(): Record<string, string>;
+}
+export {};
+//# sourceMappingURL=database-user-construct.d.ts.map

package/dist/lib/database-user-construct.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"database-user-construct.d.ts","sourceRoot":"","sources":["../../src/lib/database-user-construct.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,gBAAgB,EAAkB,MAAM,qBAAqB,CAAC;AACvE,OAAO,EAAE,OAAO,EAAE,MAAM,gCAAgC,CAAC;AACzD,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAEvC,KAAK,KAAK,GAAG;IACX,EAAE,EAAE,gBAAgB,CAAC;IACrB,YAAY,EAAE,OAAO,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,qBAAa,qBAAsB,SAAQ,SAAU,YAAW,UAAU;IACjE,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;gBAEV,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK;IActD,UAAU,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;CAOrC"}

package/dist/lib/database-user-construct.js

@@ -0,0 +1,27 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DatabaseUserConstruct = void 0;
+const aws_rds_1 = require("aws-cdk-lib/aws-rds");
+const constructs_1 = require("constructs");
+class DatabaseUserConstruct extends constructs_1.Construct {
+    secrets;
+    dbName;
+    constructor(scope, id, props) {
+        super(scope, id);
+        this.dbName = props.dbName;
+        this.secrets = new aws_rds_1.DatabaseSecret(this, 'Secret', {
+            username: props.username,
+            masterSecret: props.masterSecret,
+        });
+        this.secrets.attach(props.db);
+        // todo create rds user with create db permissions
+    }
+    attachable() {
+        return {
+            dbName: this.dbName,
+            secretArn: this.secrets.secretArn,
+            secretName: this.secrets.secretName,
+        };
+    }
+}
+exports.DatabaseUserConstruct = DatabaseUserConstruct;

package/dist/lib/types.d.ts

@@ -0,0 +1,23 @@
+import type { InstanceClass, InstanceSize } from 'aws-cdk-lib/aws-ec2';
+import type { DatabaseInstanceProps, IInstanceEngine } from 'aws-cdk-lib/aws-rds';
+/**
+ * Properties required for setting up a database construct.
+ */
+export type DatabaseConstructProps = {
+    /** Optionally pass in existing VPC id */
+    vpcId?: string;
+    /**
+     *  Define specific RDS instance {@link IInstanceEngine engine}
+     */
+    engine?: IInstanceEngine;
+    /** Define specific RDS instance {@link InstanceClass class} and {@link InstanceSize size} to use. */
+    instance?: {
+        class: InstanceClass;
+        size: InstanceSize;
+    };
+    /** Make database public */
+    public?: boolean;
+    /** Other RDS properties {@link DatabaseInstanceProps} */
+    additionalData?: Omit<DatabaseInstanceProps, 'instanceType' | 'databaseName' | 'publiclyAccessible' | 'engine'>;
+};
+//# sourceMappingURL=types.d.ts.map

package/dist/lib/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/lib/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACvE,OAAO,KAAK,EACV,qBAAqB,EACrB,eAAe,EAChB,MAAM,qBAAqB,CAAC;AAE7B;;GAEG;AACH,MAAM,MAAM,sBAAsB,GAAG;IACnC,yCAAyC;IACzC,KAAK,CAAC,EAAE,MAAM,CAAA;IACd;;OAEG;IACH,MAAM,CAAC,EAAE,eAAe,CAAC;IACzB,qGAAqG;IACrG,QAAQ,CAAC,EAAE;QAAE,KAAK,EAAE,aAAa,CAAC;QAAC,IAAI,EAAE,YAAY,CAAA;KAAE,CAAC;IACxD,2BAA2B;IAC3B,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,yDAAyD;IACzD,cAAc,CAAC,EAAE,IAAI,CACnB,qBAAqB,EACrB,cAAc,GAAG,cAAc,GAAG,oBAAoB,GAAG,QAAQ,CAClE,CAAC;CACH,CAAC"}

package/dist/lib/types.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/package.json

@@ -1,12 +1,12 @@
 {
   "name": "@fy-stack/database-construct",
-  "version": "0.0.125",
+  "version": "0.0.127",
   "dependencies": {
     "tslib": "^2.3.0",
-    "@fy-stack/types": "0.0.125"
+    "@fy-stack/types": "0.0.127"
   },
   "peerDependencies": {
-    "aws-cdk-lib": "2.164.1",
+    "aws-cdk-lib": "2.166.0",
     "constructs": "10.4.2"
   },
   "type": "commonjs",