@gradientedge/cdk-utils 9.46.0 → 9.47.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/src/lib/azure/services/app-service/main.js +3 -3
- package/dist/src/lib/cloudflare/common/construct.d.ts +4 -1
- package/dist/src/lib/cloudflare/common/construct.js +8 -1
- package/dist/src/lib/cloudflare/construct/worker-site/main.d.ts +9 -0
- package/dist/src/lib/cloudflare/construct/worker-site/main.js +31 -2
- package/package.json +3 -3
- package/src/lib/azure/services/app-service/main.ts +3 -3
- package/src/lib/cloudflare/common/construct.ts +9 -1
- package/src/lib/cloudflare/construct/worker-site/main.ts +39 -1
|
@@ -74,14 +74,14 @@ class AzureAppServiceManager {
|
|
|
74
74
|
...props,
|
|
75
75
|
name: scope.resourceNameFormatter.format(props.name, scope.props.resourceNameOptions?.linuxWebApp),
|
|
76
76
|
resourceGroupName: resourceGroup.name,
|
|
77
|
-
httpsOnly: props.httpsOnly
|
|
77
|
+
httpsOnly: props.httpsOnly ?? true,
|
|
78
78
|
identity: props.identity || {
|
|
79
79
|
type: 'SystemAssigned',
|
|
80
80
|
},
|
|
81
81
|
siteConfig: {
|
|
82
82
|
...props.siteConfig,
|
|
83
|
-
alwaysOn: props.siteConfig.alwaysOn
|
|
84
|
-
applicationStack: props.siteConfig.applicationStack
|
|
83
|
+
alwaysOn: props.siteConfig.alwaysOn ?? true,
|
|
84
|
+
applicationStack: props.siteConfig.applicationStack ?? { nodeVersion: '22-lts' },
|
|
85
85
|
},
|
|
86
86
|
tags: props.tags ?? {
|
|
87
87
|
environment: scope.props.stage,
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import { AwsProvider } from '@cdktf/provider-aws/lib/provider';
|
|
2
|
-
import {
|
|
2
|
+
import { AzurermProvider } from '@cdktf/provider-azurerm/lib/provider';
|
|
3
|
+
import { AzurermBackend, S3Backend, TerraformStack } from 'cdktf';
|
|
3
4
|
import { Construct } from 'constructs';
|
|
4
5
|
import { CloudflareAccessManager, CloudflareApiShieldManager, CloudflareArgoManager, CloudflareFilterManager, CloudflareFirewallManager, CloudflarePageManager, CloudflareRecordManager, CloudflareRuleSetManager, CloudflareWorkerManager, CloudflareZoneManager } from '../services';
|
|
5
6
|
import { CommonCloudflareStackProps } from './types';
|
|
@@ -19,6 +20,8 @@ export declare class CommonCloudflareConstruct extends TerraformStack {
|
|
|
19
20
|
zoneManager: CloudflareZoneManager;
|
|
20
21
|
awsProvider: AwsProvider;
|
|
21
22
|
s3Backend: S3Backend;
|
|
23
|
+
azurermProvider: AzurermProvider;
|
|
24
|
+
azurermBackend: AzurermBackend;
|
|
22
25
|
constructor(scope: Construct, id: string, props: CommonCloudflareStackProps);
|
|
23
26
|
/**
|
|
24
27
|
* @summary Determine the fully qualified domain name based on domainName & subDomain
|
|
@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.CommonCloudflareConstruct = void 0;
|
|
4
4
|
const provider_1 = require("@cdktf/provider-aws/lib/provider");
|
|
5
5
|
const provider_2 = require("@cdktf/provider-cloudflare/lib/provider");
|
|
6
|
+
const provider_3 = require("@cdktf/provider-azurerm/lib/provider");
|
|
6
7
|
const cdktf_1 = require("cdktf");
|
|
7
8
|
const common_1 = require("../../common");
|
|
8
9
|
const services_1 = require("../services");
|
|
@@ -22,6 +23,8 @@ class CommonCloudflareConstruct extends cdktf_1.TerraformStack {
|
|
|
22
23
|
zoneManager;
|
|
23
24
|
awsProvider;
|
|
24
25
|
s3Backend;
|
|
26
|
+
azurermProvider;
|
|
27
|
+
azurermBackend;
|
|
25
28
|
constructor(scope, id, props) {
|
|
26
29
|
super(scope, id);
|
|
27
30
|
this.props = props;
|
|
@@ -79,7 +82,11 @@ class CommonCloudflareConstruct extends cdktf_1.TerraformStack {
|
|
|
79
82
|
});
|
|
80
83
|
break;
|
|
81
84
|
case constants_1.RemoteBackend.azurerm:
|
|
82
|
-
new
|
|
85
|
+
this.azurermProvider = new provider_3.AzurermProvider(this, `${this.id}-azurerm-provider`, {
|
|
86
|
+
features: [{}],
|
|
87
|
+
subscriptionId: this.props.remoteBackend.subscriptionId,
|
|
88
|
+
});
|
|
89
|
+
this.azurermBackend = new cdktf_1.AzurermBackend(this, {
|
|
83
90
|
storageAccountName: this.props.remoteBackend.storageAccountName,
|
|
84
91
|
containerName: this.props.remoteBackend.containerName,
|
|
85
92
|
key: `${this.id}`,
|
|
@@ -53,6 +53,15 @@ export declare class CloudflareWorkerSite extends CommonCloudflareConstruct {
|
|
|
53
53
|
* @returns the secret value
|
|
54
54
|
*/
|
|
55
55
|
protected resolveSecretFromAWS(secretName: string, secretKey: string): any;
|
|
56
|
+
/**
|
|
57
|
+
* @summary Resolve secrets from Azure Key Vault
|
|
58
|
+
*
|
|
59
|
+
* @param resourceGroupName the resource group name where the key vault is located
|
|
60
|
+
* @param keyVaultName the key vault name
|
|
61
|
+
* @param secretKey the secret key
|
|
62
|
+
* @returns the secret value
|
|
63
|
+
*/
|
|
64
|
+
protected resolveSecretFromAzure(resourceGroupName: string, keyVaultName: string, secretKey: string): string;
|
|
56
65
|
/**
|
|
57
66
|
* @summary Create the rules
|
|
58
67
|
*/
|
|
@@ -3,6 +3,8 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.CloudflareWorkerSite = void 0;
|
|
4
4
|
const data_aws_secretsmanager_secret_1 = require("@cdktf/provider-aws/lib/data-aws-secretsmanager-secret");
|
|
5
5
|
const data_aws_secretsmanager_secret_version_1 = require("@cdktf/provider-aws/lib/data-aws-secretsmanager-secret-version");
|
|
6
|
+
const data_azurerm_key_vault_1 = require("@cdktf/provider-azurerm/lib/data-azurerm-key-vault");
|
|
7
|
+
const data_azurerm_key_vault_secret_1 = require("@cdktf/provider-azurerm/lib/data-azurerm-key-vault-secret");
|
|
6
8
|
const cdktf_1 = require("cdktf");
|
|
7
9
|
const common_1 = require("../../common");
|
|
8
10
|
/**
|
|
@@ -93,8 +95,9 @@ class CloudflareWorkerSite extends common_1.CommonCloudflareConstruct {
|
|
|
93
95
|
* @returns the secret value
|
|
94
96
|
*/
|
|
95
97
|
resolveSecretFromAWS(secretName, secretKey) {
|
|
96
|
-
if (!this.awsProvider)
|
|
97
|
-
|
|
98
|
+
if (!this.awsProvider) {
|
|
99
|
+
throw new Error(`Unable to resolve secret:${secretKey}. AWS provider not found`);
|
|
100
|
+
}
|
|
98
101
|
const secret = new data_aws_secretsmanager_secret_1.DataAwsSecretsmanagerSecret(this, `${this.id}-${secretName}-${secretKey}`, { name: secretName });
|
|
99
102
|
const secretVersion = new data_aws_secretsmanager_secret_version_1.DataAwsSecretsmanagerSecretVersion(this, `${this.id}-${secretName}-${secretKey}-ver`, {
|
|
100
103
|
provider: this.awsProvider,
|
|
@@ -104,6 +107,32 @@ class CloudflareWorkerSite extends common_1.CommonCloudflareConstruct {
|
|
|
104
107
|
throw new Error(`Unable to resolve secret:${secretName}`);
|
|
105
108
|
return cdktf_1.Fn.lookup(cdktf_1.Fn.jsondecode(secretVersion.secretString), secretKey);
|
|
106
109
|
}
|
|
110
|
+
/**
|
|
111
|
+
* @summary Resolve secrets from Azure Key Vault
|
|
112
|
+
*
|
|
113
|
+
* @param resourceGroupName the resource group name where the key vault is located
|
|
114
|
+
* @param keyVaultName the key vault name
|
|
115
|
+
* @param secretKey the secret key
|
|
116
|
+
* @returns the secret value
|
|
117
|
+
*/
|
|
118
|
+
resolveSecretFromAzure(resourceGroupName, keyVaultName, secretKey) {
|
|
119
|
+
if (!this.azurermProvider) {
|
|
120
|
+
throw new Error(`Unable to resolve secret:${secretKey}. Azurerm provider not found`);
|
|
121
|
+
}
|
|
122
|
+
const keyVaultData = new data_azurerm_key_vault_1.DataAzurermKeyVault(this, `${this.id}-${resourceGroupName}-${keyVaultName}-${secretKey}-vault`, {
|
|
123
|
+
resourceGroupName: resourceGroupName,
|
|
124
|
+
name: keyVaultName,
|
|
125
|
+
provider: this.azurermProvider,
|
|
126
|
+
});
|
|
127
|
+
const secretValueData = new data_azurerm_key_vault_secret_1.DataAzurermKeyVaultSecret(this, `${this.id}-${resourceGroupName}-${keyVaultName}-${secretKey}-secret`, {
|
|
128
|
+
name: secretKey,
|
|
129
|
+
keyVaultId: keyVaultData.id,
|
|
130
|
+
provider: this.azurermProvider,
|
|
131
|
+
});
|
|
132
|
+
if (!secretValueData)
|
|
133
|
+
throw new Error(`Unable to resolve secret:${secretKey}`);
|
|
134
|
+
return secretValueData.value;
|
|
135
|
+
}
|
|
107
136
|
/**
|
|
108
137
|
* @summary Create the rules
|
|
109
138
|
*/
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@gradientedge/cdk-utils",
|
|
3
|
-
"version": "9.
|
|
3
|
+
"version": "9.47.1",
|
|
4
4
|
"description": "Utilities for AWS CDK provisioning",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"engines": {
|
|
@@ -54,13 +54,13 @@
|
|
|
54
54
|
"@aws-sdk/credential-providers": "^3.738.0",
|
|
55
55
|
"@aws-sdk/types": "^3.734.0",
|
|
56
56
|
"@cdktf/provider-aws": "^19.50.0",
|
|
57
|
-
"@cdktf/provider-azurerm": "
|
|
57
|
+
"@cdktf/provider-azurerm": "13.22.0",
|
|
58
58
|
"@cdktf/provider-cloudflare": "^11.29.0",
|
|
59
59
|
"@types/lodash": "^4.17.15",
|
|
60
60
|
"@types/node": "^22.13.0",
|
|
61
61
|
"@types/uuid": "^10.0.0",
|
|
62
62
|
"app-root-path": "^3.1.0",
|
|
63
|
-
"aws-cdk-lib": "
|
|
63
|
+
"aws-cdk-lib": "2.178.1",
|
|
64
64
|
"cdktf": "^0.20.11",
|
|
65
65
|
"cdktf-local-exec": "^0.5.54",
|
|
66
66
|
"constructs": "^10.4.2",
|
|
@@ -79,15 +79,15 @@ export class AzureAppServiceManager {
|
|
|
79
79
|
...props,
|
|
80
80
|
name: scope.resourceNameFormatter.format(props.name, scope.props.resourceNameOptions?.linuxWebApp),
|
|
81
81
|
resourceGroupName: resourceGroup.name,
|
|
82
|
-
httpsOnly: props.httpsOnly
|
|
82
|
+
httpsOnly: props.httpsOnly ?? true,
|
|
83
83
|
|
|
84
84
|
identity: props.identity || {
|
|
85
85
|
type: 'SystemAssigned',
|
|
86
86
|
},
|
|
87
87
|
siteConfig: {
|
|
88
88
|
...props.siteConfig,
|
|
89
|
-
alwaysOn: props.siteConfig.alwaysOn
|
|
90
|
-
applicationStack: props.siteConfig.applicationStack
|
|
89
|
+
alwaysOn: props.siteConfig.alwaysOn ?? true,
|
|
90
|
+
applicationStack: props.siteConfig.applicationStack ?? { nodeVersion: '22-lts' },
|
|
91
91
|
},
|
|
92
92
|
tags: props.tags ?? {
|
|
93
93
|
environment: scope.props.stage,
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import { AwsProvider } from '@cdktf/provider-aws/lib/provider'
|
|
2
2
|
import { CloudflareProvider } from '@cdktf/provider-cloudflare/lib/provider'
|
|
3
|
+
import { AzurermProvider } from '@cdktf/provider-azurerm/lib/provider'
|
|
3
4
|
import { AzurermBackend, S3Backend, TerraformStack, TerraformVariable } from 'cdktf'
|
|
4
5
|
import { Construct } from 'constructs'
|
|
5
6
|
import { isDevStage, isPrdStage, isTestStage, isUatStage } from '../../common'
|
|
@@ -34,6 +35,8 @@ export class CommonCloudflareConstruct extends TerraformStack {
|
|
|
34
35
|
zoneManager: CloudflareZoneManager
|
|
35
36
|
awsProvider: AwsProvider
|
|
36
37
|
s3Backend: S3Backend
|
|
38
|
+
azurermProvider: AzurermProvider
|
|
39
|
+
azurermBackend: AzurermBackend
|
|
37
40
|
|
|
38
41
|
constructor(scope: Construct, id: string, props: CommonCloudflareStackProps) {
|
|
39
42
|
super(scope, id)
|
|
@@ -83,6 +86,7 @@ export class CommonCloudflareConstruct extends TerraformStack {
|
|
|
83
86
|
|
|
84
87
|
protected determineRemoteBackend() {
|
|
85
88
|
const debug = this.node.tryGetContext('debug')
|
|
89
|
+
|
|
86
90
|
switch (this.props.remoteBackend?.type) {
|
|
87
91
|
case RemoteBackend.s3:
|
|
88
92
|
this.awsProvider = new AwsProvider(this, `${this.id}-aws-provider`, {
|
|
@@ -98,7 +102,11 @@ export class CommonCloudflareConstruct extends TerraformStack {
|
|
|
98
102
|
})
|
|
99
103
|
break
|
|
100
104
|
case RemoteBackend.azurerm:
|
|
101
|
-
new
|
|
105
|
+
this.azurermProvider = new AzurermProvider(this, `${this.id}-azurerm-provider`, {
|
|
106
|
+
features: [{}],
|
|
107
|
+
subscriptionId: this.props.remoteBackend.subscriptionId,
|
|
108
|
+
})
|
|
109
|
+
this.azurermBackend = new AzurermBackend(this, {
|
|
102
110
|
storageAccountName: this.props.remoteBackend.storageAccountName,
|
|
103
111
|
containerName: this.props.remoteBackend.containerName,
|
|
104
112
|
key: `${this.id}`,
|
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
import { DataAwsSecretsmanagerSecret } from '@cdktf/provider-aws/lib/data-aws-secretsmanager-secret'
|
|
2
2
|
import { DataAwsSecretsmanagerSecretVersion } from '@cdktf/provider-aws/lib/data-aws-secretsmanager-secret-version'
|
|
3
|
+
import { DataAzurermKeyVault } from '@cdktf/provider-azurerm/lib/data-azurerm-key-vault'
|
|
4
|
+
import { DataAzurermKeyVaultSecret } from '@cdktf/provider-azurerm/lib/data-azurerm-key-vault-secret'
|
|
3
5
|
import { DataCloudflareZone } from '@cdktf/provider-cloudflare/lib/data-cloudflare-zone'
|
|
4
6
|
import {
|
|
5
7
|
WorkerScript,
|
|
@@ -109,7 +111,9 @@ export class CloudflareWorkerSite extends CommonCloudflareConstruct {
|
|
|
109
111
|
* @returns the secret value
|
|
110
112
|
*/
|
|
111
113
|
protected resolveSecretFromAWS(secretName: string, secretKey: string) {
|
|
112
|
-
if (!this.awsProvider)
|
|
114
|
+
if (!this.awsProvider) {
|
|
115
|
+
throw new Error(`Unable to resolve secret:${secretKey}. AWS provider not found`)
|
|
116
|
+
}
|
|
113
117
|
const secret = new DataAwsSecretsmanagerSecret(this, `${this.id}-${secretName}-${secretKey}`, { name: secretName })
|
|
114
118
|
const secretVersion = new DataAwsSecretsmanagerSecretVersion(this, `${this.id}-${secretName}-${secretKey}-ver`, {
|
|
115
119
|
provider: this.awsProvider,
|
|
@@ -119,6 +123,40 @@ export class CloudflareWorkerSite extends CommonCloudflareConstruct {
|
|
|
119
123
|
return Fn.lookup(Fn.jsondecode(secretVersion.secretString), secretKey)
|
|
120
124
|
}
|
|
121
125
|
|
|
126
|
+
/**
|
|
127
|
+
* @summary Resolve secrets from Azure Key Vault
|
|
128
|
+
*
|
|
129
|
+
* @param resourceGroupName the resource group name where the key vault is located
|
|
130
|
+
* @param keyVaultName the key vault name
|
|
131
|
+
* @param secretKey the secret key
|
|
132
|
+
* @returns the secret value
|
|
133
|
+
*/
|
|
134
|
+
protected resolveSecretFromAzure(resourceGroupName: string, keyVaultName: string, secretKey: string) {
|
|
135
|
+
if (!this.azurermProvider) {
|
|
136
|
+
throw new Error(`Unable to resolve secret:${secretKey}. Azurerm provider not found`)
|
|
137
|
+
}
|
|
138
|
+
const keyVaultData = new DataAzurermKeyVault(
|
|
139
|
+
this,
|
|
140
|
+
`${this.id}-${resourceGroupName}-${keyVaultName}-${secretKey}-vault`,
|
|
141
|
+
{
|
|
142
|
+
resourceGroupName: resourceGroupName,
|
|
143
|
+
name: keyVaultName,
|
|
144
|
+
provider: this.azurermProvider,
|
|
145
|
+
}
|
|
146
|
+
)
|
|
147
|
+
const secretValueData = new DataAzurermKeyVaultSecret(
|
|
148
|
+
this,
|
|
149
|
+
`${this.id}-${resourceGroupName}-${keyVaultName}-${secretKey}-secret`,
|
|
150
|
+
{
|
|
151
|
+
name: secretKey,
|
|
152
|
+
keyVaultId: keyVaultData.id,
|
|
153
|
+
provider: this.azurermProvider,
|
|
154
|
+
}
|
|
155
|
+
)
|
|
156
|
+
if (!secretValueData) throw new Error(`Unable to resolve secret:${secretKey}`)
|
|
157
|
+
return secretValueData.value
|
|
158
|
+
}
|
|
159
|
+
|
|
122
160
|
/**
|
|
123
161
|
* @summary Create the rules
|
|
124
162
|
*/
|