npm - @intentius/chant-lexicon-aws - Versions diffs - 0.1.1 → 0.1.4 - Mend

@intentius/chant-lexicon-aws 0.1.1 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (34) hide show

package/dist/integrity.json +25 -19
package/dist/manifest.json +1 -1
package/dist/meta.json +705 -435
package/dist/rules/waw032.ts +52 -0
package/dist/rules/waw033.ts +86 -0
package/dist/rules/waw034.ts +63 -0
package/dist/rules/waw035.ts +71 -0
package/dist/rules/waw036.ts +88 -0
package/dist/rules/waw037.ts +81 -0
package/dist/types/index.d.ts +956 -59
package/package.json +2 -2
package/src/composites/composites.test.ts +65 -0
package/src/composites/ec2-instance-role.ts +39 -0
package/src/composites/fargate-service.ts +9 -0
package/src/composites/index.ts +6 -0
package/src/composites/lambda-function.ts +2 -1
package/src/composites/minimal-vpc.ts +71 -0
package/src/composites/solr-fargate-service.ts +42 -0
package/src/generated/index.d.ts +956 -59
package/src/generated/index.ts +31 -5
package/src/generated/lexicon-aws.json +705 -435
package/src/index.ts +2 -0
package/src/lint/post-synth/waw032.test.ts +83 -0
package/src/lint/post-synth/waw032.ts +52 -0
package/src/lint/post-synth/waw033.test.ts +68 -0
package/src/lint/post-synth/waw033.ts +86 -0
package/src/lint/post-synth/waw034.test.ts +54 -0
package/src/lint/post-synth/waw034.ts +63 -0
package/src/lint/post-synth/waw035.test.ts +74 -0
package/src/lint/post-synth/waw035.ts +71 -0
package/src/lint/post-synth/waw036.test.ts +217 -0
package/src/lint/post-synth/waw036.ts +88 -0
package/src/lint/post-synth/waw037.test.ts +155 -0
package/src/lint/post-synth/waw037.ts +81 -0

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@intentius/chant-lexicon-aws",
-  "version": "0.1.1",
+  "version": "0.1.4",
   "description": "AWS CloudFormation lexicon for chant — declarative IaC in TypeScript",
   "license": "Apache-2.0",
   "homepage": "https://intentius.io/chant",
@@ -47,7 +47,7 @@
     "js-yaml": "^4.1.0"
   },
   "devDependencies": {
-    "@intentius/chant": "0.1.1",
+    "@intentius/chant": "0.1.4",
     "typescript": "^5.9.3"
   },
   "peerDependencies": {

package/src/composites/composites.test.ts CHANGED Viewed

@@ -14,6 +14,8 @@ import { FargateAlb } from "./fargate-alb";
 import { AlbShared } from "./alb-shared";
 import { FargateService } from "./fargate-service";
 import { RdsInstance } from "./rds-instance";
+import { Ec2InstanceRole } from "./ec2-instance-role";
+import { MinimalVpc } from "./minimal-vpc";
 const baseProps = {
   name: "TestFunc",
@@ -865,3 +867,66 @@ describe("per-member defaults", () => {
     expect(funcPropsA.Timeout).toBe(funcPropsB.Timeout);
   });
 });
+describe("Ec2InstanceRole", () => {
+  test("returns role and instanceProfile members", () => {
+    const instance = Ec2InstanceRole({});
+    expect(instance.role).toBeDefined();
+    expect(instance.instanceProfile).toBeDefined();
+    expect(Object.keys(instance.members)).toEqual(["role", "instanceProfile"]);
+  });
+  test("role has EC2 trust policy", () => {
+    const instance = Ec2InstanceRole({});
+    const roleProps = (instance.role as any).props;
+    expect(roleProps.AssumeRolePolicyDocument.Statement[0].Principal.Service).toBe("ec2.amazonaws.com");
+  });
+  test("ManagedPolicyArns are passed through", () => {
+    const arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore";
+    const instance = Ec2InstanceRole({ ManagedPolicyArns: [arn] });
+    const roleProps = (instance.role as any).props;
+    expect(roleProps.ManagedPolicyArns).toContain(arn);
+  });
+  test("expandComposite produces 2 entries", () => {
+    const expanded = expandComposite("myRole", Ec2InstanceRole({}));
+    expect(expanded.size).toBe(2);
+    expect(expanded.has("myRoleRole")).toBe(true);
+    expect(expanded.has("myRoleInstanceProfile")).toBe(true);
+  });
+});
+describe("MinimalVpc", () => {
+  test("returns 8 members", () => {
+    const instance = MinimalVpc({});
+    expect(Object.keys(instance.members)).toEqual([
+      "vpc", "subnet", "igw", "igwAttachment", "routeTable", "defaultRoute", "subnetRta", "securityGroup",
+    ]);
+  });
+  test("subnet uses Select/GetAZs for AZ (not a plain string)", () => {
+    const instance = MinimalVpc({});
+    const subnetProps = (instance.subnet as any).props;
+    expect(typeof subnetProps.AvailabilityZone).not.toBe("string");
+  });
+  test("vpc cidr defaults to 10.0.0.0/24", () => {
+    const instance = MinimalVpc({});
+    const vpcProps = (instance.vpc as any).props;
+    expect(vpcProps.CidrBlock).toBe("10.0.0.0/24");
+  });
+  test("custom cidr is respected", () => {
+    const instance = MinimalVpc({ cidr: "192.168.0.0/16", subnetCidr: "192.168.1.0/24" });
+    const vpcProps = (instance.vpc as any).props;
+    const subnetProps = (instance.subnet as any).props;
+    expect(vpcProps.CidrBlock).toBe("192.168.0.0/16");
+    expect(subnetProps.CidrBlock).toBe("192.168.1.0/24");
+  });
+  test("expandComposite produces 8 entries", () => {
+    const expanded = expandComposite("net", MinimalVpc({}));
+    expect(expanded.size).toBe(8);
+  });
+});

package/src/composites/ec2-instance-role.ts ADDED Viewed

@@ -0,0 +1,39 @@
+import { Composite, mergeDefaults } from "@intentius/chant";
+import { Role, InstanceProfile } from "../generated";
+import { Ref } from "../intrinsics";
+export interface Ec2InstanceRoleProps {
+  ManagedPolicyArns?: string[];
+  Policies?: ConstructorParameters<typeof Role>[0]["Policies"];
+  defaults?: {
+    role?: Partial<ConstructorParameters<typeof Role>[0]>;
+    instanceProfile?: Partial<ConstructorParameters<typeof InstanceProfile>[0]>;
+  };
+}
+const EC2_ASSUME_ROLE = {
+  Version: "2012-10-17" as const,
+  Statement: [
+    {
+      Effect: "Allow" as const,
+      Principal: { Service: "ec2.amazonaws.com" },
+      Action: "sts:AssumeRole",
+    },
+  ],
+};
+export const Ec2InstanceRole = Composite<Ec2InstanceRoleProps>((props) => {
+  const { defaults } = props;
+  const role = new Role(mergeDefaults({
+    AssumeRolePolicyDocument: EC2_ASSUME_ROLE,
+    ManagedPolicyArns: props.ManagedPolicyArns ?? [],
+    Policies: props.Policies ?? [],
+  }, defaults?.role));
+  const instanceProfile = new InstanceProfile(mergeDefaults({
+    Roles: [Ref(role)],
+  }, defaults?.instanceProfile));
+  return { role, instanceProfile };
+}, "Ec2InstanceRole");

package/src/composites/fargate-service.ts CHANGED Viewed

@@ -12,6 +12,7 @@ import {
   TaskDefinition_KeyValuePair,
   TaskDefinition_EFSVolumeConfiguration,
   TaskDefinition_Volume,
+  TaskDefinition_Ulimit,
   TargetGroup,
   ListenerRule,
   ListenerRule_Action,
@@ -74,6 +75,9 @@ export interface FargateServiceProps {
   privateSubnetIds: string[];
   healthCheckPath?: string;
+  // Ulimits (container-level)
+  ulimits?: Array<{ name: string; softLimit: number; hardLimit: number }>;
   // IAM
   ManagedPolicyArns?: string[];
   Policies?: InstanceType<typeof Role_Policy>[];
@@ -175,6 +179,11 @@ export const FargateService = Composite<FargateServiceProps>((props) => {
     Environment: environmentVars.length > 0 ? environmentVars : undefined,
     Command: props.command,
     MountPoints: allMountPoints.length > 0 ? allMountPoints : undefined,
+    Ulimits: props.ulimits?.map(u => new TaskDefinition_Ulimit({
+      Name: u.name,
+      SoftLimit: u.softLimit,
+      HardLimit: u.hardLimit,
+    })),
   });
   // Task definition

package/src/composites/index.ts CHANGED Viewed

@@ -26,3 +26,9 @@ export { RdsInstance, RdsInstance as RdsPostgres } from "./rds-instance";
 export type { RdsInstanceProps, RdsInstanceProps as RdsPostgresProps } from "./rds-instance";
 export { EfsWithAccessPoint } from "./efs-with-access-point";
 export type { EfsWithAccessPointProps } from "./efs-with-access-point";
+export { SolrFargateService } from "./solr-fargate-service";
+export type { SolrFargateServiceProps } from "./solr-fargate-service";
+export { Ec2InstanceRole } from "./ec2-instance-role";
+export type { Ec2InstanceRoleProps } from "./ec2-instance-role";
+export { MinimalVpc } from "./minimal-vpc";
+export type { MinimalVpcProps } from "./minimal-vpc";

package/src/composites/lambda-function.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 import { Composite, withDefaults, mergeDefaults } from "@intentius/chant";
 import { Role, Function, Function_VpcConfig, Role_Policy } from "../generated";
+import { Sub } from "../intrinsics";
 const lambdaTrustPolicy = {
   Version: "2012-10-17" as const,
@@ -18,7 +19,7 @@ const VPC_ACCESS_ARN =
   "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole";
 export interface LambdaFunctionProps {
-  name: string;
+  name: string | ReturnType<typeof Sub>;
   Runtime: string;
   Handler: string;
   Code: ConstructorParameters<typeof Function>[0]["Code"];

package/src/composites/minimal-vpc.ts ADDED Viewed

@@ -0,0 +1,71 @@
+import { Composite, mergeDefaults } from "@intentius/chant";
+import {
+  Vpc,
+  Subnet,
+  InternetGateway,
+  VPCGatewayAttachment,
+  RouteTable,
+  EC2Route,
+  SubnetRouteTableAssociation,
+  SecurityGroup,
+} from "../generated";
+import { Select, GetAZs } from "../intrinsics";
+export interface MinimalVpcProps {
+  cidr?: string;
+  subnetCidr?: string;
+  defaults?: {
+    vpc?: Partial<ConstructorParameters<typeof Vpc>[0]>;
+    subnet?: Partial<ConstructorParameters<typeof Subnet>[0]>;
+    securityGroup?: Partial<ConstructorParameters<typeof SecurityGroup>[0]>;
+  };
+}
+export const MinimalVpc = Composite<MinimalVpcProps>((props) => {
+  const { defaults } = props;
+  const cidr = props.cidr ?? "10.0.0.0/24";
+  const subnetCidr = props.subnetCidr ?? "10.0.0.0/25";
+  const vpc = new Vpc(mergeDefaults({
+    CidrBlock: cidr,
+    EnableDnsHostnames: true,
+    EnableDnsSupport: true,
+  }, defaults?.vpc));
+  const subnet = new Subnet(mergeDefaults({
+    VpcId: vpc.VpcId,
+    CidrBlock: subnetCidr,
+    AvailabilityZone: Select(0, GetAZs("")),
+    MapPublicIpOnLaunch: true,
+  }, defaults?.subnet));
+  const igw = new InternetGateway({});
+  const igwAttachment = new VPCGatewayAttachment({
+    VpcId: vpc.VpcId,
+    InternetGatewayId: igw.InternetGatewayId,
+  });
+  const routeTable = new RouteTable({ VpcId: vpc.VpcId });
+  const defaultRoute = new EC2Route(
+    {
+      RouteTableId: routeTable.RouteTableId,
+      DestinationCidrBlock: "0.0.0.0/0",
+      GatewayId: igw.InternetGatewayId,
+    },
+    { DependsOn: [igwAttachment] },
+  );
+  const subnetRta = new SubnetRouteTableAssociation({
+    SubnetId: subnet.SubnetId,
+    RouteTableId: routeTable.RouteTableId,
+  });
+  const securityGroup = new SecurityGroup(mergeDefaults({
+    GroupDescription: "MinimalVpc default security group",
+    VpcId: vpc.VpcId,
+  }, defaults?.securityGroup));
+  return { vpc, subnet, igw, igwAttachment, routeTable, defaultRoute, subnetRta, securityGroup };
+}, "MinimalVpc");

package/src/composites/solr-fargate-service.ts ADDED Viewed

@@ -0,0 +1,42 @@
+import { Composite } from "@intentius/chant";
+import { FargateService, FargateServiceProps } from "./fargate-service";
+export interface SolrFargateServiceProps extends FargateServiceProps {
+  /**
+   * JVM heap size passed as SOLR_HEAP. Defaults to 45% of task memory.
+   * Examples: "1843m", "4g". Must not exceed 50% of task memory.
+   */
+  solrHeap?: string;
+  /**
+   * GC tuning string passed as GC_TUNE.
+   * Default: "-XX:+UseG1GC -XX:MaxGCPauseMillis=200"
+   */
+  gcOpts?: string;
+}
+export const SolrFargateService = Composite<SolrFargateServiceProps>((props) => {
+  const memoryMb = parseInt(props.memory ?? "4096");
+  const solrHeap = props.solrHeap ?? `${Math.floor(memoryMb * 0.45)}m`;
+  const gcOpts = props.gcOpts ?? "-XX:+UseG1GC -XX:MaxGCPauseMillis=200";
+  // Solr env defaults — user-supplied environment entries override these
+  const solrEnv: Record<string, string> = {
+    SOLR_HEAP: solrHeap,
+    GC_TUNE: gcOpts,
+    SOLR_OPTS: "-XX:-UseLargePages",
+    ...props.environment,
+  };
+  // Solr-specific ulimit default — user-supplied ulimits override
+  const solrUlimits = props.ulimits ?? [
+    { name: "nofile", softLimit: 65535, hardLimit: 65535 },
+  ];
+  return FargateService({
+    containerPort: 8983,
+    healthCheckPath: "/solr/admin/info/health",
+    ...props,
+    environment: solrEnv,
+    ulimits: solrUlimits,
+  });
+}, "SolrFargateService");