npm - @percepta/create - Versions diffs - 3.6.2 → 3.6.3 - Mend

@percepta/create 3.6.2 → 3.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (82) hide show

package/templates/webapp/terraform/modules/rds/variables.tf DELETED Viewed

@@ -1,61 +0,0 @@
-variable "name" {
-  description = "Base name for resources"
-  type        = string
-}
-variable "environment" {
-  description = "Environment name (e.g. dev, staging, prod)"
-  type        = string
-}
-variable "existing_cluster_name" {
-  description = "Name of existing RDS cluster to use (optional)"
-  type        = string
-  default     = null
-}
-variable "create_new_cluster" {
-  description = "Whether to create a new RDS cluster if existing_cluster_name is not provided"
-  type        = bool
-  default     = true
-}
-variable "vpc_id" {
-  description = "VPC ID where resources will be deployed"
-  type        = string
-}
-variable "subnet_ids" {
-  description = "List of subnet IDs for RDS"
-  type        = list(string)
-}
-variable "engine_version" {
-  description = "PostgreSQL engine version"
-  type        = string
-  default     = "16.8"
-}
-variable "port" {
-  description = "Port for RDS"
-  type        = number
-  default     = 5432
-}
-variable "instance_class" {
-  description = "RDS instance class"
-  type        = string
-  default     = "db.serverless"
-}
-variable "edw_allowed_principals" {
-  description = "List of IAM principal ARNs allowed to assume the EDW secret reader role"
-  type        = list(string)
-  default     = []
-}
-variable "edw_vpc_cidr_blocks" {
-  description = "List of CIDR blocks from EDW VPC to allow database access via VPC peering"
-  type        = list(string)
-  default     = []
-}

package/templates/webapp/terraform/modules/s3-logging/main.tf DELETED Viewed

@@ -1,148 +0,0 @@
-data "aws_caller_identity" "current" {}
-resource "random_string" "suffix" {
-  length  = 8
-  special = false
-  upper   = false
-}
-################################################################################
-# S3 Bucket for Access Logs
-################################################################################
-resource "aws_s3_bucket" "logs" {
-  bucket = "${var.name}-logs-${random_string.suffix.result}"
-}
-resource "aws_s3_bucket_public_access_block" "logs" {
-  bucket                  = aws_s3_bucket.logs.id
-  block_public_acls       = true
-  block_public_policy     = true
-  ignore_public_acls      = true
-  restrict_public_buckets = true
-}
-resource "aws_s3_bucket_ownership_controls" "logs" {
-  bucket = aws_s3_bucket.logs.id
-  rule {
-    object_ownership = "BucketOwnerPreferred"
-  }
-}
-resource "aws_s3_bucket_versioning" "logs" {
-  bucket = aws_s3_bucket.logs.id
-  versioning_configuration {
-    status = "Enabled"
-  }
-}
-resource "aws_s3_bucket_acl" "logs" {
-  depends_on = [aws_s3_bucket_ownership_controls.logs]
-  bucket     = aws_s3_bucket.logs.id
-  acl        = "private"
-}
-resource "aws_s3_bucket_server_side_encryption_configuration" "logs" {
-  bucket = aws_s3_bucket.logs.id
-  rule {
-    apply_server_side_encryption_by_default {
-      sse_algorithm = "AES256"
-    }
-    bucket_key_enabled = true
-  }
-}
-resource "aws_s3_bucket_lifecycle_configuration" "logs" {
-  count  = var.s3_expiration_days != null ? 1 : 0
-  bucket = aws_s3_bucket.logs.bucket
-  rule {
-    id     = "expire-objects"
-    status = "Enabled"
-    filter {
-      prefix = ""
-    }
-    expiration {
-      days = var.s3_expiration_days
-    }
-  }
-}
-# Bucket policy to allow S3 and CloudTrail services to write logs
-resource "aws_s3_bucket_policy" "logs" {
-  bucket = aws_s3_bucket.logs.bucket
-  policy = jsonencode({
-    Version = "2012-10-17"
-    Statement = [
-      {
-        Sid    = "AWSCloudTrailAclCheck"
-        Effect = "Allow"
-        Principal = {
-          Service = "cloudtrail.amazonaws.com"
-        }
-        Action   = "s3:GetBucketAcl"
-        Resource = aws_s3_bucket.logs.arn
-        Condition = {
-          StringEquals = {
-            "aws:SourceAccount" = data.aws_caller_identity.current.account_id
-          }
-        }
-      },
-      {
-        Sid    = "AWSCloudTrailWrite"
-        Effect = "Allow"
-        Principal = {
-          Service = "cloudtrail.amazonaws.com"
-        }
-        Action   = "s3:PutObject"
-        Resource = "${aws_s3_bucket.logs.arn}/cloudtrail/*"
-        Condition = {
-          StringEquals = {
-            "s3:x-amz-acl"      = "bucket-owner-full-control"
-            "aws:SourceAccount" = data.aws_caller_identity.current.account_id
-          }
-        }
-      },
-      {
-        Sid    = "AllowS3LogDeliveryAcl"
-        Effect = "Allow"
-        Principal = {
-          Service = "s3.amazonaws.com"
-        }
-        Action = [
-          "s3:GetBucketAcl",
-          "s3:GetBucketLocation"
-        ]
-        Resource = aws_s3_bucket.logs.arn
-      },
-      {
-        Sid    = "AllowS3LogDeliveryPut"
-        Effect = "Allow"
-        Principal = {
-          Service = "s3.amazonaws.com"
-        }
-        Action   = "s3:PutObject"
-        Resource = "${aws_s3_bucket.logs.arn}/*"
-        Condition = {
-          StringEquals = {
-            "s3:x-amz-acl" = "bucket-owner-full-control"
-          }
-        }
-      },
-      {
-        Sid       = "DenyUnEncryptedObjectUploads"
-        Effect    = "Deny"
-        Principal = "*"
-        Action    = "s3:*"
-        Resource  = "${aws_s3_bucket.logs.arn}/*"
-        Condition = {
-          Bool = {
-            "aws:SecureTransport" = "false"
-          }
-        }
-      }
-    ]
-  })
-}

package/templates/webapp/terraform/modules/s3-logging/outputs.tf DELETED Viewed

@@ -1,10 +0,0 @@
-output "s3_bucket_name" {
-  description = "Name of the S3 logging bucket"
-  value       = aws_s3_bucket.logs.bucket
-}
-output "s3_bucket_arn" {
-  description = "ARN of the S3 logging bucket"
-  value       = aws_s3_bucket.logs.arn
-}

package/templates/webapp/terraform/modules/s3-logging/variables.tf DELETED Viewed

@@ -1,16 +0,0 @@
-variable "name" {
-  description = "Base name for resources"
-  type        = string
-}
-variable "environment" {
-  description = "Environment name (e.g. dev, staging, prod)"
-  type        = string
-}
-variable "s3_expiration_days" {
-  description = "Number of days after which S3 objects expire (null to disable expiration)"
-  type        = number
-  default     = null
-}

package/templates/webapp/terraform/modules/secrets/main.tf DELETED Viewed

@@ -1,39 +0,0 @@
-data "aws_region" "current" {}
-################################################################################
-# Database Credentials Secret
-################################################################################
-resource "kubernetes_secret" "database_credentials" {
-  metadata {
-    name      = "__APP_NAME__-database-credentials"
-    namespace = var.namespace
-  }
-  type = "Opaque"
-  data = {
-    host         = var.db_host
-    port         = tostring(var.db_port)
-    database     = var.db_name
-    username     = var.db_username
-    password     = var.db_password
-    ssl_cert     = var.db_ssl_cert
-    database_url = var.db_url
-  }
-}
-# PostgreSQL Secret (Langfuse-style structure)
-resource "kubernetes_secret" "postgresql" {
-  metadata {
-    name      = "__APP_NAME__-postgresql"
-    namespace = var.namespace
-  }
-  type = "Opaque"
-  data = {
-    postgres-password = var.db_password
-    database_url      = "postgresql://${var.db_username}:${var.db_password}@${var.db_host}:${var.db_port}/${var.db_name}"
-    database_name     = var.db_name
-    host              = var.db_host
-    port              = tostring(var.db_port)
-    username          = var.db_username
-  }
-}

package/templates/webapp/terraform/modules/secrets/outputs.tf DELETED Viewed

@@ -1,9 +0,0 @@
-output "database_secret_name" {
-  description = "Name of the Kubernetes secret containing database credentials"
-  value       = kubernetes_secret.database_credentials.metadata[0].name
-}
-output "postgresql_secret_name" {
-  description = "Name of the Kubernetes secret containing PostgreSQL credentials (Langfuse-style)"
-  value       = kubernetes_secret.postgresql.metadata[0].name
-}

package/templates/webapp/terraform/modules/secrets/variables.tf DELETED Viewed

@@ -1,51 +0,0 @@
-variable "namespace" {
-  description = "Kubernetes namespace for secrets"
-  type        = string
-}
-variable "cluster_name" {
-  description = "EKS cluster name"
-  type        = string
-}
-################################################################################
-# Database Variables
-################################################################################
-variable "db_host" {
-  description = "Database host"
-  type        = string
-}
-variable "db_port" {
-  description = "Database port"
-  type        = number
-}
-variable "db_name" {
-  description = "Database name"
-  type        = string
-}
-variable "db_username" {
-  description = "Database username"
-  type        = string
-}
-variable "db_password" {
-  description = "Database password"
-  type        = string
-  sensitive   = true
-}
-variable "db_ssl_cert" {
-  description = "Database SSL certificate"
-  type        = string
-  sensitive   = true
-}
-variable "db_url" {
-  description = "Database connection URL"
-  type        = string
-  sensitive   = true
-}

package/templates/webapp/terraform/outputs.tf DELETED Viewed

@@ -1,102 +0,0 @@
-################################################################################
-# Database Outputs
-################################################################################
-output "rds_cluster_endpoint" {
-  description = "RDS cluster endpoint"
-  value       = module.rds.host
-}
-output "rds_cluster_port" {
-  description = "RDS cluster port"
-  value       = module.rds.port
-}
-output "rds_database_name" {
-  description = "RDS database name"
-  value       = module.rds.database_name
-}
-output "app_service_account_role_arn" {
-  description = "The ARN of the IAM role for the application service account."
-  value       = aws_iam_role.app_service_account_role.arn
-}
-################################################################################
-# Networking Outputs
-################################################################################
-output "vpc_endpoint_security_group_id" {
-  description = "Security group ID for VPC endpoints"
-  value       = module.networking.vpc_endpoint_security_group_id
-}
-output "s3_vpc_endpoint_id" {
-  description = "S3 VPC endpoint ID"
-  value       = module.networking.s3_vpc_endpoint_id
-}
-output "ingress_cidr_blocks" {
-  description = "Map of dynamically created security groups for ingress"
-  value       = module.networking.ingress_cidr_blocks
-}
-output "rds_username" {
-  description = "RDS username for __APP_NAME__-db-user"
-  value       = module.rds.username
-}
-################################################################################
-# Secrets Outputs
-################################################################################
-output "database_secret_name" {
-  description = "Name of the Kubernetes secret containing database credentials"
-  value       = module.secrets.database_secret_name
-}
-output "postgresql_secret_name" {
-  description = "Name of the Kubernetes secret containing PostgreSQL credentials (Langfuse-style)"
-  value       = module.secrets.postgresql_secret_name
-}
-################################################################################
-# Networking Outputs
-################################################################################
-output "vpc_id" {
-  description = "VPC ID used for resources"
-  value       = module.networking.vpc_id
-}
-output "subnet_ids" {
-  description = "Subnet IDs used for resources"
-  value       = module.networking.subnet_ids
-}
-################################################################################
-# EDW Access Outputs
-################################################################################
-output "edw_readonly_username" {
-  description = "Readonly database username for EDW access"
-  value       = module.rds.readonly_username
-}
-output "edw_readonly_secret_arn" {
-  description = "ARN of the Secrets Manager secret containing readonly user credentials for EDW"
-  value       = module.rds.readonly_user_secret_arn
-}
-output "edw_readonly_secret_name" {
-  description = "Name of the Secrets Manager secret containing readonly user credentials for EDW"
-  value       = module.rds.readonly_user_secret_name
-}
-output "edw_secret_reader_role_arn" {
-  description = "ARN of the IAM role that EDW can assume to read the readonly credentials secret"
-  value       = module.rds.readonly_user_secret_reader_role_arn
-}

package/templates/webapp/terraform/providers.tf DELETED Viewed

@@ -1,32 +0,0 @@
-terraform {
-  required_version = ">= 1.5.0"
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = "~> 5.0"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = "~> 2.0"
-    }
-    random = {
-      source  = "hashicorp/random"
-      version = "~> 3.1"
-    }
-    http = {
-      source  = "hashicorp/http"
-      version = "~> 3.0"
-    }
-  }
-  backend "kubernetes" {}
-}
-provider "aws" {
-  region = var.region
-}
-provider "kubernetes" {
-  # The Kubernetes provider will be configured by the backend
-  # No explicit configuration needed here
-}

package/templates/webapp/terraform/schema/main.tf DELETED Viewed

@@ -1,4 +0,0 @@
-resource "postgresql_schema" "demo" {
-  database = var.database_name
-  name     = var.schema_name
-}

package/templates/webapp/terraform/schema/outputs.tf DELETED Viewed

@@ -1,9 +0,0 @@
-output "database_name" {
-  description = "Database containing the demo schema."
-  value       = var.database_name
-}
-output "schema_name" {
-  description = "Created demo schema name."
-  value       = postgresql_schema.demo.name
-}

package/templates/webapp/terraform/schema/variables.tf DELETED Viewed

@@ -1,19 +0,0 @@
-variable "aws_region" {
-  description = "AWS region containing the shared Percepta internal database secret."
-  type        = string
-}
-variable "database_secret_name" {
-  description = "AWS Secrets Manager secret name containing shared Postgres credentials."
-  type        = string
-}
-variable "database_name" {
-  description = "Database where the demo app schema should be created."
-  type        = string
-}
-variable "schema_name" {
-  description = "Postgres schema name for this demo app."
-  type        = string
-}

package/templates/webapp/terraform/schema/versions.tf DELETED Viewed

@@ -1,38 +0,0 @@
-terraform {
-  required_version = ">= 1.5.0"
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = "~> 5.0"
-    }
-    postgresql = {
-      source  = "cyrilgdn/postgresql"
-      version = "~> 1.22"
-    }
-  }
-  backend "kubernetes" {}
-}
-provider "aws" {
-  region = var.aws_region
-}
-data "aws_secretsmanager_secret_version" "database" {
-  secret_id = var.database_secret_name
-}
-locals {
-  database_credentials = jsondecode(data.aws_secretsmanager_secret_version.database.secret_string)
-}
-provider "postgresql" {
-  host            = local.database_credentials.host
-  port            = tonumber(local.database_credentials.port)
-  username        = local.database_credentials.username
-  password        = local.database_credentials.password
-  sslmode         = "require"
-  connect_timeout = 15
-  superuser       = false
-}

package/templates/webapp/terraform/terraform.tfvars.example DELETED Viewed

@@ -1,65 +0,0 @@
-# __APP_NAME_UPPER__ Terraform Configuration Example
-# Copy this file to terraform.tfvars and customize for your environment
-################################################################################
-# Required Variables
-################################################################################
-# Environment name (e.g. dev, staging, prod)
-environment = "dev"
-# Base name for resources - will be used as prefix for all resources
-name = "__APP_NAME__"
-# AWS region where resources will be deployed
-region = "us-west-2"
-# EKS cluster name where secrets will be created
-cluster_name = "my-eks-cluster"
-# VPC ID where resources will be deployed
-vpc_id = "vpc-12345678"
-################################################################################
-# Optional Variables
-################################################################################
-# Kubernetes namespace for secrets (default: "__APP_NAME__")
-# namespace = "__APP_NAME__"
-# Subnet IDs for RDS and other resources (auto-discovered if not provided)
-# subnet_ids = ["subnet-12345678", "subnet-87654321"]
-# Custom subnet tags for auto-discovery (default shown below)
-# subnet_tags = {
-#   "kubernetes.io/role/internal-elb" = "1"
-# }
-################################################################################
-# RDS Configuration
-################################################################################
-# Use existing RDS cluster (optional)
-# existing_rds_cluster_name = "my-existing-cluster"
-# Whether to create new RDS if existing cluster not specified (default: true)
-# create_new_rds = true
-# PostgreSQL engine version (default: "16.6")
-# rds_engine_version = "16.6"
-# RDS port (default: 5432)
-# rds_port = 5432
-# RDS instance class (default: "db.serverless")
-# rds_instance_class = "db.serverless"
-################################################################################
-# S3 Configuration
-################################################################################
-# Number of days after which S3 objects expire (null to disable expiration)
-# s3_bucket_expiration_days = 90
-# s3_bucket_expiration_days = null  # Disable S3 object expiration