@quiltdata/benchling-webhook 0.5.1 → 0.5.4-20251031T221509Z
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +218 -5
- package/dist/bin/benchling-webhook.d.ts.map +1 -1
- package/dist/bin/benchling-webhook.js +15 -9
- package/dist/bin/benchling-webhook.js.map +1 -1
- package/dist/bin/cdk-dev.js +252 -0
- package/dist/bin/cli.js +23 -4
- package/dist/bin/cli.js.map +1 -1
- package/dist/bin/commands/deploy.d.ts.map +1 -1
- package/dist/bin/commands/deploy.js +132 -11
- package/dist/bin/commands/deploy.js.map +1 -1
- package/dist/bin/commands/init.d.ts.map +1 -1
- package/dist/bin/commands/init.js +2 -3
- package/dist/bin/commands/init.js.map +1 -1
- package/dist/bin/commands/manifest.d.ts.map +1 -1
- package/dist/bin/commands/manifest.js +8 -2
- package/dist/bin/commands/manifest.js.map +1 -1
- package/dist/bin/commands/test.js +2 -2
- package/dist/bin/commands/validate.d.ts.map +1 -1
- package/dist/bin/commands/validate.js +0 -1
- package/dist/bin/commands/validate.js.map +1 -1
- package/dist/lib/alb-api-gateway.d.ts.map +1 -1
- package/dist/lib/alb-api-gateway.js +24 -7
- package/dist/lib/alb-api-gateway.js.map +1 -1
- package/dist/lib/benchling-webhook-stack.d.ts +9 -1
- package/dist/lib/benchling-webhook-stack.d.ts.map +1 -1
- package/dist/lib/benchling-webhook-stack.js +85 -9
- package/dist/lib/benchling-webhook-stack.js.map +1 -1
- package/dist/lib/fargate-service.d.ts +10 -1
- package/dist/lib/fargate-service.d.ts.map +1 -1
- package/dist/lib/fargate-service.js +65 -27
- package/dist/lib/fargate-service.js.map +1 -1
- package/dist/lib/utils/config.d.ts +52 -3
- package/dist/lib/utils/config.d.ts.map +1 -1
- package/dist/lib/utils/config.js +96 -21
- package/dist/lib/utils/config.js.map +1 -1
- package/dist/lib/utils/secrets.d.ts +174 -0
- package/dist/lib/utils/secrets.d.ts.map +1 -0
- package/dist/lib/utils/secrets.js +351 -0
- package/dist/lib/utils/secrets.js.map +1 -0
- package/dist/lib/utils/stack-inference.d.ts +2 -14
- package/dist/lib/utils/stack-inference.d.ts.map +1 -1
- package/dist/lib/utils/stack-inference.js +33 -132
- package/dist/lib/utils/stack-inference.js.map +1 -1
- package/dist/package.json +9 -4
- package/env.template +1 -2
- package/package.json +9 -4
|
@@ -76,10 +76,63 @@ class BenchlingWebhookStack extends cdk.Stack {
|
|
|
76
76
|
description: "Prefix for package names (no slashes)",
|
|
77
77
|
default: props.prefix,
|
|
78
78
|
});
|
|
79
|
-
const
|
|
79
|
+
const pkgKeyParam = new cdk.CfnParameter(this, "PackageKey", {
|
|
80
80
|
type: "String",
|
|
81
|
-
description: "
|
|
82
|
-
default:
|
|
81
|
+
description: "Metadata key used to link Benchling entries to Quilt packages",
|
|
82
|
+
default: "experiment_id",
|
|
83
|
+
});
|
|
84
|
+
const queueArnParam = new cdk.CfnParameter(this, "QueueArn", {
|
|
85
|
+
type: "String",
|
|
86
|
+
description: "SQS queue ARN for package notifications",
|
|
87
|
+
default: props.queueArn,
|
|
88
|
+
});
|
|
89
|
+
const quiltDatabaseParam = new cdk.CfnParameter(this, "QuiltDatabase", {
|
|
90
|
+
type: "String",
|
|
91
|
+
description: "Quilt database name (Glue Data Catalog database)",
|
|
92
|
+
default: props.quiltDatabase,
|
|
93
|
+
});
|
|
94
|
+
// DEPRECATED: Benchling tenant parameter (kept for backward compatibility)
|
|
95
|
+
const benchlingTenantParam = new cdk.CfnParameter(this, "BenchlingTenant", {
|
|
96
|
+
type: "String",
|
|
97
|
+
description: "[DEPRECATED] Use BenchlingSecrets parameter instead. Benchling tenant name (e.g., 'company' for company.benchling.com)",
|
|
98
|
+
default: props.benchlingTenant,
|
|
99
|
+
});
|
|
100
|
+
const logLevelParam = new cdk.CfnParameter(this, "LogLevel", {
|
|
101
|
+
type: "String",
|
|
102
|
+
description: "Application log level (DEBUG, INFO, WARNING, ERROR, CRITICAL)",
|
|
103
|
+
default: props.logLevel || "INFO",
|
|
104
|
+
allowedValues: ["DEBUG", "INFO", "WARNING", "ERROR", "CRITICAL"],
|
|
105
|
+
});
|
|
106
|
+
const enableWebhookVerificationParam = new cdk.CfnParameter(this, "EnableWebhookVerification", {
|
|
107
|
+
type: "String",
|
|
108
|
+
description: "Enable webhook signature verification (true/false)",
|
|
109
|
+
default: "true",
|
|
110
|
+
allowedValues: ["true", "false"],
|
|
111
|
+
});
|
|
112
|
+
const imageTagParam = new cdk.CfnParameter(this, "ImageTag", {
|
|
113
|
+
type: "String",
|
|
114
|
+
description: "Docker image tag to deploy (e.g., latest, 0.5.3, 0.5.3-20251030T123456Z)",
|
|
115
|
+
default: props.imageTag || "latest",
|
|
116
|
+
});
|
|
117
|
+
// Benchling Secrets - consolidated secret parameter (Phase 3)
|
|
118
|
+
const benchlingSecretsParam = new cdk.CfnParameter(this, "BenchlingSecrets", {
|
|
119
|
+
type: "String",
|
|
120
|
+
description: "JSON string containing Benchling secrets (client_id, client_secret, tenant, app_definition_id)",
|
|
121
|
+
default: "",
|
|
122
|
+
noEcho: true,
|
|
123
|
+
});
|
|
124
|
+
// DEPRECATED: Individual secret parameters (kept for backward compatibility)
|
|
125
|
+
const benchlingClientIdParam = new cdk.CfnParameter(this, "BenchlingClientId", {
|
|
126
|
+
type: "String",
|
|
127
|
+
description: "[DEPRECATED] Use BenchlingSecrets parameter instead. Benchling OAuth client ID.",
|
|
128
|
+
default: "",
|
|
129
|
+
noEcho: true,
|
|
130
|
+
});
|
|
131
|
+
const benchlingClientSecretParam = new cdk.CfnParameter(this, "BenchlingClientSecret", {
|
|
132
|
+
type: "String",
|
|
133
|
+
description: "[DEPRECATED] Use BenchlingSecrets parameter instead. Benchling OAuth client secret.",
|
|
134
|
+
default: "",
|
|
135
|
+
noEcho: true,
|
|
83
136
|
});
|
|
84
137
|
// Use parameter values (which have props as defaults)
|
|
85
138
|
// This allows runtime updates via CloudFormation
|
|
@@ -87,7 +140,20 @@ class BenchlingWebhookStack extends cdk.Stack {
|
|
|
87
140
|
const quiltCatalogValue = quiltCatalogParam.valueAsString;
|
|
88
141
|
const bucketNameValue = bucketNameParam.valueAsString;
|
|
89
142
|
const prefixValue = prefixParam.valueAsString;
|
|
90
|
-
const
|
|
143
|
+
const pkgKeyValue = pkgKeyParam.valueAsString;
|
|
144
|
+
const queueArnValue = queueArnParam.valueAsString;
|
|
145
|
+
const quiltDatabaseValue = quiltDatabaseParam.valueAsString;
|
|
146
|
+
const benchlingTenantValue = benchlingTenantParam.valueAsString;
|
|
147
|
+
const logLevelValue = logLevelParam.valueAsString;
|
|
148
|
+
const enableWebhookVerificationValue = enableWebhookVerificationParam.valueAsString;
|
|
149
|
+
const imageTagValue = imageTagParam.valueAsString;
|
|
150
|
+
// Phase 3: New secret parameters (not used directly - mode determined by props)
|
|
151
|
+
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
152
|
+
const benchlingSecretsValue = benchlingSecretsParam.valueAsString;
|
|
153
|
+
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
154
|
+
const benchlingClientIdValue = benchlingClientIdParam.valueAsString;
|
|
155
|
+
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
156
|
+
const benchlingClientSecretValue = benchlingClientSecretParam.valueAsString;
|
|
91
157
|
this.bucket = s3.Bucket.fromBucketName(this, "BWBucket", bucketNameValue);
|
|
92
158
|
// Get the default VPC or create a new one
|
|
93
159
|
const vpc = ec2.Vpc.fromLookup(this, "DefaultVPC", {
|
|
@@ -111,22 +177,32 @@ class BenchlingWebhookStack extends cdk.Stack {
|
|
|
111
177
|
ecrImageUri = `${this.account}.dkr.ecr.${this.region}.amazonaws.com/${repoName}:latest`;
|
|
112
178
|
}
|
|
113
179
|
// Create the Fargate service
|
|
180
|
+
// Use imageTag for stackVersion if it looks like a timestamped dev version
|
|
181
|
+
// (e.g., "0.5.3-20251031T000139Z"), otherwise use package.json version
|
|
182
|
+
const isDevVersion = imageTagValue.match(/^\d+\.\d+\.\d+-\d{8}T\d{6}Z$/);
|
|
183
|
+
const stackVersion = isDevVersion ? imageTagValue : package_json_1.default.version;
|
|
114
184
|
this.fargateService = new fargate_service_1.FargateService(this, "FargateService", {
|
|
115
185
|
vpc,
|
|
116
186
|
bucket: this.bucket,
|
|
117
|
-
|
|
187
|
+
queueArn: queueArnValue,
|
|
118
188
|
region: this.region,
|
|
119
189
|
account: this.account,
|
|
120
190
|
prefix: prefixValue,
|
|
191
|
+
pkgKey: pkgKeyValue,
|
|
121
192
|
benchlingClientId: props.benchlingClientId,
|
|
122
193
|
benchlingClientSecret: props.benchlingClientSecret,
|
|
123
|
-
benchlingTenant:
|
|
194
|
+
benchlingTenant: benchlingTenantValue,
|
|
195
|
+
// Use props.benchlingSecrets (original value) to determine mode
|
|
196
|
+
// The CloudFormation parameter value (benchlingSecretsValue) is a token that can't be evaluated at synth time
|
|
197
|
+
benchlingSecrets: props.benchlingSecrets,
|
|
124
198
|
quiltCatalog: quiltCatalogValue,
|
|
125
|
-
quiltDatabase:
|
|
199
|
+
quiltDatabase: quiltDatabaseValue,
|
|
126
200
|
webhookAllowList: webhookAllowListValue,
|
|
127
201
|
ecrRepository: ecrRepo,
|
|
128
|
-
imageTag:
|
|
129
|
-
|
|
202
|
+
imageTag: imageTagValue,
|
|
203
|
+
stackVersion: stackVersion,
|
|
204
|
+
logLevel: logLevelValue,
|
|
205
|
+
enableWebhookVerification: enableWebhookVerificationValue,
|
|
130
206
|
});
|
|
131
207
|
// Create API Gateway that routes to the ALB
|
|
132
208
|
this.api = new alb_api_gateway_1.AlbApiGateway(this, "ApiGateway", {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"benchling-webhook-stack.js","sourceRoot":"","sources":["../../lib/benchling-webhook-stack.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAmC;AACnC,uDAAyC;AACzC,yDAA2C;AAC3C,yDAA2C;AAE3C,uDAAmD;AACnD,uDAAkD;AAClD,qDAAiD;AACjD,mEAA0C;
|
|
1
|
+
{"version":3,"file":"benchling-webhook-stack.js","sourceRoot":"","sources":["../../lib/benchling-webhook-stack.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAmC;AACnC,uDAAyC;AACzC,yDAA2C;AAC3C,yDAA2C;AAE3C,uDAAmD;AACnD,uDAAkD;AAClD,qDAAiD;AACjD,mEAA0C;AA0B1C,MAAa,qBAAsB,SAAQ,GAAG,CAAC,KAAK;IAMhD,YACI,KAAgB,EAChB,EAAU,EACV,KAAiC;QAEjC,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,KAAK,CAAC,CAAC;QACxB,IAAI,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAClE,CAAC;QAED,mEAAmE;QACnE,4FAA4F;QAC5F,mEAAmE;QAEnE,wCAAwC;QACxC,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,kBAAkB,EAAE;YACzE,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,8FAA8F;YAC3G,OAAO,EAAE,KAAK,CAAC,gBAAgB,IAAI,EAAE;SACxC,CAAC,CAAC;QAEH,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,cAAc,EAAE;YACjE,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,qCAAqC;YAClD,OAAO,EAAE,KAAK,CAAC,YAAY,IAAI,oBAAoB;SACtD,CAAC,CAAC;QAEH,uEAAuE;QACvE,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,YAAY,EAAE;YAC7D,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,qCAAqC;YAClD,OAAO,EAAE,KAAK,CAAC,UAAU;SAC5B,CAAC,CAAC;QAEH,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,eAAe,EAAE;YAC5D,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,uCAAuC;YACpD,OAAO,EAAE,KAAK,CAAC,MAAM;SACxB,CAAC,CAAC;QAEH,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,YAAY,EAAE;YACzD,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,+DAA+D;YAC5E,OAAO,EAAE,eAAe;SAC3B,CAAC,CAAC;QAEH,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,UAAU,EAAE;YACzD,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,yCAAyC;YACtD,OAAO,EAAE,KAAK,CAAC,QAAQ;SAC1B,CAAC,CAAC;QAEH,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,eAAe,EAAE;YACnE,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,kDAAkD;YAC/D,OAAO,EAAE,KAAK,CAAC,aAAa;SAC/B,CAAC,CAAC;QAEH,2EAA2E;QAC3E,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,iBAAiB,EAAE;YACvE,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,wHAAwH;YACrI,OAAO,EAAE,KAAK,CAAC,eAAe;SACjC,CAAC,CAAC;QAEH,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,UAAU,EAAE;YACzD,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,+DAA+D;YAC5E,OAAO,EAAE,KAAK,CAAC,QAAQ,IAAI,MAAM;YACjC,aAAa,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,UAAU,CAAC;SACnE,CAAC,CAAC;QAEH,MAAM,8BAA8B,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,2BAA2B,EAAE;YAC3F,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,oDAAoD;YACjE,OAAO,EAAE,MAAM;YACf,aAAa,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC;SACnC,CAAC,CAAC;QAEH,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,UAAU,EAAE;YACzD,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,0EAA0E;YACvF,OAAO,EAAE,KAAK,CAAC,QAAQ,IAAI,QAAQ;SACtC,CAAC,CAAC;QAEH,8DAA8D;QAC9D,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,kBAAkB,EAAE;YACzE,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,gGAAgG;YAC7G,OAAO,EAAE,EAAE;YACX,MAAM,EAAE,IAAI;SACf,CAAC,CAAC;QAEH,6EAA6E;QAC7E,MAAM,sBAAsB,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,mBAAmB,EAAE;YAC3E,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,iFAAiF;YAC9F,OAAO,EAAE,EAAE;YACX,MAAM,EAAE,IAAI;SACf,CAAC,CAAC;QAEH,MAAM,0BAA0B,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,uBAAuB,EAAE;YACnF,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,qFAAqF;YAClG,OAAO,EAAE,EAAE;YACX,MAAM,EAAE,IAAI;SACf,CAAC,CAAC;QAEH,sDAAsD;QACtD,iDAAiD;QACjD,MAAM,qBAAqB,GAAG,qBAAqB,CAAC,aAAa,CAAC;QAClE,MAAM,iBAAiB,GAAG,iBAAiB,CAAC,aAAa,CAAC;QAC1D,MAAM,eAAe,GAAG,eAAe,CAAC,aAAa,CAAC;QACtD,MAAM,WAAW,GAAG,WAAW,CAAC,aAAa,CAAC;QAC9C,MAAM,WAAW,GAAG,WAAW,CAAC,aAAa,CAAC;QAC9C,MAAM,aAAa,GAAG,aAAa,CAAC,aAAa,CAAC;QAClD,MAAM,kBAAkB,GAAG,kBAAkB,CAAC,aAAa,CAAC;QAC5D,MAAM,oBAAoB,GAAG,oBAAoB,CAAC,aAAa,CAAC;QAChE,MAAM,aAAa,GAAG,aAAa,CAAC,aAAa,CAAC;QAClD,MAAM,8BAA8B,GAAG,8BAA8B,CAAC,aAAa,CAAC;QACpF,MAAM,aAAa,GAAG,aAAa,CAAC,aAAa,CAAC;QAClD,gFAAgF;QAChF,6DAA6D;QAC7D,MAAM,qBAAqB,GAAG,qBAAqB,CAAC,aAAa,CAAC;QAClE,6DAA6D;QAC7D,MAAM,sBAAsB,GAAG,sBAAsB,CAAC,aAAa,CAAC;QACpE,6DAA6D;QAC7D,MAAM,0BAA0B,GAAG,0BAA0B,CAAC,aAAa,CAAC;QAE5E,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,UAAU,EAAE,eAAe,CAAC,CAAC;QAE1E,0CAA0C;QAC1C,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,YAAY,EAAE;YAC/C,SAAS,EAAE,IAAI;SAClB,CAAC,CAAC;QAEH,+BAA+B;QAC/B,IAAI,OAAwB,CAAC;QAC7B,IAAI,WAAmB,CAAC;QACxB,IAAI,KAAK,CAAC,mBAAmB,EAAE,CAAC;YAC5B,MAAM,OAAO,GAAG,IAAI,8BAAa,CAAC,IAAI,EAAE,eAAe,EAAE;gBACrD,cAAc,EAAE,KAAK,CAAC,iBAAiB,IAAI,qBAAqB;gBAChE,gBAAgB,EAAE,IAAI;aACzB,CAAC,CAAC;YACH,OAAO,GAAG,OAAO,CAAC,UAAU,CAAC;YAC7B,WAAW,GAAG,GAAG,OAAO,CAAC,aAAa,SAAS,CAAC;QACpD,CAAC;aAAM,CAAC;YACJ,oCAAoC;YACpC,MAAM,QAAQ,GAAG,KAAK,CAAC,iBAAiB,IAAI,qBAAqB,CAAC;YAClE,OAAO,GAAG,GAAG,CAAC,UAAU,CAAC,kBAAkB,CAAC,IAAI,EAAE,uBAAuB,EAAE,QAAQ,CAAC,CAAC;YACrF,WAAW,GAAG,GAAG,IAAI,CAAC,OAAO,YAAY,IAAI,CAAC,MAAM,kBAAkB,QAAQ,SAAS,CAAC;QAC5F,CAAC;QAED,6BAA6B;QAC7B,2EAA2E;QAC3E,uEAAuE;QACvE,MAAM,YAAY,GAAG,aAAa,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;QACzE,MAAM,YAAY,GAAG,YAAY,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,sBAAW,CAAC,OAAO,CAAC;QAExE,IAAI,CAAC,cAAc,GAAG,IAAI,gCAAc,CAAC,IAAI,EAAE,gBAAgB,EAAE;YAC7D,GAAG;YACH,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,QAAQ,EAAE,aAAa;YACvB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,MAAM,EAAE,WAAW;YACnB,MAAM,EAAE,WAAW;YACnB,iBAAiB,EAAE,KAAK,CAAC,iBAAiB;YAC1C,qBAAqB,EAAE,KAAK,CAAC,qBAAqB;YAClD,eAAe,EAAE,oBAAoB;YACrC,gEAAgE;YAChE,8GAA8G;YAC9G,gBAAgB,EAAE,KAAK,CAAC,gBAAgB;YACxC,YAAY,EAAE,iBAAiB;YAC/B,aAAa,EAAE,kBAAkB;YACjC,gBAAgB,EAAE,qBAAqB;YACvC,aAAa,EAAE,OAAO;YACtB,QAAQ,EAAE,aAAa;YACvB,YAAY,EAAE,YAAY;YAC1B,QAAQ,EAAE,aAAa;YACvB,yBAAyB,EAAE,8BAA8B;SAC5D,CAAC,CAAC;QAEH,4CAA4C;QAC5C,IAAI,CAAC,GAAG,GAAG,IAAI,+BAAa,CAAC,IAAI,EAAE,YAAY,EAAE;YAC7C,YAAY,EAAE,IAAI,CAAC,cAAc,CAAC,YAAY;YAC9C,gBAAgB,EAAE,qBAAqB;SAC1C,CAAC,CAAC;QAEH,yCAAyC;QACzC,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC;QAExC,4CAA4C;QAC5C,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,iBAAiB,EAAE;YACvC,KAAK,EAAE,IAAI,CAAC,eAAe;YAC3B,WAAW,EAAE,gEAAgE;SAChF,CAAC,CAAC;QAEH,kCAAkC;QAClC,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,gBAAgB,EAAE;YACtC,KAAK,EAAE,WAAW;YAClB,WAAW,EAAE,sCAAsC;SACtD,CAAC,CAAC;QAEH,6BAA6B;QAC7B,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,cAAc,EAAE;YACpC,KAAK,EAAE,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,IAAI,sBAAW,CAAC,OAAO;YAChE,WAAW,EAAE,eAAe;SAC/B,CAAC,CAAC;QAEH,+BAA+B;QAC/B,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,aAAa,EAAE;YACnC,KAAK,EAAE,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,YAAY;YAChD,WAAW,EAAE,6CAA6C;SAC7D,CAAC,CAAC;QAEH,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,oBAAoB,EAAE;YAC1C,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,YAAY;YACrC,WAAW,EAAE,kDAAkD;SAClE,CAAC,CAAC;IACP,CAAC;CAGJ;AArOD,sDAqOC"}
|
|
@@ -8,19 +8,28 @@ import { Construct } from "constructs";
|
|
|
8
8
|
export interface FargateServiceProps {
|
|
9
9
|
readonly vpc: ec2.IVpc;
|
|
10
10
|
readonly bucket: s3.IBucket;
|
|
11
|
-
readonly
|
|
11
|
+
readonly queueArn: string;
|
|
12
12
|
readonly region: string;
|
|
13
13
|
readonly account: string;
|
|
14
14
|
readonly prefix: string;
|
|
15
|
+
readonly pkgKey: string;
|
|
15
16
|
readonly benchlingClientId: string;
|
|
16
17
|
readonly benchlingClientSecret: string;
|
|
17
18
|
readonly benchlingTenant: string;
|
|
19
|
+
/**
|
|
20
|
+
* Consolidated Benchling secrets as JSON string.
|
|
21
|
+
* When provided and non-empty, the container will receive BENCHLING_SECRETS environment variable.
|
|
22
|
+
* Otherwise, individual environment variables (BENCHLING_TENANT) and secrets (BENCHLING_CLIENT_ID, BENCHLING_CLIENT_SECRET) are used.
|
|
23
|
+
*/
|
|
24
|
+
readonly benchlingSecrets?: string;
|
|
18
25
|
readonly quiltCatalog: string;
|
|
19
26
|
readonly quiltDatabase: string;
|
|
20
27
|
readonly webhookAllowList: string;
|
|
21
28
|
readonly ecrRepository: ecr.IRepository;
|
|
22
29
|
readonly imageTag?: string;
|
|
30
|
+
readonly stackVersion?: string;
|
|
23
31
|
readonly logLevel?: string;
|
|
32
|
+
readonly enableWebhookVerification?: string;
|
|
24
33
|
}
|
|
25
34
|
export declare class FargateService extends Construct {
|
|
26
35
|
readonly service: ecs.FargateService;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"fargate-service.d.ts","sourceRoot":"","sources":["../../lib/fargate-service.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,GAAG,MAAM,qBAAqB,CAAC;AAC3C,OAAO,KAAK,GAAG,MAAM,qBAAqB,CAAC;AAC3C,OAAO,KAAK,GAAG,MAAM,qBAAqB,CAAC;AAC3C,OAAO,KAAK,KAAK,MAAM,wCAAwC,CAAC;AAEhE,OAAO,KAAK,IAAI,MAAM,sBAAsB,CAAC;AAE7C,OAAO,KAAK,EAAE,MAAM,oBAAoB,CAAC;AACzC,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAEvC,MAAM,WAAW,mBAAmB;IAChC,QAAQ,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC;IACvB,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC,OAAO,CAAC;IAC5B,QAAQ,CAAC,
|
|
1
|
+
{"version":3,"file":"fargate-service.d.ts","sourceRoot":"","sources":["../../lib/fargate-service.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,GAAG,MAAM,qBAAqB,CAAC;AAC3C,OAAO,KAAK,GAAG,MAAM,qBAAqB,CAAC;AAC3C,OAAO,KAAK,GAAG,MAAM,qBAAqB,CAAC;AAC3C,OAAO,KAAK,KAAK,MAAM,wCAAwC,CAAC;AAEhE,OAAO,KAAK,IAAI,MAAM,sBAAsB,CAAC;AAE7C,OAAO,KAAK,EAAE,MAAM,oBAAoB,CAAC;AACzC,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAEvC,MAAM,WAAW,mBAAmB;IAChC,QAAQ,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC;IACvB,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC,OAAO,CAAC;IAC5B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IACnC,QAAQ,CAAC,qBAAqB,EAAE,MAAM,CAAC;IACvC,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC;;;;OAIG;IACH,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IACnC,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,aAAa,EAAE,GAAG,CAAC,WAAW,CAAC;IACxC,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,yBAAyB,CAAC,EAAE,MAAM,CAAC;CAC/C;AAED,qBAAa,cAAe,SAAQ,SAAS;IACzC,SAAgB,OAAO,EAAE,GAAG,CAAC,cAAc,CAAC;IAC5C,SAAgB,YAAY,EAAE,KAAK,CAAC,uBAAuB,CAAC;IAC5D,SAAgB,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC;IACrC,SAAgB,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC;gBAE7B,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,mBAAmB;CAyVvE"}
|
|
@@ -80,15 +80,14 @@ class FargateService extends constructs_1.Construct {
|
|
|
80
80
|
});
|
|
81
81
|
// Grant S3 bucket access to task role
|
|
82
82
|
props.bucket.grantReadWrite(taskRole);
|
|
83
|
-
// Grant SQS access to task role
|
|
84
|
-
const queueArn = `arn:aws:sqs:${props.region}:${props.account}:${props.queueName}`;
|
|
83
|
+
// Grant SQS access to task role using the actual ARN
|
|
85
84
|
taskRole.addToPolicy(new iam.PolicyStatement({
|
|
86
85
|
actions: [
|
|
87
86
|
"sqs:SendMessage",
|
|
88
87
|
"sqs:GetQueueUrl",
|
|
89
88
|
"sqs:GetQueueAttributes",
|
|
90
89
|
],
|
|
91
|
-
resources: [queueArn],
|
|
90
|
+
resources: [props.queueArn],
|
|
92
91
|
}));
|
|
93
92
|
// Grant Athena access to task role for package querying
|
|
94
93
|
taskRole.addToPolicy(new iam.PolicyStatement({
|
|
@@ -131,15 +130,32 @@ class FargateService extends constructs_1.Construct {
|
|
|
131
130
|
`${athenaResultsBucketArn}/*`,
|
|
132
131
|
],
|
|
133
132
|
}));
|
|
133
|
+
// Determine which parameter mode to use
|
|
134
|
+
// Check if the benchlingSecrets prop is provided and non-empty
|
|
135
|
+
const useNewParam = props.benchlingSecrets !== undefined &&
|
|
136
|
+
props.benchlingSecrets !== null &&
|
|
137
|
+
props.benchlingSecrets.trim() !== "";
|
|
138
|
+
// Create Secrets Manager secret with proper parameter handling
|
|
139
|
+
let secretValue;
|
|
140
|
+
if (useNewParam) {
|
|
141
|
+
// New approach: Use consolidated secrets JSON
|
|
142
|
+
secretValue = props.benchlingSecrets;
|
|
143
|
+
}
|
|
144
|
+
else {
|
|
145
|
+
// Old approach: Build JSON from individual parameters
|
|
146
|
+
secretValue = JSON.stringify({
|
|
147
|
+
client_id: props.benchlingClientId,
|
|
148
|
+
client_secret: props.benchlingClientSecret,
|
|
149
|
+
tenant: props.benchlingTenant,
|
|
150
|
+
});
|
|
151
|
+
}
|
|
134
152
|
// Create or reference Secrets Manager secret for Benchling credentials
|
|
135
|
-
//
|
|
153
|
+
// Note: We still use unsafePlainText() because CloudFormation parameters are strings.
|
|
154
|
+
// The actual secret values are protected by noEcho in the parameters.
|
|
136
155
|
const benchlingSecret = new secretsmanager.Secret(this, "BenchlingCredentials", {
|
|
137
156
|
secretName: "benchling-webhook/credentials",
|
|
138
157
|
description: "Benchling API credentials for webhook processor",
|
|
139
|
-
|
|
140
|
-
client_id: cdk.SecretValue.unsafePlainText(props.benchlingClientId),
|
|
141
|
-
client_secret: cdk.SecretValue.unsafePlainText(props.benchlingClientSecret),
|
|
142
|
-
},
|
|
158
|
+
secretStringValue: cdk.SecretValue.unsafePlainText(secretValue),
|
|
143
159
|
});
|
|
144
160
|
// Grant read access to secrets
|
|
145
161
|
benchlingSecret.grantRead(taskRole);
|
|
@@ -151,31 +167,53 @@ class FargateService extends constructs_1.Construct {
|
|
|
151
167
|
taskRole: taskRole,
|
|
152
168
|
family: "benchling-webhook-task",
|
|
153
169
|
});
|
|
154
|
-
//
|
|
170
|
+
// Build environment variables based on parameter mode
|
|
171
|
+
// Note: BENCHLING_TENANT is set conditionally below based on parameter mode
|
|
172
|
+
const environmentVars = {
|
|
173
|
+
QUILT_USER_BUCKET: props.bucket.bucketName,
|
|
174
|
+
QUEUE_ARN: props.queueArn,
|
|
175
|
+
PKG_PREFIX: props.prefix,
|
|
176
|
+
PKG_KEY: props.pkgKey,
|
|
177
|
+
QUILT_CATALOG: props.quiltCatalog,
|
|
178
|
+
QUILT_DATABASE: props.quiltDatabase,
|
|
179
|
+
WEBHOOK_ALLOW_LIST: props.webhookAllowList,
|
|
180
|
+
AWS_REGION: props.region,
|
|
181
|
+
AWS_DEFAULT_REGION: props.region,
|
|
182
|
+
FLASK_ENV: "production",
|
|
183
|
+
LOG_LEVEL: props.logLevel || "INFO",
|
|
184
|
+
ENABLE_WEBHOOK_VERIFICATION: props.enableWebhookVerification || "true",
|
|
185
|
+
BENCHLING_WEBHOOK_VERSION: props.stackVersion || props.imageTag || "latest",
|
|
186
|
+
};
|
|
187
|
+
// Add Benchling configuration based on parameter mode
|
|
188
|
+
if (useNewParam) {
|
|
189
|
+
// New mode: Single consolidated secrets parameter
|
|
190
|
+
// Sets: BENCHLING_SECRETS: props.benchlingSecrets
|
|
191
|
+
environmentVars.BENCHLING_SECRETS = props.benchlingSecrets;
|
|
192
|
+
}
|
|
193
|
+
else {
|
|
194
|
+
// Old mode: Individual tenant parameter
|
|
195
|
+
// Sets: BENCHLING_TENANT: props.benchlingTenant
|
|
196
|
+
environmentVars.BENCHLING_TENANT = props.benchlingTenant;
|
|
197
|
+
}
|
|
198
|
+
// Build secrets configuration (only for old mode)
|
|
199
|
+
let secretsConfig = undefined;
|
|
200
|
+
if (!useNewParam) {
|
|
201
|
+
// Old mode: Individual secrets from Secrets Manager
|
|
202
|
+
secretsConfig = {
|
|
203
|
+
BENCHLING_CLIENT_ID: ecs.Secret.fromSecretsManager(benchlingSecret, "client_id"),
|
|
204
|
+
BENCHLING_CLIENT_SECRET: ecs.Secret.fromSecretsManager(benchlingSecret, "client_secret"),
|
|
205
|
+
BENCHLING_APP_DEFINITION_ID: ecs.Secret.fromSecretsManager(benchlingSecret, "app_definition_id"),
|
|
206
|
+
};
|
|
207
|
+
}
|
|
208
|
+
// Add container with configured environment
|
|
155
209
|
const container = taskDefinition.addContainer("BenchlingWebhookContainer", {
|
|
156
210
|
image: ecs.ContainerImage.fromEcrRepository(props.ecrRepository, props.imageTag || "latest"),
|
|
157
211
|
logging: ecs.LogDriver.awsLogs({
|
|
158
212
|
streamPrefix: "benchling-webhook",
|
|
159
213
|
logGroup: this.logGroup,
|
|
160
214
|
}),
|
|
161
|
-
environment:
|
|
162
|
-
|
|
163
|
-
SQS_QUEUE_URL: `https://sqs.${props.region}.amazonaws.com/${props.account}/${props.queueName}`,
|
|
164
|
-
PKG_PREFIX: props.prefix,
|
|
165
|
-
BENCHLING_TENANT: props.benchlingTenant,
|
|
166
|
-
QUILT_CATALOG: props.quiltCatalog,
|
|
167
|
-
QUILT_DATABASE: props.quiltDatabase,
|
|
168
|
-
WEBHOOK_ALLOW_LIST: props.webhookAllowList,
|
|
169
|
-
AWS_REGION: props.region,
|
|
170
|
-
AWS_DEFAULT_REGION: props.region,
|
|
171
|
-
FLASK_ENV: "production",
|
|
172
|
-
LOG_LEVEL: props.logLevel || "INFO",
|
|
173
|
-
ENABLE_WEBHOOK_VERIFICATION: "false",
|
|
174
|
-
},
|
|
175
|
-
secrets: {
|
|
176
|
-
BENCHLING_CLIENT_ID: ecs.Secret.fromSecretsManager(benchlingSecret, "client_id"),
|
|
177
|
-
BENCHLING_CLIENT_SECRET: ecs.Secret.fromSecretsManager(benchlingSecret, "client_secret"),
|
|
178
|
-
},
|
|
215
|
+
environment: environmentVars,
|
|
216
|
+
secrets: secretsConfig,
|
|
179
217
|
healthCheck: {
|
|
180
218
|
command: ["CMD-SHELL", "curl -f http://localhost:5000/health || exit 1"],
|
|
181
219
|
interval: cdk.Duration.seconds(30),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"fargate-service.js","sourceRoot":"","sources":["../../lib/fargate-service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAmC;AACnC,yDAA2C;AAE3C,yDAA2C;AAC3C,8EAAgE;AAChE,yDAA2C;AAC3C,2DAA6C;AAC7C,+EAAiE;AACjE,uDAAyC;AACzC,2CAAuC;
|
|
1
|
+
{"version":3,"file":"fargate-service.js","sourceRoot":"","sources":["../../lib/fargate-service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAmC;AACnC,yDAA2C;AAE3C,yDAA2C;AAC3C,8EAAgE;AAChE,yDAA2C;AAC3C,2DAA6C;AAC7C,+EAAiE;AACjE,uDAAyC;AACzC,2CAAuC;AA6BvC,MAAa,cAAe,SAAQ,sBAAS;IAMzC,YAAY,KAAgB,EAAE,EAAU,EAAE,KAA0B;QAChE,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAEjB,qBAAqB;QACrB,IAAI,CAAC,OAAO,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,yBAAyB,EAAE;YAC5D,GAAG,EAAE,KAAK,CAAC,GAAG;YACd,WAAW,EAAE,2BAA2B;YACxC,8BAA8B,EAAE,IAAI;SACvC,CAAC,CAAC;QAEH,2CAA2C;QAC3C,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,YAA8B,CAAC;QACpE,UAAU,CAAC,eAAe,GAAG;YACzB;gBACI,IAAI,EAAE,mBAAmB;gBACzB,KAAK,EAAE,SAAS;aACnB;SACJ,CAAC;QAEF,iDAAiD;QACjD,IAAI,CAAC,QAAQ,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,mBAAmB,EAAE;YACzD,YAAY,EAAE,wBAAwB;YACtC,SAAS,EAAE,IAAI,CAAC,aAAa,CAAC,QAAQ;YACtC,aAAa,EAAE,GAAG,CAAC,aAAa,CAAC,OAAO;SAC3C,CAAC,CAAC;QAEH,yEAAyE;QACzE,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,mBAAmB,EAAE;YAC9D,SAAS,EAAE,IAAI,GAAG,CAAC,gBAAgB,CAAC,yBAAyB,CAAC;YAC9D,eAAe,EAAE;gBACb,GAAG,CAAC,aAAa,CAAC,wBAAwB,CACtC,+CAA+C,CAClD;aACJ;SACJ,CAAC,CAAC;QAEH,kFAAkF;QAElF,kEAAkE;QAClE,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,UAAU,EAAE;YAC5C,SAAS,EAAE,IAAI,GAAG,CAAC,gBAAgB,CAAC,yBAAyB,CAAC;SACjE,CAAC,CAAC;QAEH,sCAAsC;QACtC,KAAK,CAAC,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAEtC,qDAAqD;QACrD,QAAQ,CAAC,WAAW,CAChB,IAAI,GAAG,CAAC,eAAe,CAAC;YACpB,OAAO,EAAE;gBACL,iBAAiB;gBACjB,iBAAiB;gBACjB,wBAAwB;aAC3B;YACD,SAAS,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC;SAC9B,CAAC,CACL,CAAC;QAEF,wDAAwD;QACxD,QAAQ,CAAC,WAAW,CAChB,IAAI,GAAG,CAAC,eAAe,CAAC;YACpB,OAAO,EAAE;gBACL,4BAA4B;gBAC5B,0BAA0B;gBAC1B,wBAAwB;gBACxB,2BAA2B;gBAC3B,qBAAqB;aACxB;YACD,SAAS,EAAE;gBACP,kBAAkB,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,OAAO,oBAAoB;aACtE;SACJ,CAAC,CACL,CAAC;QAEF,+DAA+D;QAC/D,QAAQ,CAAC,WAAW,CAChB,IAAI,GAAG,CAAC,eAAe,CAAC;YACpB,OAAO,EAAE;gBACL,kBAAkB;gBAClB,eAAe;gBACf,oBAAoB;aACvB;YACD,SAAS,EAAE;gBACP,gBAAgB,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,OAAO,UAAU;gBACvD,gBAAgB,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,OAAO,aAAa,KAAK,CAAC,aAAa,EAAE;gBAC/E,gBAAgB,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,OAAO,UAAU,KAAK,CAAC,aAAa,IAAI;aACjF;SACJ,CAAC,CACL,CAAC;QAEF,2CAA2C;QAC3C,sDAAsD;QACtD,MAAM,sBAAsB,GAAG,yCAAyC,KAAK,CAAC,OAAO,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;QACxG,QAAQ,CAAC,WAAW,CAChB,IAAI,GAAG,CAAC,eAAe,CAAC;YACpB,OAAO,EAAE;gBACL,sBAAsB;gBACtB,cAAc;gBACd,eAAe;gBACf,cAAc;aACjB;YACD,SAAS,EAAE;gBACP,sBAAsB;gBACtB,GAAG,sBAAsB,IAAI;aAChC;SACJ,CAAC,CACL,CAAC;QAEF,wCAAwC;QACxC,+DAA+D;QAC/D,MAAM,WAAW,GAAG,KAAK,CAAC,gBAAgB,KAAK,SAAS;YACrC,KAAK,CAAC,gBAAgB,KAAK,IAAI;YAC/B,KAAK,CAAC,gBAAgB,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC;QAExD,+DAA+D;QAC/D,IAAI,WAAmB,CAAC;QAExB,IAAI,WAAW,EAAE,CAAC;YACd,8CAA8C;YAC9C,WAAW,GAAG,KAAK,CAAC,gBAAiB,CAAC;QAC1C,CAAC;aAAM,CAAC;YACJ,sDAAsD;YACtD,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC;gBACzB,SAAS,EAAE,KAAK,CAAC,iBAAiB;gBAClC,aAAa,EAAE,KAAK,CAAC,qBAAqB;gBAC1C,MAAM,EAAE,KAAK,CAAC,eAAe;aAChC,CAAC,CAAC;QACP,CAAC;QAED,uEAAuE;QACvE,sFAAsF;QACtF,sEAAsE;QACtE,MAAM,eAAe,GAAG,IAAI,cAAc,CAAC,MAAM,CAAC,IAAI,EAAE,sBAAsB,EAAE;YAC5E,UAAU,EAAE,+BAA+B;YAC3C,WAAW,EAAE,iDAAiD;YAC9D,iBAAiB,EAAE,GAAG,CAAC,WAAW,CAAC,eAAe,CAAC,WAAW,CAAC;SAClE,CAAC,CAAC;QAEH,+BAA+B;QAC/B,eAAe,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAEpC,iCAAiC;QACjC,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,qBAAqB,CAAC,IAAI,EAAE,gBAAgB,EAAE;YACzE,cAAc,EAAE,IAAI;YACpB,GAAG,EAAE,IAAI;YACT,aAAa,EAAE,iBAAiB;YAChC,QAAQ,EAAE,QAAQ;YAClB,MAAM,EAAE,wBAAwB;SACnC,CAAC,CAAC;QAEH,sDAAsD;QACtD,4EAA4E;QAC5E,MAAM,eAAe,GAA8B;YAC/C,iBAAiB,EAAE,KAAK,CAAC,MAAM,CAAC,UAAU;YAC1C,SAAS,EAAE,KAAK,CAAC,QAAQ;YACzB,UAAU,EAAE,KAAK,CAAC,MAAM;YACxB,OAAO,EAAE,KAAK,CAAC,MAAM;YACrB,aAAa,EAAE,KAAK,CAAC,YAAY;YACjC,cAAc,EAAE,KAAK,CAAC,aAAa;YACnC,kBAAkB,EAAE,KAAK,CAAC,gBAAgB;YAC1C,UAAU,EAAE,KAAK,CAAC,MAAM;YACxB,kBAAkB,EAAE,KAAK,CAAC,MAAM;YAChC,SAAS,EAAE,YAAY;YACvB,SAAS,EAAE,KAAK,CAAC,QAAQ,IAAI,MAAM;YACnC,2BAA2B,EAAE,KAAK,CAAC,yBAAyB,IAAI,MAAM;YACtE,yBAAyB,EAAE,KAAK,CAAC,YAAY,IAAI,KAAK,CAAC,QAAQ,IAAI,QAAQ;SAC9E,CAAC;QAEF,sDAAsD;QACtD,IAAI,WAAW,EAAE,CAAC;YACd,kDAAkD;YAClD,kDAAkD;YAClD,eAAe,CAAC,iBAAiB,GAAG,KAAK,CAAC,gBAAiB,CAAC;QAChE,CAAC;aAAM,CAAC;YACJ,wCAAwC;YACxC,gDAAgD;YAChD,eAAe,CAAC,gBAAgB,GAAG,KAAK,CAAC,eAAe,CAAC;QAC7D,CAAC;QAED,kDAAkD;QAClD,IAAI,aAAa,GAA8C,SAAS,CAAC;QAEzE,IAAI,CAAC,WAAW,EAAE,CAAC;YACf,oDAAoD;YACpD,aAAa,GAAG;gBACZ,mBAAmB,EAAE,GAAG,CAAC,MAAM,CAAC,kBAAkB,CAC9C,eAAe,EACf,WAAW,CACd;gBACD,uBAAuB,EAAE,GAAG,CAAC,MAAM,CAAC,kBAAkB,CAClD,eAAe,EACf,eAAe,CAClB;gBACD,2BAA2B,EAAE,GAAG,CAAC,MAAM,CAAC,kBAAkB,CACtD,eAAe,EACf,mBAAmB,CACtB;aACJ,CAAC;QACN,CAAC;QAED,4CAA4C;QAC5C,MAAM,SAAS,GAAG,cAAc,CAAC,YAAY,CAAC,2BAA2B,EAAE;YACvE,KAAK,EAAE,GAAG,CAAC,cAAc,CAAC,iBAAiB,CACvC,KAAK,CAAC,aAAa,EACnB,KAAK,CAAC,QAAQ,IAAI,QAAQ,CAC7B;YACD,OAAO,EAAE,GAAG,CAAC,SAAS,CAAC,OAAO,CAAC;gBAC3B,YAAY,EAAE,mBAAmB;gBACjC,QAAQ,EAAE,IAAI,CAAC,QAAQ;aAC1B,CAAC;YACF,WAAW,EAAE,eAAe;YAC5B,OAAO,EAAE,aAAa;YACtB,WAAW,EAAE;gBACT,OAAO,EAAE,CAAC,WAAW,EAAE,gDAAgD,CAAC;gBACxE,QAAQ,EAAE,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAClC,OAAO,EAAE,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBACjC,OAAO,EAAE,CAAC;gBACV,WAAW,EAAE,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;aACxC;SACJ,CAAC,CAAC;QAEH,qBAAqB;QACrB,SAAS,CAAC,eAAe,CAAC;YACtB,aAAa,EAAE,IAAI;YACnB,QAAQ,EAAE,GAAG,CAAC,QAAQ,CAAC,GAAG;SAC7B,CAAC,CAAC;QAEH,uCAAuC;QACvC,MAAM,aAAa,GAAG,IAAI,EAAE,CAAC,MAAM,CAAC,IAAI,EAAE,eAAe,EAAE;YACvD,UAAU,EAAE,8BAA8B,KAAK,CAAC,OAAO,EAAE;YACzD,aAAa,EAAE,GAAG,CAAC,aAAa,CAAC,OAAO;YACxC,iBAAiB,EAAE,IAAI;YACvB,cAAc,EAAE;gBACZ;oBACI,UAAU,EAAE,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;iBACnC;aACJ;SACJ,CAAC,CAAC;QAEH,mCAAmC;QACnC,IAAI,CAAC,YAAY,GAAG,IAAI,KAAK,CAAC,uBAAuB,CAAC,IAAI,EAAE,KAAK,EAAE;YAC/D,GAAG,EAAE,KAAK,CAAC,GAAG;YACd,cAAc,EAAE,IAAI;YACpB,gBAAgB,EAAE,uBAAuB;SAC5C,CAAC,CAAC;QAEH,yBAAyB;QACzB,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC,aAAa,EAAE,iBAAiB,CAAC,CAAC;QAElE,0BAA0B;QAC1B,MAAM,WAAW,GAAG,IAAI,KAAK,CAAC,sBAAsB,CAAC,IAAI,EAAE,aAAa,EAAE;YACtE,GAAG,EAAE,KAAK,CAAC,GAAG;YACd,IAAI,EAAE,IAAI;YACV,QAAQ,EAAE,KAAK,CAAC,mBAAmB,CAAC,IAAI;YACxC,UAAU,EAAE,KAAK,CAAC,UAAU,CAAC,EAAE;YAC/B,WAAW,EAAE;gBACT,IAAI,EAAE,eAAe;gBACrB,QAAQ,EAAE,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAClC,OAAO,EAAE,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBACjC,qBAAqB,EAAE,CAAC;gBACxB,uBAAuB,EAAE,CAAC;gBAC1B,gBAAgB,EAAE,KAAK;aAC1B;YACD,mBAAmB,EAAE,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;SAChD,CAAC,CAAC;QAEH,oBAAoB;QACpB,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,cAAc,EAAE;YAC1C,IAAI,EAAE,EAAE;YACR,QAAQ,EAAE,KAAK,CAAC,mBAAmB,CAAC,IAAI;YACxC,aAAa,EAAE,KAAK,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,WAAW,CAAC,CAAC;SAC7D,CAAC,CAAC;QAEH,0CAA0C;QAC1C,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,IAAI,EAAE,sBAAsB,EAAE;YAC7E,GAAG,EAAE,KAAK,CAAC,GAAG;YACd,WAAW,EAAE,oDAAoD;YACjE,gBAAgB,EAAE,IAAI;SACzB,CAAC,CAAC;QAEH,8CAA8C;QAC9C,oBAAoB,CAAC,cAAc,CAC/B,GAAG,CAAC,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,EACzF,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAClB,wBAAwB,CAC3B,CAAC;QAEF,yBAAyB;QACzB,IAAI,CAAC,OAAO,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,SAAS,EAAE;YACnD,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,cAAc,EAAE,cAAc;YAC9B,YAAY,EAAE,CAAC;YACf,WAAW,EAAE,2BAA2B;YACxC,cAAc,EAAE,IAAI;YACpB,cAAc,EAAE,CAAC,oBAAoB,CAAC;YACtC,sBAAsB,EAAE,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAChD,iBAAiB,EAAE,EAAE;YACrB,iBAAiB,EAAE,GAAG;YACtB,cAAc,EAAE;gBACZ,QAAQ,EAAE,IAAI;aACjB;SACJ,CAAC,CAAC;QAEH,yCAAyC;QACzC,IAAI,CAAC,OAAO,CAAC,8BAA8B,CAAC,WAAW,CAAC,CAAC;QAEzD,yBAAyB;QACzB,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC;YAC5C,WAAW,EAAE,CAAC;YACd,WAAW,EAAE,EAAE;SAClB,CAAC,CAAC;QAEH,iCAAiC;QACjC,OAAO,CAAC,qBAAqB,CAAC,YAAY,EAAE;YACxC,wBAAwB,EAAE,EAAE;YAC5B,eAAe,EAAE,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC;YAC1C,gBAAgB,EAAE,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;SAC7C,CAAC,CAAC;QAEH,oCAAoC;QACpC,OAAO,CAAC,wBAAwB,CAAC,eAAe,EAAE;YAC9C,wBAAwB,EAAE,EAAE;YAC5B,eAAe,EAAE,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC;YAC1C,gBAAgB,EAAE,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;SAC7C,CAAC,CAAC;QAEH,UAAU;QACV,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,iBAAiB,EAAE;YACvC,KAAK,EAAE,IAAI,CAAC,YAAY,CAAC,mBAAmB;YAC5C,WAAW,EAAE,wBAAwB;YACrC,UAAU,EAAE,wBAAwB;SACvC,CAAC,CAAC;QAEH,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,aAAa,EAAE;YACnC,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,WAAW;YAC/B,WAAW,EAAE,kBAAkB;YAC/B,UAAU,EAAE,6BAA6B;SAC5C,CAAC,CAAC;QAEH,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,aAAa,EAAE;YACnC,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,WAAW;YAC/B,WAAW,EAAE,kBAAkB;YAC/B,UAAU,EAAE,6BAA6B;SAC5C,CAAC,CAAC;IACP,CAAC;CACJ;AA/VD,wCA+VC"}
|
|
@@ -5,12 +5,12 @@ export interface Config {
|
|
|
5
5
|
benchlingTenant: string;
|
|
6
6
|
benchlingClientId: string;
|
|
7
7
|
benchlingClientSecret: string;
|
|
8
|
-
benchlingAppDefinitionId
|
|
8
|
+
benchlingAppDefinitionId: string;
|
|
9
|
+
benchlingSecrets?: string;
|
|
9
10
|
cdkAccount: string;
|
|
10
11
|
cdkRegion: string;
|
|
11
12
|
awsProfile?: string;
|
|
12
|
-
|
|
13
|
-
sqsQueueUrl: string;
|
|
13
|
+
queueArn: string;
|
|
14
14
|
pkgPrefix?: string;
|
|
15
15
|
pkgKey?: string;
|
|
16
16
|
logLevel?: string;
|
|
@@ -18,6 +18,7 @@ export interface Config {
|
|
|
18
18
|
enableWebhookVerification?: string;
|
|
19
19
|
createEcrRepository?: string;
|
|
20
20
|
ecrRepositoryName?: string;
|
|
21
|
+
imageTag?: string;
|
|
21
22
|
}
|
|
22
23
|
export interface ConfigOptions {
|
|
23
24
|
envFile?: string;
|
|
@@ -29,6 +30,8 @@ export interface ConfigOptions {
|
|
|
29
30
|
appId?: string;
|
|
30
31
|
profile?: string;
|
|
31
32
|
region?: string;
|
|
33
|
+
imageTag?: string;
|
|
34
|
+
benchlingSecrets?: string;
|
|
32
35
|
}
|
|
33
36
|
export interface ValidationResult {
|
|
34
37
|
valid: boolean;
|
|
@@ -49,6 +52,52 @@ export declare function getQuilt3Catalog(): string | undefined;
|
|
|
49
52
|
* Load .env file and expand variables
|
|
50
53
|
*/
|
|
51
54
|
export declare function loadDotenv(filePath: string): Record<string, string>;
|
|
55
|
+
/**
|
|
56
|
+
* Process benchling-secrets parameter, handling @file.json syntax
|
|
57
|
+
*
|
|
58
|
+
* Supports three input formats:
|
|
59
|
+
* - ARN: `arn:aws:secretsmanager:...` - passed through unchanged
|
|
60
|
+
* - JSON: `{"client_id":"...","client_secret":"...","tenant":"..."}` - passed through unchanged
|
|
61
|
+
* - File: `@secrets.json` - reads file content from path after @ symbol
|
|
62
|
+
*
|
|
63
|
+
* @param input - The benchling-secrets value (ARN, JSON, or @filepath)
|
|
64
|
+
* @returns Processed secret string (trimmed)
|
|
65
|
+
* @throws Error if file not found or not readable
|
|
66
|
+
*
|
|
67
|
+
* @example
|
|
68
|
+
* // Pass through ARN
|
|
69
|
+
* processBenchlingSecretsInput("arn:aws:secretsmanager:...")
|
|
70
|
+
* // Returns: "arn:aws:secretsmanager:..."
|
|
71
|
+
*
|
|
72
|
+
* @example
|
|
73
|
+
* // Pass through JSON
|
|
74
|
+
* processBenchlingSecretsInput('{"client_id":"...","client_secret":"...","tenant":"..."}')
|
|
75
|
+
* // Returns: '{"client_id":"...","client_secret":"...","tenant":"..."}'
|
|
76
|
+
*
|
|
77
|
+
* @example
|
|
78
|
+
* // Read from file
|
|
79
|
+
* processBenchlingSecretsInput("@secrets.json")
|
|
80
|
+
* // Returns: contents of secrets.json (trimmed)
|
|
81
|
+
*/
|
|
82
|
+
export declare function processBenchlingSecretsInput(input: string): string;
|
|
83
|
+
/**
|
|
84
|
+
* Mask sensitive parts of ARN for display
|
|
85
|
+
*
|
|
86
|
+
* Shows region and partial secret name, masks account ID for security.
|
|
87
|
+
* Account ID is masked as ****XXXX where XXXX are the last 4 digits.
|
|
88
|
+
*
|
|
89
|
+
* @param arn - AWS Secrets Manager ARN to mask
|
|
90
|
+
* @returns Masked ARN string or original input if not valid ARN format
|
|
91
|
+
*
|
|
92
|
+
* @example
|
|
93
|
+
* maskArn("arn:aws:secretsmanager:us-east-1:123456789012:secret:name")
|
|
94
|
+
* // Returns: "arn:aws:secretsmanager:us-east-1:****9012:secret:name"
|
|
95
|
+
*
|
|
96
|
+
* @example
|
|
97
|
+
* maskArn("not-an-arn")
|
|
98
|
+
* // Returns: "not-an-arn"
|
|
99
|
+
*/
|
|
100
|
+
export declare function maskArn(arn: string): string;
|
|
52
101
|
/**
|
|
53
102
|
* Load configuration from multiple sources with priority:
|
|
54
103
|
* 1. CLI options (highest)
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../lib/utils/config.ts"],"names":[],"mappings":"AAMA,MAAM,WAAW,MAAM;IAErB,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;IAGtB,eAAe,EAAE,MAAM,CAAC;IACxB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,wBAAwB,CAAC,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../lib/utils/config.ts"],"names":[],"mappings":"AAMA,MAAM,WAAW,MAAM;IAErB,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;IAGtB,eAAe,EAAE,MAAM,CAAC;IACxB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,wBAAwB,EAAE,MAAM,CAAC;IAGjC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAG1B,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IAGpB,QAAQ,EAAE,MAAM,CAAC;IAGjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,yBAAyB,CAAC,EAAE,MAAM,CAAC;IACnC,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,eAAe,EAAE,CAAC;IAC1B,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,OAAO,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,wBAAgB,gBAAgB,IAAI,MAAM,GAAG,SAAS,CAerD;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAmBnE;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,wBAAgB,4BAA4B,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CA6BlE;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAY3C;AAED;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAAC,OAAO,GAAE,aAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,CAsD3E;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAC/B,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,EACvB,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GACrC,OAAO,CAAC,MAAM,CAAC,CASjB;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,GAAG,gBAAgB,CAkExE;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,gBAAgB,GAAG,MAAM,CA0CvE"}
|
package/dist/lib/utils/config.js
CHANGED
|
@@ -2,6 +2,8 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.getQuilt3Catalog = getQuilt3Catalog;
|
|
4
4
|
exports.loadDotenv = loadDotenv;
|
|
5
|
+
exports.processBenchlingSecretsInput = processBenchlingSecretsInput;
|
|
6
|
+
exports.maskArn = maskArn;
|
|
5
7
|
exports.loadConfigSync = loadConfigSync;
|
|
6
8
|
exports.mergeInferredConfig = mergeInferredConfig;
|
|
7
9
|
exports.validateConfig = validateConfig;
|
|
@@ -49,6 +51,84 @@ function loadDotenv(filePath) {
|
|
|
49
51
|
}
|
|
50
52
|
return result.parsed || {};
|
|
51
53
|
}
|
|
54
|
+
/**
|
|
55
|
+
* Process benchling-secrets parameter, handling @file.json syntax
|
|
56
|
+
*
|
|
57
|
+
* Supports three input formats:
|
|
58
|
+
* - ARN: `arn:aws:secretsmanager:...` - passed through unchanged
|
|
59
|
+
* - JSON: `{"client_id":"...","client_secret":"...","tenant":"..."}` - passed through unchanged
|
|
60
|
+
* - File: `@secrets.json` - reads file content from path after @ symbol
|
|
61
|
+
*
|
|
62
|
+
* @param input - The benchling-secrets value (ARN, JSON, or @filepath)
|
|
63
|
+
* @returns Processed secret string (trimmed)
|
|
64
|
+
* @throws Error if file not found or not readable
|
|
65
|
+
*
|
|
66
|
+
* @example
|
|
67
|
+
* // Pass through ARN
|
|
68
|
+
* processBenchlingSecretsInput("arn:aws:secretsmanager:...")
|
|
69
|
+
* // Returns: "arn:aws:secretsmanager:..."
|
|
70
|
+
*
|
|
71
|
+
* @example
|
|
72
|
+
* // Pass through JSON
|
|
73
|
+
* processBenchlingSecretsInput('{"client_id":"...","client_secret":"...","tenant":"..."}')
|
|
74
|
+
* // Returns: '{"client_id":"...","client_secret":"...","tenant":"..."}'
|
|
75
|
+
*
|
|
76
|
+
* @example
|
|
77
|
+
* // Read from file
|
|
78
|
+
* processBenchlingSecretsInput("@secrets.json")
|
|
79
|
+
* // Returns: contents of secrets.json (trimmed)
|
|
80
|
+
*/
|
|
81
|
+
function processBenchlingSecretsInput(input) {
|
|
82
|
+
const trimmed = input.trim();
|
|
83
|
+
// Check for @file syntax
|
|
84
|
+
if (trimmed.startsWith("@")) {
|
|
85
|
+
const filePath = trimmed.slice(1); // Remove @ prefix
|
|
86
|
+
const resolvedPath = (0, path_1.resolve)(filePath);
|
|
87
|
+
if (!(0, fs_1.existsSync)(resolvedPath)) {
|
|
88
|
+
throw new Error(`Secrets file not found: ${filePath}\n` +
|
|
89
|
+
` Resolved path: ${resolvedPath}\n` +
|
|
90
|
+
" Tip: Use relative or absolute path after @ (e.g., @secrets.json or @/path/to/secrets.json)");
|
|
91
|
+
}
|
|
92
|
+
try {
|
|
93
|
+
const fileContent = (0, fs_1.readFileSync)(resolvedPath, "utf-8");
|
|
94
|
+
return fileContent.trim();
|
|
95
|
+
}
|
|
96
|
+
catch (error) {
|
|
97
|
+
throw new Error(`Failed to read secrets file: ${filePath}\n` +
|
|
98
|
+
` Error: ${error.message}`);
|
|
99
|
+
}
|
|
100
|
+
}
|
|
101
|
+
// Return as-is for ARN or inline JSON
|
|
102
|
+
return trimmed;
|
|
103
|
+
}
|
|
104
|
+
/**
|
|
105
|
+
* Mask sensitive parts of ARN for display
|
|
106
|
+
*
|
|
107
|
+
* Shows region and partial secret name, masks account ID for security.
|
|
108
|
+
* Account ID is masked as ****XXXX where XXXX are the last 4 digits.
|
|
109
|
+
*
|
|
110
|
+
* @param arn - AWS Secrets Manager ARN to mask
|
|
111
|
+
* @returns Masked ARN string or original input if not valid ARN format
|
|
112
|
+
*
|
|
113
|
+
* @example
|
|
114
|
+
* maskArn("arn:aws:secretsmanager:us-east-1:123456789012:secret:name")
|
|
115
|
+
* // Returns: "arn:aws:secretsmanager:us-east-1:****9012:secret:name"
|
|
116
|
+
*
|
|
117
|
+
* @example
|
|
118
|
+
* maskArn("not-an-arn")
|
|
119
|
+
* // Returns: "not-an-arn"
|
|
120
|
+
*/
|
|
121
|
+
function maskArn(arn) {
|
|
122
|
+
// Pattern: arn:aws:secretsmanager:region:account:secret:name
|
|
123
|
+
const match = arn.match(/^(arn:aws:secretsmanager:[^:]+:)(\d{12})(:.+)$/);
|
|
124
|
+
if (match) {
|
|
125
|
+
const [, prefix, account, suffix] = match;
|
|
126
|
+
const maskedAccount = "****" + account.slice(-4);
|
|
127
|
+
return prefix + maskedAccount + suffix;
|
|
128
|
+
}
|
|
129
|
+
// Return as-is if pattern doesn't match
|
|
130
|
+
return arn;
|
|
131
|
+
}
|
|
52
132
|
/**
|
|
53
133
|
* Load configuration from multiple sources with priority:
|
|
54
134
|
* 1. CLI options (highest)
|
|
@@ -76,13 +156,18 @@ function loadConfigSync(options = {}) {
|
|
|
76
156
|
benchlingClientId: options.clientId || envVars.BENCHLING_CLIENT_ID,
|
|
77
157
|
benchlingClientSecret: options.clientSecret || envVars.BENCHLING_CLIENT_SECRET,
|
|
78
158
|
benchlingAppDefinitionId: options.appId || envVars.BENCHLING_APP_DEFINITION_ID,
|
|
159
|
+
// Unified secrets (priority: CLI > env > .env)
|
|
160
|
+
// Process file input syntax (@file.json) if present
|
|
161
|
+
benchlingSecrets: (() => {
|
|
162
|
+
const rawSecrets = options.benchlingSecrets || envVars.BENCHLING_SECRETS;
|
|
163
|
+
return rawSecrets ? processBenchlingSecretsInput(rawSecrets) : undefined;
|
|
164
|
+
})(),
|
|
79
165
|
// AWS
|
|
80
166
|
cdkAccount: envVars.CDK_DEFAULT_ACCOUNT,
|
|
81
167
|
cdkRegion: options.region || envVars.CDK_DEFAULT_REGION || envVars.AWS_REGION,
|
|
82
168
|
awsProfile: options.profile || envVars.AWS_PROFILE,
|
|
83
169
|
// SQS
|
|
84
|
-
|
|
85
|
-
sqsQueueUrl: envVars.SQS_QUEUE_URL,
|
|
170
|
+
queueArn: envVars.QUEUE_ARN,
|
|
86
171
|
// Optional
|
|
87
172
|
pkgPrefix: envVars.PKG_PREFIX || "benchling",
|
|
88
173
|
pkgKey: envVars.PKG_KEY || "experiment_id",
|
|
@@ -91,6 +176,7 @@ function loadConfigSync(options = {}) {
|
|
|
91
176
|
enableWebhookVerification: envVars.ENABLE_WEBHOOK_VERIFICATION ?? "true",
|
|
92
177
|
createEcrRepository: envVars.CREATE_ECR_REPOSITORY,
|
|
93
178
|
ecrRepositoryName: envVars.ECR_REPOSITORY_NAME || "quiltdata/benchling",
|
|
179
|
+
imageTag: options.imageTag || envVars.IMAGE_TAG || "latest",
|
|
94
180
|
};
|
|
95
181
|
// Remove undefined values
|
|
96
182
|
return Object.fromEntries(Object.entries(config).filter(([, v]) => v !== undefined));
|
|
@@ -103,8 +189,7 @@ function mergeInferredConfig(config, inferredVars) {
|
|
|
103
189
|
return {
|
|
104
190
|
cdkAccount: config.cdkAccount || inferredVars.CDK_DEFAULT_ACCOUNT,
|
|
105
191
|
cdkRegion: config.cdkRegion || inferredVars.CDK_DEFAULT_REGION,
|
|
106
|
-
|
|
107
|
-
sqsQueueUrl: config.sqsQueueUrl || inferredVars.SQS_QUEUE_URL,
|
|
192
|
+
queueArn: config.queueArn || inferredVars.QUEUE_ARN,
|
|
108
193
|
quiltDatabase: config.quiltDatabase || inferredVars.QUILT_DATABASE,
|
|
109
194
|
...config, // User values always take precedence
|
|
110
195
|
};
|
|
@@ -115,13 +200,17 @@ function mergeInferredConfig(config, inferredVars) {
|
|
|
115
200
|
function validateConfig(config) {
|
|
116
201
|
const errors = [];
|
|
117
202
|
const warnings = [];
|
|
118
|
-
// Required user-provided values
|
|
203
|
+
// Required user-provided values (CANNOT be inferred)
|
|
119
204
|
const requiredUserFields = [
|
|
120
205
|
["quiltCatalog", "Quilt catalog URL", "Your Quilt catalog domain (e.g., quilt-catalog.company.com)"],
|
|
121
|
-
["quiltUserBucket", "S3 bucket for data", "The S3 bucket where you want to store Benchling exports"],
|
|
206
|
+
["quiltUserBucket", "S3 bucket for data", "The S3 bucket where you want to store Benchling exports (CANNOT be inferred - must be explicitly provided)"],
|
|
122
207
|
["benchlingTenant", "Benchling tenant", "Your Benchling tenant name (use XXX if you login to XXX.benchling.com)"],
|
|
123
208
|
["benchlingClientId", "Benchling OAuth client ID", "OAuth client ID from your Benchling app"],
|
|
124
209
|
["benchlingClientSecret", "Benchling OAuth client secret", "OAuth client secret from your Benchling app"],
|
|
210
|
+
["benchlingAppDefinitionId", "Benchling app definition ID", "App definition ID is always required. Create a Benchling app:\n" +
|
|
211
|
+
" 1. Run: npx @quiltdata/benchling-webhook manifest\n" +
|
|
212
|
+
" 2. Upload the manifest to Benchling\n" +
|
|
213
|
+
" 3. Copy the App Definition ID from the app overview"],
|
|
125
214
|
];
|
|
126
215
|
for (const [field, message, helpText] of requiredUserFields) {
|
|
127
216
|
if (!config[field]) {
|
|
@@ -133,25 +222,11 @@ function validateConfig(config) {
|
|
|
133
222
|
});
|
|
134
223
|
}
|
|
135
224
|
}
|
|
136
|
-
// Conditional requirement for app definition ID
|
|
137
|
-
if (config.enableWebhookVerification !== "false" && !config.benchlingAppDefinitionId) {
|
|
138
|
-
errors.push({
|
|
139
|
-
field: "benchlingAppDefinitionId",
|
|
140
|
-
message: "Benchling app definition ID",
|
|
141
|
-
canInfer: false,
|
|
142
|
-
helpText: "Create a Benchling app first:\n" +
|
|
143
|
-
" 1. Run: npx @quiltdata/benchling-webhook manifest\n" +
|
|
144
|
-
" 2. Upload the manifest to Benchling\n" +
|
|
145
|
-
" 3. Copy the App Definition ID from the app overview\n" +
|
|
146
|
-
" Or set ENABLE_WEBHOOK_VERIFICATION=false to skip (NOT recommended for production)",
|
|
147
|
-
});
|
|
148
|
-
}
|
|
149
225
|
// Required inferred values
|
|
150
226
|
const requiredInferredFields = [
|
|
151
227
|
["cdkAccount", "AWS account ID"],
|
|
152
228
|
["cdkRegion", "AWS region"],
|
|
153
|
-
["
|
|
154
|
-
["sqsQueueUrl", "SQS queue URL"],
|
|
229
|
+
["queueArn", "SQS queue ARN"],
|
|
155
230
|
["quiltDatabase", "Quilt database name"],
|
|
156
231
|
];
|
|
157
232
|
for (const [field, message] of requiredInferredFields) {
|