@quiltdata/benchling-webhook 0.9.7 → 0.10.0-20251224T233317Z
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +4 -134
- package/dist/bin/benchling-webhook.d.ts +29 -5
- package/dist/bin/benchling-webhook.d.ts.map +1 -1
- package/dist/bin/benchling-webhook.js +28 -132
- package/dist/bin/benchling-webhook.js.map +1 -1
- package/dist/bin/commands/deploy.d.ts +7 -1
- package/dist/bin/commands/deploy.d.ts.map +1 -1
- package/dist/bin/commands/deploy.js +49 -152
- package/dist/bin/commands/deploy.js.map +1 -1
- package/dist/bin/commands/infer-quilt-config.d.ts +0 -2
- package/dist/bin/commands/infer-quilt-config.d.ts.map +1 -1
- package/dist/bin/commands/infer-quilt-config.js +0 -11
- package/dist/bin/commands/infer-quilt-config.js.map +1 -1
- package/dist/bin/commands/setup-wizard.d.ts +0 -1
- package/dist/bin/commands/setup-wizard.d.ts.map +1 -1
- package/dist/bin/commands/setup-wizard.js +0 -1
- package/dist/bin/commands/setup-wizard.js.map +1 -1
- package/dist/bin/commands/status.d.ts.map +1 -1
- package/dist/bin/commands/status.js +0 -4
- package/dist/bin/commands/status.js.map +1 -1
- package/dist/bin/commands/sync-secrets.d.ts.map +1 -1
- package/dist/bin/commands/sync-secrets.js +0 -4
- package/dist/bin/commands/sync-secrets.js.map +1 -1
- package/dist/bin/xdg-launch.d.ts.map +1 -1
- package/dist/bin/xdg-launch.js +0 -2
- package/dist/bin/xdg-launch.js.map +1 -1
- package/dist/lib/benchling-webhook-stack.d.ts +8 -7
- package/dist/lib/benchling-webhook-stack.d.ts.map +1 -1
- package/dist/lib/benchling-webhook-stack.js +7 -32
- package/dist/lib/benchling-webhook-stack.js.map +1 -1
- package/dist/lib/fargate-service.d.ts +4 -6
- package/dist/lib/fargate-service.d.ts.map +1 -1
- package/dist/lib/fargate-service.js +16 -19
- package/dist/lib/fargate-service.js.map +1 -1
- package/dist/lib/rest-api-gateway.d.ts +2 -2
- package/dist/lib/rest-api-gateway.d.ts.map +1 -1
- package/dist/lib/rest-api-gateway.js +6 -43
- package/dist/lib/rest-api-gateway.js.map +1 -1
- package/dist/lib/types/config.d.ts +0 -28
- package/dist/lib/types/config.d.ts.map +1 -1
- package/dist/lib/types/config.js +0 -2
- package/dist/lib/types/config.js.map +1 -1
- package/dist/lib/types/stack-config.d.ts +170 -0
- package/dist/lib/types/stack-config.d.ts.map +1 -0
- package/dist/lib/types/stack-config.js +17 -0
- package/dist/lib/types/stack-config.js.map +1 -0
- package/dist/lib/utils/config-transform.d.ts +92 -0
- package/dist/lib/utils/config-transform.d.ts.map +1 -0
- package/dist/lib/utils/config-transform.js +263 -0
- package/dist/lib/utils/config-transform.js.map +1 -0
- package/dist/lib/utils/service-resolver.d.ts +1 -15
- package/dist/lib/utils/service-resolver.d.ts.map +1 -1
- package/dist/lib/utils/service-resolver.js +2 -11
- package/dist/lib/utils/service-resolver.js.map +1 -1
- package/dist/lib/utils/stack-inference.d.ts +1 -7
- package/dist/lib/utils/stack-inference.d.ts.map +1 -1
- package/dist/lib/utils/stack-inference.js +1 -5
- package/dist/lib/utils/stack-inference.js.map +1 -1
- package/dist/lib/wizard/phase2-stack-query.d.ts.map +1 -1
- package/dist/lib/wizard/phase2-stack-query.js +0 -11
- package/dist/lib/wizard/phase2-stack-query.js.map +1 -1
- package/dist/lib/wizard/phase3-parameter-collection.d.ts.map +1 -1
- package/dist/lib/wizard/phase3-parameter-collection.js +12 -113
- package/dist/lib/wizard/phase3-parameter-collection.js.map +1 -1
- package/dist/lib/wizard/phase6-integrated-mode.d.ts.map +1 -1
- package/dist/lib/wizard/phase6-integrated-mode.js +0 -9
- package/dist/lib/wizard/phase6-integrated-mode.js.map +1 -1
- package/dist/lib/wizard/phase7-standalone-mode.d.ts.map +1 -1
- package/dist/lib/wizard/phase7-standalone-mode.js +0 -9
- package/dist/lib/wizard/phase7-standalone-mode.js.map +1 -1
- package/dist/lib/wizard/types.d.ts +1 -6
- package/dist/lib/wizard/types.d.ts.map +1 -1
- package/dist/package.json +3 -3
- package/package.json +3 -3
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"fargate-service.d.ts","sourceRoot":"","sources":["../../lib/fargate-service.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,GAAG,MAAM,qBAAqB,CAAC;AAC3C,OAAO,KAAK,GAAG,MAAM,qBAAqB,CAAC;AAC3C,OAAO,KAAK,GAAG,MAAM,qBAAqB,CAAC;AAC3C,OAAO,KAAK,KAAK,MAAM,wCAAwC,CAAC;AAEhE,OAAO,KAAK,IAAI,MAAM,sBAAsB,CAAC;AAC7C,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACvC,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"fargate-service.d.ts","sourceRoot":"","sources":["../../lib/fargate-service.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,GAAG,MAAM,qBAAqB,CAAC;AAC3C,OAAO,KAAK,GAAG,MAAM,qBAAqB,CAAC;AAC3C,OAAO,KAAK,GAAG,MAAM,qBAAqB,CAAC;AAC3C,OAAO,KAAK,KAAK,MAAM,wCAAwC,CAAC;AAEhE,OAAO,KAAK,IAAI,MAAM,sBAAsB,CAAC;AAC7C,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACvC,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAEnD;;;;;;;;;GASG;AACH,MAAM,WAAW,mBAAmB;IAChC,QAAQ,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC;IACvB,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAC;IAC7B,QAAQ,CAAC,aAAa,EAAE,GAAG,CAAC,WAAW,CAAC;IACxC,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC,mBAAmB,CAAC;IAChD,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAI/B,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC;IACpC,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAG9B,QAAQ,CAAC,mBAAmB,CAAC,EAAE,MAAM,CAAC;IACtC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAGtC,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAG/B,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED,qBAAa,cAAe,SAAQ,SAAS;IACzC,SAAgB,OAAO,EAAE,GAAG,CAAC,cAAc,CAAC;IAC5C,SAAgB,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC;IACrC,SAAgB,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC;IACzC,SAAgB,aAAa,EAAE,GAAG,CAAC,cAAc,CAAC;IAElD;;;;;;;;;OASG;IACH,OAAO,CAAC,iBAAiB;gBAoBb,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,mBAAmB;CAyUvE"}
|
|
@@ -161,11 +161,10 @@ class FargateService extends constructs_1.Construct {
|
|
|
161
161
|
"sqs:GetQueueAttributes",
|
|
162
162
|
],
|
|
163
163
|
resources: [
|
|
164
|
-
`arn:aws:sqs:${config.deployment.region}
|
|
164
|
+
`arn:aws:sqs:${config.deployment.region}:*:*`,
|
|
165
165
|
],
|
|
166
166
|
}));
|
|
167
167
|
// Grant Glue access for the specific Quilt database
|
|
168
|
-
const account = config.deployment.account || cdk.Aws.ACCOUNT_ID;
|
|
169
168
|
const region = config.deployment.region;
|
|
170
169
|
taskRole.addToPolicy(new iam.PolicyStatement({
|
|
171
170
|
actions: [
|
|
@@ -174,9 +173,9 @@ class FargateService extends constructs_1.Construct {
|
|
|
174
173
|
"glue:GetPartitions",
|
|
175
174
|
],
|
|
176
175
|
resources: [
|
|
177
|
-
`arn:aws:glue:${region}
|
|
178
|
-
`arn:aws:glue:${region}
|
|
179
|
-
`arn:aws:glue:${region}
|
|
176
|
+
`arn:aws:glue:${region}:*:catalog`,
|
|
177
|
+
`arn:aws:glue:${region}:*:database/${props.quiltDatabase}`,
|
|
178
|
+
`arn:aws:glue:${region}:*:table/${props.quiltDatabase}/*`,
|
|
180
179
|
],
|
|
181
180
|
}));
|
|
182
181
|
// Grant Athena access to task role for package querying
|
|
@@ -184,13 +183,13 @@ class FargateService extends constructs_1.Construct {
|
|
|
184
183
|
const athenaWorkgroups = props.athenaUserWorkgroup
|
|
185
184
|
? [
|
|
186
185
|
// Discovered workgroup from Quilt stack
|
|
187
|
-
`arn:aws:athena:${config.deployment.region}
|
|
186
|
+
`arn:aws:athena:${config.deployment.region}:*:workgroup/${props.athenaUserWorkgroup}`,
|
|
188
187
|
// Fallback to primary workgroup
|
|
189
|
-
`arn:aws:athena:${config.deployment.region}
|
|
188
|
+
`arn:aws:athena:${config.deployment.region}:*:workgroup/primary`,
|
|
190
189
|
]
|
|
191
190
|
: [
|
|
192
191
|
// Only primary workgroup if no discovered workgroup
|
|
193
|
-
`arn:aws:athena:${config.deployment.region}
|
|
192
|
+
`arn:aws:athena:${config.deployment.region}:*:workgroup/primary`,
|
|
194
193
|
];
|
|
195
194
|
taskRole.addToPolicy(new iam.PolicyStatement({
|
|
196
195
|
actions: [
|
|
@@ -209,14 +208,14 @@ class FargateService extends constructs_1.Construct {
|
|
|
209
208
|
// Discovered results bucket from Quilt stack
|
|
210
209
|
`arn:aws:s3:::${props.athenaResultsBucket}`,
|
|
211
210
|
`arn:aws:s3:::${props.athenaResultsBucket}/*`,
|
|
212
|
-
// Fallback to default bucket
|
|
213
|
-
`arn:aws:s3:::aws-athena-query-results
|
|
214
|
-
`arn:aws:s3:::aws-athena-query-results
|
|
211
|
+
// Fallback to default bucket (use wildcard since we don't have account ID)
|
|
212
|
+
`arn:aws:s3:::aws-athena-query-results-*-${region}`,
|
|
213
|
+
`arn:aws:s3:::aws-athena-query-results-*-${region}/*`,
|
|
215
214
|
]
|
|
216
215
|
: [
|
|
217
|
-
// Only default bucket if no discovered bucket
|
|
218
|
-
`arn:aws:s3:::aws-athena-query-results
|
|
219
|
-
`arn:aws:s3:::aws-athena-query-results
|
|
216
|
+
// Only default bucket if no discovered bucket (use wildcard since we don't have account ID)
|
|
217
|
+
`arn:aws:s3:::aws-athena-query-results-*-${region}`,
|
|
218
|
+
`arn:aws:s3:::aws-athena-query-results-*-${region}/*`,
|
|
220
219
|
];
|
|
221
220
|
taskRole.addToPolicy(new iam.PolicyStatement({
|
|
222
221
|
actions: [
|
|
@@ -253,18 +252,16 @@ class FargateService extends constructs_1.Construct {
|
|
|
253
252
|
ATHENA_USER_WORKGROUP: props.athenaUserWorkgroup || "primary",
|
|
254
253
|
// Only set optional variables if they have values (don't pass empty strings)
|
|
255
254
|
...(props.athenaResultsBucket ? { ATHENA_RESULTS_BUCKET: props.athenaResultsBucket } : {}),
|
|
256
|
-
...(props.icebergDatabase ? { ICEBERG_DATABASE: props.icebergDatabase } : {}),
|
|
257
|
-
...(props.icebergWorkgroup ? { ICEBERG_WORKGROUP: props.icebergWorkgroup } : {}),
|
|
258
255
|
PACKAGER_SQS_URL: props.packagerQueueUrl,
|
|
259
256
|
// IAM Role ARN for cross-account S3 access (optional)
|
|
260
257
|
...(props.writeRoleArn ? { QUILT_WRITE_ROLE_ARN: props.writeRoleArn } : {}),
|
|
261
258
|
// Benchling Configuration (credentials from Secrets Manager, NOT environment)
|
|
262
259
|
BenchlingSecret: this.extractSecretName(props.benchlingSecret),
|
|
263
|
-
// Security Configuration (verification
|
|
264
|
-
ENABLE_WEBHOOK_VERIFICATION:
|
|
260
|
+
// Security Configuration (verification enabled by default)
|
|
261
|
+
ENABLE_WEBHOOK_VERIFICATION: "true", // StackConfig doesn't include security settings - default to enabled
|
|
265
262
|
// Application Configuration
|
|
266
263
|
APP_ENV: "production",
|
|
267
|
-
LOG_LEVEL: props.logLevel ||
|
|
264
|
+
LOG_LEVEL: props.logLevel || "INFO", // StackConfig doesn't include logging level - use parameter default
|
|
268
265
|
};
|
|
269
266
|
// Add container with configured environment
|
|
270
267
|
const container = taskDefinition.addContainer("BenchlingWebhookContainer", {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"fargate-service.js","sourceRoot":"","sources":["../../lib/fargate-service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAmC;AACnC,yDAA2C;AAE3C,yDAA2C;AAE3C,yDAA2C;AAC3C,2DAA6C;AAC7C,2CAAuC;
|
|
1
|
+
{"version":3,"file":"fargate-service.js","sourceRoot":"","sources":["../../lib/fargate-service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAmC;AACnC,yDAA2C;AAE3C,yDAA2C;AAE3C,yDAA2C;AAC3C,2DAA6C;AAC7C,2CAAuC;AAyCvC,MAAa,cAAe,SAAQ,sBAAS;IAMzC;;;;;;;;;OASG;IACK,iBAAiB,CAAC,GAAW;QACjC,IAAI,CAAC,GAAG,EAAE,CAAC;YACP,OAAO,EAAE,CAAC;QACd,CAAC;QACD,uEAAuE;QACvE,2DAA2D;QAC3D,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAC1C,IAAI,CAAC,KAAK,EAAE,CAAC;YACT,OAAO,GAAG,CAAC;QACf,CAAC;QAED,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAE1B,gEAAgE;QAChE,sEAAsE;QACtE,MAAM,aAAa,GAAG,QAAQ,CAAC,OAAO,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAC;QAE/D,OAAO,aAAa,CAAC;IACzB,CAAC;IAED,YAAY,KAAgB,EAAE,EAAU,EAAE,KAA0B;QAChE,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAEjB,MAAM,EAAE,MAAM,EAAE,GAAG,KAAK,CAAC;QAEzB,qBAAqB;QACrB,iEAAiE;QACjE,IAAI,CAAC,OAAO,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,yBAAyB,EAAE;YAC5D,GAAG,EAAE,KAAK,CAAC,GAAG;YACd,8BAA8B,EAAE,IAAI;SACvC,CAAC,CAAC;QAEH,2CAA2C;QAC3C,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,YAA8B,CAAC;QACpE,UAAU,CAAC,eAAe,GAAG;YACzB;gBACI,IAAI,EAAE,mBAAmB;gBACzB,KAAK,EAAE,SAAS;aACnB;SACJ,CAAC;QAEF,iDAAiD;QACjD,yEAAyE;QACzE,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC;QAC/C,IAAI,CAAC,QAAQ,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,mBAAmB,EAAE;YACzD,YAAY,EAAE,SAAS;YACvB,SAAS,EAAE,IAAI,CAAC,aAAa,CAAC,QAAQ;YACtC,aAAa,EAAE,GAAG,CAAC,aAAa,CAAC,OAAO;SAC3C,CAAC,CAAC;QAEH,yEAAyE;QACzE,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,mBAAmB,EAAE;YAC9D,SAAS,EAAE,IAAI,GAAG,CAAC,gBAAgB,CAAC,yBAAyB,CAAC;YAC9D,eAAe,EAAE;gBACb,GAAG,CAAC,aAAa,CAAC,wBAAwB,CACtC,+CAA+C,CAClD;aACJ;SACJ,CAAC,CAAC;QAEH,kEAAkE;QAClE,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,UAAU,EAAE;YAC5C,SAAS,EAAE,IAAI,GAAG,CAAC,gBAAgB,CAAC,yBAAyB,CAAC;SACjE,CAAC,CAAC;QAEH,qEAAqE;QACrE,4DAA4D;QAC5D,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC,SAAS,IAAI,KAAK,CAAC,eAAe,CAAC;QACtE,QAAQ,CAAC,WAAW,CAChB,IAAI,GAAG,CAAC,eAAe,CAAC;YACpB,OAAO,EAAE;gBACL,+BAA+B;gBAC/B,+BAA+B;aAClC;YACD,SAAS,EAAE;gBACP,SAAS;gBACT,GAAG,SAAS,GAAG,EAAE,2BAA2B;aAC/C;SACJ,CAAC,CACL,CAAC;QAEF,kDAAkD;QAClD,2DAA2D;QAC3D,MAAM,gBAAgB,GAAG,gBAAgB,KAAK,CAAC,aAAa,EAAE,CAAC;QAC/D,QAAQ,CAAC,WAAW,CAChB,IAAI,GAAG,CAAC,eAAe,CAAC;YACpB,OAAO,EAAE;gBACL,cAAc;gBACd,wBAAwB;gBACxB,qBAAqB;gBACrB,qBAAqB;gBACrB,+BAA+B;gBAC/B,4BAA4B;gBAC5B,eAAe;gBACf,uBAAuB;gBACvB,iBAAiB;gBACjB,wBAAwB;gBACxB,cAAc;gBACd,qBAAqB;gBACrB,0BAA0B;gBAC1B,0BAA0B;aAC7B;YACD,SAAS,EAAE;gBACP,gBAAgB;gBAChB,GAAG,gBAAgB,IAAI;aAC1B;SACJ,CAAC,CACL,CAAC;QAEF,8EAA8E;QAC9E,sEAAsE;QACtE,IAAI,KAAK,CAAC,YAAY,EAAE,CAAC;YACrB,QAAQ,CAAC,WAAW,CAChB,IAAI,GAAG,CAAC,eAAe,CAAC;gBACpB,OAAO,EAAE,CAAC,gBAAgB,CAAC;gBAC3B,SAAS,EAAE;oBACP,uDAAuD;oBACvD,oEAAoE;oBACpE,2CAA2C;iBAC9C;aACJ,CAAC,CACL,CAAC;QACN,CAAC;QAED,oEAAoE;QACpE,QAAQ,CAAC,WAAW,CAChB,IAAI,GAAG,CAAC,eAAe,CAAC;YACpB,OAAO,EAAE;gBACL,iBAAiB;gBACjB,iBAAiB;gBACjB,wBAAwB;aAC3B;YACD,SAAS,EAAE;gBACP,eAAe,MAAM,CAAC,UAAU,CAAC,MAAM,MAAM;aAChD;SACJ,CAAC,CACL,CAAC;QAEF,oDAAoD;QACpD,MAAM,MAAM,GAAG,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC;QACxC,QAAQ,CAAC,WAAW,CAChB,IAAI,GAAG,CAAC,eAAe,CAAC;YACpB,OAAO,EAAE;gBACL,kBAAkB;gBAClB,eAAe;gBACf,oBAAoB;aACvB;YACD,SAAS,EAAE;gBACP,gBAAgB,MAAM,YAAY;gBAClC,gBAAgB,MAAM,eAAe,KAAK,CAAC,aAAa,EAAE;gBAC1D,gBAAgB,MAAM,YAAY,KAAK,CAAC,aAAa,IAAI;aAC5D;SACJ,CAAC,CACL,CAAC;QAEF,wDAAwD;QACxD,+EAA+E;QAC/E,MAAM,gBAAgB,GAAG,KAAK,CAAC,mBAAmB;YAC9C,CAAC,CAAC;gBACE,wCAAwC;gBACxC,kBAAkB,MAAM,CAAC,UAAU,CAAC,MAAM,gBAAgB,KAAK,CAAC,mBAAmB,EAAE;gBACrF,gCAAgC;gBAChC,kBAAkB,MAAM,CAAC,UAAU,CAAC,MAAM,sBAAsB;aACnE;YACD,CAAC,CAAC;gBACE,oDAAoD;gBACpD,kBAAkB,MAAM,CAAC,UAAU,CAAC,MAAM,sBAAsB;aACnE,CAAC;QAEN,QAAQ,CAAC,WAAW,CAChB,IAAI,GAAG,CAAC,eAAe,CAAC;YACpB,OAAO,EAAE;gBACL,4BAA4B;gBAC5B,0BAA0B;gBAC1B,wBAAwB;gBACxB,2BAA2B;gBAC3B,qBAAqB;aACxB;YACD,SAAS,EAAE,gBAAgB;SAC9B,CAAC,CACL,CAAC;QAEF,2CAA2C;QAC3C,oFAAoF;QACpF,MAAM,oBAAoB,GAAG,KAAK,CAAC,mBAAmB;YAClD,CAAC,CAAC;gBACE,6CAA6C;gBAC7C,gBAAgB,KAAK,CAAC,mBAAmB,EAAE;gBAC3C,gBAAgB,KAAK,CAAC,mBAAmB,IAAI;gBAC7C,2EAA2E;gBAC3E,2CAA2C,MAAM,EAAE;gBACnD,2CAA2C,MAAM,IAAI;aACxD;YACD,CAAC,CAAC;gBACE,4FAA4F;gBAC5F,2CAA2C,MAAM,EAAE;gBACnD,2CAA2C,MAAM,IAAI;aACxD,CAAC;QAEN,QAAQ,CAAC,WAAW,CAChB,IAAI,GAAG,CAAC,eAAe,CAAC;YACpB,OAAO,EAAE;gBACL,sBAAsB;gBACtB,cAAc;gBACd,eAAe;gBACf,uBAAuB;gBACvB,cAAc;gBACd,+BAA+B;gBAC/B,iBAAiB;aACpB;YACD,SAAS,EAAE,oBAAoB;SAClC,CAAC,CACL,CAAC;QAEF,iCAAiC;QACjC,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,qBAAqB,CAAC,IAAI,EAAE,gBAAgB,EAAE;YACzE,cAAc,EAAE,IAAI;YACpB,GAAG,EAAE,IAAI;YACT,aAAa,EAAE,iBAAiB;YAChC,QAAQ,EAAE,QAAQ;YAClB,MAAM,EAAE,wBAAwB;SACnC,CAAC,CAAC;QAEH,yDAAyD;QACzD,8EAA8E;QAC9E,sFAAsF;QACtF,kFAAkF;QAClF,MAAM,eAAe,GAA8B;YAC/C,oBAAoB;YACpB,UAAU,EAAE,MAAM;YAClB,kBAAkB,EAAE,MAAM;YAC1B,IAAI,EAAE,MAAM;YAEZ,iEAAiE;YACjE,cAAc,EAAE,KAAK,CAAC,YAAY;YAClC,oBAAoB,EAAE,KAAK,CAAC,kBAAkB;YAC9C,qBAAqB,EAAE,KAAK,CAAC,mBAAmB,IAAI,SAAS;YAC7D,6EAA6E;YAC7E,GAAG,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC,CAAC,EAAE,qBAAqB,EAAE,KAAK,CAAC,mBAAmB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC1F,gBAAgB,EAAE,KAAK,CAAC,gBAAgB;YAExC,sDAAsD;YACtD,GAAG,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,oBAAoB,EAAE,KAAK,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAE3E,8EAA8E;YAC9E,eAAe,EAAE,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,eAAe,CAAC;YAE9D,2DAA2D;YAC3D,2BAA2B,EAAE,MAAM,EAAG,qEAAqE;YAE3G,4BAA4B;YAC5B,OAAO,EAAE,YAAY;YACrB,SAAS,EAAE,KAAK,CAAC,QAAQ,IAAI,MAAM,EAAG,oEAAoE;SAC7G,CAAC;QAEF,4CAA4C;QAC5C,MAAM,SAAS,GAAG,cAAc,CAAC,YAAY,CAAC,2BAA2B,EAAE;YACvE,KAAK,EAAE,GAAG,CAAC,cAAc,CAAC,iBAAiB,CACvC,KAAK,CAAC,aAAa,EACnB,KAAK,CAAC,QAAQ,IAAI,QAAQ,CAC7B;YACD,OAAO,EAAE,GAAG,CAAC,SAAS,CAAC,OAAO,CAAC;gBAC3B,YAAY,EAAE,mBAAmB;gBACjC,QAAQ,EAAE,IAAI,CAAC,QAAQ;aAC1B,CAAC;YACF,WAAW,EAAE,eAAe;YAC5B,WAAW,EAAE;gBACT,OAAO,EAAE,CAAC,WAAW,EAAE,gDAAgD,CAAC;gBACxE,QAAQ,EAAE,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAClC,OAAO,EAAE,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBACjC,OAAO,EAAE,CAAC;gBACV,WAAW,EAAE,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;aACxC;SACJ,CAAC,CAAC;QAEH,qBAAqB;QACrB,SAAS,CAAC,eAAe,CAAC;YACtB,aAAa,EAAE,IAAI;YACnB,QAAQ,EAAE,GAAG,CAAC,QAAQ,CAAC,GAAG;SAC7B,CAAC,CAAC;QAEH,0CAA0C;QAC1C,IAAI,CAAC,aAAa,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,IAAI,EAAE,sBAAsB,EAAE;YACrE,GAAG,EAAE,KAAK,CAAC,GAAG;YACd,WAAW,EAAE,oDAAoD;YACjE,gBAAgB,EAAE,IAAI;SACzB,CAAC,CAAC;QAEH,sDAAsD;QACtD,IAAI,CAAC,aAAa,CAAC,cAAc,CAC7B,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC,EACrC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAClB,8BAA8B,CACjC,CAAC;QAEF,2DAA2D;QAC3D,yDAAyD;QACzD,iEAAiE;QACjE,IAAI,CAAC,OAAO,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,SAAS,EAAE;YACnD,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,cAAc,EAAE,cAAc;YAC9B,YAAY,EAAE,CAAC;YACf,cAAc,EAAE,KAAK;YACrB,cAAc,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC;YACpC,sBAAsB,EAAE,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAChD,iBAAiB,EAAE,EAAE;YACrB,iBAAiB,EAAE,GAAG;YACtB,cAAc,EAAE;gBACZ,QAAQ,EAAE,IAAI;aACjB;SACJ,CAAC,CAAC;QAEH,6CAA6C;QAC7C,8DAA8D;QAC9D,IAAI,CAAC,OAAO,CAAC,0BAA0B,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QAE3D,yBAAyB;QACzB,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC;YAC5C,WAAW,EAAE,CAAC;YACd,WAAW,EAAE,EAAE;SAClB,CAAC,CAAC;QAEH,iCAAiC;QACjC,OAAO,CAAC,qBAAqB,CAAC,YAAY,EAAE;YACxC,wBAAwB,EAAE,EAAE;YAC5B,eAAe,EAAE,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC;YAC1C,gBAAgB,EAAE,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;SAC7C,CAAC,CAAC;QAEH,oCAAoC;QACpC,OAAO,CAAC,wBAAwB,CAAC,eAAe,EAAE;YAC9C,wBAAwB,EAAE,EAAE;YAC5B,eAAe,EAAE,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC;YAC1C,gBAAgB,EAAE,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;SAC7C,CAAC,CAAC;QAEH,yDAAyD;QACzD,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,aAAa,EAAE;YACnC,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,WAAW;YAC/B,WAAW,EAAE,kBAAkB;YAC/B,UAAU,EAAE,GAAG,SAAS,cAAc;SACzC,CAAC,CAAC;QAEH,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,aAAa,EAAE;YACnC,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,WAAW;YAC/B,WAAW,EAAE,kBAAkB;YAC/B,UAAU,EAAE,GAAG,SAAS,cAAc;SACzC,CAAC,CAAC;IACP,CAAC;CACJ;AA7WD,wCA6WC"}
|
|
@@ -3,13 +3,13 @@ import * as ec2 from "aws-cdk-lib/aws-ec2";
|
|
|
3
3
|
import * as elbv2 from "aws-cdk-lib/aws-elasticloadbalancingv2";
|
|
4
4
|
import * as logs from "aws-cdk-lib/aws-logs";
|
|
5
5
|
import { Construct } from "constructs";
|
|
6
|
-
import {
|
|
6
|
+
import { StackConfig } from "./types/stack-config";
|
|
7
7
|
export interface RestApiGatewayProps {
|
|
8
8
|
readonly vpc: ec2.IVpc;
|
|
9
9
|
readonly networkLoadBalancer: elbv2.INetworkLoadBalancer;
|
|
10
10
|
readonly nlbListener: elbv2.INetworkListener;
|
|
11
11
|
readonly serviceSecurityGroup: ec2.ISecurityGroup;
|
|
12
|
-
readonly config:
|
|
12
|
+
readonly config: StackConfig;
|
|
13
13
|
readonly stage: string;
|
|
14
14
|
}
|
|
15
15
|
export declare class RestApiGateway {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rest-api-gateway.d.ts","sourceRoot":"","sources":["../../lib/rest-api-gateway.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,UAAU,MAAM,4BAA4B,CAAC;AACzD,OAAO,KAAK,GAAG,MAAM,qBAAqB,CAAC;AAC3C,OAAO,KAAK,KAAK,MAAM,wCAAwC,CAAC;AAChE,OAAO,KAAK,IAAI,MAAM,sBAAsB,CAAC;AAE7C,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACvC,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"rest-api-gateway.d.ts","sourceRoot":"","sources":["../../lib/rest-api-gateway.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,UAAU,MAAM,4BAA4B,CAAC;AACzD,OAAO,KAAK,GAAG,MAAM,qBAAqB,CAAC;AAC3C,OAAO,KAAK,KAAK,MAAM,wCAAwC,CAAC;AAChE,OAAO,KAAK,IAAI,MAAM,sBAAsB,CAAC;AAE7C,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACvC,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAEnD,MAAM,WAAW,mBAAmB;IAChC,QAAQ,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC;IACvB,QAAQ,CAAC,mBAAmB,EAAE,KAAK,CAAC,oBAAoB,CAAC;IACzD,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC,gBAAgB,CAAC;IAC7C,QAAQ,CAAC,oBAAoB,EAAE,GAAG,CAAC,cAAc,CAAC;IAClD,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAC;IAC7B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;CAC1B;AAED,qBAAa,cAAc;IACvB,SAAgB,GAAG,EAAE,UAAU,CAAC,OAAO,CAAC;IACxC,SAAgB,OAAO,EAAE,UAAU,CAAC,OAAO,CAAC;IAC5C,SAAgB,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC;IACzC,SAAgB,KAAK,EAAE,MAAM,CAAC;gBAElB,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,mBAAmB;CAsJvE"}
|
|
@@ -72,8 +72,7 @@ class RestApiGateway {
|
|
|
72
72
|
.filter(ip => ip.length > 0);
|
|
73
73
|
// Build resource policy document with IP filtering
|
|
74
74
|
// Resource ARN format: execute-api:/*/<stage>/<method>/<path>
|
|
75
|
-
//
|
|
76
|
-
// When allowlist configured: Two statements (health exempt, webhooks restricted)
|
|
75
|
+
// Creates a single statement that either allows all IPs or restricts to allowlist
|
|
77
76
|
const policyStatements = [];
|
|
78
77
|
if (allowedIps.length === 0) {
|
|
79
78
|
// No IP filtering - allow all requests from anywhere
|
|
@@ -87,38 +86,12 @@ class RestApiGateway {
|
|
|
87
86
|
console.log("All endpoints accessible from any IP");
|
|
88
87
|
}
|
|
89
88
|
else {
|
|
90
|
-
// IP filtering enabled -
|
|
91
|
-
// Statement 1: Health endpoints always accessible (no IP restriction)
|
|
89
|
+
// IP filtering enabled - single statement for ALL endpoints
|
|
92
90
|
policyStatements.push(new iam.PolicyStatement({
|
|
93
91
|
effect: iam.Effect.ALLOW,
|
|
94
92
|
principals: [new iam.AnyPrincipal()],
|
|
95
93
|
actions: ["execute-api:Invoke"],
|
|
96
|
-
resources: [
|
|
97
|
-
// Health check endpoints are always accessible
|
|
98
|
-
"execute-api:/*/GET/health",
|
|
99
|
-
"execute-api:/*/GET/health/ready",
|
|
100
|
-
"execute-api:/*/GET/health/live",
|
|
101
|
-
// Stage-prefixed health endpoints
|
|
102
|
-
"execute-api:/*/GET/*/health",
|
|
103
|
-
"execute-api:/*/GET/*/health/ready",
|
|
104
|
-
"execute-api:/*/GET/*/health/live",
|
|
105
|
-
],
|
|
106
|
-
}));
|
|
107
|
-
// Statement 2: Webhook endpoints with IP restrictions
|
|
108
|
-
policyStatements.push(new iam.PolicyStatement({
|
|
109
|
-
effect: iam.Effect.ALLOW,
|
|
110
|
-
principals: [new iam.AnyPrincipal()],
|
|
111
|
-
actions: ["execute-api:Invoke"],
|
|
112
|
-
resources: [
|
|
113
|
-
// Webhook endpoints
|
|
114
|
-
"execute-api:/*/POST/event",
|
|
115
|
-
"execute-api:/*/POST/lifecycle",
|
|
116
|
-
"execute-api:/*/POST/canvas",
|
|
117
|
-
// Stage-prefixed webhook endpoints
|
|
118
|
-
"execute-api:/*/POST/*/event",
|
|
119
|
-
"execute-api:/*/POST/*/lifecycle",
|
|
120
|
-
"execute-api:/*/POST/*/canvas",
|
|
121
|
-
],
|
|
94
|
+
resources: ["execute-api:/*"], // Apply to ALL endpoints
|
|
122
95
|
conditions: {
|
|
123
96
|
IpAddress: {
|
|
124
97
|
"aws:SourceIp": allowedIps,
|
|
@@ -127,10 +100,7 @@ class RestApiGateway {
|
|
|
127
100
|
}));
|
|
128
101
|
console.log("Resource Policy IP filtering: ENABLED");
|
|
129
102
|
console.log(`Allowed IPs: ${allowedIps.join(", ")}`);
|
|
130
|
-
console.log("
|
|
131
|
-
console.log(`Created ${policyStatements.length} resource policy statements`);
|
|
132
|
-
console.log(" - Statement 1: Health endpoints (no IP restriction)");
|
|
133
|
-
console.log(" - Statement 2: Webhook endpoints (IP restricted)");
|
|
103
|
+
console.log("IP filtering applies to ALL endpoints (including health checks)");
|
|
134
104
|
}
|
|
135
105
|
const policyDoc = new iam.PolicyDocument({
|
|
136
106
|
statements: policyStatements,
|
|
@@ -197,15 +167,8 @@ class RestApiGateway {
|
|
|
197
167
|
},
|
|
198
168
|
});
|
|
199
169
|
// Webhook verification status
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
console.log("Webhook signature verification: ENABLED (FastAPI application)");
|
|
203
|
-
}
|
|
204
|
-
else {
|
|
205
|
-
console.warn("WARNING: Webhook signature verification is DISABLED. " +
|
|
206
|
-
"This should only be used for testing. Enable it in production by setting " +
|
|
207
|
-
"config.security.enableVerification = true");
|
|
208
|
-
}
|
|
170
|
+
// StackConfig doesn't include security.enableVerification, so log that verification is handled by FastAPI
|
|
171
|
+
console.log("Webhook signature verification: ENABLED (FastAPI application)");
|
|
209
172
|
}
|
|
210
173
|
}
|
|
211
174
|
exports.RestApiGateway = RestApiGateway;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rest-api-gateway.js","sourceRoot":"","sources":["../../lib/rest-api-gateway.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAmC;AACnC,uEAAyD;AAGzD,2DAA6C;AAC7C,yDAA2C;AAa3C,MAAa,cAAc;IAMvB,YAAY,KAAgB,EAAE,EAAU,EAAE,KAA0B;QAChE,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC;QAEzB,2BAA2B;QAC3B,kEAAkE;QAClE,IAAI,CAAC,QAAQ,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,sBAAsB,EAAE;YAC7D,SAAS,EAAE,IAAI,CAAC,aAAa,CAAC,QAAQ;YACtC,aAAa,EAAE,GAAG,CAAC,aAAa,CAAC,OAAO;SAC3C,CAAC,CAAC;QAEH,6DAA6D;QAC7D,4DAA4D;QAC5D,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,KAAK,EAAE,0BAA0B,EAAE;YACnE,SAAS,EAAE,IAAI,GAAG,CAAC,gBAAgB,CAAC,0BAA0B,CAAC;YAC/D,eAAe,EAAE;gBACb,GAAG,CAAC,aAAa,CAAC,wBAAwB,CACtC,mDAAmD,CACtD;aACJ;YACD,WAAW,EAAE,4DAA4D;SAC5E,CAAC,CAAC;QAEH,oEAAoE;QACpE,6EAA6E;QAC7E,gEAAgE;QAChE,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,KAAK,EAAE,mBAAmB,EAAE;YACrE,iBAAiB,EAAE,cAAc,CAAC,OAAO;SAC5C,CAAC,CAAC;QAEH,uDAAuD;QACvD,UAAU,CAAC,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC,CAAC;QAE9C,iCAAiC;QACjC,MAAM,gBAAgB,GAAG,KAAK,CAAC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,IAAI,EAAE,CAAC;QACvE,MAAM,UAAU,GAAG,gBAAgB;aAC9B,KAAK,CAAC,GAAG,CAAC;aACV,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC;aACpB,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAEjC,mDAAmD;QACnD,8DAA8D;QAC9D,
|
|
1
|
+
{"version":3,"file":"rest-api-gateway.js","sourceRoot":"","sources":["../../lib/rest-api-gateway.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAmC;AACnC,uEAAyD;AAGzD,2DAA6C;AAC7C,yDAA2C;AAa3C,MAAa,cAAc;IAMvB,YAAY,KAAgB,EAAE,EAAU,EAAE,KAA0B;QAChE,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC;QAEzB,2BAA2B;QAC3B,kEAAkE;QAClE,IAAI,CAAC,QAAQ,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,sBAAsB,EAAE;YAC7D,SAAS,EAAE,IAAI,CAAC,aAAa,CAAC,QAAQ;YACtC,aAAa,EAAE,GAAG,CAAC,aAAa,CAAC,OAAO;SAC3C,CAAC,CAAC;QAEH,6DAA6D;QAC7D,4DAA4D;QAC5D,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,KAAK,EAAE,0BAA0B,EAAE;YACnE,SAAS,EAAE,IAAI,GAAG,CAAC,gBAAgB,CAAC,0BAA0B,CAAC;YAC/D,eAAe,EAAE;gBACb,GAAG,CAAC,aAAa,CAAC,wBAAwB,CACtC,mDAAmD,CACtD;aACJ;YACD,WAAW,EAAE,4DAA4D;SAC5E,CAAC,CAAC;QAEH,oEAAoE;QACpE,6EAA6E;QAC7E,gEAAgE;QAChE,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,KAAK,EAAE,mBAAmB,EAAE;YACrE,iBAAiB,EAAE,cAAc,CAAC,OAAO;SAC5C,CAAC,CAAC;QAEH,uDAAuD;QACvD,UAAU,CAAC,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC,CAAC;QAE9C,iCAAiC;QACjC,MAAM,gBAAgB,GAAG,KAAK,CAAC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,IAAI,EAAE,CAAC;QACvE,MAAM,UAAU,GAAG,gBAAgB;aAC9B,KAAK,CAAC,GAAG,CAAC;aACV,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC;aACpB,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAEjC,mDAAmD;QACnD,8DAA8D;QAC9D,kFAAkF;QAClF,MAAM,gBAAgB,GAA0B,EAAE,CAAC;QAEnD,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,qDAAqD;YACrD,gBAAgB,CAAC,IAAI,CACjB,IAAI,GAAG,CAAC,eAAe,CAAC;gBACpB,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK;gBACxB,UAAU,EAAE,CAAC,IAAI,GAAG,CAAC,YAAY,EAAE,CAAC;gBACpC,OAAO,EAAE,CAAC,oBAAoB,CAAC;gBAC/B,SAAS,EAAE,CAAC,gBAAgB,CAAC;aAChC,CAAC,CACL,CAAC;YACF,OAAO,CAAC,GAAG,CAAC,yEAAyE,CAAC,CAAC;YACvF,OAAO,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC;QACxD,CAAC;aAAM,CAAC;YACJ,4DAA4D;YAC5D,gBAAgB,CAAC,IAAI,CACjB,IAAI,GAAG,CAAC,eAAe,CAAC;gBACpB,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK;gBACxB,UAAU,EAAE,CAAC,IAAI,GAAG,CAAC,YAAY,EAAE,CAAC;gBACpC,OAAO,EAAE,CAAC,oBAAoB,CAAC;gBAC/B,SAAS,EAAE,CAAC,gBAAgB,CAAC,EAAE,yBAAyB;gBACxD,UAAU,EAAE;oBACR,SAAS,EAAE;wBACP,cAAc,EAAE,UAAU;qBAC7B;iBACJ;aACJ,CAAC,CACL,CAAC;YAEF,OAAO,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC;YACrD,OAAO,CAAC,GAAG,CAAC,gBAAgB,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACrD,OAAO,CAAC,GAAG,CAAC,iEAAiE,CAAC,CAAC;QACnF,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC;YACrC,UAAU,EAAE,gBAAgB;SAC/B,CAAC,CAAC;QAEH,0CAA0C;QAC1C,iEAAiE;QACjE,IAAI,CAAC,GAAG,GAAG,IAAI,UAAU,CAAC,OAAO,CAAC,KAAK,EAAE,yBAAyB,EAAE;YAChE,WAAW,EAAE,iFAAiF;YAC9F,MAAM,EAAE,SAAS;YACjB,aAAa,EAAE;gBACX,SAAS,EAAE,KAAK,CAAC,KAAK;gBACtB,oBAAoB,EAAE,IAAI,UAAU,CAAC,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC;gBAC1E,eAAe,EAAE,UAAU,CAAC,eAAe,CAAC,sBAAsB,CAAC;oBAC/D,EAAE,EAAE,IAAI;oBACR,MAAM,EAAE,KAAK;oBACb,IAAI,EAAE,KAAK;oBACX,WAAW,EAAE,IAAI;oBACjB,UAAU,EAAE,IAAI;oBAChB,YAAY,EAAE,IAAI;oBAClB,MAAM,EAAE,IAAI;oBACZ,QAAQ,EAAE,IAAI;oBACd,cAAc,EAAE,IAAI;iBACvB,CAAC;aACL;YACD,qBAAqB,EAAE;gBACnB,KAAK,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,QAAQ,CAAC;aAC5C;SACJ,CAAC,CAAC;QAEH,8DAA8D;QAC9D,IAAI,CAAC,OAAO,GAAG,IAAI,UAAU,CAAC,OAAO,CAAC,KAAK,EAAE,SAAS,EAAE;YACpD,OAAO,EAAE,CAAC,KAAK,CAAC,mBAAmB,CAAC;YACpC,WAAW,EAAE,+DAA+D;SAC/E,CAAC,CAAC;QAEH,uCAAuC;QACvC,+EAA+E;QAC/E,mEAAmE;QACnE,EAAE;QACF,+EAA+E;QAC/E,uFAAuF;QACvF,kDAAkD;QAClD,EAAE;QACF,sCAAsC;QACtC,qFAAqF;QACrF,wDAAwD;QACxD,MAAM,WAAW,GAAG,IAAI,UAAU,CAAC,WAAW,CAAC;YAC3C,IAAI,EAAE,UAAU,CAAC,eAAe,CAAC,UAAU;YAC3C,qBAAqB,EAAE,KAAK;YAC5B,GAAG,EAAE,UAAU,KAAK,CAAC,mBAAmB,CAAC,mBAAmB,aAAa;YACzE,OAAO,EAAE;gBACL,cAAc,EAAE,UAAU,CAAC,cAAc,CAAC,QAAQ;gBAClD,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,OAAO,EAAE,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBACjC,iBAAiB,EAAE;oBACf,gCAAgC,EAAE,2BAA2B;iBAChE;aACJ;SACJ,CAAC,CAAC;QAEH,+DAA+D;QAC/D,qEAAqE;QACrE,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;QAC5D,aAAa,CAAC,SAAS,CAAC,KAAK,EAAE,WAAW,EAAE;YACxC,iBAAiB,EAAE;gBACf,2BAA2B,EAAE,IAAI;aACpC;SACJ,CAAC,CAAC;QAEH,8BAA8B;QAC9B,0GAA0G;QAC1G,OAAO,CAAC,GAAG,CAAC,+DAA+D,CAAC,CAAC;IACjF,CAAC;CACJ;AA5JD,wCA4JC"}
|
|
@@ -184,17 +184,6 @@ export interface QuiltConfig {
|
|
|
184
184
|
* @example "us-east-1"
|
|
185
185
|
*/
|
|
186
186
|
region: string;
|
|
187
|
-
/**
|
|
188
|
-
* Iceberg database name (optional)
|
|
189
|
-
*
|
|
190
|
-
* If available, use Iceberg database instead of Athena for package* tables.
|
|
191
|
-
* Resolved from stack output `IcebergDatabase` at deployment time if present.
|
|
192
|
-
*
|
|
193
|
-
* Passed to container as `ICEBERG_DATABASE` environment variable.
|
|
194
|
-
*
|
|
195
|
-
* @example "quilt_iceberg"
|
|
196
|
-
*/
|
|
197
|
-
icebergDatabase?: string;
|
|
198
187
|
/**
|
|
199
188
|
* Athena workgroup for user queries (non-managed role)
|
|
200
189
|
*
|
|
@@ -213,15 +202,6 @@ export interface QuiltConfig {
|
|
|
213
202
|
* @example "quilt-prod-UserAthenaNonManagedRolePolicy-ABC123"
|
|
214
203
|
*/
|
|
215
204
|
athenaUserPolicy?: string;
|
|
216
|
-
/**
|
|
217
|
-
* Athena workgroup for Iceberg queries
|
|
218
|
-
*
|
|
219
|
-
* Resolved from IcebergWorkGroup stack resource
|
|
220
|
-
* This is a RESOURCE (not an output) - requires DescribeStackResources API
|
|
221
|
-
*
|
|
222
|
-
* @example "quilt-iceberg-workgroup-prod"
|
|
223
|
-
*/
|
|
224
|
-
icebergWorkgroup?: string;
|
|
225
205
|
/**
|
|
226
206
|
* User Athena results bucket (S3 bucket for query results)
|
|
227
207
|
*
|
|
@@ -715,18 +695,10 @@ export declare const ProfileConfigSchema: {
|
|
|
715
695
|
readonly type: "string";
|
|
716
696
|
readonly pattern: "^[a-z]{2}-[a-z]+-[0-9]$";
|
|
717
697
|
};
|
|
718
|
-
readonly icebergDatabase: {
|
|
719
|
-
readonly type: "string";
|
|
720
|
-
readonly minLength: 1;
|
|
721
|
-
};
|
|
722
698
|
readonly athenaUserWorkgroup: {
|
|
723
699
|
readonly type: "string";
|
|
724
700
|
readonly minLength: 1;
|
|
725
701
|
};
|
|
726
|
-
readonly icebergWorkgroup: {
|
|
727
|
-
readonly type: "string";
|
|
728
|
-
readonly minLength: 1;
|
|
729
|
-
};
|
|
730
702
|
readonly writeRoleArn: {
|
|
731
703
|
readonly type: "string";
|
|
732
704
|
readonly pattern: "^arn:aws:iam::\\d{12}:role/.+";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../lib/types/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH;;;;;GAKG;AACH,eAAO,MAAM,UAAU;IACnB;;;;OAIG;;CAEG,CAAC;AAEX;;;;;;;GAOG;AACH,MAAM,MAAM,WAAW,GAAG,MAAM,CAAC;AAGjC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyCG;AACH,MAAM,WAAW,aAAa;IAC1B;;OAEG;IACH,KAAK,EAAE,WAAW,CAAC;IAEnB;;OAEG;IACH,SAAS,EAAE,eAAe,CAAC;IAE3B;;OAEG;IACH,QAAQ,EAAE,aAAa,CAAC;IAExB;;OAEG;IACH,UAAU,EAAE,gBAAgB,CAAC;IAE7B;;;;;;;OAOG;IACH,eAAe,CAAC,EAAE,OAAO,CAAC;IAE1B;;OAEG;IACH,OAAO,CAAC,EAAE,aAAa,CAAC;IAExB;;OAEG;IACH,QAAQ,CAAC,EAAE,cAAc,CAAC;IAE1B;;OAEG;IACH,SAAS,EAAE,cAAc,CAAC;IAE1B;;;;;;;OAOG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,WAAW,WAAW;IACxB;;;;;;;;;;OAUG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;;;;;;;;;OAWG;IACH,OAAO,EAAE,MAAM,CAAC;IAEhB;;;;;;;OAOG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;;;;;;OAOG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;;;OAIG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf
|
|
1
|
+
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../lib/types/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH;;;;;GAKG;AACH,eAAO,MAAM,UAAU;IACnB;;;;OAIG;;CAEG,CAAC;AAEX;;;;;;;GAOG;AACH,MAAM,MAAM,WAAW,GAAG,MAAM,CAAC;AAGjC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyCG;AACH,MAAM,WAAW,aAAa;IAC1B;;OAEG;IACH,KAAK,EAAE,WAAW,CAAC;IAEnB;;OAEG;IACH,SAAS,EAAE,eAAe,CAAC;IAE3B;;OAEG;IACH,QAAQ,EAAE,aAAa,CAAC;IAExB;;OAEG;IACH,UAAU,EAAE,gBAAgB,CAAC;IAE7B;;;;;;;OAOG;IACH,eAAe,CAAC,EAAE,OAAO,CAAC;IAE1B;;OAEG;IACH,OAAO,CAAC,EAAE,aAAa,CAAC;IAExB;;OAEG;IACH,QAAQ,CAAC,EAAE,cAAc,CAAC;IAE1B;;OAEG;IACH,SAAS,EAAE,cAAc,CAAC;IAE1B;;;;;;;OAOG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,WAAW,WAAW;IACxB;;;;;;;;;;OAUG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;;;;;;;;;OAWG;IACH,OAAO,EAAE,MAAM,CAAC;IAEhB;;;;;;;OAOG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;;;;;;OAOG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;;;OAIG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;;;;;;OAOG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAE7B;;;;;;;OAOG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAE1B;;;;;;;OAOG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAE7B;;;;;;;OAOG;IACH,yBAAyB,CAAC,EAAE,MAAM,CAAC;IAEnC;;;;;;;;;;;;;OAaG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;CACzB;AAED;;;;GAIG;AACH,MAAM,WAAW,eAAe;IAC5B;;;;OAIG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;;;OAIG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;;;;;OAMG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB;;;;OAIG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;;OAIG;IACH,eAAe,EAAE,MAAM,CAAC;IAExB;;;;OAIG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;;;GAIG;AACH,MAAM,WAAW,aAAa;IAC1B;;;;OAIG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;;;;OAKG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;;;;OAKG;IACH,WAAW,EAAE,MAAM,CAAC;CACvB;AAED;;;;GAIG;AACH,MAAM,WAAW,gBAAgB;IAC7B;;;;OAIG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;;;OAIG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;;;OAIG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB;;;;;;OAMG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;;;;;;;;;;;OAaG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;;;OAKG;IACH,GAAG,CAAC,EAAE,SAAS,CAAC;CACnB;AAED;;;;GAIG;AACH,MAAM,WAAW,SAAS;IACtB;;;;;;;;;;;;;OAaG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;;;;;;;;;OAUG;IACH,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAE5B;;;;OAIG;IACH,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAE3B;;;;OAIG;IACH,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAE7B;;;;;OAKG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB;;;;OAIG;IACH,eAAe,CAAC,EAAE,OAAO,CAAC;CAC7B;AAED;;;;GAIG;AACH,MAAM,WAAW,aAAa;IAC1B;;;;OAIG;IACH,KAAK,EAAE,OAAO,GAAG,MAAM,GAAG,SAAS,GAAG,OAAO,CAAC;CACjD;AAED;;;;GAIG;AACH,MAAM,WAAW,cAAc;IAC3B;;;;;;;;;OASG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAE1B;;;;OAIG;IACH,kBAAkB,CAAC,EAAE,OAAO,CAAC;CAChC;AAED;;;;GAIG;AACH,MAAM,WAAW,cAAc;IAC3B;;;;OAIG;IACH,OAAO,EAAE,MAAM,CAAC;IAEhB;;;;OAIG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;;;OAIG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;;;;;OAMG;IACH,MAAM,EAAE,QAAQ,GAAG,QAAQ,GAAG,KAAK,CAAC;IAEpC;;OAEG;IACH,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;CACrC;AAED;;;;GAIG;AACH,MAAM,WAAW,iBAAiB;IAC9B;;;;;;;;;;;;OAYG;IACH,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;IAEzC;;;;OAIG;IACH,OAAO,EAAE,gBAAgB,EAAE,CAAC;CAC/B;AAED;;;;GAIG;AACH,MAAM,WAAW,gBAAgB;IAC7B;;;;;OAKG;IACH,KAAK,EAAE,MAAM,CAAC;IAEd;;;;OAIG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;;;;OAKG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;;;OAIG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;;;OAIG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;;;OAIG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB;;;;OAIG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;OAEG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB;;OAEG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAE5B;;OAEG;IACH,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;CACrC;AAED;;;;GAIG;AACH,MAAM,WAAW,gBAAgB;IAC7B;;OAEG;IACH,OAAO,EAAE,OAAO,CAAC;IAEjB;;OAEG;IACH,MAAM,EAAE,MAAM,EAAE,CAAC;IAEjB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IAEpB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED;;;;GAIG;AACH,MAAM,WAAW,eAAe;IAC5B;;OAEG;IACH,OAAO,EAAE,OAAO,CAAC;IAEjB;;OAEG;IACH,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAE3B;;OAEG;IACH,MAAM,EAAE,MAAM,EAAE,CAAC;IAEjB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IAEpB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC3B;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;OAEG;IACH,OAAO,CAAC,EAAE,WAAW,CAAC;IAEtB;;OAEG;IACH,eAAe,CAAC,EAAE,OAAO,CAAC;CAC7B;AAED;;;;GAIG;AACH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA+EtB,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA2C1B,CAAC;AAEX;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,MAAM,CAQzE"}
|
package/dist/lib/types/config.js
CHANGED
|
@@ -46,9 +46,7 @@ exports.ProfileConfigSchema = {
|
|
|
46
46
|
database: { type: "string", minLength: 1 },
|
|
47
47
|
queueUrl: { type: "string", pattern: "^https://sqs\\.[a-z0-9-]+\\.amazonaws\\.com/\\d{12}/.+" },
|
|
48
48
|
region: { type: "string", pattern: "^[a-z]{2}-[a-z]+-[0-9]$" },
|
|
49
|
-
icebergDatabase: { type: "string", minLength: 1 },
|
|
50
49
|
athenaUserWorkgroup: { type: "string", minLength: 1 },
|
|
51
|
-
icebergWorkgroup: { type: "string", minLength: 1 },
|
|
52
50
|
writeRoleArn: { type: "string", pattern: "^arn:aws:iam::\\d{12}:role/.+" },
|
|
53
51
|
},
|
|
54
52
|
},
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../../lib/types/config.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;
|
|
1
|
+
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../../lib/types/config.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;AAm3BH,oCAQC;AAz3BD;;;;;GAKG;AACU,QAAA,UAAU,GAAG;IACtB;;;;OAIG;IACH,iBAAiB,EAAE,kBAAkB;CAC/B,CAAC;AA2sBX;;;;GAIG;AACU,QAAA,mBAAmB,GAAG;IAC/B,OAAO,EAAE,yCAAyC;IAClD,KAAK,EAAE,eAAe;IACtB,WAAW,EAAE,yCAAyC;IACtD,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,CAAC,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,YAAY,EAAE,WAAW,CAAC;IACvE,UAAU,EAAE;QACR,KAAK,EAAE;YACH,IAAI,EAAE,QAAQ;YACd,QAAQ,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,QAAQ,CAAC;YACvD,UAAU,EAAE;gBACR,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,0BAA0B,EAAE;gBACjE,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,EAAE;gBACzC,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,EAAE;gBAC1C,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,wDAAwD,EAAE;gBAC/F,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,yBAAyB,EAAE;gBAC9D,mBAAmB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,EAAE;gBACrD,YAAY,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,+BAA+B,EAAE;aAC7E;SACJ;QACD,SAAS,EAAE;YACP,IAAI,EAAE,QAAQ;YACd,QAAQ,EAAE,CAAC,QAAQ,EAAE,UAAU,EAAE,iBAAiB,CAAC;YACnD,UAAU,EAAE;gBACR,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,EAAE;gBACxC,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,EAAE;gBAC1C,YAAY,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;gBAChC,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,0BAA0B,EAAE;gBAClE,eAAe,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,EAAE;gBACjD,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;aAClC;SACJ;QACD,QAAQ,EAAE;YACN,IAAI,EAAE,QAAQ;YACd,QAAQ,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,aAAa,CAAC;YAC7C,UAAU,EAAE;gBACR,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,EAAE;gBACxC,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,EAAE;gBACxC,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,EAAE;aAChD;SACJ;QACD,UAAU,EAAE;YACR,IAAI,EAAE,QAAQ;YACd,QAAQ,EAAE,CAAC,QAAQ,CAAC;YACpB,UAAU,EAAE;gBACR,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,yBAAyB,EAAE;gBAC9D,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,aAAa,EAAE;gBACnD,aAAa,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;gBACjC,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;gBAC5B,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,EAAE,SAAS,EAAE,GAAG,EAAE;aAC9D;SACJ;QACD,eAAe,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;QACpC,OAAO,EAAE;YACL,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACR,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE;aACzE;SACJ;QACD,QAAQ,EAAE;YACN,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACR,gBAAgB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;gBACpC,kBAAkB,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;aAC1C;SACJ;QACD,SAAS,EAAE;YACP,IAAI,EAAE,QAAQ;YACd,QAAQ,EAAE,CAAC,SAAS,EAAE,WAAW,EAAE,WAAW,EAAE,QAAQ,CAAC;YACzD,UAAU,EAAE;gBACR,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;gBAC3B,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE;gBAClD,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE;gBAClD,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,KAAK,CAAC,EAAE;aAChE;SACJ;QACD,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;KAChC;IACD,oBAAoB,EAAE,IAAI,EAAE,+DAA+D;CACrF,CAAC;AAEX;;GAEG;AACU,QAAA,uBAAuB,GAAG;IACnC,OAAO,EAAE,yCAAyC;IAClD,KAAK,EAAE,mBAAmB;IAC1B,WAAW,EAAE,mCAAmC;IAChD,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,CAAC,QAAQ,EAAE,SAAS,CAAC;IAC/B,UAAU,EAAE;QACR,MAAM,EAAE;YACJ,IAAI,EAAE,QAAQ;YACd,oBAAoB,EAAE;gBAClB,IAAI,EAAE,QAAQ;gBACd,QAAQ,EAAE,CAAC,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,UAAU,EAAE,WAAW,EAAE,QAAQ,CAAC;gBAC/E,UAAU,EAAE;oBACR,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBACzB,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE;oBAClD,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBAC5B,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE;oBAC3C,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBAC7B,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBAC1B,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBAC9B,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;iBAC7B;aACJ;SACJ;QACD,OAAO,EAAE;YACL,IAAI,EAAE,OAAO;YACb,KAAK,EAAE;gBACH,IAAI,EAAE,QAAQ;gBACd,QAAQ,EAAE,CAAC,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,UAAU,EAAE,WAAW,EAAE,QAAQ,CAAC;gBAC/E,UAAU,EAAE;oBACR,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBACzB,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE;oBAClD,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBAC5B,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE;oBAC3C,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBAC7B,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBAC1B,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBAC9B,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;iBAC7B;aACJ;SACJ;KACJ;IACD,oBAAoB,EAAE,KAAK;CACrB,CAAC;AAEX;;;;;;;;;;;;;;;;;;GAkBG;AACH,SAAgB,YAAY,CAAC,OAAe,EAAE,UAAmB;IAC7D,IAAI,UAAU,EAAE,CAAC;QACb,OAAO,UAAU,CAAC;IACtB,CAAC;IACD,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;QACxB,OAAO,uBAAuB,CAAC,CAAC,0BAA0B;IAC9D,CAAC;IACD,OAAO,yBAAyB,OAAO,EAAE,CAAC;AAC9C,CAAC"}
|
|
@@ -0,0 +1,170 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Minimal Stack Configuration Interface
|
|
3
|
+
*
|
|
4
|
+
* This interface defines ONLY the fields required by the CDK stack infrastructure.
|
|
5
|
+
* It is deliberately minimal to:
|
|
6
|
+
* - Reduce coupling between setup wizard and CDK stack
|
|
7
|
+
* - Simplify testing (fewer fields to mock)
|
|
8
|
+
* - Make explicit what the stack actually needs
|
|
9
|
+
*
|
|
10
|
+
* Transformation: ProfileConfig → StackConfig happens in config-transform.ts
|
|
11
|
+
*
|
|
12
|
+
* @module types/stack-config
|
|
13
|
+
* @version 0.10.0
|
|
14
|
+
*/
|
|
15
|
+
import type { VpcConfig } from "./config";
|
|
16
|
+
export type { VpcConfig } from "./config";
|
|
17
|
+
/**
|
|
18
|
+
* Minimal Stack Configuration
|
|
19
|
+
*
|
|
20
|
+
* Contains only the fields that the CDK stack actually uses for infrastructure provisioning.
|
|
21
|
+
* Derived from ProfileConfig via profileToStackConfig() transformation.
|
|
22
|
+
*
|
|
23
|
+
* **Design principles:**
|
|
24
|
+
* - Only infrastructure-related fields (no wizard metadata)
|
|
25
|
+
* - Only fields actually referenced in CDK constructs
|
|
26
|
+
* - Optional fields remain optional (preserve deployment flexibility)
|
|
27
|
+
*
|
|
28
|
+
* **What's NOT included:**
|
|
29
|
+
* - Benchling OAuth credentials (stored in secret, referenced by ARN)
|
|
30
|
+
* - Package configuration (passed as env vars to container)
|
|
31
|
+
* - Logging level (passed as env var to container)
|
|
32
|
+
* - Metadata fields (_metadata, _inherits)
|
|
33
|
+
*
|
|
34
|
+
* @example
|
|
35
|
+
* ```typescript
|
|
36
|
+
* const stackConfig: StackConfig = {
|
|
37
|
+
* benchling: {
|
|
38
|
+
* secretArn: "arn:aws:secretsmanager:us-east-1:123456789012:secret:benchling-..."
|
|
39
|
+
* },
|
|
40
|
+
* quilt: {
|
|
41
|
+
* catalog: "quilt.example.com",
|
|
42
|
+
* database: "quilt_catalog",
|
|
43
|
+
* queueUrl: "https://sqs.us-east-1.amazonaws.com/123456789012/quilt-queue",
|
|
44
|
+
* region: "us-east-1"
|
|
45
|
+
* },
|
|
46
|
+
* deployment: {
|
|
47
|
+
* region: "us-east-1",
|
|
48
|
+
* imageTag: "0.10.0"
|
|
49
|
+
* }
|
|
50
|
+
* };
|
|
51
|
+
* ```
|
|
52
|
+
*/
|
|
53
|
+
export interface StackConfig {
|
|
54
|
+
/**
|
|
55
|
+
* Benchling configuration (secret reference only)
|
|
56
|
+
*/
|
|
57
|
+
benchling: {
|
|
58
|
+
/**
|
|
59
|
+
* AWS Secrets Manager ARN for Benchling OAuth credentials
|
|
60
|
+
*
|
|
61
|
+
* Stack uses this to grant ECS task read access to the secret.
|
|
62
|
+
* FastAPI reads credentials from secret at runtime.
|
|
63
|
+
*
|
|
64
|
+
* @example "arn:aws:secretsmanager:us-east-1:123456789012:secret:benchling-oauth-abc123"
|
|
65
|
+
*/
|
|
66
|
+
secretArn: string;
|
|
67
|
+
};
|
|
68
|
+
/**
|
|
69
|
+
* Quilt catalog configuration (service endpoints only)
|
|
70
|
+
*/
|
|
71
|
+
quilt: {
|
|
72
|
+
/**
|
|
73
|
+
* Quilt catalog domain (without protocol)
|
|
74
|
+
*
|
|
75
|
+
* Passed to container as QUILT_WEB_HOST environment variable.
|
|
76
|
+
*
|
|
77
|
+
* @example "quilt.example.com"
|
|
78
|
+
*/
|
|
79
|
+
catalog: string;
|
|
80
|
+
/**
|
|
81
|
+
* Athena/Glue database name for catalog metadata
|
|
82
|
+
*
|
|
83
|
+
* Passed to container as ATHENA_USER_DATABASE environment variable.
|
|
84
|
+
*
|
|
85
|
+
* @example "quilt_catalog"
|
|
86
|
+
*/
|
|
87
|
+
database: string;
|
|
88
|
+
/**
|
|
89
|
+
* SQS queue URL for package creation jobs
|
|
90
|
+
*
|
|
91
|
+
* Passed to container as PACKAGER_SQS_URL environment variable.
|
|
92
|
+
* Stack also grants ECS task send message permissions.
|
|
93
|
+
*
|
|
94
|
+
* @example "https://sqs.us-east-1.amazonaws.com/123456789012/quilt-package-queue"
|
|
95
|
+
*/
|
|
96
|
+
queueUrl: string;
|
|
97
|
+
/**
|
|
98
|
+
* AWS region for Quilt resources
|
|
99
|
+
*
|
|
100
|
+
* Used for SQS/S3 client configuration.
|
|
101
|
+
*
|
|
102
|
+
* @example "us-east-1"
|
|
103
|
+
*/
|
|
104
|
+
region: string;
|
|
105
|
+
/**
|
|
106
|
+
* IAM role ARN for read-write S3 access (optional)
|
|
107
|
+
*
|
|
108
|
+
* Container assumes this role for all S3 operations to access the Quilt S3 bucket.
|
|
109
|
+
* This single role is used for both read and write operations, simplifying credential management.
|
|
110
|
+
*
|
|
111
|
+
* Resolved from T4BucketWriteRole stack resource during setup.
|
|
112
|
+
* Passed to container as QUILT_WRITE_ROLE_ARN environment variable.
|
|
113
|
+
*
|
|
114
|
+
* @example "arn:aws:iam::123456789012:role/quilt-stack-T4BucketWriteRole-XYZ789"
|
|
115
|
+
*/
|
|
116
|
+
writeRoleArn?: string;
|
|
117
|
+
};
|
|
118
|
+
/**
|
|
119
|
+
* AWS deployment configuration
|
|
120
|
+
*/
|
|
121
|
+
deployment: {
|
|
122
|
+
/**
|
|
123
|
+
* AWS region for deployment
|
|
124
|
+
*
|
|
125
|
+
* @example "us-east-1"
|
|
126
|
+
*/
|
|
127
|
+
region: string;
|
|
128
|
+
/**
|
|
129
|
+
* Docker image tag to deploy
|
|
130
|
+
*
|
|
131
|
+
* @example "latest"
|
|
132
|
+
* @example "0.10.0"
|
|
133
|
+
* @default "latest"
|
|
134
|
+
*/
|
|
135
|
+
imageTag?: string;
|
|
136
|
+
/**
|
|
137
|
+
* VPC configuration for ECS deployment (optional)
|
|
138
|
+
*
|
|
139
|
+
* If not specified, a new VPC will be created with private subnets and NAT Gateway.
|
|
140
|
+
*/
|
|
141
|
+
vpc?: VpcConfig;
|
|
142
|
+
/**
|
|
143
|
+
* CloudFormation stack name (optional)
|
|
144
|
+
*
|
|
145
|
+
* If not specified, stack name is auto-generated based on profile:
|
|
146
|
+
* - "default" profile → "BenchlingWebhookStack" (backwards compatible)
|
|
147
|
+
* - Other profiles → "BenchlingWebhookStack-{profile}"
|
|
148
|
+
*
|
|
149
|
+
* @example "BenchlingWebhookStack-sales"
|
|
150
|
+
* @default Auto-generated based on profile name
|
|
151
|
+
*/
|
|
152
|
+
stackName?: string;
|
|
153
|
+
};
|
|
154
|
+
/**
|
|
155
|
+
* Security configuration (optional)
|
|
156
|
+
*/
|
|
157
|
+
security?: {
|
|
158
|
+
/**
|
|
159
|
+
* Comma-separated list of allowed IP addresses/CIDR blocks for webhook endpoints
|
|
160
|
+
*
|
|
161
|
+
* Enforced via REST API Gateway resource policy (free).
|
|
162
|
+
* Empty string means no IP filtering (all IPs allowed).
|
|
163
|
+
*
|
|
164
|
+
* @example "192.168.1.0/24,10.0.0.0/8"
|
|
165
|
+
* @default ""
|
|
166
|
+
*/
|
|
167
|
+
webhookAllowList?: string;
|
|
168
|
+
};
|
|
169
|
+
}
|
|
170
|
+
//# sourceMappingURL=stack-config.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"stack-config.d.ts","sourceRoot":"","sources":["../../../lib/types/stack-config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAG1C,YAAY,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAE1C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AACH,MAAM,WAAW,WAAW;IACxB;;OAEG;IACH,SAAS,EAAE;QACP;;;;;;;WAOG;QACH,SAAS,EAAE,MAAM,CAAC;KACrB,CAAC;IAEF;;OAEG;IACH,KAAK,EAAE;QACH;;;;;;WAMG;QACH,OAAO,EAAE,MAAM,CAAC;QAEhB;;;;;;WAMG;QACH,QAAQ,EAAE,MAAM,CAAC;QAEjB;;;;;;;WAOG;QACH,QAAQ,EAAE,MAAM,CAAC;QAEjB;;;;;;WAMG;QACH,MAAM,EAAE,MAAM,CAAC;QAEf;;;;;;;;;;WAUG;QACH,YAAY,CAAC,EAAE,MAAM,CAAC;KACzB,CAAC;IAEF;;OAEG;IACH,UAAU,EAAE;QACR;;;;WAIG;QACH,MAAM,EAAE,MAAM,CAAC;QAEf;;;;;;WAMG;QACH,QAAQ,CAAC,EAAE,MAAM,CAAC;QAElB;;;;WAIG;QACH,GAAG,CAAC,EAAE,SAAS,CAAC;QAEhB;;;;;;;;;WASG;QACH,SAAS,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;IAEF;;OAEG;IACH,QAAQ,CAAC,EAAE;QACP;;;;;;;;WAQG;QACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;KAC7B,CAAC;CACL"}
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Minimal Stack Configuration Interface
|
|
4
|
+
*
|
|
5
|
+
* This interface defines ONLY the fields required by the CDK stack infrastructure.
|
|
6
|
+
* It is deliberately minimal to:
|
|
7
|
+
* - Reduce coupling between setup wizard and CDK stack
|
|
8
|
+
* - Simplify testing (fewer fields to mock)
|
|
9
|
+
* - Make explicit what the stack actually needs
|
|
10
|
+
*
|
|
11
|
+
* Transformation: ProfileConfig → StackConfig happens in config-transform.ts
|
|
12
|
+
*
|
|
13
|
+
* @module types/stack-config
|
|
14
|
+
* @version 0.10.0
|
|
15
|
+
*/
|
|
16
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
//# sourceMappingURL=stack-config.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"stack-config.js","sourceRoot":"","sources":["../../../lib/types/stack-config.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG"}
|