@resistdesign/voltra 0.0.0-alpha.0

package/src/iac/packs/gateway.js

@@ -0,0 +1,342 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.addGateway = exports.DEFAULT_AUTH_TYPE = void 0;
+const utils_1 = require("../utils");
+const SimpleCFT_1 = require("../SimpleCFT");
+exports.DEFAULT_AUTH_TYPE = "COGNITO_USER_POOLS";
+/**
+ * Add a load-balanced API gateway for your serverless cloud function.
+ * Includes authorization config that connects your user management system to your cloud function.
+ * Also includes a DNS record for your API/back-end.
+ * */
+exports.addGateway = (0, utils_1.createResourcePack)(({ id, hostedZoneId, domainName, certificateArn, cloudFunction: { id: cloudFunctionId, region: cloudFunctionRegion = "${AWS::Region}", }, stageName = "production", authorizer, deploymentSuffix = "", }) => {
+    const cloudFunctionUri = {
+        "Fn::Sub": `arn:aws:apigateway:${cloudFunctionRegion}:lambda:path/2015-03-31/functions/\${${cloudFunctionId}.Arn}/invocations`,
+    };
+    const { scopes: authScopes = ["phone", "email", "openid", "profile"], type: authType = "COGNITO_USER_POOLS", providerARNs, identitySource = "method.request.header.authorization", } = !!authorizer &&
+        typeof authorizer === "object"
+        ? authorizer
+        : {};
+    const authorizerId = `${id}CustomAuthorizer`;
+    const authProps = !!authorizer
+        ? {
+            AuthorizationScopes: authScopes,
+            AuthorizationType: authType === exports.DEFAULT_AUTH_TYPE ? exports.DEFAULT_AUTH_TYPE : "CUSTOM",
+            AuthorizerId: {
+                Ref: authorizerId,
+            },
+        }
+        : {
+            AuthorizationType: "NONE",
+        };
+    const fullDeploymentId = `${id}GatewayRESTAPIDeployment${deploymentSuffix}`;
+    return new SimpleCFT_1.SimpleCFT()
+        .patch({
+        Resources: {
+            // REST API
+            [id]: {
+                Type: "AWS::ApiGateway::RestApi",
+                Properties: {
+                    Name: {
+                        "Fn::Sub": `\${AWS::StackName}-${id}GatewayRESTAPI`,
+                    },
+                    EndpointConfiguration: {
+                        Types: ["EDGE"],
+                    },
+                },
+            },
+            [`${id}GatewayRESTAPIResource`]: {
+                Type: "AWS::ApiGateway::Resource",
+                DependsOn: id,
+                Properties: {
+                    ParentId: {
+                        "Fn::GetAtt": [id, "RootResourceId"],
+                    },
+                    PathPart: "{proxy+}",
+                    RestApiId: {
+                        Ref: id,
+                    },
+                },
+            },
+            [`${id}GatewayRESTAPIMethod`]: {
+                Type: "AWS::ApiGateway::Method",
+                DependsOn: `${id}GatewayRESTAPIResource`,
+                Properties: {
+                    ...authProps,
+                    HttpMethod: "ANY",
+                    ResourceId: {
+                        Ref: `${id}GatewayRESTAPIResource`,
+                    },
+                    RestApiId: {
+                        Ref: id,
+                    },
+                    Integration: {
+                        Type: "AWS_PROXY",
+                        IntegrationHttpMethod: "POST",
+                        Uri: cloudFunctionUri,
+                    },
+                },
+            },
+            [`${id}GatewayRESTAPIRootMethod`]: {
+                Type: "AWS::ApiGateway::Method",
+                DependsOn: `${id}GatewayRESTAPIResource`,
+                Properties: {
+                    ...authProps,
+                    HttpMethod: "ANY",
+                    ResourceId: {
+                        "Fn::GetAtt": [id, "RootResourceId"],
+                    },
+                    RestApiId: {
+                        Ref: id,
+                    },
+                    Integration: {
+                        Type: "AWS_PROXY",
+                        IntegrationHttpMethod: "POST",
+                        Uri: cloudFunctionUri,
+                    },
+                },
+            },
+        },
+    })
+        .patch({
+        Resources: {
+            // CORS
+            [`${id}GatewayRESTAPIOPTIONSMethod`]: {
+                Type: "AWS::ApiGateway::Method",
+                DependsOn: `${id}GatewayRESTAPIResource`,
+                Properties: {
+                    AuthorizationType: "NONE",
+                    HttpMethod: "OPTIONS",
+                    ResourceId: {
+                        Ref: `${id}GatewayRESTAPIResource`,
+                    },
+                    RestApiId: {
+                        Ref: id,
+                    },
+                    Integration: {
+                        Type: "AWS_PROXY",
+                        IntegrationHttpMethod: "POST",
+                        Uri: cloudFunctionUri,
+                    },
+                },
+            },
+            [`${id}GatewayRESTAPIRootOPTIONSMethod`]: {
+                Type: "AWS::ApiGateway::Method",
+                DependsOn: `${id}GatewayRESTAPIResource`,
+                Properties: {
+                    AuthorizationType: "NONE",
+                    HttpMethod: "OPTIONS",
+                    ResourceId: {
+                        "Fn::GetAtt": [id, "RootResourceId"],
+                    },
+                    RestApiId: {
+                        Ref: id,
+                    },
+                    Integration: {
+                        Type: "AWS_PROXY",
+                        IntegrationHttpMethod: "POST",
+                        Uri: cloudFunctionUri,
+                    },
+                },
+            },
+            [`${id}GatewayResponseDefault4XX`]: {
+                Type: "AWS::ApiGateway::GatewayResponse",
+                Properties: {
+                    ResponseParameters: {
+                        // Not authorized, so just allow the current origin by mapping it into the header.
+                        "gatewayresponse.header.Access-Control-Allow-Origin": "method.request.header.origin",
+                        "gatewayresponse.header.Access-Control-Allow-Credentials": "'true'",
+                        "gatewayresponse.header.Access-Control-Allow-Headers": "'*'",
+                    },
+                    ResponseType: "DEFAULT_4XX",
+                    RestApiId: {
+                        Ref: id,
+                    },
+                },
+            },
+        },
+    })
+        .patch({
+        Resources: {
+            // SUPPORTING RESOURCES
+            [fullDeploymentId]: {
+                Type: "AWS::ApiGateway::Deployment",
+                DependsOn: [
+                    `${id}GatewayRESTAPIResource`,
+                    `${id}GatewayRESTAPIMethod`,
+                    `${id}GatewayRESTAPIRootMethod`,
+                    id,
+                    cloudFunctionId,
+                ],
+                Properties: {
+                    RestApiId: {
+                        Ref: id,
+                    },
+                },
+            },
+            [`${id}CloudWatch`]: {
+                Type: "AWS::Logs::LogGroup",
+                Properties: {
+                    LogGroupName: {
+                        "Fn::Sub": `\${AWS::StackName}-${id}GatewayLogs`,
+                    },
+                },
+            },
+            [`${id}CloudWatchRole`]: {
+                Type: "AWS::IAM::Role",
+                Properties: {
+                    AssumeRolePolicyDocument: {
+                        Version: "2012-10-17",
+                        Statement: [
+                            {
+                                Effect: "Allow",
+                                Principal: {
+                                    Service: ["apigateway.amazonaws.com"],
+                                },
+                                Action: "sts:AssumeRole",
+                            },
+                        ],
+                    },
+                    Path: "/",
+                    ManagedPolicyArns: [
+                        "arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs",
+                    ],
+                },
+            },
+            [`${id}CloudWatchAccount`]: {
+                Type: "AWS::ApiGateway::Account",
+                Properties: {
+                    CloudWatchRoleArn: {
+                        "Fn::GetAtt": [`${id}CloudWatchRole`, "Arn"],
+                    },
+                },
+            },
+            [`${id}GatewayRESTAPIEnvironment`]: {
+                Type: "AWS::ApiGateway::Stage",
+                DependsOn: [`${id}CloudWatchAccount`, fullDeploymentId],
+                Properties: {
+                    AccessLogSetting: {
+                        DestinationArn: {
+                            "Fn::GetAtt": [`${id}CloudWatch`, "Arn"],
+                        },
+                        Format: '{"requestId":"$context.requestId","ip":"$context.identity.sourceIp","caller":"$context.identity.caller","user":"$context.identity.user","requestTime":"$context.requestTime","httpMethod":"$context.httpMethod","resourcePath":"$context.resourcePath","status":"$context.status","protocol":"$context.protocol","responseLength":"$context.responseLength","apiGatewayErrorMessage":"$context.error.message"}',
+                    },
+                    DeploymentId: {
+                        Ref: fullDeploymentId,
+                    },
+                    RestApiId: {
+                        Ref: id,
+                    },
+                    StageName: stageName,
+                },
+            },
+        },
+    })
+        .patch({
+        Resources: {
+            // DNS
+            [`${id}DomainName`]: {
+                Type: "AWS::ApiGateway::DomainName",
+                Properties: {
+                    CertificateArn: certificateArn,
+                    DomainName: domainName,
+                    EndpointConfiguration: {
+                        Types: ["EDGE"],
+                    },
+                },
+            },
+            [`${id}DomainNameBasePathMapping`]: {
+                Type: "AWS::ApiGateway::BasePathMapping",
+                DependsOn: [
+                    id,
+                    `${id}GatewayRESTAPIEnvironment`,
+                    `${id}DomainName`,
+                ],
+                Properties: {
+                    DomainName: domainName,
+                    RestApiId: {
+                        Ref: id,
+                    },
+                    Stage: stageName,
+                },
+            },
+            [`${id}Route53Record`]: {
+                Type: "AWS::Route53::RecordSet",
+                DependsOn: `${id}DomainName`,
+                Properties: {
+                    HostedZoneId: hostedZoneId,
+                    Type: "A",
+                    Name: {
+                        "Fn::Sub": [
+                            "${DomainName}.",
+                            {
+                                DomainName: domainName,
+                            },
+                        ],
+                    },
+                    AliasTarget: {
+                        HostedZoneId: "Z2FDTNDATAQYW2",
+                        DNSName: {
+                            "Fn::Sub": [
+                                "${DomainName}.",
+                                {
+                                    DomainName: {
+                                        "Fn::GetAtt": [
+                                            `${id}DomainName`,
+                                            "DistributionDomainName",
+                                        ],
+                                    },
+                                },
+                            ],
+                        },
+                    },
+                },
+            },
+        },
+    })
+        .patch({
+        Resources: {
+            // PERMISSIONS
+            [`${id}CloudFunctionANYResourcePermission`]: {
+                Type: "AWS::Lambda::Permission",
+                Properties: {
+                    Action: "lambda:InvokeFunction",
+                    Principal: "apigateway.amazonaws.com",
+                    FunctionName: {
+                        "Fn::GetAtt": [cloudFunctionId, "Arn"],
+                    },
+                    SourceArn: {
+                        "Fn::Sub": [
+                            "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/*",
+                            {
+                                __Stage__: stageName,
+                                __ApiId__: {
+                                    Ref: id,
+                                },
+                            },
+                        ],
+                    },
+                },
+            },
+        },
+    })
+        .patch(!!authorizer
+        ? {
+            Resources: {
+                // AUTHORIZER
+                [`${id}CustomAuthorizer`]: {
+                    Type: "AWS::ApiGateway::Authorizer",
+                    Properties: {
+                        IdentitySource: identitySource,
+                        Name: `${id}CustomAuthorizer`,
+                        ProviderARNs: providerARNs,
+                        RestApiId: {
+                            Ref: id,
+                        },
+                        Type: "COGNITO_USER_POOLS",
+                    },
+                },
+            },
+        }
+        : {}).template;
+});

package/src/iac/packs/index.d.ts

@@ -0,0 +1,11 @@
+export * from "./auth";
+export * from "./build";
+export * from "./build/utils";
+export * from "./cdn";
+export * from "./cloud-function";
+export * from "./database";
+export * from "./dns";
+export * from "./file-storage";
+export * from "./gateway";
+export * from "./repo";
+export * from "./ssl-certificate";

package/src/iac/packs/index.js

@@ -0,0 +1,27 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./auth"), exports);
+__exportStar(require("./build"), exports);
+__exportStar(require("./build/utils"), exports);
+__exportStar(require("./cdn"), exports);
+__exportStar(require("./cloud-function"), exports);
+__exportStar(require("./database"), exports);
+__exportStar(require("./dns"), exports);
+__exportStar(require("./file-storage"), exports);
+__exportStar(require("./gateway"), exports);
+__exportStar(require("./repo"), exports);
+__exportStar(require("./ssl-certificate"), exports);

package/src/iac/packs/repo.d.ts

@@ -0,0 +1,10 @@
+export type AddRepoConfig = {
+    repoOwnerParameterName: string;
+    repoNameParameterName: string;
+    repoBranchParameterName: string;
+    repoTokenParameterName: string;
+};
+/**
+ * Add repository related parameters for reference in other resources like a build pipeline (CI/CD).
+ * */
+export declare const addRepo: import("../utils").ResourcePackApplier<AddRepoConfig>;

package/src/iac/packs/repo.js

@@ -0,0 +1,34 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.addRepo = void 0;
+const utils_1 = require("../utils");
+const SimpleCFT_1 = require("../SimpleCFT");
+/**
+ * Add repository related parameters for reference in other resources like a build pipeline (CI/CD).
+ * */
+exports.addRepo = (0, utils_1.createResourcePack)(({ repoOwnerParameterName, repoNameParameterName, repoBranchParameterName, repoTokenParameterName, }) => new SimpleCFT_1.SimpleCFT().addParameterGroup({
+    Label: "Repository",
+    Parameters: {
+        [repoOwnerParameterName]: {
+            Label: "RepoOwner",
+            Type: "String",
+            Description: "The owner of the repository",
+        },
+        [repoNameParameterName]: {
+            Label: "RepoName",
+            Type: "String",
+            Description: "The name of the repository",
+        },
+        [repoBranchParameterName]: {
+            Label: "RepoBranch",
+            Type: "String",
+            Description: "The branch of the repository",
+        },
+        [repoTokenParameterName]: {
+            Label: "RepoToken",
+            Type: "String",
+            Description: "The token of the repository",
+            NoEcho: true,
+        },
+    },
+}).template);

package/src/iac/packs/ssl-certificate.d.ts

@@ -0,0 +1,10 @@
+export type AddSSLCertificateConfig = {
+    id: string;
+    domainName: any;
+    hostedZoneId: any;
+    includeWildCard?: boolean;
+};
+/**
+ * Add an automatic SSL Certificate for a domain and all of it's subdomains.
+ * */
+export declare const addSSLCertificate: import("../utils").ResourcePackApplier<AddSSLCertificateConfig>;

package/src/iac/packs/ssl-certificate.js

@@ -0,0 +1,36 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.addSSLCertificate = void 0;
+const utils_1 = require("../utils");
+/**
+ * Add an automatic SSL Certificate for a domain and all of it's subdomains.
+ * */
+exports.addSSLCertificate = (0, utils_1.createResourcePack)(({ id, domainName, hostedZoneId, includeWildCard = true, }) => ({
+    Resources: {
+        [id]: {
+            Type: "AWS::CertificateManager::Certificate",
+            Properties: {
+                DomainName: domainName,
+                ValidationMethod: "DNS",
+                DomainValidationOptions: [
+                    {
+                        DomainName: domainName,
+                        HostedZoneId: hostedZoneId,
+                    },
+                ],
+                SubjectAlternativeNames: includeWildCard
+                    ? [
+                        {
+                            "Fn::Sub": [
+                                "*.${BaseDomainName}",
+                                {
+                                    BaseDomainName: domainName,
+                                },
+                            ],
+                        },
+                    ]
+                    : undefined,
+            },
+        },
+    },
+}));

package/src/iac/types/CloudFormationResourceSpecification.d.ts

@@ -0,0 +1,2 @@
+import { CloudFormationResourceSpecification } from "./Types";
+export declare const CloudFormationResourceSpecificationData: CloudFormationResourceSpecification;

package/src/iac/types/Constants.d.ts

@@ -0,0 +1,9 @@
+export declare const NEVER_TYPE = "never";
+export declare const NAMESPACE_DELIMITERS: {
+    INPUT_REGEX: RegExp;
+    INPUT: string;
+    OUTPUT: string;
+};
+export declare const TAG_TYPE = "Tag";
+export declare const CONTAINER_TYPES: string[];
+export declare const PRIMITIVE_TYPE_MAP: Record<string, string>;

package/src/iac/types/Constants.js

@@ -0,0 +1,20 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PRIMITIVE_TYPE_MAP = exports.CONTAINER_TYPES = exports.TAG_TYPE = exports.NAMESPACE_DELIMITERS = exports.NEVER_TYPE = void 0;
+exports.NEVER_TYPE = 'never';
+exports.NAMESPACE_DELIMITERS = {
+    INPUT_REGEX: /::/gim,
+    INPUT: '::',
+    OUTPUT: '.',
+};
+exports.TAG_TYPE = 'Tag';
+exports.CONTAINER_TYPES = ['List', 'Map'];
+exports.PRIMITIVE_TYPE_MAP = {
+    String: 'string',
+    Integer: 'number',
+    Boolean: 'boolean',
+    Double: 'number',
+    Json: 'Json',
+    Timestamp: 'Timestamp',
+    Long: 'number',
+};