@resistdesign/voltra 3.0.0-alpha.16 → 3.0.0-alpha.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (33) hide show
  1. package/README.md +2 -2
  2. package/api/Indexing/API.d.ts +15 -27
  3. package/api/ORM/index.d.ts +0 -1
  4. package/api/index.d.ts +11 -15
  5. package/api/index.js +1 -163
  6. package/app/index.d.ts +5 -7
  7. package/app/index.js +2 -63
  8. package/app/utils/Route.d.ts +1 -1
  9. package/build/index.d.ts +9 -1
  10. package/common/TypeParsing/index.d.ts +3 -3
  11. package/common/index.d.ts +17 -48
  12. package/common/index.js +21 -890
  13. package/iac/SimpleCFT.d.ts +1 -1
  14. package/iac/index.d.ts +12 -10
  15. package/iac/index.js +2 -1405
  16. package/iac/packs/auth/user-management.d.ts +38 -14
  17. package/iac/packs/auth.d.ts +42 -22
  18. package/iac/packs/build.d.ts +2 -1
  19. package/iac/packs/cdn.d.ts +2 -1
  20. package/iac/packs/cloud-function.d.ts +3 -1
  21. package/iac/packs/database.d.ts +2 -1
  22. package/iac/packs/dns.d.ts +2 -1
  23. package/iac/packs/file-storage.d.ts +2 -1
  24. package/iac/packs/gateway.d.ts +3 -1
  25. package/iac/packs/index.d.ts +44 -0
  26. package/iac/packs/index.js +93 -91
  27. package/iac/packs/repo.d.ts +2 -1
  28. package/iac/packs/ssl-certificate.d.ts +2 -1
  29. package/native/index.d.ts +5 -7
  30. package/native/index.js +1 -46
  31. package/package.json +1 -1
  32. package/web/index.d.ts +5 -7
  33. package/web/index.js +1 -26
package/iac/index.js CHANGED
@@ -1,45 +1,5 @@
1
1
  import YAML from 'yaml';
2
2
 
3
- var __defProp = Object.defineProperty;
4
- var __export = (target, all) => {
5
- for (var name in all)
6
- __defProp(target, name, { get: all[name], enumerable: true });
7
- };
8
-
9
- // src/iac/packs/index.ts
10
- var packs_exports = {};
11
- __export(packs_exports, {
12
- COMMAND_HELPERS: () => COMMAND_HELPERS,
13
- DEFAULT_AUTH_TYPE: () => DEFAULT_AUTH_TYPE,
14
- DEFAULT_BUILD_PIPELINE_REPO_PROVIDER: () => DEFAULT_BUILD_PIPELINE_REPO_PROVIDER,
15
- PLACEHOLDER_FUNCTION_CODE: () => PLACEHOLDER_FUNCTION_CODE,
16
- addAuth: () => addAuth,
17
- addBuildPipeline: () => addBuildPipeline,
18
- addCDN: () => addCDN,
19
- addCloudFunction: () => addCloudFunction,
20
- addDNS: () => addDNS,
21
- addDatabase: () => addDatabase,
22
- addGateway: () => addGateway,
23
- addRepo: () => addRepo,
24
- addSSLCertificate: () => addSSLCertificate,
25
- addSecureFileStorage: () => addSecureFileStorage,
26
- createBuildSpec: () => createBuildSpec
27
- });
28
-
29
- // src/iac/utils/index.ts
30
- var utils_exports = {};
31
- __export(utils_exports, {
32
- DEFAULT_MERGE_STRATEGY: () => DEFAULT_MERGE_STRATEGY,
33
- addParameter: () => addParameter,
34
- addParameters: () => addParameters,
35
- createResourcePack: () => createResourcePack,
36
- getValuePathArray: () => getValuePathArray,
37
- getValuePathString: () => getValuePathString,
38
- isConstructedFrom: () => isConstructedFrom,
39
- mergeValues: () => mergeValues,
40
- patchTemplate: () => patchTemplate
41
- });
42
-
43
3
  // src/iac/utils/patch-utils.ts
44
4
  var DEFAULT_MERGE_STRATEGY = "transpose";
45
5
  var getValuePathString = (valuePathArray = []) => valuePathArray.map((p) => encodeURIComponent(p)).join("/");
@@ -208,314 +168,6 @@ var createResourcePack = (creator) => (params, template) => {
208
168
  const patch = creator(params);
209
169
  return patchTemplate(patch, template);
210
170
  };
211
-
212
- // src/iac/packs/auth/user-management.ts
213
- var addUserManagement = createResourcePack(
214
- ({
215
- id,
216
- authRoleName,
217
- unauthRoleName,
218
- domainName,
219
- hostedZoneId,
220
- sslCertificateArn,
221
- callbackUrls,
222
- logoutUrls,
223
- baseDomainRecordAliasTargetDNSName,
224
- apiGatewayRESTAPIId,
225
- apiStageName
226
- }) => {
227
- const apiRoleConfig = apiGatewayRESTAPIId && apiStageName ? {
228
- [`${id}IdentityPoolRoles`]: {
229
- Type: "AWS::Cognito::IdentityPoolRoleAttachment",
230
- Properties: {
231
- IdentityPoolId: {
232
- Ref: `${id}IdentityPool`
233
- },
234
- Roles: {
235
- authenticated: {
236
- "Fn::GetAtt": [`${id}AuthRole`, "Arn"]
237
- },
238
- unauthenticated: {
239
- "Fn::GetAtt": [`${id}UnauthRole`, "Arn"]
240
- }
241
- }
242
- }
243
- },
244
- [`${id}AuthRole`]: {
245
- Type: "AWS::IAM::Role",
246
- Properties: {
247
- RoleName: authRoleName,
248
- Path: "/",
249
- AssumeRolePolicyDocument: {
250
- Version: "2012-10-17",
251
- Statement: [
252
- {
253
- Effect: "Allow",
254
- Principal: {
255
- Federated: "cognito-identity.amazonaws.com"
256
- },
257
- Action: ["sts:AssumeRoleWithWebIdentity"],
258
- Condition: {
259
- StringEquals: {
260
- "cognito-identity.amazonaws.com:aud": {
261
- Ref: `${id}IdentityPool`
262
- }
263
- },
264
- "ForAnyValue:StringLike": {
265
- "cognito-identity.amazonaws.com:amr": "authenticated"
266
- }
267
- }
268
- }
269
- ]
270
- },
271
- Policies: [
272
- {
273
- PolicyName: "CognitoAuthorizedPolicy",
274
- PolicyDocument: {
275
- Version: "2012-10-17",
276
- Statement: [
277
- {
278
- Effect: "Allow",
279
- Action: [
280
- "mobileanalytics:PutEvents",
281
- "cognito-sync:*",
282
- "cognito-identity:*"
283
- ],
284
- Resource: "*"
285
- },
286
- {
287
- Effect: "Allow",
288
- Action: ["execute-api:Invoke"],
289
- Resource: {
290
- "Fn::Sub": [
291
- "arn:aws:execute-api:${Region}:${AccountId}:${APIID}/${StageName}/${HTTPVerb}/api/*",
292
- {
293
- Region: {
294
- Ref: "AWS::Region"
295
- },
296
- AccountId: {
297
- Ref: "AWS::AccountId"
298
- },
299
- APIID: apiGatewayRESTAPIId,
300
- StageName: apiStageName,
301
- HTTPVerb: "*"
302
- }
303
- ]
304
- }
305
- }
306
- ]
307
- }
308
- }
309
- ]
310
- }
311
- },
312
- [`${id}UnauthRole`]: {
313
- Type: "AWS::IAM::Role",
314
- Properties: {
315
- RoleName: unauthRoleName,
316
- Path: "/",
317
- AssumeRolePolicyDocument: {
318
- Version: "2012-10-17",
319
- Statement: [
320
- {
321
- Effect: "Allow",
322
- Principal: {
323
- Federated: "cognito-identity.amazonaws.com"
324
- },
325
- Action: ["sts:AssumeRoleWithWebIdentity"],
326
- Condition: {
327
- StringEquals: {
328
- "cognito-identity.amazonaws.com:aud": {
329
- Ref: `${id}IdentityPool`
330
- }
331
- },
332
- "ForAnyValue:StringLike": {
333
- "cognito-identity.amazonaws.com:amr": "unauthenticated"
334
- }
335
- }
336
- }
337
- ]
338
- },
339
- Policies: [
340
- {
341
- PolicyName: "CognitoUnauthorizedPolicy",
342
- PolicyDocument: {
343
- Version: "2012-10-17",
344
- Statement: [
345
- {
346
- Effect: "Allow",
347
- Action: [
348
- "mobileanalytics:PutEvents",
349
- "cognito-sync:*",
350
- "cognito-identity:*"
351
- ],
352
- Resource: "*"
353
- }
354
- ]
355
- }
356
- }
357
- ]
358
- }
359
- }
360
- } : {};
361
- return {
362
- Resources: {
363
- [id]: {
364
- Type: "AWS::Cognito::UserPool",
365
- Properties: {
366
- UserPoolName: {
367
- "Fn::Sub": [`\${AWS::StackName}${id}`, {}]
368
- },
369
- AccountRecoverySetting: {
370
- RecoveryMechanisms: [
371
- {
372
- Name: "verified_email",
373
- Priority: 1
374
- }
375
- ]
376
- },
377
- AdminCreateUserConfig: {
378
- AllowAdminCreateUserOnly: false,
379
- UnusedAccountValidityDays: 365
380
- },
381
- AutoVerifiedAttributes: ["email"],
382
- AliasAttributes: ["phone_number", "email", "preferred_username"],
383
- Schema: [
384
- {
385
- Name: "email",
386
- Required: true,
387
- Mutable: true
388
- },
389
- {
390
- Name: "given_name",
391
- Required: true,
392
- Mutable: true
393
- },
394
- {
395
- Name: "family_name",
396
- Required: true,
397
- Mutable: true
398
- },
399
- {
400
- Name: "phone_number",
401
- Required: true,
402
- Mutable: true
403
- }
404
- ],
405
- DeviceConfiguration: {
406
- ChallengeRequiredOnNewDevice: true,
407
- DeviceOnlyRememberedOnUserPrompt: false
408
- },
409
- UsernameConfiguration: {
410
- CaseSensitive: false
411
- }
412
- }
413
- },
414
- [`${id}BaseDomainRecord`]: !!baseDomainRecordAliasTargetDNSName ? {
415
- Type: "AWS::Route53::RecordSet",
416
- DeletionPolicy: "Delete",
417
- Properties: {
418
- HostedZoneId: hostedZoneId,
419
- Type: "A",
420
- Name: domainName,
421
- AliasTarget: {
422
- HostedZoneId: "Z2FDTNDATAQYW2",
423
- DNSName: baseDomainRecordAliasTargetDNSName
424
- }
425
- }
426
- } : void 0,
427
- [`${id}DomainRecord`]: {
428
- Type: "AWS::Route53::RecordSet",
429
- DeletionPolicy: "Delete",
430
- Properties: {
431
- HostedZoneId: hostedZoneId,
432
- Type: "A",
433
- Name: {
434
- "Fn::Sub": [
435
- "auth.${BaseDomainName}",
436
- {
437
- BaseDomainName: domainName
438
- }
439
- ]
440
- },
441
- AliasTarget: {
442
- HostedZoneId: "Z2FDTNDATAQYW2",
443
- DNSName: {
444
- "Fn::GetAtt": [`${id}Domain`, "CloudFrontDistribution"]
445
- }
446
- }
447
- }
448
- },
449
- [`${id}Domain`]: {
450
- Type: "AWS::Cognito::UserPoolDomain",
451
- DependsOn: !!baseDomainRecordAliasTargetDNSName ? `${id}BaseDomainRecord` : void 0,
452
- Properties: {
453
- Domain: {
454
- "Fn::Sub": [
455
- "auth.${BaseDomainName}",
456
- {
457
- BaseDomainName: domainName
458
- }
459
- ]
460
- },
461
- UserPoolId: {
462
- Ref: id
463
- },
464
- CustomDomainConfig: {
465
- CertificateArn: sslCertificateArn
466
- }
467
- }
468
- },
469
- [`${id}Client`]: {
470
- Type: "AWS::Cognito::UserPoolClient",
471
- Properties: {
472
- ClientName: {
473
- "Fn::Sub": [`\${AWS::StackName}${id}Client`, {}]
474
- },
475
- UserPoolId: {
476
- Ref: id
477
- },
478
- AllowedOAuthFlowsUserPoolClient: true,
479
- AllowedOAuthFlows: ["code", "implicit"],
480
- AllowedOAuthScopes: [
481
- "openid",
482
- "email",
483
- "phone",
484
- "profile",
485
- "aws.cognito.signin.user.admin"
486
- ],
487
- CallbackURLs: callbackUrls,
488
- LogoutURLs: logoutUrls,
489
- EnableTokenRevocation: true,
490
- PreventUserExistenceErrors: "ENABLED",
491
- SupportedIdentityProviders: ["COGNITO"]
492
- }
493
- },
494
- [`${id}IdentityPool`]: {
495
- Type: "AWS::Cognito::IdentityPool",
496
- Properties: {
497
- IdentityPoolName: {
498
- "Fn::Sub": [`\${AWS::StackName}${id}IdentityPool`, {}]
499
- },
500
- AllowUnauthenticatedIdentities: false,
501
- CognitoIdentityProviders: [
502
- {
503
- ClientId: {
504
- Ref: `${id}Client`
505
- },
506
- ProviderName: {
507
- "Fn::GetAtt": [id, "ProviderName"]
508
- },
509
- ServerSideTokenCheck: true
510
- }
511
- ]
512
- }
513
- },
514
- ...apiRoleConfig
515
- }
516
- };
517
- }
518
- );
519
171
  var SimpleCFT = class {
520
172
  /**
521
173
  * Create a SimpleCFT template wrapper.
@@ -529,7 +181,7 @@ var SimpleCFT = class {
529
181
  }
530
182
  /**
531
183
  * Apply a pack with configuration to the stack template.
532
- * @see {@link IaC} for an example.
184
+ * @see `@resistdesign/voltra/iac` and `@resistdesign/voltra/iac/packs` for examples.
533
185
  * */
534
186
  applyPack = (pack, params) => {
535
187
  this.template = pack(params, this.template);
@@ -603,1059 +255,4 @@ var SimpleCFT = class {
603
255
  });
604
256
  };
605
257
 
606
- // src/iac/packs/auth.ts
607
- var addAuth = createResourcePack(
608
- ({
609
- userManagementId,
610
- authRoleName,
611
- unauthRoleName,
612
- hostedZoneIdParameterName,
613
- domainNameParameterName,
614
- sslCertificateId,
615
- callbackUrls,
616
- logoutUrls,
617
- mainCDNCloudFrontId,
618
- apiCloudFunctionGatewayId,
619
- apiStageName,
620
- adminGroupId,
621
- userManagementAdminGroupName
622
- }) => new SimpleCFT().applyPack(addUserManagement, {
623
- id: userManagementId,
624
- authRoleName,
625
- unauthRoleName,
626
- domainName: {
627
- Ref: domainNameParameterName
628
- },
629
- hostedZoneId: {
630
- Ref: hostedZoneIdParameterName
631
- },
632
- sslCertificateArn: {
633
- Ref: sslCertificateId
634
- },
635
- callbackUrls,
636
- logoutUrls,
637
- baseDomainRecordAliasTargetDNSName: {
638
- "Fn::GetAtt": [mainCDNCloudFrontId, "DomainName"]
639
- },
640
- apiGatewayRESTAPIId: {
641
- Ref: apiCloudFunctionGatewayId
642
- },
643
- apiStageName
644
- }).patch({
645
- Resources: {
646
- [adminGroupId]: {
647
- Type: "AWS::Cognito::UserPoolGroup",
648
- Properties: {
649
- GroupName: userManagementAdminGroupName,
650
- UserPoolId: {
651
- Ref: userManagementId
652
- },
653
- Description: "Application admin group."
654
- }
655
- }
656
- }
657
- }).template
658
- );
659
-
660
- // src/iac/packs/build.ts
661
- var DEFAULT_BUILD_PIPELINE_REPO_PROVIDER = "GitHub";
662
- var addBuildPipeline = createResourcePack(
663
- ({
664
- id,
665
- buildSpec,
666
- dependsOn,
667
- environmentVariables,
668
- timeoutInMinutes = 10,
669
- environmentType = "LINUX_CONTAINER",
670
- environmentComputeType = "BUILD_GENERAL1_SMALL",
671
- environmentImage = "aws/codebuild/nodejs:10.14.1",
672
- repoConfig: {
673
- provider = DEFAULT_BUILD_PIPELINE_REPO_PROVIDER,
674
- owner,
675
- repo,
676
- branch,
677
- oauthToken
678
- }
679
- }) => ({
680
- Resources: {
681
- [`${id}CodeBuildRole`]: {
682
- Type: "AWS::IAM::Role",
683
- Properties: {
684
- AssumeRolePolicyDocument: {
685
- Statement: [
686
- {
687
- Effect: "Allow",
688
- Principal: {
689
- Service: ["codebuild.amazonaws.com"]
690
- },
691
- Action: ["sts:AssumeRole"]
692
- }
693
- ]
694
- },
695
- Path: "/",
696
- Policies: [
697
- {
698
- PolicyName: "codebuild-service",
699
- PolicyDocument: {
700
- Statement: [
701
- {
702
- Effect: "Allow",
703
- Action: "*",
704
- Resource: "*"
705
- }
706
- ],
707
- Version: "2012-10-17"
708
- }
709
- }
710
- ]
711
- }
712
- },
713
- [`${id}CodePipelineRole`]: {
714
- Type: "AWS::IAM::Role",
715
- Properties: {
716
- AssumeRolePolicyDocument: {
717
- Statement: [
718
- {
719
- Effect: "Allow",
720
- Principal: {
721
- Service: ["codepipeline.amazonaws.com"]
722
- },
723
- Action: ["sts:AssumeRole"]
724
- }
725
- ]
726
- },
727
- Path: "/",
728
- Policies: [
729
- {
730
- PolicyName: "codepipeline-service",
731
- PolicyDocument: {
732
- Statement: [
733
- {
734
- Action: ["codebuild:*"],
735
- Resource: "*",
736
- Effect: "Allow"
737
- },
738
- {
739
- Action: [
740
- "s3:GetObject",
741
- "s3:GetObjectVersion",
742
- "s3:GetBucketVersioning"
743
- ],
744
- Resource: "*",
745
- Effect: "Allow"
746
- },
747
- {
748
- Action: ["s3:PutObject"],
749
- Resource: ["arn:aws:s3:::codepipeline*"],
750
- Effect: "Allow"
751
- },
752
- {
753
- Action: ["s3:*", "cloudformation:*", "iam:PassRole"],
754
- Resource: "*",
755
- Effect: "Allow"
756
- }
757
- ],
758
- Version: "2012-10-17"
759
- }
760
- }
761
- ]
762
- }
763
- },
764
- [`${id}PipelineBucket`]: {
765
- Type: "AWS::S3::Bucket",
766
- DeletionPolicy: "Delete",
767
- Properties: {
768
- BucketEncryption: {
769
- ServerSideEncryptionConfiguration: [
770
- {
771
- ServerSideEncryptionByDefault: {
772
- SSEAlgorithm: "AES256"
773
- }
774
- }
775
- ]
776
- },
777
- PublicAccessBlockConfiguration: {
778
- BlockPublicAcls: true,
779
- BlockPublicPolicy: true,
780
- IgnorePublicAcls: true,
781
- RestrictPublicBuckets: true
782
- }
783
- }
784
- },
785
- [`${id}CodeBuildAndDeploy`]: {
786
- Type: "AWS::CodeBuild::Project",
787
- DependsOn: dependsOn,
788
- Properties: {
789
- Name: {
790
- "Fn::Sub": `\${AWS::StackName}-${id}CodeBuildAndDeploy`
791
- },
792
- Description: "Deploy site to S3",
793
- ServiceRole: {
794
- "Fn::GetAtt": [`${id}CodeBuildRole`, "Arn"]
795
- },
796
- Artifacts: {
797
- Type: "CODEPIPELINE"
798
- },
799
- Environment: {
800
- Type: environmentType,
801
- ComputeType: environmentComputeType,
802
- Image: environmentImage,
803
- EnvironmentVariables: environmentVariables
804
- },
805
- Source: {
806
- Type: "CODEPIPELINE",
807
- BuildSpec: buildSpec
808
- },
809
- TimeoutInMinutes: timeoutInMinutes
810
- }
811
- },
812
- [`${id}Pipeline`]: {
813
- Type: "AWS::CodePipeline::Pipeline",
814
- DependsOn: `${id}CodeBuildAndDeploy`,
815
- Properties: {
816
- RoleArn: {
817
- "Fn::GetAtt": [`${id}CodePipelineRole`, "Arn"]
818
- },
819
- Stages: [
820
- {
821
- Name: "Acquire-Source",
822
- Actions: [
823
- {
824
- InputArtifacts: [],
825
- Name: "Source",
826
- ActionTypeId: {
827
- Category: "Source",
828
- Owner: "ThirdParty",
829
- Version: "1",
830
- Provider: provider
831
- },
832
- OutputArtifacts: [
833
- {
834
- Name: "SourceOutput"
835
- }
836
- ],
837
- Configuration: {
838
- Owner: owner,
839
- Repo: repo,
840
- Branch: branch,
841
- OAuthToken: oauthToken
842
- },
843
- RunOrder: 1
844
- }
845
- ]
846
- },
847
- {
848
- Name: "Build-And-Deploy",
849
- Actions: [
850
- {
851
- Name: "Artifact",
852
- ActionTypeId: {
853
- Category: "Build",
854
- Owner: "AWS",
855
- Version: "1",
856
- Provider: "CodeBuild"
857
- },
858
- InputArtifacts: [
859
- {
860
- Name: "SourceOutput"
861
- }
862
- ],
863
- OutputArtifacts: [
864
- {
865
- Name: "DeployOutput"
866
- }
867
- ],
868
- Configuration: {
869
- ProjectName: {
870
- Ref: `${id}CodeBuildAndDeploy`
871
- }
872
- },
873
- RunOrder: 1
874
- }
875
- ]
876
- }
877
- ],
878
- ArtifactStore: {
879
- Type: "S3",
880
- Location: {
881
- Ref: `${id}PipelineBucket`
882
- }
883
- }
884
- }
885
- }
886
- }
887
- })
888
- );
889
- var COMMAND_HELPERS = {
890
- updateFunction: ({
891
- cloudFunctionArn,
892
- codeZipFilePath
893
- }) => `aws lambda update-function-code --function-name "${cloudFunctionArn}" --zip-file "fileb://${codeZipFilePath}"`,
894
- copyDirectoryToS3: ({
895
- s3Domain,
896
- directoryPath
897
- }) => `aws s3 cp --recursive --acl public-read ${directoryPath} s3://${s3Domain}/`,
898
- cloudFrontInvalidation: ({
899
- cloudFrontDistributionId,
900
- pathsToInvalidate = ["/*"]
901
- }) => `aws cloudfront create-invalidation --distribution-id "${cloudFrontDistributionId}" --paths "${pathsToInvalidate.join('" "')}"`,
902
- addNPMTokenWithNPMRC: ({ npmToken }) => `echo '//registry.npmjs.org/:_authToken=${npmToken}' > .npmrc`
903
- };
904
- var createBuildSpec = ({ version = 0.2, phases }) => YAML.stringify(
905
- // TRICKY: Removed all keys with a value of `undefined`.
906
- JSON.parse(
907
- JSON.stringify({
908
- version,
909
- phases
910
- })
911
- )
912
- );
913
-
914
- // src/iac/packs/cdn.ts
915
- var addCDN = createResourcePack(
916
- ({
917
- id,
918
- hostedZoneId,
919
- domainName,
920
- certificateArn,
921
- fileStorageId
922
- }) => {
923
- const oacId = `${id}OriginAccessControl`;
924
- return {
925
- Resources: {
926
- [oacId]: {
927
- Type: "AWS::CloudFront::OriginAccessControl",
928
- Properties: {
929
- OriginAccessControlConfig: {
930
- Name: oacId,
931
- OriginAccessControlOriginType: "s3",
932
- SigningBehavior: "always",
933
- SigningProtocol: "sigv4"
934
- }
935
- }
936
- },
937
- [id]: {
938
- Type: "AWS::CloudFront::Distribution",
939
- DependsOn: fileStorageId,
940
- Properties: {
941
- DistributionConfig: {
942
- Aliases: [domainName],
943
- ViewerCertificate: {
944
- AcmCertificateArn: certificateArn,
945
- SslSupportMethod: "sni-only",
946
- MinimumProtocolVersion: "TLSv1.1_2016"
947
- },
948
- DefaultCacheBehavior: {
949
- ForwardedValues: {
950
- QueryString: false
951
- },
952
- TargetOriginId: {
953
- "Fn::Sub": [
954
- "S3-${S3BucketName}",
955
- {
956
- S3BucketName: domainName
957
- }
958
- ]
959
- },
960
- ViewerProtocolPolicy: "redirect-to-https"
961
- },
962
- DefaultRootObject: "index.html",
963
- Enabled: true,
964
- IPV6Enabled: false,
965
- HttpVersion: "http2",
966
- Origins: [
967
- {
968
- DomainName: {
969
- "Fn::Sub": [
970
- "${S3BucketName}.s3.amazonaws.com",
971
- {
972
- S3BucketName: domainName
973
- }
974
- ]
975
- },
976
- Id: {
977
- "Fn::Sub": [
978
- "S3-${S3BucketName}",
979
- {
980
- S3BucketName: domainName
981
- }
982
- ]
983
- },
984
- OriginAccessControlId: { Ref: oacId },
985
- S3OriginConfig: {
986
- OriginAccessIdentity: ""
987
- }
988
- }
989
- ],
990
- CustomErrorResponses: [
991
- {
992
- ErrorCachingMinTTL: 300,
993
- ErrorCode: 404,
994
- ResponseCode: 200,
995
- ResponsePagePath: "/index.html"
996
- },
997
- {
998
- ErrorCachingMinTTL: 300,
999
- ErrorCode: 403,
1000
- ResponseCode: 200,
1001
- ResponsePagePath: "/index.html"
1002
- }
1003
- ],
1004
- PriceClass: "PriceClass_All"
1005
- }
1006
- }
1007
- },
1008
- [`${id}Route53Record`]: {
1009
- Type: "AWS::Route53::RecordSet",
1010
- DependsOn: [id],
1011
- Properties: {
1012
- HostedZoneId: hostedZoneId,
1013
- Type: "A",
1014
- Name: {
1015
- "Fn::Sub": [
1016
- "${DomainName}.",
1017
- {
1018
- DomainName: domainName
1019
- }
1020
- ]
1021
- },
1022
- AliasTarget: {
1023
- HostedZoneId: "Z2FDTNDATAQYW2",
1024
- DNSName: {
1025
- "Fn::Sub": [
1026
- "${DomainName}.",
1027
- {
1028
- DomainName: {
1029
- "Fn::GetAtt": [id, "DomainName"]
1030
- }
1031
- }
1032
- ]
1033
- }
1034
- }
1035
- }
1036
- }
1037
- }
1038
- };
1039
- }
1040
- );
1041
-
1042
- // src/iac/packs/cloud-function.ts
1043
- var PLACEHOLDER_FUNCTION_CODE = {
1044
- ZipFile: `module.exports = {handler: async () => ({
1045
- statusCode: 200,
1046
- headers: {'Content-Type': 'application/json'},
1047
- body: '"You did it!"'
1048
- })};
1049
- `
1050
- };
1051
- var addCloudFunction = createResourcePack(
1052
- ({
1053
- id,
1054
- code = PLACEHOLDER_FUNCTION_CODE,
1055
- environment = {
1056
- Variables: {
1057
- NODE_ENV: "production"
1058
- }
1059
- },
1060
- handler = "index.handler",
1061
- runtime = "nodejs26.x",
1062
- timeout = 30,
1063
- policies = [
1064
- {
1065
- PolicyName: "lambda-parameter-store",
1066
- PolicyDocument: {
1067
- Version: "2012-10-17",
1068
- Statement: [
1069
- {
1070
- Effect: "Allow",
1071
- Action: ["*"],
1072
- Resource: "*"
1073
- }
1074
- ]
1075
- }
1076
- }
1077
- ],
1078
- memorySize = 128
1079
- }) => {
1080
- return {
1081
- Resources: {
1082
- [`${id}Role`]: {
1083
- Type: "AWS::IAM::Role",
1084
- Properties: {
1085
- ManagedPolicyArns: [
1086
- "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
1087
- ],
1088
- AssumeRolePolicyDocument: {
1089
- Version: "2012-10-17",
1090
- Statement: [
1091
- {
1092
- Action: ["sts:AssumeRole"],
1093
- Effect: "Allow",
1094
- Principal: {
1095
- Service: ["lambda.amazonaws.com"]
1096
- }
1097
- }
1098
- ]
1099
- },
1100
- Policies: policies
1101
- }
1102
- },
1103
- [id]: {
1104
- Type: "AWS::Lambda::Function",
1105
- Properties: {
1106
- Timeout: timeout,
1107
- Code: code,
1108
- Environment: environment,
1109
- Handler: handler,
1110
- Role: {
1111
- "Fn::GetAtt": [`${id}Role`, "Arn"]
1112
- },
1113
- Runtime: runtime,
1114
- MemorySize: memorySize
1115
- }
1116
- }
1117
- }
1118
- };
1119
- }
1120
- );
1121
-
1122
- // src/iac/packs/database.ts
1123
- var addDatabase = createResourcePack(
1124
- ({
1125
- tableId,
1126
- tableName,
1127
- keys,
1128
- attributes,
1129
- billingMode = "PAY_PER_REQUEST"
1130
- }) => new SimpleCFT().patch({
1131
- Resources: {
1132
- [tableId]: {
1133
- Type: "AWS::DynamoDB::Table",
1134
- Properties: {
1135
- TableName: tableName,
1136
- AttributeDefinitions: Object.keys(attributes).map(
1137
- (attributeName) => ({
1138
- AttributeName: attributeName,
1139
- AttributeType: attributes[attributeName]
1140
- })
1141
- ),
1142
- KeySchema: Object.keys(keys).map((keyName) => ({
1143
- AttributeName: keyName,
1144
- KeyType: keys[keyName]
1145
- })),
1146
- BillingMode: billingMode
1147
- }
1148
- }
1149
- }
1150
- }).template
1151
- );
1152
-
1153
- // src/iac/packs/dns.ts
1154
- var addDNS = createResourcePack(
1155
- ({
1156
- id,
1157
- hostedZoneId,
1158
- domainName,
1159
- resourceRecords,
1160
- recordType = "A"
1161
- }) => {
1162
- let cft = new SimpleCFT().patch({
1163
- Resources: {
1164
- [id]: {
1165
- Type: "AWS::Route53::RecordSet",
1166
- Properties: {
1167
- HostedZoneId: hostedZoneId,
1168
- Type: recordType,
1169
- Name: domainName,
1170
- ResourceRecords: resourceRecords,
1171
- TTL: "300"
1172
- }
1173
- }
1174
- }
1175
- });
1176
- return cft.template;
1177
- }
1178
- );
1179
-
1180
- // src/iac/packs/file-storage.ts
1181
- var addSecureFileStorage = createResourcePack(
1182
- ({
1183
- id,
1184
- bucketName,
1185
- shouldDelete = true,
1186
- blockPublicAccess = true,
1187
- cors = false,
1188
- accessControl = void 0,
1189
- allowACLs = false
1190
- }) => {
1191
- return {
1192
- Resources: {
1193
- [id]: {
1194
- Type: "AWS::S3::Bucket",
1195
- DeletionPolicy: shouldDelete ? "Delete" : "Retain",
1196
- Properties: {
1197
- BucketName: bucketName,
1198
- AccessControl: accessControl,
1199
- OwnershipControls: allowACLs ? {
1200
- Rules: [
1201
- {
1202
- ObjectOwnership: "ObjectWriter"
1203
- }
1204
- ]
1205
- } : void 0,
1206
- CorsConfiguration: typeof cors === "object" ? cors : cors === true ? {
1207
- CorsRules: [
1208
- {
1209
- AllowedHeaders: ["*"],
1210
- AllowedMethods: [
1211
- "GET",
1212
- "PUT",
1213
- "POST",
1214
- "DELETE",
1215
- "HEAD"
1216
- ],
1217
- AllowedOrigins: ["*"]
1218
- }
1219
- ]
1220
- } : void 0,
1221
- BucketEncryption: {
1222
- ServerSideEncryptionConfiguration: [
1223
- {
1224
- ServerSideEncryptionByDefault: {
1225
- SSEAlgorithm: "AES256"
1226
- }
1227
- }
1228
- ]
1229
- },
1230
- PublicAccessBlockConfiguration: blockPublicAccess ? {
1231
- BlockPublicAcls: true,
1232
- BlockPublicPolicy: true,
1233
- IgnorePublicAcls: true,
1234
- RestrictPublicBuckets: true
1235
- } : {
1236
- BlockPublicAcls: false,
1237
- BlockPublicPolicy: false,
1238
- IgnorePublicAcls: false,
1239
- RestrictPublicBuckets: false
1240
- }
1241
- }
1242
- }
1243
- }
1244
- };
1245
- }
1246
- );
1247
-
1248
- // src/iac/packs/gateway.ts
1249
- var DEFAULT_AUTH_TYPE = "COGNITO_USER_POOLS";
1250
- var addGateway = createResourcePack(
1251
- ({
1252
- id,
1253
- hostedZoneId,
1254
- domainName,
1255
- certificateArn,
1256
- cloudFunction: {
1257
- id: cloudFunctionId,
1258
- region: cloudFunctionRegion = "${AWS::Region}"
1259
- },
1260
- stageName = "production",
1261
- authorizer,
1262
- deploymentSuffix = ""
1263
- }) => {
1264
- const cloudFunctionUri = {
1265
- "Fn::Sub": `arn:aws:apigateway:${cloudFunctionRegion}:lambda:path/2015-03-31/functions/\${${cloudFunctionId}.Arn}/invocations`
1266
- };
1267
- const {
1268
- scopes: authScopes = ["phone", "email", "openid", "profile"],
1269
- type: authType = "COGNITO_USER_POOLS",
1270
- providerARNs,
1271
- identitySource = "method.request.header.authorization"
1272
- } = !!authorizer && typeof authorizer === "object" ? authorizer : {};
1273
- const authorizerId = `${id}CustomAuthorizer`;
1274
- const authProps = !!authorizer ? {
1275
- AuthorizationScopes: authScopes,
1276
- AuthorizationType: authType === DEFAULT_AUTH_TYPE ? DEFAULT_AUTH_TYPE : "CUSTOM",
1277
- AuthorizerId: {
1278
- Ref: authorizerId
1279
- }
1280
- } : {
1281
- AuthorizationType: "NONE"
1282
- };
1283
- const fullDeploymentId = `${id}GatewayRESTAPIDeployment${deploymentSuffix}`;
1284
- return new SimpleCFT().patch({
1285
- Resources: {
1286
- // REST API
1287
- [id]: {
1288
- Type: "AWS::ApiGateway::RestApi",
1289
- Properties: {
1290
- Name: {
1291
- "Fn::Sub": `\${AWS::StackName}-${id}GatewayRESTAPI`
1292
- },
1293
- EndpointConfiguration: {
1294
- Types: ["EDGE"]
1295
- }
1296
- }
1297
- },
1298
- [`${id}GatewayRESTAPIResource`]: {
1299
- Type: "AWS::ApiGateway::Resource",
1300
- DependsOn: id,
1301
- Properties: {
1302
- ParentId: {
1303
- "Fn::GetAtt": [id, "RootResourceId"]
1304
- },
1305
- PathPart: "{proxy+}",
1306
- RestApiId: {
1307
- Ref: id
1308
- }
1309
- }
1310
- },
1311
- [`${id}GatewayRESTAPIMethod`]: {
1312
- Type: "AWS::ApiGateway::Method",
1313
- DependsOn: `${id}GatewayRESTAPIResource`,
1314
- Properties: {
1315
- ...authProps,
1316
- HttpMethod: "ANY",
1317
- ResourceId: {
1318
- Ref: `${id}GatewayRESTAPIResource`
1319
- },
1320
- RestApiId: {
1321
- Ref: id
1322
- },
1323
- Integration: {
1324
- Type: "AWS_PROXY",
1325
- IntegrationHttpMethod: "POST",
1326
- Uri: cloudFunctionUri
1327
- }
1328
- }
1329
- },
1330
- [`${id}GatewayRESTAPIRootMethod`]: {
1331
- Type: "AWS::ApiGateway::Method",
1332
- DependsOn: `${id}GatewayRESTAPIResource`,
1333
- Properties: {
1334
- ...authProps,
1335
- HttpMethod: "ANY",
1336
- ResourceId: {
1337
- "Fn::GetAtt": [id, "RootResourceId"]
1338
- },
1339
- RestApiId: {
1340
- Ref: id
1341
- },
1342
- Integration: {
1343
- Type: "AWS_PROXY",
1344
- IntegrationHttpMethod: "POST",
1345
- Uri: cloudFunctionUri
1346
- }
1347
- }
1348
- }
1349
- }
1350
- }).patch({
1351
- Resources: {
1352
- // CORS
1353
- [`${id}GatewayRESTAPIOPTIONSMethod`]: {
1354
- Type: "AWS::ApiGateway::Method",
1355
- DependsOn: `${id}GatewayRESTAPIResource`,
1356
- Properties: {
1357
- AuthorizationType: "NONE",
1358
- HttpMethod: "OPTIONS",
1359
- ResourceId: {
1360
- Ref: `${id}GatewayRESTAPIResource`
1361
- },
1362
- RestApiId: {
1363
- Ref: id
1364
- },
1365
- Integration: {
1366
- Type: "AWS_PROXY",
1367
- IntegrationHttpMethod: "POST",
1368
- Uri: cloudFunctionUri
1369
- }
1370
- }
1371
- },
1372
- [`${id}GatewayRESTAPIRootOPTIONSMethod`]: {
1373
- Type: "AWS::ApiGateway::Method",
1374
- DependsOn: `${id}GatewayRESTAPIResource`,
1375
- Properties: {
1376
- AuthorizationType: "NONE",
1377
- HttpMethod: "OPTIONS",
1378
- ResourceId: {
1379
- "Fn::GetAtt": [id, "RootResourceId"]
1380
- },
1381
- RestApiId: {
1382
- Ref: id
1383
- },
1384
- Integration: {
1385
- Type: "AWS_PROXY",
1386
- IntegrationHttpMethod: "POST",
1387
- Uri: cloudFunctionUri
1388
- }
1389
- }
1390
- },
1391
- [`${id}GatewayResponseDefault4XX`]: {
1392
- Type: "AWS::ApiGateway::GatewayResponse",
1393
- Properties: {
1394
- ResponseParameters: {
1395
- // Not authorized, so just allow the current origin by mapping it into the header.
1396
- "gatewayresponse.header.Access-Control-Allow-Origin": "method.request.header.origin",
1397
- "gatewayresponse.header.Access-Control-Allow-Credentials": "'true'",
1398
- "gatewayresponse.header.Access-Control-Allow-Headers": "'*'"
1399
- },
1400
- ResponseType: "DEFAULT_4XX",
1401
- RestApiId: {
1402
- Ref: id
1403
- }
1404
- }
1405
- }
1406
- }
1407
- }).patch({
1408
- Resources: {
1409
- // SUPPORTING RESOURCES
1410
- [fullDeploymentId]: {
1411
- Type: "AWS::ApiGateway::Deployment",
1412
- DependsOn: [
1413
- `${id}GatewayRESTAPIResource`,
1414
- `${id}GatewayRESTAPIMethod`,
1415
- `${id}GatewayRESTAPIRootMethod`,
1416
- id,
1417
- cloudFunctionId
1418
- ],
1419
- Properties: {
1420
- RestApiId: {
1421
- Ref: id
1422
- }
1423
- }
1424
- },
1425
- [`${id}CloudWatch`]: {
1426
- Type: "AWS::Logs::LogGroup",
1427
- Properties: {
1428
- LogGroupName: {
1429
- "Fn::Sub": `\${AWS::StackName}-${id}GatewayLogs`
1430
- }
1431
- }
1432
- },
1433
- [`${id}CloudWatchRole`]: {
1434
- Type: "AWS::IAM::Role",
1435
- Properties: {
1436
- AssumeRolePolicyDocument: {
1437
- Version: "2012-10-17",
1438
- Statement: [
1439
- {
1440
- Effect: "Allow",
1441
- Principal: {
1442
- Service: ["apigateway.amazonaws.com"]
1443
- },
1444
- Action: "sts:AssumeRole"
1445
- }
1446
- ]
1447
- },
1448
- Path: "/",
1449
- ManagedPolicyArns: [
1450
- "arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs"
1451
- ]
1452
- }
1453
- },
1454
- [`${id}CloudWatchAccount`]: {
1455
- Type: "AWS::ApiGateway::Account",
1456
- Properties: {
1457
- CloudWatchRoleArn: {
1458
- "Fn::GetAtt": [`${id}CloudWatchRole`, "Arn"]
1459
- }
1460
- }
1461
- },
1462
- [`${id}GatewayRESTAPIEnvironment`]: {
1463
- Type: "AWS::ApiGateway::Stage",
1464
- DependsOn: [`${id}CloudWatchAccount`, fullDeploymentId],
1465
- Properties: {
1466
- AccessLogSetting: {
1467
- DestinationArn: {
1468
- "Fn::GetAtt": [`${id}CloudWatch`, "Arn"]
1469
- },
1470
- Format: '{"requestId":"$context.requestId","ip":"$context.identity.sourceIp","caller":"$context.identity.caller","user":"$context.identity.user","requestTime":"$context.requestTime","httpMethod":"$context.httpMethod","resourcePath":"$context.resourcePath","status":"$context.status","protocol":"$context.protocol","responseLength":"$context.responseLength","apiGatewayErrorMessage":"$context.error.message"}'
1471
- },
1472
- DeploymentId: {
1473
- Ref: fullDeploymentId
1474
- },
1475
- RestApiId: {
1476
- Ref: id
1477
- },
1478
- StageName: stageName
1479
- }
1480
- }
1481
- }
1482
- }).patch({
1483
- Resources: {
1484
- // DNS
1485
- [`${id}DomainName`]: {
1486
- Type: "AWS::ApiGateway::DomainName",
1487
- Properties: {
1488
- CertificateArn: certificateArn,
1489
- DomainName: domainName,
1490
- EndpointConfiguration: {
1491
- Types: ["EDGE"]
1492
- }
1493
- }
1494
- },
1495
- [`${id}DomainNameBasePathMapping`]: {
1496
- Type: "AWS::ApiGateway::BasePathMapping",
1497
- DependsOn: [
1498
- id,
1499
- `${id}GatewayRESTAPIEnvironment`,
1500
- `${id}DomainName`
1501
- ],
1502
- Properties: {
1503
- DomainName: domainName,
1504
- RestApiId: {
1505
- Ref: id
1506
- },
1507
- Stage: stageName
1508
- }
1509
- },
1510
- [`${id}Route53Record`]: {
1511
- Type: "AWS::Route53::RecordSet",
1512
- DependsOn: `${id}DomainName`,
1513
- Properties: {
1514
- HostedZoneId: hostedZoneId,
1515
- Type: "A",
1516
- Name: {
1517
- "Fn::Sub": [
1518
- "${DomainName}.",
1519
- {
1520
- DomainName: domainName
1521
- }
1522
- ]
1523
- },
1524
- AliasTarget: {
1525
- HostedZoneId: "Z2FDTNDATAQYW2",
1526
- DNSName: {
1527
- "Fn::Sub": [
1528
- "${DomainName}.",
1529
- {
1530
- DomainName: {
1531
- "Fn::GetAtt": [
1532
- `${id}DomainName`,
1533
- "DistributionDomainName"
1534
- ]
1535
- }
1536
- }
1537
- ]
1538
- }
1539
- }
1540
- }
1541
- }
1542
- }
1543
- }).patch({
1544
- Resources: {
1545
- // PERMISSIONS
1546
- [`${id}CloudFunctionANYResourcePermission`]: {
1547
- Type: "AWS::Lambda::Permission",
1548
- Properties: {
1549
- Action: "lambda:InvokeFunction",
1550
- Principal: "apigateway.amazonaws.com",
1551
- FunctionName: {
1552
- "Fn::GetAtt": [cloudFunctionId, "Arn"]
1553
- },
1554
- SourceArn: {
1555
- "Fn::Sub": [
1556
- "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/*",
1557
- {
1558
- __Stage__: stageName,
1559
- __ApiId__: {
1560
- Ref: id
1561
- }
1562
- }
1563
- ]
1564
- }
1565
- }
1566
- }
1567
- }
1568
- }).patch(
1569
- !!authorizer ? {
1570
- Resources: {
1571
- // AUTHORIZER
1572
- [`${id}CustomAuthorizer`]: {
1573
- Type: "AWS::ApiGateway::Authorizer",
1574
- Properties: {
1575
- IdentitySource: identitySource,
1576
- Name: `${id}CustomAuthorizer`,
1577
- ProviderARNs: providerARNs,
1578
- RestApiId: {
1579
- Ref: id
1580
- },
1581
- Type: "COGNITO_USER_POOLS"
1582
- }
1583
- }
1584
- }
1585
- } : {}
1586
- ).template;
1587
- }
1588
- );
1589
-
1590
- // src/iac/packs/repo.ts
1591
- var addRepo = createResourcePack(
1592
- ({
1593
- repoOwnerParameterName,
1594
- repoNameParameterName,
1595
- repoBranchParameterName,
1596
- repoTokenParameterName
1597
- }) => new SimpleCFT().addParameterGroup({
1598
- Label: "Repository",
1599
- Parameters: {
1600
- [repoOwnerParameterName]: {
1601
- Label: "RepoOwner",
1602
- Type: "String",
1603
- Description: "The owner of the repository"
1604
- },
1605
- [repoNameParameterName]: {
1606
- Label: "RepoName",
1607
- Type: "String",
1608
- Description: "The name of the repository"
1609
- },
1610
- [repoBranchParameterName]: {
1611
- Label: "RepoBranch",
1612
- Type: "String",
1613
- Description: "The branch of the repository"
1614
- },
1615
- [repoTokenParameterName]: {
1616
- Label: "RepoToken",
1617
- Type: "String",
1618
- Description: "The token of the repository",
1619
- NoEcho: true
1620
- }
1621
- }
1622
- }).template
1623
- );
1624
-
1625
- // src/iac/packs/ssl-certificate.ts
1626
- var addSSLCertificate = createResourcePack(
1627
- ({
1628
- id,
1629
- domainName,
1630
- hostedZoneId,
1631
- includeWildCard = true
1632
- }) => ({
1633
- Resources: {
1634
- [id]: {
1635
- Type: "AWS::CertificateManager::Certificate",
1636
- Properties: {
1637
- DomainName: domainName,
1638
- ValidationMethod: "DNS",
1639
- DomainValidationOptions: [
1640
- {
1641
- DomainName: domainName,
1642
- HostedZoneId: hostedZoneId
1643
- }
1644
- ],
1645
- SubjectAlternativeNames: includeWildCard ? [
1646
- {
1647
- "Fn::Sub": [
1648
- "*.${BaseDomainName}",
1649
- {
1650
- BaseDomainName: domainName
1651
- }
1652
- ]
1653
- }
1654
- ] : void 0
1655
- }
1656
- }
1657
- }
1658
- })
1659
- );
1660
-
1661
- export { packs_exports as Packs, SimpleCFT, utils_exports as Utils };
258
+ export { DEFAULT_MERGE_STRATEGY, SimpleCFT, addParameter, addParameters, createResourcePack, getValuePathArray, getValuePathString, isConstructedFrom, mergeValues, patchTemplate };