@studion/infra-code-blocks 0.0.9 → 0.0.11

package/README.md

@@ -92,7 +92,7 @@ type DatabaseService = {
   serviceName: string;
   dbName: pulumi.Input<string>;
   username: pulumi.Input<string>;
-  password: pulumi.Input<string>;
+  password?: pulumi.Input<string>;
   applyImmediately?: pulumi.Input<boolean>;
   skipFinalSnapshot?: pulumi.Input<boolean>;
   allocatedStorage?: pulumi.Input<number>;
@@ -131,7 +131,7 @@ export type WebServerService = {
   environment?:
     | aws.ecs.KeyValuePair[]
     | ((services: Services) => aws.ecs.KeyValuePair[]);
-  secrets?: aws.ecs.Secret[];
+  secrets?: aws.ecs.Secret[] | ((services: Services) => aws.ecs.Secret[]);
   image: pulumi.Input<string>;
   port: pulumi.Input<number>;
   domain: pulumi.Input<string>;
@@ -203,6 +203,33 @@ const project = new studion.Project('demo-project', {
 });
 ```
 
+```ts
+const project = new studion.Project('demo-project', {
+  environment: 'DEVELOPMENT',
+  services: [
+    {
+      type: 'REDIS',
+      serviceName: 'redis',
+      dbName: 'test-db',
+    },
+    {
+      type: 'WEB_SERVER',
+      serviceName: 'api',
+      image: imageUri,
+      port: 3000,
+      domain: 'api.my-domain.com',
+      secrets: (services: Services) => {
+        const redisServiceName = 'redis';
+        const redis = services[redisServiceName];
+        return [
+          { name: 'REDIS_PASSWORD', valueFrom: redis.passwordSecret.arn },
+        ];
+      },
+    },
+  ],
+});
+```
+
 ### Database
 
 AWS RDS Postgres instance.
@@ -229,8 +256,8 @@ new Database(name: string, args: DatabaseArgs, opts?: pulumi.CustomResourceOptio
 type DatabaseArgs = {
   dbName: pulumi.Input<string>;
   username: pulumi.Input<string>;
-  password: pulumi.Input<string>;
   vpc: awsx.ec2.Vpc;
+  password?: pulumi.Input<string>;
   applyImmediately?: pulumi.Input<boolean>;
   skipFinalSnapshot?: pulumi.Input<boolean>;
   allocatedStorage?: pulumi.Input<number>;
@@ -242,6 +269,10 @@ type DatabaseArgs = {
 };
 ```
 
+If a password is not specified, it will be autogenerated and stored as a secret
+inside AWS Secret Manager. The secret will be available on the `Database` resource
+as `passwordSecret`.
+
 ### Redis
 
 [Upstash](https://upstash.com) Redis instance.
@@ -283,6 +314,9 @@ interface RedisOptions extends pulumi.ComponentResourceOptions {
 }
 ```
 
+After creating the Redis resource, the `passwordSecret` AWS Secret Manager Secret
+will exist on the resource.
+
 ### Static Site
 
 AWS S3 + Cloudfront static site.
@@ -467,4 +501,3 @@ const project = new studion.Project('demo-project', {
 
 - [ ] Add worker service for executing tasks
 - [ ] Add MongoDB service
-- [ ] Make db username & password fields optional and autogenerate db username & password if they are not provided

package/dist/components/database.d.ts

@@ -10,14 +10,15 @@ export type DatabaseArgs = {
      * Username for the master DB user.
      */
     username: pulumi.Input<string>;
-    /**
-     * Password for the master DB user.
-     */
-    password: pulumi.Input<string>;
     /**
      * The awsx.ec2.Vpc resource.
      */
     vpc: awsx.ec2.Vpc;
+    /**
+     * Password for the master DB user. If not specified, it will be autogenerated.
+     * The value will be stored as a secret in AWS Secret Manager.
+     */
+    password?: pulumi.Input<string>;
     /**
      * Specifies whether any database modifications are applied immediately, or during the next maintenance window. Default is false.
      */
@@ -50,5 +51,6 @@ export declare class Database extends pulumi.ComponentResource {
     kms: aws.kms.Key;
     dbSubnetGroup: aws.rds.SubnetGroup;
     dbSecurityGroup: aws.ec2.SecurityGroup;
+    passwordSecret: aws.secretsmanager.Secret;
     constructor(name: string, args: DatabaseArgs, opts?: pulumi.ComponentResourceOptions);
 }

package/dist/components/database.js

@@ -13,6 +13,8 @@ const defaults = {
 class Database extends pulumi.ComponentResource {
     constructor(name, args, opts = {}) {
         super('studion:Database', name, {}, opts);
+        const project = pulumi.getProject();
+        const stack = pulumi.getStack();
         const argsWithDefaults = Object.assign({}, defaults, args);
         this.dbSubnetGroup = new aws.rds.SubnetGroup(`${name}-subnet-group`, {
             subnetIds: argsWithDefaults.vpc.privateSubnetIds,
@@ -36,6 +38,17 @@ class Database extends pulumi.ComponentResource {
             multiRegion: false,
             enableKeyRotation: true,
         }, { parent: this });
+        const password = argsWithDefaults.password ||
+            aws.secretsmanager
+                .getRandomPasswordOutput()
+                .apply(res => res.randomPassword);
+        this.passwordSecret = new aws.secretsmanager.Secret(`${name}-password-secret`, {
+            name: `${stack}/${project}/DatabasePassword`,
+        }, { parent: this });
+        const passwordSecretValue = new aws.secretsmanager.SecretVersion(`${name}-password-secret-value`, {
+            secretId: this.passwordSecret.id,
+            secretString: password,
+        }, { parent: this, dependsOn: [this.passwordSecret] });
         this.instance = new aws.rds.Instance(`${name}-rds`, {
             identifier: name,
             engine: 'postgres',
@@ -45,7 +58,7 @@ class Database extends pulumi.ComponentResource {
             instanceClass: argsWithDefaults.instanceClass,
             dbName: argsWithDefaults.dbName,
             username: argsWithDefaults.username,
-            password: argsWithDefaults.password,
+            password,
             dbSubnetGroupName: this.dbSubnetGroup.name,
             vpcSecurityGroupIds: [this.dbSecurityGroup.id],
             storageEncrypted: true,

package/dist/components/project.d.ts

@@ -27,7 +27,8 @@ export type StaticSiteService = {
 export type WebServerService = {
     type: 'WEB_SERVER';
     environment?: aws.ecs.KeyValuePair[] | ((services: Services) => aws.ecs.KeyValuePair[]);
-} & ServiceArgs & Omit<WebServerArgs, 'cluster' | 'vpc' | 'hostedZoneId' | 'environment'>;
+    secrets?: aws.ecs.Secret[] | ((services: Services) => aws.ecs.Secret[]);
+} & ServiceArgs & Omit<WebServerArgs, 'cluster' | 'vpc' | 'hostedZoneId' | 'environment' | 'secrets'>;
 export type ProjectArgs = {
     services: (DatabaseService | RedisService | StaticSiteService | WebServerService)[];
     hostedZoneId?: pulumi.Input<string>;

package/dist/components/project.js

@@ -110,11 +110,12 @@ class Project extends pulumi.ComponentResource {
             return;
         if (!this.hostedZoneId)
             throw new MissingHostedZoneId(options.type);
-        const { serviceName, environment } = options, ecsOptions = __rest(options, ["serviceName", "environment"]);
+        const { serviceName, environment, secrets } = options, ecsOptions = __rest(options, ["serviceName", "environment", "secrets"]);
         const parsedEnv = typeof environment === 'function'
             ? environment(this.services)
             : environment;
-        const service = new web_server_1.WebServer(serviceName, Object.assign(Object.assign({}, ecsOptions), { cluster: this.cluster, vpc: this.vpc, hostedZoneId: this.hostedZoneId, environment: parsedEnv }), { parent: this });
+        const parsedSecrets = typeof secrets === 'function' ? secrets(this.services) : secrets;
+        const service = new web_server_1.WebServer(serviceName, Object.assign(Object.assign({}, ecsOptions), { cluster: this.cluster, vpc: this.vpc, hostedZoneId: this.hostedZoneId, environment: parsedEnv, secrets: parsedSecrets }), { parent: this });
         this.services[options.serviceName] = service;
     }
 }

package/dist/components/redis.d.ts

@@ -1,5 +1,6 @@
 import * as pulumi from '@pulumi/pulumi';
 import * as upstash from '@upstash/pulumi';
+import * as aws from '@pulumi/aws';
 export type RedisArgs = {
     /**
      * Redis database name.
@@ -15,5 +16,7 @@ export interface RedisOptions extends pulumi.ComponentResourceOptions {
 }
 export declare class Redis extends pulumi.ComponentResource {
     instance: upstash.RedisDatabase;
+    passwordSecret: aws.secretsmanager.Secret;
+    username: string;
     constructor(name: string, args: RedisArgs, opts: RedisOptions);
 }

package/dist/components/redis.js

@@ -3,12 +3,16 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.Redis = void 0;
 const pulumi = require("@pulumi/pulumi");
 const upstash = require("@upstash/pulumi");
+const aws = require("@pulumi/aws");
 const defaults = {
     region: 'us-east-1',
 };
 class Redis extends pulumi.ComponentResource {
     constructor(name, args, opts) {
         super('studion:Redis', name, {}, opts);
+        this.username = 'default';
+        const project = pulumi.getProject();
+        const stack = pulumi.getStack();
         const argsWithDefaults = Object.assign({}, defaults, args);
         this.instance = new upstash.RedisDatabase(name, {
             databaseName: argsWithDefaults.dbName,
@@ -16,6 +20,13 @@ class Redis extends pulumi.ComponentResource {
             eviction: true,
             tls: true,
         }, { provider: opts.provider, parent: this });
+        this.passwordSecret = new aws.secretsmanager.Secret(`${name}-password-secret`, {
+            name: `${stack}/${project}/RedisPassword`,
+        }, { parent: this, dependsOn: [this.instance] });
+        const passwordSecretValue = new aws.secretsmanager.SecretVersion(`${name}-password-secret-value`, {
+            secretId: this.passwordSecret.id,
+            secretString: this.instance.password,
+        }, { parent: this, dependsOn: [this.passwordSecret] });
         this.registerOutputs();
     }
 }

package/dist/components/static-site.js

@@ -12,7 +12,6 @@ class StaticSite extends pulumi.ComponentResource {
             hostedZoneId: args.hostedZoneId,
         }, { parent: this });
         const bucket = new aws.s3.Bucket(`${name}-bucket`, {
-            bucket: name,
             website: {
                 indexDocument: 'index.html',
                 errorDocument: 'index.html',

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@studion/infra-code-blocks",
-  "version": "0.0.9",
+  "version": "0.0.11",
   "description": "Studion common infra components",
   "keywords": [
     "infrastructure",