@umccr/htsget-lambda 0.9.6

package/lib/config.d.ts

@@ -0,0 +1,240 @@
+import { IVpc } from "aws-cdk-lib/aws-ec2";
+import { CorsHttpMethod, IHttpApi } from "aws-cdk-lib/aws-apigatewayv2";
+import { IRole } from "aws-cdk-lib/aws-iam";
+import { Duration } from "aws-cdk-lib";
+import { IHostedZone } from "aws-cdk-lib/aws-route53";
+/**
+ * Settings related to the htsget lambda construct props.
+ */
+export interface HtsgetLambdaProps {
+    /**
+     * The htsget-rs config options. Use this to specify any locations and htsget-rs options.
+     *
+     * @defaultValue undefined
+     */
+    htsgetConfig?: HtsgetConfig;
+    /**
+     * The domain name for the htsget server. This must be specified if `httpApi` is not set. This assumes
+     * that a `HostedZone` exists for this domain.
+     *
+     * @defaultValue undefined
+     */
+    domain?: string;
+    /**
+     * The domain name prefix to use for the htsget-rs server.
+     *
+     * @defaultValue "htsget"
+     */
+    subDomain?: string;
+    /**
+     * Whether this deployment is gated behind a JWT authorizer, or if its public.
+     *
+     * @defaultValue `undefined`, defaults to a public deployment
+     */
+    jwt?: JwtConfig;
+    /**
+     * CORS configuration for the htsget-rs server. Values here are propagated to CORS options in htsget-rs.
+     *
+     * @defaultValue same as the `CorsConfig` defaults
+     */
+    cors?: CorsConifg;
+    /**
+     * The git reference to fetch from the htsget-rs repo.
+     *
+     * @defaultValue "main"
+     */
+    gitReference?: string;
+    /**
+     * Whether to force a git clone for every build. If this is false, then the git repo is only cloned once
+     * for every git reference in a temporary directory. Otherwise, the repo is cloned every time.
+     *
+     * @defaultValue false
+     */
+    gitForceClone?: boolean;
+    /**
+     * Override any cargo lambda flags for the build. By default, features are resolved automatically based on the
+     * config and `HtsgetLocation[]`. This option overrides that and any automatically added flags.
+     *
+     * @defaultValue undefined
+     */
+    cargoLambdaFlags?: string[];
+    /**
+     * Copy the test data directory to a new bucket:
+     * https://github.com/umccr/htsget-rs/tree/main/data
+     *
+     * Also copies the Crypt4GH keys to Secrets Manager. Automatically the htsget-rs server access
+     * to the bucket and secrets using the locations config.
+     *
+     * @defaultValue false
+     */
+    copyTestData?: boolean;
+    /**
+     * The name of the bucket to create when using `copyTestData`. Defaults to the auto-generated CDK construct name.
+     *
+     * @defaultValue undefined
+     */
+    bucketName?: string;
+    /**
+     * The name of the Lambda function. Defaults to the auto-generated CDK construct name.
+     *
+     * @defaultValue undefined
+     */
+    functionName?: string;
+    /**
+     * Optionally specify a VPC for the Lambda function.
+     *
+     * @defaultValue undefined
+     */
+    vpc?: IVpc;
+    /**
+     * Manually specify an `HttpApi`. This will not create a `HostedZone`, any Route53 records, certificates,
+     * or authorizers, and will instead rely on the existing `HttpApi`.
+     *
+     * @defaultValue undefined
+     */
+    httpApi?: IHttpApi;
+    /**
+     * The arn of the certificate to use. This will not create a `Certificate` if specified, and will instead lookup
+     * an existing one.
+     *
+     * @defaultValue undefined
+     */
+    certificateArn?: string;
+    /**
+     * Use the provided hosted zone instead of looking it up from the domain name.
+     *
+     * @defaultValue undefined
+     */
+    hostedZone?: IHostedZone;
+    /**
+     * Use the provided role instead of creating one. This will ignore any configuration related to permissions for
+     * buckets and secrets, and rely on the existing role.
+     *
+     * @defaultValue undefined
+     */
+    role?: IRole;
+    /**
+     * The name of the role for the Lambda function. Defaults to the auto-generated CDK construct name.
+     *
+     * @defaultValue undefined
+     */
+    roleName?: string;
+    /**
+     * Override the environment variables used to build htsget. Note that this only adds environment variables that
+     * get used to build htsget-rs with `cargo`. It has no effect on the environment variables that htsget-rs has when
+     * the Lambda function is deployed. In general, leave this undefined unless there is a specific reason to override
+     * the build environment.
+     *
+     * @defaultValue undefined
+     */
+    buildEnvironment?: Record<string, string>;
+}
+/**
+ * JWT authorization settings.
+ */
+export interface JwtConfig {
+    /**
+     * The JWT audience.
+     *
+     * @defaultValue []
+     */
+    audience?: string[];
+    /**
+     * The cognito user pool id for the authorizer. If this is not set, then a new user pool is created.
+     *
+     * @defaultValue `undefined`, creates a new user pool
+     */
+    cogUserPoolId?: string;
+}
+/**
+ * CORS configuration for the htsget-rs server.
+ */
+export interface CorsConifg {
+    /**
+     * CORS allow credentials.
+     *
+     * @defaultValue false
+     */
+    allowCredentials?: boolean;
+    /**
+     * CORS allow headers.
+     *
+     * @defaultValue ["*"]
+     */
+    allowHeaders?: string[];
+    /**
+     * CORS allow methods.
+     *
+     * @defaultValue [CorsHttpMethod.ANY]
+     */
+    allowMethods?: CorsHttpMethod[];
+    /**
+     * CORS allow origins.
+     *
+     * @defaultValue ["*"]
+     */
+    allowOrigins?: string[];
+    /**
+     * CORS expose headers.
+     *
+     * @defaultValue ["*"]
+     */
+    exposeHeaders?: string[];
+    /**
+     * CORS max age.
+     *
+     * @defaultValue Duration.days(30)
+     */
+    maxAge?: Duration;
+}
+/**
+ * Configuration for the htsget-rs server. This allows specifying the options
+ * available in the htsget-rs config: https://github.com/umccr/htsget-rs/tree/main/htsget-config
+ */
+export interface HtsgetConfig {
+    /**
+     * The locations for the htsget-rs server. This is the same as the htsget-rs config locations:
+     * https://github.com/umccr/htsget-rs/tree/main/htsget-config#quickstart
+     *
+     * Any `s3://...` locations will automatically be added to the bucket access policy.
+     *
+     * @defaultValue []
+     */
+    locations?: HtsgetLocation[];
+    /**
+     * Service info fields to configure for the server. This is the same as the htsget-rs config service_info:
+     * https://github.com/umccr/htsget-rs/tree/main/htsget-config#service-info-config
+     *
+     * @defaultValue undefined
+     */
+    service_info?: Record<string, unknown>;
+    /**
+     * Any additional htsget-rs options can be specified here as environment variables. These will override
+     * any options set in this construct, and allows using advanced configuration. Options here should contain
+     * the `HTSGET_` prefix.
+     *
+     * @defaultValue undefined
+     */
+    environment_override?: Record<string, unknown>;
+}
+/**
+ * Config for locations.
+ */
+export interface HtsgetLocation {
+    /**
+     * The location string.
+     */
+    location: string;
+    /**
+     * Optional Crypt4GH private key secret ARN or name.
+     *
+     * @defaultValue undefined
+     */
+    private_key?: string;
+    /**
+     * Optional Crypt4GH public key secret ARN or name.
+     *
+     * @defaultValue undefined
+     */
+    public_key?: string;
+}

package/lib/config.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29uZmlnLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiY29uZmlnLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiIiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBJVnBjIH0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1lYzJcIjtcbmltcG9ydCB7IENvcnNIdHRwTWV0aG9kLCBJSHR0cEFwaSB9IGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtYXBpZ2F0ZXdheXYyXCI7XG5pbXBvcnQgeyBJUm9sZSB9IGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtaWFtXCI7XG5pbXBvcnQgeyBEdXJhdGlvbiB9IGZyb20gXCJhd3MtY2RrLWxpYlwiO1xuaW1wb3J0IHsgSUhvc3RlZFpvbmUgfSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLXJvdXRlNTNcIjtcblxuLyoqXG4gKiBTZXR0aW5ncyByZWxhdGVkIHRvIHRoZSBodHNnZXQgbGFtYmRhIGNvbnN0cnVjdCBwcm9wcy5cbiAqL1xuZXhwb3J0IGludGVyZmFjZSBIdHNnZXRMYW1iZGFQcm9wcyB7XG4gIC8qKlxuICAgKiBUaGUgaHRzZ2V0LXJzIGNvbmZpZyBvcHRpb25zLiBVc2UgdGhpcyB0byBzcGVjaWZ5IGFueSBsb2NhdGlvbnMgYW5kIGh0c2dldC1ycyBvcHRpb25zLlxuICAgKlxuICAgKiBAZGVmYXVsdFZhbHVlIHVuZGVmaW5lZFxuICAgKi9cbiAgaHRzZ2V0Q29uZmlnPzogSHRzZ2V0Q29uZmlnO1xuXG4gIC8qKlxuICAgKiBUaGUgZG9tYWluIG5hbWUgZm9yIHRoZSBodHNnZXQgc2VydmVyLiBUaGlzIG11c3QgYmUgc3BlY2lmaWVkIGlmIGBodHRwQXBpYCBpcyBub3Qgc2V0LiBUaGlzIGFzc3VtZXNcbiAgICogdGhhdCBhIGBIb3N0ZWRab25lYCBleGlzdHMgZm9yIHRoaXMgZG9tYWluLlxuICAgKlxuICAgKiBAZGVmYXVsdFZhbHVlIHVuZGVmaW5lZFxuICAgKi9cbiAgZG9tYWluPzogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBUaGUgZG9tYWluIG5hbWUgcHJlZml4IHRvIHVzZSBmb3IgdGhlIGh0c2dldC1ycyBzZXJ2ZXIuXG4gICAqXG4gICAqIEBkZWZhdWx0VmFsdWUgXCJodHNnZXRcIlxuICAgKi9cbiAgc3ViRG9tYWluPzogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBXaGV0aGVyIHRoaXMgZGVwbG95bWVudCBpcyBnYXRlZCBiZWhpbmQgYSBKV1QgYXV0aG9yaXplciwgb3IgaWYgaXRzIHB1YmxpYy5cbiAgICpcbiAgICogQGRlZmF1bHRWYWx1ZSBgdW5kZWZpbmVkYCwgZGVmYXVsdHMgdG8gYSBwdWJsaWMgZGVwbG95bWVudFxuICAgKi9cbiAgand0PzogSnd0Q29uZmlnO1xuXG4gIC8qKlxuICAgKiBDT1JTIGNvbmZpZ3VyYXRpb24gZm9yIHRoZSBodHNnZXQtcnMgc2VydmVyLiBWYWx1ZXMgaGVyZSBhcmUgcHJvcGFnYXRlZCB0byBDT1JTIG9wdGlvbnMgaW4gaHRzZ2V0LXJzLlxuICAgKlxuICAgKiBAZGVmYXVsdFZhbHVlIHNhbWUgYXMgdGhlIGBDb3JzQ29uZmlnYCBkZWZhdWx0c1xuICAgKi9cbiAgY29ycz86IENvcnNDb25pZmc7XG5cbiAgLyoqXG4gICAqIFRoZSBnaXQgcmVmZXJlbmNlIHRvIGZldGNoIGZyb20gdGhlIGh0c2dldC1ycyByZXBvLlxuICAgKlxuICAgKiBAZGVmYXVsdFZhbHVlIFwibWFpblwiXG4gICAqL1xuICBnaXRSZWZlcmVuY2U/OiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIFdoZXRoZXIgdG8gZm9yY2UgYSBnaXQgY2xvbmUgZm9yIGV2ZXJ5IGJ1aWxkLiBJZiB0aGlzIGlzIGZhbHNlLCB0aGVuIHRoZSBnaXQgcmVwbyBpcyBvbmx5IGNsb25lZCBvbmNlXG4gICAqIGZvciBldmVyeSBnaXQgcmVmZXJlbmNlIGluIGEgdGVtcG9yYXJ5IGRpcmVjdG9yeS4gT3RoZXJ3aXNlLCB0aGUgcmVwbyBpcyBjbG9uZWQgZXZlcnkgdGltZS5cbiAgICpcbiAgICogQGRlZmF1bHRWYWx1ZSBmYWxzZVxuICAgKi9cbiAgZ2l0Rm9yY2VDbG9uZT86IGJvb2xlYW47XG5cbiAgLyoqXG4gICAqIE92ZXJyaWRlIGFueSBjYXJnbyBsYW1iZGEgZmxhZ3MgZm9yIHRoZSBidWlsZC4gQnkgZGVmYXVsdCwgZmVhdHVyZXMgYXJlIHJlc29sdmVkIGF1dG9tYXRpY2FsbHkgYmFzZWQgb24gdGhlXG4gICAqIGNvbmZpZyBhbmQgYEh0c2dldExvY2F0aW9uW11gLiBUaGlzIG9wdGlvbiBvdmVycmlkZXMgdGhhdCBhbmQgYW55IGF1dG9tYXRpY2FsbHkgYWRkZWQgZmxhZ3MuXG4gICAqXG4gICAqIEBkZWZhdWx0VmFsdWUgdW5kZWZpbmVkXG4gICAqL1xuICBjYXJnb0xhbWJkYUZsYWdzPzogc3RyaW5nW107XG5cbiAgLyoqXG4gICAqIENvcHkgdGhlIHRlc3QgZGF0YSBkaXJlY3RvcnkgdG8gYSBuZXcgYnVja2V0OlxuICAgKiBodHRwczovL2dpdGh1Yi5jb20vdW1jY3IvaHRzZ2V0LXJzL3RyZWUvbWFpbi9kYXRhXG4gICAqXG4gICAqIEFsc28gY29waWVzIHRoZSBDcnlwdDRHSCBrZXlzIHRvIFNlY3JldHMgTWFuYWdlci4gQXV0b21hdGljYWxseSB0aGUgaHRzZ2V0LXJzIHNlcnZlciBhY2Nlc3NcbiAgICogdG8gdGhlIGJ1Y2tldCBhbmQgc2VjcmV0cyB1c2luZyB0aGUgbG9jYXRpb25zIGNvbmZpZy5cbiAgICpcbiAgICogQGRlZmF1bHRWYWx1ZSBmYWxzZVxuICAgKi9cbiAgY29weVRlc3REYXRhPzogYm9vbGVhbjtcblxuICAvKipcbiAgICogVGhlIG5hbWUgb2YgdGhlIGJ1Y2tldCB0byBjcmVhdGUgd2hlbiB1c2luZyBgY29weVRlc3REYXRhYC4gRGVmYXVsdHMgdG8gdGhlIGF1dG8tZ2VuZXJhdGVkIENESyBjb25zdHJ1Y3QgbmFtZS5cbiAgICpcbiAgICogQGRlZmF1bHRWYWx1ZSB1bmRlZmluZWRcbiAgICovXG4gIGJ1Y2tldE5hbWU/OiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIFRoZSBuYW1lIG9mIHRoZSBMYW1iZGEgZnVuY3Rpb24uIERlZmF1bHRzIHRvIHRoZSBhdXRvLWdlbmVyYXRlZCBDREsgY29uc3RydWN0IG5hbWUuXG4gICAqXG4gICAqIEBkZWZhdWx0VmFsdWUgdW5kZWZpbmVkXG4gICAqL1xuICBmdW5jdGlvbk5hbWU/OiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIE9wdGlvbmFsbHkgc3BlY2lmeSBhIFZQQyBmb3IgdGhlIExhbWJkYSBmdW5jdGlvbi5cbiAgICpcbiAgICogQGRlZmF1bHRWYWx1ZSB1bmRlZmluZWRcbiAgICovXG4gIHZwYz86IElWcGM7XG5cbiAgLyoqXG4gICAqIE1hbnVhbGx5IHNwZWNpZnkgYW4gYEh0dHBBcGlgLiBUaGlzIHdpbGwgbm90IGNyZWF0ZSBhIGBIb3N0ZWRab25lYCwgYW55IFJvdXRlNTMgcmVjb3JkcywgY2VydGlmaWNhdGVzLFxuICAgKiBvciBhdXRob3JpemVycywgYW5kIHdpbGwgaW5zdGVhZCByZWx5IG9uIHRoZSBleGlzdGluZyBgSHR0cEFwaWAuXG4gICAqXG4gICAqIEBkZWZhdWx0VmFsdWUgdW5kZWZpbmVkXG4gICAqL1xuICBodHRwQXBpPzogSUh0dHBBcGk7XG5cbiAgLyoqXG4gICAqIFRoZSBhcm4gb2YgdGhlIGNlcnRpZmljYXRlIHRvIHVzZS4gVGhpcyB3aWxsIG5vdCBjcmVhdGUgYSBgQ2VydGlmaWNhdGVgIGlmIHNwZWNpZmllZCwgYW5kIHdpbGwgaW5zdGVhZCBsb29rdXBcbiAgICogYW4gZXhpc3Rpbmcgb25lLlxuICAgKlxuICAgKiBAZGVmYXVsdFZhbHVlIHVuZGVmaW5lZFxuICAgKi9cbiAgY2VydGlmaWNhdGVBcm4/OiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIFVzZSB0aGUgcHJvdmlkZWQgaG9zdGVkIHpvbmUgaW5zdGVhZCBvZiBsb29raW5nIGl0IHVwIGZyb20gdGhlIGRvbWFpbiBuYW1lLlxuICAgKlxuICAgKiBAZGVmYXVsdFZhbHVlIHVuZGVmaW5lZFxuICAgKi9cbiAgaG9zdGVkWm9uZT86IElIb3N0ZWRab25lO1xuXG4gIC8qKlxuICAgKiBVc2UgdGhlIHByb3ZpZGVkIHJvbGUgaW5zdGVhZCBvZiBjcmVhdGluZyBvbmUuIFRoaXMgd2lsbCBpZ25vcmUgYW55IGNvbmZpZ3VyYXRpb24gcmVsYXRlZCB0byBwZXJtaXNzaW9ucyBmb3JcbiAgICogYnVja2V0cyBhbmQgc2VjcmV0cywgYW5kIHJlbHkgb24gdGhlIGV4aXN0aW5nIHJvbGUuXG4gICAqXG4gICAqIEBkZWZhdWx0VmFsdWUgdW5kZWZpbmVkXG4gICAqL1xuICByb2xlPzogSVJvbGU7XG5cbiAgLyoqXG4gICAqIFRoZSBuYW1lIG9mIHRoZSByb2xlIGZvciB0aGUgTGFtYmRhIGZ1bmN0aW9uLiBEZWZhdWx0cyB0byB0aGUgYXV0by1nZW5lcmF0ZWQgQ0RLIGNvbnN0cnVjdCBuYW1lLlxuICAgKlxuICAgKiBAZGVmYXVsdFZhbHVlIHVuZGVmaW5lZFxuICAgKi9cbiAgcm9sZU5hbWU/OiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIE92ZXJyaWRlIHRoZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMgdXNlZCB0byBidWlsZCBodHNnZXQuIE5vdGUgdGhhdCB0aGlzIG9ubHkgYWRkcyBlbnZpcm9ubWVudCB2YXJpYWJsZXMgdGhhdFxuICAgKiBnZXQgdXNlZCB0byBidWlsZCBodHNnZXQtcnMgd2l0aCBgY2FyZ29gLiBJdCBoYXMgbm8gZWZmZWN0IG9uIHRoZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMgdGhhdCBodHNnZXQtcnMgaGFzIHdoZW5cbiAgICogdGhlIExhbWJkYSBmdW5jdGlvbiBpcyBkZXBsb3llZC4gSW4gZ2VuZXJhbCwgbGVhdmUgdGhpcyB1bmRlZmluZWQgdW5sZXNzIHRoZXJlIGlzIGEgc3BlY2lmaWMgcmVhc29uIHRvIG92ZXJyaWRlXG4gICAqIHRoZSBidWlsZCBlbnZpcm9ubWVudC5cbiAgICpcbiAgICogQGRlZmF1bHRWYWx1ZSB1bmRlZmluZWRcbiAgICovXG4gIGJ1aWxkRW52aXJvbm1lbnQ/OiBSZWNvcmQ8c3RyaW5nLCBzdHJpbmc+O1xufVxuXG4vKipcbiAqIEpXVCBhdXRob3JpemF0aW9uIHNldHRpbmdzLlxuICovXG5leHBvcnQgaW50ZXJmYWNlIEp3dENvbmZpZyB7XG4gIC8qKlxuICAgKiBUaGUgSldUIGF1ZGllbmNlLlxuICAgKlxuICAgKiBAZGVmYXVsdFZhbHVlIFtdXG4gICAqL1xuICBhdWRpZW5jZT86IHN0cmluZ1tdO1xuXG4gIC8qKlxuICAgKiBUaGUgY29nbml0byB1c2VyIHBvb2wgaWQgZm9yIHRoZSBhdXRob3JpemVyLiBJZiB0aGlzIGlzIG5vdCBzZXQsIHRoZW4gYSBuZXcgdXNlciBwb29sIGlzIGNyZWF0ZWQuXG4gICAqXG4gICAqIEBkZWZhdWx0VmFsdWUgYHVuZGVmaW5lZGAsIGNyZWF0ZXMgYSBuZXcgdXNlciBwb29sXG4gICAqL1xuICBjb2dVc2VyUG9vbElkPzogc3RyaW5nO1xufVxuXG4vKipcbiAqIENPUlMgY29uZmlndXJhdGlvbiBmb3IgdGhlIGh0c2dldC1ycyBzZXJ2ZXIuXG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgQ29yc0NvbmlmZyB7XG4gIC8qKlxuICAgKiBDT1JTIGFsbG93IGNyZWRlbnRpYWxzLlxuICAgKlxuICAgKiBAZGVmYXVsdFZhbHVlIGZhbHNlXG4gICAqL1xuICBhbGxvd0NyZWRlbnRpYWxzPzogYm9vbGVhbjtcblxuICAvKipcbiAgICogQ09SUyBhbGxvdyBoZWFkZXJzLlxuICAgKlxuICAgKiBAZGVmYXVsdFZhbHVlIFtcIipcIl1cbiAgICovXG4gIGFsbG93SGVhZGVycz86IHN0cmluZ1tdO1xuXG4gIC8qKlxuICAgKiBDT1JTIGFsbG93IG1ldGhvZHMuXG4gICAqXG4gICAqIEBkZWZhdWx0VmFsdWUgW0NvcnNIdHRwTWV0aG9kLkFOWV1cbiAgICovXG4gIGFsbG93TWV0aG9kcz86IENvcnNIdHRwTWV0aG9kW107XG5cbiAgLyoqXG4gICAqIENPUlMgYWxsb3cgb3JpZ2lucy5cbiAgICpcbiAgICogQGRlZmF1bHRWYWx1ZSBbXCIqXCJdXG4gICAqL1xuICBhbGxvd09yaWdpbnM/OiBzdHJpbmdbXTtcblxuICAvKipcbiAgICogQ09SUyBleHBvc2UgaGVhZGVycy5cbiAgICpcbiAgICogQGRlZmF1bHRWYWx1ZSBbXCIqXCJdXG4gICAqL1xuICBleHBvc2VIZWFkZXJzPzogc3RyaW5nW107XG5cbiAgLyoqXG4gICAqIENPUlMgbWF4IGFnZS5cbiAgICpcbiAgICogQGRlZmF1bHRWYWx1ZSBEdXJhdGlvbi5kYXlzKDMwKVxuICAgKi9cbiAgbWF4QWdlPzogRHVyYXRpb247XG59XG5cbi8qKlxuICogQ29uZmlndXJhdGlvbiBmb3IgdGhlIGh0c2dldC1ycyBzZXJ2ZXIuIFRoaXMgYWxsb3dzIHNwZWNpZnlpbmcgdGhlIG9wdGlvbnNcbiAqIGF2YWlsYWJsZSBpbiB0aGUgaHRzZ2V0LXJzIGNvbmZpZzogaHR0cHM6Ly9naXRodWIuY29tL3VtY2NyL2h0c2dldC1ycy90cmVlL21haW4vaHRzZ2V0LWNvbmZpZ1xuICovXG5leHBvcnQgaW50ZXJmYWNlIEh0c2dldENvbmZpZyB7XG4gIC8qKlxuICAgKiBUaGUgbG9jYXRpb25zIGZvciB0aGUgaHRzZ2V0LXJzIHNlcnZlci4gVGhpcyBpcyB0aGUgc2FtZSBhcyB0aGUgaHRzZ2V0LXJzIGNvbmZpZyBsb2NhdGlvbnM6XG4gICAqIGh0dHBzOi8vZ2l0aHViLmNvbS91bWNjci9odHNnZXQtcnMvdHJlZS9tYWluL2h0c2dldC1jb25maWcjcXVpY2tzdGFydFxuICAgKlxuICAgKiBBbnkgYHMzOi8vLi4uYCBsb2NhdGlvbnMgd2lsbCBhdXRvbWF0aWNhbGx5IGJlIGFkZGVkIHRvIHRoZSBidWNrZXQgYWNjZXNzIHBvbGljeS5cbiAgICpcbiAgICogQGRlZmF1bHRWYWx1ZSBbXVxuICAgKi9cbiAgbG9jYXRpb25zPzogSHRzZ2V0TG9jYXRpb25bXTtcblxuICAvKipcbiAgICogU2VydmljZSBpbmZvIGZpZWxkcyB0byBjb25maWd1cmUgZm9yIHRoZSBzZXJ2ZXIuIFRoaXMgaXMgdGhlIHNhbWUgYXMgdGhlIGh0c2dldC1ycyBjb25maWcgc2VydmljZV9pbmZvOlxuICAgKiBodHRwczovL2dpdGh1Yi5jb20vdW1jY3IvaHRzZ2V0LXJzL3RyZWUvbWFpbi9odHNnZXQtY29uZmlnI3NlcnZpY2UtaW5mby1jb25maWdcbiAgICpcbiAgICogQGRlZmF1bHRWYWx1ZSB1bmRlZmluZWRcbiAgICovXG4gIHNlcnZpY2VfaW5mbz86IFJlY29yZDxzdHJpbmcsIHVua25vd24+O1xuXG4gIC8qKlxuICAgKiBBbnkgYWRkaXRpb25hbCBodHNnZXQtcnMgb3B0aW9ucyBjYW4gYmUgc3BlY2lmaWVkIGhlcmUgYXMgZW52aXJvbm1lbnQgdmFyaWFibGVzLiBUaGVzZSB3aWxsIG92ZXJyaWRlXG4gICAqIGFueSBvcHRpb25zIHNldCBpbiB0aGlzIGNvbnN0cnVjdCwgYW5kIGFsbG93cyB1c2luZyBhZHZhbmNlZCBjb25maWd1cmF0aW9uLiBPcHRpb25zIGhlcmUgc2hvdWxkIGNvbnRhaW5cbiAgICogdGhlIGBIVFNHRVRfYCBwcmVmaXguXG4gICAqXG4gICAqIEBkZWZhdWx0VmFsdWUgdW5kZWZpbmVkXG4gICAqL1xuICBlbnZpcm9ubWVudF9vdmVycmlkZT86IFJlY29yZDxzdHJpbmcsIHVua25vd24+O1xufVxuXG4vKipcbiAqIENvbmZpZyBmb3IgbG9jYXRpb25zLlxuICovXG5leHBvcnQgaW50ZXJmYWNlIEh0c2dldExvY2F0aW9uIHtcbiAgLyoqXG4gICAqIFRoZSBsb2NhdGlvbiBzdHJpbmcuXG4gICAqL1xuICBsb2NhdGlvbjogc3RyaW5nO1xuICAvKipcbiAgICogT3B0aW9uYWwgQ3J5cHQ0R0ggcHJpdmF0ZSBrZXkgc2VjcmV0IEFSTiBvciBuYW1lLlxuICAgKlxuICAgKiBAZGVmYXVsdFZhbHVlIHVuZGVmaW5lZFxuICAgKi9cbiAgcHJpdmF0ZV9rZXk/OiBzdHJpbmc7XG4gIC8qKlxuICAgKiBPcHRpb25hbCBDcnlwdDRHSCBwdWJsaWMga2V5IHNlY3JldCBBUk4gb3IgbmFtZS5cbiAgICpcbiAgICogQGRlZmF1bHRWYWx1ZSB1bmRlZmluZWRcbiAgICovXG4gIHB1YmxpY19rZXk/OiBzdHJpbmc7XG59XG4iXX0=

package/lib/config.ts

@@ -0,0 +1,270 @@
+import { IVpc } from "aws-cdk-lib/aws-ec2";
+import { CorsHttpMethod, IHttpApi } from "aws-cdk-lib/aws-apigatewayv2";
+import { IRole } from "aws-cdk-lib/aws-iam";
+import { Duration } from "aws-cdk-lib";
+import { IHostedZone } from "aws-cdk-lib/aws-route53";
+
+/**
+ * Settings related to the htsget lambda construct props.
+ */
+export interface HtsgetLambdaProps {
+  /**
+   * The htsget-rs config options. Use this to specify any locations and htsget-rs options.
+   *
+   * @defaultValue undefined
+   */
+  htsgetConfig?: HtsgetConfig;
+
+  /**
+   * The domain name for the htsget server. This must be specified if `httpApi` is not set. This assumes
+   * that a `HostedZone` exists for this domain.
+   *
+   * @defaultValue undefined
+   */
+  domain?: string;
+
+  /**
+   * The domain name prefix to use for the htsget-rs server.
+   *
+   * @defaultValue "htsget"
+   */
+  subDomain?: string;
+
+  /**
+   * Whether this deployment is gated behind a JWT authorizer, or if its public.
+   *
+   * @defaultValue `undefined`, defaults to a public deployment
+   */
+  jwt?: JwtConfig;
+
+  /**
+   * CORS configuration for the htsget-rs server. Values here are propagated to CORS options in htsget-rs.
+   *
+   * @defaultValue same as the `CorsConfig` defaults
+   */
+  cors?: CorsConifg;
+
+  /**
+   * The git reference to fetch from the htsget-rs repo.
+   *
+   * @defaultValue "main"
+   */
+  gitReference?: string;
+
+  /**
+   * Whether to force a git clone for every build. If this is false, then the git repo is only cloned once
+   * for every git reference in a temporary directory. Otherwise, the repo is cloned every time.
+   *
+   * @defaultValue false
+   */
+  gitForceClone?: boolean;
+
+  /**
+   * Override any cargo lambda flags for the build. By default, features are resolved automatically based on the
+   * config and `HtsgetLocation[]`. This option overrides that and any automatically added flags.
+   *
+   * @defaultValue undefined
+   */
+  cargoLambdaFlags?: string[];
+
+  /**
+   * Copy the test data directory to a new bucket:
+   * https://github.com/umccr/htsget-rs/tree/main/data
+   *
+   * Also copies the Crypt4GH keys to Secrets Manager. Automatically the htsget-rs server access
+   * to the bucket and secrets using the locations config.
+   *
+   * @defaultValue false
+   */
+  copyTestData?: boolean;
+
+  /**
+   * The name of the bucket to create when using `copyTestData`. Defaults to the auto-generated CDK construct name.
+   *
+   * @defaultValue undefined
+   */
+  bucketName?: string;
+
+  /**
+   * The name of the Lambda function. Defaults to the auto-generated CDK construct name.
+   *
+   * @defaultValue undefined
+   */
+  functionName?: string;
+
+  /**
+   * Optionally specify a VPC for the Lambda function.
+   *
+   * @defaultValue undefined
+   */
+  vpc?: IVpc;
+
+  /**
+   * Manually specify an `HttpApi`. This will not create a `HostedZone`, any Route53 records, certificates,
+   * or authorizers, and will instead rely on the existing `HttpApi`.
+   *
+   * @defaultValue undefined
+   */
+  httpApi?: IHttpApi;
+
+  /**
+   * The arn of the certificate to use. This will not create a `Certificate` if specified, and will instead lookup
+   * an existing one.
+   *
+   * @defaultValue undefined
+   */
+  certificateArn?: string;
+
+  /**
+   * Use the provided hosted zone instead of looking it up from the domain name.
+   *
+   * @defaultValue undefined
+   */
+  hostedZone?: IHostedZone;
+
+  /**
+   * Use the provided role instead of creating one. This will ignore any configuration related to permissions for
+   * buckets and secrets, and rely on the existing role.
+   *
+   * @defaultValue undefined
+   */
+  role?: IRole;
+
+  /**
+   * The name of the role for the Lambda function. Defaults to the auto-generated CDK construct name.
+   *
+   * @defaultValue undefined
+   */
+  roleName?: string;
+
+  /**
+   * Override the environment variables used to build htsget. Note that this only adds environment variables that
+   * get used to build htsget-rs with `cargo`. It has no effect on the environment variables that htsget-rs has when
+   * the Lambda function is deployed. In general, leave this undefined unless there is a specific reason to override
+   * the build environment.
+   *
+   * @defaultValue undefined
+   */
+  buildEnvironment?: Record<string, string>;
+}
+
+/**
+ * JWT authorization settings.
+ */
+export interface JwtConfig {
+  /**
+   * The JWT audience.
+   *
+   * @defaultValue []
+   */
+  audience?: string[];
+
+  /**
+   * The cognito user pool id for the authorizer. If this is not set, then a new user pool is created.
+   *
+   * @defaultValue `undefined`, creates a new user pool
+   */
+  cogUserPoolId?: string;
+}
+
+/**
+ * CORS configuration for the htsget-rs server.
+ */
+export interface CorsConifg {
+  /**
+   * CORS allow credentials.
+   *
+   * @defaultValue false
+   */
+  allowCredentials?: boolean;
+
+  /**
+   * CORS allow headers.
+   *
+   * @defaultValue ["*"]
+   */
+  allowHeaders?: string[];
+
+  /**
+   * CORS allow methods.
+   *
+   * @defaultValue [CorsHttpMethod.ANY]
+   */
+  allowMethods?: CorsHttpMethod[];
+
+  /**
+   * CORS allow origins.
+   *
+   * @defaultValue ["*"]
+   */
+  allowOrigins?: string[];
+
+  /**
+   * CORS expose headers.
+   *
+   * @defaultValue ["*"]
+   */
+  exposeHeaders?: string[];
+
+  /**
+   * CORS max age.
+   *
+   * @defaultValue Duration.days(30)
+   */
+  maxAge?: Duration;
+}
+
+/**
+ * Configuration for the htsget-rs server. This allows specifying the options
+ * available in the htsget-rs config: https://github.com/umccr/htsget-rs/tree/main/htsget-config
+ */
+export interface HtsgetConfig {
+  /**
+   * The locations for the htsget-rs server. This is the same as the htsget-rs config locations:
+   * https://github.com/umccr/htsget-rs/tree/main/htsget-config#quickstart
+   *
+   * Any `s3://...` locations will automatically be added to the bucket access policy.
+   *
+   * @defaultValue []
+   */
+  locations?: HtsgetLocation[];
+
+  /**
+   * Service info fields to configure for the server. This is the same as the htsget-rs config service_info:
+   * https://github.com/umccr/htsget-rs/tree/main/htsget-config#service-info-config
+   *
+   * @defaultValue undefined
+   */
+  service_info?: Record<string, unknown>;
+
+  /**
+   * Any additional htsget-rs options can be specified here as environment variables. These will override
+   * any options set in this construct, and allows using advanced configuration. Options here should contain
+   * the `HTSGET_` prefix.
+   *
+   * @defaultValue undefined
+   */
+  environment_override?: Record<string, unknown>;
+}
+
+/**
+ * Config for locations.
+ */
+export interface HtsgetLocation {
+  /**
+   * The location string.
+   */
+  location: string;
+  /**
+   * Optional Crypt4GH private key secret ARN or name.
+   *
+   * @defaultValue undefined
+   */
+  private_key?: string;
+  /**
+   * Optional Crypt4GH public key secret ARN or name.
+   *
+   * @defaultValue undefined
+   */
+  public_key?: string;
+}

package/lib/htsget-lambda.d.ts

@@ -0,0 +1,36 @@
+import { Construct } from "constructs";
+import { Role } from "aws-cdk-lib/aws-iam";
+import { Bucket } from "aws-cdk-lib/aws-s3";
+import { Secret } from "aws-cdk-lib/aws-secretsmanager";
+import { CorsConifg, HtsgetConfig, HtsgetLambdaProps } from "./config";
+/**
+ * @ignore
+ * Construct used to deploy htsget-lambda.
+ */
+export declare class HtsgetLambda extends Construct {
+    constructor(scope: Construct, id: string, props: HtsgetLambdaProps);
+    /**
+     * Determine the correct features based on the locations.
+     */
+    static resolveFeatures(config: HtsgetConfig, bucketSetup: boolean): string;
+    /**
+     * Create a bucket and copy test data if configured.
+     */
+    private setupTestData;
+    /**
+     * Set permissions for the Lambda role.
+     */
+    static setPermissions(role: Role, config: HtsgetConfig, bucket?: Bucket, privateKey?: Secret, publicKey?: Secret): void;
+    /**
+     * Creates a lambda role with the configured permissions.
+     */
+    static createRole(scope: Construct, id: string, roleName?: string): Role;
+    /**
+     * Create stateful config related to the httpApi and the API itself.
+     */
+    private createHttpApi;
+    /**
+     * Convert JSON config to htsget-rs env representation.
+     */
+    static configToEnv(config: HtsgetConfig, corsConfig?: CorsConifg, bucket?: Bucket, privateKey?: Secret, publicKey?: Secret): Record<string, string>;
+}