@webiny/project-aws 6.1.0 → 6.2.0-beta.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (46) hide show
  1. package/_templates/appTemplates/api/graphql/src/index.ts +3 -6
  2. package/_templates/extensions/OpenSearch/api/graphql/src/index.ts +13 -12
  3. package/_templates/extensions/OpenSearch/coreDdbToEsHandler/dynamoToElastic/src/index.ts +10 -2
  4. package/api.d.ts +17 -2
  5. package/api.js +2 -0
  6. package/api.js.map +1 -1
  7. package/extensions/ApiRoute.d.ts +16 -0
  8. package/extensions/ApiRoute.js +120 -0
  9. package/extensions/ApiRoute.js.map +1 -0
  10. package/extensions/OpenSearch.d.ts +3 -0
  11. package/extensions/OpenSearch.js +4 -1
  12. package/extensions/OpenSearch.js.map +1 -1
  13. package/extensions/RegisterRoutesPulumi.d.ts +10 -0
  14. package/extensions/RegisterRoutesPulumi.js +41 -0
  15. package/extensions/RegisterRoutesPulumi.js.map +1 -0
  16. package/extensions/definitions.js +2 -1
  17. package/extensions/definitions.js.map +1 -1
  18. package/extensions/index.d.ts +1 -0
  19. package/extensions/index.js +1 -0
  20. package/extensions/index.js.map +1 -1
  21. package/infra.d.ts +11 -2
  22. package/infra.js +2 -1
  23. package/infra.js.map +1 -1
  24. package/package.json +16 -15
  25. package/pulumi/apps/api/createApiPulumiApp.js +26 -6
  26. package/pulumi/apps/api/createApiPulumiApp.js.map +1 -1
  27. package/pulumi/apps/core/CoreOpenSearch.js +28 -15
  28. package/pulumi/apps/core/CoreOpenSearch.js.map +1 -1
  29. package/pulumi/apps/core/createCorePulumiApp.js +9 -0
  30. package/pulumi/apps/core/createCorePulumiApp.js.map +1 -1
  31. package/pulumi/apps/extensions/getBgDeploymentsConfigFromExtension.d.ts +0 -2
  32. package/pulumi/apps/extensions/getOsConfigFromExtension.d.ts +3 -0
  33. package/pulumi/apps/extensions/getOsConfigFromExtension.js +14 -2
  34. package/pulumi/apps/extensions/getOsConfigFromExtension.js.map +1 -1
  35. package/pulumi/extensions/ApiCustomDomains.d.ts +9 -0
  36. package/pulumi/extensions/ApiCustomDomains.js +16 -0
  37. package/pulumi/extensions/ApiCustomDomains.js.map +1 -0
  38. package/pulumi/extensions/BlueGreenDeployments.d.ts +0 -2
  39. package/pulumi/extensions/BlueGreenDeployments.js +1 -3
  40. package/pulumi/extensions/BlueGreenDeployments.js.map +1 -1
  41. package/pulumi/extensions/OpenSearch.d.ts +3 -0
  42. package/pulumi/extensions/OpenSearch.js +5 -2
  43. package/pulumi/extensions/OpenSearch.js.map +1 -1
  44. package/pulumi/extensions/index.d.ts +5 -2
  45. package/pulumi/extensions/index.js +3 -1
  46. package/pulumi/extensions/index.js.map +1 -1
package/pulumi/apps/api/createApiPulumiApp.js CHANGED
@@ -11,6 +11,8 @@ import { getVpcConfigFromExtension } from "../extensions/getVpcConfigFromExtensi
11
11
  import { getOsConfigFromExtension } from "../extensions/getOsConfigFromExtension.js";
12
12
  import { handleGuardDutyEvents } from "./handleGuardDutyEvents.js";
13
13
  import { ApiPulumi } from "@webiny/project/abstractions/index.js";
14
+ import { ApiCustomDomains as apiCustomDomainsExt } from "../../extensions/ApiCustomDomains.js";
15
+ import { applyCustomDomain } from "../customDomain.js";
14
16
  export const createApiPulumiApp = () => {
15
17
  const baseApp = createPulumiApp({
16
18
  name: "api",
@@ -28,6 +30,9 @@ export const createApiPulumiApp = () => {
28
30
  if (searchEngineParams) {
29
31
  const params = searchEngineParams;
30
32
  if (typeof params === "object") {
33
+ if (params.endpoint) {
34
+ process.env.OPENSEARCH_ENDPOINT = params.endpoint;
35
+ }
31
36
  if (params.domainName) {
32
37
  process.env.AWS_OS_DOMAIN_NAME = params.domainName;
33
38
  }
@@ -37,6 +42,12 @@ export const createApiPulumiApp = () => {
37
42
  if (params.sharedIndexes) {
38
43
  process.env.OPENSEARCH_SHARED_INDEXES = "true";
39
44
  }
45
+ if (params.username) {
46
+ process.env.OPENSEARCH_USERNAME = params.username;
47
+ }
48
+ if (params.password) {
49
+ process.env.OPENSEARCH_PASSWORD = params.password;
50
+ }
40
51
  }
41
52
  }
42
53
  if (pulumiResourceNamePrefix) {
@@ -122,6 +133,8 @@ export const createApiPulumiApp = () => {
122
133
  // https://www.webiny.com/docs/key-topics/ci-cd/testing/slow-ephemeral-environments
123
134
  OPENSEARCH_INDEX_PREFIX: process.env.OPENSEARCH_INDEX_PREFIX,
124
135
  OPENSEARCH_SHARED_INDEXES: process.env.OPENSEARCH_SHARED_INDEXES,
136
+ OPENSEARCH_USERNAME: process.env.OPENSEARCH_USERNAME,
137
+ OPENSEARCH_PASSWORD: process.env.OPENSEARCH_PASSWORD,
125
138
  S3_BUCKET: core.fileManagerBucketId,
126
139
  EVENT_BUS: core.eventBusArn,
127
140
  // TODO: move to okta plugin
@@ -185,12 +198,19 @@ export const createApiPulumiApp = () => {
185
198
  const cloudfront = app.addModule(ApiCloudfront);
186
199
  const backgroundTask = app.addModule(ApiBackgroundTask);
187
200
  const scheduler = app.addModule(ApiScheduler);
188
-
189
- // const domains = app.getParam(projectAppParams.domains);
190
- // if (domains) {
191
- // applyCustomDomain(cloudfront, domains);
192
- // }
193
-
201
+ const [apiCustomDomains] = projectConfig.extensionsByType(apiCustomDomainsExt);
202
+ if (apiCustomDomains) {
203
+ const {
204
+ domains,
205
+ sslMethod,
206
+ certificateArn
207
+ } = apiCustomDomains.params;
208
+ applyCustomDomain(cloudfront, {
209
+ domains,
210
+ sslSupportMethod: sslMethod,
211
+ acmCertificateArn: certificateArn
212
+ });
213
+ }
194
214
  app.addOutputs({
195
215
  awsAccountId: getAwsAccountId(app),
196
216
  region: aws.config.region,
package/pulumi/apps/api/createApiPulumiApp.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["aws","createPulumiApp","isResourceOfType","ApiBackgroundTask","ApiCloudfront","ApiFileManager","ApiGateway","ApiGraphql","ApiWebsocket","CoreOutput","VpcConfig","addDomainsUrlsOutputs","withCommonLambdaEnvVariables","withServiceManifest","getEnvVariableAwsRegion","applyAwsResourceTags","getAwsAccountId","ApiScheduler","getProjectSdk","getVpcConfigFromExtension","getOsConfigFromExtension","handleGuardDutyEvents","ApiPulumi","createApiPulumiApp","baseApp","name","path","program","app","sdk","projectConfig","getProjectConfig","pulumiResourceNamePrefix","getPulumiResourceNamePrefix","vpcExtensionsConfig","openSearchExtensionConfig","searchEngineParams","params","domainName","process","env","AWS_OS_DOMAIN_NAME","indexPrefix","OPENSEARCH_INDEX_PREFIX","sharedIndexes","OPENSEARCH_SHARED_INDEXES","onResource","resource","startsWith","addHandler","featureFlags","getFeatureFlags","usingAdvancedVpcParams","isFileManagerThreatDetectionEnabled","addResource","useExistingVpc","lambdaFunctionsVpcConfig","Error","lambda","Function","canUseVpc","meta","config","vpcConfig","iam","Role","isLambdaFunctionRole","RolePolicyAttachment","role","output","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","pulumiHandlers","getContainer","resolve","execute","isProduction","core","addModule","vpcEnabled","enabled","graphql","COGNITO_REGION","COGNITO_USER_POOL_ID","cognitoUserPoolId","DB_TABLE","primaryDynamodbTableName","DB_TABLE_AUDIT_LOGS","auditLogsDynamodbTableName","DB_TABLE_OPENSEARCH","opensearchDynamodbTableName","OPENSEARCH_ENDPOINT","opensearchDomainEndpoint","S3_BUCKET","fileManagerBucketId","EVENT_BUS","eventBusArn","OKTA_ISSUER","websocket","fileManager","apiGateway","method","function","functions","arn","download","cloudfront","backgroundTask","scheduler","addOutputs","awsAccountId","region","cognitoAppClientId","cognitoUserPoolPasswordPolicy","dynamoDbTable","auditLogsDynamoDbTable","graphqlLambdaName","graphqlLambdaRole","graphqlLambdaRoleName","backgroundTaskLambdaArn","backgroundTaskStepFunctionArn","stepFunction","fileManagerDownloadLambdaArn","websocketApiId","websocketApi","id","websocketApiUrl","schedulerLambdaInvokeRole","invokeRole","dynamoDbOpensearchTable","cloudfrontDistribution","map","distributionDomain","distributionUrl","usedDomain","usedUrl","addServiceManifest","manifest","bgTaskSfn","resources","distributionId","domain","apply","v","lambdaArn","roleArn"],"sources":["createApiPulumiApp.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { createPulumiApp, isResourceOfType, type PulumiApp } from \"@webiny/pulumi\";\nimport {\n ApiBackgroundTask,\n ApiCloudfront,\n ApiFileManager,\n ApiGateway,\n ApiGraphql,\n ApiWebsocket,\n CoreOutput,\n VpcConfig\n} from \"~/pulumi/apps/index.js\";\nimport {\n addDomainsUrlsOutputs,\n withCommonLambdaEnvVariables,\n withServiceManifest\n} from \"~/pulumi/utils/index.js\";\nimport { getEnvVariableAwsRegion } from \"~/pulumi/env/awsRegion.js\";\n// import { attachSyncSystem } from \"../syncSystem/api/index.js\";\nimport { applyAwsResourceTags, getAwsAccountId } from \"~/pulumi/apps/awsUtils.js\";\nimport type { WithServiceManifest } from \"~/pulumi/utils/withServiceManifest.js\";\nimport { ApiScheduler } from \"~/pulumi/apps/api/ApiScheduler.js\";\nimport { getProjectSdk } from \"@webiny/project\";\nimport { getVpcConfigFromExtension } from \"~/pulumi/apps/extensions/getVpcConfigFromExtension.js\";\nimport { getOsConfigFromExtension } from \"~/pulumi/apps/extensions/getOsConfigFromExtension.js\";\nimport { handleGuardDutyEvents } from \"./handleGuardDutyEvents.js\";\nimport { ApiPulumi } from \"@webiny/project/abstractions/index.js\";\n\nexport type ApiPulumiApp = ReturnType<typeof createApiPulumiApp>;\n\nexport const createApiPulumiApp = () => {\n const baseApp = createPulumiApp({\n name: \"api\",\n path: \"apps/api\",\n program: async (app: PulumiApp & WithServiceManifest) => {\n const sdk = await getProjectSdk();\n const projectConfig = await sdk.getProjectConfig();\n\n const pulumiResourceNamePrefix = await sdk.getPulumiResourceNamePrefix();\n const vpcExtensionsConfig = getVpcConfigFromExtension(projectConfig);\n const openSearchExtensionConfig = getOsConfigFromExtension(projectConfig);\n\n let searchEngineParams: typeof openSearchExtensionConfig | null = null;\n\n if (openSearchExtensionConfig) {\n searchEngineParams = openSearchExtensionConfig;\n }\n\n if (searchEngineParams) {\n const params = searchEngineParams;\n if (typeof params === \"object\") {\n if (params.domainName) {\n process.env.AWS_OS_DOMAIN_NAME = params.domainName;\n }\n\n if (params.indexPrefix) {\n process.env.OPENSEARCH_INDEX_PREFIX = params.indexPrefix;\n }\n\n if (params.sharedIndexes) {\n process.env.OPENSEARCH_SHARED_INDEXES = \"true\";\n }\n }\n }\n\n if (pulumiResourceNamePrefix) {\n app.onResource(resource => {\n if (!resource.name.startsWith(pulumiResourceNamePrefix)) {\n resource.name = `${pulumiResourceNamePrefix}${resource.name}`;\n }\n });\n }\n\n // <-------------------- Enterprise start -------------------->\n app.addHandler(async () => {\n const featureFlags = await sdk.getFeatureFlags();\n\n const usingAdvancedVpcParams =\n vpcExtensionsConfig && typeof vpcExtensionsConfig !== \"boolean\";\n\n if (featureFlags.isFileManagerThreatDetectionEnabled()) {\n handleGuardDutyEvents(app as ApiPulumiApp);\n }\n\n // Not using advanced VPC params? Then immediately exit.\n if (usingAdvancedVpcParams) {\n const { onResource, addResource } = app;\n const { useExistingVpc } = vpcExtensionsConfig;\n\n // 1. We first deal with \"existing VPC\" setup.\n if (useExistingVpc) {\n if (!useExistingVpc.lambdaFunctionsVpcConfig) {\n throw new Error(\n \"Cannot specify `useExistingVpc` parameter because the `lambdaFunctionsVpcConfig` parameter wasn't provided.\"\n );\n }\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.lambda.Function)) {\n const canUseVpc = resource.meta.canUseVpc !== false;\n if (canUseVpc) {\n resource.config.vpcConfig(\n useExistingVpc!.lambdaFunctionsVpcConfig\n );\n }\n }\n\n if (isResourceOfType(resource, aws.iam.Role)) {\n if (resource.meta.isLambdaFunctionRole) {\n addResource(aws.iam.RolePolicyAttachment, {\n name: `${resource.name}-vpc-access-execution-role`,\n config: {\n role: resource.output.name,\n policyArn:\n aws.iam.ManagedPolicy\n .AWSLambdaVPCAccessExecutionRole\n }\n });\n }\n }\n });\n }\n }\n });\n // <-------------------- Enterprise end -------------------->\n\n // Overrides must be applied via a handler, registered at the very start of the program.\n // By doing this, we're ensuring user's adjustments are not applied to late.\n const pulumiHandlers = sdk.getContainer().resolve(ApiPulumi);\n\n app.addHandler(() => {\n return pulumiHandlers.execute(app as unknown as ApiPulumiApp);\n });\n\n const isProduction = app.env.isProduction;\n\n // Register core output as a module available to all the other modules\n const core = app.addModule(CoreOutput);\n\n // Register VPC config module to be available to other modules.\n const vpcEnabled =\n vpcExtensionsConfig === true ||\n typeof vpcExtensionsConfig === \"object\" ||\n isProduction;\n\n app.addModule(VpcConfig, { enabled: vpcEnabled });\n\n const graphql = app.addModule(ApiGraphql, {\n env: {\n COGNITO_REGION: getEnvVariableAwsRegion(),\n COGNITO_USER_POOL_ID: core.cognitoUserPoolId,\n DB_TABLE: core.primaryDynamodbTableName,\n DB_TABLE_AUDIT_LOGS: core.auditLogsDynamodbTableName,\n DB_TABLE_OPENSEARCH: core.opensearchDynamodbTableName,\n OPENSEARCH_ENDPOINT: core.opensearchDomainEndpoint,\n\n // Not required. Useful for testing purposes / ephemeral environments.\n // https://www.webiny.com/docs/key-topics/ci-cd/testing/slow-ephemeral-environments\n OPENSEARCH_INDEX_PREFIX: process.env.OPENSEARCH_INDEX_PREFIX,\n OPENSEARCH_SHARED_INDEXES: process.env.OPENSEARCH_SHARED_INDEXES,\n\n S3_BUCKET: core.fileManagerBucketId,\n EVENT_BUS: core.eventBusArn,\n // TODO: move to okta plugin\n OKTA_ISSUER: process.env[\"OKTA_ISSUER\"]\n }\n });\n\n const websocket = app.addModule(ApiWebsocket);\n\n const fileManager = app.addModule(ApiFileManager, {\n env: {\n DB_TABLE: core.primaryDynamodbTableName,\n DB_TABLE_AUDIT_LOGS: core.auditLogsDynamodbTableName\n }\n });\n\n const apiGateway = app.addModule(ApiGateway, {\n \"graphql-post\": {\n path: \"/graphql\",\n method: \"POST\",\n function: graphql.functions.graphql.output.arn\n },\n \"graphql-options\": {\n path: \"/graphql\",\n method: \"OPTIONS\",\n function: graphql.functions.graphql.output.arn\n },\n \"files-any\": {\n path: \"/files/{path+}\",\n method: \"ANY\",\n function: fileManager.functions.download.output.arn\n },\n \"private-any\": {\n path: \"/private/{path+}\",\n method: \"ANY\",\n function: fileManager.functions.download.output.arn\n },\n \"cms-post\": {\n path: \"/cms/{key+}\",\n method: \"POST\",\n function: graphql.functions.graphql.output.arn\n },\n \"cms-options\": {\n path: \"/cms/{key+}\",\n method: \"OPTIONS\",\n function: graphql.functions.graphql.output.arn\n },\n \"redirects-get\": {\n path: \"/wb/redirects\",\n method: \"GET\",\n function: graphql.functions.graphql.output.arn\n },\n \"redirects-options\": {\n path: \"/wb/redirects\",\n method: \"OPTIONS\",\n function: graphql.functions.graphql.output.arn\n },\n \"files-catch-all\": {\n path: \"/{path+}\",\n method: \"ANY\",\n function: fileManager.functions.download.output.arn\n }\n });\n\n const cloudfront = app.addModule(ApiCloudfront);\n const backgroundTask = app.addModule(ApiBackgroundTask);\n const scheduler = app.addModule(ApiScheduler);\n\n // const domains = app.getParam(projectAppParams.domains);\n // if (domains) {\n // applyCustomDomain(cloudfront, domains);\n // }\n\n app.addOutputs({\n awsAccountId: getAwsAccountId(app),\n region: aws.config.region,\n cognitoUserPoolId: core.cognitoUserPoolId,\n cognitoAppClientId: core.cognitoAppClientId,\n cognitoUserPoolPasswordPolicy: core.cognitoUserPoolPasswordPolicy,\n dynamoDbTable: core.primaryDynamodbTableName,\n auditLogsDynamoDbTable: core.auditLogsDynamodbTableName,\n graphqlLambdaName: graphql.functions.graphql.output.name,\n graphqlLambdaRole: graphql.role.output.arn,\n graphqlLambdaRoleName: graphql.role.output.name,\n backgroundTaskLambdaArn: backgroundTask.backgroundTask.output.arn,\n backgroundTaskStepFunctionArn: backgroundTask.stepFunction.output.arn,\n fileManagerDownloadLambdaArn: fileManager.functions.download.output.arn,\n websocketApiId: websocket.websocketApi.output.id,\n websocketApiUrl: websocket.websocketApiUrl,\n schedulerLambdaInvokeRole: scheduler.invokeRole.output.arn\n });\n\n // Only add `dynamoDbOpensearchTable` output if using search engine (ES/OS).\n if (searchEngineParams) {\n app.addOutputs({\n dynamoDbOpensearchTable: core.opensearchDynamodbTableName\n });\n }\n\n app.addHandler(() => {\n addDomainsUrlsOutputs({\n app,\n cloudfrontDistribution: cloudfront,\n map: {\n distributionDomain: \"cloudfrontApiDomain\",\n distributionUrl: \"cloudfrontApiUrl\",\n usedDomain: \"apiDomain\",\n usedUrl: \"apiUrl\"\n }\n });\n });\n // /**\n // * We need to attach the Sync System if it exists.\n // */\n // await attachSyncSystem({\n // app,\n // core,\n // env: app.params.run.env\n // });\n\n // Applies internal and user-defined AWS tags.\n await applyAwsResourceTags(\"api\");\n\n return {\n fileManager,\n graphql,\n apiGateway,\n websocket,\n cloudfront,\n backgroundTask,\n scheduler\n };\n }\n });\n\n const app = withServiceManifest(withCommonLambdaEnvVariables(baseApp));\n\n app.addHandler(() => {\n app.addServiceManifest({\n name: \"api\",\n manifest: {\n bgTaskSfn: baseApp.resources.backgroundTask.stepFunction.output.arn,\n cloudfront: {\n distributionId: baseApp.resources.cloudfront.output.id,\n domain: baseApp.resources.cloudfront.output.domainName.apply(\n v => `https://${v}`\n )\n }\n }\n });\n\n app.addServiceManifest({\n name: \"scheduler\",\n manifest: {\n lambdaArn: baseApp.resources.graphql.functions.graphql.output.arn,\n roleArn: baseApp.resources.scheduler.invokeRole.output.arn\n }\n });\n });\n\n return app;\n};\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAClC,SAASC,eAAe,EAAEC,gBAAgB,QAAwB,gBAAgB;AAClF,SACIC,iBAAiB,EACjBC,aAAa,EACbC,cAAc,EACdC,UAAU,EACVC,UAAU,EACVC,YAAY,EACZC,UAAU,EACVC,SAAS;AAEb,SACIC,qBAAqB,EACrBC,4BAA4B,EAC5BC,mBAAmB;AAEvB,SAASC,uBAAuB;AAChC;AACA,SAASC,oBAAoB,EAAEC,eAAe;AAE9C,SAASC,YAAY;AACrB,SAASC,aAAa,QAAQ,iBAAiB;AAC/C,SAASC,yBAAyB;AAClC,SAASC,wBAAwB;AACjC,SAASC,qBAAqB;AAC9B,SAASC,SAAS,QAAQ,uCAAuC;AAIjE,OAAO,MAAMC,kBAAkB,GAAGA,CAAA,KAAM;EACpC,MAAMC,OAAO,GAAGvB,eAAe,CAAC;IAC5BwB,IAAI,EAAE,KAAK;IACXC,IAAI,EAAE,UAAU;IAChBC,OAAO,EAAE,MAAOC,GAAoC,IAAK;MACrD,MAAMC,GAAG,GAAG,MAAMX,aAAa,CAAC,CAAC;MACjC,MAAMY,aAAa,GAAG,MAAMD,GAAG,CAACE,gBAAgB,CAAC,CAAC;MAElD,MAAMC,wBAAwB,GAAG,MAAMH,GAAG,CAACI,2BAA2B,CAAC,CAAC;MACxE,MAAMC,mBAAmB,GAAGf,yBAAyB,CAACW,aAAa,CAAC;MACpE,MAAMK,yBAAyB,GAAGf,wBAAwB,CAACU,aAAa,CAAC;MAEzE,IAAIM,kBAA2D,GAAG,IAAI;MAEtE,IAAID,yBAAyB,EAAE;QAC3BC,kBAAkB,GAAGD,yBAAyB;MAClD;MAEA,IAAIC,kBAAkB,EAAE;QACpB,MAAMC,MAAM,GAAGD,kBAAkB;QACjC,IAAI,OAAOC,MAAM,KAAK,QAAQ,EAAE;UAC5B,IAAIA,MAAM,CAACC,UAAU,EAAE;YACnBC,OAAO,CAACC,GAAG,CAACC,kBAAkB,GAAGJ,MAAM,CAACC,UAAU;UACtD;UAEA,IAAID,MAAM,CAACK,WAAW,EAAE;YACpBH,OAAO,CAACC,GAAG,CAACG,uBAAuB,GAAGN,MAAM,CAACK,WAAW;UAC5D;UAEA,IAAIL,MAAM,CAACO,aAAa,EAAE;YACtBL,OAAO,CAACC,GAAG,CAACK,yBAAyB,GAAG,MAAM;UAClD;QACJ;MACJ;MAEA,IAAIb,wBAAwB,EAAE;QAC1BJ,GAAG,CAACkB,UAAU,CAACC,QAAQ,IAAI;UACvB,IAAI,CAACA,QAAQ,CAACtB,IAAI,CAACuB,UAAU,CAAChB,wBAAwB,CAAC,EAAE;YACrDe,QAAQ,CAACtB,IAAI,GAAG,GAAGO,wBAAwB,GAAGe,QAAQ,CAACtB,IAAI,EAAE;UACjE;QACJ,CAAC,CAAC;MACN;;MAEA;MACAG,GAAG,CAACqB,UAAU,CAAC,YAAY;QACvB,MAAMC,YAAY,GAAG,MAAMrB,GAAG,CAACsB,eAAe,CAAC,CAAC;QAEhD,MAAMC,sBAAsB,GACxBlB,mBAAmB,IAAI,OAAOA,mBAAmB,KAAK,SAAS;QAEnE,IAAIgB,YAAY,CAACG,mCAAmC,CAAC,CAAC,EAAE;UACpDhC,qBAAqB,CAACO,GAAmB,CAAC;QAC9C;;QAEA;QACA,IAAIwB,sBAAsB,EAAE;UACxB,MAAM;YAAEN,UAAU;YAAEQ;UAAY,CAAC,GAAG1B,GAAG;UACvC,MAAM;YAAE2B;UAAe,CAAC,GAAGrB,mBAAmB;;UAE9C;UACA,IAAIqB,cAAc,EAAE;YAChB,IAAI,CAACA,cAAc,CAACC,wBAAwB,EAAE;cAC1C,MAAM,IAAIC,KAAK,CACX,6GACJ,CAAC;YACL;YAEAX,UAAU,CAACC,QAAQ,IAAI;cACnB,IAAI7C,gBAAgB,CAAC6C,QAAQ,EAAE/C,GAAG,CAAC0D,MAAM,CAACC,QAAQ,CAAC,EAAE;gBACjD,MAAMC,SAAS,GAAGb,QAAQ,CAACc,IAAI,CAACD,SAAS,KAAK,KAAK;gBACnD,IAAIA,SAAS,EAAE;kBACXb,QAAQ,CAACe,MAAM,CAACC,SAAS,CACrBR,cAAc,CAAEC,wBACpB,CAAC;gBACL;cACJ;cAEA,IAAItD,gBAAgB,CAAC6C,QAAQ,EAAE/C,GAAG,CAACgE,GAAG,CAACC,IAAI,CAAC,EAAE;gBAC1C,IAAIlB,QAAQ,CAACc,IAAI,CAACK,oBAAoB,EAAE;kBACpCZ,WAAW,CAACtD,GAAG,CAACgE,GAAG,CAACG,oBAAoB,EAAE;oBACtC1C,IAAI,EAAE,GAAGsB,QAAQ,CAACtB,IAAI,4BAA4B;oBAClDqC,MAAM,EAAE;sBACJM,IAAI,EAAErB,QAAQ,CAACsB,MAAM,CAAC5C,IAAI;sBAC1B6C,SAAS,EACLtE,GAAG,CAACgE,GAAG,CAACO,aAAa,CAChBC;oBACb;kBACJ,CAAC,CAAC;gBACN;cACJ;YACJ,CAAC,CAAC;UACN;QACJ;MACJ,CAAC,CAAC;MACF;;MAEA;MACA;MACA,MAAMC,cAAc,GAAG5C,GAAG,CAAC6C,YAAY,CAAC,CAAC,CAACC,OAAO,CAACrD,SAAS,CAAC;MAE5DM,GAAG,CAACqB,UAAU,CAAC,MAAM;QACjB,OAAOwB,cAAc,CAACG,OAAO,CAAChD,GAA8B,CAAC;MACjE,CAAC,CAAC;MAEF,MAAMiD,YAAY,GAAGjD,GAAG,CAACY,GAAG,CAACqC,YAAY;;MAEzC;MACA,MAAMC,IAAI,GAAGlD,GAAG,CAACmD,SAAS,CAACtE,UAAU,CAAC;;MAEtC;MACA,MAAMuE,UAAU,GACZ9C,mBAAmB,KAAK,IAAI,IAC5B,OAAOA,mBAAmB,KAAK,QAAQ,IACvC2C,YAAY;MAEhBjD,GAAG,CAACmD,SAAS,CAACrE,SAAS,EAAE;QAAEuE,OAAO,EAAED;MAAW,CAAC,CAAC;MAEjD,MAAME,OAAO,GAAGtD,GAAG,CAACmD,SAAS,CAACxE,UAAU,EAAE;QACtCiC,GAAG,EAAE;UACD2C,cAAc,EAAErE,uBAAuB,CAAC,CAAC;UACzCsE,oBAAoB,EAAEN,IAAI,CAACO,iBAAiB;UAC5CC,QAAQ,EAAER,IAAI,CAACS,wBAAwB;UACvCC,mBAAmB,EAAEV,IAAI,CAACW,0BAA0B;UACpDC,mBAAmB,EAAEZ,IAAI,CAACa,2BAA2B;UACrDC,mBAAmB,EAAEd,IAAI,CAACe,wBAAwB;UAElD;UACA;UACAlD,uBAAuB,EAAEJ,OAAO,CAACC,GAAG,CAACG,uBAAuB;UAC5DE,yBAAyB,EAAEN,OAAO,CAACC,GAAG,CAACK,yBAAyB;UAEhEiD,SAAS,EAAEhB,IAAI,CAACiB,mBAAmB;UACnCC,SAAS,EAAElB,IAAI,CAACmB,WAAW;UAC3B;UACAC,WAAW,EAAE3D,OAAO,CAACC,GAAG,CAAC,aAAa;QAC1C;MACJ,CAAC,CAAC;MAEF,MAAM2D,SAAS,GAAGvE,GAAG,CAACmD,SAAS,CAACvE,YAAY,CAAC;MAE7C,MAAM4F,WAAW,GAAGxE,GAAG,CAACmD,SAAS,CAAC1E,cAAc,EAAE;QAC9CmC,GAAG,EAAE;UACD8C,QAAQ,EAAER,IAAI,CAACS,wBAAwB;UACvCC,mBAAmB,EAAEV,IAAI,CAACW;QAC9B;MACJ,CAAC,CAAC;MAEF,MAAMY,UAAU,GAAGzE,GAAG,CAACmD,SAAS,CAACzE,UAAU,EAAE;QACzC,cAAc,EAAE;UACZoB,IAAI,EAAE,UAAU;UAChB4E,MAAM,EAAE,MAAM;UACdC,QAAQ,EAAErB,OAAO,CAACsB,SAAS,CAACtB,OAAO,CAACb,MAAM,CAACoC;QAC/C,CAAC;QACD,iBAAiB,EAAE;UACf/E,IAAI,EAAE,UAAU;UAChB4E,MAAM,EAAE,SAAS;UACjBC,QAAQ,EAAErB,OAAO,CAACsB,SAAS,CAACtB,OAAO,CAACb,MAAM,CAACoC;QAC/C,CAAC;QACD,WAAW,EAAE;UACT/E,IAAI,EAAE,gBAAgB;UACtB4E,MAAM,EAAE,KAAK;UACbC,QAAQ,EAAEH,WAAW,CAACI,SAAS,CAACE,QAAQ,CAACrC,MAAM,CAACoC;QACpD,CAAC;QACD,aAAa,EAAE;UACX/E,IAAI,EAAE,kBAAkB;UACxB4E,MAAM,EAAE,KAAK;UACbC,QAAQ,EAAEH,WAAW,CAACI,SAAS,CAACE,QAAQ,CAACrC,MAAM,CAACoC;QACpD,CAAC;QACD,UAAU,EAAE;UACR/E,IAAI,EAAE,aAAa;UACnB4E,MAAM,EAAE,MAAM;UACdC,QAAQ,EAAErB,OAAO,CAACsB,SAAS,CAACtB,OAAO,CAACb,MAAM,CAACoC;QAC/C,CAAC;QACD,aAAa,EAAE;UACX/E,IAAI,EAAE,aAAa;UACnB4E,MAAM,EAAE,SAAS;UACjBC,QAAQ,EAAErB,OAAO,CAACsB,SAAS,CAACtB,OAAO,CAACb,MAAM,CAACoC;QAC/C,CAAC;QACD,eAAe,EAAE;UACb/E,IAAI,EAAE,eAAe;UACrB4E,MAAM,EAAE,KAAK;UACbC,QAAQ,EAAErB,OAAO,CAACsB,SAAS,CAACtB,OAAO,CAACb,MAAM,CAACoC;QAC/C,CAAC;QACD,mBAAmB,EAAE;UACjB/E,IAAI,EAAE,eAAe;UACrB4E,MAAM,EAAE,SAAS;UACjBC,QAAQ,EAAErB,OAAO,CAACsB,SAAS,CAACtB,OAAO,CAACb,MAAM,CAACoC;QAC/C,CAAC;QACD,iBAAiB,EAAE;UACf/E,IAAI,EAAE,UAAU;UAChB4E,MAAM,EAAE,KAAK;UACbC,QAAQ,EAAEH,WAAW,CAACI,SAAS,CAACE,QAAQ,CAACrC,MAAM,CAACoC;QACpD;MACJ,CAAC,CAAC;MAEF,MAAME,UAAU,GAAG/E,GAAG,CAACmD,SAAS,CAAC3E,aAAa,CAAC;MAC/C,MAAMwG,cAAc,GAAGhF,GAAG,CAACmD,SAAS,CAAC5E,iBAAiB,CAAC;MACvD,MAAM0G,SAAS,GAAGjF,GAAG,CAACmD,SAAS,CAAC9D,YAAY,CAAC;;MAE7C;MACA;MACA;MACA;;MAEAW,GAAG,CAACkF,UAAU,CAAC;QACXC,YAAY,EAAE/F,eAAe,CAACY,GAAG,CAAC;QAClCoF,MAAM,EAAEhH,GAAG,CAAC8D,MAAM,CAACkD,MAAM;QACzB3B,iBAAiB,EAAEP,IAAI,CAACO,iBAAiB;QACzC4B,kBAAkB,EAAEnC,IAAI,CAACmC,kBAAkB;QAC3CC,6BAA6B,EAAEpC,IAAI,CAACoC,6BAA6B;QACjEC,aAAa,EAAErC,IAAI,CAACS,wBAAwB;QAC5C6B,sBAAsB,EAAEtC,IAAI,CAACW,0BAA0B;QACvD4B,iBAAiB,EAAEnC,OAAO,CAACsB,SAAS,CAACtB,OAAO,CAACb,MAAM,CAAC5C,IAAI;QACxD6F,iBAAiB,EAAEpC,OAAO,CAACd,IAAI,CAACC,MAAM,CAACoC,GAAG;QAC1Cc,qBAAqB,EAAErC,OAAO,CAACd,IAAI,CAACC,MAAM,CAAC5C,IAAI;QAC/C+F,uBAAuB,EAAEZ,cAAc,CAACA,cAAc,CAACvC,MAAM,CAACoC,GAAG;QACjEgB,6BAA6B,EAAEb,cAAc,CAACc,YAAY,CAACrD,MAAM,CAACoC,GAAG;QACrEkB,4BAA4B,EAAEvB,WAAW,CAACI,SAAS,CAACE,QAAQ,CAACrC,MAAM,CAACoC,GAAG;QACvEmB,cAAc,EAAEzB,SAAS,CAAC0B,YAAY,CAACxD,MAAM,CAACyD,EAAE;QAChDC,eAAe,EAAE5B,SAAS,CAAC4B,eAAe;QAC1CC,yBAAyB,EAAEnB,SAAS,CAACoB,UAAU,CAAC5D,MAAM,CAACoC;MAC3D,CAAC,CAAC;;MAEF;MACA,IAAIrE,kBAAkB,EAAE;QACpBR,GAAG,CAACkF,UAAU,CAAC;UACXoB,uBAAuB,EAAEpD,IAAI,CAACa;QAClC,CAAC,CAAC;MACN;MAEA/D,GAAG,CAACqB,UAAU,CAAC,MAAM;QACjBtC,qBAAqB,CAAC;UAClBiB,GAAG;UACHuG,sBAAsB,EAAExB,UAAU;UAClCyB,GAAG,EAAE;YACDC,kBAAkB,EAAE,qBAAqB;YACzCC,eAAe,EAAE,kBAAkB;YACnCC,UAAU,EAAE,WAAW;YACvBC,OAAO,EAAE;UACb;QACJ,CAAC,CAAC;MACN,CAAC,CAAC;MACF;MACA;MACA;MACA;MACA;MACA;MACA;MACA;;MAEA;MACA,MAAMzH,oBAAoB,CAAC,KAAK,CAAC;MAEjC,OAAO;QACHqF,WAAW;QACXlB,OAAO;QACPmB,UAAU;QACVF,SAAS;QACTQ,UAAU;QACVC,cAAc;QACdC;MACJ,CAAC;IACL;EACJ,CAAC,CAAC;EAEF,MAAMjF,GAAG,GAAGf,mBAAmB,CAACD,4BAA4B,CAACY,OAAO,CAAC,CAAC;EAEtEI,GAAG,CAACqB,UAAU,CAAC,MAAM;IACjBrB,GAAG,CAAC6G,kBAAkB,CAAC;MACnBhH,IAAI,EAAE,KAAK;MACXiH,QAAQ,EAAE;QACNC,SAAS,EAAEnH,OAAO,CAACoH,SAAS,CAAChC,cAAc,CAACc,YAAY,CAACrD,MAAM,CAACoC,GAAG;QACnEE,UAAU,EAAE;UACRkC,cAAc,EAAErH,OAAO,CAACoH,SAAS,CAACjC,UAAU,CAACtC,MAAM,CAACyD,EAAE;UACtDgB,MAAM,EAAEtH,OAAO,CAACoH,SAAS,CAACjC,UAAU,CAACtC,MAAM,CAAC/B,UAAU,CAACyG,KAAK,CACxDC,CAAC,IAAI,WAAWA,CAAC,EACrB;QACJ;MACJ;IACJ,CAAC,CAAC;IAEFpH,GAAG,CAAC6G,kBAAkB,CAAC;MACnBhH,IAAI,EAAE,WAAW;MACjBiH,QAAQ,EAAE;QACNO,SAAS,EAAEzH,OAAO,CAACoH,SAAS,CAAC1D,OAAO,CAACsB,SAAS,CAACtB,OAAO,CAACb,MAAM,CAACoC,GAAG;QACjEyC,OAAO,EAAE1H,OAAO,CAACoH,SAAS,CAAC/B,SAAS,CAACoB,UAAU,CAAC5D,MAAM,CAACoC;MAC3D;IACJ,CAAC,CAAC;EACN,CAAC,CAAC;EAEF,OAAO7E,GAAG;AACd,CAAC","ignoreList":[]}
1
+ {"version":3,"names":["aws","createPulumiApp","isResourceOfType","ApiBackgroundTask","ApiCloudfront","ApiFileManager","ApiGateway","ApiGraphql","ApiWebsocket","CoreOutput","VpcConfig","addDomainsUrlsOutputs","withCommonLambdaEnvVariables","withServiceManifest","getEnvVariableAwsRegion","applyAwsResourceTags","getAwsAccountId","ApiScheduler","getProjectSdk","getVpcConfigFromExtension","getOsConfigFromExtension","handleGuardDutyEvents","ApiPulumi","ApiCustomDomains","apiCustomDomainsExt","applyCustomDomain","createApiPulumiApp","baseApp","name","path","program","app","sdk","projectConfig","getProjectConfig","pulumiResourceNamePrefix","getPulumiResourceNamePrefix","vpcExtensionsConfig","openSearchExtensionConfig","searchEngineParams","params","endpoint","process","env","OPENSEARCH_ENDPOINT","domainName","AWS_OS_DOMAIN_NAME","indexPrefix","OPENSEARCH_INDEX_PREFIX","sharedIndexes","OPENSEARCH_SHARED_INDEXES","username","OPENSEARCH_USERNAME","password","OPENSEARCH_PASSWORD","onResource","resource","startsWith","addHandler","featureFlags","getFeatureFlags","usingAdvancedVpcParams","isFileManagerThreatDetectionEnabled","addResource","useExistingVpc","lambdaFunctionsVpcConfig","Error","lambda","Function","canUseVpc","meta","config","vpcConfig","iam","Role","isLambdaFunctionRole","RolePolicyAttachment","role","output","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","pulumiHandlers","getContainer","resolve","execute","isProduction","core","addModule","vpcEnabled","enabled","graphql","COGNITO_REGION","COGNITO_USER_POOL_ID","cognitoUserPoolId","DB_TABLE","primaryDynamodbTableName","DB_TABLE_AUDIT_LOGS","auditLogsDynamodbTableName","DB_TABLE_OPENSEARCH","opensearchDynamodbTableName","opensearchDomainEndpoint","S3_BUCKET","fileManagerBucketId","EVENT_BUS","eventBusArn","OKTA_ISSUER","websocket","fileManager","apiGateway","method","function","functions","arn","download","cloudfront","backgroundTask","scheduler","apiCustomDomains","extensionsByType","domains","sslMethod","certificateArn","sslSupportMethod","acmCertificateArn","addOutputs","awsAccountId","region","cognitoAppClientId","cognitoUserPoolPasswordPolicy","dynamoDbTable","auditLogsDynamoDbTable","graphqlLambdaName","graphqlLambdaRole","graphqlLambdaRoleName","backgroundTaskLambdaArn","backgroundTaskStepFunctionArn","stepFunction","fileManagerDownloadLambdaArn","websocketApiId","websocketApi","id","websocketApiUrl","schedulerLambdaInvokeRole","invokeRole","dynamoDbOpensearchTable","cloudfrontDistribution","map","distributionDomain","distributionUrl","usedDomain","usedUrl","addServiceManifest","manifest","bgTaskSfn","resources","distributionId","domain","apply","v","lambdaArn","roleArn"],"sources":["createApiPulumiApp.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { createPulumiApp, isResourceOfType, type PulumiApp } from \"@webiny/pulumi\";\nimport {\n ApiBackgroundTask,\n ApiCloudfront,\n ApiFileManager,\n ApiGateway,\n ApiGraphql,\n ApiWebsocket,\n CoreOutput,\n VpcConfig\n} from \"~/pulumi/apps/index.js\";\nimport {\n addDomainsUrlsOutputs,\n withCommonLambdaEnvVariables,\n withServiceManifest\n} from \"~/pulumi/utils/index.js\";\nimport { getEnvVariableAwsRegion } from \"~/pulumi/env/awsRegion.js\";\n// import { attachSyncSystem } from \"../syncSystem/api/index.js\";\nimport { applyAwsResourceTags, getAwsAccountId } from \"~/pulumi/apps/awsUtils.js\";\nimport type { WithServiceManifest } from \"~/pulumi/utils/withServiceManifest.js\";\nimport { ApiScheduler } from \"~/pulumi/apps/api/ApiScheduler.js\";\nimport { getProjectSdk } from \"@webiny/project\";\nimport { getVpcConfigFromExtension } from \"~/pulumi/apps/extensions/getVpcConfigFromExtension.js\";\nimport { getOsConfigFromExtension } from \"~/pulumi/apps/extensions/getOsConfigFromExtension.js\";\nimport { handleGuardDutyEvents } from \"./handleGuardDutyEvents.js\";\nimport { ApiPulumi } from \"@webiny/project/abstractions/index.js\";\nimport { ApiCustomDomains as apiCustomDomainsExt } from \"~/pulumi/extensions/ApiCustomDomains.js\";\nimport { applyCustomDomain } from \"~/pulumi/apps/customDomain.js\";\n\nexport type ApiPulumiApp = ReturnType<typeof createApiPulumiApp>;\n\nexport const createApiPulumiApp = () => {\n const baseApp = createPulumiApp({\n name: \"api\",\n path: \"apps/api\",\n program: async (app: PulumiApp & WithServiceManifest) => {\n const sdk = await getProjectSdk();\n const projectConfig = await sdk.getProjectConfig();\n\n const pulumiResourceNamePrefix = await sdk.getPulumiResourceNamePrefix();\n const vpcExtensionsConfig = getVpcConfigFromExtension(projectConfig);\n const openSearchExtensionConfig = getOsConfigFromExtension(projectConfig);\n\n let searchEngineParams: typeof openSearchExtensionConfig | null = null;\n\n if (openSearchExtensionConfig) {\n searchEngineParams = openSearchExtensionConfig;\n }\n\n if (searchEngineParams) {\n const params = searchEngineParams;\n if (typeof params === \"object\") {\n if (params.endpoint) {\n process.env.OPENSEARCH_ENDPOINT = params.endpoint;\n }\n\n if (params.domainName) {\n process.env.AWS_OS_DOMAIN_NAME = params.domainName;\n }\n\n if (params.indexPrefix) {\n process.env.OPENSEARCH_INDEX_PREFIX = params.indexPrefix;\n }\n\n if (params.sharedIndexes) {\n process.env.OPENSEARCH_SHARED_INDEXES = \"true\";\n }\n\n if (params.username) {\n process.env.OPENSEARCH_USERNAME = params.username;\n }\n\n if (params.password) {\n process.env.OPENSEARCH_PASSWORD = params.password;\n }\n }\n }\n\n if (pulumiResourceNamePrefix) {\n app.onResource(resource => {\n if (!resource.name.startsWith(pulumiResourceNamePrefix)) {\n resource.name = `${pulumiResourceNamePrefix}${resource.name}`;\n }\n });\n }\n\n // <-------------------- Enterprise start -------------------->\n app.addHandler(async () => {\n const featureFlags = await sdk.getFeatureFlags();\n\n const usingAdvancedVpcParams =\n vpcExtensionsConfig && typeof vpcExtensionsConfig !== \"boolean\";\n\n if (featureFlags.isFileManagerThreatDetectionEnabled()) {\n handleGuardDutyEvents(app as ApiPulumiApp);\n }\n\n // Not using advanced VPC params? Then immediately exit.\n if (usingAdvancedVpcParams) {\n const { onResource, addResource } = app;\n const { useExistingVpc } = vpcExtensionsConfig;\n\n // 1. We first deal with \"existing VPC\" setup.\n if (useExistingVpc) {\n if (!useExistingVpc.lambdaFunctionsVpcConfig) {\n throw new Error(\n \"Cannot specify `useExistingVpc` parameter because the `lambdaFunctionsVpcConfig` parameter wasn't provided.\"\n );\n }\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.lambda.Function)) {\n const canUseVpc = resource.meta.canUseVpc !== false;\n if (canUseVpc) {\n resource.config.vpcConfig(\n useExistingVpc!.lambdaFunctionsVpcConfig\n );\n }\n }\n\n if (isResourceOfType(resource, aws.iam.Role)) {\n if (resource.meta.isLambdaFunctionRole) {\n addResource(aws.iam.RolePolicyAttachment, {\n name: `${resource.name}-vpc-access-execution-role`,\n config: {\n role: resource.output.name,\n policyArn:\n aws.iam.ManagedPolicy\n .AWSLambdaVPCAccessExecutionRole\n }\n });\n }\n }\n });\n }\n }\n });\n // <-------------------- Enterprise end -------------------->\n\n // Overrides must be applied via a handler, registered at the very start of the program.\n // By doing this, we're ensuring user's adjustments are not applied to late.\n const pulumiHandlers = sdk.getContainer().resolve(ApiPulumi);\n\n app.addHandler(() => {\n return pulumiHandlers.execute(app as unknown as ApiPulumiApp);\n });\n\n const isProduction = app.env.isProduction;\n\n // Register core output as a module available to all the other modules\n const core = app.addModule(CoreOutput);\n\n // Register VPC config module to be available to other modules.\n const vpcEnabled =\n vpcExtensionsConfig === true ||\n typeof vpcExtensionsConfig === \"object\" ||\n isProduction;\n\n app.addModule(VpcConfig, { enabled: vpcEnabled });\n\n const graphql = app.addModule(ApiGraphql, {\n env: {\n COGNITO_REGION: getEnvVariableAwsRegion(),\n COGNITO_USER_POOL_ID: core.cognitoUserPoolId,\n DB_TABLE: core.primaryDynamodbTableName,\n DB_TABLE_AUDIT_LOGS: core.auditLogsDynamodbTableName,\n DB_TABLE_OPENSEARCH: core.opensearchDynamodbTableName,\n OPENSEARCH_ENDPOINT: core.opensearchDomainEndpoint,\n\n // Not required. Useful for testing purposes / ephemeral environments.\n // https://www.webiny.com/docs/key-topics/ci-cd/testing/slow-ephemeral-environments\n OPENSEARCH_INDEX_PREFIX: process.env.OPENSEARCH_INDEX_PREFIX,\n OPENSEARCH_SHARED_INDEXES: process.env.OPENSEARCH_SHARED_INDEXES,\n OPENSEARCH_USERNAME: process.env.OPENSEARCH_USERNAME,\n OPENSEARCH_PASSWORD: process.env.OPENSEARCH_PASSWORD,\n\n S3_BUCKET: core.fileManagerBucketId,\n EVENT_BUS: core.eventBusArn,\n // TODO: move to okta plugin\n OKTA_ISSUER: process.env[\"OKTA_ISSUER\"]\n }\n });\n\n const websocket = app.addModule(ApiWebsocket);\n\n const fileManager = app.addModule(ApiFileManager, {\n env: {\n DB_TABLE: core.primaryDynamodbTableName,\n DB_TABLE_AUDIT_LOGS: core.auditLogsDynamodbTableName\n }\n });\n\n const apiGateway = app.addModule(ApiGateway, {\n \"graphql-post\": {\n path: \"/graphql\",\n method: \"POST\",\n function: graphql.functions.graphql.output.arn\n },\n \"graphql-options\": {\n path: \"/graphql\",\n method: \"OPTIONS\",\n function: graphql.functions.graphql.output.arn\n },\n \"files-any\": {\n path: \"/files/{path+}\",\n method: \"ANY\",\n function: fileManager.functions.download.output.arn\n },\n \"private-any\": {\n path: \"/private/{path+}\",\n method: \"ANY\",\n function: fileManager.functions.download.output.arn\n },\n \"cms-post\": {\n path: \"/cms/{key+}\",\n method: \"POST\",\n function: graphql.functions.graphql.output.arn\n },\n \"cms-options\": {\n path: \"/cms/{key+}\",\n method: \"OPTIONS\",\n function: graphql.functions.graphql.output.arn\n },\n \"redirects-get\": {\n path: \"/wb/redirects\",\n method: \"GET\",\n function: graphql.functions.graphql.output.arn\n },\n \"redirects-options\": {\n path: \"/wb/redirects\",\n method: \"OPTIONS\",\n function: graphql.functions.graphql.output.arn\n },\n \"files-catch-all\": {\n path: \"/{path+}\",\n method: \"ANY\",\n function: fileManager.functions.download.output.arn\n }\n });\n\n const cloudfront = app.addModule(ApiCloudfront);\n const backgroundTask = app.addModule(ApiBackgroundTask);\n const scheduler = app.addModule(ApiScheduler);\n\n const [apiCustomDomains] = projectConfig.extensionsByType(apiCustomDomainsExt);\n if (apiCustomDomains) {\n const { domains, sslMethod, certificateArn } = apiCustomDomains.params;\n applyCustomDomain(cloudfront, {\n domains,\n sslSupportMethod: sslMethod,\n acmCertificateArn: certificateArn\n });\n }\n\n app.addOutputs({\n awsAccountId: getAwsAccountId(app),\n region: aws.config.region,\n cognitoUserPoolId: core.cognitoUserPoolId,\n cognitoAppClientId: core.cognitoAppClientId,\n cognitoUserPoolPasswordPolicy: core.cognitoUserPoolPasswordPolicy,\n dynamoDbTable: core.primaryDynamodbTableName,\n auditLogsDynamoDbTable: core.auditLogsDynamodbTableName,\n graphqlLambdaName: graphql.functions.graphql.output.name,\n graphqlLambdaRole: graphql.role.output.arn,\n graphqlLambdaRoleName: graphql.role.output.name,\n backgroundTaskLambdaArn: backgroundTask.backgroundTask.output.arn,\n backgroundTaskStepFunctionArn: backgroundTask.stepFunction.output.arn,\n fileManagerDownloadLambdaArn: fileManager.functions.download.output.arn,\n websocketApiId: websocket.websocketApi.output.id,\n websocketApiUrl: websocket.websocketApiUrl,\n schedulerLambdaInvokeRole: scheduler.invokeRole.output.arn\n });\n\n // Only add `dynamoDbOpensearchTable` output if using search engine (ES/OS).\n if (searchEngineParams) {\n app.addOutputs({\n dynamoDbOpensearchTable: core.opensearchDynamodbTableName\n });\n }\n\n app.addHandler(() => {\n addDomainsUrlsOutputs({\n app,\n cloudfrontDistribution: cloudfront,\n map: {\n distributionDomain: \"cloudfrontApiDomain\",\n distributionUrl: \"cloudfrontApiUrl\",\n usedDomain: \"apiDomain\",\n usedUrl: \"apiUrl\"\n }\n });\n });\n // /**\n // * We need to attach the Sync System if it exists.\n // */\n // await attachSyncSystem({\n // app,\n // core,\n // env: app.params.run.env\n // });\n\n // Applies internal and user-defined AWS tags.\n await applyAwsResourceTags(\"api\");\n\n return {\n fileManager,\n graphql,\n apiGateway,\n websocket,\n cloudfront,\n backgroundTask,\n scheduler\n };\n }\n });\n\n const app = withServiceManifest(withCommonLambdaEnvVariables(baseApp));\n\n app.addHandler(() => {\n app.addServiceManifest({\n name: \"api\",\n manifest: {\n bgTaskSfn: baseApp.resources.backgroundTask.stepFunction.output.arn,\n cloudfront: {\n distributionId: baseApp.resources.cloudfront.output.id,\n domain: baseApp.resources.cloudfront.output.domainName.apply(\n v => `https://${v}`\n )\n }\n }\n });\n\n app.addServiceManifest({\n name: \"scheduler\",\n manifest: {\n lambdaArn: baseApp.resources.graphql.functions.graphql.output.arn,\n roleArn: baseApp.resources.scheduler.invokeRole.output.arn\n }\n });\n });\n\n return app;\n};\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAClC,SAASC,eAAe,EAAEC,gBAAgB,QAAwB,gBAAgB;AAClF,SACIC,iBAAiB,EACjBC,aAAa,EACbC,cAAc,EACdC,UAAU,EACVC,UAAU,EACVC,YAAY,EACZC,UAAU,EACVC,SAAS;AAEb,SACIC,qBAAqB,EACrBC,4BAA4B,EAC5BC,mBAAmB;AAEvB,SAASC,uBAAuB;AAChC;AACA,SAASC,oBAAoB,EAAEC,eAAe;AAE9C,SAASC,YAAY;AACrB,SAASC,aAAa,QAAQ,iBAAiB;AAC/C,SAASC,yBAAyB;AAClC,SAASC,wBAAwB;AACjC,SAASC,qBAAqB;AAC9B,SAASC,SAAS,QAAQ,uCAAuC;AACjE,SAASC,gBAAgB,IAAIC,mBAAmB;AAChD,SAASC,iBAAiB;AAI1B,OAAO,MAAMC,kBAAkB,GAAGA,CAAA,KAAM;EACpC,MAAMC,OAAO,GAAG1B,eAAe,CAAC;IAC5B2B,IAAI,EAAE,KAAK;IACXC,IAAI,EAAE,UAAU;IAChBC,OAAO,EAAE,MAAOC,GAAoC,IAAK;MACrD,MAAMC,GAAG,GAAG,MAAMd,aAAa,CAAC,CAAC;MACjC,MAAMe,aAAa,GAAG,MAAMD,GAAG,CAACE,gBAAgB,CAAC,CAAC;MAElD,MAAMC,wBAAwB,GAAG,MAAMH,GAAG,CAACI,2BAA2B,CAAC,CAAC;MACxE,MAAMC,mBAAmB,GAAGlB,yBAAyB,CAACc,aAAa,CAAC;MACpE,MAAMK,yBAAyB,GAAGlB,wBAAwB,CAACa,aAAa,CAAC;MAEzE,IAAIM,kBAA2D,GAAG,IAAI;MAEtE,IAAID,yBAAyB,EAAE;QAC3BC,kBAAkB,GAAGD,yBAAyB;MAClD;MAEA,IAAIC,kBAAkB,EAAE;QACpB,MAAMC,MAAM,GAAGD,kBAAkB;QACjC,IAAI,OAAOC,MAAM,KAAK,QAAQ,EAAE;UAC5B,IAAIA,MAAM,CAACC,QAAQ,EAAE;YACjBC,OAAO,CAACC,GAAG,CAACC,mBAAmB,GAAGJ,MAAM,CAACC,QAAQ;UACrD;UAEA,IAAID,MAAM,CAACK,UAAU,EAAE;YACnBH,OAAO,CAACC,GAAG,CAACG,kBAAkB,GAAGN,MAAM,CAACK,UAAU;UACtD;UAEA,IAAIL,MAAM,CAACO,WAAW,EAAE;YACpBL,OAAO,CAACC,GAAG,CAACK,uBAAuB,GAAGR,MAAM,CAACO,WAAW;UAC5D;UAEA,IAAIP,MAAM,CAACS,aAAa,EAAE;YACtBP,OAAO,CAACC,GAAG,CAACO,yBAAyB,GAAG,MAAM;UAClD;UAEA,IAAIV,MAAM,CAACW,QAAQ,EAAE;YACjBT,OAAO,CAACC,GAAG,CAACS,mBAAmB,GAAGZ,MAAM,CAACW,QAAQ;UACrD;UAEA,IAAIX,MAAM,CAACa,QAAQ,EAAE;YACjBX,OAAO,CAACC,GAAG,CAACW,mBAAmB,GAAGd,MAAM,CAACa,QAAQ;UACrD;QACJ;MACJ;MAEA,IAAIlB,wBAAwB,EAAE;QAC1BJ,GAAG,CAACwB,UAAU,CAACC,QAAQ,IAAI;UACvB,IAAI,CAACA,QAAQ,CAAC5B,IAAI,CAAC6B,UAAU,CAACtB,wBAAwB,CAAC,EAAE;YACrDqB,QAAQ,CAAC5B,IAAI,GAAG,GAAGO,wBAAwB,GAAGqB,QAAQ,CAAC5B,IAAI,EAAE;UACjE;QACJ,CAAC,CAAC;MACN;;MAEA;MACAG,GAAG,CAAC2B,UAAU,CAAC,YAAY;QACvB,MAAMC,YAAY,GAAG,MAAM3B,GAAG,CAAC4B,eAAe,CAAC,CAAC;QAEhD,MAAMC,sBAAsB,GACxBxB,mBAAmB,IAAI,OAAOA,mBAAmB,KAAK,SAAS;QAEnE,IAAIsB,YAAY,CAACG,mCAAmC,CAAC,CAAC,EAAE;UACpDzC,qBAAqB,CAACU,GAAmB,CAAC;QAC9C;;QAEA;QACA,IAAI8B,sBAAsB,EAAE;UACxB,MAAM;YAAEN,UAAU;YAAEQ;UAAY,CAAC,GAAGhC,GAAG;UACvC,MAAM;YAAEiC;UAAe,CAAC,GAAG3B,mBAAmB;;UAE9C;UACA,IAAI2B,cAAc,EAAE;YAChB,IAAI,CAACA,cAAc,CAACC,wBAAwB,EAAE;cAC1C,MAAM,IAAIC,KAAK,CACX,6GACJ,CAAC;YACL;YAEAX,UAAU,CAACC,QAAQ,IAAI;cACnB,IAAItD,gBAAgB,CAACsD,QAAQ,EAAExD,GAAG,CAACmE,MAAM,CAACC,QAAQ,CAAC,EAAE;gBACjD,MAAMC,SAAS,GAAGb,QAAQ,CAACc,IAAI,CAACD,SAAS,KAAK,KAAK;gBACnD,IAAIA,SAAS,EAAE;kBACXb,QAAQ,CAACe,MAAM,CAACC,SAAS,CACrBR,cAAc,CAAEC,wBACpB,CAAC;gBACL;cACJ;cAEA,IAAI/D,gBAAgB,CAACsD,QAAQ,EAAExD,GAAG,CAACyE,GAAG,CAACC,IAAI,CAAC,EAAE;gBAC1C,IAAIlB,QAAQ,CAACc,IAAI,CAACK,oBAAoB,EAAE;kBACpCZ,WAAW,CAAC/D,GAAG,CAACyE,GAAG,CAACG,oBAAoB,EAAE;oBACtChD,IAAI,EAAE,GAAG4B,QAAQ,CAAC5B,IAAI,4BAA4B;oBAClD2C,MAAM,EAAE;sBACJM,IAAI,EAAErB,QAAQ,CAACsB,MAAM,CAAClD,IAAI;sBAC1BmD,SAAS,EACL/E,GAAG,CAACyE,GAAG,CAACO,aAAa,CAChBC;oBACb;kBACJ,CAAC,CAAC;gBACN;cACJ;YACJ,CAAC,CAAC;UACN;QACJ;MACJ,CAAC,CAAC;MACF;;MAEA;MACA;MACA,MAAMC,cAAc,GAAGlD,GAAG,CAACmD,YAAY,CAAC,CAAC,CAACC,OAAO,CAAC9D,SAAS,CAAC;MAE5DS,GAAG,CAAC2B,UAAU,CAAC,MAAM;QACjB,OAAOwB,cAAc,CAACG,OAAO,CAACtD,GAA8B,CAAC;MACjE,CAAC,CAAC;MAEF,MAAMuD,YAAY,GAAGvD,GAAG,CAACY,GAAG,CAAC2C,YAAY;;MAEzC;MACA,MAAMC,IAAI,GAAGxD,GAAG,CAACyD,SAAS,CAAC/E,UAAU,CAAC;;MAEtC;MACA,MAAMgF,UAAU,GACZpD,mBAAmB,KAAK,IAAI,IAC5B,OAAOA,mBAAmB,KAAK,QAAQ,IACvCiD,YAAY;MAEhBvD,GAAG,CAACyD,SAAS,CAAC9E,SAAS,EAAE;QAAEgF,OAAO,EAAED;MAAW,CAAC,CAAC;MAEjD,MAAME,OAAO,GAAG5D,GAAG,CAACyD,SAAS,CAACjF,UAAU,EAAE;QACtCoC,GAAG,EAAE;UACDiD,cAAc,EAAE9E,uBAAuB,CAAC,CAAC;UACzC+E,oBAAoB,EAAEN,IAAI,CAACO,iBAAiB;UAC5CC,QAAQ,EAAER,IAAI,CAACS,wBAAwB;UACvCC,mBAAmB,EAAEV,IAAI,CAACW,0BAA0B;UACpDC,mBAAmB,EAAEZ,IAAI,CAACa,2BAA2B;UACrDxD,mBAAmB,EAAE2C,IAAI,CAACc,wBAAwB;UAElD;UACA;UACArD,uBAAuB,EAAEN,OAAO,CAACC,GAAG,CAACK,uBAAuB;UAC5DE,yBAAyB,EAAER,OAAO,CAACC,GAAG,CAACO,yBAAyB;UAChEE,mBAAmB,EAAEV,OAAO,CAACC,GAAG,CAACS,mBAAmB;UACpDE,mBAAmB,EAAEZ,OAAO,CAACC,GAAG,CAACW,mBAAmB;UAEpDgD,SAAS,EAAEf,IAAI,CAACgB,mBAAmB;UACnCC,SAAS,EAAEjB,IAAI,CAACkB,WAAW;UAC3B;UACAC,WAAW,EAAEhE,OAAO,CAACC,GAAG,CAAC,aAAa;QAC1C;MACJ,CAAC,CAAC;MAEF,MAAMgE,SAAS,GAAG5E,GAAG,CAACyD,SAAS,CAAChF,YAAY,CAAC;MAE7C,MAAMoG,WAAW,GAAG7E,GAAG,CAACyD,SAAS,CAACnF,cAAc,EAAE;QAC9CsC,GAAG,EAAE;UACDoD,QAAQ,EAAER,IAAI,CAACS,wBAAwB;UACvCC,mBAAmB,EAAEV,IAAI,CAACW;QAC9B;MACJ,CAAC,CAAC;MAEF,MAAMW,UAAU,GAAG9E,GAAG,CAACyD,SAAS,CAAClF,UAAU,EAAE;QACzC,cAAc,EAAE;UACZuB,IAAI,EAAE,UAAU;UAChBiF,MAAM,EAAE,MAAM;UACdC,QAAQ,EAAEpB,OAAO,CAACqB,SAAS,CAACrB,OAAO,CAACb,MAAM,CAACmC;QAC/C,CAAC;QACD,iBAAiB,EAAE;UACfpF,IAAI,EAAE,UAAU;UAChBiF,MAAM,EAAE,SAAS;UACjBC,QAAQ,EAAEpB,OAAO,CAACqB,SAAS,CAACrB,OAAO,CAACb,MAAM,CAACmC;QAC/C,CAAC;QACD,WAAW,EAAE;UACTpF,IAAI,EAAE,gBAAgB;UACtBiF,MAAM,EAAE,KAAK;UACbC,QAAQ,EAAEH,WAAW,CAACI,SAAS,CAACE,QAAQ,CAACpC,MAAM,CAACmC;QACpD,CAAC;QACD,aAAa,EAAE;UACXpF,IAAI,EAAE,kBAAkB;UACxBiF,MAAM,EAAE,KAAK;UACbC,QAAQ,EAAEH,WAAW,CAACI,SAAS,CAACE,QAAQ,CAACpC,MAAM,CAACmC;QACpD,CAAC;QACD,UAAU,EAAE;UACRpF,IAAI,EAAE,aAAa;UACnBiF,MAAM,EAAE,MAAM;UACdC,QAAQ,EAAEpB,OAAO,CAACqB,SAAS,CAACrB,OAAO,CAACb,MAAM,CAACmC;QAC/C,CAAC;QACD,aAAa,EAAE;UACXpF,IAAI,EAAE,aAAa;UACnBiF,MAAM,EAAE,SAAS;UACjBC,QAAQ,EAAEpB,OAAO,CAACqB,SAAS,CAACrB,OAAO,CAACb,MAAM,CAACmC;QAC/C,CAAC;QACD,eAAe,EAAE;UACbpF,IAAI,EAAE,eAAe;UACrBiF,MAAM,EAAE,KAAK;UACbC,QAAQ,EAAEpB,OAAO,CAACqB,SAAS,CAACrB,OAAO,CAACb,MAAM,CAACmC;QAC/C,CAAC;QACD,mBAAmB,EAAE;UACjBpF,IAAI,EAAE,eAAe;UACrBiF,MAAM,EAAE,SAAS;UACjBC,QAAQ,EAAEpB,OAAO,CAACqB,SAAS,CAACrB,OAAO,CAACb,MAAM,CAACmC;QAC/C,CAAC;QACD,iBAAiB,EAAE;UACfpF,IAAI,EAAE,UAAU;UAChBiF,MAAM,EAAE,KAAK;UACbC,QAAQ,EAAEH,WAAW,CAACI,SAAS,CAACE,QAAQ,CAACpC,MAAM,CAACmC;QACpD;MACJ,CAAC,CAAC;MAEF,MAAME,UAAU,GAAGpF,GAAG,CAACyD,SAAS,CAACpF,aAAa,CAAC;MAC/C,MAAMgH,cAAc,GAAGrF,GAAG,CAACyD,SAAS,CAACrF,iBAAiB,CAAC;MACvD,MAAMkH,SAAS,GAAGtF,GAAG,CAACyD,SAAS,CAACvE,YAAY,CAAC;MAE7C,MAAM,CAACqG,gBAAgB,CAAC,GAAGrF,aAAa,CAACsF,gBAAgB,CAAC/F,mBAAmB,CAAC;MAC9E,IAAI8F,gBAAgB,EAAE;QAClB,MAAM;UAAEE,OAAO;UAAEC,SAAS;UAAEC;QAAe,CAAC,GAAGJ,gBAAgB,CAAC9E,MAAM;QACtEf,iBAAiB,CAAC0F,UAAU,EAAE;UAC1BK,OAAO;UACPG,gBAAgB,EAAEF,SAAS;UAC3BG,iBAAiB,EAAEF;QACvB,CAAC,CAAC;MACN;MAEA3F,GAAG,CAAC8F,UAAU,CAAC;QACXC,YAAY,EAAE9G,eAAe,CAACe,GAAG,CAAC;QAClCgG,MAAM,EAAE/H,GAAG,CAACuE,MAAM,CAACwD,MAAM;QACzBjC,iBAAiB,EAAEP,IAAI,CAACO,iBAAiB;QACzCkC,kBAAkB,EAAEzC,IAAI,CAACyC,kBAAkB;QAC3CC,6BAA6B,EAAE1C,IAAI,CAAC0C,6BAA6B;QACjEC,aAAa,EAAE3C,IAAI,CAACS,wBAAwB;QAC5CmC,sBAAsB,EAAE5C,IAAI,CAACW,0BAA0B;QACvDkC,iBAAiB,EAAEzC,OAAO,CAACqB,SAAS,CAACrB,OAAO,CAACb,MAAM,CAAClD,IAAI;QACxDyG,iBAAiB,EAAE1C,OAAO,CAACd,IAAI,CAACC,MAAM,CAACmC,GAAG;QAC1CqB,qBAAqB,EAAE3C,OAAO,CAACd,IAAI,CAACC,MAAM,CAAClD,IAAI;QAC/C2G,uBAAuB,EAAEnB,cAAc,CAACA,cAAc,CAACtC,MAAM,CAACmC,GAAG;QACjEuB,6BAA6B,EAAEpB,cAAc,CAACqB,YAAY,CAAC3D,MAAM,CAACmC,GAAG;QACrEyB,4BAA4B,EAAE9B,WAAW,CAACI,SAAS,CAACE,QAAQ,CAACpC,MAAM,CAACmC,GAAG;QACvE0B,cAAc,EAAEhC,SAAS,CAACiC,YAAY,CAAC9D,MAAM,CAAC+D,EAAE;QAChDC,eAAe,EAAEnC,SAAS,CAACmC,eAAe;QAC1CC,yBAAyB,EAAE1B,SAAS,CAAC2B,UAAU,CAAClE,MAAM,CAACmC;MAC3D,CAAC,CAAC;;MAEF;MACA,IAAI1E,kBAAkB,EAAE;QACpBR,GAAG,CAAC8F,UAAU,CAAC;UACXoB,uBAAuB,EAAE1D,IAAI,CAACa;QAClC,CAAC,CAAC;MACN;MAEArE,GAAG,CAAC2B,UAAU,CAAC,MAAM;QACjB/C,qBAAqB,CAAC;UAClBoB,GAAG;UACHmH,sBAAsB,EAAE/B,UAAU;UAClCgC,GAAG,EAAE;YACDC,kBAAkB,EAAE,qBAAqB;YACzCC,eAAe,EAAE,kBAAkB;YACnCC,UAAU,EAAE,WAAW;YACvBC,OAAO,EAAE;UACb;QACJ,CAAC,CAAC;MACN,CAAC,CAAC;MACF;MACA;MACA;MACA;MACA;MACA;MACA;MACA;;MAEA;MACA,MAAMxI,oBAAoB,CAAC,KAAK,CAAC;MAEjC,OAAO;QACH6F,WAAW;QACXjB,OAAO;QACPkB,UAAU;QACVF,SAAS;QACTQ,UAAU;QACVC,cAAc;QACdC;MACJ,CAAC;IACL;EACJ,CAAC,CAAC;EAEF,MAAMtF,GAAG,GAAGlB,mBAAmB,CAACD,4BAA4B,CAACe,OAAO,CAAC,CAAC;EAEtEI,GAAG,CAAC2B,UAAU,CAAC,MAAM;IACjB3B,GAAG,CAACyH,kBAAkB,CAAC;MACnB5H,IAAI,EAAE,KAAK;MACX6H,QAAQ,EAAE;QACNC,SAAS,EAAE/H,OAAO,CAACgI,SAAS,CAACvC,cAAc,CAACqB,YAAY,CAAC3D,MAAM,CAACmC,GAAG;QACnEE,UAAU,EAAE;UACRyC,cAAc,EAAEjI,OAAO,CAACgI,SAAS,CAACxC,UAAU,CAACrC,MAAM,CAAC+D,EAAE;UACtDgB,MAAM,EAAElI,OAAO,CAACgI,SAAS,CAACxC,UAAU,CAACrC,MAAM,CAACjC,UAAU,CAACiH,KAAK,CACxDC,CAAC,IAAI,WAAWA,CAAC,EACrB;QACJ;MACJ;IACJ,CAAC,CAAC;IAEFhI,GAAG,CAACyH,kBAAkB,CAAC;MACnB5H,IAAI,EAAE,WAAW;MACjB6H,QAAQ,EAAE;QACNO,SAAS,EAAErI,OAAO,CAACgI,SAAS,CAAChE,OAAO,CAACqB,SAAS,CAACrB,OAAO,CAACb,MAAM,CAACmC,GAAG;QACjEgD,OAAO,EAAEtI,OAAO,CAACgI,SAAS,CAACtC,SAAS,CAAC2B,UAAU,CAAClE,MAAM,CAACmC;MAC3D;IACJ,CAAC,CAAC;EACN,CAAC,CAAC;EAEF,OAAOlF,GAAG;AACd,CAAC","ignoreList":[]}
package/pulumi/apps/core/CoreOpenSearch.js CHANGED
@@ -35,21 +35,30 @@ export const OpenSearch = createAppModule({
35
35
  const vpc = app.getModule(CoreVpc, {
36
36
  optional: true
37
37
  });
38
-
39
- // This needs to be implemented in order to be able to use a shared OpenSearch cluster.
40
- let domain;
38
+ let domain = null;
41
39
  let domainPolicy;
42
- if (process.env.AWS_OS_DOMAIN_NAME) {
43
- const domainName = String(process.env.AWS_OS_DOMAIN_NAME);
44
- // This can be useful for testing purposes in ephemeral environments. More information here:
40
+ let domainEndpoint;
41
+ let domainArn;
42
+ const providedEndpoint = process.env.OPENSEARCH_ENDPOINT;
43
+ const providedDomainName = process.env.AWS_OS_DOMAIN_NAME;
44
+ if (providedEndpoint && !providedDomainName) {
45
+ throw new Error("OPENSEARCH_ENDPOINT was provided but AWS_OS_DOMAIN_NAME is missing. " + "A domain name is required to look up the domain ARN when using a custom endpoint.");
46
+ }
47
+ if (providedDomainName) {
48
+ // Look up the existing domain by name to obtain its ARN and (if no explicit endpoint is
49
+ // provided) its endpoint. This covers both the ephemeral-environment pattern and the
50
+ // case where an external endpoint is supplied alongside a domain name.
45
51
  // https://www.webiny.com/docs/key-topics/ci-cd/testing/slow-ephemeral-environments
46
- domain = app.addRemoteResource(domainName, () => {
52
+ domain = app.addRemoteResource(providedDomainName, () => {
47
53
  return aws.opensearch.getDomain({
48
- domainName
54
+ domainName: providedDomainName
49
55
  }, {
50
56
  async: true
51
57
  });
52
58
  });
59
+ domainArn = domain.output.arn;
60
+ // Prefer an explicitly provided endpoint; fall back to the one reported by AWS.
61
+ domainEndpoint = providedEndpoint ?? domain.output.endpoint;
53
62
  } else {
54
63
  const randomId = new random.RandomId("osDomainRandomId", {
55
64
  byteLength: 8
@@ -85,6 +94,8 @@ export const OpenSearch = createAppModule({
85
94
  protect: params.protect
86
95
  }
87
96
  });
97
+ domainEndpoint = domain.output.endpoint;
98
+ domainArn = domain.output.arn;
88
99
 
89
100
  /**
90
101
  * Domain policy defines who can access your OpenSearch Domain.
@@ -96,7 +107,7 @@ export const OpenSearch = createAppModule({
96
107
  name: `${domainLogicalName}-policy`,
97
108
  config: {
98
109
  domainName: domain.output.domainName,
99
- accessPolicies: pulumi.all([accountId, domain.output.arn]).apply(([accountId, domainArn]) => {
110
+ accessPolicies: pulumi.all([accountId, domainArn]).apply(([accountId, domainArn]) => {
100
111
  return JSON.stringify({
101
112
  Version: "2012-10-17",
102
113
  Statement: [
@@ -180,7 +191,7 @@ export const OpenSearch = createAppModule({
180
191
  isLambdaFunctionRole: true
181
192
  }
182
193
  });
183
- const policy = getDynamoDbToElasticLambdaPolicy(app, domain.output);
194
+ const policy = getDynamoDbToElasticLambdaPolicy(app, domainArn);
184
195
  app.addResource(aws.iam.RolePolicyAttachment, {
185
196
  name: `${roleName}-DynamoDbToElasticLambdaPolicy`,
186
197
  config: {
@@ -232,7 +243,9 @@ export const OpenSearch = createAppModule({
232
243
  environment: {
233
244
  variables: {
234
245
  DEBUG: String(process.env.DEBUG),
235
- OPENSEARCH_ENDPOINT: domain.output.endpoint
246
+ OPENSEARCH_ENDPOINT: domainEndpoint,
247
+ OPENSEARCH_USERNAME: process.env.OPENSEARCH_USERNAME ?? "",
248
+ OPENSEARCH_PASSWORD: process.env.OPENSEARCH_PASSWORD ?? ""
236
249
  }
237
250
  },
238
251
  description: "Process DynamoDB Stream.",
@@ -260,8 +273,8 @@ export const OpenSearch = createAppModule({
260
273
  }
261
274
  });
262
275
  app.addOutputs({
263
- opensearchDomainArn: domain.output.arn,
264
- opensearchDomainEndpoint: domain.output.endpoint,
276
+ opensearchDomainArn: domainArn,
277
+ opensearchDomainEndpoint: domainEndpoint,
265
278
  opensearchDynamodbTableArn: table.output.arn,
266
279
  opensearchDynamodbTableName: table.output.name
267
280
  });
@@ -278,7 +291,7 @@ export const OpenSearch = createAppModule({
278
291
  };
279
292
  }
280
293
  });
281
- function getDynamoDbToElasticLambdaPolicy(app, domain) {
294
+ function getDynamoDbToElasticLambdaPolicy(app, domainArn) {
282
295
  return app.addResource(aws.iam.Policy, {
283
296
  name: "DynamoDbToElasticLambdaPolicy-updated",
284
297
  config: {
@@ -289,7 +302,7 @@ function getDynamoDbToElasticLambdaPolicy(app, domain) {
289
302
  Sid: "PermissionForES",
290
303
  Effect: "Allow",
291
304
  Action: ["es:ESHttpGet", "es:ESHttpDelete", "es:ESHttpPatch", "es:ESHttpPost", "es:ESHttpPut", "dynamodb:BatchGetItem", "dynamodb:BatchWriteItem", "dynamodb:PutItem", "dynamodb:GetItem", "dynamodb:DeleteItem", "dynamodb:Query", "dynamodb:UpdateItem"],
292
- Resource: [pulumi.interpolate`${domain.arn}`, pulumi.interpolate`${domain.arn}/*`]
305
+ Resource: [pulumi.interpolate`${domainArn}`, pulumi.interpolate`${domainArn}/*`]
293
306
  }]
294
307
  }
295
308
  }
package/pulumi/apps/core/CoreOpenSearch.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["path","pulumi","aws","random","createAppModule","getAwsAccountId","CoreVpc","LAMBDA_RUNTIME","getDevClusterConfig","instanceType","getProdClusterConfig","instanceCount","zoneAwarenessEnabled","zoneAwarenessConfig","availabilityZoneCount","OS_ENGINE_VERSION","OpenSearch","name","config","app","params","isProduction","env","vpc","getModule","optional","domain","domainPolicy","process","AWS_OS_DOMAIN_NAME","domainName","String","addRemoteResource","opensearch","getDomain","async","randomId","RandomId","byteLength","namePrefix","getParam","create","pulumiResourceNamePrefix","domainLogicalName","domainPhysicalName","hex","apply","slice","addResource","Domain","engineVersion","clusterConfig","vpcOptions","subnetIds","subnets","private","map","s","output","id","securityGroupIds","defaultSecurityGroupId","undefined","ebsOptions","ebsEnabled","volumeSize","volumeType","advancedOptions","snapshotOptions","automatedSnapshotStartHour","opts","protect","accountId","DomainPolicy","accessPolicies","all","arn","domainArn","JSON","stringify","Version","Statement","Effect","Principal","AWS","Action","Resource","table","dynamodb","Table","attributes","type","streamEnabled","streamViewType","billingMode","hashKey","rangeKey","globalSecondaryIndexes","keySchemas","attributeName","keyType","projectionType","ttl","enabled","roleName","role","iam","Role","assumeRolePolicy","Service","meta","isLambdaFunctionRole","policy","getDynamoDbToElasticLambdaPolicy","RolePolicyAttachment","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","AWSLambdaBasicExecutionRole","AWSLambdaDynamoDBExecutionRole","lambda","Function","runtime","handler","timeout","memorySize","environment","variables","DEBUG","OPENSEARCH_ENDPOINT","endpoint","description","code","asset","AssetArchive","FileArchive","join","paths","workspace","vpcConfig","loggingConfig","logFormat","eventSourceMapping","EventSourceMapping","eventSourceArn","streamArn","functionName","startingPosition","maximumRetryAttempts","batchSize","maximumBatchingWindowInSeconds","addOutputs","opensearchDomainArn","opensearchDomainEndpoint","opensearchDynamodbTableArn","opensearchDynamodbTableName","dynamoToElastic","Policy","Sid","interpolate"],"sources":["CoreOpenSearch.ts"],"sourcesContent":["/**\n * Important documents to read:\n *\n * https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#network-limits\n */\nimport path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as random from \"@pulumi/random\";\nimport {\n createAppModule,\n type PulumiApp,\n type PulumiAppRemoteResource,\n type PulumiAppResource,\n type PulumiAppResourceConstructor\n} from \"@webiny/pulumi\";\n\nimport { getAwsAccountId } from \"../awsUtils.js\";\nimport { CoreVpc } from \"./CoreVpc.js\";\nimport { LAMBDA_RUNTIME } from \"~/pulumi/constants.js\";\n\nexport interface OpenSearchParams {\n protect: boolean;\n}\n\nfunction getDevClusterConfig(): aws.types.input.opensearch.DomainClusterConfig {\n return {\n instanceType: \"t3.small.search\"\n };\n}\n\nfunction getProdClusterConfig(): aws.types.input.opensearch.DomainClusterConfig {\n return {\n // For production deployments, we create 3 instances and configure multi-AZ across 3 zones.\n instanceType: \"t3.medium.search\",\n instanceCount: 3,\n zoneAwarenessEnabled: true,\n zoneAwarenessConfig: {\n availabilityZoneCount: 3\n }\n };\n}\n\nconst OS_ENGINE_VERSION = \"OpenSearch_3.3\";\n\nexport const OpenSearch = createAppModule({\n name: \"OpenSearch\",\n config(app, params: OpenSearchParams) {\n const isProduction = app.env.isProduction;\n\n const vpc = app.getModule(CoreVpc, { optional: true });\n\n // This needs to be implemented in order to be able to use a shared OpenSearch cluster.\n let domain:\n | PulumiAppResource<PulumiAppResourceConstructor<aws.opensearch.Domain>>\n | PulumiAppRemoteResource<aws.opensearch.GetDomainResult>;\n\n let domainPolicy;\n\n if (process.env.AWS_OS_DOMAIN_NAME) {\n const domainName = String(process.env.AWS_OS_DOMAIN_NAME);\n // This can be useful for testing purposes in ephemeral environments. More information here:\n // https://www.webiny.com/docs/key-topics/ci-cd/testing/slow-ephemeral-environments\n domain = app.addRemoteResource(domainName, () => {\n return aws.opensearch.getDomain({ domainName }, { async: true });\n });\n } else {\n const randomId = new random.RandomId(\"osDomainRandomId\", { byteLength: 8 });\n const namePrefix = app.getParam(app.params.create.pulumiResourceNamePrefix) || \"\";\n\n const domainLogicalName = \"webiny-js\";\n const domainPhysicalName = randomId.hex.apply((hex: string) => {\n return `${namePrefix}${domainLogicalName}-${hex.slice(-7)}`;\n });\n\n domain = app.addResource(aws.opensearch.Domain, {\n name: domainLogicalName,\n config: {\n domainName: domainPhysicalName,\n engineVersion: OS_ENGINE_VERSION,\n clusterConfig: isProduction ? getProdClusterConfig() : getDevClusterConfig(),\n vpcOptions: vpc\n ? {\n subnetIds: vpc.subnets.private.map(s => s.output.id),\n securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n }\n : undefined,\n ebsOptions: {\n ebsEnabled: true,\n volumeSize: 10,\n volumeType: \"gp2\"\n },\n advancedOptions: {\n \"rest.action.multi.allow_explicit_index\": \"true\"\n },\n snapshotOptions: {\n automatedSnapshotStartHour: 23\n }\n },\n opts: { protect: params.protect }\n });\n\n /**\n * Domain policy defines who can access your OpenSearch Domain.\n * For details on OpenSearch security, read the official documentation:\n * https://docs.aws.amazon.com/openSearch-service/latest/developerguide/security.html\n */\n const accountId = getAwsAccountId(app);\n\n domainPolicy = app.addResource(aws.opensearch.DomainPolicy, {\n name: `${domainLogicalName}-policy`,\n config: {\n domainName: domain.output.domainName,\n accessPolicies: pulumi\n .all([accountId, domain.output.arn])\n .apply(([accountId, domainArn]) => {\n return JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [\n /**\n * Allow requests signed with current account\n */\n {\n Effect: \"Allow\",\n Principal: {\n AWS: accountId\n },\n Action: \"es:*\",\n Resource: `${domainArn}/*`\n }\n ]\n });\n })\n },\n opts: { protect: params.protect }\n });\n }\n\n /**\n * Create a table for OpenSearch records. All ES records are stored in this table to dramatically improve\n * performance and stability on write operations (especially massive data imports). This table also serves as a backup and\n * a single source of truth for your OpenSearch domain. Streaming is enabled on this table, and it will\n * allow asynchronous synchronization of data with OpenSearch domain.\n */\n const table = app.addResource(aws.dynamodb.Table, {\n name: \"webiny-es\",\n config: {\n attributes: [\n { name: \"PK\", type: \"S\" },\n { name: \"SK\", type: \"S\" },\n { name: \"GSI_TENANT\", type: \"S\" }\n ],\n streamEnabled: true,\n streamViewType: \"NEW_AND_OLD_IMAGES\",\n billingMode: \"PAY_PER_REQUEST\",\n hashKey: \"PK\",\n rangeKey: \"SK\",\n globalSecondaryIndexes: [\n {\n name: \"GSI_TENANT\",\n keySchemas: [\n {\n attributeName: \"GSI_TENANT\",\n keyType: \"HASH\"\n }\n ],\n projectionType: \"KEYS_ONLY\"\n }\n ],\n ttl: {\n attributeName: \"expiresAt\",\n enabled: true\n }\n },\n opts: { protect: params.protect }\n });\n\n const roleName = \"dynamo-to-elastic-lambda-role\";\n\n const role = app.addResource(aws.iam.Role, {\n name: roleName,\n config: {\n assumeRolePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Action: \"sts:AssumeRole\",\n Principal: {\n Service: \"lambda.amazonaws.com\"\n },\n Effect: \"Allow\"\n }\n ]\n }\n },\n meta: { isLambdaFunctionRole: true }\n });\n\n const policy = getDynamoDbToElasticLambdaPolicy(app, domain.output);\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-DynamoDbToElasticLambdaPolicy`,\n config: {\n role: role.output,\n policyArn: policy.output.arn\n }\n });\n\n // Only use `AWSLambdaVPCAccessExecutionRole` policy if VPC feature is enabled.\n if (vpc) {\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaVPCAccessExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n }\n });\n } else {\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaBasicExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n }\n });\n }\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaDynamoDBExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaDynamoDBExecutionRole\n }\n });\n\n /**\n * This Lambda will process the stream events from DynamoDB table that contains OpenSearch items.\n * OpenSearch can't take large amount of individual writes in a short period of time, so this way\n * we store data for OpenSearch in a DynamoDB table, and asynchronously insert it into OpenSearch\n * using batching.\n */\n const lambda = app.addResource(aws.lambda.Function, {\n name: \"dynamo-to-elastic\",\n config: {\n role: role.output.arn,\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n timeout: 900,\n memorySize: 1024,\n environment: {\n variables: {\n DEBUG: String(process.env.DEBUG),\n OPENSEARCH_ENDPOINT: domain.output.endpoint\n }\n },\n description: \"Process DynamoDB Stream.\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"dynamoToElastic/build\")\n )\n }),\n vpcConfig: vpc\n ? {\n subnetIds: vpc.subnets.private.map(s => s.output.id),\n securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n }\n : undefined,\n loggingConfig: {\n logFormat: \"JSON\"\n }\n }\n });\n\n const eventSourceMapping = app.addResource(aws.lambda.EventSourceMapping, {\n name: \"dynamo-to-elastic\",\n config: {\n eventSourceArn: table.output.streamArn,\n functionName: lambda.output.arn,\n startingPosition: \"LATEST\",\n maximumRetryAttempts: 3,\n batchSize: 50,\n maximumBatchingWindowInSeconds: 1\n }\n });\n\n app.addOutputs({\n opensearchDomainArn: domain.output.arn,\n opensearchDomainEndpoint: domain.output.endpoint,\n opensearchDynamodbTableArn: table.output.arn,\n opensearchDynamodbTableName: table.output.name\n });\n\n return {\n domain,\n domainPolicy,\n table,\n dynamoToElastic: {\n role,\n policy,\n lambda,\n eventSourceMapping\n }\n };\n }\n});\n\nfunction getDynamoDbToElasticLambdaPolicy(\n app: PulumiApp,\n domain: pulumi.Output<aws.opensearch.Domain | aws.opensearch.GetDomainResult>\n) {\n return app.addResource(aws.iam.Policy, {\n name: \"DynamoDbToElasticLambdaPolicy-updated\",\n config: {\n description: \"This policy enables access to ES and Dynamodb streams\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionForES\",\n Effect: \"Allow\",\n Action: [\n \"es:ESHttpGet\",\n \"es:ESHttpDelete\",\n \"es:ESHttpPatch\",\n \"es:ESHttpPost\",\n \"es:ESHttpPut\",\n \"dynamodb:BatchGetItem\",\n \"dynamodb:BatchWriteItem\",\n \"dynamodb:PutItem\",\n \"dynamodb:GetItem\",\n \"dynamodb:DeleteItem\",\n \"dynamodb:Query\",\n \"dynamodb:UpdateItem\"\n ],\n Resource: [\n pulumi.interpolate`${domain.arn}`,\n pulumi.interpolate`${domain.arn}/*`\n ]\n }\n ]\n }\n }\n });\n}\n"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA,OAAOA,IAAI,MAAM,MAAM;AACvB,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,OAAO,KAAKC,GAAG,MAAM,aAAa;AAClC,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,SACIC,eAAe,QAKZ,gBAAgB;AAEvB,SAASC,eAAe;AACxB,SAASC,OAAO;AAChB,SAASC,cAAc;AAMvB,SAASC,mBAAmBA,CAAA,EAAmD;EAC3E,OAAO;IACHC,YAAY,EAAE;EAClB,CAAC;AACL;AAEA,SAASC,oBAAoBA,CAAA,EAAmD;EAC5E,OAAO;IACH;IACAD,YAAY,EAAE,kBAAkB;IAChCE,aAAa,EAAE,CAAC;IAChBC,oBAAoB,EAAE,IAAI;IAC1BC,mBAAmB,EAAE;MACjBC,qBAAqB,EAAE;IAC3B;EACJ,CAAC;AACL;AAEA,MAAMC,iBAAiB,GAAG,gBAAgB;AAE1C,OAAO,MAAMC,UAAU,GAAGZ,eAAe,CAAC;EACtCa,IAAI,EAAE,YAAY;EAClBC,MAAMA,CAACC,GAAG,EAAEC,MAAwB,EAAE;IAClC,MAAMC,YAAY,GAAGF,GAAG,CAACG,GAAG,CAACD,YAAY;IAEzC,MAAME,GAAG,GAAGJ,GAAG,CAACK,SAAS,CAAClB,OAAO,EAAE;MAAEmB,QAAQ,EAAE;IAAK,CAAC,CAAC;;IAEtD;IACA,IAAIC,MAEyD;IAE7D,IAAIC,YAAY;IAEhB,IAAIC,OAAO,CAACN,GAAG,CAACO,kBAAkB,EAAE;MAChC,MAAMC,UAAU,GAAGC,MAAM,CAACH,OAAO,CAACN,GAAG,CAACO,kBAAkB,CAAC;MACzD;MACA;MACAH,MAAM,GAAGP,GAAG,CAACa,iBAAiB,CAACF,UAAU,EAAE,MAAM;QAC7C,OAAO5B,GAAG,CAAC+B,UAAU,CAACC,SAAS,CAAC;UAAEJ;QAAW,CAAC,EAAE;UAAEK,KAAK,EAAE;QAAK,CAAC,CAAC;MACpE,CAAC,CAAC;IACN,CAAC,MAAM;MACH,MAAMC,QAAQ,GAAG,IAAIjC,MAAM,CAACkC,QAAQ,CAAC,kBAAkB,EAAE;QAAEC,UAAU,EAAE;MAAE,CAAC,CAAC;MAC3E,MAAMC,UAAU,GAAGpB,GAAG,CAACqB,QAAQ,CAACrB,GAAG,CAACC,MAAM,CAACqB,MAAM,CAACC,wBAAwB,CAAC,IAAI,EAAE;MAEjF,MAAMC,iBAAiB,GAAG,WAAW;MACrC,MAAMC,kBAAkB,GAAGR,QAAQ,CAACS,GAAG,CAACC,KAAK,CAAED,GAAW,IAAK;QAC3D,OAAO,GAAGN,UAAU,GAAGI,iBAAiB,IAAIE,GAAG,CAACE,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE;MAC/D,CAAC,CAAC;MAEFrB,MAAM,GAAGP,GAAG,CAAC6B,WAAW,CAAC9C,GAAG,CAAC+B,UAAU,CAACgB,MAAM,EAAE;QAC5ChC,IAAI,EAAE0B,iBAAiB;QACvBzB,MAAM,EAAE;UACJY,UAAU,EAAEc,kBAAkB;UAC9BM,aAAa,EAAEnC,iBAAiB;UAChCoC,aAAa,EAAE9B,YAAY,GAAGX,oBAAoB,CAAC,CAAC,GAAGF,mBAAmB,CAAC,CAAC;UAC5E4C,UAAU,EAAE7B,GAAG,GACT;YACI8B,SAAS,EAAE9B,GAAG,CAAC+B,OAAO,CAACC,OAAO,CAACC,GAAG,CAACC,CAAC,IAAIA,CAAC,CAACC,MAAM,CAACC,EAAE,CAAC;YACpDC,gBAAgB,EAAE,CAACrC,GAAG,CAACA,GAAG,CAACmC,MAAM,CAACG,sBAAsB;UAC5D,CAAC,GACDC,SAAS;UACfC,UAAU,EAAE;YACRC,UAAU,EAAE,IAAI;YAChBC,UAAU,EAAE,EAAE;YACdC,UAAU,EAAE;UAChB,CAAC;UACDC,eAAe,EAAE;YACb,wCAAwC,EAAE;UAC9C,CAAC;UACDC,eAAe,EAAE;YACbC,0BAA0B,EAAE;UAChC;QACJ,CAAC;QACDC,IAAI,EAAE;UAAEC,OAAO,EAAEnD,MAAM,CAACmD;QAAQ;MACpC,CAAC,CAAC;;MAEF;AACZ;AACA;AACA;AACA;MACY,MAAMC,SAAS,GAAGnE,eAAe,CAACc,GAAG,CAAC;MAEtCQ,YAAY,GAAGR,GAAG,CAAC6B,WAAW,CAAC9C,GAAG,CAAC+B,UAAU,CAACwC,YAAY,EAAE;QACxDxD,IAAI,EAAE,GAAG0B,iBAAiB,SAAS;QACnCzB,MAAM,EAAE;UACJY,UAAU,EAAEJ,MAAM,CAACgC,MAAM,CAAC5B,UAAU;UACpC4C,cAAc,EAAEzE,MAAM,CACjB0E,GAAG,CAAC,CAACH,SAAS,EAAE9C,MAAM,CAACgC,MAAM,CAACkB,GAAG,CAAC,CAAC,CACnC9B,KAAK,CAAC,CAAC,CAAC0B,SAAS,EAAEK,SAAS,CAAC,KAAK;YAC/B,OAAOC,IAAI,CAACC,SAAS,CAAC;cAClBC,OAAO,EAAE,YAAY;cACrBC,SAAS,EAAE;cACP;AACpC;AACA;cACoC;gBACIC,MAAM,EAAE,OAAO;gBACfC,SAAS,EAAE;kBACPC,GAAG,EAAEZ;gBACT,CAAC;gBACDa,MAAM,EAAE,MAAM;gBACdC,QAAQ,EAAE,GAAGT,SAAS;cAC1B,CAAC;YAET,CAAC,CAAC;UACN,CAAC;QACT,CAAC;QACDP,IAAI,EAAE;UAAEC,OAAO,EAAEnD,MAAM,CAACmD;QAAQ;MACpC,CAAC,CAAC;IACN;;IAEA;AACR;AACA;AACA;AACA;AACA;IACQ,MAAMgB,KAAK,GAAGpE,GAAG,CAAC6B,WAAW,CAAC9C,GAAG,CAACsF,QAAQ,CAACC,KAAK,EAAE;MAC9CxE,IAAI,EAAE,WAAW;MACjBC,MAAM,EAAE;QACJwE,UAAU,EAAE,CACR;UAAEzE,IAAI,EAAE,IAAI;UAAE0E,IAAI,EAAE;QAAI,CAAC,EACzB;UAAE1E,IAAI,EAAE,IAAI;UAAE0E,IAAI,EAAE;QAAI,CAAC,EACzB;UAAE1E,IAAI,EAAE,YAAY;UAAE0E,IAAI,EAAE;QAAI,CAAC,CACpC;QACDC,aAAa,EAAE,IAAI;QACnBC,cAAc,EAAE,oBAAoB;QACpCC,WAAW,EAAE,iBAAiB;QAC9BC,OAAO,EAAE,IAAI;QACbC,QAAQ,EAAE,IAAI;QACdC,sBAAsB,EAAE,CACpB;UACIhF,IAAI,EAAE,YAAY;UAClBiF,UAAU,EAAE,CACR;YACIC,aAAa,EAAE,YAAY;YAC3BC,OAAO,EAAE;UACb,CAAC,CACJ;UACDC,cAAc,EAAE;QACpB,CAAC,CACJ;QACDC,GAAG,EAAE;UACDH,aAAa,EAAE,WAAW;UAC1BI,OAAO,EAAE;QACb;MACJ,CAAC;MACDjC,IAAI,EAAE;QAAEC,OAAO,EAAEnD,MAAM,CAACmD;MAAQ;IACpC,CAAC,CAAC;IAEF,MAAMiC,QAAQ,GAAG,+BAA+B;IAEhD,MAAMC,IAAI,GAAGtF,GAAG,CAAC6B,WAAW,CAAC9C,GAAG,CAACwG,GAAG,CAACC,IAAI,EAAE;MACvC1F,IAAI,EAAEuF,QAAQ;MACdtF,MAAM,EAAE;QACJ0F,gBAAgB,EAAE;UACd5B,OAAO,EAAE,YAAY;UACrBC,SAAS,EAAE,CACP;YACII,MAAM,EAAE,gBAAgB;YACxBF,SAAS,EAAE;cACP0B,OAAO,EAAE;YACb,CAAC;YACD3B,MAAM,EAAE;UACZ,CAAC;QAET;MACJ,CAAC;MACD4B,IAAI,EAAE;QAAEC,oBAAoB,EAAE;MAAK;IACvC,CAAC,CAAC;IAEF,MAAMC,MAAM,GAAGC,gCAAgC,CAAC9F,GAAG,EAAEO,MAAM,CAACgC,MAAM,CAAC;IAEnEvC,GAAG,CAAC6B,WAAW,CAAC9C,GAAG,CAACwG,GAAG,CAACQ,oBAAoB,EAAE;MAC1CjG,IAAI,EAAE,GAAGuF,QAAQ,gCAAgC;MACjDtF,MAAM,EAAE;QACJuF,IAAI,EAAEA,IAAI,CAAC/C,MAAM;QACjByD,SAAS,EAAEH,MAAM,CAACtD,MAAM,CAACkB;MAC7B;IACJ,CAAC,CAAC;;IAEF;IACA,IAAIrD,GAAG,EAAE;MACLJ,GAAG,CAAC6B,WAAW,CAAC9C,GAAG,CAACwG,GAAG,CAACQ,oBAAoB,EAAE;QAC1CjG,IAAI,EAAE,GAAGuF,QAAQ,kCAAkC;QACnDtF,MAAM,EAAE;UACJuF,IAAI,EAAEA,IAAI,CAAC/C,MAAM;UACjByD,SAAS,EAAEjH,GAAG,CAACwG,GAAG,CAACU,aAAa,CAACC;QACrC;MACJ,CAAC,CAAC;IACN,CAAC,MAAM;MACHlG,GAAG,CAAC6B,WAAW,CAAC9C,GAAG,CAACwG,GAAG,CAACQ,oBAAoB,EAAE;QAC1CjG,IAAI,EAAE,GAAGuF,QAAQ,8BAA8B;QAC/CtF,MAAM,EAAE;UACJuF,IAAI,EAAEA,IAAI,CAAC/C,MAAM;UACjByD,SAAS,EAAEjH,GAAG,CAACwG,GAAG,CAACU,aAAa,CAACE;QACrC;MACJ,CAAC,CAAC;IACN;IAEAnG,GAAG,CAAC6B,WAAW,CAAC9C,GAAG,CAACwG,GAAG,CAACQ,oBAAoB,EAAE;MAC1CjG,IAAI,EAAE,GAAGuF,QAAQ,iCAAiC;MAClDtF,MAAM,EAAE;QACJuF,IAAI,EAAEA,IAAI,CAAC/C,MAAM;QACjByD,SAAS,EAAEjH,GAAG,CAACwG,GAAG,CAACU,aAAa,CAACG;MACrC;IACJ,CAAC,CAAC;;IAEF;AACR;AACA;AACA;AACA;AACA;IACQ,MAAMC,MAAM,GAAGrG,GAAG,CAAC6B,WAAW,CAAC9C,GAAG,CAACsH,MAAM,CAACC,QAAQ,EAAE;MAChDxG,IAAI,EAAE,mBAAmB;MACzBC,MAAM,EAAE;QACJuF,IAAI,EAAEA,IAAI,CAAC/C,MAAM,CAACkB,GAAG;QACrB8C,OAAO,EAAEnH,cAAc;QACvBoH,OAAO,EAAE,iBAAiB;QAC1BC,OAAO,EAAE,GAAG;QACZC,UAAU,EAAE,IAAI;QAChBC,WAAW,EAAE;UACTC,SAAS,EAAE;YACPC,KAAK,EAAEjG,MAAM,CAACH,OAAO,CAACN,GAAG,CAAC0G,KAAK,CAAC;YAChCC,mBAAmB,EAAEvG,MAAM,CAACgC,MAAM,CAACwE;UACvC;QACJ,CAAC;QACDC,WAAW,EAAE,0BAA0B;QACvCC,IAAI,EAAE,IAAInI,MAAM,CAACoI,KAAK,CAACC,YAAY,CAAC;UAChC,GAAG,EAAE,IAAIrI,MAAM,CAACoI,KAAK,CAACE,WAAW,CAC7BvI,IAAI,CAACwI,IAAI,CAACrH,GAAG,CAACsH,KAAK,CAACC,SAAS,EAAE,uBAAuB,CAC1D;QACJ,CAAC,CAAC;QACFC,SAAS,EAAEpH,GAAG,GACR;UACI8B,SAAS,EAAE9B,GAAG,CAAC+B,OAAO,CAACC,OAAO,CAACC,GAAG,CAACC,CAAC,IAAIA,CAAC,CAACC,MAAM,CAACC,EAAE,CAAC;UACpDC,gBAAgB,EAAE,CAACrC,GAAG,CAACA,GAAG,CAACmC,MAAM,CAACG,sBAAsB;QAC5D,CAAC,GACDC,SAAS;QACf8E,aAAa,EAAE;UACXC,SAAS,EAAE;QACf;MACJ;IACJ,CAAC,CAAC;IAEF,MAAMC,kBAAkB,GAAG3H,GAAG,CAAC6B,WAAW,CAAC9C,GAAG,CAACsH,MAAM,CAACuB,kBAAkB,EAAE;MACtE9H,IAAI,EAAE,mBAAmB;MACzBC,MAAM,EAAE;QACJ8H,cAAc,EAAEzD,KAAK,CAAC7B,MAAM,CAACuF,SAAS;QACtCC,YAAY,EAAE1B,MAAM,CAAC9D,MAAM,CAACkB,GAAG;QAC/BuE,gBAAgB,EAAE,QAAQ;QAC1BC,oBAAoB,EAAE,CAAC;QACvBC,SAAS,EAAE,EAAE;QACbC,8BAA8B,EAAE;MACpC;IACJ,CAAC,CAAC;IAEFnI,GAAG,CAACoI,UAAU,CAAC;MACXC,mBAAmB,EAAE9H,MAAM,CAACgC,MAAM,CAACkB,GAAG;MACtC6E,wBAAwB,EAAE/H,MAAM,CAACgC,MAAM,CAACwE,QAAQ;MAChDwB,0BAA0B,EAAEnE,KAAK,CAAC7B,MAAM,CAACkB,GAAG;MAC5C+E,2BAA2B,EAAEpE,KAAK,CAAC7B,MAAM,CAACzC;IAC9C,CAAC,CAAC;IAEF,OAAO;MACHS,MAAM;MACNC,YAAY;MACZ4D,KAAK;MACLqE,eAAe,EAAE;QACbnD,IAAI;QACJO,MAAM;QACNQ,MAAM;QACNsB;MACJ;IACJ,CAAC;EACL;AACJ,CAAC,CAAC;AAEF,SAAS7B,gCAAgCA,CACrC9F,GAAc,EACdO,MAA6E,EAC/E;EACE,OAAOP,GAAG,CAAC6B,WAAW,CAAC9C,GAAG,CAACwG,GAAG,CAACmD,MAAM,EAAE;IACnC5I,IAAI,EAAE,uCAAuC;IAC7CC,MAAM,EAAE;MACJiH,WAAW,EAAE,uDAAuD;MACpEnB,MAAM,EAAE;QACJhC,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACI6E,GAAG,EAAE,iBAAiB;UACtB5E,MAAM,EAAE,OAAO;UACfG,MAAM,EAAE,CACJ,cAAc,EACd,iBAAiB,EACjB,gBAAgB,EAChB,eAAe,EACf,cAAc,EACd,uBAAuB,EACvB,yBAAyB,EACzB,kBAAkB,EAClB,kBAAkB,EAClB,qBAAqB,EACrB,gBAAgB,EAChB,qBAAqB,CACxB;UACDC,QAAQ,EAAE,CACNrF,MAAM,CAAC8J,WAAW,GAAGrI,MAAM,CAACkD,GAAG,EAAE,EACjC3E,MAAM,CAAC8J,WAAW,GAAGrI,MAAM,CAACkD,GAAG,IAAI;QAE3C,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;AACN","ignoreList":[]}
1
+ {"version":3,"names":["path","pulumi","aws","random","createAppModule","getAwsAccountId","CoreVpc","LAMBDA_RUNTIME","getDevClusterConfig","instanceType","getProdClusterConfig","instanceCount","zoneAwarenessEnabled","zoneAwarenessConfig","availabilityZoneCount","OS_ENGINE_VERSION","OpenSearch","name","config","app","params","isProduction","env","vpc","getModule","optional","domain","domainPolicy","domainEndpoint","domainArn","providedEndpoint","process","OPENSEARCH_ENDPOINT","providedDomainName","AWS_OS_DOMAIN_NAME","Error","addRemoteResource","opensearch","getDomain","domainName","async","output","arn","endpoint","randomId","RandomId","byteLength","namePrefix","getParam","create","pulumiResourceNamePrefix","domainLogicalName","domainPhysicalName","hex","apply","slice","addResource","Domain","engineVersion","clusterConfig","vpcOptions","subnetIds","subnets","private","map","s","id","securityGroupIds","defaultSecurityGroupId","undefined","ebsOptions","ebsEnabled","volumeSize","volumeType","advancedOptions","snapshotOptions","automatedSnapshotStartHour","opts","protect","accountId","DomainPolicy","accessPolicies","all","JSON","stringify","Version","Statement","Effect","Principal","AWS","Action","Resource","table","dynamodb","Table","attributes","type","streamEnabled","streamViewType","billingMode","hashKey","rangeKey","globalSecondaryIndexes","keySchemas","attributeName","keyType","projectionType","ttl","enabled","roleName","role","iam","Role","assumeRolePolicy","Service","meta","isLambdaFunctionRole","policy","getDynamoDbToElasticLambdaPolicy","RolePolicyAttachment","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","AWSLambdaBasicExecutionRole","AWSLambdaDynamoDBExecutionRole","lambda","Function","runtime","handler","timeout","memorySize","environment","variables","DEBUG","String","OPENSEARCH_USERNAME","OPENSEARCH_PASSWORD","description","code","asset","AssetArchive","FileArchive","join","paths","workspace","vpcConfig","loggingConfig","logFormat","eventSourceMapping","EventSourceMapping","eventSourceArn","streamArn","functionName","startingPosition","maximumRetryAttempts","batchSize","maximumBatchingWindowInSeconds","addOutputs","opensearchDomainArn","opensearchDomainEndpoint","opensearchDynamodbTableArn","opensearchDynamodbTableName","dynamoToElastic","Policy","Sid","interpolate"],"sources":["CoreOpenSearch.ts"],"sourcesContent":["/**\n * Important documents to read:\n *\n * https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#network-limits\n */\nimport path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as random from \"@pulumi/random\";\nimport {\n createAppModule,\n type PulumiApp,\n type PulumiAppRemoteResource,\n type PulumiAppResource,\n type PulumiAppResourceConstructor\n} from \"@webiny/pulumi\";\n\nimport { getAwsAccountId } from \"../awsUtils.js\";\nimport { CoreVpc } from \"./CoreVpc.js\";\nimport { LAMBDA_RUNTIME } from \"~/pulumi/constants.js\";\n\nexport interface OpenSearchParams {\n protect: boolean;\n}\n\nfunction getDevClusterConfig(): aws.types.input.opensearch.DomainClusterConfig {\n return {\n instanceType: \"t3.small.search\"\n };\n}\n\nfunction getProdClusterConfig(): aws.types.input.opensearch.DomainClusterConfig {\n return {\n // For production deployments, we create 3 instances and configure multi-AZ across 3 zones.\n instanceType: \"t3.medium.search\",\n instanceCount: 3,\n zoneAwarenessEnabled: true,\n zoneAwarenessConfig: {\n availabilityZoneCount: 3\n }\n };\n}\n\nconst OS_ENGINE_VERSION = \"OpenSearch_3.3\";\n\nexport const OpenSearch = createAppModule({\n name: \"OpenSearch\",\n config(app, params: OpenSearchParams) {\n const isProduction = app.env.isProduction;\n\n const vpc = app.getModule(CoreVpc, { optional: true });\n\n let domain:\n | PulumiAppResource<PulumiAppResourceConstructor<aws.opensearch.Domain>>\n | PulumiAppRemoteResource<aws.opensearch.GetDomainResult>\n | null = null;\n\n let domainPolicy;\n let domainEndpoint: pulumi.Output<string> | string;\n let domainArn: pulumi.Output<string>;\n\n const providedEndpoint = process.env.OPENSEARCH_ENDPOINT;\n const providedDomainName = process.env.AWS_OS_DOMAIN_NAME;\n\n if (providedEndpoint && !providedDomainName) {\n throw new Error(\n \"OPENSEARCH_ENDPOINT was provided but AWS_OS_DOMAIN_NAME is missing. \" +\n \"A domain name is required to look up the domain ARN when using a custom endpoint.\"\n );\n }\n\n if (providedDomainName) {\n // Look up the existing domain by name to obtain its ARN and (if no explicit endpoint is\n // provided) its endpoint. This covers both the ephemeral-environment pattern and the\n // case where an external endpoint is supplied alongside a domain name.\n // https://www.webiny.com/docs/key-topics/ci-cd/testing/slow-ephemeral-environments\n domain = app.addRemoteResource(providedDomainName, () => {\n return aws.opensearch.getDomain(\n { domainName: providedDomainName },\n { async: true }\n );\n });\n domainArn = domain.output.arn;\n // Prefer an explicitly provided endpoint; fall back to the one reported by AWS.\n domainEndpoint = providedEndpoint ?? domain.output.endpoint;\n } else {\n const randomId = new random.RandomId(\"osDomainRandomId\", { byteLength: 8 });\n const namePrefix = app.getParam(app.params.create.pulumiResourceNamePrefix) || \"\";\n\n const domainLogicalName = \"webiny-js\";\n const domainPhysicalName = randomId.hex.apply((hex: string) => {\n return `${namePrefix}${domainLogicalName}-${hex.slice(-7)}`;\n });\n\n domain = app.addResource(aws.opensearch.Domain, {\n name: domainLogicalName,\n config: {\n domainName: domainPhysicalName,\n engineVersion: OS_ENGINE_VERSION,\n clusterConfig: isProduction ? getProdClusterConfig() : getDevClusterConfig(),\n vpcOptions: vpc\n ? {\n subnetIds: vpc.subnets.private.map(s => s.output.id),\n securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n }\n : undefined,\n ebsOptions: {\n ebsEnabled: true,\n volumeSize: 10,\n volumeType: \"gp2\"\n },\n advancedOptions: {\n \"rest.action.multi.allow_explicit_index\": \"true\"\n },\n snapshotOptions: {\n automatedSnapshotStartHour: 23\n }\n },\n opts: { protect: params.protect }\n });\n\n domainEndpoint = domain.output.endpoint;\n domainArn = domain.output.arn;\n\n /**\n * Domain policy defines who can access your OpenSearch Domain.\n * For details on OpenSearch security, read the official documentation:\n * https://docs.aws.amazon.com/openSearch-service/latest/developerguide/security.html\n */\n const accountId = getAwsAccountId(app);\n\n domainPolicy = app.addResource(aws.opensearch.DomainPolicy, {\n name: `${domainLogicalName}-policy`,\n config: {\n domainName: domain.output.domainName,\n accessPolicies: pulumi\n .all([accountId, domainArn])\n .apply(([accountId, domainArn]) => {\n return JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [\n /**\n * Allow requests signed with current account\n */\n {\n Effect: \"Allow\",\n Principal: {\n AWS: accountId\n },\n Action: \"es:*\",\n Resource: `${domainArn}/*`\n }\n ]\n });\n })\n },\n opts: { protect: params.protect }\n });\n }\n\n /**\n * Create a table for OpenSearch records. All ES records are stored in this table to dramatically improve\n * performance and stability on write operations (especially massive data imports). This table also serves as a backup and\n * a single source of truth for your OpenSearch domain. Streaming is enabled on this table, and it will\n * allow asynchronous synchronization of data with OpenSearch domain.\n */\n const table = app.addResource(aws.dynamodb.Table, {\n name: \"webiny-es\",\n config: {\n attributes: [\n { name: \"PK\", type: \"S\" },\n { name: \"SK\", type: \"S\" },\n { name: \"GSI_TENANT\", type: \"S\" }\n ],\n streamEnabled: true,\n streamViewType: \"NEW_AND_OLD_IMAGES\",\n billingMode: \"PAY_PER_REQUEST\",\n hashKey: \"PK\",\n rangeKey: \"SK\",\n globalSecondaryIndexes: [\n {\n name: \"GSI_TENANT\",\n keySchemas: [\n {\n attributeName: \"GSI_TENANT\",\n keyType: \"HASH\"\n }\n ],\n projectionType: \"KEYS_ONLY\"\n }\n ],\n ttl: {\n attributeName: \"expiresAt\",\n enabled: true\n }\n },\n opts: { protect: params.protect }\n });\n\n const roleName = \"dynamo-to-elastic-lambda-role\";\n\n const role = app.addResource(aws.iam.Role, {\n name: roleName,\n config: {\n assumeRolePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Action: \"sts:AssumeRole\",\n Principal: {\n Service: \"lambda.amazonaws.com\"\n },\n Effect: \"Allow\"\n }\n ]\n }\n },\n meta: { isLambdaFunctionRole: true }\n });\n\n const policy = getDynamoDbToElasticLambdaPolicy(app, domainArn);\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-DynamoDbToElasticLambdaPolicy`,\n config: {\n role: role.output,\n policyArn: policy.output.arn\n }\n });\n\n // Only use `AWSLambdaVPCAccessExecutionRole` policy if VPC feature is enabled.\n if (vpc) {\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaVPCAccessExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n }\n });\n } else {\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaBasicExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n }\n });\n }\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaDynamoDBExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaDynamoDBExecutionRole\n }\n });\n\n /**\n * This Lambda will process the stream events from DynamoDB table that contains OpenSearch items.\n * OpenSearch can't take large amount of individual writes in a short period of time, so this way\n * we store data for OpenSearch in a DynamoDB table, and asynchronously insert it into OpenSearch\n * using batching.\n */\n const lambda = app.addResource(aws.lambda.Function, {\n name: \"dynamo-to-elastic\",\n config: {\n role: role.output.arn,\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n timeout: 900,\n memorySize: 1024,\n environment: {\n variables: {\n DEBUG: String(process.env.DEBUG),\n OPENSEARCH_ENDPOINT: domainEndpoint,\n OPENSEARCH_USERNAME: process.env.OPENSEARCH_USERNAME ?? \"\",\n OPENSEARCH_PASSWORD: process.env.OPENSEARCH_PASSWORD ?? \"\"\n }\n },\n description: \"Process DynamoDB Stream.\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"dynamoToElastic/build\")\n )\n }),\n vpcConfig: vpc\n ? {\n subnetIds: vpc.subnets.private.map(s => s.output.id),\n securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n }\n : undefined,\n loggingConfig: {\n logFormat: \"JSON\"\n }\n }\n });\n\n const eventSourceMapping = app.addResource(aws.lambda.EventSourceMapping, {\n name: \"dynamo-to-elastic\",\n config: {\n eventSourceArn: table.output.streamArn,\n functionName: lambda.output.arn,\n startingPosition: \"LATEST\",\n maximumRetryAttempts: 3,\n batchSize: 50,\n maximumBatchingWindowInSeconds: 1\n }\n });\n\n app.addOutputs({\n opensearchDomainArn: domainArn,\n opensearchDomainEndpoint: domainEndpoint,\n opensearchDynamodbTableArn: table.output.arn,\n opensearchDynamodbTableName: table.output.name\n });\n\n return {\n domain,\n domainPolicy,\n table,\n dynamoToElastic: {\n role,\n policy,\n lambda,\n eventSourceMapping\n }\n };\n }\n});\n\nfunction getDynamoDbToElasticLambdaPolicy(app: PulumiApp, domainArn: pulumi.Output<string>) {\n return app.addResource(aws.iam.Policy, {\n name: \"DynamoDbToElasticLambdaPolicy-updated\",\n config: {\n description: \"This policy enables access to ES and Dynamodb streams\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionForES\",\n Effect: \"Allow\",\n Action: [\n \"es:ESHttpGet\",\n \"es:ESHttpDelete\",\n \"es:ESHttpPatch\",\n \"es:ESHttpPost\",\n \"es:ESHttpPut\",\n \"dynamodb:BatchGetItem\",\n \"dynamodb:BatchWriteItem\",\n \"dynamodb:PutItem\",\n \"dynamodb:GetItem\",\n \"dynamodb:DeleteItem\",\n \"dynamodb:Query\",\n \"dynamodb:UpdateItem\"\n ],\n Resource: [\n pulumi.interpolate`${domainArn}`,\n pulumi.interpolate`${domainArn}/*`\n ]\n }\n ]\n }\n }\n });\n}\n"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA,OAAOA,IAAI,MAAM,MAAM;AACvB,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,OAAO,KAAKC,GAAG,MAAM,aAAa;AAClC,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,SACIC,eAAe,QAKZ,gBAAgB;AAEvB,SAASC,eAAe;AACxB,SAASC,OAAO;AAChB,SAASC,cAAc;AAMvB,SAASC,mBAAmBA,CAAA,EAAmD;EAC3E,OAAO;IACHC,YAAY,EAAE;EAClB,CAAC;AACL;AAEA,SAASC,oBAAoBA,CAAA,EAAmD;EAC5E,OAAO;IACH;IACAD,YAAY,EAAE,kBAAkB;IAChCE,aAAa,EAAE,CAAC;IAChBC,oBAAoB,EAAE,IAAI;IAC1BC,mBAAmB,EAAE;MACjBC,qBAAqB,EAAE;IAC3B;EACJ,CAAC;AACL;AAEA,MAAMC,iBAAiB,GAAG,gBAAgB;AAE1C,OAAO,MAAMC,UAAU,GAAGZ,eAAe,CAAC;EACtCa,IAAI,EAAE,YAAY;EAClBC,MAAMA,CAACC,GAAG,EAAEC,MAAwB,EAAE;IAClC,MAAMC,YAAY,GAAGF,GAAG,CAACG,GAAG,CAACD,YAAY;IAEzC,MAAME,GAAG,GAAGJ,GAAG,CAACK,SAAS,CAAClB,OAAO,EAAE;MAAEmB,QAAQ,EAAE;IAAK,CAAC,CAAC;IAEtD,IAAIC,MAGM,GAAG,IAAI;IAEjB,IAAIC,YAAY;IAChB,IAAIC,cAA8C;IAClD,IAAIC,SAAgC;IAEpC,MAAMC,gBAAgB,GAAGC,OAAO,CAACT,GAAG,CAACU,mBAAmB;IACxD,MAAMC,kBAAkB,GAAGF,OAAO,CAACT,GAAG,CAACY,kBAAkB;IAEzD,IAAIJ,gBAAgB,IAAI,CAACG,kBAAkB,EAAE;MACzC,MAAM,IAAIE,KAAK,CACX,sEAAsE,GAClE,mFACR,CAAC;IACL;IAEA,IAAIF,kBAAkB,EAAE;MACpB;MACA;MACA;MACA;MACAP,MAAM,GAAGP,GAAG,CAACiB,iBAAiB,CAACH,kBAAkB,EAAE,MAAM;QACrD,OAAO/B,GAAG,CAACmC,UAAU,CAACC,SAAS,CAC3B;UAAEC,UAAU,EAAEN;QAAmB,CAAC,EAClC;UAAEO,KAAK,EAAE;QAAK,CAClB,CAAC;MACL,CAAC,CAAC;MACFX,SAAS,GAAGH,MAAM,CAACe,MAAM,CAACC,GAAG;MAC7B;MACAd,cAAc,GAAGE,gBAAgB,IAAIJ,MAAM,CAACe,MAAM,CAACE,QAAQ;IAC/D,CAAC,MAAM;MACH,MAAMC,QAAQ,GAAG,IAAIzC,MAAM,CAAC0C,QAAQ,CAAC,kBAAkB,EAAE;QAAEC,UAAU,EAAE;MAAE,CAAC,CAAC;MAC3E,MAAMC,UAAU,GAAG5B,GAAG,CAAC6B,QAAQ,CAAC7B,GAAG,CAACC,MAAM,CAAC6B,MAAM,CAACC,wBAAwB,CAAC,IAAI,EAAE;MAEjF,MAAMC,iBAAiB,GAAG,WAAW;MACrC,MAAMC,kBAAkB,GAAGR,QAAQ,CAACS,GAAG,CAACC,KAAK,CAAED,GAAW,IAAK;QAC3D,OAAO,GAAGN,UAAU,GAAGI,iBAAiB,IAAIE,GAAG,CAACE,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE;MAC/D,CAAC,CAAC;MAEF7B,MAAM,GAAGP,GAAG,CAACqC,WAAW,CAACtD,GAAG,CAACmC,UAAU,CAACoB,MAAM,EAAE;QAC5CxC,IAAI,EAAEkC,iBAAiB;QACvBjC,MAAM,EAAE;UACJqB,UAAU,EAAEa,kBAAkB;UAC9BM,aAAa,EAAE3C,iBAAiB;UAChC4C,aAAa,EAAEtC,YAAY,GAAGX,oBAAoB,CAAC,CAAC,GAAGF,mBAAmB,CAAC,CAAC;UAC5EoD,UAAU,EAAErC,GAAG,GACT;YACIsC,SAAS,EAAEtC,GAAG,CAACuC,OAAO,CAACC,OAAO,CAACC,GAAG,CAACC,CAAC,IAAIA,CAAC,CAACxB,MAAM,CAACyB,EAAE,CAAC;YACpDC,gBAAgB,EAAE,CAAC5C,GAAG,CAACA,GAAG,CAACkB,MAAM,CAAC2B,sBAAsB;UAC5D,CAAC,GACDC,SAAS;UACfC,UAAU,EAAE;YACRC,UAAU,EAAE,IAAI;YAChBC,UAAU,EAAE,EAAE;YACdC,UAAU,EAAE;UAChB,CAAC;UACDC,eAAe,EAAE;YACb,wCAAwC,EAAE;UAC9C,CAAC;UACDC,eAAe,EAAE;YACbC,0BAA0B,EAAE;UAChC;QACJ,CAAC;QACDC,IAAI,EAAE;UAAEC,OAAO,EAAE1D,MAAM,CAAC0D;QAAQ;MACpC,CAAC,CAAC;MAEFlD,cAAc,GAAGF,MAAM,CAACe,MAAM,CAACE,QAAQ;MACvCd,SAAS,GAAGH,MAAM,CAACe,MAAM,CAACC,GAAG;;MAE7B;AACZ;AACA;AACA;AACA;MACY,MAAMqC,SAAS,GAAG1E,eAAe,CAACc,GAAG,CAAC;MAEtCQ,YAAY,GAAGR,GAAG,CAACqC,WAAW,CAACtD,GAAG,CAACmC,UAAU,CAAC2C,YAAY,EAAE;QACxD/D,IAAI,EAAE,GAAGkC,iBAAiB,SAAS;QACnCjC,MAAM,EAAE;UACJqB,UAAU,EAAEb,MAAM,CAACe,MAAM,CAACF,UAAU;UACpC0C,cAAc,EAAEhF,MAAM,CACjBiF,GAAG,CAAC,CAACH,SAAS,EAAElD,SAAS,CAAC,CAAC,CAC3ByB,KAAK,CAAC,CAAC,CAACyB,SAAS,EAAElD,SAAS,CAAC,KAAK;YAC/B,OAAOsD,IAAI,CAACC,SAAS,CAAC;cAClBC,OAAO,EAAE,YAAY;cACrBC,SAAS,EAAE;cACP;AACpC;AACA;cACoC;gBACIC,MAAM,EAAE,OAAO;gBACfC,SAAS,EAAE;kBACPC,GAAG,EAAEV;gBACT,CAAC;gBACDW,MAAM,EAAE,MAAM;gBACdC,QAAQ,EAAE,GAAG9D,SAAS;cAC1B,CAAC;YAET,CAAC,CAAC;UACN,CAAC;QACT,CAAC;QACDgD,IAAI,EAAE;UAAEC,OAAO,EAAE1D,MAAM,CAAC0D;QAAQ;MACpC,CAAC,CAAC;IACN;;IAEA;AACR;AACA;AACA;AACA;AACA;IACQ,MAAMc,KAAK,GAAGzE,GAAG,CAACqC,WAAW,CAACtD,GAAG,CAAC2F,QAAQ,CAACC,KAAK,EAAE;MAC9C7E,IAAI,EAAE,WAAW;MACjBC,MAAM,EAAE;QACJ6E,UAAU,EAAE,CACR;UAAE9E,IAAI,EAAE,IAAI;UAAE+E,IAAI,EAAE;QAAI,CAAC,EACzB;UAAE/E,IAAI,EAAE,IAAI;UAAE+E,IAAI,EAAE;QAAI,CAAC,EACzB;UAAE/E,IAAI,EAAE,YAAY;UAAE+E,IAAI,EAAE;QAAI,CAAC,CACpC;QACDC,aAAa,EAAE,IAAI;QACnBC,cAAc,EAAE,oBAAoB;QACpCC,WAAW,EAAE,iBAAiB;QAC9BC,OAAO,EAAE,IAAI;QACbC,QAAQ,EAAE,IAAI;QACdC,sBAAsB,EAAE,CACpB;UACIrF,IAAI,EAAE,YAAY;UAClBsF,UAAU,EAAE,CACR;YACIC,aAAa,EAAE,YAAY;YAC3BC,OAAO,EAAE;UACb,CAAC,CACJ;UACDC,cAAc,EAAE;QACpB,CAAC,CACJ;QACDC,GAAG,EAAE;UACDH,aAAa,EAAE,WAAW;UAC1BI,OAAO,EAAE;QACb;MACJ,CAAC;MACD/B,IAAI,EAAE;QAAEC,OAAO,EAAE1D,MAAM,CAAC0D;MAAQ;IACpC,CAAC,CAAC;IAEF,MAAM+B,QAAQ,GAAG,+BAA+B;IAEhD,MAAMC,IAAI,GAAG3F,GAAG,CAACqC,WAAW,CAACtD,GAAG,CAAC6G,GAAG,CAACC,IAAI,EAAE;MACvC/F,IAAI,EAAE4F,QAAQ;MACd3F,MAAM,EAAE;QACJ+F,gBAAgB,EAAE;UACd5B,OAAO,EAAE,YAAY;UACrBC,SAAS,EAAE,CACP;YACII,MAAM,EAAE,gBAAgB;YACxBF,SAAS,EAAE;cACP0B,OAAO,EAAE;YACb,CAAC;YACD3B,MAAM,EAAE;UACZ,CAAC;QAET;MACJ,CAAC;MACD4B,IAAI,EAAE;QAAEC,oBAAoB,EAAE;MAAK;IACvC,CAAC,CAAC;IAEF,MAAMC,MAAM,GAAGC,gCAAgC,CAACnG,GAAG,EAAEU,SAAS,CAAC;IAE/DV,GAAG,CAACqC,WAAW,CAACtD,GAAG,CAAC6G,GAAG,CAACQ,oBAAoB,EAAE;MAC1CtG,IAAI,EAAE,GAAG4F,QAAQ,gCAAgC;MACjD3F,MAAM,EAAE;QACJ4F,IAAI,EAAEA,IAAI,CAACrE,MAAM;QACjB+E,SAAS,EAAEH,MAAM,CAAC5E,MAAM,CAACC;MAC7B;IACJ,CAAC,CAAC;;IAEF;IACA,IAAInB,GAAG,EAAE;MACLJ,GAAG,CAACqC,WAAW,CAACtD,GAAG,CAAC6G,GAAG,CAACQ,oBAAoB,EAAE;QAC1CtG,IAAI,EAAE,GAAG4F,QAAQ,kCAAkC;QACnD3F,MAAM,EAAE;UACJ4F,IAAI,EAAEA,IAAI,CAACrE,MAAM;UACjB+E,SAAS,EAAEtH,GAAG,CAAC6G,GAAG,CAACU,aAAa,CAACC;QACrC;MACJ,CAAC,CAAC;IACN,CAAC,MAAM;MACHvG,GAAG,CAACqC,WAAW,CAACtD,GAAG,CAAC6G,GAAG,CAACQ,oBAAoB,EAAE;QAC1CtG,IAAI,EAAE,GAAG4F,QAAQ,8BAA8B;QAC/C3F,MAAM,EAAE;UACJ4F,IAAI,EAAEA,IAAI,CAACrE,MAAM;UACjB+E,SAAS,EAAEtH,GAAG,CAAC6G,GAAG,CAACU,aAAa,CAACE;QACrC;MACJ,CAAC,CAAC;IACN;IAEAxG,GAAG,CAACqC,WAAW,CAACtD,GAAG,CAAC6G,GAAG,CAACQ,oBAAoB,EAAE;MAC1CtG,IAAI,EAAE,GAAG4F,QAAQ,iCAAiC;MAClD3F,MAAM,EAAE;QACJ4F,IAAI,EAAEA,IAAI,CAACrE,MAAM;QACjB+E,SAAS,EAAEtH,GAAG,CAAC6G,GAAG,CAACU,aAAa,CAACG;MACrC;IACJ,CAAC,CAAC;;IAEF;AACR;AACA;AACA;AACA;AACA;IACQ,MAAMC,MAAM,GAAG1G,GAAG,CAACqC,WAAW,CAACtD,GAAG,CAAC2H,MAAM,CAACC,QAAQ,EAAE;MAChD7G,IAAI,EAAE,mBAAmB;MACzBC,MAAM,EAAE;QACJ4F,IAAI,EAAEA,IAAI,CAACrE,MAAM,CAACC,GAAG;QACrBqF,OAAO,EAAExH,cAAc;QACvByH,OAAO,EAAE,iBAAiB;QAC1BC,OAAO,EAAE,GAAG;QACZC,UAAU,EAAE,IAAI;QAChBC,WAAW,EAAE;UACTC,SAAS,EAAE;YACPC,KAAK,EAAEC,MAAM,CAACvG,OAAO,CAACT,GAAG,CAAC+G,KAAK,CAAC;YAChCrG,mBAAmB,EAAEJ,cAAc;YACnC2G,mBAAmB,EAAExG,OAAO,CAACT,GAAG,CAACiH,mBAAmB,IAAI,EAAE;YAC1DC,mBAAmB,EAAEzG,OAAO,CAACT,GAAG,CAACkH,mBAAmB,IAAI;UAC5D;QACJ,CAAC;QACDC,WAAW,EAAE,0BAA0B;QACvCC,IAAI,EAAE,IAAIzI,MAAM,CAAC0I,KAAK,CAACC,YAAY,CAAC;UAChC,GAAG,EAAE,IAAI3I,MAAM,CAAC0I,KAAK,CAACE,WAAW,CAC7B7I,IAAI,CAAC8I,IAAI,CAAC3H,GAAG,CAAC4H,KAAK,CAACC,SAAS,EAAE,uBAAuB,CAC1D;QACJ,CAAC,CAAC;QACFC,SAAS,EAAE1H,GAAG,GACR;UACIsC,SAAS,EAAEtC,GAAG,CAACuC,OAAO,CAACC,OAAO,CAACC,GAAG,CAACC,CAAC,IAAIA,CAAC,CAACxB,MAAM,CAACyB,EAAE,CAAC;UACpDC,gBAAgB,EAAE,CAAC5C,GAAG,CAACA,GAAG,CAACkB,MAAM,CAAC2B,sBAAsB;QAC5D,CAAC,GACDC,SAAS;QACf6E,aAAa,EAAE;UACXC,SAAS,EAAE;QACf;MACJ;IACJ,CAAC,CAAC;IAEF,MAAMC,kBAAkB,GAAGjI,GAAG,CAACqC,WAAW,CAACtD,GAAG,CAAC2H,MAAM,CAACwB,kBAAkB,EAAE;MACtEpI,IAAI,EAAE,mBAAmB;MACzBC,MAAM,EAAE;QACJoI,cAAc,EAAE1D,KAAK,CAACnD,MAAM,CAAC8G,SAAS;QACtCC,YAAY,EAAE3B,MAAM,CAACpF,MAAM,CAACC,GAAG;QAC/B+G,gBAAgB,EAAE,QAAQ;QAC1BC,oBAAoB,EAAE,CAAC;QACvBC,SAAS,EAAE,EAAE;QACbC,8BAA8B,EAAE;MACpC;IACJ,CAAC,CAAC;IAEFzI,GAAG,CAAC0I,UAAU,CAAC;MACXC,mBAAmB,EAAEjI,SAAS;MAC9BkI,wBAAwB,EAAEnI,cAAc;MACxCoI,0BAA0B,EAAEpE,KAAK,CAACnD,MAAM,CAACC,GAAG;MAC5CuH,2BAA2B,EAAErE,KAAK,CAACnD,MAAM,CAACxB;IAC9C,CAAC,CAAC;IAEF,OAAO;MACHS,MAAM;MACNC,YAAY;MACZiE,KAAK;MACLsE,eAAe,EAAE;QACbpD,IAAI;QACJO,MAAM;QACNQ,MAAM;QACNuB;MACJ;IACJ,CAAC;EACL;AACJ,CAAC,CAAC;AAEF,SAAS9B,gCAAgCA,CAACnG,GAAc,EAAEU,SAAgC,EAAE;EACxF,OAAOV,GAAG,CAACqC,WAAW,CAACtD,GAAG,CAAC6G,GAAG,CAACoD,MAAM,EAAE;IACnClJ,IAAI,EAAE,uCAAuC;IAC7CC,MAAM,EAAE;MACJuH,WAAW,EAAE,uDAAuD;MACpEpB,MAAM,EAAE;QACJhC,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACI8E,GAAG,EAAE,iBAAiB;UACtB7E,MAAM,EAAE,OAAO;UACfG,MAAM,EAAE,CACJ,cAAc,EACd,iBAAiB,EACjB,gBAAgB,EAChB,eAAe,EACf,cAAc,EACd,uBAAuB,EACvB,yBAAyB,EACzB,kBAAkB,EAClB,kBAAkB,EAClB,qBAAqB,EACrB,gBAAgB,EAChB,qBAAqB,CACxB;UACDC,QAAQ,EAAE,CACN1F,MAAM,CAACoK,WAAW,GAAGxI,SAAS,EAAE,EAChC5B,MAAM,CAACoK,WAAW,GAAGxI,SAAS,IAAI;QAE1C,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;AACN","ignoreList":[]}
package/pulumi/apps/core/createCorePulumiApp.js CHANGED
@@ -40,6 +40,9 @@ export function createCorePulumiApp() {
40
40
  if (searchEngineParams) {
41
41
  const params = searchEngineParams;
42
42
  if (typeof params === "object") {
43
+ if (params.endpoint) {
44
+ process.env.OPENSEARCH_ENDPOINT = params.endpoint;
45
+ }
43
46
  if (params.domainName) {
44
47
  process.env.AWS_OS_DOMAIN_NAME = params.domainName;
45
48
  }
@@ -49,6 +52,12 @@ export function createCorePulumiApp() {
49
52
  if (params.sharedIndexes) {
50
53
  process.env.OPENSEARCH_SHARED_INDEXES = "true";
51
54
  }
55
+ if (params.username) {
56
+ process.env.OPENSEARCH_USERNAME = params.username;
57
+ }
58
+ if (params.password) {
59
+ process.env.OPENSEARCH_PASSWORD = params.password;
60
+ }
52
61
  }
53
62
  }
54
63
  if (pulumiResourceNamePrefix) {
package/pulumi/apps/core/createCorePulumiApp.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["aws","createPulumiApp","isResourceOfType","CoreCognito","CoreDynamo","OpenSearch","CoreEventBus","CoreFileManger","CoreVpc","WatchCommand","withServiceManifest","addServiceManifestTableItem","random","getProjectSdk","CorePulumi","getOsConfigFromExtension","getVpcConfigFromExtension","applyAwsResourceTags","getAwsRegion","configureS3BucketMalwareProtection","pulumi","CoreAuditLogsDynamo","createCorePulumiApp","baseApp","name","path","program","app","sdk","projectConfig","getProjectConfig","pulumiResourceNamePrefix","getPulumiResourceNamePrefix","vpcExtensionsConfig","opensearchExtensionConfig","deploymentId","RandomId","byteLength","searchEngineType","searchEngineParams","params","domainName","process","env","AWS_OS_DOMAIN_NAME","indexPrefix","OPENSEARCH_INDEX_PREFIX","sharedIndexes","OPENSEARCH_SHARED_INDEXES","onResource","resource","startsWith","addHandler","usingAdvancedVpcParams","featureFlags","getFeatureFlags","isFileManagerThreatDetectionEnabled","resources","addResource","useExistingVpc","useVpcEndpoints","Error","openSearchDomainVpcConfig","opensearch","Domain","config","vpcOptions","lambdaFunctionsVpcConfig","lambda","Function","canUseVpc","meta","vpcConfig","iam","Role","isLambdaFunctionRole","RolePolicyAttachment","role","output","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","region","ec2","Vpc","enableDnsSupport","enableDnsHostnames","vpc","subnets","routeTables","VpcEndpoint","vpcId","id","serviceName","interpolate","routeTableIds","privateSubnets","vpcEndpointType","privateDnsEnabled","securityGroupIds","defaultSecurityGroupId","subnetIds","private","map","subNet","pulumiHandlers","getContainer","resolve","execute","isProduction","protect","dynamoDbTable","addModule","auditLogsDynamoDbTable","vpcEnabled","cognito","useEmailAsUsername","eventBus","bucket","fileManagerBucket","hex","addOutputs","fileManagerBucketId","primaryDynamodbTableArn","arn","primaryDynamodbTableName","primaryDynamodbTableHashKey","hashKey","primaryDynamodbTableRangeKey","rangeKey","auditLogsDynamodbTableArn","auditLogsDynamodbTableName","auditLogsDynamodbTableHashKey","auditLogsDynamodbTableRangeKey","cognitoUserPoolId","userPool","cognitoUserPoolArn","cognitoUserPoolPasswordPolicy","passwordPolicy","cognitoAppClientId","userPoolClient","eventBusName","eventBusArn","manifests","dynamoTable","table","tableName","forEach","manifest","addServiceManifest","dynamodbTable"],"sources":["createCorePulumiApp.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { createPulumiApp, isResourceOfType } from \"@webiny/pulumi\";\nimport { CoreCognito } from \"./CoreCognito.js\";\nimport { CoreDynamo } from \"./CoreDynamo.js\";\nimport { OpenSearch } from \"./CoreOpenSearch.js\";\nimport { CoreEventBus } from \"./CoreEventBus.js\";\nimport { CoreFileManger } from \"./CoreFileManager.js\";\nimport { CoreVpc } from \"./CoreVpc.js\";\nimport { WatchCommand } from \"./WatchCommand.js\";\nimport { withServiceManifest } from \"~/pulumi/utils/withServiceManifest.js\";\nimport {\n addServiceManifestTableItem,\n type TableDefinition\n} from \"~/pulumi/utils/addServiceManifestTableItem.js\";\nimport * as random from \"@pulumi/random\";\n\nimport { getProjectSdk } from \"@webiny/project\";\nimport { CorePulumi } from \"@webiny/project/abstractions/index.js\";\nimport { getOsConfigFromExtension } from \"~/pulumi/apps/extensions/getOsConfigFromExtension.js\";\nimport { getVpcConfigFromExtension } from \"~/pulumi/apps/extensions/getVpcConfigFromExtension.js\";\nimport { applyAwsResourceTags, getAwsRegion } from \"~/pulumi/apps/awsUtils.js\";\nimport { configureS3BucketMalwareProtection } from \"./configureS3BucketMalwareProtection.js\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport { CoreAuditLogsDynamo } from \"~/pulumi/index.js\";\n\nexport type CorePulumiApp = ReturnType<typeof createCorePulumiApp>;\n\nexport function createCorePulumiApp() {\n const baseApp = createPulumiApp({\n name: \"core\",\n path: \"apps/core\",\n program: async app => {\n const sdk = await getProjectSdk();\n const projectConfig = await sdk.getProjectConfig();\n\n const pulumiResourceNamePrefix = await sdk.getPulumiResourceNamePrefix();\n const vpcExtensionsConfig = getVpcConfigFromExtension(projectConfig);\n const opensearchExtensionConfig = getOsConfigFromExtension(projectConfig);\n\n const deploymentId = new random.RandomId(\"deploymentId\", { byteLength: 8 });\n\n let searchEngineType: \"opensearch\" | null = null;\n let searchEngineParams: typeof opensearchExtensionConfig | null = null;\n\n if (opensearchExtensionConfig) {\n searchEngineParams = opensearchExtensionConfig;\n searchEngineType = \"opensearch\";\n }\n\n if (searchEngineParams) {\n const params = searchEngineParams;\n if (typeof params === \"object\") {\n if (params.domainName) {\n process.env.AWS_OS_DOMAIN_NAME = params.domainName;\n }\n\n if (params.indexPrefix) {\n process.env.OPENSEARCH_INDEX_PREFIX = params.indexPrefix;\n }\n\n if (params.sharedIndexes) {\n process.env.OPENSEARCH_SHARED_INDEXES = \"true\";\n }\n }\n }\n\n if (pulumiResourceNamePrefix) {\n app.onResource(resource => {\n if (!resource.name.startsWith(pulumiResourceNamePrefix)) {\n resource.name = `${pulumiResourceNamePrefix}${resource.name}`;\n }\n });\n }\n\n // <-------------------- Enterprise start -------------------->\n app.addHandler(async () => {\n const usingAdvancedVpcParams =\n vpcExtensionsConfig && typeof vpcExtensionsConfig !== \"boolean\";\n\n const featureFlags = await sdk.getFeatureFlags();\n if (featureFlags.isFileManagerThreatDetectionEnabled()) {\n configureS3BucketMalwareProtection(app as CorePulumiApp);\n }\n\n // Not using advanced VPC params? Then immediately exit.\n if (!usingAdvancedVpcParams) {\n return;\n }\n\n const { resources, addResource, onResource } = app as CorePulumiApp;\n const { useExistingVpc, useVpcEndpoints } = vpcExtensionsConfig;\n\n // 1. We first deal with \"existing VPC\" setup.\n if (useExistingVpc) {\n if (\"useVpcEndpoints\" in vpcExtensionsConfig) {\n throw new Error(\n \"Cannot specify `useVpcEndpoints` parameter when using an existing VPC. The VPC endpoints configurations should be already defined within the existing VPC.\"\n );\n }\n\n if (opensearchExtensionConfig) {\n if (!useExistingVpc.openSearchDomainVpcConfig) {\n throw new Error(\n \"Cannot specify `useExistingVpc` parameter because the `openSearchDomainVpcConfig` parameter wasn't provided.\"\n );\n }\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.opensearch.Domain)) {\n resource.config.vpcOptions(\n useExistingVpc!.openSearchDomainVpcConfig\n );\n }\n });\n }\n\n if (!useExistingVpc.lambdaFunctionsVpcConfig) {\n throw new Error(\n \"Cannot specify `useExistingVpc` parameter because the `lambdaFunctionsVpcConfig` parameter wasn't provided.\"\n );\n }\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.lambda.Function)) {\n const canUseVpc = resource.meta.canUseVpc !== false;\n if (canUseVpc) {\n resource.config.vpcConfig(useExistingVpc!.lambdaFunctionsVpcConfig);\n }\n }\n\n if (isResourceOfType(resource, aws.iam.Role)) {\n if (resource.meta.isLambdaFunctionRole) {\n addResource(aws.iam.RolePolicyAttachment, {\n name: `${resource.name}-vpc-access-execution-role`,\n config: {\n role: resource.output.name,\n policyArn:\n aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n }\n });\n }\n }\n });\n\n return;\n }\n\n // 2. Now we deal with \"non-existing VPC\" setup.\n if (useVpcEndpoints) {\n const region = getAwsRegion(app);\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.ec2.Vpc)) {\n resource.config.enableDnsSupport(true);\n resource.config.enableDnsHostnames(true);\n }\n });\n\n const { vpc, subnets, routeTables } = resources.vpc!;\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-s3-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: pulumi.interpolate`com.amazonaws.${region}.s3`,\n routeTableIds: [routeTables.privateSubnets.output.id]\n }\n });\n\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-dynamodb-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: pulumi.interpolate`com.amazonaws.${region}.dynamodb`,\n routeTableIds: [routeTables.privateSubnets.output.id]\n }\n });\n\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-sqs-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: pulumi.interpolate`com.amazonaws.${region}.sqs`,\n vpcEndpointType: \"Interface\",\n privateDnsEnabled: true,\n securityGroupIds: [vpc.output.defaultSecurityGroupId],\n subnetIds: subnets.private.map(subNet => subNet.output.id)\n }\n });\n\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-events-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: pulumi.interpolate`com.amazonaws.${region}.events`,\n vpcEndpointType: \"Interface\",\n privateDnsEnabled: true,\n securityGroupIds: [vpc.output.defaultSecurityGroupId],\n subnetIds: subnets.private.map(subNet => subNet.output.id)\n }\n });\n }\n });\n // <-------------------- Enterprise end -------------------->\n\n // Overrides must be applied via a handler, registered at the very start of the program.\n // By doing this, we're ensuring user's adjustments are not applied to late.\n const pulumiHandlers = sdk.getContainer().resolve(CorePulumi);\n\n app.addHandler(() => {\n return pulumiHandlers.execute(app as unknown as CorePulumiApp);\n });\n\n const isProduction = app.env.isProduction;\n const protect = isProduction;\n\n // Setup DynamoDB table\n const dynamoDbTable = app.addModule(CoreDynamo, { protect });\n const auditLogsDynamoDbTable = app.addModule(CoreAuditLogsDynamo, { protect });\n\n // Setup VPC\n const vpcEnabled =\n vpcExtensionsConfig === true ||\n typeof vpcExtensionsConfig === \"object\" ||\n isProduction;\n\n const vpc = vpcEnabled ? app.addModule(CoreVpc) : null;\n\n // Setup Cognito\n const cognito = app.addModule(CoreCognito, {\n protect,\n useEmailAsUsername: false\n });\n\n // Setup event bus\n const eventBus = app.addModule(CoreEventBus);\n\n // Setup file core bucket\n const { bucket: fileManagerBucket } = app.addModule(CoreFileManger, { protect });\n\n let opensearch;\n if (searchEngineType === \"opensearch\") {\n opensearch = app.addModule(OpenSearch, { protect });\n }\n\n app.addModule(WatchCommand, { deploymentId: deploymentId.hex });\n\n app.addOutputs({\n deploymentId: deploymentId.hex,\n region: aws.config.region,\n fileManagerBucketId: fileManagerBucket.output.id,\n primaryDynamodbTableArn: dynamoDbTable.output.arn,\n primaryDynamodbTableName: dynamoDbTable.output.name,\n primaryDynamodbTableHashKey: dynamoDbTable.output.hashKey,\n primaryDynamodbTableRangeKey: dynamoDbTable.output.rangeKey,\n auditLogsDynamodbTableArn: auditLogsDynamoDbTable.output.arn,\n auditLogsDynamodbTableName: auditLogsDynamoDbTable.output.name,\n auditLogsDynamodbTableHashKey: auditLogsDynamoDbTable.output.hashKey,\n auditLogsDynamodbTableRangeKey: auditLogsDynamoDbTable.output.rangeKey,\n cognitoUserPoolId: cognito.userPool.output.id,\n cognitoUserPoolArn: cognito.userPool.output.arn,\n cognitoUserPoolPasswordPolicy: cognito.userPool.output.passwordPolicy,\n cognitoAppClientId: cognito.userPoolClient.output.id,\n eventBusName: eventBus.output.name,\n eventBusArn: eventBus.output.arn\n });\n\n // Applies internal and user-defined AWS tags.\n await applyAwsResourceTags(\"core\");\n\n return {\n dynamoDbTable,\n vpc,\n ...cognito,\n fileManagerBucket,\n eventBus,\n opensearch\n };\n }\n });\n\n const app = withServiceManifest(baseApp, manifests => {\n const dynamoTable = baseApp.resources.dynamoDbTable;\n\n const table: TableDefinition = {\n tableName: dynamoTable.output.name,\n hashKey: dynamoTable.output.hashKey,\n rangeKey: dynamoTable.output.rangeKey\n };\n\n manifests.forEach(manifest => addServiceManifestTableItem(baseApp, table, manifest));\n });\n\n app.addHandler(() => {\n app.addServiceManifest({\n name: \"core\",\n manifest: {\n eventBus: {\n arn: baseApp.resources.eventBus.output.arn,\n name: baseApp.resources.eventBus.output.name\n },\n dynamodbTable: {\n arn: baseApp.resources.dynamoDbTable.output.arn,\n name: baseApp.resources.dynamoDbTable.output.name,\n hashKey: baseApp.resources.dynamoDbTable.output.hashKey,\n rangeKey: baseApp.resources.dynamoDbTable.output.rangeKey\n }\n }\n });\n });\n\n return app;\n}\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAClC,SAASC,eAAe,EAAEC,gBAAgB,QAAQ,gBAAgB;AAClE,SAASC,WAAW;AACpB,SAASC,UAAU;AACnB,SAASC,UAAU;AACnB,SAASC,YAAY;AACrB,SAASC,cAAc;AACvB,SAASC,OAAO;AAChB,SAASC,YAAY;AACrB,SAASC,mBAAmB;AAC5B,SACIC,2BAA2B;AAG/B,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AAExC,SAASC,aAAa,QAAQ,iBAAiB;AAC/C,SAASC,UAAU,QAAQ,uCAAuC;AAClE,SAASC,wBAAwB;AACjC,SAASC,yBAAyB;AAClC,SAASC,oBAAoB,EAAEC,YAAY;AAC3C,SAASC,kCAAkC;AAC3C,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,SAASC,mBAAmB;AAI5B,OAAO,SAASC,mBAAmBA,CAAA,EAAG;EAClC,MAAMC,OAAO,GAAGtB,eAAe,CAAC;IAC5BuB,IAAI,EAAE,MAAM;IACZC,IAAI,EAAE,WAAW;IACjBC,OAAO,EAAE,MAAMC,GAAG,IAAI;MAClB,MAAMC,GAAG,GAAG,MAAMf,aAAa,CAAC,CAAC;MACjC,MAAMgB,aAAa,GAAG,MAAMD,GAAG,CAACE,gBAAgB,CAAC,CAAC;MAElD,MAAMC,wBAAwB,GAAG,MAAMH,GAAG,CAACI,2BAA2B,CAAC,CAAC;MACxE,MAAMC,mBAAmB,GAAGjB,yBAAyB,CAACa,aAAa,CAAC;MACpE,MAAMK,yBAAyB,GAAGnB,wBAAwB,CAACc,aAAa,CAAC;MAEzE,MAAMM,YAAY,GAAG,IAAIvB,MAAM,CAACwB,QAAQ,CAAC,cAAc,EAAE;QAAEC,UAAU,EAAE;MAAE,CAAC,CAAC;MAE3E,IAAIC,gBAAqC,GAAG,IAAI;MAChD,IAAIC,kBAA2D,GAAG,IAAI;MAEtE,IAAIL,yBAAyB,EAAE;QAC3BK,kBAAkB,GAAGL,yBAAyB;QAC9CI,gBAAgB,GAAG,YAAY;MACnC;MAEA,IAAIC,kBAAkB,EAAE;QACpB,MAAMC,MAAM,GAAGD,kBAAkB;QACjC,IAAI,OAAOC,MAAM,KAAK,QAAQ,EAAE;UAC5B,IAAIA,MAAM,CAACC,UAAU,EAAE;YACnBC,OAAO,CAACC,GAAG,CAACC,kBAAkB,GAAGJ,MAAM,CAACC,UAAU;UACtD;UAEA,IAAID,MAAM,CAACK,WAAW,EAAE;YACpBH,OAAO,CAACC,GAAG,CAACG,uBAAuB,GAAGN,MAAM,CAACK,WAAW;UAC5D;UAEA,IAAIL,MAAM,CAACO,aAAa,EAAE;YACtBL,OAAO,CAACC,GAAG,CAACK,yBAAyB,GAAG,MAAM;UAClD;QACJ;MACJ;MAEA,IAAIjB,wBAAwB,EAAE;QAC1BJ,GAAG,CAACsB,UAAU,CAACC,QAAQ,IAAI;UACvB,IAAI,CAACA,QAAQ,CAAC1B,IAAI,CAAC2B,UAAU,CAACpB,wBAAwB,CAAC,EAAE;YACrDmB,QAAQ,CAAC1B,IAAI,GAAG,GAAGO,wBAAwB,GAAGmB,QAAQ,CAAC1B,IAAI,EAAE;UACjE;QACJ,CAAC,CAAC;MACN;;MAEA;MACAG,GAAG,CAACyB,UAAU,CAAC,YAAY;QACvB,MAAMC,sBAAsB,GACxBpB,mBAAmB,IAAI,OAAOA,mBAAmB,KAAK,SAAS;QAEnE,MAAMqB,YAAY,GAAG,MAAM1B,GAAG,CAAC2B,eAAe,CAAC,CAAC;QAChD,IAAID,YAAY,CAACE,mCAAmC,CAAC,CAAC,EAAE;UACpDrC,kCAAkC,CAACQ,GAAoB,CAAC;QAC5D;;QAEA;QACA,IAAI,CAAC0B,sBAAsB,EAAE;UACzB;QACJ;QAEA,MAAM;UAAEI,SAAS;UAAEC,WAAW;UAAET;QAAW,CAAC,GAAGtB,GAAoB;QACnE,MAAM;UAAEgC,cAAc;UAAEC;QAAgB,CAAC,GAAG3B,mBAAmB;;QAE/D;QACA,IAAI0B,cAAc,EAAE;UAChB,IAAI,iBAAiB,IAAI1B,mBAAmB,EAAE;YAC1C,MAAM,IAAI4B,KAAK,CACX,4JACJ,CAAC;UACL;UAEA,IAAI3B,yBAAyB,EAAE;YAC3B,IAAI,CAACyB,cAAc,CAACG,yBAAyB,EAAE;cAC3C,MAAM,IAAID,KAAK,CACX,8GACJ,CAAC;YACL;YAEAZ,UAAU,CAACC,QAAQ,IAAI;cACnB,IAAIhD,gBAAgB,CAACgD,QAAQ,EAAElD,GAAG,CAAC+D,UAAU,CAACC,MAAM,CAAC,EAAE;gBACnDd,QAAQ,CAACe,MAAM,CAACC,UAAU,CACtBP,cAAc,CAAEG,yBACpB,CAAC;cACL;YACJ,CAAC,CAAC;UACN;UAEA,IAAI,CAACH,cAAc,CAACQ,wBAAwB,EAAE;YAC1C,MAAM,IAAIN,KAAK,CACX,6GACJ,CAAC;UACL;UAEAZ,UAAU,CAACC,QAAQ,IAAI;YACnB,IAAIhD,gBAAgB,CAACgD,QAAQ,EAAElD,GAAG,CAACoE,MAAM,CAACC,QAAQ,CAAC,EAAE;cACjD,MAAMC,SAAS,GAAGpB,QAAQ,CAACqB,IAAI,CAACD,SAAS,KAAK,KAAK;cACnD,IAAIA,SAAS,EAAE;gBACXpB,QAAQ,CAACe,MAAM,CAACO,SAAS,CAACb,cAAc,CAAEQ,wBAAwB,CAAC;cACvE;YACJ;YAEA,IAAIjE,gBAAgB,CAACgD,QAAQ,EAAElD,GAAG,CAACyE,GAAG,CAACC,IAAI,CAAC,EAAE;cAC1C,IAAIxB,QAAQ,CAACqB,IAAI,CAACI,oBAAoB,EAAE;gBACpCjB,WAAW,CAAC1D,GAAG,CAACyE,GAAG,CAACG,oBAAoB,EAAE;kBACtCpD,IAAI,EAAE,GAAG0B,QAAQ,CAAC1B,IAAI,4BAA4B;kBAClDyC,MAAM,EAAE;oBACJY,IAAI,EAAE3B,QAAQ,CAAC4B,MAAM,CAACtD,IAAI;oBAC1BuD,SAAS,EACL/E,GAAG,CAACyE,GAAG,CAACO,aAAa,CAACC;kBAC9B;gBACJ,CAAC,CAAC;cACN;YACJ;UACJ,CAAC,CAAC;UAEF;QACJ;;QAEA;QACA,IAAIrB,eAAe,EAAE;UACjB,MAAMsB,MAAM,GAAGhE,YAAY,CAACS,GAAG,CAAC;UAEhCsB,UAAU,CAACC,QAAQ,IAAI;YACnB,IAAIhD,gBAAgB,CAACgD,QAAQ,EAAElD,GAAG,CAACmF,GAAG,CAACC,GAAG,CAAC,EAAE;cACzClC,QAAQ,CAACe,MAAM,CAACoB,gBAAgB,CAAC,IAAI,CAAC;cACtCnC,QAAQ,CAACe,MAAM,CAACqB,kBAAkB,CAAC,IAAI,CAAC;YAC5C;UACJ,CAAC,CAAC;UAEF,MAAM;YAAEC,GAAG;YAAEC,OAAO;YAAEC;UAAY,CAAC,GAAGhC,SAAS,CAAC8B,GAAI;UACpD7B,WAAW,CAAC1D,GAAG,CAACmF,GAAG,CAACO,WAAW,EAAE;YAC7BlE,IAAI,EAAE,qBAAqB;YAC3ByC,MAAM,EAAE;cACJ0B,KAAK,EAAEJ,GAAG,CAACT,MAAM,CAACc,EAAE;cACpBC,WAAW,EAAEzE,MAAM,CAAC0E,WAAW,iBAAiBZ,MAAM,KAAK;cAC3Da,aAAa,EAAE,CAACN,WAAW,CAACO,cAAc,CAAClB,MAAM,CAACc,EAAE;YACxD;UACJ,CAAC,CAAC;UAEFlC,WAAW,CAAC1D,GAAG,CAACmF,GAAG,CAACO,WAAW,EAAE;YAC7BlE,IAAI,EAAE,2BAA2B;YACjCyC,MAAM,EAAE;cACJ0B,KAAK,EAAEJ,GAAG,CAACT,MAAM,CAACc,EAAE;cACpBC,WAAW,EAAEzE,MAAM,CAAC0E,WAAW,iBAAiBZ,MAAM,WAAW;cACjEa,aAAa,EAAE,CAACN,WAAW,CAACO,cAAc,CAAClB,MAAM,CAACc,EAAE;YACxD;UACJ,CAAC,CAAC;UAEFlC,WAAW,CAAC1D,GAAG,CAACmF,GAAG,CAACO,WAAW,EAAE;YAC7BlE,IAAI,EAAE,sBAAsB;YAC5ByC,MAAM,EAAE;cACJ0B,KAAK,EAAEJ,GAAG,CAACT,MAAM,CAACc,EAAE;cACpBC,WAAW,EAAEzE,MAAM,CAAC0E,WAAW,iBAAiBZ,MAAM,MAAM;cAC5De,eAAe,EAAE,WAAW;cAC5BC,iBAAiB,EAAE,IAAI;cACvBC,gBAAgB,EAAE,CAACZ,GAAG,CAACT,MAAM,CAACsB,sBAAsB,CAAC;cACrDC,SAAS,EAAEb,OAAO,CAACc,OAAO,CAACC,GAAG,CAACC,MAAM,IAAIA,MAAM,CAAC1B,MAAM,CAACc,EAAE;YAC7D;UACJ,CAAC,CAAC;UAEFlC,WAAW,CAAC1D,GAAG,CAACmF,GAAG,CAACO,WAAW,EAAE;YAC7BlE,IAAI,EAAE,yBAAyB;YAC/ByC,MAAM,EAAE;cACJ0B,KAAK,EAAEJ,GAAG,CAACT,MAAM,CAACc,EAAE;cACpBC,WAAW,EAAEzE,MAAM,CAAC0E,WAAW,iBAAiBZ,MAAM,SAAS;cAC/De,eAAe,EAAE,WAAW;cAC5BC,iBAAiB,EAAE,IAAI;cACvBC,gBAAgB,EAAE,CAACZ,GAAG,CAACT,MAAM,CAACsB,sBAAsB,CAAC;cACrDC,SAAS,EAAEb,OAAO,CAACc,OAAO,CAACC,GAAG,CAACC,MAAM,IAAIA,MAAM,CAAC1B,MAAM,CAACc,EAAE;YAC7D;UACJ,CAAC,CAAC;QACN;MACJ,CAAC,CAAC;MACF;;MAEA;MACA;MACA,MAAMa,cAAc,GAAG7E,GAAG,CAAC8E,YAAY,CAAC,CAAC,CAACC,OAAO,CAAC7F,UAAU,CAAC;MAE7Da,GAAG,CAACyB,UAAU,CAAC,MAAM;QACjB,OAAOqD,cAAc,CAACG,OAAO,CAACjF,GAA+B,CAAC;MAClE,CAAC,CAAC;MAEF,MAAMkF,YAAY,GAAGlF,GAAG,CAACgB,GAAG,CAACkE,YAAY;MACzC,MAAMC,OAAO,GAAGD,YAAY;;MAE5B;MACA,MAAME,aAAa,GAAGpF,GAAG,CAACqF,SAAS,CAAC5G,UAAU,EAAE;QAAE0G;MAAQ,CAAC,CAAC;MAC5D,MAAMG,sBAAsB,GAAGtF,GAAG,CAACqF,SAAS,CAAC3F,mBAAmB,EAAE;QAAEyF;MAAQ,CAAC,CAAC;;MAE9E;MACA,MAAMI,UAAU,GACZjF,mBAAmB,KAAK,IAAI,IAC5B,OAAOA,mBAAmB,KAAK,QAAQ,IACvC4E,YAAY;MAEhB,MAAMtB,GAAG,GAAG2B,UAAU,GAAGvF,GAAG,CAACqF,SAAS,CAACxG,OAAO,CAAC,GAAG,IAAI;;MAEtD;MACA,MAAM2G,OAAO,GAAGxF,GAAG,CAACqF,SAAS,CAAC7G,WAAW,EAAE;QACvC2G,OAAO;QACPM,kBAAkB,EAAE;MACxB,CAAC,CAAC;;MAEF;MACA,MAAMC,QAAQ,GAAG1F,GAAG,CAACqF,SAAS,CAAC1G,YAAY,CAAC;;MAE5C;MACA,MAAM;QAAEgH,MAAM,EAAEC;MAAkB,CAAC,GAAG5F,GAAG,CAACqF,SAAS,CAACzG,cAAc,EAAE;QAAEuG;MAAQ,CAAC,CAAC;MAEhF,IAAI/C,UAAU;MACd,IAAIzB,gBAAgB,KAAK,YAAY,EAAE;QACnCyB,UAAU,GAAGpC,GAAG,CAACqF,SAAS,CAAC3G,UAAU,EAAE;UAAEyG;QAAQ,CAAC,CAAC;MACvD;MAEAnF,GAAG,CAACqF,SAAS,CAACvG,YAAY,EAAE;QAAE0B,YAAY,EAAEA,YAAY,CAACqF;MAAI,CAAC,CAAC;MAE/D7F,GAAG,CAAC8F,UAAU,CAAC;QACXtF,YAAY,EAAEA,YAAY,CAACqF,GAAG;QAC9BtC,MAAM,EAAElF,GAAG,CAACiE,MAAM,CAACiB,MAAM;QACzBwC,mBAAmB,EAAEH,iBAAiB,CAACzC,MAAM,CAACc,EAAE;QAChD+B,uBAAuB,EAAEZ,aAAa,CAACjC,MAAM,CAAC8C,GAAG;QACjDC,wBAAwB,EAAEd,aAAa,CAACjC,MAAM,CAACtD,IAAI;QACnDsG,2BAA2B,EAAEf,aAAa,CAACjC,MAAM,CAACiD,OAAO;QACzDC,4BAA4B,EAAEjB,aAAa,CAACjC,MAAM,CAACmD,QAAQ;QAC3DC,yBAAyB,EAAEjB,sBAAsB,CAACnC,MAAM,CAAC8C,GAAG;QAC5DO,0BAA0B,EAAElB,sBAAsB,CAACnC,MAAM,CAACtD,IAAI;QAC9D4G,6BAA6B,EAAEnB,sBAAsB,CAACnC,MAAM,CAACiD,OAAO;QACpEM,8BAA8B,EAAEpB,sBAAsB,CAACnC,MAAM,CAACmD,QAAQ;QACtEK,iBAAiB,EAAEnB,OAAO,CAACoB,QAAQ,CAACzD,MAAM,CAACc,EAAE;QAC7C4C,kBAAkB,EAAErB,OAAO,CAACoB,QAAQ,CAACzD,MAAM,CAAC8C,GAAG;QAC/Ca,6BAA6B,EAAEtB,OAAO,CAACoB,QAAQ,CAACzD,MAAM,CAAC4D,cAAc;QACrEC,kBAAkB,EAAExB,OAAO,CAACyB,cAAc,CAAC9D,MAAM,CAACc,EAAE;QACpDiD,YAAY,EAAExB,QAAQ,CAACvC,MAAM,CAACtD,IAAI;QAClCsH,WAAW,EAAEzB,QAAQ,CAACvC,MAAM,CAAC8C;MACjC,CAAC,CAAC;;MAEF;MACA,MAAM3G,oBAAoB,CAAC,MAAM,CAAC;MAElC,OAAO;QACH8F,aAAa;QACbxB,GAAG;QACH,GAAG4B,OAAO;QACVI,iBAAiB;QACjBF,QAAQ;QACRtD;MACJ,CAAC;IACL;EACJ,CAAC,CAAC;EAEF,MAAMpC,GAAG,GAAGjB,mBAAmB,CAACa,OAAO,EAAEwH,SAAS,IAAI;IAClD,MAAMC,WAAW,GAAGzH,OAAO,CAACkC,SAAS,CAACsD,aAAa;IAEnD,MAAMkC,KAAsB,GAAG;MAC3BC,SAAS,EAAEF,WAAW,CAAClE,MAAM,CAACtD,IAAI;MAClCuG,OAAO,EAAEiB,WAAW,CAAClE,MAAM,CAACiD,OAAO;MACnCE,QAAQ,EAAEe,WAAW,CAAClE,MAAM,CAACmD;IACjC,CAAC;IAEDc,SAAS,CAACI,OAAO,CAACC,QAAQ,IAAIzI,2BAA2B,CAACY,OAAO,EAAE0H,KAAK,EAAEG,QAAQ,CAAC,CAAC;EACxF,CAAC,CAAC;EAEFzH,GAAG,CAACyB,UAAU,CAAC,MAAM;IACjBzB,GAAG,CAAC0H,kBAAkB,CAAC;MACnB7H,IAAI,EAAE,MAAM;MACZ4H,QAAQ,EAAE;QACN/B,QAAQ,EAAE;UACNO,GAAG,EAAErG,OAAO,CAACkC,SAAS,CAAC4D,QAAQ,CAACvC,MAAM,CAAC8C,GAAG;UAC1CpG,IAAI,EAAED,OAAO,CAACkC,SAAS,CAAC4D,QAAQ,CAACvC,MAAM,CAACtD;QAC5C,CAAC;QACD8H,aAAa,EAAE;UACX1B,GAAG,EAAErG,OAAO,CAACkC,SAAS,CAACsD,aAAa,CAACjC,MAAM,CAAC8C,GAAG;UAC/CpG,IAAI,EAAED,OAAO,CAACkC,SAAS,CAACsD,aAAa,CAACjC,MAAM,CAACtD,IAAI;UACjDuG,OAAO,EAAExG,OAAO,CAACkC,SAAS,CAACsD,aAAa,CAACjC,MAAM,CAACiD,OAAO;UACvDE,QAAQ,EAAE1G,OAAO,CAACkC,SAAS,CAACsD,aAAa,CAACjC,MAAM,CAACmD;QACrD;MACJ;IACJ,CAAC,CAAC;EACN,CAAC,CAAC;EAEF,OAAOtG,GAAG;AACd","ignoreList":[]}
1
+ {"version":3,"names":["aws","createPulumiApp","isResourceOfType","CoreCognito","CoreDynamo","OpenSearch","CoreEventBus","CoreFileManger","CoreVpc","WatchCommand","withServiceManifest","addServiceManifestTableItem","random","getProjectSdk","CorePulumi","getOsConfigFromExtension","getVpcConfigFromExtension","applyAwsResourceTags","getAwsRegion","configureS3BucketMalwareProtection","pulumi","CoreAuditLogsDynamo","createCorePulumiApp","baseApp","name","path","program","app","sdk","projectConfig","getProjectConfig","pulumiResourceNamePrefix","getPulumiResourceNamePrefix","vpcExtensionsConfig","opensearchExtensionConfig","deploymentId","RandomId","byteLength","searchEngineType","searchEngineParams","params","endpoint","process","env","OPENSEARCH_ENDPOINT","domainName","AWS_OS_DOMAIN_NAME","indexPrefix","OPENSEARCH_INDEX_PREFIX","sharedIndexes","OPENSEARCH_SHARED_INDEXES","username","OPENSEARCH_USERNAME","password","OPENSEARCH_PASSWORD","onResource","resource","startsWith","addHandler","usingAdvancedVpcParams","featureFlags","getFeatureFlags","isFileManagerThreatDetectionEnabled","resources","addResource","useExistingVpc","useVpcEndpoints","Error","openSearchDomainVpcConfig","opensearch","Domain","config","vpcOptions","lambdaFunctionsVpcConfig","lambda","Function","canUseVpc","meta","vpcConfig","iam","Role","isLambdaFunctionRole","RolePolicyAttachment","role","output","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","region","ec2","Vpc","enableDnsSupport","enableDnsHostnames","vpc","subnets","routeTables","VpcEndpoint","vpcId","id","serviceName","interpolate","routeTableIds","privateSubnets","vpcEndpointType","privateDnsEnabled","securityGroupIds","defaultSecurityGroupId","subnetIds","private","map","subNet","pulumiHandlers","getContainer","resolve","execute","isProduction","protect","dynamoDbTable","addModule","auditLogsDynamoDbTable","vpcEnabled","cognito","useEmailAsUsername","eventBus","bucket","fileManagerBucket","hex","addOutputs","fileManagerBucketId","primaryDynamodbTableArn","arn","primaryDynamodbTableName","primaryDynamodbTableHashKey","hashKey","primaryDynamodbTableRangeKey","rangeKey","auditLogsDynamodbTableArn","auditLogsDynamodbTableName","auditLogsDynamodbTableHashKey","auditLogsDynamodbTableRangeKey","cognitoUserPoolId","userPool","cognitoUserPoolArn","cognitoUserPoolPasswordPolicy","passwordPolicy","cognitoAppClientId","userPoolClient","eventBusName","eventBusArn","manifests","dynamoTable","table","tableName","forEach","manifest","addServiceManifest","dynamodbTable"],"sources":["createCorePulumiApp.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { createPulumiApp, isResourceOfType } from \"@webiny/pulumi\";\nimport { CoreCognito } from \"./CoreCognito.js\";\nimport { CoreDynamo } from \"./CoreDynamo.js\";\nimport { OpenSearch } from \"./CoreOpenSearch.js\";\nimport { CoreEventBus } from \"./CoreEventBus.js\";\nimport { CoreFileManger } from \"./CoreFileManager.js\";\nimport { CoreVpc } from \"./CoreVpc.js\";\nimport { WatchCommand } from \"./WatchCommand.js\";\nimport { withServiceManifest } from \"~/pulumi/utils/withServiceManifest.js\";\nimport {\n addServiceManifestTableItem,\n type TableDefinition\n} from \"~/pulumi/utils/addServiceManifestTableItem.js\";\nimport * as random from \"@pulumi/random\";\n\nimport { getProjectSdk } from \"@webiny/project\";\nimport { CorePulumi } from \"@webiny/project/abstractions/index.js\";\nimport { getOsConfigFromExtension } from \"~/pulumi/apps/extensions/getOsConfigFromExtension.js\";\nimport { getVpcConfigFromExtension } from \"~/pulumi/apps/extensions/getVpcConfigFromExtension.js\";\nimport { applyAwsResourceTags, getAwsRegion } from \"~/pulumi/apps/awsUtils.js\";\nimport { configureS3BucketMalwareProtection } from \"./configureS3BucketMalwareProtection.js\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport { CoreAuditLogsDynamo } from \"~/pulumi/index.js\";\n\nexport type CorePulumiApp = ReturnType<typeof createCorePulumiApp>;\n\nexport function createCorePulumiApp() {\n const baseApp = createPulumiApp({\n name: \"core\",\n path: \"apps/core\",\n program: async app => {\n const sdk = await getProjectSdk();\n const projectConfig = await sdk.getProjectConfig();\n\n const pulumiResourceNamePrefix = await sdk.getPulumiResourceNamePrefix();\n const vpcExtensionsConfig = getVpcConfigFromExtension(projectConfig);\n const opensearchExtensionConfig = getOsConfigFromExtension(projectConfig);\n\n const deploymentId = new random.RandomId(\"deploymentId\", { byteLength: 8 });\n\n let searchEngineType: \"opensearch\" | null = null;\n let searchEngineParams: typeof opensearchExtensionConfig | null = null;\n\n if (opensearchExtensionConfig) {\n searchEngineParams = opensearchExtensionConfig;\n searchEngineType = \"opensearch\";\n }\n\n if (searchEngineParams) {\n const params = searchEngineParams;\n if (typeof params === \"object\") {\n if (params.endpoint) {\n process.env.OPENSEARCH_ENDPOINT = params.endpoint;\n }\n\n if (params.domainName) {\n process.env.AWS_OS_DOMAIN_NAME = params.domainName;\n }\n\n if (params.indexPrefix) {\n process.env.OPENSEARCH_INDEX_PREFIX = params.indexPrefix;\n }\n\n if (params.sharedIndexes) {\n process.env.OPENSEARCH_SHARED_INDEXES = \"true\";\n }\n\n if (params.username) {\n process.env.OPENSEARCH_USERNAME = params.username;\n }\n\n if (params.password) {\n process.env.OPENSEARCH_PASSWORD = params.password;\n }\n }\n }\n\n if (pulumiResourceNamePrefix) {\n app.onResource(resource => {\n if (!resource.name.startsWith(pulumiResourceNamePrefix)) {\n resource.name = `${pulumiResourceNamePrefix}${resource.name}`;\n }\n });\n }\n\n // <-------------------- Enterprise start -------------------->\n app.addHandler(async () => {\n const usingAdvancedVpcParams =\n vpcExtensionsConfig && typeof vpcExtensionsConfig !== \"boolean\";\n\n const featureFlags = await sdk.getFeatureFlags();\n if (featureFlags.isFileManagerThreatDetectionEnabled()) {\n configureS3BucketMalwareProtection(app as CorePulumiApp);\n }\n\n // Not using advanced VPC params? Then immediately exit.\n if (!usingAdvancedVpcParams) {\n return;\n }\n\n const { resources, addResource, onResource } = app as CorePulumiApp;\n const { useExistingVpc, useVpcEndpoints } = vpcExtensionsConfig;\n\n // 1. We first deal with \"existing VPC\" setup.\n if (useExistingVpc) {\n if (\"useVpcEndpoints\" in vpcExtensionsConfig) {\n throw new Error(\n \"Cannot specify `useVpcEndpoints` parameter when using an existing VPC. The VPC endpoints configurations should be already defined within the existing VPC.\"\n );\n }\n\n if (opensearchExtensionConfig) {\n if (!useExistingVpc.openSearchDomainVpcConfig) {\n throw new Error(\n \"Cannot specify `useExistingVpc` parameter because the `openSearchDomainVpcConfig` parameter wasn't provided.\"\n );\n }\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.opensearch.Domain)) {\n resource.config.vpcOptions(\n useExistingVpc!.openSearchDomainVpcConfig\n );\n }\n });\n }\n\n if (!useExistingVpc.lambdaFunctionsVpcConfig) {\n throw new Error(\n \"Cannot specify `useExistingVpc` parameter because the `lambdaFunctionsVpcConfig` parameter wasn't provided.\"\n );\n }\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.lambda.Function)) {\n const canUseVpc = resource.meta.canUseVpc !== false;\n if (canUseVpc) {\n resource.config.vpcConfig(useExistingVpc!.lambdaFunctionsVpcConfig);\n }\n }\n\n if (isResourceOfType(resource, aws.iam.Role)) {\n if (resource.meta.isLambdaFunctionRole) {\n addResource(aws.iam.RolePolicyAttachment, {\n name: `${resource.name}-vpc-access-execution-role`,\n config: {\n role: resource.output.name,\n policyArn:\n aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n }\n });\n }\n }\n });\n\n return;\n }\n\n // 2. Now we deal with \"non-existing VPC\" setup.\n if (useVpcEndpoints) {\n const region = getAwsRegion(app);\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.ec2.Vpc)) {\n resource.config.enableDnsSupport(true);\n resource.config.enableDnsHostnames(true);\n }\n });\n\n const { vpc, subnets, routeTables } = resources.vpc!;\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-s3-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: pulumi.interpolate`com.amazonaws.${region}.s3`,\n routeTableIds: [routeTables.privateSubnets.output.id]\n }\n });\n\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-dynamodb-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: pulumi.interpolate`com.amazonaws.${region}.dynamodb`,\n routeTableIds: [routeTables.privateSubnets.output.id]\n }\n });\n\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-sqs-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: pulumi.interpolate`com.amazonaws.${region}.sqs`,\n vpcEndpointType: \"Interface\",\n privateDnsEnabled: true,\n securityGroupIds: [vpc.output.defaultSecurityGroupId],\n subnetIds: subnets.private.map(subNet => subNet.output.id)\n }\n });\n\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-events-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: pulumi.interpolate`com.amazonaws.${region}.events`,\n vpcEndpointType: \"Interface\",\n privateDnsEnabled: true,\n securityGroupIds: [vpc.output.defaultSecurityGroupId],\n subnetIds: subnets.private.map(subNet => subNet.output.id)\n }\n });\n }\n });\n // <-------------------- Enterprise end -------------------->\n\n // Overrides must be applied via a handler, registered at the very start of the program.\n // By doing this, we're ensuring user's adjustments are not applied to late.\n const pulumiHandlers = sdk.getContainer().resolve(CorePulumi);\n\n app.addHandler(() => {\n return pulumiHandlers.execute(app as unknown as CorePulumiApp);\n });\n\n const isProduction = app.env.isProduction;\n const protect = isProduction;\n\n // Setup DynamoDB table\n const dynamoDbTable = app.addModule(CoreDynamo, { protect });\n const auditLogsDynamoDbTable = app.addModule(CoreAuditLogsDynamo, { protect });\n\n // Setup VPC\n const vpcEnabled =\n vpcExtensionsConfig === true ||\n typeof vpcExtensionsConfig === \"object\" ||\n isProduction;\n\n const vpc = vpcEnabled ? app.addModule(CoreVpc) : null;\n\n // Setup Cognito\n const cognito = app.addModule(CoreCognito, {\n protect,\n useEmailAsUsername: false\n });\n\n // Setup event bus\n const eventBus = app.addModule(CoreEventBus);\n\n // Setup file core bucket\n const { bucket: fileManagerBucket } = app.addModule(CoreFileManger, { protect });\n\n let opensearch;\n if (searchEngineType === \"opensearch\") {\n opensearch = app.addModule(OpenSearch, { protect });\n }\n\n app.addModule(WatchCommand, { deploymentId: deploymentId.hex });\n\n app.addOutputs({\n deploymentId: deploymentId.hex,\n region: aws.config.region,\n fileManagerBucketId: fileManagerBucket.output.id,\n primaryDynamodbTableArn: dynamoDbTable.output.arn,\n primaryDynamodbTableName: dynamoDbTable.output.name,\n primaryDynamodbTableHashKey: dynamoDbTable.output.hashKey,\n primaryDynamodbTableRangeKey: dynamoDbTable.output.rangeKey,\n auditLogsDynamodbTableArn: auditLogsDynamoDbTable.output.arn,\n auditLogsDynamodbTableName: auditLogsDynamoDbTable.output.name,\n auditLogsDynamodbTableHashKey: auditLogsDynamoDbTable.output.hashKey,\n auditLogsDynamodbTableRangeKey: auditLogsDynamoDbTable.output.rangeKey,\n cognitoUserPoolId: cognito.userPool.output.id,\n cognitoUserPoolArn: cognito.userPool.output.arn,\n cognitoUserPoolPasswordPolicy: cognito.userPool.output.passwordPolicy,\n cognitoAppClientId: cognito.userPoolClient.output.id,\n eventBusName: eventBus.output.name,\n eventBusArn: eventBus.output.arn\n });\n\n // Applies internal and user-defined AWS tags.\n await applyAwsResourceTags(\"core\");\n\n return {\n dynamoDbTable,\n vpc,\n ...cognito,\n fileManagerBucket,\n eventBus,\n opensearch\n };\n }\n });\n\n const app = withServiceManifest(baseApp, manifests => {\n const dynamoTable = baseApp.resources.dynamoDbTable;\n\n const table: TableDefinition = {\n tableName: dynamoTable.output.name,\n hashKey: dynamoTable.output.hashKey,\n rangeKey: dynamoTable.output.rangeKey\n };\n\n manifests.forEach(manifest => addServiceManifestTableItem(baseApp, table, manifest));\n });\n\n app.addHandler(() => {\n app.addServiceManifest({\n name: \"core\",\n manifest: {\n eventBus: {\n arn: baseApp.resources.eventBus.output.arn,\n name: baseApp.resources.eventBus.output.name\n },\n dynamodbTable: {\n arn: baseApp.resources.dynamoDbTable.output.arn,\n name: baseApp.resources.dynamoDbTable.output.name,\n hashKey: baseApp.resources.dynamoDbTable.output.hashKey,\n rangeKey: baseApp.resources.dynamoDbTable.output.rangeKey\n }\n }\n });\n });\n\n return app;\n}\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAClC,SAASC,eAAe,EAAEC,gBAAgB,QAAQ,gBAAgB;AAClE,SAASC,WAAW;AACpB,SAASC,UAAU;AACnB,SAASC,UAAU;AACnB,SAASC,YAAY;AACrB,SAASC,cAAc;AACvB,SAASC,OAAO;AAChB,SAASC,YAAY;AACrB,SAASC,mBAAmB;AAC5B,SACIC,2BAA2B;AAG/B,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AAExC,SAASC,aAAa,QAAQ,iBAAiB;AAC/C,SAASC,UAAU,QAAQ,uCAAuC;AAClE,SAASC,wBAAwB;AACjC,SAASC,yBAAyB;AAClC,SAASC,oBAAoB,EAAEC,YAAY;AAC3C,SAASC,kCAAkC;AAC3C,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,SAASC,mBAAmB;AAI5B,OAAO,SAASC,mBAAmBA,CAAA,EAAG;EAClC,MAAMC,OAAO,GAAGtB,eAAe,CAAC;IAC5BuB,IAAI,EAAE,MAAM;IACZC,IAAI,EAAE,WAAW;IACjBC,OAAO,EAAE,MAAMC,GAAG,IAAI;MAClB,MAAMC,GAAG,GAAG,MAAMf,aAAa,CAAC,CAAC;MACjC,MAAMgB,aAAa,GAAG,MAAMD,GAAG,CAACE,gBAAgB,CAAC,CAAC;MAElD,MAAMC,wBAAwB,GAAG,MAAMH,GAAG,CAACI,2BAA2B,CAAC,CAAC;MACxE,MAAMC,mBAAmB,GAAGjB,yBAAyB,CAACa,aAAa,CAAC;MACpE,MAAMK,yBAAyB,GAAGnB,wBAAwB,CAACc,aAAa,CAAC;MAEzE,MAAMM,YAAY,GAAG,IAAIvB,MAAM,CAACwB,QAAQ,CAAC,cAAc,EAAE;QAAEC,UAAU,EAAE;MAAE,CAAC,CAAC;MAE3E,IAAIC,gBAAqC,GAAG,IAAI;MAChD,IAAIC,kBAA2D,GAAG,IAAI;MAEtE,IAAIL,yBAAyB,EAAE;QAC3BK,kBAAkB,GAAGL,yBAAyB;QAC9CI,gBAAgB,GAAG,YAAY;MACnC;MAEA,IAAIC,kBAAkB,EAAE;QACpB,MAAMC,MAAM,GAAGD,kBAAkB;QACjC,IAAI,OAAOC,MAAM,KAAK,QAAQ,EAAE;UAC5B,IAAIA,MAAM,CAACC,QAAQ,EAAE;YACjBC,OAAO,CAACC,GAAG,CAACC,mBAAmB,GAAGJ,MAAM,CAACC,QAAQ;UACrD;UAEA,IAAID,MAAM,CAACK,UAAU,EAAE;YACnBH,OAAO,CAACC,GAAG,CAACG,kBAAkB,GAAGN,MAAM,CAACK,UAAU;UACtD;UAEA,IAAIL,MAAM,CAACO,WAAW,EAAE;YACpBL,OAAO,CAACC,GAAG,CAACK,uBAAuB,GAAGR,MAAM,CAACO,WAAW;UAC5D;UAEA,IAAIP,MAAM,CAACS,aAAa,EAAE;YACtBP,OAAO,CAACC,GAAG,CAACO,yBAAyB,GAAG,MAAM;UAClD;UAEA,IAAIV,MAAM,CAACW,QAAQ,EAAE;YACjBT,OAAO,CAACC,GAAG,CAACS,mBAAmB,GAAGZ,MAAM,CAACW,QAAQ;UACrD;UAEA,IAAIX,MAAM,CAACa,QAAQ,EAAE;YACjBX,OAAO,CAACC,GAAG,CAACW,mBAAmB,GAAGd,MAAM,CAACa,QAAQ;UACrD;QACJ;MACJ;MAEA,IAAItB,wBAAwB,EAAE;QAC1BJ,GAAG,CAAC4B,UAAU,CAACC,QAAQ,IAAI;UACvB,IAAI,CAACA,QAAQ,CAAChC,IAAI,CAACiC,UAAU,CAAC1B,wBAAwB,CAAC,EAAE;YACrDyB,QAAQ,CAAChC,IAAI,GAAG,GAAGO,wBAAwB,GAAGyB,QAAQ,CAAChC,IAAI,EAAE;UACjE;QACJ,CAAC,CAAC;MACN;;MAEA;MACAG,GAAG,CAAC+B,UAAU,CAAC,YAAY;QACvB,MAAMC,sBAAsB,GACxB1B,mBAAmB,IAAI,OAAOA,mBAAmB,KAAK,SAAS;QAEnE,MAAM2B,YAAY,GAAG,MAAMhC,GAAG,CAACiC,eAAe,CAAC,CAAC;QAChD,IAAID,YAAY,CAACE,mCAAmC,CAAC,CAAC,EAAE;UACpD3C,kCAAkC,CAACQ,GAAoB,CAAC;QAC5D;;QAEA;QACA,IAAI,CAACgC,sBAAsB,EAAE;UACzB;QACJ;QAEA,MAAM;UAAEI,SAAS;UAAEC,WAAW;UAAET;QAAW,CAAC,GAAG5B,GAAoB;QACnE,MAAM;UAAEsC,cAAc;UAAEC;QAAgB,CAAC,GAAGjC,mBAAmB;;QAE/D;QACA,IAAIgC,cAAc,EAAE;UAChB,IAAI,iBAAiB,IAAIhC,mBAAmB,EAAE;YAC1C,MAAM,IAAIkC,KAAK,CACX,4JACJ,CAAC;UACL;UAEA,IAAIjC,yBAAyB,EAAE;YAC3B,IAAI,CAAC+B,cAAc,CAACG,yBAAyB,EAAE;cAC3C,MAAM,IAAID,KAAK,CACX,8GACJ,CAAC;YACL;YAEAZ,UAAU,CAACC,QAAQ,IAAI;cACnB,IAAItD,gBAAgB,CAACsD,QAAQ,EAAExD,GAAG,CAACqE,UAAU,CAACC,MAAM,CAAC,EAAE;gBACnDd,QAAQ,CAACe,MAAM,CAACC,UAAU,CACtBP,cAAc,CAAEG,yBACpB,CAAC;cACL;YACJ,CAAC,CAAC;UACN;UAEA,IAAI,CAACH,cAAc,CAACQ,wBAAwB,EAAE;YAC1C,MAAM,IAAIN,KAAK,CACX,6GACJ,CAAC;UACL;UAEAZ,UAAU,CAACC,QAAQ,IAAI;YACnB,IAAItD,gBAAgB,CAACsD,QAAQ,EAAExD,GAAG,CAAC0E,MAAM,CAACC,QAAQ,CAAC,EAAE;cACjD,MAAMC,SAAS,GAAGpB,QAAQ,CAACqB,IAAI,CAACD,SAAS,KAAK,KAAK;cACnD,IAAIA,SAAS,EAAE;gBACXpB,QAAQ,CAACe,MAAM,CAACO,SAAS,CAACb,cAAc,CAAEQ,wBAAwB,CAAC;cACvE;YACJ;YAEA,IAAIvE,gBAAgB,CAACsD,QAAQ,EAAExD,GAAG,CAAC+E,GAAG,CAACC,IAAI,CAAC,EAAE;cAC1C,IAAIxB,QAAQ,CAACqB,IAAI,CAACI,oBAAoB,EAAE;gBACpCjB,WAAW,CAAChE,GAAG,CAAC+E,GAAG,CAACG,oBAAoB,EAAE;kBACtC1D,IAAI,EAAE,GAAGgC,QAAQ,CAAChC,IAAI,4BAA4B;kBAClD+C,MAAM,EAAE;oBACJY,IAAI,EAAE3B,QAAQ,CAAC4B,MAAM,CAAC5D,IAAI;oBAC1B6D,SAAS,EACLrF,GAAG,CAAC+E,GAAG,CAACO,aAAa,CAACC;kBAC9B;gBACJ,CAAC,CAAC;cACN;YACJ;UACJ,CAAC,CAAC;UAEF;QACJ;;QAEA;QACA,IAAIrB,eAAe,EAAE;UACjB,MAAMsB,MAAM,GAAGtE,YAAY,CAACS,GAAG,CAAC;UAEhC4B,UAAU,CAACC,QAAQ,IAAI;YACnB,IAAItD,gBAAgB,CAACsD,QAAQ,EAAExD,GAAG,CAACyF,GAAG,CAACC,GAAG,CAAC,EAAE;cACzClC,QAAQ,CAACe,MAAM,CAACoB,gBAAgB,CAAC,IAAI,CAAC;cACtCnC,QAAQ,CAACe,MAAM,CAACqB,kBAAkB,CAAC,IAAI,CAAC;YAC5C;UACJ,CAAC,CAAC;UAEF,MAAM;YAAEC,GAAG;YAAEC,OAAO;YAAEC;UAAY,CAAC,GAAGhC,SAAS,CAAC8B,GAAI;UACpD7B,WAAW,CAAChE,GAAG,CAACyF,GAAG,CAACO,WAAW,EAAE;YAC7BxE,IAAI,EAAE,qBAAqB;YAC3B+C,MAAM,EAAE;cACJ0B,KAAK,EAAEJ,GAAG,CAACT,MAAM,CAACc,EAAE;cACpBC,WAAW,EAAE/E,MAAM,CAACgF,WAAW,iBAAiBZ,MAAM,KAAK;cAC3Da,aAAa,EAAE,CAACN,WAAW,CAACO,cAAc,CAAClB,MAAM,CAACc,EAAE;YACxD;UACJ,CAAC,CAAC;UAEFlC,WAAW,CAAChE,GAAG,CAACyF,GAAG,CAACO,WAAW,EAAE;YAC7BxE,IAAI,EAAE,2BAA2B;YACjC+C,MAAM,EAAE;cACJ0B,KAAK,EAAEJ,GAAG,CAACT,MAAM,CAACc,EAAE;cACpBC,WAAW,EAAE/E,MAAM,CAACgF,WAAW,iBAAiBZ,MAAM,WAAW;cACjEa,aAAa,EAAE,CAACN,WAAW,CAACO,cAAc,CAAClB,MAAM,CAACc,EAAE;YACxD;UACJ,CAAC,CAAC;UAEFlC,WAAW,CAAChE,GAAG,CAACyF,GAAG,CAACO,WAAW,EAAE;YAC7BxE,IAAI,EAAE,sBAAsB;YAC5B+C,MAAM,EAAE;cACJ0B,KAAK,EAAEJ,GAAG,CAACT,MAAM,CAACc,EAAE;cACpBC,WAAW,EAAE/E,MAAM,CAACgF,WAAW,iBAAiBZ,MAAM,MAAM;cAC5De,eAAe,EAAE,WAAW;cAC5BC,iBAAiB,EAAE,IAAI;cACvBC,gBAAgB,EAAE,CAACZ,GAAG,CAACT,MAAM,CAACsB,sBAAsB,CAAC;cACrDC,SAAS,EAAEb,OAAO,CAACc,OAAO,CAACC,GAAG,CAACC,MAAM,IAAIA,MAAM,CAAC1B,MAAM,CAACc,EAAE;YAC7D;UACJ,CAAC,CAAC;UAEFlC,WAAW,CAAChE,GAAG,CAACyF,GAAG,CAACO,WAAW,EAAE;YAC7BxE,IAAI,EAAE,yBAAyB;YAC/B+C,MAAM,EAAE;cACJ0B,KAAK,EAAEJ,GAAG,CAACT,MAAM,CAACc,EAAE;cACpBC,WAAW,EAAE/E,MAAM,CAACgF,WAAW,iBAAiBZ,MAAM,SAAS;cAC/De,eAAe,EAAE,WAAW;cAC5BC,iBAAiB,EAAE,IAAI;cACvBC,gBAAgB,EAAE,CAACZ,GAAG,CAACT,MAAM,CAACsB,sBAAsB,CAAC;cACrDC,SAAS,EAAEb,OAAO,CAACc,OAAO,CAACC,GAAG,CAACC,MAAM,IAAIA,MAAM,CAAC1B,MAAM,CAACc,EAAE;YAC7D;UACJ,CAAC,CAAC;QACN;MACJ,CAAC,CAAC;MACF;;MAEA;MACA;MACA,MAAMa,cAAc,GAAGnF,GAAG,CAACoF,YAAY,CAAC,CAAC,CAACC,OAAO,CAACnG,UAAU,CAAC;MAE7Da,GAAG,CAAC+B,UAAU,CAAC,MAAM;QACjB,OAAOqD,cAAc,CAACG,OAAO,CAACvF,GAA+B,CAAC;MAClE,CAAC,CAAC;MAEF,MAAMwF,YAAY,GAAGxF,GAAG,CAACgB,GAAG,CAACwE,YAAY;MACzC,MAAMC,OAAO,GAAGD,YAAY;;MAE5B;MACA,MAAME,aAAa,GAAG1F,GAAG,CAAC2F,SAAS,CAAClH,UAAU,EAAE;QAAEgH;MAAQ,CAAC,CAAC;MAC5D,MAAMG,sBAAsB,GAAG5F,GAAG,CAAC2F,SAAS,CAACjG,mBAAmB,EAAE;QAAE+F;MAAQ,CAAC,CAAC;;MAE9E;MACA,MAAMI,UAAU,GACZvF,mBAAmB,KAAK,IAAI,IAC5B,OAAOA,mBAAmB,KAAK,QAAQ,IACvCkF,YAAY;MAEhB,MAAMtB,GAAG,GAAG2B,UAAU,GAAG7F,GAAG,CAAC2F,SAAS,CAAC9G,OAAO,CAAC,GAAG,IAAI;;MAEtD;MACA,MAAMiH,OAAO,GAAG9F,GAAG,CAAC2F,SAAS,CAACnH,WAAW,EAAE;QACvCiH,OAAO;QACPM,kBAAkB,EAAE;MACxB,CAAC,CAAC;;MAEF;MACA,MAAMC,QAAQ,GAAGhG,GAAG,CAAC2F,SAAS,CAAChH,YAAY,CAAC;;MAE5C;MACA,MAAM;QAAEsH,MAAM,EAAEC;MAAkB,CAAC,GAAGlG,GAAG,CAAC2F,SAAS,CAAC/G,cAAc,EAAE;QAAE6G;MAAQ,CAAC,CAAC;MAEhF,IAAI/C,UAAU;MACd,IAAI/B,gBAAgB,KAAK,YAAY,EAAE;QACnC+B,UAAU,GAAG1C,GAAG,CAAC2F,SAAS,CAACjH,UAAU,EAAE;UAAE+G;QAAQ,CAAC,CAAC;MACvD;MAEAzF,GAAG,CAAC2F,SAAS,CAAC7G,YAAY,EAAE;QAAE0B,YAAY,EAAEA,YAAY,CAAC2F;MAAI,CAAC,CAAC;MAE/DnG,GAAG,CAACoG,UAAU,CAAC;QACX5F,YAAY,EAAEA,YAAY,CAAC2F,GAAG;QAC9BtC,MAAM,EAAExF,GAAG,CAACuE,MAAM,CAACiB,MAAM;QACzBwC,mBAAmB,EAAEH,iBAAiB,CAACzC,MAAM,CAACc,EAAE;QAChD+B,uBAAuB,EAAEZ,aAAa,CAACjC,MAAM,CAAC8C,GAAG;QACjDC,wBAAwB,EAAEd,aAAa,CAACjC,MAAM,CAAC5D,IAAI;QACnD4G,2BAA2B,EAAEf,aAAa,CAACjC,MAAM,CAACiD,OAAO;QACzDC,4BAA4B,EAAEjB,aAAa,CAACjC,MAAM,CAACmD,QAAQ;QAC3DC,yBAAyB,EAAEjB,sBAAsB,CAACnC,MAAM,CAAC8C,GAAG;QAC5DO,0BAA0B,EAAElB,sBAAsB,CAACnC,MAAM,CAAC5D,IAAI;QAC9DkH,6BAA6B,EAAEnB,sBAAsB,CAACnC,MAAM,CAACiD,OAAO;QACpEM,8BAA8B,EAAEpB,sBAAsB,CAACnC,MAAM,CAACmD,QAAQ;QACtEK,iBAAiB,EAAEnB,OAAO,CAACoB,QAAQ,CAACzD,MAAM,CAACc,EAAE;QAC7C4C,kBAAkB,EAAErB,OAAO,CAACoB,QAAQ,CAACzD,MAAM,CAAC8C,GAAG;QAC/Ca,6BAA6B,EAAEtB,OAAO,CAACoB,QAAQ,CAACzD,MAAM,CAAC4D,cAAc;QACrEC,kBAAkB,EAAExB,OAAO,CAACyB,cAAc,CAAC9D,MAAM,CAACc,EAAE;QACpDiD,YAAY,EAAExB,QAAQ,CAACvC,MAAM,CAAC5D,IAAI;QAClC4H,WAAW,EAAEzB,QAAQ,CAACvC,MAAM,CAAC8C;MACjC,CAAC,CAAC;;MAEF;MACA,MAAMjH,oBAAoB,CAAC,MAAM,CAAC;MAElC,OAAO;QACHoG,aAAa;QACbxB,GAAG;QACH,GAAG4B,OAAO;QACVI,iBAAiB;QACjBF,QAAQ;QACRtD;MACJ,CAAC;IACL;EACJ,CAAC,CAAC;EAEF,MAAM1C,GAAG,GAAGjB,mBAAmB,CAACa,OAAO,EAAE8H,SAAS,IAAI;IAClD,MAAMC,WAAW,GAAG/H,OAAO,CAACwC,SAAS,CAACsD,aAAa;IAEnD,MAAMkC,KAAsB,GAAG;MAC3BC,SAAS,EAAEF,WAAW,CAAClE,MAAM,CAAC5D,IAAI;MAClC6G,OAAO,EAAEiB,WAAW,CAAClE,MAAM,CAACiD,OAAO;MACnCE,QAAQ,EAAEe,WAAW,CAAClE,MAAM,CAACmD;IACjC,CAAC;IAEDc,SAAS,CAACI,OAAO,CAACC,QAAQ,IAAI/I,2BAA2B,CAACY,OAAO,EAAEgI,KAAK,EAAEG,QAAQ,CAAC,CAAC;EACxF,CAAC,CAAC;EAEF/H,GAAG,CAAC+B,UAAU,CAAC,MAAM;IACjB/B,GAAG,CAACgI,kBAAkB,CAAC;MACnBnI,IAAI,EAAE,MAAM;MACZkI,QAAQ,EAAE;QACN/B,QAAQ,EAAE;UACNO,GAAG,EAAE3G,OAAO,CAACwC,SAAS,CAAC4D,QAAQ,CAACvC,MAAM,CAAC8C,GAAG;UAC1C1G,IAAI,EAAED,OAAO,CAACwC,SAAS,CAAC4D,QAAQ,CAACvC,MAAM,CAAC5D;QAC5C,CAAC;QACDoI,aAAa,EAAE;UACX1B,GAAG,EAAE3G,OAAO,CAACwC,SAAS,CAACsD,aAAa,CAACjC,MAAM,CAAC8C,GAAG;UAC/C1G,IAAI,EAAED,OAAO,CAACwC,SAAS,CAACsD,aAAa,CAACjC,MAAM,CAAC5D,IAAI;UACjD6G,OAAO,EAAE9G,OAAO,CAACwC,SAAS,CAACsD,aAAa,CAACjC,MAAM,CAACiD,OAAO;UACvDE,QAAQ,EAAEhH,OAAO,CAACwC,SAAS,CAACsD,aAAa,CAACjC,MAAM,CAACmD;QACrD;MACJ;IACJ,CAAC,CAAC;EACN,CAAC,CAAC;EAEF,OAAO5G,GAAG;AACd","ignoreList":[]}
package/pulumi/apps/extensions/getBgDeploymentsConfigFromExtension.d.ts CHANGED
@@ -7,8 +7,6 @@ export declare const getBgDeploymentsConfigFromExtension: (projectConfig: IProje
7
7
  domains: {
8
8
  api: import("../blueGreen/types").NonEmptyArray<string>;
9
9
  admin: import("../blueGreen/types").NonEmptyArray<string>;
10
- website: import("../blueGreen/types").NonEmptyArray<string>;
11
- preview: import("../blueGreen/types").NonEmptyArray<string>;
12
10
  };
13
11
  };
14
12
  deployments: [{
package/pulumi/apps/extensions/getOsConfigFromExtension.d.ts CHANGED
@@ -4,4 +4,7 @@ export declare const getOsConfigFromExtension: (projectConfig: IProjectConfigMod
4
4
  domainName?: string | undefined;
5
5
  indexPrefix?: string | undefined;
6
6
  sharedIndexes?: boolean | undefined;
7
+ endpoint?: string | undefined;
8
+ username?: string | undefined;
9
+ password?: string | undefined;
7
10
  }, "enabled"> | undefined;