@webiny/project-aws 6.3.0-beta.2 → 6.3.0-beta.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (118) hide show
  1. package/_templates/appTemplates/admin/webiny.application.ts +1 -1
  2. package/_templates/appTemplates/api/graphql/src/extensions.ts +1 -1
  3. package/_templates/appTemplates/api/graphql/src/index.ts +2 -2
  4. package/_templates/appTemplates/api/webiny.application.ts +1 -1
  5. package/_templates/appTemplates/blueGreen/webiny.application.ts +1 -1
  6. package/_templates/appTemplates/core/webiny.application.ts +1 -1
  7. package/_templates/appTemplates/syncSystem/webiny.application.ts +1 -1
  8. package/_templates/extensions/OpenSearch/api/graphql/src/index.ts +3 -3
  9. package/abstractions/features/pulumi/AdminPulumi.d.ts +9 -0
  10. package/abstractions/features/pulumi/AdminPulumi.js +4 -0
  11. package/abstractions/features/pulumi/AdminPulumi.js.map +1 -0
  12. package/abstractions/features/pulumi/ApiPulumi.d.ts +9 -0
  13. package/abstractions/features/pulumi/ApiPulumi.js +4 -0
  14. package/abstractions/features/pulumi/ApiPulumi.js.map +1 -0
  15. package/abstractions/features/pulumi/CorePulumi.d.ts +9 -0
  16. package/abstractions/features/pulumi/CorePulumi.js +4 -0
  17. package/abstractions/features/pulumi/CorePulumi.js.map +1 -0
  18. package/abstractions/features/pulumi/index.d.ts +3 -0
  19. package/abstractions/features/pulumi/index.js +5 -0
  20. package/abstractions/features/pulumi/index.js.map +1 -0
  21. package/abstractions/index.d.ts +1 -0
  22. package/abstractions/index.js +1 -0
  23. package/abstractions/index.js.map +1 -1
  24. package/api.d.ts +19 -4
  25. package/api.js +8 -0
  26. package/api.js.map +1 -1
  27. package/exports/infra/admin.d.ts +1 -0
  28. package/exports/infra/admin.js +1 -0
  29. package/exports/infra/admin.js.map +1 -1
  30. package/exports/infra/api.d.ts +1 -0
  31. package/exports/infra/api.js +1 -0
  32. package/exports/infra/api.js.map +1 -1
  33. package/exports/infra/core.d.ts +1 -0
  34. package/exports/infra/core.js +1 -0
  35. package/exports/infra/core.js.map +1 -1
  36. package/extensions/ApiLambdaFunction.d.ts +1 -1
  37. package/extensions/ApiLambdaFunction.js +2 -2
  38. package/extensions/ApiLambdaFunction.js.map +1 -1
  39. package/extensions/ApiRoute.d.ts +5 -5
  40. package/extensions/ApiRoute.js +2 -2
  41. package/extensions/ApiRoute.js.map +1 -1
  42. package/extensions/Cms/ModelFieldCompression.d.ts +4 -0
  43. package/extensions/Cms/ModelFieldCompression.js +23 -0
  44. package/extensions/Cms/ModelFieldCompression.js.map +1 -0
  45. package/extensions/Mailer/Smtp.d.ts +8 -0
  46. package/extensions/Mailer/Smtp.js +20 -0
  47. package/extensions/Mailer/Smtp.js.map +1 -0
  48. package/extensions/Mailer/Smtp.test.d.ts +1 -0
  49. package/extensions/Mailer/Smtp.test.js +141 -0
  50. package/extensions/Mailer/Smtp.test.js.map +1 -0
  51. package/extensions/Mailer/SmtpParamsSchema.d.ts +9 -0
  52. package/extensions/Mailer/SmtpParamsSchema.js +20 -0
  53. package/extensions/Mailer/SmtpParamsSchema.js.map +1 -0
  54. package/extensions/ProjectAws/SetDatabaseSetupOutput.d.ts +5 -3
  55. package/extensions/ProjectAws/SetDatabaseSetupOutput.js +2 -1
  56. package/extensions/ProjectAws/SetDatabaseSetupOutput.js.map +1 -1
  57. package/extensions/ProjectAws.js +1 -1
  58. package/extensions/ProjectAws.js.map +1 -1
  59. package/extensions/RegisterRoutesPulumi.d.ts +5 -3
  60. package/extensions/RegisterRoutesPulumi.js +2 -1
  61. package/extensions/RegisterRoutesPulumi.js.map +1 -1
  62. package/extensions/definitions.js +2 -1
  63. package/extensions/definitions.js.map +1 -1
  64. package/extensions/index.d.ts +1 -0
  65. package/extensions/index.js +1 -0
  66. package/extensions/index.js.map +1 -1
  67. package/infra.d.ts +9 -0
  68. package/infra.js +8 -3
  69. package/infra.js.map +1 -1
  70. package/package.json +20 -19
  71. package/pulumi/apps/admin/createAdminPulumiApp.js +3 -1
  72. package/pulumi/apps/admin/createAdminPulumiApp.js.map +1 -1
  73. package/pulumi/apps/api/ApiGateway.js +3 -0
  74. package/pulumi/apps/api/ApiGateway.js.map +1 -1
  75. package/pulumi/apps/api/createApiPulumiApp.js +3 -1
  76. package/pulumi/apps/api/createApiPulumiApp.js.map +1 -1
  77. package/pulumi/apps/blueGreen/functions/handler.js +1 -0
  78. package/pulumi/apps/blueGreen/functions/handler.js.map +1 -1
  79. package/pulumi/apps/core/CoreOpenSearch.d.ts +2 -0
  80. package/pulumi/apps/core/CoreOpenSearch.js +18 -4
  81. package/pulumi/apps/core/CoreOpenSearch.js.map +1 -1
  82. package/pulumi/apps/core/createCorePulumiApp.js +16 -2
  83. package/pulumi/apps/core/createCorePulumiApp.js.map +1 -1
  84. package/pulumi/apps/syncSystem/SyncSystemLambda.js +0 -1
  85. package/pulumi/apps/syncSystem/SyncSystemLambda.js.map +1 -1
  86. package/pulumi/extensions/AdminPulumi.d.ts +4 -0
  87. package/pulumi/extensions/AdminPulumi.js +25 -0
  88. package/pulumi/extensions/AdminPulumi.js.map +1 -0
  89. package/pulumi/extensions/ApiPulumi.d.ts +4 -0
  90. package/pulumi/extensions/ApiPulumi.js +25 -0
  91. package/pulumi/extensions/ApiPulumi.js.map +1 -0
  92. package/pulumi/extensions/CorePulumi.d.ts +4 -0
  93. package/pulumi/extensions/CorePulumi.js +25 -0
  94. package/pulumi/extensions/CorePulumi.js.map +1 -0
  95. package/pulumi/extensions/index.d.ts +8 -0
  96. package/pulumi/extensions/index.js +7 -1
  97. package/pulumi/extensions/index.js.map +1 -1
  98. package/pulumi/features/AdminPulumi/AdminPulumi.d.ts +7 -0
  99. package/pulumi/features/AdminPulumi/AdminPulumi.js +21 -0
  100. package/pulumi/features/AdminPulumi/AdminPulumi.js.map +1 -0
  101. package/pulumi/features/AdminPulumi/index.d.ts +1 -0
  102. package/pulumi/features/AdminPulumi/index.js +3 -0
  103. package/pulumi/features/AdminPulumi/index.js.map +1 -0
  104. package/pulumi/features/ApiPulumi/ApiPulumi.d.ts +7 -0
  105. package/pulumi/features/ApiPulumi/ApiPulumi.js +21 -0
  106. package/pulumi/features/ApiPulumi/ApiPulumi.js.map +1 -0
  107. package/pulumi/features/ApiPulumi/index.d.ts +1 -0
  108. package/pulumi/features/ApiPulumi/index.js +3 -0
  109. package/pulumi/features/ApiPulumi/index.js.map +1 -0
  110. package/pulumi/features/CorePulumi/CorePulumi.d.ts +7 -0
  111. package/pulumi/features/CorePulumi/CorePulumi.js +21 -0
  112. package/pulumi/features/CorePulumi/CorePulumi.js.map +1 -0
  113. package/pulumi/features/CorePulumi/index.d.ts +1 -0
  114. package/pulumi/features/CorePulumi/index.js +3 -0
  115. package/pulumi/features/CorePulumi/index.js.map +1 -0
  116. package/pulumi/features/index.d.ts +3 -0
  117. package/pulumi/features/index.js +5 -0
  118. package/pulumi/features/index.js.map +1 -0
package/pulumi/apps/api/ApiGateway.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["aws","createAppModule","ApiGateway","name","config","app","routesConfig","api","addResource","apigatewayv2","Api","protocolType","description","stage","Stage","apiId","output","id","autoDeploy","defaultRouteSettings","throttlingBurstLimit","throttlingRateLimit","routes","Object","keys","addRoute","params","route","createRoute","integration","Integration","integrationType","integrationMethod","method","integrationUri","function","passthroughBehavior","Route","routeKey","path","target","apply","value","permission","lambda","Permission","action","principal","sourceArn","executionArn","arn"],"sources":["ApiGateway.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport type * as pulumi from \"@pulumi/pulumi\";\nimport type { PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\nimport { createAppModule } from \"@webiny/pulumi\";\n\nexport interface ApiRouteParams {\n path: pulumi.Input<string>;\n method: pulumi.Input<string>;\n function: pulumi.Input<string>;\n}\n\nexport type ApiGateway = PulumiAppModule<typeof ApiGateway>;\n\nexport const ApiGateway = createAppModule({\n name: \"ApiGateway\",\n config(app: PulumiApp, routesConfig: Record<string, ApiRouteParams>) {\n const api = app.addResource(aws.apigatewayv2.Api, {\n name: \"api-gateway\",\n config: {\n protocolType: \"HTTP\",\n description: \"Main API gateway\"\n }\n });\n\n const stage = app.addResource(aws.apigatewayv2.Stage, {\n name: \"default\",\n config: {\n apiId: api.output.id,\n autoDeploy: true,\n defaultRouteSettings: {\n // Only enable when debugging. Note that by default, API Gateway does not\n // have the required permissions to write logs to CloudWatch logs. More:\n // https://coady.tech/aws-cloudwatch-logs-arn/\n // loggingLevel: \"INFO\",\n throttlingBurstLimit: 5000,\n throttlingRateLimit: 10000\n }\n }\n });\n\n const routes: Record<string, ReturnType<typeof createRoute>> = {};\n\n for (const name of Object.keys(routesConfig)) {\n addRoute(name, routesConfig[name]);\n }\n\n return {\n api,\n stage,\n routes,\n addRoute\n };\n\n function addRoute(name: string, params: ApiRouteParams) {\n const route = createRoute(app, api.output, name, params);\n routes[name] = route;\n }\n }\n});\n\nfunction createRoute(\n app: PulumiApp,\n api: pulumi.Output<aws.apigatewayv2.Api>,\n name: string,\n params: ApiRouteParams\n) {\n const integration = app.addResource(aws.apigatewayv2.Integration, {\n name: name,\n config: {\n description: \"GraphQL API Integration\",\n apiId: api.id,\n integrationType: \"AWS_PROXY\",\n integrationMethod: params.method,\n integrationUri: params.function,\n passthroughBehavior: \"WHEN_NO_MATCH\"\n }\n });\n\n const route = app.addResource(aws.apigatewayv2.Route, {\n name: name,\n config: {\n apiId: api.id,\n routeKey: `${params.method} ${params.path}`,\n target: integration.output.id.apply(value => `integrations/${value}`)\n }\n });\n\n const permission = app.addResource(aws.lambda.Permission, {\n name: `allow-${name}`,\n config: {\n action: \"lambda:InvokeFunction\",\n function: params.function,\n principal: \"apigateway.amazonaws.com\",\n sourceArn: api.executionArn.apply(arn => `${arn}/*/*${params.path}`)\n }\n });\n\n return {\n integration,\n route,\n permission\n };\n}\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAGlC,SAASC,eAAe,QAAQ,gBAAgB;AAUhD,OAAO,MAAMC,UAAU,GAAGD,eAAe,CAAC;EACtCE,IAAI,EAAE,YAAY;EAClBC,MAAMA,CAACC,GAAc,EAAEC,YAA4C,EAAE;IACjE,MAAMC,GAAG,GAAGF,GAAG,CAACG,WAAW,CAACR,GAAG,CAACS,YAAY,CAACC,GAAG,EAAE;MAC9CP,IAAI,EAAE,aAAa;MACnBC,MAAM,EAAE;QACJO,YAAY,EAAE,MAAM;QACpBC,WAAW,EAAE;MACjB;IACJ,CAAC,CAAC;IAEF,MAAMC,KAAK,GAAGR,GAAG,CAACG,WAAW,CAACR,GAAG,CAACS,YAAY,CAACK,KAAK,EAAE;MAClDX,IAAI,EAAE,SAAS;MACfC,MAAM,EAAE;QACJW,KAAK,EAAER,GAAG,CAACS,MAAM,CAACC,EAAE;QACpBC,UAAU,EAAE,IAAI;QAChBC,oBAAoB,EAAE;UAClB;UACA;UACA;UACA;UACAC,oBAAoB,EAAE,IAAI;UAC1BC,mBAAmB,EAAE;QACzB;MACJ;IACJ,CAAC,CAAC;IAEF,MAAMC,MAAsD,GAAG,CAAC,CAAC;IAEjE,KAAK,MAAMnB,IAAI,IAAIoB,MAAM,CAACC,IAAI,CAAClB,YAAY,CAAC,EAAE;MAC1CmB,QAAQ,CAACtB,IAAI,EAAEG,YAAY,CAACH,IAAI,CAAC,CAAC;IACtC;IAEA,OAAO;MACHI,GAAG;MACHM,KAAK;MACLS,MAAM;MACNG;IACJ,CAAC;IAED,SAASA,QAAQA,CAACtB,IAAY,EAAEuB,MAAsB,EAAE;MACpD,MAAMC,KAAK,GAAGC,WAAW,CAACvB,GAAG,EAAEE,GAAG,CAACS,MAAM,EAAEb,IAAI,EAAEuB,MAAM,CAAC;MACxDJ,MAAM,CAACnB,IAAI,CAAC,GAAGwB,KAAK;IACxB;EACJ;AACJ,CAAC,CAAC;AAEF,SAASC,WAAWA,CAChBvB,GAAc,EACdE,GAAwC,EACxCJ,IAAY,EACZuB,MAAsB,EACxB;EACE,MAAMG,WAAW,GAAGxB,GAAG,CAACG,WAAW,CAACR,GAAG,CAACS,YAAY,CAACqB,WAAW,EAAE;IAC9D3B,IAAI,EAAEA,IAAI;IACVC,MAAM,EAAE;MACJQ,WAAW,EAAE,yBAAyB;MACtCG,KAAK,EAAER,GAAG,CAACU,EAAE;MACbc,eAAe,EAAE,WAAW;MAC5BC,iBAAiB,EAAEN,MAAM,CAACO,MAAM;MAChCC,cAAc,EAAER,MAAM,CAACS,QAAQ;MAC/BC,mBAAmB,EAAE;IACzB;EACJ,CAAC,CAAC;EAEF,MAAMT,KAAK,GAAGtB,GAAG,CAACG,WAAW,CAACR,GAAG,CAACS,YAAY,CAAC4B,KAAK,EAAE;IAClDlC,IAAI,EAAEA,IAAI;IACVC,MAAM,EAAE;MACJW,KAAK,EAAER,GAAG,CAACU,EAAE;MACbqB,QAAQ,EAAE,GAAGZ,MAAM,CAACO,MAAM,IAAIP,MAAM,CAACa,IAAI,EAAE;MAC3CC,MAAM,EAAEX,WAAW,CAACb,MAAM,CAACC,EAAE,CAACwB,KAAK,CAACC,KAAK,IAAI,gBAAgBA,KAAK,EAAE;IACxE;EACJ,CAAC,CAAC;EAEF,MAAMC,UAAU,GAAGtC,GAAG,CAACG,WAAW,CAACR,GAAG,CAAC4C,MAAM,CAACC,UAAU,EAAE;IACtD1C,IAAI,EAAE,SAASA,IAAI,EAAE;IACrBC,MAAM,EAAE;MACJ0C,MAAM,EAAE,uBAAuB;MAC/BX,QAAQ,EAAET,MAAM,CAACS,QAAQ;MACzBY,SAAS,EAAE,0BAA0B;MACrCC,SAAS,EAAEzC,GAAG,CAAC0C,YAAY,CAACR,KAAK,CAACS,GAAG,IAAI,GAAGA,GAAG,OAAOxB,MAAM,CAACa,IAAI,EAAE;IACvE;EACJ,CAAC,CAAC;EAEF,OAAO;IACHV,WAAW;IACXF,KAAK;IACLgB;EACJ,CAAC;AACL","ignoreList":[]}
1
+ {"version":3,"names":["aws","createAppModule","ApiGateway","name","config","app","routesConfig","api","addResource","apigatewayv2","Api","protocolType","description","stage","Stage","apiId","output","id","autoDeploy","defaultRouteSettings","throttlingBurstLimit","throttlingRateLimit","routes","Object","keys","addRoute","params","route","createRoute","integration","Integration","integrationType","integrationMethod","method","integrationUri","function","passthroughBehavior","Route","routeKey","path","target","apply","value","permission","lambda","Permission","action","principal","sourceArn","executionArn","arn"],"sources":["ApiGateway.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport type * as pulumi from \"@pulumi/pulumi\";\nimport type { PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\nimport { createAppModule } from \"@webiny/pulumi\";\n\nexport interface ApiRouteParams {\n path: pulumi.Input<string>;\n method: pulumi.Input<string>;\n function: pulumi.Input<string>;\n}\n\nexport type ApiGateway = PulumiAppModule<typeof ApiGateway>;\n\nexport const ApiGateway = createAppModule({\n name: \"ApiGateway\",\n config(app: PulumiApp, routesConfig: Record<string, ApiRouteParams>) {\n const api = app.addResource(aws.apigatewayv2.Api, {\n name: \"api-gateway\",\n config: {\n protocolType: \"HTTP\",\n description: \"Main API gateway\"\n }\n });\n\n const stage = app.addResource(aws.apigatewayv2.Stage, {\n name: \"default\",\n config: {\n apiId: api.output.id,\n autoDeploy: true,\n defaultRouteSettings: {\n // Only enable when debugging. Note that by default, API Gateway does not\n // have the required permissions to write logs to CloudWatch logs. More:\n // https://coady.tech/aws-cloudwatch-logs-arn/\n // loggingLevel: \"INFO\",\n throttlingBurstLimit: 5000,\n throttlingRateLimit: 10000\n }\n }\n });\n\n const routes: Record<string, ReturnType<typeof createRoute>> = {};\n\n for (const name of Object.keys(routesConfig)) {\n addRoute(name, routesConfig[name]);\n }\n\n return {\n api,\n stage,\n routes,\n addRoute\n };\n\n function addRoute(name: string, params: ApiRouteParams) {\n if (routes[name]) {\n return;\n }\n const route = createRoute(app, api.output, name, params);\n routes[name] = route;\n }\n }\n});\n\nfunction createRoute(\n app: PulumiApp,\n api: pulumi.Output<aws.apigatewayv2.Api>,\n name: string,\n params: ApiRouteParams\n) {\n const integration = app.addResource(aws.apigatewayv2.Integration, {\n name: name,\n config: {\n description: \"GraphQL API Integration\",\n apiId: api.id,\n integrationType: \"AWS_PROXY\",\n integrationMethod: params.method,\n integrationUri: params.function,\n passthroughBehavior: \"WHEN_NO_MATCH\"\n }\n });\n\n const route = app.addResource(aws.apigatewayv2.Route, {\n name: name,\n config: {\n apiId: api.id,\n routeKey: `${params.method} ${params.path}`,\n target: integration.output.id.apply(value => `integrations/${value}`)\n }\n });\n\n const permission = app.addResource(aws.lambda.Permission, {\n name: `allow-${name}`,\n config: {\n action: \"lambda:InvokeFunction\",\n function: params.function,\n principal: \"apigateway.amazonaws.com\",\n sourceArn: api.executionArn.apply(arn => `${arn}/*/*${params.path}`)\n }\n });\n\n return {\n integration,\n route,\n permission\n };\n}\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAGlC,SAASC,eAAe,QAAQ,gBAAgB;AAUhD,OAAO,MAAMC,UAAU,GAAGD,eAAe,CAAC;EACtCE,IAAI,EAAE,YAAY;EAClBC,MAAMA,CAACC,GAAc,EAAEC,YAA4C,EAAE;IACjE,MAAMC,GAAG,GAAGF,GAAG,CAACG,WAAW,CAACR,GAAG,CAACS,YAAY,CAACC,GAAG,EAAE;MAC9CP,IAAI,EAAE,aAAa;MACnBC,MAAM,EAAE;QACJO,YAAY,EAAE,MAAM;QACpBC,WAAW,EAAE;MACjB;IACJ,CAAC,CAAC;IAEF,MAAMC,KAAK,GAAGR,GAAG,CAACG,WAAW,CAACR,GAAG,CAACS,YAAY,CAACK,KAAK,EAAE;MAClDX,IAAI,EAAE,SAAS;MACfC,MAAM,EAAE;QACJW,KAAK,EAAER,GAAG,CAACS,MAAM,CAACC,EAAE;QACpBC,UAAU,EAAE,IAAI;QAChBC,oBAAoB,EAAE;UAClB;UACA;UACA;UACA;UACAC,oBAAoB,EAAE,IAAI;UAC1BC,mBAAmB,EAAE;QACzB;MACJ;IACJ,CAAC,CAAC;IAEF,MAAMC,MAAsD,GAAG,CAAC,CAAC;IAEjE,KAAK,MAAMnB,IAAI,IAAIoB,MAAM,CAACC,IAAI,CAAClB,YAAY,CAAC,EAAE;MAC1CmB,QAAQ,CAACtB,IAAI,EAAEG,YAAY,CAACH,IAAI,CAAC,CAAC;IACtC;IAEA,OAAO;MACHI,GAAG;MACHM,KAAK;MACLS,MAAM;MACNG;IACJ,CAAC;IAED,SAASA,QAAQA,CAACtB,IAAY,EAAEuB,MAAsB,EAAE;MACpD,IAAIJ,MAAM,CAACnB,IAAI,CAAC,EAAE;QACd;MACJ;MACA,MAAMwB,KAAK,GAAGC,WAAW,CAACvB,GAAG,EAAEE,GAAG,CAACS,MAAM,EAAEb,IAAI,EAAEuB,MAAM,CAAC;MACxDJ,MAAM,CAACnB,IAAI,CAAC,GAAGwB,KAAK;IACxB;EACJ;AACJ,CAAC,CAAC;AAEF,SAASC,WAAWA,CAChBvB,GAAc,EACdE,GAAwC,EACxCJ,IAAY,EACZuB,MAAsB,EACxB;EACE,MAAMG,WAAW,GAAGxB,GAAG,CAACG,WAAW,CAACR,GAAG,CAACS,YAAY,CAACqB,WAAW,EAAE;IAC9D3B,IAAI,EAAEA,IAAI;IACVC,MAAM,EAAE;MACJQ,WAAW,EAAE,yBAAyB;MACtCG,KAAK,EAAER,GAAG,CAACU,EAAE;MACbc,eAAe,EAAE,WAAW;MAC5BC,iBAAiB,EAAEN,MAAM,CAACO,MAAM;MAChCC,cAAc,EAAER,MAAM,CAACS,QAAQ;MAC/BC,mBAAmB,EAAE;IACzB;EACJ,CAAC,CAAC;EAEF,MAAMT,KAAK,GAAGtB,GAAG,CAACG,WAAW,CAACR,GAAG,CAACS,YAAY,CAAC4B,KAAK,EAAE;IAClDlC,IAAI,EAAEA,IAAI;IACVC,MAAM,EAAE;MACJW,KAAK,EAAER,GAAG,CAACU,EAAE;MACbqB,QAAQ,EAAE,GAAGZ,MAAM,CAACO,MAAM,IAAIP,MAAM,CAACa,IAAI,EAAE;MAC3CC,MAAM,EAAEX,WAAW,CAACb,MAAM,CAACC,EAAE,CAACwB,KAAK,CAACC,KAAK,IAAI,gBAAgBA,KAAK,EAAE;IACxE;EACJ,CAAC,CAAC;EAEF,MAAMC,UAAU,GAAGtC,GAAG,CAACG,WAAW,CAACR,GAAG,CAAC4C,MAAM,CAACC,UAAU,EAAE;IACtD1C,IAAI,EAAE,SAASA,IAAI,EAAE;IACrBC,MAAM,EAAE;MACJ0C,MAAM,EAAE,uBAAuB;MAC/BX,QAAQ,EAAET,MAAM,CAACS,QAAQ;MACzBY,SAAS,EAAE,0BAA0B;MACrCC,SAAS,EAAEzC,GAAG,CAAC0C,YAAY,CAACR,KAAK,CAACS,GAAG,IAAI,GAAGA,GAAG,OAAOxB,MAAM,CAACa,IAAI,EAAE;IACvE;EACJ,CAAC,CAAC;EAEF,OAAO;IACHV,WAAW;IACXF,KAAK;IACLgB;EACJ,CAAC;AACL","ignoreList":[]}
package/pulumi/apps/api/createApiPulumiApp.js CHANGED
@@ -10,7 +10,8 @@ import { getProjectSdk } from "@webiny/project";
10
10
  import { getVpcConfigFromExtension } from "../extensions/getVpcConfigFromExtension.js";
11
11
  import { getOsConfigFromExtension } from "../extensions/getOsConfigFromExtension.js";
12
12
  import { handleGuardDutyEvents } from "./handleGuardDutyEvents.js";
13
- import { ApiPulumi } from "@webiny/project/abstractions/index.js";
13
+ import { ApiPulumi } from "../../../abstractions/features/pulumi/index.js";
14
+ import { apiPulumi } from "../../features/ApiPulumi/index.js";
14
15
  import { ApiCustomDomains as apiCustomDomainsExt } from "../../extensions/ApiCustomDomains.js";
15
16
  import { applyCustomDomain } from "../customDomain.js";
16
17
  export const createApiPulumiApp = () => {
@@ -107,6 +108,7 @@ export const createApiPulumiApp = () => {
107
108
 
108
109
  // Overrides must be applied via a handler, registered at the very start of the program.
109
110
  // By doing this, we're ensuring user's adjustments are not applied to late.
111
+ sdk.getContainer().registerComposite(apiPulumi);
110
112
  const pulumiHandlers = sdk.getContainer().resolve(ApiPulumi);
111
113
  app.addHandler(() => {
112
114
  return pulumiHandlers.execute(app);
package/pulumi/apps/api/createApiPulumiApp.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["aws","createPulumiApp","isResourceOfType","ApiBackgroundTask","ApiCloudfront","ApiFileManager","ApiGateway","ApiGraphql","ApiWebsocket","CoreOutput","VpcConfig","addDomainsUrlsOutputs","withCommonLambdaEnvVariables","withServiceManifest","getEnvVariableAwsRegion","applyAwsResourceTags","getAwsAccountId","ApiScheduler","getProjectSdk","getVpcConfigFromExtension","getOsConfigFromExtension","handleGuardDutyEvents","ApiPulumi","ApiCustomDomains","apiCustomDomainsExt","applyCustomDomain","createApiPulumiApp","baseApp","name","path","program","app","sdk","projectConfig","getProjectConfig","pulumiResourceNamePrefix","getPulumiResourceNamePrefix","vpcExtensionsConfig","openSearchExtensionConfig","searchEngineParams","params","endpoint","process","env","OPENSEARCH_ENDPOINT","domainName","AWS_OS_DOMAIN_NAME","indexPrefix","OPENSEARCH_INDEX_PREFIX","sharedIndexes","OPENSEARCH_SHARED_INDEXES","username","OPENSEARCH_USERNAME","password","OPENSEARCH_PASSWORD","onResource","resource","startsWith","addHandler","featureFlags","getFeatureFlags","usingAdvancedVpcParams","isFileManagerThreatDetectionEnabled","addResource","useExistingVpc","lambdaFunctionsVpcConfig","Error","lambda","Function","canUseVpc","meta","config","vpcConfig","iam","Role","isLambdaFunctionRole","RolePolicyAttachment","role","output","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","pulumiHandlers","getContainer","resolve","execute","isProduction","core","addModule","vpcEnabled","enabled","graphql","COGNITO_REGION","COGNITO_USER_POOL_ID","cognitoUserPoolId","DB_TABLE","primaryDynamodbTableName","DB_TABLE_AUDIT_LOGS","auditLogsDynamodbTableName","DB_TABLE_OPENSEARCH","opensearchDynamodbTableName","opensearchDomainEndpoint","S3_BUCKET","fileManagerBucketId","EVENT_BUS","eventBusArn","OKTA_ISSUER","websocket","fileManager","apiGateway","method","function","functions","arn","download","cloudfront","backgroundTask","scheduler","apiCustomDomains","extensionsByType","domains","sslMethod","certificateArn","sslSupportMethod","acmCertificateArn","addOutputs","awsAccountId","region","cognitoAppClientId","cognitoUserPoolPasswordPolicy","dynamoDbTable","auditLogsDynamoDbTable","graphqlLambdaName","graphqlLambdaRole","graphqlLambdaRoleName","backgroundTaskLambdaArn","backgroundTaskStepFunctionArn","stepFunction","fileManagerDownloadLambdaArn","websocketApiId","websocketApi","id","websocketApiUrl","schedulerLambdaInvokeRole","invokeRole","dynamoDbOpensearchTable","cloudfrontDistribution","map","distributionDomain","distributionUrl","usedDomain","usedUrl","addServiceManifest","manifest","bgTaskSfn","resources","distributionId","domain","apply","v","lambdaArn","roleArn"],"sources":["createApiPulumiApp.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { createPulumiApp, isResourceOfType, type PulumiApp } from \"@webiny/pulumi\";\nimport {\n ApiBackgroundTask,\n ApiCloudfront,\n ApiFileManager,\n ApiGateway,\n ApiGraphql,\n ApiWebsocket,\n CoreOutput,\n VpcConfig\n} from \"~/pulumi/apps/index.js\";\nimport {\n addDomainsUrlsOutputs,\n withCommonLambdaEnvVariables,\n withServiceManifest\n} from \"~/pulumi/utils/index.js\";\nimport { getEnvVariableAwsRegion } from \"~/pulumi/env/awsRegion.js\";\n// import { attachSyncSystem } from \"../syncSystem/api/index.js\";\nimport { applyAwsResourceTags, getAwsAccountId } from \"~/pulumi/apps/awsUtils.js\";\nimport type { WithServiceManifest } from \"~/pulumi/utils/withServiceManifest.js\";\nimport { ApiScheduler } from \"~/pulumi/apps/api/ApiScheduler.js\";\nimport { getProjectSdk } from \"@webiny/project\";\nimport { getVpcConfigFromExtension } from \"~/pulumi/apps/extensions/getVpcConfigFromExtension.js\";\nimport { getOsConfigFromExtension } from \"~/pulumi/apps/extensions/getOsConfigFromExtension.js\";\nimport { handleGuardDutyEvents } from \"./handleGuardDutyEvents.js\";\nimport { ApiPulumi } from \"@webiny/project/abstractions/index.js\";\nimport { ApiCustomDomains as apiCustomDomainsExt } from \"~/pulumi/extensions/ApiCustomDomains.js\";\nimport { applyCustomDomain } from \"~/pulumi/apps/customDomain.js\";\n\nexport type ApiPulumiApp = ReturnType<typeof createApiPulumiApp>;\n\nexport const createApiPulumiApp = () => {\n const baseApp = createPulumiApp({\n name: \"api\",\n path: \"apps/api\",\n program: async (app: PulumiApp & WithServiceManifest) => {\n const sdk = await getProjectSdk();\n const projectConfig = await sdk.getProjectConfig();\n\n const pulumiResourceNamePrefix = await sdk.getPulumiResourceNamePrefix();\n const vpcExtensionsConfig = getVpcConfigFromExtension(projectConfig);\n const openSearchExtensionConfig = getOsConfigFromExtension(projectConfig);\n\n let searchEngineParams: typeof openSearchExtensionConfig | null = null;\n\n if (openSearchExtensionConfig) {\n searchEngineParams = openSearchExtensionConfig;\n }\n\n if (searchEngineParams) {\n const params = searchEngineParams;\n if (typeof params === \"object\") {\n if (params.endpoint) {\n process.env.OPENSEARCH_ENDPOINT = params.endpoint;\n }\n\n if (params.domainName) {\n process.env.AWS_OS_DOMAIN_NAME = params.domainName;\n }\n\n if (params.indexPrefix) {\n process.env.OPENSEARCH_INDEX_PREFIX = params.indexPrefix;\n }\n\n if (params.sharedIndexes) {\n process.env.OPENSEARCH_SHARED_INDEXES = \"true\";\n }\n\n if (params.username) {\n process.env.OPENSEARCH_USERNAME = params.username;\n }\n\n if (params.password) {\n process.env.OPENSEARCH_PASSWORD = params.password;\n }\n }\n }\n\n if (pulumiResourceNamePrefix) {\n app.onResource(resource => {\n if (!resource.name.startsWith(pulumiResourceNamePrefix)) {\n resource.name = `${pulumiResourceNamePrefix}${resource.name}`;\n }\n });\n }\n\n // <-------------------- Enterprise start -------------------->\n app.addHandler(async () => {\n const featureFlags = await sdk.getFeatureFlags();\n\n const usingAdvancedVpcParams =\n vpcExtensionsConfig && typeof vpcExtensionsConfig !== \"boolean\";\n\n if (featureFlags.isFileManagerThreatDetectionEnabled()) {\n handleGuardDutyEvents(app as ApiPulumiApp);\n }\n\n // Not using advanced VPC params? Then immediately exit.\n if (usingAdvancedVpcParams) {\n const { onResource, addResource } = app;\n const { useExistingVpc } = vpcExtensionsConfig;\n\n // 1. We first deal with \"existing VPC\" setup.\n if (useExistingVpc) {\n if (!useExistingVpc.lambdaFunctionsVpcConfig) {\n throw new Error(\n \"Cannot specify `useExistingVpc` parameter because the `lambdaFunctionsVpcConfig` parameter wasn't provided.\"\n );\n }\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.lambda.Function)) {\n const canUseVpc = resource.meta.canUseVpc !== false;\n if (canUseVpc) {\n resource.config.vpcConfig(\n useExistingVpc!.lambdaFunctionsVpcConfig\n );\n }\n }\n\n if (isResourceOfType(resource, aws.iam.Role)) {\n if (resource.meta.isLambdaFunctionRole) {\n addResource(aws.iam.RolePolicyAttachment, {\n name: `${resource.name}-vpc-access-execution-role`,\n config: {\n role: resource.output.name,\n policyArn:\n aws.iam.ManagedPolicy\n .AWSLambdaVPCAccessExecutionRole\n }\n });\n }\n }\n });\n }\n }\n });\n // <-------------------- Enterprise end -------------------->\n\n // Overrides must be applied via a handler, registered at the very start of the program.\n // By doing this, we're ensuring user's adjustments are not applied to late.\n const pulumiHandlers = sdk.getContainer().resolve(ApiPulumi);\n\n app.addHandler(() => {\n return pulumiHandlers.execute(app as unknown as ApiPulumiApp);\n });\n\n const isProduction = app.env.isProduction;\n\n // Register core output as a module available to all the other modules\n const core = app.addModule(CoreOutput);\n\n // Register VPC config module to be available to other modules.\n const vpcEnabled =\n vpcExtensionsConfig === true ||\n typeof vpcExtensionsConfig === \"object\" ||\n isProduction;\n\n app.addModule(VpcConfig, { enabled: vpcEnabled });\n\n const graphql = app.addModule(ApiGraphql, {\n env: {\n COGNITO_REGION: getEnvVariableAwsRegion(),\n COGNITO_USER_POOL_ID: core.cognitoUserPoolId,\n DB_TABLE: core.primaryDynamodbTableName,\n DB_TABLE_AUDIT_LOGS: core.auditLogsDynamodbTableName,\n DB_TABLE_OPENSEARCH: core.opensearchDynamodbTableName,\n OPENSEARCH_ENDPOINT: core.opensearchDomainEndpoint,\n\n // Not required. Useful for testing purposes / ephemeral environments.\n // https://www.webiny.com/docs/key-topics/ci-cd/testing/slow-ephemeral-environments\n OPENSEARCH_INDEX_PREFIX: process.env.OPENSEARCH_INDEX_PREFIX,\n OPENSEARCH_SHARED_INDEXES: process.env.OPENSEARCH_SHARED_INDEXES,\n OPENSEARCH_USERNAME: process.env.OPENSEARCH_USERNAME,\n OPENSEARCH_PASSWORD: process.env.OPENSEARCH_PASSWORD,\n\n S3_BUCKET: core.fileManagerBucketId,\n EVENT_BUS: core.eventBusArn,\n // TODO: move to okta plugin\n OKTA_ISSUER: process.env[\"OKTA_ISSUER\"]\n }\n });\n\n const websocket = app.addModule(ApiWebsocket);\n\n const fileManager = app.addModule(ApiFileManager, {\n env: {\n DB_TABLE: core.primaryDynamodbTableName,\n DB_TABLE_AUDIT_LOGS: core.auditLogsDynamodbTableName\n }\n });\n\n const apiGateway = app.addModule(ApiGateway, {\n \"graphql-post\": {\n path: \"/graphql\",\n method: \"POST\",\n function: graphql.functions.graphql.output.arn\n },\n \"graphql-options\": {\n path: \"/graphql\",\n method: \"OPTIONS\",\n function: graphql.functions.graphql.output.arn\n },\n \"files-any\": {\n path: \"/files/{path+}\",\n method: \"ANY\",\n function: fileManager.functions.download.output.arn\n },\n \"private-any\": {\n path: \"/private/{path+}\",\n method: \"ANY\",\n function: fileManager.functions.download.output.arn\n },\n \"cms-post\": {\n path: \"/cms/{key+}\",\n method: \"POST\",\n function: graphql.functions.graphql.output.arn\n },\n \"cms-options\": {\n path: \"/cms/{key+}\",\n method: \"OPTIONS\",\n function: graphql.functions.graphql.output.arn\n },\n \"redirects-get\": {\n path: \"/wb/redirects\",\n method: \"GET\",\n function: graphql.functions.graphql.output.arn\n },\n \"redirects-options\": {\n path: \"/wb/redirects\",\n method: \"OPTIONS\",\n function: graphql.functions.graphql.output.arn\n },\n \"files-catch-all\": {\n path: \"/{path+}\",\n method: \"ANY\",\n function: fileManager.functions.download.output.arn\n }\n });\n\n const cloudfront = app.addModule(ApiCloudfront);\n const backgroundTask = app.addModule(ApiBackgroundTask);\n const scheduler = app.addModule(ApiScheduler);\n\n const [apiCustomDomains] = projectConfig.extensionsByType(apiCustomDomainsExt);\n if (apiCustomDomains) {\n const { domains, sslMethod, certificateArn } = apiCustomDomains.params;\n applyCustomDomain(cloudfront, {\n domains,\n sslSupportMethod: sslMethod,\n acmCertificateArn: certificateArn\n });\n }\n\n app.addOutputs({\n awsAccountId: getAwsAccountId(app),\n region: aws.config.region,\n cognitoUserPoolId: core.cognitoUserPoolId,\n cognitoAppClientId: core.cognitoAppClientId,\n cognitoUserPoolPasswordPolicy: core.cognitoUserPoolPasswordPolicy,\n dynamoDbTable: core.primaryDynamodbTableName,\n auditLogsDynamoDbTable: core.auditLogsDynamodbTableName,\n graphqlLambdaName: graphql.functions.graphql.output.name,\n graphqlLambdaRole: graphql.role.output.arn,\n graphqlLambdaRoleName: graphql.role.output.name,\n backgroundTaskLambdaArn: backgroundTask.backgroundTask.output.arn,\n backgroundTaskStepFunctionArn: backgroundTask.stepFunction.output.arn,\n fileManagerDownloadLambdaArn: fileManager.functions.download.output.arn,\n websocketApiId: websocket.websocketApi.output.id,\n websocketApiUrl: websocket.websocketApiUrl,\n schedulerLambdaInvokeRole: scheduler.invokeRole.output.arn\n });\n\n // Only add `dynamoDbOpensearchTable` output if using search engine (ES/OS).\n if (searchEngineParams) {\n app.addOutputs({\n dynamoDbOpensearchTable: core.opensearchDynamodbTableName\n });\n }\n\n app.addHandler(() => {\n addDomainsUrlsOutputs({\n app,\n cloudfrontDistribution: cloudfront,\n map: {\n distributionDomain: \"cloudfrontApiDomain\",\n distributionUrl: \"cloudfrontApiUrl\",\n usedDomain: \"apiDomain\",\n usedUrl: \"apiUrl\"\n }\n });\n });\n // /**\n // * We need to attach the Sync System if it exists.\n // */\n // await attachSyncSystem({\n // app,\n // core,\n // env: app.params.run.env\n // });\n\n // Applies internal and user-defined AWS tags.\n await applyAwsResourceTags(\"api\");\n\n return {\n fileManager,\n graphql,\n apiGateway,\n websocket,\n cloudfront,\n backgroundTask,\n scheduler\n };\n }\n });\n\n const app = withServiceManifest(withCommonLambdaEnvVariables(baseApp));\n\n app.addHandler(() => {\n app.addServiceManifest({\n name: \"api\",\n manifest: {\n bgTaskSfn: baseApp.resources.backgroundTask.stepFunction.output.arn,\n cloudfront: {\n distributionId: baseApp.resources.cloudfront.output.id,\n domain: baseApp.resources.cloudfront.output.domainName.apply(\n v => `https://${v}`\n )\n }\n }\n });\n\n app.addServiceManifest({\n name: \"scheduler\",\n manifest: {\n lambdaArn: baseApp.resources.graphql.functions.graphql.output.arn,\n roleArn: baseApp.resources.scheduler.invokeRole.output.arn\n }\n });\n });\n\n return app;\n};\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAClC,SAASC,eAAe,EAAEC,gBAAgB,QAAwB,gBAAgB;AAClF,SACIC,iBAAiB,EACjBC,aAAa,EACbC,cAAc,EACdC,UAAU,EACVC,UAAU,EACVC,YAAY,EACZC,UAAU,EACVC,SAAS;AAEb,SACIC,qBAAqB,EACrBC,4BAA4B,EAC5BC,mBAAmB;AAEvB,SAASC,uBAAuB;AAChC;AACA,SAASC,oBAAoB,EAAEC,eAAe;AAE9C,SAASC,YAAY;AACrB,SAASC,aAAa,QAAQ,iBAAiB;AAC/C,SAASC,yBAAyB;AAClC,SAASC,wBAAwB;AACjC,SAASC,qBAAqB;AAC9B,SAASC,SAAS,QAAQ,uCAAuC;AACjE,SAASC,gBAAgB,IAAIC,mBAAmB;AAChD,SAASC,iBAAiB;AAI1B,OAAO,MAAMC,kBAAkB,GAAGA,CAAA,KAAM;EACpC,MAAMC,OAAO,GAAG1B,eAAe,CAAC;IAC5B2B,IAAI,EAAE,KAAK;IACXC,IAAI,EAAE,UAAU;IAChBC,OAAO,EAAE,MAAOC,GAAoC,IAAK;MACrD,MAAMC,GAAG,GAAG,MAAMd,aAAa,CAAC,CAAC;MACjC,MAAMe,aAAa,GAAG,MAAMD,GAAG,CAACE,gBAAgB,CAAC,CAAC;MAElD,MAAMC,wBAAwB,GAAG,MAAMH,GAAG,CAACI,2BAA2B,CAAC,CAAC;MACxE,MAAMC,mBAAmB,GAAGlB,yBAAyB,CAACc,aAAa,CAAC;MACpE,MAAMK,yBAAyB,GAAGlB,wBAAwB,CAACa,aAAa,CAAC;MAEzE,IAAIM,kBAA2D,GAAG,IAAI;MAEtE,IAAID,yBAAyB,EAAE;QAC3BC,kBAAkB,GAAGD,yBAAyB;MAClD;MAEA,IAAIC,kBAAkB,EAAE;QACpB,MAAMC,MAAM,GAAGD,kBAAkB;QACjC,IAAI,OAAOC,MAAM,KAAK,QAAQ,EAAE;UAC5B,IAAIA,MAAM,CAACC,QAAQ,EAAE;YACjBC,OAAO,CAACC,GAAG,CAACC,mBAAmB,GAAGJ,MAAM,CAACC,QAAQ;UACrD;UAEA,IAAID,MAAM,CAACK,UAAU,EAAE;YACnBH,OAAO,CAACC,GAAG,CAACG,kBAAkB,GAAGN,MAAM,CAACK,UAAU;UACtD;UAEA,IAAIL,MAAM,CAACO,WAAW,EAAE;YACpBL,OAAO,CAACC,GAAG,CAACK,uBAAuB,GAAGR,MAAM,CAACO,WAAW;UAC5D;UAEA,IAAIP,MAAM,CAACS,aAAa,EAAE;YACtBP,OAAO,CAACC,GAAG,CAACO,yBAAyB,GAAG,MAAM;UAClD;UAEA,IAAIV,MAAM,CAACW,QAAQ,EAAE;YACjBT,OAAO,CAACC,GAAG,CAACS,mBAAmB,GAAGZ,MAAM,CAACW,QAAQ;UACrD;UAEA,IAAIX,MAAM,CAACa,QAAQ,EAAE;YACjBX,OAAO,CAACC,GAAG,CAACW,mBAAmB,GAAGd,MAAM,CAACa,QAAQ;UACrD;QACJ;MACJ;MAEA,IAAIlB,wBAAwB,EAAE;QAC1BJ,GAAG,CAACwB,UAAU,CAACC,QAAQ,IAAI;UACvB,IAAI,CAACA,QAAQ,CAAC5B,IAAI,CAAC6B,UAAU,CAACtB,wBAAwB,CAAC,EAAE;YACrDqB,QAAQ,CAAC5B,IAAI,GAAG,GAAGO,wBAAwB,GAAGqB,QAAQ,CAAC5B,IAAI,EAAE;UACjE;QACJ,CAAC,CAAC;MACN;;MAEA;MACAG,GAAG,CAAC2B,UAAU,CAAC,YAAY;QACvB,MAAMC,YAAY,GAAG,MAAM3B,GAAG,CAAC4B,eAAe,CAAC,CAAC;QAEhD,MAAMC,sBAAsB,GACxBxB,mBAAmB,IAAI,OAAOA,mBAAmB,KAAK,SAAS;QAEnE,IAAIsB,YAAY,CAACG,mCAAmC,CAAC,CAAC,EAAE;UACpDzC,qBAAqB,CAACU,GAAmB,CAAC;QAC9C;;QAEA;QACA,IAAI8B,sBAAsB,EAAE;UACxB,MAAM;YAAEN,UAAU;YAAEQ;UAAY,CAAC,GAAGhC,GAAG;UACvC,MAAM;YAAEiC;UAAe,CAAC,GAAG3B,mBAAmB;;UAE9C;UACA,IAAI2B,cAAc,EAAE;YAChB,IAAI,CAACA,cAAc,CAACC,wBAAwB,EAAE;cAC1C,MAAM,IAAIC,KAAK,CACX,6GACJ,CAAC;YACL;YAEAX,UAAU,CAACC,QAAQ,IAAI;cACnB,IAAItD,gBAAgB,CAACsD,QAAQ,EAAExD,GAAG,CAACmE,MAAM,CAACC,QAAQ,CAAC,EAAE;gBACjD,MAAMC,SAAS,GAAGb,QAAQ,CAACc,IAAI,CAACD,SAAS,KAAK,KAAK;gBACnD,IAAIA,SAAS,EAAE;kBACXb,QAAQ,CAACe,MAAM,CAACC,SAAS,CACrBR,cAAc,CAAEC,wBACpB,CAAC;gBACL;cACJ;cAEA,IAAI/D,gBAAgB,CAACsD,QAAQ,EAAExD,GAAG,CAACyE,GAAG,CAACC,IAAI,CAAC,EAAE;gBAC1C,IAAIlB,QAAQ,CAACc,IAAI,CAACK,oBAAoB,EAAE;kBACpCZ,WAAW,CAAC/D,GAAG,CAACyE,GAAG,CAACG,oBAAoB,EAAE;oBACtChD,IAAI,EAAE,GAAG4B,QAAQ,CAAC5B,IAAI,4BAA4B;oBAClD2C,MAAM,EAAE;sBACJM,IAAI,EAAErB,QAAQ,CAACsB,MAAM,CAAClD,IAAI;sBAC1BmD,SAAS,EACL/E,GAAG,CAACyE,GAAG,CAACO,aAAa,CAChBC;oBACb;kBACJ,CAAC,CAAC;gBACN;cACJ;YACJ,CAAC,CAAC;UACN;QACJ;MACJ,CAAC,CAAC;MACF;;MAEA;MACA;MACA,MAAMC,cAAc,GAAGlD,GAAG,CAACmD,YAAY,CAAC,CAAC,CAACC,OAAO,CAAC9D,SAAS,CAAC;MAE5DS,GAAG,CAAC2B,UAAU,CAAC,MAAM;QACjB,OAAOwB,cAAc,CAACG,OAAO,CAACtD,GAA8B,CAAC;MACjE,CAAC,CAAC;MAEF,MAAMuD,YAAY,GAAGvD,GAAG,CAACY,GAAG,CAAC2C,YAAY;;MAEzC;MACA,MAAMC,IAAI,GAAGxD,GAAG,CAACyD,SAAS,CAAC/E,UAAU,CAAC;;MAEtC;MACA,MAAMgF,UAAU,GACZpD,mBAAmB,KAAK,IAAI,IAC5B,OAAOA,mBAAmB,KAAK,QAAQ,IACvCiD,YAAY;MAEhBvD,GAAG,CAACyD,SAAS,CAAC9E,SAAS,EAAE;QAAEgF,OAAO,EAAED;MAAW,CAAC,CAAC;MAEjD,MAAME,OAAO,GAAG5D,GAAG,CAACyD,SAAS,CAACjF,UAAU,EAAE;QACtCoC,GAAG,EAAE;UACDiD,cAAc,EAAE9E,uBAAuB,CAAC,CAAC;UACzC+E,oBAAoB,EAAEN,IAAI,CAACO,iBAAiB;UAC5CC,QAAQ,EAAER,IAAI,CAACS,wBAAwB;UACvCC,mBAAmB,EAAEV,IAAI,CAACW,0BAA0B;UACpDC,mBAAmB,EAAEZ,IAAI,CAACa,2BAA2B;UACrDxD,mBAAmB,EAAE2C,IAAI,CAACc,wBAAwB;UAElD;UACA;UACArD,uBAAuB,EAAEN,OAAO,CAACC,GAAG,CAACK,uBAAuB;UAC5DE,yBAAyB,EAAER,OAAO,CAACC,GAAG,CAACO,yBAAyB;UAChEE,mBAAmB,EAAEV,OAAO,CAACC,GAAG,CAACS,mBAAmB;UACpDE,mBAAmB,EAAEZ,OAAO,CAACC,GAAG,CAACW,mBAAmB;UAEpDgD,SAAS,EAAEf,IAAI,CAACgB,mBAAmB;UACnCC,SAAS,EAAEjB,IAAI,CAACkB,WAAW;UAC3B;UACAC,WAAW,EAAEhE,OAAO,CAACC,GAAG,CAAC,aAAa;QAC1C;MACJ,CAAC,CAAC;MAEF,MAAMgE,SAAS,GAAG5E,GAAG,CAACyD,SAAS,CAAChF,YAAY,CAAC;MAE7C,MAAMoG,WAAW,GAAG7E,GAAG,CAACyD,SAAS,CAACnF,cAAc,EAAE;QAC9CsC,GAAG,EAAE;UACDoD,QAAQ,EAAER,IAAI,CAACS,wBAAwB;UACvCC,mBAAmB,EAAEV,IAAI,CAACW;QAC9B;MACJ,CAAC,CAAC;MAEF,MAAMW,UAAU,GAAG9E,GAAG,CAACyD,SAAS,CAAClF,UAAU,EAAE;QACzC,cAAc,EAAE;UACZuB,IAAI,EAAE,UAAU;UAChBiF,MAAM,EAAE,MAAM;UACdC,QAAQ,EAAEpB,OAAO,CAACqB,SAAS,CAACrB,OAAO,CAACb,MAAM,CAACmC;QAC/C,CAAC;QACD,iBAAiB,EAAE;UACfpF,IAAI,EAAE,UAAU;UAChBiF,MAAM,EAAE,SAAS;UACjBC,QAAQ,EAAEpB,OAAO,CAACqB,SAAS,CAACrB,OAAO,CAACb,MAAM,CAACmC;QAC/C,CAAC;QACD,WAAW,EAAE;UACTpF,IAAI,EAAE,gBAAgB;UACtBiF,MAAM,EAAE,KAAK;UACbC,QAAQ,EAAEH,WAAW,CAACI,SAAS,CAACE,QAAQ,CAACpC,MAAM,CAACmC;QACpD,CAAC;QACD,aAAa,EAAE;UACXpF,IAAI,EAAE,kBAAkB;UACxBiF,MAAM,EAAE,KAAK;UACbC,QAAQ,EAAEH,WAAW,CAACI,SAAS,CAACE,QAAQ,CAACpC,MAAM,CAACmC;QACpD,CAAC;QACD,UAAU,EAAE;UACRpF,IAAI,EAAE,aAAa;UACnBiF,MAAM,EAAE,MAAM;UACdC,QAAQ,EAAEpB,OAAO,CAACqB,SAAS,CAACrB,OAAO,CAACb,MAAM,CAACmC;QAC/C,CAAC;QACD,aAAa,EAAE;UACXpF,IAAI,EAAE,aAAa;UACnBiF,MAAM,EAAE,SAAS;UACjBC,QAAQ,EAAEpB,OAAO,CAACqB,SAAS,CAACrB,OAAO,CAACb,MAAM,CAACmC;QAC/C,CAAC;QACD,eAAe,EAAE;UACbpF,IAAI,EAAE,eAAe;UACrBiF,MAAM,EAAE,KAAK;UACbC,QAAQ,EAAEpB,OAAO,CAACqB,SAAS,CAACrB,OAAO,CAACb,MAAM,CAACmC;QAC/C,CAAC;QACD,mBAAmB,EAAE;UACjBpF,IAAI,EAAE,eAAe;UACrBiF,MAAM,EAAE,SAAS;UACjBC,QAAQ,EAAEpB,OAAO,CAACqB,SAAS,CAACrB,OAAO,CAACb,MAAM,CAACmC;QAC/C,CAAC;QACD,iBAAiB,EAAE;UACfpF,IAAI,EAAE,UAAU;UAChBiF,MAAM,EAAE,KAAK;UACbC,QAAQ,EAAEH,WAAW,CAACI,SAAS,CAACE,QAAQ,CAACpC,MAAM,CAACmC;QACpD;MACJ,CAAC,CAAC;MAEF,MAAME,UAAU,GAAGpF,GAAG,CAACyD,SAAS,CAACpF,aAAa,CAAC;MAC/C,MAAMgH,cAAc,GAAGrF,GAAG,CAACyD,SAAS,CAACrF,iBAAiB,CAAC;MACvD,MAAMkH,SAAS,GAAGtF,GAAG,CAACyD,SAAS,CAACvE,YAAY,CAAC;MAE7C,MAAM,CAACqG,gBAAgB,CAAC,GAAGrF,aAAa,CAACsF,gBAAgB,CAAC/F,mBAAmB,CAAC;MAC9E,IAAI8F,gBAAgB,EAAE;QAClB,MAAM;UAAEE,OAAO;UAAEC,SAAS;UAAEC;QAAe,CAAC,GAAGJ,gBAAgB,CAAC9E,MAAM;QACtEf,iBAAiB,CAAC0F,UAAU,EAAE;UAC1BK,OAAO;UACPG,gBAAgB,EAAEF,SAAS;UAC3BG,iBAAiB,EAAEF;QACvB,CAAC,CAAC;MACN;MAEA3F,GAAG,CAAC8F,UAAU,CAAC;QACXC,YAAY,EAAE9G,eAAe,CAACe,GAAG,CAAC;QAClCgG,MAAM,EAAE/H,GAAG,CAACuE,MAAM,CAACwD,MAAM;QACzBjC,iBAAiB,EAAEP,IAAI,CAACO,iBAAiB;QACzCkC,kBAAkB,EAAEzC,IAAI,CAACyC,kBAAkB;QAC3CC,6BAA6B,EAAE1C,IAAI,CAAC0C,6BAA6B;QACjEC,aAAa,EAAE3C,IAAI,CAACS,wBAAwB;QAC5CmC,sBAAsB,EAAE5C,IAAI,CAACW,0BAA0B;QACvDkC,iBAAiB,EAAEzC,OAAO,CAACqB,SAAS,CAACrB,OAAO,CAACb,MAAM,CAAClD,IAAI;QACxDyG,iBAAiB,EAAE1C,OAAO,CAACd,IAAI,CAACC,MAAM,CAACmC,GAAG;QAC1CqB,qBAAqB,EAAE3C,OAAO,CAACd,IAAI,CAACC,MAAM,CAAClD,IAAI;QAC/C2G,uBAAuB,EAAEnB,cAAc,CAACA,cAAc,CAACtC,MAAM,CAACmC,GAAG;QACjEuB,6BAA6B,EAAEpB,cAAc,CAACqB,YAAY,CAAC3D,MAAM,CAACmC,GAAG;QACrEyB,4BAA4B,EAAE9B,WAAW,CAACI,SAAS,CAACE,QAAQ,CAACpC,MAAM,CAACmC,GAAG;QACvE0B,cAAc,EAAEhC,SAAS,CAACiC,YAAY,CAAC9D,MAAM,CAAC+D,EAAE;QAChDC,eAAe,EAAEnC,SAAS,CAACmC,eAAe;QAC1CC,yBAAyB,EAAE1B,SAAS,CAAC2B,UAAU,CAAClE,MAAM,CAACmC;MAC3D,CAAC,CAAC;;MAEF;MACA,IAAI1E,kBAAkB,EAAE;QACpBR,GAAG,CAAC8F,UAAU,CAAC;UACXoB,uBAAuB,EAAE1D,IAAI,CAACa;QAClC,CAAC,CAAC;MACN;MAEArE,GAAG,CAAC2B,UAAU,CAAC,MAAM;QACjB/C,qBAAqB,CAAC;UAClBoB,GAAG;UACHmH,sBAAsB,EAAE/B,UAAU;UAClCgC,GAAG,EAAE;YACDC,kBAAkB,EAAE,qBAAqB;YACzCC,eAAe,EAAE,kBAAkB;YACnCC,UAAU,EAAE,WAAW;YACvBC,OAAO,EAAE;UACb;QACJ,CAAC,CAAC;MACN,CAAC,CAAC;MACF;MACA;MACA;MACA;MACA;MACA;MACA;MACA;;MAEA;MACA,MAAMxI,oBAAoB,CAAC,KAAK,CAAC;MAEjC,OAAO;QACH6F,WAAW;QACXjB,OAAO;QACPkB,UAAU;QACVF,SAAS;QACTQ,UAAU;QACVC,cAAc;QACdC;MACJ,CAAC;IACL;EACJ,CAAC,CAAC;EAEF,MAAMtF,GAAG,GAAGlB,mBAAmB,CAACD,4BAA4B,CAACe,OAAO,CAAC,CAAC;EAEtEI,GAAG,CAAC2B,UAAU,CAAC,MAAM;IACjB3B,GAAG,CAACyH,kBAAkB,CAAC;MACnB5H,IAAI,EAAE,KAAK;MACX6H,QAAQ,EAAE;QACNC,SAAS,EAAE/H,OAAO,CAACgI,SAAS,CAACvC,cAAc,CAACqB,YAAY,CAAC3D,MAAM,CAACmC,GAAG;QACnEE,UAAU,EAAE;UACRyC,cAAc,EAAEjI,OAAO,CAACgI,SAAS,CAACxC,UAAU,CAACrC,MAAM,CAAC+D,EAAE;UACtDgB,MAAM,EAAElI,OAAO,CAACgI,SAAS,CAACxC,UAAU,CAACrC,MAAM,CAACjC,UAAU,CAACiH,KAAK,CACxDC,CAAC,IAAI,WAAWA,CAAC,EACrB;QACJ;MACJ;IACJ,CAAC,CAAC;IAEFhI,GAAG,CAACyH,kBAAkB,CAAC;MACnB5H,IAAI,EAAE,WAAW;MACjB6H,QAAQ,EAAE;QACNO,SAAS,EAAErI,OAAO,CAACgI,SAAS,CAAChE,OAAO,CAACqB,SAAS,CAACrB,OAAO,CAACb,MAAM,CAACmC,GAAG;QACjEgD,OAAO,EAAEtI,OAAO,CAACgI,SAAS,CAACtC,SAAS,CAAC2B,UAAU,CAAClE,MAAM,CAACmC;MAC3D;IACJ,CAAC,CAAC;EACN,CAAC,CAAC;EAEF,OAAOlF,GAAG;AACd,CAAC","ignoreList":[]}
1
+ {"version":3,"names":["aws","createPulumiApp","isResourceOfType","ApiBackgroundTask","ApiCloudfront","ApiFileManager","ApiGateway","ApiGraphql","ApiWebsocket","CoreOutput","VpcConfig","addDomainsUrlsOutputs","withCommonLambdaEnvVariables","withServiceManifest","getEnvVariableAwsRegion","applyAwsResourceTags","getAwsAccountId","ApiScheduler","getProjectSdk","getVpcConfigFromExtension","getOsConfigFromExtension","handleGuardDutyEvents","ApiPulumi","apiPulumi","ApiCustomDomains","apiCustomDomainsExt","applyCustomDomain","createApiPulumiApp","baseApp","name","path","program","app","sdk","projectConfig","getProjectConfig","pulumiResourceNamePrefix","getPulumiResourceNamePrefix","vpcExtensionsConfig","openSearchExtensionConfig","searchEngineParams","params","endpoint","process","env","OPENSEARCH_ENDPOINT","domainName","AWS_OS_DOMAIN_NAME","indexPrefix","OPENSEARCH_INDEX_PREFIX","sharedIndexes","OPENSEARCH_SHARED_INDEXES","username","OPENSEARCH_USERNAME","password","OPENSEARCH_PASSWORD","onResource","resource","startsWith","addHandler","featureFlags","getFeatureFlags","usingAdvancedVpcParams","isFileManagerThreatDetectionEnabled","addResource","useExistingVpc","lambdaFunctionsVpcConfig","Error","lambda","Function","canUseVpc","meta","config","vpcConfig","iam","Role","isLambdaFunctionRole","RolePolicyAttachment","role","output","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","getContainer","registerComposite","pulumiHandlers","resolve","execute","isProduction","core","addModule","vpcEnabled","enabled","graphql","COGNITO_REGION","COGNITO_USER_POOL_ID","cognitoUserPoolId","DB_TABLE","primaryDynamodbTableName","DB_TABLE_AUDIT_LOGS","auditLogsDynamodbTableName","DB_TABLE_OPENSEARCH","opensearchDynamodbTableName","opensearchDomainEndpoint","S3_BUCKET","fileManagerBucketId","EVENT_BUS","eventBusArn","OKTA_ISSUER","websocket","fileManager","apiGateway","method","function","functions","arn","download","cloudfront","backgroundTask","scheduler","apiCustomDomains","extensionsByType","domains","sslMethod","certificateArn","sslSupportMethod","acmCertificateArn","addOutputs","awsAccountId","region","cognitoAppClientId","cognitoUserPoolPasswordPolicy","dynamoDbTable","auditLogsDynamoDbTable","graphqlLambdaName","graphqlLambdaRole","graphqlLambdaRoleName","backgroundTaskLambdaArn","backgroundTaskStepFunctionArn","stepFunction","fileManagerDownloadLambdaArn","websocketApiId","websocketApi","id","websocketApiUrl","schedulerLambdaInvokeRole","invokeRole","dynamoDbOpensearchTable","cloudfrontDistribution","map","distributionDomain","distributionUrl","usedDomain","usedUrl","addServiceManifest","manifest","bgTaskSfn","resources","distributionId","domain","apply","v","lambdaArn","roleArn"],"sources":["createApiPulumiApp.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { createPulumiApp, isResourceOfType, type PulumiApp } from \"@webiny/pulumi\";\nimport {\n ApiBackgroundTask,\n ApiCloudfront,\n ApiFileManager,\n ApiGateway,\n ApiGraphql,\n ApiWebsocket,\n CoreOutput,\n VpcConfig\n} from \"~/pulumi/apps/index.js\";\nimport {\n addDomainsUrlsOutputs,\n withCommonLambdaEnvVariables,\n withServiceManifest\n} from \"~/pulumi/utils/index.js\";\nimport { getEnvVariableAwsRegion } from \"~/pulumi/env/awsRegion.js\";\n// import { attachSyncSystem } from \"../syncSystem/api/index.js\";\nimport { applyAwsResourceTags, getAwsAccountId } from \"~/pulumi/apps/awsUtils.js\";\nimport type { WithServiceManifest } from \"~/pulumi/utils/withServiceManifest.js\";\nimport { ApiScheduler } from \"~/pulumi/apps/api/ApiScheduler.js\";\nimport { getProjectSdk } from \"@webiny/project\";\nimport { getVpcConfigFromExtension } from \"~/pulumi/apps/extensions/getVpcConfigFromExtension.js\";\nimport { getOsConfigFromExtension } from \"~/pulumi/apps/extensions/getOsConfigFromExtension.js\";\nimport { handleGuardDutyEvents } from \"./handleGuardDutyEvents.js\";\nimport { ApiPulumi } from \"~/abstractions/features/pulumi/index.js\";\nimport { apiPulumi } from \"~/pulumi/features/ApiPulumi/index.js\";\nimport { ApiCustomDomains as apiCustomDomainsExt } from \"~/pulumi/extensions/ApiCustomDomains.js\";\nimport { applyCustomDomain } from \"~/pulumi/apps/customDomain.js\";\n\nexport type ApiPulumiApp = ReturnType<typeof createApiPulumiApp>;\n\nexport const createApiPulumiApp = () => {\n const baseApp = createPulumiApp({\n name: \"api\",\n path: \"apps/api\",\n program: async (app: PulumiApp & WithServiceManifest) => {\n const sdk = await getProjectSdk();\n const projectConfig = await sdk.getProjectConfig();\n\n const pulumiResourceNamePrefix = await sdk.getPulumiResourceNamePrefix();\n const vpcExtensionsConfig = getVpcConfigFromExtension(projectConfig);\n const openSearchExtensionConfig = getOsConfigFromExtension(projectConfig);\n\n let searchEngineParams: typeof openSearchExtensionConfig | null = null;\n\n if (openSearchExtensionConfig) {\n searchEngineParams = openSearchExtensionConfig;\n }\n\n if (searchEngineParams) {\n const params = searchEngineParams;\n if (typeof params === \"object\") {\n if (params.endpoint) {\n process.env.OPENSEARCH_ENDPOINT = params.endpoint;\n }\n\n if (params.domainName) {\n process.env.AWS_OS_DOMAIN_NAME = params.domainName;\n }\n\n if (params.indexPrefix) {\n process.env.OPENSEARCH_INDEX_PREFIX = params.indexPrefix;\n }\n\n if (params.sharedIndexes) {\n process.env.OPENSEARCH_SHARED_INDEXES = \"true\";\n }\n\n if (params.username) {\n process.env.OPENSEARCH_USERNAME = params.username;\n }\n\n if (params.password) {\n process.env.OPENSEARCH_PASSWORD = params.password;\n }\n }\n }\n\n if (pulumiResourceNamePrefix) {\n app.onResource(resource => {\n if (!resource.name.startsWith(pulumiResourceNamePrefix)) {\n resource.name = `${pulumiResourceNamePrefix}${resource.name}`;\n }\n });\n }\n\n // <-------------------- Enterprise start -------------------->\n app.addHandler(async () => {\n const featureFlags = await sdk.getFeatureFlags();\n\n const usingAdvancedVpcParams =\n vpcExtensionsConfig && typeof vpcExtensionsConfig !== \"boolean\";\n\n if (featureFlags.isFileManagerThreatDetectionEnabled()) {\n handleGuardDutyEvents(app as ApiPulumiApp);\n }\n\n // Not using advanced VPC params? Then immediately exit.\n if (usingAdvancedVpcParams) {\n const { onResource, addResource } = app;\n const { useExistingVpc } = vpcExtensionsConfig;\n\n // 1. We first deal with \"existing VPC\" setup.\n if (useExistingVpc) {\n if (!useExistingVpc.lambdaFunctionsVpcConfig) {\n throw new Error(\n \"Cannot specify `useExistingVpc` parameter because the `lambdaFunctionsVpcConfig` parameter wasn't provided.\"\n );\n }\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.lambda.Function)) {\n const canUseVpc = resource.meta.canUseVpc !== false;\n if (canUseVpc) {\n resource.config.vpcConfig(\n useExistingVpc!.lambdaFunctionsVpcConfig\n );\n }\n }\n\n if (isResourceOfType(resource, aws.iam.Role)) {\n if (resource.meta.isLambdaFunctionRole) {\n addResource(aws.iam.RolePolicyAttachment, {\n name: `${resource.name}-vpc-access-execution-role`,\n config: {\n role: resource.output.name,\n policyArn:\n aws.iam.ManagedPolicy\n .AWSLambdaVPCAccessExecutionRole\n }\n });\n }\n }\n });\n }\n }\n });\n // <-------------------- Enterprise end -------------------->\n\n // Overrides must be applied via a handler, registered at the very start of the program.\n // By doing this, we're ensuring user's adjustments are not applied to late.\n sdk.getContainer().registerComposite(apiPulumi);\n const pulumiHandlers = sdk.getContainer().resolve(ApiPulumi);\n\n app.addHandler(() => {\n return pulumiHandlers.execute(app as ApiPulumiApp);\n });\n\n const isProduction = app.env.isProduction;\n\n // Register core output as a module available to all the other modules\n const core = app.addModule(CoreOutput);\n\n // Register VPC config module to be available to other modules.\n const vpcEnabled =\n vpcExtensionsConfig === true ||\n typeof vpcExtensionsConfig === \"object\" ||\n isProduction;\n\n app.addModule(VpcConfig, { enabled: vpcEnabled });\n\n const graphql = app.addModule(ApiGraphql, {\n env: {\n COGNITO_REGION: getEnvVariableAwsRegion(),\n COGNITO_USER_POOL_ID: core.cognitoUserPoolId,\n DB_TABLE: core.primaryDynamodbTableName,\n DB_TABLE_AUDIT_LOGS: core.auditLogsDynamodbTableName,\n DB_TABLE_OPENSEARCH: core.opensearchDynamodbTableName,\n OPENSEARCH_ENDPOINT: core.opensearchDomainEndpoint,\n\n // Not required. Useful for testing purposes / ephemeral environments.\n // https://www.webiny.com/docs/key-topics/ci-cd/testing/slow-ephemeral-environments\n OPENSEARCH_INDEX_PREFIX: process.env.OPENSEARCH_INDEX_PREFIX,\n OPENSEARCH_SHARED_INDEXES: process.env.OPENSEARCH_SHARED_INDEXES,\n OPENSEARCH_USERNAME: process.env.OPENSEARCH_USERNAME,\n OPENSEARCH_PASSWORD: process.env.OPENSEARCH_PASSWORD,\n\n S3_BUCKET: core.fileManagerBucketId,\n EVENT_BUS: core.eventBusArn,\n // TODO: move to okta plugin\n OKTA_ISSUER: process.env[\"OKTA_ISSUER\"]\n }\n });\n\n const websocket = app.addModule(ApiWebsocket);\n\n const fileManager = app.addModule(ApiFileManager, {\n env: {\n DB_TABLE: core.primaryDynamodbTableName,\n DB_TABLE_AUDIT_LOGS: core.auditLogsDynamodbTableName\n }\n });\n\n const apiGateway = app.addModule(ApiGateway, {\n \"graphql-post\": {\n path: \"/graphql\",\n method: \"POST\",\n function: graphql.functions.graphql.output.arn\n },\n \"graphql-options\": {\n path: \"/graphql\",\n method: \"OPTIONS\",\n function: graphql.functions.graphql.output.arn\n },\n \"files-any\": {\n path: \"/files/{path+}\",\n method: \"ANY\",\n function: fileManager.functions.download.output.arn\n },\n \"private-any\": {\n path: \"/private/{path+}\",\n method: \"ANY\",\n function: fileManager.functions.download.output.arn\n },\n \"cms-post\": {\n path: \"/cms/{key+}\",\n method: \"POST\",\n function: graphql.functions.graphql.output.arn\n },\n \"cms-options\": {\n path: \"/cms/{key+}\",\n method: \"OPTIONS\",\n function: graphql.functions.graphql.output.arn\n },\n \"redirects-get\": {\n path: \"/wb/redirects\",\n method: \"GET\",\n function: graphql.functions.graphql.output.arn\n },\n \"redirects-options\": {\n path: \"/wb/redirects\",\n method: \"OPTIONS\",\n function: graphql.functions.graphql.output.arn\n },\n \"files-catch-all\": {\n path: \"/{path+}\",\n method: \"ANY\",\n function: fileManager.functions.download.output.arn\n }\n });\n\n const cloudfront = app.addModule(ApiCloudfront);\n const backgroundTask = app.addModule(ApiBackgroundTask);\n const scheduler = app.addModule(ApiScheduler);\n\n const [apiCustomDomains] = projectConfig.extensionsByType(apiCustomDomainsExt);\n if (apiCustomDomains) {\n const { domains, sslMethod, certificateArn } = apiCustomDomains.params;\n applyCustomDomain(cloudfront, {\n domains,\n sslSupportMethod: sslMethod,\n acmCertificateArn: certificateArn\n });\n }\n\n app.addOutputs({\n awsAccountId: getAwsAccountId(app),\n region: aws.config.region,\n cognitoUserPoolId: core.cognitoUserPoolId,\n cognitoAppClientId: core.cognitoAppClientId,\n cognitoUserPoolPasswordPolicy: core.cognitoUserPoolPasswordPolicy,\n dynamoDbTable: core.primaryDynamodbTableName,\n auditLogsDynamoDbTable: core.auditLogsDynamodbTableName,\n graphqlLambdaName: graphql.functions.graphql.output.name,\n graphqlLambdaRole: graphql.role.output.arn,\n graphqlLambdaRoleName: graphql.role.output.name,\n backgroundTaskLambdaArn: backgroundTask.backgroundTask.output.arn,\n backgroundTaskStepFunctionArn: backgroundTask.stepFunction.output.arn,\n fileManagerDownloadLambdaArn: fileManager.functions.download.output.arn,\n websocketApiId: websocket.websocketApi.output.id,\n websocketApiUrl: websocket.websocketApiUrl,\n schedulerLambdaInvokeRole: scheduler.invokeRole.output.arn\n });\n\n // Only add `dynamoDbOpensearchTable` output if using search engine (ES/OS).\n if (searchEngineParams) {\n app.addOutputs({\n dynamoDbOpensearchTable: core.opensearchDynamodbTableName\n });\n }\n\n app.addHandler(() => {\n addDomainsUrlsOutputs({\n app,\n cloudfrontDistribution: cloudfront,\n map: {\n distributionDomain: \"cloudfrontApiDomain\",\n distributionUrl: \"cloudfrontApiUrl\",\n usedDomain: \"apiDomain\",\n usedUrl: \"apiUrl\"\n }\n });\n });\n // /**\n // * We need to attach the Sync System if it exists.\n // */\n // await attachSyncSystem({\n // app,\n // core,\n // env: app.params.run.env\n // });\n\n // Applies internal and user-defined AWS tags.\n await applyAwsResourceTags(\"api\");\n\n return {\n fileManager,\n graphql,\n apiGateway,\n websocket,\n cloudfront,\n backgroundTask,\n scheduler\n };\n }\n });\n\n const app = withServiceManifest(withCommonLambdaEnvVariables(baseApp));\n\n app.addHandler(() => {\n app.addServiceManifest({\n name: \"api\",\n manifest: {\n bgTaskSfn: baseApp.resources.backgroundTask.stepFunction.output.arn,\n cloudfront: {\n distributionId: baseApp.resources.cloudfront.output.id,\n domain: baseApp.resources.cloudfront.output.domainName.apply(\n v => `https://${v}`\n )\n }\n }\n });\n\n app.addServiceManifest({\n name: \"scheduler\",\n manifest: {\n lambdaArn: baseApp.resources.graphql.functions.graphql.output.arn,\n roleArn: baseApp.resources.scheduler.invokeRole.output.arn\n }\n });\n });\n\n return app;\n};\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAClC,SAASC,eAAe,EAAEC,gBAAgB,QAAwB,gBAAgB;AAClF,SACIC,iBAAiB,EACjBC,aAAa,EACbC,cAAc,EACdC,UAAU,EACVC,UAAU,EACVC,YAAY,EACZC,UAAU,EACVC,SAAS;AAEb,SACIC,qBAAqB,EACrBC,4BAA4B,EAC5BC,mBAAmB;AAEvB,SAASC,uBAAuB;AAChC;AACA,SAASC,oBAAoB,EAAEC,eAAe;AAE9C,SAASC,YAAY;AACrB,SAASC,aAAa,QAAQ,iBAAiB;AAC/C,SAASC,yBAAyB;AAClC,SAASC,wBAAwB;AACjC,SAASC,qBAAqB;AAC9B,SAASC,SAAS;AAClB,SAASC,SAAS;AAClB,SAASC,gBAAgB,IAAIC,mBAAmB;AAChD,SAASC,iBAAiB;AAI1B,OAAO,MAAMC,kBAAkB,GAAGA,CAAA,KAAM;EACpC,MAAMC,OAAO,GAAG3B,eAAe,CAAC;IAC5B4B,IAAI,EAAE,KAAK;IACXC,IAAI,EAAE,UAAU;IAChBC,OAAO,EAAE,MAAOC,GAAoC,IAAK;MACrD,MAAMC,GAAG,GAAG,MAAMf,aAAa,CAAC,CAAC;MACjC,MAAMgB,aAAa,GAAG,MAAMD,GAAG,CAACE,gBAAgB,CAAC,CAAC;MAElD,MAAMC,wBAAwB,GAAG,MAAMH,GAAG,CAACI,2BAA2B,CAAC,CAAC;MACxE,MAAMC,mBAAmB,GAAGnB,yBAAyB,CAACe,aAAa,CAAC;MACpE,MAAMK,yBAAyB,GAAGnB,wBAAwB,CAACc,aAAa,CAAC;MAEzE,IAAIM,kBAA2D,GAAG,IAAI;MAEtE,IAAID,yBAAyB,EAAE;QAC3BC,kBAAkB,GAAGD,yBAAyB;MAClD;MAEA,IAAIC,kBAAkB,EAAE;QACpB,MAAMC,MAAM,GAAGD,kBAAkB;QACjC,IAAI,OAAOC,MAAM,KAAK,QAAQ,EAAE;UAC5B,IAAIA,MAAM,CAACC,QAAQ,EAAE;YACjBC,OAAO,CAACC,GAAG,CAACC,mBAAmB,GAAGJ,MAAM,CAACC,QAAQ;UACrD;UAEA,IAAID,MAAM,CAACK,UAAU,EAAE;YACnBH,OAAO,CAACC,GAAG,CAACG,kBAAkB,GAAGN,MAAM,CAACK,UAAU;UACtD;UAEA,IAAIL,MAAM,CAACO,WAAW,EAAE;YACpBL,OAAO,CAACC,GAAG,CAACK,uBAAuB,GAAGR,MAAM,CAACO,WAAW;UAC5D;UAEA,IAAIP,MAAM,CAACS,aAAa,EAAE;YACtBP,OAAO,CAACC,GAAG,CAACO,yBAAyB,GAAG,MAAM;UAClD;UAEA,IAAIV,MAAM,CAACW,QAAQ,EAAE;YACjBT,OAAO,CAACC,GAAG,CAACS,mBAAmB,GAAGZ,MAAM,CAACW,QAAQ;UACrD;UAEA,IAAIX,MAAM,CAACa,QAAQ,EAAE;YACjBX,OAAO,CAACC,GAAG,CAACW,mBAAmB,GAAGd,MAAM,CAACa,QAAQ;UACrD;QACJ;MACJ;MAEA,IAAIlB,wBAAwB,EAAE;QAC1BJ,GAAG,CAACwB,UAAU,CAACC,QAAQ,IAAI;UACvB,IAAI,CAACA,QAAQ,CAAC5B,IAAI,CAAC6B,UAAU,CAACtB,wBAAwB,CAAC,EAAE;YACrDqB,QAAQ,CAAC5B,IAAI,GAAG,GAAGO,wBAAwB,GAAGqB,QAAQ,CAAC5B,IAAI,EAAE;UACjE;QACJ,CAAC,CAAC;MACN;;MAEA;MACAG,GAAG,CAAC2B,UAAU,CAAC,YAAY;QACvB,MAAMC,YAAY,GAAG,MAAM3B,GAAG,CAAC4B,eAAe,CAAC,CAAC;QAEhD,MAAMC,sBAAsB,GACxBxB,mBAAmB,IAAI,OAAOA,mBAAmB,KAAK,SAAS;QAEnE,IAAIsB,YAAY,CAACG,mCAAmC,CAAC,CAAC,EAAE;UACpD1C,qBAAqB,CAACW,GAAmB,CAAC;QAC9C;;QAEA;QACA,IAAI8B,sBAAsB,EAAE;UACxB,MAAM;YAAEN,UAAU;YAAEQ;UAAY,CAAC,GAAGhC,GAAG;UACvC,MAAM;YAAEiC;UAAe,CAAC,GAAG3B,mBAAmB;;UAE9C;UACA,IAAI2B,cAAc,EAAE;YAChB,IAAI,CAACA,cAAc,CAACC,wBAAwB,EAAE;cAC1C,MAAM,IAAIC,KAAK,CACX,6GACJ,CAAC;YACL;YAEAX,UAAU,CAACC,QAAQ,IAAI;cACnB,IAAIvD,gBAAgB,CAACuD,QAAQ,EAAEzD,GAAG,CAACoE,MAAM,CAACC,QAAQ,CAAC,EAAE;gBACjD,MAAMC,SAAS,GAAGb,QAAQ,CAACc,IAAI,CAACD,SAAS,KAAK,KAAK;gBACnD,IAAIA,SAAS,EAAE;kBACXb,QAAQ,CAACe,MAAM,CAACC,SAAS,CACrBR,cAAc,CAAEC,wBACpB,CAAC;gBACL;cACJ;cAEA,IAAIhE,gBAAgB,CAACuD,QAAQ,EAAEzD,GAAG,CAAC0E,GAAG,CAACC,IAAI,CAAC,EAAE;gBAC1C,IAAIlB,QAAQ,CAACc,IAAI,CAACK,oBAAoB,EAAE;kBACpCZ,WAAW,CAAChE,GAAG,CAAC0E,GAAG,CAACG,oBAAoB,EAAE;oBACtChD,IAAI,EAAE,GAAG4B,QAAQ,CAAC5B,IAAI,4BAA4B;oBAClD2C,MAAM,EAAE;sBACJM,IAAI,EAAErB,QAAQ,CAACsB,MAAM,CAAClD,IAAI;sBAC1BmD,SAAS,EACLhF,GAAG,CAAC0E,GAAG,CAACO,aAAa,CAChBC;oBACb;kBACJ,CAAC,CAAC;gBACN;cACJ;YACJ,CAAC,CAAC;UACN;QACJ;MACJ,CAAC,CAAC;MACF;;MAEA;MACA;MACAjD,GAAG,CAACkD,YAAY,CAAC,CAAC,CAACC,iBAAiB,CAAC7D,SAAS,CAAC;MAC/C,MAAM8D,cAAc,GAAGpD,GAAG,CAACkD,YAAY,CAAC,CAAC,CAACG,OAAO,CAAChE,SAAS,CAAC;MAE5DU,GAAG,CAAC2B,UAAU,CAAC,MAAM;QACjB,OAAO0B,cAAc,CAACE,OAAO,CAACvD,GAAmB,CAAC;MACtD,CAAC,CAAC;MAEF,MAAMwD,YAAY,GAAGxD,GAAG,CAACY,GAAG,CAAC4C,YAAY;;MAEzC;MACA,MAAMC,IAAI,GAAGzD,GAAG,CAAC0D,SAAS,CAACjF,UAAU,CAAC;;MAEtC;MACA,MAAMkF,UAAU,GACZrD,mBAAmB,KAAK,IAAI,IAC5B,OAAOA,mBAAmB,KAAK,QAAQ,IACvCkD,YAAY;MAEhBxD,GAAG,CAAC0D,SAAS,CAAChF,SAAS,EAAE;QAAEkF,OAAO,EAAED;MAAW,CAAC,CAAC;MAEjD,MAAME,OAAO,GAAG7D,GAAG,CAAC0D,SAAS,CAACnF,UAAU,EAAE;QACtCqC,GAAG,EAAE;UACDkD,cAAc,EAAEhF,uBAAuB,CAAC,CAAC;UACzCiF,oBAAoB,EAAEN,IAAI,CAACO,iBAAiB;UAC5CC,QAAQ,EAAER,IAAI,CAACS,wBAAwB;UACvCC,mBAAmB,EAAEV,IAAI,CAACW,0BAA0B;UACpDC,mBAAmB,EAAEZ,IAAI,CAACa,2BAA2B;UACrDzD,mBAAmB,EAAE4C,IAAI,CAACc,wBAAwB;UAElD;UACA;UACAtD,uBAAuB,EAAEN,OAAO,CAACC,GAAG,CAACK,uBAAuB;UAC5DE,yBAAyB,EAAER,OAAO,CAACC,GAAG,CAACO,yBAAyB;UAChEE,mBAAmB,EAAEV,OAAO,CAACC,GAAG,CAACS,mBAAmB;UACpDE,mBAAmB,EAAEZ,OAAO,CAACC,GAAG,CAACW,mBAAmB;UAEpDiD,SAAS,EAAEf,IAAI,CAACgB,mBAAmB;UACnCC,SAAS,EAAEjB,IAAI,CAACkB,WAAW;UAC3B;UACAC,WAAW,EAAEjE,OAAO,CAACC,GAAG,CAAC,aAAa;QAC1C;MACJ,CAAC,CAAC;MAEF,MAAMiE,SAAS,GAAG7E,GAAG,CAAC0D,SAAS,CAAClF,YAAY,CAAC;MAE7C,MAAMsG,WAAW,GAAG9E,GAAG,CAAC0D,SAAS,CAACrF,cAAc,EAAE;QAC9CuC,GAAG,EAAE;UACDqD,QAAQ,EAAER,IAAI,CAACS,wBAAwB;UACvCC,mBAAmB,EAAEV,IAAI,CAACW;QAC9B;MACJ,CAAC,CAAC;MAEF,MAAMW,UAAU,GAAG/E,GAAG,CAAC0D,SAAS,CAACpF,UAAU,EAAE;QACzC,cAAc,EAAE;UACZwB,IAAI,EAAE,UAAU;UAChBkF,MAAM,EAAE,MAAM;UACdC,QAAQ,EAAEpB,OAAO,CAACqB,SAAS,CAACrB,OAAO,CAACd,MAAM,CAACoC;QAC/C,CAAC;QACD,iBAAiB,EAAE;UACfrF,IAAI,EAAE,UAAU;UAChBkF,MAAM,EAAE,SAAS;UACjBC,QAAQ,EAAEpB,OAAO,CAACqB,SAAS,CAACrB,OAAO,CAACd,MAAM,CAACoC;QAC/C,CAAC;QACD,WAAW,EAAE;UACTrF,IAAI,EAAE,gBAAgB;UACtBkF,MAAM,EAAE,KAAK;UACbC,QAAQ,EAAEH,WAAW,CAACI,SAAS,CAACE,QAAQ,CAACrC,MAAM,CAACoC;QACpD,CAAC;QACD,aAAa,EAAE;UACXrF,IAAI,EAAE,kBAAkB;UACxBkF,MAAM,EAAE,KAAK;UACbC,QAAQ,EAAEH,WAAW,CAACI,SAAS,CAACE,QAAQ,CAACrC,MAAM,CAACoC;QACpD,CAAC;QACD,UAAU,EAAE;UACRrF,IAAI,EAAE,aAAa;UACnBkF,MAAM,EAAE,MAAM;UACdC,QAAQ,EAAEpB,OAAO,CAACqB,SAAS,CAACrB,OAAO,CAACd,MAAM,CAACoC;QAC/C,CAAC;QACD,aAAa,EAAE;UACXrF,IAAI,EAAE,aAAa;UACnBkF,MAAM,EAAE,SAAS;UACjBC,QAAQ,EAAEpB,OAAO,CAACqB,SAAS,CAACrB,OAAO,CAACd,MAAM,CAACoC;QAC/C,CAAC;QACD,eAAe,EAAE;UACbrF,IAAI,EAAE,eAAe;UACrBkF,MAAM,EAAE,KAAK;UACbC,QAAQ,EAAEpB,OAAO,CAACqB,SAAS,CAACrB,OAAO,CAACd,MAAM,CAACoC;QAC/C,CAAC;QACD,mBAAmB,EAAE;UACjBrF,IAAI,EAAE,eAAe;UACrBkF,MAAM,EAAE,SAAS;UACjBC,QAAQ,EAAEpB,OAAO,CAACqB,SAAS,CAACrB,OAAO,CAACd,MAAM,CAACoC;QAC/C,CAAC;QACD,iBAAiB,EAAE;UACfrF,IAAI,EAAE,UAAU;UAChBkF,MAAM,EAAE,KAAK;UACbC,QAAQ,EAAEH,WAAW,CAACI,SAAS,CAACE,QAAQ,CAACrC,MAAM,CAACoC;QACpD;MACJ,CAAC,CAAC;MAEF,MAAME,UAAU,GAAGrF,GAAG,CAAC0D,SAAS,CAACtF,aAAa,CAAC;MAC/C,MAAMkH,cAAc,GAAGtF,GAAG,CAAC0D,SAAS,CAACvF,iBAAiB,CAAC;MACvD,MAAMoH,SAAS,GAAGvF,GAAG,CAAC0D,SAAS,CAACzE,YAAY,CAAC;MAE7C,MAAM,CAACuG,gBAAgB,CAAC,GAAGtF,aAAa,CAACuF,gBAAgB,CAAChG,mBAAmB,CAAC;MAC9E,IAAI+F,gBAAgB,EAAE;QAClB,MAAM;UAAEE,OAAO;UAAEC,SAAS;UAAEC;QAAe,CAAC,GAAGJ,gBAAgB,CAAC/E,MAAM;QACtEf,iBAAiB,CAAC2F,UAAU,EAAE;UAC1BK,OAAO;UACPG,gBAAgB,EAAEF,SAAS;UAC3BG,iBAAiB,EAAEF;QACvB,CAAC,CAAC;MACN;MAEA5F,GAAG,CAAC+F,UAAU,CAAC;QACXC,YAAY,EAAEhH,eAAe,CAACgB,GAAG,CAAC;QAClCiG,MAAM,EAAEjI,GAAG,CAACwE,MAAM,CAACyD,MAAM;QACzBjC,iBAAiB,EAAEP,IAAI,CAACO,iBAAiB;QACzCkC,kBAAkB,EAAEzC,IAAI,CAACyC,kBAAkB;QAC3CC,6BAA6B,EAAE1C,IAAI,CAAC0C,6BAA6B;QACjEC,aAAa,EAAE3C,IAAI,CAACS,wBAAwB;QAC5CmC,sBAAsB,EAAE5C,IAAI,CAACW,0BAA0B;QACvDkC,iBAAiB,EAAEzC,OAAO,CAACqB,SAAS,CAACrB,OAAO,CAACd,MAAM,CAAClD,IAAI;QACxD0G,iBAAiB,EAAE1C,OAAO,CAACf,IAAI,CAACC,MAAM,CAACoC,GAAG;QAC1CqB,qBAAqB,EAAE3C,OAAO,CAACf,IAAI,CAACC,MAAM,CAAClD,IAAI;QAC/C4G,uBAAuB,EAAEnB,cAAc,CAACA,cAAc,CAACvC,MAAM,CAACoC,GAAG;QACjEuB,6BAA6B,EAAEpB,cAAc,CAACqB,YAAY,CAAC5D,MAAM,CAACoC,GAAG;QACrEyB,4BAA4B,EAAE9B,WAAW,CAACI,SAAS,CAACE,QAAQ,CAACrC,MAAM,CAACoC,GAAG;QACvE0B,cAAc,EAAEhC,SAAS,CAACiC,YAAY,CAAC/D,MAAM,CAACgE,EAAE;QAChDC,eAAe,EAAEnC,SAAS,CAACmC,eAAe;QAC1CC,yBAAyB,EAAE1B,SAAS,CAAC2B,UAAU,CAACnE,MAAM,CAACoC;MAC3D,CAAC,CAAC;;MAEF;MACA,IAAI3E,kBAAkB,EAAE;QACpBR,GAAG,CAAC+F,UAAU,CAAC;UACXoB,uBAAuB,EAAE1D,IAAI,CAACa;QAClC,CAAC,CAAC;MACN;MAEAtE,GAAG,CAAC2B,UAAU,CAAC,MAAM;QACjBhD,qBAAqB,CAAC;UAClBqB,GAAG;UACHoH,sBAAsB,EAAE/B,UAAU;UAClCgC,GAAG,EAAE;YACDC,kBAAkB,EAAE,qBAAqB;YACzCC,eAAe,EAAE,kBAAkB;YACnCC,UAAU,EAAE,WAAW;YACvBC,OAAO,EAAE;UACb;QACJ,CAAC,CAAC;MACN,CAAC,CAAC;MACF;MACA;MACA;MACA;MACA;MACA;MACA;MACA;;MAEA;MACA,MAAM1I,oBAAoB,CAAC,KAAK,CAAC;MAEjC,OAAO;QACH+F,WAAW;QACXjB,OAAO;QACPkB,UAAU;QACVF,SAAS;QACTQ,UAAU;QACVC,cAAc;QACdC;MACJ,CAAC;IACL;EACJ,CAAC,CAAC;EAEF,MAAMvF,GAAG,GAAGnB,mBAAmB,CAACD,4BAA4B,CAACgB,OAAO,CAAC,CAAC;EAEtEI,GAAG,CAAC2B,UAAU,CAAC,MAAM;IACjB3B,GAAG,CAAC0H,kBAAkB,CAAC;MACnB7H,IAAI,EAAE,KAAK;MACX8H,QAAQ,EAAE;QACNC,SAAS,EAAEhI,OAAO,CAACiI,SAAS,CAACvC,cAAc,CAACqB,YAAY,CAAC5D,MAAM,CAACoC,GAAG;QACnEE,UAAU,EAAE;UACRyC,cAAc,EAAElI,OAAO,CAACiI,SAAS,CAACxC,UAAU,CAACtC,MAAM,CAACgE,EAAE;UACtDgB,MAAM,EAAEnI,OAAO,CAACiI,SAAS,CAACxC,UAAU,CAACtC,MAAM,CAACjC,UAAU,CAACkH,KAAK,CACxDC,CAAC,IAAI,WAAWA,CAAC,EACrB;QACJ;MACJ;IACJ,CAAC,CAAC;IAEFjI,GAAG,CAAC0H,kBAAkB,CAAC;MACnB7H,IAAI,EAAE,WAAW;MACjB8H,QAAQ,EAAE;QACNO,SAAS,EAAEtI,OAAO,CAACiI,SAAS,CAAChE,OAAO,CAACqB,SAAS,CAACrB,OAAO,CAACd,MAAM,CAACoC,GAAG;QACjEgD,OAAO,EAAEvI,OAAO,CAACiI,SAAS,CAACtC,SAAS,CAAC2B,UAAU,CAACnE,MAAM,CAACoC;MAC3D;IACJ,CAAC,CAAC;EACN,CAAC,CAAC;EAEF,OAAOnF,GAAG;AACd,CAAC","ignoreList":[]}
package/pulumi/apps/blueGreen/functions/handler.js CHANGED
@@ -1,3 +1,4 @@
1
+ /* oxlint-disable */
1
2
  const cf = require("cloudfront");
2
3
  const BLUE_GREEN_ROUTER_STORE_ID = "{BLUE_GREEN_ROUTER_STORE_ID}";
3
4
  const BLUE_GREEN_ROUTER_STORE_KEY = "{BLUE_GREEN_ROUTER_STORE_KEY}";
package/pulumi/apps/blueGreen/functions/handler.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["cf","require","BLUE_GREEN_ROUTER_STORE_ID","BLUE_GREEN_ROUTER_STORE_KEY","BLUE_GREEN_ROUTER_DOMAINS","store","kvs","removeProtocol","url","replace","requestWithError","request","error","console","log","message","properties","Object","getOwnPropertyNames","property","headers","value","getTargetDomain","active","values","host","Error","initialHost","Array","isArray","domain","find","name","sourceDomain","handleRequest","targetDomain","updateRequestOrigin","domainName","handler","event","context","eventType","get","ex"],"sources":["handler.js"],"sourcesContent":["const cf = require(\"cloudfront\");\n\nconst BLUE_GREEN_ROUTER_STORE_ID = \"{BLUE_GREEN_ROUTER_STORE_ID}\";\nconst BLUE_GREEN_ROUTER_STORE_KEY = \"{BLUE_GREEN_ROUTER_STORE_KEY}\";\nconst BLUE_GREEN_ROUTER_DOMAINS = \"{BLUE_GREEN_ROUTER_DOMAINS}\";\n\nconst store = cf.kvs(BLUE_GREEN_ROUTER_STORE_ID);\n\nfunction removeProtocol(url) {\n return url.replace(/^https?:\\/\\//, \"\");\n}\nfunction requestWithError(request, error) {\n console.log(`There is an error: ${error.message}`);\n const properties = Object.getOwnPropertyNames(error);\n for (const property in properties) {\n console.log(`${property}: ${error[property]}`);\n }\n request.headers[\"x-webiny-debug-log\"] = {\n value: error.message\n };\n\n return request;\n}\n\nfunction getTargetDomain(headers, active) {\n const values = headers.host;\n if (!values) {\n throw new Error(\"Missing the 'host' header.\");\n }\n const initialHost = Array.isArray(values) ? values[0].value : values.value;\n if (!initialHost) {\n throw new Error(\"Missing the 'host' header value.\");\n }\n const host = removeProtocol(initialHost);\n\n const domain = BLUE_GREEN_ROUTER_DOMAINS.find(\n domain => domain.name === active && domain.sourceDomain === host\n );\n if (domain) {\n return domain;\n }\n throw new Error(`Could not find a domain mapping for ${host}.`);\n}\n\nfunction handleRequest(request, active) {\n const targetDomain = getTargetDomain(request.headers || {}, active);\n\n cf.updateRequestOrigin({\n domainName: targetDomain.targetDomain\n });\n\n return request;\n}\n\nasync function handler(event) {\n const context = event.context;\n const request = event.request;\n\n try {\n if (context.eventType !== \"viewer-request\") {\n new Error(\"This function only supports viewer-request events.\");\n }\n const active = await store.get(BLUE_GREEN_ROUTER_STORE_KEY);\n if (!active) {\n throw new Error(\"Blue/Green system is not configured.\");\n }\n\n return await handleRequest(request, active);\n } catch (ex) {\n return requestWithError(request, ex);\n }\n}\n"],"mappings":"AAAA,MAAMA,EAAE,GAAGC,OAAO,CAAC,YAAY,CAAC;AAEhC,MAAMC,0BAA0B,GAAG,8BAA8B;AACjE,MAAMC,2BAA2B,GAAG,+BAA+B;AACnE,MAAMC,yBAAyB,GAAG,6BAA6B;AAE/D,MAAMC,KAAK,GAAGL,EAAE,CAACM,GAAG,CAACJ,0BAA0B,CAAC;AAEhD,SAASK,cAAcA,CAACC,GAAG,EAAE;EACzB,OAAOA,GAAG,CAACC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC;AAC1C;AACA,SAASC,gBAAgBA,CAACC,OAAO,EAAEC,KAAK,EAAE;EACtCC,OAAO,CAACC,GAAG,CAAC,sBAAsBF,KAAK,CAACG,OAAO,EAAE,CAAC;EAClD,MAAMC,UAAU,GAAGC,MAAM,CAACC,mBAAmB,CAACN,KAAK,CAAC;EACpD,KAAK,MAAMO,QAAQ,IAAIH,UAAU,EAAE;IAC/BH,OAAO,CAACC,GAAG,CAAC,GAAGK,QAAQ,KAAKP,KAAK,CAACO,QAAQ,CAAC,EAAE,CAAC;EAClD;EACAR,OAAO,CAACS,OAAO,CAAC,oBAAoB,CAAC,GAAG;IACpCC,KAAK,EAAET,KAAK,CAACG;EACjB,CAAC;EAED,OAAOJ,OAAO;AAClB;AAEA,SAASW,eAAeA,CAACF,OAAO,EAAEG,MAAM,EAAE;EACtC,MAAMC,MAAM,GAAGJ,OAAO,CAACK,IAAI;EAC3B,IAAI,CAACD,MAAM,EAAE;IACT,MAAM,IAAIE,KAAK,CAAC,4BAA4B,CAAC;EACjD;EACA,MAAMC,WAAW,GAAGC,KAAK,CAACC,OAAO,CAACL,MAAM,CAAC,GAAGA,MAAM,CAAC,CAAC,CAAC,CAACH,KAAK,GAAGG,MAAM,CAACH,KAAK;EAC1E,IAAI,CAACM,WAAW,EAAE;IACd,MAAM,IAAID,KAAK,CAAC,kCAAkC,CAAC;EACvD;EACA,MAAMD,IAAI,GAAGlB,cAAc,CAACoB,WAAW,CAAC;EAExC,MAAMG,MAAM,GAAG1B,yBAAyB,CAAC2B,IAAI,CACzCD,MAAM,IAAIA,MAAM,CAACE,IAAI,KAAKT,MAAM,IAAIO,MAAM,CAACG,YAAY,KAAKR,IAChE,CAAC;EACD,IAAIK,MAAM,EAAE;IACR,OAAOA,MAAM;EACjB;EACA,MAAM,IAAIJ,KAAK,CAAC,uCAAuCD,IAAI,GAAG,CAAC;AACnE;AAEA,SAASS,aAAaA,CAACvB,OAAO,EAAEY,MAAM,EAAE;EACpC,MAAMY,YAAY,GAAGb,eAAe,CAACX,OAAO,CAACS,OAAO,IAAI,CAAC,CAAC,EAAEG,MAAM,CAAC;EAEnEvB,EAAE,CAACoC,mBAAmB,CAAC;IACnBC,UAAU,EAAEF,YAAY,CAACA;EAC7B,CAAC,CAAC;EAEF,OAAOxB,OAAO;AAClB;AAEA,eAAe2B,OAAOA,CAACC,KAAK,EAAE;EAC1B,MAAMC,OAAO,GAAGD,KAAK,CAACC,OAAO;EAC7B,MAAM7B,OAAO,GAAG4B,KAAK,CAAC5B,OAAO;EAE7B,IAAI;IACA,IAAI6B,OAAO,CAACC,SAAS,KAAK,gBAAgB,EAAE;MACxC,IAAIf,KAAK,CAAC,oDAAoD,CAAC;IACnE;IACA,MAAMH,MAAM,GAAG,MAAMlB,KAAK,CAACqC,GAAG,CAACvC,2BAA2B,CAAC;IAC3D,IAAI,CAACoB,MAAM,EAAE;MACT,MAAM,IAAIG,KAAK,CAAC,sCAAsC,CAAC;IAC3D;IAEA,OAAO,MAAMQ,aAAa,CAACvB,OAAO,EAAEY,MAAM,CAAC;EAC/C,CAAC,CAAC,OAAOoB,EAAE,EAAE;IACT,OAAOjC,gBAAgB,CAACC,OAAO,EAAEgC,EAAE,CAAC;EACxC;AACJ","ignoreList":[]}
1
+ {"version":3,"names":["cf","require","BLUE_GREEN_ROUTER_STORE_ID","BLUE_GREEN_ROUTER_STORE_KEY","BLUE_GREEN_ROUTER_DOMAINS","store","kvs","removeProtocol","url","replace","requestWithError","request","error","console","log","message","properties","Object","getOwnPropertyNames","property","headers","value","getTargetDomain","active","values","host","Error","initialHost","Array","isArray","domain","find","name","sourceDomain","handleRequest","targetDomain","updateRequestOrigin","domainName","handler","event","context","eventType","get","ex"],"sources":["handler.js"],"sourcesContent":["/* oxlint-disable */\nconst cf = require(\"cloudfront\");\n\nconst BLUE_GREEN_ROUTER_STORE_ID = \"{BLUE_GREEN_ROUTER_STORE_ID}\";\nconst BLUE_GREEN_ROUTER_STORE_KEY = \"{BLUE_GREEN_ROUTER_STORE_KEY}\";\nconst BLUE_GREEN_ROUTER_DOMAINS = \"{BLUE_GREEN_ROUTER_DOMAINS}\";\n\nconst store = cf.kvs(BLUE_GREEN_ROUTER_STORE_ID);\n\nfunction removeProtocol(url) {\n return url.replace(/^https?:\\/\\//, \"\");\n}\nfunction requestWithError(request, error) {\n console.log(`There is an error: ${error.message}`);\n const properties = Object.getOwnPropertyNames(error);\n for (const property in properties) {\n console.log(`${property}: ${error[property]}`);\n }\n request.headers[\"x-webiny-debug-log\"] = {\n value: error.message\n };\n\n return request;\n}\n\nfunction getTargetDomain(headers, active) {\n const values = headers.host;\n if (!values) {\n throw new Error(\"Missing the 'host' header.\");\n }\n const initialHost = Array.isArray(values) ? values[0].value : values.value;\n if (!initialHost) {\n throw new Error(\"Missing the 'host' header value.\");\n }\n const host = removeProtocol(initialHost);\n\n const domain = BLUE_GREEN_ROUTER_DOMAINS.find(\n domain => domain.name === active && domain.sourceDomain === host\n );\n if (domain) {\n return domain;\n }\n throw new Error(`Could not find a domain mapping for ${host}.`);\n}\n\nfunction handleRequest(request, active) {\n const targetDomain = getTargetDomain(request.headers || {}, active);\n\n cf.updateRequestOrigin({\n domainName: targetDomain.targetDomain\n });\n\n return request;\n}\n\nasync function handler(event) {\n const context = event.context;\n const request = event.request;\n\n try {\n if (context.eventType !== \"viewer-request\") {\n new Error(\"This function only supports viewer-request events.\");\n }\n const active = await store.get(BLUE_GREEN_ROUTER_STORE_KEY);\n if (!active) {\n throw new Error(\"Blue/Green system is not configured.\");\n }\n\n return await handleRequest(request, active);\n } catch (ex) {\n return requestWithError(request, ex);\n }\n}\n"],"mappings":"AAAA;AACA,MAAMA,EAAE,GAAGC,OAAO,CAAC,YAAY,CAAC;AAEhC,MAAMC,0BAA0B,GAAG,8BAA8B;AACjE,MAAMC,2BAA2B,GAAG,+BAA+B;AACnE,MAAMC,yBAAyB,GAAG,6BAA6B;AAE/D,MAAMC,KAAK,GAAGL,EAAE,CAACM,GAAG,CAACJ,0BAA0B,CAAC;AAEhD,SAASK,cAAcA,CAACC,GAAG,EAAE;EACzB,OAAOA,GAAG,CAACC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC;AAC1C;AACA,SAASC,gBAAgBA,CAACC,OAAO,EAAEC,KAAK,EAAE;EACtCC,OAAO,CAACC,GAAG,CAAC,sBAAsBF,KAAK,CAACG,OAAO,EAAE,CAAC;EAClD,MAAMC,UAAU,GAAGC,MAAM,CAACC,mBAAmB,CAACN,KAAK,CAAC;EACpD,KAAK,MAAMO,QAAQ,IAAIH,UAAU,EAAE;IAC/BH,OAAO,CAACC,GAAG,CAAC,GAAGK,QAAQ,KAAKP,KAAK,CAACO,QAAQ,CAAC,EAAE,CAAC;EAClD;EACAR,OAAO,CAACS,OAAO,CAAC,oBAAoB,CAAC,GAAG;IACpCC,KAAK,EAAET,KAAK,CAACG;EACjB,CAAC;EAED,OAAOJ,OAAO;AAClB;AAEA,SAASW,eAAeA,CAACF,OAAO,EAAEG,MAAM,EAAE;EACtC,MAAMC,MAAM,GAAGJ,OAAO,CAACK,IAAI;EAC3B,IAAI,CAACD,MAAM,EAAE;IACT,MAAM,IAAIE,KAAK,CAAC,4BAA4B,CAAC;EACjD;EACA,MAAMC,WAAW,GAAGC,KAAK,CAACC,OAAO,CAACL,MAAM,CAAC,GAAGA,MAAM,CAAC,CAAC,CAAC,CAACH,KAAK,GAAGG,MAAM,CAACH,KAAK;EAC1E,IAAI,CAACM,WAAW,EAAE;IACd,MAAM,IAAID,KAAK,CAAC,kCAAkC,CAAC;EACvD;EACA,MAAMD,IAAI,GAAGlB,cAAc,CAACoB,WAAW,CAAC;EAExC,MAAMG,MAAM,GAAG1B,yBAAyB,CAAC2B,IAAI,CACzCD,MAAM,IAAIA,MAAM,CAACE,IAAI,KAAKT,MAAM,IAAIO,MAAM,CAACG,YAAY,KAAKR,IAChE,CAAC;EACD,IAAIK,MAAM,EAAE;IACR,OAAOA,MAAM;EACjB;EACA,MAAM,IAAIJ,KAAK,CAAC,uCAAuCD,IAAI,GAAG,CAAC;AACnE;AAEA,SAASS,aAAaA,CAACvB,OAAO,EAAEY,MAAM,EAAE;EACpC,MAAMY,YAAY,GAAGb,eAAe,CAACX,OAAO,CAACS,OAAO,IAAI,CAAC,CAAC,EAAEG,MAAM,CAAC;EAEnEvB,EAAE,CAACoC,mBAAmB,CAAC;IACnBC,UAAU,EAAEF,YAAY,CAACA;EAC7B,CAAC,CAAC;EAEF,OAAOxB,OAAO;AAClB;AAEA,eAAe2B,OAAOA,CAACC,KAAK,EAAE;EAC1B,MAAMC,OAAO,GAAGD,KAAK,CAACC,OAAO;EAC7B,MAAM7B,OAAO,GAAG4B,KAAK,CAAC5B,OAAO;EAE7B,IAAI;IACA,IAAI6B,OAAO,CAACC,SAAS,KAAK,gBAAgB,EAAE;MACxC,IAAIf,KAAK,CAAC,oDAAoD,CAAC;IACnE;IACA,MAAMH,MAAM,GAAG,MAAMlB,KAAK,CAACqC,GAAG,CAACvC,2BAA2B,CAAC;IAC3D,IAAI,CAACoB,MAAM,EAAE;MACT,MAAM,IAAIG,KAAK,CAAC,sCAAsC,CAAC;IAC3D;IAEA,OAAO,MAAMQ,aAAa,CAACvB,OAAO,EAAEY,MAAM,CAAC;EAC/C,CAAC,CAAC,OAAOoB,EAAE,EAAE;IACT,OAAOjC,gBAAgB,CAACC,OAAO,EAAEgC,EAAE,CAAC;EACxC;AACJ","ignoreList":[]}
package/pulumi/apps/core/CoreOpenSearch.d.ts CHANGED
@@ -2,6 +2,8 @@ import * as aws from "@pulumi/aws";
2
2
  import { type PulumiAppRemoteResource, type PulumiAppResource, type PulumiAppResourceConstructor } from "@webiny/pulumi";
3
3
  export interface OpenSearchParams {
4
4
  protect: boolean;
5
+ namePrefix: string;
6
+ prevDomainName: string | undefined;
5
7
  }
6
8
  export declare const OpenSearch: import("@webiny/pulumi").PulumiAppModuleDefinition<{
7
9
  domain: PulumiAppResource<PulumiAppResourceConstructor<import("@pulumi/aws/opensearch/domain.js").Domain, any>> | PulumiAppRemoteResource<aws.opensearch.GetDomainResult>;
package/pulumi/apps/core/CoreOpenSearch.js CHANGED
@@ -63,11 +63,24 @@ export const OpenSearch = createAppModule({
63
63
  const randomId = new random.RandomId("osDomainRandomId", {
64
64
  byteLength: 8
65
65
  });
66
- const namePrefix = app.getParam(app.params.create.pulumiResourceNamePrefix) || "";
67
66
  const domainLogicalName = "webiny-js";
68
- const domainPhysicalName = randomId.hex.apply(hex => {
69
- return `${namePrefix}${domainLogicalName}-${hex.slice(-7)}`;
70
- });
67
+
68
+ /**
69
+ * The physical domain name must remain stable across re-deploys. Changing it causes
70
+ * Pulumi to delete and recreate the cluster, which is a destructive operation.
71
+ *
72
+ * To avoid this, we read the domain name that was stored in the previous deploy's
73
+ * stack output (via `sdk.getAppStackOutput`) and reuse it unchanged. Only on the
74
+ * very first deploy, when there is no previous output, do we generate a new name
75
+ * (with the resource name prefix applied for consistent naming going forward).
76
+ *
77
+ * NOTE: `params.namePrefix` may be "" when upgrading from old code that never stored
78
+ * the domain name in the stack output. In that case the caller passes "" explicitly so
79
+ * the fallback formula reproduces the legacy name (`webiny-js-<hex>`) rather than
80
+ * prepending the SDK default prefix and triggering an unintended cluster replacement.
81
+ * See `createCorePulumiApp.ts` → `isUpgradeFromOldCode` for details.
82
+ */
83
+ const domainPhysicalName = randomId.hex.apply(hex => params.prevDomainName ?? `${params.namePrefix}${domainLogicalName}-${hex.slice(-7)}`);
71
84
  domain = app.addResource(aws.opensearch.Domain, {
72
85
  name: domainLogicalName,
73
86
  config: {
@@ -275,6 +288,7 @@ export const OpenSearch = createAppModule({
275
288
  app.addOutputs({
276
289
  opensearchDomainArn: domainArn,
277
290
  opensearchDomainEndpoint: domainEndpoint,
291
+ opensearchDomainName: domain.output.domainName,
278
292
  opensearchDynamodbTableArn: table.output.arn,
279
293
  opensearchDynamodbTableName: table.output.name
280
294
  });
package/pulumi/apps/core/CoreOpenSearch.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["path","pulumi","aws","random","createAppModule","getAwsAccountId","CoreVpc","LAMBDA_RUNTIME","getDevClusterConfig","instanceType","getProdClusterConfig","instanceCount","zoneAwarenessEnabled","zoneAwarenessConfig","availabilityZoneCount","OS_ENGINE_VERSION","OpenSearch","name","config","app","params","isProduction","env","vpc","getModule","optional","domain","domainPolicy","domainEndpoint","domainArn","providedEndpoint","process","OPENSEARCH_ENDPOINT","providedDomainName","AWS_OS_DOMAIN_NAME","Error","addRemoteResource","opensearch","getDomain","domainName","async","output","arn","endpoint","randomId","RandomId","byteLength","namePrefix","getParam","create","pulumiResourceNamePrefix","domainLogicalName","domainPhysicalName","hex","apply","slice","addResource","Domain","engineVersion","clusterConfig","vpcOptions","subnetIds","subnets","private","map","s","id","securityGroupIds","defaultSecurityGroupId","undefined","ebsOptions","ebsEnabled","volumeSize","volumeType","advancedOptions","snapshotOptions","automatedSnapshotStartHour","opts","protect","accountId","DomainPolicy","accessPolicies","all","JSON","stringify","Version","Statement","Effect","Principal","AWS","Action","Resource","table","dynamodb","Table","attributes","type","streamEnabled","streamViewType","billingMode","hashKey","rangeKey","globalSecondaryIndexes","keySchemas","attributeName","keyType","projectionType","ttl","enabled","roleName","role","iam","Role","assumeRolePolicy","Service","meta","isLambdaFunctionRole","policy","getDynamoDbToElasticLambdaPolicy","RolePolicyAttachment","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","AWSLambdaBasicExecutionRole","AWSLambdaDynamoDBExecutionRole","lambda","Function","runtime","handler","timeout","memorySize","environment","variables","DEBUG","String","OPENSEARCH_USERNAME","OPENSEARCH_PASSWORD","description","code","asset","AssetArchive","FileArchive","join","paths","workspace","vpcConfig","loggingConfig","logFormat","eventSourceMapping","EventSourceMapping","eventSourceArn","streamArn","functionName","startingPosition","maximumRetryAttempts","batchSize","maximumBatchingWindowInSeconds","addOutputs","opensearchDomainArn","opensearchDomainEndpoint","opensearchDynamodbTableArn","opensearchDynamodbTableName","dynamoToElastic","Policy","Sid","interpolate"],"sources":["CoreOpenSearch.ts"],"sourcesContent":["/**\n * Important documents to read:\n *\n * https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#network-limits\n */\nimport path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as random from \"@pulumi/random\";\nimport {\n createAppModule,\n type PulumiApp,\n type PulumiAppRemoteResource,\n type PulumiAppResource,\n type PulumiAppResourceConstructor\n} from \"@webiny/pulumi\";\n\nimport { getAwsAccountId } from \"../awsUtils.js\";\nimport { CoreVpc } from \"./CoreVpc.js\";\nimport { LAMBDA_RUNTIME } from \"~/pulumi/constants.js\";\n\nexport interface OpenSearchParams {\n protect: boolean;\n}\n\nfunction getDevClusterConfig(): aws.types.input.opensearch.DomainClusterConfig {\n return {\n instanceType: \"t3.small.search\"\n };\n}\n\nfunction getProdClusterConfig(): aws.types.input.opensearch.DomainClusterConfig {\n return {\n // For production deployments, we create 3 instances and configure multi-AZ across 3 zones.\n instanceType: \"t3.medium.search\",\n instanceCount: 3,\n zoneAwarenessEnabled: true,\n zoneAwarenessConfig: {\n availabilityZoneCount: 3\n }\n };\n}\n\nconst OS_ENGINE_VERSION = \"OpenSearch_3.3\";\n\nexport const OpenSearch = createAppModule({\n name: \"OpenSearch\",\n config(app, params: OpenSearchParams) {\n const isProduction = app.env.isProduction;\n\n const vpc = app.getModule(CoreVpc, { optional: true });\n\n let domain:\n | PulumiAppResource<PulumiAppResourceConstructor<aws.opensearch.Domain>>\n | PulumiAppRemoteResource<aws.opensearch.GetDomainResult>\n | null = null;\n\n let domainPolicy;\n let domainEndpoint: pulumi.Output<string> | string;\n let domainArn: pulumi.Output<string>;\n\n const providedEndpoint = process.env.OPENSEARCH_ENDPOINT;\n const providedDomainName = process.env.AWS_OS_DOMAIN_NAME;\n\n if (providedEndpoint && !providedDomainName) {\n throw new Error(\n \"OPENSEARCH_ENDPOINT was provided but AWS_OS_DOMAIN_NAME is missing. \" +\n \"A domain name is required to look up the domain ARN when using a custom endpoint.\"\n );\n }\n\n if (providedDomainName) {\n // Look up the existing domain by name to obtain its ARN and (if no explicit endpoint is\n // provided) its endpoint. This covers both the ephemeral-environment pattern and the\n // case where an external endpoint is supplied alongside a domain name.\n // https://www.webiny.com/docs/key-topics/ci-cd/testing/slow-ephemeral-environments\n domain = app.addRemoteResource(providedDomainName, () => {\n return aws.opensearch.getDomain(\n { domainName: providedDomainName },\n { async: true }\n );\n });\n domainArn = domain.output.arn;\n // Prefer an explicitly provided endpoint; fall back to the one reported by AWS.\n domainEndpoint = providedEndpoint ?? domain.output.endpoint;\n } else {\n const randomId = new random.RandomId(\"osDomainRandomId\", { byteLength: 8 });\n const namePrefix = app.getParam(app.params.create.pulumiResourceNamePrefix) || \"\";\n\n const domainLogicalName = \"webiny-js\";\n const domainPhysicalName = randomId.hex.apply((hex: string) => {\n return `${namePrefix}${domainLogicalName}-${hex.slice(-7)}`;\n });\n\n domain = app.addResource(aws.opensearch.Domain, {\n name: domainLogicalName,\n config: {\n domainName: domainPhysicalName,\n engineVersion: OS_ENGINE_VERSION,\n clusterConfig: isProduction ? getProdClusterConfig() : getDevClusterConfig(),\n vpcOptions: vpc\n ? {\n subnetIds: vpc.subnets.private.map(s => s.output.id),\n securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n }\n : undefined,\n ebsOptions: {\n ebsEnabled: true,\n volumeSize: 10,\n volumeType: \"gp2\"\n },\n advancedOptions: {\n \"rest.action.multi.allow_explicit_index\": \"true\"\n },\n snapshotOptions: {\n automatedSnapshotStartHour: 23\n }\n },\n opts: { protect: params.protect }\n });\n\n domainEndpoint = domain.output.endpoint;\n domainArn = domain.output.arn;\n\n /**\n * Domain policy defines who can access your OpenSearch Domain.\n * For details on OpenSearch security, read the official documentation:\n * https://docs.aws.amazon.com/openSearch-service/latest/developerguide/security.html\n */\n const accountId = getAwsAccountId(app);\n\n domainPolicy = app.addResource(aws.opensearch.DomainPolicy, {\n name: `${domainLogicalName}-policy`,\n config: {\n domainName: domain.output.domainName,\n accessPolicies: pulumi\n .all([accountId, domainArn])\n .apply(([accountId, domainArn]) => {\n return JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [\n /**\n * Allow requests signed with current account\n */\n {\n Effect: \"Allow\",\n Principal: {\n AWS: accountId\n },\n Action: \"es:*\",\n Resource: `${domainArn}/*`\n }\n ]\n });\n })\n },\n opts: { protect: params.protect }\n });\n }\n\n /**\n * Create a table for OpenSearch records. All ES records are stored in this table to dramatically improve\n * performance and stability on write operations (especially massive data imports). This table also serves as a backup and\n * a single source of truth for your OpenSearch domain. Streaming is enabled on this table, and it will\n * allow asynchronous synchronization of data with OpenSearch domain.\n */\n const table = app.addResource(aws.dynamodb.Table, {\n name: \"webiny-es\",\n config: {\n attributes: [\n { name: \"PK\", type: \"S\" },\n { name: \"SK\", type: \"S\" },\n { name: \"GSI_TENANT\", type: \"S\" }\n ],\n streamEnabled: true,\n streamViewType: \"NEW_AND_OLD_IMAGES\",\n billingMode: \"PAY_PER_REQUEST\",\n hashKey: \"PK\",\n rangeKey: \"SK\",\n globalSecondaryIndexes: [\n {\n name: \"GSI_TENANT\",\n keySchemas: [\n {\n attributeName: \"GSI_TENANT\",\n keyType: \"HASH\"\n }\n ],\n projectionType: \"KEYS_ONLY\"\n }\n ],\n ttl: {\n attributeName: \"expiresAt\",\n enabled: true\n }\n },\n opts: { protect: params.protect }\n });\n\n const roleName = \"dynamo-to-elastic-lambda-role\";\n\n const role = app.addResource(aws.iam.Role, {\n name: roleName,\n config: {\n assumeRolePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Action: \"sts:AssumeRole\",\n Principal: {\n Service: \"lambda.amazonaws.com\"\n },\n Effect: \"Allow\"\n }\n ]\n }\n },\n meta: { isLambdaFunctionRole: true }\n });\n\n const policy = getDynamoDbToElasticLambdaPolicy(app, domainArn);\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-DynamoDbToElasticLambdaPolicy`,\n config: {\n role: role.output,\n policyArn: policy.output.arn\n }\n });\n\n // Only use `AWSLambdaVPCAccessExecutionRole` policy if VPC feature is enabled.\n if (vpc) {\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaVPCAccessExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n }\n });\n } else {\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaBasicExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n }\n });\n }\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaDynamoDBExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaDynamoDBExecutionRole\n }\n });\n\n /**\n * This Lambda will process the stream events from DynamoDB table that contains OpenSearch items.\n * OpenSearch can't take large amount of individual writes in a short period of time, so this way\n * we store data for OpenSearch in a DynamoDB table, and asynchronously insert it into OpenSearch\n * using batching.\n */\n const lambda = app.addResource(aws.lambda.Function, {\n name: \"dynamo-to-elastic\",\n config: {\n role: role.output.arn,\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n timeout: 900,\n memorySize: 1024,\n environment: {\n variables: {\n DEBUG: String(process.env.DEBUG),\n OPENSEARCH_ENDPOINT: domainEndpoint,\n OPENSEARCH_USERNAME: process.env.OPENSEARCH_USERNAME ?? \"\",\n OPENSEARCH_PASSWORD: process.env.OPENSEARCH_PASSWORD ?? \"\"\n }\n },\n description: \"Process DynamoDB Stream.\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"dynamoToElastic/build\")\n )\n }),\n vpcConfig: vpc\n ? {\n subnetIds: vpc.subnets.private.map(s => s.output.id),\n securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n }\n : undefined,\n loggingConfig: {\n logFormat: \"JSON\"\n }\n }\n });\n\n const eventSourceMapping = app.addResource(aws.lambda.EventSourceMapping, {\n name: \"dynamo-to-elastic\",\n config: {\n eventSourceArn: table.output.streamArn,\n functionName: lambda.output.arn,\n startingPosition: \"LATEST\",\n maximumRetryAttempts: 3,\n batchSize: 50,\n maximumBatchingWindowInSeconds: 1\n }\n });\n\n app.addOutputs({\n opensearchDomainArn: domainArn,\n opensearchDomainEndpoint: domainEndpoint,\n opensearchDynamodbTableArn: table.output.arn,\n opensearchDynamodbTableName: table.output.name\n });\n\n return {\n domain,\n domainPolicy,\n table,\n dynamoToElastic: {\n role,\n policy,\n lambda,\n eventSourceMapping\n }\n };\n }\n});\n\nfunction getDynamoDbToElasticLambdaPolicy(app: PulumiApp, domainArn: pulumi.Output<string>) {\n return app.addResource(aws.iam.Policy, {\n name: \"DynamoDbToElasticLambdaPolicy-updated\",\n config: {\n description: \"This policy enables access to ES and Dynamodb streams\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionForES\",\n Effect: \"Allow\",\n Action: [\n \"es:ESHttpGet\",\n \"es:ESHttpDelete\",\n \"es:ESHttpPatch\",\n \"es:ESHttpPost\",\n \"es:ESHttpPut\",\n \"dynamodb:BatchGetItem\",\n \"dynamodb:BatchWriteItem\",\n \"dynamodb:PutItem\",\n \"dynamodb:GetItem\",\n \"dynamodb:DeleteItem\",\n \"dynamodb:Query\",\n \"dynamodb:UpdateItem\"\n ],\n Resource: [\n pulumi.interpolate`${domainArn}`,\n pulumi.interpolate`${domainArn}/*`\n ]\n }\n ]\n }\n }\n });\n}\n"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA,OAAOA,IAAI,MAAM,MAAM;AACvB,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,OAAO,KAAKC,GAAG,MAAM,aAAa;AAClC,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,SACIC,eAAe,QAKZ,gBAAgB;AAEvB,SAASC,eAAe;AACxB,SAASC,OAAO;AAChB,SAASC,cAAc;AAMvB,SAASC,mBAAmBA,CAAA,EAAmD;EAC3E,OAAO;IACHC,YAAY,EAAE;EAClB,CAAC;AACL;AAEA,SAASC,oBAAoBA,CAAA,EAAmD;EAC5E,OAAO;IACH;IACAD,YAAY,EAAE,kBAAkB;IAChCE,aAAa,EAAE,CAAC;IAChBC,oBAAoB,EAAE,IAAI;IAC1BC,mBAAmB,EAAE;MACjBC,qBAAqB,EAAE;IAC3B;EACJ,CAAC;AACL;AAEA,MAAMC,iBAAiB,GAAG,gBAAgB;AAE1C,OAAO,MAAMC,UAAU,GAAGZ,eAAe,CAAC;EACtCa,IAAI,EAAE,YAAY;EAClBC,MAAMA,CAACC,GAAG,EAAEC,MAAwB,EAAE;IAClC,MAAMC,YAAY,GAAGF,GAAG,CAACG,GAAG,CAACD,YAAY;IAEzC,MAAME,GAAG,GAAGJ,GAAG,CAACK,SAAS,CAAClB,OAAO,EAAE;MAAEmB,QAAQ,EAAE;IAAK,CAAC,CAAC;IAEtD,IAAIC,MAGM,GAAG,IAAI;IAEjB,IAAIC,YAAY;IAChB,IAAIC,cAA8C;IAClD,IAAIC,SAAgC;IAEpC,MAAMC,gBAAgB,GAAGC,OAAO,CAACT,GAAG,CAACU,mBAAmB;IACxD,MAAMC,kBAAkB,GAAGF,OAAO,CAACT,GAAG,CAACY,kBAAkB;IAEzD,IAAIJ,gBAAgB,IAAI,CAACG,kBAAkB,EAAE;MACzC,MAAM,IAAIE,KAAK,CACX,sEAAsE,GAClE,mFACR,CAAC;IACL;IAEA,IAAIF,kBAAkB,EAAE;MACpB;MACA;MACA;MACA;MACAP,MAAM,GAAGP,GAAG,CAACiB,iBAAiB,CAACH,kBAAkB,EAAE,MAAM;QACrD,OAAO/B,GAAG,CAACmC,UAAU,CAACC,SAAS,CAC3B;UAAEC,UAAU,EAAEN;QAAmB,CAAC,EAClC;UAAEO,KAAK,EAAE;QAAK,CAClB,CAAC;MACL,CAAC,CAAC;MACFX,SAAS,GAAGH,MAAM,CAACe,MAAM,CAACC,GAAG;MAC7B;MACAd,cAAc,GAAGE,gBAAgB,IAAIJ,MAAM,CAACe,MAAM,CAACE,QAAQ;IAC/D,CAAC,MAAM;MACH,MAAMC,QAAQ,GAAG,IAAIzC,MAAM,CAAC0C,QAAQ,CAAC,kBAAkB,EAAE;QAAEC,UAAU,EAAE;MAAE,CAAC,CAAC;MAC3E,MAAMC,UAAU,GAAG5B,GAAG,CAAC6B,QAAQ,CAAC7B,GAAG,CAACC,MAAM,CAAC6B,MAAM,CAACC,wBAAwB,CAAC,IAAI,EAAE;MAEjF,MAAMC,iBAAiB,GAAG,WAAW;MACrC,MAAMC,kBAAkB,GAAGR,QAAQ,CAACS,GAAG,CAACC,KAAK,CAAED,GAAW,IAAK;QAC3D,OAAO,GAAGN,UAAU,GAAGI,iBAAiB,IAAIE,GAAG,CAACE,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE;MAC/D,CAAC,CAAC;MAEF7B,MAAM,GAAGP,GAAG,CAACqC,WAAW,CAACtD,GAAG,CAACmC,UAAU,CAACoB,MAAM,EAAE;QAC5CxC,IAAI,EAAEkC,iBAAiB;QACvBjC,MAAM,EAAE;UACJqB,UAAU,EAAEa,kBAAkB;UAC9BM,aAAa,EAAE3C,iBAAiB;UAChC4C,aAAa,EAAEtC,YAAY,GAAGX,oBAAoB,CAAC,CAAC,GAAGF,mBAAmB,CAAC,CAAC;UAC5EoD,UAAU,EAAErC,GAAG,GACT;YACIsC,SAAS,EAAEtC,GAAG,CAACuC,OAAO,CAACC,OAAO,CAACC,GAAG,CAACC,CAAC,IAAIA,CAAC,CAACxB,MAAM,CAACyB,EAAE,CAAC;YACpDC,gBAAgB,EAAE,CAAC5C,GAAG,CAACA,GAAG,CAACkB,MAAM,CAAC2B,sBAAsB;UAC5D,CAAC,GACDC,SAAS;UACfC,UAAU,EAAE;YACRC,UAAU,EAAE,IAAI;YAChBC,UAAU,EAAE,EAAE;YACdC,UAAU,EAAE;UAChB,CAAC;UACDC,eAAe,EAAE;YACb,wCAAwC,EAAE;UAC9C,CAAC;UACDC,eAAe,EAAE;YACbC,0BAA0B,EAAE;UAChC;QACJ,CAAC;QACDC,IAAI,EAAE;UAAEC,OAAO,EAAE1D,MAAM,CAAC0D;QAAQ;MACpC,CAAC,CAAC;MAEFlD,cAAc,GAAGF,MAAM,CAACe,MAAM,CAACE,QAAQ;MACvCd,SAAS,GAAGH,MAAM,CAACe,MAAM,CAACC,GAAG;;MAE7B;AACZ;AACA;AACA;AACA;MACY,MAAMqC,SAAS,GAAG1E,eAAe,CAACc,GAAG,CAAC;MAEtCQ,YAAY,GAAGR,GAAG,CAACqC,WAAW,CAACtD,GAAG,CAACmC,UAAU,CAAC2C,YAAY,EAAE;QACxD/D,IAAI,EAAE,GAAGkC,iBAAiB,SAAS;QACnCjC,MAAM,EAAE;UACJqB,UAAU,EAAEb,MAAM,CAACe,MAAM,CAACF,UAAU;UACpC0C,cAAc,EAAEhF,MAAM,CACjBiF,GAAG,CAAC,CAACH,SAAS,EAAElD,SAAS,CAAC,CAAC,CAC3ByB,KAAK,CAAC,CAAC,CAACyB,SAAS,EAAElD,SAAS,CAAC,KAAK;YAC/B,OAAOsD,IAAI,CAACC,SAAS,CAAC;cAClBC,OAAO,EAAE,YAAY;cACrBC,SAAS,EAAE;cACP;AACpC;AACA;cACoC;gBACIC,MAAM,EAAE,OAAO;gBACfC,SAAS,EAAE;kBACPC,GAAG,EAAEV;gBACT,CAAC;gBACDW,MAAM,EAAE,MAAM;gBACdC,QAAQ,EAAE,GAAG9D,SAAS;cAC1B,CAAC;YAET,CAAC,CAAC;UACN,CAAC;QACT,CAAC;QACDgD,IAAI,EAAE;UAAEC,OAAO,EAAE1D,MAAM,CAAC0D;QAAQ;MACpC,CAAC,CAAC;IACN;;IAEA;AACR;AACA;AACA;AACA;AACA;IACQ,MAAMc,KAAK,GAAGzE,GAAG,CAACqC,WAAW,CAACtD,GAAG,CAAC2F,QAAQ,CAACC,KAAK,EAAE;MAC9C7E,IAAI,EAAE,WAAW;MACjBC,MAAM,EAAE;QACJ6E,UAAU,EAAE,CACR;UAAE9E,IAAI,EAAE,IAAI;UAAE+E,IAAI,EAAE;QAAI,CAAC,EACzB;UAAE/E,IAAI,EAAE,IAAI;UAAE+E,IAAI,EAAE;QAAI,CAAC,EACzB;UAAE/E,IAAI,EAAE,YAAY;UAAE+E,IAAI,EAAE;QAAI,CAAC,CACpC;QACDC,aAAa,EAAE,IAAI;QACnBC,cAAc,EAAE,oBAAoB;QACpCC,WAAW,EAAE,iBAAiB;QAC9BC,OAAO,EAAE,IAAI;QACbC,QAAQ,EAAE,IAAI;QACdC,sBAAsB,EAAE,CACpB;UACIrF,IAAI,EAAE,YAAY;UAClBsF,UAAU,EAAE,CACR;YACIC,aAAa,EAAE,YAAY;YAC3BC,OAAO,EAAE;UACb,CAAC,CACJ;UACDC,cAAc,EAAE;QACpB,CAAC,CACJ;QACDC,GAAG,EAAE;UACDH,aAAa,EAAE,WAAW;UAC1BI,OAAO,EAAE;QACb;MACJ,CAAC;MACD/B,IAAI,EAAE;QAAEC,OAAO,EAAE1D,MAAM,CAAC0D;MAAQ;IACpC,CAAC,CAAC;IAEF,MAAM+B,QAAQ,GAAG,+BAA+B;IAEhD,MAAMC,IAAI,GAAG3F,GAAG,CAACqC,WAAW,CAACtD,GAAG,CAAC6G,GAAG,CAACC,IAAI,EAAE;MACvC/F,IAAI,EAAE4F,QAAQ;MACd3F,MAAM,EAAE;QACJ+F,gBAAgB,EAAE;UACd5B,OAAO,EAAE,YAAY;UACrBC,SAAS,EAAE,CACP;YACII,MAAM,EAAE,gBAAgB;YACxBF,SAAS,EAAE;cACP0B,OAAO,EAAE;YACb,CAAC;YACD3B,MAAM,EAAE;UACZ,CAAC;QAET;MACJ,CAAC;MACD4B,IAAI,EAAE;QAAEC,oBAAoB,EAAE;MAAK;IACvC,CAAC,CAAC;IAEF,MAAMC,MAAM,GAAGC,gCAAgC,CAACnG,GAAG,EAAEU,SAAS,CAAC;IAE/DV,GAAG,CAACqC,WAAW,CAACtD,GAAG,CAAC6G,GAAG,CAACQ,oBAAoB,EAAE;MAC1CtG,IAAI,EAAE,GAAG4F,QAAQ,gCAAgC;MACjD3F,MAAM,EAAE;QACJ4F,IAAI,EAAEA,IAAI,CAACrE,MAAM;QACjB+E,SAAS,EAAEH,MAAM,CAAC5E,MAAM,CAACC;MAC7B;IACJ,CAAC,CAAC;;IAEF;IACA,IAAInB,GAAG,EAAE;MACLJ,GAAG,CAACqC,WAAW,CAACtD,GAAG,CAAC6G,GAAG,CAACQ,oBAAoB,EAAE;QAC1CtG,IAAI,EAAE,GAAG4F,QAAQ,kCAAkC;QACnD3F,MAAM,EAAE;UACJ4F,IAAI,EAAEA,IAAI,CAACrE,MAAM;UACjB+E,SAAS,EAAEtH,GAAG,CAAC6G,GAAG,CAACU,aAAa,CAACC;QACrC;MACJ,CAAC,CAAC;IACN,CAAC,MAAM;MACHvG,GAAG,CAACqC,WAAW,CAACtD,GAAG,CAAC6G,GAAG,CAACQ,oBAAoB,EAAE;QAC1CtG,IAAI,EAAE,GAAG4F,QAAQ,8BAA8B;QAC/C3F,MAAM,EAAE;UACJ4F,IAAI,EAAEA,IAAI,CAACrE,MAAM;UACjB+E,SAAS,EAAEtH,GAAG,CAAC6G,GAAG,CAACU,aAAa,CAACE;QACrC;MACJ,CAAC,CAAC;IACN;IAEAxG,GAAG,CAACqC,WAAW,CAACtD,GAAG,CAAC6G,GAAG,CAACQ,oBAAoB,EAAE;MAC1CtG,IAAI,EAAE,GAAG4F,QAAQ,iCAAiC;MAClD3F,MAAM,EAAE;QACJ4F,IAAI,EAAEA,IAAI,CAACrE,MAAM;QACjB+E,SAAS,EAAEtH,GAAG,CAAC6G,GAAG,CAACU,aAAa,CAACG;MACrC;IACJ,CAAC,CAAC;;IAEF;AACR;AACA;AACA;AACA;AACA;IACQ,MAAMC,MAAM,GAAG1G,GAAG,CAACqC,WAAW,CAACtD,GAAG,CAAC2H,MAAM,CAACC,QAAQ,EAAE;MAChD7G,IAAI,EAAE,mBAAmB;MACzBC,MAAM,EAAE;QACJ4F,IAAI,EAAEA,IAAI,CAACrE,MAAM,CAACC,GAAG;QACrBqF,OAAO,EAAExH,cAAc;QACvByH,OAAO,EAAE,iBAAiB;QAC1BC,OAAO,EAAE,GAAG;QACZC,UAAU,EAAE,IAAI;QAChBC,WAAW,EAAE;UACTC,SAAS,EAAE;YACPC,KAAK,EAAEC,MAAM,CAACvG,OAAO,CAACT,GAAG,CAAC+G,KAAK,CAAC;YAChCrG,mBAAmB,EAAEJ,cAAc;YACnC2G,mBAAmB,EAAExG,OAAO,CAACT,GAAG,CAACiH,mBAAmB,IAAI,EAAE;YAC1DC,mBAAmB,EAAEzG,OAAO,CAACT,GAAG,CAACkH,mBAAmB,IAAI;UAC5D;QACJ,CAAC;QACDC,WAAW,EAAE,0BAA0B;QACvCC,IAAI,EAAE,IAAIzI,MAAM,CAAC0I,KAAK,CAACC,YAAY,CAAC;UAChC,GAAG,EAAE,IAAI3I,MAAM,CAAC0I,KAAK,CAACE,WAAW,CAC7B7I,IAAI,CAAC8I,IAAI,CAAC3H,GAAG,CAAC4H,KAAK,CAACC,SAAS,EAAE,uBAAuB,CAC1D;QACJ,CAAC,CAAC;QACFC,SAAS,EAAE1H,GAAG,GACR;UACIsC,SAAS,EAAEtC,GAAG,CAACuC,OAAO,CAACC,OAAO,CAACC,GAAG,CAACC,CAAC,IAAIA,CAAC,CAACxB,MAAM,CAACyB,EAAE,CAAC;UACpDC,gBAAgB,EAAE,CAAC5C,GAAG,CAACA,GAAG,CAACkB,MAAM,CAAC2B,sBAAsB;QAC5D,CAAC,GACDC,SAAS;QACf6E,aAAa,EAAE;UACXC,SAAS,EAAE;QACf;MACJ;IACJ,CAAC,CAAC;IAEF,MAAMC,kBAAkB,GAAGjI,GAAG,CAACqC,WAAW,CAACtD,GAAG,CAAC2H,MAAM,CAACwB,kBAAkB,EAAE;MACtEpI,IAAI,EAAE,mBAAmB;MACzBC,MAAM,EAAE;QACJoI,cAAc,EAAE1D,KAAK,CAACnD,MAAM,CAAC8G,SAAS;QACtCC,YAAY,EAAE3B,MAAM,CAACpF,MAAM,CAACC,GAAG;QAC/B+G,gBAAgB,EAAE,QAAQ;QAC1BC,oBAAoB,EAAE,CAAC;QACvBC,SAAS,EAAE,EAAE;QACbC,8BAA8B,EAAE;MACpC;IACJ,CAAC,CAAC;IAEFzI,GAAG,CAAC0I,UAAU,CAAC;MACXC,mBAAmB,EAAEjI,SAAS;MAC9BkI,wBAAwB,EAAEnI,cAAc;MACxCoI,0BAA0B,EAAEpE,KAAK,CAACnD,MAAM,CAACC,GAAG;MAC5CuH,2BAA2B,EAAErE,KAAK,CAACnD,MAAM,CAACxB;IAC9C,CAAC,CAAC;IAEF,OAAO;MACHS,MAAM;MACNC,YAAY;MACZiE,KAAK;MACLsE,eAAe,EAAE;QACbpD,IAAI;QACJO,MAAM;QACNQ,MAAM;QACNuB;MACJ;IACJ,CAAC;EACL;AACJ,CAAC,CAAC;AAEF,SAAS9B,gCAAgCA,CAACnG,GAAc,EAAEU,SAAgC,EAAE;EACxF,OAAOV,GAAG,CAACqC,WAAW,CAACtD,GAAG,CAAC6G,GAAG,CAACoD,MAAM,EAAE;IACnClJ,IAAI,EAAE,uCAAuC;IAC7CC,MAAM,EAAE;MACJuH,WAAW,EAAE,uDAAuD;MACpEpB,MAAM,EAAE;QACJhC,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACI8E,GAAG,EAAE,iBAAiB;UACtB7E,MAAM,EAAE,OAAO;UACfG,MAAM,EAAE,CACJ,cAAc,EACd,iBAAiB,EACjB,gBAAgB,EAChB,eAAe,EACf,cAAc,EACd,uBAAuB,EACvB,yBAAyB,EACzB,kBAAkB,EAClB,kBAAkB,EAClB,qBAAqB,EACrB,gBAAgB,EAChB,qBAAqB,CACxB;UACDC,QAAQ,EAAE,CACN1F,MAAM,CAACoK,WAAW,GAAGxI,SAAS,EAAE,EAChC5B,MAAM,CAACoK,WAAW,GAAGxI,SAAS,IAAI;QAE1C,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;AACN","ignoreList":[]}
1
+ {"version":3,"names":["path","pulumi","aws","random","createAppModule","getAwsAccountId","CoreVpc","LAMBDA_RUNTIME","getDevClusterConfig","instanceType","getProdClusterConfig","instanceCount","zoneAwarenessEnabled","zoneAwarenessConfig","availabilityZoneCount","OS_ENGINE_VERSION","OpenSearch","name","config","app","params","isProduction","env","vpc","getModule","optional","domain","domainPolicy","domainEndpoint","domainArn","providedEndpoint","process","OPENSEARCH_ENDPOINT","providedDomainName","AWS_OS_DOMAIN_NAME","Error","addRemoteResource","opensearch","getDomain","domainName","async","output","arn","endpoint","randomId","RandomId","byteLength","domainLogicalName","domainPhysicalName","hex","apply","prevDomainName","namePrefix","slice","addResource","Domain","engineVersion","clusterConfig","vpcOptions","subnetIds","subnets","private","map","s","id","securityGroupIds","defaultSecurityGroupId","undefined","ebsOptions","ebsEnabled","volumeSize","volumeType","advancedOptions","snapshotOptions","automatedSnapshotStartHour","opts","protect","accountId","DomainPolicy","accessPolicies","all","JSON","stringify","Version","Statement","Effect","Principal","AWS","Action","Resource","table","dynamodb","Table","attributes","type","streamEnabled","streamViewType","billingMode","hashKey","rangeKey","globalSecondaryIndexes","keySchemas","attributeName","keyType","projectionType","ttl","enabled","roleName","role","iam","Role","assumeRolePolicy","Service","meta","isLambdaFunctionRole","policy","getDynamoDbToElasticLambdaPolicy","RolePolicyAttachment","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","AWSLambdaBasicExecutionRole","AWSLambdaDynamoDBExecutionRole","lambda","Function","runtime","handler","timeout","memorySize","environment","variables","DEBUG","String","OPENSEARCH_USERNAME","OPENSEARCH_PASSWORD","description","code","asset","AssetArchive","FileArchive","join","paths","workspace","vpcConfig","loggingConfig","logFormat","eventSourceMapping","EventSourceMapping","eventSourceArn","streamArn","functionName","startingPosition","maximumRetryAttempts","batchSize","maximumBatchingWindowInSeconds","addOutputs","opensearchDomainArn","opensearchDomainEndpoint","opensearchDomainName","opensearchDynamodbTableArn","opensearchDynamodbTableName","dynamoToElastic","Policy","Sid","interpolate"],"sources":["CoreOpenSearch.ts"],"sourcesContent":["/**\n * Important documents to read:\n *\n * https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#network-limits\n */\nimport path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as random from \"@pulumi/random\";\nimport {\n createAppModule,\n type PulumiApp,\n type PulumiAppRemoteResource,\n type PulumiAppResource,\n type PulumiAppResourceConstructor\n} from \"@webiny/pulumi\";\n\nimport { getAwsAccountId } from \"../awsUtils.js\";\nimport { CoreVpc } from \"./CoreVpc.js\";\nimport { LAMBDA_RUNTIME } from \"~/pulumi/constants.js\";\n\nexport interface OpenSearchParams {\n protect: boolean;\n namePrefix: string;\n prevDomainName: string | undefined;\n}\n\nfunction getDevClusterConfig(): aws.types.input.opensearch.DomainClusterConfig {\n return {\n instanceType: \"t3.small.search\"\n };\n}\n\nfunction getProdClusterConfig(): aws.types.input.opensearch.DomainClusterConfig {\n return {\n // For production deployments, we create 3 instances and configure multi-AZ across 3 zones.\n instanceType: \"t3.medium.search\",\n instanceCount: 3,\n zoneAwarenessEnabled: true,\n zoneAwarenessConfig: {\n availabilityZoneCount: 3\n }\n };\n}\n\nconst OS_ENGINE_VERSION = \"OpenSearch_3.3\";\n\nexport const OpenSearch = createAppModule({\n name: \"OpenSearch\",\n config(app, params: OpenSearchParams) {\n const isProduction = app.env.isProduction;\n\n const vpc = app.getModule(CoreVpc, { optional: true });\n\n let domain:\n | PulumiAppResource<PulumiAppResourceConstructor<aws.opensearch.Domain>>\n | PulumiAppRemoteResource<aws.opensearch.GetDomainResult>\n | null = null;\n\n let domainPolicy;\n let domainEndpoint: pulumi.Output<string> | string;\n let domainArn: pulumi.Output<string>;\n\n const providedEndpoint = process.env.OPENSEARCH_ENDPOINT;\n const providedDomainName = process.env.AWS_OS_DOMAIN_NAME;\n\n if (providedEndpoint && !providedDomainName) {\n throw new Error(\n \"OPENSEARCH_ENDPOINT was provided but AWS_OS_DOMAIN_NAME is missing. \" +\n \"A domain name is required to look up the domain ARN when using a custom endpoint.\"\n );\n }\n\n if (providedDomainName) {\n // Look up the existing domain by name to obtain its ARN and (if no explicit endpoint is\n // provided) its endpoint. This covers both the ephemeral-environment pattern and the\n // case where an external endpoint is supplied alongside a domain name.\n // https://www.webiny.com/docs/key-topics/ci-cd/testing/slow-ephemeral-environments\n domain = app.addRemoteResource(providedDomainName, () => {\n return aws.opensearch.getDomain(\n { domainName: providedDomainName },\n { async: true }\n );\n });\n domainArn = domain.output.arn;\n // Prefer an explicitly provided endpoint; fall back to the one reported by AWS.\n domainEndpoint = providedEndpoint ?? domain.output.endpoint;\n } else {\n const randomId = new random.RandomId(\"osDomainRandomId\", { byteLength: 8 });\n\n const domainLogicalName = \"webiny-js\";\n\n /**\n * The physical domain name must remain stable across re-deploys. Changing it causes\n * Pulumi to delete and recreate the cluster, which is a destructive operation.\n *\n * To avoid this, we read the domain name that was stored in the previous deploy's\n * stack output (via `sdk.getAppStackOutput`) and reuse it unchanged. Only on the\n * very first deploy, when there is no previous output, do we generate a new name\n * (with the resource name prefix applied for consistent naming going forward).\n *\n * NOTE: `params.namePrefix` may be \"\" when upgrading from old code that never stored\n * the domain name in the stack output. In that case the caller passes \"\" explicitly so\n * the fallback formula reproduces the legacy name (`webiny-js-<hex>`) rather than\n * prepending the SDK default prefix and triggering an unintended cluster replacement.\n * See `createCorePulumiApp.ts` → `isUpgradeFromOldCode` for details.\n */\n const domainPhysicalName = randomId.hex.apply(\n hex =>\n params.prevDomainName ??\n `${params.namePrefix}${domainLogicalName}-${hex.slice(-7)}`\n );\n\n domain = app.addResource(aws.opensearch.Domain, {\n name: domainLogicalName,\n config: {\n domainName: domainPhysicalName,\n engineVersion: OS_ENGINE_VERSION,\n clusterConfig: isProduction ? getProdClusterConfig() : getDevClusterConfig(),\n vpcOptions: vpc\n ? {\n subnetIds: vpc.subnets.private.map(s => s.output.id),\n securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n }\n : undefined,\n ebsOptions: {\n ebsEnabled: true,\n volumeSize: 10,\n volumeType: \"gp2\"\n },\n advancedOptions: {\n \"rest.action.multi.allow_explicit_index\": \"true\"\n },\n snapshotOptions: {\n automatedSnapshotStartHour: 23\n }\n },\n opts: { protect: params.protect }\n });\n\n domainEndpoint = domain.output.endpoint;\n domainArn = domain.output.arn;\n\n /**\n * Domain policy defines who can access your OpenSearch Domain.\n * For details on OpenSearch security, read the official documentation:\n * https://docs.aws.amazon.com/openSearch-service/latest/developerguide/security.html\n */\n const accountId = getAwsAccountId(app);\n\n domainPolicy = app.addResource(aws.opensearch.DomainPolicy, {\n name: `${domainLogicalName}-policy`,\n config: {\n domainName: domain.output.domainName,\n accessPolicies: pulumi\n .all([accountId, domainArn])\n .apply(([accountId, domainArn]) => {\n return JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [\n /**\n * Allow requests signed with current account\n */\n {\n Effect: \"Allow\",\n Principal: {\n AWS: accountId\n },\n Action: \"es:*\",\n Resource: `${domainArn}/*`\n }\n ]\n });\n })\n },\n opts: { protect: params.protect }\n });\n }\n\n /**\n * Create a table for OpenSearch records. All ES records are stored in this table to dramatically improve\n * performance and stability on write operations (especially massive data imports). This table also serves as a backup and\n * a single source of truth for your OpenSearch domain. Streaming is enabled on this table, and it will\n * allow asynchronous synchronization of data with OpenSearch domain.\n */\n const table = app.addResource(aws.dynamodb.Table, {\n name: \"webiny-es\",\n config: {\n attributes: [\n { name: \"PK\", type: \"S\" },\n { name: \"SK\", type: \"S\" },\n { name: \"GSI_TENANT\", type: \"S\" }\n ],\n streamEnabled: true,\n streamViewType: \"NEW_AND_OLD_IMAGES\",\n billingMode: \"PAY_PER_REQUEST\",\n hashKey: \"PK\",\n rangeKey: \"SK\",\n globalSecondaryIndexes: [\n {\n name: \"GSI_TENANT\",\n keySchemas: [\n {\n attributeName: \"GSI_TENANT\",\n keyType: \"HASH\"\n }\n ],\n projectionType: \"KEYS_ONLY\"\n }\n ],\n ttl: {\n attributeName: \"expiresAt\",\n enabled: true\n }\n },\n opts: { protect: params.protect }\n });\n\n const roleName = \"dynamo-to-elastic-lambda-role\";\n\n const role = app.addResource(aws.iam.Role, {\n name: roleName,\n config: {\n assumeRolePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Action: \"sts:AssumeRole\",\n Principal: {\n Service: \"lambda.amazonaws.com\"\n },\n Effect: \"Allow\"\n }\n ]\n }\n },\n meta: { isLambdaFunctionRole: true }\n });\n\n const policy = getDynamoDbToElasticLambdaPolicy(app, domainArn);\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-DynamoDbToElasticLambdaPolicy`,\n config: {\n role: role.output,\n policyArn: policy.output.arn\n }\n });\n\n // Only use `AWSLambdaVPCAccessExecutionRole` policy if VPC feature is enabled.\n if (vpc) {\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaVPCAccessExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n }\n });\n } else {\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaBasicExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n }\n });\n }\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaDynamoDBExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaDynamoDBExecutionRole\n }\n });\n\n /**\n * This Lambda will process the stream events from DynamoDB table that contains OpenSearch items.\n * OpenSearch can't take large amount of individual writes in a short period of time, so this way\n * we store data for OpenSearch in a DynamoDB table, and asynchronously insert it into OpenSearch\n * using batching.\n */\n const lambda = app.addResource(aws.lambda.Function, {\n name: \"dynamo-to-elastic\",\n config: {\n role: role.output.arn,\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n timeout: 900,\n memorySize: 1024,\n environment: {\n variables: {\n DEBUG: String(process.env.DEBUG),\n OPENSEARCH_ENDPOINT: domainEndpoint,\n OPENSEARCH_USERNAME: process.env.OPENSEARCH_USERNAME ?? \"\",\n OPENSEARCH_PASSWORD: process.env.OPENSEARCH_PASSWORD ?? \"\"\n }\n },\n description: \"Process DynamoDB Stream.\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"dynamoToElastic/build\")\n )\n }),\n vpcConfig: vpc\n ? {\n subnetIds: vpc.subnets.private.map(s => s.output.id),\n securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n }\n : undefined,\n loggingConfig: {\n logFormat: \"JSON\"\n }\n }\n });\n\n const eventSourceMapping = app.addResource(aws.lambda.EventSourceMapping, {\n name: \"dynamo-to-elastic\",\n config: {\n eventSourceArn: table.output.streamArn,\n functionName: lambda.output.arn,\n startingPosition: \"LATEST\",\n maximumRetryAttempts: 3,\n batchSize: 50,\n maximumBatchingWindowInSeconds: 1\n }\n });\n\n app.addOutputs({\n opensearchDomainArn: domainArn,\n opensearchDomainEndpoint: domainEndpoint,\n opensearchDomainName: domain!.output.domainName,\n opensearchDynamodbTableArn: table.output.arn,\n opensearchDynamodbTableName: table.output.name\n });\n\n return {\n domain,\n domainPolicy,\n table,\n dynamoToElastic: {\n role,\n policy,\n lambda,\n eventSourceMapping\n }\n };\n }\n});\n\nfunction getDynamoDbToElasticLambdaPolicy(app: PulumiApp, domainArn: pulumi.Output<string>) {\n return app.addResource(aws.iam.Policy, {\n name: \"DynamoDbToElasticLambdaPolicy-updated\",\n config: {\n description: \"This policy enables access to ES and Dynamodb streams\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionForES\",\n Effect: \"Allow\",\n Action: [\n \"es:ESHttpGet\",\n \"es:ESHttpDelete\",\n \"es:ESHttpPatch\",\n \"es:ESHttpPost\",\n \"es:ESHttpPut\",\n \"dynamodb:BatchGetItem\",\n \"dynamodb:BatchWriteItem\",\n \"dynamodb:PutItem\",\n \"dynamodb:GetItem\",\n \"dynamodb:DeleteItem\",\n \"dynamodb:Query\",\n \"dynamodb:UpdateItem\"\n ],\n Resource: [\n pulumi.interpolate`${domainArn}`,\n pulumi.interpolate`${domainArn}/*`\n ]\n }\n ]\n }\n }\n });\n}\n"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA,OAAOA,IAAI,MAAM,MAAM;AACvB,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,OAAO,KAAKC,GAAG,MAAM,aAAa;AAClC,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,SACIC,eAAe,QAKZ,gBAAgB;AAEvB,SAASC,eAAe;AACxB,SAASC,OAAO;AAChB,SAASC,cAAc;AAQvB,SAASC,mBAAmBA,CAAA,EAAmD;EAC3E,OAAO;IACHC,YAAY,EAAE;EAClB,CAAC;AACL;AAEA,SAASC,oBAAoBA,CAAA,EAAmD;EAC5E,OAAO;IACH;IACAD,YAAY,EAAE,kBAAkB;IAChCE,aAAa,EAAE,CAAC;IAChBC,oBAAoB,EAAE,IAAI;IAC1BC,mBAAmB,EAAE;MACjBC,qBAAqB,EAAE;IAC3B;EACJ,CAAC;AACL;AAEA,MAAMC,iBAAiB,GAAG,gBAAgB;AAE1C,OAAO,MAAMC,UAAU,GAAGZ,eAAe,CAAC;EACtCa,IAAI,EAAE,YAAY;EAClBC,MAAMA,CAACC,GAAG,EAAEC,MAAwB,EAAE;IAClC,MAAMC,YAAY,GAAGF,GAAG,CAACG,GAAG,CAACD,YAAY;IAEzC,MAAME,GAAG,GAAGJ,GAAG,CAACK,SAAS,CAAClB,OAAO,EAAE;MAAEmB,QAAQ,EAAE;IAAK,CAAC,CAAC;IAEtD,IAAIC,MAGM,GAAG,IAAI;IAEjB,IAAIC,YAAY;IAChB,IAAIC,cAA8C;IAClD,IAAIC,SAAgC;IAEpC,MAAMC,gBAAgB,GAAGC,OAAO,CAACT,GAAG,CAACU,mBAAmB;IACxD,MAAMC,kBAAkB,GAAGF,OAAO,CAACT,GAAG,CAACY,kBAAkB;IAEzD,IAAIJ,gBAAgB,IAAI,CAACG,kBAAkB,EAAE;MACzC,MAAM,IAAIE,KAAK,CACX,sEAAsE,GAClE,mFACR,CAAC;IACL;IAEA,IAAIF,kBAAkB,EAAE;MACpB;MACA;MACA;MACA;MACAP,MAAM,GAAGP,GAAG,CAACiB,iBAAiB,CAACH,kBAAkB,EAAE,MAAM;QACrD,OAAO/B,GAAG,CAACmC,UAAU,CAACC,SAAS,CAC3B;UAAEC,UAAU,EAAEN;QAAmB,CAAC,EAClC;UAAEO,KAAK,EAAE;QAAK,CAClB,CAAC;MACL,CAAC,CAAC;MACFX,SAAS,GAAGH,MAAM,CAACe,MAAM,CAACC,GAAG;MAC7B;MACAd,cAAc,GAAGE,gBAAgB,IAAIJ,MAAM,CAACe,MAAM,CAACE,QAAQ;IAC/D,CAAC,MAAM;MACH,MAAMC,QAAQ,GAAG,IAAIzC,MAAM,CAAC0C,QAAQ,CAAC,kBAAkB,EAAE;QAAEC,UAAU,EAAE;MAAE,CAAC,CAAC;MAE3E,MAAMC,iBAAiB,GAAG,WAAW;;MAErC;AACZ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;MACY,MAAMC,kBAAkB,GAAGJ,QAAQ,CAACK,GAAG,CAACC,KAAK,CACzCD,GAAG,IACC7B,MAAM,CAAC+B,cAAc,IACrB,GAAG/B,MAAM,CAACgC,UAAU,GAAGL,iBAAiB,IAAIE,GAAG,CAACI,KAAK,CAAC,CAAC,CAAC,CAAC,EACjE,CAAC;MAED3B,MAAM,GAAGP,GAAG,CAACmC,WAAW,CAACpD,GAAG,CAACmC,UAAU,CAACkB,MAAM,EAAE;QAC5CtC,IAAI,EAAE8B,iBAAiB;QACvB7B,MAAM,EAAE;UACJqB,UAAU,EAAES,kBAAkB;UAC9BQ,aAAa,EAAEzC,iBAAiB;UAChC0C,aAAa,EAAEpC,YAAY,GAAGX,oBAAoB,CAAC,CAAC,GAAGF,mBAAmB,CAAC,CAAC;UAC5EkD,UAAU,EAAEnC,GAAG,GACT;YACIoC,SAAS,EAAEpC,GAAG,CAACqC,OAAO,CAACC,OAAO,CAACC,GAAG,CAACC,CAAC,IAAIA,CAAC,CAACtB,MAAM,CAACuB,EAAE,CAAC;YACpDC,gBAAgB,EAAE,CAAC1C,GAAG,CAACA,GAAG,CAACkB,MAAM,CAACyB,sBAAsB;UAC5D,CAAC,GACDC,SAAS;UACfC,UAAU,EAAE;YACRC,UAAU,EAAE,IAAI;YAChBC,UAAU,EAAE,EAAE;YACdC,UAAU,EAAE;UAChB,CAAC;UACDC,eAAe,EAAE;YACb,wCAAwC,EAAE;UAC9C,CAAC;UACDC,eAAe,EAAE;YACbC,0BAA0B,EAAE;UAChC;QACJ,CAAC;QACDC,IAAI,EAAE;UAAEC,OAAO,EAAExD,MAAM,CAACwD;QAAQ;MACpC,CAAC,CAAC;MAEFhD,cAAc,GAAGF,MAAM,CAACe,MAAM,CAACE,QAAQ;MACvCd,SAAS,GAAGH,MAAM,CAACe,MAAM,CAACC,GAAG;;MAE7B;AACZ;AACA;AACA;AACA;MACY,MAAMmC,SAAS,GAAGxE,eAAe,CAACc,GAAG,CAAC;MAEtCQ,YAAY,GAAGR,GAAG,CAACmC,WAAW,CAACpD,GAAG,CAACmC,UAAU,CAACyC,YAAY,EAAE;QACxD7D,IAAI,EAAE,GAAG8B,iBAAiB,SAAS;QACnC7B,MAAM,EAAE;UACJqB,UAAU,EAAEb,MAAM,CAACe,MAAM,CAACF,UAAU;UACpCwC,cAAc,EAAE9E,MAAM,CACjB+E,GAAG,CAAC,CAACH,SAAS,EAAEhD,SAAS,CAAC,CAAC,CAC3BqB,KAAK,CAAC,CAAC,CAAC2B,SAAS,EAAEhD,SAAS,CAAC,KAAK;YAC/B,OAAOoD,IAAI,CAACC,SAAS,CAAC;cAClBC,OAAO,EAAE,YAAY;cACrBC,SAAS,EAAE;cACP;AACpC;AACA;cACoC;gBACIC,MAAM,EAAE,OAAO;gBACfC,SAAS,EAAE;kBACPC,GAAG,EAAEV;gBACT,CAAC;gBACDW,MAAM,EAAE,MAAM;gBACdC,QAAQ,EAAE,GAAG5D,SAAS;cAC1B,CAAC;YAET,CAAC,CAAC;UACN,CAAC;QACT,CAAC;QACD8C,IAAI,EAAE;UAAEC,OAAO,EAAExD,MAAM,CAACwD;QAAQ;MACpC,CAAC,CAAC;IACN;;IAEA;AACR;AACA;AACA;AACA;AACA;IACQ,MAAMc,KAAK,GAAGvE,GAAG,CAACmC,WAAW,CAACpD,GAAG,CAACyF,QAAQ,CAACC,KAAK,EAAE;MAC9C3E,IAAI,EAAE,WAAW;MACjBC,MAAM,EAAE;QACJ2E,UAAU,EAAE,CACR;UAAE5E,IAAI,EAAE,IAAI;UAAE6E,IAAI,EAAE;QAAI,CAAC,EACzB;UAAE7E,IAAI,EAAE,IAAI;UAAE6E,IAAI,EAAE;QAAI,CAAC,EACzB;UAAE7E,IAAI,EAAE,YAAY;UAAE6E,IAAI,EAAE;QAAI,CAAC,CACpC;QACDC,aAAa,EAAE,IAAI;QACnBC,cAAc,EAAE,oBAAoB;QACpCC,WAAW,EAAE,iBAAiB;QAC9BC,OAAO,EAAE,IAAI;QACbC,QAAQ,EAAE,IAAI;QACdC,sBAAsB,EAAE,CACpB;UACInF,IAAI,EAAE,YAAY;UAClBoF,UAAU,EAAE,CACR;YACIC,aAAa,EAAE,YAAY;YAC3BC,OAAO,EAAE;UACb,CAAC,CACJ;UACDC,cAAc,EAAE;QACpB,CAAC,CACJ;QACDC,GAAG,EAAE;UACDH,aAAa,EAAE,WAAW;UAC1BI,OAAO,EAAE;QACb;MACJ,CAAC;MACD/B,IAAI,EAAE;QAAEC,OAAO,EAAExD,MAAM,CAACwD;MAAQ;IACpC,CAAC,CAAC;IAEF,MAAM+B,QAAQ,GAAG,+BAA+B;IAEhD,MAAMC,IAAI,GAAGzF,GAAG,CAACmC,WAAW,CAACpD,GAAG,CAAC2G,GAAG,CAACC,IAAI,EAAE;MACvC7F,IAAI,EAAE0F,QAAQ;MACdzF,MAAM,EAAE;QACJ6F,gBAAgB,EAAE;UACd5B,OAAO,EAAE,YAAY;UACrBC,SAAS,EAAE,CACP;YACII,MAAM,EAAE,gBAAgB;YACxBF,SAAS,EAAE;cACP0B,OAAO,EAAE;YACb,CAAC;YACD3B,MAAM,EAAE;UACZ,CAAC;QAET;MACJ,CAAC;MACD4B,IAAI,EAAE;QAAEC,oBAAoB,EAAE;MAAK;IACvC,CAAC,CAAC;IAEF,MAAMC,MAAM,GAAGC,gCAAgC,CAACjG,GAAG,EAAEU,SAAS,CAAC;IAE/DV,GAAG,CAACmC,WAAW,CAACpD,GAAG,CAAC2G,GAAG,CAACQ,oBAAoB,EAAE;MAC1CpG,IAAI,EAAE,GAAG0F,QAAQ,gCAAgC;MACjDzF,MAAM,EAAE;QACJ0F,IAAI,EAAEA,IAAI,CAACnE,MAAM;QACjB6E,SAAS,EAAEH,MAAM,CAAC1E,MAAM,CAACC;MAC7B;IACJ,CAAC,CAAC;;IAEF;IACA,IAAInB,GAAG,EAAE;MACLJ,GAAG,CAACmC,WAAW,CAACpD,GAAG,CAAC2G,GAAG,CAACQ,oBAAoB,EAAE;QAC1CpG,IAAI,EAAE,GAAG0F,QAAQ,kCAAkC;QACnDzF,MAAM,EAAE;UACJ0F,IAAI,EAAEA,IAAI,CAACnE,MAAM;UACjB6E,SAAS,EAAEpH,GAAG,CAAC2G,GAAG,CAACU,aAAa,CAACC;QACrC;MACJ,CAAC,CAAC;IACN,CAAC,MAAM;MACHrG,GAAG,CAACmC,WAAW,CAACpD,GAAG,CAAC2G,GAAG,CAACQ,oBAAoB,EAAE;QAC1CpG,IAAI,EAAE,GAAG0F,QAAQ,8BAA8B;QAC/CzF,MAAM,EAAE;UACJ0F,IAAI,EAAEA,IAAI,CAACnE,MAAM;UACjB6E,SAAS,EAAEpH,GAAG,CAAC2G,GAAG,CAACU,aAAa,CAACE;QACrC;MACJ,CAAC,CAAC;IACN;IAEAtG,GAAG,CAACmC,WAAW,CAACpD,GAAG,CAAC2G,GAAG,CAACQ,oBAAoB,EAAE;MAC1CpG,IAAI,EAAE,GAAG0F,QAAQ,iCAAiC;MAClDzF,MAAM,EAAE;QACJ0F,IAAI,EAAEA,IAAI,CAACnE,MAAM;QACjB6E,SAAS,EAAEpH,GAAG,CAAC2G,GAAG,CAACU,aAAa,CAACG;MACrC;IACJ,CAAC,CAAC;;IAEF;AACR;AACA;AACA;AACA;AACA;IACQ,MAAMC,MAAM,GAAGxG,GAAG,CAACmC,WAAW,CAACpD,GAAG,CAACyH,MAAM,CAACC,QAAQ,EAAE;MAChD3G,IAAI,EAAE,mBAAmB;MACzBC,MAAM,EAAE;QACJ0F,IAAI,EAAEA,IAAI,CAACnE,MAAM,CAACC,GAAG;QACrBmF,OAAO,EAAEtH,cAAc;QACvBuH,OAAO,EAAE,iBAAiB;QAC1BC,OAAO,EAAE,GAAG;QACZC,UAAU,EAAE,IAAI;QAChBC,WAAW,EAAE;UACTC,SAAS,EAAE;YACPC,KAAK,EAAEC,MAAM,CAACrG,OAAO,CAACT,GAAG,CAAC6G,KAAK,CAAC;YAChCnG,mBAAmB,EAAEJ,cAAc;YACnCyG,mBAAmB,EAAEtG,OAAO,CAACT,GAAG,CAAC+G,mBAAmB,IAAI,EAAE;YAC1DC,mBAAmB,EAAEvG,OAAO,CAACT,GAAG,CAACgH,mBAAmB,IAAI;UAC5D;QACJ,CAAC;QACDC,WAAW,EAAE,0BAA0B;QACvCC,IAAI,EAAE,IAAIvI,MAAM,CAACwI,KAAK,CAACC,YAAY,CAAC;UAChC,GAAG,EAAE,IAAIzI,MAAM,CAACwI,KAAK,CAACE,WAAW,CAC7B3I,IAAI,CAAC4I,IAAI,CAACzH,GAAG,CAAC0H,KAAK,CAACC,SAAS,EAAE,uBAAuB,CAC1D;QACJ,CAAC,CAAC;QACFC,SAAS,EAAExH,GAAG,GACR;UACIoC,SAAS,EAAEpC,GAAG,CAACqC,OAAO,CAACC,OAAO,CAACC,GAAG,CAACC,CAAC,IAAIA,CAAC,CAACtB,MAAM,CAACuB,EAAE,CAAC;UACpDC,gBAAgB,EAAE,CAAC1C,GAAG,CAACA,GAAG,CAACkB,MAAM,CAACyB,sBAAsB;QAC5D,CAAC,GACDC,SAAS;QACf6E,aAAa,EAAE;UACXC,SAAS,EAAE;QACf;MACJ;IACJ,CAAC,CAAC;IAEF,MAAMC,kBAAkB,GAAG/H,GAAG,CAACmC,WAAW,CAACpD,GAAG,CAACyH,MAAM,CAACwB,kBAAkB,EAAE;MACtElI,IAAI,EAAE,mBAAmB;MACzBC,MAAM,EAAE;QACJkI,cAAc,EAAE1D,KAAK,CAACjD,MAAM,CAAC4G,SAAS;QACtCC,YAAY,EAAE3B,MAAM,CAAClF,MAAM,CAACC,GAAG;QAC/B6G,gBAAgB,EAAE,QAAQ;QAC1BC,oBAAoB,EAAE,CAAC;QACvBC,SAAS,EAAE,EAAE;QACbC,8BAA8B,EAAE;MACpC;IACJ,CAAC,CAAC;IAEFvI,GAAG,CAACwI,UAAU,CAAC;MACXC,mBAAmB,EAAE/H,SAAS;MAC9BgI,wBAAwB,EAAEjI,cAAc;MACxCkI,oBAAoB,EAAEpI,MAAM,CAAEe,MAAM,CAACF,UAAU;MAC/CwH,0BAA0B,EAAErE,KAAK,CAACjD,MAAM,CAACC,GAAG;MAC5CsH,2BAA2B,EAAEtE,KAAK,CAACjD,MAAM,CAACxB;IAC9C,CAAC,CAAC;IAEF,OAAO;MACHS,MAAM;MACNC,YAAY;MACZ+D,KAAK;MACLuE,eAAe,EAAE;QACbrD,IAAI;QACJO,MAAM;QACNQ,MAAM;QACNuB;MACJ;IACJ,CAAC;EACL;AACJ,CAAC,CAAC;AAEF,SAAS9B,gCAAgCA,CAACjG,GAAc,EAAEU,SAAgC,EAAE;EACxF,OAAOV,GAAG,CAACmC,WAAW,CAACpD,GAAG,CAAC2G,GAAG,CAACqD,MAAM,EAAE;IACnCjJ,IAAI,EAAE,uCAAuC;IAC7CC,MAAM,EAAE;MACJqH,WAAW,EAAE,uDAAuD;MACpEpB,MAAM,EAAE;QACJhC,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACI+E,GAAG,EAAE,iBAAiB;UACtB9E,MAAM,EAAE,OAAO;UACfG,MAAM,EAAE,CACJ,cAAc,EACd,iBAAiB,EACjB,gBAAgB,EAChB,eAAe,EACf,cAAc,EACd,uBAAuB,EACvB,yBAAyB,EACzB,kBAAkB,EAClB,kBAAkB,EAClB,qBAAqB,EACrB,gBAAgB,EAChB,qBAAqB,CACxB;UACDC,QAAQ,EAAE,CACNxF,MAAM,CAACmK,WAAW,GAAGvI,SAAS,EAAE,EAChC5B,MAAM,CAACmK,WAAW,GAAGvI,SAAS,IAAI;QAE1C,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;AACN","ignoreList":[]}
package/pulumi/apps/core/createCorePulumiApp.js CHANGED
@@ -11,7 +11,8 @@ import { withServiceManifest } from "../../utils/withServiceManifest.js";
11
11
  import { addServiceManifestTableItem } from "../../utils/addServiceManifestTableItem.js";
12
12
  import * as random from "@pulumi/random";
13
13
  import { getProjectSdk } from "@webiny/project";
14
- import { CorePulumi } from "@webiny/project/abstractions/index.js";
14
+ import { CorePulumi } from "../../../abstractions/features/pulumi/index.js";
15
+ import { corePulumi } from "../../features/CorePulumi/index.js";
15
16
  import { getOsConfigFromExtension } from "../extensions/getOsConfigFromExtension.js";
16
17
  import { getVpcConfigFromExtension } from "../extensions/getVpcConfigFromExtension.js";
17
18
  import { applyAwsResourceTags, getAwsRegion } from "../awsUtils.js";
@@ -26,6 +27,7 @@ export function createCorePulumiApp() {
26
27
  const sdk = await getProjectSdk();
27
28
  const projectConfig = await sdk.getProjectConfig();
28
29
  const pulumiResourceNamePrefix = await sdk.getPulumiResourceNamePrefix();
30
+ const coreStackOutput = await sdk.getAppStackOutput("core");
29
31
  const vpcExtensionsConfig = getVpcConfigFromExtension(projectConfig);
30
32
  const opensearchExtensionConfig = getOsConfigFromExtension(projectConfig);
31
33
  const deploymentId = new random.RandomId("deploymentId", {
@@ -188,6 +190,7 @@ export function createCorePulumiApp() {
188
190
 
189
191
  // Overrides must be applied via a handler, registered at the very start of the program.
190
192
  // By doing this, we're ensuring user's adjustments are not applied to late.
193
+ sdk.getContainer().registerComposite(corePulumi);
191
194
  const pulumiHandlers = sdk.getContainer().resolve(CorePulumi);
192
195
  app.addHandler(() => {
193
196
  return pulumiHandlers.execute(app);
@@ -224,8 +227,19 @@ export function createCorePulumiApp() {
224
227
  });
225
228
  let opensearch;
226
229
  if (searchEngineType === "opensearch") {
230
+ const prevDomainName = coreStackOutput?.opensearchDomainName;
231
+
232
+ // When upgrading from old code that never stored opensearchDomainName, the old
233
+ // code always generated domain names without any prefix (app.params.create
234
+ // .pulumiResourceNamePrefix was never a real Pulumi param, so it returned "").
235
+ // Using the SDK default "wby-" prefix here would generate a different name and
236
+ // cause Pulumi to destroy and recreate the cluster.
237
+ const isUpgradeFromOldCode = !!coreStackOutput?.primaryDynamodbTableName && !prevDomainName;
238
+ const namePrefixForOs = isUpgradeFromOldCode ? "" : pulumiResourceNamePrefix || "";
227
239
  opensearch = app.addModule(OpenSearch, {
228
- protect
240
+ protect,
241
+ namePrefix: namePrefixForOs,
242
+ prevDomainName
229
243
  });
230
244
  }
231
245
  app.addModule(WatchCommand, {
package/pulumi/apps/core/createCorePulumiApp.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["aws","createPulumiApp","isResourceOfType","CoreCognito","CoreDynamo","OpenSearch","CoreEventBus","CoreFileManger","CoreVpc","WatchCommand","withServiceManifest","addServiceManifestTableItem","random","getProjectSdk","CorePulumi","getOsConfigFromExtension","getVpcConfigFromExtension","applyAwsResourceTags","getAwsRegion","configureS3BucketMalwareProtection","pulumi","CoreAuditLogsDynamo","createCorePulumiApp","baseApp","name","path","program","app","sdk","projectConfig","getProjectConfig","pulumiResourceNamePrefix","getPulumiResourceNamePrefix","vpcExtensionsConfig","opensearchExtensionConfig","deploymentId","RandomId","byteLength","searchEngineType","searchEngineParams","params","endpoint","process","env","OPENSEARCH_ENDPOINT","domainName","AWS_OS_DOMAIN_NAME","indexPrefix","OPENSEARCH_INDEX_PREFIX","sharedIndexes","OPENSEARCH_SHARED_INDEXES","username","OPENSEARCH_USERNAME","password","OPENSEARCH_PASSWORD","onResource","resource","startsWith","addHandler","usingAdvancedVpcParams","featureFlags","getFeatureFlags","isFileManagerThreatDetectionEnabled","resources","addResource","useExistingVpc","useVpcEndpoints","Error","openSearchDomainVpcConfig","opensearch","Domain","config","vpcOptions","lambdaFunctionsVpcConfig","lambda","Function","canUseVpc","meta","vpcConfig","iam","Role","isLambdaFunctionRole","RolePolicyAttachment","role","output","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","region","ec2","Vpc","enableDnsSupport","enableDnsHostnames","vpc","subnets","routeTables","VpcEndpoint","vpcId","id","serviceName","interpolate","routeTableIds","privateSubnets","vpcEndpointType","privateDnsEnabled","securityGroupIds","defaultSecurityGroupId","subnetIds","private","map","subNet","pulumiHandlers","getContainer","resolve","execute","isProduction","protect","dynamoDbTable","addModule","auditLogsDynamoDbTable","vpcEnabled","cognito","useEmailAsUsername","eventBus","bucket","fileManagerBucket","hex","addOutputs","fileManagerBucketId","primaryDynamodbTableArn","arn","primaryDynamodbTableName","primaryDynamodbTableHashKey","hashKey","primaryDynamodbTableRangeKey","rangeKey","auditLogsDynamodbTableArn","auditLogsDynamodbTableName","auditLogsDynamodbTableHashKey","auditLogsDynamodbTableRangeKey","cognitoUserPoolId","userPool","cognitoUserPoolArn","cognitoUserPoolPasswordPolicy","passwordPolicy","cognitoAppClientId","userPoolClient","eventBusName","eventBusArn","manifests","dynamoTable","table","tableName","forEach","manifest","addServiceManifest","dynamodbTable"],"sources":["createCorePulumiApp.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { createPulumiApp, isResourceOfType } from \"@webiny/pulumi\";\nimport { CoreCognito } from \"./CoreCognito.js\";\nimport { CoreDynamo } from \"./CoreDynamo.js\";\nimport { OpenSearch } from \"./CoreOpenSearch.js\";\nimport { CoreEventBus } from \"./CoreEventBus.js\";\nimport { CoreFileManger } from \"./CoreFileManager.js\";\nimport { CoreVpc } from \"./CoreVpc.js\";\nimport { WatchCommand } from \"./WatchCommand.js\";\nimport { withServiceManifest } from \"~/pulumi/utils/withServiceManifest.js\";\nimport {\n addServiceManifestTableItem,\n type TableDefinition\n} from \"~/pulumi/utils/addServiceManifestTableItem.js\";\nimport * as random from \"@pulumi/random\";\n\nimport { getProjectSdk } from \"@webiny/project\";\nimport { CorePulumi } from \"@webiny/project/abstractions/index.js\";\nimport { getOsConfigFromExtension } from \"~/pulumi/apps/extensions/getOsConfigFromExtension.js\";\nimport { getVpcConfigFromExtension } from \"~/pulumi/apps/extensions/getVpcConfigFromExtension.js\";\nimport { applyAwsResourceTags, getAwsRegion } from \"~/pulumi/apps/awsUtils.js\";\nimport { configureS3BucketMalwareProtection } from \"./configureS3BucketMalwareProtection.js\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport { CoreAuditLogsDynamo } from \"~/pulumi/index.js\";\n\nexport type CorePulumiApp = ReturnType<typeof createCorePulumiApp>;\n\nexport function createCorePulumiApp() {\n const baseApp = createPulumiApp({\n name: \"core\",\n path: \"apps/core\",\n program: async app => {\n const sdk = await getProjectSdk();\n const projectConfig = await sdk.getProjectConfig();\n\n const pulumiResourceNamePrefix = await sdk.getPulumiResourceNamePrefix();\n const vpcExtensionsConfig = getVpcConfigFromExtension(projectConfig);\n const opensearchExtensionConfig = getOsConfigFromExtension(projectConfig);\n\n const deploymentId = new random.RandomId(\"deploymentId\", { byteLength: 8 });\n\n let searchEngineType: \"opensearch\" | null = null;\n let searchEngineParams: typeof opensearchExtensionConfig | null = null;\n\n if (opensearchExtensionConfig) {\n searchEngineParams = opensearchExtensionConfig;\n searchEngineType = \"opensearch\";\n }\n\n if (searchEngineParams) {\n const params = searchEngineParams;\n if (typeof params === \"object\") {\n if (params.endpoint) {\n process.env.OPENSEARCH_ENDPOINT = params.endpoint;\n }\n\n if (params.domainName) {\n process.env.AWS_OS_DOMAIN_NAME = params.domainName;\n }\n\n if (params.indexPrefix) {\n process.env.OPENSEARCH_INDEX_PREFIX = params.indexPrefix;\n }\n\n if (params.sharedIndexes) {\n process.env.OPENSEARCH_SHARED_INDEXES = \"true\";\n }\n\n if (params.username) {\n process.env.OPENSEARCH_USERNAME = params.username;\n }\n\n if (params.password) {\n process.env.OPENSEARCH_PASSWORD = params.password;\n }\n }\n }\n\n if (pulumiResourceNamePrefix) {\n app.onResource(resource => {\n if (!resource.name.startsWith(pulumiResourceNamePrefix)) {\n resource.name = `${pulumiResourceNamePrefix}${resource.name}`;\n }\n });\n }\n\n // <-------------------- Enterprise start -------------------->\n app.addHandler(async () => {\n const usingAdvancedVpcParams =\n vpcExtensionsConfig && typeof vpcExtensionsConfig !== \"boolean\";\n\n const featureFlags = await sdk.getFeatureFlags();\n if (featureFlags.isFileManagerThreatDetectionEnabled()) {\n configureS3BucketMalwareProtection(app as CorePulumiApp);\n }\n\n // Not using advanced VPC params? Then immediately exit.\n if (!usingAdvancedVpcParams) {\n return;\n }\n\n const { resources, addResource, onResource } = app as CorePulumiApp;\n const { useExistingVpc, useVpcEndpoints } = vpcExtensionsConfig;\n\n // 1. We first deal with \"existing VPC\" setup.\n if (useExistingVpc) {\n if (\"useVpcEndpoints\" in vpcExtensionsConfig) {\n throw new Error(\n \"Cannot specify `useVpcEndpoints` parameter when using an existing VPC. The VPC endpoints configurations should be already defined within the existing VPC.\"\n );\n }\n\n if (opensearchExtensionConfig) {\n if (!useExistingVpc.openSearchDomainVpcConfig) {\n throw new Error(\n \"Cannot specify `useExistingVpc` parameter because the `openSearchDomainVpcConfig` parameter wasn't provided.\"\n );\n }\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.opensearch.Domain)) {\n resource.config.vpcOptions(\n useExistingVpc!.openSearchDomainVpcConfig\n );\n }\n });\n }\n\n if (!useExistingVpc.lambdaFunctionsVpcConfig) {\n throw new Error(\n \"Cannot specify `useExistingVpc` parameter because the `lambdaFunctionsVpcConfig` parameter wasn't provided.\"\n );\n }\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.lambda.Function)) {\n const canUseVpc = resource.meta.canUseVpc !== false;\n if (canUseVpc) {\n resource.config.vpcConfig(useExistingVpc!.lambdaFunctionsVpcConfig);\n }\n }\n\n if (isResourceOfType(resource, aws.iam.Role)) {\n if (resource.meta.isLambdaFunctionRole) {\n addResource(aws.iam.RolePolicyAttachment, {\n name: `${resource.name}-vpc-access-execution-role`,\n config: {\n role: resource.output.name,\n policyArn:\n aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n }\n });\n }\n }\n });\n\n return;\n }\n\n // 2. Now we deal with \"non-existing VPC\" setup.\n if (useVpcEndpoints) {\n const region = getAwsRegion(app);\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.ec2.Vpc)) {\n resource.config.enableDnsSupport(true);\n resource.config.enableDnsHostnames(true);\n }\n });\n\n const { vpc, subnets, routeTables } = resources.vpc!;\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-s3-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: pulumi.interpolate`com.amazonaws.${region}.s3`,\n routeTableIds: [routeTables.privateSubnets.output.id]\n }\n });\n\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-dynamodb-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: pulumi.interpolate`com.amazonaws.${region}.dynamodb`,\n routeTableIds: [routeTables.privateSubnets.output.id]\n }\n });\n\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-sqs-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: pulumi.interpolate`com.amazonaws.${region}.sqs`,\n vpcEndpointType: \"Interface\",\n privateDnsEnabled: true,\n securityGroupIds: [vpc.output.defaultSecurityGroupId],\n subnetIds: subnets.private.map(subNet => subNet.output.id)\n }\n });\n\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-events-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: pulumi.interpolate`com.amazonaws.${region}.events`,\n vpcEndpointType: \"Interface\",\n privateDnsEnabled: true,\n securityGroupIds: [vpc.output.defaultSecurityGroupId],\n subnetIds: subnets.private.map(subNet => subNet.output.id)\n }\n });\n }\n });\n // <-------------------- Enterprise end -------------------->\n\n // Overrides must be applied via a handler, registered at the very start of the program.\n // By doing this, we're ensuring user's adjustments are not applied to late.\n const pulumiHandlers = sdk.getContainer().resolve(CorePulumi);\n\n app.addHandler(() => {\n return pulumiHandlers.execute(app as unknown as CorePulumiApp);\n });\n\n const isProduction = app.env.isProduction;\n const protect = isProduction;\n\n // Setup DynamoDB table\n const dynamoDbTable = app.addModule(CoreDynamo, { protect });\n const auditLogsDynamoDbTable = app.addModule(CoreAuditLogsDynamo, { protect });\n\n // Setup VPC\n const vpcEnabled =\n vpcExtensionsConfig === true ||\n typeof vpcExtensionsConfig === \"object\" ||\n isProduction;\n\n const vpc = vpcEnabled ? app.addModule(CoreVpc) : null;\n\n // Setup Cognito\n const cognito = app.addModule(CoreCognito, {\n protect,\n useEmailAsUsername: false\n });\n\n // Setup event bus\n const eventBus = app.addModule(CoreEventBus);\n\n // Setup file core bucket\n const { bucket: fileManagerBucket } = app.addModule(CoreFileManger, { protect });\n\n let opensearch;\n if (searchEngineType === \"opensearch\") {\n opensearch = app.addModule(OpenSearch, { protect });\n }\n\n app.addModule(WatchCommand, { deploymentId: deploymentId.hex });\n\n app.addOutputs({\n deploymentId: deploymentId.hex,\n region: aws.config.region,\n fileManagerBucketId: fileManagerBucket.output.id,\n primaryDynamodbTableArn: dynamoDbTable.output.arn,\n primaryDynamodbTableName: dynamoDbTable.output.name,\n primaryDynamodbTableHashKey: dynamoDbTable.output.hashKey,\n primaryDynamodbTableRangeKey: dynamoDbTable.output.rangeKey,\n auditLogsDynamodbTableArn: auditLogsDynamoDbTable.output.arn,\n auditLogsDynamodbTableName: auditLogsDynamoDbTable.output.name,\n auditLogsDynamodbTableHashKey: auditLogsDynamoDbTable.output.hashKey,\n auditLogsDynamodbTableRangeKey: auditLogsDynamoDbTable.output.rangeKey,\n cognitoUserPoolId: cognito.userPool.output.id,\n cognitoUserPoolArn: cognito.userPool.output.arn,\n cognitoUserPoolPasswordPolicy: cognito.userPool.output.passwordPolicy,\n cognitoAppClientId: cognito.userPoolClient.output.id,\n eventBusName: eventBus.output.name,\n eventBusArn: eventBus.output.arn\n });\n\n // Applies internal and user-defined AWS tags.\n await applyAwsResourceTags(\"core\");\n\n return {\n dynamoDbTable,\n vpc,\n ...cognito,\n fileManagerBucket,\n eventBus,\n opensearch\n };\n }\n });\n\n const app = withServiceManifest(baseApp, manifests => {\n const dynamoTable = baseApp.resources.dynamoDbTable;\n\n const table: TableDefinition = {\n tableName: dynamoTable.output.name,\n hashKey: dynamoTable.output.hashKey,\n rangeKey: dynamoTable.output.rangeKey\n };\n\n manifests.forEach(manifest => addServiceManifestTableItem(baseApp, table, manifest));\n });\n\n app.addHandler(() => {\n app.addServiceManifest({\n name: \"core\",\n manifest: {\n eventBus: {\n arn: baseApp.resources.eventBus.output.arn,\n name: baseApp.resources.eventBus.output.name\n },\n dynamodbTable: {\n arn: baseApp.resources.dynamoDbTable.output.arn,\n name: baseApp.resources.dynamoDbTable.output.name,\n hashKey: baseApp.resources.dynamoDbTable.output.hashKey,\n rangeKey: baseApp.resources.dynamoDbTable.output.rangeKey\n }\n }\n });\n });\n\n return app;\n}\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAClC,SAASC,eAAe,EAAEC,gBAAgB,QAAQ,gBAAgB;AAClE,SAASC,WAAW;AACpB,SAASC,UAAU;AACnB,SAASC,UAAU;AACnB,SAASC,YAAY;AACrB,SAASC,cAAc;AACvB,SAASC,OAAO;AAChB,SAASC,YAAY;AACrB,SAASC,mBAAmB;AAC5B,SACIC,2BAA2B;AAG/B,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AAExC,SAASC,aAAa,QAAQ,iBAAiB;AAC/C,SAASC,UAAU,QAAQ,uCAAuC;AAClE,SAASC,wBAAwB;AACjC,SAASC,yBAAyB;AAClC,SAASC,oBAAoB,EAAEC,YAAY;AAC3C,SAASC,kCAAkC;AAC3C,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,SAASC,mBAAmB;AAI5B,OAAO,SAASC,mBAAmBA,CAAA,EAAG;EAClC,MAAMC,OAAO,GAAGtB,eAAe,CAAC;IAC5BuB,IAAI,EAAE,MAAM;IACZC,IAAI,EAAE,WAAW;IACjBC,OAAO,EAAE,MAAMC,GAAG,IAAI;MAClB,MAAMC,GAAG,GAAG,MAAMf,aAAa,CAAC,CAAC;MACjC,MAAMgB,aAAa,GAAG,MAAMD,GAAG,CAACE,gBAAgB,CAAC,CAAC;MAElD,MAAMC,wBAAwB,GAAG,MAAMH,GAAG,CAACI,2BAA2B,CAAC,CAAC;MACxE,MAAMC,mBAAmB,GAAGjB,yBAAyB,CAACa,aAAa,CAAC;MACpE,MAAMK,yBAAyB,GAAGnB,wBAAwB,CAACc,aAAa,CAAC;MAEzE,MAAMM,YAAY,GAAG,IAAIvB,MAAM,CAACwB,QAAQ,CAAC,cAAc,EAAE;QAAEC,UAAU,EAAE;MAAE,CAAC,CAAC;MAE3E,IAAIC,gBAAqC,GAAG,IAAI;MAChD,IAAIC,kBAA2D,GAAG,IAAI;MAEtE,IAAIL,yBAAyB,EAAE;QAC3BK,kBAAkB,GAAGL,yBAAyB;QAC9CI,gBAAgB,GAAG,YAAY;MACnC;MAEA,IAAIC,kBAAkB,EAAE;QACpB,MAAMC,MAAM,GAAGD,kBAAkB;QACjC,IAAI,OAAOC,MAAM,KAAK,QAAQ,EAAE;UAC5B,IAAIA,MAAM,CAACC,QAAQ,EAAE;YACjBC,OAAO,CAACC,GAAG,CAACC,mBAAmB,GAAGJ,MAAM,CAACC,QAAQ;UACrD;UAEA,IAAID,MAAM,CAACK,UAAU,EAAE;YACnBH,OAAO,CAACC,GAAG,CAACG,kBAAkB,GAAGN,MAAM,CAACK,UAAU;UACtD;UAEA,IAAIL,MAAM,CAACO,WAAW,EAAE;YACpBL,OAAO,CAACC,GAAG,CAACK,uBAAuB,GAAGR,MAAM,CAACO,WAAW;UAC5D;UAEA,IAAIP,MAAM,CAACS,aAAa,EAAE;YACtBP,OAAO,CAACC,GAAG,CAACO,yBAAyB,GAAG,MAAM;UAClD;UAEA,IAAIV,MAAM,CAACW,QAAQ,EAAE;YACjBT,OAAO,CAACC,GAAG,CAACS,mBAAmB,GAAGZ,MAAM,CAACW,QAAQ;UACrD;UAEA,IAAIX,MAAM,CAACa,QAAQ,EAAE;YACjBX,OAAO,CAACC,GAAG,CAACW,mBAAmB,GAAGd,MAAM,CAACa,QAAQ;UACrD;QACJ;MACJ;MAEA,IAAItB,wBAAwB,EAAE;QAC1BJ,GAAG,CAAC4B,UAAU,CAACC,QAAQ,IAAI;UACvB,IAAI,CAACA,QAAQ,CAAChC,IAAI,CAACiC,UAAU,CAAC1B,wBAAwB,CAAC,EAAE;YACrDyB,QAAQ,CAAChC,IAAI,GAAG,GAAGO,wBAAwB,GAAGyB,QAAQ,CAAChC,IAAI,EAAE;UACjE;QACJ,CAAC,CAAC;MACN;;MAEA;MACAG,GAAG,CAAC+B,UAAU,CAAC,YAAY;QACvB,MAAMC,sBAAsB,GACxB1B,mBAAmB,IAAI,OAAOA,mBAAmB,KAAK,SAAS;QAEnE,MAAM2B,YAAY,GAAG,MAAMhC,GAAG,CAACiC,eAAe,CAAC,CAAC;QAChD,IAAID,YAAY,CAACE,mCAAmC,CAAC,CAAC,EAAE;UACpD3C,kCAAkC,CAACQ,GAAoB,CAAC;QAC5D;;QAEA;QACA,IAAI,CAACgC,sBAAsB,EAAE;UACzB;QACJ;QAEA,MAAM;UAAEI,SAAS;UAAEC,WAAW;UAAET;QAAW,CAAC,GAAG5B,GAAoB;QACnE,MAAM;UAAEsC,cAAc;UAAEC;QAAgB,CAAC,GAAGjC,mBAAmB;;QAE/D;QACA,IAAIgC,cAAc,EAAE;UAChB,IAAI,iBAAiB,IAAIhC,mBAAmB,EAAE;YAC1C,MAAM,IAAIkC,KAAK,CACX,4JACJ,CAAC;UACL;UAEA,IAAIjC,yBAAyB,EAAE;YAC3B,IAAI,CAAC+B,cAAc,CAACG,yBAAyB,EAAE;cAC3C,MAAM,IAAID,KAAK,CACX,8GACJ,CAAC;YACL;YAEAZ,UAAU,CAACC,QAAQ,IAAI;cACnB,IAAItD,gBAAgB,CAACsD,QAAQ,EAAExD,GAAG,CAACqE,UAAU,CAACC,MAAM,CAAC,EAAE;gBACnDd,QAAQ,CAACe,MAAM,CAACC,UAAU,CACtBP,cAAc,CAAEG,yBACpB,CAAC;cACL;YACJ,CAAC,CAAC;UACN;UAEA,IAAI,CAACH,cAAc,CAACQ,wBAAwB,EAAE;YAC1C,MAAM,IAAIN,KAAK,CACX,6GACJ,CAAC;UACL;UAEAZ,UAAU,CAACC,QAAQ,IAAI;YACnB,IAAItD,gBAAgB,CAACsD,QAAQ,EAAExD,GAAG,CAAC0E,MAAM,CAACC,QAAQ,CAAC,EAAE;cACjD,MAAMC,SAAS,GAAGpB,QAAQ,CAACqB,IAAI,CAACD,SAAS,KAAK,KAAK;cACnD,IAAIA,SAAS,EAAE;gBACXpB,QAAQ,CAACe,MAAM,CAACO,SAAS,CAACb,cAAc,CAAEQ,wBAAwB,CAAC;cACvE;YACJ;YAEA,IAAIvE,gBAAgB,CAACsD,QAAQ,EAAExD,GAAG,CAAC+E,GAAG,CAACC,IAAI,CAAC,EAAE;cAC1C,IAAIxB,QAAQ,CAACqB,IAAI,CAACI,oBAAoB,EAAE;gBACpCjB,WAAW,CAAChE,GAAG,CAAC+E,GAAG,CAACG,oBAAoB,EAAE;kBACtC1D,IAAI,EAAE,GAAGgC,QAAQ,CAAChC,IAAI,4BAA4B;kBAClD+C,MAAM,EAAE;oBACJY,IAAI,EAAE3B,QAAQ,CAAC4B,MAAM,CAAC5D,IAAI;oBAC1B6D,SAAS,EACLrF,GAAG,CAAC+E,GAAG,CAACO,aAAa,CAACC;kBAC9B;gBACJ,CAAC,CAAC;cACN;YACJ;UACJ,CAAC,CAAC;UAEF;QACJ;;QAEA;QACA,IAAIrB,eAAe,EAAE;UACjB,MAAMsB,MAAM,GAAGtE,YAAY,CAACS,GAAG,CAAC;UAEhC4B,UAAU,CAACC,QAAQ,IAAI;YACnB,IAAItD,gBAAgB,CAACsD,QAAQ,EAAExD,GAAG,CAACyF,GAAG,CAACC,GAAG,CAAC,EAAE;cACzClC,QAAQ,CAACe,MAAM,CAACoB,gBAAgB,CAAC,IAAI,CAAC;cACtCnC,QAAQ,CAACe,MAAM,CAACqB,kBAAkB,CAAC,IAAI,CAAC;YAC5C;UACJ,CAAC,CAAC;UAEF,MAAM;YAAEC,GAAG;YAAEC,OAAO;YAAEC;UAAY,CAAC,GAAGhC,SAAS,CAAC8B,GAAI;UACpD7B,WAAW,CAAChE,GAAG,CAACyF,GAAG,CAACO,WAAW,EAAE;YAC7BxE,IAAI,EAAE,qBAAqB;YAC3B+C,MAAM,EAAE;cACJ0B,KAAK,EAAEJ,GAAG,CAACT,MAAM,CAACc,EAAE;cACpBC,WAAW,EAAE/E,MAAM,CAACgF,WAAW,iBAAiBZ,MAAM,KAAK;cAC3Da,aAAa,EAAE,CAACN,WAAW,CAACO,cAAc,CAAClB,MAAM,CAACc,EAAE;YACxD;UACJ,CAAC,CAAC;UAEFlC,WAAW,CAAChE,GAAG,CAACyF,GAAG,CAACO,WAAW,EAAE;YAC7BxE,IAAI,EAAE,2BAA2B;YACjC+C,MAAM,EAAE;cACJ0B,KAAK,EAAEJ,GAAG,CAACT,MAAM,CAACc,EAAE;cACpBC,WAAW,EAAE/E,MAAM,CAACgF,WAAW,iBAAiBZ,MAAM,WAAW;cACjEa,aAAa,EAAE,CAACN,WAAW,CAACO,cAAc,CAAClB,MAAM,CAACc,EAAE;YACxD;UACJ,CAAC,CAAC;UAEFlC,WAAW,CAAChE,GAAG,CAACyF,GAAG,CAACO,WAAW,EAAE;YAC7BxE,IAAI,EAAE,sBAAsB;YAC5B+C,MAAM,EAAE;cACJ0B,KAAK,EAAEJ,GAAG,CAACT,MAAM,CAACc,EAAE;cACpBC,WAAW,EAAE/E,MAAM,CAACgF,WAAW,iBAAiBZ,MAAM,MAAM;cAC5De,eAAe,EAAE,WAAW;cAC5BC,iBAAiB,EAAE,IAAI;cACvBC,gBAAgB,EAAE,CAACZ,GAAG,CAACT,MAAM,CAACsB,sBAAsB,CAAC;cACrDC,SAAS,EAAEb,OAAO,CAACc,OAAO,CAACC,GAAG,CAACC,MAAM,IAAIA,MAAM,CAAC1B,MAAM,CAACc,EAAE;YAC7D;UACJ,CAAC,CAAC;UAEFlC,WAAW,CAAChE,GAAG,CAACyF,GAAG,CAACO,WAAW,EAAE;YAC7BxE,IAAI,EAAE,yBAAyB;YAC/B+C,MAAM,EAAE;cACJ0B,KAAK,EAAEJ,GAAG,CAACT,MAAM,CAACc,EAAE;cACpBC,WAAW,EAAE/E,MAAM,CAACgF,WAAW,iBAAiBZ,MAAM,SAAS;cAC/De,eAAe,EAAE,WAAW;cAC5BC,iBAAiB,EAAE,IAAI;cACvBC,gBAAgB,EAAE,CAACZ,GAAG,CAACT,MAAM,CAACsB,sBAAsB,CAAC;cACrDC,SAAS,EAAEb,OAAO,CAACc,OAAO,CAACC,GAAG,CAACC,MAAM,IAAIA,MAAM,CAAC1B,MAAM,CAACc,EAAE;YAC7D;UACJ,CAAC,CAAC;QACN;MACJ,CAAC,CAAC;MACF;;MAEA;MACA;MACA,MAAMa,cAAc,GAAGnF,GAAG,CAACoF,YAAY,CAAC,CAAC,CAACC,OAAO,CAACnG,UAAU,CAAC;MAE7Da,GAAG,CAAC+B,UAAU,CAAC,MAAM;QACjB,OAAOqD,cAAc,CAACG,OAAO,CAACvF,GAA+B,CAAC;MAClE,CAAC,CAAC;MAEF,MAAMwF,YAAY,GAAGxF,GAAG,CAACgB,GAAG,CAACwE,YAAY;MACzC,MAAMC,OAAO,GAAGD,YAAY;;MAE5B;MACA,MAAME,aAAa,GAAG1F,GAAG,CAAC2F,SAAS,CAAClH,UAAU,EAAE;QAAEgH;MAAQ,CAAC,CAAC;MAC5D,MAAMG,sBAAsB,GAAG5F,GAAG,CAAC2F,SAAS,CAACjG,mBAAmB,EAAE;QAAE+F;MAAQ,CAAC,CAAC;;MAE9E;MACA,MAAMI,UAAU,GACZvF,mBAAmB,KAAK,IAAI,IAC5B,OAAOA,mBAAmB,KAAK,QAAQ,IACvCkF,YAAY;MAEhB,MAAMtB,GAAG,GAAG2B,UAAU,GAAG7F,GAAG,CAAC2F,SAAS,CAAC9G,OAAO,CAAC,GAAG,IAAI;;MAEtD;MACA,MAAMiH,OAAO,GAAG9F,GAAG,CAAC2F,SAAS,CAACnH,WAAW,EAAE;QACvCiH,OAAO;QACPM,kBAAkB,EAAE;MACxB,CAAC,CAAC;;MAEF;MACA,MAAMC,QAAQ,GAAGhG,GAAG,CAAC2F,SAAS,CAAChH,YAAY,CAAC;;MAE5C;MACA,MAAM;QAAEsH,MAAM,EAAEC;MAAkB,CAAC,GAAGlG,GAAG,CAAC2F,SAAS,CAAC/G,cAAc,EAAE;QAAE6G;MAAQ,CAAC,CAAC;MAEhF,IAAI/C,UAAU;MACd,IAAI/B,gBAAgB,KAAK,YAAY,EAAE;QACnC+B,UAAU,GAAG1C,GAAG,CAAC2F,SAAS,CAACjH,UAAU,EAAE;UAAE+G;QAAQ,CAAC,CAAC;MACvD;MAEAzF,GAAG,CAAC2F,SAAS,CAAC7G,YAAY,EAAE;QAAE0B,YAAY,EAAEA,YAAY,CAAC2F;MAAI,CAAC,CAAC;MAE/DnG,GAAG,CAACoG,UAAU,CAAC;QACX5F,YAAY,EAAEA,YAAY,CAAC2F,GAAG;QAC9BtC,MAAM,EAAExF,GAAG,CAACuE,MAAM,CAACiB,MAAM;QACzBwC,mBAAmB,EAAEH,iBAAiB,CAACzC,MAAM,CAACc,EAAE;QAChD+B,uBAAuB,EAAEZ,aAAa,CAACjC,MAAM,CAAC8C,GAAG;QACjDC,wBAAwB,EAAEd,aAAa,CAACjC,MAAM,CAAC5D,IAAI;QACnD4G,2BAA2B,EAAEf,aAAa,CAACjC,MAAM,CAACiD,OAAO;QACzDC,4BAA4B,EAAEjB,aAAa,CAACjC,MAAM,CAACmD,QAAQ;QAC3DC,yBAAyB,EAAEjB,sBAAsB,CAACnC,MAAM,CAAC8C,GAAG;QAC5DO,0BAA0B,EAAElB,sBAAsB,CAACnC,MAAM,CAAC5D,IAAI;QAC9DkH,6BAA6B,EAAEnB,sBAAsB,CAACnC,MAAM,CAACiD,OAAO;QACpEM,8BAA8B,EAAEpB,sBAAsB,CAACnC,MAAM,CAACmD,QAAQ;QACtEK,iBAAiB,EAAEnB,OAAO,CAACoB,QAAQ,CAACzD,MAAM,CAACc,EAAE;QAC7C4C,kBAAkB,EAAErB,OAAO,CAACoB,QAAQ,CAACzD,MAAM,CAAC8C,GAAG;QAC/Ca,6BAA6B,EAAEtB,OAAO,CAACoB,QAAQ,CAACzD,MAAM,CAAC4D,cAAc;QACrEC,kBAAkB,EAAExB,OAAO,CAACyB,cAAc,CAAC9D,MAAM,CAACc,EAAE;QACpDiD,YAAY,EAAExB,QAAQ,CAACvC,MAAM,CAAC5D,IAAI;QAClC4H,WAAW,EAAEzB,QAAQ,CAACvC,MAAM,CAAC8C;MACjC,CAAC,CAAC;;MAEF;MACA,MAAMjH,oBAAoB,CAAC,MAAM,CAAC;MAElC,OAAO;QACHoG,aAAa;QACbxB,GAAG;QACH,GAAG4B,OAAO;QACVI,iBAAiB;QACjBF,QAAQ;QACRtD;MACJ,CAAC;IACL;EACJ,CAAC,CAAC;EAEF,MAAM1C,GAAG,GAAGjB,mBAAmB,CAACa,OAAO,EAAE8H,SAAS,IAAI;IAClD,MAAMC,WAAW,GAAG/H,OAAO,CAACwC,SAAS,CAACsD,aAAa;IAEnD,MAAMkC,KAAsB,GAAG;MAC3BC,SAAS,EAAEF,WAAW,CAAClE,MAAM,CAAC5D,IAAI;MAClC6G,OAAO,EAAEiB,WAAW,CAAClE,MAAM,CAACiD,OAAO;MACnCE,QAAQ,EAAEe,WAAW,CAAClE,MAAM,CAACmD;IACjC,CAAC;IAEDc,SAAS,CAACI,OAAO,CAACC,QAAQ,IAAI/I,2BAA2B,CAACY,OAAO,EAAEgI,KAAK,EAAEG,QAAQ,CAAC,CAAC;EACxF,CAAC,CAAC;EAEF/H,GAAG,CAAC+B,UAAU,CAAC,MAAM;IACjB/B,GAAG,CAACgI,kBAAkB,CAAC;MACnBnI,IAAI,EAAE,MAAM;MACZkI,QAAQ,EAAE;QACN/B,QAAQ,EAAE;UACNO,GAAG,EAAE3G,OAAO,CAACwC,SAAS,CAAC4D,QAAQ,CAACvC,MAAM,CAAC8C,GAAG;UAC1C1G,IAAI,EAAED,OAAO,CAACwC,SAAS,CAAC4D,QAAQ,CAACvC,MAAM,CAAC5D;QAC5C,CAAC;QACDoI,aAAa,EAAE;UACX1B,GAAG,EAAE3G,OAAO,CAACwC,SAAS,CAACsD,aAAa,CAACjC,MAAM,CAAC8C,GAAG;UAC/C1G,IAAI,EAAED,OAAO,CAACwC,SAAS,CAACsD,aAAa,CAACjC,MAAM,CAAC5D,IAAI;UACjD6G,OAAO,EAAE9G,OAAO,CAACwC,SAAS,CAACsD,aAAa,CAACjC,MAAM,CAACiD,OAAO;UACvDE,QAAQ,EAAEhH,OAAO,CAACwC,SAAS,CAACsD,aAAa,CAACjC,MAAM,CAACmD;QACrD;MACJ;IACJ,CAAC,CAAC;EACN,CAAC,CAAC;EAEF,OAAO5G,GAAG;AACd","ignoreList":[]}
1
+ {"version":3,"names":["aws","createPulumiApp","isResourceOfType","CoreCognito","CoreDynamo","OpenSearch","CoreEventBus","CoreFileManger","CoreVpc","WatchCommand","withServiceManifest","addServiceManifestTableItem","random","getProjectSdk","CorePulumi","corePulumi","getOsConfigFromExtension","getVpcConfigFromExtension","applyAwsResourceTags","getAwsRegion","configureS3BucketMalwareProtection","pulumi","CoreAuditLogsDynamo","createCorePulumiApp","baseApp","name","path","program","app","sdk","projectConfig","getProjectConfig","pulumiResourceNamePrefix","getPulumiResourceNamePrefix","coreStackOutput","getAppStackOutput","vpcExtensionsConfig","opensearchExtensionConfig","deploymentId","RandomId","byteLength","searchEngineType","searchEngineParams","params","endpoint","process","env","OPENSEARCH_ENDPOINT","domainName","AWS_OS_DOMAIN_NAME","indexPrefix","OPENSEARCH_INDEX_PREFIX","sharedIndexes","OPENSEARCH_SHARED_INDEXES","username","OPENSEARCH_USERNAME","password","OPENSEARCH_PASSWORD","onResource","resource","startsWith","addHandler","usingAdvancedVpcParams","featureFlags","getFeatureFlags","isFileManagerThreatDetectionEnabled","resources","addResource","useExistingVpc","useVpcEndpoints","Error","openSearchDomainVpcConfig","opensearch","Domain","config","vpcOptions","lambdaFunctionsVpcConfig","lambda","Function","canUseVpc","meta","vpcConfig","iam","Role","isLambdaFunctionRole","RolePolicyAttachment","role","output","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","region","ec2","Vpc","enableDnsSupport","enableDnsHostnames","vpc","subnets","routeTables","VpcEndpoint","vpcId","id","serviceName","interpolate","routeTableIds","privateSubnets","vpcEndpointType","privateDnsEnabled","securityGroupIds","defaultSecurityGroupId","subnetIds","private","map","subNet","getContainer","registerComposite","pulumiHandlers","resolve","execute","isProduction","protect","dynamoDbTable","addModule","auditLogsDynamoDbTable","vpcEnabled","cognito","useEmailAsUsername","eventBus","bucket","fileManagerBucket","prevDomainName","opensearchDomainName","isUpgradeFromOldCode","primaryDynamodbTableName","namePrefixForOs","namePrefix","hex","addOutputs","fileManagerBucketId","primaryDynamodbTableArn","arn","primaryDynamodbTableHashKey","hashKey","primaryDynamodbTableRangeKey","rangeKey","auditLogsDynamodbTableArn","auditLogsDynamodbTableName","auditLogsDynamodbTableHashKey","auditLogsDynamodbTableRangeKey","cognitoUserPoolId","userPool","cognitoUserPoolArn","cognitoUserPoolPasswordPolicy","passwordPolicy","cognitoAppClientId","userPoolClient","eventBusName","eventBusArn","manifests","dynamoTable","table","tableName","forEach","manifest","addServiceManifest","dynamodbTable"],"sources":["createCorePulumiApp.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { createPulumiApp, isResourceOfType } from \"@webiny/pulumi\";\nimport { CoreCognito } from \"./CoreCognito.js\";\nimport { CoreDynamo } from \"./CoreDynamo.js\";\nimport { OpenSearch } from \"./CoreOpenSearch.js\";\nimport { CoreEventBus } from \"./CoreEventBus.js\";\nimport { CoreFileManger } from \"./CoreFileManager.js\";\nimport { CoreVpc } from \"./CoreVpc.js\";\nimport { WatchCommand } from \"./WatchCommand.js\";\nimport { withServiceManifest } from \"~/pulumi/utils/withServiceManifest.js\";\nimport {\n addServiceManifestTableItem,\n type TableDefinition\n} from \"~/pulumi/utils/addServiceManifestTableItem.js\";\nimport * as random from \"@pulumi/random\";\n\nimport { getProjectSdk } from \"@webiny/project\";\nimport { CorePulumi } from \"~/abstractions/features/pulumi/index.js\";\nimport { corePulumi } from \"~/pulumi/features/CorePulumi/index.js\";\nimport { getOsConfigFromExtension } from \"~/pulumi/apps/extensions/getOsConfigFromExtension.js\";\nimport { getVpcConfigFromExtension } from \"~/pulumi/apps/extensions/getVpcConfigFromExtension.js\";\nimport { applyAwsResourceTags, getAwsRegion } from \"~/pulumi/apps/awsUtils.js\";\nimport { configureS3BucketMalwareProtection } from \"./configureS3BucketMalwareProtection.js\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport { CoreAuditLogsDynamo } from \"~/pulumi/index.js\";\n\nexport type CorePulumiApp = ReturnType<typeof createCorePulumiApp>;\n\nexport function createCorePulumiApp() {\n const baseApp = createPulumiApp({\n name: \"core\",\n path: \"apps/core\",\n program: async app => {\n const sdk = await getProjectSdk();\n const projectConfig = await sdk.getProjectConfig();\n\n const pulumiResourceNamePrefix = await sdk.getPulumiResourceNamePrefix();\n const coreStackOutput = await sdk.getAppStackOutput<{\n opensearchDomainName?: string;\n primaryDynamodbTableName?: string;\n }>(\"core\");\n const vpcExtensionsConfig = getVpcConfigFromExtension(projectConfig);\n const opensearchExtensionConfig = getOsConfigFromExtension(projectConfig);\n\n const deploymentId = new random.RandomId(\"deploymentId\", { byteLength: 8 });\n\n let searchEngineType: \"opensearch\" | null = null;\n let searchEngineParams: typeof opensearchExtensionConfig | null = null;\n\n if (opensearchExtensionConfig) {\n searchEngineParams = opensearchExtensionConfig;\n searchEngineType = \"opensearch\";\n }\n\n if (searchEngineParams) {\n const params = searchEngineParams;\n if (typeof params === \"object\") {\n if (params.endpoint) {\n process.env.OPENSEARCH_ENDPOINT = params.endpoint;\n }\n\n if (params.domainName) {\n process.env.AWS_OS_DOMAIN_NAME = params.domainName;\n }\n\n if (params.indexPrefix) {\n process.env.OPENSEARCH_INDEX_PREFIX = params.indexPrefix;\n }\n\n if (params.sharedIndexes) {\n process.env.OPENSEARCH_SHARED_INDEXES = \"true\";\n }\n\n if (params.username) {\n process.env.OPENSEARCH_USERNAME = params.username;\n }\n\n if (params.password) {\n process.env.OPENSEARCH_PASSWORD = params.password;\n }\n }\n }\n\n if (pulumiResourceNamePrefix) {\n app.onResource(resource => {\n if (!resource.name.startsWith(pulumiResourceNamePrefix)) {\n resource.name = `${pulumiResourceNamePrefix}${resource.name}`;\n }\n });\n }\n\n // <-------------------- Enterprise start -------------------->\n app.addHandler(async () => {\n const usingAdvancedVpcParams =\n vpcExtensionsConfig && typeof vpcExtensionsConfig !== \"boolean\";\n\n const featureFlags = await sdk.getFeatureFlags();\n if (featureFlags.isFileManagerThreatDetectionEnabled()) {\n configureS3BucketMalwareProtection(app as CorePulumiApp);\n }\n\n // Not using advanced VPC params? Then immediately exit.\n if (!usingAdvancedVpcParams) {\n return;\n }\n\n const { resources, addResource, onResource } = app as CorePulumiApp;\n const { useExistingVpc, useVpcEndpoints } = vpcExtensionsConfig;\n\n // 1. We first deal with \"existing VPC\" setup.\n if (useExistingVpc) {\n if (\"useVpcEndpoints\" in vpcExtensionsConfig) {\n throw new Error(\n \"Cannot specify `useVpcEndpoints` parameter when using an existing VPC. The VPC endpoints configurations should be already defined within the existing VPC.\"\n );\n }\n\n if (opensearchExtensionConfig) {\n if (!useExistingVpc.openSearchDomainVpcConfig) {\n throw new Error(\n \"Cannot specify `useExistingVpc` parameter because the `openSearchDomainVpcConfig` parameter wasn't provided.\"\n );\n }\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.opensearch.Domain)) {\n resource.config.vpcOptions(\n useExistingVpc!.openSearchDomainVpcConfig\n );\n }\n });\n }\n\n if (!useExistingVpc.lambdaFunctionsVpcConfig) {\n throw new Error(\n \"Cannot specify `useExistingVpc` parameter because the `lambdaFunctionsVpcConfig` parameter wasn't provided.\"\n );\n }\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.lambda.Function)) {\n const canUseVpc = resource.meta.canUseVpc !== false;\n if (canUseVpc) {\n resource.config.vpcConfig(useExistingVpc!.lambdaFunctionsVpcConfig);\n }\n }\n\n if (isResourceOfType(resource, aws.iam.Role)) {\n if (resource.meta.isLambdaFunctionRole) {\n addResource(aws.iam.RolePolicyAttachment, {\n name: `${resource.name}-vpc-access-execution-role`,\n config: {\n role: resource.output.name,\n policyArn:\n aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n }\n });\n }\n }\n });\n\n return;\n }\n\n // 2. Now we deal with \"non-existing VPC\" setup.\n if (useVpcEndpoints) {\n const region = getAwsRegion(app);\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.ec2.Vpc)) {\n resource.config.enableDnsSupport(true);\n resource.config.enableDnsHostnames(true);\n }\n });\n\n const { vpc, subnets, routeTables } = resources.vpc!;\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-s3-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: pulumi.interpolate`com.amazonaws.${region}.s3`,\n routeTableIds: [routeTables.privateSubnets.output.id]\n }\n });\n\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-dynamodb-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: pulumi.interpolate`com.amazonaws.${region}.dynamodb`,\n routeTableIds: [routeTables.privateSubnets.output.id]\n }\n });\n\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-sqs-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: pulumi.interpolate`com.amazonaws.${region}.sqs`,\n vpcEndpointType: \"Interface\",\n privateDnsEnabled: true,\n securityGroupIds: [vpc.output.defaultSecurityGroupId],\n subnetIds: subnets.private.map(subNet => subNet.output.id)\n }\n });\n\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-events-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: pulumi.interpolate`com.amazonaws.${region}.events`,\n vpcEndpointType: \"Interface\",\n privateDnsEnabled: true,\n securityGroupIds: [vpc.output.defaultSecurityGroupId],\n subnetIds: subnets.private.map(subNet => subNet.output.id)\n }\n });\n }\n });\n // <-------------------- Enterprise end -------------------->\n\n // Overrides must be applied via a handler, registered at the very start of the program.\n // By doing this, we're ensuring user's adjustments are not applied to late.\n sdk.getContainer().registerComposite(corePulumi);\n const pulumiHandlers = sdk.getContainer().resolve(CorePulumi);\n\n app.addHandler(() => {\n return pulumiHandlers.execute(app as CorePulumiApp);\n });\n\n const isProduction = app.env.isProduction;\n const protect = isProduction;\n\n // Setup DynamoDB table\n const dynamoDbTable = app.addModule(CoreDynamo, { protect });\n const auditLogsDynamoDbTable = app.addModule(CoreAuditLogsDynamo, { protect });\n\n // Setup VPC\n const vpcEnabled =\n vpcExtensionsConfig === true ||\n typeof vpcExtensionsConfig === \"object\" ||\n isProduction;\n\n const vpc = vpcEnabled ? app.addModule(CoreVpc) : null;\n\n // Setup Cognito\n const cognito = app.addModule(CoreCognito, {\n protect,\n useEmailAsUsername: false\n });\n\n // Setup event bus\n const eventBus = app.addModule(CoreEventBus);\n\n // Setup file core bucket\n const { bucket: fileManagerBucket } = app.addModule(CoreFileManger, { protect });\n\n let opensearch;\n if (searchEngineType === \"opensearch\") {\n const prevDomainName = coreStackOutput?.opensearchDomainName;\n\n // When upgrading from old code that never stored opensearchDomainName, the old\n // code always generated domain names without any prefix (app.params.create\n // .pulumiResourceNamePrefix was never a real Pulumi param, so it returned \"\").\n // Using the SDK default \"wby-\" prefix here would generate a different name and\n // cause Pulumi to destroy and recreate the cluster.\n const isUpgradeFromOldCode =\n !!coreStackOutput?.primaryDynamodbTableName && !prevDomainName;\n const namePrefixForOs = isUpgradeFromOldCode ? \"\" : pulumiResourceNamePrefix || \"\";\n\n opensearch = app.addModule(OpenSearch, {\n protect,\n namePrefix: namePrefixForOs,\n prevDomainName\n });\n }\n\n app.addModule(WatchCommand, { deploymentId: deploymentId.hex });\n\n app.addOutputs({\n deploymentId: deploymentId.hex,\n region: aws.config.region,\n fileManagerBucketId: fileManagerBucket.output.id,\n primaryDynamodbTableArn: dynamoDbTable.output.arn,\n primaryDynamodbTableName: dynamoDbTable.output.name,\n primaryDynamodbTableHashKey: dynamoDbTable.output.hashKey,\n primaryDynamodbTableRangeKey: dynamoDbTable.output.rangeKey,\n auditLogsDynamodbTableArn: auditLogsDynamoDbTable.output.arn,\n auditLogsDynamodbTableName: auditLogsDynamoDbTable.output.name,\n auditLogsDynamodbTableHashKey: auditLogsDynamoDbTable.output.hashKey,\n auditLogsDynamodbTableRangeKey: auditLogsDynamoDbTable.output.rangeKey,\n cognitoUserPoolId: cognito.userPool.output.id,\n cognitoUserPoolArn: cognito.userPool.output.arn,\n cognitoUserPoolPasswordPolicy: cognito.userPool.output.passwordPolicy,\n cognitoAppClientId: cognito.userPoolClient.output.id,\n eventBusName: eventBus.output.name,\n eventBusArn: eventBus.output.arn\n });\n\n // Applies internal and user-defined AWS tags.\n await applyAwsResourceTags(\"core\");\n\n return {\n dynamoDbTable,\n vpc,\n ...cognito,\n fileManagerBucket,\n eventBus,\n opensearch\n };\n }\n });\n\n const app = withServiceManifest(baseApp, manifests => {\n const dynamoTable = baseApp.resources.dynamoDbTable;\n\n const table: TableDefinition = {\n tableName: dynamoTable.output.name,\n hashKey: dynamoTable.output.hashKey,\n rangeKey: dynamoTable.output.rangeKey\n };\n\n manifests.forEach(manifest => addServiceManifestTableItem(baseApp, table, manifest));\n });\n\n app.addHandler(() => {\n app.addServiceManifest({\n name: \"core\",\n manifest: {\n eventBus: {\n arn: baseApp.resources.eventBus.output.arn,\n name: baseApp.resources.eventBus.output.name\n },\n dynamodbTable: {\n arn: baseApp.resources.dynamoDbTable.output.arn,\n name: baseApp.resources.dynamoDbTable.output.name,\n hashKey: baseApp.resources.dynamoDbTable.output.hashKey,\n rangeKey: baseApp.resources.dynamoDbTable.output.rangeKey\n }\n }\n });\n });\n\n return app;\n}\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAClC,SAASC,eAAe,EAAEC,gBAAgB,QAAQ,gBAAgB;AAClE,SAASC,WAAW;AACpB,SAASC,UAAU;AACnB,SAASC,UAAU;AACnB,SAASC,YAAY;AACrB,SAASC,cAAc;AACvB,SAASC,OAAO;AAChB,SAASC,YAAY;AACrB,SAASC,mBAAmB;AAC5B,SACIC,2BAA2B;AAG/B,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AAExC,SAASC,aAAa,QAAQ,iBAAiB;AAC/C,SAASC,UAAU;AACnB,SAASC,UAAU;AACnB,SAASC,wBAAwB;AACjC,SAASC,yBAAyB;AAClC,SAASC,oBAAoB,EAAEC,YAAY;AAC3C,SAASC,kCAAkC;AAC3C,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,SAASC,mBAAmB;AAI5B,OAAO,SAASC,mBAAmBA,CAAA,EAAG;EAClC,MAAMC,OAAO,GAAGvB,eAAe,CAAC;IAC5BwB,IAAI,EAAE,MAAM;IACZC,IAAI,EAAE,WAAW;IACjBC,OAAO,EAAE,MAAMC,GAAG,IAAI;MAClB,MAAMC,GAAG,GAAG,MAAMhB,aAAa,CAAC,CAAC;MACjC,MAAMiB,aAAa,GAAG,MAAMD,GAAG,CAACE,gBAAgB,CAAC,CAAC;MAElD,MAAMC,wBAAwB,GAAG,MAAMH,GAAG,CAACI,2BAA2B,CAAC,CAAC;MACxE,MAAMC,eAAe,GAAG,MAAML,GAAG,CAACM,iBAAiB,CAGhD,MAAM,CAAC;MACV,MAAMC,mBAAmB,GAAGnB,yBAAyB,CAACa,aAAa,CAAC;MACpE,MAAMO,yBAAyB,GAAGrB,wBAAwB,CAACc,aAAa,CAAC;MAEzE,MAAMQ,YAAY,GAAG,IAAI1B,MAAM,CAAC2B,QAAQ,CAAC,cAAc,EAAE;QAAEC,UAAU,EAAE;MAAE,CAAC,CAAC;MAE3E,IAAIC,gBAAqC,GAAG,IAAI;MAChD,IAAIC,kBAA2D,GAAG,IAAI;MAEtE,IAAIL,yBAAyB,EAAE;QAC3BK,kBAAkB,GAAGL,yBAAyB;QAC9CI,gBAAgB,GAAG,YAAY;MACnC;MAEA,IAAIC,kBAAkB,EAAE;QACpB,MAAMC,MAAM,GAAGD,kBAAkB;QACjC,IAAI,OAAOC,MAAM,KAAK,QAAQ,EAAE;UAC5B,IAAIA,MAAM,CAACC,QAAQ,EAAE;YACjBC,OAAO,CAACC,GAAG,CAACC,mBAAmB,GAAGJ,MAAM,CAACC,QAAQ;UACrD;UAEA,IAAID,MAAM,CAACK,UAAU,EAAE;YACnBH,OAAO,CAACC,GAAG,CAACG,kBAAkB,GAAGN,MAAM,CAACK,UAAU;UACtD;UAEA,IAAIL,MAAM,CAACO,WAAW,EAAE;YACpBL,OAAO,CAACC,GAAG,CAACK,uBAAuB,GAAGR,MAAM,CAACO,WAAW;UAC5D;UAEA,IAAIP,MAAM,CAACS,aAAa,EAAE;YACtBP,OAAO,CAACC,GAAG,CAACO,yBAAyB,GAAG,MAAM;UAClD;UAEA,IAAIV,MAAM,CAACW,QAAQ,EAAE;YACjBT,OAAO,CAACC,GAAG,CAACS,mBAAmB,GAAGZ,MAAM,CAACW,QAAQ;UACrD;UAEA,IAAIX,MAAM,CAACa,QAAQ,EAAE;YACjBX,OAAO,CAACC,GAAG,CAACW,mBAAmB,GAAGd,MAAM,CAACa,QAAQ;UACrD;QACJ;MACJ;MAEA,IAAIxB,wBAAwB,EAAE;QAC1BJ,GAAG,CAAC8B,UAAU,CAACC,QAAQ,IAAI;UACvB,IAAI,CAACA,QAAQ,CAAClC,IAAI,CAACmC,UAAU,CAAC5B,wBAAwB,CAAC,EAAE;YACrD2B,QAAQ,CAAClC,IAAI,GAAG,GAAGO,wBAAwB,GAAG2B,QAAQ,CAAClC,IAAI,EAAE;UACjE;QACJ,CAAC,CAAC;MACN;;MAEA;MACAG,GAAG,CAACiC,UAAU,CAAC,YAAY;QACvB,MAAMC,sBAAsB,GACxB1B,mBAAmB,IAAI,OAAOA,mBAAmB,KAAK,SAAS;QAEnE,MAAM2B,YAAY,GAAG,MAAMlC,GAAG,CAACmC,eAAe,CAAC,CAAC;QAChD,IAAID,YAAY,CAACE,mCAAmC,CAAC,CAAC,EAAE;UACpD7C,kCAAkC,CAACQ,GAAoB,CAAC;QAC5D;;QAEA;QACA,IAAI,CAACkC,sBAAsB,EAAE;UACzB;QACJ;QAEA,MAAM;UAAEI,SAAS;UAAEC,WAAW;UAAET;QAAW,CAAC,GAAG9B,GAAoB;QACnE,MAAM;UAAEwC,cAAc;UAAEC;QAAgB,CAAC,GAAGjC,mBAAmB;;QAE/D;QACA,IAAIgC,cAAc,EAAE;UAChB,IAAI,iBAAiB,IAAIhC,mBAAmB,EAAE;YAC1C,MAAM,IAAIkC,KAAK,CACX,4JACJ,CAAC;UACL;UAEA,IAAIjC,yBAAyB,EAAE;YAC3B,IAAI,CAAC+B,cAAc,CAACG,yBAAyB,EAAE;cAC3C,MAAM,IAAID,KAAK,CACX,8GACJ,CAAC;YACL;YAEAZ,UAAU,CAACC,QAAQ,IAAI;cACnB,IAAIzD,gBAAgB,CAACyD,QAAQ,EAAE3D,GAAG,CAACwE,UAAU,CAACC,MAAM,CAAC,EAAE;gBACnDd,QAAQ,CAACe,MAAM,CAACC,UAAU,CACtBP,cAAc,CAAEG,yBACpB,CAAC;cACL;YACJ,CAAC,CAAC;UACN;UAEA,IAAI,CAACH,cAAc,CAACQ,wBAAwB,EAAE;YAC1C,MAAM,IAAIN,KAAK,CACX,6GACJ,CAAC;UACL;UAEAZ,UAAU,CAACC,QAAQ,IAAI;YACnB,IAAIzD,gBAAgB,CAACyD,QAAQ,EAAE3D,GAAG,CAAC6E,MAAM,CAACC,QAAQ,CAAC,EAAE;cACjD,MAAMC,SAAS,GAAGpB,QAAQ,CAACqB,IAAI,CAACD,SAAS,KAAK,KAAK;cACnD,IAAIA,SAAS,EAAE;gBACXpB,QAAQ,CAACe,MAAM,CAACO,SAAS,CAACb,cAAc,CAAEQ,wBAAwB,CAAC;cACvE;YACJ;YAEA,IAAI1E,gBAAgB,CAACyD,QAAQ,EAAE3D,GAAG,CAACkF,GAAG,CAACC,IAAI,CAAC,EAAE;cAC1C,IAAIxB,QAAQ,CAACqB,IAAI,CAACI,oBAAoB,EAAE;gBACpCjB,WAAW,CAACnE,GAAG,CAACkF,GAAG,CAACG,oBAAoB,EAAE;kBACtC5D,IAAI,EAAE,GAAGkC,QAAQ,CAAClC,IAAI,4BAA4B;kBAClDiD,MAAM,EAAE;oBACJY,IAAI,EAAE3B,QAAQ,CAAC4B,MAAM,CAAC9D,IAAI;oBAC1B+D,SAAS,EACLxF,GAAG,CAACkF,GAAG,CAACO,aAAa,CAACC;kBAC9B;gBACJ,CAAC,CAAC;cACN;YACJ;UACJ,CAAC,CAAC;UAEF;QACJ;;QAEA;QACA,IAAIrB,eAAe,EAAE;UACjB,MAAMsB,MAAM,GAAGxE,YAAY,CAACS,GAAG,CAAC;UAEhC8B,UAAU,CAACC,QAAQ,IAAI;YACnB,IAAIzD,gBAAgB,CAACyD,QAAQ,EAAE3D,GAAG,CAAC4F,GAAG,CAACC,GAAG,CAAC,EAAE;cACzClC,QAAQ,CAACe,MAAM,CAACoB,gBAAgB,CAAC,IAAI,CAAC;cACtCnC,QAAQ,CAACe,MAAM,CAACqB,kBAAkB,CAAC,IAAI,CAAC;YAC5C;UACJ,CAAC,CAAC;UAEF,MAAM;YAAEC,GAAG;YAAEC,OAAO;YAAEC;UAAY,CAAC,GAAGhC,SAAS,CAAC8B,GAAI;UACpD7B,WAAW,CAACnE,GAAG,CAAC4F,GAAG,CAACO,WAAW,EAAE;YAC7B1E,IAAI,EAAE,qBAAqB;YAC3BiD,MAAM,EAAE;cACJ0B,KAAK,EAAEJ,GAAG,CAACT,MAAM,CAACc,EAAE;cACpBC,WAAW,EAAEjF,MAAM,CAACkF,WAAW,iBAAiBZ,MAAM,KAAK;cAC3Da,aAAa,EAAE,CAACN,WAAW,CAACO,cAAc,CAAClB,MAAM,CAACc,EAAE;YACxD;UACJ,CAAC,CAAC;UAEFlC,WAAW,CAACnE,GAAG,CAAC4F,GAAG,CAACO,WAAW,EAAE;YAC7B1E,IAAI,EAAE,2BAA2B;YACjCiD,MAAM,EAAE;cACJ0B,KAAK,EAAEJ,GAAG,CAACT,MAAM,CAACc,EAAE;cACpBC,WAAW,EAAEjF,MAAM,CAACkF,WAAW,iBAAiBZ,MAAM,WAAW;cACjEa,aAAa,EAAE,CAACN,WAAW,CAACO,cAAc,CAAClB,MAAM,CAACc,EAAE;YACxD;UACJ,CAAC,CAAC;UAEFlC,WAAW,CAACnE,GAAG,CAAC4F,GAAG,CAACO,WAAW,EAAE;YAC7B1E,IAAI,EAAE,sBAAsB;YAC5BiD,MAAM,EAAE;cACJ0B,KAAK,EAAEJ,GAAG,CAACT,MAAM,CAACc,EAAE;cACpBC,WAAW,EAAEjF,MAAM,CAACkF,WAAW,iBAAiBZ,MAAM,MAAM;cAC5De,eAAe,EAAE,WAAW;cAC5BC,iBAAiB,EAAE,IAAI;cACvBC,gBAAgB,EAAE,CAACZ,GAAG,CAACT,MAAM,CAACsB,sBAAsB,CAAC;cACrDC,SAAS,EAAEb,OAAO,CAACc,OAAO,CAACC,GAAG,CAACC,MAAM,IAAIA,MAAM,CAAC1B,MAAM,CAACc,EAAE;YAC7D;UACJ,CAAC,CAAC;UAEFlC,WAAW,CAACnE,GAAG,CAAC4F,GAAG,CAACO,WAAW,EAAE;YAC7B1E,IAAI,EAAE,yBAAyB;YAC/BiD,MAAM,EAAE;cACJ0B,KAAK,EAAEJ,GAAG,CAACT,MAAM,CAACc,EAAE;cACpBC,WAAW,EAAEjF,MAAM,CAACkF,WAAW,iBAAiBZ,MAAM,SAAS;cAC/De,eAAe,EAAE,WAAW;cAC5BC,iBAAiB,EAAE,IAAI;cACvBC,gBAAgB,EAAE,CAACZ,GAAG,CAACT,MAAM,CAACsB,sBAAsB,CAAC;cACrDC,SAAS,EAAEb,OAAO,CAACc,OAAO,CAACC,GAAG,CAACC,MAAM,IAAIA,MAAM,CAAC1B,MAAM,CAACc,EAAE;YAC7D;UACJ,CAAC,CAAC;QACN;MACJ,CAAC,CAAC;MACF;;MAEA;MACA;MACAxE,GAAG,CAACqF,YAAY,CAAC,CAAC,CAACC,iBAAiB,CAACpG,UAAU,CAAC;MAChD,MAAMqG,cAAc,GAAGvF,GAAG,CAACqF,YAAY,CAAC,CAAC,CAACG,OAAO,CAACvG,UAAU,CAAC;MAE7Dc,GAAG,CAACiC,UAAU,CAAC,MAAM;QACjB,OAAOuD,cAAc,CAACE,OAAO,CAAC1F,GAAoB,CAAC;MACvD,CAAC,CAAC;MAEF,MAAM2F,YAAY,GAAG3F,GAAG,CAACkB,GAAG,CAACyE,YAAY;MACzC,MAAMC,OAAO,GAAGD,YAAY;;MAE5B;MACA,MAAME,aAAa,GAAG7F,GAAG,CAAC8F,SAAS,CAACtH,UAAU,EAAE;QAAEoH;MAAQ,CAAC,CAAC;MAC5D,MAAMG,sBAAsB,GAAG/F,GAAG,CAAC8F,SAAS,CAACpG,mBAAmB,EAAE;QAAEkG;MAAQ,CAAC,CAAC;;MAE9E;MACA,MAAMI,UAAU,GACZxF,mBAAmB,KAAK,IAAI,IAC5B,OAAOA,mBAAmB,KAAK,QAAQ,IACvCmF,YAAY;MAEhB,MAAMvB,GAAG,GAAG4B,UAAU,GAAGhG,GAAG,CAAC8F,SAAS,CAAClH,OAAO,CAAC,GAAG,IAAI;;MAEtD;MACA,MAAMqH,OAAO,GAAGjG,GAAG,CAAC8F,SAAS,CAACvH,WAAW,EAAE;QACvCqH,OAAO;QACPM,kBAAkB,EAAE;MACxB,CAAC,CAAC;;MAEF;MACA,MAAMC,QAAQ,GAAGnG,GAAG,CAAC8F,SAAS,CAACpH,YAAY,CAAC;;MAE5C;MACA,MAAM;QAAE0H,MAAM,EAAEC;MAAkB,CAAC,GAAGrG,GAAG,CAAC8F,SAAS,CAACnH,cAAc,EAAE;QAAEiH;MAAQ,CAAC,CAAC;MAEhF,IAAIhD,UAAU;MACd,IAAI/B,gBAAgB,KAAK,YAAY,EAAE;QACnC,MAAMyF,cAAc,GAAGhG,eAAe,EAAEiG,oBAAoB;;QAE5D;QACA;QACA;QACA;QACA;QACA,MAAMC,oBAAoB,GACtB,CAAC,CAAClG,eAAe,EAAEmG,wBAAwB,IAAI,CAACH,cAAc;QAClE,MAAMI,eAAe,GAAGF,oBAAoB,GAAG,EAAE,GAAGpG,wBAAwB,IAAI,EAAE;QAElFwC,UAAU,GAAG5C,GAAG,CAAC8F,SAAS,CAACrH,UAAU,EAAE;UACnCmH,OAAO;UACPe,UAAU,EAAED,eAAe;UAC3BJ;QACJ,CAAC,CAAC;MACN;MAEAtG,GAAG,CAAC8F,SAAS,CAACjH,YAAY,EAAE;QAAE6B,YAAY,EAAEA,YAAY,CAACkG;MAAI,CAAC,CAAC;MAE/D5G,GAAG,CAAC6G,UAAU,CAAC;QACXnG,YAAY,EAAEA,YAAY,CAACkG,GAAG;QAC9B7C,MAAM,EAAE3F,GAAG,CAAC0E,MAAM,CAACiB,MAAM;QACzB+C,mBAAmB,EAAET,iBAAiB,CAAC1C,MAAM,CAACc,EAAE;QAChDsC,uBAAuB,EAAElB,aAAa,CAAClC,MAAM,CAACqD,GAAG;QACjDP,wBAAwB,EAAEZ,aAAa,CAAClC,MAAM,CAAC9D,IAAI;QACnDoH,2BAA2B,EAAEpB,aAAa,CAAClC,MAAM,CAACuD,OAAO;QACzDC,4BAA4B,EAAEtB,aAAa,CAAClC,MAAM,CAACyD,QAAQ;QAC3DC,yBAAyB,EAAEtB,sBAAsB,CAACpC,MAAM,CAACqD,GAAG;QAC5DM,0BAA0B,EAAEvB,sBAAsB,CAACpC,MAAM,CAAC9D,IAAI;QAC9D0H,6BAA6B,EAAExB,sBAAsB,CAACpC,MAAM,CAACuD,OAAO;QACpEM,8BAA8B,EAAEzB,sBAAsB,CAACpC,MAAM,CAACyD,QAAQ;QACtEK,iBAAiB,EAAExB,OAAO,CAACyB,QAAQ,CAAC/D,MAAM,CAACc,EAAE;QAC7CkD,kBAAkB,EAAE1B,OAAO,CAACyB,QAAQ,CAAC/D,MAAM,CAACqD,GAAG;QAC/CY,6BAA6B,EAAE3B,OAAO,CAACyB,QAAQ,CAAC/D,MAAM,CAACkE,cAAc;QACrEC,kBAAkB,EAAE7B,OAAO,CAAC8B,cAAc,CAACpE,MAAM,CAACc,EAAE;QACpDuD,YAAY,EAAE7B,QAAQ,CAACxC,MAAM,CAAC9D,IAAI;QAClCoI,WAAW,EAAE9B,QAAQ,CAACxC,MAAM,CAACqD;MACjC,CAAC,CAAC;;MAEF;MACA,MAAM1H,oBAAoB,CAAC,MAAM,CAAC;MAElC,OAAO;QACHuG,aAAa;QACbzB,GAAG;QACH,GAAG6B,OAAO;QACVI,iBAAiB;QACjBF,QAAQ;QACRvD;MACJ,CAAC;IACL;EACJ,CAAC,CAAC;EAEF,MAAM5C,GAAG,GAAGlB,mBAAmB,CAACc,OAAO,EAAEsI,SAAS,IAAI;IAClD,MAAMC,WAAW,GAAGvI,OAAO,CAAC0C,SAAS,CAACuD,aAAa;IAEnD,MAAMuC,KAAsB,GAAG;MAC3BC,SAAS,EAAEF,WAAW,CAACxE,MAAM,CAAC9D,IAAI;MAClCqH,OAAO,EAAEiB,WAAW,CAACxE,MAAM,CAACuD,OAAO;MACnCE,QAAQ,EAAEe,WAAW,CAACxE,MAAM,CAACyD;IACjC,CAAC;IAEDc,SAAS,CAACI,OAAO,CAACC,QAAQ,IAAIxJ,2BAA2B,CAACa,OAAO,EAAEwI,KAAK,EAAEG,QAAQ,CAAC,CAAC;EACxF,CAAC,CAAC;EAEFvI,GAAG,CAACiC,UAAU,CAAC,MAAM;IACjBjC,GAAG,CAACwI,kBAAkB,CAAC;MACnB3I,IAAI,EAAE,MAAM;MACZ0I,QAAQ,EAAE;QACNpC,QAAQ,EAAE;UACNa,GAAG,EAAEpH,OAAO,CAAC0C,SAAS,CAAC6D,QAAQ,CAACxC,MAAM,CAACqD,GAAG;UAC1CnH,IAAI,EAAED,OAAO,CAAC0C,SAAS,CAAC6D,QAAQ,CAACxC,MAAM,CAAC9D;QAC5C,CAAC;QACD4I,aAAa,EAAE;UACXzB,GAAG,EAAEpH,OAAO,CAAC0C,SAAS,CAACuD,aAAa,CAAClC,MAAM,CAACqD,GAAG;UAC/CnH,IAAI,EAAED,OAAO,CAAC0C,SAAS,CAACuD,aAAa,CAAClC,MAAM,CAAC9D,IAAI;UACjDqH,OAAO,EAAEtH,OAAO,CAAC0C,SAAS,CAACuD,aAAa,CAAClC,MAAM,CAACuD,OAAO;UACvDE,QAAQ,EAAExH,OAAO,CAAC0C,SAAS,CAACuD,aAAa,CAAClC,MAAM,CAACyD;QACrD;MACJ;IACJ,CAAC,CAAC;EACN,CAAC,CAAC;EAEF,OAAOpH,GAAG;AACd","ignoreList":[]}
package/pulumi/apps/syncSystem/SyncSystemLambda.js CHANGED
@@ -9,7 +9,6 @@ import { LAMBDA_RUNTIME } from "../../constants.js";
9
9
  import { SyncSystemDynamo } from "./SyncSystemDynamo.js";
10
10
  export const SyncSystemLambda = createAppModule({
11
11
  name: "SyncSystemLambda",
12
- // eslint-disable-next-line
13
12
  config(app, _) {
14
13
  const policy = createSyncSystemLambdaPolicy({
15
14
  app,