@webiny/pulumi-aws 5.29.0 → 5.30.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/apps/admin/createAdminPulumiApp.d.ts +3 -2
- package/apps/admin/createAdminPulumiApp.js +11 -8
- package/apps/admin/createAdminPulumiApp.js.map +1 -1
- package/apps/api/ApiApwScheduler.js +3 -3
- package/apps/api/ApiApwScheduler.js.map +1 -1
- package/apps/api/ApiFileManager.js +6 -6
- package/apps/api/ApiFileManager.js.map +1 -1
- package/apps/api/ApiGraphql.d.ts +3 -0
- package/apps/api/ApiGraphql.js +25 -2
- package/apps/api/ApiGraphql.js.map +1 -1
- package/apps/api/ApiHeadlessCMS.js +2 -2
- package/apps/api/ApiHeadlessCMS.js.map +1 -1
- package/apps/api/ApiPageBuilder.js +8 -8
- package/apps/api/ApiPageBuilder.js.map +1 -1
- package/apps/api/createApiPulumiApp.d.ts +17 -2
- package/apps/api/createApiPulumiApp.js +31 -10
- package/apps/api/createApiPulumiApp.js.map +1 -1
- package/apps/core/createCorePulumiApp.d.ts +2 -1
- package/apps/core/createCorePulumiApp.js +8 -5
- package/apps/core/createCorePulumiApp.js.map +1 -1
- package/apps/lambdaUtils.d.ts +1 -2
- package/apps/lambdaUtils.js +17 -22
- package/apps/lambdaUtils.js.map +1 -1
- package/apps/website/WebsitePrerendering.js +6 -6
- package/apps/website/WebsitePrerendering.js.map +1 -1
- package/apps/website/createWebsitePulumiApp.d.ts +3 -2
- package/apps/website/createWebsitePulumiApp.js +14 -10
- package/apps/website/createWebsitePulumiApp.js.map +1 -1
- package/package.json +9 -9
- package/utils/index.d.ts +1 -0
- package/utils/index.js +21 -1
- package/utils/index.js.map +1 -1
- package/utils/lambdaEnvVariables.d.ts +20 -0
- package/utils/lambdaEnvVariables.js +82 -0
- package/utils/lambdaEnvVariables.js.map +1 -0
|
@@ -1,14 +1,15 @@
|
|
|
1
1
|
import * as aws from "@pulumi/aws";
|
|
2
2
|
import { PulumiAppParamCallback } from "@webiny/pulumi";
|
|
3
3
|
import { CustomDomainParams } from "../customDomain";
|
|
4
|
+
export declare type AdminPulumiApp = ReturnType<typeof createAdminPulumiApp>;
|
|
4
5
|
export interface CreateAdminPulumiAppParams {
|
|
5
6
|
/** Custom domain configuration */
|
|
6
|
-
|
|
7
|
+
domains?: PulumiAppParamCallback<CustomDomainParams>;
|
|
7
8
|
/**
|
|
8
9
|
* Provides a way to adjust existing Pulumi code (cloud infrastructure resources)
|
|
9
10
|
* or add additional ones into the mix.
|
|
10
11
|
*/
|
|
11
|
-
pulumi?: (app:
|
|
12
|
+
pulumi?: (app: AdminPulumiApp) => void | Promise<void>;
|
|
12
13
|
}
|
|
13
14
|
export declare const createAdminPulumiApp: (projectAppParams: CreateAdminPulumiAppParams) => import("@webiny/pulumi").PulumiApp<{
|
|
14
15
|
cloudfront: import("@webiny/pulumi").PulumiAppResource<typeof aws.cloudfront.Distribution>;
|
|
@@ -33,6 +33,14 @@ const createAdminPulumiApp = projectAppParams => {
|
|
|
33
33
|
path: "apps/admin",
|
|
34
34
|
config: projectAppParams,
|
|
35
35
|
program: async app => {
|
|
36
|
+
// Overrides must be applied via a handler, registered at the very start of the program.
|
|
37
|
+
// By doing this, we're ensuring user's adjustments are not applied to late.
|
|
38
|
+
if (projectAppParams.pulumi) {
|
|
39
|
+
app.addHandler(() => {
|
|
40
|
+
return projectAppParams.pulumi(app);
|
|
41
|
+
});
|
|
42
|
+
}
|
|
43
|
+
|
|
36
44
|
const bucket = (0, _createAppBucket.createPublicAppBucket)(app, "admin-app");
|
|
37
45
|
const cloudfront = app.addResource(aws.cloudfront.Distribution, {
|
|
38
46
|
name: "admin-app-cdn",
|
|
@@ -74,10 +82,10 @@ const createAdminPulumiApp = projectAppParams => {
|
|
|
74
82
|
}
|
|
75
83
|
}
|
|
76
84
|
});
|
|
77
|
-
const
|
|
85
|
+
const domains = app.getParam(projectAppParams.domains);
|
|
78
86
|
|
|
79
|
-
if (
|
|
80
|
-
(0, _customDomain.applyCustomDomain)(cloudfront,
|
|
87
|
+
if (domains) {
|
|
88
|
+
(0, _customDomain.applyCustomDomain)(cloudfront, domains);
|
|
81
89
|
}
|
|
82
90
|
|
|
83
91
|
app.addOutputs({
|
|
@@ -89,11 +97,6 @@ const createAdminPulumiApp = projectAppParams => {
|
|
|
89
97
|
WbyProjectName: String(process.env["WEBINY_PROJECT_NAME"]),
|
|
90
98
|
WbyEnvironment: String(process.env["WEBINY_ENV"])
|
|
91
99
|
});
|
|
92
|
-
|
|
93
|
-
if (projectAppParams.pulumi) {
|
|
94
|
-
await projectAppParams.pulumi(app);
|
|
95
|
-
}
|
|
96
|
-
|
|
97
100
|
return _objectSpread(_objectSpread({}, bucket), {}, {
|
|
98
101
|
cloudfront
|
|
99
102
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["createAdminPulumiApp","projectAppParams","createPulumiApp","name","path","config","program","app","bucket","createPublicAppBucket","cloudfront","addResource","aws","Distribution","enabled","waitForDeployment","origins","origin","defaultRootObject","defaultCacheBehavior","compress","targetOriginId","originId","viewerProtocolPolicy","allowedMethods","cachedMethods","forwardedValues","cookies","forward","queryString","minTtl","defaultTtl","maxTtl","priceClass","customErrorResponses","errorCode","responseCode","responsePagePath","restrictions","geoRestriction","restrictionType","viewerCertificate","cloudfrontDefaultCertificate","
|
|
1
|
+
{"version":3,"names":["createAdminPulumiApp","projectAppParams","createPulumiApp","name","path","config","program","app","pulumi","addHandler","bucket","createPublicAppBucket","cloudfront","addResource","aws","Distribution","enabled","waitForDeployment","origins","origin","defaultRootObject","defaultCacheBehavior","compress","targetOriginId","originId","viewerProtocolPolicy","allowedMethods","cachedMethods","forwardedValues","cookies","forward","queryString","minTtl","defaultTtl","maxTtl","priceClass","customErrorResponses","errorCode","responseCode","responsePagePath","restrictions","geoRestriction","restrictionType","viewerCertificate","cloudfrontDefaultCertificate","domains","getParam","applyCustomDomain","addOutputs","appStorage","output","id","appDomain","domainName","appUrl","apply","value","tagResources","WbyProjectName","String","process","env","WbyEnvironment"],"sources":["createAdminPulumiApp.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\n\nimport { createPulumiApp, PulumiAppParamCallback } from \"@webiny/pulumi\";\nimport { tagResources } from \"~/utils\";\nimport { createPublicAppBucket } from \"../createAppBucket\";\nimport { applyCustomDomain, CustomDomainParams } from \"../customDomain\";\n\nexport type AdminPulumiApp = ReturnType<typeof createAdminPulumiApp>;\n\nexport interface CreateAdminPulumiAppParams {\n /** Custom domain configuration */\n domains?: PulumiAppParamCallback<CustomDomainParams>;\n\n /**\n * Provides a way to adjust existing Pulumi code (cloud infrastructure resources)\n * or add additional ones into the mix.\n */\n pulumi?: (app: AdminPulumiApp) => void | Promise<void>;\n}\n\nexport const createAdminPulumiApp = (projectAppParams: CreateAdminPulumiAppParams) => {\n return createPulumiApp({\n name: \"admin\",\n path: \"apps/admin\",\n config: projectAppParams,\n program: async app => {\n // Overrides must be applied via a handler, registered at the very start of the program.\n // By doing this, we're ensuring user's adjustments are not applied to late.\n if (projectAppParams.pulumi) {\n app.addHandler(() => {\n return projectAppParams.pulumi!(app as AdminPulumiApp);\n });\n }\n\n const bucket = createPublicAppBucket(app, \"admin-app\");\n\n const cloudfront = app.addResource(aws.cloudfront.Distribution, {\n name: \"admin-app-cdn\",\n config: {\n enabled: true,\n waitForDeployment: false,\n origins: [bucket.origin],\n defaultRootObject: \"index.html\",\n defaultCacheBehavior: {\n compress: true,\n targetOriginId: bucket.origin.originId,\n viewerProtocolPolicy: \"redirect-to-https\",\n allowedMethods: [\"GET\", \"HEAD\", \"OPTIONS\"],\n cachedMethods: [\"GET\", \"HEAD\", \"OPTIONS\"],\n forwardedValues: {\n cookies: { forward: \"none\" },\n queryString: false\n },\n // MinTTL <= DefaultTTL <= MaxTTL\n minTtl: 0,\n defaultTtl: 600,\n maxTtl: 600\n },\n priceClass: \"PriceClass_100\",\n customErrorResponses: [\n { errorCode: 404, responseCode: 404, responsePagePath: \"/index.html\" }\n ],\n restrictions: {\n geoRestriction: {\n restrictionType: \"none\"\n }\n },\n viewerCertificate: {\n cloudfrontDefaultCertificate: true\n }\n }\n });\n\n const domains = app.getParam(projectAppParams.domains);\n if (domains) {\n applyCustomDomain(cloudfront, domains);\n }\n\n app.addOutputs({\n appStorage: bucket.bucket.output.id,\n appDomain: cloudfront.output.domainName,\n appUrl: cloudfront.output.domainName.apply(value => `https://${value}`)\n });\n\n tagResources({\n WbyProjectName: String(process.env[\"WEBINY_PROJECT_NAME\"]),\n WbyEnvironment: String(process.env[\"WEBINY_ENV\"])\n });\n\n return {\n ...bucket,\n cloudfront\n };\n }\n });\n};\n"],"mappings":";;;;;;;;;;;AAAA;;AAEA;;AACA;;AACA;;AACA;;;;;;;;;;AAeO,MAAMA,oBAAoB,GAAIC,gBAAD,IAAkD;EAClF,OAAO,IAAAC,uBAAA,EAAgB;IACnBC,IAAI,EAAE,OADa;IAEnBC,IAAI,EAAE,YAFa;IAGnBC,MAAM,EAAEJ,gBAHW;IAInBK,OAAO,EAAE,MAAMC,GAAN,IAAa;MAClB;MACA;MACA,IAAIN,gBAAgB,CAACO,MAArB,EAA6B;QACzBD,GAAG,CAACE,UAAJ,CAAe,MAAM;UACjB,OAAOR,gBAAgB,CAACO,MAAjB,CAAyBD,GAAzB,CAAP;QACH,CAFD;MAGH;;MAED,MAAMG,MAAM,GAAG,IAAAC,sCAAA,EAAsBJ,GAAtB,EAA2B,WAA3B,CAAf;MAEA,MAAMK,UAAU,GAAGL,GAAG,CAACM,WAAJ,CAAgBC,GAAG,CAACF,UAAJ,CAAeG,YAA/B,EAA6C;QAC5DZ,IAAI,EAAE,eADsD;QAE5DE,MAAM,EAAE;UACJW,OAAO,EAAE,IADL;UAEJC,iBAAiB,EAAE,KAFf;UAGJC,OAAO,EAAE,CAACR,MAAM,CAACS,MAAR,CAHL;UAIJC,iBAAiB,EAAE,YAJf;UAKJC,oBAAoB,EAAE;YAClBC,QAAQ,EAAE,IADQ;YAElBC,cAAc,EAAEb,MAAM,CAACS,MAAP,CAAcK,QAFZ;YAGlBC,oBAAoB,EAAE,mBAHJ;YAIlBC,cAAc,EAAE,CAAC,KAAD,EAAQ,MAAR,EAAgB,SAAhB,CAJE;YAKlBC,aAAa,EAAE,CAAC,KAAD,EAAQ,MAAR,EAAgB,SAAhB,CALG;YAMlBC,eAAe,EAAE;cACbC,OAAO,EAAE;gBAAEC,OAAO,EAAE;cAAX,CADI;cAEbC,WAAW,EAAE;YAFA,CANC;YAUlB;YACAC,MAAM,EAAE,CAXU;YAYlBC,UAAU,EAAE,GAZM;YAalBC,MAAM,EAAE;UAbU,CALlB;UAoBJC,UAAU,EAAE,gBApBR;UAqBJC,oBAAoB,EAAE,CAClB;YAAEC,SAAS,EAAE,GAAb;YAAkBC,YAAY,EAAE,GAAhC;YAAqCC,gBAAgB,EAAE;UAAvD,CADkB,CArBlB;UAwBJC,YAAY,EAAE;YACVC,cAAc,EAAE;cACZC,eAAe,EAAE;YADL;UADN,CAxBV;UA6BJC,iBAAiB,EAAE;YACfC,4BAA4B,EAAE;UADf;QA7Bf;MAFoD,CAA7C,CAAnB;MAqCA,MAAMC,OAAO,GAAGtC,GAAG,CAACuC,QAAJ,CAAa7C,gBAAgB,CAAC4C,OAA9B,CAAhB;;MACA,IAAIA,OAAJ,EAAa;QACT,IAAAE,+BAAA,EAAkBnC,UAAlB,EAA8BiC,OAA9B;MACH;;MAEDtC,GAAG,CAACyC,UAAJ,CAAe;QACXC,UAAU,EAAEvC,MAAM,CAACA,MAAP,CAAcwC,MAAd,CAAqBC,EADtB;QAEXC,SAAS,EAAExC,UAAU,CAACsC,MAAX,CAAkBG,UAFlB;QAGXC,MAAM,EAAE1C,UAAU,CAACsC,MAAX,CAAkBG,UAAlB,CAA6BE,KAA7B,CAAmCC,KAAK,IAAK,WAAUA,KAAM,EAA7D;MAHG,CAAf;MAMA,IAAAC,mBAAA,EAAa;QACTC,cAAc,EAAEC,MAAM,CAACC,OAAO,CAACC,GAAR,CAAY,qBAAZ,CAAD,CADb;QAETC,cAAc,EAAEH,MAAM,CAACC,OAAO,CAACC,GAAR,CAAY,YAAZ,CAAD;MAFb,CAAb;MAKA,uCACOnD,MADP;QAEIE;MAFJ;IAIH;EAxEkB,CAAhB,CAAP;AA0EH,CA3EM"}
|
|
@@ -122,7 +122,7 @@ function createExecuteActionLambda(app, params) {
|
|
|
122
122
|
".": new pulumi.asset.FileArchive(_path.default.join(app.paths.workspace, "apw/executeAction/build"))
|
|
123
123
|
}),
|
|
124
124
|
environment: {
|
|
125
|
-
variables:
|
|
125
|
+
variables: (0, _lambdaUtils.getCommonLambdaEnvVariables)().apply(value => _objectSpread(_objectSpread({}, value), params.env))
|
|
126
126
|
}
|
|
127
127
|
}
|
|
128
128
|
});
|
|
@@ -201,11 +201,11 @@ function createScheduleActionLambda(app, executeLambda, params) {
|
|
|
201
201
|
".": new pulumi.asset.FileArchive(_path.default.join(app.paths.workspace, "apw/scheduleAction/build"))
|
|
202
202
|
}),
|
|
203
203
|
environment: {
|
|
204
|
-
variables: _objectSpread(_objectSpread(_objectSpread({},
|
|
204
|
+
variables: (0, _lambdaUtils.getCommonLambdaEnvVariables)().apply(value => _objectSpread(_objectSpread(_objectSpread({}, value), params.env), {}, {
|
|
205
205
|
APW_SCHEDULER_EXECUTE_ACTION_HANDLER: executeLambda.arn // RULE_NAME: this.eventRule.name.apply(name => name),
|
|
206
206
|
// RULE_TARGET_ID: this.eventTarget.targetId.apply(id => id)
|
|
207
207
|
|
|
208
|
-
})
|
|
208
|
+
}))
|
|
209
209
|
}
|
|
210
210
|
}
|
|
211
211
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["LAMBDA_NAME_PREFIX","CREATE_RULE_LAMBDA","EXECUTE_ACTION_LAMBDA","EVENT_RULE_NAME","EVENT_RULE_TARGET","ApiApwScheduler","createAppModule","name","config","app","params","executeAction","createExecuteActionLambda","scheduleAction","createScheduleActionLambda","lambda","output","eventRule","addResource","aws","cloudwatch","EventRule","description","scheduleExpression","isEnabled","Permission","action","function","arn","principal","statementId","eventTarget","EventTarget","rule","role","iam","Role","assumeRolePolicy","Version","Statement","Action","Principal","Service","Effect","policy","createExecuteActionLambdaPolicy","RolePolicyAttachment","policyArn","ManagedPolicy","AWSLambdaBasicExecutionRole","Function","runtime","handler","timeout","memorySize","code","pulumi","asset","AssetArchive","FileArchive","path","join","paths","workspace","environment","variables","getCommonLambdaEnvVariables","env","core","getModule","CoreOutput","Policy","Sid","Resource","interpolate","primaryDynamodbTableArn","executeLambda","createScheduleActionLambdaPolicy","APW_SCHEDULER_EXECUTE_ACTION_HANDLER"],"sources":["ApiApwScheduler.ts"],"sourcesContent":["import path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport { createAppModule, PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\nimport { CoreOutput } from \"../common\";\nimport { getCommonLambdaEnvVariables } from \"../lambdaUtils\";\n\ninterface ScheduleActionParams {\n env: Record<string, any>;\n}\n\nconst LAMBDA_NAME_PREFIX = \"apw-scheduler\";\nconst CREATE_RULE_LAMBDA = `${LAMBDA_NAME_PREFIX}-schedule-action-lambda`;\nconst EXECUTE_ACTION_LAMBDA = `${LAMBDA_NAME_PREFIX}-execute-action-lambda`;\nconst EVENT_RULE_NAME = `${LAMBDA_NAME_PREFIX}-event-rule`;\nconst EVENT_RULE_TARGET = `${LAMBDA_NAME_PREFIX}-event-rule-target`;\n\nexport type ApiApwScheduler = PulumiAppModule<typeof ApiApwScheduler>;\n\nexport const ApiApwScheduler = createAppModule({\n name: \"ApiApwScheduler\",\n config(app: PulumiApp, params: ScheduleActionParams) {\n const executeAction = createExecuteActionLambda(app, params);\n const scheduleAction = createScheduleActionLambda(app, executeAction.lambda.output, params);\n\n // Create event rule.\n const eventRule = app.addResource(aws.cloudwatch.EventRule, {\n name: EVENT_RULE_NAME,\n config: {\n description: `Enable us to schedule an action in publishing workflow at a particular datetime`,\n scheduleExpression: \"cron(* * * * ? 2000)\",\n isEnabled: true\n }\n });\n\n // Add required permission to the target lambda.\n app.addResource(aws.lambda.Permission, {\n name: \"eventTargetPermission\",\n config: {\n action: \"lambda:InvokeFunction\",\n function: scheduleAction.lambda.output.arn,\n principal: \"events.amazonaws.com\",\n statementId: \"allow-rule-invoke-\" + EVENT_RULE_NAME\n }\n });\n\n // Add lambda as target to the event rule.\n const eventTarget = app.addResource(aws.cloudwatch.EventTarget, {\n name: EVENT_RULE_TARGET,\n config: {\n rule: eventRule.output.name,\n arn: scheduleAction.lambda.output.arn\n }\n });\n\n return {\n executeAction,\n scheduleAction,\n eventRule,\n eventTarget\n };\n }\n});\n\nfunction createExecuteActionLambda(app: PulumiApp, params: ScheduleActionParams) {\n const role = app.addResource(aws.iam.Role, {\n name: `${EXECUTE_ACTION_LAMBDA}-role`,\n config: {\n assumeRolePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Action: \"sts:AssumeRole\",\n Principal: {\n Service: \"lambda.amazonaws.com\"\n },\n Effect: \"Allow\"\n }\n ]\n }\n }\n });\n\n const policy = createExecuteActionLambdaPolicy(app);\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${EXECUTE_ACTION_LAMBDA}-role-policy-attachment`,\n config: {\n role: role.output,\n policyArn: policy.output.arn\n }\n });\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${EXECUTE_ACTION_LAMBDA}-AWSLambdaBasicExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n }\n });\n\n const lambda = app.addResource(aws.lambda.Function, {\n name: EXECUTE_ACTION_LAMBDA,\n config: {\n role: role.output.arn,\n runtime: \"nodejs14.x\",\n handler: \"handler.handler\",\n timeout: 60,\n memorySize: 128,\n description: \"Handle execute action workflow in apw scheduler\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"apw/executeAction/build\")\n )\n }),\n environment: {\n variables: {\n ...getCommonLambdaEnvVariables(),\n ...params.env\n }\n }\n }\n });\n\n return {\n role,\n policy,\n lambda\n };\n}\n\nfunction createExecuteActionLambdaPolicy(app: PulumiApp) {\n const core = app.getModule(CoreOutput);\n\n return app.addResource(aws.iam.Policy, {\n name: \"ApwSchedulerExecuteActionLambdaPolicy\",\n config: {\n description: \"This policy enables access to cloudwatch event and lambda invocation\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionLambda\",\n Effect: \"Allow\",\n Action: [\"lambda:InvokeFunction\"],\n Resource: [\"*\"]\n },\n {\n Sid: \"PermissionDynamoDB\",\n Effect: \"Allow\",\n Action: [\"dynamodb:Query\", \"dynamodb:GetItem\", \"dynamodb:DeleteItem\"],\n Resource: [\n pulumi.interpolate`${core.primaryDynamodbTableArn}`,\n pulumi.interpolate`${core.primaryDynamodbTableArn}/*`\n ]\n }\n ]\n }\n }\n });\n}\n\nfunction createScheduleActionLambda(\n app: PulumiApp,\n executeLambda: pulumi.Output<aws.lambda.Function>,\n params: ScheduleActionParams\n) {\n const role = app.addResource(aws.iam.Role, {\n name: `${CREATE_RULE_LAMBDA}-role`,\n config: {\n assumeRolePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Action: \"sts:AssumeRole\",\n Principal: {\n Service: \"lambda.amazonaws.com\"\n },\n Effect: \"Allow\"\n }\n ]\n }\n }\n });\n\n const policy = createScheduleActionLambdaPolicy(app);\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${CREATE_RULE_LAMBDA}-role-policy-attachment`,\n config: {\n role: role.output,\n policyArn: policy.output.arn\n }\n });\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${CREATE_RULE_LAMBDA}-AWSLambdaBasicExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n }\n });\n\n const lambda = app.addResource(aws.lambda.Function, {\n name: CREATE_RULE_LAMBDA,\n config: {\n role: role.output.arn,\n runtime: \"nodejs14.x\",\n handler: \"handler.handler\",\n timeout: 60,\n memorySize: 128,\n description: \"Handle schedule action workflow in apw scheduler\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"apw/scheduleAction/build\")\n )\n }),\n environment: {\n variables: {\n ...getCommonLambdaEnvVariables(),\n ...params.env,\n APW_SCHEDULER_EXECUTE_ACTION_HANDLER: executeLambda.arn\n // RULE_NAME: this.eventRule.name.apply(name => name),\n // RULE_TARGET_ID: this.eventTarget.targetId.apply(id => id)\n }\n }\n }\n });\n\n return {\n role,\n policy,\n lambda\n };\n}\n\nfunction createScheduleActionLambdaPolicy(app: PulumiApp) {\n const core = app.getModule(CoreOutput);\n\n return app.addResource(aws.iam.Policy, {\n name: \"ApwSchedulerScheduleActionLambdaPolicy\",\n config: {\n description: \"This policy enables access to cloudwatch event and lambda invocation\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionLambda\",\n Effect: \"Allow\",\n Action: [\"lambda:InvokeFunction\"],\n Resource: [\"*\"]\n },\n {\n Sid: \"PermissionDynamoDB\",\n Effect: \"Allow\",\n Action: [\n \"dynamodb:PutItem\",\n \"dynamodb:Query\",\n \"dynamodb:GetItem\",\n \"dynamodb:UpdateItem\",\n \"dynamodb:DeleteItem\"\n ],\n Resource: [\n pulumi.interpolate`${core.primaryDynamodbTableArn}`,\n pulumi.interpolate`${core.primaryDynamodbTableArn}/*`\n ]\n },\n {\n Sid: \"PermissionEvents\",\n Effect: \"Allow\",\n Action: [\n \"events:DeleteRule\",\n \"events:PutTargets\",\n \"events:PutRule\",\n \"events:ListRules\",\n \"events:RemoveTargets\",\n \"events:ListTargetsByRule\"\n ],\n Resource: [\"*\"]\n }\n ]\n }\n }\n });\n}\n"],"mappings":";;;;;;;;;;;AAAA;;AACA;;AACA;;AACA;;AACA;;AACA;;;;;;;;;;AAMA,MAAMA,kBAAkB,GAAG,eAA3B;AACA,MAAMC,kBAAkB,GAAI,GAAED,kBAAmB,yBAAjD;AACA,MAAME,qBAAqB,GAAI,GAAEF,kBAAmB,wBAApD;AACA,MAAMG,eAAe,GAAI,GAAEH,kBAAmB,aAA9C;AACA,MAAMI,iBAAiB,GAAI,GAAEJ,kBAAmB,oBAAhD;AAIO,MAAMK,eAAe,GAAG,IAAAC,wBAAA,EAAgB;EAC3CC,IAAI,EAAE,iBADqC;;EAE3CC,MAAM,CAACC,GAAD,EAAiBC,MAAjB,EAA+C;IACjD,MAAMC,aAAa,GAAGC,yBAAyB,CAACH,GAAD,EAAMC,MAAN,CAA/C;IACA,MAAMG,cAAc,GAAGC,0BAA0B,CAACL,GAAD,EAAME,aAAa,CAACI,MAAd,CAAqBC,MAA3B,EAAmCN,MAAnC,CAAjD,CAFiD,CAIjD;;IACA,MAAMO,SAAS,GAAGR,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACC,UAAJ,CAAeC,SAA/B,EAA0C;MACxDd,IAAI,EAAEJ,eADkD;MAExDK,MAAM,EAAE;QACJc,WAAW,EAAG,iFADV;QAEJC,kBAAkB,EAAE,sBAFhB;QAGJC,SAAS,EAAE;MAHP;IAFgD,CAA1C,CAAlB,CALiD,CAcjD;;IACAf,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACJ,MAAJ,CAAWU,UAA3B,EAAuC;MACnClB,IAAI,EAAE,uBAD6B;MAEnCC,MAAM,EAAE;QACJkB,MAAM,EAAE,uBADJ;QAEJC,QAAQ,EAAEd,cAAc,CAACE,MAAf,CAAsBC,MAAtB,CAA6BY,GAFnC;QAGJC,SAAS,EAAE,sBAHP;QAIJC,WAAW,EAAE,uBAAuB3B;MAJhC;IAF2B,CAAvC,EAfiD,CAyBjD;;IACA,MAAM4B,WAAW,GAAGtB,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACC,UAAJ,CAAeY,WAA/B,EAA4C;MAC5DzB,IAAI,EAAEH,iBADsD;MAE5DI,MAAM,EAAE;QACJyB,IAAI,EAAEhB,SAAS,CAACD,MAAV,CAAiBT,IADnB;QAEJqB,GAAG,EAAEf,cAAc,CAACE,MAAf,CAAsBC,MAAtB,CAA6BY;MAF9B;IAFoD,CAA5C,CAApB;IAQA,OAAO;MACHjB,aADG;MAEHE,cAFG;MAGHI,SAHG;MAIHc;IAJG,CAAP;EAMH;;AA1C0C,CAAhB,CAAxB;;;AA6CP,SAASnB,yBAAT,CAAmCH,GAAnC,EAAmDC,MAAnD,EAAiF;EAC7E,MAAMwB,IAAI,GAAGzB,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACgB,GAAJ,CAAQC,IAAxB,EAA8B;IACvC7B,IAAI,EAAG,GAAEL,qBAAsB,OADQ;IAEvCM,MAAM,EAAE;MACJ6B,gBAAgB,EAAE;QACdC,OAAO,EAAE,YADK;QAEdC,SAAS,EAAE,CACP;UACIC,MAAM,EAAE,gBADZ;UAEIC,SAAS,EAAE;YACPC,OAAO,EAAE;UADF,CAFf;UAKIC,MAAM,EAAE;QALZ,CADO;MAFG;IADd;EAF+B,CAA9B,CAAb;EAkBA,MAAMC,MAAM,GAAGC,+BAA+B,CAACpC,GAAD,CAA9C;EAEAA,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACgB,GAAJ,CAAQW,oBAAxB,EAA8C;IAC1CvC,IAAI,EAAG,GAAEL,qBAAsB,yBADW;IAE1CM,MAAM,EAAE;MACJ0B,IAAI,EAAEA,IAAI,CAAClB,MADP;MAEJ+B,SAAS,EAAEH,MAAM,CAAC5B,MAAP,CAAcY;IAFrB;EAFkC,CAA9C;EAQAnB,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACgB,GAAJ,CAAQW,oBAAxB,EAA8C;IAC1CvC,IAAI,EAAG,GAAEL,qBAAsB,8BADW;IAE1CM,MAAM,EAAE;MACJ0B,IAAI,EAAEA,IAAI,CAAClB,MADP;MAEJ+B,SAAS,EAAE5B,GAAG,CAACgB,GAAJ,CAAQa,aAAR,CAAsBC;IAF7B;EAFkC,CAA9C;EAQA,MAAMlC,MAAM,GAAGN,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACJ,MAAJ,CAAWmC,QAA3B,EAAqC;IAChD3C,IAAI,EAAEL,qBAD0C;IAEhDM,MAAM,EAAE;MACJ0B,IAAI,EAAEA,IAAI,CAAClB,MAAL,CAAYY,GADd;MAEJuB,OAAO,EAAE,YAFL;MAGJC,OAAO,EAAE,iBAHL;MAIJC,OAAO,EAAE,EAJL;MAKJC,UAAU,EAAE,GALR;MAMJhC,WAAW,EAAE,iDANT;MAOJiC,IAAI,EAAE,IAAIC,MAAM,CAACC,KAAP,CAAaC,YAAjB,CAA8B;QAChC,KAAK,IAAIF,MAAM,CAACC,KAAP,CAAaE,WAAjB,CACDC,aAAA,CAAKC,IAAL,CAAUpD,GAAG,CAACqD,KAAJ,CAAUC,SAApB,EAA+B,yBAA/B,CADC;MAD2B,CAA9B,CAPF;MAYJC,WAAW,EAAE;QACTC,SAAS,kCACF,IAAAC,wCAAA,GADE,GAEFxD,MAAM,CAACyD,GAFL;MADA;IAZT;EAFwC,CAArC,CAAf;EAuBA,OAAO;IACHjC,IADG;IAEHU,MAFG;IAGH7B;EAHG,CAAP;AAKH;;AAED,SAAS8B,+BAAT,CAAyCpC,GAAzC,EAAyD;EACrD,MAAM2D,IAAI,GAAG3D,GAAG,CAAC4D,SAAJ,CAAcC,kBAAd,CAAb;EAEA,OAAO7D,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACgB,GAAJ,CAAQoC,MAAxB,EAAgC;IACnChE,IAAI,EAAE,uCAD6B;IAEnCC,MAAM,EAAE;MACJc,WAAW,EAAE,sEADT;MAEJsB,MAAM,EAAE;QACJN,OAAO,EAAE,YADL;QAEJC,SAAS,EAAE,CACP;UACIiC,GAAG,EAAE,kBADT;UAEI7B,MAAM,EAAE,OAFZ;UAGIH,MAAM,EAAE,CAAC,uBAAD,CAHZ;UAIIiC,QAAQ,EAAE,CAAC,GAAD;QAJd,CADO,EAOP;UACID,GAAG,EAAE,oBADT;UAEI7B,MAAM,EAAE,OAFZ;UAGIH,MAAM,EAAE,CAAC,gBAAD,EAAmB,kBAAnB,EAAuC,qBAAvC,CAHZ;UAIIiC,QAAQ,EAAE,CACNjB,MAAM,CAACkB,WAAY,GAAEN,IAAI,CAACO,uBAAwB,EAD5C,EAENnB,MAAM,CAACkB,WAAY,GAAEN,IAAI,CAACO,uBAAwB,IAF5C;QAJd,CAPO;MAFP;IAFJ;EAF2B,CAAhC,CAAP;AA0BH;;AAED,SAAS7D,0BAAT,CACIL,GADJ,EAEImE,aAFJ,EAGIlE,MAHJ,EAIE;EACE,MAAMwB,IAAI,GAAGzB,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACgB,GAAJ,CAAQC,IAAxB,EAA8B;IACvC7B,IAAI,EAAG,GAAEN,kBAAmB,OADW;IAEvCO,MAAM,EAAE;MACJ6B,gBAAgB,EAAE;QACdC,OAAO,EAAE,YADK;QAEdC,SAAS,EAAE,CACP;UACIC,MAAM,EAAE,gBADZ;UAEIC,SAAS,EAAE;YACPC,OAAO,EAAE;UADF,CAFf;UAKIC,MAAM,EAAE;QALZ,CADO;MAFG;IADd;EAF+B,CAA9B,CAAb;EAkBA,MAAMC,MAAM,GAAGiC,gCAAgC,CAACpE,GAAD,CAA/C;EAEAA,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACgB,GAAJ,CAAQW,oBAAxB,EAA8C;IAC1CvC,IAAI,EAAG,GAAEN,kBAAmB,yBADc;IAE1CO,MAAM,EAAE;MACJ0B,IAAI,EAAEA,IAAI,CAAClB,MADP;MAEJ+B,SAAS,EAAEH,MAAM,CAAC5B,MAAP,CAAcY;IAFrB;EAFkC,CAA9C;EAQAnB,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACgB,GAAJ,CAAQW,oBAAxB,EAA8C;IAC1CvC,IAAI,EAAG,GAAEN,kBAAmB,8BADc;IAE1CO,MAAM,EAAE;MACJ0B,IAAI,EAAEA,IAAI,CAAClB,MADP;MAEJ+B,SAAS,EAAE5B,GAAG,CAACgB,GAAJ,CAAQa,aAAR,CAAsBC;IAF7B;EAFkC,CAA9C;EAQA,MAAMlC,MAAM,GAAGN,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACJ,MAAJ,CAAWmC,QAA3B,EAAqC;IAChD3C,IAAI,EAAEN,kBAD0C;IAEhDO,MAAM,EAAE;MACJ0B,IAAI,EAAEA,IAAI,CAAClB,MAAL,CAAYY,GADd;MAEJuB,OAAO,EAAE,YAFL;MAGJC,OAAO,EAAE,iBAHL;MAIJC,OAAO,EAAE,EAJL;MAKJC,UAAU,EAAE,GALR;MAMJhC,WAAW,EAAE,kDANT;MAOJiC,IAAI,EAAE,IAAIC,MAAM,CAACC,KAAP,CAAaC,YAAjB,CAA8B;QAChC,KAAK,IAAIF,MAAM,CAACC,KAAP,CAAaE,WAAjB,CACDC,aAAA,CAAKC,IAAL,CAAUpD,GAAG,CAACqD,KAAJ,CAAUC,SAApB,EAA+B,0BAA/B,CADC;MAD2B,CAA9B,CAPF;MAYJC,WAAW,EAAE;QACTC,SAAS,gDACF,IAAAC,wCAAA,GADE,GAEFxD,MAAM,CAACyD,GAFL;UAGLW,oCAAoC,EAAEF,aAAa,CAAChD,GAH/C,CAIL;UACA;;QALK;MADA;IAZT;EAFwC,CAArC,CAAf;EA0BA,OAAO;IACHM,IADG;IAEHU,MAFG;IAGH7B;EAHG,CAAP;AAKH;;AAED,SAAS8D,gCAAT,CAA0CpE,GAA1C,EAA0D;EACtD,MAAM2D,IAAI,GAAG3D,GAAG,CAAC4D,SAAJ,CAAcC,kBAAd,CAAb;EAEA,OAAO7D,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACgB,GAAJ,CAAQoC,MAAxB,EAAgC;IACnChE,IAAI,EAAE,wCAD6B;IAEnCC,MAAM,EAAE;MACJc,WAAW,EAAE,sEADT;MAEJsB,MAAM,EAAE;QACJN,OAAO,EAAE,YADL;QAEJC,SAAS,EAAE,CACP;UACIiC,GAAG,EAAE,kBADT;UAEI7B,MAAM,EAAE,OAFZ;UAGIH,MAAM,EAAE,CAAC,uBAAD,CAHZ;UAIIiC,QAAQ,EAAE,CAAC,GAAD;QAJd,CADO,EAOP;UACID,GAAG,EAAE,oBADT;UAEI7B,MAAM,EAAE,OAFZ;UAGIH,MAAM,EAAE,CACJ,kBADI,EAEJ,gBAFI,EAGJ,kBAHI,EAIJ,qBAJI,EAKJ,qBALI,CAHZ;UAUIiC,QAAQ,EAAE,CACNjB,MAAM,CAACkB,WAAY,GAAEN,IAAI,CAACO,uBAAwB,EAD5C,EAENnB,MAAM,CAACkB,WAAY,GAAEN,IAAI,CAACO,uBAAwB,IAF5C;QAVd,CAPO,EAsBP;UACIH,GAAG,EAAE,kBADT;UAEI7B,MAAM,EAAE,OAFZ;UAGIH,MAAM,EAAE,CACJ,mBADI,EAEJ,mBAFI,EAGJ,gBAHI,EAIJ,kBAJI,EAKJ,sBALI,EAMJ,0BANI,CAHZ;UAWIiC,QAAQ,EAAE,CAAC,GAAD;QAXd,CAtBO;MAFP;IAFJ;EAF2B,CAAhC,CAAP;AA6CH"}
|
|
1
|
+
{"version":3,"names":["LAMBDA_NAME_PREFIX","CREATE_RULE_LAMBDA","EXECUTE_ACTION_LAMBDA","EVENT_RULE_NAME","EVENT_RULE_TARGET","ApiApwScheduler","createAppModule","name","config","app","params","executeAction","createExecuteActionLambda","scheduleAction","createScheduleActionLambda","lambda","output","eventRule","addResource","aws","cloudwatch","EventRule","description","scheduleExpression","isEnabled","Permission","action","function","arn","principal","statementId","eventTarget","EventTarget","rule","role","iam","Role","assumeRolePolicy","Version","Statement","Action","Principal","Service","Effect","policy","createExecuteActionLambdaPolicy","RolePolicyAttachment","policyArn","ManagedPolicy","AWSLambdaBasicExecutionRole","Function","runtime","handler","timeout","memorySize","code","pulumi","asset","AssetArchive","FileArchive","path","join","paths","workspace","environment","variables","getCommonLambdaEnvVariables","apply","value","env","core","getModule","CoreOutput","Policy","Sid","Resource","interpolate","primaryDynamodbTableArn","executeLambda","createScheduleActionLambdaPolicy","APW_SCHEDULER_EXECUTE_ACTION_HANDLER"],"sources":["ApiApwScheduler.ts"],"sourcesContent":["import path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport { createAppModule, PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\nimport { CoreOutput } from \"../common\";\nimport { getCommonLambdaEnvVariables } from \"../lambdaUtils\";\n\ninterface ScheduleActionParams {\n env: Record<string, any>;\n}\n\nconst LAMBDA_NAME_PREFIX = \"apw-scheduler\";\nconst CREATE_RULE_LAMBDA = `${LAMBDA_NAME_PREFIX}-schedule-action-lambda`;\nconst EXECUTE_ACTION_LAMBDA = `${LAMBDA_NAME_PREFIX}-execute-action-lambda`;\nconst EVENT_RULE_NAME = `${LAMBDA_NAME_PREFIX}-event-rule`;\nconst EVENT_RULE_TARGET = `${LAMBDA_NAME_PREFIX}-event-rule-target`;\n\nexport type ApiApwScheduler = PulumiAppModule<typeof ApiApwScheduler>;\n\nexport const ApiApwScheduler = createAppModule({\n name: \"ApiApwScheduler\",\n config(app: PulumiApp, params: ScheduleActionParams) {\n const executeAction = createExecuteActionLambda(app, params);\n const scheduleAction = createScheduleActionLambda(app, executeAction.lambda.output, params);\n\n // Create event rule.\n const eventRule = app.addResource(aws.cloudwatch.EventRule, {\n name: EVENT_RULE_NAME,\n config: {\n description: `Enable us to schedule an action in publishing workflow at a particular datetime`,\n scheduleExpression: \"cron(* * * * ? 2000)\",\n isEnabled: true\n }\n });\n\n // Add required permission to the target lambda.\n app.addResource(aws.lambda.Permission, {\n name: \"eventTargetPermission\",\n config: {\n action: \"lambda:InvokeFunction\",\n function: scheduleAction.lambda.output.arn,\n principal: \"events.amazonaws.com\",\n statementId: \"allow-rule-invoke-\" + EVENT_RULE_NAME\n }\n });\n\n // Add lambda as target to the event rule.\n const eventTarget = app.addResource(aws.cloudwatch.EventTarget, {\n name: EVENT_RULE_TARGET,\n config: {\n rule: eventRule.output.name,\n arn: scheduleAction.lambda.output.arn\n }\n });\n\n return {\n executeAction,\n scheduleAction,\n eventRule,\n eventTarget\n };\n }\n});\n\nfunction createExecuteActionLambda(app: PulumiApp, params: ScheduleActionParams) {\n const role = app.addResource(aws.iam.Role, {\n name: `${EXECUTE_ACTION_LAMBDA}-role`,\n config: {\n assumeRolePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Action: \"sts:AssumeRole\",\n Principal: {\n Service: \"lambda.amazonaws.com\"\n },\n Effect: \"Allow\"\n }\n ]\n }\n }\n });\n\n const policy = createExecuteActionLambdaPolicy(app);\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${EXECUTE_ACTION_LAMBDA}-role-policy-attachment`,\n config: {\n role: role.output,\n policyArn: policy.output.arn\n }\n });\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${EXECUTE_ACTION_LAMBDA}-AWSLambdaBasicExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n }\n });\n\n const lambda = app.addResource(aws.lambda.Function, {\n name: EXECUTE_ACTION_LAMBDA,\n config: {\n role: role.output.arn,\n runtime: \"nodejs14.x\",\n handler: \"handler.handler\",\n timeout: 60,\n memorySize: 128,\n description: \"Handle execute action workflow in apw scheduler\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"apw/executeAction/build\")\n )\n }),\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n ...params.env\n }))\n }\n }\n });\n\n return {\n role,\n policy,\n lambda\n };\n}\n\nfunction createExecuteActionLambdaPolicy(app: PulumiApp) {\n const core = app.getModule(CoreOutput);\n\n return app.addResource(aws.iam.Policy, {\n name: \"ApwSchedulerExecuteActionLambdaPolicy\",\n config: {\n description: \"This policy enables access to cloudwatch event and lambda invocation\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionLambda\",\n Effect: \"Allow\",\n Action: [\"lambda:InvokeFunction\"],\n Resource: [\"*\"]\n },\n {\n Sid: \"PermissionDynamoDB\",\n Effect: \"Allow\",\n Action: [\"dynamodb:Query\", \"dynamodb:GetItem\", \"dynamodb:DeleteItem\"],\n Resource: [\n pulumi.interpolate`${core.primaryDynamodbTableArn}`,\n pulumi.interpolate`${core.primaryDynamodbTableArn}/*`\n ]\n }\n ]\n }\n }\n });\n}\n\nfunction createScheduleActionLambda(\n app: PulumiApp,\n executeLambda: pulumi.Output<aws.lambda.Function>,\n params: ScheduleActionParams\n) {\n const role = app.addResource(aws.iam.Role, {\n name: `${CREATE_RULE_LAMBDA}-role`,\n config: {\n assumeRolePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Action: \"sts:AssumeRole\",\n Principal: {\n Service: \"lambda.amazonaws.com\"\n },\n Effect: \"Allow\"\n }\n ]\n }\n }\n });\n\n const policy = createScheduleActionLambdaPolicy(app);\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${CREATE_RULE_LAMBDA}-role-policy-attachment`,\n config: {\n role: role.output,\n policyArn: policy.output.arn\n }\n });\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${CREATE_RULE_LAMBDA}-AWSLambdaBasicExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n }\n });\n\n const lambda = app.addResource(aws.lambda.Function, {\n name: CREATE_RULE_LAMBDA,\n config: {\n role: role.output.arn,\n runtime: \"nodejs14.x\",\n handler: \"handler.handler\",\n timeout: 60,\n memorySize: 128,\n description: \"Handle schedule action workflow in apw scheduler\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"apw/scheduleAction/build\")\n )\n }),\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n ...params.env,\n APW_SCHEDULER_EXECUTE_ACTION_HANDLER: executeLambda.arn\n // RULE_NAME: this.eventRule.name.apply(name => name),\n // RULE_TARGET_ID: this.eventTarget.targetId.apply(id => id)\n }))\n }\n }\n });\n\n return {\n role,\n policy,\n lambda\n };\n}\n\nfunction createScheduleActionLambdaPolicy(app: PulumiApp) {\n const core = app.getModule(CoreOutput);\n\n return app.addResource(aws.iam.Policy, {\n name: \"ApwSchedulerScheduleActionLambdaPolicy\",\n config: {\n description: \"This policy enables access to cloudwatch event and lambda invocation\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionLambda\",\n Effect: \"Allow\",\n Action: [\"lambda:InvokeFunction\"],\n Resource: [\"*\"]\n },\n {\n Sid: \"PermissionDynamoDB\",\n Effect: \"Allow\",\n Action: [\n \"dynamodb:PutItem\",\n \"dynamodb:Query\",\n \"dynamodb:GetItem\",\n \"dynamodb:UpdateItem\",\n \"dynamodb:DeleteItem\"\n ],\n Resource: [\n pulumi.interpolate`${core.primaryDynamodbTableArn}`,\n pulumi.interpolate`${core.primaryDynamodbTableArn}/*`\n ]\n },\n {\n Sid: \"PermissionEvents\",\n Effect: \"Allow\",\n Action: [\n \"events:DeleteRule\",\n \"events:PutTargets\",\n \"events:PutRule\",\n \"events:ListRules\",\n \"events:RemoveTargets\",\n \"events:ListTargetsByRule\"\n ],\n Resource: [\"*\"]\n }\n ]\n }\n }\n });\n}\n"],"mappings":";;;;;;;;;;;AAAA;;AACA;;AACA;;AACA;;AACA;;AACA;;;;;;;;;;AAMA,MAAMA,kBAAkB,GAAG,eAA3B;AACA,MAAMC,kBAAkB,GAAI,GAAED,kBAAmB,yBAAjD;AACA,MAAME,qBAAqB,GAAI,GAAEF,kBAAmB,wBAApD;AACA,MAAMG,eAAe,GAAI,GAAEH,kBAAmB,aAA9C;AACA,MAAMI,iBAAiB,GAAI,GAAEJ,kBAAmB,oBAAhD;AAIO,MAAMK,eAAe,GAAG,IAAAC,wBAAA,EAAgB;EAC3CC,IAAI,EAAE,iBADqC;;EAE3CC,MAAM,CAACC,GAAD,EAAiBC,MAAjB,EAA+C;IACjD,MAAMC,aAAa,GAAGC,yBAAyB,CAACH,GAAD,EAAMC,MAAN,CAA/C;IACA,MAAMG,cAAc,GAAGC,0BAA0B,CAACL,GAAD,EAAME,aAAa,CAACI,MAAd,CAAqBC,MAA3B,EAAmCN,MAAnC,CAAjD,CAFiD,CAIjD;;IACA,MAAMO,SAAS,GAAGR,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACC,UAAJ,CAAeC,SAA/B,EAA0C;MACxDd,IAAI,EAAEJ,eADkD;MAExDK,MAAM,EAAE;QACJc,WAAW,EAAG,iFADV;QAEJC,kBAAkB,EAAE,sBAFhB;QAGJC,SAAS,EAAE;MAHP;IAFgD,CAA1C,CAAlB,CALiD,CAcjD;;IACAf,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACJ,MAAJ,CAAWU,UAA3B,EAAuC;MACnClB,IAAI,EAAE,uBAD6B;MAEnCC,MAAM,EAAE;QACJkB,MAAM,EAAE,uBADJ;QAEJC,QAAQ,EAAEd,cAAc,CAACE,MAAf,CAAsBC,MAAtB,CAA6BY,GAFnC;QAGJC,SAAS,EAAE,sBAHP;QAIJC,WAAW,EAAE,uBAAuB3B;MAJhC;IAF2B,CAAvC,EAfiD,CAyBjD;;IACA,MAAM4B,WAAW,GAAGtB,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACC,UAAJ,CAAeY,WAA/B,EAA4C;MAC5DzB,IAAI,EAAEH,iBADsD;MAE5DI,MAAM,EAAE;QACJyB,IAAI,EAAEhB,SAAS,CAACD,MAAV,CAAiBT,IADnB;QAEJqB,GAAG,EAAEf,cAAc,CAACE,MAAf,CAAsBC,MAAtB,CAA6BY;MAF9B;IAFoD,CAA5C,CAApB;IAQA,OAAO;MACHjB,aADG;MAEHE,cAFG;MAGHI,SAHG;MAIHc;IAJG,CAAP;EAMH;;AA1C0C,CAAhB,CAAxB;;;AA6CP,SAASnB,yBAAT,CAAmCH,GAAnC,EAAmDC,MAAnD,EAAiF;EAC7E,MAAMwB,IAAI,GAAGzB,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACgB,GAAJ,CAAQC,IAAxB,EAA8B;IACvC7B,IAAI,EAAG,GAAEL,qBAAsB,OADQ;IAEvCM,MAAM,EAAE;MACJ6B,gBAAgB,EAAE;QACdC,OAAO,EAAE,YADK;QAEdC,SAAS,EAAE,CACP;UACIC,MAAM,EAAE,gBADZ;UAEIC,SAAS,EAAE;YACPC,OAAO,EAAE;UADF,CAFf;UAKIC,MAAM,EAAE;QALZ,CADO;MAFG;IADd;EAF+B,CAA9B,CAAb;EAkBA,MAAMC,MAAM,GAAGC,+BAA+B,CAACpC,GAAD,CAA9C;EAEAA,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACgB,GAAJ,CAAQW,oBAAxB,EAA8C;IAC1CvC,IAAI,EAAG,GAAEL,qBAAsB,yBADW;IAE1CM,MAAM,EAAE;MACJ0B,IAAI,EAAEA,IAAI,CAAClB,MADP;MAEJ+B,SAAS,EAAEH,MAAM,CAAC5B,MAAP,CAAcY;IAFrB;EAFkC,CAA9C;EAQAnB,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACgB,GAAJ,CAAQW,oBAAxB,EAA8C;IAC1CvC,IAAI,EAAG,GAAEL,qBAAsB,8BADW;IAE1CM,MAAM,EAAE;MACJ0B,IAAI,EAAEA,IAAI,CAAClB,MADP;MAEJ+B,SAAS,EAAE5B,GAAG,CAACgB,GAAJ,CAAQa,aAAR,CAAsBC;IAF7B;EAFkC,CAA9C;EAQA,MAAMlC,MAAM,GAAGN,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACJ,MAAJ,CAAWmC,QAA3B,EAAqC;IAChD3C,IAAI,EAAEL,qBAD0C;IAEhDM,MAAM,EAAE;MACJ0B,IAAI,EAAEA,IAAI,CAAClB,MAAL,CAAYY,GADd;MAEJuB,OAAO,EAAE,YAFL;MAGJC,OAAO,EAAE,iBAHL;MAIJC,OAAO,EAAE,EAJL;MAKJC,UAAU,EAAE,GALR;MAMJhC,WAAW,EAAE,iDANT;MAOJiC,IAAI,EAAE,IAAIC,MAAM,CAACC,KAAP,CAAaC,YAAjB,CAA8B;QAChC,KAAK,IAAIF,MAAM,CAACC,KAAP,CAAaE,WAAjB,CACDC,aAAA,CAAKC,IAAL,CAAUpD,GAAG,CAACqD,KAAJ,CAAUC,SAApB,EAA+B,yBAA/B,CADC;MAD2B,CAA9B,CAPF;MAYJC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAAA,IAA8BC,KAA9B,CAAoCC,KAAK,oCAC7CA,KAD6C,GAE7C1D,MAAM,CAAC2D,GAFsC,CAAzC;MADF;IAZT;EAFwC,CAArC,CAAf;EAuBA,OAAO;IACHnC,IADG;IAEHU,MAFG;IAGH7B;EAHG,CAAP;AAKH;;AAED,SAAS8B,+BAAT,CAAyCpC,GAAzC,EAAyD;EACrD,MAAM6D,IAAI,GAAG7D,GAAG,CAAC8D,SAAJ,CAAcC,kBAAd,CAAb;EAEA,OAAO/D,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACgB,GAAJ,CAAQsC,MAAxB,EAAgC;IACnClE,IAAI,EAAE,uCAD6B;IAEnCC,MAAM,EAAE;MACJc,WAAW,EAAE,sEADT;MAEJsB,MAAM,EAAE;QACJN,OAAO,EAAE,YADL;QAEJC,SAAS,EAAE,CACP;UACImC,GAAG,EAAE,kBADT;UAEI/B,MAAM,EAAE,OAFZ;UAGIH,MAAM,EAAE,CAAC,uBAAD,CAHZ;UAIImC,QAAQ,EAAE,CAAC,GAAD;QAJd,CADO,EAOP;UACID,GAAG,EAAE,oBADT;UAEI/B,MAAM,EAAE,OAFZ;UAGIH,MAAM,EAAE,CAAC,gBAAD,EAAmB,kBAAnB,EAAuC,qBAAvC,CAHZ;UAIImC,QAAQ,EAAE,CACNnB,MAAM,CAACoB,WAAY,GAAEN,IAAI,CAACO,uBAAwB,EAD5C,EAENrB,MAAM,CAACoB,WAAY,GAAEN,IAAI,CAACO,uBAAwB,IAF5C;QAJd,CAPO;MAFP;IAFJ;EAF2B,CAAhC,CAAP;AA0BH;;AAED,SAAS/D,0BAAT,CACIL,GADJ,EAEIqE,aAFJ,EAGIpE,MAHJ,EAIE;EACE,MAAMwB,IAAI,GAAGzB,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACgB,GAAJ,CAAQC,IAAxB,EAA8B;IACvC7B,IAAI,EAAG,GAAEN,kBAAmB,OADW;IAEvCO,MAAM,EAAE;MACJ6B,gBAAgB,EAAE;QACdC,OAAO,EAAE,YADK;QAEdC,SAAS,EAAE,CACP;UACIC,MAAM,EAAE,gBADZ;UAEIC,SAAS,EAAE;YACPC,OAAO,EAAE;UADF,CAFf;UAKIC,MAAM,EAAE;QALZ,CADO;MAFG;IADd;EAF+B,CAA9B,CAAb;EAkBA,MAAMC,MAAM,GAAGmC,gCAAgC,CAACtE,GAAD,CAA/C;EAEAA,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACgB,GAAJ,CAAQW,oBAAxB,EAA8C;IAC1CvC,IAAI,EAAG,GAAEN,kBAAmB,yBADc;IAE1CO,MAAM,EAAE;MACJ0B,IAAI,EAAEA,IAAI,CAAClB,MADP;MAEJ+B,SAAS,EAAEH,MAAM,CAAC5B,MAAP,CAAcY;IAFrB;EAFkC,CAA9C;EAQAnB,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACgB,GAAJ,CAAQW,oBAAxB,EAA8C;IAC1CvC,IAAI,EAAG,GAAEN,kBAAmB,8BADc;IAE1CO,MAAM,EAAE;MACJ0B,IAAI,EAAEA,IAAI,CAAClB,MADP;MAEJ+B,SAAS,EAAE5B,GAAG,CAACgB,GAAJ,CAAQa,aAAR,CAAsBC;IAF7B;EAFkC,CAA9C;EAQA,MAAMlC,MAAM,GAAGN,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACJ,MAAJ,CAAWmC,QAA3B,EAAqC;IAChD3C,IAAI,EAAEN,kBAD0C;IAEhDO,MAAM,EAAE;MACJ0B,IAAI,EAAEA,IAAI,CAAClB,MAAL,CAAYY,GADd;MAEJuB,OAAO,EAAE,YAFL;MAGJC,OAAO,EAAE,iBAHL;MAIJC,OAAO,EAAE,EAJL;MAKJC,UAAU,EAAE,GALR;MAMJhC,WAAW,EAAE,kDANT;MAOJiC,IAAI,EAAE,IAAIC,MAAM,CAACC,KAAP,CAAaC,YAAjB,CAA8B;QAChC,KAAK,IAAIF,MAAM,CAACC,KAAP,CAAaE,WAAjB,CACDC,aAAA,CAAKC,IAAL,CAAUpD,GAAG,CAACqD,KAAJ,CAAUC,SAApB,EAA+B,0BAA/B,CADC;MAD2B,CAA9B,CAPF;MAYJC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAAA,IAA8BC,KAA9B,CAAoCC,KAAK,kDAC7CA,KAD6C,GAE7C1D,MAAM,CAAC2D,GAFsC;UAGhDW,oCAAoC,EAAEF,aAAa,CAAClD,GAHJ,CAIhD;UACA;;QALgD,EAAzC;MADF;IAZT;EAFwC,CAArC,CAAf;EA0BA,OAAO;IACHM,IADG;IAEHU,MAFG;IAGH7B;EAHG,CAAP;AAKH;;AAED,SAASgE,gCAAT,CAA0CtE,GAA1C,EAA0D;EACtD,MAAM6D,IAAI,GAAG7D,GAAG,CAAC8D,SAAJ,CAAcC,kBAAd,CAAb;EAEA,OAAO/D,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACgB,GAAJ,CAAQsC,MAAxB,EAAgC;IACnClE,IAAI,EAAE,wCAD6B;IAEnCC,MAAM,EAAE;MACJc,WAAW,EAAE,sEADT;MAEJsB,MAAM,EAAE;QACJN,OAAO,EAAE,YADL;QAEJC,SAAS,EAAE,CACP;UACImC,GAAG,EAAE,kBADT;UAEI/B,MAAM,EAAE,OAFZ;UAGIH,MAAM,EAAE,CAAC,uBAAD,CAHZ;UAIImC,QAAQ,EAAE,CAAC,GAAD;QAJd,CADO,EAOP;UACID,GAAG,EAAE,oBADT;UAEI/B,MAAM,EAAE,OAFZ;UAGIH,MAAM,EAAE,CACJ,kBADI,EAEJ,gBAFI,EAGJ,kBAHI,EAIJ,qBAJI,EAKJ,qBALI,CAHZ;UAUImC,QAAQ,EAAE,CACNnB,MAAM,CAACoB,WAAY,GAAEN,IAAI,CAACO,uBAAwB,EAD5C,EAENrB,MAAM,CAACoB,WAAY,GAAEN,IAAI,CAACO,uBAAwB,IAF5C;QAVd,CAPO,EAsBP;UACIH,GAAG,EAAE,kBADT;UAEI/B,MAAM,EAAE,OAFZ;UAGIH,MAAM,EAAE,CACJ,mBADI,EAEJ,mBAFI,EAGJ,gBAHI,EAIJ,kBAJI,EAKJ,sBALI,EAMJ,0BANI,CAHZ;UAWImC,QAAQ,EAAE,CAAC,GAAD;QAXd,CAtBO;MAFP;IAFJ;EAF2B,CAAhC,CAAP;AA6CH"}
|
|
@@ -55,9 +55,9 @@ const ApiFileManager = (0, _pulumi2.createAppModule)({
|
|
|
55
55
|
}),
|
|
56
56
|
layers: [(0, _awsLayers.getLayerArn)("sharp")],
|
|
57
57
|
environment: {
|
|
58
|
-
variables:
|
|
58
|
+
variables: (0, _lambdaUtils.getCommonLambdaEnvVariables)().apply(value => _objectSpread(_objectSpread({}, value), {}, {
|
|
59
59
|
S3_BUCKET: core.fileManagerBucketId
|
|
60
|
-
})
|
|
60
|
+
}))
|
|
61
61
|
},
|
|
62
62
|
vpcConfig: app.getModule(_common.VpcConfig).functionVpcConfig
|
|
63
63
|
}
|
|
@@ -75,9 +75,9 @@ const ApiFileManager = (0, _pulumi2.createAppModule)({
|
|
|
75
75
|
".": new pulumi.asset.FileArchive(_path.default.join(app.paths.workspace, "fileManager/manage/build"))
|
|
76
76
|
}),
|
|
77
77
|
environment: {
|
|
78
|
-
variables:
|
|
78
|
+
variables: (0, _lambdaUtils.getCommonLambdaEnvVariables)().apply(value => _objectSpread(_objectSpread({}, value), {}, {
|
|
79
79
|
S3_BUCKET: core.fileManagerBucketId
|
|
80
|
-
})
|
|
80
|
+
}))
|
|
81
81
|
},
|
|
82
82
|
vpcConfig: app.getModule(_common.VpcConfig).functionVpcConfig
|
|
83
83
|
}
|
|
@@ -95,10 +95,10 @@ const ApiFileManager = (0, _pulumi2.createAppModule)({
|
|
|
95
95
|
".": new pulumi.asset.FileArchive(_path.default.join(app.paths.workspace, "fileManager/download/build"))
|
|
96
96
|
}),
|
|
97
97
|
environment: {
|
|
98
|
-
variables:
|
|
98
|
+
variables: (0, _lambdaUtils.getCommonLambdaEnvVariables)().apply(value => _objectSpread(_objectSpread({}, value), {}, {
|
|
99
99
|
S3_BUCKET: core.fileManagerBucketId,
|
|
100
100
|
IMAGE_TRANSFORMER_FUNCTION: transform.output.arn
|
|
101
|
-
})
|
|
101
|
+
}))
|
|
102
102
|
},
|
|
103
103
|
vpcConfig: app.getModule(_common.VpcConfig).functionVpcConfig
|
|
104
104
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["ApiFileManager","createAppModule","name","config","app","core","getModule","CoreOutput","policy","createFileManagerLambdaPolicy","role","createLambdaRole","output","transform","addResource","aws","lambda","Function","handler","timeout","runtime","memorySize","arn","description","code","pulumi","asset","AssetArchive","FileArchive","path","join","paths","workspace","layers","getLayerArn","environment","variables","getCommonLambdaEnvVariables","S3_BUCKET","fileManagerBucketId","vpcConfig","VpcConfig","functionVpcConfig","manage","download","IMAGE_TRANSFORMER_FUNCTION","manageS3LambdaPermission","Permission","action","function","principal","sourceArn","interpolate","opts","dependsOn","bucketNotification","s3","BucketNotification","bucket","lambdaFunctions","lambdaFunctionArn","events","functions","iam","Policy","Version","Statement","Sid","Effect","Action","Resource"],"sources":["ApiFileManager.ts"],"sourcesContent":["import path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// @ts-ignore\nimport { getLayerArn } from \"@webiny/aws-layers\";\nimport { createAppModule, PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\n\nimport { createLambdaRole, getCommonLambdaEnvVariables } from \"../lambdaUtils\";\nimport { CoreOutput, VpcConfig } from \"../common\";\n\nexport type ApiFileManager = PulumiAppModule<typeof ApiFileManager>;\n\nexport const ApiFileManager = createAppModule({\n name: \"ApiFileManager\",\n config(app: PulumiApp) {\n const core = app.getModule(CoreOutput);\n\n const policy = createFileManagerLambdaPolicy(app);\n const role = createLambdaRole(app, {\n name: \"fm-lambda-role\",\n policy: policy.output\n });\n\n const transform = app.addResource(aws.lambda.Function, {\n name: \"fm-image-transformer\",\n config: {\n handler: \"handler.handler\",\n timeout: 30,\n runtime: \"nodejs14.x\",\n memorySize: 1600,\n role: role.output.arn,\n description: \"Performs image optimization, resizing, etc.\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"fileManager/transform/build\")\n )\n }),\n layers: [getLayerArn(\"sharp\")],\n environment: {\n variables: {\n ...getCommonLambdaEnvVariables(),\n S3_BUCKET: core.fileManagerBucketId\n }\n },\n vpcConfig: app.getModule(VpcConfig).functionVpcConfig\n }\n });\n\n const manage = app.addResource(aws.lambda.Function, {\n name: \"fm-manage\",\n config: {\n role: role.output.arn,\n runtime: \"nodejs14.x\",\n handler: \"handler.handler\",\n timeout: 30,\n memorySize: 512,\n description: \"Triggered when a file is deleted.\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"fileManager/manage/build\")\n )\n }),\n environment: {\n variables: {\n ...getCommonLambdaEnvVariables(),\n S3_BUCKET: core.fileManagerBucketId\n }\n },\n vpcConfig: app.getModule(VpcConfig).functionVpcConfig\n }\n });\n\n const download = app.addResource(aws.lambda.Function, {\n name: \"fm-download\",\n config: {\n role: role.output.arn,\n runtime: \"nodejs14.x\",\n handler: \"handler.handler\",\n timeout: 30,\n memorySize: 512,\n description: \"Serves previously uploaded files.\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"fileManager/download/build\")\n )\n }),\n environment: {\n variables: {\n ...getCommonLambdaEnvVariables(),\n S3_BUCKET: core.fileManagerBucketId,\n IMAGE_TRANSFORMER_FUNCTION: transform.output.arn\n }\n },\n vpcConfig: app.getModule(VpcConfig).functionVpcConfig\n }\n });\n\n const manageS3LambdaPermission = app.addResource(aws.lambda.Permission, {\n name: \"fm-manage-s3-lambda-permission\",\n config: {\n action: \"lambda:InvokeFunction\",\n function: manage.output.arn,\n principal: \"s3.amazonaws.com\",\n sourceArn: pulumi.interpolate`arn:aws:s3:::${core.fileManagerBucketId}`\n },\n opts: {\n dependsOn: [manage.output]\n }\n });\n\n const bucketNotification = app.addResource(aws.s3.BucketNotification, {\n name: \"bucketNotification\",\n config: {\n bucket: core.fileManagerBucketId,\n lambdaFunctions: [\n {\n lambdaFunctionArn: manage.output.arn,\n events: [\"s3:ObjectRemoved:*\"]\n }\n ]\n },\n opts: {\n dependsOn: [manage.output, manageS3LambdaPermission.output]\n }\n });\n\n const functions = {\n transform,\n manage,\n download\n };\n\n return {\n functions,\n bucketNotification\n };\n }\n});\n\nfunction createFileManagerLambdaPolicy(app: PulumiApp) {\n const core = app.getModule(CoreOutput);\n\n return app.addResource(aws.iam.Policy, {\n name: \"FileManagerLambdaPolicy\",\n config: {\n description: \"This policy enables access to Lambda and S3\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionForLambda\",\n Effect: \"Allow\",\n Action: \"lambda:InvokeFunction\",\n Resource: \"*\"\n },\n {\n Sid: \"PermissionForS3\",\n Effect: \"Allow\",\n Action: \"s3:*\",\n Resource: pulumi.interpolate`arn:aws:s3:::${core.fileManagerBucketId}/*`\n }\n ]\n }\n }\n });\n}\n"],"mappings":";;;;;;;;;;;AAAA;;AACA;;AACA;;AAGA;;AACA;;AAEA;;AACA;;;;;;;;;;AAIO,MAAMA,cAAc,GAAG,IAAAC,wBAAA,EAAgB;EAC1CC,IAAI,EAAE,gBADoC;;EAE1CC,MAAM,CAACC,GAAD,EAAiB;IACnB,MAAMC,IAAI,GAAGD,GAAG,CAACE,SAAJ,CAAcC,kBAAd,CAAb;IAEA,MAAMC,MAAM,GAAGC,6BAA6B,CAACL,GAAD,CAA5C;IACA,MAAMM,IAAI,GAAG,IAAAC,6BAAA,EAAiBP,GAAjB,EAAsB;MAC/BF,IAAI,EAAE,gBADyB;MAE/BM,MAAM,EAAEA,MAAM,CAACI;IAFgB,CAAtB,CAAb;IAKA,MAAMC,SAAS,GAAGT,GAAG,CAACU,WAAJ,CAAgBC,GAAG,CAACC,MAAJ,CAAWC,QAA3B,EAAqC;MACnDf,IAAI,EAAE,sBAD6C;MAEnDC,MAAM,EAAE;QACJe,OAAO,EAAE,iBADL;QAEJC,OAAO,EAAE,EAFL;QAGJC,OAAO,EAAE,YAHL;QAIJC,UAAU,EAAE,IAJR;QAKJX,IAAI,EAAEA,IAAI,CAACE,MAAL,CAAYU,GALd;QAMJC,WAAW,EAAE,6CANT;QAOJC,IAAI,EAAE,IAAIC,MAAM,CAACC,KAAP,CAAaC,YAAjB,CAA8B;UAChC,KAAK,IAAIF,MAAM,CAACC,KAAP,CAAaE,WAAjB,CACDC,aAAA,CAAKC,IAAL,CAAU1B,GAAG,CAAC2B,KAAJ,CAAUC,SAApB,EAA+B,6BAA/B,CADC;QAD2B,CAA9B,CAPF;QAYJC,MAAM,EAAE,CAAC,IAAAC,sBAAA,EAAY,OAAZ,CAAD,CAZJ;QAaJC,WAAW,EAAE;UACTC,SAAS,kCACF,IAAAC,wCAAA,GADE;YAELC,SAAS,EAAEjC,IAAI,CAACkC;UAFX;QADA,CAbT;QAmBJC,SAAS,EAAEpC,GAAG,CAACE,SAAJ,CAAcmC,iBAAd,EAAyBC;MAnBhC;IAF2C,CAArC,CAAlB;IAyBA,MAAMC,MAAM,GAAGvC,GAAG,CAACU,WAAJ,CAAgBC,GAAG,CAACC,MAAJ,CAAWC,QAA3B,EAAqC;MAChDf,IAAI,EAAE,WAD0C;MAEhDC,MAAM,EAAE;QACJO,IAAI,EAAEA,IAAI,CAACE,MAAL,CAAYU,GADd;QAEJF,OAAO,EAAE,YAFL;QAGJF,OAAO,EAAE,iBAHL;QAIJC,OAAO,EAAE,EAJL;QAKJE,UAAU,EAAE,GALR;QAMJE,WAAW,EAAE,mCANT;QAOJC,IAAI,EAAE,IAAIC,MAAM,CAACC,KAAP,CAAaC,YAAjB,CAA8B;UAChC,KAAK,IAAIF,MAAM,CAACC,KAAP,CAAaE,WAAjB,CACDC,aAAA,CAAKC,IAAL,CAAU1B,GAAG,CAAC2B,KAAJ,CAAUC,SAApB,EAA+B,0BAA/B,CADC;QAD2B,CAA9B,CAPF;QAYJG,WAAW,EAAE;UACTC,SAAS,kCACF,IAAAC,wCAAA,GADE;YAELC,SAAS,EAAEjC,IAAI,CAACkC;UAFX;QADA,CAZT;QAkBJC,SAAS,EAAEpC,GAAG,CAACE,SAAJ,CAAcmC,iBAAd,EAAyBC;MAlBhC;IAFwC,CAArC,CAAf;IAwBA,MAAME,QAAQ,GAAGxC,GAAG,CAACU,WAAJ,CAAgBC,GAAG,CAACC,MAAJ,CAAWC,QAA3B,EAAqC;MAClDf,IAAI,EAAE,aAD4C;MAElDC,MAAM,EAAE;QACJO,IAAI,EAAEA,IAAI,CAACE,MAAL,CAAYU,GADd;QAEJF,OAAO,EAAE,YAFL;QAGJF,OAAO,EAAE,iBAHL;QAIJC,OAAO,EAAE,EAJL;QAKJE,UAAU,EAAE,GALR;QAMJE,WAAW,EAAE,mCANT;QAOJC,IAAI,EAAE,IAAIC,MAAM,CAACC,KAAP,CAAaC,YAAjB,CAA8B;UAChC,KAAK,IAAIF,MAAM,CAACC,KAAP,CAAaE,WAAjB,CACDC,aAAA,CAAKC,IAAL,CAAU1B,GAAG,CAAC2B,KAAJ,CAAUC,SAApB,EAA+B,4BAA/B,CADC;QAD2B,CAA9B,CAPF;QAYJG,WAAW,EAAE;UACTC,SAAS,kCACF,IAAAC,wCAAA,GADE;YAELC,SAAS,EAAEjC,IAAI,CAACkC,mBAFX;YAGLM,0BAA0B,EAAEhC,SAAS,CAACD,MAAV,CAAiBU;UAHxC;QADA,CAZT;QAmBJkB,SAAS,EAAEpC,GAAG,CAACE,SAAJ,CAAcmC,iBAAd,EAAyBC;MAnBhC;IAF0C,CAArC,CAAjB;IAyBA,MAAMI,wBAAwB,GAAG1C,GAAG,CAACU,WAAJ,CAAgBC,GAAG,CAACC,MAAJ,CAAW+B,UAA3B,EAAuC;MACpE7C,IAAI,EAAE,gCAD8D;MAEpEC,MAAM,EAAE;QACJ6C,MAAM,EAAE,uBADJ;QAEJC,QAAQ,EAAEN,MAAM,CAAC/B,MAAP,CAAcU,GAFpB;QAGJ4B,SAAS,EAAE,kBAHP;QAIJC,SAAS,EAAE1B,MAAM,CAAC2B,WAAY,gBAAe/C,IAAI,CAACkC,mBAAoB;MAJlE,CAF4D;MAQpEc,IAAI,EAAE;QACFC,SAAS,EAAE,CAACX,MAAM,CAAC/B,MAAR;MADT;IAR8D,CAAvC,CAAjC;IAaA,MAAM2C,kBAAkB,GAAGnD,GAAG,CAACU,WAAJ,CAAgBC,GAAG,CAACyC,EAAJ,CAAOC,kBAAvB,EAA2C;MAClEvD,IAAI,EAAE,oBAD4D;MAElEC,MAAM,EAAE;QACJuD,MAAM,EAAErD,IAAI,CAACkC,mBADT;QAEJoB,eAAe,EAAE,CACb;UACIC,iBAAiB,EAAEjB,MAAM,CAAC/B,MAAP,CAAcU,GADrC;UAEIuC,MAAM,EAAE,CAAC,oBAAD;QAFZ,CADa;MAFb,CAF0D;MAWlER,IAAI,EAAE;QACFC,SAAS,EAAE,CAACX,MAAM,CAAC/B,MAAR,EAAgBkC,wBAAwB,CAAClC,MAAzC;MADT;IAX4D,CAA3C,CAA3B;IAgBA,MAAMkD,SAAS,GAAG;MACdjD,SADc;MAEd8B,MAFc;MAGdC;IAHc,CAAlB;IAMA,OAAO;MACHkB,SADG;MAEHP;IAFG,CAAP;EAIH;;AA5HyC,CAAhB,CAAvB;;;AA+HP,SAAS9C,6BAAT,CAAuCL,GAAvC,EAAuD;EACnD,MAAMC,IAAI,GAAGD,GAAG,CAACE,SAAJ,CAAcC,kBAAd,CAAb;EAEA,OAAOH,GAAG,CAACU,WAAJ,CAAgBC,GAAG,CAACgD,GAAJ,CAAQC,MAAxB,EAAgC;IACnC9D,IAAI,EAAE,yBAD6B;IAEnCC,MAAM,EAAE;MACJoB,WAAW,EAAE,6CADT;MAEJf,MAAM,EAAE;QACJyD,OAAO,EAAE,YADL;QAEJC,SAAS,EAAE,CACP;UACIC,GAAG,EAAE,qBADT;UAEIC,MAAM,EAAE,OAFZ;UAGIC,MAAM,EAAE,uBAHZ;UAIIC,QAAQ,EAAE;QAJd,CADO,EAOP;UACIH,GAAG,EAAE,iBADT;UAEIC,MAAM,EAAE,OAFZ;UAGIC,MAAM,EAAE,MAHZ;UAIIC,QAAQ,EAAE7C,MAAM,CAAC2B,WAAY,gBAAe/C,IAAI,CAACkC,mBAAoB;QAJzE,CAPO;MAFP;IAFJ;EAF2B,CAAhC,CAAP;AAuBH"}
|
|
1
|
+
{"version":3,"names":["ApiFileManager","createAppModule","name","config","app","core","getModule","CoreOutput","policy","createFileManagerLambdaPolicy","role","createLambdaRole","output","transform","addResource","aws","lambda","Function","handler","timeout","runtime","memorySize","arn","description","code","pulumi","asset","AssetArchive","FileArchive","path","join","paths","workspace","layers","getLayerArn","environment","variables","getCommonLambdaEnvVariables","apply","value","S3_BUCKET","fileManagerBucketId","vpcConfig","VpcConfig","functionVpcConfig","manage","download","IMAGE_TRANSFORMER_FUNCTION","manageS3LambdaPermission","Permission","action","function","principal","sourceArn","interpolate","opts","dependsOn","bucketNotification","s3","BucketNotification","bucket","lambdaFunctions","lambdaFunctionArn","events","functions","iam","Policy","Version","Statement","Sid","Effect","Action","Resource"],"sources":["ApiFileManager.ts"],"sourcesContent":["import path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// @ts-ignore\nimport { getLayerArn } from \"@webiny/aws-layers\";\nimport { createAppModule, PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\n\nimport { createLambdaRole, getCommonLambdaEnvVariables } from \"../lambdaUtils\";\nimport { CoreOutput, VpcConfig } from \"../common\";\n\nexport type ApiFileManager = PulumiAppModule<typeof ApiFileManager>;\n\nexport const ApiFileManager = createAppModule({\n name: \"ApiFileManager\",\n config(app: PulumiApp) {\n const core = app.getModule(CoreOutput);\n\n const policy = createFileManagerLambdaPolicy(app);\n const role = createLambdaRole(app, {\n name: \"fm-lambda-role\",\n policy: policy.output\n });\n\n const transform = app.addResource(aws.lambda.Function, {\n name: \"fm-image-transformer\",\n config: {\n handler: \"handler.handler\",\n timeout: 30,\n runtime: \"nodejs14.x\",\n memorySize: 1600,\n role: role.output.arn,\n description: \"Performs image optimization, resizing, etc.\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"fileManager/transform/build\")\n )\n }),\n layers: [getLayerArn(\"sharp\")],\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n S3_BUCKET: core.fileManagerBucketId\n }))\n },\n vpcConfig: app.getModule(VpcConfig).functionVpcConfig\n }\n });\n\n const manage = app.addResource(aws.lambda.Function, {\n name: \"fm-manage\",\n config: {\n role: role.output.arn,\n runtime: \"nodejs14.x\",\n handler: \"handler.handler\",\n timeout: 30,\n memorySize: 512,\n description: \"Triggered when a file is deleted.\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"fileManager/manage/build\")\n )\n }),\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n S3_BUCKET: core.fileManagerBucketId\n }))\n },\n vpcConfig: app.getModule(VpcConfig).functionVpcConfig\n }\n });\n\n const download = app.addResource(aws.lambda.Function, {\n name: \"fm-download\",\n config: {\n role: role.output.arn,\n runtime: \"nodejs14.x\",\n handler: \"handler.handler\",\n timeout: 30,\n memorySize: 512,\n description: \"Serves previously uploaded files.\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"fileManager/download/build\")\n )\n }),\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n S3_BUCKET: core.fileManagerBucketId,\n IMAGE_TRANSFORMER_FUNCTION: transform.output.arn\n }))\n },\n vpcConfig: app.getModule(VpcConfig).functionVpcConfig\n }\n });\n\n const manageS3LambdaPermission = app.addResource(aws.lambda.Permission, {\n name: \"fm-manage-s3-lambda-permission\",\n config: {\n action: \"lambda:InvokeFunction\",\n function: manage.output.arn,\n principal: \"s3.amazonaws.com\",\n sourceArn: pulumi.interpolate`arn:aws:s3:::${core.fileManagerBucketId}`\n },\n opts: {\n dependsOn: [manage.output]\n }\n });\n\n const bucketNotification = app.addResource(aws.s3.BucketNotification, {\n name: \"bucketNotification\",\n config: {\n bucket: core.fileManagerBucketId,\n lambdaFunctions: [\n {\n lambdaFunctionArn: manage.output.arn,\n events: [\"s3:ObjectRemoved:*\"]\n }\n ]\n },\n opts: {\n dependsOn: [manage.output, manageS3LambdaPermission.output]\n }\n });\n\n const functions = {\n transform,\n manage,\n download\n };\n\n return {\n functions,\n bucketNotification\n };\n }\n});\n\nfunction createFileManagerLambdaPolicy(app: PulumiApp) {\n const core = app.getModule(CoreOutput);\n\n return app.addResource(aws.iam.Policy, {\n name: \"FileManagerLambdaPolicy\",\n config: {\n description: \"This policy enables access to Lambda and S3\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionForLambda\",\n Effect: \"Allow\",\n Action: \"lambda:InvokeFunction\",\n Resource: \"*\"\n },\n {\n Sid: \"PermissionForS3\",\n Effect: \"Allow\",\n Action: \"s3:*\",\n Resource: pulumi.interpolate`arn:aws:s3:::${core.fileManagerBucketId}/*`\n }\n ]\n }\n }\n });\n}\n"],"mappings":";;;;;;;;;;;AAAA;;AACA;;AACA;;AAGA;;AACA;;AAEA;;AACA;;;;;;;;;;AAIO,MAAMA,cAAc,GAAG,IAAAC,wBAAA,EAAgB;EAC1CC,IAAI,EAAE,gBADoC;;EAE1CC,MAAM,CAACC,GAAD,EAAiB;IACnB,MAAMC,IAAI,GAAGD,GAAG,CAACE,SAAJ,CAAcC,kBAAd,CAAb;IAEA,MAAMC,MAAM,GAAGC,6BAA6B,CAACL,GAAD,CAA5C;IACA,MAAMM,IAAI,GAAG,IAAAC,6BAAA,EAAiBP,GAAjB,EAAsB;MAC/BF,IAAI,EAAE,gBADyB;MAE/BM,MAAM,EAAEA,MAAM,CAACI;IAFgB,CAAtB,CAAb;IAKA,MAAMC,SAAS,GAAGT,GAAG,CAACU,WAAJ,CAAgBC,GAAG,CAACC,MAAJ,CAAWC,QAA3B,EAAqC;MACnDf,IAAI,EAAE,sBAD6C;MAEnDC,MAAM,EAAE;QACJe,OAAO,EAAE,iBADL;QAEJC,OAAO,EAAE,EAFL;QAGJC,OAAO,EAAE,YAHL;QAIJC,UAAU,EAAE,IAJR;QAKJX,IAAI,EAAEA,IAAI,CAACE,MAAL,CAAYU,GALd;QAMJC,WAAW,EAAE,6CANT;QAOJC,IAAI,EAAE,IAAIC,MAAM,CAACC,KAAP,CAAaC,YAAjB,CAA8B;UAChC,KAAK,IAAIF,MAAM,CAACC,KAAP,CAAaE,WAAjB,CACDC,aAAA,CAAKC,IAAL,CAAU1B,GAAG,CAAC2B,KAAJ,CAAUC,SAApB,EAA+B,6BAA/B,CADC;QAD2B,CAA9B,CAPF;QAYJC,MAAM,EAAE,CAAC,IAAAC,sBAAA,EAAY,OAAZ,CAAD,CAZJ;QAaJC,WAAW,EAAE;UACTC,SAAS,EAAE,IAAAC,wCAAA,IAA8BC,KAA9B,CAAoCC,KAAK,oCAC7CA,KAD6C;YAEhDC,SAAS,EAAEnC,IAAI,CAACoC;UAFgC,EAAzC;QADF,CAbT;QAmBJC,SAAS,EAAEtC,GAAG,CAACE,SAAJ,CAAcqC,iBAAd,EAAyBC;MAnBhC;IAF2C,CAArC,CAAlB;IAyBA,MAAMC,MAAM,GAAGzC,GAAG,CAACU,WAAJ,CAAgBC,GAAG,CAACC,MAAJ,CAAWC,QAA3B,EAAqC;MAChDf,IAAI,EAAE,WAD0C;MAEhDC,MAAM,EAAE;QACJO,IAAI,EAAEA,IAAI,CAACE,MAAL,CAAYU,GADd;QAEJF,OAAO,EAAE,YAFL;QAGJF,OAAO,EAAE,iBAHL;QAIJC,OAAO,EAAE,EAJL;QAKJE,UAAU,EAAE,GALR;QAMJE,WAAW,EAAE,mCANT;QAOJC,IAAI,EAAE,IAAIC,MAAM,CAACC,KAAP,CAAaC,YAAjB,CAA8B;UAChC,KAAK,IAAIF,MAAM,CAACC,KAAP,CAAaE,WAAjB,CACDC,aAAA,CAAKC,IAAL,CAAU1B,GAAG,CAAC2B,KAAJ,CAAUC,SAApB,EAA+B,0BAA/B,CADC;QAD2B,CAA9B,CAPF;QAYJG,WAAW,EAAE;UACTC,SAAS,EAAE,IAAAC,wCAAA,IAA8BC,KAA9B,CAAoCC,KAAK,oCAC7CA,KAD6C;YAEhDC,SAAS,EAAEnC,IAAI,CAACoC;UAFgC,EAAzC;QADF,CAZT;QAkBJC,SAAS,EAAEtC,GAAG,CAACE,SAAJ,CAAcqC,iBAAd,EAAyBC;MAlBhC;IAFwC,CAArC,CAAf;IAwBA,MAAME,QAAQ,GAAG1C,GAAG,CAACU,WAAJ,CAAgBC,GAAG,CAACC,MAAJ,CAAWC,QAA3B,EAAqC;MAClDf,IAAI,EAAE,aAD4C;MAElDC,MAAM,EAAE;QACJO,IAAI,EAAEA,IAAI,CAACE,MAAL,CAAYU,GADd;QAEJF,OAAO,EAAE,YAFL;QAGJF,OAAO,EAAE,iBAHL;QAIJC,OAAO,EAAE,EAJL;QAKJE,UAAU,EAAE,GALR;QAMJE,WAAW,EAAE,mCANT;QAOJC,IAAI,EAAE,IAAIC,MAAM,CAACC,KAAP,CAAaC,YAAjB,CAA8B;UAChC,KAAK,IAAIF,MAAM,CAACC,KAAP,CAAaE,WAAjB,CACDC,aAAA,CAAKC,IAAL,CAAU1B,GAAG,CAAC2B,KAAJ,CAAUC,SAApB,EAA+B,4BAA/B,CADC;QAD2B,CAA9B,CAPF;QAYJG,WAAW,EAAE;UACTC,SAAS,EAAE,IAAAC,wCAAA,IAA8BC,KAA9B,CAAoCC,KAAK,oCAC7CA,KAD6C;YAEhDC,SAAS,EAAEnC,IAAI,CAACoC,mBAFgC;YAGhDM,0BAA0B,EAAElC,SAAS,CAACD,MAAV,CAAiBU;UAHG,EAAzC;QADF,CAZT;QAmBJoB,SAAS,EAAEtC,GAAG,CAACE,SAAJ,CAAcqC,iBAAd,EAAyBC;MAnBhC;IAF0C,CAArC,CAAjB;IAyBA,MAAMI,wBAAwB,GAAG5C,GAAG,CAACU,WAAJ,CAAgBC,GAAG,CAACC,MAAJ,CAAWiC,UAA3B,EAAuC;MACpE/C,IAAI,EAAE,gCAD8D;MAEpEC,MAAM,EAAE;QACJ+C,MAAM,EAAE,uBADJ;QAEJC,QAAQ,EAAEN,MAAM,CAACjC,MAAP,CAAcU,GAFpB;QAGJ8B,SAAS,EAAE,kBAHP;QAIJC,SAAS,EAAE5B,MAAM,CAAC6B,WAAY,gBAAejD,IAAI,CAACoC,mBAAoB;MAJlE,CAF4D;MAQpEc,IAAI,EAAE;QACFC,SAAS,EAAE,CAACX,MAAM,CAACjC,MAAR;MADT;IAR8D,CAAvC,CAAjC;IAaA,MAAM6C,kBAAkB,GAAGrD,GAAG,CAACU,WAAJ,CAAgBC,GAAG,CAAC2C,EAAJ,CAAOC,kBAAvB,EAA2C;MAClEzD,IAAI,EAAE,oBAD4D;MAElEC,MAAM,EAAE;QACJyD,MAAM,EAAEvD,IAAI,CAACoC,mBADT;QAEJoB,eAAe,EAAE,CACb;UACIC,iBAAiB,EAAEjB,MAAM,CAACjC,MAAP,CAAcU,GADrC;UAEIyC,MAAM,EAAE,CAAC,oBAAD;QAFZ,CADa;MAFb,CAF0D;MAWlER,IAAI,EAAE;QACFC,SAAS,EAAE,CAACX,MAAM,CAACjC,MAAR,EAAgBoC,wBAAwB,CAACpC,MAAzC;MADT;IAX4D,CAA3C,CAA3B;IAgBA,MAAMoD,SAAS,GAAG;MACdnD,SADc;MAEdgC,MAFc;MAGdC;IAHc,CAAlB;IAMA,OAAO;MACHkB,SADG;MAEHP;IAFG,CAAP;EAIH;;AA5HyC,CAAhB,CAAvB;;;AA+HP,SAAShD,6BAAT,CAAuCL,GAAvC,EAAuD;EACnD,MAAMC,IAAI,GAAGD,GAAG,CAACE,SAAJ,CAAcC,kBAAd,CAAb;EAEA,OAAOH,GAAG,CAACU,WAAJ,CAAgBC,GAAG,CAACkD,GAAJ,CAAQC,MAAxB,EAAgC;IACnChE,IAAI,EAAE,yBAD6B;IAEnCC,MAAM,EAAE;MACJoB,WAAW,EAAE,6CADT;MAEJf,MAAM,EAAE;QACJ2D,OAAO,EAAE,YADL;QAEJC,SAAS,EAAE,CACP;UACIC,GAAG,EAAE,qBADT;UAEIC,MAAM,EAAE,OAFZ;UAGIC,MAAM,EAAE,uBAHZ;UAIIC,QAAQ,EAAE;QAJd,CADO,EAOP;UACIH,GAAG,EAAE,iBADT;UAEIC,MAAM,EAAE,OAFZ;UAGIC,MAAM,EAAE,MAHZ;UAIIC,QAAQ,EAAE/C,MAAM,CAAC6B,WAAY,gBAAejD,IAAI,CAACoC,mBAAoB;QAJzE,CAPO;MAFP;IAFJ;EAF2B,CAAhC,CAAP;AAuBH"}
|
package/apps/api/ApiGraphql.d.ts
CHANGED
|
@@ -1,7 +1,10 @@
|
|
|
1
|
+
import * as pulumi from "@pulumi/pulumi";
|
|
1
2
|
import * as aws from "@pulumi/aws";
|
|
2
3
|
import { PulumiAppModule } from "@webiny/pulumi";
|
|
3
4
|
interface GraphqlParams {
|
|
4
5
|
env: Record<string, any>;
|
|
6
|
+
apwSchedulerEventRule: pulumi.Output<aws.cloudwatch.EventRule>;
|
|
7
|
+
apwSchedulerEventTarget: pulumi.Output<aws.cloudwatch.EventTarget>;
|
|
5
8
|
}
|
|
6
9
|
export declare type ApiGraphql = PulumiAppModule<typeof ApiGraphql>;
|
|
7
10
|
export declare const ApiGraphql: import("@webiny/pulumi").PulumiAppModuleDefinition<{
|
package/apps/api/ApiGraphql.js
CHANGED
|
@@ -35,6 +35,7 @@ const ApiGraphql = (0, _pulumi2.createAppModule)({
|
|
|
35
35
|
name: "ApiGraphql",
|
|
36
36
|
|
|
37
37
|
config(app, params) {
|
|
38
|
+
const core = app.getModule(_.CoreOutput);
|
|
38
39
|
const policy = createGraphqlLambdaPolicy(app);
|
|
39
40
|
const role = (0, _lambdaUtils.createLambdaRole)(app, {
|
|
40
41
|
name: "api-lambda-role",
|
|
@@ -52,13 +53,35 @@ const ApiGraphql = (0, _pulumi2.createAppModule)({
|
|
|
52
53
|
".": new pulumi.asset.FileArchive(_path.default.join(app.paths.workspace, "graphql/build"))
|
|
53
54
|
}),
|
|
54
55
|
environment: {
|
|
55
|
-
variables: _objectSpread(_objectSpread(_objectSpread({},
|
|
56
|
+
variables: (0, _lambdaUtils.getCommonLambdaEnvVariables)().apply(value => _objectSpread(_objectSpread(_objectSpread({}, value), params.env), {}, {
|
|
56
57
|
AWS_NODEJS_CONNECTION_REUSE_ENABLED: "1"
|
|
57
|
-
})
|
|
58
|
+
}))
|
|
58
59
|
},
|
|
59
60
|
vpcConfig: app.getModule(_.VpcConfig).functionVpcConfig
|
|
60
61
|
}
|
|
61
62
|
});
|
|
63
|
+
/**
|
|
64
|
+
* Store meta information like "mainGraphqlFunctionArn" in APW settings at deploy time.
|
|
65
|
+
*
|
|
66
|
+
* Note: We can't pass "mainGraphqlFunctionArn" as env variable due to circular dependency between
|
|
67
|
+
* "graphql" lambda and "api-apw-scheduler-execute-action" lambda.
|
|
68
|
+
*/
|
|
69
|
+
|
|
70
|
+
app.addResource(aws.dynamodb.TableItem, {
|
|
71
|
+
name: "apwSettings",
|
|
72
|
+
config: {
|
|
73
|
+
tableName: core.primaryDynamodbTableName,
|
|
74
|
+
hashKey: core.primaryDynamodbTableHashKey,
|
|
75
|
+
rangeKey: pulumi.output(core.primaryDynamodbTableRangeKey).apply(key => key || "SK"),
|
|
76
|
+
item: pulumi.interpolate`{
|
|
77
|
+
"PK": {"S": "APW#SETTINGS"},
|
|
78
|
+
"SK": {"S": "${app.params.run.variant || "A"}"},
|
|
79
|
+
"mainGraphqlFunctionArn": {"S": "${graphql.output.arn}"},
|
|
80
|
+
"eventRuleName": {"S": "${params.apwSchedulerEventRule.name}"},
|
|
81
|
+
"eventTargetId": {"S": "${params.apwSchedulerEventTarget.targetId}"}
|
|
82
|
+
}`
|
|
83
|
+
}
|
|
84
|
+
});
|
|
62
85
|
return {
|
|
63
86
|
role,
|
|
64
87
|
policy,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["ApiGraphql","createAppModule","name","config","app","params","policy","createGraphqlLambdaPolicy","role","createLambdaRole","output","graphql","addResource","aws","lambda","Function","runtime","handler","arn","timeout","memorySize","code","pulumi","asset","AssetArchive","FileArchive","path","join","paths","workspace","environment","variables","getCommonLambdaEnvVariables","env","AWS_NODEJS_CONNECTION_REUSE_ENABLED","vpcConfig","getModule","VpcConfig","functionVpcConfig","functions","coreOutput","CoreOutput","awsAccountId","getAwsAccountId","awsRegion","getAwsRegion","iam","Policy","description","apply","core","Version","Statement","Sid","Effect","Action","Resource","primaryDynamodbTableArn","elasticsearchDynamodbTableArn","fileManagerBucketId","interpolate","cognitoUserPoolArn","eventBusArn","elasticsearchDomainArn"],"sources":["ApiGraphql.ts"],"sourcesContent":["import path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nimport { createAppModule, PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\nimport { createLambdaRole, getCommonLambdaEnvVariables } from \"../lambdaUtils\";\nimport { CoreOutput, VpcConfig } from \"~/apps\";\nimport { getAwsAccountId, getAwsRegion } from \"../awsUtils\";\n\ninterface GraphqlParams {\n env: Record<string, any>;\n}\n\nexport type ApiGraphql = PulumiAppModule<typeof ApiGraphql>;\n\nexport const ApiGraphql = createAppModule({\n name: \"ApiGraphql\",\n config(app: PulumiApp, params: GraphqlParams) {\n const policy = createGraphqlLambdaPolicy(app);\n const role = createLambdaRole(app, {\n name: \"api-lambda-role\",\n policy: policy.output\n });\n\n const graphql = app.addResource(aws.lambda.Function, {\n name: \"graphql\",\n config: {\n runtime: \"nodejs14.x\",\n handler: \"handler.handler\",\n role: role.output.arn,\n timeout: 30,\n memorySize: 512,\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"graphql/build\")\n )\n }),\n environment: {\n variables: {\n ...getCommonLambdaEnvVariables(),\n ...params.env,\n AWS_NODEJS_CONNECTION_REUSE_ENABLED: \"1\"\n }\n },\n vpcConfig: app.getModule(VpcConfig).functionVpcConfig\n }\n });\n\n return {\n role,\n policy,\n functions: {\n graphql\n }\n };\n }\n});\n\nfunction createGraphqlLambdaPolicy(app: PulumiApp) {\n const coreOutput = app.getModule(CoreOutput);\n const awsAccountId = getAwsAccountId(app);\n const awsRegion = getAwsRegion(app);\n\n return app.addResource(aws.iam.Policy, {\n name: \"ApiGraphqlLambdaPolicy\",\n config: {\n description: \"This policy enables access to Dynamodb, S3, Lambda and Cognito IDP\",\n // Core is pulumi.Output, so we need to run apply() to resolve policy based on it\n policy: coreOutput.apply(core => {\n const policy: aws.iam.PolicyDocument = {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionForDynamodb\",\n Effect: \"Allow\",\n Action: [\n \"dynamodb:BatchGetItem\",\n \"dynamodb:BatchWriteItem\",\n \"dynamodb:ConditionCheckItem\",\n \"dynamodb:CreateBackup\",\n \"dynamodb:CreateTable\",\n \"dynamodb:CreateTableReplica\",\n \"dynamodb:DeleteBackup\",\n \"dynamodb:DeleteItem\",\n \"dynamodb:DeleteTable\",\n \"dynamodb:DeleteTableReplica\",\n \"dynamodb:DescribeBackup\",\n \"dynamodb:DescribeContinuousBackups\",\n \"dynamodb:DescribeContributorInsights\",\n \"dynamodb:DescribeExport\",\n \"dynamodb:DescribeKinesisStreamingDestination\",\n \"dynamodb:DescribeLimits\",\n \"dynamodb:DescribeReservedCapacity\",\n \"dynamodb:DescribeReservedCapacityOfferings\",\n \"dynamodb:DescribeStream\",\n \"dynamodb:DescribeTable\",\n \"dynamodb:DescribeTableReplicaAutoScaling\",\n \"dynamodb:DescribeTimeToLive\",\n \"dynamodb:DisableKinesisStreamingDestination\",\n \"dynamodb:EnableKinesisStreamingDestination\",\n \"dynamodb:ExportTableToPointInTime\",\n \"dynamodb:GetItem\",\n \"dynamodb:GetRecords\",\n \"dynamodb:GetShardIterator\",\n \"dynamodb:ListBackups\",\n \"dynamodb:ListContributorInsights\",\n \"dynamodb:ListExports\",\n \"dynamodb:ListStreams\",\n \"dynamodb:ListTables\",\n \"dynamodb:ListTagsOfResource\",\n \"dynamodb:PartiQLDelete\",\n \"dynamodb:PartiQLInsert\",\n \"dynamodb:PartiQLSelect\",\n \"dynamodb:PartiQLUpdate\",\n \"dynamodb:PurchaseReservedCapacityOfferings\",\n \"dynamodb:PutItem\",\n \"dynamodb:Query\",\n \"dynamodb:RestoreTableFromBackup\",\n \"dynamodb:RestoreTableToPointInTime\",\n \"dynamodb:Scan\",\n \"dynamodb:UpdateContinuousBackups\",\n \"dynamodb:UpdateContributorInsights\",\n \"dynamodb:UpdateItem\",\n \"dynamodb:UpdateTable\",\n \"dynamodb:UpdateTableReplicaAutoScaling\",\n \"dynamodb:UpdateTimeToLive\"\n ],\n Resource: [\n `${core.primaryDynamodbTableArn}`,\n `${core.primaryDynamodbTableArn}/*`,\n // Attach permissions for elastic search dynamo as well (if ES is enabled).\n ...(core.elasticsearchDynamodbTableArn\n ? [\n `${core.elasticsearchDynamodbTableArn}`,\n `${core.elasticsearchDynamodbTableArn}/*`\n ]\n : [])\n ]\n },\n {\n Sid: \"PermissionForS3\",\n Effect: \"Allow\",\n Action: [\n \"s3:GetObjectAcl\",\n \"s3:DeleteObject\",\n \"s3:PutObjectAcl\",\n \"s3:PutObject\",\n \"s3:GetObject\"\n ],\n Resource: `arn:aws:s3:::${core.fileManagerBucketId}/*`\n },\n {\n Sid: \"PermissionForLambda\",\n Effect: \"Allow\",\n Action: [\"lambda:InvokeFunction\"],\n Resource: pulumi.interpolate`arn:aws:lambda:${awsRegion}:${awsAccountId}:function:*`\n },\n {\n Sid: \"PermissionForCognitoIdp\",\n Effect: \"Allow\",\n Action: \"cognito-idp:*\",\n Resource: `${core.cognitoUserPoolArn}`\n },\n {\n Sid: \"PermissionForEventBus\",\n Effect: \"Allow\",\n Action: \"events:PutEvents\",\n Resource: core.eventBusArn\n },\n // Attach permissions for elastic search domain as well (if ES is enabled).\n ...(core.elasticsearchDomainArn\n ? [\n {\n Sid: \"PermissionForES\",\n Effect: \"Allow\" as const,\n Action: \"es:*\",\n Resource: [\n `${core.elasticsearchDomainArn}`,\n `${core.elasticsearchDomainArn}/*`\n ]\n }\n ]\n : [])\n ]\n };\n\n return policy;\n })\n }\n });\n}\n"],"mappings":";;;;;;;;;;;AAAA;;AACA;;AACA;;AAEA;;AACA;;AACA;;AACA;;;;;;;;;;AAQO,MAAMA,UAAU,GAAG,IAAAC,wBAAA,EAAgB;EACtCC,IAAI,EAAE,YADgC;;EAEtCC,MAAM,CAACC,GAAD,EAAiBC,MAAjB,EAAwC;IAC1C,MAAMC,MAAM,GAAGC,yBAAyB,CAACH,GAAD,CAAxC;IACA,MAAMI,IAAI,GAAG,IAAAC,6BAAA,EAAiBL,GAAjB,EAAsB;MAC/BF,IAAI,EAAE,iBADyB;MAE/BI,MAAM,EAAEA,MAAM,CAACI;IAFgB,CAAtB,CAAb;IAKA,MAAMC,OAAO,GAAGP,GAAG,CAACQ,WAAJ,CAAgBC,GAAG,CAACC,MAAJ,CAAWC,QAA3B,EAAqC;MACjDb,IAAI,EAAE,SAD2C;MAEjDC,MAAM,EAAE;QACJa,OAAO,EAAE,YADL;QAEJC,OAAO,EAAE,iBAFL;QAGJT,IAAI,EAAEA,IAAI,CAACE,MAAL,CAAYQ,GAHd;QAIJC,OAAO,EAAE,EAJL;QAKJC,UAAU,EAAE,GALR;QAMJC,IAAI,EAAE,IAAIC,MAAM,CAACC,KAAP,CAAaC,YAAjB,CAA8B;UAChC,KAAK,IAAIF,MAAM,CAACC,KAAP,CAAaE,WAAjB,CACDC,aAAA,CAAKC,IAAL,CAAUvB,GAAG,CAACwB,KAAJ,CAAUC,SAApB,EAA+B,eAA/B,CADC;QAD2B,CAA9B,CANF;QAWJC,WAAW,EAAE;UACTC,SAAS,gDACF,IAAAC,wCAAA,GADE,GAEF3B,MAAM,CAAC4B,GAFL;YAGLC,mCAAmC,EAAE;UAHhC;QADA,CAXT;QAkBJC,SAAS,EAAE/B,GAAG,CAACgC,SAAJ,CAAcC,WAAd,EAAyBC;MAlBhC;IAFyC,CAArC,CAAhB;IAwBA,OAAO;MACH9B,IADG;MAEHF,MAFG;MAGHiC,SAAS,EAAE;QACP5B;MADO;IAHR,CAAP;EAOH;;AAxCqC,CAAhB,CAAnB;;;AA2CP,SAASJ,yBAAT,CAAmCH,GAAnC,EAAmD;EAC/C,MAAMoC,UAAU,GAAGpC,GAAG,CAACgC,SAAJ,CAAcK,YAAd,CAAnB;EACA,MAAMC,YAAY,GAAG,IAAAC,yBAAA,EAAgBvC,GAAhB,CAArB;EACA,MAAMwC,SAAS,GAAG,IAAAC,sBAAA,EAAazC,GAAb,CAAlB;EAEA,OAAOA,GAAG,CAACQ,WAAJ,CAAgBC,GAAG,CAACiC,GAAJ,CAAQC,MAAxB,EAAgC;IACnC7C,IAAI,EAAE,wBAD6B;IAEnCC,MAAM,EAAE;MACJ6C,WAAW,EAAE,oEADT;MAEJ;MACA1C,MAAM,EAAEkC,UAAU,CAACS,KAAX,CAAiBC,IAAI,IAAI;QAC7B,MAAM5C,MAA8B,GAAG;UACnC6C,OAAO,EAAE,YAD0B;UAEnCC,SAAS,EAAE,CACP;YACIC,GAAG,EAAE,uBADT;YAEIC,MAAM,EAAE,OAFZ;YAGIC,MAAM,EAAE,CACJ,uBADI,EAEJ,yBAFI,EAGJ,6BAHI,EAIJ,uBAJI,EAKJ,sBALI,EAMJ,6BANI,EAOJ,uBAPI,EAQJ,qBARI,EASJ,sBATI,EAUJ,6BAVI,EAWJ,yBAXI,EAYJ,oCAZI,EAaJ,sCAbI,EAcJ,yBAdI,EAeJ,8CAfI,EAgBJ,yBAhBI,EAiBJ,mCAjBI,EAkBJ,4CAlBI,EAmBJ,yBAnBI,EAoBJ,wBApBI,EAqBJ,0CArBI,EAsBJ,6BAtBI,EAuBJ,6CAvBI,EAwBJ,4CAxBI,EAyBJ,mCAzBI,EA0BJ,kBA1BI,EA2BJ,qBA3BI,EA4BJ,2BA5BI,EA6BJ,sBA7BI,EA8BJ,kCA9BI,EA+BJ,sBA/BI,EAgCJ,sBAhCI,EAiCJ,qBAjCI,EAkCJ,6BAlCI,EAmCJ,wBAnCI,EAoCJ,wBApCI,EAqCJ,wBArCI,EAsCJ,wBAtCI,EAuCJ,4CAvCI,EAwCJ,kBAxCI,EAyCJ,gBAzCI,EA0CJ,iCA1CI,EA2CJ,oCA3CI,EA4CJ,eA5CI,EA6CJ,kCA7CI,EA8CJ,oCA9CI,EA+CJ,qBA/CI,EAgDJ,sBAhDI,EAiDJ,wCAjDI,EAkDJ,2BAlDI,CAHZ;YAuDIC,QAAQ,EAAE,CACL,GAAEN,IAAI,CAACO,uBAAwB,EAD1B,EAEL,GAAEP,IAAI,CAACO,uBAAwB,IAF1B,EAGN;YACA,IAAIP,IAAI,CAACQ,6BAAL,GACE,CACK,GAAER,IAAI,CAACQ,6BAA8B,EAD1C,EAEK,GAAER,IAAI,CAACQ,6BAA8B,IAF1C,CADF,GAKE,EALN,CAJM;UAvDd,CADO,EAoEP;YACIL,GAAG,EAAE,iBADT;YAEIC,MAAM,EAAE,OAFZ;YAGIC,MAAM,EAAE,CACJ,iBADI,EAEJ,iBAFI,EAGJ,iBAHI,EAIJ,cAJI,EAKJ,cALI,CAHZ;YAUIC,QAAQ,EAAG,gBAAeN,IAAI,CAACS,mBAAoB;UAVvD,CApEO,EAgFP;YACIN,GAAG,EAAE,qBADT;YAEIC,MAAM,EAAE,OAFZ;YAGIC,MAAM,EAAE,CAAC,uBAAD,CAHZ;YAIIC,QAAQ,EAAElC,MAAM,CAACsC,WAAY,kBAAiBhB,SAAU,IAAGF,YAAa;UAJ5E,CAhFO,EAsFP;YACIW,GAAG,EAAE,yBADT;YAEIC,MAAM,EAAE,OAFZ;YAGIC,MAAM,EAAE,eAHZ;YAIIC,QAAQ,EAAG,GAAEN,IAAI,CAACW,kBAAmB;UAJzC,CAtFO,EA4FP;YACIR,GAAG,EAAE,uBADT;YAEIC,MAAM,EAAE,OAFZ;YAGIC,MAAM,EAAE,kBAHZ;YAIIC,QAAQ,EAAEN,IAAI,CAACY;UAJnB,CA5FO,EAkGP;UACA,IAAIZ,IAAI,CAACa,sBAAL,GACE,CACI;YACIV,GAAG,EAAE,iBADT;YAEIC,MAAM,EAAE,OAFZ;YAGIC,MAAM,EAAE,MAHZ;YAIIC,QAAQ,EAAE,CACL,GAAEN,IAAI,CAACa,sBAAuB,EADzB,EAEL,GAAEb,IAAI,CAACa,sBAAuB,IAFzB;UAJd,CADJ,CADF,GAYE,EAZN,CAnGO;QAFwB,CAAvC;QAqHA,OAAOzD,MAAP;MACH,CAvHO;IAHJ;EAF2B,CAAhC,CAAP;AA+HH"}
|
|
1
|
+
{"version":3,"names":["ApiGraphql","createAppModule","name","config","app","params","core","getModule","CoreOutput","policy","createGraphqlLambdaPolicy","role","createLambdaRole","output","graphql","addResource","aws","lambda","Function","runtime","handler","arn","timeout","memorySize","code","pulumi","asset","AssetArchive","FileArchive","path","join","paths","workspace","environment","variables","getCommonLambdaEnvVariables","apply","value","env","AWS_NODEJS_CONNECTION_REUSE_ENABLED","vpcConfig","VpcConfig","functionVpcConfig","dynamodb","TableItem","tableName","primaryDynamodbTableName","hashKey","primaryDynamodbTableHashKey","rangeKey","primaryDynamodbTableRangeKey","key","item","interpolate","run","variant","apwSchedulerEventRule","apwSchedulerEventTarget","targetId","functions","coreOutput","awsAccountId","getAwsAccountId","awsRegion","getAwsRegion","iam","Policy","description","Version","Statement","Sid","Effect","Action","Resource","primaryDynamodbTableArn","elasticsearchDynamodbTableArn","fileManagerBucketId","cognitoUserPoolArn","eventBusArn","elasticsearchDomainArn"],"sources":["ApiGraphql.ts"],"sourcesContent":["import path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nimport { createAppModule, PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\nimport { createLambdaRole, getCommonLambdaEnvVariables } from \"../lambdaUtils\";\nimport { CoreOutput, VpcConfig } from \"~/apps\";\nimport { getAwsAccountId, getAwsRegion } from \"../awsUtils\";\n\ninterface GraphqlParams {\n env: Record<string, any>;\n apwSchedulerEventRule: pulumi.Output<aws.cloudwatch.EventRule>;\n apwSchedulerEventTarget: pulumi.Output<aws.cloudwatch.EventTarget>;\n}\n\nexport type ApiGraphql = PulumiAppModule<typeof ApiGraphql>;\n\nexport const ApiGraphql = createAppModule({\n name: \"ApiGraphql\",\n config(app: PulumiApp, params: GraphqlParams) {\n const core = app.getModule(CoreOutput);\n\n const policy = createGraphqlLambdaPolicy(app);\n const role = createLambdaRole(app, {\n name: \"api-lambda-role\",\n policy: policy.output\n });\n\n const graphql = app.addResource(aws.lambda.Function, {\n name: \"graphql\",\n config: {\n runtime: \"nodejs14.x\",\n handler: \"handler.handler\",\n role: role.output.arn,\n timeout: 30,\n memorySize: 512,\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"graphql/build\")\n )\n }),\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n ...params.env,\n AWS_NODEJS_CONNECTION_REUSE_ENABLED: \"1\"\n }))\n },\n vpcConfig: app.getModule(VpcConfig).functionVpcConfig\n }\n });\n\n /**\n * Store meta information like \"mainGraphqlFunctionArn\" in APW settings at deploy time.\n *\n * Note: We can't pass \"mainGraphqlFunctionArn\" as env variable due to circular dependency between\n * \"graphql\" lambda and \"api-apw-scheduler-execute-action\" lambda.\n */\n app.addResource(aws.dynamodb.TableItem, {\n name: \"apwSettings\",\n config: {\n tableName: core.primaryDynamodbTableName,\n hashKey: core.primaryDynamodbTableHashKey,\n rangeKey: pulumi\n .output(core.primaryDynamodbTableRangeKey)\n .apply(key => key || \"SK\"),\n item: pulumi.interpolate`{\n \"PK\": {\"S\": \"APW#SETTINGS\"},\n \"SK\": {\"S\": \"${app.params.run.variant || \"A\"}\"},\n \"mainGraphqlFunctionArn\": {\"S\": \"${graphql.output.arn}\"},\n \"eventRuleName\": {\"S\": \"${params.apwSchedulerEventRule.name}\"},\n \"eventTargetId\": {\"S\": \"${params.apwSchedulerEventTarget.targetId}\"}\n }`\n }\n });\n\n return {\n role,\n policy,\n functions: {\n graphql\n }\n };\n }\n});\n\nfunction createGraphqlLambdaPolicy(app: PulumiApp) {\n const coreOutput = app.getModule(CoreOutput);\n const awsAccountId = getAwsAccountId(app);\n const awsRegion = getAwsRegion(app);\n\n return app.addResource(aws.iam.Policy, {\n name: \"ApiGraphqlLambdaPolicy\",\n config: {\n description: \"This policy enables access to Dynamodb, S3, Lambda and Cognito IDP\",\n // Core is pulumi.Output, so we need to run apply() to resolve policy based on it\n policy: coreOutput.apply(core => {\n const policy: aws.iam.PolicyDocument = {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionForDynamodb\",\n Effect: \"Allow\",\n Action: [\n \"dynamodb:BatchGetItem\",\n \"dynamodb:BatchWriteItem\",\n \"dynamodb:ConditionCheckItem\",\n \"dynamodb:CreateBackup\",\n \"dynamodb:CreateTable\",\n \"dynamodb:CreateTableReplica\",\n \"dynamodb:DeleteBackup\",\n \"dynamodb:DeleteItem\",\n \"dynamodb:DeleteTable\",\n \"dynamodb:DeleteTableReplica\",\n \"dynamodb:DescribeBackup\",\n \"dynamodb:DescribeContinuousBackups\",\n \"dynamodb:DescribeContributorInsights\",\n \"dynamodb:DescribeExport\",\n \"dynamodb:DescribeKinesisStreamingDestination\",\n \"dynamodb:DescribeLimits\",\n \"dynamodb:DescribeReservedCapacity\",\n \"dynamodb:DescribeReservedCapacityOfferings\",\n \"dynamodb:DescribeStream\",\n \"dynamodb:DescribeTable\",\n \"dynamodb:DescribeTableReplicaAutoScaling\",\n \"dynamodb:DescribeTimeToLive\",\n \"dynamodb:DisableKinesisStreamingDestination\",\n \"dynamodb:EnableKinesisStreamingDestination\",\n \"dynamodb:ExportTableToPointInTime\",\n \"dynamodb:GetItem\",\n \"dynamodb:GetRecords\",\n \"dynamodb:GetShardIterator\",\n \"dynamodb:ListBackups\",\n \"dynamodb:ListContributorInsights\",\n \"dynamodb:ListExports\",\n \"dynamodb:ListStreams\",\n \"dynamodb:ListTables\",\n \"dynamodb:ListTagsOfResource\",\n \"dynamodb:PartiQLDelete\",\n \"dynamodb:PartiQLInsert\",\n \"dynamodb:PartiQLSelect\",\n \"dynamodb:PartiQLUpdate\",\n \"dynamodb:PurchaseReservedCapacityOfferings\",\n \"dynamodb:PutItem\",\n \"dynamodb:Query\",\n \"dynamodb:RestoreTableFromBackup\",\n \"dynamodb:RestoreTableToPointInTime\",\n \"dynamodb:Scan\",\n \"dynamodb:UpdateContinuousBackups\",\n \"dynamodb:UpdateContributorInsights\",\n \"dynamodb:UpdateItem\",\n \"dynamodb:UpdateTable\",\n \"dynamodb:UpdateTableReplicaAutoScaling\",\n \"dynamodb:UpdateTimeToLive\"\n ],\n Resource: [\n `${core.primaryDynamodbTableArn}`,\n `${core.primaryDynamodbTableArn}/*`,\n // Attach permissions for elastic search dynamo as well (if ES is enabled).\n ...(core.elasticsearchDynamodbTableArn\n ? [\n `${core.elasticsearchDynamodbTableArn}`,\n `${core.elasticsearchDynamodbTableArn}/*`\n ]\n : [])\n ]\n },\n {\n Sid: \"PermissionForS3\",\n Effect: \"Allow\",\n Action: [\n \"s3:GetObjectAcl\",\n \"s3:DeleteObject\",\n \"s3:PutObjectAcl\",\n \"s3:PutObject\",\n \"s3:GetObject\"\n ],\n Resource: `arn:aws:s3:::${core.fileManagerBucketId}/*`\n },\n {\n Sid: \"PermissionForLambda\",\n Effect: \"Allow\",\n Action: [\"lambda:InvokeFunction\"],\n Resource: pulumi.interpolate`arn:aws:lambda:${awsRegion}:${awsAccountId}:function:*`\n },\n {\n Sid: \"PermissionForCognitoIdp\",\n Effect: \"Allow\",\n Action: \"cognito-idp:*\",\n Resource: `${core.cognitoUserPoolArn}`\n },\n {\n Sid: \"PermissionForEventBus\",\n Effect: \"Allow\",\n Action: \"events:PutEvents\",\n Resource: core.eventBusArn\n },\n // Attach permissions for elastic search domain as well (if ES is enabled).\n ...(core.elasticsearchDomainArn\n ? [\n {\n Sid: \"PermissionForES\",\n Effect: \"Allow\" as const,\n Action: \"es:*\",\n Resource: [\n `${core.elasticsearchDomainArn}`,\n `${core.elasticsearchDomainArn}/*`\n ]\n }\n ]\n : [])\n ]\n };\n\n return policy;\n })\n }\n });\n}\n"],"mappings":";;;;;;;;;;;AAAA;;AACA;;AACA;;AAEA;;AACA;;AACA;;AACA;;;;;;;;;;AAUO,MAAMA,UAAU,GAAG,IAAAC,wBAAA,EAAgB;EACtCC,IAAI,EAAE,YADgC;;EAEtCC,MAAM,CAACC,GAAD,EAAiBC,MAAjB,EAAwC;IAC1C,MAAMC,IAAI,GAAGF,GAAG,CAACG,SAAJ,CAAcC,YAAd,CAAb;IAEA,MAAMC,MAAM,GAAGC,yBAAyB,CAACN,GAAD,CAAxC;IACA,MAAMO,IAAI,GAAG,IAAAC,6BAAA,EAAiBR,GAAjB,EAAsB;MAC/BF,IAAI,EAAE,iBADyB;MAE/BO,MAAM,EAAEA,MAAM,CAACI;IAFgB,CAAtB,CAAb;IAKA,MAAMC,OAAO,GAAGV,GAAG,CAACW,WAAJ,CAAgBC,GAAG,CAACC,MAAJ,CAAWC,QAA3B,EAAqC;MACjDhB,IAAI,EAAE,SAD2C;MAEjDC,MAAM,EAAE;QACJgB,OAAO,EAAE,YADL;QAEJC,OAAO,EAAE,iBAFL;QAGJT,IAAI,EAAEA,IAAI,CAACE,MAAL,CAAYQ,GAHd;QAIJC,OAAO,EAAE,EAJL;QAKJC,UAAU,EAAE,GALR;QAMJC,IAAI,EAAE,IAAIC,MAAM,CAACC,KAAP,CAAaC,YAAjB,CAA8B;UAChC,KAAK,IAAIF,MAAM,CAACC,KAAP,CAAaE,WAAjB,CACDC,aAAA,CAAKC,IAAL,CAAU1B,GAAG,CAAC2B,KAAJ,CAAUC,SAApB,EAA+B,eAA/B,CADC;QAD2B,CAA9B,CANF;QAWJC,WAAW,EAAE;UACTC,SAAS,EAAE,IAAAC,wCAAA,IAA8BC,KAA9B,CAAoCC,KAAK,kDAC7CA,KAD6C,GAE7ChC,MAAM,CAACiC,GAFsC;YAGhDC,mCAAmC,EAAE;UAHW,EAAzC;QADF,CAXT;QAkBJC,SAAS,EAAEpC,GAAG,CAACG,SAAJ,CAAckC,WAAd,EAAyBC;MAlBhC;IAFyC,CAArC,CAAhB;IAwBA;AACR;AACA;AACA;AACA;AACA;;IACQtC,GAAG,CAACW,WAAJ,CAAgBC,GAAG,CAAC2B,QAAJ,CAAaC,SAA7B,EAAwC;MACpC1C,IAAI,EAAE,aAD8B;MAEpCC,MAAM,EAAE;QACJ0C,SAAS,EAAEvC,IAAI,CAACwC,wBADZ;QAEJC,OAAO,EAAEzC,IAAI,CAAC0C,2BAFV;QAGJC,QAAQ,EAAExB,MAAM,CACXZ,MADK,CACEP,IAAI,CAAC4C,4BADP,EAELd,KAFK,CAECe,GAAG,IAAIA,GAAG,IAAI,IAFf,CAHN;QAMJC,IAAI,EAAE3B,MAAM,CAAC4B,WAAY;AACzC;AACA,6BAA6BjD,GAAG,CAACC,MAAJ,CAAWiD,GAAX,CAAeC,OAAf,IAA0B,GAAI;AAC3D,iDAAiDzC,OAAO,CAACD,MAAR,CAAeQ,GAAI;AACpE,wCAAwChB,MAAM,CAACmD,qBAAP,CAA6BtD,IAAK;AAC1E,wCAAwCG,MAAM,CAACoD,uBAAP,CAA+BC,QAAS;AAChF;MAZoB;IAF4B,CAAxC;IAkBA,OAAO;MACH/C,IADG;MAEHF,MAFG;MAGHkD,SAAS,EAAE;QACP7C;MADO;IAHR,CAAP;EAOH;;AAlEqC,CAAhB,CAAnB;;;AAqEP,SAASJ,yBAAT,CAAmCN,GAAnC,EAAmD;EAC/C,MAAMwD,UAAU,GAAGxD,GAAG,CAACG,SAAJ,CAAcC,YAAd,CAAnB;EACA,MAAMqD,YAAY,GAAG,IAAAC,yBAAA,EAAgB1D,GAAhB,CAArB;EACA,MAAM2D,SAAS,GAAG,IAAAC,sBAAA,EAAa5D,GAAb,CAAlB;EAEA,OAAOA,GAAG,CAACW,WAAJ,CAAgBC,GAAG,CAACiD,GAAJ,CAAQC,MAAxB,EAAgC;IACnChE,IAAI,EAAE,wBAD6B;IAEnCC,MAAM,EAAE;MACJgE,WAAW,EAAE,oEADT;MAEJ;MACA1D,MAAM,EAAEmD,UAAU,CAACxB,KAAX,CAAiB9B,IAAI,IAAI;QAC7B,MAAMG,MAA8B,GAAG;UACnC2D,OAAO,EAAE,YAD0B;UAEnCC,SAAS,EAAE,CACP;YACIC,GAAG,EAAE,uBADT;YAEIC,MAAM,EAAE,OAFZ;YAGIC,MAAM,EAAE,CACJ,uBADI,EAEJ,yBAFI,EAGJ,6BAHI,EAIJ,uBAJI,EAKJ,sBALI,EAMJ,6BANI,EAOJ,uBAPI,EAQJ,qBARI,EASJ,sBATI,EAUJ,6BAVI,EAWJ,yBAXI,EAYJ,oCAZI,EAaJ,sCAbI,EAcJ,yBAdI,EAeJ,8CAfI,EAgBJ,yBAhBI,EAiBJ,mCAjBI,EAkBJ,4CAlBI,EAmBJ,yBAnBI,EAoBJ,wBApBI,EAqBJ,0CArBI,EAsBJ,6BAtBI,EAuBJ,6CAvBI,EAwBJ,4CAxBI,EAyBJ,mCAzBI,EA0BJ,kBA1BI,EA2BJ,qBA3BI,EA4BJ,2BA5BI,EA6BJ,sBA7BI,EA8BJ,kCA9BI,EA+BJ,sBA/BI,EAgCJ,sBAhCI,EAiCJ,qBAjCI,EAkCJ,6BAlCI,EAmCJ,wBAnCI,EAoCJ,wBApCI,EAqCJ,wBArCI,EAsCJ,wBAtCI,EAuCJ,4CAvCI,EAwCJ,kBAxCI,EAyCJ,gBAzCI,EA0CJ,iCA1CI,EA2CJ,oCA3CI,EA4CJ,eA5CI,EA6CJ,kCA7CI,EA8CJ,oCA9CI,EA+CJ,qBA/CI,EAgDJ,sBAhDI,EAiDJ,wCAjDI,EAkDJ,2BAlDI,CAHZ;YAuDIC,QAAQ,EAAE,CACL,GAAEnE,IAAI,CAACoE,uBAAwB,EAD1B,EAEL,GAAEpE,IAAI,CAACoE,uBAAwB,IAF1B,EAGN;YACA,IAAIpE,IAAI,CAACqE,6BAAL,GACE,CACK,GAAErE,IAAI,CAACqE,6BAA8B,EAD1C,EAEK,GAAErE,IAAI,CAACqE,6BAA8B,IAF1C,CADF,GAKE,EALN,CAJM;UAvDd,CADO,EAoEP;YACIL,GAAG,EAAE,iBADT;YAEIC,MAAM,EAAE,OAFZ;YAGIC,MAAM,EAAE,CACJ,iBADI,EAEJ,iBAFI,EAGJ,iBAHI,EAIJ,cAJI,EAKJ,cALI,CAHZ;YAUIC,QAAQ,EAAG,gBAAenE,IAAI,CAACsE,mBAAoB;UAVvD,CApEO,EAgFP;YACIN,GAAG,EAAE,qBADT;YAEIC,MAAM,EAAE,OAFZ;YAGIC,MAAM,EAAE,CAAC,uBAAD,CAHZ;YAIIC,QAAQ,EAAEhD,MAAM,CAAC4B,WAAY,kBAAiBU,SAAU,IAAGF,YAAa;UAJ5E,CAhFO,EAsFP;YACIS,GAAG,EAAE,yBADT;YAEIC,MAAM,EAAE,OAFZ;YAGIC,MAAM,EAAE,eAHZ;YAIIC,QAAQ,EAAG,GAAEnE,IAAI,CAACuE,kBAAmB;UAJzC,CAtFO,EA4FP;YACIP,GAAG,EAAE,uBADT;YAEIC,MAAM,EAAE,OAFZ;YAGIC,MAAM,EAAE,kBAHZ;YAIIC,QAAQ,EAAEnE,IAAI,CAACwE;UAJnB,CA5FO,EAkGP;UACA,IAAIxE,IAAI,CAACyE,sBAAL,GACE,CACI;YACIT,GAAG,EAAE,iBADT;YAEIC,MAAM,EAAE,OAFZ;YAGIC,MAAM,EAAE,MAHZ;YAIIC,QAAQ,EAAE,CACL,GAAEnE,IAAI,CAACyE,sBAAuB,EADzB,EAEL,GAAEzE,IAAI,CAACyE,sBAAuB,IAFzB;UAJd,CADJ,CADF,GAYE,EAZN,CAnGO;QAFwB,CAAvC;QAqHA,OAAOtE,MAAP;MACH,CAvHO;IAHJ;EAF2B,CAAhC,CAAP;AA+HH"}
|
|
@@ -50,9 +50,9 @@ const ApiHeadlessCMS = (0, _pulumi2.createAppModule)({
|
|
|
50
50
|
".": new pulumi.asset.FileArchive(_path.default.join(app.paths.workspace, "headlessCMS/build"))
|
|
51
51
|
}),
|
|
52
52
|
environment: {
|
|
53
|
-
variables: _objectSpread(_objectSpread(_objectSpread({},
|
|
53
|
+
variables: (0, _lambdaUtils.getCommonLambdaEnvVariables)().apply(value => _objectSpread(_objectSpread(_objectSpread({}, value), params.env), {}, {
|
|
54
54
|
AWS_NODEJS_CONNECTION_REUSE_ENABLED: "1"
|
|
55
|
-
})
|
|
55
|
+
}))
|
|
56
56
|
},
|
|
57
57
|
vpcConfig: app.getModule(_common.VpcConfig).functionVpcConfig
|
|
58
58
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["ApiHeadlessCMS","createAppModule","name","config","app","params","policy","createHeadlessCmsLambdaPolicy","role","createLambdaRole","output","graphql","addResource","aws","lambda","Function","runtime","handler","arn","timeout","memorySize","code","pulumi","asset","AssetArchive","FileArchive","path","join","paths","workspace","environment","variables","getCommonLambdaEnvVariables","env","AWS_NODEJS_CONNECTION_REUSE_ENABLED","vpcConfig","getModule","VpcConfig","functionVpcConfig","functions","coreOutput","CoreOutput","iam","Policy","description","apply","core","Version","Statement","Sid","Effect","Action","Resource","primaryDynamodbTableArn","elasticsearchDynamodbTableArn","elasticsearchDomainArn"],"sources":["ApiHeadlessCMS.ts"],"sourcesContent":["import path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nimport { createAppModule, PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\n\nimport { createLambdaRole, getCommonLambdaEnvVariables } from \"../lambdaUtils\";\nimport { CoreOutput, VpcConfig } from \"../common\";\n\ninterface HeadlessCMSParams {\n env: Record<string, any>;\n}\n\nexport type ApiHeadlessCMS = PulumiAppModule<typeof ApiHeadlessCMS>;\n\nexport const ApiHeadlessCMS = createAppModule({\n name: \"ApiHeadlessCMS\",\n config(app: PulumiApp, params: HeadlessCMSParams) {\n const policy = createHeadlessCmsLambdaPolicy(app);\n const role = createLambdaRole(app, {\n name: \"headless-cms-lambda-role\",\n policy: policy.output\n });\n\n const graphql = app.addResource(aws.lambda.Function, {\n name: \"headless-cms\",\n config: {\n runtime: \"nodejs14.x\",\n handler: \"handler.handler\",\n role: role.output.arn,\n timeout: 30,\n memorySize: 512,\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"headlessCMS/build\")\n )\n }),\n environment: {\n variables: {\n ...getCommonLambdaEnvVariables(),\n ...params.env,\n AWS_NODEJS_CONNECTION_REUSE_ENABLED: \"1\"\n }\n },\n vpcConfig: app.getModule(VpcConfig).functionVpcConfig\n }\n });\n\n return {\n role,\n policy,\n functions: {\n graphql\n }\n };\n }\n});\n\nfunction createHeadlessCmsLambdaPolicy(app: PulumiApp) {\n const coreOutput = app.getModule(CoreOutput);\n\n return app.addResource(aws.iam.Policy, {\n name: \"HeadlessCmsLambdaPolicy\",\n config: {\n description: \"This policy enables access to Dynamodb streams\",\n // Core is pulumi.Output, so we need to run apply() to resolve policy based on it\n policy: coreOutput.apply(core => {\n const policy: aws.iam.PolicyDocument = {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionDynamodb\",\n Effect: \"Allow\",\n Action: [\n \"dynamodb:BatchGetItem\",\n \"dynamodb:BatchWriteItem\",\n \"dynamodb:ConditionCheckItem\",\n \"dynamodb:CreateBackup\",\n \"dynamodb:CreateTable\",\n \"dynamodb:CreateTableReplica\",\n \"dynamodb:DeleteBackup\",\n \"dynamodb:DeleteItem\",\n \"dynamodb:DeleteTable\",\n \"dynamodb:DeleteTableReplica\",\n \"dynamodb:DescribeBackup\",\n \"dynamodb:DescribeContinuousBackups\",\n \"dynamodb:DescribeContributorInsights\",\n \"dynamodb:DescribeExport\",\n \"dynamodb:DescribeKinesisStreamingDestination\",\n \"dynamodb:DescribeLimits\",\n \"dynamodb:DescribeReservedCapacity\",\n \"dynamodb:DescribeReservedCapacityOfferings\",\n \"dynamodb:DescribeStream\",\n \"dynamodb:DescribeTable\",\n \"dynamodb:DescribeTableReplicaAutoScaling\",\n \"dynamodb:DescribeTimeToLive\",\n \"dynamodb:DisableKinesisStreamingDestination\",\n \"dynamodb:EnableKinesisStreamingDestination\",\n \"dynamodb:ExportTableToPointInTime\",\n \"dynamodb:GetItem\",\n \"dynamodb:GetRecords\",\n \"dynamodb:GetShardIterator\",\n \"dynamodb:ListBackups\",\n \"dynamodb:ListContributorInsights\",\n \"dynamodb:ListExports\",\n \"dynamodb:ListStreams\",\n \"dynamodb:ListTables\",\n \"dynamodb:ListTagsOfResource\",\n \"dynamodb:PartiQLDelete\",\n \"dynamodb:PartiQLInsert\",\n \"dynamodb:PartiQLSelect\",\n \"dynamodb:PartiQLUpdate\",\n \"dynamodb:PurchaseReservedCapacityOfferings\",\n \"dynamodb:PutItem\",\n \"dynamodb:Query\",\n \"dynamodb:RestoreTableFromBackup\",\n \"dynamodb:RestoreTableToPointInTime\",\n \"dynamodb:Scan\",\n \"dynamodb:UpdateContinuousBackups\",\n \"dynamodb:UpdateContributorInsights\",\n \"dynamodb:UpdateItem\",\n \"dynamodb:UpdateTable\",\n \"dynamodb:UpdateTableReplicaAutoScaling\",\n \"dynamodb:UpdateTimeToLive\"\n ],\n Resource: [\n `${core.primaryDynamodbTableArn}`,\n `${core.primaryDynamodbTableArn}/*`,\n // Attach permissions for elastic search dynamo as well (if ES is enabled).\n ...(core.elasticsearchDynamodbTableArn\n ? [\n `${core.elasticsearchDynamodbTableArn}`,\n `${core.elasticsearchDynamodbTableArn}/*`\n ]\n : [])\n ]\n },\n // Attach permissions for elastic search domain as well (if ES is enabled).\n ...(core.elasticsearchDomainArn\n ? [\n {\n Sid: \"PermissionForES\",\n Effect: \"Allow\" as const,\n Action: \"es:*\",\n Resource: [\n `${core.elasticsearchDomainArn}`,\n `${core.elasticsearchDomainArn}/*`\n ]\n }\n ]\n : [])\n ]\n };\n\n return policy;\n })\n }\n });\n}\n"],"mappings":";;;;;;;;;;;AAAA;;AACA;;AACA;;AAEA;;AAEA;;AACA;;;;;;;;;;AAQO,MAAMA,cAAc,GAAG,IAAAC,wBAAA,EAAgB;EAC1CC,IAAI,EAAE,gBADoC;;EAE1CC,MAAM,CAACC,GAAD,EAAiBC,MAAjB,EAA4C;IAC9C,MAAMC,MAAM,GAAGC,6BAA6B,CAACH,GAAD,CAA5C;IACA,MAAMI,IAAI,GAAG,IAAAC,6BAAA,EAAiBL,GAAjB,EAAsB;MAC/BF,IAAI,EAAE,0BADyB;MAE/BI,MAAM,EAAEA,MAAM,CAACI;IAFgB,CAAtB,CAAb;IAKA,MAAMC,OAAO,GAAGP,GAAG,CAACQ,WAAJ,CAAgBC,GAAG,CAACC,MAAJ,CAAWC,QAA3B,EAAqC;MACjDb,IAAI,EAAE,cAD2C;MAEjDC,MAAM,EAAE;QACJa,OAAO,EAAE,YADL;QAEJC,OAAO,EAAE,iBAFL;QAGJT,IAAI,EAAEA,IAAI,CAACE,MAAL,CAAYQ,GAHd;QAIJC,OAAO,EAAE,EAJL;QAKJC,UAAU,EAAE,GALR;QAMJC,IAAI,EAAE,IAAIC,MAAM,CAACC,KAAP,CAAaC,YAAjB,CAA8B;UAChC,KAAK,IAAIF,MAAM,CAACC,KAAP,CAAaE,WAAjB,CACDC,aAAA,CAAKC,IAAL,CAAUvB,GAAG,CAACwB,KAAJ,CAAUC,SAApB,EAA+B,mBAA/B,CADC;QAD2B,CAA9B,CANF;QAWJC,WAAW,EAAE;UACTC,SAAS,gDACF,IAAAC,wCAAA,GADE,GAEF3B,MAAM,CAAC4B,GAFL;YAGLC,mCAAmC,EAAE;UAHhC;QADA,CAXT;QAkBJC,SAAS,EAAE/B,GAAG,CAACgC,SAAJ,CAAcC,iBAAd,EAAyBC;MAlBhC;IAFyC,CAArC,CAAhB;IAwBA,OAAO;MACH9B,IADG;MAEHF,MAFG;MAGHiC,SAAS,EAAE;QACP5B;MADO;IAHR,CAAP;EAOH;;AAxCyC,CAAhB,CAAvB;;;AA2CP,SAASJ,6BAAT,CAAuCH,GAAvC,EAAuD;EACnD,MAAMoC,UAAU,GAAGpC,GAAG,CAACgC,SAAJ,CAAcK,kBAAd,CAAnB;EAEA,OAAOrC,GAAG,CAACQ,WAAJ,CAAgBC,GAAG,CAAC6B,GAAJ,CAAQC,MAAxB,EAAgC;IACnCzC,IAAI,EAAE,yBAD6B;IAEnCC,MAAM,EAAE;MACJyC,WAAW,EAAE,gDADT;MAEJ;MACAtC,MAAM,EAAEkC,UAAU,CAACK,KAAX,CAAiBC,IAAI,IAAI;QAC7B,MAAMxC,MAA8B,GAAG;UACnCyC,OAAO,EAAE,YAD0B;UAEnCC,SAAS,EAAE,CACP;YACIC,GAAG,EAAE,oBADT;YAEIC,MAAM,EAAE,OAFZ;YAGIC,MAAM,EAAE,CACJ,uBADI,EAEJ,yBAFI,EAGJ,6BAHI,EAIJ,uBAJI,EAKJ,sBALI,EAMJ,6BANI,EAOJ,uBAPI,EAQJ,qBARI,EASJ,sBATI,EAUJ,6BAVI,EAWJ,yBAXI,EAYJ,oCAZI,EAaJ,sCAbI,EAcJ,yBAdI,EAeJ,8CAfI,EAgBJ,yBAhBI,EAiBJ,mCAjBI,EAkBJ,4CAlBI,EAmBJ,yBAnBI,EAoBJ,wBApBI,EAqBJ,0CArBI,EAsBJ,6BAtBI,EAuBJ,6CAvBI,EAwBJ,4CAxBI,EAyBJ,mCAzBI,EA0BJ,kBA1BI,EA2BJ,qBA3BI,EA4BJ,2BA5BI,EA6BJ,sBA7BI,EA8BJ,kCA9BI,EA+BJ,sBA/BI,EAgCJ,sBAhCI,EAiCJ,qBAjCI,EAkCJ,6BAlCI,EAmCJ,wBAnCI,EAoCJ,wBApCI,EAqCJ,wBArCI,EAsCJ,wBAtCI,EAuCJ,4CAvCI,EAwCJ,kBAxCI,EAyCJ,gBAzCI,EA0CJ,iCA1CI,EA2CJ,oCA3CI,EA4CJ,eA5CI,EA6CJ,kCA7CI,EA8CJ,oCA9CI,EA+CJ,qBA/CI,EAgDJ,sBAhDI,EAiDJ,wCAjDI,EAkDJ,2BAlDI,CAHZ;YAuDIC,QAAQ,EAAE,CACL,GAAEN,IAAI,CAACO,uBAAwB,EAD1B,EAEL,GAAEP,IAAI,CAACO,uBAAwB,IAF1B,EAGN;YACA,IAAIP,IAAI,CAACQ,6BAAL,GACE,CACK,GAAER,IAAI,CAACQ,6BAA8B,EAD1C,EAEK,GAAER,IAAI,CAACQ,6BAA8B,IAF1C,CADF,GAKE,EALN,CAJM;UAvDd,CADO,EAoEP;UACA,IAAIR,IAAI,CAACS,sBAAL,GACE,CACI;YACIN,GAAG,EAAE,iBADT;YAEIC,MAAM,EAAE,OAFZ;YAGIC,MAAM,EAAE,MAHZ;YAIIC,QAAQ,EAAE,CACL,GAAEN,IAAI,CAACS,sBAAuB,EADzB,EAEL,GAAET,IAAI,CAACS,sBAAuB,IAFzB;UAJd,CADJ,CADF,GAYE,EAZN,CArEO;QAFwB,CAAvC;QAuFA,OAAOjD,MAAP;MACH,CAzFO;IAHJ;EAF2B,CAAhC,CAAP;AAiGH"}
|
|
1
|
+
{"version":3,"names":["ApiHeadlessCMS","createAppModule","name","config","app","params","policy","createHeadlessCmsLambdaPolicy","role","createLambdaRole","output","graphql","addResource","aws","lambda","Function","runtime","handler","arn","timeout","memorySize","code","pulumi","asset","AssetArchive","FileArchive","path","join","paths","workspace","environment","variables","getCommonLambdaEnvVariables","apply","value","env","AWS_NODEJS_CONNECTION_REUSE_ENABLED","vpcConfig","getModule","VpcConfig","functionVpcConfig","functions","coreOutput","CoreOutput","iam","Policy","description","core","Version","Statement","Sid","Effect","Action","Resource","primaryDynamodbTableArn","elasticsearchDynamodbTableArn","elasticsearchDomainArn"],"sources":["ApiHeadlessCMS.ts"],"sourcesContent":["import path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nimport { createAppModule, PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\n\nimport { createLambdaRole, getCommonLambdaEnvVariables } from \"../lambdaUtils\";\nimport { CoreOutput, VpcConfig } from \"../common\";\n\ninterface HeadlessCMSParams {\n env: Record<string, any>;\n}\n\nexport type ApiHeadlessCMS = PulumiAppModule<typeof ApiHeadlessCMS>;\n\nexport const ApiHeadlessCMS = createAppModule({\n name: \"ApiHeadlessCMS\",\n config(app: PulumiApp, params: HeadlessCMSParams) {\n const policy = createHeadlessCmsLambdaPolicy(app);\n const role = createLambdaRole(app, {\n name: \"headless-cms-lambda-role\",\n policy: policy.output\n });\n\n const graphql = app.addResource(aws.lambda.Function, {\n name: \"headless-cms\",\n config: {\n runtime: \"nodejs14.x\",\n handler: \"handler.handler\",\n role: role.output.arn,\n timeout: 30,\n memorySize: 512,\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"headlessCMS/build\")\n )\n }),\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n ...params.env,\n AWS_NODEJS_CONNECTION_REUSE_ENABLED: \"1\"\n }))\n },\n vpcConfig: app.getModule(VpcConfig).functionVpcConfig\n }\n });\n\n return {\n role,\n policy,\n functions: {\n graphql\n }\n };\n }\n});\n\nfunction createHeadlessCmsLambdaPolicy(app: PulumiApp) {\n const coreOutput = app.getModule(CoreOutput);\n\n return app.addResource(aws.iam.Policy, {\n name: \"HeadlessCmsLambdaPolicy\",\n config: {\n description: \"This policy enables access to Dynamodb streams\",\n // Core is pulumi.Output, so we need to run apply() to resolve policy based on it\n policy: coreOutput.apply(core => {\n const policy: aws.iam.PolicyDocument = {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionDynamodb\",\n Effect: \"Allow\",\n Action: [\n \"dynamodb:BatchGetItem\",\n \"dynamodb:BatchWriteItem\",\n \"dynamodb:ConditionCheckItem\",\n \"dynamodb:CreateBackup\",\n \"dynamodb:CreateTable\",\n \"dynamodb:CreateTableReplica\",\n \"dynamodb:DeleteBackup\",\n \"dynamodb:DeleteItem\",\n \"dynamodb:DeleteTable\",\n \"dynamodb:DeleteTableReplica\",\n \"dynamodb:DescribeBackup\",\n \"dynamodb:DescribeContinuousBackups\",\n \"dynamodb:DescribeContributorInsights\",\n \"dynamodb:DescribeExport\",\n \"dynamodb:DescribeKinesisStreamingDestination\",\n \"dynamodb:DescribeLimits\",\n \"dynamodb:DescribeReservedCapacity\",\n \"dynamodb:DescribeReservedCapacityOfferings\",\n \"dynamodb:DescribeStream\",\n \"dynamodb:DescribeTable\",\n \"dynamodb:DescribeTableReplicaAutoScaling\",\n \"dynamodb:DescribeTimeToLive\",\n \"dynamodb:DisableKinesisStreamingDestination\",\n \"dynamodb:EnableKinesisStreamingDestination\",\n \"dynamodb:ExportTableToPointInTime\",\n \"dynamodb:GetItem\",\n \"dynamodb:GetRecords\",\n \"dynamodb:GetShardIterator\",\n \"dynamodb:ListBackups\",\n \"dynamodb:ListContributorInsights\",\n \"dynamodb:ListExports\",\n \"dynamodb:ListStreams\",\n \"dynamodb:ListTables\",\n \"dynamodb:ListTagsOfResource\",\n \"dynamodb:PartiQLDelete\",\n \"dynamodb:PartiQLInsert\",\n \"dynamodb:PartiQLSelect\",\n \"dynamodb:PartiQLUpdate\",\n \"dynamodb:PurchaseReservedCapacityOfferings\",\n \"dynamodb:PutItem\",\n \"dynamodb:Query\",\n \"dynamodb:RestoreTableFromBackup\",\n \"dynamodb:RestoreTableToPointInTime\",\n \"dynamodb:Scan\",\n \"dynamodb:UpdateContinuousBackups\",\n \"dynamodb:UpdateContributorInsights\",\n \"dynamodb:UpdateItem\",\n \"dynamodb:UpdateTable\",\n \"dynamodb:UpdateTableReplicaAutoScaling\",\n \"dynamodb:UpdateTimeToLive\"\n ],\n Resource: [\n `${core.primaryDynamodbTableArn}`,\n `${core.primaryDynamodbTableArn}/*`,\n // Attach permissions for elastic search dynamo as well (if ES is enabled).\n ...(core.elasticsearchDynamodbTableArn\n ? [\n `${core.elasticsearchDynamodbTableArn}`,\n `${core.elasticsearchDynamodbTableArn}/*`\n ]\n : [])\n ]\n },\n // Attach permissions for elastic search domain as well (if ES is enabled).\n ...(core.elasticsearchDomainArn\n ? [\n {\n Sid: \"PermissionForES\",\n Effect: \"Allow\" as const,\n Action: \"es:*\",\n Resource: [\n `${core.elasticsearchDomainArn}`,\n `${core.elasticsearchDomainArn}/*`\n ]\n }\n ]\n : [])\n ]\n };\n\n return policy;\n })\n }\n });\n}\n"],"mappings":";;;;;;;;;;;AAAA;;AACA;;AACA;;AAEA;;AAEA;;AACA;;;;;;;;;;AAQO,MAAMA,cAAc,GAAG,IAAAC,wBAAA,EAAgB;EAC1CC,IAAI,EAAE,gBADoC;;EAE1CC,MAAM,CAACC,GAAD,EAAiBC,MAAjB,EAA4C;IAC9C,MAAMC,MAAM,GAAGC,6BAA6B,CAACH,GAAD,CAA5C;IACA,MAAMI,IAAI,GAAG,IAAAC,6BAAA,EAAiBL,GAAjB,EAAsB;MAC/BF,IAAI,EAAE,0BADyB;MAE/BI,MAAM,EAAEA,MAAM,CAACI;IAFgB,CAAtB,CAAb;IAKA,MAAMC,OAAO,GAAGP,GAAG,CAACQ,WAAJ,CAAgBC,GAAG,CAACC,MAAJ,CAAWC,QAA3B,EAAqC;MACjDb,IAAI,EAAE,cAD2C;MAEjDC,MAAM,EAAE;QACJa,OAAO,EAAE,YADL;QAEJC,OAAO,EAAE,iBAFL;QAGJT,IAAI,EAAEA,IAAI,CAACE,MAAL,CAAYQ,GAHd;QAIJC,OAAO,EAAE,EAJL;QAKJC,UAAU,EAAE,GALR;QAMJC,IAAI,EAAE,IAAIC,MAAM,CAACC,KAAP,CAAaC,YAAjB,CAA8B;UAChC,KAAK,IAAIF,MAAM,CAACC,KAAP,CAAaE,WAAjB,CACDC,aAAA,CAAKC,IAAL,CAAUvB,GAAG,CAACwB,KAAJ,CAAUC,SAApB,EAA+B,mBAA/B,CADC;QAD2B,CAA9B,CANF;QAWJC,WAAW,EAAE;UACTC,SAAS,EAAE,IAAAC,wCAAA,IAA8BC,KAA9B,CAAoCC,KAAK,kDAC7CA,KAD6C,GAE7C7B,MAAM,CAAC8B,GAFsC;YAGhDC,mCAAmC,EAAE;UAHW,EAAzC;QADF,CAXT;QAkBJC,SAAS,EAAEjC,GAAG,CAACkC,SAAJ,CAAcC,iBAAd,EAAyBC;MAlBhC;IAFyC,CAArC,CAAhB;IAwBA,OAAO;MACHhC,IADG;MAEHF,MAFG;MAGHmC,SAAS,EAAE;QACP9B;MADO;IAHR,CAAP;EAOH;;AAxCyC,CAAhB,CAAvB;;;AA2CP,SAASJ,6BAAT,CAAuCH,GAAvC,EAAuD;EACnD,MAAMsC,UAAU,GAAGtC,GAAG,CAACkC,SAAJ,CAAcK,kBAAd,CAAnB;EAEA,OAAOvC,GAAG,CAACQ,WAAJ,CAAgBC,GAAG,CAAC+B,GAAJ,CAAQC,MAAxB,EAAgC;IACnC3C,IAAI,EAAE,yBAD6B;IAEnCC,MAAM,EAAE;MACJ2C,WAAW,EAAE,gDADT;MAEJ;MACAxC,MAAM,EAAEoC,UAAU,CAACT,KAAX,CAAiBc,IAAI,IAAI;QAC7B,MAAMzC,MAA8B,GAAG;UACnC0C,OAAO,EAAE,YAD0B;UAEnCC,SAAS,EAAE,CACP;YACIC,GAAG,EAAE,oBADT;YAEIC,MAAM,EAAE,OAFZ;YAGIC,MAAM,EAAE,CACJ,uBADI,EAEJ,yBAFI,EAGJ,6BAHI,EAIJ,uBAJI,EAKJ,sBALI,EAMJ,6BANI,EAOJ,uBAPI,EAQJ,qBARI,EASJ,sBATI,EAUJ,6BAVI,EAWJ,yBAXI,EAYJ,oCAZI,EAaJ,sCAbI,EAcJ,yBAdI,EAeJ,8CAfI,EAgBJ,yBAhBI,EAiBJ,mCAjBI,EAkBJ,4CAlBI,EAmBJ,yBAnBI,EAoBJ,wBApBI,EAqBJ,0CArBI,EAsBJ,6BAtBI,EAuBJ,6CAvBI,EAwBJ,4CAxBI,EAyBJ,mCAzBI,EA0BJ,kBA1BI,EA2BJ,qBA3BI,EA4BJ,2BA5BI,EA6BJ,sBA7BI,EA8BJ,kCA9BI,EA+BJ,sBA/BI,EAgCJ,sBAhCI,EAiCJ,qBAjCI,EAkCJ,6BAlCI,EAmCJ,wBAnCI,EAoCJ,wBApCI,EAqCJ,wBArCI,EAsCJ,wBAtCI,EAuCJ,4CAvCI,EAwCJ,kBAxCI,EAyCJ,gBAzCI,EA0CJ,iCA1CI,EA2CJ,oCA3CI,EA4CJ,eA5CI,EA6CJ,kCA7CI,EA8CJ,oCA9CI,EA+CJ,qBA/CI,EAgDJ,sBAhDI,EAiDJ,wCAjDI,EAkDJ,2BAlDI,CAHZ;YAuDIC,QAAQ,EAAE,CACL,GAAEN,IAAI,CAACO,uBAAwB,EAD1B,EAEL,GAAEP,IAAI,CAACO,uBAAwB,IAF1B,EAGN;YACA,IAAIP,IAAI,CAACQ,6BAAL,GACE,CACK,GAAER,IAAI,CAACQ,6BAA8B,EAD1C,EAEK,GAAER,IAAI,CAACQ,6BAA8B,IAF1C,CADF,GAKE,EALN,CAJM;UAvDd,CADO,EAoEP;UACA,IAAIR,IAAI,CAACS,sBAAL,GACE,CACI;YACIN,GAAG,EAAE,iBADT;YAEIC,MAAM,EAAE,OAFZ;YAGIC,MAAM,EAAE,MAHZ;YAIIC,QAAQ,EAAE,CACL,GAAEN,IAAI,CAACS,sBAAuB,EADzB,EAEL,GAAET,IAAI,CAACS,sBAAuB,IAFzB;UAJd,CADJ,CADF,GAYE,EAZN,CArEO;QAFwB,CAAvC;QAuFA,OAAOlD,MAAP;MACH,CAzFO;IAHJ;EAF2B,CAAhC,CAAP;AAiGH"}
|
|
@@ -81,9 +81,9 @@ function createExportPagesResources(app, params) {
|
|
|
81
81
|
".": new pulumi.asset.FileArchive(path.join(app.paths.workspace, "pageBuilder/exportPages/combine/build"))
|
|
82
82
|
}),
|
|
83
83
|
environment: {
|
|
84
|
-
variables: _objectSpread(_objectSpread(_objectSpread({},
|
|
84
|
+
variables: (0, _lambdaUtils.getCommonLambdaEnvVariables)().apply(value => _objectSpread(_objectSpread(_objectSpread({}, value), params.env), {}, {
|
|
85
85
|
S3_BUCKET: core.fileManagerBucketId
|
|
86
|
-
})
|
|
86
|
+
}))
|
|
87
87
|
}
|
|
88
88
|
}
|
|
89
89
|
});
|
|
@@ -100,10 +100,10 @@ function createExportPagesResources(app, params) {
|
|
|
100
100
|
".": new pulumi.asset.FileArchive(path.join(app.paths.workspace, "pageBuilder/exportPages/process/build"))
|
|
101
101
|
}),
|
|
102
102
|
environment: {
|
|
103
|
-
variables: _objectSpread(_objectSpread(_objectSpread({},
|
|
103
|
+
variables: (0, _lambdaUtils.getCommonLambdaEnvVariables)().apply(value => _objectSpread(_objectSpread(_objectSpread({}, value), params.env), {}, {
|
|
104
104
|
S3_BUCKET: core.fileManagerBucketId,
|
|
105
105
|
EXPORT_PAGE_COMBINE_HANDLER: combine.output.arn
|
|
106
|
-
})
|
|
106
|
+
}))
|
|
107
107
|
}
|
|
108
108
|
}
|
|
109
109
|
});
|
|
@@ -169,9 +169,9 @@ function createImportPagesResources(app, params) {
|
|
|
169
169
|
".": new pulumi.asset.FileArchive(path.join(app.paths.workspace, "pageBuilder/importPages/process/build"))
|
|
170
170
|
}),
|
|
171
171
|
environment: {
|
|
172
|
-
variables: _objectSpread(_objectSpread(_objectSpread({},
|
|
172
|
+
variables: (0, _lambdaUtils.getCommonLambdaEnvVariables)().apply(value => _objectSpread(_objectSpread(_objectSpread({}, value), params.env), {}, {
|
|
173
173
|
S3_BUCKET: core.fileManagerBucketId
|
|
174
|
-
})
|
|
174
|
+
}))
|
|
175
175
|
}
|
|
176
176
|
}
|
|
177
177
|
});
|
|
@@ -188,10 +188,10 @@ function createImportPagesResources(app, params) {
|
|
|
188
188
|
".": new pulumi.asset.FileArchive(path.join(app.paths.workspace, "pageBuilder/importPages/create/build"))
|
|
189
189
|
}),
|
|
190
190
|
environment: {
|
|
191
|
-
variables: _objectSpread(_objectSpread(_objectSpread({},
|
|
191
|
+
variables: (0, _lambdaUtils.getCommonLambdaEnvVariables)().apply(value => _objectSpread(_objectSpread(_objectSpread({}, value), params.env), {}, {
|
|
192
192
|
S3_BUCKET: core.fileManagerBucketId,
|
|
193
193
|
IMPORT_PAGE_QUEUE_PROCESS_HANDLER: process.output.arn
|
|
194
|
-
})
|
|
194
|
+
}))
|
|
195
195
|
}
|
|
196
196
|
}
|
|
197
197
|
});
|