@webiny/pulumi-aws 5.43.3 → 6.0.0-alpha.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (189) hide show
  1. package/apps/admin/createAdminPulumiApp.d.ts +3 -2
  2. package/apps/admin/createAdminPulumiApp.js +15 -1
  3. package/apps/admin/createAdminPulumiApp.js.map +1 -1
  4. package/apps/api/ApiApwScheduler.d.ts +1 -1
  5. package/apps/api/ApiApwScheduler.js.map +1 -1
  6. package/apps/api/ApiBackgroundTask.d.ts +1 -1
  7. package/apps/api/ApiBackgroundTask.js.map +1 -1
  8. package/apps/api/ApiCloudfront.d.ts +1 -1
  9. package/apps/api/ApiCloudfront.js.map +1 -1
  10. package/apps/api/ApiFileManager.d.ts +7 -1
  11. package/apps/api/ApiFileManager.js +6 -0
  12. package/apps/api/ApiFileManager.js.map +1 -1
  13. package/apps/api/ApiGateway.d.ts +2 -2
  14. package/apps/api/ApiGateway.js.map +1 -1
  15. package/apps/api/ApiGraphql.d.ts +1 -1
  16. package/apps/api/ApiGraphql.js.map +1 -1
  17. package/apps/api/ApiMigration.d.ts +1 -1
  18. package/apps/api/ApiMigration.js.map +1 -1
  19. package/apps/api/ApiOutput.d.ts +11 -1
  20. package/apps/api/ApiOutput.js +11 -1
  21. package/apps/api/ApiOutput.js.map +1 -1
  22. package/apps/api/ApiPageBuilder.d.ts +1 -1
  23. package/apps/api/ApiPageBuilder.js.map +1 -1
  24. package/apps/api/ApiScheduler.d.ts +8 -0
  25. package/apps/api/ApiScheduler.js +105 -0
  26. package/apps/api/ApiScheduler.js.map +1 -0
  27. package/apps/api/ApiWebsocket.d.ts +1 -1
  28. package/apps/api/ApiWebsocket.js.map +1 -1
  29. package/apps/api/backgroundTask/definition.d.ts +2 -2
  30. package/apps/api/backgroundTask/definition.js.map +1 -1
  31. package/apps/api/backgroundTask/policy.d.ts +2 -2
  32. package/apps/api/backgroundTask/policy.js.map +1 -1
  33. package/apps/api/backgroundTask/role.d.ts +2 -2
  34. package/apps/api/backgroundTask/role.js.map +1 -1
  35. package/apps/api/backgroundTask/types.d.ts +1 -1
  36. package/apps/api/backgroundTask/types.js.map +1 -1
  37. package/apps/api/createApiPulumiApp.d.ts +18 -9
  38. package/apps/api/createApiPulumiApp.js +48 -19
  39. package/apps/api/createApiPulumiApp.js.map +1 -1
  40. package/apps/awsUtils.d.ts +2 -2
  41. package/apps/awsUtils.js.map +1 -1
  42. package/apps/blueGreen/createBlueGreenPulumiApp.d.ts +7 -1
  43. package/apps/blueGreen/createBlueGreenPulumiApp.js +2 -2
  44. package/apps/blueGreen/createBlueGreenPulumiApp.js.map +1 -1
  45. package/apps/blueGreen/domains/attachDomainsToOutput.d.ts +1 -1
  46. package/apps/blueGreen/domains/attachDomainsToOutput.js.map +1 -1
  47. package/apps/blueGreen/types.d.ts +4 -1
  48. package/apps/blueGreen/types.js.map +1 -1
  49. package/apps/common/CoreOutput.d.ts +2 -1
  50. package/apps/common/CoreOutput.js +1 -0
  51. package/apps/common/CoreOutput.js.map +1 -1
  52. package/apps/common/VpcConfig.d.ts +1 -1
  53. package/apps/common/VpcConfig.js.map +1 -1
  54. package/apps/core/CoreCognito.d.ts +1 -1
  55. package/apps/core/CoreCognito.js.map +1 -1
  56. package/apps/core/CoreDynamo.d.ts +1 -1
  57. package/apps/core/CoreDynamo.js.map +1 -1
  58. package/apps/core/CoreElasticSearch.d.ts +1 -1
  59. package/apps/core/CoreElasticSearch.js.map +1 -1
  60. package/apps/core/CoreEventBus.js.map +1 -1
  61. package/apps/core/CoreFileManager.d.ts +1 -1
  62. package/apps/core/CoreFileManager.js.map +1 -1
  63. package/apps/core/CoreOpenSearch.d.ts +1 -1
  64. package/apps/core/CoreOpenSearch.js.map +1 -1
  65. package/apps/core/CoreVpc.d.ts +1 -1
  66. package/apps/core/CoreVpc.js.map +1 -1
  67. package/apps/core/LogDynamo.d.ts +1 -1
  68. package/apps/core/LogDynamo.js.map +1 -1
  69. package/apps/core/WatchCommand.js.map +1 -1
  70. package/apps/core/cognitoIdentityProviders/amazon.d.ts +3 -3
  71. package/apps/core/cognitoIdentityProviders/amazon.js.map +1 -1
  72. package/apps/core/cognitoIdentityProviders/apple.d.ts +3 -3
  73. package/apps/core/cognitoIdentityProviders/apple.js.map +1 -1
  74. package/apps/core/cognitoIdentityProviders/configure.d.ts +3 -3
  75. package/apps/core/cognitoIdentityProviders/configure.js.map +1 -1
  76. package/apps/core/cognitoIdentityProviders/facebook.d.ts +3 -3
  77. package/apps/core/cognitoIdentityProviders/facebook.js.map +1 -1
  78. package/apps/core/cognitoIdentityProviders/getIdpConfig.d.ts +2 -2
  79. package/apps/core/cognitoIdentityProviders/getIdpConfig.js.map +1 -1
  80. package/apps/core/cognitoIdentityProviders/google.d.ts +3 -3
  81. package/apps/core/cognitoIdentityProviders/google.js.map +1 -1
  82. package/apps/core/cognitoIdentityProviders/oidc.d.ts +3 -3
  83. package/apps/core/cognitoIdentityProviders/oidc.js.map +1 -1
  84. package/apps/core/createCorePulumiApp.d.ts +1 -1
  85. package/apps/core/createCorePulumiApp.js +2 -1
  86. package/apps/core/createCorePulumiApp.js.map +1 -1
  87. package/apps/createAppBucket.d.ts +1 -1
  88. package/apps/createAppBucket.js.map +1 -1
  89. package/apps/customDomain.d.ts +3 -3
  90. package/apps/customDomain.js.map +1 -1
  91. package/apps/lambdaUtils.d.ts +3 -2
  92. package/apps/lambdaUtils.js +21 -3
  93. package/apps/lambdaUtils.js.map +1 -1
  94. package/apps/react/createReactPulumiApp.d.ts +2 -2
  95. package/apps/react/createReactPulumiApp.js.map +1 -1
  96. package/apps/syncSystem/SyncSystemDynamo.d.ts +1 -1
  97. package/apps/syncSystem/SyncSystemDynamo.js.map +1 -1
  98. package/apps/syncSystem/SyncSystemDynamoDb.d.ts +3 -0
  99. package/apps/syncSystem/SyncSystemDynamoDb.js +55 -0
  100. package/apps/syncSystem/SyncSystemDynamoDb.js.map +1 -0
  101. package/apps/syncSystem/SyncSystemEventBus.d.ts +6 -0
  102. package/apps/syncSystem/SyncSystemEventBus.js +84 -0
  103. package/apps/syncSystem/SyncSystemEventBus.js.map +1 -0
  104. package/apps/syncSystem/SyncSystemLambda.d.ts +1 -1
  105. package/apps/syncSystem/SyncSystemLambda.js.map +1 -1
  106. package/apps/syncSystem/SyncSystemOutput.d.ts +3 -0
  107. package/apps/syncSystem/SyncSystemOutput.js +26 -0
  108. package/apps/syncSystem/SyncSystemOutput.js.map +1 -0
  109. package/apps/syncSystem/SyncSystemResolverLambda.d.ts +8 -0
  110. package/apps/syncSystem/SyncSystemResolverLambda.js +78 -0
  111. package/apps/syncSystem/SyncSystemResolverLambda.js.map +1 -0
  112. package/apps/syncSystem/SyncSystemSQS.d.ts +3 -4
  113. package/apps/syncSystem/SyncSystemSQS.js +33 -12
  114. package/apps/syncSystem/SyncSystemSQS.js.map +1 -1
  115. package/apps/syncSystem/SyncSystemWorkerLambda.d.ts +7 -0
  116. package/apps/syncSystem/SyncSystemWorkerLambda.js +57 -0
  117. package/apps/syncSystem/SyncSystemWorkerLambda.js.map +1 -0
  118. package/apps/syncSystem/api/addServiceManifest.d.ts +8 -0
  119. package/apps/syncSystem/api/addServiceManifest.js +25 -0
  120. package/apps/syncSystem/api/addServiceManifest.js.map +1 -0
  121. package/apps/syncSystem/api/attachCognitoPermissions.d.ts +14 -0
  122. package/apps/syncSystem/api/attachCognitoPermissions.js +67 -0
  123. package/apps/syncSystem/api/attachCognitoPermissions.js.map +1 -0
  124. package/apps/syncSystem/api/attachDynamoDbPermissions.d.ts +13 -0
  125. package/apps/syncSystem/api/attachDynamoDbPermissions.js +53 -0
  126. package/apps/syncSystem/api/attachDynamoDbPermissions.js.map +1 -0
  127. package/apps/syncSystem/api/attachEventBusPermissions.d.ts +18 -0
  128. package/apps/syncSystem/api/attachEventBusPermissions.js +66 -0
  129. package/apps/syncSystem/api/attachEventBusPermissions.js.map +1 -0
  130. package/apps/syncSystem/api/attachS3Permissions.d.ts +14 -0
  131. package/apps/syncSystem/api/attachS3Permissions.js +59 -0
  132. package/apps/syncSystem/api/attachS3Permissions.js.map +1 -0
  133. package/apps/syncSystem/api/index.d.ts +9 -0
  134. package/apps/syncSystem/api/index.js +65 -0
  135. package/apps/syncSystem/api/index.js.map +1 -0
  136. package/apps/syncSystem/constants.d.ts +1 -0
  137. package/apps/syncSystem/constants.js +9 -0
  138. package/apps/syncSystem/constants.js.map +1 -0
  139. package/apps/syncSystem/createSyncResourceName.d.ts +4 -0
  140. package/apps/syncSystem/createSyncResourceName.js +17 -0
  141. package/apps/syncSystem/createSyncResourceName.js.map +1 -0
  142. package/apps/syncSystem/createSyncSystemPulumiApp.d.ts +19 -10
  143. package/apps/syncSystem/createSyncSystemPulumiApp.js +107 -34
  144. package/apps/syncSystem/createSyncSystemPulumiApp.js.map +1 -1
  145. package/apps/syncSystem/customApp.d.ts +6 -0
  146. package/apps/syncSystem/customApp.js +26 -0
  147. package/apps/syncSystem/customApp.js.map +1 -0
  148. package/apps/syncSystem/getSyncSystemOutput.d.ts +6 -0
  149. package/apps/syncSystem/getSyncSystemOutput.js +28 -0
  150. package/apps/syncSystem/getSyncSystemOutput.js.map +1 -0
  151. package/apps/syncSystem/lambda/createSyncSystemResolverLambdaPolicy.d.ts +7 -0
  152. package/apps/syncSystem/lambda/createSyncSystemResolverLambdaPolicy.js +55 -0
  153. package/apps/syncSystem/lambda/createSyncSystemResolverLambdaPolicy.js.map +1 -0
  154. package/apps/syncSystem/types.d.ts +55 -0
  155. package/apps/syncSystem/types.js +7 -0
  156. package/apps/syncSystem/types.js.map +1 -0
  157. package/apps/tenantRouter.d.ts +1 -1
  158. package/apps/tenantRouter.js.map +1 -1
  159. package/apps/website/WebsitePrerendering.d.ts +1 -1
  160. package/apps/website/WebsitePrerendering.js.map +1 -1
  161. package/apps/website/createWebsitePulumiApp.d.ts +2 -2
  162. package/apps/website/createWebsitePulumiApp.js.map +1 -1
  163. package/enterprise/api/handleGuardDutyEvents.d.ts +1 -1
  164. package/enterprise/api/handleGuardDutyEvents.js.map +1 -1
  165. package/enterprise/createApiPulumiApp.d.ts +13 -2
  166. package/enterprise/createApiPulumiApp.js.map +1 -1
  167. package/enterprise/createCorePulumiApp.d.ts +2 -2
  168. package/enterprise/createCorePulumiApp.js.map +1 -1
  169. package/enterprise/createSyncSystemPulumiApp.d.ts +13 -8
  170. package/enterprise/createSyncSystemPulumiApp.js +1 -1
  171. package/enterprise/createSyncSystemPulumiApp.js.map +1 -1
  172. package/enterprise/createWebsitePulumiApp.d.ts +2 -2
  173. package/enterprise/createWebsitePulumiApp.js.map +1 -1
  174. package/package.json +12 -12
  175. package/utils/addDomainsUrlsOutputs.d.ts +2 -2
  176. package/utils/addDomainsUrlsOutputs.js.map +1 -1
  177. package/utils/addServiceManifestTableItem.d.ts +1 -1
  178. package/utils/addServiceManifestTableItem.js.map +1 -1
  179. package/utils/createAssetArchive.d.ts +2 -0
  180. package/utils/createAssetArchive.js +16 -0
  181. package/utils/createAssetArchive.js.map +1 -0
  182. package/utils/getPresignedPost.d.ts +1 -1
  183. package/utils/getPresignedPost.js.map +1 -1
  184. package/utils/lambdaEnvVariables.d.ts +1 -1
  185. package/utils/lambdaEnvVariables.js.map +1 -1
  186. package/utils/uploadFolderToS3.d.ts +1 -1
  187. package/utils/uploadFolderToS3.js.map +1 -1
  188. package/utils/withServiceManifest.d.ts +2 -2
  189. package/utils/withServiceManifest.js.map +1 -1
package/apps/admin/createAdminPulumiApp.d.ts CHANGED
@@ -1,5 +1,6 @@
1
- import { PulumiAppParam, PulumiAppParamCallback } from "@webiny/pulumi";
2
- import { createReactPulumiApp, CustomDomainParams } from "..";
1
+ import type { PulumiAppParam, PulumiAppParamCallback } from "@webiny/pulumi";
2
+ import type { CustomDomainParams } from "..";
3
+ import { createReactPulumiApp } from "..";
3
4
  export type AdminPulumiApp = ReturnType<typeof createReactPulumiApp>;
4
5
  export interface CreateAdminPulumiAppParams {
5
6
  /** Custom domain configuration */
package/apps/admin/createAdminPulumiApp.js CHANGED
@@ -6,11 +6,25 @@ Object.defineProperty(exports, "__esModule", {
6
6
  exports.createAdminPulumiApp = void 0;
7
7
  var _ = require("./..");
8
8
  const createAdminPulumiApp = projectAppParams => {
9
- return (0, _.createReactPulumiApp)({
9
+ const adminApp = (0, _.createReactPulumiApp)({
10
10
  name: "admin",
11
11
  folder: "apps/admin",
12
12
  ...projectAppParams
13
13
  });
14
+ adminApp.addHandler(() => {
15
+ const cdn = adminApp.resources.cloudfront;
16
+ cdn.config.waitForDeployment(true);
17
+ adminApp.addServiceManifest({
18
+ name: "admin",
19
+ manifest: {
20
+ cloudfront: {
21
+ distributionId: cdn.output.id,
22
+ domainName: cdn.output.domainName
23
+ }
24
+ }
25
+ });
26
+ });
27
+ return adminApp;
14
28
  };
15
29
  exports.createAdminPulumiApp = createAdminPulumiApp;
16
30
 
package/apps/admin/createAdminPulumiApp.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["_","require","createAdminPulumiApp","projectAppParams","createReactPulumiApp","name","folder","exports"],"sources":["createAdminPulumiApp.ts"],"sourcesContent":["import { PulumiAppParam, PulumiAppParamCallback } from \"@webiny/pulumi\";\nimport { createReactPulumiApp, CustomDomainParams } from \"~/apps\";\n\nexport type AdminPulumiApp = ReturnType<typeof createReactPulumiApp>;\n\nexport interface CreateAdminPulumiAppParams {\n /** Custom domain configuration */\n domains?: PulumiAppParamCallback<CustomDomainParams>;\n\n /**\n * Provides a way to adjust existing Pulumi code (cloud infrastructure resources)\n * or add additional ones into the mix.\n */\n pulumi?: (app: AdminPulumiApp) => void | Promise<void>;\n\n /**\n * Prefixes names of all Pulumi cloud infrastructure resource with given prefix.\n */\n pulumiResourceNamePrefix?: PulumiAppParam<string>;\n\n /**\n * Treats provided environments as production environments, which\n * are deployed in production deployment mode.\n * https://www.webiny.com/docs/architecture/deployment-modes/production\n */\n productionEnvironments?: PulumiAppParam<string[]>;\n}\n\nexport const createAdminPulumiApp = (projectAppParams: CreateAdminPulumiAppParams) => {\n return createReactPulumiApp({\n name: \"admin\",\n folder: \"apps/admin\",\n ...projectAppParams\n });\n};\n"],"mappings":";;;;;;AACA,IAAAA,CAAA,GAAAC,OAAA;AA2BO,MAAMC,oBAAoB,GAAIC,gBAA4C,IAAK;EAClF,OAAO,IAAAC,sBAAoB,EAAC;IACxBC,IAAI,EAAE,OAAO;IACbC,MAAM,EAAE,YAAY;IACpB,GAAGH;EACP,CAAC,CAAC;AACN,CAAC;AAACI,OAAA,CAAAL,oBAAA,GAAAA,oBAAA","ignoreList":[]}
1
+ {"version":3,"names":["_","require","createAdminPulumiApp","projectAppParams","adminApp","createReactPulumiApp","name","folder","addHandler","cdn","resources","cloudfront","config","waitForDeployment","addServiceManifest","manifest","distributionId","output","id","domainName","exports"],"sources":["createAdminPulumiApp.ts"],"sourcesContent":["import type { PulumiAppParam, PulumiAppParamCallback } from \"@webiny/pulumi\";\nimport type { CustomDomainParams } from \"~/apps\";\nimport { createReactPulumiApp } from \"~/apps\";\n\nexport type AdminPulumiApp = ReturnType<typeof createReactPulumiApp>;\n\nexport interface CreateAdminPulumiAppParams {\n /** Custom domain configuration */\n domains?: PulumiAppParamCallback<CustomDomainParams>;\n\n /**\n * Provides a way to adjust existing Pulumi code (cloud infrastructure resources)\n * or add additional ones into the mix.\n */\n pulumi?: (app: AdminPulumiApp) => void | Promise<void>;\n\n /**\n * Prefixes names of all Pulumi cloud infrastructure resource with given prefix.\n */\n pulumiResourceNamePrefix?: PulumiAppParam<string>;\n\n /**\n * Treats provided environments as production environments, which\n * are deployed in production deployment mode.\n * https://www.webiny.com/docs/architecture/deployment-modes/production\n */\n productionEnvironments?: PulumiAppParam<string[]>;\n}\n\nexport const createAdminPulumiApp = (projectAppParams: CreateAdminPulumiAppParams) => {\n const adminApp = createReactPulumiApp({\n name: \"admin\",\n folder: \"apps/admin\",\n ...projectAppParams\n });\n\n adminApp.addHandler(() => {\n const cdn = adminApp.resources.cloudfront;\n\n cdn.config.waitForDeployment(true);\n\n adminApp.addServiceManifest({\n name: \"admin\",\n manifest: {\n cloudfront: {\n distributionId: cdn.output.id,\n domainName: cdn.output.domainName\n }\n }\n });\n });\n\n return adminApp;\n};\n"],"mappings":";;;;;;AAEA,IAAAA,CAAA,GAAAC,OAAA;AA2BO,MAAMC,oBAAoB,GAAIC,gBAA4C,IAAK;EAClF,MAAMC,QAAQ,GAAG,IAAAC,sBAAoB,EAAC;IAClCC,IAAI,EAAE,OAAO;IACbC,MAAM,EAAE,YAAY;IACpB,GAAGJ;EACP,CAAC,CAAC;EAEFC,QAAQ,CAACI,UAAU,CAAC,MAAM;IACtB,MAAMC,GAAG,GAAGL,QAAQ,CAACM,SAAS,CAACC,UAAU;IAEzCF,GAAG,CAACG,MAAM,CAACC,iBAAiB,CAAC,IAAI,CAAC;IAElCT,QAAQ,CAACU,kBAAkB,CAAC;MACxBR,IAAI,EAAE,OAAO;MACbS,QAAQ,EAAE;QACNJ,UAAU,EAAE;UACRK,cAAc,EAAEP,GAAG,CAACQ,MAAM,CAACC,EAAE;UAC7BC,UAAU,EAAEV,GAAG,CAACQ,MAAM,CAACE;QAC3B;MACJ;IACJ,CAAC,CAAC;EACN,CAAC,CAAC;EAEF,OAAOf,QAAQ;AACnB,CAAC;AAACgB,OAAA,CAAAlB,oBAAA,GAAAA,oBAAA","ignoreList":[]}
package/apps/api/ApiApwScheduler.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import { PulumiAppModule } from "@webiny/pulumi";
1
+ import type { PulumiAppModule } from "@webiny/pulumi";
2
2
  interface ScheduleActionParams {
3
3
  env: Record<string, any>;
4
4
  }
package/apps/api/ApiApwScheduler.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["_path","_interopRequireDefault","require","pulumi","_interopRequireWildcard","aws","_constants","_pulumi2","_common","_lambdaUtils","LAMBDA_NAME_PREFIX","CREATE_RULE_LAMBDA","EXECUTE_ACTION_LAMBDA","EVENT_RULE_NAME","EVENT_RULE_TARGET","ApiApwScheduler","exports","createAppModule","name","config","app","params","executeAction","createExecuteActionLambda","scheduleAction","createScheduleActionLambda","lambda","output","eventRule","addResource","cloudwatch","EventRule","description","scheduleExpression","state","Permission","action","function","arn","principal","statementId","eventTarget","EventTarget","rule","role","iam","Role","assumeRolePolicy","Version","Statement","Action","Principal","Service","Effect","meta","isLambdaFunctionRole","policy","createExecuteActionLambdaPolicy","RolePolicyAttachment","policyArn","ManagedPolicy","AWSLambdaBasicExecutionRole","Function","runtime","LAMBDA_RUNTIME","handler","timeout","memorySize","code","asset","AssetArchive","FileArchive","path","join","paths","workspace","environment","variables","getCommonLambdaEnvVariables","apply","value","env","core","getModule","CoreOutput","Policy","Sid","Resource","interpolate","primaryDynamodbTableArn","logDynamodbTableArn","executeLambda","createScheduleActionLambdaPolicy","APW_SCHEDULER_EXECUTE_ACTION_HANDLER"],"sources":["ApiApwScheduler.ts"],"sourcesContent":["import path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport { LAMBDA_RUNTIME } from \"~/constants\";\nimport { createAppModule, PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\nimport { CoreOutput } from \"../common\";\nimport { getCommonLambdaEnvVariables } from \"../lambdaUtils\";\n\ninterface ScheduleActionParams {\n env: Record<string, any>;\n}\n\nconst LAMBDA_NAME_PREFIX = \"apw-scheduler\";\nconst CREATE_RULE_LAMBDA = `${LAMBDA_NAME_PREFIX}-schedule-action-lambda`;\nconst EXECUTE_ACTION_LAMBDA = `${LAMBDA_NAME_PREFIX}-execute-action-lambda`;\nconst EVENT_RULE_NAME = `${LAMBDA_NAME_PREFIX}-event-rule`;\nconst EVENT_RULE_TARGET = `${LAMBDA_NAME_PREFIX}-event-rule-target`;\n\nexport type ApiApwScheduler = PulumiAppModule<typeof ApiApwScheduler>;\n\nexport const ApiApwScheduler = createAppModule({\n name: \"ApiApwScheduler\",\n config(app: PulumiApp, params: ScheduleActionParams) {\n const executeAction = createExecuteActionLambda(app, params);\n const scheduleAction = createScheduleActionLambda(app, executeAction.lambda.output, params);\n\n // Create event rule.\n const eventRule = app.addResource(aws.cloudwatch.EventRule, {\n name: EVENT_RULE_NAME,\n config: {\n description: `Enable us to schedule an action in publishing workflow at a particular datetime`,\n scheduleExpression: \"cron(* * * * ? 2000)\",\n state: \"ENABLED\"\n }\n });\n\n // Add required permission to the target lambda.\n app.addResource(aws.lambda.Permission, {\n name: \"eventTargetPermission\",\n config: {\n action: \"lambda:InvokeFunction\",\n function: scheduleAction.lambda.output.arn,\n principal: \"events.amazonaws.com\",\n statementId: \"allow-rule-invoke-\" + EVENT_RULE_NAME\n }\n });\n\n // Add lambda as target to the event rule.\n const eventTarget = app.addResource(aws.cloudwatch.EventTarget, {\n name: EVENT_RULE_TARGET,\n config: {\n rule: eventRule.output.name,\n arn: scheduleAction.lambda.output.arn\n }\n });\n\n return {\n executeAction,\n scheduleAction,\n eventRule,\n eventTarget\n };\n }\n});\n\nfunction createExecuteActionLambda(app: PulumiApp, params: ScheduleActionParams) {\n const role = app.addResource(aws.iam.Role, {\n name: `${EXECUTE_ACTION_LAMBDA}-role`,\n config: {\n assumeRolePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Action: \"sts:AssumeRole\",\n Principal: {\n Service: \"lambda.amazonaws.com\"\n },\n Effect: \"Allow\"\n }\n ]\n }\n },\n meta: { isLambdaFunctionRole: true }\n });\n\n const policy = createExecuteActionLambdaPolicy(app);\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${EXECUTE_ACTION_LAMBDA}-role-policy-attachment`,\n config: {\n role: role.output,\n policyArn: policy.output.arn\n }\n });\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${EXECUTE_ACTION_LAMBDA}-AWSLambdaBasicExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n }\n });\n\n const lambda = app.addResource(aws.lambda.Function, {\n name: EXECUTE_ACTION_LAMBDA,\n config: {\n role: role.output.arn,\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n timeout: 60,\n memorySize: 512,\n description: \"Handle execute action workflow in apw scheduler\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"apw/executeAction/build\")\n )\n }),\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n ...params.env\n }))\n }\n }\n });\n\n return {\n role,\n policy,\n lambda\n };\n}\n\nfunction createExecuteActionLambdaPolicy(app: PulumiApp) {\n const core = app.getModule(CoreOutput);\n\n return app.addResource(aws.iam.Policy, {\n name: \"ApwSchedulerExecuteActionLambdaPolicy\",\n config: {\n description: \"This policy enables access to cloudwatch event and lambda invocation\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionLambda\",\n Effect: \"Allow\",\n Action: [\"lambda:InvokeFunction\"],\n Resource: [\"*\"]\n },\n {\n Sid: \"PermissionDynamoDB\",\n Effect: \"Allow\",\n Action: [\"dynamodb:Query\", \"dynamodb:GetItem\", \"dynamodb:DeleteItem\"],\n Resource: [\n pulumi.interpolate`${core.primaryDynamodbTableArn}`,\n pulumi.interpolate`${core.primaryDynamodbTableArn}/*`\n ]\n },\n {\n Sid: \"PermissionDynamoDBLog\",\n Effect: \"Allow\",\n Action: [\n \"dynamodb:Query\",\n \"dynamodb:GetItem\",\n \"dynamodb:DeleteItem\",\n \"dynamodb:PutItem\"\n ],\n Resource: [\n pulumi.interpolate`${core.logDynamodbTableArn}`,\n pulumi.interpolate`${core.logDynamodbTableArn}/*`\n ]\n }\n ]\n }\n }\n });\n}\n\nfunction createScheduleActionLambda(\n app: PulumiApp,\n executeLambda: pulumi.Output<aws.lambda.Function>,\n params: ScheduleActionParams\n) {\n const role = app.addResource(aws.iam.Role, {\n name: `${CREATE_RULE_LAMBDA}-role`,\n config: {\n assumeRolePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Action: \"sts:AssumeRole\",\n Principal: {\n Service: \"lambda.amazonaws.com\"\n },\n Effect: \"Allow\"\n }\n ]\n }\n },\n meta: { isLambdaFunctionRole: true }\n });\n\n const policy = createScheduleActionLambdaPolicy(app);\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${CREATE_RULE_LAMBDA}-role-policy-attachment`,\n config: {\n role: role.output,\n policyArn: policy.output.arn\n }\n });\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${CREATE_RULE_LAMBDA}-AWSLambdaBasicExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n }\n });\n\n const lambda = app.addResource(aws.lambda.Function, {\n name: CREATE_RULE_LAMBDA,\n config: {\n role: role.output.arn,\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n timeout: 60,\n memorySize: 512,\n description: \"Handle schedule action workflow in apw scheduler\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"apw/scheduleAction/build\")\n )\n }),\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n ...params.env,\n APW_SCHEDULER_EXECUTE_ACTION_HANDLER: executeLambda.arn\n // RULE_NAME: this.eventRule.name.apply(name => name),\n // RULE_TARGET_ID: this.eventTarget.targetId.apply(id => id)\n }))\n }\n }\n });\n\n return {\n role,\n policy,\n lambda\n };\n}\n\nfunction createScheduleActionLambdaPolicy(app: PulumiApp) {\n const core = app.getModule(CoreOutput);\n\n return app.addResource(aws.iam.Policy, {\n name: \"ApwSchedulerScheduleActionLambdaPolicy\",\n config: {\n description: \"This policy enables access to cloudwatch event and lambda invocation\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionLambda\",\n Effect: \"Allow\",\n Action: [\"lambda:InvokeFunction\"],\n Resource: [\"*\"]\n },\n {\n Sid: \"PermissionDynamoDB\",\n Effect: \"Allow\",\n Action: [\n \"dynamodb:PutItem\",\n \"dynamodb:Query\",\n \"dynamodb:GetItem\",\n \"dynamodb:UpdateItem\",\n \"dynamodb:DeleteItem\"\n ],\n Resource: [\n pulumi.interpolate`${core.primaryDynamodbTableArn}`,\n pulumi.interpolate`${core.primaryDynamodbTableArn}/*`\n ]\n },\n {\n Sid: \"PermissionEvents\",\n Effect: \"Allow\",\n Action: [\n \"events:DeleteRule\",\n \"events:PutTargets\",\n \"events:PutRule\",\n \"events:ListRules\",\n \"events:RemoveTargets\",\n \"events:ListTargetsByRule\"\n ],\n Resource: [\"*\"]\n }\n ]\n }\n }\n });\n}\n"],"mappings":";;;;;;;;AAAA,IAAAA,KAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,MAAA,GAAAC,uBAAA,CAAAF,OAAA;AACA,IAAAG,GAAA,GAAAD,uBAAA,CAAAF,OAAA;AACA,IAAAI,UAAA,GAAAJ,OAAA;AACA,IAAAK,QAAA,GAAAL,OAAA;AACA,IAAAM,OAAA,GAAAN,OAAA;AACA,IAAAO,YAAA,GAAAP,OAAA;AAMA,MAAMQ,kBAAkB,GAAG,eAAe;AAC1C,MAAMC,kBAAkB,GAAG,GAAGD,kBAAkB,yBAAyB;AACzE,MAAME,qBAAqB,GAAG,GAAGF,kBAAkB,wBAAwB;AAC3E,MAAMG,eAAe,GAAG,GAAGH,kBAAkB,aAAa;AAC1D,MAAMI,iBAAiB,GAAG,GAAGJ,kBAAkB,oBAAoB;AAI5D,MAAMK,eAAe,GAAAC,OAAA,CAAAD,eAAA,GAAG,IAAAE,wBAAe,EAAC;EAC3CC,IAAI,EAAE,iBAAiB;EACvBC,MAAMA,CAACC,GAAc,EAAEC,MAA4B,EAAE;IACjD,MAAMC,aAAa,GAAGC,yBAAyB,CAACH,GAAG,EAAEC,MAAM,CAAC;IAC5D,MAAMG,cAAc,GAAGC,0BAA0B,CAACL,GAAG,EAAEE,aAAa,CAACI,MAAM,CAACC,MAAM,EAAEN,MAAM,CAAC;;IAE3F;IACA,MAAMO,SAAS,GAAGR,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACyB,UAAU,CAACC,SAAS,EAAE;MACxDb,IAAI,EAAEL,eAAe;MACrBM,MAAM,EAAE;QACJa,WAAW,EAAE,iFAAiF;QAC9FC,kBAAkB,EAAE,sBAAsB;QAC1CC,KAAK,EAAE;MACX;IACJ,CAAC,CAAC;;IAEF;IACAd,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACqB,MAAM,CAACS,UAAU,EAAE;MACnCjB,IAAI,EAAE,uBAAuB;MAC7BC,MAAM,EAAE;QACJiB,MAAM,EAAE,uBAAuB;QAC/BC,QAAQ,EAAEb,cAAc,CAACE,MAAM,CAACC,MAAM,CAACW,GAAG;QAC1CC,SAAS,EAAE,sBAAsB;QACjCC,WAAW,EAAE,oBAAoB,GAAG3B;MACxC;IACJ,CAAC,CAAC;;IAEF;IACA,MAAM4B,WAAW,GAAGrB,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACyB,UAAU,CAACY,WAAW,EAAE;MAC5DxB,IAAI,EAAEJ,iBAAiB;MACvBK,MAAM,EAAE;QACJwB,IAAI,EAAEf,SAAS,CAACD,MAAM,CAACT,IAAI;QAC3BoB,GAAG,EAAEd,cAAc,CAACE,MAAM,CAACC,MAAM,CAACW;MACtC;IACJ,CAAC,CAAC;IAEF,OAAO;MACHhB,aAAa;MACbE,cAAc;MACdI,SAAS;MACTa;IACJ,CAAC;EACL;AACJ,CAAC,CAAC;AAEF,SAASlB,yBAAyBA,CAACH,GAAc,EAAEC,MAA4B,EAAE;EAC7E,MAAMuB,IAAI,GAAGxB,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACC,IAAI,EAAE;IACvC5B,IAAI,EAAE,GAAGN,qBAAqB,OAAO;IACrCO,MAAM,EAAE;MACJ4B,gBAAgB,EAAE;QACdC,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIC,MAAM,EAAE,gBAAgB;UACxBC,SAAS,EAAE;YACPC,OAAO,EAAE;UACb,CAAC;UACDC,MAAM,EAAE;QACZ,CAAC;MAET;IACJ,CAAC;IACDC,IAAI,EAAE;MAAEC,oBAAoB,EAAE;IAAK;EACvC,CAAC,CAAC;EAEF,MAAMC,MAAM,GAAGC,+BAA+B,CAACrC,GAAG,CAAC;EAEnDA,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACa,oBAAoB,EAAE;IAC1CxC,IAAI,EAAE,GAAGN,qBAAqB,yBAAyB;IACvDO,MAAM,EAAE;MACJyB,IAAI,EAAEA,IAAI,CAACjB,MAAM;MACjBgC,SAAS,EAAEH,MAAM,CAAC7B,MAAM,CAACW;IAC7B;EACJ,CAAC,CAAC;EAEFlB,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACa,oBAAoB,EAAE;IAC1CxC,IAAI,EAAE,GAAGN,qBAAqB,8BAA8B;IAC5DO,MAAM,EAAE;MACJyB,IAAI,EAAEA,IAAI,CAACjB,MAAM;MACjBgC,SAAS,EAAEtD,GAAG,CAACwC,GAAG,CAACe,aAAa,CAACC;IACrC;EACJ,CAAC,CAAC;EAEF,MAAMnC,MAAM,GAAGN,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACqB,MAAM,CAACoC,QAAQ,EAAE;IAChD5C,IAAI,EAAEN,qBAAqB;IAC3BO,MAAM,EAAE;MACJyB,IAAI,EAAEA,IAAI,CAACjB,MAAM,CAACW,GAAG;MACrByB,OAAO,EAAEC,yBAAc;MACvBC,OAAO,EAAE,iBAAiB;MAC1BC,OAAO,EAAE,EAAE;MACXC,UAAU,EAAE,GAAG;MACfnC,WAAW,EAAE,iDAAiD;MAC9DoC,IAAI,EAAE,IAAIjE,MAAM,CAACkE,KAAK,CAACC,YAAY,CAAC;QAChC,GAAG,EAAE,IAAInE,MAAM,CAACkE,KAAK,CAACE,WAAW,CAC7BC,aAAI,CAACC,IAAI,CAACrD,GAAG,CAACsD,KAAK,CAACC,SAAS,EAAE,yBAAyB,CAC5D;MACJ,CAAC,CAAC;MACFC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAA2B,EAAC,CAAC,CAACC,KAAK,CAACC,KAAK,KAAK;UACrD,GAAGA,KAAK;UACR,GAAG3D,MAAM,CAAC4D;QACd,CAAC,CAAC;MACN;IACJ;EACJ,CAAC,CAAC;EAEF,OAAO;IACHrC,IAAI;IACJY,MAAM;IACN9B;EACJ,CAAC;AACL;AAEA,SAAS+B,+BAA+BA,CAACrC,GAAc,EAAE;EACrD,MAAM8D,IAAI,GAAG9D,GAAG,CAAC+D,SAAS,CAACC,kBAAU,CAAC;EAEtC,OAAOhE,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACwC,MAAM,EAAE;IACnCnE,IAAI,EAAE,uCAAuC;IAC7CC,MAAM,EAAE;MACJa,WAAW,EAAE,sEAAsE;MACnFwB,MAAM,EAAE;QACJR,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIqC,GAAG,EAAE,kBAAkB;UACvBjC,MAAM,EAAE,OAAO;UACfH,MAAM,EAAE,CAAC,uBAAuB,CAAC;UACjCqC,QAAQ,EAAE,CAAC,GAAG;QAClB,CAAC,EACD;UACID,GAAG,EAAE,oBAAoB;UACzBjC,MAAM,EAAE,OAAO;UACfH,MAAM,EAAE,CAAC,gBAAgB,EAAE,kBAAkB,EAAE,qBAAqB,CAAC;UACrEqC,QAAQ,EAAE,CACNpF,MAAM,CAACqF,WAAW,GAAGN,IAAI,CAACO,uBAAuB,EAAE,EACnDtF,MAAM,CAACqF,WAAW,GAAGN,IAAI,CAACO,uBAAuB,IAAI;QAE7D,CAAC,EACD;UACIH,GAAG,EAAE,uBAAuB;UAC5BjC,MAAM,EAAE,OAAO;UACfH,MAAM,EAAE,CACJ,gBAAgB,EAChB,kBAAkB,EAClB,qBAAqB,EACrB,kBAAkB,CACrB;UACDqC,QAAQ,EAAE,CACNpF,MAAM,CAACqF,WAAW,GAAGN,IAAI,CAACQ,mBAAmB,EAAE,EAC/CvF,MAAM,CAACqF,WAAW,GAAGN,IAAI,CAACQ,mBAAmB,IAAI;QAEzD,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;AACN;AAEA,SAASjE,0BAA0BA,CAC/BL,GAAc,EACduE,aAAiD,EACjDtE,MAA4B,EAC9B;EACE,MAAMuB,IAAI,GAAGxB,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACC,IAAI,EAAE;IACvC5B,IAAI,EAAE,GAAGP,kBAAkB,OAAO;IAClCQ,MAAM,EAAE;MACJ4B,gBAAgB,EAAE;QACdC,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIC,MAAM,EAAE,gBAAgB;UACxBC,SAAS,EAAE;YACPC,OAAO,EAAE;UACb,CAAC;UACDC,MAAM,EAAE;QACZ,CAAC;MAET;IACJ,CAAC;IACDC,IAAI,EAAE;MAAEC,oBAAoB,EAAE;IAAK;EACvC,CAAC,CAAC;EAEF,MAAMC,MAAM,GAAGoC,gCAAgC,CAACxE,GAAG,CAAC;EAEpDA,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACa,oBAAoB,EAAE;IAC1CxC,IAAI,EAAE,GAAGP,kBAAkB,yBAAyB;IACpDQ,MAAM,EAAE;MACJyB,IAAI,EAAEA,IAAI,CAACjB,MAAM;MACjBgC,SAAS,EAAEH,MAAM,CAAC7B,MAAM,CAACW;IAC7B;EACJ,CAAC,CAAC;EAEFlB,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACa,oBAAoB,EAAE;IAC1CxC,IAAI,EAAE,GAAGP,kBAAkB,8BAA8B;IACzDQ,MAAM,EAAE;MACJyB,IAAI,EAAEA,IAAI,CAACjB,MAAM;MACjBgC,SAAS,EAAEtD,GAAG,CAACwC,GAAG,CAACe,aAAa,CAACC;IACrC;EACJ,CAAC,CAAC;EAEF,MAAMnC,MAAM,GAAGN,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACqB,MAAM,CAACoC,QAAQ,EAAE;IAChD5C,IAAI,EAAEP,kBAAkB;IACxBQ,MAAM,EAAE;MACJyB,IAAI,EAAEA,IAAI,CAACjB,MAAM,CAACW,GAAG;MACrByB,OAAO,EAAEC,yBAAc;MACvBC,OAAO,EAAE,iBAAiB;MAC1BC,OAAO,EAAE,EAAE;MACXC,UAAU,EAAE,GAAG;MACfnC,WAAW,EAAE,kDAAkD;MAC/DoC,IAAI,EAAE,IAAIjE,MAAM,CAACkE,KAAK,CAACC,YAAY,CAAC;QAChC,GAAG,EAAE,IAAInE,MAAM,CAACkE,KAAK,CAACE,WAAW,CAC7BC,aAAI,CAACC,IAAI,CAACrD,GAAG,CAACsD,KAAK,CAACC,SAAS,EAAE,0BAA0B,CAC7D;MACJ,CAAC,CAAC;MACFC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAA2B,EAAC,CAAC,CAACC,KAAK,CAACC,KAAK,KAAK;UACrD,GAAGA,KAAK;UACR,GAAG3D,MAAM,CAAC4D,GAAG;UACbY,oCAAoC,EAAEF,aAAa,CAACrD;UACpD;UACA;QACJ,CAAC,CAAC;MACN;IACJ;EACJ,CAAC,CAAC;EAEF,OAAO;IACHM,IAAI;IACJY,MAAM;IACN9B;EACJ,CAAC;AACL;AAEA,SAASkE,gCAAgCA,CAACxE,GAAc,EAAE;EACtD,MAAM8D,IAAI,GAAG9D,GAAG,CAAC+D,SAAS,CAACC,kBAAU,CAAC;EAEtC,OAAOhE,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACwC,MAAM,EAAE;IACnCnE,IAAI,EAAE,wCAAwC;IAC9CC,MAAM,EAAE;MACJa,WAAW,EAAE,sEAAsE;MACnFwB,MAAM,EAAE;QACJR,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIqC,GAAG,EAAE,kBAAkB;UACvBjC,MAAM,EAAE,OAAO;UACfH,MAAM,EAAE,CAAC,uBAAuB,CAAC;UACjCqC,QAAQ,EAAE,CAAC,GAAG;QAClB,CAAC,EACD;UACID,GAAG,EAAE,oBAAoB;UACzBjC,MAAM,EAAE,OAAO;UACfH,MAAM,EAAE,CACJ,kBAAkB,EAClB,gBAAgB,EAChB,kBAAkB,EAClB,qBAAqB,EACrB,qBAAqB,CACxB;UACDqC,QAAQ,EAAE,CACNpF,MAAM,CAACqF,WAAW,GAAGN,IAAI,CAACO,uBAAuB,EAAE,EACnDtF,MAAM,CAACqF,WAAW,GAAGN,IAAI,CAACO,uBAAuB,IAAI;QAE7D,CAAC,EACD;UACIH,GAAG,EAAE,kBAAkB;UACvBjC,MAAM,EAAE,OAAO;UACfH,MAAM,EAAE,CACJ,mBAAmB,EACnB,mBAAmB,EACnB,gBAAgB,EAChB,kBAAkB,EAClB,sBAAsB,EACtB,0BAA0B,CAC7B;UACDqC,QAAQ,EAAE,CAAC,GAAG;QAClB,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;AACN","ignoreList":[]}
1
+ {"version":3,"names":["_path","_interopRequireDefault","require","pulumi","_interopRequireWildcard","aws","_constants","_pulumi2","_common","_lambdaUtils","LAMBDA_NAME_PREFIX","CREATE_RULE_LAMBDA","EXECUTE_ACTION_LAMBDA","EVENT_RULE_NAME","EVENT_RULE_TARGET","ApiApwScheduler","exports","createAppModule","name","config","app","params","executeAction","createExecuteActionLambda","scheduleAction","createScheduleActionLambda","lambda","output","eventRule","addResource","cloudwatch","EventRule","description","scheduleExpression","state","Permission","action","function","arn","principal","statementId","eventTarget","EventTarget","rule","role","iam","Role","assumeRolePolicy","Version","Statement","Action","Principal","Service","Effect","meta","isLambdaFunctionRole","policy","createExecuteActionLambdaPolicy","RolePolicyAttachment","policyArn","ManagedPolicy","AWSLambdaBasicExecutionRole","Function","runtime","LAMBDA_RUNTIME","handler","timeout","memorySize","code","asset","AssetArchive","FileArchive","path","join","paths","workspace","environment","variables","getCommonLambdaEnvVariables","apply","value","env","core","getModule","CoreOutput","Policy","Sid","Resource","interpolate","primaryDynamodbTableArn","logDynamodbTableArn","executeLambda","createScheduleActionLambdaPolicy","APW_SCHEDULER_EXECUTE_ACTION_HANDLER"],"sources":["ApiApwScheduler.ts"],"sourcesContent":["import path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport { LAMBDA_RUNTIME } from \"~/constants\";\nimport type { PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\nimport { createAppModule } from \"@webiny/pulumi\";\nimport { CoreOutput } from \"../common\";\nimport { getCommonLambdaEnvVariables } from \"../lambdaUtils\";\n\ninterface ScheduleActionParams {\n env: Record<string, any>;\n}\n\nconst LAMBDA_NAME_PREFIX = \"apw-scheduler\";\nconst CREATE_RULE_LAMBDA = `${LAMBDA_NAME_PREFIX}-schedule-action-lambda`;\nconst EXECUTE_ACTION_LAMBDA = `${LAMBDA_NAME_PREFIX}-execute-action-lambda`;\nconst EVENT_RULE_NAME = `${LAMBDA_NAME_PREFIX}-event-rule`;\nconst EVENT_RULE_TARGET = `${LAMBDA_NAME_PREFIX}-event-rule-target`;\n\nexport type ApiApwScheduler = PulumiAppModule<typeof ApiApwScheduler>;\n\nexport const ApiApwScheduler = createAppModule({\n name: \"ApiApwScheduler\",\n config(app: PulumiApp, params: ScheduleActionParams) {\n const executeAction = createExecuteActionLambda(app, params);\n const scheduleAction = createScheduleActionLambda(app, executeAction.lambda.output, params);\n\n // Create event rule.\n const eventRule = app.addResource(aws.cloudwatch.EventRule, {\n name: EVENT_RULE_NAME,\n config: {\n description: `Enable us to schedule an action in publishing workflow at a particular datetime`,\n scheduleExpression: \"cron(* * * * ? 2000)\",\n state: \"ENABLED\"\n }\n });\n\n // Add required permission to the target lambda.\n app.addResource(aws.lambda.Permission, {\n name: \"eventTargetPermission\",\n config: {\n action: \"lambda:InvokeFunction\",\n function: scheduleAction.lambda.output.arn,\n principal: \"events.amazonaws.com\",\n statementId: \"allow-rule-invoke-\" + EVENT_RULE_NAME\n }\n });\n\n // Add lambda as target to the event rule.\n const eventTarget = app.addResource(aws.cloudwatch.EventTarget, {\n name: EVENT_RULE_TARGET,\n config: {\n rule: eventRule.output.name,\n arn: scheduleAction.lambda.output.arn\n }\n });\n\n return {\n executeAction,\n scheduleAction,\n eventRule,\n eventTarget\n };\n }\n});\n\nfunction createExecuteActionLambda(app: PulumiApp, params: ScheduleActionParams) {\n const role = app.addResource(aws.iam.Role, {\n name: `${EXECUTE_ACTION_LAMBDA}-role`,\n config: {\n assumeRolePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Action: \"sts:AssumeRole\",\n Principal: {\n Service: \"lambda.amazonaws.com\"\n },\n Effect: \"Allow\"\n }\n ]\n }\n },\n meta: { isLambdaFunctionRole: true }\n });\n\n const policy = createExecuteActionLambdaPolicy(app);\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${EXECUTE_ACTION_LAMBDA}-role-policy-attachment`,\n config: {\n role: role.output,\n policyArn: policy.output.arn\n }\n });\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${EXECUTE_ACTION_LAMBDA}-AWSLambdaBasicExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n }\n });\n\n const lambda = app.addResource(aws.lambda.Function, {\n name: EXECUTE_ACTION_LAMBDA,\n config: {\n role: role.output.arn,\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n timeout: 60,\n memorySize: 512,\n description: \"Handle execute action workflow in apw scheduler\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"apw/executeAction/build\")\n )\n }),\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n ...params.env\n }))\n }\n }\n });\n\n return {\n role,\n policy,\n lambda\n };\n}\n\nfunction createExecuteActionLambdaPolicy(app: PulumiApp) {\n const core = app.getModule(CoreOutput);\n\n return app.addResource(aws.iam.Policy, {\n name: \"ApwSchedulerExecuteActionLambdaPolicy\",\n config: {\n description: \"This policy enables access to cloudwatch event and lambda invocation\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionLambda\",\n Effect: \"Allow\",\n Action: [\"lambda:InvokeFunction\"],\n Resource: [\"*\"]\n },\n {\n Sid: \"PermissionDynamoDB\",\n Effect: \"Allow\",\n Action: [\"dynamodb:Query\", \"dynamodb:GetItem\", \"dynamodb:DeleteItem\"],\n Resource: [\n pulumi.interpolate`${core.primaryDynamodbTableArn}`,\n pulumi.interpolate`${core.primaryDynamodbTableArn}/*`\n ]\n },\n {\n Sid: \"PermissionDynamoDBLog\",\n Effect: \"Allow\",\n Action: [\n \"dynamodb:Query\",\n \"dynamodb:GetItem\",\n \"dynamodb:DeleteItem\",\n \"dynamodb:PutItem\"\n ],\n Resource: [\n pulumi.interpolate`${core.logDynamodbTableArn}`,\n pulumi.interpolate`${core.logDynamodbTableArn}/*`\n ]\n }\n ]\n }\n }\n });\n}\n\nfunction createScheduleActionLambda(\n app: PulumiApp,\n executeLambda: pulumi.Output<aws.lambda.Function>,\n params: ScheduleActionParams\n) {\n const role = app.addResource(aws.iam.Role, {\n name: `${CREATE_RULE_LAMBDA}-role`,\n config: {\n assumeRolePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Action: \"sts:AssumeRole\",\n Principal: {\n Service: \"lambda.amazonaws.com\"\n },\n Effect: \"Allow\"\n }\n ]\n }\n },\n meta: { isLambdaFunctionRole: true }\n });\n\n const policy = createScheduleActionLambdaPolicy(app);\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${CREATE_RULE_LAMBDA}-role-policy-attachment`,\n config: {\n role: role.output,\n policyArn: policy.output.arn\n }\n });\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${CREATE_RULE_LAMBDA}-AWSLambdaBasicExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n }\n });\n\n const lambda = app.addResource(aws.lambda.Function, {\n name: CREATE_RULE_LAMBDA,\n config: {\n role: role.output.arn,\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n timeout: 60,\n memorySize: 512,\n description: \"Handle schedule action workflow in apw scheduler\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"apw/scheduleAction/build\")\n )\n }),\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n ...params.env,\n APW_SCHEDULER_EXECUTE_ACTION_HANDLER: executeLambda.arn\n // RULE_NAME: this.eventRule.name.apply(name => name),\n // RULE_TARGET_ID: this.eventTarget.targetId.apply(id => id)\n }))\n }\n }\n });\n\n return {\n role,\n policy,\n lambda\n };\n}\n\nfunction createScheduleActionLambdaPolicy(app: PulumiApp) {\n const core = app.getModule(CoreOutput);\n\n return app.addResource(aws.iam.Policy, {\n name: \"ApwSchedulerScheduleActionLambdaPolicy\",\n config: {\n description: \"This policy enables access to cloudwatch event and lambda invocation\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionLambda\",\n Effect: \"Allow\",\n Action: [\"lambda:InvokeFunction\"],\n Resource: [\"*\"]\n },\n {\n Sid: \"PermissionDynamoDB\",\n Effect: \"Allow\",\n Action: [\n \"dynamodb:PutItem\",\n \"dynamodb:Query\",\n \"dynamodb:GetItem\",\n \"dynamodb:UpdateItem\",\n \"dynamodb:DeleteItem\"\n ],\n Resource: [\n pulumi.interpolate`${core.primaryDynamodbTableArn}`,\n pulumi.interpolate`${core.primaryDynamodbTableArn}/*`\n ]\n },\n {\n Sid: \"PermissionEvents\",\n Effect: \"Allow\",\n Action: [\n \"events:DeleteRule\",\n \"events:PutTargets\",\n \"events:PutRule\",\n \"events:ListRules\",\n \"events:RemoveTargets\",\n \"events:ListTargetsByRule\"\n ],\n Resource: [\"*\"]\n }\n ]\n }\n }\n });\n}\n"],"mappings":";;;;;;;;AAAA,IAAAA,KAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,MAAA,GAAAC,uBAAA,CAAAF,OAAA;AACA,IAAAG,GAAA,GAAAD,uBAAA,CAAAF,OAAA;AACA,IAAAI,UAAA,GAAAJ,OAAA;AAEA,IAAAK,QAAA,GAAAL,OAAA;AACA,IAAAM,OAAA,GAAAN,OAAA;AACA,IAAAO,YAAA,GAAAP,OAAA;AAMA,MAAMQ,kBAAkB,GAAG,eAAe;AAC1C,MAAMC,kBAAkB,GAAG,GAAGD,kBAAkB,yBAAyB;AACzE,MAAME,qBAAqB,GAAG,GAAGF,kBAAkB,wBAAwB;AAC3E,MAAMG,eAAe,GAAG,GAAGH,kBAAkB,aAAa;AAC1D,MAAMI,iBAAiB,GAAG,GAAGJ,kBAAkB,oBAAoB;AAI5D,MAAMK,eAAe,GAAAC,OAAA,CAAAD,eAAA,GAAG,IAAAE,wBAAe,EAAC;EAC3CC,IAAI,EAAE,iBAAiB;EACvBC,MAAMA,CAACC,GAAc,EAAEC,MAA4B,EAAE;IACjD,MAAMC,aAAa,GAAGC,yBAAyB,CAACH,GAAG,EAAEC,MAAM,CAAC;IAC5D,MAAMG,cAAc,GAAGC,0BAA0B,CAACL,GAAG,EAAEE,aAAa,CAACI,MAAM,CAACC,MAAM,EAAEN,MAAM,CAAC;;IAE3F;IACA,MAAMO,SAAS,GAAGR,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACyB,UAAU,CAACC,SAAS,EAAE;MACxDb,IAAI,EAAEL,eAAe;MACrBM,MAAM,EAAE;QACJa,WAAW,EAAE,iFAAiF;QAC9FC,kBAAkB,EAAE,sBAAsB;QAC1CC,KAAK,EAAE;MACX;IACJ,CAAC,CAAC;;IAEF;IACAd,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACqB,MAAM,CAACS,UAAU,EAAE;MACnCjB,IAAI,EAAE,uBAAuB;MAC7BC,MAAM,EAAE;QACJiB,MAAM,EAAE,uBAAuB;QAC/BC,QAAQ,EAAEb,cAAc,CAACE,MAAM,CAACC,MAAM,CAACW,GAAG;QAC1CC,SAAS,EAAE,sBAAsB;QACjCC,WAAW,EAAE,oBAAoB,GAAG3B;MACxC;IACJ,CAAC,CAAC;;IAEF;IACA,MAAM4B,WAAW,GAAGrB,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACyB,UAAU,CAACY,WAAW,EAAE;MAC5DxB,IAAI,EAAEJ,iBAAiB;MACvBK,MAAM,EAAE;QACJwB,IAAI,EAAEf,SAAS,CAACD,MAAM,CAACT,IAAI;QAC3BoB,GAAG,EAAEd,cAAc,CAACE,MAAM,CAACC,MAAM,CAACW;MACtC;IACJ,CAAC,CAAC;IAEF,OAAO;MACHhB,aAAa;MACbE,cAAc;MACdI,SAAS;MACTa;IACJ,CAAC;EACL;AACJ,CAAC,CAAC;AAEF,SAASlB,yBAAyBA,CAACH,GAAc,EAAEC,MAA4B,EAAE;EAC7E,MAAMuB,IAAI,GAAGxB,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACC,IAAI,EAAE;IACvC5B,IAAI,EAAE,GAAGN,qBAAqB,OAAO;IACrCO,MAAM,EAAE;MACJ4B,gBAAgB,EAAE;QACdC,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIC,MAAM,EAAE,gBAAgB;UACxBC,SAAS,EAAE;YACPC,OAAO,EAAE;UACb,CAAC;UACDC,MAAM,EAAE;QACZ,CAAC;MAET;IACJ,CAAC;IACDC,IAAI,EAAE;MAAEC,oBAAoB,EAAE;IAAK;EACvC,CAAC,CAAC;EAEF,MAAMC,MAAM,GAAGC,+BAA+B,CAACrC,GAAG,CAAC;EAEnDA,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACa,oBAAoB,EAAE;IAC1CxC,IAAI,EAAE,GAAGN,qBAAqB,yBAAyB;IACvDO,MAAM,EAAE;MACJyB,IAAI,EAAEA,IAAI,CAACjB,MAAM;MACjBgC,SAAS,EAAEH,MAAM,CAAC7B,MAAM,CAACW;IAC7B;EACJ,CAAC,CAAC;EAEFlB,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACa,oBAAoB,EAAE;IAC1CxC,IAAI,EAAE,GAAGN,qBAAqB,8BAA8B;IAC5DO,MAAM,EAAE;MACJyB,IAAI,EAAEA,IAAI,CAACjB,MAAM;MACjBgC,SAAS,EAAEtD,GAAG,CAACwC,GAAG,CAACe,aAAa,CAACC;IACrC;EACJ,CAAC,CAAC;EAEF,MAAMnC,MAAM,GAAGN,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACqB,MAAM,CAACoC,QAAQ,EAAE;IAChD5C,IAAI,EAAEN,qBAAqB;IAC3BO,MAAM,EAAE;MACJyB,IAAI,EAAEA,IAAI,CAACjB,MAAM,CAACW,GAAG;MACrByB,OAAO,EAAEC,yBAAc;MACvBC,OAAO,EAAE,iBAAiB;MAC1BC,OAAO,EAAE,EAAE;MACXC,UAAU,EAAE,GAAG;MACfnC,WAAW,EAAE,iDAAiD;MAC9DoC,IAAI,EAAE,IAAIjE,MAAM,CAACkE,KAAK,CAACC,YAAY,CAAC;QAChC,GAAG,EAAE,IAAInE,MAAM,CAACkE,KAAK,CAACE,WAAW,CAC7BC,aAAI,CAACC,IAAI,CAACrD,GAAG,CAACsD,KAAK,CAACC,SAAS,EAAE,yBAAyB,CAC5D;MACJ,CAAC,CAAC;MACFC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAA2B,EAAC,CAAC,CAACC,KAAK,CAACC,KAAK,KAAK;UACrD,GAAGA,KAAK;UACR,GAAG3D,MAAM,CAAC4D;QACd,CAAC,CAAC;MACN;IACJ;EACJ,CAAC,CAAC;EAEF,OAAO;IACHrC,IAAI;IACJY,MAAM;IACN9B;EACJ,CAAC;AACL;AAEA,SAAS+B,+BAA+BA,CAACrC,GAAc,EAAE;EACrD,MAAM8D,IAAI,GAAG9D,GAAG,CAAC+D,SAAS,CAACC,kBAAU,CAAC;EAEtC,OAAOhE,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACwC,MAAM,EAAE;IACnCnE,IAAI,EAAE,uCAAuC;IAC7CC,MAAM,EAAE;MACJa,WAAW,EAAE,sEAAsE;MACnFwB,MAAM,EAAE;QACJR,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIqC,GAAG,EAAE,kBAAkB;UACvBjC,MAAM,EAAE,OAAO;UACfH,MAAM,EAAE,CAAC,uBAAuB,CAAC;UACjCqC,QAAQ,EAAE,CAAC,GAAG;QAClB,CAAC,EACD;UACID,GAAG,EAAE,oBAAoB;UACzBjC,MAAM,EAAE,OAAO;UACfH,MAAM,EAAE,CAAC,gBAAgB,EAAE,kBAAkB,EAAE,qBAAqB,CAAC;UACrEqC,QAAQ,EAAE,CACNpF,MAAM,CAACqF,WAAW,GAAGN,IAAI,CAACO,uBAAuB,EAAE,EACnDtF,MAAM,CAACqF,WAAW,GAAGN,IAAI,CAACO,uBAAuB,IAAI;QAE7D,CAAC,EACD;UACIH,GAAG,EAAE,uBAAuB;UAC5BjC,MAAM,EAAE,OAAO;UACfH,MAAM,EAAE,CACJ,gBAAgB,EAChB,kBAAkB,EAClB,qBAAqB,EACrB,kBAAkB,CACrB;UACDqC,QAAQ,EAAE,CACNpF,MAAM,CAACqF,WAAW,GAAGN,IAAI,CAACQ,mBAAmB,EAAE,EAC/CvF,MAAM,CAACqF,WAAW,GAAGN,IAAI,CAACQ,mBAAmB,IAAI;QAEzD,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;AACN;AAEA,SAASjE,0BAA0BA,CAC/BL,GAAc,EACduE,aAAiD,EACjDtE,MAA4B,EAC9B;EACE,MAAMuB,IAAI,GAAGxB,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACC,IAAI,EAAE;IACvC5B,IAAI,EAAE,GAAGP,kBAAkB,OAAO;IAClCQ,MAAM,EAAE;MACJ4B,gBAAgB,EAAE;QACdC,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIC,MAAM,EAAE,gBAAgB;UACxBC,SAAS,EAAE;YACPC,OAAO,EAAE;UACb,CAAC;UACDC,MAAM,EAAE;QACZ,CAAC;MAET;IACJ,CAAC;IACDC,IAAI,EAAE;MAAEC,oBAAoB,EAAE;IAAK;EACvC,CAAC,CAAC;EAEF,MAAMC,MAAM,GAAGoC,gCAAgC,CAACxE,GAAG,CAAC;EAEpDA,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACa,oBAAoB,EAAE;IAC1CxC,IAAI,EAAE,GAAGP,kBAAkB,yBAAyB;IACpDQ,MAAM,EAAE;MACJyB,IAAI,EAAEA,IAAI,CAACjB,MAAM;MACjBgC,SAAS,EAAEH,MAAM,CAAC7B,MAAM,CAACW;IAC7B;EACJ,CAAC,CAAC;EAEFlB,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACa,oBAAoB,EAAE;IAC1CxC,IAAI,EAAE,GAAGP,kBAAkB,8BAA8B;IACzDQ,MAAM,EAAE;MACJyB,IAAI,EAAEA,IAAI,CAACjB,MAAM;MACjBgC,SAAS,EAAEtD,GAAG,CAACwC,GAAG,CAACe,aAAa,CAACC;IACrC;EACJ,CAAC,CAAC;EAEF,MAAMnC,MAAM,GAAGN,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACqB,MAAM,CAACoC,QAAQ,EAAE;IAChD5C,IAAI,EAAEP,kBAAkB;IACxBQ,MAAM,EAAE;MACJyB,IAAI,EAAEA,IAAI,CAACjB,MAAM,CAACW,GAAG;MACrByB,OAAO,EAAEC,yBAAc;MACvBC,OAAO,EAAE,iBAAiB;MAC1BC,OAAO,EAAE,EAAE;MACXC,UAAU,EAAE,GAAG;MACfnC,WAAW,EAAE,kDAAkD;MAC/DoC,IAAI,EAAE,IAAIjE,MAAM,CAACkE,KAAK,CAACC,YAAY,CAAC;QAChC,GAAG,EAAE,IAAInE,MAAM,CAACkE,KAAK,CAACE,WAAW,CAC7BC,aAAI,CAACC,IAAI,CAACrD,GAAG,CAACsD,KAAK,CAACC,SAAS,EAAE,0BAA0B,CAC7D;MACJ,CAAC,CAAC;MACFC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAA2B,EAAC,CAAC,CAACC,KAAK,CAACC,KAAK,KAAK;UACrD,GAAGA,KAAK;UACR,GAAG3D,MAAM,CAAC4D,GAAG;UACbY,oCAAoC,EAAEF,aAAa,CAACrD;UACpD;UACA;QACJ,CAAC,CAAC;MACN;IACJ;EACJ,CAAC,CAAC;EAEF,OAAO;IACHM,IAAI;IACJY,MAAM;IACN9B;EACJ,CAAC;AACL;AAEA,SAASkE,gCAAgCA,CAACxE,GAAc,EAAE;EACtD,MAAM8D,IAAI,GAAG9D,GAAG,CAAC+D,SAAS,CAACC,kBAAU,CAAC;EAEtC,OAAOhE,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACwC,MAAM,EAAE;IACnCnE,IAAI,EAAE,wCAAwC;IAC9CC,MAAM,EAAE;MACJa,WAAW,EAAE,sEAAsE;MACnFwB,MAAM,EAAE;QACJR,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIqC,GAAG,EAAE,kBAAkB;UACvBjC,MAAM,EAAE,OAAO;UACfH,MAAM,EAAE,CAAC,uBAAuB,CAAC;UACjCqC,QAAQ,EAAE,CAAC,GAAG;QAClB,CAAC,EACD;UACID,GAAG,EAAE,oBAAoB;UACzBjC,MAAM,EAAE,OAAO;UACfH,MAAM,EAAE,CACJ,kBAAkB,EAClB,gBAAgB,EAChB,kBAAkB,EAClB,qBAAqB,EACrB,qBAAqB,CACxB;UACDqC,QAAQ,EAAE,CACNpF,MAAM,CAACqF,WAAW,GAAGN,IAAI,CAACO,uBAAuB,EAAE,EACnDtF,MAAM,CAACqF,WAAW,GAAGN,IAAI,CAACO,uBAAuB,IAAI;QAE7D,CAAC,EACD;UACIH,GAAG,EAAE,kBAAkB;UACvBjC,MAAM,EAAE,OAAO;UACfH,MAAM,EAAE,CACJ,mBAAmB,EACnB,mBAAmB,EACnB,gBAAgB,EAChB,kBAAkB,EAClB,sBAAsB,EACtB,0BAA0B,CAC7B;UACDqC,QAAQ,EAAE,CAAC,GAAG;QAClB,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;AACN","ignoreList":[]}
package/apps/api/ApiBackgroundTask.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import { PulumiAppModule } from "@webiny/pulumi";
1
+ import type { PulumiAppModule } from "@webiny/pulumi";
2
2
  export type ApiBackgroundTask = PulumiAppModule<typeof ApiBackgroundTask>;
3
3
  export declare const ApiBackgroundTaskLambdaName = "background-task";
4
4
  export declare const ApiBackgroundTask: import("@webiny/pulumi").PulumiAppModuleDefinition<{
package/apps/api/ApiBackgroundTask.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["pulumi","_interopRequireWildcard","require","aws","_pulumi2","_","_definition","_policy","_role","_awsLayers","_awsUtils","ApiBackgroundTaskLambdaName","exports","ApiBackgroundTask","createAppModule","name","config","app","awsAccountId","getAwsAccountId","awsRegion","getAwsRegion","core","getModule","CoreOutput","graphql","ApiGraphql","baseConfig","functions","clone","backgroundTask","addResource","lambda","Function","layers","output","apply","arns","Array","from","Set","getLayerArn","timeout","memorySize","description","stepFunctionPolicy","createBackgroundTaskStepFunctionPolicy","lambdaFunctionArn","arn","stepFunctionRole","createBackgroundTaskStepFunctionRole","policy","stepFunction","sfn","StateMachine","roleArn","definition","jsonStringify","createBackgroundTaskDefinition","lambdaName","lambdaArn","policyToAccessStepFunction","iam","Policy","Version","Statement","Action","Effect","Resource","interpolate","RolePolicyAttachment","policyArn","role","eventRole","Role","assumeRolePolicy","Principal","Service","eventPolicy","eventRolePolicyAttachment","eventRule","cloudwatch","EventRule","eventBusName","eventPattern","JSON","stringify","eventTarget","EventTarget","rule"],"sources":["ApiBackgroundTask.ts"],"sourcesContent":["import * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport { createAppModule, PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\nimport { ApiGraphql, CoreOutput } from \"~/apps\";\nimport { createBackgroundTaskDefinition } from \"./backgroundTask/definition\";\nimport { createBackgroundTaskStepFunctionPolicy } from \"~/apps/api/backgroundTask/policy\";\nimport { createBackgroundTaskStepFunctionRole } from \"./backgroundTask/role\";\nimport { getLayerArn } from \"@webiny/aws-layers\";\nimport { getAwsAccountId, getAwsRegion } from \"~/apps/awsUtils\";\n\nexport type ApiBackgroundTask = PulumiAppModule<typeof ApiBackgroundTask>;\n\nexport const ApiBackgroundTaskLambdaName = \"background-task\";\n\nexport const ApiBackgroundTask = createAppModule({\n name: \"ApiBackgroundTask\",\n config(app: PulumiApp) {\n const awsAccountId = getAwsAccountId(app);\n const awsRegion = getAwsRegion(app);\n const core = app.getModule(CoreOutput);\n const graphql = app.getModule(ApiGraphql);\n const baseConfig = graphql.functions.graphql.config.clone();\n\n const backgroundTask = app.addResource(aws.lambda.Function, {\n name: ApiBackgroundTaskLambdaName,\n config: {\n ...baseConfig,\n layers: graphql.functions.graphql.output.layers.apply(arns => {\n return Array.from(new Set([...(arns || []), getLayerArn(\"sharp\")]));\n }),\n timeout: 900,\n memorySize: 1024,\n description: \"Performs background tasks.\"\n }\n });\n\n const stepFunctionPolicy = createBackgroundTaskStepFunctionPolicy(app, {\n name: \"background-task-sfn-policy\",\n lambdaFunctionArn: backgroundTask.output.arn\n });\n\n const stepFunctionRole = createBackgroundTaskStepFunctionRole(app, {\n name: \"background-task-sfn-role\",\n policy: stepFunctionPolicy.output\n });\n\n const stepFunction = app.addResource(aws.sfn.StateMachine, {\n name: \"background-task-sfn\",\n config: {\n roleArn: stepFunctionRole.output.arn,\n definition: pulumi.jsonStringify(\n createBackgroundTaskDefinition({\n lambdaName: ApiBackgroundTaskLambdaName,\n lambdaArn: backgroundTask.output.arn\n })\n )\n }\n });\n\n const policyToAccessStepFunction = app.addResource(aws.iam.Policy, {\n name: \"background-task-step-function-policy\",\n config: {\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Action: [\"states:StartExecution\", \"states:StopExecution\"],\n Effect: \"Allow\",\n Resource: [\n stepFunction.output.arn.apply(arn => `${arn}`),\n stepFunction.output.arn.apply(arn => `${arn}*`)\n ]\n },\n {\n Action: [\"states:DescribeExecution\", \"states:ListExecutions\"],\n Effect: \"Allow\",\n Resource: [\n stepFunction.output.name.apply(name => {\n return pulumi.interpolate`arn:aws:states:${awsRegion}:${awsAccountId}:execution:${name}:*`;\n })\n ]\n }\n ]\n }\n }\n });\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: \"background-task-step-function-policy-attachment-graphql\",\n config: {\n policyArn: policyToAccessStepFunction.output.arn,\n role: graphql.role.output.name\n }\n });\n\n const eventRole = app.addResource(aws.iam.Role, {\n name: \"background-task-event-role\",\n config: {\n assumeRolePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Action: \"sts:AssumeRole\",\n Effect: \"Allow\",\n Principal: {\n Service: \"events.amazonaws.com\"\n }\n }\n ]\n }\n }\n });\n\n const eventPolicy = app.addResource(aws.iam.Policy, {\n name: \"background-task-event-policy\",\n config: {\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Action: \"states:StartExecution\",\n Effect: \"Allow\",\n Resource: stepFunction.output.arn\n }\n ]\n }\n }\n });\n\n const eventRolePolicyAttachment = app.addResource(aws.iam.RolePolicyAttachment, {\n name: \"background-task-event-role-policy-attachment\",\n config: {\n role: eventRole.output.name,\n policyArn: eventPolicy.output.arn\n }\n });\n\n const eventRule = app.addResource(aws.cloudwatch.EventRule, {\n name: \"background-task-event-rule\",\n config: {\n eventBusName: core.eventBusName,\n roleArn: eventRole.output.arn,\n eventPattern: JSON.stringify({\n \"detail-type\": [\"WebinyBackgroundTask\"]\n })\n }\n });\n\n const eventTarget = app.addResource(aws.cloudwatch.EventTarget, {\n name: \"background-task-event-target\",\n config: {\n // This is going to get called.\n arn: stepFunction.output.arn,\n // This is the rule which determines if this target gets called.\n rule: eventRule.output.name,\n // This is the role which gets assumed when calling the target.\n roleArn: eventRole.output.arn,\n // This is the event bus name.\n eventBusName: core.eventBusName\n }\n });\n\n return {\n backgroundTask,\n stepFunction,\n stepFunctionRole,\n stepFunctionPolicy,\n eventPolicy,\n eventRolePolicyAttachment,\n eventTarget\n };\n }\n});\n"],"mappings":";;;;;;;AAAA,IAAAA,MAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,GAAA,GAAAF,uBAAA,CAAAC,OAAA;AACA,IAAAE,QAAA,GAAAF,OAAA;AACA,IAAAG,CAAA,GAAAH,OAAA;AACA,IAAAI,WAAA,GAAAJ,OAAA;AACA,IAAAK,OAAA,GAAAL,OAAA;AACA,IAAAM,KAAA,GAAAN,OAAA;AACA,IAAAO,UAAA,GAAAP,OAAA;AACA,IAAAQ,SAAA,GAAAR,OAAA;AAIO,MAAMS,2BAA2B,GAAAC,OAAA,CAAAD,2BAAA,GAAG,iBAAiB;AAErD,MAAME,iBAAiB,GAAAD,OAAA,CAAAC,iBAAA,GAAG,IAAAC,wBAAe,EAAC;EAC7CC,IAAI,EAAE,mBAAmB;EACzBC,MAAMA,CAACC,GAAc,EAAE;IACnB,MAAMC,YAAY,GAAG,IAAAC,yBAAe,EAACF,GAAG,CAAC;IACzC,MAAMG,SAAS,GAAG,IAAAC,sBAAY,EAACJ,GAAG,CAAC;IACnC,MAAMK,IAAI,GAAGL,GAAG,CAACM,SAAS,CAACC,YAAU,CAAC;IACtC,MAAMC,OAAO,GAAGR,GAAG,CAACM,SAAS,CAACG,YAAU,CAAC;IACzC,MAAMC,UAAU,GAAGF,OAAO,CAACG,SAAS,CAACH,OAAO,CAACT,MAAM,CAACa,KAAK,CAAC,CAAC;IAE3D,MAAMC,cAAc,GAAGb,GAAG,CAACc,WAAW,CAAC5B,GAAG,CAAC6B,MAAM,CAACC,QAAQ,EAAE;MACxDlB,IAAI,EAAEJ,2BAA2B;MACjCK,MAAM,EAAE;QACJ,GAAGW,UAAU;QACbO,MAAM,EAAET,OAAO,CAACG,SAAS,CAACH,OAAO,CAACU,MAAM,CAACD,MAAM,CAACE,KAAK,CAACC,IAAI,IAAI;UAC1D,OAAOC,KAAK,CAACC,IAAI,CAAC,IAAIC,GAAG,CAAC,CAAC,IAAIH,IAAI,IAAI,EAAE,CAAC,EAAE,IAAAI,sBAAW,EAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QACvE,CAAC,CAAC;QACFC,OAAO,EAAE,GAAG;QACZC,UAAU,EAAE,IAAI;QAChBC,WAAW,EAAE;MACjB;IACJ,CAAC,CAAC;IAEF,MAAMC,kBAAkB,GAAG,IAAAC,8CAAsC,EAAC7B,GAAG,EAAE;MACnEF,IAAI,EAAE,4BAA4B;MAClCgC,iBAAiB,EAAEjB,cAAc,CAACK,MAAM,CAACa;IAC7C,CAAC,CAAC;IAEF,MAAMC,gBAAgB,GAAG,IAAAC,0CAAoC,EAACjC,GAAG,EAAE;MAC/DF,IAAI,EAAE,0BAA0B;MAChCoC,MAAM,EAAEN,kBAAkB,CAACV;IAC/B,CAAC,CAAC;IAEF,MAAMiB,YAAY,GAAGnC,GAAG,CAACc,WAAW,CAAC5B,GAAG,CAACkD,GAAG,CAACC,YAAY,EAAE;MACvDvC,IAAI,EAAE,qBAAqB;MAC3BC,MAAM,EAAE;QACJuC,OAAO,EAAEN,gBAAgB,CAACd,MAAM,CAACa,GAAG;QACpCQ,UAAU,EAAExD,MAAM,CAACyD,aAAa,CAC5B,IAAAC,0CAA8B,EAAC;UAC3BC,UAAU,EAAEhD,2BAA2B;UACvCiD,SAAS,EAAE9B,cAAc,CAACK,MAAM,CAACa;QACrC,CAAC,CACL;MACJ;IACJ,CAAC,CAAC;IAEF,MAAMa,0BAA0B,GAAG5C,GAAG,CAACc,WAAW,CAAC5B,GAAG,CAAC2D,GAAG,CAACC,MAAM,EAAE;MAC/DhD,IAAI,EAAE,sCAAsC;MAC5CC,MAAM,EAAE;QACJmC,MAAM,EAAE;UACJa,OAAO,EAAE,YAAY;UACrBC,SAAS,EAAE,CACP;YACIC,MAAM,EAAE,CAAC,uBAAuB,EAAE,sBAAsB,CAAC;YACzDC,MAAM,EAAE,OAAO;YACfC,QAAQ,EAAE,CACNhB,YAAY,CAACjB,MAAM,CAACa,GAAG,CAACZ,KAAK,CAACY,GAAG,IAAI,GAAGA,GAAG,EAAE,CAAC,EAC9CI,YAAY,CAACjB,MAAM,CAACa,GAAG,CAACZ,KAAK,CAACY,GAAG,IAAI,GAAGA,GAAG,GAAG,CAAC;UAEvD,CAAC,EACD;YACIkB,MAAM,EAAE,CAAC,0BAA0B,EAAE,uBAAuB,CAAC;YAC7DC,MAAM,EAAE,OAAO;YACfC,QAAQ,EAAE,CACNhB,YAAY,CAACjB,MAAM,CAACpB,IAAI,CAACqB,KAAK,CAACrB,IAAI,IAAI;cACnC,OAAOf,MAAM,CAACqE,WAAW,kBAAkBjD,SAAS,IAAIF,YAAY,cAAcH,IAAI,IAAI;YAC9F,CAAC,CAAC;UAEV,CAAC;QAET;MACJ;IACJ,CAAC,CAAC;IAEFE,GAAG,CAACc,WAAW,CAAC5B,GAAG,CAAC2D,GAAG,CAACQ,oBAAoB,EAAE;MAC1CvD,IAAI,EAAE,yDAAyD;MAC/DC,MAAM,EAAE;QACJuD,SAAS,EAAEV,0BAA0B,CAAC1B,MAAM,CAACa,GAAG;QAChDwB,IAAI,EAAE/C,OAAO,CAAC+C,IAAI,CAACrC,MAAM,CAACpB;MAC9B;IACJ,CAAC,CAAC;IAEF,MAAM0D,SAAS,GAAGxD,GAAG,CAACc,WAAW,CAAC5B,GAAG,CAAC2D,GAAG,CAACY,IAAI,EAAE;MAC5C3D,IAAI,EAAE,4BAA4B;MAClCC,MAAM,EAAE;QACJ2D,gBAAgB,EAAE;UACdX,OAAO,EAAE,YAAY;UACrBC,SAAS,EAAE,CACP;YACIC,MAAM,EAAE,gBAAgB;YACxBC,MAAM,EAAE,OAAO;YACfS,SAAS,EAAE;cACPC,OAAO,EAAE;YACb;UACJ,CAAC;QAET;MACJ;IACJ,CAAC,CAAC;IAEF,MAAMC,WAAW,GAAG7D,GAAG,CAACc,WAAW,CAAC5B,GAAG,CAAC2D,GAAG,CAACC,MAAM,EAAE;MAChDhD,IAAI,EAAE,8BAA8B;MACpCC,MAAM,EAAE;QACJmC,MAAM,EAAE;UACJa,OAAO,EAAE,YAAY;UACrBC,SAAS,EAAE,CACP;YACIC,MAAM,EAAE,uBAAuB;YAC/BC,MAAM,EAAE,OAAO;YACfC,QAAQ,EAAEhB,YAAY,CAACjB,MAAM,CAACa;UAClC,CAAC;QAET;MACJ;IACJ,CAAC,CAAC;IAEF,MAAM+B,yBAAyB,GAAG9D,GAAG,CAACc,WAAW,CAAC5B,GAAG,CAAC2D,GAAG,CAACQ,oBAAoB,EAAE;MAC5EvD,IAAI,EAAE,8CAA8C;MACpDC,MAAM,EAAE;QACJwD,IAAI,EAAEC,SAAS,CAACtC,MAAM,CAACpB,IAAI;QAC3BwD,SAAS,EAAEO,WAAW,CAAC3C,MAAM,CAACa;MAClC;IACJ,CAAC,CAAC;IAEF,MAAMgC,SAAS,GAAG/D,GAAG,CAACc,WAAW,CAAC5B,GAAG,CAAC8E,UAAU,CAACC,SAAS,EAAE;MACxDnE,IAAI,EAAE,4BAA4B;MAClCC,MAAM,EAAE;QACJmE,YAAY,EAAE7D,IAAI,CAAC6D,YAAY;QAC/B5B,OAAO,EAAEkB,SAAS,CAACtC,MAAM,CAACa,GAAG;QAC7BoC,YAAY,EAAEC,IAAI,CAACC,SAAS,CAAC;UACzB,aAAa,EAAE,CAAC,sBAAsB;QAC1C,CAAC;MACL;IACJ,CAAC,CAAC;IAEF,MAAMC,WAAW,GAAGtE,GAAG,CAACc,WAAW,CAAC5B,GAAG,CAAC8E,UAAU,CAACO,WAAW,EAAE;MAC5DzE,IAAI,EAAE,8BAA8B;MACpCC,MAAM,EAAE;QACJ;QACAgC,GAAG,EAAEI,YAAY,CAACjB,MAAM,CAACa,GAAG;QAC5B;QACAyC,IAAI,EAAET,SAAS,CAAC7C,MAAM,CAACpB,IAAI;QAC3B;QACAwC,OAAO,EAAEkB,SAAS,CAACtC,MAAM,CAACa,GAAG;QAC7B;QACAmC,YAAY,EAAE7D,IAAI,CAAC6D;MACvB;IACJ,CAAC,CAAC;IAEF,OAAO;MACHrD,cAAc;MACdsB,YAAY;MACZH,gBAAgB;MAChBJ,kBAAkB;MAClBiC,WAAW;MACXC,yBAAyB;MACzBQ;IACJ,CAAC;EACL;AACJ,CAAC,CAAC","ignoreList":[]}
1
+ {"version":3,"names":["pulumi","_interopRequireWildcard","require","aws","_pulumi2","_","_definition","_policy","_role","_awsLayers","_awsUtils","ApiBackgroundTaskLambdaName","exports","ApiBackgroundTask","createAppModule","name","config","app","awsAccountId","getAwsAccountId","awsRegion","getAwsRegion","core","getModule","CoreOutput","graphql","ApiGraphql","baseConfig","functions","clone","backgroundTask","addResource","lambda","Function","layers","output","apply","arns","Array","from","Set","getLayerArn","timeout","memorySize","description","stepFunctionPolicy","createBackgroundTaskStepFunctionPolicy","lambdaFunctionArn","arn","stepFunctionRole","createBackgroundTaskStepFunctionRole","policy","stepFunction","sfn","StateMachine","roleArn","definition","jsonStringify","createBackgroundTaskDefinition","lambdaName","lambdaArn","policyToAccessStepFunction","iam","Policy","Version","Statement","Action","Effect","Resource","interpolate","RolePolicyAttachment","policyArn","role","eventRole","Role","assumeRolePolicy","Principal","Service","eventPolicy","eventRolePolicyAttachment","eventRule","cloudwatch","EventRule","eventBusName","eventPattern","JSON","stringify","eventTarget","EventTarget","rule"],"sources":["ApiBackgroundTask.ts"],"sourcesContent":["import * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport type { PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\nimport { createAppModule } from \"@webiny/pulumi\";\nimport { ApiGraphql, CoreOutput } from \"~/apps\";\nimport { createBackgroundTaskDefinition } from \"./backgroundTask/definition\";\nimport { createBackgroundTaskStepFunctionPolicy } from \"~/apps/api/backgroundTask/policy\";\nimport { createBackgroundTaskStepFunctionRole } from \"./backgroundTask/role\";\nimport { getLayerArn } from \"@webiny/aws-layers\";\nimport { getAwsAccountId, getAwsRegion } from \"~/apps/awsUtils\";\n\nexport type ApiBackgroundTask = PulumiAppModule<typeof ApiBackgroundTask>;\n\nexport const ApiBackgroundTaskLambdaName = \"background-task\";\n\nexport const ApiBackgroundTask = createAppModule({\n name: \"ApiBackgroundTask\",\n config(app: PulumiApp) {\n const awsAccountId = getAwsAccountId(app);\n const awsRegion = getAwsRegion(app);\n const core = app.getModule(CoreOutput);\n const graphql = app.getModule(ApiGraphql);\n const baseConfig = graphql.functions.graphql.config.clone();\n\n const backgroundTask = app.addResource(aws.lambda.Function, {\n name: ApiBackgroundTaskLambdaName,\n config: {\n ...baseConfig,\n layers: graphql.functions.graphql.output.layers.apply(arns => {\n return Array.from(new Set([...(arns || []), getLayerArn(\"sharp\")]));\n }),\n timeout: 900,\n memorySize: 1024,\n description: \"Performs background tasks.\"\n }\n });\n\n const stepFunctionPolicy = createBackgroundTaskStepFunctionPolicy(app, {\n name: \"background-task-sfn-policy\",\n lambdaFunctionArn: backgroundTask.output.arn\n });\n\n const stepFunctionRole = createBackgroundTaskStepFunctionRole(app, {\n name: \"background-task-sfn-role\",\n policy: stepFunctionPolicy.output\n });\n\n const stepFunction = app.addResource(aws.sfn.StateMachine, {\n name: \"background-task-sfn\",\n config: {\n roleArn: stepFunctionRole.output.arn,\n definition: pulumi.jsonStringify(\n createBackgroundTaskDefinition({\n lambdaName: ApiBackgroundTaskLambdaName,\n lambdaArn: backgroundTask.output.arn\n })\n )\n }\n });\n\n const policyToAccessStepFunction = app.addResource(aws.iam.Policy, {\n name: \"background-task-step-function-policy\",\n config: {\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Action: [\"states:StartExecution\", \"states:StopExecution\"],\n Effect: \"Allow\",\n Resource: [\n stepFunction.output.arn.apply(arn => `${arn}`),\n stepFunction.output.arn.apply(arn => `${arn}*`)\n ]\n },\n {\n Action: [\"states:DescribeExecution\", \"states:ListExecutions\"],\n Effect: \"Allow\",\n Resource: [\n stepFunction.output.name.apply(name => {\n return pulumi.interpolate`arn:aws:states:${awsRegion}:${awsAccountId}:execution:${name}:*`;\n })\n ]\n }\n ]\n }\n }\n });\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: \"background-task-step-function-policy-attachment-graphql\",\n config: {\n policyArn: policyToAccessStepFunction.output.arn,\n role: graphql.role.output.name\n }\n });\n\n const eventRole = app.addResource(aws.iam.Role, {\n name: \"background-task-event-role\",\n config: {\n assumeRolePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Action: \"sts:AssumeRole\",\n Effect: \"Allow\",\n Principal: {\n Service: \"events.amazonaws.com\"\n }\n }\n ]\n }\n }\n });\n\n const eventPolicy = app.addResource(aws.iam.Policy, {\n name: \"background-task-event-policy\",\n config: {\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Action: \"states:StartExecution\",\n Effect: \"Allow\",\n Resource: stepFunction.output.arn\n }\n ]\n }\n }\n });\n\n const eventRolePolicyAttachment = app.addResource(aws.iam.RolePolicyAttachment, {\n name: \"background-task-event-role-policy-attachment\",\n config: {\n role: eventRole.output.name,\n policyArn: eventPolicy.output.arn\n }\n });\n\n const eventRule = app.addResource(aws.cloudwatch.EventRule, {\n name: \"background-task-event-rule\",\n config: {\n eventBusName: core.eventBusName,\n roleArn: eventRole.output.arn,\n eventPattern: JSON.stringify({\n \"detail-type\": [\"WebinyBackgroundTask\"]\n })\n }\n });\n\n const eventTarget = app.addResource(aws.cloudwatch.EventTarget, {\n name: \"background-task-event-target\",\n config: {\n // This is going to get called.\n arn: stepFunction.output.arn,\n // This is the rule which determines if this target gets called.\n rule: eventRule.output.name,\n // This is the role which gets assumed when calling the target.\n roleArn: eventRole.output.arn,\n // This is the event bus name.\n eventBusName: core.eventBusName\n }\n });\n\n return {\n backgroundTask,\n stepFunction,\n stepFunctionRole,\n stepFunctionPolicy,\n eventPolicy,\n eventRolePolicyAttachment,\n eventTarget\n };\n }\n});\n"],"mappings":";;;;;;;AAAA,IAAAA,MAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,GAAA,GAAAF,uBAAA,CAAAC,OAAA;AAEA,IAAAE,QAAA,GAAAF,OAAA;AACA,IAAAG,CAAA,GAAAH,OAAA;AACA,IAAAI,WAAA,GAAAJ,OAAA;AACA,IAAAK,OAAA,GAAAL,OAAA;AACA,IAAAM,KAAA,GAAAN,OAAA;AACA,IAAAO,UAAA,GAAAP,OAAA;AACA,IAAAQ,SAAA,GAAAR,OAAA;AAIO,MAAMS,2BAA2B,GAAAC,OAAA,CAAAD,2BAAA,GAAG,iBAAiB;AAErD,MAAME,iBAAiB,GAAAD,OAAA,CAAAC,iBAAA,GAAG,IAAAC,wBAAe,EAAC;EAC7CC,IAAI,EAAE,mBAAmB;EACzBC,MAAMA,CAACC,GAAc,EAAE;IACnB,MAAMC,YAAY,GAAG,IAAAC,yBAAe,EAACF,GAAG,CAAC;IACzC,MAAMG,SAAS,GAAG,IAAAC,sBAAY,EAACJ,GAAG,CAAC;IACnC,MAAMK,IAAI,GAAGL,GAAG,CAACM,SAAS,CAACC,YAAU,CAAC;IACtC,MAAMC,OAAO,GAAGR,GAAG,CAACM,SAAS,CAACG,YAAU,CAAC;IACzC,MAAMC,UAAU,GAAGF,OAAO,CAACG,SAAS,CAACH,OAAO,CAACT,MAAM,CAACa,KAAK,CAAC,CAAC;IAE3D,MAAMC,cAAc,GAAGb,GAAG,CAACc,WAAW,CAAC5B,GAAG,CAAC6B,MAAM,CAACC,QAAQ,EAAE;MACxDlB,IAAI,EAAEJ,2BAA2B;MACjCK,MAAM,EAAE;QACJ,GAAGW,UAAU;QACbO,MAAM,EAAET,OAAO,CAACG,SAAS,CAACH,OAAO,CAACU,MAAM,CAACD,MAAM,CAACE,KAAK,CAACC,IAAI,IAAI;UAC1D,OAAOC,KAAK,CAACC,IAAI,CAAC,IAAIC,GAAG,CAAC,CAAC,IAAIH,IAAI,IAAI,EAAE,CAAC,EAAE,IAAAI,sBAAW,EAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QACvE,CAAC,CAAC;QACFC,OAAO,EAAE,GAAG;QACZC,UAAU,EAAE,IAAI;QAChBC,WAAW,EAAE;MACjB;IACJ,CAAC,CAAC;IAEF,MAAMC,kBAAkB,GAAG,IAAAC,8CAAsC,EAAC7B,GAAG,EAAE;MACnEF,IAAI,EAAE,4BAA4B;MAClCgC,iBAAiB,EAAEjB,cAAc,CAACK,MAAM,CAACa;IAC7C,CAAC,CAAC;IAEF,MAAMC,gBAAgB,GAAG,IAAAC,0CAAoC,EAACjC,GAAG,EAAE;MAC/DF,IAAI,EAAE,0BAA0B;MAChCoC,MAAM,EAAEN,kBAAkB,CAACV;IAC/B,CAAC,CAAC;IAEF,MAAMiB,YAAY,GAAGnC,GAAG,CAACc,WAAW,CAAC5B,GAAG,CAACkD,GAAG,CAACC,YAAY,EAAE;MACvDvC,IAAI,EAAE,qBAAqB;MAC3BC,MAAM,EAAE;QACJuC,OAAO,EAAEN,gBAAgB,CAACd,MAAM,CAACa,GAAG;QACpCQ,UAAU,EAAExD,MAAM,CAACyD,aAAa,CAC5B,IAAAC,0CAA8B,EAAC;UAC3BC,UAAU,EAAEhD,2BAA2B;UACvCiD,SAAS,EAAE9B,cAAc,CAACK,MAAM,CAACa;QACrC,CAAC,CACL;MACJ;IACJ,CAAC,CAAC;IAEF,MAAMa,0BAA0B,GAAG5C,GAAG,CAACc,WAAW,CAAC5B,GAAG,CAAC2D,GAAG,CAACC,MAAM,EAAE;MAC/DhD,IAAI,EAAE,sCAAsC;MAC5CC,MAAM,EAAE;QACJmC,MAAM,EAAE;UACJa,OAAO,EAAE,YAAY;UACrBC,SAAS,EAAE,CACP;YACIC,MAAM,EAAE,CAAC,uBAAuB,EAAE,sBAAsB,CAAC;YACzDC,MAAM,EAAE,OAAO;YACfC,QAAQ,EAAE,CACNhB,YAAY,CAACjB,MAAM,CAACa,GAAG,CAACZ,KAAK,CAACY,GAAG,IAAI,GAAGA,GAAG,EAAE,CAAC,EAC9CI,YAAY,CAACjB,MAAM,CAACa,GAAG,CAACZ,KAAK,CAACY,GAAG,IAAI,GAAGA,GAAG,GAAG,CAAC;UAEvD,CAAC,EACD;YACIkB,MAAM,EAAE,CAAC,0BAA0B,EAAE,uBAAuB,CAAC;YAC7DC,MAAM,EAAE,OAAO;YACfC,QAAQ,EAAE,CACNhB,YAAY,CAACjB,MAAM,CAACpB,IAAI,CAACqB,KAAK,CAACrB,IAAI,IAAI;cACnC,OAAOf,MAAM,CAACqE,WAAW,kBAAkBjD,SAAS,IAAIF,YAAY,cAAcH,IAAI,IAAI;YAC9F,CAAC,CAAC;UAEV,CAAC;QAET;MACJ;IACJ,CAAC,CAAC;IAEFE,GAAG,CAACc,WAAW,CAAC5B,GAAG,CAAC2D,GAAG,CAACQ,oBAAoB,EAAE;MAC1CvD,IAAI,EAAE,yDAAyD;MAC/DC,MAAM,EAAE;QACJuD,SAAS,EAAEV,0BAA0B,CAAC1B,MAAM,CAACa,GAAG;QAChDwB,IAAI,EAAE/C,OAAO,CAAC+C,IAAI,CAACrC,MAAM,CAACpB;MAC9B;IACJ,CAAC,CAAC;IAEF,MAAM0D,SAAS,GAAGxD,GAAG,CAACc,WAAW,CAAC5B,GAAG,CAAC2D,GAAG,CAACY,IAAI,EAAE;MAC5C3D,IAAI,EAAE,4BAA4B;MAClCC,MAAM,EAAE;QACJ2D,gBAAgB,EAAE;UACdX,OAAO,EAAE,YAAY;UACrBC,SAAS,EAAE,CACP;YACIC,MAAM,EAAE,gBAAgB;YACxBC,MAAM,EAAE,OAAO;YACfS,SAAS,EAAE;cACPC,OAAO,EAAE;YACb;UACJ,CAAC;QAET;MACJ;IACJ,CAAC,CAAC;IAEF,MAAMC,WAAW,GAAG7D,GAAG,CAACc,WAAW,CAAC5B,GAAG,CAAC2D,GAAG,CAACC,MAAM,EAAE;MAChDhD,IAAI,EAAE,8BAA8B;MACpCC,MAAM,EAAE;QACJmC,MAAM,EAAE;UACJa,OAAO,EAAE,YAAY;UACrBC,SAAS,EAAE,CACP;YACIC,MAAM,EAAE,uBAAuB;YAC/BC,MAAM,EAAE,OAAO;YACfC,QAAQ,EAAEhB,YAAY,CAACjB,MAAM,CAACa;UAClC,CAAC;QAET;MACJ;IACJ,CAAC,CAAC;IAEF,MAAM+B,yBAAyB,GAAG9D,GAAG,CAACc,WAAW,CAAC5B,GAAG,CAAC2D,GAAG,CAACQ,oBAAoB,EAAE;MAC5EvD,IAAI,EAAE,8CAA8C;MACpDC,MAAM,EAAE;QACJwD,IAAI,EAAEC,SAAS,CAACtC,MAAM,CAACpB,IAAI;QAC3BwD,SAAS,EAAEO,WAAW,CAAC3C,MAAM,CAACa;MAClC;IACJ,CAAC,CAAC;IAEF,MAAMgC,SAAS,GAAG/D,GAAG,CAACc,WAAW,CAAC5B,GAAG,CAAC8E,UAAU,CAACC,SAAS,EAAE;MACxDnE,IAAI,EAAE,4BAA4B;MAClCC,MAAM,EAAE;QACJmE,YAAY,EAAE7D,IAAI,CAAC6D,YAAY;QAC/B5B,OAAO,EAAEkB,SAAS,CAACtC,MAAM,CAACa,GAAG;QAC7BoC,YAAY,EAAEC,IAAI,CAACC,SAAS,CAAC;UACzB,aAAa,EAAE,CAAC,sBAAsB;QAC1C,CAAC;MACL;IACJ,CAAC,CAAC;IAEF,MAAMC,WAAW,GAAGtE,GAAG,CAACc,WAAW,CAAC5B,GAAG,CAAC8E,UAAU,CAACO,WAAW,EAAE;MAC5DzE,IAAI,EAAE,8BAA8B;MACpCC,MAAM,EAAE;QACJ;QACAgC,GAAG,EAAEI,YAAY,CAACjB,MAAM,CAACa,GAAG;QAC5B;QACAyC,IAAI,EAAET,SAAS,CAAC7C,MAAM,CAACpB,IAAI;QAC3B;QACAwC,OAAO,EAAEkB,SAAS,CAACtC,MAAM,CAACa,GAAG;QAC7B;QACAmC,YAAY,EAAE7D,IAAI,CAAC6D;MACvB;IACJ,CAAC,CAAC;IAEF,OAAO;MACHrD,cAAc;MACdsB,YAAY;MACZH,gBAAgB;MAChBJ,kBAAkB;MAClBiC,WAAW;MACXC,yBAAyB;MACzBQ;IACJ,CAAC;EACL;AACJ,CAAC,CAAC","ignoreList":[]}
package/apps/api/ApiCloudfront.d.ts CHANGED
@@ -1,3 +1,3 @@
1
- import { PulumiAppModule } from "@webiny/pulumi";
1
+ import type { PulumiAppModule } from "@webiny/pulumi";
2
2
  export type ApiCloudfront = PulumiAppModule<typeof ApiCloudfront>;
3
3
  export declare const ApiCloudfront: import("@webiny/pulumi").PulumiAppModuleDefinition<import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cloudfront/distribution").Distribution>, void>;
package/apps/api/ApiCloudfront.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["aws","_interopRequireWildcard","require","_pulumi","_ApiGateway","ApiCloudfront","exports","createAppModule","name","config","app","gateway","getModule","ApiGateway","cookies","forward","whitelistedNames","forwardHeaders","addResource","cloudfront","Distribution","waitForDeployment","isIpv6Enabled","enabled","defaultCacheBehavior","compress","allowedMethods","cachedMethods","forwardedValues","headers","queryString","minTtl","defaultTtl","maxTtl","targetOriginId","api","output","viewerProtocolPolicy","orderedCacheBehaviors","pathPattern","origins","domainName","stage","invokeUrl","apply","url","URL","hostname","originPath","pathname","originId","customOriginConfig","httpPort","httpsPort","originProtocolPolicy","originSslProtocols","restrictions","geoRestriction","restrictionType","viewerCertificate","cloudfrontDefaultCertificate","opts","ignoreChanges"],"sources":["ApiCloudfront.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { createAppModule, PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\n\nimport { ApiGateway } from \"./ApiGateway\";\n\nexport type ApiCloudfront = PulumiAppModule<typeof ApiCloudfront>;\n\nexport const ApiCloudfront = createAppModule({\n name: \"ApiCloudfront\",\n config(app: PulumiApp) {\n const gateway = app.getModule(ApiGateway);\n\n const cookies = {\n forward: \"whitelist\",\n whitelistedNames: [\"wby-id-token\"]\n };\n\n const forwardHeaders = [\"Origin\", \"Accept\", \"Accept-Language\"];\n\n return app.addResource(aws.cloudfront.Distribution, {\n name: \"api-cloudfront\",\n config: {\n waitForDeployment: false,\n isIpv6Enabled: true,\n enabled: true,\n defaultCacheBehavior: {\n compress: true,\n allowedMethods: [\"GET\", \"HEAD\", \"OPTIONS\", \"PUT\", \"POST\", \"PATCH\", \"DELETE\"],\n cachedMethods: [\"GET\", \"HEAD\", \"OPTIONS\"],\n forwardedValues: {\n cookies,\n headers: forwardHeaders,\n queryString: true\n },\n // MinTTL <= DefaultTTL <= MaxTTL\n minTtl: 0,\n defaultTtl: 0,\n maxTtl: 86400,\n targetOriginId: gateway.api.output.name,\n viewerProtocolPolicy: \"allow-all\"\n },\n orderedCacheBehaviors: [\n {\n compress: true,\n allowedMethods: [\n \"GET\",\n \"HEAD\",\n \"OPTIONS\",\n \"PUT\",\n \"POST\",\n \"PATCH\",\n \"DELETE\"\n ],\n cachedMethods: [\"GET\", \"HEAD\", \"OPTIONS\"],\n forwardedValues: {\n cookies: {\n forward: \"none\"\n },\n headers: [\"Accept\", \"Accept-Language\"],\n queryString: true\n },\n pathPattern: \"/cms*\",\n viewerProtocolPolicy: \"allow-all\",\n targetOriginId: gateway.api.output.name\n },\n {\n allowedMethods: [\"HEAD\", \"GET\", \"OPTIONS\"],\n cachedMethods: [\"HEAD\", \"GET\", \"OPTIONS\"],\n forwardedValues: {\n cookies: {\n forward: \"none\"\n },\n headers: forwardHeaders,\n queryString: true\n },\n // MinTTL <= DefaultTTL <= MaxTTL\n minTtl: 0,\n defaultTtl: 0,\n maxTtl: 2592000,\n pathPattern: \"/files/*\",\n viewerProtocolPolicy: \"allow-all\",\n targetOriginId: gateway.api.output.name\n },\n {\n allowedMethods: [\"HEAD\", \"GET\", \"OPTIONS\"],\n cachedMethods: [\"HEAD\", \"GET\", \"OPTIONS\"],\n forwardedValues: {\n cookies: cookies,\n headers: forwardHeaders,\n queryString: true\n },\n // MinTTL <= DefaultTTL <= MaxTTL\n minTtl: 0,\n defaultTtl: 0,\n maxTtl: 2592000,\n pathPattern: \"/private/*\",\n viewerProtocolPolicy: \"allow-all\",\n targetOriginId: gateway.api.output.name\n }\n ],\n origins: [\n {\n domainName: gateway.stage.output.invokeUrl.apply(\n (url: string) => new URL(url).hostname\n ),\n originPath: gateway.stage.output.invokeUrl.apply(\n (url: string) => new URL(url).pathname\n ),\n originId: gateway.api.output.name,\n customOriginConfig: {\n httpPort: 80,\n httpsPort: 443,\n originProtocolPolicy: \"https-only\",\n originSslProtocols: [\"TLSv1.2\"]\n }\n }\n ],\n restrictions: {\n geoRestriction: {\n restrictionType: \"none\"\n }\n },\n viewerCertificate: {\n cloudfrontDefaultCertificate: true\n }\n },\n opts: {\n // We are ignoring changes to the \"staging\" property. This is because of the following.\n // With the 5.41.0 release of Webiny, we also upgraded Pulumi to v6. This introduced a change\n // with how Cloudfront distributions are deployed, where Pulumi now also controls the new\n // `staging` property.\n // If not set, Pulumi will default it to `false`. Which is fine, but, the problem is\n // that, because this property did not exist before, it will always be considered as a change\n // upon deployment.\n // We might think this is fine, but, the problem is that a change in this property causes\n // a full replacement of the Cloudfront distribution, which is not acceptable. Especially\n // if a custom domain has already been associated with the distribution. This then would\n // require the user to disassociate the domain, wait for the distribution to be replaced,\n // and then re-associate the domain. This is not a good experience.\n ignoreChanges: [\"staging\"]\n }\n });\n }\n});\n"],"mappings":";;;;;;;AAAA,IAAAA,GAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,OAAA,GAAAD,OAAA;AAEA,IAAAE,WAAA,GAAAF,OAAA;AAIO,MAAMG,aAAa,GAAAC,OAAA,CAAAD,aAAA,GAAG,IAAAE,uBAAe,EAAC;EACzCC,IAAI,EAAE,eAAe;EACrBC,MAAMA,CAACC,GAAc,EAAE;IACnB,MAAMC,OAAO,GAAGD,GAAG,CAACE,SAAS,CAACC,sBAAU,CAAC;IAEzC,MAAMC,OAAO,GAAG;MACZC,OAAO,EAAE,WAAW;MACpBC,gBAAgB,EAAE,CAAC,cAAc;IACrC,CAAC;IAED,MAAMC,cAAc,GAAG,CAAC,QAAQ,EAAE,QAAQ,EAAE,iBAAiB,CAAC;IAE9D,OAAOP,GAAG,CAACQ,WAAW,CAAClB,GAAG,CAACmB,UAAU,CAACC,YAAY,EAAE;MAChDZ,IAAI,EAAE,gBAAgB;MACtBC,MAAM,EAAE;QACJY,iBAAiB,EAAE,KAAK;QACxBC,aAAa,EAAE,IAAI;QACnBC,OAAO,EAAE,IAAI;QACbC,oBAAoB,EAAE;UAClBC,QAAQ,EAAE,IAAI;UACdC,cAAc,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,CAAC;UAC5EC,aAAa,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC;UACzCC,eAAe,EAAE;YACbd,OAAO;YACPe,OAAO,EAAEZ,cAAc;YACvBa,WAAW,EAAE;UACjB,CAAC;UACD;UACAC,MAAM,EAAE,CAAC;UACTC,UAAU,EAAE,CAAC;UACbC,MAAM,EAAE,KAAK;UACbC,cAAc,EAAEvB,OAAO,CAACwB,GAAG,CAACC,MAAM,CAAC5B,IAAI;UACvC6B,oBAAoB,EAAE;QAC1B,CAAC;QACDC,qBAAqB,EAAE,CACnB;UACIb,QAAQ,EAAE,IAAI;UACdC,cAAc,EAAE,CACZ,KAAK,EACL,MAAM,EACN,SAAS,EACT,KAAK,EACL,MAAM,EACN,OAAO,EACP,QAAQ,CACX;UACDC,aAAa,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC;UACzCC,eAAe,EAAE;YACbd,OAAO,EAAE;cACLC,OAAO,EAAE;YACb,CAAC;YACDc,OAAO,EAAE,CAAC,QAAQ,EAAE,iBAAiB,CAAC;YACtCC,WAAW,EAAE;UACjB,CAAC;UACDS,WAAW,EAAE,OAAO;UACpBF,oBAAoB,EAAE,WAAW;UACjCH,cAAc,EAAEvB,OAAO,CAACwB,GAAG,CAACC,MAAM,CAAC5B;QACvC,CAAC,EACD;UACIkB,cAAc,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,SAAS,CAAC;UAC1CC,aAAa,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,SAAS,CAAC;UACzCC,eAAe,EAAE;YACbd,OAAO,EAAE;cACLC,OAAO,EAAE;YACb,CAAC;YACDc,OAAO,EAAEZ,cAAc;YACvBa,WAAW,EAAE;UACjB,CAAC;UACD;UACAC,MAAM,EAAE,CAAC;UACTC,UAAU,EAAE,CAAC;UACbC,MAAM,EAAE,OAAO;UACfM,WAAW,EAAE,UAAU;UACvBF,oBAAoB,EAAE,WAAW;UACjCH,cAAc,EAAEvB,OAAO,CAACwB,GAAG,CAACC,MAAM,CAAC5B;QACvC,CAAC,EACD;UACIkB,cAAc,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,SAAS,CAAC;UAC1CC,aAAa,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,SAAS,CAAC;UACzCC,eAAe,EAAE;YACbd,OAAO,EAAEA,OAAO;YAChBe,OAAO,EAAEZ,cAAc;YACvBa,WAAW,EAAE;UACjB,CAAC;UACD;UACAC,MAAM,EAAE,CAAC;UACTC,UAAU,EAAE,CAAC;UACbC,MAAM,EAAE,OAAO;UACfM,WAAW,EAAE,YAAY;UACzBF,oBAAoB,EAAE,WAAW;UACjCH,cAAc,EAAEvB,OAAO,CAACwB,GAAG,CAACC,MAAM,CAAC5B;QACvC,CAAC,CACJ;QACDgC,OAAO,EAAE,CACL;UACIC,UAAU,EAAE9B,OAAO,CAAC+B,KAAK,CAACN,MAAM,CAACO,SAAS,CAACC,KAAK,CAC3CC,GAAW,IAAK,IAAIC,GAAG,CAACD,GAAG,CAAC,CAACE,QAClC,CAAC;UACDC,UAAU,EAAErC,OAAO,CAAC+B,KAAK,CAACN,MAAM,CAACO,SAAS,CAACC,KAAK,CAC3CC,GAAW,IAAK,IAAIC,GAAG,CAACD,GAAG,CAAC,CAACI,QAClC,CAAC;UACDC,QAAQ,EAAEvC,OAAO,CAACwB,GAAG,CAACC,MAAM,CAAC5B,IAAI;UACjC2C,kBAAkB,EAAE;YAChBC,QAAQ,EAAE,EAAE;YACZC,SAAS,EAAE,GAAG;YACdC,oBAAoB,EAAE,YAAY;YAClCC,kBAAkB,EAAE,CAAC,SAAS;UAClC;QACJ,CAAC,CACJ;QACDC,YAAY,EAAE;UACVC,cAAc,EAAE;YACZC,eAAe,EAAE;UACrB;QACJ,CAAC;QACDC,iBAAiB,EAAE;UACfC,4BAA4B,EAAE;QAClC;MACJ,CAAC;MACDC,IAAI,EAAE;QACF;QACA;QACA;QACA;QACA;QACA;QACA;QACA;QACA;QACA;QACA;QACA;QACAC,aAAa,EAAE,CAAC,SAAS;MAC7B;IACJ,CAAC,CAAC;EACN;AACJ,CAAC,CAAC","ignoreList":[]}
1
+ {"version":3,"names":["aws","_interopRequireWildcard","require","_pulumi","_ApiGateway","ApiCloudfront","exports","createAppModule","name","config","app","gateway","getModule","ApiGateway","cookies","forward","whitelistedNames","forwardHeaders","addResource","cloudfront","Distribution","waitForDeployment","isIpv6Enabled","enabled","defaultCacheBehavior","compress","allowedMethods","cachedMethods","forwardedValues","headers","queryString","minTtl","defaultTtl","maxTtl","targetOriginId","api","output","viewerProtocolPolicy","orderedCacheBehaviors","pathPattern","origins","domainName","stage","invokeUrl","apply","url","URL","hostname","originPath","pathname","originId","customOriginConfig","httpPort","httpsPort","originProtocolPolicy","originSslProtocols","restrictions","geoRestriction","restrictionType","viewerCertificate","cloudfrontDefaultCertificate","opts","ignoreChanges"],"sources":["ApiCloudfront.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport type { PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\nimport { createAppModule } from \"@webiny/pulumi\";\n\nimport { ApiGateway } from \"./ApiGateway\";\n\nexport type ApiCloudfront = PulumiAppModule<typeof ApiCloudfront>;\n\nexport const ApiCloudfront = createAppModule({\n name: \"ApiCloudfront\",\n config(app: PulumiApp) {\n const gateway = app.getModule(ApiGateway);\n\n const cookies = {\n forward: \"whitelist\",\n whitelistedNames: [\"wby-id-token\"]\n };\n\n const forwardHeaders = [\"Origin\", \"Accept\", \"Accept-Language\"];\n\n return app.addResource(aws.cloudfront.Distribution, {\n name: \"api-cloudfront\",\n config: {\n waitForDeployment: false,\n isIpv6Enabled: true,\n enabled: true,\n defaultCacheBehavior: {\n compress: true,\n allowedMethods: [\"GET\", \"HEAD\", \"OPTIONS\", \"PUT\", \"POST\", \"PATCH\", \"DELETE\"],\n cachedMethods: [\"GET\", \"HEAD\", \"OPTIONS\"],\n forwardedValues: {\n cookies,\n headers: forwardHeaders,\n queryString: true\n },\n // MinTTL <= DefaultTTL <= MaxTTL\n minTtl: 0,\n defaultTtl: 0,\n maxTtl: 86400,\n targetOriginId: gateway.api.output.name,\n viewerProtocolPolicy: \"allow-all\"\n },\n orderedCacheBehaviors: [\n {\n compress: true,\n allowedMethods: [\n \"GET\",\n \"HEAD\",\n \"OPTIONS\",\n \"PUT\",\n \"POST\",\n \"PATCH\",\n \"DELETE\"\n ],\n cachedMethods: [\"GET\", \"HEAD\", \"OPTIONS\"],\n forwardedValues: {\n cookies: {\n forward: \"none\"\n },\n headers: [\"Accept\", \"Accept-Language\"],\n queryString: true\n },\n pathPattern: \"/cms*\",\n viewerProtocolPolicy: \"allow-all\",\n targetOriginId: gateway.api.output.name\n },\n {\n allowedMethods: [\"HEAD\", \"GET\", \"OPTIONS\"],\n cachedMethods: [\"HEAD\", \"GET\", \"OPTIONS\"],\n forwardedValues: {\n cookies: {\n forward: \"none\"\n },\n headers: forwardHeaders,\n queryString: true\n },\n // MinTTL <= DefaultTTL <= MaxTTL\n minTtl: 0,\n defaultTtl: 0,\n maxTtl: 2592000,\n pathPattern: \"/files/*\",\n viewerProtocolPolicy: \"allow-all\",\n targetOriginId: gateway.api.output.name\n },\n {\n allowedMethods: [\"HEAD\", \"GET\", \"OPTIONS\"],\n cachedMethods: [\"HEAD\", \"GET\", \"OPTIONS\"],\n forwardedValues: {\n cookies: cookies,\n headers: forwardHeaders,\n queryString: true\n },\n // MinTTL <= DefaultTTL <= MaxTTL\n minTtl: 0,\n defaultTtl: 0,\n maxTtl: 2592000,\n pathPattern: \"/private/*\",\n viewerProtocolPolicy: \"allow-all\",\n targetOriginId: gateway.api.output.name\n }\n ],\n origins: [\n {\n domainName: gateway.stage.output.invokeUrl.apply(\n (url: string) => new URL(url).hostname\n ),\n originPath: gateway.stage.output.invokeUrl.apply(\n (url: string) => new URL(url).pathname\n ),\n originId: gateway.api.output.name,\n customOriginConfig: {\n httpPort: 80,\n httpsPort: 443,\n originProtocolPolicy: \"https-only\",\n originSslProtocols: [\"TLSv1.2\"]\n }\n }\n ],\n restrictions: {\n geoRestriction: {\n restrictionType: \"none\"\n }\n },\n viewerCertificate: {\n cloudfrontDefaultCertificate: true\n }\n },\n opts: {\n // We are ignoring changes to the \"staging\" property. This is because of the following.\n // With the 5.41.0 release of Webiny, we also upgraded Pulumi to v6. This introduced a change\n // with how Cloudfront distributions are deployed, where Pulumi now also controls the new\n // `staging` property.\n // If not set, Pulumi will default it to `false`. Which is fine, but, the problem is\n // that, because this property did not exist before, it will always be considered as a change\n // upon deployment.\n // We might think this is fine, but, the problem is that a change in this property causes\n // a full replacement of the Cloudfront distribution, which is not acceptable. Especially\n // if a custom domain has already been associated with the distribution. This then would\n // require the user to disassociate the domain, wait for the distribution to be replaced,\n // and then re-associate the domain. This is not a good experience.\n ignoreChanges: [\"staging\"]\n }\n });\n }\n});\n"],"mappings":";;;;;;;AAAA,IAAAA,GAAA,GAAAC,uBAAA,CAAAC,OAAA;AAEA,IAAAC,OAAA,GAAAD,OAAA;AAEA,IAAAE,WAAA,GAAAF,OAAA;AAIO,MAAMG,aAAa,GAAAC,OAAA,CAAAD,aAAA,GAAG,IAAAE,uBAAe,EAAC;EACzCC,IAAI,EAAE,eAAe;EACrBC,MAAMA,CAACC,GAAc,EAAE;IACnB,MAAMC,OAAO,GAAGD,GAAG,CAACE,SAAS,CAACC,sBAAU,CAAC;IAEzC,MAAMC,OAAO,GAAG;MACZC,OAAO,EAAE,WAAW;MACpBC,gBAAgB,EAAE,CAAC,cAAc;IACrC,CAAC;IAED,MAAMC,cAAc,GAAG,CAAC,QAAQ,EAAE,QAAQ,EAAE,iBAAiB,CAAC;IAE9D,OAAOP,GAAG,CAACQ,WAAW,CAAClB,GAAG,CAACmB,UAAU,CAACC,YAAY,EAAE;MAChDZ,IAAI,EAAE,gBAAgB;MACtBC,MAAM,EAAE;QACJY,iBAAiB,EAAE,KAAK;QACxBC,aAAa,EAAE,IAAI;QACnBC,OAAO,EAAE,IAAI;QACbC,oBAAoB,EAAE;UAClBC,QAAQ,EAAE,IAAI;UACdC,cAAc,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,CAAC;UAC5EC,aAAa,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC;UACzCC,eAAe,EAAE;YACbd,OAAO;YACPe,OAAO,EAAEZ,cAAc;YACvBa,WAAW,EAAE;UACjB,CAAC;UACD;UACAC,MAAM,EAAE,CAAC;UACTC,UAAU,EAAE,CAAC;UACbC,MAAM,EAAE,KAAK;UACbC,cAAc,EAAEvB,OAAO,CAACwB,GAAG,CAACC,MAAM,CAAC5B,IAAI;UACvC6B,oBAAoB,EAAE;QAC1B,CAAC;QACDC,qBAAqB,EAAE,CACnB;UACIb,QAAQ,EAAE,IAAI;UACdC,cAAc,EAAE,CACZ,KAAK,EACL,MAAM,EACN,SAAS,EACT,KAAK,EACL,MAAM,EACN,OAAO,EACP,QAAQ,CACX;UACDC,aAAa,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC;UACzCC,eAAe,EAAE;YACbd,OAAO,EAAE;cACLC,OAAO,EAAE;YACb,CAAC;YACDc,OAAO,EAAE,CAAC,QAAQ,EAAE,iBAAiB,CAAC;YACtCC,WAAW,EAAE;UACjB,CAAC;UACDS,WAAW,EAAE,OAAO;UACpBF,oBAAoB,EAAE,WAAW;UACjCH,cAAc,EAAEvB,OAAO,CAACwB,GAAG,CAACC,MAAM,CAAC5B;QACvC,CAAC,EACD;UACIkB,cAAc,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,SAAS,CAAC;UAC1CC,aAAa,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,SAAS,CAAC;UACzCC,eAAe,EAAE;YACbd,OAAO,EAAE;cACLC,OAAO,EAAE;YACb,CAAC;YACDc,OAAO,EAAEZ,cAAc;YACvBa,WAAW,EAAE;UACjB,CAAC;UACD;UACAC,MAAM,EAAE,CAAC;UACTC,UAAU,EAAE,CAAC;UACbC,MAAM,EAAE,OAAO;UACfM,WAAW,EAAE,UAAU;UACvBF,oBAAoB,EAAE,WAAW;UACjCH,cAAc,EAAEvB,OAAO,CAACwB,GAAG,CAACC,MAAM,CAAC5B;QACvC,CAAC,EACD;UACIkB,cAAc,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,SAAS,CAAC;UAC1CC,aAAa,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,SAAS,CAAC;UACzCC,eAAe,EAAE;YACbd,OAAO,EAAEA,OAAO;YAChBe,OAAO,EAAEZ,cAAc;YACvBa,WAAW,EAAE;UACjB,CAAC;UACD;UACAC,MAAM,EAAE,CAAC;UACTC,UAAU,EAAE,CAAC;UACbC,MAAM,EAAE,OAAO;UACfM,WAAW,EAAE,YAAY;UACzBF,oBAAoB,EAAE,WAAW;UACjCH,cAAc,EAAEvB,OAAO,CAACwB,GAAG,CAACC,MAAM,CAAC5B;QACvC,CAAC,CACJ;QACDgC,OAAO,EAAE,CACL;UACIC,UAAU,EAAE9B,OAAO,CAAC+B,KAAK,CAACN,MAAM,CAACO,SAAS,CAACC,KAAK,CAC3CC,GAAW,IAAK,IAAIC,GAAG,CAACD,GAAG,CAAC,CAACE,QAClC,CAAC;UACDC,UAAU,EAAErC,OAAO,CAAC+B,KAAK,CAACN,MAAM,CAACO,SAAS,CAACC,KAAK,CAC3CC,GAAW,IAAK,IAAIC,GAAG,CAACD,GAAG,CAAC,CAACI,QAClC,CAAC;UACDC,QAAQ,EAAEvC,OAAO,CAACwB,GAAG,CAACC,MAAM,CAAC5B,IAAI;UACjC2C,kBAAkB,EAAE;YAChBC,QAAQ,EAAE,EAAE;YACZC,SAAS,EAAE,GAAG;YACdC,oBAAoB,EAAE,YAAY;YAClCC,kBAAkB,EAAE,CAAC,SAAS;UAClC;QACJ,CAAC,CACJ;QACDC,YAAY,EAAE;UACVC,cAAc,EAAE;YACZC,eAAe,EAAE;UACrB;QACJ,CAAC;QACDC,iBAAiB,EAAE;UACfC,4BAA4B,EAAE;QAClC;MACJ,CAAC;MACDC,IAAI,EAAE;QACF;QACA;QACA;QACA;QACA;QACA;QACA;QACA;QACA;QACA;QACA;QACA;QACAC,aAAa,EAAE,CAAC,SAAS;MAC7B;IACJ,CAAC,CAAC;EACN;AACJ,CAAC,CAAC","ignoreList":[]}
package/apps/api/ApiFileManager.d.ts CHANGED
@@ -1,9 +1,15 @@
1
- import { PulumiAppModule } from "@webiny/pulumi";
1
+ import type { PulumiAppModule } from "@webiny/pulumi";
2
2
  export type ApiFileManager = PulumiAppModule<typeof ApiFileManager>;
3
3
  interface ApiFileManagerConfig {
4
4
  env: Record<string, any>;
5
5
  }
6
6
  export declare const ApiFileManager: import("@webiny/pulumi").PulumiAppModuleDefinition<{
7
+ roles: {
8
+ manage: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/role").Role>;
9
+ };
10
+ policies: {
11
+ manage: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/policy").Policy>;
12
+ };
7
13
  functions: {
8
14
  manage: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/lambda/function").Function>;
9
15
  download: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/lambda/function").Function>;
package/apps/api/ApiFileManager.js CHANGED
@@ -97,6 +97,12 @@ const ApiFileManager = exports.ApiFileManager = (0, _pulumi2.createAppModule)({
97
97
  download
98
98
  };
99
99
  return {
100
+ roles: {
101
+ manage: role
102
+ },
103
+ policies: {
104
+ manage: policy
105
+ },
100
106
  functions,
101
107
  bucketNotification
102
108
  };
package/apps/api/ApiFileManager.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["_path","_interopRequireDefault","require","pulumi","_interopRequireWildcard","aws","_awsLayers","_pulumi2","_lambdaUtils","_","_awsUtils","_constants","ApiFileManager","exports","createAppModule","name","config","app","core","getModule","CoreOutput","graphql","ApiGraphql","accountId","getAwsAccountId","policy","createFileManagerLambdaPolicy","role","createLambdaRole","output","manage","addResource","lambda","Function","arn","runtime","LAMBDA_RUNTIME","handler","timeout","memorySize","description","code","asset","AssetArchive","FileArchive","path","join","paths","workspace","environment","variables","getCommonLambdaEnvVariables","apply","value","S3_BUCKET","fileManagerBucketId","vpcConfig","VpcConfig","functionVpcConfig","baseConfig","functions","clone","download","layers","getLayerArn","env","WEBINY_FUNCTION_TYPE","manageS3LambdaPermission","Permission","action","function","principal","sourceArn","interpolate","sourceAccount","opts","dependsOn","bucketNotification","s3","BucketNotification","bucket","lambdaFunctions","lambdaFunctionArn","events","iam","Policy","Version","Statement","Sid","Effect","Action","Resource","primaryDynamodbTableArn","logDynamodbTableArn"],"sources":["ApiFileManager.ts"],"sourcesContent":["import path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport { getLayerArn } from \"@webiny/aws-layers\";\nimport { createAppModule, PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\n\nimport { createLambdaRole, getCommonLambdaEnvVariables } from \"../lambdaUtils\";\nimport { ApiGraphql, CoreOutput, VpcConfig } from \"~/apps\";\nimport { getAwsAccountId } from \"~/apps/awsUtils\";\nimport { LAMBDA_RUNTIME } from \"~/constants\";\n\nexport type ApiFileManager = PulumiAppModule<typeof ApiFileManager>;\n\ninterface ApiFileManagerConfig {\n env: Record<string, any>;\n}\n\nexport const ApiFileManager = createAppModule({\n name: \"ApiFileManager\",\n config(app: PulumiApp, config: ApiFileManagerConfig) {\n const core = app.getModule(CoreOutput);\n const graphql = app.getModule(ApiGraphql);\n const accountId = getAwsAccountId(app);\n\n const policy = createFileManagerLambdaPolicy(app);\n const role = createLambdaRole(app, {\n name: \"fm-lambda-role\",\n policy: policy.output\n });\n\n const manage = app.addResource(aws.lambda.Function, {\n name: \"fm-manage\",\n config: {\n role: role.output.arn,\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n timeout: 30,\n memorySize: 1024,\n description: \"Triggered when a file is deleted.\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"fileManager/manage/build\")\n )\n }),\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n S3_BUCKET: core.fileManagerBucketId\n }))\n },\n vpcConfig: app.getModule(VpcConfig).functionVpcConfig\n }\n });\n\n const baseConfig = graphql.functions.graphql.config.clone();\n\n const download = app.addResource(aws.lambda.Function, {\n name: \"fm-download\",\n config: {\n ...baseConfig,\n memorySize: 1600,\n description: \"Serves previously uploaded files.\",\n layers: [getLayerArn(\"sharp\")],\n environment: {\n variables: graphql.functions.graphql.output.environment.apply(env => {\n return {\n WEBINY_FUNCTION_TYPE: \"asset-delivery\",\n ...env?.variables,\n ...config.env\n };\n })\n }\n }\n });\n\n const manageS3LambdaPermission = app.addResource(aws.lambda.Permission, {\n name: \"fm-manage-s3-lambda-permission\",\n config: {\n action: \"lambda:InvokeFunction\",\n function: manage.output.arn,\n principal: \"s3.amazonaws.com\",\n sourceArn: pulumi.interpolate`arn:aws:s3:::${core.fileManagerBucketId}`,\n sourceAccount: accountId\n },\n opts: {\n dependsOn: [manage.output]\n }\n });\n\n const bucketNotification = app.addResource(aws.s3.BucketNotification, {\n name: \"bucketNotification\",\n config: {\n bucket: core.fileManagerBucketId,\n lambdaFunctions: [\n {\n lambdaFunctionArn: manage.output.arn,\n events: [\"s3:ObjectRemoved:*\"]\n }\n ]\n },\n opts: {\n dependsOn: [manage.output, manageS3LambdaPermission.output]\n }\n });\n\n const functions = {\n manage,\n download\n };\n\n return {\n functions,\n bucketNotification\n };\n }\n});\n\nfunction createFileManagerLambdaPolicy(app: PulumiApp) {\n const core = app.getModule(CoreOutput);\n\n return app.addResource(aws.iam.Policy, {\n name: \"FileManagerLambdaPolicy\",\n config: {\n description: \"This policy enables access to Lambda and S3\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionForLambda\",\n Effect: \"Allow\",\n Action: \"lambda:InvokeFunction\",\n Resource: \"*\"\n },\n {\n Sid: \"PermissionForS3\",\n Effect: \"Allow\",\n Action: [\n \"s3:DeleteObject\",\n \"s3:PutObject\",\n \"s3:GetObject\",\n \"s3:ListBucket\"\n ],\n Resource: [\n pulumi.interpolate`arn:aws:s3:::${core.fileManagerBucketId}`,\n pulumi.interpolate`arn:aws:s3:::${core.fileManagerBucketId}/*`\n ]\n },\n {\n Sid: \"PermissionForDynamoDB\",\n Effect: \"Allow\",\n Action: [\"dynamodb:GetItem\", \"dynamodb:Query\"],\n Resource: [\n pulumi.interpolate`${core.primaryDynamodbTableArn}`,\n pulumi.interpolate`${core.primaryDynamodbTableArn}/*`\n ]\n },\n {\n Sid: \"PermissionForDynamoDBLog\",\n Effect: \"Allow\",\n Action: [\n \"dynamodb:GetItem\",\n \"dynamodb:Query\",\n \"dynamodb:PutItem\",\n \"dynamodb:BatchWriteItem\"\n ],\n Resource: [\n pulumi.interpolate`${core.logDynamodbTableArn}`,\n pulumi.interpolate`${core.logDynamodbTableArn}/*`\n ]\n }\n ]\n }\n }\n });\n}\n"],"mappings":";;;;;;;;AAAA,IAAAA,KAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,MAAA,GAAAC,uBAAA,CAAAF,OAAA;AACA,IAAAG,GAAA,GAAAD,uBAAA,CAAAF,OAAA;AACA,IAAAI,UAAA,GAAAJ,OAAA;AACA,IAAAK,QAAA,GAAAL,OAAA;AAEA,IAAAM,YAAA,GAAAN,OAAA;AACA,IAAAO,CAAA,GAAAP,OAAA;AACA,IAAAQ,SAAA,GAAAR,OAAA;AACA,IAAAS,UAAA,GAAAT,OAAA;AAQO,MAAMU,cAAc,GAAAC,OAAA,CAAAD,cAAA,GAAG,IAAAE,wBAAe,EAAC;EAC1CC,IAAI,EAAE,gBAAgB;EACtBC,MAAMA,CAACC,GAAc,EAAED,MAA4B,EAAE;IACjD,MAAME,IAAI,GAAGD,GAAG,CAACE,SAAS,CAACC,YAAU,CAAC;IACtC,MAAMC,OAAO,GAAGJ,GAAG,CAACE,SAAS,CAACG,YAAU,CAAC;IACzC,MAAMC,SAAS,GAAG,IAAAC,yBAAe,EAACP,GAAG,CAAC;IAEtC,MAAMQ,MAAM,GAAGC,6BAA6B,CAACT,GAAG,CAAC;IACjD,MAAMU,IAAI,GAAG,IAAAC,6BAAgB,EAACX,GAAG,EAAE;MAC/BF,IAAI,EAAE,gBAAgB;MACtBU,MAAM,EAAEA,MAAM,CAACI;IACnB,CAAC,CAAC;IAEF,MAAMC,MAAM,GAAGb,GAAG,CAACc,WAAW,CAAC1B,GAAG,CAAC2B,MAAM,CAACC,QAAQ,EAAE;MAChDlB,IAAI,EAAE,WAAW;MACjBC,MAAM,EAAE;QACJW,IAAI,EAAEA,IAAI,CAACE,MAAM,CAACK,GAAG;QACrBC,OAAO,EAAEC,yBAAc;QACvBC,OAAO,EAAE,iBAAiB;QAC1BC,OAAO,EAAE,EAAE;QACXC,UAAU,EAAE,IAAI;QAChBC,WAAW,EAAE,mCAAmC;QAChDC,IAAI,EAAE,IAAItC,MAAM,CAACuC,KAAK,CAACC,YAAY,CAAC;UAChC,GAAG,EAAE,IAAIxC,MAAM,CAACuC,KAAK,CAACE,WAAW,CAC7BC,aAAI,CAACC,IAAI,CAAC7B,GAAG,CAAC8B,KAAK,CAACC,SAAS,EAAE,0BAA0B,CAC7D;QACJ,CAAC,CAAC;QACFC,WAAW,EAAE;UACTC,SAAS,EAAE,IAAAC,wCAA2B,EAAC,CAAC,CAACC,KAAK,CAACC,KAAK,KAAK;YACrD,GAAGA,KAAK;YACRC,SAAS,EAAEpC,IAAI,CAACqC;UACpB,CAAC,CAAC;QACN,CAAC;QACDC,SAAS,EAAEvC,GAAG,CAACE,SAAS,CAACsC,WAAS,CAAC,CAACC;MACxC;IACJ,CAAC,CAAC;IAEF,MAAMC,UAAU,GAAGtC,OAAO,CAACuC,SAAS,CAACvC,OAAO,CAACL,MAAM,CAAC6C,KAAK,CAAC,CAAC;IAE3D,MAAMC,QAAQ,GAAG7C,GAAG,CAACc,WAAW,CAAC1B,GAAG,CAAC2B,MAAM,CAACC,QAAQ,EAAE;MAClDlB,IAAI,EAAE,aAAa;MACnBC,MAAM,EAAE;QACJ,GAAG2C,UAAU;QACbpB,UAAU,EAAE,IAAI;QAChBC,WAAW,EAAE,mCAAmC;QAChDuB,MAAM,EAAE,CAAC,IAAAC,sBAAW,EAAC,OAAO,CAAC,CAAC;QAC9Bf,WAAW,EAAE;UACTC,SAAS,EAAE7B,OAAO,CAACuC,SAAS,CAACvC,OAAO,CAACQ,MAAM,CAACoB,WAAW,CAACG,KAAK,CAACa,GAAG,IAAI;YACjE,OAAO;cACHC,oBAAoB,EAAE,gBAAgB;cACtC,GAAGD,GAAG,EAAEf,SAAS;cACjB,GAAGlC,MAAM,CAACiD;YACd,CAAC;UACL,CAAC;QACL;MACJ;IACJ,CAAC,CAAC;IAEF,MAAME,wBAAwB,GAAGlD,GAAG,CAACc,WAAW,CAAC1B,GAAG,CAAC2B,MAAM,CAACoC,UAAU,EAAE;MACpErD,IAAI,EAAE,gCAAgC;MACtCC,MAAM,EAAE;QACJqD,MAAM,EAAE,uBAAuB;QAC/BC,QAAQ,EAAExC,MAAM,CAACD,MAAM,CAACK,GAAG;QAC3BqC,SAAS,EAAE,kBAAkB;QAC7BC,SAAS,EAAErE,MAAM,CAACsE,WAAW,gBAAgBvD,IAAI,CAACqC,mBAAmB,EAAE;QACvEmB,aAAa,EAAEnD;MACnB,CAAC;MACDoD,IAAI,EAAE;QACFC,SAAS,EAAE,CAAC9C,MAAM,CAACD,MAAM;MAC7B;IACJ,CAAC,CAAC;IAEF,MAAMgD,kBAAkB,GAAG5D,GAAG,CAACc,WAAW,CAAC1B,GAAG,CAACyE,EAAE,CAACC,kBAAkB,EAAE;MAClEhE,IAAI,EAAE,oBAAoB;MAC1BC,MAAM,EAAE;QACJgE,MAAM,EAAE9D,IAAI,CAACqC,mBAAmB;QAChC0B,eAAe,EAAE,CACb;UACIC,iBAAiB,EAAEpD,MAAM,CAACD,MAAM,CAACK,GAAG;UACpCiD,MAAM,EAAE,CAAC,oBAAoB;QACjC,CAAC;MAET,CAAC;MACDR,IAAI,EAAE;QACFC,SAAS,EAAE,CAAC9C,MAAM,CAACD,MAAM,EAAEsC,wBAAwB,CAACtC,MAAM;MAC9D;IACJ,CAAC,CAAC;IAEF,MAAM+B,SAAS,GAAG;MACd9B,MAAM;MACNgC;IACJ,CAAC;IAED,OAAO;MACHF,SAAS;MACTiB;IACJ,CAAC;EACL;AACJ,CAAC,CAAC;AAEF,SAASnD,6BAA6BA,CAACT,GAAc,EAAE;EACnD,MAAMC,IAAI,GAAGD,GAAG,CAACE,SAAS,CAACC,YAAU,CAAC;EAEtC,OAAOH,GAAG,CAACc,WAAW,CAAC1B,GAAG,CAAC+E,GAAG,CAACC,MAAM,EAAE;IACnCtE,IAAI,EAAE,yBAAyB;IAC/BC,MAAM,EAAE;MACJwB,WAAW,EAAE,6CAA6C;MAC1Df,MAAM,EAAE;QACJ6D,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIC,GAAG,EAAE,qBAAqB;UAC1BC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,uBAAuB;UAC/BC,QAAQ,EAAE;QACd,CAAC,EACD;UACIH,GAAG,EAAE,iBAAiB;UACtBC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CACJ,iBAAiB,EACjB,cAAc,EACd,cAAc,EACd,eAAe,CAClB;UACDC,QAAQ,EAAE,CACNxF,MAAM,CAACsE,WAAW,gBAAgBvD,IAAI,CAACqC,mBAAmB,EAAE,EAC5DpD,MAAM,CAACsE,WAAW,gBAAgBvD,IAAI,CAACqC,mBAAmB,IAAI;QAEtE,CAAC,EACD;UACIiC,GAAG,EAAE,uBAAuB;UAC5BC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CAAC,kBAAkB,EAAE,gBAAgB,CAAC;UAC9CC,QAAQ,EAAE,CACNxF,MAAM,CAACsE,WAAW,GAAGvD,IAAI,CAAC0E,uBAAuB,EAAE,EACnDzF,MAAM,CAACsE,WAAW,GAAGvD,IAAI,CAAC0E,uBAAuB,IAAI;QAE7D,CAAC,EACD;UACIJ,GAAG,EAAE,0BAA0B;UAC/BC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CACJ,kBAAkB,EAClB,gBAAgB,EAChB,kBAAkB,EAClB,yBAAyB,CAC5B;UACDC,QAAQ,EAAE,CACNxF,MAAM,CAACsE,WAAW,GAAGvD,IAAI,CAAC2E,mBAAmB,EAAE,EAC/C1F,MAAM,CAACsE,WAAW,GAAGvD,IAAI,CAAC2E,mBAAmB,IAAI;QAEzD,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;AACN","ignoreList":[]}
1
+ {"version":3,"names":["_path","_interopRequireDefault","require","pulumi","_interopRequireWildcard","aws","_awsLayers","_pulumi2","_lambdaUtils","_","_awsUtils","_constants","ApiFileManager","exports","createAppModule","name","config","app","core","getModule","CoreOutput","graphql","ApiGraphql","accountId","getAwsAccountId","policy","createFileManagerLambdaPolicy","role","createLambdaRole","output","manage","addResource","lambda","Function","arn","runtime","LAMBDA_RUNTIME","handler","timeout","memorySize","description","code","asset","AssetArchive","FileArchive","path","join","paths","workspace","environment","variables","getCommonLambdaEnvVariables","apply","value","S3_BUCKET","fileManagerBucketId","vpcConfig","VpcConfig","functionVpcConfig","baseConfig","functions","clone","download","layers","getLayerArn","env","WEBINY_FUNCTION_TYPE","manageS3LambdaPermission","Permission","action","function","principal","sourceArn","interpolate","sourceAccount","opts","dependsOn","bucketNotification","s3","BucketNotification","bucket","lambdaFunctions","lambdaFunctionArn","events","roles","policies","iam","Policy","Version","Statement","Sid","Effect","Action","Resource","primaryDynamodbTableArn","logDynamodbTableArn"],"sources":["ApiFileManager.ts"],"sourcesContent":["import path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport { getLayerArn } from \"@webiny/aws-layers\";\nimport type { PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\nimport { createAppModule } from \"@webiny/pulumi\";\n\nimport { createLambdaRole, getCommonLambdaEnvVariables } from \"../lambdaUtils\";\nimport { ApiGraphql, CoreOutput, VpcConfig } from \"~/apps\";\nimport { getAwsAccountId } from \"~/apps/awsUtils\";\nimport { LAMBDA_RUNTIME } from \"~/constants\";\n\nexport type ApiFileManager = PulumiAppModule<typeof ApiFileManager>;\n\ninterface ApiFileManagerConfig {\n env: Record<string, any>;\n}\n\nexport const ApiFileManager = createAppModule({\n name: \"ApiFileManager\",\n config(app: PulumiApp, config: ApiFileManagerConfig) {\n const core = app.getModule(CoreOutput);\n const graphql = app.getModule(ApiGraphql);\n const accountId = getAwsAccountId(app);\n\n const policy = createFileManagerLambdaPolicy(app);\n const role = createLambdaRole(app, {\n name: \"fm-lambda-role\",\n policy: policy.output\n });\n\n const manage = app.addResource(aws.lambda.Function, {\n name: \"fm-manage\",\n config: {\n role: role.output.arn,\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n timeout: 30,\n memorySize: 1024,\n description: \"Triggered when a file is deleted.\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"fileManager/manage/build\")\n )\n }),\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n S3_BUCKET: core.fileManagerBucketId\n }))\n },\n vpcConfig: app.getModule(VpcConfig).functionVpcConfig\n }\n });\n\n const baseConfig = graphql.functions.graphql.config.clone();\n\n const download = app.addResource(aws.lambda.Function, {\n name: \"fm-download\",\n config: {\n ...baseConfig,\n memorySize: 1600,\n description: \"Serves previously uploaded files.\",\n layers: [getLayerArn(\"sharp\")],\n environment: {\n variables: graphql.functions.graphql.output.environment.apply(env => {\n return {\n WEBINY_FUNCTION_TYPE: \"asset-delivery\",\n ...env?.variables,\n ...config.env\n };\n })\n }\n }\n });\n\n const manageS3LambdaPermission = app.addResource(aws.lambda.Permission, {\n name: \"fm-manage-s3-lambda-permission\",\n config: {\n action: \"lambda:InvokeFunction\",\n function: manage.output.arn,\n principal: \"s3.amazonaws.com\",\n sourceArn: pulumi.interpolate`arn:aws:s3:::${core.fileManagerBucketId}`,\n sourceAccount: accountId\n },\n opts: {\n dependsOn: [manage.output]\n }\n });\n\n const bucketNotification = app.addResource(aws.s3.BucketNotification, {\n name: \"bucketNotification\",\n config: {\n bucket: core.fileManagerBucketId,\n lambdaFunctions: [\n {\n lambdaFunctionArn: manage.output.arn,\n events: [\"s3:ObjectRemoved:*\"]\n }\n ]\n },\n opts: {\n dependsOn: [manage.output, manageS3LambdaPermission.output]\n }\n });\n\n const functions = {\n manage,\n download\n };\n\n return {\n roles: {\n manage: role\n },\n policies: {\n manage: policy\n },\n functions,\n bucketNotification\n };\n }\n});\n\nfunction createFileManagerLambdaPolicy(app: PulumiApp) {\n const core = app.getModule(CoreOutput);\n\n return app.addResource(aws.iam.Policy, {\n name: \"FileManagerLambdaPolicy\",\n config: {\n description: \"This policy enables access to Lambda and S3\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionForLambda\",\n Effect: \"Allow\",\n Action: \"lambda:InvokeFunction\",\n Resource: \"*\"\n },\n {\n Sid: \"PermissionForS3\",\n Effect: \"Allow\",\n Action: [\n \"s3:DeleteObject\",\n \"s3:PutObject\",\n \"s3:GetObject\",\n \"s3:ListBucket\"\n ],\n Resource: [\n pulumi.interpolate`arn:aws:s3:::${core.fileManagerBucketId}`,\n pulumi.interpolate`arn:aws:s3:::${core.fileManagerBucketId}/*`\n ]\n },\n {\n Sid: \"PermissionForDynamoDB\",\n Effect: \"Allow\",\n Action: [\"dynamodb:GetItem\", \"dynamodb:Query\"],\n Resource: [\n pulumi.interpolate`${core.primaryDynamodbTableArn}`,\n pulumi.interpolate`${core.primaryDynamodbTableArn}/*`\n ]\n },\n {\n Sid: \"PermissionForDynamoDBLog\",\n Effect: \"Allow\",\n Action: [\n \"dynamodb:GetItem\",\n \"dynamodb:Query\",\n \"dynamodb:PutItem\",\n \"dynamodb:BatchWriteItem\"\n ],\n Resource: [\n pulumi.interpolate`${core.logDynamodbTableArn}`,\n pulumi.interpolate`${core.logDynamodbTableArn}/*`\n ]\n }\n ]\n }\n }\n });\n}\n"],"mappings":";;;;;;;;AAAA,IAAAA,KAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,MAAA,GAAAC,uBAAA,CAAAF,OAAA;AACA,IAAAG,GAAA,GAAAD,uBAAA,CAAAF,OAAA;AACA,IAAAI,UAAA,GAAAJ,OAAA;AAEA,IAAAK,QAAA,GAAAL,OAAA;AAEA,IAAAM,YAAA,GAAAN,OAAA;AACA,IAAAO,CAAA,GAAAP,OAAA;AACA,IAAAQ,SAAA,GAAAR,OAAA;AACA,IAAAS,UAAA,GAAAT,OAAA;AAQO,MAAMU,cAAc,GAAAC,OAAA,CAAAD,cAAA,GAAG,IAAAE,wBAAe,EAAC;EAC1CC,IAAI,EAAE,gBAAgB;EACtBC,MAAMA,CAACC,GAAc,EAAED,MAA4B,EAAE;IACjD,MAAME,IAAI,GAAGD,GAAG,CAACE,SAAS,CAACC,YAAU,CAAC;IACtC,MAAMC,OAAO,GAAGJ,GAAG,CAACE,SAAS,CAACG,YAAU,CAAC;IACzC,MAAMC,SAAS,GAAG,IAAAC,yBAAe,EAACP,GAAG,CAAC;IAEtC,MAAMQ,MAAM,GAAGC,6BAA6B,CAACT,GAAG,CAAC;IACjD,MAAMU,IAAI,GAAG,IAAAC,6BAAgB,EAACX,GAAG,EAAE;MAC/BF,IAAI,EAAE,gBAAgB;MACtBU,MAAM,EAAEA,MAAM,CAACI;IACnB,CAAC,CAAC;IAEF,MAAMC,MAAM,GAAGb,GAAG,CAACc,WAAW,CAAC1B,GAAG,CAAC2B,MAAM,CAACC,QAAQ,EAAE;MAChDlB,IAAI,EAAE,WAAW;MACjBC,MAAM,EAAE;QACJW,IAAI,EAAEA,IAAI,CAACE,MAAM,CAACK,GAAG;QACrBC,OAAO,EAAEC,yBAAc;QACvBC,OAAO,EAAE,iBAAiB;QAC1BC,OAAO,EAAE,EAAE;QACXC,UAAU,EAAE,IAAI;QAChBC,WAAW,EAAE,mCAAmC;QAChDC,IAAI,EAAE,IAAItC,MAAM,CAACuC,KAAK,CAACC,YAAY,CAAC;UAChC,GAAG,EAAE,IAAIxC,MAAM,CAACuC,KAAK,CAACE,WAAW,CAC7BC,aAAI,CAACC,IAAI,CAAC7B,GAAG,CAAC8B,KAAK,CAACC,SAAS,EAAE,0BAA0B,CAC7D;QACJ,CAAC,CAAC;QACFC,WAAW,EAAE;UACTC,SAAS,EAAE,IAAAC,wCAA2B,EAAC,CAAC,CAACC,KAAK,CAACC,KAAK,KAAK;YACrD,GAAGA,KAAK;YACRC,SAAS,EAAEpC,IAAI,CAACqC;UACpB,CAAC,CAAC;QACN,CAAC;QACDC,SAAS,EAAEvC,GAAG,CAACE,SAAS,CAACsC,WAAS,CAAC,CAACC;MACxC;IACJ,CAAC,CAAC;IAEF,MAAMC,UAAU,GAAGtC,OAAO,CAACuC,SAAS,CAACvC,OAAO,CAACL,MAAM,CAAC6C,KAAK,CAAC,CAAC;IAE3D,MAAMC,QAAQ,GAAG7C,GAAG,CAACc,WAAW,CAAC1B,GAAG,CAAC2B,MAAM,CAACC,QAAQ,EAAE;MAClDlB,IAAI,EAAE,aAAa;MACnBC,MAAM,EAAE;QACJ,GAAG2C,UAAU;QACbpB,UAAU,EAAE,IAAI;QAChBC,WAAW,EAAE,mCAAmC;QAChDuB,MAAM,EAAE,CAAC,IAAAC,sBAAW,EAAC,OAAO,CAAC,CAAC;QAC9Bf,WAAW,EAAE;UACTC,SAAS,EAAE7B,OAAO,CAACuC,SAAS,CAACvC,OAAO,CAACQ,MAAM,CAACoB,WAAW,CAACG,KAAK,CAACa,GAAG,IAAI;YACjE,OAAO;cACHC,oBAAoB,EAAE,gBAAgB;cACtC,GAAGD,GAAG,EAAEf,SAAS;cACjB,GAAGlC,MAAM,CAACiD;YACd,CAAC;UACL,CAAC;QACL;MACJ;IACJ,CAAC,CAAC;IAEF,MAAME,wBAAwB,GAAGlD,GAAG,CAACc,WAAW,CAAC1B,GAAG,CAAC2B,MAAM,CAACoC,UAAU,EAAE;MACpErD,IAAI,EAAE,gCAAgC;MACtCC,MAAM,EAAE;QACJqD,MAAM,EAAE,uBAAuB;QAC/BC,QAAQ,EAAExC,MAAM,CAACD,MAAM,CAACK,GAAG;QAC3BqC,SAAS,EAAE,kBAAkB;QAC7BC,SAAS,EAAErE,MAAM,CAACsE,WAAW,gBAAgBvD,IAAI,CAACqC,mBAAmB,EAAE;QACvEmB,aAAa,EAAEnD;MACnB,CAAC;MACDoD,IAAI,EAAE;QACFC,SAAS,EAAE,CAAC9C,MAAM,CAACD,MAAM;MAC7B;IACJ,CAAC,CAAC;IAEF,MAAMgD,kBAAkB,GAAG5D,GAAG,CAACc,WAAW,CAAC1B,GAAG,CAACyE,EAAE,CAACC,kBAAkB,EAAE;MAClEhE,IAAI,EAAE,oBAAoB;MAC1BC,MAAM,EAAE;QACJgE,MAAM,EAAE9D,IAAI,CAACqC,mBAAmB;QAChC0B,eAAe,EAAE,CACb;UACIC,iBAAiB,EAAEpD,MAAM,CAACD,MAAM,CAACK,GAAG;UACpCiD,MAAM,EAAE,CAAC,oBAAoB;QACjC,CAAC;MAET,CAAC;MACDR,IAAI,EAAE;QACFC,SAAS,EAAE,CAAC9C,MAAM,CAACD,MAAM,EAAEsC,wBAAwB,CAACtC,MAAM;MAC9D;IACJ,CAAC,CAAC;IAEF,MAAM+B,SAAS,GAAG;MACd9B,MAAM;MACNgC;IACJ,CAAC;IAED,OAAO;MACHsB,KAAK,EAAE;QACHtD,MAAM,EAAEH;MACZ,CAAC;MACD0D,QAAQ,EAAE;QACNvD,MAAM,EAAEL;MACZ,CAAC;MACDmC,SAAS;MACTiB;IACJ,CAAC;EACL;AACJ,CAAC,CAAC;AAEF,SAASnD,6BAA6BA,CAACT,GAAc,EAAE;EACnD,MAAMC,IAAI,GAAGD,GAAG,CAACE,SAAS,CAACC,YAAU,CAAC;EAEtC,OAAOH,GAAG,CAACc,WAAW,CAAC1B,GAAG,CAACiF,GAAG,CAACC,MAAM,EAAE;IACnCxE,IAAI,EAAE,yBAAyB;IAC/BC,MAAM,EAAE;MACJwB,WAAW,EAAE,6CAA6C;MAC1Df,MAAM,EAAE;QACJ+D,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIC,GAAG,EAAE,qBAAqB;UAC1BC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,uBAAuB;UAC/BC,QAAQ,EAAE;QACd,CAAC,EACD;UACIH,GAAG,EAAE,iBAAiB;UACtBC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CACJ,iBAAiB,EACjB,cAAc,EACd,cAAc,EACd,eAAe,CAClB;UACDC,QAAQ,EAAE,CACN1F,MAAM,CAACsE,WAAW,gBAAgBvD,IAAI,CAACqC,mBAAmB,EAAE,EAC5DpD,MAAM,CAACsE,WAAW,gBAAgBvD,IAAI,CAACqC,mBAAmB,IAAI;QAEtE,CAAC,EACD;UACImC,GAAG,EAAE,uBAAuB;UAC5BC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CAAC,kBAAkB,EAAE,gBAAgB,CAAC;UAC9CC,QAAQ,EAAE,CACN1F,MAAM,CAACsE,WAAW,GAAGvD,IAAI,CAAC4E,uBAAuB,EAAE,EACnD3F,MAAM,CAACsE,WAAW,GAAGvD,IAAI,CAAC4E,uBAAuB,IAAI;QAE7D,CAAC,EACD;UACIJ,GAAG,EAAE,0BAA0B;UAC/BC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CACJ,kBAAkB,EAClB,gBAAgB,EAChB,kBAAkB,EAClB,yBAAyB,CAC5B;UACDC,QAAQ,EAAE,CACN1F,MAAM,CAACsE,WAAW,GAAGvD,IAAI,CAAC6E,mBAAmB,EAAE,EAC/C5F,MAAM,CAACsE,WAAW,GAAGvD,IAAI,CAAC6E,mBAAmB,IAAI;QAEzD,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;AACN","ignoreList":[]}
package/apps/api/ApiGateway.d.ts CHANGED
@@ -1,5 +1,5 @@
1
- import * as pulumi from "@pulumi/pulumi";
2
- import { PulumiAppModule } from "@webiny/pulumi";
1
+ import type * as pulumi from "@pulumi/pulumi";
2
+ import type { PulumiAppModule } from "@webiny/pulumi";
3
3
  export interface ApiRouteParams {
4
4
  path: pulumi.Input<string>;
5
5
  method: pulumi.Input<string>;
package/apps/api/ApiGateway.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["aws","_interopRequireWildcard","require","_pulumi","ApiGateway","exports","createAppModule","name","config","app","routesConfig","api","addResource","apigatewayv2","Api","protocolType","description","stage","Stage","apiId","output","id","autoDeploy","defaultRouteSettings","throttlingBurstLimit","throttlingRateLimit","routes","Object","keys","addRoute","params","route","createRoute","integration","Integration","integrationType","integrationMethod","method","integrationUri","function","passthroughBehavior","Route","routeKey","path","target","apply","value","permission","lambda","Permission","action","principal","sourceArn","executionArn","arn"],"sources":["ApiGateway.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport { createAppModule, PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\n\nexport interface ApiRouteParams {\n path: pulumi.Input<string>;\n method: pulumi.Input<string>;\n function: pulumi.Input<string>;\n}\n\nexport type ApiGateway = PulumiAppModule<typeof ApiGateway>;\n\nexport const ApiGateway = createAppModule({\n name: \"ApiGateway\",\n config(app: PulumiApp, routesConfig: Record<string, ApiRouteParams>) {\n const api = app.addResource(aws.apigatewayv2.Api, {\n name: \"api-gateway\",\n config: {\n protocolType: \"HTTP\",\n description: \"Main API gateway\"\n }\n });\n\n const stage = app.addResource(aws.apigatewayv2.Stage, {\n name: \"default\",\n config: {\n apiId: api.output.id,\n autoDeploy: true,\n defaultRouteSettings: {\n // Only enable when debugging. Note that by default, API Gateway does not\n // have the required permissions to write logs to CloudWatch logs. More:\n // https://coady.tech/aws-cloudwatch-logs-arn/\n // loggingLevel: \"INFO\",\n throttlingBurstLimit: 5000,\n throttlingRateLimit: 10000\n }\n }\n });\n\n const routes: Record<string, ReturnType<typeof createRoute>> = {};\n\n for (const name of Object.keys(routesConfig)) {\n addRoute(name, routesConfig[name]);\n }\n\n return {\n api,\n stage,\n routes,\n addRoute\n };\n\n function addRoute(name: string, params: ApiRouteParams) {\n const route = createRoute(app, api.output, name, params);\n routes[name] = route;\n }\n }\n});\n\nfunction createRoute(\n app: PulumiApp,\n api: pulumi.Output<aws.apigatewayv2.Api>,\n name: string,\n params: ApiRouteParams\n) {\n const integration = app.addResource(aws.apigatewayv2.Integration, {\n name: name,\n config: {\n description: \"GraphQL API Integration\",\n apiId: api.id,\n integrationType: \"AWS_PROXY\",\n integrationMethod: params.method,\n integrationUri: params.function,\n passthroughBehavior: \"WHEN_NO_MATCH\"\n }\n });\n\n const route = app.addResource(aws.apigatewayv2.Route, {\n name: name,\n config: {\n apiId: api.id,\n routeKey: `${params.method} ${params.path}`,\n target: integration.output.id.apply(value => `integrations/${value}`)\n }\n });\n\n const permission = app.addResource(aws.lambda.Permission, {\n name: `allow-${name}`,\n config: {\n action: \"lambda:InvokeFunction\",\n function: params.function,\n principal: \"apigateway.amazonaws.com\",\n sourceArn: api.executionArn.apply(arn => `${arn}/*/*${params.path}`)\n }\n });\n\n return {\n integration,\n route,\n permission\n };\n}\n"],"mappings":";;;;;;;AAAA,IAAAA,GAAA,GAAAC,uBAAA,CAAAC,OAAA;AAEA,IAAAC,OAAA,GAAAD,OAAA;AAUO,MAAME,UAAU,GAAAC,OAAA,CAAAD,UAAA,GAAG,IAAAE,uBAAe,EAAC;EACtCC,IAAI,EAAE,YAAY;EAClBC,MAAMA,CAACC,GAAc,EAAEC,YAA4C,EAAE;IACjE,MAAMC,GAAG,GAAGF,GAAG,CAACG,WAAW,CAACZ,GAAG,CAACa,YAAY,CAACC,GAAG,EAAE;MAC9CP,IAAI,EAAE,aAAa;MACnBC,MAAM,EAAE;QACJO,YAAY,EAAE,MAAM;QACpBC,WAAW,EAAE;MACjB;IACJ,CAAC,CAAC;IAEF,MAAMC,KAAK,GAAGR,GAAG,CAACG,WAAW,CAACZ,GAAG,CAACa,YAAY,CAACK,KAAK,EAAE;MAClDX,IAAI,EAAE,SAAS;MACfC,MAAM,EAAE;QACJW,KAAK,EAAER,GAAG,CAACS,MAAM,CAACC,EAAE;QACpBC,UAAU,EAAE,IAAI;QAChBC,oBAAoB,EAAE;UAClB;UACA;UACA;UACA;UACAC,oBAAoB,EAAE,IAAI;UAC1BC,mBAAmB,EAAE;QACzB;MACJ;IACJ,CAAC,CAAC;IAEF,MAAMC,MAAsD,GAAG,CAAC,CAAC;IAEjE,KAAK,MAAMnB,IAAI,IAAIoB,MAAM,CAACC,IAAI,CAAClB,YAAY,CAAC,EAAE;MAC1CmB,QAAQ,CAACtB,IAAI,EAAEG,YAAY,CAACH,IAAI,CAAC,CAAC;IACtC;IAEA,OAAO;MACHI,GAAG;MACHM,KAAK;MACLS,MAAM;MACNG;IACJ,CAAC;IAED,SAASA,QAAQA,CAACtB,IAAY,EAAEuB,MAAsB,EAAE;MACpD,MAAMC,KAAK,GAAGC,WAAW,CAACvB,GAAG,EAAEE,GAAG,CAACS,MAAM,EAAEb,IAAI,EAAEuB,MAAM,CAAC;MACxDJ,MAAM,CAACnB,IAAI,CAAC,GAAGwB,KAAK;IACxB;EACJ;AACJ,CAAC,CAAC;AAEF,SAASC,WAAWA,CAChBvB,GAAc,EACdE,GAAwC,EACxCJ,IAAY,EACZuB,MAAsB,EACxB;EACE,MAAMG,WAAW,GAAGxB,GAAG,CAACG,WAAW,CAACZ,GAAG,CAACa,YAAY,CAACqB,WAAW,EAAE;IAC9D3B,IAAI,EAAEA,IAAI;IACVC,MAAM,EAAE;MACJQ,WAAW,EAAE,yBAAyB;MACtCG,KAAK,EAAER,GAAG,CAACU,EAAE;MACbc,eAAe,EAAE,WAAW;MAC5BC,iBAAiB,EAAEN,MAAM,CAACO,MAAM;MAChCC,cAAc,EAAER,MAAM,CAACS,QAAQ;MAC/BC,mBAAmB,EAAE;IACzB;EACJ,CAAC,CAAC;EAEF,MAAMT,KAAK,GAAGtB,GAAG,CAACG,WAAW,CAACZ,GAAG,CAACa,YAAY,CAAC4B,KAAK,EAAE;IAClDlC,IAAI,EAAEA,IAAI;IACVC,MAAM,EAAE;MACJW,KAAK,EAAER,GAAG,CAACU,EAAE;MACbqB,QAAQ,EAAE,GAAGZ,MAAM,CAACO,MAAM,IAAIP,MAAM,CAACa,IAAI,EAAE;MAC3CC,MAAM,EAAEX,WAAW,CAACb,MAAM,CAACC,EAAE,CAACwB,KAAK,CAACC,KAAK,IAAI,gBAAgBA,KAAK,EAAE;IACxE;EACJ,CAAC,CAAC;EAEF,MAAMC,UAAU,GAAGtC,GAAG,CAACG,WAAW,CAACZ,GAAG,CAACgD,MAAM,CAACC,UAAU,EAAE;IACtD1C,IAAI,EAAE,SAASA,IAAI,EAAE;IACrBC,MAAM,EAAE;MACJ0C,MAAM,EAAE,uBAAuB;MAC/BX,QAAQ,EAAET,MAAM,CAACS,QAAQ;MACzBY,SAAS,EAAE,0BAA0B;MACrCC,SAAS,EAAEzC,GAAG,CAAC0C,YAAY,CAACR,KAAK,CAACS,GAAG,IAAI,GAAGA,GAAG,OAAOxB,MAAM,CAACa,IAAI,EAAE;IACvE;EACJ,CAAC,CAAC;EAEF,OAAO;IACHV,WAAW;IACXF,KAAK;IACLgB;EACJ,CAAC;AACL","ignoreList":[]}
1
+ {"version":3,"names":["aws","_interopRequireWildcard","require","_pulumi","ApiGateway","exports","createAppModule","name","config","app","routesConfig","api","addResource","apigatewayv2","Api","protocolType","description","stage","Stage","apiId","output","id","autoDeploy","defaultRouteSettings","throttlingBurstLimit","throttlingRateLimit","routes","Object","keys","addRoute","params","route","createRoute","integration","Integration","integrationType","integrationMethod","method","integrationUri","function","passthroughBehavior","Route","routeKey","path","target","apply","value","permission","lambda","Permission","action","principal","sourceArn","executionArn","arn"],"sources":["ApiGateway.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport type * as pulumi from \"@pulumi/pulumi\";\nimport type { PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\nimport { createAppModule } from \"@webiny/pulumi\";\n\nexport interface ApiRouteParams {\n path: pulumi.Input<string>;\n method: pulumi.Input<string>;\n function: pulumi.Input<string>;\n}\n\nexport type ApiGateway = PulumiAppModule<typeof ApiGateway>;\n\nexport const ApiGateway = createAppModule({\n name: \"ApiGateway\",\n config(app: PulumiApp, routesConfig: Record<string, ApiRouteParams>) {\n const api = app.addResource(aws.apigatewayv2.Api, {\n name: \"api-gateway\",\n config: {\n protocolType: \"HTTP\",\n description: \"Main API gateway\"\n }\n });\n\n const stage = app.addResource(aws.apigatewayv2.Stage, {\n name: \"default\",\n config: {\n apiId: api.output.id,\n autoDeploy: true,\n defaultRouteSettings: {\n // Only enable when debugging. Note that by default, API Gateway does not\n // have the required permissions to write logs to CloudWatch logs. More:\n // https://coady.tech/aws-cloudwatch-logs-arn/\n // loggingLevel: \"INFO\",\n throttlingBurstLimit: 5000,\n throttlingRateLimit: 10000\n }\n }\n });\n\n const routes: Record<string, ReturnType<typeof createRoute>> = {};\n\n for (const name of Object.keys(routesConfig)) {\n addRoute(name, routesConfig[name]);\n }\n\n return {\n api,\n stage,\n routes,\n addRoute\n };\n\n function addRoute(name: string, params: ApiRouteParams) {\n const route = createRoute(app, api.output, name, params);\n routes[name] = route;\n }\n }\n});\n\nfunction createRoute(\n app: PulumiApp,\n api: pulumi.Output<aws.apigatewayv2.Api>,\n name: string,\n params: ApiRouteParams\n) {\n const integration = app.addResource(aws.apigatewayv2.Integration, {\n name: name,\n config: {\n description: \"GraphQL API Integration\",\n apiId: api.id,\n integrationType: \"AWS_PROXY\",\n integrationMethod: params.method,\n integrationUri: params.function,\n passthroughBehavior: \"WHEN_NO_MATCH\"\n }\n });\n\n const route = app.addResource(aws.apigatewayv2.Route, {\n name: name,\n config: {\n apiId: api.id,\n routeKey: `${params.method} ${params.path}`,\n target: integration.output.id.apply(value => `integrations/${value}`)\n }\n });\n\n const permission = app.addResource(aws.lambda.Permission, {\n name: `allow-${name}`,\n config: {\n action: \"lambda:InvokeFunction\",\n function: params.function,\n principal: \"apigateway.amazonaws.com\",\n sourceArn: api.executionArn.apply(arn => `${arn}/*/*${params.path}`)\n }\n });\n\n return {\n integration,\n route,\n permission\n };\n}\n"],"mappings":";;;;;;;AAAA,IAAAA,GAAA,GAAAC,uBAAA,CAAAC,OAAA;AAGA,IAAAC,OAAA,GAAAD,OAAA;AAUO,MAAME,UAAU,GAAAC,OAAA,CAAAD,UAAA,GAAG,IAAAE,uBAAe,EAAC;EACtCC,IAAI,EAAE,YAAY;EAClBC,MAAMA,CAACC,GAAc,EAAEC,YAA4C,EAAE;IACjE,MAAMC,GAAG,GAAGF,GAAG,CAACG,WAAW,CAACZ,GAAG,CAACa,YAAY,CAACC,GAAG,EAAE;MAC9CP,IAAI,EAAE,aAAa;MACnBC,MAAM,EAAE;QACJO,YAAY,EAAE,MAAM;QACpBC,WAAW,EAAE;MACjB;IACJ,CAAC,CAAC;IAEF,MAAMC,KAAK,GAAGR,GAAG,CAACG,WAAW,CAACZ,GAAG,CAACa,YAAY,CAACK,KAAK,EAAE;MAClDX,IAAI,EAAE,SAAS;MACfC,MAAM,EAAE;QACJW,KAAK,EAAER,GAAG,CAACS,MAAM,CAACC,EAAE;QACpBC,UAAU,EAAE,IAAI;QAChBC,oBAAoB,EAAE;UAClB;UACA;UACA;UACA;UACAC,oBAAoB,EAAE,IAAI;UAC1BC,mBAAmB,EAAE;QACzB;MACJ;IACJ,CAAC,CAAC;IAEF,MAAMC,MAAsD,GAAG,CAAC,CAAC;IAEjE,KAAK,MAAMnB,IAAI,IAAIoB,MAAM,CAACC,IAAI,CAAClB,YAAY,CAAC,EAAE;MAC1CmB,QAAQ,CAACtB,IAAI,EAAEG,YAAY,CAACH,IAAI,CAAC,CAAC;IACtC;IAEA,OAAO;MACHI,GAAG;MACHM,KAAK;MACLS,MAAM;MACNG;IACJ,CAAC;IAED,SAASA,QAAQA,CAACtB,IAAY,EAAEuB,MAAsB,EAAE;MACpD,MAAMC,KAAK,GAAGC,WAAW,CAACvB,GAAG,EAAEE,GAAG,CAACS,MAAM,EAAEb,IAAI,EAAEuB,MAAM,CAAC;MACxDJ,MAAM,CAACnB,IAAI,CAAC,GAAGwB,KAAK;IACxB;EACJ;AACJ,CAAC,CAAC;AAEF,SAASC,WAAWA,CAChBvB,GAAc,EACdE,GAAwC,EACxCJ,IAAY,EACZuB,MAAsB,EACxB;EACE,MAAMG,WAAW,GAAGxB,GAAG,CAACG,WAAW,CAACZ,GAAG,CAACa,YAAY,CAACqB,WAAW,EAAE;IAC9D3B,IAAI,EAAEA,IAAI;IACVC,MAAM,EAAE;MACJQ,WAAW,EAAE,yBAAyB;MACtCG,KAAK,EAAER,GAAG,CAACU,EAAE;MACbc,eAAe,EAAE,WAAW;MAC5BC,iBAAiB,EAAEN,MAAM,CAACO,MAAM;MAChCC,cAAc,EAAER,MAAM,CAACS,QAAQ;MAC/BC,mBAAmB,EAAE;IACzB;EACJ,CAAC,CAAC;EAEF,MAAMT,KAAK,GAAGtB,GAAG,CAACG,WAAW,CAACZ,GAAG,CAACa,YAAY,CAAC4B,KAAK,EAAE;IAClDlC,IAAI,EAAEA,IAAI;IACVC,MAAM,EAAE;MACJW,KAAK,EAAER,GAAG,CAACU,EAAE;MACbqB,QAAQ,EAAE,GAAGZ,MAAM,CAACO,MAAM,IAAIP,MAAM,CAACa,IAAI,EAAE;MAC3CC,MAAM,EAAEX,WAAW,CAACb,MAAM,CAACC,EAAE,CAACwB,KAAK,CAACC,KAAK,IAAI,gBAAgBA,KAAK,EAAE;IACxE;EACJ,CAAC,CAAC;EAEF,MAAMC,UAAU,GAAGtC,GAAG,CAACG,WAAW,CAACZ,GAAG,CAACgD,MAAM,CAACC,UAAU,EAAE;IACtD1C,IAAI,EAAE,SAASA,IAAI,EAAE;IACrBC,MAAM,EAAE;MACJ0C,MAAM,EAAE,uBAAuB;MAC/BX,QAAQ,EAAET,MAAM,CAACS,QAAQ;MACzBY,SAAS,EAAE,0BAA0B;MACrCC,SAAS,EAAEzC,GAAG,CAAC0C,YAAY,CAACR,KAAK,CAACS,GAAG,IAAI,GAAGA,GAAG,OAAOxB,MAAM,CAACa,IAAI,EAAE;IACvE;EACJ,CAAC,CAAC;EAEF,OAAO;IACHV,WAAW;IACXF,KAAK;IACLgB;EACJ,CAAC;AACL","ignoreList":[]}
package/apps/api/ApiGraphql.d.ts CHANGED
@@ -1,6 +1,6 @@
1
1
  import * as pulumi from "@pulumi/pulumi";
2
2
  import * as aws from "@pulumi/aws";
3
- import { PulumiAppModule } from "@webiny/pulumi";
3
+ import type { PulumiAppModule } from "@webiny/pulumi";
4
4
  interface GraphqlParams {
5
5
  env: Record<string, any>;
6
6
  apwSchedulerEventRule: pulumi.Output<aws.cloudwatch.EventRule>;
package/apps/api/ApiGraphql.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["_path","_interopRequireDefault","require","pulumi","_interopRequireWildcard","aws","_kebabCase","_pulumi2","_lambdaUtils","_","_awsUtils","_constants","EMPTY_TRASH_BIN_EVENT_RULE_NAME","EMPTY_TRASH_BIN_EVENT_PERMISSION_NAME","EMPTY_TRASH_BIN_EVENT_RULE_TARGET","ApiGraphql","exports","createAppModule","name","config","app","params","core","getModule","CoreOutput","policy","createGraphqlLambdaPolicy","role","createLambdaRole","output","graphql","addResource","lambda","Function","description","runtime","LAMBDA_RUNTIME","handler","arn","timeout","memorySize","code","asset","AssetArchive","FileArchive","path","join","paths","workspace","environment","variables","getCommonLambdaEnvVariables","apply","value","env","AWS_NODEJS_CONNECTION_REUSE_ENABLED","vpcConfig","VpcConfig","functionVpcConfig","dynamodb","TableItem","tableName","primaryDynamodbTableName","hashKey","primaryDynamodbTableHashKey","rangeKey","primaryDynamodbTableRangeKey","key","item","interpolate","apwSchedulerEventRule","apwSchedulerEventTarget","targetId","eventRule","cloudwatch","EventRule","scheduleExpression","Permission","action","function","principal","statementId","EventTarget","rule","input","JSON","stringify","source","functions","addRoute","routeParams","apiGateway","resources","console","log","kebabName","toKebabCase","method","coreOutput","awsAccountId","getAwsAccountId","awsRegion","getAwsRegion","iam","Policy","Version","Statement","Sid","Effect","Action","Resource","primaryDynamodbTableArn","logDynamodbTableArn","elasticsearchDynamodbTableArn","fileManagerBucketId","cognitoUserPoolArn","eventBusArn","elasticsearchDomainArn"],"sources":["ApiGraphql.ts"],"sourcesContent":["import path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport toKebabCase from \"lodash/kebabCase\";\n\nimport { createAppModule, PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\nimport { createLambdaRole, getCommonLambdaEnvVariables } from \"../lambdaUtils\";\nimport { CoreOutput, VpcConfig } from \"~/apps\";\nimport { getAwsAccountId, getAwsRegion } from \"../awsUtils\";\nimport { LAMBDA_RUNTIME } from \"~/constants\";\n\ninterface GraphqlParams {\n env: Record<string, any>;\n apwSchedulerEventRule: pulumi.Output<aws.cloudwatch.EventRule>;\n apwSchedulerEventTarget: pulumi.Output<aws.cloudwatch.EventTarget>;\n}\n\nexport interface AddRouteParams {\n /**\n * Must be in kebab case (a-z and -)\n */\n name: string;\n path: `/${string}`;\n method: \"DELETE\" | \"GET\" | \"HEAD\" | \"PATCH\" | \"POST\" | \"PUT\" | \"OPTIONS\" | \"ANY\";\n}\n\nconst EMPTY_TRASH_BIN_EVENT_RULE_NAME = `empty-trash-bin-event-rule`;\nconst EMPTY_TRASH_BIN_EVENT_PERMISSION_NAME = `empty-trash-bin-event-target-permission`;\nconst EMPTY_TRASH_BIN_EVENT_RULE_TARGET = `empty-trash-bin-event-rule-target`;\n\nexport type ApiGraphql = PulumiAppModule<typeof ApiGraphql>;\n\nexport const ApiGraphql = createAppModule({\n name: \"ApiGraphql\",\n config(app: PulumiApp, params: GraphqlParams) {\n const core = app.getModule(CoreOutput);\n\n const policy = createGraphqlLambdaPolicy(app);\n const role = createLambdaRole(app, {\n name: \"api-lambda-role\",\n policy: policy.output\n });\n\n const graphql = app.addResource(aws.lambda.Function, {\n name: \"graphql\",\n config: {\n description: \"Webiny's GraphQL APIs\",\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n role: role.output.arn,\n timeout: 30,\n memorySize: 1024,\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"graphql/build\")\n )\n }),\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n ...params.env,\n AWS_NODEJS_CONNECTION_REUSE_ENABLED: \"1\"\n }))\n },\n vpcConfig: app.getModule(VpcConfig).functionVpcConfig\n }\n });\n /**\n * Store meta information like \"mainGraphqlFunctionArn\" in APW settings at deploy time.\n *\n * Note: We can't pass \"mainGraphqlFunctionArn\" as env variable due to circular dependency between\n * \"graphql\" lambda and \"api-apw-scheduler-execute-action\" lambda.\n */\n app.addResource(aws.dynamodb.TableItem, {\n name: \"apwSettings\",\n config: {\n tableName: core.primaryDynamodbTableName,\n hashKey: core.primaryDynamodbTableHashKey,\n rangeKey: pulumi\n .output(core.primaryDynamodbTableRangeKey)\n .apply(key => key || \"SK\"),\n item: pulumi.interpolate`{\n \"PK\": {\"S\": \"APW#SETTINGS\"},\n \"SK\": {\"S\": \"default\"},\n \"mainGraphqlFunctionArn\": {\"S\": \"${graphql.output.arn}\"},\n \"eventRuleName\": {\"S\": \"${params.apwSchedulerEventRule.name}\"},\n \"eventTargetId\": {\"S\": \"${params.apwSchedulerEventTarget.targetId}\"}\n }`\n }\n });\n\n // Create event rule.\n const eventRule = app.addResource(aws.cloudwatch.EventRule, {\n name: EMPTY_TRASH_BIN_EVENT_RULE_NAME,\n config: {\n description: \"Enable us to empty the trash-bin ever day\",\n scheduleExpression: \"cron(0 3 * * ? *)\"\n }\n });\n\n // Add required permission to the target lambda.\n app.addResource(aws.lambda.Permission, {\n name: EMPTY_TRASH_BIN_EVENT_PERMISSION_NAME,\n config: {\n action: \"lambda:InvokeFunction\",\n function: graphql.output.arn,\n principal: \"events.amazonaws.com\",\n statementId: \"allow-rule-invoke-\" + EMPTY_TRASH_BIN_EVENT_RULE_NAME\n }\n });\n\n // Target the main graphql lambda.\n app.addResource(aws.cloudwatch.EventTarget, {\n name: EMPTY_TRASH_BIN_EVENT_RULE_TARGET,\n config: {\n rule: eventRule.output.name,\n arn: graphql.output.arn,\n input: JSON.stringify({\n source: \"webiny.events\",\n \"detail-type\": \"WebinyEmptyTrashBin\"\n })\n }\n });\n\n return {\n role,\n policy,\n functions: {\n graphql\n },\n addRoute: (routeParams: AddRouteParams) => {\n const apiGateway: any = app.resources.apiGateway;\n if (!apiGateway) {\n console.log(\n \"Could not add route because there is no apiGateway in the resources.\"\n );\n return;\n }\n const kebabName = toKebabCase(routeParams.name);\n if (kebabName !== routeParams.name) {\n console.log(`Route name is not allowed: \"${routeParams.name}\".`);\n return;\n }\n return apiGateway.addRoute(routeParams.name, {\n path: routeParams.path,\n method: routeParams.method,\n function: graphql.output.arn\n });\n }\n };\n }\n});\n\nfunction createGraphqlLambdaPolicy(app: PulumiApp) {\n const coreOutput = app.getModule(CoreOutput);\n const awsAccountId = getAwsAccountId(app);\n const awsRegion = getAwsRegion(app);\n\n return app.addResource(aws.iam.Policy, {\n name: \"ApiGraphqlLambdaPolicy\",\n config: {\n description: \"This policy enables access to Dynamodb, S3, Lambda and Cognito IDP\",\n // Core is pulumi.Output, so we need to run apply() to resolve policy based on it\n policy: coreOutput.apply(core => {\n const policy: aws.iam.PolicyDocument = {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionForDynamodb\",\n Effect: \"Allow\",\n Action: [\n \"dynamodb:BatchGetItem\",\n \"dynamodb:BatchWriteItem\",\n \"dynamodb:ConditionCheckItem\",\n \"dynamodb:CreateBackup\",\n \"dynamodb:CreateTable\",\n \"dynamodb:CreateTableReplica\",\n \"dynamodb:DeleteBackup\",\n \"dynamodb:DeleteItem\",\n \"dynamodb:DeleteTable\",\n \"dynamodb:DeleteTableReplica\",\n \"dynamodb:DescribeBackup\",\n \"dynamodb:DescribeContinuousBackups\",\n \"dynamodb:DescribeContributorInsights\",\n \"dynamodb:DescribeExport\",\n \"dynamodb:DescribeKinesisStreamingDestination\",\n \"dynamodb:DescribeLimits\",\n \"dynamodb:DescribeReservedCapacity\",\n \"dynamodb:DescribeReservedCapacityOfferings\",\n \"dynamodb:DescribeStream\",\n \"dynamodb:DescribeTable\",\n \"dynamodb:DescribeTableReplicaAutoScaling\",\n \"dynamodb:DescribeTimeToLive\",\n \"dynamodb:DisableKinesisStreamingDestination\",\n \"dynamodb:EnableKinesisStreamingDestination\",\n \"dynamodb:ExportTableToPointInTime\",\n \"dynamodb:GetItem\",\n \"dynamodb:GetRecords\",\n \"dynamodb:GetShardIterator\",\n \"dynamodb:ListBackups\",\n \"dynamodb:ListContributorInsights\",\n \"dynamodb:ListExports\",\n \"dynamodb:ListStreams\",\n \"dynamodb:ListTables\",\n \"dynamodb:ListTagsOfResource\",\n \"dynamodb:PartiQLDelete\",\n \"dynamodb:PartiQLInsert\",\n \"dynamodb:PartiQLSelect\",\n \"dynamodb:PartiQLUpdate\",\n \"dynamodb:PurchaseReservedCapacityOfferings\",\n \"dynamodb:PutItem\",\n \"dynamodb:Query\",\n \"dynamodb:RestoreTableFromBackup\",\n \"dynamodb:RestoreTableToPointInTime\",\n \"dynamodb:Scan\",\n \"dynamodb:UpdateContinuousBackups\",\n \"dynamodb:UpdateContributorInsights\",\n \"dynamodb:UpdateItem\",\n \"dynamodb:UpdateTable\",\n \"dynamodb:UpdateTableReplicaAutoScaling\",\n \"dynamodb:UpdateTimeToLive\"\n ],\n Resource: [\n `${core.primaryDynamodbTableArn}`,\n `${core.primaryDynamodbTableArn}/*`,\n `${core.logDynamodbTableArn}`,\n `${core.logDynamodbTableArn}/*`,\n // Attach permissions for elastic search dynamo as well (if ES is enabled).\n ...(core.elasticsearchDynamodbTableArn\n ? [\n `${core.elasticsearchDynamodbTableArn}`,\n `${core.elasticsearchDynamodbTableArn}/*`\n ]\n : [])\n ]\n },\n {\n Sid: \"PermissionForS3\",\n Effect: \"Allow\",\n Action: [\n \"s3:ListBucket\",\n \"s3:GetObjectAcl\",\n \"s3:DeleteObject\",\n \"s3:PutObjectAcl\",\n \"s3:PutObject\",\n \"s3:GetObject\"\n ],\n Resource: [\n pulumi.interpolate`arn:aws:s3:::${core.fileManagerBucketId}`,\n pulumi.interpolate`arn:aws:s3:::${core.fileManagerBucketId}/*`\n ]\n },\n {\n Sid: \"PermissionForLambda\",\n Effect: \"Allow\",\n Action: [\"lambda:InvokeFunction\"],\n Resource: pulumi.interpolate`arn:aws:lambda:${awsRegion}:${awsAccountId}:function:*`\n },\n {\n Sid: \"PermissionForCognitoIdp\",\n Effect: \"Allow\",\n Action: \"cognito-idp:*\",\n Resource: `${core.cognitoUserPoolArn}`\n },\n {\n Sid: \"PermissionForEventBus\",\n Effect: \"Allow\",\n Action: \"events:PutEvents\",\n Resource: core.eventBusArn\n },\n {\n Sid: \"PermissionForCloudfront\",\n Effect: \"Allow\",\n Action: \"cloudfront:CreateInvalidation\",\n Resource: pulumi.interpolate`arn:aws:cloudfront::${awsAccountId}:distribution/*`\n },\n // Attach permissions for elastic search domain as well (if ES is enabled).\n ...(core.elasticsearchDomainArn\n ? [\n {\n Sid: \"PermissionForES\",\n Effect: \"Allow\" as const,\n Action: \"es:*\",\n Resource: [\n `${core.elasticsearchDomainArn}`,\n `${core.elasticsearchDomainArn}/*`\n ]\n }\n ]\n : [])\n ]\n };\n\n return policy;\n })\n }\n });\n}\n"],"mappings":";;;;;;;;AAAA,IAAAA,KAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,MAAA,GAAAC,uBAAA,CAAAF,OAAA;AACA,IAAAG,GAAA,GAAAD,uBAAA,CAAAF,OAAA;AACA,IAAAI,UAAA,GAAAL,sBAAA,CAAAC,OAAA;AAEA,IAAAK,QAAA,GAAAL,OAAA;AACA,IAAAM,YAAA,GAAAN,OAAA;AACA,IAAAO,CAAA,GAAAP,OAAA;AACA,IAAAQ,SAAA,GAAAR,OAAA;AACA,IAAAS,UAAA,GAAAT,OAAA;AAiBA,MAAMU,+BAA+B,GAAG,4BAA4B;AACpE,MAAMC,qCAAqC,GAAG,yCAAyC;AACvF,MAAMC,iCAAiC,GAAG,mCAAmC;AAItE,MAAMC,UAAU,GAAAC,OAAA,CAAAD,UAAA,GAAG,IAAAE,wBAAe,EAAC;EACtCC,IAAI,EAAE,YAAY;EAClBC,MAAMA,CAACC,GAAc,EAAEC,MAAqB,EAAE;IAC1C,MAAMC,IAAI,GAAGF,GAAG,CAACG,SAAS,CAACC,YAAU,CAAC;IAEtC,MAAMC,MAAM,GAAGC,yBAAyB,CAACN,GAAG,CAAC;IAC7C,MAAMO,IAAI,GAAG,IAAAC,6BAAgB,EAACR,GAAG,EAAE;MAC/BF,IAAI,EAAE,iBAAiB;MACvBO,MAAM,EAAEA,MAAM,CAACI;IACnB,CAAC,CAAC;IAEF,MAAMC,OAAO,GAAGV,GAAG,CAACW,WAAW,CAAC1B,GAAG,CAAC2B,MAAM,CAACC,QAAQ,EAAE;MACjDf,IAAI,EAAE,SAAS;MACfC,MAAM,EAAE;QACJe,WAAW,EAAE,uBAAuB;QACpCC,OAAO,EAAEC,yBAAc;QACvBC,OAAO,EAAE,iBAAiB;QAC1BV,IAAI,EAAEA,IAAI,CAACE,MAAM,CAACS,GAAG;QACrBC,OAAO,EAAE,EAAE;QACXC,UAAU,EAAE,IAAI;QAChBC,IAAI,EAAE,IAAItC,MAAM,CAACuC,KAAK,CAACC,YAAY,CAAC;UAChC,GAAG,EAAE,IAAIxC,MAAM,CAACuC,KAAK,CAACE,WAAW,CAC7BC,aAAI,CAACC,IAAI,CAAC1B,GAAG,CAAC2B,KAAK,CAACC,SAAS,EAAE,eAAe,CAClD;QACJ,CAAC,CAAC;QACFC,WAAW,EAAE;UACTC,SAAS,EAAE,IAAAC,wCAA2B,EAAC,CAAC,CAACC,KAAK,CAACC,KAAK,KAAK;YACrD,GAAGA,KAAK;YACR,GAAGhC,MAAM,CAACiC,GAAG;YACbC,mCAAmC,EAAE;UACzC,CAAC,CAAC;QACN,CAAC;QACDC,SAAS,EAAEpC,GAAG,CAACG,SAAS,CAACkC,WAAS,CAAC,CAACC;MACxC;IACJ,CAAC,CAAC;IACF;AACR;AACA;AACA;AACA;AACA;IACQtC,GAAG,CAACW,WAAW,CAAC1B,GAAG,CAACsD,QAAQ,CAACC,SAAS,EAAE;MACpC1C,IAAI,EAAE,aAAa;MACnBC,MAAM,EAAE;QACJ0C,SAAS,EAAEvC,IAAI,CAACwC,wBAAwB;QACxCC,OAAO,EAAEzC,IAAI,CAAC0C,2BAA2B;QACzCC,QAAQ,EAAE9D,MAAM,CACX0B,MAAM,CAACP,IAAI,CAAC4C,4BAA4B,CAAC,CACzCd,KAAK,CAACe,GAAG,IAAIA,GAAG,IAAI,IAAI,CAAC;QAC9BC,IAAI,EAAEjE,MAAM,CAACkE,WAAW;AACxC;AACA;AACA,iDAAiDvC,OAAO,CAACD,MAAM,CAACS,GAAG;AACnE,wCAAwCjB,MAAM,CAACiD,qBAAqB,CAACpD,IAAI;AACzE,wCAAwCG,MAAM,CAACkD,uBAAuB,CAACC,QAAQ;AAC/E;MACY;IACJ,CAAC,CAAC;;IAEF;IACA,MAAMC,SAAS,GAAGrD,GAAG,CAACW,WAAW,CAAC1B,GAAG,CAACqE,UAAU,CAACC,SAAS,EAAE;MACxDzD,IAAI,EAAEN,+BAA+B;MACrCO,MAAM,EAAE;QACJe,WAAW,EAAE,2CAA2C;QACxD0C,kBAAkB,EAAE;MACxB;IACJ,CAAC,CAAC;;IAEF;IACAxD,GAAG,CAACW,WAAW,CAAC1B,GAAG,CAAC2B,MAAM,CAAC6C,UAAU,EAAE;MACnC3D,IAAI,EAAEL,qCAAqC;MAC3CM,MAAM,EAAE;QACJ2D,MAAM,EAAE,uBAAuB;QAC/BC,QAAQ,EAAEjD,OAAO,CAACD,MAAM,CAACS,GAAG;QAC5B0C,SAAS,EAAE,sBAAsB;QACjCC,WAAW,EAAE,oBAAoB,GAAGrE;MACxC;IACJ,CAAC,CAAC;;IAEF;IACAQ,GAAG,CAACW,WAAW,CAAC1B,GAAG,CAACqE,UAAU,CAACQ,WAAW,EAAE;MACxChE,IAAI,EAAEJ,iCAAiC;MACvCK,MAAM,EAAE;QACJgE,IAAI,EAAEV,SAAS,CAAC5C,MAAM,CAACX,IAAI;QAC3BoB,GAAG,EAAER,OAAO,CAACD,MAAM,CAACS,GAAG;QACvB8C,KAAK,EAAEC,IAAI,CAACC,SAAS,CAAC;UAClBC,MAAM,EAAE,eAAe;UACvB,aAAa,EAAE;QACnB,CAAC;MACL;IACJ,CAAC,CAAC;IAEF,OAAO;MACH5D,IAAI;MACJF,MAAM;MACN+D,SAAS,EAAE;QACP1D;MACJ,CAAC;MACD2D,QAAQ,EAAGC,WAA2B,IAAK;QACvC,MAAMC,UAAe,GAAGvE,GAAG,CAACwE,SAAS,CAACD,UAAU;QAChD,IAAI,CAACA,UAAU,EAAE;UACbE,OAAO,CAACC,GAAG,CACP,sEACJ,CAAC;UACD;QACJ;QACA,MAAMC,SAAS,GAAG,IAAAC,kBAAW,EAACN,WAAW,CAACxE,IAAI,CAAC;QAC/C,IAAI6E,SAAS,KAAKL,WAAW,CAACxE,IAAI,EAAE;UAChC2E,OAAO,CAACC,GAAG,CAAC,+BAA+BJ,WAAW,CAACxE,IAAI,IAAI,CAAC;UAChE;QACJ;QACA,OAAOyE,UAAU,CAACF,QAAQ,CAACC,WAAW,CAACxE,IAAI,EAAE;UACzC2B,IAAI,EAAE6C,WAAW,CAAC7C,IAAI;UACtBoD,MAAM,EAAEP,WAAW,CAACO,MAAM;UAC1BlB,QAAQ,EAAEjD,OAAO,CAACD,MAAM,CAACS;QAC7B,CAAC,CAAC;MACN;IACJ,CAAC;EACL;AACJ,CAAC,CAAC;AAEF,SAASZ,yBAAyBA,CAACN,GAAc,EAAE;EAC/C,MAAM8E,UAAU,GAAG9E,GAAG,CAACG,SAAS,CAACC,YAAU,CAAC;EAC5C,MAAM2E,YAAY,GAAG,IAAAC,yBAAe,EAAChF,GAAG,CAAC;EACzC,MAAMiF,SAAS,GAAG,IAAAC,sBAAY,EAAClF,GAAG,CAAC;EAEnC,OAAOA,GAAG,CAACW,WAAW,CAAC1B,GAAG,CAACkG,GAAG,CAACC,MAAM,EAAE;IACnCtF,IAAI,EAAE,wBAAwB;IAC9BC,MAAM,EAAE;MACJe,WAAW,EAAE,oEAAoE;MACjF;MACAT,MAAM,EAAEyE,UAAU,CAAC9C,KAAK,CAAC9B,IAAI,IAAI;QAC7B,MAAMG,MAA8B,GAAG;UACnCgF,OAAO,EAAE,YAAY;UACrBC,SAAS,EAAE,CACP;YACIC,GAAG,EAAE,uBAAuB;YAC5BC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,CACJ,uBAAuB,EACvB,yBAAyB,EACzB,6BAA6B,EAC7B,uBAAuB,EACvB,sBAAsB,EACtB,6BAA6B,EAC7B,uBAAuB,EACvB,qBAAqB,EACrB,sBAAsB,EACtB,6BAA6B,EAC7B,yBAAyB,EACzB,oCAAoC,EACpC,sCAAsC,EACtC,yBAAyB,EACzB,8CAA8C,EAC9C,yBAAyB,EACzB,mCAAmC,EACnC,4CAA4C,EAC5C,yBAAyB,EACzB,wBAAwB,EACxB,0CAA0C,EAC1C,6BAA6B,EAC7B,6CAA6C,EAC7C,4CAA4C,EAC5C,mCAAmC,EACnC,kBAAkB,EAClB,qBAAqB,EACrB,2BAA2B,EAC3B,sBAAsB,EACtB,kCAAkC,EAClC,sBAAsB,EACtB,sBAAsB,EACtB,qBAAqB,EACrB,6BAA6B,EAC7B,wBAAwB,EACxB,wBAAwB,EACxB,wBAAwB,EACxB,wBAAwB,EACxB,4CAA4C,EAC5C,kBAAkB,EAClB,gBAAgB,EAChB,iCAAiC,EACjC,oCAAoC,EACpC,eAAe,EACf,kCAAkC,EAClC,oCAAoC,EACpC,qBAAqB,EACrB,sBAAsB,EACtB,wCAAwC,EACxC,2BAA2B,CAC9B;YACDC,QAAQ,EAAE,CACN,GAAGxF,IAAI,CAACyF,uBAAuB,EAAE,EACjC,GAAGzF,IAAI,CAACyF,uBAAuB,IAAI,EACnC,GAAGzF,IAAI,CAAC0F,mBAAmB,EAAE,EAC7B,GAAG1F,IAAI,CAAC0F,mBAAmB,IAAI;YAC/B;YACA,IAAI1F,IAAI,CAAC2F,6BAA6B,GAChC,CACI,GAAG3F,IAAI,CAAC2F,6BAA6B,EAAE,EACvC,GAAG3F,IAAI,CAAC2F,6BAA6B,IAAI,CAC5C,GACD,EAAE,CAAC;UAEjB,CAAC,EACD;YACIN,GAAG,EAAE,iBAAiB;YACtBC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,CACJ,eAAe,EACf,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,EACd,cAAc,CACjB;YACDC,QAAQ,EAAE,CACN3G,MAAM,CAACkE,WAAW,gBAAgB/C,IAAI,CAAC4F,mBAAmB,EAAE,EAC5D/G,MAAM,CAACkE,WAAW,gBAAgB/C,IAAI,CAAC4F,mBAAmB,IAAI;UAEtE,CAAC,EACD;YACIP,GAAG,EAAE,qBAAqB;YAC1BC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,CAAC,uBAAuB,CAAC;YACjCC,QAAQ,EAAE3G,MAAM,CAACkE,WAAW,kBAAkBgC,SAAS,IAAIF,YAAY;UAC3E,CAAC,EACD;YACIQ,GAAG,EAAE,yBAAyB;YAC9BC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,eAAe;YACvBC,QAAQ,EAAE,GAAGxF,IAAI,CAAC6F,kBAAkB;UACxC,CAAC,EACD;YACIR,GAAG,EAAE,uBAAuB;YAC5BC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,kBAAkB;YAC1BC,QAAQ,EAAExF,IAAI,CAAC8F;UACnB,CAAC,EACD;YACIT,GAAG,EAAE,yBAAyB;YAC9BC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,+BAA+B;YACvCC,QAAQ,EAAE3G,MAAM,CAACkE,WAAW,uBAAuB8B,YAAY;UACnE,CAAC;UACD;UACA,IAAI7E,IAAI,CAAC+F,sBAAsB,GACzB,CACI;YACIV,GAAG,EAAE,iBAAiB;YACtBC,MAAM,EAAE,OAAgB;YACxBC,MAAM,EAAE,MAAM;YACdC,QAAQ,EAAE,CACN,GAAGxF,IAAI,CAAC+F,sBAAsB,EAAE,EAChC,GAAG/F,IAAI,CAAC+F,sBAAsB,IAAI;UAE1C,CAAC,CACJ,GACD,EAAE,CAAC;QAEjB,CAAC;QAED,OAAO5F,MAAM;MACjB,CAAC;IACL;EACJ,CAAC,CAAC;AACN","ignoreList":[]}
1
+ {"version":3,"names":["_path","_interopRequireDefault","require","pulumi","_interopRequireWildcard","aws","_kebabCase","_pulumi2","_lambdaUtils","_","_awsUtils","_constants","EMPTY_TRASH_BIN_EVENT_RULE_NAME","EMPTY_TRASH_BIN_EVENT_PERMISSION_NAME","EMPTY_TRASH_BIN_EVENT_RULE_TARGET","ApiGraphql","exports","createAppModule","name","config","app","params","core","getModule","CoreOutput","policy","createGraphqlLambdaPolicy","role","createLambdaRole","output","graphql","addResource","lambda","Function","description","runtime","LAMBDA_RUNTIME","handler","arn","timeout","memorySize","code","asset","AssetArchive","FileArchive","path","join","paths","workspace","environment","variables","getCommonLambdaEnvVariables","apply","value","env","AWS_NODEJS_CONNECTION_REUSE_ENABLED","vpcConfig","VpcConfig","functionVpcConfig","dynamodb","TableItem","tableName","primaryDynamodbTableName","hashKey","primaryDynamodbTableHashKey","rangeKey","primaryDynamodbTableRangeKey","key","item","interpolate","apwSchedulerEventRule","apwSchedulerEventTarget","targetId","eventRule","cloudwatch","EventRule","scheduleExpression","Permission","action","function","principal","statementId","EventTarget","rule","input","JSON","stringify","source","functions","addRoute","routeParams","apiGateway","resources","console","log","kebabName","toKebabCase","method","coreOutput","awsAccountId","getAwsAccountId","awsRegion","getAwsRegion","iam","Policy","Version","Statement","Sid","Effect","Action","Resource","primaryDynamodbTableArn","logDynamodbTableArn","elasticsearchDynamodbTableArn","fileManagerBucketId","cognitoUserPoolArn","eventBusArn","elasticsearchDomainArn"],"sources":["ApiGraphql.ts"],"sourcesContent":["import path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport toKebabCase from \"lodash/kebabCase\";\n\nimport type { PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\nimport { createAppModule } from \"@webiny/pulumi\";\nimport { createLambdaRole, getCommonLambdaEnvVariables } from \"../lambdaUtils\";\nimport { CoreOutput, VpcConfig } from \"~/apps\";\nimport { getAwsAccountId, getAwsRegion } from \"../awsUtils\";\nimport { LAMBDA_RUNTIME } from \"~/constants\";\n\ninterface GraphqlParams {\n env: Record<string, any>;\n apwSchedulerEventRule: pulumi.Output<aws.cloudwatch.EventRule>;\n apwSchedulerEventTarget: pulumi.Output<aws.cloudwatch.EventTarget>;\n}\n\nexport interface AddRouteParams {\n /**\n * Must be in kebab case (a-z and -)\n */\n name: string;\n path: `/${string}`;\n method: \"DELETE\" | \"GET\" | \"HEAD\" | \"PATCH\" | \"POST\" | \"PUT\" | \"OPTIONS\" | \"ANY\";\n}\n\nconst EMPTY_TRASH_BIN_EVENT_RULE_NAME = `empty-trash-bin-event-rule`;\nconst EMPTY_TRASH_BIN_EVENT_PERMISSION_NAME = `empty-trash-bin-event-target-permission`;\nconst EMPTY_TRASH_BIN_EVENT_RULE_TARGET = `empty-trash-bin-event-rule-target`;\n\nexport type ApiGraphql = PulumiAppModule<typeof ApiGraphql>;\n\nexport const ApiGraphql = createAppModule({\n name: \"ApiGraphql\",\n config(app: PulumiApp, params: GraphqlParams) {\n const core = app.getModule(CoreOutput);\n\n const policy = createGraphqlLambdaPolicy(app);\n const role = createLambdaRole(app, {\n name: \"api-lambda-role\",\n policy: policy.output\n });\n\n const graphql = app.addResource(aws.lambda.Function, {\n name: \"graphql\",\n config: {\n description: \"Webiny's GraphQL APIs\",\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n role: role.output.arn,\n timeout: 30,\n memorySize: 1024,\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"graphql/build\")\n )\n }),\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n ...params.env,\n AWS_NODEJS_CONNECTION_REUSE_ENABLED: \"1\"\n }))\n },\n vpcConfig: app.getModule(VpcConfig).functionVpcConfig\n }\n });\n /**\n * Store meta information like \"mainGraphqlFunctionArn\" in APW settings at deploy time.\n *\n * Note: We can't pass \"mainGraphqlFunctionArn\" as env variable due to circular dependency between\n * \"graphql\" lambda and \"api-apw-scheduler-execute-action\" lambda.\n */\n app.addResource(aws.dynamodb.TableItem, {\n name: \"apwSettings\",\n config: {\n tableName: core.primaryDynamodbTableName,\n hashKey: core.primaryDynamodbTableHashKey,\n rangeKey: pulumi\n .output(core.primaryDynamodbTableRangeKey)\n .apply(key => key || \"SK\"),\n item: pulumi.interpolate`{\n \"PK\": {\"S\": \"APW#SETTINGS\"},\n \"SK\": {\"S\": \"default\"},\n \"mainGraphqlFunctionArn\": {\"S\": \"${graphql.output.arn}\"},\n \"eventRuleName\": {\"S\": \"${params.apwSchedulerEventRule.name}\"},\n \"eventTargetId\": {\"S\": \"${params.apwSchedulerEventTarget.targetId}\"}\n }`\n }\n });\n\n // Create event rule.\n const eventRule = app.addResource(aws.cloudwatch.EventRule, {\n name: EMPTY_TRASH_BIN_EVENT_RULE_NAME,\n config: {\n description: \"Enable us to empty the trash-bin ever day\",\n scheduleExpression: \"cron(0 3 * * ? *)\"\n }\n });\n\n // Add required permission to the target lambda.\n app.addResource(aws.lambda.Permission, {\n name: EMPTY_TRASH_BIN_EVENT_PERMISSION_NAME,\n config: {\n action: \"lambda:InvokeFunction\",\n function: graphql.output.arn,\n principal: \"events.amazonaws.com\",\n statementId: \"allow-rule-invoke-\" + EMPTY_TRASH_BIN_EVENT_RULE_NAME\n }\n });\n\n // Target the main graphql lambda.\n app.addResource(aws.cloudwatch.EventTarget, {\n name: EMPTY_TRASH_BIN_EVENT_RULE_TARGET,\n config: {\n rule: eventRule.output.name,\n arn: graphql.output.arn,\n input: JSON.stringify({\n source: \"webiny.events\",\n \"detail-type\": \"WebinyEmptyTrashBin\"\n })\n }\n });\n\n return {\n role,\n policy,\n functions: {\n graphql\n },\n addRoute: (routeParams: AddRouteParams) => {\n const apiGateway: any = app.resources.apiGateway;\n if (!apiGateway) {\n console.log(\n \"Could not add route because there is no apiGateway in the resources.\"\n );\n return;\n }\n const kebabName = toKebabCase(routeParams.name);\n if (kebabName !== routeParams.name) {\n console.log(`Route name is not allowed: \"${routeParams.name}\".`);\n return;\n }\n return apiGateway.addRoute(routeParams.name, {\n path: routeParams.path,\n method: routeParams.method,\n function: graphql.output.arn\n });\n }\n };\n }\n});\n\nfunction createGraphqlLambdaPolicy(app: PulumiApp) {\n const coreOutput = app.getModule(CoreOutput);\n const awsAccountId = getAwsAccountId(app);\n const awsRegion = getAwsRegion(app);\n\n return app.addResource(aws.iam.Policy, {\n name: \"ApiGraphqlLambdaPolicy\",\n config: {\n description: \"This policy enables access to Dynamodb, S3, Lambda and Cognito IDP\",\n // Core is pulumi.Output, so we need to run apply() to resolve policy based on it\n policy: coreOutput.apply(core => {\n const policy: aws.iam.PolicyDocument = {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionForDynamodb\",\n Effect: \"Allow\",\n Action: [\n \"dynamodb:BatchGetItem\",\n \"dynamodb:BatchWriteItem\",\n \"dynamodb:ConditionCheckItem\",\n \"dynamodb:CreateBackup\",\n \"dynamodb:CreateTable\",\n \"dynamodb:CreateTableReplica\",\n \"dynamodb:DeleteBackup\",\n \"dynamodb:DeleteItem\",\n \"dynamodb:DeleteTable\",\n \"dynamodb:DeleteTableReplica\",\n \"dynamodb:DescribeBackup\",\n \"dynamodb:DescribeContinuousBackups\",\n \"dynamodb:DescribeContributorInsights\",\n \"dynamodb:DescribeExport\",\n \"dynamodb:DescribeKinesisStreamingDestination\",\n \"dynamodb:DescribeLimits\",\n \"dynamodb:DescribeReservedCapacity\",\n \"dynamodb:DescribeReservedCapacityOfferings\",\n \"dynamodb:DescribeStream\",\n \"dynamodb:DescribeTable\",\n \"dynamodb:DescribeTableReplicaAutoScaling\",\n \"dynamodb:DescribeTimeToLive\",\n \"dynamodb:DisableKinesisStreamingDestination\",\n \"dynamodb:EnableKinesisStreamingDestination\",\n \"dynamodb:ExportTableToPointInTime\",\n \"dynamodb:GetItem\",\n \"dynamodb:GetRecords\",\n \"dynamodb:GetShardIterator\",\n \"dynamodb:ListBackups\",\n \"dynamodb:ListContributorInsights\",\n \"dynamodb:ListExports\",\n \"dynamodb:ListStreams\",\n \"dynamodb:ListTables\",\n \"dynamodb:ListTagsOfResource\",\n \"dynamodb:PartiQLDelete\",\n \"dynamodb:PartiQLInsert\",\n \"dynamodb:PartiQLSelect\",\n \"dynamodb:PartiQLUpdate\",\n \"dynamodb:PurchaseReservedCapacityOfferings\",\n \"dynamodb:PutItem\",\n \"dynamodb:Query\",\n \"dynamodb:RestoreTableFromBackup\",\n \"dynamodb:RestoreTableToPointInTime\",\n \"dynamodb:Scan\",\n \"dynamodb:UpdateContinuousBackups\",\n \"dynamodb:UpdateContributorInsights\",\n \"dynamodb:UpdateItem\",\n \"dynamodb:UpdateTable\",\n \"dynamodb:UpdateTableReplicaAutoScaling\",\n \"dynamodb:UpdateTimeToLive\"\n ],\n Resource: [\n `${core.primaryDynamodbTableArn}`,\n `${core.primaryDynamodbTableArn}/*`,\n `${core.logDynamodbTableArn}`,\n `${core.logDynamodbTableArn}/*`,\n // Attach permissions for elastic search dynamo as well (if ES is enabled).\n ...(core.elasticsearchDynamodbTableArn\n ? [\n `${core.elasticsearchDynamodbTableArn}`,\n `${core.elasticsearchDynamodbTableArn}/*`\n ]\n : [])\n ]\n },\n {\n Sid: \"PermissionForS3\",\n Effect: \"Allow\",\n Action: [\n \"s3:ListBucket\",\n \"s3:GetObjectAcl\",\n \"s3:DeleteObject\",\n \"s3:PutObjectAcl\",\n \"s3:PutObject\",\n \"s3:GetObject\"\n ],\n Resource: [\n pulumi.interpolate`arn:aws:s3:::${core.fileManagerBucketId}`,\n pulumi.interpolate`arn:aws:s3:::${core.fileManagerBucketId}/*`\n ]\n },\n {\n Sid: \"PermissionForLambda\",\n Effect: \"Allow\",\n Action: [\"lambda:InvokeFunction\"],\n Resource: pulumi.interpolate`arn:aws:lambda:${awsRegion}:${awsAccountId}:function:*`\n },\n {\n Sid: \"PermissionForCognitoIdp\",\n Effect: \"Allow\",\n Action: \"cognito-idp:*\",\n Resource: `${core.cognitoUserPoolArn}`\n },\n {\n Sid: \"PermissionForEventBus\",\n Effect: \"Allow\",\n Action: \"events:PutEvents\",\n Resource: core.eventBusArn\n },\n {\n Sid: \"PermissionForCloudfront\",\n Effect: \"Allow\",\n Action: \"cloudfront:CreateInvalidation\",\n Resource: pulumi.interpolate`arn:aws:cloudfront::${awsAccountId}:distribution/*`\n },\n // Attach permissions for elastic search domain as well (if ES is enabled).\n ...(core.elasticsearchDomainArn\n ? [\n {\n Sid: \"PermissionForES\",\n Effect: \"Allow\" as const,\n Action: \"es:*\",\n Resource: [\n `${core.elasticsearchDomainArn}`,\n `${core.elasticsearchDomainArn}/*`\n ]\n }\n ]\n : [])\n ]\n };\n\n return policy;\n })\n }\n });\n}\n"],"mappings":";;;;;;;;AAAA,IAAAA,KAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,MAAA,GAAAC,uBAAA,CAAAF,OAAA;AACA,IAAAG,GAAA,GAAAD,uBAAA,CAAAF,OAAA;AACA,IAAAI,UAAA,GAAAL,sBAAA,CAAAC,OAAA;AAGA,IAAAK,QAAA,GAAAL,OAAA;AACA,IAAAM,YAAA,GAAAN,OAAA;AACA,IAAAO,CAAA,GAAAP,OAAA;AACA,IAAAQ,SAAA,GAAAR,OAAA;AACA,IAAAS,UAAA,GAAAT,OAAA;AAiBA,MAAMU,+BAA+B,GAAG,4BAA4B;AACpE,MAAMC,qCAAqC,GAAG,yCAAyC;AACvF,MAAMC,iCAAiC,GAAG,mCAAmC;AAItE,MAAMC,UAAU,GAAAC,OAAA,CAAAD,UAAA,GAAG,IAAAE,wBAAe,EAAC;EACtCC,IAAI,EAAE,YAAY;EAClBC,MAAMA,CAACC,GAAc,EAAEC,MAAqB,EAAE;IAC1C,MAAMC,IAAI,GAAGF,GAAG,CAACG,SAAS,CAACC,YAAU,CAAC;IAEtC,MAAMC,MAAM,GAAGC,yBAAyB,CAACN,GAAG,CAAC;IAC7C,MAAMO,IAAI,GAAG,IAAAC,6BAAgB,EAACR,GAAG,EAAE;MAC/BF,IAAI,EAAE,iBAAiB;MACvBO,MAAM,EAAEA,MAAM,CAACI;IACnB,CAAC,CAAC;IAEF,MAAMC,OAAO,GAAGV,GAAG,CAACW,WAAW,CAAC1B,GAAG,CAAC2B,MAAM,CAACC,QAAQ,EAAE;MACjDf,IAAI,EAAE,SAAS;MACfC,MAAM,EAAE;QACJe,WAAW,EAAE,uBAAuB;QACpCC,OAAO,EAAEC,yBAAc;QACvBC,OAAO,EAAE,iBAAiB;QAC1BV,IAAI,EAAEA,IAAI,CAACE,MAAM,CAACS,GAAG;QACrBC,OAAO,EAAE,EAAE;QACXC,UAAU,EAAE,IAAI;QAChBC,IAAI,EAAE,IAAItC,MAAM,CAACuC,KAAK,CAACC,YAAY,CAAC;UAChC,GAAG,EAAE,IAAIxC,MAAM,CAACuC,KAAK,CAACE,WAAW,CAC7BC,aAAI,CAACC,IAAI,CAAC1B,GAAG,CAAC2B,KAAK,CAACC,SAAS,EAAE,eAAe,CAClD;QACJ,CAAC,CAAC;QACFC,WAAW,EAAE;UACTC,SAAS,EAAE,IAAAC,wCAA2B,EAAC,CAAC,CAACC,KAAK,CAACC,KAAK,KAAK;YACrD,GAAGA,KAAK;YACR,GAAGhC,MAAM,CAACiC,GAAG;YACbC,mCAAmC,EAAE;UACzC,CAAC,CAAC;QACN,CAAC;QACDC,SAAS,EAAEpC,GAAG,CAACG,SAAS,CAACkC,WAAS,CAAC,CAACC;MACxC;IACJ,CAAC,CAAC;IACF;AACR;AACA;AACA;AACA;AACA;IACQtC,GAAG,CAACW,WAAW,CAAC1B,GAAG,CAACsD,QAAQ,CAACC,SAAS,EAAE;MACpC1C,IAAI,EAAE,aAAa;MACnBC,MAAM,EAAE;QACJ0C,SAAS,EAAEvC,IAAI,CAACwC,wBAAwB;QACxCC,OAAO,EAAEzC,IAAI,CAAC0C,2BAA2B;QACzCC,QAAQ,EAAE9D,MAAM,CACX0B,MAAM,CAACP,IAAI,CAAC4C,4BAA4B,CAAC,CACzCd,KAAK,CAACe,GAAG,IAAIA,GAAG,IAAI,IAAI,CAAC;QAC9BC,IAAI,EAAEjE,MAAM,CAACkE,WAAW;AACxC;AACA;AACA,iDAAiDvC,OAAO,CAACD,MAAM,CAACS,GAAG;AACnE,wCAAwCjB,MAAM,CAACiD,qBAAqB,CAACpD,IAAI;AACzE,wCAAwCG,MAAM,CAACkD,uBAAuB,CAACC,QAAQ;AAC/E;MACY;IACJ,CAAC,CAAC;;IAEF;IACA,MAAMC,SAAS,GAAGrD,GAAG,CAACW,WAAW,CAAC1B,GAAG,CAACqE,UAAU,CAACC,SAAS,EAAE;MACxDzD,IAAI,EAAEN,+BAA+B;MACrCO,MAAM,EAAE;QACJe,WAAW,EAAE,2CAA2C;QACxD0C,kBAAkB,EAAE;MACxB;IACJ,CAAC,CAAC;;IAEF;IACAxD,GAAG,CAACW,WAAW,CAAC1B,GAAG,CAAC2B,MAAM,CAAC6C,UAAU,EAAE;MACnC3D,IAAI,EAAEL,qCAAqC;MAC3CM,MAAM,EAAE;QACJ2D,MAAM,EAAE,uBAAuB;QAC/BC,QAAQ,EAAEjD,OAAO,CAACD,MAAM,CAACS,GAAG;QAC5B0C,SAAS,EAAE,sBAAsB;QACjCC,WAAW,EAAE,oBAAoB,GAAGrE;MACxC;IACJ,CAAC,CAAC;;IAEF;IACAQ,GAAG,CAACW,WAAW,CAAC1B,GAAG,CAACqE,UAAU,CAACQ,WAAW,EAAE;MACxChE,IAAI,EAAEJ,iCAAiC;MACvCK,MAAM,EAAE;QACJgE,IAAI,EAAEV,SAAS,CAAC5C,MAAM,CAACX,IAAI;QAC3BoB,GAAG,EAAER,OAAO,CAACD,MAAM,CAACS,GAAG;QACvB8C,KAAK,EAAEC,IAAI,CAACC,SAAS,CAAC;UAClBC,MAAM,EAAE,eAAe;UACvB,aAAa,EAAE;QACnB,CAAC;MACL;IACJ,CAAC,CAAC;IAEF,OAAO;MACH5D,IAAI;MACJF,MAAM;MACN+D,SAAS,EAAE;QACP1D;MACJ,CAAC;MACD2D,QAAQ,EAAGC,WAA2B,IAAK;QACvC,MAAMC,UAAe,GAAGvE,GAAG,CAACwE,SAAS,CAACD,UAAU;QAChD,IAAI,CAACA,UAAU,EAAE;UACbE,OAAO,CAACC,GAAG,CACP,sEACJ,CAAC;UACD;QACJ;QACA,MAAMC,SAAS,GAAG,IAAAC,kBAAW,EAACN,WAAW,CAACxE,IAAI,CAAC;QAC/C,IAAI6E,SAAS,KAAKL,WAAW,CAACxE,IAAI,EAAE;UAChC2E,OAAO,CAACC,GAAG,CAAC,+BAA+BJ,WAAW,CAACxE,IAAI,IAAI,CAAC;UAChE;QACJ;QACA,OAAOyE,UAAU,CAACF,QAAQ,CAACC,WAAW,CAACxE,IAAI,EAAE;UACzC2B,IAAI,EAAE6C,WAAW,CAAC7C,IAAI;UACtBoD,MAAM,EAAEP,WAAW,CAACO,MAAM;UAC1BlB,QAAQ,EAAEjD,OAAO,CAACD,MAAM,CAACS;QAC7B,CAAC,CAAC;MACN;IACJ,CAAC;EACL;AACJ,CAAC,CAAC;AAEF,SAASZ,yBAAyBA,CAACN,GAAc,EAAE;EAC/C,MAAM8E,UAAU,GAAG9E,GAAG,CAACG,SAAS,CAACC,YAAU,CAAC;EAC5C,MAAM2E,YAAY,GAAG,IAAAC,yBAAe,EAAChF,GAAG,CAAC;EACzC,MAAMiF,SAAS,GAAG,IAAAC,sBAAY,EAAClF,GAAG,CAAC;EAEnC,OAAOA,GAAG,CAACW,WAAW,CAAC1B,GAAG,CAACkG,GAAG,CAACC,MAAM,EAAE;IACnCtF,IAAI,EAAE,wBAAwB;IAC9BC,MAAM,EAAE;MACJe,WAAW,EAAE,oEAAoE;MACjF;MACAT,MAAM,EAAEyE,UAAU,CAAC9C,KAAK,CAAC9B,IAAI,IAAI;QAC7B,MAAMG,MAA8B,GAAG;UACnCgF,OAAO,EAAE,YAAY;UACrBC,SAAS,EAAE,CACP;YACIC,GAAG,EAAE,uBAAuB;YAC5BC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,CACJ,uBAAuB,EACvB,yBAAyB,EACzB,6BAA6B,EAC7B,uBAAuB,EACvB,sBAAsB,EACtB,6BAA6B,EAC7B,uBAAuB,EACvB,qBAAqB,EACrB,sBAAsB,EACtB,6BAA6B,EAC7B,yBAAyB,EACzB,oCAAoC,EACpC,sCAAsC,EACtC,yBAAyB,EACzB,8CAA8C,EAC9C,yBAAyB,EACzB,mCAAmC,EACnC,4CAA4C,EAC5C,yBAAyB,EACzB,wBAAwB,EACxB,0CAA0C,EAC1C,6BAA6B,EAC7B,6CAA6C,EAC7C,4CAA4C,EAC5C,mCAAmC,EACnC,kBAAkB,EAClB,qBAAqB,EACrB,2BAA2B,EAC3B,sBAAsB,EACtB,kCAAkC,EAClC,sBAAsB,EACtB,sBAAsB,EACtB,qBAAqB,EACrB,6BAA6B,EAC7B,wBAAwB,EACxB,wBAAwB,EACxB,wBAAwB,EACxB,wBAAwB,EACxB,4CAA4C,EAC5C,kBAAkB,EAClB,gBAAgB,EAChB,iCAAiC,EACjC,oCAAoC,EACpC,eAAe,EACf,kCAAkC,EAClC,oCAAoC,EACpC,qBAAqB,EACrB,sBAAsB,EACtB,wCAAwC,EACxC,2BAA2B,CAC9B;YACDC,QAAQ,EAAE,CACN,GAAGxF,IAAI,CAACyF,uBAAuB,EAAE,EACjC,GAAGzF,IAAI,CAACyF,uBAAuB,IAAI,EACnC,GAAGzF,IAAI,CAAC0F,mBAAmB,EAAE,EAC7B,GAAG1F,IAAI,CAAC0F,mBAAmB,IAAI;YAC/B;YACA,IAAI1F,IAAI,CAAC2F,6BAA6B,GAChC,CACI,GAAG3F,IAAI,CAAC2F,6BAA6B,EAAE,EACvC,GAAG3F,IAAI,CAAC2F,6BAA6B,IAAI,CAC5C,GACD,EAAE,CAAC;UAEjB,CAAC,EACD;YACIN,GAAG,EAAE,iBAAiB;YACtBC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,CACJ,eAAe,EACf,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,EACd,cAAc,CACjB;YACDC,QAAQ,EAAE,CACN3G,MAAM,CAACkE,WAAW,gBAAgB/C,IAAI,CAAC4F,mBAAmB,EAAE,EAC5D/G,MAAM,CAACkE,WAAW,gBAAgB/C,IAAI,CAAC4F,mBAAmB,IAAI;UAEtE,CAAC,EACD;YACIP,GAAG,EAAE,qBAAqB;YAC1BC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,CAAC,uBAAuB,CAAC;YACjCC,QAAQ,EAAE3G,MAAM,CAACkE,WAAW,kBAAkBgC,SAAS,IAAIF,YAAY;UAC3E,CAAC,EACD;YACIQ,GAAG,EAAE,yBAAyB;YAC9BC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,eAAe;YACvBC,QAAQ,EAAE,GAAGxF,IAAI,CAAC6F,kBAAkB;UACxC,CAAC,EACD;YACIR,GAAG,EAAE,uBAAuB;YAC5BC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,kBAAkB;YAC1BC,QAAQ,EAAExF,IAAI,CAAC8F;UACnB,CAAC,EACD;YACIT,GAAG,EAAE,yBAAyB;YAC9BC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,+BAA+B;YACvCC,QAAQ,EAAE3G,MAAM,CAACkE,WAAW,uBAAuB8B,YAAY;UACnE,CAAC;UACD;UACA,IAAI7E,IAAI,CAAC+F,sBAAsB,GACzB,CACI;YACIV,GAAG,EAAE,iBAAiB;YACtBC,MAAM,EAAE,OAAgB;YACxBC,MAAM,EAAE,MAAM;YACdC,QAAQ,EAAE,CACN,GAAGxF,IAAI,CAAC+F,sBAAsB,EAAE,EAChC,GAAG/F,IAAI,CAAC+F,sBAAsB,IAAI;UAE1C,CAAC,CACJ,GACD,EAAE,CAAC;QAEjB,CAAC;QAED,OAAO5F,MAAM;MACjB,CAAC;IACL;EACJ,CAAC,CAAC;AACN","ignoreList":[]}
package/apps/api/ApiMigration.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import { PulumiAppModule } from "@webiny/pulumi";
1
+ import type { PulumiAppModule } from "@webiny/pulumi";
2
2
  export type ApiMigration = PulumiAppModule<typeof ApiMigration>;
3
3
  export declare const ApiMigration: import("@webiny/pulumi").PulumiAppModuleDefinition<{
4
4
  function: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/lambda/function").Function>;