cloudmason 1.0.11 → 1.0.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/commands/helpers/cf.js +22 -0
  2. package/commands/helpers/stacks/infra.yaml +10 -5
  3. package/commands/init_org.js +19 -0
  4. package/commands/update_app.js +12 -5
  5. package/commands/update_stack.js +4 -4
  6. package/main.js +9 -0
  7. package/package.json +1 -1
package/commands/helpers/cf.js CHANGED
@@ -61,6 +61,28 @@ exports.deployS3Stack = async function(stackName,s3Url,params,tag,region){
61
61
  return result.StackId;
62
62
  }
63
63
 
64
+ exports.updateOrgStack = async function(region,params){
65
+ const client = new CloudFormationClient({ region });
66
+ const cfParams = Object.keys(params).map(k=>{ return { ParameterKey: k, ParameterValue: params[k] } })
67
+
68
+ const stackPath = path.resolve(__dirname,'stacks',`infra.yaml`);
69
+ if (!fs.existsSync(stackPath)){
70
+ console.log('Infra Stack not found');
71
+ throw { message: 'Infra stack not found', at: 'deployStack'}
72
+ }
73
+ const stackYML = fs.readFileSync(stackPath,'utf-8');
74
+
75
+ const cmd = {
76
+ StackName: 'CoreInfra',
77
+ TemplateBody: stackYML,
78
+ Parameters: cfParams,
79
+ Capabilities: ["CAPABILITY_IAM", "CAPABILITY_NAMED_IAM"]
80
+ };
81
+ const command = new UpdateStackCommand(cmd);
82
+ const response = await client.send(command);
83
+ return response.StackId;
84
+ }
85
+
64
86
  exports.updateStack = async function(stackName,s3Url,params,region){
65
87
  const client = new CloudFormationClient({ region });
66
88
  const cfParams = Object.keys(params).map(k=>{ return { ParameterKey: k, ParameterValue: params[k] } })
package/commands/helpers/stacks/infra.yaml CHANGED
@@ -117,6 +117,8 @@ Resources:
117
117
  Action: "sts:AssumeRoleWithWebIdentity"
118
118
  Condition:
119
119
  StringEquals:
120
+ "token.actions.githubusercontent.com:aud": "sts.amazonaws.com"
121
+ StringLike:
120
122
  "token.actions.githubusercontent.com:sub": !Sub "repo:${GitHubRepoName}:*"
121
123
  Policies:
122
124
  - PolicyName: "GitHubActionsPolicy"
@@ -126,8 +128,11 @@ Resources:
126
128
  - Effect: "Allow"
127
129
  Action: "*"
128
130
  Resource: "*"
129
-
130
- Outputs:
131
- GithubRoleArn:
132
- Description: "ARN of the GitHub Actions IAM Role"
133
- Value: !GetAtt GitHubActionsRole.Arn
131
+ GitHubOidcProvider:
132
+ Type: 'AWS::IAM::OIDCProvider'
133
+ Properties:
134
+ Url: 'https://token.actions.githubusercontent.com'
135
+ ClientIdList:
136
+ - 'sts.amazonaws.com'
137
+ ThumbprintList:
138
+ - '6938fd4d98bab03faadb97b34396831e3780aea1'
package/commands/init_org.js CHANGED
@@ -28,6 +28,25 @@ exports.main = async function(args){
28
28
  return true;
29
29
  }
30
30
 
31
+ exports.updateOrgStack = async function(args){
32
+ console.log(`Updating ${args.name}@ in ${args.region} with repo ${args.repo}`)
33
+
34
+ // Get VPC ID
35
+ const VpcId = await getDefaultVPC(args.region);
36
+ console.log(`Default VPC: ${VpcId}`);
37
+
38
+ // Deploy Stack
39
+ const success = await CF.updateOrgStack(args.region, {orgName: args.name, VpcId: VpcId, GitHubRepoName: args.repo})
40
+ if (success === false){
41
+ console.log('ERR:', success);
42
+ throw new Error('Unknown error updating org stack')
43
+ }
44
+
45
+ // Set org.txt
46
+ console.log('Updated org')
47
+ return true;
48
+ }
49
+
31
50
  exports.setOrg = async function(args){
32
51
  // Set org.txt
33
52
  const orgPath = path.resolve(__dirname,'..','org.txt');
package/commands/update_app.js CHANGED
@@ -37,11 +37,18 @@ exports.main = async function(args){
37
37
  // --- II UPDATE STACK ---
38
38
  // If stack arg, upload stack
39
39
  const stackKey = `apps/${args.app}/${args.v}/stack.yaml`;
40
- // If no stack arg, upload default stack if none exists
41
- const stackExists = await S3.infraFileExists(stackKey)
42
- if (!stackExists){
43
- console.log('Copying default stack to ' + `apps/${args.app}/${args.v}`);
44
- await S3.copyInfraFile(app.stackKey,stackKey)
40
+ if (args.stack){
41
+ console.log('Updating Stack');
42
+ const stackPath = path.resolve(args.stack);
43
+ if (!fs.existsSync(stackPath)){ throw new Error("Stack not found:" + stackPath)}
44
+ await S3.uploadInfraFile(stackKey,stackPath);
45
+ } else {
46
+ // If no stack arg, upload default stack if none exists
47
+ const stackExists = await S3.infraFileExists(stackKey)
48
+ if (!stackExists){
49
+ console.log('Copying default stack to ' + `apps/${args.app}/${args.v}`);
50
+ await S3.copyInfraFile(app.stackKey,stackKey)
51
+ }
45
52
  }
46
53
 
47
54
  // --- III BUILD IMAGE ---
package/commands/update_stack.js CHANGED
@@ -10,10 +10,10 @@ exports.main = async function(args){
10
10
  console.log('Err: No app named ' + args.app);
11
11
  throw new Error('Err: No app named ' + args.app)
12
12
  }
13
- if (args.default === undefined && !app.versions[args.v]){
14
- console.log('Err: No app version ' + args.app + ' ' + args.v);
15
- throw new Error('Err: No app version ' + args.app + ' ' + args.v)
16
- }
13
+ // if (args.default === undefined && !app.versions[args.v]){
14
+ // console.log('Err: No app version ' + args.app + ' ' + args.v);
15
+ // throw new Error('Err: No app version ' + args.app + ' ' + args.v)
16
+ // }
17
17
  if (args.default === null && args.v){
18
18
  console.log('Err: Cannot set default and specify version');
19
19
  throw new Error('Err: Cannot set default version and specify version')
package/main.js CHANGED
@@ -15,6 +15,15 @@ const Commands = {
15
15
  {n: 'repo', desc: 'Github repo name', r: false}
16
16
  ]
17
17
  },
18
+ 'update-org': {
19
+ desc: "Update org stack",
20
+ exec: require('./commands/init_org').updateOrgStack,
21
+ args: [
22
+ {n: 'name', desc: 'Unique org Name. Letters only', r: true, pattern: `[A-Za-z]{2,20}`},
23
+ {n: 'region', desc: 'AWS Region for Core Assets. Default us-east-1', r: false},
24
+ {n: 'repo', desc: 'Github repo name', r: false}
25
+ ]
26
+ },
18
27
  'set-org': {
19
28
  desc: "Set an exsiting organization",
20
29
  exec: require('./commands/init_org').setOrg,
package/package.json CHANGED
@@ -1 +1 @@
1
- {"name":"cloudmason","version":"1.0.11","description":"","main":"main.js","scripts":{"build":"node build.js"},"bin":{"mason":"./main.js"},"repository":{"type":"git","url":"https://github.com/kai-harvey/secure-saas.git"},"author":"Kai Harvey","license":"ISC","dependencies":{"@aws-sdk/client-acm":"^3.418.0","@aws-sdk/client-auto-scaling":"^3.470.0","@aws-sdk/client-cloudformation":"^3.418.0","@aws-sdk/client-ec2":"^3.416.0","@aws-sdk/client-iam":"^3.418.0","@aws-sdk/client-route-53":"^3.425.0","@aws-sdk/client-s3":"^3.418.0","@aws-sdk/client-ssm":"^3.421.0","adm-zip":"^0.5.10"}}
1
+ {"name":"cloudmason","version":"1.0.12","description":"","main":"main.js","scripts":{"build":"node build.js"},"bin":{"mason":"./main.js"},"repository":{"type":"git","url":"https://github.com/kai-harvey/secure-saas.git"},"author":"Kai Harvey","license":"ISC","dependencies":{"@aws-sdk/client-acm":"^3.418.0","@aws-sdk/client-auto-scaling":"^3.470.0","@aws-sdk/client-cloudformation":"^3.418.0","@aws-sdk/client-ec2":"^3.416.0","@aws-sdk/client-iam":"^3.418.0","@aws-sdk/client-route-53":"^3.425.0","@aws-sdk/client-s3":"^3.418.0","@aws-sdk/client-ssm":"^3.421.0","adm-zip":"^0.5.10"}}