dcl-ops-lib 5.17.0

package/exposePublicService.js

@@ -0,0 +1,105 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.exposePublicService = void 0;
+const aws = require("@pulumi/aws");
+const awsx = require("@pulumi/awsx");
+const domain_1 = require("./domain");
+const alb_1 = require("./alb");
+const certificate_1 = require("./certificate");
+const getDomainAndSubdomain_1 = require("./getDomainAndSubdomain");
+const cloudflare_1 = require("./cloudflare");
+const DEFAULT_HEALTHCHECK_VALUES = {
+    path: "/",
+    matcher: "200-399",
+    interval: 10,
+    unhealthyThreshold: 5,
+    healthyThreshold: 5,
+};
+/**
+ * Publicly expose a service on a given domain (with SSL). This will create a
+ * Target Group and a Listener for your microservice. Additionally, it will
+ * create a Route53 mapping of the DNS that will point to the load balancer.
+ *
+ * @param name the name of your service.
+ * @param domain
+ * @param port
+ */
+function exposePublicService(name, domain, port, healthCheck = {}, vpc, extraOptions, deregistrationDelay) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const { alb, listener } = yield (0, alb_1.getAlb)();
+        const healthCheckValue = Object.assign({}, DEFAULT_HEALTHCHECK_VALUES, healthCheck);
+        const createCFProxy = extraOptions && extraOptions.createCloudflareProxiedSubdomain;
+        const onlyCloudflare = (extraOptions && extraOptions.skipInternalDomain) || false;
+        const createInternalDomain = !onlyCloudflare;
+        const certificate = (0, certificate_1.getCertificateFor)(domain);
+        const slug = name;
+        const targetVpc = vpc ? vpc : awsx.ec2.Vpc.getDefault();
+        const targetDeregistrationDelay = deregistrationDelay ? deregistrationDelay : 300;
+        const targetGroup = alb.createTargetGroup(("tg-" + slug).substr(-32) /* last 32 chars */, {
+            protocol: "HTTP",
+            port,
+            healthCheck: healthCheckValue,
+            vpc: targetVpc,
+            deregistrationDelay: targetDeregistrationDelay
+        });
+        const domainParts = (0, getDomainAndSubdomain_1.getDomainAndSubdomain)(domain);
+        const enabledHostnames = [];
+        let record;
+        let cloudflareRecord;
+        if (createInternalDomain) {
+            const hostedZone = yield aws.route53.getZone({ name: domainParts.parentDomain }, { async: true });
+            record = new aws.route53.Record(domain, {
+                name: domainParts.subdomain,
+                zoneId: hostedZone.zoneId,
+                type: "A",
+                aliases: [
+                    {
+                        name: alb.loadBalancer.dnsName,
+                        zoneId: alb.loadBalancer.zoneId,
+                        evaluateTargetHealth: false,
+                    },
+                ],
+            });
+            enabledHostnames.push(domain);
+        }
+        if (createCFProxy) {
+            enabledHostnames.push(domainParts.subdomain + "." + domain_1.publicDomain);
+            cloudflareRecord = yield (0, cloudflare_1.setRecord)({
+                recordName: domainParts.subdomain,
+                type: "CNAME",
+                value: alb.loadBalancer.dnsName,
+                proxied: true,
+            });
+        }
+        if (enabledHostnames.length) {
+            new aws.alb.ListenerRule(`${domain_1.env}-ls-${slug}`, {
+                listenerArn: listener.arn,
+                conditions: [{ hostHeader: { values: enabledHostnames } }, ...((extraOptions === null || extraOptions === void 0 ? void 0 : extraOptions.targetGroupConditions) || [])],
+                actions: [
+                    {
+                        type: "forward",
+                        targetGroupArn: targetGroup.targetGroup.arn,
+                    },
+                ],
+            });
+        }
+        return {
+            domain,
+            certificate,
+            record,
+            targetGroup,
+            cloudflareRecord,
+        };
+    });
+}
+exports.exposePublicService = exposePublicService;
+//# sourceMappingURL=exposePublicService.js.map

package/getAmi.d.ts

@@ -0,0 +1,7 @@
+/**
+ * @param amiId the ID of the AMI in the Amazon Marketplace
+ * @param args.owners the owner of the AMI. Defaults to Amazon owned AMIs
+ */
+export declare function getAmi(amiId: string, args?: {
+    owners?: string[];
+}): Promise<string>;

package/getAmi.js

@@ -0,0 +1,35 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getAmi = void 0;
+const aws = require("@pulumi/aws");
+/**
+ * @param amiId the ID of the AMI in the Amazon Marketplace
+ * @param args.owners the owner of the AMI. Defaults to Amazon owned AMIs
+ */
+function getAmi(amiId, args) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const owners = args && args.owners ? args.owners : ["137112412989"];
+        const ami = yield aws.ec2.getAmi({
+            filters: [
+                {
+                    name: "name",
+                    values: [amiId],
+                },
+            ],
+            mostRecent: true,
+            owners,
+        }, { async: true });
+        return ami.id;
+    });
+}
+exports.getAmi = getAmi;
+//# sourceMappingURL=getAmi.js.map

package/getDomainAndSubdomain.d.ts

@@ -0,0 +1,4 @@
+export declare function getDomainAndSubdomain(domain: string): {
+    subdomain: string;
+    parentDomain: string;
+};

package/getDomainAndSubdomain.js

@@ -0,0 +1,22 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getDomainAndSubdomain = void 0;
+// Split a domain name into its subdomain and parent domain names.
+// e.g. "www.example.com" => "www", "example.com".
+function getDomainAndSubdomain(domain) {
+    const parts = domain.split(".");
+    if (parts.length < 2) {
+        throw new Error(`No TLD found on ${domain}`);
+    }
+    // No subdomain, e.g. awesome-website.com.
+    if (parts.length === 2) {
+        return { subdomain: "", parentDomain: domain };
+    }
+    return {
+        subdomain: parts.slice(0, -2).join("."),
+        // Trailing "." to canonicalize domain.
+        parentDomain: parts.slice(-2).join(".") + ".",
+    };
+}
+exports.getDomainAndSubdomain = getDomainAndSubdomain;
+//# sourceMappingURL=getDomainAndSubdomain.js.map

package/getImageRegistryAndCredentials.d.ts

@@ -0,0 +1,6 @@
+import * as aws from "@pulumi/aws";
+export declare function getImageRegistryAndCredentials(repo: aws.ecr.Repository): import("@pulumi/pulumi").Output<{
+    server: string;
+    username: string;
+    password: string;
+}>;

package/getImageRegistryAndCredentials.js

@@ -0,0 +1,33 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getImageRegistryAndCredentials = void 0;
+const aws = require("@pulumi/aws");
+function getImageRegistryAndCredentials(repo) {
+    return repo.registryId.apply((registryId) => __awaiter(this, void 0, void 0, function* () {
+        if (!registryId) {
+            throw new Error("Expected registry ID to be defined during push");
+        }
+        const credentials = yield aws.ecr.getCredentials({ registryId: registryId });
+        const decodedCredentials = Buffer.from(credentials.authorizationToken, "base64").toString();
+        const [username, password] = decodedCredentials.split(":");
+        if (!password || !username) {
+            throw new Error("Invalid credentials");
+        }
+        return {
+            server: credentials.proxyEndpoint,
+            username: username,
+            password: password,
+        };
+    }));
+}
+exports.getImageRegistryAndCredentials = getImageRegistryAndCredentials;
+//# sourceMappingURL=getImageRegistryAndCredentials.js.map

package/getSecurityGroup.d.ts

@@ -0,0 +1,6 @@
+import * as awsx from "@pulumi/awsx";
+import { Output } from '@pulumi/pulumi';
+export declare function createSecurityGroupFunction(name: string, id: string | Output<string>): {
+    getSecurityGroup: () => Promise<awsx.ec2.SecurityGroup | Output<awsx.ec2.SecurityGroup>>;
+    getSecurityGroupId: () => Promise<Output<string>>;
+};

package/getSecurityGroup.js

@@ -0,0 +1,51 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createSecurityGroupFunction = void 0;
+const awsx = require("@pulumi/awsx");
+function createSecurityGroupFunction(name, id) {
+    let securityGroupOutput;
+    let securityGroupPromise;
+    function getSecurityGroup() {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!securityGroupOutput) {
+                if (!securityGroupPromise) {
+                    securityGroupPromise = new Promise((resolve, reject) => __awaiter(this, void 0, void 0, function* () {
+                        try {
+                            resolve(awsx.ec2.SecurityGroup.fromExistingId(name, id));
+                        }
+                        catch (e) {
+                            reject(e);
+                        }
+                    }));
+                    return yield securityGroupPromise;
+                }
+                else {
+                    return yield securityGroupPromise;
+                }
+            }
+            else {
+                return securityGroupOutput;
+            }
+        });
+    }
+    function getSecurityGroupId() {
+        return __awaiter(this, void 0, void 0, function* () {
+            return (yield getSecurityGroup()).id;
+        });
+    }
+    return {
+        getSecurityGroup: getSecurityGroup,
+        getSecurityGroupId: getSecurityGroupId
+    };
+}
+exports.createSecurityGroupFunction = createSecurityGroupFunction;
+//# sourceMappingURL=getSecurityGroup.js.map

package/lambda.d.ts

@@ -0,0 +1,19 @@
+import * as awsx from "@pulumi/awsx";
+import * as aws from "@pulumi/aws";
+import * as pulumi from "@pulumi/pulumi";
+export declare type LambdaOptions = {
+    folderName: string;
+    extra?: Partial<aws.lambda.FunctionArgs>;
+    attachRolePolicyArn?: Record<string, pulumi.Input<string>>;
+};
+export declare function createGateway(options: {
+    fullyQualifiedDomainName: string;
+}, fn: (addRoute: (config: LambdaOptions & {
+    method: awsx.apigateway.Method;
+    path: string;
+    extraRoute?: awsx.apigateway.BaseRoute;
+}) => Promise<void>) => Promise<void>): Promise<{
+    gateway: awsx.apigateway.API;
+    record: aws.route53.Record;
+    lambdasDomain: string;
+}>;

package/lambda.js

@@ -0,0 +1,149 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createGateway = void 0;
+const awsx = require("@pulumi/awsx");
+const aws = require("@pulumi/aws");
+const pulumi = require("@pulumi/pulumi");
+const path_1 = require("path");
+const domain_1 = require("./domain");
+const cloudflare_1 = require("./cloudflare");
+const getDomainAndSubdomain_1 = require("./getDomainAndSubdomain");
+const certificate_1 = require("./certificate");
+const stack_1 = require("./stack");
+function createLambda(fullyQualifiedDomainName, config) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const { folderName, extra, attachRolePolicyArn } = config;
+        const file = require.resolve(folderName);
+        const lambdaName = (0, path_1.basename)(folderName);
+        if (!lambdaName.match(/^[a-zA-Z0-9-_]+$/)) {
+            throw new Error("Invalid(/^[a-zA-Z0-9-_]+$/) folder name: " + folderName);
+        }
+        const { subdomain } = (0, getDomainAndSubdomain_1.getDomainAndSubdomain)(fullyQualifiedDomainName);
+        const rolename = `${subdomain || "ROOTDOMAIN"}-${lambdaName}-role`;
+        // Configure IAM so that the AWS Lambda can be run.
+        const lambdaApiGatewayRole = new aws.iam.Role((0, stack_1.getStackScopedName)(rolename), {
+            assumeRolePolicy: {
+                Version: "2012-10-17",
+                Statement: [
+                    {
+                        Action: "sts:AssumeRole",
+                        Principal: {
+                            Service: "lambda.amazonaws.com",
+                        },
+                        Effect: "Allow",
+                        Sid: "",
+                    },
+                ],
+            },
+        });
+        // attach AWSLambdaBasicExecutionRole
+        // https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html
+        // write cloudwatch logs
+        new aws.iam.RolePolicyAttachment((0, stack_1.getStackScopedName)(`${rolename}-AWSLambdaBasicExecutionRole`), {
+            role: lambdaApiGatewayRole,
+            policyArn: aws.iam.ManagedPolicies.AWSLambdaBasicExecutionRole,
+        });
+        // upload xray traces
+        new aws.iam.RolePolicyAttachment((0, stack_1.getStackScopedName)(`${rolename}-AWSXRayDaemonWriteAccess`), {
+            role: lambdaApiGatewayRole,
+            policyArn: aws.iam.ManagedPolicies.AWSXRayDaemonWriteAccess,
+        });
+        if (attachRolePolicyArn) {
+            Object.entries(attachRolePolicyArn).forEach(([name, policyArn]) => {
+                new aws.iam.RolePolicyAttachment((0, stack_1.getStackScopedName)(`${rolename}-${name}`), {
+                    role: lambdaApiGatewayRole,
+                    policyArn,
+                });
+            });
+        }
+        const name = (0, stack_1.getStackScopedName)((subdomain || "ROOTDOMAIN") + "-" + lambdaName);
+        const lambda = new aws.lambda.Function(name, Object.assign({ name: name, handler: `${(0, path_1.basename)(file, ".js")}.handler`, timeout: 900, memorySize: 1024, runtime: "nodejs12.x", code: (extra === null || extra === void 0 ? void 0 : extra.code) ||
+                new pulumi.asset.AssetArchive({
+                    [(0, path_1.basename)(file)]: new pulumi.asset.FileAsset(file),
+                }), role: (extra === null || extra === void 0 ? void 0 : extra.role) || lambdaApiGatewayRole.arn }, extra));
+        return lambda;
+    });
+}
+function createGateway(options, fn) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const routes = [];
+        yield fn(function configureApiGatewayLambda(config) {
+            return __awaiter(this, void 0, void 0, function* () {
+                const { method, path, extraRoute } = config;
+                const lambda = yield createLambda(options.fullyQualifiedDomainName, config);
+                routes.push(Object.assign({ method: method, path, eventHandler: lambda }, extraRoute));
+            });
+        });
+        if (routes.length == 0) {
+            throw new Error("Warning! No routes were configured");
+        }
+        const stageName = domain_1.env;
+        // Create a public HTTP endpoint (using AWS APIGateway)
+        const gateway = new awsx.apigateway.API((0, stack_1.getStackScopedName)(options.fullyQualifiedDomainName.replace(/\./g, "-")), {
+            routes: routes,
+            stageName,
+            restApiArgs: {
+                name: "rest-api",
+            },
+            stageArgs: {
+                xrayTracingEnabled: true,
+            },
+        });
+        const { record, lambdasDomain } = yield configureApiGatewayDomain(options.fullyQualifiedDomainName, gateway);
+        return {
+            gateway,
+            record,
+            lambdasDomain,
+        };
+    });
+}
+exports.createGateway = createGateway;
+function configureApiGatewayDomain(fullyQualifiedDomainName, gateway) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const domainParts = (0, getDomainAndSubdomain_1.getDomainAndSubdomain)(fullyQualifiedDomainName);
+        const subdomain = domainParts.subdomain || "ROOTDOMAIN";
+        // Configure an edge-optimized domain for our API Gateway. This will configure a Cloudfront CDN
+        // distribution behind the scenes and serve our API Gateway at a custom domain name over SSL.
+        const webDomain = new aws.apigateway.DomainName((0, stack_1.getStackScopedName)(subdomain + "-dn"), {
+            certificateArn: (0, certificate_1.getCertificateFor)(fullyQualifiedDomainName),
+            domainName: fullyQualifiedDomainName,
+        });
+        const webDomainMapping = new aws.apigateway.BasePathMapping((0, stack_1.getStackScopedName)(subdomain + "-bpm"), {
+            restApi: gateway.restAPI,
+            stageName: gateway.stage.stageName,
+            domainName: webDomain.id,
+        });
+        const hostedZone = yield aws.route53.getZone({ name: domainParts.parentDomain }, { async: true });
+        const record = new aws.route53.Record((0, stack_1.getStackScopedName)(fullyQualifiedDomainName), {
+            name: domainParts.subdomain || "",
+            zoneId: hostedZone.zoneId,
+            type: "A",
+            aliases: [
+                {
+                    evaluateTargetHealth: true,
+                    name: webDomain.cloudfrontDomainName,
+                    zoneId: webDomain.cloudfrontZoneId,
+                },
+            ],
+        }, { dependsOn: [webDomainMapping] });
+        if (domainParts.parentDomain.replace(/\.$/, "") == domain_1.publicDomain) {
+            (0, cloudflare_1.setRecord)({
+                proxied: true,
+                recordName: domainParts.subdomain,
+                type: "CNAME",
+                value: webDomain.cloudfrontDomainName,
+            });
+        }
+        return { record, lambdasDomain: fullyQualifiedDomainName };
+    });
+}
+//# sourceMappingURL=lambda.js.map

package/network.d.ts

@@ -0,0 +1,3 @@
+export declare function getPublicSubnetIds(): Promise<any>;
+export declare function getPrivateSubnetIds(): Promise<any>;
+export declare function getInternalSubnetIds(): Promise<any>;

package/network.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getInternalSubnetIds = exports.getPrivateSubnetIds = exports.getPublicSubnetIds = void 0;
+const supra_1 = require("./supra");
+function getPublicSubnetIds() {
+    return supra_1.supra.getOutputValue('vpcPublicSubnetIds');
+}
+exports.getPublicSubnetIds = getPublicSubnetIds;
+function getPrivateSubnetIds() {
+    return supra_1.supra.getOutputValue('vpcPrivateSubnetIds');
+}
+exports.getPrivateSubnetIds = getPrivateSubnetIds;
+function getInternalSubnetIds() {
+    return supra_1.supra.getOutputValue('vpcInternalSubnetIds');
+}
+exports.getInternalSubnetIds = getInternalSubnetIds;
+//# sourceMappingURL=network.js.map

package/package.json

@@ -0,0 +1,37 @@
+{
+  "name": "dcl-ops-lib",
+  "version": "5.17.0",
+  "scripts": {
+    "build": "tsc && cp bin/* .",
+    "clean": "rm *.d.ts *.js *.js.map"
+  },
+  "files": [
+    "package.json",
+    "README.md",
+    "*.js",
+    "*.d.ts"
+  ],
+  "types": "index.d.ts",
+  "main": "index.js",
+  "release": {
+    "branches": [
+      "master"
+    ],
+    "extends": "@semantic-release/gitlab-config"
+  },
+  "devDependencies": {
+    "@semantic-release/gitlab-config": "^8.0.0",
+    "@types/mime": "^2.0.3",
+    "@types/node": "^14.14.32",
+    "semantic-release": "^17.4.1",
+    "typescript": "^4.4.3"
+  },
+  "dependencies": {
+    "@pulumi/aws": "^4.21.2",
+    "@pulumi/awsx": "^0.31.0",
+    "@pulumi/cloudflare": "^3.5.0",
+    "@pulumi/docker": "^3.1.0",
+    "@pulumi/pulumi": "^3.13.0",
+    "mime": "^2.5.2"
+  }
+}

package/secrets.d.ts

@@ -0,0 +1,3 @@
+import * as aws from '@pulumi/aws';
+import * as pulumi from '@pulumi/pulumi';
+export declare function secretToSSM(name: string, secureString: pulumi.Output<string>): aws.ssm.Parameter;

package/secrets.js

@@ -0,0 +1,12 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.secretToSSM = void 0;
+const aws = require("@pulumi/aws");
+function secretToSSM(name, secureString) {
+    return new aws.ssm.Parameter(name, {
+        type: "SecureString",
+        value: secureString,
+    });
+}
+exports.secretToSSM = secretToSSM;
+//# sourceMappingURL=secrets.js.map

package/setupDatabasePermissions.d.ts

@@ -0,0 +1,2 @@
+import * as pulumi from "@pulumi/pulumi";
+export declare function setupDatabasePermissions(databaseName: string, databaseUsername: pulumi.Output<string>, databasePassword: pulumi.Output<string>): void;

package/setupDatabasePermissions.js

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.setupDatabasePermissions = void 0;
+function setupDatabasePermissions(databaseName, databaseUsername, databasePassword) {
+    // Creating users in terraform+pulumi+aws+postgres is utterly broken.
+    // Need to do this manually.
+    // 
+    // CREATE DATABASE databaseName;
+    // CREATE ROLE databaseUsername WITH LOGIN PASSWORD 'password';
+    // GRANT ALL PRIVILEGES ON DATABASE databaseUsername TO databaseUsername;
+    throw new Error(`You need to do the DB setup manually. Sorry about it!
+    Please connect to the db through the bastion node and run:
+       CREATE DATABASE databaseName;
+       CREATE ROLE databaseUsername WITH LOGIN PASSWORD 'password';
+       GRANT ALL PRIVILEGES ON DATABASE databaseUsername TO databaseUsername;`);
+}
+exports.setupDatabasePermissions = setupDatabasePermissions;
+//# sourceMappingURL=setupDatabasePermissions.js.map

package/stack.d.ts

@@ -0,0 +1,3 @@
+export declare function getStackId(): string;
+export declare function getStackScopedName(name: string): string;
+export declare function getTeam(): string;

package/stack.js

@@ -0,0 +1,22 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getTeam = exports.getStackScopedName = exports.getStackId = void 0;
+const pulumi = require("@pulumi/pulumi");
+const supraConfig = new pulumi.Config("supra");
+function getStackId() {
+    return supraConfig.require("stack-id");
+}
+exports.getStackId = getStackId;
+function getStackScopedName(name) {
+    const stackId = getStackId();
+    if (stackId) {
+        return name + "-" + stackId;
+    }
+    return name;
+}
+exports.getStackScopedName = getStackScopedName;
+function getTeam() {
+    return supraConfig.require("team");
+}
+exports.getTeam = getTeam;
+//# sourceMappingURL=stack.js.map

package/supra.d.ts

@@ -0,0 +1,7 @@
+import * as pulumi from "@pulumi/pulumi";
+export declare const supra: pulumi.StackReference;
+export declare function getDbHostAndPort(): pulumi.Output<any>;
+export declare function getDbHost(): pulumi.Output<any>;
+export declare function getDbPort(): pulumi.OutputInstance<number>;
+export declare function getPublicBastionIp(): pulumi.Output<any>;
+export declare function getInternalServiceDiscoveryNamespaceId(): pulumi.Output<any>;

package/supra.js

@@ -0,0 +1,41 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getInternalServiceDiscoveryNamespaceId = exports.getPublicBastionIp = exports.getDbPort = exports.getDbHost = exports.getDbHostAndPort = exports.supra = void 0;
+const pulumi = require("@pulumi/pulumi");
+const domain_1 = require("./domain");
+exports.supra = new pulumi.StackReference(`supra-${domain_1.env}`, {
+    name: `supra-${domain_1.env}`,
+});
+const DEFAULT_DB_PORT = 5432;
+// returns a "db.hostname.com:port" Output<string> for the supra shared database
+function getDbHostAndPort() {
+    return exports.supra.requireOutput("db").apply((db) => {
+        if (db.endpoint.includes(":")) {
+            return db.endpoint;
+        }
+        else {
+            return db.endpoint + ":" + DEFAULT_DB_PORT;
+        }
+    });
+}
+exports.getDbHostAndPort = getDbHostAndPort;
+// returns "db.hostname.com" from "db.hostname.com:port" Output<string> for the supra shared database
+function getDbHost() {
+    return exports.supra.requireOutput("db").apply((db) => db.endpoint.split(":")[0]);
+}
+exports.getDbHost = getDbHost;
+// returns "port" from "db.hostname.com:port" Output<string> for the supra shared database
+function getDbPort() {
+    return exports.supra.requireOutput("db").apply((db) => parseInt(db.endpoint.split(":")[1] || DEFAULT_DB_PORT));
+}
+exports.getDbPort = getDbPort;
+// returns the public IP of the bastion
+function getPublicBastionIp() {
+    return exports.supra.requireOutput("bastionValues").apply((bastionValues) => bastionValues.publicIp);
+}
+exports.getPublicBastionIp = getPublicBastionIp;
+function getInternalServiceDiscoveryNamespaceId() {
+    return exports.supra.requireOutput("internalSdNamespace").apply(($) => $.id);
+}
+exports.getInternalServiceDiscoveryNamespaceId = getInternalServiceDiscoveryNamespaceId;
+//# sourceMappingURL=supra.js.map

package/utils.d.ts

@@ -0,0 +1 @@
+export declare function sha256hash(s: string): string;

package/utils.js

@@ -0,0 +1,11 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sha256hash = void 0;
+const crypto = require("crypto");
+function sha256hash(s) {
+    const shasum = crypto.createHash("sha256");
+    shasum.update(s);
+    return shasum.digest("hex").substring(0, 8);
+}
+exports.sha256hash = sha256hash;
+//# sourceMappingURL=utils.js.map