npm - dcl-ops-lib - Versions diffs - 5.22.0 → 5.23.2 - Mend

dcl-ops-lib 5.22.0 → 5.23.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/acceptAlb.d.ts CHANGED Viewed

@@ -3,6 +3,7 @@ import * as awsx from "@pulumi/awsx";
 export declare const acceptAlbSecurityGroup: () => Promise<awsx.ec2.SecurityGroup>;
 /** @deprecated use makeSecurityGroupAccessibleFromSharedAlb instead */
 export declare function acceptAlbSecurityGroupId(): Promise<import("@pulumi/pulumi").Output<string>>;
-/** Makes a given securityGropup accesible by the shared supra ALB */
-export declare function makeSecurityGroupAccessibleFromSharedAlb(securityGroup: awsx.ec2.SecurityGroup): void;
+/** @deprecated Makes a given securityGropup accesible by the shared supra ALB */
+export declare function makeSecurityGroupAccessibleFromSharedAlb(securityGroup: awsx.ec2.SecurityGroup, ruleName?: string): void;
+export declare function makeSecurityGroupAccessibleFromSharedAlbV2(securityGroup: awsx.ec2.SecurityGroup, ruleName?: string): void;
 export default acceptAlbSecurityGroup;

package/acceptAlb.js CHANGED Viewed

@@ -9,8 +9,10 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
     });
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.makeSecurityGroupAccessibleFromSharedAlb = exports.acceptAlbSecurityGroupId = exports.acceptAlbSecurityGroup = void 0;
+exports.makeSecurityGroupAccessibleFromSharedAlbV2 = exports.makeSecurityGroupAccessibleFromSharedAlb = exports.acceptAlbSecurityGroupId = exports.acceptAlbSecurityGroup = void 0;
 const awsx = require("@pulumi/awsx");
+const aws = require("@pulumi/aws");
+const utils_1 = require("./utils");
 const values_1 = require("./values");
 const withCache_1 = require("./withCache");
 /** @deprecated use makeSecurityGroupAccessibleFromSharedAlb instead */
@@ -25,9 +27,9 @@ function acceptAlbSecurityGroupId() {
     });
 }
 exports.acceptAlbSecurityGroupId = acceptAlbSecurityGroupId;
-/** Makes a given securityGropup accesible by the shared supra ALB */
-function makeSecurityGroupAccessibleFromSharedAlb(securityGroup) {
-    new awsx.ec2.IngressSecurityGroupRule("accept-alb-ingress-rule", securityGroup, {
+/** @deprecated Makes a given securityGropup accesible by the shared supra ALB */
+function makeSecurityGroupAccessibleFromSharedAlb(securityGroup, ruleName = "") {
+    new awsx.ec2.IngressSecurityGroupRule((0, utils_1.withRuleName)("accept-alb-ingress-rule", ruleName), securityGroup, {
         sourceSecurityGroupId: (0, values_1.getEnvConfiguration)().then(($) => $.albSecurityGroupId),
         description: `Allow access from the supra ALB`,
         fromPort: 0,
@@ -36,5 +38,17 @@ function makeSecurityGroupAccessibleFromSharedAlb(securityGroup) {
     });
 }
 exports.makeSecurityGroupAccessibleFromSharedAlb = makeSecurityGroupAccessibleFromSharedAlb;
+function makeSecurityGroupAccessibleFromSharedAlbV2(securityGroup, ruleName = "") {
+    new aws.ec2.SecurityGroupRule((0, utils_1.withRuleName)("accept-alb-ingress-rule-v2", ruleName), {
+        securityGroupId: securityGroup.id,
+        sourceSecurityGroupId: (0, values_1.getEnvConfiguration)().then(($) => $.albSecurityGroupId),
+        description: `Allow access from the supra ALB`,
+        fromPort: 65000,
+        toPort: 0,
+        protocol: "-1",
+        type: "egress",
+    }, { deleteBeforeReplace: true });
+}
+exports.makeSecurityGroupAccessibleFromSharedAlbV2 = makeSecurityGroupAccessibleFromSharedAlbV2;
 exports.default = exports.acceptAlbSecurityGroup;
 //# sourceMappingURL=acceptAlb.js.map

package/acceptBastion.d.ts CHANGED Viewed

@@ -3,5 +3,5 @@ import * as awsx from "@pulumi/awsx";
 export declare const acceptBastionSecurityGroup: () => Promise<awsx.ec2.SecurityGroup>;
 /** @deprecated please use makeSecurityGroupAccessTheInternet */
 export declare function acceptBastionSecurityGroupId(): Promise<import("@pulumi/pulumi").Output<string>>;
-export declare function makeSecurityGroupAccessibleFromBastion(securityGroup: awsx.ec2.SecurityGroup): void;
+export declare function makeSecurityGroupAccessibleFromBastion(securityGroup: awsx.ec2.SecurityGroup, ruleName?: string): void;
 export default acceptBastionSecurityGroup;

package/acceptBastion.js CHANGED Viewed

@@ -14,6 +14,7 @@ const awsx = require("@pulumi/awsx");
 const aws = require("@pulumi/aws");
 const values_1 = require("./values");
 const withCache_1 = require("./withCache");
+const utils_1 = require("./utils");
 /** @deprecated please use makeSecurityGroupAccessTheInternet */
 exports.acceptBastionSecurityGroup = (0, withCache_1.default)(() => __awaiter(void 0, void 0, void 0, function* () {
     const config = yield (0, values_1.getEnvConfiguration)();
@@ -30,15 +31,15 @@ const bastionSecurityGroupId = (0, withCache_1.default)(() => __awaiter(void 0,
     const config = yield (0, values_1.getEnvConfiguration)();
     return config.bastionSecurityGroupId;
 }));
-function makeSecurityGroupAccessibleFromBastion(securityGroup) {
-    new aws.ec2.SecurityGroupRule("accesible-from-bastion", {
+function makeSecurityGroupAccessibleFromBastion(securityGroup, ruleName = "") {
+    new aws.ec2.SecurityGroupRule((0, utils_1.withRuleName)("accesible-from-bastion", ruleName), {
         securityGroupId: securityGroup.id,
         sourceSecurityGroupId: bastionSecurityGroupId(),
         fromPort: -1,
         toPort: -1,
         type: "ingress",
         protocol: "-1",
-    });
+    }, { deleteBeforeReplace: true });
 }
 exports.makeSecurityGroupAccessibleFromBastion = makeSecurityGroupAccessibleFromBastion;
 exports.default = exports.acceptBastionSecurityGroup;

package/accessTheInternet.d.ts CHANGED Viewed

@@ -9,6 +9,8 @@ export default accessTheInternetSecurityGroup;
 /** @deprecated please use makeSecurityGroupAccessibleByCloudflare */
 export declare function accessFromCloudflareSecurityGroup(): Promise<import("@pulumi/pulumi").Output<string>>;
 /** Enables egress traffic to 0.0.0.0/0/all */
-export declare function makeSecurityGroupAccessTheInternet(securityGroup: awsx.ec2.SecurityGroup): void;
+export declare function makeSecurityGroupAccessTheInternet(securityGroup: awsx.ec2.SecurityGroup, ruleName?: string): void;
+/** Enables egress traffic to 0.0.0.0/0/all */
+export declare function makeSecurityGroupAccessTheInternetV2(securityGroup: awsx.ec2.SecurityGroup, ruleName?: string): void;
 /** Enables ingress traffic from cloudflare CIDRs */
 export declare function makeSecurityGroupAccessibleByCloudflare(securityGroup: awsx.ec2.SecurityGroup): Promise<void>;

package/accessTheInternet.js CHANGED Viewed

@@ -9,8 +9,9 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
     });
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.makeSecurityGroupAccessibleByCloudflare = exports.makeSecurityGroupAccessTheInternet = exports.accessFromCloudflareSecurityGroup = exports.accessTheInternetSecurityGroupId = exports.accessTheInternetSecurityGroup = exports.accessCloudflareSecurityGroup = void 0;
+exports.makeSecurityGroupAccessibleByCloudflare = exports.makeSecurityGroupAccessTheInternetV2 = exports.makeSecurityGroupAccessTheInternet = exports.accessFromCloudflareSecurityGroup = exports.accessTheInternetSecurityGroupId = exports.accessTheInternetSecurityGroup = exports.accessCloudflareSecurityGroup = void 0;
 const awsx = require("@pulumi/awsx");
+const aws = require("@pulumi/aws");
 const cloudflare = require("@pulumi/cloudflare");
 const supra_1 = require("./supra");
 const values_1 = require("./values");
@@ -42,8 +43,8 @@ function accessFromCloudflareSecurityGroup() {
 }
 exports.accessFromCloudflareSecurityGroup = accessFromCloudflareSecurityGroup;
 /** Enables egress traffic to 0.0.0.0/0/all */
-function makeSecurityGroupAccessTheInternet(securityGroup) {
-    securityGroup.createEgressRule("access-the-internet", {
+function makeSecurityGroupAccessTheInternet(securityGroup, ruleName = "") {
+    securityGroup.createEgressRule((0, utils_1.withRuleName)("access-the-internet", ruleName), {
         cidrBlocks: ["0.0.0.0/0"],
         fromPort: -1,
         toPort: -1,
@@ -51,6 +52,18 @@ function makeSecurityGroupAccessTheInternet(securityGroup) {
     });
 }
 exports.makeSecurityGroupAccessTheInternet = makeSecurityGroupAccessTheInternet;
+/** Enables egress traffic to 0.0.0.0/0/all */
+function makeSecurityGroupAccessTheInternetV2(securityGroup, ruleName = "") {
+    new aws.ec2.SecurityGroupRule((0, utils_1.withRuleName)("access-the-internet-v2", ruleName), {
+        securityGroupId: securityGroup.id,
+        cidrBlocks: ["0.0.0.0/0"],
+        fromPort: 65000,
+        toPort: 0,
+        protocol: "-1",
+        type: "egress",
+    }, { deleteBeforeReplace: true });
+}
+exports.makeSecurityGroupAccessTheInternetV2 = makeSecurityGroupAccessTheInternetV2;
 /** Enables ingress traffic from cloudflare CIDRs */
 function makeSecurityGroupAccessibleByCloudflare(securityGroup) {
     return __awaiter(this, void 0, void 0, function* () {

package/createFargateTask.js CHANGED Viewed

@@ -186,12 +186,12 @@ function createFargateTask(serviceName, dockerImage, dockerListeningPort, enviro
                 serviceDiscoveryPort = port;
             });
             // enable prometheus to access fromPort-toPort
-            (0, prometheus_1.makeSecurityGroupAccessibleByPrometheus)(taskSecurityGroup, fromPort, toPort);
+            (0, prometheus_1.makeSecurityGroupAccessibleByPrometheus)(taskSecurityGroup, fromPort, toPort, serviceName);
         }
         // enable egress traffic from the task to the internet
-        (0, accessTheInternet_1.makeSecurityGroupAccessTheInternet)(taskSecurityGroup);
+        (0, accessTheInternet_1.makeSecurityGroupAccessTheInternet)(taskSecurityGroup, serviceName);
         // make the container fully accessible from the bastion of the environment
-        (0, acceptBastion_1.makeSecurityGroupAccessibleFromBastion)(taskSecurityGroup);
+        (0, acceptBastion_1.makeSecurityGroupAccessibleFromBastion)(taskSecurityGroup, serviceName);
         if (dontExpose) {
             const service = yield createInternalService({
                 serviceName,
@@ -230,7 +230,7 @@ function createFargateTask(serviceName, dockerImage, dockerListeningPort, enviro
         }
         const portMapping = exposed.targetGroup;
         // make the service accesible by the ALB
-        (0, acceptAlb_1.makeSecurityGroupAccessibleFromSharedAlb)(taskSecurityGroup);
+        (0, acceptAlb_1.makeSecurityGroupAccessibleFromSharedAlb)(taskSecurityGroup, serviceName);
         const service = yield createInternalService({
             serviceName,
             cluster,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "dcl-ops-lib",
-  "version": "5.22.0",
+  "version": "5.23.2",
   "scripts": {
     "build": "tsc && cp bin/* .",
     "clean": "rm *.d.ts *.js *.js.map"

package/prometheus.d.ts CHANGED Viewed

@@ -2,4 +2,4 @@ import * as pulumi from "@pulumi/pulumi";
 import * as awsx from "@pulumi/awsx";
 export declare const prometheusStack: () => Promise<pulumi.StackReference>;
 export declare const prometheusSecurityGroupId: () => Promise<string>;
-export declare function makeSecurityGroupAccessibleByPrometheus(securityGroup: awsx.ec2.SecurityGroup, fromPort?: number, toPort?: number): void;
+export declare function makeSecurityGroupAccessibleByPrometheus(securityGroup: awsx.ec2.SecurityGroup, fromPort?: number, toPort?: number, ruleName?: string): void;

package/prometheus.js CHANGED Viewed

@@ -14,6 +14,7 @@ const pulumi = require("@pulumi/pulumi");
 const awsx = require("@pulumi/awsx");
 const domain_1 = require("./domain");
 const withCache_1 = require("./withCache");
+const utils_1 = require("./utils");
 exports.prometheusStack = (0, withCache_1.default)(() => __awaiter(void 0, void 0, void 0, function* () {
     return new pulumi.StackReference(`prometheus-${domain_1.env}`);
 }));
@@ -21,8 +22,8 @@ exports.prometheusSecurityGroupId = (0, withCache_1.default)(() => __awaiter(voi
     const prom = yield (0, exports.prometheusStack)();
     return (yield prom.requireOutputValue("prometheusSecurityGroupId"));
 }));
-function makeSecurityGroupAccessibleByPrometheus(securityGroup, fromPort = 0, toPort = 0) {
-    new awsx.ec2.IngressSecurityGroupRule(`accept-prom-${fromPort}-${toPort}`, securityGroup, {
+function makeSecurityGroupAccessibleByPrometheus(securityGroup, fromPort = 0, toPort = 0, ruleName = "") {
+    new awsx.ec2.IngressSecurityGroupRule((0, utils_1.withRuleName)(`accept-prom-${fromPort}-${toPort}`, ruleName), securityGroup, {
         sourceSecurityGroupId: (0, exports.prometheusSecurityGroupId)(),
         description: `Allow access from prometheus`,
         fromPort,

package/utils.d.ts CHANGED Viewed

	@@ -1 +1,2 @@
1 1	export declare function sha256hash(s: string): string;
2	+ export declare function withRuleName(name: string, ruleName?: string): string;

package/utils.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.sha256hash = void 0;
+exports.withRuleName = exports.sha256hash = void 0;
 const crypto = require("crypto");
 function sha256hash(s) {
     const shasum = crypto.createHash("sha256");
@@ -8,4 +8,11 @@ function sha256hash(s) {
     return shasum.digest("hex").substring(0, 8);
 }
 exports.sha256hash = sha256hash;
+function withRuleName(name, ruleName) {
+    if (ruleName === null || ruleName === void 0 ? void 0 : ruleName.length) {
+        return `${ruleName}-${name}`;
+    }
+    return name;
+}
+exports.withRuleName = withRuleName;
 //# sourceMappingURL=utils.js.map