dcl-ops-lib 5.23.0 → 5.23.3

package/acceptAlb.d.ts

@@ -3,6 +3,8 @@ import * as awsx from "@pulumi/awsx";
 export declare const acceptAlbSecurityGroup: () => Promise<awsx.ec2.SecurityGroup>;
 /** @deprecated use makeSecurityGroupAccessibleFromSharedAlb instead */
 export declare function acceptAlbSecurityGroupId(): Promise<import("@pulumi/pulumi").Output<string>>;
-/** Makes a given securityGropup accesible by the shared supra ALB */
-export declare function makeSecurityGroupAccessibleFromSharedAlb(securityGroup: awsx.ec2.SecurityGroup, ruleName?: string): void;
+/** @deprecated use makeSecurityGroupAccessibleFromSharedAlbV2 */
+export declare function makeSecurityGroupAccessibleFromSharedAlb(securityGroup: awsx.ec2.SecurityGroup): void;
+/** @deprecated Makes a given securityGropup accesible by the shared supra ALB */
+export declare function makeSecurityGroupAccessibleFromSharedAlbV2(securityGroup: awsx.ec2.SecurityGroup, ruleName?: string): void;
 export default acceptAlbSecurityGroup;

package/acceptAlb.js

@@ -9,8 +9,10 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
     });
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.makeSecurityGroupAccessibleFromSharedAlb = exports.acceptAlbSecurityGroupId = exports.acceptAlbSecurityGroup = void 0;
+exports.makeSecurityGroupAccessibleFromSharedAlbV2 = exports.makeSecurityGroupAccessibleFromSharedAlb = exports.acceptAlbSecurityGroupId = exports.acceptAlbSecurityGroup = void 0;
 const awsx = require("@pulumi/awsx");
+const aws = require("@pulumi/aws");
+const utils_1 = require("./utils");
 const values_1 = require("./values");
 const withCache_1 = require("./withCache");
 /** @deprecated use makeSecurityGroupAccessibleFromSharedAlb instead */
@@ -25,9 +27,9 @@ function acceptAlbSecurityGroupId() {
     });
 }
 exports.acceptAlbSecurityGroupId = acceptAlbSecurityGroupId;
-/** Makes a given securityGropup accesible by the shared supra ALB */
-function makeSecurityGroupAccessibleFromSharedAlb(securityGroup, ruleName = "") {
-    new awsx.ec2.IngressSecurityGroupRule(ruleName + "-accept-alb-ingress-rule", securityGroup, {
+/** @deprecated use makeSecurityGroupAccessibleFromSharedAlbV2 */
+function makeSecurityGroupAccessibleFromSharedAlb(securityGroup) {
+    new awsx.ec2.IngressSecurityGroupRule("accept-alb-ingress-rule", securityGroup, {
         sourceSecurityGroupId: (0, values_1.getEnvConfiguration)().then(($) => $.albSecurityGroupId),
         description: `Allow access from the supra ALB`,
         fromPort: 0,
@@ -36,5 +38,18 @@ function makeSecurityGroupAccessibleFromSharedAlb(securityGroup, ruleName = "")
     });
 }
 exports.makeSecurityGroupAccessibleFromSharedAlb = makeSecurityGroupAccessibleFromSharedAlb;
+/** @deprecated Makes a given securityGropup accesible by the shared supra ALB */
+function makeSecurityGroupAccessibleFromSharedAlbV2(securityGroup, ruleName = "") {
+    new aws.ec2.SecurityGroupRule((0, utils_1.withRuleName)("accept-alb-ingress-rule-v2", ruleName), {
+        securityGroupId: securityGroup.id,
+        sourceSecurityGroupId: (0, values_1.getEnvConfiguration)().then(($) => $.albSecurityGroupId),
+        description: `Allow access from the supra ALB`,
+        fromPort: 65000,
+        toPort: 0,
+        protocol: "-1",
+        type: "egress",
+    }, { deleteBeforeReplace: true });
+}
+exports.makeSecurityGroupAccessibleFromSharedAlbV2 = makeSecurityGroupAccessibleFromSharedAlbV2;
 exports.default = exports.acceptAlbSecurityGroup;
 //# sourceMappingURL=acceptAlb.js.map

package/acceptBastion.d.ts

@@ -3,5 +3,7 @@ import * as awsx from "@pulumi/awsx";
 export declare const acceptBastionSecurityGroup: () => Promise<awsx.ec2.SecurityGroup>;
 /** @deprecated please use makeSecurityGroupAccessTheInternet */
 export declare function acceptBastionSecurityGroupId(): Promise<import("@pulumi/pulumi").Output<string>>;
-export declare function makeSecurityGroupAccessibleFromBastion(securityGroup: awsx.ec2.SecurityGroup, ruleName?: string): void;
+/** @deprecated use makeSecurityGroupAccessibleFromBastionV2 */
+export declare function makeSecurityGroupAccessibleFromBastion(securityGroup: awsx.ec2.SecurityGroup): void;
+export declare function makeSecurityGroupAccessibleFromBastionV2(securityGroup: awsx.ec2.SecurityGroup, ruleName?: string): void;
 export default acceptBastionSecurityGroup;

package/acceptBastion.js

@@ -9,11 +9,12 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
     });
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.makeSecurityGroupAccessibleFromBastion = exports.acceptBastionSecurityGroupId = exports.acceptBastionSecurityGroup = void 0;
+exports.makeSecurityGroupAccessibleFromBastionV2 = exports.makeSecurityGroupAccessibleFromBastion = exports.acceptBastionSecurityGroupId = exports.acceptBastionSecurityGroup = void 0;
 const awsx = require("@pulumi/awsx");
 const aws = require("@pulumi/aws");
 const values_1 = require("./values");
 const withCache_1 = require("./withCache");
+const utils_1 = require("./utils");
 /** @deprecated please use makeSecurityGroupAccessTheInternet */
 exports.acceptBastionSecurityGroup = (0, withCache_1.default)(() => __awaiter(void 0, void 0, void 0, function* () {
     const config = yield (0, values_1.getEnvConfiguration)();
@@ -30,16 +31,28 @@ const bastionSecurityGroupId = (0, withCache_1.default)(() => __awaiter(void 0,
     const config = yield (0, values_1.getEnvConfiguration)();
     return config.bastionSecurityGroupId;
 }));
-function makeSecurityGroupAccessibleFromBastion(securityGroup, ruleName = '') {
-    new aws.ec2.SecurityGroupRule(ruleName + "-accesible-from-bastion", {
+/** @deprecated use makeSecurityGroupAccessibleFromBastionV2 */
+function makeSecurityGroupAccessibleFromBastion(securityGroup) {
+    new aws.ec2.SecurityGroupRule("accesible-from-bastion", {
         securityGroupId: securityGroup.id,
         sourceSecurityGroupId: bastionSecurityGroupId(),
         fromPort: -1,
         toPort: -1,
         type: "ingress",
         protocol: "-1",
-    });
+    }, { deleteBeforeReplace: true });
 }
 exports.makeSecurityGroupAccessibleFromBastion = makeSecurityGroupAccessibleFromBastion;
+function makeSecurityGroupAccessibleFromBastionV2(securityGroup, ruleName = "") {
+    new aws.ec2.SecurityGroupRule((0, utils_1.withRuleName)("accesible-from-bastion-v2", ruleName), {
+        securityGroupId: securityGroup.id,
+        sourceSecurityGroupId: bastionSecurityGroupId(),
+        fromPort: -1,
+        toPort: -1,
+        type: "ingress",
+        protocol: "-1",
+    }, { deleteBeforeReplace: true });
+}
+exports.makeSecurityGroupAccessibleFromBastionV2 = makeSecurityGroupAccessibleFromBastionV2;
 exports.default = exports.acceptBastionSecurityGroup;
 //# sourceMappingURL=acceptBastion.js.map

package/accessTheInternet.d.ts

@@ -8,7 +8,9 @@ export declare function accessTheInternetSecurityGroupId(): Promise<import("@pul
 export default accessTheInternetSecurityGroup;
 /** @deprecated please use makeSecurityGroupAccessibleByCloudflare */
 export declare function accessFromCloudflareSecurityGroup(): Promise<import("@pulumi/pulumi").Output<string>>;
+/** @deprecated use makeSecurityGroupAccessTheInternetV2 */
+export declare function makeSecurityGroupAccessTheInternet(securityGroup: awsx.ec2.SecurityGroup): void;
 /** Enables egress traffic to 0.0.0.0/0/all */
-export declare function makeSecurityGroupAccessTheInternet(securityGroup: awsx.ec2.SecurityGroup, ruleName?: string): void;
+export declare function makeSecurityGroupAccessTheInternetV2(securityGroup: awsx.ec2.SecurityGroup, ruleName?: string): void;
 /** Enables ingress traffic from cloudflare CIDRs */
 export declare function makeSecurityGroupAccessibleByCloudflare(securityGroup: awsx.ec2.SecurityGroup): Promise<void>;

package/accessTheInternet.js

@@ -9,8 +9,9 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
     });
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.makeSecurityGroupAccessibleByCloudflare = exports.makeSecurityGroupAccessTheInternet = exports.accessFromCloudflareSecurityGroup = exports.accessTheInternetSecurityGroupId = exports.accessTheInternetSecurityGroup = exports.accessCloudflareSecurityGroup = void 0;
+exports.makeSecurityGroupAccessibleByCloudflare = exports.makeSecurityGroupAccessTheInternetV2 = exports.makeSecurityGroupAccessTheInternet = exports.accessFromCloudflareSecurityGroup = exports.accessTheInternetSecurityGroupId = exports.accessTheInternetSecurityGroup = exports.accessCloudflareSecurityGroup = void 0;
 const awsx = require("@pulumi/awsx");
+const aws = require("@pulumi/aws");
 const cloudflare = require("@pulumi/cloudflare");
 const supra_1 = require("./supra");
 const values_1 = require("./values");
@@ -41,9 +42,9 @@ function accessFromCloudflareSecurityGroup() {
     });
 }
 exports.accessFromCloudflareSecurityGroup = accessFromCloudflareSecurityGroup;
-/** Enables egress traffic to 0.0.0.0/0/all */
-function makeSecurityGroupAccessTheInternet(securityGroup, ruleName = "") {
-    securityGroup.createEgressRule(ruleName + "-access-the-internet", {
+/** @deprecated use makeSecurityGroupAccessTheInternetV2 */
+function makeSecurityGroupAccessTheInternet(securityGroup) {
+    securityGroup.createEgressRule("access-the-internet", {
         cidrBlocks: ["0.0.0.0/0"],
         fromPort: -1,
         toPort: -1,
@@ -51,6 +52,18 @@ function makeSecurityGroupAccessTheInternet(securityGroup, ruleName = "") {
     });
 }
 exports.makeSecurityGroupAccessTheInternet = makeSecurityGroupAccessTheInternet;
+/** Enables egress traffic to 0.0.0.0/0/all */
+function makeSecurityGroupAccessTheInternetV2(securityGroup, ruleName = "") {
+    new aws.ec2.SecurityGroupRule((0, utils_1.withRuleName)("access-the-internet-v2", ruleName), {
+        securityGroupId: securityGroup.id,
+        cidrBlocks: ["0.0.0.0/0"],
+        fromPort: 65000,
+        toPort: 0,
+        protocol: "-1",
+        type: "egress",
+    }, { deleteBeforeReplace: true });
+}
+exports.makeSecurityGroupAccessTheInternetV2 = makeSecurityGroupAccessTheInternetV2;
 /** Enables ingress traffic from cloudflare CIDRs */
 function makeSecurityGroupAccessibleByCloudflare(securityGroup) {
     return __awaiter(this, void 0, void 0, function* () {

package/createFargateTask.js

@@ -186,12 +186,12 @@ function createFargateTask(serviceName, dockerImage, dockerListeningPort, enviro
                 serviceDiscoveryPort = port;
             });
             // enable prometheus to access fromPort-toPort
-            (0, prometheus_1.makeSecurityGroupAccessibleByPrometheus)(taskSecurityGroup, fromPort, toPort, serviceName);
+            (0, prometheus_1.makeSecurityGroupAccessibleByPrometheus)(taskSecurityGroup, fromPort, toPort);
         }
         // enable egress traffic from the task to the internet
-        (0, accessTheInternet_1.makeSecurityGroupAccessTheInternet)(taskSecurityGroup, serviceName);
+        (0, accessTheInternet_1.makeSecurityGroupAccessTheInternet)(taskSecurityGroup);
         // make the container fully accessible from the bastion of the environment
-        (0, acceptBastion_1.makeSecurityGroupAccessibleFromBastion)(taskSecurityGroup, serviceName);
+        (0, acceptBastion_1.makeSecurityGroupAccessibleFromBastion)(taskSecurityGroup);
         if (dontExpose) {
             const service = yield createInternalService({
                 serviceName,
@@ -230,7 +230,7 @@ function createFargateTask(serviceName, dockerImage, dockerListeningPort, enviro
         }
         const portMapping = exposed.targetGroup;
         // make the service accesible by the ALB
-        (0, acceptAlb_1.makeSecurityGroupAccessibleFromSharedAlb)(taskSecurityGroup, serviceName);
+        (0, acceptAlb_1.makeSecurityGroupAccessibleFromSharedAlb)(taskSecurityGroup);
         const service = yield createInternalService({
             serviceName,
             cluster,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "dcl-ops-lib",
-  "version": "5.23.0",
+  "version": "5.23.3",
   "scripts": {
     "build": "tsc && cp bin/* .",
     "clean": "rm *.d.ts *.js *.js.map"

package/prometheus.d.ts

@@ -2,4 +2,8 @@ import * as pulumi from "@pulumi/pulumi";
 import * as awsx from "@pulumi/awsx";
 export declare const prometheusStack: () => Promise<pulumi.StackReference>;
 export declare const prometheusSecurityGroupId: () => Promise<string>;
-export declare function makeSecurityGroupAccessibleByPrometheus(securityGroup: awsx.ec2.SecurityGroup, fromPort?: number, toPort?: number, ruleName?: string): void;
+/**
+ * @deprecated use makeSecurityGroupAccessibleByPrometheusV2
+ */
+export declare function makeSecurityGroupAccessibleByPrometheus(securityGroup: awsx.ec2.SecurityGroup, fromPort?: number, toPort?: number): void;
+export declare function makeSecurityGroupAccessibleByPrometheusV2(securityGroup: awsx.ec2.SecurityGroup, fromPort?: number, toPort?: number, ruleName?: string): void;

package/prometheus.js

@@ -9,11 +9,12 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
     });
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.makeSecurityGroupAccessibleByPrometheus = exports.prometheusSecurityGroupId = exports.prometheusStack = void 0;
+exports.makeSecurityGroupAccessibleByPrometheusV2 = exports.makeSecurityGroupAccessibleByPrometheus = exports.prometheusSecurityGroupId = exports.prometheusStack = void 0;
 const pulumi = require("@pulumi/pulumi");
 const awsx = require("@pulumi/awsx");
 const domain_1 = require("./domain");
 const withCache_1 = require("./withCache");
+const utils_1 = require("./utils");
 exports.prometheusStack = (0, withCache_1.default)(() => __awaiter(void 0, void 0, void 0, function* () {
     return new pulumi.StackReference(`prometheus-${domain_1.env}`);
 }));
@@ -21,8 +22,11 @@ exports.prometheusSecurityGroupId = (0, withCache_1.default)(() => __awaiter(voi
     const prom = yield (0, exports.prometheusStack)();
     return (yield prom.requireOutputValue("prometheusSecurityGroupId"));
 }));
-function makeSecurityGroupAccessibleByPrometheus(securityGroup, fromPort = 0, toPort = 0, ruleName = "") {
-    new awsx.ec2.IngressSecurityGroupRule(ruleName + `-accept-prom-${fromPort}-${toPort}`, securityGroup, {
+/**
+ * @deprecated use makeSecurityGroupAccessibleByPrometheusV2
+ */
+function makeSecurityGroupAccessibleByPrometheus(securityGroup, fromPort = 0, toPort = 0) {
+    new awsx.ec2.IngressSecurityGroupRule(`accept-prom-${fromPort}-${toPort}`, securityGroup, {
         sourceSecurityGroupId: (0, exports.prometheusSecurityGroupId)(),
         description: `Allow access from prometheus`,
         fromPort,
@@ -31,4 +35,14 @@ function makeSecurityGroupAccessibleByPrometheus(securityGroup, fromPort = 0, to
     });
 }
 exports.makeSecurityGroupAccessibleByPrometheus = makeSecurityGroupAccessibleByPrometheus;
+function makeSecurityGroupAccessibleByPrometheusV2(securityGroup, fromPort = 0, toPort = 0, ruleName = "") {
+    new awsx.ec2.IngressSecurityGroupRule((0, utils_1.withRuleName)(`accept-prom-${fromPort}-${toPort}-v2`, ruleName), securityGroup, {
+        sourceSecurityGroupId: (0, exports.prometheusSecurityGroupId)(),
+        description: `Allow access from prometheus`,
+        fromPort,
+        toPort,
+        protocol: "-1",
+    });
+}
+exports.makeSecurityGroupAccessibleByPrometheusV2 = makeSecurityGroupAccessibleByPrometheusV2;
 //# sourceMappingURL=prometheus.js.map

package/utils.d.ts

@@ -1 +1,2 @@
 export declare function sha256hash(s: string): string;
+export declare function withRuleName(name: string, ruleName?: string): string;

package/utils.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.sha256hash = void 0;
+exports.withRuleName = exports.sha256hash = void 0;
 const crypto = require("crypto");
 function sha256hash(s) {
     const shasum = crypto.createHash("sha256");
@@ -8,4 +8,11 @@ function sha256hash(s) {
     return shasum.digest("hex").substring(0, 8);
 }
 exports.sha256hash = sha256hash;
+function withRuleName(name, ruleName) {
+    if (ruleName === null || ruleName === void 0 ? void 0 : ruleName.length) {
+        return `${ruleName}-${name}`;
+    }
+    return name;
+}
+exports.withRuleName = withRuleName;
 //# sourceMappingURL=utils.js.map