dcl-ops-lib 5.23.2 → 5.24.0

package/StaticWebsite.d.ts

@@ -20,5 +20,12 @@ export declare type StaticWebsite = {
      * Default: false
      */
     unprotect?: boolean;
+    /**
+     * Delete EVERYTHING from the buckets, leave always in false until
+     * deletion of buckets is required.
+     *
+     * Default: false
+     */
+    destroy?: boolean;
     priceClass?: "PriceClass_All" | "PriceClass_200" | "PriceClass_100";
 };

package/acceptAlb.d.ts

@@ -3,7 +3,8 @@ import * as awsx from "@pulumi/awsx";
 export declare const acceptAlbSecurityGroup: () => Promise<awsx.ec2.SecurityGroup>;
 /** @deprecated use makeSecurityGroupAccessibleFromSharedAlb instead */
 export declare function acceptAlbSecurityGroupId(): Promise<import("@pulumi/pulumi").Output<string>>;
+/** @deprecated use makeSecurityGroupAccessibleFromSharedAlbV2 */
+export declare function makeSecurityGroupAccessibleFromSharedAlb(securityGroup: awsx.ec2.SecurityGroup): void;
 /** @deprecated Makes a given securityGropup accesible by the shared supra ALB */
-export declare function makeSecurityGroupAccessibleFromSharedAlb(securityGroup: awsx.ec2.SecurityGroup, ruleName?: string): void;
 export declare function makeSecurityGroupAccessibleFromSharedAlbV2(securityGroup: awsx.ec2.SecurityGroup, ruleName?: string): void;
 export default acceptAlbSecurityGroup;

package/acceptAlb.js

@@ -27,9 +27,9 @@ function acceptAlbSecurityGroupId() {
     });
 }
 exports.acceptAlbSecurityGroupId = acceptAlbSecurityGroupId;
-/** @deprecated Makes a given securityGropup accesible by the shared supra ALB */
-function makeSecurityGroupAccessibleFromSharedAlb(securityGroup, ruleName = "") {
-    new awsx.ec2.IngressSecurityGroupRule((0, utils_1.withRuleName)("accept-alb-ingress-rule", ruleName), securityGroup, {
+/** @deprecated use makeSecurityGroupAccessibleFromSharedAlbV2 */
+function makeSecurityGroupAccessibleFromSharedAlb(securityGroup) {
+    new awsx.ec2.IngressSecurityGroupRule("accept-alb-ingress-rule", securityGroup, {
         sourceSecurityGroupId: (0, values_1.getEnvConfiguration)().then(($) => $.albSecurityGroupId),
         description: `Allow access from the supra ALB`,
         fromPort: 0,
@@ -38,6 +38,7 @@ function makeSecurityGroupAccessibleFromSharedAlb(securityGroup, ruleName = "")
     });
 }
 exports.makeSecurityGroupAccessibleFromSharedAlb = makeSecurityGroupAccessibleFromSharedAlb;
+/** @deprecated Makes a given securityGropup accesible by the shared supra ALB */
 function makeSecurityGroupAccessibleFromSharedAlbV2(securityGroup, ruleName = "") {
     new aws.ec2.SecurityGroupRule((0, utils_1.withRuleName)("accept-alb-ingress-rule-v2", ruleName), {
         securityGroupId: securityGroup.id,

package/acceptBastion.d.ts

@@ -3,5 +3,7 @@ import * as awsx from "@pulumi/awsx";
 export declare const acceptBastionSecurityGroup: () => Promise<awsx.ec2.SecurityGroup>;
 /** @deprecated please use makeSecurityGroupAccessTheInternet */
 export declare function acceptBastionSecurityGroupId(): Promise<import("@pulumi/pulumi").Output<string>>;
-export declare function makeSecurityGroupAccessibleFromBastion(securityGroup: awsx.ec2.SecurityGroup, ruleName?: string): void;
+/** @deprecated use makeSecurityGroupAccessibleFromBastionV2 */
+export declare function makeSecurityGroupAccessibleFromBastion(securityGroup: awsx.ec2.SecurityGroup): void;
+export declare function makeSecurityGroupAccessibleFromBastionV2(securityGroup: awsx.ec2.SecurityGroup, ruleName?: string): void;
 export default acceptBastionSecurityGroup;

package/acceptBastion.js

@@ -9,7 +9,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
     });
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.makeSecurityGroupAccessibleFromBastion = exports.acceptBastionSecurityGroupId = exports.acceptBastionSecurityGroup = void 0;
+exports.makeSecurityGroupAccessibleFromBastionV2 = exports.makeSecurityGroupAccessibleFromBastion = exports.acceptBastionSecurityGroupId = exports.acceptBastionSecurityGroup = void 0;
 const awsx = require("@pulumi/awsx");
 const aws = require("@pulumi/aws");
 const values_1 = require("./values");
@@ -31,8 +31,9 @@ const bastionSecurityGroupId = (0, withCache_1.default)(() => __awaiter(void 0,
     const config = yield (0, values_1.getEnvConfiguration)();
     return config.bastionSecurityGroupId;
 }));
-function makeSecurityGroupAccessibleFromBastion(securityGroup, ruleName = "") {
-    new aws.ec2.SecurityGroupRule((0, utils_1.withRuleName)("accesible-from-bastion", ruleName), {
+/** @deprecated use makeSecurityGroupAccessibleFromBastionV2 */
+function makeSecurityGroupAccessibleFromBastion(securityGroup) {
+    new aws.ec2.SecurityGroupRule("accesible-from-bastion", {
         securityGroupId: securityGroup.id,
         sourceSecurityGroupId: bastionSecurityGroupId(),
         fromPort: -1,
@@ -42,5 +43,16 @@ function makeSecurityGroupAccessibleFromBastion(securityGroup, ruleName = "") {
     }, { deleteBeforeReplace: true });
 }
 exports.makeSecurityGroupAccessibleFromBastion = makeSecurityGroupAccessibleFromBastion;
+function makeSecurityGroupAccessibleFromBastionV2(securityGroup, ruleName = "") {
+    new aws.ec2.SecurityGroupRule((0, utils_1.withRuleName)("accesible-from-bastion-v2", ruleName), {
+        securityGroupId: securityGroup.id,
+        sourceSecurityGroupId: bastionSecurityGroupId(),
+        fromPort: -1,
+        toPort: -1,
+        type: "ingress",
+        protocol: "-1",
+    }, { deleteBeforeReplace: true });
+}
+exports.makeSecurityGroupAccessibleFromBastionV2 = makeSecurityGroupAccessibleFromBastionV2;
 exports.default = exports.acceptBastionSecurityGroup;
 //# sourceMappingURL=acceptBastion.js.map

package/accessTheInternet.d.ts

@@ -8,8 +8,8 @@ export declare function accessTheInternetSecurityGroupId(): Promise<import("@pul
 export default accessTheInternetSecurityGroup;
 /** @deprecated please use makeSecurityGroupAccessibleByCloudflare */
 export declare function accessFromCloudflareSecurityGroup(): Promise<import("@pulumi/pulumi").Output<string>>;
-/** Enables egress traffic to 0.0.0.0/0/all */
-export declare function makeSecurityGroupAccessTheInternet(securityGroup: awsx.ec2.SecurityGroup, ruleName?: string): void;
+/** @deprecated use makeSecurityGroupAccessTheInternetV2 */
+export declare function makeSecurityGroupAccessTheInternet(securityGroup: awsx.ec2.SecurityGroup): void;
 /** Enables egress traffic to 0.0.0.0/0/all */
 export declare function makeSecurityGroupAccessTheInternetV2(securityGroup: awsx.ec2.SecurityGroup, ruleName?: string): void;
 /** Enables ingress traffic from cloudflare CIDRs */

package/accessTheInternet.js

@@ -42,9 +42,9 @@ function accessFromCloudflareSecurityGroup() {
     });
 }
 exports.accessFromCloudflareSecurityGroup = accessFromCloudflareSecurityGroup;
-/** Enables egress traffic to 0.0.0.0/0/all */
-function makeSecurityGroupAccessTheInternet(securityGroup, ruleName = "") {
-    securityGroup.createEgressRule((0, utils_1.withRuleName)("access-the-internet", ruleName), {
+/** @deprecated use makeSecurityGroupAccessTheInternetV2 */
+function makeSecurityGroupAccessTheInternet(securityGroup) {
+    securityGroup.createEgressRule("access-the-internet", {
         cidrBlocks: ["0.0.0.0/0"],
         fromPort: -1,
         toPort: -1,

package/buildStatic.js

@@ -30,6 +30,7 @@ function buildStatic(staticSite) {
             indexDocument: "index.html",
             errorDocument: (_a = staticSite.defaultPath) !== null && _a !== void 0 ? _a : "404.html",
         },
+        forceDestroy: staticSite.destroy === true
     };
     if (staticSite.corsRules !== undefined) {
         Object.assign(bucketInfo, { corsRules: staticSite.corsRules });
@@ -40,6 +41,7 @@ function buildStatic(staticSite) {
     // logsBucket is an S3 bucket that will contain the CDN's request logs.
     const logsBucket = new aws.s3.Bucket(slug + "logs", {
         acl: "private",
+        forceDestroy: staticSite.destroy === true
     }, {
         protect,
     });

package/certificate.js

@@ -4,8 +4,8 @@ exports.getCertificateFor = void 0;
 const getDomainAndSubdomain_1 = require("./getDomainAndSubdomain");
 const CERTIFICATE_ARNS = {
     // Development
-    "decentraland.io": "arn:aws:acm:us-east-1:564327678575:certificate/0e9bc16e-6a3c-4e2d-a93c-314bdab51261",
-    "decentraland.zone": "arn:aws:acm:us-east-1:564327678575:certificate/8123afb1-a8b5-415f-996e-37b099cc3baa",
+    "decentraland.io": "arn:aws:acm:us-east-1:564327678575:certificate/5e4d2d87-7429-4767-bd70-7ba4093ff639",
+    "decentraland.zone": "arn:aws:acm:us-east-1:564327678575:certificate/5e4d2d87-7429-4767-bd70-7ba4093ff639",
     // Staging
     "decentraland.net": "arn:aws:acm:us-east-1:000333518097:certificate/155d0080-cb6c-46a1-9cbf-f74cccb54c2c",
     "decentraland.today": "arn:aws:acm:us-east-1:000333518097:certificate/155d0080-cb6c-46a1-9cbf-f74cccb54c2c",

package/createFargateTask.js

@@ -186,12 +186,12 @@ function createFargateTask(serviceName, dockerImage, dockerListeningPort, enviro
                 serviceDiscoveryPort = port;
             });
             // enable prometheus to access fromPort-toPort
-            (0, prometheus_1.makeSecurityGroupAccessibleByPrometheus)(taskSecurityGroup, fromPort, toPort, serviceName);
+            (0, prometheus_1.makeSecurityGroupAccessibleByPrometheus)(taskSecurityGroup, fromPort, toPort);
         }
         // enable egress traffic from the task to the internet
-        (0, accessTheInternet_1.makeSecurityGroupAccessTheInternet)(taskSecurityGroup, serviceName);
+        (0, accessTheInternet_1.makeSecurityGroupAccessTheInternet)(taskSecurityGroup);
         // make the container fully accessible from the bastion of the environment
-        (0, acceptBastion_1.makeSecurityGroupAccessibleFromBastion)(taskSecurityGroup, serviceName);
+        (0, acceptBastion_1.makeSecurityGroupAccessibleFromBastion)(taskSecurityGroup);
         if (dontExpose) {
             const service = yield createInternalService({
                 serviceName,
@@ -230,7 +230,7 @@ function createFargateTask(serviceName, dockerImage, dockerListeningPort, enviro
         }
         const portMapping = exposed.targetGroup;
         // make the service accesible by the ALB
-        (0, acceptAlb_1.makeSecurityGroupAccessibleFromSharedAlb)(taskSecurityGroup, serviceName);
+        (0, acceptAlb_1.makeSecurityGroupAccessibleFromSharedAlb)(taskSecurityGroup);
         const service = yield createInternalService({
             serviceName,
             cluster,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "dcl-ops-lib",
-  "version": "5.23.2",
+  "version": "5.24.0",
   "scripts": {
     "build": "tsc && cp bin/* .",
     "clean": "rm *.d.ts *.js *.js.map"

package/prometheus.d.ts

@@ -2,4 +2,8 @@ import * as pulumi from "@pulumi/pulumi";
 import * as awsx from "@pulumi/awsx";
 export declare const prometheusStack: () => Promise<pulumi.StackReference>;
 export declare const prometheusSecurityGroupId: () => Promise<string>;
-export declare function makeSecurityGroupAccessibleByPrometheus(securityGroup: awsx.ec2.SecurityGroup, fromPort?: number, toPort?: number, ruleName?: string): void;
+/**
+ * @deprecated use makeSecurityGroupAccessibleByPrometheusV2
+ */
+export declare function makeSecurityGroupAccessibleByPrometheus(securityGroup: awsx.ec2.SecurityGroup, fromPort?: number, toPort?: number): void;
+export declare function makeSecurityGroupAccessibleByPrometheusV2(securityGroup: awsx.ec2.SecurityGroup, fromPort?: number, toPort?: number, ruleName?: string): void;

package/prometheus.js

@@ -9,7 +9,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
     });
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.makeSecurityGroupAccessibleByPrometheus = exports.prometheusSecurityGroupId = exports.prometheusStack = void 0;
+exports.makeSecurityGroupAccessibleByPrometheusV2 = exports.makeSecurityGroupAccessibleByPrometheus = exports.prometheusSecurityGroupId = exports.prometheusStack = void 0;
 const pulumi = require("@pulumi/pulumi");
 const awsx = require("@pulumi/awsx");
 const domain_1 = require("./domain");
@@ -22,8 +22,11 @@ exports.prometheusSecurityGroupId = (0, withCache_1.default)(() => __awaiter(voi
     const prom = yield (0, exports.prometheusStack)();
     return (yield prom.requireOutputValue("prometheusSecurityGroupId"));
 }));
-function makeSecurityGroupAccessibleByPrometheus(securityGroup, fromPort = 0, toPort = 0, ruleName = "") {
-    new awsx.ec2.IngressSecurityGroupRule((0, utils_1.withRuleName)(`accept-prom-${fromPort}-${toPort}`, ruleName), securityGroup, {
+/**
+ * @deprecated use makeSecurityGroupAccessibleByPrometheusV2
+ */
+function makeSecurityGroupAccessibleByPrometheus(securityGroup, fromPort = 0, toPort = 0) {
+    new awsx.ec2.IngressSecurityGroupRule(`accept-prom-${fromPort}-${toPort}`, securityGroup, {
         sourceSecurityGroupId: (0, exports.prometheusSecurityGroupId)(),
         description: `Allow access from prometheus`,
         fromPort,
@@ -32,4 +35,14 @@ function makeSecurityGroupAccessibleByPrometheus(securityGroup, fromPort = 0, to
     });
 }
 exports.makeSecurityGroupAccessibleByPrometheus = makeSecurityGroupAccessibleByPrometheus;
+function makeSecurityGroupAccessibleByPrometheusV2(securityGroup, fromPort = 0, toPort = 0, ruleName = "") {
+    new awsx.ec2.IngressSecurityGroupRule((0, utils_1.withRuleName)(`accept-prom-${fromPort}-${toPort}-v2`, ruleName), securityGroup, {
+        sourceSecurityGroupId: (0, exports.prometheusSecurityGroupId)(),
+        description: `Allow access from prometheus`,
+        fromPort,
+        toPort,
+        protocol: "-1",
+    });
+}
+exports.makeSecurityGroupAccessibleByPrometheusV2 = makeSecurityGroupAccessibleByPrometheusV2;
 //# sourceMappingURL=prometheus.js.map