npm - dcl-ops-lib - Versions diffs - 9.6.0 → 9.7.0 - Mend

dcl-ops-lib 9.6.0 → 9.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/createFargateTask.d.ts CHANGED Viewed

@@ -12,11 +12,11 @@ export type ALBMapping = {
     healthCheck?: Partial<aws.types.input.alb.TargetGroupHealthCheck>;
     extraExposedServiceOptions?: ExtraExposedServiceOptions;
 };
-export declare function getFargateExecutionRole(name: string, policyArnNamedMap: Record<string, pulumi.Input<string> | aws.iam.Policy>): {
+export declare function getFargateExecutionRole(name: string, policyArnNamedMap: Record<string, pulumi.Input<string> | aws.iam.Policy>, existingRole?: aws.iam.Role): {
     role: import("@pulumi/aws/iam/role").Role;
     policies: import("@pulumi/aws/iam/rolePolicyAttachment").RolePolicyAttachment[];
 };
-export declare function getFargateTaskRole(name: string, policyArnNamedMap: Record<string, pulumi.Input<string> | aws.iam.Policy>): {
+export declare function getFargateTaskRole(name: string, policyArnNamedMap: Record<string, pulumi.Input<string> | aws.iam.Policy>, existingRole?: aws.iam.Role): {
     role: import("@pulumi/aws/iam/role").Role;
     policies: import("@pulumi/aws/iam/rolePolicyAttachment").RolePolicyAttachment[];
 };
@@ -43,6 +43,21 @@ export type FargateTaskOptions = {
     nlbMappings?: NLBMapping[];
     executionRolePolicies?: Record<string, pulumi.Input<string> | aws.iam.Policy>;
     taskRolePolicies?: Record<string, pulumi.Input<string> | aws.iam.Policy>;
+    /**
+     * Optional pre-built IAM role to use as the Fargate task role. When provided,
+     * the role is used as-is and `taskRolePolicies` are attached to it. When omitted
+     * (default), a new role is created internally — current behavior, fully backward
+     * compatible. Use this when callers need the task role ARN to exist before the
+     * Fargate task (e.g., to scope a KMS key policy to that exact ARN).
+     */
+    taskRole?: aws.iam.Role;
+    /**
+     * Optional pre-built IAM role to use as the Fargate execution role. When provided,
+     * the role is used as-is and `executionRolePolicies` are attached to it. When
+     * omitted (default), a new role is created internally — current behavior, fully
+     * backward compatible. Symmetric to `taskRole`; same use case.
+     */
+    executionRole?: aws.iam.Role;
     secrets?: aws.ecs.Secret[];
     ignoreServiceDiscovery?: boolean;
     team: Team;

package/createFargateTask.js CHANGED Viewed

@@ -49,12 +49,18 @@ async function getClusterInstance(cluster) {
     return cluster.arn;
 }
 exports.getClusterInstance = getClusterInstance;
-function getFargateExecutionRole(name, policyArnNamedMap) {
-    const assumeRolePolicy = aws.iam.assumeRolePolicyForPrincipal({
-        Service: "ecs-tasks.amazonaws.com",
-    });
-    const dependsOn = Object.values(policyArnNamedMap).filter(($) => $ instanceof pulumi.Resource);
-    const role = new aws.iam.Role(name, { assumeRolePolicy }, { dependsOn });
+function getFargateExecutionRole(name, policyArnNamedMap, existingRole) {
+    let role;
+    if (existingRole) {
+        role = existingRole;
+    }
+    else {
+        const assumeRolePolicy = aws.iam.assumeRolePolicyForPrincipal({
+            Service: "ecs-tasks.amazonaws.com",
+        });
+        const dependsOn = Object.values(policyArnNamedMap).filter(($) => $ instanceof pulumi.Resource);
+        role = new aws.iam.Role(name, { assumeRolePolicy }, { dependsOn });
+    }
     const policies = [];
     // Default execution policy
     policies.push(new aws.iam.RolePolicyAttachment(`${name}-default-execution-policy`, {
@@ -72,12 +78,18 @@ function getFargateExecutionRole(name, policyArnNamedMap) {
     return { role, policies };
 }
 exports.getFargateExecutionRole = getFargateExecutionRole;
-function getFargateTaskRole(name, policyArnNamedMap) {
-    const assumeRolePolicy = aws.iam.assumeRolePolicyForPrincipal({
-        Service: "ecs-tasks.amazonaws.com",
-    });
-    const dependsOn = Object.values(policyArnNamedMap).filter(($) => $ instanceof pulumi.Resource);
-    const role = new aws.iam.Role(name, { assumeRolePolicy }, { dependsOn });
+function getFargateTaskRole(name, policyArnNamedMap, existingRole) {
+    let role;
+    if (existingRole) {
+        role = existingRole;
+    }
+    else {
+        const assumeRolePolicy = aws.iam.assumeRolePolicyForPrincipal({
+            Service: "ecs-tasks.amazonaws.com",
+        });
+        const dependsOn = Object.values(policyArnNamedMap).filter(($) => $ instanceof pulumi.Resource);
+        role = new aws.iam.Role(name, { assumeRolePolicy }, { dependsOn });
+    }
     const policies = [];
     Object.entries(policyArnNamedMap).forEach(([key, policyArn]) => {
         if (policyArn instanceof aws.iam.Policy) {
@@ -104,7 +116,7 @@ exports.getFargateTaskRole = getFargateTaskRole;
  * @param options.appAutoscaling Configuration for autoscaling
  */
 async function createFargateTask(serviceName, dockerImage, dockerListeningPort, environment, hostname, options) {
-    let { healthCheck, healthCheckContainer, essential, dontExpose, securityGroups, cluster, memoryReservation, command, version, ephemeralStorageInGB, desiredCount, cpuReservation, extraPortMappings, extraALBMappings, nlbMappings, executionRolePolicies, taskRolePolicies, ignoreServiceDiscovery, secrets, metrics, forceNewDeployment, dontAssignPublicIp, dependsOn, volumes, deregistrationDelay, mountPoints, repositoryCredentials, team, appAutoscaling, enableExecuteCommand, } = options;
+    let { healthCheck, healthCheckContainer, essential, dontExpose, securityGroups, cluster, memoryReservation, command, version, ephemeralStorageInGB, desiredCount, cpuReservation, extraPortMappings, extraALBMappings, nlbMappings, executionRolePolicies, taskRolePolicies, taskRole: existingTaskRole, executionRole: existingExecutionRole, ignoreServiceDiscovery, secrets, metrics, forceNewDeployment, dontAssignPublicIp, dependsOn, volumes, deregistrationDelay, mountPoints, repositoryCredentials, team, appAutoscaling, enableExecuteCommand, } = options;
     if (undefined === essential) {
         essential = true;
     }
@@ -141,9 +153,9 @@ async function createFargateTask(serviceName, dockerImage, dockerListeningPort,
     if (undefined === secrets) {
         secrets = [];
     }
-    const { role: executionRole, policies: executionPolicies } = getFargateExecutionRole(`${serviceName}-${version}-execution`, executionRolePolicies || {});
+    const { role: executionRole, policies: executionPolicies } = getFargateExecutionRole(`${serviceName}-${version}-execution`, executionRolePolicies || {}, existingExecutionRole);
     dependsOn.push(...executionPolicies);
-    const { role: taskRole, policies } = getFargateTaskRole(`${serviceName}-${version}-task`, taskRolePolicies || {});
+    const { role: taskRole, policies } = getFargateTaskRole(`${serviceName}-${version}-task`, taskRolePolicies || {}, existingTaskRole);
     dependsOn.push(...policies);
     let dockerLabels = {};
     if (metrics && (metrics.port || dockerListeningPort)) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "dcl-ops-lib",
-  "version": "9.6.0",
+  "version": "9.7.0",
   "scripts": {
     "build": "tsc && cp bin/* . && node test.js",
     "test": "tsc -p tsconfig.test.json && ENVIRONMENT=dev node bin-test/rateLimiting.test.js",