quidproquo-actionprocessor-awslambda 0.0.143 → 0.0.145

package/lib/commonjs/getActionProcessor/core/config/getConfigGetSecretActionProcessor.js

@@ -10,11 +10,11 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 const quidproquo_core_1 = require("quidproquo-core");
-const qpqAwsLambdaRuntimeConfigUtils_1 = require("../../../runtimeConfig/qpqAwsLambdaRuntimeConfigUtils");
 const getSecret_1 = require("../../../logic/secretsManager/getSecret");
+const utils_1 = require("./utils");
 const getProcessConfigActionType = (qpqConfig) => {
     return ({ secretName }) => __awaiter(void 0, void 0, void 0, function* () {
-        const awsSecretKey = (0, qpqAwsLambdaRuntimeConfigUtils_1.resolveSecretKey)(secretName, qpqConfig);
+        const awsSecretKey = (0, utils_1.resolveSecretResourceName)(secretName, qpqConfig);
         const secretValue = yield (0, getSecret_1.getSecret)(awsSecretKey, quidproquo_core_1.qpqCoreUtils.getApplicationModuleDeployRegion(qpqConfig));
         return (0, quidproquo_core_1.actionResult)(secretValue);
     });

package/lib/commonjs/getActionProcessor/core/config/utils/index.d.ts

@@ -0,0 +1 @@
+export * from './resolveSecretResourceName';

package/lib/commonjs/getActionProcessor/core/config/utils/index.js

@@ -0,0 +1,17 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./resolveSecretResourceName"), exports);

package/lib/commonjs/getActionProcessor/core/config/utils/resolveSecretResourceName.d.ts

@@ -0,0 +1,2 @@
+import { QPQConfig } from 'quidproquo-core';
+export declare const resolveSecretResourceName: (secretName: string, qpqConfig: QPQConfig) => string;

package/lib/commonjs/getActionProcessor/core/config/utils/resolveSecretResourceName.js

@@ -0,0 +1,11 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resolveSecretResourceName = void 0;
+const quidproquo_core_1 = require("quidproquo-core");
+const awsNamingUtils_1 = require("../../../../awsNamingUtils");
+const resolveSecretResourceName = (secretName, qpqConfig) => {
+    var _a, _b;
+    const secretConfig = quidproquo_core_1.qpqCoreUtils.getSecretByName(secretName, qpqConfig);
+    return (0, awsNamingUtils_1.getConfigRuntimeResourceNameFromConfigWithServiceOverride)(((_a = secretConfig.owner) === null || _a === void 0 ? void 0 : _a.resourceNameOverride) || secretName, qpqConfig, (_b = secretConfig.owner) === null || _b === void 0 ? void 0 : _b.module);
+};
+exports.resolveSecretResourceName = resolveSecretResourceName;

package/lib/commonjs/getActionProcessor/core/event/getCustomResourceCloudflareDnsEventActionProcessor.d.ts

@@ -0,0 +1,12 @@
+import { QPQConfig, MatchStoryResult, EventMatchStoryActionProcessor, EventTransformEventParamsActionProcessor, EventTransformResponseResultActionProcessor, EventAutoRespondActionProcessor } from 'quidproquo-core';
+import { CloudflareDnsDeployEvent } from 'quidproquo-webserver';
+import { CloudFormationCustomResourceEvent, Context } from 'aws-lambda';
+type EventInput = [CloudFormationCustomResourceEvent, Context];
+type MatchResult = MatchStoryResult<any, any>;
+declare const _default: (qpqConfig: QPQConfig) => {
+    "@quidproquo-core/event/TransformEventParams": EventTransformEventParamsActionProcessor<EventInput, CloudflareDnsDeployEvent>;
+    "@quidproquo-core/event/TransformResponseResult": EventTransformResponseResultActionProcessor<void, CloudflareDnsDeployEvent, void>;
+    "@quidproquo-core/event/AutoRespond": EventAutoRespondActionProcessor<CloudflareDnsDeployEvent, MatchResult, boolean>;
+    "@quidproquo-core/event/MatchStory": EventMatchStoryActionProcessor<CloudflareDnsDeployEvent, MatchResult>;
+};
+export default _default;

package/lib/commonjs/getActionProcessor/core/event/getCustomResourceCloudflareDnsEventActionProcessor.js

@@ -0,0 +1,80 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const quidproquo_core_1 = require("quidproquo-core");
+const quidproquo_webserver_1 = require("quidproquo-webserver");
+const getDomainValidationOptions_1 = require("../../../logic/acm/getDomainValidationOptions");
+const findMatchingCertificates_1 = require("../../../logic/acm/findMatchingCertificates");
+// // TODO: Don't use Globals like this
+const GLOBAL_CERT_ARN = process.env.certificateArn;
+const GLOBAL_CERT_DOMAIN = process.env.certificateDomain;
+const GLOBAL_CERT_REGION = process.env.certificateRegion;
+const awsToQpqEventTypeMap = {
+    Create: quidproquo_webserver_1.CloudflareDnsDeployEventEnum.Create,
+    Update: quidproquo_webserver_1.CloudflareDnsDeployEventEnum.Update,
+    Delete: quidproquo_webserver_1.CloudflareDnsDeployEventEnum.Delete,
+};
+const getProcessTransformEventParams = (siteDnsBase) => {
+    return ({ eventParams: [event, context] }) => __awaiter(void 0, void 0, void 0, function* () {
+        var _a;
+        // Get all the certs that need to be added to the cloud flare
+        const certArns = [
+            ...(yield (0, findMatchingCertificates_1.findMatchingCertificates)(GLOBAL_CERT_DOMAIN, GLOBAL_CERT_REGION)),
+            GLOBAL_CERT_ARN,
+        ].filter(Boolean);
+        const certDomains = yield Promise.all(certArns.map((arn) => (0, getDomainValidationOptions_1.getDomainValidationOptions)(arn, GLOBAL_CERT_REGION)));
+        // Remove trailing dot from keys
+        const dnsEntriesWithTrimmedKeys = Object.entries(Object.assign(Object.assign({}, event.ResourceProperties.dnsEntries), certDomains.reduce((acc, certDomain) => (Object.assign(Object.assign({}, acc), certDomain)), {}))).reduce((acc, [key, value]) => {
+            const trimmedKey = key.endsWith('.') ? key.slice(0, -1) : key;
+            acc[trimmedKey] = value;
+            return acc;
+        }, {});
+        const transformedEventParams = {
+            siteDns: siteDnsBase,
+            RequestType: awsToQpqEventTypeMap[event.RequestType],
+            apiSecretName: event.ResourceProperties.apiSecretName,
+            dnsEntries: dnsEntriesWithTrimmedKeys,
+            oldDnsEntries: (_a = event === null || event === void 0 ? void 0 : event.OldResourceProperties) === null || _a === void 0 ? void 0 : _a.dnsEntries,
+        };
+        console.log('transformedEventParams', JSON.stringify(transformedEventParams, null, 2));
+        return (0, quidproquo_core_1.actionResult)(transformedEventParams);
+    });
+};
+const getProcessTransformResponseResult = (qpqConfig) => {
+    // We might need to JSON.stringify the body.
+    return (payload) => __awaiter(void 0, void 0, void 0, function* () {
+        // always success
+        return (0, quidproquo_core_1.actionResult)(void 0);
+    });
+};
+const getProcessAutoRespond = (qpqConfig) => {
+    return (payload) => __awaiter(void 0, void 0, void 0, function* () {
+        // always allow
+        return (0, quidproquo_core_1.actionResult)(false);
+    });
+};
+const getProcessMatchStory = (qpqConfig) => {
+    return (payload) => __awaiter(void 0, void 0, void 0, function* () {
+        return (0, quidproquo_core_1.actionResult)({
+            src: (0, quidproquo_core_1.getServiceEntry)('cloudflare', 'cloudflare', 'onDeploy'),
+            runtime: 'onDeploy',
+        });
+    });
+};
+exports.default = (qpqConfig) => {
+    const [siteDnsConfig] = quidproquo_webserver_1.qpqWebServerUtils.getDnsConfigs(qpqConfig);
+    return {
+        [quidproquo_core_1.EventActionType.TransformEventParams]: getProcessTransformEventParams(siteDnsConfig.dnsBase),
+        [quidproquo_core_1.EventActionType.TransformResponseResult]: getProcessTransformResponseResult(qpqConfig),
+        [quidproquo_core_1.EventActionType.AutoRespond]: getProcessAutoRespond(qpqConfig),
+        [quidproquo_core_1.EventActionType.MatchStory]: getProcessMatchStory(qpqConfig),
+    };
+};

package/lib/commonjs/getActionProcessor/core/index.d.ts

@@ -12,6 +12,7 @@ export { default as getEventBridgeEventActionProcessor } from './event/getEventB
 export { default as getLambdaCognitoCustomMessage } from './event/getLambdaCognitoCustomMessage';
 export { default as getWebsocketAPIGatewayEventActionProcessor } from './event/getWebsocketAPIGatewayEventActionProcessor';
 export { default as getS3FileEventActionProcessor } from './event/getS3FileEventActionProcessor';
+export { default as getCustomResourceCloudflareDnsEventActionProcessor } from './event/getCustomResourceCloudflareDnsEventActionProcessor';
 export { default as getSystemActionProcessor } from './system';
 export { default as getFileActionProcessor } from './file';
 export { default as getKeyValueStoreActionProcessor } from './keyValueStore';

package/lib/commonjs/getActionProcessor/core/index.js

@@ -3,7 +3,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getEventBusActionProcessor = exports.getUserDirectoryActionProcessor = exports.getQueueActionProcessor = exports.getKeyValueStoreActionProcessor = exports.getFileActionProcessor = exports.getSystemActionProcessor = exports.getS3FileEventActionProcessor = exports.getWebsocketAPIGatewayEventActionProcessor = exports.getLambdaCognitoCustomMessage = exports.getEventBridgeEventActionProcessor = exports.getEventBridgeEventStackDeployActionProcessor = exports.getServiceFunctionExecuteEventActionProcessor = exports.getSQSEventRecordActionProcessor = exports.getCloudFrontOriginRequestEventActionProcessor = exports.getAPIGatewayEventActionProcessor = exports.getConfigSetParameterActionProcessor = exports.getConfigGetGlobalActionProcessor = exports.getConfigGetParametersActionProcessor = exports.getConfigGetParameterActionProcessor = exports.getConfigGetSecretActionProcessor = void 0;
+exports.getEventBusActionProcessor = exports.getUserDirectoryActionProcessor = exports.getQueueActionProcessor = exports.getKeyValueStoreActionProcessor = exports.getFileActionProcessor = exports.getSystemActionProcessor = exports.getCustomResourceCloudflareDnsEventActionProcessor = exports.getS3FileEventActionProcessor = exports.getWebsocketAPIGatewayEventActionProcessor = exports.getLambdaCognitoCustomMessage = exports.getEventBridgeEventActionProcessor = exports.getEventBridgeEventStackDeployActionProcessor = exports.getServiceFunctionExecuteEventActionProcessor = exports.getSQSEventRecordActionProcessor = exports.getCloudFrontOriginRequestEventActionProcessor = exports.getAPIGatewayEventActionProcessor = exports.getConfigSetParameterActionProcessor = exports.getConfigGetGlobalActionProcessor = exports.getConfigGetParametersActionProcessor = exports.getConfigGetParameterActionProcessor = exports.getConfigGetSecretActionProcessor = void 0;
 var getConfigGetSecretActionProcessor_1 = require("./config/getConfigGetSecretActionProcessor");
 Object.defineProperty(exports, "getConfigGetSecretActionProcessor", { enumerable: true, get: function () { return __importDefault(getConfigGetSecretActionProcessor_1).default; } });
 var getConfigGetParameterActionProcessor_1 = require("./config/getConfigGetParameterActionProcessor");
@@ -32,6 +32,8 @@ var getWebsocketAPIGatewayEventActionProcessor_1 = require("./event/getWebsocket
 Object.defineProperty(exports, "getWebsocketAPIGatewayEventActionProcessor", { enumerable: true, get: function () { return __importDefault(getWebsocketAPIGatewayEventActionProcessor_1).default; } });
 var getS3FileEventActionProcessor_1 = require("./event/getS3FileEventActionProcessor");
 Object.defineProperty(exports, "getS3FileEventActionProcessor", { enumerable: true, get: function () { return __importDefault(getS3FileEventActionProcessor_1).default; } });
+var getCustomResourceCloudflareDnsEventActionProcessor_1 = require("./event/getCustomResourceCloudflareDnsEventActionProcessor");
+Object.defineProperty(exports, "getCustomResourceCloudflareDnsEventActionProcessor", { enumerable: true, get: function () { return __importDefault(getCustomResourceCloudflareDnsEventActionProcessor_1).default; } });
 var system_1 = require("./system");
 Object.defineProperty(exports, "getSystemActionProcessor", { enumerable: true, get: function () { return __importDefault(system_1).default; } });
 var file_1 = require("./file");

package/lib/commonjs/logic/acm/findMatchingCertificates.d.ts

@@ -0,0 +1 @@
+export declare const findMatchingCertificates: (domainName: string, region: string, retryCount?: number, delayMs?: number) => Promise<string[]>;

package/lib/commonjs/logic/acm/findMatchingCertificates.js

@@ -0,0 +1,53 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.findMatchingCertificates = void 0;
+const client_acm_1 = require("@aws-sdk/client-acm");
+const createAwsClient_1 = require("../createAwsClient");
+const findMatchingCertificates = (domainName, region, retryCount = 3, delayMs = 5000) => __awaiter(void 0, void 0, void 0, function* () {
+    var _a;
+    const lowerCaseDomainName = domainName.toLowerCase();
+    const acmClient = (0, createAwsClient_1.createAwsClient)(client_acm_1.ACMClient, {
+        region,
+    });
+    let remainingRetries = retryCount;
+    while (remainingRetries > 0) {
+        let certificateArns = [];
+        let NextToken;
+        do {
+            const listCommand = new client_acm_1.ListCertificatesCommand({
+                NextToken,
+            });
+            const listResult = yield acmClient.send(listCommand);
+            for (const certificate of listResult.CertificateSummaryList || []) {
+                if (certificate.CertificateArn &&
+                    ((_a = certificate.DomainName) === null || _a === void 0 ? void 0 : _a.toLowerCase()) === lowerCaseDomainName) {
+                    certificateArns.push(certificate.CertificateArn);
+                }
+            }
+            NextToken = listResult.NextToken;
+        } while (NextToken);
+        if (certificateArns.length > 0) {
+            return certificateArns;
+        }
+        remainingRetries--;
+        if (remainingRetries != 0) {
+            // Don't wait after the last try
+            yield new Promise((res) => setTimeout(res, delayMs));
+        }
+    }
+    return []; // Return an empty array after max retries
+});
+exports.findMatchingCertificates = findMatchingCertificates;
+// (async () => {
+//   const matchingCerts = await findMatchingCertificates('example.com', 'us-east-1');
+//   console.log('Matching certificates:', matchingCerts);
+// })();

package/lib/commonjs/logic/acm/getDomainValidationOptions.d.ts

@@ -0,0 +1,2 @@
+import { CloudflareDnsEntries } from 'quidproquo-webserver';
+export declare const getDomainValidationOptions: (certificateArn: string, region: string) => Promise<CloudflareDnsEntries>;

package/lib/commonjs/logic/acm/getDomainValidationOptions.js

@@ -0,0 +1,40 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getDomainValidationOptions = void 0;
+const client_acm_1 = require("@aws-sdk/client-acm");
+const createAwsClient_1 = require("../createAwsClient");
+const getDomainValidationOptions = (certificateArn, region) => __awaiter(void 0, void 0, void 0, function* () {
+    var _a, _b;
+    const acmClient = (0, createAwsClient_1.createAwsClient)(client_acm_1.ACMClient, {
+        region,
+    });
+    const command = new client_acm_1.DescribeCertificateCommand({
+        CertificateArn: certificateArn,
+    });
+    const result = yield acmClient.send(command);
+    const entries = {};
+    console.log('DescribeCertificateCommand: ', JSON.stringify(result, null, 2));
+    // Extract the DomainValidationOptions and populate the entries
+    if (result.Certificate && result.Certificate.DomainValidationOptions) {
+        for (const option of result.Certificate.DomainValidationOptions) {
+            if (((_a = option.ResourceRecord) === null || _a === void 0 ? void 0 : _a.Name) && ((_b = option.ResourceRecord) === null || _b === void 0 ? void 0 : _b.Value)) {
+                entries[option.ResourceRecord.Name] = {
+                    proxied: false,
+                    type: 'CNAME',
+                    value: option.ResourceRecord.Value,
+                };
+            }
+        }
+    }
+    return entries;
+});
+exports.getDomainValidationOptions = getDomainValidationOptions;

package/lib/commonjs/logic/secretsManager/getSecret.js

@@ -18,5 +18,9 @@ exports.getSecret = (0, memoFuncAsync_1.memoFuncAsync)((secretName, region) => _
     const response = yield secretsManagerClient.send(new client_secrets_manager_1.GetSecretValueCommand({
         SecretId: secretName,
     }));
-    return response.SecretString || '';
+    const secretValue = response.SecretString || '';
+    if (!secretValue) {
+        throw new Error(`Failed to get secret value for secret name: [${secretName}]`);
+    }
+    return secretValue;
 }), 60);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "quidproquo-actionprocessor-awslambda",
-  "version": "0.0.143",
+  "version": "0.0.145",
   "description": "",
   "main": "./lib/commonjs/index.js",
   "types": "./lib/commonjs/index.d.js",
@@ -25,6 +25,7 @@
   },
   "homepage": "https://github.com/joe-coady/quidproquo#readme",
   "dependencies": {
+    "@aws-sdk/client-acm": "^3.379.1",
     "@aws-sdk/client-api-gateway": "^3.379.1",
     "@aws-sdk/client-apigatewaymanagementapi": "^3.379.1",
     "@aws-sdk/client-cloudformation": "^3.379.1",