sst 2.21.7 → 2.21.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/bootstrap.js CHANGED
@@ -5,7 +5,7 @@ import { spawn } from "child_process";
5
5
  import { DescribeStacksCommand, CloudFormationClient, } from "@aws-sdk/client-cloudformation";
6
6
  import { App, DefaultStackSynthesizer, Duration, CfnOutput, Tags, Stack, RemovalPolicy, } from "aws-cdk-lib/core";
7
7
  import { Function, Runtime, Code } from "aws-cdk-lib/aws-lambda";
8
- import { PolicyStatement } from "aws-cdk-lib/aws-iam";
8
+ import { ManagedPolicy, PermissionsBoundary, PolicyStatement, } from "aws-cdk-lib/aws-iam";
9
9
  import { Rule } from "aws-cdk-lib/aws-events";
10
10
  import { LambdaFunction } from "aws-cdk-lib/aws-events-targets";
11
11
  import { BlockPublicAccess, Bucket, BucketEncryption, } from "aws-cdk-lib/aws-s3";
@@ -215,6 +215,11 @@ export async function bootstrapSST() {
215
215
  },
216
216
  });
217
217
  rule.addTarget(new LambdaFunction(fn));
218
+ // Create permissions boundary
219
+ if (cdk?.customPermissionsBoundary) {
220
+ const boundaryPolicy = ManagedPolicy.fromManagedPolicyName(stack, "PermissionBoundaryPolicy", cdk.customPermissionsBoundary);
221
+ PermissionsBoundary.of(stack).apply(boundaryPolicy);
222
+ }
218
223
  // Create stack outputs to store bootstrap stack info
219
224
  new CfnOutput(stack, OUTPUT_VERSION, { value: LATEST_VERSION });
220
225
  new CfnOutput(stack, OUTPUT_BUCKET, { value: bucket.bucketName });
@@ -104,11 +104,38 @@ export async function useLocalServer(opts) {
104
104
  const wss = new WebSocketServer({ noServer: true });
105
105
  const wss2 = new WebSocketServer({ noServer: true });
106
106
  const sockets = new Set();
107
+ let buffer = [
108
+ {
109
+ type: "cli.dev",
110
+ properties: {
111
+ stage: project.config.stage,
112
+ app: project.config.name,
113
+ },
114
+ },
115
+ ];
116
+ function publish(type, properties) {
117
+ const msg = {
118
+ type,
119
+ properties,
120
+ };
121
+ buffer.push(msg);
122
+ const json = JSON.stringify(msg);
123
+ [...sockets.values()].map((s) => s.send(json));
124
+ }
107
125
  wss2.on("connection", (socket, req) => {
108
126
  sockets.add(socket);
127
+ for (const msg of buffer) {
128
+ socket.send(JSON.stringify(msg));
129
+ }
109
130
  socket.on("close", () => {
110
131
  sockets.delete(socket);
111
132
  });
133
+ socket.on("message", (data) => {
134
+ const parsed = JSON.parse(data.toString());
135
+ if (parsed.type === "log.cleared") {
136
+ buffer = buffer.filter((msg) => msg.properties?.functionID !== parsed.properties?.functionID);
137
+ }
138
+ });
112
139
  });
113
140
  wss.on("connection", (socket, req) => {
114
141
  if (req.headers.origin?.endsWith("localhost:3000"))
@@ -179,13 +206,6 @@ export async function useLocalServer(opts) {
179
206
  cb(func);
180
207
  });
181
208
  }
182
- function publish(type, properties) {
183
- const msg = JSON.stringify({
184
- type,
185
- properties,
186
- });
187
- [...sockets.values()].map((s) => s.send(msg));
188
- }
189
209
  bus.subscribe("function.invoked", async (evt) => {
190
210
  publish("function.invoked", evt.properties);
191
211
  updateFunction(evt.properties.functionID, (draft) => {
@@ -72,9 +72,11 @@ export class RemixSite extends SsrSite {
72
72
  // appropriate Lambda@Edge handler. We will utilise an internal asset
73
73
  // template to create this wrapper within the "core server build" output
74
74
  // directory.
75
+ // Ensure build directory exists
76
+ const buildPath = path.join(this.props.path, "build");
77
+ fs.mkdirSync(buildPath, { recursive: true });
75
78
  // Copy the server lambda handler
76
- const handler = path.join(this.props.path, "build", "server.js");
77
- fs.copyFileSync(path.resolve(__dirname, `../support/remix-site-function/${wrapperFile}`), handler);
79
+ fs.copyFileSync(path.resolve(__dirname, `../support/remix-site-function/${wrapperFile}`), path.join(buildPath, "server.js"));
78
80
  // Copy the Remix polyfil to the server build directory
79
81
  //
80
82
  // Note: We need to ensure that the polyfills are injected above other code that
@@ -82,10 +84,10 @@ export class RemixSite extends SsrSite {
82
84
  // doesn't appear to guarantee this, we therefore leverage ESBUild's
83
85
  // `inject` option to ensure that the polyfills are injected at the top of
84
86
  // the bundle.
85
- const polyfillDest = path.join(this.props.path, "build/polyfill.js");
87
+ const polyfillDest = path.join(buildPath, "polyfill.js");
86
88
  fs.copyFileSync(path.resolve(__dirname, "../support/remix-site-function/polyfill.js"), polyfillDest);
87
89
  return {
88
- handler: path.join(this.props.path, "build", "server.handler"),
90
+ handler: path.join(buildPath, "server.handler"),
89
91
  esbuild: { inject: [polyfillDest] },
90
92
  };
91
93
  }
@@ -195,6 +195,9 @@ function permissionsToStatementsAndGrants(permissions) {
195
195
  if (secret) {
196
196
  statements.push(buildPolicyStatement(["secretsmanager:GetSecretValue", "secretsmanager:DescribeSecret"], [secret.secretArn]));
197
197
  }
198
+ if (secret?.encryptionKey) {
199
+ statements.push(buildPolicyStatement(["kms:Decrypt"], [secret.encryptionKey.keyArn]));
200
+ }
198
201
  }
199
202
  ////////////////////////////////////
200
203
  // Case: grant method
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "sideEffects": false,
3
3
  "name": "sst",
4
- "version": "2.21.7",
4
+ "version": "2.21.8",
5
5
  "bin": {
6
6
  "sst": "cli/sst.js"
7
7
  },
package/sst.mjs CHANGED
@@ -6661,7 +6661,11 @@ import {
6661
6661
  RemovalPolicy
6662
6662
  } from "aws-cdk-lib/core";
6663
6663
  import { Function, Runtime as Runtime2, Code } from "aws-cdk-lib/aws-lambda";
6664
- import { PolicyStatement } from "aws-cdk-lib/aws-iam";
6664
+ import {
6665
+ ManagedPolicy,
6666
+ PermissionsBoundary,
6667
+ PolicyStatement
6668
+ } from "aws-cdk-lib/aws-iam";
6665
6669
  import { Rule } from "aws-cdk-lib/aws-events";
6666
6670
  import { LambdaFunction } from "aws-cdk-lib/aws-events-targets";
6667
6671
  import {
@@ -6815,6 +6819,14 @@ async function bootstrapSST() {
6815
6819
  }
6816
6820
  });
6817
6821
  rule.addTarget(new LambdaFunction(fn));
6822
+ if (cdk?.customPermissionsBoundary) {
6823
+ const boundaryPolicy = ManagedPolicy.fromManagedPolicyName(
6824
+ stack,
6825
+ "PermissionBoundaryPolicy",
6826
+ cdk.customPermissionsBoundary
6827
+ );
6828
+ PermissionsBoundary.of(stack).apply(boundaryPolicy);
6829
+ }
6818
6830
  new CfnOutput(stack, OUTPUT_VERSION, { value: LATEST_VERSION });
6819
6831
  new CfnOutput(stack, OUTPUT_BUCKET, { value: bucket.bucketName });
6820
6832
  const asm = app.synth();
@@ -7085,11 +7097,40 @@ async function useLocalServer(opts) {
7085
7097
  const wss = new WebSocketServer({ noServer: true });
7086
7098
  const wss2 = new WebSocketServer({ noServer: true });
7087
7099
  const sockets = /* @__PURE__ */ new Set();
7100
+ let buffer = [
7101
+ {
7102
+ type: "cli.dev",
7103
+ properties: {
7104
+ stage: project.config.stage,
7105
+ app: project.config.name
7106
+ }
7107
+ }
7108
+ ];
7109
+ function publish(type, properties) {
7110
+ const msg = {
7111
+ type,
7112
+ properties
7113
+ };
7114
+ buffer.push(msg);
7115
+ const json = JSON.stringify(msg);
7116
+ [...sockets.values()].map((s) => s.send(json));
7117
+ }
7088
7118
  wss2.on("connection", (socket, req) => {
7089
7119
  sockets.add(socket);
7120
+ for (const msg of buffer) {
7121
+ socket.send(JSON.stringify(msg));
7122
+ }
7090
7123
  socket.on("close", () => {
7091
7124
  sockets.delete(socket);
7092
7125
  });
7126
+ socket.on("message", (data2) => {
7127
+ const parsed = JSON.parse(data2.toString());
7128
+ if (parsed.type === "log.cleared") {
7129
+ buffer = buffer.filter(
7130
+ (msg) => msg.properties?.functionID !== parsed.properties?.functionID
7131
+ );
7132
+ }
7133
+ });
7093
7134
  });
7094
7135
  wss.on("connection", (socket, req) => {
7095
7136
  if (req.headers.origin?.endsWith("localhost:3000"))
@@ -7160,13 +7201,6 @@ async function useLocalServer(opts) {
7160
7201
  cb(func);
7161
7202
  });
7162
7203
  }
7163
- function publish(type, properties) {
7164
- const msg = JSON.stringify({
7165
- type,
7166
- properties
7167
- });
7168
- [...sockets.values()].map((s) => s.send(msg));
7169
- }
7170
7204
  bus.subscribe("function.invoked", async (evt) => {
7171
7205
  publish("function.invoked", evt.properties);
7172
7206
  updateFunction(evt.properties.functionID, (draft) => {