sst 2.40.1 → 2.40.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cdk/deploy-stack.js +2 -0
- package/cli/commands/bind.js +1 -1
- package/cli/commands/secrets/list.js +1 -1
- package/constructs/Api.d.ts +4 -4
- package/constructs/Api.js +1 -1
- package/constructs/ApiGatewayV1Api.d.ts +4 -4
- package/constructs/ApiGatewayV1Api.js +1 -1
- package/constructs/App.d.ts +2 -1
- package/constructs/App.js +7 -11
- package/constructs/AppSyncApi.d.ts +4 -4
- package/constructs/AppSyncApi.js +1 -1
- package/constructs/Auth.d.ts +2 -2
- package/constructs/Auth.js +3 -3
- package/constructs/Bucket.d.ts +5 -5
- package/constructs/Bucket.js +1 -1
- package/constructs/Cognito.d.ts +4 -3
- package/constructs/Cognito.js +1 -1
- package/constructs/Construct.d.ts +2 -2
- package/constructs/Cron.d.ts +3 -2
- package/constructs/Cron.js +1 -1
- package/constructs/EdgeFunction.d.ts +2 -2
- package/constructs/EdgeFunction.js +6 -9
- package/constructs/EventBus.d.ts +4 -4
- package/constructs/EventBus.js +1 -1
- package/constructs/Function.d.ts +42 -6
- package/constructs/Function.js +19 -14
- package/constructs/Job.d.ts +43 -4
- package/constructs/Job.js +11 -14
- package/constructs/KinesisStream.d.ts +4 -4
- package/constructs/KinesisStream.js +1 -1
- package/constructs/Parameter.d.ts +2 -2
- package/constructs/Parameter.js +1 -1
- package/constructs/Queue.d.ts +3 -3
- package/constructs/Queue.js +1 -1
- package/constructs/RDS.d.ts +2 -2
- package/constructs/RDS.js +1 -1
- package/constructs/Script.d.ts +3 -2
- package/constructs/Script.js +2 -2
- package/constructs/Secret.d.ts +2 -2
- package/constructs/Secret.js +2 -2
- package/constructs/Service.d.ts +43 -4
- package/constructs/Service.js +31 -15
- package/constructs/SsrFunction.d.ts +3 -2
- package/constructs/SsrFunction.js +7 -13
- package/constructs/SsrSite.d.ts +3 -3
- package/constructs/SsrSite.js +2 -2
- package/constructs/Stack.d.ts +2 -2
- package/constructs/StaticSite.d.ts +2 -2
- package/constructs/StaticSite.js +2 -2
- package/constructs/Table.d.ts +4 -4
- package/constructs/Table.js +1 -1
- package/constructs/Topic.d.ts +4 -4
- package/constructs/Topic.js +1 -1
- package/constructs/WebSocketApi.d.ts +4 -4
- package/constructs/WebSocketApi.js +1 -1
- package/constructs/deprecated/NextjsSite.d.ts +2 -2
- package/constructs/deprecated/NextjsSite.js +2 -2
- package/constructs/future/Auth.d.ts +2 -2
- package/constructs/future/Auth.js +2 -2
- package/constructs/util/{functionBinding.d.ts → binding.d.ts} +14 -6
- package/constructs/util/{functionBinding.js → binding.js} +28 -14
- package/package.json +2 -2
- package/runtime/handlers/container.js +42 -0
- package/runtime/handlers/rust.js +3 -2
package/constructs/Function.js
CHANGED
|
@@ -6,9 +6,10 @@ import zlib from "zlib";
|
|
|
6
6
|
import { Stack } from "./Stack.js";
|
|
7
7
|
import { Job } from "./Job.js";
|
|
8
8
|
import { Secret } from "./Config.js";
|
|
9
|
+
import { isSSTConstruct } from "./Construct.js";
|
|
9
10
|
import { toCdkSize } from "./util/size.js";
|
|
10
11
|
import { toCdkDuration } from "./util/duration.js";
|
|
11
|
-
import {
|
|
12
|
+
import { getBindingEnvironments, getBindingPermissions, getBindingReferencedSecrets, } from "./util/binding.js";
|
|
12
13
|
import { attachPermissionsToRole } from "./util/permission.js";
|
|
13
14
|
import * as functionUrlCors from "./util/functionUrlCors.js";
|
|
14
15
|
import url from "url";
|
|
@@ -251,6 +252,15 @@ export class Function extends CDKFunction {
|
|
|
251
252
|
...(props.container?.buildArgs
|
|
252
253
|
? { buildArgs: props.container.buildArgs }
|
|
253
254
|
: {}),
|
|
255
|
+
...(props.container?.buildSsh
|
|
256
|
+
? { buildSsh: props.container.buildSsh }
|
|
257
|
+
: {}),
|
|
258
|
+
...(props.container?.cacheFrom
|
|
259
|
+
? { cacheFrom: props.container.cacheFrom }
|
|
260
|
+
: {}),
|
|
261
|
+
...(props.container?.cacheTo
|
|
262
|
+
? { cacheTo: props.container.cacheTo }
|
|
263
|
+
: {}),
|
|
254
264
|
exclude: [".sst/dist", ".sst/artifacts"],
|
|
255
265
|
ignoreMode: IgnoreMode.GLOB,
|
|
256
266
|
});
|
|
@@ -341,20 +351,14 @@ export class Function extends CDKFunction {
|
|
|
341
351
|
bind(constructs) {
|
|
342
352
|
// Get referenced secrets
|
|
343
353
|
const referencedSecrets = [];
|
|
344
|
-
constructs.forEach((
|
|
345
|
-
[...constructs, ...referencedSecrets].forEach((
|
|
354
|
+
constructs.forEach((r) => referencedSecrets.push(...getBindingReferencedSecrets(r)));
|
|
355
|
+
[...constructs, ...referencedSecrets].forEach((r) => {
|
|
346
356
|
// Bind environment
|
|
347
|
-
const env =
|
|
357
|
+
const env = getBindingEnvironments(r);
|
|
348
358
|
Object.entries(env).forEach(([key, value]) => this.addEnvironment(key, value));
|
|
349
359
|
// Bind permissions
|
|
350
|
-
const
|
|
351
|
-
|
|
352
|
-
new PolicyStatement({
|
|
353
|
-
actions: [action],
|
|
354
|
-
effect: Effect.ALLOW,
|
|
355
|
-
resources,
|
|
356
|
-
}),
|
|
357
|
-
]));
|
|
360
|
+
const policyStatements = getBindingPermissions(r);
|
|
361
|
+
this.attachPermissions(policyStatements);
|
|
358
362
|
});
|
|
359
363
|
this.allBindings.push(...constructs, ...referencedSecrets);
|
|
360
364
|
}
|
|
@@ -389,14 +393,15 @@ export class Function extends CDKFunction {
|
|
|
389
393
|
missingSourcemap: this.missingSourcemap === true ? true : undefined,
|
|
390
394
|
localId: this.node.addr,
|
|
391
395
|
secrets: this.allBindings
|
|
392
|
-
.
|
|
396
|
+
.map((r) => (isSSTConstruct(r) ? r : r.resource))
|
|
397
|
+
.filter((r) => r instanceof Secret)
|
|
393
398
|
.map((c) => c.name),
|
|
394
399
|
prefetchSecrets: this.props.prefetchSecrets,
|
|
395
400
|
},
|
|
396
401
|
};
|
|
397
402
|
}
|
|
398
403
|
/** @internal */
|
|
399
|
-
|
|
404
|
+
getBindings() {
|
|
400
405
|
return {
|
|
401
406
|
clientPackage: "function",
|
|
402
407
|
variables: {
|
package/constructs/Job.d.ts
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { Construct } from "constructs";
|
|
2
|
+
import { DockerCacheOption } from "aws-cdk-lib/core";
|
|
2
3
|
import { Function as CdkFunction } from "aws-cdk-lib/aws-lambda";
|
|
3
4
|
import { Project } from "aws-cdk-lib/aws-codebuild";
|
|
4
5
|
import { RetentionDays } from "aws-cdk-lib/aws-logs";
|
|
@@ -6,11 +7,13 @@ import { SSTConstruct } from "./Construct.js";
|
|
|
6
7
|
import { NodeJSProps, FunctionCopyFilesProps } from "./Function.js";
|
|
7
8
|
import { Duration } from "./util/duration.js";
|
|
8
9
|
import { Permissions } from "./util/permission.js";
|
|
9
|
-
import {
|
|
10
|
+
import { BindingResource, BindingProps } from "./util/binding.js";
|
|
10
11
|
import { ISecurityGroup, IVpc, SubnetSelection } from "aws-cdk-lib/aws-ec2";
|
|
11
12
|
export type JobMemorySize = "3 GB" | "7 GB" | "15 GB" | "145 GB";
|
|
12
13
|
export interface JobNodeJSProps extends NodeJSProps {
|
|
13
14
|
}
|
|
15
|
+
export interface JobContainerCacheProps extends DockerCacheOption {
|
|
16
|
+
}
|
|
14
17
|
export interface JobContainerProps {
|
|
15
18
|
/**
|
|
16
19
|
* Specify or override the CMD on the Docker image.
|
|
@@ -45,6 +48,42 @@ export interface JobContainerProps {
|
|
|
45
48
|
* ```
|
|
46
49
|
*/
|
|
47
50
|
buildArgs?: Record<string, string>;
|
|
51
|
+
/**
|
|
52
|
+
* SSH agent socket or keys to pass to the docker build command.
|
|
53
|
+
* Docker BuildKit must be enabled to use the ssh flag
|
|
54
|
+
* @default No --ssh flag is passed to the build command
|
|
55
|
+
* @example
|
|
56
|
+
* ```js
|
|
57
|
+
* container: {
|
|
58
|
+
* buildSsh: "default"
|
|
59
|
+
* }
|
|
60
|
+
* ```
|
|
61
|
+
*/
|
|
62
|
+
buildSsh?: string;
|
|
63
|
+
/**
|
|
64
|
+
* Cache from options to pass to the docker build command.
|
|
65
|
+
* [DockerCacheOption](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecr_assets.DockerCacheOption.html)[].
|
|
66
|
+
* @default No cache from options are passed to the build command
|
|
67
|
+
* @example
|
|
68
|
+
* ```js
|
|
69
|
+
* container: {
|
|
70
|
+
* cacheFrom: [{ type: 'registry', params: { ref: 'ghcr.io/myorg/myimage:cache' }}],
|
|
71
|
+
* }
|
|
72
|
+
* ```
|
|
73
|
+
*/
|
|
74
|
+
cacheFrom?: JobContainerCacheProps[];
|
|
75
|
+
/**
|
|
76
|
+
* Cache to options to pass to the docker build command.
|
|
77
|
+
* [DockerCacheOption](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecr_assets.DockerCacheOption.html)[].
|
|
78
|
+
* @default No cache to options are passed to the build command
|
|
79
|
+
* @example
|
|
80
|
+
* ```js
|
|
81
|
+
* container: {
|
|
82
|
+
* cacheTo: { type: 'registry', params: { ref: 'ghcr.io/myorg/myimage:cache', mode: 'max', compression: 'zstd' }},
|
|
83
|
+
* }
|
|
84
|
+
* ```
|
|
85
|
+
*/
|
|
86
|
+
cacheTo?: JobContainerCacheProps;
|
|
48
87
|
}
|
|
49
88
|
export interface JobProps {
|
|
50
89
|
/**
|
|
@@ -180,7 +219,7 @@ export interface JobProps {
|
|
|
180
219
|
* })
|
|
181
220
|
* ```
|
|
182
221
|
*/
|
|
183
|
-
bind?:
|
|
222
|
+
bind?: BindingResource[];
|
|
184
223
|
/**
|
|
185
224
|
* Attaches the given list of permissions to the job. Configuring this property is equivalent to calling `attachPermissions()` after the job is created.
|
|
186
225
|
*
|
|
@@ -292,7 +331,7 @@ export declare class Job extends Construct implements SSTConstruct {
|
|
|
292
331
|
};
|
|
293
332
|
};
|
|
294
333
|
/** @internal */
|
|
295
|
-
|
|
334
|
+
getBindings(): BindingProps;
|
|
296
335
|
/**
|
|
297
336
|
* Binds additional resources to job.
|
|
298
337
|
*
|
|
@@ -301,7 +340,7 @@ export declare class Job extends Construct implements SSTConstruct {
|
|
|
301
340
|
* job.bind([STRIPE_KEY, bucket]);
|
|
302
341
|
* ```
|
|
303
342
|
*/
|
|
304
|
-
bind(constructs:
|
|
343
|
+
bind(constructs: BindingResource[]): void;
|
|
305
344
|
/**
|
|
306
345
|
* Attaches the given list of [permissions](Permissions.md) to the job. This allows the job to access other AWS resources.
|
|
307
346
|
*
|
package/constructs/Job.js
CHANGED
|
@@ -2,7 +2,7 @@ import url from "url";
|
|
|
2
2
|
import path from "path";
|
|
3
3
|
import fs from "fs/promises";
|
|
4
4
|
import { Construct } from "constructs";
|
|
5
|
-
import { Duration as CdkDuration, IgnoreMode } from "aws-cdk-lib/core";
|
|
5
|
+
import { Duration as CdkDuration, IgnoreMode, } from "aws-cdk-lib/core";
|
|
6
6
|
import { Platform } from "aws-cdk-lib/aws-ecr-assets";
|
|
7
7
|
import { PolicyStatement, Effect } from "aws-cdk-lib/aws-iam";
|
|
8
8
|
import { AssetCode, Code, Runtime, Function as CdkFunction, } from "aws-cdk-lib/aws-lambda";
|
|
@@ -12,7 +12,7 @@ import { Stack } from "./Stack.js";
|
|
|
12
12
|
import { Function, useFunctions, } from "./Function.js";
|
|
13
13
|
import { toCdkDuration } from "./util/duration.js";
|
|
14
14
|
import { attachPermissionsToRole } from "./util/permission.js";
|
|
15
|
-
import {
|
|
15
|
+
import { getBindingEnvironments, getBindingPermissions, getBindingReferencedSecrets, } from "./util/binding.js";
|
|
16
16
|
import { useDeferredTasks } from "./deferred_task.js";
|
|
17
17
|
import { useProject } from "../project.js";
|
|
18
18
|
import { useRuntimeHandlers } from "../runtime/handlers.js";
|
|
@@ -83,7 +83,7 @@ export class Job extends Construct {
|
|
|
83
83
|
};
|
|
84
84
|
}
|
|
85
85
|
/** @internal */
|
|
86
|
-
|
|
86
|
+
getBindings() {
|
|
87
87
|
return {
|
|
88
88
|
clientPackage: "job",
|
|
89
89
|
variables: {
|
|
@@ -219,6 +219,9 @@ export class Job extends Construct {
|
|
|
219
219
|
: Platform.custom("linux/amd64"),
|
|
220
220
|
file: container?.file,
|
|
221
221
|
buildArgs: container?.buildArgs,
|
|
222
|
+
buildSsh: container?.buildSsh,
|
|
223
|
+
cacheFrom: container?.cacheFrom,
|
|
224
|
+
cacheTo: container?.cacheTo,
|
|
222
225
|
exclude: [".sst/dist", ".sst/artifacts"],
|
|
223
226
|
ignoreMode: IgnoreMode.GLOB,
|
|
224
227
|
});
|
|
@@ -351,20 +354,14 @@ export class Job extends Construct {
|
|
|
351
354
|
bindForCodeBuild(constructs) {
|
|
352
355
|
// Get referenced secrets
|
|
353
356
|
const referencedSecrets = [];
|
|
354
|
-
constructs.forEach((
|
|
355
|
-
[...constructs, ...referencedSecrets].forEach((
|
|
357
|
+
constructs.forEach((r) => referencedSecrets.push(...getBindingReferencedSecrets(r)));
|
|
358
|
+
[...constructs, ...referencedSecrets].forEach((r) => {
|
|
356
359
|
// Bind environment
|
|
357
|
-
const env =
|
|
360
|
+
const env = getBindingEnvironments(r);
|
|
358
361
|
Object.entries(env).forEach(([key, value]) => this.addEnvironmentForCodeBuild(key, value));
|
|
359
362
|
// Bind permissions
|
|
360
|
-
const
|
|
361
|
-
|
|
362
|
-
new PolicyStatement({
|
|
363
|
-
actions: [action],
|
|
364
|
-
effect: Effect.ALLOW,
|
|
365
|
-
resources,
|
|
366
|
-
}),
|
|
367
|
-
]));
|
|
363
|
+
const policyStatements = getBindingPermissions(r);
|
|
364
|
+
this.attachPermissionsForCodeBuild(policyStatements);
|
|
368
365
|
});
|
|
369
366
|
}
|
|
370
367
|
attachPermissionsForCodeBuild(permissions) {
|
|
@@ -3,7 +3,7 @@ import * as kinesis from "aws-cdk-lib/aws-kinesis";
|
|
|
3
3
|
import * as lambdaEventSources from "aws-cdk-lib/aws-lambda-event-sources";
|
|
4
4
|
import { SSTConstruct } from "./Construct.js";
|
|
5
5
|
import { Function as Fn, FunctionProps, FunctionInlineDefinition, FunctionDefinition } from "./Function.js";
|
|
6
|
-
import {
|
|
6
|
+
import { BindingResource, BindingProps } from "./util/binding.js";
|
|
7
7
|
import { Permissions } from "./util/permission.js";
|
|
8
8
|
/**
|
|
9
9
|
* Used to define the function consumer for the stream
|
|
@@ -166,7 +166,7 @@ export declare class KinesisStream extends Construct implements SSTConstruct {
|
|
|
166
166
|
* stream.bind([STRIPE_KEY, bucket]]);
|
|
167
167
|
* ```
|
|
168
168
|
*/
|
|
169
|
-
bind(constructs:
|
|
169
|
+
bind(constructs: BindingResource[]): void;
|
|
170
170
|
/**
|
|
171
171
|
* Binds the given list of resources to a specific consumer.
|
|
172
172
|
*
|
|
@@ -175,7 +175,7 @@ export declare class KinesisStream extends Construct implements SSTConstruct {
|
|
|
175
175
|
* stream.bindToConsumer("consumer1", [STRIPE_KEY, bucket]);
|
|
176
176
|
* ```
|
|
177
177
|
*/
|
|
178
|
-
bindToConsumer(consumerName: string, constructs:
|
|
178
|
+
bindToConsumer(consumerName: string, constructs: BindingResource[]): void;
|
|
179
179
|
/**
|
|
180
180
|
* Attaches the given list of permissions to all the consumers. This allows the functions to access other AWS resources.
|
|
181
181
|
*
|
|
@@ -218,7 +218,7 @@ export declare class KinesisStream extends Construct implements SSTConstruct {
|
|
|
218
218
|
};
|
|
219
219
|
};
|
|
220
220
|
/** @internal */
|
|
221
|
-
|
|
221
|
+
getBindings(): BindingProps;
|
|
222
222
|
private createStream;
|
|
223
223
|
private addConsumer;
|
|
224
224
|
}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { Construct } from "constructs";
|
|
2
2
|
import { SSTConstruct } from "./Construct.js";
|
|
3
|
-
import {
|
|
3
|
+
import { BindingProps } from "./util/binding.js";
|
|
4
4
|
export interface ParameterProps {
|
|
5
5
|
/**
|
|
6
6
|
* Value of the parameter
|
|
@@ -32,6 +32,6 @@ export declare class Parameter extends Construct implements SSTConstruct {
|
|
|
32
32
|
};
|
|
33
33
|
};
|
|
34
34
|
/** @internal */
|
|
35
|
-
|
|
35
|
+
getBindings(): BindingProps;
|
|
36
36
|
static create<T extends Record<string, any>>(scope: Construct, parameters: T): { [key in keyof T]: Parameter; };
|
|
37
37
|
}
|
package/constructs/Parameter.js
CHANGED
package/constructs/Queue.d.ts
CHANGED
|
@@ -4,7 +4,7 @@ import * as lambda from "aws-cdk-lib/aws-lambda";
|
|
|
4
4
|
import * as lambdaEventSources from "aws-cdk-lib/aws-lambda-event-sources";
|
|
5
5
|
import { SSTConstruct } from "./Construct.js";
|
|
6
6
|
import { Function as Fn, FunctionInlineDefinition, FunctionDefinition } from "./Function.js";
|
|
7
|
-
import {
|
|
7
|
+
import { BindingResource, BindingProps } from "./util/binding.js";
|
|
8
8
|
import { Permissions } from "./util/permission.js";
|
|
9
9
|
/**
|
|
10
10
|
* Used to define the consumer for the queue and invocation details
|
|
@@ -164,7 +164,7 @@ export declare class Queue extends Construct implements SSTConstruct {
|
|
|
164
164
|
* queue.bind([STRIPE_KEY, bucket]);
|
|
165
165
|
* ```
|
|
166
166
|
*/
|
|
167
|
-
bind(constructs:
|
|
167
|
+
bind(constructs: BindingResource[]): void;
|
|
168
168
|
/**
|
|
169
169
|
* Attaches additional permissions to the consumer function
|
|
170
170
|
*
|
|
@@ -189,6 +189,6 @@ export declare class Queue extends Construct implements SSTConstruct {
|
|
|
189
189
|
};
|
|
190
190
|
};
|
|
191
191
|
/** @internal */
|
|
192
|
-
|
|
192
|
+
getBindings(): BindingProps;
|
|
193
193
|
private createQueue;
|
|
194
194
|
}
|
package/constructs/Queue.js
CHANGED
package/constructs/RDS.d.ts
CHANGED
|
@@ -4,7 +4,7 @@ import { AuroraCapacityUnit, Endpoint, IServerlessCluster, ServerlessCluster, Se
|
|
|
4
4
|
import { ISecret } from "aws-cdk-lib/aws-secretsmanager";
|
|
5
5
|
import { SSTConstruct } from "./Construct.js";
|
|
6
6
|
import { Function as Fn } from "./Function.js";
|
|
7
|
-
import {
|
|
7
|
+
import { BindingProps } from "./util/binding.js";
|
|
8
8
|
export interface RDSTypes {
|
|
9
9
|
path: string;
|
|
10
10
|
camelCase?: boolean;
|
|
@@ -204,7 +204,7 @@ export declare class RDS extends Construct implements SSTConstruct {
|
|
|
204
204
|
};
|
|
205
205
|
};
|
|
206
206
|
/** @internal */
|
|
207
|
-
|
|
207
|
+
getBindings(): BindingProps;
|
|
208
208
|
private validateRequiredProps;
|
|
209
209
|
private validateCDKPropWhenIsConstruct;
|
|
210
210
|
private validateCDKPropWhenIsClusterProps;
|
package/constructs/RDS.js
CHANGED
package/constructs/Script.d.ts
CHANGED
|
@@ -2,6 +2,7 @@ import { Construct } from "constructs";
|
|
|
2
2
|
import { Function as Fn, FunctionProps, FunctionDefinition } from "./Function.js";
|
|
3
3
|
import { SSTConstruct } from "./Construct.js";
|
|
4
4
|
import { Permissions } from "./util/permission.js";
|
|
5
|
+
import { BindingResource } from "./util/binding.js";
|
|
5
6
|
export interface ScriptProps {
|
|
6
7
|
/**
|
|
7
8
|
* An object of input parameters to be passed to the script. Made available in the `event` object of the function.
|
|
@@ -123,7 +124,7 @@ export declare class Script extends Construct implements SSTConstruct {
|
|
|
123
124
|
* script.bind([STRIPE_KEY, bucket]);
|
|
124
125
|
* ```
|
|
125
126
|
*/
|
|
126
|
-
bind(constructs:
|
|
127
|
+
bind(constructs: BindingResource[]): void;
|
|
127
128
|
/**
|
|
128
129
|
* Grants additional permissions to the script
|
|
129
130
|
*
|
|
@@ -156,5 +157,5 @@ export declare class Script extends Construct implements SSTConstruct {
|
|
|
156
157
|
};
|
|
157
158
|
};
|
|
158
159
|
/** @internal */
|
|
159
|
-
|
|
160
|
+
getBindings(): undefined;
|
|
160
161
|
}
|
package/constructs/Script.js
CHANGED
|
@@ -6,7 +6,7 @@ import { PolicyStatement } from "aws-cdk-lib/aws-iam";
|
|
|
6
6
|
import { Code, Runtime, Function as CdkFunction } from "aws-cdk-lib/aws-lambda";
|
|
7
7
|
import { Stack } from "./Stack.js";
|
|
8
8
|
import { Function as Fn, } from "./Function.js";
|
|
9
|
-
import { getFunctionRef
|
|
9
|
+
import { getFunctionRef } from "./Construct.js";
|
|
10
10
|
const __dirname = path.dirname(url.fileURLToPath(import.meta.url));
|
|
11
11
|
/////////////////////
|
|
12
12
|
// Construct
|
|
@@ -175,7 +175,7 @@ export class Script extends Construct {
|
|
|
175
175
|
};
|
|
176
176
|
}
|
|
177
177
|
/** @internal */
|
|
178
|
-
|
|
178
|
+
getBindings() {
|
|
179
179
|
return undefined;
|
|
180
180
|
}
|
|
181
181
|
}
|
package/constructs/Secret.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { Construct } from "constructs";
|
|
2
2
|
import { SSTConstruct } from "./Construct.js";
|
|
3
|
-
import {
|
|
3
|
+
import { BindingProps } from "./util/binding.js";
|
|
4
4
|
/**
|
|
5
5
|
* The `Secret` construct is a higher level CDK construct that makes it easy to manage app secrets.
|
|
6
6
|
*
|
|
@@ -25,6 +25,6 @@ export declare class Secret extends Construct implements SSTConstruct {
|
|
|
25
25
|
};
|
|
26
26
|
};
|
|
27
27
|
/** @internal */
|
|
28
|
-
|
|
28
|
+
getBindings(): BindingProps;
|
|
29
29
|
static create<T extends string[]>(scope: Construct, ...parameters: T): { [key in T[number]]: Secret; };
|
|
30
30
|
}
|
package/constructs/Secret.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { Construct } from "constructs";
|
|
2
2
|
import { Stack } from "./Stack.js";
|
|
3
|
-
import { getParameterPath, getParameterFallbackPath, } from "./util/
|
|
3
|
+
import { getParameterPath, getParameterFallbackPath, } from "./util/binding.js";
|
|
4
4
|
/**
|
|
5
5
|
* The `Secret` construct is a higher level CDK construct that makes it easy to manage app secrets.
|
|
6
6
|
*
|
|
@@ -33,7 +33,7 @@ export class Secret extends Construct {
|
|
|
33
33
|
};
|
|
34
34
|
}
|
|
35
35
|
/** @internal */
|
|
36
|
-
|
|
36
|
+
getBindings() {
|
|
37
37
|
const app = this.node.root;
|
|
38
38
|
const partition = Stack.of(this).partition;
|
|
39
39
|
return {
|
package/constructs/Service.d.ts
CHANGED
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
import { Construct } from "constructs";
|
|
2
|
+
import { DockerCacheOption } from "aws-cdk-lib/core";
|
|
2
3
|
import { DistributionProps } from "aws-cdk-lib/aws-cloudfront";
|
|
3
4
|
import { DistributionDomainProps } from "./Distribution.js";
|
|
4
5
|
import { SSTConstruct } from "./Construct.js";
|
|
5
6
|
import { Permissions } from "./util/permission.js";
|
|
6
|
-
import {
|
|
7
|
+
import { BindingProps, BindingResource } from "./util/binding.js";
|
|
7
8
|
import { IVpc } from "aws-cdk-lib/aws-ec2";
|
|
8
9
|
import { Cluster, ContainerDefinitionOptions, CpuArchitecture, FargateService, FargateTaskDefinition, FargateServiceProps } from "aws-cdk-lib/aws-ecs";
|
|
9
10
|
import { RetentionDays } from "aws-cdk-lib/aws-logs";
|
|
@@ -21,6 +22,8 @@ export interface ServiceDomainProps extends DistributionDomainProps {
|
|
|
21
22
|
}
|
|
22
23
|
export interface ServiceCdkDistributionProps extends Omit<DistributionProps, "defaultBehavior"> {
|
|
23
24
|
}
|
|
25
|
+
export interface ServiceContainerCacheProps extends DockerCacheOption {
|
|
26
|
+
}
|
|
24
27
|
export interface ServiceProps {
|
|
25
28
|
/**
|
|
26
29
|
* Path to the directory where the app is located.
|
|
@@ -167,7 +170,7 @@ export interface ServiceProps {
|
|
|
167
170
|
* }
|
|
168
171
|
* ```
|
|
169
172
|
*/
|
|
170
|
-
bind?:
|
|
173
|
+
bind?: BindingResource[];
|
|
171
174
|
/**
|
|
172
175
|
* The customDomain for this service. SST supports domains that are hosted
|
|
173
176
|
* either on [Route 53](https://aws.amazon.com/route53/) or externally.
|
|
@@ -255,6 +258,42 @@ export interface ServiceProps {
|
|
|
255
258
|
* ```
|
|
256
259
|
*/
|
|
257
260
|
buildArgs?: Record<string, string>;
|
|
261
|
+
/**
|
|
262
|
+
* SSH agent socket or keys to pass to the docker build command.
|
|
263
|
+
* Docker BuildKit must be enabled to use the ssh flag
|
|
264
|
+
* @default No --ssh flag is passed to the build command
|
|
265
|
+
* @example
|
|
266
|
+
* ```js
|
|
267
|
+
* container: {
|
|
268
|
+
* buildSsh: "default"
|
|
269
|
+
* }
|
|
270
|
+
* ```
|
|
271
|
+
*/
|
|
272
|
+
buildSsh?: string;
|
|
273
|
+
/**
|
|
274
|
+
* Cache from options to pass to the docker build command.
|
|
275
|
+
* [DockerCacheOption](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecr_assets.DockerCacheOption.html)[].
|
|
276
|
+
* @default No cache from options are passed to the build command
|
|
277
|
+
* @example
|
|
278
|
+
* ```js
|
|
279
|
+
* container: {
|
|
280
|
+
* cacheFrom: [{ type: 'registry', params: { ref: 'ghcr.io/myorg/myimage:cache' }}],
|
|
281
|
+
* }
|
|
282
|
+
* ```
|
|
283
|
+
*/
|
|
284
|
+
cacheFrom?: ServiceContainerCacheProps[];
|
|
285
|
+
/**
|
|
286
|
+
* Cache to options to pass to the docker build command.
|
|
287
|
+
* [DockerCacheOption](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecr_assets.DockerCacheOption.html)[].
|
|
288
|
+
* @default No cache to options are passed to the build command
|
|
289
|
+
* @example
|
|
290
|
+
* ```js
|
|
291
|
+
* container: {
|
|
292
|
+
* cacheTo: { type: 'registry', params: { ref: 'ghcr.io/myorg/myimage:cache', mode: 'max', compression: 'zstd' }},
|
|
293
|
+
* }
|
|
294
|
+
* ```
|
|
295
|
+
*/
|
|
296
|
+
cacheTo?: ServiceContainerCacheProps;
|
|
258
297
|
};
|
|
259
298
|
dev?: {
|
|
260
299
|
/**
|
|
@@ -446,7 +485,7 @@ export declare class Service extends Construct implements SSTConstruct {
|
|
|
446
485
|
};
|
|
447
486
|
};
|
|
448
487
|
/** @internal */
|
|
449
|
-
|
|
488
|
+
getBindings(): BindingProps;
|
|
450
489
|
/**
|
|
451
490
|
* Binds additional resources to service.
|
|
452
491
|
*
|
|
@@ -455,7 +494,7 @@ export declare class Service extends Construct implements SSTConstruct {
|
|
|
455
494
|
* service.bind([STRIPE_KEY, bucket]);
|
|
456
495
|
* ```
|
|
457
496
|
*/
|
|
458
|
-
bind(constructs:
|
|
497
|
+
bind(constructs: BindingResource[]): void;
|
|
459
498
|
/**
|
|
460
499
|
* Attaches the given list of permissions to allow the service
|
|
461
500
|
* to access other AWS resources.
|
package/constructs/Service.js
CHANGED
|
@@ -6,8 +6,8 @@ import { execAsync } from "../util/process.js";
|
|
|
6
6
|
import { existsAsync } from "../util/fs.js";
|
|
7
7
|
import { Colors } from "../cli/colors.js";
|
|
8
8
|
import { Construct } from "constructs";
|
|
9
|
-
import { Duration as CdkDuration, IgnoreMode } from "aws-cdk-lib/core";
|
|
10
|
-
import { Role,
|
|
9
|
+
import { Duration as CdkDuration, IgnoreMode, } from "aws-cdk-lib/core";
|
|
10
|
+
import { Role, AccountPrincipal, ServicePrincipal, CompositePrincipal, } from "aws-cdk-lib/aws-iam";
|
|
11
11
|
import { ViewerProtocolPolicy, AllowedMethods, CachedMethods, CachePolicy, CacheQueryStringBehavior, CacheHeaderBehavior, CacheCookieBehavior, OriginProtocolPolicy, OriginRequestPolicy, } from "aws-cdk-lib/aws-cloudfront";
|
|
12
12
|
import { HttpOrigin } from "aws-cdk-lib/aws-cloudfront-origins";
|
|
13
13
|
import { Stack } from "./Stack.js";
|
|
@@ -16,7 +16,7 @@ import { Function } from "./Function.js";
|
|
|
16
16
|
import { Secret } from "./Secret.js";
|
|
17
17
|
import { useDeferredTasks } from "./deferred_task.js";
|
|
18
18
|
import { attachPermissionsToRole } from "./util/permission.js";
|
|
19
|
-
import {
|
|
19
|
+
import { getParameterPath, getBindingEnvironments, getBindingPermissions, getBindingReferencedSecrets, } from "./util/binding.js";
|
|
20
20
|
import { useProject } from "../project.js";
|
|
21
21
|
import { Vpc } from "aws-cdk-lib/aws-ec2";
|
|
22
22
|
import { AwsLogDriver, Cluster, ContainerImage, CpuArchitecture, FargateService, FargateTaskDefinition, } from "aws-cdk-lib/aws-ecs";
|
|
@@ -277,7 +277,7 @@ export class Service extends Construct {
|
|
|
277
277
|
};
|
|
278
278
|
}
|
|
279
279
|
/** @internal */
|
|
280
|
-
|
|
280
|
+
getBindings() {
|
|
281
281
|
const app = this.node.root;
|
|
282
282
|
return this.distribution
|
|
283
283
|
? {
|
|
@@ -557,20 +557,14 @@ export class Service extends Construct {
|
|
|
557
557
|
bindForService(constructs) {
|
|
558
558
|
// Get referenced secrets
|
|
559
559
|
const referencedSecrets = [];
|
|
560
|
-
constructs.forEach((
|
|
561
|
-
[...constructs, ...referencedSecrets].forEach((
|
|
560
|
+
constructs.forEach((r) => referencedSecrets.push(...getBindingReferencedSecrets(r)));
|
|
561
|
+
[...constructs, ...referencedSecrets].forEach((r) => {
|
|
562
562
|
// Bind environment
|
|
563
|
-
const env =
|
|
563
|
+
const env = getBindingEnvironments(r);
|
|
564
564
|
Object.entries(env).forEach(([key, value]) => this.addEnvironmentForService(key, value));
|
|
565
565
|
// Bind permissions
|
|
566
|
-
const
|
|
567
|
-
|
|
568
|
-
new PolicyStatement({
|
|
569
|
-
actions: [action],
|
|
570
|
-
effect: Effect.ALLOW,
|
|
571
|
-
resources,
|
|
572
|
-
}),
|
|
573
|
-
]));
|
|
566
|
+
const policyStatements = getBindingPermissions(r);
|
|
567
|
+
this.attachPermissionsForService(policyStatements);
|
|
574
568
|
});
|
|
575
569
|
}
|
|
576
570
|
addEnvironmentForService(name, value) {
|
|
@@ -639,6 +633,25 @@ export class Service extends Construct {
|
|
|
639
633
|
`--platform ${platform}`,
|
|
640
634
|
`-f ${path.join(servicePath, dockerfile)}`,
|
|
641
635
|
...Object.entries(build?.buildArgs || {}).map(([k, v]) => `--build-arg ${k}=${v}`),
|
|
636
|
+
...(build?.buildSsh ? [`--ssh ${build.buildSsh}`] : []),
|
|
637
|
+
...(build?.cacheFrom || []).map((v) => "--cache-from=" +
|
|
638
|
+
[
|
|
639
|
+
`type=${v.type}`,
|
|
640
|
+
...(v.params
|
|
641
|
+
? Object.entries(v.params).map(([pk, pv]) => `${pk}=${pv}`)
|
|
642
|
+
: []),
|
|
643
|
+
].join(",")),
|
|
644
|
+
...(build?.cacheTo
|
|
645
|
+
? [
|
|
646
|
+
"--cache-to " +
|
|
647
|
+
[
|
|
648
|
+
`type=${build?.cacheTo.type}`,
|
|
649
|
+
...(build?.cacheTo?.params
|
|
650
|
+
? Object.entries(build?.cacheTo?.params).map(([pk, pv]) => `${pk}=${pv}`)
|
|
651
|
+
: []).join(","),
|
|
652
|
+
],
|
|
653
|
+
]
|
|
654
|
+
: []),
|
|
642
655
|
this.props.path,
|
|
643
656
|
].join(" "), {
|
|
644
657
|
env: {
|
|
@@ -657,6 +670,9 @@ export class Service extends Construct {
|
|
|
657
670
|
platform: architecture === "arm64" ? Platform.LINUX_ARM64 : Platform.LINUX_AMD64,
|
|
658
671
|
file: dockerfile,
|
|
659
672
|
buildArgs: build?.buildArgs,
|
|
673
|
+
buildSsh: build?.buildSsh,
|
|
674
|
+
cacheFrom: build?.cacheFrom,
|
|
675
|
+
cacheTo: build?.cacheTo,
|
|
660
676
|
exclude: [".sst/dist", ".sst/artifacts"],
|
|
661
677
|
ignoreMode: IgnoreMode.GLOB,
|
|
662
678
|
});
|
|
@@ -4,6 +4,7 @@ import { RetentionDays } from "aws-cdk-lib/aws-logs";
|
|
|
4
4
|
import { FunctionOptions, Function as CdkFunction, FunctionUrlOptions } from "aws-cdk-lib/aws-lambda";
|
|
5
5
|
import { NodeJSProps, FunctionCopyFilesProps } from "./Function.js";
|
|
6
6
|
import { SSTConstruct } from "./Construct.js";
|
|
7
|
+
import { BindingResource } from "./util/binding.js";
|
|
7
8
|
import { Permissions } from "./util/permission.js";
|
|
8
9
|
import { Size } from "./util/size.js";
|
|
9
10
|
import { Duration } from "./util/duration.js";
|
|
@@ -15,7 +16,7 @@ export interface SsrFunctionProps extends Omit<FunctionOptions, "memorySize" | "
|
|
|
15
16
|
memorySize?: number | Size;
|
|
16
17
|
permissions?: Permissions;
|
|
17
18
|
environment?: Record<string, string>;
|
|
18
|
-
bind?:
|
|
19
|
+
bind?: BindingResource[];
|
|
19
20
|
nodejs?: NodeJSProps;
|
|
20
21
|
copyFiles?: FunctionCopyFilesProps[];
|
|
21
22
|
logRetention?: RetentionDays;
|
|
@@ -64,5 +65,5 @@ export declare class SsrFunction extends Construct implements SSTConstruct {
|
|
|
64
65
|
};
|
|
65
66
|
};
|
|
66
67
|
/** @internal */
|
|
67
|
-
|
|
68
|
+
getBindings(): undefined;
|
|
68
69
|
}
|