sst 2.40.3 → 2.40.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cli/commands/bind.js +1 -1
- package/cli/commands/secrets/list.js +1 -1
- package/constructs/Api.d.ts +4 -4
- package/constructs/Api.js +1 -1
- package/constructs/ApiGatewayV1Api.d.ts +4 -4
- package/constructs/ApiGatewayV1Api.js +1 -1
- package/constructs/App.d.ts +2 -1
- package/constructs/App.js +7 -11
- package/constructs/AppSyncApi.d.ts +4 -4
- package/constructs/AppSyncApi.js +1 -1
- package/constructs/Auth.d.ts +2 -2
- package/constructs/Auth.js +3 -3
- package/constructs/Bucket.d.ts +5 -5
- package/constructs/Bucket.js +1 -1
- package/constructs/Cognito.d.ts +4 -3
- package/constructs/Cognito.js +1 -1
- package/constructs/Construct.d.ts +2 -2
- package/constructs/Cron.d.ts +3 -2
- package/constructs/Cron.js +1 -1
- package/constructs/EdgeFunction.d.ts +2 -2
- package/constructs/EdgeFunction.js +6 -9
- package/constructs/EventBus.d.ts +4 -4
- package/constructs/EventBus.js +1 -1
- package/constructs/Function.d.ts +42 -6
- package/constructs/Function.js +19 -14
- package/constructs/Job.d.ts +43 -4
- package/constructs/Job.js +11 -14
- package/constructs/KinesisStream.d.ts +4 -4
- package/constructs/KinesisStream.js +1 -1
- package/constructs/Parameter.d.ts +2 -2
- package/constructs/Parameter.js +1 -1
- package/constructs/Queue.d.ts +3 -3
- package/constructs/Queue.js +1 -1
- package/constructs/RDS.d.ts +2 -2
- package/constructs/RDS.js +1 -1
- package/constructs/Script.d.ts +3 -2
- package/constructs/Script.js +2 -2
- package/constructs/Secret.d.ts +2 -2
- package/constructs/Secret.js +2 -2
- package/constructs/Service.d.ts +43 -4
- package/constructs/Service.js +31 -15
- package/constructs/SsrFunction.d.ts +3 -2
- package/constructs/SsrFunction.js +7 -13
- package/constructs/SsrSite.d.ts +3 -3
- package/constructs/SsrSite.js +2 -2
- package/constructs/Stack.d.ts +2 -2
- package/constructs/StaticSite.d.ts +2 -2
- package/constructs/StaticSite.js +2 -2
- package/constructs/Table.d.ts +4 -4
- package/constructs/Table.js +1 -1
- package/constructs/Topic.d.ts +4 -4
- package/constructs/Topic.js +1 -1
- package/constructs/WebSocketApi.d.ts +4 -4
- package/constructs/WebSocketApi.js +1 -1
- package/constructs/deprecated/NextjsSite.d.ts +2 -2
- package/constructs/deprecated/NextjsSite.js +2 -2
- package/constructs/future/Auth.d.ts +2 -2
- package/constructs/future/Auth.js +2 -2
- package/constructs/util/{functionBinding.d.ts → binding.d.ts} +14 -6
- package/constructs/util/{functionBinding.js → binding.js} +28 -14
- package/package.json +2 -2
- package/runtime/handlers/container.js +42 -0
- package/runtime/handlers/rust.js +3 -2
|
@@ -13,7 +13,7 @@ import { useProject } from "../project.js";
|
|
|
13
13
|
import { useRuntimeHandlers } from "../runtime/handlers.js";
|
|
14
14
|
import { useFunctions, } from "./Function.js";
|
|
15
15
|
import { Stack } from "./Stack.js";
|
|
16
|
-
import {
|
|
16
|
+
import { getBindingEnvironments, getBindingPermissions, getBindingReferencedSecrets, } from "./util/binding.js";
|
|
17
17
|
import { attachPermissionsToRole } from "./util/permission.js";
|
|
18
18
|
import { toCdkSize } from "./util/size.js";
|
|
19
19
|
import { toCdkDuration } from "./util/duration.js";
|
|
@@ -193,20 +193,14 @@ export class SsrFunction extends Construct {
|
|
|
193
193
|
this.function.addEnvironment("SST_SSM_PREFIX", useProject().config.ssmPrefix);
|
|
194
194
|
// Get referenced secrets
|
|
195
195
|
const referencedSecrets = [];
|
|
196
|
-
constructs.forEach((
|
|
197
|
-
[...constructs, ...referencedSecrets].forEach((
|
|
196
|
+
constructs.forEach((r) => referencedSecrets.push(...getBindingReferencedSecrets(r)));
|
|
197
|
+
[...constructs, ...referencedSecrets].forEach((r) => {
|
|
198
198
|
// Bind environment
|
|
199
|
-
const env =
|
|
199
|
+
const env = getBindingEnvironments(r);
|
|
200
200
|
Object.entries(env).forEach(([key, value]) => this.function.addEnvironment(key, value));
|
|
201
201
|
// Bind permissions
|
|
202
|
-
const
|
|
203
|
-
|
|
204
|
-
new PolicyStatement({
|
|
205
|
-
actions: [action],
|
|
206
|
-
effect: Effect.ALLOW,
|
|
207
|
-
resources,
|
|
208
|
-
}),
|
|
209
|
-
]));
|
|
202
|
+
const policyStatements = getBindingPermissions(r);
|
|
203
|
+
this.attachPermissions(policyStatements);
|
|
210
204
|
});
|
|
211
205
|
}
|
|
212
206
|
async buildAssetFromHandler() {
|
|
@@ -323,7 +317,7 @@ export class SsrFunction extends Construct {
|
|
|
323
317
|
};
|
|
324
318
|
}
|
|
325
319
|
/** @internal */
|
|
326
|
-
|
|
320
|
+
getBindings() {
|
|
327
321
|
return undefined;
|
|
328
322
|
}
|
|
329
323
|
}
|
package/constructs/SsrSite.d.ts
CHANGED
|
@@ -12,7 +12,7 @@ import { BaseSiteFileOptions, BaseSiteReplaceProps, BaseSiteCdkDistributionProps
|
|
|
12
12
|
import { Size } from "./util/size.js";
|
|
13
13
|
import { Duration } from "./util/duration.js";
|
|
14
14
|
import { Permissions } from "./util/permission.js";
|
|
15
|
-
import {
|
|
15
|
+
import { BindingResource, BindingProps } from "./util/binding.js";
|
|
16
16
|
type CloudFrontFunctionConfig = {
|
|
17
17
|
constructId: string;
|
|
18
18
|
injections: string[];
|
|
@@ -71,7 +71,7 @@ export interface SsrSiteProps {
|
|
|
71
71
|
* })
|
|
72
72
|
* ```
|
|
73
73
|
*/
|
|
74
|
-
bind?:
|
|
74
|
+
bind?: BindingResource[];
|
|
75
75
|
/**
|
|
76
76
|
* Path to the directory where the app is located.
|
|
77
77
|
* @default "."
|
|
@@ -474,7 +474,7 @@ export declare abstract class SsrSite extends Construct implements SSTConstruct
|
|
|
474
474
|
};
|
|
475
475
|
abstract getConstructMetadata(): ReturnType<SSTConstruct["getConstructMetadata"]>;
|
|
476
476
|
/** @internal */
|
|
477
|
-
|
|
477
|
+
getBindings(): BindingProps;
|
|
478
478
|
protected useCloudFrontFunctionHostHeaderInjection(): string;
|
|
479
479
|
protected abstract plan(bucket: Bucket): ReturnType<typeof this.validatePlan>;
|
|
480
480
|
protected validatePlan<CloudFrontFunctions extends Record<string, CloudFrontFunctionConfig>, EdgeFunctions extends Record<string, EdgeFunctionConfig>, Origins extends Record<string, FunctionOriginConfig | ImageOptimizationFunctionOriginConfig | S3OriginConfig | OriginGroupConfig>>(input: {
|
package/constructs/SsrSite.js
CHANGED
|
@@ -26,7 +26,7 @@ import { EdgeFunction } from "./EdgeFunction.js";
|
|
|
26
26
|
import { getBuildCmdEnvironment, } from "./BaseSite.js";
|
|
27
27
|
import { toCdkDuration } from "./util/duration.js";
|
|
28
28
|
import { attachPermissionsToRole } from "./util/permission.js";
|
|
29
|
-
import { getParameterPath, } from "./util/
|
|
29
|
+
import { getParameterPath, } from "./util/binding.js";
|
|
30
30
|
import { useProject } from "../project.js";
|
|
31
31
|
import { VisibleError } from "../error.js";
|
|
32
32
|
import { RetentionDays } from "aws-cdk-lib/aws-logs";
|
|
@@ -881,7 +881,7 @@ function handler(event) {
|
|
|
881
881
|
};
|
|
882
882
|
}
|
|
883
883
|
/** @internal */
|
|
884
|
-
|
|
884
|
+
getBindings() {
|
|
885
885
|
const app = this.node.root;
|
|
886
886
|
return {
|
|
887
887
|
clientPackage: "site",
|
package/constructs/Stack.d.ts
CHANGED
|
@@ -2,8 +2,8 @@ import { Construct } from "constructs";
|
|
|
2
2
|
import { StackProps as CDKStackProps, Stack as CDKStack, CfnOutputProps } from "aws-cdk-lib/core";
|
|
3
3
|
import * as lambda from "aws-cdk-lib/aws-lambda";
|
|
4
4
|
import { FunctionProps, Function as Fn } from "./Function.js";
|
|
5
|
-
import { SSTConstruct } from "./Construct.js";
|
|
6
5
|
import { Permissions } from "./util/permission.js";
|
|
6
|
+
import { BindingResource } from "./util/binding.js";
|
|
7
7
|
export type StackProps = CDKStackProps;
|
|
8
8
|
/**
|
|
9
9
|
* The Stack construct extends cdk.Stack. It automatically prefixes the stack names with the stage and app name to ensure that they can be deployed to multiple regions in the same AWS account. It also ensure that the stack uses the same AWS profile and region as the app. They're defined using functions that return resources that can be imported by other stacks.
|
|
@@ -80,7 +80,7 @@ export declare class Stack extends CDKStack {
|
|
|
80
80
|
* app.addDefaultFunctionBinding([STRIPE_KEY, bucket]);
|
|
81
81
|
* ```
|
|
82
82
|
*/
|
|
83
|
-
addDefaultFunctionBinding(bind:
|
|
83
|
+
addDefaultFunctionBinding(bind: BindingResource[]): void;
|
|
84
84
|
/**
|
|
85
85
|
* Adds additional default layers to be applied to all Lambda functions in the stack.
|
|
86
86
|
*
|
|
@@ -4,7 +4,7 @@ import { IDistribution } from "aws-cdk-lib/aws-cloudfront";
|
|
|
4
4
|
import { DistributionDomainProps } from "./Distribution.js";
|
|
5
5
|
import { BaseSiteFileOptions, BaseSiteReplaceProps, BaseSiteCdkDistributionProps } from "./BaseSite.js";
|
|
6
6
|
import { SSTConstruct } from "./Construct.js";
|
|
7
|
-
import {
|
|
7
|
+
import { BindingProps } from "./util/binding.js";
|
|
8
8
|
export interface StaticSiteProps {
|
|
9
9
|
/**
|
|
10
10
|
* Path to the directory where the website source is located.
|
|
@@ -338,7 +338,7 @@ export declare class StaticSite extends Construct implements SSTConstruct {
|
|
|
338
338
|
};
|
|
339
339
|
};
|
|
340
340
|
/** @internal */
|
|
341
|
-
|
|
341
|
+
getBindings(): BindingProps;
|
|
342
342
|
private validateDeprecatedFileOptions;
|
|
343
343
|
private generateViteTypes;
|
|
344
344
|
private buildApp;
|
package/constructs/StaticSite.js
CHANGED
|
@@ -14,7 +14,7 @@ import { Distribution } from "./Distribution.js";
|
|
|
14
14
|
import { getBuildCmdEnvironment, buildErrorResponsesFor404ErrorPage, buildErrorResponsesForRedirectToIndex, } from "./BaseSite.js";
|
|
15
15
|
import { useDeferredTasks } from "./deferred_task.js";
|
|
16
16
|
import { isCDKConstruct } from "./Construct.js";
|
|
17
|
-
import { getParameterPath
|
|
17
|
+
import { getParameterPath } from "./util/binding.js";
|
|
18
18
|
import { gray } from "colorette";
|
|
19
19
|
import { useProject } from "../project.js";
|
|
20
20
|
import { createAppContext } from "./context.js";
|
|
@@ -130,7 +130,7 @@ export class StaticSite extends Construct {
|
|
|
130
130
|
};
|
|
131
131
|
}
|
|
132
132
|
/** @internal */
|
|
133
|
-
|
|
133
|
+
getBindings() {
|
|
134
134
|
const app = this.node.root;
|
|
135
135
|
return {
|
|
136
136
|
clientPackage: "site",
|
package/constructs/Table.d.ts
CHANGED
|
@@ -4,7 +4,7 @@ import * as lambdaEventSources from "aws-cdk-lib/aws-lambda-event-sources";
|
|
|
4
4
|
import { SSTConstruct } from "./Construct.js";
|
|
5
5
|
import { Function as Fn, FunctionProps, FunctionInlineDefinition, FunctionDefinition } from "./Function.js";
|
|
6
6
|
import { KinesisStream } from "./KinesisStream.js";
|
|
7
|
-
import {
|
|
7
|
+
import { BindingResource, BindingProps } from "./util/binding.js";
|
|
8
8
|
import { Permissions } from "./util/permission.js";
|
|
9
9
|
export interface TableConsumerProps {
|
|
10
10
|
/**
|
|
@@ -343,7 +343,7 @@ export declare class Table extends Construct implements SSTConstruct {
|
|
|
343
343
|
* table.bind([STRIPE_KEY, bucket]);
|
|
344
344
|
* ```
|
|
345
345
|
*/
|
|
346
|
-
bind(constructs:
|
|
346
|
+
bind(constructs: BindingResource[]): void;
|
|
347
347
|
/**
|
|
348
348
|
* Binds the given list of resources to a specific consumer of this table.
|
|
349
349
|
*
|
|
@@ -352,7 +352,7 @@ export declare class Table extends Construct implements SSTConstruct {
|
|
|
352
352
|
* table.bindToConsumer("consumer1", [STRIPE_KEY, bucket]);
|
|
353
353
|
* ```
|
|
354
354
|
*/
|
|
355
|
-
bindToConsumer(consumerName: string, constructs:
|
|
355
|
+
bindToConsumer(consumerName: string, constructs: BindingResource[]): void;
|
|
356
356
|
/**
|
|
357
357
|
* Grant permissions to all consumers of this table.
|
|
358
358
|
*
|
|
@@ -399,7 +399,7 @@ export declare class Table extends Construct implements SSTConstruct {
|
|
|
399
399
|
};
|
|
400
400
|
};
|
|
401
401
|
/** @internal */
|
|
402
|
-
|
|
402
|
+
getBindings(): BindingProps;
|
|
403
403
|
private createTable;
|
|
404
404
|
private addConsumer;
|
|
405
405
|
private buildAttribute;
|
package/constructs/Table.js
CHANGED
package/constructs/Topic.d.ts
CHANGED
|
@@ -4,7 +4,7 @@ import { Construct } from "constructs";
|
|
|
4
4
|
import { SSTConstruct } from "./Construct.js";
|
|
5
5
|
import { Function as Fn, FunctionProps, FunctionInlineDefinition, FunctionDefinition } from "./Function.js";
|
|
6
6
|
import { Queue } from "./Queue.js";
|
|
7
|
-
import {
|
|
7
|
+
import { BindingResource, BindingProps } from "./util/binding.js";
|
|
8
8
|
import { Permissions } from "./util/permission.js";
|
|
9
9
|
/**
|
|
10
10
|
* Used to define a queue subscriber for a topic
|
|
@@ -190,7 +190,7 @@ export declare class Topic extends Construct implements SSTConstruct {
|
|
|
190
190
|
* topic.bind([STRIPE_KEY, bucket]);
|
|
191
191
|
* ```
|
|
192
192
|
*/
|
|
193
|
-
bind(constructs:
|
|
193
|
+
bind(constructs: BindingResource[]): void;
|
|
194
194
|
/**
|
|
195
195
|
* Binds the given list of resources to a specific subscriber.
|
|
196
196
|
* @example
|
|
@@ -205,7 +205,7 @@ export declare class Topic extends Construct implements SSTConstruct {
|
|
|
205
205
|
* topic.bindToSubscriber("subscriber1", [STRIPE_KEY, bucket]);
|
|
206
206
|
* ```
|
|
207
207
|
*/
|
|
208
|
-
bindToSubscriber(subscriberName: string, constructs:
|
|
208
|
+
bindToSubscriber(subscriberName: string, constructs: BindingResource[]): void;
|
|
209
209
|
/**
|
|
210
210
|
* Attaches the given list of permissions to all the subscriber functions. This allows the subscribers to access other AWS resources.
|
|
211
211
|
*
|
|
@@ -249,7 +249,7 @@ export declare class Topic extends Construct implements SSTConstruct {
|
|
|
249
249
|
};
|
|
250
250
|
};
|
|
251
251
|
/** @internal */
|
|
252
|
-
|
|
252
|
+
getBindings(): BindingProps;
|
|
253
253
|
private createTopic;
|
|
254
254
|
private addSubscriber;
|
|
255
255
|
private addQueueSubscriber;
|
package/constructs/Topic.js
CHANGED
|
@@ -5,7 +5,7 @@ import * as apig from "aws-cdk-lib/aws-apigatewayv2";
|
|
|
5
5
|
import * as apigAuthorizers from "aws-cdk-lib/aws-apigatewayv2-authorizers";
|
|
6
6
|
import { SSTConstruct } from "./Construct.js";
|
|
7
7
|
import { Function as Fn, FunctionProps, FunctionInlineDefinition, FunctionDefinition } from "./Function.js";
|
|
8
|
-
import {
|
|
8
|
+
import { BindingResource, BindingProps } from "./util/binding.js";
|
|
9
9
|
import { Permissions } from "./util/permission.js";
|
|
10
10
|
import * as apigV2Domain from "./util/apiGatewayV2Domain.js";
|
|
11
11
|
import * as apigV2AccessLog from "./util/apiGatewayV2AccessLog.js";
|
|
@@ -301,7 +301,7 @@ export declare class WebSocketApi extends Construct implements SSTConstruct {
|
|
|
301
301
|
* api.bind([STRIPE_KEY, bucket]);
|
|
302
302
|
* ```
|
|
303
303
|
*/
|
|
304
|
-
bind(constructs:
|
|
304
|
+
bind(constructs: BindingResource[]): void;
|
|
305
305
|
/**
|
|
306
306
|
* Binds the given list of resources to a specific route.
|
|
307
307
|
*
|
|
@@ -311,7 +311,7 @@ export declare class WebSocketApi extends Construct implements SSTConstruct {
|
|
|
311
311
|
* ```
|
|
312
312
|
*
|
|
313
313
|
*/
|
|
314
|
-
bindToRoute(routeKey: string, constructs:
|
|
314
|
+
bindToRoute(routeKey: string, constructs: BindingResource[]): void;
|
|
315
315
|
/**
|
|
316
316
|
* Attaches the given list of permissions to all the routes. This allows the functions to access other AWS resources.
|
|
317
317
|
*
|
|
@@ -348,7 +348,7 @@ export declare class WebSocketApi extends Construct implements SSTConstruct {
|
|
|
348
348
|
};
|
|
349
349
|
};
|
|
350
350
|
/** @internal */
|
|
351
|
-
|
|
351
|
+
getBindings(): BindingProps;
|
|
352
352
|
private createWebSocketApi;
|
|
353
353
|
private createWebSocketStage;
|
|
354
354
|
private createCloudWatchRole;
|
|
@@ -8,7 +8,7 @@ import { SSTConstruct } from "../Construct.js";
|
|
|
8
8
|
import { DistributionDomainProps } from "../Distribution.js";
|
|
9
9
|
import { BaseSiteCdkDistributionProps } from "../BaseSite.js";
|
|
10
10
|
import { Permissions } from "../util/permission.js";
|
|
11
|
-
import {
|
|
11
|
+
import { BindingProps } from "../util/binding.js";
|
|
12
12
|
export interface NextjsDomainProps extends DistributionDomainProps {
|
|
13
13
|
}
|
|
14
14
|
export interface NextjsCdkDistributionProps extends BaseSiteCdkDistributionProps {
|
|
@@ -268,7 +268,7 @@ export declare class NextjsSite extends Construct implements SSTConstruct {
|
|
|
268
268
|
};
|
|
269
269
|
};
|
|
270
270
|
/** @internal */
|
|
271
|
-
|
|
271
|
+
getBindings(): BindingProps;
|
|
272
272
|
private zipAppAssets;
|
|
273
273
|
private zipAppStubAssets;
|
|
274
274
|
private createEdgeFunction;
|
|
@@ -24,7 +24,7 @@ import { isCDKConstruct } from "../Construct.js";
|
|
|
24
24
|
import { getBuildCmdEnvironment, buildErrorResponsesForRedirectToIndex, } from "../BaseSite.js";
|
|
25
25
|
import { attachPermissionsToRole } from "../util/permission.js";
|
|
26
26
|
import { getHandlerHash } from "../util/builder.js";
|
|
27
|
-
import { getParameterPath
|
|
27
|
+
import { getParameterPath } from "../util/binding.js";
|
|
28
28
|
import * as crossRegionHelper from "./cross-region-helper.js";
|
|
29
29
|
import { gray, red } from "colorette";
|
|
30
30
|
import { useProject } from "../../project.js";
|
|
@@ -242,7 +242,7 @@ export class NextjsSite extends Construct {
|
|
|
242
242
|
};
|
|
243
243
|
}
|
|
244
244
|
/** @internal */
|
|
245
|
-
|
|
245
|
+
getBindings() {
|
|
246
246
|
const app = this.node.root;
|
|
247
247
|
return {
|
|
248
248
|
clientPackage: "site",
|
|
@@ -3,7 +3,7 @@ import { Api, ApiProps } from "../Api.js";
|
|
|
3
3
|
import { FunctionDefinition } from "../Function.js";
|
|
4
4
|
import { SSTConstruct } from "../Construct.js";
|
|
5
5
|
import { Secret } from "../Secret.js";
|
|
6
|
-
import {
|
|
6
|
+
import { BindingProps } from "../util/binding.js";
|
|
7
7
|
export interface AuthProps {
|
|
8
8
|
/**
|
|
9
9
|
* The function that will handle authentication
|
|
@@ -76,5 +76,5 @@ export declare class Auth extends Construct implements SSTConstruct {
|
|
|
76
76
|
data: {};
|
|
77
77
|
};
|
|
78
78
|
/** @internal */
|
|
79
|
-
|
|
79
|
+
getBindings(): BindingProps;
|
|
80
80
|
}
|
|
@@ -3,7 +3,7 @@ import { Construct } from "constructs";
|
|
|
3
3
|
import { Api } from "../Api.js";
|
|
4
4
|
import { Stack } from "../Stack.js";
|
|
5
5
|
import { Secret } from "../Secret.js";
|
|
6
|
-
import { getParameterPath
|
|
6
|
+
import { getParameterPath } from "../util/binding.js";
|
|
7
7
|
import { CustomResource } from "aws-cdk-lib/core";
|
|
8
8
|
/**
|
|
9
9
|
* SST Auth is a lightweight authentication solution for your applications. With a simple set of configuration you can deploy a function attached to your API that can handle various authentication flows. *
|
|
@@ -105,7 +105,7 @@ export class Auth extends Construct {
|
|
|
105
105
|
};
|
|
106
106
|
}
|
|
107
107
|
/** @internal */
|
|
108
|
-
|
|
108
|
+
getBindings() {
|
|
109
109
|
return {
|
|
110
110
|
clientPackage: "future/auth",
|
|
111
111
|
variables: {
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { SSTConstruct } from "../Construct.js";
|
|
2
2
|
import { Secret } from "../Secret.js";
|
|
3
|
-
|
|
3
|
+
import { PolicyStatement } from "aws-cdk-lib/aws-iam";
|
|
4
|
+
export interface BindingProps {
|
|
4
5
|
clientPackage: string;
|
|
5
6
|
permissions: Record<string, string[]>;
|
|
6
7
|
variables: Record<string, {
|
|
@@ -19,14 +20,21 @@ export interface FunctionBindingProps {
|
|
|
19
20
|
value: string;
|
|
20
21
|
}>;
|
|
21
22
|
}
|
|
22
|
-
export
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
23
|
+
export type BindingResource = SSTConstruct | {
|
|
24
|
+
resource: SSTConstruct;
|
|
25
|
+
permissions: {
|
|
26
|
+
actions: string[];
|
|
27
|
+
resources: string[];
|
|
28
|
+
}[];
|
|
29
|
+
};
|
|
30
|
+
export declare function getBindingEnvironments(r: BindingResource): Record<string, string>;
|
|
31
|
+
export declare function getBindingParameters(r: BindingResource): void;
|
|
32
|
+
export declare function getBindingPermissions(r: BindingResource): PolicyStatement[];
|
|
33
|
+
export declare function getBindingType(r: BindingResource): {
|
|
26
34
|
clientPackage: string;
|
|
27
35
|
variables: string[];
|
|
28
36
|
} | undefined;
|
|
29
|
-
export declare function
|
|
37
|
+
export declare function getBindingReferencedSecrets(r: BindingResource): Secret[];
|
|
30
38
|
export declare function getEnvironmentKey(c: SSTConstruct, prop: string): string;
|
|
31
39
|
export declare function getParameterPath(c: SSTConstruct, prop: string): string;
|
|
32
40
|
export declare function getParameterFallbackPath(c: SSTConstruct, prop: string): string;
|
|
@@ -1,7 +1,10 @@
|
|
|
1
1
|
import * as ssm from "aws-cdk-lib/aws-ssm";
|
|
2
|
+
import { isSSTConstruct } from "../Construct.js";
|
|
2
3
|
import { Config } from "../../config.js";
|
|
3
|
-
|
|
4
|
-
|
|
4
|
+
import { Effect, PolicyStatement } from "aws-cdk-lib/aws-iam";
|
|
5
|
+
export function getBindingEnvironments(r) {
|
|
6
|
+
const c = isSSTConstruct(r) ? r : r.resource;
|
|
7
|
+
const binding = c.getBindings();
|
|
5
8
|
let environment = {};
|
|
6
9
|
if (binding) {
|
|
7
10
|
Object.entries(binding.variables).forEach(([prop, variable]) => {
|
|
@@ -22,12 +25,12 @@ export function bindEnvironment(c) {
|
|
|
22
25
|
}
|
|
23
26
|
return environment;
|
|
24
27
|
}
|
|
25
|
-
export function
|
|
26
|
-
const
|
|
28
|
+
export function getBindingParameters(r) {
|
|
29
|
+
const c = isSSTConstruct(r) ? r : r.resource;
|
|
30
|
+
const binding = c.getBindings();
|
|
27
31
|
if (!binding) {
|
|
28
32
|
return;
|
|
29
33
|
}
|
|
30
|
-
const app = c.node.root;
|
|
31
34
|
Object.entries(binding.variables).forEach(([prop, variable]) => {
|
|
32
35
|
const resId = `Parameter_${prop}`;
|
|
33
36
|
if (!c.node.tryFindChild(resId)) {
|
|
@@ -46,15 +49,25 @@ export function bindParameters(c) {
|
|
|
46
49
|
}
|
|
47
50
|
});
|
|
48
51
|
}
|
|
49
|
-
export function
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
52
|
+
export function getBindingPermissions(r) {
|
|
53
|
+
if (isSSTConstruct(r)) {
|
|
54
|
+
return Object.entries(r.getBindings()?.permissions ?? {}).map(([action, resources]) => new PolicyStatement({
|
|
55
|
+
actions: [action],
|
|
56
|
+
effect: Effect.ALLOW,
|
|
57
|
+
resources,
|
|
58
|
+
}));
|
|
53
59
|
}
|
|
54
|
-
return
|
|
60
|
+
return r.permissions.map((p) => {
|
|
61
|
+
return new PolicyStatement({
|
|
62
|
+
actions: p.actions,
|
|
63
|
+
effect: Effect.ALLOW,
|
|
64
|
+
resources: p.resources,
|
|
65
|
+
});
|
|
66
|
+
});
|
|
55
67
|
}
|
|
56
|
-
export function
|
|
57
|
-
const
|
|
68
|
+
export function getBindingType(r) {
|
|
69
|
+
const c = isSSTConstruct(r) ? r : r.resource;
|
|
70
|
+
const binding = c.getBindings();
|
|
58
71
|
if (!binding) {
|
|
59
72
|
return;
|
|
60
73
|
}
|
|
@@ -63,8 +76,9 @@ export function bindType(c) {
|
|
|
63
76
|
variables: Object.keys(binding.variables),
|
|
64
77
|
};
|
|
65
78
|
}
|
|
66
|
-
export function
|
|
67
|
-
const
|
|
79
|
+
export function getBindingReferencedSecrets(r) {
|
|
80
|
+
const c = isSSTConstruct(r) ? r : r.resource;
|
|
81
|
+
const binding = c.getBindings();
|
|
68
82
|
const secrets = [];
|
|
69
83
|
if (binding) {
|
|
70
84
|
Object.values(binding.variables).forEach((variable) => {
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"sideEffects": false,
|
|
3
3
|
"name": "sst",
|
|
4
|
-
"version": "2.40.
|
|
4
|
+
"version": "2.40.4",
|
|
5
5
|
"bin": {
|
|
6
6
|
"sst": "cli/sst.js"
|
|
7
7
|
},
|
|
@@ -118,7 +118,7 @@
|
|
|
118
118
|
"@types/ws": "^8.5.3",
|
|
119
119
|
"@types/yargs": "^17.0.13",
|
|
120
120
|
"archiver": "^5.3.1",
|
|
121
|
-
"astro-sst": "2.40.
|
|
121
|
+
"astro-sst": "2.40.4",
|
|
122
122
|
"async": "^3.2.4",
|
|
123
123
|
"tsx": "^3.12.1",
|
|
124
124
|
"typescript": "^5.2.2",
|
|
@@ -214,6 +214,27 @@ export const useContainerHandler = () => {
|
|
|
214
214
|
? [`-f ${input.props.container.file}`]
|
|
215
215
|
: []),
|
|
216
216
|
...Object.entries(input.props.container?.buildArgs || {}).map(([k, v]) => `--build-arg ${k}=${v}`),
|
|
217
|
+
...(input.props.container?.buildSsh
|
|
218
|
+
? [`--ssh ${input.props.container.buildSsh}`]
|
|
219
|
+
: []),
|
|
220
|
+
...(input.props.container?.cacheFrom || []).map((v) => "--cache-from=" +
|
|
221
|
+
[
|
|
222
|
+
`type=${v.type}`,
|
|
223
|
+
...(v.params
|
|
224
|
+
? Object.entries(v.params).map(([pk, pv]) => `${pk}=${pv}`)
|
|
225
|
+
: []),
|
|
226
|
+
].join(",")),
|
|
227
|
+
...(input.props.container?.cacheTo
|
|
228
|
+
? [
|
|
229
|
+
"--cache-to=" +
|
|
230
|
+
[
|
|
231
|
+
`type=${input.props.container?.cacheTo.type}`,
|
|
232
|
+
...(input.props.container?.cacheTo?.params
|
|
233
|
+
? Object.entries(input.props.container?.cacheTo?.params).map(([pk, pv]) => `${pk}=${pv}`)
|
|
234
|
+
: []).join(","),
|
|
235
|
+
],
|
|
236
|
+
]
|
|
237
|
+
: []),
|
|
217
238
|
`.`,
|
|
218
239
|
].join(" "), {
|
|
219
240
|
cwd: project,
|
|
@@ -241,6 +262,27 @@ export const useContainerHandler = () => {
|
|
|
241
262
|
? [`-f ${input.props.container.file}`]
|
|
242
263
|
: []),
|
|
243
264
|
...Object.entries(input.props.container?.buildArgs || {}).map(([k, v]) => `--build-arg ${k}=${v}`),
|
|
265
|
+
...(input.props.container?.buildSsh
|
|
266
|
+
? [`--ssh ${input.props.container.buildSsh}`]
|
|
267
|
+
: []),
|
|
268
|
+
...(input.props.container?.cacheFrom || []).map((v) => "--cache-from=" +
|
|
269
|
+
[
|
|
270
|
+
`type=${v.type}`,
|
|
271
|
+
...(v.params
|
|
272
|
+
? Object.entries(v.params).map(([pk, pv]) => `${pk}=${pv}`)
|
|
273
|
+
: []),
|
|
274
|
+
].join(",")),
|
|
275
|
+
...(input.props.container?.cacheTo
|
|
276
|
+
? [
|
|
277
|
+
"--cache-to=" +
|
|
278
|
+
[
|
|
279
|
+
`type=${input.props.container?.cacheTo.type}`,
|
|
280
|
+
...(input.props.container?.cacheTo?.params
|
|
281
|
+
? Object.entries(input.props.container?.cacheTo?.params).map(([pk, pv]) => `${pk}=${pv}`)
|
|
282
|
+
: []).join(","),
|
|
283
|
+
],
|
|
284
|
+
]
|
|
285
|
+
: []),
|
|
244
286
|
`--platform ${platform}`,
|
|
245
287
|
`.`,
|
|
246
288
|
].join(" "), {
|
package/runtime/handlers/rust.js
CHANGED
|
@@ -9,7 +9,8 @@ const execAsync = promisify(exec);
|
|
|
9
9
|
export const useRustHandler = () => {
|
|
10
10
|
const processes = new Map();
|
|
11
11
|
const sources = new Map();
|
|
12
|
-
const
|
|
12
|
+
const isWindows = process.platform === "win32";
|
|
13
|
+
const handlerName = isWindows ? `handler.exe` : `handler`;
|
|
13
14
|
return {
|
|
14
15
|
shouldBuild: (input) => {
|
|
15
16
|
if (!input.file.endsWith(".rs"))
|
|
@@ -68,7 +69,7 @@ export const useRustHandler = () => {
|
|
|
68
69
|
...process.env,
|
|
69
70
|
},
|
|
70
71
|
});
|
|
71
|
-
await fs.cp(path.join(project, `target/debug`, parsed.name), path.join(input.out, "handler"));
|
|
72
|
+
await fs.cp(path.join(project, `target/debug`, `${parsed.name}${isWindows ? ".exe" : ""}`), path.join(input.out, "handler"));
|
|
72
73
|
}
|
|
73
74
|
catch (ex) {
|
|
74
75
|
return {
|