terruvim-core-test 0.0.1

package/dist/src/factories/cloudWatchLogGroupFactory.js

@@ -0,0 +1,84 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CloudWatchLogGroupFactory = void 0;
+const aws = __importStar(require("@pulumi/aws"));
+const resourceFactory_1 = require("./resourceFactory");
+const dataProtectionPolicyBuilder_1 = require("./dataProtectionPolicyBuilder");
+class CloudWatchLogGroupFactory extends resourceFactory_1.ResourceFactory {
+    async createResource(config, provider) {
+        this.validateConfig(config);
+        const logGroup = new aws.cloudwatch.LogGroup(`${config.id}-log-group`, {
+            name: config.configuration.name,
+            retentionInDays: config.configuration.retentionInDays || 365,
+            kmsKeyId: config.configuration.kmsKeyId,
+            tags: config.configuration.tags,
+        }, provider ? { provider } : undefined);
+        if (config.configuration.dataProtection?.enabled) {
+            const dataProtectionPolicy = this.buildDataProtectionPolicy(config);
+            const policy = new aws.cloudwatch.LogDataProtectionPolicy(`${config.id}-data-protection-policy`, {
+                logGroupName: logGroup.name,
+                policyDocument: JSON.stringify(dataProtectionPolicy),
+            }, {
+                provider: provider,
+                dependsOn: [logGroup]
+            });
+            logGroup.dataProtectionPolicy = policy;
+        }
+        return logGroup;
+    }
+    getOutputs(resource) {
+        return {
+            arn: resource.arn,
+            name: resource.name,
+            dataProtectionPolicyExists: !!resource.dataProtectionPolicy,
+        };
+    }
+    buildDataProtectionPolicy(config) {
+        return (0, dataProtectionPolicyBuilder_1.buildDataProtectionPolicy)(config.configuration.dataProtection, config.configuration.name, dataProtectionPolicyBuilder_1.DEFAULT_DATA_IDENTIFIERS.GENERAL, "CloudWatch Log Group");
+    }
+    validateConfig(config) {
+        if (!config.configuration?.name) {
+            throw new Error("CloudWatch Log Group must have a name configured");
+        }
+        if (config.configuration.retentionInDays &&
+            ![
+                1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653,
+            ].includes(config.configuration.retentionInDays)) {
+            throw new Error("CloudWatch Log Group retentionInDays must be one of: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653");
+        }
+    }
+}
+exports.CloudWatchLogGroupFactory = CloudWatchLogGroupFactory;

package/dist/src/factories/cloudfrontCodePipelineFactory.js

@@ -0,0 +1,357 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CloudFrontCodePipelineFactory = void 0;
+const aws = __importStar(require("@pulumi/aws"));
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const resourceFactory_1 = require("./resourceFactory");
+class CloudFrontCodePipelineFactory extends resourceFactory_1.ResourceFactory {
+    createPipelinePolicyDoc(config) {
+        return JSON.stringify({
+            Version: "2012-10-17",
+            Statement: [
+                {
+                    Effect: "Allow",
+                    Action: [
+                        "s3:*",
+                        "cloudfront:*",
+                        "cloudformation:*",
+                        "codebuild:*",
+                        "codestar-connections:UseConnection",
+                        "logs:CreateLogGroup",
+                        "logs:CreateLogStream",
+                        "logs:PutLogEvents",
+                        "iam:PassRole"
+                    ],
+                    Resource: "*"
+                }
+            ]
+        });
+    }
+    createCodeBuildPolicyDoc(config) {
+        const baseActions = [
+            "logs:CreateLogGroup",
+            "logs:CreateLogStream",
+            "logs:PutLogEvents",
+            "s3:GetBucketAcl",
+            "s3:GetBucketLocation",
+            "s3:GetObject",
+            "s3:GetObjectVersion",
+            "s3:PutObject",
+            "s3:DeleteObject",
+            "s3:ListBucket",
+            "cloudfront:CreateInvalidation",
+            "cloudfront:GetDistribution",
+            "cloudfront:GetInvalidation",
+            "codebuild:CreateReportGroup",
+            "codebuild:CreateReport",
+            "codebuild:UpdateReport",
+            "codebuild:BatchPutTestCases",
+            "codebuild:BatchPutCodeCoverages",
+            "secretsmanager:GetSecretValue",
+            "secretsmanager:DescribeSecret"
+        ];
+        if (config.configuration.deployCodePipelineInVpc) {
+            baseActions.push("ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeNetworkInterfaces", "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DescribeDhcpOptions", "ec2:AttachNetworkInterface", "ec2:DetachNetworkInterface");
+        }
+        return JSON.stringify({
+            Version: "2012-10-17",
+            Statement: [
+                {
+                    Effect: "Allow",
+                    Action: baseActions,
+                    Resource: "*"
+                }
+            ]
+        });
+    }
+    async createResource(config, provider) {
+        const { configuration } = config;
+        const envPrefix = `${config.meta.environment}-${config.id}`;
+        const { codebuildRole, pipelineRole } = this.createIamRoles(config, envPrefix, provider);
+        const artifactBucket = this.createArtifactBucket(config, envPrefix, provider);
+        const codebuildProject = this.createCodeBuildProject(config, envPrefix, codebuildRole, provider);
+        const pipeline = this.createCodePipeline(config, envPrefix, pipelineRole, artifactBucket, codebuildProject, provider);
+        return pipeline;
+    }
+    createIamRoles(config, envPrefix, provider) {
+        const codebuildRole = new aws.iam.Role(`${envPrefix}-codebuild-role`, {
+            assumeRolePolicy: JSON.stringify({
+                Version: "2012-10-17",
+                Statement: [
+                    {
+                        Effect: "Allow",
+                        Principal: { Service: "codebuild.amazonaws.com" },
+                        Action: "sts:AssumeRole"
+                    }
+                ]
+            }),
+            tags: config.configuration.tags,
+        }, provider ? { provider } : undefined);
+        const codebuildPolicy = new aws.iam.Policy(`${envPrefix}-codebuild-policy`, {
+            description: "Policy for CloudFront CodeBuild project",
+            policy: this.createCodeBuildPolicyDoc(config)
+        }, provider ? { provider } : undefined);
+        new aws.iam.RolePolicyAttachment(`${envPrefix}-codebuild-policy-attach`, {
+            role: codebuildRole.name,
+            policyArn: codebuildPolicy.arn
+        }, provider ? { provider } : undefined);
+        const pipelineRole = new aws.iam.Role(`${envPrefix}-pipeline-role`, {
+            assumeRolePolicy: JSON.stringify({
+                Version: "2012-10-17",
+                Statement: [
+                    {
+                        Effect: "Allow",
+                        Principal: { Service: "codepipeline.amazonaws.com" },
+                        Action: "sts:AssumeRole"
+                    }
+                ]
+            }),
+            tags: config.configuration.tags,
+        }, provider ? { provider } : undefined);
+        const pipelinePolicy = new aws.iam.Policy(`${envPrefix}-pipeline-policy`, {
+            description: "Policy for CloudFront CodePipeline",
+            policy: this.createPipelinePolicyDoc(config)
+        }, provider ? { provider } : undefined);
+        new aws.iam.RolePolicyAttachment(`${envPrefix}-pipeline-policy-attach`, {
+            role: pipelineRole.name,
+            policyArn: pipelinePolicy.arn
+        }, provider ? { provider } : undefined);
+        return { codebuildRole, pipelineRole };
+    }
+    createArtifactBucket(config, envPrefix, provider) {
+        return new aws.s3.Bucket(`${envPrefix}-artifacts`, {
+            forceDestroy: config.configuration.s3BucketForceDestroy ?? true,
+            tags: config.configuration.tags,
+            serverSideEncryptionConfiguration: {
+                rule: {
+                    applyServerSideEncryptionByDefault: {
+                        sseAlgorithm: "AES256",
+                    },
+                },
+            },
+            versioning: {
+                enabled: true,
+            },
+        }, provider ? { provider } : undefined);
+    }
+    createCodeBuildProject(config, envPrefix, codebuildRole, provider) {
+        let buildspec = undefined;
+        if (config.configuration.buildspecPath) {
+            const buildspecPath = config.configuration.buildspecPath;
+            const isExternal = path.isAbsolute(buildspecPath) || buildspecPath.startsWith("../") || buildspecPath.includes("/assets/cicd/buildspecs/");
+            if (isExternal) {
+                try {
+                    buildspec = fs.readFileSync(buildspecPath, "utf8");
+                }
+                catch (e) {
+                    throw new Error(`Failed to read external buildspec at ${buildspecPath}: ${e}`);
+                }
+            }
+            else {
+                buildspec = buildspecPath;
+            }
+        }
+        else {
+            buildspec = this.getDefaultBuildspec(config);
+        }
+        let vpcConfig = undefined;
+        if (config.configuration.deployCodePipelineInVpc && config.inputs?.vpcId) {
+            vpcConfig = {
+                vpcId: config.inputs.vpcId,
+                subnets: config.inputs.subnetIds,
+                securityGroupIds: config.inputs.securityGroupIds,
+            };
+        }
+        return new aws.codebuild.Project(`${envPrefix}-build`, {
+            source: {
+                type: "CODEPIPELINE",
+                buildspec,
+            },
+            artifacts: {
+                type: "CODEPIPELINE",
+            },
+            environment: {
+                computeType: config.configuration.computeType || "BUILD_GENERAL1_LARGE",
+                image: config.configuration.buildImage || "aws/codebuild/amazonlinux2-x86_64-standard:4.0",
+                type: config.configuration.environmentType || "LINUX_CONTAINER",
+                privilegedMode: config.configuration.privilegedMode || false,
+                environmentVariables: [
+                    ...(config.configuration.buildEnvironmentVariables || []),
+                    {
+                        name: "CLOUDFRONT_DISTRIBUTION_ID",
+                        value: config.configuration.cloudfrontDistributionId,
+                        type: "PLAINTEXT"
+                    },
+                    {
+                        name: "S3_BUCKET_NAME",
+                        value: config.configuration.s3BucketName,
+                        type: "PLAINTEXT"
+                    },
+                    {
+                        name: "INVALIDATION_PATHS",
+                        value: (config.configuration.cacheInvalidationPaths || ["/*"]).join(" "),
+                        type: "PLAINTEXT"
+                    }
+                ],
+            },
+            serviceRole: codebuildRole.arn,
+            tags: config.configuration.tags,
+            vpcConfig,
+        }, provider ? { provider } : undefined);
+    }
+    createCodePipeline(config, envPrefix, pipelineRole, artifactBucket, codebuildProject, provider) {
+        const sourceAction = {
+            name: "Source",
+            category: "Source",
+            owner: "AWS",
+            provider: "CodeStarSourceConnection",
+            version: "1",
+            outputArtifacts: ["source_output"],
+            configuration: {
+                ConnectionArn: config.configuration.codestarConnectionArn,
+                FullRepositoryId: `${config.configuration.repoOwner}/${config.configuration.repoName}`,
+                BranchName: config.configuration.branch,
+                DetectChanges: config.configuration.pollSourceChanges ? "true" : "false",
+                OutputArtifactFormat: config.configuration.outputArtifactFormat ?? "CODE_ZIP",
+            },
+        };
+        const buildAction = {
+            name: "Build",
+            category: "Build",
+            owner: "AWS",
+            provider: "CodeBuild",
+            inputArtifacts: ["source_output"],
+            outputArtifacts: ["build_output"],
+            version: "1",
+            configuration: {
+                ProjectName: codebuildProject.name,
+            },
+        };
+        const deployAction = {
+            name: "Deploy",
+            category: "Deploy",
+            owner: "AWS",
+            provider: "S3",
+            inputArtifacts: ["build_output"],
+            version: "1",
+            configuration: {
+                BucketName: config.configuration.s3BucketName,
+                Extract: "true",
+            },
+            runOrder: 1,
+        };
+        const stages = config.configuration.stages || [
+            {
+                name: "Source",
+                actions: [sourceAction],
+            },
+            {
+                name: "Build",
+                actions: [buildAction],
+            },
+            {
+                name: "Deploy",
+                actions: [deployAction],
+            },
+        ];
+        return new aws.codepipeline.Pipeline(`${envPrefix}-pipeline`, {
+            roleArn: pipelineRole.arn,
+            artifactStores: [{
+                    location: artifactBucket.bucket,
+                    type: "S3"
+                }],
+            stages,
+            tags: config.configuration.tags,
+            name: `${envPrefix}`,
+        }, provider ? { provider } : undefined);
+    }
+    getDefaultBuildspec(config) {
+        return `version: 0.2
+
+phases:
+  install:
+    runtime-versions:
+      nodejs: 18
+    commands:
+      - echo "Installing dependencies..."
+      - npm ci --production
+
+  pre_build:
+    commands:
+      - echo "Starting build process for static site..."
+      - echo "Build started on \$(date)"
+
+  build:
+    commands:
+      - echo "Building static site..."
+      - npm run build
+      - echo "Build completed on \$(date)"
+
+  post_build:
+    commands:
+      - echo "Syncing to S3 bucket..."
+      - aws s3 sync ./dist s3://\$S3_BUCKET_NAME --delete --exact-timestamps
+      - echo "Creating CloudFront invalidation..."
+      - aws cloudfront create-invalidation --distribution-id \$CLOUDFRONT_DISTRIBUTION_ID --paths \$INVALIDATION_PATHS
+      - echo "Deployment completed on \$(date)"
+
+artifacts:
+  files:
+    - '**/*'
+  base-directory: 'dist'
+`;
+    }
+    getOutputs(resource) {
+        const region = resource.region || resource.location || "us-east-1";
+        return {
+            arn: resource.arn,
+            name: resource.name,
+            url: `https://${region}.console.aws.amazon.com/codesuite/codepipeline/pipelines/${resource.name}/view?region=${region}`,
+            codebuildProjectName: resource.name.apply ? resource.name.apply(name => `${name}-build`) : `${resource.name}-build`,
+        };
+    }
+    validateConfig(config) {
+        const { configuration } = config;
+        if (!configuration.repoOwner || !configuration.repoName || !configuration.branch || !configuration.codestarConnectionArn) {
+            throw new Error("CloudFront CodePipeline config must include repoOwner, repoName, branch, and codestarConnectionArn");
+        }
+        if (!configuration.cloudfrontDistributionId || !configuration.s3BucketName) {
+            throw new Error("CloudFront CodePipeline config must include cloudfrontDistributionId and s3BucketName");
+        }
+    }
+}
+exports.CloudFrontCodePipelineFactory = CloudFrontCodePipelineFactory;

package/dist/src/factories/cloudwatchAlarmsFactory.js

@@ -0,0 +1,121 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CloudWatchAlarmsFactory = void 0;
+const resourceFactory_1 = require("./resourceFactory");
+const buildAwsCloudWatchAlarmsHelper_1 = require("./buildAwsCloudWatchAlarmsHelper");
+class CloudWatchAlarmsFactory extends resourceFactory_1.ResourceFactory {
+    currentConfig;
+    async createResource(config) {
+        this.currentConfig = config;
+        function getProp(key) {
+            if (!config)
+                return undefined;
+            if (key in config)
+                return config[key];
+            if (config.configuration && key in config.configuration)
+                return config.configuration[key];
+            return undefined;
+        }
+        const namePrefix = getProp("resourceId") || getProp("resourceType") || "alarm";
+        return (0, buildAwsCloudWatchAlarmsHelper_1.buildAwsCloudWatchAlarmsHelper)(namePrefix, config);
+    }
+    getOutputs(resources) {
+        const alarmsByName = {};
+        const alarmArnsByName = {};
+        const alarmNamesByName = {};
+        const groups = {};
+        const alarmDict = {};
+        const createFriendlyName = (alarmConfig, index) => {
+            if (!alarmConfig || !alarmConfig.metricName) {
+                return `alarm${index}`;
+            }
+            const friendlyNames = {
+                'CPUUtilization': 'cpuAlarm',
+                'MemoryUtilization': 'memoryAlarm',
+                'ActiveServicesCount': 'serviceCountAlarm',
+                'DatabaseConnections': 'connectionsAlarm',
+                'ReadLatency': 'readLatencyAlarm',
+                'WriteLatency': 'writeLatencyAlarm',
+                'FreeableMemory': 'memoryAlarm',
+                'DBLoad': 'dbLoadAlarm',
+                'TargetResponseTime': 'responseTimeAlarm',
+                'HTTPCode_ELB_5XX_Count': 'errorAlarm',
+                'UnHealthyHostCount': 'unhealthyHostsAlarm',
+                'BucketSizeBytes': 'bucketSizeAlarm',
+                'NumberOfObjects': 'objectCountAlarm',
+                'StatusCheckFailed': 'statusCheckAlarm',
+                'RunningTaskCount': 'taskCountAlarm',
+                'VolumeBytesUsed': 'volumeUsageAlarm'
+            };
+            return friendlyNames[alarmConfig.metricName] || `${alarmConfig.metricName.toLowerCase()}Alarm`;
+        };
+        const getAlarmGroup = (alarmConfig) => {
+            if (!alarmConfig)
+                return 'default';
+            const metricName = alarmConfig.metricName;
+            const threshold = alarmConfig.threshold;
+            if (['CPUUtilization', 'MemoryUtilization', 'StatusCheckFailed', 'ActiveServicesCount', 'RunningTaskCount'].includes(metricName)) {
+                return 'critical';
+            }
+            if (['ReadLatency', 'WriteLatency', 'TargetResponseTime', 'HTTPCode_ELB_5XX_Count', 'DBLoad'].includes(metricName)) {
+                return 'performance';
+            }
+            if (['DatabaseConnections', 'BucketSizeBytes', 'NumberOfObjects', 'VolumeBytesUsed', 'FreeableMemory'].includes(metricName)) {
+                return 'capacity';
+            }
+            if (['UnHealthyHostCount'].includes(metricName)) {
+                return 'health';
+            }
+            return 'default';
+        };
+        const getAlarmConfigs = () => {
+            if (!this.currentConfig)
+                return [];
+            const config = this.currentConfig;
+            return config.alarms || config.configuration?.alarms || [];
+        };
+        const alarmConfigs = getAlarmConfigs();
+        resources.forEach((alarm, index) => {
+            const alarmConfig = alarmConfigs[index];
+            const friendlyName = createFriendlyName(alarmConfig, index);
+            const groupName = getAlarmGroup(alarmConfig);
+            const alarmName = alarmConfig?.name || `alarm-${index}`;
+            alarmsByName[friendlyName] = alarm.name;
+            alarmArnsByName[friendlyName] = alarm.arn;
+            if (alarmName) {
+                alarmNamesByName[alarmName] = alarm.name;
+            }
+            if (!groups[groupName]) {
+                groups[groupName] = [];
+            }
+            groups[groupName].push(alarm.name);
+            const dictKey = alarmName.replace(/-/g, '_');
+            alarmDict[dictKey] = alarm.name;
+        });
+        return {
+            alarmNames: resources.map(r => r.name),
+            alarmArns: resources.map(r => r.arn),
+            alarmsByName,
+            alarmArnsByName,
+            alarmNamesByName,
+            groups,
+            alarmDict
+        };
+    }
+    validateConfig(config) {
+        function getProp(key) {
+            if (!config)
+                return undefined;
+            if (key in config)
+                return config[key];
+            if (config.configuration && key in config.configuration)
+                return config.configuration[key];
+            return undefined;
+        }
+        const alarms = getProp("alarms");
+        if (!alarms || !Array.isArray(alarms) || alarms.length === 0) {
+            throw new Error("CloudWatchAlarmsFactory: 'alarms' array required in config or configuration");
+        }
+    }
+}
+exports.CloudWatchAlarmsFactory = CloudWatchAlarmsFactory;