wirejs-deploy-amplify-basic 0.0.147-payments → 0.0.148-payments
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -80,6 +80,30 @@ const bucket = new Bucket(backend.stack, 'data', {
|
|
|
80
80
|
});
|
|
81
81
|
bucket.grantReadWrite(backend.api.resources.lambda);
|
|
82
82
|
|
|
83
|
+
function isRealtimeService(resource: any): resource is {
|
|
84
|
+
type: 'RealtimeService';
|
|
85
|
+
options: { namespace: string; };
|
|
86
|
+
} {
|
|
87
|
+
return resource.type === 'RealtimeService';
|
|
88
|
+
}
|
|
89
|
+
|
|
90
|
+
let realtime: RealtimeService | undefined;
|
|
91
|
+
if (generated.some(isRealtimeService)) {
|
|
92
|
+
const realtimeStack = new NestedStack(backend.stack, 'realtime', {
|
|
93
|
+
description: 'Realtime service for distributed resources',
|
|
94
|
+
});
|
|
95
|
+
realtime = new RealtimeService(realtimeStack, 'realtime', {
|
|
96
|
+
appId: APP_ID!,
|
|
97
|
+
branchId: BRANCH_ID,
|
|
98
|
+
publisher: backend.api,
|
|
99
|
+
bucket: bucket.bucketName,
|
|
100
|
+
namespaces: generated
|
|
101
|
+
.filter(isRealtimeService)
|
|
102
|
+
.map(r => r.options.namespace),
|
|
103
|
+
});
|
|
104
|
+
bucket.grantReadWrite(realtime.authHandler);
|
|
105
|
+
}
|
|
106
|
+
|
|
83
107
|
/**
|
|
84
108
|
* DDB Tables
|
|
85
109
|
*/
|
|
@@ -141,53 +165,32 @@ for (const resource of generated) {
|
|
|
141
165
|
}
|
|
142
166
|
);
|
|
143
167
|
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
168
|
+
const lambdasNeedingAccess = [
|
|
169
|
+
backend.api.resources.lambda
|
|
170
|
+
];
|
|
171
|
+
if (realtime) lambdasNeedingAccess.push(realtime.authHandler);
|
|
172
|
+
|
|
173
|
+
for (const lambda of lambdasNeedingAccess) {
|
|
174
|
+
table.grantReadWriteData(lambda);
|
|
175
|
+
|
|
176
|
+
// indexes created by custom resource and require explicit
|
|
177
|
+
// permissions to be added to the lambda role (apparently).
|
|
178
|
+
lambda.addToRolePolicy(new PolicyStatement({
|
|
179
|
+
actions: [
|
|
180
|
+
"dynamodb:Query",
|
|
181
|
+
"dynamodb:Scan",
|
|
182
|
+
"dynamodb:GetItem",
|
|
183
|
+
"dynamodb:BatchGetItem",
|
|
184
|
+
],
|
|
185
|
+
resources: [
|
|
186
|
+
table.tableArn,
|
|
187
|
+
`${table.tableArn}/index/*`,
|
|
188
|
+
],
|
|
189
|
+
}));
|
|
190
|
+
}
|
|
160
191
|
}
|
|
161
192
|
}
|
|
162
193
|
|
|
163
|
-
function isRealtimeService(resource: any): resource is {
|
|
164
|
-
type: 'RealtimeService';
|
|
165
|
-
options: { namespace: string; };
|
|
166
|
-
} {
|
|
167
|
-
return resource.type === 'RealtimeService';
|
|
168
|
-
}
|
|
169
|
-
|
|
170
|
-
if (generated.some(isRealtimeService)) {
|
|
171
|
-
const realtimeStack = new NestedStack(backend.stack, 'realtime', {
|
|
172
|
-
description: 'Realtime service for distributed resources',
|
|
173
|
-
});
|
|
174
|
-
const realtime = new RealtimeService(realtimeStack, 'realtime', {
|
|
175
|
-
appId: APP_ID!,
|
|
176
|
-
branchId: BRANCH_ID,
|
|
177
|
-
publisher: backend.api,
|
|
178
|
-
bucket: bucket.bucketName,
|
|
179
|
-
namespaces: generated
|
|
180
|
-
.filter(isRealtimeService)
|
|
181
|
-
.map(r => r.options.namespace),
|
|
182
|
-
});
|
|
183
|
-
// TODO: is there a better way to ensure we grant access specifically
|
|
184
|
-
// to what `Secret` uses to store its creds without creating N places to
|
|
185
|
-
// map this?
|
|
186
|
-
// Longer term: Secrets will be stored either in DDB, parameter store, something
|
|
187
|
-
// else that is more appropriate than S3.
|
|
188
|
-
bucket.grantReadWrite(realtime.authHandler);
|
|
189
|
-
}
|
|
190
|
-
|
|
191
194
|
/**
|
|
192
195
|
* Lambda environment vars
|
|
193
196
|
*/
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "wirejs-deploy-amplify-basic",
|
|
3
|
-
"version": "0.0.
|
|
3
|
+
"version": "0.0.148-payments",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"main": "./dist/index.js",
|
|
6
6
|
"types": "./dist/index.d.ts",
|
|
@@ -42,7 +42,7 @@
|
|
|
42
42
|
"recursive-copy": "^2.0.14",
|
|
43
43
|
"rimraf": "^6.0.1",
|
|
44
44
|
"wirejs-dom": "^1.0.42",
|
|
45
|
-
"wirejs-resources": "^0.1.
|
|
45
|
+
"wirejs-resources": "^0.1.116-payments"
|
|
46
46
|
},
|
|
47
47
|
"devDependencies": {
|
|
48
48
|
"@aws-amplify/backend": "^1.14.0",
|