PyPI - BuzzerboyAWSLightsail - Versions diffs - 0.332.1__tar.gz → 0.334.1__tar.gz - Mend

BuzzerboyAWSLightsail 0.332.1tar.gz → 0.334.1tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (30) hide show

{buzzerboyawslightsail-0.332.1 → buzzerboyawslightsail-0.334.1}/BuzzerboyAWSLightsail.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: BuzzerboyAWSLightsail
-Version: 0.332.1
+Version: 0.334.1
 Summary: Buzzerboy Architecture for Deploying Web Applications on AWS LightSail
 Home-page: https://www.buzzerboy.com/
 Author: Buzzerboy Inc

{buzzerboyawslightsail-0.332.1 → buzzerboyawslightsail-0.334.1}/BuzzerboyAWSLightsail.egg-info/SOURCES.txt RENAMED Viewed

@@ -18,4 +18,6 @@ BuzzerboyAWSLightsailStack/LightsailContainer.py
 BuzzerboyAWSLightsailStack/LightsailContainerStandalone.py
 BuzzerboyAWSLightsailStack/LightsailDatabase.py
 BuzzerboyAWSLightsailStack/LightsailDatabaseStandalone.py
+BuzzerboyAWSLightsailStack/LightsailFlags.py
+BuzzerboyAWSLightsailStack/LightsailMixins.py
 BuzzerboyAWSLightsailStack/__init__.py

{buzzerboyawslightsail-0.332.1 → buzzerboyawslightsail-0.334.1}/BuzzerboyAWSLightsailStack/LightsailBase.py RENAMED Viewed

@@ -24,11 +24,8 @@ This class should be extended by specific Lightsail implementations such as:
 #region specific imports
 import os
-import json
 from abc import ABC, abstractmethod
-from enum import Enum
 from constructs import Construct
-from cdktf import TerraformOutput
 # Import from the correct base architecture package
 import sys
@@ -39,47 +36,14 @@ from AWSArchitectureBase.AWSArchitectureBaseStack.AWSArchitectureBase import AWS
 #region AWS Provider and Resources
 from cdktf_cdktf_provider_aws.provider import AwsProvider
-from cdktf_cdktf_provider_aws import (
-    iam_user,
-    iam_access_key,
-    iam_user_policy,
-)
+from cdktf_cdktf_provider_aws import iam_access_key, iam_user, iam_user_policy
 #endregion
-#region Random Provider and Resources
-from cdktf_cdktf_provider_random import password
+from .LightsailFlags import BaseLightsailArchitectureFlags
+from .LightsailMixins import LightsailBaseMixin
-# AWS Secrets Manager
-from cdktf_cdktf_provider_aws.secretsmanager_secret import SecretsmanagerSecret
-from cdktf_cdktf_provider_aws.secretsmanager_secret_version import SecretsmanagerSecretVersion
-from cdktf_cdktf_provider_aws.data_aws_secretsmanager_secret_version import DataAwsSecretsmanagerSecretVersion
-# Null Provider for local-exec provisioner
-from cdktf_cdktf_provider_null.resource import Resource as NullResource
-#endregion
-#region Base ArchitectureFlags
-class BaseLightsailArchitectureFlags(Enum):
-    """
-    Base architecture configuration flags for optional components.
-    These flags are common to all Lightsail implementations and can be
-    extended by specific implementations with additional flags.
-    :param SKIP_DEFAULT_POST_APPLY_SCRIPTS: Skip default post-apply scripts
-    :param PRESERVE_EXISTING_SECRETS: Don't overwrite existing secret versions (smart detection)
-    :param IGNORE_SECRET_CHANGES: Ignore all changes to secret after initial creation
-    """
-    SKIP_DEFAULT_POST_APPLY_SCRIPTS = "skip_default_post_apply_scripts"
-    PRESERVE_EXISTING_SECRETS = "preserve_existing_secrets"
-    IGNORE_SECRET_CHANGES = "ignore_secret_changes"
-#endregion
-class LightsailBase(AWSArchitectureBase):
+class LightsailBase(LightsailBaseMixin, AWSArchitectureBase):
     """
     Abstract base class for AWS Lightsail Infrastructure Stacks.
@@ -377,294 +341,3 @@ class LightsailBase(AWSArchitectureBase):
             user=self.service_user.name,
             policy=policy,
         )
-    def get_extra_secret_env(self, env_var_name=None):
-        """
-        Load additional secrets from environment variable.
-        Attempts to load and parse a JSON string from the environment variable
-        specified in default_extra_secret_env. Any valid JSON key-value pairs
-        are added to the secrets dictionary if they don't already exist.
-        :param env_var_name: Environment variable name to load secrets from
-        :raises: No exceptions - silently continues if JSON parsing fails
-        """
-        if env_var_name is None:
-            env_var_name = self.default_extra_secret_env
-        extra_secret_env = os.environ.get(env_var_name, None)
-        if extra_secret_env:
-            try:
-                extra_secret_json = json.loads(extra_secret_env)
-                for key, value in extra_secret_json.items():
-                    if key not in self.secrets:
-                        self.secrets[key] = value
-            except json.JSONDecodeError:
-                # Silently continue if JSON parsing fails
-                pass
-    def create_security_resources(self):
-        """
-        Create AWS Secrets Manager resources for credential storage.
-        Creates:
-            * Secrets Manager secret for storing application credentials
-            * Secret version with JSON-formatted credential data (conditionally)
-        **Secret Management Strategy:**
-        If PRESERVE_EXISTING_SECRETS flag is set:
-        - Checks if secret already exists with content
-        - Only creates new version if secret is empty or doesn't exist
-        - Preserves manual secret updates and rotations
-        **Stored Credentials:**
-        * IAM access keys for service authentication
-        * AWS region and signature version configuration
-        * Any additional secrets from environment variables
-        * Subclass-specific credentials (added by create_lightsail_resources)
-        .. note::
-           All secrets are stored as a single JSON document in Secrets Manager
-           for easy retrieval by applications.
-        """
-        # Create Secrets Manager secret
-        self.secrets_manager_secret = SecretsmanagerSecret(self, self.secret_name, name=f"{self.secret_name}")
-        self.resources["secretsmanager_secret"] = self.secrets_manager_secret
-        # Populate IAM and AWS configuration secrets
-        self.secrets.update({
-            "service_user_access_key": self.service_key.id,
-            "service_user_secret_key": self.service_key.secret,
-            "access_key": self.service_key.id,
-            "secret_access_key": self.service_key.secret,
-            "region_name": self.region,
-            "signature_version": self.default_signature_version
-        })
-        # Load additional secrets from environment
-        self.get_extra_secret_env()
-        # Conditional secret version creation
-        if self.has_flag(BaseLightsailArchitectureFlags.PRESERVE_EXISTING_SECRETS.value):
-            self._create_secret_version_conditionally()
-        elif self.has_flag(BaseLightsailArchitectureFlags.IGNORE_SECRET_CHANGES.value):
-            self._create_secret_version_with_lifecycle_ignore()
-        else:
-            # Create secret version with all credentials (original behavior)
-            SecretsmanagerSecretVersion(
-                self,
-                self.secret_name + "_version",
-                secret_id=self.secrets_manager_secret.id,
-                secret_string=(json.dumps(self.secrets, indent=2, sort_keys=True) if self.secrets else None),
-            )
-    def _create_secret_version_conditionally(self):
-        """
-        Create secret version only if one doesn't already exist or is empty.
-        This method implements smart secret management:
-        1. Attempts to read existing secret using data source
-        2. Only creates new version if secret is empty or doesn't exist
-        3. Preserves manual updates and rotations made outside Terraform
-        **Use Cases:**
-        - Initial deployment when no secret exists
-        - Secret exists but has no content (empty)
-        - Avoid overwriting manually rotated credentials
-        - Preserve additional keys added through AWS console/CLI
-        """
-        try:
-            # Try to read existing secret version to check if it has content
-            existing_secret = DataAwsSecretsmanagerSecretVersion(
-                self,
-                self.secret_name + "_existing_check",
-                secret_id=self.secrets_manager_secret.id,
-                version_stage="AWSCURRENT"
-            )
-            # Create a conditional secret version
-            conditional_secret = SecretsmanagerSecretVersion(
-                self,
-                self.secret_name + "_version_conditional",
-                secret_id=self.secrets_manager_secret.id,
-                secret_string=json.dumps(self.secrets, indent=2, sort_keys=True) if self.secrets else None,
-                lifecycle={
-                    "ignore_changes": ["secret_string"],
-                    "create_before_destroy": False
-                }
-            )
-            # Add dependency to ensure secret exists before checking
-            conditional_secret.add_override("count",
-                "${length(try(jsondecode(data.aws_secretsmanager_secret_version." +
-                self.secret_name.replace("/", "_").replace("-", "_") + "_existing_check.secret_string), {})) == 0 ? 1 : 0}"
-            )
-        except Exception:
-            # If data source fails (secret doesn't exist), create the version
-            SecretsmanagerSecretVersion(
-                self,
-                self.secret_name + "_version_fallback",
-                secret_id=self.secrets_manager_secret.id,
-                secret_string=json.dumps(self.secrets, indent=2, sort_keys=True) if self.secrets else None,
-            )
-    def _create_secret_version_with_lifecycle_ignore(self):
-        """
-        Create secret version with lifecycle rule to ignore future changes.
-        This is a simpler approach that:
-        1. Creates the secret version with initial values on first deployment
-        2. Ignores all future changes to the secret_string
-        3. Allows manual updates in AWS console/CLI to persist
-        **Pros:**
-        - Simple implementation
-        - Reliable behavior
-        - Preserves manual changes after initial creation
-        **Cons:**
-        - Cannot update secrets through Terraform after initial deployment
-        - Requires manual secret management for infrastructure changes
-        """
-        secret_version = SecretsmanagerSecretVersion(
-            self,
-            self.secret_name + "_version_ignored",
-            secret_id=self.secrets_manager_secret.id,
-            secret_string=json.dumps(self.secrets, indent=2, sort_keys=True) if self.secrets else None,
-        )
-        # Add lifecycle rule to ignore changes to secret_string
-        secret_version.add_override("lifecycle", {
-            "ignore_changes": ["secret_string"]
-        })
-    def execute_post_apply_scripts(self):
-        """
-        Execute post-apply scripts using local-exec provisioners.
-        Creates a null resource with local-exec provisioner for each script
-        in the post_apply_scripts list. Scripts are executed sequentially
-        after all other infrastructure resources are created.
-        **Script Execution:**
-        * Each script runs as a separate null resource
-        * Scripts execute in the order they appear in the list
-        * Failures in scripts don't prevent deployment completion
-        * All scripts depend on core infrastructure being ready
-        **Error Handling:**
-        * Scripts use "on_failure: continue" to prevent deployment failures
-        * Failed scripts are logged but don't halt the deployment process
-        * Manual intervention may be required if critical scripts fail
-        .. note::
-           Post-apply scripts can be provided via the postApplyScripts parameter
-           during stack initialization. If no scripts are provided, this method
-           returns without creating any resources.
-        .. warning::
-           Scripts have access to the local environment where Terraform runs.
-           Ensure scripts are safe and don't expose sensitive information.
-        """
-        if not self.post_apply_scripts:
-            return
-        # Collect dependencies for post-apply scripts
-        dependencies = []
-        if hasattr(self, 'secrets_manager_secret'):
-            dependencies.append(self.secrets_manager_secret)
-        # Create a null resource for each post-apply script
-        for i, script in enumerate(self.post_apply_scripts):
-            script_resource = NullResource(
-                self,
-                f"post_apply_script_{i}",
-                depends_on=dependencies if dependencies else None
-            )
-            # Add provisioner using override
-            script_resource.add_override("provisioner", [{
-                "local-exec": {
-                    "command": script,
-                    "on_failure": "continue"
-                }
-            }])
-    # ==================== UTILITY METHODS ====================
-    def has_flag(self, flag_value):
-        """
-        Check if a specific flag is set in the configuration.
-        :param flag_value: The flag value to check for
-        :type flag_value: str
-        :returns: True if the flag is set, False otherwise
-        :rtype: bool
-        """
-        return flag_value in self.flags
-    def clean_hyphens(self, text):
-        """
-        Remove hyphens from text for database/resource naming.
-        :param text: Text to clean
-        :type text: str
-        :returns: Text with hyphens replaced by underscores
-        :rtype: str
-        """
-        return text.replace("-", "_")
-    def properize_s3_bucketname(self, bucket_name):
-        """
-        Ensure S3 bucket name follows AWS naming conventions.
-        :param bucket_name: Proposed bucket name
-        :type bucket_name: str
-        :returns: Properly formatted bucket name
-        :rtype: str
-        """
-        # Convert to lowercase and replace invalid characters
-        clean_name = bucket_name.lower().replace("_", "-")
-        # Ensure it starts and ends with alphanumeric characters
-        clean_name = clean_name.strip("-.")
-        return clean_name
-    # ==================== SHARED OUTPUT HELPERS ====================
-    def create_iam_outputs(self):
-        """
-        Create standard IAM-related Terraform outputs.
-        This helper method can be called by subclasses to create
-        consistent IAM outputs across all Lightsail implementations.
-        """
-        # IAM credentials (sensitive)
-        TerraformOutput(
-            self,
-            "iam_user_access_key",
-            value=self.service_key.id,
-            sensitive=True,
-            description="IAM user access key ID (sensitive)",
-        )
-        TerraformOutput(
-            self,
-            "iam_user_secret_key",
-            value=self.service_key.secret,
-            sensitive=True,
-            description="IAM user secret access key (sensitive)",
-        )
-        # Secret name for reference
-        TerraformOutput(
-            self,
-            "secrets_manager_secret_name",
-            value=self.secret_name,
-            description="AWS Secrets Manager secret name containing all credentials",
-        )

buzzerboyawslightsail-0.334.1/BuzzerboyAWSLightsailStack/LightsailBaseStandalone.py ADDED Viewed

@@ -0,0 +1,154 @@
+"""
+AWS Lightsail Base Standalone Infrastructure Stack
+==================================================
+This module provides a standalone base class for AWS Lightsail infrastructure
+stacks using CDKTF. It avoids AWSArchitectureBase and its compliance bootstrap
+resources, while keeping IAM/Secrets/post-apply helpers used by Lightsail stacks.
+"""
+import os
+from cdktf import TerraformStack
+from cdktf_cdktf_provider_aws.provider import AwsProvider
+from cdktf_cdktf_provider_aws import (
+    iam_group,
+    iam_user,
+    iam_access_key,
+    iam_user_group_membership,
+    iam_group_policy,
+)
+from cdktf_cdktf_provider_random.provider import RandomProvider
+from cdktf_cdktf_provider_null.provider import NullProvider
+from .LightsailFlags import BaseLightsailArchitectureFlags
+from .LightsailMixins import LightsailBaseMixin
+class LightsailBaseStandalone(LightsailBaseMixin, TerraformStack):
+    """
+    Standalone base class for Lightsail stacks without AWSArchitectureBase.
+    """
+    resources = {}
+    default_post_apply_scripts = []
+    @staticmethod
+    def get_architecture_flags():
+        return BaseLightsailArchitectureFlags
+    def __init__(self, scope, id, **kwargs):
+        self.region = kwargs.get("region", "us-east-1")
+        self.environment = kwargs.get("environment", "dev")
+        self.project_name = kwargs.get("project_name")
+        self.profile = kwargs.get("profile", "default")
+        if not self.project_name:
+            raise ValueError("project_name is required and cannot be empty")
+        super().__init__(scope, id)
+        self.flags = kwargs.get("flags", [])
+        self.post_apply_scripts = kwargs.get("postApplyScripts", []) or []
+        default_secret_name = f"{self.project_name}/{self.environment}/credentials"
+        self.secret_name = kwargs.get("secret_name", default_secret_name)
+        self.default_signature_version = kwargs.get("default_signature_version", "s3v4")
+        self.default_extra_secret_env = kwargs.get("default_extra_secret_env", "SECRET_STRING")
+        default_bucket_name = self.properize_s3_bucketname(f"{self.region}-{self.project_name}-tfstate")
+        self.state_bucket_name = kwargs.get("state_bucket_name", default_bucket_name)
+        self.secrets = {}
+        self.post_terraform_messages = []
+        self._post_plan_guidance: list[str] = []
+        self._initialize_providers()
+        self._set_default_post_apply_scripts()
+        self._create_infrastructure_components()
+    def _initialize_providers(self):
+        aws = AwsProvider(self, "aws", region=self.region, profile=self.profile)
+        self.resources["aws"] = aws
+        RandomProvider(self, "random")
+        self.resources["random"] = RandomProvider
+        NullProvider(self, "null")
+        self.resources["null"] = NullProvider
+    def _set_default_post_apply_scripts(self):
+        self.default_post_apply_scripts = [
+            "echo '============================================='",
+            "echo '✅ Deployment Completed Successfully'",
+            "echo '============================================='",
+            f"echo '🏗️  Project: {self.project_name}'",
+            f"echo '🌍 Environment: {self.environment}'",
+            f"echo '📍 Region: {self.region}'",
+            "echo '============================================='",
+            "echo '💻 System Information:'",
+            "echo '   - OS: '$(uname -s)",
+            "echo '   - Architecture: '$(uname -m)",
+            "echo '   - User: '$(whoami)",
+            "echo '   - Working Directory: '$(pwd)",
+            "echo '============================================='",
+            "echo '✅ Post-deployment scripts execution started'",
+        ]
+        if BaseLightsailArchitectureFlags.SKIP_DEFAULT_POST_APPLY_SCRIPTS.value in self.flags:
+            return
+        self.post_apply_scripts = self.default_post_apply_scripts + self.post_apply_scripts
+    def _create_infrastructure_components(self):
+        self.create_iam_resources()
+        self.create_lightsail_resources()
+        self.create_security_resources()
+        self.execute_post_apply_scripts()
+        self.create_outputs()
+    def create_lightsail_resources(self):
+        raise NotImplementedError("create_lightsail_resources must be implemented by subclasses")
+    def create_outputs(self):
+        raise NotImplementedError("create_outputs must be implemented by subclasses")
+    def create_iam_resources(self):
+        user_name = f"{self.project_name}-service-user"
+        group_name = f"{self.project_name}-group"
+        self.service_group = iam_group.IamGroup(self, "service_group", name=group_name)
+        self.service_user = iam_user.IamUser(self, "service_user", name=user_name)
+        iam_user_group_membership.IamUserGroupMembership(
+            self,
+            "service_user_group_membership",
+            user=self.service_user.name,
+            groups=[self.service_group.name],
+        )
+        self.service_key = iam_access_key.IamAccessKey(
+            self, "service_key", user=self.service_user.name
+        )
+        try:
+            self.service_policy = self.create_iam_policy_from_file()
+            self.resources["iam_policy"] = self.service_policy
+        except FileNotFoundError:
+            pass
+    def create_iam_policy_from_file(self, file_path="iam_policy.json"):
+        file_to_open = os.path.join(os.path.dirname(__file__), file_path)
+        with open(file_to_open, "r") as f:
+            policy = f.read()
+        return iam_group_policy.IamGroupPolicy(
+            self,
+            f"{self.project_name}-{self.environment}-service-policy",
+            name=f"{self.project_name}-{self.environment}-service-policy",
+            group=self.service_group.name,
+            policy=policy,
+        )

buzzerboyawslightsail-0.334.1/BuzzerboyAWSLightsailStack/LightsailContainer.py ADDED Viewed

@@ -0,0 +1,145 @@
+"""
+AWS Lightsail Mini Infrastructure Stack
+======================================
+This module provides a comprehensive AWS Lightsail infrastructure deployment stack
+using CDKTF (Cloud Development Kit for Terraform) with Python.
+The stack includes:
+    * Lightsail Container Service with automatic custom domain attachment
+    * PostgreSQL Database (optional)
+    * DNS management with CNAME records
+    * SSL certificate management with automatic validation
+    * IAM resources for service access
+    * S3 bucket for application data
+    * Secrets Manager for credential storage
+:author: Generated with GitHub Copilot
+:version: 1.0.0
+:license: MIT
+"""
+#region specific imports
+from constructs import Construct
+# Import the base class
+from .LightsailBase import LightsailBase
+from .LightsailFlags import ContainerArchitectureFlags
+from .LightsailMixins import LightsailContainerMixin
+#endregion
+#region AWS Provider and Resources
+from cdktf_cdktf_provider_aws.provider import AwsProvider
+from cdktf_cdktf_provider_aws import (
+    cloudfront_distribution,
+)
+#endregion
+# AWS WAF (currently unused but imported for future use)
+from cdktf_cdktf_provider_aws.wafv2_web_acl import (
+    Wafv2WebAcl,
+    Wafv2WebAclDefaultAction,
+    Wafv2WebAclRule,
+    Wafv2WebAclVisibilityConfig,
+    Wafv2WebAclDefaultActionAllow,
+    Wafv2WebAclRuleOverrideAction,
+    Wafv2WebAclRuleOverrideActionNone,
+    Wafv2WebAclRuleOverrideActionCount,
+    Wafv2WebAclRuleVisibilityConfig,
+)
+from cdktf_cdktf_provider_aws.wafv2_web_acl_association import Wafv2WebAclAssociation
+from cdktf_cdktf_provider_aws.wafv2_rule_group import Wafv2RuleGroupRuleVisibilityConfig
+#endregion
+ArchitectureFlags = ContainerArchitectureFlags
+class LightsailContainerStack(LightsailContainerMixin, LightsailBase):
+    """
+    AWS Lightsail Mini Infrastructure Stack.
+    A comprehensive infrastructure stack that deploys:
+        * Lightsail Container Service with custom domain support
+        * PostgreSQL database (optional)
+        * IAM resources and S3 storage
+    :param scope: The construct scope
+    :param id: The construct ID
+    :param kwargs: Configuration parameters including region, domains, flags, etc.
+    Example:
+        >>> stack = LightsailContainerStack(
+        ...     app, "my-stack",
+        ...     region="ca-central-1",
+        ...     domains=["app.example.com"],
+        ...     project_name="my-app",
+        ...     postApplyScripts=[
+        ...         "echo 'Deployment completed'",
+        ...         "curl -X POST https://webhook.example.com/notify"
+        ...     ]
+        ... )
+    """
+    @staticmethod
+    def get_architecture_flags():
+        """
+        Get the ArchitectureFlags enum for configuration.
+        :returns: ArchitectureFlags enum class
+        :rtype: type[ArchitectureFlags]
+        """
+        return ContainerArchitectureFlags
+    def __init__(self, scope, id, **kwargs):
+        """
+        Initialize the AWS Lightsail Mini Infrastructure Stack.
+        :param scope: The construct scope
+        :param id: Unique identifier for this stack
+        :param kwargs: Configuration parameters
+        **Configuration Parameters:**
+        :param region: AWS region (default: "us-east-1")
+        :param environment: Environment name (default: "dev")
+        :param project_name: Project identifier (default: "bb-aws-lightsail-mini-v1a-app")
+        :param domain_name: Primary domain name
+        :param domains: List of custom domains to configure
+        :param flags: List of ArchitectureFlags to modify behavior
+        :param profile: AWS profile to use (default: "default")
+        :param postApplyScripts: List of shell commands to execute after deployment
+        .. warning::
+           Lightsail domain operations must use us-east-1 region regardless of
+           the main stack region.
+        """
+        # Set container-specific defaults
+        if "project_name" not in kwargs:
+            kwargs["project_name"] = "bb-aws-lightsail-mini-v1a-app"
+        # Call parent constructor which handles all the base initialization
+        super().__init__(scope, id, **kwargs)
+        # ===== Container-Specific Configuration =====
+        self.domains = kwargs.get("domains", []) or []
+        # ===== Database Configuration =====
+        self.default_db_name = kwargs.get("default_db_name", self.project_name)
+        self.default_db_username = kwargs.get("default_db_username", "dbadmin")
+    def _initialize_providers(self):
+        """Initialize all required Terraform providers."""
+        # Call parent class to initialize base providers
+        super()._initialize_providers()
+        # Add Lightsail-specific provider for domain operations (must be us-east-1)
+        self.aws_domain_provider = AwsProvider(
+            self, "aws_domain", region="us-east-1", profile=self.profile, alias="domain"
+        )
+        self.resources["aws_domain"] = self.aws_domain_provider

BuzzerboyAWSLightsail 0.332.1__tar.gz → 0.334.1__tar.gz

BuzzerboyAWSLightsail 0.332.1tar.gz → 0.334.1tar.gz