Press n or j to go to the next uncovered block, b, p or k for the previous block.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 | 1x 1x 5x 6x 5x 5x 5x 5x 6x 6x 6x 6x 6x 6x 1x 5x 5x 5x 1x 5x 5x 125x 14x 111x 1x 5x 5x 5x 5x 5x 5x | import { getExport, getSecret } from "shared-utils";
const SHARED_STAGES = new Set(["main", "val", "production"]);
const PROTECTED_STAGES = new Set([...SHARED_STAGES, "datasink"]);
export interface InjectedConfigOptions {
project: string;
stage: string;
region?: string;
}
export type InjectedConfigProperties = {
brokerString: string;
dbInfoSecretName: string;
devPasswordArn: string;
domainCertificateArn: string;
domainName: string;
emailAddressLookupSecretName: string;
notificationSecretName: string;
notificationSecretArn: string;
googleAnalyticsDisable: boolean;
googleAnalyticsGTag: string;
iamPath: string;
iamPermissionsBoundary: string;
idmAuthzApiEndpoint: string;
idmAuthzApiKeyArn: string;
idmClientId: string;
idmClientIssuer: string;
idmClientSecretArn: string;
idmEnable: boolean;
idmHomeUrl: string;
smartLinkUrl: string;
macproLinkUrl: string;
legacyS3AccessRoleArn: string;
externalApiAuthSecretArn: string;
useSharedOpenSearch: boolean;
vpcName: string;
};
export type DeploymentConfigProperties = InjectedConfigProperties & {
isDev: boolean;
project: string;
sharedOpenSearchDomainArn: string;
sharedOpenSearchDomainEndpoint: string;
stage: string;
terminationProtection: boolean;
};
export class DeploymentConfig {
public config: DeploymentConfigProperties;
private constructor(_options: InjectedConfigOptions, config: DeploymentConfigProperties) {
this.config = config;
}
public static async fetch(options: InjectedConfigOptions): Promise<DeploymentConfig> {
const injectedConfig = await DeploymentConfig.loadConfig(options);
const appConfig: DeploymentConfigProperties = {
...injectedConfig,
project: options.project,
stage: options.stage,
isDev: !SHARED_STAGES.has(options.stage),
terminationProtection: PROTECTED_STAGES.has(options.stage),
sharedOpenSearchDomainArn: "",
sharedOpenSearchDomainEndpoint: "",
};
const appConfigInstance = new DeploymentConfig(options, appConfig);
await appConfigInstance.initialize();
return appConfigInstance;
}
private static async loadConfig(
options: InjectedConfigOptions,
): Promise<InjectedConfigProperties> {
const { project, stage } = options;
const defaultSecretName = `${project}-default`;
const stageSecretName = `${project}-${stage}`;
// Fetch project-default secret
let defaultSecret: { [key: string]: string } = {};
try {
defaultSecret = JSON.parse(await getSecret(defaultSecretName));
} catch {
throw new Error(`Failed to fetch mandatory secret ${defaultSecretName}`);
}
// Fetch project-stage secret if it exists and is not marked for deletion
let stageSecret: { [key: string]: string } = {};
try {
stageSecret = JSON.parse(await getSecret(stageSecretName));
} catch (error) {
console.warn(`Optional stage secret ${stageSecretName} not found: ${error.message}`);
}
// Merge secrets with stageSecret taking precedence
const combinedSecret: { [key: string]: any } = {
...defaultSecret,
...stageSecret,
};
// Convert "true"/"false" strings to booleans
Object.keys(combinedSecret).forEach((key) => {
if (combinedSecret[key] === "true") {
combinedSecret[key] = true;
} else if (combinedSecret[key] === "false") {
combinedSecret[key] = false;
}
});
Iif (!this.isConfig(combinedSecret)) {
throw new Error(
`The resolved configuration for stage ${stage} has missing or malformed values.`,
);
}
return combinedSecret as InjectedConfigProperties;
}
private static isConfig(config: any): config is InjectedConfigProperties {
return (
typeof config.brokerString === "string" &&
typeof config.dbInfoSecretName == "string" && // pragma: allowlist secret
typeof config.devPasswordArn == "string" && // pragma: allowlist secret
typeof config.domainCertificateArn == "string" &&
typeof config.domainName === "string" &&
typeof config.emailAddressLookupSecretName === "string" && // pragma: allowlist secret
typeof config.notificationSecretName === "string" && // pragma: allowlist secret
typeof config.notificationSecretArn === "string" && // pragma: allowlist secret
typeof config.googleAnalyticsDisable == "boolean" &&
typeof config.googleAnalyticsGTag === "string" &&
typeof config.iamPermissionsBoundary === "string" &&
typeof config.iamPath === "string" &&
typeof config.idmAuthzApiEndpoint === "string" &&
typeof config.idmAuthzApiKeyArn === "string" && // pragma: allowlist secret
typeof config.idmClientId === "string" &&
typeof config.idmClientIssuer === "string" &&
typeof config.idmClientSecretArn === "string" && // pragma: allowlist secret
typeof config.idmEnable === "boolean" &&
typeof config.idmHomeUrl === "string" &&
typeof config.smartLinkUrl === "string" &&
typeof config.macproLinkUrl === "string" &&
typeof config.legacyS3AccessRoleArn === "string" &&
typeof config.externalApiAuthSecretArn === "string" && // pragma: allowlist secret
typeof config.useSharedOpenSearch === "boolean" &&
typeof config.vpcName === "string"
);
}
private async initialize(): Promise<void> {
Eif (this.config.useSharedOpenSearch) {
this.config.sharedOpenSearchDomainArn = await getExport(
`${this.config.project}-sharedOpenSearchDomainArn`,
);
this.config.sharedOpenSearchDomainEndpoint = await getExport(
`${this.config.project}-sharedOpenSearchDomainEndpoint`,
);
}
}
}
|