added appsync & distro functions

Author: eahefnawy

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@serverless/aws-sdk",
-  "version": "2.0.6",
+  "version": "3.0.0",
   "description": "Powerful Serverless Utilities",
   "main": "src/index.js",
   "author": "Serverless, Inc.",
@@ -11,6 +11,7 @@
   "dependencies": {
     "adm-zip": "^0.4.14",
     "aws-sdk": "^2.614.0",
+    "merge-deep": "^3.0.2",
     "ramda": "^0.26.1"
   },
   "scripts": {

src/deployAppSyncApi.js

@@ -1,11 +1,45 @@
+const setAuthConfig = (aws, params, createUpdateParams) => {
+  if (!params.auth || params.auth === 'apiKey') {
+    // api key auth
+    createUpdateParams.authenticationType = 'API_KEY'
+  } else if (params.auth === 'awsIam') {
+    // iam auth
+    createUpdateParams.authenticationType = 'AWS_IAM'
+  } else if (params.auth.userPoolId) {
+    createUpdateParams.authenticationType = 'AMAZON_COGNITO_USER_POOLS'
+    createUpdateParams.userPoolConfig = {
+      // cognito auth config
+      userPoolId: params.auth.userPoolId,
+      defaultAction: params.auth.defaultAction || 'ALLOW',
+      awsRegion: params.auth.region || aws.config.region,
+      appIdClientRegex: params.auth.appIdClientRegex
+    }
+  } else if (params.auth.issuer) {
+    // open id auth config
+    createUpdateParams.openIDConnectConfig = {
+      // cognito auth config
+      issuer: params.auth.issuer,
+      authTTL: params.auth.authTTL,
+      clientId: params.auth.clientId,
+      iatTTL: params.auth.iatTTL
+    }
+  } else {
+    // set api key for any other case
+    createUpdateParams.authenticationType = 'API_KEY'
+  }
+
+  return createUpdateParams
+}
+
 const createAppSyncApi = async (aws, params) => {
   const appSync = new aws.AppSync()
 
-  const createGraphqlApiParams = {
-    name: params.apiName,
-    authenticationType: params.authenticationType || 'API_KEY'
+  let createGraphqlApiParams = {
+    name: params.apiName
   }
 
+  createGraphqlApiParams = setAuthConfig(aws, params, createGraphqlApiParams)
+
   const { graphqlApi } = await appSync.createGraphqlApi(createGraphqlApiParams).promise()
 
   return graphqlApi
@@ -14,12 +48,13 @@ const createAppSyncApi = async (aws, params) => {
 const updateAppSyncApi = async (aws, params) => {
   const appSync = new aws.AppSync()
 
-  const updateGraphqlApiparams = {
+  let updateGraphqlApiparams = {
     apiId: params.apiId,
-    name: params.apiName,
-    authenticationType: params.authenticationType || 'API_KEY'
+    name: params.apiName
   }
 
+  updateGraphqlApiparams = setAuthConfig(aws, params, updateGraphqlApiparams)
+
   const { graphqlApi } = await appSync.updateGraphqlApi(updateGraphqlApiparams).promise()
 
   return graphqlApi

src/deployAppSyncDistribution.js

@@ -0,0 +1,69 @@
+module.exports = async (aws, params) => {
+  const { domain, apiId, apiUrl } = params
+
+  if (!apiId) {
+    throw new Error(`Missing "apiId" param.`)
+  }
+
+  if (!apiUrl) {
+    throw new Error(`Missing "apiUrl" param.`)
+  }
+
+  const deployDistributionParams = {
+    domain,
+    Origins: {
+      Quantity: 1,
+      Items: [
+        {
+          Id: apiId, // required
+          DomainName: apiUrl.replace('https://', '').replace('/graphql', ''), // required
+          OriginPath: '', // required
+          CustomOriginConfig: {
+            HTTPPort: 80,
+            HTTPSPort: 443,
+            OriginKeepaliveTimeout: 5,
+            OriginProtocolPolicy: 'https-only',
+            OriginReadTimeout: 30,
+            OriginSslProtocols: {
+              Items: ['SSLv3', 'TLSv1', 'TLSv1.1', 'TLSv1.2'],
+              Quantity: 4
+            }
+          }
+        }
+      ]
+    },
+    DefaultCacheBehavior: {
+      AllowedMethods: {
+        Quantity: 7,
+        Items: ['HEAD', 'GET', 'POST', 'PATCH', 'PUT', 'DELETE', 'OPTIONS']
+      },
+      TrustedSigners: {
+        // required
+        Enabled: false,
+        Quantity: 0,
+        Items: []
+      },
+      ViewerProtocolPolicy: 'redirect-to-https', // required
+      MinTTL: 0, // required
+      DefaultTTL: 86400,
+      MaxTTL: 31536000,
+      SmoothStreaming: false,
+      TargetOriginId: apiId, // required
+      ForwardedValues: {
+        QueryString: false, // required
+        Cookies: {
+          // required
+          Forward: 'none'
+        }
+      }
+    }
+  }
+
+  if (params.distributionId) {
+    deployDistributionParams.distributionId = params.distributionId
+  }
+
+  const distribution = await aws.utils.deployDistribution(deployDistributionParams)
+
+  return distribution
+}

src/deployDistribution.js

@@ -0,0 +1,153 @@
+const { mergeDeep } = require('./utils')
+
+const createDistribution = async (aws, params = {}) => {
+  const cf = new aws.CloudFront()
+
+  delete params.distributionId
+
+  params.Enabled = params.Enabled || true
+  params.Comment = params.Comment || ''
+  params.CallerReference = params.CallerReference || String(Date.now())
+
+  const createDistributionParams = {
+    DistributionConfig: { ...params }
+  }
+
+  if (params.certificateStatus === 'ISSUED') {
+    createDistributionParams.DistributionConfig.Aliases = {
+      Quantity: 1,
+      Items: [params.domain]
+    }
+    createDistributionParams.DistributionConfig.ViewerCertificate = {
+      ACMCertificateArn: params.certificateArn,
+      SSLSupportMethod: 'sni-only',
+      MinimumProtocolVersion: 'TLSv1.1_2016',
+      Certificate: params.certificateArn,
+      CertificateSource: 'acm'
+    }
+  }
+
+  delete createDistributionParams.DistributionConfig.domain
+  delete createDistributionParams.DistributionConfig.certificateArn
+  delete createDistributionParams.DistributionConfig.certificateStatus
+  delete createDistributionParams.DistributionConfig.domainHostedZoneId
+
+  const res = await cf.createDistribution(createDistributionParams).promise()
+
+  return {
+    distributionId: res.Distribution.Id,
+    distributionArn: res.Distribution.ARN,
+    distributionUrl: res.Distribution.DomainName
+  }
+}
+
+const updateDistribution = async (aws, params = {}) => {
+  const cf = new aws.CloudFront()
+  try {
+    const updateDistributionParams = await cf
+      .getDistributionConfig({ Id: params.distributionId })
+      .promise()
+
+    // 2. then add this property
+    updateDistributionParams.IfMatch = updateDistributionParams.ETag
+
+    // 3. then delete this property
+    delete updateDistributionParams.ETag
+
+    // 4. then set this property
+    updateDistributionParams.Id = params.distributionId
+
+    // 5. then make our changes
+    updateDistributionParams.DistributionConfig.Enabled = params.Enabled === false ? false : true
+
+    if (params.certificateStatus === 'ISSUED') {
+      updateDistributionParams.DistributionConfig.Aliases = {
+        Quantity: 1,
+        Items: [params.domain]
+      }
+      updateDistributionParams.DistributionConfig.ViewerCertificate = {
+        ACMCertificateArn: params.certificateArn,
+        SSLSupportMethod: 'sni-only',
+        MinimumProtocolVersion: 'TLSv1.1_2016',
+        Certificate: params.certificateArn,
+        CertificateSource: 'acm'
+      }
+    }
+
+    // these cannot exist in an update operation
+    delete params.Origins
+    delete params.CallerReference
+
+    // todo this might not scale
+    updateDistributionParams.DistributionConfig = mergeDeep(
+      updateDistributionParams.DistributionConfig,
+      params
+    )
+
+    // make sure aliases match the definition
+    // deep merging causes a mix
+    if (!params.domain) {
+      updateDistributionParams.DistributionConfig.Aliases = params.Aliases
+    }
+
+    // these are invalid CF parameters
+    delete updateDistributionParams.DistributionConfig.distributionId
+    delete updateDistributionParams.DistributionConfig.domain
+    delete updateDistributionParams.DistributionConfig.certificateArn
+    delete updateDistributionParams.DistributionConfig.certificateStatus
+    delete updateDistributionParams.DistributionConfig.domainHostedZoneId
+
+    // 6. then finally update!
+    const res = await cf.updateDistribution(updateDistributionParams).promise()
+
+    return {
+      distributionId: res.Distribution.Id,
+      distributionArn: res.Distribution.ARN,
+      distributionUrl: res.Distribution.DomainName
+    }
+  } catch (e) {
+    if (e.code === 'NoSuchDistribution') {
+      const res = await createDistribution(aws, params)
+      return res
+    }
+    throw e
+  }
+}
+
+module.exports = async (aws, params = {}) => {
+  const { domain } = params
+
+  if (domain) {
+    const deployCertificateParams = {
+      domain
+    }
+
+    const res = await aws.utils.deployCertificate(deployCertificateParams)
+    params.certificateArn = res.certificateArn // eslint-disable-line
+    params.domainHostedZoneId = res.domainHostedZoneId // eslint-disable-line
+    params.certificateStatus = res.certificateStatus // eslint-disable-line
+  }
+
+  let distribution
+  if (params.distributionId) {
+    distribution = await updateDistribution(aws, params)
+  } else {
+    distribution = await createDistribution(aws, params)
+  }
+
+  if (domain) {
+    const deployDistributionDnsParams = {
+      domain,
+      distributionUrl: distribution.distributionUrl,
+      domainHostedZoneId: params.domainHostedZoneId
+    }
+
+    await aws.utils.deployDistributionDns(deployDistributionDnsParams)
+
+    distribution.certificateArn = params.certificateArn
+    distribution.certificateStatus = params.certificateStatus
+    distribution.certificateStatus = params.certificateStatus
+  }
+
+  return distribution
+}

src/disableDistribution.js

@@ -0,0 +1,17 @@
+module.exports = async (aws, params = {}) => {
+  const { distributionId } = params
+  if (!distributionId) {
+    throw new Error(`Missing "distributionId" param`)
+  }
+
+  const deployDistributionParams = {
+    distributionId,
+    Enabled: false,
+    Aliases: {
+      Quantity: 0,
+      Items: []
+    }
+  }
+
+  return aws.utils.deployDistribution(deployDistributionParams)
+}

src/index.js

@@ -125,5 +125,10 @@ aws.utils.getCloudWatchLogGroupArn = (params) => require('./getCloudWatchLogGrou
 aws.utils.deleteLambda = (params) => require('./deleteLambda')(aws, params)
 aws.utils.deleteAppSyncApi = (params) => require('./deleteAppSyncApi')(aws, params)
 aws.utils.deployAppSyncApiKey = (params) => require('./deployAppSyncApiKey')(aws, params)
+aws.utils.deployAppSyncDistribution = (params) =>
+  require('./deployAppSyncDistribution')(aws, params)
+aws.utils.deployDistribution = (params) => require('./deployDistribution')(aws, params)
+aws.utils.disableDistribution = (params) => require('./disableDistribution')(aws, params)
+aws.utils.removeDistribution = (params) => require('./removeDistribution')(aws, params)
 
 module.exports = aws

src/removeDistribution.js

@@ -0,0 +1,27 @@
+module.exports = async (aws, params = {}) => {
+  const { distributionId } = params
+
+  if (!distributionId) {
+    throw new Error(`Missing "distributionId" param`)
+  }
+  const cf = new aws.CloudFront()
+
+  try {
+    const getDistributionConfigRes = await cf
+      .getDistributionConfig({ Id: distributionId })
+      .promise()
+
+    const deleteDistributionParams = { Id: distributionId, IfMatch: getDistributionConfigRes.ETag }
+    await cf.deleteDistribution(deleteDistributionParams).promise()
+
+    // todo remove distribtution dns
+  } catch (e) {
+    if (e.code === 'DistributionNotDisabled') {
+      await aws.utils.disableDistribution(params)
+    } else if (e.code === 'NoSuchDistribution') {
+      return
+    } else {
+      throw e
+    }
+  }
+}

src/utils.js

@@ -1,4 +1,5 @@
 const AdmZip = require('adm-zip')
+const mergeDeep = require('merge-deep')
 
 const sleep = async (wait) => new Promise((resolve) => setTimeout(() => resolve(), wait))
 
@@ -29,4 +30,4 @@ const zip = (dirPath) => {
   return zipFile
 }
 
-module.exports = { sleep, zip, getNakedDomain, shouldConfigureNakedDomain }
+module.exports = { mergeDeep, sleep, zip, getNakedDomain, shouldConfigureNakedDomain }