UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

2 lines (1 loc) 7.8 kB
1
2
"use strict";var _a,_b;Object.defineProperty(exports,"__esModule",{value:!0}),exports.StackOutput=exports.CdkStage=void 0;const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var constructs_1=()=>{var tmp=require("constructs");return constructs_1=()=>tmp,tmp},actions_1=()=>{var tmp=require("./actions");return actions_1=()=>tmp,tmp},pipeline_1=()=>{var tmp=require("./pipeline");return pipeline_1=()=>tmp,tmp},codebuild=()=>{var tmp=require("../../../aws-codebuild");return codebuild=()=>tmp,tmp},cpactions=()=>{var tmp=require("../../../aws-codepipeline-actions");return cpactions=()=>tmp,tmp},aws_codepipeline_actions_1=()=>{var tmp=require("../../../aws-codepipeline-actions");return aws_codepipeline_actions_1=()=>tmp,tmp},core_1=()=>{var tmp=require("../../../core");return core_1=()=>tmp,tmp},asset_type_1=()=>{var tmp=require("../blueprint/asset-type");return asset_type_1=()=>tmp,tmp},application_security_check_1=()=>{var tmp=require("../private/application-security-check");return application_security_check_1=()=>tmp,tmp},asset_manifest_1=()=>{var tmp=require("../private/asset-manifest");return asset_manifest_1=()=>tmp,tmp},construct_internals_1=()=>{var tmp=require("../private/construct-internals");return construct_internals_1=()=>tmp,tmp},toposort_1=()=>{var tmp=require("../private/toposort");return toposort_1=()=>tmp,tmp};class CdkStage extends constructs_1().Construct{constructor(scope,id,props){super(scope,id),this._nextSequentialRunOrder=1,this._manualApprovalCounter=1,this.stacksToDeploy=new Array,this._prepared=!1,scope instanceof pipeline_1().CdkPipeline&&(this.pipeline=scope),this.stageName=props.stageName,this.pipelineStage=props.pipelineStage,this.cloudAssemblyArtifact=props.cloudAssemblyArtifact,this.host=props.host,this.confirmBroadeningPermissions=props.confirmBroadeningPermissions??!1,this.securityNotificationTopic=props.securityNotificationTopic,core_1().Aspects.of(this).add({visit:()=>this.prepareStage()})}addApplication(appStage,options={}){const asm=(0,construct_internals_1().pipelineSynth)(appStage),extraRunOrderSpace=options.extraRunOrderSpace??0;if((options.confirmBroadeningPermissions??this.confirmBroadeningPermissions)&&this.addSecurityCheck(appStage,options),asm.stacks.length===0)throw new Error(`The given Stage construct ('${appStage.node.path}') should contain at least one Stack`);const sortedTranches=(0,toposort_1().topologicalSort)(asm.stacks,stack=>stack.id,stack=>stack.dependencies.map(d=>d.id));for(const stacks of sortedTranches){const runOrder=this.nextSequentialRunOrder(extraRunOrderSpace+2);let executeRunOrder=runOrder+extraRunOrderSpace+1;options.manualApprovals&&(this.addManualApprovalAction({runOrder:runOrder+1}),executeRunOrder=this.nextSequentialRunOrder());for(const stack of stacks)this.addStackArtifactDeployment(stack,{runOrder,executeRunOrder})}}getApplicationSecurityCheck(){return this._applicationSecurityCheck?this._applicationSecurityCheck:(this._applicationSecurityCheck=this.pipeline?this.pipeline._getApplicationSecurityCheck():new(application_security_check_1()).ApplicationSecurityCheck(this,"StageApplicationSecurityCheck",{codePipeline:this.pipelineStage.pipeline}),this._applicationSecurityCheck)}addStackArtifactDeployment(stackArtifact,options={}){this.publishAssetDependencies(stackArtifact);const runOrder=options.runOrder??this.nextSequentialRunOrder(2),executeRunOrder=options.executeRunOrder??runOrder+1;this.stacksToDeploy.push({prepareRunOrder:runOrder,executeRunOrder,stackArtifact}),this.advanceRunOrderPast(runOrder),this.advanceRunOrderPast(executeRunOrder)}addManualApprovalAction(options={}){let actionName=options.actionName;actionName||(actionName=`ManualApproval${this._manualApprovalCounter>1?this._manualApprovalCounter:""}`,this._manualApprovalCounter+=1),this.addActions(new(cpactions()).ManualApprovalAction({actionName,runOrder:options.runOrder??this.nextSequentialRunOrder()}))}addActions(...actions){for(const action of actions)this.pipelineStage.addAction(action)}nextSequentialRunOrder(count=1){const ret=this._nextSequentialRunOrder;return this._nextSequentialRunOrder+=count,ret}deploysStack(artifactId){return this.stacksToDeploy.map(s=>s.stackArtifact.id).includes(artifactId)}prepareStage(){if(!this._prepared){this._prepared=!0;for(const{prepareRunOrder,stackArtifact,executeRunOrder}of this.stacksToDeploy){const artifact=this.host.stackOutputArtifact(stackArtifact.id);this.pipelineStage.addAction(actions_1().DeployCdkStackAction.fromStackArtifact(this,stackArtifact,{baseActionName:this.simplifyStackName(stackArtifact.stackName),cloudAssemblyInput:this.cloudAssemblyArtifact,output:artifact,outputFileName:artifact?"outputs.json":void 0,prepareRunOrder,executeRunOrder}))}}}advanceRunOrderPast(lastUsed){this._nextSequentialRunOrder=Math.max(lastUsed+1,this._nextSequentialRunOrder)}simplifyStackName(s){return stripPrefix(s,`${this.stageName}-`)}addSecurityCheck(appStage,options){const{cdkDiffProject}=this.getApplicationSecurityCheck(),notificationTopic=options?.securityNotificationTopic??this.securityNotificationTopic;notificationTopic?.grantPublish(cdkDiffProject);const appStageName=appStage.stageName,approveActionName=`${appStageName}ManualApproval`,diffAction=new(aws_codepipeline_actions_1()).CodeBuildAction({runOrder:this.nextSequentialRunOrder(),actionName:`${appStageName}SecurityCheck`,input:this.cloudAssemblyArtifact,project:cdkDiffProject,variablesNamespace:`${appStageName}SecurityCheck`,environmentVariables:{STAGE_PATH:{value:constructs_1().Node.of(appStage).path,type:codebuild().BuildEnvironmentVariableType.PLAINTEXT},STAGE_NAME:{value:this.stageName,type:codebuild().BuildEnvironmentVariableType.PLAINTEXT},ACTION_NAME:{value:approveActionName,type:codebuild().BuildEnvironmentVariableType.PLAINTEXT},...notificationTopic?{NOTIFICATION_ARN:{value:notificationTopic.topicArn,type:codebuild().BuildEnvironmentVariableType.PLAINTEXT},NOTIFICATION_SUBJECT:{value:`Confirm permission broadening in ${appStageName}`,type:codebuild().BuildEnvironmentVariableType.PLAINTEXT}}:{}}}),approve=new(cpactions()).ManualApprovalAction({actionName:approveActionName,runOrder:this.nextSequentialRunOrder(),additionalInformation:`#{${appStageName}SecurityCheck.MESSAGE}`,externalEntityLink:`#{${appStageName}SecurityCheck.LINK}`});this.addActions(diffAction,approve)}publishAssetDependencies(stackArtifact){const assetManifests=stackArtifact.dependencies.filter(isAssetManifest);for(const manifestArtifact of assetManifests){const manifest=asset_manifest_1().AssetManifestReader.fromFile(manifestArtifact.file);for(const entry of manifest.entries){let assetType;if(entry instanceof asset_manifest_1().DockerImageManifestEntry)assetType=asset_type_1().AssetType.DOCKER_IMAGE;else if(entry instanceof asset_manifest_1().FileManifestEntry){if(entry.source.packaging==="file"&&entry.source.path===stackArtifact.templateFile)continue;assetType=asset_type_1().AssetType.FILE}else throw new Error(`Unrecognized asset type: ${entry.type}`);if(!entry.destination.assumeRoleArn)throw new Error("assumeRoleArn is missing on asset and required");this.host.publishAsset({assetManifestPath:manifestArtifact.file,assetId:entry.id.assetId,assetSelector:entry.id.toString(),assetType,assetPublishingRoleArn:entry.destination.assumeRoleArn})}}}}exports.CdkStage=CdkStage,_a=JSII_RTTI_SYMBOL_1,CdkStage[_a]={fqn:"aws-cdk-lib.pipelines.CdkStage",version:"2.113.0"};class StackOutput{constructor(artifactFile,outputName){this.artifactFile=artifactFile,this.outputName=outputName}}exports.StackOutput=StackOutput,_b=JSII_RTTI_SYMBOL_1,StackOutput[_b]={fqn:"aws-cdk-lib.pipelines.StackOutput",version:"2.113.0"};function stripPrefix(s,prefix){return s.startsWith(prefix)?s.slice(prefix.length):s}function isAssetManifest(s){return s.constructor.name==="AssetManifestArtifact"}