diff --git a/.github/actions/build/action.yml b/.github/actions/build/action.yml new file mode 100644 index 00000000..f6de643f --- /dev/null +++ b/.github/actions/build/action.yml @@ -0,0 +1,27 @@ +name: Build and Test +description: Runs build + +runs: + using: "composite" + steps: + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + repo: pulumi/pulumictl + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version: 18.x + registry-url: https://registry.npmjs.org + - name: Install Yarn + shell: bash + run: curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version 1.13.0 + - name: Install packages + shell: bash + run: yarn install --frozen-lockfile + - name: Run build + shell: bash + run: yarn run build + - name: Run unit tests + shell: bash + run: yarn run test diff --git a/.github/actions/lint/action.yml b/.github/actions/lint/action.yml new file mode 100644 index 00000000..5cb33d70 --- /dev/null +++ b/.github/actions/lint/action.yml @@ -0,0 +1,20 @@ +name: Lint +description: Runs lint + +runs: + using: "composite" + steps: + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version: 18.x + registry-url: https://registry.npmjs.org + - name: Install Yarn + shell: bash + run: curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version 1.13.0 + - name: Install packages + shell: bash + run: yarn install --frozen-lockfile + - name: Run lint + shell: bash + run: yarn run lint diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index aa63d529..4b8b968e 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -13,26 +13,33 @@ jobs: steps: - name: Checkout Repo uses: actions/checkout@v4 - - name: Unshallow clone for tags - run: git fetch --prune --unshallow --tags - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version: 18.19.x - registry-url: https://registry.npmjs.org - - name: Install Yarn - run: curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version 1.13.0 - - name: Install packages - run: yarn install - - name: Run lint - run: yarn run lint + - name: lint + uses: ./.github/actions/lint + build: name: Build and Test runs-on: ubuntu-latest - concurrency: build-and-test # Currently integration tests can clash across branches. steps: - name: Checkout Repo uses: actions/checkout@v4 + - name: build + uses: ./.github/actions/build + + test: + # Only run tests on the schedule event + # On 'push' we've just merged a PR that ran the tests + if: github.event_name == 'schedule' + name: acceptance-test + concurrency: + group: acceptance-test-${{ matrix.index }} # TODO: concurrent tests across PRs can cause problems + cancel-in-progress: false + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + # Needed for pulumictl to calculate version + - name: Unshallow clone for tags + run: git fetch --prune --unshallow --tags - name: Install pulumictl uses: jaxxstorm/action-install-gh-release@v1.11.0 with: @@ -46,44 +53,83 @@ jobs: role-duration-seconds: 3600 role-session-name: ${{ env.PROVIDER }}@githubActions role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - - name: Unshallow clone for tags - run: git fetch --prune --unshallow --tags - name: Setup Node uses: actions/setup-node@v4 with: - node-version: 18.19.x + node-version: 18.x registry-url: https://registry.npmjs.org - name: Install Go uses: actions/setup-go@v5 with: go-version: 1.22.x + cache-dependency-path: examples/*.sum - name: Install Yarn run: curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version 1.13.0 - name: Install packages - run: yarn install + run: yarn install --frozen-lockfile - name: Run build - run: yarn run build - - name: Run unit tests - run: yarn run test + run: yarn run prepare && yarn run build - name: yarn link - run: pushd lib && yarn link && popd + run: yarn link - name: set script-shell run: yarn config set script-shell /bin/bash - - name: Set up gotestfmt - uses: GoTestTools/gotestfmt-action@v2 + - name: Install gotestsum + run: go install gotest.tools/gotestsum@latest + - name: Go mod download + run: cd examples && go mod download + - name: Generate go test Slice + id: test_split + uses: hashicorp-forge/go-test-split-action@v2.0.0 with: - token: ${{ secrets.GITHUB_TOKEN }} + working-directory: examples + total: ${{ matrix.parallel }} + index: ${{ matrix.index }} - name: Run examples - run: yarn run test-examples-gotestfmt + run: cd examples && gotestsum --format github-actions -- -v -count=1 -timeout 2h -parallel 4 -run "${{ steps.test_split.outputs.run }}" + strategy: + fail-fast: false + matrix: + parallel: [3] + index: [0, 1, 2] + + release: + if: github.event_name == 'push' + name: Release + runs-on: ubuntu-latest + needs: + - build + - lint + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + # Needed for pulumictl to calculate version + - name: Unshallow clone for tags + run: git fetch --prune --unshallow --tags + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + repo: pulumi/pulumictl + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version: 18.x + registry-url: https://registry.npmjs.org + - name: Install Yarn + run: curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version 1.13.0 + - name: Install packages + run: yarn install --frozen-lockfile + - name: Run build + run: yarn run set-version && yarn run build - if: github.event_name == 'push' name: Publish Dev Package uses: JS-DevTools/npm-publish@v1 with: access: "public" token: ${{ secrets.NPM_TOKEN }} - package: ${{github.workspace}}/lib/package.json + package: ${{github.workspace}}/package.json tag: dev check-version: true + name: main "on": schedule: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3fbe0dd4..f94fc53b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,26 +13,30 @@ jobs: steps: - name: Checkout Repo uses: actions/checkout@v4 - - name: Unshallow clone for tags - run: git fetch --prune --unshallow --tags - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version: 18.19.x - registry-url: https://registry.npmjs.org - - name: Install Yarn - run: curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version 1.13.0 - - name: Install packages - run: yarn install - - name: Run lint - run: yarn run lint + - name: lint + uses: ./.github/actions/lint + build: name: Build and Test runs-on: ubuntu-latest - concurrency: build-and-test # Currently integration tests can clash across branches. steps: - name: Checkout Repo uses: actions/checkout@v4 + - name: build + uses: ./.github/actions/build + + test: + name: acceptance-test + concurrency: + group: acceptance-test-${{ matrix.index }} # TODO: concurrent tests across PRs can cause problems + cancel-in-progress: false + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + # Needed for pulumictl to calculate version + - name: Unshallow clone for tags + run: git fetch --prune --unshallow --tags - name: Install pulumictl uses: jaxxstorm/action-install-gh-release@v1.11.0 with: @@ -46,41 +50,79 @@ jobs: role-duration-seconds: 3600 role-session-name: ${{ env.PROVIDER }}@githubActions role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - - name: Unshallow clone for tags - run: git fetch --prune --unshallow --tags - name: Setup Node uses: actions/setup-node@v4 with: - node-version: 18.19.x + node-version: 18.x registry-url: https://registry.npmjs.org - name: Install Go uses: actions/setup-go@v5 with: go-version: 1.22.x + cache-dependency-path: examples/*.sum - name: Install Yarn run: curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version 1.13.0 - name: Install packages - run: yarn install + run: yarn install --frozen-lockfile - name: Run build - run: yarn run build - - name: Run unit tests - run: yarn run test + run: yarn run prepare && yarn run build - name: yarn link - run: pushd lib && yarn link && popd + run: yarn link - name: set script-shell run: yarn config set script-shell /bin/bash - - name: Set up gotestfmt - uses: haveyoudebuggedit/gotestfmt-action@v2 + - name: Install gotestsum + run: go install gotest.tools/gotestsum@latest + - name: Go mod download + run: cd examples && go mod download + - name: Generate go test Slice + id: test_split + uses: hashicorp-forge/go-test-split-action@v2.0.0 with: - token: ${{ secrets.GITHUB_TOKEN }} + working-directory: examples + total: ${{ matrix.parallel }} + index: ${{ matrix.index }} - name: Run examples - run: yarn run test-examples-gotestfmt + run: cd examples && gotestsum --format github-actions -- -v -count=1 -timeout 2h -parallel 4 -run "${{ steps.test_split.outputs.run }}" + strategy: + fail-fast: false + matrix: + parallel: [3] + index: [0, 1, 2] + + release: + name: Release + runs-on: ubuntu-latest + needs: + - build + - test + - lint + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + # Needed for pulumictl to calculate version + - name: Unshallow clone for tags + run: git fetch --prune --unshallow --tags + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + repo: pulumi/pulumictl + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version: 18.x + registry-url: https://registry.npmjs.org + - name: Install Yarn + run: curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version 1.13.0 + - name: Install packages + run: yarn install --frozen-lockfile + - name: Run build + run: yarn run set-version && yarn run build - name: Publish Dev Package uses: JS-DevTools/npm-publish@v1 with: access: "public" token: ${{ secrets.NPM_TOKEN }} - package: ${{github.workspace}}/lib/package.json + package: ${{github.workspace}}/package.json name: release "on": push: diff --git a/.github/workflows/run-acceptance-tests.yml b/.github/workflows/run-acceptance-tests.yml index 99f23e2b..c6d2bb71 100644 --- a/.github/workflows/run-acceptance-tests.yml +++ b/.github/workflows/run-acceptance-tests.yml @@ -29,58 +29,32 @@ jobs: steps: - name: Checkout Repo uses: actions/checkout@v4 - - name: Unshallow clone for tags - run: git fetch --prune --unshallow --tags - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version: 18.19.x - registry-url: https://registry.npmjs.org - - name: Install Yarn - run: curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version 1.13.0 - - name: Install packages - run: yarn install --frozen-lockfile - - name: Run lint - run: yarn run lint + - name: lint + uses: ./.github/actions/lint + build: name: Build and Test runs-on: ubuntu-latest steps: - name: Checkout Repo uses: actions/checkout@v4 - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.10.0 - with: - repo: pulumi/pulumictl - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version: 18.19.x - registry-url: https://registry.npmjs.org - - name: Install Yarn - run: curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version 1.13.0 - - name: Install packages - run: yarn install --frozen-lockfile - - name: Run build - run: yarn run build - - name: Run unit tests - run: yarn run test + - name: build + uses: ./.github/actions/build + test: name: acceptance-test concurrency: group: acceptance-test-${{ matrix.index }} # TODO: concurrent tests across PRs can cause problems - cancel-in-progress: true + cancel-in-progress: false runs-on: ubuntu-latest steps: - - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@v1.3.1 - with: - tool-cache: false - swap-storage: false - name: Checkout Repo uses: actions/checkout@v4 + # Needed for pulumictl to calculate version + - name: Unshallow clone for tags + run: git fetch --prune --unshallow --tags - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.10.0 + uses: jaxxstorm/action-install-gh-release@v1.11.0 with: repo: pulumi/pulumictl - name: Configure AWS Credentials @@ -95,7 +69,7 @@ jobs: - name: Setup Node uses: actions/setup-node@v4 with: - node-version: 18.19.x + node-version: 18.x registry-url: https://registry.npmjs.org - name: Install Go uses: actions/setup-go@v5 @@ -107,9 +81,9 @@ jobs: - name: Install packages run: yarn install --frozen-lockfile - name: Run build - run: yarn run build + run: yarn run set-version && yarn run build - name: yarn link - run: pushd lib && yarn link && popd + run: yarn link - name: set script-shell run: yarn config set script-shell /bin/bash - name: Install gotestsum @@ -130,7 +104,7 @@ jobs: matrix: parallel: [3] index: [0, 1, 2] - + name: Run Acceptance Tests from PR on: repository_dispatch: diff --git a/.npmignore b/.npmignore new file mode 100644 index 00000000..52bb8300 --- /dev/null +++ b/.npmignore @@ -0,0 +1,14 @@ +/examples/ +/tests/ +/src/ +/coverage/ +/.github/ +/.eslintignore +/.eslintrc.js +/test-reports/ +/.prettierrc +tsconfig.json +!/lib/ +!/lib/**/*.js +!/lib/**/*.d.ts + diff --git a/examples/alb/index.ts b/examples/alb/index.ts index 3249a10a..39242e33 100644 --- a/examples/alb/index.ts +++ b/examples/alb/index.ts @@ -3,8 +3,6 @@ import * as ec2 from 'aws-cdk-lib/aws-ec2'; import * as elbv2 from 'aws-cdk-lib/aws-elasticloadbalancingv2'; import * as pulumi from '@pulumi/pulumi'; import * as pulumicdk from '@pulumi/cdk'; -import * as aws from '@pulumi/aws'; -import { Construct } from 'constructs'; class AlbStack extends pulumicdk.Stack { url: pulumi.Output; diff --git a/examples/alb/package.json b/examples/alb/package.json index e2cdf19a..32c62a49 100644 --- a/examples/alb/package.json +++ b/examples/alb/package.json @@ -5,12 +5,10 @@ }, "dependencies": { "@pulumi/aws": "^4.6.0", - "@pulumi/aws-native": "^0.108.0", + "@pulumi/aws-native": "^0.117.0", "@pulumi/pulumi": "^3.0.0", - "aws-cdk-lib": "^2.20.0", - "constructs": "^10.0.111" - }, - "peerDependencies": { - "@pulumi/cdk": "^0.0.1" + "aws-cdk-lib": "2.149.0", + "constructs": "^10.0.111", + "@pulumi/cdk": "^0.5.0" } } diff --git a/examples/api-websocket-lambda-dynamodb/package.json b/examples/api-websocket-lambda-dynamodb/package.json index 72badb81..169bde3f 100644 --- a/examples/api-websocket-lambda-dynamodb/package.json +++ b/examples/api-websocket-lambda-dynamodb/package.json @@ -11,7 +11,7 @@ "@pulumi/aws-native": "^0.117.0", "@pulumi/cdk": "^0.5.0", "@pulumi/pulumi": "^3.0.0", - "aws-cdk-lib": "^2.20.0", + "aws-cdk-lib": "2.149.0", "constructs": "^10.0.111" } } diff --git a/examples/apprunner/package.json b/examples/apprunner/package.json index 7af028f4..13ea9c13 100644 --- a/examples/apprunner/package.json +++ b/examples/apprunner/package.json @@ -6,13 +6,11 @@ "dependencies": { "@pulumi/aws": "^4.6.0", "@pulumi/awsx": "^0.32.0", - "@pulumi/aws-native": "^0.108.0", + "@pulumi/aws-native": "^0.117.0", "@pulumi/pulumi": "^3.0.0", - "aws-cdk-lib": "^2.20.0", + "aws-cdk-lib": "2.149.0", "constructs": "^10.0.111", + "@pulumi/cdk": "^0.5.0", "@aws-cdk/aws-apprunner-alpha": "2.20.0-alpha.0" - }, - "peerDependencies": { - "@pulumi/cdk": "^0.0.1" } } diff --git a/examples/appsvc/package.json b/examples/appsvc/package.json index e2cdf19a..c226e7d6 100644 --- a/examples/appsvc/package.json +++ b/examples/appsvc/package.json @@ -5,12 +5,10 @@ }, "dependencies": { "@pulumi/aws": "^4.6.0", - "@pulumi/aws-native": "^0.108.0", + "@pulumi/aws-native": "^0.117.0", "@pulumi/pulumi": "^3.0.0", - "aws-cdk-lib": "^2.20.0", - "constructs": "^10.0.111" - }, - "peerDependencies": { - "@pulumi/cdk": "^0.0.1" - } + "aws-cdk-lib": "2.149.0", + "constructs": "^10.0.111", + "@pulumi/cdk": "^0.5.0" + } } diff --git a/examples/cron-lambda/index.ts b/examples/cron-lambda/index.ts index d672cfa9..76df88a7 100644 --- a/examples/cron-lambda/index.ts +++ b/examples/cron-lambda/index.ts @@ -2,10 +2,9 @@ import * as fs from 'fs'; import * as aws_events from 'aws-cdk-lib/aws-events'; import * as aws_events_targets from 'aws-cdk-lib/aws-events-targets'; import * as aws_lambda from 'aws-cdk-lib/aws-lambda'; -import { CfnOutput, Duration } from 'aws-cdk-lib'; +import { Duration } from 'aws-cdk-lib'; import * as pulumi from '@pulumi/pulumi'; import * as pulumicdk from '@pulumi/cdk'; -import { Construct } from 'constructs'; import { remapCloudControlResource } from './adapter'; class LambdaStack extends pulumicdk.Stack { diff --git a/examples/cron-lambda/package.json b/examples/cron-lambda/package.json index 6d7c9d19..d9751124 100644 --- a/examples/cron-lambda/package.json +++ b/examples/cron-lambda/package.json @@ -6,12 +6,10 @@ "dependencies": { "@pulumi/aws": "^4.6.0", "@pulumi/awsx": "^0.32.0", - "@pulumi/aws-native": "^0.108.0", + "@pulumi/aws-native": "^0.117.0", "@pulumi/pulumi": "^3.0.0", - "aws-cdk-lib": "^2.20.0", - "constructs": "^10.0.111" - }, - "peerDependencies": { - "@pulumi/cdk": "^0.0.1" - } + "aws-cdk-lib": "2.149.0", + "constructs": "^10.0.111", + "@pulumi/cdk": "^0.5.0" + } } diff --git a/examples/ec2-instance/package.json b/examples/ec2-instance/package.json index e2cdf19a..c226e7d6 100644 --- a/examples/ec2-instance/package.json +++ b/examples/ec2-instance/package.json @@ -5,12 +5,10 @@ }, "dependencies": { "@pulumi/aws": "^4.6.0", - "@pulumi/aws-native": "^0.108.0", + "@pulumi/aws-native": "^0.117.0", "@pulumi/pulumi": "^3.0.0", - "aws-cdk-lib": "^2.20.0", - "constructs": "^10.0.111" - }, - "peerDependencies": { - "@pulumi/cdk": "^0.0.1" - } + "aws-cdk-lib": "2.149.0", + "constructs": "^10.0.111", + "@pulumi/cdk": "^0.5.0" + } } diff --git a/examples/ecscluster/package.json b/examples/ecscluster/package.json index e2cdf19a..c226e7d6 100644 --- a/examples/ecscluster/package.json +++ b/examples/ecscluster/package.json @@ -5,12 +5,10 @@ }, "dependencies": { "@pulumi/aws": "^4.6.0", - "@pulumi/aws-native": "^0.108.0", + "@pulumi/aws-native": "^0.117.0", "@pulumi/pulumi": "^3.0.0", - "aws-cdk-lib": "^2.20.0", - "constructs": "^10.0.111" - }, - "peerDependencies": { - "@pulumi/cdk": "^0.0.1" - } + "aws-cdk-lib": "2.149.0", + "constructs": "^10.0.111", + "@pulumi/cdk": "^0.5.0" + } } diff --git a/examples/fargate/package.json b/examples/fargate/package.json index e2cdf19a..32c62a49 100644 --- a/examples/fargate/package.json +++ b/examples/fargate/package.json @@ -5,12 +5,10 @@ }, "dependencies": { "@pulumi/aws": "^4.6.0", - "@pulumi/aws-native": "^0.108.0", + "@pulumi/aws-native": "^0.117.0", "@pulumi/pulumi": "^3.0.0", - "aws-cdk-lib": "^2.20.0", - "constructs": "^10.0.111" - }, - "peerDependencies": { - "@pulumi/cdk": "^0.0.1" + "aws-cdk-lib": "2.149.0", + "constructs": "^10.0.111", + "@pulumi/cdk": "^0.5.0" } } diff --git a/examples/s3-object-lambda/index.ts b/examples/s3-object-lambda/index.ts index cdfd382c..4754b8bb 100644 --- a/examples/s3-object-lambda/index.ts +++ b/examples/s3-object-lambda/index.ts @@ -1,4 +1,4 @@ -import { S3ObjectLambdaStack } from './lib/s3-object-lambda-stack'; +import { S3ObjectLambdaStack } from './src/s3-object-lambda-stack'; const s = new S3ObjectLambdaStack('stack'); export const exampleBucketArn = s.exampleBucketArn; diff --git a/examples/s3-object-lambda/package.json b/examples/s3-object-lambda/package.json index 902a37d7..5e80e89d 100644 --- a/examples/s3-object-lambda/package.json +++ b/examples/s3-object-lambda/package.json @@ -4,9 +4,10 @@ "@types/node": "^20.0.0" }, "dependencies": { - "@pulumi/cdk": "^0.4", + "@pulumi/cdk": "^0.5.0", + "@pulumi/aws-native": "^0.117.0", "@pulumi/pulumi": "^3.0.0", - "aws-cdk-lib": "^2.20.0", + "aws-cdk-lib": "2.149.0", "constructs": "^10.0.111" } } diff --git a/examples/s3-object-lambda/src/s3-object-lambda-stack.ts b/examples/s3-object-lambda/src/s3-object-lambda-stack.ts new file mode 100644 index 00000000..758ec23a --- /dev/null +++ b/examples/s3-object-lambda/src/s3-object-lambda-stack.ts @@ -0,0 +1,116 @@ +import * as pulumi from '@pulumi/pulumi'; +import * as pulumicdk from '@pulumi/cdk'; +import * as cdk from 'aws-cdk-lib'; +import * as iam from 'aws-cdk-lib/aws-iam'; +import * as lambda from 'aws-cdk-lib/aws-lambda'; +import * as s3 from 'aws-cdk-lib/aws-s3'; +import * as s3ObjectLambda from 'aws-cdk-lib/aws-s3objectlambda'; +import { Construct } from 'constructs'; + +// configurable variables +const S3_ACCESS_POINT_NAME = 'example-test-ap'; +const OBJECT_LAMBDA_ACCESS_POINT_NAME = 's3-object-lambda-ap'; + +export class S3ObjectLambdaStack extends pulumicdk.Stack { + exampleBucketArn: pulumi.Output; + objectLambdaArn: pulumi.Output; + objectLambdaAccessPointArn: pulumi.Output; + objectLambdaAccessPointUrl: pulumi.Output; + + constructor(id: string) { + super(id); + + const accessPoint = `arn:aws:s3:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:accesspoint/${S3_ACCESS_POINT_NAME}`; + + // Set up a bucket + const bucket = new s3.Bucket(this, 'example-bucket', { + accessControl: s3.BucketAccessControl.BUCKET_OWNER_FULL_CONTROL, + encryption: s3.BucketEncryption.S3_MANAGED, + blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL, + }); + + // Delegating access control to access points + // https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points-policies.html + bucket.addToResourcePolicy( + new iam.PolicyStatement({ + actions: ['*'], + principals: [new iam.AnyPrincipal()], + resources: [bucket.bucketArn, bucket.arnForObjects('*')], + conditions: { + StringEquals: { + 's3:DataAccessPointAccount': `${cdk.Aws.ACCOUNT_ID}`, + }, + }, + }), + ); + + // lambda to process our objects during retrieval + const retrieveTransformedObjectLambda = new lambda.Function(this, 'retrieveTransformedObjectLambda', { + runtime: lambda.Runtime.NODEJS_20_X, + handler: 'index.handler', + code: lambda.Code.fromAsset('resources/retrieve-transformed-object-lambda'), + environment: { + KEY: 'Value', + }, + }); + + // Object lambda s3 access + retrieveTransformedObjectLambda.addToRolePolicy( + new iam.PolicyStatement({ + effect: iam.Effect.ALLOW, + resources: ['*'], + actions: ['s3-object-lambda:WriteGetObjectResponse'], + }), + ); + // Restrict Lambda to be invoked from own account + retrieveTransformedObjectLambda.addPermission('invocationRestriction', { + action: 'lambda:InvokeFunction', + principal: new iam.AccountRootPrincipal(), + sourceAccount: cdk.Aws.ACCOUNT_ID, + }); + + // Associate Bucket's access point with lambda get access + const policyDoc = new iam.PolicyDocument(); + const policyStatement = new iam.PolicyStatement({ + effect: iam.Effect.ALLOW, + actions: ['s3:GetObject'], + principals: [new iam.ArnPrincipal(retrieveTransformedObjectLambda.role?.roleArn)], + resources: [`${accessPoint}/object/*`], + }); + policyStatement.sid = 'AllowLambdaToUseAccessPoint'; + policyDoc.addStatements(policyStatement); + + new s3.CfnAccessPoint(this, 'exampleBucketAP', { + bucket: bucket.bucketName, + name: S3_ACCESS_POINT_NAME, + policy: policyDoc, + }); + + // Access point to receive GET request and use lambda to process objects + const objectLambdaAP = new s3ObjectLambda.CfnAccessPoint(this, 's3ObjectLambdaAP', { + name: OBJECT_LAMBDA_ACCESS_POINT_NAME, + objectLambdaConfiguration: { + supportingAccessPoint: accessPoint, + transformationConfigurations: [ + { + actions: ['GetObject'], + contentTransformation: { + AwsLambda: { + FunctionArn: `${retrieveTransformedObjectLambda.functionArn}`, + }, + }, + }, + ], + }, + }); + + this.exampleBucketArn = this.asOutput(bucket.bucketArn); + this.objectLambdaArn = this.asOutput(retrieveTransformedObjectLambda.functionArn); + this.objectLambdaAccessPointArn = this.asOutput(objectLambdaAP.attrArn); + this.objectLambdaAccessPointUrl = this.asOutput( + `https://console.aws.amazon.com/s3/olap/${cdk.Aws.ACCOUNT_ID}/${OBJECT_LAMBDA_ACCESS_POINT_NAME}?region=${cdk.Aws.REGION}`, + ); + + this.synth(); + } +} diff --git a/package.json b/package.json index a6d67926..ddabf87c 100644 --- a/package.json +++ b/package.json @@ -7,6 +7,7 @@ "url": "git+https://github.com/pulumi/pulumi-cdk.git" }, "license": "Apache-2.0", + "main": "lib/index.js", "bugs": { "url": "https://github.com/pulumi/pulumi-cdk/issues" }, @@ -32,7 +33,7 @@ "@types/archiver": "^6.0.2", "@types/jest": "^29.5.2", "@types/node": "^20.12.13", - "aws-cdk-lib": "^2.20.0", + "aws-cdk-lib": "2.149.0", "constructs": "^10.0.111", "eslint": "^8.57.0", "eslint-config-prettier": "^9.1.0", @@ -57,16 +58,15 @@ "archiver": "^7.0.1" }, "scripts": { - "build": "tsc && cp package.json README.md LICENSE lib/ && sed -i.bak -e \"s/\\${VERSION}/$(pulumictl get version --language javascript)/g\" lib/package.json && rm lib/package.json.bak", + "set-version": "sed -i.bak -e \"s/\\${VERSION}/$(pulumictl get version --language javascript)/g\" package.json && rm package.json.bak", + "build": "tsc --build", + "watch": "tsc --build --watch", "lint": "./node_modules/.bin/eslint --ext .js,.jsx,.ts,.tsx --fix --no-error-on-unmatched-pattern src", "format": "./node_modules/.bin/prettier --write \"src/**/*.ts\" \"examples/**/*.ts\"", "test": "jest --passWithNoTests --updateSnapshot", - "test-examples": "cd lib && yarn link && cd .. && cd examples && go test -timeout 2h -v .", - "test-examples-gotestfmt": "cd lib && yarn link && cd .. && cd examples && set -euo pipefail && go test -json -v -count=1 -cover -timeout 2h -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt" + "test:watch": "jest --watch", + "test-examples": "yarn link && cd examples && go test -timeout 2h -v ." }, - "files": [ - "*" - ], "jest": { "transform": { "^.+\\.ts$": [ diff --git a/yarn.lock b/yarn.lock index 42e32ae7..0dbc10cd 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1620,7 +1620,7 @@ async@^3.2.3, async@^3.2.4: resolved "https://registry.yarnpkg.com/async/-/async-3.2.5.tgz#ebd52a8fdaf7a2289a24df399f8d8485c8a46b66" integrity sha512-baNZyqaaLhyLVKm/DlvdW051MSgO6b8eVfIezl9E5PqWxFgzLm/wQntEW4zOytVburDEr0JlALEpdOFwvErLsg== -aws-cdk-lib@^2.20.0: +aws-cdk-lib@2.149.0: version "2.149.0" resolved "https://registry.yarnpkg.com/aws-cdk-lib/-/aws-cdk-lib-2.149.0.tgz#5f13a6b2c222f6a1db66be6a58129a67845bf6e8" integrity sha512-bmbgnF2dEYlsZlVaNoSfcjyIUirnvmsvNXJwBMmUCZn2IZ+YWvkMv+rr4e/GO3gPKrdNzew1jNVvHSYxlun6rA== @@ -4496,8 +4496,7 @@ string_decoder@~1.1.1: dependencies: safe-buffer "~5.1.0" -"strip-ansi-cjs@npm:strip-ansi@^6.0.1", strip-ansi@^6.0.0, strip-ansi@^6.0.1: - name strip-ansi-cjs +"strip-ansi-cjs@npm:strip-ansi@^6.0.1": version "6.0.1" resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9" integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A== @@ -4511,6 +4510,13 @@ strip-ansi@^5.2.0: dependencies: ansi-regex "^4.1.0" +strip-ansi@^6.0.0, strip-ansi@^6.0.1: + version "6.0.1" + resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9" + integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A== + dependencies: + ansi-regex "^5.0.1" + strip-ansi@^7.0.1: version "7.1.0" resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-7.1.0.tgz#d5b6568ca689d8561370b0707685d22434faff45" @@ -4835,7 +4841,16 @@ word-wrap@^1.2.5: resolved "https://registry.yarnpkg.com/word-wrap/-/word-wrap-1.2.5.tgz#d2c45c6dd4fbce621a66f136cbe328afd0410b34" integrity sha512-BN22B5eaMMI9UMtjrGd5g5eCYPpCPDUy0FJXbYsaT5zYxjFOckS53SQDE3pWkVoWpHXVb3BrYcEN4Twa55B5cA== -"wrap-ansi-cjs@npm:wrap-ansi@^7.0.0", wrap-ansi@7.0.0, wrap-ansi@^7.0.0, wrap-ansi@^8.1.0: +"wrap-ansi-cjs@npm:wrap-ansi@^7.0.0": + version "7.0.0" + resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-7.0.0.tgz#67e145cff510a6a6984bdf1152911d69d2eb9e43" + integrity sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q== + dependencies: + ansi-styles "^4.0.0" + string-width "^4.1.0" + strip-ansi "^6.0.0" + +wrap-ansi@7.0.0, wrap-ansi@^7.0.0, wrap-ansi@^8.1.0: version "7.0.0" resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-7.0.0.tgz#67e145cff510a6a6984bdf1152911d69d2eb9e43" integrity sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==