From d9832711b4b1e2a3929f4939e3b06e90ac36e1f9 Mon Sep 17 00:00:00 2001 From: Gowri Sankar Date: Mon, 27 May 2024 15:12:02 +0930 Subject: [PATCH 1/4] DO-1631: add secrets manager prop --- package-lock.json | 6 +++--- packages/graphql-mesh-server/lib/fargate.ts | 8 +++++++- packages/graphql-mesh-server/lib/graphql-mesh-server.ts | 4 ++++ 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index 60ab05fa..fb0baa40 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9848,7 +9848,7 @@ }, "packages/prerender-fargate": { "name": "@aligent/cdk-prerender-fargate", - "version": "2.3.5", + "version": "2.3.8", "license": "GPL-3.0-only", "dependencies": { "@aws-cdk/aws-apigatewayv2-alpha": "2.30.0-alpha.0", @@ -9864,7 +9864,7 @@ }, "packages/prerender-proxy": { "name": "@aligent/cdk-prerender-proxy", - "version": "2.0.0", + "version": "2.1.4", "license": "GPL-3.0-only", "dependencies": { "@aligent/cdk-esbuild": "^2.0", @@ -9924,7 +9924,7 @@ }, "packages/static-hosting": { "name": "@aligent/cdk-static-hosting", - "version": "2.3.1", + "version": "2.3.4", "license": "GPL-3.0-only", "dependencies": { "@aligent/cdk-esbuild": "^2.0", diff --git a/packages/graphql-mesh-server/lib/fargate.ts b/packages/graphql-mesh-server/lib/fargate.ts index d80af465..48edf219 100644 --- a/packages/graphql-mesh-server/lib/fargate.ts +++ b/packages/graphql-mesh-server/lib/fargate.ts @@ -61,6 +61,12 @@ export interface MeshServiceProps { * SSM values to pass through to the container as secrets */ secrets?: { [key: string]: ssm.IStringParameter | ssm.IStringListParameter }; + + /** + * ECS Secrets + */ + secretsV2: { [key: string]: ecs.Secret }; + /** * Name of the WAF * Defaults to 'graphql-mesh-web-acl' @@ -295,7 +301,7 @@ export class MeshService extends Construct { image: ecs.ContainerImage.fromEcrRepository(this.repository), enableLogging: true, // default containerPort: 4000, // graphql mesh gateway port - secrets: secrets, + secrets: props.secretsV2 ? props.secretsV2 : secrets, // Prefer v2 secrets using secrets manager environment: environment, logDriver: logDriver, taskRole: new iam.Role(this, "MeshTaskRole", { diff --git a/packages/graphql-mesh-server/lib/graphql-mesh-server.ts b/packages/graphql-mesh-server/lib/graphql-mesh-server.ts index b73572c8..68feb5dc 100644 --- a/packages/graphql-mesh-server/lib/graphql-mesh-server.ts +++ b/packages/graphql-mesh-server/lib/graphql-mesh-server.ts @@ -19,6 +19,7 @@ import { LogGroup } from "aws-cdk-lib/aws-logs"; import { Topic } from "aws-cdk-lib/aws-sns"; import { Alarm } from "aws-cdk-lib/aws-cloudwatch"; import { Maintenance } from "./maintenance"; +import { Secret } from "aws-cdk-lib/aws-ecs"; export type MeshHostingProps = { /** @@ -68,6 +69,9 @@ export type MeshHostingProps = { * SSM values to pass through to the container as secrets */ secrets?: { [key: string]: ssm.IStringParameter | ssm.IStringListParameter }; + + secretsV2: { [key: string]: Secret }; + /** * Pass custom cpu scaling steps * Default value: From 4b3a2494dc35a07997973ab3ad6bb0f6dd172099 Mon Sep 17 00:00:00 2001 From: Gowri Sankar Date: Mon, 27 May 2024 15:21:17 +0930 Subject: [PATCH 2/4] DO-1631: make prop optional and update comment --- packages/graphql-mesh-server/lib/fargate.ts | 6 ++++-- packages/graphql-mesh-server/lib/graphql-mesh-server.ts | 7 ++++++- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/packages/graphql-mesh-server/lib/fargate.ts b/packages/graphql-mesh-server/lib/fargate.ts index 48edf219..98b6e0be 100644 --- a/packages/graphql-mesh-server/lib/fargate.ts +++ b/packages/graphql-mesh-server/lib/fargate.ts @@ -63,9 +63,11 @@ export interface MeshServiceProps { secrets?: { [key: string]: ssm.IStringParameter | ssm.IStringListParameter }; /** - * ECS Secrets + * ECS Secrets to pass through to the container as secrets + * + * The key values can be referenced from either SSM or Secrets manager */ - secretsV2: { [key: string]: ecs.Secret }; + secretsV2?: { [key: string]: ecs.Secret }; /** * Name of the WAF diff --git a/packages/graphql-mesh-server/lib/graphql-mesh-server.ts b/packages/graphql-mesh-server/lib/graphql-mesh-server.ts index 68feb5dc..f5620f1f 100644 --- a/packages/graphql-mesh-server/lib/graphql-mesh-server.ts +++ b/packages/graphql-mesh-server/lib/graphql-mesh-server.ts @@ -70,7 +70,12 @@ export type MeshHostingProps = { */ secrets?: { [key: string]: ssm.IStringParameter | ssm.IStringListParameter }; - secretsV2: { [key: string]: Secret }; + /** + * ECS Secrets to pass through to the container as secrets + * + * The key values can be referenced from either SSM or Secrets manager + */ + secretsV2?: { [key: string]: Secret }; /** * Pass custom cpu scaling steps From a2287743a9a548b54e6f3ab634343d941263ad65 Mon Sep 17 00:00:00 2001 From: Gowri Sankar Date: Mon, 27 May 2024 16:20:51 +0930 Subject: [PATCH 3/4] DO-1631: update prop names and deprecate old props --- packages/graphql-mesh-server/lib/fargate.ts | 16 +++++++++------- .../lib/graphql-mesh-server.ts | 6 ++++-- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/packages/graphql-mesh-server/lib/fargate.ts b/packages/graphql-mesh-server/lib/fargate.ts index 98b6e0be..173b860b 100644 --- a/packages/graphql-mesh-server/lib/fargate.ts +++ b/packages/graphql-mesh-server/lib/fargate.ts @@ -59,15 +59,17 @@ export interface MeshServiceProps { }; /** * SSM values to pass through to the container as secrets + * + * @deprecated - Use secrets instead */ - secrets?: { [key: string]: ssm.IStringParameter | ssm.IStringListParameter }; + ssmSecrets?: { [key: string]: ssm.IStringParameter | ssm.IStringListParameter }; /** * ECS Secrets to pass through to the container as secrets * * The key values can be referenced from either SSM or Secrets manager */ - secretsV2?: { [key: string]: ecs.Secret }; + secrets?: { [key: string]: ecs.Secret }; /** * Name of the WAF @@ -276,10 +278,10 @@ export class MeshService extends Construct { } // Construct secrets from provided ssm values - const secrets: { [key: string]: ecs.Secret } = {}; - props.secrets = props.secrets || {}; - for (const [key, ssm] of Object.entries(props.secrets)) { - secrets[key] = ecs.Secret.fromSsmParameter(ssm); + const ssmSecrets: { [key: string]: ecs.Secret } = {}; + props.ssmSecrets = props.ssmSecrets || {}; + for (const [key, ssm] of Object.entries(props.ssmSecrets)) { + ssmSecrets[key] = ecs.Secret.fromSsmParameter(ssm); } // Configure a custom log driver and group @@ -303,7 +305,7 @@ export class MeshService extends Construct { image: ecs.ContainerImage.fromEcrRepository(this.repository), enableLogging: true, // default containerPort: 4000, // graphql mesh gateway port - secrets: props.secretsV2 ? props.secretsV2 : secrets, // Prefer v2 secrets using secrets manager + secrets: props.secrets ? props.secrets : ssmSecrets, // Prefer v2 secrets using secrets manager environment: environment, logDriver: logDriver, taskRole: new iam.Role(this, "MeshTaskRole", { diff --git a/packages/graphql-mesh-server/lib/graphql-mesh-server.ts b/packages/graphql-mesh-server/lib/graphql-mesh-server.ts index f5620f1f..4de9e787 100644 --- a/packages/graphql-mesh-server/lib/graphql-mesh-server.ts +++ b/packages/graphql-mesh-server/lib/graphql-mesh-server.ts @@ -67,15 +67,17 @@ export type MeshHostingProps = { }; /** * SSM values to pass through to the container as secrets + * + * @deprecated - Use secrets instead */ - secrets?: { [key: string]: ssm.IStringParameter | ssm.IStringListParameter }; + ssmSecrets?: { [key: string]: ssm.IStringParameter | ssm.IStringListParameter }; /** * ECS Secrets to pass through to the container as secrets * * The key values can be referenced from either SSM or Secrets manager */ - secretsV2?: { [key: string]: Secret }; + secrets?: { [key: string]: Secret }; /** * Pass custom cpu scaling steps From 00f3725f28e901152d02a66245ddcd8c7adae6ee Mon Sep 17 00:00:00 2001 From: Gowri Sankar Date: Mon, 27 May 2024 16:25:17 +0930 Subject: [PATCH 4/4] DO-1631: run formatter --- packages/graphql-mesh-server/lib/fargate.ts | 4 +++- packages/graphql-mesh-server/lib/graphql-mesh-server.ts | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/packages/graphql-mesh-server/lib/fargate.ts b/packages/graphql-mesh-server/lib/fargate.ts index 173b860b..db4733d2 100644 --- a/packages/graphql-mesh-server/lib/fargate.ts +++ b/packages/graphql-mesh-server/lib/fargate.ts @@ -62,7 +62,9 @@ export interface MeshServiceProps { * * @deprecated - Use secrets instead */ - ssmSecrets?: { [key: string]: ssm.IStringParameter | ssm.IStringListParameter }; + ssmSecrets?: { + [key: string]: ssm.IStringParameter | ssm.IStringListParameter; + }; /** * ECS Secrets to pass through to the container as secrets diff --git a/packages/graphql-mesh-server/lib/graphql-mesh-server.ts b/packages/graphql-mesh-server/lib/graphql-mesh-server.ts index 4de9e787..eed38c66 100644 --- a/packages/graphql-mesh-server/lib/graphql-mesh-server.ts +++ b/packages/graphql-mesh-server/lib/graphql-mesh-server.ts @@ -70,7 +70,9 @@ export type MeshHostingProps = { * * @deprecated - Use secrets instead */ - ssmSecrets?: { [key: string]: ssm.IStringParameter | ssm.IStringListParameter }; + ssmSecrets?: { + [key: string]: ssm.IStringParameter | ssm.IStringListParameter; + }; /** * ECS Secrets to pass through to the container as secrets