Skip to content

Commit

Permalink
feat(core): ARC-1906 fetch env from ssm
Browse files Browse the repository at this point in the history 
fetch env from ssm
  • Loading branch information
@Tyagi-Sunny
Tyagi-Sunny committed Feb 1, 2024
1 parent 59b6932 commit 03b7d60
Show file tree
Hide file tree
Showing 6 changed files with 152 additions and 66 deletions.
15 changes: 15 additions & 0 deletions packages/arc-auth/.env.schema
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
NODE_ENV=
LOG_LEVEL=
DB_HOST=
DB_PORT=
DB_USER=
DB_PASSWORD=
DB_DATABASE=
DB_SCHEMA=
REDIS_HOST=
REDIS_PORT=
REDIS_URL=
REDIS_PASSWORD=
REDIS_DATABASE=
JWT_SECRET=
JWT_ISSUER=
28 changes: 26 additions & 2 deletions packages/arc-auth/cdk/src/common/stacks/lambda.stack.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,15 @@ import * as random from '@cdktf/provider-random';
import {ILambdaWithApiGateway, LambdaWithApiGateway} from 'arc-cdk';
import {TerraformStack} from 'cdktf';
import {Construct} from 'constructs';
import {getEnv, getSecurityGroup, getSubnetIds} from '../../env';
import {AwsProvider} from '../constructs/awsProvider';
import path = require('path');

export class LambdaStack extends TerraformStack {
constructor(
scope: Construct,
id: string,
config: Omit<ILambdaWithApiGateway, 'name'>,
config: Omit<ILambdaWithApiGateway, 'name' | 'envVars' | 'namespace' | 'environment'>,
) {
super(scope, id);

Expand All @@ -20,7 +21,7 @@ export class LambdaStack extends TerraformStack {
const pet = new random.pet.Pet(this, 'random-name', {
length: 2,
});

const env = getEnv(this);
// overwrite codePath based on useImage as deploy via docker needs different codePath
config.codePath = path.resolve(
config.codePath,
Expand All @@ -31,6 +32,29 @@ export class LambdaStack extends TerraformStack {
// NOSONAR
...config,
name: pet.id,
vpcConfig: {
securityGroupIds: getSecurityGroup(this),
subnetIds: getSubnetIds(this),
},
envVars: {
DB_HOST: env.DB_HOST || '',
DB_PORT: env.DB_PORT || '',
DB_USER: env.DB_USER || '',
DB_PASSWORD: env.DB_PASSWORD || '',
DB_DATABASE: env.DB_DATABASE || '',
DB_SCHEMA: env.DB_SCHEMA || '',
JWT_SECRET: env.JWT_SECRET || '',
JWT_ISSUER: 'sourcefuse',
PORT: '3005',
LOG_LEVEL: 'info',
DB_CONNECTOR: 'postgresql',
},
customDomainName: {
domainName: env.DOMAIN_NAME || '',
hostedZoneId: env.HOSTED_ZONE_ID || '',
},
namespace: env.NAMESPACE || '',
environment: env.ENV || '',
});
}
}
19 changes: 17 additions & 2 deletions packages/arc-auth/cdk/src/common/stacks/migration.stack.ts
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,12 @@
import * as random from '@cdktf/provider-random';
import {ILambda, Lambda} from 'arc-cdk';
import {TerraformStack} from 'cdktf';
import {Construct} from 'constructs';
import {ILambda, Lambda} from 'arc-cdk';
import {getEnv, getSecurityGroup, getSubnetIds} from '../../env';
import {AwsProvider} from '../constructs/awsProvider';

export class MigrationStack extends TerraformStack {
constructor(scope: Construct, id: string, config: Omit<ILambda, 'name'>) {
constructor(scope: Construct, id: string, config: Omit<ILambda, 'name' | 'envVars' | 'namespace' | 'environment'>) {
super(scope, id);

new AwsProvider(this, 'aws'); // NOSONAR
Expand All @@ -15,11 +16,25 @@ export class MigrationStack extends TerraformStack {
const pet = new random.pet.Pet(this, 'random-name', {
length: 2,
});
const env = getEnv(this);

new Lambda(this, 'lambda', {
// NOSONAR
...config,
name: pet.id,
vpcConfig: {
securityGroupIds: getSecurityGroup(this),
subnetIds: getSubnetIds(this),
},
envVars: {
DB_HOST: env.DB_HOST || '',
DB_PORT: env.DB_PORT || '',
DB_USER: env.DB_USER || '',
DB_PASSWORD: env.DB_PASSWORD || '',
DB_DATABASE: env.DB_DATABASE || '',
},
namespace: env.NAMESPACE || '',
environment: env.ENV || '',
});
}
}
13 changes: 10 additions & 3 deletions packages/arc-auth/cdk/src/common/stacks/redis.stack.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ import * as aws from '@cdktf/provider-aws';
import {Fn, TerraformIterator, TerraformStack} from 'cdktf';
import {Construct} from 'constructs';
import {Redis} from '../../.gen/modules/redis';
import {getEnv} from '../../env';
import {AwsProvider} from '../constructs/awsProvider';
import {getResourceName} from '../utils/helper';

Expand All @@ -11,10 +12,16 @@ type Config = {
};

export class RedisStack extends TerraformStack {
constructor(scope: Construct, id: string, config: Config) {
constructor(scope: Construct, id: string) {
super(scope, id);

new AwsProvider(this, 'aws'); // NOSONAR
const env = getEnv(this);
const config: Config = {
// NOSONAR
namespace: env.NAMESPACE || '',
environment: env.ENV || '',
}

const name = getResourceName({
namespace: config.namespace,
Expand Down Expand Up @@ -57,8 +64,8 @@ export class RedisStack extends TerraformStack {
{
name: 'tag:Name',
values: [
`${config.namespace}-${config.environment}-privatesubnet-private-${process.env.AWS_REGION}a`,
`${config.namespace}-${config.environment}-privatesubnet-private-${process.env.AWS_REGION}b`,
`${config.namespace}-${config.environment}-privatesubnet-private-${env.AWS_REGION}a`,
`${config.namespace}-${config.environment}-privatesubnet-private-${env.AWS_REGION}b`,
],
},
{
Expand Down
81 changes: 81 additions & 0 deletions packages/arc-auth/cdk/src/env.ts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
import {DataAwsSecurityGroup} from '@cdktf/provider-aws/lib/data-aws-security-group';
import {DataAwsSsmParameter} from '@cdktf/provider-aws/lib/data-aws-ssm-parameter';
import {DataAwsSubnets} from '@cdktf/provider-aws/lib/data-aws-subnets';
import {TerraformStack} from 'cdktf';
import {readFileSync} from 'fs';

export const env = {
AWS_REGION: "",
DB_HOST: "",
DB_PORT: 5432,
DB_USER: "",
DB_PASSWORD: "",
DB_DATABASE: "",
DB_SCHEMA: "",
JWT_SECRET: "",
ACM_CERTIFICATE_ARN: "",
HOSTED_ZONE_ID: "",
DOMAIN_NAME: "",
NAMESPACE: "",
ENV: "",
S3_BUCKET: ""
};

interface EnvVar {
[key: string]: string;
}

export const getSubnetIds = (scope: TerraformStack) => {
const subnets = new DataAwsSubnets(scope, "private_subnets", {
filter: [
{
name: "tag:Name",
values: ['demoTagName'], //Replace demoTagName by Name Tag of subnet id
},
],
});
return subnets.ids;
}

export const getSecurityGroup = (scope: TerraformStack) => {
const sgroup = new DataAwsSecurityGroup(scope, "security_group", {
filter: [
{
name: "tag:Name",
values: ['demoTagName'], //Replace demoTagName by Name Tag of security group
},
],
});
return [sgroup.id];
};


export const getEnv = (scope: TerraformStack) => {
let envVar: EnvVar = {};
checkEnv();

for (const key in process.env) {
// Check if the property is directly defined on the object (not inherited)
if (process.env.hasOwnProperty(key)) {
//read value from ssm
const ssm = new DataAwsSsmParameter(scope, "db_admin_username_ssm_param", {
name: process.env[key] ?? '',
withDecryption: true
});
// Copy the value from process.env to envVar
envVar[key] = ssm.value;
}
}

return envVar;
}


export const checkEnv = () => {
let envToCheck = readFileSync('../.env.schema', "utf8").split(/[\n =]/).filter(Boolean);
envToCheck.forEach(key => {
if (!env.hasOwnProperty(key)) {
throw new Error(`env is missing- ${key}`);
}
})
}
62 changes: 3 additions & 59 deletions packages/arc-auth/cdk/src/main.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,47 +13,16 @@ dotenvExt.load({

const app = new App();

const getSubnetIds = () => {
try {
const subnetIds = process.env?.SUBNET_IDS || '';
return JSON.parse(subnetIds);
} catch (e) {
console.error(e); // NOSONAR
}
return [];
};

const getSecurityGroup = () => {
try {
const securityGroup = process.env?.SECURITY_GROUPS || '';
return JSON.parse(securityGroup);
} catch (e) {
console.error(e); // NOSONAR
}
return [];
};

new MigrationStack(app, 'migration', {
// NOSONAR
codePath: resolve(__dirname, '../../migration'),
handler: 'lambda.handler',
runtime: 'nodejs18.x',
vpcConfig: {
securityGroupIds: getSecurityGroup(),
subnetIds: getSubnetIds(),
},
memorySize: 256,
invocationData: '{}',
timeout: 60,
envVars: {
DB_HOST: process.env.DB_HOST || '',
DB_PORT: process.env.DB_PORT || '',
DB_USER: process.env.DB_USER || '',
DB_PASSWORD: process.env.DB_PASSWORD || '',
DB_DATABASE: process.env.DB_DATABASE || '',
},
namespace: process.env.NAMESPACE || '',
environment: process.env.ENV || '',
});

new LambdaStack(app, 'lambda', {
Expand All @@ -63,38 +32,13 @@ new LambdaStack(app, 'lambda', {
handler: 'lambda.handler',
runtime: 'nodejs18.x',
layerPath: resolve(__dirname, '../../layers'),
vpcConfig: {
securityGroupIds: getSecurityGroup(),
subnetIds: getSubnetIds(),
},

memorySize: 256,
timeout: 30,
envVars: {
DB_HOST: process.env.DB_HOST || '',
DB_PORT: process.env.DB_PORT || '',
DB_USER: process.env.DB_USER || '',
DB_PASSWORD: process.env.DB_PASSWORD || '',
DB_DATABASE: process.env.DB_DATABASE || '',
DB_SCHEMA: process.env.DB_SCHEMA || '',
JWT_SECRET: process.env.JWT_SECRET || '',
JWT_ISSUER: 'sourcefuse',
PORT: '3005',
LOG_LEVEL: 'info',
DB_CONNECTOR: 'postgresql',
},
customDomainName: {
domainName: process.env.DOMAIN_NAME || '',
hostedZoneId: process.env.HOSTED_ZONE_ID || '',
},
namespace: process.env.NAMESPACE || '',
environment: process.env.ENV || '',

useImage: true,
});

new RedisStack(app, 'redis', {
// NOSONAR
namespace: process.env.NAMESPACE || '',
environment: process.env.ENV || '',
});
new RedisStack(app, 'redis');

app.synth();

0 comments on commit 03b7d60

Please sign in to comment.