-
Notifications
You must be signed in to change notification settings - Fork 72
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
POC - Seed Secrets #2361
Draft
ShadowCat567
wants to merge
37
commits into
aws-amplify:main
Choose a base branch
from
ShadowCat567:seed-secrets-POC
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Draft
POC - Seed Secrets #2361
Changes from 35 commits
Commits
Show all changes
37 commits
Select commit
Hold shift + click to select a range
5f94dda
set up for seed secrets
37eb2c9
tsconfig update
9b90d77
most things but backendId
ade05b9
new files
c1f7455
temp sandbox Id resovler
38f50b4
tsconfig update
7c307dc
updating package.locks
521192d
exporting seed secret export
3a87856
more package.lock changes
1a3f6ce
export seed secret
d599a9d
updated API
460423f
added types file
7325c65
removed comments
9ba0894
sandbox seed command
e2bf43d
signal that seed command is running
6f347d6
add seed command to sandbox
20284b1
update seed console message
964ed6e
explict undefined check
c38fb30
adjustments
7930f5c
testing
8f8c9a5
testing
2e9d02b
adjusting env vars
146a91e
testing env vars stuff
6268d54
trying to use generators
12d2162
stole some seed command stuff from the first POC
cb8bf83
stole some seed command stuff from the first POC
0b715e9
removed useless import
dcc0bed
removed console.logs - it works :D
fb48d38
file clean up
d4a5658
move seed script out of Amplify folder
ecc470c
change to package-lock
827e02c
adjusted comments and error message
a4cbf95
removed section that is no longer needed
a92defc
update for package.json in seed package
cbaf469
added changeset
79dfb1c
changed name of secert getter
f8a9649
update api
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
--- | ||
--- |
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
# Be very careful editing this file. It is crafted to work around [this issue](https://github.com/npm/npm/issues/4479) | ||
|
||
# First ignore everything | ||
**/* | ||
|
||
# Then add back in transpiled js and ts declaration files | ||
!lib/**/*.js | ||
!lib/**/*.d.ts | ||
|
||
# Then ignore test js and ts declaration files | ||
*.test.js | ||
*.test.d.ts | ||
|
||
# This leaves us with including only js and ts declaration files of functional code |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
## API Report File for "@aws-amplify/backend-seed" | ||
|
||
> Do not edit this file. It is a report generated by [API Extractor](https://api-extractor.com/). | ||
|
||
```ts | ||
|
||
// @public (undocumented) | ||
export const GetSeedSecret: (secretName: string) => Promise<string>; | ||
|
||
// (No @packageDocumentation comment for this package) | ||
|
||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
# Description | ||
|
||
Replace with a description of this package |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
{ | ||
"extends": "../../api-extractor.base.json" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
{ | ||
"name": "@aws-amplify/backend-seed", | ||
"version": "0.1.0", | ||
"type": "module", | ||
"publishConfig": { | ||
"access": "public" | ||
}, | ||
"exports": { | ||
".": { | ||
"types": "./lib/index.d.ts", | ||
"import": "./lib/index.js", | ||
"require": "./lib/index.js" | ||
} | ||
}, | ||
"main": "lib/index.js", | ||
"types": "lib/index.d.ts", | ||
"scripts": { | ||
"update:api": "api-extractor run --local" | ||
}, | ||
"license": "Apache-2.0", | ||
"dependencies": { | ||
"@aws-amplify/backend-secret": "^1.1.5", | ||
"@aws-amplify/platform-core": "^1.3.0", | ||
"@aws-amplify/plugin-types": "^1.6.0" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
import { getSecretClientWithAmplifyErrorHandling } from '@aws-amplify/backend-secret'; | ||
import { BackendIdentifier } from '@aws-amplify/plugin-types'; | ||
|
||
//eslint-disable-next-line jsdoc/require-description | ||
/** | ||
* | ||
*/ | ||
export const GetSeedSecret = async (secretName: string): Promise<string> => { | ||
if (!process.env.AMPLIFY_SANDBOX_IDENTIFIER) { | ||
throw new Error('SANDBOX_IDENTIFIER is undefined.'); | ||
} | ||
const backendId: BackendIdentifier = JSON.parse( | ||
process.env.AMPLIFY_SANDBOX_IDENTIFIER | ||
); | ||
|
||
const secretClient = getSecretClientWithAmplifyErrorHandling(); | ||
const secret = await secretClient.getSecret(backendId, { name: secretName }); | ||
return secret.value; | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
import { GetSeedSecret } from './get_secret_seed.js'; | ||
|
||
export { GetSeedSecret }; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
import { | ||
AmplifyUserError, | ||
PackageJsonReader, | ||
} from '@aws-amplify/platform-core'; | ||
import { EOL } from 'os'; | ||
|
||
//not using this anymore | ||
//stole this from ../packages/cli/src/backend-identifier/local_namespace_resolver.ts for the POC | ||
Comment on lines
+7
to
+8
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. these will probably go to |
||
|
||
export type NamespaceResolver = { | ||
resolve: () => Promise<string>; | ||
}; | ||
|
||
/** | ||
* Reads the local app name from package.json#name in the current directory | ||
*/ | ||
export class LocalNamespaceResolver implements NamespaceResolver { | ||
/** | ||
* packageJsonReader is assigned to an instance member for testing. | ||
* resolve is bound to this so that it can be passed as a function reference | ||
*/ | ||
constructor(private readonly packageJsonReader: PackageJsonReader) {} | ||
|
||
/** | ||
* Returns the value of package.json#name from the current working directory | ||
*/ | ||
resolve = async () => { | ||
const name = this.packageJsonReader.readFromCwd().name; | ||
if (name) return name; | ||
throw new AmplifyUserError('InvalidPackageJsonError', { | ||
message: 'Cannot load name from the package.json', | ||
resolution: `Ensure you are running ampx commands in root of your project (i.e. in the parent of the 'amplify' directory).${EOL}Also ensure that your root package.json file has a "name" field.`, | ||
}); | ||
}; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
import { userInfo as _userInfo } from 'os'; | ||
import { NamespaceResolver } from './namespace_resolver.js'; | ||
import { BackendIdentifier } from '@aws-amplify/plugin-types'; | ||
|
||
//not using this anymore | ||
//stole this from ../packages/cli/src/commands/sandbox/sandbox_id_resolver.ts for the POC | ||
|
||
/** | ||
* Resolves an ID that can be used to uniquely identify sandbox environments | ||
*/ | ||
export class SandboxBackendIdResolver { | ||
/** | ||
* Initialize with an appName resolver | ||
*/ | ||
constructor( | ||
private readonly namespaceResolver: NamespaceResolver, | ||
private readonly userInfo = _userInfo | ||
) {} | ||
|
||
/** | ||
* Returns a concatenation of the resolved appName and the current username | ||
*/ | ||
resolve = async (identifier?: string): Promise<BackendIdentifier> => { | ||
const namespace = await this.namespaceResolver.resolve(); | ||
const name = identifier || this.userInfo().username; | ||
|
||
return { | ||
namespace, | ||
name, | ||
type: 'sandbox', | ||
}; | ||
}; | ||
} |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
{ | ||
"extends": "../../tsconfig.base.json", | ||
"compilerOptions": { "rootDir": "src", "outDir": "lib" }, | ||
"references": [ | ||
{ "path": "../backend-secret" }, | ||
{ "path": "../platform-core" }, | ||
{ "path": "../plugin-types" } | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
{ | ||
"entryPoints": ["src/index.ts"] | ||
} |
63 changes: 63 additions & 0 deletions
63
packages/cli/src/commands/sandbox/sandbox-seed/sandbox_seed_command.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
import { Argv, CommandModule } from 'yargs'; | ||
import path from 'path'; | ||
import { existsSync } from 'fs'; | ||
import { execa } from 'execa'; | ||
import { SandboxBackendIdResolver } from '../sandbox_id_resolver.js'; | ||
import { PackageJsonReader } from '@aws-amplify/platform-core'; | ||
import { LocalNamespaceResolver } from '../../../backend-identifier/local_namespace_resolver.js'; | ||
|
||
/** | ||
* | ||
*/ | ||
export class SandboxSeedCommand implements CommandModule<object> { | ||
/** | ||
* @inheritDoc | ||
*/ | ||
readonly command: string; | ||
|
||
/** | ||
* @inheritDoc | ||
*/ | ||
readonly describe: string; | ||
|
||
/** | ||
* Seeds sandbox environment. | ||
*/ | ||
constructor() { | ||
this.command = 'seed'; | ||
this.describe = 'Seeds sandbox environment'; | ||
} | ||
|
||
/** | ||
* @inheritDoc | ||
*/ | ||
handler = async (): Promise<void> => { | ||
const sandboxID = await new SandboxBackendIdResolver( | ||
new LocalNamespaceResolver(new PackageJsonReader()) | ||
).resolve(); | ||
|
||
//most of this comes from the initial POC for seed, changed filepath to be more inline with discussions that have happened since then | ||
const seedPath = path.join('seed.ts'); | ||
await execa('tsx', [seedPath], { | ||
cwd: process.cwd(), | ||
stdio: 'inherit', | ||
env: { | ||
AMPLIFY_SANDBOX_IDENTIFIER: JSON.stringify(sandboxID), | ||
}, | ||
}); | ||
}; | ||
|
||
/** | ||
* @inheritDoc | ||
*/ | ||
//this section also comes from the initial POC for seed | ||
builder = (yargs: Argv) => { | ||
return yargs.check(() => { | ||
const seedPath = path.join(process.cwd(), 'seed.ts'); | ||
if (!existsSync(seedPath)) { | ||
throw new Error(`${seedPath} must exist`); | ||
} | ||
return true; | ||
}); | ||
}; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd just call it
getSecret
.Other option we could consider is
We should think about packaging of this because APIs to deal with secrets will grow over time.
We'll also have
AuthSeedClient
or so or set of auth related APIs. it would be good to group secrets and auth.An alternative would be to develop namespaces:
@aws-amplify/backend-seed/secret
and@aws-amplify/backend-seed/auth
.We should capture these alternatives in API review.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I initially called it
getSecret
, but I got some errors since it conflicted withgetSecret
from thebackend-secret
package -- I'll probably experiment with it againThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This might be helpful syntax to resolve that problem
amplify-backend/packages/backend-output-schemas/src/auth/index.ts
Line 2 in b574bce
or
import * as backendSecret from 'backend-secret'
and thenbackendSecret.getSecret
.