use one bucket per stage for all public sites

mantil-io · Oct 13, 2021 · fa3ca33 · ianic · Oct 13, 2021 · fa3ca33
1 parent 4503b44
commit fa3ca33
Show file tree

Hide file tree

Showing 16 changed files with 67 additions and 85 deletions.
diff --git a/api/deploy/deploy.go b/api/deploy/deploy.go
@@ -13,10 +13,10 @@ import (
 )
 
 type Deploy struct {
-	req           *dto.DeployRequest
-	stage         *workspace.Stage
-	awsClient     *aws.AWS
-	publicBuckets map[string]string
+	req          *dto.DeployRequest
+	stage        *workspace.Stage
+	awsClient    *aws.AWS
+	publicBucket string
 }
 
 func New() *Deploy {
@@ -36,9 +36,9 @@ func (d *Deploy) Invoke(ctx context.Context, req *dto.DeployRequest) (*dto.Deplo
 		return nil, err
 	}
 	return &dto.DeployResponse{
-		Rest:          d.stage.Endpoints.Rest,
-		Ws:            d.stage.Endpoints.Ws,
-		PublicBuckets: d.publicBuckets,
+		Rest:         d.stage.Endpoints.Rest,
+		Ws:           d.stage.Endpoints.Ws,
+		PublicBucket: d.publicBucket,
 	}, nil
 }
 
@@ -75,11 +75,11 @@ func (d *Deploy) applyInfrastructure() error {
 	if err != nil {
 		return fmt.Errorf("could not read terraform output variable for api ws url - %v", err)
 	}
-	sites, err := tf.Output("static_websites", false)
+	public, err := tf.Output("public", false)
 	if err != nil {
 		return fmt.Errorf("coult not read terraform output variable for static websites - %v", err)
 	}
-	if err := d.updateWebsitesConfig(sites); err != nil {
+	if err := d.updatePublicConfig(public); err != nil {
 		return err
 	}
 	d.stage.Endpoints = &workspace.StageEndpoints{
@@ -140,23 +140,16 @@ func (d *Deploy) updateLambdaFunction(f *workspace.Function) error {
 	return d.awsClient.WaitLambdaFunctionUpdated(lambdaName)
 }
 
-func (d *Deploy) updateWebsitesConfig(tfOutput string) error {
-	type sitesOutput struct {
-		Name   string `json:"name"`
+func (d *Deploy) updatePublicConfig(tfOutput string) error {
+	type publicOutput struct {
 		Bucket string `json:"bucket"`
+		Url    string `json:"url"`
 	}
-	os := &[]sitesOutput{}
-	if err := json.Unmarshal([]byte(tfOutput), os); err != nil {
+	po := &publicOutput{}
+	if err := json.Unmarshal([]byte(tfOutput), po); err != nil {
 		return err
 	}
-	d.publicBuckets = make(map[string]string)
-	for _, o := range *os {
-		for _, s := range d.stage.Public {
-			if o.Name == s.Name {
-				s.Bucket = o.Bucket
-			}
-			d.publicBuckets[o.Name] = o.Bucket
-		}
-	}
+	d.publicBucket = po.Bucket
+	d.stage.Public.Bucket = po.Bucket
 	return nil
 }
diff --git a/api/dto/dto.go b/api/dto/dto.go
@@ -27,9 +27,9 @@ type DeployRequest struct {
 }
 
 type DeployResponse struct {
-	Rest          string
-	Ws            string
-	PublicBuckets map[string]string
+	Rest         string
+	Ws           string
+	PublicBucket string
 }
 
 type DestroyRequest struct {

diff --git a/api/security/policy.go b/api/security/policy.go
@@ -3,15 +3,15 @@ package security
 const CredentialsTemplate = `{
     "Version": "2012-10-17",
     "Statement": [
-        {{- range .Public}}
+        {{ if ne .Public.Bucket "" }}
         {
             "Action": [
                 "s3:PutObject"
             ],
             "Effect": "Allow",
-            "Resource": "arn:aws:s3:::{{.Bucket}}/*"
+            "Resource": "arn:aws:s3:::{{.Public.Bucket}}/*"
         },
-        {{- end}}
+        {{ end }}
         {{ if ne .LogGroup "" }}
         {
             "Action": [

diff --git a/api/security/security.go b/api/security/security.go
@@ -80,7 +80,7 @@ func (s *Security) projectPolicyTemplateData() (*projectPolicyTemplateData, erro
 		AccountID: s.awsClient.AccountID(),
 	}
 	if s.stage != nil {
-		ppt.Public = s.stage.Public
+		ppt.Public = *s.stage.Public
 		ppt.LogGroup = workspace.ProjectResource(s.req.ProjectName, s.stage.Name)
 	}
 	return ppt, nil
@@ -112,6 +112,6 @@ type projectPolicyTemplateData struct {
 	Bucket    string
 	Region    string
 	AccountID string
-	Public    []*workspace.PublicSite
+	Public    workspace.Public
 	LogGroup  string
 }
diff --git a/api/security/security_test.go b/api/security/security_test.go
@@ -82,9 +82,8 @@ func TestProjectCredentialsWithStage(t *testing.T) {
 		},
 		stage: &workspace.Stage{
 			Name: "test-stage",
-			Public: []*workspace.PublicSite{
-				{Bucket: "publicSite1"},
-				{Bucket: "publicSite2"},
+			Public: &workspace.Public{
+				Bucket: "public-bucket",
 			},
 		},
 		awsClient: &awsMock{},

diff --git a/cli/cmd/deploy/deploy.go b/cli/cmd/deploy/deploy.go
@@ -138,7 +138,7 @@ func (d *Cmd) deployRequest() (*workspace.Project, error) {
 		ResourceTags:          d.ctx.ResourceTags(),
 	}
 
-	b, err := d.ctx.Backend(DeployHTTPMethod)
+	b, err := d.ctx.Backend()
 	if err != nil {
 		return nil, err
 	}

diff --git a/cli/cmd/deploy/sites.go → cli/cmd/deploy/public.go b/cli/cmd/deploy/sites.go → cli/cmd/deploy/public.go
@@ -17,7 +17,7 @@ func (d *Cmd) publicSiteUpdates() (resourceDiff, error) {
 		return diff, err
 	}
 	var stageSites []string
-	for _, s := range d.ctx.Stage.Public {
+	for _, s := range d.ctx.Stage.Public.Sites {
 		stageSites = append(stageSites, s.Name)
 	}
 	diff.added = diffArrays(localSites, stageSites)
@@ -26,17 +26,17 @@ func (d *Cmd) publicSiteUpdates() (resourceDiff, error) {
 		if err != nil {
 			return diff, err
 		}
-		d.ctx.Stage.Public = append(d.ctx.Stage.Public, &workspace.PublicSite{
+		d.ctx.Stage.Public.Sites = append(d.ctx.Stage.Public.Sites, &workspace.PublicSite{
 			Name: a,
 			Hash: hash,
 		})
 		diff.updated = append(diff.updated, a)
 	}
 	diff.removed = diffArrays(stageSites, localSites)
 	for _, r := range diff.removed {
-		for idx, s := range d.ctx.Stage.Public {
+		for idx, s := range d.ctx.Stage.Public.Sites {
 			if s.Name == r {
-				d.ctx.Stage.Public = append(d.ctx.Stage.Public[:idx], d.ctx.Stage.Public[idx+1:]...)
+				d.ctx.Stage.Public.Sites = append(d.ctx.Stage.Public.Sites[:idx], d.ctx.Stage.Public.Sites[idx+1:]...)
 			}
 		}
 	}
@@ -46,7 +46,7 @@ func (d *Cmd) publicSiteUpdates() (resourceDiff, error) {
 		if err != nil {
 			return diff, err
 		}
-		for _, s := range d.ctx.Stage.Public {
+		for _, s := range d.ctx.Stage.Public.Sites {
 			if s.Name == i && hash != s.Hash {
 				s.Hash = hash
 				diff.updated = append(diff.updated, i)
@@ -59,7 +59,7 @@ func (d *Cmd) publicSiteUpdates() (resourceDiff, error) {
 func (d *Cmd) updatePublicSiteContent() error {
 	for _, u := range d.publicDiff.updated {
 		var site *workspace.PublicSite
-		for _, s := range d.ctx.Stage.Public {
+		for _, s := range d.ctx.Stage.Public.Sites {
 			if s.Name == u {
 				site = s
 				break
@@ -81,12 +81,13 @@ func (d *Cmd) updatePublicSiteContent() error {
 			if err != nil {
 				return err
 			}
+			relPath = filepath.Join(site.Name, relPath)
 			ui.Info("uploading file %s...", relPath)
 			buf, err := ioutil.ReadFile(path)
 			if err != nil {
 				return err
 			}
-			if err := d.awsClient.PutObjectToS3Bucket(site.Bucket, relPath, buf); err != nil {
+			if err := d.awsClient.PutObjectToS3Bucket(d.ctx.Stage.Public.Bucket, relPath, buf); err != nil {
 				return err
 			}
 			return nil

diff --git a/cli/cmd/project/context.go b/cli/cmd/project/context.go
@@ -88,8 +88,8 @@ func (c *Context) SetStage(s *workspace.Stage) error {
 }
 
 // TODO: ovome nije mjesto ovdje prebaci negdje
-func (c *Context) Backend(method string) (*backend.Backend, error) {
-	token, err := c.authToken(method)
+func (c *Context) Backend() (*backend.Backend, error) {
+	token, err := c.authToken()
 	if err != nil {
 		return nil, err
 	}

diff --git a/cli/cmd/stage.go b/cli/cmd/stage.go
@@ -84,6 +84,7 @@ func (c *stageCmd) createStage(accountName string) (*workspace.Stage, error) {
 	stage := &workspace.Stage{
 		Name:    c.stage,
 		Account: accountName,
+		Public:  &workspace.Public{},
 	}
 	if len(c.ctx.Project.Stages) == 0 {
 		stage.Default = true

diff --git a/terraform/modules/funcs/outputs.tf b/terraform/modules/funcs/outputs.tf
@@ -8,12 +8,9 @@ output "functions" {
   ]
 }
 
-output "static_websites" {
-  value = [for k, v in local.static_websites :
-    {
-      name : v.name
-      bucket : aws_s3_bucket.static_websites[k].id
-      url : aws_s3_bucket.static_websites[k].website_endpoint
-    }
-  ]
+output "public" {
+  value = {
+    bucket : aws_s3_bucket.public.id
+    url : aws_s3_bucket.public.website_endpoint
+  }
 }
diff --git a/terraform/modules/funcs/s3.tf b/terraform/modules/funcs/s3.tf
@@ -1,6 +1,5 @@
-resource "aws_s3_bucket" "static_websites" {
-  for_each = local.static_websites
-  bucket_prefix = "mantil-public-${var.project_name}-${each.value.name}-"
+resource "aws_s3_bucket" "public" {
+  bucket_prefix = "mantil-public-${var.project_name}-"
   acl    = "public-read"
   force_destroy = true
 
@@ -11,8 +10,7 @@ resource "aws_s3_bucket" "static_websites" {
 }
 
 resource "aws_s3_bucket_policy" "public_read" {
-  for_each = aws_s3_bucket.static_websites
-  bucket = each.value.id
+  bucket = aws_s3_bucket.public.id
   policy = jsonencode({
     Version = "2012-10-17"
     Statement = [
@@ -22,8 +20,8 @@ resource "aws_s3_bucket_policy" "public_read" {
         Principal = "*"
         Action    = "s3:GetObject"
         Resource = [
-          each.value.arn,
-          "${each.value.arn}/*",
+          aws_s3_bucket.public.arn,
+          "${aws_s3_bucket.public.arn}/*",
         ]
       },
     ]

diff --git a/terraform/templates/project.tf b/terraform/templates/project.tf
@@ -20,13 +20,6 @@ locals {
     }
     {{- end}}
   }
-  static_websites = {
-    {{- range .Public}}
-    {{.Name}} = {
-      name = "{{.Name}}"
-    }
-    {{- end}}
-  }
   global_env = {
     {{- range $key, $value := .GlobalEnv}}
     {{$key}} = "{{$value}}"
@@ -60,7 +53,6 @@ module "funcs" {
   project_name    = local.project_name
   functions       = local.functions
   s3_bucket       = local.project_bucket
-  static_websites = local.static_websites
   global_env      = local.global_env
 }
 
@@ -82,13 +74,13 @@ module "api" {
       lambda_name : f.arn,
     }
   ],
-  [ for w in module.funcs.static_websites :
+  [
     {
       type : "HTTP_PROXY"
       method : "GET"
       integration_method: "GET"
-      route : "/public/${w.name}"
-      uri : "http://${w.url}"
+      route : "/public"
+      uri : "http://${module.funcs.public.url}"
     }
   ])
 }
@@ -101,8 +93,8 @@ output "functions_bucket" {
   value = local.project_bucket
 }
 
-output "static_websites" {
-  value = module.funcs.static_websites
+output "public" {
+  value = module.funcs.public
 }
 
 output "ws_url" {

diff --git a/terraform/terraform.go b/terraform/terraform.go
@@ -65,7 +65,7 @@ type ProjectTemplateData struct {
 	Bucket                 string
 	BucketPrefix           string
 	Functions              []*workspace.Function
-	Public                 []*workspace.PublicSite
+	Public                 *workspace.Public
 	Region                 string
 	Stage                  string
 	RuntimeFunctionsBucket string

diff --git a/terraform/testdata/project.tf b/terraform/testdata/project.tf
@@ -24,8 +24,6 @@ locals {
       }
     }
   }
-  static_websites = {
-  }
   global_env = {
     env1 = "value1"
     env2 = "value2"
@@ -57,7 +55,6 @@ module "funcs" {
   project_name    = local.project_name
   functions       = local.functions
   s3_bucket       = local.project_bucket
-  static_websites = local.static_websites
   global_env      = local.global_env
 }
 
@@ -79,13 +76,13 @@ module "api" {
       lambda_name : f.arn,
     }
   ],
-  [ for w in module.funcs.static_websites :
+  [
     {
       type : "HTTP_PROXY"
       method : "GET"
       integration_method: "GET"
-      route : "/public/${w.name}"
-      uri : "http://${w.url}"
+      route : "/public"
+      uri : "http://${module.funcs.public.url}"
     }
   ])
 }
@@ -98,8 +95,8 @@ output "functions_bucket" {
   value = local.project_bucket
 }
 
-output "static_websites" {
-  value = module.funcs.static_websites
+output "public" {
+  value = module.funcs.public
 }
 
 output "ws_url" {

diff --git a/workspace/public.go b/workspace/public.go
@@ -1,7 +1,11 @@
 package workspace
 
+type Public struct {
+	Bucket string        `yaml:"bucket"`
+	Sites  []*PublicSite `yaml:"sites"`
+}
+
 type PublicSite struct {
-	Name   string `yaml:"name"`
-	Bucket string `yaml:"bucket"`
-	Hash   string `yaml:"hash"`
+	Name string `yaml:"name"`
+	Hash string `yaml:"hash"`
 }