-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathcommon.ts
49 lines (41 loc) · 1.51 KB
/
common.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
import * as path from 'path';
export type SopsSecretsManagerEncoding = 'string' | 'json';
export type SopsSecretsManagerFileType = 'yaml' | 'json';
export interface SopsSecretsManagerMapping {
path: Array<string>;
encoding?: SopsSecretsManagerEncoding;
}
export interface SopsSecretsManagerMappings {
[key: string]: SopsSecretsManagerMapping;
}
export interface SopsSecretsManagerBaseProps {
readonly secret?: unknown;
readonly secretName?: string;
readonly asset?: unknown;
readonly path?: string;
readonly kmsKey?: unknown;
readonly mappings?: SopsSecretsManagerMappings;
readonly wholeFile?: boolean;
readonly singleValueMapping?: SopsSecretsManagerMapping;
readonly fileType?: SopsSecretsManagerFileType;
}
export const providerId = 'com.isotoma.cdk.custom-resources.sops-secrets-manager';
export const providerLogicalId = 'sops-secrets-manager-provider';
export const providerFunctionLogicalId = 'sops-secrets-manager-event';
export const providerCodePath = path.join(__dirname, 'provider');
export const providerHandler = 'index.onEvent';
export const providerTimoutMinutes = 5;
interface PolicyStatement {
resources: Array<string>;
actions: Array<string>;
};
export const providerPolicyStatements: Array<PolicyStatement> = [{
resources: ['*'],
actions: ['s3:GetObject*', 's3:GetBucket*', 's3:List*', 's3:DeleteObject*', 's3:PutObject*', 's3:Abort*'],
}, {
resources: ['*'],
actions: ['kms:*'],
}, {
resources: ['*'],
actions: ['secretsmanager:*'],
}];