-
Notifications
You must be signed in to change notification settings - Fork 878
/
Copy paths3Helpers.ts
80 lines (69 loc) · 2.69 KB
/
s3Helpers.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
// Copyright 2016-2025, Pulumi Corporation. All rights reserved.
import * as crypto from "crypto";
import * as fs from "fs";
import * as mime from "mime";
import * as aws from "@pulumi/aws";
import * as pulumi from "@pulumi/pulumi";
export interface FileBucketOpts {
files: string[];
policy?: (bucket: aws.s3.BucketV2) => pulumi.Output<string>;
}
export class FileBucket {
public readonly bucket: aws.s3.BucketV2;
public readonly files: { [key: string]: aws.s3.BucketObject };
public readonly policy: aws.s3.BucketPolicy;
private readonly fileContents: { [key: string]: string };
constructor(bucketName: string, opts: FileBucketOpts) {
this.bucket = new aws.s3.BucketV2(bucketName);
this.fileContents = {};
this.files = {};
for (const file of opts.files) {
this.fileContents[file] = fs.readFileSync(file).toString();
this.files[file] = new aws.s3.BucketObject(file, {
bucket: this.bucket.bucket,
source: new pulumi.asset.FileAsset(file),
contentType: mime.getType(file) || undefined,
});
}
if (opts.policy !== undefined) {
// Set the access policy for the bucket so all objects are readable
this.policy = new aws.s3.BucketPolicy(`bucketPolicy`, {
bucket: this.bucket.bucket,
// policy: this.bucket.bucket.apply(publicReadPolicyForBucket)
policy: opts.policy(this.bucket),
});
}
}
fileIdFromHashedContents(fileName: string): pulumi.Input<string> {
const digest = crypto
.createHash("md5")
.update(this.fileContents[fileName])
.digest("hex")
.slice(0, 6);
return pulumi.interpolate `${this.bucket.bucket}-${digest}`;
}
getUrlForFile(file: string): pulumi.Output<string> {
if (!(file in this.files)) {
throw new Error(`Bucket does not have file '${file}'`);
}
return pulumi
.all([this.bucket.bucketDomainName, this.files[file].id])
.apply(([domain, id]) => `${domain}/${id}`);
}
}
// Create an S3 Bucket Policy to allow public read of all objects in bucket
export function publicReadPolicy(bucket: aws.s3.Bucket): pulumi.Output<string> {
return pulumi.jsonStringify({
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Principal: "*",
Action: ["s3:GetObject"],
Resource: [
pulumi.interpolate `arn:aws:s3:::${bucket.bucket}/*`, // policy refers to bucket name explicitly
],
},
],
});
}