From 66270f2b525daf7870ecfa5817d267af2735e32c Mon Sep 17 00:00:00 2001 From: nutrina Date: Thu, 30 Nov 2023 07:29:09 +0200 Subject: [PATCH] fix(infra): proper container definition with _redisConnectionUrl (#1957) --- infra/aws/iam_secrets.ts | 176 ++++++++++++++++++++++++++++ infra/aws/index.ts | 241 ++++++--------------------------------- 2 files changed, 212 insertions(+), 205 deletions(-) create mode 100644 infra/aws/iam_secrets.ts diff --git a/infra/aws/iam_secrets.ts b/infra/aws/iam_secrets.ts new file mode 100644 index 0000000000..f780e2b44d --- /dev/null +++ b/infra/aws/iam_secrets.ts @@ -0,0 +1,176 @@ + + +export const getIamSecrets = (PASSPORT_VC_SECRETS_ARN:string, IAM_SERVER_SSM_ARN:string) => [ + { + name: "IAM_JWK", + valueFrom: `${PASSPORT_VC_SECRETS_ARN}:IAM_JWK::`, + }, + { + name: "GOOGLE_CLIENT_ID", + valueFrom: `${IAM_SERVER_SSM_ARN}:GOOGLE_CLIENT_ID::`, + }, + { + name: "GOOGLE_CLIENT_SECRET", + valueFrom: `${IAM_SERVER_SSM_ARN}:GOOGLE_CLIENT_SECRET::`, + }, + { + name: "GOOGLE_CALLBACK", + valueFrom: `${IAM_SERVER_SSM_ARN}:GOOGLE_CALLBACK::`, + }, + { + name: "TWITTER_CALLBACK", + valueFrom: `${IAM_SERVER_SSM_ARN}:TWITTER_CALLBACK::`, + }, + { + name: "RPC_URL", + valueFrom: `${IAM_SERVER_SSM_ARN}:MAINNET_RPC_URL::`, + }, + { + name: "ALCHEMY_API_KEY", + valueFrom: `${IAM_SERVER_SSM_ARN}:ALCHEMY_API_KEY::`, + }, + { + name: "TWITTER_CLIENT_ID", + valueFrom: `${IAM_SERVER_SSM_ARN}:TWITTER_CLIENT_ID::`, + }, + { + name: "TWITTER_CLIENT_SECRET", + valueFrom: `${IAM_SERVER_SSM_ARN}:TWITTER_CLIENT_SECRET::`, + }, + { + name: "FACEBOOK_APP_ID", + valueFrom: `${IAM_SERVER_SSM_ARN}:FACEBOOK_APP_ID::`, + }, + { + name: "FACEBOOK_APP_SECRET", + valueFrom: `${IAM_SERVER_SSM_ARN}:FACEBOOK_APP_SECRET::`, + }, + { + name: "BRIGHTID_PRIVATE_KEY", + valueFrom: `${IAM_SERVER_SSM_ARN}:BRIGHTID_PRIVATE_KEY::`, + }, + { + name: "GITHUB_CLIENT_ID", + valueFrom: `${IAM_SERVER_SSM_ARN}:GITHUB_CLIENT_ID::`, + }, + { + name: "GITHUB_CLIENT_SECRET", + valueFrom: `${IAM_SERVER_SSM_ARN}:GITHUB_CLIENT_SECRET::`, + }, + { + name: "GRANT_HUB_GITHUB_CLIENT_ID", + valueFrom: `${IAM_SERVER_SSM_ARN}:GRANT_HUB_GITHUB_CLIENT_ID::`, + }, + { + name: "GRANT_HUB_GITHUB_CLIENT_SECRET", + valueFrom: `${IAM_SERVER_SSM_ARN}:GRANT_HUB_GITHUB_CLIENT_SECRET::`, + }, + { + name: "LINKEDIN_CLIENT_ID", + valueFrom: `${IAM_SERVER_SSM_ARN}:LINKEDIN_CLIENT_ID::`, + }, + { + name: "LINKEDIN_CLIENT_SECRET", + valueFrom: `${IAM_SERVER_SSM_ARN}:LINKEDIN_CLIENT_SECRET::`, + }, + { + name: "LINKEDIN_CALLBACK", + valueFrom: `${IAM_SERVER_SSM_ARN}:LINKEDIN_CALLBACK::`, + }, + { + name: "DISCORD_CLIENT_ID", + valueFrom: `${IAM_SERVER_SSM_ARN}:DISCORD_CLIENT_ID::`, + }, + { + name: "DISCORD_CLIENT_SECRET", + valueFrom: `${IAM_SERVER_SSM_ARN}:DISCORD_CLIENT_SECRET::`, + }, + { + name: "DISCORD_CALLBACK", + valueFrom: `${IAM_SERVER_SSM_ARN}:DISCORD_CALLBACK::`, + }, + { + name: "ETHERSCAN_API_KEY", + valueFrom: `${IAM_SERVER_SSM_ARN}:ETHERSCAN_API_KEY::`, + }, + { + name: "POLYGON_RPC_URL", + valueFrom: `${IAM_SERVER_SSM_ARN}:POLYGON_RPC_URL::`, + }, + { + name: "CGRANTS_API_TOKEN", + valueFrom: `${IAM_SERVER_SSM_ARN}:CGRANTS_API_TOKEN::`, + }, + { + name: "GTC_STAKING_GRAPH_API_KEY", + valueFrom: `${IAM_SERVER_SSM_ARN}:GTC_STAKING_GRAPH_API_KEY::`, + }, + { + name: "GTC_STAKING_ROUNDS", + valueFrom: `${IAM_SERVER_SSM_ARN}:GTC_STAKING_ROUNDS::`, + }, + { + name: "COINBASE_CLIENT_ID", + valueFrom: `${IAM_SERVER_SSM_ARN}:COINBASE_CLIENT_ID::`, + }, + { + name: "COINBASE_CLIENT_SECRET", + valueFrom: `${IAM_SERVER_SSM_ARN}:COINBASE_CLIENT_SECRET::`, + }, + { + name: "COINBASE_CALLBACK", + valueFrom: `${IAM_SERVER_SSM_ARN}:COINBASE_CALLBACK::`, + }, + { + name: "ATTESTATION_SIGNER_PRIVATE_KEY", + valueFrom: `${IAM_SERVER_SSM_ARN}:ATTESTATION_SIGNER_PRIVATE_KEY::`, + }, + { + name: "GITCOIN_VERIFIER_CHAIN_ID", + valueFrom: `${IAM_SERVER_SSM_ARN}:GITCOIN_VERIFIER_CHAIN_ID::`, + }, + { + name: "ALLO_SCORER_ID", + valueFrom: `${IAM_SERVER_SSM_ARN}:ALLO_SCORER_ID::`, + }, + { + name: "SCORER_ENDPOINT", + valueFrom: `${IAM_SERVER_SSM_ARN}:SCORER_ENDPOINT::`, + }, + { + name: "SCORER_API_KEY", + valueFrom: `${IAM_SERVER_SSM_ARN}:SCORER_API_KEY::`, + }, + { + name: "EAS_GITCOIN_STAMP_SCHEMA", + valueFrom: `${IAM_SERVER_SSM_ARN}:EAS_GITCOIN_STAMP_SCHEMA::`, + }, + { + name: "FF_NEW_GITHUB_STAMPS", + valueFrom: `${IAM_SERVER_SSM_ARN}:FF_NEW_GITHUB_STAMPS::`, + }, + { + name: "INCLUDE_TESTNETS", + valueFrom: `${IAM_SERVER_SSM_ARN}:INCLUDE_TESTNETS::`, + }, + { + name: "ZKSYNC_ERA_MAINNET_ENDPOINT", + valueFrom: `${IAM_SERVER_SSM_ARN}:ZKSYNC_ERA_MAINNET_ENDPOINT::`, + }, + { + name: "PASSPORT_SCORER_BACKEND", + valueFrom: `${IAM_SERVER_SSM_ARN}:PASSPORT_SCORER_BACKEND::`, + }, + { + name: "TRUSTA_LABS_ACCESS_TOKEN", + valueFrom: `${IAM_SERVER_SSM_ARN}:TRUSTA_LABS_ACCESS_TOKEN::`, + }, + { + name: "MORALIS_API_KEY", + valueFrom: `${IAM_SERVER_SSM_ARN}:MORALIS_API_KEY::`, + }, + { + name: "IAM_JWK_EIP712", + valueFrom: `${PASSPORT_VC_SECRETS_ARN}:IAM_JWK_EIP712::`, + }, +]; diff --git a/infra/aws/index.ts b/infra/aws/index.ts index c15e92fd3d..5f7636039f 100644 --- a/infra/aws/index.ts +++ b/infra/aws/index.ts @@ -1,5 +1,6 @@ import * as pulumi from "@pulumi/pulumi"; import * as aws from "@pulumi/aws"; +import {getIamSecrets} from "./iam_secrets"; // Secret was created manually in Oregon `us-west-2` const IAM_SERVER_SSM_ARN = `${process.env["IAM_SERVER_SSM_ARN"]}`; @@ -275,213 +276,43 @@ const redisErrorAlarm = new aws.cloudwatch.MetricAlarm("redisConnectionErrorsAla ////////////////////////////////////////////////////////////// // ECS Task & Service ////////////////////////////////////////////////////////////// +const containerDefinitions = pulumi.all([redisConnectionUrl]).apply(([_redisConnectionUrl]) => JSON.stringify([{ + name: "iam", + image: dockerGtcPassportIamImage, + cpu: serviceResources[stack]["cpu"], + memory: serviceResources[stack]["memory"], + links: [], + essential: true, + portMappings: [{ + containerPort: 80, + hostPort: 80, + protocol: "tcp" + }], + environment: [{ + name: "CGRANTS_API_URL", + value: "https://api.scorer.gitcoin.co/cgrants" + }, { + name: "REDIS_URL", + value: _redisConnectionUrl, + }], + logConfiguration: { + logDriver: "awslogs", + options: { + "awslogs-group": "passport-iam", // "${serviceLogGroup.name}`, + "awslogs-region": "us-west-2", // `${regionId}`, + "awslogs-create-group": "true", + "awslogs-stream-prefix": "iam" + } + }, + secrets: getIamSecrets(PASSPORT_VC_SECRETS_ARN, IAM_SERVER_SSM_ARN), + mountPoints: [], + volumesFrom: [] +}])); + + const taskDefinition = new aws.ecs.TaskDefinition(`passport-iam`, { family: `passport-iam`, - containerDefinitions: JSON.stringify([{ - name: "iam", - image: dockerGtcPassportIamImage, - cpu: serviceResources[stack]["cpu"], - memory: serviceResources[stack]["memory"], - links: [], - essential: true, - portMappings: [{ - containerPort: 80, - hostPort: 80, - protocol: "tcp" - }], - environment: [{ - name: "CGRANTS_API_URL", - value: "https://api.scorer.gitcoin.co/cgrants" - }, { - name: "REDIS_URL", - value: redisConnectionUrl, - }], - logConfiguration: { - logDriver: "awslogs", - options: { - "awslogs-group": "passport-iam", // "${serviceLogGroup.name}`, - "awslogs-region": "us-west-2", // `${regionId}`, - "awslogs-create-group": "true", - "awslogs-stream-prefix": "iam" - } - }, - secrets: [ - { - name: "IAM_JWK", - valueFrom: `${PASSPORT_VC_SECRETS_ARN}:IAM_JWK::`, - }, - { - name: "GOOGLE_CLIENT_ID", - valueFrom: `${IAM_SERVER_SSM_ARN}:GOOGLE_CLIENT_ID::`, - }, - { - name: "GOOGLE_CLIENT_SECRET", - valueFrom: `${IAM_SERVER_SSM_ARN}:GOOGLE_CLIENT_SECRET::`, - }, - { - name: "GOOGLE_CALLBACK", - valueFrom: `${IAM_SERVER_SSM_ARN}:GOOGLE_CALLBACK::`, - }, - { - name: "TWITTER_CALLBACK", - valueFrom: `${IAM_SERVER_SSM_ARN}:TWITTER_CALLBACK::`, - }, - { - name: "RPC_URL", - valueFrom: `${IAM_SERVER_SSM_ARN}:MAINNET_RPC_URL::`, - }, - { - name: "ALCHEMY_API_KEY", - valueFrom: `${IAM_SERVER_SSM_ARN}:ALCHEMY_API_KEY::`, - }, - { - name: "TWITTER_CLIENT_ID", - valueFrom: `${IAM_SERVER_SSM_ARN}:TWITTER_CLIENT_ID::`, - }, - { - name: "TWITTER_CLIENT_SECRET", - valueFrom: `${IAM_SERVER_SSM_ARN}:TWITTER_CLIENT_SECRET::`, - }, - { - name: "FACEBOOK_APP_ID", - valueFrom: `${IAM_SERVER_SSM_ARN}:FACEBOOK_APP_ID::`, - }, - { - name: "FACEBOOK_APP_SECRET", - valueFrom: `${IAM_SERVER_SSM_ARN}:FACEBOOK_APP_SECRET::`, - }, - { - name: "BRIGHTID_PRIVATE_KEY", - valueFrom: `${IAM_SERVER_SSM_ARN}:BRIGHTID_PRIVATE_KEY::`, - }, - { - name: "GITHUB_CLIENT_ID", - valueFrom: `${IAM_SERVER_SSM_ARN}:GITHUB_CLIENT_ID::`, - }, - { - name: "GITHUB_CLIENT_SECRET", - valueFrom: `${IAM_SERVER_SSM_ARN}:GITHUB_CLIENT_SECRET::`, - }, - { - name: "GRANT_HUB_GITHUB_CLIENT_ID", - valueFrom: `${IAM_SERVER_SSM_ARN}:GRANT_HUB_GITHUB_CLIENT_ID::`, - }, - { - name: "GRANT_HUB_GITHUB_CLIENT_SECRET", - valueFrom: `${IAM_SERVER_SSM_ARN}:GRANT_HUB_GITHUB_CLIENT_SECRET::`, - }, - { - name: "LINKEDIN_CLIENT_ID", - valueFrom: `${IAM_SERVER_SSM_ARN}:LINKEDIN_CLIENT_ID::`, - }, - { - name: "LINKEDIN_CLIENT_SECRET", - valueFrom: `${IAM_SERVER_SSM_ARN}:LINKEDIN_CLIENT_SECRET::`, - }, - { - name: "LINKEDIN_CALLBACK", - valueFrom: `${IAM_SERVER_SSM_ARN}:LINKEDIN_CALLBACK::`, - }, - { - name: "DISCORD_CLIENT_ID", - valueFrom: `${IAM_SERVER_SSM_ARN}:DISCORD_CLIENT_ID::`, - }, - { - name: "DISCORD_CLIENT_SECRET", - valueFrom: `${IAM_SERVER_SSM_ARN}:DISCORD_CLIENT_SECRET::`, - }, - { - name: "DISCORD_CALLBACK", - valueFrom: `${IAM_SERVER_SSM_ARN}:DISCORD_CALLBACK::`, - }, - { - name: "ETHERSCAN_API_KEY", - valueFrom: `${IAM_SERVER_SSM_ARN}:ETHERSCAN_API_KEY::`, - }, - { - name: "POLYGON_RPC_URL", - valueFrom: `${IAM_SERVER_SSM_ARN}:POLYGON_RPC_URL::`, - }, - { - name: "CGRANTS_API_TOKEN", - valueFrom: `${IAM_SERVER_SSM_ARN}:CGRANTS_API_TOKEN::`, - }, - { - name: "GTC_STAKING_GRAPH_API_KEY", - valueFrom: `${IAM_SERVER_SSM_ARN}:GTC_STAKING_GRAPH_API_KEY::`, - }, - { - name: "GTC_STAKING_ROUNDS", - valueFrom: `${IAM_SERVER_SSM_ARN}:GTC_STAKING_ROUNDS::`, - }, - { - name: "COINBASE_CLIENT_ID", - valueFrom: `${IAM_SERVER_SSM_ARN}:COINBASE_CLIENT_ID::`, - }, - { - name: "COINBASE_CLIENT_SECRET", - valueFrom: `${IAM_SERVER_SSM_ARN}:COINBASE_CLIENT_SECRET::`, - }, - { - name: "COINBASE_CALLBACK", - valueFrom: `${IAM_SERVER_SSM_ARN}:COINBASE_CALLBACK::`, - }, - { - name: "ATTESTATION_SIGNER_PRIVATE_KEY", - valueFrom: `${IAM_SERVER_SSM_ARN}:ATTESTATION_SIGNER_PRIVATE_KEY::`, - }, - { - name: "GITCOIN_VERIFIER_CHAIN_ID", - valueFrom: `${IAM_SERVER_SSM_ARN}:GITCOIN_VERIFIER_CHAIN_ID::`, - }, - { - name: "ALLO_SCORER_ID", - valueFrom: `${IAM_SERVER_SSM_ARN}:ALLO_SCORER_ID::`, - }, - { - name: "SCORER_ENDPOINT", - valueFrom: `${IAM_SERVER_SSM_ARN}:SCORER_ENDPOINT::`, - }, - { - name: "SCORER_API_KEY", - valueFrom: `${IAM_SERVER_SSM_ARN}:SCORER_API_KEY::`, - }, - { - name: "EAS_GITCOIN_STAMP_SCHEMA", - valueFrom: `${IAM_SERVER_SSM_ARN}:EAS_GITCOIN_STAMP_SCHEMA::`, - }, - { - name: "FF_NEW_GITHUB_STAMPS", - valueFrom: `${IAM_SERVER_SSM_ARN}:FF_NEW_GITHUB_STAMPS::`, - }, - { - name: "INCLUDE_TESTNETS", - valueFrom: `${IAM_SERVER_SSM_ARN}:INCLUDE_TESTNETS::`, - }, - { - name: "ZKSYNC_ERA_MAINNET_ENDPOINT", - valueFrom: `${IAM_SERVER_SSM_ARN}:ZKSYNC_ERA_MAINNET_ENDPOINT::`, - }, - { - name: "PASSPORT_SCORER_BACKEND", - valueFrom: `${IAM_SERVER_SSM_ARN}:PASSPORT_SCORER_BACKEND::`, - }, - { - name: "TRUSTA_LABS_ACCESS_TOKEN", - valueFrom: `${IAM_SERVER_SSM_ARN}:TRUSTA_LABS_ACCESS_TOKEN::`, - }, - { - name: "MORALIS_API_KEY", - valueFrom: `${IAM_SERVER_SSM_ARN}:MORALIS_API_KEY::`, - }, - { - name: "IAM_JWK_EIP712", - valueFrom: `${PASSPORT_VC_SECRETS_ARN}:IAM_JWK_EIP712::`, - }, - ], - mountPoints: [], - volumesFrom: [] - }]), + containerDefinitions, executionRoleArn: serviceRole.arn, cpu: serviceResources[stack]["cpu"], memory: serviceResources[stack]["memory"],