First deploy fixes

RoundingWellOS · Feb 3, 2020 · fdeecc5 · fdeecc5
1 parent baf074c
commit fdeecc5
Show file tree

Hide file tree

Showing 8 changed files with 60 additions and 27 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -8,14 +8,14 @@ jobs:
       - checkout
       - restore_cache:
           keys:
-            - v1-dependencies-{{ checksum "package.json" }}
+            - v1-dependencies-{{ checksum "package-lock.json" }}
             # fallback to using the latest cache if no exact match is found
             - v1-dependencies-
       - run: npm i
       - save_cache:
           paths:
             - node_modules
-          key: v1-dependencies-{{ checksum "package.json" }}
+          key: v1-dependencies-{{ checksum "package-lock.json" }}
       - run: npm run test
       - persist_to_workspace:
           root: .
@@ -30,7 +30,7 @@ jobs:
           at: .
       - restore_cache:
           keys:
-            - npm-circleci-{{ checksum "package.lock" }}
+            - npm-circleci-{{ checksum "package-lock.json" }}
             - npm-circleci-
       - run:
           name: Install Serverless CLI and dependencies
@@ -41,8 +41,7 @@ jobs:
             - node_modules
       - run:
           name: Build and deploy lambda package
-          command: |
-            node .circlecli/bin/node_modules/serverless/bin/serverless deploy
+          command: npm run ci-deploy
 
 workflows:
   version: 2.1

diff --git a/.gitignore b/.gitignore
@@ -36,3 +36,6 @@ jspm_packages
 # Optional REPL history
 .node_repl_history
 *.zip
+
+#Serverless
+.serverless
diff --git a/lib/auth0tools.js b/lib/auth0tools.js
@@ -1,4 +1,4 @@
-var auth0 = require('auth0');
+const auth0 = require('auth0');
 const ManagementClient = auth0.ManagementClient;
 
 module.exports = {

diff --git a/lib/handler.js b/lib/handler.js
@@ -1,9 +1,11 @@
-var secrets = require('./secrets');
 // Known bug with rewire. Need to cast as var 
-var  auth0tools = require('./auth0tools');
+// eslint-disable-next-line no-var
+var secrets = require('./secrets');
+// eslint-disable-next-line no-var
+var auth0tools = require('./auth0tools');
 const Promise = require('bluebird');
 
-const handler = async (event, context) => {
+const handler = async(event, context) => {
   if (typeof event.secretEnv === 'undefined') {
     throw new Error('secretEnv is required');
   }
@@ -16,14 +18,13 @@ const handler = async (event, context) => {
   return await auth0tools.addAuth0Url(secret, url);
 };
 
-module.exports = function(event, context, cb) {
-  return Promise.try(() => handler(event, context))
-    .then(result => {
-      cb(null);
-      return result;
-    })
-    .catch(err => {
-      cb(err);
-      throw err;
-    });
+module.exports = async(event, context, cb) => {
+  try {
+    const result = await Promise.try(() => handler(event, context));
+    cb(null);
+    return result;
+  } catch (err) {
+    cb(err);
+    throw err;
+  }
 };
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -4,7 +4,8 @@
   "description": "Lambda function to add trusted url to Auth0 Client Applications",
   "main": "index.js",
   "scripts": {
-    "test": "mocha test"
+    "test": "mocha test",
+    "ci-deploy": "node node_modules/serverless/bin/serverless deploy --KeyId \"$KEYID\""
   },
   "repository": {
     "type": "git",
@@ -31,6 +32,7 @@
     "mocha": "^7.0.0",
     "rewire": "^4.0.1",
     "sinon": "^4.1.3",
-    "mock-aws-sinon": "^1.3.2"
+    "mock-aws-sinon": "^1.3.2",
+    "serverless-pseudo-parameters": "^2.5.0"
   }
 }
diff --git a/serverless.yml b/serverless.yml
@@ -1,13 +1,35 @@
+service: auth0-add-url
+
+plugins:
+  - serverless-pseudo-parameters
+
 provider:
   region: us-west-2
   name: aws
   timeout: 30
+  stage: ${opt:stage,'preview'}
   memorySize: 1024
-  runtime: provided
+  runtime: nodejs10.x
+  iamRoleStatements:
+    - Effect: "Allow"
+      Action:
+        - secretsmanager:GetSecretValue
+        - secretsmanager:DescribeSecret
+        - secretsmanager:GetResourcePolicy
+        - secretsmanager:ListSecretVersionIds
+      Resource: ${self:custom.secretArn}
+    - Effect: "Allow"
+      Action:
+        - kms:Decrypt
+      Resource: "${self:custom.keyArn}"
 
 functions:
   auth0-add-url:
     name: auth0-add-url
+    handler: 'index.handler'
     description: 'Simple utility to add dev env urls to auth0'
-    handler: index.js
     tracing: Active
+
+custom:
+  secretArn: "arn:aws:secretsmanager:${self:provider.region}:#{AWS::AccountId}:secret:${self:provider.stage}/env*"
+  keyArn: "anr:aws:kms:${self:provider.region}:#{AWS::AccountId}:key/${opt:KeyId,'*'}"
diff --git a/test/handler.js b/test/handler.js
@@ -37,24 +37,24 @@ describe('Handler', () => {
       secretSpy,
       auth0Spy,
     };
-  }
+  };
 
   it('should throw an error if secretEnv is not defined', () => {
     return handler({ url: 'https://test.roundingwell.com' }, context, cb).should.be.rejectedWith(
-      /secretEnv is required/
+      /secretEnv is required/,
     );
   });
 
   it('should throw an error if url is not defined', () => {
     return handler({ secretEnv: 'test' }, context, cb).should.be.rejectedWith(
-      /url is required/
+      /url is required/,
     );
   });
 
   it('should add urls', () => {
     const mockEvent = {
       secretEnv: 'test',
-      url: 'test'
+      url: 'test',
     };
     const { secretSpy, auth0Spy } = makeMockHandler();