patch(feat): octo-aws-cdk s3-storage-access overlay.

rash805115 · rash805115 · commit e3d9b2307cde · 2024-05-26T01:12:47.000-04:00
diff --git a/packages/octo-aws-cdk/src/anchors/s3-directory.anchor.ts b/packages/octo-aws-cdk/src/anchors/s3-directory.anchor.ts
@@ -0,0 +1,9 @@
+import { AAnchor, Anchor } from '@quadnix/octo';
+import { S3StorageService } from '../models/service/s3-storage/s3-storage.service.model.js';
+
+@Anchor()
+export class S3DirectoryAnchor extends AAnchor {
+  constructor(anchorId: string, parent: S3StorageService) {
+    super(anchorId, parent);
+  }
+}
diff --git a/packages/octo-aws-cdk/src/index.ts b/packages/octo-aws-cdk/src/index.ts
@@ -1,5 +1,6 @@
 import './anchors/iam-role.anchor.js';
 import './anchors/iam-user.anchor.js';
+import './anchors/s3-directory.anchor.js';
 
 import './factories/aws/ec2.aws.factory.js';
 import './factories/aws/ecr.aws.factory.js';
@@ -42,9 +43,7 @@ import './models/service/s3-static-website/actions/update-source-paths-s3-static
 
 export { S3StorageAccess, S3StorageService } from './models/service/s3-storage/s3-storage.service.model.js';
 import './models/service/s3-storage/actions/add-s3-storage.model.action.js';
-import './models/service/s3-storage/actions/add-s3-storage-access.overlay.action.js';
 import './models/service/s3-storage/actions/delete-s3-storage.model.action.js';
-import './models/service/s3-storage/actions/delete-s3-storage-access.overlay.action.js';
 
 import './models/subnet/actions/add-subnet.model.action.js';
 import './models/subnet/actions/delete-subnet.model.action.js';
@@ -53,6 +52,8 @@ import './models/subnet/actions/update-subnet-association.model.action.js';
 export { AwsRegionSharedEfsModule } from './modules/aws-region-shared-efs.module.js';
 export { S3WebsiteSaveManifestModule } from './modules/s3-website-save-manifest.module.js';
 
+import './overlays/s3-storage-access/actions/add-s3-storage-access.overlay.action.js';
+import './overlays/s3-storage-access/actions/delete-s3-storage-access.overlay.action.js';
 import './overlays/security-group/actions/add-security-group.overlay.action.js';
 import './overlays/security-group/actions/update-security-group.overlay.action.js';
 
diff --git a/packages/octo-aws-cdk/src/models/service/s3-storage/s3-storage-access.overlay.ts b/packages/octo-aws-cdk/src/models/service/s3-storage/s3-storage-access.overlay.ts
diff --git a/packages/octo-aws-cdk/src/models/service/s3-storage/s3-storage.service.model.ts b/packages/octo-aws-cdk/src/models/service/s3-storage/s3-storage.service.model.ts
@@ -1,8 +1,10 @@
 import { Container, Model, OverlayService, Service } from '@quadnix/octo';
+import { IamRoleAnchor } from '../../../anchors/iam-role.anchor.js';
+import { S3DirectoryAnchor } from '../../../anchors/s3-directory.anchor.js';
 import { CommonUtility } from '../../../utilities/common/common.utility.js';
 import { AwsRegion, RegionId } from '../../region/aws.region.model.js';
 import { AwsServer } from '../../server/aws.server.model.js';
-import { S3StorageAccessOverlay } from './s3-storage-access.overlay.js';
+import { S3StorageAccessOverlay } from '../../../overlays/s3-storage-access/s3-storage-access.overlay.js';
 import { IS3StorageService } from './s3-storage.service.interface.js';
 
 export enum S3StorageAccess {
@@ -17,7 +19,7 @@ export class S3StorageService extends Service {
 
   readonly bucketName: string;
 
-  readonly directories: { remoteDirectoryPath: string }[] = [];
+  readonly directories: { directoryAnchorName: string; remoteDirectoryPath: string }[] = [];
 
   constructor(regionId: RegionId, bucketName: string) {
     super(`${bucketName}-s3-storage`);
@@ -31,7 +33,11 @@ export class S3StorageService extends Service {
       throw new Error('Remote directory already added in S3 bucket!');
     }
 
-    this.directories.push({ remoteDirectoryPath });
+    const directoryAnchorName = `${CommonUtility.hash(remoteDirectoryPath).substring(0, 12)}Directory`;
+    const directoryAnchor = new S3DirectoryAnchor(directoryAnchorName, this);
+    this.anchors.push(directoryAnchor);
+
+    this.directories.push({ directoryAnchorName, remoteDirectoryPath });
   }
 
   async allowDirectoryAccess(
@@ -44,15 +50,16 @@ export class S3StorageService extends Service {
       throw new Error('Cannot find remote directory!');
     }
 
-    const principal = server.getAnchors()[0];
-    const overlayId = CommonUtility.hash(principal.anchorId, directory.remoteDirectoryPath, accessLevel);
-
     const allowRead = accessLevel === S3StorageAccess.READ || accessLevel === S3StorageAccess.READ_WRITE;
     const allowWrite = accessLevel === S3StorageAccess.WRITE || accessLevel === S3StorageAccess.READ_WRITE;
     if (!allowRead && !allowWrite) {
       return;
     }
 
+    const directoryAnchor = this.anchors.find((a) => a.anchorId === directory.directoryAnchorName)!;
+    const serverAnchor = server.getAnchors().find((a) => a instanceof IamRoleAnchor)!;
+    const overlayId = CommonUtility.hash(serverAnchor.anchorId, directory.remoteDirectoryPath, accessLevel);
+
     const overlayService = await Container.get(OverlayService);
     const s3StorageAccessOverlay = new S3StorageAccessOverlay(
       overlayId,
@@ -62,7 +69,7 @@ export class S3StorageService extends Service {
         bucketName: this.bucketName,
         remoteDirectoryPath: directory.remoteDirectoryPath,
       },
-      [principal],
+      [serverAnchor, directoryAnchor],
     );
     await overlayService.addOverlay(s3StorageAccessOverlay);
   }
@@ -77,15 +84,12 @@ export class S3StorageService extends Service {
       throw new Error('Cannot find remote directory!');
     }
 
-    const principal = server.getAnchors()[0];
-    const overlayId = CommonUtility.hash(principal.anchorId, directory.remoteDirectoryPath, accessLevel);
+    const serverAnchor = server.getAnchors().find((a) => a instanceof IamRoleAnchor)!;
+    const overlayId = CommonUtility.hash(serverAnchor.anchorId, directory.remoteDirectoryPath, accessLevel);
 
     const overlayService = await Container.get(OverlayService);
     const overlay = await overlayService.getOverlayById(overlayId);
-    if (!overlay) {
-      throw new Error('Cannot find overlay!');
-    }
-    await overlayService.removeOverlay(overlay);
+    await overlayService.removeOverlay(overlay!);
   }
 
   async removeDirectory(remoteDirectoryPath: string): Promise<void> {
diff --git a/packages/octo-aws-cdk/src/overlays/s3-storage-access/actions/add-s3-storage-access.overlay.action.ts b/packages/octo-aws-cdk/src/overlays/s3-storage-access/actions/add-s3-storage-access.overlay.action.ts
@@ -1,6 +1,6 @@
 import { Action, ActionInputs, ActionOutputs, Diff, DiffAction, Factory, IModelAction, ModelType } from '@quadnix/octo';
-import { IamRoleAnchor } from '../../../../anchors/iam-role.anchor.js';
-import { IamRole } from '../../../../resources/iam/iam-role.resource.js';
+import { IamRoleAnchor } from '../../../anchors/iam-role.anchor.js';
+import { IamRole } from '../../../resources/iam/iam-role.resource.js';
 import { S3StorageAccessOverlay } from '../s3-storage-access.overlay.js';
 
 @Action(ModelType.OVERLAY)
@@ -16,7 +16,9 @@ export class AddS3StorageAccessOverlayAction implements IModelAction {
 
   filter(diff: Diff): boolean {
     return (
-      diff.action === DiffAction.ADD && diff.model.MODEL_NAME === 's3-storage-access' && diff.field === 'overlayId'
+      diff.action === DiffAction.ADD &&
+      diff.model.MODEL_NAME === 's3-storage-access-overlay' &&
+      diff.field === 'overlayId'
     );
   }
 
diff --git a/packages/octo-aws-cdk/src/overlays/s3-storage-access/actions/delete-s3-storage-access.overlay.action.ts b/packages/octo-aws-cdk/src/overlays/s3-storage-access/actions/delete-s3-storage-access.overlay.action.ts
@@ -1,6 +1,6 @@
 import { Action, ActionInputs, ActionOutputs, Diff, DiffAction, Factory, IModelAction, ModelType } from '@quadnix/octo';
-import { IamRoleAnchor } from '../../../../anchors/iam-role.anchor.js';
-import { IamRole } from '../../../../resources/iam/iam-role.resource.js';
+import { IamRoleAnchor } from '../../../anchors/iam-role.anchor.js';
+import { IamRole } from '../../../resources/iam/iam-role.resource.js';
 import { S3StorageAccessOverlay } from '../s3-storage-access.overlay.js';
 
 @Action(ModelType.OVERLAY)
@@ -16,7 +16,9 @@ export class DeleteS3StorageAccessOverlayAction implements IModelAction {
 
   filter(diff: Diff): boolean {
     return (
-      diff.action === DiffAction.DELETE && diff.model.MODEL_NAME === 's3-storage-access' && diff.field === 'overlayId'
+      diff.action === DiffAction.DELETE &&
+      diff.model.MODEL_NAME === 's3-storage-access-overlay' &&
+      diff.field === 'overlayId'
     );
   }
 
diff --git a/packages/octo-aws-cdk/src/overlays/s3-storage-access/s3-storage-access.overlay.interface.ts b/packages/octo-aws-cdk/src/overlays/s3-storage-access/s3-storage-access.overlay.interface.ts
diff --git a/packages/octo-aws-cdk/src/overlays/s3-storage-access/s3-storage-access.overlay.ts b/packages/octo-aws-cdk/src/overlays/s3-storage-access/s3-storage-access.overlay.ts
@@ -0,0 +1,17 @@
+import { AOverlay, IOverlay, IResource, Overlay } from '@quadnix/octo';
+import { IamRoleAnchor } from '../../anchors/iam-role.anchor.js';
+import { S3DirectoryAnchor } from '../../anchors/s3-directory.anchor.js';
+import { IS3StorageAccessOverlayProperties } from './s3-storage-access.overlay.interface.js';
+
+@Overlay()
+export class S3StorageAccessOverlay extends AOverlay<S3StorageAccessOverlay> {
+  override readonly MODEL_NAME: string = 's3-storage-access-overlay';
+
+  constructor(
+    overlayId: IOverlay['overlayId'],
+    properties: IS3StorageAccessOverlayProperties,
+    anchors: [IamRoleAnchor, S3DirectoryAnchor],
+  ) {
+    super(overlayId, properties as unknown as IResource['properties'], anchors);
+  }
+}
diff --git a/packages/octo-aws-cdk/src/resources/iam/actions/update-iam-role-with-s3-storage-policy.resource.action.ts b/packages/octo-aws-cdk/src/resources/iam/actions/update-iam-role-with-s3-storage-policy.resource.action.ts
@@ -6,7 +6,7 @@ import {
   IAMClient,
 } from '@aws-sdk/client-iam';
 import { Action, Container, Diff, DiffAction, Factory, IResourceAction, ModelType } from '@quadnix/octo';
-import { IS3StorageAccessOverlayProperties } from '../../../models/service/s3-storage/s3-storage-access.overlay.interface.js';
+import { IS3StorageAccessOverlayProperties } from '../../../overlays/s3-storage-access/s3-storage-access.overlay.interface.js';
 import { IIamRoleResponse } from '../iam-role.interface.js';
 import { IamRole, IamRolePolicyDiff } from '../iam-role.resource.js';
 
@@ -18,7 +18,7 @@ export class UpdateIamRoleWithS3StoragePolicyResourceAction implements IResource
     return (
       diff.action === DiffAction.UPDATE &&
       diff.model.MODEL_NAME === 'iam-role' &&
-      (diff.value as IamRolePolicyDiff['key']).overlay.MODEL_NAME === 's3-storage-access'
+      (diff.value as IamRolePolicyDiff['key']).overlay.MODEL_NAME === 's3-storage-access-overlay'
     );
   }
 
diff --git a/packages/octo-aws-cdk/src/resources/iam/actions/update-iam-user-with-s3-storage-policy.resource.action.ts b/packages/octo-aws-cdk/src/resources/iam/actions/update-iam-user-with-s3-storage-policy.resource.action.ts
@@ -6,7 +6,7 @@ import {
   IAMClient,
 } from '@aws-sdk/client-iam';
 import { Action, Container, Diff, DiffAction, Factory, IResourceAction, ModelType } from '@quadnix/octo';
-import { IS3StorageAccessOverlayProperties } from '../../../models/service/s3-storage/s3-storage-access.overlay.interface.js';
+import { IS3StorageAccessOverlayProperties } from '../../../overlays/s3-storage-access/s3-storage-access.overlay.interface.js';
 import { IIamUserResponse } from '../iam-user.interface.js';
 import { IamUser, IamUserPolicyDiff } from '../iam-user.resource.js';
 
@@ -18,7 +18,7 @@ export class UpdateIamUserWithS3StoragePolicyResourceAction implements IResource
     return (
       diff.action === DiffAction.UPDATE &&
       diff.model.MODEL_NAME === 'iam-user' &&
-      (diff.value as IamUserPolicyDiff['key']).overlay.MODEL_NAME === 's3-storage-access'
+      (diff.value as IamUserPolicyDiff['key']).overlay.MODEL_NAME === 's3-storage-access-overlay'
     );
   }
 
