eps-cdk-utils/packages/deploymentUtils/src/specifications/deployApi.ts at 0d9608eac65feadf2177f0b70f794ab1d7cc639b · NHSDigital/eps-cdk-utils · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
import {LambdaClient} from "@aws-sdk/client-lambda"
import {getCFConfigValue, getCloudFormationExports} from "../config/index"
import {fixSpec} from "./fixSpec"
import {invokeLambda} from "./invokeLambda"

export type ApiConfig = {
  // eslint-disable-next-line @typescript-eslint/no-explicit-any
  spec: any
  apiName: string
  version: string
  apigeeEnvironment: string
  isPullRequest: boolean
  awsEnvironment: string
  stackName: string
  mtlsSecretName: string
  clientCert: string
  clientPrivateKey: string
  proxygenPrivateKeyExportName: string
  proxygenKid: string
  hiddenPaths: Array<string>
}

export async function deployApi(
  {
    spec,
    apiName,
    version,
    apigeeEnvironment,
    isPullRequest,
    awsEnvironment,
    stackName,
    mtlsSecretName,
    clientCert,
    clientPrivateKey,
    proxygenPrivateKeyExportName,
    proxygenKid,
    hiddenPaths
  }: ApiConfig,
  blueGreen: boolean,
  dryRun: boolean
): Promise<void> {
  const lambda = new LambdaClient({})
  const instance = fixSpec({
    spec,
    apiName,
    version,
    apigeeEnvironment,
    isPullRequest,
    awsEnvironment,
    stackName,
    mtlsSecretName,
    blueGreen
  })

  const exports = await getCloudFormationExports()
  const proxygenPrivateKeyArn = getCFConfigValue(exports, `account-resources:${proxygenPrivateKeyExportName}`)

  let put_secret_lambda = "lambda-resources-ProxygenPTLMTLSSecretPut"
  let instance_put_lambda = "lambda-resources-ProxygenPTLInstancePut"
  let spec_publish_lambda = "lambda-resources-ProxygenPTLSpecPublish"
  if (/^(int|sandbox|prod)$/.test(apigeeEnvironment)) {
    put_secret_lambda = "lambda-resources-ProxygenProdMTLSSecretPut"
    instance_put_lambda = "lambda-resources-ProxygenProdInstancePut"
    spec_publish_lambda = "lambda-resources-ProxygenProdSpecPublish"
  }

  if (!isPullRequest) {
    console.log("Store the secret used for mutual TLS to AWS using Proxygen proxy lambda")
    await invokeLambda(
      lambda,
      dryRun,
      put_secret_lambda,
      {
        apiName,
        environment: apigeeEnvironment,
        secretName: mtlsSecretName,
        secretKey: clientPrivateKey,
        secretCert: clientCert,
        kid: proxygenKid,
        proxygenSecretName: proxygenPrivateKeyArn
      }
    )
  }

  console.log("Deploy the API instance using Proxygen proxy lambda")
  await invokeLambda(
    lambda,
    dryRun,
    instance_put_lambda,
    {
      apiName,
      environment: apigeeEnvironment,
      specDefinition: spec,
      instance,
      kid: proxygenKid,
      proxygenSecretName: proxygenPrivateKeyArn
    }
  )

  let spec_publish_env
  if (apigeeEnvironment === "int") {
    console.log("Deploy the API spec to prod catalogue as it is int environment")
    spec.servers = [ {url: `https://sandbox.api.service.nhs.uk/${instance}`} ]
    spec_publish_env = "prod"
  } else if (apigeeEnvironment === "internal-dev" && !isPullRequest) {
    console.log("Deploy the API spec to uat catalogue as it is internal-dev environment")
    spec.servers = [ {url: `https://internal-dev-sandbox.api.service.nhs.uk/${instance}`} ]
    spec_publish_env = "uat"
  }
  if (spec_publish_env) {
    for (const path of hiddenPaths) {
      delete spec.paths[path]
    }
    await invokeLambda(
      lambda,
      dryRun,
      spec_publish_lambda,
      {
        apiName,
        environment: spec_publish_env,
        specDefinition: spec,
        instance,
        kid: proxygenKid,
        proxygenSecretName: proxygenPrivateKeyArn
      }
    )
  }
}