Separate htsget_settings to stateless/stateful without entering into …

…the full non-functional refactoring route.

Co-authored-by: Marko Malenic <mmalenic1@gmail.com>

deploy/bin/htsget-lambda.ts

@@ -1,11 +1,12 @@
 import * as cdk from 'aws-cdk-lib';
 import { Construct } from 'constructs';
-import {HtsgetLambdaConstruct} from "../../deploy/lib/htsget-lambda-construct";
+import { HtsgetLambdaConstruct } from "../../deploy/lib/htsget-lambda-construct";
 import { SETTINGS } from "../../deploy/bin/settings"
-import { HtsgetSettings } from "../../deploy/lib/htsget-lambda-construct"
+import { HtsgetStatefulSettings } from "../../deploy/lib/htsget-lambda-construct"
+import { HtsgetStatelessSettings } from "../../deploy/lib/htsget-lambda-construct"
 
 export class HtsgetTestStack extends cdk.Stack {
-  constructor(scope: Construct, id: string, settings: HtsgetSettings, props?: cdk.StackProps) {
+  constructor(scope: Construct, id: string, settings: HtsgetStatefulSettings & HtsgetStatelessSettings, props?: cdk.StackProps) {
     super(scope, id, props);
 
     new HtsgetLambdaConstruct(this, 'Htsget-rs', SETTINGS);

deploy/bin/settings.ts

@@ -1,9 +1,10 @@
-import { HtsgetSettings } from "../lib/htsget-lambda-construct";
+import { HtsgetStatelessSettings } from "../lib/htsget-lambda-construct";
+import { HtsgetStatefulSettings } from "../lib/htsget-lambda-construct";
 
 /**
  * Settings to use for the htsget deployment.
  */
-export const SETTINGS: HtsgetSettings = {
+export const SETTINGS: HtsgetStatelessSettings & HtsgetStatefulSettings = {
   config: "config/example_deploy.toml",
   // Specify the domain to serve htsget-rs under.
   domain: "dev.umccr.org",
@@ -19,7 +20,7 @@ export const SETTINGS: HtsgetSettings = {
     // Set this to false if you want a private instance.
     public: false,
     cogUserPoolId: "ap-southeast-2_iWOHnsurL",
-    jwtAudience: [""], // Should match your cognito client id
+    jwtAudience: ["3jgmc7kqaaf8mqbv2sgmujslrp"], // Should match your cognito client id
     //issuer: "Amazon",
   },
   // Enable additional features for compiling htsget-rs. `s3-storage` is always enabled.

deploy/lib/htsget-lambda-construct.ts

@@ -43,14 +43,10 @@ import { BucketDeployment, Source } from "aws-cdk-lib/aws-s3-deployment";
 import { Secret } from "aws-cdk-lib/aws-secretsmanager";
 
 /**
- * Settings related to the htsget lambda construct props.
+ * These options are related to creating stateful resources. Some of these might conflict with existing resources
+ * in the AWS account.
  */
-export type HtsgetSettings = {
-  /**
-   * The location of the htsget-rs config file.
-   */
-  config: string;
-
+export type HtsgetStatefulSettings = {
   /**
    * The domain name for the htsget server.
    */
@@ -61,28 +57,14 @@ export type HtsgetSettings = {
    */
   subDomain?: string;
 
-  /**
-   * The buckets to serve data from. If this is not specified, this defaults to `[]`.
-   * This affects which buckets are allowed to be accessed by the policy actions which are `["s3:List*", "s3:Get*"]`.
-   * Note that this option does not create buckets, it only gives permission to access them, see the `createS3Buckets`
-   * option. This option must be specified to allow `htsget-rs` to access data in buckets that are not created in
-   * this construct.
-   */
-  s3BucketResources: string[];
-
-  /**
-   * Whether this deployment is gated behind a JWT authorizer, or if its public.
-   */
-  jwtAuthorizer: HtsgetJwtAuthSettings;
-
   /**
    * Whether to lookup the hosted zone with the domain name. Defaults to `true`. If `true`, attempts to lookup an
    * existing hosted zone using the domain name. Set this to `false` if you want to create a new hosted zone under the
    * domain name.
    */
   lookupHostedZone?: boolean;
 
-  /**
+    /**
    * Whether to create a test bucket. Defaults to true. Buckets are created with
    * [`RemovalPolicy.RETAIN`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.RemovalPolicy.html).
    * The correct access permissions are automatically added.
@@ -95,7 +77,7 @@ export type HtsgetSettings = {
    */
   bucketName?: string;
 
-  /**
+      /**
    * Whether to copy test data into the bucket. Defaults to true. This copies the example data under the `data`
    * directory to those buckets. This option only has an affect is `createS3Buckets` is true.
    */
@@ -109,6 +91,30 @@ export type HtsgetSettings = {
    * with [`RemovalPolicy.RETAIN`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.RemovalPolicy.html).
    */
   copyExampleKeys?: boolean;
+};
+
+/**
+ * Settings related to the htsget lambda construct props.
+ */
+export type HtsgetStatelessSettings = {
+  /**
+   * The location of the htsget-rs config file.
+   */
+  config: string;
+
+  /**
+   * The buckets to serve data from. If this is not specified, this defaults to `[]`.
+   * This affects which buckets are allowed to be accessed by the policy actions which are `["s3:List*", "s3:Get*"]`.
+   * Note that this option does not create buckets, it only gives permission to access them, see the `createS3Buckets`
+   * option. This option must be specified to allow `htsget-rs` to access data in buckets that are not created in
+   * this construct.
+   */
+  s3BucketResources: string[];
+
+  /**
+   * Whether this deployment is gated behind a JWT authorizer, or if its public.
+   */
+  jwtAuthorizer: HtsgetJwtAuthSettings;
 
   /**
    * The Secrets Manager secrets which htsget-rs needs access to. This affects the permissions that get added to the
@@ -184,14 +190,76 @@ export type Config = {
   maxAge?: Duration;
 };
 
+// export class HtsgetStatelessConstruct extends Construct {
+//   constructor(
+//     scope: Construct,
+//     id: string,
+//     settings: HtsgetStatelessSettings
+//   ) {
+//     super(scope, id);
+
+//     const config = this.getConfig(settings.config);
+
+//     const lambdaRole = new Role(this, id + "Role", {
+//       assumedBy: new ServicePrincipal("lambda.amazonaws.com"),
+//       description: "Lambda execution role for " + id,
+//     });
+
+//     const s3BucketPolicy = new PolicyStatement({
+//       actions: ["s3:List*", "s3:Get*"],
+//       resources: settings.s3BucketResources ?? [],
+//     });
+
+//     const secretPolicy = new PolicyStatement({
+//       actions: ["secretsmanager:GetSecretValue"],
+//       resources: settings.secretArns ?? [],
+//     });
+//   }
+
+//   /**
+//    * Get the environment from config.toml
+//    */
+//   getConfig(config: string): Config {
+//     const configToml = TOML.parse(readFileSync(config).toString());
+
+//     return {
+//       htsgetConfig: HtsgetLambdaConstruct.configToEnv(configToml),
+//       allowCredentials:
+//         configToml.ticket_server_cors_allow_credentials as boolean,
+//       allowHeaders: HtsgetLambdaConstruct.convertCors(
+//         configToml,
+//         "ticket_server_cors_allow_headers",
+//       ),
+//       allowMethods: HtsgetLambdaConstruct.corsAllowMethodToHttpMethod(
+//         HtsgetLambdaConstruct.convertCors(
+//           configToml,
+//           "ticket_server_cors_allow_methods",
+//         ),
+//       ),
+//       allowOrigins: HtsgetLambdaConstruct.convertCors(
+//         configToml,
+//         "ticket_server_cors_allow_origins",
+//       ),
+//       exposeHeaders: HtsgetLambdaConstruct.convertCors(
+//         configToml,
+//         "ticket_server_cors_expose_headers",
+//       ),
+//       maxAge:
+//         configToml.ticket_server_cors_max_age !== undefined
+//           ? Duration.seconds(configToml.ticket_server_cors_max_age as number)
+//           : undefined,
+//     };
+//   }
+// }
+
 /**
  * Construct used to deploy htsget-lambda.
  */
 export class HtsgetLambdaConstruct extends Construct {
   constructor(
     scope: Construct,
     id: string,
-    settings: HtsgetSettings,
+    settings: HtsgetStatelessSettings & HtsgetStatefulSettings,
   ) {
     super(scope, id);