Optional private content bucket

[chadbean]

issues: #22

This adds optional support for setting the content S3 bucket to private. When using this bucket with CloudFront's origin access identity, it should not be required to set the bucket itself to public if we only need CloudFront to access it.

[chadbean]

@zchase and @sean1588 I tried to follow the build and test instructions but when I ran:

make install_nodejs_sdk

I am seeing errors like:

success Saved lockfile.
$ node scripts/install-pulumi-plugin.js resource aws-static-website ${VERSION}
No version is set for command pulumi
Consider adding one of the following versions in your config file at /Users/me/.tool-versions
pulumi 3.49.0
pulumi 3.50.1
pulumi 3.50.2
pulumi 3.52.0

There was an error installing the resource provider plugin. You may try to manually installing the plugin by running `pulumi plugin install resource aws-static-website`
✨  Done in 9.45s.
yarn run v1.22.19
warning package.json: No license field
warning ../../../../../package.json: No license field
$ /Users/chad/Code/pulumi/pulumi-aws-static-website/sdk/nodejs/node_modules/.bin/tsc --version
Version 3.9.10
✨  Done in 0.33s.
yarn run v1.22.19
warning package.json: No license field
warning ../../../../../package.json: No license field
$ /Users/chad/Code/pulumi/pulumi-aws-static-website/sdk/nodejs/node_modules/.bin/tsc
node_modules/@types/node/ts4.8/util.d.ts:1485:42 - error TS1005: ',' expected.

1485         entries(): IterableIterator<[name: string, value: string]>;
                                              ~

node_modules/@types/node/ts4.8/util.d.ts:1485:44 - error TS1068: Unexpected token. A constructor, method, accessor, or property was expected.

1485         entries(): IterableIterator<[name: string, value: string]>;
...

And a bunch more errors. Specifically: TS1005, TS1068, TS1109, TS1128.

[sean1588]

Hi @chadbean! Thanks for contributing this PR! What version of node are you running? I believe you need to be on node 16 in order for this to build successfully.

[chadbean]

Thanks, @sean1588. I tried to go through the steps again making sure I have the versions in place:

pulumi version
v3.50.2

node --version
v16.19.0

But I'm still seeing the same errors. Let me know if you have any other ideas and I can try them. Otherwise if there's a way to get this tested in fully in CI I'm happy to let that run instead of worrying about my local env.

[chadbean]

@sean1588 I was able to get the make install_nodejs_sdk command working with this change to the Makefile:

diff --git a/Makefile b/Makefile
index 707b9e6..5f93a83 100644
--- a/Makefile
+++ b/Makefile
@@ -86,6 +86,7 @@ gen_nodejs_sdk::
 build_nodejs_sdk:: gen_nodejs_sdk
        cd sdk/nodejs/ && \
                yarn install && \
+               yarn add @types/node@^10.0.0 && \
                yarn run tsc --version && \
                yarn run tsc && \
                cp -R scripts/ bin && \

Perhaps there is a dependency in the SDK that should have more strict pinning?

Will continue with testing a bit later.

[chadbean]

@sean1588 I was able to go into each directory inside of examples/ and init/up and all worked fine except for the react dir which gave this error:

$ pulumi new typescript -s test  --force --name (basename $PWD) --description 'testing'
$ pulumi config set aws:region us-east-1 && pulumi up

Previewing update (test)

View Live: https://app.pulumi.com/redactedbean/react/test/previews/a084c282-9f42-4a9c-a16e-98db1885057f

     Type                                        Name        Plan       Info
 +   pulumi:pulumi:Stack                         react-test  create     3 errors; 12 messages
 +   └─ pulumi-aws-static-website:index:Website  test        create


Diagnostics:
  pulumi:pulumi:Stack (react-test):
    Error: ENOENT: no such file or directory, scandir '/Users/redacted/Code/pulumi/pulumi-aws-static-website/examples/website/build': Error: ENOENT: no such file or directory, scandir '/Users/redacted/Code/pulumi/pulumi-aws-static-website/examples/website/build'
        at Object.readdirSync (node:fs:1405:3)
        at Object.readdirSync (pkg/prelude/bootstrap.js:1309:35)
        at crawlDirectory (/snapshot/pulumi-resource-aws-static-website/bin/website.js:178:30)
        at Website.putContents (/snapshot/pulumi-resource-aws-static-website/bin/website.js:191:9)
        at Website.provisionContentBucket (/snapshot/pulumi-resource-aws-static-website/bin/website.js:125:14)
        at new Website (/snapshot/pulumi-resource-aws-static-website/bin/website.js:64:32)
        at /snapshot/pulumi-resource-aws-static-website/bin/provider.js:48:25
        at Generator.next (<anonymous>)
        at /snapshot/pulumi-resource-aws-static-website/bin/provider.js:21:71
        at new Promise (<anonymous>)

    error: Site path directory, ../website/build does not exist.
    error: Default document "index.html" does not exist.
    error: Running program '/Users/redacted/Code/pulumi/pulumi-aws-static-website/examples/react' failed with an unhandled exception:
    Error: failed to register new resource test [aws-static-website:index:Website]: 2 UNKNOWN: ENOENT: no such file or directory, scandir '/Users/redacted/Code/pulumi/pulumi-aws-static-website/examples/website/build'
        at Object.registerResource (/Users/redacted/Code/pulumi/pulumi-aws-static-website/sdk/nodejs/node_modules/@pulumi/runtime/resource.ts:339:27)
        at new Resource (/Users/redacted/Code/pulumi/pulumi-aws-static-website/sdk/nodejs/node_modules/@pulumi/resource.ts:398:13)
        at new ComponentResource (/Users/redacted/Code/pulumi/pulumi-aws-static-website/sdk/nodejs/node_modules/@pulumi/resource.ts:891:9)
        at new Website (/Users/redacted/Code/pulumi/pulumi-aws-static-website/sdk/nodejs/website.ts:93:9)
        at Object.<anonymous> (/Users/redacted/Code/pulumi/pulumi-aws-static-website/examples/react/index.ts:11:13)
        at Module._compile (node:internal/modules/cjs/loader:1165:14)
        at Module.m._compile (/Users/redacted/Code/pulumi/pulumi-aws-static-website/examples/react/node_modules/ts-node/src/index.ts:439:23)
        at Module._extensions..js (node:internal/modules/cjs/loader:1219:10)
        at Object.require.extensions.<computed> [as .ts] (/Users/redacted/Code/pulumi/pulumi-aws-static-website/examples/react/node_modules/ts-node/src/index.ts:442:12)
        at Module.load (node:internal/modules/cjs/loader:1043:32)
    Provisioning bucket objects for contents from local disk at /Users/redacted/Code/pulumi/pulumi-aws-static-website/examples/website/build.

Is there another step I have to run or should the sitePath value in react/yaml/Pulumi.yaml be changed to website/public?

[sean1588]

thanks @chadbean. sorry for the late response! Yeah you need to run npm run build in order to generate the built website files in that directory. I'll update the README if that is not already in there.

[sean1588]

Thanks for your contribution. I'll test this out as well.

[chadbean]

Yeah you need to run npm run build in order to generate the built website files in that directory. I'll update the README if that is not already in there.

Which dir should I run npm run build from?

[sean1588]

@chadbean you need to run it in the website directory. This will generate the build directory.

[sean1588]

hey @chadbean, just wanted to check in and see if you were able to generate the build successfully. Let me know if you need any other assistance, happy to help!

[chadbean]

Thanks, @sean1588. I ran npm run build from the ./examples/react/website/ dir and it looks like it requires real AWS creds? I don't have test account credentials readily available to run this against.

Since all the examples worked for me without AWS creds except this one, would you be able to help me test this?

Previewing update (test)

View Live: https://app.pulumi.com/chadbean/react/test/previews/7c329ae2-8ebf-4428-a1eb-3949134d1754

     Type                                        Name          Plan       Info
 +   pulumi:pulumi:Stack                         react-test    create     1 message
 +   ├─ pulumi-aws-static-website:index:Website  test          create
     └─ aws:s3:Bucket                            website-logs             1 error


Diagnostics:
  pulumi:pulumi:Stack (react-test):
    Provisioning bucket objects for contents from local disk at /Users/user/Code/pulumi/pulumi-aws-static-website/examples/react/website/build.

  aws:s3:Bucket (website-logs):
    error: unable to validate AWS credentials.
    Details: no valid credential sources for  found.

    Please see
    for more information about providing credentials.

    Error: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, request send failed, Get "http://169.254.169.254/latest/meta-data/iam/security-credentials/": dial tcp 169.254.169.254:80: i/o timeout

[sean1588]

@chadbean, yeah you will need access to an AWS account with credentials that can perform the actions needed to provision the infrastructure in order to use this component. I can pull your changes and get them tested.

[chadbean]

@sean1588 looks like there's a conflict now. I can try to fix that but once I do, I wanted to see if you'd be able to help test this?