2019-07-05 19:54:54 +02:00
|
|
|
service:
|
|
|
|
name: accounts
|
|
|
|
awsKmsKeyArn: ${ssm:/aws/reference/secretsmanager/${self:custom.stage}/all/kmsArn~true}
|
|
|
|
|
|
|
|
provider:
|
|
|
|
name: aws
|
|
|
|
endpointType: regional
|
|
|
|
runtime: python3.6
|
|
|
|
stage: alpha
|
|
|
|
region: eu-central-1
|
|
|
|
apiName: offen-${self:provider.stage}
|
|
|
|
logs:
|
|
|
|
restApi: true
|
|
|
|
|
|
|
|
package:
|
|
|
|
individually: true
|
|
|
|
|
|
|
|
plugins:
|
|
|
|
- serverless-domain-manager
|
|
|
|
- serverless-python-requirements
|
|
|
|
- serverless-wsgi
|
|
|
|
|
|
|
|
custom:
|
|
|
|
stage: ${opt:stage, self:provider.stage}
|
2019-07-07 13:21:20 +02:00
|
|
|
origin:
|
|
|
|
production: vault.offen.dev
|
|
|
|
staging: vault-staging.offen.dev
|
|
|
|
alpha: vault-alpha.offen.dev
|
2019-07-10 17:17:50 +02:00
|
|
|
serverHost:
|
|
|
|
production: server.offen.dev
|
|
|
|
staging: server-staging.offen.dev
|
|
|
|
alpha: server-alpha.offen.dev
|
2019-07-05 19:54:54 +02:00
|
|
|
domain:
|
|
|
|
production: accounts.offen.dev
|
|
|
|
staging: accounts-staging.offen.dev
|
|
|
|
alpha: accounts-alpha.offen.dev
|
2019-07-08 15:11:06 +02:00
|
|
|
cookieDomain:
|
|
|
|
production: .offen.dev
|
|
|
|
staging: .offen.dev
|
|
|
|
alpha: .offen.dev
|
2019-07-05 19:54:54 +02:00
|
|
|
customDomain:
|
|
|
|
basePath: ''
|
|
|
|
certificateName: '*.offen.dev'
|
|
|
|
domainName: ${self:custom.domain.${self:custom.stage}}
|
|
|
|
stage: ${self:custom.stage}
|
|
|
|
endpointType: regional
|
|
|
|
createRoute53Record: false
|
|
|
|
wsgi:
|
2019-07-09 18:59:24 +02:00
|
|
|
app: accounts.app
|
2019-07-05 19:54:54 +02:00
|
|
|
packRequirements: false
|
|
|
|
pythonRequirements:
|
|
|
|
slim: true
|
|
|
|
dockerizePip: non-linux
|
2019-07-09 18:59:24 +02:00
|
|
|
fileName: requirements.txt
|
2019-07-05 19:54:54 +02:00
|
|
|
|
|
|
|
functions:
|
2019-07-14 11:50:13 +02:00
|
|
|
authorizer:
|
|
|
|
handler: authorizer.handler
|
|
|
|
environment:
|
|
|
|
BASIC_AUTH_USER: ${ssm:/aws/reference/secretsmanager/${self:custom.stage}/accounts/basicAuthUser~true}
|
|
|
|
HASHED_BASIC_AUTH_PASSWORD: ${ssm:/aws/reference/secretsmanager/${self:custom.stage}/accounts/hashedBasicAuthPassword~true}
|
2019-07-05 19:54:54 +02:00
|
|
|
app:
|
|
|
|
handler: wsgi_handler.handler
|
|
|
|
events:
|
2019-07-14 11:50:13 +02:00
|
|
|
- http:
|
|
|
|
path: /admin/
|
|
|
|
method: any
|
|
|
|
authorizer:
|
|
|
|
name: authorizer
|
|
|
|
resultTtlInSeconds: 0
|
|
|
|
identitySource: method.request.header.Authorization
|
|
|
|
- http:
|
|
|
|
path: /admin/{proxy+}
|
|
|
|
method: any
|
|
|
|
authorizer:
|
|
|
|
name: authorizer
|
|
|
|
resultTtlInSeconds: 0
|
|
|
|
identitySource: method.request.header.Authorization
|
2019-07-05 19:54:54 +02:00
|
|
|
- http:
|
|
|
|
path: '/'
|
|
|
|
method: any
|
|
|
|
- http:
|
2019-07-14 11:50:13 +02:00
|
|
|
path: '/{proxy+}'
|
2019-07-05 19:54:54 +02:00
|
|
|
method: any
|
2019-07-07 13:21:20 +02:00
|
|
|
environment:
|
|
|
|
CORS_ORIGIN: https://${self:custom.origin.${self:custom.stage}}
|
2019-07-09 19:25:58 +02:00
|
|
|
COOKIE_DOMAIN: ${self:custom.cookieDomain.${self:custom.stage}}
|
2019-07-16 09:39:31 +02:00
|
|
|
SERVER_URL: ${self:custom.serverHost.${self:custom.stage}}
|
2019-07-07 13:21:20 +02:00
|
|
|
JWT_PRIVATE_KEY: '${ssm:/aws/reference/secretsmanager/${self:custom.stage}/accounts/jwtPrivateKey~true}'
|
|
|
|
JWT_PUBLIC_KEY: '${ssm:/aws/reference/secretsmanager/${self:custom.stage}/accounts/jwtPublicKey~true}'
|
2019-07-14 11:50:13 +02:00
|
|
|
BASIC_AUTH_USER: ${ssm:/aws/reference/secretsmanager/${self:custom.stage}/accounts/basicAuthUser~true}
|
2019-07-16 09:39:31 +02:00
|
|
|
HASHED_BASIC_AUTH_PASSWORD: ${ssm:/aws/reference/secretsmanager/${self:custom.stage}/accounts/hashedBasicAuthPassword~true}
|
2019-07-10 17:17:50 +02:00
|
|
|
SESSION_SECRET: '${ssm:/aws/reference/secretsmanager/${self:custom.stage}/accounts/sessionSecret~true}'
|
2019-07-16 09:39:31 +02:00
|
|
|
MYSQL_CONNECTION_STRING: '${ssm:/aws/reference/secretsmanager/${self:custom.stage}/accounts/mysqlConnectionString~true}'
|
2019-07-14 11:50:13 +02:00
|
|
|
|
|
|
|
resources:
|
|
|
|
Resources:
|
|
|
|
GatewayResponse:
|
|
|
|
Type: 'AWS::ApiGateway::GatewayResponse'
|
|
|
|
Properties:
|
|
|
|
ResponseParameters:
|
|
|
|
gatewayresponse.header.WWW-Authenticate: "'Basic'"
|
|
|
|
ResponseType: UNAUTHORIZED
|
|
|
|
RestApiId:
|
|
|
|
Ref: 'ApiGatewayRestApi'
|
|
|
|
StatusCode: '401'
|