Skip to content

Commit 446dd15

Browse files
authored
feat: LLMO-3231 byocdn-fastly default auth method is iam role (#1384)
Please ensure your pull request adheres to the following guidelines: - [ ] make sure to link the related issues in this description - [ ] when merging / squashing, make sure the fixed issue references are visible in the commits, for easy compilation of release notes ## Related Issues Thanks for contributing!
1 parent 32ae735 commit 446dd15

File tree

3 files changed

+111
-42
lines changed

3 files changed

+111
-42
lines changed

package-lock.json

Lines changed: 29 additions & 23 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

packages/spacecat-shared-utils/src/cdn-helpers.js

Lines changed: 41 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -62,24 +62,31 @@ const FASTLY_LOG_FORMAT = `{
6262
"time_to_first_byte": "%{time.to_first_byte}V"
6363
}`;
6464
const CDN_TRANSFORMATIONS = {
65-
'byocdn-fastly': (payload) => ({
66-
'Bucket Name': payload.bucketName,
67-
Domain: `s3.${payload.region}.amazonaws.com`,
68-
Path: `${payload.allowedPaths?.[0] || ''}%Y/%m/%d/%H/`,
69-
'Timestamp Format': '%Y-%m-%dT%H:%M:%S.000',
70-
Placement: 'Format Version Default',
71-
'Log format': FASTLY_LOG_FORMAT,
72-
'Access method': 'User credentials',
73-
...transformCredentialFields(payload),
74-
Period: 300,
75-
'Log line format': 'Blank',
76-
Compression: 'Gzip',
77-
'Redundancy level': 'Standard',
78-
ACL: 'None',
79-
'Server side encryption': 'None',
80-
'Maximum bytes': 0,
81-
HelpUrl: 'https://www.fastly.com/documentation/guides/integrations/logging-endpoints/log-streaming-amazon-s3/',
82-
}),
65+
'byocdn-fastly': (payload) => {
66+
const authMethodLabel = payload.authMethod === 'iam_role' ? 'IAM Role' : 'User credentials';
67+
const authFields = payload.authMethod === 'iam_role'
68+
? { 'Role ARN': payload.roleArn }
69+
: transformCredentialFields(payload);
70+
71+
return {
72+
'Bucket Name': payload.bucketName,
73+
Domain: `s3.${payload.region}.amazonaws.com`,
74+
Path: `${payload.allowedPaths?.[0] || ''}%Y/%m/%d/%H/`,
75+
'Timestamp Format': '%Y-%m-%dT%H:%M:%S.000',
76+
Placement: 'Format Version Default',
77+
'Log format': FASTLY_LOG_FORMAT,
78+
'Access method': authMethodLabel,
79+
...authFields,
80+
Period: 300,
81+
'Log line format': 'Blank',
82+
Compression: 'Gzip',
83+
'Redundancy level': 'Standard',
84+
ACL: 'None',
85+
'Server side encryption': 'None',
86+
'Maximum bytes': 0,
87+
HelpUrl: 'https://www.fastly.com/documentation/guides/integrations/logging-endpoints/log-streaming-amazon-s3/',
88+
};
89+
},
8390
'byocdn-akamai': (payload) => ({
8491
'Bucket Name': payload.bucketName,
8592
Region: payload.region,
@@ -238,7 +245,22 @@ const prettifyLogForwardingConfig = (payload) => {
238245
throw new Error('allowedPaths is required in payload');
239246
}
240247

241-
if (payload.logSource === 'byocdn-fastly' || payload.logSource === 'byocdn-akamai' || payload.logSource === 'byocdn-other') {
248+
if (payload.logSource === 'byocdn-fastly') {
249+
if (payload.authMethod === 'user_credentials') {
250+
if (!payload.accessKey && !payload.currentAccessKey) {
251+
throw new Error('accessKey or currentAccessKey is required in payload');
252+
}
253+
if (!payload.secretKey && !payload.currentSecretKey) {
254+
throw new Error('secretKey or currentSecretKey is required in payload');
255+
}
256+
} else if (payload.authMethod === 'iam_role') {
257+
if (!payload.roleArn) {
258+
throw new Error('roleArn is required in payload when authMethod is iam_role');
259+
}
260+
}
261+
}
262+
263+
if (payload.logSource === 'byocdn-akamai' || payload.logSource === 'byocdn-other') {
242264
if (!payload.accessKey && !payload.currentAccessKey) {
243265
throw new Error('accessKey or currentAccessKey is required in payload');
244266
}

packages/spacecat-shared-utils/test/cdn-helpers.test.js

Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -113,6 +113,38 @@ describe('CDN Helper Functions', () => {
113113
// Should use empty string as prefix
114114
expect(result.Path).to.equal('%Y/%m/%d/%H/');
115115
});
116+
117+
it('should transform payload for byocdn-fastly with iam_role authMethod', () => {
118+
const iamRolePayload = {
119+
...mockPayload,
120+
logSource: 'byocdn-fastly',
121+
authMethod: 'iam_role',
122+
roleArn: 'arn:aws:iam::123456789012:role/FastlyCDNRole',
123+
};
124+
delete iamRolePayload.accessKey;
125+
delete iamRolePayload.secretKey;
126+
127+
const result = prettifyLogForwardingConfig(iamRolePayload);
128+
129+
expect(result).to.deep.equal({
130+
'Bucket Name': 'cdn-logs-adobe-dev',
131+
Domain: 's3.us-east-1.amazonaws.com',
132+
Path: '9E1005A551ED61CA0A490D45@AdobeOrg/raw/byocdn-fastly/%Y/%m/%d/%H/',
133+
'Timestamp Format': '%Y-%m-%dT%H:%M:%S.000',
134+
Placement: 'Format Version Default',
135+
'Log format': FASTLY_LOG_FORMAT,
136+
'Access method': 'IAM Role',
137+
'Role ARN': 'arn:aws:iam::123456789012:role/FastlyCDNRole',
138+
Period: 300,
139+
'Log line format': 'Blank',
140+
Compression: 'Gzip',
141+
'Redundancy level': 'Standard',
142+
ACL: 'None',
143+
'Server side encryption': 'None',
144+
'Maximum bytes': 0,
145+
HelpUrl: 'https://www.fastly.com/documentation/guides/integrations/logging-endpoints/log-streaming-amazon-s3/',
146+
});
147+
});
116148
});
117149

118150
describe('other CDN types', () => {
@@ -376,6 +408,15 @@ describe('CDN Helper Functions', () => {
376408
);
377409
});
378410

411+
it('should throw error when roleArn is missing for byocdn-fastly with iam_role authMethod', () => {
412+
const payloadWithoutRoleArn = { ...mockPayload, authMethod: 'iam_role' };
413+
delete payloadWithoutRoleArn.accessKey;
414+
delete payloadWithoutRoleArn.secretKey;
415+
expect(() => prettifyLogForwardingConfig(payloadWithoutRoleArn)).to.throw(
416+
'roleArn is required in payload when authMethod is iam_role',
417+
);
418+
});
419+
379420
it('should throw error when accessKey/currentAccessKey is missing for byocdn-akamai', () => {
380421
const payloadWithoutAccessKey = { ...mockPayload, logSource: 'byocdn-akamai' };
381422
delete payloadWithoutAccessKey.accessKey;

0 commit comments

Comments
 (0)