diff --git a/src/services/configServices/SettingsService.js b/src/services/configServices/SettingsService.js index 66a898073..e5114ee7a 100644 --- a/src/services/configServices/SettingsService.js +++ b/src/services/configServices/SettingsService.js @@ -173,6 +173,14 @@ class SettingsService { // only when changing from public to private - not awaited as this is slow and non-blocking privatiseNetlifySite(siteName, password) } + const updatePasswordResp = await this.deploymentsService.updateAmplifyPassword( + siteName, + password, + enablePassword + ) + if (updatePasswordResp.isErr()) { + return updatePasswordResp + } if (isPrivate !== enablePassword) { // For public -> private or private -> public, we also need to update the repo privacy on github const privatiseRepoRes = await this.gitHubService.changeRepoPrivacy( @@ -189,11 +197,7 @@ class SettingsService { return errAsync(err) } } - return this.deploymentsService.updateAmplifyPassword( - siteName, - password, - enablePassword - ) + return updatePasswordResp } shouldUpdateHomepage(updatedConfigContent, configContent) { diff --git a/src/services/identity/DeploymentClient.ts b/src/services/identity/DeploymentClient.ts index eb7c8598d..df9fc8c8a 100644 --- a/src/services/identity/DeploymentClient.ts +++ b/src/services/identity/DeploymentClient.ts @@ -143,19 +143,23 @@ class DeploymentClient { }, }) - generateDeletePasswordInput = (appId: string): UpdateBranchCommandInput => ({ + generateDeletePasswordInput = ( + appId: string, + branchName = "staging" + ): UpdateBranchCommandInput => ({ appId, - branchName: "staging", + branchName, enableBasicAuth: false, basicAuthCredentials: "", }) generateUpdatePasswordInput = ( appId: string, - password: string + password: string, + branchName = "staging" ): UpdateBranchCommandInput => ({ appId, - branchName: "staging", + branchName, enableBasicAuth: true, basicAuthCredentials: Buffer.from(`user:${password}`).toString("base64"), }) diff --git a/src/services/identity/DeploymentsService.ts b/src/services/identity/DeploymentsService.ts index ee4924e9f..c03935ebe 100644 --- a/src/services/identity/DeploymentsService.ts +++ b/src/services/identity/DeploymentsService.ts @@ -202,9 +202,14 @@ class DeploymentsService { return okAsync(deploymentInfo) } - deletePassword = async (appId: string, deploymentId: number) => { + deletePassword = async ( + appId: string, + deploymentId: number, + isStagingLite: boolean + ) => { const updateAppInput = this.deploymentClient.generateDeletePasswordInput( - appId + appId, + isStagingLite ? "staging-lite" : "staging" ) const updateResp = await this.deploymentClient.sendUpdateApp(updateAppInput) @@ -249,9 +254,22 @@ class DeploymentsService { return errAsync( new NotFoundError(`Deployment for site ${repoName} does not exist`) ) - const { id, hostingId: appId } = deploymentInfo + const { + id, + hostingId: appId, + stagingLiteHostingId: stagingLiteId, + } = deploymentInfo - if (!enablePassword) return this.deletePassword(appId, id) + if (!enablePassword) { + const stagingRes = await this.deletePassword(appId, id, false) + if (!stagingLiteId || stagingRes.isErr()) return stagingRes + const stagingLiteRes = await this.deletePassword(stagingLiteId, id, true) + if (stagingLiteRes.isErr()) + logger.error( + `Privatisation adjustment failed for ${repoName} - requires manual fixing of inconsistent state` + ) + return stagingLiteRes + } const { encryptedPassword: oldEncryptedPassword, @@ -273,6 +291,24 @@ class DeploymentsService { return updateResp } + if (stagingLiteId) { + const updateStagingLiteInput = this.deploymentClient.generateUpdatePasswordInput( + stagingLiteId, + password, + "staging-lite" + ) + + const updateStagingLiteResp = await this.deploymentClient.sendUpdateApp( + updateStagingLiteInput + ) + if (updateStagingLiteResp.isErr()) { + logger.error( + `Privatisation adjustment failed for ${repoName} - requires manual fixing of inconsistent state` + ) + return updateStagingLiteResp + } + } + const { encryptedPassword, iv } = encryptPassword(password, SECRET_KEY) await this.deploymentsRepository.update( { diff --git a/src/services/identity/SitesService.ts b/src/services/identity/SitesService.ts index 5acd5107a..094fb3727 100644 --- a/src/services/identity/SitesService.ts +++ b/src/services/identity/SitesService.ts @@ -327,19 +327,30 @@ class SitesService { return okAsync(site.deployment) } + // Privatisation has priority over growthbook - if private, automatically use staging + const isPrivateSiteSyncedWithDb = + site.isPrivate && site?.deployment?.stagingUrl.includes("staging.") + const featureFlagSyncedWithDb = - (isReduceBuildTimesWhitelistedRepo(sessionData.growthbook) && + !site.isPrivate && + ((isReduceBuildTimesWhitelistedRepo(sessionData.growthbook) && site?.deployment?.stagingUrl.includes("staging-lite.")) || - // useful for rollbacks - (!isReduceBuildTimesWhitelistedRepo(sessionData.growthbook) && - site?.deployment?.stagingUrl.includes("staging.")) + // useful for rollbacks + (!isReduceBuildTimesWhitelistedRepo(sessionData.growthbook) && + site?.deployment?.stagingUrl.includes("staging."))) - if (featureFlagSyncedWithDb) { + if (isPrivateSiteSyncedWithDb || featureFlagSyncedWithDb) { return okAsync(site.deployment) } let stagingUrl: StagingPermalink - if (isReduceBuildTimesWhitelistedRepo(sessionData.growthbook)) { + if (site.isPrivate) { + stagingUrl = Brand.fromString( + `https://staging.${site.deployment.hostingId}.amplifyapp.com` + ) + } else if ( + isReduceBuildTimesWhitelistedRepo(sessionData.growthbook) + ) { stagingUrl = Brand.fromString( `https://staging-lite.${site.deployment.stagingLiteHostingId}.amplifyapp.com` )