Metadata-Version: 2.1
Name: construct-hub
Version: 0.3.117
Summary: A construct library that models Construct Hub instances.
Home-page: https://github.com/cdklabs
Author: Amazon Web Services, Inc.<construct-ecosystem-team@amazon.com>
License: Apache-2.0
Project-URL: Source, https://github.com/cdklabs/construct-hub.git
Platform: UNKNOWN
Classifier: Intended Audience :: Developers
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: JavaScript
Classifier: Programming Language :: Python :: 3 :: Only
Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: 3.7
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Typing :: Typed
Classifier: Development Status :: 4 - Beta
Classifier: License :: OSI Approved
Requires-Python: >=3.6
Description-Content-Type: text/markdown
License-File: LICENSE
License-File: NOTICE

# Construct Hub

This project maintains a [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) construct library
that can be used to deploy instances of the Construct Hub in any AWS Account.

This software backs the public instance of the
[ConstructHub](https://constructs.dev), and can be used to deploy a self-hosted
instance with personalized configuration.

## :question: Getting Started

> :warning: Disclaimer
>
> The [public instance of ConstructHub](https://constructs.dev) is currently in
> *Developer Preview*.
>
> Self-hosted ConstructHub instances are however in active development and
> should be considered *experimental*. Breaking changes to the public API of
> this package are expected to be released without prior notice, and the
> infrastructure and operational posture of ConstructHub instances may also
> significantly change.
>
> You are welcome to deploy self-hosted instances of ConstructHub for evaluation
> purposes, and we welcome any feedback (good or bad) from your experience in
> doing so.

### Quick Start

Once you have installed the `construct-hub` library in your project, the
simplest way to get started is to create an instance of the `ConstructHub`
construct:

```python
# Example automatically generated from non-compiling source. May contain errors.
from aws_cdk.core import App, Stack
from construct_hub import ConstructHub

# The usual... you might have used `cdk init app` instead!
app = App()
stack = Stack(app, "StackName")

# Now to business!
ConstructHub(stack, "ConstructHub")
```

### Personalization

#### Using a custom domain name

In order to use a custom domain for your ConstructHub instance instead of the
default CloudFront domain name, specify the `domain` property with the following
elements:

Attribute                     | Description
------------------------------|---------------------------------------------------------------------
`zone`                        | A Route53 Hosted Zone, where DNS records will be added.
`cert`                        | An Amazon Certificate Manager certificate, which must be in the `us-east-1` region.
`monitorCertificateExpiration`| Set to `false` if you do not want an alarm to be created when the certificate is close to expiry.

Your self-hosted ConstructHub instance will be served from the root of the
provided `zone`, so the certificate must match this name.

#### Alternate package sources

By default, ConstructHub has a single package source configured: the public
`npmjs.com` registry. Self-hosted instances typically should list packages from
alternate sources, either in addition to packages from `npmjs.com`, or instead
of those.

The `packageSources` property can be used to replace the default set of package
sources configured on the instance. ConstructHub provides `IPackageSource`
implementations for the public `npmjs.com` registry as well as for private
CodeArtifact repositories:

```python
# Example automatically generated from non-compiling source. May contain errors.
import aws_cdk.aws_codeartifact as codeartifact
from aws_cdk.core import App, Stack
from construct_hub import sources, ConstructHub

# The usual... you might have used `cdk init app` instead!
app = App()
stack = Stack(app, "StackName")

# Now to business!
registry = codeartifact.CfnRegistry(stack, "Registry")
ConstructHub(stack, "ConstructHub",
    package_sources=[
        sources.NpmJs(),  # Remove if you do NOT want npmjs.com packages
        sources.CodeArtifact(registry=registry)
    ]
)
```

You may also implement a custom `IPackageSource` if you want to index packages
from alternate locations. In this case, the component you provide will be
responsible for sending notifications to an SQS Queue about newly discovered
packages. You may refer to the [sources.NpmJs](src/package-sources/npmjs.ts) and [sources.CodeArtifact](src/package-sources/code-artifact.ts)
implementations as a reference for hos this can be done.

By default, download counts of NPM packages will be fetched periodically from
NPM's public API by a Lambda. Since this is not desirable if you are using a
private package registry, this is automatically disabled if you specify your own
value for `packageSources`. (But this can be re-enabled through the
`fetchPackageStats` property if needed).

#### Package deny list

Certain packages may be undesirable to show in your self-hosted ConstructHub
instance. In order to prevent a package from ever being listed in construct hub,
the `denyList` property can be configured with a set of `DenyListRule` objects
that specify which package or package versions should never be lested:

```python
# Example automatically generated from non-compiling source. May contain errors.
from aws_cdk.core import App, Stack
from construct_hub import ConstructHub

# The usual... you might have used `cdk init app` instead!
app = App()
stack = Stack(app, "StackName")

# Now to business!
ConstructHub(stack, "ConstructHub",
    deny_list=[{"package_name": "sneaky-hackery", "reason": "Mines bitcoins wherever it gets installed"}, {"package_name": "bad-release", "version": "1.2.3", "reason": "CVE-####-#####"}
    ]
)
```

#### Decrease deployment footprint

By default, ConstructHub executes the documentation rendering process in the
context of isolated subnets. This is a defense-in-depth mechanism to mitigate
the risks associated with downloading aribtrary (un-trusted) *npm packages* and
their dependency closures.

This layer of security implies the creation of a number of resources that can
increase the operating cost of your self-hosted instance: several VPC endpoints
are created, an internal CodeArtifact repository needs to be provisioned, etc...

While we generally recommend leaving these features enabled, if your self-hosted
ConstructHub instance only indexes *trusted* packages (as could be the case for
an instance that does not list packages from the public `npmjs.com` registry),
you may set the `isolateLambdas` setting to `false`.

## :gear: Operating a self-hosted instance

1. [Application Overview](./docs/application-overview.md) provides a high-level
   description of the components that make a ConstructHub instance. This is a
   great starting point for people who consider operating a self-hosted instance
   of ConstructHub; and for new operators on-boarding the platform.
2. [Operator Runbook](./docs/operator-runbook.md) is a series of diagnostics and
   troubleshooting guides indended for operators to have a quick and easy way to
   navigate a ConstructHub instance when they are reacting to an alarm or bug
   report.

### :baby_chick: Deployment Canaries

Construct Hub provides several built-in validation mechanisms to make sure the
deployment of your instance is continuously operating as expected.

These mechanisms come in the form of canary testers that are part of the
ConstructHub deployment stack. Each canary runs periodically and performs a
different check, triggering a different CloudWatch alarm in case it detects a
failure.

We recommend that you use staged deployments, and block promotions to the
production stage in case any preivous stage triggers an alarm within a specific
timeframe.

#### Discovery Canary

When configuring an `NpmJs` package source, a package discovery canary can be
enabled using the `enableCanary` property (and optionally configured using the
`canaryPackage` and `canarySla` properties). This feature is activated by
default and monitors availability of releases of the `construct-hub-probe` npm
package in the ConstructHub instance.

Probe packages, such as `construct-hub-probe` are published frequently (e.g:
every 3 hours or more frequently), and can be used to ensure the ConstructHub
instance correctly discovers, indexes and represents those packages.

If a different package or SLA should be used, you can configure the `NpmJs`
package source manually like so:

```python
# Example automatically generated from non-compiling source. May contain errors.
import aws_cdk.aws_codeartifact as codeartifact
from aws_cdk.core import App, Stack
from construct_hub import sources, ConstructHub

app = App()
stack = Stack(app, "StackName")

ConstructHub(stack, "ConstructHub",
    # ...
    package_sources=[
        # ...
        sources.NpmJs(
            enable_canary=True,  # This is the default
            canary_package="@acme/my-constructhub-probe",
            canary_sla=Duration.minutes(30)
        )
    ]
)
```

In case the new package isn't fully available in the predefined SLA, a
**low severity** CloudWatch alarm will trigger, which will in turn trigger
the configured action for low severity alarms.

> See [Monitoring & Alarms](./docs/application-overview.md#monitoring--alarming)

The operator runbook contains [instructions](./docs/operator-runbook.md) on how
to diagnose and mitigate the root cause of the failure.

### :nail_care: Customizing the frontend

There are a number of customizations available in order to make your private
construct hub better tailored to your organization.

#### Package Tags

Configuring package tags allows you to compute additional labels to be applied
to packages. These can be used to indicate to users which packages are owned by
trusted organizations, or any other arbitrary conditions, and can be referenced
while searching.

For example:

```python
# Example automatically generated from non-compiling source. May contain errors.
ConstructHub(self, "ConstructHub",
    (SpreadAssignment ...myProps
      my_props),
    package_tags=[{
        "id": "official",
        "condition": TagCondition.field("name").eq("construct-hub"),
        "keyword": {
            "label": "Official",
            "color": "#00FF00"
        },
        "highlight": {
            "label": "Vended by AWS",
            "color": "#00FF00"
        }
    }]
)
```

The above example will result in packages with the `name` of `construct-hub` to
receive the `Official` tag, which is colored green and displayed amongst the
list of keywords. Additionally the `highlight` key shows this as a highlighted
item on the package's card.

The `searchFilter` key can also be used to show tags as search filters grouped
together.

```python
# Example automatically generated from non-compiling source. May contain errors.
is_aws = TagCondition.field("name").eq("construct-hub")
ConstructHub(self, "ConstructHub",
    (SpreadAssignment ...myProps
      my_props),
    package_tags=[{
        "id": "AWS",
        "condition": is_aws,
        "search_filter": {
            "group_by": "Authors",
            "display": "AWS"
        }
    }, {
        "id": "Community",
        "condition": TagCondition.not(is_aws),
        "search_filter": {
            "group_by": "Authors",
            "display": "AWS"
        }
    }]
)
```

The above will show a list of `Authors` filters on the search results page
with a checkbox for each `AWS` and `Community` packages, allowing users to
filter results by the presence of these tags.

Combinations of conditions are also supported:

```python
# Example automatically generated from non-compiling source. May contain errors.
ConstructHub(self, "ConstructHub",
    (SpreadAssignment ...myProps
      my_props),
    package_tags=[{
        "label": "Official",
        "color": "#00FF00",
        "condition": TagCondition.or(
            TagCondition.field("name").eq("construct-hub"),
            TagCondition.field("name").eq("construct-hub-webapp"))
    }]
)condition: TagCondition.or(
  ...['construct-hub', 'construct-hub-webapp', '...',]
    .map(name => TagCondition.field('name').eq(name))
),
```

You can assert against any value within package json including nested ones.

```python
# Example automatically generated from non-compiling source. May contain errors.
TagCondition.field("constructHub", "nested", "key").eq("value")

# checks
package_json.construct_hub.nested.key == value
```

#### Package Links

Configuring package links allows you to replace the `Repository`, `License`,
and `Registry` links on the package details page with whatever you choose.

For example:

```python
# Example automatically generated from non-compiling source. May contain errors.
ConstructHub(self, "ConstructHub",
    (SpreadAssignment ...myProps
      my_props),
    package_links=[{
        "link_label": "Service Level Agreement",
        "config_key": "SLA"
    }, {
        "link_label": "Contact",
        "config_key": "Contact",
        "link_text": "Email Me!",
        "allowed_domains": ["me.com"]
    }]
)
```

This would allow publishers to add the following to their package.json:

```json
"constructHub": {
  "packageLinks": {
    "SLA": "https://support.mypackage.com",
    "Contact": "me.com/contact"
  }
}
```

Then the links on the corresponding package page would show these items as
configured.

#### Home Page

The home page is divided into sections, each with a header and list of packages.
Currently, for a given section you can display either the most recently updated
packages, or a curated list of packages.

For example:

```python
# Example automatically generated from non-compiling source. May contain errors.
ConstructHub(self, "ConstructHub",
    (SpreadAssignment ...myProps
      my_props),
    featured_packages={
        "sections": [{
            "name": "Recently updated",
            "show_last_updated": 4
        }, {
            "name": "From the AWS CDK",
            "show_packages": [{
                "name": "@aws-cdk/core"
            }, {
                "name": "@aws-cdk/aws-s3",
                "comment": "One of the most popular AWS CDK libraries!"
            }, {
                "name": "@aws-cdk/aws-lambda"
            }, {
                "name": "@aws-cdk/pipelines",
                "comment": "The pipelines L3 construct library abstracts away many of the details of managing software deployment within AWS."
            }
            ]
        }
        ]
    }
)
```

#### Browse Categories

The Construct Hub home page includes a section that displays a set of buttons
that represent browsing categories (e.g. "Databases", "Monitoring",
"Serverless", etc).

You can use the `categories` option to configure these categories. Each category
is defined by a `title` and a `url`, which will be the link associated with the
button.

```python
# Example automatically generated from non-compiling source. May contain errors.
ConstructHub(self, "ConstructHub",
    (SpreadAssignment ...myProps
      my_props),
    categories=[{"title": "Databases", "url": "?keywords=databases"}, {"title": "Monitoring", "url": "?q=monitoring"}, {"title": "Partners", "url": "?tags=aws-partner"}
    ]
)
```

#### Feature Flags

Feature flags for the web app can be used to enable or disable experimental
features. These can be customized through the `featureFlags` property - for
more information about the available flags, check the documentation for
[https://github.com/cdklabs/construct-hub-webapp/](https://github.com/cdklabs/construct-hub-webapp/).

## :raised_hand: Contributing

If you are looking to contribute to this project, but don't know where to start,
have a look at our [contributing guide](CONTRIBUTING.md)!

## :cop: Security

See [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more
information.

## :balance_scale: License

This project is licensed under the Apache-2.0 License.


