Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
@adastradev/serverless-discovery-sdk
Advanced tools
Readme
The last serverless micro-service you'll ever wonder how to find
The AWS Serverless Discovery SDK interacts with a discovery microservice to discover endpoints for micro-services written for a serverless architecture. This is similar to clustered services such as Consul or ZooKeeper, but without the concept of instances or nodes that must be monitored for online state. This library is designed to support use both on the server side (for service-to-service lookups) and on the browser/client side.
This project contains the Typescript/Javascript bindings for the discovery service; Other bindings can be found in the AdAstraDev organization on GitHub
npm install @adastradev/serverless-discovery-sdk
Semver versioning is supported by the discovery service 1.1.x. Pass a semver compatible value in the lookupService
call to receive the newest compatible matching version.
Services and their desired versions can also be specified in the cloudDependencies
field of package.json
.
{
"cloudDependencies": {
"service1": "1.x",
"service2": "^1.2.8-testbranch", // A pre-release version for development purposes
"service3": "3.x.x"
}
}
In some testing environments, it can be useful to modify the lookup version to avoid collision with a production environment. If the VERSION_POSTFIX
environment variable at runtime, it will always append this to the version of a lookup call.
If you are looking up services which are highly coupled or are not well isolated, and using them for system tests, you should:
VERSION_POSTFIX
environment variable set to -staging
If there is a lookup for serviceA, version 1.1.0
, it will instead only talk to 1.1.0-staging
. All lookup calls will follow a similar pattern while the environment variable is present.
TL;DR: If you are looking up services which are not well isolated, and rely on a staging environment to avoid operations on prod databases/resources, add the following to your pipeline in a staging deployment/testing step.
bitbucket-pipelines.yml:
- export VERSION_POSTFIX='-staging'
# Deployment steps follow...
serverless.yml
provider:
environment:
VERSION_POSTFIX: ${env:VERSION_POSTFIX, ''}
I recommend setting up a utility function to handle construction of the SDK, and the lookup call - see below example.
import { DiscoverySdk } from '@adastradev/serverless-discovery-sdk';
export default async function lookup(serviceName) {
const sdk = new DiscoverySdk(
process.env.DISCOVERY_SERVICE_URL,
process.env.DISCOVERY_SERVICE_REGION,
// Non-versioned services will default to lookup via this stage
process.env.DEFAULT_STAGE,
undefined,
// Create map of cloudDependencies from package.json
new Map(Object.entries(require('../path/to/package.json')['cloudDependencies'])),
);
const endpoints = await sdk.lookupService(
serviceName
);
return endpoints[0];
}
FAQs
Serverless Service Discovery API
The npm package @adastradev/serverless-discovery-sdk receives a total of 1,509 weekly downloads. As such, @adastradev/serverless-discovery-sdk popularity was classified as popular.
We found that @adastradev/serverless-discovery-sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 37 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.