public mountToLinuxInstance()

in packages/aws-rfdk/lib/core/lib/mountable-efs.ts [122:194]

• 65 lines of code
• 9 McCabe index (conditional complexity)

  public mountToLinuxInstance(target: IMountingInstance, mount: LinuxMountPointProps): void {
    if (target.osType !== OperatingSystemType.LINUX) {
      throw new Error('Target instance must be Linux.');
    }

    if (Construct.isConstruct(target)) {
      target.node.addDependency(this.props.filesystem.mountTargetsAvailable);
    }

    if (this.props.accessPoint) {
      const grantActions = MountPermissionsHelper.toEfsIAMActions(mount?.permissions);
      if (this.accessPointRequiresClientRootAccess(this.props.accessPoint)) {
        grantActions.push('elasticfilesystem:ClientRootAccess');
      }
      target.grantPrincipal.addToPrincipalPolicy(new PolicyStatement({
        resources: [
          (this.props.filesystem.node.defaultChild as efs.CfnFileSystem).attrArn,
        ],
        actions: grantActions,
        conditions: {
          StringEquals: {
            'elasticfilesystem:AccessPointArn': this.props.accessPoint.accessPointArn,
          },
        },
      }));
    }

    target.connections.allowTo(this.props.filesystem, this.props.filesystem.connections.defaultPort as Port);

    const mountScriptAsset = this.mountAssetSingleton(target);
    mountScriptAsset.grantRead(target.grantPrincipal);
    const mountScript: string = target.userData.addS3DownloadCommand({
      bucket: mountScriptAsset.bucket,
      bucketKey: mountScriptAsset.s3ObjectKey,
    });

    const mountDir: string = path.posix.normalize(mount.location);
    const mountOptions: string[] = [ MountPermissionsHelper.toLinuxMountOption(mount.permissions) ];
    if (this.props.accessPoint) {
      mountOptions.push(
        'iam',
        `accesspoint=${this.props.accessPoint.accessPointId}`,
      );
    }
    if (this.props.extraMountOptions) {
      mountOptions.push(...this.props.extraMountOptions);
    }
    const mountOptionsStr: string = mountOptions.join(',');

    const resolveMountTargetDnsWithApi = this.props.resolveMountTargetDnsWithApi ?? false;
    if (resolveMountTargetDnsWithApi) {
      const describeMountTargetResources = [
        (this.props.filesystem.node.defaultChild as efs.CfnFileSystem).attrArn,
      ];
      if (this.props.accessPoint) {
        describeMountTargetResources.push(this.props.accessPoint.accessPointArn);
      }

      target.grantPrincipal.addToPrincipalPolicy(new PolicyStatement({
        resources: describeMountTargetResources,
        actions: ['elasticfilesystem:DescribeMountTargets'],
      }));
    }

    target.userData.addCommands(
      'TMPDIR=$(mktemp -d)',
      'pushd "$TMPDIR"',
      `unzip ${mountScript}`,
      `bash ./mountEfs.sh ${this.props.filesystem.fileSystemId} ${mountDir} ${resolveMountTargetDnsWithApi} ${mountOptionsStr}`,
      'popd',
      `rm -f ${mountScript}`,
    );
  }