Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JASPER-289: Lambda Function Integration #173

Merged
merged 35 commits into from
Feb 13, 2025
Merged

JASPER-289: Lambda Function Integration #173

merged 35 commits into from
Feb 13, 2025

Conversation

ronaldo-macapobre
Copy link

Pull Request for JIRA Ticket: JASPER-289

Issue ticket number and link

https://jira.justice.gov.bc.ca/browse/JASPER-289

Description

Infrastructure

  • Simplify API Gateway to use proxy resource to handle all incoming requests
  • Fixed permission issue when rotate-key lambda rotates its key
  • Simplify lambda functions to use proxy lambda function instead
  • Added dars secret

API (backend)

  • Enable traffic redirection when JASPER is accessed locally vs the one hosted in AWS

AWS (lambda functions)

  • Removed unnecessary lambda functions and replaced with proxy handler which will handle all traffic
  • Added unit tests for all new and existing code
  • Added utils function to sanitize query string and headers
  • Updated packages to the latest

Type of change

  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

How Has This Been Tested?

  • Deployed feature branch to DEV, TEST and PROD environments

Test Configuration:

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my code
  • I have commented my code, particularly in hard-to-understand areas
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules

Ronaldo Macapobre added 24 commits February 5, 2025 21:53
- Added generic lambda that will handle all BC Gov request
90dc7cf 
- Updates to API to redirect traffic to APIGW when conditions are met
Removed unnecessary lambda functions
cab6b5b
Added prefix to identify which bc gov the request is routed to
f512f29
- Updates to proxy lambda to handle incoming request and forward to t…
693c2fa 
…he correct app

- Wrap logic of determining method to call inside ApiService to make proxy lambda code simpler
- Include cert and key when calling axios request
- Log the base url used in proxy lambda
369c475 
- Added dars secret in openshift job
Log the whole event and qp
91e6fb4
Update authorizer so that it returns a generic policy to take advanta…
7d8a81d 
…ge of caching
Add logs
13c8563
- Add query params sanitization to pass it as is
dd6dfbc 
- Installed 'qs' package to handle the process easier
Replace methodArn with wildcard
0049335
Update regex to replace the url correctly
0aac51f
- Simplify lambda functions to a single proxy that handles all reques…
3863aa1 
…ts routed to BC Gov API

- Enable VPC settings for lambda functions
- Added DARS secrets
Force apigw redeployment when apigw settings is updated
7614dcc
Add deploy2test stage
8349a7f
Revert workflow_dispatch temporarily
d4eeb38
Added prod stage for deploying lambdas
06edf83
Merge branch 'master' into feature/JASPER-289
18b1198
Pass the allowed headers to BC Gov request
28f97a4
Added vitest and unit tests
3111666
Removed unused variable
bd2a669
Changed how qs is imported
d29e750
Removed as any
149e3e4
Add --run
2208a88
Publish lambda cleanup
95bc4f4
@ronaldo-macapobre ronaldo-macapobre self-assigned this Feb 12, 2025
Addressed SonarCloud issues:
6fe65cf 
- regex for replacing methodArn to wildcard
- hardcoded password
- Using * in network interface lambda policy
WadeBarnes
WadeBarnes reviewed Feb 12, 2025
View reviewed changes
.github/workflows/publish-lambdas.yml Outdated
Comment on lines 175 to 182
- name: Parse Resource and Lambda Name
id: parse
run: |
echo "Lambda: ${{ matrix.lambda }}"
RESOURCE=$(echo "${{ matrix.lambda }}" | cut -d'/' -f1)
LAMBDA=$(echo "${{ matrix.lambda }}" | cut -d'/' -f2)
echo "RESOURCE=$RESOURCE" >> $GITHUB_ENV
echo "LAMBDA=$LAMBDA" >> $GITHUB_ENV
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you provide an example of the input being parsed here? I might be able to recommend a better way to parse it.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sample inputs:

  • "auth/authorizer"
  • "auth/rotate-key"
  • "proxy/proxy-request"

Copy link
Member

@WadeBarnes WadeBarnes Feb 12, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use variable substitution:

echo "RESOURCE=${${{ matrix.lambda }}%%/*}" >> $GITHUB_ENV
echo "LAMBDA=${${{ matrix.lambda }}##*/}" >> $GITHUB_ENV

Example for how it works in bash:

$ export matrix_lambda="auth/authorizer"

# Get everything before the first '/'
$ echo "RESOURCE=${matrix_lambda%%/*}"
RESOURCE=auth

# Get everything after the last '/'
$ echo "LAMBDA=${matrix_lambda##*/}"
LAMBDA=authorizer

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@ronaldo-macapobre ronaldo-macapobre merged commit 1fc983d into master Feb 13, 2025
18 of 22 checks passed
@ronaldo-macapobre ronaldo-macapobre mentioned this pull request Feb 13, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@WadeBarnes WadeBarnes WadeBarnes approved these changes

@JTraill JTraill JTraill approved these changes

@amlanc1 amlanc1 Awaiting requested review from amlanc1

Assignees

@ronaldo-macapobre ronaldo-macapobre

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ronaldo-macapobre @WadeBarnes @JTraill