From 39d5b76ea84d780746633cc0a4f71f325604e981 Mon Sep 17 00:00:00 2001 From: Doug Toppin Date: Wed, 3 Jul 2024 08:57:19 -0400 Subject: [PATCH] Update to version v1.0.1 --- .github/ISSUE_TEMPLATE/bug_report.md | 2 +- CHANGELOG.md | 36 +++ LICENSE | 175 -------------- NOTICE | 1 - NOTICE.txt | 2 +- deployment/build-s3-dist.sh | 6 +- source/DruidCloudwatchExtension/pom.xml | 6 +- .../druid/cloudwatch/CloudwatchEmitter.java | 3 +- .../cloudwatch/CloudwatchEmitterConfig.java | 2 +- .../CloudwatchEmitterConfigTest.java | 4 +- .../cloudwatch/CloudwatchEmitterTest.java | 24 +- source/DruidOidcExtension/pom.xml | 28 +-- .../druid/oidc/OidcAuthenticator.java | 2 +- .../solutions/druid/oidc/OidcConfig.java | 2 +- .../solutions/druid/oidc/OidcFilter.java | 43 ++-- .../druid/oidc/OidcSessionStore.java | 21 +- .../druid/oidc/JwtAuthenticatorTest.java | 1 - .../druid/oidc/OidcAuthenticatorTest.java | 2 +- .../solutions/druid/oidc/OidcConfigTest.java | 2 +- .../solutions/druid/oidc/OidcFilterTest.java | 23 +- .../druid/oidc/OidcSessionStoreTest.java | 7 +- source/bin/druid-infra.ts | 12 +- source/build-dependencies.sh | 4 +- source/lib/config/user_data/common_user_data | 4 +- source/lib/config/user_data/data_user_data | 1 + .../lib/config/user_data/historical_user_data | 1 + source/lib/config/user_data/master_user_data | 1 + .../config/user_data/middleManager_user_data | 1 + source/lib/config/user_data/query_user_data | 1 + .../lib/config/user_data/zookeeper_user_data | 2 +- source/lib/constructs/appRegistryAspect.ts | 2 +- source/lib/constructs/auroraMetadataStore.ts | 2 +- source/lib/constructs/baseInfrastructure.ts | 22 +- source/lib/constructs/configScheme.ts | 5 +- .../lib/constructs/druidAutoScalingGroup.ts | 11 +- source/lib/constructs/druidEksBase.ts | 11 +- source/lib/constructs/druidVpc.ts | 4 +- .../internalCertificateAuthority.ts | 72 +++--- .../loadBalancerControllerCleanup.ts | 3 +- .../lib/k8s-manifests/druid-cluster-eks.yaml | 2 +- source/lib/lambdas/canary.js | 93 ++++---- source/lib/lambdas/certificateGenerator.ts | 4 +- source/lib/stacks/druidEc2Stack.ts | 24 +- source/lib/stacks/druidEksStack.ts | 12 +- source/lib/stacks/druidStack.ts | 4 +- .../config/_common/common.runtime.properties | 3 +- .../scripts/druid/check_druid_status.py | 2 +- .../scripts/druid/render_druid_config.py | 2 +- .../lib/uploads/scripts/druid/render_utils.py | 2 +- .../scripts/druid/terminate_druid_node.sh | 2 + source/lib/utils/constants.ts | 2 +- source/package-lock.json | 220 +++++++++--------- source/package.json | 14 +- 53 files changed, 441 insertions(+), 496 deletions(-) delete mode 100644 LICENSE delete mode 100644 NOTICE diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 7233e10..ebda522 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -17,7 +17,7 @@ Steps to reproduce the behavior. A clear and concise description of what you expected to happen. **Please complete the following information about the solution:** -- [ ] Version: [e.g. v1.0.0] +- [ ] Version: [e.g. v1.0.1] To get the version of the solution, you can look at the description of the created CloudFormation stack. For example, "_(SO0021) - Video On Demand workflow with AWS Step Functions, MediaConvert, MediaPackage, S3, CloudFront and DynamoDB. Version **v5.0.0**_". If the description does not contain the version information, you can look at the mappings section of the template: diff --git a/CHANGELOG.md b/CHANGELOG.md index 2c704ac..109ad9e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,9 +1,45 @@ # Change Log + All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [1.0.1] - 2024-07-01 + +### Fixed + +- Fix the outdated segmentCache selection strategy runtime config [#11](https://github.com/aws-solutions/scalable-analytics-using-apache-druid-on-aws/pull/11) +- Fix log/metrics endpoints when fips enabled [#14](https://github.com/aws-solutions/scalable-analytics-using-apache-druid-on-aws/pull/14) + +### Added + +- allow solution to config internal system [#7](https://github.com/aws-solutions/scalable-analytics-using-apache-druid-on-aws/pull/7) +- Update zk netplan render to handle docker bridge network interface[#8](https://github.com/aws-solutions/scalable-analytics-using-apache-druid-on-aws/pull/8) +- add support to define custom oidc scopes [#9](https://github.com/aws-solutions/scalable-analytics-using-apache-druid-on-aws/pull/9) +- Bump CloudWatch Synthetics runtime version [#10](https://github.com/aws-solutions/scalable-analytics-using-apache-druid-on-aws/pull/10) +- Add vpc to all lambdas, allow users to self manage install bucket assets [#15](https://github.com/aws-solutions/scalable-analytics-using-apache-druid-on-aws/pull/15) +- setup nvme disk for data/historical/middlemanager [#16](https://github.com/aws-solutions/scalable-analytics-using-apache-druid-on-aws/pull/16) +- Use proper cfn endpoint, update name tag to include tier [#22](https://github.com/aws-solutions/scalable-analytics-using-apache-druid-on-aws/pull/22) +- adding graceful shutdown for druid process [#23](https://github.com/aws-solutions/scalable-analytics-using-apache-druid-on-aws/pull/23) + +### Changed + +- for pac4j version change: OidcAuthenticator.java, OidcConfig.java, OidcFilter.java, OidcSessionStore.java +- ec2 user data for provisioning changes +- deprecated RDS certificate name changed from RDS_CA_RDS2048_G1 to RDS_CA_RSA2048_G1 +- deprecated CloudWatch VPC endpoint name changed from CLOUDWATCH to CLOUDWATCH_MONITORING +- README instructions +- cdk version updated to 2.146.0 +- Druid release to 29.0.1 +- braces package to 3.0.3 due to CVE-2024-4068 +- unit test improvements +- pac4j package to 4.5.7 due to CVE-2021-44878 +- druid-oidc to 29.0.1 +- guava to 32.0.0-jre due to CVE-2023-2976 + ## [1.0.0] - 2024-01-09 + ### Added + - All files, initial version diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 67db858..0000000 --- a/LICENSE +++ /dev/null @@ -1,175 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. diff --git a/NOTICE b/NOTICE deleted file mode 100644 index 616fc58..0000000 --- a/NOTICE +++ /dev/null @@ -1 +0,0 @@ -Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. diff --git a/NOTICE.txt b/NOTICE.txt index 2041dcb..62f7c2f 100644 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -13,7 +13,7 @@ This software includes third party software subject to the following copyrights: ./source ========== -@aws-cdk/lambda-layer-kubectl-v23@2.0.8 Apache-2.0 +@aws-cdk/lambda-layer-kubectl-v29@2.0.0 Apache-2.0 @aws-cdk/aws-servicecatalogappregistry-alpha@2.99.1-alpha.0 Apache-2.0 @aws-sdk/client-elastic-load-balancing-v2@3.421.0 Apache-2.0 @aws-sdk/client-route-53@3.370.0 Apache-2.0 diff --git a/deployment/build-s3-dist.sh b/deployment/build-s3-dist.sh index d90d156..91f40e5 100755 --- a/deployment/build-s3-dist.sh +++ b/deployment/build-s3-dist.sh @@ -21,7 +21,7 @@ # Parameters: # - source-bucket-base-name: Name for the S3 bucket location where the template will source the Lambda # code from. The template will append '-[region_name]' to this bucket name. -# For example: ./build-s3-dist.sh solutions v1.0.0 +# For example: ./build-s3-dist.sh solutions v1.0.1 # The template will then expect the source code to be located in the solutions-[region_name] bucket # - solution-name: name of the solution for consistency # - version-code: version of the package @@ -33,7 +33,7 @@ normal=$(tput sgr0) # SETTINGS #------------------------------------------------------------------------------ # Important: CDK global version number -cdk_version=2.115.0 +cdk_version=2.140.0 # Note: should match package.json template_format="json" run_helper="false" @@ -60,7 +60,7 @@ usage() { echo "Usage: $0 bucket solution-name version" echo "Please provide the base source bucket name, trademarked solution name, and version." - echo "For example: ./build-s3-dist.sh mybucket my-solution v1.0.0" + echo "For example: ./build-s3-dist.sh mybucket my-solution v1.0.1" exit 1 } diff --git a/source/DruidCloudwatchExtension/pom.xml b/source/DruidCloudwatchExtension/pom.xml index 2263bf2..aa8db87 100644 --- a/source/DruidCloudwatchExtension/pom.xml +++ b/source/DruidCloudwatchExtension/pom.xml @@ -26,7 +26,7 @@ org.projectlombok lombok - 1.18.20 + 1.18.30 @@ -37,7 +37,7 @@ junit junit - 4.12 + 4.13.1 test @@ -157,4 +157,4 @@ - \ No newline at end of file + diff --git a/source/DruidCloudwatchExtension/src/main/java/com/amazon/solutions/druid/cloudwatch/CloudwatchEmitter.java b/source/DruidCloudwatchExtension/src/main/java/com/amazon/solutions/druid/cloudwatch/CloudwatchEmitter.java index 10fea7e..ccc5e7b 100644 --- a/source/DruidCloudwatchExtension/src/main/java/com/amazon/solutions/druid/cloudwatch/CloudwatchEmitter.java +++ b/source/DruidCloudwatchExtension/src/main/java/com/amazon/solutions/druid/cloudwatch/CloudwatchEmitter.java @@ -81,7 +81,8 @@ public class CloudwatchEmitter implements Emitter { private final ObjectMapper jsonMapper; - private final CloudwatchEmitterConfig config; + // set to nosonar because it causes a false positive + private final CloudwatchEmitterConfig config; // NOSONAR private final DruidMonitoringMetricsFactory druidMonitoringMetricsFactory; diff --git a/source/DruidCloudwatchExtension/src/main/java/com/amazon/solutions/druid/cloudwatch/CloudwatchEmitterConfig.java b/source/DruidCloudwatchExtension/src/main/java/com/amazon/solutions/druid/cloudwatch/CloudwatchEmitterConfig.java index fd65025..c08ce95 100644 --- a/source/DruidCloudwatchExtension/src/main/java/com/amazon/solutions/druid/cloudwatch/CloudwatchEmitterConfig.java +++ b/source/DruidCloudwatchExtension/src/main/java/com/amazon/solutions/druid/cloudwatch/CloudwatchEmitterConfig.java @@ -24,7 +24,7 @@ @Data public class CloudwatchEmitterConfig { static final int CLOUDWATCH_METRICS_MEMORY_LIMIT = 100000000; - static final String SOLUTION_VERSION = "v1.0.0"; + static final String SOLUTION_VERSION = "v1.0.1"; @JsonProperty("batchSize") @Nullable diff --git a/source/DruidCloudwatchExtension/src/test/java/com/amazon/solutions/druid/cloudwatch/CloudwatchEmitterConfigTest.java b/source/DruidCloudwatchExtension/src/test/java/com/amazon/solutions/druid/cloudwatch/CloudwatchEmitterConfigTest.java index 5c5e681..87b88a8 100644 --- a/source/DruidCloudwatchExtension/src/test/java/com/amazon/solutions/druid/cloudwatch/CloudwatchEmitterConfigTest.java +++ b/source/DruidCloudwatchExtension/src/test/java/com/amazon/solutions/druid/cloudwatch/CloudwatchEmitterConfigTest.java @@ -57,7 +57,7 @@ public void testGetBatchSize_withDefaultBatchSize() { @Test public void testToString_withValidConfig() { // arrange - CloudwatchEmitterConfig config = new CloudwatchEmitterConfig("test-cluster", 200, "v1.0.0"); + CloudwatchEmitterConfig config = new CloudwatchEmitterConfig("test-cluster", 200, "v1.0.1"); // act String actual = config.toString(); @@ -65,7 +65,7 @@ public void testToString_withValidConfig() { // assert Assert.assertTrue(actual.contains("test-cluster")); Assert.assertTrue(actual.contains("200")); - Assert.assertTrue(actual.contains("v1.0.0")); + Assert.assertTrue(actual.contains("v1.0.1")); Assert.assertTrue(actual.contains("CloudwatchEmitterConfig")); } diff --git a/source/DruidCloudwatchExtension/src/test/java/com/amazon/solutions/druid/cloudwatch/CloudwatchEmitterTest.java b/source/DruidCloudwatchExtension/src/test/java/com/amazon/solutions/druid/cloudwatch/CloudwatchEmitterTest.java index 12a7df5..a01f43c 100644 --- a/source/DruidCloudwatchExtension/src/test/java/com/amazon/solutions/druid/cloudwatch/CloudwatchEmitterTest.java +++ b/source/DruidCloudwatchExtension/src/test/java/com/amazon/solutions/druid/cloudwatch/CloudwatchEmitterTest.java @@ -30,6 +30,8 @@ import org.mockito.Mock; import org.mockito.MockitoAnnotations; import org.mockito.Spy; + +import java.util.ArrayList; import java.util.List; import java.util.concurrent.ScheduledExecutorService; import java.util.concurrent.TimeUnit; @@ -37,6 +39,8 @@ import com.amazonaws.services.cloudwatch.model.PutMetricDataRequest; import com.amazonaws.services.cloudwatch.model.StandardUnit; import static org.junit.Assert.*; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.ArgumentMatchers.anyLong; import static org.mockito.Mockito.*; public class CloudwatchEmitterTest { @@ -95,8 +99,17 @@ public void testSendMetricToCloudwatch() throws InterruptedException { eventMetricDatum.setMetricName("event-metric"); eventMetricDatum.setValue(1.0); eventMetricDatum.setUnit(StandardUnit.Count); + + Dimension dimensionEventMetric = new Dimension(); + dimensionEventMetric.setName("test-dimension"); + dimensionEventMetric.setValue("test-value"); + List dimensionsEventMetric = new ArrayList<>(); + dimensionsEventMetric.add(dimensionEventMetric); + eventMetricDatum.setDimensions( - List.of(new Dimension().withName("test-dimension").withValue("test-value"))); + dimensionsEventMetric + ); + ObjectContainer eventMetricContainer = emitter.getObjectContainer(eventMetricDatum); metricQueue.offer(eventMetricContainer); @@ -105,8 +118,15 @@ public void testSendMetricToCloudwatch() throws InterruptedException { alertMetricDatum.setMetricName("alert-metric"); alertMetricDatum.setValue(1.0); alertMetricDatum.setUnit(StandardUnit.Count); + + Dimension dimensionAlertMetric = new Dimension(); + dimensionAlertMetric.setName("test-dimension"); + dimensionAlertMetric.setValue("test-value"); + List dimensionsAlertMetric = new ArrayList<>(); + dimensionsAlertMetric.add(dimensionEventMetric); + alertMetricDatum.setDimensions( - List.of(new Dimension().withName("test-dimension").withValue("test-value"))); + dimensionsAlertMetric); ObjectContainer alertMetricContainer = emitter.getObjectContainer(alertMetricDatum); alertQueue.offer(alertMetricContainer); diff --git a/source/DruidOidcExtension/pom.xml b/source/DruidOidcExtension/pom.xml index cbf5689..b806345 100644 --- a/source/DruidOidcExtension/pom.xml +++ b/source/DruidOidcExtension/pom.xml @@ -26,15 +26,15 @@ druid-oidc druid-oidc druid-oidc - 25.0.0 + 29.0.1 - 3.8.3 + 4.5.7 1.7 - 7.9 - 6.5 + 8.22.1 + 8.22 8 8 1.8 @@ -44,7 +44,7 @@ org.apache.druid druid-server - 25.0.0 + 29.0.1 provided @@ -56,7 +56,7 @@ org.apache.druid druid-processing - 25.0.0 + 29.0.1 provided @@ -90,7 +90,7 @@ com.google.guava guava - 25.0-jre + 32.0.0-jre provided @@ -111,12 +111,6 @@ provided 2.10.0 - - org.apache.druid - druid-core - 25.0.0 - provided - org.pac4j pac4j-core @@ -133,7 +127,13 @@ junit junit test - 4.13 + 4.13.1 + + + org.mockito + mockito-core + test + 5.0.0 org.easymock diff --git a/source/DruidOidcExtension/src/main/java/com/amazon/solutions/druid/oidc/OidcAuthenticator.java b/source/DruidOidcExtension/src/main/java/com/amazon/solutions/druid/oidc/OidcAuthenticator.java index 431828a..981a3b7 100644 --- a/source/DruidOidcExtension/src/main/java/com/amazon/solutions/druid/oidc/OidcAuthenticator.java +++ b/source/DruidOidcExtension/src/main/java/com/amazon/solutions/druid/oidc/OidcAuthenticator.java @@ -148,4 +148,4 @@ private Config createPac4jConfig(OidcConfig oidcConfig) { return new Config(OidcCallbackResource.SELF_URL, oidcClient); } -} +} \ No newline at end of file diff --git a/source/DruidOidcExtension/src/main/java/com/amazon/solutions/druid/oidc/OidcConfig.java b/source/DruidOidcExtension/src/main/java/com/amazon/solutions/druid/oidc/OidcConfig.java index 1b513ca..bc2adca 100644 --- a/source/DruidOidcExtension/src/main/java/com/amazon/solutions/druid/oidc/OidcConfig.java +++ b/source/DruidOidcExtension/src/main/java/com/amazon/solutions/druid/oidc/OidcConfig.java @@ -142,4 +142,4 @@ public String getDruidUsername() { public PasswordProvider getDruidPassword() { return druidPassword; } -} +} \ No newline at end of file diff --git a/source/DruidOidcExtension/src/main/java/com/amazon/solutions/druid/oidc/OidcFilter.java b/source/DruidOidcExtension/src/main/java/com/amazon/solutions/druid/oidc/OidcFilter.java index f2d12ae..808a129 100644 --- a/source/DruidOidcExtension/src/main/java/com/amazon/solutions/druid/oidc/OidcFilter.java +++ b/source/DruidOidcExtension/src/main/java/com/amazon/solutions/druid/oidc/OidcFilter.java @@ -23,14 +23,15 @@ import org.apache.druid.server.security.AuthConfig; import org.apache.druid.server.security.AuthenticationResult; import org.pac4j.core.config.Config; -import org.pac4j.core.context.J2EContext; +import org.pac4j.core.context.JEEContext; import org.pac4j.core.context.session.SessionStore; import org.pac4j.core.engine.CallbackLogic; import org.pac4j.core.engine.DefaultCallbackLogic; import org.pac4j.core.engine.DefaultSecurityLogic; import org.pac4j.core.engine.SecurityLogic; -import org.pac4j.core.http.adapter.HttpActionAdapter; +import org.pac4j.core.http.adapter.JEEHttpActionAdapter; import org.pac4j.core.profile.CommonProfile; +import org.pac4j.core.profile.UserProfile; import javax.servlet.Filter; import javax.servlet.FilterChain; @@ -48,11 +49,9 @@ public class OidcFilter implements Filter { private final Config pac4jConfig; private final OidcConfig oidcConfig; - private final SecurityLogic securityLogic; - private final CallbackLogic callbackLogic; - private final SessionStore sessionStore; - private static final HttpActionAdapter NOOP_HTTP_ACTION_ADAPTER = (int code, - J2EContext ctx) -> null; + private final SecurityLogic securityLogic; + private final CallbackLogic callbackLogic; + private final SessionStore sessionStore; private final String name; private final String authorizerName; @@ -64,8 +63,8 @@ public OidcFilter(String name, String authorizerName, Config pac4jConfig, OidcCo } public OidcFilter(String name, String authorizerName, Config pac4jConfig, OidcConfig oidcConfig, - String cookiePassphrase, SecurityLogic securityLogic, - CallbackLogic callbackLogic) { + String cookiePassphrase, SecurityLogic securityLogic, + CallbackLogic callbackLogic) { this.pac4jConfig = pac4jConfig; this.oidcConfig = oidcConfig; this.securityLogic = securityLogic; @@ -96,20 +95,20 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest; HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse; - J2EContext context = new J2EContext(httpServletRequest, httpServletResponse, sessionStore); + JEEContext context = new JEEContext(httpServletRequest, httpServletResponse, sessionStore); if (OidcCallbackResource.SELF_URL.equals(httpServletRequest.getRequestURI())) { callbackLogic.perform( context, pac4jConfig, - NOOP_HTTP_ACTION_ADAPTER, + JEEHttpActionAdapter.INSTANCE, "/", true, false, false, null); } else { - CommonProfile profile = securityLogic.perform( + CommonProfile profile = (CommonProfile) securityLogic.perform( context, pac4jConfig, - (J2EContext ctx, Collection profiles, Object... parameters) -> { + (JEEContext ctx, Collection profiles, Object... parameters) -> { if (profiles.isEmpty()) { logger.warn("No profiles found after OIDC auth."); return null; @@ -117,17 +116,21 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo return profiles.iterator().next(); } }, - NOOP_HTTP_ACTION_ADAPTER, - null, null, null, null); - - if (profile != null) { + JEEHttpActionAdapter.INSTANCE, + null, "none", null, null); + // Changed the Authorizer from null to "none". + // In the older version, if it is null, it simply grant access and returns + // authorized. + // But in the newer pac4j version, it uses CsrfAuthorizer as default, And + // because of this, It was returning 403 in API calls. + if (profile != null && profile.getId() != null) { logger.debug("Oidc attributes [%s]", profile.getAttributes()); logger.debug("Group claim [%s]", profile.getAttribute(oidcConfig.getGroupClaimName())); AuthenticationResult authenticationResult = new AuthenticationResult(profile.getId(), - authorizerName, name, profile.getAttributes()); - httpServletRequest.setAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT, - authenticationResult); + authorizerName, name, profile.getAttributes()); + httpServletRequest.setAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT, + authenticationResult); filterChain.doFilter(httpServletRequest, httpServletResponse); } } diff --git a/source/DruidOidcExtension/src/main/java/com/amazon/solutions/druid/oidc/OidcSessionStore.java b/source/DruidOidcExtension/src/main/java/com/amazon/solutions/druid/oidc/OidcSessionStore.java index 9e92181..054e6d9 100644 --- a/source/DruidOidcExtension/src/main/java/com/amazon/solutions/druid/oidc/OidcSessionStore.java +++ b/source/DruidOidcExtension/src/main/java/com/amazon/solutions/druid/oidc/OidcSessionStore.java @@ -25,7 +25,7 @@ import org.apache.druid.java.util.common.logger.Logger; import org.pac4j.core.context.ContextHelper; import org.pac4j.core.context.Cookie; -import org.pac4j.core.context.Pac4jConstants; +import org.pac4j.core.util.Pac4jConstants; import org.pac4j.core.context.WebContext; import org.pac4j.core.context.session.SessionStore; import org.pac4j.core.exception.TechnicalException; @@ -38,6 +38,7 @@ import java.io.IOException; import java.io.Serializable; import java.util.Map; +import java.util.Optional; import java.util.zip.GZIPInputStream; import java.util.zip.GZIPOutputStream; @@ -75,14 +76,14 @@ public String getOrCreateSessionId(WebContext context) { @Nullable @Override - public Object get(WebContext context, String key) { + public Optional get(WebContext context, String key) { final Cookie cookie = ContextHelper.getCookie(context, PAC4J_SESSION_PREFIX + key); Object value = null; if (cookie != null) { value = uncompressDecryptBase64(cookie.getValue()); } LOGGER.debug("Get from session: [%s] = [%s]", key, value); - return value; + return Optional.ofNullable(value); } @Override @@ -134,7 +135,7 @@ private Serializable uncompressDecryptBase64(final String v) { if (v != null && !v.isEmpty()) { byte[] bytes = StringUtils.decodeBase64String(v); if (bytes != null) { - return javaSerializationHelper.unserializeFromBytes(unCompress(cryptoService.decrypt(bytes))); + return javaSerializationHelper.deserializeFromBytes(unCompress(cryptoService.decrypt(bytes))); } } return null; @@ -163,18 +164,18 @@ private byte[] unCompress(final byte[] data) { private Object clearUserProfile(final Object value) { if (value instanceof Map) { final Map profiles = (Map) value; - profiles.forEach((name, profile) -> profile.clearSensitiveData()); + profiles.forEach((name, profile) -> profile.removeLoginData()); return profiles; } else { final CommonProfile profile = (CommonProfile) value; - profile.clearSensitiveData(); + profile.removeLoginData(); return profile; } } @Override - public SessionStore buildFromTrackableSession(WebContext arg0, Object arg1) { - return null; + public Optional> buildFromTrackableSession(WebContext arg0, Object arg1) { + return Optional.empty(); } @Override @@ -183,8 +184,8 @@ public boolean destroySession(WebContext arg0) { } @Override - public Object getTrackableSession(WebContext arg0) { - return null; + public Optional getTrackableSession(WebContext arg0) { + return Optional.empty(); } @Override diff --git a/source/DruidOidcExtension/src/test/java/com/amazon/solutions/druid/oidc/JwtAuthenticatorTest.java b/source/DruidOidcExtension/src/test/java/com/amazon/solutions/druid/oidc/JwtAuthenticatorTest.java index 88a91f5..20f31b2 100644 --- a/source/DruidOidcExtension/src/test/java/com/amazon/solutions/druid/oidc/JwtAuthenticatorTest.java +++ b/source/DruidOidcExtension/src/test/java/com/amazon/solutions/druid/oidc/JwtAuthenticatorTest.java @@ -37,7 +37,6 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import static org.junit.Assert.assertEquals; import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.eq; import static org.mockito.Mockito.mock; diff --git a/source/DruidOidcExtension/src/test/java/com/amazon/solutions/druid/oidc/OidcAuthenticatorTest.java b/source/DruidOidcExtension/src/test/java/com/amazon/solutions/druid/oidc/OidcAuthenticatorTest.java index 90f542a..183cfd7 100644 --- a/source/DruidOidcExtension/src/test/java/com/amazon/solutions/druid/oidc/OidcAuthenticatorTest.java +++ b/source/DruidOidcExtension/src/test/java/com/amazon/solutions/druid/oidc/OidcAuthenticatorTest.java @@ -79,4 +79,4 @@ public void canInitialiseOidcFilterWithCustomScopes() { assertNotNull(oidcFilter); } -} +} \ No newline at end of file diff --git a/source/DruidOidcExtension/src/test/java/com/amazon/solutions/druid/oidc/OidcConfigTest.java b/source/DruidOidcExtension/src/test/java/com/amazon/solutions/druid/oidc/OidcConfigTest.java index 584e5b7..117b289 100644 --- a/source/DruidOidcExtension/src/test/java/com/amazon/solutions/druid/oidc/OidcConfigTest.java +++ b/source/DruidOidcExtension/src/test/java/com/amazon/solutions/druid/oidc/OidcConfigTest.java @@ -60,4 +60,4 @@ public void canParseConfig() throws Exception { Assert.assertEquals("testcookiePassphrase", config.getCookiePassphrase().getPassword()); Assert.assertEquals(10_000L, config.getReadTimeout().getMillis()); } -} +} \ No newline at end of file diff --git a/source/DruidOidcExtension/src/test/java/com/amazon/solutions/druid/oidc/OidcFilterTest.java b/source/DruidOidcExtension/src/test/java/com/amazon/solutions/druid/oidc/OidcFilterTest.java index 798c67b..7d8b0ba 100644 --- a/source/DruidOidcExtension/src/test/java/com/amazon/solutions/druid/oidc/OidcFilterTest.java +++ b/source/DruidOidcExtension/src/test/java/com/amazon/solutions/druid/oidc/OidcFilterTest.java @@ -21,12 +21,14 @@ import static org.junit.Assert.assertNotNull; import static org.mockito.ArgumentMatchers.any; +import static org.mockito.ArgumentMatchers.anyString; import static org.mockito.ArgumentMatchers.eq; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; import java.io.IOException; +import java.util.HashMap; import javax.servlet.FilterChain; import javax.servlet.ServletException; @@ -37,7 +39,7 @@ import org.junit.Before; import org.junit.Test; import org.pac4j.core.config.Config; -import org.pac4j.core.context.J2EContext; +import org.pac4j.core.context.JEEContext; import org.pac4j.core.engine.CallbackLogic; import org.pac4j.core.engine.SecurityLogic; import org.pac4j.core.http.adapter.HttpActionAdapter; @@ -47,11 +49,12 @@ public class OidcFilterTest { private OidcFilter filter; private Config pac4jConfig; private OidcConfig oidcConfig; - private SecurityLogic securityLogic; - private CallbackLogic callbackLogic; + private SecurityLogic securityLogic; + private CallbackLogic callbackLogic; private HttpServletRequest request; private HttpServletResponse response; + @SuppressWarnings("unchecked") @Before public void setup() { pac4jConfig = mock(Config.class); @@ -72,6 +75,7 @@ public void canInitiateFilterWithDefaultSecurityLogic() { assertNotNull(filter); } + @SuppressWarnings("unchecked") @Test public void canProcessCallbackRequests() throws IOException, ServletException { // arrange @@ -81,16 +85,23 @@ public void canProcessCallbackRequests() throws IOException, ServletException { filter.doFilter(request, response, null); // assert - verify(callbackLogic).perform(any(J2EContext.class), any(), any(HttpActionAdapter.class), eq("/"), eq(true), eq(false), eq(false), any()); + verify(callbackLogic).perform(any(JEEContext.class), any(), any(HttpActionAdapter.class), eq("/"), eq(true), + eq(false), eq(false), any()); } @Test public void canProcessAuthenticationRequest() throws IOException, ServletException { // arrange + CommonProfile profile = mock(CommonProfile.class); + when(profile.getAttributes()).thenReturn(new HashMap<>()); + when(profile.getAttribute(anyString())).thenReturn(new Object()); + when(profile.getId()).thenReturn("my-id"); + when(request.getRequestURI()).thenReturn("/blah"); when(request.getAttribute("Druid-Authentication-Result")).thenReturn(null); + when(securityLogic.perform(any(), any(), any(), any(), any(), any(), - any(), any())).thenReturn(new CommonProfile(false)); + any(), any())).thenReturn(profile); FilterChain filterChain = mock(FilterChain.class); // act @@ -103,7 +114,7 @@ public void canProcessAuthenticationRequest() throws IOException, ServletExcepti @Test public void doNothingOnAuthenticatedRequest() throws IOException, ServletException { - // arrange + // arrange when(request.getRequestURI()).thenReturn("/blah"); when(request.getAttribute("Druid-Authentication-Result")).thenReturn("something"); FilterChain filterChain = mock(FilterChain.class); diff --git a/source/DruidOidcExtension/src/test/java/com/amazon/solutions/druid/oidc/OidcSessionStoreTest.java b/source/DruidOidcExtension/src/test/java/com/amazon/solutions/druid/oidc/OidcSessionStoreTest.java index 0e5a16a..9a43a25 100644 --- a/source/DruidOidcExtension/src/test/java/com/amazon/solutions/druid/oidc/OidcSessionStoreTest.java +++ b/source/DruidOidcExtension/src/test/java/com/amazon/solutions/druid/oidc/OidcSessionStoreTest.java @@ -26,6 +26,7 @@ import org.pac4j.core.context.WebContext; import java.util.Collections; +import java.util.Optional; public class OidcSessionStoreTest { @Test @@ -51,7 +52,7 @@ public void testSetAndGet() { EasyMock.expect(webContext2.getRequestCookies()).andReturn(Collections.singletonList(cookie)); EasyMock.replay(webContext2); - Assert.assertEquals("value", sessionStore.get(webContext2, "key")); + Assert.assertEquals(Optional.of("value"), sessionStore.get(webContext2, "key")); } @Test @@ -69,9 +70,9 @@ public void testSetNull() { Cookie cookie = cookieCapture.getValue(); Assert.assertNull(cookie.getValue()); - Assert.assertNull(sessionStore.buildFromTrackableSession(webContext, cookie)); + Assert.assertFalse(sessionStore.buildFromTrackableSession(webContext, cookie).isPresent()); Assert.assertFalse(sessionStore.destroySession(webContext)); - Assert.assertNull(sessionStore.getTrackableSession(webContext)); + Assert.assertFalse(sessionStore.getTrackableSession(webContext).isPresent()); Assert.assertFalse(sessionStore.renewSession(webContext)); } } \ No newline at end of file diff --git a/source/bin/druid-infra.ts b/source/bin/druid-infra.ts index dae9de9..8d9b6ff 100644 --- a/source/bin/druid-infra.ts +++ b/source/bin/druid-infra.ts @@ -35,7 +35,7 @@ import { configScheme } from '../lib/constructs/configScheme'; const solutionId = 'SO0262'; const solutionName = 'Scalable Analytics using Apache Druid on AWS'; -const solutionVersion = 'v1.0.0'; +const solutionVersion = 'v1.0.1'; const fipsEnabledRegions = [ 'us-east-1', @@ -172,7 +172,8 @@ const commonStackProps = { customAmi: druidConfig.customAmi, subnetMappings: druidConfig.subnetMappings, enableVulnerabilityScanJob: druidConfig.enableVulnerabilityScanJob ?? false, - selfManageInstallationBucketAssets: druidConfig.selfManageInstallationBucketAssets ?? false, + selfManageInstallationBucketAssets: + druidConfig.selfManageInstallationBucketAssets ?? false, ...(!druidConfig.environmentAgnostic && { env: { account, region } }), }; @@ -234,7 +235,9 @@ switch (druidConfig.druidOperationPlatform) { ); } - new DruidEc2Stack(app, `DruidEc2Stack-${druidConfig.druidClusterName}`, { + // using prettier-ignore prevents prettier from reformatting the nosonar line to the next line + // prettier-ignore + new DruidEc2Stack(app, `DruidEc2Stack-${druidConfig.druidClusterName}`, { // NOSONAR (typescript:S1848) - cdk construct is used ...commonStackProps, initInstallationBucket: true, clusterParams: { @@ -251,7 +254,8 @@ switch (druidConfig.druidOperationPlatform) { ); } - new DruidEksStack(app, `DruidEksStack-${druidConfig.druidClusterName}`, { + // prettier-ignore + new DruidEksStack(app, `DruidEksStack-${druidConfig.druidClusterName}`, { // NOSONAR (typescript:S1848) - cdk construct is used ...commonStackProps, clusterParams: { ...commonDruidClusterParams, diff --git a/source/build-dependencies.sh b/source/build-dependencies.sh index 53a5ab1..b5d5c8a 100644 --- a/source/build-dependencies.sh +++ b/source/build-dependencies.sh @@ -5,7 +5,7 @@ cdk_context="$(npm run -s cdk context -- -j)" druid_version=$(echo "$cdk_context" | grep "druidVersion" | awk '/druidVersion/{print $NF}' | tr -d '"' | tr -d ',') druid_version=${druid_version:-26.0.0} -druid_operator_version="v1.0.0" +druid_operator_version="v1.0.1" druid_operator_repo="https://github.com/datainfrahq/druid-operator" do_cmd() @@ -48,7 +48,7 @@ build_druid_oidc() mvn clean verify package && \ rm -rf ../lib/docker/extensions/druid-oidc/ && \ mkdir -p ../lib/docker/extensions/druid-oidc/ && \ - cp -f target/druid-oidc-25.0.0-jar-with-dependencies.jar ../lib/docker/extensions/druid-oidc/ + cp -f target/druid-oidc-29.0.1-jar-with-dependencies.jar ../lib/docker/extensions/druid-oidc/ } download_druid_operator() diff --git a/source/lib/config/user_data/common_user_data b/source/lib/config/user_data/common_user_data index b576594..388c245 100644 --- a/source/lib/config/user_data/common_user_data +++ b/source/lib/config/user_data/common_user_data @@ -70,7 +70,7 @@ echo " >>druid>> starting CloudWatch agent $(date)" sed -i \ -e "s||{{DRUID_COMPONENT}}|g" \ -e "s||{{DRUID_CLUSTER_NAME}}|g" \ - -e "s||$AWS_REGION|g" \ + -e "s||AWS_REGION|g" \ -e "s||$($AWS_USE_FIPS_ENDPOINT && echo -fips)|g" \ $DRUID_SOLUTION_CONFIG/cloudwatch-agent/amazon-cloudwatch-agent.json /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -s -c file:$DRUID_SOLUTION_CONFIG/cloudwatch-agent/amazon-cloudwatch-agent.json @@ -131,4 +131,4 @@ $PYTHON $DRUID_HOME/scripts/druid/render_druid_config.py \ --druid-base-url {{DRUID_BASE_URL}} \ --solution-version {{SOLUTION_VERSION}} -COMMON_CONFIG_VERSION={{COMMON_CONFIG_VERSION}} +COMMON_CONFIG_VERSION={{COMMON_CONFIG_VERSION}} \ No newline at end of file diff --git a/source/lib/config/user_data/data_user_data b/source/lib/config/user_data/data_user_data index 1e67a78..8285eda 100644 --- a/source/lib/config/user_data/data_user_data +++ b/source/lib/config/user_data/data_user_data @@ -59,6 +59,7 @@ user=${USER_NAME} autorestart=true redirect_stderr=true stdout_logfile=/var/log/supervisor/historical.log +stopwaitsecs=30 EOF chown -R ${USER_NAME}:${USER_NAME} /home/${USER_NAME}/ /mnt/disk2 diff --git a/source/lib/config/user_data/historical_user_data b/source/lib/config/user_data/historical_user_data index 78fb590..a53572d 100644 --- a/source/lib/config/user_data/historical_user_data +++ b/source/lib/config/user_data/historical_user_data @@ -47,6 +47,7 @@ user=${USER_NAME} autorestart=true redirect_stderr=true stdout_logfile=/var/log/supervisor/historical.log +stopwaitsecs=30 EOF chown -R ${USER_NAME}:${USER_NAME} /home/${USER_NAME}/ /mnt/disk2 diff --git a/source/lib/config/user_data/master_user_data b/source/lib/config/user_data/master_user_data index 2eb1ed9..8cbb3f3 100644 --- a/source/lib/config/user_data/master_user_data +++ b/source/lib/config/user_data/master_user_data @@ -32,6 +32,7 @@ user=${USER_NAME} autorestart=true redirect_stderr=true stdout_logfile=/var/log/supervisor/coordinator.log +stopwaitsecs=30 EOF # change ownership of ${USER_NAME} home directory diff --git a/source/lib/config/user_data/middleManager_user_data b/source/lib/config/user_data/middleManager_user_data index e685770..8879cb5 100644 --- a/source/lib/config/user_data/middleManager_user_data +++ b/source/lib/config/user_data/middleManager_user_data @@ -38,6 +38,7 @@ user=${USER_NAME} autorestart=true redirect_stderr=true stdout_logfile=/var/log/supervisor/middleManager.log +stopwaitsecs=30 EOF # change ownership of ${USER_NAME} home directory diff --git a/source/lib/config/user_data/query_user_data b/source/lib/config/user_data/query_user_data index c21b56b..512eb01 100644 --- a/source/lib/config/user_data/query_user_data +++ b/source/lib/config/user_data/query_user_data @@ -27,6 +27,7 @@ user=${USER_NAME} autorestart=true redirect_stderr=true stdout_logfile=/var/log/supervisor/broker.log +stopwaitsecs=30 EOF cat < $DRUID_HOME/conf/supervisor/supervisord.d/router.conf diff --git a/source/lib/config/user_data/zookeeper_user_data b/source/lib/config/user_data/zookeeper_user_data index 0d2c12f..d40ef67 100644 --- a/source/lib/config/user_data/zookeeper_user_data +++ b/source/lib/config/user_data/zookeeper_user_data @@ -57,7 +57,7 @@ mv apache-zookeeper-{{ZK_VERSION}}-bin apache-zookeeper # Configure CloudWatch agent aws s3 cp s3://{{S3_INSTALLATION_BUCKET}}/config/cloudwatch-agent/amazon-cloudwatch-agent.json /opt/aws/amazon-cloudwatch-agent/etc/ -echo " >>zookeeper>> starting CloudWatch agent $(date)" +echo " >>druid>> starting CloudWatch agent $(date)" sed -i \ -e "s||zookeeper|g" \ -e "s||{{DRUID_CLUSTER_NAME}}|g" \ diff --git a/source/lib/constructs/appRegistryAspect.ts b/source/lib/constructs/appRegistryAspect.ts index e7bc542..4f8b5a9 100644 --- a/source/lib/constructs/appRegistryAspect.ts +++ b/source/lib/constructs/appRegistryAspect.ts @@ -105,7 +105,7 @@ export class AppRegistry extends Construct implements cdk.IAspect { // Add a waiter customer resource to ensure the Resource Group is CREATED. private waitForResourceGroupCreated( application: appRegistry.Application, - vpc: ec2.IVpc, + vpc: ec2.IVpc ): cdk.CustomResource { const lambdaPolicyStatement = new iam.PolicyStatement({ actions: ['servicecatalog:GetApplication'], diff --git a/source/lib/constructs/auroraMetadataStore.ts b/source/lib/constructs/auroraMetadataStore.ts index affd783..399f682 100644 --- a/source/lib/constructs/auroraMetadataStore.ts +++ b/source/lib/constructs/auroraMetadataStore.ts @@ -54,7 +54,7 @@ export class AuroraMetadataStore extends MetadataStore { metadataStoreConfig.rdsParameterGroupName ), }), - caCertificate: rds.CaCertificate.RDS_CA_RDS2048_G1, + caCertificate: rds.CaCertificate.RDS_CA_RSA2048_G1, }; this.dbMasterUserSecret = metadataStoreUtils.createDatabaseSecret( diff --git a/source/lib/constructs/baseInfrastructure.ts b/source/lib/constructs/baseInfrastructure.ts index 5ef0d0d..00ff226 100644 --- a/source/lib/constructs/baseInfrastructure.ts +++ b/source/lib/constructs/baseInfrastructure.ts @@ -71,7 +71,8 @@ export class BaseInfrastructure extends Construct { removalPolicy: props.removalPolicy, }; - this.serverAccessLogsBucket = new s3.Bucket(this, 'server-access-logs-bucket', { + // prettier-ignore + this.serverAccessLogsBucket = new s3.Bucket(this, 'server-access-logs-bucket', { // NOSONAR (typescript:S6281) - log bucket ...commonS3BucketProperties, encryption: s3.BucketEncryption.S3_MANAGED, }); @@ -112,7 +113,8 @@ export class BaseInfrastructure extends Construct { }); if (props.initInstallationBucket) { - this.installationBucket = new s3.Bucket( + // prettier-ignore + this.installationBucket = new s3.Bucket( // NOSONAR (typescript:S6281) - log bucket this, 'bootstrap-s3-bucket-installation', { @@ -124,14 +126,17 @@ export class BaseInfrastructure extends Construct { ); if (!props.selfManageInstallationBucketAssets) { - new BucketDeployment(this, 'bucket-deployment-scripts', { + // using prettier-ignore prevents prettier from reformatting the nosonar line to the next line + // prettier-ignore + new BucketDeployment(this, 'bucket-deployment-scripts', { // NOSONAR (typescript:S1848) - cdk construct is used sources: [Source.asset('lib/uploads/scripts')], destinationBucket: this.installationBucket, destinationKeyPrefix: SCRIPTS_FOLDER, vpc: this.vpc, }); - new BucketDeployment(this, 'bucket-deployment-extensions', { + // prettier-ignore + new BucketDeployment(this, 'bucket-deployment-extensions', { // NOSONAR (typescript:S1848) - cdk construct is used sources: [Source.asset(`lib/docker/extensions`)], destinationBucket: this.installationBucket, destinationKeyPrefix: EXTENSIONS_FOLDER, @@ -139,7 +144,8 @@ export class BaseInfrastructure extends Construct { vpc: this.vpc, }); - new BucketDeployment(this, 'bucket-deployment-config', { + // prettier-ignore + new BucketDeployment(this, 'bucket-deployment-config', { // NOSONAR (typescript:S1848) - cdk construct is used sources: [Source.asset('lib/uploads/config')], destinationBucket: this.installationBucket, destinationKeyPrefix: CONFIG_FOLDER, @@ -147,7 +153,8 @@ export class BaseInfrastructure extends Construct { vpc: this.vpc, }); - new BucketDeployment(this, 'bucket-deployment-rds-ca-bundle', { + // prettier-ignore + new BucketDeployment(this, 'bucket-deployment-rds-ca-bundle', { // NOSONAR (typescript:S1848) - cdk construct is used sources: [Source.asset('lib/docker/ca-certs')], destinationBucket: this.installationBucket, destinationKeyPrefix: 'ca-certs', @@ -218,7 +225,8 @@ export class BaseInfrastructure extends Construct { enableKeyRotation: true, }); - this.deepStorageBucket = new s3.Bucket(this, 'deep-storage-bucket', { + // prettier-ignore + this.deepStorageBucket = new s3.Bucket(this, 'deep-storage-bucket', { // NOSONAR (typescript:S6281) - log bucket ...commonS3BucketProperties, encryptionKey: this.deepStorageEncryptionKey, encryption: s3.BucketEncryption.KMS, diff --git a/source/lib/constructs/configScheme.ts b/source/lib/constructs/configScheme.ts index 406b2de..11b1a9f 100644 --- a/source/lib/constructs/configScheme.ts +++ b/source/lib/constructs/configScheme.ts @@ -25,7 +25,7 @@ export const configScheme = { pattern: '^[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}/[0-9]{1,2}$', title: 'VPC CIDR', description: 'CIDR of the VPC to use.', - examples: ['10.0.0.0/16'], + examples: ['10.0.0.0/16'], // NOSONAR (typescript:S1313:IPADDRESS) $id: '#/properties/vpcCidr', }, vpcId: { @@ -279,7 +279,8 @@ export const configScheme = { type: 'boolean', title: 'Enable self management for installation bucket assets', $id: '#/properties/selfManageInstallationBucketAssets', - description: 'Whether to enable self management for installation bucket assets.', + description: + 'Whether to enable self management for installation bucket assets.', }, environmentAgnostic: { type: 'boolean', diff --git a/source/lib/constructs/druidAutoScalingGroup.ts b/source/lib/constructs/druidAutoScalingGroup.ts index 3063803..16bde1a 100644 --- a/source/lib/constructs/druidAutoScalingGroup.ts +++ b/source/lib/constructs/druidAutoScalingGroup.ts @@ -15,8 +15,8 @@ */ import * as as from 'aws-cdk-lib/aws-autoscaling'; import * as cdk from 'aws-cdk-lib'; -import * as ssm from 'aws-cdk-lib/aws-ssm'; import * as ec2 from 'aws-cdk-lib/aws-ec2'; +import * as ssm from 'aws-cdk-lib/aws-ssm'; import * as utils from '../utils/utils'; import { @@ -37,9 +37,9 @@ import { BaseInfrastructure } from './baseInfrastructure'; import { Construct } from 'constructs'; import { IRole } from 'aws-cdk-lib/aws-iam'; import { MetadataStore } from './metadataStore'; +import { SSMAutomation } from './ssmAutomation'; import { ZooKeeper } from './zookeeper'; import { readFileSync } from 'fs'; -import { SSMAutomation } from './ssmAutomation'; export interface DruidAutoScalingGroupProps { readonly asgContext: DruidAutoScalingGroupContext; @@ -144,14 +144,17 @@ export class DruidAutoScalingGroup extends Construct { nodeTierName: string, gracefulTerminationParam: ssm.IStringParameter ): void { - new as.CfnLifecycleHook(this, 'lifecycle-termination', { + // using prettier-ignore prevents prettier from reformatting the nosonar line to the next line + // prettier-ignore + new as.CfnLifecycleHook(this, 'lifecycle-termination', { // NOSONAR (typescript:S1848) - cdk construct is used autoScalingGroupName: asg.autoScalingGroupName, lifecycleTransition: as.LifecycleTransition.INSTANCE_TERMINATING, defaultResult: as.DefaultResult.CONTINUE, heartbeatTimeout: INSTANCE_TERMINATION_TIMEOUT, }); - new SSMAutomation(this, 'ssm-automation', { + // prettier-ignore + new SSMAutomation(this, 'ssm-automation', { // NOSONAR (typescript:S1848) - cdk construct is used nodeType, serviceName: `${asgContext.clusterParams.druidClusterName}_${nodeTierName}`, secretArn: diff --git a/source/lib/constructs/druidEksBase.ts b/source/lib/constructs/druidEksBase.ts index 797b856..e8a4e7b 100644 --- a/source/lib/constructs/druidEksBase.ts +++ b/source/lib/constructs/druidEksBase.ts @@ -38,7 +38,7 @@ import { DruidClusterParameters, EksConfig } from '../utils/types'; import { Asset } from 'aws-cdk-lib/aws-s3-assets'; import { BaseInfrastructure } from './baseInfrastructure'; import { Construct } from 'constructs'; -import { KubectlV23Layer } from '@aws-cdk/lambda-layer-kubectl-v23'; +import { KubectlV29Layer } from '@aws-cdk/lambda-layer-kubectl-v29'; import { MetadataStore } from './metadataStore'; export interface DruidEksBaseProps { @@ -116,9 +116,9 @@ export abstract class DruidEksBase extends Construct { protected getCommonEksClusterParams(): any { return { vpc: this.props.baseInfra.vpc, - version: eks.KubernetesVersion.of('1.27'), - kubectlLayer: new KubectlV23Layer(this, 'KubectlLayer'), - albController: { version: eks.AlbControllerVersion.V2_5_1 }, + version: eks.KubernetesVersion.V1_29, + kubectlLayer: new KubectlV29Layer(this, 'KubectlLayer'), + albController: { version: eks.AlbControllerVersion.V2_6_2 }, vpcSubnets: [{ subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS }], outputClusterName: true, endpointAccess: this.getEndpointAccessType( @@ -426,8 +426,7 @@ export abstract class DruidEksBase extends Construct { oidc_discovery_uri: this.props.druidClusterParams.oidcIdpConfig?.discoveryURI, oidc_group_claim_name: this.props.druidClusterParams.oidcIdpConfig?.groupClaimName, - oidc_custom_scopes: - this.props.druidClusterParams.oidcIdpConfig?.customScopes, + oidc_custom_scopes: this.props.druidClusterParams.oidcIdpConfig?.customScopes, alb_scheme: this.props.druidClusterParams.internetFacing ? 'internet-facing' : 'internal', diff --git a/source/lib/constructs/druidVpc.ts b/source/lib/constructs/druidVpc.ts index 3aeec9f..0996b40 100644 --- a/source/lib/constructs/druidVpc.ts +++ b/source/lib/constructs/druidVpc.ts @@ -66,7 +66,7 @@ export class DruidVpc extends constructs.Construct implements ec2.IVpc { ); this.vpcCidrBlock = utils.ifUndefined( props.ipAddresses?.allocateVpcCidr().cidrBlock, - '10.0.0.0/16' + '10.0.0.0/16' // NOSONAR (typescript:S1313:IPADDRESS) ); this.publicSubnets = props.subnetMappings ? props.subnetMappings.ingress.map((x) => @@ -100,7 +100,7 @@ export class DruidVpc extends constructs.Construct implements ec2.IVpc { }); this.addInterfaceEndpoint('cloudwatch-vpc-endpoint', { - service: ec2.InterfaceVpcEndpointAwsService.CLOUDWATCH, + service: ec2.InterfaceVpcEndpointAwsService.CLOUDWATCH_MONITORING, }); this.addInterfaceEndpoint('logs-vpc-endpoint', { diff --git a/source/lib/constructs/internalCertificateAuthority.ts b/source/lib/constructs/internalCertificateAuthority.ts index 7e66b96..61e394b 100644 --- a/source/lib/constructs/internalCertificateAuthority.ts +++ b/source/lib/constructs/internalCertificateAuthority.ts @@ -31,45 +31,47 @@ export interface InternalCertificateAuthorityProps { } export class InternalCertificateAuthority extends Construct { - public readonly TlsCertificate: secretsmanager.ISecret; + public readonly TlsCertificate: secretsmanager.ISecret; - public constructor(scope: Construct, id: string, props: InternalCertificateAuthorityProps) { - super(scope, id); + public constructor( + scope: Construct, + id: string, + props: InternalCertificateAuthorityProps + ) { + super(scope, id); - this.TlsCertificate = new secretsmanager.Secret(this, 'tls-certificate', { - description: 'TLS certificates for druid internal components', - encryptionKey: new kms.Key(this, 'tls-certificate-encryption-key', { - enableKeyRotation: true, - removalPolicy: cdk.RemovalPolicy.RETAIN_ON_UPDATE_OR_DELETE - }), - removalPolicy: cdk.RemovalPolicy.RETAIN_ON_UPDATE_OR_DELETE - }); + this.TlsCertificate = new secretsmanager.Secret(this, 'tls-certificate', { + description: 'TLS certificates for druid internal components', + encryptionKey: new kms.Key(this, 'tls-certificate-encryption-key', { + enableKeyRotation: true, + removalPolicy: cdk.RemovalPolicy.RETAIN_ON_UPDATE_OR_DELETE, + }), + removalPolicy: cdk.RemovalPolicy.RETAIN_ON_UPDATE_OR_DELETE, + }); - const handler = new lambdaNodejs.NodejsFunction( - this, - 'tls-generator-handler', - { - vpc: props.vpc, - vpcSubnets: { - subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS, - }, - entry: path.join(__dirname, '../lambdas/certificateGenerator.ts'), - handler: 'onEventHandler', - runtime: lambda.Runtime.NODEJS_LATEST, - timeout: cdk.Duration.minutes(15), - description: 'Generates TLS certificates for Druid internal components' - } - ); + const handler = new lambdaNodejs.NodejsFunction(this, 'tls-generator-handler', { + vpc: props.vpc, + vpcSubnets: { + subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS, + }, + entry: path.join(__dirname, '../lambdas/certificateGenerator.ts'), + handler: 'onEventHandler', + runtime: lambda.Runtime.NODEJS_LATEST, + timeout: cdk.Duration.minutes(15), + description: 'Generates TLS certificates for Druid internal components', + }); - this.TlsCertificate.grantWrite(handler); + this.TlsCertificate.grantWrite(handler); - const provider = new cr.Provider(this, 'provider', { - onEventHandler: handler - }); + const provider = new cr.Provider(this, 'provider', { + onEventHandler: handler, + }); - new cdk.CustomResource(this, 'tls-generator-custom-resource', { - serviceToken: provider.serviceToken, - properties: { TLSSecretId: this.TlsCertificate.secretArn } - }); - } + // using prettier-ignore prevents prettier from reformatting the nosonar line to the next line + // prettier-ignore + new cdk.CustomResource(this, 'tls-generator-custom-resource', { // NOSONAR (typescript:S1848) - cdk construct is used + serviceToken: provider.serviceToken, + properties: { TLSSecretId: this.TlsCertificate.secretArn }, + }); + } } diff --git a/source/lib/constructs/loadBalancerControllerCleanup.ts b/source/lib/constructs/loadBalancerControllerCleanup.ts index 33e3634..4a58ce5 100644 --- a/source/lib/constructs/loadBalancerControllerCleanup.ts +++ b/source/lib/constructs/loadBalancerControllerCleanup.ts @@ -61,7 +61,8 @@ export class LoadBalancerControllerCleanup extends Construct { onEventHandler: fn, }); - new CustomResource(this, 'load-balancer-controller-cr', { + // prettier-ignore + new CustomResource(this, 'load-balancer-controller-cr', { // NOSONAR (typescript:S1848) - cdk construct is used serviceToken: provider.serviceToken, properties: { eksClusterId: props.eksClusterId, diff --git a/source/lib/k8s-manifests/druid-cluster-eks.yaml b/source/lib/k8s-manifests/druid-cluster-eks.yaml index 13d5ee6..52ef11e 100644 --- a/source/lib/k8s-manifests/druid-cluster-eks.yaml +++ b/source/lib/k8s-manifests/druid-cluster-eks.yaml @@ -759,4 +759,4 @@ spec: values: - router topologyKey: kubernetes.io/hostname - {{/capacity_provider_ec2}} + {{/capacity_provider_ec2}} \ No newline at end of file diff --git a/source/lib/lambdas/canary.js b/source/lib/lambdas/canary.js index 3db66f7..11e7d3e 100644 --- a/source/lib/lambdas/canary.js +++ b/source/lib/lambdas/canary.js @@ -4,50 +4,51 @@ const synthetics = require('Synthetics'); synthetics.setLogLevel(0); exports.handler = async () => { - log.debug(`Starting canary run`); - - try { - const hostname = new URL(process.env.DRUID_ENDPOINT).hostname; - - const requestOptions = { - hostname, - method: 'GET', - port: 443, - protocol: 'https:', - }; - - const callback = async function (res) { - log.debug(`Received response status ${res.statusCode}`); - - return new Promise((resolve, reject) => { - if (res.statusCode === 403) { - // getting forbidden means the authentication (if configured) works, which also means the cluster is up and running - resolve('OK'); - } - - if (res.statusCode < 200 || res.statusCode > 399) { - reject(`${res.statusCode} ${res.statusMessage}`); - } - - resolve('OK'); - }); - }; - - const stepConfig = { - includeRequestHeaders: true, - includeResponseHeaders: true, - includeRequestBody: true, - includeResponseBody: true, - }; - - await synthetics.executeHttpStep( - 'Verifying Druid console', - requestOptions, - callback, - stepConfig - ); - } catch (e) { - log.error(`Canary run ended with a failure ${JSON.stringify(e)}`); - throw e; - } + log.debug(`Starting canary run`); + + try { + const druidUrl = new URL(process.env.DRUID_ENDPOINT); + const tempPort = druidUrl.protocol === 'https:' ? 443 : 80; + + const requestOptions = { + hostname: druidUrl.hostname, + method: 'GET', + port: druidUrl.port ? druidUrl.port : tempPort, + protocol: druidUrl.protocol, + }; + + const callback = async function (res) { + log.debug(`Received response status ${res.statusCode}`); + + return new Promise((resolve, reject) => { + if (res.statusCode === 403) { + // getting forbidden means the authentication (if configured) works, which also means the cluster is up and running + resolve('OK'); + } + + if (res.statusCode < 200 || res.statusCode > 399) { + reject(`${res.statusCode} ${res.statusMessage}`); + } + + resolve('OK'); + }); + }; + + const stepConfig = { + includeRequestHeaders: true, + includeResponseHeaders: true, + includeRequestBody: true, + includeResponseBody: true, + }; + + await synthetics.executeHttpStep( + 'Verifying Druid console', + requestOptions, + callback, + stepConfig + ); + } catch (e) { + log.error(`Canary run ended with a failure ${JSON.stringify(e)}`); + throw e; + } }; diff --git a/source/lib/lambdas/certificateGenerator.ts b/source/lib/lambdas/certificateGenerator.ts index 9a56ab2..c868ddd 100644 --- a/source/lib/lambdas/certificateGenerator.ts +++ b/source/lib/lambdas/certificateGenerator.ts @@ -42,12 +42,12 @@ export async function onEventHandler( if (event.RequestType === 'Create') { const certificate = generateCA(); - fs.writeFileSync('/tmp/output.p12', certificate, 'binary'); + fs.writeFileSync('/tmp/output.p12', certificate, 'binary'); // NOSONAR (typescript:S5443:directories are used safely here) await secrets.send( new sm.UpdateSecretCommand({ SecretId: event.ResourceProperties.TLSSecretId, - SecretBinary: fs.readFileSync('/tmp/output.p12'), + SecretBinary: fs.readFileSync('/tmp/output.p12'), // NOSONAR (typescript:S5443:directories are used safely here) }) ); } diff --git a/source/lib/stacks/druidEc2Stack.ts b/source/lib/stacks/druidEc2Stack.ts index a9082ab..1a8a309 100644 --- a/source/lib/stacks/druidEc2Stack.ts +++ b/source/lib/stacks/druidEc2Stack.ts @@ -133,7 +133,9 @@ export class DruidEc2Stack extends DruidStack { 'Allow HTTP access to query nodes' ); if (this.webAcl) { - new wafv2.CfnWebACLAssociation(this, 'MyCDKWebACLAssociation', { + // using prettier-ignore prevents prettier from reformatting the nosonar line to the next line + // prettier-ignore + new wafv2.CfnWebACLAssociation(this, 'MyCDKWebACLAssociation', { // NOSONAR (typescript:S1848) - cdk construct is used resourceArn: appLoadBalancer.loadBalancerArn, webAclArn: this.webAcl.attrArn, }); @@ -158,7 +160,8 @@ export class DruidEc2Stack extends DruidStack { : `http://${appLoadBalancer.loadBalancerDnsName}`; if (this.hostedZone && props.route53Params) { - new route53.ARecord(this, 'route53-alias-record', { + // prettier-ignore + new route53.ARecord(this, 'route53-alias-record', { // NOSONAR (typescript:S1848) - cdk construct is used zone: this.hostedZone, target: route53.RecordTarget.fromAlias( new LoadBalancerTarget(appLoadBalancer) @@ -202,7 +205,7 @@ export class DruidEc2Stack extends DruidStack { dataAsgList.forEach((dataAsg) => { if (this.baseInfra.druidImageDeployment) { dataAsg.autoScalingGroup.node.addDependency( - this.baseInfra.druidImageDeployment!, + this.baseInfra.druidImageDeployment ); } dataAsg.autoScalingGroup.node.addDependency( @@ -227,7 +230,8 @@ export class DruidEc2Stack extends DruidStack { masterAsg.autoScalingGroup.node.addDependency(queryAsg.autoScalingGroup); }); - new OperationalMetricsCollection(this, 'metrics-collection', { + // prettier-ignore + new OperationalMetricsCollection(this, 'metrics-collection', { // NOSONAR (typescript:S1848) - cdk construct is used vpc: this.baseInfra.vpc, awsSolutionId: props.solutionId, awsSolutionVersion: props.solutionVersion, @@ -238,7 +242,8 @@ export class DruidEc2Stack extends DruidStack { }); if (props.clusterParams.druidRetentionRules) { - new RetentionConfig(this, 'druid-retention-config', { + // prettier-ignore + new RetentionConfig(this, 'druid-retention-config', { // NOSONAR (typescript:S1848) - cdk construct is used vpc: this.baseInfra.vpc, retentionRules: props.clusterParams.druidRetentionRules, druidEndpoint: this.druidBaseUrl, @@ -274,7 +279,8 @@ export class DruidEc2Stack extends DruidStack { props.removalPolicy ); - new cdk.CfnOutput(this, 'druid-base-url', { + // prettier-ignore + new cdk.CfnOutput(this, 'druid-base-url', { // NOSONAR (typescript:S1848) - cdk construct is used value: this.druidBaseUrl, }); } @@ -1011,7 +1017,8 @@ export class DruidEc2Stack extends DruidStack { ); }); - new MonitoringDashboard(this, 'druid-ops-dashboard', { + // prettier-ignore + new MonitoringDashboard(this, 'druid-ops-dashboard', { // NOSONAR (typescript:S1848) - cdk construct is used druidClusterName, albName: appLoadBalancer.loadBalancerFullName, computeWidgets, @@ -1037,7 +1044,8 @@ export class DruidEc2Stack extends DruidStack { ); }); - new DruidAlarms(this, 'alarms', { + // prettier-ignore + new DruidAlarms(this, 'alarms', { // NOSONAR (typescript:S1848) - cdk construct is used druidClusterName, loadBalancerFullName: appLoadBalancer.loadBalancerFullName, targetGroupName: queryTargetGroup.targetGroupFullName, diff --git a/source/lib/stacks/druidEksStack.ts b/source/lib/stacks/druidEksStack.ts index a6f05b8..2292bcb 100644 --- a/source/lib/stacks/druidEksStack.ts +++ b/source/lib/stacks/druidEksStack.ts @@ -86,7 +86,9 @@ export class DruidEksStack extends DruidStack { this.createCanary(`https://${props.druidDomain}`); } - new OperationalMetricsCollection(this, 'metrics-collection', { + // using prettier-ignore prevents prettier from reformatting the nosonar line to the next line + // prettier-ignore + new OperationalMetricsCollection(this, 'metrics-collection', { // NOSONAR (typescript:S1848) - cdk construct is used vpc: this.baseInfra.vpc, awsSolutionId: props.solutionId, awsSolutionVersion: props.solutionVersion, @@ -119,7 +121,9 @@ export class DruidEksStack extends DruidStack { } // create monitoring dashboard - new MonitoringDashboard(this, 'druid-ops-dashboard', { + // prettier-ignore + new MonitoringDashboard(this, 'druid-ops-dashboard', { // NOSONAR (typescript:S1848) - cdk construct is used + druidClusterName: druidEksProps.druidClusterParams.druidClusterName, computeWidgets: [ ...this.getEksWidgets(druidEksProps.druidClusterParams.druidClusterName), @@ -127,8 +131,8 @@ export class DruidEksStack extends DruidStack { metadataDatabaseWidget: [...this.cluster.metadataDb.getCloudWatchWidgets()], deepStorageBucketName: this.baseInfra.deepStorageBucket.bucketName, }); - - new DruidAlarms(this, 'alarms', { + // prettier-ignore + new DruidAlarms(this, 'alarms', { // NOSONAR (typescript:S1848) - cdk construct is used druidClusterName: druidEksProps.druidClusterParams.druidClusterName, dbIdentifier: this.cluster.metadataDb.dbIdentifier, zookeeperNodeCount: diff --git a/source/lib/stacks/druidStack.ts b/source/lib/stacks/druidStack.ts index 3fb5ea2..0036a25 100644 --- a/source/lib/stacks/druidStack.ts +++ b/source/lib/stacks/druidStack.ts @@ -104,7 +104,9 @@ export abstract class DruidStack extends cdk.Stack { if (props.enableVulnerabilityScanJob) { // enable vulnerability scan cron job for fedramp/fips installations - new VulnerabilityScan(this, 'vulnerability-scan', { + // using prettier-ignore prevents prettier from reformatting the nosonar line to the next line + // prettier-ignore + new VulnerabilityScan(this, 'vulnerability-scan', { // NOSONAR (typescript:S1848) - cdk construct is used druidVersion: props.clusterParams.druidVersion, removalPolicy: props.removalPolicy, }); diff --git a/source/lib/uploads/config/_common/common.runtime.properties b/source/lib/uploads/config/_common/common.runtime.properties index 4e65cb2..d66518e 100644 --- a/source/lib/uploads/config/_common/common.runtime.properties +++ b/source/lib/uploads/config/_common/common.runtime.properties @@ -180,5 +180,4 @@ druid.auth.authorizers=["basic"] druid.auth.authorizer.basic.type=basic druid.auth.authorizer.basic.enableCacheNotifications=true druid.auth.authorizer.basic.roleProvider.type=context -druid.auth.authorizer.basic.initialAdminRole=admin - +druid.auth.authorizer.basic.initialAdminRole=admin \ No newline at end of file diff --git a/source/lib/uploads/scripts/druid/check_druid_status.py b/source/lib/uploads/scripts/druid/check_druid_status.py index ba66b69..2a9c2ca 100644 --- a/source/lib/uploads/scripts/druid/check_druid_status.py +++ b/source/lib/uploads/scripts/druid/check_druid_status.py @@ -227,4 +227,4 @@ def main(): if __name__ == "__main__": - main() + main() \ No newline at end of file diff --git a/source/lib/uploads/scripts/druid/render_druid_config.py b/source/lib/uploads/scripts/druid/render_druid_config.py index c255e09..b039f4b 100644 --- a/source/lib/uploads/scripts/druid/render_druid_config.py +++ b/source/lib/uploads/scripts/druid/render_druid_config.py @@ -155,4 +155,4 @@ def main(): if __name__ == '__main__': - main() + main() \ No newline at end of file diff --git a/source/lib/uploads/scripts/druid/render_utils.py b/source/lib/uploads/scripts/druid/render_utils.py index 1926697..91a4271 100644 --- a/source/lib/uploads/scripts/druid/render_utils.py +++ b/source/lib/uploads/scripts/druid/render_utils.py @@ -66,4 +66,4 @@ def read_json_config( except json.decoder.JSONDecodeError: print(f'{file_name} is empty or contains invalid JSON data.') - return default_value + return default_value \ No newline at end of file diff --git a/source/lib/uploads/scripts/druid/terminate_druid_node.sh b/source/lib/uploads/scripts/druid/terminate_druid_node.sh index 0107d4b..30f992c 100644 --- a/source/lib/uploads/scripts/druid/terminate_druid_node.sh +++ b/source/lib/uploads/scripts/druid/terminate_druid_node.sh @@ -109,6 +109,8 @@ waitForProcess() { else echo "The new node is up. Stopping old node..." $SUPERVISORCTL_CMD stop $process_name + # wait gracefulShutdownTimeout for 30 seconds + sleep 30 break fi done diff --git a/source/lib/utils/constants.ts b/source/lib/utils/constants.ts index 9b382ab..e489d0c 100644 --- a/source/lib/utils/constants.ts +++ b/source/lib/utils/constants.ts @@ -74,7 +74,7 @@ export const DRUID_DEFAULT_VERSION = '27.0.0'; export const DEFAULT_POSTGRES_PORT = 5432; -export const DEFAULT_POSTGRES_VERSION = rds.AuroraPostgresEngineVersion.VER_13_9; +export const DEFAULT_POSTGRES_VERSION = rds.AuroraPostgresEngineVersion.VER_14_9; export const DEFAULT_NUM_HTTP_CONNECTIONS = 100; diff --git a/source/package-lock.json b/source/package-lock.json index ed73f63..ff401a7 100644 --- a/source/package-lock.json +++ b/source/package-lock.json @@ -1,23 +1,23 @@ { "name": "scalable-analytics-using-apache-druid-on-aws", - "version": "1.0.0", + "version": "1.0.1", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "scalable-analytics-using-apache-druid-on-aws", - "version": "1.0.0", + "version": "1.0.1", "license": "Apache-2.0", "dependencies": { - "@aws-cdk/aws-servicecatalogappregistry-alpha": "^2.115.0-alpha.0", - "@aws-cdk/lambda-layer-kubectl-v23": "^2.0.3", + "@aws-cdk/aws-servicecatalogappregistry-alpha": "^2.146.0-alpha.0", + "@aws-cdk/lambda-layer-kubectl-v29": "^2.0.0", "@aws-sdk/client-elastic-load-balancing-v2": "^3.477.0", "@aws-sdk/client-route-53": "^3.477.0", "@aws-sdk/client-secrets-manager": "^3.477.0", "@aws-sdk/client-service-catalog-appregistry": "^3.477.0", "@types/mustache": "^4.2.2", "ajv": "^8.12.0", - "aws-cdk-lib": "^2.115.0", + "aws-cdk-lib": "^2.146.0", "axios": "^1.3.5", "constructs": "^10.3.0", "cron-parser": "^4.8.1", @@ -42,7 +42,7 @@ "@types/uuid": "^9.0.1", "@typescript-eslint/eslint-plugin": "^6.2.1", "@typescript-eslint/parser": "^6.2.1", - "aws-cdk": "^2.115.0", + "aws-cdk": "^2.146.0", "aws-sdk-client-mock": "^3.0.0", "esbuild": "^0.18.15", "eslint": "^8.35.0", @@ -81,9 +81,9 @@ } }, "node_modules/@aws-cdk/asset-awscli-v1": { - "version": "2.2.201", - "resolved": "https://registry.npmjs.org/@aws-cdk/asset-awscli-v1/-/asset-awscli-v1-2.2.201.tgz", - "integrity": "sha512-INZqcwDinNaIdb5CtW3ez5s943nX5stGBQS6VOP2JDlOFP81hM3fds/9NDknipqfUkZM43dx+HgVvkXYXXARCQ==" + "version": "2.2.202", + "resolved": "https://registry.npmjs.org/@aws-cdk/asset-awscli-v1/-/asset-awscli-v1-2.2.202.tgz", + "integrity": "sha512-JqlF0D4+EVugnG5dAsNZMqhu3HW7ehOXm5SDMxMbXNDMdsF0pxtQKNHRl52z1U9igsHmaFpUgSGjbhAJ+0JONg==" }, "node_modules/@aws-cdk/asset-kubectl-v20": { "version": "2.1.2", @@ -91,26 +91,26 @@ "integrity": "sha512-3M2tELJOxQv0apCIiuKQ4pAbncz9GuLwnKFqxifWfe77wuMxyTRPmxssYHs42ePqzap1LT6GDcPygGs+hHstLg==" }, "node_modules/@aws-cdk/asset-node-proxy-agent-v6": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/@aws-cdk/asset-node-proxy-agent-v6/-/asset-node-proxy-agent-v6-2.0.1.tgz", - "integrity": "sha512-DDt4SLdLOwWCjGtltH4VCST7hpOI5DzieuhGZsBpZ+AgJdSI2GCjklCXm0GCTwJG/SolkL5dtQXyUKgg9luBDg==" + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/@aws-cdk/asset-node-proxy-agent-v6/-/asset-node-proxy-agent-v6-2.0.3.tgz", + "integrity": "sha512-twhuEG+JPOYCYPx/xy5uH2+VUsIEhPTzDY0F1KuB+ocjWWB/KEDiOVL19nHvbPCB6fhWnkykXEMJ4HHcKvjtvg==" }, "node_modules/@aws-cdk/aws-servicecatalogappregistry-alpha": { - "version": "2.115.0-alpha.0", - "resolved": "https://registry.npmjs.org/@aws-cdk/aws-servicecatalogappregistry-alpha/-/aws-servicecatalogappregistry-alpha-2.115.0-alpha.0.tgz", - "integrity": "sha512-Xy5TzxghGYj6MEFBJ6bMbgNMpONtR6yN6sLlAndlGc/p2EyYThUS+UIGp6DoIYN+PVSBecZ4yy0JjNjhlePDAA==", + "version": "2.146.0-alpha.0", + "resolved": "https://registry.npmjs.org/@aws-cdk/aws-servicecatalogappregistry-alpha/-/aws-servicecatalogappregistry-alpha-2.146.0-alpha.0.tgz", + "integrity": "sha512-Ji0HF6h+ytHsLqvkrG944CUSW5DwrI4VG1I6EBz5gVcP64TMG+zph3yqvwbEK5YTepUDxzX3qMT8MNbFaP3AIQ==", "engines": { "node": ">= 14.15.0" }, "peerDependencies": { - "aws-cdk-lib": "^2.115.0", + "aws-cdk-lib": "^2.146.0", "constructs": "^10.0.0" } }, - "node_modules/@aws-cdk/lambda-layer-kubectl-v23": { - "version": "2.0.8", - "resolved": "https://registry.npmjs.org/@aws-cdk/lambda-layer-kubectl-v23/-/lambda-layer-kubectl-v23-2.0.8.tgz", - "integrity": "sha512-egSftvjCVB9JHxNAtGLs8g1vMS2JYd+2NX51K9EqrjF2ew9FcsQFy9KGJVGpfMuyIe2GQBY6hX+VeeFw5R2JDQ==", + "node_modules/@aws-cdk/lambda-layer-kubectl-v29": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/@aws-cdk/lambda-layer-kubectl-v29/-/lambda-layer-kubectl-v29-2.0.0.tgz", + "integrity": "sha512-X6RKZPcPGkYSp9/AhiNtEL7Vz2I77qCdbr5XGtqFeIyw/620Qo2ZIRFr2AjWfGEj81gvcwUbVW5lZ6+EqqyqlA==", "peerDependencies": { "aws-cdk-lib": "^2.28.0", "constructs": "^10.0.5" @@ -3274,9 +3274,9 @@ "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==" }, "node_modules/aws-cdk": { - "version": "2.115.0", - "resolved": "https://registry.npmjs.org/aws-cdk/-/aws-cdk-2.115.0.tgz", - "integrity": "sha512-jf+5j+ygk/DqxLzYyjFnCOOlRgvL/fwcYhyanhpb1OEQEe1FF6NGUb1TYsnQc3Ly67qLOKkQgdeyeXgzkKoSOQ==", + "version": "2.146.0", + "resolved": "https://registry.npmjs.org/aws-cdk/-/aws-cdk-2.146.0.tgz", + "integrity": "sha512-uLotAflIqQn8rskLC1r2NGNMaTwDgW8Vq016QiACmatIcp2n/hfNlwazg+hRlSzq2FwGda6Qht2aOlsGm0QcBw==", "dev": true, "bin": { "cdk": "bin/cdk" @@ -3289,9 +3289,9 @@ } }, "node_modules/aws-cdk-lib": { - "version": "2.115.0", - "resolved": "https://registry.npmjs.org/aws-cdk-lib/-/aws-cdk-lib-2.115.0.tgz", - "integrity": "sha512-PGIwmjo9BcviKxuMfMlUCwevUjwXnaS5h8fxZOM6bN1HXCS/wIusft4tMmkiNYjPiNE1sHJbCDIbxxntCQ/7jg==", + "version": "2.146.0", + "resolved": "https://registry.npmjs.org/aws-cdk-lib/-/aws-cdk-lib-2.146.0.tgz", + "integrity": "sha512-W3F2zH+P7hUxmu2dlEKJBBi6Twc4//NsJJW00h2LN0dKU+2302QY8jR+P7jgEYzZ7U50phtH4zO6BPmJrhLVEg==", "bundleDependencies": [ "@balena/dockerignore", "case", @@ -3302,21 +3302,23 @@ "punycode", "semver", "table", - "yaml" + "yaml", + "mime-types" ], "dependencies": { - "@aws-cdk/asset-awscli-v1": "^2.2.201", + "@aws-cdk/asset-awscli-v1": "^2.2.202", "@aws-cdk/asset-kubectl-v20": "^2.1.2", - "@aws-cdk/asset-node-proxy-agent-v6": "^2.0.1", + "@aws-cdk/asset-node-proxy-agent-v6": "^2.0.3", "@balena/dockerignore": "^1.0.2", "case": "1.6.3", "fs-extra": "^11.2.0", - "ignore": "^5.3.0", + "ignore": "^5.3.1", "jsonschema": "^1.4.1", + "mime-types": "^2.1.35", "minimatch": "^3.1.2", "punycode": "^2.3.1", - "semver": "^7.5.4", - "table": "^6.8.1", + "semver": "^7.6.2", + "table": "^6.8.2", "yaml": "1.10.2" }, "engines": { @@ -3332,14 +3334,14 @@ "license": "Apache-2.0" }, "node_modules/aws-cdk-lib/node_modules/ajv": { - "version": "8.12.0", + "version": "8.16.0", "inBundle": true, "license": "MIT", "dependencies": { - "fast-deep-equal": "^3.1.1", + "fast-deep-equal": "^3.1.3", "json-schema-traverse": "^1.0.0", "require-from-string": "^2.0.2", - "uri-js": "^4.2.2" + "uri-js": "^4.4.1" }, "funding": { "type": "github", @@ -3448,7 +3450,7 @@ "license": "ISC" }, "node_modules/aws-cdk-lib/node_modules/ignore": { - "version": "5.3.0", + "version": "5.3.1", "inBundle": true, "license": "MIT", "engines": { @@ -3492,15 +3494,23 @@ "inBundle": true, "license": "MIT" }, - "node_modules/aws-cdk-lib/node_modules/lru-cache": { - "version": "6.0.0", + "node_modules/aws-cdk-lib/node_modules/mime-db": { + "version": "1.52.0", "inBundle": true, - "license": "ISC", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/aws-cdk-lib/node_modules/mime-types": { + "version": "2.1.35", + "inBundle": true, + "license": "MIT", "dependencies": { - "yallist": "^4.0.0" + "mime-db": "1.52.0" }, "engines": { - "node": ">=10" + "node": ">= 0.6" } }, "node_modules/aws-cdk-lib/node_modules/minimatch": { @@ -3531,12 +3541,9 @@ } }, "node_modules/aws-cdk-lib/node_modules/semver": { - "version": "7.5.4", + "version": "7.6.2", "inBundle": true, "license": "ISC", - "dependencies": { - "lru-cache": "^6.0.0" - }, "bin": { "semver": "bin/semver.js" }, @@ -3585,7 +3592,7 @@ } }, "node_modules/aws-cdk-lib/node_modules/table": { - "version": "6.8.1", + "version": "6.8.2", "inBundle": true, "license": "BSD-3-Clause", "dependencies": { @@ -3615,11 +3622,6 @@ "punycode": "^2.1.0" } }, - "node_modules/aws-cdk-lib/node_modules/yallist": { - "version": "4.0.0", - "inBundle": true, - "license": "ISC" - }, "node_modules/aws-cdk-lib/node_modules/yaml": { "version": "1.10.2", "inBundle": true, @@ -3783,12 +3785,12 @@ } }, "node_modules/braces": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", - "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz", + "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==", "dev": true, "dependencies": { - "fill-range": "^7.0.1" + "fill-range": "^7.1.1" }, "engines": { "node": ">=8" @@ -4818,9 +4820,9 @@ } }, "node_modules/fill-range": { - "version": "7.0.1", - "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", - "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==", + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", + "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==", "dev": true, "dependencies": { "to-regex-range": "^5.0.1" @@ -4866,8 +4868,14 @@ }, "node_modules/follow-redirects": { "version": "1.15.6", - "resolved": "https://packages.atlassian.com/api/npm/npm-remote/follow-redirects/-/follow-redirects-1.15.6.tgz", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.6.tgz", "integrity": "sha512-wWN62YITEaOpSK584EZXJafH1AGpO8RVgElfkuXbTOrPX4fIfOyEpW/CsiNd8JdYrAoOvafRTOEnvsO++qCqFA==", + "funding": [ + { + "type": "individual", + "url": "https://github.com/sponsors/RubenVerborgh" + } + ], "engines": { "node": ">=4.0" }, @@ -7578,9 +7586,9 @@ } }, "@aws-cdk/asset-awscli-v1": { - "version": "2.2.201", - "resolved": "https://registry.npmjs.org/@aws-cdk/asset-awscli-v1/-/asset-awscli-v1-2.2.201.tgz", - "integrity": "sha512-INZqcwDinNaIdb5CtW3ez5s943nX5stGBQS6VOP2JDlOFP81hM3fds/9NDknipqfUkZM43dx+HgVvkXYXXARCQ==" + "version": "2.2.202", + "resolved": "https://registry.npmjs.org/@aws-cdk/asset-awscli-v1/-/asset-awscli-v1-2.2.202.tgz", + "integrity": "sha512-JqlF0D4+EVugnG5dAsNZMqhu3HW7ehOXm5SDMxMbXNDMdsF0pxtQKNHRl52z1U9igsHmaFpUgSGjbhAJ+0JONg==" }, "@aws-cdk/asset-kubectl-v20": { "version": "2.1.2", @@ -7588,20 +7596,20 @@ "integrity": "sha512-3M2tELJOxQv0apCIiuKQ4pAbncz9GuLwnKFqxifWfe77wuMxyTRPmxssYHs42ePqzap1LT6GDcPygGs+hHstLg==" }, "@aws-cdk/asset-node-proxy-agent-v6": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/@aws-cdk/asset-node-proxy-agent-v6/-/asset-node-proxy-agent-v6-2.0.1.tgz", - "integrity": "sha512-DDt4SLdLOwWCjGtltH4VCST7hpOI5DzieuhGZsBpZ+AgJdSI2GCjklCXm0GCTwJG/SolkL5dtQXyUKgg9luBDg==" + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/@aws-cdk/asset-node-proxy-agent-v6/-/asset-node-proxy-agent-v6-2.0.3.tgz", + "integrity": "sha512-twhuEG+JPOYCYPx/xy5uH2+VUsIEhPTzDY0F1KuB+ocjWWB/KEDiOVL19nHvbPCB6fhWnkykXEMJ4HHcKvjtvg==" }, "@aws-cdk/aws-servicecatalogappregistry-alpha": { - "version": "2.115.0-alpha.0", - "resolved": "https://registry.npmjs.org/@aws-cdk/aws-servicecatalogappregistry-alpha/-/aws-servicecatalogappregistry-alpha-2.115.0-alpha.0.tgz", - "integrity": "sha512-Xy5TzxghGYj6MEFBJ6bMbgNMpONtR6yN6sLlAndlGc/p2EyYThUS+UIGp6DoIYN+PVSBecZ4yy0JjNjhlePDAA==", + "version": "2.146.0-alpha.0", + "resolved": "https://registry.npmjs.org/@aws-cdk/aws-servicecatalogappregistry-alpha/-/aws-servicecatalogappregistry-alpha-2.146.0-alpha.0.tgz", + "integrity": "sha512-Ji0HF6h+ytHsLqvkrG944CUSW5DwrI4VG1I6EBz5gVcP64TMG+zph3yqvwbEK5YTepUDxzX3qMT8MNbFaP3AIQ==", "requires": {} }, - "@aws-cdk/lambda-layer-kubectl-v23": { - "version": "2.0.8", - "resolved": "https://registry.npmjs.org/@aws-cdk/lambda-layer-kubectl-v23/-/lambda-layer-kubectl-v23-2.0.8.tgz", - "integrity": "sha512-egSftvjCVB9JHxNAtGLs8g1vMS2JYd+2NX51K9EqrjF2ew9FcsQFy9KGJVGpfMuyIe2GQBY6hX+VeeFw5R2JDQ==", + "@aws-cdk/lambda-layer-kubectl-v29": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/@aws-cdk/lambda-layer-kubectl-v29/-/lambda-layer-kubectl-v29-2.0.0.tgz", + "integrity": "sha512-X6RKZPcPGkYSp9/AhiNtEL7Vz2I77qCdbr5XGtqFeIyw/620Qo2ZIRFr2AjWfGEj81gvcwUbVW5lZ6+EqqyqlA==", "requires": {} }, "@aws-crypto/crc32": { @@ -10150,31 +10158,32 @@ "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==" }, "aws-cdk": { - "version": "2.115.0", - "resolved": "https://registry.npmjs.org/aws-cdk/-/aws-cdk-2.115.0.tgz", - "integrity": "sha512-jf+5j+ygk/DqxLzYyjFnCOOlRgvL/fwcYhyanhpb1OEQEe1FF6NGUb1TYsnQc3Ly67qLOKkQgdeyeXgzkKoSOQ==", + "version": "2.146.0", + "resolved": "https://registry.npmjs.org/aws-cdk/-/aws-cdk-2.146.0.tgz", + "integrity": "sha512-uLotAflIqQn8rskLC1r2NGNMaTwDgW8Vq016QiACmatIcp2n/hfNlwazg+hRlSzq2FwGda6Qht2aOlsGm0QcBw==", "dev": true, "requires": { "fsevents": "2.3.2" } }, "aws-cdk-lib": { - "version": "2.115.0", - "resolved": "https://registry.npmjs.org/aws-cdk-lib/-/aws-cdk-lib-2.115.0.tgz", - "integrity": "sha512-PGIwmjo9BcviKxuMfMlUCwevUjwXnaS5h8fxZOM6bN1HXCS/wIusft4tMmkiNYjPiNE1sHJbCDIbxxntCQ/7jg==", + "version": "2.146.0", + "resolved": "https://registry.npmjs.org/aws-cdk-lib/-/aws-cdk-lib-2.146.0.tgz", + "integrity": "sha512-W3F2zH+P7hUxmu2dlEKJBBi6Twc4//NsJJW00h2LN0dKU+2302QY8jR+P7jgEYzZ7U50phtH4zO6BPmJrhLVEg==", "requires": { - "@aws-cdk/asset-awscli-v1": "^2.2.201", + "@aws-cdk/asset-awscli-v1": "^2.2.202", "@aws-cdk/asset-kubectl-v20": "^2.1.2", - "@aws-cdk/asset-node-proxy-agent-v6": "^2.0.1", + "@aws-cdk/asset-node-proxy-agent-v6": "^2.0.3", "@balena/dockerignore": "^1.0.2", "case": "1.6.3", "fs-extra": "^11.2.0", - "ignore": "^5.3.0", + "ignore": "^5.3.1", "jsonschema": "^1.4.1", + "mime-types": "^2.1.35", "minimatch": "^3.1.2", "punycode": "^2.3.1", "semver": "^7.5.2", - "table": "^6.8.1", + "table": "^6.8.2", "yaml": "1.10.2" }, "dependencies": { @@ -10183,13 +10192,13 @@ "bundled": true }, "ajv": { - "version": "8.12.0", + "version": "8.16.0", "bundled": true, "requires": { - "fast-deep-equal": "^3.1.1", + "fast-deep-equal": "^3.1.3", "json-schema-traverse": "^1.0.0", "require-from-string": "^2.0.2", - "uri-js": "^4.2.2" + "uri-js": "^4.4.1" } }, "ansi-regex": { @@ -10260,7 +10269,7 @@ "bundled": true }, "ignore": { - "version": "5.3.0", + "version": "5.3.1", "bundled": true }, "is-fullwidth-code-point": { @@ -10287,11 +10296,15 @@ "version": "4.4.2", "bundled": true }, - "lru-cache": { - "version": "6.0.0", + "mime-db": { + "version": "1.52.0", + "bundled": true + }, + "mime-types": { + "version": "2.1.35", "bundled": true, "requires": { - "yallist": "^4.0.0" + "mime-db": "1.52.0" } }, "minimatch": { @@ -10310,11 +10323,8 @@ "bundled": true }, "semver": { - "version": "7.5.4", - "bundled": true, - "requires": { - "lru-cache": "^6.0.0" - } + "version": "7.6.2", + "bundled": true }, "slice-ansi": { "version": "4.0.0", @@ -10342,7 +10352,7 @@ } }, "table": { - "version": "6.8.1", + "version": "6.8.2", "bundled": true, "requires": { "ajv": "^8.0.1", @@ -10363,10 +10373,6 @@ "punycode": "^2.1.0" } }, - "yallist": { - "version": "4.0.0", - "bundled": true - }, "yaml": { "version": "1.10.2", "bundled": true @@ -10501,12 +10507,12 @@ } }, "braces": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", - "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz", + "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==", "dev": true, "requires": { - "fill-range": "^7.0.1" + "fill-range": "^7.1.1" } }, "browserslist": { @@ -11219,9 +11225,9 @@ } }, "fill-range": { - "version": "7.0.1", - "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", - "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==", + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", + "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==", "dev": true, "requires": { "to-regex-range": "^5.0.1" @@ -11255,7 +11261,7 @@ }, "follow-redirects": { "version": "1.15.6", - "resolved": "https://packages.atlassian.com/api/npm/npm-remote/follow-redirects/-/follow-redirects-1.15.6.tgz", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.6.tgz", "integrity": "sha512-wWN62YITEaOpSK584EZXJafH1AGpO8RVgElfkuXbTOrPX4fIfOyEpW/CsiNd8JdYrAoOvafRTOEnvsO++qCqFA==" }, "form-data": { diff --git a/source/package.json b/source/package.json index c0fc843..b566a70 100644 --- a/source/package.json +++ b/source/package.json @@ -1,7 +1,11 @@ { "name": "scalable-analytics-using-apache-druid-on-aws", - "version": "1.0.0", + "version": "1.0.1", "description": "Scalable Analytics using Apache Druid on AWS solution", + "author": { + "name": "Amazon Web Services", + "url": "https://aws.amazon.com/solutions" + }, "license": "Apache-2.0", "bin": { "druid-infra": "bin/druid-infra.js" @@ -25,7 +29,7 @@ "@types/uuid": "^9.0.1", "@typescript-eslint/eslint-plugin": "^6.2.1", "@typescript-eslint/parser": "^6.2.1", - "aws-cdk": "^2.115.0", + "aws-cdk": "^2.146.0", "aws-sdk-client-mock": "^3.0.0", "esbuild": "^0.18.15", "eslint": "^8.35.0", @@ -41,15 +45,15 @@ "typescript": "^5.1.6" }, "dependencies": { - "@aws-cdk/aws-servicecatalogappregistry-alpha": "^2.115.0-alpha.0", - "@aws-cdk/lambda-layer-kubectl-v23": "^2.0.3", + "@aws-cdk/aws-servicecatalogappregistry-alpha": "^2.146.0-alpha.0", + "@aws-cdk/lambda-layer-kubectl-v29": "^2.0.0", "@aws-sdk/client-elastic-load-balancing-v2": "^3.477.0", "@aws-sdk/client-route-53": "^3.477.0", "@aws-sdk/client-secrets-manager": "^3.477.0", "@aws-sdk/client-service-catalog-appregistry": "^3.477.0", "@types/mustache": "^4.2.2", "ajv": "^8.12.0", - "aws-cdk-lib": "^2.115.0", + "aws-cdk-lib": "^2.146.0", "axios": "^1.3.5", "constructs": "^10.3.0", "cron-parser": "^4.8.1",