Merge pull request #26 from aws-solutions/release/v1.8.4

Updated to version v1.8.4

CHANGELOG.md

@@ -1,10 +1,23 @@
 # Change Log
+
 All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [1.8.4] - 2023-08-07
+
+### Changed
+
+- Refactored code to reduce complexity
+- Upgraded requests to mitigate CVE-2023-32681
+- Upgraded semver to mitigate  CVE-2022-25883
+- Upgraded cryptography
+
 ## [1.8.3] - 2023-04-18
+
 ### Changed
+
 - Fixed S3 logging bucket setting
 - Fixed missing userName in codecommit event when pushes are made by assumed role credentials
 - Upgraded Werkzeug to mitigate CVE-2023-25577
@@ -14,30 +27,44 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Upgraded Athena engine version 3
 
 ## [1.8.2] - 2023-01-13
+
 ### Security
+
 - Upgrade JSON5 to mitigate CVE-2022-46175
 - Upgrade certifi to mitigate CVE-2022-23491
 
 ## [1.8.1] - 2022-12-05
+
 ### Added
+
 - Added Application Registry
+
 ### Changed
+
 - Upgraded node 14 to 16
 
 ## [1.8.0] - 2022-10-31
+
 ### Added
+
 - Added multi-account multi-region data ingestion
 - Added tag filter for AWS CodeCommit, CodeBuild and CodePipeline
 
 ## [1.5.0] - 2022-04-19
+
 ### Added
+
 - Added GitHub integration - GitHub activity metric for push events
 - Added Mean Time to Recovery (MTTR) metric for Code Pipeline
 
 ## [1.1.0] - 2021-06-16
+
 ### Added
+
 - Metrics visualization for codebuild and codepipeline Events.
 
 ## [1.0.0] - 2021-03-22
+
 ### Added
+
 - Initial version

CONTRIBUTING.md

@@ -56,7 +56,6 @@ If you discover a potential security issue in this project we ask that you notif
 
 
 ## Licensing
-
 See the [LICENSE](https://github.com/aws-solutions/aws-devops-monitoring-dashboard/blob/main/LICENSE.txt) file for our project's licensing. We will ask you to confirm the licensing of your contribution.
 
 We may ask you to sign a [Contributor License Agreement (CLA)](http://en.wikipedia.org/wiki/Contributor_License_Agreement) for larger changes.

NOTICE.txt

@@ -1,5 +1,11 @@
+DevOps Monitoring Dashboard on AWS 
+
 Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-SPDX-License-Identifier: Apache-2.0
+Licensed under the Apache License Version 2.0 (the "License"). You may not use this file except
+in compliance with the License. A copy of the License is located at http://www.apache.org/licenses/
+or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied. See the License for the
+specific language governing permissions and limitations under the License.
 
 **********************
 THIRD PARTY COMPONENTS
@@ -73,3 +79,18 @@ tomli under the Massachusetts Institute of Technology (MIT) license
 types-toml under the Apache License Version 2.0
 Werkzeug under the BSD 3-Clause "New" or "Revised" License
 xmltodict under the Massachusetts Institute of Technology (MIT) license
+awscli under the Apache License Version 2.0
+colorama under the BSD 3-Clause "New" or "Revised" License
+docutils under the Massachusetts Institute of Technology (MIT) license
+pyasn1 under the BSD License (BSD-2-Clause)
+rsa under the Apache License Version 2.0
+@aws-cdk/aws-glue-alpha under the Apache License Version 2.0
+@aws-cdk/aws-synthetics-alpha under the Apache License Version 2.0
+@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3 under the Apache License Version 2.0
+@aws-solutions-constructs/aws-eventbridge-lambda under the Apache License Version 2.0
+@aws-solutions-constructs/aws-kinesisfirehose-s3 under the Apache License Version 2.0
+@aws-solutions-constructs/core under the Apache License Version 2.0
+@aws-cdk/aws-synthetics-alpha under the Apache License Version 2.0
+aws-cdk-lib under the Apache License Version 2.0
+constructs under the Apache License Version 2.0
+

deployment/cdk-solution-helper/package.json

@@ -1,4 +1,10 @@
 {
     "name": "cdk-solution-helper",
-    "version": "0.1.0"
+    "version": "0.1.0",
+    "description": "CDK solution helper to build zip files for lambda functions",
+    "author": {
+        "name": "Amazon Web Services",
+        "url": "https://aws.amazon.com/solutions"
+    },
+    "license": "Apache-2.0"
 }

deployment/run-unit-tests.sh

@@ -173,6 +173,7 @@ run_cdk_project_test "CDK - DevOps Monitoring Dashboard on AWS"
 # echo "[Test] Lambda Tests"
 # echo "------------------------------------------------------------------------------"
 run_python_lambda_test quicksight-custom-resources "Quicksight - Custom Resources"
+run_python_lambda_test solution_helper "Solution Helper Lambda"
 run_javascript_lambda_test event_parser "Lambda transformation of Source Data"
 run_javascript_lambda_test query_runner "Build Athena Queries"
 run_javascript_lambda_test multi_account_custom_resources "Multiple Account Custom Resources"

source/lambda/event_parser/codecommit_events.js

@@ -9,80 +9,32 @@ const LOGGER = new (require('./lib/logger'))();
  * Transform AWS CloudWatch events from AWS CodeCommit
  */
 
-let TransformCodeCommitEvents = (data, recordNumber) => {
+let transformCodeCommitEvents = (data, recordNumber) => {
   LOGGER.log('INFO', 'Start transforming CodeCommit CW Event ' + recordNumber.toString());
 
   let detailData = {};
   let requestParametersData = {};
-  let responseElementsData = {};
   let transformedRecord = {};
   let transformedDetail = {};
 
   //Process event data
   for (let key in data) {
     //Keep all key values that are not under detail tag as they are common in all cloudwatch events
     if (key !== 'detail') {
-      if (!transformedRecord.hasOwnProperty(key)) {
-        if (key !== 'detail-type') transformedRecord[key] = data[key];
-        //rename key detail-type to detail_type to support athena query
-        else transformedRecord['detail_type'] = data[key];
-      }
+      transformedRecord = getCWEventCommonData(key, data, transformedRecord);
     }
     //process key values under detail tag that are specific only for this event
     else {
       detailData = data['detail'];
-      if (detailData.hasOwnProperty('eventName')) transformedDetail['eventName'] = detailData['eventName'];
-
-      //process commits made from command line git commands
-      if (detailData.hasOwnProperty('userIdentity') && detailData['userIdentity'] != null) {
-        let userIdentity = detailData['userIdentity'];
-        if (userIdentity['userName'] != null) transformedDetail['authorName'] = userIdentity['userName'];
-        //Fix missing userName in codecommit event when pushes are made by assumed role credentials
-        else if (userIdentity['sessionContext']['sessionIssuer']['userName'] != null)
-          transformedDetail['authorName'] = userIdentity['sessionContext']['sessionIssuer']['userName'];
-        else if (userIdentity['principalId'] != null)
-          transformedDetail['authorName'] = userIdentity['principalId'].split(':')[1];
-      }
-
-      //process commits made from aws codecommit console
-      if (detailData.hasOwnProperty('requestParameters') && detailData['requestParameters'] != null) {
-        requestParametersData = detailData['requestParameters'];
-        if (requestParametersData.hasOwnProperty('repositoryName'))
-          transformedDetail['repositoryName'] = requestParametersData['repositoryName'];
-        if (requestParametersData.hasOwnProperty('branchName'))
-          transformedDetail['branchName'] = requestParametersData['branchName'];
-        if (requestParametersData.hasOwnProperty('name'))
-          transformedDetail['authorName'] = requestParametersData['name'];
-        if (requestParametersData.hasOwnProperty('commitId'))
-          transformedDetail['commitId'] = requestParametersData['commitId'];
-      }
-      // If requestParameters is not found in source data,  stop further processing but return empty json object to drop this record
-      else {
-        return {};
-      }
-
-      //process commits made from aws codecommit console
-      if (detailData.hasOwnProperty('responseElements') && detailData['responseElements'] != null) {
-        responseElementsData = detailData['responseElements'];
-        if (!transformedDetail.hasOwnProperty('commitId') && responseElementsData.hasOwnProperty('commitId'))
-          transformedDetail['commitId'] = responseElementsData['commitId'];
-      }
-
-      //process commits made from command line git commands
-      if (Object.keys(requestParametersData).length > 0 && requestParametersData.hasOwnProperty('references')) {
-        let references = requestParametersData['references'][0];
-        if (references.hasOwnProperty('commit') && !transformedDetail.hasOwnProperty('commitId'))
-          transformedDetail['commitId'] = references['commit'];
-        if (references.hasOwnProperty('ref') && !transformedDetail.hasOwnProperty('branchName'))
-          transformedDetail['branchName'] = references['ref'].split('/').pop();
-      }
-
-      //process commits made from command line git commands
-      if (detailData.hasOwnProperty('additionalEventData')) {
-        let additionalEventData = detailData['additionalEventData'];
-        if (additionalEventData.hasOwnProperty('repositoryName') && !transformedDetail.hasOwnProperty('repositoryName'))
-          transformedDetail['repositoryName'] = additionalEventData['repositoryName'];
-      }
+      transformedDetail = getEventName(detailData, transformedDetail);
+      transformedDetail = getCommandLineGitCommitData(detailData, transformedDetail);
+      const consoleGitCommitData = getCodeCommitConsoleGitCommitData(detailData, transformedDetail, requestParametersData);
+      // If empty json object is found, stop further processing but return empty json object to drop this record
+      if (Object.keys(consoleGitCommitData[0]).length === 0) return {};
+      requestParametersData = consoleGitCommitData[0];
+      transformedDetail = consoleGitCommitData[1];
+      transformedDetail = getCodeCommitConsoleCommitID(detailData, transformedDetail);
+      transformedDetail = getCommandLineGitCommitAdditionalData(detailData, transformedDetail, requestParametersData);
 
       // if no commit Id (possibly due to codecommit error or other reasons), return empty json object to drop this record
       if (!transformedDetail.hasOwnProperty('commitId')) {
@@ -99,6 +51,117 @@ let TransformCodeCommitEvents = (data, recordNumber) => {
   return transformedRecord;
 };
 
+/**
+ * Keep all key values that are not under detail tag as they are common in all cloudwatch events
+ * @param {string} key - key in the CodeCommit CloudWatch raw event
+ * @param {json} data - CodeCommit CloudWatch raw event
+ * @param {json} transformedRecord - Transformed CodeCommit record
+ */
+const getCWEventCommonData = (key, data, transformedRecord) => {
+  if (!transformedRecord.hasOwnProperty(key)) {
+    if (key !== 'detail-type') transformedRecord[key] = data[key];
+    //rename key detail-type to detail_type to support athena query
+    else transformedRecord['detail_type'] = data[key];
+  }
+
+  return transformedRecord;
+};
+
+/**
+ * Get eventName from CodeCommit CloudWatch raw event data under detail key
+ * @param {json} detailData - CodeCommit CloudWatch raw event data under detail key
+ * @param {json} transformedDetail - Transformed CodeCommit record under detail key
+ */
+const getEventName = (detailData, transformedDetail) => {
+  if (detailData.hasOwnProperty('eventName')) transformedDetail['eventName'] = detailData['eventName'];
+
+  return transformedDetail;
+};
+
+/**
+ * Process commits made from command line git commands
+ * @param {json} detailData - CodeCommit CloudWatch raw event data under detail key
+ * @param {json} transformedDetail - Transformed CodeCommit record under detail key
+ */
+const getCommandLineGitCommitData = (detailData, transformedDetail) => {
+  if (!detailData['userIdentity']) return transformedDetail;
+
+  let userIdentity = detailData['userIdentity'];
+  if (userIdentity['userName'] != null) transformedDetail['authorName'] = userIdentity['userName'];
+  //Fix missing userName in codecommit event when pushes are made by assumed role credentials
+  else if (userIdentity['sessionContext']['sessionIssuer']['userName'] != null)
+    transformedDetail['authorName'] = userIdentity['sessionContext']['sessionIssuer']['userName'];
+  else if (userIdentity['principalId'] != null)
+    transformedDetail['authorName'] = userIdentity['principalId'].split(':')[1];
+
+  return transformedDetail;
+};
+
+/**
+ * Process commits made from AWS CodeCommit console
+ * @param {json} detailData - CodeCommit CloudWatch raw event data under detail key
+ * @param {json} transformedDetail - Transformed CodeCommit record under detail key
+ * @param {json} requestParametersData - data under requestParameters key
+ */
+const getCodeCommitConsoleGitCommitData = (detailData, transformedDetail, requestParametersData) => {
+  if (detailData.hasOwnProperty('requestParameters') && detailData['requestParameters'] != null) {
+    requestParametersData = detailData['requestParameters'];
+    if (requestParametersData.hasOwnProperty('repositoryName'))
+      transformedDetail['repositoryName'] = requestParametersData['repositoryName'];
+    if (requestParametersData.hasOwnProperty('branchName'))
+      transformedDetail['branchName'] = requestParametersData['branchName'];
+    if (requestParametersData.hasOwnProperty('name'))
+      transformedDetail['authorName'] = requestParametersData['name'];
+    if (requestParametersData.hasOwnProperty('commitId'))
+      transformedDetail['commitId'] = requestParametersData['commitId'];
+    return [requestParametersData, transformedDetail]
+  }
+  // If requestParameters is not found in source data, return empty json object to drop this record
+  else {
+    return [{},{}];
+  }
+}
+
+
+/**
+ * Get commit id for git commit made from AWS CodeCommit console
+ * @param {json} detailData - CodeCommit CloudWatch raw event data under detail key
+ * @param {json} transformedDetail - Transformed CodeCommit record under detail key
+ * @param {json} requestParametersData - data under requestParameters key
+ */
+const getCodeCommitConsoleCommitID = (detailData, transformedDetail) => {
+   //process commits made from aws codecommit console
+   let responseElementsData = {}
+   if (detailData.hasOwnProperty('responseElements') && detailData['responseElements'] != null) {
+    responseElementsData = detailData['responseElements'];
+    if (!transformedDetail.hasOwnProperty('commitId') && responseElementsData.hasOwnProperty('commitId'))
+      transformedDetail['commitId'] = responseElementsData['commitId'];
+  }
+  return transformedDetail;
+};
+
+/**
+ * Extract additional data from commits made from command line git commands
+ * @param {json} detailData - CodeCommit CloudWatch raw event data under detail key
+ * @param {json} transformedDetail - Transformed CodeCommit record under detail key
+ * @param {json} requestParametersData - data under requestParameters key
+ */
+const getCommandLineGitCommitAdditionalData = (detailData, transformedDetail, requestParametersData) => {
+  if (Object.keys(requestParametersData).length > 0 && requestParametersData.hasOwnProperty('references')) {
+    let references = requestParametersData['references'][0];
+    if (references.hasOwnProperty('commit') && !transformedDetail.hasOwnProperty('commitId'))
+      transformedDetail['commitId'] = references['commit'];
+    if (references.hasOwnProperty('ref') && !transformedDetail.hasOwnProperty('branchName'))
+      transformedDetail['branchName'] = references['ref'].split('/').pop();
+  }
+  if (detailData.hasOwnProperty('additionalEventData')) {
+    let additionalEventData = detailData['additionalEventData'];
+    if (additionalEventData.hasOwnProperty('repositoryName') && !transformedDetail.hasOwnProperty('repositoryName'))
+      transformedDetail['repositoryName'] = additionalEventData['repositoryName'];
+  }
+  return transformedDetail;
+};
+
 module.exports = {
-  transformCodeCommitEvents: TransformCodeCommitEvents
+  transformCodeCommitEvents: transformCodeCommitEvents
 };