Merge branch 'develop' into gh-7-ui-release

README.md

@@ -13,6 +13,7 @@ If you have an interest in using Kai in production, please watch this repository
  * `npm run watch`   watch for changes and compile
  * `npm run lint`    run the eslint style checking
  * `npm run test`    perform the jest unit tests
+ * `npm run e2e`     run end to end jest integration tests
  * `cdk deploy`      deploy this stack to your default AWS account/region
  * `cdk diff`        compare deployed stack with current state
  * `cdk synth`       emits the synthesized CloudFormation template

infrastructure/bin/kai.ts

@@ -26,10 +26,15 @@ const dev = {
     region: process.env.CDK_DEFAULT_REGION 
 };
 
+let stackName: string = app.node.tryGetContext("stackName");
+if (!stackName) {
+    stackName = "KaiStack";
+}
+
 // Main Stack
-new AppStack(app, "KaiStack", {
+new AppStack(app, stackName, {
     env: dev,
-    stackName: "KaiStack"
+    stackName: stackName
 });
 
 // Tags

infrastructure/jest.config.js

@@ -1,5 +1,6 @@
 module.exports = {
   roots: ['<rootDir>/test'],
+  runner: "groups",
   testMatch: ['**/*.test.ts'],
   transform: {
     '^.+\\.tsx?$': 'ts-jest'

infrastructure/lib/authentication/user-pool.ts

@@ -62,6 +62,16 @@ export class KaiUserPool extends cdk.Construct {
 
             this._userPoolClient = this._userPool.addClient(KaiUserPool._userPoolClientId, userPoolClientProps);
         }
+
+        /* Add a custom output containing the User Pool Id */
+        new cdk.CfnOutput(this, "KaiUserPoolId", {
+            value: this.userPoolId
+        });
+
+        /* Add a custom output containing the User Pool Client Id */
+        new cdk.CfnOutput(this, "KaiUserPoolClientId", {
+            value: this.userPoolClientId
+        });
     }
 
     public get userPoolArn(): string {

infrastructure/lib/platform/graph-platform.ts

@@ -111,9 +111,14 @@ export class GraphPlatForm extends cdk.Construct {
                 }
             }
         });
+
+        /* Add a custom output containing the cluster name */
+        new cdk.CfnOutput(this, "KaiEksClusterName", {
+            value: this.eksCluster.clusterName
+        });
     }
 
     public get eksCluster(): eks.Cluster {
         return this._eksCluster;
     }
-}
+}

infrastructure/lib/rest-api/lambdas/add_graph_request.py

@@ -20,20 +20,20 @@ def handler(event, context):
     request_body = json.loads(event["body"])
 
     # Check request is valid
-    graph_name = request_body["graphName"]
-    schema = request_body["schema"]
-
-    if not is_graph_name_valid(graph_name):
+    if "graphName" not in request_body or not is_graph_name_valid(request_body["graphName"]):
         return {
             "statusCode": 400,
             "body": "graphName is a required field which must made up of alphanumeric characters"
         }
-    if schema is None:
+    if "schema" not in request_body or request_body["schema"] is None:
         return {
             "statusCode": 400,
             "body": "schema is a required field"
         }
 
+    graph_name = request_body["graphName"]
+    schema = request_body["schema"]
+
     # Get variables from env
     queue_url = os.getenv("sqs_queue_url")
 

infrastructure/lib/rest-api/lambdas/delete_graph_request.py

@@ -22,15 +22,22 @@ def handler(event, context):
 
     if graph_name is None:
         return {
-            statusCode: 400,
-            body: "graphName is a required field"
+            "statusCode": 400,
+            "body": "graphName is a required field"
         }
 
-    requesting_user = user.get_requesting_cognito_user(event)
-    if not user.is_authorized(requesting_user, graph_name):
+    try:
+        graph_record = graph.get_graph(release_name)
+        requesting_user = user.get_requesting_cognito_user(event)
+        if requesting_user and not requesting_user in graph_record["administrators"]:
+            return {
+                "statusCode": 403,
+                "body": "User: {} is not authorized to delete graph: {}".format(requesting_user, graph_name)
+            }
+    except:
         return {
-            "statusCode": 403,
-            "body": "User: {} is not authorized to delete graph: {}".format(requesting_user, graph_name)
+            "statusCode": 400,
+            "body": "Graph " + graph_name + " does not exist. It may have already been deleted"
         }
 
     initial_status = "DELETION_QUEUED"

infrastructure/lib/rest-api/lambdas/get_graph_request.py

@@ -29,16 +29,17 @@ def handler(event, context):
             "body": json.dumps(graph.get_all_graphs(requesting_user))
         }
     else:
-        if not user.is_authorized(requesting_user, graph_name):
-            return {
-                "statusCode": 403,
-                "body": "User: {} is not authorized to retrieve graph: {}".format(requesting_user, graph_name)
-            }
-
         try:
+            graph_record = graph.get_graph(graph_name)
+            if requesting_user and not requesting_user in graph_record["administrators"]:
+                return {
+                    "statusCode": 403,
+                    "body": "User: {} is not authorized to retrieve graph: {}".format(requesting_user, graph_name)
+                }
+
             return {
                 "statusCode": 200,
-                "body": json.dumps(graph.get_graph(graph_name))
+                "body": json.dumps(graph_record)
             }
         except Exception as e:
             return {

infrastructure/lib/rest-api/lambdas/graph/__init__.py

@@ -31,7 +31,7 @@ def get_graph(self, graph_name):
         """
         response = self.table.get_item(
             Key={
-                "releaseName": format_graph_name(graph_name)
+                "releaseName": self.format_graph_name(graph_name)
             }
         )
         if "Item" in response:

infrastructure/lib/rest-api/lambdas/user/__init__.py

@@ -1,5 +1,4 @@
 import boto3
-from graph import Graph
 import os
 
 
@@ -8,7 +7,6 @@ class User:
     def __init__(self):
         self.cognito_client = boto3.client('cognito-idp')
         self.user_pool_id = os.getenv("user_pool_id")
-        self.graph = Graph()
 
     def valid_cognito_users(self, users):
         response = self.cognito_client.list_users(UserPoolId=self.user_pool_id)
@@ -28,14 +26,3 @@ def get_requesting_cognito_user(self, request):
             or "cognito:username" not in request["requestContext"]["authorizer"]["claims"]):
             return None
         return request["requestContext"]["authorizer"]["claims"]["cognito:username"]
-
-    def is_authorized(self, user, graphName):
-        # If Authenticated through AWS account treat as admin for all graphs
-        if (user is None):
-            return True
-        # Otherwise check the list of administrators configured on the graph
-        try:
-            graph_record = self.graph.get_graph(graphName)
-            return user in graph_record["administrators"]
-        except Exception as e:
-            return False