From 52d8dffa6e10866f77ee965d913342168ece8a3d Mon Sep 17 00:00:00 2001 From: Nikki <17799906+nikki-t@users.noreply.github.com> Date: Tue, 10 Jun 2025 14:20:11 -0400 Subject: [PATCH 1/6] Deploy Airflow DAGs after OGC API deployment is complete --- terraform-unity/.terraform.lock.hcl | 20 +++++++ terraform-unity/main.tf | 25 ++++---- .../data.tf | 2 + .../locals.tf | 1 + .../main.tf | 17 +++++- .../variables.tf | 18 ++++++ terraform-unity/variables.tf | 18 ++++++ utils/post_deployment_terraform.sh | 58 +++++++++++++++++++ 8 files changed, 147 insertions(+), 12 deletions(-) create mode 100755 utils/post_deployment_terraform.sh diff --git a/terraform-unity/.terraform.lock.hcl b/terraform-unity/.terraform.lock.hcl index 0a1591ca..8f9f50ae 100644 --- a/terraform-unity/.terraform.lock.hcl +++ b/terraform-unity/.terraform.lock.hcl @@ -88,6 +88,26 @@ provider "registry.terraform.io/hashicorp/kubernetes" { ] } +provider "registry.terraform.io/hashicorp/local" { + version = "2.5.3" + constraints = ">= 2.5.1" + hashes = [ + "h1:MCzg+hs1/ZQ32u56VzJMWP9ONRQPAAqAjuHuzbyshvI=", + "zh:284d4b5b572eacd456e605e94372f740f6de27b71b4e1fd49b63745d8ecd4927", + "zh:40d9dfc9c549e406b5aab73c023aa485633c1b6b730c933d7bcc2fa67fd1ae6e", + "zh:6243509bb208656eb9dc17d3c525c89acdd27f08def427a0dce22d5db90a4c8b", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:885d85869f927853b6fe330e235cd03c337ac3b933b0d9ae827ec32fa1fdcdbf", + "zh:bab66af51039bdfcccf85b25fe562cbba2f54f6b3812202f4873ade834ec201d", + "zh:c505ff1bf9442a889ac7dca3ac05a8ee6f852e0118dd9a61796a2f6ff4837f09", + "zh:d36c0b5770841ddb6eaf0499ba3de48e5d4fc99f4829b6ab66b0fab59b1aaf4f", + "zh:ddb6a407c7f3ec63efb4dad5f948b54f7f4434ee1a2607a49680d494b1776fe1", + "zh:e0dafdd4500bec23d3ff221e3a9b60621c5273e5df867bc59ef6b7e41f5c91f6", + "zh:ece8742fd2882a8fc9d6efd20e2590010d43db386b920b2a9c220cfecc18de47", + "zh:f4c6b3eb8f39105004cf720e202f04f57e3578441cfb76ca27611139bc116a82", + ] +} + provider "registry.terraform.io/hashicorp/null" { version = "3.2.3" constraints = ">= 3.2.2, 3.2.3" diff --git a/terraform-unity/main.tf b/terraform-unity/main.tf index 3bbe9d0b..3db6059e 100644 --- a/terraform-unity/main.tf +++ b/terraform-unity/main.tf @@ -84,16 +84,19 @@ module "unity-sps-ogc-processes-api" { docker_images = var.ogc_processes_docker_images dag_catalog_repo = var.dag_catalog_repo karpenter_node_pools = module.unity-sps-karpenter-node-config.karpenter_node_pools + unity_client_id = var.unity_client_id + unity_password = var.unity_password + unity_username = var.unity_username } -# module "unity-sps-initiators" { -# source = "./modules/terraform-unity-sps-initiators" -# project = var.project -# venue = var.venue -# service_area = var.service_area -# release = var.release -# airflow_api_url_ssm_param = module.unity-sps-airflow.airflow_urls["rest_api"].ssm_param_id -# airflow_webserver_username = var.airflow_webserver_username -# airflow_webserver_password = var.airflow_webserver_password -# ogc_processes_api_url_ssm_param = module.unity-sps-ogc-processes-api.ogc_processes_urls["rest_api"].ssm_param_id -# } +module "unity-sps-initiators" { + source = "./modules/terraform-unity-sps-initiators" + project = var.project + venue = var.venue + service_area = var.service_area + release = var.release + airflow_api_url_ssm_param = module.unity-sps-airflow.airflow_urls["rest_api"].ssm_param_id + airflow_webserver_username = var.airflow_webserver_username + airflow_webserver_password = var.airflow_webserver_password + ogc_processes_api_url_ssm_param = module.unity-sps-ogc-processes-api.ogc_processes_urls["rest_api"].ssm_param_id +} diff --git a/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/data.tf b/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/data.tf index 53a96be5..cad21008 100644 --- a/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/data.tf +++ b/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/data.tf @@ -100,3 +100,5 @@ data "aws_security_groups" "venue_proxy_sg" { Service = "U-CS" } } + +data "aws_region" "current" {} \ No newline at end of file diff --git a/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/locals.tf b/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/locals.tf index 42a50002..8402c200 100644 --- a/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/locals.tf +++ b/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/locals.tf @@ -14,4 +14,5 @@ locals { Stack = "" } load_balancer_port = 5001 + region = data.aws_region.current.name } diff --git a/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/main.tf b/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/main.tf index 5b17108c..0dd0c3c7 100644 --- a/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/main.tf +++ b/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/main.tf @@ -456,7 +456,7 @@ resource "aws_ssm_parameter" "ogc_processes_api_health_check_endpoint" { description = "The URL of the OGC Processes REST API." type = "String" value = jsonencode({ - "componentCategory": "processing" + "componentCategory" : "processing" "componentName" : "OGC API" "componentType" : "api" "description" : "A standards-compliant programming interface for Application deployment, job execution and job tracking. May be used to execute jobs in batches." @@ -509,3 +509,18 @@ resource "aws_lambda_invocation" "unity_proxy_lambda_invocation" { ])) } } + +resource "null_resource" "register_ogc_processes" { + provisioner "local-exec" { + command = "./post_deployment_terraform.sh" + working_dir = "${path.module}/../../../utils" + environment = { + OGC_PROCESSES_API = nonsensitive(aws_ssm_parameter.ogc_processes_api_url.value) + TOKEN_URL = "https://cognito-idp.${local.region}.amazonaws.com" + UNITY_CLIENTID = var.unity_client_id + UNITY_PASSWORD = var.unity_password + UNITY_USERNAME = var.unity_username + } + } + depends_on = [aws_api_gateway_deployment.ogc-api-gateway-deployment, aws_ssm_parameter.ogc_processes_api_url] +} \ No newline at end of file diff --git a/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/variables.tf b/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/variables.tf index 30fdaf23..d03be082 100644 --- a/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/variables.tf +++ b/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/variables.tf @@ -79,3 +79,21 @@ variable "karpenter_node_pools" { description = "Names of the Karpenter node pools" type = list(string) } + +variable "unity_client_id" { + description = "Client ID for AWS Cognito deployment" + type = string + default = "" +} + +variable "unity_password" { + description = "Cognito password for AWS Cognito deployment" + type = string + default = "" +} + +variable "unity_username" { + description = "Cognito username for AWS Cognito deployment" + type = string + default = "" +} \ No newline at end of file diff --git a/terraform-unity/variables.tf b/terraform-unity/variables.tf index b19414bd..bcb82fc5 100644 --- a/terraform-unity/variables.tf +++ b/terraform-unity/variables.tf @@ -367,3 +367,21 @@ variable "installprefix" { type = string default = "" } + +variable "unity_client_id" { + description = "Client ID for AWS Cognito deployment" + type = string + default = "" +} + +variable "unity_password" { + description = "Cognito password for AWS Cognito deployment" + type = string + default = "" +} + +variable "unity_username" { + description = "Cognito username for AWS Cognito deployment" + type = string + default = "" +} \ No newline at end of file diff --git a/utils/post_deployment_terraform.sh b/utils/post_deployment_terraform.sh new file mode 100755 index 00000000..281e9cbd --- /dev/null +++ b/utils/post_deployment_terraform.sh @@ -0,0 +1,58 @@ +#!/bin/bash +#set -ex + +# Script to execute post-deployment operations. +# Pre-Requisites: +# - SPS has been deployed successfully to a given venue +# - The user has valid Cognito credentials for the target venue + +# Syntax: +# cd unity-sps/utils +# export UNITY_USERNAME="....." +# export UNITY_PASSWORD="....." +# export UNITY_CLIENTID="...." +# export OGC_PROCESSES_API=https://.........execute-api.us-west-2.amazonaws.com/dev/ogc/api (NO trailing slash!) +# export TOKEN_URL=https://cognito-idp.{region}.amazonaws.com (where region is the AWS region executing in) + +# Remove trailing slash from API URL if present +OGC_PROCESSES_API="${OGC_PROCESSES_API%/}" + +# Retrieve limited-lifetime token +echo "Fetching Cognito token..." +payload="{\"AuthParameters\":{\"USERNAME\":\"$UNITY_USERNAME\",\"PASSWORD\":\"$UNITY_PASSWORD\"},\"AuthFlow\":\"USER_PASSWORD_AUTH\",\"ClientId\":\"$UNITY_CLIENTID\"}" + +token_response=$(curl -X POST \ + -H "X-Amz-Target: AWSCognitoIdentityProviderService.InitiateAuth" \ + -H "Content-Type: application/x-amz-json-1.1" \ + --data $payload \ + $TOKEN_URL) + +token=$(echo $token_response | jq -r '.AuthenticationResult.AccessToken') +echo "Cognito token retrieved." + +# list of processes to be registered +declare -a procs=("cwl_dag.json" "karpenter_test.json" "appgen_dag.json" "cwl_dag_modular.json" "db_cleanup_dag.json") + +for proc in "${procs[@]}" +do + echo " " + proc_name=$(echo "$proc" | sed "s/.json//") + + # unregister process (in case it was already registered) + echo "Unregistering process: $proc_name" + curl -k -X DELETE \ + -H "Authorization: Bearer ${token}" \ + -H "Content-Type: application/json; charset=utf-8" \ + "${OGC_PROCESSES_API}/processes/${proc_name}" + + # register process + echo "Registering process: $proc_name" + curl -k -X POST \ + -H "Authorization: Bearer ${token}" \ + -H "Expect:" \ + -H "Content-Type: application/json; charset=utf-8" \ + --data-binary @"../ogc-application-packages/$proc" \ + "${OGC_PROCESSES_API}/processes" + echo " " + +done From 448c1d919ae7eefa0a79cfc7f4e9bf169d9aae66 Mon Sep 17 00:00:00 2001 From: Nikki <17799906+nikki-t@users.noreply.github.com> Date: Tue, 10 Jun 2025 15:01:45 -0400 Subject: [PATCH 2/6] Fix linting and formatting --- .../.terraform.lock.hcl | 19 +++++++++++++++++++ .../data.tf | 2 +- .../main.tf | 2 +- .../variables.tf | 2 +- terraform-unity/variables.tf | 2 +- 5 files changed, 23 insertions(+), 4 deletions(-) diff --git a/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/.terraform.lock.hcl b/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/.terraform.lock.hcl index 21363b30..470fca6d 100644 --- a/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/.terraform.lock.hcl +++ b/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/.terraform.lock.hcl @@ -44,6 +44,25 @@ provider "registry.terraform.io/hashicorp/kubernetes" { ] } +provider "registry.terraform.io/hashicorp/null" { + version = "3.2.4" + hashes = [ + "h1:L5V05xwp/Gto1leRryuesxjMfgZwjb7oool4WS1UEFQ=", + "zh:59f6b52ab4ff35739647f9509ee6d93d7c032985d9f8c6237d1f8a59471bbbe2", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:795c897119ff082133150121d39ff26cb5f89a730a2c8c26f3a9c1abf81a9c43", + "zh:7b9c7b16f118fbc2b05a983817b8ce2f86df125857966ad356353baf4bff5c0a", + "zh:85e33ab43e0e1726e5f97a874b8e24820b6565ff8076523cc2922ba671492991", + "zh:9d32ac3619cfc93eb3c4f423492a8e0f79db05fec58e449dee9b2d5873d5f69f", + "zh:9e15c3c9dd8e0d1e3731841d44c34571b6c97f5b95e8296a45318b94e5287a6e", + "zh:b4c2ab35d1b7696c30b64bf2c0f3a62329107bd1a9121ce70683dec58af19615", + "zh:c43723e8cc65bcdf5e0c92581dcbbdcbdcf18b8d2037406a5f2033b1e22de442", + "zh:ceb5495d9c31bfb299d246ab333f08c7fb0d67a4f82681fbf47f2a21c3e11ab5", + "zh:e171026b3659305c558d9804062762d168f50ba02b88b231d20ec99578a6233f", + "zh:ed0fe2acdb61330b01841fa790be00ec6beaac91d41f311fb8254f74eb6a711f", + ] +} + provider "registry.terraform.io/hashicorp/time" { version = "0.12.1" constraints = "0.12.1" diff --git a/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/data.tf b/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/data.tf index cad21008..7aa7e8a8 100644 --- a/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/data.tf +++ b/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/data.tf @@ -101,4 +101,4 @@ data "aws_security_groups" "venue_proxy_sg" { } } -data "aws_region" "current" {} \ No newline at end of file +data "aws_region" "current" {} diff --git a/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/main.tf b/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/main.tf index 0dd0c3c7..eff2e769 100644 --- a/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/main.tf +++ b/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/main.tf @@ -523,4 +523,4 @@ resource "null_resource" "register_ogc_processes" { } } depends_on = [aws_api_gateway_deployment.ogc-api-gateway-deployment, aws_ssm_parameter.ogc_processes_api_url] -} \ No newline at end of file +} diff --git a/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/variables.tf b/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/variables.tf index d03be082..fca48aa3 100644 --- a/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/variables.tf +++ b/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/variables.tf @@ -96,4 +96,4 @@ variable "unity_username" { description = "Cognito username for AWS Cognito deployment" type = string default = "" -} \ No newline at end of file +} diff --git a/terraform-unity/variables.tf b/terraform-unity/variables.tf index bcb82fc5..405dacef 100644 --- a/terraform-unity/variables.tf +++ b/terraform-unity/variables.tf @@ -384,4 +384,4 @@ variable "unity_username" { description = "Cognito username for AWS Cognito deployment" type = string default = "" -} \ No newline at end of file +} From 1e3b2459dd105978539803a4ba1648cae1a997ee Mon Sep 17 00:00:00 2001 From: Nikki <17799906+nikki-t@users.noreply.github.com> Date: Thu, 12 Jun 2025 16:12:04 -0400 Subject: [PATCH 3/6] Use SSM parameters to store Cognito credential data --- terraform-unity/main.tf | 3 --- .../data.tf | 12 ++++++++++++ .../main.tf | 6 +++--- .../variables.tf | 18 ------------------ terraform-unity/variables.tf | 18 ------------------ 5 files changed, 15 insertions(+), 42 deletions(-) diff --git a/terraform-unity/main.tf b/terraform-unity/main.tf index 3db6059e..62f09a6a 100644 --- a/terraform-unity/main.tf +++ b/terraform-unity/main.tf @@ -84,9 +84,6 @@ module "unity-sps-ogc-processes-api" { docker_images = var.ogc_processes_docker_images dag_catalog_repo = var.dag_catalog_repo karpenter_node_pools = module.unity-sps-karpenter-node-config.karpenter_node_pools - unity_client_id = var.unity_client_id - unity_password = var.unity_password - unity_username = var.unity_username } module "unity-sps-initiators" { diff --git a/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/data.tf b/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/data.tf index 7aa7e8a8..45f482d7 100644 --- a/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/data.tf +++ b/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/data.tf @@ -102,3 +102,15 @@ data "aws_security_groups" "venue_proxy_sg" { } data "aws_region" "current" {} + +data "aws_ssm_parameter" "unity_client_id" { + name = "/sps/processing/workflows/unity_client_id" +} + +data "aws_ssm_parameter" "unity_password" { + name = "/sps/processing/workflows/unity_password" +} + +data "aws_ssm_parameter" "unity_username" { + name = "/sps/processing/workflows/unity_username" +} diff --git a/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/main.tf b/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/main.tf index eff2e769..a96685df 100644 --- a/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/main.tf +++ b/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/main.tf @@ -517,9 +517,9 @@ resource "null_resource" "register_ogc_processes" { environment = { OGC_PROCESSES_API = nonsensitive(aws_ssm_parameter.ogc_processes_api_url.value) TOKEN_URL = "https://cognito-idp.${local.region}.amazonaws.com" - UNITY_CLIENTID = var.unity_client_id - UNITY_PASSWORD = var.unity_password - UNITY_USERNAME = var.unity_username + UNITY_CLIENTID = data.aws_ssm_parameter.unity_client_id + UNITY_PASSWORD = data.aws_ssm_parameter.unity_password + UNITY_USERNAME = data.aws_ssm_parameter.unity_username } } depends_on = [aws_api_gateway_deployment.ogc-api-gateway-deployment, aws_ssm_parameter.ogc_processes_api_url] diff --git a/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/variables.tf b/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/variables.tf index fca48aa3..30fdaf23 100644 --- a/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/variables.tf +++ b/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/variables.tf @@ -79,21 +79,3 @@ variable "karpenter_node_pools" { description = "Names of the Karpenter node pools" type = list(string) } - -variable "unity_client_id" { - description = "Client ID for AWS Cognito deployment" - type = string - default = "" -} - -variable "unity_password" { - description = "Cognito password for AWS Cognito deployment" - type = string - default = "" -} - -variable "unity_username" { - description = "Cognito username for AWS Cognito deployment" - type = string - default = "" -} diff --git a/terraform-unity/variables.tf b/terraform-unity/variables.tf index 405dacef..b19414bd 100644 --- a/terraform-unity/variables.tf +++ b/terraform-unity/variables.tf @@ -367,21 +367,3 @@ variable "installprefix" { type = string default = "" } - -variable "unity_client_id" { - description = "Client ID for AWS Cognito deployment" - type = string - default = "" -} - -variable "unity_password" { - description = "Cognito password for AWS Cognito deployment" - type = string - default = "" -} - -variable "unity_username" { - description = "Cognito username for AWS Cognito deployment" - type = string - default = "" -} From 3760c789b39b985c32bb8f129a22cfe9a3353758 Mon Sep 17 00:00:00 2001 From: Nikki <17799906+nikki-t@users.noreply.github.com> Date: Tue, 17 Jun 2025 09:48:35 -0400 Subject: [PATCH 4/6] Pull out SSM parameter values for unity credentials --- .../modules/terraform-unity-sps-ogc-processes-api/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/main.tf b/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/main.tf index a96685df..2d30c2e0 100644 --- a/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/main.tf +++ b/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/main.tf @@ -517,9 +517,9 @@ resource "null_resource" "register_ogc_processes" { environment = { OGC_PROCESSES_API = nonsensitive(aws_ssm_parameter.ogc_processes_api_url.value) TOKEN_URL = "https://cognito-idp.${local.region}.amazonaws.com" - UNITY_CLIENTID = data.aws_ssm_parameter.unity_client_id - UNITY_PASSWORD = data.aws_ssm_parameter.unity_password - UNITY_USERNAME = data.aws_ssm_parameter.unity_username + UNITY_CLIENTID = data.aws_ssm_parameter.unity_client_id.value + UNITY_PASSWORD = data.aws_ssm_parameter.unity_password.value + UNITY_USERNAME = data.aws_ssm_parameter.unity_username.value } } depends_on = [aws_api_gateway_deployment.ogc-api-gateway-deployment, aws_ssm_parameter.ogc_processes_api_url] From 4856a1037e5eaf13f13a0d1a1e0935b2a8d809b1 Mon Sep 17 00:00:00 2001 From: Nikki <17799906+nikki-t@users.noreply.github.com> Date: Fri, 20 Jun 2025 16:53:12 -0400 Subject: [PATCH 5/6] Poll OGC API status until API is available before deploying DAGs --- .../terraform-unity-sps-database/main.tf | 2 +- .../main.tf | 23 ++++++++++++--- utils/check_ogc_api_status.sh | 29 +++++++++++++++++++ 3 files changed, 49 insertions(+), 5 deletions(-) create mode 100755 utils/check_ogc_api_status.sh diff --git a/terraform-unity/modules/terraform-unity-sps-database/main.tf b/terraform-unity/modules/terraform-unity-sps-database/main.tf index 2f6cabf2..e14e2205 100644 --- a/terraform-unity/modules/terraform-unity-sps-database/main.tf +++ b/terraform-unity/modules/terraform-unity-sps-database/main.tf @@ -67,7 +67,7 @@ resource "aws_db_instance" "sps_db" { allocated_storage = 400 storage_type = "gp3" engine = "postgres" - engine_version = "16.4" + engine_version = "16.8" instance_class = "db.m5d.2xlarge" db_name = "sps_db" username = "db_user" diff --git a/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/main.tf b/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/main.tf index 2d30c2e0..cec6447f 100644 --- a/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/main.tf +++ b/terraform-unity/modules/terraform-unity-sps-ogc-processes-api/main.tf @@ -510,6 +510,21 @@ resource "aws_lambda_invocation" "unity_proxy_lambda_invocation" { } } +resource "null_resource" "check_ogc_api_status" { + provisioner "local-exec" { + command = "./check_ogc_api_status.sh" + working_dir = "${path.module}/../../../utils" + environment = { + OGC_PROCESSES_API = nonsensitive(aws_ssm_parameter.ogc_processes_api_url.value) + TOKEN_URL = "https://cognito-idp.${local.region}.amazonaws.com" + UNITY_CLIENTID = nonsensitive(data.aws_ssm_parameter.unity_client_id.value) + UNITY_PASSWORD = nonsensitive(data.aws_ssm_parameter.unity_password.value) + UNITY_USERNAME = nonsensitive(data.aws_ssm_parameter.unity_username.value) + } + } + depends_on = [aws_api_gateway_deployment.ogc-api-gateway-deployment, aws_ssm_parameter.ogc_processes_api_url] +} + resource "null_resource" "register_ogc_processes" { provisioner "local-exec" { command = "./post_deployment_terraform.sh" @@ -517,10 +532,10 @@ resource "null_resource" "register_ogc_processes" { environment = { OGC_PROCESSES_API = nonsensitive(aws_ssm_parameter.ogc_processes_api_url.value) TOKEN_URL = "https://cognito-idp.${local.region}.amazonaws.com" - UNITY_CLIENTID = data.aws_ssm_parameter.unity_client_id.value - UNITY_PASSWORD = data.aws_ssm_parameter.unity_password.value - UNITY_USERNAME = data.aws_ssm_parameter.unity_username.value + UNITY_CLIENTID = nonsensitive(data.aws_ssm_parameter.unity_client_id.value) + UNITY_PASSWORD = nonsensitive(data.aws_ssm_parameter.unity_password.value) + UNITY_USERNAME = nonsensitive(data.aws_ssm_parameter.unity_username.value) } } - depends_on = [aws_api_gateway_deployment.ogc-api-gateway-deployment, aws_ssm_parameter.ogc_processes_api_url] + depends_on = [null_resource.check_ogc_api_status] } diff --git a/utils/check_ogc_api_status.sh b/utils/check_ogc_api_status.sh new file mode 100755 index 00000000..be66f9b2 --- /dev/null +++ b/utils/check_ogc_api_status.sh @@ -0,0 +1,29 @@ +#!/bin/bash + +# Remove trailing slash from API URL if present +OGC_PROCESSES_API="${OGC_PROCESSES_API%/}" + +# Retrieve limited-lifetime token +echo "Fetching Cognito token..." +payload="{\"AuthParameters\":{\"USERNAME\":\"$UNITY_USERNAME\",\"PASSWORD\":\"$UNITY_PASSWORD\"},\"AuthFlow\":\"USER_PASSWORD_AUTH\",\"ClientId\":\"$UNITY_CLIENTID\"}" + +token_response=$(curl -X POST \ + -H "X-Amz-Target: AWSCognitoIdentityProviderService.InitiateAuth" \ + -H "Content-Type: application/x-amz-json-1.1" \ + --data $payload \ + $TOKEN_URL) + +token=$(echo $token_response | jq -r '.AuthenticationResult.AccessToken') +echo "Cognito token retrieved." + +# Poll onto OGC API is available +response=$(curl -k -X GET -H "Authorization: Bearer ${token}" "${OGC_PROCESSES_API}/processes") +echo $response +while [ "$response" != '{"processes":[],"links":[]}' ]; do + sleep 30 + response=$(curl -k -X GET -H "Authorization: Bearer ${token}" "${OGC_PROCESSES_API}/processes") + echo $response +done + +echo $response +exit 0 From 370bb1b43da802db117b4ba9addc99c4eb032a93 Mon Sep 17 00:00:00 2001 From: Luca Cinquini Date: Wed, 25 Jun 2025 04:19:02 -0600 Subject: [PATCH 6/6] Updating the script to wait for the OGC API to be ready --- utils/check_ogc_api_status.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/utils/check_ogc_api_status.sh b/utils/check_ogc_api_status.sh index be66f9b2..c647d481 100755 --- a/utils/check_ogc_api_status.sh +++ b/utils/check_ogc_api_status.sh @@ -2,6 +2,8 @@ # Remove trailing slash from API URL if present OGC_PROCESSES_API="${OGC_PROCESSES_API%/}" +echo $OGC_PROCESSES_API +echo $TOKEN_URL # Retrieve limited-lifetime token echo "Fetching Cognito token..." @@ -17,13 +19,11 @@ token=$(echo $token_response | jq -r '.AuthenticationResult.AccessToken') echo "Cognito token retrieved." # Poll onto OGC API is available -response=$(curl -k -X GET -H "Authorization: Bearer ${token}" "${OGC_PROCESSES_API}/processes") -echo $response -while [ "$response" != '{"processes":[],"links":[]}' ]; do - sleep 30 - response=$(curl -k -X GET -H "Authorization: Bearer ${token}" "${OGC_PROCESSES_API}/processes") - echo $response +response_status=0 +while [ $response_status -ne 200 ]; do + response_status=$(curl -s -o /dev/null -k -X GET -H "Authorization: Bearer ${token}" -w "%{http_code}" "${OGC_PROCESSES_API}/processes") + echo "response_status=$response_status" + sleep 10 done -echo $response exit 0