Merge pull request #9 from VerticalRelevance/5-move-input-validationc…

…onversion-into-control-broker-out-of-client-responsiblity 5 move input validationconversion into control broker out of client responsiblity
VerticalRelevance · May 5, 2022 · dac54cb · dac54cb
2 parents bb9675b + d935e2d
commit dac54cb
Show file tree

Hide file tree

Showing 25 changed files with 1,111 additions and 496 deletions.
diff --git a/app.py b/app.py
@@ -1,23 +1,23 @@
 #!/usr/bin/env python3
 import os
-from pathlib import Path
-from typing import List
 
 import aws_cdk as cdk
-from aws_cdk import aws_config, aws_stepfunctions
+from git import Repo
 
 from stacks.control_broker_stack import (
     ControlBrokerStack,
 )
 from stacks.pipeline_stack import GitHubCDKPipelineStack
 from stacks.test_stack import TestStack
-from stacks.client_stack import ClientStack
+from stacks.endpoint_stack import EndpointStack
+from utils.environment import is_pipeline_synth
 
-STACK_VERSION = "V0x6x3"
+STACK_VERSION = "V0x7x0"
 
 app = cdk.App()
-continuously_deployed = app.node.try_get_context(
-    "control-broker/continuous-deployment/enabled"
+continuously_deployed = (
+    app.node.try_get_context("control-broker/continuous-deployment/enabled")
+    or is_pipeline_synth()
 )
 deploy_stage = None
 if continuously_deployed:
@@ -39,26 +39,31 @@
         f"ControlBrokerTestStack{STACK_VERSION}",
         control_broker_outer_state_machine=control_broker_stack.outer_eval_engine_state_machine,
         control_broker_roles=control_broker_stack.Input_reader_roles,
-        env=env
+        env=env,
     )
 if app.node.try_get_context("control-broker/client/enabled"):
-    ClientStack(
+    EndpointStack(
         deploy_stage or app,
-        f"ControlBrokerClientStack{STACK_VERSION}",
+        f"ControlBrokerEndpointStack{STACK_VERSION}",
         control_broker_outer_state_machine=control_broker_stack.outer_eval_engine_state_machine,
         control_broker_roles=control_broker_stack.Input_reader_roles,
         control_broker_eval_results_bucket=control_broker_stack.eval_results_reports_bucket,
-        env=env
+        env=env,
     )
 
 if continuously_deployed:
+    try:
+        current_branch = Repo().active_branch.name
+    except TypeError:
+        current_branch = None
     pipeline_stack = GitHubCDKPipelineStack(
         app,
         "ControlBrokerCICDDeployment",
         env=env,
         **app.node.try_get_context(
             "control-broker/continuous-deployment/github-config"
         ),
+        github_repo_branch=current_branch
     )
     pipeline_stack.pipeline.add_stage(deploy_stage)
 app.synth()
diff --git a/cdk.json b/cdk.json
@@ -26,14 +26,12 @@
       "aws"
     ],
     "performance-testing-example-template": "supplementary_files/ExampleStack.template.json",
-    "control-broker/config-rule/enabled": true,
     "control-broker/continuous-deployment/enabled": false,
     "control-broker/continuous-deployment/github-config": {
       "github_repo_name": "control-broker",
-      "github_repo_owner": "VerticalRelevance",
-      "github_repo_branch": "main"
+      "github_repo_owner": "VerticalRelevance"
     },
-    "control-broker/post-deployment-testing/enabled": true,
+    "control-broker/post-deployment-testing/enabled": false,
     "control-broker/client/enabled": true,
     "control-broker/secret-config/secrets-manager-secret-id": "control-broker/secret-config"
   }

diff --git a/docs/open_api/.openapi-generator-ignore b/docs/open_api/.openapi-generator-ignore
@@ -0,0 +1,23 @@
+# OpenAPI Generator Ignore
+# Generated by openapi-generator https://github.com/openapitools/openapi-generator
+
+# Use this file to prevent files from being overwritten by the generator.
+# The patterns follow closely to .gitignore or .dockerignore.
+
+# As an example, the C# client generator defines ApiClient.cs.
+# You can make changes and tell OpenAPI Generator to ignore just this file by uncommenting the following line:
+#ApiClient.cs
+
+# You can match any string of characters against a directory, file or extension with a single asterisk (*):
+#foo/*/qux
+# The above matches foo/bar/qux and foo/baz/qux, but not foo/bar/baz/qux
+
+# You can recursively match patterns against a directory, file or extension with a double asterisk (**):
+#foo/**/qux
+# This matches foo/bar/qux, foo/baz/qux, and foo/bar/baz/qux
+
+# You can also negate patterns with an exclamation (!).
+# For example, you can ignore all files in a docs folder with the file extension .md:
+#docs/*.md
+# Then explicitly reverse the ignore rule for a single file:
+#!docs/README.md
diff --git a/docs/open_api/.openapi-generator/FILES b/docs/open_api/.openapi-generator/FILES
@@ -0,0 +1,2 @@
+.openapi-generator-ignore
+README.md
diff --git a/docs/open_api/.openapi-generator/VERSION b/docs/open_api/.openapi-generator/VERSION
@@ -0,0 +1 @@
+5.4.0
diff --git a/docs/open_api/README.md b/docs/open_api/README.md
@@ -0,0 +1,2 @@
+# OpenAPI JSON
+This is a OpenAPI JSON built by the [openapi-generator](https://github.com/openapitools/openapi-genreator) project.
diff --git a/docs/open_api/openapi.json b/docs/open_api/openapi.json
@@ -0,0 +1,103 @@
+{
+  "openapi" : "3.0.1",
+  "info" : {
+    "title" : "ControlBrokerEndpoint",
+    "version" : "2022-05-05 12:19:57UTC"
+  },
+  "servers" : [ {
+    "url" : "https://v8i28ze8df.execute-api.us-east-1.amazonaws.com/{basePath}",
+    "variables" : {
+      "basePath" : { }
+    }
+  } ],
+  "tags" : [ {
+    "name" : "aws:cloudformation:stack-id",
+    "x-amazon-apigateway-tag-value" : "arn:aws:cloudformation:us-east-1:446960196218:stack/ControlBrokerEndpointStackV0x7x0/0cfbb700-cc6c-11ec-bc72-0e5c5ed49289"
+  }, {
+    "name" : "aws:cloudformation:stack-name",
+    "x-amazon-apigateway-tag-value" : "ControlBrokerEndpointStackV0x7x0"
+  }, {
+    "name" : "aws:cloudformation:logical-id",
+    "x-amazon-apigateway-tag-value" : "ControlBrokerEndpoint7427912C"
+  } ],
+  "paths" : {
+    "/" : {
+      "post" : {
+        "responses" : {
+          "200": {
+            "description": "Control Broker response",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/ControlBrokerRequestStatus"
+                }
+              }
+            }
+          },
+        },
+        "security" : [ {
+          "ControlBrokerClientAuthorizer" : [ ]
+        } ],
+        "x-amazon-apigateway-integration" : {
+          "payloadFormatVersion" : "2.0",
+          "type" : "aws_proxy",
+          "httpMethod" : "POST",
+          "uri" : "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:446960196218:function:ControlBrokerEndpointStackV-InvokedByApigwFD5B66D0-Kmorz6WfyJpc/invocations",
+          "connectionType" : "INTERNET"
+        }
+      }
+    }
+  },
+  "components" : {
+    "schemas" : {
+      "ControlBrokerConsumerInputs" : {
+        "properties":{
+          "InputType": {
+            "type":"string"
+          },
+          "Bucket": {
+            "type":"string"
+          },
+          "InputKeys": {
+            "type":"array"
+          },
+          "ConsumerMetadata": {
+            "type":"object"
+          }
+        }
+      },
+      "ControlBrokerRequestStatus": {
+        "properties":{
+          "RequestorIsAuthorized": {
+            "type":"boolean"
+          },
+          "EvalEngineHasReadAccessToinputs": {
+            "type":"boolean"
+          },
+          "ResultsReportS3Uri": {
+            "type":"string"
+          },
+          "EvalEngineSfnExecutionArn": {
+            "type":"string"
+          }
+        }
+      }
+    },
+    "securitySchemes" : {
+      "ControlBrokerClientAuthorizer" : {
+        "in" : "header",
+        "name" : "Authorization",
+        "type" : "apiKey",
+        "x-amazon-apigateway-authorizer" : {
+          "identitySource" : "$request.header.Authorization",
+          "authorizerUri" : "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:446960196218:function:ControlBrokerEndpointStac-ControlBrokerClientAutho-aNRC35BFIV3W/invocations",
+          "authorizerPayloadFormatVersion" : "2.0",
+          "authorizerResultTtlInSeconds" : 0,
+          "type" : "request",
+          "enableSimpleResponses" : true
+        }
+      }
+    }
+  },
+  "x-amazon-apigateway-importexport-version" : "1.0"
+}
diff --git a/docs/open_api/openapitools.json b/docs/open_api/openapitools.json
@@ -0,0 +1,7 @@
+{
+  "$schema": "./node_modules/@openapitools/openapi-generator-cli/config.schema.json",
+  "spaces": 2,
+  "generator-cli": {
+    "version": "5.4.0"
+  }
+}
diff --git a/docs/open_api/stage-definition.yaml b/docs/open_api/stage-definition.yaml
@@ -0,0 +1,44 @@
+openapi: "3.0.1"
+info:
+  title: "ControlBrokerEndpoint"
+  version: "2022-05-05 12:19:57UTC"
+servers:
+- url: "https://v8i28ze8df.execute-api.us-east-1.amazonaws.com/{basePath}"
+  variables:
+    basePath:
+      default: ""
+tags:
+- name: "aws:cloudformation:stack-id"
+  x-amazon-apigateway-tag-value: "arn:aws:cloudformation:us-east-1:446960196218:stack/ControlBrokerEndpointStackV0x7x0/0cfbb700-cc6c-11ec-bc72-0e5c5ed49289"
+- name: "aws:cloudformation:stack-name"
+  x-amazon-apigateway-tag-value: "ControlBrokerEndpointStackV0x7x0"
+- name: "aws:cloudformation:logical-id"
+  x-amazon-apigateway-tag-value: "ControlBrokerEndpoint7427912C"
+paths:
+  /:
+    post:
+      responses:
+        default:
+          description: "Default response for POST /"
+      security:
+      - ControlBrokerClientAuthorizer: []
+      x-amazon-apigateway-integration:
+        payloadFormatVersion: "2.0"
+        type: "aws_proxy"
+        httpMethod: "POST"
+        uri: "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:446960196218:function:ControlBrokerEndpointStackV-InvokedByApigwFD5B66D0-Kmorz6WfyJpc/invocations"
+        connectionType: "INTERNET"
+components:
+  securitySchemes:
+    ControlBrokerClientAuthorizer:
+      type: "apiKey"
+      name: "Authorization"
+      in: "header"
+      x-amazon-apigateway-authorizer:
+        identitySource: "$request.header.Authorization"
+        authorizerUri: "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:446960196218:function:ControlBrokerEndpointStac-ControlBrokerClientAutho-aNRC35BFIV3W/invocations"
+        authorizerPayloadFormatVersion: "2.0"
+        authorizerResultTtlInSeconds: 0
+        type: "request"
+        enableSimpleResponses: true
+x-amazon-apigateway-importexport-version: "1.0"
diff --git a/requirements.txt b/requirements.txt
@@ -17,6 +17,8 @@ constructs==10.0.119
 decorator==5.1.1
 exceptiongroup==1.0.0rc3
 executing==0.8.3
+gitdb==4.0.9
+GitPython==3.1.27
 iniconfig==1.1.1
 ipdb==0.13.9
 ipython==8.2.0
@@ -44,11 +46,12 @@ python-dateutil==2.8.2
 pytz-deprecation-shim==0.1.0.post0
 s3transfer==0.5.2
 six==1.16.0
+smmap==5.0.0
 stack-data==0.2.0
 toml==0.10.2
 tomli==2.0.1
 traitlets==5.1.1
-typing_extensions==4.2.0
+typing-extensions==4.2.0
 tzdata==2022.1
 tzlocal==4.2
 urllib3==1.26.9