Seatool indexes and api authorization pattern #46
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mdial89f
reviewed
Jun 28, 2023
| @@ -69,7 +74,7 @@ functions: | |||
| region: ${self:provider.region} | |||
| events: | |||
| - http: | |||
| path: /seatool | |||
| path: /seatool/{stateCode} | |||
| method: get | |||
| cors: true | |||
| authorizer: aws_iam | |||
There was a problem hiding this comment.
@benjaminpaige I thought what you demo'd was using an authorizer, which would replace the aws_iam protection. Did I misunderstand? Either way this is great
mdial89f
approved these changes
Jun 28, 2023
mdial89f
added a commit
that referenced
this pull request
Jul 5, 2023
…able (#50) * add cognito * rm * correct some stuff * broken * updates * tee up amplify and configure it * tweak the ui start thing * yuttttttt * Functional login and out * 'fix' the data loader.... might want pk/sk instead * lets put some data in the base * enable iam for endpoints * CRUD CRUD CRUD * real crud, real real * cleanup * linting * cleanup * last one * last last one * accomodate cfn-nag * Until we have actual reference data, shutting this off. The structure of data we're posting breaks the api * cfn-nag fixes * checking in from today * trim horizon * batch size to the max, 10k * ok back to 1 * go back to latest * update role handling * trim horizon and batch * latest, 1 * update seatool-sink funciton * get user attributes * Fix to override the redirect login/out urls to localhost, when starting react locally * Fix dep vulnerabilities * Ignore low findings in dep review * Move playwright intsallation to the run command.. not sure if we want this * add tombstone deletes * on demand billing for our seatool table * batch of 1000, timeout of a min * hack * put back * TRIM HORIZON * move to a batch of 100, 2048 memory, and remove the await at the loop level * asdf * 10s timeout 1024 memory * view the data * Seatool indexes and api authorization pattern (#46) * update dynamo gsis and add lambda authenticator - wip * add api auth - wip * update types * remove authorizer * refactor * refactor more * refactor more more * update types * core * fix(disable user sign up): remove cognito sign up option - the test users remain (#47) * disable sign up * remove default from src * fix * fix(destroy functionality): Fix the issue where destroys fail due to ENIs and SG stuff (#48) * Retain the seatool lambda sg * workflow to cleanup * Asdf * test * test * test * test * test * test * test * test * test * test * test * test * test * test * test * test * test * test * test * fix triggers * feat(dns and certs): Add/fix capability to conditionally load a domain and associated cert (#49) * Clean up cert support * Fixes * getting consumer group ids * toggle complete * wait for groups to be inactive * works but super slow * bleh * functional * correct * asdf * asdf * cleanup --------- Co-authored-by: Benjamin Paige <[email protected]> Co-authored-by: 13bfrancis <[email protected]>
|
🎉 This PR is included in version 1.4.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Purpose
Linked Issues to Close
https://qmacbis.atlassian.net/browse/OY2-24470
Approach
There are two significant changes in this set. The first is an adjustment to the dynamo keys used to index the seatool table. (note: this will likely need to be readjusted in the future).
The table is designed to store data with multiple attributes such as ID, STATE_CODE, PLAN_TYPE, and SUBMISSION_DATE. The ID attribute is set as the primary key (think transmittal number).
This also includes several global secondary indexes that enable querying of the table based on different attributes or combinations of attributes.
Additionally, the getSeatoolData handler is updated to reflect these changes as well as adding authorization to the endpoint. When requests are made, the cognito user is obtained and the user attributes are compared to the request paramaters. If the user attributes for state_code do not contain the requested state code string, a 403 is returned from the api. The majority of this logic is handled in the auth lib in the api service.
Assorted Notes/Considerations/Learning
Before merging this is we will need to destroy the seatool service in the mako branch, merge in the changes, and then replay the events from the seatool state plan data stream to rehydrate the dynamo table.
also the e2e testing is commented out for now