-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Seatool indexes and api authorization pattern #46
Conversation
@@ -69,7 +74,7 @@ functions: | |||
region: ${self:provider.region} | |||
events: | |||
- http: | |||
path: /seatool | |||
path: /seatool/{stateCode} | |||
method: get | |||
cors: true | |||
authorizer: aws_iam |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@benjaminpaige I thought what you demo'd was using an authorizer, which would replace the aws_iam protection. Did I misunderstand? Either way this is great
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I left a question about auth type but non blocking. looks great to me!
…able (#50) * add cognito * rm * correct some stuff * broken * updates * tee up amplify and configure it * tweak the ui start thing * yuttttttt * Functional login and out * 'fix' the data loader.... might want pk/sk instead * lets put some data in the base * enable iam for endpoints * CRUD CRUD CRUD * real crud, real real * cleanup * linting * cleanup * last one * last last one * accomodate cfn-nag * Until we have actual reference data, shutting this off. The structure of data we're posting breaks the api * cfn-nag fixes * checking in from today * trim horizon * batch size to the max, 10k * ok back to 1 * go back to latest * update role handling * trim horizon and batch * latest, 1 * update seatool-sink funciton * get user attributes * Fix to override the redirect login/out urls to localhost, when starting react locally * Fix dep vulnerabilities * Ignore low findings in dep review * Move playwright intsallation to the run command.. not sure if we want this * add tombstone deletes * on demand billing for our seatool table * batch of 1000, timeout of a min * hack * put back * TRIM HORIZON * move to a batch of 100, 2048 memory, and remove the await at the loop level * asdf * 10s timeout 1024 memory * view the data * Seatool indexes and api authorization pattern (#46) * update dynamo gsis and add lambda authenticator - wip * add api auth - wip * update types * remove authorizer * refactor * refactor more * refactor more more * update types * core * fix(disable user sign up): remove cognito sign up option - the test users remain (#47) * disable sign up * remove default from src * fix * fix(destroy functionality): Fix the issue where destroys fail due to ENIs and SG stuff (#48) * Retain the seatool lambda sg * workflow to cleanup * Asdf * test * test * test * test * test * test * test * test * test * test * test * test * test * test * test * test * test * test * test * fix triggers * feat(dns and certs): Add/fix capability to conditionally load a domain and associated cert (#49) * Clean up cert support * Fixes * getting consumer group ids * toggle complete * wait for groups to be inactive * works but super slow * bleh * functional * correct * asdf * asdf * cleanup --------- Co-authored-by: Benjamin Paige <[email protected]> Co-authored-by: 13bfrancis <[email protected]>
🎉 This PR is included in version 1.4.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
Purpose
Linked Issues to Close
https://qmacbis.atlassian.net/browse/OY2-24470
Approach
There are two significant changes in this set. The first is an adjustment to the dynamo keys used to index the seatool table. (note: this will likely need to be readjusted in the future).
The table is designed to store data with multiple attributes such as ID, STATE_CODE, PLAN_TYPE, and SUBMISSION_DATE. The ID attribute is set as the primary key (think transmittal number).
This also includes several global secondary indexes that enable querying of the table based on different attributes or combinations of attributes.
Additionally, the getSeatoolData handler is updated to reflect these changes as well as adding authorization to the endpoint. When requests are made, the cognito user is obtained and the user attributes are compared to the request paramaters. If the user attributes for state_code do not contain the requested state code string, a 403 is returned from the api. The majority of this logic is handled in the auth lib in the api service.
Assorted Notes/Considerations/Learning
Before merging this is we will need to destroy the seatool service in the mako branch, merge in the changes, and then replay the events from the seatool state plan data stream to rehydrate the dynamo table.
also the e2e testing is commented out for now