Merge pull request #530 from aws-solutions/release/v2.1.9

update to v2.1.9

CHANGELOG.md

@@ -5,6 +5,17 @@ All notable changes to this project are documented in this file.
 Based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.1.9] - 2024-6-24
+
+### Fixed
+
+- Security [vulnerability](https://github.com/advisories/GHSA-3h5v-q93c-6h6q) in `ws`.
+- Add better logging if individual accounts aggregator supplied when cross account discovery mode is `AWS_ORGANIZATIONS`. [529](https://github.com/aws-solutions/workload-discovery-on-aws/issues/529)
+
+### Changed
+
+- Removed dev environment CDK build pipeline
+
 ## [2.1.8] - 2024-6-13
 
 ### Fixed

README.md

@@ -1,4 +1,4 @@
-# Workload Discovery on AWS (v2.1.8)
+# Workload Discovery on AWS (v2.1.9)
 
 Workload Discovery on AWS is a tool that quickly visualizes AWS Cloud workloads as architecture diagrams. 
 You can use the solution to build, customize, and share detailed workload visualizations based on live data from AWS. 

deployment/build-open-source-dist.sh

@@ -43,6 +43,7 @@ gitzip -d $dist_dir/$1.zip \
       -x "codescan-*.sh" \
       -x "buildspec.yml" \
       -x ".viperlight*" \
+      -x "source/infrastructure" \
       -x "sonar-project.properties" \
       -x "solution-manifest.yaml" \
       -x ".nightswatch/*" \

source/backend/discovery/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wd-discovery",
-  "version": "2.1.8",
+  "version": "2.1.9",
   "description": "This contains the code that forms the discovery process for AWS Perspective.",
   "main": "index.js",
   "scripts": {

source/backend/discovery/src/index.js

@@ -3,10 +3,11 @@
 
 const logger = require('./lib/logger');
 const config = require('./lib/config');
-const {DISCOVERY_PROCESS_RUNNING} = require('./lib/constants')
+const {DISCOVERY_PROCESS_RUNNING, AWS_ORGANIZATIONS} = require('./lib/constants')
 const awsClient = require('./lib/awsClient');
 const appSync = require('./lib/apiClient/appSync');
 const {discoverResources} = require('./lib');
+const {AggregatorNotFoundError, OrgAggregatorValidationError} = require("./lib/errors");
 
 const discover = async () => {
   logger.profile('Discovery of resources complete.');
@@ -24,9 +25,17 @@ const discover = async () => {
 };
 
 discover().catch(err => {
-  logger.error('Error in Discovery process.', {
-      msg: err.message,
-      stack: err.stack
-  });
-  process.exit(1);
+    if(err instanceof AggregatorNotFoundError) {
+        logger.error(`${err.message}. Ensure the name of the supplied aggregator is correct.`);
+    } else if(err instanceof OrgAggregatorValidationError) {
+        logger.error(`${err.message}. You cannot use an individual accounts aggregator when cross account discovery is set to ${AWS_ORGANIZATIONS}.`, {
+            aggregator: err.aggregator
+        });
+    } else {
+        logger.error('Unexpected error in Discovery process.', {
+            msg: err.message,
+            stack: err.stack
+        });
+    }
+    process.exit(1);
 });

source/backend/discovery/src/lib/intialisation.js

@@ -4,7 +4,9 @@
 const R = require("ramda");
 const logger = require('./logger');
 const {createApiClient} = require("./apiClient");
+const {AggregatorNotFoundError, OrgAggregatorValidationError} = require('./errors');
 const {
+    AWS_ORGANIZATIONS,
     ECS,
     WORKLOAD_DISCOVERY_TASKGROUP,
     TASK_DEFINITION,
@@ -26,9 +28,22 @@ async function isDiscoveryEcsTaskRunning (ecsClient, taskDefinitionArn, {cluster
     return tasks.length > 1;
 }
 
+async function validateOrgAggregator(configServiceClient, aggregatorName) {
+    return configServiceClient.getConfigAggregator(aggregatorName)
+        .catch(err => {
+            if(err.name === 'NoSuchConfigurationAggregatorException') {
+                throw new AggregatorNotFoundError(aggregatorName)
+            }
+            throw err;
+        })
+        .then(aggregator => {
+            if(aggregator.OrganizationAggregationSource == null) throw new OrgAggregatorValidationError(aggregator);
+        });
+}
+
 async function initialise(awsClient, appSync, config) {
     logger.info('Initialising discovery process');
-    const {region, rootAccountId} = config;
+    const {region, rootAccountId, configAggregator: configAggregatorName, crossAccountDiscovery} = config;
 
     const stsClient = awsClient.createStsClient();
 
@@ -43,6 +58,10 @@ async function initialise(awsClient, appSync, config) {
 
     const configServiceClient = awsClient.createConfigServiceClient(credentials, region);
 
+    if(crossAccountDiscovery === AWS_ORGANIZATIONS) {
+        await validateOrgAggregator(configServiceClient, configAggregatorName);
+    }
+
     const appSyncClient = appSync({...config, creds: credentials});
     const apiClient = createApiClient(awsClient, appSyncClient, config);
 

source/backend/discovery/test/initialisation.js

@@ -3,6 +3,8 @@
 
 const {assert} = require('chai');
 const {initialise} = require('../src/lib/intialisation');
+const {AWS_ORGANIZATIONS} = require("../src/lib/constants");
+const {AggregatorNotFoundError, OrgAggregatorValidationError} = require("../src/lib/errors");
 
 describe('initialisation', () => {
     const ACCOUNT_X = 'xxxxxxxxxxxx';
@@ -63,7 +65,8 @@ describe('initialisation', () => {
         const defaultConfig = {
             region: EU_WEST_1,
             rootAccountId: ACCOUNT_X,
-            cluster: 'testCluster'
+            cluster: 'testCluster',
+            configAggregator: 'configAggregator'
         };
 
         it('should throw if another copy of the ECS task is running', async () => {
@@ -82,6 +85,50 @@ describe('initialisation', () => {
                 .catch(err => assert.strictEqual(err.message, 'Discovery process ECS task is already running in cluster.'));
         });
 
+        it('should throw AggregatorNotFoundError if config aggregator does not exist in AWS organization', async () => {
+            const mockAwsClient = {
+                createConfigServiceClient() {
+                    return {
+                        async getConfigAggregator() {
+                            const error = new Error();
+                            error.name = 'NoSuchConfigurationAggregatorException';
+                            throw error;
+                        }
+                    }
+                }
+            };
+
+            return initialise({...defaultMockAwsClient, ...mockAwsClient}, defaultAppSync, {...defaultConfig, crossAccountDiscovery: AWS_ORGANIZATIONS})
+                .then(() => {
+                    throw new Error('Expected error not thrown.');
+                })
+                .catch(err => {
+                    assert.instanceOf(err, AggregatorNotFoundError);
+                    assert.strictEqual(err.message, `Aggregator ${defaultConfig.configAggregator} was not found`);
+                });
+        });
+
+        it('should throw OrgAggregatorValidationError if config aggregator is not org wide in AWS organization mode', async () => {
+            const mockAwsClient = {
+                createConfigServiceClient() {
+                    return {
+                        async getConfigAggregator() {
+                            return {};
+                        }
+                    }
+                }
+            };
+
+            return initialise({...defaultMockAwsClient, ...mockAwsClient}, defaultAppSync, {...defaultConfig, crossAccountDiscovery: AWS_ORGANIZATIONS})
+                .then(() => {
+                    throw new Error('Expected error not thrown.');
+                })
+                .catch(err => {
+                    assert.instanceOf(err, OrgAggregatorValidationError);
+                    assert.strictEqual(err.message, 'Config aggregator is not an organization wide aggregator');
+                });
+        });
+
     });
 
 });

source/backend/discovery/test/mocks/agents/GetAccountsOrgsEmpty.js

@@ -20,6 +20,6 @@ client.intercept({
 })
     .reply(200, {data: {
             getAccounts: []
-        }});
+        }}).persist();
 
 module.exports = agent;

source/backend/functions/account-import-templates-api/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wd-import-templates",
-  "version": "2.1.8",
+  "version": "2.1.9",
   "description": "Lambda function that serves cfn templates for account and region importing",
   "main": "index.js",
   "scripts": {

source/backend/functions/cost-parser/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wd-cost",
-  "version": "2.1.8",
+  "version": "2.1.9",
   "description": "",
   "main": "index.js",
   "scripts": {

source/backend/functions/cur-notification/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wd-cur-notification",
-  "version": "2.1.8",
+  "version": "2.1.9",
   "description": "",
   "main": "index.js",
   "scripts": {

source/backend/functions/cur-setup/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wd-cur-setup",
-  "version": "2.1.8",
+  "version": "2.1.9",
   "description": "",
   "main": "index.js",
   "scripts": {