diff --git a/.github/workflows/add-untriaged.yml b/.github/workflows/add-untriaged.yml new file mode 100644 index 0000000..15b9a55 --- /dev/null +++ b/.github/workflows/add-untriaged.yml @@ -0,0 +1,19 @@ +name: Apply 'untriaged' label during issue lifecycle + +on: + issues: + types: [opened, reopened, transferred] + +jobs: + apply-label: + runs-on: ubuntu-latest + steps: + - uses: actions/github-script@v6 + with: + script: | + github.rest.issues.addLabels({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + labels: ['untriaged'] + }) diff --git a/.github/workflows/cdk-ci-test.yml b/.github/workflows/cdk-ci-test.yml index 25de2e1..1e476a6 100644 --- a/.github/workflows/cdk-ci-test.yml +++ b/.github/workflows/cdk-ci-test.yml @@ -19,4 +19,4 @@ jobs: ./gradlew clean build cd infrastructure npm install - npm test + npm test -- --coverage diff --git a/.github/workflows/java-ci-test.yml b/.github/workflows/java-ci-test.yml index 0ad2f67..83db5a4 100644 --- a/.github/workflows/java-ci-test.yml +++ b/.github/workflows/java-ci-test.yml @@ -23,4 +23,4 @@ jobs: - name: Run build and test run: | - ./gradlew clean build \ No newline at end of file + ./gradlew clean build diff --git a/infrastructure/lib/constructs/lambda.ts b/infrastructure/lib/constructs/lambda.ts index efe83dd..15aa78e 100644 --- a/infrastructure/lib/constructs/lambda.ts +++ b/infrastructure/lib/constructs/lambda.ts @@ -6,7 +6,7 @@ import {ISecurityGroup, IVpc, SubnetType} from "aws-cdk-lib/aws-ec2"; import { IRole } from "aws-cdk-lib/aws-iam"; export class OpenSearchLambdaProps { - readonly lambdaNameBase: string; // Component name cannot be longer then 22, so base should be shorter than 20 + readonly lambdaNameBase: string; readonly lambdaZipPath: string; readonly handler: string; readonly vpc?: IVpc; @@ -34,7 +34,7 @@ export class OpenSearchLambda extends Construct { handler: props.handler, timeout: Duration.minutes(15), runtime: Runtime.JAVA_17, - tracing: Tracing.ACTIVE, // enable X-RAY + tracing: Tracing.ACTIVE, memorySize: 1024, description: `Generated on: ${resourceGenerationTime}`, functionName: `${props.lambdaNameBase}Lambda`, diff --git a/infrastructure/lib/constructs/opensearchNginxProxyCognito.ts b/infrastructure/lib/constructs/opensearchNginxProxyCognito.ts index 4cd6a6f..23912ea 100644 --- a/infrastructure/lib/constructs/opensearchNginxProxyCognito.ts +++ b/infrastructure/lib/constructs/opensearchNginxProxyCognito.ts @@ -16,7 +16,7 @@ import { Vpc, MachineImage } from 'aws-cdk-lib/aws-ec2'; -import { Effect, ManagedPolicy, PolicyStatement, Role, ServicePrincipal } from 'aws-cdk-lib/aws-iam'; +import { ManagedPolicy, Role, ServicePrincipal } from 'aws-cdk-lib/aws-iam'; import {Aspects, CfnOutput, Duration, Tag, Tags} from 'aws-cdk-lib'; import { Construct } from 'constructs'; import { @@ -27,7 +27,6 @@ import Project from "../enums/project"; import {ARecord, RecordTarget} from "aws-cdk-lib/aws-route53"; import {LoadBalancerTarget} from "aws-cdk-lib/aws-route53-targets"; import {OpenSearchHealthRoute53} from "../stacks/route53"; -import {StringParameter} from "aws-cdk-lib/aws-ssm"; export interface NginxProps { diff --git a/infrastructure/lib/stacks/opensearch.ts b/infrastructure/lib/stacks/opensearch.ts index 4e85b75..1554251 100644 --- a/infrastructure/lib/stacks/opensearch.ts +++ b/infrastructure/lib/stacks/opensearch.ts @@ -128,7 +128,6 @@ export class OpenSearchDomainStack extends Stack { this.domain = new opensearch.Domain(this, 'OpenSearchHealthDomain', { version: opensearch.EngineVersion.OPENSEARCH_2_11, vpc: props.vpcStack.vpc, - // vpcSubnets: [props.vpcStack.subnets], vpcSubnets: [this.props.vpcStack.subnets], securityGroups: props.vpcStack.securityGroup ? [props.vpcStack.securityGroup] : undefined, domainName: this.opensearchDomainConfig.domainName, diff --git a/infrastructure/lib/stacks/opensearchNginxProxyReadonly.ts b/infrastructure/lib/stacks/opensearchNginxProxyReadonly.ts index 71dde5f..e7ee7bc 100644 --- a/infrastructure/lib/stacks/opensearchNginxProxyReadonly.ts +++ b/infrastructure/lib/stacks/opensearchNginxProxyReadonly.ts @@ -89,7 +89,7 @@ export class OpenSearchMetricsNginxReadonly extends Stack { vpc, allowAllOutbound: true, }); - albSecurityGroup.addIngressRule(Peer.prefixList(Project.RESTRICTED_PREFIX), Port.tcp(443)); + albSecurityGroup.addIngressRule(Peer.anyIpv4(), Port.tcp(443), "Allow HTTPS 443 Access"); const openSearchApplicationLoadBalancer = new ApplicationLoadBalancer(this, 'OpenSearchMetricsReadonly-NginxProxyAlb', { loadBalancerName: "OpenSearchMetricsReadonly", diff --git a/infrastructure/test/hostedzone-stack.test.ts b/infrastructure/test/hostedzone-stack.test.ts index b1ab6f1..ffed60a 100644 --- a/infrastructure/test/hostedzone-stack.test.ts +++ b/infrastructure/test/hostedzone-stack.test.ts @@ -34,4 +34,4 @@ test('HostedZoneCognito Stack Test', () => { hostedZoneCognitoStackTemplate.hasResourceProperties('AWS::CertificateManager::Certificate', { "DomainName": "metrics.login.opensearch.org" }); -}); \ No newline at end of file +}); diff --git a/infrastructure/test/nginx.test.ts b/infrastructure/test/nginx.test.ts index e161fbe..835b2d0 100644 --- a/infrastructure/test/nginx.test.ts +++ b/infrastructure/test/nginx.test.ts @@ -60,7 +60,7 @@ test('OpenSearchMetricsNginxReadonly Stack Test', () => { "SecurityGroupIngress": [ { "CidrIp": "0.0.0.0/0", - "Description": "Allow from anyone on port 443", + "Description": "Allow HTTPS 443 Access", "FromPort": 443, "IpProtocol": "tcp", "ToPort": 443