CDK Nags mitigated. Fixed compilation issues

awslabs · Jun 28, 2024 · fd75f99 · fd75f99
1 parent 4a9d989
commit fd75f99
Showing 16 changed files with 721,518 additions and 241 deletions.
diff --git a/API.md b/API.md
diff --git a/assets/control-plane/tenant-config/tenant-config.lambda/index.js b/assets/control-plane/tenant-config/tenant-config.lambda/index.js
diff --git a/assets/control-plane/tenant-management/tenant-management.lambda/index.js b/assets/control-plane/tenant-management/tenant-management.lambda/index.js
diff --git a/src/control-plane/control-plane-api.ts b/src/control-plane/control-plane-api.ts
@@ -5,12 +5,11 @@ import * as cdk from 'aws-cdk-lib';
 import * as apigateway from 'aws-cdk-lib/aws-apigateway';
 import * as apigatewayV2 from 'aws-cdk-lib/aws-apigatewayv2';
 import * as apigatewayV2Authorizers from 'aws-cdk-lib/aws-apigatewayv2-authorizers';
-import { Function } from 'aws-cdk-lib/aws-lambda';
 import { LogGroup, RetentionDays } from 'aws-cdk-lib/aws-logs';
 import { NagSuppressions } from 'cdk-nag';
 import { Construct } from 'constructs';
-import { IAuth } from './auth/auth-interface';
 import { addTemplateTag } from '../utils';
+import { IAuth } from './auth/auth-interface';
 
 export interface ControlPlaneAPIProps {
   readonly auth: IAuth;
@@ -78,31 +77,5 @@ export class ControlPlaneAPI extends Construct {
         jwtAudience: props.auth.jwtAudience,
       }
     );
-
-    // const connection = new events.Connection(this, 'connection', {
-    //   authorization: events.Authorization.oauth({
-    //     authorizationEndpoint: props.auth.tokenEndpoint,
-    //     clientId: props.auth.machineClientId,
-    //     clientSecret: props.auth.machineClientSecret,
-    //     httpMethod: events.HttpMethod.POST,
-    //     bodyParameters: {
-    //       grant_type: events.HttpParameter.fromString('client_credentials'),
-    //       ...(props.auth.updateTenantScope && {
-    //         scope: events.HttpParameter.fromString(props.auth.updateTenantScope),
-    //       }),
-    //     },
-    //   }),
-    // });
-
-    // const putTenantAPIDestination = new events.ApiDestination(this, 'destination', {
-    //   connection: connection,
-    //   httpMethod: events.HttpMethod.PUT,
-    //   endpoint: `${this.api.url}${tenantsPath.substring(1)}/*`, // skip the first '/' in tenantIdPath
-    // });
-
-    // this.tenantUpdateServiceTarget = new targets.ApiDestination(putTenantAPIDestination, {
-    //   pathParameterValues: ['$.detail.tenantId'],
-    //   event: events.RuleTargetInput.fromEventPath('$.detail.tenantOutput'),
-    // });
   }
 }
diff --git a/src/control-plane/control-plane.ts b/src/control-plane/control-plane.ts
@@ -6,15 +6,12 @@ import { NagSuppressions } from 'cdk-nag';
 import { Construct } from 'constructs';
 import { IAuth } from './auth/auth-interface';
 import { CognitoAuth } from './auth/cognito-auth';
-import { IBilling, BillingProvider } from './billing';
+import { BillingProvider, IBilling } from './billing';
 import { ControlPlaneAPI } from './control-plane-api';
-// import { Services } from './services';
-// import { Tables } from './tables';
-// import { TenantConfigLambdas } from './tenant-config/tenant-config-service';
 import { DestroyPolicySetter } from '../cdk-aspect/destroy-policy-setter';
 import { addTemplateTag, EventManager, IEventManager } from '../utils';
-import { TenantManagementService } from './tenant-management/tenant-management.service';
 import { TenantConfigService } from './tenant-config/tenant-config.service';
+import { TenantManagementService } from './tenant-management/tenant-management.service';
 import { UserManagementService } from './user-management/user-management.service';
 
 export interface ControlPlaneProps {
@@ -126,23 +123,6 @@ export class ControlPlane extends Construct {
 
     this.controlPlaneAPIGatewayUrl = api.apiUrl;
 
-    // eventManager.addTargetToEvent(
-    //   this,
-    //   DetailType.PROVISION_SUCCESS,
-    //   api.tenantUpdateServiceTarget
-    // );
-
-    // eventManager.addTargetToEvent(
-    //   this,
-    //   DetailType.DEPROVISION_SUCCESS,
-    //   controlPlaneAPI.tenantUpdateServiceTarget
-    // );
-
-    // new cdk.CfnOutput(this, 'controlPlaneAPIGatewayUrl', {
-    //   value: controlPlaneAPI.apiUrl,
-    //   key: 'controlPlaneAPIGatewayUrl',
-    // });
-
     new cdk.CfnOutput(this, 'eventBridgeArn', {
       value: eventManager.busArn,
       key: 'eventBridgeArn',

diff --git a/src/control-plane/index.ts b/src/control-plane/index.ts
@@ -3,12 +3,12 @@
 
 export * from './auth/auth-interface';
 export * from './auth/cognito-auth';
+export * from './aws-marketplace/index';
+export * from './billing/index';
 export * from './control-plane-api';
 export * from './control-plane';
-export * from './models/tenant';
-export * from './services';
-export * from './tables';
-export * from './billing/index';
 export * from './ingestor-aggregator/index';
-export * from './tenant-config/tenant-config-service';
-export * from './aws-marketplace/index';
+export * from './models/tenant';
+export * from './tenant-config';
+export * from './tenant-management';
+export * from './user-management';
diff --git a/src/control-plane/tenant-config/index.ts b/src/control-plane/tenant-config/index.ts
@@ -0,0 +1,5 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+export * from './tenant-config-funcs';
+export * from './tenant-config.service';
diff --git a/...ane/tenant-config/tenant-config.lambda.ts → ...lane/tenant-config/tenant-config-funcs.ts b/...ane/tenant-config/tenant-config.lambda.ts → ...lane/tenant-config/tenant-config-funcs.ts
@@ -1,16 +1,16 @@
 // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
-import * as path from 'path';
 import * as lambda_python from '@aws-cdk/aws-lambda-python-alpha';
 import * as cdk from 'aws-cdk-lib';
 import { Table } from 'aws-cdk-lib/aws-dynamodb';
 import * as lambda from 'aws-cdk-lib/aws-lambda';
 import { NagSuppressions } from 'cdk-nag';
 import { Construct } from 'constructs';
+import * as path from 'path';
 import { addTemplateTag } from '../../utils';
 
-export interface TenantConfigServiceProps {
+export interface TenantConfigLambdasProps {
   readonly tenantDetails: Table;
   readonly tenantConfigIndexName: string;
   readonly tenantDetailsTenantNameColumn: string;
@@ -19,7 +19,7 @@ export interface TenantConfigServiceProps {
 
 export class TenantConfigLambdas extends Construct {
   public readonly tenantConfigFunction: lambda.Function;
-  constructor(scope: Construct, id: string, props: TenantConfigServiceProps) {
+  constructor(scope: Construct, id: string, props: TenantConfigLambdasProps) {
     super(scope, id);
     addTemplateTag(this, 'TenantConfigService');
 
@@ -77,7 +77,9 @@ export class TenantConfigLambdas extends Construct {
         {
           id: 'AwsSolutions-IAM5',
           reason: 'Index name(s) not known beforehand.',
-          appliesTo: [`Resource::<ControlPlanetablesstackTenantDetails78527218.Arn>/index/*`],
+          appliesTo: [
+            `Resource::<ControlPlanetenantManagementServicvestenantManagementTableTenantDetails974E95B8.Arn>/index/*`,
+          ],
         },
       ],
       true // applyToChildren = true, so that it applies to policies created for the role.

diff --git a/src/control-plane/tenant-config/tenant-config.service.ts b/src/control-plane/tenant-config/tenant-config.service.ts
@@ -1,15 +1,18 @@
-import { Construct } from 'constructs';
-import * as apigatewayV2 from 'aws-cdk-lib/aws-apigatewayv2';
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
 import * as cdk from 'aws-cdk-lib';
-import { Route, generateRoutes } from '../../utils';
+import * as apigatewayV2 from 'aws-cdk-lib/aws-apigatewayv2';
 import { HttpLambdaIntegration } from 'aws-cdk-lib/aws-apigatewayv2-integrations';
-import { TenantConfigLambdas } from './tenant-config.lambda';
-import { TenantManagementTable } from '../tenant-management/tenant-management.table';
 import { NagSuppressions } from 'cdk-nag';
+import { Construct } from 'constructs';
+import { IRoute, generateRoutes } from '../../utils';
+import { TenantManagementTable } from '../tenant-management/tenant-management.table';
+import { TenantConfigLambdas } from './tenant-config-funcs';
 
 export interface TenantConfigServiceProps {
-  api: apigatewayV2.HttpApi;
-  tenantManagementTable: TenantManagementTable;
+  readonly api: apigatewayV2.HttpApi;
+  readonly tenantManagementTable: TenantManagementTable;
 }
 export class TenantConfigService extends Construct {
   constructor(scope: Construct, id: string, props: TenantConfigServiceProps) {
@@ -27,7 +30,7 @@ export class TenantConfigService extends Construct {
       'tenantConfigServiceHttpLambdaIntegration',
       tenantConfigLambda.tenantConfigFunction
     );
-    const routes: Route[] = [
+    const routes: IRoute[] = [
       {
         path: tenantConfigPath,
         integration: tenantConfigServiceHttpLambdaIntegration,

diff --git a/src/control-plane/tenant-management/index.ts b/src/control-plane/tenant-management/index.ts
@@ -0,0 +1,6 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+export * from './tenant-management-funcs';
+export * from './tenant-management.service';
+export * from './tenant-management.table';
diff --git a/...nt-management/tenant-management.lambda.ts → ...ant-management/tenant-management-funcs.ts b/...nt-management/tenant-management.lambda.ts → ...ant-management/tenant-management-funcs.ts
@@ -1,13 +1,13 @@
 // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
-import * as path from 'path';
 import { PythonFunction } from '@aws-cdk/aws-lambda-python-alpha';
 import { Duration, Stack } from 'aws-cdk-lib';
-import { Role, ServicePrincipal, ManagedPolicy } from 'aws-cdk-lib/aws-iam';
-import { Runtime, LayerVersion, Function } from 'aws-cdk-lib/aws-lambda';
+import { ManagedPolicy, Role, ServicePrincipal } from 'aws-cdk-lib/aws-iam';
+import { Function, LayerVersion, Runtime } from 'aws-cdk-lib/aws-lambda';
 import { NagSuppressions } from 'cdk-nag';
 import { Construct } from 'constructs';
+import * as path from 'path';
 import { DetailType, IEventManager } from '../../utils';
 import { TenantManagementTable } from './tenant-management.table';
 
@@ -17,7 +17,7 @@ export interface ServicesProps {
 }
 
 export class TenantManagementLambda extends Construct {
-  tenantManagementFunction: Function;
+  tenantManagementFunc: Function;
 
   constructor(scope: Construct, id: string, props: ServicesProps) {
     super(scope, id);
@@ -45,7 +45,9 @@ export class TenantManagementLambda extends Construct {
         {
           id: 'AwsSolutions-IAM5',
           reason: 'Index name(s) not known beforehand.',
-          appliesTo: [`Resource::<ControlPlanetablesstackTenantDetails78527218.Arn>/index/*`],
+          appliesTo: [
+            `Resource::<ControlPlanetenantManagementServicvestenantManagementTableTenantDetails974E95B8.Arn>/index/*`,
+          ],
         },
         {
           id: 'AwsSolutions-IAM4',
@@ -67,7 +69,7 @@ export class TenantManagementLambda extends Construct {
     }:017000801446:layer:AWSLambdaPowertoolsPythonV2:59`;
 
     const tenantManagementFunc = new PythonFunction(this, 'TenantManagementServices', {
-      entry: path.join(__dirname, '../../resources/functions/tenant-management'),
+      entry: path.join(__dirname, '../../../resources/functions/tenant-management'),
       runtime: Runtime.PYTHON_3_12,
       index: 'index.py',
       handler: 'lambda_handler',
@@ -87,6 +89,6 @@ export class TenantManagementLambda extends Construct {
       },
     });
 
-    this.tenantManagementFunction = tenantManagementFunc;
+    this.tenantManagementFunc = tenantManagementFunc;
   }
 }
diff --git a/src/control-plane/tenant-management/tenant-management.service.ts b/src/control-plane/tenant-management/tenant-management.service.ts
@@ -1,16 +1,21 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
 import * as apigatewayV2 from 'aws-cdk-lib/aws-apigatewayv2';
-import { Construct } from 'constructs';
-import { IEventManager, Route, generateRoutes } from '../../utils';
-import { TenantManagementLambda } from './tenant-management.lambda';
-import { TenantManagementTable } from './tenant-management.table';
+import * as events from 'aws-cdk-lib/aws-events';
 import { HttpLambdaIntegration } from 'aws-cdk-lib/aws-apigatewayv2-integrations';
+import { Construct } from 'constructs';
+import { DetailType, IEventManager, IRoute, generateRoutes } from '../../utils';
 import { IAuth } from '../auth/auth-interface';
+import { TenantManagementLambda } from './tenant-management-funcs';
+import { TenantManagementTable } from './tenant-management.table';
+import { ApiDestination } from 'aws-cdk-lib/aws-events-targets';
 
 export interface TenantManagementServiceProps {
-  api: apigatewayV2.HttpApi;
-  auth: IAuth;
-  authorizer: apigatewayV2.IHttpRouteAuthorizer;
-  eventManager: IEventManager;
+  readonly api: apigatewayV2.HttpApi;
+  readonly auth: IAuth;
+  readonly authorizer: apigatewayV2.IHttpRouteAuthorizer;
+  readonly eventManager: IEventManager;
 }
 
 export class TenantManagementService extends Construct {
@@ -26,12 +31,12 @@ export class TenantManagementService extends Construct {
 
     const tenantsHttpLambdaIntegration = new HttpLambdaIntegration(
       'tenantsHttpLambdaIntegration',
-      lambda.tenantManagementFunction
+      lambda.tenantManagementFunc
     );
     const tenantsPath = '/tenants';
     const tenantIdPath = `${tenantsPath}/{tenantId}`;
 
-    const routes: Route[] = [
+    const routes: IRoute[] = [
       {
         method: apigatewayV2.HttpMethod.GET,
         scope: props.auth.fetchAllTenantsScope,
@@ -75,8 +80,50 @@ export class TenantManagementService extends Construct {
         integration: tenantsHttpLambdaIntegration,
       },
     ];
-
     generateRoutes(props.api, routes, props.authorizer);
+
+    const connection = new events.Connection(this, 'connection', {
+      authorization: events.Authorization.oauth({
+        authorizationEndpoint: props.auth.tokenEndpoint,
+        clientId: props.auth.machineClientId,
+        clientSecret: props.auth.machineClientSecret,
+        httpMethod: events.HttpMethod.POST,
+        bodyParameters: {
+          grant_type: events.HttpParameter.fromString('client_credentials'),
+          ...(props.auth.updateTenantScope && {
+            scope: events.HttpParameter.fromString(props.auth.updateTenantScope),
+          }),
+        },
+      }),
+    });
+
+    const putTenantAPIDestination = new events.ApiDestination(this, 'destination', {
+      connection: connection,
+      httpMethod: events.HttpMethod.PUT,
+      endpoint: `${props.api.url}${tenantsPath.substring(1)}/*`, // skip the first '/' in tenantIdPath
+    });
+
+    const tenantUpdateServiceTarget = new ApiDestination(putTenantAPIDestination, {
+      pathParameterValues: ['$.detail.tenantId'],
+      event: events.RuleTargetInput.fromEventPath('$.detail.tenantOutput'),
+    });
+
+    props.eventManager.addTargetToEvent(
+      this,
+      DetailType.PROVISION_SUCCESS,
+      tenantUpdateServiceTarget
+    );
+
+    props.eventManager.addTargetToEvent(
+      this,
+      DetailType.DEPROVISION_SUCCESS,
+      tenantUpdateServiceTarget
+    );
+
+    // new cdk.CfnOutput(this, 'controlPlaneAPIGatewayUrl', {
+    //   value: controlPlaneAPI.apiUrl,
+    //   key: 'controlPlaneAPIGatewayUrl',
+    // });
     this.table = table;
   }
 }
diff --git a/src/control-plane/tenant-management/tenant-management.table.ts b/src/control-plane/tenant-management/tenant-management.table.ts
@@ -1,7 +1,7 @@
 // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
-import { Table, AttributeType, ProjectionType } from 'aws-cdk-lib/aws-dynamodb';
+import { AttributeType, ProjectionType, Table } from 'aws-cdk-lib/aws-dynamodb';
 import { Construct } from 'constructs';
 import { addTemplateTag } from '../../utils';
 

diff --git a/src/control-plane/user-management/index.ts b/src/control-plane/user-management/index.ts
@@ -0,0 +1,4 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+export * from './user-management.service';