@digitraffic/common 2024.1.24-2 → 2024.1.30-1

package/src/aws/infra/canaries/canary-parameters.mts

@@ -1,19 +0,0 @@
-import { Schedule } from "aws-cdk-lib/aws-synthetics";
-
-/** Optional env parameters for canary */
-type CanaryEnv = Record<string, string>;
-
-export interface CanaryParameters {
-    readonly name: string;
-    readonly schedule?: Schedule;
-    readonly secret?: string;
-    readonly handler: string;
-    readonly alarm?: {
-        readonly alarmName?: string;
-        readonly description?: string;
-        readonly evalutionPeriods?: number;
-        readonly threshold?: number;
-        readonly topicArn?: string;
-    };
-    readonly canaryEnv?: CanaryEnv;
-}

package/src/aws/infra/canaries/canary-role.mts

@@ -1,73 +0,0 @@
-import {
-    ManagedPolicy,
-    PolicyStatement,
-    PolicyStatementProps,
-    Role,
-    ServicePrincipal,
-} from "aws-cdk-lib/aws-iam";
-import { Construct } from "constructs";
-
-const BASE_POLICY_STATEMENT_PROPS: PolicyStatementProps = {
-    actions: [
-        "logs:CreateLogStream",
-        "logs:PutLogEvents",
-        "logs:CreateLogGroup",
-        "logs:DescribeLogGroups",
-        "logs:DescribeLogStreams",
-    ],
-    resources: ["*"],
-};
-
-const CLOUDWATCH_STATEMENT_PROPS: PolicyStatementProps = {
-    actions: ["cloudwatch:PutMetricData"],
-    resources: ["*"],
-    conditions: {
-        StringEquals: {
-            "cloudwatch:namespace": "CloudWatchSynthetics",
-        },
-    },
-};
-
-export class DigitrafficCanaryRole extends Role {
-    constructor(stack: Construct, canaryName: string) {
-        super(stack, "canary-role-" + canaryName, {
-            assumedBy: new ServicePrincipal("lambda.amazonaws.com"),
-            managedPolicies: [
-                ManagedPolicy.fromAwsManagedPolicyName(
-                    "CloudWatchSyntheticsFullAccess"
-                ),
-            ],
-        });
-
-        this.addToPolicy(new PolicyStatement(BASE_POLICY_STATEMENT_PROPS));
-        this.addToPolicy(new PolicyStatement(CLOUDWATCH_STATEMENT_PROPS));
-    }
-
-    /**
-     * Provides permissions to access resources within a VPC.
-     */
-    withDatabaseAccess(): this {
-        // Won't work :(
-        // this.addToPolicy(new PolicyStatement(DB_STATEMENT_PROPS));
-        // Works
-        this.addManagedPolicy(
-            ManagedPolicy.fromAwsManagedPolicyName(
-                "service-role/AWSLambdaVPCAccessExecutionRole"
-            )
-        );
-        return this;
-    }
-
-    /**
-     * Same as withDatabaseAccess() - renamed to avoid confusion if used with UrlCanary.
-     * A UrlCanary needs these permissions to e.g. access a private API Gateway endpoint in a VPC.
-     */
-    withVpcAccess(): this {
-        this.addManagedPolicy(
-            ManagedPolicy.fromAwsManagedPolicyName(
-                "service-role/AWSLambdaVPCAccessExecutionRole"
-            )
-        );
-        return this;
-    }
-}

package/src/aws/infra/canaries/canary.mts

@@ -1,44 +0,0 @@
-import { Duration } from "aws-cdk-lib";
-import {
-    AssetCode,
-    Canary,
-    Runtime,
-    Schedule,
-    Test,
-} from "aws-cdk-lib/aws-synthetics";
-import { Role } from "aws-cdk-lib/aws-iam";
-import { CanaryAlarm } from "./canary-alarm.mjs";
-import { CanaryParameters } from "./canary-parameters.mjs";
-import { Construct } from "constructs";
-import { LambdaEnvironment } from "../stack/lambda-configs.mjs";
-
-export class DigitrafficCanary extends Canary {
-    constructor(
-        scope: Construct,
-        canaryName: string,
-        role: Role,
-        params: CanaryParameters,
-        environmentVariables: LambdaEnvironment
-    ) {
-        super(scope, canaryName, {
-            runtime: Runtime.SYNTHETICS_NODEJS_PUPPETEER_4_0,
-            role,
-            test: Test.custom({
-                code: new AssetCode("dist", {
-                    exclude: ["lambda", "out", "canaries"],
-                }),
-                handler: params.handler,
-            }),
-            environmentVariables: {
-                ...environmentVariables,
-                ...params.canaryEnv,
-            },
-            canaryName,
-            schedule: params.schedule ?? Schedule.rate(Duration.minutes(15)),
-        });
-
-        this.artifactsBucket.grantWrite(role);
-
-        new CanaryAlarm(scope, this, params);
-    }
-}

package/src/aws/infra/canaries/database-canary.mts

@@ -1,98 +0,0 @@
-import { Role } from "aws-cdk-lib/aws-iam";
-import { ISecret } from "aws-cdk-lib/aws-secretsmanager";
-import { CfnCanary } from "aws-cdk-lib/aws-synthetics";
-import { Schedule } from "aws-cdk-lib/aws-events";
-import { Duration } from "aws-cdk-lib";
-
-import { CanaryParameters } from "./canary-parameters.mjs";
-import { DigitrafficCanary } from "./canary.mjs";
-import { DigitrafficStack } from "../stack/stack.mjs";
-
-export class DatabaseCanary extends DigitrafficCanary {
-    constructor(
-        stack: DigitrafficStack,
-        role: Role,
-        secret: ISecret,
-        params: CanaryParameters
-    ) {
-        const canaryName = `${params.name}-db`;
-        const environmentVariables = stack.createDefaultLambdaEnvironment(
-            `Synthetics-${canaryName}`
-        );
-
-        // the handler code is defined at the actual project using this
-        super(stack, canaryName, role, params, environmentVariables);
-
-        this.artifactsBucket.grantWrite(this.role);
-        secret.grantRead(this.role);
-
-        // need to override vpc and security group, can't do this with cdk
-        if (this.node.defaultChild instanceof CfnCanary) {
-            const subnetIds =
-                stack.vpc === undefined
-                    ? []
-                    : stack.vpc.privateSubnets.map((subnet) => subnet.subnetId);
-
-            const securityGroupIds =
-                stack.lambdaDbSg === undefined
-                    ? []
-                    : [stack.lambdaDbSg.securityGroupId];
-
-            this.node.defaultChild.vpcConfig = {
-                vpcId: stack.vpc?.vpcId,
-                securityGroupIds,
-                subnetIds,
-            };
-        }
-    }
-
-    static create(
-        stack: DigitrafficStack,
-        role: Role,
-        params: CanaryParameters
-    ): DatabaseCanary {
-        const secret = stack.getSecret();
-        return new DatabaseCanary(stack, role, secret, {
-            ...{
-                secret: stack.configuration.secretId,
-                schedule: Schedule.rate(Duration.hours(1)),
-                handler: `${params.name}.handler`,
-            },
-            ...params,
-        });
-    }
-
-    /**
-     *
-     * @param stack
-     * @param role
-     * @param name name of the typescipt file without -db -suffix. Max len is 10 char if @param canaryName is not given.
-     * @param params
-     * @param canaryName Optional name for canary if multiple canaries is made from same ${name}-db.ts canary file.
-     */
-    static createV2(
-        stack: DigitrafficStack,
-        role: Role,
-        name: string,
-        params: Partial<CanaryParameters> = {},
-        canaryName = name
-    ): DatabaseCanary {
-        const secret = stack.getSecret();
-        return new DatabaseCanary(stack, role, secret, {
-            ...{
-                secret: stack.configuration.secretId,
-                schedule: Schedule.rate(Duration.hours(1)),
-                handler: `${name}-db.handler`,
-                name: canaryName,
-                alarm: {
-                    alarmName:
-                        canaryName === name
-                            ? `${stack.configuration.shortName}-DB-Alarm`
-                            : `${canaryName}-DB-Alarm`,
-                    topicArn: stack.configuration.alarmTopicArn,
-                },
-            },
-            ...params,
-        });
-    }
-}

package/src/aws/infra/canaries/database-checker.mts

@@ -1,163 +0,0 @@
-import { DTDatabase, inDatabaseReadonly } from "../../../database/database.mjs";
-import { ProxyHolder } from "../../runtime/secrets/proxy-holder.mjs";
-import { RdsHolder } from "../../runtime/secrets/rds-holder.mjs";
-import { getEnvVariable } from "../../../utils/utils.mjs";
-import { Countable } from "../../../database/models.mjs";
-import { logger } from "../../runtime/dt-logger-default.mjs";
-
-import synthetics from "Synthetics";
-
-abstract class DatabaseCheck<T> {
-    readonly name: string;
-    readonly sql: string;
-    failed: boolean;
-
-    protected constructor(name: string, sql: string) {
-        this.name = name;
-        this.sql = sql;
-        this.failed = false;
-    }
-
-    abstract check(value: T): void;
-}
-
-class CountDatabaseCheck extends DatabaseCheck<Countable> {
-    readonly minCount: number | null;
-    readonly maxCount: number | null;
-
-    constructor(
-        name: string,
-        sql: string,
-        minCount: number | null,
-        maxCount: number | null
-    ) {
-        super(name, sql);
-
-        if (
-            !sql.toLowerCase().includes("select") ||
-            !sql.toLowerCase().includes("count")
-        ) {
-            throw new Error("sql must contain select count(*)");
-        }
-
-        if (minCount == null && maxCount == null) {
-            throw new Error("no max or min given");
-        }
-
-        this.minCount = minCount;
-        this.maxCount = maxCount;
-    }
-
-    check(value: Countable) {
-        if ("count" in value) {
-            if (this.minCount && value.count < this.minCount) {
-                this.failed = true;
-                throw new Error(
-                    `count was ${value.count}, minimum is ${this.minCount}`
-                );
-            }
-            if (this.maxCount && value.count > this.maxCount) {
-                this.failed = true;
-                throw new Error(
-                    `count was ${value.count}, max is ${this.maxCount}`
-                );
-            }
-        } else {
-            this.failed = true;
-
-            throw new Error("no count available");
-        }
-    }
-}
-
-const stepConfig = {
-    continueOnStepFailure: true,
-    screenshotOnStepStart: false,
-    screenshotOnStepSuccess: false,
-    screenshotOnStepFailure: false,
-};
-
-/**
- * Checker for sql that checks the count.  Meaning that the
- * sql must be structured as "select count(*) from <table> where <something>".
- */
-export class DatabaseCountChecker {
-    readonly credentialsFunction: () => Promise<void>;
-    readonly checks: DatabaseCheck<Countable>[] = [];
-
-    private constructor(credentialsFunction: () => Promise<void>) {
-        this.credentialsFunction = credentialsFunction;
-        // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-unsafe-call
-        synthetics.getConfiguration().disableRequestMetrics();
-        // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-unsafe-call
-        synthetics.getConfiguration().withFailedCanaryMetric(true);
-    }
-
-    static createForProxy() {
-        return new DatabaseCountChecker(() =>
-            new ProxyHolder(getEnvVariable("SECRET_ID")).setCredentials()
-        );
-    }
-
-    static createForRds() {
-        return new DatabaseCountChecker(() =>
-            new RdsHolder(getEnvVariable("SECRET_ID")).setCredentials()
-        );
-    }
-
-    /**
-     * Expect that the count is 1
-     */
-    expectOne(name: string, sql: string) {
-        this.checks.push(new CountDatabaseCheck(name, sql, 1, 1));
-
-        return this;
-    }
-
-    /**
-     * Expect that the count is 0
-     */
-    expectZero(name: string, sql: string) {
-        this.checks.push(new CountDatabaseCheck(name, sql, null, 0));
-
-        return this;
-    }
-
-    /**
-     * Expect that the count is 1 or more
-     */
-    expectOneOrMore(name: string, sql: string) {
-        this.checks.push(new CountDatabaseCheck(name, sql, 1, null));
-
-        return this;
-    }
-
-    async expect() {
-        if (!this.checks.length) {
-            throw new Error("No checks");
-        }
-
-        await this.credentialsFunction();
-        await inDatabaseReadonly(async (db: DTDatabase) => {
-            for (const check of this.checks) {
-                logger.info({
-                    method: "DatabaseCountChecker.expect",
-                    message: "Running sql: " + check.sql,
-                });
-
-                const value = await db.one<Countable>(check.sql);
-                const checkFunction = () => {
-                    check.check(value);
-                };
-
-                synthetics.executeStep(check.name, checkFunction, stepConfig);
-            }
-        });
-
-        if (this.checks.some((check) => check.failed)) {
-            throw new Error("Failed");
-        }
-
-        return "OK";
-    }
-}

package/src/aws/infra/canaries/url-canary.mts

@@ -1,98 +0,0 @@
-import { Role } from "aws-cdk-lib/aws-iam";
-import { ISecret } from "aws-cdk-lib/aws-secretsmanager";
-import { CfnCanary } from "aws-cdk-lib/aws-synthetics";
-import { LambdaEnvironment } from "../stack/lambda-configs.mjs";
-import { DigitrafficRestApi } from "../stack/rest_apis.mjs";
-import { DigitrafficStack } from "../stack/stack.mjs";
-import { DigitrafficCanary } from "./canary.mjs";
-import { ENV_API_KEY, ENV_HOSTNAME, ENV_SECRET } from "./canary-keys.mjs";
-import { CanaryParameters } from "./canary-parameters.mjs";
-
-export interface UrlCanaryParameters extends CanaryParameters {
-    readonly hostname: string;
-    readonly apiKeyId: string;
-    readonly inVpc?: boolean;
-}
-
-export class UrlCanary extends DigitrafficCanary {
-    constructor(
-        stack: DigitrafficStack,
-        role: Role,
-        params: UrlCanaryParameters,
-        secret?: ISecret
-    ) {
-        const canaryName = `${params.name}-url`;
-        const environmentVariables: LambdaEnvironment = {};
-        environmentVariables[ENV_HOSTNAME] = params.hostname;
-
-        if (params.secret) {
-            environmentVariables[ENV_SECRET] = params.secret;
-        }
-
-        if (params.apiKeyId) {
-            environmentVariables[ENV_API_KEY] = params.apiKeyId;
-        }
-
-        if (secret) {
-            secret.grantRead(role);
-        }
-
-        // the handler code is defined at the actual project using this
-        super(stack, canaryName, role, params, environmentVariables);
-
-        if (params.inVpc && this.node.defaultChild instanceof CfnCanary) {
-            const subnetIds =
-                stack.vpc === undefined
-                    ? []
-                    : stack.vpc.privateSubnets.map((subnet) => subnet.subnetId);
-
-            const securityGroupIds =
-                stack.lambdaDbSg === undefined
-                    ? []
-                    : [stack.lambdaDbSg.securityGroupId];
-
-            this.node.defaultChild.vpcConfig = {
-                vpcId: stack.vpc?.vpcId,
-                securityGroupIds,
-                subnetIds,
-            };
-        }
-    }
-
-    static create(
-        stack: DigitrafficStack,
-        role: Role,
-        publicApi: DigitrafficRestApi,
-        params: Partial<UrlCanaryParameters>,
-        secret?: ISecret
-    ): UrlCanary {
-        return new UrlCanary(
-            stack,
-            role,
-            {
-                // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
-                handler: `${params.name!}.handler`,
-                hostname: publicApi.hostname(),
-                apiKeyId: this.getApiKey(publicApi),
-                ...params,
-            } as UrlCanaryParameters,
-            secret
-        );
-    }
-
-    static getApiKey(publicApi: DigitrafficRestApi): string | undefined {
-        const apiKeys = publicApi.apiKeyIds;
-
-        if (apiKeys.length > 1) {
-            console.info("rest api has more than one api key");
-        }
-
-        if (apiKeys.length === 0) {
-            console.info("rest api has no api keys");
-            return undefined;
-        }
-
-        // always use first api key
-        return publicApi.apiKeyIds[0];
-    }
-}