eoapi-cdk 5.0.0

package/lib/ingestor-api/runtime/tests/test_ingestor.py

@@ -0,0 +1,60 @@
+from unittest.mock import patch
+
+import pytest
+
+
+@pytest.fixture()
+def dynamodb_stream_event():
+    return {"Records": None}
+
+
+@pytest.fixture()
+def get_queued_ingestions(example_ingestion):
+    with patch(
+        "src.ingestor.get_queued_ingestions",
+        return_value=iter([example_ingestion]),
+        autospec=True,
+    ) as m:
+        yield m
+
+
+@pytest.fixture()
+def get_db_credentials():
+    with patch("src.ingestor.get_db_credentials", return_value="", autospec=True) as m:
+        yield m
+
+
+@pytest.fixture()
+def load_items():
+    with patch("src.ingestor.load_items", return_value=0, autospec=True) as m:
+        yield m
+
+
+@pytest.fixture()
+def get_table(mock_table):
+    with patch("src.ingestor.get_table", return_value=mock_table, autospec=True) as m:
+        yield m
+
+
+def test_handler(
+    monkeypatch,
+    test_environ,
+    dynamodb_stream_event,
+    example_ingestion,
+    get_queued_ingestions,
+    get_db_credentials,
+    load_items,
+    get_table,
+    mock_table,
+):
+    import src.ingestor as ingestor
+
+    ingestor.handler(dynamodb_stream_event, {})
+    load_items.assert_called_once_with(
+        creds="",
+        ingestions=list([example_ingestion]),
+    )
+    response = mock_table.get_item(
+        Key={"created_by": example_ingestion.created_by, "id": example_ingestion.id}
+    )
+    assert response["Item"]["status"] == "succeeded"

package/lib/ingestor-api/runtime/tests/test_registration.py

@@ -0,0 +1,198 @@
+import base64
+import json
+from datetime import timedelta
+from typing import TYPE_CHECKING, List
+from unittest.mock import call, patch
+
+from fastapi.encoders import jsonable_encoder
+import pytest
+
+
+if TYPE_CHECKING:
+    from fastapi.testclient import TestClient
+    from src import schemas, services
+
+ingestion_endpoint = "/ingestions"
+
+
+@pytest.fixture()
+def collection_exists():
+    with patch("src.validators.collection_exists", return_value=True) as m:
+        yield m
+
+
+@pytest.fixture()
+def collection_missing():
+    def bad_collection(collection_id: str):
+        raise ValueError("MOCKED MISSING COLLECTION ERROR")
+
+    with patch("src.validators.collection_exists", side_effect=bad_collection) as m:
+        yield m
+
+
+@pytest.fixture()
+def asset_exists():
+    with patch("src.validators.url_is_accessible", return_value=True) as m:
+        yield m
+
+
+@pytest.fixture()
+def asset_missing():
+    def bad_asset_url(href: str):
+        raise ValueError("MOCKED INACCESSIBLE URL ERROR")
+
+    with patch("src.validators.url_is_accessible", side_effect=bad_asset_url) as m:
+        yield m
+
+
+class TestCreate:
+    @pytest.fixture(autouse=True)
+    def setup(
+        self,
+        api_client: "TestClient",
+        mock_table: "services.Table",
+        example_ingestion: "schemas.Ingestion",
+    ):
+        from src import services
+
+        self.api_client = api_client
+        self.mock_table = mock_table
+        self.db = services.Database(self.mock_table)
+        self.example_ingestion = example_ingestion
+
+    def test_unauthenticated_create(self):
+        response = self.api_client.post(
+            ingestion_endpoint,
+            json=jsonable_encoder(self.example_ingestion.item),
+        )
+
+        assert response.status_code == 403
+
+    def test_create(self, client_authenticated, collection_exists, asset_exists):
+        response = self.api_client.post(
+            ingestion_endpoint,
+            json=jsonable_encoder(self.example_ingestion.item),
+        )
+
+        assert response.status_code == 201
+        assert collection_exists.called_once_with(
+            self.example_ingestion.item.collection
+        )
+
+        stored_data = self.db.fetch_many(status="queued")["items"]
+        assert len(stored_data) == 1
+        assert json.loads(stored_data[0].json(by_alias=True)) == response.json()
+
+    def test_validates_missing_collection(
+        self, client_authenticated, collection_missing, asset_exists
+    ):
+        response = self.api_client.post(
+            ingestion_endpoint,
+            json=jsonable_encoder(self.example_ingestion.item),
+        )
+
+        collection_missing.assert_called_once_with(
+            collection_id=self.example_ingestion.item.collection
+        )
+        assert response.status_code == 422, "should get validation error"
+        assert (
+            len(self.db.fetch_many(status="queued")["items"]) == 0
+        ), "data should not be stored in DB"
+
+    def test_validates_missing_assets(
+        self, client_authenticated, collection_exists, asset_missing
+    ):
+        response = self.api_client.post(
+            ingestion_endpoint,
+            json=jsonable_encoder(self.example_ingestion.item),
+        )
+
+        collection_exists.assert_called_once_with(
+            collection_id=self.example_ingestion.item.collection
+        )
+        asset_missing.assert_has_calls(
+            [
+                call(href=asset.href)
+                for asset in self.example_ingestion.item.assets.values()
+            ],
+            any_order=True,
+        )
+        assert response.status_code == 422, "should get validation error"
+        for asset_type in self.example_ingestion.item.assets.keys():
+            assert any(
+                [
+                    err["loc"] == ["body", "assets", asset_type, "href"]
+                    for err in response.json()["detail"]
+                ]
+            ), "should reference asset type in validation error response"
+        assert (
+            len(self.db.fetch_many(status="queued")["items"]) == 0
+        ), "data should not be stored in DB"
+
+
+class TestList:
+    @pytest.fixture(autouse=True)
+    def setup(
+        self,
+        api_client: "TestClient",
+        mock_table: "services.Table",
+        example_ingestion: "schemas.Ingestion",
+    ):
+        self.api_client = api_client
+        self.mock_table = mock_table
+        self.example_ingestion = example_ingestion
+
+    def populate_table(self, count=100) -> List["schemas.Ingestion"]:
+        example_ingestions = []
+        for i in range(count):
+            ingestion = self.example_ingestion.copy()
+            ingestion.id = str(i)
+            ingestion.created_at = ingestion.created_at + timedelta(hours=i)
+            self.mock_table.put_item(Item=ingestion.dynamodb_dict())
+            example_ingestions.append(ingestion)
+        return example_ingestions
+
+    def test_simple_lookup(self):
+        self.mock_table.put_item(Item=self.example_ingestion.dynamodb_dict())
+        ingestion = jsonable_encoder(self.example_ingestion)
+        response = self.api_client.get(ingestion_endpoint)
+        assert response.status_code == 200
+        assert response.json() == {
+            "items": [ingestion],
+            "next": None,
+        }
+
+    def test_next_response(self):
+        example_ingestions = self.populate_table(100)
+
+        limit = 25
+        expected_next = json.loads(
+            example_ingestions[limit - 1].json(
+                include={"created_by", "id", "status", "created_at"}
+            )
+        )
+
+        response = self.api_client.get(ingestion_endpoint, params={"limit": limit})
+        assert response.status_code == 200
+        assert json.loads(base64.b64decode(response.json()["next"])) == expected_next
+        assert response.json()["items"] == jsonable_encoder(example_ingestions[:limit])
+
+    @pytest.mark.skip(reason="Test is currently broken")
+    def test_get_next_page(self):
+        example_ingestions = self.populate_table(100)
+
+        limit = 25
+        next_param = base64.b64encode(
+            example_ingestions[limit - 1]
+            .json(include={"created_by", "id", "status", "created_at"})
+            .encode()
+        )
+
+        response = self.api_client.get(
+            ingestion_endpoint, params={"limit": limit, "next": next_param}
+        )
+        assert response.status_code == 200
+        assert response.json()["items"] == [
+            json.loads(ingestion.json(by_alias=True))
+            for ingestion in example_ingestions[limit : limit * 2]
+        ]

package/lib/ingestor-api/runtime/tests/test_utils.py

@@ -0,0 +1,35 @@
+from unittest.mock import Mock, patch
+
+import pytest
+from pypgstac.load import Methods
+from fastapi.encoders import jsonable_encoder
+from src.utils import DbCreds
+
+
+@pytest.fixture()
+def loader():
+    with patch("src.utils.Loader", autospec=True) as m:
+        yield m
+
+
+@pytest.fixture()
+def pgstacdb():
+    with patch("src.utils.PgstacDB", autospec=True) as m:
+        m.return_value.__enter__.return_value = Mock()
+        yield m
+
+
+@pytest.fixture()
+def dbcreds():
+    dbcreds = DbCreds(username="", password="", host="", port=1, dbname="", engine="")
+    return dbcreds
+
+
+def test_load_items(loader, pgstacdb, example_ingestion, dbcreds):
+    import src.utils as utils
+
+    utils.load_items(dbcreds, list([example_ingestion]))
+    loader.return_value.load_items.assert_called_once_with(
+        file=jsonable_encoder([example_ingestion.item]),
+        insert_mode=Methods.upsert,
+    )

package/lib/stac-api/index.d.ts

@@ -0,0 +1,50 @@
+import { aws_ec2 as ec2, aws_rds as rds, aws_secretsmanager as secretsmanager } from "aws-cdk-lib";
+import { PythonFunction, PythonFunctionProps } from "@aws-cdk/aws-lambda-python-alpha";
+import { Construct } from "constructs";
+export declare class PgStacApiLambda extends Construct {
+    readonly url: string;
+    stacApiLambdaFunction: PythonFunction;
+    constructor(scope: Construct, id: string, props: PgStacApiLambdaProps);
+}
+export interface PgStacApiLambdaProps {
+    /**
+     * VPC into which the lambda should be deployed.
+     */
+    readonly vpc: ec2.IVpc;
+    /**
+     * RDS Instance with installed pgSTAC.
+     */
+    readonly db: rds.IDatabaseInstance;
+    /**
+     * Subnet into which the lambda should be deployed.
+     */
+    readonly subnetSelection: ec2.SubnetSelection;
+    /**
+     * Secret containing connection information for pgSTAC database.
+     */
+    readonly dbSecret: secretsmanager.ISecret;
+    /**
+     * Custom code to run for fastapi-pgstac.
+     *
+     * @default - simplified version of fastapi-pgstac
+     */
+    readonly apiCode?: ApiEntrypoint;
+    /**
+     * Customized environment variables to send to fastapi-pgstac runtime.
+     */
+    readonly apiEnv?: Record<string, string>;
+}
+export interface ApiEntrypoint {
+    /**
+     * Path to the source of the function or the location for dependencies.
+     */
+    readonly entry: PythonFunctionProps["entry"];
+    /**
+     * The path (relative to entry) to the index file containing the exported handler.
+     */
+    readonly index: PythonFunctionProps["index"];
+    /**
+     * The name of the exported handler in the index file.
+     */
+    readonly handler: PythonFunctionProps["handler"];
+}

package/lib/stac-api/index.js

@@ -0,0 +1,60 @@
+"use strict";
+var _a;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PgStacApiLambda = void 0;
+const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
+const aws_cdk_lib_1 = require("aws-cdk-lib");
+const aws_lambda_python_alpha_1 = require("@aws-cdk/aws-lambda-python-alpha");
+const aws_apigatewayv2_alpha_1 = require("@aws-cdk/aws-apigatewayv2-alpha");
+const aws_apigatewayv2_integrations_alpha_1 = require("@aws-cdk/aws-apigatewayv2-integrations-alpha");
+const constructs_1 = require("constructs");
+class PgStacApiLambda extends constructs_1.Construct {
+    constructor(scope, id, props) {
+        super(scope, id);
+        const apiCode = props.apiCode || {
+            entry: `${__dirname}/runtime`,
+            index: "src/handler.py",
+            handler: "handler",
+        };
+        this.stacApiLambdaFunction = new aws_lambda_python_alpha_1.PythonFunction(this, "stac-api", {
+            ...apiCode,
+            /**
+             * NOTE: Unable to use Py3.9, due to issues with hashes:
+             *
+             *    ERROR: Hashes are required in --require-hashes mode, but they are missing
+             *    from some requirements. Here is a list of those requirements along with the
+             *    hashes their downloaded archives actually had. Add lines like these to your
+             *    requirements files to prevent tampering. (If you did not enable
+             *    --require-hashes manually, note that it turns on automatically when any
+             *    package has a hash.)
+             *        anyio==3.6.1 --hash=sha256:cb29b9c70620506a9a8f87a309591713446953302d7d995344d0d7c6c0c9a7be
+             * */
+            runtime: aws_cdk_lib_1.aws_lambda.Runtime.PYTHON_3_8,
+            architecture: aws_cdk_lib_1.aws_lambda.Architecture.X86_64,
+            environment: {
+                PGSTAC_SECRET_ARN: props.dbSecret.secretArn,
+                DB_MIN_CONN_SIZE: "0",
+                DB_MAX_CONN_SIZE: "1",
+                ...props.apiEnv,
+            },
+            vpc: props.vpc,
+            vpcSubnets: props.subnetSelection,
+            allowPublicSubnet: true,
+            memorySize: 8192,
+        });
+        props.dbSecret.grantRead(this.stacApiLambdaFunction);
+        this.stacApiLambdaFunction.connections.allowTo(props.db, aws_cdk_lib_1.aws_ec2.Port.tcp(5432));
+        const stacApi = new aws_apigatewayv2_alpha_1.HttpApi(this, `${aws_cdk_lib_1.Stack.of(this).stackName}-stac-api`, {
+            defaultIntegration: new aws_apigatewayv2_integrations_alpha_1.HttpLambdaIntegration("integration", this.stacApiLambdaFunction),
+        });
+        this.url = stacApi.url;
+        new aws_cdk_lib_1.CfnOutput(this, "stac-api-output", {
+            exportName: `${aws_cdk_lib_1.Stack.of(this).stackName}-url`,
+            value: this.url,
+        });
+    }
+}
+exports.PgStacApiLambda = PgStacApiLambda;
+_a = JSII_RTTI_SYMBOL_1;
+PgStacApiLambda[_a] = { fqn: "eoapi-cdk.PgStacApiLambda", version: "5.0.0" };
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJpbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7OztBQUFBLDZDQU9xQjtBQUNyQiw4RUFHMEM7QUFDMUMsNEVBQTBEO0FBQzFELHNHQUFxRjtBQUNyRiwyQ0FBdUM7QUFFdkMsTUFBYSxlQUFnQixTQUFRLHNCQUFTO0lBSTVDLFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBMkI7UUFDbkUsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUVqQixNQUFNLE9BQU8sR0FBRyxLQUFLLENBQUMsT0FBTyxJQUFJO1lBQy9CLEtBQUssRUFBRSxHQUFHLFNBQVMsVUFBVTtZQUM3QixLQUFLLEVBQUUsZ0JBQWdCO1lBQ3ZCLE9BQU8sRUFBRSxTQUFTO1NBQ25CLENBQUM7UUFFRixJQUFJLENBQUMscUJBQXFCLEdBQUcsSUFBSSx3Q0FBYyxDQUFDLElBQUksRUFBRSxVQUFVLEVBQUU7WUFDaEUsR0FBRyxPQUFPO1lBQ1Y7Ozs7Ozs7Ozs7aUJBVUs7WUFDTCxPQUFPLEVBQUUsd0JBQU0sQ0FBQyxPQUFPLENBQUMsVUFBVTtZQUNsQyxZQUFZLEVBQUUsd0JBQU0sQ0FBQyxZQUFZLENBQUMsTUFBTTtZQUN4QyxXQUFXLEVBQUU7Z0JBQ1gsaUJBQWlCLEVBQUUsS0FBSyxDQUFDLFFBQVEsQ0FBQyxTQUFTO2dCQUMzQyxnQkFBZ0IsRUFBRSxHQUFHO2dCQUNyQixnQkFBZ0IsRUFBRSxHQUFHO2dCQUNyQixHQUFHLEtBQUssQ0FBQyxNQUFNO2FBQ2hCO1lBQ0QsR0FBRyxFQUFFLEtBQUssQ0FBQyxHQUFHO1lBQ2QsVUFBVSxFQUFFLEtBQUssQ0FBQyxlQUFlO1lBQ2pDLGlCQUFpQixFQUFFLElBQUk7WUFDdkIsVUFBVSxFQUFFLElBQUk7U0FDakIsQ0FBQyxDQUFDO1FBRUgsS0FBSyxDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLHFCQUFxQixDQUFDLENBQUM7UUFDckQsSUFBSSxDQUFDLHFCQUFxQixDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDLEVBQUUsRUFBRSxxQkFBRyxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQztRQUU3RSxNQUFNLE9BQU8sR0FBRyxJQUFJLGdDQUFPLENBQUMsSUFBSSxFQUFFLEdBQUcsbUJBQUssQ0FBQyxFQUFFLENBQUMsSUFBSSxDQUFDLENBQUMsU0FBUyxXQUFXLEVBQUU7WUFDeEUsa0JBQWtCLEVBQUUsSUFBSSwyREFBcUIsQ0FBQyxhQUFhLEVBQUUsSUFBSSxDQUFDLHFCQUFxQixDQUFDO1NBQ3pGLENBQUMsQ0FBQztRQUVILElBQUksQ0FBQyxHQUFHLEdBQUcsT0FBTyxDQUFDLEdBQUksQ0FBQztRQUV4QixJQUFJLHVCQUFTLENBQUMsSUFBSSxFQUFFLGlCQUFpQixFQUFFO1lBQ3JDLFVBQVUsRUFBRSxHQUFHLG1CQUFLLENBQUMsRUFBRSxDQUFDLElBQUksQ0FBQyxDQUFDLFNBQVMsTUFBTTtZQUM3QyxLQUFLLEVBQUUsSUFBSSxDQUFDLEdBQUc7U0FDaEIsQ0FBQyxDQUFDO0lBQ0wsQ0FBQzs7QUFyREgsMENBc0RDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHtcbiAgU3RhY2ssXG4gIGF3c19lYzIgYXMgZWMyLFxuICBhd3NfcmRzIGFzIHJkcyxcbiAgYXdzX2xhbWJkYSBhcyBsYW1iZGEsXG4gIGF3c19zZWNyZXRzbWFuYWdlciBhcyBzZWNyZXRzbWFuYWdlcixcbiAgQ2ZuT3V0cHV0LFxufSBmcm9tIFwiYXdzLWNkay1saWJcIjtcbmltcG9ydCB7XG4gIFB5dGhvbkZ1bmN0aW9uLFxuICBQeXRob25GdW5jdGlvblByb3BzLFxufSBmcm9tIFwiQGF3cy1jZGsvYXdzLWxhbWJkYS1weXRob24tYWxwaGFcIjtcbmltcG9ydCB7IEh0dHBBcGkgfSBmcm9tIFwiQGF3cy1jZGsvYXdzLWFwaWdhdGV3YXl2Mi1hbHBoYVwiO1xuaW1wb3J0IHsgSHR0cExhbWJkYUludGVncmF0aW9uIH0gZnJvbSBcIkBhd3MtY2RrL2F3cy1hcGlnYXRld2F5djItaW50ZWdyYXRpb25zLWFscGhhXCI7XG5pbXBvcnQgeyBDb25zdHJ1Y3QgfSBmcm9tIFwiY29uc3RydWN0c1wiO1xuXG5leHBvcnQgY2xhc3MgUGdTdGFjQXBpTGFtYmRhIGV4dGVuZHMgQ29uc3RydWN0IHtcbiAgcmVhZG9ubHkgdXJsOiBzdHJpbmc7XG4gIHB1YmxpYyBzdGFjQXBpTGFtYmRhRnVuY3Rpb246IFB5dGhvbkZ1bmN0aW9uO1xuXG4gIGNvbnN0cnVjdG9yKHNjb3BlOiBDb25zdHJ1Y3QsIGlkOiBzdHJpbmcsIHByb3BzOiBQZ1N0YWNBcGlMYW1iZGFQcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZCk7XG5cbiAgICBjb25zdCBhcGlDb2RlID0gcHJvcHMuYXBpQ29kZSB8fCB7XG4gICAgICBlbnRyeTogYCR7X19kaXJuYW1lfS9ydW50aW1lYCxcbiAgICAgIGluZGV4OiBcInNyYy9oYW5kbGVyLnB5XCIsXG4gICAgICBoYW5kbGVyOiBcImhhbmRsZXJcIixcbiAgICB9O1xuXG4gICAgdGhpcy5zdGFjQXBpTGFtYmRhRnVuY3Rpb24gPSBuZXcgUHl0aG9uRnVuY3Rpb24odGhpcywgXCJzdGFjLWFwaVwiLCB7XG4gICAgICAuLi5hcGlDb2RlLFxuICAgICAgLyoqXG4gICAgICAgKiBOT1RFOiBVbmFibGUgdG8gdXNlIFB5My45LCBkdWUgdG8gaXNzdWVzIHdpdGggaGFzaGVzOlxuICAgICAgICpcbiAgICAgICAqICAgIEVSUk9SOiBIYXNoZXMgYXJlIHJlcXVpcmVkIGluIC0tcmVxdWlyZS1oYXNoZXMgbW9kZSwgYnV0IHRoZXkgYXJlIG1pc3NpbmdcbiAgICAgICAqICAgIGZyb20gc29tZSByZXF1aXJlbWVudHMuIEhlcmUgaXMgYSBsaXN0IG9mIHRob3NlIHJlcXVpcmVtZW50cyBhbG9uZyB3aXRoIHRoZVxuICAgICAgICogICAgaGFzaGVzIHRoZWlyIGRvd25sb2FkZWQgYXJjaGl2ZXMgYWN0dWFsbHkgaGFkLiBBZGQgbGluZXMgbGlrZSB0aGVzZSB0byB5b3VyXG4gICAgICAgKiAgICByZXF1aXJlbWVudHMgZmlsZXMgdG8gcHJldmVudCB0YW1wZXJpbmcuIChJZiB5b3UgZGlkIG5vdCBlbmFibGVcbiAgICAgICAqICAgIC0tcmVxdWlyZS1oYXNoZXMgbWFudWFsbHksIG5vdGUgdGhhdCBpdCB0dXJucyBvbiBhdXRvbWF0aWNhbGx5IHdoZW4gYW55XG4gICAgICAgKiAgICBwYWNrYWdlIGhhcyBhIGhhc2guKVxuICAgICAgICogICAgICAgIGFueWlvPT0zLjYuMSAtLWhhc2g9c2hhMjU2OmNiMjliOWM3MDYyMDUwNmE5YThmODdhMzA5NTkxNzEzNDQ2OTUzMzAyZDdkOTk1MzQ0ZDBkN2M2YzBjOWE3YmVcbiAgICAgICAqICovXG4gICAgICBydW50aW1lOiBsYW1iZGEuUnVudGltZS5QWVRIT05fM184LFxuICAgICAgYXJjaGl0ZWN0dXJlOiBsYW1iZGEuQXJjaGl0ZWN0dXJlLlg4Nl82NCxcbiAgICAgIGVudmlyb25tZW50OiB7XG4gICAgICAgIFBHU1RBQ19TRUNSRVRfQVJOOiBwcm9wcy5kYlNlY3JldC5zZWNyZXRBcm4sXG4gICAgICAgIERCX01JTl9DT05OX1NJWkU6IFwiMFwiLFxuICAgICAgICBEQl9NQVhfQ09OTl9TSVpFOiBcIjFcIixcbiAgICAgICAgLi4ucHJvcHMuYXBpRW52LFxuICAgICAgfSxcbiAgICAgIHZwYzogcHJvcHMudnBjLFxuICAgICAgdnBjU3VibmV0czogcHJvcHMuc3VibmV0U2VsZWN0aW9uLFxuICAgICAgYWxsb3dQdWJsaWNTdWJuZXQ6IHRydWUsXG4gICAgICBtZW1vcnlTaXplOiA4MTkyLFxuICAgIH0pO1xuXG4gICAgcHJvcHMuZGJTZWNyZXQuZ3JhbnRSZWFkKHRoaXMuc3RhY0FwaUxhbWJkYUZ1bmN0aW9uKTtcbiAgICB0aGlzLnN0YWNBcGlMYW1iZGFGdW5jdGlvbi5jb25uZWN0aW9ucy5hbGxvd1RvKHByb3BzLmRiLCBlYzIuUG9ydC50Y3AoNTQzMikpO1xuXG4gICAgY29uc3Qgc3RhY0FwaSA9IG5ldyBIdHRwQXBpKHRoaXMsIGAke1N0YWNrLm9mKHRoaXMpLnN0YWNrTmFtZX0tc3RhYy1hcGlgLCB7XG4gICAgICBkZWZhdWx0SW50ZWdyYXRpb246IG5ldyBIdHRwTGFtYmRhSW50ZWdyYXRpb24oXCJpbnRlZ3JhdGlvblwiLCB0aGlzLnN0YWNBcGlMYW1iZGFGdW5jdGlvbiksXG4gICAgfSk7XG5cbiAgICB0aGlzLnVybCA9IHN0YWNBcGkudXJsITtcblxuICAgIG5ldyBDZm5PdXRwdXQodGhpcywgXCJzdGFjLWFwaS1vdXRwdXRcIiwge1xuICAgICAgZXhwb3J0TmFtZTogYCR7U3RhY2sub2YodGhpcykuc3RhY2tOYW1lfS11cmxgLFxuICAgICAgdmFsdWU6IHRoaXMudXJsLFxuICAgIH0pO1xuICB9XG59XG5cbmV4cG9ydCBpbnRlcmZhY2UgUGdTdGFjQXBpTGFtYmRhUHJvcHMge1xuICAvKipcbiAgICogVlBDIGludG8gd2hpY2ggdGhlIGxhbWJkYSBzaG91bGQgYmUgZGVwbG95ZWQuXG4gICAqL1xuICByZWFkb25seSB2cGM6IGVjMi5JVnBjO1xuXG4gIC8qKlxuICAgKiBSRFMgSW5zdGFuY2Ugd2l0aCBpbnN0YWxsZWQgcGdTVEFDLlxuICAgKi9cbiAgcmVhZG9ubHkgZGI6IHJkcy5JRGF0YWJhc2VJbnN0YW5jZTtcblxuICAvKipcbiAgICogU3VibmV0IGludG8gd2hpY2ggdGhlIGxhbWJkYSBzaG91bGQgYmUgZGVwbG95ZWQuXG4gICAqL1xuICByZWFkb25seSBzdWJuZXRTZWxlY3Rpb246IGVjMi5TdWJuZXRTZWxlY3Rpb247XG5cbiAgLyoqXG4gICAqIFNlY3JldCBjb250YWluaW5nIGNvbm5lY3Rpb24gaW5mb3JtYXRpb24gZm9yIHBnU1RBQyBkYXRhYmFzZS5cbiAgICovXG4gIHJlYWRvbmx5IGRiU2VjcmV0OiBzZWNyZXRzbWFuYWdlci5JU2VjcmV0O1xuXG4gIC8qKlxuICAgKiBDdXN0b20gY29kZSB0byBydW4gZm9yIGZhc3RhcGktcGdzdGFjLlxuICAgKlxuICAgKiBAZGVmYXVsdCAtIHNpbXBsaWZpZWQgdmVyc2lvbiBvZiBmYXN0YXBpLXBnc3RhY1xuICAgKi9cbiAgcmVhZG9ubHkgYXBpQ29kZT86IEFwaUVudHJ5cG9pbnQ7XG5cbiAgLyoqXG4gICAqIEN1c3RvbWl6ZWQgZW52aXJvbm1lbnQgdmFyaWFibGVzIHRvIHNlbmQgdG8gZmFzdGFwaS1wZ3N0YWMgcnVudGltZS5cbiAgICovXG4gIHJlYWRvbmx5IGFwaUVudj86IFJlY29yZDxzdHJpbmcsIHN0cmluZz47XG59XG5cbmV4cG9ydCBpbnRlcmZhY2UgQXBpRW50cnlwb2ludCB7XG4gIC8qKlxuICAgKiBQYXRoIHRvIHRoZSBzb3VyY2Ugb2YgdGhlIGZ1bmN0aW9uIG9yIHRoZSBsb2NhdGlvbiBmb3IgZGVwZW5kZW5jaWVzLlxuICAgKi9cbiAgcmVhZG9ubHkgZW50cnk6IFB5dGhvbkZ1bmN0aW9uUHJvcHNbXCJlbnRyeVwiXTtcbiAgLyoqXG4gICAqIFRoZSBwYXRoIChyZWxhdGl2ZSB0byBlbnRyeSkgdG8gdGhlIGluZGV4IGZpbGUgY29udGFpbmluZyB0aGUgZXhwb3J0ZWQgaGFuZGxlci5cbiAgICovXG4gIHJlYWRvbmx5IGluZGV4OiBQeXRob25GdW5jdGlvblByb3BzW1wiaW5kZXhcIl07XG4gIC8qKlxuICAgKiBUaGUgbmFtZSBvZiB0aGUgZXhwb3J0ZWQgaGFuZGxlciBpbiB0aGUgaW5kZXggZmlsZS5cbiAgICovXG4gIHJlYWRvbmx5IGhhbmRsZXI6IFB5dGhvbkZ1bmN0aW9uUHJvcHNbXCJoYW5kbGVyXCJdO1xufVxuIl19

package/lib/stac-api/runtime/requirements.txt

@@ -0,0 +1,8 @@
+mangum==0.15.1
+stac-fastapi.api==2.4.1
+stac-fastapi.extensions==2.4.1
+stac-fastapi.pgstac==2.4.1
+stac-fastapi.types==2.4.1
+# https://github.com/stac-utils/stac-fastapi/pull/466
+pygeoif==0.7
+starlette_cramjam

package/lib/stac-api/runtime/src/app.py

@@ -0,0 +1,58 @@
+"""
+FastAPI application using PGStac.
+"""
+
+from fastapi.middleware.cors import CORSMiddleware
+from fastapi.responses import ORJSONResponse
+from stac_fastapi.api.app import StacApi
+from stac_fastapi.pgstac.core import CoreCrudClient
+from stac_fastapi.pgstac.db import close_db_connection, connect_to_db
+from starlette_cramjam.middleware import CompressionMiddleware
+
+from .config import ApiSettings
+from .config import extensions as PgStacExtensions
+from .config import get_request_model as GETModel
+from .config import post_request_model as POSTModel
+
+api_settings = ApiSettings()
+
+api = StacApi(
+    title=api_settings.name,
+    api_version=api_settings.version,
+    description=api_settings.description or api_settings.name,
+    settings=api_settings.load_postgres_settings(),
+    extensions=PgStacExtensions,
+    client=CoreCrudClient(post_request_model=POSTModel),
+    search_get_request_model=GETModel,
+    search_post_request_model=POSTModel,
+    response_class=ORJSONResponse,
+    middlewares=[CompressionMiddleware],
+)
+
+app = api.app
+
+# Set all CORS enabled origins
+if api_settings.cors_origins:
+    app.add_middleware(
+        CORSMiddleware,
+        allow_origins=api_settings.cors_origins,
+        allow_credentials=True,
+        allow_methods=["GET", "POST", "OPTIONS"],
+        allow_headers=["*"],
+    )
+
+
+@app.on_event("startup")
+async def startup_event():
+    """Connect to database on startup."""
+    print("Setting up DB connection...")
+    await connect_to_db(app)
+    print("DB connection setup.")
+
+
+@app.on_event("shutdown")
+async def shutdown_event():
+    """Close database connection."""
+    print("Closing up DB connection...")
+    await close_db_connection(app)
+    print("DB connection closed.")

package/lib/stac-api/runtime/src/config.py

@@ -0,0 +1,96 @@
+"""API settings.
+Based on https://github.com/developmentseed/eoAPI/tree/master/src/eoapi/stac"""
+import base64
+import json
+from typing import Optional
+
+import boto3
+import pydantic
+from stac_fastapi.api.models import create_get_request_model, create_post_request_model
+
+# from stac_fastapi.pgstac.extensions import QueryExtension
+from stac_fastapi.extensions.core import (
+    ContextExtension,
+    FieldsExtension,
+    FilterExtension,
+    QueryExtension,
+    SortExtension,
+    TokenPaginationExtension,
+)
+from stac_fastapi.pgstac.config import Settings
+from stac_fastapi.pgstac.types.search import PgstacSearch
+
+
+def get_secret_dict(secret_name: str):
+    """Retrieve secrets from AWS Secrets Manager
+
+    Args:
+        secret_name (str): name of aws secrets manager secret containing database connection secrets
+        profile_name (str, optional): optional name of aws profile for use in debugger only
+
+    Returns:
+        secrets (dict): decrypted secrets in dict
+    """
+
+    # Create a Secrets Manager client
+    session = boto3.session.Session()
+    client = session.client(service_name="secretsmanager")
+
+    get_secret_value_response = client.get_secret_value(SecretId=secret_name)
+
+    if "SecretString" in get_secret_value_response:
+        return json.loads(get_secret_value_response["SecretString"])
+    else:
+        return json.loads(base64.b64decode(get_secret_value_response["SecretBinary"]))
+
+
+class ApiSettings(pydantic.BaseSettings):
+    """API settings"""
+
+    name: str = "asdi-stac-api"
+    version: str = "0.1"
+    description: Optional[str] = None
+    cors_origins: str = "*"
+    cachecontrol: str = "public, max-age=3600"
+    debug: bool = False
+
+    pgstac_secret_arn: Optional[str]
+
+    @pydantic.validator("cors_origins")
+    def parse_cors_origin(cls, v):
+        """Parse CORS origins."""
+        return [origin.strip() for origin in v.split(",")]
+
+    def load_postgres_settings(self) -> "Settings":
+        """Load postgres connection params from AWS secret"""
+
+        if self.pgstac_secret_arn:
+            secret = get_secret_dict(self.pgstac_secret_arn)
+
+            return Settings(
+                postgres_host_reader=secret["host"],
+                postgres_host_writer=secret["host"],
+                postgres_dbname=secret["dbname"],
+                postgres_user=secret["username"],
+                postgres_pass=secret["password"],
+                postgres_port=secret["port"],
+            )
+        else:
+            return Settings()
+
+    class Config:
+        """model config"""
+
+        env_file = ".env"
+
+
+extensions = [
+    FilterExtension(),
+    QueryExtension(),
+    SortExtension(),
+    FieldsExtension(),
+    TokenPaginationExtension(),
+    ContextExtension(),
+]
+post_request_model = create_post_request_model(extensions, base_model=PgstacSearch)
+get_request_model = create_get_request_model(extensions)

package/lib/stac-api/runtime/src/handler.py

@@ -0,0 +1,9 @@
+"""
+Handler for AWS Lambda.
+"""
+
+from mangum import Mangum
+
+from .app import app
+
+handler = Mangum(app)

package/lib/titiler-pgstac-api/index.d.ts

@@ -0,0 +1,33 @@
+import { aws_ec2 as ec2, aws_rds as rds, aws_lambda as lambda, aws_secretsmanager as secretsmanager } from "aws-cdk-lib";
+import { Construct } from "constructs";
+export declare class TitilerPgstacApiLambda extends Construct {
+    readonly url: string;
+    titilerPgstacLambdaFunction: lambda.Function;
+    constructor(scope: Construct, id: string, props: TitilerPgStacApiLambdaProps);
+}
+export interface TitilerPgStacApiLambdaProps {
+    /**
+     * VPC into which the lambda should be deployed.
+     */
+    readonly vpc: ec2.IVpc;
+    /**
+     * RDS Instance with installed pgSTAC.
+     */
+    readonly db: rds.IDatabaseInstance;
+    /**
+     * Subnet into which the lambda should be deployed.
+     */
+    readonly subnetSelection: ec2.SubnetSelection;
+    /**
+     * Secret containing connection information for pgSTAC database.
+     */
+    readonly dbSecret: secretsmanager.ISecret;
+    /**
+     * Customized environment variables to send to titiler-pgstac runtime.
+     */
+    readonly apiEnv?: Record<string, string>;
+    /**
+     * list of buckets the lambda will be granted access to.
+     */
+    readonly buckets?: string[];
+}