eoapi-cdk 8.1.1 → 8.2.1

package/integration_tests/cdk/README.md

@@ -1,55 +0,0 @@
-
-# Deployment CDK code for eoapi-cdk deployment tests
-
-This is a wrapper CDK code that is used to test a deployment of the `eoapi-cdk` constructs.
-
-## Requirements
-
-- python
-- docker
-- node
-- AWS credentials environment variables configured to point to an account.
-
-## Installation
-
-Install python dependencies with
-
-```
-python -m venv .venv
-source .venv/bin/activate
-python -m pip install -r requirements.txt
-```
-
-Install the latest `eoapi-cdk` either from PyPI:
-
-```
-pip install eoapi-cdk
-```
-
-Or alternatively, compile and package from the root of this repository to get the python version of the constructs locally.
-
-Also install node dependencies with
-
-```
-npm install
-```
-
-Verify that the `cdk` CLI is available. Since `aws-cdk` is installed as a local dependency, you can use the `npx` node package runner tool, that comes with `npm`.
-
-```
-npx cdk --version
-```
-
-## Deployment
-
-First, synthesize the app
-
-```
-npx cdk synth --all
-```
-
-Then, deploy
-
-```
-npx cdk deploy --all --require-approval never
-```

package/integration_tests/cdk/app.py

@@ -1,186 +0,0 @@
-from aws_cdk import App, RemovalPolicy, Stack, aws_ec2, aws_iam, aws_rds
-from config import AppConfig, build_app_config
-from constructs import Construct
-from eoapi_cdk import (
-    PgStacApiLambda,
-    PgStacDatabase,
-    StacIngestor,
-    TiPgApiLambda,
-    TitilerPgstacApiLambda,
-)
-
-PGSTAC_VERSION = "0.9.5"
-
-
-class VpcStack(Stack):
-    def __init__(
-        self, scope: Construct, app_config: AppConfig, id: str, **kwargs
-    ) -> None:
-        super().__init__(scope, id=id, tags=app_config.tags, **kwargs)
-
-        self.vpc = aws_ec2.Vpc(
-            self,
-            "vpc",
-            subnet_configuration=[
-                aws_ec2.SubnetConfiguration(
-                    name="ingress", subnet_type=aws_ec2.SubnetType.PUBLIC, cidr_mask=24
-                ),
-            ],
-        )
-
-        self.vpc.add_interface_endpoint(
-            "SecretsManagerEndpoint",
-            service=aws_ec2.InterfaceVpcEndpointAwsService.SECRETS_MANAGER,
-        )
-
-        self.vpc.add_interface_endpoint(
-            "CloudWatchEndpoint",
-            service=aws_ec2.InterfaceVpcEndpointAwsService.CLOUDWATCH_LOGS,
-        )
-
-        self.vpc.add_gateway_endpoint(
-            "S3", service=aws_ec2.GatewayVpcEndpointAwsService.S3
-        )
-
-        self.export_value(
-            self.vpc.select_subnets(subnet_type=aws_ec2.SubnetType.PUBLIC)
-            .subnets[0]
-            .subnet_id
-        )
-        self.export_value(
-            self.vpc.select_subnets(subnet_type=aws_ec2.SubnetType.PUBLIC)
-            .subnets[1]
-            .subnet_id
-        )
-
-
-class pgStacInfraStack(Stack):
-    def __init__(
-        self,
-        scope: Construct,
-        vpc: aws_ec2.Vpc,
-        id: str,
-        app_config: AppConfig,
-        **kwargs,
-    ) -> None:
-        super().__init__(
-            scope,
-            id=id,
-            tags=app_config.tags,
-            **kwargs,
-        )
-
-        pgstac_db = PgStacDatabase(
-            self,
-            "pgstac-db",
-            vpc=vpc,
-            engine=aws_rds.DatabaseInstanceEngine.postgres(
-                version=aws_rds.PostgresEngineVersion.VER_14
-            ),
-            vpc_subnets=aws_ec2.SubnetSelection(
-                subnet_type=aws_ec2.SubnetType.PUBLIC,
-            ),
-            allocated_storage=app_config.db_allocated_storage,
-            instance_type=aws_ec2.InstanceType(app_config.db_instance_type),
-            add_pgbouncer=True,
-            pgbouncer_instance_props={
-                "instanceName": "test-name",
-            },
-            removal_policy=RemovalPolicy.DESTROY,
-            pgstac_version=PGSTAC_VERSION,
-        )
-
-        assert pgstac_db.security_group
-
-        pgstac_db.security_group.add_ingress_rule(
-            aws_ec2.Peer.any_ipv4(), aws_ec2.Port.tcp(5432)
-        )
-
-        stac_api = PgStacApiLambda(
-            self,
-            "pgstac-api",
-            db=pgstac_db.connection_target,
-            db_secret=pgstac_db.pgstac_secret,
-            api_env={
-                "NAME": app_config.build_service_name("STAC API"),
-                "description": f"{app_config.stage} STAC API",
-                # test that we can use the pgbouncer secret in downstream resources
-                "POSTGRES_HOST": pgstac_db.pgstac_secret.secret_value_from_json(
-                    "host"
-                ).to_string(),
-            },
-        )
-
-        # make sure stac_api does not try to build before the secret has been boostrapped
-        stac_api.node.add_dependency(pgstac_db.secret_bootstrapper)
-
-        TitilerPgstacApiLambda(
-            self,
-            "titiler-pgstac-api",
-            api_env={
-                "NAME": app_config.build_service_name("titiler pgSTAC API"),
-                "description": f"{app_config.stage} titiler pgstac API",
-            },
-            db=pgstac_db.connection_target,
-            db_secret=pgstac_db.pgstac_secret,
-            buckets=[],
-            lambda_function_options={
-                "allow_public_subnet": True,
-            },
-        )
-
-        TiPgApiLambda(
-            self,
-            "tipg-api",
-            db=pgstac_db.connection_target,
-            db_secret=pgstac_db.pgstac_secret,
-            api_env={
-                "NAME": app_config.build_service_name("tipg API"),
-                "description": f"{app_config.stage} tipg API",
-            },
-            lambda_function_options={
-                "allow_public_subnet": True,
-            },
-        )
-
-        s3_read_only_role = aws_iam.Role(
-            self,
-            "S3ReadOnlyRole",
-            assumed_by=aws_iam.ServicePrincipal("lambda.amazonaws.com"),
-            description="Role with read-only access to S3 buckets",
-        )
-
-        s3_read_only_role.add_managed_policy(
-            aws_iam.ManagedPolicy.from_aws_managed_policy_name("AmazonS3ReadOnlyAccess")
-        )
-
-        StacIngestor(
-            self,
-            "ingestor",
-            data_access_role=s3_read_only_role,
-            stac_db_secret=pgstac_db.pgstac_secret,
-            stac_db_security_group=pgstac_db.security_group,
-            stac_url=stac_api.url,
-            stage="test",
-            pgstac_version=PGSTAC_VERSION,
-            api_env={
-                "JWKS_URL": "",  # no authentication!
-            },
-        )
-
-
-app = App()
-
-app_config = build_app_config()
-
-vpc_stack_id = f"vpc{app_config.project_id}"
-
-vpc_stack = VpcStack(scope=app, app_config=app_config, id=vpc_stack_id)
-
-pgstac_infra_stack_id = f"pgstac{app_config.project_id}"
-
-pgstac_infra_stack = pgStacInfraStack(
-    scope=app, vpc=vpc_stack.vpc, app_config=app_config, id=pgstac_infra_stack_id
-)
-
-app.synth()

package/integration_tests/cdk/cdk.json

@@ -1,32 +0,0 @@
-{
-  "app": "python3 app.py",
-  "watch": {
-    "include": [
-      "**"
-    ],
-    "exclude": [
-      "README.md",
-      "cdk*.json",
-      "requirements*.txt",
-      "source.bat",
-      "**/*.pyc",
-      "**/*.tmp",
-      "**/__pycache__",
-      "tests",
-      "scripts",
-      "*venv"
-    ]
-  },
-  "context": {
-    "@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": true,
-    "@aws-cdk/core:stackRelativeExports": true,
-    "@aws-cdk/aws-rds:lowercaseDbIdentifier": true,
-    "@aws-cdk/aws-lambda:recognizeVersionProps": true,
-    "@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": true,
-    "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true,
-    "@aws-cdk/core:target-partitions": [
-      "aws",
-      "aws-cn"
-    ]
-  }
-}

package/integration_tests/cdk/config.py

@@ -1,52 +0,0 @@
-from typing import Dict
-
-import pydantic
-import yaml
-from pydantic_core.core_schema import FieldValidationInfo
-from pydantic_settings import BaseSettings, SettingsConfigDict
-
-
-class AppConfig(BaseSettings):
-    model_config = SettingsConfigDict(env_file=".env")
-    aws_default_account: str = pydantic.Field(description="AWS account ID")
-    project_id: str = pydantic.Field(description="Project ID", default="eoapicdk")
-    stage: str = pydantic.Field(description="Stage of deployment", default="test")
-    # because of its validator, `tags` should always come after `project_id` and `stage`
-    tags: Dict[str, str] | None = pydantic.Field(
-        description="""Tags to apply to resources. If none provided,
-        will default to the defaults defined in `default_tags`.
-        Note that if tags are passed to the CDK CLI via `--tags`,
-        they will override any tags defined here.""",
-        default=None,
-    )
-    db_instance_type: str = pydantic.Field(
-        description="Database instance type", default="t3.micro"
-    )
-    db_allocated_storage: int = pydantic.Field(
-        description="Allocated storage for the database", default=5
-    )
-
-    @pydantic.field_validator("tags")
-    def default_tags(cls, v, info: FieldValidationInfo):
-        return v or {"project_id": info.data["project_id"], "stage": info.data["stage"]}
-
-    def build_service_name(self, service_id: str) -> str:
-        return f"{self.project_id}-{self.stage}-{service_id}"
-
-
-def build_app_config() -> AppConfig:
-    """Builds the AppConfig object from config.yaml file if exists,
-    otherwise use defaults"""
-    try:
-        with open("config.yaml") as f:
-            print("Loading config from config.yaml")
-            app_config = yaml.safe_load(f)
-            app_config = (
-                {} if app_config is None else app_config
-            )  # if config is empty, set it to an empty dict
-            app_config = AppConfig(**app_config)
-    except FileNotFoundError:
-        # if no config at the expected path, using defaults
-        app_config = AppConfig()
-
-    return app_config

package/integration_tests/cdk/package-lock.json

@@ -1,42 +0,0 @@
-{
-    "name": "eoapi-template",
-    "version": "0.1.0",
-    "lockfileVersion": 3,
-    "requires": true,
-    "packages": {
-        "": {
-            "name": "eoapi-template",
-            "version": "0.1.0",
-            "dependencies": {
-                "aws-cdk": "2.130.0"
-            }
-        },
-        "node_modules/aws-cdk": {
-            "version": "2.130.0",
-            "resolved": "https://registry.npmjs.org/aws-cdk/-/aws-cdk-2.130.0.tgz",
-            "integrity": "sha512-MsjGzQ2kZv0FEfXvpW7FTJRnefew0GrYt9M2SMN2Yn45+yjugGl2X8to416kABeFz1OFqW56hq8Y5BiLuFDVLQ==",
-            "bin": {
-                "cdk": "bin/cdk"
-            },
-            "engines": {
-                "node": ">= 14.15.0"
-            },
-            "optionalDependencies": {
-                "fsevents": "2.3.2"
-            }
-        },
-        "node_modules/fsevents": {
-            "version": "2.3.2",
-            "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz",
-            "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==",
-            "hasInstallScript": true,
-            "optional": true,
-            "os": [
-                "darwin"
-            ],
-            "engines": {
-                "node": "^8.16.0 || ^10.6.0 || >=11.0.0"
-            }
-        }
-    }
-}

package/integration_tests/cdk/package.json

@@ -1,7 +0,0 @@
-{
-    "name": "eoapi-template",
-    "version": "0.1.0",
-    "dependencies": {
-      "aws-cdk": "2.130.0"
-    }
-  }

package/integration_tests/cdk/requirements.txt

@@ -1,7 +0,0 @@
-aws-cdk-lib==2.130.0
-constructs==10.3.0
-pydantic==2.0.2
-pydantic-settings==2.0.1
-python-dotenv==1.0.0
-pyyaml==6.0.2
-types-PyYAML==6.0.12.10