Skip to content
GitLab
Menu
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
Open Subsurface Data Universe Software
Platform
System
Dataset
Commits
51325cd5
Commit
51325cd5
authored
May 29, 2020
by
Wyatt Nielsen
Browse files
update tests to generate their own data
parent
15f1aaa9
Pipeline
#2046
passed with stages
in 39 minutes and 31 seconds
Changes
30
Pipelines
1
Expand all
Hide whitespace changes
Inline
Side-by-side
.gitignore
View file @
51325cd5
...
...
@@ -16,7 +16,8 @@ buildNumber.properties
.settings/
.vscode/
.DS_Store
.env
*.env
/dist/
# Avoid ignoring Maven wrapper jar file (.jar files are usually ignored)
!/.mvn/wrapper/maven-wrapper.jar
...
...
delivery-core/src/main/java/org/opengroup/osdu/delivery/DeliveryRole.java
View file @
51325cd5
// Copyright © Amazon Web Services
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package
org.opengroup.osdu.delivery
;
public
final
class
DeliveryRole
{
...
...
provider/delivery-aws/CloudFormation/Automated/cache.yml
deleted
100644 → 0
View file @
15f1aaa9
# Copyright © Amazon Web Services
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
AWSTemplateFormatVersion
:
2010-09-09
Description
:
>-
CloudFormation template for creating the resources needed to deploy an ElastiCache cluster in AWS.
It creates the a Security Group with ingress rules, an ElastiCache Subnet Group for the cache cluster,
and the ElastiCache cluster itself.
Parameters
:
Environment
:
Description
:
An environment name that will be prefixed to resource names.
Type
:
String
AllowedValues
:
-
dev
-
uat
-
prod
ConstraintDescription
:
Can only be "dev/uat/prod"
Default
:
dev
Region
:
Description
:
The AWS region to deploy the resources to.
Type
:
String
Default
:
us-east-1
ApplicationName
:
Description
:
>
The name of the application, which will be used to generate the ECS cluster name.
It will be prefixed with the environment name.
Type
:
String
MinLength
:
'
1'
MaxLength
:
'
64'
AllowedPattern
:
"
^[a-zA-Z]+[0-9a-zA-Z_-]*$"
ConstraintDescription
:
Must start with a letter. Only numbers, letters, -, and _ accepted. Max. length 64 characters.
Default
:
os-delivery
CacheName
:
Description
:
The name of the cache cluster. Will be prefixed with the environment name.
Type
:
String
MinLength
:
'
1'
MaxLength
:
'
64'
AllowedPattern
:
"
^[a-zA-Z]+[0-9a-zA-Z_-]*$"
ConstraintDescription
:
Must start with a letter. Only numbers, letters, -, and _ accepted. Max. length 64 characters.
Default
:
cache
CacheEngine
:
Description
:
Which caching platform to use. Can be set to 'redis' or 'memcached'.
Type
:
String
AllowedValues
:
-
redis
-
memcached
ConstraintDescription
:
Can only be "redis" or "memcached"
Default
:
redis
NodeInstanceType
:
Description
:
The instance type for redis cache nodes.
ConstraintDescription
:
Must be a valid instance type from the list of allowed values.
Default
:
cache.t2.micro
AllowedValues
:
-
cache.m5.large
-
cache.m5.xlarge
-
cache.m5.2xlarge
-
cache.m5.4xlarge
-
cache.m5.12xlarge
-
cache.m5.24xlarge
-
cache.m4.large
-
cache.m4.xlarge
-
cache.m4.2xlarge
-
cache.m4.4xlarge
-
cache.m4.10xlarge
-
cache.t2.micro
-
cache.t2.small
-
cache.t2.medium
-
cache.c1.xlarge
-
cache.r5.large
-
cache.r5.xlarge
-
cache.r5.2xlarge
-
cache.r5.4xlarge
-
cache.r5.12xlarge
-
cache.r5.24xlarge
-
cache.r4.large
-
cache.r4.xlarge
-
cache.r4.2xlarge
-
cache.r4.4xlarge
-
cache.r4.8xlarge
-
cache.r4.16xlarge
Type
:
String
NumberOfCacheNodes
:
Description
:
An integer value specifying the number of node in the redis cache.
Type
:
Number
Default
:
1
MinValue
:
1
MaxValue
:
128
Conditions
:
IsSingleNode
:
!Equals
[
!Ref
NumberOfCacheNodes
,
1
]
IsClustered
:
!Not
[
Condition
:
IsSingleNode
]
IsMemcached
:
!Equals
[
!Ref
CacheEngine
,
memcached
]
IsRedis
:
!Equals
[
!Ref
CacheEngine
,
redis
]
Resources
:
ElastiCacheVpcSecurityGroup
:
Type
:
AWS::EC2::SecurityGroup
Properties
:
GroupName
:
!Sub
"
${Environment}-${CacheName}-sg"
GroupDescription
:
"
This
is
the
security
group
that
all
of
our
ElastiCache
cluster
will
be
placed
into."
VpcId
:
Fn::ImportValue:
!Sub "${Environment}-OSDU-VPC"
ElastiCacheVpcSecurityGroupCodeBuildIngress
:
Type
:
AWS::EC2::SecurityGroupIngress
Properties
:
GroupId
:
!Ref
ElastiCacheVpcSecurityGroup
IpProtocol
:
tcp
FromPort
:
"
6379"
ToPort
:
"
6379"
SourceSecurityGroupId
:
Fn::ImportValue:
!Sub "${Environment}-OSDU-CodeBuildSecurityGroup"
ElastiCacheVpcSecurityGroupECSIngress
:
Type
:
AWS::EC2::SecurityGroupIngress
Properties
:
GroupId
:
!Ref
ElastiCacheVpcSecurityGroup
IpProtocol
:
tcp
FromPort
:
"
6379"
ToPort
:
"
6379"
SourceSecurityGroupId
:
Fn::ImportValue:
!Sub "${Environment}-${ApplicationName}-EcsNetworkSecurityGroupId"
ElastiCacheSubnetGroup
:
Type
:
'
AWS::ElastiCache::SubnetGroup'
Properties
:
CacheSubnetGroupName
:
!Sub
${Environment}-${CacheName}-SubnetGroup
Description
:
Redis cache VPC subnet group.
SubnetIds
:
-
Fn::ImportValue:
!Sub "${Environment}-OSDU-PrivateSubnet-AZ1"
-
Fn::ImportValue:
!Sub "${Environment}-OSDU-PrivateSubnet-AZ2"
ElastiCacheCluster
:
Type
:
'
AWS::ElastiCache::CacheCluster'
DependsOn
:
ElastiCacheSubnetGroup
Properties
:
AutoMinorVersionUpgrade
:
'
false'
AZMode
:
single-az
# this parameter only affects Memcached clusters
Engine
:
!Ref
CacheEngine
CacheNodeType
:
!Ref
NodeInstanceType
NumCacheNodes
:
!Ref
NumberOfCacheNodes
ClusterName
:
!Sub
${Environment}-${CacheName}
CacheSubnetGroupName
:
!Ref
ElastiCacheSubnetGroup
VpcSecurityGroupIds
:
-
Ref
:
ElastiCacheVpcSecurityGroup
Outputs
:
# Redis (cluster mode disabled) replication groups don't have this attribute.
# Therefore, Fn::GetAtt returns a value for this attribute only if the replication
# group is clustered. Otherwise, Fn::GetAtt fails.
ElastiCacheConfigurationEndpointUrl
:
Description
:
The configuration endpoint URL of the cache node.
Value
:
!GetAtt
ElastiCacheCluster.ConfigurationEndpoint.Address
Condition
:
IsClustered
Export
:
Name
:
!Sub
${Environment}-${CacheName}-ElastiCacheConfigurationEndpointUrl
# This output is only applicable if the cache engine is set to Memcached
MemcachedConfigurationEndpointPort
:
Description
:
The Memcached configuration endpoint port of the cache node.
Value
:
!GetAtt
ElastiCacheCluster.ConfigurationEndpoint.Port
Condition
:
IsMemcached
Export
:
Name
:
!Sub
${Environment}-${CacheName}-MemcachedConfigurationEndpointPort
# This output is only applicable if the cache engine is set to Redis
RedisEndpointAddress
:
Description
:
The Redis endpoint address of the cache.
Value
:
!GetAtt
ElastiCacheCluster.RedisEndpoint.Address
Condition
:
IsRedis
Export
:
Name
:
!Sub
${Environment}-${CacheName}-RedisEndpointAddress
# This output is only applicable if the cache engine is set to Redis
RedisEndpointPort
:
Description
:
The Redis endpoint port of the cache.
Value
:
!GetAtt
ElastiCacheCluster.RedisEndpoint.Port
Condition
:
IsRedis
Export
:
Name
:
!Sub
${Environment}-${CacheName}-RedisEndpointPort
provider/delivery-aws/CloudFormation/Automated/ecs-cluster.yml
deleted
100644 → 0
View file @
15f1aaa9
This diff is collapsed.
Click to expand it.
provider/delivery-aws/CloudFormation/Automated/ecs-network.yml
deleted
100644 → 0
View file @
15f1aaa9
AWSTemplateFormatVersion
:
2010-09-09
Description
:
>-
CloudFormation template for creating the network resources used for the ECS cluster the application will
be deployed into. This is separated from the rest of the ECS resources in order to avoid a circular dependency.
Because there can be any number of cache stacks, but only one ECS stack per service, it makes sense to have
the caches import ECS exports in order to permit access from ECS, rather than the other way around, since
the number of cache clusters and their names can vary, and would require hardcoding them into the ECS template,
whereas this way things stay generic and the ECS CloudFormation template does not need to be updated in order to
add or remove ElastiCache clusters.
Parameters
:
Environment
:
Description
:
An environment name that will be prefixed to resource names.
Type
:
String
AllowedValues
:
-
dev
-
uat
-
prod
ConstraintDescription
:
Can only be "dev/uat/prod"
Default
:
dev
Region
:
Description
:
The AWS region to deploy the resources to.
Type
:
String
Default
:
us-east-1
ApplicationName
:
Description
:
>
The name of the application, which will be used to generate the ECS cluster name.
It will be prefixed with the environment name.
Type
:
String
MinLength
:
'
1'
MaxLength
:
'
64'
AllowedPattern
:
"
^[a-zA-Z]+[0-9a-zA-Z_-]*$"
ConstraintDescription
:
Must start with a letter. Only numbers, letters, -, and _ accepted. Max. length 64 characters.
Default
:
os-delivery
ECSPort
:
Description
:
The port that the ECS Service will listen on.
Type
:
Number
Default
:
80
MinValue
:
1
MaxValue
:
65535
DomainName
:
Description
:
>-
The optional custom DNS name for the service's load balancer. If omitted, the site will only be accessible
via the ECS service's Application Load Balancer DNS name. This value is used in the creation and signing of
the service's SSL certificate. Leave blank for none.
Type
:
String
Default
:
'
'
AcmCertificateArn
:
Description
:
>-
The Amazon Resource Name (ARN) of an existing AWS Certificate Manager (ACM) certificate.
If omitted, a new SSL certified will be requested/generated (only if the custom domain name
parameter is provided, otherwise the ECS service's ALB will not use SSL/HTTPS).
Type
:
String
AllowedPattern
:
"
^(|arn:aws:acm:.*)$"
Default
:
'
'
Conditions
:
IncludeCustomDomain
:
!Not
[
!Equals
[
!Ref
DomainName
,
'
'
]]
UseExistingACMSSLCertificate
:
!And
-
!Not
[
!Equals
[
!Ref
AcmCertificateArn
,
'
'
]]
-
!Condition
IncludeCustomDomain
ShouldRequestNewSSLCertificate
:
!And
-
!Not
[
!Condition
UseExistingACMSSLCertificate
]
-
!Condition
IncludeCustomDomain
ShouldExportSSLCertificate
:
!Or
-
!Condition
IncludeCustomDomain
-
!Condition
UseExistingACMSSLCertificate
Resources
:
# If an existing SSL certificate is not provided, but a custom domain is, request one
LoadBalancerSSLCertificate
:
Type
:
'
AWS::CertificateManager::Certificate'
Condition
:
ShouldRequestNewSSLCertificate
Properties
:
DomainName
:
!Ref
DomainName
SubjectAlternativeNames
:
-
!Join
[
'
.'
,
[
'
origin'
,
!Ref
DomainName
]]
#
ECSSecurityGroup
:
Type
:
AWS::EC2::SecurityGroup
Properties
:
GroupName
:
!Sub
"
${Environment}-${ApplicationName}-sg"
GroupDescription
:
Delivery Service ECS Security Group
VpcId
:
Fn::ImportValue:
!Sub "${Environment}-OSDU-VPC"
# Public access to ECS Listening Port
ECSSecurityGroupECSListenerInbound
:
Type
:
AWS::EC2::SecurityGroupIngress
Properties
:
GroupId
:
!Ref
'
ECSSecurityGroup'
IpProtocol
:
tcp
FromPort
:
!Ref
ECSPort
ToPort
:
!Ref
ECSPort
CidrIp
:
0.0.0.0/0
# Public access to port 443
ECSSecurityGroupHTTPSInbound
:
Type
:
AWS::EC2::SecurityGroupIngress
Properties
:
GroupId
:
!Ref
'
ECSSecurityGroup'
IpProtocol
:
tcp
FromPort
:
'
443'
ToPort
:
'
443'
CidrIp
:
0.0.0.0/0
# Public access to port 8080
ECSSecurityGroupHTTPAltInbound
:
Type
:
AWS::EC2::SecurityGroupIngress
Properties
:
GroupId
:
!Ref
'
ECSSecurityGroup'
IpProtocol
:
tcp
FromPort
:
'
8080'
ToPort
:
'
8080'
CidrIp
:
0.0.0.0/0
# Public access to port 8443
ECSSecurityGroupHTTPSAltInbound
:
Type
:
AWS::EC2::SecurityGroupIngress
Properties
:
GroupId
:
!Ref
'
ECSSecurityGroup'
IpProtocol
:
tcp
FromPort
:
'
8443'
ToPort
:
'
8443'
CidrIp
:
0.0.0.0/0
# SSH access for instances in our VPC's jump box subnet group (coming soon – will be part of the Util CFN)
ECSSecurityGroupSSHInbound
:
Type
:
AWS::EC2::SecurityGroupIngress
Properties
:
GroupId
:
!Ref
'
ECSSecurityGroup'
IpProtocol
:
tcp
FromPort
:
'
22'
ToPort
:
'
22'
CidrIp
:
0.0.0.0/0
# Open Application Load Balancer port range to itself
ECSSecurityGroupALBports
:
Type
:
AWS::EC2::SecurityGroupIngress
Properties
:
GroupId
:
!Ref
'
ECSSecurityGroup'
IpProtocol
:
tcp
FromPort
:
'
31000'
ToPort
:
'
61000'
SourceSecurityGroupId
:
!Ref
'
ECSSecurityGroup'
Outputs
:
EcsNetworkSecurityGroupId
:
Description
:
The ID of the Delivery Service ECS EC2 security group.
Value
:
!Ref
'
ECSSecurityGroup'
Export
:
Name
:
!Sub
${Environment}-${ApplicationName}-EcsNetworkSecurityGroupId
LoadBalancerSSLCertificateArn
:
Condition
:
ShouldExportSSLCertificate
Description
:
The ARN of the SSL certificate to be used for both ECS and CloudFront (includes both DNS names).
Value
:
!If
[
UseExistingACMSSLCertificate
,
!Ref
AcmCertificateArn
,
!Ref
'
LoadBalancerSSLCertificate'
]
Export
:
Name
:
!Sub
${Environment}-${ApplicationName}-LoadBalancerSSLCertificateArn
provider/delivery-aws/CloudFormation/Automated/service-account-iam-credentials.yml
deleted
100644 → 0
View file @
15f1aaa9
# Copyright © Amazon Web Services
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
AWSTemplateFormatVersion
:
2010-09-09
Description
:
>-
CloudFormation template for creating the resources used for application SDK access for OSDU services.
It creates the IAM account, access keys, and optional key rotation.
Parameters
:
Environment
:
Description
:
An environment name that will be prefixed to resource names.
Type
:
String
AllowedValues
:
-
dev
-
uat
-
prod
ConstraintDescription
:
Can only be "dev/uat/prod"
Default
:
dev
Region
:
Description
:
The AWS region to deploy the resources to.
Type
:
String
Default
:
us-east-1
DeliveryServiceIamUsername
:
Description
:
The username of the service user for the OS Delivery Service.
AllowedPattern
:
"
^[a-zA-Z]+[0-9a-zA-Z_-]*$"
ConstraintDescription
:
Must start with a letter. Only numbers, letters, -, and _ accepted. Max. length 64 characters.
Type
:
String
Default
:
service-user-os-delivery
MinLength
:
'
1'
MaxLength
:
'
64'
DeliveryServiceIamKeyRotationSerial
:
Description
:
This integer value can only ever be incremented, and an increase in value results in a rotation of the user's access key.
Type
:
Number
Default
:
1
Resources
:
DeliveryServiceIamUser
:
Type
:
AWS::IAM::User
Properties
:
Policies
:
-
PolicyName
:
!Sub
${Environment}-DeliveryServiceUserPolicy
PolicyDocument
:
Version
:
'
2012-10-17'
Statement
:
-
Action
:
-
'
s3:*'
-
'
sns:*'
-
'
sqs:*'
-
'
dynamodb:*'
-
'
lambda:*'
Effect
:
Allow
Resource
:
'
*'
UserName
:
!Sub
${Environment}-${DeliveryServiceIamUsername}
DeliveryServiceIamUserAccessKey
:
Type
:
AWS::IAM::AccessKey
DependsOn
:
DeliveryServiceIamUser
Properties
:
Serial
:
!Ref
DeliveryServiceIamKeyRotationSerial
# this value can only ever be incremented, and an increase in value results in a rotation of the user's access key
Status
:
Active
UserName
:
!Sub
${Environment}-${DeliveryServiceIamUsername}
IAMCredentialsSecret
:
Type
:
'
AWS::SecretsManager::Secret'
Properties
:
Name
:
!Sub
${Environment}-DeliveryServiceIamCredentials
Description
:
The IAM service account credentials for the delivery service.
SecretString
:
Fn::Sub:
- '{"access_key":"${AccessKey}","secret_key":"${SecretKey}"}'
- {AccessKey
:
!Ref
DeliveryServiceIamUserAccessKey, SecretKey
:
!GetAtt
DeliveryServiceIamUserAccessKey.SecretAccessKey}
Tags
:
-
Key
:
Environment
Value
:
!Ref
Environment
Outputs
:
DeliveryServiceIamUserAccessKeyId
:
Description
:
The access key ID for the service user for the Schema Repository.
Value
:
!Ref
DeliveryServiceIamUserAccessKey
Export
:
Name
:
!Sub
${Environment}-DeliveryServiceIamUserAccessKeyId
DeliveryServiceIamUserSecretAccessKey
:
Description
:
The secret access key for the service user for the Schema Repository.
Value
:
!GetAtt
DeliveryServiceIamUserAccessKey.SecretAccessKey
Export
:
Name
:
!Sub
${Environment}-DeliveryServiceIamUserSecretAccessKey
DeliveryServiceIamUserArn
:
Description
:
The ARN of the service IAM user account.
Value
:
!GetAtt
DeliveryServiceIamUser.Arn
Export
:
Name
:
!Sub
${Environment}-DeliveryServiceIamUserArn
provider/delivery-aws/CloudFormation/Automated/sns-topic.yml
deleted
100644 → 0
View file @
15f1aaa9
# Copyright © Amazon Web Services
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
AWSTemplateFormatVersion
:
2010-09-09
Description
:
>-
CloudFormation template for creating the resources used for the sending messages to topic and queues to receive the
messages for OSDU's delivery service. It creates the SNS Topic and the corresponding SQS Queues with their associated policies.
Parameters
:
Environment
:
Description
:
an environment name that will be prefixed to resource names.
Type
:
String
AllowedValues
:
-
dev
-
uat
-
prod
ConstraintDescription
:
Can only be "dev/uat/prod"
Default
:
dev
Region
:
Description
:
The AWS region to deploy the resources to.
Type
:
String
Default
:
us-east-1
SNSTopicName
:
Description
:
>-
The name of the Simple Notification Service topic for the OS Delivery Service. Defaults to osdu-delivery-service-messages.
Will be prefixed with the environment name.
AllowedPattern
:
"
^[a-zA-Z]+[0-9a-zA-Z_-]*$"
ConstraintDescription
:
Must start with a letter. Only numbers, letters, -, and _ accepted. Max. length 64 characters.
Default
:
osdu-delivery-service-messages
Type
:
String
MinLength
:
'
1'
MaxLength
:
'
64'
SQSQueueName
:
Description
:
>-
The name of the Simple Queue Service queue for the OS Delivery Service. Defaults to osdu-delivery-service-queue.
Will be prefixed with the environment name.
AllowedPattern
:
"
^[a-zA-Z]+[0-9a-zA-Z_-]*$"
ConstraintDescription
:
Must start with a letter. Only numbers, letters, -, and _ accepted. Max. length 64 characters.
Default
:
osdu-delivery-service-queue
Type
:
String
MinLength
:
'
1'
MaxLength
:
'
64'
Resources
:
OSDUDeliveryServiceSNSTopic
:
Type
:
'
AWS::SNS::Topic'
Properties
:
DisplayName
:
!Sub
${Environment}-${AWS::AccountId}-${SNSTopicName}
TopicName
:
!Sub
${Environment}-${SNSTopicName}
OSDUDeliveryServiceSQSQueue
:
Type
:
AWS::SQS::Queue
Properties
:
QueueName
:
!Sub
${Environment}-${AWS::AccountId}-${SQSQueueName}
OSDUDeliveryServiceSNSSubscription
:
Type
:
AWS::SNS::Subscription
Properties
:
Protocol
:
sqs
TopicArn
:
!Ref
OSDUDeliveryServiceSNSTopic
RawMessageDelivery
:
true
Endpoint
:
!GetAtt
OSDUDeliveryServiceSQSQueue.Arn
