Merge branch 'main' into remove-stale-msg-flag

Author: gxueatlassian

.env.development

@@ -17,6 +17,8 @@ GLOBAL_HASH_SECRET=testsecret
 #Dyamno for deployment status
 DYNAMO_DEPLOYMENT_HISTORY_CACHE_TABLE_REGION=us-west-1
 DYNAMO_DEPLOYMENT_HISTORY_CACHE_TABLE_NAME=deployment-history-cache
+DYNAMO_AUDIT_LOG_TABLE_REGION=us-west-1
+DYNAMO_AUDIT_LOG_TABLE_NAME=audit-log
 
 # The Postgres URL used to connect to the database and secret for encrypting data
 DATABASE_URL=postgres://postgres:[email protected]:5432/jira-dev

.env.e2e

@@ -21,6 +21,8 @@ DEBUG=nock.*
 #Dyamno for deployment status
 DYNAMO_DEPLOYMENT_HISTORY_CACHE_TABLE_REGION=us-west-1
 DYNAMO_DEPLOYMENT_HISTORY_CACHE_TABLE_NAME=deployment-history-cache
+DYNAMO_AUDIT_LOG_TABLE_REGION=us-west-1
+DYNAMO_AUDIT_LOG_TABLE_NAME=audit-log
 
 MICROS_AWS_REGION=us-west-1
 

.env.test

@@ -26,6 +26,8 @@ DEBUG=nock.*
 #Dyamno for deployment status
 DYNAMO_DEPLOYMENT_HISTORY_CACHE_TABLE_REGION=us-west-1
 DYNAMO_DEPLOYMENT_HISTORY_CACHE_TABLE_NAME=deployment-history-cache
+DYNAMO_AUDIT_LOG_TABLE_REGION=us-west-1
+DYNAMO_AUDIT_LOG_TABLE_NAME=audit-log
 
 MICROS_AWS_REGION=us-west-1
 

.eslintrc.json

@@ -18,8 +18,7 @@
 		"eslint:recommended",
 		"plugin:import/recommended",
 		"plugin:import/typescript",
-		"plugin:@typescript-eslint/eslint-recommended",
-		"plugin:@typescript-eslint/recommended-requiring-type-checking"
+		"plugin:@typescript-eslint/strict-type-checked"
 	],
 	"settings": {
 		"import/parsers": {
@@ -115,7 +114,9 @@
 			"@typescript-eslint/no-unsafe-call": "off",
 			"@typescript-eslint/require-await": "off",
 			"@typescript-eslint/await-thenable": "off",
-			"@typescript-eslint/no-misused-promises": "off"
+			"@typescript-eslint/no-misused-promises": "off",
+			"@typescript-eslint/no-explicit-any": "off",
+			"@typescript-eslint/no-unnecessary-condition": "off"
 		}
 	},
 	{
@@ -124,15 +125,21 @@
 			"src/jira/**",
 			"src/models/**",
 			"src/sync/**",
-			"src/transforms/**"
+			"src/transforms/**",
+			"src/util/**",
+			"src/sqs/**",
+			"src/middleware/**"
 		],
 		"rules": {
 			// To be removed later
 			"@typescript-eslint/no-unsafe-assignment": "off",
 			"@typescript-eslint/no-unsafe-argument": "off",
 			"@typescript-eslint/no-unsafe-member-access": "off",
 			"@typescript-eslint/no-unsafe-return": "off",
-			"@typescript-eslint/no-unsafe-call": "off"
+			"@typescript-eslint/no-unsafe-call": "off",
+			"@typescript-eslint/no-explicit-any": "off",
+			"@typescript-eslint/no-unnecessary-condition": "off"
 		}
-	}]
+	}
+]
 }

.github/workflows/dummy-deployment.yml

@@ -0,0 +1,24 @@
+name: "Dummy deployment"
+on:
+  workflow_dispatch:
+    inputs:
+      env:
+        description: 'The env the dummy deploy points to'
+        type: choice
+        options:
+          - development
+          - staging
+          - production
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    environment:
+      name: ${{ inputs.env }}
+    steps:
+    - name: 'Deploy'
+      id: deploy-dummy
+      run: |
+        echo "Deploy to $TARGET_ENV success"
+      env:
+        TARGET_ENV: ${{ inputs.env }}
+

.localstack/dynamodb.sh

@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-
+# DEPLOYMENT_HISTORY_CACHE_TABLE
 echo "===== creating dynamo table ${DYNAMO_DEPLOYMENT_HISTORY_CACHE_TABLE_NAME} ====="
 
 awslocal dynamodb create-table \
@@ -15,8 +15,27 @@ awslocal dynamodb create-table \
         ReadCapacityUnits=10,WriteCapacityUnits=5
 
 echo "===== table ${DYNAMO_DEPLOYMENT_HISTORY_CACHE_TABLE_NAME} created ====="
+
+# AUDIT_LOG_TABLE
+echo "===== creating dynamo table ${DYNAMO_AUDIT_LOG_TABLE_NAME} ====="
+
+awslocal dynamodb create-table \
+    --table-name $DYNAMO_AUDIT_LOG_TABLE_NAME \
+    --key-schema \
+      AttributeName=Id,KeyType=HASH \
+      AttributeName=CreatedAt,KeyType=RANGE \
+    --attribute-definitions \
+      AttributeName=Id,AttributeType=S \
+      AttributeName=CreatedAt,AttributeType=N \
+    --region $DYNAMO_AUDIT_LOG_TABLE_REGION \
+    --provisioned-throughput \
+        ReadCapacityUnits=10,WriteCapacityUnits=5
+
+echo "===== table ${DYNAMO_AUDIT_LOG_TABLE_NAME} created ====="
+
 echo "===== checking now ====="
 
+awslocal dynamodb list-tables --region $DYNAMO_AUDIT_LOG_TABLE_REGION
 awslocal dynamodb list-tables --region $DYNAMO_DEPLOYMENT_HISTORY_CACHE_TABLE_REGION
 
 echo "===== check finished ====="

docker-compose.yml

@@ -31,7 +31,9 @@ services:
     environment:
       - DEFAULT_REGION=us-west-1
       - DYNAMO_DEPLOYMENT_HISTORY_CACHE_TABLE_NAME=deployment-history-cache
+      - DYNAMO_AUDIT_LOG_TABLE_NAME=audit-log
       - DYNAMO_DEPLOYMENT_HISTORY_CACHE_TABLE_REGION=us-west-1
+      - DYNAMO_AUDIT_LOG_TABLE_REGION=us-west-1
       - LAMBDA_REMOTE_DOCKER=false
       - LAMBDA_EXECUTOR=local # runs lambda inside temp directory instead of new docker container
       - SQS_ENDPOINT_STRATEGY=off # sets the SQS queue domain/path to the legacy version

etc/poco/bundle/extras-prod-test.json

@@ -1,5 +1,55 @@
 {
   "tests": [
+		{
+			"name": "Allow Prod Backfill Cloud Critical Pollinator Test to call Get Audit Log endpoints",
+			"path": "/api/audit-log/subscription/12345",
+			"method": "GET",
+			"mechanism": "asap",
+			"principals": [
+				"pollinator-check/f24ec1a9-d03d-45c7-bbd8-f2094543eaba"
+			],
+			"allowed": true
+		},
+		{
+			"name": "Allow Prod Backfill GHE Critical Pollinator Test to call Get Audit Log endpoints",
+			"path": "/api/audit-log/subscription/12345",
+			"method": "GET",
+			"mechanism": "asap",
+			"principals": [
+				"pollinator-check/8692803e-287a-48e3-bad1-49a60a7a4f9d"
+			],
+			"allowed": true
+		},
+    {
+			"name": "Allow Prod Backfill Cloud Critical Pollinator Test to call Delete Installation endpoints",
+      "path": "/api/deleteInstallation/21266506/https%3A%2F%2Ffusion-arc-pollinator-staging-app.atlassian.net",
+      "method": "DELETE",
+      "mechanism": "asap",
+      "principals": [
+				"pollinator-check/f24ec1a9-d03d-45c7-bbd8-f2094543eaba"
+      ],
+      "allowed": true
+    },
+		{
+			"name": "Allow Prod Backfill GHE Critical Pollinator Test to call Delete Installation endpoints",
+			"path": "/api/deleteInstallation/21266506/https%3A%2F%2Ffusion-arc-pollinator-staging-app.atlassian.net",
+			"method": "DELETE",
+			"mechanism": "asap",
+			"principals": [
+				"pollinator-check/8692803e-287a-48e3-bad1-49a60a7a4f9d"
+			],
+			"allowed": true
+		},
+		{
+			"name": "Allow Prod Basic Check Critical Pollinator Test to call Get Audit Log endpoints",
+			"path": "/api/audit-log/subscription/255625",
+			"method": "GET",
+			"mechanism": "asap",
+			"principals": [
+				"pollinator-check/d4f03d07-12fe-4a69-9d68-c1841066772e"
+			],
+			"allowed": true
+		},
     {
       "name": "Allow pollinator test to call Delete Installation endpoints",
       "path": "/api/deleteInstallation/21266506/https%3A%2F%2Ffusion-arc-pollinator-staging-app.atlassian.net",
@@ -10,6 +60,16 @@
       ],
       "allowed": true
     },
+	{
+		"name": "Allow Prod Basic Check Critical Pollinator Test to call Delete Installation endpoints",
+		"path": "/api/deleteInstallation/44625349/https%3A%2F%2Ffusion-arc-pollinator-staging-app.atlassian.net",
+		"method": "DELETE",
+		"mechanism": "asap",
+		"principals": [
+			"pollinator-check/d4f03d07-12fe-4a69-9d68-c1841066772e"
+		],
+		"allowed": true
+	},
 		{
 			"name": "Allow pollinator test to call Delete Installation endpoints",
 			"path": "/api/deleteInstallation/21266506/https%3A%2F%2Ffusion-arc-pollinator-staging-app.atlassian.net",
@@ -50,6 +110,16 @@
 			],
 			"allowed": false
 		},
+		{
+			"name": "Allow Prod Basic Check Critical Pollinator Test to call other admin endpoints",
+			"path": "/api/jira/13453453/verify",
+			"method": "DELETE",
+			"mechanism": "asap",
+			"principals": [
+				"pollinator-check/d4f03d07-12fe-4a69-9d68-c1841066772e"
+			],
+			"allowed": false
+		},
 		{
 			"name": "Not allow Pollinator tests to call other Admin endpoints",
 			"path": "/api/jira/13453453/verify",
@@ -79,6 +149,36 @@
 				"pollinator-check/b33f33a7-c308-468e-a2a2-06c1f2443bfb"
 			],
 			"allowed": false
+		},
+		{
+			"name": "Allow Pollinator Pollinator test to call API configuration POST endpoint",
+			"path": "/api/configuration",
+			"method": "POST",
+			"mechanism": "asap",
+			"principals": [
+				"pollinator-check/98a88b09-1541-4c0d-aded-4f1cc467d1fd"
+			],
+			"allowed": true
+		},
+		{
+			"name": "Not allow Pollinator Pollinator test to call API configuration POST endpoint for any other principals",
+			"path": "/api/configuration",
+			"method": "POST",
+			"mechanism": "asap",
+			"principals": [
+				"pollinator-check/random-one"
+			],
+			"allowed": false
+		},
+		{
+			"name": "Not allow Pollinator Pollinator test to call any API configuration endpoint except POST",
+			"path": "/api/configuration",
+			"method": "GET",
+			"mechanism": "asap",
+			"principals": [
+				"pollinator-check/random-one"
+			],
+			"allowed": false
 		}
-  ]
+	]
 }

etc/poco/bundle/extras-prod.json

@@ -1,7 +1,7 @@
 {
   "allow": [
     {
-      "description": "Allow prod pollinator checks to call endpoints for testing",
+      "description": "Allow prod pollinator checks to call delete installation endpoints for testing",
       "paths": [
         "/api/deleteInstallation/**"
       ],
@@ -14,10 +14,47 @@
 						"pollinator-check/9d09aa37-c3e7-4b85-b86d-4d299ad54954",
 						"pollinator-check/d99d882f-74a9-4093-822a-9ddf38b5e523",
 						"pollinator-check/713bec45-18fb-48c7-b6c2-46e6e824caec",
-						"pollinator-check/b33f33a7-c308-468e-a2a2-06c1f2443bfb"
+						"pollinator-check/b33f33a7-c308-468e-a2a2-06c1f2443bfb",
+						"pollinator-check/f24ec1a9-d03d-45c7-bbd8-f2094543eaba",
+						"pollinator-check/8692803e-287a-48e3-bad1-49a60a7a4f9d",
+						"pollinator-check/d4f03d07-12fe-4a69-9d68-c1841066772e"
 					]
         }
       }
-    }
+    },
+		{
+			"description": "Allow prod pollinator checks to call view audit log endpoints for testing",
+			"paths": [
+				"/api/audit-log/**"
+			],
+			"methods": [
+				"GET"
+			],
+			"principals": {
+				"asap": {
+					"issuers": [
+						"pollinator-check/f24ec1a9-d03d-45c7-bbd8-f2094543eaba",
+						"pollinator-check/8692803e-287a-48e3-bad1-49a60a7a4f9d",
+						"pollinator-check/d4f03d07-12fe-4a69-9d68-c1841066772e"
+					]
+				}
+			}
+		},
+		{
+			"description": "Allow prod pollinator checks to call post configuration endpoints for testing",
+			"paths": [
+				"/api/configuration"
+			],
+			"methods": [
+				"POST"
+			],
+			"principals": {
+				"asap": {
+					"issuers": [
+						"pollinator-check/98a88b09-1541-4c0d-aded-4f1cc467d1fd"
+					]
+				}
+			}
+		}
   ]
 }