From 82c52241dc10c5d294ef8f9448dde3c8499a4be7 Mon Sep 17 00:00:00 2001 From: Zedd Shmais Date: Fri, 13 Dec 2024 12:58:25 -0600 Subject: [PATCH 1/2] remove extra slash in middleware endpoint and clean up (#486) --- .github/workflows/build-deploy-frontend.yml | 2 +- frontend/api/api.ts | 4 ++-- frontend/src/types/templates.ts | 5 ++--- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build-deploy-frontend.yml b/.github/workflows/build-deploy-frontend.yml index e36a2ca7..6d17e2b9 100644 --- a/.github/workflows/build-deploy-frontend.yml +++ b/.github/workflows/build-deploy-frontend.yml @@ -26,7 +26,7 @@ jobs: - uses: ./.github/actions/build-frontend name: Build frontend with: - api-endpoint: https://reportvision-ocr-${{ inputs.deploy-env }}.azurewebsites.net/ + api-endpoint: https://reportvision-ocr-${{ inputs.deploy-env }}.azurewebsites.net frontend-tarball: ./frontend.tgz frontend-path: ./frontend frontend-build-path: ./frontend/dist/ diff --git a/frontend/api/api.ts b/frontend/api/api.ts index f99dfaac..b0978eee 100644 --- a/frontend/api/api.ts +++ b/frontend/api/api.ts @@ -6,7 +6,7 @@ import { } from "./types/types"; const apiUrl = import.meta.env.VITE_API_URL || "http://localhost:8000/"; -const middlewareURL = import.meta.env.VITE_MIDDLEWARE_API_URL || "http://localhost:8000/"; +export const middlewareURL = import.meta.env.VITE_MIDDLEWARE_API_URL || "http://localhost:8000"; export const AlignImage = async ( args: AlignImageArgs, @@ -44,7 +44,7 @@ export const ImageToText = async ( labels: JSON.stringify(fieldNames), }); - const imageToTextURL = `${middlewareURL}api/image_file_to_text`; + const imageToTextURL = `${middlewareURL}/api/image_file_to_text`; try { const response = await fetch(imageToTextURL, { method: "POST", diff --git a/frontend/src/types/templates.ts b/frontend/src/types/templates.ts index d331a394..e0f29400 100644 --- a/frontend/src/types/templates.ts +++ b/frontend/src/types/templates.ts @@ -1,6 +1,7 @@ import { Organization, Page, User } from "./models.ts"; import { create } from "zustand"; import { Shape } from "react-image-label"; +import {middlewareURL} from "../../api/api.ts"; export interface Template { id: string; @@ -19,11 +20,9 @@ export interface Template { type TemplateStatus = "Completed" | "In Progress" | "Deprecated"; -const MIDDLEWARE_URL = - import.meta.env.VITE_MIDDLEWARE_API_URL || "http://localhost:8081"; export const TemplateAPI = { getTemplates: async (): Promise => { - const response = await fetch(`${MIDDLEWARE_URL}/templates`); + const response = await fetch(`${middlewareURL}/templates`); if (!response.ok) { throw new Error("Unable to fetch templates"); } From c75061f6ea965f73c28a2b012f6f49d79ef8637c Mon Sep 17 00:00:00 2001 From: Mary Crawford <29112142+marycrawford@users.noreply.github.com> Date: Fri, 13 Dec 2024 11:09:52 -0800 Subject: [PATCH 2/2] update app gateway with separate network and add WAF protections (#480) * update application gateway to include WAF protection * update appgw with WAF and separate networking * minor syntax corrections --------- Co-authored-by: marycrawford --- ops/terraform/locals.tf | 2 ++ ops/terraform/main.tf | 9 +++--- ops/terraform/modules/app_gateway/main.tf | 29 ++++++++++++------- .../modules/app_gateway/variables.tf | 4 +-- ops/terraform/modules/network/main.tf | 11 +++++++ ops/terraform/modules/network/outputs.tf | 5 ++++ ops/terraform/modules/network/variables.tf | 1 + 7 files changed, 45 insertions(+), 16 deletions(-) diff --git a/ops/terraform/locals.tf b/ops/terraform/locals.tf index 9f97e24c..b89969f8 100644 --- a/ops/terraform/locals.tf +++ b/ops/terraform/locals.tf @@ -14,6 +14,7 @@ locals { websubnetcidr = "10.0.3.0/24" lbsubnetcidr = "10.0.4.0/24" dbsubnetcidr = "10.0.5.0/24" + appgwsubnetcidr = "10.0.6.0/24" } } demo = { @@ -24,6 +25,7 @@ locals { websubnetcidr = "10.1.3.0/24" lbsubnetcidr = "10.1.4.0/24" dbsubnetcidr = "10.1.5.0/24" + appgwsubnetcidr = "10.1.6.0/24" } } } diff --git a/ops/terraform/main.tf b/ops/terraform/main.tf index 0d381b84..45d63fbb 100644 --- a/ops/terraform/main.tf +++ b/ops/terraform/main.tf @@ -19,6 +19,7 @@ module "networking" { ocrsubnetcidr = local.workspace["ocrsubnetcidr"] middlewaresubnetcidr = local.workspace["middlewaresubnetcidr"] dbsubnetcidr = local.workspace["dbsubnetcidr"] + appgwsubnetcidr = local.workspace["appgwsubnetcidr"] env = local.environment # The DNS zone and DNS link are managed inside the networking module. @@ -43,10 +44,10 @@ module "app_gateway" { resource_group_location = data.azurerm_resource_group.rg.location resource_group_name = data.azurerm_resource_group.rg.name - blob_endpoint = module.storage.primary_web_host - lb_subnet = module.networking.lbsubnet_id - tags = local.management_tags - env = local.environment + blob_endpoint = module.storage.primary_web_host + appgw_subnet_id = module.networking.appgwsubnet_id + tags = local.management_tags + env = local.environment fqdns_ocr = module.ocr_api.app_hostname fqdns_middleware = module.middleware_api.app_hostname diff --git a/ops/terraform/modules/app_gateway/main.tf b/ops/terraform/modules/app_gateway/main.tf index 2395b15b..ffe8e489 100644 --- a/ops/terraform/modules/app_gateway/main.tf +++ b/ops/terraform/modules/app_gateway/main.tf @@ -39,13 +39,27 @@ resource "azurerm_application_gateway" "load_balancer" { location = var.resource_group_location sku { - name = "Standard_v2" - tier = "Standard_v2" + name = "WAF_v2" + tier = "WAF_v2" # WAF tier depreciated, set to WAF_v2 tier + # capacity = 2 + } + + autoscale_configuration { + min_capacity = 2 + max_capacity = 5 + } + + # Enable Web Application Firewall + waf_configuration { + enabled = true + firewall_mode = "Prevention" # to block malicious traffic + rule_set_type = "OWASP" + rule_set_version = "3.2" } gateway_ip_configuration { - name = "${var.name}-gateway-ip-configuration" - subnet_id = var.lb_subnet + name = "${var.name}-gateway-ip-configuration-${var.env}" + subnet_id = var.appgw_subnet_id } # ------- Static ------------------------- @@ -272,9 +286,4 @@ resource "azurerm_application_gateway" "load_balancer" { } } } - - autoscale_configuration { - min_capacity = 0 - max_capacity = 5 - } -} \ No newline at end of file +} diff --git a/ops/terraform/modules/app_gateway/variables.tf b/ops/terraform/modules/app_gateway/variables.tf index 075aadd3..ed911168 100644 --- a/ops/terraform/modules/app_gateway/variables.tf +++ b/ops/terraform/modules/app_gateway/variables.tf @@ -1,7 +1,7 @@ variable "name" {} variable "resource_group_name" {} variable "resource_group_location" {} -variable "lb_subnet" {} +variable "appgw_subnet_id" {} variable "blob_endpoint" {} variable "tags" {} @@ -19,4 +19,4 @@ variable "ip_addresses" { type = list(string) default = [] } -variable "env" {} \ No newline at end of file +variable "env" {} diff --git a/ops/terraform/modules/network/main.tf b/ops/terraform/modules/network/main.tf index c498ef68..d36676fc 100644 --- a/ops/terraform/modules/network/main.tf +++ b/ops/terraform/modules/network/main.tf @@ -5,6 +5,17 @@ resource "azurerm_virtual_network" "vnet" { address_space = [var.vnetcidr] } +resource "azurerm_subnet" "appgw_subnet" { + name = "${var.name}-appgw-subnet-${var.env}" + virtual_network_name = azurerm_virtual_network.vnet.name + resource_group_name = var.resource_group + address_prefixes = [var.appgwsubnetcidr] + service_endpoints = [ + "Microsoft.Sql", + "Microsoft.Storage", + ] +} + resource "azurerm_subnet" "web-subnet" { name = "${var.name}-web-subnet-${var.env}" virtual_network_name = azurerm_virtual_network.vnet.name diff --git a/ops/terraform/modules/network/outputs.tf b/ops/terraform/modules/network/outputs.tf index ed901463..12f941da 100644 --- a/ops/terraform/modules/network/outputs.tf +++ b/ops/terraform/modules/network/outputs.tf @@ -8,6 +8,11 @@ output "websubnet_id" { description = "Id of websubnet in the network" } +output "appgwsubnet_id" { + value = azurerm_subnet.appgw_subnet.id + description = "ID of the appgwsubnet in the network" +} + output "dbsubnet_id" { value = azurerm_subnet.db-subnet.id description = "Id of dbsubnet in the network" diff --git a/ops/terraform/modules/network/variables.tf b/ops/terraform/modules/network/variables.tf index 7a8a63e3..79be04fb 100644 --- a/ops/terraform/modules/network/variables.tf +++ b/ops/terraform/modules/network/variables.tf @@ -7,6 +7,7 @@ variable "ocrsubnetcidr" {} variable "env" {} variable "middlewaresubnetcidr" {} variable "dbsubnetcidr" {} +variable "appgwsubnetcidr" {} variable "location" { default = "eastus2"