From 31a1a992a00d5bb4e84e751334759581f96a5ef6 Mon Sep 17 00:00:00 2001 From: Sukhpal <6563909+sukhpalp@users.noreply.github.com> Date: Tue, 23 Apr 2024 11:24:44 -0700 Subject: [PATCH 1/6] Update iOS and Android URLs --- .github/workflows/android.yml | 8 ++++---- .github/workflows/ios.yml | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/android.yml b/.github/workflows/android.yml index 2ff118d13a..35381f7e3c 100644 --- a/.github/workflows/android.yml +++ b/.github/workflows/android.yml @@ -89,13 +89,13 @@ jobs: files: ${{ env.APP_CONFIG_FILE }} env: # From config.jsp - AGOL_ACTIVE_FIRES: ${{ vars.AGOL_ACTIVE_FIRES }} + AGOL_ACTIVE_FIRES: https://services6.${{ vars.TARGET_ENV }}.bcwildfireservices.com${{ vars.AGOL_ACTIVE_FIRES }} AGOL_AREA_RESTRICTIONS: ${{ vars.AGOL_AREA_RESTRICTIONS }} AGOL_BANS_AND_PROHIBITIONS: ${{ vars.AGOL_BANS_AND_PROHIBITIONS }} AGOL_DANGER_RATINGS: ${{ vars.AGOL_DANGER_RATINGS }} - AGOL_EVAC_ORDERS: ${{ vars.AGOL_EVAC_ORDERS }} - AGOL_FIRE_CENTRES: ${{ vars.AGOL_FIRE_CENTRES }} - AGOL_PERIMETRES: ${{ vars.AGOL_PERIMETRES }} + AGOL_EVAC_ORDERS: https://services6.${{ vars.TARGET_ENV }}.bcwildfireservices.com${{ vars.AGOL_EVAC_ORDERS }} + AGOL_FIRE_CENTRES: https://services6.${{ vars.TARGET_ENV }}.bcwildfireservices.com${{ vars.AGOL_FIRE_CENTRES }} + AGOL_PERIMETRES: https://services6.${{ vars.TARGET_ENV }}.bcwildfireservices.com${{ vars.AGOL_PERIMETRES }} AGOL_URL: ${{ vars.AGOL_URL }} APP_STORE_URL: ${{ vars.APP_STORE_URL }} APPLICATION_ACRONYM: ${{ vars.APPLICATION_ACRONYM }} diff --git a/.github/workflows/ios.yml b/.github/workflows/ios.yml index ecee9e03bc..4c73ebde67 100644 --- a/.github/workflows/ios.yml +++ b/.github/workflows/ios.yml @@ -72,13 +72,13 @@ jobs: files: ${{ env.APP_CONFIG_FILE }} env: # From config.jsp - AGOL_ACTIVE_FIRES: ${{ vars.AGOL_ACTIVE_FIRES }} + AGOL_ACTIVE_FIRES: https://services6.${{ vars.TARGET_ENV }}.bcwildfireservices.com${{ vars.AGOL_ACTIVE_FIRES }} AGOL_AREA_RESTRICTIONS: ${{ vars.AGOL_AREA_RESTRICTIONS }} AGOL_BANS_AND_PROHIBITIONS: ${{ vars.AGOL_BANS_AND_PROHIBITIONS }} AGOL_DANGER_RATINGS: ${{ vars.AGOL_DANGER_RATINGS }} - AGOL_EVAC_ORDERS: ${{ vars.AGOL_EVAC_ORDERS }} - AGOL_FIRE_CENTRES: ${{ vars.AGOL_FIRE_CENTRES }} - AGOL_PERIMETRES: ${{ vars.AGOL_PERIMETRES }} + AGOL_EVAC_ORDERS: https://services6.${{ vars.TARGET_ENV }}.bcwildfireservices.com${{ vars.AGOL_EVAC_ORDERS }} + AGOL_FIRE_CENTRES: https://services6.${{ vars.TARGET_ENV }}.bcwildfireservices.com${{ vars.AGOL_FIRE_CENTRES }} + AGOL_PERIMETRES: https://services6.${{ vars.TARGET_ENV }}.bcwildfireservices.com${{ vars.AGOL_PERIMETRES }} AGOL_URL: ${{ vars.AGOL_URL }} APP_STORE_URL: ${{ vars.APP_STORE_URL }} APPLICATION_ACRONYM: ${{ vars.APPLICATION_ACRONYM }} From 27cc602ac394dcdda94f307af1b7e5bdb6a700b5 Mon Sep 17 00:00:00 2001 From: Sukhpal <6563909+sukhpalp@users.noreply.github.com> Date: Tue, 23 Apr 2024 11:28:25 -0700 Subject: [PATCH 2/6] Terraform fixes --- terraform/cloudfront.tf | 2 +- terraform/ecs.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/cloudfront.tf b/terraform/cloudfront.tf index 0918ad918a..cad37a39fb 100644 --- a/terraform/cloudfront.tf +++ b/terraform/cloudfront.tf @@ -892,7 +892,7 @@ resource "aws_cloudfront_distribution" "wfnews_openmaps_cache" { domain_name = var.target_env == "prod" ? "openmaps.gov.bc.ca" : "test.openmaps.gov.bc.ca" origin_id = "wfnews_openmaps_cache_${var.target_env}" - + origin_path = "/geo/pub/ows" } enabled = true diff --git a/terraform/ecs.tf b/terraform/ecs.tf index dfbee7a9c9..0b04e3c43c 100644 --- a/terraform/ecs.tf +++ b/terraform/ecs.tf @@ -382,7 +382,7 @@ resource "aws_ecs_task_definition" "wfnews_client" { }, { name = "OPENMAPS_BASE_URL", - value = var.openmapsBaseUrl + value = "https://${aws_route53_record.wfnews_openmaps_cache.name}" }, { name = "SERVICES6_BASE_URL", From 2d1045c509213fc59b5ce64da31d08d104335b70 Mon Sep 17 00:00:00 2001 From: Sukhpal <6563909+sukhpalp@users.noreply.github.com> Date: Tue, 23 Apr 2024 11:48:23 -0700 Subject: [PATCH 3/6] Lambda folder rename --- .github/workflows/lambda-zip.yml | 4 ++-- .../{wfnews-cache-invalidator => nodejs}/.npmignore | 0 .../{wfnews-cache-invalidator => nodejs}/app.js | 0 .../{wfnews-cache-invalidator => nodejs}/package.json | 0 .../tests/unit/test-handler.js | 0 lambda/cache-invalidator/template.yaml | 2 +- lambda/deploy.ps1 | 2 +- 7 files changed, 4 insertions(+), 4 deletions(-) rename lambda/cache-invalidator/{wfnews-cache-invalidator => nodejs}/.npmignore (100%) rename lambda/cache-invalidator/{wfnews-cache-invalidator => nodejs}/app.js (100%) rename lambda/cache-invalidator/{wfnews-cache-invalidator => nodejs}/package.json (100%) rename lambda/cache-invalidator/{wfnews-cache-invalidator => nodejs}/tests/unit/test-handler.js (100%) diff --git a/.github/workflows/lambda-zip.yml b/.github/workflows/lambda-zip.yml index 0386937a8c..550d45f141 100644 --- a/.github/workflows/lambda-zip.yml +++ b/.github/workflows/lambda-zip.yml @@ -48,12 +48,12 @@ jobs: - name: run npm install for cache invalidator run: | - cd lambda/cache-invalidator/wfnews-cache-invalidator + cd lambda/cache-invalidator/nodejs npm install - uses: montudor/action-zip@v1 with: - args: zip -qq -r wfnews-cache-invalidator.zip lambda/cache-invalidator/wfnews-cache-invalidator + args: zip -qq -r wfnews-cache-invalidator.zip lambda/cache-invalidator/nodejs - name: Make staging directory, copy files run: | diff --git a/lambda/cache-invalidator/wfnews-cache-invalidator/.npmignore b/lambda/cache-invalidator/nodejs/.npmignore similarity index 100% rename from lambda/cache-invalidator/wfnews-cache-invalidator/.npmignore rename to lambda/cache-invalidator/nodejs/.npmignore diff --git a/lambda/cache-invalidator/wfnews-cache-invalidator/app.js b/lambda/cache-invalidator/nodejs/app.js similarity index 100% rename from lambda/cache-invalidator/wfnews-cache-invalidator/app.js rename to lambda/cache-invalidator/nodejs/app.js diff --git a/lambda/cache-invalidator/wfnews-cache-invalidator/package.json b/lambda/cache-invalidator/nodejs/package.json similarity index 100% rename from lambda/cache-invalidator/wfnews-cache-invalidator/package.json rename to lambda/cache-invalidator/nodejs/package.json diff --git a/lambda/cache-invalidator/wfnews-cache-invalidator/tests/unit/test-handler.js b/lambda/cache-invalidator/nodejs/tests/unit/test-handler.js similarity index 100% rename from lambda/cache-invalidator/wfnews-cache-invalidator/tests/unit/test-handler.js rename to lambda/cache-invalidator/nodejs/tests/unit/test-handler.js diff --git a/lambda/cache-invalidator/template.yaml b/lambda/cache-invalidator/template.yaml index 30d3a54ca0..ea4e0a2c0f 100644 --- a/lambda/cache-invalidator/template.yaml +++ b/lambda/cache-invalidator/template.yaml @@ -16,7 +16,7 @@ Resources: Properties: CodeUri: wfnews-cache-invalidator/ Handler: app.lambdaHandler - Runtime: nodejs14.x + Runtime: nodejs18.x Architectures: - x86_64 Events: diff --git a/lambda/deploy.ps1 b/lambda/deploy.ps1 index 7e361cd04e..07bce43403 100644 --- a/lambda/deploy.ps1 +++ b/lambda/deploy.ps1 @@ -30,7 +30,7 @@ $activeFireLambdas = $rootFolder+"\active-fire-monitor\active_fire" $areaRestrictionsLambdas = $rootFolder+"\area-restrictions-monitor\area-restrictions" $bansProhibitionsLambdas = $rootFolder+"\bans-and-prohibitions-monitor\bans-and-prohibitions" $evacOrdersLambdas = $rootFolder+"\evacuation-orders-monitor\evacuation-orders" -$cacheInvalidatorLambdas = $rootFolder+"\cache-invalidator\wfnews-cache-invalidator" +$cacheInvalidatorLambdas = $rootFolder+"\cache-invalidator\nodejs" $terraform = $rootFolder+"\terraform" From f78220255da7aeb793ea9ac8283d98fdb41e4938 Mon Sep 17 00:00:00 2001 From: Sukhpal <6563909+sukhpalp@users.noreply.github.com> Date: Tue, 23 Apr 2024 12:17:41 -0700 Subject: [PATCH 4/6] Add CORS block for Cloudfront configs --- terraform/cloudfront.tf | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/terraform/cloudfront.tf b/terraform/cloudfront.tf index cad37a39fb..98644def68 100644 --- a/terraform/cloudfront.tf +++ b/terraform/cloudfront.tf @@ -1025,6 +1025,23 @@ output "wfnews_cloudfront_nginx_url" { resource "aws_cloudfront_response_headers_policy" "cache_control_reponse_headers" { name = "cache-control-response-headers-${var.target_env}" + cors_config { + access_control_allow_credentials = false + + access_control_allow_headers { + items = [] + } + + access_control_allow_methods { + items = ["GET", "HEAD", "OPTIONS"] + } + + access_control_allow_origins { + items = ["*"] + } + + origin_override = true + } custom_headers_config { items { From c159ddd468a0369566c3ff4b60c34182b3b23581 Mon Sep 17 00:00:00 2001 From: Sukhpal <6563909+sukhpalp@users.noreply.github.com> Date: Tue, 23 Apr 2024 12:19:56 -0700 Subject: [PATCH 5/6] Typo fix --- terraform/cloudfront.tf | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/terraform/cloudfront.tf b/terraform/cloudfront.tf index 98644def68..c0fe479b28 100644 --- a/terraform/cloudfront.tf +++ b/terraform/cloudfront.tf @@ -69,7 +69,7 @@ resource "aws_cloudfront_distribution" "wfnews_geofencing_client" { default_ttl = 300 max_ttl = 86400 - response_headers_policy_id = aws_cloudfront_response_headers_policy.cache_control_reponse_headers.id + response_headers_policy_id = aws_cloudfront_response_headers_policy.cache_control_response_headers.id } ordered_cache_behavior { @@ -219,7 +219,7 @@ resource "aws_cloudfront_distribution" "wfnews_geofencing_server" { } } - response_headers_policy_id = aws_cloudfront_response_headers_policy.cache_control_reponse_headers.id + response_headers_policy_id = aws_cloudfront_response_headers_policy.cache_control_response_headers.id viewer_protocol_policy = "redirect-to-https" min_ttl = 0 @@ -327,7 +327,7 @@ resource "aws_cloudfront_distribution" "wfnews_geofencing_nginx" { } } - response_headers_policy_id = aws_cloudfront_response_headers_policy.cache_control_reponse_headers.id + response_headers_policy_id = aws_cloudfront_response_headers_policy.cache_control_response_headers.id viewer_protocol_policy = "redirect-to-https" min_ttl = 0 @@ -344,7 +344,7 @@ resource "aws_cloudfront_distribution" "wfnews_geofencing_nginx" { viewer_protocol_policy = "redirect-to-https" cache_policy_id = "658327ea-f89d-4fab-a63d-7e88639e58f6" - response_headers_policy_id = aws_cloudfront_response_headers_policy.cache_control_reponse_headers.id + response_headers_policy_id = aws_cloudfront_response_headers_policy.cache_control_response_headers.id } ordered_cache_behavior { @@ -447,7 +447,7 @@ resource "aws_cloudfront_distribution" "wfnews_geofencing_gov_client" { } } - response_headers_policy_id = aws_cloudfront_response_headers_policy.cache_control_reponse_headers.id + response_headers_policy_id = aws_cloudfront_response_headers_policy.cache_control_response_headers.id viewer_protocol_policy = "redirect-to-https" min_ttl = 0 @@ -545,7 +545,7 @@ resource "aws_cloudfront_distribution" "wfnews_geofencing_gov_api" { target_origin_id = "wfnews_nginx_gov_${var.target_env}" - response_headers_policy_id = aws_cloudfront_response_headers_policy.cache_control_reponse_headers.id + response_headers_policy_id = aws_cloudfront_response_headers_policy.cache_control_response_headers.id forwarded_values { query_string = true @@ -661,7 +661,7 @@ resource "aws_cloudfront_distribution" "wfss_pointid_api" { target_origin_id = "wfss_pointid_api_${var.target_env}" - response_headers_policy_id = aws_cloudfront_response_headers_policy.cache_control_reponse_headers.id + response_headers_policy_id = aws_cloudfront_response_headers_policy.cache_control_response_headers.id forwarded_values { query_string = true @@ -760,7 +760,7 @@ resource "aws_cloudfront_distribution" "wfone_notifications_api" { target_origin_id = "wfone_notifications_api_${var.target_env}" - response_headers_policy_id = aws_cloudfront_response_headers_policy.cache_control_reponse_headers.id + response_headers_policy_id = aws_cloudfront_response_headers_policy.cache_control_response_headers.id forwarded_values { query_string = true @@ -848,7 +848,7 @@ resource "aws_cloudfront_distribution" "wfnews_redirect_receiver" { } } - response_headers_policy_id = aws_cloudfront_response_headers_policy.cache_control_reponse_headers.id + response_headers_policy_id = aws_cloudfront_response_headers_policy.cache_control_response_headers.id viewer_protocol_policy = "redirect-to-https" min_ttl = 0 @@ -917,7 +917,7 @@ resource "aws_cloudfront_distribution" "wfnews_openmaps_cache" { } } - response_headers_policy_id = aws_cloudfront_response_headers_policy.cache_control_reponse_headers.id + response_headers_policy_id = aws_cloudfront_response_headers_policy.cache_control_response_headers.id viewer_protocol_policy = "redirect-to-https" min_ttl = 0 @@ -986,7 +986,7 @@ resource "aws_cloudfront_distribution" "wfnews_services6_cache" { } } - response_headers_policy_id = aws_cloudfront_response_headers_policy.cache_control_reponse_headers.id + response_headers_policy_id = aws_cloudfront_response_headers_policy.cache_control_response_headers.id viewer_protocol_policy = "redirect-to-https" min_ttl = 0 @@ -1023,7 +1023,7 @@ output "wfnews_cloudfront_nginx_url" { value = "https://${aws_cloudfront_distribution.wfnews_geofencing_nginx[0].domain_name}" } -resource "aws_cloudfront_response_headers_policy" "cache_control_reponse_headers" { +resource "aws_cloudfront_response_headers_policy" "cache_control_response_headers" { name = "cache-control-response-headers-${var.target_env}" cors_config { access_control_allow_credentials = false From 2a55fcaa38b10b43a3eb60c4ce1d8fdc8dad02a0 Mon Sep 17 00:00:00 2001 From: Sukhpal <6563909+sukhpalp@users.noreply.github.com> Date: Tue, 23 Apr 2024 12:25:25 -0700 Subject: [PATCH 6/6] Add max age --- terraform/cloudfront.tf | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/terraform/cloudfront.tf b/terraform/cloudfront.tf index c0fe479b28..fd7ab633f7 100644 --- a/terraform/cloudfront.tf +++ b/terraform/cloudfront.tf @@ -1029,7 +1029,7 @@ resource "aws_cloudfront_response_headers_policy" "cache_control_response_header access_control_allow_credentials = false access_control_allow_headers { - items = [] + items = ["*"] } access_control_allow_methods { @@ -1039,6 +1039,8 @@ resource "aws_cloudfront_response_headers_policy" "cache_control_response_header access_control_allow_origins { items = ["*"] } + + access_control_max_age_sec = 300 origin_override = true }