Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AWS TLS backend updates #1286

Closed
wants to merge 7 commits into from
Closed

AWS TLS backend updates #1286

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
5d404e6
Boilerplate for getting AWS certs
david-rocca Sep 23, 2024
aa6c555
wget needs a -P to do what I wanted. I forgot.
david-rocca Sep 23, 2024
9efc49d
added code to read the file.
david-rocca Sep 26, 2024
4a98eeb
add aws cert flag to default.json docker
david-rocca Sep 27, 2024
944fc71
unify names
david-rocca Oct 22, 2024
d9a77ee
removing obsolete stuff
david-rocca Oct 22, 2024
3805723
Fail if 'Serving on port' was not found within 60 seconds of polling …
david-rocca Oct 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .env
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,4 @@ PORT = 3000
LOCAL_KEY=TCF25YM-39C4H6D-KA32EGF-V5XSHN3
RATE_LIMIT_WINDOW_SECONDS=60
RATE_LIMIT_MAX_CONNECTIONS=1000
useAWSCert=false
16 changes: 15 additions & 1 deletion .github/workflows/test-integration.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,21 @@ jobs:
docker compose --file docker/docker-compose.yml build
docker compose --file docker/docker-compose.yml up -d
- name: Sleep
run: bash -c "while ! docker compose --file docker/docker-compose.yml logs --tail=10 cveawg | grep -q 'Serving on port'; do sleep 1; done"
run: |
dockercompose="docker compose --file docker/docker-compose.yml"
attempts=60
while ! $dockercompose logs cveawg | grep -q 'Serving on port'; do
attempts=$(expr $attempts - 1)
if [ $($dockercompose ps --status running -q | wc -l) -eq 2 ] && [ $attempts -gt 0 ]; then
sleep 1
$dockercompose logs || true
continue
fi
$dockercompose ps || true
$dockercompose logs || true
echo "==== COULD NOT FIND 'Serving on port' in cveawg output OR one of the services died ====" 1>&2
exit 1
done
- name: Run Tests
run: docker compose -f docker/docker-compose.yml exec -T cveawg npm run test:integration
continue-on-error: false
1 change: 1 addition & 0 deletions config/default.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
"port": 27017
},
"development": {
"useAWSCert": false,
"database": "cve_dev",
"host": "localhost",
"port": 27017
Expand Down
1 change: 1 addition & 0 deletions docker/.docker-env.example
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,4 @@ MONGO_HOST=docdb
MONGO_PORT=27017
NODE_ENV=development
PORT=3000
useAWSCert=false
1 change: 1 addition & 0 deletions docker/.docker-env.int-example
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,4 @@ MONGO_HOST=docdb
MONGO_PORT=27017
NODE_ENV=integration
PORT=3000
useAWSCert=false
1 change: 1 addition & 0 deletions docker/.docker-env.test-example
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,4 @@ MONGO_PORT=27017
NODE_ENV=development
PORT=3000
TEST_PORT=3001
useAWSCert=false
1 change: 1 addition & 0 deletions docker/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ WORKDIR /home/node/app

RUN npm install --production
COPY --chown=node:node docker/entrypoint.sh /home/node/app/entrypoint.sh
RUN wget https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem -P /home/node/app/config/
RUN echo '{}' > /home/node/app/config/dev.json
RUN echo '{}' > /home/node/app/config/test.json
RUN echo '{}' > /home/node/app/config/staging.json
Expand Down
1 change: 1 addition & 0 deletions docker/default.json-docker
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
"port": 27017
},
"development": {
"useAWSCert": true,
"database": "cve_dev",
"host": "docdb",
"port": 27017
Expand Down
1 change: 0 additions & 1 deletion docker/docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
version: '3'
services:
docdb:
# use a mongo image that most closely matches the DocumentDB API
Expand Down
45 changes: 39 additions & 6 deletions src/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ const app = express()
const helmet = require('helmet')
const mongoose = require('mongoose')
const morgan = require('morgan')
const path = require('path')
const fs = require('fs')

const configureRoutes = require('./routes.config')
const dbUtils = require('./utils/db')
Expand Down Expand Up @@ -46,14 +48,45 @@ app.use((req, res, next) => {
res.status(404).json(error.notFound())
})

console.log('Checking for AWS cert file')
const appEnv = process.env.NODE_ENV
console.log(appEnv)
var awsCERTFile = false
console.log('check')
console.log(process.env.useAWSCert)
if (process.env.useAWSCert.toLocaleLowerCase() === 'true') {
console.log('detecting env')
console.log(process.env.useAWSCert)
awsCERTFile = process.env.useAWSCert
} else {
awsCERTFile = config.has(`${process.env}.useAWSCert`) ? config.get(`${process.env}.useAWSCert`) : false
console.log('HAS')
console.log(config.has(`${process.env}.useAWSCert`))
console.log('in if checker')
console.log(awsCERTFile)
}

// Connect to MongoDB database
const dbConnectionStr = dbUtils.getMongoConnectionString()
mongoose.connect(dbConnectionStr, {
useNewUrlParser: true,
useUnifiedTopology: true,
useFindAndModify: false,
useCreateIndex: true
})
if (awsCERTFile && awsCERTFile.toLocaleLowerCase() === 'true' && appEnv.toLocaleLowerCase() !== 'test') {
const ca = [fs.readFileSync(path.join(__dirname, 'config/global-bundle.pem'))]
mongoose.connect(dbConnectionStr, {
useNewUrlParser: true,
useUnifiedTopology: true,
useFindAndModify: false,
useCreateIndex: true,
ssl: true,
sslCA: ca
})
} else {
console.log('NOT USING AWS CERT FILE')
mongoose.connect(dbConnectionStr, {
useNewUrlParser: true,
useUnifiedTopology: true,
useFindAndModify: false,
useCreateIndex: true
})
}

// database connection
const db = mongoose.connection
Expand Down
1 change: 0 additions & 1 deletion test-http/docker/docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
version: '3'
services:
demon:
container_name: demon
Expand Down
Loading