Skip to content

CDLUC3/mrt-admin-lambda

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1,252 Commits

.github/workflows

.github/workflows

 
 

.vscode

.vscode

 
 

cognito-lambda-nonvpc

cognito-lambda-nonvpc

 
 

merrit-billing

merrit-billing

 
 

mysql-ruby-lambda

mysql-ruby-lambda

 
 

simulate-lambda-alb

simulate-lambda-alb

 
 

src-admintool

src-admintool

 
 

src-colladmin

src-colladmin

 
 

src-common

src-common

 
 

src-testdriver

src-testdriver

 
 

.gitignore

.gitignore

 
 

.ruby-version

.ruby-version

 
 

README.md

README.md

 
 

admintool.yml

admintool.yml

 
 

cognito-lambda-deploy.sh

cognito-lambda-deploy.sh

 
 

colladmin-lambda-deploy.sh

colladmin-lambda-deploy.sh

 
 

colladmin.yml

colladmin.yml

 
 

docker-compose.yml

docker-compose.yml

 
 

lambda-deploy.sh

lambda-deploy.sh

 
 

local.yml

local.yml

 
 

run_bundle.sh

run_bundle.sh

 
 

Repository files navigation

Merritt Admin Tool

This library is part of the Merritt Preservation System.

Admin Tool Web Interface

Each Admin Lambda application functions as a simple web server displaying the pages for the application.

%%{init: {'theme': 'neutral', 'securityLevel': 'loose', 'themeVariables': {'fontFamily': 'arial'}}}%%
graph TD
  ADMIN([Admin Tool - Lambda])
  click ADMIN href "https://github.com/CDLUC3/mrt-admin-lambda" "source code"
  ADMINWEB[[Admin Tool - Browser]]
  click ADMINWEB href "https://github.com/CDLUC3/mrt-admin-lambda" "source code"
  WAF[Web application Firewall]
  COG[AWS Cognito User Auth]
  SAML[SAML Authentication]

  subgraph flowchart
    ALB --> ADMIN
    ADMIN --> |json| ALB
    ADMINWEB --> |2. ajax req for data| ALB
    ALB --> |3. json data| ADMINWEB
    ALB --> |1. retrieve web assets|ADMINWEB
    ALB --> |authorize| WAF
    ALB --> |authorize| COG
    COG --> SAML
  end
  style ADMIN stroke:red,stroke-width:4px
  style ADMINWEB stroke:red,stroke-width:4px
  style ALB fill:cyan
  style WAF fill:cyan
  style COG fill:cyan
  style SAML fill:cyan

Admin Tool Lambda

This code contains a generalized query tool for the Merritt team.

%%{init: {'theme': 'neutral', 'securityLevel': 'loose', 'themeVariables': {'fontFamily': 'arial'}}}%%
graph TD
  ADMIN([Admin Tool - Lambda])
  click ADMIN href "https://github.com/CDLUC3/mrt-admin-lambda" "source code"
  ADMINWEB[[Admin Tool - Browser]]
  click ADMINWEB href "https://github.com/CDLUC3/mrt-admin-lambda" "source code"
  WAF[Web application Firewall]
  COG[AWS Cognito User Auth]
  SAML[SAML Authentication]

  subgraph flowchart
    ALB --> ADMIN
    ADMIN --> |json| ALB
    ADMINWEB --> |2. ajax req for data| ALB
    ALB --> |3. json data| ADMINWEB
    ALB --> |1. retrieve web assets|ADMINWEB
    ALB --> |authorize| WAF
    ALB --> |authorize| COG
    COG --> SAML
  end
  style ADMIN stroke:red,stroke-width:4px
  style ADMINWEB stroke:red,stroke-width:4px
  style ALB fill:cyan
  style WAF fill:cyan
  style COG fill:cyan
  style SAML fill:cyan

Collection Admin Tool

%%{init: {'theme': 'neutral', 'securityLevel': 'loose', 'themeVariables': {'fontFamily': 'arial'}}}%%
graph TD
  RDSINV[(Inventory Database)]
  COLLADMIN([Collection Admin - Lambda])
  click COLLADMIN href "https://github.com/CDLUC3/mrt-admin-lambda" "source code"
  ADMINWEB[[Admin Tool - Browser]]
  click ADMINWEB href "https://github.com/CDLUC3/mrt-admin-lambda" "source code"
  COGLAMB([Cognito API Lambda])
  click COGLAMB href "https://github.com/CDLUC3/mrt-admin-lambda/cognito-lambda-nonvpc" "source code"
  WAF[Web application Firewall]
  COG[AWS Cognito User Auth]
  SAML[SAML Authentication]
  ECR[ECR Hosted Lambda Image]
  ING(Ingest)
  INV(Inventory)
  STORE(Storage)
  REP(Replication)
  click ING href "https://github.com/CDLUC3/mrt-ingest" "source code"
  ZOOING>Zookeeper Ingest]
  click ZOOING href "https://github.com/CDLUC3/mrt-zoo" "source code"
  LDAP[/LDAP\]
  ZOOINV>Zookeeper Inventory]
  ZOOACC>Zookeeper Access]
  S3RPT[[S3 Report Bucket - TBD]]

  subgraph flowchart
    COLLADMIN --> |"query / update"| RDSINV
    COLLADMIN --> |html/json| ALB
    ADMINWEB --> |page requests/ajax| ALB
    ALB --> |html/json| ADMINWEB
    ALB --> |authorize| WAF
    ALB --> |authorize| COG
    ECR --> COLLADMIN
    COLLADMIN --> ING
    COLLADMIN --> REP
    COLLADMIN --> STORE
    COLLADMIN --> INV
    COLLADMIN --> LDAP
    COLLADMIN --> S3RPT
    COLLADMIN --> COGLAMB
    COGLAMB --> |user management| COG
    COG --> SAML
    ING --> ZOOING
    ING --> ZOOINV
    ING --> ZOOACC
  end
  
  style RDSINV fill:#F68D2F
  style COLLADMIN stroke:red,stroke-width:4px
  style ADMINWEB stroke:red,stroke-width:4px
  style ALB fill:cyan
  style WAF fill:cyan
  style COG fill:cyan
  style ECR fill:cyan
  style ZOOING fill:cyan
  style ZOOINV fill:cyan
  style ZOOACC fill:cyan
  style LDAP fill:cyan
  style S3RPT fill:#77913C
  style SAML fill:cyan
  style COGLAMB fill:yellow

The Lambda deployment will pull database credentials from AWS SSM. SSM Parameters will be explicitly granted to the Lambda. The lambda will be packaged as a docker image built from mysql-ruby-lambda.

For testing purposes, another docker image will be run to simulate the ALB interface to the lambda. See simulate-lambda-alb. The files docker-compose.yml and admintool.yml will facilitate application testing.

The Lambda code is deployed to the Ruby 2.7 environment. A build process is required to prepare a deployment zip file for Lambda.

Directories

  • mysql-ruby-lambda
    • base image for the lambda code
  • simulate-lambda-alb
    • docker image to facilitate localhost testing with docker-compose
  • src-admintool: Admintool Lambda source code
  • src-colladmin: Collection Admin Lambda source code
  • src-common: Code common to both Admin Tool and CollAdmin Tool
    • web: web resources served from the lambda
  • cognito-lambda-nonvpc: Wrapper around the Cognito API (used by Colladmin)
    • Cognito API calls cannot be made directly from the VPC

Deployment Preparation

  • This code relies on a set of SSM parameters to control the application.
  • https://github.com/CDLUC3/uc3-aws-cli contains the code for reading Merritt SSM parameters.
  • Lambda Image Push/Deploy variables

Deploy the Lambda Code

The following script should be run from a host that is authorized to

  • push to ECR
  • deploy to Lambda.

Deploy Scripts

This will build a docker image, push it to ECR, and update lambda to use the new image.

This script requires SSM parameters to be configured. Requires lambda update function permissions.

This script requires aws cli V2 in order to deploy a docker image to lambda.

  • The host running this script needs to be able to push to ECR and to update a lambda.

Automated Testing

This may be performed from a DEV box against Stage instances.

cd src-testdriver
bundle exec rspec

Local Testing

Placeholder Lambda Testing

docker-compose -f docker-compose.yml up -d

Admin Tool (from server with SSM)

docker-compose -f docker-compose.yml -f admintool.yml up -d

Collection Admin Tool (from server with SSM)

docker-compose -f docker-compose.yml -f colladmin.yml up -d

Collection Admin Tool (from desktop without SSM)

docker-compose -f docker-compose.yml -f colladmin.yml -f local.yml up -d

Open the following URL to test.

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

7 watching

Forks

0 forks
Report repository

Releases 1

Freeze code lines referenced at techx Latest
Sep 16, 2021

Packages

No packages published

Contributors 5

Languages