Merge branch 'dev' into AG-1622-mixed-content-error

Sage-Bionetworks-IT · Jan 28, 2025 · 0039828 · 0039828
2 parents 1d8e8d4 + 1b46383
commit 0039828
Show file tree

Hide file tree

Showing 13 changed files with 230 additions and 113 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -1 +1 @@
-*  @Sage-Bionetworks-IT/sagebio-it @Sage-Bionetworks-IT/infra-oversight-committee
+*  @Sage-Bionetworks-IT/infra-oversight-committee @Sage-Bionetworks-IT/agora-admin
diff --git a/.github/workflows/deploy-dev.yaml b/.github/workflows/deploy-dev.yaml
@@ -1,15 +1,14 @@
 name: deploy-dev
 
 on:
-  workflow_run:
-    workflows:
-      - check
-    types:
-      - completed
-    branches:
-      - dev
+  push:
+    branches: ['dev']
 
 jobs:
+  test:
+    uses: ./.github/workflows/test.yaml
+    with:
+      environment: dev
   aws-deploy:
     uses: "./.github/workflows/aws-deploy.yaml"
     with:

diff --git a/.github/workflows/deploy-prod.yaml b/.github/workflows/deploy-prod.yaml
@@ -1,15 +1,14 @@
 name: deploy-prod
 
 on:
-  workflow_run:
-    workflows:
-      - check
-    types:
-      - completed
-    branches:
-      - prod
+  push:
+    branches: ['prod']
 
 jobs:
+  test:
+    uses: ./.github/workflows/test.yaml
+    with:
+      environment: prod
   aws-deploy:
     uses: "./.github/workflows/aws-deploy.yaml"
     with:

diff --git a/.github/workflows/deploy-stage.yaml b/.github/workflows/deploy-stage.yaml
@@ -1,15 +1,14 @@
 name: deploy-stage
 
 on:
-  workflow_run:
-    workflows:
-      - check
-    types:
-      - completed
-    branches:
-      - stage
+  push:
+    branches: ['stage']
 
 jobs:
+  test:
+    uses: ./.github/workflows/test.yaml
+    with:
+      environment: stage
   aws-deploy:
     uses: "./.github/workflows/aws-deploy.yaml"
     with:

diff --git a/.github/workflows/pr-check.yaml b/.github/workflows/pr-check.yaml
@@ -0,0 +1,11 @@
+name: pr-check
+
+on:
+  pull_request:
+    branches: ['*']
+
+jobs:
+  test:
+    uses: ./.github/workflows/test.yaml
+    with:
+      environment: dev
diff --git a/.github/workflows/check.yml → .github/workflows/test.yaml b/.github/workflows/check.yml → .github/workflows/test.yaml
@@ -1,11 +1,11 @@
-name: check
+name: test
 
 on:
-  pull_request:
-    branches: ['*']
-  push:
-    branches: ['*']
-
+  workflow_call:
+    inputs:
+      environment:
+        required: true
+        type: string
 jobs:
   unit-tests:
     runs-on: ubuntu-latest
@@ -26,7 +26,7 @@ jobs:
       - name: Generate cloudformation
         uses: youyo/aws-cdk-github-actions@v2
         env:
-          ENV: dev
+          ENV: ${{ inputs.environment }}
         with:
           cdk_subcommand: 'synth'
           actions_comment: false

diff --git a/app.py b/app.py
@@ -1,12 +1,15 @@
 from os import environ
 
 import aws_cdk as cdk
+from aws_cdk import aws_ec2 as ec2
 
 from src.ecs_stack import EcsStack
 from src.load_balancer_stack import LoadBalancerStack
 from src.network_stack import NetworkStack
-from src.service_props import ServiceProps, ContainerVolume
+from src.service_props import ServiceProps, ServiceSecret
 from src.service_stack import LoadBalancedServiceStack, ServiceStack
+from src.docdb_props import DocdbProps
+from src.docdb_stack import DocdbStack
 
 # get the environment and set environment specific variables
 VALID_ENVIRONMENTS = ["dev", "stage", "prod"]
@@ -17,21 +20,21 @@
             "VPC_CIDR": "10.254.174.0/24",
             "FQDN": "prod.agora.io",
             "CERTIFICATE_ARN": "arn:aws:acm:us-east-1:681175625864:certificate/69b3ba97-b382-4648-8f94-a250b77b4994",
-            "TAGS": {"CostCenter": "NO PROGRAM / 000000"},
+            "TAGS": {"CostCenter": "Agora / 112300"},
         }
     case "stage":
         environment_variables = {
             "VPC_CIDR": "10.254.173.0/24",
             "FQDN": "stage.agora.io",
             "CERTIFICATE_ARN": "arn:aws:acm:us-east-1:681175625864:certificate/69b3ba97-b382-4648-8f94-a250b77b4994",
-            "TAGS": {"CostCenter": "NO PROGRAM / 000000"},
+            "TAGS": {"CostCenter": "Agora / 112300"},
         }
     case "dev":
         environment_variables = {
             "VPC_CIDR": "10.254.172.0/24",
             "FQDN": "dev.agora.io",
             "CERTIFICATE_ARN": "arn:aws:acm:us-east-1:607346494281:certificate/e8093404-7db1-4042-90d0-01eb5bde1ffc",
-            "TAGS": {"CostCenter": "NO PROGRAM / 000000"},
+            "TAGS": {"CostCenter": "Agora / 112300"},
         }
     case _:
         valid_envs_str = ",".join(VALID_ENVIRONMENTS)
@@ -42,7 +45,9 @@
 stack_name_prefix = f"agora-{environment}"
 fully_qualified_domain_name = environment_variables["FQDN"]
 environment_tags = environment_variables["TAGS"]
-agora_version = "edge"
+agora_version = "4.0.0-rc1"
+docdb_master_username = "master"
+mongodb_port = 27017
 
 # Define stacks
 cdk_app = cdk.App()
@@ -58,6 +63,20 @@
     vpc_cidr=environment_variables["VPC_CIDR"],
 )
 
+docdb_props = DocdbProps(
+    instance_type=ec2.InstanceType.of(
+        ec2.InstanceClass.MEMORY5, ec2.InstanceSize.LARGE
+    ),
+    master_username=docdb_master_username,
+    port=mongodb_port,
+)
+docdb_stack = DocdbStack(
+    scope=cdk_app,
+    construct_id=f"{stack_name_prefix}-docdb",
+    vpc=network_stack.vpc,
+    props=docdb_props,
+)
+
 ecs_stack = EcsStack(
     scope=cdk_app,
     construct_id=f"{stack_name_prefix}-ecs",
@@ -75,82 +94,24 @@
     vpc=network_stack.vpc,
 )
 
-api_docs_props = ServiceProps(
-    container_name="agora-api-docs",
-    container_location=f"ghcr.io/sage-bionetworks/agora-api-docs:{agora_version}",
-    container_port=8010,
-    container_memory=200,
-    container_env_vars={"PORT": "8010"},
-)
-api_docs_stack = ServiceStack(
-    scope=cdk_app,
-    construct_id=f"{stack_name_prefix}-api-docs",
-    vpc=network_stack.vpc,
-    cluster=ecs_stack.cluster,
-    props=api_docs_props,
-)
-
-mongo_props = ServiceProps(
-    container_name="agora-mongo",
-    container_location=f"ghcr.io/sage-bionetworks/agora-mongo:{agora_version}",
-    container_port=27017,
-    container_memory=500,
-    container_env_vars={
-        "MONGO_INITDB_ROOT_USERNAME": "root",
-        "MONGO_INITDB_ROOT_PASSWORD": "changeme",
-        "MONGO_INITDB_DATABASE": "agora",
-    },
-    container_volumes=[
-        ContainerVolume(
-            path="/data/db",
-            size=30,
-        )
-    ],
-)
-mongo_stack = ServiceStack(
-    scope=cdk_app,
-    construct_id=f"{stack_name_prefix}-mongo",
-    vpc=network_stack.vpc,
-    cluster=ecs_stack.cluster,
-    props=mongo_props,
-)
-
-# It is probably not appropriate host this container in ECS
-# data_props = ServiceProps(
-#     container_name="agora-data",
-#     container_location=f"ghcr.io/sage-bionetworks/agora-data:{agora_version}",
-#     container_port=9999,  # Not used
-#     container_memory=2048,
-# )
-# data_stack = ServiceStack(
-#     scope=cdk_app,
-#     construct_id=f"{stack_name_prefix}-data",
-#     vpc=network_stack.vpc,
-#     cluster=ecs_stack.cluster,
-#     props=data_props,
-#     container_env_vars={
-#         "DB_USER": "root",
-#         "DB_PASS": "changeme",
-#         "DB_NAME": "agora",
-#         "DB_PORT": "27017",
-#         "DB_HOST": "agora-mongo",
-#         "DATA_FILE": "syn13363290",
-#         "DATA_VERSION": "68",
-#         "TEAM_IMAGES_ID": "syn12861877",
-#         "SYNAPSE_AUTH_TOKEN": "agora-service-user-pat-here",
-#     },
-# )
-# data_stack.add_dependency(mongo_stack)
-
 api_props = ServiceProps(
     container_name="agora-api",
     container_location=f"ghcr.io/sage-bionetworks/agora-api:{agora_version}",
     container_port=3333,
     container_memory=1024,
     container_env_vars={
-        "MONGODB_URI": "mongodb://root:changeme@agora-mongo:27017/agora?authSource=admin",
         "NODE_ENV": "development",
+        "MONGODB_PORT": f"{mongodb_port}",
+        "MONGODB_NAME": "agora",
+        "MONDODB_USER": docdb_master_username,
+        "MONGODB_HOST": docdb_stack.cluster.cluster_endpoint.hostname,
     },
+    container_secrets=[
+        ServiceSecret(
+            secret_name=docdb_stack.master_password_secret.secret_name,
+            environment_key="MONGODB_PASS",
+        )
+    ],
 )
 api_stack = ServiceStack(
     scope=cdk_app,
@@ -159,7 +120,11 @@
     cluster=ecs_stack.cluster,
     props=api_props,
 )
-api_stack.add_dependency(mongo_stack)
+api_stack.add_dependency(docdb_stack)
+api_stack.service.connections.allow_to_default_port(
+    docdb_stack.cluster,
+    "Allow API container to connect to DocumentDB cluster",
+)
 
 app_props = ServiceProps(
     container_name="agora-app",
@@ -171,6 +136,7 @@
         "APP_VERSION": f"{agora_version}",
         "CSR_API_URL": "http://agora-api:3333/api/v1",
         "SSR_API_URL": "http://agora-api:3333/v1",
+        "TAG_NAME": f"agora/v${agora_version}",
     },
 )
 app_stack = ServiceStack(
@@ -207,7 +173,6 @@
     health_check_path="/health",
 )
 apex_stack.add_dependency(app_stack)
-apex_stack.add_dependency(api_docs_stack)
 apex_stack.add_dependency(api_stack)
 
 cdk_app.synth()
diff --git a/requirements.txt b/requirements.txt
@@ -1,3 +1,3 @@
-aws-cdk-lib~=2.139
+aws-cdk-lib~=2.176
 constructs~=10.0
 boto3~=1.34
diff --git a/src/docdb_props.py b/src/docdb_props.py
@@ -0,0 +1,18 @@
+from aws_cdk import aws_ec2 as ec2
+
+
+class DocdbProps:
+    """
+    DocumentDB properties
+
+    instance_type: What type of instance to start for the replicas
+    master_username: The database admin account username
+    port: The MongoDB port
+    """
+
+    def __init__(
+        self, instance_type: ec2.InstanceType, master_username: str, port: int
+    ) -> None:
+        self.instance_type = instance_type
+        self.master_username = master_username
+        self.port = port
diff --git a/src/docdb_stack.py b/src/docdb_stack.py
@@ -0,0 +1,69 @@
+import aws_cdk as cdk
+from aws_cdk import (
+    aws_docdb as docdb,
+    aws_ec2 as ec2,
+    aws_secretsmanager as sm,
+)
+from src.docdb_props import DocdbProps
+
+from constructs import Construct
+
+
+class DocdbStack(cdk.Stack):
+    """
+    DocumentDB cluster
+    """
+
+    def __init__(
+        self,
+        scope: Construct,
+        construct_id: str,
+        vpc: ec2.Vpc,
+        props: DocdbProps,
+        **kwargs,
+    ) -> None:
+        super().__init__(scope, construct_id, **kwargs)
+
+        self.master_password_secret = sm.Secret(
+            self,
+            "DocDbMasterPassword",
+            generate_secret_string=sm.SecretStringGenerator(
+                password_length=32, exclude_punctuation=True
+            ),
+        )
+
+        cluster_parameter_group = docdb.ClusterParameterGroup(
+            self,
+            "DocDbClusterParameterGroup",
+            family="docdb5.0",
+            parameters={
+                "audit_logs": "disabled",
+                "profiler": "enabled",
+                "profiler_sampling_rate": "1.0",
+                "profiler_threshold_ms": "50",
+                "change_stream_log_retention_duration": "10800",
+                "tls": "disabled",
+                "ttl_monitor": "disabled",
+            },
+        )
+
+        # https://docs.aws.amazon.com/cdk/api/v2/python/aws_cdk.aws_docdb/DatabaseCluster.html
+        self.cluster = docdb.DatabaseCluster(
+            self,
+            "DocDbCluster",
+            master_user=docdb.Login(
+                username=props.master_username,
+                password=self.master_password_secret.secret_value,
+            ),
+            instance_type=props.instance_type,
+            vpc=vpc,
+            vpc_subnets=ec2.SubnetSelection(
+                subnet_type=ec2.SubnetType.PRIVATE_WITH_EGRESS
+            ),
+            parameter_group=cluster_parameter_group,
+            removal_policy=cdk.RemovalPolicy.DESTROY,
+            storage_encrypted=True,
+            preferred_maintenance_window="sat:06:54-sat:07:24",
+            port=props.port,
+            export_profiler_logs_to_cloud_watch=True,
+        )
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		* @Sage-Bionetworks-IT/sagebio-it @Sage-Bionetworks-IT/infra-oversight-committee
		* @Sage-Bionetworks-IT/infra-oversight-committee @Sage-Bionetworks-IT/agora-admin