Skip to content

Commit

Permalink
update to version 6.3.3 (#584)
Browse files Browse the repository at this point in the history
  • Loading branch information
simonkrol authored Dec 28, 2024
1 parent f9b1e66 commit a11bb41
Show file tree
Hide file tree
Showing 38 changed files with 631 additions and 107 deletions.
13 changes: 13 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,24 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [6.3.3] - 2024-12-27

### Fixed
- Overlays not checking for valid S3 buckets
- Failures when updating deployments created in version 6.1.0 and prior [#559](https://github.com/aws-solutions/serverless-image-handler/issues/559)

### Security

- Added allowlist on sharp operations. [Info](https://docs.aws.amazon.com/solutions/latest/serverless-image-handler/create-and-use-image-requests.html#restricted-operations)
- Added deny list on custom headers for base64 encoded requests. [Info](https://docs.aws.amazon.com/solutions/latest/serverless-image-handler/create-and-use-image-requests.html#include-custom-response-headers)
- Added inference of Content-Type header if S3 Metadata provides an unsupported value

## [6.3.2] - 2024-11-22

### Fixed
- Upgrade cross-spawn to v7.0.6 for vulnerability [CVE-2024-9506](https://github.com/advisories/GHSA-5j4c-8p2g-v4jx)


## [6.3.1] - 2024-10-02

### Fixed
Expand Down
2 changes: 1 addition & 1 deletion VERSION.txt
Original file line number Diff line number Diff line change
@@ -1 +1 @@
6.3.2
6.3.3
2 changes: 1 addition & 1 deletion source/constructs/cdk.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"app": "npx ts-node --prefer-ts-exts bin/constructs.ts",
"context": {
"solutionId": "SO0023",
"solutionVersion": "custom-v6.3.2",
"solutionVersion": "custom-v6.3.3",
"solutionName": "serverless-image-handler"
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ export interface AppRegistryApplicationProps {
readonly description: string;
readonly solutionId: string;
readonly applicationName: string;
readonly solutionName: string;
readonly solutionVersion: string;
}

Expand Down Expand Up @@ -91,13 +92,13 @@ export class CommonResources extends Construct {
const applicationType = "AWS-Solutions";

const application = new appreg.Application(stack, "AppRegistry", {
applicationName: Fn.join("-", ["AppRegistry", Aws.STACK_NAME, Aws.REGION, Aws.ACCOUNT_ID]),
description: `Service Catalog application to track and manage all your resources for the solution ${props.applicationName}`,
applicationName: props.applicationName,
description: `Service Catalog application to track and manage all your resources for the solution ${props.solutionName}`,
});
application.associateApplicationWithStack(stack);

Tags.of(application).add("Solutions:SolutionID", props.solutionId);
Tags.of(application).add("Solutions:SolutionName", props.applicationName);
Tags.of(application).add("Solutions:SolutionName", props.solutionName);
Tags.of(application).add("Solutions:SolutionVersion", props.solutionVersion);
Tags.of(application).add("Solutions:ApplicationType", applicationType);

Expand All @@ -108,7 +109,7 @@ export class CommonResources extends Construct {
applicationType,
version: props.solutionVersion,
solutionID: props.solutionId,
solutionName: props.applicationName,
solutionName: props.solutionName,
},
});
attributeGroup.associateWith(application);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ export class CustomResourcesConstruct extends Construct {
private readonly customResourceRole: Role;
private readonly customResourceLambda: LambdaFunction;
public readonly uuid: string;
public appRegApplicationName: string;

constructor(scope: Construct, id: string, props: CustomResourcesConstructProps) {
super(scope, id);
Expand Down Expand Up @@ -116,6 +117,40 @@ export class CustomResourcesConstruct extends Construct {
}),
],
}),
AppRegistryPolicy: new PolicyDocument({
statements: [
new PolicyStatement({
effect: Effect.ALLOW,
actions: ["cloudformation:DescribeStackResources"],
resources: [
Stack.of(this).formatArn({
partition: Aws.PARTITION,
service: "cloudformation",
region: Aws.REGION,
account: Aws.ACCOUNT_ID,
resource: "stack",
resourceName: `${Aws.STACK_NAME}/*`,
arnFormat: ArnFormat.SLASH_RESOURCE_NAME,
}),
],
}),
new PolicyStatement({
effect: Effect.ALLOW,
actions: ["servicecatalog:GetApplication"],
resources: [
Stack.of(this).formatArn({
partition: Aws.PARTITION,
service: "servicecatalog",
region: Aws.REGION,
account: Aws.ACCOUNT_ID,
resource: "applications",
resourceName: `*`,
arnFormat: ArnFormat.SLASH_RESOURCE_SLASH_RESOURCE_NAME,
}),
],
}),
],
}),
},
});

Expand Down Expand Up @@ -188,6 +223,17 @@ export class CustomResourcesConstruct extends Construct {
SourceBuckets: props.sourceBuckets,
});

const getAppRegApplicationNameResults = this.createCustomResource(
"CustomResourceGetAppRegApplicationName",
this.customResourceLambda,
{
CustomAction: "getAppRegApplicationName",
Region: Aws.REGION,
DefaultName: Fn.join("-", ["AppRegistry", Aws.STACK_NAME, Aws.REGION, Aws.ACCOUNT_ID]),
}
);
this.appRegApplicationName = getAppRegApplicationNameResults.getAttString("ApplicationName");

this.createCustomResource(
"CustomResourceCheckFallbackImage",
this.customResourceLambda,
Expand Down
3 changes: 2 additions & 1 deletion source/constructs/lib/serverless-image-stack.ts
Original file line number Diff line number Diff line change
Expand Up @@ -219,7 +219,8 @@ export class ServerlessImageHandlerStack extends Stack {
description: `${props.solutionId} - ${props.solutionName}. Version ${props.solutionVersion}`,
solutionVersion: props.solutionVersion,
solutionId: props.solutionId,
applicationName: props.solutionName,
solutionName: props.solutionName,
applicationName: commonResources.customResources.appRegApplicationName,
});

this.templateOptions.metadata = {
Expand Down
4 changes: 2 additions & 2 deletions source/constructs/package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion source/constructs/package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "constructs",
"version": "6.3.2",
"version": "6.3.3",
"description": "Serverless Image Handler Constructs",
"license": "Apache-2.0",
"author": {
Expand Down
121 changes: 102 additions & 19 deletions source/constructs/test/__snapshots__/constructs.test.ts.snap
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ exports[`Serverless Image Handler Stack Snapshot 1`] = `
"Config": {
"AnonymousUsage": "Yes",
"SolutionId": "S0ABC",
"Version": "v6.3.2",
"Version": "v6.3.3",
},
},
},
Expand Down Expand Up @@ -387,28 +387,17 @@ exports[`Serverless Image Handler Stack Snapshot 1`] = `
"Properties": {
"Description": "Service Catalog application to track and manage all your resources for the solution sih",
"Name": {
"Fn::Join": [
"-",
[
"AppRegistry",
{
"Ref": "AWS::StackName",
},
{
"Ref": "AWS::Region",
},
{
"Ref": "AWS::AccountId",
},
],
"Fn::GetAtt": [
"CommonResourcesCustomResourcesCustomResourceGetAppRegApplicationName62472E55",
"ApplicationName",
],
},
"Tags": {
"SolutionId": "S0ABC",
"Solutions:ApplicationType": "AWS-Solutions",
"Solutions:SolutionID": "S0ABC",
"Solutions:SolutionName": "sih",
"Solutions:SolutionVersion": "v6.3.2",
"Solutions:SolutionVersion": "v6.3.3",
},
},
"Type": "AWS::ServiceCatalogAppRegistry::Application",
Expand Down Expand Up @@ -1277,7 +1266,7 @@ exports[`Serverless Image Handler Stack Snapshot 1`] = `
},
"S3Key": "Omitted to remove snapshot dependency on hash",
},
"Description": "sih (v6.3.2): Performs image edits and manipulations",
"Description": "sih (v6.3.3): Performs image edits and manipulations",
"Environment": {
"Variables": {
"AUTO_WEBP": {
Expand Down Expand Up @@ -1977,7 +1966,7 @@ exports[`Serverless Image Handler Stack Snapshot 1`] = `
},
"S3Key": "Omitted to remove snapshot dependency on hash",
},
"Description": "sih (v6.3.2): Custom resource",
"Description": "sih (v6.3.3): Custom resource",
"Environment": {
"Variables": {
"RETRY_SECONDS": "5",
Expand All @@ -2004,6 +1993,40 @@ exports[`Serverless Image Handler Stack Snapshot 1`] = `
},
"Type": "AWS::Lambda::Function",
},
"CommonResourcesCustomResourcesCustomResourceGetAppRegApplicationName62472E55": {
"DeletionPolicy": "Delete",
"Properties": {
"CustomAction": "getAppRegApplicationName",
"DefaultName": {
"Fn::Join": [
"-",
[
"AppRegistry",
{
"Ref": "AWS::StackName",
},
{
"Ref": "AWS::Region",
},
{
"Ref": "AWS::AccountId",
},
],
],
},
"Region": {
"Ref": "AWS::Region",
},
"ServiceToken": {
"Fn::GetAtt": [
"CommonResourcesCustomResourcesCustomResourceFunction0D924235",
"Arn",
],
},
},
"Type": "AWS::CloudFormation::CustomResource",
"UpdateReplacePolicy": "Delete",
},
"CommonResourcesCustomResourcesCustomResourceRole8958A1ED": {
"Metadata": {
"cfn_nag": {
Expand Down Expand Up @@ -2160,6 +2183,66 @@ exports[`Serverless Image Handler Stack Snapshot 1`] = `
},
"PolicyName": "EC2Policy",
},
{
"PolicyDocument": {
"Statement": [
{
"Action": "cloudformation:DescribeStackResources",
"Effect": "Allow",
"Resource": {
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition",
},
":cloudformation:",
{
"Ref": "AWS::Region",
},
":",
{
"Ref": "AWS::AccountId",
},
":stack/",
{
"Ref": "AWS::StackName",
},
"/*",
],
],
},
},
{
"Action": "servicecatalog:GetApplication",
"Effect": "Allow",
"Resource": {
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition",
},
":servicecatalog:",
{
"Ref": "AWS::Region",
},
":",
{
"Ref": "AWS::AccountId",
},
":/applications/*",
],
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "AppRegistryPolicy",
},
],
"Tags": [
{
Expand Down Expand Up @@ -2583,7 +2666,7 @@ exports[`Serverless Image Handler Stack Snapshot 1`] = `
"applicationType": "AWS-Solutions",
"solutionID": "S0ABC",
"solutionName": "sih",
"version": "v6.3.2",
"version": "v6.3.3",
},
"Description": "Attribute group for solution information",
"Name": {
Expand Down
4 changes: 2 additions & 2 deletions source/constructs/test/constructs.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -11,14 +11,14 @@ test("Serverless Image Handler Stack Snapshot", () => {
context: {
solutionId: "SO0023",
solutionName: "serverless-image-handler",
solutionVersion: "v6.3.2",
solutionVersion: "v6.3.3",
},
});

const stack = new ServerlessImageHandlerStack(app, "TestStack", {
solutionId: "S0ABC",
solutionName: "sih",
solutionVersion: "v6.3.2",
solutionVersion: "v6.3.3",
});

const template = Template.fromStack(stack);
Expand Down
Loading

0 comments on commit a11bb41

Please sign in to comment.