Update to version v5.2.0

CHANGELOG.md

@@ -4,6 +4,26 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [5.2.0] - 2021-01-29
+### Added
+- Support for ap-east-1 and me-south-1 regions: [#192](https://github.com/awslabs/serverless-image-handler/issues/192), [#228](https://github.com/awslabs/serverless-image-handler/issues/228), [#232](https://github.com/awslabs/serverless-image-handler/issues/232)
+- Unit tests for custom-resource: `100%` coverage
+- Cloudfront cache policy and origin request policy: [#229](https://github.com/awslabs/serverless-image-handler/issues/229)
+- Circular cropping feature: [#214](https://github.com/awslabs/serverless-image-handler/issues/214), [#216](https://github.com/awslabs/serverless-image-handler/issues/216)
+- Unit tests for image-handler: `100%` coverage
+- Support for files without extension on thumbor requests: [#169](https://github.com/awslabs/serverless-image-handler/issues/169), [#188](https://github.com/awslabs/serverless-image-handler/issues/188)
+- Inappropriate content detection feature: [#243](https://github.com/awslabs/serverless-image-handler/issues/243)
+- Unit tests for image-request: `100%` coverage
+
+### Fixed
+- Graceful failure when no faces are detected using smartCrop and fail on resizing before smartCrop: [#132](https://github.com/awslabs/serverless-image-handler/issues/132), [#133](https://github.com/awslabs/serverless-image-handler/issues/133)
+- Broken SVG returned if no edits specified and Auto-WebP enabled: [#247](https://github.com/awslabs/serverless-image-handler/issues/247)
+- Removed "--recursive" from README.md: [#255](https://github.com/awslabs/serverless-image-handler/pull/255)
+- fixed issue with failure on resize if width or height is float: [#254](https://github.com/awslabs/serverless-image-handler/issues/254)
+
+### Changed 
+- Constructs test template for constructs unit test: `100%` coverage
+
 ## [5.1.0] - 2020-11-19
 ### ⚠ BREAKING CHANGES
 - **Image URL Signature**: When image URL signature is enabled, all URLs including existing URLs should have `signature` query parameter.

README.md

@@ -64,8 +64,8 @@ chmod +x ./build-s3-dist.sh
 
 Deploy the distributable to the Amazon S3 bucket in your account:
 ```bash
-aws s3 sync ./regional-s3-assets/ s3://$DIST_OUTPUT_BUCKET-$REGION/$SOLUTION_NAME/$VERSION/ --recursive --acl bucket-owner-full-control
-aws s3 sync ./global-s3-assets/ s3://$DIST_OUTPUT_BUCKET-$REGION/$SOLUTION_NAME/$VERSION/ --recursive --acl bucket-owner-full-control
+aws s3 sync ./regional-s3-assets/ s3://$DIST_OUTPUT_BUCKET-$REGION/$SOLUTION_NAME/$VERSION/ --acl bucket-owner-full-control
+aws s3 sync ./global-s3-assets/ s3://$DIST_OUTPUT_BUCKET-$REGION/$SOLUTION_NAME/$VERSION/ --acl bucket-owner-full-control
 ```
 
 ### 6. Launch the CloudFormation template.
@@ -84,6 +84,7 @@ aws s3 sync ./global-s3-assets/ s3://$DIST_OUTPUT_BUCKET-$REGION/$SOLUTION_NAME/
 - [@pch](https://github.com/pch) for [#227](https://github.com/awslabs/serverless-image-handler/pull/227)
 - [@atrope](https://github.com/atrope) for [#201](https://github.com/awslabs/serverless-image-handler/pull/201)
 - [@bretto36](https://github.com/bretto36) for [#182](https://github.com/awslabs/serverless-image-handler/pull/182)
+- [@makoncline](https://github.com/makoncline) for [#255](https://github.com/awslabs/serverless-image-handler/pull/255)
 
 ***
 ## License

source/constructs/lib/serverless-image-handler.ts

@@ -81,6 +81,21 @@ export class ServerlessImageHandler extends Construct {
       });
       enableDefaultFallbackImageCondition.overrideLogicalId('EnableDefaultFallbackImageCondition');
 
+      const isOptInRegion = new cdk.CfnCondition(this, 'IsOptInRegion', {
+        expression: cdk.Fn.conditionOr(
+          cdk.Fn.conditionEquals("af-south-1", cdk.Aws.REGION),
+          cdk.Fn.conditionEquals("ap-east-1", cdk.Aws.REGION),
+          cdk.Fn.conditionEquals("eu-south-1" , cdk.Aws.REGION),
+          cdk.Fn.conditionEquals("me-south-1" , cdk.Aws.REGION)
+        )
+      });
+      isOptInRegion.overrideLogicalId('IsOptInRegion');
+
+      const isNotOptInRegion = new cdk.CfnCondition(this, 'IsNotOptInRegion', {
+        expression: cdk.Fn.conditionNot(isOptInRegion)
+      });
+      isNotOptInRegion.overrideLogicalId('IsNotOptInRegion')
+
       // ImageHandlerFunctionRole
       const imageHandlerFunctionRole = new cdkIam.Role(this, 'ImageHandlerFunctionRole', {
         assumedBy: new cdkIam.ServicePrincipal('lambda.amazonaws.com'),
@@ -122,7 +137,8 @@ export class ServerlessImageHandler extends Construct {
           }),
           new cdkIam.PolicyStatement({
             actions: [
-              'rekognition:DetectFaces'
+              'rekognition:DetectFaces',
+              'rekognition:DetectModerationLabels'
             ],
             resources: [
               '*'
@@ -182,6 +198,12 @@ export class ServerlessImageHandler extends Construct {
       });
       const cfnLambdaFunctionLogs = lambdaFunctionLogs.node.defaultChild as cdkLogs.CfnLogGroup;
       cfnLambdaFunctionLogs.retentionInDays = props.logRetentionPeriodParameter.valueAsNumber;
+      this.addCfnNagSuppressRules(cfnLambdaFunctionLogs, [
+        {
+          "id": "W84",
+          "reason": "Used to store store function info"
+        }
+      ]);
       cfnLambdaFunctionLogs.overrideLogicalId('ImageHandlerLogGroup');
 
       // CloudFrontToApiGatewayToLambda pattern
@@ -193,6 +215,16 @@ export class ServerlessImageHandler extends Construct {
 
       // ApiLogs
       const cfnApiGatewayLogGroup = apiGatewayLogGroup.node.defaultChild as cdkLogs.CfnLogGroup;
+      this.addCfnNagSuppressRules(cfnApiGatewayLogGroup, [
+        {
+          "id": "W84",
+          "reason": "Used to store store api log info, not using kms"
+        },
+        {
+          "id": "W86",
+          "reason": "Log retention specified in CloudFromation parameters."
+        }
+      ]);
       cfnApiGatewayLogGroup.overrideLogicalId('ApiLogs');
 
       // ImageHandlerApi
@@ -242,6 +274,7 @@ export class ServerlessImageHandler extends Construct {
       const cloudFrontToApiGateway = cloudFrontApiGatewayLambda.node.findChild('CloudFrontToApiGateway');
       const accessLogBucket = cloudFrontToApiGateway.node.findChild('CloudfrontLoggingBucket') as cdkS3.Bucket;
       const cfnAccessLogBucket = accessLogBucket.node.defaultChild as cdkS3.CfnBucket;
+      cfnAccessLogBucket.cfnOptions.condition = isNotOptInRegion;
       this.addCfnNagSuppressRules(cfnAccessLogBucket, [
         {
           "id": "W35",
@@ -252,8 +285,76 @@ export class ServerlessImageHandler extends Construct {
 
       // LogsBucketPolicy
       const accessLogBucketPolicy = accessLogBucket.node.findChild('Policy') as cdkS3.BucketPolicy;
+      const cfnAccessLogBucketPolicy = accessLogBucketPolicy.node.defaultChild as cdkS3.CfnBucketPolicy;
+      (accessLogBucketPolicy.node.defaultChild as cdkS3.CfnBucketPolicy).cfnOptions.condition = isNotOptInRegion;
       (accessLogBucketPolicy.node.defaultChild as cdkS3.CfnBucketPolicy).overrideLogicalId('LogsBucketPolicy');
 
+      //OptInRegionLogBucket
+      const optInRegionAccessLogBucket = cdkS3.Bucket.fromBucketAttributes(this, 'CloudFrontLoggingBucket', {
+        bucketName: 
+          cdk.Fn.getAtt(
+            cdk.Lazy.stringValue({ 
+              produce(context) {
+                return cfLoggingBucket.logicalId}
+            }), 
+          'bucketName').toString(),
+         region: 'us-east-1'
+      });
+
+      //OptInRegionLogBucketPolicy
+      const optInRegionPolicyStatement = cfnAccessLogBucketPolicy.policyDocument.toJSON().Statement[0];
+      optInRegionPolicyStatement.Resource = "";
+
+      //Choose Log Bucket
+      const cloudFrontLogsBucket = cdk.Fn.conditionIf(isOptInRegion.logicalId, optInRegionAccessLogBucket.bucketRegionalDomainName, accessLogBucket.bucketRegionalDomainName).toString();
+
+
+      //ImagehandlerCachePolicy
+      const cfnCachePolicy = new cdkCloudFront.CfnCachePolicy(
+        this, 
+        'CachePolicy', 
+        {
+          cachePolicyConfig: {
+            name: `${cdk.Aws.STACK_NAME}-${cdk.Aws.REGION}-ImageHandlerCachePolicy`,
+            defaultTtl: 86400,
+            minTtl: 1,
+            maxTtl: 31536000,
+            parametersInCacheKeyAndForwardedToOrigin: {
+              cookiesConfig: {cookieBehavior: "none"},
+              enableAcceptEncodingGzip: true,
+              headersConfig: {
+                headerBehavior: "whitelist", 
+                headers:['origin', 'accept']
+              },
+              queryStringsConfig: {
+                queryStringBehavior: "whitelist",
+                queryStrings: ["signature"]
+              },
+            }       
+        }
+      });
+      cfnCachePolicy.overrideLogicalId("ImageHandlerCachePolicy");
+
+      //ImageHandlerOriginRequestPolicy
+      const cfnOriginRequestPolicy = new cdkCloudFront.CfnOriginRequestPolicy(
+        this, 
+        "OriginRequestPolicy",
+        {
+          originRequestPolicyConfig: { 
+            cookiesConfig: {cookieBehavior: "none"},
+            headersConfig: {
+              headerBehavior: "whitelist",
+              headers: ['origin', 'accept']
+            },
+            name: `${cdk.Aws.STACK_NAME}-${cdk.Aws.REGION}-ImageHandlerOriginRequestPolicy`,
+            queryStringsConfig: {
+              queryStringBehavior: "whitelist",
+              queryStrings: ["signature"]
+            },
+          }
+        });
+        cfnOriginRequestPolicy.overrideLogicalId("ImageHandlerOriginRequestPolicy");
+
       // ImageHandlerDistribution
       const cfnCloudFrontDistribution = cloudFrontWebDistribution.node.defaultChild as cdkCloudFront.CfnDistribution;
       cfnCloudFrontDistribution.distributionConfig = {
@@ -273,13 +374,10 @@ export class ServerlessImageHandler extends Construct {
         defaultCacheBehavior: {
           allowedMethods: [ 'GET', 'HEAD' ],
           targetOriginId: apiGateway.restApiId,
-          forwardedValues: {
-            queryString: true,
-            queryStringCacheKeys: [ 'signature' ],
-            headers: [ 'Origin', 'Accept' ],
-            cookies: { forward: 'none' }
-          },
-          viewerProtocolPolicy: 'https-only'
+          viewerProtocolPolicy: 'https-only',
+          cachePolicyId: cfnCachePolicy.ref,
+          originRequestPolicyId: cfnOriginRequestPolicy.ref
+
         },
         customErrorResponses: [
           { errorCode: 500, errorCachingMinTtl: 10 },
@@ -291,7 +389,7 @@ export class ServerlessImageHandler extends Construct {
         priceClass: 'PriceClass_All',
         logging: {
           includeCookies: false,
-          bucket: accessLogBucket.bucketRegionalDomainName,
+          bucket: cloudFrontLogsBucket,
           prefix: 'image-handler-cf-logs/'
         }
       };
@@ -378,7 +476,7 @@ export class ServerlessImageHandler extends Construct {
         httpVersion: 'http2',
         logging: {
           includeCookies: false,
-          bucket: accessLogBucket.bucketRegionalDomainName,
+          bucket: cloudFrontLogsBucket,
           prefix: 'demo-cf-logs/'
         }
       };
@@ -416,6 +514,10 @@ export class ServerlessImageHandler extends Construct {
           }),
           new cdkIam.PolicyStatement({
             actions: [
+              's3:putBucketAcl',
+              's3:putEncryptionConfiguration',
+              's3:putBucketPolicy',
+              's3:CreateBucket',
               's3:GetObject',
               's3:PutObject',
               's3:ListBucket'
@@ -461,6 +563,12 @@ export class ServerlessImageHandler extends Construct {
       });
       const cfnCustomResourceLogGroup = customResourceLogGroup.node.defaultChild as cdkLogs.CfnLogGroup;
       cfnCustomResourceLogGroup.retentionInDays = props.logRetentionPeriodParameter.valueAsNumber;
+      this.addCfnNagSuppressRules(cfnCustomResourceLogGroup, [
+        {
+          "id": "W84",
+          "reason": "Used to store store function info, no kms used"
+        }
+      ]);
       cfnCustomResourceLogGroup.overrideLogicalId('CustomResourceLogGroup');
 
       // CustomResourceCopyS3
@@ -565,6 +673,19 @@ export class ServerlessImageHandler extends Construct {
         condition: enableDefaultFallbackImageCondition,
         dependencies: [ cfnCustomResourceRole, cfnCustomResourcePolicy ]
       });
+
+      const bucketSuffix = cdk.Aws.STACK_NAME + cdk.Aws.REGION + cdk.Aws.ACCOUNT_ID;
+      const cfLoggingBucket = this.createCustomResource('CustomCFLoggingBucket', customResourceFunction, {
+        properties: [
+         { path: 'customAction', value: 'createCFLoggingBucket' },
+         { path: 'stackName', value: cdk.Aws.STACK_NAME },
+         { path: 'bucketSuffix', value: bucketSuffix },
+         { path: 'policy', value: optInRegionPolicyStatement }
+        ],
+        condition: isOptInRegion,
+        dependencies: [ cfnCustomResourceRole, cfnCustomResourcePolicy ]
+
+      });
     } catch (error) {
       console.error(error);
     }

source/constructs/package.json

@@ -1,7 +1,7 @@
 {
   "name": "constructs",
   "description": "Serverless Image Handler Constructs",
-  "version": "5.1.0",
+  "version": "5.2.0",
   "license": "Apache-2.0",
   "bin": {
     "constructs": "bin/constructs.js"