Unicorn approvals

.github/dependabot.yml

@@ -8,7 +8,7 @@ updates:
   - package-ecosystem: "pip" # See documentation for possible values
     directories: 
       - "unicorn_contracts" # Location of package manifests
-      - "unicorn_properties"
+      - "unicorn_approvals"
       - "unicorn_web"
     schedule:
       interval: "weekly"

.github/workflows/record_pr.yml

@@ -16,7 +16,7 @@ jobs:
           script: |
             const script = require('.github/scripts/save_pr_details.js')
             await script({github, context, core})
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         with:
           name: pr
           path: pr.txt

.github/workflows/services_unit_tests.yml

@@ -3,13 +3,13 @@ on:
     branches: [develop, main]
     paths:
       - 'unicorn_contracts/**'
-      - 'unicorn_properties/**'
+      - 'unicorn_approvals/**'
       - 'unicorn_web/**'
   pull_request:
     branches: [develop, main]
     paths:
       - 'unicorn_contracts/**'
-      - 'unicorn_properties/**'
+      - 'unicorn_approvals/**'
       - 'unicorn_web/**'
 
 jobs:
@@ -18,10 +18,10 @@ jobs:
     with:
       service_directory: unicorn_contracts
 
-  unicorn_properties:
+  unicorn_approvals:
     uses: ./.github/workflows/reusable_unit_tests.yml
     with:
-      service_directory: unicorn_properties
+      service_directory: unicorn_approvals
 
   unicorn_web:
     uses: ./.github/workflows/reusable_unit_tests.yml

unicorn_properties/integration/event-schemas.yaml → unicorn_approvals/integration/event-schemas.yaml

@@ -18,7 +18,7 @@ Resources:
     Properties: 
       Description: 'Event schemas for Unicorn Properties'
       RegistryName:
-        Fn::Sub: "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}-${Stage}"
+        Fn::Sub: "{{resolve:ssm:/uni-prop/UnicornApprovalsNamespace}}-${Stage}"
 
   EventRegistryPolicy:
     Type: AWS::EventSchemas::RegistryPolicy
@@ -52,7 +52,7 @@ Resources:
       RegistryName:
         Fn::GetAtt: EventRegistry.RegistryName
       SchemaName:
-        Fn::Sub: '{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}@PublicationEvaluationCompleted'
+        Fn::Sub: '{{resolve:ssm:/uni-prop/UnicornApprovalsNamespace}}@PublicationEvaluationCompleted'
       Description: 'The schema for when a property evaluation is completed'
       Content:
         Fn::Sub: |

unicorn_properties/integration/subscriber-policies.yaml → unicorn_approvals/integration/subscriber-policies.yaml

@@ -20,7 +20,7 @@ Resources:
     Type: AWS::Events::EventBusPolicy
     Properties:
       EventBusName:
-        Fn::Sub: "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesEventBus}}"
+        Fn::Sub: "{{resolve:ssm:/uni-prop/${Stage}/UnicornApprovalsEventBus}}"
       StatementId:
         Fn::Sub: "OnlyRulesForPropertiesServiceEvents-${Stage}"
       Statement:
@@ -40,12 +40,12 @@ Resources:
           - Fn::Sub:
               - arn:${AWS::Partition}:events:${AWS::Region}:${AWS::AccountId}:rule/${eventBusName}/*
               - eventBusName:
-                  Fn::Sub: "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesEventBus}}"
+                  Fn::Sub: "{{resolve:ssm:/uni-prop/${Stage}/UnicornApprovalsEventBus}}"
         Condition:
           StringEqualsIfExists:
             "events:creatorAccount": "${aws:PrincipalAccount}"
           StringEquals:
             "events:source":
-              - "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}"
+              - "{{resolve:ssm:/uni-prop/UnicornApprovalsNamespace}}"
           "Null":
             "events:source": "false"

unicorn_properties/integration/subscriptions.yaml → unicorn_approvals/integration/subscriptions.yaml

@@ -32,7 +32,7 @@ Resources:
       Targets:
         - Id: SendEventTo
           Arn:
-            Fn::Sub: "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesEventBusArn}}"
+            Fn::Sub: "{{resolve:ssm:/uni-prop/${Stage}/UnicornApprovalsEventBusArn}}"
           RoleArn:
             Fn::GetAtt: [ UnicornPropertiesSubscriptionRole, Arn ]
 
@@ -55,13 +55,13 @@ Resources:
       Targets:
         - Id: SendEventTo
           Arn:
-            Fn::Sub: "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesEventBusArn}}"
+            Fn::Sub: "{{resolve:ssm:/uni-prop/${Stage}/UnicornApprovalsEventBusArn}}"
           RoleArn:
             Fn::GetAtt: [ UnicornPropertiesSubscriptionRole, Arn ]
 
 
   # This IAM role allows EventBridge to assume the permissions necessary to send events 
-  # from the publishing event bus, to the subscribing event bus (UnicornPropertiesEventBusArn)
+  # from the publishing event bus, to the subscribing event bus (UnicornApprovalsEventBusArn)
   UnicornPropertiesSubscriptionRole:
     Type: AWS::IAM::Role
     DeletionPolicy: Delete
@@ -81,7 +81,7 @@ Resources:
               - Effect: Allow
                 Action: events:PutEvents
                 Resource:
-                  Fn::Sub: "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesEventBusArn}}"
+                  Fn::Sub: "{{resolve:ssm:/uni-prop/${Stage}/UnicornApprovalsEventBusArn}}"
 
 Outputs:
   ContractStatusChangedSubscription:

unicorn_properties/samconfig.toml → unicorn_approvals/samconfig.toml

@@ -1,8 +1,8 @@
 version = 0.1
 
 [default.global.parameters]
-stack_name = "uni-prop-local-properties"
-s3_prefix = "uni-prop-local-properties"
+stack_name = "uni-prop-local-approvals"
+s3_prefix = "uni-prop-local-approvals"
 resolve_s3 = true
 resolve_image_repositories = true
 

unicorn_properties/template.yaml → unicorn_approvals/template.yaml

@@ -53,41 +53,41 @@ Globals:
     Environment:
       Variables:
         CONTRACT_STATUS_TABLE: !Ref ContractStatusTable
-        EVENT_BUS: !Ref UnicornPropertiesEventBus
-        SERVICE_NAMESPACE: "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}"
+        EVENT_BUS: !Ref UnicornApprovalsEventBus
+        SERVICE_NAMESPACE: "{{resolve:ssm:/uni-prop/UnicornApprovalsNamespace}}"
         POWERTOOLS_LOGGER_CASE: PascalCase
-        POWERTOOLS_SERVICE_NAME: "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}"
+        POWERTOOLS_SERVICE_NAME: "{{resolve:ssm:/uni-prop/UnicornApprovalsNamespace}}"
         POWERTOOLS_TRACE_DISABLED: "false" # Explicitly disables tracing, default
         POWERTOOLS_LOGGER_LOG_EVENT: !If [IsProd, "false", "true"] # Logs incoming event, default
         POWERTOOLS_LOGGER_SAMPLE_RATE: !If [IsProd, "0.1", "0"] # Debug log sampling percentage, default
-        POWERTOOLS_METRICS_NAMESPACE: "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}"
+        POWERTOOLS_METRICS_NAMESPACE: "{{resolve:ssm:/uni-prop/UnicornApprovalsNamespace}}"
         POWERTOOLS_LOG_LEVEL: INFO # Log level for Logger (INFO, DEBUG, etc.), default
         LOG_LEVEL: INFO # Log level for Logger
     Tags:
       stage: !Ref Stage
       project: !FindInMap [Constants, ProjectName, Value]
-      namespace: "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}"
+      namespace: "{{resolve:ssm:/uni-prop/UnicornApprovalsNamespace}}"
 
 Resources:
   #### SSM PARAMETERS
   # Services share their event bus name and arn
-  UnicornPropertiesEventBusNameParam:
+  UnicornApprovalsEventBusNameParam:
     Type: AWS::SSM::Parameter
     DeletionPolicy: Delete
     UpdateReplacePolicy: Delete
     Properties:
       Type: String
-      Name: !Sub /uni-prop/${Stage}/UnicornPropertiesEventBus
-      Value: !GetAtt UnicornPropertiesEventBus.Name
+      Name: !Sub /uni-prop/${Stage}/UnicornApprovalsEventBus
+      Value: !GetAtt UnicornApprovalsEventBus.Name
 
-  UnicornPropertiesEventBusArnParam:
+  UnicornApprovalsEventBusArnParam:
     Type: AWS::SSM::Parameter
     DeletionPolicy: Delete
     UpdateReplacePolicy: Delete
     Properties:
       Type: String
-      Name: !Sub /uni-prop/${Stage}/UnicornPropertiesEventBusArn
-      Value: !GetAtt UnicornPropertiesEventBus.Arn
+      Name: !Sub /uni-prop/${Stage}/UnicornApprovalsEventBusArn
+      Value: !GetAtt UnicornApprovalsEventBus.Arn
 
   #### LAMBDA FUNCTIONS
   # Listens to ContractStatusChanged events from EventBridge
@@ -106,7 +106,7 @@ Resources:
           Type: EventBridgeRule
           Properties:
             RuleName: unicorn.properties-ContractStatusChanged
-            EventBusName: !GetAtt UnicornPropertiesEventBus.Name
+            EventBusName: !GetAtt UnicornApprovalsEventBus.Name
             Pattern:
               source:
                 - "{{resolve:ssm:/uni-prop/UnicornContractsNamespace}}"
@@ -219,7 +219,7 @@ Resources:
         - S3ReadPolicy:
             BucketName: !Sub "{{resolve:ssm:/uni-prop/${Stage}/ImagesBucket}}"
         - EventBridgePutEventsPolicy:
-            EventBusName: !GetAtt UnicornPropertiesEventBus.Name
+            EventBusName: !GetAtt UnicornApprovalsEventBus.Name
         - Statement:
             - Effect: Allow
               Action:
@@ -244,7 +244,7 @@ Resources:
           Type: EventBridgeRule
           Properties:
             RuleName: unicorn.properties-PublicationApprovalRequested
-            EventBusName: !GetAtt UnicornPropertiesEventBus.Name
+            EventBusName: !GetAtt UnicornApprovalsEventBus.Name
             Pattern:
               source:
                 - "{{resolve:ssm:/uni-prop/UnicornWebNamespace}}"
@@ -260,8 +260,8 @@ Resources:
         WaitForContractApprovalArn: !GetAtt WaitForContractApprovalFunction.Arn
         TableName: !Ref ContractStatusTable
         ImageUploadBucketName: !Sub "{{resolve:ssm:/uni-prop/${Stage}/ImagesBucket}}"
-        EventBusName: !GetAtt UnicornPropertiesEventBus.Name
-        ServiceName: "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}"
+        EventBusName: !GetAtt UnicornApprovalsEventBus.Name
+        ServiceName: "{{resolve:ssm:/uni-prop/UnicornApprovalsNamespace}}"
 
   # Store ApprovalStateMachineLogGroup workflow execution logs
   ApprovalStateMachineLogGroup:
@@ -285,7 +285,7 @@ Resources:
         - Key: project
           Value: !FindInMap [Constants, ProjectName, Value]
         - Key: namespace
-          Value: "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}"
+          Value: "{{resolve:ssm:/uni-prop/UnicornApprovalsNamespace}}"
         - Key: stage
           Value: !Ref Stage
 
@@ -301,7 +301,7 @@ Resources:
         - Key: project
           Value: !FindInMap [Constants, ProjectName, Value]
         - Key: namespace
-          Value: "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}"
+          Value: "{{resolve:ssm:/uni-prop/UnicornApprovalsNamespace}}"
         - Key: stage
           Value: !Ref Stage
 
@@ -324,38 +324,38 @@ Resources:
         - Key: project
           Value: !FindInMap [Constants, ProjectName, Value]
         - Key: namespace
-          Value: "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}"
+          Value: "{{resolve:ssm:/uni-prop/UnicornApprovalsNamespace}}"
         - Key: stage
           Value: !Ref Stage
 
   #### EVENT BUS
   # Event bus for Unicorn Properties Service, used to publish and consume events
-  UnicornPropertiesEventBus:
+  UnicornApprovalsEventBus:
     Type: AWS::Events::EventBus
     DeletionPolicy: Delete
     UpdateReplacePolicy: Delete
     Properties:
       Name: !Sub UnicornPropertiesBus-${Stage}
 
-  # Event bus policy to restrict who can publish events (should only be services from UnicornPropertiesNamespace)
+  # Event bus policy to restrict who can publish events (should only be services from UnicornApprovalsNamespace)
   UnicornPropertiesEventsBusPublishPolicy:
     Type: AWS::Events::EventBusPolicy
     DeletionPolicy: Delete
     UpdateReplacePolicy: Delete
     Properties:
-      EventBusName: !Ref UnicornPropertiesEventBus
+      EventBusName: !Ref UnicornApprovalsEventBus
       StatementId: !Sub OnlyPropertiesServiceCanPublishToEventBus-${Stage}
       Statement:
         Effect: Allow
         Principal:
           AWS:
             - !Sub "arn:${AWS::Partition}:iam::${AWS::AccountId}:root"
         Action: events:PutEvents
-        Resource: !GetAtt UnicornPropertiesEventBus.Arn
+        Resource: !GetAtt UnicornApprovalsEventBus.Arn
         Condition:
           StringEquals:
             events:source:
-              - "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}"
+              - "{{resolve:ssm:/uni-prop/UnicornApprovalsNamespace}}"
 
   # Catchall rule used for development purposes. Logs all events matching any of the services to CloudWatch Logs
   UnicornPropertiesCatchAllRule:
@@ -365,13 +365,13 @@ Resources:
     Properties:
       Name: properties.catchall
       Description: Catchall rule used for development purposes.
-      EventBusName: !Ref UnicornPropertiesEventBus
+      EventBusName: !Ref UnicornApprovalsEventBus
       EventPattern:
         account:
           - !Ref AWS::AccountId
         source:
           - "{{resolve:ssm:/uni-prop/UnicornContractsNamespace}}"
-          - "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}"
+          - "{{resolve:ssm:/uni-prop/UnicornApprovalsNamespace}}"
           - "{{resolve:ssm:/uni-prop/UnicornWebNamespace}}"
       State: ENABLED #You may want to disable this rule in production
       Targets:
@@ -387,7 +387,7 @@ Resources:
       LogGroupName: !Sub
         - "/aws/events/${Stage}/${NS}-catchall"
         - Stage: !Ref Stage
-          NS: "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}"
+          NS: "{{resolve:ssm:/uni-prop/UnicornApprovalsNamespace}}"
       RetentionInDays: !FindInMap [LogsRetentionPeriodMap, !Ref Stage, Days]
 
   # Permissions to allow EventBridge to send logs to CloudWatch
@@ -436,7 +436,7 @@ Resources:
     UpdateReplacePolicy: Delete
     DeletionPolicy: Delete
     DependsOn:
-      - UnicornPropertiesEventBusNameParam
+      - UnicornApprovalsEventBusNameParam
     Properties:
       Location: "integration/subscriber-policies.yaml"
       Parameters:
@@ -448,7 +448,7 @@ Resources:
     UpdateReplacePolicy: Delete
     DeletionPolicy: Delete
     DependsOn:
-      - UnicornPropertiesEventBusArnParam
+      - UnicornApprovalsEventBusArnParam
     Properties:
       Location: "integration/subscriptions.yaml"
       Parameters:
@@ -484,7 +484,7 @@ Outputs:
 
   #### EVENT BRIDGE OUTPUTS
   UnicornPropertiesEventBusName:
-    Value: !GetAtt UnicornPropertiesEventBus.Name
+    Value: !GetAtt UnicornApprovalsEventBus.Name
 
   #### CLOUDWATCH LOGS OUTPUTS
   UnicornPropertiesCatchAllLogGroupArn:

unicorn_contracts/template.yaml

@@ -293,7 +293,7 @@ Resources:
           - !Ref AWS::AccountId
         source:
           - "{{resolve:ssm:/uni-prop/UnicornContractsNamespace}}"
-          - "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}"
+          - "{{resolve:ssm:/uni-prop/UnicornApprovalsNamespace}}"
           - "{{resolve:ssm:/uni-prop/UnicornWebNamespace}}"
       State: ENABLED #You may want to disable this rule in production
       Targets:

unicorn_shared/Makefile

@@ -32,3 +32,6 @@ delete-images: ## Deletes all shared images stacks
 					--stack-name "uni-prop-$$env-images"; \
 			fi; \
 		done
+
+list-parameters: ## Lists all parameters in the Unicorn Properties namespace
+	aws ssm get-parameters-by-path --path "/uni-prop" --recursive --with-decryption --query 'Parameters[*].[Name,Value,Type]' --output table

unicorn_shared/uni-prop-namespaces.yaml

@@ -14,12 +14,12 @@ Resources:
       Name: !Sub /uni-prop/UnicornContractsNamespace
       Value: "unicorn.contracts"
 
-  UnicornPropertiesNamespaceParam: 
+  UnicornApprovalsNamespaceParam: 
     Type: AWS::SSM::Parameter
     Properties:
       Type: String
-      Name: !Sub /uni-prop/UnicornPropertiesNamespace
-      Value: "unicorn.properties"
+      Name: !Sub /uni-prop/UnicornApprovalsNamespace
+      Value: "unicorn.approvals"
 
   UnicornWebNamespaceParam: 
     Type: AWS::SSM::Parameter
@@ -35,9 +35,9 @@ Outputs:
     Description: Unicorn Contracts namespace parameter
     Value: !Ref UnicornContractsNamespaceParam
 
-  UnicornPropertiesNamespace:
+  UnicornApprovalsNamespace:
     Description: Unicorn Properties namespace parameter
-    Value: !Ref UnicornPropertiesNamespaceParam
+    Value: !Ref UnicornApprovalsNamespaceParam
 
   UnicornWebNamespace:
     Description: Unicorn Web namespace parameter
@@ -49,7 +49,7 @@ Outputs:
 
   UnicornPropertiesNamespaceValue:
     Description: Unicorn Properties namespace parameter value
-    Value: !GetAtt UnicornPropertiesNamespaceParam.Value
+    Value: !GetAtt UnicornApprovalsNamespaceParam.Value
 
   UnicornWebNamespaceValue:
     Description: Unicorn Web namespace parameter value