Release 3.3.17 (#152)

Author: gsingh04

.gitignore

@@ -3,11 +3,14 @@ global-s3-assets
 regional-s3-assets
 open-source
 
+**/assets/stno_config.js
+
 # Generated ouputs
 console-manifest.json
 dist
 source/**/coverage
 coverage.xml
+.coverage
 *pycache*
 npm-debug.log
 *.zip

CHANGELOG.md

@@ -5,6 +5,17 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.3.17] - 2025-06-10
+
+### Security
+
+- Bump `webpack-dev-server` to mitigate [CVE-2025-30360](https://avd.aquasec.com/nvd/cve-2025-30360)
+
+### Changed
+
+- Remove `requirements.txt` in favor of `poetry.lock` for dependency management with poetry
+- Refactor `lambda` as standard python package with poetry
+
 ## [3.3.16] - 2025-05-30
 
 ### Security

NOTICE.txt

@@ -635,6 +635,7 @@ react-scripts under the MIT license.
 jest-serializer under the MIT license.
 is-typedarray under the MIT license.
 typedarray-to-buffer under the MIT license.
+typescript under the Apache-2.0 license.
 @pmmmwh/react-refresh-webpack-plugin under the MIT license.
 webpack under the MIT license.
 eslint-scope under the BSD-2-Clause license.
@@ -1112,6 +1113,7 @@ utila under the MIT license.
 htmlparser2 under the MIT license.
 identity-obj-proxy under the MIT license.
 harmony-reflect under the Apache-2.0 license.
+jest under the MIT license.
 @jest/core under the MIT license.
 @jest/console under the MIT license.
 @jest/reporters under the MIT license.
@@ -1420,6 +1422,7 @@ rxjs under the Apache-2.0 license.
 through under the MIT license.
 is-node-process under the MIT license.
 js-levenshtein under the MIT license.
+@aws-sdk/client-cognito-identity-provider under the Apache-2.0 license.
 @smithy/is-array-buffer under the Apache-2.0 license.
 @smithy/util-buffer-from under the Apache-2.0 license.
 @smithy/util-utf8 under the Apache-2.0 license.
@@ -1464,6 +1467,7 @@ js-levenshtein under the MIT license.
 @smithy/util-defaults-mode-node under the Apache-2.0 license.
 @smithy/credential-provider-imds under the Apache-2.0 license.
 @aws-sdk/token-providers under the Apache-2.0 license.
+winston under the MIT license.
 @colors/colors under the MIT license.
 @dabh/diagnostics under the MIT license.
 colorspace under the MIT license.
@@ -1482,6 +1486,8 @@ one-time under the MIT license.
 fn.name under the MIT license.
 stack-trace under the MIT license.
 winston-transport under the MIT license.
+decode-uri-component under the MIT license.
+ts-node under the MIT license.
 diff under the BSD-3-Clause license.
 @cspotcode/source-map-support under the MIT license.
 @tsconfig/node10 under the MIT license.
@@ -1495,7 +1501,9 @@ yn under the MIT license.
 @jest/expect under the MIT license.
 pure-rand under the MIT license.
 create-jest under the MIT license.
+ts-jest under the MIT license.
 bs-logger under the MIT license.
+aws-sdk-client-mock under the MIT license.
 @aws-sdk/client-s3 under the Apache-2.0 license.
 @aws-crypto/sha1-browser under the Apache-2.0 license.
 @aws-sdk/middleware-bucket-endpoint under the Apache-2.0 license.
@@ -1527,30 +1535,57 @@ nise under the BSD-3-Clause license.
 @sinonjs/text-encoding under the Apache-2.0 license.
 just-extend under the MIT license.
 aws-lambda-powertools under the MIT license.
-typing_extensions
-aws_lambda_typing under the MIT license.
+aws-lambda-typing under the MIT license.
 boto3 under the Apache-2.0 license.
+boto3-stubs under the MIT license.
 botocore under the Apache-2.0 license.
+botocore-stubs under the MIT license.
+certifi under the MPL-2.0 license.
+cffi under the MIT license.
+charset-normalizer under the MIT license.
+colorama under the 0BSD license.
+coverage under the Apache-2.0 license.
+cryptography under the Apache-2.0 license.
+exceptiongroup under the MIT license.
+freezegun under the Apache-2.0 license.
+idna under the 0BSD license.
+iniconfig under the MIT license.
+jinja2 under the 0BSD license.
 jmespath under the MIT license.
-python-dateutil under the Apache-2.0 license.
-six under the MIT license.
-boto3-stubs under the MIT license.
+markupsafe under the 0BSD license.
+mock under the 0BSD license.
 moto under the Apache-2.0 license.
-pytest-mock under the MIT license.
+mypy-boto3-cloudformation under the MIT license.
+mypy-boto3-dynamodb under the MIT license.
+mypy-boto3-ec2 under the MIT license.
+mypy-boto3-lambda under the MIT license.
+mypy-boto3-logs under the MIT license.
+mypy-boto3-organizations under the MIT license.
+mypy-boto3-ram under the MIT license.
+mypy-boto3-rds under the MIT license.
+mypy-boto3-s3 under the MIT license.
+mypy-boto3-sns under the MIT license.
+mypy-boto3-sqs under the MIT license.
+mypy-boto3-stepfunctions under the MIT license.
+mypy-boto3-sts under the MIT license.
+packaging under the Apache-2.0 license.
+pluggy under the MIT license.
+pycparser under the 0BSD license.
 pytest under the MIT license.
-sure under the GNU General Public License v3 or later (GPLv3+) license(s).
-pipdeptree under the MIT license.
-coverage under the Apache-2.0 license.
-freezegun under the Apache-2.0 license.
-typescript under the Apache-2.0 license.
-jest under the MIT license.
-@aws-sdk/client-cognito-identity-provider under the Apache-2.0 license.
-winston under the MIT license.
-decode-uri-component under the MIT license.
-ts-node under the MIT license.
-ts-jest under the MIT license.
-aws-sdk-client-mock under the MIT license.
-typing_extensions
+pytest-mock under the MIT license.
+python-dateutil under the Apache-2.0 license.
+pyyaml under the MIT license.
+requests under the Apache-2.0 license.
+responses under the Apache-2.0 license.
+s3transfer under the Apache-2.0 license.
+six under the MIT license.
+tomli under the MIT license.
+types-awscrt under the MIT license.
+types-s3transfer under the MIT license.
+typing-extensions
+urllib3
+werkzeug under the 0BSD license.
+xmltodict under the MIT license.
 
 ********************
 OPEN SOURCE LICENSES
@@ -1568,4 +1603,4 @@ MIT - https://opensource.org/license/mit/
 MPL-2.0 - https://www.mozilla.org/MPL/2.0/
 Python-2.0 - https://opensource.org/licenses/Python-2.0
 Unlicense - https://unlicense.org/
-Zlib - http://www.zlib.net/zlib_license.html
+Zlib - http://www.zlib.net/zlib_license.html

README.md

@@ -63,6 +63,7 @@ Use the following steps if you want to customize the solution or extend the solu
 ### Setup
 
 - Python Prerequisite: python=3.11 | pip3=23.2.1
+- Poetry >=2.1.3
 - Javascript Prerequisite: node=v18.16.0 | npm=9.5.1
 
 Clone the repository and make desired code changes.
@@ -78,10 +79,15 @@ _Note: The following steps have been tested under the preceding pre-requisites._
 Run unit tests to ensure that your added customization passes the tests.
 
 ```
-cd ./source
-chmod +x ./run-unit-tests.sh
-./run-unit-tests.sh
-cd ..
+# Python
+cd ./source/lambda
+poetry install
+poetry run pytest
+
+# Nodejs
+cd ./source/ui
+npm ci
+npm run test 
 ```
 
 _✅ Ensure that all unit tests pass. Review the generated coverage report._

deployment/build-s3-dist.sh

@@ -45,6 +45,12 @@ mkdir -p $template_dist_dir
 rm -rf $build_dist_dir
 mkdir -p $build_dist_dir
 
+headline "[Prereqs] Validate poetry installed"
+if ! command -v poetry &> /dev/null; then
+    echo "Poetry is not installed, exiting..."
+    exit 1
+fi
+
 headline "[Init] Clean python generated files & folders"
 cd $lambda_dir
 find . -iname ".venv" -type d | xargs rm -rf
@@ -53,10 +59,25 @@ find . -iname "dist" -type d | xargs rm -rf
 find . -type f -name ".pytest_cache" -delete
 find . -type f -name ".coverage" -delete
 
-headline "[Init] Initiating virtual environment"
-python3 -m venv .venv --upgrade-deps
-source .venv/bin/activate
-pip3 install -r requirements.txt
+headline "[Configure] Poetry"
+poetry config virtualenvs.in-project true --local
+poetry config virtualenvs.options.no-pip true --local
+poetry config virtualenvs.options.always-copy true --local
+
+
+headline "[Install] Solution python package"
+# poetry installs solution in editable mode with symlinks, not apt for packaging
+# build solution wheel and install in poetry environment
+poetry build -f wheel
+poetry run pip install dist/*
+
+headline "[Package] Solution lambda"
+rm -rf dist
+mkdir -p dist
+rsync -a .venv/lib/python3.11/site-packages/ ./dist/ --exclude '*dist-info*' --exclude '*.pyc' --exclude '*__pycache__*'
+cd dist
+zip -rq "$2.zip" .
+cp -R "$2.zip" $build_dist_dir
 
 headline "[Build] Build cognito-trigger function"
 echo "cd $source_dir/cognito-trigger"
@@ -65,30 +86,14 @@ echo "npm run build:all"
 npm run build:all
 cp -R "dist/cognito-trigger.zip" $build_dist_dir
 
-headline "[Build] Lambda zips for STNO Solution"
-cd $lambda_dir
-for microservices in */ ; do
-  echo "building $microservices"
-  microservice_name=$(basename $microservices)
-  cd $lambda_dir/$microservice_name
-  mkdir -p dist/$microservice_name
-  rsync -aq --exclude 'setuptools/' --exclude 'setuptools-*.dist-info/' --exclude 'pkg_resources/' $lambda_dir/.venv/lib/python3.11/site-packages/ ./dist/
-  cp -R lib __init__.py main.py ./dist/$microservice_name/
-  cd dist
-  zip -rq "$microservice_name.zip" .
-  cp -R "$microservice_name.zip" $build_dist_dir
-  rm -rf $lambda_dir/$microservice_name/dist
-done
-deactivate
-
 headline "[Stage] Copy ui files to regional-s3-assets, build console and zip"
 cp -R $source_dir/ui $build_dist_dir/
 mkdir -p $build_dist_dir/graphql
 cp -R $source_dir/ui/src/graphql/schema.graphql $source_dir/ui/src/graphql/resolver $source_dir/ui/src/graphql/function $build_dist_dir/graphql
 cd $build_dist_dir/ui/
-[ -e node_modules ] && rm -rf node_modules 
+[ -e node_modules ] && rm -rf node_modules
 npm ci
-[ -e build ] && rm -r build 
+[ -e build ] && rm -r build
 npm run build
 cp -R ./build ../console
 cd ../../.. && rm -rf $build_dist_dir/ui
@@ -98,7 +103,7 @@ cd $template_dir/manifest-generator
 [ -e node_modules ] && rm -rf node_modules
 npm ci
 node app.js --target "$build_dist_dir/console" --output "$build_dist_dir/console-manifest.json"
-cd $build_dist_dir && zip -rq ./custom_resource.zip ./console-manifest.json
+cd $build_dist_dir && zip -rq ./$2.zip ./console-manifest.json
 cd ../..
 
 headline "[Stage] Copy templates to global-s3-assets directory"

deployment/network-orchestration-hub.template

@@ -382,6 +382,7 @@ Mappings:
       RetentionPeriod: 90
   SourceCode:
     General:
+      LambdaZip: "%SOLUTION_NAME%.zip"
       S3Bucket: "%DIST_BUCKET_NAME%"
       KeyPrefix: "network-orchestration-for-aws-transit-gateway/%VERSION%"
       Version: "%VERSION%"
@@ -814,9 +815,9 @@ Resources:
           PARTITION: !Sub ${AWS::Partition}
       Code:
         S3Bucket: !Join ["-", [!FindInMap ["SourceCode", "General", "S3Bucket"], !Ref "AWS::Region"]]
-        S3Key: !Join ["/", [!FindInMap ["SourceCode", "General", "KeyPrefix"],"custom_resource.zip"]]
+        S3Key: !Join ["/", [!FindInMap ["SourceCode", "General", "KeyPrefix"], !FindInMap ["SourceCode", "General", "LambdaZip"]]]
       Description: Network Orchestration for AWS Transit Gateway - custom resource handler
-      Handler: custom_resource.main.lambda_handler
+      Handler: solution.custom_resource.main.lambda_handler
       MemorySize: 1536
       Role: !Sub ${CustomResourceLambdaFunctionRole.Arn}
       Runtime: python3.11
@@ -1055,9 +1056,9 @@ Resources:
           APPLICATION_TAG_VALUE: !GetAtt Application.ApplicationTagValue
       Code:
         S3Bucket: !Join ["-", [!FindInMap ["SourceCode", "General", "S3Bucket"], Ref: "AWS::Region"]]
-        S3Key: !Join ["/", [!FindInMap ["SourceCode", "General", "KeyPrefix"],"tgw_vpc_attachment.zip"]]
+        S3Key: !Join ["/", [!FindInMap ["SourceCode", "General", "KeyPrefix"], !FindInMap ["SourceCode", "General", "LambdaZip"]]]
       Description: Network Orchestration for AWS Transit Gateway - State Machine Handler
-      Handler: tgw_vpc_attachment.main.lambda_handler
+      Handler: solution.tgw_vpc_attachment.main.lambda_handler
       MemorySize: 1536
       Role: !GetAtt 'StateMachineLambdaFunctionRole.Arn'
       Runtime: python3.11
@@ -2149,9 +2150,9 @@ Resources:
           PARTITION: !Sub ${AWS::Partition}
       Code:
         S3Bucket: !Join ["-", [!FindInMap ["SourceCode", "General", "S3Bucket"], Ref: "AWS::Region"]]
-        S3Key: !Join ["/", [!FindInMap ["SourceCode", "General", "KeyPrefix"],"tgw_peering_attachment.zip"]]
+        S3Key: !Join ["/", [!FindInMap ["SourceCode", "General", "KeyPrefix"], !FindInMap ["SourceCode", "General", "LambdaZip"]]]
       Description: Network Orchestration for AWS Transit Gateway - TGW peering attachment handler
-      Handler: tgw_peering_attachment.main.lambda_handler
+      Handler: solution.tgw_peering_attachment.main.lambda_handler
       MemorySize: 1536
       Role: !Sub ${TgwPeeringLambdaFunctionRole.Arn}
       Runtime: python3.11

deployment/network-orchestration-spoke.template

@@ -30,6 +30,7 @@ Mappings:
       Name: "Network-Orchestrator-Event-Bus"
   SourceCode:
     General:
+      LambdaZip: "%SOLUTION_NAME%.zip"
       S3Bucket: "%DIST_BUCKET_NAME%"
       KeyPrefix: "network-orchestration-for-aws-transit-gateway/%VERSION%"
       Version: "%VERSION%"
@@ -245,9 +246,9 @@ Resources:
           PARTITION: !Sub ${AWS::Partition}
       Code:
         S3Bucket: !Join ["-", [!FindInMap ["SourceCode", "General", "S3Bucket"], !Ref "AWS::Region"]]
-        S3Key: !Join ["/", [!FindInMap ["SourceCode", "General", "KeyPrefix"],"custom_resource.zip"]]
+        S3Key: !Join ["/", [!FindInMap ["SourceCode", "General", "KeyPrefix"], !FindInMap ["SourceCode", "General", "LambdaZip"]]]
       Description: Network Orchestration for AWS Transit Gateway - custom resource handler
-      Handler: custom_resource.main.lambda_handler
+      Handler: solution.custom_resource.main.lambda_handler
       MemorySize: 512
       Role: !Sub ${CustomResourceLambdaFunctionRole.Arn}
       Runtime: python3.11

source/cognito-trigger/package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "cognito-trigger",
-  "version": "3.3.16",
+  "version": "3.3.17",
   "description": "Triggered when a new user is confirmed in the user pool to allow for custom actions to be taken",
   "author": {
     "name": "Amazon Web Services",

source/cognito-trigger/package.json

@@ -0,0 +1 @@
+3.11