Merge pull request #112 from zehsor/fix/dependencies

fix: dependencies + log bucket encryption + single header cloudformation warning
globaldatanet · Jun 15, 2023 · 1f3083f · 1f3083f
2 parents 447c456 + 2d597da
commit 1f3083f
Show file tree

Hide file tree

Showing 9 changed files with 2,581 additions and 6,272 deletions.
diff --git a/.eslintignore b/.eslintignore
@@ -1,3 +1,4 @@
 node_modules
 dist
-cdk.out
+cdk.out
+jest.config.js
diff --git a/.eslintrc b/.eslintrc
@@ -40,6 +40,7 @@
     "no-magic-numbers": "off",
     "no-underscore-dangle": "off",
     "no-process-env": "off",
-    "func-style": ["error", "declaration", { "allowArrowFunctions": true }]
+    "func-style": ["error", "declaration", { "allowArrowFunctions": true }],
+    "@typescript-eslint/no-explicit-any": "off"
   }
 }
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,21 @@
 
 ## Released
 
+## 3.2.3
+### Fixed
+- Bump eslint from 8.41.0 to 8.42.0
+- Bump @typescript-eslint/eslint-plugin from 4.4.0 to 5.59.11
+- Bump @typescript-eslint/parser from 4.4.0 to 5.59.11
+- Bump eslint-plugin-import from 2.24.2 to 2.27.5
+- Bump jest from 26.4.2 to 29.5.0
+- Bump ts-jest from 26.2.0 to 29.1.0
+- pinned dependencies to avoid conflicting peer dependencies
+- fix eslint issues
+- fix logging bucket encryption issues referencing [23513](https://github.com/aws/aws-cdk/issues/23513)
+- fix cloudformation warning when using statements that inspect single headers (lowercase name key)
+
+### Added
+- Added Linting command `lint` to npm scripts which can be run via `npm run lint`◊
 ## 3.2.2
 ### Fixed
 - Bump @aws-sdk/client-pricing from 3.332.0 to 3.341.0

diff --git a/bin/aws-firewall-factory.ts b/bin/aws-firewall-factory.ts
@@ -8,7 +8,6 @@ import { Config, Prerequisites, PriceRegions, RegionString } from "../lib/types/
 import { isPolicyQuotaReached, isWcuQuotaReached, setOutputsFromStack, initRuntimeProperties } from "../lib/tools/helpers";
 import {isPriceCalculated, GetCurrentPrices} from "../lib/tools/price-calculator";
 import * as packageJsonObject from "../package.json";
-import { env } from "process";
 
 
 /**
@@ -128,8 +127,8 @@ if (configFile && existsSync(configFile)) {
             account: process.env.CDK_DEFAULT_ACCOUNT,
           },
         });
-        const Prices = await GetCurrentPrices(PriceRegions[deploymentRegion as RegionString], runtimeProperties, config,deploymentRegion);
-        const PriceCalculated = await isPriceCalculated(runtimeProperties);
+        await GetCurrentPrices(PriceRegions[deploymentRegion as RegionString], runtimeProperties, config,deploymentRegion);
+        await isPriceCalculated(runtimeProperties);
       })();
     } else {
       console.log(`

diff --git a/lib/firewall-stack.ts b/lib/firewall-stack.ts
@@ -482,7 +482,8 @@ function buildServiceDataCustomRGs(scope: Construct, type: "Pre" | "Post", capac
           name: rulename,
           priority: count,
           action: toAwsCamel(statement.Action),
-          statement: toAwsCamel(statement.Statement),
+          // fixes cloudformation warning "required key [Name] not found" in statements like "SingleHeader"
+          statement: JSON.parse(JSON.stringify(toAwsCamel(statement.Statement))?.replace(/name/g,"Name")),
           visibilityConfig: {
             sampledRequestsEnabled:
               statement.VisibilityConfig.SampledRequestsEnabled,

diff --git a/lib/prerequisites-stack.ts b/lib/prerequisites-stack.ts
@@ -53,12 +53,11 @@ export class PrerequisitesStack extends cdk.Stack {
 
       const accesslogsbucket = new s3.Bucket(this, "AWS-Firewall-Factory-LoggingBucket-AccessLogs", {
         blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL,
-        encryption: props.prerequisites.Logging.BucketProperties?.KmsEncryptionKey ? s3.BucketEncryption.KMS : s3.BucketEncryption.S3_MANAGED,
-        encryptionKey,
+        encryption: s3.BucketEncryption.S3_MANAGED,
         enforceSSL: true,
         lifecycleRules: [lifecycleRule],
         versioned: true,
-        objectOwnership: s3.ObjectOwnership.BUCKET_OWNER_ENFORCED,
+        objectOwnership: s3.ObjectOwnership.BUCKET_OWNER_PREFERRED,
         removalPolicy: cdk.RemovalPolicy.RETAIN,
         bucketName: props.prerequisites.Logging.BucketProperties?.BucketName ? props.prerequisites.General.Prefix.toLocaleLowerCase().toLocaleLowerCase() + "-" + props.prerequisites.Logging.BucketProperties?.BucketName + "-access-logs" : props.prerequisites.General.Prefix.toLocaleLowerCase() + "-awsfirewallfactory-logging-access-logs" + account_id + "-" + region
       });
@@ -71,7 +70,7 @@ export class PrerequisitesStack extends cdk.Stack {
         lifecycleRules: [lifecycleRule],
         serverAccessLogsBucket: accesslogsbucket,
         versioned: props.prerequisites.Logging.BucketProperties?.ObjectLock ? true : false,
-        objectOwnership: s3.ObjectOwnership.BUCKET_OWNER_ENFORCED,
+        objectOwnership: s3.ObjectOwnership.BUCKET_OWNER_PREFERRED,
         removalPolicy: cdk.RemovalPolicy.RETAIN,
         bucketName: props.prerequisites.Logging.BucketProperties?.BucketName ? props.prerequisites.General.Prefix.toLocaleLowerCase() + "-" + props.prerequisites.Logging.BucketProperties?.BucketName : props.prerequisites.General.Prefix.toLocaleLowerCase() + "-awsfirewallfactory-logging-" + account_id + "-" + region
       });

diff --git a/lib/tools/helpers.ts b/lib/tools/helpers.ts
@@ -182,7 +182,7 @@ export async function setOutputsFromStack(deploymentRegion: string, runtimeprops
   const command = new cloudformation.DescribeStacksCommand(params);
   const responsestack = await cloudformation_client.send(command);
   if(responsestack.Stacks?.[0].StackName && responsestack.Stacks?.[0].Outputs !== undefined){
-    for(const output of responsestack.Stacks?.[0].Outputs){
+    for(const output of responsestack.Stacks?.[0]?.Outputs ?? []){
       if(output.OutputKey === "DeployedRuleGroupNames")
       {
         runtimeprops.PreProcess.DeployedRuleGroupNames = output.OutputValue?.split(",",output.OutputValue?.length) || [];