Merge pull request #346 from globaldatanet/pullrequests/vboufleur/fix…

…/several

4.3.0

.github/workflows/docs.yml

@@ -14,8 +14,6 @@ on:
   push:
     branches:
       - master
-      - 4.1.4
-      - bugfix
 jobs:
   deploy_production_main:
     name: Update Documentation

.github/workflows/fwf_enumCheck.yml

@@ -21,13 +21,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: ⬇️ Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4.1.1
       - name: ☊ Use Node.js
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@v4.0.2
         with:
-          node-version: '18.x'
+          node-version: '21.x'
       - name: 💾 Cache Node.js modules
-        uses: actions/cache@v2
+        uses: actions/cache@v4.0.2
         with:
           path: ~/.npm
           key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }}
@@ -42,7 +42,7 @@ jobs:
         run: |
           npm install
       - name: 🔑 Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v1.7.0
+        uses: aws-actions/configure-aws-credentials@v4.0.2
         env:
           ACCOUNT_ID: ${{ env.AWS_ACCOUNT }}
         with:

.github/workflows/linting.yml

@@ -7,17 +7,16 @@ on:
   push:
     branches:
       - master
-      - linting
 
 jobs:
   nodejs-test:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        version: [18, 20]
+        version: [21]
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
+      - uses: actions/checkout@v4.1.1
+      - uses: actions/setup-node@v4.0.2
         with:
           node-version: ${{ matrix.version }}
           cache: "npm"

.github/workflows/waf_test_ipSets.yml

@@ -1,5 +1,6 @@
 name: IpSet-Firewall
 
+
 env:
   AWS_REGION: eu-central-1
   AWS_ROLE: FirewallFactoryGithubPipelineRole
@@ -9,16 +10,14 @@ permissions:
   id-token: write
   contents: read
 
-concurrency: ci-${{ github.ref }}
+# concurrency:
+#   group: test_envrionment
+#   cancel-in-progress: true
 
 on:
   push:
     branches:
       - master
-    paths:
-      - 'bin/**/*'
-      - 'lib/**/*'
-      - 'package*.json'
   pull_request:
     branches:
       - master
@@ -32,16 +31,16 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: ⬇️ Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4.1.1
       - name: 📁 Install Taskfile
         run: |
           npm install -g @go-task/cli
       - name: ☊ Use Node.js
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@v4.0.2
         with:
-          node-version: '18.x'
+          node-version: '21.x'
       - name: 💾 Cache Node.js modules
-        uses: actions/cache@v2
+        uses: actions/cache@v4.0.2
         with:
           path: ~/.npm
           key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }}
@@ -50,13 +49,13 @@ jobs:
             ${{ runner.OS }}-
       - name: 🌐 Install CDK and typescript globally
         run: |
-          npm i -g aws-cdk typescript ts-node @types/node
+          npm i -g aws-cdk typescript ts-node @types/node yarn
           npm link typescript
       - name: 📦 Install Packages
         run: |
           npm install
       - name: 🔑 Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v1.7.0
+        uses: aws-actions/configure-aws-credentials@v4.0.2
         env:
           ACCOUNT_ID: ${{ env.AWS_ACCOUNT }}
         with:
@@ -65,9 +64,9 @@ jobs:
           role-session-name: GitHubActionsSession
           mask-aws-account-id: false
       - name: 🚀 Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
       - name: 🫙 Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3.3.0
       - name: 🔥 Deploy Firewall to AWS
         run: |
           task deploy config=ipSetsTests

.github/workflows/waf_test_onlymanagedrulegroups.yml

@@ -9,16 +9,14 @@ permissions:
   id-token: write
   contents: read
 
-concurrency: ci-${{ github.ref }}
+# concurrency:
+#   group: test_envrionment
+#   cancel-in-progress: true
 
 on:
   push:
     branches:
       - master
-    # paths:
-    #   - 'bin/**/*'
-    #   - 'lib/**/*'
-    #   - 'package*.json'
   pull_request:
     branches:
       - master
@@ -32,16 +30,16 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: ⬇️ Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4.1.1
       - name: 📁 Install Taskfile
         run: |
           npm install -g @go-task/cli
       - name: ☊ Use Node.js
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@v4.0.2
         with:
-          node-version: '18.x'
+          node-version: '21.x'
       - name: 💾 Cache Node.js modules
-        uses: actions/cache@v2
+        uses: actions/cache@v4.0.2
         with:
           path: ~/.npm
           key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }}
@@ -50,13 +48,13 @@ jobs:
             ${{ runner.OS }}-
       - name: 🌐 Install CDK and typescript globally
         run: |
-          npm i -g aws-cdk typescript ts-node @types/node
+          npm i -g aws-cdk typescript ts-node @types/node yarn
           npm link typescript
       - name: 📦 Install Packages
         run: |
           npm install
       - name: 🔑 Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v1.7.0
+        uses: aws-actions/configure-aws-credentials@v4.0.2
         env:
           ACCOUNT_ID: ${{ env.AWS_ACCOUNT }}
         with:
@@ -65,9 +63,9 @@ jobs:
           role-session-name: GitHubActionsSession
           mask-aws-account-id: false
       - name: 🚀 Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
       - name: 🫙 Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3.3.0
       - name: 🔥 Deploy Firewall to AWS
         run: |
           task deploy config=onlyManagedRuleGroupsTests

.github/workflows/waf_test_rateBasedwithScopeDown.yml

@@ -0,0 +1,75 @@
+name: RateBased-with-ScopeDown-Firewall
+
+
+env:
+  AWS_REGION: eu-central-1
+  AWS_ROLE: FirewallFactoryGithubPipelineRole
+  AWS_ACCOUNT: 859220371210
+
+permissions:
+  id-token: write
+  contents: read
+
+# concurrency:
+#   group: test_envrionment
+#   cancel-in-progress: true
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - master
+    paths:
+      - 'bin/**/*'
+      - 'lib/**/*'
+      - 'package*.json'
+jobs:
+  deploy_production_main:
+    name: Test and deploy RateBased-with-ScopeDown Firewall
+    runs-on: ubuntu-latest
+    steps:
+      - name: ⬇️ Checkout
+        uses: actions/[email protected]
+      - name: 📁 Install Taskfile
+        run: |
+          npm install -g @go-task/cli
+      - name: ☊ Use Node.js
+        uses: actions/[email protected]
+        with:
+          node-version: '21.x'
+      - name: 💾 Cache Node.js modules
+        uses: actions/[email protected]
+        with:
+          path: ~/.npm
+          key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.OS }}-node-
+            ${{ runner.OS }}-
+      - name: 🌐 Install CDK and typescript globally
+        run: |
+          npm i -g aws-cdk typescript ts-node @types/node yarn
+          npm link typescript
+      - name: 📦 Install Packages
+        run: |
+          npm install
+      - name: 🔑 Configure AWS credentials
+        uses: aws-actions/[email protected]
+        env:
+          ACCOUNT_ID: ${{ env.AWS_ACCOUNT }}
+        with:
+          role-to-assume: arn:aws:iam::${{ env.ACCOUNT_ID }}:role/${{ env.AWS_ROLE }}
+          aws-region: ${{ env.AWS_REGION }}
+          role-session-name: GitHubActionsSession
+          mask-aws-account-id: false
+      - name: 🚀 Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: 🫙 Set up Docker Buildx
+        uses: docker/[email protected]
+      - name: 🔥 Deploy Firewall to AWS
+        run: |
+          task deploy config=rateBasedwithScopeDownTests
+      - name: 🗑️ Remove Firewall from AWS
+        run: |
+          task destroy config=rateBasedwithScopeDownTests

.github/workflows/waf_test_regexPatternSets.yml

@@ -9,40 +9,37 @@ permissions:
   id-token: write
   contents: read
 
-concurrency: ci-${{ github.ref }}
+# concurrency:
+#   group: test_envrionment
+#   cancel-in-progress: true
 
 on:
   push:
     branches:
       - master
-    paths:
-      - 'bin/**/*'
-      - 'lib/**/*'
-      - 'package*.json'
   pull_request:
     branches:
       - master
     paths:
       - 'bin/**/*'
       - 'lib/**/*'
       - 'package*.json'
-
 jobs:
   deploy_production_main:
     name: Test and deploy RegexPatternSets Firewall
     runs-on: ubuntu-latest
     steps:
       - name: ⬇️ Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4.1.1
       - name: 📁 Install Taskfile
         run: |
           npm install -g @go-task/cli
       - name: ☊ Use Node.js
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@v4.0.2
         with:
-          node-version: '18.x'
+          node-version: '21.x'
       - name: 💾 Cache Node.js modules
-        uses: actions/cache@v2
+        uses: actions/cache@v4.0.2
         with:
           path: ~/.npm
           key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }}
@@ -51,13 +48,13 @@ jobs:
             ${{ runner.OS }}-
       - name: 🌐 Install CDK and typescript globally
         run: |
-          npm i -g aws-cdk typescript ts-node @types/node
+          npm i -g aws-cdk typescript ts-node @types/node yarn
           npm link typescript
       - name: 📦 Install Packages
         run: |
           npm install
       - name: 🔑 Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v1.7.0
+        uses: aws-actions/configure-aws-credentials@v4.0.2
         env:
           ACCOUNT_ID: ${{ env.AWS_ACCOUNT }}
         with:
@@ -66,9 +63,9 @@ jobs:
           role-session-name: GitHubActionsSession
           mask-aws-account-id: false
       - name: 🚀 Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
       - name: 🫙 Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3.3.0
       - name: 🔥 Deploy Firewall to AWS
         run: |
           task deploy config=regexPatternSetsTests

.npmrc

@@ -0,0 +1 @@
+engine-strict=true

CHANGELOG.md

@@ -2,6 +2,32 @@
 
 ## Released
 
+## 4.3.0
+### Added
+- Allow reusing ipsets with same name. This commit differentiate ipsets from different FMS configs by adding the name of the webacl to it. Without this commit, trying to run aws-firewall-factory for two configs which uses a ipset with the same name would give a error on CloudFormation ('IpSet with name x already exists') - (Add Name of web application firewall to the IPSet Name) - ⚠️ Existing IPsets will be replaced during next update.
+- CheckCapacity: see which rule failed. This commit helps a lot by immediately letting us know which rule failed capacity checking and requires fixes
+- Save chars on ManagedServiceData FMS prop. The ManagedServiceData has a hard limit of 8192 characters. I've asked AWS about raising it and they said that this is a hard limit and they can't raise it. This commit is for saving as much chars as we can out of the ManagedServiceData prop, for squeezing in our rules (even if they have a ton of RuleActionOverrides on them)
+- Values: allow async code. This adds a dynamic import of the firewall config for enabling people that want to run async code on then, ensuring that all async code will run during the import
+- [Issue#317](https://github.com/globaldatanet/aws-firewall-factory/issues/317) Evaluation time windows for request aggregation with rate-based rules. You can now select time windows of 1 minute, 2 minutes or 10 minutes, in addition to the previously supported 5 minutes.
+- Extend Guidance Helper to check for valid Evaluation time windows.
+- CustomRule StatementType is now part of the log Capacity Table
+### Fixed
+- RateBasedStatement.CustomKeys is a array of objects, not a object
+- Recursive code for adding RateBasedStatement.ScopeDownStatement. The prop ScopeDownStatement of RateBasedStatements can have And, Or and Not statements, just like any other Statement. Without this fix, deploying RateBasedStatements with complex ScopeDownStatements fails on capacity checking.
+- Don't enforce update if EnforceUpdate prop is not defined. If its not defined, set `EnforceUpdate` to `false`.
+- Enhance the enumcheck to handle API throttling by adding sleep functionality.
+- Bumped Jest from version 29.7.0 to 29.7.0
+- Bumped TypeScript from version 5.3.3 to 5.4.5
+- Bumped ESLint from version 8.56.0 to 8.56.0
+- Bumped Axios from version 1.6.5 to 1.6.8
+- Bumped @typescript-eslint/parser and @typescript-eslint/eslint-plugin from version 6.19.0 to 7.6.0
+- Bumped AWS CDK from version 2.121.1 to 2.137.0
+- Bumped @aws-sdk/client-cloudformation, @aws-sdk/client-cloudwatch, @aws-sdk/client-fms, @aws-sdk/client-pricing, @aws-sdk/client-service-quotas, @aws-sdk/client-shield, @aws-sdk/client-ssm, and @aws-sdk/client-wafv2 from version 3.490.0 to 3.554.0
+- Removed redundant declaration of "@typescript-eslint/eslint-plugin" and "@typescript-eslint/parser" dependencies.
+- Removed redundant declaration of "@types/lodash" dependency.
+- Added missing comma after TypeScript version 5.3.3 in devDependencies.
+- Add CDK ToolKit StackName to cdk diff using taskfile - Sometimes the following error occurred if the template is more than 50kb in size this was because the cdk toolkit stackname was not set. 
+  - eg.: The template for stack "YOURSTACKNAME" is 64KiB. Templates larger than 50KiB must be uploaded to S3.
 
 ## 4.2.3
 ### Added

README.md

@@ -66,7 +66,7 @@ If you want to learn more about the AWS Firewall Factory feel free to look at th
 |  WAF Deployment - Only Managed Rule Groups  | ![onlyManagedRuleGroups](https://github.com/globaldatanet/aws-firewall-factory/actions/workflows/waf_test_onlymanagedrulegroups.yml/badge.svg?branch=master)  |
 |  WAF Deployment - IpSets | ![IpSets](https://github.com/globaldatanet/aws-firewall-factory/actions/workflows/waf_test_ipSets.yml/badge.svg?branch=master)   |
 |  WAF Deployment - RegexPatternSets | ![regexPatternSets](https://github.com/globaldatanet/aws-firewall-factory/actions/workflows/waf_test_regexPatternSets.yml/badge.svg?branch=master)  |
-
+|  WAF Deployment - RateBasedwithScopeDown | ![rateBasedwithScopeDown](https://github.com/globaldatanet/aws-firewall-factory/actions/workflows/waf_test_rateBasedwithScopeDown.yml/badge.svg?branch=master)  |
 
 
 ## 🦸🏼‍♀️ Contributors