Skip to content

Commit

Permalink
Merge pull request #298 from alex-chew/list-registered-accounts-pr
Browse files Browse the repository at this point in the history
Implement "Registered Accounts" admin page
  • Loading branch information
alex-chew authored Aug 9, 2019
2 parents 16ea653 + f68c454 commit a49fdde
Show file tree
Hide file tree
Showing 24 changed files with 1,578 additions and 24 deletions.
7 changes: 4 additions & 3 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,9 +32,10 @@ To send us a pull request, please:
1. Fork the repository.
2. Working off the latest version of the *staging* branch, modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it will be hard for us to focus on your change.
3. Ensure local tests pass.
4. Commit to your fork using clear commit messages.
5. Send us a pull request merging into the *staging* branch, answering any default questions in the pull request interface.
6. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation.
4. Run `prettier` on your new code to ensure style consistency. Remember to only reformat files relevant to your changes.
5. Commit to your fork using clear commit messages.
6. Send us a pull request merging into the *staging* branch, answering any default questions in the pull request interface.
7. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation.

GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and
[creating a pull request](https://help.github.com/articles/creating-a-pull-request/).
Expand Down
74 changes: 73 additions & 1 deletion cloudformation/template.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ Metadata:
Parameters:
- CognitoIdentityPoolName
- DevPortalCustomersTableName
- AccountRegistrationMode
-
Label:
default: "Subscription Notification Configuration"
Expand Down Expand Up @@ -126,6 +127,15 @@ Parameters:
- 'true'
ConstraintDescription: Malformed input - Parameter DevelopmentMode value must be either 'true' or 'false'

AccountRegistrationMode:
Type: String
Description: Methods allowed for account registration. In 'open' mode, any user may register for an account. In 'request' mode, any user may request an account, but an Admin must approve the request in order for the account to perform any privileged actions (like subscribing to an API). In 'invite' mode, users cannot register or request an account; instead, an Admin must send an invite for the user to accept. See the documentation for details.
Default: 'open'
AllowedValues:
- 'open'
- 'request'
- 'invite'

Conditions:
UseCustomDomainName: !And [!And [!Not [!Equals [!Ref CustomDomainName, '']], !Not [!Equals [!Ref CustomDomainNameAcmCertArn, '']]], !Condition NotDevelopmentMode]
NoCustomDomainName: !And [!Not [ !Condition UseCustomDomainName ], !Condition NotDevelopmentMode]
Expand All @@ -134,6 +144,7 @@ Conditions:
DevelopmentMode: !Equals [!Ref DevelopmentMode, 'true']
NotDevelopmentMode: !Not [!Condition DevelopmentMode]
InUSEastOne: !Equals [!Ref 'AWS::Region', 'us-east-1']
InviteAccountRegistrationMode: !Equals [!Ref AccountRegistrationMode, 'invite']

Resources:
ApiGatewayApi:
Expand Down Expand Up @@ -1068,7 +1079,13 @@ Resources:
Schema:
- AttributeDataType: String
Name: email
Required: false
Required: true
AdminCreateUserConfig:
AllowAdminCreateUserOnly: !If [
InviteAccountRegistrationMode, 'true', 'false',
]
AutoVerifiedAttributes: ['email']
UsernameAttributes: ['email']

CognitoUserPoolClient:
Type: AWS::Cognito::UserPoolClient
Expand Down Expand Up @@ -1476,6 +1493,61 @@ Resources:
# https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-aliastarget.html
HostedZoneId: 'Z2FDTNDATAQYW2'

DumpV3AccountDataFn:
Type: AWS::Serverless::Function
Properties:
CodeUri: ../lambdas/dump-v3-account-data
Handler: index.handler
MemorySize: 512
Role: !GetAtt DumpV3AccountDataExecutionRole.Arn
Runtime: nodejs10.x
Timeout: 300
Environment:
Variables:
CustomersTableName: !Ref DevPortalCustomersTableName
UserPoolId: !Ref CognitoUserPool
AdminsGroupName: !Ref CognitoAdminsGroup
Layers:
- !Ref LambdaCommonLayer

DumpV3AccountDataExecutionRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
Effect: Allow
Principal:
Service: lambda.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: WriteCloudWatchLogs
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource: arn:aws:logs:*:*:*
- PolicyName: ReadCustomersTable
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action: dynamodb:Scan
Resource: !GetAtt CustomersTable.Arn
- PolicyName: ListUserPool
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- cognito-idp:ListUsers
- cognito-idp:ListUsersInGroup
Resource: !GetAtt CognitoUserPool.Arn

Outputs:
WebsiteURL:
Value: !If [ 'DevelopmentMode',
Expand Down
46 changes: 42 additions & 4 deletions dev-portal/package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion dev-portal/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
"react-markdown": "^4.0.3",
"react-router-dom": "^4.3.1",
"semantic-ui-css": "^2.4.1",
"semantic-ui-react": "0.85.0",
"semantic-ui-react": "^0.87.3",
"swagger-ui": "git@github.com:Trial-In-Error/swagger-ui.git#a183e909ab467693cb1bbf87d5cc4d1e6b899579",
"yamljs": "^0.3.0"
},
Expand Down
63 changes: 63 additions & 0 deletions dev-portal/scripts/dump-v3-account-data.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
// Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0

// Calls the DumpV3AccountDataFn lambda, and writes its JSON string output into
// a file.

const fs = require('fs')
const os = require('os')
const path = require('path')
const util = require('util')

const { execute } = require('./utils.js')

const fetchLambdaOutput = async ({ stackName, workDir }) => {
const resourceData = JSON.parse((await execute(
`aws cloudformation describe-stack-resource`
+ ` --logical-resource-id DumpV3AccountDataFn`
+ ` --stack-name ${stackName}`, true)).stdout)
const lambdaId = resourceData.StackResourceDetail.PhysicalResourceId
const outFile = `${workDir}${path.sep}lambdaOut`
await execute(
`aws lambda invoke --function-name ${lambdaId} ${outFile}`, true)
const output = JSON.parse(fs.readFileSync(outFile))
fs.unlinkSync(outFile)
return output
}

const main = async () => {
if (process.argv.length !== 4) {
const [ node, script ] = process.argv
console.error(`Usage: ${node} ${script} STACK_NAME OUTPUT_FILE`)
process.exitCode = 127
return
}
const [,, stackName, outFile] = process.argv

const workDir = await util.promisify(fs.mkdtemp)(os.tmpdir() + path.sep)
.catch(error => {
throw new Error(`Failed to create temp directory: ${error.message}`)
})

console.log(`Fetching account data from stack ${stackName}...`)
const lambdaOutput = await fetchLambdaOutput({ stackName, workDir })
.catch(error => {
throw new Error(`Failed to fetch account data: ${error.message}`)
}).finally(() => fs.rmdirSync(workDir))

console.log(`Writing account data to ${outFile}...`)
try {
fs.writeFileSync(outFile, lambdaOutput)
} catch (error) {
throw new Error(`Failed to write to ${outFile}: ${error.message}`)
}

console.log(`Done.`)
}

if (!module.parent) {
main().catch(error => {
console.error(error.message)
process.exitCode = 1
})
}
Loading

0 comments on commit a49fdde

Please sign in to comment.