Skip to content
/ atat-web-api Public

ATAT Web API. An internal API.

11 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

dod-ccpo/atat-web-api

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3,402 Commits
.github
.github
 
 
.jest
.jest
 
 
api
api
 
 
bin
bin
 
 
cfn-templates
cfn-templates
 
 
docs
docs
 
 
document-generation
document-generation
 
 
idp
idp
 
 
lib
lib
 
 
manual-steps
manual-steps
 
 
models
models
 
 
service-control-policies
service-control-policies
 
 
utils
utils
 
 
.eslintignore
.eslintignore
 
 
.eslintrc.json
.eslintrc.json
 
 
.gitignore
.gitignore
 
 
.gitlab-ci.yml
.gitlab-ci.yml
 
 
.npmignore
.npmignore
 
 
.nvmrc
.nvmrc
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
.prettierrc
.prettierrc
 
 
.secrets.baseline
.secrets.baseline
 
 
README.md
README.md
 
 
cdk.json
cdk.json
 
 
hoth_api.yaml
hoth_api.yaml
 
 
jest.config.js
jest.config.js
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
sonar-project.properties
sonar-project.properties
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

ATAT Web API

This repository contains two components that together act as a bridge between the internal front-end of the ATAT application and vendor implementations of the ATAT CSP Orchestration API. Any such implementors should consider this repository to contain purely "private" implementation details; however, it does serve as a sample client of the ATAT CSP Orchestration API and may be interesting to review for that purpose.

Generally, the application is implemented to operate in a stateless fashion (with some transient state) leveraging SQS Queues, Step Functions State Machines, and a REST API. The private internal-facing API, the Hyperscaler Orchestration and Tracking Helper (HOTH), serves as a helpful API for other internal implementation details of the ATAT client application. Currently, HOTH is intended purely to be consumed the the ServiceNow component of ATAT; however, it may be opened up to other integrators in the future.

Deploying

atat-web-api is built as an AWS CDK application. The development and deployment process therefore heavily use the aws-cdk CLI.

There are two main deployment paths for atat-web-api. These are:

  • A minimal sandbox environment for developers to have a "live" environment in which to test changes
  • A full environment managed by a CI/CD pipeline

In general, the steps to deploy each are approximately the same, following the typical cdk diff/cdk deploy workflow. Which path is chosen is determined based on the values of a CDK Context variable value.

Deploying a Sandbox environment

An environment is a Sandbox environment if the atat:Sandbox context key has a value of "yes", "1", or "true" after it has been converted to a string. All Sandbox environments must also have the atat:EnvironmentId string set to a unique value. To deploy a sandbox environment, configure your AWS credentials appropriately and deploy by first checking the changes that will be made within the AWS account.

cdk diff -c atat:EnvironmentId=<ENVIRONMENT_ID> -c atat:Sandbox=true

After validating that the changes look correct, deploy the sandbox environment by running:

cdk deploy -c atat:EnvironmentId=<ENVIRONMENT_ID> -c atat:Sandbox=true

In each of the above commands, replace <ENVIRONMENT_ID> with the unique name you'd like to use for the sandbox environment.

Deploying a "full" environment

Because a full environment deployment requires the usage of a full CI/CD pipeline, it also needs additional configuration values to understand which git repository to watch and what credentials should be used to do so. Like a Sandbox environment, the atat:EnvironmentId context value must also be set. Additionally, a Secret must be created within Secrets Manager to store a GitHub Personal Access Token.

The required context values are:

  • atat:EnvironmentId, which should be the unique name used to identify the environment
  • atat:GitHubPatName, which should be the name of the Secret that contains the GitHub PAT
  • atat:VersionControlRepo, which should be name of the GitHub repository where the code is stored, including the organization name (for example, dod-ccpo/atat-web-api)
  • atat:VersionControlBranch, which should be the branch within the repository to watch for changes

These values can, of course, be set either through the CLI or via the cdk.json file. The last three have reasonable defaults set within the cdk.json file. Therefore, once you have confirmed those values look correct, deploying follows similar steps to the sandbox environment!

Start off by ensuring the changes to make look reasonable:

cdk diff -c atat:EnvironmentId=<ENVIRONMENT_ID> -c atat:Sandbox=true

And then once you've confirmed that they do, deploy:

cdk deploy -c atat:EnvironmentId=<ENVIRONMENT_ID> -c atat:Sandbox=true

The deployed pipeline will be self-mutating so futher manual deployments should be rarely needed. The primary situations needing manual deployment are:

  • When the GitHub PAT is rotated (using the atat:ForceGitHubTokenVersion context)
  • When changes that require additional command line arguments to cdk synth in the self-mutate step are made
  • When it is necessary to change the branch being watched without a corresponding push to the current target branch (for example, to switch from watching main to watching develop)

About

ATAT Web API. An internal API.

Resources

Readme
Activity
Custom properties

Stars

11 stars

Watchers

5 watching

Forks

1 fork
Report repository

Releases

17 tags

Packages

No packages published

Contributors 22
+ 8 contributors

Languages