Merge branch 'master' into changelog-merge

Author: eric-w-hart

CHANGELOG.md

@@ -1,30 +1,51 @@
+
 ## v0.33.9
 - Upgrade Ubuntu version to 20.04 to be current. 
+=======
+## next
+
+- Add new secondary index 'PrincipalIdLastModifiedOn' for Lease table with range   key as LastModifiedOn to get the records sort by last-modified 
+- Update pkg/data/leases.go queryLeases method  to use new IndexName PrincipalIdLastModifiedOn instead of existing IndexName PrincipalId in to get leases in order
+
+## v0.33.9
+
+- Upgrade to Go version 1.17
+- Upgrade Ubuntu version on Azure DevOps Agent
+- Fix Go dependency errors in pipeline
+- Require at least `0.12.31` or later `0.12.x` versions of Terraform to recieve new provider updates
+
 
 ## v0.33.8
+
 - Upgrade the Swagger UI dependency to remove a very dangerous vulnerability (upgrade Swagger UI to v3.51.2).
 
 ## v0.33.7
+
 - Update requirements packages for docs.
 - Update gotool version for pipeline.
 
 ## v0.33.6
+
 - Add LakeFormation to the principal IAM policy.
 - Update mocks
 - updates requirements packages for docs
 
 ## v0.33.5
+
 - rename pipeline credentials inputs
 
 ## v0.33.4
+
 - Upgrade aws provider to v2.65.0 to fix SES configuration set. [terraform-provider-aws #12024](https://github.com/hashicorp/terraform-provider-aws/pull/12024)
 - Add firewall manager to principal IAM policy.
 
 ## v0.33.3
+
 - Remove apigatewayv2 from the principal IAM policy.
 - Update to the principal IAM policy name lex-models.
 
 ## v0.33.2
+
 - Add to the principal IAM policy:
   - apigatewayv2
   - comprehend
@@ -35,28 +56,34 @@
   - wafv2
 
 ## v0.33.1
+
 - Fix populate reset queue when dynamodb returns paginated result
 - Add account status to last evaluated key when querying account table using global secondary index
 - Fix gosec issue related to G601 (CWE-118): Implicit memory aliasing in for loop
 
 ## v0.33.0
+
 - Upgrade aws-nuke to v1.3.0
 
 ## v0.32.0
+
 - Upgrade go to 1.15
 - Upgrade go mod dependencies version.
 - Improved test scenarios.
 - Add `iotanalytics:*` policy to the set of allowed services.
 - Increase timeout for functional test execution.
 
 ## v0.31.3
+
 - Fix data and update visualization for codebuild reset widget and error scrappers.
 
 ## v0.31.2
-- Fix bug: Status change in account table fails for leased accounts that are expired. See https://github.com/Optum/dce/issues/344
+
+- Fix bug: Status change in account table fails for leased accounts that are expired. See <https://github.com/Optum/dce/issues/344>
 - Fix bug: When lease starts today, fixed usage start and end date that was printed in log message.
 
 ## v0.30.1
+
 - Added new tool in `tools` folder for generating Markdown and IAM example policy for AWS Nuke
   support. See README in `tools/awsnukedocgen`.
 - Added new services supported by DCE: Kinesis Analytics, Kinesis Video, Opsworks CM, Robomaker,
@@ -185,7 +212,6 @@ This release also removes the deprecated DynamoDB tables with "Redbox" prefixes.
   - RedboxLeaseProd --> Leases
   - UsageCache --> Usage
 
-
 **Migration Notes**
 
 _DynamoDB Migration_
@@ -198,7 +224,6 @@ To do this, you may run the migration script in [/scripts/migrations/v0.21.0_ren
 
 Note that this release does ***not*** delete the old tables, to provide the opportunity to migrate data. Subsequent releases _will_ destroy the old tables.
 
-
 ## v0.20.0
 
 - Fixed a bug in a migration script
@@ -213,12 +238,10 @@ Note that this release does ***not*** delete the old tables, to provide the oppo
 - Fixed issue with the lease check logic that was expiring non-expired leases.
 - Migration script to fix wrongly expired leases
 
-
 ## v0.19.1
 
 - Fixed issue with lease status reason not being set when the lease was newly created.
 
-
 ## v0.19.0
 
 **BREAKING CHANGES**
@@ -235,7 +258,6 @@ _Other Changes_
 - Refactored lease API controller and methods to organize methods into files.
 - Add functions to evaluate who is calling an API and what their role is
 
-
 ### Migration Notes for v0.19.0
 
 In order to upgrade your DCE deployment to v0.19.0, you will need to:
@@ -247,7 +269,6 @@ In order to upgrade your DCE deployment to v0.19.0, you will need to:
   - Marks all `*Locked` leases as `Inactive`
 - Update any DCE API clients to include the `expiresOn` property in their `Lease` record.
 
-
 ### _Expiring Leases Model_
 
 Prior to v0.19.0, leases were held in perpetuity by principals, or until the principal removed their lease via the `DELETE /leases` endpoint. Leased accounts would be "reset" at the end of the week. During reset, the lease would be marked as _Locked_, and then marked as _Active_ again after the reset was complete.
@@ -259,8 +280,8 @@ Changes for this new behavior include:
 - Simplified lease status model to include only two statuses: Inactive and Active.
 - Changed check_budget to update_lease_status and added check for expiration date.
 - Changed SQS and SNS notifications for lease status change to be triggered by lease status change in DB.
-- Added https://readthedocs.org/ style documentation, `make documentation` target
-- Added generation for API documentation from Swagger YAML to https://readthedocs.org/ format.
+- Added <https://readthedocs.org/> style documentation, `make documentation` target
+- Added generation for API documentation from Swagger YAML to <https://readthedocs.org/> format.
 - Added defaults for leases; if ID isn't specified upon save in the DB a new one will be assigned, and if
   the expiration date isn't defined the environment variable `DEFAULT_LEASE_LENGTH_IN_DAYS` will be used and
   if that is not defined, a default of seven (7) days will be used.
@@ -326,7 +347,6 @@ This release also disables `aws-nuke` by default, to prevent accidental destruct
 - Added publish_locks lambda
 - Adds a metadata property to the account object
 
-
 ## v0.12.2
 
 - Tag issue, updating to 0.12.2
@@ -355,7 +375,6 @@ This release also disables `aws-nuke` by default, to prevent accidental destruct
 
 - **BREAKING** Add **required** budget fields to API `/leases` endpoint
 
-
 - Add local functional testing deployment method via Makefile
   - Target "make deploy_local" utilizes scripts/deploy_local terraform to build S3 backend
   - Target "make destroy_local" utilizes scripts/deploy_local terraform and modules/ terraform to destroy environment

Makefile

@@ -13,7 +13,7 @@ vendor:
 	go mod vendor
 
 mod:
-	-go mod init github.com/Optum/dce
+	go mod tidy -v
 
 vet:
 	go vet

cmd/codebuild/reset/main.go

@@ -5,7 +5,6 @@ package main
 import (
 	"fmt"
 	"io"
-	"io/ioutil"
 	"log"
 	"os"
 	"text/template"
@@ -120,7 +119,7 @@ func nukeAccount(svc *service, isDryRun bool) error {
 	/*
 		#nosec CWE-22: This value is derived from env vars. I.e. it is not populated with data from external users.
 	*/
-	conf, err := ioutil.ReadFile(configFile)
+	conf, err := os.ReadFile(configFile)
 	if err != nil {
 		return err
 	}

cmd/lambda/accounts/create_test.go

@@ -16,8 +16,8 @@ import (
 
 func TestWhenCreate(t *testing.T) {
 	standardMultiValueHeaders := map[string][]string{
-		"Access-Control-Allow-Origin": []string{"*"},
-		"Content-Type":                []string{"application/json"},
+		"Access-Control-Allow-Origin": {"*"},
+		"Content-Type":                {"application/json"},
 	}
 	standardHeaders := map[string]string{
 		"Access-Control-Allow-Origin": "*",

cmd/lambda/accounts/delete_test.go

@@ -16,8 +16,8 @@ import (
 
 func TestWhenDelete(t *testing.T) {
 	standardMultiValueHeaders := map[string][]string{
-		"Access-Control-Allow-Origin": []string{"*"},
-		"Content-Type":                []string{"application/json"},
+		"Access-Control-Allow-Origin": {"*"},
+		"Content-Type":                {"application/json"},
 	}
 	standardHeaders := map[string]string{
 		"Access-Control-Allow-Origin": "*",

cmd/lambda/accounts/get_test.go

@@ -2,7 +2,7 @@ package main
 
 import (
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http/httptest"
 	"testing"
 
@@ -75,7 +75,7 @@ func TestGetAccountByID(t *testing.T) {
 			GetAccountByID(w, r)
 
 			resp := w.Result()
-			body, err := ioutil.ReadAll(resp.Body)
+			body, err := io.ReadAll(resp.Body)
 
 			assert.Nil(t, err)
 			assert.Equal(t, tt.expResp.StatusCode, resp.StatusCode)

cmd/lambda/accounts/list_test.go

@@ -2,7 +2,7 @@ package main
 
 import (
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http/httptest"
 	"net/url"
 	"testing"
@@ -118,7 +118,7 @@ func TestGetAccounts(t *testing.T) {
 			GetAccounts(w, r)
 
 			resp := w.Result()
-			body, err := ioutil.ReadAll(resp.Body)
+			body, err := io.ReadAll(resp.Body)
 
 			assert.Nil(t, err)
 			assert.Equal(t, tt.expResp.StatusCode, resp.StatusCode)

cmd/lambda/accounts/main.go

@@ -3,17 +3,14 @@ package main
 import (
 	"context"
 	"fmt"
-	"log"
-	"net/url"
-
-	"github.com/aws/aws-sdk-go/service/iam"
-
 	"github.com/Optum/dce/pkg/api"
+	"github.com/Optum/dce/pkg/config"
 	"github.com/aws/aws-lambda-go/events"
 	"github.com/aws/aws-lambda-go/lambda"
-
-	"github.com/Optum/dce/pkg/config"
+	"github.com/aws/aws-sdk-go/service/iam"
 	"github.com/awslabs/aws-lambda-go-api-proxy/gorillamux"
+	"log"
+	"net/url"
 )
 
 type accountControllerConfiguration struct {
@@ -53,39 +50,39 @@ func init() {
 		// Routes with query strings always go first,
 		// because the matcher will stop on the first match
 		api.Route{
-			"GetAccounts",
-			"GET",
-			"/accounts",
-			api.EmptyQueryString,
-			GetAccounts,
+			Name:        "GetAccounts",
+			Method:      "GET",
+			Pattern:     "/accounts",
+			Queries:     api.EmptyQueryString,
+			HandlerFunc: GetAccounts,
 		},
 		api.Route{
-			"GetAccountByID",
-			"GET",
-			"/accounts/{accountId}",
-			api.EmptyQueryString,
-			GetAccountByID,
+			Name:        "GetAccountByID",
+			Method:      "GET",
+			Pattern:     "/accounts/{accountId}",
+			Queries:     api.EmptyQueryString,
+			HandlerFunc: GetAccountByID,
 		},
 		api.Route{
-			"UpdateAccountByID",
-			"PUT",
-			"/accounts/{accountId}",
-			api.EmptyQueryString,
-			UpdateAccountByID,
+			Name:        "UpdateAccountByID",
+			Method:      "PUT",
+			Pattern:     "/accounts/{accountId}",
+			Queries:     api.EmptyQueryString,
+			HandlerFunc: UpdateAccountByID,
 		},
 		api.Route{
-			"DeleteAccount",
-			"DELETE",
-			"/accounts/{accountId}",
-			api.EmptyQueryString,
-			DeleteAccount,
+			Name:        "DeleteAccount",
+			Method:      "DELETE",
+			Pattern:     "/accounts/{accountId}",
+			Queries:     api.EmptyQueryString,
+			HandlerFunc: DeleteAccount,
 		},
 		api.Route{
-			"CreateAccount",
-			"POST",
-			"/accounts",
-			api.EmptyQueryString,
-			CreateAccount,
+			Name:        "CreateAccount",
+			Method:      "POST",
+			Pattern:     "/accounts",
+			Queries:     api.EmptyQueryString,
+			HandlerFunc: CreateAccount,
 		},
 	}
 	r := api.NewRouter(accountRoutes)

cmd/lambda/accounts/update_test.go

@@ -2,7 +2,7 @@ package main
 
 import (
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http/httptest"
 	"strings"
 	"testing"
@@ -148,7 +148,7 @@ func TestUpdateAccountByID(t *testing.T) {
 			UpdateAccountByID(w, r)
 
 			resp := w.Result()
-			body, err := ioutil.ReadAll(resp.Body)
+			body, err := io.ReadAll(resp.Body)
 
 			assert.Nil(t, err)
 			assert.Equal(t, tt.expResp.StatusCode, resp.StatusCode)

cmd/lambda/credentials_web_page/get_test.go

@@ -2,7 +2,7 @@ package main
 
 import (
 	"context"
-	"io/ioutil"
+	"io"
 	"log"
 	"net/http"
 	"os"
@@ -93,7 +93,6 @@ func readFile(path string) string {
 		log.Fatal(err)
 	}
 	defer file.Close()
-
-	b, _ := ioutil.ReadAll(file)
+	b, _ := io.ReadAll(file)
 	return string(b)
 }

cmd/lambda/lease_auth/create.go

@@ -4,7 +4,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"log"
 	"net/http"
 	"net/url"
@@ -169,7 +169,7 @@ func (controller CreateController) getSigninToken(creds sts.Credentials) (string
 		log.Printf("Error getting signing token: %s", err)
 		return "", err
 	}
-	bodySigninToken, err := ioutil.ReadAll(resSigninToken.Body)
+	bodySigninToken, err := io.ReadAll(resSigninToken.Body)
 	if err != nil {
 		log.Printf("Error getting signing token: %s", err)
 		return "", err