tea-build.97: Merge pull request #252 from asfadmin/devel

deprecated in favor of build.98

tea-build.88: Bearer Token + Speed Improvements

What changed in TEA:

✳️ Support for Bearer Tokens passed in on behalf of uses

• TEA will accept and validate EDL Tokens via a Authorization Bearer: header
• Token validation is relatively expensive, response cookies could be used after initial request
• EDL Apps must be in the same EDL App Group to facilitate use of shared tokens
• EULA acceptance is respect if applicable

✳️ Stand alone Public/Private Bucket files have been deprecated

• CF & TF Params have been removed
• Support has been removed from code

✳️ New EDL Maturity options

• TEA can now be pointed at SBX and SIT urs environments

✳️ Optional HEAD check suppression

• App Deployers can now use the new SuppressHeadCheck (CF) / suppress_head_check (TF) parameters to suppress head checks
• Suppressing HEAD checks will speed up over all download time, but will result in more ambiguous 404-type errors

✳️ Pre-Signed URLS are now only valid for 1 Hour

• Cache-Control validity is also tied to 1 hour. This is a limit of IAM (Assuming a role, FROM an assumed role)

✳️ Fixed cached resource timeout bug from build.86

CloudFormation Template changes

• PublicBucketsFile and PrivateBucketsFile have been removed
• SuppressHeadCheck Has been added with default False

Terraform Module Changes

• var.private_buckets_file and var.public_buckets_file have been removed
• var.suppress_head_check Has been added with default false

tea-build.86

See Instead https://github.com/asfadmin/thin-egress-app/releases/tag/tea-build.88

tea-build.79

What changed in TEA:

✳️ New method for in-region IAM Policy restriction

• In-region restriction is now enforced by IP CIDR whitelist
• In-region-role automatically re-built every time AWS changes their region IP CIDR list.
• Updated by Lambda subscribed to AWS region-change SNS

✳️ New Cache-Control response header to help improve redirect re-use

• Redirect response is now valid for 24 hours (same as the pre-signed URL)

✳️ New per-bucket custom response header configurable in the bucket map

• In addition toCache-Control, you can supply your own custom response headers

✳️ New Cloud-Metrics friendly JSON log payload format

✳️ New /locate endpoint for querying URI paths from a bucket

• Endpoint returns all URI paths that are valid for any given bucket.
• New TF output internal_api_endpoint for referencing /locate.

✳️ Fixed spurious object GET used to check if a file exists. Replaced with HEAD.

CloudFormation Template changes

• No new or removed input fields.

Terraform Module Changes

• No new or removed input fields.

tea-build.74

What changed in TEA:

✳️ Streamlined operation for quicker response time

• Removed S3 and Dynamo profile caching, TEA is now 100% reliant on JWT cookies
• Moved resource initialization into global scope
• Brushed up README documentation

CloudFormation Template changes

• SessionStore has been removed in favor of JWT Cookies.

Terraform Module Changes

• session_store variable has been removed.

⚠️⚠️⚠️ BREAKING CHANGES! ⚠️⚠️⚠️

• Automatic deployments providing SessionStore/session_store param will be broken
• If you're using S3 for a session store, be sure to do a recursive delete to insure the bucket is empty before preceding.

tea-build.61

What changed in TEA:

✳️ Minor update to bundle CloudFormation template with Terraform to improve simplicity and reduce dependencies.

TEA's thin-egress-app.yaml is now bundled into the terraform zip and uploaded to S3 at deployment time. This makes the terraform zip completely stand-alone. If you're deploying the native CloudFormation directly, this release has nothing for you!

✳️ Incremental improvement to secret create help documentation

CloudFormation Template changes

• none

Terraform Module Changes

• var.template_url is now gone. URL is generated at deployment time for template in the terraform bucket.

Special Notes:

• this is a MINOR incremental release, please also be aware of tea-build.60 since its unlikely you're upgrading to build.61 from build.60.

tea-build.60

What changed in TEA:

✳️ New /version endpoint to check which release you're running

✳️ New Secret Name enforcement

JWT and URS secrets are now required fields for the CloudFront Template, and the Terraform variables comes with sensible defaults that match the AWS Secrets instructions. Follow that guide and your defaults will be properly populated.

✳️ ExternalEndpoint and URSredirectURI can now be trusted

URSredirectNoDomainURI is now removed

✳️ Obscure log-out bug squashed

You can now log out with the confidence you won't get a weird API gateway error.

CloudFormation Template changes

• JwtKeySecretName and URSAuthCredsSecretName are now REQUIRED fields.
• ExternalEndpoint and URSredirectURI are now correct with, or without a provide DomainName value.

Terraform Module Changes

• jwt_secret_for_tea and urs_auth_creds_secret_name have sensible defaults
• var.tags now propagate into tea.

tea-build.59

What changed:

Terraform Compatibility refresh.

A bug in Terraform/CloudFormation updates was identified and traced back to the use of non-unique zip file names for Lambda code and Lambda Layers zip files. AWS was not pulling in the newest code base, cause upgrades to APPEAR to be successful, even though the underlying code was never changed.

CloudFormation Template changes

• None

Terraform Module Changes

• Lambda code + zip file names are now unique hashes to force code deployments.

Special Notes:

• A Jenkins upgrade caused a large fastforward of build numbers. Oops! 🤷

teatest-build.109

versioning teatest-build.109

tea-build.48

What changed:

Terraform Compatibility refresh.

Previous evaluation release had known Terraform deficiencies. This release is meant to address those issues after make TEA deployable natively from TF. The Lambda layer is now bundled with TF zip and uploaded to the TF bucket.

CloudFormation Template changes

• None

Terraform Module Changes

• Include Lambda Layer object.

Special Notes:

• None