@cumulus/aws-client - npm Package Versions

[v3.0.1] 2020-10-21

• CUMULUS-2203

  • Update Core tasks to use cumulus-message-adapter-js v2.0.0 to resolve memory leak/lambda ENOMEM constant failure issue. This issue caused lambdas to slowly use all memory in the run environment and prevented AWS from halting/restarting warmed instances when task code was throwing consistent errors under load.

• CUMULUS-2232

  • Updated versions for ajv, lodash, googleapis, archiver, and @cumulus/aws-client to remediate vulnerabilities found in SNYK scan.

Fixed

• CUMULUS-2233
  • Fixes /s3credentials bug where the expiration time on the cookie was set to a time that is always expired, so authentication was never being recognized as complete by the API. Consequently, the user would end up in a redirect loop and requests to /s3credentials would never complete successfully. The bug was caused by the fact that the code setting the expiration time for the cookie was expecting a time value in milliseconds, but was receiving the expirationTime from the EarthdataLoginClient in seconds. This bug has been fixed by converting seconds into milliseconds. Unit tests were added to test that the expiration time has been converted to milliseconds and checking that the cookie's expiration time is greater than the current time.

[v3.0.0] 2020-10-7

MIGRATION STEPS

• CUMULUS-2099

  • All references to meta.queues in workflow configuration must be replaced with references to queue URLs from Terraform resources. See the updated data cookbooks or example Discover Granules workflow configuration.
  • The steps for configuring queued execution throttling have changed. See the updated documentation.
  • In addition to the configuration for execution throttling, the internal mechanism for tracking executions by queue has changed. As a result, you should disable any rules or workflows scheduling executions via a throttled queue before upgrading. Otherwise, you may be at risk of having twice as many executions as are configured for the queue while the updated tracking is deployed. You can re-enable these rules/workflows once the upgrade is complete.

• CUMULUS-2111

  • Before you re-deploy your cumulus-tf module, note that the [thin-egress-app][thin-egress-app] is no longer deployed by default as part of the cumulus module, so you must add the TEA module to your deployment and manually modify your Terraform state to avoid losing your API gateway and impacting any Cloudfront endpoints pointing to those gateways. If you don't care about losing your API gateway and impacting Cloudfront endpoints, you can ignore the instructions for manually modifying state.

    1. Add the [thin-egress-app][thin-egress-app] module to your cumulus-tf deployment as shown in the Cumulus example deployment.

       • Note that the values for tea_stack_name variable to the cumulus module and the stack_name variable to the thin_egress_app module must match
       • Also, if you are specifying the stage_name variable to the thin_egress_app module, the value of the tea_api_gateway_stage variable to the cumulus module must match it

    2. If you want to preserve your existing thin-egress-app API gateway and avoid having to update your Cloudfront endpoint for distribution, then you must follow these instructions: https://nasa.github.io/cumulus/docs/upgrade-notes/migrate_tea_standalone. Otherwise, you can re-deploy as usual.

  • If you provide your own custom bucket map to TEA as a standalone module, you must ensure that your custom bucket map includes mappings for the protected and public buckets specified in your cumulus-tf/terraform.tfvars, otherwise Cumulus may not be able to determine the correct distribution URL for ingested files and you may encounter errors

• CUMULUS-2197

  • EMS resources are now optional, and ems_deploy is set to false by default, which will delete your EMS resources.
  • If you would like to keep any deployed EMS resources, add the ems_deploy variable set to true in your cumulus-tf/terraform.tfvars

BREAKING CHANGES

• CUMULUS-2200
  • Changes return from 303 redirect to 200 success for Granule Inventory's /reconciliationReport returns. The user (dashboard) must read the value of url from the return to get the s3SignedURL and then download the report.
• CUMULUS-2099
  • meta.queues has been removed from Cumulus core workflow messages.
  • @cumulus/sf-sqs-report workflow task no longer reads the reporting queue URL from input.meta.queues.reporting on the incoming event. Instead, it requires that the queue URL be set as the reporting_queue_url environment variable on the deployed Lambda.
• CUMULUS-2111
  • The deployment of the thin-egress-app module has be removed from tf-modules/distribution, which is a part of the tf-modules/cumulus module. Thus, the thin-egress-app module is no longer deployed for you by default. See the migration steps for details about how to add deployment for the thin-egress-app.
• CUMULUS-2141
  • The parse-pdr task has been updated to respect the NODE_NAME property in a PDR's FILE_GROUP. If a NODE_NAME is present, the task will query the Cumulus API for a provider with that host. If a provider is found, the output granule from the task will contain a provider property containing that provider. If NODE_NAME is set but a provider with that host cannot be found in the API, or if multiple providers are found with that same host, the task will fail.
  • The queue-granules task has been updated to expect an optional granule.provider property on each granule. If present, the granule will be enqueued using that provider. If not present, the task's config.provider will be used instead.
• CUMULUS-2197
  • EMS resources are now optional and will not be deployed by default. See migration steps for information about how to deploy EMS resources.

CODE CHANGES

• The @cumulus/api-client.providers.getProviders function now takes a queryStringParameters parameter which can be used to filter the providers which are returned
• The @cumulus/aws-client/S3.getS3ObjectReadStreamAsync function has been removed. It read the entire S3 object into memory before returning a read stream, which could cause Lambdas to run out of memory. Use @cumulus/aws-client/S3.getObjectReadStream instead.
• The @cumulus/ingest/util.lookupMimeType function now returns undefined rather than null if the mime type could not be found.
• The @cumulus/ingest/lock.removeLock function now returns undefined
• The @cumulus/ingest/granule.generateMoveFileParams function now returns source: undefined and target :undefined on the response object if either could not be determined. Previously, null had been returned.
• The @cumulus/ingest/recursion.recursion function must now be imported using const { recursion } = require('@cumulus/ingest/recursion');
• The @cumulus/ingest/granule.getRenamedS3File function has been renamed to listVersionedObjects
• @cumulus/common.http has been removed
• @cumulus/common/http.download has been removed

Added

• CUMULUS-1855
  • Fixed SyncGranule task to return an empty granules list when given an empty (or absent) granules list on input, rather than throwing an exception
• CUMULUS-1955
  • Added @cumulus/aws-client/S3.getObject to get an AWS S3 object
  • Added @cumulus/aws-client/S3.waitForObject to get an AWS S3 object, retrying, if necessary
• CUMULUS-1961
  • Adds startTimestamp and endTimestamp parameters to endpoint reconcilationReports. Setting these values will filter the returned report to cumulus data that falls within the timestamps. It also causes the report to be one directional, meaning cumulus is only reconciled with CMR, but not the other direction. The Granules will be filtered by their updatedAt values. Collections are filtered by the updatedAt time of their granules, i.e. Collections with granules that are updatedAt a time between the time parameters will be returned in the reconciliation reports.
  • Adds startTimestamp and endTimestamp parameters to create-reconciliation-reports lambda function. If either of these params is passed in with a value that can be converted to a date object, the inter-platform comparison between Cumulus and CMR will be one way. That is, collections, granules, and files will be filtered by time for those found in Cumulus and only those compared to the CMR holdings. For the moment there is not enough information to change the internal consistency check, and S3 vs Cumulus comparisons are unchanged by the timestamps.
• CUMULUS-1962
  • Adds location as parameter to /reconciliationReports endpoint. Options are S3 resulting in a S3 vs. Cumulus database search or CMR resulting in CMR vs. Cumulus database search.
• CUMULUS-1963
  • Adds granuleId as input parameter to /reconcilationReports endpoint. Limits inputs parameters to either collectionId or granuleId and will fail to create the report if both are provided. Adding granuleId will find collections in Cumulus by granuleId and compare those one way with those in CMR.
  • /reconciliationReports now validates any input json before starting the async operation and the lambda handler no longer validates input parameters.
• CUMULUS-1964
  • Reports can now be filtered on provider
• CUMULUS-1965
  • Adds collectionId parameter to the /reconcilationReports endpoint. Setting this value will limit the scope of the reconcilation report to only the input collectionId when comparing Cumulus and CMR. collectionId is provided an array of strings e.g. [shortname___version, shortname2___version2]
• CUMULUS-2107
  • Added a new task, update-cmr-access-constraints, that will set access constraints in CMR Metadata. Currently supports UMMG-JSON and Echo10XML, where it will configure AccessConstraints and RestrictionFlag/RestrictionComment, respectively.
  • Added an operator doc on how to configure and run the access constraint update workflow, which will update the metadata using the new task, and then publish the updated metadata to CMR.
  • Added an operator doc on bulk operations.
• CUMULUS-2111
  • Added variables to cumulus module:
    • tea_api_egress_log_group
    • tea_external_api_endpoint
    • tea_internal_api_endpoint
    • tea_rest_api_id
    • tea_rest_api_root_resource_id
    • tea_stack_name
  • Added variables to distribution module:
    • tea_api_egress_log_group
    • tea_external_api_endpoint
    • tea_internal_api_endpoint
    • tea_rest_api_id
    • tea_rest_api_root_resource_id
    • tea_stack_name
• CUMULUS-2112
  • Added @cumulus/api/lambdas/internal-reconciliation-report, so create-reconciliation-report lambda can create Internal reconciliation report
• CUMULUS-2116
  • Added @cumulus/api/models/granule.unpublishAndDeleteGranule which unpublishes a granule from CMR and deletes it from Cumulus, but does not update the record to published: false before deletion
• CUMULUS-2113
  • Added Granule not found report to reports endpoint
  • Update reports to return breakdown by Granule of files both in DynamoDB and S3
• CUMULUS-2123
  • Added cumulus-rds-tf DB cluster module to tf-modules that adds a serverless RDS Aurora/PostgreSQL database cluster to meet the PostgreSQL requirements for future releases.
  • Updated the default Cumulus module to take the following new required variables:
    • rds_user_access_secret_arn: AWS Secrets Manager secret ARN containing a JSON string of DB credentials (containing at least host, password, port as keys)
    • rds_security_group: RDS Security Group that provides connection access to the RDS cluster
  • Updated API lambdas and default ECS cluster to add them to the rds_security_group for database access
• CUMULUS-2126
  • The collections endpoint now writes to the RDS database
• CUMULUS-2127
  • Added migration to create collections relation for RDS database
• CUMULUS-2129
  • Added data-migration1 Terraform module and Lambda to migrate data from Dynamo to RDS
    • Added support to Lambda for migrating collections data from Dynamo to RDS
• CUMULUS-2155
  • Added rds_connection_heartbeat to cumulus and data-migration tf modules. If set to true, this diagnostic variable instructs Core's database code to fire off a connection 'heartbeat' query and log the timing/results for diagnostic purposes, and retry certain connection timeouts once. This option is disabled by default
• CUMULUS-2156
  • Support array inputs parameters for Internal reconciliation report
• CUMULUS-2157
  • Added support to data-migration1 Lambda for migrating providers data from Dynamo to RDS
    • The migration process for providers will convert any credentials that are stored unencrypted or encrypted with an S3 keypair provider to be encrypted with a KMS key instead
• CUMULUS-2161
  • Rules now support an executionNamePrefix property. If set, any executions triggered as a result of that rule will use that prefix in the name of the execution.
  • The QueueGranules task now supports an executionNamePrefix property. Any executions queued by that task will use that prefix in the name of the execution. See the example workflow for usage.
  • The QueuePdrs task now supports an executionNamePrefix config property. Any executions queued by that task will use that prefix in the name of the execution. See the example workflow for usage.
• CUMULUS-2162
  • Adds new report type to /reconciliationReport endpoint. The new report is Granule Inventory. This report is a CSV file of all the granules in the Cumulus DB. This report will eventually replace the existing granules-csv endpoint which has been deprecated.
• CUMULUS-2197
  • Added ems_deploy variable to the cumulus module. This is set to false by default, except for our example deployment, where it is needed for integration tests.

Changed

• Upgraded version of TEA deployed with Cumulus to build 88.
• CUMULUS-2107
  • Updated the applyWorkflow functionality on the granules endpoint to take a meta property to pass into the workflow message.
  • Updated the BULK_GRANULE functionality on the granules endpoint to support the above applyWorkflow change.
• CUMULUS-2111
  • Changed distribution_api_gateway_stage variable for cumulus module to tea_api_gateway_stage
  • Changed api_gateway_stage variable for distribution module to tea_api_gateway_stage
• CUMULUS-2224
  • Updated /reconciliationReport's file reconciliation to include "EXTENDED METADATA" as a valid CMR relatedUrls Type.

Fixed

• CUMULUS-2168
  • Fixed issue where large number of documents (generally logs) in the cumulus elasticsearch index results in the collection granule stats queries failing for the collections list api endpoint
• CUMULUS-1955
  • Due to AWS's eventual consistency model, it was possible for PostToCMR to publish an earlier version of a CMR metadata file, rather than the latest version created in a workflow. This fix guarantees that the latest version is published, as expected.
• CUMULUS-1961
  • Fixed activeCollections query only returning 10 results
• CUMULUS-2201
  • Fix Reconciliation Report integration test failures by waiting for collections appear in es list and ingesting a fake granule xml file to CMR
• CUMULUS-2015
  • Reduced concurrency of QueueGranules task. That task now has a config.concurrency option that defaults to 3.
• CUMULUS-2116
  • Fixed a race condition with bulk granule delete causing deleted granules to still appear in Elasticsearch. Granules removed via bulk delete should now be removed from Elasticsearch.
• CUMULUS-2163
  • Remove the public-read ACL from the move-granules task
• CUMULUS-2164
  • Fix issue where cumulus index is recreated and attached to an alias if it has been previously deleted
• CUMULUS-2195
  • Fixed issue with redirect from /token not working when using a Cloudfront endpoint to access the Cumulus API with Launchpad authentication enabled. The redirect should now work properly whether you are using a plain API gateway URL or a Cloudfront endpoint pointing at an API gateway URL.
• CUMULUS-2200
  • Fixed issue where __in and __not queries were stripping spaces from values

Deprecated

• CUMULUS-1955
  • @cumulus/aws-client/S3.getS3Object()
  • @cumulus/message/Queue.getQueueNameByUrl()
  • @cumulus/message/Queue.getQueueName()
• CUMULUS-2162
  • @cumulus/api/endpoints/granules-csv/list()

Removed

• CUMULUS-2111
  • Removed distribution_url and distribution_redirect_uri outputs from the cumulus module
  • Removed variables from the cumulus module:
    • distribution_url
    • log_api_gateway_to_cloudwatch
    • thin_egress_cookie_domain
    • thin_egress_domain_cert_arn
    • thin_egress_download_role_in_region_arn
    • thin_egress_jwt_algo
    • thin_egress_jwt_secret_name
    • thin_egress_lambda_code_dependency_archive_key
    • thin_egress_stack_name
  • Removed outputs from the distribution module:
    • distribution_url
    • internal_tea_api
    • rest_api_id
    • thin_egress_app_redirect_uri
  • Removed variables from the distribution module:
    • bucket_map_key
    • distribution_url
    • log_api_gateway_to_cloudwatch
    • thin_egress_cookie_domain
    • thin_egress_domain_cert_arn
    • thin_egress_download_role_in_region_arn
    • thin_egress_jwt_algo
    • thin_egress_jwt_secret_name
    • thin_egress_lambda_code_dependency_archive_key
• CUMULUS-2157
  • Removed providerSecretsMigration and verifyProviderSecretsMigration lambdas
• Removed deprecated @cumulus/sf-sns-report task
• Removed code:
  • @cumulus/aws-client/S3.calculateS3ObjectChecksum
  • @cumulus/aws-client/S3.getS3ObjectReadStream
  • @cumulus/cmrjs.getFullMetadata
  • @cumulus/cmrjs.getMetadata
  • @cumulus/common/util.isNil
  • @cumulus/common/util.isNull
  • @cumulus/common/util.isUndefined
  • @cumulus/common/util.lookupMimeType
  • @cumulus/common/util.mkdtempSync
  • @cumulus/common/util.negate
  • @cumulus/common/util.noop
  • @cumulus/common/util.omit
  • @cumulus/common/util.renameProperty
  • @cumulus/common/util.sleep
  • @cumulus/common/util.thread
  • @cumulus/ingest/granule.copyGranuleFile
  • @cumulus/ingest/granule.moveGranuleFile
  • @cumulus/integration-tests/api/rules.deleteRule
  • @cumulus/integration-tests/api/rules.getRule
  • @cumulus/integration-tests/api/rules.listRules
  • @cumulus/integration-tests/api/rules.postRule
  • @cumulus/integration-tests/api/rules.rerunRule
  • @cumulus/integration-tests/api/rules.updateRule
  • @cumulus/integration-tests/sfnStep.parseStepMessage
  • @cumulus/message/Queue.getQueueName
  • @cumulus/message/Queue.getQueueNameByUrl

[v2.0.7] 2020-10-1 - [BACKPORT]

Fixed

• CVE-2020-7720
  • Updated common node-forge dependency to 0.10.0 to address CVE finding

[v2.0.6] 2020-09-25 - [BACKPORT]

Fixed

• CUMULUS-2168
  • Fixed issue where large number of documents (generally logs) in the cumulus elasticsearch index results in the collection granule stats queries failing for the collections list api endpoint

[v2.0.5] 2020-09-15 - [BACKPORT]

Added

• Added thin_egress_stack_name variable to cumulus and distribution Terraform modules to allow overriding the default Cloudformation stack name used for the thin-egress-app. Please note that if you change/set this value for an existing deployment, it will destroy and re-create your API gateway for the thin-egress-app.

Fixed

• Fix collection list queries. Removed fixes to collection stats, which break queries for a large number of granules.

[v2.0.4] 2020-09-08 - [BACKPORT]

Changed

• Upgraded version of TEA deployed with Cumulus to build 88.

[v2.0.3] 2020-09-02 - [BACKPORT]

Fixed

• CUMULUS-1961

  • Fixed activeCollections query only returning 10 results

• CUMULUS-2039

  • Fix issue causing SyncGranules task to run out of memory on large granules

CODE CHANGES

• The @cumulus/aws-client/S3.getS3ObjectReadStreamAsync function has been removed. It read the entire S3 object into memory before returning a read stream, which could cause Lambdas to run out of memory. Use @cumulus/aws-client/S3.getObjectReadStream instead.

v2.0.2+ Backport releases

Release v2.0.1 was the last release on the 2.0.x release series.

Changes after this version on the 2.0.x release series are limited security/requested feature patches and will not be ported forward to future releases unless there is a corresponding CHANGELOG entry.

For up-to-date CHANGELOG for the maintenance release branch see CHANGELOG.md from the 2.0.x branch.

For the most recent release information for the maintenance branch please see the release page

[v2.0.1] 2020-07-28

Added

• CUMULUS-1886
  • Added multiple sort keys support to @cumulus/api
• CUMULUS-2099
  • @cumulus/message/Queue.getQueueUrl to get the queue URL specified in a Cumulus workflow message, if any.

Fixed

• PR 1790
  • Fixed bug with request headers in @cumulus/launchpad-auth causing Launchpad token requests to fail