Merge branch 'main' into subz

lib/lambda/setupIndex.test.ts

@@ -49,7 +49,7 @@ describe("handler", () => {
     );
     expect(os.createIndex).toHaveBeenCalledWith(
       "test-domain",
-      "legacyinsights",
+      "test-namespace-legacyinsights",
     );
 
     expect(os.updateFieldMapping).toHaveBeenCalledTimes(1);

lib/lambda/setupIndex.ts

@@ -42,7 +42,7 @@ export const handler: Handler = async (event, __, callback) => {
     });
     await manageIndexResource({
       osDomain: event.osDomain,
-      index: "legacyinsights",
+      index: `${event.indexNamespace}legacyinsights`,
     });
   } catch (error: any) {
     response.statusCode = 500;

lib/local-constructs/cloudwatch-to-s3/index.ts

@@ -43,17 +43,22 @@ export class CloudWatchToS3 extends Construct {
         removalPolicy: cdk.RemovalPolicy.DESTROY,
       });
 
-    this.logBucket.addToResourcePolicy(
-      new PolicyStatement({
-        effect: Effect.DENY,
-        principals: [new AnyPrincipal()],
-        actions: ["s3:*"],
-        resources: [this.logBucket.bucketArn, `${this.logBucket.bucketArn}/*`],
-        conditions: {
-          Bool: { "aws:SecureTransport": "false" },
-        },
-      }),
-    );
+    if (!bucket) {
+      this.logBucket.addToResourcePolicy(
+        new PolicyStatement({
+          effect: Effect.DENY,
+          principals: [new AnyPrincipal()],
+          actions: ["s3:*"],
+          resources: [
+            this.logBucket.bucketArn,
+            `${this.logBucket.bucketArn}/*`,
+          ],
+          conditions: {
+            Bool: { "aws:SecureTransport": "false" },
+          },
+        }),
+      );
+    }
 
     // Create a Firehose role
     const firehoseRole = new Role(this, "FirehoseRole", {

lib/packages/shared-types/opensearch/main/transforms/new-submission.ts

@@ -76,9 +76,10 @@ export const transform = (id: string) => {
         changedDate: getDateStringOrNullFromEpoc(data.changedDate),
         subject: null,
         description: null,
-        makoChangedDate: !!data.timestamp
-          ? new Date(data.timestamp).toISOString()
-          : null,
+        makoChangedDate:
+          typeof data.timestamp === "number"
+            ? new Date(data.timestamp).toISOString()
+            : null,
         // ----------
       };
     } else {

lib/packages/shared-types/opensearch/main/transforms/remove-appk-child.ts

@@ -5,7 +5,8 @@ export const transform = (id: string) => {
     return {
       id,
       appkParentId: null,
-      makoChangedDate: !!data.timestamp
+      appkParent: true,
+      makoChangedDate: data.timestamp
         ? new Date(data.timestamp).toISOString()
         : null,
     };

lib/stacks/data.ts

@@ -207,7 +207,7 @@ export class Data extends cdk.NestedStack {
           nodeToNodeEncryptionOptions: { enabled: true },
           domainEndpointOptions: {
             enforceHttps: true,
-            tlsSecurityPolicy: "Policy-Min-TLS-1-2-2019-07",
+            tlsSecurityPolicy: "Policy-Min-TLS-1-2-PFS-2023-10",
           },
           cognitoOptions: {
             enabled: true,
@@ -237,6 +237,52 @@ export class Data extends cdk.NestedStack {
               .slice(0, 3)
               .map((subnet) => subnet.subnetId),
           },
+          logPublishingOptions: {
+            AUDIT_LOGS: {
+              enabled: true,
+              cloudWatchLogsLogGroupArn: new cdk.aws_logs.LogGroup(
+                this,
+                "OpenSearchAuditLogGroup",
+                {
+                  logGroupName: `/aws/opensearch/${project}-${stage}-audit-logs`,
+                  removalPolicy: cdk.RemovalPolicy.DESTROY,
+                },
+              ).logGroupArn,
+            },
+            INDEX_SLOW_LOGS: {
+              enabled: true,
+              cloudWatchLogsLogGroupArn: new cdk.aws_logs.LogGroup(
+                this,
+                "OpenSearchIndexSlowLogGroup",
+                {
+                  logGroupName: `/aws/opensearch/${project}-${stage}-index-slow-logs`,
+                  removalPolicy: cdk.RemovalPolicy.DESTROY,
+                },
+              ).logGroupArn,
+            },
+            SEARCH_SLOW_LOGS: {
+              enabled: true,
+              cloudWatchLogsLogGroupArn: new cdk.aws_logs.LogGroup(
+                this,
+                "OpenSearchSearchSlowLogGroup",
+                {
+                  logGroupName: `/aws/opensearch/${project}-${stage}-search-slow-logs`,
+                  removalPolicy: cdk.RemovalPolicy.DESTROY,
+                },
+              ).logGroupArn,
+            },
+            ES_APPLICATION_LOGS: {
+              enabled: true,
+              cloudWatchLogsLogGroupArn: new cdk.aws_logs.LogGroup(
+                this,
+                "OpenSearchApplicationLogGroup",
+                {
+                  logGroupName: `/aws/opensearch/${project}-${stage}-application-logs`,
+                  removalPolicy: cdk.RemovalPolicy.DESTROY,
+                },
+              ).logGroupArn,
+            },
+          },
         },
       );
 
@@ -300,7 +346,7 @@ export class Data extends cdk.NestedStack {
         securityGroups: [lambdaSecurityGroup],
         environment: {
           brokerString,
-          region: this.region,
+          region: cdk.Stack.of(this).region,
           osDomain: `https://${openSearchDomain.attrDomainEndpoint}`,
         },
         bundling: {
@@ -321,7 +367,7 @@ export class Data extends cdk.NestedStack {
         serviceToken: customResourceProvider.serviceToken,
         properties: {
           OsDomain: `https://${openSearchDomain.attrDomainEndpoint}`,
-          IamRoleName: `arn:aws:iam::${this.account}:role/*`,
+          IamRoleName: `arn:aws:iam::${cdk.Stack.of(this).account}:role/*`,
           MasterRoleToAssume: openSearchMasterRole.roleArn,
           OsRoleName: "all_access",
         },
@@ -506,7 +552,7 @@ export class Data extends cdk.NestedStack {
             new cdk.aws_iam.PolicyStatement({
               actions: ["lambda:InvokeFunction"],
               resources: [
-                `arn:aws:lambda:${this.region}:${this.account}:function:${project}-${stage}-${stack}-*`,
+                `arn:aws:lambda:${cdk.Stack.of(this).region}:${cdk.Stack.of(this).account}:function:${project}-${stage}-${stack}-*`,
               ],
             }),
           ],

lib/stacks/email.ts

@@ -4,6 +4,7 @@ import * as path from "path";
 import { NodejsFunction } from "aws-cdk-lib/aws-lambda-nodejs";
 import { ISubnet } from "aws-cdk-lib/aws-ec2";
 import { CfnEventSourceMapping } from "aws-cdk-lib/aws-lambda";
+import * as LC from "local-constructs";
 
 interface EmailServiceStackProps extends cdk.StackProps {
   project: string;
@@ -91,6 +92,25 @@ export class Email extends cdk.NestedStack {
       removalPolicy: cdk.RemovalPolicy.DESTROY,
     });
 
+    emailDataBucket.addToResourcePolicy(
+      new cdk.aws_iam.PolicyStatement({
+        effect: cdk.aws_iam.Effect.DENY,
+        principals: [new cdk.aws_iam.AnyPrincipal()],
+        actions: ["s3:*"],
+        resources: [
+          emailDataBucket.bucketArn,
+          `${emailDataBucket.bucketArn}/*`,
+        ],
+        conditions: {
+          Bool: { "aws:SecureTransport": "false" },
+        },
+      }),
+    );
+
+    new LC.EmptyBuckets(this, "EmptyBuckets", {
+      buckets: [emailDataBucket],
+    });
+
     // SES Configuration Set
     const configurationSet = new cdk.aws_ses.CfnConfigurationSet(
       this,

react-app/src/components/Opensearch/main/Filtering/Drawer/consts.ts

@@ -106,7 +106,7 @@ export const DATE_LATESTPACKAGEACTIVITY: DrawerFilterableGroup = {
 };
 
 export const DATE_RAIRECEIVED: DrawerFilterableGroup = {
-  label: "Formal RAI Received",
+  label: "Formal RAI Response",
   field: "raiReceivedDate",
   component: "dateRange",
   prefix: "must",

react-app/src/features/dashboard/Lists/spas/consts.tsx

@@ -149,7 +149,7 @@ export const useSpaTableColumns = (): OsTableColumn[] => {
     },
     {
       field: "raiReceivedDate",
-      label: "Formal RAI Received",
+      label: "Formal RAI Response",
       transform: (data) => {
         return data.raiReceivedDate
           ? formatSeatoolDate(data.raiReceivedDate)

react-app/src/features/dashboard/Lists/waivers/consts.tsx

@@ -165,7 +165,7 @@ export const useWaiverTableColumns = (): OsTableColumn[] => {
     },
     {
       field: "raiReceivedDate",
-      label: "Formal RAI Received",
+      label: "Formal RAI Response",
       transform: (data) => {
         return data.raiReceivedDate
           ? formatSeatoolDate(data.raiReceivedDate)

react-app/src/features/package/index.tsx

@@ -35,21 +35,6 @@ export const DetailsContent: FC<{ id: string }> = ({ id }) => {
   if (isLoading) return <LoadingSpinner />;
   if (!data?._source) return <LoadingSpinner />;
   if (error) return <ErrorAlert error={error} />;
-  const title =
-    (() => {
-      switch (data._source.authority) {
-        case Authority["1915b"]:
-        case Authority["1915c"]:
-        case undefined: // Some TEs have no authority
-          if (data._source.appkParent)
-            return "Appendix K Amendment Package Details";
-          else if (data._source.actionType == "Extend")
-            return "Temporary Extension Request Details";
-          else return undefined;
-        default:
-          return undefined;
-      }
-    })() || `${data._source.authority} Package Details`;
 
   return (
     <div className="w-full py-1 px-4 lg:px-8">
@@ -61,7 +46,7 @@ export const DetailsContent: FC<{ id: string }> = ({ id }) => {
         <PackageActionsCard id={id} />
       </section>
       <div className="flex flex-col gap-3">
-        <PackageDetails title={title} />
+        <PackageDetails itemResult={data} />
         <PackageActivities />
         <AdminChanges />
       </div>

react-app/src/features/package/package-activity/index.tsx

@@ -11,8 +11,8 @@ import {
 import * as Table from "@/components";
 import { BLANK_VALUE } from "@/consts";
 import { usePackageActivities, useAttachmentService } from "./hook";
-import { Link } from "@/components/Routing";
 import { attachmentTitleMap } from "shared-types";
+import { Link } from "react-router-dom";
 
 // id, attachments, hook
 const AttachmentDetails: FC<{
@@ -54,8 +54,7 @@ export const PA_AppkParentRemovedChild: FC<opensearch.changelog.Document> = (
   return (
     <div className="flex gap-1">
       <Link
-        path="/details"
-        query={{ id: props.appkChildId }}
+        to={`/details/${props.authority}/${props.appkChildId}`}
         className="hover:underline font-semibold text-blue-600"
       >
         {props.appkChildId}
@@ -72,8 +71,7 @@ export const PA_AppkChildRemovedFromParent: FC<
     <div className="flex gap-1">
       <p>Removed from:</p>
       <Link
-        path="/details"
-        query={{ id: props.appkParentId }}
+        to={`/details/${props.authority}/${props.appkParentId}`}
         className="hover:underline font-semibold text-blue-600"
       >
         {props.appkParentId}

react-app/src/features/package/package-details/hooks.tsx

@@ -126,7 +126,7 @@ export const recordDetails = (
     canView: () => true,
   },
   {
-    label: "Formal RAI received",
+    label: "Formal RAI response",
     value: data.raiReceivedDate
       ? formatSeatoolDate(data.raiReceivedDate)
       : BLANK_VALUE,

react-app/src/features/package/package-details/index.tsx

@@ -6,13 +6,14 @@ import {
   submissionDetails,
 } from "./hooks";
 
-import { FC } from "react";
+import { FC, useMemo } from "react";
 
 import { DetailSectionItem } from "./hooks";
 import { useGetUser } from "@/api/useGetUser";
 import { AppK } from "./appk";
 import { cn } from "@/utils";
-import { usePackageDetailsCache } from "..";
+import { Authority } from "shared-types";
+import { ItemResult } from "shared-types/opensearch/main";
 
 export const DetailItemsGrid: FC<{
   displayItems: DetailSectionItem[];
@@ -41,24 +42,39 @@ export const DetailItemsGrid: FC<{
   );
 };
 
-export const PackageDetails: FC<{
-  title: string;
-}> = (props) => {
-  const { data } = usePackageDetailsCache();
+type PackageDetailsProps = {
+  itemResult: ItemResult;
+};
+
+export const PackageDetails = ({ itemResult }: PackageDetailsProps) => {
+  const title = useMemo(() => {
+    const { _source: source } = itemResult;
+
+    switch (source.authority) {
+      case Authority["1915b"]:
+      case Authority["1915c"]:
+      case undefined: // Some TEs have no authority
+        if (source.appkParent) return "1915(c) Appendix K Package Details";
+        if (source.actionType == "Extend")
+          return "Temporary Extension Request Details";
+    }
+
+    return `${source.authority} Package Details`;
+  }, [itemResult]);
 
   return (
-    <DetailsSection id="package_details" title={props.title}>
+    <DetailsSection id="package_details" title={title}>
       <div className="flex-col gap-4 max-w-2xl">
         <DetailItemsGrid
           displayItems={[
-            ...recordDetails(data),
-            ...approvedAndAEffectiveDetails(data),
-            ...descriptionDetails(data),
+            ...recordDetails(itemResult._source),
+            ...approvedAndAEffectiveDetails(itemResult._source),
+            ...descriptionDetails(itemResult._source),
           ]}
           containerStyle="py-4"
         />
         <hr className="my-4" />
-        <DetailItemsGrid displayItems={submissionDetails(data)} />
+        <DetailItemsGrid displayItems={submissionDetails(itemResult._source)} />
         <AppK />
       </div>
     </DetailsSection>