Skip to content

Latest commit

 

History

History
836 lines (465 loc) · 71 KB

CHANGELOG.md

File metadata and controls

836 lines (465 loc) · 71 KB
Raw

Changelog

3.27.0 (2024-12-09)

Features

  • Update to latest dynamic IP blocking module (#892) (d14ff31)

Bug Fixes

  • Add egress rule from lambda to db (#914) (de7d49d)
  • Add missing api path check on APP WAF rule (#901) (9adb41d)
  • Inverted privatelink rule (#913) (608d401)
  • Nagware should handle form template with empty name (#915) (c841f3a)
  • no healthy hosts alarms should treat missing data as breaching (#918) (190752d)
  • RDS serverless v2 Terraform sync (#911) (d632641)
  • update api cloudwatch filter to catch logMessage style json (#902) (a5d57da)
  • WAF rule logic (#900) (11b40f3)

Miscellaneous Chores

  • Comment out OR statement in WAF for now (#899) (59cc5a9)
  • Enable dynamic ip block on WAF (#917) (7d9bf12)
  • re-enable TF management of rds module (#916) (8111786)
  • remove POST request limit (#909) (0db1847)
  • Replace rds data client in reliability and nagware lambdas (#906) (3c0bcff)
  • Seperate WAF uri checks contexts between API and App (#896) (116af75)
  • temporarily disable rds module plan/apply (#908) (1060361)
  • Update Lambda network and change RDS Lib in Lambdas (#912) (788b0bc)
  • Update terraform, terragrunt,and AWS provider (#898) (287c6d1)

3.26.0 (2024-11-20)

Features

  • add CreatedAt field to Vault CONF# items (#810) (f03ba83)

Bug Fixes

  • Updates responses to use "-" for no responses (#893) (a54e988)

3.25.3 (2024-11-19)

Bug Fixes

  • Remove rate limiting WAF on api domain url (#889) (0f92923)

Miscellaneous Chores

3.25.2 (2024-11-06)

Miscellaneous Chores

3.25.1 (2024-10-31)

Bug Fixes

  • Certain Redis infra features need to be disabled for localstack (#880) (38d69c1)

Miscellaneous Chores

  • Remove warn on grant and revoke form access (#883) (d434639)

3.25.0 (2024-10-21)

Features

  • add IdP, API and form submit performance tests (#853) (15c4d56)
  • add SSM parameters for the load tests (#872) (b6204ff)

Bug Fixes

  • Add missing workflow change for staging terraform plan (#870) (1de10af)
  • deps: update all minor dependencies (#516) (a493e1c)
  • deps: update dependency axios to v1.7.4 [security] (#779) (c067222)

Miscellaneous Chores

  • deps: update all non-major docker images (#704) (407cb32)
  • upgrade ALB to latest recommend SSL policy (#868) (591f3c8)

3.24.3 (2024-10-15)

Bug Fixes

Miscellaneous Chores

  • deps: update all non-major github action dependencies (#861) (924fd3b)
  • deps: update all non-major github action dependencies (#866) (b6571e3)
  • suppress user OIDC request errors (#865) (9995021)
  • synced file(s) with cds-snc/site-reliability-engineering (#863) (704ad73)

3.24.2 (2024-10-07)

Bug Fixes

3.24.1 (2024-10-01)

Bug Fixes

  • adjust IdP CloudWatch alarm error filter (#849) (7444d25)

Miscellaneous Chores

  • deps: update actions/setup-node action to v4.0.4 (#851) (63998b7)
  • synced file(s) with cds-snc/site-reliability-engineering (#848) (b43f0f2)

3.24.0 (2024-09-23)

Features

Miscellaneous Chores

3.23.1 (2024-09-23)

Bug Fixes

  • set default OIDC token expiry times (#834) (ffd6e97)
  • test if Notify Slack log message JSON is valid (#838) (2878a0d)
  • upgrade ecs module to stop task revision flip-flop (#842) (d2b9882)

Miscellaneous Chores

  • deps: update actions/create-github-app-token action to v1.11.0 (#843) (df37373)
  • downgrade to Zitadel v2.61.1 (#833) (678ebca)
  • reduce Zitadel token timeout to 30 mins (#837) (89b31c5)
  • remove IdP and API feature flags (#841) (5003a42)
  • suppress context canceled IdP errors (#836) (b5fd220)
  • synced file(s) with cds-snc/site-reliability-engineering (#825) (d47d9cf)
  • synced file(s) with cds-snc/site-reliability-engineering (#835) (8210659)
  • upgrade to Zitadel v2.62.0 (#832) (099a5b2)

3.23.0 (2024-09-16)

Features

Miscellaneous Chores

  • deps: update all non-major github action dependencies (#828) (a3988e8)

3.22.0 (2024-09-13)

Features

3.21.0 (2024-09-12)

Features

3.20.0 (2024-09-12)

Features

  • add IPv4 blocklist rule to App, IdP WAF ACLs (#821) (09210fb)

Bug Fixes

  • add HealthyHostCount alarms to App, IdP, API (#818) (0e2301d)
  • remove OK actions from critical alarms (#819) (27de887)
  • use maximum CPU/memory stat for alarms (#820) (9e53e16)

Miscellaneous Chores

  • synced file(s) with cds-snc/site-reliability-engineering (#814) (7cd2407)

3.19.0 (2024-09-10)

Features

  • add a new GSI to support the API endpoint returning the submission names sorted by creation time (#799) (0e782ab)
  • add ENVIRONMENT_MODE env var to API ECS task (#797) (00176a4)
  • add Freshdesk API key secret to API ECS task (#795) (bfc68e9)
  • add Redis URL to the API ECS task (#801) (0530fe5)
  • allow API to access Redis (#790) (e127f66)
  • cache the Nagware overdue response form IDs (#808) (8ef2d6a)
  • Nagware Lambda connect to Redis (#807) (c57f45b)
  • run Nagware every day (#811) (d87a640)
  • use RDS Proxy for IdP database connection pool (#788) (c3f7b7b)

Bug Fixes

  • add missing input variable for sentry api (#798) (337f220)
  • allow API ECS task runtime secret access (#815) (85940c3)
  • Allow API to access RDS connection url secret (#813) (ea2f71c)
  • API Redis URL add protocol and port (#802) (ab6a87e)
  • deploy new IdP image if changes (#805) (921fbc9)
  • ECS task to access to Sentry secret (#803) (3dc3824)
  • increase blanket WAF ACL rate limit (#812) (c1aca16)

Miscellaneous Chores

  • deps: update aws-actions/amazon-ecs-render-task-definition action to v1.5.1 (#809) (83db613)
  • increase memory scaling limit to 25 percent (#800) (7ee82c4)
  • Sentry API key setup (#796) (5e6bb31)
  • synced file(s) with cds-snc/site-reliability-engineering (#777) (78d2bc9)
  • upgrade Zitadel to v2.55.6 (#806) (b108e32)

Code Refactoring

  • remove axios instance in GCNotifyClient (#804) (6d2a721)
  • reword error log for when a GC Notify request times out (#792) (132e992)

3.18.3 (2024-08-27)

Bug Fixes

  • wrong import in Cognito Email Sender lambda function (#786) (f1cfae9)

3.18.2 (2024-08-22)

Bug Fixes

  • add api missing variables (zitadel domain and app key) (#781) (0d92933)
  • attach permission to retrieve secrets to API ECS task (#783) (b2d73f8)
  • permission to use DynamoDB was not properly set in the ECS task configuration (#784) (ee6c425)
  • permission to use KMS was not properly set in the ECS task configuration (#785) (6101829)

3.18.1 (2024-08-13)

Bug Fixes

  • Attach files from fileInputs in a dynamicRow (#776) (b8084a8)

3.18.0 (2024-08-12)

Features

Bug Fixes

Miscellaneous Chores

  • add alarms for all IdP LB target groups (#773) (cb8768c)
  • add AWS CLI prerequisite to README.md (#775) (0001d46)
  • prepare zitadel variables for production deployment (#774) (1607916)
  • update IdP DMARC security email (#769) (4a7e047)

3.17.0 (2024-08-08)

Features

Bug Fixes

Miscellaneous Chores

  • add OpenAPI doc route to WAF (#761) (010fcec)
  • added rds_connector_db_password variable to RDS terragrunt.hcl file (#757) (2173fca)
  • remove completed import blocks (#755) (2170624)
  • rename ECS API task from form-api to forms-api (#766) (391ff5e)
  • synced file(s) with cds-snc/site-reliability-engineering (#752) (67e6358)
  • upgrade to Release Please v4 (#765) (ae1920e)

3.16.0 (2024-07-29)

Features

Bug Fixes

3.15.0 (2024-07-23)

Features

  • add API ECS service to the Forms cluster (#734) (62d1753)

Bug Fixes

  • block invalid host requests to the IdP (#732) (7ad863d)
  • convert LB security rules to standalone (#740) (443fe06)
  • terraform script for athena-dynamodb (#738) (0d16981)
  • Use a custom policy for the dynamodb-lambda connector (allows access to AuditLog only) (#731) (089f27d)

Miscellaneous Chores

  • upgrade to latest Terraform and Terragrunt (#735) (c21f697)
  • upgrade to latest Terraform AWS provider (#739) (981e82f)

3.14.1 (2024-07-18)

Bug Fixes

  • alarm module apply when idp not enabled (#728) (e48896e)
  • response archiver lambda will ignore confirmation code entries in the DynamoDB Vault table when scanning for items (#730) (dbd7242)

3.14.0 (2024-07-16)

Features

  • add IdP CloudWatch alarms (#720) (f2696eb)
  • Enable Amazon Athena to communicate with DynamoDB (#723) (188824d)

Bug Fixes

  • Change the Archive Index key projection back to All (#727) (4cdccf5)
  • Updates global indexes to only project needed keys (#725) (78ef137)

Miscellaneous Chores

  • deps: update all non-major github action dependencies (#721) (aa42dae)
  • switch from using GSIs to Scan operations for both the response archiver and the nagware lambda functions (#726) (c09caba)
  • synced file(s) with cds-snc/site-reliability-engineering (#722) (605faef)

3.13.0 (2024-07-05)

Features

  • increase the number of form viewer tasks in prod (#717) (0a252de)

Bug Fixes

3.12.0 (2024-07-04)

Features

  • add IdP Staging Terraform plan/apply steps (#714) (c3f3958)
  • add module for Zitadel IdP infrastructure (#708) (c6835b2)
  • add SPF, DKIM and DMARC DNS records (#716) (e6b9641)
  • send IdP emails using SES SMTP server (#715) (f1150e7)

Bug Fixes

Miscellaneous Chores

  • synced file(s) with cds-snc/site-reliability-engineering (#707) (324cea1)

3.11.1 (2024-06-27)

Bug Fixes

  • ECS task definition constant change on TF plan (#709) (20e0a2e)

3.11.0 (2024-06-24)

Features

  • add CloudWatch Lambda function invocation alarms (#706) (24a6cd6)
  • health check alarm for submission lambda invocations (#703) (4795366)

Bug Fixes

  • switch dashboard to log insight graphs (#702) (5d741df)

Miscellaneous Chores

  • deps: update actions/checkout action to v4.1.7 (#705) (77f33c4)
  • solidify lambda functions matrix definition using a configuration file where we list functions that need to be deployed in production (#699) (4ea0a7f)
  • synced file(s) with cds-snc/site-reliability-engineering (#693) (7f26d0e)

3.10.2 (2024-06-18)

Bug Fixes

Miscellaneous Chores

  • remove forms-terraform-apply-release OIDC role (#696) (69bb7e1)

3.10.1 (2024-06-18)

Bug Fixes

3.10.0 (2024-06-17)

Features

  • add CloudWatch metrics for Lambda behaviour (#683) (489db64)
  • add form submission health check metrics (#681) (182e920)
  • add health dashboard sections (#692) (142e41d)
  • add system health dashboard (#688) (74b810f)
  • add workflow to catch release of reverted tags (#684) (bde87ea)
  • connects new healthchecks logs from web app in GC Forms healtcheck dashboard (#689) (f908efd)
  • simplify production release reverts (#678) (f8af121)

Bug Fixes

  • Athena load balancer create table query (#679) (140a250)
  • checkout code for update lambda workflow step (#685) (944fdf8)
  • healthchecks dashboard layout is broken (#690) (e45dff3)

Miscellaneous Chores

  • deps: update actions/checkout action to v4 (#686) (a3bdd69)
  • deps: update actions/github-script action to v7 (#687) (a7f1bc4)
  • deps: update all non-major docker images (#636) (2ac8525)
  • deps: update all non-major github action dependencies (#549) (554e8b6)
  • deps: update localstack/localstack docker digest to c7a01ee (#691) (2f73044)
  • synced file(s) with cds-snc/site-reliability-engineering (#665) (a671f77)
  • update codeowners to protect version.txt (#682) (7098c54)

3.9.4 (2024-06-04)

Bug Fixes

  • remove use of always() in the TF apply jobs (#672) (01d12fa)

3.9.3 (2024-06-03)

Bug Fixes

  • remove load-testing lambda deployment from apply production workflow (#675) (62a7e26)

Miscellaneous Chores

  • add more information to the error message we get when failing to save a submission (#673) (1265b9c)
  • fix Lambda deployment issue with Localstack (#676) (860136b)

3.9.2 (2024-05-30)

Bug Fixes

  • Remove CSRF regex pattern from WAF out-of-country rule (#671) (6e98154)

Miscellaneous Chores

  • use static array of lambda name when deploying to production (#669) (15baf0b)

3.9.1 (2024-05-30)

Bug Fixes

3.9.0 (2024-05-17)

Features

  • add TF_VAR check and conventional commit lint workflows (#663) (bf44015)

Bug Fixes

  • include the mfa endpoint for WAF detection (0a3baea)
  • missing runs on property in Github workflow (#647) (94b3e2f)
  • modify the load balancer endpoint so it works with both the pre-app router and the new app router (7a16224)
  • notify slack lambda function had missing scripts in package.json (#660) (db9f8cd)
  • Update Notify error handling across lambdas (#651) (de189e2)
  • wrong job dependency name in Github Workflow (#648) (342ecb1)

Miscellaneous Chores

  • add permission for ECS task to call legacy submission Lambda function name (#643) (66f98b9)
  • added description in all package.json files (#649) (2b7ea5c)
  • added test-lambda-code job to Github workflow (#658) (87c2939)
  • adjust WAF rules (e9a3b8a)
  • Disable OpsGenie alerting for non-production environment (72fc8cb)
  • Github workflow deployment script not working as intended (#655) (f6d16cf)
  • sanitize GitHub workflow logs (e7e9537)
  • wait for lambdas images to be ready to use before applying Terraform modules (#650) (3ca2993)

Code Refactoring

  • convert Lambda code from S3 binary object to ECR container image (#626) (524d68f)

3.8.5 (2024-04-30)

Miscellaneous Chores

  • set force_destroy to true on Lambda code bucket in preparation for the Lambda containerization upgrade which will delete this bucket (#641) (a20e4cb)

3.8.4 (2024-04-23)

Bug Fixes

  • update name of Notify callback token TF variable (#639) (269ac5a)

3.8.3 (2024-04-22)

Bug Fixes

  • changed TTL field type from String to Number in ReliabilityQueue DynamoDB table (#637) (868fa43)

3.8.2 (2024-04-18)

Miscellaneous Chores

  • deps: update all non-major docker images (#500) (dc47785)

3.8.1 (2024-04-16)

Bug Fixes

3.8.0 (2024-04-16)

Features

  • deploy redis and postgresql in localstack (#620) (20e0fc1)

Bug Fixes

  • Add missing component (combobox / searchable list) for email responses (4cbd734)

3.7.2 (2024-03-26)

Miscellaneous Chores

  • synced file(s) with cds-snc/site-reliability-engineering (#555) (bfd81fe)
  • synced file(s) with cds-snc/site-reliability-engineering (#621) (dd097d1)

3.7.1 (2024-03-15)

Bug Fixes

  • async issue with lambda notification logic (#616) (a344cc1)
  • the alarm monitoring for 'unhealthyhost' wasn't working properly (#614) (4309971)

Code Refactoring

  • lambda that notifies slack and opsgenie (#609) (ba562d3)

3.7.0 (2024-02-29)

Features

  • enable file scanning on Vault S3 bucket (#611) (a44318c)

Bug Fixes

  • cloudwatch alarm configuration for unhealthy host (#604) (dbdbba1)

Miscellaneous Chores

  • Rename next auth url in preperation for next auth upgrade (f16e080)

3.6.0 (2024-02-27)

Features

Bug Fixes

  • add a way of unit testing lambda quickly and fix the lowercase logical error (#600) (4b733d7)
  • add missing subscription filter to audit logs archiver lambda logs (#597) (0def180)
  • missing permissions for the audit logs archiver lambda to access S3 bucket (#601) (05ce856)

3.5.2 (2024-02-08)

Bug Fixes

  • deployment issue due to audit logs TTL resource block that is not needed anymore (#594) (9cd9098)
  • nagware lambda trigger CRON definition is incorrect (#595) (c7513ff)

Miscellaneous Chores

  • create env file that gets automatically loaded when we start the infra in Localstack (#592) (b28c633)
  • reduce number of Nagware emails and Slack notifications (#591) (655061a)

3.5.1 (2024-01-29)

Bug Fixes

Miscellaneous Chores

3.5.0 (2024-01-25)

Features

  • add new cloudwatch alarm and waf rule for Cognito login outside Canada (#558) (d23a252)
  • disable health check until maintenance mode implementation is finalized (#538) (41c7d0a)
  • enable deletion protection on all DynamoDB tables (#580) (62a00aa)
  • implement maintenance page design (#544) (418b71a)
  • OIDC roles for GitHub workflows (#568) (3840ad9)
  • redirect to static maintenance web page when in maintenance mode or service is down (#530) (a99ccbe)
  • send notification on Slack when a timeout is detected in the lambda logs (#581) (d200b33)

Bug Fixes

  • acl not required with bucket ownership controls (#570) (1e31ae7)
  • Check for localstack or AWS env (#547) (f0e15b2)
  • deps: update dependency axios to v1 [security] (#531) (9860d8e)
  • ecs force deployment option (#573) (2d0e004)
  • enable code signing on Vault data integrity check lambda (#548) (50e1edc)
  • GC Notify API Key is not properly passed to Nagware and Reliability lambdas (#553) (0c9bfaa)
  • GitHub workflow OIDC role claims (#575) (bee2a0a)
  • import pg package was not properly done in Nagware lambda (#554) (58fdc66)
  • initialization of NotifyClient is not working because of the way we pass the API key (#576) (bd1904e)
  • intergrity alarm (#542) (7440068)
  • maintenance mode deployment issue (#533) (a0ff418)
  • maintenance mode deployment issues second try (#534) (35f59eb)
  • maintenance mode WAF rules to allow for new page resources to be loaded (#550) (98cbf18)
  • Missed an S3 ACL on previous PR (#572) (783c8bc)
  • missing aliases in Cloudfront distribution (#540) (6f95764)
  • missing provider in WAF regex pattern set (#552) (44ddbad)
  • missing provider in waf rule (#537) (6926dc3)
  • missing WAF rule and certificate. Health check now targets load balancer DNS (#535) (85b8ea5)
  • PR review OIDC role for VPC lambda deploys (#578) (e4c8376)
  • revert certificate changes including ELB DNS (#536) (a4e41a1)
  • rework response archiver lambda (#577) (e5da375)
  • split Staging/Prod use of Scan Files service (#569) (d043405)
  • update Terragrunt mock values to fix TF plan (#583) (26e4374)
  • update to README file, adjust iterator age alarm threshold and fix to vault data integrity check local lambda test script (#525) (0761ad0)
  • WAF rule for maintenance mode not having proper scope (#551) (f90bddc)

Miscellaneous Chores

  • AWS Provider upgrade (#556) (1d6273c)
  • create production import.tf file (#584) (9d3b92a)
  • created local '.github/workflows/backstage-catalog-helper.yml' from remote 'tools/sre_file_sync/backstage-catalog-helper.yml' (#520) (c4f5f0d)
  • deps: update all non-major github action dependencies (#512) (75bc194)
  • reorganization of infrastructure as code for better local development (#532) (6f84917)
  • update email with sign off language rather than confirm language (#541) (64158be)
  • Update README.md (#506) (00ee9ca)

3.4.0 (2023-10-25)

Features

Bug Fixes

  • ACM cert not being recreated on domain name addition (#518) (2ba215d)
  • handle duplicate log events (#511) (e8de8d6)
  • site verification files allowed path were not properly included in regex (#510) (30a9c8b)
  • temporarily remove additional domain names (#519) (5e5a50f)

Miscellaneous Chores

  • allow path to verification files for search engines tool (#509) (2fba19c)
  • deps: update all non-major github action dependencies (#501) (c9c3b84)
  • synced file(s) with cds-snc/site-reliability-engineering (#508) (14f249d)

3.3.1 (2023-09-25)

Miscellaneous Chores

  • Add release manifest code owners (#499) (d63e8a2)
  • synced file(s) with cds-snc/site-reliability-engineering (#498) (9a93c2f)

3.3.0 (2023-09-19)

Features

Bug Fixes

  • Add missing freshdesk api key to ecs task (d8a96ac)
  • format of TF workflow Slack webhook URL (#496) (4bb5ca2)
  • Github action logic for release-generator (#479) (dbb3a77)
  • IAM permission for freshdesk secret (f22ee82)
  • release generator token step (#495) (ae47a64)
  • set target Slack channel for notification (#487) (fee609c)

Miscellaneous Chores

  • deps: lock file maintenance (#467) (d9329d5)
  • deps: update all non-major docker images (#465) (1766d88)
  • deps: update all non-major docker images (#488) (1e3d5c3)
  • deps: update all non-major github action dependencies (#466) (38611b1)
  • deps: update all non-major github action dependencies (#472) (fb2c43c)
  • deps: update aws-actions/configure-aws-credentials digest to fbaaea8 (#489) (f0f7f6b)
  • release generator (#475) (31e1b98)
  • release generator fix (#484) (661cf9a)
  • synced file(s) with cds-snc/site-reliability-engineering (#468) (563f2af)
  • synced file(s) with cds-snc/site-reliability-engineering (#490) (74cc135)
  • synced local '.github/workflows/ossf-scorecard.yml' with remote 'tools/sre_file_sync/ossf-scorecard.yml' (#470) (4565dcf)
  • synced local '.github/workflows/ossf-scorecard.yml' with remote 'tools/sre_file_sync/ossf-scorecard.yml' (#486) (8b3eee3)
  • upgrade python image (#471) (e75ef9b)
  • use GitHub app token with release-please (#491) (92f10eb)

Code Refactoring

  • split out security group rules from inline (6eaee25)