Merge pull request #841 from ASFHyP3/develop

Release 2.9.0

.github/workflows/deploy.yml → .github/workflows/deploy-daac.yml

@@ -1,4 +1,4 @@
-name: Deploy to AWS
+name: Deploy DAAC Stacks to AWS
 
 on:
   push:
@@ -74,76 +74,6 @@ jobs:
             security_environment: EDC
             ami_id: image_id_ecs_amz2
 
-          #- environment: hyp3-its-live
-          #  domain: hyp3-its-live.asf.alaska.edu
-          #  template_bucket: cf-templates-3o5lnspmwmzg-us-west-2
-          #  image_tag: latest
-          #  product_lifetime_in_days: 180
-          #  quota: 0
-          #  deploy_ref: refs/heads/main
-          #  job_files: job_spec/AUTORIFT_ITS_LIVE.yml
-          #  default_max_vcpus: 1600
-          #  expanded_max_vcpus: 1600
-          #  required_surplus: 0
-          #  security_environment: JPL
-          #  ami_id: /aws/service/ecs/optimized-ami/amazon-linux-2/recommended/image_id
-
-          - environment: hyp3-autorift
-            domain: hyp3-autorift.asf.alaska.edu
-            template_bucket: cf-templates-igavixdzdy7k-us-west-2
-            image_tag: latest
-            product_lifetime_in_days: 180
-            quota: 0
-            deploy_ref: refs/heads/main
-            job_files: job_spec/AUTORIFT_ITS_LIVE.yml
-            default_max_vcpus: 1600
-            expanded_max_vcpus: 1600
-            required_surplus: 0
-            security_environment: ASF
-            ami_id: /aws/service/ecs/optimized-ami/amazon-linux-2/recommended/image_id
-
-          - environment: hyp3-autorift-eu
-            domain: hyp3-autorift-eu.asf.alaska.edu
-            template_bucket: cf-templates-autorift-eu-central-1
-            image_tag: latest
-            product_lifetime_in_days: 180
-            quota: 0
-            deploy_ref: refs/heads/main
-            job_files: job_spec/AUTORIFT_ITS_LIVE_EU.yml
-            default_max_vcpus: 1600
-            expanded_max_vcpus: 1600
-            required_surplus: 0
-            security_environment: ASF
-            ami_id: /aws/service/ecs/optimized-ami/amazon-linux-2/recommended/image_id
-
-          #- environment: hyp3-isce
-          #  domain: hyp3-isce.asf.alaska.edu
-          #  template_bucket: cf-templates-t790khv4btdq-us-west-2
-          #  image_tag: latest
-          #  product_lifetime_in_days: 180
-          #  quota: 0
-          #  deploy_ref: refs/heads/main
-          #  job_files: job_spec/INSAR_ISCE.yml job_spec/INSAR_ISCE_TEST.yml
-          #  default_max_vcpus: 1600
-          #  expanded_max_vcpus: 1600
-          #  required_surplus: 0
-          #  security_environment: ASF
-          #  ami_id: /aws/service/ecs/optimized-ami/amazon-linux-2/recommended/image_id
-
-          #- environment: hyp3-tibet
-          #  domain: hyp3-tibet.asf.alaska.edu
-          #  template_bucket: cf-templates-ejaipnrxq7xg-us-west-2
-          #  image_tag: latest
-          #  product_lifetime_in_days: 180
-          #  quota: 0
-          #  deploy_ref: refs/heads/main
-          #  job_files: job_spec/INSAR_ISCE.yml job_spec/INSAR_ISCE_TEST.yml
-          #  default_max_vcpus: 1600
-          #  expanded_max_vcpus: 1600
-          #  required_surplus: 0
-          #  security_environment: ASF
-          #  ami_id: /aws/service/ecs/optimized-ami/amazon-linux-2/recommended/image_id
-
     environment:
       name: ${{ matrix.environment }}
       url: https://${{ matrix.domain }}

.github/workflows/deploy-enterprise.yml

@@ -0,0 +1,107 @@
+name: Deploy Enterprise Stacks to AWS
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - environment: hyp3-its-live
+            domain: hyp3-its-live.asf.alaska.edu
+            template_bucket: cf-templates-3o5lnspmwmzg-us-west-2
+            image_tag: latest
+            product_lifetime_in_days: 180
+            quota: 0
+            job_files: job_spec/AUTORIFT_ITS_LIVE.yml
+            default_max_vcpus: 2640
+            expanded_max_vcpus: 2640
+            required_surplus: 0
+            security_environment: JPL
+            ami_id: /aws/service/ecs/optimized-ami/amazon-linux-2/recommended/image_id
+
+          - environment: hyp3-autorift-eu
+            domain: hyp3-autorift-eu.asf.alaska.edu
+            template_bucket: cf-templates-autorift-eu-central-1
+            image_tag: latest
+            product_lifetime_in_days: 180
+            quota: 0
+            job_files: job_spec/AUTORIFT_ITS_LIVE_EU.yml
+            default_max_vcpus: 1600
+            expanded_max_vcpus: 1600
+            required_surplus: 0
+            security_environment: ASF
+            ami_id: /aws/service/ecs/optimized-ami/amazon-linux-2/recommended/image_id
+
+          - environment: hyp3-isce
+            domain: hyp3-isce.asf.alaska.edu
+            template_bucket: cf-templates-t790khv4btdq-us-west-2
+            image_tag: latest
+            product_lifetime_in_days: 180
+            quota: 0
+            job_files: job_spec/INSAR_ISCE.yml job_spec/INSAR_ISCE_TEST.yml
+            default_max_vcpus: 1600
+            expanded_max_vcpus: 1600
+            required_surplus: 0
+            security_environment: ASF
+            ami_id: /aws/service/ecs/optimized-ami/amazon-linux-2/recommended/image_id
+
+          - environment: hyp3-tibet
+            domain: hyp3-tibet.asf.alaska.edu
+            template_bucket: cf-templates-ejaipnrxq7xg-us-west-2
+            image_tag: latest
+            product_lifetime_in_days: 180
+            quota: 0
+            job_files: job_spec/INSAR_ISCE.yml job_spec/INSAR_ISCE_TEST.yml
+            default_max_vcpus: 1600
+            expanded_max_vcpus: 1600
+            required_surplus: 0
+            security_environment: ASF
+            ami_id: /aws/service/ecs/optimized-ami/amazon-linux-2/recommended/image_id
+
+    environment:
+      name: ${{ matrix.environment }}
+      url: https://${{ matrix.domain }}
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.V2_AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.V2_AWS_SECRET_ACCESS_KEY }}
+          aws-session-token: ${{ secrets.V2_AWS_SESSION_TOKEN }}
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - uses: actions/setup-python@v1
+        with:
+          python-version: 3.8
+
+      - uses: ./.github/actions/deploy-hyp3
+        with:
+          TEMPLATE_BUCKET:  ${{ matrix.template_bucket }}
+          STACK_NAME: ${{ matrix.environment }}
+          DOMAIN_NAME: ${{ matrix.domain }}
+          CERTIFICATE_ARN:  ${{ secrets.CERTIFICATE_ARN }}
+          IMAGE_TAG: ${{ matrix.image_tag }}
+          PRODUCT_LIFETIME: ${{ matrix.product_lifetime_in_days }}
+          VPC_ID: ${{ secrets.VPC_ID }}
+          SUBNET_IDS: ${{ secrets.SUBNET_IDS }}
+          EDL_USERNAME: ${{ secrets.EDL_USERNAME }}
+          EDL_PASSWORD: ${{ secrets.EDL_PASSWORD }}
+          CLOUDFORMATION_ROLE_ARN: ${{ secrets.CLOUDFORMATION_ROLE_ARN }}
+          MONTHLY_JOB_QUOTA_PER_USER: ${{ matrix.quota }}
+          JOB_FILES: ${{ matrix.job_files }}
+          BANNED_CIDR_BLOCKS: ${{ secrets.BANNED_CIDR_BLOCKS }}
+          DEFAULT_MAX_VCPUS: ${{ matrix.default_max_vcpus }}
+          EXPANDED_MAX_VCPUS: ${{ matrix.expanded_max_vcpus }}
+          MONTHLY_COMPUTE_BUDGET: ${{ secrets.MONTHLY_COMPUTE_BUDGET }}
+          REQUIRED_SURPLUS: ${{ matrix.required_surplus }}
+          PERMISSIONS_BOUNDARY_ARN: ${{ secrets.PERMISSIONS_BOUNDARY_ARN }}
+          SECURITY_ENVIRONMENT: ${{ matrix.security_environment }}
+          AMI_ID: ${{ matrix.ami_id }}

CHANGELOG.md

@@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.9.0]
+### Added
+- Add `processing_time_in_seconds` to the `job` API schema to allow plugin developers to check processing time.
+
 ## [2.8.4](https://github.com/ASFHyP3/hyp3/compare/v2.8.3...v2.8.4)
 ### Security
 - Encrypt Earthdata username and password using AWS Secrets Manager.

Makefile

@@ -1,12 +1,13 @@
 API = ${PWD}/apps/api/src
+CHECK_PROCESSING_TIME = ${PWD}/apps/check-processing-time/src
 GET_FILES = ${PWD}/apps/get-files/src
 PROCESS_NEW_GRANULES = ${PWD}/apps/process-new-granules/src
 SCALE_CLUSTER = ${PWD}/apps/scale-cluster/src
 START_EXECUTION = ${PWD}/apps/start-execution/src
 UPDATE_DB = ${PWD}/apps/update-db/src
 UPLOAD_LOG = ${PWD}/apps/upload-log/src
 DYNAMO = ${PWD}/lib/dynamo
-export PYTHONPATH = ${API}:${GET_FILES}:${PROCESS_NEW_GRANULES}:${SCALE_CLUSTER}:${START_EXECUTION}:${UPDATE_DB}:${UPLOAD_LOG}:${DYNAMO}
+export PYTHONPATH = ${API}:${CHECK_PROCESSING_TIME}:${GET_FILES}:${PROCESS_NEW_GRANULES}:${SCALE_CLUSTER}:${START_EXECUTION}:${UPDATE_DB}:${UPLOAD_LOG}:${DYNAMO}
 
 
 build: render
@@ -35,7 +36,7 @@ render:
 static: flake8 openapi-validate cfn-lint
 
 flake8:
-	flake8 --max-line-length=120 --import-order-style=pycharm --statistics --application-import-names hyp3_api,get_files,start_execution,update_db,upload_log,dynamo,process_new_granules,scale_cluster apps tests lib
+	flake8 --max-line-length=120 --import-order-style=pycharm --statistics --application-import-names hyp3_api,get_files,check_processing_time,start_execution,update_db,upload_log,dynamo,process_new_granules,scale_cluster apps tests lib
 
 openapi-validate: render
 	prance validate --backend=openapi-spec-validator apps/api/src/hyp3_api/api-spec/openapi-spec.yml

apps/api/src/hyp3_api/api-spec/openapi-spec.yml

@@ -426,6 +426,8 @@ components:
           $ref: "#/components/schemas/list_of_urls"
         expiration_time:
           $ref: "#/components/schemas/datetime"
+        processing_time_in_seconds:
+          $ref: "#/components/schemas/processing_time_in_seconds"
         priority:
           $ref: "#/components/schemas/priority"
 
@@ -523,6 +525,14 @@ components:
       minimum: 0
       maximum: 9999
 
+    processing_time_in_seconds:
+      description: >
+        Run time in seconds for the final processing attempt (regardless of whether it succeeded). A value of zero
+        likely indicates that the job failed before reaching the processing step, although it may also indicate that the
+        job failed after reaching the processing step but before calculating the processing time.
+      type: number
+      minimum: 0
+
   securitySchemes:
     EarthDataLogin:
       description: |-

apps/check-processing-time/check-processing-time-cf.yml.j2

@@ -0,0 +1,83 @@
+AWSTemplateFormatVersion: 2010-09-09
+
+Parameters:
+
+  PermissionsBoundaryPolicyArn:
+    Type: String
+
+  SecurityGroupId:
+    Type: String
+
+  SubnetIds:
+    Type: CommaDelimitedList
+
+Conditions:
+
+  UsePermissionsBoundary: !Not [!Equals [!Ref PermissionsBoundaryPolicyArn, ""]]
+
+  LambdasInVpc: !Not [!Equals [!Ref SecurityGroupId, ""]]
+
+Outputs:
+
+  LambdaArn:
+    Value: !GetAtt Lambda.Arn
+
+Resources:
+
+  LogGroup:
+    Type: AWS::Logs::LogGroup
+    Properties:
+      LogGroupName: !Sub "/aws/lambda/${Lambda}"
+      RetentionInDays: 90
+
+  Role:
+    Type: {{ 'Custom::JplRole' if security_environment == 'JPL' else 'AWS::IAM::Role' }}
+    Properties:
+      {% if security_environment == 'JPL' %}
+      ServiceToken: !ImportValue Custom::JplRole::ServiceToken
+      Path: /account-managed/hyp3/
+      {% endif %}
+      AssumeRolePolicyDocument:
+        Version: 2012-10-17
+        Statement:
+          Action: sts:AssumeRole
+          Principal:
+            Service: lambda.amazonaws.com
+          Effect: Allow
+      PermissionsBoundary: !If [UsePermissionsBoundary, !Ref PermissionsBoundaryPolicyArn, !Ref AWS::NoValue]
+      ManagedPolicyArns:
+        - !If [LambdasInVpc, arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole, !Ref AWS::NoValue]
+        - !Ref Policy
+
+  Policy:
+    Type: {{ 'Custom::JplPolicy' if security_environment == 'JPL' else 'AWS::IAM::ManagedPolicy' }}
+    Properties:
+      {% if security_environment == 'JPL' %}
+      ServiceToken: !ImportValue Custom::JplPolicy::ServiceToken
+      Path: /account-managed/hyp3/
+      {% endif %}
+      PolicyDocument:
+        Version: 2012-10-17
+        Statement:
+          - Effect: Allow
+            Action:
+              - logs:CreateLogStream
+              - logs:PutLogEvents
+            Resource: !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*"
+
+  Lambda:
+    Type: AWS::Lambda::Function
+    Properties:
+      Code: src/
+      Handler: check_processing_time.lambda_handler
+      MemorySize: 128
+      Role: !GetAtt Role.Arn
+      Runtime: python3.8
+      Timeout: 30
+      VpcConfig:
+        !If
+          - LambdasInVpc
+          - SecurityGroupIds:
+              - !Ref SecurityGroupId
+            SubnetIds: !Ref SubnetIds
+          - !Ref AWS::NoValue

apps/check-processing-time/src/check_processing_time.py

@@ -0,0 +1,16 @@
+import json
+
+
+def get_time_from_attempts(attempts):
+    attempts.sort(key=lambda attempt: attempt['StartedAt'])
+    final_attempt = attempts[-1]
+    return (final_attempt['StoppedAt'] - final_attempt['StartedAt']) / 1000
+
+
+def lambda_handler(event, context):
+    results = event['processing_results']
+    if 'Attempts' in results:
+        attempts = results['Attempts']
+    else:
+        attempts = json.loads(results['Cause'])['Attempts']
+    return get_time_from_attempts(attempts)

apps/get-files/get-files-cf.yml.j2

@@ -7,7 +7,6 @@ Parameters:
 
   PermissionsBoundaryPolicyArn:
     Type: String
-    Default: ""
 
   SecurityGroupId:
     Type: String