Merge pull request #261 from aws-samples/v1.6.0_spy

add index init

application/main.py

@@ -24,6 +24,9 @@
 async def http_authenticate(request: Request, call_next):
     # print('---HTTP REQUEST---', vars(request), request.headers)
 
+    if request.url.path == "/":
+        return await call_next(request)
+
     if request.method == "OPTIONS":
         response = Response(status_code=status.HTTP_200_OK)
         response.headers["Access-Control-Allow-Origin"] = "*"

application/nlq/data_access/dynamo_connection.py

@@ -50,7 +50,7 @@ def to_dict(self):
     def get_secrets_manager_name(self):
         """Generate a random Secrets Manager name"""
         random_str = ''.join(random.choices(string.ascii_letters + string.digits, k=8))
-        return f"{self.conn_name}-{random_str}"
+        return f"GenBI-{self.conn_name}-{random_str}"
 
 
 class ConnectConfigDao:

application/nlq/data_access/opensearch_query_log.py

@@ -46,8 +46,8 @@ def __init__(self):
                                                                opensearch_info["port"],
                                                                opensearch_info["username"], opensearch_info["password"],
                                                                opensearch_info["region"])
-        if not self.exists():
-            self.create_index()
+        # if not self.exists():
+        #     self.create_index()
 
     def exists(self):
         is_exist = check_opensearch_index(self.opensearch_client, QUERY_LOG_TABLE_NAME)

application/utils/auth.py

@@ -78,6 +78,11 @@ def authenticate(access_token, id_token, refresh_token):
     if refresh_token and refresh_token.startswith("Bearer "):
         refresh_token = refresh_token[len("Bearer "):]
 
+    if access_token is None or id_token is None or refresh_token is None:
+        response = {}
+        response['X-Status-Code'] = status.HTTP_401_UNAUTHORIZED
+        return response
+
     if len(access_token.strip()) < 2 or len(id_token.strip()) < 2 or len(refresh_token.strip()) < 2:
         response = {}
         response['X-Status-Code'] = status.HTTP_401_UNAUTHORIZED

application/utils/env_var.py

@@ -115,4 +115,6 @@ def get_bedrock_parameter():
     'embedding_dimension': EMBEDDING_DIMENSION
 }
 
+query_log_name = os.getenv("QUERY_LOG_INDEX_NAME", "genbi_query_logging")
+
 bedrock_ak_sk_info = get_bedrock_parameter()

application/utils/opensearch.py

@@ -3,7 +3,7 @@
 from opensearchpy.helpers import bulk
 import logging
 from utils.llm import create_vector_embedding_with_bedrock, create_vector_embedding_with_sagemaker
-from utils.env_var import opensearch_info, SAGEMAKER_ENDPOINT_EMBEDDING, AOS_INDEX_NER
+from utils.env_var import opensearch_info, SAGEMAKER_ENDPOINT_EMBEDDING, AOS_INDEX_NER, query_log_name
 
 logger = logging.getLogger(__name__)
 
@@ -319,6 +319,47 @@ def update_index_mapping(opensearch_client, index_name, dimension):
     return bool(response['acknowledged'])
 
 
+def create_log_index(opensearch_client):
+    mapping = {
+        "mappings": {
+            "properties": {
+                "log_id": {
+                    "type": "keyword"
+                },
+                "profile_name": {
+                    "type": "keyword"
+                },
+                "user_id": {
+                    "type": "keyword"
+                },
+                "session_id": {
+                    "type": "keyword"
+                },
+                "sql": {
+                    "type": "text"
+                },
+                "query": {
+                    "type": "text"
+                },
+                "intent": {
+                    "type": "keyword"
+                },
+                "log_info": {
+                    "type": "text"
+                },
+                "time_str": {
+                    "type": "date",
+                    "format": "yyyy-MM-dd HH:mm:ss"
+                },
+                "log_type": {
+                    "type": "keyword"
+                }
+            }
+        }
+    }
+    opensearch_client.indices.create(index="genbi_query_logging", body=mapping)
+
+
 def upload_results_to_opensearch(region_name, domain, opensearch_user, opensearch_password, index_name, query, sql,
                                  host='', port=443):
 
@@ -381,6 +422,10 @@ def opensearch_index_init():
                     logger.info(f"check index flag: {check_flag}")
                     if not check_flag:
                         update_index_mapping(opensearch_client, index_name, dimension)
+        exists = check_opensearch_index(opensearch_client, query_log_name)
+        if not exists:
+            logger.info("genbi_query_logging not exit")
+            create_log_index(opensearch_client)
         return index_create_success
     except Exception as e:
         logger.error("create index error")

source/resources/lib/ecs/ecs-stack.ts

@@ -122,11 +122,13 @@ export class ECSStack extends cdk.Stack {
         // Add secrets manager access policy
         const opensearchHostUrlSecretAccessPolicy = new iam.PolicyStatement({
             actions: [
-                "secretsmanager:GetSecretValue"
+                "secretsmanager:GetSecretValue",
+                "secretsmanager:CreateSecret",
             ],
             resources: [
                 `arn:${this.partition}:secretsmanager:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:secret:opensearch-host-url*`,
-                `arn:${this.partition}:secretsmanager:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:secret:opensearch-master-user*`
+                `arn:${this.partition}:secretsmanager:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:secret:opensearch-master-user*`,
+                `arn:${this.partition}:secretsmanager:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:secret:GenBI-*`
             ]
         });
         taskRole.addToPolicy(opensearchHostUrlSecretAccessPolicy);