support latest in distribution build urls

[tianleh]

Signed-off-by: Tianle Huang [email protected]

Description

Add the logic to scan S3 bucket to get the max build number. The version and bucket name are hardcoded for demo purpose. Also move the Lambda function logic to a local js file instead of inline code.

Issues Resolved

#1492

Test

able to get the max build number in my test account.
INFO maxBuildNumber 21

The S3 structure is similar to distribution bucket.

Check List

• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[peternied]

Thanks for sharing, good progress on this space.

Do you know why the package-lock.json change is so big? I wouldn't expect much of any change to it.

[kavilla]

Will this enable us to hit latest plugins as well?

[tianleh]

Will this enable us to hit latest plugins as well?

This feature will only replace the latest with the max build number. Thus whatever it has with the build number shall still work with the latest keyword.

[codecov-commenter]

Codecov Report

Merging #1569 (9fea470) into main (986736d) will decrease coverage by 0.01%.
The diff coverage is 100.00%.

@@             Coverage Diff              @@
##               main    #1569      +/-   ##
============================================
- Coverage     94.62%   94.61%   -0.02%     
  Complexity       14       14              
============================================
  Files           164      165       +1     
  Lines          3459     3489      +30     
  Branches         21       25       +4     
============================================
+ Hits           3273     3301      +28     
- Misses          183      185       +2     
  Partials          3        3              

Impacted Files	Coverage Δ
...loyment/lambdas/cf-url-rewriter/cf-url-rewriter.ts	100.00% <100.00%> (+50.00%)	⬆️
deployment/lambdas/cf-url-rewriter/https-get.ts	100.00% <100.00%> (ø)
src/system/temporary_directory.py	83.87% <0.00%> (-12.91%)	⬇️
src/system/os.py	92.30% <0.00%> (-7.70%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 986736d...9fea470. Read the comment docs.

[tianleh]

Experiment a bit about this comment about pagination support #1569 (comment)

I wrote a script to put >1K objects under a version ("1.7.1") in my personal AWS account to simulate the situation where distribution build generates more than 1K builds for a version.

Without making the change to support pagination, I run the Lambda function and can indeed see the limitation of ListObjectsV2 API about CommonPrefixes field as documented https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html#AmazonS3-ListObjectsV2-response-CommonPrefixes

After my change, I am able to see the full result being retrieved. The CloudWatch log snippet shows:

[tianleh]

Added the logic to upload index.yml but it failed with the following S3 exception.

com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied;

[tianleh]

Added the logic to upload index.yml but it failed with the following S3 exception.

com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied;

Created a Github issue to track the S3 permission which could be worked in parallel. #1601

I temporarily upload to $BUCKET/distribution-build-opensearch/1.2.4/dist instead of $BUCKET/distribution-build-opensearch/1.2.4 to continue working of this PR.

[tianleh]

Tuning the Lambda function to get latest replaced by a build number in my personal AWS account.

request.uri = request.uri.replace('latest', '147');

The one with real number works
d271n53yru5cr7.cloudfront.net/distribution-build-opensearch/2.0.0/147/test.png

But the latest one is not
d271n53yru5cr7.cloudfront.net/distribution-build-opensearch/2.0.0/latest/test.png

Need to dig more why the Lambda is not working.

[seraphjiang]

is result cached by cloudfront cdn?

[tianleh]

is result cached by cloudfront cdn?

Thanks for the reminder. After digging more with @seraphjiang , the new logic needs to go through new version publish and deployment to Lambda@Edge to take effect. Now the latest url is working
https://d271n53yru5cr7.cloudfront.net/distribution-build-opensearch/2.0.0/latest/test.png

Next step: read yml to get the build number instead of hardcoding mapping latest to 147

[dblock]

I suggest redirecting latest to an actual build number with a 302, which avoids the whole cloudfront caching business.

[peternied]

Today I had some time so I've created two PRs to help with this one, @tianleh please take a look at them and consider merging them or building off of them.

• Add permissions to upload index.yml files for the bundle role #3
• Switch url rewriter from js to typescipt #4

[tianleh]

I suggest redirecting latest to an actual build number with a 302, which avoids the whole cloudfront caching business.

Sure. I was able to make this happen in my Lambda.

https://d271n53yru5cr7.cloudfront.net/distribution-build-opensearch/2.0.0/latest/test.png

    const redirectResponse = {
          status: '302',
          statusDescription: 'Moved temporarily',
          headers: {
            'location': [{
              key: 'Location',
              value: request.uri.replace('latest', '151'),
            }],
            'cache-control': [{
              key: 'Cache-Control',
              value: "max-age=3600"
            }],
          },
      };

[tianleh]

experimenting on how to get the index.yml

Option 1: download (e.g use JavaScript library 'https') the yml file from the URL d271n53yru5cr7.cloudfront.net/distribution-build-opensearch/2.0.0/dist/index.yml to a Lambda local file system. Read the yml and get the build number.

Option 2: get the S3 keys from the url https://ci.opensearch.org/ci/dbc/distribution-build-opensearch/1.1.1/latest/linux/x64/dist/opensearch/manifest.yml However, we do not know the S3 bucket name. May need a way to figure this out.

[tianleh]

experimenting on how to get the index.yml

Option 1: download (e.g use JavaScript library 'https') the yml file from the URL d271n53yru5cr7.cloudfront.net/distribution-build-opensearch/2.0.0/dist/index.yml to a Lambda local file system. Read the yml and get the build number.

Option 2: get the S3 keys from the url https://ci.opensearch.org/ci/dbc/distribution-build-opensearch/1.1.1/latest/linux/x64/dist/opensearch/manifest.yml However, we do not know the S3 bucket name. May need a way to figure this out.

struggled with Option 1 to download from url. Based on my research, the https library cannot be promisified. https://stackoverflow.com/questions/65306617/async-await-for-node-js-https-get

Will try to see if there is other library to handle the file download.

[tianleh]

experimenting on how to get the index.yml
Option 1: download (e.g use JavaScript library 'https') the yml file from the URL d271n53yru5cr7.cloudfront.net/distribution-build-opensearch/2.0.0/dist/index.yml to a Lambda local file system. Read the yml and get the build number.
Option 2: get the S3 keys from the url https://ci.opensearch.org/ci/dbc/distribution-build-opensearch/1.1.1/latest/linux/x64/dist/opensearch/manifest.yml However, we do not know the S3 bucket name. May need a way to figure this out.

struggled with Option 1 to download from url. Based on my research, the https library cannot be promisified. https://stackoverflow.com/questions/65306617/async-await-for-node-js-https-get

Will try to see if there is other library to handle the file download.

Received the following error when tuning inside Lambda console. I suspect there is some version upgrade needed to support such in Lambda. Researching...

[tianleh]

Notes for reviewers:

1. This current PR contains another open PR fix failed jest by unifying cdk versions #1675 which is for fixing jest CI flow. I would like to have the related PR merged first before merging this PR.

2. Since our CI runs yarn https://github.com/opensearch-project/opensearch-build/runs/5355023313?check_suite_focus=true , I am also including deployment/yarn.lock in the commits.

[dblock]

I am good with this if @peternied is good with this.

[peternied]

Thank you for this change!

[peternied]

Can @opensearch-project/engineering-effectiveness update this PR after the change has been deployed?

I know there are a bunch of folks that would love to use 'latest' in their codebases.

[gaiksaya]

Can @opensearch-project/engineering-effectiveness update this PR after the change has been deployed?

I know there are a bunch of folks that would love to use 'latest' in their codebases.

Looking into it. Will update this PR once the change is deployed. Thanks!

[gaiksaya]

These changes have been deployed. @tianleh Can you check if it is working as expected?
Thanks!