Add unit tests to the CDK application stacks capturing current posture of CDK baseline applied against controls. Move over pre-commit config.

Author: Kyle Lilly

.gitignore

@@ -23,3 +23,9 @@ cdk.context.json
 .vscode
 .venv
 .DS_Store
+
+# Coverage Statistic Folders
+coverage
+
+# Model Cache Folders
+models

.pre-commit-config.yaml

@@ -0,0 +1,144 @@
+repos:
+- repo: local
+  hooks:
+    - id: verify-config
+      name: Verify config file
+      description: Verify config file to check if certain parameters are empty
+      entry: scripts/verify-config.sh
+      verbose: true
+      language: script
+      files: config.yaml
+
+- repo: https://github.com/PyCQA/bandit
+  rev: '1.7.5'
+  hooks:
+    - id: bandit
+      args: [--recursive, -c=pyproject.toml]
+      additional_dependencies: ['bandit[toml]']
+
+- repo: https://github.com/Yelp/detect-secrets
+  rev: v1.4.0
+  hooks:
+    - id: detect-secrets
+      exclude: (?x)^(
+        .*.ipynb|config.yaml
+        )$
+
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v4.5.0
+  hooks:
+    - id: check-json
+    - id: check-yaml
+    - id: check-case-conflict
+    - id: mixed-line-ending
+      args: ['--fix=lf']
+    - id: fix-byte-order-marker
+    - id: check-merge-conflict
+    - id: detect-private-key
+    - id: end-of-file-fixer
+    - id: trailing-whitespace
+
+- repo: https://github.com/codespell-project/codespell
+  rev: v2.2.6
+  hooks:
+    - id: codespell
+      entry: codespell
+      args: ['--skip=*.git*,*cdk.out*,*venv*,*mypy_cache*,*package-lock*,*node_modules*,*dist/*,*poetry.lock*,*coverage*', "-L=xdescribe"]
+      pass_filenames: false
+
+- repo: https://github.com/pre-commit/mirrors-prettier
+  rev: 'v3.0.3'
+  hooks:
+    - id: prettier
+      name: prettier-md
+      files: .*\.(ya?ml|json|md)$
+      exclude: ^node_modules/|config.yaml|^dist/
+
+    - id: prettier
+      name: prettier-ts
+      args: [--write, --config, .prettierrc]
+      files: \.(ts|tsx)$
+      exclude: ^node_modules/|^dist/
+
+- repo: https://github.com/pycqa/isort
+  rev: 5.12.0
+  hooks:
+    - id: isort
+      name: isort (python)
+
+- repo: https://github.com/ambv/black
+  rev: '23.10.1'
+  hooks:
+    - id: black
+
+- repo: https://github.com/charliermarsh/ruff-pre-commit
+  rev: 'v0.1.3'
+  hooks:
+    - id: ruff
+      args: [--exit-non-zero-on-fix]
+
+- repo: https://github.com/pycqa/flake8
+  rev: '6.1.0'
+  hooks:
+    - id: flake8
+      additional_dependencies:
+        - flake8-docstrings
+        - flake8-broken-line
+        - flake8-bugbear
+        - flake8-comprehensions
+        - flake8-debugger
+        - flake8-string-format
+      args:
+        - --docstring-convention=numpy
+        - --max-line-length=120
+        - --extend-immutable-calls=Query,fastapi.Depends,fastapi.params.Depends
+        - --ignore=B008 # Ignore error for function calls in argument defaults
+      exclude: ^(__init__.py$|.*\/__init__.py$)
+
+
+- repo: https://github.com/pre-commit/mirrors-mypy
+  rev: 'v1.6.1'
+  hooks:
+    - id: mypy
+      verbose: true
+      # mypy currently fails on the gitlab runner and also fails locally due to the mono
+      # repo nature of LISA and two "api" modules. This command will make it so mypy
+      # issues are reported but non-blocking
+      entry: bash -c 'mypy "$@" || true' --
+      args:
+        - --config-file=pyproject.toml
+        - --install-types
+        - --non-interactive
+      exclude: ^test
+
+- repo: https://github.com/pre-commit/mirrors-eslint
+  rev: 'v8.53.0'
+  hooks:
+    - id: eslint
+      files: \.[jt]sx?$
+      types: [file]
+      args:
+        - --max-warnings=10
+        - --fix
+
+- repo: https://github.com/Lucas-C/pre-commit-hooks
+  rev: v1.5.5
+  hooks:
+    - id: insert-license
+      files: \.[jt]sx?$  # *.js, *.jsx, *.ts and *.tsx
+      args:
+        - --license-filepath
+        - .precommit-license-header.txt        # defaults to: LICENSE.txt
+        - --comment-style
+        - /**| |*/        # defaults to:  #
+
+- repo: https://github.com/Lucas-C/pre-commit-hooks
+  rev: v1.5.5
+  hooks:
+    - id: insert-license
+      files: \.py$
+      args:
+        - --license-filepath
+        - .precommit-license-header.txt        # defaults to: LICENSE.txt
+        - --comment-style
+        - "#  "        # defaults to:  #

.precommit-license-header.txt

@@ -0,0 +1,13 @@
+Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License").
+You may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

CHANGELOG.md

@@ -13,8 +13,8 @@
 	- Customers can now configure LISA to use PGVector in addition or in place of OpenSearch for their RAG repository. LISA can connect to an existing RDS Postgres instance or one can be deployed as part of the LISA deployment.
 	- PGVector is now the "default" configuration in the `config.yaml` file as PGVector is considerably faster to deploy for demo/test purposes
 - [V1282894257] Improved support for custom DNS
-	- Customers can now specify a custom domain name for the LISA API Gateway as well as the LISA Serve REST ALB. If these values are set in the `config.yaml` file the UI will automaticaly use the correct pathing when making service requests without needing any additional code changes.
-- [V1282858379] Move advanced chat configuration options between a collapsable "Advanced configuration" sectoin
+	- Customers can now specify a custom domain name for the LISA API Gateway as well as the LISA Serve REST ALB. If these values are set in the `config.yaml` file the UI will automatically use the correct pathing when making service requests without needing any additional code changes.
+- [V1282858379] Move advanced chat configuration options between a collapsible "Advanced configuration" sectoin
 	- The chat "control panel" has been redesigned to hide the following items chat buffer, model kwargs, prompt template, and the metadata toggle
 - [V1282855530] Add support for Enterprise CDK PermissionBoundaryAspect and custom synthesizer
 	- Added new property to the `config.yaml` to allow customers to optionally specify a configuration for the PermissionBoundaryAspect. If counfigured the aspect will be applied to all stacks
@@ -27,9 +27,9 @@
 	- Default is now an `m5.large` however customers can use any instance type they wish although they may need to update `schema.ts` if the instance type isn't already listed there
 
 #### Bugs
-- [AIML-ADC-7604] Rag context not visibile in metadata until subsequent messages
+- [AIML-ADC-7604] Rag context not visible in metadata until subsequent messages
 	- This has been addressed by adding a dedicated `ragContext` property to the message metadata. The relevant documents including s3 key will now be visible when sending a message with a RAG repository and embedding model selected.
-- [V1283663967] Chat messages ocassionaly wrap
+- [V1283663967] Chat messages occasionally wrap
 	- Sometimes the model returns text that gets wrapped in ``<pre><code> </code></pre>``. The default style for this content now has word-wrap and word-break styles applied to prevent the message overflowing.
 
 #### Additional changes

jest.config.js

@@ -1,8 +1,25 @@
+/**
+  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+
+  Licensed under the Apache License, Version 2.0 (the "License").
+  You may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+*/
+
 module.exports = {
   testEnvironment: 'node',
   roots: ['<rootDir>/test'],
   testMatch: ['**/*.test.ts'],
   transform: {
     '^.+\\.tsx?$': 'ts-jest'
-  }
+  },
+  collectCoverage: true,
 };

lib/api-base/authorizer.ts

@@ -1,3 +1,19 @@
+/**
+  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+
+  Licensed under the Apache License, Version 2.0 (the "License").
+  You may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+*/
+
 import * as cdk from 'aws-cdk-lib';
 import { RequestAuthorizer, IdentitySource } from 'aws-cdk-lib/aws-apigateway';
 import { ISecurityGroup, IVpc } from 'aws-cdk-lib/aws-ec2';
@@ -25,7 +41,7 @@ interface AuthorizerProps extends BaseProps {
 /**
  * Lambda Authorizer Construct.
  */
-export class Authorizer extends Construct {
+export class CustomAuthorizer extends Construct {
   /** Authorizer Lambda */
   public readonly authorizer: RequestAuthorizer;
 

lib/core/api_base.ts

@@ -1,17 +1,34 @@
+/**
+  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+
+  Licensed under the Apache License, Version 2.0 (the "License").
+  You may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+*/
+
 import { Stack, StackProps } from 'aws-cdk-lib';
-import { Cors, EndpointType, IAuthorizer, RestApi, StageOptions } from 'aws-cdk-lib/aws-apigateway';
+import { Cors, EndpointType, Authorizer, RestApi, StageOptions } from 'aws-cdk-lib/aws-apigateway';
 import { IVpc } from 'aws-cdk-lib/aws-ec2';
 import { Construct } from 'constructs';
 
-import { Authorizer } from '../api-base/authorizer';
+import { CustomAuthorizer } from '../api-base/authorizer';
 import { BaseProps } from '../schema';
 
 interface LisaApiBaseStackProps extends BaseProps, StackProps {
   vpc: IVpc;
 }
 
 export class LisaApiBaseStack extends Stack {
-  public readonly authorizer: IAuthorizer;
+  public readonly restApi: RestApi;
+  public readonly authorizer: Authorizer;
   public readonly restApiId: string;
   public readonly rootResourceId: string;
   public readonly restApiUrl: string;
@@ -41,11 +58,12 @@ export class LisaApiBaseStack extends Stack {
     });
 
     // Create the authorizer Lambda for APIGW
-    const authorizer = new Authorizer(this, 'LisaApiAuthorizer', {
+    const authorizer = new CustomAuthorizer(this, 'LisaApiAuthorizer', {
       config: config,
       vpc,
     });
 
+    this.restApi = restApi;
     this.restApiId = restApi.restApiId;
     this.rootResourceId = restApi.restApiRootResourceId;
     this.authorizer = authorizer.authorizer;

package-lock.json

@@ -15,6 +15,7 @@
     "@aws-sdk/client-iam": "^3.490.0",
     "@aws-cdk/aws-lambda-python-alpha": "2.125.0-alpha.0",
     "@cdklabs/cdk-enterprise-iac": "^0.0.400",
+    "@types/jest": "^29.5.12",
     "@types/js-yaml": "^4.0.5",
     "@types/node": "20.5.3",
     "@typescript-eslint/eslint-plugin": "^6.7.0",