Release v18.3.1 · nasa/cumulus

Migration Notes

CUMULUS-3433 Update to node.js v20

The following applies only to users with a custom value configured for
async_operation_image:

As part of the node v20 update process, a new version (52) of the Core
async-operation container was published - cumuluss/async
operation The
default value for async_operation_image has been updated in the cumulus
module, however if you are using an internal image repository such as ECR,
please make sure to update your deployment configuration with the newly
provided image.

Users making use of a custom image configuration should note the base image
for Core async operations must support node v20.x.

CUMULUS-3617 Migration of DLA messages should be performed after Cumulus is upgraded

Instructions for migrating old DLA (Dead Letter Archive) messages to new format:

YYYY-MM-DD subfolders to organize by date
new top level fields for simplified search and analysis
captured error message

To invoke the Lambda and start the DLA migration, you can use the AWS Console or CLI:

aws lambda invoke --function-name $PREFIX-migrationHelperAsyncOperation \
  --payload $(echo '{"operationType": "DLA Migration"}' | base64) $OUTFILE

PREFIX is your Cumulus deployment prefix.
OUTFILE (optional) is the filepath where the Lambda output will be saved.

The Lambda will trigger an Async Operation and return an id such as:

{"id":"41c9fbbf-a031-4dd8-91cc-8ec2d8b5e31a","description":"Migrate Dead Letter Archive Messages",
"operationType":"DLA Migration","status":"RUNNING",
"taskArn":"arn:aws:ecs:us-east-1:AWSID:task/$PREFIX-CumulusECSCluster/123456789"}

which you can then query the Async Operations API
Endpoint for the
output or status of your request. If you want to directly observe the progress
of the migration as it runs, you can view the CloudWatch logs for your async
operations (e.g. PREFIX-AsyncOperationEcsLogs).

CUMULUS-3779 async_operations Docker image version upgrade

The async-operation Docker image has been updated to support Node v20 and aws-sdk v3. Users of the image will need
to update to at least async-operations:52.

CUMULUS-3776 cumulus-ecs-task Docker image version upgrade

The cumulus-ecs-task Docker image has been updated to support Node v20 and aws-sdk v3. Users of the image will need
to update to at least cumulus-ecs-task:2.1.0.

Breaking Changes

CUMULUS-3618
- Modified @cumulus/es-client/search.BaseSearch:
  - Removed static class method es in favor of new class for managing
    elasticsearch clients EsClient which allows for credential
    refresh/reset. Updated api/es-client code to
    utilize new pattern. Users making use of @cumulus/es-client should
    update their code to make use of the new EsClient create/initialize pattern.
  - Added helper method getEsClient to encapsulate logic to create/initialize
    a new EsClient.
CUMULUS-2889
- Removed unused CloudWatch Logs AWS SDK client. This change removes the CloudWatch Logs
  client from the @cumulus/aws-client package.
CUMULUS-2890
- Removed unused CloudWatch AWS SDK client. This change removes the CloudWatch client
  from the @cumulus/aws-client package.
CUMULUS-3323
- Updated @cumulus/db to by default set the ssl option for knex, and
  reject non-SSL connections via use of the rejectUnauthorized configuration
  flag. This causes all Cumulus database connections to require SSL (CA or
  self-signed) and reject connectivity if the database does not provide SSL.
  Users using serverless v1/cumulus-rds-tf should not be impacted by this
  change as certs are provided by default. Users using databases that do not
  provide SSL should update their database secret with the optional value
  disableSSL set to true
- Updated cumulus-rds-tf to set rds.force_ssl to 1, forcing SSL enabled
  connections in the db_parameters configuration. Users of this module
  defining their own db_parameters should make this configuration change to allow only SSL
  connections to the RDS datastore.
CUMULUS-2897
- Removed unused Systems Manager AWS SDK client. This change removes the Systems Manager client
  from the @cumulus/aws-client package.
CUMULUS-3779
- Updates async_operations Docker image to Node v20 and bumps its cumulus dependencies to v18.3.0 to
  support aws-sdk v3 changes.

Added

CUMULUS-3614
- tf-modules/monitoring module now deploys Glue table for querying dead-letter-archive messages.
CUMULUS-3616
- Added user guide on querying dead-letter-archive messages using AWS Athena.
CUMULUS-3433
- Added importGot helper method to import got as an ESM module in
  CommmonJS typescript/webpack clients.
CUMULUS-3606
- Updated with additional documentation covering tunneling configuration
  using a PKCS11 provider

Changed

CUMULUS-3735
- Remove unused getGranuleIdsForPayload from @cumulus/api/lib
CUMULUS-3746
- cicd unit test error log changed to environment unique name
CUMULUS-3717
- Update @cumulus/ingest/HttpProviderClient to use direct injection test mocks, and remove rewire from unit tests
CUMULUS-3720
- add cicd unit test error logging to s3 for testing improvements
CUMULUS-3433
- Updated all node.js lambda dependencies to node 20.x/20.12.2
- Modified @cumulus/ingest unit test HTTPs server to accept localhost POST
  requests, and removed nock dependency from tests involving fs.Readstream
  and got due to a likely incompatibility with changes in node v18, got,
  fs.Readstream and nock when used in combination in units
  (sindresorhus/got#2341)
- Updated got dependency in @cumulus/ingest to use @cumulus/common
  dynamic import helper / got > v10 in CommonJS.
- Updated all Core lambdas to use cumulus-message-adapter-js v2.2.0
CUMULUS-3629
- dla guarantees de-nested SQS message bodies, preferring outermost metadata as found.
- dla uses execution Name as filename and ensures no ':' or '/' characters in name
CUMULUS-3570
- Updated Kinesis docs to support latest AWS UI and recommend server-side encryption.
CUMULUS-3519
- Updates SQS and SNS code to AWS SDK V3 Syntax
CUMULUS-3609
- Adds dla-migration lambda to async-operations to be used for updating existing DLA records
- Moved hoistCumulusMessageDetails function from write-db-dlq-records-to-s3 lambda to @cumulus/message/DeadLetterMessage
CUMULUS-3613
- Updated writeDbRecordsDLQtoS3 lambda to write messages to YYYY-MM-DD subfolder of S3 dead letter archive.
CUMULUS-3518
- Update existing usage of @cumulus/aws-client lambda service to use AWS SDK v3 send syntax
- Update Discover Granules lambda default memory to 1024 MB
CUMULUS-3600
- Update docs to clarify CloudFront HTTPS DIT requirements.
CUMULUS-2892
- Updates aws-client's EC2 client to use AWS SDK v3.
CUMULUS-2896
- Updated Secrets Manager code to AWS SDK v3.
CUMULUS-2901
- Updated STS code to AWS SDK v3.
CUMULUS-2898
- Update Step Functions code to AWS SDK v3
CUMULUS-2902
- Removes aws-sdk from es-client package by replacing credential fetching with
  the @aws-sdk/credential-providers AWS SDK v3 package.
- Removes aws-sdk from all cumulus packages and replaces usages with AWS SDK v3 clients.
CUMULUS-3456
- Added stateMachineArn, executionArn, collectionId, providerId, granules, status, time, and error fields to Dead Letter Archive message
- Added cumulusError field to records in sfEventSqsToDbRecordsDeadLetterQueue
CUMULUS-3323
- Added disableSSL as a valid database secret key - setting this in your database credentials will
  disable SSL for all Core database connection attempts.
- Added rejectUnauthorized as a valid database secret key - setting
  this to false in your database credentials will allow self-signed certs/certs with an unrecognized authority.
- Updated the default parameter group for cumulus-rds-tf to set force_ssl
  to 1. This setting for the Aurora Serverless v1 database disallows non-SSL
  connections to the database, and is intended to help enforce security
  compliance rules. This update can be opted-out by supplying a non-default
  db_parameters set in the terraform configuration.
CUMULUS-3425
- Update @cumulus/lzards-backup task to either respect the lzards_provider
  terraform configuration value or utilize lzardsProvider as part of the task
  workflow configuration
- Minor refactor of @cumulus/lzards-api-client to:
  - Use proper ECMAScript import for @cumulus/launchpad-auth
  - Update incorrect docstring
CUMULUS-3497
- Updated example/cumulus-tf/orca.tf to use v9.0.4
CUMULUS-3610
- Updated aws-client's ES client to use AWS SDK v3.
CUMULUS-3617
- Added lambdas to migrate DLA messages to YYYY-MM-DD subfolder
- Updated @cumulus/aws-client/S3/recursivelyDeleteS3Bucket to handle bucket with more than 1000 objects.
CUMULUS-2891
- Updated ECS code to aws sdk v3

Fixed

CUMULUS-3715
- Update ProvisionUserDatabase lambda to correctly pass in knex/node debug
  flags to knex custom code
CUMULUS-3721
- Update lambda:GetFunctionConfiguration policy statement to fix error related to resource naming
CUMULUS-3701
- Updated @cumulus/api to no longer improperly pass PATCH/PUT null values to Eventbridge rules
CUMULUS-3618
- Fixed @cumulus/es-client credentialing issue in instance where
  lambda/Fargate task runtime would exceed the timeout for the es-client. Added retry/credential
  refresh behavior to @cumulus/es-client/indexer.genericRecordUpdate to ensure record indexing
  does not fail in those instances.
- Updated index-from-database lambda to utilize updated es-client to prevent
  credentialing timeout in long-running ECS jobs.
CUMULUS-3323
- Minor edits to errant integration test titles (dyanmo->postgres)
AWS-SDK v3 Exclusion (v18.3.0 fix)*
- Excludes aws-sdk v3 from packages to reduce overall package size. With the requirement of Node v20
  packaging the aws-sdk v3 with our code is no longer necessary and prevented some packages from being
  published to npm.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

v18.3.1