Releases: nasa/cumulus
v18.3.3
Fixed
- CUMULUS-3824
- Changed the ECS docker storage driver to
overlay2
, sincedevicemapper
is removed in Docker Engine v25.0. - Removed
ecs_docker_storage_driver
property from cumulus module.
- Changed the ECS docker storage driver to
- CUMULUS-3836
- Terraform configuration for cleanExecutions now correctly configures ES_HOST and lambda security group
v18.3.2
[v18.3.2] 2024-07-24
Added
- CUMULUS-3700
- Added
volume_type
option toelasticsearch_config
in the
data-persistance
module to allow configuration of the EBS volume type for
Elasticsarch; default remainsgp2
.
- Added
- CUMULUS-3424
- Exposed
auto_pause
andseconds_until_auto_pause
variables in
cumulus-rds-tf
module to modifyaws_rds_cluster
scaling_configuration
- Exposed
- CUMULUS-3760
- Added guidance for handling large backlog of es executions
- CUMULUS-3742
- Script for dumping data into postgres database for testing and replicating issues
- CUMULUS-3385
- Added generate_db_executions to dump large scale postgres executions
Changed
- CUMULUS-3385
- updated cleanExecutions lambda to clean up postgres execution payloads
- updated cleanExecutions lambda with configurable limit to control for large size
- NDCUM-1051
- Modified addHyraxUrlToUmmG to test whether the provide Hyrax URL is already included in the metadata, and if so return the metadata unaltered.
- Modified addHyraxUrlToEcho10 to test whether the provide Hyrax URL is already included in the metadata, and if so return the metadata unaltered.
Fixed
- CUMULUS-3807
- Pinned @aws-sdk/client-s3 to 3.614 to address timeout/bug in s3().listObjectsV2
- CUMULUS-3787
- Fixed developer-side bug causing some ts errors to be swallowed in CI
- CUMULUS-3785
- Fixed
SftpProviderClient
not awaitingdecryptBase64String
with AWS KMS - Fixed method typo in
@cumulus/api/endpoints/dashboard.js
- Fixed
- CUMULUS-3385
- fixed cleanExecutions lambda to clean up elasticsearch execution payloads
- CUMULUS-3326
- Updated update-granules-cmr-metadata-file-links task to update the file size of the update metadata file and remove the invalidated checksum associated with this file.
v18.3.1
Migration Notes
CUMULUS-3433 Update to node.js v20
The following applies only to users with a custom value configured for
async_operation_image
:
-
As part of the node v20 update process, a new version (52) of the Core
async-operation container was published - cumuluss/async
operation The
default value forasync_operation_image
has been updated in thecumulus
module, however if you are using an internal image repository such as ECR,
please make sure to update your deployment configuration with the newly
provided image.Users making use of a custom image configuration should note the base image
for Core async operations must support node v20.x.
CUMULUS-3617 Migration of DLA messages should be performed after Cumulus is upgraded
Instructions for migrating old DLA (Dead Letter Archive) messages to new format:
YYYY-MM-DD
subfolders to organize by date- new top level fields for simplified search and analysis
- captured error message
To invoke the Lambda and start the DLA migration, you can use the AWS Console or CLI:
aws lambda invoke --function-name $PREFIX-migrationHelperAsyncOperation \
--payload $(echo '{"operationType": "DLA Migration"}' | base64) $OUTFILE
PREFIX
is your Cumulus deployment prefix.OUTFILE
(optional) is the filepath where the Lambda output will be saved.
The Lambda will trigger an Async Operation and return an id
such as:
{"id":"41c9fbbf-a031-4dd8-91cc-8ec2d8b5e31a","description":"Migrate Dead Letter Archive Messages",
"operationType":"DLA Migration","status":"RUNNING",
"taskArn":"arn:aws:ecs:us-east-1:AWSID:task/$PREFIX-CumulusECSCluster/123456789"}
which you can then query the Async Operations API
Endpoint for the
output or status of your request. If you want to directly observe the progress
of the migration as it runs, you can view the CloudWatch logs for your async
operations (e.g. PREFIX-AsyncOperationEcsLogs
).
CUMULUS-3779 async_operations Docker image version upgrade
The async-operation
Docker image has been updated to support Node v20 and aws-sdk
v3. Users of the image will need
to update to at least async-operations:52.
CUMULUS-3776 cumulus-ecs-task Docker image version upgrade
The cumulus-ecs-task
Docker image has been updated to support Node v20 and aws-sdk
v3. Users of the image will need
to update to at least cumulus-ecs-task:2.1.0.
Breaking Changes
-
CUMULUS-3618
- Modified @cumulus/es-client/search.BaseSearch:
- Removed static class method
es
in favor of new class for managing
elasticsearch clientsEsClient
which allows for credential
refresh/reset. Updated api/es-client code to
utilize new pattern. Users making use of @cumulus/es-client should
update their code to make use of the new EsClient create/initialize pattern. - Added helper method getEsClient to encapsulate logic to create/initialize
a new EsClient.
- Removed static class method
- Modified @cumulus/es-client/search.BaseSearch:
-
CUMULUS-2889
- Removed unused CloudWatch Logs AWS SDK client. This change removes the CloudWatch Logs
client from the@cumulus/aws-client
package.
- Removed unused CloudWatch Logs AWS SDK client. This change removes the CloudWatch Logs
-
CUMULUS-2890
- Removed unused CloudWatch AWS SDK client. This change removes the CloudWatch client
from the@cumulus/aws-client
package.
- Removed unused CloudWatch AWS SDK client. This change removes the CloudWatch client
-
CUMULUS-3323
- Updated
@cumulus/db
to by default set thessl
option for knex, and
reject non-SSL connections via use of therejectUnauthorized
configuration
flag. This causes all Cumulus database connections to require SSL (CA or
self-signed) and reject connectivity if the database does not provide SSL.
Users using serverless v1/cumulus-rds-tf
should not be impacted by this
change as certs are provided by default. Users using databases that do not
provide SSL should update their database secret with the optional value
disableSSL
set totrue
- Updated
cumulus-rds-tf
to setrds.force_ssl
to1
, forcing SSL enabled
connections in thedb_parameters
configuration. Users of this module
defining their owndb_parameters
should make this configuration change to allow only SSL
connections to the RDS datastore.
- Updated
-
CUMULUS-2897
- Removed unused Systems Manager AWS SDK client. This change removes the Systems Manager client
from the@cumulus/aws-client
package.
- Removed unused Systems Manager AWS SDK client. This change removes the Systems Manager client
-
CUMULUS-3779
- Updates async_operations Docker image to Node v20 and bumps its cumulus dependencies to v18.3.0 to
supportaws-sdk
v3 changes.
- Updates async_operations Docker image to Node v20 and bumps its cumulus dependencies to v18.3.0 to
Added
- CUMULUS-3614
tf-modules/monitoring
module now deploys Glue table for querying dead-letter-archive messages.
- CUMULUS-3616
- Added user guide on querying dead-letter-archive messages using AWS Athena.
- CUMULUS-3433
- Added
importGot
helper method to importgot
as an ESM module in
CommmonJS typescript/webpack clients.
- Added
- CUMULUS-3606
- Updated with additional documentation covering tunneling configuration
using a PKCS11 provider
- Updated with additional documentation covering tunneling configuration
Changed
- CUMULUS-3735
- Remove unused getGranuleIdsForPayload from
@cumulus/api/lib
- Remove unused getGranuleIdsForPayload from
- CUMULUS-3746
- cicd unit test error log changed to environment unique name
- CUMULUS-3717
- Update
@cumulus/ingest/HttpProviderClient
to use direct injection test mocks, and remove rewire from unit tests
- Update
- CUMULUS-3720
- add cicd unit test error logging to s3 for testing improvements
- CUMULUS-3433
- Updated all node.js lambda dependencies to node 20.x/20.12.2
- Modified
@cumulus/ingest
unit test HTTPs server to accept localhost POST
requests, and removed nock dependency from tests involvingfs.Readstream
andgot
due to a likely incompatibility with changes in node v18,got
,
fs.Readstream and nock when used in combination in units
(sindresorhus/got#2341) - Updated
got
dependency in@cumulus/ingest
to use@cumulus/common
dynamic import helper /got
> v10 in CommonJS. - Updated all Core lambdas to use cumulus-message-adapter-js v2.2.0
- CUMULUS-3629
- dla guarantees de-nested SQS message bodies, preferring outermost metadata as found.
- dla uses execution Name as filename and ensures no ':' or '/' characters in name
- CUMULUS-3570
- Updated Kinesis docs to support latest AWS UI and recommend server-side encryption.
- CUMULUS-3519
- Updates SQS and SNS code to AWS SDK V3 Syntax
- CUMULUS-3609
- Adds dla-migration lambda to async-operations to be used for updating existing DLA records
- Moved hoistCumulusMessageDetails function from write-db-dlq-records-to-s3 lambda to @cumulus/message/DeadLetterMessage
- CUMULUS-3613
- Updated writeDbRecordsDLQtoS3 lambda to write messages to
YYYY-MM-DD
subfolder of S3 dead letter archive.
- Updated writeDbRecordsDLQtoS3 lambda to write messages to
- CUMULUS-3518
- Update existing usage of
@cumulus/aws-client
lambda service to use AWS SDK v3send
syntax - Update Discover Granules lambda default memory to 1024 MB
- Update existing usage of
- CUMULUS-3600
- Update docs to clarify CloudFront HTTPS DIT requirements.
- CUMULUS-2892
- Updates
aws-client
's EC2 client to use AWS SDK v3.
- Updates
- CUMULUS-2896
- Updated Secrets Manager code to AWS SDK v3.
- CUMULUS-2901
- Updated STS code to AWS SDK v3.
- CUMULUS-2898
- Update Step Functions code to AWS SDK v3
- CUMULUS-2902
- Removes
aws-sdk
fromes-client
package by replacing credential fetching with
the@aws-sdk/credential-providers
AWS SDK v3 package. - Removes
aws-sdk
from all cumulus packages and replaces usages with AWS SDK v3 clients.
- Removes
- CUMULUS-3456
- Added stateMachineArn, executionArn, collectionId, providerId, granules, status, time, and error fields to Dead Letter Archive message
- Added cumulusError field to records in sfEventSqsToDbRecordsDeadLetterQueue
- CUMULUS-3323
- Added
disableSSL
as a valid database secret key - setting this in your database credentials will
disable SSL for all Core database connection attempts. - Added
rejectUnauthorized
as a valid database secret key - setting
this tofalse
in your database credentials will allow self-signed certs/certs with an unrecognized authority. - Updated the default parameter group for
cumulus-rds-tf
to setforce_ssl
to 1. This setting for the Aurora Serverless v1 database disallows non-SSL
connections to the database, and is intended to help enforce security
compliance rules. This update can be opted-out by supplying a non-default
db_parameters
set in the terraform configuration.
- Added
- CUMULUS-3425
- Update
@cumulus/lzards-backup
task to either respect thelzards_provider
terraform configuration value or utilizelzardsProvider
as part of the task
workflow configuration - Minor refactor of
@cumulus/lzards-api-client
to:- Use proper ECMAScript import for
@cumulus/launchpad-auth
- Update incorrect docstring
- Use proper ECMAScript import for
- Update
- CUMULUS-3497
- Updated
example/cumulus-tf/orca.tf
to use v9.0.4
- Updated
- CUMULUS-3610
- Updated
aws-client
's ES client to use AWS SDK v3.
- Updated
- CUMULUS-3617
- Added lambdas to migrate DLA messages to
YYYY-MM-DD
subfolder - Updated
@cumulus/aws-client/S3/recursivelyDeleteS3Bucket
to handle bucket with more than 1000 objects.
- Added lambdas to migrate DLA messages to
- *...
v18.2.2
[v18.2.2] 2024-06-4
Migration Notes
CUMULUS-3591 - SNS topics set to use encrypted storage
As part of the requirements for this ticket Cumulus Core created SNS topics are
being updated to use server-side encryption with an AWS managed key. No user
action is required, this note is being added to increase visibility re: this
modification.
Changed
- CUMULUS-3591
- Enable server-side encryption for all SNS topcis deployed by Cumulus Core
- Update all integration/unit tests to use encrypted SNS topics
Fixed
- CUMULUS-3547
- Updated ECS Cluster
/dev/xvdcz
EBS volumes so they're encrypted.
- Updated ECS Cluster
- CUMULUS-3527
- Added suppport for additional kex algorithms in the sftp-client.
- CUMULUS-3587
- Ported https://github.com/scottcorgan/express-boom into API/lib to allow
updates of sub-dependencies and maintain without refactoring errors in
API/etc wholesale - Addresses CVE-2020-36604
- Ported https://github.com/scottcorgan/express-boom into API/lib to allow
- CUMULUS-3673
- Fixes Granules API so that paths containing a granule and/or collection ID properly URI encode the ID.
- Audit Issues
- Addressed CVE-2023-45133 by
updating babel packages and .babelrc
- Addressed CVE-2023-45133 by
v16.1.5
Release v16.1.5
[v16.1.5] 2024-05-09 [BACKPORT]
Please note changes in 16.1.5 may not yet be released in future versions, as this
is a backport/patch release on the 16.x series of releases. Updates that are
included in the future will have a corresponding CHANGELOG entry in future releases.
Fixed
CUMULUS-3721
-
Update lambda:GetFunctionConfiguration policy statement to fix error related to resource naming.
CUMULUS-3527 -
Added support for additional kex algorithms in the sftp-client.
v18.2.1
Release v18.2.1
[v18.2.1] 2024-05-08
Please note changes in 18.2.1 may not yet be released in future versions, as this
is a backport/patch release on the 18.2.x series of releases. Updates that are
included in the future will have a corresponding CHANGELOG entry in future releases.
Fixed
- CUMULUS-3721
- Update lambda:GetFunctionConfiguration policy statement to fix error related to resource naming
- CUMULUS-3701
- Updated
@cumulus/api
to no longer improperly pass PATCH/PUT null values to Eventbridge rules
- Updated
v18.2.0-3721
Hotfix v18.2.0-3721
Note: This release is a hotfix intended to address the issues noted in CUMULUS-3721 as a direct patch to release 18.2.0. Users are advised to wait for a formal release on the 18.2.x release series and forward versions unless this issue directly impacts them.
- CUMULUS-3721
- Update lambda:GetFunctionConfiguration policy statement to fix error related to resource naming
v16.1.4
[v16.1.4] 2024-4-23 [BACKPORT]
Migration Notes
For the v16.1 release series, Cumulus Core will be tested against PostgreSQL v13. Users
should migrate their datastores to Aurora PostgreSQL 13.12+ compatible data
stores as soon as possible after upgrading to this release.
IMPORTANT -- When upgrading from v16.1.x users should update to a release
following 18.2.0/the first forward release supporting Postgres v13, as versions
between 16.1.x and 18.2.x+ are unsupported on Aurora Postgres v13.
Database Upgrade
Users utilizing the cumulus-rds-tf
module should reference cumulus-rds-tf
upgrade
instructions.
Changed
- CUMULUS-3564
- Update webpack configuration to explicitly disable chunking
- CUMULUS-3444
- Update
cumulus-rds-tf
module to take additional parameters in support of
migration from Aurora PostgreSQl v11 to v13. See Migration Notes for more details.
- Update
- CUMULUS-3547
- Updated ECS Cluster
/dev/xvdcz
EBS volumes so they're encrypted.
- Updated ECS Cluster
Fixed
- CUMULUS-3673
- Fixes Granules API so that paths containing a granule and/or collection ID properly URI encode the ID.
v18.2.0
[v18.2.0] 2024-02-02
Migration Notes
From this release forward, Cumulus Core will be tested against PostgreSQL v13. Users
should migrate their datastores to Aurora PostgreSQL 13.9+ compatible data
stores as soon as possible after upgrading to this release.
Database Upgrade
Users utilizing the cumulus-rds-tf
module should reference cumulus-rds-tf upgrade instructions.
Changed
- CUMULUS-3444
- Update
cumulus-rds-tf
module to take additional parameters in support of
migration from Aurora PostgreSQl v11 to v13. See Migration Notes for more details.
- Update
- CUMULUS-3564
- Update webpack configuration to explicitly disable chunking
- CUMULUS-2895
- Updated KMS code to aws sdk v3
- CUMULUS-2888
- Update CloudWatch Events code to AWS SDK v3
- CUMULUS-2893
- Updated Kinesis code to AWS SDK v3
- CUMULUS-3555
- Revert 3540, un-stubbing cmr facing tests
- Raise memory_size of ftpPopulateTestLambda to 512MB
- CUMULUS-2887
- Updated CloudFormation code to aws sdk v3
- CUMULUS-2899
- Updated SNS code to aws sdk v3
- CUMULUS_3499
- Update AWS-SDK dependency pin to "2.1490" to prevent SQS issue. Dependency
pin expected to be changed with the resolution to CUMULUS-2900
- Update AWS-SDK dependency pin to "2.1490" to prevent SQS issue. Dependency
- CUMULUS-2894
- Update Lambda code to AWS SDK v3
- CUMULUS-3432
- Update
cumulus-rds-tf
engine_version
to13.9
- Update
cumulus-rds-tf
parameter_group_family
toaurora-postgresql13
- Update development/local stack postgres image version to postgres:13.9-alpine
- Update
- CUMULUS-2900
- Update SQS code to AWS SDK v3
- CUMULUS-3352
- Update example project to use CMA v2.0.3 for integration testing
- Update example deployment to deploy cnmResponse lambda version
2.1.1-aplha.2-SNAPSHOT - Update example deployment to deploy cnmToGranule lambda
version 1.7.0-alpha.2-SNAPSHOT
- CUMULUS-3501
- Updated CreateReconciliationReport lambda to save report record to Elasticsearch.
- Created docker image cumuluss/async-operation:48 from v16.1.2, and used it as default async_operation_image.
- CUMULUS-3502
- Upgraded localstack to v3.0.0 to support recent aws-sdk releases and update unit tests.
- CUMULUS-3540
- stubbed cmr interfaces in integration tests allow integration tests to pass
- needed while cmr is failing to continue needed releases and progress
- this change should be reverted ASAP when cmr is working as needed again
Fixed
- CUMULUS-3177
- changed
_removeGranuleFromCmr
function for granulebulkDelete
to not throw an error and instead catch the error when the granule is not found in CMR
- changed
- CUMULUS-3293
- Process Dead Letter Archive is fixed to properly copy objects from
/sqs/
to/failed-sqs/
location
- Process Dead Letter Archive is fixed to properly copy objects from
- CUMULUS-3467
- Added
childWorkflowMeta
toQueueWorkflow
task configuration
- Added
- CUMULUS-3474
- Fixed overridden changes to
rules.buildPayload' to restore changes from ticket
CUMULUS-2969which limited the definition object to
nameand
arn` to
account for AWS character limits.
- Fixed overridden changes to
- CUMULUS-3479
- Fixed typo in s3-replicator resource declaration where
var.lambda_memory_size
is supposed to bevar.lambda_memory_sizes
- Fixed typo in s3-replicator resource declaration where
- CUMULUS-3510
- Fixed
@cumulus/api
validateAndUpdateSqsRule
method to allow 0 retries and 0 visibilityTimeout
in rule's meta. This fix from CUMULUS-2863 was not in release 16 and later.
- Fixed
- CUMULUS-3562
- updated crypto-js to 4.2.0
- updated aws-sdk/client-api-gateway to 3.499 to avoid older crypto-js dependency
v16.1.3
Release v16.1.3
[v16.1.3] 2024-1-15
Please note changes in 16.1.3 may not yet be released in future versions, as this
is a backport/patch release on the 16.x series of releases. Updates that are
included in the future will have a corresponding CHANGELOG entry in future releases.
Changed
- CUMULUS_3499
- Update AWS-SDK dependency pin to "2.1490" to prevent SQS issue. Dependency
pin expected to be changed with the resolution to CUMULUS-2900
- Update AWS-SDK dependency pin to "2.1490" to prevent SQS issue. Dependency
Fixed
- CUMULUS-3474
- Fixed overriden changes to
rules.buildPayload' to restore changes from ticket
CUMULUS-2969which limited the definition object to
nameand
arn` to
account for AWS character limits.
- Fixed overriden changes to
- CUMULUS-3501
- Updated CreateReconciliationReport lambda to save report record to Elasticsearch.
- Created docker image cumuluss/async-operation:48 from v16.1.2, and used it as default async_operation_image.
- CUMULUS-3510
- Fixed
@cumulus/api
validateAndUpdateSqsRule
method to allow 0 retries and 0 visibilityTimeout
in rule's meta. This fix from CUMULUS-2863 was not in release 16 and later.
- Fixed
- CUMULUS-3540
- stubbed cmr interfaces in integration tests allow integration tests to pass
- needed while cmr is failing to continue needed releases and progress
- this change should be reverted ASAP when cmr is working as needed again