call out to Octopus Imaging API from database-bridge-lambda in `cre…

…ateItem` mutation if the `type` is `imaging-request` (via direct lambda invocation)

cdk/lib/__snapshots__/stack.test.ts.snap

@@ -4007,6 +4007,39 @@ $util.toJson($ctx.result)",
                 "Endpoint",
               ],
             },
+            "OCTOPUS_API_LAMBDA_FUNCTION_NAME": Object {
+              "Fn::Select": Array [
+                6,
+                Object {
+                  "Fn::Split": Array [
+                    ":",
+                    Object {
+                      "Fn::Join": Array [
+                        "",
+                        Array [
+                          "arn:",
+                          Object {
+                            "Ref": "AWS::Partition",
+                          },
+                          ":lambda:",
+                          Object {
+                            "Ref": "AWS::Region",
+                          },
+                          ":",
+                          Object {
+                            "Ref": "AWS::AccountId",
+                          },
+                          ":function:",
+                          Object {
+                            "Fn::ImportValue": "octopus-api-TEST-function-name",
+                          },
+                        ],
+                      ],
+                    },
+                  ],
+                },
+              ],
+            },
             "STACK": "workflow",
             "STAGE": "TEST",
           },
@@ -4166,6 +4199,59 @@ $util.toJson($ctx.result)",
                 ],
               },
             },
+            Object {
+              "Action": "lambda:InvokeFunction",
+              "Effect": "Allow",
+              "Resource": Array [
+                Object {
+                  "Fn::Join": Array [
+                    "",
+                    Array [
+                      "arn:",
+                      Object {
+                        "Ref": "AWS::Partition",
+                      },
+                      ":lambda:",
+                      Object {
+                        "Ref": "AWS::Region",
+                      },
+                      ":",
+                      Object {
+                        "Ref": "AWS::AccountId",
+                      },
+                      ":function:",
+                      Object {
+                        "Fn::ImportValue": "octopus-api-TEST-function-name",
+                      },
+                    ],
+                  ],
+                },
+                Object {
+                  "Fn::Join": Array [
+                    "",
+                    Array [
+                      "arn:",
+                      Object {
+                        "Ref": "AWS::Partition",
+                      },
+                      ":lambda:",
+                      Object {
+                        "Ref": "AWS::Region",
+                      },
+                      ":",
+                      Object {
+                        "Ref": "AWS::AccountId",
+                      },
+                      ":function:",
+                      Object {
+                        "Fn::ImportValue": "octopus-api-TEST-function-name",
+                      },
+                      ":*",
+                    ],
+                  ],
+                },
+              ],
+            },
           ],
           "Version": "2012-10-17",
         },

cdk/lib/stack.ts

@@ -277,6 +277,12 @@ export class PinBoardStack extends GuStack {
       `Allow ${databaseSecurityGroupName} to connect to the ${databaseProxy.dbProxyName}`
     );
 
+    const octopusApiLambda = lambda.Function.fromFunctionName(
+      this,
+      "OctopusApiLambda",
+      Fn.importValue(`octopus-api-${this.stage}-function-name`)
+    );
+
     const pinboardDatabaseBridgeLambda = new lambda.Function(
       this,
       DATABASE_BRIDGE_LAMBDA_BASENAME,
@@ -290,6 +296,8 @@ export class PinBoardStack extends GuStack {
           STACK: this.stack,
           APP,
           [ENVIRONMENT_VARIABLE_KEYS.databaseHostname]: databaseHostname,
+          [ENVIRONMENT_VARIABLE_KEYS.octopusApiLambdaFunctionName]:
+            octopusApiLambda.functionName,
         },
         functionName: getDatabaseBridgeLambdaFunctionName(this.stage as Stage),
         code: lambda.Code.fromBucket(
@@ -302,6 +310,7 @@ export class PinBoardStack extends GuStack {
       }
     );
     databaseProxy.grantConnect(pinboardDatabaseBridgeLambda);
+    octopusApiLambda.grantInvoke(pinboardDatabaseBridgeLambda);
 
     const databaseJumpHostASGName = getDatabaseJumpHostAsgName(
       this.stage as Stage

database-bridge-lambda/package.json

@@ -10,6 +10,7 @@
     "watch": "ts-node-dev --respawn run.ts"
   },
   "devDependencies": {
+    "@aws-sdk/client-lambda": "^3.299.0",
     "ts-node-dev": "^1.0.0"
   },
   "dependencies": {

database-bridge-lambda/src/imagingRequestCallout.ts

@@ -1,6 +1,10 @@
-import fetch from "node-fetch";
 import { getEnvironmentVariableOrThrow } from "shared/environmentVariables";
 import { ItemWithParsedPayload } from "shared/types/ItemWithParsedPayload";
+import { InvokeCommand, LambdaClient, LogType } from "@aws-sdk/client-lambda";
+import { standardAwsConfig } from "shared/awsIntegration";
+
+const lambda = new LambdaClient(standardAwsConfig);
+const textEncoder = new TextEncoder();
 
 export const performImagingRequest = async (item: ItemWithParsedPayload) => {
   const gridId = (item.payload?.embeddableUrl as string)?.split("/").pop();
@@ -21,23 +25,17 @@ export const performImagingRequest = async (item: ItemWithParsedPayload) => {
   };
   console.log("Performing imaging request", imagingRequestBody);
 
-  process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0"; // self-signed cert on imaging server, which fails SSL check, so ignore
-  const response = await fetch(
-    `https://${getEnvironmentVariableOrThrow(
-      "octopusImagingApiVpcEndpoint"
-    )}/v1/rgbimageorder`,
-    {
-      // note this travels via vpc endpoint, via VPN to specific machine(s) on office network, no need to auth at this point
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-      },
-      body: JSON.stringify(imagingRequestBody),
-    }
+  const octopusLambdaFunctionName = getEnvironmentVariableOrThrow(
+    "octopusApiLambdaFunctionName"
   );
-  if (!response.ok) {
-    throw new Error(
-      `Imaging request failed: ${response.status} ${response.statusText}`
-    );
-  }
+
+  const octopusResponse = await lambda.send(
+    new InvokeCommand({
+      FunctionName: octopusLambdaFunctionName,
+      Payload: textEncoder.encode(JSON.stringify(imagingRequestBody)),
+      LogType: LogType.None, //TODO consider whether we tail the octopus logs as pinboard logs
+    })
+  );
+
+  // FIXME return something from octopusResponse.Payload
 };

database-bridge-lambda/src/sql/Item.ts

@@ -72,7 +72,7 @@ export const createItem = async (
       insertResult.payload
     ) {
       // if this throws, the SQL transaction should be rolled back
-      await performImagingRequest(insertResult);
+      await performImagingRequest(insertResult); //TODO return/store octopus ID
     }
     return insertResult;
   });

shared/environmentVariables.ts

@@ -3,6 +3,7 @@ export const ENVIRONMENT_VARIABLE_KEYS = {
   graphqlEndpoint: "GRAPHQL_ENDPOINT",
   sentryDSN: "SENTRY_DSN",
   databaseHostname: "DATABASE_HOSTNAME",
+  octopusApiLambdaFunctionName: "OCTOPUS_API_LAMBDA_FUNCTION_NAME",
 };
 
 export const getEnvironmentVariableOrThrow = (

yarn.lock

@@ -9189,6 +9189,7 @@ __metadata:
   version: 0.0.0-use.local
   resolution: "database-bridge-lambda@workspace:database-bridge-lambda"
   dependencies:
+    "@aws-sdk/client-lambda": "npm:^3.299.0"
     postgres: "npm:^3.2.4"
     ts-node-dev: "npm:^1.0.0"
   languageName: unknown