Develop

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,30 @@
+---
+name: Bug report
+about: Create a bug report to help us improve
+title: "[Bug] insert summary"
+labels: bug
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Versions (please complete the following information):**
+ - Release Version installed [e.g. v1.0.3]
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: "[Feature Request] insert summary"
+labels: enhancement
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/ISSUE_TEMPLATE/miscellaneous.md

@@ -0,0 +1,14 @@
+---
+name: Miscellaneous
+about: Ask a question or share something interesting
+title: "[Misc] insert summary"
+labels: customer-inquiry
+assignees: ''
+
+---
+
+**What's on your mind?**
+Try to be descriptive about your questions/comments/suggestions. The magic is in the details.
+
+**Versions (please complete the following information):**
+ - Release Version installed [e.g. v1.0.3]

.github/PULL_REQUEST_TEMPLATE.md

@@ -9,6 +9,8 @@ Checklist:
 - [ ] Have you successfully deployed to an AWS account with your changes?
 - [ ] Have you written new tests for your core changes, as applicable?
 - [ ] Have you successfully tested with your changes locally?
+- [ ] If new dependencies have been added, have they been pinned to specific versions?
+- [ ] Is this change also required on the AWS Solution version?
 - [ ] Have you updated openapi.yaml if you made updates to API definition (including add, delete or update parameter and request data schema)?
 - [ ] If you had to run manual tests, have you considered automating those tests by adding them to [end-to-end tests](../main/end-to-end-tests/README.md)?
 

.github/workflows/deploy-integ.yml

@@ -102,6 +102,8 @@ jobs:
           CYPRESS_BASE_URL: ${{ secrets.CYPRESS_BASE_URL}}
           CYPRESS_researcherEmail: ${{ secrets.CYPRESS_RESEARCHER_EMAIL}}
           CYPRESS_researcherPassword: ${{ secrets.CYPRESS_RESEARCHER_PASSWORD}}
+          CYPRESS_adminEmail: ${{ secrets.CYPRESS_ADMIN_EMAIL}}
+          CYPRESS_adminPassword: ${{ secrets.CYPRESS_ADMIN_PASSWORD}}
   merge-develop-to-mainline:
     name: Merge develop to mainline
     runs-on: ubuntu-18.04

.github/workflows/unit-test-code-analysis.yml

@@ -35,6 +35,9 @@ jobs:
           npm install -g pnpm
           npm install -g codecov
           pnpm recursive install --unsafe-perm --stream
+      - name: Check dependencies for vulnerabilities
+        run: |
+          ./scripts/check-dependency-vulnerabilities.sh
       - name: Run static code analysis & linting tests
         run: |
           ./scripts/run-static-code-analysis.sh --stream

CHANGELOG.md

@@ -2,26 +2,25 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
-## [3.1.0](https://github.com/nguyen102/service-workbench-on-aws/compare/v3.0.0...v3.1.0) (2021-05-10)
-
+## [3.1.0](https://github.com/awslabs/service-workbench-on-aws/compare/v3.0.0...v3.1.0) (2021-05-10)
 
 ### Features
 
-* Allow uploading a folder to My Studies ([#475](https://github.com/awslabs/service-workbench-on-aws/issues/475)) ([cb17d4b](https://github.com/awslabs/service-workbench-on-aws/commit/cb17d4be8c0fdaaee7384229629e4bc7ec7d95a1))
-* Run coverage for merge commit ([#458](https://github.com/awslabs/service-workbench-on-aws/issues/458)) ([03afe0e](https://github.com/awslabs/service-workbench-on-aws/commit/03afe0e1387b30dfc50ffab48b9982103048c585))
-* Test coverage ([#456](https://github.com/awslabs/service-workbench-on-aws/issues/456)) ([252b504](https://github.com/awslabs/service-workbench-on-aws/commit/252b5049400c1d3fcb2ceb4720f64210bf0d5359))
-
+- Allow uploading a folder to My Studies ([#475](https://github.com/awslabs/service-workbench-on-aws/issues/475)) ([cb17d4b](https://github.com/awslabs/service-workbench-on-aws/commit/cb17d4be8c0fdaaee7384229629e4bc7ec7d95a1))
+- Run coverage for merge commit ([#458](https://github.com/awslabs/service-workbench-on-aws/issues/458)) ([03afe0e](https://github.com/awslabs/service-workbench-on-aws/commit/03afe0e1387b30dfc50ffab48b9982103048c585))
+- Test coverage ([#456](https://github.com/awslabs/service-workbench-on-aws/issues/456)) ([252b504](https://github.com/awslabs/service-workbench-on-aws/commit/252b5049400c1d3fcb2ceb4720f64210bf0d5359))
 
 ### Bug Fixes
 
-* Fix BYOB app role to only modify FS roles ([#454](https://github.com/awslabs/service-workbench-on-aws/issues/454)) ([35f6cce](https://github.com/awslabs/service-workbench-on-aws/commit/35f6cce3ccc301921ead742240c15c1a7e332f0c))
-* free-form strings for workspace configs ([#479](https://github.com/awslabs/service-workbench-on-aws/issues/479)) ([fca73f4](https://github.com/awslabs/service-workbench-on-aws/commit/fca73f4dbaf509f06ce55b6b0c87c66e31ed8a88))
-* properly handle SC products with no active versions ([#468](https://github.com/awslabs/service-workbench-on-aws/issues/468)) ([3c561f4](https://github.com/awslabs/service-workbench-on-aws/commit/3c561f4850faffe3ccc6fd0ffcc5b7065f53f3c6))
-* Update workspace name reg exp and workspace config tags reg exp ([#452](https://github.com/awslabs/service-workbench-on-aws/issues/452)) ([f9b7d62](https://github.com/awslabs/service-workbench-on-aws/commit/f9b7d628a08b337eaa0a9c8b71bb6226ff0f7b34))
+- Fix BYOB app role to only modify FS roles ([#454](https://github.com/awslabs/service-workbench-on-aws/issues/454)) ([35f6cce](https://github.com/awslabs/service-workbench-on-aws/commit/35f6cce3ccc301921ead742240c15c1a7e332f0c))
+- free-form strings for workspace configs ([#479](https://github.com/awslabs/service-workbench-on-aws/issues/479)) ([fca73f4](https://github.com/awslabs/service-workbench-on-aws/commit/fca73f4dbaf509f06ce55b6b0c87c66e31ed8a88))
+- properly handle SC products with no active versions ([#468](https://github.com/awslabs/service-workbench-on-aws/issues/468)) ([3c561f4](https://github.com/awslabs/service-workbench-on-aws/commit/3c561f4850faffe3ccc6fd0ffcc5b7065f53f3c6))
+- Update workspace name reg exp and workspace config tags reg exp ([#452](https://github.com/awslabs/service-workbench-on-aws/issues/452)) ([f9b7d62](https://github.com/awslabs/service-workbench-on-aws/commit/f9b7d628a08b337eaa0a9c8b71bb6226ff0f7b34))
 
 ## [3.0.0] - 2021-04-19
 
 ### Added
+
 - refactor: restricting AppDeployer permissions
 - refactor: Remove permission boundary condition on launch constraint role
 - refactor: restrict sc roles
@@ -31,43 +30,48 @@ All notable changes to this project will be documented in this file. See [standa
 **Customer Impact:** Below outlines the actions required for you to successfully adopt this security enhancement. The first two items are applicable to all customers. If you have created custom workspace types, then all three items below are applicable.
 
 1. After running the update, onboard all hosting accounts once again to benefit from the enhanced security, and test the application.
-**Note:** The attached pdf contains steps for onboarding hosting accounts, contact your Service Workbench Administrator if you have not performed these steps before.
+   **Note:** The attached pdf contains steps for onboarding hosting accounts, contact your Service Workbench Administrator if you have not performed these steps before.
 
 2. After running the update, import and use the newly available Service Catalog product versions for workspace types (latest version numbers) to benefit from the enhanced security.
 
 3. **ONLY Customers that have created custom workspace types:** It is possible that the permissions boundaries would prevent actions that were formerly allowed. You should plan to validate your custom workspace types after the update. Issues should be addressed by modifying the custom workspaces to work within the permissions granted, or modify the permissions boundary for your installation (this would require a change to Service Workbench code (specifically the IAM policies that are attached as the permissions boundary) for your install).
-Note: Any existing custom or non-custom workspaces types (for example, EC2 Linux/Windows, EMR, SageMaker, R Studio) are not impacted by this upgrade.
+   Note: Any existing custom or non-custom workspaces types (for example, EC2 Linux/Windows, EMR, SageMaker, R Studio) are not impacted by this upgrade.
 
 ## [2.2.0] - 2021-04-12
 
 ### Added
+
 - feat: Display SWB Version in UI's Top Bar
 - fix: Fix cost dashboard bugs
 
 ## [2.1.5] - 2021-04-08
 
 ### Added
+
 - fix: Ensure sdk retry logic is enabled in prod
 - docs: Readme updated
 - fix: assume role on added member account
 
 ## [2.1.4] - 2021-04-06
 
 ### Added
+
 - fix: managing pnpm version for nodejs compatibility
 
 ## [2.1.3] - 2021-04-06
 
 ### Added
+
 - fix: adding required AppDeployer permissions
 - chore: package dependency updates
 - fix: added X-ray support and fix CWL IAM permissions
-  
+
 If you have been using CI/CD pipeline, please redeploy the pipeline stack to incorporate this fix by following the steps listed on the `main/cicd/README.md` file.
 
 ## [2.1.2] - 2021-04-01
 
 ### Added
+
 - fix: managing AppDeployer role permission boundary
 - fix: CW log resources corrected in backend CFN template
 - refactor: restrict ApiHandler role permissions
@@ -81,6 +85,7 @@ If you have been using CI/CD pipeline, please redeploy the pipeline stack to inc
 ## [2.1.1] - 2021-03-19
 
 ### Added
+
 - chore: Enable SSE-S3 when registering buckets in BYOB
 - refactor: restrict data source reachability Lambda role
 - fix: Add 'reachable' and 'error' status to reachability check schema
@@ -89,6 +94,7 @@ If you have been using CI/CD pipeline, please redeploy the pipeline stack to inc
 ## [2.1.0] - 2021-03-12
 
 ### Added
+
 - fix: Upgraded react-dev-utils yarn dependency version
 - feat: Added Bring Your Own Bucket(BYOB) functionality
 - feat: Added integration testing for all APIs
@@ -97,7 +103,8 @@ If you have been using CI/CD pipeline, please redeploy the pipeline stack to inc
 
 ## [2.0.3] - 2021-03-12
 
-### Added 
+### Added
+
 - chore(deps): bump websocket-extensions from 0.1.3 to 0.1.4
 - test: fix flaky integ tests
 - fix: emr workspace image. Lock jupyterlab to version 2.2.6
@@ -106,15 +113,17 @@ If you have been using CI/CD pipeline, please redeploy the pipeline stack to inc
 
 ## [2.0.2] - 2021-03-03
 
-### Added 
+### Added
+
 - fix: SageMaker environment status update
 - fix: Validate Open Data ARNs
 - test: Integration test components and framework
 - chore: Dependency version bump
 
 ## [2.0.1] - 2021-02-08
 
-### Added 
+### Added
+
 - fix: Added usernameInIdp property to update user schema
 - fix: Made external researcher used UserOnboarding template less permissive
 - fix: labeler yml syntax
@@ -124,10 +133,12 @@ We recommend to apply this patch as soon as possible
 
 ## [2.0.0] - 2021-01-29
 
-### Added 
+### Added
+
 - feat: Adding ability to manage CIDR blocks of workspace's configured security group
 
 Note:
+
 1. This feature has added permissions to the onboard-account template and requires re-onboarding existing member accounts. Please contact your system administrator for the same.
 2. For RStudio instances, please allow 2-5 minutes for CIDR changes to take effect.
 3. For SageMaker instances, currently application admins and workspace owners have ability to access the SageMaker platform directly, irrespective of CIDR inclusion.
@@ -136,28 +147,32 @@ Note:
 
 ## [1.4.7] - 2021-01-28
 
-### Added 
+### Added
+
 - fix: Fix a bug on the update user API
 
 We recommend to apply this patch as soon as possible
 
 ## [1.4.6] - 2021-01-15
 
-### Added 
+### Added
+
 - fix: Add tables back to cloudformation and don't authorize API Keys
 
 We recommend to apply this patch as soon as possible
 
 ## [1.4.5] - 2021-01-14
 
-### Added 
+### Added
+
 - fix: remove API Keys functionality
 
 We recommend to apply this patch as soon as possible
 
 ## [1.4.4] - 2021-01-13
 
 ### Added
+
 - fix: open data scraper bugfix
 - docs: improvements to deployment documentation
 - fix: Upload Files button disappears for R/W users
@@ -171,32 +186,36 @@ We recommend to apply this patch as soon as possible
 ## [1.4.3] - 2020-11-24
 
 ### Added
+
 - feat: Support Read/Write Study mounts for EC2 Windows
 
 ## [1.4.2] - 2020-11-23
 
-### Added 
+### Added
+
 - fix: Fix a bug on the update study API
 
 We recommend to apply this patch as soon as possible
 
 ## [1.4.1] - 2020-11-18
 
-### Added 
+### Added
+
 - fix: Handling policy names for windows envs
 - fix: Fix a bug on the create study API
 
 We recommend to apply this patch as soon as possible
 
 ## [1.4.0] - 2020-11-13
 
-### Added 
+### Added
+
 - feat: Study Read/Write and Permission propagation (Goofys)
 - feat: Read/Only study mounts on AWS Service Catalog based EC2 Windows workspaces
 
 ## [1.3.2] - 2020-10-23
 
-### Added 
+### Added
 
 - fix: Adding dependencies for Dynamo table creation to prevent install crash
 - fix: Query string parameters were getting duplicated in the url

README.md

@@ -165,6 +165,7 @@ cd -
 
 Once Service Workbench is fully deployed, the console will output the Website URL and Root Password for Service Workbench. You can log in by navigating to the Website URL in any browser, and then using the username 'root' and the Root Password given by the console. Please note that logging as the root user is highly discouraged, and should only be used for initial setup. You can create a new user by clicking the "Users" tab on the left, then "Add Local User". Follow the instructions given to create the user (you can leave the 'Project' field blank for now), then log out of the root account and into your new user account.
 
+Adding a local user should only be done in test environments. We highly recommend using an IDP for prod environments. For more details on how to set up an IDP, please click [here](/docs/docs/user_guide/sidebar/admin/auth/introduction.md)
 ## Linking an existing AWS account
 
 Once in your user account, you'll need to link your AWS account. Navigate to "AWS Accounts" in the left bar, then click the "AWS Accounts" tab. From here, you can create an AWS account, or link an existing one.

addons/addon-base-post-deployment/packages/base-post-deployment/lib/steps/create-root-user-service.js

@@ -60,9 +60,8 @@ class CreateRootUserService extends Service {
       });
       this.log.info('Created root user in the data lake');
 
-      await dbPasswordService.savePassword(getSystemRequestContext(), {
+      await dbPasswordService.saveRootPassword(getSystemRequestContext(), {
         uid: createdUser.uid,
-        username: rootUserName,
         password: rootUserPassword,
       });
       this.log.info("Created root user's password");

addons/addon-base-raas-ui/packages/base-raas-ui/package.json

@@ -10,7 +10,7 @@
     "@aws-ee/base-services": "workspace:*",
     "@aws-ee/key-pair-mgmt-ui": "workspace:*",
     "aws-sdk": "^2.713.0",
-    "chart.js": "^2.9.3",
+    "chart.js": "^2.9.4",
     "classnames": "^2.2.6",
     "crypto-browserify": "^3.12.0",
     "csvtojson": "^2.0.10",

addons/addon-base-raas-ui/packages/base-raas-ui/src/models/users/User.js

@@ -102,6 +102,10 @@ const User = types
       return _.toLower(self.userType) === 'root';
     },
 
+    get isInternalAuthUser() {
+      return _.toLower(self.authenticationProviderId) === 'internal';
+    },
+
     get isActive() {
       return _.toLower(self.status) === 'active';
     },