Merge pull request #230 from gockle/main

Release v3.3.6 - Remove Taurus blazemeter image and use AmazonLinux base image

Author: gockle

CHANGELOG.md

@@ -6,6 +6,17 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 
+## [3.3.6] - 2025-04-16
+
+### Security
+
+- Change Dockerfile base image reference from blazemeter/taurus:1.16.38 to amazonlinux:2023-minimal to resolve vulnerabilities.
+- Update aws-cdk-lib to 2.189.0 to fix [CVE](https://github.com/aws/aws-cdk/security/advisories/GHSA-qq4x-c6h6-rfxh)
+
+### Changes
+
+- Updating lambda runtimes to use node-20
+
 ## [3.3.5] - 2025-03-17
 
 ### Security

README.md

@@ -59,7 +59,7 @@ To make changes to the solution, download or clone this repository, update the s
 
 ### Prerequisites
 
-- Node.js 16.x or later
+- Node.js 18.x or later
 - S3 bucket that includes the AWS region as a suffix in the name. For example, `my-bucket-us-east-1`. The bucket and CloudFormation stack must be in the same region. The solution's CloudFormation template will expect the source code to be located in a bucket matching that name.
 
 ### Running unit tests for customization
@@ -91,7 +91,7 @@ export BUCKET_NAME=$BUCKET_PREFIX-$REGION # full bucket name where the code will
 export SOLUTION_NAME=my-solution-name
 export VERSION=my-version # version number for the customized code
 export PUBLIC_ECR_REGISTRY=public.ecr.aws/aws-solutions # replace with the container registry and image if you want to use a different container image
-export PUBLIC_ECR_TAG=v3.2.5 # replace with the container image tag if you want to use a different container image
+export PUBLIC_ECR_TAG=v3.3.5 # replace with the container image tag if you want to use a different container image
 ```
 
 - Build the distributable.

SECURITY.md

@@ -8,4 +8,4 @@ If you discover a potential security issue in this project,
 please notify AWS/Amazon Security via our
 [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/)
 or directly via email to [AWS Security](mailto:aws-security@amazon.com).
-Please do *not* create a public GitHub issue in this project.
+Please do *not* create a public GitHub issue in this project.

VERSION.txt

@@ -1 +1 @@
-3.3.5
+3.3.6

architecture.png

@@ -1,15 +1,19 @@
-FROM blazemeter/taurus:1.16.38
-# taurus includes python and pip
-RUN /usr/bin/python3 -m pip install --upgrade pip
-RUN pip install --no-cache-dir awscli
-RUN apt-get -y install --no-install-recommends xmlstarlet bc procps jq
+FROM public.ecr.aws/amazonlinux/amazonlinux:2023-minimal
 
-# Removing selenium and gatling from our image as they are not supported in DLT
-RUN rm -rf /root/.bzt/selenium-taurus
-RUN rm -rf /root/.bzt/gatling-taurus
+RUN dnf update -y && \
+    dnf install -y python3.11 python3.11-pip java-21-amazon-corretto bc procps jq findutils unzip && \
+    dnf clean all
+
+ENV PIP_INSTALL="pip3.11 install --no-cache-dir"
+
+
+# install bzt
+RUN $PIP_INSTALL --upgrade bzt awscli setuptools==70.0.0
 
-RUN apt-get update && apt-get upgrade -y
-# Taurus working directory  = /bzt-configs
+# install bzt tools
+RUN bzt -install-tools -o modules.install-checker.exclude=selenium,gatling,tsung,siege,ab,k6,external-results-loader,locust,junit,testng,rspec,mocha,nunit,xunit,wdio
+RUN rm -rf /root/.bzt/selenium-taurus
+RUN mkdir /bzt-configs /tmp/artifacts
 ADD ./load-test.sh /bzt-configs/
 ADD ./*.jar /bzt-configs/
 ADD ./*.py /bzt-configs/
@@ -18,51 +22,13 @@ RUN chmod 755 /bzt-configs/load-test.sh
 RUN chmod 755 /bzt-configs/ecslistener.py
 RUN chmod 755 /bzt-configs/ecscontroller.py
 RUN chmod 755 /bzt-configs/jar_updater.py
-RUN python3 /bzt-configs/jar_updater.py
-
-# Remove K6 as it is not supported in DLT by default
-RUN apt remove -y k6
-
-RUN /bin/bash -c "source /etc/profile.d/rbenv.sh && rbenv uninstall --force $(cat /usr/local/rbenv/version)"
-RUN rm -rf /usr/local/rbenv
-
-# Replacing urllib3 with more stable Versions to resolve vulnerabilities
-RUN pip install urllib3==2.2.2
-RUN rm -rf /root/.bzt/python-packages/3.10.12/urllib3*
-RUN cp -r /usr/local/lib/python3.10/dist-packages/urllib3* /root/.bzt/python-packages/3.10.12/
-
-# Replacing Werkzeug with more stable version to resolve vulnerabilities
-RUN pip install Werkzeug==3.0.6
-RUN rm -rf /root/.bzt/python-packages/3.10.12/werkzeug*
-RUN cp -r /usr/local/lib/python3.10/dist-packages/werkzeug* /root/.bzt/python-packages/3.10.12/
-
-# Replacing cryptography with more stable version to resolve vulnerabilities
-RUN pip install cryptography==43.0.1
-RUN rm -rf /root/.bzt/python-packages/3.10.12/cryptography*
-RUN cp -r /usr/local/lib/python3.10/dist-packages/cryptography* /root/.bzt/python-packages/3.10.12/
-
-# Replacing setuptools with more stable version to resolve vulnerabilities
-RUN pip install setuptools==65.5.1
-RUN rm -rf /root/.bzt/python-packages/3.10.12/setuptools*
-RUN cp -r /usr/local/lib/python3.10/dist-packages/setuptools* /root/.bzt/python-packages/3.10.12/
-
-# Removing dotnet dependencies as NUnit and Xunit is not supported in DLT
-RUN rm -rf /usr/share/dotnet
-
-# Replacing aiohttp with more stable version to resolve CVE-2024-23334
-RUN rm -rf /usr/local/lib/python3.10/dist-packages/aiohttp* 
-RUN  pip install --upgrade aiohttp
-
-# Replacing idna and Flask_Cors with more stable version to resolve CVE-2024-3651 and  CVE-2024-6221
-RUN pip install --upgrade idna Flask_Cors==5.0.0
-RUN rm -rf /root/.bzt/python-packages/3.10.12/idna* /root/.bzt/python-packages/3.10.12/Flask_Cors*
-RUN cp -r /usr/local/lib/python3.10/dist-packages/idna* /usr/local/lib/python3.10/dist-packages/Flask_Cors* /root/.bzt/python-packages/3.10.12/
+RUN python3.11 /bzt-configs/jar_updater.py
 
-# Bumping the version of NPM to remove possible vulnerabilities
-RUN npm install -g npm
+# Remove jar files from /tmp
+RUN rm -rf /tmp/jmeter-plugins-manager-1.7*
 
-# Remove unused poetry.lock file to resolve multiple CVEs
-RUN rm -f /root/.bzt/python-packages/3.10.12/poetry.lock
+# Add settings file to capture the output logs from bzt cli
+RUN mkdir -p /etc/bzt.d && echo '{"settings": {"artifacts-dir": "/tmp/artifacts"}}' > /etc/bzt.d/90-artifacts-dir.json
 
-WORKDIR /bzt-configs/
-ENTRYPOINT ["./load-test.sh"]
+WORKDIR /bzt-configs
+ENTRYPOINT ["./load-test.sh"]

deployment/ecr/distributed-load-testing-on-aws-load-tester/Dockerfile

@@ -35,7 +35,8 @@
     "commons-net": "commons-net/commons-net/3.9.0/commons-net-3.9.0.jar",
     "tika-core": "org/apache/tika/tika-core/1.28.4/tika-core-1.28.4.jar",
     "json-path": "com/jayway/jsonpath/json-path/2.9.0/json-path-2.9.0.jar",
-    "dnsjava": "dnsjava/dnsjava/3.6.1/dnsjava-3.6.1.jar"
+    "dnsjava": "dnsjava/dnsjava/3.6.1/dnsjava-3.6.1.jar",
+    "xstream":"com/thoughtworks/xstream/xstream/1.4.21/xstream-1.4.21.jar"
 }
 JMETER_VERSION = "5.5"
 JMETER_PLUGINS_MANAGER_VERSION = "1.10"

deployment/ecr/distributed-load-testing-on-aws-load-tester/jar_updater.py

@@ -90,14 +90,14 @@ fi
 
 #Download python script
 if [ -z "$IPNETWORK" ]; then
-    python3 -u $SCRIPT $TIMEOUT &
+    python3.11 -u $SCRIPT  $TIMEOUT &
     pypid=$!
     wait $pypid
     pypid=0
 else 
     aws s3 cp s3://$S3_BUCKET/Container_IPs/${TEST_ID}_IPHOSTS_${AWS_REGION}.txt ./ --region $MAIN_STACK_REGION
     export IPHOSTS=$(cat ${TEST_ID}_IPHOSTS_${AWS_REGION}.txt)
-    python3 -u $SCRIPT $IPNETWORK $IPHOSTS
+    python3.11 -u $SCRIPT $IPNETWORK $IPHOSTS
 fi
 
 echo "Running test"
@@ -164,17 +164,18 @@ if [ -f /tmp/artifacts/results.xml ]; then
   CURRENT_TIME_EPOCH=$(date +%s)
   ECS_DURATION=$((CURRENT_TIME_EPOCH - START_TIME_EPOCH))
 
-  xmlstarlet ed -P -L -s "/FinalStatus" -t elem -n "TaskId" -v "$TASK_ID" /tmp/artifacts/results.xml
-  xmlstarlet ed -P -L -s "/FinalStatus" -t elem -n "TaskCPU" -v "$Task_CPU" /tmp/artifacts/results.xml
-  xmlstarlet ed -P -L -s "/FinalStatus" -t elem -n "TaskMemory" -v "$Task_Memory" /tmp/artifacts/results.xml
-  xmlstarlet ed -P -L -s "/FinalStatus" -t elem -n "ECSDuration" -v "$ECS_DURATION" /tmp/artifacts/results.xml
+
+  sed -i.bak 's/<\/FinalStatus>/<TaskId>'"$TASK_ID"'<\/TaskId><\/FinalStatus>/' /tmp/artifacts/results.xml
+  sed -i 's/<\/FinalStatus>/<TaskCPU>'"$Task_CPU"'<\/TaskCPU><\/FinalStatus>/' /tmp/artifacts/results.xml
+  sed -i 's/<\/FinalStatus>/<TaskMemory>'"$Task_Memory"'<\/TaskMemory><\/FinalStatus>/' /tmp/artifacts/results.xml
+  sed -i 's/<\/FinalStatus>/<ECSDuration>'"$ECS_DURATION"'<\/ECSDuration><\/FinalStatus>/' /tmp/artifacts/results.xml
 
   echo "Validating Test Duration"
-  TEST_DURATION=`xmlstarlet sel -t -v "/FinalStatus/TestDuration" /tmp/artifacts/results.xml`
+  TEST_DURATION=$(grep -E '<TestDuration>[0-9]+.[0-9]+</TestDuration>' /tmp/artifacts/results.xml | sed -e 's/<TestDuration>//' | sed -e 's/<\/TestDuration>//')
 
   if (( $(echo "$TEST_DURATION > $CALCULATED_DURATION" | bc -l) )); then
     echo "Updating test duration: $CALCULATED_DURATION s"
-    xmlstarlet ed -L -u /FinalStatus/TestDuration -v $CALCULATED_DURATION /tmp/artifacts/results.xml
+    sed -i.bak.td 's/<TestDuration>[0-9]*\.[0-9]*<\/TestDuration>/<TestDuration>'"$CALCULATED_DURATION"'<\/TestDuration>/' /tmp/artifacts/results.xml
   fi
 
   if [ "$TEST_TYPE" == "simple" ]; then
@@ -191,4 +192,4 @@ if [ -f /tmp/artifacts/results.xml ]; then
 
 else
   echo "An error occurred while the test was running."
-fi
+fi

deployment/ecr/distributed-load-testing-on-aws-load-tester/load-test.sh

@@ -1,6 +1,6 @@
 {
   "name": "api-services",
-  "version": "3.3.5",
+  "version": "3.3.6",
   "description": "REST API micro services",
   "repository": {
     "type": "git",

source/api-services/package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "distributed-load-testing-on-aws-ui",
-  "version": "3.3.5",
+  "version": "3.3.6",
   "private": true,
   "license": "Apache-2.0",
   "author": {

source/api-services/package.json

@@ -1,6 +1,6 @@
 {
   "name": "custom-resource",
-  "version": "3.3.5",
+  "version": "3.3.6",
   "description": "cfn custom resources for distributed load testing on AWS workflow",
   "repository": {
     "type": "git",

source/console/package-lock.json

@@ -120,7 +120,7 @@ export class TestRunnerLambdasConstruct extends Construct {
       handler: "index.handler",
       role: lambdaResultsRole,
       code: Code.fromBucket(props.sourceCodeBucket, `${props.sourceCodePrefix}/results-parser.zip`),
-      runtime: Runtime.NODEJS_18_X,
+      runtime: Runtime.NODEJS_20_X,
       timeout: Duration.seconds(120),
       environment: {
         HISTORY_TABLE: props.historyTable.tableName,
@@ -230,7 +230,7 @@ export class TestRunnerLambdasConstruct extends Construct {
         VERSION: props.solutionVersion,
         MAIN_STACK_REGION: props.mainStackRegion,
       },
-      runtime: Runtime.NODEJS_18_X,
+      runtime: Runtime.NODEJS_20_X,
       timeout: Duration.seconds(900),
     });
 
@@ -299,7 +299,7 @@ export class TestRunnerLambdasConstruct extends Construct {
       handler: "index.handler",
       role: taskCancelerRole,
       code: Code.fromBucket(props.sourceCodeBucket, `${props.sourceCodePrefix}/task-canceler.zip`),
-      runtime: Runtime.NODEJS_18_X,
+      runtime: Runtime.NODEJS_20_X,
       timeout: Duration.seconds(300),
       environment: {
         METRIC_URL: props.metricsUrl,
@@ -380,7 +380,7 @@ export class TestRunnerLambdasConstruct extends Construct {
       handler: "index.handler",
       role: taskStatusCheckerRole,
       code: Code.fromBucket(props.sourceCodeBucket, `${props.sourceCodePrefix}/task-status-checker.zip`),
-      runtime: Runtime.NODEJS_18_X,
+      runtime: Runtime.NODEJS_20_X,
       timeout: Duration.seconds(180),
       environment: {
         SCENARIOS_TABLE: props.scenariosTable.tableName,

source/console/package.json

@@ -105,7 +105,7 @@ export class CustomResourceInfraConstruct extends Construct {
       handler: "index.handler",
       role: customResourceRole,
       code: Code.fromBucket(sourceBucket, `${props.sourceCodePrefix}/${props.stackType}-custom-resource.zip`),
-      runtime: Runtime.NODEJS_18_X,
+      runtime: Runtime.NODEJS_20_X,
       timeout: Duration.seconds(120),
       environment: {
         METRIC_URL: props.metricsUrl,

source/custom-resource/package-lock.json

@@ -194,7 +194,7 @@ export class DLTAPI extends Construct {
     const dltApiServicesLambda = new LambdaFunction(this, "DLTAPIServicesLambdaNew", {
       description: "API microservices for creating, updating, listing and deleting test scenarios",
       code: Code.fromBucket(props.sourceCodeBucket, `${props.sourceCodePrefix}/api-services.zip`),
-      runtime: Runtime.NODEJS_18_X,
+      runtime: Runtime.NODEJS_20_X,
       handler: "index.handler",
       timeout: Duration.seconds(120),
       environment: {

source/custom-resource/package.json

@@ -59,7 +59,7 @@ export class RealTimeDataConstruct extends Construct {
       handler: "index.handler",
       role: realTimeDataPublisherRole,
       code: Code.fromBucket(props.sourceCodeBucket, `${props.sourceCodePrefix}/real-time-data-publisher.zip`),
-      runtime: Runtime.NODEJS_18_X,
+      runtime: Runtime.NODEJS_20_X,
       timeout: Duration.seconds(180),
       environment: {
         MAIN_REGION: props.mainRegion,