darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2025-12-12 08:03:20 -05:00
Code Issues Packages Projects Releases Wiki Activity

Use credentials output by terraform/development

Browse Source
This commit is contained in:
Ryan Ahearn
2023-03-13 15:30:37 -04:00
parent e6f3bace40
commit 67b64f11b9
5 changed files with 30 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.github/workflows/checks.yml vendored
View File

@@ -13,7 +13,6 @@ env:
WERKZEUG_DEBUG_PIN: off WERKZEUG_DEBUG_PIN: off
REDIS_ENABLED: 0 REDIS_ENABLED: 0
NODE_VERSION: 16.15.1 NODE_VERSION: 16.15.1
AWS_REGION: us-west-2
jobs: jobs:
build: build:

1
.github/workflows/daily_checks.yml vendored
View File

@@ -17,7 +17,6 @@ env:
WERKZEUG_DEBUG_PIN: off WERKZEUG_DEBUG_PIN: off
REDIS_ENABLED: 0 REDIS_ENABLED: 0
NODE_VERSION: 16.15.1 NODE_VERSION: 16.15.1
AWS_REGION: us-west-2
jobs: jobs:
dependency-audits: dependency-audits:

21
app/config.py
View File

@@ -74,12 +74,12 @@ class Config(object):
} }
def _default_s3_credentials(bucket_name): def _s3_credentials_from_env(bucket_prefix):
return { return {
'bucket': bucket_name, 'bucket': getenv(f"{bucket_prefix}_BUCKET_NAME", f"{bucket_prefix}-test-bucket-name"),
'access_key_id': getenv('AWS_ACCESS_KEY_ID'), 'access_key_id': getenv(f"{bucket_prefix}_AWS_ACCESS_KEY_ID"),
'secret_access_key': getenv('AWS_SECRET_ACCESS_KEY'), 'secret_access_key': getenv(f"{bucket_prefix}_AWS_SECRET_ACCESS_KEY"),
'region': getenv('AWS_REGION') 'region': getenv(f"{bucket_prefix}_AWS_REGION")
} }
@@ -93,9 +93,9 @@ class Development(Config):
ASSET_PATH = '/static/' ASSET_PATH = '/static/'
# Buckets # Buckets
CSV_UPLOAD_BUCKET = _default_s3_credentials('local-notifications-csv-upload') CSV_UPLOAD_BUCKET = _s3_credentials_from_env('CSV')
CONTACT_LIST_BUCKET = _default_s3_credentials('local-contact-list') CONTACT_LIST_BUCKET = _s3_credentials_from_env('CONTACT')
LOGO_UPLOAD_BUCKET = _default_s3_credentials('local-public-logos-tools') LOGO_UPLOAD_BUCKET = _s3_credentials_from_env('LOGO')
# credential overrides # credential overrides
DANGEROUS_SALT = 'development-notify-salt' DANGEROUS_SALT = 'development-notify-salt'
@@ -115,11 +115,6 @@ class Test(Development):
REDIS_URL = 'redis://you-forgot-to-mock-a-redis-call-to' REDIS_URL = 'redis://you-forgot-to-mock-a-redis-call-to'
LOGO_CDN_DOMAIN = 'static-logos.test.com' LOGO_CDN_DOMAIN = 'static-logos.test.com'
# Buckets
CSV_UPLOAD_BUCKET = _default_s3_credentials('test-csv-upload')
CONTACT_LIST_BUCKET = _default_s3_credentials('test-contact-list')
LOGO_UPLOAD_BUCKET = _default_s3_credentials('test-logo-upload')
class Production(Config): class Production(Config):
HEADER_COLOUR = '#005EA5' # $govuk-blue HEADER_COLOUR = '#005EA5' # $govuk-blue

11
tests/app/main/views/uploads/test_upload_contact_list.py
View File

@@ -1,6 +1,5 @@
import uuid import uuid
from io import BytesIO from io import BytesIO
from os import getenv
from unittest.mock import ANY from unittest.mock import ANY
import pytest import pytest
@@ -178,6 +177,7 @@ def test_upload_contact_list_page(client_request):
def test_upload_csv_file_shows_error_banner( def test_upload_csv_file_shows_error_banner(
client_request, client_request,
mocker, mocker,
notify_admin,
mock_s3_upload, mock_s3_upload,
mock_get_job_doesnt_exist, mock_get_job_doesnt_exist,
mock_get_users_by_service, mock_get_users_by_service,
@@ -205,13 +205,14 @@ def test_upload_csv_file_shows_error_banner(
_data={'file': (BytesIO(''.encode('utf-8')), 'invalid.csv')}, _data={'file': (BytesIO(''.encode('utf-8')), 'invalid.csv')},
_follow_redirects=True, _follow_redirects=True,
) )
bucket_creds = notify_admin.config['CONTACT_LIST_BUCKET']
mock_upload.assert_called_once_with( mock_upload.assert_called_once_with(
filedata='', filedata='',
region='us-west-2', region=bucket_creds['region'],
bucket_name='test-contact-list', bucket_name=bucket_creds['bucket'],
file_location=f"service-{SERVICE_ONE_ID}-notify/{fake_uuid}.csv", file_location=f"service-{SERVICE_ONE_ID}-notify/{fake_uuid}.csv",
access_key=getenv('AWS_ACCESS_KEY_ID'), access_key=bucket_creds['access_key_id'],
secret_key=getenv('AWS_SECRET_ACCESS_KEY'), secret_key=bucket_creds['secret_access_key'],
) )
mock_set_metadata.assert_called_once_with( mock_set_metadata.assert_called_once_with(
ANY, ANY,

37
tests/app/s3_client/test_s3_logo_client.py
View File

@@ -1,5 +1,4 @@
from collections import namedtuple from collections import namedtuple
from os import getenv
from unittest.mock import call from unittest.mock import call
import pytest import pytest
@@ -14,21 +13,10 @@ from app.s3_client.s3_logo_client import (
upload_email_logo, upload_email_logo,
) )
default_access_key = getenv('AWS_ACCESS_KEY_ID')
default_secret_key = getenv('AWS_SECRET_ACCESS_KEY')
default_region = getenv('AWS_REGION')
bucket = 'test_bucket'
bucket_credentials = {
'bucket': bucket,
'access_key_id': default_access_key,
'secret_access_key': default_secret_key,
'region': default_region
}
data = {'data': 'some_data'} data = {'data': 'some_data'}
filename = 'test.png' filename = 'test.png'
svg_filename = 'test.svg' svg_filename = 'test.svg'
upload_id = 'test_uuid' upload_id = 'test_uuid'
region = 'us-west-2'
@pytest.fixture @pytest.fixture
@@ -37,26 +25,29 @@ def upload_filename(fake_uuid):
temp=TEMP_TAG.format(user_id=fake_uuid), unique_id=upload_id, filename=filename) temp=TEMP_TAG.format(user_id=fake_uuid), unique_id=upload_id, filename=filename)
def test_upload_email_logo_calls_correct_args(client_request, mocker, fake_uuid, upload_filename): @pytest.fixture
def bucket_credentials(notify_admin):
return notify_admin.config['LOGO_UPLOAD_BUCKET']
def test_upload_email_logo_calls_correct_args(client_request, mocker, bucket_credentials, fake_uuid, upload_filename):
mocker.patch('uuid.uuid4', return_value=upload_id) mocker.patch('uuid.uuid4', return_value=upload_id)
mocker.patch.dict('flask.current_app.config', {'LOGO_UPLOAD_BUCKET': bucket_credentials})
mocked_s3_upload = mocker.patch('app.s3_client.s3_logo_client.utils_s3upload') mocked_s3_upload = mocker.patch('app.s3_client.s3_logo_client.utils_s3upload')
upload_email_logo(filename=filename, user_id=fake_uuid, filedata=data) upload_email_logo(filename=filename, user_id=fake_uuid, filedata=data)
mocked_s3_upload.assert_called_once_with( mocked_s3_upload.assert_called_once_with(
filedata=data, filedata=data,
region=region, region=bucket_credentials['region'],
file_location=upload_filename, file_location=upload_filename,
bucket_name=bucket, bucket_name=bucket_credentials['bucket'],
content_type='image/png', content_type='image/png',
access_key=default_access_key, access_key=bucket_credentials['access_key_id'],
secret_key=default_secret_key, secret_key=bucket_credentials['secret_access_key'],
) )
def test_persist_logo(client_request, mocker, fake_uuid, upload_filename): def test_persist_logo(client_request, bucket_credentials, mocker, fake_uuid, upload_filename):
mocker.patch.dict('flask.current_app.config', {'LOGO_UPLOAD_BUCKET': bucket_credentials})
mocked_get_s3_object = mocker.patch('app.s3_client.s3_logo_client.get_s3_object') mocked_get_s3_object = mocker.patch('app.s3_client.s3_logo_client.get_s3_object')
mocked_delete_s3_object = mocker.patch('app.s3_client.s3_logo_client.delete_s3_object') mocked_delete_s3_object = mocker.patch('app.s3_client.s3_logo_client.delete_s3_object')
@@ -65,7 +56,11 @@ def test_persist_logo(client_request, mocker, fake_uuid, upload_filename):
persist_logo(upload_filename, new_filename) persist_logo(upload_filename, new_filename)
mocked_get_s3_object.assert_called_once_with( mocked_get_s3_object.assert_called_once_with(
bucket, new_filename, default_access_key, default_secret_key, default_region) bucket_credentials['bucket'],
new_filename,
bucket_credentials['access_key_id'],
bucket_credentials['secret_access_key'],
bucket_credentials['region'])
mocked_delete_s3_object.assert_called_once_with(upload_filename) mocked_delete_s3_object.assert_called_once_with(upload_filename)