From 6c4c8b075a37c07e34610fcb19d4c018502b7163 Mon Sep 17 00:00:00 2001 From: Kenneth Kehl <@kkehl@flexion.us> Date: Mon, 11 Mar 2024 10:34:59 -0700 Subject: [PATCH 01/11] fix code coverage reporting --- .github/workflows/checks.yml | 3 ++- Makefile | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index 280d2566e..dd0fe3275 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -61,7 +61,8 @@ jobs: NOTIFY_E2E_TEST_HTTP_AUTH_USER: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_USER }} NOTIFY_E2E_TEST_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_PASSWORD }} - name: Check coverage threshold - run: poetry run coverage report --fail-under=50 + # TODO get this back up to 95 + run: poetry run coverage report --fail-under=87 validate-new-relic-config: runs-on: ubuntu-latest diff --git a/Makefile b/Makefile index 4273f7b7e..e86cfc1c3 100644 --- a/Makefile +++ b/Makefile @@ -79,7 +79,7 @@ test: ## Run tests and create coverage report poetry run black . poetry run flake8 . poetry run isort --check-only ./app ./tests - poetry run coverage run -m pytest -vv --maxfail=10 + poetry run coverage run --omit=*/notifications_utils/* -m pytest --maxfail=10 poetry run coverage report -m --fail-under=95 poetry run coverage html -d .coverage_cache From 61703471bbad855c972a9e9062a8977cab59db4f Mon Sep 17 00:00:00 2001 From: Carlo Costino Date: Tue, 12 Mar 2024 13:59:08 -0400 Subject: [PATCH 02/11] Fix remaining Terraform for production and demo This changeset adjusts our Terraform for the production and demo environments so that the new delete_recursive_allowed with the Cloud Foundry Cloud Controller is set to false. It also updates the shared modules to all explicitly account for this property so that we can set the flag easily. Signed-off-by: Carlo Costino --- terraform/demo/main.tf | 73 ++++++++++++++------------ terraform/demo/providers.tf | 2 +- terraform/production/main.tf | 75 +++++++++++++++------------ terraform/production/providers.tf | 2 +- terraform/shared/egress_space/main.tf | 2 +- terraform/shared/ses/main.tf | 9 ++++ terraform/shared/ses/variables.tf | 6 +++ terraform/shared/sns/main.tf | 9 ++++ terraform/shared/sns/variables.tf | 6 +++ 9 files changed, 116 insertions(+), 68 deletions(-) diff --git a/terraform/demo/main.tf b/terraform/demo/main.tf index 615f92670..5f3f8525e 100644 --- a/terraform/demo/main.tf +++ b/terraform/demo/main.tf @@ -1,38 +1,46 @@ locals { - cf_org_name = "gsa-tts-benefits-studio" - cf_space_name = "notify-demo" - env = "demo" - app_name = "notify-api" - recursive_delete = false + cf_org_name = "gsa-tts-benefits-studio" + cf_space_name = "notify-demo" + env = "demo" + app_name = "notify-api" + delete_recursive_allowed = false +} + +data "cloudfoundry_space" "demo" { + org_name = local.cf_org_name + name = local.cf_space_name +} + +resource "cloudfoundry_space" "notify-demo" { + delete_recursive_allowed = local.delete_recursive_allowed + name = local.cf_space_name + org = data.cloudfoundry_org.org.id } module "database" { source = "github.com/18f/terraform-cloudgov//database?ref=v0.7.1" - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - name = "${local.app_name}-rds-${local.env}" - recursive_delete = local.recursive_delete - rds_plan_name = "micro-psql" + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + name = "${local.app_name}-rds-${local.env}" + rds_plan_name = "micro-psql" } module "redis" { source = "github.com/18f/terraform-cloudgov//redis?ref=v0.7.1" - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - name = "${local.app_name}-redis-${local.env}" - recursive_delete = local.recursive_delete - redis_plan_name = "redis-dev" + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + name = "${local.app_name}-redis-${local.env}" + redis_plan_name = "redis-dev" } module "csv_upload_bucket" { source = "github.com/18f/terraform-cloudgov//s3?ref=v0.7.1" - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - recursive_delete = local.recursive_delete - name = "${local.app_name}-csv-upload-bucket-${local.env}" + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + name = "${local.app_name}-csv-upload-bucket-${local.env}" } module "egress-space" { @@ -40,6 +48,7 @@ module "egress-space" { cf_org_name = local.cf_org_name cf_restricted_space_name = local.cf_space_name + delete_recursive_allowed = local.delete_recursive_allowed deployers = [ var.cf_user, "steven.reilly@gsa.gov" @@ -49,22 +58,22 @@ module "egress-space" { module "ses_email" { source = "../shared/ses" - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - name = "${local.app_name}-ses-${local.env}" - recursive_delete = local.recursive_delete - aws_region = "us-west-2" - email_domain = "notify.sandbox.10x.gsa.gov" - email_receipt_error = "notify-support@gsa.gov" + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + name = "${local.app_name}-ses-${local.env}" + aws_region = "us-west-2" + email_domain = "notify.sandbox.10x.gsa.gov" + email_receipt_error = "notify-support@gsa.gov" + delete_recursive_allowed = local.delete_recursive_allowed } module "sns_sms" { source = "../shared/sns" - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - name = "${local.app_name}-sns-${local.env}" - recursive_delete = local.recursive_delete - aws_region = "us-east-1" - monthly_spend_limit = 25 + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + name = "${local.app_name}-sns-${local.env}" + aws_region = "us-east-1" + monthly_spend_limit = 25 + delete_recursive_allowed = local.delete_recursive_allowed } diff --git a/terraform/demo/providers.tf b/terraform/demo/providers.tf index f13333d3e..34ba30a62 100644 --- a/terraform/demo/providers.tf +++ b/terraform/demo/providers.tf @@ -3,7 +3,7 @@ terraform { required_providers { cloudfoundry = { source = "cloudfoundry-community/cloudfoundry" - version = "0.53.0" + version = "0.53.1" } } diff --git a/terraform/production/main.tf b/terraform/production/main.tf index 5a2c520b1..c4ca005f5 100644 --- a/terraform/production/main.tf +++ b/terraform/production/main.tf @@ -1,38 +1,46 @@ locals { - cf_org_name = "gsa-tts-benefits-studio" - cf_space_name = "notify-production" - env = "production" - app_name = "notify-api" - recursive_delete = false + cf_org_name = "gsa-tts-benefits-studio" + cf_space_name = "notify-production" + env = "production" + app_name = "notify-api" + delete_recursive_allowed = false +} + +data "cloudfoundry_space" "production" { + org_name = local.cf_org_name + name = local.cf_space_name +} + +resource "cloudfoundry_space" "notify-production" { + delete_recursive_allowed = local.delete_recursive_allowed + name = local.cf_space_name + org = data.cloudfoundry_org.org.id } module "database" { source = "github.com/18f/terraform-cloudgov//database?ref=v0.7.1" - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - name = "${local.app_name}-rds-${local.env}" - recursive_delete = local.recursive_delete - rds_plan_name = "small-psql-redundant" + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + name = "${local.app_name}-rds-${local.env}" + rds_plan_name = "small-psql-redundant" } module "redis" { source = "github.com/18f/terraform-cloudgov//redis?ref=v0.7.1" - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - name = "${local.app_name}-redis-${local.env}" - recursive_delete = local.recursive_delete - redis_plan_name = "redis-3node-large" + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + name = "${local.app_name}-redis-${local.env}" + redis_plan_name = "redis-3node-large" } module "csv_upload_bucket" { source = "github.com/18f/terraform-cloudgov//s3?ref=v0.7.1" - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - recursive_delete = local.recursive_delete - name = "${local.app_name}-csv-upload-bucket-${local.env}" + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + name = "${local.app_name}-csv-upload-bucket-${local.env}" } module "egress-space" { @@ -40,6 +48,7 @@ module "egress-space" { cf_org_name = local.cf_org_name cf_restricted_space_name = local.cf_space_name + delete_recursive_allowed = local.delete_recursive_allowed deployers = [ var.cf_user ] @@ -48,25 +57,25 @@ module "egress-space" { module "ses_email" { source = "../shared/ses" - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - name = "${local.app_name}-ses-${local.env}" - recursive_delete = local.recursive_delete - aws_region = "us-gov-west-1" - email_domain = "notify.gov" - mail_from_subdomain = "mail" - email_receipt_error = "notify-support@gsa.gov" + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + name = "${local.app_name}-ses-${local.env}" + aws_region = "us-gov-west-1" + email_domain = "notify.gov" + mail_from_subdomain = "mail" + email_receipt_error = "notify-support@gsa.gov" + delete_recursive_allowed = local.delete_recursive_allowed } module "sns_sms" { source = "../shared/sns" - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - name = "${local.app_name}-sns-${local.env}" - recursive_delete = local.recursive_delete - aws_region = "us-gov-west-1" - monthly_spend_limit = 1000 + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + name = "${local.app_name}-sns-${local.env}" + aws_region = "us-gov-west-1" + monthly_spend_limit = 1000 + delete_recursive_allowed = local.delete_recursive_allowed } ########################################################################### diff --git a/terraform/production/providers.tf b/terraform/production/providers.tf index 499759f48..b5c45f63e 100644 --- a/terraform/production/providers.tf +++ b/terraform/production/providers.tf @@ -3,7 +3,7 @@ terraform { required_providers { cloudfoundry = { source = "cloudfoundry-community/cloudfoundry" - version = "0.53.0" + version = "0.53.1" } } diff --git a/terraform/shared/egress_space/main.tf b/terraform/shared/egress_space/main.tf index 5d4b53354..066f0ba58 100644 --- a/terraform/shared/egress_space/main.tf +++ b/terraform/shared/egress_space/main.tf @@ -11,7 +11,7 @@ data "cloudfoundry_org" "org" { ### resource "cloudfoundry_space" "public_egress" { - delete_recursive_allowed = false + delete_recursive_allowed = var.delete_recursive_allowed name = "${var.cf_restricted_space_name}-egress" org = data.cloudfoundry_org.org.id } diff --git a/terraform/shared/ses/main.tf b/terraform/shared/ses/main.tf index 4c1bb54b9..1bee9a74a 100644 --- a/terraform/shared/ses/main.tf +++ b/terraform/shared/ses/main.tf @@ -7,6 +7,15 @@ data "cloudfoundry_space" "space" { name = var.cf_space_name } +### +# SES Space +### +resource "cloudfoundry_space" "cf_ses_service_space" { + delete_recursive_allowed = var.delete_recursive_allowed + name = data.cloudfoundry_space.space.name + org = data.cloudfoundry_org.org.id +} + ### # SES instance ### diff --git a/terraform/shared/ses/variables.tf b/terraform/shared/ses/variables.tf index a92261656..35e8cad8c 100644 --- a/terraform/shared/ses/variables.tf +++ b/terraform/shared/ses/variables.tf @@ -34,3 +34,9 @@ variable "mail_from_subdomain" { description = "Subdomain of email_domain to set as the mail-from header" default = "" } + +variable "delete_recursive_allowed" { + type = bool + default = true + description = "Flag for allowing resources to be recursively deleted - not recommended in production environments" +} diff --git a/terraform/shared/sns/main.tf b/terraform/shared/sns/main.tf index aa0079f92..2df89907d 100644 --- a/terraform/shared/sns/main.tf +++ b/terraform/shared/sns/main.tf @@ -7,6 +7,15 @@ data "cloudfoundry_space" "space" { name = var.cf_space_name } +### +# SNS Space +### +resource "cloudfoundry_space" "cf_sns_service_space" { + delete_recursive_allowed = var.delete_recursive_allowed + name = data.cloudfoundry_space.space.name + org = data.cloudfoundry_org.org.id +} + ### # SES instance ### diff --git a/terraform/shared/sns/variables.tf b/terraform/shared/sns/variables.tf index acf7c5010..801e41504 100644 --- a/terraform/shared/sns/variables.tf +++ b/terraform/shared/sns/variables.tf @@ -22,3 +22,9 @@ variable "monthly_spend_limit" { type = number description = "SMS budget limit in USD. Support request must be made before raising above 1" } + +variable "delete_recursive_allowed" { + type = bool + default = true + description = "Flag for allowing resources to be recursively deleted - not recommended in production environments" +} From ef46ddcb37d2ee4394c72a9d4574674226707837 Mon Sep 17 00:00:00 2001 From: Carlo Costino Date: Tue, 12 Mar 2024 14:19:59 -0400 Subject: [PATCH 03/11] Fixed reference to the Cloud Foundry org instead of space Signed-off-by: Carlo Costino --- terraform/shared/ses/main.tf | 5 ++--- terraform/shared/sns/main.tf | 5 ++--- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/terraform/shared/ses/main.tf b/terraform/shared/ses/main.tf index 1bee9a74a..174704d01 100644 --- a/terraform/shared/ses/main.tf +++ b/terraform/shared/ses/main.tf @@ -2,9 +2,8 @@ # Target space/org ### -data "cloudfoundry_space" "space" { - org_name = var.cf_org_name - name = var.cf_space_name +data "cloudfoundry_org" "org" { + name = var.cf_org_name } ### diff --git a/terraform/shared/sns/main.tf b/terraform/shared/sns/main.tf index 2df89907d..57d85e562 100644 --- a/terraform/shared/sns/main.tf +++ b/terraform/shared/sns/main.tf @@ -2,9 +2,8 @@ # Target space/org ### -data "cloudfoundry_space" "space" { - org_name = var.cf_org_name - name = var.cf_space_name +data "cloudfoundry_org" "org" { + name = var.cf_org_name } ### From 68fa12340ad4ad236cb7e9bba5072dda16971aa8 Mon Sep 17 00:00:00 2001 From: Carlo Costino Date: Tue, 12 Mar 2024 14:22:58 -0400 Subject: [PATCH 04/11] Add space data back in - we still need it! Signed-off-by: Carlo Costino --- terraform/shared/ses/main.tf | 5 +++++ terraform/shared/sns/main.tf | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/terraform/shared/ses/main.tf b/terraform/shared/ses/main.tf index 174704d01..764cd3999 100644 --- a/terraform/shared/ses/main.tf +++ b/terraform/shared/ses/main.tf @@ -6,6 +6,11 @@ data "cloudfoundry_org" "org" { name = var.cf_org_name } +data "cloudfoundry_space" "space" { + org_name = var.cf_org_name + name = var.cf_space_name +} + ### # SES Space ### diff --git a/terraform/shared/sns/main.tf b/terraform/shared/sns/main.tf index 57d85e562..46319581f 100644 --- a/terraform/shared/sns/main.tf +++ b/terraform/shared/sns/main.tf @@ -6,6 +6,11 @@ data "cloudfoundry_org" "org" { name = var.cf_org_name } +data "cloudfoundry_space" "space" { + org_name = var.cf_org_name + name = var.cf_space_name +} + ### # SNS Space ### From f0e66886d21dc2c41f8c53db4477834ce7432ae1 Mon Sep 17 00:00:00 2001 From: Carlo Costino Date: Tue, 12 Mar 2024 14:26:28 -0400 Subject: [PATCH 05/11] Adding missing variable for egress_space Signed-off-by: Carlo Costino --- terraform/shared/egress_space/variables.tf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/terraform/shared/egress_space/variables.tf b/terraform/shared/egress_space/variables.tf index 45bcc717d..6325fa7cf 100644 --- a/terraform/shared/egress_space/variables.tf +++ b/terraform/shared/egress_space/variables.tf @@ -3,3 +3,9 @@ variable "cf_restricted_space_name" {} variable "deployers" { type = set(string) } + +variable "delete_recursive_allowed" { + type = bool + default = true + description = "Flag for allowing resources to be recursively deleted - not recommended in production environments" +} From 111135a9b6a93970117f3868e4bcb5813d5b2904 Mon Sep 17 00:00:00 2001 From: Cliff Hill Date: Tue, 12 Mar 2024 15:05:34 -0400 Subject: [PATCH 06/11] Helping the migration succeed! Signed-off-by: Cliff Hill --- migrations/versions/0410_enums_for_everything.py | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/migrations/versions/0410_enums_for_everything.py b/migrations/versions/0410_enums_for_everything.py index e34a3621a..b6c9042c6 100644 --- a/migrations/versions/0410_enums_for_everything.py +++ b/migrations/versions/0410_enums_for_everything.py @@ -468,6 +468,19 @@ def upgrade(): existing_nullable=False, postgresql_using=enum_using("notification_type", NotificationType), ) + # Clobbering bad data here. These are values we don't use any more, and anything with them is unnecessary. + op.execute(""" + delete from + service_permissions + where + permission in ( + 'letter', + 'letters_as_pdf', + 'upload_letters', + 'international_letters', + 'broadcast' + ); + """) op.alter_column( "service_permissions", "permission", From 15f8be7aee0ffb97033c5b22c881fd45b65f1a72 Mon Sep 17 00:00:00 2001 From: Carlo Costino Date: Wed, 13 Mar 2024 09:51:41 -0400 Subject: [PATCH 07/11] Explicitly add allow_ssh flag and disable for production This will also ensure any drift is picked up by our infrastructure verification checks Signed-off-by: Carlo Costino --- terraform/production/main.tf | 5 +++++ terraform/shared/egress_space/main.tf | 1 + terraform/shared/egress_space/variables.tf | 6 ++++++ terraform/shared/ses/main.tf | 1 + terraform/shared/ses/variables.tf | 6 ++++++ terraform/shared/sns/main.tf | 1 + terraform/shared/sns/variables.tf | 6 ++++++ 7 files changed, 26 insertions(+) diff --git a/terraform/production/main.tf b/terraform/production/main.tf index c4ca005f5..e2c321d37 100644 --- a/terraform/production/main.tf +++ b/terraform/production/main.tf @@ -4,6 +4,7 @@ locals { env = "production" app_name = "notify-api" delete_recursive_allowed = false + allow_ssh = false } data "cloudfoundry_space" "production" { @@ -12,6 +13,7 @@ data "cloudfoundry_space" "production" { } resource "cloudfoundry_space" "notify-production" { + allow_ssh = local.allow_ssh delete_recursive_allowed = local.delete_recursive_allowed name = local.cf_space_name org = data.cloudfoundry_org.org.id @@ -46,6 +48,7 @@ module "csv_upload_bucket" { module "egress-space" { source = "../shared/egress_space" + allow_ssh = local.allow_ssh cf_org_name = local.cf_org_name cf_restricted_space_name = local.cf_space_name delete_recursive_allowed = local.delete_recursive_allowed @@ -57,6 +60,7 @@ module "egress-space" { module "ses_email" { source = "../shared/ses" + allow_ssh = local.allow_ssh cf_org_name = local.cf_org_name cf_space_name = local.cf_space_name name = "${local.app_name}-ses-${local.env}" @@ -70,6 +74,7 @@ module "ses_email" { module "sns_sms" { source = "../shared/sns" + allow_ssh = local.allow_ssh cf_org_name = local.cf_org_name cf_space_name = local.cf_space_name name = "${local.app_name}-sns-${local.env}" diff --git a/terraform/shared/egress_space/main.tf b/terraform/shared/egress_space/main.tf index 066f0ba58..cc91e9c42 100644 --- a/terraform/shared/egress_space/main.tf +++ b/terraform/shared/egress_space/main.tf @@ -11,6 +11,7 @@ data "cloudfoundry_org" "org" { ### resource "cloudfoundry_space" "public_egress" { + allow_ssh = var.allow_ssh delete_recursive_allowed = var.delete_recursive_allowed name = "${var.cf_restricted_space_name}-egress" org = data.cloudfoundry_org.org.id diff --git a/terraform/shared/egress_space/variables.tf b/terraform/shared/egress_space/variables.tf index 6325fa7cf..5bdff893f 100644 --- a/terraform/shared/egress_space/variables.tf +++ b/terraform/shared/egress_space/variables.tf @@ -9,3 +9,9 @@ variable "delete_recursive_allowed" { default = true description = "Flag for allowing resources to be recursively deleted - not recommended in production environments" } + +variable "allow_ssh" { + type = bool + default = true + description = "Flag for allowing SSH access in a space - not recommended in production environments" +} diff --git a/terraform/shared/ses/main.tf b/terraform/shared/ses/main.tf index 764cd3999..0661d1089 100644 --- a/terraform/shared/ses/main.tf +++ b/terraform/shared/ses/main.tf @@ -15,6 +15,7 @@ data "cloudfoundry_space" "space" { # SES Space ### resource "cloudfoundry_space" "cf_ses_service_space" { + allow_ssh = var.allow_ssh delete_recursive_allowed = var.delete_recursive_allowed name = data.cloudfoundry_space.space.name org = data.cloudfoundry_org.org.id diff --git a/terraform/shared/ses/variables.tf b/terraform/shared/ses/variables.tf index 35e8cad8c..e6a1b2b62 100644 --- a/terraform/shared/ses/variables.tf +++ b/terraform/shared/ses/variables.tf @@ -40,3 +40,9 @@ variable "delete_recursive_allowed" { default = true description = "Flag for allowing resources to be recursively deleted - not recommended in production environments" } + +variable "allow_ssh" { + type = bool + default = true + description = "Flag for allowing SSH access in a space - not recommended in production environments" +} diff --git a/terraform/shared/sns/main.tf b/terraform/shared/sns/main.tf index 46319581f..a00171a98 100644 --- a/terraform/shared/sns/main.tf +++ b/terraform/shared/sns/main.tf @@ -15,6 +15,7 @@ data "cloudfoundry_space" "space" { # SNS Space ### resource "cloudfoundry_space" "cf_sns_service_space" { + allow_ssh = var.allow_ssh delete_recursive_allowed = var.delete_recursive_allowed name = data.cloudfoundry_space.space.name org = data.cloudfoundry_org.org.id diff --git a/terraform/shared/sns/variables.tf b/terraform/shared/sns/variables.tf index 801e41504..d75ddeda3 100644 --- a/terraform/shared/sns/variables.tf +++ b/terraform/shared/sns/variables.tf @@ -28,3 +28,9 @@ variable "delete_recursive_allowed" { default = true description = "Flag for allowing resources to be recursively deleted - not recommended in production environments" } + +variable "allow_ssh" { + type = bool + default = true + description = "Flag for allowing SSH access in a space - not recommended in production environments" +} From 1484c2ffa0b9253632fa5f0ae630b06860595360 Mon Sep 17 00:00:00 2001 From: Carlo Costino Date: Wed, 13 Mar 2024 10:05:02 -0400 Subject: [PATCH 08/11] Adjust properties further to only apply to spaces The SES and SNS modules are strictly for services that are instantiated within a space, while the egress_space is creating a separate space. The shift of the recursive delete from being on a service to being at the space level means that the SES and SNS modules do not have to track it at all, it should only be handled at the space level. The same goes for the allow_ssh flag. Signed-off-by: Carlo Costino --- terraform/demo/main.tf | 24 +++++++++++------------- terraform/production/main.tf | 28 ++++++++++++---------------- terraform/shared/ses/main.tf | 10 ---------- terraform/shared/ses/variables.tf | 12 ------------ terraform/shared/sns/main.tf | 10 ---------- terraform/shared/sns/variables.tf | 12 ------------ 6 files changed, 23 insertions(+), 73 deletions(-) diff --git a/terraform/demo/main.tf b/terraform/demo/main.tf index 5f3f8525e..0ac491fc5 100644 --- a/terraform/demo/main.tf +++ b/terraform/demo/main.tf @@ -58,22 +58,20 @@ module "egress-space" { module "ses_email" { source = "../shared/ses" - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - name = "${local.app_name}-ses-${local.env}" - aws_region = "us-west-2" - email_domain = "notify.sandbox.10x.gsa.gov" - email_receipt_error = "notify-support@gsa.gov" - delete_recursive_allowed = local.delete_recursive_allowed + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + name = "${local.app_name}-ses-${local.env}" + aws_region = "us-west-2" + email_domain = "notify.sandbox.10x.gsa.gov" + email_receipt_error = "notify-support@gsa.gov" } module "sns_sms" { source = "../shared/sns" - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - name = "${local.app_name}-sns-${local.env}" - aws_region = "us-east-1" - monthly_spend_limit = 25 - delete_recursive_allowed = local.delete_recursive_allowed + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + name = "${local.app_name}-sns-${local.env}" + aws_region = "us-east-1" + monthly_spend_limit = 25 } diff --git a/terraform/production/main.tf b/terraform/production/main.tf index e2c321d37..f7fc93d68 100644 --- a/terraform/production/main.tf +++ b/terraform/production/main.tf @@ -60,27 +60,23 @@ module "egress-space" { module "ses_email" { source = "../shared/ses" - allow_ssh = local.allow_ssh - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - name = "${local.app_name}-ses-${local.env}" - aws_region = "us-gov-west-1" - email_domain = "notify.gov" - mail_from_subdomain = "mail" - email_receipt_error = "notify-support@gsa.gov" - delete_recursive_allowed = local.delete_recursive_allowed + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + name = "${local.app_name}-ses-${local.env}" + aws_region = "us-gov-west-1" + email_domain = "notify.gov" + mail_from_subdomain = "mail" + email_receipt_error = "notify-support@gsa.gov" } module "sns_sms" { source = "../shared/sns" - allow_ssh = local.allow_ssh - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - name = "${local.app_name}-sns-${local.env}" - aws_region = "us-gov-west-1" - monthly_spend_limit = 1000 - delete_recursive_allowed = local.delete_recursive_allowed + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + name = "${local.app_name}-sns-${local.env}" + aws_region = "us-gov-west-1" + monthly_spend_limit = 1000 } ########################################################################### diff --git a/terraform/shared/ses/main.tf b/terraform/shared/ses/main.tf index 0661d1089..80c40042b 100644 --- a/terraform/shared/ses/main.tf +++ b/terraform/shared/ses/main.tf @@ -11,16 +11,6 @@ data "cloudfoundry_space" "space" { name = var.cf_space_name } -### -# SES Space -### -resource "cloudfoundry_space" "cf_ses_service_space" { - allow_ssh = var.allow_ssh - delete_recursive_allowed = var.delete_recursive_allowed - name = data.cloudfoundry_space.space.name - org = data.cloudfoundry_org.org.id -} - ### # SES instance ### diff --git a/terraform/shared/ses/variables.tf b/terraform/shared/ses/variables.tf index e6a1b2b62..a92261656 100644 --- a/terraform/shared/ses/variables.tf +++ b/terraform/shared/ses/variables.tf @@ -34,15 +34,3 @@ variable "mail_from_subdomain" { description = "Subdomain of email_domain to set as the mail-from header" default = "" } - -variable "delete_recursive_allowed" { - type = bool - default = true - description = "Flag for allowing resources to be recursively deleted - not recommended in production environments" -} - -variable "allow_ssh" { - type = bool - default = true - description = "Flag for allowing SSH access in a space - not recommended in production environments" -} diff --git a/terraform/shared/sns/main.tf b/terraform/shared/sns/main.tf index a00171a98..73cb8a815 100644 --- a/terraform/shared/sns/main.tf +++ b/terraform/shared/sns/main.tf @@ -11,16 +11,6 @@ data "cloudfoundry_space" "space" { name = var.cf_space_name } -### -# SNS Space -### -resource "cloudfoundry_space" "cf_sns_service_space" { - allow_ssh = var.allow_ssh - delete_recursive_allowed = var.delete_recursive_allowed - name = data.cloudfoundry_space.space.name - org = data.cloudfoundry_org.org.id -} - ### # SES instance ### diff --git a/terraform/shared/sns/variables.tf b/terraform/shared/sns/variables.tf index d75ddeda3..acf7c5010 100644 --- a/terraform/shared/sns/variables.tf +++ b/terraform/shared/sns/variables.tf @@ -22,15 +22,3 @@ variable "monthly_spend_limit" { type = number description = "SMS budget limit in USD. Support request must be made before raising above 1" } - -variable "delete_recursive_allowed" { - type = bool - default = true - description = "Flag for allowing resources to be recursively deleted - not recommended in production environments" -} - -variable "allow_ssh" { - type = bool - default = true - description = "Flag for allowing SSH access in a space - not recommended in production environments" -} From 0404348ec0738117be93e3850732da8570513224 Mon Sep 17 00:00:00 2001 From: Carlo Costino Date: Wed, 13 Mar 2024 10:12:54 -0400 Subject: [PATCH 09/11] Removed last bit of extraneous config that is not needed Signed-off-by: Carlo Costino --- terraform/shared/ses/main.tf | 4 ---- terraform/shared/sns/main.tf | 4 ---- 2 files changed, 8 deletions(-) diff --git a/terraform/shared/ses/main.tf b/terraform/shared/ses/main.tf index 80c40042b..4c1bb54b9 100644 --- a/terraform/shared/ses/main.tf +++ b/terraform/shared/ses/main.tf @@ -2,10 +2,6 @@ # Target space/org ### -data "cloudfoundry_org" "org" { - name = var.cf_org_name -} - data "cloudfoundry_space" "space" { org_name = var.cf_org_name name = var.cf_space_name diff --git a/terraform/shared/sns/main.tf b/terraform/shared/sns/main.tf index 73cb8a815..aa0079f92 100644 --- a/terraform/shared/sns/main.tf +++ b/terraform/shared/sns/main.tf @@ -2,10 +2,6 @@ # Target space/org ### -data "cloudfoundry_org" "org" { - name = var.cf_org_name -} - data "cloudfoundry_space" "space" { org_name = var.cf_org_name name = var.cf_space_name From 9d60e6e8b7350f825215caf68a2f0f4b9050b468 Mon Sep 17 00:00:00 2001 From: Carlo Costino Date: Wed, 13 Mar 2024 11:26:01 -0400 Subject: [PATCH 10/11] Fix reference to CF org vs. space This changeset fixes a reference to properly load the Cloud Foundry org for modifying the space. Signed-off-by: Carlo Costino --- terraform/demo/main.tf | 5 ++--- terraform/production/main.tf | 5 ++--- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/terraform/demo/main.tf b/terraform/demo/main.tf index 0ac491fc5..e594264c2 100644 --- a/terraform/demo/main.tf +++ b/terraform/demo/main.tf @@ -6,9 +6,8 @@ locals { delete_recursive_allowed = false } -data "cloudfoundry_space" "demo" { - org_name = local.cf_org_name - name = local.cf_space_name +data "cloudfoundry_org" "org" { + name = local.cf_org_name } resource "cloudfoundry_space" "notify-demo" { diff --git a/terraform/production/main.tf b/terraform/production/main.tf index f7fc93d68..ff1daad88 100644 --- a/terraform/production/main.tf +++ b/terraform/production/main.tf @@ -7,9 +7,8 @@ locals { allow_ssh = false } -data "cloudfoundry_space" "production" { - org_name = local.cf_org_name - name = local.cf_space_name +data "cloudfoundry_org" "org" { + name = local.cf_org_name } resource "cloudfoundry_space" "notify-production" { From a8640a65b6f73c89866d75b1918e41ca6c1577c1 Mon Sep 17 00:00:00 2001 From: Kenneth Kehl <@kkehl@flexion.us> Date: Wed, 13 Mar 2024 10:52:55 -0700 Subject: [PATCH 11/11] fix email notifications missing personalisation (notify-api-853) --- app/organization/rest.py | 9 +++++++++ app/user/rest.py | 27 +++++++++++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/app/organization/rest.py b/app/organization/rest.py index 7ca9eec8a..8da757cbc 100644 --- a/app/organization/rest.py +++ b/app/organization/rest.py @@ -1,6 +1,9 @@ +import json + from flask import Blueprint, abort, current_app, jsonify, request from sqlalchemy.exc import IntegrityError +from app import redis_store from app.config import QueueNames from app.dao.annual_billing_dao import set_default_free_allowance_for_service from app.dao.dao_utils import transaction @@ -210,6 +213,12 @@ def send_notifications_on_mou_signed(organization_id): reply_to_text=notify_service.get_default_reply_to_email_address(), ) saved_notification.personalisation = personalisation + + redis_store.set( + f"email-personalisation-{saved_notification.id}", + json.dumps(personalisation), + ex=60 * 60, + ) send_notification_to_queue(saved_notification, queue=QueueNames.NOTIFY) personalisation = { diff --git a/app/user/rest.py b/app/user/rest.py index 09ffa17c6..2cbbb9b25 100644 --- a/app/user/rest.py +++ b/app/user/rest.py @@ -140,6 +140,11 @@ def update_user_attribute(user_id): ) saved_notification.personalisation = personalisation + redis_store.set( + f"email-personalisation-{saved_notification.id}", + json.dumps(personalisation), + ex=60 * 60, + ) send_notification_to_queue(saved_notification, queue=QueueNames.NOTIFY) return jsonify(data=user_to_update.serialize()), 200 @@ -361,6 +366,12 @@ def create_2fa_code( # Assume that we never want to observe the Notify service's research mode # setting for this notification - we still need to be able to log into the # admin even if we're doing user research using this service: + + redis_store.set( + f"email-personalisation-{saved_notification.id}", + json.dumps(personalisation), + ex=60 * 60, + ) send_notification_to_queue(saved_notification, queue=QueueNames.NOTIFY) @@ -394,6 +405,11 @@ def send_user_confirm_new_email(user_id): ) saved_notification.personalisation = personalisation + redis_store.set( + f"email-personalisation-{saved_notification.id}", + json.dumps(personalisation), + ex=60 * 60, + ) send_notification_to_queue(saved_notification, queue=QueueNames.NOTIFY) return jsonify({}), 204 @@ -487,6 +503,12 @@ def send_already_registered_email(user_id): current_app.logger.info("Sending notification to queue") + redis_store.set( + f"email-personalisation-{saved_notification.id}", + json.dumps(personalisation), + ex=60 * 60, + ) + send_notification_to_queue(saved_notification, queue=QueueNames.NOTIFY) current_app.logger.info("Sent notification to queue") @@ -614,6 +636,11 @@ def send_user_reset_password(): ) saved_notification.personalisation = personalisation + redis_store.set( + f"email-personalisation-{saved_notification.id}", + json.dumps(personalisation), + ex=60 * 60, + ) send_notification_to_queue(saved_notification, queue=QueueNames.NOTIFY) return jsonify({}), 204