darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2026-05-06 00:59:41 -04:00
Code Issues Packages Projects Releases Wiki Activity

merge from main

Browse Source
This commit is contained in:
Kenneth Kehl
2023-05-04 12:04:56 -07:00
parent 8865e706ea 881f479417
commit 55ab88a581
6 changed files with 71 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/actions/deploy-proxy/action.yml vendored
View File

@@ -12,7 +12,7 @@ inputs:
default: https://github.com/GSA-TTS/cg-egress-proxy.git
proxy_version:
description: git ref to be deployed
default: cflinuxfs4-deploy
default: main
runs:
using: composite
steps:

6
Pipfile
View File

@@ -15,7 +15,7 @@ bcrypt = "==3.2.2"
beautifulsoup4 = "==4.11.1"
billiard = "==3.6.4.0"
bleach = "==4.1.0"
blinker = "==1.4"
blinker = "~=1.4"
boto3 = "==1.23.8"
botocore = "==1.26.8"
cachetools = "==5.1.0"
@@ -35,7 +35,7 @@ dnspython = "==2.2.1"
docopt = "==0.6.2"
docutils = "==0.16"
eventlet = "==0.33.1"
flask = "~=2.2"
flask = "~=2.3"
flask-bcrypt = "==1.0.1"
flask-marshmallow = "==0.14.0"
flask-migrate = "==3.1.0"
@@ -54,7 +54,7 @@ psycopg2-binary = "==2.9.3"
pyjwt = "==2.4.0"
python-dotenv = "==0.20.0"
sqlalchemy = "==1.4.40"
werkzeug = "~=2.2"
werkzeug = "~=2.3"
# gds metrics packages
prometheus-client = "==0.14.1"
gds-metrics = {version = "==0.2.4", ref = "6f1840a57b6fb1ee40b7e84f2f18ec229de8aa72", git = "https://github.com/alphagov/gds_metrics_python.git"}

37
Pipfile.lock generated
View File

@@ -1,7 +1,7 @@
{
"_meta": {
"hash": {
"sha256": "b58a7407ba322daf10ca83357dc35a7af28bac028fa04475d56f8c53d93b3028"
"sha256": "cec76bad3c666e613f7b6ef7da68232b923ae8855fa9d302446ac5f9843b634f"
},
"pipfile-spec": 6,
"requires": {
@@ -115,10 +115,11 @@
},
"blinker": {
"hashes": [
"sha256:471aee25f3992bd325afa3772f1063dbdbbca947a041b8b89466dc00d606f8b6"
"sha256:4afd3de66ef3a9f8067559fb7a1cbe555c17dcbe15971b05d1b625c3e7abe213",
"sha256:c3d739772abb7bc2860abf5f2ec284223d9ad5c76da018234f6f50d6f31ab1f0"
],
"index": "pypi",
"version": "==1.4"
"version": "==1.6.2"
},
"boto3": {
"hashes": [
@@ -349,11 +350,11 @@
},
"flask": {
"hashes": [
"sha256:13f6329ddbfff11340939cd11919daf150a01358ded4b7e81c03c055dfecb559",
"sha256:77504c4c097f56ac5f29b00f9009213010cf9d2923a288c0e0564a5db2bb53d6"
"sha256:77fd4e1249d8c9923de34907236b747ced06e5467ecac1a7bb7115ae0e9670b0",
"sha256:8c2f9abd47a9e8df7f0c3f091ce9497d011dc3b31effcf4c85a6e2b50f4114ef"
],
"index": "pypi",
"version": "==2.2.4"
"version": "==2.3.2"
},
"flask-bcrypt": {
"hashes": [
@@ -1061,11 +1062,11 @@
},
"requests": {
"hashes": [
"sha256:e8f3c9be120d3333921d213eef078af392fba3933ab7ed2d1cba3b56f2568c3b",
"sha256:f2e34a75f4749019bb0e3effb66683630e4ffeaf75819fb51bebef1bf5aef059"
"sha256:10e94cc4f3121ee6da529d358cdaeaff2f1c409cd377dbc72b825852f2f7e294",
"sha256:239d7d4458afcb28a692cdd298d87542235f4ca8d36d03a15bfc128a6559a2f4"
],
"markers": "python_version >= '3.7'",
"version": "==2.29.0"
"version": "==2.30.0"
},
"rfc3339-validator": {
"hashes": [
@@ -1267,11 +1268,11 @@
},
"werkzeug": {
"hashes": [
"sha256:2f3278e9ef61511cdf82cc28fc5da0f5b501dd8f01ecf5ef6a5d810048f68702",
"sha256:b7b8bc1609f35ae8e45d48a9b58d7a4eb1e41eec148d37e977e5df6ebf3398b2"
"sha256:4866679a0722de00796a74086238bb3b98d90f423f05de039abb09315487254a",
"sha256:a987caf1092edc7523edb139edb20c70571c4a8d5eed02e0b547b4739174d091"
],
"index": "pypi",
"version": "==2.3.2"
"version": "==2.3.3"
},
"wrapt": {
"hashes": [
@@ -2074,11 +2075,11 @@
},
"requests": {
"hashes": [
"sha256:e8f3c9be120d3333921d213eef078af392fba3933ab7ed2d1cba3b56f2568c3b",
"sha256:f2e34a75f4749019bb0e3effb66683630e4ffeaf75819fb51bebef1bf5aef059"
"sha256:10e94cc4f3121ee6da529d358cdaeaff2f1c409cd377dbc72b825852f2f7e294",
"sha256:239d7d4458afcb28a692cdd298d87542235f4ca8d36d03a15bfc128a6559a2f4"
],
"markers": "python_version >= '3.7'",
"version": "==2.29.0"
"version": "==2.30.0"
},
"requests-mock": {
"hashes": [
@@ -2190,11 +2191,11 @@
},
"werkzeug": {
"hashes": [
"sha256:2f3278e9ef61511cdf82cc28fc5da0f5b501dd8f01ecf5ef6a5d810048f68702",
"sha256:b7b8bc1609f35ae8e45d48a9b58d7a4eb1e41eec148d37e977e5df6ebf3398b2"
"sha256:4866679a0722de00796a74086238bb3b98d90f423f05de039abb09315487254a",
"sha256:a987caf1092edc7523edb139edb20c70571c4a8d5eed02e0b547b4739174d091"
],
"index": "pypi",
"version": "==2.3.2"
"version": "==2.3.3"
},
"xmltodict": {
"hashes": [

11
README.md
View File

@@ -44,10 +44,15 @@ Our other repositories are:
### Common steps
On MacOS, using [Homebrew](https://brew.sh/) for package management is highly recommended. This helps avoid some known installation issues.
1. Install pre-requisites for setup:
* [jq](https://stedolan.github.io/jq/): `brew install jq`
* [terraform](https://www.terraform.io/): `brew install terraform` or `brew install tfenv` and use `tfenv` to install `terraform ~> 1.4.0`
* [cf-cli@8](https://docs.cloudfoundry.org/cf-cli/install-go-cli.html): `brew install cloudfoundry/tap/cf-cli@8`
* [postgresql](https://www.postgresql.org/): `brew install postgresql@15` (Homebrew requires a version pin, but any recent version will work)
* [redis](https://redis.io/): `brew install redis`
* [pyenv](https://github.com/pyenv/pyenv): `brew install pyenv`
1. [Log into cloud.gov](https://cloud.gov/docs/getting-started/setup/#set-up-the-command-line): `cf login -a api.fr.cloud.gov --sso`
1. Ensure you have access to the `notify-local-dev` and `notify-staging` spaces in cloud.gov
1. Run the development terraform with:
@@ -111,6 +116,12 @@ If you're working in VS Code, you can also leverage Docker for a containerized d
NOTE: when you change .env in the future, you'll need to rebuild the devcontainer for the change to take effect. VS Code _should_ detect the change and prompt you with a toast notification during a cached build. If not, you can find a manual rebuild in command pallette or just `docker rm` the notifications-api container.
### Known installation issues
On M1 Macs, if you get a `fatal error: 'Python.h' file not found` message, try a different method of installing Python. Installation via `pyenv` is known to work.
A direct installation of PostgreSQL will not put the `createdb` command on your `$PATH`. It can be added there in your shell startup script, or a Homebrew-managed installation of PostgreSQL will take care of it.
## License && public domain
Work through [commit `e604385`](https://github.com/GSA/notifications-api/commit/e604385e0cf4c2ab8c6451b7120ceb196cce21b5) is licensed by the UK government under the MIT license. Work after that commit is in the worldwide public domain. See [LICENSE.md](./LICENSE.md) for more information.

15
docs/message-sending-path.md Normal file
View File

@@ -0,0 +1,15 @@
# How messages are queued and sent
There are several ways for notifications to come into the API.
- Messages sent through the API enter through `app/notifications/post_notifications.py`
- One-off messages sent from the UI enter through `create_one_off_notification` in `app/service/rest.py`
- CSV uploads enter through `app/job/rest.py`
API messages and one-off UI messages come in one at a time, and take slightly-separate routes
that both end up at `persist_notification`, which writes to the database, and `provider_tasks.deliver_sms`,
which enqueues the sending.
For CSV uploads, the CSV is first stored in S3 and queued as a `Job`. When the job runs, it iterates
through the rows, running `process_job.save_sms` to send notifications through `persist_notification` and
`provider_tasks.deliver_sms`.

23
docs/run-book.md
View File

@@ -1,12 +1,16 @@
Run Book
========
Policies and Procedures needed before and during US Notify Operations
Policies and Procedures needed before and during US Notify Operations. Many of these policies are taken from the U.S. Notify System Security & Privacy Plan (SSPP).
Any changes to policies and procedures defined both here and in the SSPP must be kept in sync, and should be done collaboratively with the System ISSO and ISSM to ensure
that the security of the system is maintained.
1. [Alerts, Notifications, Monitoring](#alerts)
1. [Restaging Apps](#restaging-apps)
1. [Smoke-testing the App](#smoke-testing)
1. [Configuration Management](#cm)
1. [DNS Changes](#dns)
1. [Known Gotchas](#gotcha)
1. [User Account Management](#ac)
1. [SMS Phone Number Management](#phone-numbers)
@@ -19,6 +23,12 @@ Operational alerts are posted to the [#pb-notify-alerts](https://gsa-tts.slack.c
[Cloud.gov Logging](https://logs.fr.cloud.gov/) is used to view and search application and platform logs.
In addition to the application logs, there are several tables in the application that store useful information for audit logging purposes:
* `events`
* the various `*_history` tables
## <a name="restaging-apps"></a> Restaging Apps
Our apps must be restaged whenever cloud.gov releases updates to buildpacks. Cloud.gov will send email notifications whenever buildpack updates affect a deployed app.
@@ -103,6 +113,17 @@ US_Notify Administrators are responsible for ensuring that remediations for vuln
* Low - 180 days
* Informational - 365 days (depending on the analysis of the issue)
## <a name="dns"></a> DNS Changes
U.S. Notify DNS records are maintained within [the 18f/dns repository](https://github.com/18F/dns/blob/main/terraform/notify.gov.tf). To create new DNS records for notify.gov or any subdomains:
1. Update the `notify.gov.tf` terraform to update or create the new records within Route53 and push the branch to the 18f/dns repository.
1. Open a PR.
1. Verify that the plan output within circleci creates the records that you expect.
1. Request a PR review from the 18F/tts-tech-portfolio team
1. Once the PR is approved and merged, verify that the apply step happened correctly within [CircleCI](https://app.circleci.com/pipelines/github/18F/dns)
## <a name="gotcha"></a> Known Gotchas
### SSB Service Bindings are failing