darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2025-12-16 10:12:32 -05:00
Code Issues Packages Projects Releases Wiki Activity

Use credentials output by terraform/development

Browse Source
This commit is contained in:
Ryan Ahearn
2023-03-13 12:59:44 -04:00
parent 627149402c
commit 84e7e9b5cf
7 changed files with 24 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.github/workflows/checks.yml vendored
View File

@@ -13,8 +13,7 @@ env:
FLASK_APP: application.py FLASK_APP: application.py
WERKZEUG_DEBUG_PIN: off WERKZEUG_DEBUG_PIN: off
REDIS_ENABLED: 0 REDIS_ENABLED: 0
AWS_REGION: us-west-2 AWS_US_TOLL_FREE_NUMBER: "+18556438890"
AWS_US_TOLL_FREE_NUMBER: "+18446120782"
jobs: jobs:
build: build:

4
.github/workflows/daily_checks.yml vendored
View File

@@ -16,10 +16,8 @@ env:
NEW_RELIC_ENVIRONMENT: test NEW_RELIC_ENVIRONMENT: test
FLASK_APP: application.py FLASK_APP: application.py
WERKZEUG_DEBUG_PIN: off WERKZEUG_DEBUG_PIN: off
NOTIFY_EMAIL_DOMAIN: dispostable.com
REDIS_ENABLED: 0 REDIS_ENABLED: 0
AWS_REGION: us-west-2 AWS_US_TOLL_FREE_NUMBER: "+18556438890"
AWS_US_TOLL_FREE_NUMBER: "+18446120782"
jobs: jobs:
pip-audit: pip-audit:

17
app/cloudfoundry_config.py
View File

@@ -34,51 +34,52 @@ class CloudfoundryConfig:
@property @property
def ses_email_domain(self): def ses_email_domain(self):
try: try:
return self._ses_credentials('domain_arn').split('/')[-1] domain_arn = self._ses_credentials('domain_arn')
except KeyError: except KeyError:
return getenv('NOTIFY_EMAIL_DOMAIN', 'notify.sandbox.10x.gsa.gov') domain_arn = getenv('SES_DOMAIN_ARN', 'dev.notify.gov')
return domain_arn.split('/')[-1]
@property @property
def ses_region(self): def ses_region(self):
try: try:
return self._ses_credentials('region') return self._ses_credentials('region')
except KeyError: except KeyError:
return getenv('AWS_REGION') return getenv('SES_AWS_REGION', 'us-west-1')
@property @property
def ses_access_key(self): def ses_access_key(self):
try: try:
return self._ses_credentials('smtp_user') return self._ses_credentials('smtp_user')
except KeyError: except KeyError:
return getenv('AWS_ACCESS_KEY_ID') return getenv('SES_AWS_ACCESS_KEY_ID')
@property @property
def ses_secret_key(self): def ses_secret_key(self):
try: try:
return self._ses_credentials('secret_access_key') return self._ses_credentials('secret_access_key')
except KeyError: except KeyError:
return getenv('AWS_SECRET_ACCESS_KEY') return getenv('SES_AWS_SECRET_ACCESS_KEY')
@property @property
def sns_access_key(self): def sns_access_key(self):
try: try:
return self._sns_credentials('aws_access_key_id') return self._sns_credentials('aws_access_key_id')
except KeyError: except KeyError:
return getenv('AWS_ACCESS_KEY_ID') return getenv('SNS_AWS_ACCESS_KEY_ID')
@property @property
def sns_secret_key(self): def sns_secret_key(self):
try: try:
return self._sns_credentials('aws_secret_access_key') return self._sns_credentials('aws_secret_access_key')
except KeyError: except KeyError:
return getenv('AWS_SECRET_ACCESS_KEY') return getenv('SNS_AWS_SECRET_ACCESS_KEY')
@property @property
def sns_region(self): def sns_region(self):
try: try:
return self._sns_credentials('region') return self._sns_credentials('region')
except KeyError: except KeyError:
return getenv('AWS_REGION') return getenv('SNS_AWS_REGION', 'us-west-1')
@property @property
def sns_topic_arns(self): def sns_topic_arns(self):

18
app/config.py
View File

@@ -93,7 +93,6 @@ class Config(object):
EXPIRE_CACHE_EIGHT_DAYS = 8 * 24 * 60 * 60 EXPIRE_CACHE_EIGHT_DAYS = 8 * 24 * 60 * 60
# AWS Settings # AWS Settings
AWS_REGION = getenv('AWS_REGION')
AWS_US_TOLL_FREE_NUMBER = getenv("AWS_US_TOLL_FREE_NUMBER") AWS_US_TOLL_FREE_NUMBER = getenv("AWS_US_TOLL_FREE_NUMBER")
# Whether to ignore POSTs from SNS for replies to SMS we sent # Whether to ignore POSTs from SNS for replies to SMS we sent
RECEIVE_INBOUND_SMS = False RECEIVE_INBOUND_SMS = False
@@ -279,12 +278,12 @@ class Config(object):
DOCUMENT_DOWNLOAD_API_KEY = getenv('DOCUMENT_DOWNLOAD_API_KEY', 'auth-token') DOCUMENT_DOWNLOAD_API_KEY = getenv('DOCUMENT_DOWNLOAD_API_KEY', 'auth-token')
def _default_s3_credentials(bucket_name): def _s3_credentials_from_env(bucket_prefix):
return { return {
'bucket': bucket_name, 'bucket': getenv(f"{bucket_prefix}_BUCKET_NAME"),
'access_key_id': getenv('AWS_ACCESS_KEY_ID'), 'access_key_id': getenv(f"{bucket_prefix}_AWS_ACCESS_KEY_ID"),
'secret_access_key': getenv('AWS_SECRET_ACCESS_KEY'), 'secret_access_key': getenv(f"{bucket_prefix}_AWS_SECRET_ACCESS_KEY"),
'region': getenv('AWS_REGION') 'region': getenv(f"{bucket_prefix}_AWS_REGION")
} }
@@ -294,8 +293,8 @@ class Development(Config):
DVLA_EMAIL_ADDRESSES = ['success@simulator.amazonses.com'] DVLA_EMAIL_ADDRESSES = ['success@simulator.amazonses.com']
# Buckets # Buckets
CSV_UPLOAD_BUCKET = _default_s3_credentials('local-notifications-csv-upload') CSV_UPLOAD_BUCKET = _s3_credentials_from_env('CSV')
CONTACT_LIST_BUCKET = _default_s3_credentials('local-contact-list') CONTACT_LIST_BUCKET = _s3_credentials_from_env('CONTACT')
# credential overrides # credential overrides
DANGEROUS_SALT = 'development-notify-salt' DANGEROUS_SALT = 'development-notify-salt'
@@ -317,9 +316,6 @@ class Test(Development):
'10d1b9c9-0072-4fa9-ae1c-595e333841da', '10d1b9c9-0072-4fa9-ae1c-595e333841da',
] ]
CSV_UPLOAD_BUCKET = _default_s3_credentials('test-notifications-csv-upload')
CONTACT_LIST_BUCKET = _default_s3_credentials('test-contact-list')
# this is overriden in CI # this is overriden in CI
SQLALCHEMY_DATABASE_URI = getenv('SQLALCHEMY_DATABASE_TEST_URI') SQLALCHEMY_DATABASE_URI = getenv('SQLALCHEMY_DATABASE_TEST_URI')

6
tests/app/aws/test_s3.py
View File

@@ -3,9 +3,9 @@ from os import getenv
from app.aws.s3 import get_s3_file from app.aws.s3 import get_s3_file
default_access_key = getenv('AWS_ACCESS_KEY_ID') default_access_key = getenv('CSV_AWS_ACCESS_KEY_ID')
default_secret_key = getenv('AWS_SECRET_ACCESS_KEY') default_secret_key = getenv('CSV_AWS_SECRET_ACCESS_KEY')
default_region = getenv('AWS_REGION') default_region = getenv('CSV_AWS_REGION')
def single_s3_object_stub(key='foo', last_modified=None): def single_s3_object_stub(key='foo', last_modified=None):

2
tests/app/clients/test_aws_sns.py
View File

@@ -15,7 +15,7 @@ def test_send_sms_successful_returns_aws_sns_response(notify_api, mocker):
Message=content, Message=content,
MessageAttributes={ MessageAttributes={
'AWS.SNS.SMS.SMSType': {'DataType': 'String', 'StringValue': 'Transactional'}, 'AWS.SNS.SMS.SMSType': {'DataType': 'String', 'StringValue': 'Transactional'},
'AWS.MM.SMS.OriginationNumber': {'DataType': 'String', 'StringValue': '+18446120782'} 'AWS.MM.SMS.OriginationNumber': {'DataType': 'String', 'StringValue': '+18556438890'}
} }
) )

3
tests/app/delivery/test_send_to_providers.py
View File

@@ -11,6 +11,7 @@ from requests import HTTPError
import app import app
from app import aws_sns_client, notification_provider_clients from app import aws_sns_client, notification_provider_clients
from app.cloudfoundry_config import cloud_config
from app.dao import notifications_dao from app.dao import notifications_dao
from app.dao.provider_details_dao import get_provider_details_by_identifier from app.dao.provider_details_dao import get_provider_details_by_identifier
from app.delivery import send_to_providers from app.delivery import send_to_providers
@@ -164,7 +165,7 @@ def test_should_send_personalised_template_to_correct_email_provider_and_persist
) )
app.aws_ses_client.send_email.assert_called_once_with( app.aws_ses_client.send_email.assert_called_once_with(
'"Sample service" <sample.service@notify.sandbox.10x.gsa.gov>', f"\"Sample service\" <sample.service@{cloud_config.ses_email_domain}>",
'jo.smith@example.com', 'jo.smith@example.com',
'Jo <em>some HTML</em>', 'Jo <em>some HTML</em>',
body='Hello Jo\nThis is an email from GOV.\u200bUK with <em>some HTML</em>\n', body='Hello Jo\nThis is an email from GOV.\u200bUK with <em>some HTML</em>\n',