Merge pull request #508 from GSA/main

Production deploy 9/26/23
This commit is contained in:
Steven Reilly
2023-09-26 16:47:09 -04:00
committed by GitHub
6 changed files with 60 additions and 32 deletions

View File

@@ -22,8 +22,7 @@ jobs:
uses: actions/checkout@v3
with:
ref: main
with:
ssh-key: ${{ secrets.SSH_PRIVATE_KEY }}
ssh-key: ${{ secrets.SSH_PRIVATE_KEY }}
- name: get ADR number
id: next

View File

@@ -123,14 +123,18 @@ jobs:
run: make bootstrap
env:
SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api
NOTIFY_E2E_TEST_EMAIL: ${{ secrets.NOTIFY_E2E_TEST_EMAIL }}
NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD }}
NOTIFY_E2E_TEST_HTTP_AUTH_USER: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_USER }}
NOTIFY_E2E_TEST_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_PASSWORD }}
- name: Run server
run: make run-flask &
env:
SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api
- name: Run OWASP Baseline Scan
uses: zaproxy/action-api-scan@v0.4.0
uses: zaproxy/action-api-scan@v0.5.0
with:
docker_name: 'owasp/zap2docker-stable'
docker_name: 'ghcr.io/zaproxy/zaproxy:weekly'
target: 'http://localhost:6011/docs/openapi.yml'
fail_action: true
allow_issue_writing: false

View File

@@ -51,7 +51,6 @@ class AwsCloudwatchClient(Client):
# Check all cloudwatch logs from the time the notification was sent (currently 5 minutes previously) until now
now = round(time.time() * 1000)
beginning = sent_at
current_app.logger.info(f"TIME RANGE TO CHECK {beginning} to {now}")
next_token = None
all_log_events = []
while True:
@@ -74,40 +73,42 @@ class AwsCloudwatchClient(Client):
all_log_events.extend(log_events)
if len(log_events) > 0:
# We found it
current_app.logger.info(
f"WE FOUND THE EVENT WE WERE LOOKING FOR? {log_events}"
)
break
next_token = response.get("nextToken")
if not next_token:
break
if len(all_log_events) == 0:
print(f"WE FOUND NO LOG EVENTS OVER TIME RANGE {beginning} to {now}")
return all_log_events
def _extract_account_number(self, ses_domain_arn, region):
account_number = ses_domain_arn
# handle cloud.gov case
if "aws-us-gov" in account_number:
account_number = account_number.replace(f"arn:aws-us-gov:ses:{region}:", "")
account_number = account_number.split(":")
account_number = account_number[0]
# handle staging case
else:
account_number = account_number.replace(f"arn:aws:ses:{region}:", "")
account_number = account_number.split(":")
account_number = account_number[0]
return account_number
def check_sms(self, message_id, notification_id, created_at):
if os.getenv("LOCALSTACK_ENDPOINT_URL"):
current_app.logger.info("GADZOOKS WE ARE RUNNING WITH LOCALSTACK")
region = cloud_config.sns_region
# TODO this clumsy approach to getting the account number will be fixed as part of notify-api #258
account_number = cloud_config.ses_domain_arn
account_number = account_number.replace(f"arn:aws:ses:{region}:", "")
account_number = account_number.split(":")
account_number = account_number[0]
account_number = self._extract_account_number(
cloud_config.ses_domain_arn, region
)
log_group_name = f"sns/{region}/{account_number}/DirectPublishToPhoneNumber"
current_app.logger.info(
f"LOG GROUP NAME: {log_group_name} MESSAGE ID: {message_id}"
f"Log group name: {log_group_name} message id: {message_id}"
)
filter_pattern = '{$.notification.messageId="XXXXX"}'
filter_pattern = filter_pattern.replace("XXXXX", message_id)
all_log_events = self._get_log(filter_pattern, log_group_name, created_at)
current_app.logger.info(f"NUMBER OF ALL LOG EVENTS {len(all_log_events)}")
if all_log_events and len(all_log_events) > 0:
current_app.logger.info(
"SHOULD RETURN SUCCESS BECAUSE WE FOUND A SUCCESS MESSAGE FOR MESSAGE ID"
)
event = all_log_events[0]
message = json.loads(event["message"])
current_app.logger.info(f"MESSAGE {message}")
@@ -116,11 +117,8 @@ class AwsCloudwatchClient(Client):
log_group_name = (
f"sns/{region}/{account_number}/DirectPublishToPhoneNumber/Failure"
)
current_app.logger.info(f"FAILURE LOG GROUP NAME {log_group_name}")
# current_app.logger.info(f"Failure log group name: {log_group_name}")
all_failed_events = self._get_log(filter_pattern, log_group_name, created_at)
current_app.logger.info(
f"NUMBER OF ALL FAILED LOG EVENTS {len(all_failed_events)}"
)
if all_failed_events and len(all_failed_events) > 0:
current_app.logger.info("SHOULD RETURN FAILED BECAUSE WE FOUND A FAILURE")
event = all_failed_events[0]
@@ -128,7 +126,6 @@ class AwsCloudwatchClient(Client):
current_app.logger.info(f"MESSAGE {message}")
return "failure", message["delivery"]["providerResponse"]
print(f"RAISING EXCEPTION FOR MESSAGE_ID {message_id}")
raise Exception(
f"No event found for message_id {message_id} notification_id {notification_id}"
)

18
poetry.lock generated
View File

@@ -1077,13 +1077,13 @@ six = ">=1.10.0"
[[package]]
name = "exceptiongroup"
version = "1.1.2"
version = "1.1.3"
description = "Backport of PEP 654 (exception groups)"
optional = false
python-versions = ">=3.7"
files = [
{file = "exceptiongroup-1.1.2-py3-none-any.whl", hash = "sha256:e346e69d186172ca7cf029c8c1d16235aa0e04035e5750b4b95039e65204328f"},
{file = "exceptiongroup-1.1.2.tar.gz", hash = "sha256:12c3e887d6485d16943a309616de20ae5582633e0a2eda17f4e10fd61c1e8af5"},
{file = "exceptiongroup-1.1.3-py3-none-any.whl", hash = "sha256:343280667a4585d195ca1cf9cef84a4e178c4b6cf2274caef9859782b567d5e3"},
{file = "exceptiongroup-1.1.3.tar.gz", hash = "sha256:097acd85d473d75af5bb98e41b61ff7fe35efe6675e4f9370ec6ec5126d160e9"},
]
[package.extras]
@@ -2044,6 +2044,16 @@ files = [
{file = "MarkupSafe-2.1.3-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:5bbe06f8eeafd38e5d0a4894ffec89378b6c6a625ff57e3028921f8ff59318ac"},
{file = "MarkupSafe-2.1.3-cp311-cp311-win32.whl", hash = "sha256:dd15ff04ffd7e05ffcb7fe79f1b98041b8ea30ae9234aed2a9168b5797c3effb"},
{file = "MarkupSafe-2.1.3-cp311-cp311-win_amd64.whl", hash = "sha256:134da1eca9ec0ae528110ccc9e48041e0828d79f24121a1a146161103c76e686"},
{file = "MarkupSafe-2.1.3-cp312-cp312-macosx_10_9_universal2.whl", hash = "sha256:f698de3fd0c4e6972b92290a45bd9b1536bffe8c6759c62471efaa8acb4c37bc"},
{file = "MarkupSafe-2.1.3-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:aa57bd9cf8ae831a362185ee444e15a93ecb2e344c8e52e4d721ea3ab6ef1823"},
{file = "MarkupSafe-2.1.3-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:ffcc3f7c66b5f5b7931a5aa68fc9cecc51e685ef90282f4a82f0f5e9b704ad11"},
{file = "MarkupSafe-2.1.3-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:47d4f1c5f80fc62fdd7777d0d40a2e9dda0a05883ab11374334f6c4de38adffd"},
{file = "MarkupSafe-2.1.3-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:1f67c7038d560d92149c060157d623c542173016c4babc0c1913cca0564b9939"},
{file = "MarkupSafe-2.1.3-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:9aad3c1755095ce347e26488214ef77e0485a3c34a50c5a5e2471dff60b9dd9c"},
{file = "MarkupSafe-2.1.3-cp312-cp312-musllinux_1_1_i686.whl", hash = "sha256:14ff806850827afd6b07a5f32bd917fb7f45b046ba40c57abdb636674a8b559c"},
{file = "MarkupSafe-2.1.3-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:8f9293864fe09b8149f0cc42ce56e3f0e54de883a9de90cd427f191c346eb2e1"},
{file = "MarkupSafe-2.1.3-cp312-cp312-win32.whl", hash = "sha256:715d3562f79d540f251b99ebd6d8baa547118974341db04f5ad06d5ea3eb8007"},
{file = "MarkupSafe-2.1.3-cp312-cp312-win_amd64.whl", hash = "sha256:1b8dd8c3fd14349433c79fa8abeb573a55fc0fdd769133baac1f5e07abf54aeb"},
{file = "MarkupSafe-2.1.3-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:8e254ae696c88d98da6555f5ace2279cf7cd5b3f52be2b5cf97feafe883b58d2"},
{file = "MarkupSafe-2.1.3-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:cb0932dc158471523c9637e807d9bfb93e06a95cbf010f1a38b98623b929ef2b"},
{file = "MarkupSafe-2.1.3-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:9402b03f1a1b4dc4c19845e5c749e3ab82d5078d16a2a4c2cd2df62d57bb0707"},
@@ -4281,4 +4291,4 @@ testing = ["big-O", "jaraco.functools", "jaraco.itertools", "more-itertools", "p
[metadata]
lock-version = "2.0"
python-versions = "^3.9"
content-hash = "15aafd504a605f6621f3017ddfba898373885f90926eb16eef363ba5b33b53a6"
content-hash = "9567d12431fe9070c72a3a344f91b5e537382b7075cf55321feac92dcca47044"

View File

@@ -69,7 +69,7 @@ newrelic = "*"
[tool.poetry.group.dev.dependencies]
exceptiongroup = "==1.1.2"
exceptiongroup = "==1.1.3"
flake8 = "==4.0.1"
flake8-bugbear = "==23.3.12"
isort = "==5.12.0"

View File

@@ -86,3 +86,21 @@ def test_check_sms_failure(notify_api, mocker):
assert "Failure" in mock_call
assert "fail" in mock_call
assert "notification.messageId" in mock_call
def test_extract_account_number_gov_cloud():
domain_arn = "arn:aws-us-gov:ses:us-gov-west-1:12345:identity/ses-abc.xxx.xxx.xxx"
actual_account_number = aws_cloudwatch_client._extract_account_number(
domain_arn, "us-gov-west-1"
)
expected_account_number = "12345"
assert actual_account_number == expected_account_number
def test_extract_account_number_gov_staging():
domain_arn = "arn:aws:ses:us-south-14:12345:identity/ses-abc.xxx.xxx.xxx"
actual_account_number = aws_cloudwatch_client._extract_account_number(
domain_arn, "us-south-14"
)
expected_account_number = "12345"
assert actual_account_number == expected_account_number