mirror of
https://github.com/GSA/notifications-api.git
synced 2026-07-16 03:10:48 -04:00
3
.github/workflows/adr-accepted.yml
vendored
3
.github/workflows/adr-accepted.yml
vendored
@@ -22,8 +22,7 @@ jobs:
|
||||
uses: actions/checkout@v3
|
||||
with:
|
||||
ref: main
|
||||
with:
|
||||
ssh-key: ${{ secrets.SSH_PRIVATE_KEY }}
|
||||
ssh-key: ${{ secrets.SSH_PRIVATE_KEY }}
|
||||
|
||||
- name: get ADR number
|
||||
id: next
|
||||
|
||||
8
.github/workflows/checks.yml
vendored
8
.github/workflows/checks.yml
vendored
@@ -123,14 +123,18 @@ jobs:
|
||||
run: make bootstrap
|
||||
env:
|
||||
SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api
|
||||
NOTIFY_E2E_TEST_EMAIL: ${{ secrets.NOTIFY_E2E_TEST_EMAIL }}
|
||||
NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD }}
|
||||
NOTIFY_E2E_TEST_HTTP_AUTH_USER: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_USER }}
|
||||
NOTIFY_E2E_TEST_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_PASSWORD }}
|
||||
- name: Run server
|
||||
run: make run-flask &
|
||||
env:
|
||||
SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api
|
||||
- name: Run OWASP Baseline Scan
|
||||
uses: zaproxy/action-api-scan@v0.4.0
|
||||
uses: zaproxy/action-api-scan@v0.5.0
|
||||
with:
|
||||
docker_name: 'owasp/zap2docker-stable'
|
||||
docker_name: 'ghcr.io/zaproxy/zaproxy:weekly'
|
||||
target: 'http://localhost:6011/docs/openapi.yml'
|
||||
fail_action: true
|
||||
allow_issue_writing: false
|
||||
|
||||
@@ -51,7 +51,6 @@ class AwsCloudwatchClient(Client):
|
||||
# Check all cloudwatch logs from the time the notification was sent (currently 5 minutes previously) until now
|
||||
now = round(time.time() * 1000)
|
||||
beginning = sent_at
|
||||
current_app.logger.info(f"TIME RANGE TO CHECK {beginning} to {now}")
|
||||
next_token = None
|
||||
all_log_events = []
|
||||
while True:
|
||||
@@ -74,40 +73,42 @@ class AwsCloudwatchClient(Client):
|
||||
all_log_events.extend(log_events)
|
||||
if len(log_events) > 0:
|
||||
# We found it
|
||||
current_app.logger.info(
|
||||
f"WE FOUND THE EVENT WE WERE LOOKING FOR? {log_events}"
|
||||
)
|
||||
|
||||
break
|
||||
next_token = response.get("nextToken")
|
||||
if not next_token:
|
||||
break
|
||||
if len(all_log_events) == 0:
|
||||
print(f"WE FOUND NO LOG EVENTS OVER TIME RANGE {beginning} to {now}")
|
||||
return all_log_events
|
||||
|
||||
def _extract_account_number(self, ses_domain_arn, region):
|
||||
account_number = ses_domain_arn
|
||||
# handle cloud.gov case
|
||||
if "aws-us-gov" in account_number:
|
||||
account_number = account_number.replace(f"arn:aws-us-gov:ses:{region}:", "")
|
||||
account_number = account_number.split(":")
|
||||
account_number = account_number[0]
|
||||
# handle staging case
|
||||
else:
|
||||
account_number = account_number.replace(f"arn:aws:ses:{region}:", "")
|
||||
account_number = account_number.split(":")
|
||||
account_number = account_number[0]
|
||||
return account_number
|
||||
|
||||
def check_sms(self, message_id, notification_id, created_at):
|
||||
if os.getenv("LOCALSTACK_ENDPOINT_URL"):
|
||||
current_app.logger.info("GADZOOKS WE ARE RUNNING WITH LOCALSTACK")
|
||||
region = cloud_config.sns_region
|
||||
# TODO this clumsy approach to getting the account number will be fixed as part of notify-api #258
|
||||
account_number = cloud_config.ses_domain_arn
|
||||
account_number = account_number.replace(f"arn:aws:ses:{region}:", "")
|
||||
account_number = account_number.split(":")
|
||||
account_number = account_number[0]
|
||||
account_number = self._extract_account_number(
|
||||
cloud_config.ses_domain_arn, region
|
||||
)
|
||||
|
||||
log_group_name = f"sns/{region}/{account_number}/DirectPublishToPhoneNumber"
|
||||
current_app.logger.info(
|
||||
f"LOG GROUP NAME: {log_group_name} MESSAGE ID: {message_id}"
|
||||
f"Log group name: {log_group_name} message id: {message_id}"
|
||||
)
|
||||
filter_pattern = '{$.notification.messageId="XXXXX"}'
|
||||
filter_pattern = filter_pattern.replace("XXXXX", message_id)
|
||||
all_log_events = self._get_log(filter_pattern, log_group_name, created_at)
|
||||
current_app.logger.info(f"NUMBER OF ALL LOG EVENTS {len(all_log_events)}")
|
||||
|
||||
if all_log_events and len(all_log_events) > 0:
|
||||
current_app.logger.info(
|
||||
"SHOULD RETURN SUCCESS BECAUSE WE FOUND A SUCCESS MESSAGE FOR MESSAGE ID"
|
||||
)
|
||||
event = all_log_events[0]
|
||||
message = json.loads(event["message"])
|
||||
current_app.logger.info(f"MESSAGE {message}")
|
||||
@@ -116,11 +117,8 @@ class AwsCloudwatchClient(Client):
|
||||
log_group_name = (
|
||||
f"sns/{region}/{account_number}/DirectPublishToPhoneNumber/Failure"
|
||||
)
|
||||
current_app.logger.info(f"FAILURE LOG GROUP NAME {log_group_name}")
|
||||
# current_app.logger.info(f"Failure log group name: {log_group_name}")
|
||||
all_failed_events = self._get_log(filter_pattern, log_group_name, created_at)
|
||||
current_app.logger.info(
|
||||
f"NUMBER OF ALL FAILED LOG EVENTS {len(all_failed_events)}"
|
||||
)
|
||||
if all_failed_events and len(all_failed_events) > 0:
|
||||
current_app.logger.info("SHOULD RETURN FAILED BECAUSE WE FOUND A FAILURE")
|
||||
event = all_failed_events[0]
|
||||
@@ -128,7 +126,6 @@ class AwsCloudwatchClient(Client):
|
||||
current_app.logger.info(f"MESSAGE {message}")
|
||||
return "failure", message["delivery"]["providerResponse"]
|
||||
|
||||
print(f"RAISING EXCEPTION FOR MESSAGE_ID {message_id}")
|
||||
raise Exception(
|
||||
f"No event found for message_id {message_id} notification_id {notification_id}"
|
||||
)
|
||||
|
||||
18
poetry.lock
generated
18
poetry.lock
generated
@@ -1077,13 +1077,13 @@ six = ">=1.10.0"
|
||||
|
||||
[[package]]
|
||||
name = "exceptiongroup"
|
||||
version = "1.1.2"
|
||||
version = "1.1.3"
|
||||
description = "Backport of PEP 654 (exception groups)"
|
||||
optional = false
|
||||
python-versions = ">=3.7"
|
||||
files = [
|
||||
{file = "exceptiongroup-1.1.2-py3-none-any.whl", hash = "sha256:e346e69d186172ca7cf029c8c1d16235aa0e04035e5750b4b95039e65204328f"},
|
||||
{file = "exceptiongroup-1.1.2.tar.gz", hash = "sha256:12c3e887d6485d16943a309616de20ae5582633e0a2eda17f4e10fd61c1e8af5"},
|
||||
{file = "exceptiongroup-1.1.3-py3-none-any.whl", hash = "sha256:343280667a4585d195ca1cf9cef84a4e178c4b6cf2274caef9859782b567d5e3"},
|
||||
{file = "exceptiongroup-1.1.3.tar.gz", hash = "sha256:097acd85d473d75af5bb98e41b61ff7fe35efe6675e4f9370ec6ec5126d160e9"},
|
||||
]
|
||||
|
||||
[package.extras]
|
||||
@@ -2044,6 +2044,16 @@ files = [
|
||||
{file = "MarkupSafe-2.1.3-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:5bbe06f8eeafd38e5d0a4894ffec89378b6c6a625ff57e3028921f8ff59318ac"},
|
||||
{file = "MarkupSafe-2.1.3-cp311-cp311-win32.whl", hash = "sha256:dd15ff04ffd7e05ffcb7fe79f1b98041b8ea30ae9234aed2a9168b5797c3effb"},
|
||||
{file = "MarkupSafe-2.1.3-cp311-cp311-win_amd64.whl", hash = "sha256:134da1eca9ec0ae528110ccc9e48041e0828d79f24121a1a146161103c76e686"},
|
||||
{file = "MarkupSafe-2.1.3-cp312-cp312-macosx_10_9_universal2.whl", hash = "sha256:f698de3fd0c4e6972b92290a45bd9b1536bffe8c6759c62471efaa8acb4c37bc"},
|
||||
{file = "MarkupSafe-2.1.3-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:aa57bd9cf8ae831a362185ee444e15a93ecb2e344c8e52e4d721ea3ab6ef1823"},
|
||||
{file = "MarkupSafe-2.1.3-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:ffcc3f7c66b5f5b7931a5aa68fc9cecc51e685ef90282f4a82f0f5e9b704ad11"},
|
||||
{file = "MarkupSafe-2.1.3-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:47d4f1c5f80fc62fdd7777d0d40a2e9dda0a05883ab11374334f6c4de38adffd"},
|
||||
{file = "MarkupSafe-2.1.3-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:1f67c7038d560d92149c060157d623c542173016c4babc0c1913cca0564b9939"},
|
||||
{file = "MarkupSafe-2.1.3-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:9aad3c1755095ce347e26488214ef77e0485a3c34a50c5a5e2471dff60b9dd9c"},
|
||||
{file = "MarkupSafe-2.1.3-cp312-cp312-musllinux_1_1_i686.whl", hash = "sha256:14ff806850827afd6b07a5f32bd917fb7f45b046ba40c57abdb636674a8b559c"},
|
||||
{file = "MarkupSafe-2.1.3-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:8f9293864fe09b8149f0cc42ce56e3f0e54de883a9de90cd427f191c346eb2e1"},
|
||||
{file = "MarkupSafe-2.1.3-cp312-cp312-win32.whl", hash = "sha256:715d3562f79d540f251b99ebd6d8baa547118974341db04f5ad06d5ea3eb8007"},
|
||||
{file = "MarkupSafe-2.1.3-cp312-cp312-win_amd64.whl", hash = "sha256:1b8dd8c3fd14349433c79fa8abeb573a55fc0fdd769133baac1f5e07abf54aeb"},
|
||||
{file = "MarkupSafe-2.1.3-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:8e254ae696c88d98da6555f5ace2279cf7cd5b3f52be2b5cf97feafe883b58d2"},
|
||||
{file = "MarkupSafe-2.1.3-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:cb0932dc158471523c9637e807d9bfb93e06a95cbf010f1a38b98623b929ef2b"},
|
||||
{file = "MarkupSafe-2.1.3-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:9402b03f1a1b4dc4c19845e5c749e3ab82d5078d16a2a4c2cd2df62d57bb0707"},
|
||||
@@ -4281,4 +4291,4 @@ testing = ["big-O", "jaraco.functools", "jaraco.itertools", "more-itertools", "p
|
||||
[metadata]
|
||||
lock-version = "2.0"
|
||||
python-versions = "^3.9"
|
||||
content-hash = "15aafd504a605f6621f3017ddfba898373885f90926eb16eef363ba5b33b53a6"
|
||||
content-hash = "9567d12431fe9070c72a3a344f91b5e537382b7075cf55321feac92dcca47044"
|
||||
|
||||
@@ -69,7 +69,7 @@ newrelic = "*"
|
||||
|
||||
|
||||
[tool.poetry.group.dev.dependencies]
|
||||
exceptiongroup = "==1.1.2"
|
||||
exceptiongroup = "==1.1.3"
|
||||
flake8 = "==4.0.1"
|
||||
flake8-bugbear = "==23.3.12"
|
||||
isort = "==5.12.0"
|
||||
|
||||
@@ -86,3 +86,21 @@ def test_check_sms_failure(notify_api, mocker):
|
||||
assert "Failure" in mock_call
|
||||
assert "fail" in mock_call
|
||||
assert "notification.messageId" in mock_call
|
||||
|
||||
|
||||
def test_extract_account_number_gov_cloud():
|
||||
domain_arn = "arn:aws-us-gov:ses:us-gov-west-1:12345:identity/ses-abc.xxx.xxx.xxx"
|
||||
actual_account_number = aws_cloudwatch_client._extract_account_number(
|
||||
domain_arn, "us-gov-west-1"
|
||||
)
|
||||
expected_account_number = "12345"
|
||||
assert actual_account_number == expected_account_number
|
||||
|
||||
|
||||
def test_extract_account_number_gov_staging():
|
||||
domain_arn = "arn:aws:ses:us-south-14:12345:identity/ses-abc.xxx.xxx.xxx"
|
||||
actual_account_number = aws_cloudwatch_client._extract_account_number(
|
||||
domain_arn, "us-south-14"
|
||||
)
|
||||
expected_account_number = "12345"
|
||||
assert actual_account_number == expected_account_number
|
||||
|
||||
Reference in New Issue
Block a user