[Gh 998] Maintenance window #1236
Conversation
# Conflicts: # deploy/stacks/lambda_api.py
| # Disable scheduled ECS tasks | ||
| # Get all the SSM Params related to the scheduled tasks | ||
| ecs_scheduled_rules = ParameterStoreManager.get_parameters_by_path( | ||
| region=os.getenv('AWS_REGION', 'eu-west-1'), |
There was a problem hiding this comment.
Should we really have a default value of eu-west-1 here? Seems like there should be no default and that we check region value and error if it is not a valid region.
There was a problem hiding this comment.
I am taking the default value from the other similar boto3 wrappers which are defined in dataall/base/aws/ folder. I am in agreement that we should through error if the AWS_REGION env var is nt set. Maybe we should do it for other boto wrappers.
@dlpzx , what are you views ? Is there any particular reason to keep the eu-west-1
| ) | ||
| logger.debug(ecs_scheduled_rules) | ||
| ecs_scheduled_rules_list = [item['Value'] for item in ecs_scheduled_rules] | ||
| event_bridge_session = EventBridge(region=os.getenv('AWS_REGION', 'eu-west-1')) |
There was a problem hiding this comment.
Same as above, curious why we would default to eu-west-1 here.
| ) | ||
| # Enable scheduled ECS tasks | ||
| ecs_scheduled_rules = ParameterStoreManager.get_parameters_by_path( | ||
| region=os.getenv('AWS_REGION', 'eu-west-1'), |
There was a problem hiding this comment.
Same question about default region as above.
| ) | ||
| logger.debug(ecs_scheduled_rules) | ||
| ecs_scheduled_rules_list = [item['Value'] for item in ecs_scheduled_rules] | ||
| event_bridge_session = EventBridge(region=os.getenv('AWS_REGION', 'eu-west-1')) |
There was a problem hiding this comment.
Same question about default region as above.
| if maintenance_record.status == MaintenanceStatus.PENDING.value: | ||
| # Check if ECS tasks are running | ||
| ecs_cluster_name = ParameterStoreManager.get_parameter_value( | ||
| region=os.getenv('AWS_REGION', 'eu-west-1'), |
There was a problem hiding this comment.
Same question about default region as above.
frontend/src/modules/Administration/views/AdministrationView.js
Outdated
Show resolved
Hide resolved
frontend/src/modules/Administration/components/MaintenanceViewer.js
Outdated
Show resolved
Hide resolved
backend/dataall/modules/maintenance/services/maintenance_service.py
Outdated
Show resolved
Hide resolved
backend/dataall/modules/maintenance/services/maintenance_service.py
Outdated
Show resolved
Hide resolved
backend/api_handler.py
Outdated
| ) | ||
| elif ( | ||
| (maintenance_mode == MaintenanceModes.READONLY.value) | ||
| and (maintenance_status is not MaintenanceStatus.INACTIVE.value) |
There was a problem hiding this comment.
MaintenanceStatus.INACTIVE is an enum, so you should compare directly with the enum instead of its value.
There was a problem hiding this comment.
maintenance_status contains the value of the MaintenanceStatus.INACTIVE enum. Let me check if I can get an enum there instead
For now, I have added the tests in the tests/modules/maintenance. For the integration tests, i think they are using the cognito idp to authenticate. As we use our custom auth, I don't think I can add tests easily. I think this could be a part of another PR where-in the same integration tests can be run with a custom IDP user |
|
Updated code Tested - |
| from dataall.core.permissions.services.tenant_policy_service import TenantPolicyValidationService | ||
|
|
||
| logger = logging.getLogger() | ||
| logger.setLevel(os.environ.get('LOG_LEVEL', 'INFO')) |
There was a problem hiding this comment.
What is this used for? We are using "log" everywhere else.
There was a problem hiding this comment.
Do you mean why are we using the setLevel command ?
There was a problem hiding this comment.
the setLevel method is used mostly at the top of logger initialization. I am adding it here to set the log level to whatever is set for each lambda in their environment variable - which is available via the os.environ.get('LOG_LEVEL', 'INFO').
| logger.error('Maintenance window already in INACTIVE state. Cannot stop maintenance window') | ||
| return False | ||
| MaintenanceRepository(session).save_maintenance_status_and_mode( | ||
| maintenance_status='INACTIVE', maintenance_mode='' |
There was a problem hiding this comment.
Use Maintenence Enum instead of hardcoded INACTIVE
There was a problem hiding this comment.
Addressed in the next update
| @return: returns True if successful or False | ||
| """ | ||
| # Check from the context if the groups contains the DAAAdminstrators group | ||
| groups = get_context().groups if get_context().groups is not None else [] |
There was a problem hiding this comment.
I thought get_context().groups returned an empty list when the user belonged to no group.... good finding
There was a problem hiding this comment.
groups: list = extract_groups(user_id, claims)?
There was a problem hiding this comment.
This is been used only for initializing the groups list when the API handler is called. This takes in the claims which come from the cognito/custom authorizer
| 'Access-Control-Allow-Methods': '*', | ||
| }, | ||
| 'body': json.dumps(response), | ||
| } |
There was a problem hiding this comment.
Created GH issue - #1302
Feature or Bugfix
Detail
Instructions on using maintenance window
Note- In all the mode, data.all admin user is allowed to perform any gql call and access and modify anything on the UI.
Relates
Security
Please answer the questions below briefly where applicable, or write
N/A. Based onOWASP 10.
fetching data from storage outside the application (e.g. a database, an S3 bucket)? N/A
evalor similar functions are used?By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.