[Gh 998] Maintenance window #1236
Conversation
# Conflicts: # deploy/stacks/lambda_api.py
| # Disable scheduled ECS tasks | ||
| # Get all the SSM Params related to the scheduled tasks | ||
| ecs_scheduled_rules = ParameterStoreManager.get_parameters_by_path( | ||
| region=os.getenv('AWS_REGION', 'eu-west-1'), |
There was a problem hiding this comment.
Should we really have a default value of eu-west-1 here? Seems like there should be no default and that we check region value and error if it is not a valid region.
There was a problem hiding this comment.
I am taking the default value from the other similar boto3 wrappers which are defined in dataall/base/aws/ folder. I am in agreement that we should through error if the AWS_REGION env var is nt set. Maybe we should do it for other boto wrappers.
@dlpzx , what are you views ? Is there any particular reason to keep the eu-west-1
| ) | ||
| logger.debug(ecs_scheduled_rules) | ||
| ecs_scheduled_rules_list = [item['Value'] for item in ecs_scheduled_rules] | ||
| event_bridge_session = EventBridge(region=os.getenv('AWS_REGION', 'eu-west-1')) |
There was a problem hiding this comment.
Same as above, curious why we would default to eu-west-1 here.
| ) | ||
| # Enable scheduled ECS tasks | ||
| ecs_scheduled_rules = ParameterStoreManager.get_parameters_by_path( | ||
| region=os.getenv('AWS_REGION', 'eu-west-1'), |
There was a problem hiding this comment.
Same question about default region as above.
| ) | ||
| logger.debug(ecs_scheduled_rules) | ||
| ecs_scheduled_rules_list = [item['Value'] for item in ecs_scheduled_rules] | ||
| event_bridge_session = EventBridge(region=os.getenv('AWS_REGION', 'eu-west-1')) |
There was a problem hiding this comment.
Same question about default region as above.
| if maintenance_record.status == MaintenanceStatus.PENDING.value: | ||
| # Check if ECS tasks are running | ||
| ecs_cluster_name = ParameterStoreManager.get_parameter_value( | ||
| region=os.getenv('AWS_REGION', 'eu-west-1'), |
There was a problem hiding this comment.
Same question about default region as above.
frontend/src/modules/Administration/views/AdministrationView.js
Outdated
Show resolved
Hide resolved
frontend/src/modules/Administration/components/MaintenanceViewer.js
Outdated
Show resolved
Hide resolved
backend/dataall/modules/maintenance/services/maintenance_service.py
Outdated
Show resolved
Hide resolved
backend/dataall/modules/maintenance/services/maintenance_service.py
Outdated
Show resolved
Hide resolved
For now, I have added the tests in the tests/modules/maintenance. For the integration tests, i think they are using the cognito idp to authenticate. As we use our custom auth, I don't think I can add tests easily. I think this could be a part of another PR where-in the same integration tests can be run with a custom IDP user |
|
Updated code Tested - |
| from dataall.core.permissions.services.tenant_policy_service import TenantPolicyValidationService | ||
|
|
||
| logger = logging.getLogger() | ||
| logger.setLevel(os.environ.get('LOG_LEVEL', 'INFO')) |
There was a problem hiding this comment.
What is this used for? We are using "log" everywhere else.
There was a problem hiding this comment.
Do you mean why are we using the setLevel command ?
There was a problem hiding this comment.
the setLevel method is used mostly at the top of logger initialization. I am adding it here to set the log level to whatever is set for each lambda in their environment variable - which is available via the os.environ.get('LOG_LEVEL', 'INFO').
backend/dataall/modules/maintenance/services/maintenance_service.py
Outdated
Show resolved
Hide resolved
| 'Access-Control-Allow-Methods': '*', | ||
| }, | ||
| 'body': json.dumps(response), | ||
| } |
There was a problem hiding this comment.
Created GH issue - #1302
There was a problem hiding this comment.
Looks good! I was a bit unsure about how the maintenance mode disabled was going to behave in the frontend. My concern was that the import import { MaintenanceViewer } from '../../Maintenance/components/MaintenanceViewer'; in frontend/src/modules/Administration/views/AdministrationView.js was going to result in errors, but I tested it locally and because it is not used in the tabs it works normal.
If we wanted to be ultra-clean we would check if (isModuleEnabled(ModuleNames.MAINTENANCE)) before importing and using the MaintenanceViewer, but this is not required.
Approving!
### Feature or Bugfix <!-- please choose --> - Bugfix ### Detail - Fixes hanging UI render on frontend introduced by AuthGuard useClient hook for Cognito Auth only ### Relates - Continuation of #1236 Thanks @TejasRGitHub for your help here! ### Security Please answer the questions below briefly where applicable, or write `N/A`. Based on [OWASP 10](https://owasp.org/Top10/en/). - Does this PR introduce or modify any input fields or queries - this includes fetching data from storage outside the application (e.g. a database, an S3 bucket)? - Is the input sanitized? - What precautions are you taking before deserializing the data you consume? - Is injection prevented by parametrizing queries? - Have you ensured no `eval` or similar functions are used? - Does this PR introduce any functionality or component that requires authorization? - How have you ensured it respects the existing AuthN/AuthZ mechanisms? - Are you logging failed auth attempts? - Are you using or adding any cryptographic features? - Do you use a standard proven implementations? - Are the used keys controlled by the customer? Where are they stored? - Are you introducing any new policies/roles/users? - Have you used the least-privilege principle? How? By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
Feature or Bugfix
Detail
Instructions on using maintenance window
Note- In all the mode, data.all admin user is allowed to perform any gql call and access and modify anything on the UI.
Relates
Security
Please answer the questions below briefly where applicable, or write
N/A. Based onOWASP 10.
fetching data from storage outside the application (e.g. a database, an S3 bucket)? N/A
evalor similar functions are used?By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.