From 71956ff50d0dbe86115ce98ef2d3ec771c7a59ed Mon Sep 17 00:00:00 2001 From: Simon Li Date: Wed, 27 Mar 2024 14:27:44 +0000 Subject: [PATCH] MAX_REQUEST_AGE_DAYS is configurable, default disabled --- README.md | 1 + cdk.json | 1 + egress_backend/egress_backend_stack.py | 3 +++ egress_backend/lambda/egress_api/list_requests.py | 7 ++++--- 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 9d666b2..a5c7723 100644 --- a/README.md +++ b/README.md @@ -55,6 +55,7 @@ cd secure-egress-backend | enable_single_approval | Flag that enables just a single stage approval. Accepts string value. Should be set to `"true"` when just one approver needs to approve egress request. Should be set to `"false"` when two approvers are required to approve egress request | | | ig_workspaces_account | Optionally add the account number in which IG lead will spin up a workspace to review egress data. Leave empty to disable (default). | | | use_s3_access_points | Set to `"true"` if you are using a customised version of ServiceWorkbench with S3 AccessPoints, default `"false"` | | +| max_request_age_days | Do not display egress requests that were updated after this time period, use this if you have too many old requests, disabled by default | | > Note: changing the value for `enable_single_approval` for existing deployment should be done after ensuring there are > no egress requests in progress. diff --git a/cdk.json b/cdk.json index c3d3b68..83b1dcd 100644 --- a/cdk.json +++ b/cdk.json @@ -32,6 +32,7 @@ "download_expiry_seconds": "3600", "ig_workspaces_account": "", "use_s3_access_points": "false", + "max_request_age_days": "0", "global_web_acl_arn": "<>", "regional_web_acl_arn": "<>", "custom_domain": { diff --git a/egress_backend/egress_backend_stack.py b/egress_backend/egress_backend_stack.py index 26947f9..abb876c 100644 --- a/egress_backend/egress_backend_stack.py +++ b/egress_backend/egress_backend_stack.py @@ -1515,6 +1515,9 @@ def __init__( "REVIEWER_LIST": json.dumps( self.node.try_get_context(env_id).get("egress_reviewer_roles") ), + "MAX_REQUEST_AGE_DAYS": self.node.try_get_context(env_id).get( + "max_request_age_days" + ), "MAX_DOWNLOADS_ALLOWED": self.node.try_get_context(env_id).get( "max_downloads_allowed" ), diff --git a/egress_backend/lambda/egress_api/list_requests.py b/egress_backend/lambda/egress_api/list_requests.py index 6ce76db..e7c6692 100644 --- a/egress_backend/lambda/egress_api/list_requests.py +++ b/egress_backend/lambda/egress_api/list_requests.py @@ -9,13 +9,12 @@ import boto3 from aws_lambda_powertools import Logger, Tracer -MAX_REQUEST_AGE_DAYS = 90 - tracer = Tracer(service="ListRequestsAPI") logger = Logger(service="ListRequestsAPI") ddb = boto3.resource("dynamodb") table = os.environ["TABLE"] +max_request_age_days = int(os.environ["MAX_REQUEST_AGE_DAYS"]) def list_requests(): @@ -24,8 +23,10 @@ def list_requests(): now = datetime.now() def is_recent(item): + if max_request_age_days <= 0: + return True updated_dt = datetime.strptime(item["updated_dt"], "%Y-%m-%dT%H:%M:%S.%fZ") - return (now - updated_dt).days < MAX_REQUEST_AGE_DAYS + return (now - updated_dt).days < max_request_age_days ddb_table = ddb.Table(table)