Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RW-13914][RW-13916][risk=no] Handle vwb egress alert (1st part) #8990

Merged
merged 10 commits into from
Dec 18, 2024
Merged

[RW-13914][RW-13916][risk=no] Handle vwb egress alert (1st part) #8990

merged 10 commits into from
Dec 18, 2024

Conversation

yonghaoy
Copy link
Collaborator

@yonghaoy yonghaoy commented Dec 9, 2024
edited
Loading

Initial batch of egress processing. There would be few followup for email and jira.
This is incomplete work, but for now, everything is protected by feature flag

PR checklist

  • I have included an issue ID or "no ticket" in the PR title as outlined in CONTRIBUTING.md.
  • I have included a risk tag of the form [risk=no|low|moderate|severe] in the PR title as outlined in CONTRIBUTING.md.
  • I have manually tested this change and my testing process is described above.
  • This change includes appropriate automated tests, and I have documented any behavior that cannot be tested with code.
  • I have added explanatory comments where the logic is not obvious.
  • One or more of the following is true:
    • This change is intended to complete a JIRA story, so I have checked that all AC are met for that story.
    • This change fixes a bug, so I have ensured the steps to reproduce are in the Jira ticket or provided above.
    • This change impacts deployment safety (e.g. removing/altering APIs which are in use), so I have documented the impacts in the description.
    • This change includes a new feature flag, so I have created and linked new JIRA tickets to (a) turn on the feature flag and (b) remove it later.
    • This change modifies the UI, so I have taken screenshots or recordings of the new behavior and notified the PO and UX designer in Slack.
    • This change modifies API behavior, so I have run the relevant E2E tests locally because API changes are not covered by our PR checks.
    • None of the above apply to this change.

@yonghaoy yonghaoy changed the title draft [RW-13914][RW-13916][risk=no] Handle vwb egress alert (1st part) Dec 17, 2024
@yonghaoy yonghaoy marked this pull request as ready for review December 17, 2024 19:20
tarekmamdouh
tarekmamdouh reviewed Dec 18, 2024
View reviewed changes
api/src/main/java/org/pmiops/workbench/exfiltration/EgressEventServiceImpl.java
"An egress event happened for workspace: %s, but we're unable to find a user %s.",
egressEvent.getVwbWorkspaceId(), egressEvent.getUserEmail()));
}
this.egressEventAuditor.fireVwbEgressEvent(egressEvent, egressUser.get());
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

line 111 implies that egressUser can be empty, line 117 makes a call to egressUser.get which might be empty.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this whole part was copied from https://github.com/all-of-us/workbench/blob/fcac632a7d5287b30a159ee71a810c46f2974d79/api/src/main/java/org/pmiops/workbench/exfiltration/EgressEventServiceImpl.java#L84L100, somehow I grouped both into 1 because user should not be empty?

tarekmamdouh
tarekmamdouh reviewed Dec 18, 2024
View reviewed changes
api/src/main/java/org/pmiops/workbench/exfiltration/EgressRemediationService.java
@@ -280,6 +290,18 @@ protected void disableUser(DbUser user) {
stopUserRuntimesAndApps(user.getUsername());
}

protected void disableUserVwbDataAccess(DbUser user) {
userService.updateUserWithRetries(
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe just call disableUser here instead of duplicating the code?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i will be adding logic in my next PR here. So I probably will leave it as it and come back to modify soon

tarekmamdouh
tarekmamdouh approved these changes Dec 18, 2024
View reviewed changes
Copy link
Collaborator

@tarekmamdouh tarekmamdouh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Other than the static code analysis issue, everything else looks good to me. Thank you!

@yonghaoy
Copy link
Collaborator Author

Other than the static code analysis issue, everything else looks good to me. Thank you!

Thanks. That codify is an exising issues comes from parent class, don't know how to fix it without a large refactor

@yonghaoy yonghaoy merged commit 46f30c2 into main Dec 18, 2024
6 of 7 checks passed
@yonghaoy yonghaoy deleted the yyu-exfil branch December 18, 2024 18:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tarekmamdouh tarekmamdouh tarekmamdouh approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@yonghaoy @tarekmamdouh