Merge pull request #64 from 4dn-dcic/python-3.12

Support for Python 3.12

.github/workflows/main-publish.yml

@@ -26,7 +26,7 @@ jobs:
       - uses: actions/checkout@v2
       - uses: actions/setup-python@v2
         with:
-          python-version: 3.11
+          python-version: 3.12
       - name: Install Python dependencies for publish
         run: python -m pip install dcicutils==8.7.0.1b2
       - name: Update the gitinfo.json file with latest relevant git info

CHANGELOG.rst

@@ -6,6 +6,13 @@ foursight-core
 Change Log
 ----------
 
+5.6.0
+=====
+* Support for Python 3.12.
+* Added ('[email protected] ', 'access_key_admin') to checks/access_key_expiration_detection.py.
+* Fixed access_key_expiration_detection.py to get expiration time from data; not 90 days plus create date.
+
+
 5.5.0
 =====
 * Fix RedisSessionToken creation in react_api_base.ReactApiBase.react_authentication_callback to pass email 

Makefile

@@ -1,7 +1,8 @@
 .PHONY: test
 
 configure:  # does any pre-requisite installs
-	pip install poetry==1.4.2
+	pip install poetry
+	pip install setuptools wheel
 
 lint:
 	@echo "Running flake8..."

foursight_core/checks/access_key_expiration_detection.py

@@ -24,22 +24,27 @@ def access_key_status(connection, **kwargs):
     access_keys = search_metadata(f'/search/?type=AccessKey&description={fs_user_kp}&user.uuid={user_uuid}'
                                   f'&sort=-date_created', key=connection.ff_keys)
     most_recent_key = access_keys[0]  # should always be present if deploy has run
-    # date format: 2022-07-05T01:01:43.498347+00:00 (isoformat)
-    most_recent_key_creation_date = datetime.fromisoformat(most_recent_key['date_created'])
-    expiration_date = most_recent_key_creation_date + timedelta(days=90)
+    access_key_id = most_recent_key.get('access_key_id')
+    # Get the expiration_date from the data.
+    # Date format: 2022-07-05T01:01:43.498347+00:00 (isoformat)
+    expiration_date = datetime.fromisoformat(most_recent_key['expiration_date'])
     one_week_to_expiration = expiration_date - timedelta(days=7)
     three_weeks_to_expiration = expiration_date - timedelta(days=21)
-    now = datetime.now(most_recent_key_creation_date.tzinfo)
+    now = datetime.now().replace(tzinfo=None)
     if now > one_week_to_expiration:
         check.status = 'FAIL'
-        check.summary = (f'Application access keys will expire in less than 7 days! Please run'
-                         f' the deployment action ASAP')
+        check.summary = (f'Application access keys will expire in less than 7 days!'
+                         f' Allowing refresh action.'
+                         f' Access key ({access_key_id}) expiration date: {expiration_date}')
         check.brief_output = check.full_output = check.summary
+        # Returning with prevent_action set to False;
+        # allows the check to run automatically.
         return check
     elif now > three_weeks_to_expiration:
         check.status = 'WARN'
-        check.summary = (f'Application access keys will expire in less than 21 days! Please run'
-                         f' the deployment action soon')
+        check.summary = (f'Application access keys will expire in less than three weeks.'
+                         f' Deployment or access key refresh action needed soon.'
+                         f' Access key ({access_key_id}) expiration date: {expiration_date}')
         check.brief_output = check.full_output = check.summary
         # This prevents the from running automatically after the check;
         # though the user is still allowed to run it manually in any case.
@@ -48,7 +53,7 @@ def access_key_status(connection, **kwargs):
     else:
         check.status = 'PASS'
         check.summary = (f'Application access keys expiration is more than 3 weeks away. All good.'
-                         f' Expiration date: {expiration_date}')
+                         f' Access key ({access_key_id}) expiration date: {expiration_date}')
         # This prevents the from running automatically after the check;
         # though the user is still allowed to run it manually in any case.
         check.prevent_action = True
@@ -61,6 +66,7 @@ def refresh_access_keys(connection, **kwargs):
     action = ActionResult(connection, 'refresh_access_keys')
     admin_keys = [('[email protected]', 'access_key_admin'),  # fourfront admin
                   ('[email protected]', 'access_key_admin'),  # cgap admin
+                  ('[email protected] ', 'access_key_admin'),  # encoded-core/smaht portal admin
                   ('[email protected]', 'access_key_tibanna'),
                   ('[email protected]', 'access_key_foursight')]
     s3 = s3_utils.s3Utils(env=connection.ff_env)

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "foursight-core"
-version = "5.5.0"
+version = "5.6.0"  
 description = "Serverless Chalice Application for Monitoring"
 authors = ["4DN-DCIC Team <[email protected]>"]
 license = "MIT"
@@ -11,13 +11,13 @@ packages = [
 ]
 
 [tool.poetry.dependencies]
-python = ">=3.8,<3.12"
-boto3 = "^1.34.89"
-botocore = "^1.34.89"
+python = ">=3.8.1,<3.13"
+boto3 = "^1.34.136"
+botocore = "^1.34.136"
 click = "^7.1.2"
 cron-descriptor = "^1.2.31"
 cryptography = "39.0.2" # Required for AWS Cognito JWT decode (PyJWKClient)
-dcicutils = "^8.8.4"
+dcicutils = "^8.13.0"
 elasticsearch = "7.13.4"
 elasticsearch-dsl = "^7.0.0"
 geocoder = "1.38.1"
@@ -39,8 +39,8 @@ toml = ">=0.10.2,<1"
 tzlocal = "^5.0.1"
 
 [tool.poetry.dev-dependencies]
-boto3-stubs = "^1.34.89"
-botocore-stubs = "^1.34.89"
+boto3-stubs = "^1.34.136"
+botocore-stubs = "^1.34.136"
 chalice = "^1.31.0"
 flake8 = ">=3.9.2"
 flaky = "3.6.1"