Add Spec11 registrar emailing mechanism

This adds the terminal step of the Spec11 pipeline- processing the output of the Beam pipeline to send an e-mail to each registrar informing them of identified 'bad urls.' This also factors out methods common between invoicing (which uses similar beam pipeline tools) and spec11 to the common superpackage ReportingModule + ReportingUtils classes. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=210932496
2025-06-29 07:43:37 +02:00 · 2018-08-30 10:16:20 -07:00 · 2018-08-30 10:16:20 -07:00 · c5e6eae555
commit c5e6eae555
parent e4bb1c281c
26 changed files with 816 additions and 93 deletions
--- a/java/google/registry/reporting/spec11/BUILD
+++ b/java/google/registry/reporting/spec11/BUILD
@ -8,10 +8,14 @@ java_library(
    name = "spec11",
    srcs = glob(["*.java"]),
    deps = [
+        "//java/google/registry/beam/spec11",
        "//java/google/registry/config",
+        "//java/google/registry/gcs",
        "//java/google/registry/keyring/api",
+        "//java/google/registry/reporting",
        "//java/google/registry/request",
        "//java/google/registry/request/auth",
+        "//java/google/registry/util",
        "@com_google_api_client_appengine",
        "@com_google_apis_google_api_services_dataflow",
        "@com_google_appengine_api_1_0_sdk",
@ -28,5 +32,6 @@ java_library(
        "@org_apache_beam_runners_google_cloud_dataflow_java",
        "@org_apache_beam_sdks_java_core",
        "@org_apache_beam_sdks_java_io_google_cloud_platform",
+        "@org_json",
    ],
 )
--- a/java/google/registry/reporting/spec11/GenerateSpec11ReportAction.java
+++ b/java/google/registry/reporting/spec11/GenerateSpec11ReportAction.java
@ -14,6 +14,7 @@

 package google.registry.reporting.spec11;

+import static google.registry.reporting.ReportingUtils.enqueueBeamReportingTask;
 import static google.registry.request.Action.Method.POST;
 import static javax.servlet.http.HttpServletResponse.SC_INTERNAL_SERVER_ERROR;
 import static javax.servlet.http.HttpServletResponse.SC_OK;
@ -32,6 +33,7 @@ import google.registry.request.Response;
 import google.registry.request.auth.Auth;
 import java.io.IOException;
 import javax.inject.Inject;
+import org.joda.time.YearMonth;

 /**
 * Invokes the {@code Spec11Pipeline} Beam template via the REST api.
@ -51,6 +53,7 @@ public class GenerateSpec11ReportAction implements Runnable {
  private final String spec11TemplateUrl;
  private final String jobZone;
  private final String apiKey;
+  private final YearMonth yearMonth;
  private final Response response;
  private final Dataflow dataflow;

@ -61,6 +64,7 @@ public class GenerateSpec11ReportAction implements Runnable {
      @Config("spec11TemplateUrl") String spec11TemplateUrl,
      @Config("defaultJobZone") String jobZone,
      @Key("safeBrowsingAPIKey") String apiKey,
+      YearMonth yearMonth,
      Response response,
      Dataflow dataflow) {
    this.projectId = projectId;
@ -68,6 +72,7 @@ public class GenerateSpec11ReportAction implements Runnable {
    this.spec11TemplateUrl = spec11TemplateUrl;
    this.jobZone = jobZone;
    this.apiKey = apiKey;
+    this.yearMonth = yearMonth;
    this.response = response;
    this.dataflow = dataflow;
  }
@ -77,12 +82,14 @@ public class GenerateSpec11ReportAction implements Runnable {
    try {
      LaunchTemplateParameters params =
          new LaunchTemplateParameters()
-              .setJobName("spec11_action")
+              .setJobName(String.format("spec11_%s", yearMonth.toString()))
              .setEnvironment(
                  new RuntimeEnvironment()
                      .setZone(jobZone)
                      .setTempLocation(beamBucketUrl + "/temporary"))
-              .setParameters(ImmutableMap.of("safeBrowsingApiKey", apiKey));
+              .setParameters(
+                  ImmutableMap.of(
+                      "safeBrowsingApiKey", apiKey, "yearMonth", yearMonth.toString("yyyy-MM")));
      LaunchTemplateResponse launchResponse =
          dataflow
              .projects()
@ -90,7 +97,8 @@ public class GenerateSpec11ReportAction implements Runnable {
              .launch(projectId, params)
              .setGcsPath(spec11TemplateUrl)
              .execute();
-      // TODO(b/111545355): Send an e-mail alert interpreting the results.
+      enqueueBeamReportingTask(
+          PublishSpec11ReportAction.PATH, launchResponse.getJob().getId(), yearMonth);
      logger.atInfo().log("Got response: %s", launchResponse.getJob().toPrettyString());
    } catch (IOException e) {
      logger.atWarning().withCause(e).log("Template Launch failed");
--- a/java/google/registry/reporting/spec11/PublishSpec11ReportAction.java
+++ b/java/google/registry/reporting/spec11/PublishSpec11ReportAction.java
@ -0,0 +1,110 @@
+// Copyright 2018 The Nomulus Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package google.registry.reporting.spec11;
+
+import static google.registry.request.Action.Method.POST;
+import static javax.servlet.http.HttpServletResponse.SC_INTERNAL_SERVER_ERROR;
+import static javax.servlet.http.HttpServletResponse.SC_NOT_MODIFIED;
+import static javax.servlet.http.HttpServletResponse.SC_NO_CONTENT;
+import static javax.servlet.http.HttpServletResponse.SC_OK;
+
+import com.google.api.services.dataflow.Dataflow;
+import com.google.api.services.dataflow.model.Job;
+import com.google.common.flogger.FluentLogger;
+import com.google.common.net.MediaType;
+import google.registry.config.RegistryConfig.Config;
+import google.registry.reporting.ReportingModule;
+import google.registry.request.Action;
+import google.registry.request.Parameter;
+import google.registry.request.Response;
+import google.registry.request.auth.Auth;
+import java.io.IOException;
+import javax.inject.Inject;
+import org.joda.time.YearMonth;
+
+/**
+ * Retries until a {@code Dataflow} job with a given {@code jobId} completes, continuing the Spec11
+ * pipeline accordingly.
+ *
+ * <p>This calls {@link Spec11EmailUtils#emailSpec11Reports()} on success or {@link
+ * Spec11EmailUtils#sendFailureAlertEmail(String)} on failure.
+ */
+@Action(path = PublishSpec11ReportAction.PATH, method = POST, auth = Auth.AUTH_INTERNAL_OR_ADMIN)
+public class PublishSpec11ReportAction implements Runnable {
+
+  static final String PATH = "/_dr/task/publishSpec11";
+
+  private static final FluentLogger logger = FluentLogger.forEnclosingClass();
+  private static final String JOB_DONE = "JOB_STATE_DONE";
+  private static final String JOB_FAILED = "JOB_STATE_FAILED";
+
+  private final String projectId;
+  private final String jobId;
+  private final Spec11EmailUtils emailUtils;
+  private final Dataflow dataflow;
+  private final Response response;
+  private final YearMonth yearMonth;
+
+  @Inject
+  PublishSpec11ReportAction(
+      @Config("projectId") String projectId,
+      @Parameter(ReportingModule.PARAM_JOB_ID) String jobId,
+      Spec11EmailUtils emailUtils,
+      Dataflow dataflow,
+      Response response,
+      YearMonth yearMonth) {
+    this.projectId = projectId;
+    this.jobId = jobId;
+    this.emailUtils = emailUtils;
+    this.dataflow = dataflow;
+    this.response = response;
+    this.yearMonth = yearMonth;
+  }
+
+  @Override
+  public void run() {
+    try {
+      logger.atInfo().log("Starting publish job.");
+      Job job = dataflow.projects().jobs().get(projectId, jobId).execute();
+      String state = job.getCurrentState();
+      switch (state) {
+        case JOB_DONE:
+          logger.atInfo().log("Dataflow job %s finished successfully, publishing results.", jobId);
+          response.setStatus(SC_OK);
+          emailUtils.emailSpec11Reports();
+          break;
+        case JOB_FAILED:
+          logger.atSevere().log("Dataflow job %s finished unsuccessfully.", jobId);
+          response.setStatus(SC_NO_CONTENT);
+          emailUtils.sendFailureAlertEmail(
+              String.format(
+                  "Spec11 %s job %s ended in status failure.", yearMonth.toString(), jobId));
+          break;
+        default:
+          logger.atInfo().log("Job in non-terminal state %s, retrying:", state);
+          response.setStatus(SC_NOT_MODIFIED);
+          break;
+      }
+    } catch (IOException e) {
+      logger.atSevere().withCause(e).log("Failed to publish Spec11 reports.");
+      emailUtils.sendFailureAlertEmail(
+          String.format(
+              "Spec11 %s publish action failed due to %s", yearMonth.toString(), e.getMessage()));
+      response.setStatus(SC_INTERNAL_SERVER_ERROR);
+      response.setContentType(MediaType.PLAIN_TEXT_UTF_8);
+      response.setPayload(String.format("Template launch failed: %s", e.getMessage()));
+    }
+  }
+}
--- a/java/google/registry/reporting/spec11/Spec11EmailUtils.java
+++ b/java/google/registry/reporting/spec11/Spec11EmailUtils.java
@ -0,0 +1,153 @@
+// Copyright 2018 The Nomulus Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package google.registry.reporting.spec11;
+
+import static com.google.common.base.Throwables.getRootCause;
+import static java.nio.charset.StandardCharsets.UTF_8;
+
+import com.google.appengine.tools.cloudstorage.GcsFilename;
+import com.google.common.collect.ImmutableList;
+import com.google.common.io.CharStreams;
+import google.registry.beam.spec11.Spec11Pipeline;
+import google.registry.beam.spec11.ThreatMatch;
+import google.registry.config.RegistryConfig.Config;
+import google.registry.gcs.GcsUtils;
+import google.registry.reporting.spec11.Spec11Module.Spec11ReportDirectory;
+import google.registry.util.Retrier;
+import google.registry.util.SendEmailService;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import javax.inject.Inject;
+import javax.mail.Message;
+import javax.mail.Message.RecipientType;
+import javax.mail.MessagingException;
+import javax.mail.internet.InternetAddress;
+import org.joda.time.YearMonth;
+import org.json.JSONArray;
+import org.json.JSONException;
+import org.json.JSONObject;
+
+/** Provides e-mail functionality for Spec11 tasks, such as sending Spec11 reports to registrars. */
+public class Spec11EmailUtils {
+
+  private final SendEmailService emailService;
+  private final YearMonth yearMonth;
+  private final String alertSenderAddress;
+  private final String alertRecipientAddress;
+  private final String reportingBucket;
+  private final String spec11ReportDirectory;
+  private final GcsUtils gcsUtils;
+  private final Retrier retrier;
+
+  @Inject
+  Spec11EmailUtils(
+      SendEmailService emailService,
+      YearMonth yearMonth,
+      @Config("alertSenderEmailAddress") String alertSenderAddress,
+      @Config("alertRecipientEmailAddress") String alertRecipientAddress,
+      @Config("reportingBucket") String reportingBucket,
+      @Spec11ReportDirectory String spec11ReportDirectory,
+      GcsUtils gcsUtils,
+      Retrier retrier) {
+    this.emailService = emailService;
+    this.yearMonth = yearMonth;
+    this.alertSenderAddress = alertSenderAddress;
+    this.alertRecipientAddress = alertRecipientAddress;
+    this.reportingBucket = reportingBucket;
+    this.spec11ReportDirectory = spec11ReportDirectory;
+    this.gcsUtils = gcsUtils;
+    this.retrier = retrier;
+  }
+
+  /**
+   * Processes a Spec11 report on GCS for a given month and e-mails registrars based on the
+   * contents.
+   */
+  void emailSpec11Reports() {
+    try {
+      retrier.callWithRetry(
+          () -> {
+            // Grab the file as an inputstream
+            GcsFilename spec11ReportFilename =
+                new GcsFilename(reportingBucket, spec11ReportDirectory);
+            try (InputStream in = gcsUtils.openInputStream(spec11ReportFilename)) {
+              ImmutableList<String> reportLines =
+                  ImmutableList.copyOf(
+                      CharStreams.toString(new InputStreamReader(in, UTF_8)).split("\n"));
+              // Iterate from 1 to size() to skip the header at line 0.
+              for (int i = 1; i < reportLines.size(); i++) {
+                emailRegistrar(reportLines.get(i));
+              }
+            }
+          },
+          IOException.class,
+          MessagingException.class);
+    } catch (Throwable e) {
+      // Send an alert with the root cause, unwrapping the retrier's RuntimeException
+      sendFailureAlertEmail(
+          String.format(
+              "Emailing spec11 reports failed due to %s",
+              getRootCause(e).getMessage()));
+      throw new RuntimeException("Emailing spec11 report failed", e);
+    }
+  }
+
+  private void emailRegistrar(String line) throws MessagingException, JSONException {
+    // Parse the Spec11 report JSON
+    JSONObject reportJSON = new JSONObject(line);
+    String registrarEmail = reportJSON.getString(Spec11Pipeline.REGISTRAR_EMAIL_FIELD);
+    JSONArray threatMatches = reportJSON.getJSONArray(Spec11Pipeline.THREAT_MATCHES_FIELD);
+    // TODO(b/112354588): Reword this e-mail according to business team's opinions.
+    StringBuilder body =
+        new StringBuilder("Hello registrar partner,\n")
+            .append("The SafeBrowsing API has detected problems with the following domains:\n");
+    for (int i = 0; i < threatMatches.length(); i++) {
+      ThreatMatch threatMatch = ThreatMatch.fromJSON(threatMatches.getJSONObject(i));
+      body.append(
+          String.format(
+              "%s - %s\n", threatMatch.fullyQualifiedDomainName(), threatMatch.threatType()));
+    }
+    body.append("At the moment, no action is required. This is purely informatory.")
+        .append("Regards,\nGoogle Registry\n");
+    Message msg = emailService.createMessage();
+    msg.setSubject(
+        String.format("Spec11 Monthly Threat Detector [%s]", yearMonth.toString()));
+    msg.setText(body.toString());
+    msg.setFrom(new InternetAddress(alertSenderAddress));
+    msg.setRecipient(RecipientType.TO, new InternetAddress(registrarEmail));
+    emailService.sendMessage(msg);
+
+  }
+
+  /** Sends an e-mail to the provided alert e-mail address indicating a spec11 failure. */
+  void sendFailureAlertEmail(String body) {
+    try {
+      retrier.callWithRetry(
+          () -> {
+            Message msg = emailService.createMessage();
+            msg.setFrom(new InternetAddress(alertSenderAddress));
+            msg.addRecipient(RecipientType.TO, new InternetAddress(alertRecipientAddress));
+            msg.setSubject(String.format("Spec11 Pipeline Alert: %s", yearMonth.toString()));
+            msg.setText(body);
+            emailService.sendMessage(msg);
+            return null;
+          },
+          MessagingException.class);
+    } catch (Throwable e) {
+      throw new RuntimeException("The spec11 alert e-mail system failed.", e);
+    }
+  }
+}
--- a/java/google/registry/reporting/spec11/Spec11Module.java
+++ b/java/google/registry/reporting/spec11/Spec11Module.java
@ -0,0 +1,42 @@
+// Copyright 2018 The Nomulus Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package google.registry.reporting.spec11;
+
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+import dagger.Module;
+import dagger.Provides;
+import google.registry.beam.spec11.Spec11Pipeline;
+import java.lang.annotation.Documented;
+import java.lang.annotation.Retention;
+import javax.inject.Qualifier;
+import org.joda.time.YearMonth;
+
+/** Module for dependencies required by Spec11 reporting. */
+@Module
+public class Spec11Module {
+
+  @Provides
+  @Spec11ReportDirectory
+  static String provideDirectoryPrefix(YearMonth yearMonth) {
+    return Spec11Pipeline.getSpec11Subdirectory(yearMonth.toString("yyyy-MM"));
+  }
+
+  /** Dagger qualifier for the subdirectory we stage to/upload from for Spec11 reports. */
+  @Qualifier
+  @Documented
+  @Retention(RUNTIME)
+  @interface Spec11ReportDirectory {}
+}