diff --git a/.github/workflows/daily-csv-upload.yaml b/.github/workflows/daily-csv-upload.yaml index 84881398e..2a57c2083 100644 --- a/.github/workflows/daily-csv-upload.yaml +++ b/.github/workflows/daily-csv-upload.yaml @@ -31,12 +31,12 @@ jobs: cf_space: ${{ secrets.CF_REPORT_ENV }} cf_command: "run-task getgov-${{ secrets.CF_REPORT_ENV }} --command 'python manage.py generate_current_full_report' --name full" - - name: Generate current-metadata.csv + - name: Generate and email domain-metadata-.csv uses: cloud-gov/cg-cli-tools@main with: cf_username: ${{ secrets[env.CF_USERNAME] }} cf_password: ${{ secrets[env.CF_PASSWORD] }} cf_org: cisa-dotgov cf_space: ${{ secrets.CF_REPORT_ENV }} - cf_command: "run-task getgov-${{ secrets.CF_REPORT_ENV }} --command 'python manage.py generate_current_metadata_report' --name metadata" + cf_command: "run-task getgov-${{ secrets.CF_REPORT_ENV }} --command 'python manage.py email_current_metadata_report' --name metadata" diff --git a/docs/operations/runbooks/rotate_application_secrets.md b/docs/operations/runbooks/rotate_application_secrets.md index f7a5004ef..1094b4ff7 100644 --- a/docs/operations/runbooks/rotate_application_secrets.md +++ b/docs/operations/runbooks/rotate_application_secrets.md @@ -120,6 +120,8 @@ This is the hostname at which the registry can be found. ## SECRET_METADATA_KEY -This is in reference to the key for the metadata email that is sent daily. Reach out to product team members or leads with access to security passwords if the passcode is needed. +This is the passphrase for the zipped and encrypted metadata email that is sent out daily. Reach out to product team members or leads with access to security passwords if the passcode is needed. + +To change the password, use a password generator to generate a password, then update the user credentials per the above instructions. Be sure to update the [KBDX](https://docs.google.com/document/d/1_BbJmjYZNYLNh4jJPPnUEG9tFCzJrOc0nMrZrnSKKyw) file in Google Drive with this password change. + -To change the password, use a password generator to generate a password, then update the user credentials per the above instructions. Be sure to update the `KDBX` file in Google Drive with this password change. diff --git a/src/Pipfile b/src/Pipfile index b9c5d72d4..9208fada5 100644 --- a/src/Pipfile +++ b/src/Pipfile @@ -45,5 +45,4 @@ django-webtest = "*" types-cachetools = "*" boto3-mocking = "*" boto3-stubs = "*" -django-model2puml = "*" - +django-model2puml = "*" \ No newline at end of file diff --git a/src/registrar/config/settings.py b/src/registrar/config/settings.py index 65b372fac..e5b97748a 100644 --- a/src/registrar/config/settings.py +++ b/src/registrar/config/settings.py @@ -74,6 +74,7 @@ secret_aws_s3_key_id = secret("access_key_id", None) or secret("AWS_S3_ACCESS_KE secret_aws_s3_key = secret("secret_access_key", None) or secret("AWS_S3_SECRET_ACCESS_KEY", None) secret_aws_s3_bucket_name = secret("bucket", None) or secret("AWS_S3_BUCKET_NAME", None) +# Passphrase for the encrypted metadata email secret_encrypt_metadata = secret("SECRET_ENCRYPT_METADATA", None) secret_registry_cl_id = secret("REGISTRY_CL_ID") diff --git a/src/registrar/management/commands/generate_current_metadata_report.py b/src/registrar/management/commands/generate_current_metadata_report.py index 209ed5cd5..103ce0dab 100644 --- a/src/registrar/management/commands/generate_current_metadata_report.py +++ b/src/registrar/management/commands/generate_current_metadata_report.py @@ -45,7 +45,7 @@ class Command(BaseCommand): # TODO - #1317: Notify operations when auto report generation fails raise err else: - logger.info(f"Success! Created {file_name}") + logger.info(f"Success! Created {file_name} and successfully sent out an email!") def generate_current_metadata_report(self, directory, file_name, check_path): """Creates a current-metadata.csv file under the specified directory, @@ -68,6 +68,7 @@ class Command(BaseCommand): # Set zip file name current_date = datetime.now().strftime("%m%d%Y") current_filename = f"domain-metadata-{current_date}.zip" + # Pre-set zip file name encrypted_metadata_output = current_filename @@ -92,6 +93,7 @@ class Command(BaseCommand): ) def _encrypt_metadata(self, input_file, output_file, password): + """Helper function for encrypting the attachment file""" current_date = datetime.now().strftime("%m%d%Y") current_filename = f"domain-metadata-{current_date}.csv" # Using ZIP_DEFLATED bc it's a more common compression method supported by most zip utilities and faster diff --git a/src/registrar/tests/test_emails.py b/src/registrar/tests/test_emails.py index 99db0d644..b11f21da6 100644 --- a/src/registrar/tests/test_emails.py +++ b/src/registrar/tests/test_emails.py @@ -211,3 +211,4 @@ class TestEmails(TestCase): self.assertIn("Content-Type: application/octet-stream", call_args["RawMessage"]["Data"]) self.assertIn("Content-Transfer-Encoding: base64", call_args["RawMessage"]["Data"]) self.assertIn("Content-Disposition: attachment;", call_args["RawMessage"]["Data"]) + self.assertNotIn("Attachment file content", call_args["RawMessage"]["Data"]) diff --git a/src/registrar/utility/email.py b/src/registrar/utility/email.py index 35a4ecf03..91d55f361 100644 --- a/src/registrar/utility/email.py +++ b/src/registrar/utility/email.py @@ -20,7 +20,12 @@ class EmailSendingError(RuntimeError): def send_templated_email( - template_name: str, subject_template_name: str, to_address: str, bcc_address="", context={}, file: str = None + template_name: str, + subject_template_name: str, + to_address: str, + bcc_address="", + context={}, + attachment_file: str = None, ): """Send an email built from a template to one email address. @@ -51,7 +56,7 @@ def send_templated_email( destination["BccAddresses"] = [bcc_address] try: - if file is None: + if attachment_file is None: ses_client.send_email( FromEmailAddress=settings.DEFAULT_FROM_EMAIL, Destination=destination, @@ -71,7 +76,7 @@ def send_templated_email( config=settings.BOTO_CONFIG, ) response = send_email_with_attachment( - settings.DEFAULT_FROM_EMAIL, to_address, subject, email_body, file, ses_client + settings.DEFAULT_FROM_EMAIL, to_address, subject, email_body, attachment_file, ses_client ) # TODO: Remove this print statement when ready to merge, # leaving rn for getting error codes in case