Route SNS notifications through a Lambda function (#5246)

[achave11-ucsc]

Connected issues: #5246

Checklist

Author

• PR is a draft
• Target branch is develop
• Name of PR branch matches issues/<GitHub handle of author>/<issue#>-<slug>
• On ZenHub, PR is connected to all issues it (partially) resolves
• PR description links to connected issues
• PR title matches¹ that of a connected issue _{or comment in PR explains why they're different}
• PR title references all connected issues
• For each connected issue, there is at least one commit whose title references that issue

¹ when the issue title describes a problem, the corresponding PR
title is Fix: followed by the issue title

Author (partiality)

• Added p tag to titles of partial commits
• This PR is labeled partial _{or completely resolves all connected issues}
• This PR partially resolves each of the connected issues _{or does not have the partial label}

Author (chains)

• This PR is blocked by previous PR in the chain _{or is not chained to another PR}
• The blocking PR is labeled base _{or this PR is not chained to another PR}
• This PR is labeled chained _{or is not chained to another PR}

Author (reindex, API changes)

• Added r tag to commit title _{or the changes introduced by this PR will not require reindexing of any deployment}
• This PR is labeled reindex:dev _{or the changes introduced by it will not require reindexing of dev}
• This PR is labeled reindex:anvildev _{or the changes introduced by it will not require reindexing of anvildev}
• This PR is labeled reindex:anvilprod _{or the changes introduced by it will not require reindexing of anvilprod}
• This PR is labeled reindex:prod _{or the changes introduced by it will not require reindexing of prod}
• This PR is labeled reindex:partial and its description documents the specific reindexing procedure for dev, anvildev, anvilprod and prod _{or requires a full reindex or carries none of the labels reindex:dev, reindex:anvildev, reindex:anvilprod and reindex:prod}
• This PR and its connected issues are labeled API _{or this PR does not modify a REST API}
• Added a (A) tag to commit title for backwards (in)compatible changes _{or this PR does not modify a REST API}
• Updated REST API version number in app.py _{or this PR does not modify a REST API}

Author (upgrading deployments)

• Ran make image_manifests.json and committed the resulting changes _{or this PR does not modify azul_docker_images, or any other variables referenced in the definition of that variable}
• Documented upgrading of deployments in UPGRADING.rst _{or this PR does not require upgrading deployments}
• Added u tag to commit title _{or this PR does not require upgrading deployments}
• This PR is labeled upgrade _{or does not require upgrading deployments}
• This PR is labeled deploy:shared _{or does not modify image_manifests.json, and does not require deploying the shared component for any other reason}
• This PR is labeled deploy:gitlab _{or does not require deploying the gitlab component}
• This PR is labeled deploy:runner _{or does not require deploying the runner image}

Author (hotfixes)

• Added F tag to main commit title _{or this PR does not include permanent fix for a temporary hotfix}
• Reverted the temporary hotfixes for any connected issues _{or the none of the stable branches (anvilprod and prod) have temporary hotfixes for any of the issues connected to this PR}

Author (before every review)

• Rebased PR branch on develop, squashed old fixups
• Ran make requirements_update _{or this PR does not modify requirements*.txt, common.mk, Makefile and Dockerfile}
• Added R tag to commit title _{or this PR does not modify requirements*.txt}
• This PR is labeled reqs _{or does not modify requirements*.txt}
• make integration_test passes in personal deployment _{or this PR does not modify functionality that could affect the IT outcome}

Peer reviewer (after approval)

• PR is not a draft
• Ticket is in Review requested column
• PR is awaiting requested review from system administrator
• PR is assigned to only the system administrator

System administrator (after approval)

• Actually approved the PR
• Labeled connected issues as demo or no demo
• Commented on connected issues about demo expectations _{or all connected issues are labeled no demo}
• Decided if PR can be labeled no sandbox
• A comment to this PR details the completed security design review
• PR title is appropriate as title of merge commit
• N reviews label is accurate
• Moved connected issues to Approved column
• PR is assigned to only the operator

Operator (before pushing merge the commit)

• Checked reindex:… labels and r commit title tag
• Checked that demo expectations are clear _{or all connected issues are labeled no demo}
• Squashed PR branch and rebased onto develop
• Sanity-checked history
• Pushed PR branch to GitHub
• Ran _select dev.shared && CI_COMMIT_REF_NAME=develop make -C terraform/shared apply_keep_unused _{or this PR is not labeled deploy:shared}
• Ran _select dev.gitlab && CI_COMMIT_REF_NAME=develop make -C terraform/gitlab apply _{or this PR is not labeled deploy:gitlab}
• Ran _select anvildev.shared && CI_COMMIT_REF_NAME=develop make -C terraform/shared apply_keep_unused _{or this PR is not labeled deploy:shared}
• Ran _select anvildev.gitlab && CI_COMMIT_REF_NAME=develop make -C terraform/gitlab apply _{or this PR is not labeled deploy:gitlab}
• Checked the items in the next section _{or this PR is labeled deploy:gitlab}
• PR is assigned to only the system administrator _{or this PR is not labeled deploy:gitlab}

System administrator

• Background migrations for dev.gitlab are complete _{or this PR is not labeled deploy:gitlab}
• Background migrations for anvildev.gitlab are complete _{or this PR is not labeled deploy:gitlab}
• PR is assigned to only the operator

Operator (before pushing merge the commit)

• Ran _select dev.gitlab && make -C terraform/gitlab/runner _{or this PR is not labeled deploy:runner}
• Ran _select anvildev.gitlab && make -C terraform/gitlab/runner _{or this PR is not labeled deploy:runner}
• Added sandbox label _{or PR is labeled no sandbox}
• Pushed PR branch to GitLab dev _{or PR is labeled no sandbox}
• Pushed PR branch to GitLab anvildev _{or PR is labeled no sandbox}
• Build passes in sandbox deployment _{or PR is labeled no sandbox}
• Build passes in anvilbox deployment _{or PR is labeled no sandbox}
• Reviewed build logs for anomalies in sandbox deployment _{or PR is labeled no sandbox}
• Reviewed build logs for anomalies in anvilbox deployment _{or PR is labeled no sandbox}
• Deleted unreferenced indices in sandbox _{or this PR does not remove catalogs or otherwise causes unreferenced indices in dev}
• Deleted unreferenced indices in anvilbox _{or this PR does not remove catalogs or otherwise causes unreferenced indices in anvildev}
• Started reindex in sandbox _{or this PR is not labeled reindex:dev}
• Started reindex in anvilbox _{or this PR is not labeled reindex:anvildev}
• Checked for failures in sandbox _{or this PR is not labeled reindex:dev}
• Checked for failures in anvilbox _{or this PR is not labeled reindex:anvildev}
• The title of the merge commit starts with the title of this PR
• Added PR # reference to merge commit title
• Collected commit title tags in merge commit title _{but only included p if the PR is also labeled partial}
• Moved connected issues to Merged lower column in ZenHub
• Moved blocked issues to Triage _{or no issues are blocked on the connected issues}
• Pushed merge commit to GitHub

Operator (chain shortening)

• Changed the target branch of the blocked PR to develop _{or this PR is not labeled base}
• Removed the chained label from the blocked PR _{or this PR is not labeled base}
• Removed the blocking relationship from the blocked PR _{or this PR is not labeled base}
• Removed the base label from this PR _{or this PR is not labeled base}

Operator (after pushing the merge commit)

• Pushed merge commit to GitLab dev
• Pushed merge commit to GitLab anvildev
• Build passes on GitLab dev
• Reviewed build logs for anomalies on GitLab dev
• Build passes on GitLab anvildev
• Reviewed build logs for anomalies on GitLab anvildev
• Ran _select dev.shared && make -C terraform/shared apply _{or this PR is not labeled deploy:shared}
• Ran _select anvildev.shared && make -C terraform/shared apply _{or this PR is not labeled deploy:shared}
• Deleted PR branch from GitHub
• Deleted PR branch from GitLab dev
• Deleted PR branch from GitLab anvildev

Operator (reindex)

• Deindexed all unreferenced catalogs in dev _{or this PR is neither labeled reindex:partial nor reindex:dev}
• Deindexed all unreferenced catalogs in anvildev _{or this PR is neither labeled reindex:partial nor reindex:anvildev}
• Deindexed specific sources in dev _{or this PR is neither labeled reindex:partial nor reindex:dev}
• Deindexed specific sources in anvildev _{or this PR is neither labeled reindex:partial nor reindex:anvildev}
• Indexed specific sources in dev _{or this PR is neither labeled reindex:partial nor reindex:dev}
• Indexed specific sources in anvildev _{or this PR is neither labeled reindex:partial nor reindex:anvildev}
• Started reindex in dev _{or this PR does not require reindexing dev}
• Started reindex in anvildev _{or this PR does not require reindexing anvildev}
• Checked for, triaged and possibly requeued messages in both fail queues in dev _{or this PR does not require reindexing dev}
• Checked for, triaged and possibly requeued messages in both fail queues in anvildev _{or this PR does not require reindexing anvildev}
• Emptied fail queues in dev _{or this PR does not require reindexing dev}
• Emptied fail queues in anvildev _{or this PR does not require reindexing anvildev}

Operator

• Propagated the deploy:shared, deploy:gitlab, deploy:runner, API, reindex:partial, reindex:anvilprod and reindex:prod labels to the next promotion PRs _{or this PR carries none of these labels}
• Propagated any specific instructions related to the deploy:shared, deploy:gitlab, deploy:runner, API, reindex:partial, reindex:anvilprod and reindex:prod labels, from the description of this PR to that of the next promotion PRs _{or this PR carries none of these labels}
• PR is assigned to no one

Shorthand for review comments

• L line is too long
• W line wrapping is wrong
• Q bad quotes
• F other formatting problem

[codecov]

Codecov Report

Attention: Patch coverage is 60.41667% with 19 lines in your changes missing coverage. Please review.

Project coverage is 85.32%. Comparing base (751e60c) to head (17e8100).

Files with missing lines	Patch %	Lines
src/azul/indexer/notify_service.py	52.17%	11 Missing ⚠️
src/azul/deployment.py	33.33%	6 Missing ⚠️
src/azul/indexer/notification_controller.py	80.00%	2 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff             @@
##           develop    #5445      +/-   ##
===========================================
- Coverage    85.38%   85.32%   -0.06%     
===========================================
  Files          156      158       +2     
  Lines        20767    20809      +42     
===========================================
+ Hits         17731    17755      +24     
- Misses        3036     3054      +18     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[coveralls]

coverage: 85.341% (-0.06%) from 85.398%
when pulling 17e8100 on issues/achave11-ucsc/5246-sns-to-lambda
into 751e60c on develop.

[hannes-ucsc]

I renamed some classes and the containing modules should be renamed as well, but to keep the diff smaller I didn't rename the modules.

Index: src/azul/indexer/notify_service.py
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
diff --git a/src/azul/indexer/notify_service.py b/src/azul/indexer/notify_service.py
--- a/src/azul/indexer/notify_service.py	(revision 52b723982f7fd8dc4da157bbe9c6b2dc99807e1b)
+++ b/src/azul/indexer/notify_service.py	(date 1701232402831)
@@ -2,7 +2,6 @@
 import logging
 
 from azul import (
-    JSON,
     config,
 )
 from azul.deployment import (
@@ -15,34 +14,31 @@
 log = logging.getLogger(__name__)
 
 
-class AzulEmailNotificationService:
+class EmailService:
 
-    def notify_group(self, subject: str, message: str) -> None:
-        log.info('Notifying group of event %r', trunc_ellipses(message, 256))
-        # Try to improve readability by adding indent
-        try:
-            body = json.loads(message)
-        except json.decoder.JSONDecodeError:
-            log.warning('Not a JSON serializable event, sending as received.')
-            body = message
-        else:
-            body = json.dumps(body, indent=4)
-        response = aws.ses.send_email(
-            FromEmailAddress=' '.join([
-                'Azul',
-                config.deployment_stage,
-                'Monitoring',
-                '<monitoring@' + config.api_lambda_domain('indexer') + '>'
-            ]),
-            Destination={
-                'ToAddresses': [config.monitoring_email]
-            },
-            Content=self._content(subject, body)
-        )
-        log.info('Sent notification %r', response['MessageId'])
+    @property
+    def to_email(self):
+        return config.monitoring_email
+
+    @property
+    def from_email(self):
+        return ' '.join([
+            'Azul',
+            config.deployment_stage,
+            'Monitoring',
+            '<monitoring@' + config.api_lambda_domain('indexer') + '>'
+        ])
 
-    def _content(self, subject: str, body: str) -> JSON:
-        return {
+    def send_message(self, subject: str, body: str) -> None:
+        log.info('Sending message %r with body %r',
+                 subject, trunc_ellipses(body, 256))
+        try:
+            body = json.loads(body)
+        except json.decoder.JSONDecodeError:
+            log.warning('Not a JSON serializable event, sending as is')
+        else:
+            body = json.dumps(body, indent=4)
+        content = {
             'Simple': {
                 'Subject': {
                     'Data': subject
@@ -54,3 +50,8 @@
                 }
             }
         }
+        response = aws.ses.send_email(FromEmailAddress=self.from_email,
+                                      Destination=dict(ToAddresses=[self.to_email]),
+                                      Content=content)
+        log.info('Successfully sent message %r, message ID is %r',
+                 subject, response['MessageId'])
Index: lambdas/indexer/app.py
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
diff --git a/lambdas/indexer/app.py b/lambdas/indexer/app.py
--- a/lambdas/indexer/app.py	(revision 52b723982f7fd8dc4da157bbe9c6b2dc99807e1b)
+++ b/lambdas/indexer/app.py	(date 1701233651213)
@@ -35,7 +35,7 @@
     LogForwardingController,
 )
 from azul.indexer.notification_controller import (
-    NotificationController,
+    MonitoringController,
 )
 from azul.logging import (
     configure_app_logging,
@@ -78,8 +78,8 @@
         return self._controller(HealthController, lambda_name='indexer')
 
     @cached_property
-    def notification_controller(self):
-        return self._controller(NotificationController)
+    def monitoring_controller(self):
+        return self._controller(MonitoringController)
 
     @cached_property
     def index_controller(self) -> IndexController:
@@ -105,9 +105,9 @@
             return lambda func: func
 
     @property
-    def monitoring(self):
+    def monitoring_sns_handler(self):
         if config.enable_monitoring:
-            return self.on_sns_message(topic=config.qualified_resource_name('monitoring'))
+            return self.on_sns_message(topic=aws.monitoring_topic_name)
         else:
             return lambda func: func
 
@@ -365,6 +365,6 @@
     app.log_controller.forward_s3_access_logs(event)
 
 
-@app.monitoring
+@app.monitoring_sns_handler
 def notify(event: chalice.app.SNSEvent):
-    app.notification_controller.notify_group(event)
+    app.monitoring_controller.notify_group(event)
Index: src/azul/indexer/notification_controller.py
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
diff --git a/src/azul/indexer/notification_controller.py b/src/azul/indexer/notification_controller.py
--- a/src/azul/indexer/notification_controller.py	(revision 52b723982f7fd8dc4da157bbe9c6b2dc99807e1b)
+++ b/src/azul/indexer/notification_controller.py	(date 1701233621115)
@@ -7,15 +7,15 @@
     AppController,
 )
 from azul.indexer.notify_service import (
-    AzulEmailNotificationService,
+    EmailService,
 )
 
 
-class NotificationController(AppController):
+class MonitoringController(AppController):
 
     @cached_property
-    def service(self):
-        return AzulEmailNotificationService()
+    def email_service(self):
+        return EmailService()
 
     def notify_group(self, event: chalice.app.SNSEvent) -> None:
-        self.service.notify_group(event.subject, event.message)
+        self.email_service.send_message(event.subject, event.message)
Index: terraform/api_gateway.tf.json.template.py
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
diff --git a/terraform/api_gateway.tf.json.template.py b/terraform/api_gateway.tf.json.template.py
--- a/terraform/api_gateway.tf.json.template.py	(revision 52b723982f7fd8dc4da157bbe9c6b2dc99807e1b)
+++ b/terraform/api_gateway.tf.json.template.py	(date 1701234741526)
@@ -351,6 +351,7 @@
                     'function_name': '${aws_lambda_function.indexer_%s.function_name}' % function_name,
                     'maximum_retry_attempts': 0
                 }
+                # REVIEW: see my comments on your other PR that modifies this section
                 for function_name in [
                     *(
                         ('forward_alb_logs', 'forward_s3_logs')
@@ -502,14 +503,15 @@
                     },
                     **(
                         {
-                            'notify_ses': {
+                            'notify': {
                                 'zone_id': '${data.aws_route53_zone.%s.id}' % zones_by_domain[app.domains[0]].slug,
-                                'name': '_amazonses.' + config.api_lambda_domain(app.name),
+                                'name': '_amazonses.' + app.domains[0],
                                 'type': 'TXT',
                                 'ttl': '600',
                                 'records': ['${aws_ses_domain_identity.notify.verification_token}']
                             }
-                        } if app.name == 'indexer' and config.enable_monitoring else
+                        }
+                        if app.name == 'indexer' and config.enable_monitoring else
                         {}
                     )
                 },
@@ -637,7 +639,7 @@
                     {
                         'aws_ses_domain_identity': {
                             'notify': {
-                                'domain': config.api_lambda_domain(app.name)
+                                'domain': app.domains[0]
                             }
                         },
                         'aws_ses_identity_policy': {
@@ -650,6 +652,8 @@
                                         {
                                             'Effect': 'Allow',
                                             'Principal': {
+                                                # REVIEW: Who or what creates the role this ARN is referring to? And
+                                                #         what does the part after the last slash in the ARN signify?
                                                 'AWS': 'arn:aws:sts::'
                                                        + aws.account
                                                        + ':assumed-role/'

[hannes-ucsc]

Yes, but one should not have to jump around in the document. The sections are meant in to be performed in the order they appear in the document. Skipping a section is OK, but going backwards is not. Why does this have to be executed after the infrastructure was deployed?

[hannes-ucsc]

Suggested change

	--website-url $(python -c 'from azul import config; print(api_lambda_domain("notify"))') \
	--website-url $(python -c 'from azul import config; print(config.api_lambda_domain("notify"))') \

but I added a convenience recently

Suggested change

	--website-url $(python -c 'from azul import config; print(api_lambda_domain("notify"))') \
	--website-url $(python -m azul 'config.api_lambda_domain("notify")') \

[achave11-ucsc]

Assumed-role session principal

[achave11-ucsc]

This diverges from convention, add policy statement to appropriate Lambda role policy.