Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable New Relic High Security Mode #4053

Closed
wants to merge 1 commit into from
Closed

Enable New Relic High Security Mode #4053

wants to merge 1 commit into from

Conversation

asteel-gsa
Copy link
Contributor

@asteel-gsa asteel-gsa commented Jul 3, 2024
edited
Loading

PR simply adds a new New Relic environment variable at startup, allowing the instance to be in High Security Mode.

Once the deploys to preview are working again, im going to deploy this and look in new relic to ensure:

  • logs are still operating as expected
  • logshipper is still sending logs
  • dashboards aren't broken

High Security Mode does change some underlying items, and we want to ensure everything is still functional as we expect.

https://docs.newrelic.com/docs/apm/agents/manage-apm-agents/configuration/high-security-mode/#version2description

@asteel-gsa asteel-gsa requested a review from a team July 3, 2024 12:47
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jul 3, 2024
edited
Loading

Terraform plan for meta

No changes. Your infrastructure matches the configuration. 
No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

Warning: Argument is deprecated

  with module.s3-backups.cloudfoundry_service_instance.bucket,
  on /tmp/terraform-data-dir/modules/s3-backups/s3/main.tf line 14, in resource "cloudfoundry_service_instance" "bucket":
  14:   recursive_delete = var.recursive_delete

Since CF API v3, recursive delete is always done on the cloudcontroller side.
This will be removed in future releases

📝 Plan generated in Pull Request Checks #3455

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jul 3, 2024
edited
Loading

Terraform plan for dev

Plan: 1 to add, 0 to change, 1 to destroy. 
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # module.dev.module.cors.null_resource.cors_header must be replaced
-/+ resource "null_resource" "cors_header" {
!~      id       = "*******************" -> (known after apply)
!~      triggers = { # forces replacement
!~          "always_run" = "2024-08-12T17:36:54Z" -> (known after apply)
        }
    }

Plan: 1 to add, 0 to change, 1 to destroy.

Warning: Argument is deprecated

  with module.dev-backups-bucket.cloudfoundry_service_instance.bucket,
  on /tmp/terraform-data-dir/modules/dev-backups-bucket/s3/main.tf line 14, in resource "cloudfoundry_service_instance" "bucket":
  14:   recursive_delete = var.recursive_delete

Since CF API v3, recursive delete is always done on the cloudcontroller side.
This will be removed in future releases

(and 6 more similar warnings elsewhere)

📝 Plan generated in Pull Request Checks #3455

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jul 3, 2024
edited
Loading

File Coverage Missing
All files 87%
api/serializers.py 88% 178-179 184 189
api/test_views.py 95% 103
api/uei.py 88% 87 118-119 163 167-168
api/views.py 98% 198-199 337-338
audit/admin.py 88% 130-132
audit/forms.py 61% 33-40 111-118
audit/intake_to_dissemination.py 88% 57-62 264 308-316
audit/mixins.py 96% 28
audit/test_admin.py 72% 15-17
audit/test_commands.py 91%
audit/test_intakelib.py 88% 154-158
audit/test_manage_submission_access_view.py 98% 15 19
audit/test_mixins.py 90% 159-160 164-166 254-255 259-261
audit/test_validators.py 96% 439 443 611-612 851 858 865 872 1176-1177 1220-1221 1246-1251
audit/test_views.py 98% 132
audit/test_workbooks_should_fail.py 88% 58 87-88 92
audit/test_workbooks_should_pass.py 87% 59 74-76
audit/utils.py 86% 9 19 60-62 65
audit/validators.py 93% 138 190 279 419-420 435-436 519-520 622-626 631-635 651-660
audit/cross_validation/additional_ueis.py 93% 33
audit/cross_validation/check_award_ref_declaration.py 90%
audit/cross_validation/check_award_reference_uniqueness.py 93%
audit/cross_validation/check_certifying_contacts.py 87%
audit/cross_validation/check_findings_count_consistency.py 87% 35
audit/cross_validation/check_ref_number_in_cap.py 91%
audit/cross_validation/check_ref_number_in_findings_text.py 91%
audit/cross_validation/errors.py 78% 30 77
audit/cross_validation/naming.py 93% 229
audit/cross_validation/submission_progress_check.py 91% 83 126 174 182-183
audit/cross_validation/tribal_data_sharing_consent.py 81% 33 36 40
audit/cross_validation/validate_general_information.py 65% 77 81-84 96 99
audit/fixtures/dissemination.py 71% 38
audit/fixtures/single_audit_checklist.py 55% 160-197 245-254
audit/intakelib/exceptions.py 71% 7-9 12
audit/intakelib/intermediate_representation.py 91% 27-28 73 91 129 200-203 212-213 283-284
audit/intakelib/mapping_audit_findings.py 97% 55
audit/intakelib/mapping_audit_findings_text.py 97% 54
audit/intakelib/mapping_federal_awards.py 93% 92
audit/intakelib/mapping_util.py 79% 21 25 29 63 99 104-105 114-120 130 145 150
audit/intakelib/checks/check_all_unique_award_numbers.py 79% 24
audit/intakelib/checks/check_cluster_names.py 75% 20-25
audit/intakelib/checks/check_cluster_total.py 95% 99
audit/intakelib/checks/check_finding_reference_pattern.py 74% 34 44-45
audit/intakelib/checks/check_findings_grid_validation.py 89% 59
audit/intakelib/checks/check_has_all_the_named_ranges.py 95% 66
audit/intakelib/checks/check_is_a_workbook.py 69% 20
audit/intakelib/checks/check_loan_balance_entries.py 83% 28
audit/intakelib/checks/check_look_for_empty_rows.py 91% 18
audit/intakelib/checks/check_no_major_program_no_type.py 76% 18 27
audit/intakelib/checks/check_no_repeat_findings.py 88% 21
audit/intakelib/checks/check_other_cluster_names.py 81% 23 33
audit/intakelib/checks/check_passthrough_name_when_no_direct.py 83% 11 49 58
audit/intakelib/checks/check_sequential_award_numbers.py 82% 25 35
audit/intakelib/checks/check_start_and_end_rows_of_all_columns_are_same.py 89% 14
audit/intakelib/checks/check_state_cluster_names.py 81% 23 33
audit/intakelib/checks/check_version_number.py 73% 30 40-41
audit/intakelib/checks/runners.py 95% 187 217
audit/intakelib/common/util.py 90% 22 39
audit/intakelib/transforms/xform_rename_additional_notes_sheet.py 81% 14
audit/management/commands/load_fixtures.py 47% 40-46
audit/models/models.py 86% 59 61 66 68 210 216 228 240-243 261 438 456-457 465 487 585-586 590 598 607 613
audit/views/audit_info_form_view.py 27% 25-74 77-117 120-137
audit/views/manage_submission.py 86% 73-80
audit/views/manage_submission_access.py 98% 113-114
audit/views/pre_dissemination_download_view.py 78% 15-16 21-22 29-39
audit/views/submission_progress_view.py 89% 117 182-183
audit/views/tribal_data_consent.py 34% 23-41 44-79
audit/views/unlock_after_certification.py 57% 28-51 73-87
audit/views/upload_report_view.py 26% 32-35 44 91-117 120-170 178-209
audit/views/views.py 53% 74 81-100 123-124 198-199 220-230 257 268-269 280-281 283-287 329-342 345-359 364-377 394-400 405-425 452-456 461-490 533-537 542-562 589-593 598-627 670-674 679-691 694-704 709-721 754-768
census_historical_migration/change_record.py 98% 30
census_historical_migration/end_to_end_core.py 26% 57-89 93-111 116-155 161-187 246-258 263 273-307
census_historical_migration/invalid_record.py 94% 50 54 58 62 66
census_historical_migration/migration_result.py 75% 17 21 25 29 33-42 46
census_historical_migration/report_type_flag.py 96% 19
census_historical_migration/test_federal_awards_xforms.py 99% 219-220
census_historical_migration/sac_general_lib/audit_information.py 91% 28 82-87 336
census_historical_migration/sac_general_lib/cognizant_oversight.py 68% 11
census_historical_migration/sac_general_lib/general_information.py 86% 166-167 177-178 186-187 195-200 233-255 354-355
census_historical_migration/sac_general_lib/sac_creator.py 90% 34
census_historical_migration/sac_general_lib/utils.py 84% 35 62-71
census_historical_migration/transforms/xform_remove_hyphen_and_pad_zip.py 92% 18
census_historical_migration/transforms/xform_retrieve_uei.py 67% 10
census_historical_migration/transforms/xform_string_to_bool.py 87% 17
census_historical_migration/workbooklib/additional_eins.py 84% 58-60 67-77
census_historical_migration/workbooklib/additional_ueis.py 77% 27-29 36-46
census_historical_migration/workbooklib/corrective_action_plan.py 46% 49-51 65 93-125 134-153
census_historical_migration/workbooklib/excel_creation_utils.py 69% 110 119-124 129-136 140-158 171-175 189-192
census_historical_migration/workbooklib/federal_awards.py 77% 181-184 262-301 487 554-562 572-597 621-622 918-1022
census_historical_migration/workbooklib/findings.py 69% 81-86 154-174 179-199 216-218 330-354
census_historical_migration/workbooklib/findings_text.py 46% 50-51 67 97-129 138-160
census_historical_migration/workbooklib/notes_to_sefa.py 66% 34-38 101-102 104-105 107-108 136-143 152-160 168-170 279-326
census_historical_migration/workbooklib/post_upload_utils.py 21% 22-35 66-83 89-111
census_historical_migration/workbooklib/secondary_auditors.py 88% 128-130 186-205
census_historical_migration/workbooklib/workbook_builder.py 38% 14-17 26-41
census_historical_migration/workbooklib/workbook_builder_loader.py 41% 18-30
config/error_handlers.py 94% 22
config/test_settings.py 92% 33-34 49-50
config/urls.py 72% 88
dissemination/file_downloads.py 81% 43-61 91-93
dissemination/forms.py 87% 135 144 255
dissemination/search.py 88% 113 115 119 127-128
dissemination/summary_reports.py 78% 274 300-302 306-310 421 438 459 511-575 603 638-640 664-672
dissemination/test_search.py 93% 51-66 473-474 579-596 608-632 644-669 677-693
dissemination/test_summary_reports.py 98%
dissemination/views.py 75% 134 140-142 159-225 268 298 300 336 387 389 391 469-474
dissemination/migrations/0002_general_fac_accepted_date.py 47% 10-12
dissemination/searchlib/search_alns.py 37% 44-58 78-110 115-177 184-187
dissemination/searchlib/search_direct_funding.py 86% 21-22
dissemination/searchlib/search_findings.py 76% 18-24 34 36 38
dissemination/searchlib/search_general.py 96% 138
dissemination/searchlib/search_passthrough_name.py 35% 21-31
djangooidc/backends.py 78% 32 57-63
djangooidc/exceptions.py 66% 19 21 23 28
djangooidc/oidc.py 16% 32-35 45-51 64-70 92-149 153-199 203-226 230-275 280-281 286
djangooidc/views.py 81% 22 43 109-110 117
djangooidc/tests/common.py 97%
report_submission/forms.py 92% 39
report_submission/test_views.py 98% 835
report_submission/views.py 79% 97 252 276-277 282-283 323-493 496-506 565 601-603 611-612 615-617
report_submission/templatetags/get_attr.py 76% 8 11-14 18
support/admin.py 88% 76 79 84 91-97 100-102
support/cog_over.py 91% 29-32 92 116-120 156
support/test_admin_api.py 81% 23 147-148 237-238 317-318
support/test_cog_over.py 98% 174-175 264
support/management/commands/seed_cog_baseline.py 98% 20-21
support/models/cog_over.py 89% 103-104
tools/update_program_data.py 89% 96
users/admin.py 99% 27
users/auth.py 96% 58-59
users/models.py 96% 18 74-75
users/fixtures/user_fixtures.py 91%

Minimum allowed coverage is 85%

Generated by 🐒 cobertura-action against 414b855

@asteel-gsa asteel-gsa linked an issue Jul 3, 2024 that may be closed by this pull request
Configure New Relic High Security Mode #1649
Closed
@asteel-gsa asteel-gsa force-pushed the newrelic-highsecurity-mode branch from 76dfaa1 to 219c185 Compare July 3, 2024 17:08
@asteel-gsa
Copy link
Contributor Author

Will need to discuss with @danswick the nature of this, as if we enable it at an application layer, without doing it at the account level, it shuts down logs from the app.

@asteel-gsa asteel-gsa marked this pull request as draft July 8, 2024 12:47
@asteel-gsa asteel-gsa force-pushed the newrelic-highsecurity-mode branch from 414b855 to ef8bb04 Compare July 12, 2024 13:14
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jul 12, 2024
edited
Loading

☂️ Python Coverage

current status: ✅

Overall Coverage

Lines Covered Coverage Threshold Status
18088 16522 91% 0% 🟢

New Files

No new covered files...

Modified Files

No covered modified files...

updated for commit: 757946d by action🐍

@asteel-gsa asteel-gsa force-pushed the newrelic-highsecurity-mode branch from ef8bb04 to d796fd2 Compare August 1, 2024 14:12
@asteel-gsa asteel-gsa force-pushed the newrelic-highsecurity-mode branch from d796fd2 to 2c36678 Compare August 12, 2024 12:23
@asteel-gsa asteel-gsa force-pushed the newrelic-highsecurity-mode branch from 2c36678 to 757946d Compare August 13, 2024 12:30
@asteel-gsa asteel-gsa requested review from danswick and removed request for a team August 13, 2024 17:10
@asteel-gsa asteel-gsa marked this pull request as ready for review August 13, 2024 17:11
@asteel-gsa
Copy link
Contributor Author

going to close this for now but leave the branch.

@asteel-gsa asteel-gsa closed this Aug 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@danswick danswick Awaiting requested review from danswick

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Configure New Relic High Security Mode
1 participant
@asteel-gsa