Merge pull request #168 from neutrons/live_plot_secret_key

Set LIVE_PLOT_SECRET_KEY in settings from environment
neutrons · Jul 7, 2024 · 636c61e · 636c61e
2 parents fc21b34 + 8e11066
commit 636c61e
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 8 deletions.
diff --git a/.env b/.env
@@ -18,3 +18,4 @@ AMQ_BROKER=[["activemq", 61613]]
 AMQ_QUEUE=["/topic/SNS.COMMON.STATUS.WORKFLOW.0", "/topic/SNS.COMMON.STATUS.AUTOREDUCE.0", "/topic/SNS.*.APP.DASMON", "/topic/SNS.*.STATUS.DASMON", "/topic/SNS.*.SIGNAL.DASMON", "/topic/SNS.*.APP.SMS", "/topic/SNS.*.STATUS.SMS", "/topic/SNS.*.STATUS.POSTPROCESS", "/topic/SNS.COMMON.STATUS.ACK", "/topic/SNS.*.STATUS.PVSD", "/topic/HFIR.*.APP.DASMON", "/topic/HFIR.*.STATUS.DASMON", "/topic/HFIR.*.SIGNAL.DASMON", "/topic/HFIR.*.APP.SMS", "/topic/HFIR.*.STATUS.SMS", "/topic/HFIR.*.STATUS.POSTPROCESS", "/topic/HFIR.COMMON.STATUS.ACK", "/topic/HFIR.*.STATUS.PVSD"]
 
 LIVE_DATA_SERVER_DOMAIN=172.16.238.222
+LIVE_PLOT_SECRET_KEY=secretKey
diff --git a/.github/workflows/systemtests.yml b/.github/workflows/systemtests.yml
@@ -47,5 +47,6 @@ jobs:
           DJANGO_SETTINGS_MODULE: reporting.reporting_app.settings.envtest
           LDAP_SERVER_URI: .
           LDAP_DOMAIN_COMPONENT: .
+          LIVE_PLOT_SECRET_KEY: secretKey
     - name: Stand down docker containers
       run: docker-compose down
diff --git a/src/webmon_app/reporting/report/view_util.py b/src/webmon_app/reporting/report/view_util.py
@@ -47,10 +47,8 @@ def generate_key(instrument: str, run_id: int):
     secret_key = settings.LIVE_PLOT_SECRET_KEY
     if len(secret_key) == 0:
         return None
-    else:
-        h = hashlib.sha1()
-        h.update(("%s%s%s" % (instrument.upper(), secret_key, run_id)).encode("utf-8"))
-        return h.hexdigest()
+
+    return hashlib.sha1(f"{instrument.upper()}{secret_key}{run_id}".encode("utf-8")).hexdigest()
 
 
 def append_key(input_url, instrument, run_id):

diff --git a/src/webmon_app/reporting/reporting_app/settings/base.py b/src/webmon_app/reporting/reporting_app/settings/base.py
@@ -330,6 +330,7 @@ def validate_ldap_settings(server_uri, user_dn_template):
 LIVE_DATA_SERVER = "/plots/$instrument/$run_number/update"
 LIVE_DATA_SERVER_DOMAIN = environ.get("LIVE_DATA_SERVER_DOMAIN", "livedata.sns.gov")
 LIVE_DATA_SERVER_PORT = environ.get("LIVE_DATA_SERVER_PORT", "443")
+LIVE_PLOT_SECRET_KEY = environ.get("LIVE_PLOT_SECRET_KEY", "")
 
 # set up the mapping of instruments to facilities
 FACILITY_INFO = defaultdict(lambda: "SNS")  # SNS is the default

diff --git a/tests/test_livedata.py b/tests/test_livedata.py
@@ -1,5 +1,6 @@
 import time
 import os
+import hashlib
 
 import psycopg2
 import requests
@@ -60,11 +61,13 @@ def send_request(self, task, run_number, requestType):
         return response.text
 
     def test_reduction_request_livedata(self):
+        key = generate_key(self.instrument, self.run_number)
         ssl_crt_filename = os.path.join(os.path.dirname(os.path.abspath(__file__)), "../nginx/nginx.crt")
-        print(ssl_crt_filename)
+
         # first check that the there isn't an existing plot, should 404
         response = requests.get(
-            f"{LIVEDATA_TEST_URL}/plots/{self.instrument}/{self.run_number}/update/html/", verify=ssl_crt_filename
+            f"{LIVEDATA_TEST_URL}/plots/{self.instrument}/{self.run_number}/update/html/?key={key}",
+            verify=ssl_crt_filename,
         )
         assert response.status_code == 404
 
@@ -73,7 +76,8 @@ def test_reduction_request_livedata(self):
 
         # the data should now be on livedata
         response = requests.get(
-            f"{LIVEDATA_TEST_URL}/plots/{self.instrument}/{self.run_number}/update/html/", verify=ssl_crt_filename
+            f"{LIVEDATA_TEST_URL}/plots/{self.instrument}/{self.run_number}/update/html/?key={key}",
+            verify=ssl_crt_filename,
         )
         assert response.status_code == 200
         assert "Example Plot Data" in response.text
@@ -83,4 +87,18 @@ def test_reduction_request_livedata(self):
         # now verify that the run report page is templated correctly
         client = self.get_session()
         page = client.get(f"{WEBMON_TEST_URL}/report/{self.instrument}/{self.run_number}/")
-        assert "https://172.16.238.222:443/plots/arcs/214583/update/html/" in page.text
+        assert f"https://172.16.238.222:443/plots/arcs/214583/update/html/?key={key}" in page.text
+
+
+def generate_key(instrument, run_id):
+    """
+    Generate a secret key for a run on a given instrument
+    Used to simulate clients sending GET-requests using a secret key
+    @param instrument: instrument name
+    @param run_id: run number
+    """
+    secret_key = os.environ.get("LIVE_PLOT_SECRET_KEY")
+    if secret_key is None or len(secret_key) == 0:
+        return None
+
+    return hashlib.sha1(f"{instrument.upper()}{secret_key}{run_id}".encode("utf-8")).hexdigest()