Merge pull request #6159 from bcgov/feat/6028

feat(5812): implement reminders for private cloud reviews

Author: junminahn

helm/tools/dags/_keycloak.py

@@ -8,14 +8,38 @@ def __init__(self, auth_server_url, realm, client_id, client_secret):
         self.client_id = client_id
         self.client_secret = client_secret
         self.token_url = f"{auth_server_url}/realms/{realm}/protocol/openid-connect/token"
+        self.base_admin_url = f"{auth_server_url}/admin/realms/{realm}"
+        self._access_token = None
 
     def _request_token(self):
         payload = {"grant_type": "client_credentials", "client_id": self.client_id, "client_secret": self.client_secret}
-
         response = requests.post(self.token_url, data=payload)
         response.raise_for_status()
         return response.json()
 
     def get_access_token(self):
-        token_data = self._request_token()
-        return token_data.get("access_token", "")
+        if not self._access_token:
+            token_data = self._request_token()
+            self._access_token = token_data.get("access_token", "")
+        return self._access_token
+
+    def _get_headers(self):
+        return {"Authorization": f"Bearer {self.get_access_token()}", "Content-Type": "application/json"}
+
+    def find_client_by_client_id(self, client_id):
+        url = f"{self.base_admin_url}/clients?clientId={client_id}"
+        response = requests.get(url, headers=self._get_headers())
+        response.raise_for_status()
+        clients = response.json()
+        return clients[0] if clients else None
+
+    def find_users_by_client_role(self, client_id, role_name):
+        client = self.find_client_by_client_id(client_id)
+        if not client or "id" not in client:
+            return []
+
+        role_users_url = f"{self.base_admin_url}/clients/{client['id']}/roles/{role_name}/users"
+
+        response = requests.get(role_users_url, headers=self._get_headers())
+        response.raise_for_status()
+        return response.json()

helm/tools/dags/_request_review_reminder.html

@@ -0,0 +1,113 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html dir="ltr" lang="en">
+  <head>
+    <title>BC Platform Services Product Registry</title>
+    <meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
+    <link rel="preload" as="image" href="https://dev-pltsvc.apps.silver.devops.gov.bc.ca/logo.png" />
+    <meta name="x-apple-disable-message-reformatting" />
+  </head>
+
+  <body
+    style="
+      margin: 0;
+      padding: 0;
+      background-color: rgb(255, 255, 255);
+      font-family:
+        Inter var,
+        ui-sans-serif,
+        system-ui,
+        sans-serif,
+        'Apple Color Emoji',
+        'Segoe UI Emoji',
+        'Segoe UI Symbol',
+        'Noto Color Emoji';
+      font-size: 0.75rem;
+      line-height: 1rem;
+      color: rgb(52, 64, 84);
+    "
+  >
+    <div
+      style="
+        margin: 1rem auto;
+        max-width: 36rem;
+        border-radius: 0.25rem;
+        border: 1px solid rgb(234, 234, 234);
+        padding: 1rem;
+      "
+    >
+      <div
+        style="
+          display: flex;
+          flex-direction: row;
+          border-bottom: 3px solid rgb(252, 186, 25);
+          background-color: rgb(0, 51, 102);
+          box-shadow:
+            0 1px 3px rgb(0 0 0 / 10%),
+            0 1px 2px -1px rgb(0 0 0 / 10%);
+        "
+      >
+        <img
+          alt="BC Platform Services Product Registry"
+          height="41"
+          src="https://dev-pltsvc.apps.silver.devops.gov.bc.ca/logo.png"
+          style="margin: auto 1rem"
+          width="58"
+        />
+        <div style="display: flex; flex-direction: row; color: rgb(255, 255, 255)">
+          <p
+            style="
+              font-size: 1.125rem;
+              line-height: 1.75rem;
+              margin: 16px 0;
+              margin-right: 0.5rem;
+              font-family: Roboto, ui-sans-serif, system-ui, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji',
+                'Segoe UI Symbol', 'Noto Color Emoji';
+              font-weight: 100;
+            "
+          >
+            BC Platform Services
+          </p>
+          <p
+            style="
+              font-size: 1.125rem;
+              line-height: 1.75rem;
+              margin: 16px 0;
+              font-family: Roboto, ui-sans-serif, system-ui, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji',
+                'Segoe UI Symbol', 'Noto Color Emoji';
+              font-weight: 400;
+            "
+          >
+            Product Registry
+          </p>
+        </div>
+      </div>
+
+      <div style="margin: 3rem">
+        <div style="margin-bottom: 1rem; margin-top: 1rem">
+          <h1 style="font-size: 1.125rem; line-height: 1.75rem; color: rgb(0, 0, 0)">
+            Private Cloud Request Review Reminder
+          </h1>
+          <p style="font-size: 14px; line-height: 24px; margin: 16px 0">Hi Registry Team,</p>
+          <p style="font-size: 14px; line-height: 24px; margin: 16px 0">
+            You have a pending review for the private cloud request with licence plate
+            <strong>{{ licence_plate }}</strong>. Please complete your review at your earliest convenience.
+          </p>
+          <a
+            href="{{ request_url }}"
+            style="
+              text-decoration: none;
+              display: inline-block;
+              border-radius: 0.375rem;
+              background-color: rgb(252, 186, 25);
+              padding: 0.5rem 1rem;
+              color: rgb(255, 255, 255);
+            "
+            target="_blank"
+          >
+            View request
+          </a>
+        </div>
+      </div>
+    </div>
+  </body>
+</html>

helm/tools/dags/_request_review_reminder.py

@@ -0,0 +1,116 @@
+import requests
+from requests.exceptions import RequestException
+from datetime import date, datetime, timedelta, timezone
+from jinja2 import Environment, FileSystemLoader, select_autoescape
+from typing import Optional, Set
+from _projects import get_mongo_db
+from _keycloak import Keycloak
+from _ches import Ches
+
+
+def get_holiday_dates(province: str) -> set:
+    url = f"https://canada-holidays.ca/api/v1/provinces/{province}"
+    response = requests.get(url)
+    response.raise_for_status()
+
+    data = response.json()
+    holiday_dates = {holiday["date"] for holiday in data["province"]["holidays"]}
+    print(holiday_dates)
+    return holiday_dates
+
+
+def get_n_business_days_ago(n: int, province: str, base_date: Optional[date] = None) -> date:
+    holidays = get_holiday_dates(province)
+    current_day = base_date or date.today()
+    count = 0
+
+    while count < n:
+        current_day -= timedelta(days=1)
+        weekday = current_day.weekday()  # Monday is 0, Sunday is 6
+
+        if weekday >= 5:  # Weekend
+            continue
+        if current_day.isoformat() in holidays:  # Holiday
+            continue
+
+        count += 1
+
+    return current_day
+
+
+def generate_email_html(app_url: str, licence_plate: str, request_id: str):
+    env = Environment(
+        loader=FileSystemLoader("/opt/airflow/dags"),
+        autoescape=select_autoescape(
+            enabled_extensions=("html", "xml"),
+            default_for_string=True,
+        ),
+    )
+
+    template = env.get_template("_request_review_reminder.html")
+    html_content = template.render(
+        request_url=f"{app_url}/private-cloud/requests/{request_id}/decision", licence_plate=licence_plate
+    )
+
+    return html_content
+
+
+def send_request_review_reminders(
+    app_url,
+    mongo_conn_id,
+    kc_auth_url,
+    kc_realm,
+    kc_client_id,
+    kc_client_secret,
+    ches_api_url,
+    ches_auth_url,
+    ches_realm,
+    ches_client_id,
+    ches_client_secret,
+):
+    kc = Keycloak(kc_auth_url, kc_realm, kc_client_id, kc_client_secret)
+    admins = kc.find_users_by_client_role("pltsvc", "private-admin")
+    adminEmails = [admin["email"] for admin in admins if "email" in admin]
+    if not adminEmails:
+        print("No admin emails found.")
+        return None
+
+    ches = Ches(ches_api_url, ches_auth_url, ches_realm, ches_client_id, ches_client_secret)
+    db = get_mongo_db(mongo_conn_id)
+
+    three_business_days_ago = get_n_business_days_ago(3, "BC")
+    print(f"Three business days ago: {three_business_days_ago}")
+
+    three_business_days_ago_dt = datetime.combine(three_business_days_ago, datetime.min.time())
+    query = {
+        "type": "REVIEW_PRIVATE_CLOUD_REQUEST",
+        "status": "ASSIGNED",
+        "createdAt": {"$lt": three_business_days_ago_dt},
+    }
+    projection = {"_id": True, "data": True}
+
+    print(f"Querying {query}...")
+    tasks = db.Task.find(query, projection=projection)
+
+    success = 0
+    failure = 0
+    for task in tasks:
+        try:
+            data = task.get("data")
+            licence_plate = data["licencePlate"]
+            request_id = data["requestId"]
+            print(f"Processing task {task['_id']} with data: {data}")
+
+            ches.send_email(
+                {
+                    "subject": "Private Cloud Request Review Reminder",
+                    "body": generate_email_html(app_url, licence_plate, request_id),
+                    "to": adminEmails,
+                }
+            )
+            success += 1
+        except Exception as e:
+            print(f"Failed to process task {task['_id']}: {e}")
+            failure += 1
+
+    return {"success": success, "failure": failure}

helm/tools/dags/_task_failure_callback.py

@@ -10,7 +10,7 @@ def send_alert(context, dag):
     task_id = task_instance.task_id
     execution_date = context.get("execution_date")
 
-    airflow_dag_logs = f"https://secdash-airflow.apps.silver.devops.gov.bc.ca/dags/{dag}/grid"
+    airflow_dag_logs = f"https://secdash-airflow.apps.silver.devops.gov.bc.ca/dags/{dag}/runs"
 
     payload = {
         "text": f":warning: Airflow: **{dag}**",

helm/tools/dags/_temporary_products_notification.py

@@ -1,12 +1,18 @@
 from datetime import datetime, timedelta, timezone
-from jinja2 import Environment, FileSystemLoader
+from jinja2 import Environment, FileSystemLoader, select_autoescape
 from bson.objectid import ObjectId
 from _projects import get_mongo_db
 from _ches import Ches
 
 
 def generate_email_html(app_url: str, licence_plate: str):
-    env = Environment(loader=FileSystemLoader("/opt/airflow/dags"))
+    env = Environment(
+        loader=FileSystemLoader("/opt/airflow/dags"),
+        autoescape=select_autoescape(
+            enabled_extensions=("html", "xml"),
+            default_for_string=True,
+        ),
+    )
 
     template = env.get_template("_temporary_products_notification.html")
     html_content = template.render(

helm/tools/dags/request_review_reminder_dev.py

@@ -0,0 +1,47 @@
+import os
+from airflow import DAG
+from airflow.operators.python import PythonOperator
+from datetime import datetime, timedelta
+from _request_review_reminder import send_request_review_reminders
+from _task_failure_callback import send_alert
+
+APP_URL = "https://dev-pltsvc.apps.silver.devops.gov.bc.ca"
+MONGO_CONN_ID = "pltsvc-dev"
+
+KC_AUTH_URL = "https://dev.loginproxy.gov.bc.ca/auth"
+KC_REALM = "platform-services"
+KC_SA_ID = os.getenv("DEV_KEYCLOAK_ADMIN_CLIENT_ID")
+KC_SA_SECRET = os.getenv("DEV_KEYCLOAK_ADMIN_CLIENT_SECRET")
+
+CHES_AUTH_URL = "https://dev.loginproxy.gov.bc.ca/auth"
+CHES_REALM = "comsvcauth"
+CHES_SA_ID = os.getenv("DEV_CHES_SA_ID")
+CHES_SA_SECRET = os.getenv("DEV_CHES_SA_SECRET")
+CHES_API_URL = "http://pltsvc-ches-mock.101ed4-dev.svc.cluster.local:3025"
+
+with DAG(
+    dag_id="request_review_reminder_dev",
+    description="A DAG to send reminders for review of private cloud requests",
+    schedule="0 0 * * *",
+    start_date=datetime.now() - timedelta(weeks=1),
+    is_paused_upon_creation=False,
+    catchup=False,
+) as dag:
+    t1 = PythonOperator(
+        task_id="request-review-reminder",
+        python_callable=send_request_review_reminders,
+        op_kwargs={
+            "app_url": APP_URL,
+            "mongo_conn_id": MONGO_CONN_ID,
+            "kc_auth_url": KC_AUTH_URL,
+            "kc_realm": KC_REALM,
+            "kc_client_id": KC_SA_ID,
+            "kc_client_secret": KC_SA_SECRET,
+            "ches_api_url": CHES_API_URL,
+            "ches_auth_url": CHES_AUTH_URL,
+            "ches_realm": CHES_REALM,
+            "ches_client_id": CHES_SA_ID,
+            "ches_client_secret": CHES_SA_SECRET,
+        },
+        on_failure_callback=lambda context: send_alert(context, context["dag"].dag_id),
+    )