Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

write command to download csv file #1196

Merged
merged 9 commits into from
Aug 5, 2024
Merged

write command to download csv file #1196

merged 9 commits into from
Aug 5, 2024

Conversation

terrazoon
Copy link
Contributor

@terrazoon terrazoon commented Jul 17, 2024
edited
Loading

Description

The developer can get the s3 file location for a problematic csv file from the admin logs. Write a command so the developer can download the csv file contents securely.

Security Considerations

N/A

@terrazoon terrazoon linked an issue Jul 17, 2024 that may be closed by this pull request
Enhance download-csv-file-by-name command #1165
Closed
@terrazoon terrazoon self-assigned this Jul 17, 2024
@terrazoon terrazoon requested review from ccostino and a team July 17, 2024 20:10
xlorepdarkhelm
xlorepdarkhelm reviewed Jul 22, 2024
View reviewed changes
app/commands.py Outdated Show resolved Hide resolved
@terrazoon terrazoon requested a review from xlorepdarkhelm July 22, 2024 19:30
xlorepdarkhelm
xlorepdarkhelm approved these changes Jul 22, 2024
View reviewed changes
Copy link
Contributor

@xlorepdarkhelm xlorepdarkhelm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

ccostino
ccostino requested changes Jul 23, 2024
View reviewed changes
Copy link
Contributor

@ccostino ccostino left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @terrazoon for attempting to make the debugging easier here for folks!

Unfortunately, we can't move forward with this as is, because by exposing the phone numbers/emails in the logs, we run the risk of them being exposed in addition to violating the very principles on safeguarding this data that we've outlined in our SSPP and reviewed with our assessors to meet a variety of NIST controls about PII.

Since this is within the command that would download the file anyway, what were you hoping to achieve or help with by having the contents of the file itself put in the logs, other than the tedium?

@terrazoon
Copy link
Contributor Author

Thanks @terrazoon for attempting to make the debugging easier here for folks!

Unfortunately, we can't move forward with this as is, because by exposing the phone numbers/emails in the logs, we run the risk of them being exposed in addition to violating the very principles on safeguarding this data that we've outlined in our SSPP and reviewed with our assessors to meet a variety of NIST controls about PII.

Since this is within the command that would download the file anyway, what were you hoping to achieve or help with by having the contents of the file itself put in the logs, other than the tedium?

yeah, brain problems. I changed it.

@terrazoon terrazoon requested a review from ccostino July 23, 2024 14:50
@terrazoon terrazoon changed the title put all of csv file in one log line for download command use click.echo to dump whole csv file when command runs Jul 23, 2024
@terrazoon terrazoon changed the title use click.echo to dump whole csv file when command runs write command to download csv file Aug 1, 2024
@terrazoon
Copy link
Contributor Author

Thanks @terrazoon for attempting to make the debugging easier here for folks!
Unfortunately, we can't move forward with this as is, because by exposing the phone numbers/emails in the logs, we run the risk of them being exposed in addition to violating the very principles on safeguarding this data that we've outlined in our SSPP and reviewed with our assessors to meet a variety of NIST controls about PII.
Since this is within the command that would download the file anyway, what were you hoping to achieve or help with by having the contents of the file itself put in the logs, other than the tedium?

yeah, brain problems. I changed it.

@ccostino I changed it again. Now using the s3.download_file() functionality from both 3. I had to unship a random test also to keep coverage at 95%

ccostino
ccostino approved these changes Aug 5, 2024
View reviewed changes
Copy link
Contributor

@ccostino ccostino left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great, thanks @terrazoon! This looks like it's ready to go now; we ought to be able to test it in staging to be sure!

@ccostino ccostino merged commit 11f86c0 into main Aug 5, 2024
7 checks passed
@ccostino ccostino deleted the notify-api-1165 branch August 5, 2024 15:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xlorepdarkhelm xlorepdarkhelm xlorepdarkhelm approved these changes

@ccostino ccostino ccostino approved these changes

Assignees

@terrazoon terrazoon

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Enhance download-csv-file-by-name command
3 participants
@terrazoon @ccostino @xlorepdarkhelm