[GH-1420] Notification Improvements Stage 1

[TejasRGitHub]

Feature or Bugfix

• Feature [Enhancements]

Detail

Stage 1 as described in the Gh issue 1420 ( #1420 (comment))

Table on information about when notifications are sent to whom they are sent. I will add this as a part of documentation as well.

Data.all Resource	Notification	Recipient
Share	Share Object Submitted	Dataset owner, steward and share owner ( requestor )
Share	Share Object Approved	Dataset owner, steward and share owner ( requestor )
Share	Share Object Failed	Dataset owner, steward and share owner ( requestor )
Share	Share Object Revoked / Rejected	Dataset owner, steward and share owner ( requestor )
Share	Share verifier finds share is unhealthy	Share requestor team
Share	Share reapplier finds share is unhealthy	Share requestor team
Share	Share reapplier finds share is healthy	Share requestor team
Weekly reminders (Share Objects )	Submitted shares and unhealthy shares	Share requestor team
Weekly reminders (Dataset Objects )	Unhealthy dataset	Dataset owner and stewards team
Weekly reminders (Environment Objects )	Unhealthy environments	Environment owner team
ECS task	Any failures in ECS task	Data.all admin team ( DAAdministrators )
Dataset Table	Dataset table is removed	Dataset owners and stewards and if any shares exist on that table then notify all share object requestor teams
Dataset Table	Dataset table is added	Dataset owners and stewards
Dataset Table	Dataset table which was previously deleted was added back again	Dataset owners and stewards

Tests

1. Email Sent when something fails in ECS tasks ✅ Sample email -

2. Weekly Reminder email ✅ - 3. Email sent when shares are reapplied ✅ - 4. Email sent when share verifier finds share in unhealthy state ✅ 5. Email sent when a glue table is deleted / resynced / added Email sent to dataset owners and dataset stewards when a table is deleted Email sent to the share owner group when a table is deleted and there are active shares on that table

6. Email sent incase of share failure -

Relates

• notification improvements #1420

Security

Please answer the questions below briefly where applicable, or write N/A. Based on
OWASP 10.

• Does this PR introduce or modify any input fields or queries - this includes
  fetching data from storage outside the application (e.g. a database, an S3 bucket)?
  • Is the input sanitized?
  • What precautions are you taking before deserializing the data you consume?
  • Is injection prevented by parametrizing queries?
  • Have you ensured no eval or similar functions are used?
• Does this PR introduce any functionality or component that requires authorization?
  • How have you ensured it respects the existing AuthN/AuthZ mechanisms?
  • Are you logging failed auth attempts?
• Are you using or adding any cryptographic features?
  • Do you use a standard proven implementations?
  • Are the used keys controlled by the customer? Where are they stored?
• Are you introducing any new policies/roles/users?
  • Have you used the least-privilege principle? How?

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[noah-paige]

part 1 Review - still have a couple more files on Dataset Table notifications and weekly digest

[noah-paige]

I am guessing there is an edge case where groups could be passed in explicitly as None before and not being set to [] so the query failed?

[TejasRGitHub]

tbh, I added it because my editor was suggesting an improvement. I think this article does a fine job at explaining why - https://nikos7am.com/posts/mutable-default-arguments/

[noah-paige]

some additional comments from pending file review

[noah-paige]

table_status_map will always be defined so this will always execute right?

[noah-paige]

also should there be a try catch here or only on the loop over datasets?

[TejasRGitHub]

table_status_map will always be defined so this will always execute right?

The table_status_map will be empty when there are no newly added tables, no table has been deleted , no table which was deleted previously has been added. And thus when it is empty the if part won't execute.

also should there be a try catch here or only on the loop over datasets?

I have added this try catch explicitly so that that any email sending failures are caught. Also with this , the rest of the code deosn't get affected and I don't want it to get affected

[TejasRGitHub]

Hi @noah-paige , I have updated the PR. Please let me know if you have any additional code comments. Let me know if you need any clarification / discussion on few of my replies on your comments .

Few additional things which I noticed and added as a part of new updated PR,

1. Admin group config ( admin_notifications ) in config.json to enable/disable admin email notifications. I am only keeping email admin notifications and not creating UI notifications - as UI notifications will look bloated with a lot of content.
2. Added try..catch in sharing_services file where missing and reformatted to have the same pattern of try except finally block across the file

[noah-paige]

nit: should we also explicitly import db in the __init__ file? (at dataall/backend/dataall/core/groups/__init__.py) -- think right now it is implicitly imported via api

[TejasRGitHub]

I wouldn't mind it getting imported implicitly. With a blank init all the group_models and constants file will be imported.

[TejasRGitHub]

Nothing has changed here. Only returning via query.allI() instead of on the same line

[TejasRGitHub]

Removing this function from here and moving it to ses_email_notification_service.py

[TejasRGitHub]

Adding this new parameter to switch on/off admin notifications. This can be later removed and admin notifications can be enabled by default when email notifications are enabled. Keeping this for now, to test and see how many notifications an admin might get with the current code change. There is a chance in which admins can be bombarded with a lot of notifications in which this will serve as a good way to stop creating admin notifications

[TejasRGitHub]

Switching to env_vars as those contains the same as self._create_env()

[TejasRGitHub]

Hi @petrkalos , @noah-paige , I have made code changes after taking a look at the review comments. Can you please take a look and let me if this PR looks good now

I have re-tested after code changes

1. Notifications after share is failed ( email + UI ) ✅
2. Notifications after share is Unhealthy ( email + UI ) ✅
3. Notifications after share is healthy ( email + UI ) ✅
4. Weekly digest reminder notifications ( email ) ✅
5. Notifications to owner ( when table are deleted, added, synced ) and share owners ( if there exists a share on the table ) - ✅
6. Notifications when ECS or any service fails to Admins ✅