Add Api key expiration checking routine (#2384)

* Add Api key expiration checking routine * Addressing review feedbacks
trento-project · Mar 5, 2024 · c302053 · c302053
1 parent 8d0ff11
commit c302053
Show file tree

Hide file tree

Showing 5 changed files with 514 additions and 0 deletions.
diff --git a/config/config.exs b/config/config.exs
@@ -122,6 +122,12 @@ config :trento, Trento.Scheduler,
       task: {Trento.SoftwareUpdates, :run_discovery, []},
       run_strategy: {Quantum.RunStrategy.Random, :cluster},
       overlap: false
+    ],
+    api_key_expiration_alert: [
+      schedule: "@daily",
+      task: {Trento.Infrastructure.Alerting.Alerting, :notify_api_key_expiration, []},
+      run_strategy: {Quantum.RunStrategy.Random, :cluster},
+      overlap: false
     ]
   ],
   debug_logging: false

diff --git a/lib/trento/infrastructure/alerting/alerting.ex b/lib/trento/infrastructure/alerting/alerting.ex
@@ -13,6 +13,8 @@ defmodule Trento.Infrastructure.Alerting.Alerting do
 
   alias Trento.Infrastructure.Alerting.Emails.EmailAlert
   alias Trento.Mailer
+  alias Trento.Settings
+  alias Trento.Settings.ApiKeySettings
 
   require Logger
 
@@ -32,6 +34,9 @@ defmodule Trento.Infrastructure.Alerting.Alerting do
   def notify_critical_sap_system_health(id),
     do: maybe_notify_critical_sap_system_health(enabled?(), id)
 
+  @spec notify_api_key_expiration() :: :ok
+  def notify_api_key_expiration, do: maybe_notify_api_key_expiration(enabled?())
+
   defp enabled?, do: Application.fetch_env!(:trento, :alerting)[:enabled]
 
   defp maybe_notify_critical_host_health(false, _), do: :ok
@@ -74,6 +79,38 @@ defmodule Trento.Infrastructure.Alerting.Alerting do
     )
   end
 
+  defp maybe_notify_api_key_expiration(false), do: :ok
+
+  defp maybe_notify_api_key_expiration(true) do
+    case Settings.get_api_key_settings() do
+      {:ok, %ApiKeySettings{expire_at: nil}} ->
+        :ok
+
+      {:ok, %ApiKeySettings{} = api_key_settings} ->
+        api_key_settings
+        |> api_key_expiration_days()
+        |> maybe_send_api_key_notification()
+
+      error ->
+        error
+    end
+  end
+
+  defp api_key_expiration_days(%ApiKeySettings{expire_at: expire_at}),
+    do: DateTime.diff(expire_at, DateTime.utc_now(), :day)
+
+  defp maybe_send_api_key_notification(days) when days < 0 do
+    deliver_notification(EmailAlert.api_key_expired())
+  end
+
+  defp maybe_send_api_key_notification(days) when days < 30 do
+    days
+    |> EmailAlert.api_key_will_expire()
+    |> deliver_notification()
+  end
+
+  defp maybe_send_api_key_notification(_), do: :ok
+
   @spec deliver_notification(Swoosh.Email.t()) :: :ok
   defp deliver_notification(%Swoosh.Email{subject: subject} = notification) do
     notification

diff --git a/lib/trento/infrastructure/alerting/emails/email_alert.ex b/lib/trento/infrastructure/alerting/emails/email_alert.ex
@@ -5,6 +5,27 @@ defmodule Trento.Infrastructure.Alerting.Emails.EmailAlert do
 
   use Phoenix.Swoosh, view: Trento.Infrastructure.Alerting.Emails.EmailView
 
+  def api_key_expired do
+    new()
+    |> from({"Trento Alerts", Application.fetch_env!(:trento, :alerting)[:sender]})
+    |> to({"Trento Admin", Application.fetch_env!(:trento, :alerting)[:recipient]})
+    |> subject("Trento Alert: Api key expired")
+    |> render_body("api_key_expiration.html", %{
+      api_key_expired: true
+    })
+  end
+
+  def api_key_will_expire(days) do
+    new()
+    |> from({"Trento Alerts", Application.fetch_env!(:trento, :alerting)[:sender]})
+    |> to({"Trento Admin", Application.fetch_env!(:trento, :alerting)[:recipient]})
+    |> subject("Trento Alert: Api key will expire in #{days} days")
+    |> render_body("api_key_expiration.html", %{
+      api_key_expired: false,
+      expire_days: days
+    })
+  end
+
   def alert(component, identified_by, identifier, reason) do
     new()
     |> from({"Trento Alerts", Application.fetch_env!(:trento, :alerting)[:sender]})