Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Switch virus scanner to use the Dbt scanner #3103

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Switch virus scanner to use the Dbt scanner #3103

wants to merge 1 commit into from

Conversation

matthewford
Copy link
Contributor

@matthewford matthewford commented Sep 30, 2024
edited by sammo1235
Loading

📝 A short description of the changes

  • DBT requesting to switch to their AV scanner
  • Changes how files are uploaded, first to a tmp bucket, then moved to a permanent bucket once scanned.

🔗 Link to the relevant story (or stories)

Testing dev PaaS bucket functionality 🪣

It is possible to test the files moving across buckets functionality using two sets of credentials that allow external access.
See https://docs.cloud.service.gov.uk/deploying_services/s3/#connect-to-an-s3-bucket-from-your-app for info on how to create and retrieve the keys.
Add the keys along with setting the other two ENV vars to enable scanning + scanner buckets:

AWS_TMP_BUCKET_ACCESS_KEY_ID=xxx
AWS_TMP_BUCKET_SECRET_ACCESS_KEY=xxx
AWS_PERMANENT_BUCKET_ACCESS_KEY_ID=xxx
AWS_PERMANENT_BUCKET_SECRET_ACCESS_KEY=xxx
DISABLE_VIRUS_SCANNER=false
ENABLE_VIRUS_SCANNER_BUCKETS=true

:shipit: Deployment implications

  • Requires access to the DBT scanners
  • New env VARs need to be set
  • Files need to be moved into the permanent bucket
  • On GovPass, a new bucket must be created for the permanent files, and all files must be copied into the permanent bucket.

✅ Checklist

  • Features that cannot go live are behind a feature flag/env var or specify deploy date and open PR as draft
  • I have checked that commit messages make sense and explain the reasoning for each change
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works
  • I have squashed any unnecessary or part-finished commits

🖼️ Screenshots (if appropriate - no PII/Prod data):

@matthewford @sammo1235
Remove Vigilion code and references
132f402 
Use Carrierwave for file uploads
Update to use DBT-Scanner via URL with credentials
Add specs for new functionality and update existing specs where appropriate
@sammo1235 sammo1235 changed the title [WIP] Switch virus scanner to use the Dbt scanner Switch virus scanner to use the Dbt scanner Oct 7, 2024
@sammo1235 sammo1235 marked this pull request as ready for review October 7, 2024 11:25
@matthewford matthewford marked this pull request as draft October 24, 2024 12:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TheDancingClown TheDancingClown TheDancingClown approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@matthewford @TheDancingClown