Replace DD_CLOUD_BANNER with centralized additional_banners system

Migrate all promotional messaging to the additional_banners context
processor pattern. Product announcements now store banners in the
session for rendering via the unified template loop. Each banner
carries a source field (os, product_announcement) so downstream
repos can filter by origin.

- Remove DD_CREATE_CLOUD_BANNER setting and env var entirely
- Repurpose ProductAnnouncementManager to use session-based banners
- Remove evaluate_pro_proposition celery task and beat schedule
- Remove create_announcement_banner from initialization command
- Simplify announcement signal to remove cloud-specific logic
- Add SHOW_PLG_LINK context variable for PLG menu item control
- Rename os-banner-* CSS classes to generic banner-* classes
- Add data-source attribute to banner template markup
- Switch OS message bucket URL from dev to prod
- Add 52 tests covering context processor and product announcements

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: Maffooch

dojo/announcement/os_message.py

@@ -7,7 +7,7 @@
 
 logger = logging.getLogger(__name__)
 
-BUCKET_URL = "https://storage.googleapis.com/defectdojo-os-messages-dev/open_source_message.md"
+BUCKET_URL = "https://storage.googleapis.com/defectdojo-os-messages-prod/open_source_message.md"
 CACHE_SECONDS = 3600
 HTTP_TIMEOUT_SECONDS = 2
 CACHE_KEY = "os_message:v1"

dojo/announcement/signals.py

@@ -1,4 +1,3 @@
-from django.conf import settings
 from django.db.models.signals import post_save
 from django.dispatch import receiver
 
@@ -7,22 +6,11 @@
 
 @receiver(post_save, sender=Dojo_User)
 def add_announcement_to_new_user(sender, instance, **kwargs):
-    announcements = Announcement.objects.all()
-    if announcements.count() > 0:
-        dojo_user = Dojo_User.objects.get(id=instance.id)
-        announcement = announcements.first()
-        cloud_announcement = (
-            "DefectDojo Pro Cloud and On-Premise Subscriptions Now Available!"
-            in announcement.message
+    announcement = Announcement.objects.first()
+    if announcement is not None:
+        UserAnnouncement.objects.get_or_create(
+            user=instance, announcement=announcement,
         )
-        if not cloud_announcement or settings.CREATE_CLOUD_BANNER:
-            user_announcements = UserAnnouncement.objects.filter(
-                user=dojo_user, announcement=announcement,
-            )
-            if user_announcements.count() == 0:
-                UserAnnouncement.objects.get_or_create(
-                    user=dojo_user, announcement=announcement,
-                )
 
 
 @receiver(post_save, sender=Announcement)

dojo/context_processors.py

@@ -36,19 +36,30 @@ def globalize_vars(request):
         "DOCUMENTATION_URL": settings.DOCUMENTATION_URL,
         "API_TOKENS_ENABLED": settings.API_TOKENS_ENABLED,
         "API_TOKEN_AUTH_ENDPOINT_ENABLED": settings.API_TOKEN_AUTH_ENDPOINT_ENABLED,
-        "CREATE_CLOUD_BANNER": settings.CREATE_CLOUD_BANNER,
+        "SHOW_PLG_LINK": True,
         # V3 Feature Flags
         "V3_FEATURE_LOCATIONS": settings.V3_FEATURE_LOCATIONS,
     }
 
+    additional_banners = []
+
     if (os_banner := get_os_banner()) is not None:
-        context["additional_banners"] = [{
+        additional_banners.append({
+            "source": "os",
             "message": os_banner["message"],
             "style": "info",
             "url": "",
             "link_text": "",
             "expanded_html": os_banner["expanded_html"],
-        }]
+        })
+
+    if hasattr(request, "session"):
+        for banner in request.session.pop("_product_banners", []):
+            additional_banners.append(banner)
+
+    if additional_banners:
+        context["additional_banners"] = additional_banners
+
     return context
 
 

dojo/management/commands/complete_initialization.py

@@ -14,7 +14,6 @@
 from django.db.utils import ProgrammingError
 
 from dojo.auditlog import configure_pghistory_triggers
-from dojo.models import Announcement, Dojo_User, UserAnnouncement
 
 
 class Command(BaseCommand):
@@ -38,13 +37,11 @@ def handle(self, *args: Any, **options: Any) -> None:
 
         if self.admin_user_exists():
             self.stdout.write("Admin user already exists; skipping first-boot setup")
-            self.create_announcement_banner()
             self.initialize_data()
             return
 
         self.ensure_admin_secrets()
         self.first_boot_setup()
-        self.create_announcement_banner()
         self.initialize_data()
 
     # ------------------------------------------------------------------
@@ -58,29 +55,6 @@ def initialize_data(self) -> None:
         self.stdout.write("Initializing non-standard permissions")
         call_command("initialize_permissions")
 
-    def create_announcement_banner(self) -> None:
-        if os.getenv("DD_CREATE_CLOUD_BANNER"):
-            return
-
-        self.stdout.write("Creating announcement banner")
-
-        announcement, _ = Announcement.objects.get_or_create(id=1)
-        announcement.message = (
-            '<a href="https://cloud.defectdojo.com/accounts/onboarding/plg_step_1" '
-            'target="_blank">'
-            "DefectDojo Pro Cloud and On-Premise Subscriptions Now Available! "
-            "Create an account to try Pro for free!"
-            "</a>"
-        )
-        announcement.dismissable = True
-        announcement.save()
-
-        for user in Dojo_User.objects.all():
-            UserAnnouncement.objects.get_or_create(
-                user=user,
-                announcement=announcement,
-            )
-
     # ------------------------------------------------------------------
     # Auditlog consistency
     # ------------------------------------------------------------------

dojo/product_announcements.py

@@ -1,8 +1,6 @@
 
 import logging
 
-from django.conf import settings
-from django.contrib import messages
 from django.http import HttpRequest, HttpResponse
 from django.utils.safestring import mark_safe
 from django.utils.translation import gettext_lazy as _
@@ -30,12 +28,8 @@ def __init__(
         response_data: dict | None = None,
         **kwargs: dict,
     ):
-        """Skip all this if the CREATE_CLOUD_BANNER is not set"""
-        if not settings.CREATE_CLOUD_BANNER:
-            return
-        # Fill in the vars if the were supplied correctly
         if request is not None and isinstance(request, HttpRequest):
-            self._add_django_message(
+            self._add_session_banner(
                 request=request,
                 message=mark_safe(f"{self.base_message} {self.ui_outreach}"),
             )
@@ -51,18 +45,21 @@ def __init__(
             msg = "At least one of request, response, or response_data must be supplied"
             raise ValueError(msg)
 
-    def _add_django_message(self, request: HttpRequest, message: str):
-        """Add a message to the UI"""
+    def _add_session_banner(self, request: HttpRequest, message: str):
+        """Store a banner in the session for rendering via additional_banners."""
         try:
-            messages.add_message(
-                request=request,
-                level=messages.INFO,
-                message=_(message),
-                extra_tags="alert-info",
-            )
+            banners = request.session.get("_product_banners", [])
+            banners.append({
+                "source": "product_announcement",
+                "message": str(_(message)),
+                "style": "info",
+                "url": "",
+                "link_text": "",
+                "expanded_html": None,
+            })
+            request.session["_product_banners"] = banners
         except Exception:
-            # make sure we catch any exceptions that might happen: https://github.com/DefectDojo/django-DefectDojo/issues/14041
-            logger.exception(f"Error adding message to Django: {message}")
+            logger.exception(f"Error storing product announcement banner: {message}")
 
     def _add_api_response_key(self, message: str, data: dict) -> dict:
         """Update the response data in place"""

dojo/settings/settings.dist.py

@@ -356,8 +356,6 @@
     DD_HASHCODE_FIELDS_PER_SCANNER=(str, ""),
     # Set deduplication algorithms per parser, via en env variable that contains a JSON string
     DD_DEDUPLICATION_ALGORITHM_PER_PARSER=(str, ""),
-    # Dictates whether cloud banner is created or not
-    DD_CREATE_CLOUD_BANNER=(bool, True),
     # With this setting turned on, Dojo maintains an audit log of changes made to entities (Findings, Tests, Engagements, Products, ...)
     # If you run big import you may want to disable this because there's a performance hit during (re-)imports.
     DD_ENABLE_AUDITLOG=(bool, True),
@@ -1339,13 +1337,6 @@ def saml2_attrib_map_format(din):
             "expires": int(60 * 1 * 1.2),  # If a task is not executed within 72 seconds, it should be dropped from the queue. Two more tasks should be scheduled in the meantime.
         },
     },
-    "trigger_evaluate_pro_proposition": {
-        "task": "dojo.tasks.evaluate_pro_proposition",
-        "schedule": timedelta(hours=8),
-        "options": {
-            "expires": int(60 * 60 * 8 * 1.2),  # If a task is not executed within 9.6 hours, it should be dropped from the queue. Two more tasks should be scheduled in the meantime.
-        },
-    },
     "clear_sessions": {
         "task": "dojo.tasks.clear_sessions",
         "schedule": crontab(hour=0, minute=0, day_of_week=0),
@@ -2082,9 +2073,6 @@ def saml2_attrib_map_format(din):
 AUDITLOG_DISABLE_ON_RAW_SAVE = False
 #  You can set extra Jira headers by suppling a dictionary in header: value format (pass as env var like "headr_name=value,another_header=anohter_value")
 ADDITIONAL_HEADERS = env("DD_ADDITIONAL_HEADERS")
-# Dictates whether cloud banner is created or not
-CREATE_CLOUD_BANNER = env("DD_CREATE_CLOUD_BANNER")
-
 # ------------------------------------------------------------------------------
 # Auditlog
 # ------------------------------------------------------------------------------

dojo/static/dojo/css/dojo.css

@@ -1124,9 +1124,20 @@ div.custom-search-form {
 .announcement-banner {
     margin: 0px -15px;
     border-radius: 0px 0px 4px 4px;
+    color: #000;
+}
+
+.announcement-banner a {
+    color: #0645ad;
+    text-decoration: underline;
+}
+
+.announcement-banner strong,
+.announcement-banner b {
+    color: #222;
 }
 
-.os-banner-toggle {
+.banner-toggle {
     background: transparent;
     border: 0;
     padding: 0;
@@ -1136,17 +1147,17 @@ div.custom-search-form {
     line-height: 1;
 }
 
-.os-banner-toggle:focus,
-.os-banner-toggle:active {
+.banner-toggle:focus,
+.banner-toggle:active {
     outline: none;
     box-shadow: none;
 }
 
-.os-banner-toggle:not(.collapsed) .fa-caret-down {
+.banner-toggle:not(.collapsed) .fa-caret-down {
     transform: rotate(180deg);
 }
 
-.os-banner-expanded {
+.banner-expanded {
     margin-top: 8px;
 }
 

dojo/tasks.py

@@ -16,9 +16,8 @@
 from dojo.celery import app
 from dojo.celery_dispatch import dojo_dispatch_task
 from dojo.finding.helper import fix_loop_duplicates
-from dojo.location.models import Location
 from dojo.management.commands.jira_status_reconciliation import jira_status_reconciliation
-from dojo.models import Alerts, Announcement, Endpoint, Engagement, Finding, Product, System_Settings, User
+from dojo.models import Alerts, Engagement, Finding, Product, System_Settings, User
 from dojo.notifications.helper import create_notification
 from dojo.utils import calculate_grade, sla_compute_and_notify
 
@@ -218,37 +217,6 @@ def fix_loop_duplicates_task(*args, **kwargs):
         return fix_loop_duplicates()
 
 
-@app.task
-def evaluate_pro_proposition(*args, **kwargs):
-    # Ensure we should be doing this
-    if not settings.CREATE_CLOUD_BANNER:
-        return
-    # Get the announcement object
-    announcement = Announcement.objects.get_or_create(id=1)[0]
-    # Quick check for a user has modified the current banner - if not, exit early as we dont want to stomp
-    if not any(
-        entry in announcement.message
-        for entry in [
-            "",
-            "DefectDojo Pro Cloud and On-Premise Subscriptions Now Available!",
-            "Findings/Endpoints in their systems",
-        ]
-    ):
-        return
-    # Count the objects the determine if the banner should be updated
-    if settings.V3_FEATURE_LOCATIONS:
-        object_count = Finding.objects.count() + Location.objects.count()
-    else:
-        # TODO: Delete this after the move to Locations
-        object_count = Finding.objects.count() + Endpoint.objects.count()
-    # Unless the count is greater than 100k, exit early
-    if object_count < 100000:
-        return
-    # Update the announcement
-    announcement.message = f'Only professionals have {object_count:,} Findings and Endpoints in their systems... <a href="https://www.defectdojo.com/pricing" target="_blank">Get DefectDojo Pro</a> today!'
-    announcement.save()
-
-
 @app.task
 def clear_sessions(*args, **kwargs):
     call_command("clearsessions")

dojo/templates/base.html

@@ -199,7 +199,7 @@
                                             </a>
                                         </li>
                                     {% endif %}
-                                    {% if CREATE_CLOUD_BANNER %}
+                                    {% if SHOW_PLG_LINK %}
                                         <li>
                                             <a href="https://cloud.defectdojo.com/accounts/onboarding/plg_step_1">
                                                 <i class="fa-solid fa-level-up fa-fw"></i>
@@ -671,17 +671,18 @@
                     </div>
                 {% endif %}
                 {% for banner in additional_banners %}
-                    <div role="alert" class="announcement-banner alert alert-{{ banner.style }} show">
+                    <div role="alert" class="announcement-banner alert alert-{{ banner.style }} show"
+                         data-source="{{ banner.source }}">
                         {{ banner.message|safe }}{% if banner.url %} <a href="{{ banner.url }}">{{ banner.link_text }}</a>{% endif %}
                         {% if banner.expanded_html %}
-                            <button type="button" class="os-banner-toggle collapsed"
+                            <button type="button" class="banner-toggle collapsed"
                                     data-toggle="collapse"
-                                    data-target="#os-banner-expanded-{{ forloop.counter }}"
+                                    data-target="#banner-expanded-{{ forloop.counter }}"
                                     aria-expanded="false"
-                                    aria-controls="os-banner-expanded-{{ forloop.counter }}">
+                                    aria-controls="banner-expanded-{{ forloop.counter }}">
                                 <i class="fa-solid fa-caret-down"></i>
                             </button>
-                            <div id="os-banner-expanded-{{ forloop.counter }}" class="collapse os-banner-expanded">
+                            <div id="banner-expanded-{{ forloop.counter }}" class="collapse banner-expanded">
                                 {{ banner.expanded_html|safe }}
                             </div>
                         {% endif %}