control-service: ability to send authenticated email notifications (#2294)

what: Refactored email notifications package so that authenticated
emails can be sent if proper configuration supplied.

why: As part of increasing the security of VDK we need to be able to
send authenticated notification emails.

testing: added unit tests

---------

Signed-off-by: mrMoZ1 <mzhivkov@vmware.com>
Co-authored-by: github-actions <>
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>

Author: Momchil Z

projects/control-service/projects/helm_charts/pipelines-control-service/templates/deployment.yaml

@@ -279,6 +279,22 @@ spec:
             - name: DATAJOBS_DEPLOYMENT_SUPPORTED_PYTHON_VERSIONS
               value: {{ .Values.deploymentSupportedPythonVersions | toJson | quote }}
             {{- end }}
+            {{- if .Values.mail.smtp.auth }}
+            - name: MAIL_SMTP_AUTH
+              value: "{{ .Values.mail.smtp.auth }}"
+            - name: MAIL_SMTP_STARTTLS_ENABLE
+              value: "{{ .Values.mail.smtp.starttls.enable }}"
+            - name: MAIL_SMTP_USER
+              value: "{{ .Values.mail.smtp.user }}"
+            - name: MAIL_SMTP_PASSWORD
+              value: "{{ .Values.mail.smtp.password }}"
+            - name: MAIL_SMTP_SSL_PROTOCOLS
+              value: "{{ .Values.mail.smtp.ssl.protocols }}"
+            - name: MAIL_SMTP_PORT
+              value: "{{ .Values.mail.smtp.port }}"
+            - name: MAIL_TRANSPORT_PROTOCOL
+              value: "{{ .Values.mail.transport.protocol }}"
+            {{- end }}
 
 
 {{- if .Values.extraVars }}

projects/control-service/projects/helm_charts/pipelines-control-service/values.yaml

@@ -1023,3 +1023,19 @@ dataJob:
 # Configures the format of logs output by the control service; if set to `JSON`, logs are formatted to JSON;
 # else logs are formatted to their default user-readable format
 # loggingFormat: TEXT
+
+# Configures properties used for sending notifications if emails should go through an
+# authenticated email server. More information:
+# https://javaee.github.io/javamail/docs/api/com/sun/mail/smtp/package-summary.html
+mail:
+  transport:
+    protocol: "smtp"
+  smtp:
+    auth: false
+    starttls:
+      enable: false
+    user: ""
+    password: ""
+    ssl:
+      protocols: "TLSv1.2"
+    port: 587

projects/control-service/projects/pipelines_control_service/build.gradle

@@ -112,6 +112,7 @@ dependencies { // Implementation dependencies are found on compile classpath of
     implementation versions.'com.squareup.okio:okio'
     implementation versions.'io.micrometer:micrometer-core'
     implementation versions.'io.micrometer:micrometer-registry-prometheus'
+    testImplementation versions.'com.icegreen.greenmail'
 }
 
 task wrapper(type: Wrapper) {

projects/control-service/projects/pipelines_control_service/src/main/java/com/vmware/taurus/service/notification/EmailConfiguration.java

@@ -0,0 +1,61 @@
+/*
+ * Copyright 2021-2023 VMware, Inc.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package com.vmware.taurus.service.notification;
+
+import java.util.HashMap;
+import java.util.Map;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+public class EmailConfiguration {
+
+  private final String MAIL_SMTP_PASSWORD = "mail.smtp.password";
+  private final String MAIL_SMTP_USER = "mail.smtp.user";
+  private final String MAIL_SMTP_AUTH = "mail.smtp.auth";
+  private final String TRANSPORT_PROTOCOL = "transport.protocol";
+
+  @Bean
+  @ConfigurationProperties(prefix = "mail")
+  Map<String, String> mail() {
+    return new HashMap<>();
+  }
+
+  public Map<String, String> smtpWithPrefix() {
+    Map<String, String> result = new HashMap<>();
+    var props = this.mail();
+    props.forEach(
+        ((key, value) -> {
+          if (key.startsWith("smtp")) {
+            result.put("mail." + key, value);
+          }
+        }));
+    return result;
+  }
+
+  public String getUsername() {
+    return smtpWithPrefix().get(MAIL_SMTP_USER);
+  }
+
+  public String getPassword() {
+    return smtpWithPrefix().get(MAIL_SMTP_PASSWORD);
+  }
+
+  public boolean isAuthEnabled() {
+    return Boolean.parseBoolean(smtpWithPrefix().get(MAIL_SMTP_AUTH));
+  }
+
+  /**
+   * Transport protocol to be used to send email messages e.g smtp, pop, imap. Defined in
+   * application.properties
+   *
+   * @return
+   */
+  public String getTransportProtocol() {
+    return mail().get(TRANSPORT_PROTOCOL);
+  }
+}

projects/control-service/projects/pipelines_control_service/src/main/java/com/vmware/taurus/service/notification/EmailNotification.java

@@ -5,23 +5,17 @@
 
 package com.vmware.taurus.service.notification;
 
+import java.util.Arrays;
+import java.util.Properties;
+import java.util.stream.Collectors;
 import javax.mail.Address;
 import javax.mail.MessagingException;
 import javax.mail.SendFailedException;
 import javax.mail.Session;
 import javax.mail.Transport;
 import javax.mail.internet.MimeMessage;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Properties;
-import java.util.stream.Collectors;
-
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.boot.context.properties.ConfigurationProperties;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
 import org.springframework.stereotype.Component;
 
 /**
@@ -34,54 +28,34 @@
 @Component
 public class EmailNotification {
 
-  @Configuration
-  public static class SmtpProperties {
-
-    @Bean
-    @ConfigurationProperties(prefix = "mail.smtp")
-    public Map<String, String> smtp() {
-      return new HashMap<>();
-    }
-
-    public Map<String, String> smtpWithPrefix() {
-      Map<String, String> result = new HashMap<>();
-      var props = this.smtp();
-      props.forEach(((key, value) -> result.put("mail.smtp." + key, value)));
-      return result;
-    }
-  }
-
   static Logger log = LoggerFactory.getLogger(EmailNotification.class);
 
   private static final String CONTENT_TYPE = "text/html; charset=utf-8";
 
   private final Session session;
+  private final EmailConfiguration emailConfiguration;
 
-  public EmailNotification(SmtpProperties smtpProperties) {
+  public EmailNotification(EmailConfiguration emailConfiguration) {
+    this.emailConfiguration = emailConfiguration;
     Properties properties = System.getProperties();
-    properties.putAll(smtpProperties.smtpWithPrefix());
-    session = Session.getDefaultInstance(properties);
+    properties.putAll(emailConfiguration.smtpWithPrefix());
+    properties.setProperty("mail.transport.protocol", emailConfiguration.getTransportProtocol());
+    session = Session.getInstance(properties);
   }
 
   public void send(NotificationContent notificationContent) throws MessagingException {
     if (recipientsExist(notificationContent.getRecipients())) {
-      MimeMessage mimeMessage = new MimeMessage(session);
-      mimeMessage.setFrom(notificationContent.getSender());
-      mimeMessage.setRecipients(MimeMessage.RecipientType.TO, notificationContent.getRecipients());
-      mimeMessage.setSubject(notificationContent.getSubject());
-      mimeMessage.setContent(notificationContent.getContent(), CONTENT_TYPE);
       try {
-        Transport.send(mimeMessage);
+        sendEmail(notificationContent, notificationContent.getRecipients());
       } catch (SendFailedException firstException) {
         log.info(
             "Following addresses are invalid: {}",
             concatAddresses(firstException.getInvalidAddresses()));
         var validUnsentAddresses = firstException.getValidUnsentAddresses();
         if (recipientsExist(validUnsentAddresses)) {
           log.info("Retrying unsent valid addresses: {}", concatAddresses(validUnsentAddresses));
-          mimeMessage.setRecipients(MimeMessage.RecipientType.TO, validUnsentAddresses);
           try {
-            Transport.send(mimeMessage);
+            sendEmail(notificationContent, validUnsentAddresses);
           } catch (SendFailedException retriedException) {
             log.warn(
                 "\nwhat: {}\nwhy: {}\nconsequence: {}\ncountermeasure: {}",
@@ -95,18 +69,50 @@ public void send(NotificationContent notificationContent) throws MessagingExcept
     }
   }
 
-  private boolean recipientsExist(Address[] recipients) {
-    if (recipients.length == 0) {
-      return false;
+  private void sendEmail(NotificationContent notificationContent, Address[] recipients)
+      throws MessagingException {
+    if (emailConfiguration.isAuthEnabled()) {
+      sendAuthenticatedEmail(notificationContent, recipients);
+    } else {
+      sendUnauthenticatedEmail(notificationContent, recipients);
+    }
+  }
+
+  private void sendUnauthenticatedEmail(
+      NotificationContent notificationContent, Address[] recipients) throws MessagingException {
+    var mimeMessage = prepareMessage(notificationContent);
+    Transport.send(mimeMessage, recipients);
+  }
+
+  private void sendAuthenticatedEmail(NotificationContent notificationContent, Address[] recipients)
+      throws MessagingException {
+    Transport transport = session.getTransport();
+    var mimeMessage = prepareMessage(notificationContent);
+    try {
+      transport.connect(emailConfiguration.getUsername(), emailConfiguration.getPassword());
+      transport.sendMessage(mimeMessage, recipients);
+    } finally {
+      transport.close();
     }
-    return true;
+  }
+
+  private MimeMessage prepareMessage(NotificationContent notificationContent)
+      throws MessagingException {
+    MimeMessage mimeMessage = new MimeMessage(session);
+    mimeMessage.setFrom(notificationContent.getSender());
+    mimeMessage.setRecipients(MimeMessage.RecipientType.TO, notificationContent.getRecipients());
+    mimeMessage.setSubject(notificationContent.getSubject());
+    mimeMessage.setContent(notificationContent.getContent(), CONTENT_TYPE);
+    return mimeMessage;
+  }
+
+  private boolean recipientsExist(Address[] recipients) {
+    return recipients.length > 0;
   }
 
   String concatAddresses(Address[] addresses) {
     return addresses == null
         ? null
-        : Arrays.asList(addresses).stream()
-            .map(addr -> addr.toString())
-            .collect(Collectors.joining(" "));
+        : Arrays.stream(addresses).map(Address::toString).collect(Collectors.joining(" "));
   }
 }

projects/control-service/projects/pipelines_control_service/src/main/resources/application.properties

@@ -172,7 +172,16 @@ datajobs.executions.logsUrl.startTimeOffsetSeconds=${DATAJOBS_EXECUTIONS_LOGS_UR
 datajobs.executions.logsUrl.endTimeOffsetSeconds=${DATAJOBS_EXECUTIONS_LOGS_URL_END_TIME_OFFSET_SECONDS:0}
 
 # https://javaee.github.io/javamail/docs/api/com/sun/mail/smtp/package-summary.html
+mail.transport.protocol= ${MAIL_TRANSPORT_PROTOCOL:smtp}
 mail.smtp.host=smtp.vmware.com
+# Fill these in if the notification emails need to go through an authenticated email.
+mail.smtp.auth=${MAIL_SMTP_AUTH:false}
+mail.smtp.starttls.enable=${MAIL_SMTP_STARTTLS_ENABLE:false}
+mail.smtp.user=${MAIL_SMTP_USER:}
+mail.smtp.password=${MAIL_SMTP_PASSWORD:}
+mail.smtp.ssl.protocols= ${MAIL_SMTP_SSL_PROTOCOLS:TLSv1.2}
+# Default port is 25 for unathenticated, 587 for authenticated
+mail.smtp.port=${MAIL_SMTP_PORT:25}
 
 # Set imagePullPolicy of the job-builder image
 # Correspond to those defined by kubernetes