Merge branch 'develop' into 5512-docker-image-size

Author: elipe17

Taskfile.yml

@@ -91,9 +91,11 @@ tasks:
   backend-exec-seed-db:
     desc: Seed DB with initial data in the backend container
     dir: tdrs-backend
+    vars:
+      SEED_NUM: '{{.SEED_NUM | default "100"}}'
     cmds:
-      - docker compose -f docker-compose.yml up -d
-      - docker compose -f docker-compose.yml exec web sh -c "python manage.py populate_stts; python ./manage.py seed_db"
+      - task: backend-up
+      - docker compose -f docker-compose.yml exec web sh -c "python manage.py migrate && python manage.py populate_stts && python ./manage.py seed_records --clear --num {{.SEED_NUM}}"
       - docker compose -f docker-compose.yml down
 
   backend-makemigrations:

tdrs-backend/plg/alertmanager/alertmanager.yml

@@ -4,36 +4,30 @@ global:
   smtp_from: 'no-reply@tanfdata.acf.hhs.gov'
   smtp_auth_username: 'apikey'
   smtp_auth_password: '{{ sendgrid_api_key }}'
-
+  slack_api_url: '{{ mattermost_web_hook_url }}'
 # The directory from which notification templates are read.
 templates:
   - '/etc/alertmanager/template/*.tmpl'
-
 # The root route on which each incoming alert enters.
 route:
   # The labels by which incoming alerts are grouped together. For example,
   # multiple alerts coming in for cluster=A and alertname=LatencyHigh would
   # be batched into a single group.
   group_by: ['alertname', 'env', 'service']
-
   # When a new group of alerts is created by an incoming alert, wait at
   # least 'group_wait' to send the initial notification.
   # This way ensures that you get multiple alerts for the same group that start
   # firing shortly after another are batched together on the first
   # notification.
   group_wait: 30s
-
   # When the first notification was sent, wait 'group_interval' to send a batch
   # of new alerts that started firing for that group.
   group_interval: 5m
-
   # If an alert has successfully been sent, wait 'repeat_interval' to
   # resend them.
   repeat_interval: 5m
-
   # A default receiver
-  receiver: admin-team-emails
-
+  receiver: mattermost
   # All the above attributes are inherited by all child routes and can
   # overwritten on each.
 
@@ -44,18 +38,20 @@ route:
         - alertname=~"UpTime"
       receiver: dev-team-emails
       repeat_interval: 24h
-
-    # Send all severity CRITICAL/ERROR alerts to OFA admins
+    # Send all severity CRITICAL/ERROR alerts to OFA admin emails
     - matchers:
-      - severity=~"ERROR|CRITICAL"
+        - severity=~"ERROR|CRITICAL"
       receiver: admin-team-emails
       continue: true
-    # Send all severity CRITICAL/ERROR/WARNING alerts to TDP Devs
+    # Send all severity CRITICAL/ERROR/WARNING alerts to mattermost and dev team emails
+    - matchers:
+        - severity=~"ERROR|CRITICAL|WARNING"
+      receiver: mattermost
+      continue: true
     - matchers:
-      - severity=~"ERROR|CRITICAL|WARNING"
+        - severity=~"ERROR|CRITICAL|WARNING"
       receiver: dev-team-emails
       continue: true
-
 # Inhibition rules allow to mute a set of alerts given that another alert is
 # firing.
 # We use this to mute any warning-level notifications if the same alert is
@@ -69,22 +65,34 @@ inhibit_rules:
     #   from both the source and target alerts,
     #   the inhibition rule will apply!
     equal: [alertname, env, service]
-
-  - source_matchers: [alertname=~"LocalBackendDown|DevEnvironmentBackendDown|
-                      StagingBackendDown|ProductionBackendDown"]
+  - source_matchers: [alertname=~"LocalBackendDown|DevEnvironmentBackendDown| StagingBackendDown|ProductionBackendDown"]
     target_match:
       alertname: 'UpTime'
     equal: ['environment', 'service']
-
-
-
 receivers:
   - name: 'admin-team-emails'
     email_configs:
       - to: '{{ admin_team_emails }}'
         send_resolved: true
-
   - name: 'dev-team-emails'
     email_configs:
       - to: '{{ dev_team_emails }}'
         send_resolved: true
+  - name: 'mattermost'
+    slack_configs:
+      - channel: 'guest-ofa-tdp-alerts'
+        username: 'alertmanager'
+        send_resolved: true
+        text: |-
+          {{ range .Alerts -}}
+          {{ if or (eq .Labels.severity "CRITICAL") (eq .Labels.severity "ERROR") }}
+          @here
+          {{ end }}
+          *Alert:* {{ .Annotations.title }}{{ if .Labels.severity }} - `{{ .Labels.severity }}`{{ end }}
+
+          *Description:* {{ .Annotations.description }}
+
+          *Details:*
+            {{ range .Labels.SortedPairs }} • *{{ .Name }}:* `{{ .Value }}`
+            {{ end }}
+          {{ end }}

tdrs-backend/plg/deploy.sh

@@ -102,6 +102,7 @@ deploy_alertmanager() {
     cp alertmanager.yml $CONFIG
     SENDGRID_API_KEY=$(cf env tdp-backend-prod | grep SENDGRID | cut -d " " -f2-)
     yq eval -i ".global.smtp_auth_password = \"$SENDGRID_API_KEY\"" $CONFIG
+    yq eval -i ".global.slack_api_url = \"$MATTERMOST_WEBHOOK_URL\"" $CONFIG
     yq eval -i ".receivers[0].email_configs[0].to = \"${ADMIN_EMAILS}\"" $CONFIG
     yq eval -i ".receivers[1].email_configs[0].to = \"${DEV_EMAILS}\"" $CONFIG
     cf push --no-route -f manifest.yml -t 180  --strategy rolling

tdrs-backend/plg/grafana_views/generate_views.py

@@ -99,7 +99,7 @@ def handle_field(field, formatted_fields, is_admin):
             f''' --
         -- Calculate if SSN is valid
         CASE
-            WHEN "{field}" !~ '{regex_str}' THEN 1
+            WHEN "{field}" IS NOT NULL AND "{field}" !~ '{regex_str}' AND "{field}" LIKE '%[^0-9]%' THEN 1
             ELSE 0
         END AS "SSN_VALID"'''.strip()
         )

tdrs-backend/tdpservice/data_files/serializers.py

@@ -44,6 +44,7 @@ class DataFileSerializer(serializers.ModelSerializer):
     has_error = serializers.SerializerMethodField()
     summary = DataFileSummarySerializer(many=False, read_only=True)
     latest_reparse_file_meta = serializers.SerializerMethodField()
+    program_type = serializers.CharField(read_only=True)
 
     class Meta:
         """Metadata."""
@@ -70,9 +71,10 @@ class Meta:
             "summary",
             "latest_reparse_file_meta",
             "is_program_audit",
+            "program_type",
         ]
 
-        read_only_fields = ("version",)
+        read_only_fields = ("version", "program_type")
 
     def get_has_error(self, obj):
         """Return whether the file has an error."""

tdrs-backend/tdpservice/data_files/test/test_api.py

@@ -711,3 +711,125 @@ def test_list_ofa_admin_data_file_years_no_self_stt(
     assert response.status_code == status.HTTP_200_OK
 
     assert response.data == [2020, 2021, 2022]
+
+
+class TestDataFileQuerysetFiltering:
+    """Tests for the get_queryset filtering logic with program_type and is_program_audit combinations.
+
+    Note: Program integrity audit (is_program_audit=True) only applies to TANF files.
+    Tribal, SSP, and FRA files do not have audit variants.
+    """
+
+    root_url = "/v1/data_files/"
+
+    @pytest.fixture
+    def tanf_non_audit_file(self, data_analyst, stt):
+        """Create a TANF file with is_program_audit=False."""
+        return DataFile.create_new_version(
+            {
+                "original_filename": "tanf_non_audit.txt",
+                "user": data_analyst,
+                "stt": stt,
+                "year": 2024,
+                "quarter": "Q1",
+                "section": "Active Case Data",
+                "program_type": DataFile.ProgramType.TANF,
+                "is_program_audit": False,
+            }
+        )
+
+    @pytest.fixture
+    def tanf_audit_file(self, data_analyst, stt):
+        """Create a TANF file with is_program_audit=True."""
+        return DataFile.create_new_version(
+            {
+                "original_filename": "tanf_audit.txt",
+                "user": data_analyst,
+                "stt": stt,
+                "year": 2024,
+                "quarter": "Q1",
+                "section": "Active Case Data",
+                "program_type": DataFile.ProgramType.TANF,
+                "is_program_audit": True,
+            }
+        )
+
+    @pytest.fixture
+    def tribal_file(self, data_analyst, stt):
+        """Create a TRIBAL file (is_program_audit is always False for Tribal)."""
+        return DataFile.create_new_version(
+            {
+                "original_filename": "tribal.txt",
+                "user": data_analyst,
+                "stt": stt,
+                "year": 2024,
+                "quarter": "Q1",
+                "section": "Active Case Data",
+                "program_type": DataFile.ProgramType.TRIBAL,
+                "is_program_audit": False,
+            }
+        )
+
+    @pytest.mark.django_db
+    def test_tanf_non_audit_appears_in_regular_list(
+        self, api_client, data_analyst, stt, tanf_non_audit_file, tanf_audit_file
+    ):
+        """Test TANF file with is_program_audit=False appears in regular file list."""
+        api_client.login(username=data_analyst.username, password="test_password")
+
+        response = api_client.get(f"{self.root_url}?stt={stt.id}&year=2024&quarter=Q1")
+
+        assert response.status_code == status.HTTP_200_OK
+        file_ids = [f["id"] for f in response.data]
+        assert len(file_ids) == 1
+        assert tanf_non_audit_file.id in file_ids
+        assert tanf_audit_file.id not in file_ids
+
+    @pytest.mark.django_db
+    def test_tanf_audit_appears_in_program_integrity_audit_list(
+        self, api_client, data_analyst, stt, tanf_non_audit_file, tanf_audit_file
+    ):
+        """Test TANF file with is_program_audit=True appears in program-integrity-audit list."""
+        api_client.login(username=data_analyst.username, password="test_password")
+
+        response = api_client.get(
+            f"{self.root_url}?stt={stt.id}&year=2024&quarter=Q1&file_type=program-integrity-audit"
+        )
+
+        assert response.status_code == status.HTTP_200_OK
+        file_ids = [f["id"] for f in response.data]
+        assert len(file_ids) == 1
+        assert tanf_audit_file.id in file_ids
+        assert tanf_non_audit_file.id not in file_ids
+
+    @pytest.mark.django_db
+    def test_tribal_appears_in_regular_list(
+        self, api_client, data_analyst, stt, tribal_file, tanf_audit_file
+    ):
+        """Test TRIBAL file appears in regular file list alongside TANF non-audit files."""
+        api_client.login(username=data_analyst.username, password="test_password")
+
+        response = api_client.get(f"{self.root_url}?stt={stt.id}&year=2024&quarter=Q1")
+
+        assert response.status_code == status.HTTP_200_OK
+        file_ids = [f["id"] for f in response.data]
+        assert len(file_ids) == 1
+        assert tribal_file.id in file_ids
+        assert tanf_audit_file.id not in file_ids
+
+    @pytest.mark.django_db
+    def test_tribal_excluded_from_program_integrity_audit_list(
+        self, api_client, data_analyst, stt, tribal_file, tanf_audit_file
+    ):
+        """Test TRIBAL files are excluded from program-integrity-audit list (only TANF audit files appear)."""
+        api_client.login(username=data_analyst.username, password="test_password")
+
+        response = api_client.get(
+            f"{self.root_url}?stt={stt.id}&year=2024&quarter=Q1&file_type=program-integrity-audit"
+        )
+
+        assert response.status_code == status.HTTP_200_OK
+        file_ids = [f["id"] for f in response.data]
+        assert len(file_ids) == 1
+        assert tanf_audit_file.id in file_ids
+        assert tribal_file.id not in file_ids

tdrs-backend/tdpservice/data_files/views.py

@@ -4,7 +4,6 @@
 from wsgiref.util import FileWrapper
 
 from django.conf import settings
-from django.db.models import Q
 from django.http import FileResponse, Http404, HttpResponse
 
 from django_filters import rest_framework as filters
@@ -138,10 +137,13 @@ def get_queryset(self):
                 )
             else:
                 is_program_audit = file_type == DataFileViewSet.PIA_FILE_TYPE
-                query = Q(program_type=DataFile.ProgramType.TANF) | Q(
-                    program_type=DataFile.ProgramType.TRIBAL
-                ) & Q(is_program_audit=is_program_audit)
-                queryset = queryset.filter(query)
+                queryset = queryset.filter(
+                    program_type__in=[
+                        DataFile.ProgramType.TANF,
+                        DataFile.ProgramType.TRIBAL,
+                    ],
+                    is_program_audit=is_program_audit,
+                )
 
         return queryset
 

tdrs-backend/tdpservice/fixtures/cypress/users.json

@@ -561,4 +561,4 @@
             "user_permissions": []
         }
     }
-]
+]

tdrs-backend/tdpservice/parsers/parser_classes/tdr_parser.py

@@ -390,9 +390,7 @@ def _generate_funded_ssn_errors(self, t2_schema, t2_records, t1_schema):
                 for serial_num in INVALID_SSN_SERIAL_NUMBERS
             ],
             error_message=(
-                "Social Security Number is not valid. Check that the SSN is 9 digits, "
-                "does not contain only zeroes in any one section, and does not contain "
-                "dashes or other punctuation."
+                "Federally funded recipients must have a valid Social Security number."
             ),
         )
 

tdrs-backend/tdpservice/parsers/schema_defs/ssp/m2.py

@@ -451,8 +451,7 @@
                 validators=[
                     category3.orValidators(
                         [
-                            category3.isBetween(1, 4, inclusive=True),
-                            category3.isBetween(6, 9, inclusive=True),
+                            category3.isBetween(1, 9, inclusive=True),
                             category3.isBetween(11, 12, inclusive=True),
                         ]
                     )