Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove BraveX Sandbox Lambda Deployment Resources #2443

Merged
merged 3 commits into from
Mar 28, 2024
Merged

Remove BraveX Sandbox Lambda Deployment Resources #2443

merged 3 commits into from
Mar 28, 2024

Conversation

hspencer77
Copy link
Contributor

Summary

Remove artifacts that deploy and maintain BraveX Sandbox Lambdas.

Type of Change

  • Product feature
  • Bug fix
  • Performance improvement
  • Refactor
  • Other

Remove resources since BraveX is no longer an initiative.

Tested Environments

  • Development/Sandbox
  • Staging
  • Production

@hspencer77 hspencer77 self-assigned this Mar 28, 2024
@github-actions GitHub Actions
Copy link

[puLL-Merge] - brave-intl/bat-go@2443

Description

This PR removes the serverless email service code from the bat-go repository. The motivation for this change is not provided in the PR diff, but it appears to be a code removal or cleanup.

Changes

Changes

  • .github/workflows/sam-dev.yml: Deleted file that contained a GitHub Actions workflow for deploying the serverless email service to a development environment.
  • serverless/email/Makefile: Deleted Makefile for building the serverless email service.
  • serverless/email/README.md: Deleted README file describing the serverless email service.
  • serverless/email/status/*: Deleted Go code and modules for an AWS Lambda function that handled email status notifications via SNS.
  • serverless/email/template.yaml: Deleted AWS SAM template for deploying the serverless email service infrastructure.
  • serverless/email/unsubscribe/*: Deleted Go code and modules for an API endpoint to handle email unsubscribes.
  • serverless/email/webhook/*: Deleted Go code and modules for an API endpoint to handle incoming email webhooks.

Security Hotspots

  1. High Risk: The deleted webhook code contained plaintext secrets (AUTH_TOKENS, AUTH_SECRETS) retrieved from AWS Secrets Manager. Ensure these secrets have been properly rotated since this code has been removed.

  2. Medium Risk: The deleted webhook code implemented its own HMAC request signature validation. Verify that any clients of this webhook have removed their signing code as well to avoid broken integrations.

  3. Low Risk: Confirm that removing this serverless email service does not unexpectedly break any other parts of the BraveX system that may have depended on its functionality.

In summary, the main security consideration is to ensure any secrets used by this removed code have been invalidated and rotated. The other risks are more around avoiding broken integrations and system failures from this code removal.

evq
evq approved these changes Mar 28, 2024
View reviewed changes
Copy link
Contributor

@evq evq left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🥲

@hspencer77 hspencer77 merged commit 3b6cce0 into master Mar 28, 2024
12 checks passed
@hspencer77 hspencer77 deleted the remove_bravex_resources branch March 28, 2024 20:42
@hspencer77 hspencer77 mentioned this pull request Mar 28, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@evq evq evq approved these changes

Assignees

@hspencer77 hspencer77

Labels
puLL-Merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hspencer77 @evq