diff --git a/.secrets.baseline b/.secrets.baseline index 24361804..ffa18c6e 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$|^.*pgsslrootcert.yml$", "lines": null }, - "generated_at": "2019-12-13T20:38:57Z", + "generated_at": "2019-12-18T15:29:41Z", "plugins_used": [ { "base64_limit": 4.5, @@ -170,7 +170,7 @@ "hashed_secret": "e4f14805dfd1e6af030359090c535e149e6b4207", "is_secret": false, "is_verified": false, - "line_number": 659, + "line_number": 665, "type": "Hex High Entropy String" } ] diff --git a/alembic/versions/08f2a640e9c2_add_uniqueness_contraint_to_environment_.py b/alembic/versions/08f2a640e9c2_add_uniqueness_contraint_to_environment_.py new file mode 100644 index 00000000..bfc5b894 --- /dev/null +++ b/alembic/versions/08f2a640e9c2_add_uniqueness_contraint_to_environment_.py @@ -0,0 +1,26 @@ +"""add uniqueness contraint to environment within an application + +Revision ID: 08f2a640e9c2 +Revises: c487d91f1a26 +Create Date: 2019-12-16 10:43:12.331095 + +""" +from alembic import op + +# revision identifiers, used by Alembic. +revision = '08f2a640e9c2' # pragma: allowlist secret +down_revision = 'c487d91f1a26' # pragma: allowlist secret +branch_labels = None +depends_on = None + + +def upgrade(): + # ### commands auto generated by Alembic - please adjust! ### + op.create_unique_constraint('environments_name_application_id_key', 'environments', ['name', 'application_id']) + # ### end Alembic commands ### + + +def downgrade(): + # ### commands auto generated by Alembic - please adjust! ### + op.drop_constraint('environments_name_application_id_key', 'environments', type_='unique') + # ### end Alembic commands ### diff --git a/atst/domain/applications.py b/atst/domain/applications.py index c2321194..3dbb9953 100644 --- a/atst/domain/applications.py +++ b/atst/domain/applications.py @@ -11,7 +11,7 @@ from atst.models import ( ApplicationRoleStatus, EnvironmentRole, ) -from atst.utils import first_or_none, update_or_raise_already_exists_error +from atst.utils import first_or_none, commit_or_raise_already_exists_error class Applications(BaseDomainClass): @@ -28,7 +28,7 @@ class Applications(BaseDomainClass): if environment_names: Environments.create_many(user, application, environment_names) - update_or_raise_already_exists_error(message="application") + commit_or_raise_already_exists_error(message="application") return application @classmethod @@ -55,7 +55,7 @@ class Applications(BaseDomainClass): ) db.session.add(application) - update_or_raise_already_exists_error(message="application") + commit_or_raise_already_exists_error(message="application") return application @classmethod diff --git a/atst/domain/environments.py b/atst/domain/environments.py index a1056623..b8a59485 100644 --- a/atst/domain/environments.py +++ b/atst/domain/environments.py @@ -12,6 +12,7 @@ from atst.models import ( CLIN, ) from atst.domain.environment_roles import EnvironmentRoles +from atst.utils import commit_or_raise_already_exists_error from .exceptions import NotFoundError, DisabledError @@ -21,7 +22,7 @@ class Environments(object): def create(cls, user, application, name): environment = Environment(application=application, name=name, creator=user) db.session.add(environment) - db.session.commit() + commit_or_raise_already_exists_error(message="environment") return environment @classmethod @@ -39,7 +40,8 @@ class Environments(object): if name is not None: environment.name = name db.session.add(environment) - db.session.commit() + commit_or_raise_already_exists_error(message="environment") + return environment @classmethod def get(cls, environment_id): diff --git a/atst/domain/task_orders.py b/atst/domain/task_orders.py index 8ad8b0f4..9ecf41e9 100644 --- a/atst/domain/task_orders.py +++ b/atst/domain/task_orders.py @@ -4,7 +4,7 @@ from atst.database import db from atst.models.clin import CLIN from atst.models.task_order import TaskOrder, SORT_ORDERING from . import BaseDomainClass -from atst.utils import update_or_raise_already_exists_error +from atst.utils import commit_or_raise_already_exists_error class TaskOrders(BaseDomainClass): @@ -15,7 +15,7 @@ class TaskOrders(BaseDomainClass): def create(cls, portfolio_id, number, clins, pdf): task_order = TaskOrder(portfolio_id=portfolio_id, number=number, pdf=pdf) db.session.add(task_order) - update_or_raise_already_exists_error(message="task_order") + commit_or_raise_already_exists_error(message="task_order") TaskOrders.create_clins(task_order.id, clins) return task_order @@ -34,7 +34,7 @@ class TaskOrders(BaseDomainClass): task_order.number = number db.session.add(task_order) - update_or_raise_already_exists_error(message="task_order") + commit_or_raise_already_exists_error(message="task_order") return task_order @classmethod diff --git a/atst/forms/task_order.py b/atst/forms/task_order.py index a5e02e8b..1c324736 100644 --- a/atst/forms/task_order.py +++ b/atst/forms/task_order.py @@ -151,3 +151,6 @@ class SignatureForm(BaseForm): translate("task_orders.sign.digital_signature_description"), validators=[Required()], ) + confirm = BooleanField( + translate("task_orders.sign.confirmation_description"), validators=[Required()], + ) diff --git a/atst/models/environment.py b/atst/models/environment.py index 5fc642e5..115f3ed7 100644 --- a/atst/models/environment.py +++ b/atst/models/environment.py @@ -1,4 +1,4 @@ -from sqlalchemy import Column, ForeignKey, String, TIMESTAMP +from sqlalchemy import Column, ForeignKey, String, TIMESTAMP, UniqueConstraint from sqlalchemy.orm import relationship from sqlalchemy.dialects.postgresql import JSONB from enum import Enum @@ -38,6 +38,12 @@ class Environment( primaryjoin="and_(EnvironmentRole.environment_id == Environment.id, EnvironmentRole.deleted == False)", ) + __table_args__ = ( + UniqueConstraint( + "name", "application_id", name="environments_name_application_id_key" + ), + ) + class ProvisioningStatus(Enum): PENDING = "pending" COMPLETED = "completed" diff --git a/atst/routes/applications/new.py b/atst/routes/applications/new.py index e9238775..9d673b04 100644 --- a/atst/routes/applications/new.py +++ b/atst/routes/applications/new.py @@ -1,9 +1,7 @@ -from flask import redirect, render_template, request as http_request, url_for, g +from flask import redirect, render_template, request as http_request, url_for from .blueprint import applications_bp from atst.domain.applications import Applications -from atst.domain.exceptions import AlreadyExistsError -from atst.domain.portfolios import Portfolios from atst.forms.application import NameAndDescriptionForm, EnvironmentsForm from atst.domain.authz.decorator import user_can_access_decorator as user_can from atst.models.permissions import Permissions @@ -13,6 +11,7 @@ from atst.routes.applications.settings import ( get_new_member_form, handle_create_member, handle_update_member, + handle_update_application, ) @@ -38,31 +37,6 @@ def render_new_application_form( return render_template(template, **render_args) -def update_application(form, application_id=None, portfolio_id=None): - if form.validate(): - application = None - try: - if application_id: - application = Applications.get(application_id) - application = Applications.update(application, form.data) - flash("application_updated", application_name=application.name) - else: - portfolio = Portfolios.get_for_update(portfolio_id) - application = Applications.create( - g.current_user, portfolio, **form.data - ) - flash("application_created", application_name=application.name) - - return application - - except AlreadyExistsError: - flash("application_name_error", name=form.data["name"]) - return False - - else: - return False - - @applications_bp.route("/portfolios//applications/new") @applications_bp.route("/applications//new/step_1") @user_can(Permissions.CREATE_APPLICATION, message="view create new application form") @@ -90,7 +64,7 @@ def create_or_update_new_application_step_1(portfolio_id=None, application_id=No form = get_new_application_form( {**http_request.form}, NameAndDescriptionForm, application_id ) - application = update_application(form, application_id, portfolio_id) + application = handle_update_application(form, application_id, portfolio_id) if application: return redirect( diff --git a/atst/routes/applications/settings.py b/atst/routes/applications/settings.py index f2d252a9..92226e89 100644 --- a/atst/routes/applications/settings.py +++ b/atst/routes/applications/settings.py @@ -1,4 +1,10 @@ -from flask import redirect, render_template, request as http_request, url_for, g +from flask import ( + redirect, + render_template, + request as http_request, + url_for, + g, +) from .blueprint import applications_bp from atst.domain.exceptions import AlreadyExistsError @@ -10,6 +16,7 @@ from atst.domain.csp.cloud import GeneralCSPException from atst.domain.common import Paginator from atst.domain.environment_roles import EnvironmentRoles from atst.domain.invitations import ApplicationInvitations +from atst.domain.portfolios import Portfolios from atst.forms.application_member import NewForm as NewMemberForm, UpdateMemberForm from atst.forms.application import NameAndDescriptionForm, EditEnvironmentForm from atst.forms.data import ENV_ROLE_NO_ACCESS as NO_ACCESS @@ -245,16 +252,59 @@ def handle_update_member(application_id, application_role_id, form_data): # TODO: flash error message +def handle_update_environment(form, application=None, environment=None): + if form.validate(): + try: + if environment: + environment = Environments.update( + environment=environment, name=form.name.data + ) + flash("application_environments_updated") + else: + environment = Environments.create( + g.current_user, application=application, name=form.name.data + ) + flash("environment_added", environment_name=form.name.data) + + return environment + + except AlreadyExistsError: + flash("application_environments_name_error", name=form.name.data) + return False + + else: + return False + + +def handle_update_application(form, application_id=None, portfolio_id=None): + if form.validate(): + application = None + + try: + if application_id: + application = Applications.get(application_id) + application = Applications.update(application, form.data) + flash("application_updated", application_name=application.name) + else: + portfolio = Portfolios.get_for_update(portfolio_id) + application = Applications.create( + g.current_user, portfolio, **form.data + ) + flash("application_created", application_name=application.name) + + return application + + except AlreadyExistsError: + flash("application_name_error", name=form.data["name"]) + return False + + @applications_bp.route("/applications//settings") @user_can(Permissions.VIEW_APPLICATION, message="view application edit form") def settings(application_id): application = Applications.get(application_id) - return render_settings_page( - application=application, - active_toggler=http_request.args.get("active_toggler"), - active_toggler_section=http_request.args.get("active_toggler_section"), - ) + return render_settings_page(application=application,) @applications_bp.route("/environments//edit", methods=["POST"]) @@ -264,31 +314,21 @@ def update_environment(environment_id): application = environment.application env_form = EditEnvironmentForm(obj=environment, formdata=http_request.form) + updated_environment = handle_update_environment( + form=env_form, application=application, environment=environment + ) - if env_form.validate(): - Environments.update(environment=environment, name=env_form.name.data) - - flash("application_environments_updated") - + if updated_environment: return redirect( url_for( "applications.settings", application_id=application.id, fragment="application-environments", _anchor="application-environments", - active_toggler=environment.id, - active_toggler_section="edit", ) ) else: - return ( - render_settings_page( - application=application, - active_toggler=environment.id, - active_toggler_section="edit", - ), - 400, - ) + return (render_settings_page(application=application, show_flash=True), 400) @applications_bp.route( @@ -298,14 +338,9 @@ def update_environment(environment_id): def new_environment(application_id): application = Applications.get(application_id) env_form = EditEnvironmentForm(formdata=http_request.form) + environment = handle_update_environment(form=env_form, application=application) - if env_form.validate(): - Environments.create( - g.current_user, application=application, name=env_form.name.data - ) - - flash("environment_added", environment_name=env_form.data["name"]) - + if environment: return redirect( url_for( "applications.settings", @@ -315,7 +350,7 @@ def new_environment(application_id): ) ) else: - return (render_settings_page(application=application), 400) + return (render_settings_page(application=application, show_flash=True), 400) @applications_bp.route("/applications//edit", methods=["POST"]) @@ -323,10 +358,9 @@ def new_environment(application_id): def update(application_id): application = Applications.get(application_id) form = NameAndDescriptionForm(http_request.form) - if form.validate(): - application_data = form.data - Applications.update(application, application_data) + updated_application = handle_update_application(form, application_id) + if updated_application: return redirect( url_for( "applications.portfolio_applications", @@ -334,22 +368,10 @@ def update(application_id): ) ) else: - return render_settings_page(application=application, application_form=form) - - -@applications_bp.route("/applications//delete", methods=["POST"]) -@user_can(Permissions.DELETE_APPLICATION, message="delete application") -def delete(application_id): - application = Applications.get(application_id) - Applications.delete(application) - - flash("application_deleted", application_name=application.name) - - return redirect( - url_for( - "applications.portfolio_applications", portfolio_id=application.portfolio_id + return ( + render_settings_page(application=application, show_flash=True), + 400, ) - ) @applications_bp.route("/environments//delete", methods=["POST"]) diff --git a/atst/routes/portfolios/index.py b/atst/routes/portfolios/index.py index 0447be57..f9e7d5cf 100644 --- a/atst/routes/portfolios/index.py +++ b/atst/routes/portfolios/index.py @@ -56,13 +56,3 @@ def reports(portfolio_id): monthly_spending=Reports.monthly_spending(portfolio), retrieved=datetime.now(), # mocked datetime of reporting data retrival ) - - -@portfolios_bp.route("/portfolios//destroy", methods=["POST"]) -@user_can(Permissions.ARCHIVE_PORTFOLIO, message="archive portfolio") -def delete_portfolio(portfolio_id): - Portfolios.delete(portfolio=g.portfolio) - - flash("portfolio_deleted", portfolio_name=g.portfolio.name) - - return redirect(url_for("atst.home")) diff --git a/atst/utils/__init__.py b/atst/utils/__init__.py index 9772af67..d3f284cc 100644 --- a/atst/utils/__init__.py +++ b/atst/utils/__init__.py @@ -30,7 +30,7 @@ def pick(keys, dct): return {k: v for (k, v) in dct.items() if k in _keys} -def update_or_raise_already_exists_error(message): +def commit_or_raise_already_exists_error(message): try: db.session.commit() except IntegrityError: diff --git a/atst/utils/flash.py b/atst/utils/flash.py index 0de143bb..f876330f 100644 --- a/atst/utils/flash.py +++ b/atst/utils/flash.py @@ -29,6 +29,11 @@ MESSAGES = { """, "category": "success", }, + "application_environments_name_error": { + "title_template": "", + "message_template": """{{ 'flash.application.env_name_error.message' | translate({ 'name': name }) }}""", + "category": "error", + }, "application_environments_updated": { "title_template": "Application environments updated", "message_template": "Application environments have been updated", diff --git a/script/integration_tests b/script/integration_tests index e84b103a..cb0d813a 100755 --- a/script/integration_tests +++ b/script/integration_tests @@ -72,15 +72,18 @@ $CONTAINER_IMAGE \ # Use curl to wait for application container to become available docker pull curlimages/curl:latest +echo "Waiting for application container to become available" docker run --network atat \ curlimages/curl:latest \ - curl --connect-timeout 3 \ + curl \ + --silent \ + --connect-timeout 3 \ --max-time 5 \ --retry $CONTAINER_TIMEOUT \ --retry-connrefused \ --retry-delay 1 \ --retry-max-time $CONTAINER_TIMEOUT \ - test-atat:8000 + test-atat:8000 >/dev/null # Run Ghost Inspector tests docker pull ghostinspector/test-runner-standalone:latest diff --git a/styles/components/_forms.scss b/styles/components/_forms.scss index a6e0709a..43c31c43 100644 --- a/styles/components/_forms.scss +++ b/styles/components/_forms.scss @@ -1,7 +1,8 @@ // Form Grid .form-row { margin: ($gap * 4) 0; - &--separated { + + &--bordered { border-bottom: $color-gray-lighter 1px solid; } diff --git a/styles/core/_util.scss b/styles/core/_util.scss index ff6e8e3f..5203da45 100644 --- a/styles/core/_util.scss +++ b/styles/core/_util.scss @@ -88,5 +88,9 @@ p { hr { border: 0; border-bottom: 1px solid $color-gray-light; - margin: ($gap * 3) ($site-margins * -4); + margin: ($gap * 3) 0; + + &.full-width { + margin: ($gap * 3) ($site-margins * -4); + } } diff --git a/styles/core/_variables.scss b/styles/core/_variables.scss index fe81b498..44fc53c8 100644 --- a/styles/core/_variables.scss +++ b/styles/core/_variables.scss @@ -17,6 +17,7 @@ $usa-banner-height: 2.8rem; $sidenav-expanded-width: 25rem; $sidenav-collapsed-width: 10rem; $max-panel-width: 80rem; +$home-pg-icon-width: 6rem; /* * USWDS Variables diff --git a/styles/elements/_action_group.scss b/styles/elements/_action_group.scss index 1f79f7d2..73cad181 100644 --- a/styles/elements/_action_group.scss +++ b/styles/elements/_action_group.scss @@ -46,7 +46,7 @@ background: white; right: 0; padding-right: $gap * 4; - border-top: 1px solid $color-gray-light; + border-top: 1px solid $color-gray-lighter; width: 100%; z-index: 1; } diff --git a/styles/elements/_icons.scss b/styles/elements/_icons.scss index c7a43414..b2980227 100644 --- a/styles/elements/_icons.scss +++ b/styles/elements/_icons.scss @@ -94,4 +94,19 @@ &--primary { @include icon-color($color-primary); } + + &--home-pg-badge { + @include icon-size(27); + @include icon-color($color-white); + + background-color: $color-primary; + height: $home-pg-icon-width; + width: $home-pg-icon-width; + border-radius: 100%; + display: inline-flex; + + svg { + margin: auto; + } + } } diff --git a/styles/elements/_inputs.scss b/styles/elements/_inputs.scss index 47cc4f3c..a5040e41 100644 --- a/styles/elements/_inputs.scss +++ b/styles/elements/_inputs.scss @@ -165,6 +165,15 @@ margin-top: 0; margin-bottom: 0; } + + label { + margin-left: 3rem; + + &:before { + position: absolute; + left: -3rem; + } + } } select { diff --git a/styles/elements/_sidenav.scss b/styles/elements/_sidenav.scss index 0a6b201c..d4a538f0 100644 --- a/styles/elements/_sidenav.scss +++ b/styles/elements/_sidenav.scss @@ -1,8 +1,3 @@ -@mixin sidenav__header { - padding: $gap ($gap * 2); - font-weight: bold; -} - .sidenav-container { box-shadow: $box-shadow; overflow: hidden; @@ -26,34 +21,58 @@ margin: 0px; } - &__title { - @include sidenav__header; + &__header { + padding: $gap ($gap * 2); + font-weight: bold; + border-bottom: 1px solid $color-gray-lighter; - font-size: $h3-font-size; + &--minimized { + @extend .sidenav__header; + + padding: $gap; + width: $sidenav-collapsed-width; + } + } + + &__title { + font-size: $h6-font-size; text-transform: uppercase; width: 50%; color: $color-gray-dark; opacity: 0.54; + white-space: nowrap; + padding: $gap; + display: inline-flex; + align-items: center; } &__toggle { - @include sidenav__header; - font-size: $small-font-size; - line-height: 2.8rem; - float: right; - color: $color-blue-darker; + color: $color-blue; + text-decoration: none; + padding: $gap; + display: inline-flex; + align-items: center; .toggle-arrows { vertical-align: middle; + @include icon-size(20); + + &:first-child { + margin-left: 0; + } + + &:last-child { + margin-right: 0; + } } } ul { &.sidenav__list--padded { - margin-top: 4 * $gap; + margin-top: 3 * $gap; margin-bottom: $footer-height; - padding-bottom: $gap; + padding-bottom: ($gap * 2); position: fixed; overflow-y: scroll; top: $topbar-height + $usa-banner-height + 4rem; @@ -69,6 +88,7 @@ li { margin: 0; display: block; + color: $color-black-light; } } @@ -89,100 +109,19 @@ &__link { display: block; padding: $gap ($gap * 2); - color: $color-black; - text-decoration: underline; white-space: nowrap; overflow: hidden; + color: $color-black-light; + text-decoration: none; text-overflow: ellipsis; - &-icon { - margin-left: -($gap * 0.5); - } - - &--disabled { - color: $color-shadow; - pointer-events: none; - } - - &--add { - color: $color-blue; - font-size: $small-font-size; - - .icon { - @include icon-color($color-blue); - @include icon-size(14); - } - } - &--active { @include h4; - color: $color-primary; background-color: $color-aqua-lightest; - box-shadow: inset ($gap / 2) 0 0 0 $color-primary; - - .sidenav__link-icon { - @include icon-style-active; - } - + box-shadow: inset ($gap / 2) 0 0 0 $color-primary-darker; position: relative; - - &_indicator .icon { - @include icon-color($color-primary); - - position: absolute; - right: 0; - } - - + ul { - background-color: $color-primary; - - .sidenav__link { - color: $color-white; - background-color: $color-primary; - - &:hover { - background-color: $color-blue-darker; - } - - &--active { - @include h5; - - color: $color-white; - background-color: $color-primary; - box-shadow: none; - } - - .icon { - @include icon-color($color-white); - } - } - } - } - - + ul { - li { - .sidenav__link { - @include h5; - - padding: $gap * 0.75; - padding-left: 4.5rem; - border: 0; - font-weight: normal; - - .sidenav__link-icon { - @include icon-size(12); - - flex-shrink: 0; - margin-right: 1.5rem; - margin-left: -3rem; - } - - .sidenav__link-label { - padding-left: 0; - } - } - } + color: $color-primary-darker; } &:hover { diff --git a/styles/sections/_home.scss b/styles/sections/_home.scss index 1ca33efc..b0d715d2 100644 --- a/styles/sections/_home.scss +++ b/styles/sections/_home.scss @@ -1,49 +1,25 @@ .home { + margin: $gap * 3; .sticky-cta { margin: -1.6rem -1.6rem 0 -1.6rem; } -} -.about-cloud { - margin: 4rem auto; - max-width: 900px; -} + &__content { + margin: 4rem; + max-width: 900px; -.your-project { - margin-top: 3rem; - padding: 3rem; - background-color: $color-gray-lightest; + &--descriptions { + .col { + margin-left: $home-pg-icon-width; + padding: ($gap * 2) ($gap * 4); + position: relative; - h2 { - margin-top: 0; - } - - .links { - justify-content: flex-start; - - .icon-link { - padding: $gap ($gap * 4); - - &:first-child { - padding-left: 0; - } - - &:last-child { - padding-right: 0; - } - - &:hover { - background-color: transparent; - color: $color-gray-dark; - - .svg * { - fill: $color-gray-dark; + .icon--home-pg-badge { + position: absolute; + left: -$home-pg-icon-width; + top: $gap * 3; } } - - &.active:hover { - color: $color-blue; - } } } } @@ -112,8 +88,3 @@ } } } - -#jedi-heirarchy { - max-width: 65rem; - margin-top: $gap * 8; -} diff --git a/styles/sections/_task_order.scss b/styles/sections/_task_order.scss index 228bf126..c09f49a7 100644 --- a/styles/sections/_task_order.scss +++ b/styles/sections/_task_order.scss @@ -20,10 +20,7 @@ } &__header { - .h2, - p { - margin-bottom: $gap * 0.5; - } + margin-bottom: $gap * 6; } .col { @@ -155,6 +152,10 @@ } } } + + &__confirmation { + margin-left: $gap * 8; + } } .task-order__modal-cancel { diff --git a/templates/applications/fragments/member_form_fields.html b/templates/applications/fragments/member_form_fields.html index 20ecc210..3aa97687 100644 --- a/templates/applications/fragments/member_form_fields.html +++ b/templates/applications/fragments/member_form_fields.html @@ -100,7 +100,7 @@ {{ CheckboxInput(form.perms_env_mgmt, classes="input__inline-fields", key=env_mgmt, id=env_mgmt, optional=True) }} {{ CheckboxInput(form.perms_del_env, classes="input__inline-fields", key=del_env, id=del_env, optional=True) }} -
+

{{ "portfolios.applications.members.form.env_access.title" | translate }}

diff --git a/templates/applications/fragments/members.html b/templates/applications/fragments/members.html index 1a7bcb4a..be312351 100644 --- a/templates/applications/fragments/members.html +++ b/templates/applications/fragments/members.html @@ -40,7 +40,7 @@ {% call Modal(modal_name, classes="form-content--app-mem") %}

{{ Icon('avatar') }} {{ "portfolios.applications.members.form.edit_access_header" | translate({ "user": member.user_name }) }}

-
+
-
+
{{ TextInput(form.description, paragraph=True, optional=True) }} diff --git a/templates/applications/new/step_2.html b/templates/applications/new/step_2.html index bb622f8f..462c0f46 100644 --- a/templates/applications/new/step_2.html +++ b/templates/applications/new/step_2.html @@ -19,7 +19,7 @@

{{ 'portfolios.applications.new.step_2_description' | translate }}

-
+
{{ 'portfolios.applications.environments_heading' | translate }}
@@ -58,9 +58,9 @@ {{ Icon("plus") }}
-
+ - + {% block next_button %} {{ SaveButton(text=('portfolios.applications.new.step_2_button_text' | translate)) }} diff --git a/templates/applications/new/step_3.html b/templates/applications/new/step_3.html index 06dd4e0d..a4e1aa53 100644 --- a/templates/applications/new/step_3.html +++ b/templates/applications/new/step_3.html @@ -15,7 +15,7 @@

{{ ('portfolios.applications.new.step_3_description' | translate) }}

-
+
{{ MemberManagementTemplate( application, diff --git a/templates/applications/settings.html b/templates/applications/settings.html index c8e41fcd..e10c5a50 100644 --- a/templates/applications/settings.html +++ b/templates/applications/settings.html @@ -13,6 +13,9 @@ {% block application_content %} + {% if show_flash -%} + {% include "fragments/flash.html" %} + {%- endif %}

{{ 'portfolios.applications.settings.name_description' | translate }}

{% if user_can(permissions.EDIT_APPLICATION) %} @@ -59,59 +62,8 @@ environments_obj, new_env_form) }} - {% if user_can(permissions.DELETE_APPLICATION) %} - {% set env_count = application.environments | length %} - {% if env_count == 1 %} - {% set pluralized_env = "environment" %} - {% else %} - {% set pluralized_env = "environments" %} - {% endif %} - -

- {{ "portfolios.applications.delete.subheading" | translate }} -

-
-
- {{ "portfolios.applications.delete.text" | translate({"application_name": application.name}) | safe }} -
-
-
- -
-
-
- - {% call Modal(name="delete-application") %} -

{{ "portfolios.applications.delete.header" | translate }}

-
- {{ - Alert( - title=("components.modal.destructive_title" | translate), - message=("portfolios.applications.delete.alert.message" | translate), - level="warning" - ) - }} - - {{ - DeleteConfirmation( - modal_id="delete_application", - delete_text=('portfolios.applications.delete.button' | translate), - delete_action= url_for('applications.delete', application_id=application.id), - form=application_form - ) - }} - {% endcall %} - {% endif %} - -
- {% if user_can(permissions.VIEW_APPLICATION_ACTIVITY_LOG) and config.get("USE_AUDIT_LOG", False) %} +
{% include "fragments/audit_events_log.html" %} {{ Pagination(audit_events, url=url_for('applications.settings', application_id=application.id)) }} {% endif %} diff --git a/templates/base.html b/templates/base.html index fabcb92c..f4964add 100644 --- a/templates/base.html +++ b/templates/base.html @@ -21,9 +21,7 @@ {% include 'navigation/topbar.html' %}
- {% if portfolios %} - {% include 'navigation/global_sidenav.html' %} - {% endif %} + {% include 'navigation/global_sidenav.html' %}
{% block sidenav %}{% endblock %} diff --git a/templates/components/sidenav_item.html b/templates/components/sidenav_item.html index 8e3c5135..ec6be364 100644 --- a/templates/components/sidenav_item.html +++ b/templates/components/sidenav_item.html @@ -1,35 +1,11 @@ {% from "components/icon.html" import Icon %} -{% macro SidenavItem(label, href, active=False, icon=None, subnav=None) -%} +{% macro SidenavItem(label, href, active=False) -%}
  • - - {% if icon %} - {{ Icon(icon, classes="sidenav__link-icon") }} - {% endif %} - - - {{label}} - - {% if active %} - - {{ Icon("caret_right") }} + + + {{label}} - {% endif %} - - - {% if subnav and active %} - - {% endif %} +
    • {%- endmacro %} diff --git a/templates/home.html b/templates/home.html index 4e459639..986c6e41 100644 --- a/templates/home.html +++ b/templates/home.html @@ -1,8 +1,7 @@ {% extends "base.html" %} -{% from "components/sticky_cta.html" import StickyCTA %} {% from "components/icon.html" import Icon %} -{% from "components/semi_collapsible_text.html" import SemiCollapsibleText %} +{% from "components/sticky_cta.html" import StickyCTA %} {% block content %} @@ -13,88 +12,56 @@ {% set sticky_header = "home.get_started" | translate %} {% endif %} - {% call StickyCTA(sticky_header) %} - - {{ "home.add_portfolio_button_text" | translate }} - - {% endcall %} - -
    +
    {% include "fragments/flash.html" %}

    {{ "home.head" | translate }}

    +

    Set up a Portfolio

    +

    New Portfolios will be visible in the left side bar of this page.

    +

    All TOs associated to a specific Application or set of related Applications will be entered at the Portfolio level. Funding is applied and managed at the Portfolio level as well.

    +
    - {{ SemiCollapsibleText(first_half=("home.about_cloud.part1"|translate), second_half=("home.about_cloud.part2"|translate)) }} - -
    -

    {{ "home.your_project" | translate }}

    -

    {{ "home.your_project_descrip" | translate }}

    - -
    - - {% macro Link(icon, text, section, default=False) %} - {% if default %} -
    - {% else %} -
    - {% endif %} -
    -
    {{ Icon(icon) }}
    -
    {{ text }}
    -
    +
    +
    +
    + {{ Icon('funding', classes="icon--home-pg-badge") }} +

    {{ "navigation.portfolio_navigation.breadcrumbs.funding" | translate }}

    +

    + {{ "home.funding_descrip" | translate }} +

    - {% endmacro %} - - -
    -
    -
    - {{ Link( - icon='funding', - section='funding', - text='navigation.portfolio_navigation.breadcrumbs.funding' | translate, - default=True - ) }} - {{ Link( - icon='applications', - section='applications', - text='navigation.portfolio_navigation.breadcrumbs.applications' | translate, - ) }} - {{ Link( - icon='chart-pie', - section='reports', - text='navigation.portfolio_navigation.breadcrumbs.reports' | translate, - ) }} - {{ Link( - icon='cog', - section='admin', - text='navigation.portfolio_navigation.breadcrumbs.admin' | translate, - ) }} -
    -
    - {% macro Description(section, default=False) %} - {% if default %} -

    - {% else %} -

    - {% endif %} - - {{ "navigation.portfolio_navigation.breadcrumbs.%s" | format(section) | translate }} - - {{ "home.%s_descrip" | format(section) | translate }} -

    - {% endmacro %} -
    - {{ Description('funding', default=True) }} - {{ Description('applications') }} - {{ Description('reports') }} - {{ Description('admin') }} -
    +
    + {{ Icon('chart-pie', classes="icon--home-pg-badge") }} +

    {{ "navigation.portfolio_navigation.breadcrumbs.reports" | translate }}

    +

    + {{ "home.reports_descrip" | translate }} +

    - - +
    +
    +
    + {{ Icon('applications', classes="icon--home-pg-badge") }} +

    {{ "navigation.portfolio_navigation.breadcrumbs.applications" | translate }}

    +

    + {{ "home.applications_descrip" | translate }} +

    +
    +
    + {{ Icon('cog', classes="icon--home-pg-badge") }} +

    {{ "navigation.portfolio_navigation.breadcrumbs.admin" | translate }}

    +

    + {{ "home.admin_descrip" | translate }} +

    +
    +
    +
    +
    +
    + + {{ "home.add_portfolio_button_text" | translate }} + +
    - JEDI heirarchy diagram
    diff --git a/templates/navigation/global_sidenav.html b/templates/navigation/global_sidenav.html index c6141641..84ce99e6 100644 --- a/templates/navigation/global_sidenav.html +++ b/templates/navigation/global_sidenav.html @@ -7,29 +7,29 @@
    - +
    - +
    -
    Portfolios
      - {% if portfolios %} - {% for other_portfolio in portfolios|sort(attribute='name') %} - {{ SidenavItem(other_portfolio.name, - href=url_for("applications.portfolio_applications", portfolio_id=other_portfolio.id), - active=(other_portfolio.id | string) == request.view_args.get('portfolio_id') - ) }} - {% endfor %} - {% else %} -
    • You have no portfolios yet
      • - {% endif %} + {% for other_portfolio in portfolios|sort(attribute='name') %} + {{ SidenavItem(other_portfolio.name, + href=url_for("applications.portfolio_applications", portfolio_id=other_portfolio.id), + active=(other_portfolio.id | string) == request.view_args.get('portfolio_id') + ) }} + {% endfor %}
    diff --git a/templates/portfolios/admin.html b/templates/portfolios/admin.html index 5bfb7d7c..d1e6e353 100644 --- a/templates/portfolios/admin.html +++ b/templates/portfolios/admin.html @@ -56,14 +56,10 @@ {% include "portfolios/fragments/primary_point_of_contact.html" %} {% endif %} - {% if user_can(permissions.ARCHIVE_PORTFOLIO) %} - {% include "portfolios/fragments/delete_portfolio.html" %} - {% endif %} - {% if user_can(permissions.VIEW_PORTFOLIO_USERS) %} {% include "portfolios/fragments/portfolio_members.html" %} {% endif %} - + {% if user_can(permissions.VIEW_PORTFOLIO_ACTIVITY_LOG) and config.get("USE_AUDIT_LOG", False) %} {% include "fragments/audit_events_log.html" %} {{ Pagination(audit_events, url_for('portfolios.admin', portfolio_id=portfolio.id)) }} diff --git a/templates/portfolios/fragments/add_new_portfolio_member.html b/templates/portfolios/fragments/add_new_portfolio_member.html index 06ca6038..644f5062 100644 --- a/templates/portfolios/fragments/add_new_portfolio_member.html +++ b/templates/portfolios/fragments/add_new_portfolio_member.html @@ -16,7 +16,7 @@ {% endmacro %} {% set step_one %} -
    +

    Invite new portfolio member

    @@ -52,7 +52,7 @@
    {% endset %} {% set step_two %} -
    +

    Assign member permissions

    {{ Icon('info') }} diff --git a/templates/portfolios/fragments/change_ppoc.html b/templates/portfolios/fragments/change_ppoc.html index 1eb9a03c..478a55d4 100644 --- a/templates/portfolios/fragments/change_ppoc.html +++ b/templates/portfolios/fragments/change_ppoc.html @@ -5,7 +5,7 @@ {% from "components/options_input.html" import OptionsInput %} {% set step_one %} -
    +

    {{ "fragments.ppoc.update_ppoc_title" | translate }}

    {{ @@ -42,7 +42,7 @@ {% endset %} {% set step_two %} -
    +

    {{ "fragments.ppoc.update_ppoc_confirmation_title" | translate }}

    {{ diff --git a/templates/portfolios/fragments/delete_portfolio.html b/templates/portfolios/fragments/delete_portfolio.html deleted file mode 100644 index da83b2e7..00000000 --- a/templates/portfolios/fragments/delete_portfolio.html +++ /dev/null @@ -1,42 +0,0 @@ -{% from "components/delete_confirmation.html" import DeleteConfirmation %} -{% from "components/alert.html" import Alert %} -{% from "components/modal.html" import Modal %} - -
    -
    -

    {{ "fragments.delete_portfolio.title" | translate }}

    -

    {{ "fragments.delete_portfolio.subtitle" | translate }}

    - - -
    - {{ "common.deactivate" | translate }} -
    -
    -
    - -{% call Modal(name="delete_portfolio") %} -

    - {{ 'fragments.delete_portfolio.title' | translate }} -

    -
    - {{ - Alert( - level="warning", - title=('components.modal.destructive_title' | translate), - message=('components.modal.destructive_message' | translate({"resource": "portfolio"})), - ) - }} - - {{ - DeleteConfirmation( - modal_id='delete_portfolio', - delete_text='Deactivate', - delete_action=url_for('portfolios.delete_portfolio', portfolio_id=portfolio.id), - form=portfolio_form, - confirmation_text="deactivate", - ) - }} -{% endcall %} diff --git a/templates/portfolios/new/step_1.html b/templates/portfolios/new/step_1.html index 4613b063..3383128b 100644 --- a/templates/portfolios/new/step_1.html +++ b/templates/portfolios/new/step_1.html @@ -16,36 +16,36 @@
    {{ StickyCTA(text="Create New Portfolio") }} - - {{ form.csrf_token }} -
    -
    - {{ TextInput(form.name, optional=False) }} - {{"forms.portfolio.name.help_text" | translate | safe }} +
    + + {{ form.csrf_token }} +
    +
    + {{ TextInput(form.name, optional=False, classes="form-col") }} + {{"forms.portfolio.name.help_text" | translate | safe }} +
    -
    -
    -
    - {{ TextInput(form.description, paragraph=True) }} - {{"forms.portfolio.description.help_text" | translate | safe }} +
    +
    + {{ TextInput(form.description, paragraph=True) }} + {{"forms.portfolio.description.help_text" | translate | safe }} +
    -
    -
    -
    - {{ MultiCheckboxInput(form.defense_component, optional=False) }} - {{ "forms.portfolio.defense_component.help_text" | translate | safe }} +
    +
    + {{ MultiCheckboxInput(form.defense_component, optional=False) }} + {{ "forms.portfolio.defense_component.help_text" | translate | safe }} +
    -
    -
    - {{ - SaveButton( - text=('common.save' | translate), - form="portfolio-create", - element="input", - ) - }} -
    - +
    + {% block next_button %} + {{ SaveButton(text=('common.save' | translate), form="portfolio-create", element="input") }} + {% endblock %} + + Cancel + + +
    {% endblock %} diff --git a/templates/task_orders/builder_base.html b/templates/task_orders/builder_base.html index 362a1038..70bc20c9 100644 --- a/templates/task_orders/builder_base.html +++ b/templates/task_orders/builder_base.html @@ -8,8 +8,26 @@
    {{ form.csrf_token }} - {% call StickyCTA(text=('task_orders.form.sticky_header_text' | translate({"step": step}) )) %} - + {{ StickyCTA( + text='task_orders.form.sticky_header_text' | translate, + context=('task_orders.form.sticky_header_context' | translate({"step": step}) )) }} + + {% call Modal(name='cancel', dismissable=True) %} +
    +

    Do you want to save this draft?

    +
    + + +
    +
    + {% endcall %} + + {% include "fragments/flash.html" %} + +
    + {% block to_builder_form_field %}{% endblock %} +
    + {% block next_button %} - {% endcall %} - - {% call Modal(name='cancel', dismissable=True) %} -
    -

    Do you want to save this draft?

    -
    - - -
    -
    - {% endcall %} - - {% include "fragments/flash.html" %} - -
    - {% block to_builder_form_field %}{% endblock %} -
    diff --git a/templates/task_orders/form_header.html b/templates/task_orders/form_header.html index 79821bf7..05f9116a 100644 --- a/templates/task_orders/form_header.html +++ b/templates/task_orders/form_header.html @@ -1,8 +1,10 @@ -{% macro TOFormStepHeader(title, description, to_number=None) %} +{% macro TOFormStepHeader(description, title=None, to_number=None) %}
    -
    - {{ title }} -
    + {% if title -%} +
    + {{ title }} +
    + {%- endif %} {% if to_number %}

    Task Order Number: {{ to_number }} diff --git a/templates/task_orders/step_1.html b/templates/task_orders/step_1.html index 758099fa..6be3218c 100644 --- a/templates/task_orders/step_1.html +++ b/templates/task_orders/step_1.html @@ -1,7 +1,6 @@ {% extends "task_orders/builder_base.html" %} {% from 'components/icon.html' import Icon %} -{% from "components/sticky_cta.html" import StickyCTA %} {% from "task_orders/form_header.html" import TOFormStepHeader %} {% from 'components/upload_input.html' import UploadInput %} diff --git a/templates/task_orders/step_5.html b/templates/task_orders/step_5.html index 2d19c35b..e5ce9189 100644 --- a/templates/task_orders/step_5.html +++ b/templates/task_orders/step_5.html @@ -10,11 +10,16 @@ {% set step = "5" %} {% block to_builder_form_field %} - {{ TOFormStepHeader('task_orders.form.step_5.title' | translate, 'task_orders.form.step_5.description' | translate, task_order.number) }} - - {% call Alert('', - message="task_orders.form.step_5.alert_message" | translate - ) %} + {{ TOFormStepHeader('task_orders.form.step_5.description' | translate, to_number=task_order.number) }} +

    {{ CheckboxInput(form.signature) }} - {% endcall %} + {{ CheckboxInput(form.confirm) }} +
    +
    +
    + {{ "task_orders.sign.acknowledge.title" | translate }} +
    +

    + {{ "task_orders.sign.acknowledge.text" | translate }} +

    {% endblock %} diff --git a/terraform/modules/cdn/main.tf b/terraform/modules/cdn/main.tf new file mode 100644 index 00000000..5debd443 --- /dev/null +++ b/terraform/modules/cdn/main.tf @@ -0,0 +1,31 @@ +resource "random_id" "server" { + keepers = { + azi_id = 1 + } + + byte_length = 8 +} + +resource "azurerm_resource_group" "cdn" { + name = "${var.name}-${var.environment}-cdn" + location = var.region +} + +resource "azurerm_cdn_profile" "cdn" { + name = "${var.name}-${var.environment}-profile" + location = azurerm_resource_group.cdn.location + resource_group_name = azurerm_resource_group.cdn.name + sku = var.sku +} + +resource "azurerm_cdn_endpoint" "cdn" { + name = "${var.name}-${var.environment}-${random_id.server.hex}" + profile_name = azurerm_cdn_profile.cdn.name + location = azurerm_resource_group.cdn.location + resource_group_name = azurerm_resource_group.cdn.name + + origin { + name = "${var.name}-${var.environment}-origin" + host_name = var.origin_host_name + } +} diff --git a/terraform/modules/cdn/outputs.tf b/terraform/modules/cdn/outputs.tf new file mode 100644 index 00000000..e69de29b diff --git a/terraform/modules/cdn/variables.tf b/terraform/modules/cdn/variables.tf new file mode 100644 index 00000000..3abe4851 --- /dev/null +++ b/terraform/modules/cdn/variables.tf @@ -0,0 +1,31 @@ +variable "region" { + type = string + description = "Region this module and resources will be created in" +} + +variable "name" { + type = string + description = "Unique name for the services in this module" +} + +variable "environment" { + type = string + description = "Environment these resources reside (prod, dev, staging, etc)" +} + +variable "owner" { + type = string + description = "Owner of the environment and resources created in this module" +} + +variable "sku" { + type = string + description = "SKU of which CDN to use" + default = "Standard_Verizon" +} + +variable "origin_host_name" { + type = string + description = "Subdomain to use for the origin in requests to the CDN" +} + diff --git a/terraform/modules/container_registry/main.tf b/terraform/modules/container_registry/main.tf new file mode 100644 index 00000000..a22bacf0 --- /dev/null +++ b/terraform/modules/container_registry/main.tf @@ -0,0 +1,13 @@ +resource "azurerm_resource_group" "acr" { + name = "${var.name}-${var.environment}-acr" + location = var.region +} + +resource "azurerm_container_registry" "acr" { + name = "${var.name}${var.environment}registry" # Alpha Numeric Only + resource_group_name = azurerm_resource_group.acr.name + location = azurerm_resource_group.acr.location + sku = var.sku + admin_enabled = var.admin_enabled + #georeplication_locations = [azurerm_resource_group.acr.location, var.backup_region] +} \ No newline at end of file diff --git a/terraform/modules/container_registry/outputs.tf b/terraform/modules/container_registry/outputs.tf new file mode 100644 index 00000000..e69de29b diff --git a/terraform/modules/container_registry/variables.tf b/terraform/modules/container_registry/variables.tf new file mode 100644 index 00000000..6fe16ad5 --- /dev/null +++ b/terraform/modules/container_registry/variables.tf @@ -0,0 +1,37 @@ +variable "region" { + type = string + description = "Region this module and resources will be created in" +} + +variable "name" { + type = string + description = "Unique name for the services in this module" +} + +variable "environment" { + type = string + description = "Environment these resources reside (prod, dev, staging, etc)" +} + +variable "owner" { + type = string + description = "Owner of the environment and resources created in this module" +} + +variable "backup_region" { + type = string + description = "Backup region for georeplicating the container registry" +} + +variable "sku" { + type = string + description = "SKU to use for the container registry service" + default = "Premium" +} + +variable "admin_enabled" { + type = string + description = "Admin enabled? (true/false default: false)" + default = false + +} diff --git a/terraform/modules/lb/main.tf b/terraform/modules/lb/main.tf new file mode 100644 index 00000000..1c9acace --- /dev/null +++ b/terraform/modules/lb/main.tf @@ -0,0 +1,22 @@ +resource "azurerm_resource_group" "lb" { + name = "${var.name}-${var.environment}-lb" + location = var.region +} + +resource "azurerm_public_ip" "lb" { + name = "${var.name}-${var.environment}-ip" + location = var.region + resource_group_name = azurerm_resource_group.lb.name + allocation_method = "Static" +} + +resource "azurerm_lb" "lb" { + name = "${var.name}-${var.environment}-lb" + location = var.region + resource_group_name = azurerm_resource_group.lb.name + + frontend_ip_configuration { + name = "${var.name}-${var.environment}-ip" + public_ip_address_id = azurerm_public_ip.lb.id + } +} diff --git a/terraform/modules/lb/outputs.tf b/terraform/modules/lb/outputs.tf new file mode 100644 index 00000000..e69de29b diff --git a/terraform/modules/lb/variables.tf b/terraform/modules/lb/variables.tf new file mode 100644 index 00000000..10fa56e9 --- /dev/null +++ b/terraform/modules/lb/variables.tf @@ -0,0 +1,19 @@ +variable "region" { + type = string + description = "Region this module and resources will be created in" +} + +variable "name" { + type = string + description = "Unique name for the services in this module" +} + +variable "environment" { + type = string + description = "Environment these resources reside (prod, dev, staging, etc)" +} + +variable "owner" { + type = string + description = "Owner of the environment and resources created in this module" +} \ No newline at end of file diff --git a/terraform/modules/redis/main.tf b/terraform/modules/redis/main.tf new file mode 100644 index 00000000..90a88a2b --- /dev/null +++ b/terraform/modules/redis/main.tf @@ -0,0 +1,24 @@ +resource "azurerm_resource_group" "redis" { + name = "${var.name}-${var.environment}-redis" + location = var.region +} + +# NOTE: the Name used for Redis needs to be globally unique +resource "azurerm_redis_cache" "redis" { + name = "${var.name}-${var.environment}-redis" + location = azurerm_resource_group.redis.location + resource_group_name = azurerm_resource_group.redis.name + capacity = var.capacity + family = var.family + sku_name = var.sku_name + enable_non_ssl_port = var.enable_non_ssl_port + minimum_tls_version = var.minimum_tls_version + + redis_configuration { + enable_authentication = var.enable_authentication + } + tags = { + environment = var.environment + owner = var.owner + } +} diff --git a/terraform/modules/redis/outputs.tf b/terraform/modules/redis/outputs.tf new file mode 100644 index 00000000..e69de29b diff --git a/terraform/modules/redis/variables.tf b/terraform/modules/redis/variables.tf new file mode 100644 index 00000000..dac8819b --- /dev/null +++ b/terraform/modules/redis/variables.tf @@ -0,0 +1,60 @@ +variable "region" { + type = string + description = "Region this module and resources will be created in" +} + +variable "name" { + type = string + description = "Unique name for the services in this module" +} + +variable "environment" { + type = string + description = "Environment these resources reside (prod, dev, staging, etc)" +} + +variable "owner" { + type = string + description = "Owner of the environment and resources created in this module" +} + +variable "capacity" { + type = string + default = 2 + description = "The capacity of the redis cache" + +} + +variable "family" { + type = string + default = "C" + description = "The subscription family for redis" + +} + +variable "sku_name" { + type = string + default = "Standard" + description = "The sku to use" + +} + +variable "enable_non_ssl_port" { + type = bool + default = false + description = "Enable non TLS port (default: false)" + +} + +variable "minimum_tls_version" { + type = string + default = "1.2" + description = "Minimum TLS version to use" + +} + +variable "enable_authentication" { + type = bool + default = true + description = "Enable or disable authentication (default: true)" +} diff --git a/terraform/modules/vpc/main.tf b/terraform/modules/vpc/main.tf index e614b9e4..629be9f1 100644 --- a/terraform/modules/vpc/main.tf +++ b/terraform/modules/vpc/main.tf @@ -36,9 +36,9 @@ resource "azurerm_subnet" "subnet" { address_prefix = element(split(",", each.value), 0) # See https://github.com/terraform-providers/terraform-provider-azurerm/issues/3471 - lifecycle { - ignore_changes = [route_table_id] - } + lifecycle { + ignore_changes = [route_table_id] + } #delegation { # name = "acctestdelegation" # @@ -57,16 +57,58 @@ resource "azurerm_route_table" "route_table" { } resource "azurerm_subnet_route_table_association" "route_table" { - for_each = var.networks - subnet_id = azurerm_subnet.subnet[each.key].id + for_each = var.networks + subnet_id = azurerm_subnet.subnet[each.key].id route_table_id = azurerm_route_table.route_table[each.key].id } resource "azurerm_route" "route" { - for_each = var.route_tables - name = "${var.name}-${var.environment}-default" + for_each = var.route_tables + name = "${var.name}-${var.environment}-default" resource_group_name = azurerm_resource_group.vpc.name - route_table_name = azurerm_route_table.route_table[each.key].name + route_table_name = azurerm_route_table.route_table[each.key].name address_prefix = "0.0.0.0/0" next_hop_type = each.value } + +# Required for the gateway +resource "azurerm_subnet" "gateway" { + name = "GatewaySubnet" + resource_group_name = azurerm_resource_group.vpc.name + virtual_network_name = azurerm_virtual_network.vpc.name + address_prefix = var.gateway_subnet +} + + +resource "azurerm_public_ip" "vpn_ip" { + name = "test" + location = azurerm_resource_group.vpc.location + resource_group_name = azurerm_resource_group.vpc.name + + allocation_method = "Dynamic" +} + +resource "azurerm_virtual_network_gateway" "vnet_gateway" { + name = "test" + location = azurerm_resource_group.vpc.location + resource_group_name = azurerm_resource_group.vpc.name + + type = "Vpn" + vpn_type = "RouteBased" + + active_active = false + enable_bgp = false + sku = "Standard" + + ip_configuration { + name = "vnetGatewayConfig" + public_ip_address_id = azurerm_public_ip.vpn_ip.id + private_ip_address_allocation = "Dynamic" + subnet_id = azurerm_subnet.gateway.id + } + + vpn_client_configuration { + address_space = ["172.16.1.0/24"] + vpn_client_protocols = ["OpenVPN"] + } +} \ No newline at end of file diff --git a/terraform/modules/vpc/variables.tf b/terraform/modules/vpc/variables.tf index ab2aa894..9f331534 100644 --- a/terraform/modules/vpc/variables.tf +++ b/terraform/modules/vpc/variables.tf @@ -41,3 +41,8 @@ variable "route_tables" { type = map description = "A map with the route tables to create" } + +variable "gateway_subnet" { + type = string + description = "The Subnet CIDR that we'll use for the virtual_network_gateway 'GatewaySubnet'" +} diff --git a/terraform/providers/dev/cdn.tf b/terraform/providers/dev/cdn.tf new file mode 100644 index 00000000..02c17e3d --- /dev/null +++ b/terraform/providers/dev/cdn.tf @@ -0,0 +1,8 @@ +module "cdn" { + source = "../../modules/cdn" + origin_host_name = "staging.atat.code.mil" + owner = var.owner + environment = var.environment + name = var.name + region = var.region +} diff --git a/terraform/providers/dev/container_registry.tf b/terraform/providers/dev/container_registry.tf new file mode 100644 index 00000000..0bbf0901 --- /dev/null +++ b/terraform/providers/dev/container_registry.tf @@ -0,0 +1,8 @@ +module "container_registry" { + source = "../../modules/container_registry" + name = var.name + region = var.region + environment = var.environment + owner = var.owner + backup_region = var.backup_region +} diff --git a/terraform/providers/dev/diagram/USEAST Development Network.png b/terraform/providers/dev/diagram/USEAST Development Network.png new file mode 100644 index 00000000..a32c05db Binary files /dev/null and b/terraform/providers/dev/diagram/USEAST Development Network.png differ diff --git a/terraform/providers/dev/diagram/USWEST Development Network.png b/terraform/providers/dev/diagram/USWEST Development Network.png new file mode 100644 index 00000000..ba04343d Binary files /dev/null and b/terraform/providers/dev/diagram/USWEST Development Network.png differ diff --git a/terraform/providers/dev/diagram/useast.txt b/terraform/providers/dev/diagram/useast.txt new file mode 100644 index 00000000..48ee5c45 --- /dev/null +++ b/terraform/providers/dev/diagram/useast.txt @@ -0,0 +1,50 @@ +@startuml USEAST Development Network + +title USEAST Development Network + +cloud Internet + +cloud Azure { + [Azure Storage] as storage + [Azure CDN] as cdn + cdn --> storage : "HTTPS/443" + note as cdn_note + CDN and Azure storage are + managed by Azure and configured + for geographic failover + end note +} +frame "USEAST Virtual Network" as vnet { + frame "Public Route Table" as public_rt{ + frame "Public Subnet" as public_subnet { + [ALB] + [Internet] --> ALB + note as public_useast + 10.1.1.0/24 + end note + } + } + frame "Private Route Table" as private_rt{ + frame "Private Subnet" as private_subnet { + [AKS] + [Redis] + [Postgres] + [AzurePrivateStorage] + AKS --> Redis : "TLS:6379" + AKS --> Postgres : "TLS:5432" + AKS --> AzurePrivateStorage : "HTTPS/443" + [ALB] --> AKS : "HTTPS:443" + note as private_useast + 10.1.2.0/24 + end note + } + } +} + +frame "US West Backup Region" as backupregion { + component "Backup Postgres" as pgbackup + [Postgres] --> pgbackup : "Private Peering / TLS:5432" +} + +note right of [ALB] : Azure Load Balancer restricted to AKS only +@enduml diff --git a/terraform/providers/dev/diagram/uswest.txt b/terraform/providers/dev/diagram/uswest.txt new file mode 100644 index 00000000..1b2338f8 --- /dev/null +++ b/terraform/providers/dev/diagram/uswest.txt @@ -0,0 +1,40 @@ +@startuml USWEST Development Network + +title USWEST Development Network + +cloud Internet + +frame "USEAST Virtual Network" as vnet { + frame "Public Route Table" as public_rt{ + frame "Public Subnet" as public_subnet { + [ALB] + [Internet] --> ALB + note as public_useast + 10.2.1.0/24 + end note + } + } + frame "Private Route Table" as private_rt{ + frame "Private Subnet" as private_subnet { + [AKS] + [Redis] + [Postgres] + [AzurePrivateStorage] + AKS --> Redis : "TLS:6379" + AKS --> Postgres : "TLS:5432" + AKS --> AzurePrivateStorage : "HTTPS/443" + [ALB] --> AKS : "HTTPS:443" + note as private_useast + 10.2.2.0/24 + end note + } + } +} + +frame "USEAST Primary Region " as primary_region{ + component "Postgres" as pgbackup + [Postgres] --> pgbackup : "Private Peering / TLS:5432" +} + +note right of [ALB] : Azure Load Balancer restricted to AKS only +@enduml diff --git a/terraform/providers/dev/k8s.tf b/terraform/providers/dev/k8s.tf index b41df8a4..22120c93 100644 --- a/terraform/providers/dev/k8s.tf +++ b/terraform/providers/dev/k8s.tf @@ -9,3 +9,10 @@ module "k8s" { vnet_subnet_id = module.vpc.subnets #FIXME - output from module.vpc.subnets should be map } +module "lb" { + source = "../../modules/lb" + region = var.region + name = var.name + environment = var.environment + owner = var.owner +} diff --git a/terraform/providers/dev/redis.tf b/terraform/providers/dev/redis.tf new file mode 100644 index 00000000..bfe47a84 --- /dev/null +++ b/terraform/providers/dev/redis.tf @@ -0,0 +1,7 @@ +module "redis" { + source = "../../modules/redis" + owner = var.owner + environment = var.environment + region = var.region + name = var.name +} diff --git a/terraform/providers/dev/variables.tf b/terraform/providers/dev/variables.tf index 7a9eea21..3de51546 100644 --- a/terraform/providers/dev/variables.tf +++ b/terraform/providers/dev/variables.tf @@ -7,6 +7,11 @@ variable "region" { } +variable "backup_region" { + default = "westus2" +} + + variable "owner" { default = "dev" } @@ -31,6 +36,12 @@ variable "networks" { } } +variable "gateway_subnet" { + type = string + default = "10.1.20.0/24" +} + + variable "route_tables" { description = "Route tables and their default routes" type = map diff --git a/terraform/providers/dev/vpc.tf b/terraform/providers/dev/vpc.tf index 0b930a0d..b7fac8ae 100644 --- a/terraform/providers/dev/vpc.tf +++ b/terraform/providers/dev/vpc.tf @@ -4,6 +4,7 @@ module "vpc" { region = var.region virtual_network = var.virtual_network networks = var.networks + gateway_subnet = var.gateway_subnet route_tables = var.route_tables owner = var.owner name = var.name diff --git a/tests/domain/test_environments.py b/tests/domain/test_environments.py index 3aa5f547..298f2675 100644 --- a/tests/domain/test_environments.py +++ b/tests/domain/test_environments.py @@ -4,7 +4,7 @@ from uuid import uuid4 from atst.domain.environments import Environments from atst.domain.environment_roles import EnvironmentRoles -from atst.domain.exceptions import NotFoundError, DisabledError +from atst.domain.exceptions import AlreadyExistsError, DisabledError, NotFoundError from atst.models.environment_role import CSPRole, EnvironmentRole from tests.factories import ( @@ -100,6 +100,27 @@ def test_update_environment(): assert environment.name == "name 2" +def test_create_does_not_duplicate_names_within_application(): + application = ApplicationFactory.create() + name = "Your Environment" + user = application.portfolio.owner + + assert Environments.create(user, application, name) + with pytest.raises(AlreadyExistsError): + Environments.create(user, application, name) + + +def test_update_does_not_duplicate_names_within_application(): + application = ApplicationFactory.create() + name = "Your Environment" + environment = EnvironmentFactory.create(application=application, name=name) + dupe_env = EnvironmentFactory.create(application=application) + user = application.portfolio.owner + + with pytest.raises(AlreadyExistsError): + Environments.update(dupe_env, name) + + class EnvQueryTest: @property def NOW(self): diff --git a/tests/routes/applications/test_settings.py b/tests/routes/applications/test_settings.py index 08c979ad..e2c8169f 100644 --- a/tests/routes/applications/test_settings.py +++ b/tests/routes/applications/test_settings.py @@ -52,8 +52,6 @@ def test_updating_application_environments_success(client, user_session): _external=True, fragment="application-environments", _anchor="application-environments", - active_toggler=environment.id, - active_toggler_section="edit", ) assert environment.name == "new name a" @@ -78,6 +76,24 @@ def test_update_environment_failure(client, user_session): assert environment.name == "original name" +def test_enforces_unique_env_name(client, user_session, session): + application = ApplicationFactory.create() + user = application.portfolio.owner + name = "New Environment" + environment = EnvironmentFactory.create(application=application, name=name) + form_data = {"name": name} + user_session(user) + + session.begin_nested() + response = client.post( + url_for("applications.new_environment", application_id=application.id), + data=form_data, + ) + session.rollback() + + assert response.status_code == 400 + + def test_application_settings(client, user_session): portfolio = PortfolioFactory.create() application = Applications.create( @@ -258,6 +274,23 @@ def test_user_without_permission_cannot_update_application(client, user_session) assert application.description == "Cool stuff happening here!" +def test_update_application_enforces_unique_name(client, user_session, session): + portfolio = PortfolioFactory.create() + name = "Test Application" + application = ApplicationFactory.create(portfolio=portfolio, name=name) + dupe_application = ApplicationFactory.create(portfolio=portfolio) + user_session(portfolio.owner) + + session.begin_nested() + response = client.post( + url_for("applications.update", application_id=dupe_application.id), + data={"name": name, "description": dupe_application.description}, + ) + session.rollback() + + assert response.status_code == 400 + + def test_user_can_only_access_apps_in_their_portfolio(client, user_session): portfolio = PortfolioFactory.create() other_portfolio = PortfolioFactory.create( @@ -288,41 +321,6 @@ def test_user_can_only_access_apps_in_their_portfolio(client, user_session): assert time_updated == other_application.time_updated -def test_delete_application(client, user_session): - user = UserFactory.create() - port = PortfolioFactory.create( - owner=user, - applications=[ - { - "name": "mos eisley", - "environments": [ - {"name": "bar"}, - {"name": "booth"}, - {"name": "band stage"}, - ], - } - ], - ) - application = port.applications[0] - user_session(user) - - response = client.post( - url_for("applications.delete", application_id=application.id) - ) - # appropriate response and redirect - assert response.status_code == 302 - assert response.location == url_for( - "applications.portfolio_applications", portfolio_id=port.id, _external=True - ) - # appropriate flash message - message = get_flashed_messages()[0] - assert "deleted" in message["message"] - assert application.name in message["message"] - # app and envs are soft deleted - assert len(port.applications) == 0 - assert len(application.environments) == 0 - - def test_new_environment(client, user_session): user = UserFactory.create() portfolio = PortfolioFactory(owner=user) diff --git a/tests/routes/portfolios/test_index.py b/tests/routes/portfolios/test_index.py index 745430f0..489f73b2 100644 --- a/tests/routes/portfolios/test_index.py +++ b/tests/routes/portfolios/test_index.py @@ -84,35 +84,3 @@ def test_portfolio_reports_with_mock_portfolio(client, user_session): response = client.get(url_for("portfolios.reports", portfolio_id=portfolio.id)) assert response.status_code == 200 assert portfolio.name in response.data.decode() - - -def test_delete_portfolio_success(client, user_session): - portfolio = PortfolioFactory.create() - owner = portfolio.owner - user_session(owner) - - assert len(Portfolios.for_user(user=owner)) == 1 - - response = client.post( - url_for("portfolios.delete_portfolio", portfolio_id=portfolio.id) - ) - - assert response.status_code == 302 - assert url_for("atst.home") in response.location - assert len(Portfolios.for_user(user=owner)) == 0 - - -def test_delete_portfolio_failure(no_debug_client, user_session): - portfolio = PortfolioFactory.create() - application = ApplicationFactory.create(portfolio=portfolio) - owner = portfolio.owner - user_session(owner) - - assert len(Portfolios.for_user(user=owner)) == 1 - - response = no_debug_client.post( - url_for("portfolios.delete_portfolio", portfolio_id=portfolio.id) - ) - - assert response.status_code == 500 - assert len(Portfolios.for_user(user=owner)) == 1 diff --git a/tests/test_access.py b/tests/test_access.py index ad4bd5be..4cc6a6a2 100644 --- a/tests/test_access.py +++ b/tests/test_access.py @@ -343,40 +343,6 @@ def test_portfolios_invite_member_access(post_url_assert_status): post_url_assert_status(rando, url, 404) -# applications.delete -def test_applications_delete_access(post_url_assert_status, monkeypatch): - ccpo = UserFactory.create_ccpo() - owner = user_with() - app_admin = user_with() - rando = user_with() - - portfolio = PortfolioFactory.create( - owner=owner, applications=[{"name": "mos eisley"}] - ) - application = portfolio.applications[0] - - ApplicationRoleFactory.create( - user=app_admin, - application=application, - permission_sets=PermissionSets.get_many( - [ - PermissionSets.VIEW_APPLICATION, - PermissionSets.EDIT_APPLICATION_ENVIRONMENTS, - PermissionSets.EDIT_APPLICATION_TEAM, - PermissionSets.DELETE_APPLICATION_ENVIRONMENTS, - ] - ), - ) - - monkeypatch.setattr("atst.domain.applications.Applications.delete", lambda *a: True) - - url = url_for("applications.delete", application_id=application.id) - post_url_assert_status(app_admin, url, 404) - post_url_assert_status(rando, url, 404) - post_url_assert_status(owner, url, 302) - post_url_assert_status(ccpo, url, 302) - - # applications.settings def test_application_settings_access(get_url_assert_status): ccpo = user_with(PermissionSets.VIEW_PORTFOLIO_APPLICATION_MANAGEMENT) @@ -538,10 +504,16 @@ def test_applications_update_access(post_url_assert_status): ) app = portfolio.applications[0] + def _form_data(): + return { + "name": "Test Application %s" % (random.randrange(1, 1000)), + "description": "This is only a test", + } + url = url_for("applications.update", application_id=app.id) - post_url_assert_status(dev, url, 200) - post_url_assert_status(ccpo, url, 200) - post_url_assert_status(rando, url, 404) + post_url_assert_status(dev, url, 302, data=_form_data()) + post_url_assert_status(ccpo, url, 302, data=_form_data()) + post_url_assert_status(rando, url, 404, data=_form_data()) # applications.update_environments @@ -699,34 +671,3 @@ def test_task_orders_new_post_routes(post_url_assert_status): post_url_assert_status(owner, url, 302, data=data) post_url_assert_status(ccpo, url, 302, data=data) post_url_assert_status(rando, url, 404, data=data) - - -def test_portfolio_delete_access(post_url_assert_status): - rando = UserFactory.create() - owner = UserFactory.create() - ccpo = UserFactory.create_ccpo() - - post_url_assert_status( - ccpo, - url_for( - "portfolios.delete_portfolio", portfolio_id=PortfolioFactory.create().id - ), - 302, - ) - - post_url_assert_status( - owner, - url_for( - "portfolios.delete_portfolio", - portfolio_id=PortfolioFactory.create(owner=owner).id, - ), - 302, - ) - - post_url_assert_status( - rando, - url_for( - "portfolios.delete_portfolio", portfolio_id=PortfolioFactory.create().id - ), - 404, - ) diff --git a/translations.yaml b/translations.yaml index 6a678f48..b7c0ffae 100644 --- a/translations.yaml +++ b/translations.yaml @@ -22,13 +22,13 @@ home: add_portfolio_button_text: Add New Portfolio new_portfolio: New Portfolio get_started: Get Started - head: About Cloud Services + head: JEDI Cloud Services your_project: Your Project your_project_descrip: Your portfolio is where all task orders pertaining to a specific project or set of related projects live. In JEDI, every task order in your portfolio has four components. - funding_descrip: is information about all approved task orders associated to your portfolio. - applications_descrip: ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod - reports_descrip: enim ad minim veniam, quis nostrud exercitation ullamco - admin_descrip: aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat + funding_descrip: The Task Orders section allows you to enter, manage, and edit awarded TOs associated to a specific Portfolio. + applications_descrip: The Applications section allows you to easily create and define new Applications within a Portfolio, as well as manage user permissions and Environments. + reports_descrip: The Reports section allows you to view and monitor funding usage within a specific Portfolio. + admin_descrip: Within the Settings section, you can manage your Portfolio name and description, as well as add, edit, and delete Portfolio managers. ccpo: users_title: CCPO Users add_user: Add new CCPO user @@ -116,6 +116,8 @@ flash: deleted: 'You have successfully deleted the {application_name} application. To view the retained activity log, visit the portfolio administration page.' name_error: message: 'The application name {name} has already been used in this portfolio. Please enter a unique name.' + env_name_error: + message: 'The environment name {name} has already been used in this application. Please enter a unique name.' delete_member_success: 'You have successfully deleted {member_name} from the portfolio.' deleted_member: Portfolio member deleted environment_added: 'The environment "{env_name}" has been added to the application.' @@ -199,7 +201,7 @@ forms:

    - defense_component: + defense_component: label: "Select DoD component(s) funding your Portfolio:" choices: air_force: Air Force @@ -211,7 +213,7 @@ forms: help_text: |

    Select the DOD component(s) that will fund all Applications within this Portfolio. - In JEDI, multiple DoD organizations can fund the same Portfolio.
    + In JEDI, multiple DoD organizations can fund the same Portfolio.
    Select all that apply.

    attachment: @@ -523,10 +525,11 @@ task_orders: next_button: 'Next: Review Task Order' step_5: title: Confirm Signature - description: Finally, plase confirm that your uploaded document representing the information you've entered contains the required signature from your Contracting Officer. You will be informed as soon as CCPO completes their review. + description: Prior to submitting the Task Order, you must acknowledge, by marking the appropriate box below, that the uploaded Task Order is signed by an appropriate, duly warranted Contracting Officer who has the authority to execute the uploaded Task Order on your Agency’s behalf and has authorized you to upload the Task Order in accordance with Agency policy and procedures. You must further acknowledge, by marking the appropriate box below, that all information entered herein matches that of the submitted Task Order. alert_message: All task orders require a Contracting Officer signature. next_button: 'Confirm & Submit' - sticky_header_text: 'Add Task Order (step {step} of 5)' + sticky_header_text: 'Add Task Order' + sticky_header_context: 'Step {step} of 5' empty_state: header: Add approved task orders message: Upload your approved Task Order here. You are required to confirm you have the appropriate signature. You will have the ability to add additional approved Task Orders with more funding to this Portfolio in the future. @@ -539,7 +542,11 @@ task_orders: subtitle: Who will be involved in the work funded by this task order? team_title: Your team sign: - digital_signature_description: I acknowledge that the uploaded task order contains the required KO signature. + digital_signature_description: I confirm the uploaded Task Order is signed by the appropriate, duly warranted Agency Contracting Officer who authorized me to upload the Task Order. + confirmation_description: I confirm that the information entered here in matches that of the submitted Task Order. + acknowledge: + title: Acknowledge Statement + text: I acknowledge, by executing the confirmation above and submitting this verification, that I am subject to potential penalties that may include fines, imprisonment, or both, under the U.S. law and regulations for any false statement or misrepresentation in association with this Task Order submission or on any accompanying documentation. status_empty_state: 'This Portfolio has no {status} Task Orders.' status_list_title: '{status} Task Orders' JEDICLINType: diff --git a/uitests/README.md b/uitests/README.md index aa1dfd93..c05b92b2 100644 --- a/uitests/README.md +++ b/uitests/README.md @@ -58,6 +58,5 @@ NGROK_TOKEN= GI_API_KEY= GI_SUITE= CONTAINER_IMAGE=atat:b - If you get errors regarding ports being in use, make sure you don't have instances of the Flask app, Postgres, or Redis running locally using those ports. - If the curl command used to wait for the application container times out and fails, you can increase the timeout by setting a CONTAINER_TIMEOUT environment variable. It defaults to 200 in the script. -- The curl command will print errors until it successfully connects to the application container. These are normal and expected. When it finally connects, it will print the ATAT home page HTML to STDOUT. - You may see errors like "No such container". The script attempts to clean up any previous incarnations of the containers before it starts, and it may print errors when it doesn't find them. This is fine. - The script is, for the most part, a series of docker commands, so try running the commands individually and debugging that way.