From ca1d26cc672434d7c6ddff3917737fd8e72548a5 Mon Sep 17 00:00:00 2001
From: dandds <dan-ctr@friends.dds.mil>
Date: Thu, 30 Jan 2020 16:28:02 -0500
Subject: [PATCH 1/8] Give the cluster perms to create load balancers.

In order for the cluster app registration to create new load balancers,
it needs to have the Network Contributor role for the virtual network.
In the future, we should create a custom policy scoped to exactly the
permissions the cluster needs, per:

https://docs.microsoft.com/en-us/azure/aks/configure-azure-cni#prerequisites
---
 terraform/modules/k8s/main.tf      | 6 ++++++
 terraform/modules/k8s/variables.tf | 7 ++++++-
 terraform/modules/vpc/outputs.tf   | 6 +++++-
 terraform/providers/dev/k8s.tf     | 1 +
 4 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/terraform/modules/k8s/main.tf b/terraform/modules/k8s/main.tf
index 8ecbb4cd..1d46fc4c 100644
--- a/terraform/modules/k8s/main.tf
+++ b/terraform/modules/k8s/main.tf
@@ -81,3 +81,9 @@ resource "azurerm_monitor_diagnostic_setting" "k8s_diagnostic-1" {
     }
   }
 }
+
+resource "azurerm_role_assignment" "k8s_network_contrib" {
+  scope                = var.vnet_id
+  role_definition_name = "Network Contributor"
+  principal_id         = azurerm_kubernetes_cluster.k8s.identity[0].principal_id
+}
diff --git a/terraform/modules/k8s/variables.tf b/terraform/modules/k8s/variables.tf
index 79bac3de..1445bdae 100644
--- a/terraform/modules/k8s/variables.tf
+++ b/terraform/modules/k8s/variables.tf
@@ -66,4 +66,9 @@ variable "client_secret" {
 variable "workspace_id" {
   description = "Log Analytics workspace for this resource to log to"
   type        = string
-}
\ No newline at end of file
+}
+
+variable "vnet_id" {
+  description = "The ID of the VNET that the AKS cluster app registration needs to provision load balancers in"
+  type        = string
+}
diff --git a/terraform/modules/vpc/outputs.tf b/terraform/modules/vpc/outputs.tf
index baa32935..b1f0fe38 100644
--- a/terraform/modules/vpc/outputs.tf
+++ b/terraform/modules/vpc/outputs.tf
@@ -6,4 +6,8 @@ output "subnet_list" {
   value = {
     for k, id in azurerm_subnet.subnet : k => id
   }
-}
\ No newline at end of file
+}
+
+output "id" {
+  value = azurerm_virtual_network.vpc.id
+}
diff --git a/terraform/providers/dev/k8s.tf b/terraform/providers/dev/k8s.tf
index fe3dac18..33cbabe4 100644
--- a/terraform/providers/dev/k8s.tf
+++ b/terraform/providers/dev/k8s.tf
@@ -23,6 +23,7 @@ module "k8s" {
   client_id           = data.azurerm_key_vault_secret.k8s_client_id.value
   client_secret       = data.azurerm_key_vault_secret.k8s_client_secret.value
   workspace_id        = module.logs.workspace_id
+  vnet_id             = module.vpc.id
 }
 
 #module "main_lb" {

From 10f8bf9503df15610a6770d53276d1f2898c7d1e Mon Sep 17 00:00:00 2001
From: dandds <dan-ctr@friends.dds.mil>
Date: Fri, 31 Jan 2020 06:18:54 -0500
Subject: [PATCH 2/8] Fix bug in setting Secure on session cookie.

This fixes a bug I introduced with commit

6edc7b138b0745d0b3f9d99da76c445fe954c5a7

The value for SESSION_COOKIE_SECURE was being read in as a truthy string
every time. In order for it to be interpreted correctly, we need to map
it to a boolean.
---
 atst/app.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/atst/app.py b/atst/app.py
index 29476ed8..05578827 100644
--- a/atst/app.py
+++ b/atst/app.py
@@ -193,6 +193,7 @@ def map_config(config):
         "CONTRACT_END_DATE": datetime.strptime(
             config.get("default", "CONTRACT_END_DATE"), "%Y-%m-%d"
         ).date(),
+        "SESSION_COOKIE_SECURE": config.getboolean("default", "SESSION_COOKIE_SECURE"),
     }
 
 

From 8d30fd4cfb8753146863c0278d393d23ffc0daf1 Mon Sep 17 00:00:00 2001
From: leigh-mil <leigh-ctr@friends.dds.mil>
Date: Fri, 31 Jan 2020 11:52:15 -0500
Subject: [PATCH 3/8] Remove extra </div>

---
 templates/portfolios/admin.html | 1 -
 1 file changed, 1 deletion(-)

diff --git a/templates/portfolios/admin.html b/templates/portfolios/admin.html
index 9eed77d1..eb2f8228 100644
--- a/templates/portfolios/admin.html
+++ b/templates/portfolios/admin.html
@@ -54,7 +54,6 @@
             {% endif %}
           </div>
         </div>
-      </div>
     </section>
 
     <hr>

From 881bf3220cb5b0750705b42b0b26c21c62d48963 Mon Sep 17 00:00:00 2001
From: leigh-mil <leigh-ctr@friends.dds.mil>
Date: Fri, 31 Jan 2020 11:57:15 -0500
Subject: [PATCH 4/8] fix formatting

---
 templates/portfolios/admin.html | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/templates/portfolios/admin.html b/templates/portfolios/admin.html
index eb2f8228..40721c0d 100644
--- a/templates/portfolios/admin.html
+++ b/templates/portfolios/admin.html
@@ -40,20 +40,20 @@
         </div>
       {% endif %}
 
-        <div class='defense-row'>
-          <div>
-            <div class='admin-title'>{{ "portfolios.admin.defense_component_label" | translate }}</div>
-            {% if portfolio.defense_component %}
-              <div class='admin-content'>
-                {% for component in portfolio.defense_component %}
-                  {{ "forms.portfolio.defense_component.choices.%s" | format(component) | translate }}<br>
-                {% endfor %}
-              </div>
-            {% else %}
-              <div class='admin-content'>{{ "fragments.portfolio_admin.none" | translate }}</div>
-            {% endif %}
-          </div>
+      <div class='defense-row'>
+        <div>
+          <div class='admin-title'>{{ "portfolios.admin.defense_component_label" | translate }}</div>
+          {% if portfolio.defense_component %}
+            <div class='admin-content'>
+              {% for component in portfolio.defense_component %}
+                {{ "forms.portfolio.defense_component.choices.%s" | format(component) | translate }}<br>
+              {% endfor %}
+            </div>
+          {% else %}
+            <div class='admin-content'>{{ "fragments.portfolio_admin.none" | translate }}</div>
+          {% endif %}
         </div>
+      </div>
     </section>
 
     <hr>

From dff9924c95685804955660767b4e194c87619ac2 Mon Sep 17 00:00:00 2001
From: leigh-mil <leigh-ctr@friends.dds.mil>
Date: Mon, 27 Jan 2020 15:46:33 -0500
Subject: [PATCH 5/8] Make file size limit configurable

---
 .secrets.baseline                      |  4 ++--
 atst/forms/task_order.py               | 11 +++++++++--
 atst/routes/task_orders/new.py         |  1 +
 config/base.ini                        |  1 +
 js/components/upload_input.js          |  6 +++++-
 templates/components/upload_input.html |  5 +++--
 templates/task_orders/step_1.html      |  2 +-
 tests/render_vue_component.py          | 10 +++++++---
 translations.yaml                      |  4 ++--
 9 files changed, 31 insertions(+), 13 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index e343eb4f..a233e4cf 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "^.secrets.baseline$|^.*pgsslrootcert.yml$",
     "lines": null
   },
-  "generated_at": "2020-01-29T16:40:16Z",
+  "generated_at": "2020-01-27T19:24:43Z",
   "plugins_used": [
     {
       "base64_limit": 4.5,
@@ -82,7 +82,7 @@
         "hashed_secret": "afc848c316af1a89d49826c5ae9d00ed769415f3",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 31,
+        "line_number": 32,
         "type": "Secret Keyword"
       }
     ],
diff --git a/atst/forms/task_order.py b/atst/forms/task_order.py
index 8d40c015..2a5c1731 100644
--- a/atst/forms/task_order.py
+++ b/atst/forms/task_order.py
@@ -26,6 +26,7 @@ from atst.utils.localization import translate
 from flask import current_app as app
 
 MAX_CLIN_AMOUNT = 1_000_000_000
+FILE_SIZE_LIMIT = 64
 
 
 def coerce_enum(enum_inst):
@@ -164,8 +165,14 @@ class TaskOrderForm(BaseForm):
     )
     pdf = FormField(
         AttachmentForm,
-        label=translate("task_orders.form.supporting_docs_size_limit"),
-        description=translate("task_orders.form.supporting_docs_size_limit"),
+        label=translate(
+            "task_orders.form.supporting_docs_size_limit",
+            {"file_size_limit": FILE_SIZE_LIMIT},
+        ),
+        description=translate(
+            "task_orders.form.supporting_docs_size_limit",
+            {"file_size_limit": FILE_SIZE_LIMIT},
+        ),
     )
     clins = FieldList(FormField(CLINForm))
 
diff --git a/atst/routes/task_orders/new.py b/atst/routes/task_orders/new.py
index eaf6f2b2..eab7812f 100644
--- a/atst/routes/task_orders/new.py
+++ b/atst/routes/task_orders/new.py
@@ -24,6 +24,7 @@ def render_task_orders_edit(
 
     render_args["contract_start"] = app.config.get("CONTRACT_START_DATE")
     render_args["contract_end"] = app.config.get("CONTRACT_END_DATE")
+    render_args["file_size_limit"] = int(app.config.get("FILE_SIZE_LIMIT"))
 
     if task_order_id:
         task_order = TaskOrders.get(task_order_id)
diff --git a/config/base.ini b/config/base.ini
index 3504e3cd..3294c7af 100644
--- a/config/base.ini
+++ b/config/base.ini
@@ -18,6 +18,7 @@ DEBUG = true
 DEBUG_MAILER = false
 DISABLE_CRL_CHECK = false
 ENVIRONMENT = dev
+FILE_SIZE_LIMIT = 64000000
 LIMIT_CONCURRENT_SESSIONS = false
 LOG_JSON = false
 MAIL_PASSWORD
diff --git a/js/components/upload_input.js b/js/components/upload_input.js
index d7c90bf5..ae155c48 100644
--- a/js/components/upload_input.js
+++ b/js/components/upload_input.js
@@ -20,6 +20,9 @@ export default {
     portfolioId: {
       type: String,
     },
+    sizeLimit: {
+      type: String,
+    },
   },
 
   data: function() {
@@ -31,6 +34,7 @@ export default {
       sizeError: false,
       filenameError: false,
       downloadLink: '',
+      fileSizeLimit: parseInt(this.sizeLimit),
     }
   },
 
@@ -48,7 +52,7 @@ export default {
       this.clearErrors()
 
       const file = e.target.files[0]
-      if (file.size > 64000000) {
+      if (file.size > this.fileSizeLimit) {
         this.sizeError = true
         return
       }
diff --git a/templates/components/upload_input.html b/templates/components/upload_input.html
index c86b6ab6..882fcaef 100644
--- a/templates/components/upload_input.html
+++ b/templates/components/upload_input.html
@@ -1,6 +1,6 @@
 {% from "components/icon.html" import Icon %}
 
-{% macro UploadInput(field, portfolio_id, show_label=False) -%}
+{% macro UploadInput(field, portfolio_id, file_size_limit, show_label=False) -%}
 <uploadinput
   inline-template
   {% if not field.errors %}
@@ -11,6 +11,7 @@
   {% endif %}
   v-bind:portfolio-id="'{{ portfolio_id }}'"
   name='{{ field.name }}'
+  v-bind:size-limit='{{ file_size_limit }}'
   >
   <div>
     <div v-show="valid" class="uploaded-file">
@@ -47,7 +48,7 @@
         <span class="usa-input__message">{{ "forms.task_order.upload_error" | translate }}</span>
       </template>
       <template v-if="sizeError">
-        <span class="usa-input__message">{{ "forms.task_order.size_error" | translate }}</span>
+        <span class="usa-input__message">{{ "forms.task_order.size_error" | translate({"file_size_limit": (file_size_limit//1000000)}) }}</span>
       </template>
       <template v-if="filenameError">
         <span class="usa-input__message">{{ "forms.task_order.filename_error" | translate }}</span>
diff --git a/templates/task_orders/step_1.html b/templates/task_orders/step_1.html
index 1e2911e5..9ae53c5c 100644
--- a/templates/task_orders/step_1.html
+++ b/templates/task_orders/step_1.html
@@ -19,5 +19,5 @@
     title='task_orders.form.step_1.title' | translate,
     description='task_orders.form.step_1.description' | translate,
   ) }}
-  {{ UploadInput(form.pdf, portfolio.id) }}
+  {{ UploadInput(form.pdf, portfolio.id, file_size_limit) }}
 {% endblock %}
diff --git a/tests/render_vue_component.py b/tests/render_vue_component.py
index 49fb6ee9..d0a7edea 100644
--- a/tests/render_vue_component.py
+++ b/tests/render_vue_component.py
@@ -1,7 +1,7 @@
 import pytest
 
 from bs4 import BeautifulSoup
-from flask import Markup
+from flask import Markup, current_app as app
 from wtforms import Form, FormField
 from wtforms.fields import StringField
 from wtforms.validators import InputRequired
@@ -111,13 +111,17 @@ def test_make_multi_checkbox_input_template(
 
 
 def test_make_upload_input_template(upload_input_macro, task_order_form):
-    rendered_upload_macro = upload_input_macro(task_order_form.pdf)
+    rendered_upload_macro = upload_input_macro(
+        task_order_form.pdf, file_size_limit=int(app.config.get("FILE_SIZE_LIMIT")),
+    )
     write_template(rendered_upload_macro, "upload_input_template.html")
 
 
 def test_make_upload_input_error_template(upload_input_macro, task_order_form):
     task_order_form.validate()
-    rendered_upload_macro = upload_input_macro(task_order_form.pdf)
+    rendered_upload_macro = upload_input_macro(
+        task_order_form.pdf, file_size_limit=int(app.config.get("FILE_SIZE_LIMIT")),
+    )
     write_template(rendered_upload_macro, "upload_input_error_template.html")
 
 
diff --git a/translations.yaml b/translations.yaml
index df583059..4fdb3b3c 100644
--- a/translations.yaml
+++ b/translations.yaml
@@ -308,7 +308,7 @@ forms:
       length_error: Filename may be no longer than 100 characters.
   task_order:
     upload_error: There was an error uploading your file. Please try again. If you encounter repeated problems uploading this file, please contact CCPO.
-    size_error: The file you have selected is too large. Please choose a file no larger than 64MB.
+    size_error: "The file you have selected is too large. Please choose a file no larger than {file_size_limit}MB."
     filename_error: File names can only contain the characters A-Z, 0-9, space, hyphen, underscore, and period.
     number_description: 13-Digit Task Order Number
     pop_errors:
@@ -552,7 +552,7 @@ task_orders:
     pop_end_alert: "A CLIN's period of performance must end before {end_date}."
     pop_example: "For example: 07 04 1776"
     pop_start: Start Date
-    supporting_docs_size_limit: Your file may not exceed 64MB
+    supporting_docs_size_limit: "Your file may not exceed {file_size_limit}MB"
     step_1:
       title: Upload your approved Task Order (TO)
       description: Upload your approved Task Order here. You are required to confirm you have the appropriate signature. You will have the ability to add additional approved Task Orders with more funding to this Portfolio in the future.

From 0c408bccfd5c388b9f0b6131d8b7e0913e725453 Mon Sep 17 00:00:00 2001
From: leigh-mil <leigh-ctr@friends.dds.mil>
Date: Mon, 27 Jan 2020 15:47:36 -0500
Subject: [PATCH 6/8] Update PDF file size limit to be less than the GMail SMTP
 size limit

---
 atst/forms/task_order.py | 2 +-
 config/base.ini          | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/atst/forms/task_order.py b/atst/forms/task_order.py
index 2a5c1731..ecc9fe97 100644
--- a/atst/forms/task_order.py
+++ b/atst/forms/task_order.py
@@ -26,7 +26,7 @@ from atst.utils.localization import translate
 from flask import current_app as app
 
 MAX_CLIN_AMOUNT = 1_000_000_000
-FILE_SIZE_LIMIT = 64
+FILE_SIZE_LIMIT = 25
 
 
 def coerce_enum(enum_inst):
diff --git a/config/base.ini b/config/base.ini
index 3294c7af..71081e83 100644
--- a/config/base.ini
+++ b/config/base.ini
@@ -18,7 +18,7 @@ DEBUG = true
 DEBUG_MAILER = false
 DISABLE_CRL_CHECK = false
 ENVIRONMENT = dev
-FILE_SIZE_LIMIT = 64000000
+FILE_SIZE_LIMIT = 24000000
 LIMIT_CONCURRENT_SESSIONS = false
 LOG_JSON = false
 MAIL_PASSWORD

From 745ce713b04fa7d876a10407cf647bf9196599fd Mon Sep 17 00:00:00 2001
From: leigh-mil <leigh-ctr@friends.dds.mil>
Date: Mon, 27 Jan 2020 16:29:25 -0500
Subject: [PATCH 7/8] Hard code TO upload description into the UploadInput
 Macro

This is a temporary fix to avoid spending too much time trying to use app.config variables in a Form class field descriptions and labels. This is tech debt and should be fixed in the future.
---
 atst/forms/task_order.py               | 13 +------------
 templates/components/upload_input.html |  6 +++++-
 2 files changed, 6 insertions(+), 13 deletions(-)

diff --git a/atst/forms/task_order.py b/atst/forms/task_order.py
index ecc9fe97..1bd12f5a 100644
--- a/atst/forms/task_order.py
+++ b/atst/forms/task_order.py
@@ -26,7 +26,6 @@ from atst.utils.localization import translate
 from flask import current_app as app
 
 MAX_CLIN_AMOUNT = 1_000_000_000
-FILE_SIZE_LIMIT = 25
 
 
 def coerce_enum(enum_inst):
@@ -163,17 +162,7 @@ class TaskOrderForm(BaseForm):
         filters=[remove_empty_string, remove_dashes, coerce_upper],
         validators=[AlphaNumeric(), Length(min=13, max=17), Optional()],
     )
-    pdf = FormField(
-        AttachmentForm,
-        label=translate(
-            "task_orders.form.supporting_docs_size_limit",
-            {"file_size_limit": FILE_SIZE_LIMIT},
-        ),
-        description=translate(
-            "task_orders.form.supporting_docs_size_limit",
-            {"file_size_limit": FILE_SIZE_LIMIT},
-        ),
-    )
+    pdf = FormField(AttachmentForm)
     clins = FieldList(FormField(CLINForm))
 
 
diff --git a/templates/components/upload_input.html b/templates/components/upload_input.html
index 882fcaef..4f4f307f 100644
--- a/templates/components/upload_input.html
+++ b/templates/components/upload_input.html
@@ -24,7 +24,11 @@
         {{ field.label }}
       {% endif %}
       <p>
-        {{ field.description }}
+        <!-- TODO: fix this to use field.description -->
+        <!-- This was temporarily hard coded because we were unable to use
+        app.config['FILE_SIZE_LIMIT'] in TaskOrderForm field descriptions and labels -->
+        {% set size_limit = file_size_limit // 1000000 %}
+        {{ "task_orders.form.supporting_docs_size_limit" | translate({ "file_size_limit": size_limit }) }}
       </p>
       <div v-if="!hideInput" class="upload-widget">
         <label class="upload-label" :for="name">

From b5e7ea3fa65d7c024f31b63f16b621db5aaed26b Mon Sep 17 00:00:00 2001
From: leigh-mil <leigh-ctr@friends.dds.mil>
Date: Fri, 31 Jan 2020 14:03:30 -0500
Subject: [PATCH 8/8] Fix column type on portfolios defense_component

---
 atst/models/portfolio.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/atst/models/portfolio.py b/atst/models/portfolio.py
index f60ed8de..5a8f0f1e 100644
--- a/atst/models/portfolio.py
+++ b/atst/models/portfolio.py
@@ -22,7 +22,7 @@ class Portfolio(
     id = types.Id()
     name = Column(String, nullable=False)
     defense_component = Column(
-        String, nullable=False
+        ARRAY(String), nullable=False
     )  # Department of Defense Component
 
     app_migration = Column(String)  # App Migration