pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,859 Commits 1 Branch 0 Tags
Commit Graph

6859 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Philip Kalinsky
00b10c484f alembic migration to extend the state machine states enum 2020-01-22 16:04:51 -05:00
tomdds
e5332897f1 Fix formatting 2020-01-22 14:52:06 -05:00
tomdds
1b1a20cf52 Restore implementations for policies and management group creation 
These were accidentally stripped out during a rebase.
 2020-01-22 14:39:30 -05:00
tomdds
f5e4b603cb Bring naming conventions for methods and classes related to CSP provisioning in line with state machine 2020-01-22 13:39:41 -05:00
tomdds
d646c3c00f Updates from Production Scripts 
Made a bunch of tweaks when using these tests to run production scripts for initial setup, this brings over a bunch of those changes
 2020-01-22 13:39:41 -05:00
Philip Kalinsky
becc3630c2 azure integration. methods to authenticate and set/get value in keyvault 2020-01-22 13:39:41 -05:00
Philip Kalinsky
67842748b8 call next on the results of filter function to get the first value 2020-01-22 13:39:41 -05:00
Philip Kalinsky
dfaea2d937 trigger_next_transition method will call the create trigger of the next stage for machines in CREATED state 2020-01-22 13:39:41 -05:00
Philip Kalinsky
743a91d658 trigger_next_transition method will call the create trigger of the next stage for machines in CREATED state 2020-01-22 13:39:41 -05:00
tomdds
b1adaf771d state machine integration wip 2020-01-22 13:39:35 -05:00
Philip Kalinsky
187ee0033e state machine unit tests 2020-01-16 10:32:30 -05:00
tomdds
81f23ebc22 Finish first passes at baseline tenant integration 
Add last of the integrations for setting up billing and reporting a CLIN.
 2020-01-14 17:17:34 -05:00
tomdds
161462f3cb Sample create and validate billing profile integration 
Adds 2 methods to the azure csp interface to create and subsequently validate creation of the billing profile.
 2020-01-14 17:16:54 -05:00
tomdds
7c22922d6d Create new AliasModel for CSP datalcasses, ignore credentials when converting to dictionary.This will allow all of our dataclasses to convert automatically between python style snake_case and the camelCase that the Azure APIs use. This also allows us to default to that behavior while specifying aliases for any fields as necessary.Additionally, any dataclass including the creds schema will have those creds removed from their dict representation. This can help keep creds out of logs as well as making the dataclasses more consumable for API usage. 2020-01-14 17:16:54 -05:00
tomdds
2ac333e0b7 Sample create tenant itegration 
This integration works with the happy path, we'll need to expand some fields and handle error states more coherently.
 2020-01-14 17:16:54 -05:00
Philip Kalinsky
ba47053a1c provision portfolio state machine 2020-01-14 17:16:54 -05:00
tomdds
7835438176
Merge pull request #1316 from dod-ccpo/portfolio-provision-state-machine 
Provision Portfolio State Machine
 2020-01-14 17:14:12 -05:00
tomdds
4bfde23c16 Fix alembic migration branching 2020-01-14 16:53:15 -05:00
tomdds
dfee80680d Skip legacy azure csp tests 2020-01-14 16:36:16 -05:00
tomdds
7b2c77298d Fix app name collision errors in portfolio tests 2020-01-14 16:36:16 -05:00
tomdds
d81d953c31 Fix formatting and some typos 2020-01-14 16:36:16 -05:00
tomdds
34546ecd94 Add transitions to Pipfile 2020-01-14 16:36:16 -05:00
Philip Kalinsky
69bd2f43a5 provision portfolio state machine 2020-01-14 16:36:16 -05:00
graham-dds
ad82706bd4
Merge pull request #1314 from dod-ccpo/bugfix/use-v-text-where-possible 
Use v-text instead of v-html to mitigate XSS attacks
 2020-01-14 16:34:31 -05:00
graham-dds
ffd3dd2d9d use v-text instead of v-html 
v-html interprets the string passed to it as raw html, without escaping.
We should use v-text wherever possible.
 2020-01-14 16:19:27 -05:00
dandds
d55a81ebdd
Merge pull request #1300 from dod-ccpo/update-env-role-list 
Update environment roles list
 2020-01-14 16:01:49 -05:00
leigh-mil
11b3120bfd Update filter functions to display properly when users env access has been revoked 2020-01-14 15:43:46 -05:00
leigh-mil
17864cc060 Add migration to change environment_roles role column from string to 
enum type.
Fix tests and functions affected by the column type change.
 2020-01-14 13:12:29 -05:00
dandds
bffd981105
Merge pull request #1306 from dod-ccpo/update-sqlalchemy-version 
Update version of sqlalchemy
 2020-01-14 11:28:35 -05:00
leigh-mil
ab5485e103 Update version of sqlalchemy 2020-01-14 06:27:28 -05:00
graham-dds
b1345c0eb0
Merge pull request #1310 from dod-ccpo/small-ui-fixes 
Small ui fixes
 2020-01-13 17:20:57 -05:00
graham-dds
45c4fc1d5f Match empty state for app members with designs 2020-01-13 16:32:31 -05:00
graham-dds
fdeffd3183 Bump margin so that add clin button isn't hidden 2020-01-13 16:32:31 -05:00
raydds
9cb7422468
Merge pull request #1309 from dod-ccpo/kubernetes-resource-limits 
First pass at setting CPU and memory limits in Kubernetes
 2020-01-13 14:38:00 -05:00
Ray Zane
835cd4f12e First pass at setting CPU and memory limits in Kubernetes 2020-01-13 13:00:21 -05:00
dandds
8c02ba7a8d
Merge pull request #1298 from robgil-dds/169163334-iam-for-scale-set 
IAM policy for Azure VM Scale Set in k8s
 2020-01-13 12:51:51 -05:00
Rob Gil
a47ad24b90 Apply manual change for dev environment to gain access to keyvault from vmss nodes 2020-01-13 12:08:09 -05:00
Rob Gil
8416c18258 Document keyvault post terraform manual steps 
This is to document and configure the post-terraform commands necessary
for k8s hosts in the vmss to access the keyvault through flexvol.
 2020-01-13 12:05:52 -05:00
Rob Gil
53cf42103e Fix resource names for module.vpc 2020-01-13 10:29:12 -05:00
Rob Gil
316428a787 Adds screenshot of manual change to make for SystemAssigned identities 2020-01-13 10:29:12 -05:00
Rob Gil
f279e3d3c1 Docs updates to document manual steps 2020-01-13 10:29:12 -05:00
Rob Gil
1a9ff0e02b Updates docs with Preview features and how to enable them 2020-01-13 10:29:12 -05:00
Rob Gil
3986f3c91f 169163334 - Uses the k8s principal for access to keyvault from k8s nodes 2020-01-13 10:29:12 -05:00
Rob Gil
b233cb253f 169163334 - Updates provider for SystemAssigned MI policy for k8s 2020-01-13 10:29:12 -05:00
Rob Gil
623368b8dd 169163334 - Switches to SystemAssigned managed identity 
The SystemAssigned managed identity requires a preview feature to be
enabled.

```
rgil@rem5:~/atst/terraform/providers/dev$ az feature list|grep MSIPreview
    "id": "/subscriptions/95934d54-980d-47cc-9bce-3a96bf9a2d1b/providers/Microsoft.Features/providers/Microsoft.ContainerService/features/MSIPreview",
    "name": "Microsoft.ContainerService/MSIPreview",
rgil@rem5:~/atst/terraform/providers/dev$ az feature register --namespace Microsoft.ContainerService --name MSIPreview
Once the feature 'MSIPreview' is registered, invoking 'az provider register -n Microsoft.ContainerService' is required to get the change propagated
{
  "id": "/subscriptions/95934d54-980d-47cc-9bce-3a96bf9a2d1b/providers/Microsoft.Features/providers/Microsoft.ContainerService/features/MSIPreview",
  "name": "Microsoft.ContainerService/MSIPreview",
  "properties": {
    "state": "Registering"
  },
  "type": "Microsoft.Features/providers/features"
}
rgil@rem5:~/atst/terraform/providers/dev$ az provider register -n Microsoft.ContainerService
rgil@rem5:~/atst/terraform/providers/dev$
```

This also now integrates the policy for keyvault with the k8s managed
identity (system assigned).
 2020-01-13 10:29:12 -05:00
dandds
c403dc557c
Merge pull request #1307 from dod-ccpo/170636391-flash-ssti 
Use simple string formatting for flash messages.
 2020-01-13 09:43:18 -05:00
dandds
0731b0519c Use simple string formatting for flash messages. 
This addresses an SSTI vulnerability in Flask's `render_template_string`
function, which we were using for rendering flash messages. The
implementation I'd built was too complicated, so I removed its reliance
on Jinja template rendering. Instead, all parts of the flash message
should be keys in the translations file. The `flash` wrapper in
`atst.utils.flash` is just a thin wrapper over our `translate` function.
The `translate` function relies on Python string formatting, which does
not evaluate expressions and so isn't vulnerable to SSTI.
 2020-01-11 15:27:34 -05:00
leigh-mil
7de2f440c6
Merge pull request #1294 from dod-ccpo/portfolio-admin-styling__part-2 
Portfolio admin styling - Managers table
 2020-01-10 15:46:34 -05:00
leigh-mil
4d8d1d8ce0
Merge branch 'staging' into portfolio-admin-styling__part-2 2020-01-10 13:27:05 -05:00
dandds
a7da0e9104
Merge pull request #1304 from dod-ccpo/170609987-session-logging 
Log details about user login and logout.
 2020-01-10 11:44:57 -05:00