leigh-mil
0a7541ef99
Remove unused mock csp routes, templates, and images. Remove unused JEDIhierarchy image
2020-01-30 14:09:12 -05:00
tomdds
001d6cbeda
Merge pull request #1372 from dod-ccpo/azure-admin-provisioning
...
Azure Admin Provisioning
2020-01-30 11:47:49 -05:00
tomdds
6480060b8d
Merge branch 'staging' into azure-admin-provisioning
2020-01-30 11:17:33 -05:00
tomdds
f6d3090177
Remove unused postgres import in migration
2020-01-30 11:05:06 -05:00
graham-dds
088bd37c6b
Merge pull request #1364 from dod-ccpo/safe_redirect
...
Add fn to ensure a url matches an app url pattern
2020-01-30 11:03:10 -05:00
tomdds
295abf49f1
Add new Portfolio Step items to DB Enum
2020-01-30 10:44:27 -05:00
graham-dds
05ef9131dd
Merge branch 'staging' into safe_redirect
2020-01-30 10:42:33 -05:00
tomdds
7a82fe48f0
Merge branch 'staging' into azure-admin-provisioning
2020-01-30 10:17:43 -05:00
dandds
72f9d23cc1
Merge pull request #1371 from dod-ccpo/disable-cipher-export
...
Disable cipher export for TLS negotiation.
2020-01-30 08:55:25 -05:00
tomdds
33c6e8c68c
Merge CSP secret handling implementations and refine updating.
2020-01-29 18:22:21 -05:00
tomdds
0bc0e15134
Merge branch 'staging' into azure-config-values
2020-01-29 16:50:44 -05:00
dandds
26cc4ce79a
Disable cipher export for TLS negotiation.
...
In order to meet compliance requirements, this adds the EXPORT option to
NGINX's ssl_cipher config. Extended discussion here:
https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
2020-01-29 16:48:33 -05:00
tomdds
d4dd581b7a
Implement principal creation and admin elevation provisioning features.
2020-01-29 16:17:28 -05:00
leigh-mil
f331384214
Merge pull request #1361 from dod-ccpo/to-builder-previous-button
...
TO builder save on clicking 'Previous'
2020-01-29 15:48:14 -05:00
leigh-mil
f48404215a
Merge branch 'staging' into to-builder-previous-button
2020-01-29 15:09:27 -05:00
dandds
1957bdcbcc
Merge pull request #1370 from dod-ccpo/cookie-secure
...
Set SESSION_COOKIE_SECURE for deployed environments.
2020-01-29 15:05:30 -05:00
dandds
6edc7b138b
Set SESSION_COOKIE_SECURE for deployed environments.
...
This sets the "Secure" attribute on cookies sent to the client:
https://flask.palletsprojects.com/en/1.1.x/config/#SESSION_COOKIE_SECURE
2020-01-29 14:39:56 -05:00
graham-dds
82ef8f3574
Add fn to ensure a url matches an app url pattern
...
In some functions, we redirect a user based on a parameter in a query
string. This commit adds a function that checks to see if a given url
matches a url pattern of a view function. This will help us ensure that
the url passed as the next parameter isn't malicious.
2020-01-29 13:24:12 -05:00
dandds
7812da5eae
Merge pull request #1359 from dod-ccpo/app-env-provisioning
...
Application Provisioning
2020-01-29 11:43:19 -05:00
dandds
63b5ddbdd4
Merge branch 'staging' into app-env-provisioning
2020-01-29 11:16:55 -05:00
dandds
abd03be806
Store and pull tenant creds from Key Vault.
...
The tenant ID should be hashed and used as the key for the JSON blob of
relevant creds for any given tenant. Azure CSP interface methods that
need to source creds should call the internal `_source_creds` method,
either with a `tenant_id` or no parameters. That method will source the
creds. If a tenant ID is provided, it will source them from the Key
Vault. If not provided, it will return the default creds for the app
registration in the home tenant.
2020-01-29 10:49:27 -05:00
dandds
c3af165b51
Merge pull request #1355 from dod-ccpo/gi-wo-20200120
...
Ghost Inspector updates wo 2020-01-20
2020-01-29 09:13:18 -05:00
dandds
5d8ee82a31
Merge pull request #1366 from dod-ccpo/disable-pod-escalation
...
Disable container privilege escalation.
2020-01-29 09:12:53 -05:00
tomdds
144312863c
Draft implementations of remote admin creation and root management group ownership.
2020-01-28 20:14:50 -05:00
dandds
81a41a632a
Merge branch 'staging' into disable-pod-escalation
2020-01-28 16:48:45 -05:00
dandds
08f42e7a8a
Merge pull request #1353 from dod-ccpo/take3
...
Database bootstrapping
2020-01-28 14:49:01 -05:00
dandds
66bd81eda9
Merge branch 'staging' into take3
2020-01-28 14:33:05 -05:00
tomdds
7bf6b9addc
Remove creds from payloads and passthroughs.
2020-01-28 14:12:04 -05:00
dandds
b630433aa8
Disable container privilege escalation.
...
Per Azure best practice, disable a container's ability to escalate its
privileges.
https://docs.microsoft.com/en-us/azure/aks/developer-best-practices-pod-security#secure-pod-access-to-resources
2020-01-28 14:10:55 -05:00
leigh-mil
e1ff093651
Merge pull request #1354 from dod-ccpo/alpha-numeric-to-numbers
...
New TO Number Rules
2020-01-28 12:00:31 -05:00
dandds
67bfe09bbf
Merge branch 'staging' into alpha-numeric-to-numbers
2020-01-28 11:24:40 -05:00
dandds
5eb811d564
Merge branch 'staging' into gi-wo-20200120
2020-01-28 11:24:10 -05:00
dandds
a3bbfd695b
Merge branch 'staging' into take3
2020-01-28 09:43:41 -05:00
tomdds
475ceaed7c
Source Azure Environment Values from Config
...
This commit switches a few previously hardcoded values to be parsed from configuration, either from the SDK or current consts.
2020-01-27 16:49:19 -05:00
Hannah Brinkman
717517072b
Merge pull request #1351 from dod-ccpo/grid-styling
...
Spacing & Layout, Content Max-Width, Nav/Footer refinements, Portfolio Header alignment
2020-01-27 16:05:22 -05:00
hmbrink
f0122c794d
New portfolio header padding
2020-01-27 14:09:42 -05:00
Hannah Brinkman
18aa60b871
Merge branch 'staging' into grid-styling
2020-01-27 13:49:32 -05:00
leigh-mil
cb1442c9b6
Merge pull request #1356 from dod-ccpo/empty-states
...
Empty state for view only users
2020-01-27 13:49:14 -05:00
Hannah Brinkman
29d5f8baf5
Merge branch 'staging' into grid-styling
2020-01-27 13:47:07 -05:00
hmbrink
15ac65752f
New portfolio header adjustments
2020-01-27 13:46:56 -05:00
leigh-mil
78e5fbf7b5
Merge branch 'staging' into empty-states
2020-01-27 13:23:14 -05:00
leigh-mil
758dec9ea8
Merge pull request #1357 from dod-ccpo/funding-alert
...
Funding alert on app settings page
2020-01-27 13:21:02 -05:00
dandds
adacb6ff19
Cleanup cruft
2020-01-27 13:17:09 -05:00
dandds
058ee57527
Create database with separate script.
...
Creating the ATAT database requires a separate connection to one of the
default Postgres databases, like `postgres`. This updates the scripts
and secrets-tool command to handle creating the database. It also
removes database creation from Terraform and updates the documentation.
2020-01-27 13:17:09 -05:00
dandds
a8f6befc17
secrets-tool command for bootstrapping database.
...
This additional secrets-tool command can be used to run the database
bootsrapping script (`script/database_setup.py`) inside an ATAT docker
container against the Azure database. It sources the necessary keys from
Key Vault.
2020-01-27 13:17:09 -05:00
dandds
49a1a219ae
Script for setting up database user, schema, and seed data.
...
This script is for bootstrapping the initial database. It can be run via
a container, but requires that a Postgres superuser's credentials be
provided via our normal config. That way the superuser can provision a
less-privileged user for the application's database connection.
2020-01-27 13:17:09 -05:00
leigh-mil
1310434243
Merge branch 'staging' into funding-alert
2020-01-27 13:03:53 -05:00
hmbrink
b9ba0e1ab1
Merge branch 'grid-styling' of https://github.com/dod-ccpo/atst into grid-styling
2020-01-27 13:02:19 -05:00
hmbrink
8093edbf03
User icon
...
Added user icon from designs for top navigation
2020-01-27 13:02:06 -05:00
Hannah Brinkman
66d1d88675
Merge branch 'staging' into grid-styling
2020-01-27 12:49:52 -05:00