7106 Commits

Author SHA1 Message Date
leigh-mil
0a7541ef99 Remove unused mock csp routes, templates, and images. Remove unused JEDIhierarchy image 2020-01-30 14:09:12 -05:00
tomdds
001d6cbeda
Merge pull request #1372 from dod-ccpo/azure-admin-provisioning
Azure Admin Provisioning
2020-01-30 11:47:49 -05:00
tomdds
6480060b8d
Merge branch 'staging' into azure-admin-provisioning 2020-01-30 11:17:33 -05:00
tomdds
f6d3090177 Remove unused postgres import in migration 2020-01-30 11:05:06 -05:00
graham-dds
088bd37c6b
Merge pull request #1364 from dod-ccpo/safe_redirect
Add fn to ensure a url matches an app url pattern
2020-01-30 11:03:10 -05:00
tomdds
295abf49f1 Add new Portfolio Step items to DB Enum 2020-01-30 10:44:27 -05:00
graham-dds
05ef9131dd
Merge branch 'staging' into safe_redirect 2020-01-30 10:42:33 -05:00
tomdds
7a82fe48f0
Merge branch 'staging' into azure-admin-provisioning 2020-01-30 10:17:43 -05:00
dandds
72f9d23cc1
Merge pull request #1371 from dod-ccpo/disable-cipher-export
Disable cipher export for TLS negotiation.
2020-01-30 08:55:25 -05:00
tomdds
33c6e8c68c Merge CSP secret handling implementations and refine updating. 2020-01-29 18:22:21 -05:00
tomdds
0bc0e15134 Merge branch 'staging' into azure-config-values 2020-01-29 16:50:44 -05:00
dandds
26cc4ce79a Disable cipher export for TLS negotiation.
In order to meet compliance requirements, this adds the EXPORT option to
NGINX's ssl_cipher config. Extended discussion here:

https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
2020-01-29 16:48:33 -05:00
tomdds
d4dd581b7a Implement principal creation and admin elevation provisioning features. 2020-01-29 16:17:28 -05:00
leigh-mil
f331384214
Merge pull request #1361 from dod-ccpo/to-builder-previous-button
TO builder save on clicking 'Previous'
2020-01-29 15:48:14 -05:00
leigh-mil
f48404215a
Merge branch 'staging' into to-builder-previous-button 2020-01-29 15:09:27 -05:00
dandds
1957bdcbcc
Merge pull request #1370 from dod-ccpo/cookie-secure
Set SESSION_COOKIE_SECURE for deployed environments.
2020-01-29 15:05:30 -05:00
dandds
6edc7b138b Set SESSION_COOKIE_SECURE for deployed environments.
This sets the "Secure" attribute on cookies sent to the client:

https://flask.palletsprojects.com/en/1.1.x/config/#SESSION_COOKIE_SECURE
2020-01-29 14:39:56 -05:00
graham-dds
82ef8f3574 Add fn to ensure a url matches an app url pattern
In some functions, we redirect a user based on a parameter in a query
string.  This commit adds a function that checks to see if a given url
matches a url pattern of a view function. This will help us ensure that
the url passed  as the next parameter isn't malicious.
2020-01-29 13:24:12 -05:00
dandds
7812da5eae
Merge pull request #1359 from dod-ccpo/app-env-provisioning
Application Provisioning
2020-01-29 11:43:19 -05:00
dandds
63b5ddbdd4 Merge branch 'staging' into app-env-provisioning 2020-01-29 11:16:55 -05:00
dandds
abd03be806 Store and pull tenant creds from Key Vault.
The tenant ID should be hashed and used as the key for the JSON blob of
relevant creds for any given tenant. Azure CSP interface methods that
need to source creds should call the internal `_source_creds` method,
either with a `tenant_id` or no parameters. That method will source the
creds. If a tenant ID is provided, it will source them from the Key
Vault. If not provided, it will return the default creds for the app
registration in the home tenant.
2020-01-29 10:49:27 -05:00
dandds
c3af165b51
Merge pull request #1355 from dod-ccpo/gi-wo-20200120
Ghost Inspector updates wo 2020-01-20
2020-01-29 09:13:18 -05:00
dandds
5d8ee82a31
Merge pull request #1366 from dod-ccpo/disable-pod-escalation
Disable container privilege escalation.
2020-01-29 09:12:53 -05:00
tomdds
144312863c Draft implementations of remote admin creation and root management group ownership. 2020-01-28 20:14:50 -05:00
dandds
81a41a632a
Merge branch 'staging' into disable-pod-escalation 2020-01-28 16:48:45 -05:00
dandds
08f42e7a8a
Merge pull request #1353 from dod-ccpo/take3
Database bootstrapping
2020-01-28 14:49:01 -05:00
dandds
66bd81eda9
Merge branch 'staging' into take3 2020-01-28 14:33:05 -05:00
tomdds
7bf6b9addc Remove creds from payloads and passthroughs. 2020-01-28 14:12:04 -05:00
dandds
b630433aa8 Disable container privilege escalation.
Per Azure best practice, disable a container's ability to escalate its
privileges.

https://docs.microsoft.com/en-us/azure/aks/developer-best-practices-pod-security#secure-pod-access-to-resources
2020-01-28 14:10:55 -05:00
leigh-mil
e1ff093651
Merge pull request #1354 from dod-ccpo/alpha-numeric-to-numbers
New TO Number Rules
2020-01-28 12:00:31 -05:00
dandds
67bfe09bbf
Merge branch 'staging' into alpha-numeric-to-numbers 2020-01-28 11:24:40 -05:00
dandds
5eb811d564
Merge branch 'staging' into gi-wo-20200120 2020-01-28 11:24:10 -05:00
dandds
a3bbfd695b
Merge branch 'staging' into take3 2020-01-28 09:43:41 -05:00
tomdds
475ceaed7c Source Azure Environment Values from Config
This commit switches a few previously hardcoded values to be parsed from configuration, either from the SDK or current consts.
2020-01-27 16:49:19 -05:00
Hannah Brinkman
717517072b
Merge pull request #1351 from dod-ccpo/grid-styling
Spacing & Layout, Content Max-Width, Nav/Footer refinements, Portfolio Header alignment
2020-01-27 16:05:22 -05:00
hmbrink
f0122c794d New portfolio header padding 2020-01-27 14:09:42 -05:00
Hannah Brinkman
18aa60b871
Merge branch 'staging' into grid-styling 2020-01-27 13:49:32 -05:00
leigh-mil
cb1442c9b6
Merge pull request #1356 from dod-ccpo/empty-states
Empty state for view only users
2020-01-27 13:49:14 -05:00
Hannah Brinkman
29d5f8baf5
Merge branch 'staging' into grid-styling 2020-01-27 13:47:07 -05:00
hmbrink
15ac65752f New portfolio header adjustments 2020-01-27 13:46:56 -05:00
leigh-mil
78e5fbf7b5
Merge branch 'staging' into empty-states 2020-01-27 13:23:14 -05:00
leigh-mil
758dec9ea8
Merge pull request #1357 from dod-ccpo/funding-alert
Funding alert on app settings page
2020-01-27 13:21:02 -05:00
dandds
adacb6ff19 Cleanup cruft 2020-01-27 13:17:09 -05:00
dandds
058ee57527 Create database with separate script.
Creating the ATAT database requires a separate connection to one of the
default Postgres databases, like `postgres`. This updates the scripts
and secrets-tool command to handle creating the database. It also
removes database creation from Terraform and updates the documentation.
2020-01-27 13:17:09 -05:00
dandds
a8f6befc17 secrets-tool command for bootstrapping database.
This additional secrets-tool command can be used to run the database
bootsrapping script (`script/database_setup.py`) inside an ATAT docker
container against the Azure database. It sources the necessary keys from
Key Vault.
2020-01-27 13:17:09 -05:00
dandds
49a1a219ae Script for setting up database user, schema, and seed data.
This script is for bootstrapping the initial database. It can be run via
a container, but requires that a Postgres superuser's credentials be
provided via our normal config. That way the superuser can provision a
less-privileged user for the application's database connection.
2020-01-27 13:17:09 -05:00
leigh-mil
1310434243
Merge branch 'staging' into funding-alert 2020-01-27 13:03:53 -05:00
hmbrink
b9ba0e1ab1 Merge branch 'grid-styling' of https://github.com/dod-ccpo/atst into grid-styling 2020-01-27 13:02:19 -05:00
hmbrink
8093edbf03 User icon
Added user icon from designs for top navigation
2020-01-27 13:02:06 -05:00
Hannah Brinkman
66d1d88675
Merge branch 'staging' into grid-styling 2020-01-27 12:49:52 -05:00