6837 Commits

Author SHA1 Message Date
Philip Kalinsky
69bd2f43a5 provision portfolio state machine 2020-01-14 16:36:16 -05:00
graham-dds
ad82706bd4
Merge pull request #1314 from dod-ccpo/bugfix/use-v-text-where-possible
Use v-text instead of v-html to mitigate XSS attacks
2020-01-14 16:34:31 -05:00
graham-dds
ffd3dd2d9d use v-text instead of v-html
v-html interprets the string passed to it as raw html, without escaping.
We should use v-text wherever possible.
2020-01-14 16:19:27 -05:00
dandds
d55a81ebdd
Merge pull request #1300 from dod-ccpo/update-env-role-list
Update environment roles list
2020-01-14 16:01:49 -05:00
leigh-mil
11b3120bfd Update filter functions to display properly when users env access has been revoked 2020-01-14 15:43:46 -05:00
leigh-mil
17864cc060 Add migration to change environment_roles role column from string to
enum type.
Fix tests and functions affected by the column type change.
2020-01-14 13:12:29 -05:00
dandds
bffd981105
Merge pull request #1306 from dod-ccpo/update-sqlalchemy-version
Update version of sqlalchemy
2020-01-14 11:28:35 -05:00
leigh-mil
ab5485e103 Update version of sqlalchemy 2020-01-14 06:27:28 -05:00
graham-dds
b1345c0eb0
Merge pull request #1310 from dod-ccpo/small-ui-fixes
Small ui fixes
2020-01-13 17:20:57 -05:00
graham-dds
45c4fc1d5f Match empty state for app members with designs 2020-01-13 16:32:31 -05:00
graham-dds
fdeffd3183 Bump margin so that add clin button isn't hidden 2020-01-13 16:32:31 -05:00
raydds
9cb7422468
Merge pull request #1309 from dod-ccpo/kubernetes-resource-limits
First pass at setting CPU and memory limits in Kubernetes
2020-01-13 14:38:00 -05:00
Ray Zane
835cd4f12e First pass at setting CPU and memory limits in Kubernetes 2020-01-13 13:00:21 -05:00
dandds
8c02ba7a8d
Merge pull request #1298 from robgil-dds/169163334-iam-for-scale-set
IAM policy for Azure VM Scale Set in k8s
2020-01-13 12:51:51 -05:00
Rob Gil
a47ad24b90 Apply manual change for dev environment to gain access to keyvault from vmss nodes 2020-01-13 12:08:09 -05:00
Rob Gil
8416c18258 Document keyvault post terraform manual steps
This is to document and configure the post-terraform commands necessary
for k8s hosts in the vmss to access the keyvault through flexvol.
2020-01-13 12:05:52 -05:00
Rob Gil
53cf42103e Fix resource names for module.vpc 2020-01-13 10:29:12 -05:00
Rob Gil
316428a787 Adds screenshot of manual change to make for SystemAssigned identities 2020-01-13 10:29:12 -05:00
Rob Gil
f279e3d3c1 Docs updates to document manual steps 2020-01-13 10:29:12 -05:00
Rob Gil
1a9ff0e02b Updates docs with Preview features and how to enable them 2020-01-13 10:29:12 -05:00
Rob Gil
3986f3c91f 169163334 - Uses the k8s principal for access to keyvault from k8s nodes 2020-01-13 10:29:12 -05:00
Rob Gil
b233cb253f 169163334 - Updates provider for SystemAssigned MI policy for k8s 2020-01-13 10:29:12 -05:00
Rob Gil
623368b8dd 169163334 - Switches to SystemAssigned managed identity
The SystemAssigned managed identity requires a preview feature to be
enabled.

```
rgil@rem5:~/atst/terraform/providers/dev$ az feature list|grep MSIPreview
    "id": "/subscriptions/95934d54-980d-47cc-9bce-3a96bf9a2d1b/providers/Microsoft.Features/providers/Microsoft.ContainerService/features/MSIPreview",
    "name": "Microsoft.ContainerService/MSIPreview",
rgil@rem5:~/atst/terraform/providers/dev$ az feature register --namespace Microsoft.ContainerService --name MSIPreview
Once the feature 'MSIPreview' is registered, invoking 'az provider register -n Microsoft.ContainerService' is required to get the change propagated
{
  "id": "/subscriptions/95934d54-980d-47cc-9bce-3a96bf9a2d1b/providers/Microsoft.Features/providers/Microsoft.ContainerService/features/MSIPreview",
  "name": "Microsoft.ContainerService/MSIPreview",
  "properties": {
    "state": "Registering"
  },
  "type": "Microsoft.Features/providers/features"
}
rgil@rem5:~/atst/terraform/providers/dev$ az provider register -n Microsoft.ContainerService
rgil@rem5:~/atst/terraform/providers/dev$
```

This also now integrates the policy for keyvault with the k8s managed
identity (system assigned).
2020-01-13 10:29:12 -05:00
dandds
c403dc557c
Merge pull request #1307 from dod-ccpo/170636391-flash-ssti
Use simple string formatting for flash messages.
2020-01-13 09:43:18 -05:00
dandds
0731b0519c Use simple string formatting for flash messages.
This addresses an SSTI vulnerability in Flask's `render_template_string`
function, which we were using for rendering flash messages. The
implementation I'd built was too complicated, so I removed its reliance
on Jinja template rendering. Instead, all parts of the flash message
should be keys in the translations file. The `flash` wrapper in
`atst.utils.flash` is just a thin wrapper over our `translate` function.
The `translate` function relies on Python string formatting, which does
not evaluate expressions and so isn't vulnerable to SSTI.
2020-01-11 15:27:34 -05:00
leigh-mil
7de2f440c6
Merge pull request #1294 from dod-ccpo/portfolio-admin-styling__part-2
Portfolio admin styling - Managers table
2020-01-10 15:46:34 -05:00
leigh-mil
4d8d1d8ce0
Merge branch 'staging' into portfolio-admin-styling__part-2 2020-01-10 13:27:05 -05:00
dandds
a7da0e9104
Merge pull request #1304 from dod-ccpo/170609987-session-logging
Log details about user login and logout.
2020-01-10 11:44:57 -05:00
leigh-mil
8f5db7805c Add pointer to cancel link 2020-01-10 10:25:56 -05:00
leigh-mil
1425459e35 Use permissions sets instead of portfolio.owner_role to see if a member is PPoC 2020-01-10 10:25:55 -05:00
leigh-mil
70462eee0c Display portfolio managers alphabetically instead of always having PPoC in the first table row 2020-01-10 10:25:55 -05:00
leigh-mil
959636fc91 Fix seed_sample script 2020-01-10 10:25:55 -05:00
leigh-mil
17642cda4e Rename file to better reflect contents 2020-01-10 10:25:55 -05:00
leigh-mil
ffa4a1370c Set width of Name column in portfolio managers table.
Delete unused table styles.
2020-01-10 10:25:55 -05:00
leigh-mil
da398bf1ff Add status labels to portfolio managers table.
Update PortfolioRole.display_status() to return same type of data as
ApplicationRole.display_status().
2020-01-10 10:25:55 -05:00
leigh-mil
a6fcd0c76f Fix styling on member forms.
Include flash message when portfolio manager is added.
Fix submit button text
2020-01-10 10:25:55 -05:00
leigh-mil
abfe8663a1 Update copy in perms form 2020-01-10 10:25:55 -05:00
leigh-mil
89035c815b Update styling for Manager name and add 'You' tag 2020-01-10 10:25:55 -05:00
leigh-mil
975d3d243b Delete tests and route associated with old portfolio member perms form 2020-01-10 10:25:55 -05:00
leigh-mil
c9d0c64c1f Fix and generalize styling for member form macro
Only display permissions with 'Edit' value
Delete unused files and rename MemberForm macro file
2020-01-10 10:25:55 -05:00
leigh-mil
79b2773852 Portfolio manager invite updates:
- Update the form to use BooleanFields for the permissions and make the
form more similar to the Application Members form
- Use MemberFormTemplate macro in the portfolio settings template
- fix tests affected by the form changes
2020-01-10 10:25:55 -05:00
leigh-mil
4d2a175136 Use generalized macro for new member form in application settings 2020-01-10 10:25:55 -05:00
leigh-mil
6e50a8cc1f Generalize macro for adding new member to an application or portfolio 2020-01-10 10:25:55 -05:00
leigh-mil
ff3e585dfe Initial formatting and styling of portfolio managers table. Deleted unused css 2020-01-10 10:25:55 -05:00
dandds
1ab0c26365 Log details about user login and logout.
To satisfy security requirements, we need to explicitly track:

- when a user attempts to log in, successful or not
- when a user logs out
- whether or not the user associated with a request is logged in

The first two are satisfied by extra log statements and the last is a
new boolean field on the JSON logs.
2020-01-10 10:20:35 -05:00
dandds
a0b96402f2 Remove user.provisional column.
This is leftover from a previous iteration of ATAT where inviting a user
to a portfolio would create a pending entry in the users table. This is
no longer used.
2020-01-10 10:20:35 -05:00
dandds
8fc543928d
Merge pull request #1299 from dod-ccpo/pki-cruft
Clean up unused PKI test files.
2020-01-10 10:19:56 -05:00
dandds
c2ea17b8d1 Clean up unused PKI test files.
Previously these files were being used to integration testing of mutual
TLS authentication. They're not any longer and can be removed.
2020-01-10 09:44:57 -05:00
leigh-mil
7f13643ff7
Merge pull request #1301 from dod-ccpo/to-builder-summary-items
TO Builder Step 4 bugfixes
2020-01-09 13:55:29 -05:00
leigh-mil
ca409cae6c Display TO number on Step 4 of TO builder 2020-01-09 10:50:10 -05:00