75 Commits

Author SHA1 Message Date
dandds
88171aaee7 Supply named default queue for Celery.
Supplying this will prevent queue clashes between various ATAT sites
sharing the same Redis instance.

Note that the Celery documentation is currently wrong about the name for
configuring this:

https://docs.celeryproject.org/en/latest/userguide/configuration.html#std:setting-task_default_queue

It specifies `CELERY_TASK_DEFAULT_QUEUE`, but
`CELERY_DEFAULT_QUEUE` is the value that Celery currently looks for.
This appears to be fixed in on an upcoming release:

https://github.com/celery/celery/issues/5575

This is worth keeping an eye on, since the configuration key could
change in the future.
2019-11-14 15:48:14 -05:00
richard-dds
6a1e1b8de8 Remove STORAGE_PROVIDER from test config 2019-11-12 16:57:46 -05:00
richard-dds
4a66bf4d29 Remove prod.ini, becase it's useless 2019-11-12 16:57:46 -05:00
richard-dds
4b8296c6ea Remove unused configuration values from base.ini 2019-11-12 16:57:46 -05:00
richard-dds
1746c297d1 Use deterministic "mock-test" CSP in CI 2019-10-29 16:19:53 -04:00
graham-dds
9de90d796d Rename audit log feature flag config variable 2019-10-21 11:36:53 -04:00
graham-dds
8e0ce0519d Add AUDIT_LOG_FEATURE_TOGGLE to flask app settings
- set in ini config
2019-10-21 10:32:58 -04:00
dandds
efcb9681d3 Make Postgres SSL connection configurable.
This will allow us to force SSL connections to the database in
production by setting two values:

- PGSSLMODE should be set to "verify-full". This forces the client to
  verify the server against a known CA: https://www.postgresql.org/docs/10/libpq-ssl.html
- PGSSLROOTCERT should be set to the path of the public cert for the
  relevant CA.

When the database connection is made, these values are passed to the
adapter. For local development, PGSSLMODE is set to "prefer" and
PGSSLROOTCERT is left unset.

Kubernetes config has been added to maintain the root CAs for both Azure
and AWS as k8s ConfigMap objects. These are mounted into the containers
and referenced by PGSSLROOTCERT in the container environment.
2019-10-17 16:05:19 -04:00
dandds
fc637e933d Specify Flask SERVER_NAME value for Celery worker.
The Celery worker cannot render URLs for the app without having a
SERVER_NAME value set. AT-AT's ability to send notifications when an
environment is ready is broken as a result.

This commit sets a null default value for SERVER_NAME in the default
config file. A setting must exist in the INI file in order to be
over-written by an environment variable, which is why we declare it as
null here. There is an additional kwarg, "allow_no_value", that must be
passed to ConfigParser to allow null values.

This also applies the correct domains as SERVER_NAME environment
variables in the Kubernetes ConfigMaps for the AWS and Azure Celery
workers.
2019-10-16 11:57:18 -04:00
dandds
e3111af45e Allow DEBUG mode in CI. 2019-10-11 13:15:31 -04:00
richard-dds
c9dcacddb0
Merge pull request #1056 from dod-ccpo/mock-csp
Mock implementation of CSP interface
2019-09-10 12:46:52 -04:00
richard-dds
6c0420d6c5 Read config to determine mock CSP type 2019-09-09 10:45:38 -04:00
leigh-mil
e4ca027065 Validate CLIN PoP against configurable contract start and end dates 2019-09-06 10:12:34 -04:00
dandds
883947b75f Enable debug mode in tests.
Debug mode allows route integration tests to raise explicit exceptions on
errors, instead of returning error pages. Some portions of the test
suite need to be able to ignore exceptions (the response is not under
test) so they use a separate pytest fixture version of the app and
client that are configured with debug disabled, as it would be in
production.
2019-08-30 15:32:57 -04:00
dandds
5f0ff137d3 Raise default session lifetime to 30 minutes. 2019-08-21 14:44:55 -04:00
dandds
485f578c78 Apply config changes for CSP file uploads.
This applies configuration changes for the Flask app and adds changes to
the Dockerfile so that the build can make a CSP-specific JS bundle. It
adds `write_dotenv` script that creates the appropriate `.env` file for
the `parcel` bundler depending on how the `CSP` environment variable is
set.

- Configure K8s environment variables for Flask CSP usage
- Supply default CSP config setting to Flask app
- Declare the CSP arg in the Dockerfile
- Supply extra Docker build args to CD
- Fix top-level reference to boto3 in file_upload module
- Add back missing sample NGINX config for docker-compose build
2019-08-09 08:05:20 -04:00
leigh-mil
90caeae063 Add back in CRL_STORAGE_CONTAINER to base.ini 2019-08-08 16:57:38 -04:00
dandds
9fc6514d80 Clean up defunct upload and CRL logic.
- Applies our previous CSP namespacing pattern to the upload classes.
- Removes code and config for previous uploader implementation.
- Removes Attachment model's ability to upload files directly and
  adjusts tests that expected that behavior.
2019-08-08 13:20:27 -04:00
richard-dds
5dcbee333a Make session limiter configurable 2019-05-28 10:45:12 -04:00
dandds
b8a24c37c4 Make SQLALCHEMY_ECHO option independent of DEBUG for sqlalchemy logging. 2019-05-02 15:41:13 -04:00
dandds
d73b082471 configurable json logging for atst app 2019-04-01 12:34:53 -04:00
Montana
d6906c8504 Add config for CRL_FAIL_OPEN 2019-03-14 13:42:12 -04:00
dandds
44d52ae601 fix crl storage config name 2019-03-01 15:31:02 -05:00
dandds
725042ab76 modify crl storage config:
- make local container for libcloud storage if it does not exist
- separate config variables for CRL storage
2019-02-27 05:51:50 -05:00
dandds
9aa15d57e8 CRL Provider for syncing CRLs from cached source 2019-02-27 05:51:50 -05:00
Patrick Smith
3ce4012561 Set debug to false in test config 2019-02-21 16:24:53 -05:00
dandds
4bd41950c6 remove REQUIRE_CRLS setting in favor of DISABLE_CRL_CHECK 2019-01-18 09:48:43 -05:00
dandds
becaec8d42 no op version of CRL cache for disabling crl check 2019-01-17 10:28:40 -05:00
George Drummond
99f34fe45a
Disable CLIN fields via a config option 2019-01-07 14:25:03 -05:00
Patrick Smith
e432da0d50 Refactor to remove Uploader in favor of RackspaceFileProvider 2019-01-02 17:13:21 -05:00
dandds
082213f0e2 set environment for tests so that tests use their own queue 2018-11-06 14:42:48 -05:00
Patrick Smith
4bbb55a06e Add RQ_QUEUES to default config
We can use string interpolation in the file rather than building it when
making the config. Adding the value to the config allows us to override
it with an environment variable, if we want to (as we do for the UAT
environment).
2018-10-31 16:12:00 -04:00
Patrick Smith
e177fe0037 Add REQUIRE_CRLS to config parser 2018-10-26 10:11:03 -04:00
dandds
4e653a52cf do not disable CSRF for selenium testing 2018-10-15 10:06:11 -04:00
dandds
63f94deb40 test harness for selenium testing 2018-10-15 09:10:08 -04:00
dandds
78af50fcf0 sketch of BrowserStack and Selenium testing setup 2018-10-15 09:09:23 -04:00
dandds
ef2e97713a initial uploader and some form work 2018-08-27 13:04:41 -04:00
dandds
ee4458edd1 alphabetize base config 2018-08-08 09:49:55 -04:00
dandds
45392a8119 specify domain for production session cookies 2018-08-08 09:43:29 -04:00
dandds
3b36066315 remove authnid base URL from config 2018-08-07 09:44:10 -04:00
dandds
69fb8217eb add default value for WTF_CSRF_ENABLED 2018-08-07 09:33:46 -04:00
richard-dds
8494744801 Disable CSRF checking in test and CI 2018-08-06 16:36:49 -04:00
dandds
94223e1869 add session expiration config 2018-08-06 15:03:09 -04:00
dandds
ac95bf371e implement CRL checking from authnid 2018-08-06 11:12:58 -04:00
dandds
ea5c9732ba implement authentication redirect 2018-08-06 10:44:24 -04:00
dandds
2ff5c604e1 fix session config (d'oh) 2018-08-06 10:44:24 -04:00
Patrick Smith
6c01b614b9 Configure CI redis URI 2018-08-03 15:21:20 -04:00
Patrick Smith
97d3fffc2c Remove quotes from base config 2018-08-03 14:57:22 -04:00
richard-dds
394fb57353
Merge pull request #122 from dod-ccpo/flask-session
Use Flask-Sessions for session management
2018-08-03 10:19:39 -04:00
dandds
9bc64ba269 CI should use the test database 2018-08-03 09:50:39 -04:00