Commit Graph

7416 Commits

Author SHA1 Message Date
dandds
a0e2332b05 Merge pull request #1184 from dod-ccpo/fix-crl-test-bug
Fix bug in static CRL test.
2019-11-14 16:11:29 -05:00
dandds
88171aaee7 Supply named default queue for Celery.
Supplying this will prevent queue clashes between various ATAT sites
sharing the same Redis instance.

Note that the Celery documentation is currently wrong about the name for
configuring this:

https://docs.celeryproject.org/en/latest/userguide/configuration.html#std:setting-task_default_queue

It specifies `CELERY_TASK_DEFAULT_QUEUE`, but
`CELERY_DEFAULT_QUEUE` is the value that Celery currently looks for.
This appears to be fixed in on an upcoming release:

https://github.com/celery/celery/issues/5575

This is worth keeping an eye on, since the configuration key could
change in the future.
2019-11-14 15:48:14 -05:00
dandds
3ddfc5c179 Fix bug in static CRL test.
A CRL test that relies on fixtures files was not getting a working copy
of the relevant CRL list it needed. This also adds a setup function to
the relevant test module so that we can clear and rebuild the CRL
location cache for the fixtures.
2019-11-14 14:12:07 -05:00
tomdds
c5c667a436 Remove load-test dependencies from main project 2019-11-14 12:52:59 -05:00
dandds
bf1badeff0 Merge pull request #1182 from dod-ccpo/lets-encrypt-manually
Configure K8s deployment for easy LetsEncrypt verification.
2019-11-14 12:46:25 -05:00
dandds
a813ffa07a Merge pull request #1178 from dod-ccpo/staging-ci
Add CircleCI config for staging deployment.
2019-11-14 12:42:00 -05:00
tomdds
d1ef106ea3 Dockerize locust and tweak script for configurability 2019-11-14 11:53:32 -05:00
dandds
79eb691907 Configure K8s deployment for easy LetsEncrypt verification.
This is not the certificate setup we will use in production. I'd like to
merge this configuration as a reference point because this is the
easiest way to handle manual LetsEncrypt verification within the
cluster.

This allows NGINX to serve static files over HTTP from the
".well-known/acme-challenge" directory, which is necessary for certbot
validation of domain ownership.
2019-11-14 09:51:35 -05:00
dandds
9c086e2f85 Merge pull request #1177 from dod-ccpo/crls-again
Maintain static list of CRL URIs and issuers.
2019-11-14 05:45:51 -05:00
tomdds
217a3bce09 Basic load test file to query and create portfolios, apps and environments 2019-11-13 17:10:21 -05:00
tomdds
c03987e552 Add locust and pyquery dev deps for load testing 2019-11-13 17:08:26 -05:00
leigh-mil
92ce3420b6 Merge pull request #1146 from dod-ccpo/app-members-perms-form
Add revoke access to app members perms/env roles form
2019-11-13 11:12:16 -05:00
richard-dds
f0101f1230 Merge pull request #1171 from dod-ccpo/remove-unused-config
Remove unused config
2019-11-13 10:09:17 -05:00
dandds
387f957aa4 Add CircleCI config for staging deployment.
This generalizes the deploy step into a configurable CircleCI command.
The available parameters are:

- `namespace`: the K8s namespace to alter
- `tag`: the docker tag to apply to the image

The script for applying migrations to the K8s environment and the
corresponding K8s Job config have been generalized so that they can be
configured to run in the specified namespace.

The main workflow has been updated so that the appropriate deployment
will happen, depending on whether we are merging to staging or master.
In the future, we could look to add an additional workflow based around
Git tags for production.

Note that this also removes the creation of the `latest` tag from CD.
That tag is no longer hard-coded into our K8s config and so there's no
longer a need to update it in our container registry.
2019-11-13 09:56:36 -05:00
leigh-mil
06a36f23bc Raise error when a user attempts to update a disabled env role 2019-11-12 17:02:57 -05:00
leigh-mil
e8f21acf5b PR fixes 2019-11-12 16:59:22 -05:00
richard-dds
6a1e1b8de8 Remove STORAGE_PROVIDER from test config 2019-11-12 16:57:46 -05:00
richard-dds
4a66bf4d29 Remove prod.ini, becase it's useless 2019-11-12 16:57:46 -05:00
richard-dds
4b8296c6ea Remove unused configuration values from base.ini 2019-11-12 16:57:46 -05:00
leigh-mil
b653546768 Styling 2019-11-12 16:56:55 -05:00
leigh-mil
d33fcb6073 Fix issues with deleting roles:
1. Prevents roles from being created with the role 'None'
2. Only call EnvironmentRoles.delete() if the env_role exists
3. Update the filter on the role field of the app member form to return
'No Access'. This fixed an issue where if a role was deleted, then other
env roles belonging to the app member could not be updated because the
role field of the deleted env_role was invalid
2019-11-12 16:54:46 -05:00
leigh-mil
f928b776a6 Properly set deleted data for UpdateMemberForm and display suspended env access text
Styling for env name and role in update app member perms form
2019-11-12 16:54:46 -05:00
leigh-mil
d40c11a8f6 Change how env_roles are updated
This change makes it so that when an env_role is updated to be None, the
role property on the env_role is changed to be None in addition to being
marked as deleted. This also adds in a check so that previously deleted
env_roles cannot be reassigned a role.
2019-11-12 16:54:46 -05:00
leigh-mil
3a1a996469 Create macro for environment role field and update route so the correct data is passed to Environments.update_env_role to update or delete roles 2019-11-12 16:54:46 -05:00
leigh-mil
d324ec57ec Add field for deleted in the app members environment form 2019-11-12 16:54:46 -05:00
leigh-mil
54f3c2f8ba Update text and icon in modal
Update env_role status when it is deleted
2019-11-12 16:54:46 -05:00
leigh-mil
eb617ef68a Merge pull request #1161 from dod-ccpo/app-members-edit-menu
App members edit menu
2019-11-12 16:46:44 -05:00
graham-dds
948976bb78 Merge pull request #1176 from dod-ccpo/bugfix/date-validation
Tweak date validation logic for months and days
2019-11-12 16:09:00 -05:00
leigh-mil
4218359bac Merge pull request #1162 from dod-ccpo/env-name-bugfix
Env name bugfix
2019-11-12 15:24:53 -05:00
leigh-mil
9037c44498 Move filter out of class definition and change name of form field 2019-11-12 13:07:50 -05:00
leigh-mil
ab9b62f54b Update validators and filter to remove strings that contain only
whitespace

The validator ListItemRequired() was only checking for None and an empty
string, not for strings that were multiple whitespace characters. This
fixes this issue by checking each item with regex to make sure it
contains non whitespace characters

The filter remove_empty_string() also was not checking for strings that
were multiple whitespace characters. This was also fixed by using regex
tomake sure that the string contains non whitespace characters, and also
clips any trailing whitespace.
2019-11-12 13:07:50 -05:00
leigh-mil
045e06abee When validating that envs have names, make sure that names containing only strings are not valid 2019-11-12 13:07:50 -05:00
graham-dds
295088524c Tweak date validation logic for months and days
- valid months should be between 1 and 12, inclusive
- days should be between 1 and 31, inclusive
- swap a few lets for consts
2019-11-12 13:00:01 -05:00
leigh-mil
cfd73fec78 Use translations file 2019-11-12 12:01:33 -05:00
leigh-mil
aa7dbc2699 Remove unused styles 2019-11-12 11:44:38 -05:00
leigh-mil
98298db5f2 Add toggle drop down menu for app member edit 2019-11-12 11:44:38 -05:00
dandds
1b6239893b Maintain static list of CRL URIs and issuers.
The previous solution (ad-hoc stream-parsing the CRLs to obtain their
issuers and nextUpdate) was too cute. It began breaking on CRLs that had
an addition hex 0x30 byte somewhere in their header. I thought that 0x30
was a reserved character only to be used for tags in ASN1 encoded with
DER; turns out that's not true. Rather than write a full-fledged ASN1
stream-parser, the simplest solution is to just maintain the list of
issuers as a constant in the codebase. This is fine because the issuer
for a specific CRL URI should not change. If it does, we've probably got
bigger problems.

This also removes the Flask app's functionality for updating the local
CRL cache. This is being handled out-of-band by a Kubernetes CronJob
and is not a concern of the app's. This means that instances of the
CRLCache do not have to explicitly track expirations for CRLs.
Previously, the in-memory dictionary or CRL issuers and locations
included expirations; now it is flattened to not include that
information.

The CRLCache class has been updated to accept a crl_list kwargs so that
unit tests can provide their own alternative CRL lists, since we now
hard-code the expected CRLs and issuers. The nightly CRL check job has
been updated to check that the hard-coded list of issuers matches what
we get when we actually sync the CRLs.
2019-11-12 05:43:11 -05:00
graham-dds
637a366baf Merge pull request #1175 from dod-ccpo/bugfix/standardize-ordering
Standardize member and env name ordering
2019-11-11 16:08:23 -05:00
dandds
42e682e63f Merge pull request #1169 from dod-ccpo/generalize-k8s
Use kustomize and envsubst to generalize k8s config.
2019-11-11 13:14:25 -05:00
Jay R. Newlin (PromptWorks)
608e3436ee Merge pull request #1174 from dod-ccpo/gi-update-20191108
Ghost Inspector update 20191108
2019-11-11 11:19:03 -05:00
graham-dds
d73af9b919 Change description text to match default envs 2019-11-11 11:04:04 -05:00
graham-dds
a8d5201cc6 Standardize member and env name ordering 2019-11-08 15:06:25 -05:00
dandds
fd57036f74 Keep client CAs as a K8s ConfigMap.
The CAs used to verify clients are not secrets and can be committed to
the repository as K8s ConfigMaps. This updates the config to include
them.
2019-11-08 14:28:45 -05:00
dandds
630469744a Use kustomize and envsubst to generalize k8s config.
Adds a [kustomize](https://github.com/kubernetes-sigs/kustomize) overlay
for a new staging environment. Additionally, adds environment variables
in the place of certain pieces of information that need to be templated.

The K8s README ("deploy/README.md") has been updated to reflect the new
method for applying config.

This commit also removes the configuration for the AWS cluster and
references to AWS in the README.
2019-11-08 14:28:45 -05:00
leigh-mil
3d92ac4840 Merge pull request #1164 from dod-ccpo/env-members-bugfix
Environment bugfixes
2019-11-08 13:23:03 -05:00
dandds
0cee3c9959 Merge pull request #1172 from dod-ccpo/crl-storage-container
Create CRL_STORAGE_CONTAINER if it does not exist.
2019-11-08 10:49:39 -05:00
Jay R. Newlin (PromptWorks)
3a9070c154 Weekly updates or additions to Ghost Inspector tests 2019-11-08 10:39:37 -05:00
Jay R. Newlin (PromptWorks)
bf487b282d Added two new tests this week 2019-11-08 10:30:41 -05:00
dandds
1654d2ea9f Create CRL_STORAGE_CONTAINER if it does not exist.
In local development, the app will fail to start if it does not find the
directory specified by CRL_STORAGE_CONTAINER. This adds a few lines to
safely create that directory on startup and corresponding tests.
2019-11-08 06:21:56 -05:00
dandds
9cceb1880c Merge pull request #1170 from dod-ccpo/static-fonts
Force removal of existing fonts symlink in Docker build.
2019-11-07 16:27:34 -05:00