pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,385 Commits 1 Branch 0 Tags
Commit Graph

7385 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
tomdds
73ddd32365 Only unpack AADP purchase date after verifying response code. 2020-01-31 11:51:13 -05:00
dandds
62d8a89eb1
Merge pull request #1376 from dod-ccpo/k8s-perms-for-load-balancers 
Give the cluster perms to create load balancers.
 2020-01-31 10:27:05 -05:00
dandds
60fe6615c7
Merge branch 'staging' into k8s-perms-for-load-balancers 2020-01-31 10:06:49 -05:00
dandds
36da6fff32
Merge pull request #1377 from dod-ccpo/secure-session-bug 
Fix bug in setting Secure on session cookie.
 2020-01-31 09:51:37 -05:00
dandds
10f8bf9503 Fix bug in setting Secure on session cookie. 
This fixes a bug I introduced with commit

6edc7b138b0745d0b3f9d99da76c445fe954c5a7

The value for SESSION_COOKIE_SECURE was being read in as a truthy string
every time. In order for it to be interpreted correctly, we need to map
it to a boolean.
 2020-01-31 06:18:54 -05:00
tomdds
6b8ea41925 Make AADP purchase quantity configurable 
Also remove a few constant params from the payload model.
 2020-01-30 22:12:28 -05:00
tomdds
4fb9b88e1d Add new purchase provisioning states to DB enum. 2020-01-30 22:11:52 -05:00
Philip Kalinsky
29b69a7d5d code formatting 2020-01-30 16:50:32 -05:00
dandds
ca1d26cc67 Give the cluster perms to create load balancers. 
In order for the cluster app registration to create new load balancers,
it needs to have the Network Contributor role for the virtual network.
In the future, we should create a custom policy scoped to exactly the
permissions the cluster needs, per:

https://docs.microsoft.com/en-us/azure/aks/configure-azure-cni#prerequisites
 2020-01-30 16:28:02 -05:00
tomdds
afcc4d16cd Add functionality for creating and verifying subscriptions. 
Currently the create call will be consumed by on-demand requests from the frontend, and the 2 stage create will be used by the enviroment management group provisioning to verify an initial subscription was created.
 2020-01-30 15:58:09 -05:00
Philip Kalinsky
7e4340e7e4 resolve merge conflict with staging 2020-01-30 15:57:06 -05:00
dandds
b444378b0f
Merge pull request #1362 from robgil-dds/170322629-azure-logging 
Azure Logging
 2020-01-30 15:11:33 -05:00
Philip Kalinsky
de992eeed8 premium product purchase code formatting. 2020-01-30 14:50:16 -05:00
Philip Kalinsky
7493b9c3d6 premium product purchase unit tests. 2020-01-30 14:48:16 -05:00
Rob Gil
181d0155b7 Removes the vnet gateway since we're no longer going to use Azure VPN services 2020-01-30 14:43:59 -05:00
Rob Gil
b0a73e5944 Adds log analytics logging to redis module 2020-01-30 14:43:59 -05:00
Rob Gil
211a9e7875 Adds log analytics logging to cdn module 2020-01-30 14:43:59 -05:00
Rob Gil
ffb29d45fc Adds Redis logging to log analytics 2020-01-30 14:43:59 -05:00
Rob Gil
308ea6a861 Enables logging for storage account buckets 
There are bugs in the latest version of the azurerm provider which do
not account for all the log types. We had to use a local-exec here.
 2020-01-30 14:43:59 -05:00
Rob Gil
8475b519ce Adds log analytics logging for k8s 2020-01-30 14:43:59 -05:00
Rob Gil
27f3096593 Adds log analytics configuration to postgres 2020-01-30 14:43:52 -05:00
Rob Gil
8856d0f448 Log FMT 2020-01-30 14:43:07 -05:00
Rob Gil
b61bb6a4c4 Configures KeyVault to log to a log analytics workspace 2020-01-30 14:43:07 -05:00
Rob Gil
3e4244fc6d Configures container registry to log to a log analytics workspace 2020-01-30 14:43:07 -05:00
Rob Gil
0900c01d88 Adds log_analytics module and workspace 2020-01-30 14:43:07 -05:00
leigh-mil
45322c871d
Merge pull request #1367 from dod-ccpo/remove-csp-routes 
Remove mock CSP routes
 2020-01-30 14:27:18 -05:00
leigh-mil
0a7541ef99 Remove unused mock csp routes, templates, and images. Remove unused JEDIhierarchy image 2020-01-30 14:09:12 -05:00
tomdds
001d6cbeda
Merge pull request #1372 from dod-ccpo/azure-admin-provisioning 
Azure Admin Provisioning
 2020-01-30 11:47:49 -05:00
tomdds
6480060b8d
Merge branch 'staging' into azure-admin-provisioning 2020-01-30 11:17:33 -05:00
tomdds
f6d3090177 Remove unused postgres import in migration 2020-01-30 11:05:06 -05:00
graham-dds
088bd37c6b
Merge pull request #1364 from dod-ccpo/safe_redirect 
Add fn to ensure a url matches an app url pattern
 2020-01-30 11:03:10 -05:00
tomdds
295abf49f1 Add new Portfolio Step items to DB Enum 2020-01-30 10:44:27 -05:00
graham-dds
05ef9131dd
Merge branch 'staging' into safe_redirect 2020-01-30 10:42:33 -05:00
tomdds
7a82fe48f0
Merge branch 'staging' into azure-admin-provisioning 2020-01-30 10:17:43 -05:00
dandds
72f9d23cc1
Merge pull request #1371 from dod-ccpo/disable-cipher-export 
Disable cipher export for TLS negotiation.
 2020-01-30 08:55:25 -05:00
tomdds
33c6e8c68c Merge CSP secret handling implementations and refine updating. 2020-01-29 18:22:21 -05:00
tomdds
0bc0e15134 Merge branch 'staging' into azure-config-values 2020-01-29 16:50:44 -05:00
dandds
26cc4ce79a Disable cipher export for TLS negotiation. 
In order to meet compliance requirements, this adds the EXPORT option to
NGINX's ssl_cipher config. Extended discussion here:

https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
 2020-01-29 16:48:33 -05:00
tomdds
d4dd581b7a Implement principal creation and admin elevation provisioning features. 2020-01-29 16:17:28 -05:00
leigh-mil
f331384214
Merge pull request #1361 from dod-ccpo/to-builder-previous-button 
TO builder save on clicking 'Previous'
 2020-01-29 15:48:14 -05:00
leigh-mil
f48404215a
Merge branch 'staging' into to-builder-previous-button 2020-01-29 15:09:27 -05:00
dandds
1957bdcbcc
Merge pull request #1370 from dod-ccpo/cookie-secure 
Set SESSION_COOKIE_SECURE for deployed environments.
 2020-01-29 15:05:30 -05:00
dandds
6edc7b138b Set SESSION_COOKIE_SECURE for deployed environments. 
This sets the "Secure" attribute on cookies sent to the client:

https://flask.palletsprojects.com/en/1.1.x/config/#SESSION_COOKIE_SECURE
 2020-01-29 14:39:56 -05:00
graham-dds
82ef8f3574 Add fn to ensure a url matches an app url pattern 
In some functions, we redirect a user based on a parameter in a query
string.  This commit adds a function that checks to see if a given url
matches a url pattern of a view function. This will help us ensure that
the url passed  as the next parameter isn't malicious.
 2020-01-29 13:24:12 -05:00
Philip Kalinsky
d042282ca0 test state machine update expected states 2020-01-29 12:51:59 -05:00
Philip Kalinsky
5223fda8f8 product purchase mock function correct args 2020-01-29 12:51:33 -05:00
Philip Kalinsky
a0d59aa9e4 portfolio provisioning. create product purchase and verification stages 2020-01-29 12:51:19 -05:00
dandds
7812da5eae
Merge pull request #1359 from dod-ccpo/app-env-provisioning 
Application Provisioning
 2020-01-29 11:43:19 -05:00
dandds
63b5ddbdd4 Merge branch 'staging' into app-env-provisioning 2020-01-29 11:16:55 -05:00
dandds
abd03be806 Store and pull tenant creds from Key Vault. 
The tenant ID should be hashed and used as the key for the JSON blob of
relevant creds for any given tenant. Azure CSP interface methods that
need to source creds should call the internal `_source_creds` method,
either with a `tenant_id` or no parameters. That method will source the
creds. If a tenant ID is provided, it will source them from the Key
Vault. If not provided, it will return the default creds for the app
registration in the home tenant.
 2020-01-29 10:49:27 -05:00