Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Separate Login.gov sandbox configurations by environment #2023

Merged
merged 3 commits into from
Sep 6, 2023
Merged

Separate Login.gov sandbox configurations by environment #2023

merged 3 commits into from
Sep 6, 2023

Conversation

timoballard
Copy link
Contributor

@timoballard timoballard commented Sep 5, 2023
edited
Loading

Resolves #2020

Makes the Login.gov client ID configurable so that we can target a different Login.gov application configuration for each environment (until now, we've had a single client application for all environments).

Github environment secrets have been updated accordingly.

When running locally, you should update your .env file to include the updated values from our shared dev keys workbook

PR checklist: submitters

  • Link to an issue if possible. If there’s no issue, describe what your branch does. Even if there is an issue, a brief description in the PR is still useful.
  • List any special steps reviewers have to follow to test the PR. For example, adding a local environment variable, creating a local test file, etc.
  • For extra credit, submit a screen recording like this one.
  • Make sure you’ve merged main into your branch shortly before creating the PR. (You should also be merging main into your branch regularly during development.)
  • Make sure that whatever feature you’re adding has tests that cover the feature. This includes test coverage to make sure that the previous workflow still works, if applicable.
  • Do manual testing locally. Our tests are not good enough yet to allow us to skip this step. If that’s not applicable for some reason, check this box.
  • Verify that no Git surgery was necessary, or, if it was necessary at any point, repeat the testing after it’s finished.
  • Once a PR is merged, keep an eye on it until it’s deployed to dev, and do enough testing on dev to verify that it deployed successfully, the feature works as expected, and the happy path for the broad feature area (such as submission) still works.

PR checklist: reviewers

  • Pull the branch to your local environment and run make docker clean; make docker-first-run && docker compose up; then run docker compose exec web /bin/bash -c "python manage.py test"
  • Manually test out the changes locally, or check this box to verify that it wasn’t applicable in this case.
  • Check that the PR has appropriate tests. Look out for changes in HTML/JS/JSON Schema logic that may need to be captured in Python tests even though the logic isn’t in Python.
  • Verify that no Git surgery is necessary at any point (such as during a merge party), or, if it was, repeat the testing after it’s finished.

The larger the PR, the stricter we should be about these points.

@timoballard timoballard temporarily deployed to dev September 5, 2023 20:46 — with GitHub Actions Inactive
@timoballard timoballard temporarily deployed to meta September 5, 2023 20:46 — with GitHub Actions Inactive
@github-actions
Copy link
Contributor

github-actions bot commented Sep 5, 2023
edited
Loading

Terraform plan for meta

Plan: 4 to add, 0 to change, 0 to destroy. 
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # module.environments["dev"].local_file.cf_org will be created
  + resource "local_file" "cf_org" {
      + content              = <<-EOT
            cf_org_name = "gsa-tts-oros-fac"
        EOT
      + content_base64sha256 = (known after apply)
      + content_base64sha512 = (known after apply)
      + content_md5          = (known after apply)
      + content_sha1         = (known after apply)
      + content_sha256       = (known after apply)
      + content_sha512       = (known after apply)
      + directory_permission = "0777"
      + file_permission      = "0644"
      + filename             = "./../dev/orgname.auto.tfvars"
      + id                   = (known after apply)
    }

  # module.environments["preview"].local_file.cf_org will be created
  + resource "local_file" "cf_org" {
      + content              = <<-EOT
            cf_org_name = "gsa-tts-oros-fac"
        EOT
      + content_base64sha256 = (known after apply)
      + content_base64sha512 = (known after apply)
      + content_md5          = (known after apply)
      + content_sha1         = (known after apply)
      + content_sha256       = (known after apply)
      + content_sha512       = (known after apply)
      + directory_permission = "0777"
      + file_permission      = "0644"
      + filename             = "./../preview/orgname.auto.tfvars"
      + id                   = (known after apply)
    }

  # module.environments["production"].local_file.cf_org will be created
  + resource "local_file" "cf_org" {
      + content              = <<-EOT
            cf_org_name = "gsa-tts-oros-fac"
        EOT
      + content_base64sha256 = (known after apply)
      + content_base64sha512 = (known after apply)
      + content_md5          = (known after apply)
      + content_sha1         = (known after apply)
      + content_sha256       = (known after apply)
      + content_sha512       = (known after apply)
      + directory_permission = "0777"
      + file_permission      = "0644"
      + filename             = "./../production/orgname.auto.tfvars"
      + id                   = (known after apply)
    }

  # module.environments["staging"].local_file.cf_org will be created
  + resource "local_file" "cf_org" {
      + content              = <<-EOT
            cf_org_name = "gsa-tts-oros-fac"
        EOT
      + content_base64sha256 = (known after apply)
      + content_base64sha512 = (known after apply)
      + content_md5          = (known after apply)
      + content_sha1         = (known after apply)
      + content_sha256       = (known after apply)
      + content_sha512       = (known after apply)
      + directory_permission = "0777"
      + file_permission      = "0644"
      + filename             = "./../staging/orgname.auto.tfvars"
      + id                   = (known after apply)
    }

Plan: 4 to add, 0 to change, 0 to destroy.

✅ Plan applied in Deploy to Development and Management Environment #173

@github-actions
Copy link
Contributor

github-actions bot commented Sep 5, 2023
edited
Loading

Terraform plan for dev

No changes. Your infrastructure matches the configuration. 
No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

✅ Plan applied in Deploy to Development and Management Environment #173

@timoballard timoballard marked this pull request as ready for review September 5, 2023 20:53
@github-actions
Copy link
Contributor

github-actions bot commented Sep 5, 2023
edited
Loading

File Coverage Missing
All files 88%
api/serializers.py 89% 121-122 127 132
api/test_views.py 99%
api/uei.py 96% 17-18 107-108
api/views.py 97% 197-198 205-206 227 405-406
audit/cog_agency.py 94% 49
audit/cog_over.py 53% 73-116 120-136 144
audit/etl.py 78% 55-56 73-74 107 194-200 214-235 256 271 401-430
audit/excel.py 87% 397 413 419 424 429 451-452 464 665-666 675-681 691 711
audit/forms.py 56% 22-29
audit/models.py 86% 101 179 335 353-354 362 384 441-444 473-474 478 486 495 505 508-514
audit/test_commands.py 87%
audit/test_etl.py 97% 235-250 331-334
audit/test_mixins.py 90% 112-113 117-119 184-185 189-191
audit/test_validators.py 95% 434 438 606-607 846 853 860 867
audit/utils.py 92% 12
audit/validators.py 96% 253-254 282-283 298-299 309 500-509
audit/views.py 41% 86-107 130-131 205-206 251-252 263-264 266-270 317-330 333-347 352-365 382-388 393-413 440-444 449-478 521-525 530-550 577-581 586-615 658-662 667-679 682-693 698-710 725-726 731-780 783-823 826-843
audit/cross_validation/additional_ueis.py 93% 33
audit/cross_validation/check_award_ref_declaration.py 90%
audit/cross_validation/check_award_reference_uniqueness.py 93%
audit/cross_validation/check_findings_count_consistency.py 91%
audit/cross_validation/check_ref_number_in_cap.py 90%
audit/cross_validation/check_ref_number_in_findings_text.py 90%
audit/cross_validation/errors.py 78% 30 61
audit/cross_validation/naming.py 68% 178-182
audit/cross_validation/submission_progress_check.py 82% 62 77-80
audit/cross_validation/tribal_data_sharing_consent.py 86% 20
audit/fixtures/single_audit_checklist.py 79% 155 231-240
audit/management/commands/load_fixtures.py 46% 39-45
audit/viewlib/submission_progress_view.py 96% 158-159
audit/viewlib/upload_report_view.py 30% 32-35 44 91-115 118-186
cms/views.py 57% 11-16 29-30
config/urls.py 71% 87
dissemination/models.py 99% 685
djangooidc/backends.py 78% 32 57-63
djangooidc/exceptions.py 66% 19 21 23 28
djangooidc/oidc.py 16% 32-35 45-51 64-70 92-149 153-199 203-226 230-275 280-281 286
djangooidc/views.py 80% 22 43 114
djangooidc/tests/common.py 96%
report_submission/forms.py 90% 9
report_submission/views.py 72% 82 195-197 199 205-312 315-325
report_submission/templatetags/get_attr.py 76% 8 11-14 18
tools/update_program_data.py 89% 96
users/auth.py 95% 39-40
users/fixtures/user_fixtures.py 91%

Minimum allowed coverage is 90%

Generated by 🐒 cobertura-action against 2c8c5a2

@timoballard timoballard temporarily deployed to dev September 5, 2023 20:55 — with GitHub Actions Inactive
@timoballard timoballard temporarily deployed to meta September 5, 2023 20:55 — with GitHub Actions Inactive
@asteel-gsa
Copy link
Contributor

LGTM

asteel-gsa
asteel-gsa previously approved these changes Sep 5, 2023
View reviewed changes
@asteel-gsa asteel-gsa dismissed their stale review September 5, 2023 21:21

Terraform changes

@asteel-gsa
Update receiving login_client_id
2c8c5a2 
The value will be stored in VCAP_SERVICES, so, will need to use
the secret() method to obtain it.
@asteel-gsa asteel-gsa temporarily deployed to dev September 5, 2023 21:34 — with GitHub Actions Inactive
@asteel-gsa asteel-gsa temporarily deployed to meta September 5, 2023 21:34 — with GitHub Actions Inactive
@timoballard timoballard added this pull request to the merge queue Sep 6, 2023
Merged via the queue into main with commit 5ac62ff Sep 6, 2023
14 checks passed
@timoballard timoballard deleted the tdb/login-envs branch September 6, 2023 13:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@asteel-gsa asteel-gsa asteel-gsa approved these changes

@danswick danswick Awaiting requested review from danswick

@jadudm jadudm Awaiting requested review from jadudm

@JeanMarie-PM JeanMarie-PM Awaiting requested review from JeanMarie-PM

@tadhg-ohiggins tadhg-ohiggins Awaiting requested review from tadhg-ohiggins

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Create separate Login sandbox apps per environment
2 participants
@timoballard @asteel-gsa