Skip to content

Deploy RC 421 to Production #11337

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
zachmargolis merged 12 commits into from
Oct 10, 2024
Merged

Deploy RC 421 to Production #11337

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
9fc64a2
LG-14389: Add analytics for consent screen email selection (#11321)
aduth Oct 7, 2024
bfb9174
Lg 14425 pii column tag (#11316)
samathad2023 Oct 8, 2024
b2e9c46
LG-13951 Increase Version of @18f/identity-address-search (#11322)
gina-yamada Oct 8, 2024
d4800ea
Replace alt text on capture button with new alt text (#11310)
theabrad Oct 8, 2024
0fb7e70
Jmax/lg 14005 socure in hybrid handoff (#11289)
jmax-gsa Oct 8, 2024
e5c741d
LG-14734: socure document capture 404 when not enabled (#11327)
amirbey Oct 9, 2024
0e9bba2
Use a list to log resolved ACRs in events (#11307)
lmgeorge Oct 9, 2024
6c2bf3c
changelog: Bug Fixes, In-person Proofing, Fix 404 Error on PO Search …
WilliamBirdsall Oct 9, 2024
56dd54b
Cuts over review app deployment to kustomize overlay/base instead of …
stephencshelton Oct 9, 2024
3bff320
Fix account reset cancel race condition (#11329)
Oct 9, 2024
9969571
Lg-14513 update selfie text french (#11330)
AShukla-GSA Oct 10, 2024
a2e33f7
LG-14397: Remove use_fed_domain_class (#11326)
vrajmohan Oct 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
138 changes: 14 additions & 124 deletions .gitlab-ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ variables:
IDP_CI_SHA: 'sha256:5c4953f8efba18b7a6d6a9a961cb77ba7143059cbb2176499432b4275fbe67db'
PKI_IMAGE_TAG: 'main'
DASHBOARD_IMAGE_TAG: 'main'
APPLICATION_MANIFEST: dockerfiles/application.yaml

default:
image: '${ECR_REGISTRY}/idp/ci@${IDP_CI_SHA}'
Expand Down Expand Up @@ -433,129 +434,18 @@ trigger_devops:
- export SANITIZED_BRANCH_NAME=$(echo "$CI_COMMIT_REF_NAME" | tr '/' '-' | tr -c '[:alnum:]-_' '-' | sed 's/-*$//')
- echo "${CI_COMMIT_REF_NAME}"
- echo "${SANITIZED_BRANCH_NAME}"
- |-
export IDP_CONFIG=$(cat <<EOF
{
"kubernetesReviewApp": "true",
"postgres": {
"sslmode": "prefer",
"name": "idp",
"host": "$CI_ENVIRONMENT_SLUG-login-chart-pg.review-apps"
},
"postgresWorker": {
"sslmode": "prefer",
"name": "idp",
"host": "$CI_ENVIRONMENT_SLUG-login-chart-pg.review-apps"
},
"railsOffline": "true",
"redis": {
"throttleUrl": "redis://$CI_ENVIRONMENT_SLUG-login-chart-redis.review-apps:6379/1",
"url": "redis://$CI_ENVIRONMENT_SLUG-login-chart-redis.review-apps:6379"
},
"assetHost": "https://$CI_ENVIRONMENT_SLUG.reviewapps.identitysandbox.gov",
"domainName": "$CI_ENVIRONMENT_SLUG.reviewapps.identitysandbox.gov",
"loginDatacenter": "true",
"loginDomain": "identitysandbox.gov",
"loginEnv": "$CI_ENVIRONMENT_SLUG",
"loginHostRole": "idp",
"loginSkipRemoteConfig": "true",
"pivcacServiceUrl": "https://$CI_ENVIRONMENT_SLUG.pivcac.reviewapps.identitysandbox.gov/",
"pivcacVerifyTokenUrl": "https://$CI_ENVIRONMENT_SLUG.pivcac.reviewapps.identitysandbox.gov/",
"dashboardUrl": "https://$CI_ENVIRONMENT_SLUG-dashboard.reviewapps.identitysandbox.gov"
}
EOF
)
- |-
export WORKER_CONFIG=$(cat <<EOF
{
"kubernetesReviewApp": "true",
"postgres": {
"sslmode": "prefer",
"name": "idp",
"host": "$CI_ENVIRONMENT_SLUG-login-chart-pg.review-apps"
},
"postgresWorker": {
"sslmode": "prefer",
"name": "idp",
"host": "$CI_ENVIRONMENT_SLUG-login-chart-pg.review-apps"
},
"railsOffline": "true",
"redis": {
"throttleUrl": "redis://$CI_ENVIRONMENT_SLUG-login-chart-redis.review-apps:6379/1",
"url": "redis://$CI_ENVIRONMENT_SLUG-login-chart-redis.review-apps:6379"
},
"assetHost": "https://$CI_ENVIRONMENT_SLUG.reviewapps.identitysandbox.gov",
"domainName": "$CI_ENVIRONMENT_SLUG.reviewapps.identitysandbox.gov",
"loginDatacenter": "true",
"loginDomain": "identitysandbox.gov",
"loginEnv": "$CI_ENVIRONMENT_SLUG",
"loginHostRole": "worker",
"loginSkipRemoteConfig": "true",
"pivcacServiceUrl": "https://$CI_ENVIRONMENT_SLUG.pivcac.reviewapps.identitysandbox.gov/",
"pivcacVerifyTokenUrl": "https://$CI_ENVIRONMENT_SLUG.pivcac.reviewapps.identitysandbox.gov/"
}
EOF
)
- |-
export PIVCAC_CONFIG=$(cat <<EOF
{
"kubernetesReviewApp": "true",
"clientCertS3Bucket": "login-gov-pivcac-public-cert-reviewapps.894947205914-us-west-2",
"postgres": {
"sslmode": "prefer",
"name": "idp",
"host": "$CI_ENVIRONMENT_SLUG-login-chart-pivcac-pg.review-apps"
},
"idpHost": "$CI_ENVIRONMENT_SLUG.reviewapps.identitysandbox.gov",
"domainName": "$CI_ENVIRONMENT_SLUG.pivcac.reviewapps.identitysandbox.gov"
}
EOF
)
- |-
export DASHBOARD_CONFIG=$(cat <<EOF
{
"kubernetesReviewApp": "true",
"postgres": {
"sslmode": "prefer",
"name": "dashboard",
"host": "$CI_ENVIRONMENT_SLUG-login-chart-dashboard-pg.review-apps"
},
"newrelic": {
"enabled": "false"
},
"samlSpIssuer": "https://$CI_ENVIRONMENT_SLUG-dashboard.reviewapps.identitysandbox.gov",
"idpUrl": "https://$CI_ENVIRONMENT_SLUG.reviewapps.identitysandbox.gov",
"idpSpUrl": "https://$CI_ENVIRONMENT_SLUG.reviewapps.identitysandbox.gov",
"postLogoutUrl": "https://$CI_ENVIRONMENT_SLUG-dashboard.reviewapps.identitysandbox.gov",
"domainName": "$CI_ENVIRONMENT_SLUG-dashboard.reviewapps.identitysandbox.gov"
}
EOF
)
- git clone -b main --single-branch https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.login.gov/lg-public/identity-idp-helm-chart.git
- >-
helm upgrade --install --namespace review-apps
--debug
--set global.labels.branch="${SANITIZED_BRANCH_NAME}"
--set env="reviewapps-$CI_ENVIRONMENT_SLUG"
--set idp.image.repository="${ECR_REGISTRY}/identity-idp/review"
--set idp.image.tag="${CI_COMMIT_SHA}"
--set worker.image.repository="${ECR_REGISTRY}/identity-idp/review"
--set worker.image.tag="${CI_COMMIT_SHA}"
--set pivcac.image.repository="${ECR_REGISTRY}/identity-pivcac/review"
--set pivcac.image.tag="${PKI_IMAGE_TAG}"
--set pivcac.image.pullPolicy="Always"
--set dashboard.image.repository="${ECR_REGISTRY}/identity-dashboard/review"
--set dashboard.image.tag="${DASHBOARD_IMAGE_TAG}"
--set dashboard.image.pullPolicy="Always"
--set-json dashboard.config="$DASHBOARD_CONFIG"
--set-json dashboard.enabled=true
--set-json idp.config="$IDP_CONFIG"
--set-json worker.config="$WORKER_CONFIG"
--set-json pivcac.config="$PIVCAC_CONFIG"
--set-json idp.ingress.hosts="[{\"host\": \"$CI_ENVIRONMENT_SLUG.reviewapps.identitysandbox.gov\", \"paths\": [{\"path\": \"/\", \"pathType\": \"Prefix\"}]}]"
--set-json pivcac.ingress.hosts="[{\"host\": \"$CI_ENVIRONMENT_SLUG.pivcac.reviewapps.identitysandbox.gov\", \"paths\": [{\"path\": \"/\", \"pathType\": \"Prefix\"}]}]"
--set-json dashboard.ingress.hosts="[{\"host\": \"$CI_ENVIRONMENT_SLUG-dashboard.reviewapps.identitysandbox.gov\", \"paths\": [{\"path\": \"/\", \"pathType\": \"Prefix\"}]}]"
$CI_ENVIRONMENT_SLUG ./identity-idp-helm-chart
#TODO put in kustomize based deploy
# Dynamically populate review environment settings
- sed -i "s|{{ENVIRONMENT}}|${CI_ENVIRONMENT_SLUG}|g" ${APPLICATION_MANIFEST}
- sed -i "s|{{SANITIZED_BRANCH_NAME}}|${SANITIZED_BRANCH_NAME}|g" ${APPLICATION_MANIFEST}
- sed -i "s|{{IDP_CONTAINER_TAG}}|${CI_COMMIT_SHA}|g" ${APPLICATION_MANIFEST}
- sed -i "s|{{DASHBOARD_CONTAINER_TAG}}|${DASHBOARD_IMAGE_TAG}|g" ${APPLICATION_MANIFEST}
- sed -i "s|{{PIVCAC_CONTAINER_TAG}}|${PKI_IMAGE_TAG}|g" ${APPLICATION_MANIFEST}
- sed -i "s|{{ECR_REGISTRY}}|${ECR_REGISTRY}|g" ${APPLICATION_MANIFEST}
- cat ${APPLICATION_MANIFEST}
# Apply our ArgoCD Application
- kubectl apply -f ${APPLICATION_MANIFEST} -n argocd
- echo "View your applications deployment progress at https://argocd.reviewapp.identitysandbox.gov/applications/argocd/${CI_ENVIRONMENT_SLUG}?view=tree&resource="
- echo "DNS may take a while to propagate, so be patient if it doesn't show up right away"
- echo "To access the rails console, first run 'aws-vault exec sandbox-power -- aws eks update-kubeconfig --name reviewapp'"
- echo "Then run aws-vault exec sandbox-power -- kubectl exec -it service/$CI_ENVIRONMENT_SLUG-login-chart-idp -n review-apps -- /app/bin/rails console"
Expand Down Expand Up @@ -589,7 +479,7 @@ stop-review-app:
script:
- export CONTEXT=$(kubectl config get-contexts | grep reviewapp | awk '{print $1}' | head -1)
- kubectl config use-context "$CONTEXT"
- helm uninstall --namespace review-apps $CI_ENVIRONMENT_SLUG
- kubectl delete application $CI_ENVIRONMENT_SLUG -n argocd
stage: review
image:
name: dtzar/helm-kubectl:latest
Expand Down
9 changes: 6 additions & 3 deletions app/controllers/account_reset/pending_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,10 @@ def confirm

def cancel
analytics.pending_account_reset_cancelled
AccountReset::CancelRequestForUser.new(current_user).call
AccountReset::PendingRequestForUser.new(current_user).cancel_account_reset_request!(
account_reset_request_id: pending_account_reset_request.id,
cancelled_at: Time.zone.now,
)
end

private
Expand All @@ -29,9 +32,9 @@ def confirm_account_reset_request_exists
end

def pending_account_reset_request
@pending_account_reset_request ||= AccountReset::FindPendingRequestForUser.new(
@pending_account_reset_request ||= AccountReset::PendingRequestForUser.new(
current_user,
).call
).get_account_reset_request
end
end
end
7 changes: 6 additions & 1 deletion app/controllers/idv/document_capture_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,12 @@ def show
Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]).
call('document_capture', :view, true)

render :show, locals: extra_view_variables
case doc_auth_vendor
when Idp::Constants::Vendors::SOCURE
redirect_to idv_socure_document_capture_url
when Idp::Constants::Vendors::LEXIS_NEXIS, Idp::Constants::Vendors::MOCK
render :show, locals: extra_view_variables
end
end

def update
Expand Down
7 changes: 3 additions & 4 deletions app/controllers/idv/hybrid_handoff_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,15 +22,14 @@ def show

@selfie_required = idv_session.selfie_check_required

analytics.idv_doc_auth_hybrid_handoff_visited(**analytics_arguments)

Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]).call(
'upload', :view,
true
)

analytics.idv_doc_auth_hybrid_handoff_visited(**analytics_arguments)
# reset if we visit or come back
idv_session.skip_doc_auth_from_handoff = nil

render :show, locals: extra_view_variables
end

Expand Down Expand Up @@ -59,7 +58,7 @@ def self.step_info
Idv::StepInfo.new(
key: :hybrid_handoff,
controller: self,
next_steps: [:link_sent, :document_capture],
next_steps: [:link_sent, :document_capture, :socure_document_capture],
preconditions: ->(idv_session:, user:) {
idv_session.idv_consent_given? &&
(self.selected_remote(idv_session: idv_session) || # from opt-in screen
Expand Down
8 changes: 7 additions & 1 deletion app/controllers/idv/hybrid_mobile/entry_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,13 +7,19 @@ module HybridMobile
class EntryController < ApplicationController
include Idv::AvailabilityConcern
include HybridMobileConcern
include DocAuthVendorConcern

def show
return handle_invalid_document_capture_session if !validate_document_capture_session_id

return handle_invalid_document_capture_session if !validate_document_capture_user_id

redirect_to idv_hybrid_mobile_document_capture_url
case doc_auth_vendor
when Idp::Constants::Vendors::SOCURE
redirect_to idv_hybrid_mobile_socure_document_capture_url
when Idp::Constants::Vendors::MOCK, Idp::Constants::Vendors::LEXIS_NEXIS
redirect_to idv_hybrid_mobile_document_capture_url
end
end

private
Expand Down
51 changes: 51 additions & 0 deletions app/controllers/idv/hybrid_mobile/socure/document_capture_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
# frozen_string_literal: true

module Idv
module HybridMobile
module Socure
class DocumentCaptureController < ApplicationController
include Idv::AvailabilityConcern
include DocumentCaptureConcern
include Idv::HybridMobile::HybridMobileConcern
include RenderConditionConcern

check_or_render_not_found -> { IdentityConfig.store.socure_enabled }
before_action :check_valid_document_capture_session, except: [:update]

def show
Funnel::DocAuth::RegisterStep.new(document_capture_user.id, sp_session[:issuer]).
call('hybrid_mobile_socure_document_capture', :view, true)

# document request
document_request = DocAuth::Socure::Requests::DocumentRequest.new(
document_capture_session_uuid: document_capture_session_uuid,
redirect_url: idv_hybrid_mobile_socure_document_capture_url,
language: I18n.locale,
)
document_response = document_request.fetch

@document_request = document_request
@document_response = document_response
@url = document_response.dig(:data, :url)

document_capture_session = DocumentCaptureSession.find_by(
uuid: document_capture_session_uuid,
)
document_capture_session.socure_docv_token = document_response.dig(
:data,
:docvTransactionToken,
)
document_capture_session.save

# useful for analytics
@msg = document_response[:msg]
@reference_id = document_response[:referenceId]
end

def update
render plain: 'stub to ensure Socure callback exists and the route works'
end
end
end
end
end
83 changes: 83 additions & 0 deletions app/controllers/idv/socure/document_capture_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
# frozen_string_literal: true

module Idv
module Socure
class DocumentCaptureController < ApplicationController
include Idv::AvailabilityConcern
include IdvStepConcern
include DocumentCaptureConcern
include RenderConditionConcern

check_or_render_not_found -> { IdentityConfig.store.socure_enabled }
before_action :confirm_not_rate_limited
before_action :confirm_step_allowed

# reconsider and maybe remove these when implementing the real
# update handler
skip_before_action :redirect_unless_idv_session_user, only: [:update]
skip_before_action :confirm_two_factor_authenticated, only: [:update]
skip_before_action :confirm_idv_needed, only: [:update]
skip_before_action :confirm_not_rate_limited, only: [:update]
skip_before_action :confirm_step_allowed, only: [:update]

def show
Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]).
call('socure_document_capture', :view, true)

# document request
document_request = DocAuth::Socure::Requests::DocumentRequest.new(
document_capture_session_uuid: document_capture_session_uuid,
redirect_url: idv_socure_document_capture_url,
language: I18n.locale,
)

document_response = document_request.fetch

@document_request = document_request
@document_response = document_response
@url = document_response.dig(:data, :url)

document_capture_session = DocumentCaptureSession.find_by(
uuid: document_capture_session_uuid,
)

document_capture_session.socure_docv_token = document_response.dig(
:data,
:docvTransactionToken,
)
document_capture_session.save

# useful for analytics
@msg = document_response[:msg]
@reference_id = document_response[:referenceId]
end

def update
render plain: 'stub to ensure Socure callback exists and the route works'
end

def self.step_info
Idv::StepInfo.new(
key: :socure_document_capture,
controller: self,
next_steps: [:ssn, :ipp_ssn],
preconditions: ->(idv_session:, user:) {
idv_session.flow_path == 'standard' && (
# mobile
idv_session.skip_doc_auth_from_handoff ||
idv_session.skip_hybrid_handoff ||
idv_session.skip_doc_auth ||
idv_session.skip_doc_auth_from_how_to_verify ||
!idv_session.selfie_check_required ||
idv_session.desktop_selfie_test_mode_enabled?
)
},
undo_step: ->(idv_session:, user:) do
idv_session.pii_from_doc = nil
idv_session.invalidate_in_person_pii_from_user!
end,
)
end
end
end
end
4 changes: 4 additions & 0 deletions app/controllers/sign_up/select_email_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,16 @@ def show
@user_emails = user_emails
@last_sign_in_email_address = last_email
@select_email_form = build_select_email_form
analytics.sp_select_email_visited(needs_completion_screen_reason:)
end

def create
@select_email_form = build_select_email_form

result = @select_email_form.submit(form_params)

analytics.sp_select_email_submitted(**result.to_h, needs_completion_screen_reason:)

if result.success?
user_session[:selected_email_id] = form_params[:selected_email_id]
redirect_to sign_up_completed_path
Expand Down
Loading