From 8977bdfb33660a470673f9e7623ccd727edf9a58 Mon Sep 17 00:00:00 2001 From: Gregory John Casamento Date: Wed, 15 Aug 2018 10:34:32 -0400 Subject: [PATCH 1/6] BL-43: Remove equifax from application. **Why**: Remove Equifax since we are no longer using it for IDV. **How**: Remove all references to Equifax in all files. Remove tests for equifax. --- Gemfile | 1 - Gemfile.lock | 15 --------------- app/services/request_key_manager.rb | 5 ----- bin/setup | 1 - config/application.yml.example | 11 ----------- config/initializers/figaro.rb | 1 - config/initializers/proofer.rb | 7 ------- spec/services/request_key_manager_spec.rb | 8 -------- 8 files changed, 49 deletions(-) diff --git a/Gemfile b/Gemfile index 4fa076abaf3..acf84c96d1b 100644 --- a/Gemfile +++ b/Gemfile @@ -113,6 +113,5 @@ end group :production do gem 'aamva', git: 'git@github.com:18F/identity-aamva-api-client-gem', tag: 'v3.1.0' - gem 'equifax', git: 'git@github.com:18F/identity-equifax-api-client-gem.git', tag: 'v1.1.0' gem 'lexisnexis', git: 'git@github.com:18F/identity-lexisnexis-api-client-gem', tag: 'v1.1.0' end diff --git a/Gemfile.lock b/Gemfile.lock index 3e1572c5a97..3a7ee7e011b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -9,19 +9,6 @@ GIT httpi xmldsig -GIT - remote: git@github.com:18F/identity-equifax-api-client-gem.git - revision: de4258c7608997f72e119b16718eeead4d39db70 - tag: v1.1.0 - specs: - equifax (1.1.0) - activesupport - dotenv - gyoku - hashie - logger - savon - GIT remote: git@github.com:18F/identity-lexisnexis-api-client-gem revision: d17049ab1a03d50c0cc8a272d86cf2144192fab5 @@ -350,7 +337,6 @@ GEM rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) ruby_dep (~> 1.2) - logger (1.2.8) lograge (0.10.0) actionpack (>= 4) activesupport (>= 4) @@ -694,7 +680,6 @@ DEPENDENCIES devise (~> 4.1) dotiw email_spec - equifax! exception_notification factory_bot_rails fakefs diff --git a/app/services/request_key_manager.rb b/app/services/request_key_manager.rb index 4fda5fbbe44..6144e7f39db 100644 --- a/app/services/request_key_manager.rb +++ b/app/services/request_key_manager.rb @@ -19,9 +19,4 @@ def self.read_key_file(key_file, passphrase) key_file = Rails.root.join('keys', 'saml.key.enc') read_key_file(key_file, Figaro.env.saml_passphrase) end - - cattr_accessor :equifax_ssh_key do - key_file = Rails.root.join('keys', 'equifax_rsa') - read_key_file(key_file, Figaro.env.equifax_ssh_passphrase) - end end diff --git a/bin/setup b/bin/setup index c659ff8f96d..a02271c8925 100755 --- a/bin/setup +++ b/bin/setup @@ -37,7 +37,6 @@ Dir.chdir APP_ROOT do if ARGV.shift == "--docker" then run 'docker-compose build' - run 'docker-compose run --rm web bin/generate-example-keys' run 'docker-compose run --rm web yarn install' run 'docker-compose run --rm web rake db:create' run 'docker-compose run --rm web rake db:environment:set' diff --git a/config/application.yml.example b/config/application.yml.example index 8f508c03e07..207497faeef 100644 --- a/config/application.yml.example +++ b/config/application.yml.example @@ -360,17 +360,6 @@ test: enable_rate_limiting: 'true' enable_test_routes: 'true' enable_usps_verification: 'true' - equifax_avs_username: 'sekret' - equifax_development_example_gpg_passphrase: 'sekret' - equifax_eid_username: 'sekret' - equifax_endpoint: 'sekret' - equifax_gpg_email: 'logs@login.gov' - equifax_password: 'sekret' - equifax_phone_username: 'sekret' - equifax_sftp_directory: '/directory' - equifax_sftp_host: 'example.com' - equifax_sftp_username: 'user' - equifax_ssh_passphrase: 'sekret' exception_recipients: 'test1@test.com' hmac_fingerprinter_key: 'a2c813d4dca919340866ba58063e4072adc459b767a74cf2666d5c1eef3861db26708e7437abde1755eb24f4034386b0fea1850a1cb7e56bff8fae3cc6ade96c' hmac_fingerprinter_key_queue: '["old-key-one", "old-key-two"]' diff --git a/config/initializers/figaro.rb b/config/initializers/figaro.rb index fef45c0cbf7..268bd73444f 100644 --- a/config/initializers/figaro.rb +++ b/config/initializers/figaro.rb @@ -10,7 +10,6 @@ 'enable_rate_limiting', 'enable_test_routes', 'enable_usps_verification', - 'equifax_ssh_passphrase', 'exception_recipients', 'hmac_fingerprinter_key', 'issuers_with_email_nameid_format', diff --git a/config/initializers/proofer.rb b/config/initializers/proofer.rb index 324ba43f535..645d609da34 100644 --- a/config/initializers/proofer.rb +++ b/config/initializers/proofer.rb @@ -7,12 +7,5 @@ end Idv::Proofer.init - - # Until equifax is removed, ensure env variables are available - [/^equifax_/].each do |pattern| - ENV.keys.grep(pattern).each do |env_var_name| - ENV[env_var_name.upcase] = ENV[env_var_name] - end - end end # rubocop:enable Metrics/LineLength diff --git a/spec/services/request_key_manager_spec.rb b/spec/services/request_key_manager_spec.rb index a06380eec8b..0f2f64e2cdc 100644 --- a/spec/services/request_key_manager_spec.rb +++ b/spec/services/request_key_manager_spec.rb @@ -1,14 +1,6 @@ require 'rails_helper' describe RequestKeyManager do - describe '.equifax_ssh_key' do - it 'initializes' do - ssh_key = described_class.equifax_ssh_key - - expect(ssh_key).to be_a OpenSSL::PKey::RSA - end - end - describe '.private_key' do it 'initializes' do ssh_key = described_class.private_key From 1ddc40807e17f75be17428c4dd7f55562ee1c43d Mon Sep 17 00:00:00 2001 From: Gregory John Casamento Date: Wed, 15 Aug 2018 10:44:42 -0400 Subject: [PATCH 2/6] LG-43: Remove equifax **why**: Remove all references. --- .gitignore | 3 --- bin/generate-example-keys | 46 ---------------------------------- config/application.yml.example | 22 ---------------- 3 files changed, 71 deletions(-) delete mode 100755 bin/generate-example-keys diff --git a/.gitignore b/.gitignore index 6085b076fbd..ed3c52c5b22 100644 --- a/.gitignore +++ b/.gitignore @@ -39,9 +39,6 @@ Vagrantfile /config/aws.yml /keys/*.key.enc !/keys/*.key.enc.example -/keys/equifax_rsa -/keys/equifax_rsa.pub -/keys/equifax_gpg.pub.bin /coverage /db/*.sqlite3 /doc/search_stats.csv diff --git a/bin/generate-example-keys b/bin/generate-example-keys deleted file mode 100755 index 12d9cf7ab95..00000000000 --- a/bin/generate-example-keys +++ /dev/null @@ -1,46 +0,0 @@ -#!/usr/bin/env ruby - -def run(command) - abort "command failed (#{$?}): #{command}" unless system command -end - -def equifax_gpg_private_exists? - list_keys_output = `gpg --list-secret-keys` - list_keys_output.include? 'login dot gov (development only) ' -end - -def generate_equifax_gpg_private_key - if equifax_gpg_private_exists? - puts 'Equifax GPG private key exists. Skipping.' - return - end - parameters = ' - Key-Type: 1 - Subkey-Type: 1 - Name-Real: login dot gov - Name-Comment: development only - Name-Email: logs@login.gov - Expire-Date: 0 - Passphrase: sekret - # Do a commit here, so that we can later print "done" - %commit - %echo done - ' - run "echo '#{parameters}' | gpg --batch --pinentry-mode loopback --gen-key" - run 'gpg --export --output keys/equifax_gpg.pub.bin logs@login.gov' -end - -def generate_equifax_rsa_private_key - if File.exists? 'keys/equifax_rsa' - puts 'Equifax RSA private key exists. Skipping.' - return - end - run 'ssh-keygen -t rsa -b 4096 -C "logs@login.gov" -N "sekret" -f "keys/equifax_rsa"' -end - -puts "Note: This script is meant for local development use only." -puts " Under no circumstances should this be used to generate keys" -puts " for a production system." - -generate_equifax_gpg_private_key -generate_equifax_rsa_private_key diff --git a/config/application.yml.example b/config/application.yml.example index 207497faeef..2d9903b891a 100644 --- a/config/application.yml.example +++ b/config/application.yml.example @@ -111,17 +111,6 @@ development: enable_rate_limiting: 'false' enable_test_routes: 'true' enable_usps_verification: 'true' - equifax_avs_username: 'sekret' - equifax_development_example_gpg_passphrase: 'sekret' - equifax_eid_username: 'sekret' - equifax_endpoint: 'sekret' - equifax_gpg_email: 'logs@login.gov' - equifax_password: 'sekret' - equifax_phone_username: 'sekret' - equifax_sftp_directory: '/directory' - equifax_sftp_host: 'example.com' - equifax_sftp_username: 'user' - equifax_ssh_passphrase: 'sekret' exception_recipients: 'test1@test.com' hmac_fingerprinter_key: 'a2c813d4dca919340866ba58063e4072adc459b767a74cf2666d5c1eef3861db26708e7437abde1755eb24f4034386b0fea1850a1cb7e56bff8fae3cc6ade96c' hmac_fingerprinter_key_queue: '["11111111111111111111111111111111", "22222222222222222222222222222222"]' @@ -235,17 +224,6 @@ production: enable_rate_limiting: 'true' enable_test_routes: 'false' enable_usps_verification: 'false' - equifax_avs_username: - equifax_development_example_gpg_passphrase: - equifax_eid_username: - equifax_endpoint: - equifax_gpg_email: - equifax_password: - equifax_phone_username: - equifax_sftp_directory: # '/directory' - equifax_sftp_host: # 'example.com' - equifax_sftp_username: - equifax_ssh_passphrase: exception_recipients: 'user1@example.com,user2@example.com' google_analytics_key: # 'UA-XXXXXXXXX-YY' hmac_fingerprinter_key: # generate via `rake secret` From 08c85f2609ea318184c19cb2bd77dd45c855dc39 Mon Sep 17 00:00:00 2001 From: Gregory John Casamento Date: Wed, 15 Aug 2018 11:17:10 -0400 Subject: [PATCH 3/6] Remove generate-example-keys from config.yml --- .circleci/config.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 05fadbdae3d..14536085ace 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -77,7 +77,6 @@ jobs: cp certs/saml2018.crt.example certs/saml2018.crt cp keys/saml.key.enc.example keys/saml.key.enc cp keys/saml2018.key.enc.example keys/saml2018.key.enc - bin/generate-example-keys bundle exec rake db:setup --trace bundle exec rake assets:precompile From 6b36d95f4514331d03da359b410e6b8e8e71208c Mon Sep 17 00:00:00 2001 From: Gregory John Casamento Date: Wed, 15 Aug 2018 11:22:23 -0400 Subject: [PATCH 4/6] **Why**: Add back into ignore file so that it will be ignored for people who have created this file locally --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index ed3c52c5b22..8601b16e417 100644 --- a/.gitignore +++ b/.gitignore @@ -39,6 +39,7 @@ Vagrantfile /config/aws.yml /keys/*.key.enc !/keys/*.key.enc.example +/keys/equifax_rsa /coverage /db/*.sqlite3 /doc/search_stats.csv From 8017b9d974bb6213dfe1fcf67060cdde1037aa8b Mon Sep 17 00:00:00 2001 From: Gregory John Casamento Date: Wed, 15 Aug 2018 13:32:17 -0400 Subject: [PATCH 5/6] Minor grammatical correction in README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c40d38e8235..2b09568866a 100644 --- a/README.md +++ b/README.md @@ -174,7 +174,7 @@ it into the "Index pattern" field, then click the "Next step" button. 10. On `Step 2 of 2: Configure settings`, select `@timestamp` from the `Time Filter field name` dropdown, then click "Create index pattern". -11. Create some more events on the IdP app +11. Create some more events on the IdP app. 12. Refresh the Kibana website. You should now see new events show up in the Discover section. From 95ebd370cd8b7a4b28cb72676a2dd2b27d527373 Mon Sep 17 00:00:00 2001 From: Gregory John Casamento Date: Wed, 15 Aug 2018 14:00:51 -0400 Subject: [PATCH 6/6] LG-43: Remove equifax **Why**: Add references to equifax back into the .gitignore so that we can ignore those files on people's desktops that already have them. --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index 8601b16e417..9b8b4bae667 100644 --- a/.gitignore +++ b/.gitignore @@ -40,6 +40,8 @@ Vagrantfile /keys/*.key.enc !/keys/*.key.enc.example /keys/equifax_rsa +/keys/equifax_gpg.pub.bin +/keys/equifax_rsa.pub /coverage /db/*.sqlite3 /doc/search_stats.csv