Stop referencing old singular cert column

Gemfile

@@ -14,7 +14,7 @@ gem 'rails', '~> 6.1.3'
 @proofer_gem ||= { github: '18F/identity-proofer-gem', ref: 'v2.8.0' }
 @saml_gem ||= { github: '18F/saml_idp', tag: 'v0.13.0-18f' }
 @telephony_gem ||= { github: '18f/identity-telephony', tag: 'v0.2.0' }
-@validations_gem ||= { github: '18F/identity-validations', branch: 'main' }
+@validations_gem ||= { github: '18F/identity-validations', tag: 'v0.4.0' }
 
 gem 'aamva', @aamva_api_gem
 gem 'identity-doc-auth', @doc_auth_gem

Gemfile.lock

@@ -59,10 +59,10 @@ GIT
 
 GIT
   remote: https://github.com/18F/identity-validations.git
-  revision: 26253af02f472d3023062efd5c7a3920b0db5f9c
-  branch: main
+  revision: fc8bfdd3903b737ee218a0ab515a244031536b4d
+  tag: v0.4.0
   specs:
-    identity_validations (0.3.2)
+    identity_validations (0.4.0)
 
 GIT
   remote: https://github.com/18F/saml_idp.git

app/models/null_service_provider.rb

@@ -14,7 +14,6 @@ class NullServiceProvider
     assertion_consumer_logout_service_url
     attribute_bundle
     block_encryption
-    cert
     certs
     created_at
     default_aal

app/models/service_provider.rb

@@ -2,7 +2,7 @@
 require 'identity_validations'
 
 class ServiceProvider < ApplicationRecord
-  self.ignored_columns = %w[deal_id agency aal fingerprint]
+  self.ignored_columns = %w[deal_id agency aal fingerprint cert]
 
   belongs_to :agency
 
@@ -34,7 +34,7 @@ def metadata
 
   # @return [Array<OpenSSL::X509::Certificate>]
   def ssl_certs
-    @ssl_certs ||= (certs.presence || Array(cert)).select(&:present?).map do |cert|
+    @ssl_certs ||= Array(certs).select(&:present?).map do |cert|
       OpenSSL::X509::Certificate.new(load_cert(cert))
     end
   end

app/services/service_provider_updater.rb

@@ -7,6 +7,10 @@ class ServiceProviderUpdater
     updated_at
   ].to_set.freeze
 
+  SP_IGNORED_ATTRIBUTES = %i[
+    cert
+  ]
+
   def run
     dashboard_service_providers.each do |service_provider|
       update_local_caches(HashWithIndifferentAccess.new(service_provider))
@@ -43,7 +47,7 @@ def sync_model(sp, cleaned_attributes)
   end
 
   def cleaned_service_provider(service_provider)
-    service_provider.except(*SP_PROTECTED_ATTRIBUTES)
+    service_provider.except(*SP_PROTECTED_ATTRIBUTES, *SP_IGNORED_ATTRIBUTES)
   end
 
   def url

config/service_providers.localdev.yml

@@ -32,7 +32,8 @@ test:
       - 'http://example.com/auth/result'
       - 'http://example.com/logout'
     friendly_name: 'Test SP'
-    cert: 'saml_test_sp'
+    certs:
+      - 'saml_test_sp'
     logo: 'generic.svg'
     ial: 2
     attribute_bundle:
@@ -54,7 +55,8 @@ test:
       - 'http://example.com/auth/result'
       - 'http://example.com/logout'
     friendly_name: 'Test SP'
-    cert: 'saml_test_sp'
+    certs:
+      - 'saml_test_sp'
     logo: 'generic.svg'
     ial: 2
     default_aal: 3
@@ -76,7 +78,8 @@ test:
       - 'http://example.com/auth/result'
       - 'http://example.com/logout'
     friendly_name: 'Test SP requesting signed response message'
-    cert: 'saml_test_sp'
+    certs:
+      - 'saml_test_sp'
     logo: 'generic.svg'
     ial: 1
     attribute_bundle:
@@ -96,7 +99,8 @@ test:
       - 'http://example.com/auth/result'
       - 'http://example.com/logout'
     friendly_name: 'Test SP requesting signed response message'
-    cert: 'saml_test_sp'
+    certs:
+      - 'saml_test_sp'
     logo: 'generic.svg'
     ial: 1
     attribute_bundle:
@@ -109,15 +113,17 @@ test:
     acs_url: 'http://example.com/test/saml/decode_assertion'
     assertion_consumer_logout_service_url: 'http://example.com/test/saml/decode_slo_request'
     block_encryption: 'aes256-cbc'
-    cert: 'saml_test_sp'
+    certs:
+      - 'saml_test_sp'
     friendly_name: 'Test SP'
     allow_prompt_login: true
 
   'https://rp3.serviceprovider.com/auth/saml/metadata':
     acs_url: 'http://example.com/test/saml/decode_assertion'
     assertion_consumer_logout_service_url: 'http://example.com/test/saml/decode_slo_request'
     block_encryption: 'aes256-cbc'
-    cert: 'saml_test_sp'
+    certs:
+      - 'saml_test_sp'
     ial: 2
     friendly_name: 'Test SP'
     allow_prompt_login: true
@@ -138,7 +144,8 @@ test:
     redirect_uris:
       - 'gov.gsa.openidconnect.test://result'
       - 'gov.gsa.openidconnect.test://result/signout'
-    cert: 'saml_test_sp'
+    certs:
+      - 'saml_test_sp'
     friendly_name: 'Example iOS App'
     agency: '18F'
     agency_id: 1
@@ -152,7 +159,8 @@ test:
     redirect_uris:
       - 'gov.gsa.openidconnect.test://result'
       - 'gov.gsa.openidconnect.test://result/signout'
-    cert: 'saml_test_sp'
+    certs:
+      - 'saml_test_sp'
     friendly_name: 'Example app that disallows prompt=login'
     agency: '18F'
     agency_id: 1
@@ -165,7 +173,8 @@ test:
     redirect_uris:
       - 'gov.gsa.openidconnect.test://result'
       - 'gov.gsa.openidconnect.test://result/logout'
-    cert: 'saml_test_sp'
+    certs:
+      - 'saml_test_sp'
     friendly_name: 'Example iOS App'
     agency: '18F'
     agency_id: 1
@@ -179,7 +188,8 @@ test:
       - 'http://localhost:7654/auth/result'
       - 'https://example.com'
       - 'http://www.example.com/test/oidc'
-    cert: 'saml_test_sp'
+    certs:
+      - 'saml_test_sp'
     friendly_name: 'Test SP'
     assertion_consumer_logout_service_url: ''
     ial: 2
@@ -191,7 +201,8 @@ test:
       - 'http://localhost:7654/auth/result'
       - 'https://example.com'
       - 'http://www.example.com/test/oidc'
-    cert: 'saml_test_sp'
+    certs:
+      - 'saml_test_sp'
     friendly_name: 'Test SP'
     assertion_consumer_logout_service_url: ''
     ial: 2
@@ -202,7 +213,8 @@ test:
     redirect_uris:
       - 'http://localhost:7654/auth/result'
       - 'https://example.com'
-    cert: 'saml_test_sp'
+    certs:
+      - 'saml_test_sp'
     friendly_name: 'Test SP'
     assertion_consumer_logout_service_url: ''
     ial: 2
@@ -211,7 +223,8 @@ test:
 
   'test_sp_with_default_help_text':
     agency_id: 2
-    cert: 'saml_test_sp'
+    certs:
+      - 'saml_test_sp'
     friendly_name: 'Test SP with default help text'
     ial: 2
     help_text:
@@ -255,7 +268,8 @@ test:
 
   'test_sp_with_custom_help_text':
     agency_id: 2
-    cert: 'saml_test_sp'
+    certs:
+      - 'saml_test_sp'
     friendly_name: 'Test SP with custom help text'
     ial: 2
     help_text:
@@ -278,7 +292,8 @@ test:
     assertion_consumer_logout_service_url: 'http://localhost:3000/test/saml/decode_slo_request'
     sp_initiated_login_url: 'http://localhost:3000/test/saml'
     block_encryption: 'none'
-    cert: 'saml_test_sp'
+    certs:
+      - 'saml_test_sp'
     agency: 'Test Government Agency'
     agency_id: 1
     uuid_priority: 10
@@ -297,7 +312,8 @@ test:
     redirect_uris:
       - 'gov.gsa.openidconnect.test://result'
       - 'gov.gsa.openidconnect.test://result/signout'
-    cert: 'saml_test_sp'
+    certs:
+      - 'saml_test_sp'
     friendly_name: 'Example iOS App (inactive)'
     agency: '18F'
     agency_id: 1
@@ -316,7 +332,8 @@ development:
     assertion_consumer_logout_service_url: 'http://localhost:3000/test/saml/decode_slo_request'
     block_encryption: 'aes256-cbc'
     sp_initiated_login_url: 'http://localhost:3000/test/saml'
-    cert: 'saml_test_sp'
+    certs:
+      - 'saml_test_sp'
     logo: 'generic.svg'
     agency: 'GSA'
     friendly_name: 'Awesome test SP'
@@ -327,7 +344,8 @@ development:
     sp_initiated_login_url: 'http://localhost:4567/test/saml'
     assertion_consumer_logout_service_url: 'http://localhost:4567/slo_logout'
     block_encryption: 'aes256-cbc'
-    cert: 'sp_sinatra_demo'
+    certs:
+      - 'sp_sinatra_demo'
     ial: 2
     attribute_bundle:
       - email
@@ -337,7 +355,8 @@ development:
     assertion_consumer_logout_service_url: 'http://localhost:3000/auth/saml/logout'
     sp_initiated_login_url: 'http://localhost:3000/admin/sign_in'
     block_encryption: 'aes256-cbc'
-    cert: 'sp_micropurchase'
+    certs:
+      - 'sp_micropurchase'
     agency: 'TTS Acquisition'
     logo: '18f.svg'
     friendly_name: 'Micro-purchase Dev'
@@ -350,7 +369,8 @@ development:
     assertion_consumer_logout_service_url: 'http://localhost:3003/auth/saml/logout'
     sp_initiated_login_url: 'http://localhost:3003/login'
     block_encryption: 'aes256-cbc'
-    cert: 'sp_rails_demo'
+    certs:
+      - 'sp_rails_demo'
     agency: '18F'
     agency_id: 1
     uuid_priority: 10
@@ -367,7 +387,8 @@ development:
     agency_id: 2
     uuid_priority: 30
     logo: '18f.svg'
-    cert: 'identity_dashboard_cert'
+    certs:
+      - 'identity_dashboard_cert'
     return_to_sp_url: 'http://localhost:3001'
     redirect_uris:
       - 'http://localhost:3001/auth/logindotgov/callback'
@@ -390,12 +411,14 @@ development:
       - 'http://localhost:9292/'
       - 'http://localhost:9292/auth/result'
       - 'http://localhost:9292/logout'
-    cert: 'sp_sinatra_demo'
+    certs:
+      - 'sp_sinatra_demo'
     friendly_name: 'Example Sinatra App'
 
   'urn:gov:gsa:openidconnect:sp:expressjs':
     agency: 'GSA'
-    cert: 'sp_expressjs_demo'
+    certs:
+      - 'sp_expressjs_demo'
     friendly_name: 'Example OIDC Client (Express.js)'
     logo: '18f.svg'
     redirect_uris:
@@ -404,7 +427,8 @@ development:
 
   'urn:gov:gsa:openidconnect:sp:gin':
     agency: 'GSA'
-    cert: 'sp_gin_demo'
+    certs:
+      - 'sp_gin_demo'
     friendly_name: 'Example OIDC Client (Gin)'
     logo: '18f.svg'
     redirect_uris:
@@ -413,7 +437,8 @@ development:
 
   'urn:gov:gsa:openidconnect:sp:phoenix':
     agency: 'GSA'
-    cert: 'sp_phoenix_demo'
+    certs:
+      - 'sp_phoenix_demo'
     friendly_name: 'Example OIDC Client (Phoenix)'
     logo: '18f.svg'
     redirect_uris: