add/lock in saml_2023 references, remove saml_2021 ones#8122
Merged
bleachbyte merged 8 commits intomainfrom Apr 4, 2023
Merged
add/lock in saml_2023 references, remove saml_2021 ones#8122bleachbyte merged 8 commits intomainfrom
bleachbyte merged 8 commits intomainfrom
Conversation
bleachbyte
requested review from
aduth,
jmhooper,
mdiarra3,
mitchellhenke,
solipet and
zachmargolis
zachmargolis
approved these changes
Apr 4, 2023
| s3_report_bucket_prefix: '' | ||
| s3_report_public_bucket_prefix: '' | ||
| saml_endpoint_configs: '[{"suffix":"2021","secret_key_passphrase":"trust-but-verify"},{"suffix":"2022","secret_key_passphrase":"trust-but-verify"}]' | ||
| saml_endpoint_configs: '[{"suffix":"2022","secret_key_passphrase":"trust-but-verify"},{"suffix":"2023","secret_key_passphrase":"trust-but-verify"}]' |
Contributor
There was a problem hiding this comment.
We also need to rename these files:
config/artifacts.example/local/saml2021.crtconfig/artifacts.example/local/saml2021.key.enc
I we wanted to be really kind to ourselves, we'd regenerate them, I just openssl -cert'd the 2022 one and it expired in 2021
(it also looks like we just symlinked 2023 to 2022)
Contributor
Author
There was a problem hiding this comment.
Is that not covered in these edits here?
I'm also fine with removing the 2022 one(s) and just having the 2023 ones everywhere.
Contributor
There was a problem hiding this comment.
they work, but I guess we should remove the 2021 files from the repo if they're no longer referenced
Contributor
Author
There was a problem hiding this comment.
Huh, I completely missed that we had actual sample cert files there, too. I'll remove and re-test.
- remove the old saml2021 .crt and .key.enc files as they're no longer used/valid - change saml2023 .crt and .key.enc to actual files (vs. symlinks), newly created with openssl req -newkey (etc.) changelog: Internal, SAML, remove saml2021 references (identity-devops#5739)
bleachbyte
commented
Apr 4, 2023
|
|
||
| describe SamlEndpoint do | ||
| let(:path) { '/api/saml/auth2022' } | ||
| let(:path) { '/api/saml/auth2023' } |
Contributor
Author
There was a problem hiding this comment.
Wasn't sure about these since they were 2 years prior, thank you for confirming!
Command: git grep -l auth2022 -- spec | xargs perl -p -i -e 's/auth2022/auth2023/g' --
git grep -l logout2022 -- spec | xargs perl -p -i -e 's/logout2022/logout2023/g' --
git grep -l authpost2022 -- spec | xargs perl -p -i -e 's/authpost2022/authpost2023/g'
Contributor
|
A few specs had 2022 harcoded, so I started updating those to 2023. This upgrade process is a huge bummer, I wish we could make this a little more dynamic |
Contributor
|
tests pass 🚀 |
aduth
added a commit
to 18F/identity-saml-sinatra
that referenced
this pull request
Apr 12, 2023
Avoid 404 when signing in to local development IdP, which no longer includes 2021 endpoints. See: 18F/identity-idp#8122
aduth
added a commit
to 18F/identity-saml-sinatra
that referenced
this pull request
Apr 12, 2023
Avoid 404 when signing in to local development IdP, which no longer includes 2021 endpoints. See: 18F/identity-idp#8122
jc-gsa
pushed a commit
that referenced
this pull request
Apr 19, 2023
* saml_2022 -> saml_2023; remove saml_2021 stuff * changelog: Internal, SAML, remove saml2021 references (identity-devops#5739) * update example cert files in config/artifacts.example/local/ - remove the old saml2021 .crt and .key.enc files as they're no longer used/valid - change saml2023 .crt and .key.enc to actual files (vs. symlinks), newly created with openssl req -newkey (etc.) changelog: Internal, SAML, remove saml2021 references (identity-devops#5739) * Update specs to 2023 * Replace auth2022 Command: git grep -l auth2022 -- spec | xargs perl -p -i -e 's/auth2022/auth2023/g' -- * Replace logout2022 git grep -l logout2022 -- spec | xargs perl -p -i -e 's/logout2022/logout2023/g' -- * Update authpost2022 git grep -l authpost2022 -- spec | xargs perl -p -i -e 's/authpost2022/authpost2023/g' * Update one last spec --------- Co-authored-by: Zach Margolis <zachary.margolis@gsa.gov>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
https://github.com/18F/identity-devops/issues/5739
🛠 Summary of changes
saml2021artifacts and suffix insaml_endpoint_configsdefault config; references to them now point tosaml2022if others weren't already presentsaml_2022_cert/saml_2022_keyreferences to point tosaml_2023_*instead📜 Testing Plan
saml2021.crtandsaml2021.key.encartifacts for my (bleachbyte) environmentidphosts, verifying that hosts built properlysaml2022andsaml2023endpoints are available, whilesaml2021is not a valid endpointRelevant logs display entries for
saml2022andsaml2023cert / key files, and none forsaml2021. Site runs properly and endpoints are valid and reachable.