Merge branch 'main' into rjm/2768-edit-member-domains

.github/ISSUE_TEMPLATE/issue-default.yml

@@ -1,18 +1,18 @@
-name: Issue
-description: Describe an idea, feature, content, or non-bug finding
+name: Issue / story
+description: Describe an idea, problem, feature, or story. (Report bugs in the Bug template.)
 
 body:
   - type: markdown
     id: title-help
     attributes:
       value: |
-        > Titles should be short, descriptive, and compelling. Use sentence case.
+        > Titles should be short, descriptive, and compelling. Use sentence case: don't capitalize words unnecessarily.
   - type: textarea
     id: issue-description
     attributes:
       label: Issue description
       description: |
-        Describe the issue so that someone who wasn't present for its discovery can understand why it matters. Use full sentences, plain language, and [good formatting](https://docs.github.com/en/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax).
+        Describe the issue so that someone who wasn't present for its discovery can understand why it matters. For stories, use the user story format (e.g., As a user, I want, so that). Use full sentences, plain language, and [good formatting](https://docs.github.com/en/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax).
     validations:
       required: true
   - type: textarea
@@ -31,7 +31,7 @@ body:
     attributes:
       label: Links to other issues
       description: |
-        "With a `-` to start the line, add issue #numbers this relates to and how (e.g., 🚧 [construction] Blocks, ⛔️ [no_entry] Is blocked by, 🔄 [arrows_counterclockwise] Relates to)."
+        "Use a dash (`-`) to start the line. Add an issue by typing "`#`" then the issue number. Add information to describe any dependancies, blockers, etc. (e.g., 🚧 [construction] Blocks, ⛔️ [no_entry] Is blocked by, 🔄 [arrows_counterclockwise] Relates to). If this is a parent issue, use sub-issues instead of linking other issues here."
       placeholder: "- 🔄 Relates to..."
   - type: markdown
     id: note

docs/developer/adding-feature-flags.md

@@ -16,6 +16,14 @@ We use [django-waffle](https://waffle.readthedocs.io/en/stable/) for our feature
 4. (Important) Set the field `Everyone` to `Unknown`. This field overrides all other settings when set to anything else.
 5. Configure the settings as you see fit.
 
+## Enabling a feature flag with portfolio permissions
+1. Go to file `context_processors.py`
+2. Add feature flag name to the `porfolio_context` within the `portfolio_permissions` method. 
+3. For the conditional under `if portfolio`, add the feature flag name, and assign the appropiate permission that are in the `user.py` model.
+
+#### Note: 
+- If your use case includes non org, you want to add a feature flag outside of it, you can just update the portfolio context outside of the if statement.
+
 ## Using feature flags as boolean values
 Waffle [provides a boolean](https://waffle.readthedocs.io/en/stable/usage/views.html) called `flag_is_active` that you can use as you otherwise would a boolean. This boolean requires a request object and the flag name.
 

docs/operations/runbooks/add_secrets_to_existing_sandbox.md

@@ -0,0 +1,73 @@
+# HOWTO Add secrets to an existing sandbox
+
+
+### Check if you need to add secrets
+Run this command to get the environment variables from a sandbox:
+
+```sh
+cf env <APP>
+```
+For example `cf env getgov-development`
+
+Check that these environment variables exist:
+```
+{
+  "DJANGO_SECRET_KEY": "EXAMPLE",
+  "DJANGO_SECRET_LOGIN_KEY": "EXAMPLE",
+  "AWS_ACCESS_KEY_ID": "EXAMPLE",
+  "AWS_SECRET_ACCESS_KEY": "EXAMPLE",
+  "REGISTRY_KEY": "EXAMPLE,
+  ...
+}
+```
+
+If those variable are not present, use the following steps to set secrets by creating a new `credentials-<ENVIRONMENT>.json` file and uploading it.
+(Note that many of these commands were taken from the [`create_dev_sandbox.sh`](../../../ops/scripts/create_dev_sandbox.sh) script and were tested on MacOS)
+
+### Create a new Django key
+```sh
+django_key=$(python3 -c 'from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())')
+```
+
+### Replace the existing certificate 
+Create a certificate:
+```sh
+openssl req -nodes -x509 -days 365 -newkey rsa:2048 -keyout private-<ENVIRONMENT>.pem -out public-<ENVIRONMENT>.crt
+```
+
+Fill in the following for the prompts:
+
+Note: for "Common Name" you should put the name of the sandbox and for "Email Address" it should be the address of who owns that sandbox (such as the developer's email, if it's a developer sandbox, or whoever ran this action otherwise)
+
+```sh
+Country Name (2 letter code) [AU]: US
+State or Province Name (full name) [Some-State]: DC
+Locality Name (eg, city) []: DC
+Organization Name (eg, company) [Internet Widgits Pty Ltd]: DHS
+Organizational Unit Name (eg, section) []: CISA
+Common Name (e.g. server FQDN or YOUR name) []: <ENVIRONMENT>
+Email Address []: <example@something.com>
+```
+Go to https://dashboard.int.identitysandbox.gov/service_providers/2640/edit to remove the old certificate and upload the new one. 
+
+### Create the login key
+```sh
+login_key=$(base64 -i private-<ENVIRONMENT>.pem)
+```
+
+### Create the credentials file
+```sh
+jq -n --arg django_key "$django_key" --arg login_key "$login_key" '{"DJANGO_SECRET_KEY":$django_key,"DJANGO_SECRET_LOGIN_KEY":$login_key}' > credentials-<ENVIRONMENT>.json
+```
+
+Copy `REGISTRY_*` credentials from another sandbox into your `credentials-<ENVIRONMENT>.json` file.  Also add your `AWS_*` credentials if you have them, otherwise also copy them from another sandbox. You can either use the cloud.gov dashboard or the command `cf env <APP>` to find other credentials.
+
+### Update the `getgov-credentials` service tied to your environment.
+```sh
+cf uups getgov-credentials -p credentials-<ENVIRONMENT>.json
+```
+
+### Restage your application
+```sh
+cf restage getgov-<ENVIRONMENT> --strategy rolling
+```

ops/scripts/create_dev_sandbox.sh

@@ -136,6 +136,7 @@ then
 fi
 
 cf service-key github-cd-account github-cd-key | sed 1,2d  | jq -r '[.username, .password]|@tsv' | 
+
 while read -r username password; do
     gh secret --repo cisagov/getgov set CF_${upcase_name}_USERNAME --body $username
     gh secret --repo cisagov/getgov set CF_${upcase_name}_PASSWORD --body $password

src/registrar/config/settings.py

@@ -824,7 +824,9 @@ SESSION_COOKIE_SAMESITE = "Lax"
 SESSION_COOKIE_SECURE = True
 
 # session engine to cache session information
-SESSION_ENGINE = "django.contrib.sessions.backends.cache"
+SESSION_ENGINE = "django.contrib.sessions.backends.db"
+
+SESSION_SERIALIZER = "django.contrib.sessions.serializers.PickleSerializer"
 
 # ~ Set by django.middleware.clickjacking.XFrameOptionsMiddleware
 # prevent clickjacking by instructing the browser not to load

src/registrar/management/commands/master_domain_migrations.py

@@ -29,9 +29,6 @@ logger = logging.getLogger(__name__)
 class Command(BaseCommand):
     help = """ """  # TODO: update this!
 
-    # ======================================================
-    # ==================    ARGUMENTS    ===================
-    # ======================================================
     def add_arguments(self, parser):
         """
         OPTIONAL ARGUMENTS:

src/registrar/models/domain_information.py

@@ -443,8 +443,8 @@ class DomainInformation(TimeStampedModel):
     @property
     def converted_federal_agency(self):
         if self.portfolio:
-            return self.portfolio.federal_agency.agency
-        return self.federal_agency.agency
+            return self.portfolio.federal_agency
+        return self.federal_agency
 
     @property
     def converted_federal_type(self):

src/registrar/templates/django/forms/widgets/input.html

@@ -5,6 +5,5 @@
     class="{{ uswds_input_class }}{% if classes %} {{ classes }}{% endif %}"
     {% if widget.value != None %}value="{{ widget.value|stringformat:'s' }}"{% endif %}
     {% if aria_label %}aria-label="{{ aria_label }} {{ label }}"{% endif %}
-    {% if sublabel_text %}aria-describedby="{{ widget.attrs.id }}__sublabel"{% endif %}
     {% include "django/forms/widgets/attrs.html" %}
 />

src/registrar/templatetags/field_helpers.py

@@ -57,6 +57,7 @@ def input_with_errors(context, field=None):  # noqa: C901
     legend_classes = []
     group_classes = []
     aria_labels = []
+    sublabel_text = []
 
     # this will be converted to an attribute string
     described_by = []
@@ -103,6 +104,9 @@ def input_with_errors(context, field=None):  # noqa: C901
         elif key == "add_aria_label":
             aria_labels.append(value)
 
+        elif key == "sublabel_text":
+            sublabel_text.append(value)
+
     attrs["id"] = field.auto_id
 
     # do some work for various edge cases
@@ -152,11 +156,16 @@ def input_with_errors(context, field=None):  # noqa: C901
     if group_classes:
         context["group_classes"] = " ".join(group_classes)
 
+    # We handle sublabel_text here instead of directy in the template to avoid conflicts
+    if sublabel_text:
+        sublabel_div_id = f"{attrs['id']}__sublabel"
+        described_by.insert(0, sublabel_div_id)
+
     if described_by:
         # ensure we don't overwrite existing attribute value
         if "aria-describedby" in attrs:
             described_by.append(attrs["aria-describedby"])
-        attrs["aria_describedby"] = " ".join(described_by)
+        attrs["aria-describedby"] = " ".join(described_by)
 
     if aria_labels:
         context["aria_label"] = " ".join(aria_labels)