From 2e5510a0c6d4666127b22cb0ba82a265f6bf1381 Mon Sep 17 00:00:00 2001
From: Alysia Broddrick <abroddrick@truss.works>
Date: Thu, 6 Jun 2024 17:52:42 -0700
Subject: [PATCH] added infra for litterbox and hotgov sandboxes

---
 .github/workflows/deploy-sandbox.yaml |   2 +
 .github/workflows/migrate.yaml        |   2 +
 .github/workflows/reset-db.yaml       |   2 +
 ops/manifests/manifest-hotgov.yaml    |  32 +++++
 ops/manifests/manifest-litterbox.yaml |  32 +++++
 ops/scripts/create_dev_sandbox.sh     | 182 +++++++++++++-------------
 src/registrar/config/settings.py      |   2 +
 7 files changed, 163 insertions(+), 91 deletions(-)
 create mode 100644 ops/manifests/manifest-hotgov.yaml
 create mode 100644 ops/manifests/manifest-litterbox.yaml

diff --git a/.github/workflows/deploy-sandbox.yaml b/.github/workflows/deploy-sandbox.yaml
index 214cf6076..f2b4303d6 100644
--- a/.github/workflows/deploy-sandbox.yaml
+++ b/.github/workflows/deploy-sandbox.yaml
@@ -25,6 +25,8 @@ jobs:
         || startsWith(github.head_ref, 'meoward/')
         || startsWith(github.head_ref, 'bob/')
         || startsWith(github.head_ref, 'cb/')
+        || startsWith(github.head_ref, 'hotgov/')
+        || startsWith(github.head_ref, 'litterbox/')
     outputs:
       environment: ${{ steps.var.outputs.environment}}
     runs-on: "ubuntu-latest"
diff --git a/.github/workflows/migrate.yaml b/.github/workflows/migrate.yaml
index f5815012c..283380236 100644
--- a/.github/workflows/migrate.yaml
+++ b/.github/workflows/migrate.yaml
@@ -16,6 +16,8 @@ on:
           - stable
           - staging
           - development
+          - litterbox
+          - hotgov
           - cb
           - bob
           - meoward
diff --git a/.github/workflows/reset-db.yaml b/.github/workflows/reset-db.yaml
index 06638aa05..b9393415b 100644
--- a/.github/workflows/reset-db.yaml
+++ b/.github/workflows/reset-db.yaml
@@ -16,6 +16,8 @@ on:
         options:
           - staging
           - development
+          - litterbox
+          - hotgov
           - cb
           - bob
           - meoward
diff --git a/ops/manifests/manifest-hotgov.yaml b/ops/manifests/manifest-hotgov.yaml
new file mode 100644
index 000000000..70cc97ee7
--- /dev/null
+++ b/ops/manifests/manifest-hotgov.yaml
@@ -0,0 +1,32 @@
+---
+applications:
+- name: getgov-hotgov
+  buildpacks:
+    - python_buildpack
+  path: ../../src
+  instances: 1
+  memory: 512M
+  stack: cflinuxfs4
+  timeout: 180
+  command: ./run.sh
+  health-check-type: http
+  health-check-http-endpoint: /health
+  health-check-invocation-timeout: 40
+  env:
+    # Send stdout and stderr straight to the terminal without buffering
+    PYTHONUNBUFFERED: yup
+    # Tell Django where to find its configuration
+    DJANGO_SETTINGS_MODULE: registrar.config.settings
+    # Tell Django where it is being hosted
+    DJANGO_BASE_URL: https://getgov-hotgov.app.cloud.gov
+    # Tell Django how much stuff to log
+    DJANGO_LOG_LEVEL: INFO
+    # default public site location
+    GETGOV_PUBLIC_SITE_URL: https://get.gov
+    # Flag to disable/enable features in prod environments
+    IS_PRODUCTION: False
+  routes:
+    - route: getgov-hotgov.app.cloud.gov
+  services:
+  - getgov-credentials
+  - getgov-hotgov-database
diff --git a/ops/manifests/manifest-litterbox.yaml b/ops/manifests/manifest-litterbox.yaml
new file mode 100644
index 000000000..ae899ef3a
--- /dev/null
+++ b/ops/manifests/manifest-litterbox.yaml
@@ -0,0 +1,32 @@
+---
+applications:
+- name: getgov-litterbox
+  buildpacks:
+    - python_buildpack
+  path: ../../src
+  instances: 1
+  memory: 512M
+  stack: cflinuxfs4
+  timeout: 180
+  command: ./run.sh
+  health-check-type: http
+  health-check-http-endpoint: /health
+  health-check-invocation-timeout: 40
+  env:
+    # Send stdout and stderr straight to the terminal without buffering
+    PYTHONUNBUFFERED: yup
+    # Tell Django where to find its configuration
+    DJANGO_SETTINGS_MODULE: registrar.config.settings
+    # Tell Django where it is being hosted
+    DJANGO_BASE_URL: https://getgov-litterbox.app.cloud.gov
+    # Tell Django how much stuff to log
+    DJANGO_LOG_LEVEL: INFO
+    # default public site location
+    GETGOV_PUBLIC_SITE_URL: https://get.gov
+    # Flag to disable/enable features in prod environments
+    IS_PRODUCTION: False
+  routes:
+    - route: getgov-litterbox.app.cloud.gov
+  services:
+  - getgov-credentials
+  - getgov-litterbox-database
diff --git a/ops/scripts/create_dev_sandbox.sh b/ops/scripts/create_dev_sandbox.sh
index 676fcf7ae..c399b0659 100755
--- a/ops/scripts/create_dev_sandbox.sh
+++ b/ops/scripts/create_dev_sandbox.sh
@@ -7,118 +7,118 @@ if [ -z "$1" ]; then
     exit 1
 fi
 
-if [ ! $(command -v gh) ] || [ ! $(command -v jq) ] || [ ! $(command -v cf) ]; then
-    echo "jq, cf, and gh packages must be installed. Please install via your preferred manager."
-    exit 1
-fi
+# if [ ! $(command -v gh) ] || [ ! $(command -v jq) ] || [ ! $(command -v cf) ]; then
+#     echo "jq, cf, and gh packages must be installed. Please install via your preferred manager."
+#     exit 1
+# fi
 
 upcase_name=$(printf "%s" "$1" | tr '[:lower:]' '[:upper:]')
 
-read -p "Are you on a new branch? We will have to commit this work. (y/n) " -n 1 -r
-echo
-if [[ ! $REPLY =~ ^[Yy]$ ]]
-then
-    git checkout -b new-dev-sandbox-$1
-fi
+# read -p "Are you on a new branch? We will have to commit this work. (y/n) " -n 1 -r
+# echo
+# if [[ ! $REPLY =~ ^[Yy]$ ]]
+# then
+#     git checkout -b new-dev-sandbox-$1
+# fi
 
-cf target -o cisa-dotgov
+# cf target -o cisa-dotgov
 
-read -p "Are you logged in to the cisa-dotgov CF org above? (y/n) " -n 1 -r
-echo
-if [[ ! $REPLY =~ ^[Yy]$ ]]
-then
-    cf login -a https://api.fr.cloud.gov --sso
-fi
+# read -p "Are you logged in to the cisa-dotgov CF org above? (y/n) " -n 1 -r
+# echo
+# if [[ ! $REPLY =~ ^[Yy]$ ]]
+# then
+#     cf login -a https://api.fr.cloud.gov --sso
+# fi
 
-gh auth status
-read -p "Are you logged into a Github account with access to cisagov/getgov? (y/n) " -n 1 -r
-echo
-if [[ ! $REPLY =~ ^[Yy]$ ]]
-then
-    gh auth login
-fi
+# gh auth status
+# read -p "Are you logged into a Github account with access to cisagov/getgov? (y/n) " -n 1 -r
+# echo
+# if [[ ! $REPLY =~ ^[Yy]$ ]]
+# then
+#     gh auth login
+# fi
 
-echo "Creating manifest for $1..."
-cp ops/scripts/manifest-sandbox-template.yaml ops/manifests/manifest-$1.yaml
-sed -i '' "s/ENVIRONMENT/$1/" "ops/manifests/manifest-$1.yaml"
+# echo "Creating manifest for $1..."
+# cp ops/scripts/manifest-sandbox-template.yaml ops/manifests/manifest-$1.yaml
+# sed -i '' "s/ENVIRONMENT/$1/" "ops/manifests/manifest-$1.yaml"
 
-echo "Adding new environment to settings.py..."
-sed -i '' '/getgov-development.app.cloud.gov/ {a\
-    '\"getgov-$1.app.cloud.gov\"',
-}' src/registrar/config/settings.py
+# echo "Adding new environment to settings.py..."
+# sed -i '' '/getgov-development.app.cloud.gov/ {a\
+#     '\"getgov-$1.app.cloud.gov\"',
+# }' src/registrar/config/settings.py
 
-echo "Creating new cloud.gov space for $1..."
-cf create-space $1
-cf target -o "cisa-dotgov" -s $1
-cf bind-security-group public_networks_egress cisa-dotgov --space $1
-cf bind-security-group trusted_local_networks_egress cisa-dotgov --space $1
+# echo "Creating new cloud.gov space for $1..."
+# cf create-space $1
+# cf target -o "cisa-dotgov" -s $1
+# cf bind-security-group public_networks_egress cisa-dotgov --space $1
+# cf bind-security-group trusted_local_networks_egress cisa-dotgov --space $1
 
-echo "Creating new cloud.gov DB for $1. This usually takes about 5 minutes..."
-cf create-service aws-rds micro-psql getgov-$1-database
+# echo "Creating new cloud.gov DB for $1. This usually takes about 5 minutes..."
+# cf create-service aws-rds micro-psql getgov-$1-database
 
-until cf service getgov-$1-database | grep -q 'The service instance status is succeeded'
-do
-  echo "Database not up yet, waiting..."
-  sleep 30
-done
+# until cf service getgov-$1-database | grep -q 'The service instance status is succeeded'
+# do
+#   echo "Database not up yet, waiting..."
+#   sleep 30
+# done
 
-echo "Creating new cloud.gov credentials for $1..."
-django_key=$(python3 -c 'from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())')
-openssl req -nodes -x509 -days 365 -newkey rsa:2048 -keyout private-$1.pem -out public-$1.crt
-login_key=$(base64 -i private-$1.pem)
-jq -n --arg django_key "$django_key" --arg login_key "$login_key" '{"DJANGO_SECRET_KEY":$django_key,"DJANGO_SECRET_LOGIN_KEY":$login_key}' > credentials-$1.json
-cf cups getgov-credentials -p credentials-$1.json
+# echo "Creating new cloud.gov credentials for $1..."
+# django_key=$(python3 -c 'from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())')
+# openssl req -nodes -x509 -days 365 -newkey rsa:2048 -keyout private-$1.pem -out public-$1.crt
+# login_key=$(base64 -i private-$1.pem)
+# jq -n --arg django_key "$django_key" --arg login_key "$login_key" '{"DJANGO_SECRET_KEY":$django_key,"DJANGO_SECRET_LOGIN_KEY":$login_key}' > credentials-$1.json
+# cf cups getgov-credentials -p credentials-$1.json
 
-echo "Now you will need to update some things for Login. Please sign-in to https://dashboard.int.identitysandbox.gov/."
-echo "Navigate to our application config: https://dashboard.int.identitysandbox.gov/service_providers/2640/edit?"
-echo "There are two things to update."
-echo "1. You need to upload the public-$1.crt file generated as part of the previous command."
-echo "2. You need to add two redirect URIs: https://getgov-$1.app.cloud.gov/openid/callback/login/ and
-https://getgov-$1.app.cloud.gov/openid/callback/logout/ to the list of URIs."
-read -p "Please confirm when this is done (y/n) " -n 1 -r
-echo
-if [[ ! $REPLY =~ ^[Yy]$ ]]
-then
-    exit 1
-fi
+# echo "Now you will need to update some things for Login. Please sign-in to https://dashboard.int.identitysandbox.gov/."
+# echo "Navigate to our application config: https://dashboard.int.identitysandbox.gov/service_providers/2640/edit?"
+# echo "There are two things to update."
+# echo "1. You need to upload the public-$1.crt file generated as part of the previous command."
+# echo "2. You need to add two redirect URIs: https://getgov-$1.app.cloud.gov/openid/callback/login/ and
+# https://getgov-$1.app.cloud.gov/openid/callback/logout/ to the list of URIs."
+# read -p "Please confirm when this is done (y/n) " -n 1 -r
+# echo
+# if [[ ! $REPLY =~ ^[Yy]$ ]]
+# then
+#     exit 1
+# fi
 
-echo "Database create succeeded and credentials created. Deploying the get.gov application to the new space $1..."
-echo "Building assets..."
-open -a Docker
-cd src/
-./build.sh
-cd ..
-cf push getgov-$1 -f ops/manifests/manifest-$1.yaml
+# echo "Database create succeeded and credentials created. Deploying the get.gov application to the new space $1..."
+# echo "Building assets..."
+# open -a Docker
+# cd src/
+# ./build.sh
+# cd ..
+# cf push getgov-$1 -f ops/manifests/manifest-$1.yaml
 
-echo "Creating cache table..."
-cf run-task getgov-$1 --command 'python manage.py createcachetable' --name createcachetable
+# echo "Creating cache table..."
+# cf run-task getgov-$1 --command 'python manage.py createcachetable' --name createcachetable
 
-read -p "Please provide the email of the space developer: " -r
-cf set-space-role $REPLY cisa-dotgov $1 SpaceDeveloper
+# read -p "Please provide the email of the space developer: " -r
+# cf set-space-role $REPLY cisa-dotgov $1 SpaceDeveloper
 
-read -p "Should we run migrations? (y/n) " -n 1 -r
-echo
-if [[ $REPLY =~ ^[Yy]$ ]]
-then
-    cf run-task getgov-$1 --command 'python manage.py migrate' --name migrate
-fi
+# read -p "Should we run migrations? (y/n) " -n 1 -r
+# echo
+# if [[ $REPLY =~ ^[Yy]$ ]]
+# then
+#     cf run-task getgov-$1 --command 'python manage.py migrate' --name migrate
+# fi
 
-echo "Alright, your app is up and running at https://getgov-$1.app.cloud.gov!"
-echo
-echo "Moving on to setup Github automation..."
+# echo "Alright, your app is up and running at https://getgov-$1.app.cloud.gov!"
+# echo
+# echo "Moving on to setup Github automation..."
 
-echo "Adding new environment to Github Actions..."
-sed -i '' '/          - development/ {a\
-          - '"$1"'
-}' .github/workflows/reset-db.yaml
+# echo "Adding new environment to Github Actions..."
+# sed -i '' '/          - development/ {a\
+#           - '"$1"'
+# }' .github/workflows/reset-db.yaml
 
-sed -i '' '/          - development/ {a\
-          - '"$1"'
-}' .github/workflows/migrate.yaml
+# sed -i '' '/          - development/ {a\
+#           - '"$1"'
+# }' .github/workflows/migrate.yaml
 
-sed -i '' '/${{startsWith(github.head_ref, / {a\
-        || startsWith(github.head_ref, '"'$1'"')
-}' .github/workflows/deploy-sandbox.yaml
+# sed -i '' '/${{startsWith(github.head_ref, / {a\
+#         || startsWith(github.head_ref, '"'$1'"')
+# }' .github/workflows/deploy-sandbox.yaml
 
 echo "Creating space deployer for Github deploys..."
 cf create-service cloud-gov-service-account space-deployer github-cd-account
diff --git a/src/registrar/config/settings.py b/src/registrar/config/settings.py
index 851f3550c..9a6792dc7 100644
--- a/src/registrar/config/settings.py
+++ b/src/registrar/config/settings.py
@@ -659,6 +659,8 @@ ALLOWED_HOSTS = [
     "getgov-stable.app.cloud.gov",
     "getgov-staging.app.cloud.gov",
     "getgov-development.app.cloud.gov",
+    "getgov-litterbox.app.cloud.gov",
+    "getgov-hotgov.app.cloud.gov",
     "getgov-cb.app.cloud.gov",
     "getgov-bob.app.cloud.gov",
     "getgov-meoward.app.cloud.gov",