diff --git a/.github/workflows/security-check.yaml b/.github/workflows/security-check.yaml index bd41e7966..01cd9c71d 100644 --- a/.github/workflows/security-check.yaml +++ b/.github/workflows/security-check.yaml @@ -24,6 +24,12 @@ jobs: DJANGO_SECRET_KEY: not-a-secret-jw7kQcb35fcDRIKp7K4fqZBmVvb+Sy4nkAGf44DxHi6EJl DATABASE_URL: "postgres://not_a_user:not_a_password@not_a_host" DJANGO_BASE_URL: "https://not_a_host" + REGISTRY_CL_ID: nothing + REGISTRY_PASSWORD: nothing + REGISTRY_CERT: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNMekNDQWRXZ0F3SUJBZ0lVWThXWEljcFVlVUk0TVUrU3NWbkIrOGErOUlnd0NnWUlLb1pJemowRUF3SXcKYlRFTE1Ba0dBMVVFQmhNQ1ZWTXhDekFKQmdOVkJBZ01Ba1JETVJNd0VRWURWUVFIREFwWFlYTm9hVzVuZEc5dQpNUXd3Q2dZRFZRUUtEQU5IVTBFeEREQUtCZ05WQkFzTUF6RTRSakVnTUI0R0ExVUVBd3dYUjA5V0lGQnliM1J2CmRIbHdaU0JTWldkcGMzUnlZWEl3SGhjTk1qTXdOREl4TVRVMU5ETTFXaGNOTWpRd05ESXdNVFUxTkRNMVdqQnQKTVFzd0NRWURWUVFHRXdKVlV6RUxNQWtHQTFVRUNBd0NSRU14RXpBUkJnTlZCQWNNQ2xkaGMyaHBibWQwYjI0eApEREFLQmdOVkJBb01BMGRUUVRFTU1Bb0dBMVVFQ3d3RE1UaEdNU0F3SGdZRFZRUUREQmRIVDFZZ1VISnZkRzkwCmVYQmxJRkpsWjJsemRISmhjakJaTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUFCRkN4bGVsN1ZoWHkKb1ZIRWY2N3FKamo5UDk0ZWdqdXNtSWVaNFRLYkxkM3RRRVgzZnFKdVk4WmZzWWN4N0s1K0NEdnJLMnZRdjlMYgpmamhMTjZad3FqK2pVekJSTUIwR0ExVWREZ1FXQkJRUEZCRHdnSlhOUXE4a1V0K1hyYzFFWm9wbW9UQWZCZ05WCkhTTUVHREFXZ0JRUEZCRHdnSlhOUXE4a1V0K1hyYzFFWm9wbW9UQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01Bb0cKQ0NxR1NNNDlCQU1DQTBnQU1FVUNJRVJEaml0VGR0UTB3eVNXb1hEbCtYbUpVUmdENUo0VHVudkFGeDlDSitCUwpBaUVBME42eTJoeGdFWkYxRXJGYW1VQW5EUHlQSFlJeFNJQkwwNW5ibE9IZFVLRT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + REGISTRY_KEY: LS0tLS1CRUdJTiBFTkNSWVBURUQgUFJJVkFURSBLRVktLS0tLQpNSUhzTUZjR0NTcUdTSWIzRFFFRkRUQktNQ2tHQ1NxR1NJYjNEUUVGRERBY0JBakJYK1UvdUFkQ3hBSUNDQUF3CkRBWUlLb1pJaHZjTkFna0ZBREFkQmdsZ2hrZ0JaUU1FQVNvRUVHWTNnblRGZ3F0UE5sVU93a2hvSHFrRWdaQlAKMG5FMWpSRXliTHBDNHFtaGczRXdaR2lXZDFWV2RLVEtyNXF3d3hsdjhCbHB1UHhtRGN4dTA1U3VReWhMcU5hWgpVNjRoZlFyYy94cnRnT3Mwc0ZXenlhY0hEaFhiQUdTQjdTTjc2WG55NU9wWDVZVGtRTFMvRTk4YmxFY3NQUWVuCkNqNTJnQzVPZ0JtYzl1cjZlbWY2bjd6TE5vUWovSzk4MEdIWjg5OVZHQ1J3OHhGZGIyb3IyU3dMcDd0V1Ixcz0KLS0tLS1FTkQgRU5DUllQVEVEIFBSSVZBVEUgS0VZLS0tLS0K + REGISTRY_KEY_PASSPHRASE: fake + REGISTRY_HOSTNAME: localhost steps: - name: Check out diff --git a/docs/operations/runbooks/rotate_application_secrets.md b/docs/operations/runbooks/rotate_application_secrets.md index dd0d367fc..456baf61d 100644 --- a/docs/operations/runbooks/rotate_application_secrets.md +++ b/docs/operations/runbooks/rotate_application_secrets.md @@ -65,3 +65,40 @@ You also need to upload the `public.crt` key if recently created to the login.go To access the AWS Simple Email Service, we need credentials from the CISA AWS account for an IAM user who has limited access to only SES. Those credentials need to be specified in the environment. + +## REGISTRY_CL_ID and REGISTRY_PASSWORD + +These are the login credentials for accessing the registry. + +## REGISTRY_CERT and REGISTRY_KEY and REGISTRY_KEY_PASSPHRASE + +These are the client certificate and its private key used to identify the registrar to the registry during the establishment of a TCP connection. + +The private key is protected by a passphrase for safer transport and storage. + +These were generated with: + +```bash +openssl genpkey -out client.key \ + -algorithm EC -pkeyopt ec_paramgen_curve:P-256 \ + -aes-256-cbc +openssl req -new -x509 -days 365 \ + -key client.key -out client.crt \ + -subj "/C=US/ST=DC/L=Washington/O=GSA/OU=18F/CN=GOV Prototype Registrar" + +``` + +(If you can't use openssl on your computer directly, you can access it using Docker as `docker run --platform=linux/amd64 -it --rm -v $(pwd):/apps -w /apps alpine/openssl`.) + +Encode them using: + +```bash +base64 client.key +base64 client.crt +``` + +You'll need to give the new certificate to the registry vendor _before_ rotating it in production. + +## REGISTRY_HOSTNAME + +This is the hostname at which the registry can be found. diff --git a/src/.flake8 b/src/.flake8 index e1ca2cc9a..db9f3094a 100644 --- a/src/.flake8 +++ b/src/.flake8 @@ -2,6 +2,6 @@ max-line-length = 88 max-complexity = 10 extend-ignore = E203 -per-file-ignores = __init__.py:F401,F403 +per-file-ignores = __init__.py:F401,F403,E402 # migrations are auto-generated and often break rules exclude=registrar/migrations/* diff --git a/src/docker-compose.yml b/src/docker-compose.yml index 693cad6c0..636243617 100644 --- a/src/docker-compose.yml +++ b/src/docker-compose.yml @@ -27,6 +27,18 @@ services: - DJANGO_DEBUG=True # Tell Django where it is being hosted - DJANGO_BASE_URL=http://localhost:8080 + # Set a username for accessing the registry + - REGISTRY_CL_ID=nothing + # Set a password for accessing the registry + - REGISTRY_PASSWORD=nothing + # Set a private certifcate for accessing the registry + - REGISTRY_CERT=LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNMekNDQWRXZ0F3SUJBZ0lVWThXWEljcFVlVUk0TVUrU3NWbkIrOGErOUlnd0NnWUlLb1pJemowRUF3SXcKYlRFTE1Ba0dBMVVFQmhNQ1ZWTXhDekFKQmdOVkJBZ01Ba1JETVJNd0VRWURWUVFIREFwWFlYTm9hVzVuZEc5dQpNUXd3Q2dZRFZRUUtEQU5IVTBFeEREQUtCZ05WQkFzTUF6RTRSakVnTUI0R0ExVUVBd3dYUjA5V0lGQnliM1J2CmRIbHdaU0JTWldkcGMzUnlZWEl3SGhjTk1qTXdOREl4TVRVMU5ETTFXaGNOTWpRd05ESXdNVFUxTkRNMVdqQnQKTVFzd0NRWURWUVFHRXdKVlV6RUxNQWtHQTFVRUNBd0NSRU14RXpBUkJnTlZCQWNNQ2xkaGMyaHBibWQwYjI0eApEREFLQmdOVkJBb01BMGRUUVRFTU1Bb0dBMVVFQ3d3RE1UaEdNU0F3SGdZRFZRUUREQmRIVDFZZ1VISnZkRzkwCmVYQmxJRkpsWjJsemRISmhjakJaTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUFCRkN4bGVsN1ZoWHkKb1ZIRWY2N3FKamo5UDk0ZWdqdXNtSWVaNFRLYkxkM3RRRVgzZnFKdVk4WmZzWWN4N0s1K0NEdnJLMnZRdjlMYgpmamhMTjZad3FqK2pVekJSTUIwR0ExVWREZ1FXQkJRUEZCRHdnSlhOUXE4a1V0K1hyYzFFWm9wbW9UQWZCZ05WCkhTTUVHREFXZ0JRUEZCRHdnSlhOUXE4a1V0K1hyYzFFWm9wbW9UQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01Bb0cKQ0NxR1NNNDlCQU1DQTBnQU1FVUNJRVJEaml0VGR0UTB3eVNXb1hEbCtYbUpVUmdENUo0VHVudkFGeDlDSitCUwpBaUVBME42eTJoeGdFWkYxRXJGYW1VQW5EUHlQSFlJeFNJQkwwNW5ibE9IZFVLRT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + # Set a private certifcate's key for accessing the registry + - REGISTRY_KEY=LS0tLS1CRUdJTiBFTkNSWVBURUQgUFJJVkFURSBLRVktLS0tLQpNSUhzTUZjR0NTcUdTSWIzRFFFRkRUQktNQ2tHQ1NxR1NJYjNEUUVGRERBY0JBakJYK1UvdUFkQ3hBSUNDQUF3CkRBWUlLb1pJaHZjTkFna0ZBREFkQmdsZ2hrZ0JaUU1FQVNvRUVHWTNnblRGZ3F0UE5sVU93a2hvSHFrRWdaQlAKMG5FMWpSRXliTHBDNHFtaGczRXdaR2lXZDFWV2RLVEtyNXF3d3hsdjhCbHB1UHhtRGN4dTA1U3VReWhMcU5hWgpVNjRoZlFyYy94cnRnT3Mwc0ZXenlhY0hEaFhiQUdTQjdTTjc2WG55NU9wWDVZVGtRTFMvRTk4YmxFY3NQUWVuCkNqNTJnQzVPZ0JtYzl1cjZlbWY2bjd6TE5vUWovSzk4MEdIWjg5OVZHQ1J3OHhGZGIyb3IyU3dMcDd0V1Ixcz0KLS0tLS1FTkQgRU5DUllQVEVEIFBSSVZBVEUgS0VZLS0tLS0K + # set a passphrase for decrypting the registry key + - REGISTRY_KEY_PASSPHRASE=fake + # Set a URI for accessing the registry + - REGISTRY_HOSTNAME=localhost # --- These keys are obtained from `.env` file --- # Set a private JWT signing key for Login.gov - DJANGO_SECRET_LOGIN_KEY diff --git a/src/epp/__init__.py b/src/epp/__init__.py deleted file mode 100644 index e69de29bb..000000000 diff --git a/src/epp/mock_epp.py b/src/epp/mock_epp.py deleted file mode 100644 index 7d1d1d84e..000000000 --- a/src/epp/mock_epp.py +++ /dev/null @@ -1,40 +0,0 @@ -""" -This file defines a number of mock functions which can be used to simulate -communication with the registry until that integration is implemented. -""" -from datetime import datetime - - -def domain_check(_): - """Is domain available for registration?""" - return True - - -def domain_info(domain): - """What does the registry know about this domain?""" - return { - "name": domain, - "roid": "EXAMPLE1-REP", - "status": ["ok"], - "registrant": "jd1234", - "contact": { - "admin": "sh8013", - "tech": None, - }, - "ns": { - f"ns1.{domain}", - f"ns2.{domain}", - }, - "host": [ - f"ns1.{domain}", - f"ns2.{domain}", - ], - "sponsor": "ClientX", - "creator": "ClientY", - # TODO: think about timezones - "creation_date": datetime.today(), - "updator": "ClientX", - "last_update_date": datetime.today(), - "expiration_date": datetime.today(), - "last_transfer_date": datetime.today(), - } diff --git a/src/epplibwrapper/__init__.py b/src/epplibwrapper/__init__.py new file mode 100644 index 000000000..ab3b63080 --- /dev/null +++ b/src/epplibwrapper/__init__.py @@ -0,0 +1,52 @@ +import logging +from types import SimpleNamespace + +try: + from epplib import constants +except ImportError: + # allow epplibwrapper to load without epplib, for testing and development + pass + +logger = logging.getLogger(__name__) + +NAMESPACE = SimpleNamespace( + EPP="urn:ietf:params:xml:ns:epp-1.0", + XSI="http://www.w3.org/2001/XMLSchema-instance", + FRED="noop", + NIC_CONTACT="urn:ietf:params:xml:ns:contact-1.0", + NIC_DOMAIN="urn:ietf:params:xml:ns:domain-1.0", + NIC_ENUMVAL="noop", + NIC_EXTRA_ADDR="noop", + NIC_HOST="urn:ietf:params:xml:ns:host-1.0", + NIC_KEYSET="noop", + NIC_NSSET="noop", +) + +SCHEMA_LOCATION = SimpleNamespace( + XSI="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd", + FRED="noop fred-1.5.0.xsd", + NIC_CONTACT="urn:ietf:params:xml:ns:contact-1.0 contact-1.0.xsd", + NIC_DOMAIN="urn:ietf:params:xml:ns:domain-1.0 domain-1.0.xsd", + NIC_ENUMVAL="noop enumval-1.2.0.xsd", + NIC_EXTRA_ADDR="noop extra-addr-1.0.0.xsd", + NIC_HOST="urn:ietf:params:xml:ns:host-1.0 host-1.0.xsd", + NIC_KEYSET="noop keyset-1.3.2.xsd", + NIC_NSSET="noop nsset-1.2.2.xsd", +) + +try: + constants.NAMESPACE = NAMESPACE + constants.SCHEMA_LOCATION = SCHEMA_LOCATION +except NameError: + pass + +# Attn: these imports should NOT be at the top of the file +try: + from .client import CLIENT, commands +except ImportError: + pass + +__all__ = [ + "CLIENT", + "commands", +] diff --git a/src/epplibwrapper/cert.py b/src/epplibwrapper/cert.py new file mode 100644 index 000000000..15ff16c06 --- /dev/null +++ b/src/epplibwrapper/cert.py @@ -0,0 +1,34 @@ +import os +import tempfile + +from django.conf import settings + + +class Cert: + """ + Location of client certificate as written to disk. + + This is needed because the certificate is stored as an environment + variable but Python's ssl library requires a file. + """ + + def __init__(self, data=settings.SECRET_REGISTRY_CERT) -> None: + self.filename = self._write(data) + + def __del__(self): + """Remove the files when this object is garbage collected.""" + os.unlink(self.filename) + + def _write(self, data) -> str: + """Write data to a secure tempfile. Returns the path.""" + _, path = tempfile.mkstemp() + with open(path, "wb") as file: + file.write(data) + return path + + +class Key(Cert): + """Location of private key as written to disk.""" + + def __init__(self) -> None: + super().__init__(data=settings.SECRET_REGISTRY_KEY) diff --git a/src/epplibwrapper/client.py b/src/epplibwrapper/client.py new file mode 100644 index 000000000..7ddf0a03e --- /dev/null +++ b/src/epplibwrapper/client.py @@ -0,0 +1,128 @@ +"""Provide a wrapper around epplib to handle authentication and errors.""" + +import logging +from time import sleep + +try: + from epplib.client import Client + from epplib import commands + from epplib.exceptions import TransportError, ParsingError + from epplib.transport import SocketTransport +except ImportError: + pass + +from django.conf import settings + +from .cert import Cert, Key +from .errors import LoginError, RegistryError +from .socket import Socket + +logger = logging.getLogger(__name__) + +try: + # Write cert and key to disk + CERT = Cert() + KEY = Key() +except Exception: + CERT = None # type: ignore + KEY = None # type: ignore + logger.warning( + "Problem with client certificate. Registrar cannot contact registry.", + exc_info=True, + ) + + +class EPPLibWrapper: + """ + A wrapper over epplib's client. + + ATTN: This should not be used directly. Use `Domain` from domain.py. + """ + + def __init__(self) -> None: + """Initialize settings which will be used for all connections.""" + + # prepare (but do not send) a Login command + self._login = commands.Login( + cl_id=settings.SECRET_REGISTRY_CL_ID, + password=settings.SECRET_REGISTRY_PASSWORD, + obj_uris=[ + "urn:ietf:params:xml:ns:domain-1.0", + "urn:ietf:params:xml:ns:contact-1.0", + ], + ) + # establish a client object with a TCP socket transport + self._client = Client( + SocketTransport( + settings.SECRET_REGISTRY_HOSTNAME, + cert_file=CERT.filename, + key_file=KEY.filename, + password=settings.SECRET_REGISTRY_KEY_PASSPHRASE, + ) + ) + # prepare a context manager which will connect and login when invoked + # (it will also logout and disconnect when the context manager exits) + self._connect = Socket(self._client, self._login) + + def _send(self, command): + """Helper function used by `send`.""" + try: + with self._connect as wire: + response = wire.send(command) + except (ValueError, ParsingError) as err: + logger.warning( + "%s failed to execute due to some syntax error." + % command.__class__.__name__, + exc_info=True, + ) + raise RegistryError() from err + except TransportError as err: + logger.warning( + "%s failed to execute due to a connection error." + % command.__class__.__name__, + exc_info=True, + ) + raise RegistryError() from err + except LoginError as err: + logger.warning( + "%s failed to execute due to a registry login error." + % command.__class__.__name__, + exc_info=True, + ) + raise RegistryError() from err + except Exception as err: + logger.warning( + "%s failed to execute due to an unknown error." + % command.__class__.__name__, + exc_info=True, + ) + raise RegistryError() from err + else: + if response.code >= 2000: + raise RegistryError(response.msg) + else: + return response + + def send(self, command): + """Login, send the command, then close the connection. Tries 3 times.""" + counter = 0 # we'll try 3 times + while True: + try: + return self._send(command) + except RegistryError as err: + if counter == 3: # don't try again + raise err + else: + counter += 1 + sleep((counter * 50) / 1000) # sleep 50 ms to 150 ms + + +try: + # Initialize epplib + CLIENT = EPPLibWrapper() + logger.debug("registry client initialized") +except Exception: + CLIENT = None # type: ignore + logger.warning( + "Unable to configure epplib. Registrar cannot contact registry.", exc_info=True + ) diff --git a/src/epplibwrapper/errors.py b/src/epplibwrapper/errors.py new file mode 100644 index 000000000..c3028e0c4 --- /dev/null +++ b/src/epplibwrapper/errors.py @@ -0,0 +1,6 @@ +class RegistryError(Exception): + pass + + +class LoginError(RegistryError): + pass diff --git a/src/epplibwrapper/socket.py b/src/epplibwrapper/socket.py new file mode 100644 index 000000000..5c9acce79 --- /dev/null +++ b/src/epplibwrapper/socket.py @@ -0,0 +1,37 @@ +import logging + +try: + from epplib import commands +except ImportError: + pass + +from .errors import LoginError + + +logger = logging.getLogger(__name__) + + +class Socket: + """Context manager which establishes a TCP connection with registry.""" + + def __init__(self, client, login) -> None: + """Save the epplib client and login details.""" + self.client = client + self.login = login + + def __enter__(self): + """Use epplib to connect.""" + self.client.connect() + response = self.client.send(self.login) + if response.code >= 2000: + self.client.close() + raise LoginError(response.msg) + return self.client + + def __exit__(self, *args, **kwargs): + """Close the connection.""" + try: + self.client.send(commands.Logout()) + self.client.close() + except Exception: + logger.warning("Connection to registry was not cleanly closed.") diff --git a/src/mypy.ini b/src/mypy.ini index a151424a3..e8708cb67 100644 --- a/src/mypy.ini +++ b/src/mypy.ini @@ -7,6 +7,8 @@ strict_optional = True # implicit_optional: treat arguments a None default value as implicitly Optional? # `var: int = None` is equal to `var: Optional[int] = None` implicit_optional = True +# we'd still like mypy to succeed when 3rd party libraries are not installed +ignore_missing_imports = True [mypy.plugins.django-stubs] django_settings_module = "registrar.config.settings" diff --git a/src/registrar/config/settings.py b/src/registrar/config/settings.py index 2947e2a70..43c4139bc 100644 --- a/src/registrar/config/settings.py +++ b/src/registrar/config/settings.py @@ -55,11 +55,18 @@ secret_key = secret("DJANGO_SECRET_KEY") secret_aws_ses_key_id = secret("AWS_ACCESS_KEY_ID", None) secret_aws_ses_key = secret("AWS_SECRET_ACCESS_KEY", None) +secret_registry_cl_id = secret("REGISTRY_CL_ID") +secret_registry_password = secret("REGISTRY_PASSWORD") +secret_registry_cert = b64decode(secret("REGISTRY_CERT", "")) +secret_registry_key = b64decode(secret("REGISTRY_KEY", "")) +secret_registry_key_passphrase = secret("REGISTRY_KEY_PASSPHRASE", "") +secret_registry_hostname = secret("REGISTRY_HOSTNAME") # region: Basic Django Config-----------------------------------------------### # Build paths inside the project like this: BASE_DIR / "subdir". -BASE_DIR = path.resolve().parent.parent +# (settings.py is in `src/registrar/config/`: BASE_DIR is `src/`) +BASE_DIR = path.resolve().parent.parent.parent # SECURITY WARNING: don't run with debug turned on in production! DEBUG = env_debug @@ -156,16 +163,16 @@ WSGI_APPLICATION = "registrar.config.wsgi.application" # will place static files for deployment. # Do not use this directory for permanent storage - # it is for Django! -STATIC_ROOT = BASE_DIR / "public" +STATIC_ROOT = BASE_DIR / "registrar" / "public" STATICFILES_DIRS = [ - BASE_DIR / "assets", + BASE_DIR / "registrar" / "assets", ] TEMPLATES = [ { "BACKEND": "django.template.backends.django.DjangoTemplates", - "DIRS": [BASE_DIR / "templates"], + "DIRS": [BASE_DIR / "registrar" / "templates"], # look for templates inside installed apps # required by django-debug-toolbar "APP_DIRS": True, @@ -496,6 +503,17 @@ ROOT_URLCONF = "registrar.config.urls" # Must be relative and end with "/" STATIC_URL = "public/" +# endregion +# region: Registry----------------------------------------------------------### + +# SECURITY WARNING: keep all registry variables in production secret! +SECRET_REGISTRY_CL_ID = secret_registry_cl_id +SECRET_REGISTRY_PASSWORD = secret_registry_password +SECRET_REGISTRY_CERT = secret_registry_cert +SECRET_REGISTRY_KEY = secret_registry_key +SECRET_REGISTRY_KEY_PASSPHRASE = secret_registry_key_passphrase +SECRET_REGISTRY_HOSTNAME = secret_registry_hostname + # endregion # region: Security and Privacy----------------------------------------------### diff --git a/src/registrar/models/domain.py b/src/registrar/models/domain.py index 09b0fd211..dcf103586 100644 --- a/src/registrar/models/domain.py +++ b/src/registrar/models/domain.py @@ -7,7 +7,6 @@ from django.db import models from django_fsm import FSMField, transition # type: ignore from api.views import in_domains -from epp.mock_epp import domain_info, domain_check from registrar.utility import errors from .utility.time_stamped_model import TimeStampedModel @@ -129,7 +128,7 @@ class Domain(TimeStampedModel): """Check if a domain is available. Not implemented. Returns a dummy value for testing.""" - return domain_check(domain) + return False # domain_check(domain) def transfer(self): """Going somewhere. Not implemented.""" @@ -146,7 +145,7 @@ class Domain(TimeStampedModel): if not hasattr(self, "info"): try: # get info from registry - self.info = domain_info(self.name) + self.info = {} # domain_info(self.name) except Exception as e: logger.error(e) # TODO: back off error handling diff --git a/src/registrar/tests/test_models.py b/src/registrar/tests/test_models.py index 42b8803c3..784920ec5 100644 --- a/src/registrar/tests/test_models.py +++ b/src/registrar/tests/test_models.py @@ -118,6 +118,7 @@ class TestDomain(TestCase): domain = Domain.objects.create(name="igorville.gov") self.assertEqual(domain.is_active, False) + @skip("cannot activate a domain without mock registry") def test_get_status(self): """Returns proper status based on `is_active`.""" domain = Domain.objects.create(name="igorville.gov")