From 31e970f1532b88e6f1f605b34dbbd41e63e0e7af Mon Sep 17 00:00:00 2001 From: Alysia Broddrick Date: Mon, 12 Jun 2023 11:31:46 -0700 Subject: [PATCH 1/5] Add new developer sandbox ko infrastructure --- .github/workflows/migrate.yaml | 1 + .github/workflows/reset-db.yaml | 1 + ops/manifests/manifest-ko.yaml | 29 +++++++++++++++++++++++++++++ src/registrar/config/settings.py | 14 ++++---------- 4 files changed, 35 insertions(+), 10 deletions(-) create mode 100644 ops/manifests/manifest-ko.yaml diff --git a/.github/workflows/migrate.yaml b/.github/workflows/migrate.yaml index 820c219fd..800bfb809 100644 --- a/.github/workflows/migrate.yaml +++ b/.github/workflows/migrate.yaml @@ -14,6 +14,7 @@ on: description: Which environment should we run migrations for? options: - stable + - ko - ab - bl - rjm diff --git a/.github/workflows/reset-db.yaml b/.github/workflows/reset-db.yaml index 5d863e6d6..57602659c 100644 --- a/.github/workflows/reset-db.yaml +++ b/.github/workflows/reset-db.yaml @@ -15,6 +15,7 @@ on: description: Which environment should we flush and re-load data for? options: - stable + - ko - ab - bl - rjm diff --git a/ops/manifests/manifest-ko.yaml b/ops/manifests/manifest-ko.yaml new file mode 100644 index 000000000..09e199ca0 --- /dev/null +++ b/ops/manifests/manifest-ko.yaml @@ -0,0 +1,29 @@ +--- +applications: +- name: getgov-ko + buildpacks: + - python_buildpack + path: ../../src + instances: 1 + memory: 512M + stack: cflinuxfs4 + timeout: 180 + command: ./run.sh + health-check-type: http + health-check-http-endpoint: /health + env: + # Send stdout and stderr straight to the terminal without buffering + PYTHONUNBUFFERED: yup + # Tell Django where to find its configuration + DJANGO_SETTINGS_MODULE: registrar.config.settings + # Tell Django where it is being hosted + DJANGO_BASE_URL: https://getgov-ko.app.cloud.gov + # Tell Django how much stuff to log + DJANGO_LOG_LEVEL: INFO + # default public site location + GETGOV_PUBLIC_SITE_URL: https://beta.get.gov + routes: + - route: getgov-ko.app.cloud.gov + services: + - getgov-credentials + - getgov-ko-database diff --git a/src/registrar/config/settings.py b/src/registrar/config/settings.py index b8b32df41..43f373ca1 100644 --- a/src/registrar/config/settings.py +++ b/src/registrar/config/settings.py @@ -48,7 +48,6 @@ env_db_url = env.dj_db_url("DATABASE_URL") env_debug = env.bool("DJANGO_DEBUG", default=False) env_log_level = env.str("DJANGO_LOG_LEVEL", "DEBUG") env_base_url = env.str("DJANGO_BASE_URL") -env_getgov_public_site_url = env.str("GETGOV_PUBLIC_SITE_URL", "") secret_login_key = b64decode(secret("DJANGO_SECRET_LOGIN_KEY", "")) secret_key = secret("DJANGO_SECRET_KEY") @@ -63,6 +62,8 @@ secret_registry_key = b64decode(secret("REGISTRY_KEY", "")) secret_registry_key_passphrase = secret("REGISTRY_KEY_PASSPHRASE", "") secret_registry_hostname = secret("REGISTRY_HOSTNAME") +secret_getgov_public_site_url = secret("GETGOV_PUBLIC_SITE_URL", "") + # region: Basic Django Config-----------------------------------------------### # Build paths inside the project like this: BASE_DIR / "subdir". @@ -133,8 +134,6 @@ MIDDLEWARE = [ "django.middleware.csrf.CsrfViewMiddleware", # add `user` (the currently-logged-in user) to incoming HttpRequest objects "django.contrib.auth.middleware.AuthenticationMiddleware", - # Require login for every single request by default - "login_required.middleware.LoginRequiredMiddleware", # provide framework for displaying messages to the user, see documentation "django.contrib.messages.middleware.MessageMiddleware", # provide clickjacking protection via the X-Frame-Options header @@ -462,12 +461,6 @@ AUTHENTICATION_BACKENDS = [ # the login_required() decorator, LoginRequiredMixin, or AccessMixin LOGIN_URL = "/openid/login" -# We don't want the OIDC app to be login-required because then it can't handle -# the initial login requests without erroring. -LOGIN_REQUIRED_IGNORE_PATHS = [ - r"/openid/(.+)$", -] - # where to go after logging out LOGOUT_REDIRECT_URL = "home" @@ -516,7 +509,7 @@ STATIC_URL = "public/" # Base URL of our separate static public website. Used by the # {% public_site_url subdir/path %} template tag -GETGOV_PUBLIC_SITE_URL = env_getgov_public_site_url +GETGOV_PUBLIC_SITE_URL = secret_getgov_public_site_url # endregion # region: Registry----------------------------------------------------------### @@ -564,6 +557,7 @@ SECURE_SSL_REDIRECT = True # web server configurations. ALLOWED_HOSTS = [ "getgov-stable.app.cloud.gov", + "getgov-ko.app.cloud.gov", "getgov-ab.app.cloud.gov", "getgov-bl.app.cloud.gov", "getgov-rjm.app.cloud.gov", From 85671dcb941dbf5df5c61449ba64b06489cb0b56 Mon Sep 17 00:00:00 2001 From: Alysia Broddrick Date: Mon, 12 Jun 2023 11:36:58 -0700 Subject: [PATCH 2/5] removed changes that shouldn't be on this branch --- src/registrar/config/settings.py | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/registrar/config/settings.py b/src/registrar/config/settings.py index 43f373ca1..d211dc160 100644 --- a/src/registrar/config/settings.py +++ b/src/registrar/config/settings.py @@ -48,6 +48,7 @@ env_db_url = env.dj_db_url("DATABASE_URL") env_debug = env.bool("DJANGO_DEBUG", default=False) env_log_level = env.str("DJANGO_LOG_LEVEL", "DEBUG") env_base_url = env.str("DJANGO_BASE_URL") +env_getgov_public_site_url = env.str("GETGOV_PUBLIC_SITE_URL", "") secret_login_key = b64decode(secret("DJANGO_SECRET_LOGIN_KEY", "")) secret_key = secret("DJANGO_SECRET_KEY") @@ -62,8 +63,6 @@ secret_registry_key = b64decode(secret("REGISTRY_KEY", "")) secret_registry_key_passphrase = secret("REGISTRY_KEY_PASSPHRASE", "") secret_registry_hostname = secret("REGISTRY_HOSTNAME") -secret_getgov_public_site_url = secret("GETGOV_PUBLIC_SITE_URL", "") - # region: Basic Django Config-----------------------------------------------### # Build paths inside the project like this: BASE_DIR / "subdir". @@ -461,6 +460,12 @@ AUTHENTICATION_BACKENDS = [ # the login_required() decorator, LoginRequiredMixin, or AccessMixin LOGIN_URL = "/openid/login" +# We don't want the OIDC app to be login-required because then it can't handle +# the initial login requests without erroring. +LOGIN_REQUIRED_IGNORE_PATHS = [ + r"/openid/(.+)$", +] + # where to go after logging out LOGOUT_REDIRECT_URL = "home" @@ -509,7 +514,7 @@ STATIC_URL = "public/" # Base URL of our separate static public website. Used by the # {% public_site_url subdir/path %} template tag -GETGOV_PUBLIC_SITE_URL = secret_getgov_public_site_url +GETGOV_PUBLIC_SITE_URL = env_getgov_public_site_url # endregion # region: Registry----------------------------------------------------------### From 235bbb20ae8a9c8be870133e21abfc5e0588fbf6 Mon Sep 17 00:00:00 2001 From: Alysia Broddrick Date: Mon, 12 Jun 2023 11:39:13 -0700 Subject: [PATCH 3/5] added back missing settings line --- src/registrar/config/settings.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/registrar/config/settings.py b/src/registrar/config/settings.py index d211dc160..0f032904f 100644 --- a/src/registrar/config/settings.py +++ b/src/registrar/config/settings.py @@ -133,6 +133,8 @@ MIDDLEWARE = [ "django.middleware.csrf.CsrfViewMiddleware", # add `user` (the currently-logged-in user) to incoming HttpRequest objects "django.contrib.auth.middleware.AuthenticationMiddleware", + # Require login for every single request by default + "login_required.middleware.LoginRequiredMiddleware", # provide framework for displaying messages to the user, see documentation "django.contrib.messages.middleware.MessageMiddleware", # provide clickjacking protection via the X-Frame-Options header From a714da06e635b59e8637d8e10839e5a8ea39540b Mon Sep 17 00:00:00 2001 From: Alysia Broddrick Date: Mon, 12 Jun 2023 12:42:55 -0700 Subject: [PATCH 4/5] updated missing line in deploy --- .github/workflows/deploy-sandbox.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/deploy-sandbox.yaml b/.github/workflows/deploy-sandbox.yaml index 7c2a0fe6a..0226abaa6 100644 --- a/.github/workflows/deploy-sandbox.yaml +++ b/.github/workflows/deploy-sandbox.yaml @@ -17,6 +17,7 @@ jobs: || startsWith(github.head_ref, 'ab/') || startsWith(github.head_ref, 'bl/') || startsWith(github.head_ref, 'rjm/') + || startsWith(github.head_ref, 'ko/') outputs: environment: ${{ steps.var.outputs.environment}} runs-on: "ubuntu-latest" From 5d3271e4a6613923f52c1f756cf7f2363177c414 Mon Sep 17 00:00:00 2001 From: Alysia Broddrick Date: Mon, 12 Jun 2023 14:43:03 -0700 Subject: [PATCH 5/5] fixed spacing --- .github/workflows/deploy-sandbox.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-sandbox.yaml b/.github/workflows/deploy-sandbox.yaml index 0226abaa6..08f03dbe9 100644 --- a/.github/workflows/deploy-sandbox.yaml +++ b/.github/workflows/deploy-sandbox.yaml @@ -17,7 +17,7 @@ jobs: || startsWith(github.head_ref, 'ab/') || startsWith(github.head_ref, 'bl/') || startsWith(github.head_ref, 'rjm/') - || startsWith(github.head_ref, 'ko/') + || startsWith(github.head_ref, 'ko/') outputs: environment: ${{ steps.var.outputs.environment}} runs-on: "ubuntu-latest"