From 6c4eb667bd202050a44c6f4ff2df2d6b63655c32 Mon Sep 17 00:00:00 2001 From: Alysia Broddrick Date: Mon, 6 May 2024 16:55:19 -0700 Subject: [PATCH 1/4] script add to rotate login cert, needs to get current creds --- ops/scripts/rotate_login_certs.sh | 39 +++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100755 ops/scripts/rotate_login_certs.sh diff --git a/ops/scripts/rotate_login_certs.sh b/ops/scripts/rotate_login_certs.sh new file mode 100755 index 000000000..29fed2a50 --- /dev/null +++ b/ops/scripts/rotate_login_certs.sh @@ -0,0 +1,39 @@ +# This script rotates the login.gov credentials, DJANGO_SECRET_KEY and DJANGO_SECRET_LOGIN_KEY that allow for identity sandbox to work on sandboxes and local. +# The echo prints in this script should serve for documentation for running manually. +# NOTE: This script was written for MacOS and to be run at the root directory. + +if [ -z "$1" ]; then + echo 'Please specify a new space to create (i.e. lmm)' >&2 + exit 1 +fi + +if [ ! $(command -v jq) ] || [ ! $(command -v cf) ]; then + echo "jq, and cf packages must be installed. Please install via your preferred manager." + exit 1 +fi + +cf target -o cisa-dotgov + +read -p "Are you logged in to the cisa-dotgov CF org above? (y/n) " -n 1 -r +echo +if [[ ! $REPLY =~ ^[Yy]$ ]] +then + cf login -a https://api.fr.cloud.gov --sso +fi +echo "targeting space" +cf target -o "cisa-dotgov" -s $1 + +echo "Creating new login.gov credentials for $1..." +django_key=$(python3 -c 'from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())') +openssl req -nodes -x509 -days 365 -newkey rsa:2048 -keyout private-$1.pem -out public-$1.crt +login_key=$(base64 -i private-$1.pem) +jq -n --arg django_key "$django_key" --arg login_key "$login_key" '{"DJANGO_SECRET_KEY":$django_key,"DJANGO_SECRET_LOGIN_KEY":$login_key}' > credentials-$1.json +# cf uups getgov-credentials -p credentials-$1.json + +# echo "Now you will need to update some things for Login. Please sign-in to https://dashboard.int.identitysandbox.gov/." +# echo "Navigate to our application config: https://dashboard.int.identitysandbox.gov/service_providers/2640/edit?" +# echo "There are two things to update." +# echo "1. Remove the old cert associated with the user's email (under Public Certificates)" +# echo "2. You need to upload the public-$1.crt file generated as part of the previous command. See the "choose cert file" button under Public Certificates." + +# echo "Then, tell the developer to update their local .env file by retreiving their credentials from the sandbox" From b0435e4f2e1bb1cf2cb8e0d9ddf60b56aa8c02b1 Mon Sep 17 00:00:00 2001 From: Alysia Broddrick Date: Mon, 19 Aug 2024 09:32:43 -0700 Subject: [PATCH 2/4] updated script --- ops/scripts/rotate_login_certs.sh | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/ops/scripts/rotate_login_certs.sh b/ops/scripts/rotate_login_certs.sh index 29fed2a50..a68c053e2 100755 --- a/ops/scripts/rotate_login_certs.sh +++ b/ops/scripts/rotate_login_certs.sh @@ -2,10 +2,17 @@ # The echo prints in this script should serve for documentation for running manually. # NOTE: This script was written for MacOS and to be run at the root directory. + if [ -z "$1" ]; then echo 'Please specify a new space to create (i.e. lmm)' >&2 exit 1 fi +echo "You need access to the login partner dashboard, otherwise you will not be able to complete the steps in this script (https://dashboard.int.identitysandbox.gov/service_providers/2640)" +read -p " Do you have access to the partner dashboard mentioned above? (y/n) " -n 1 -r +echo +if [[ ! $REPLY =~ ^[Yy]$ ]]; then + exit 1 +fi if [ ! $(command -v jq) ] || [ ! $(command -v cf) ]; then echo "jq, and cf packages must be installed. Please install via your preferred manager." @@ -27,13 +34,17 @@ echo "Creating new login.gov credentials for $1..." django_key=$(python3 -c 'from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())') openssl req -nodes -x509 -days 365 -newkey rsa:2048 -keyout private-$1.pem -out public-$1.crt login_key=$(base64 -i private-$1.pem) -jq -n --arg django_key "$django_key" --arg login_key "$login_key" '{"DJANGO_SECRET_KEY":$django_key,"DJANGO_SECRET_LOGIN_KEY":$login_key}' > credentials-$1.json -# cf uups getgov-credentials -p credentials-$1.json -# echo "Now you will need to update some things for Login. Please sign-in to https://dashboard.int.identitysandbox.gov/." -# echo "Navigate to our application config: https://dashboard.int.identitysandbox.gov/service_providers/2640/edit?" -# echo "There are two things to update." -# echo "1. Remove the old cert associated with the user's email (under Public Certificates)" -# echo "2. You need to upload the public-$1.crt file generated as part of the previous command. See the "choose cert file" button under Public Certificates." +echo "Creating the final json" +cf env getgov-$1 | awk '/VCAP_SERVICES: /,/^$/' | sed s/VCAP_SERVICES:// | jq '."user-provided"[0].credentials' | jq --arg django_key "$django_key" --arg login_key "$login_key" '. + {"DJANGO_SECRET_KEY":$django_key, "DJANGO_SECRET_LOGIN_KEY":$login_key}' > credentials-$1.json -# echo "Then, tell the developer to update their local .env file by retreiving their credentials from the sandbox" +echo "Updating creds on the sandbox" +cf uups getgov-credentials -p credentials-$1.json +cf restage getgov-$1 --strategy rolling + +echo "Now you will need to update some things for Login. Please sign-in to https://dashboard.int.identitysandbox.gov/." +echo "Navigate to our application config: https://dashboard.int.identitysandbox.gov/service_providers/2640/edit?" +echo "There are two things to update." +echo "1. Remove the old cert associated with the user's email (under Public Certificates)" +echo "2. You need to upload the public-$1.crt file generated as part of the previous command. See the "choose cert file" button under Public Certificates." +echo "Then, tell the developer to update their local .env file by retreiving their credentials from the sandbox" From e95eb6eee441de77033eb90c4306ee06bf2eb013 Mon Sep 17 00:00:00 2001 From: David Kennedy Date: Tue, 12 Nov 2024 17:18:12 -0500 Subject: [PATCH 3/4] add city and state to suborg --- ...on_city_suborganization_state_territory.py | 90 +++++++++++++++++++ src/registrar/models/suborganization.py | 15 ++++ 2 files changed, 105 insertions(+) create mode 100644 src/registrar/migrations/0137_suborganization_city_suborganization_state_territory.py diff --git a/src/registrar/migrations/0137_suborganization_city_suborganization_state_territory.py b/src/registrar/migrations/0137_suborganization_city_suborganization_state_territory.py new file mode 100644 index 000000000..85e8cb60f --- /dev/null +++ b/src/registrar/migrations/0137_suborganization_city_suborganization_state_territory.py @@ -0,0 +1,90 @@ +# Generated by Django 4.2.10 on 2024-11-12 22:02 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ("registrar", "0136_domainrequest_requested_suborganization_and_more"), + ] + + operations = [ + migrations.AddField( + model_name="suborganization", + name="city", + field=models.CharField(blank=True, null=True), + ), + migrations.AddField( + model_name="suborganization", + name="state_territory", + field=models.CharField( + blank=True, + choices=[ + ("AL", "Alabama (AL)"), + ("AK", "Alaska (AK)"), + ("AS", "American Samoa (AS)"), + ("AZ", "Arizona (AZ)"), + ("AR", "Arkansas (AR)"), + ("CA", "California (CA)"), + ("CO", "Colorado (CO)"), + ("CT", "Connecticut (CT)"), + ("DE", "Delaware (DE)"), + ("DC", "District of Columbia (DC)"), + ("FL", "Florida (FL)"), + ("GA", "Georgia (GA)"), + ("GU", "Guam (GU)"), + ("HI", "Hawaii (HI)"), + ("ID", "Idaho (ID)"), + ("IL", "Illinois (IL)"), + ("IN", "Indiana (IN)"), + ("IA", "Iowa (IA)"), + ("KS", "Kansas (KS)"), + ("KY", "Kentucky (KY)"), + ("LA", "Louisiana (LA)"), + ("ME", "Maine (ME)"), + ("MD", "Maryland (MD)"), + ("MA", "Massachusetts (MA)"), + ("MI", "Michigan (MI)"), + ("MN", "Minnesota (MN)"), + ("MS", "Mississippi (MS)"), + ("MO", "Missouri (MO)"), + ("MT", "Montana (MT)"), + ("NE", "Nebraska (NE)"), + ("NV", "Nevada (NV)"), + ("NH", "New Hampshire (NH)"), + ("NJ", "New Jersey (NJ)"), + ("NM", "New Mexico (NM)"), + ("NY", "New York (NY)"), + ("NC", "North Carolina (NC)"), + ("ND", "North Dakota (ND)"), + ("MP", "Northern Mariana Islands (MP)"), + ("OH", "Ohio (OH)"), + ("OK", "Oklahoma (OK)"), + ("OR", "Oregon (OR)"), + ("PA", "Pennsylvania (PA)"), + ("PR", "Puerto Rico (PR)"), + ("RI", "Rhode Island (RI)"), + ("SC", "South Carolina (SC)"), + ("SD", "South Dakota (SD)"), + ("TN", "Tennessee (TN)"), + ("TX", "Texas (TX)"), + ("UM", "United States Minor Outlying Islands (UM)"), + ("UT", "Utah (UT)"), + ("VT", "Vermont (VT)"), + ("VI", "Virgin Islands (VI)"), + ("VA", "Virginia (VA)"), + ("WA", "Washington (WA)"), + ("WV", "West Virginia (WV)"), + ("WI", "Wisconsin (WI)"), + ("WY", "Wyoming (WY)"), + ("AA", "Armed Forces Americas (AA)"), + ("AE", "Armed Forces Africa, Canada, Europe, Middle East (AE)"), + ("AP", "Armed Forces Pacific (AP)"), + ], + max_length=2, + null=True, + verbose_name="state, territory, or military post", + ), + ), + ] diff --git a/src/registrar/models/suborganization.py b/src/registrar/models/suborganization.py index 6ad80fdc0..087490244 100644 --- a/src/registrar/models/suborganization.py +++ b/src/registrar/models/suborganization.py @@ -1,4 +1,6 @@ from django.db import models + +from registrar.models.domain_request import DomainRequest from .utility.time_stamped_model import TimeStampedModel @@ -19,5 +21,18 @@ class Suborganization(TimeStampedModel): related_name="portfolio_suborganizations", ) + city = models.CharField( + null=True, + blank=True, + ) + + state_territory = models.CharField( + max_length=2, + choices=DomainRequest.StateTerritoryChoices.choices, + null=True, + blank=True, + verbose_name="state, territory, or military post", + ) + def __str__(self) -> str: return f"{self.name}" From 8e5bf185734b3f4a3c5ed8e96eeb3270caed7adf Mon Sep 17 00:00:00 2001 From: Alysia Broddrick Date: Tue, 12 Nov 2024 15:47:04 -0800 Subject: [PATCH 4/4] updated with PR feedback --- ops/scripts/rotate_login_certs.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ops/scripts/rotate_login_certs.sh b/ops/scripts/rotate_login_certs.sh index a68c053e2..abefd8781 100755 --- a/ops/scripts/rotate_login_certs.sh +++ b/ops/scripts/rotate_login_certs.sh @@ -1,5 +1,6 @@ # This script rotates the login.gov credentials, DJANGO_SECRET_KEY and DJANGO_SECRET_LOGIN_KEY that allow for identity sandbox to work on sandboxes and local. # The echo prints in this script should serve for documentation for running manually. +# Run this script once a year for each environment # NOTE: This script was written for MacOS and to be run at the root directory. @@ -27,12 +28,12 @@ if [[ ! $REPLY =~ ^[Yy]$ ]] then cf login -a https://api.fr.cloud.gov --sso fi -echo "targeting space" -cf target -o "cisa-dotgov" -s $1 +echo "Targeting space" +cf target -o cisa-dotgov -s $1 echo "Creating new login.gov credentials for $1..." django_key=$(python3 -c 'from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())') -openssl req -nodes -x509 -days 365 -newkey rsa:2048 -keyout private-$1.pem -out public-$1.crt +openssl req -noenc -x509 -days 365 -newkey rsa:2048 -keyout private-$1.pem -out public-$1.crt login_key=$(base64 -i private-$1.pem) echo "Creating the final json"