zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-07-15 07:25:08 +02:00
Code Issues Projects Releases Packages Wiki Activity

updated script

Browse source
This commit is contained in:
Alysia Broddrick 2024-08-19 09:32:43 -07:00
parent 6c4eb667bd
commit b0435e4f2e
No known key found for this signature in database
GPG key ID: 03917052CD0F06B7
1 changed files with 19 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

27
ops/scripts/rotate_login_certs.sh
View file

@ -2,10 +2,17 @@
# The echo prints in this script should serve for documentation for running manually.
# NOTE: This script was written for MacOS and to be run at the root directory.
if [ -z "$1" ]; then
echo 'Please specify a new space to create (i.e. lmm)' >&2
exit 1
fi
echo "You need access to the login partner dashboard, otherwise you will not be able to complete the steps in this script (https://dashboard.int.identitysandbox.gov/service_providers/2640)"
read -p " Do you have access to the partner dashboard mentioned above? (y/n) " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
exit 1
fi
if [ ! $(command -v jq) ] || [ ! $(command -v cf) ]; then
echo "jq, and cf packages must be installed. Please install via your preferred manager."
@ -27,13 +34,17 @@ echo "Creating new login.gov credentials for $1..."
django_key=$(python3 -c 'from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())')
openssl req -nodes -x509 -days 365 -newkey rsa:2048 -keyout private-$1.pem -out public-$1.crt
login_key=$(base64 -i private-$1.pem)
jq -n --arg django_key "$django_key" --arg login_key "$login_key" '{"DJANGO_SECRET_KEY":$django_key,"DJANGO_SECRET_LOGIN_KEY":$login_key}' > credentials-$1.json
# cf uups getgov-credentials -p credentials-$1.json
# echo "Now you will need to update some things for Login. Please sign-in to https://dashboard.int.identitysandbox.gov/."
# echo "Navigate to our application config: https://dashboard.int.identitysandbox.gov/service_providers/2640/edit?"
# echo "There are two things to update."
# echo "1. Remove the old cert associated with the user's email (under Public Certificates)"
# echo "2. You need to upload the public-$1.crt file generated as part of the previous command. See the "choose cert file" button under Public Certificates."
echo "Creating the final json"
cf env getgov-$1 | awk '/VCAP_SERVICES: /,/^$/' | sed s/VCAP_SERVICES:// | jq '."user-provided"[0].credentials' | jq --arg django_key "$django_key" --arg login_key "$login_key" '. + {"DJANGO_SECRET_KEY":$django_key, "DJANGO_SECRET_LOGIN_KEY":$login_key}' > credentials-$1.json
# echo "Then, tell the developer to update their local .env file by retreiving their credentials from the sandbox"
echo "Updating creds on the sandbox"
cf uups getgov-credentials -p credentials-$1.json
cf restage getgov-$1 --strategy rolling
echo "Now you will need to update some things for Login. Please sign-in to https://dashboard.int.identitysandbox.gov/."
echo "Navigate to our application config: https://dashboard.int.identitysandbox.gov/service_providers/2640/edit?"
echo "There are two things to update."
echo "1. Remove the old cert associated with the user's email (under Public Certificates)"
echo "2. You need to upload the public-$1.crt file generated as part of the previous command. See the "choose cert file" button under Public Certificates."
echo "Then, tell the developer to update their local .env file by retreiving their credentials from the sandbox"