Rewrite config delivery, and actually request and display LOA3 data #53
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Drop the use of dotenv entirely. We were using it for private config, not even for secrets, so it was just creating a ton of churn without providing any utility. - Create a new config mechanism that uses LoginGov::Hostdata to provide all the standard defaults for Login.gov's EC2 environments. This should allow the sample app to work in all environments with no config except for the OIDC private RSA key. - Start moving the OIDC private key to AWS Secrets Manager. When we detect that the app is running in EC2, attempt to load the private key from AWS Secrets. If it's not found, fall back to the demo key in the repo only in sandbox environments. In local dev, continue using the demo key. - Drop support for HTTP basic auth, which hasn't been used since we migrated nonprod environments to identitysandbox.gov. - Allow overriding the default config values using `config/application.yml`. - Rewrite tests to pass with all of the above changes.
- Request various available LOA3 profiles. - Display the SSN that we received, unredacted in local dev and redacted by default in all EC2 environments. - Display all userinfo attributes received from the SP.
jmhooper
reviewed
Mar 8, 2019
| @@ -4,4 +4,4 @@ | |||
| # or operating system, you probably want to add a global ignore instead: | |||
| # git config --global core.excludesfile '~/.gitignore_global' | |||
|
|
|||
| .env | |||
There was a problem hiding this comment.
We may wanna keep .env, just to keep it from getting accidentally checked in by anyone who's cloned this.
jmhooper
approved these changes
Mar 8, 2019
amoose
approved these changes
Mar 8, 2019
| gem 'dotenv' | ||
| gem 'httparty' | ||
| gem 'aws-sdk-secretsmanager', '~> 1.21' | ||
| gem 'activesupport', '~> 5.2' |
| gem 'sinatra' | ||
| gem 'json-jwt', '~> 1.9.4' | ||
| gem 'jwt', '~> 2.1' | ||
| gem 'sinatra', '~> 2.0', '>= 2.0.2' |
|
Thanks |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Rewrite config delivery to be more deterministic.
not even for secrets, so it was just creating a ton of churn without
providing any utility.
all the standard defaults for Login.gov's EC2 environments. This
should allow the sample app to work in all environments with no config
except for the OIDC private RSA key.
detect that the app is running in EC2, attempt to load the private key
from AWS Secrets. If it's not found, fall back to the demo key in the
repo only in sandbox environments. In local dev, continue using the
demo key.
migrated nonprod environments to identitysandbox.gov.
config/application.yml.Make sample app actually do something with LOA3.
by default in all EC2 environments.
Bundle update Gemfile.lock.